Commit | Line | Data |
---|---|---|
8e87d142 | 1 | /* |
1da177e4 LT |
2 | RFCOMM implementation for Linux Bluetooth stack (BlueZ). |
3 | Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> | |
4 | Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> | |
5 | ||
6 | This program is free software; you can redistribute it and/or modify | |
7 | it under the terms of the GNU General Public License version 2 as | |
8 | published by the Free Software Foundation; | |
9 | ||
10 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS | |
11 | OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | |
12 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. | |
13 | IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY | |
8e87d142 YH |
14 | CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES |
15 | WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | |
16 | ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | |
1da177e4 LT |
17 | OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
18 | ||
8e87d142 YH |
19 | ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, |
20 | COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS | |
1da177e4 LT |
21 | SOFTWARE IS DISCLAIMED. |
22 | */ | |
23 | ||
1da177e4 LT |
24 | /* |
25 | * Bluetooth RFCOMM core. | |
1da177e4 LT |
26 | */ |
27 | ||
1da177e4 | 28 | #include <linux/module.h> |
aef7d97c | 29 | #include <linux/debugfs.h> |
a524eccc | 30 | #include <linux/kthread.h> |
1da177e4 LT |
31 | #include <asm/unaligned.h> |
32 | ||
33 | #include <net/bluetooth/bluetooth.h> | |
34 | #include <net/bluetooth/hci_core.h> | |
35 | #include <net/bluetooth/l2cap.h> | |
36 | #include <net/bluetooth/rfcomm.h> | |
37 | ||
5f9018af | 38 | #define VERSION "1.11" |
56f3a40a | 39 | |
eb939922 RR |
40 | static bool disable_cfc; |
41 | static bool l2cap_ertm; | |
98bcd08b | 42 | static int channel_mtu = -1; |
56f3a40a MH |
43 | static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU; |
44 | ||
1da177e4 LT |
45 | static struct task_struct *rfcomm_thread; |
46 | ||
4a3e2f71 AV |
47 | static DEFINE_MUTEX(rfcomm_mutex); |
48 | #define rfcomm_lock() mutex_lock(&rfcomm_mutex) | |
49 | #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex) | |
1da177e4 | 50 | |
1da177e4 LT |
51 | |
52 | static LIST_HEAD(session_list); | |
1da177e4 | 53 | |
5436538f | 54 | static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len); |
1da177e4 LT |
55 | static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci); |
56 | static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci); | |
57 | static int rfcomm_queue_disc(struct rfcomm_dlc *d); | |
58 | static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type); | |
59 | static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d); | |
60 | static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig); | |
61 | static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len); | |
62 | static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits); | |
63 | static void rfcomm_make_uih(struct sk_buff *skb, u8 addr); | |
64 | ||
65 | static void rfcomm_process_connect(struct rfcomm_session *s); | |
66 | ||
63ce0900 LAD |
67 | static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, |
68 | bdaddr_t *dst, | |
69 | u8 sec_level, | |
70 | int *err); | |
1da177e4 | 71 | static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst); |
8ff52f7d | 72 | static struct rfcomm_session *rfcomm_session_del(struct rfcomm_session *s); |
1da177e4 LT |
73 | |
74 | /* ---- RFCOMM frame parsing macros ---- */ | |
75 | #define __get_dlci(b) ((b & 0xfc) >> 2) | |
76 | #define __get_channel(b) ((b & 0xf8) >> 3) | |
77 | #define __get_dir(b) ((b & 0x04) >> 2) | |
78 | #define __get_type(b) ((b & 0xef)) | |
79 | ||
80 | #define __test_ea(b) ((b & 0x01)) | |
81 | #define __test_cr(b) ((b & 0x02)) | |
82 | #define __test_pf(b) ((b & 0x10)) | |
83 | ||
84 | #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01) | |
85 | #define __ctrl(type, pf) (((type & 0xef) | (pf << 4))) | |
86 | #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir) | |
87 | #define __srv_channel(dlci) (dlci >> 1) | |
88 | #define __dir(dlci) (dlci & 0x01) | |
89 | ||
90 | #define __len8(len) (((len) << 1) | 1) | |
91 | #define __len16(len) ((len) << 1) | |
92 | ||
93 | /* MCC macros */ | |
94 | #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01)) | |
95 | #define __get_mcc_type(b) ((b & 0xfc) >> 2) | |
96 | #define __get_mcc_len(b) ((b & 0xfe) >> 1) | |
97 | ||
98 | /* RPN macros */ | |
3a5e903c | 99 | #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3)) |
1da177e4 LT |
100 | #define __get_rpn_data_bits(line) ((line) & 0x3) |
101 | #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1) | |
3a5e903c | 102 | #define __get_rpn_parity(line) (((line) >> 3) & 0x7) |
1da177e4 | 103 | |
6039aa73 | 104 | static void rfcomm_schedule(void) |
1da177e4 LT |
105 | { |
106 | if (!rfcomm_thread) | |
107 | return; | |
1da177e4 LT |
108 | wake_up_process(rfcomm_thread); |
109 | } | |
110 | ||
8ff52f7d | 111 | static struct rfcomm_session *rfcomm_session_put(struct rfcomm_session *s) |
1da177e4 | 112 | { |
8ff52f7d DJ |
113 | if (s && atomic_dec_and_test(&s->refcnt)) |
114 | s = rfcomm_session_del(s); | |
115 | ||
116 | return s; | |
1da177e4 LT |
117 | } |
118 | ||
119 | /* ---- RFCOMM FCS computation ---- */ | |
120 | ||
408c1ce2 | 121 | /* reversed, 8-bit, poly=0x07 */ |
8e87d142 | 122 | static unsigned char rfcomm_crc_table[256] = { |
408c1ce2 MH |
123 | 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75, |
124 | 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b, | |
125 | 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69, | |
126 | 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67, | |
127 | ||
128 | 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d, | |
129 | 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43, | |
130 | 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51, | |
131 | 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f, | |
132 | ||
133 | 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05, | |
134 | 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b, | |
135 | 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19, | |
136 | 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17, | |
137 | ||
138 | 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d, | |
139 | 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33, | |
140 | 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21, | |
141 | 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f, | |
142 | ||
143 | 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95, | |
144 | 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b, | |
145 | 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89, | |
146 | 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87, | |
147 | ||
148 | 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad, | |
149 | 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3, | |
150 | 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1, | |
151 | 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf, | |
152 | ||
153 | 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5, | |
154 | 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb, | |
155 | 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9, | |
156 | 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7, | |
157 | ||
158 | 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd, | |
159 | 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3, | |
160 | 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1, | |
161 | 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf | |
162 | }; | |
163 | ||
1da177e4 LT |
164 | /* CRC on 2 bytes */ |
165 | #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]]) | |
166 | ||
8e87d142 | 167 | /* FCS on 2 bytes */ |
1da177e4 LT |
168 | static inline u8 __fcs(u8 *data) |
169 | { | |
a02cec21 | 170 | return 0xff - __crc(data); |
1da177e4 LT |
171 | } |
172 | ||
8e87d142 | 173 | /* FCS on 3 bytes */ |
1da177e4 LT |
174 | static inline u8 __fcs2(u8 *data) |
175 | { | |
a02cec21 | 176 | return 0xff - rfcomm_crc_table[__crc(data) ^ data[2]]; |
1da177e4 LT |
177 | } |
178 | ||
179 | /* Check FCS */ | |
180 | static inline int __check_fcs(u8 *data, int type, u8 fcs) | |
181 | { | |
182 | u8 f = __crc(data); | |
183 | ||
184 | if (type != RFCOMM_UIH) | |
185 | f = rfcomm_crc_table[f ^ data[2]]; | |
186 | ||
187 | return rfcomm_crc_table[f ^ fcs] != 0xcf; | |
188 | } | |
189 | ||
190 | /* ---- L2CAP callbacks ---- */ | |
191 | static void rfcomm_l2state_change(struct sock *sk) | |
192 | { | |
193 | BT_DBG("%p state %d", sk, sk->sk_state); | |
534c92fd | 194 | rfcomm_schedule(); |
1da177e4 LT |
195 | } |
196 | ||
197 | static void rfcomm_l2data_ready(struct sock *sk, int bytes) | |
198 | { | |
199 | BT_DBG("%p bytes %d", sk, bytes); | |
534c92fd | 200 | rfcomm_schedule(); |
1da177e4 LT |
201 | } |
202 | ||
203 | static int rfcomm_l2sock_create(struct socket **sock) | |
204 | { | |
205 | int err; | |
206 | ||
207 | BT_DBG(""); | |
208 | ||
209 | err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock); | |
210 | if (!err) { | |
211 | struct sock *sk = (*sock)->sk; | |
212 | sk->sk_data_ready = rfcomm_l2data_ready; | |
213 | sk->sk_state_change = rfcomm_l2state_change; | |
214 | } | |
215 | return err; | |
216 | } | |
217 | ||
6039aa73 | 218 | static int rfcomm_check_security(struct rfcomm_dlc *d) |
77db1980 MH |
219 | { |
220 | struct sock *sk = d->session->sock->sk; | |
8c1d787b GP |
221 | struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn; |
222 | ||
0684e5f9 MH |
