1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28#include <linux/module.h>
29#include <linux/debugfs.h>
30#include <linux/kthread.h>
31#include <asm/unaligned.h>
32
33#include <net/bluetooth/bluetooth.h>
34#include <net/bluetooth/hci_core.h>
35#include <net/bluetooth/l2cap.h>
36#include <net/bluetooth/rfcomm.h>
37
38#define VERSION "1.11"
39
40static bool disable_cfc;
41static bool l2cap_ertm;
42static int channel_mtu = -1;
43static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
44
45static struct task_struct *rfcomm_thread;
46
47static DEFINE_MUTEX(rfcomm_mutex);
48#define rfcomm_lock() mutex_lock(&rfcomm_mutex)
49#define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
50
51
52static LIST_HEAD(session_list);
53
54static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
55static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
56static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
57static int rfcomm_queue_disc(struct rfcomm_dlc *d);
58static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
59static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
60static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
61static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
62static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
63static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
64
65static void rfcomm_process_connect(struct rfcomm_session *s);
66
67static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
68 bdaddr_t *dst,
69 u8 sec_level,
70 int *err);
71static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
72static struct rfcomm_session *rfcomm_session_del(struct rfcomm_session *s);
73
74
75#define __get_dlci(b) ((b & 0xfc) >> 2)
76#define __get_channel(b) ((b & 0xf8) >> 3)
77#define __get_dir(b) ((b & 0x04) >> 2)
78#define __get_type(b) ((b & 0xef))
79
80#define __test_ea(b) ((b & 0x01))
81#define __test_cr(b) (!!(b & 0x02))
82#define __test_pf(b) (!!(b & 0x10))
83
84#define __session_dir(s) ((s)->initiator ? 0x00 : 0x01)
85
86#define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
87#define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
88#define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
89#define __srv_channel(dlci) (dlci >> 1)
90#define __dir(dlci) (dlci & 0x01)
91
92#define __len8(len) (((len) << 1) | 1)
93#define __len16(len) ((len) << 1)
94
95
96#define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
97#define __get_mcc_type(b) ((b & 0xfc) >> 2)
98#define __get_mcc_len(b) ((b & 0xfe) >> 1)
99
100
101#define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
102#define __get_rpn_data_bits(line) ((line) & 0x3)
103#define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
104#define __get_rpn_parity(line) (((line) >> 3) & 0x7)
105
106static DECLARE_WAIT_QUEUE_HEAD(rfcomm_wq);
107
108static void rfcomm_schedule(void)
109{
110 wake_up_all(&rfcomm_wq);
111}
112
113
114
115
116static unsigned char rfcomm_crc_table[256] = {
117 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
118 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
119 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
120 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
121
122 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
123 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
124 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
125 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
126
127 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
128 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
129 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
130 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
131
132 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
133 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
134 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
135 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
136