223 | __u8 auth_type; |
224 | ||
225 | switch (d->sec_level) { | |
226 | case BT_SECURITY_HIGH: | |
227 | auth_type = HCI_AT_GENERAL_BONDING_MITM; | |
228 | break; | |
229 | case BT_SECURITY_MEDIUM: | |
230 | auth_type = HCI_AT_GENERAL_BONDING; | |
231 | break; | |
232 | default: | |
233 | auth_type = HCI_AT_NO_BONDING; | |
234 | break; | |
235 | } | |
77db1980 | 236 | |
8c1d787b | 237 | return hci_conn_security(conn->hcon, d->sec_level, auth_type); |
77db1980 MH |
238 | } |
239 | ||
9e726b17 LAD |
240 | static void rfcomm_session_timeout(unsigned long arg) |
241 | { | |
242 | struct rfcomm_session *s = (void *) arg; | |
243 | ||
244 | BT_DBG("session %p state %ld", s, s->state); | |
245 | ||
246 | set_bit(RFCOMM_TIMED_OUT, &s->flags); | |
534c92fd | 247 | rfcomm_schedule(); |
9e726b17 LAD |
248 | } |
249 | ||
250 | static void rfcomm_session_set_timer(struct rfcomm_session *s, long timeout) | |
251 | { | |
252 | BT_DBG("session %p state %ld timeout %ld", s, s->state, timeout); | |
253 | ||
254 | if (!mod_timer(&s->timer, jiffies + timeout)) | |
255 | rfcomm_session_hold(s); | |
256 | } | |
257 | ||
258 | static void rfcomm_session_clear_timer(struct rfcomm_session *s) | |
259 | { | |
260 | BT_DBG("session %p state %ld", s, s->state); | |
261 | ||
fea7b02f | 262 | if (del_timer_sync(&s->timer)) |
9e726b17 LAD |
263 | rfcomm_session_put(s); |
264 | } | |
265 | ||
1da177e4 LT |
266 | /* ---- RFCOMM DLCs ---- */ |
267 | static void rfcomm_dlc_timeout(unsigned long arg) | |
268 | { | |
269 | struct rfcomm_dlc *d = (void *) arg; | |
270 | ||
271 | BT_DBG("dlc %p state %ld", d, d->state); | |
272 | ||
273 | set_bit(RFCOMM_TIMED_OUT, &d->flags); | |
274 | rfcomm_dlc_put(d); | |
534c92fd | 275 | rfcomm_schedule(); |
1da177e4 LT |
276 | } |
277 | ||
278 | static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout) | |
279 | { | |
280 | BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout); | |
281 | ||
282 | if (!mod_timer(&d->timer, jiffies + timeout)) | |
283 | rfcomm_dlc_hold(d); | |
284 | } | |
285 | ||
286 | static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d) | |
287 | { | |
288 | BT_DBG("dlc %p state %ld", d, d->state); | |
289 | ||
25cc4ae9 | 290 | if (del_timer(&d->timer)) |
1da177e4 LT |
291 | rfcomm_dlc_put(d); |
292 | } | |
293 | ||
294 | static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d) | |
295 | { | |
296 | BT_DBG("%p", d); | |
297 | ||
298 | d->state = BT_OPEN; | |
299 | d->flags = 0; | |
300 | d->mscex = 0; | |
183f732c | 301 | d->sec_level = BT_SECURITY_LOW; |
1da177e4 LT |
302 | d->mtu = RFCOMM_DEFAULT_MTU; |
303 | d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV; | |
304 | ||
305 | d->cfc = RFCOMM_CFC_DISABLED; | |
306 | d->rx_credits = RFCOMM_DEFAULT_CREDITS; | |
307 | } | |
308 | ||
dd0fc66f | 309 | struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio) |
1da177e4 | 310 | { |
25ea6db0 MH |
311 | struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio); |
312 | ||
1da177e4 LT |
313 | if (!d) |
314 | return NULL; | |
1da177e4 | 315 | |
b24b8a24 | 316 | setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d); |
1da177e4 LT |
317 | |
318 | skb_queue_head_init(&d->tx_queue); | |
319 | spin_lock_init(&d->lock); | |
320 | atomic_set(&d->refcnt, 1); | |
321 | ||
322 | rfcomm_dlc_clear_state(d); | |
8e87d142 | 323 | |
1da177e4 | 324 | BT_DBG("%p", d); |
25ea6db0 | 325 | |
1da177e4 LT |
326 | return d; |
327 | } | |
328 | ||
329 | void rfcomm_dlc_free(struct rfcomm_dlc *d) | |
330 | { | |
331 | BT_DBG("%p", d); | |
332 | ||
333 | skb_queue_purge(&d->tx_queue); | |
334 | kfree(d); | |
335 | } | |
336 | ||
337 | static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d) | |
338 | { | |
339 | BT_DBG("dlc %p session %p", d, s); | |
340 | ||
341 | rfcomm_session_hold(s); | |
342 | ||
9e726b17 | 343 | rfcomm_session_clear_timer(s); |
1da177e4 LT |
344 | rfcomm_dlc_hold(d); |
345 | list_add(&d->list, &s->dlcs); | |
346 | d->session = s; | |
347 | } | |
348 | ||
349 | static void rfcomm_dlc_unlink(struct rfcomm_dlc *d) | |
350 | { | |
351 | struct rfcomm_session *s = d->session; | |
352 | ||
353 | BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s); | |
354 | ||
355 | list_del(&d->list); | |
356 | d->session = NULL; | |
357 | rfcomm_dlc_put(d); | |
358 | ||
9e726b17 LAD |
359 | if (list_empty(&s->dlcs)) |
360 | rfcomm_session_set_timer(s, RFCOMM_IDLE_TIMEOUT); | |
361 | ||
1da177e4 LT |
362 | rfcomm_session_put(s); |
363 | } | |
364 | ||
365 | static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci) | |
366 | { | |
367 | struct rfcomm_dlc *d; | |
1da177e4 | 368 | |
8035ded4 | 369 | list_for_each_entry(d, &s->dlcs, list) |
1da177e4 LT |
370 | if (d->dlci == dlci) |
371 | return d; | |
8035ded4 | 372 | |
1da177e4 LT |
373 | return NULL; |
374 | } | |
375 | ||
376 | static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel) | |
377 | { | |
378 | struct rfcomm_session *s; | |
379 | int err = 0; | |
380 | u8 dlci; | |
381 | ||
6ed93dc6 AE |
382 | BT_DBG("dlc %p state %ld %pMR -> %pMR channel %d", |
383 | d, d->state, src, dst, channel); | |
1da177e4 LT |
384 | |
385 | if (channel < 1 || channel > 30) | |
386 | return -EINVAL; | |
387 | ||
388 | if (d->state != BT_OPEN && d->state != BT_CLOSED) | |
389 | return 0; | |
390 | ||
391 | s = rfcomm_session_get(src, dst); | |
392 | if (!s) { | |
63ce0900 | 393 | s = rfcomm_session_create(src, dst, d->sec_level, &err); |
1da177e4 LT |
394 | if (!s) |
395 | return err; | |
396 | } | |
397 | ||
398 | dlci = __dlci(!s->initiator, channel); | |
399 | ||
400 | /* Check if DLCI already exists */ | |
401 | if (rfcomm_dlc_get(s, dlci)) | |
402 | return -EBUSY; | |
403 | ||
404 | rfcomm_dlc_clear_state(d); | |
405 | ||
406 | d->dlci = dlci; | |
407 | d->addr = __addr(s->initiator, dlci); | |
408 | d->priority = 7; | |
409 | ||
77db1980 | 410 | d->state = BT_CONFIG; |
1da177e4 LT |
411 | rfcomm_dlc_link(s, d); |
412 | ||
77db1980 MH |
413 | d->out = 1; |
414 | ||
1da177e4 LT |
415 | d->mtu = s->mtu; |
416 | d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc; | |
417 | ||
77db1980 | 418 | if (s->state == BT_CONNECTED) { |
9f2c8a03 | 419 | if (rfcomm_check_security(d)) |
77db1980 | 420 | rfcomm_send_pn(s, 1, d); |
8c1b2355 MH |
421 | else |
422 | set_bit(RFCOMM_AUTH_PENDING, &d->flags); | |
77db1980 MH |
423 | } |
424 | ||
1da177e4 | 425 | rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT); |
77db1980 | 426 | |
1da177e4 LT |
427 | return 0; |
428 | } | |
429 | ||
430 | int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel) | |
431 | { | |
432 | int r; | |
433 | ||
434 | rfcomm_lock(); | |
435 | ||
436 | r = __rfcomm_dlc_open(d, src, dst, channel); | |
437 | ||
438 | rfcomm_unlock(); | |
439 | return r; | |
440 | } | |
441 | ||
442 | static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err) | |
443 | { | |
444 | struct rfcomm_session *s = d->session; | |
445 | if (!s) | |
446 | return 0; | |
447 | ||
448 | BT_DBG("dlc %p state %ld dlci %d err %d session %p", | |
449 | d, d->state, d->dlci, err, s); | |
450 | ||
451 | switch (d->state) { | |
1da177e4 | 452 | case BT_CONNECT: |
bb23c0ab MH |
453 | case BT_CONFIG: |
454 | if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { | |
455 | set_bit(RFCOMM_AUTH_REJECT, &d->flags); | |
534c92fd | 456 | rfcomm_schedule(); |
bb23c0ab MH |
457 | break; |
458 | } | |
459 | /* Fall through */ | |
460 | ||
461 | case BT_CONNECTED: | |
1da177e4 LT |
462 | d->state = BT_DISCONN; |
463 | if (skb_queue_empty(&d->tx_queue)) { | |
464 | rfcomm_send_disc(s, d->dlci); | |
465 | rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT); | |
466 | } else { | |
467 | rfcomm_queue_disc(d); | |
468 | rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2); | |
469 | } | |
470 | break; | |
471 | ||
bb23c0ab | 472 | case BT_OPEN: |
8bf47941 | 473 | case BT_CONNECT2: |
bb23c0ab MH |
474 | if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { |
475 | set_bit(RFCOMM_AUTH_REJECT, &d->flags); | |
534c92fd | 476 | rfcomm_schedule(); |
bb23c0ab MH |
477 | break; |
478 | } | |
479 | /* Fall through */ | |
480 | ||
1da177e4 LT |
481 | default: |
482 | rfcomm_dlc_clear_timer(d); | |
483 | ||
484 | rfcomm_dlc_lock(d); | |
485 | d->state = BT_CLOSED; | |
1905f6c7 | 486 | d->state_change(d, err); |
4c8411f8 | 487 | rfcomm_dlc_unlock(d); |
1da177e4 LT |
488 | |
489 | skb_queue_purge(&d->tx_queue); | |
1da177e4 LT |
490 | rfcomm_dlc_unlink(d); |
491 | } | |
492 | ||
493 | return 0; | |
494 | } | |
495 | ||
496 | int rfcomm_dlc_close(struct rfcomm_dlc *d, int err) | |
497 | { | |
c06f7d53 DJ |
498 | int r = 0; |
499 | struct rfcomm_dlc *d_list; | |
500 | struct rfcomm_session *s, *s_list; | |
501 | ||
502 | BT_DBG("dlc %p state %ld dlci %d err %d", d, d->state, d->dlci, err); | |
1da177e4 LT |
503 | |
504 | rfcomm_lock(); | |
505 | ||
c06f7d53 DJ |
506 | s = d->session; |
507 | if (!s) | |
508 | goto no_session; | |
509 | ||
510 | /* after waiting on the mutex check the session still exists | |
511 | * then check the dlc still exists | |
512 | */ | |
513 | list_for_each_entry(s_list, &session_list, list) { | |
514 | if (s_list == s) { | |
515 | list_for_each_entry(d_list, &s->dlcs, list) { | |
516 | if (d_list == d) { | |
517 | r = __rfcomm_dlc_close(d, err); | |
518 | break; | |
519 | } | |
520 | } | |
521 | break; | |
522 | } | |
523 | } | |
1da177e4 | 524 | |
c06f7d53 | 525 | no_session: |
1da177e4 LT |
526 | rfcomm_unlock(); |
527 | return r; | |
528 | } | |
529 | ||
530 | int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb) | |
531 | { | |
532 | int len = skb->len; | |
533 | ||
534 | if (d->state != BT_CONNECTED) | |