137 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
138 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
139 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
140 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
141
142 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
143 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
144 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
145 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
146
147 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
148 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
149 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
150 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
151
152 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
153 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
154 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
155 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
156};
157
158
159#define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
160
161
162static inline u8 __fcs(u8 *data)
163{
164 return 0xff - __crc(data);
165}
166
167
168static inline u8 __fcs2(u8 *data)
169{
170 return 0xff - rfcomm_crc_table[__crc(data) ^ data[2]];
171}
172
173
174static inline int __check_fcs(u8 *data, int type, u8 fcs)
175{
176 u8 f = __crc(data);
177
178 if (type != RFCOMM_UIH)
179 f = rfcomm_crc_table[f ^ data[2]];
180
181 return rfcomm_crc_table[f ^ fcs] != 0xcf;
182}
183
184
185static void rfcomm_l2state_change(struct sock *sk)
186{
187 BT_DBG("%p state %d", sk, sk->sk_state);
188 rfcomm_schedule();
189}
190
191static void rfcomm_l2data_ready(struct sock *sk)
192{
193 BT_DBG("%p", sk);
194 rfcomm_schedule();
195}
196
197static int rfcomm_l2sock_create(struct socket **sock)
198{
199 int err;
200
201 BT_DBG("");
202
203 err = sock_create_kern(&init_net, PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
204 if (!err) {
205 struct sock *sk = (*sock)->sk;
206 sk->sk_data_ready = rfcomm_l2data_ready;
207 sk->sk_state_change = rfcomm_l2state_change;
208 }
209 return err;
210}
211
212static int rfcomm_check_security(struct rfcomm_dlc *d)
213{
214 struct sock *sk = d->session->sock->sk;
215 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
216
217 __u8 auth_type;
218
219 switch (d->sec_level) {
220 case BT_SECURITY_HIGH:
221 case BT_SECURITY_FIPS:
222 auth_type = HCI_AT_GENERAL_BONDING_MITM;
223 break;
224 case BT_SECURITY_MEDIUM:
225 auth_type = HCI_AT_GENERAL_BONDING;
226 break;
227 default:
228 auth_type = HCI_AT_NO_BONDING;
229 break;
230 }
231
232 return hci_conn_security(conn->hcon, d->sec_level, auth_type,
233 d->out);
234}
235
236static void rfcomm_session_timeout(unsigned long arg)
237{
238 struct rfcomm_session *s = (void *) arg;
239
240 BT_DBG("session %p state %ld", s, s->state);
241
242 set_bit(RFCOMM_TIMED_OUT, &s->flags);
243 rfcomm_schedule();
244}
245
246static void rfcomm_session_set_timer(struct rfcomm_session *s, long timeout)
247{
248 BT_DBG("session %p state %ld timeout %ld", s, s->state, timeout);
249
250 mod_timer(&s->timer, jiffies + timeout);
251}
252
253static void rfcomm_session_clear_timer(struct rfcomm_session *s)
254{
255 BT_DBG("session %p state %ld", s, s->state);
256
257 del_timer_sync(&s->timer);
258}
259
260
261static void rfcomm_dlc_timeout(unsigned long arg)
262{
263 struct rfcomm_dlc *d = (void *) arg;
264
265 BT_DBG("dlc %p state %ld", d, d->state);
266
267 set_bit(RFCOMM_TIMED_OUT, &d->flags);
268 rfcomm_dlc_put(d);
269 rfcomm_schedule();
270}
271
272static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
273{
274 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
275
276 if (!mod_timer(&d->timer, jiffies + timeout))
277 rfcomm_dlc_hold(d);
278}
279
280static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
281{
282 BT_DBG("dlc %p state %ld", d, d->state);
283
284 if (del_timer(&d->timer))
285 rfcomm_dlc_put(d);
286}
287
288static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
289{
290 BT_DBG("%p", d);
291
292 d->state = BT_OPEN;
293 d->flags = 0;
294 d->mscex = 0;
295 d->sec_level = BT_SECURITY_LOW;
296 d->mtu = RFCOMM_DEFAULT_MTU;
297 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
298
299 d->cfc = RFCOMM_CFC_DISABLED;
300 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
301}
302
303struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
304{
305 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
306
307 if (!d)
308 return NULL;
309
310 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d);
311
312 skb_queue_head_init(&d->tx_queue);
313 mutex_init(&d->lock);
314 atomic_set(&d->refcnt, 1);
315
316 rfcomm_dlc_clear_state(d);
317
318 BT_DBG("%p", d);
319
320 return d;
321}
322
323void rfcomm_dlc_free(struct rfcomm_dlc *d)
324{
325 BT_DBG("%p", d);
326
327 skb_queue_purge(&d->tx_queue);
328 kfree(d);
329}
330
331static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
332{
333 BT_DBG("dlc %p session %p", d, s);
334
335 rfcomm_session_clear_timer(s);
336 rfcomm_dlc_hold(d);
337 list_add(&d->list, &s->dlcs);
338 d->session = s;
339}
340
341static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
342{
343 struct rfcomm_session *s = d->session;
344
345 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
346
347 list_del(&d->list);
348 d->session = NULL;
349 rfcomm_dlc_put(d);
350
351 if (list_empty(&s->dlcs))
352 rfcomm_session_set_timer(s, RFCOMM_IDLE_TIMEOUT);
353}
354
355static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
356{
357 struct rfcomm_dlc *d;
358
359 list_for_each_entry(d, &s->dlcs, list)
360 if (d->dlci == dlci)
361 return d;
362
363 return NULL;
364}
365
366static int rfcomm_check_channel(u8 channel)
367{
368 return channel < 1 || channel > 30;
369}
370
371static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
372{
373 struct rfcomm_session *s;
374 int err = 0;
375 u8 dlci;
376
377 BT_DBG("dlc %p state %ld %pMR -> %pMR channel %d",
378 d, d->state, src, dst, channel);
379
380 if (rfcomm_check_channel(channel))
381 return -EINVAL;
382
383 if (d->state != BT_OPEN && d->state != BT_CLOSED)
384 return 0;
385
386 s = rfcomm_session_get(src, dst);
387 if (!s) {
388 s = rfcomm_session_create(src, dst, d->sec_level, &err);
389 if (!s)
390 return err;
391 }
392
393 dlci = __dlci(__session_dir(s), channel);
394
395
396 if (rfcomm_dlc_get(s, dlci))
397 return -EBUSY;
398
399 rfcomm_dlc_clear_state(d);
400
401 d->dlci = dlci;
402 d->addr = __addr(s->initiator, dlci);
403 d->priority = 7;
404
405 d->state = BT_CONFIG;
406 rfcomm_dlc_link(s, d);
407
408 d->out = 1;
409
410 d->mtu = s->mtu;
411 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
412
413 if (s->state == BT_CONNECTED) {
414 if (rfcomm_check_security(d))
415 rfcomm_send_pn(s, 1, d);
416 else
417 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
418 }
419
420 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
421
422 return 0;
423}
424
425int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
426{
427 int r;
428
429 rfcomm_lock();
430
431 r = __rfcomm_dlc_open(d, src, dst, channel);
432
433 rfcomm_unlock();
434 return r;
435}
436
437static void __rfcomm_dlc_disconn(struct rfcomm_dlc *d)
438{
439 struct rfcomm_session *s = d->session;
440
441 d->state = BT_DISCONN;
442 if (skb_queue_empty(&d->tx_queue)) {
443 rfcomm_send_disc(s, d->dlci);
444 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
445 } else {
446 rfcomm_queue_disc(d);
447 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
448 }
449}
450
451static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
452{
453 struct rfcomm_session *s = d->session;
454 if (!s)
455 return 0;
456
457 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
458 d, d->state, d->dlci, err, s);
459
460 switch (d->state) {
461 case BT_CONNECT:
462 case BT_CONFIG:
463 case BT_OPEN:
464 case BT_CONNECT2:
465 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