535 | return -ENOTCONN; | |
536 | ||
537 | BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len); | |
538 | ||
539 | if (len > d->mtu) | |
540 | return -EINVAL; | |
541 | ||
542 | rfcomm_make_uih(skb, d->addr); | |
543 | skb_queue_tail(&d->tx_queue, skb); | |
544 | ||
545 | if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags)) | |
534c92fd | 546 | rfcomm_schedule(); |
1da177e4 LT |
547 | return len; |
548 | } | |
549 | ||
b5606c2d | 550 | void __rfcomm_dlc_throttle(struct rfcomm_dlc *d) |
1da177e4 LT |
551 | { |
552 | BT_DBG("dlc %p state %ld", d, d->state); | |
553 | ||
554 | if (!d->cfc) { | |
555 | d->v24_sig |= RFCOMM_V24_FC; | |
556 | set_bit(RFCOMM_MSC_PENDING, &d->flags); | |
557 | } | |
534c92fd | 558 | rfcomm_schedule(); |
1da177e4 LT |
559 | } |
560 | ||
b5606c2d | 561 | void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d) |
1da177e4 LT |
562 | { |
563 | BT_DBG("dlc %p state %ld", d, d->state); | |
564 | ||
565 | if (!d->cfc) { | |
566 | d->v24_sig &= ~RFCOMM_V24_FC; | |
567 | set_bit(RFCOMM_MSC_PENDING, &d->flags); | |
568 | } | |
534c92fd | 569 | rfcomm_schedule(); |
1da177e4 LT |
570 | } |
571 | ||
8e87d142 | 572 | /* |
1da177e4 LT |
573 | Set/get modem status functions use _local_ status i.e. what we report |
574 | to the other side. | |
575 | Remote status is provided by dlc->modem_status() callback. | |
576 | */ | |
577 | int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig) | |
578 | { | |
8e87d142 | 579 | BT_DBG("dlc %p state %ld v24_sig 0x%x", |
1da177e4 LT |
580 | d, d->state, v24_sig); |
581 | ||
582 | if (test_bit(RFCOMM_RX_THROTTLED, &d->flags)) | |
583 | v24_sig |= RFCOMM_V24_FC; | |
584 | else | |
585 | v24_sig &= ~RFCOMM_V24_FC; | |
8e87d142 | 586 | |
1da177e4 LT |
587 | d->v24_sig = v24_sig; |
588 | ||
589 | if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags)) | |
534c92fd | 590 | rfcomm_schedule(); |
1da177e4 LT |
591 | |
592 | return 0; | |
593 | } | |
594 | ||
595 | int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig) | |
596 | { | |
8e87d142 | 597 | BT_DBG("dlc %p state %ld v24_sig 0x%x", |
1da177e4 LT |
598 | d, d->state, d->v24_sig); |
599 | ||
600 | *v24_sig = d->v24_sig; | |
601 | return 0; | |
602 | } | |
603 | ||
604 | /* ---- RFCOMM sessions ---- */ | |
605 | static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state) | |
606 | { | |
25ea6db0 MH |
607 | struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL); |
608 | ||
1da177e4 LT |
609 | if (!s) |
610 | return NULL; | |
1da177e4 LT |
611 | |
612 | BT_DBG("session %p sock %p", s, sock); | |
613 | ||
9e726b17 LAD |
614 | setup_timer(&s->timer, rfcomm_session_timeout, (unsigned long) s); |
615 | ||
1da177e4 LT |
616 | INIT_LIST_HEAD(&s->dlcs); |
617 | s->state = state; | |
618 | s->sock = sock; | |
619 | ||
620 | s->mtu = RFCOMM_DEFAULT_MTU; | |
7c2660b0 | 621 | s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN; |
1da177e4 LT |
622 | |
623 | /* Do not increment module usage count for listening sessions. | |
624 | * Otherwise we won't be able to unload the module. */ | |
625 | if (state != BT_LISTEN) | |
626 | if (!try_module_get(THIS_MODULE)) { | |
627 | kfree(s); | |
628 | return NULL; | |
629 | } | |
630 | ||
631 | list_add(&s->list, &session_list); | |
632 | ||
633 | return s; | |
634 | } | |
635 | ||
8ff52f7d | 636 | static struct rfcomm_session *rfcomm_session_del(struct rfcomm_session *s) |
1da177e4 LT |
637 | { |
638 | int state = s->state; | |
639 | ||
640 | BT_DBG("session %p state %ld", s, s->state); | |
641 | ||
642 | list_del(&s->list); | |
643 | ||
644 | if (state == BT_CONNECTED) | |
645 | rfcomm_send_disc(s, 0); | |
646 | ||
9e726b17 | 647 | rfcomm_session_clear_timer(s); |
1da177e4 LT |
648 | sock_release(s->sock); |
649 | kfree(s); | |
650 | ||
651 | if (state != BT_LISTEN) | |
652 | module_put(THIS_MODULE); | |
8ff52f7d DJ |
653 | |
654 | return NULL; | |
1da177e4 LT |
655 | } |
656 | ||
657 | static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst) | |
658 | { | |
659 | struct rfcomm_session *s; | |
660 | struct list_head *p, *n; | |
661 | struct bt_sock *sk; | |
662 | list_for_each_safe(p, n, &session_list) { | |
663 | s = list_entry(p, struct rfcomm_session, list); | |
8e87d142 | 664 | sk = bt_sk(s->sock->sk); |
1da177e4 LT |
665 | |
666 | if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) && | |
667 | !bacmp(&sk->dst, dst)) | |
668 | return s; | |
669 | } | |
670 | return NULL; | |
671 | } | |
672 | ||
8ff52f7d DJ |
673 | static struct rfcomm_session *rfcomm_session_close(struct rfcomm_session *s, |
674 | int err) | |
1da177e4 LT |
675 | { |
676 | struct rfcomm_dlc *d; | |
677 | struct list_head *p, *n; | |
678 | ||
679 | BT_DBG("session %p state %ld err %d", s, s->state, err); | |
680 | ||
681 | rfcomm_session_hold(s); | |
682 | ||
683 | s->state = BT_CLOSED; | |
684 | ||
685 | /* Close all dlcs */ | |
686 | list_for_each_safe(p, n, &s->dlcs) { | |
687 | d = list_entry(p, struct rfcomm_dlc, list); | |
688 | d->state = BT_CLOSED; | |
689 | __rfcomm_dlc_close(d, err); | |
690 | } | |
691 | ||
9e726b17 | 692 | rfcomm_session_clear_timer(s); |
8ff52f7d | 693 | return rfcomm_session_put(s); |
1da177e4 LT |
694 | } |
695 | ||
63ce0900 LAD |
696 | static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, |
697 | bdaddr_t *dst, | |
698 | u8 sec_level, | |
699 | int *err) | |
1da177e4 LT |
700 | { |
701 | struct rfcomm_session *s = NULL; | |
702 | struct sockaddr_l2 addr; | |
703 | struct socket *sock; | |
704 | struct sock *sk; | |
705 | ||
6ed93dc6 | 706 | BT_DBG("%pMR -> %pMR", src, dst); |
1da177e4 LT |
707 | |
708 | *err = rfcomm_l2sock_create(&sock); | |
709 | if (*err < 0) | |
710 | return NULL; | |
711 | ||
712 | bacpy(&addr.l2_bdaddr, src); | |
713 | addr.l2_family = AF_BLUETOOTH; | |
714 | addr.l2_psm = 0; | |
37e62f55 | 715 | addr.l2_cid = 0; |
48db9ca4 | 716 | *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr)); |
1da177e4 LT |
717 | if (*err < 0) |
718 | goto failed; | |
719 | ||
720 | /* Set L2CAP options */ | |
721 | sk = sock->sk; | |
722 | lock_sock(sk); | |
0c1bc5c6 | 723 | l2cap_pi(sk)->chan->imtu = l2cap_mtu; |
47d1ec61 | 724 | l2cap_pi(sk)->chan->sec_level = sec_level; |
eae38eed | 725 | if (l2cap_ertm) |
0c1bc5c6 | 726 | l2cap_pi(sk)->chan->mode = L2CAP_MODE_ERTM; |
1da177e4 LT |
727 | release_sock(sk); |
728 | ||
729 | s = rfcomm_session_add(sock, BT_BOUND); | |
730 | if (!s) { | |
731 | *err = -ENOMEM; | |
732 | goto failed; | |
733 | } | |
734 | ||
1da177e4 LT |
735 | s->initiator = 1; |
736 | ||
737 | bacpy(&addr.l2_bdaddr, dst); | |
738 | addr.l2_family = AF_BLUETOOTH; | |
5bcb8094 | 739 | addr.l2_psm = __constant_cpu_to_le16(RFCOMM_PSM); |
37e62f55 | 740 | addr.l2_cid = 0; |
48db9ca4 | 741 | *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK); |
b4c612a4 | 742 | if (*err == 0 || *err == -EINPROGRESS) |
1da177e4 LT |
743 | return s; |
744 | ||
8ff52f7d | 745 | return rfcomm_session_del(s); |
1da177e4 LT |
746 | |
747 | failed: | |
748 | sock_release(sock); | |
749 | return NULL; | |
750 | } | |
751 | ||
752 | void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst) | |
753 | { | |
754 | struct sock *sk = s->sock->sk; | |
755 | if (src) | |
756 | bacpy(src, &bt_sk(sk)->src); | |
757 | if (dst) | |
758 | bacpy(dst, &bt_sk(sk)->dst); | |
759 | } | |
760 | ||
761 | /* ---- RFCOMM frame sending ---- */ | |
5436538f | 762 | static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len) |
1da177e4 | 763 | { |
1da177e4 LT |
764 | struct kvec iv = { data, len }; |
765 | struct msghdr msg; | |
766 | ||
5436538f | 767 | BT_DBG("session %p len %d", s, len); |
1da177e4 LT |
768 | |
769 | memset(&msg, 0, sizeof(msg)); | |
770 | ||
5436538f | 771 | return kernel_sendmsg(s->sock, &msg, &iv, 1, len); |
1da177e4 LT |
772 | } |
773 | ||
262038fc LAD |
774 | static int rfcomm_send_cmd(struct rfcomm_session *s, struct rfcomm_cmd *cmd) |
775 | { | |
776 | BT_DBG("%p cmd %u", s, cmd->ctrl); | |
777 | ||
5436538f | 778 | return rfcomm_send_frame(s, (void *) cmd, sizeof(*cmd)); |
262038fc LAD |
779 | } |
780 | ||
1da177e4 LT |
781 | static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci) |
782 | { | |
783 | struct rfcomm_cmd cmd; | |
784 | ||
785 | BT_DBG("%p dlci %d", s, dlci); | |
786 | ||
787 | cmd.addr = __addr(s->initiator, dlci); | |
788 | cmd.ctrl = __ctrl(RFCOMM_SABM, 1); | |
789 | cmd.len = __len8(0); | |
790 | cmd.fcs = __fcs2((u8 *) &cmd); | |
791 | ||
262038fc | 792 | return rfcomm_send_cmd(s, &cmd); |
1da177e4 LT |
793 | } |
794 | ||
795 | static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci) | |
796 | { | |
797 | struct rfcomm_cmd cmd; | |
798 | ||
799 | BT_DBG("%p dlci %d", s, dlci); | |
800 | ||
801 | cmd.addr = __addr(!s->initiator, dlci); | |
802 | cmd.ctrl = __ctrl(RFCOMM_UA, 1); | |
803 | cmd.len = __len8(0); | |
804 | cmd.fcs = __fcs2((u8 *) &cmd); | |
805 | ||
262038fc | 806 | return rfcomm_send_cmd(s, &cmd); |
1da177e4 LT |
807 | } |
808 | ||
809 | static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci) | |
810 | { | |
811 | struct rfcomm_cmd cmd; | |
812 | ||
813 | BT_DBG("%p dlci %d", s, dlci); | |
814 | ||
815 | cmd.addr = __addr(s->initiator, dlci); | |
816 | cmd.ctrl = __ctrl(RFCOMM_DISC, 1); | |
817 | cmd.len = __len8(0); | |
818 | cmd.fcs = __fcs2((u8 *) &cmd); | |
819 | ||
262038fc | 820 | return rfcomm_send_cmd(s, &cmd); |
1da177e4 LT |
821 | } |
822 | ||
823 | static int rfcomm_queue_disc(struct rfcomm_dlc *d) | |
824 | { | |
825 | struct rfcomm_cmd *cmd; | |
826 | struct sk_buff *skb; | |
827 | ||
828 | BT_DBG("dlc %p dlci %d", d, d->dlci); | |
829 | ||