466 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
467 rfcomm_schedule();
468 return 0;
469 }
470 }
471
472 switch (d->state) {
473 case BT_CONNECT:
474 case BT_CONNECTED:
475 __rfcomm_dlc_disconn(d);
476 break;
477
478 case BT_CONFIG:
479 if (s->state != BT_BOUND) {
480 __rfcomm_dlc_disconn(d);
481 break;
482 }
483
484
485
486
487 default:
488 rfcomm_dlc_clear_timer(d);
489
490 rfcomm_dlc_lock(d);
491 d->state = BT_CLOSED;
492 d->state_change(d, err);
493 rfcomm_dlc_unlock(d);
494
495 skb_queue_purge(&d->tx_queue);
496 rfcomm_dlc_unlink(d);
497 }
498
499 return 0;
500}
501
502int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
503{
504 int r = 0;
505 struct rfcomm_dlc *d_list;
506 struct rfcomm_session *s, *s_list;
507
508 BT_DBG("dlc %p state %ld dlci %d err %d", d, d->state, d->dlci, err);
509
510 rfcomm_lock();
511
512 s = d->session;
513 if (!s)
514 goto no_session;
515
516
517
518
519 list_for_each_entry(s_list, &session_list, list) {
520 if (s_list == s) {
521 list_for_each_entry(d_list, &s->dlcs, list) {
522 if (d_list == d) {
523 r = __rfcomm_dlc_close(d, err);
524 break;
525 }
526 }
527 break;
528 }
529 }
530
531no_session:
532 rfcomm_unlock();
533 return r;
534}
535
536struct rfcomm_dlc *rfcomm_dlc_exists(bdaddr_t *src, bdaddr_t *dst, u8 channel)
537{
538 struct rfcomm_session *s;
539 struct rfcomm_dlc *dlc = NULL;
540 u8 dlci;
541
542 if (rfcomm_check_channel(channel))
543 return ERR_PTR(-EINVAL);
544
545 rfcomm_lock();
546 s = rfcomm_session_get(src, dst);
547 if (s) {
548 dlci = __dlci(__session_dir(s), channel);
549 dlc = rfcomm_dlc_get(s, dlci);
550 }
551 rfcomm_unlock();
552 return dlc;
553}
554
555int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
556{
557 int len = skb->len;
558
559 if (d->state != BT_CONNECTED)
560 return -ENOTCONN;
561
562 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
563
564 if (len > d->mtu)
565 return -EINVAL;
566
567 rfcomm_make_uih(skb, d->addr);
568 skb_queue_tail(&d->tx_queue, skb);
569
570 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
571 rfcomm_schedule();
572 return len;
573}
574
575void rfcomm_dlc_send_noerror(struct rfcomm_dlc *d, struct sk_buff *skb)
576{
577 int len = skb->len;
578
579 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
580
581 rfcomm_make_uih(skb, d->addr);
582 skb_queue_tail(&d->tx_queue, skb);
583
584 if (d->state == BT_CONNECTED &&
585 !test_bit(RFCOMM_TX_THROTTLED, &d->flags))
586 rfcomm_schedule();
587}
588
589void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
590{
591 BT_DBG("dlc %p state %ld", d, d->state);
592
593 if (!d->cfc) {
594 d->v24_sig |= RFCOMM_V24_FC;
595 set_bit(RFCOMM_MSC_PENDING, &d->flags);
596 }
597 rfcomm_schedule();
598}
599
600void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
601{
602 BT_DBG("dlc %p state %ld", d, d->state);
603
604 if (!d->cfc) {
605 d->v24_sig &= ~RFCOMM_V24_FC;
606 set_bit(RFCOMM_MSC_PENDING, &d->flags);
607 }
608 rfcomm_schedule();
609}
610
611
612
613
614
615
616int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
617{
618 BT_DBG("dlc %p state %ld v24_sig 0x%x",
619 d, d->state, v24_sig);
620
621 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
622 v24_sig |= RFCOMM_V24_FC;
623 else
624 v24_sig &= ~RFCOMM_V24_FC;
625
626 d->v24_sig = v24_sig;
627
628 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
629 rfcomm_schedule();
630
631 return 0;
632}
633
634int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
635{
636 BT_DBG("dlc %p state %ld v24_sig 0x%x",
637 d, d->state, d->v24_sig);
638
639 *v24_sig = d->v24_sig;
640 return 0;
641}
642
643
644static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
645{
646 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
647
648 if (!s)
649 return NULL;
650
651 BT_DBG("session %p sock %p", s, sock);
652
653 setup_timer(&s->timer, rfcomm_session_timeout, (unsigned long) s);
654
655 INIT_LIST_HEAD(&s->dlcs);
656 s->state = state;
657 s->sock = sock;
658
659 s->mtu = RFCOMM_DEFAULT_MTU;
660 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
661
662
663
664 if (state != BT_LISTEN)
665 if (!try_module_get(THIS_MODULE)) {
666 kfree(s);
667 return NULL;
668 }
669
670 list_add(&s->list, &session_list);
671
672 return s;
673}
674
675static struct rfcomm_session *rfcomm_session_del(struct rfcomm_session *s)
676{
677 int state = s->state;
678
679 BT_DBG("session %p state %ld", s, s->state);
680
681 list_del(&s->list);
682
683 rfcomm_session_clear_timer(s);
684 sock_release(s->sock);
685 kfree(s);
686
687 if (state != BT_LISTEN)
688 module_put(THIS_MODULE);
689
690 return NULL;
691}
692
693static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
694{
695 struct rfcomm_session *s;
696 struct list_head *p, *n;
697 struct l2cap_chan *chan;
698 list_for_each_safe(p, n, &session_list) {
699 s = list_entry(p, struct rfcomm_session, list);
700 chan = l2cap_pi(s->sock->sk)->chan;
701
702 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&chan->src, src)) &&
703 !bacmp(&chan->dst, dst))
704 return s;
705 }
706 return NULL;
707}
708
709static struct rfcomm_session *rfcomm_session_close(struct rfcomm_session *s,
710 int err)
711{
712 struct rfcomm_dlc *d;
713 struct list_head *p, *n;
714
715 s->state = BT_CLOSED;
716
717 BT_DBG("session %p state %ld err %d", s, s->state, err);
718
719
720 list_for_each_safe(p, n, &s->dlcs) {
721 d = list_entry(p, struct rfcomm_dlc, list);
722 d->state = BT_CLOSED;
723 __rfcomm_dlc_close(d, err);
724 }
725
726 rfcomm_session_clear_timer(s);
727 return rfcomm_session_del(s);
728}
729
730static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
731 bdaddr_t *dst,
732 u8 sec_level,
733 int *err)
734{
735 struct rfcomm_session *s = NULL;
736 struct sockaddr_l2 addr;
737 struct socket *sock;
738 struct sock *sk;
739
740 BT_DBG("%pMR -> %pMR", src, dst);
741
742 *err = rfcomm_l2sock_create(&sock);
743 if (*err < 0)
744 return NULL;
745
746 bacpy(&addr.l2_bdaddr, src);
747 addr.l2_family = AF_BLUETOOTH;
748 addr.l2_psm = 0;
749 addr.l2_cid = 0;
750 addr.l2_bdaddr_type = BDADDR_BREDR;
751 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
752 if (*err < 0)
753 goto failed;
754
755
756 sk = sock->sk;
757 lock_sock(sk);
758 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
759 l2cap_pi(sk)->chan->sec_level = sec_level;
760 if (l2cap_ertm)
761 l2cap_pi(sk)->chan->mode = L2CAP_MODE_ERTM;
762 release_sock(sk);
763
764 s = rfcomm_session_add(sock, BT_BOUND);
765 if (!s) {
766 *err = -ENOMEM;
767 goto failed;
768 }
769
770 s->initiator = 1;
771
772 bacpy(&addr.l2_bdaddr, dst);
773 addr.l2_family = AF_BLUETOOTH;
774 addr.l2_psm = cpu_to_le16(L2CAP_PSM_RFCOMM);
775 addr.l2_cid = 0;
776 addr.l2_bdaddr_type = BDADDR_BREDR;
777 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
778 if (*err == 0 || *err == -EINPROGRESS)
779 return s;
780
781 return rfcomm_session_del(s);
782
783failed:
784 sock_release(sock);
785 return NULL;
786}
787
788void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
789{
790 struct l2cap_chan *chan = l2cap_pi(s->sock->sk)->chan;
791 if (src)
792 bacpy(src, &chan->src);
793 if (dst)
794 bacpy(dst, &chan->dst);
795}
796
797
798static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
799{
800 struct kvec iv = { data, len };
801 struct msghdr msg;
802
803 BT_DBG("session %p len %d", s, len);
804
805 memset(&msg, 0, sizeof(msg));
806
807 return kernel_sendmsg(s->sock, &msg, &iv, 1, len);
808}
809
810static int rfcomm_send_cmd(struct rfcomm_session *s, struct rfcomm_cmd *cmd)
811{
812 BT_DBG("%p cmd %u", s, cmd->ctrl);
813
814 return rfcomm_send_frame(s, (void *) cmd, sizeof(*cmd));
815}
816
817static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
818{
819 struct rfcomm_cmd cmd;
820
821 BT_DBG("%p dlci %d", s, dlci);
822
823 cmd.addr = __addr(s->initiator, dlci);
824 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
825 cmd.len = __len8(0);
826 cmd.fcs = __fcs2((u8 *) &cmd);
827