830 | skb = alloc_skb(sizeof(*cmd), GFP_KERNEL); | |
831 | if (!skb) | |
832 | return -ENOMEM; | |
833 | ||
834 | cmd = (void *) __skb_put(skb, sizeof(*cmd)); | |
835 | cmd->addr = d->addr; | |
836 | cmd->ctrl = __ctrl(RFCOMM_DISC, 1); | |
837 | cmd->len = __len8(0); | |
838 | cmd->fcs = __fcs2((u8 *) cmd); | |
839 | ||
840 | skb_queue_tail(&d->tx_queue, skb); | |
534c92fd | 841 | rfcomm_schedule(); |
1da177e4 LT |
842 | return 0; |
843 | } | |
844 | ||
845 | static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci) | |
846 | { | |
847 | struct rfcomm_cmd cmd; | |
848 | ||
849 | BT_DBG("%p dlci %d", s, dlci); | |
850 | ||
851 | cmd.addr = __addr(!s->initiator, dlci); | |
852 | cmd.ctrl = __ctrl(RFCOMM_DM, 1); | |
853 | cmd.len = __len8(0); | |
854 | cmd.fcs = __fcs2((u8 *) &cmd); | |
855 | ||
262038fc | 856 | return rfcomm_send_cmd(s, &cmd); |
1da177e4 LT |
857 | } |
858 | ||
859 | static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type) | |
860 | { | |
861 | struct rfcomm_hdr *hdr; | |
862 | struct rfcomm_mcc *mcc; | |
863 | u8 buf[16], *ptr = buf; | |
864 | ||
865 | BT_DBG("%p cr %d type %d", s, cr, type); | |
866 | ||
867 | hdr = (void *) ptr; ptr += sizeof(*hdr); | |
868 | hdr->addr = __addr(s->initiator, 0); | |
869 | hdr->ctrl = __ctrl(RFCOMM_UIH, 0); | |
870 | hdr->len = __len8(sizeof(*mcc) + 1); | |
871 | ||
872 | mcc = (void *) ptr; ptr += sizeof(*mcc); | |
873 | mcc->type = __mcc_type(cr, RFCOMM_NSC); | |
874 | mcc->len = __len8(1); | |
875 | ||
876 | /* Type that we didn't like */ | |
877 | *ptr = __mcc_type(cr, type); ptr++; | |
878 | ||
879 | *ptr = __fcs(buf); ptr++; | |
880 | ||
5436538f | 881 | return rfcomm_send_frame(s, buf, ptr - buf); |
1da177e4 LT |
882 | } |
883 | ||
884 | static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d) | |
885 | { | |
886 | struct rfcomm_hdr *hdr; | |
887 | struct rfcomm_mcc *mcc; | |
888 | struct rfcomm_pn *pn; | |
889 | u8 buf[16], *ptr = buf; | |
890 | ||
891 | BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu); | |
892 | ||
893 | hdr = (void *) ptr; ptr += sizeof(*hdr); | |
894 | hdr->addr = __addr(s->initiator, 0); | |
895 | hdr->ctrl = __ctrl(RFCOMM_UIH, 0); | |
896 | hdr->len = __len8(sizeof(*mcc) + sizeof(*pn)); | |
897 | ||
898 | mcc = (void *) ptr; ptr += sizeof(*mcc); | |
899 | mcc->type = __mcc_type(cr, RFCOMM_PN); | |
900 | mcc->len = __len8(sizeof(*pn)); | |
901 | ||
902 | pn = (void *) ptr; ptr += sizeof(*pn); | |
903 | pn->dlci = d->dlci; | |
904 | pn->priority = d->priority; | |
905 | pn->ack_timer = 0; | |
906 | pn->max_retrans = 0; | |
907 | ||
908 | if (s->cfc) { | |
909 | pn->flow_ctrl = cr ? 0xf0 : 0xe0; | |
910 | pn->credits = RFCOMM_DEFAULT_CREDITS; | |
911 | } else { | |
912 | pn->flow_ctrl = 0; | |
913 | pn->credits = 0; | |
914 | } | |
915 | ||
98bcd08b | 916 | if (cr && channel_mtu >= 0) |
b4324b5d | 917 | pn->mtu = cpu_to_le16(channel_mtu); |
98bcd08b | 918 | else |
b4324b5d | 919 | pn->mtu = cpu_to_le16(d->mtu); |
1da177e4 LT |
920 | |
921 | *ptr = __fcs(buf); ptr++; | |
922 | ||
5436538f | 923 | return rfcomm_send_frame(s, buf, ptr - buf); |
1da177e4 LT |
924 | } |
925 | ||
3a5e903c S |
926 | int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci, |
927 | u8 bit_rate, u8 data_bits, u8 stop_bits, | |
8e87d142 | 928 | u8 parity, u8 flow_ctrl_settings, |
3a5e903c | 929 | u8 xon_char, u8 xoff_char, u16 param_mask) |
1da177e4 LT |
930 | { |
931 | struct rfcomm_hdr *hdr; | |
932 | struct rfcomm_mcc *mcc; | |
933 | struct rfcomm_rpn *rpn; | |
934 | u8 buf[16], *ptr = buf; | |
935 | ||
936 | BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x" | |
8e87d142 YH |
937 | " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x", |
938 | s, cr, dlci, bit_rate, data_bits, stop_bits, parity, | |
3a5e903c | 939 | flow_ctrl_settings, xon_char, xoff_char, param_mask); |
1da177e4 LT |
940 | |
941 | hdr = (void *) ptr; ptr += sizeof(*hdr); | |
942 | hdr->addr = __addr(s->initiator, 0); | |
943 | hdr->ctrl = __ctrl(RFCOMM_UIH, 0); | |
944 | hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn)); | |
945 | ||
946 | mcc = (void *) ptr; ptr += sizeof(*mcc); | |
947 | mcc->type = __mcc_type(cr, RFCOMM_RPN); | |
948 | mcc->len = __len8(sizeof(*rpn)); | |
949 | ||
950 | rpn = (void *) ptr; ptr += sizeof(*rpn); | |
951 | rpn->dlci = __addr(1, dlci); | |
952 | rpn->bit_rate = bit_rate; | |
953 | rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity); | |
954 | rpn->flow_ctrl = flow_ctrl_settings; | |
955 | rpn->xon_char = xon_char; | |
956 | rpn->xoff_char = xoff_char; | |
e8db8c99 | 957 | rpn->param_mask = cpu_to_le16(param_mask); |
1da177e4 LT |
958 | |
959 | *ptr = __fcs(buf); ptr++; | |
960 | ||
5436538f | 961 | return rfcomm_send_frame(s, buf, ptr - buf); |
1da177e4 LT |
962 | } |
963 | ||
964 | static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status) | |
965 | { | |
966 | struct rfcomm_hdr *hdr; | |
967 | struct rfcomm_mcc *mcc; | |
968 | struct rfcomm_rls *rls; | |
969 | u8 buf[16], *ptr = buf; | |
970 | ||
971 | BT_DBG("%p cr %d status 0x%x", s, cr, status); | |
972 | ||
973 | hdr = (void *) ptr; ptr += sizeof(*hdr); | |
974 | hdr->addr = __addr(s->initiator, 0); | |
975 | hdr->ctrl = __ctrl(RFCOMM_UIH, 0); | |
976 | hdr->len = __len8(sizeof(*mcc) + sizeof(*rls)); | |
977 | ||
978 | mcc = (void *) ptr; ptr += sizeof(*mcc); | |
979 | mcc->type = __mcc_type(cr, RFCOMM_RLS); | |
980 | mcc->len = __len8(sizeof(*rls)); | |
981 | ||
982 | rls = (void *) ptr; ptr += sizeof(*rls); | |
983 | rls->dlci = __addr(1, dlci); | |
984 | rls->status = status; | |
985 | ||
986 | *ptr = __fcs(buf); ptr++; | |
987 | ||
5436538f | 988 | return rfcomm_send_frame(s, buf, ptr - buf); |
1da177e4 LT |
989 | } |
990 | ||
991 | static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig) | |
992 | { | |
993 | struct rfcomm_hdr *hdr; | |
994 | struct rfcomm_mcc *mcc; | |
995 | struct rfcomm_msc *msc; | |
996 | u8 buf[16], *ptr = buf; | |
997 | ||
998 | BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig); | |
999 | ||
1000 | hdr = (void *) ptr; ptr += sizeof(*hdr); | |
1001 | hdr->addr = __addr(s->initiator, 0); | |
1002 | hdr->ctrl = __ctrl(RFCOMM_UIH, 0); | |
1003 | hdr->len = __len8(sizeof(*mcc) + sizeof(*msc)); | |
1004 | ||
1005 | mcc = (void *) ptr; ptr += sizeof(*mcc); | |
1006 | mcc->type = __mcc_type(cr, RFCOMM_MSC); | |
1007 | mcc->len = __len8(sizeof(*msc)); | |
1008 | ||
1009 | msc = (void *) ptr; ptr += sizeof(*msc); | |
1010 | msc->dlci = __addr(1, dlci); | |
1011 | msc->v24_sig = v24_sig | 0x01; | |
1012 | ||
1013 | *ptr = __fcs(buf); ptr++; | |
1014 | ||
5436538f | 1015 | return rfcomm_send_frame(s, buf, ptr - buf); |
1da177e4 LT |
1016 | } |
1017 | ||
1018 | static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr) | |
1019 | { | |
1020 | struct rfcomm_hdr *hdr; | |
1021 | struct rfcomm_mcc *mcc; | |
1022 | u8 buf[16], *ptr = buf; | |
1023 | ||
1024 | BT_DBG("%p cr %d", s, cr); | |
1025 | ||
1026 | hdr = (void *) ptr; ptr += sizeof(*hdr); | |
1027 | hdr->addr = __addr(s->initiator, 0); | |
1028 | hdr->ctrl = __ctrl(RFCOMM_UIH, 0); | |
1029 | hdr->len = __len8(sizeof(*mcc)); | |
1030 | ||
1031 | mcc = (void *) ptr; ptr += sizeof(*mcc); | |
1032 | mcc->type = __mcc_type(cr, RFCOMM_FCOFF); | |
1033 | mcc->len = __len8(0); | |
1034 | ||
1035 | *ptr = __fcs(buf); ptr++; | |
1036 | ||
5436538f | 1037 | return rfcomm_send_frame(s, buf, ptr - buf); |
1da177e4 LT |
1038 | } |
1039 | ||
1040 | static int rfcomm_send_fcon(struct rfcomm_session *s, int cr) | |
1041 | { | |
1042 | struct rfcomm_hdr *hdr; | |
1043 | struct rfcomm_mcc *mcc; | |
1044 | u8 buf[16], *ptr = buf; | |
1045 | ||
1046 | BT_DBG("%p cr %d", s, cr); | |
1047 | ||
1048 | hdr = (void *) ptr; ptr += sizeof(*hdr); | |
1049 | hdr->addr = __addr(s->initiator, 0); | |
1050 | hdr->ctrl = __ctrl(RFCOMM_UIH, 0); | |
1051 | hdr->len = __len8(sizeof(*mcc)); | |
1052 | ||
1053 | mcc = (void *) ptr; ptr += sizeof(*mcc); | |
1054 | mcc->type = __mcc_type(cr, RFCOMM_FCON); | |
1055 | mcc->len = __len8(0); | |
1056 | ||
1057 | *ptr = __fcs(buf); ptr++; | |
1058 | ||
5436538f | 1059 | return rfcomm_send_frame(s, buf, ptr - buf); |
1da177e4 LT |
1060 | } |
1061 | ||
1062 | static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len) | |
1063 | { | |
1064 | struct socket *sock = s->sock; | |
1065 | struct kvec iv[3]; | |
1066 | struct msghdr msg; | |
1067 | unsigned char hdr[5], crc[1]; | |
1068 | ||
1069 | if (len > 125) | |
1070 | return -EINVAL; | |
1071 | ||
1072 | BT_DBG("%p cr %d", s, cr); | |
1073 | ||
1074 | hdr[0] = __addr(s->initiator, 0); | |
1075 | hdr[1] = __ctrl(RFCOMM_UIH, 0); | |
1076 | hdr[2] = 0x01 | ((len + 2) << 1); | |
1077 | hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2); | |
1078 | hdr[4] = 0x01 | (len << 1); | |
1079 | ||
1080 | crc[0] = __fcs(hdr); | |
1081 | ||
1082 | iv[0].iov_base = hdr; | |
1083 | iv[0].iov_len = 5; | |
1084 | iv[1].iov_base = pattern; | |
1085 | iv[1].iov_len = len; | |
1086 | iv[2].iov_base = crc; | |
1087 | iv[2].iov_len = 1; | |
1088 | ||
1089 | memset(&msg, 0, sizeof(msg)); | |
1090 | ||
1091 | return kernel_sendmsg(sock, &msg, iv, 3, 6 + len); | |
1092 | } | |
1093 | ||
1094 | static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits) | |
1095 | { | |
1096 | struct rfcomm_hdr *hdr; | |
1097 | u8 buf[16], *ptr = buf; | |
1098 | ||
1099 | BT_DBG("%p addr %d credits %d", s, addr, credits); | |
1100 | ||
1101 | hdr = (void *) ptr; ptr += sizeof(*hdr); | |
1102 | hdr->addr = addr; | |
1103 | hdr->ctrl = __ctrl(RFCOMM_UIH, 1); | |
1104 | hdr->len = __len8(0); | |
1105 | ||
1106 | *ptr = credits; ptr++; | |
1107 | ||
1108 | *ptr = __fcs(buf); ptr++; | |