828 return rfcomm_send_cmd(s, &cmd);
829}
830
831static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
832{
833 struct rfcomm_cmd cmd;
834
835 BT_DBG("%p dlci %d", s, dlci);
836
837 cmd.addr = __addr(!s->initiator, dlci);
838 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
839 cmd.len = __len8(0);
840 cmd.fcs = __fcs2((u8 *) &cmd);
841
842 return rfcomm_send_cmd(s, &cmd);
843}
844
845static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
846{
847 struct rfcomm_cmd cmd;
848
849 BT_DBG("%p dlci %d", s, dlci);
850
851 cmd.addr = __addr(s->initiator, dlci);
852 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
853 cmd.len = __len8(0);
854 cmd.fcs = __fcs2((u8 *) &cmd);
855
856 return rfcomm_send_cmd(s, &cmd);
857}
858
859static int rfcomm_queue_disc(struct rfcomm_dlc *d)
860{
861 struct rfcomm_cmd *cmd;
862 struct sk_buff *skb;
863
864 BT_DBG("dlc %p dlci %d", d, d->dlci);
865
866 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
867 if (!skb)
868 return -ENOMEM;
869
870 cmd = (void *) __skb_put(skb, sizeof(*cmd));
871 cmd->addr = d->addr;
872 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
873 cmd->len = __len8(0);
874 cmd->fcs = __fcs2((u8 *) cmd);
875
876 skb_queue_tail(&d->tx_queue, skb);
877 rfcomm_schedule();
878 return 0;
879}
880
881static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
882{
883 struct rfcomm_cmd cmd;
884
885 BT_DBG("%p dlci %d", s, dlci);
886
887 cmd.addr = __addr(!s->initiator, dlci);
888 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
889 cmd.len = __len8(0);
890 cmd.fcs = __fcs2((u8 *) &cmd);
891
892 return rfcomm_send_cmd(s, &cmd);
893}
894
895static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
896{
897 struct rfcomm_hdr *hdr;
898 struct rfcomm_mcc *mcc;
899 u8 buf[16], *ptr = buf;
900
901 BT_DBG("%p cr %d type %d", s, cr, type);
902
903 hdr = (void *) ptr; ptr += sizeof(*hdr);
904 hdr->addr = __addr(s->initiator, 0);
905 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
906 hdr->len = __len8(sizeof(*mcc) + 1);
907
908 mcc = (void *) ptr; ptr += sizeof(*mcc);
909 mcc->type = __mcc_type(0, RFCOMM_NSC);
910 mcc->len = __len8(1);
911
912
913 *ptr = __mcc_type(cr, type); ptr++;
914
915 *ptr = __fcs(buf); ptr++;
916
917 return rfcomm_send_frame(s, buf, ptr - buf);
918}
919
920static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
921{
922 struct rfcomm_hdr *hdr;
923 struct rfcomm_mcc *mcc;
924 struct rfcomm_pn *pn;
925 u8 buf[16], *ptr = buf;
926
927 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
928
929 hdr = (void *) ptr; ptr += sizeof(*hdr);
930 hdr->addr = __addr(s->initiator, 0);
931 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
932 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
933
934 mcc = (void *) ptr; ptr += sizeof(*mcc);
935 mcc->type = __mcc_type(cr, RFCOMM_PN);
936 mcc->len = __len8(sizeof(*pn));
937
938 pn = (void *) ptr; ptr += sizeof(*pn);
939 pn->dlci = d->dlci;
940 pn->priority = d->priority;
941 pn->ack_timer = 0;
942 pn->max_retrans = 0;
943
944 if (s->cfc) {
945 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
946 pn->credits = RFCOMM_DEFAULT_CREDITS;
947 } else {
948 pn->flow_ctrl = 0;
949 pn->credits = 0;
950 }
951
952 if (cr && channel_mtu >= 0)
953 pn->mtu = cpu_to_le16(channel_mtu);
954 else
955 pn->mtu = cpu_to_le16(d->mtu);
956
957 *ptr = __fcs(buf); ptr++;
958
959 return rfcomm_send_frame(s, buf, ptr - buf);
960}
961
962int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
963 u8 bit_rate, u8 data_bits, u8 stop_bits,
964 u8 parity, u8 flow_ctrl_settings,
965 u8 xon_char, u8 xoff_char, u16 param_mask)
966{
967 struct rfcomm_hdr *hdr;
968 struct rfcomm_mcc *mcc;
969 struct rfcomm_rpn *rpn;
970 u8 buf[16], *ptr = buf;
971
972 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
973 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
974 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
975 flow_ctrl_settings, xon_char, xoff_char, param_mask);