1109 | ||
5436538f | 1110 | return rfcomm_send_frame(s, buf, ptr - buf); |
1da177e4 LT |
1111 | } |
1112 | ||
1113 | static void rfcomm_make_uih(struct sk_buff *skb, u8 addr) | |
1114 | { | |
1115 | struct rfcomm_hdr *hdr; | |
1116 | int len = skb->len; | |
1117 | u8 *crc; | |
1118 | ||
1119 | if (len > 127) { | |
1120 | hdr = (void *) skb_push(skb, 4); | |
b4324b5d | 1121 | put_unaligned(cpu_to_le16(__len16(len)), (__le16 *) &hdr->len); |
1da177e4 LT |
1122 | } else { |
1123 | hdr = (void *) skb_push(skb, 3); | |
1124 | hdr->len = __len8(len); | |
1125 | } | |
1126 | hdr->addr = addr; | |
1127 | hdr->ctrl = __ctrl(RFCOMM_UIH, 0); | |
1128 | ||
1129 | crc = skb_put(skb, 1); | |
1130 | *crc = __fcs((void *) hdr); | |
1131 | } | |
1132 | ||
1133 | /* ---- RFCOMM frame reception ---- */ | |
8ff52f7d | 1134 | static struct rfcomm_session *rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci) |
1da177e4 LT |
1135 | { |
1136 | BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); | |
1137 | ||
1138 | if (dlci) { | |
1139 | /* Data channel */ | |
1140 | struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); | |
1141 | if (!d) { | |
1142 | rfcomm_send_dm(s, dlci); | |
8ff52f7d | 1143 | return s; |
1da177e4 LT |
1144 | } |
1145 | ||
1146 | switch (d->state) { | |
1147 | case BT_CONNECT: | |
1148 | rfcomm_dlc_clear_timer(d); | |
1149 | ||
1150 | rfcomm_dlc_lock(d); | |
1151 | d->state = BT_CONNECTED; | |
1152 | d->state_change(d, 0); | |
1153 | rfcomm_dlc_unlock(d); | |
1154 | ||
1155 | rfcomm_send_msc(s, 1, dlci, d->v24_sig); | |
1156 | break; | |
1157 | ||
1158 | case BT_DISCONN: | |
1159 | d->state = BT_CLOSED; | |
1160 | __rfcomm_dlc_close(d, 0); | |
9cf5b0ea MH |
1161 | |
1162 | if (list_empty(&s->dlcs)) { | |
1163 | s->state = BT_DISCONN; | |
1164 | rfcomm_send_disc(s, 0); | |
79e65478 | 1165 | rfcomm_session_clear_timer(s); |
9cf5b0ea MH |
1166 | } |
1167 | ||
1da177e4 LT |
1168 | break; |
1169 | } | |
1170 | } else { | |
1171 | /* Control channel */ | |
1172 | switch (s->state) { | |
1173 | case BT_CONNECT: | |
1174 | s->state = BT_CONNECTED; | |
1175 | rfcomm_process_connect(s); | |
1176 | break; | |
9cf5b0ea MH |
1177 | |
1178 | case BT_DISCONN: | |
8ff52f7d | 1179 | s = rfcomm_session_close(s, ECONNRESET); |
9cf5b0ea | 1180 | break; |
1da177e4 LT |
1181 | } |
1182 | } | |
8ff52f7d | 1183 | return s; |
1da177e4 LT |
1184 | } |
1185 | ||
8ff52f7d | 1186 | static struct rfcomm_session *rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci) |
1da177e4 LT |
1187 | { |
1188 | int err = 0; | |
1189 | ||
1190 | BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); | |
1191 | ||
1192 | if (dlci) { | |
1193 | /* Data DLC */ | |
1194 | struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); | |
1195 | if (d) { | |
1196 | if (d->state == BT_CONNECT || d->state == BT_CONFIG) | |
1197 | err = ECONNREFUSED; | |
1198 | else | |
1199 | err = ECONNRESET; | |
1200 | ||
1201 | d->state = BT_CLOSED; | |
1202 | __rfcomm_dlc_close(d, err); | |
1203 | } | |
1204 | } else { | |
1205 | if (s->state == BT_CONNECT) | |
1206 | err = ECONNREFUSED; | |
1207 | else | |
1208 | err = ECONNRESET; | |
1209 | ||
1210 | s->state = BT_CLOSED; | |
8ff52f7d | 1211 | s = rfcomm_session_close(s, err); |
1da177e4 | 1212 | } |
8ff52f7d | 1213 | return s; |
1da177e4 LT |
1214 | } |
1215 | ||
8ff52f7d DJ |
1216 | static struct rfcomm_session *rfcomm_recv_disc(struct rfcomm_session *s, |
1217 | u8 dlci) | |
1da177e4 LT |
1218 | { |
1219 | int err = 0; | |
1220 | ||
1221 | BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); | |
1222 | ||
1223 | if (dlci) { | |
1224 | struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); | |
1225 | if (d) { | |
1226 | rfcomm_send_ua(s, dlci); | |
1227 | ||
1228 | if (d->state == BT_CONNECT || d->state == BT_CONFIG) | |
1229 | err = ECONNREFUSED; | |
1230 | else | |
1231 | err = ECONNRESET; | |
1232 | ||
1233 | d->state = BT_CLOSED; | |
1234 | __rfcomm_dlc_close(d, err); | |
8e87d142 | 1235 | } else |
1da177e4 | 1236 | rfcomm_send_dm(s, dlci); |
8e87d142 | 1237 | |
1da177e4 LT |
1238 | } else { |
1239 | rfcomm_send_ua(s, 0); | |
1240 | ||
1241 | if (s->state == BT_CONNECT) | |
1242 | err = ECONNREFUSED; | |
1243 | else | |
1244 | err = ECONNRESET; | |
1245 | ||
1246 | s->state = BT_CLOSED; | |
8ff52f7d | 1247 | s = rfcomm_session_close(s, err); |
1da177e4 | 1248 | } |
8ff52f7d | 1249 | return s; |
1da177e4 LT |
1250 | } |
1251 | ||
bb23c0ab | 1252 | void rfcomm_dlc_accept(struct rfcomm_dlc *d) |
1da177e4 | 1253 | { |
300b9397 | 1254 | struct sock *sk = d->session->sock->sk; |
8c1d787b | 1255 | struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn; |
300b9397 | 1256 | |
1da177e4 LT |
1257 | BT_DBG("dlc %p", d); |
1258 | ||
1259 | rfcomm_send_ua(d->session, d->dlci); | |
1260 | ||
e2139b32 JH |
1261 | rfcomm_dlc_clear_timer(d); |
1262 | ||
1da177e4 LT |
1263 | rfcomm_dlc_lock(d); |
1264 | d->state = BT_CONNECTED; | |
1265 | d->state_change(d, 0); | |
1266 | rfcomm_dlc_unlock(d); | |
1267 | ||
9f2c8a03 | 1268 | if (d->role_switch) |
8c1d787b | 1269 | hci_conn_switch_role(conn->hcon, 0x00); |
300b9397 | 1270 | |
1da177e4 LT |
1271 | rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig); |
1272 | } | |
1273 | ||
bb23c0ab MH |
1274 | static void rfcomm_check_accept(struct rfcomm_dlc *d) |
1275 | { | |
9f2c8a03 | 1276 | if (rfcomm_check_security(d)) { |
bb23c0ab MH |
1277 | if (d->defer_setup) { |
1278 | set_bit(RFCOMM_DEFER_SETUP, &d->flags); | |
1279 | rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); | |
8bf47941 MH |
1280 | |
1281 | rfcomm_dlc_lock(d); | |
1282 | d->state = BT_CONNECT2; | |
1283 | d->state_change(d, 0); | |
1284 | rfcomm_dlc_unlock(d); | |
bb23c0ab MH |
1285 | } else |
1286 | rfcomm_dlc_accept(d); | |
8c1b2355 MH |
1287 | } else { |
1288 | set_bit(RFCOMM_AUTH_PENDING, &d->flags); | |
1289 | rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); | |
bb23c0ab MH |
1290 | } |
1291 | } | |
1292 | ||
1da177e4 LT |
1293 | static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci) |
1294 | { | |
1295 | struct rfcomm_dlc *d; | |
1296 | u8 channel; | |
1297 | ||
1298 | BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); | |
1299 | ||
1300 | if (!dlci) { | |
1301 | rfcomm_send_ua(s, 0); | |
1302 | ||
1303 | if (s->state == BT_OPEN) { | |
1304 | s->state = BT_CONNECTED; | |
1305 | rfcomm_process_connect(s); | |
1306 | } | |
1307 | return 0; | |
1308 | } | |
1309 | ||
1310 | /* Check if DLC exists */ | |
1311 | d = rfcomm_dlc_get(s, dlci); | |
1312 | if (d) { | |
1313 | if (d->state == BT_OPEN) { | |
1314 | /* DLC was previously opened by PN request */ | |
bb23c0ab | 1315 | rfcomm_check_accept(d); |
1da177e4 LT |
1316 | } |
1317 | return 0; | |
1318 | } | |
1319 | ||
1320 | /* Notify socket layer about incoming connection */ | |
1321 | channel = __srv_channel(dlci); | |
1322 | if (rfcomm_connect_ind(s, channel, &d)) { | |
1323 | d->dlci = dlci; | |
1324 | d->addr = __addr(s->initiator, dlci); | |
1325 | rfcomm_dlc_link(s, d); | |
1326 | ||
bb23c0ab | 1327 | rfcomm_check_accept(d); |
1da177e4 LT |
1328 | } else { |
1329 | rfcomm_send_dm(s, dlci); | |
1330 | } | |
1331 | ||
1332 | return 0; | |
1333 | } | |
1334 | ||
1335 | static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn) | |
1336 | { | |
1337 | struct rfcomm_session *s = d->session; | |
1338 | ||
8e87d142 | 1339 | BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d", |
1da177e4 LT |
1340 | d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits); |
1341 | ||
7c2660b0 MH |
1342 | if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) || |
1343 | pn->flow_ctrl == 0xe0) { | |
1344 | d->cfc = RFCOMM_CFC_ENABLED; | |
1da177e4 LT |
1345 | d->tx_credits = pn->credits; |
1346 | } else { | |
7c2660b0 | 1347 | d->cfc = RFCOMM_CFC_DISABLED; |
1da177e4 LT |
1348 | set_bit(RFCOMM_TX_THROTTLED, &d->flags); |
1349 | } | |
1350 | ||
7c2660b0 MH |
1351 | if (s->cfc == RFCOMM_CFC_UNKNOWN) |
1352 | s->cfc = d->cfc; | |
1353 | ||
1da177e4 LT |
1354 | d->priority = pn->priority; |
1355 | ||
b4324b5d | 1356 | d->mtu = __le16_to_cpu(pn->mtu); |
98bcd08b MH |
1357 | |
1358 | if (cr && d->mtu > s->mtu) | |
1359 | d->mtu = s->mtu; | |
1da177e4 LT |
1360 | |
1361 | return 0; | |
1362 | } | |
1363 | ||
1364 | static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb) | |
1365 | { | |
1366 | struct rfcomm_pn *pn = (void *) skb->data; | |
1367 | struct rfcomm_dlc *d; | |
1368 | u8 dlci = pn->dlci; | |
1369 | ||
1370 | BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); | |
1371 | ||
1372 | if (!dlci) | |
1373 | return 0; | |
1374 | ||
1375 | d = rfcomm_dlc_get(s, dlci); | |
1376 | if (d) { | |
1377 | if (cr) { | |
1378 | /* PN request */ | |
1379 | rfcomm_apply_pn(d, cr, pn); | |
1380 | rfcomm_send_pn(s, 0, d); | |
1381 | } else { | |
1382 | /* PN response */ | |
1383 | switch (d->state) { | |
1384 | case BT_CONFIG: | |
1385 | rfcomm_apply_pn(d, cr, pn); | |
1386 | ||
1387 | d->state = BT_CONNECT; | |
1388 | rfcomm_send_sabm(s, d->dlci); | |
1389 | break; | |
1390 | } | |
1391 | } | |
1392 | } else { | |
1393 | u8 channel = __srv_channel(dlci); | |
1394 | ||
1395 | if (!cr) | |
1396 | return 0; | |
1397 | ||
1398 | /* PN request for non existing DLC. | |
1399 | * Assume incoming connection. */ | |
1400 | if (rfcomm_connect_ind(s, channel, &d)) { | |
1401 | d->dlci = dlci; | |
1402 | d->addr = __addr(s->initiator, dlci); | |
1403 | rfcomm_dlc_link(s, d); | |
1404 | ||
1405 | rfcomm_apply_pn(d, cr, pn); | |
1406 | ||
1407 | d->state = BT_OPEN; | |
1408 | rfcomm_send_pn(s, 0, d); | |
1409 | } else { | |
1410 | rfcomm_send_dm(s, dlci); | |
1411 | } | |
1412 | } | |
1413 | return 0; | |
1414 | } | |
1415 | ||
1416 | static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb) | |
1417 | { | |
1418 | struct rfcomm_rpn *rpn = (void *) skb->data; | |
1419 | u8 dlci = __get_dlci(rpn->dlci); | |
1420 | ||
1421 | u8 bit_rate = 0; | |
1422 | u8 data_bits = 0; | |
1423 | u8 stop_bits = 0; | |
1424 | u8 parity = 0; | |
1425 | u8 flow_ctrl = 0; | |
1426 | u8 xon_char = 0; | |
1427 | u8 xoff_char = 0; | |
1428 | u16 rpn_mask = RFCOMM_RPN_PM_ALL; | |
3a5e903c S |
1429 | |
1430 | BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x", | |
1431 | dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl, | |
1432 | rpn->xon_char, rpn->xoff_char, rpn->param_mask); | |
1433 | ||
1434 | if (!cr) | |
1da177e4 | 1435 | return 0; |
3a5e903c | 1436 | |
1da177e4 | 1437 | if (len == 1) { |
08601469 YK |
1438 | /* This is a request, return default (according to ETSI TS 07.10) settings */ |
1439 | bit_rate = RFCOMM_RPN_BR_9600; | |
1da177e4 LT |
1440 | data_bits = RFCOMM_RPN_DATA_8; |
1441 | stop_bits = RFCOMM_RPN_STOP_1; | |
1442 | parity = RFCOMM_RPN_PARITY_NONE; | |
1443 | flow_ctrl = RFCOMM_RPN_FLOW_NONE; | |
1444 | xon_char = RFCOMM_RPN_XON_CHAR; | |
1445 | xoff_char = RFCOMM_RPN_XOFF_CHAR; | |
1da177e4 LT |
1446 | goto rpn_out; |
1447 | } | |
3a5e903c S |
1448 | |
1449 | /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit, | |
1450 | * no parity, no flow control lines, normal XON/XOFF chars */ | |
1451 | ||
e8db8c99 | 1452 | if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) { |
1da177e4 | 1453 | bit_rate = rpn->bit_rate; |
08601469 | 1454 | if (bit_rate > RFCOMM_RPN_BR_230400) { |
1da177e4 | 1455 | BT_DBG("RPN bit rate mismatch 0x%x", bit_rate); |
08601469 | 1456 | bit_rate = RFCOMM_RPN_BR_9600; |
1da177e4 LT |
1457 | rpn_mask ^= RFCOMM_RPN_PM_BITRATE; |
1458 | } | |
1459 | } | |
3a5e903c | 1460 | |
e8db8c99 | 1461 | if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) { |
1da177e4 LT |
1462 | data_bits = __get_rpn_data_bits(rpn->line_settings); |
1463 | if (data_bits != RFCOMM_RPN_DATA_8) { | |
1464 | BT_DBG("RPN data bits mismatch 0x%x", data_bits); | |
1465 | data_bits = RFCOMM_RPN_DATA_8; | |
1466 | rpn_mask ^= RFCOMM_RPN_PM_DATA; | |
1467 | } | |
1468 | } | |
3a5e903c | 1469 | |
e8db8c99 | 1470 | if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) { |
1da177e4 LT |
1471 | stop_bits = __get_rpn_stop_bits(rpn->line_settings); |
1472 | if (stop_bits != RFCOMM_RPN_STOP_1) { | |
1473 | BT_DBG("RPN stop bits mismatch 0x%x", stop_bits); | |
1474 | stop_bits = RFCOMM_RPN_STOP_1; | |
1475 | rpn_mask ^= RFCOMM_RPN_PM_STOP; | |
1476 | } | |
1477 | } | |
3a5e903c | 1478 | |
e8db8c99 | 1479 | if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) { |
1da177e4 LT |
1480 | parity = __get_rpn_parity(rpn->line_settings); |
1481 | if (parity != RFCOMM_RPN_PARITY_NONE) { | |
1482 | BT_DBG("RPN parity mismatch 0x%x", parity); | |
1483 | parity = RFCOMM_RPN_PARITY_NONE; | |
1484 | rpn_mask ^= RFCOMM_RPN_PM_PARITY; | |
1485 | } | |
1486 | } | |
3a5e903c | 1487 | |
e8db8c99 | 1488 | if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) { |
1da177e4 LT |
1489 | flow_ctrl = rpn->flow_ctrl; |
1490 | if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) { | |
1491 | BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl); | |
1492 | flow_ctrl = RFCOMM_RPN_FLOW_NONE; | |
1493 | rpn_mask ^= RFCOMM_RPN_PM_FLOW; | |
1494 | } | |
1495 | } | |
3a5e903c | 1496 | |
e8db8c99 | 1497 | if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) { |
1da177e4 LT |
1498 | xon_char = rpn->xon_char; |
1499 | if (xon_char != RFCOMM_RPN_XON_CHAR) { | |
1500 | BT_DBG("RPN XON char mismatch 0x%x", xon_char); | |
1501 | xon_char = RFCOMM_RPN_XON_CHAR; | |
1502 | rpn_mask ^= RFCOMM_RPN_PM_XON; | |
1503 | } | |
1504 | } | |
3a5e903c | 1505 | |
e8db8c99 | 1506 | if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) { |
1da177e4 LT |
1507 | xoff_char = rpn->xoff_char; |
1508 | if (xoff_char != RFCOMM_RPN_XOFF_CHAR) { | |
1509 | BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char); | |
1510 | xoff_char = RFCOMM_RPN_XOFF_CHAR; | |
1511 | rpn_mask ^= RFCOMM_RPN_PM_XOFF; | |
1512 | } | |
1513 | } | |
1514 | ||
1515 | rpn_out: | |
3a5e903c S |
1516 | rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits, |
1517 | parity, flow_ctrl, xon_char, xoff_char, rpn_mask); | |
1da177e4 LT |
1518 | |
1519 | return 0; | |
1520 | } | |
1521 | ||
1522 | static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb) | |
1523 | { | |
1524 | struct rfcomm_rls *rls = (void *) skb->data; | |
1525 | u8 dlci = __get_dlci(rls->dlci); | |
1526 | ||
1527 | BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status); | |
3a5e903c | 1528 | |
1da177e4 LT |
1529 | if (!cr) |
1530 | return 0; | |
1531 | ||
3a5e903c S |
1532 | /* We should probably do something with this information here. But |
1533 | * for now it's sufficient just to reply -- Bluetooth 1.1 says it's | |
1534 | * mandatory to recognise and respond to RLS */ | |
1da177e4 LT |
1535 | |
1536 | rfcomm_send_rls(s, 0, dlci, rls->status); | |
1537 | ||
1538 | return 0; | |
1539 | } | |
1540 | ||
1541 | static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb) | |
1542 | { | |
1543 | struct rfcomm_msc *msc = (void *) skb->data; | |
1544 | struct rfcomm_dlc *d; | |
1545 | u8 dlci = __get_dlci(msc->dlci); | |
1546 | ||
1547 | BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig); | |
1548 | ||
1549 | d = rfcomm_dlc_get(s, dlci); | |
3a5e903c | 1550 | if (!d) |
1da177e4 LT |
1551 | return 0; |
1552 | ||
1553 | if (cr) { | |
1554 | if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc) | |
1555 | set_bit(RFCOMM_TX_THROTTLED, &d->flags); | |
1556 | else | |
1557 | clear_bit(RFCOMM_TX_THROTTLED, &d->flags); | |
3a5e903c | 1558 | |
1da177e4 | 1559 | rfcomm_dlc_lock(d); |
8b6b3da7 MH |
1560 | |
1561 | d->remote_v24_sig = msc->v24_sig; | |
1562 | ||
1da177e4 LT |
1563 | if (d->modem_status) |
1564 | d->modem_status(d, msc->v24_sig); | |
8b6b3da7 | 1565 | |
1da177e4 | 1566 | rfcomm_dlc_unlock(d); |
8e87d142 | 1567 | |
1da177e4 LT |
1568 | rfcomm_send_msc(s, 0, dlci, msc->v24_sig); |
1569 | ||
1570 | d->mscex |= RFCOMM_MSCEX_RX; | |
3a5e903c | 1571 | } else |
1da177e4 LT |
1572 | d->mscex |= RFCOMM_MSCEX_TX; |
1573 | ||
1574 | return 0; | |
1575 | } | |
1576 | ||
1577 | static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb) | |
1578 | { | |
1579 | struct rfcomm_mcc *mcc = (void *) skb->data; | |
1580 | u8 type, cr, len; | |
1581 | ||
1582 | cr = __test_cr(mcc->type); | |
1583 | type = __get_mcc_type(mcc->type); | |
1584 | len = __get_mcc_len(mcc->len); | |
1585 | ||
1586 | BT_DBG("%p type 0x%x cr %d", s, type, cr); | |
1587 | ||
1588 | skb_pull(skb, 2); | |
1589 | ||
1590 | switch (type) { | |
1591 | case RFCOMM_PN: | |
1592 | rfcomm_recv_pn(s, cr, skb); | |
1593 | break; | |
1594 | ||
1595 | case RFCOMM_RPN: | |
1596 | rfcomm_recv_rpn(s, cr, len, skb); | |
1597 | break; | |
1598 | ||
1599 | case RFCOMM_RLS: | |
1600 | rfcomm_recv_rls(s, cr, skb); | |
1601 | break; | |
1602 | ||
1603 | case RFCOMM_MSC: | |
1604 | rfcomm_recv_msc(s, cr, skb); | |
1605 | break; | |
1606 | ||
1607 | case RFCOMM_FCOFF: | |
1608 | if (cr) { | |
1609 | set_bit(RFCOMM_TX_THROTTLED, &s->flags); | |
1610 | rfcomm_send_fcoff(s, 0); | |
1611 | } | |
1612 | break; | |
1613 | ||
1614 | case RFCOMM_FCON: | |
1615 | if (cr) { | |
1616 | clear_bit(RFCOMM_TX_THROTTLED, &s->flags); | |
1617 | rfcomm_send_fcon(s, 0); | |
1618 | } | |
1619 | break; | |
1620 | ||
1621 | case RFCOMM_TEST: | |
1622 | if (cr) | |
1623 | rfcomm_send_test(s, 0, skb->data, skb->len); | |
1624 | break; | |
1625 | ||
1626 | case RFCOMM_NSC: | |
1627 | break; | |
1628 | ||
1629 | default: | |
1630 | BT_ERR("Unknown control type 0x%02x", type); | |
1631 | rfcomm_send_nsc(s, cr, type); | |
1632 | break; | |
1633 | } | |
1634 | return 0; | |
1635 | } | |
1636 | ||
1637 | static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb) | |
1638 | { | |
1639 | struct rfcomm_dlc *d; | |
1640 | ||
1641 | BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf); | |
1642 | ||
1643 | d = rfcomm_dlc_get(s, dlci); | |
1644 | if (!d) { | |
1645 | rfcomm_send_dm(s, dlci); | |
1646 | goto drop; | |
1647 | } | |
1648 | ||
1649 | if (pf && d->cfc) { | |
1650 | u8 credits = *(u8 *) skb->data; skb_pull(skb, 1); | |
1651 | ||
1652 | d->tx_credits += credits; | |
1653 | if (d->tx_credits) | |
1654 | clear_bit(RFCOMM_TX_THROTTLED, &d->flags); | |
1655 | } | |
1656 | ||
1657 | if (skb->len && d->state == BT_CONNECTED) { | |
1658 | rfcomm_dlc_lock(d); | |
1659 | d->rx_credits--; | |
1660 | d->data_ready(d, skb); | |
1661 | rfcomm_dlc_unlock(d); | |
1662 | return 0; | |
1663 | } | |
1664 | ||
1665 | drop: | |
1666 | kfree_skb(skb); | |
1667 | return 0; | |
1668 | } | |
1669 | ||
8ff52f7d DJ |
1670 | static struct rfcomm_session *rfcomm_recv_frame(struct rfcomm_session *s, |
1671 | struct sk_buff *skb) | |
1da177e4 LT |
1672 | { |
1673 | struct rfcomm_hdr *hdr = (void *) skb->data; | |
1674 | u8 type, dlci, fcs; | |
1675 | ||
8ff52f7d DJ |
1676 | if (!s) { |
1677 | /* no session, so free socket data */ | |
1678 | kfree_skb(skb); | |
1679 | return s; | |
1680 | } | |
1681 | ||
1da177e4 LT |
1682 | dlci = __get_dlci(hdr->addr); |
1683 | type = __get_type(hdr->ctrl); | |
1684 | ||
1685 | /* Trim FCS */ | |
1686 | skb->len--; skb->tail--; | |
27a884dc | 1687 | fcs = *(u8 *)skb_tail_pointer(skb); |
1da177e4 LT |
1688 | |
1689 | if (__check_fcs(skb->data, type, fcs)) { | |
1690 | BT_ERR("bad checksum in packet"); | |
1691 | kfree_skb(skb); | |
8ff52f7d | 1692 | return s; |
1da177e4 LT |
1693 | } |
1694 | ||
1695 | if (__test_ea(hdr->len)) | |
1696 | skb_pull(skb, 3); | |
1697 | else | |
1698 | skb_pull(skb, 4); | |
1699 | ||
1700 | switch (type) { | |
1701 | case RFCOMM_SABM: | |
1702 | if (__test_pf(hdr->ctrl)) | |
1703 | rfcomm_recv_sabm(s, dlci); | |
1704 | break; | |
1705 | ||
1706 | case RFCOMM_DISC: | |
1707 | if (__test_pf(hdr->ctrl)) | |
8ff52f7d | 1708 | s = rfcomm_recv_disc(s, dlci); |
1da177e4 LT |
1709 | break; |
1710 | ||
1711 | case RFCOMM_UA: | |
1712 | if (__test_pf(hdr->ctrl)) | |
8ff52f7d | 1713 | s = rfcomm_recv_ua(s, dlci); |
1da177e4 LT |
1714 | break; |
1715 | ||
1716 | case RFCOMM_DM: | |
8ff52f7d | 1717 | s = rfcomm_recv_dm(s, dlci); |
1da177e4 LT |
1718 | break; |
1719 | ||
1720 | case RFCOMM_UIH: | |
8ff52f7d DJ |
1721 | if (dlci) { |
1722 | rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb); | |
1723 | return s; | |
1724 | } | |
1da177e4 LT |
1725 | rfcomm_recv_mcc(s, skb); |
1726 | break; | |
1727 | ||
1728 | default: | |
5017d8dd | 1729 | BT_ERR("Unknown packet type 0x%02x", type); |
1da177e4 LT |
1730 | break; |
1731 | } | |
1732 | kfree_skb(skb); | |
8ff52f7d | 1733 | return s; |
1da177e4 LT |
1734 | } |
1735 | ||
1736 | /* ---- Connection and data processing ---- */ | |
1737 | ||
1738 | static void rfcomm_process_connect(struct rfcomm_session *s) | |
1739 | { | |
1740 | struct rfcomm_dlc *d; | |
1741 | struct list_head *p, *n; | |
1742 | ||
1743 | BT_DBG("session %p state %ld", s, s->state); | |
1744 | ||
1745 | list_for_each_safe(p, n, &s->dlcs) { | |
1746 | d = list_entry(p, struct rfcomm_dlc, list); | |
1747 | if (d->state == BT_CONFIG) { | |
1748 | d->mtu = s->mtu; | |
9f2c8a03 | 1749 | if (rfcomm_check_security(d)) { |
8c1b2355 MH |
1750 | rfcomm_send_pn(s, 1, d); |
1751 | } else { | |
77db1980 MH |
1752 | set_bit(RFCOMM_AUTH_PENDING, &d->flags); |
1753 | rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); | |
8c1b2355 | 1754 | } |
1da177e4 LT |
1755 | } |
1756 | } | |
1757 | } | |
1758 | ||
1759 | /* Send data queued for the DLC. | |
1760 | * Return number of frames left in the queue. | |
1761 | */ | |
6039aa73 | 1762 | static int rfcomm_process_tx(struct rfcomm_dlc *d) |
1da177e4 LT |
1763 | { |
1764 | struct sk_buff *skb; | |
1765 | int err; | |
1766 | ||
8e87d142 | 1767 | BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d", |
1da177e4 LT |
1768 | d, d->state, d->cfc, d->rx_credits, d->tx_credits); |
1769 | ||
1770 | /* Send pending MSC */ | |
1771 | if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags)) | |
8e87d142 | 1772 | rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig); |
1da177e4 LT |
1773 | |
1774 | if (d->cfc) { | |
8e87d142 | 1775 | /* CFC enabled. |
1da177e4 LT |
1776 | * Give them some credits */ |
1777 | if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) && | |
8e87d142 | 1778 | d->rx_credits <= (d->cfc >> 2)) { |
1da177e4 LT |
1779 | rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits); |
1780 | d->rx_credits = d->cfc; | |
1781 | } | |
1782 | } else { | |
1783 | /* CFC disabled. | |
1784 | * Give ourselves some credits */ | |
1785 | d->tx_credits = 5; | |
1786 | } | |
1787 | ||
1788 | if (test_bit(RFCOMM_TX_THROTTLED, &d->flags)) | |
1789 | return skb_queue_len(&d->tx_queue); | |
1790 | ||
1791 | while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) { | |
5436538f | 1792 | err = rfcomm_send_frame(d->session, skb->data, skb->len); |
1da177e4 LT |
1793 | if (err < 0) { |
1794 | skb_queue_head(&d->tx_queue, skb); | |
1795 | break; | |
1796 | } | |
1797 | kfree_skb(skb); | |
1798 | d->tx_credits--; | |
1799 | } | |
1800 | ||
1801 | if (d->cfc && !d->tx_credits) { | |
1802 | /* We're out of TX credits. | |
1803 | * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */ | |
1804 | set_bit(RFCOMM_TX_THROTTLED, &d->flags); | |
1805 | } | |
1806 | ||
1807 | return skb_queue_len(&d->tx_queue); | |
1808 | } | |
1809 | ||
6039aa73 | 1810 | static void rfcomm_process_dlcs(struct rfcomm_session *s) |
1da177e4 LT |
1811 | { |
1812 | struct rfcomm_dlc *d; | |
1813 | struct list_head *p, *n; | |
1814 | ||
1815 | BT_DBG("session %p state %ld", s, s->state); | |
1816 | ||
1817 | list_for_each_safe(p, n, &s->dlcs) { | |
1818 | d = list_entry(p, struct rfcomm_dlc, list); | |
1819 | ||
1820 | if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) { | |
1821 | __rfcomm_dlc_close(d, ETIMEDOUT); | |
1822 | continue; | |
1823 | } | |
1824 | ||
db54467a SJ |
1825 | if (test_bit(RFCOMM_ENC_DROP, &d->flags)) { |
1826 | __rfcomm_dlc_close(d, ECONNREFUSED); | |
1827 | continue; | |
1828 | } | |
1829 | ||
1da177e4 LT |
1830 | if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) { |
1831 | rfcomm_dlc_clear_timer(d); | |
77db1980 MH |
1832 | if (d->out) { |
1833 | rfcomm_send_pn(s, 1, d); | |
1834 | rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT); | |
bb23c0ab MH |
1835 | } else { |
1836 | if (d->defer_setup) { | |
1837 | set_bit(RFCOMM_DEFER_SETUP, &d->flags); | |
1838 | rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); | |
8bf47941 MH |
1839 | |
1840 | rfcomm_dlc_lock(d); | |
1841 | d->state = BT_CONNECT2; | |
1842 | d->state_change(d, 0); | |
1843 | rfcomm_dlc_unlock(d); | |
bb23c0ab MH |
1844 | } else |
1845 | rfcomm_dlc_accept(d); | |
1846 | } | |
1da177e4 LT |
1847 | continue; |
1848 | } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) { | |
1849 | rfcomm_dlc_clear_timer(d); | |
77db1980 MH |
1850 | if (!d->out) |
1851 | rfcomm_send_dm(s, d->dlci); | |
1852 | else | |
1853 | d->state = BT_CLOSED; | |
1da177e4 LT |
1854 | __rfcomm_dlc_close(d, ECONNREFUSED); |
1855 | continue; | |
1856 | } | |
1857 | ||
6e1031a4 JG |
1858 | if (test_bit(RFCOMM_SEC_PENDING, &d->flags)) |
1859 | continue; | |
1860 | ||
1da177e4 LT |
1861 | if (test_bit(RFCOMM_TX_THROTTLED, &s->flags)) |
1862 | continue; | |
1863 | ||
1864 | if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) && | |
77db1980 | 1865 | d->mscex == RFCOMM_MSCEX_OK) |
1da177e4 LT |
1866 | rfcomm_process_tx(d); |
1867 | } | |
1868 | } | |
1869 | ||
8ff52f7d | 1870 | static struct rfcomm_session *rfcomm_process_rx(struct rfcomm_session *s) |
1da177e4 LT |
1871 | { |
1872 | struct socket *sock = s->sock; | |
1873 | struct sock *sk = sock->sk; | |
1874 | struct sk_buff *skb; | |
1875 | ||
1876 | BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue)); | |
1877 | ||
1878 | /* Get data directly from socket receive queue without copying it. */ | |
1879 | while ((skb = skb_dequeue(&sk->sk_receive_queue))) { | |
1880 | skb_orphan(skb); | |
44935720 | 1881 | if (!skb_linearize(skb)) |
8ff52f7d | 1882 | s = rfcomm_recv_frame(s, skb); |
44935720 MM |
1883 | else |
1884 | kfree_skb(skb); | |
1da177e4 LT |
1885 | } |
1886 | ||
8ff52f7d | 1887 | if (s && (sk->sk_state == BT_CLOSED)) { |
1da177e4 | 1888 | if (!s->initiator) |
8ff52f7d | 1889 | s = rfcomm_session_put(s); |
1da177e4 | 1890 | |
8ff52f7d DJ |
1891 | if (s) |
1892 | s = rfcomm_session_close(s, sk->sk_err); | |
1da177e4 | 1893 | } |
8ff52f7d DJ |
1894 | |
1895 | return s; | |
1da177e4 LT |
1896 | } |
1897 | ||
6039aa73 | 1898 | static void rfcomm_accept_connection(struct rfcomm_session *s) |
1da177e4 LT |
1899 | { |
1900 | struct socket *sock = s->sock, *nsock; | |
1901 | int err; | |
1902 | ||
1903 | /* Fast check for a new connection. | |
1904 | * Avoids unnesesary socket allocations. */ | |
1905 | if (list_empty(&bt_sk(sock->sk)->accept_q)) | |
1906 | return; | |
1907 | ||
1908 | BT_DBG("session %p", s); | |
1909 | ||
48db9ca4 MH |
1910 | err = kernel_accept(sock, &nsock, O_NONBLOCK); |
1911 | if (err < 0) | |
1da177e4 LT |
1912 | return; |
1913 | ||
1da177e4 LT |
1914 | /* Set our callbacks */ |
1915 | nsock->sk->sk_data_ready = rfcomm_l2data_ready; | |
1916 | nsock->sk->sk_state_change = rfcomm_l2state_change; | |
1917 | ||
1918 | s = rfcomm_session_add(nsock, BT_OPEN); | |
1919 | if (s) { | |
1920 | rfcomm_session_hold(s); | |
98bcd08b MH |
1921 | |
1922 | /* We should adjust MTU on incoming sessions. | |
1923 | * L2CAP MTU minus UIH header and FCS. */ | |
0c1bc5c6 GP |
1924 | s->mtu = min(l2cap_pi(nsock->sk)->chan->omtu, |
1925 | l2cap_pi(nsock->sk)->chan->imtu) - 5; | |
98bcd08b | 1926 | |
534c92fd | 1927 | rfcomm_schedule(); |
1da177e4 LT |
1928 | } else |
1929 | sock_release(nsock); | |
1930 | } | |
1931 | ||
8ff52f7d | 1932 | static struct rfcomm_session *rfcomm_check_connection(struct rfcomm_session *s) |
1da177e4 LT |
1933 | { |
1934 | struct sock *sk = s->sock->sk; | |
1935 | ||
1936 | BT_DBG("%p state %ld", s, s->state); | |
1937 | ||
285b4e90 | 1938 | switch (sk->sk_state) { |
1da177e4 LT |
1939 | case BT_CONNECTED: |
1940 | s->state = BT_CONNECT; | |
1941 | ||
1942 | /* We can adjust MTU on outgoing sessions. | |
1943 | * L2CAP MTU minus UIH header and FCS. */ | |
0c1bc5c6 | 1944 | s->mtu = min(l2cap_pi(sk)->chan->omtu, l2cap_pi(sk)->chan->imtu) - 5; |
1da177e4 LT |
1945 | |
1946 | rfcomm_send_sabm(s, 0); | |
1947 | break; | |
1948 | ||
1949 | case BT_CLOSED: | |
1950 | s->state = BT_CLOSED; | |
8ff52f7d | 1951 | s = rfcomm_session_close(s, sk->sk_err); |
1da177e4 LT |
1952 | break; |
1953 | } | |
8ff52f7d | 1954 | return s; |
1da177e4 LT |
1955 | } |
1956 | ||
6039aa73 | 1957 | static void rfcomm_process_sessions(void) |
1da177e4 LT |
1958 | { |
1959 | struct list_head *p, *n; | |
1960 | ||
1961 | rfcomm_lock(); | |
1962 | ||
1963 | list_for_each_safe(p, n, &session_list) { | |
1964 | struct rfcomm_session *s; | |
1965 | s = list_entry(p, struct rfcomm_session, list); | |
1966 | ||
9e726b17 LAD |
1967 | if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) { |
1968 | s->state = BT_DISCONN; | |
1969 | rfcomm_send_disc(s, 0); | |
485f1eff | 1970 | rfcomm_session_put(s); |
9e726b17 LAD |
1971 | continue; |
1972 | } | |
1973 | ||
1da177e4 LT |
1974 | if (s->state == BT_LISTEN) { |
1975 | rfcomm_accept_connection(s); | |
1976 | continue; | |
1977 | } | |
1978 | ||
1979 | rfcomm_session_hold(s); | |
1980 | ||
1981 | switch (s->state) { | |
1982 | case BT_BOUND: | |
8ff52f7d | 1983 | s = rfcomm_check_connection(s); |
1da177e4 LT |
1984 | break; |
1985 | ||
1986 | default: | |
8ff52f7d | 1987 | s = rfcomm_process_rx(s); |
1da177e4 LT |
1988 | break; |
1989 | } | |
1990 | ||
8ff52f7d DJ |
1991 | if (s) |
1992 | rfcomm_process_dlcs(s); | |
1da177e4 LT |
1993 | |
1994 | rfcomm_session_put(s); | |
1995 | } | |
1996 | ||
1997 | rfcomm_unlock(); | |
1998 | } | |
1999 | ||
1da177e4 LT |
2000 | static int rfcomm_add_listener(bdaddr_t *ba) |
2001 | { | |
2002 | struct sockaddr_l2 addr; | |
2003 | struct socket *sock; | |
2004 | struct sock *sk; | |
2005 | struct rfcomm_session *s; | |
2006 | int err = 0; | |
2007 | ||
2008 | /* Create socket */ | |
2009 | err = rfcomm_l2sock_create(&sock); | |
8e87d142 | 2010 | if (err < 0) { |
1da177e4 LT |
2011 | BT_ERR("Create socket failed %d", err); |
2012 | return err; | |
2013 | } | |
2014 | ||
2015 | /* Bind socket */ | |
2016 | bacpy(&addr.l2_bdaddr, ba); | |
2017 | addr.l2_family = AF_BLUETOOTH; | |
5bcb8094 | 2018 | addr.l2_psm = __constant_cpu_to_le16(RFCOMM_PSM); |
37e62f55 | 2019 | addr.l2_cid = 0; |
48db9ca4 | 2020 | err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr)); |
1da177e4 LT |
2021 | if (err < 0) { |
2022 | BT_ERR("Bind failed %d", err); | |
2023 | goto failed; | |
2024 | } | |
2025 | ||
2026 | /* Set L2CAP options */ | |
2027 | sk = sock->sk; | |
2028 | lock_sock(sk); | |
0c1bc5c6 | 2029 | l2cap_pi(sk)->chan->imtu = l2cap_mtu; |
1da177e4 LT |
2030 | release_sock(sk); |
2031 | ||
2032 | /* Start listening on the socket */ | |
48db9ca4 | 2033 | err = kernel_listen(sock, 10); |
1da177e4 LT |
2034 | if (err) { |
2035 | BT_ERR("Listen failed %d", err); | |
2036 | goto failed; | |
2037 | } | |
2038 | ||
2039 | /* Add listening session */ | |
2040 | s = rfcomm_session_add(sock, BT_LISTEN); | |
2041 | if (!s) | |
2042 | goto failed; | |
2043 | ||
2044 | rfcomm_session_hold(s); | |
2045 | return 0; | |
2046 | failed: | |
2047 | sock_release(sock); | |
2048 | return err; | |
2049 | } | |
2050 | ||
2051 | static void rfcomm_kill_listener(void) | |
2052 | { | |
2053 | struct rfcomm_session *s; | |
2054 | struct list_head *p, *n; | |
2055 | ||
2056 | BT_DBG(""); | |
2057 | ||
2058 | list_for_each_safe(p, n, &session_list) { | |
2059 | s = list_entry(p, struct rfcomm_session, list); | |
2060 | rfcomm_session_del(s); | |
2061 | } | |
2062 | } | |
2063 | ||
2064 | static int rfcomm_run(void *unused) | |
2065 | { | |
a524eccc | 2066 | BT_DBG(""); |
1da177e4 | 2067 | |
1da177e4 | 2068 | set_user_nice(current, -10); |
1da177e4 | 2069 | |
1da177e4 LT |
2070 | rfcomm_add_listener(BDADDR_ANY); |
2071 | ||
e5842cdb | 2072 | while (1) { |
a524eccc | 2073 | set_current_state(TASK_INTERRUPTIBLE); |
e5842cdb PH |
2074 | |
2075 | if (kthread_should_stop()) | |
2076 | break; | |
a524eccc MH |
2077 | |
2078 | /* Process stuff */ | |
a524eccc | 2079 | rfcomm_process_sessions(); |
e5842cdb PH |
2080 | |
2081 | schedule(); | |
a524eccc | 2082 | } |
e5842cdb | 2083 | __set_current_state(TASK_RUNNING); |
1da177e4 LT |
2084 | |
2085 | rfcomm_kill_listener(); | |
2086 | ||
1da177e4 LT |
2087 | return 0; |
2088 | } | |
2089 | ||
8c1b2355 | 2090 | static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt) |
1da177e4 LT |
2091 | { |
2092 | struct rfcomm_session *s; | |
2093 | struct rfcomm_dlc *d; | |
2094 | struct list_head *p, *n; | |
2095 | ||
2096 | BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt); | |
2097 | ||
2098 | s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst); | |
2099 | if (!s) | |
2100 | return; | |
2101 | ||
2102 | rfcomm_session_hold(s); | |
2103 | ||
2104 | list_for_each_safe(p, n, &s->dlcs) { | |
2105 | d = list_entry(p, struct rfcomm_dlc, list); | |
2106 | ||
8c84b830 MH |
2107 | if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) { |
2108 | rfcomm_dlc_clear_timer(d); | |
2109 | if (status || encrypt == 0x00) { | |
db54467a | 2110 | set_bit(RFCOMM_ENC_DROP, &d->flags); |
8c84b830 MH |
2111 | continue; |
2112 | } | |
2113 | } | |
2114 | ||
2115 | if (d->state == BT_CONNECTED && !status && encrypt == 0x00) { | |
2116 | if (d->sec_level == BT_SECURITY_MEDIUM) { | |
2117 | set_bit(RFCOMM_SEC_PENDING, &d->flags); | |
2118 | rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); | |
2119 | continue; | |
2120 | } else if (d->sec_level == BT_SECURITY_HIGH) { | |
db54467a | 2121 | set_bit(RFCOMM_ENC_DROP, &d->flags); |
8c84b830 MH |
2122 | continue; |
2123 | } | |
9719f8af MH |
2124 | } |
2125 | ||
1da177e4 LT |
2126 | if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags)) |
2127 | continue; | |
2128 | ||
b3b1b061 | 2129 | if (!status && hci_conn_check_secure(conn, d->sec_level)) |
1da177e4 LT |
2130 | set_bit(RFCOMM_AUTH_ACCEPT, &d->flags); |
2131 | else | |
2132 | set_bit(RFCOMM_AUTH_REJECT, &d->flags); | |
2133 | } | |
2134 | ||
2135 | rfcomm_session_put(s); | |
2136 | ||
534c92fd | 2137 | rfcomm_schedule(); |
1da177e4 LT |
2138 | } |
2139 | ||
2140 | static struct hci_cb rfcomm_cb = { | |
2141 | .name = "RFCOMM", | |
8c1b2355 | 2142 | .security_cfm = rfcomm_security_cfm |
1da177e4 LT |
2143 | }; |
2144 | ||
aef7d97c | 2145 | static int rfcomm_dlc_debugfs_show(struct seq_file *f, void *x) |
1da177e4 LT |
2146 | { |
2147 | struct rfcomm_session *s; | |
1da177e4 LT |
2148 | |
2149 | rfcomm_lock(); | |
2150 | ||
8035ded4 LAD |
2151 | list_for_each_entry(s, &session_list, list) { |
2152 | struct rfcomm_dlc *d; | |
2153 | list_for_each_entry(d, &s->dlcs, list) { | |
be9d1227 | 2154 | struct sock *sk = s->sock->sk; |
1da177e4 | 2155 | |
fcb73338 AE |
2156 | seq_printf(f, "%pMR %pMR %ld %d %d %d %d\n", |
2157 | &bt_sk(sk)->src, &bt_sk(sk)->dst, | |
2158 | d->state, d->dlci, d->mtu, | |
2159 | d->rx_credits, d->tx_credits); | |
1da177e4 LT |
2160 | } |
2161 | } | |
1da177e4 | 2162 | |
1da177e4 | 2163 | rfcomm_unlock(); |
1da177e4 | 2164 | |
aef7d97c MH |
2165 | return 0; |
2166 | } | |
2167 | ||
2168 | static int rfcomm_dlc_debugfs_open(struct inode *inode, struct file *file) | |
2169 | { | |
2170 | return single_open(file, rfcomm_dlc_debugfs_show, inode->i_private); | |
1da177e4 LT |
2171 | } |
2172 | ||
aef7d97c MH |
2173 | static const struct file_operations rfcomm_dlc_debugfs_fops = { |
2174 | .open = rfcomm_dlc_debugfs_open, | |
2175 | .read = seq_read, | |
2176 | .llseek = seq_lseek, | |
2177 | .release = single_release, | |
2178 | }; | |
2179 | ||
2180 | static struct dentry *rfcomm_dlc_debugfs; | |
1da177e4 LT |
2181 | |
2182 | /* ---- Initialization ---- */ | |
2183 | static int __init rfcomm_init(void) | |
2184 | { | |
52d18347 | 2185 | int err; |
af0d3b10 | 2186 | |
1da177e4 LT |
2187 | hci_register_cb(&rfcomm_cb); |
2188 | ||
a524eccc MH |
2189 | rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd"); |
2190 | if (IS_ERR(rfcomm_thread)) { | |
52d18347 MH |
2191 | err = PTR_ERR(rfcomm_thread); |
2192 | goto unregister; | |
a524eccc | 2193 | } |
1da177e4 | 2194 | |
aef7d97c MH |
2195 | if (bt_debugfs) { |
2196 | rfcomm_dlc_debugfs = debugfs_create_file("rfcomm_dlc", 0444, | |
2197 | bt_debugfs, NULL, &rfcomm_dlc_debugfs_fops); | |
2198 | if (!rfcomm_dlc_debugfs) | |
2199 | BT_ERR("Failed to create RFCOMM debug file"); | |
2200 | } | |
1da177e4 | 2201 | |
52d18347 MH |
2202 | err = rfcomm_init_ttys(); |
2203 | if (err < 0) | |
2204 | goto stop; | |
1da177e4 | 2205 | |
52d18347 MH |
2206 | err = rfcomm_init_sockets(); |
2207 | if (err < 0) | |
2208 | goto cleanup; | |
1da177e4 | 2209 | |
be9d1227 MH |
2210 | BT_INFO("RFCOMM ver %s", VERSION); |
2211 | ||
1da177e4 | 2212 | return 0; |
af0d3b10 | 2213 | |
52d18347 | 2214 | cleanup: |
af0d3b10 | 2215 | rfcomm_cleanup_ttys(); |
52d18347 MH |
2216 | |
2217 | stop: | |
af0d3b10 | 2218 | kthread_stop(rfcomm_thread); |
52d18347 MH |
2219 | |
2220 | unregister: | |
af0d3b10 DY |
2221 | hci_unregister_cb(&rfcomm_cb); |
2222 | ||
52d18347 | 2223 | return err; |
1da177e4 LT |
2224 | } |
2225 | ||
2226 | static void __exit rfcomm_exit(void) | |
2227 | { | |
aef7d97c | 2228 | debugfs_remove(rfcomm_dlc_debugfs); |
be9d1227 | 2229 | |
1da177e4 LT |
2230 | hci_unregister_cb(&rfcomm_cb); |
2231 | ||
a524eccc | 2232 | kthread_stop(rfcomm_thread); |
1da177e4 | 2233 | |
1da177e4 | 2234 | rfcomm_cleanup_ttys(); |
1da177e4 LT |
2235 | |
2236 | rfcomm_cleanup_sockets(); | |
1da177e4 LT |
2237 | } |
2238 | ||
2239 | module_init(rfcomm_init); | |
2240 | module_exit(rfcomm_exit); | |
2241 | ||
7c2660b0 MH |
2242 | module_param(disable_cfc, bool, 0644); |
2243 | MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control"); | |
2244 | ||
98bcd08b MH |
2245 | module_param(channel_mtu, int, 0644); |
2246 | MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel"); | |
2247 | ||
56f3a40a MH |
2248 | module_param(l2cap_mtu, uint, 0644); |
2249 | MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection"); | |
2250 | ||
eae38eed MH |
2251 | module_param(l2cap_ertm, bool, 0644); |
2252 | MODULE_PARM_DESC(l2cap_ertm, "Use L2CAP ERTM mode for connection"); | |
2253 | ||
63fbd24e | 2254 | MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); |
1da177e4 LT |
2255 | MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION); |
2256 | MODULE_VERSION(VERSION); | |
2257 | MODULE_LICENSE("GPL"); | |
2258 | MODULE_ALIAS("bt-proto-3"); |