976
977 hdr = (void *) ptr; ptr += sizeof(*hdr);
978 hdr->addr = __addr(s->initiator, 0);
979 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
980 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
981
982 mcc = (void *) ptr; ptr += sizeof(*mcc);
983 mcc->type = __mcc_type(cr, RFCOMM_RPN);
984 mcc->len = __len8(sizeof(*rpn));
985
986 rpn = (void *) ptr; ptr += sizeof(*rpn);
987 rpn->dlci = __addr(1, dlci);
988 rpn->bit_rate = bit_rate;
989 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
990 rpn->flow_ctrl = flow_ctrl_settings;
991 rpn->xon_char = xon_char;
992 rpn->xoff_char = xoff_char;
993 rpn->param_mask = cpu_to_le16(param_mask);
994
995 *ptr = __fcs(buf); ptr++;
996
997 return rfcomm_send_frame(s, buf, ptr - buf);
998}
999
1000static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
1001{
1002 struct rfcomm_hdr *hdr;
1003 struct rfcomm_mcc *mcc;
1004 struct rfcomm_rls *rls;
1005 u8 buf[16], *ptr = buf;
1006
1007 BT_DBG("%p cr %d status 0x%x", s, cr, status);
1008
1009 hdr = (void *) ptr; ptr += sizeof(*hdr);
1010 hdr->addr = __addr(s->initiator, 0);
1011 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1012 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
1013
1014 mcc = (void *) ptr; ptr += sizeof(*mcc);
1015 mcc->type = __mcc_type(cr, RFCOMM_RLS);
1016 mcc->len = __len8(sizeof(*rls));
1017
1018 rls = (void *) ptr; ptr += sizeof(*rls);
1019 rls->dlci = __addr(1, dlci);
1020 rls->status = status;
1021
1022 *ptr = __fcs(buf); ptr++;
1023
1024 return rfcomm_send_frame(s, buf, ptr - buf);
1025}
1026
1027static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
1028{
1029 struct rfcomm_hdr *hdr;
1030 struct rfcomm_mcc *mcc;
1031 struct rfcomm_msc *msc;
1032 u8 buf[16], *ptr = buf;
1033
1034 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
1035
1036 hdr = (void *) ptr; ptr += sizeof(*hdr);
1037 hdr->addr = __addr(s->initiator, 0);
1038 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1039 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
1040
1041 mcc = (void *) ptr; ptr += sizeof(*mcc);
1042 mcc->type = __mcc_type(cr, RFCOMM_MSC);
1043 mcc->len = __len8(sizeof(*msc));
1044
1045 msc = (void *) ptr; ptr += sizeof(*msc);
1046 msc->dlci = __addr(1, dlci);
1047 msc->v24_sig = v24_sig | 0x01;
1048
1049 *ptr = __fcs(buf); ptr++;
1050
1051 return rfcomm_send_frame(s, buf, ptr - buf);
1052}
1053
1054static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
1055{
1056 struct rfcomm_hdr *hdr;
1057 struct rfcomm_mcc *mcc;
1058 u8 buf[16], *ptr = buf;
1059
1060 BT_DBG("%p cr %d", s, cr);
1061
1062 hdr = (void *) ptr; ptr += sizeof(*hdr);
1063 hdr->addr = __addr(s->initiator, 0);
1064 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1065 hdr->len = __len8(sizeof(*mcc));
1066
1067 mcc = (void *) ptr; ptr += sizeof(*mcc);
1068 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
1069 mcc->len = __len8(0);
1070
1071 *ptr = __fcs(buf); ptr++;
1072
1073 return rfcomm_send_frame(s, buf, ptr - buf);
1074}
1075
1076static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
1077{
1078 struct rfcomm_hdr *hdr;
1079 struct rfcomm_mcc *mcc;
1080 u8 buf[16], *ptr = buf;
1081
1082 BT_DBG("%p cr %d", s, cr);
1083
1084 hdr = (void *) ptr; ptr += sizeof(*hdr);
1085 hdr->addr = __addr(s->initiator, 0);
1086 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1087 hdr->len = __len8(sizeof(*mcc));
1088
1089 mcc = (void *) ptr; ptr += sizeof(*mcc);
1090 mcc->type = __mcc_type(cr, RFCOMM_FCON);
1091 mcc->len = __len8(0);
1092
1093 *ptr = __fcs(buf); ptr++;
1094
1095 return rfcomm_send_frame(s, buf, ptr - buf);
1096}
1097
1098static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
1099{
1100 struct socket *sock = s->sock;
1101 struct kvec iv[3];
1102 struct msghdr msg;
1103 unsigned char hdr[5], crc[1];
1104
1105 if (len > 125)
1106 return -EINVAL;
1107
1108 BT_DBG("%p cr %d", s, cr);
1109
1110 hdr[0] = __addr(s->initiator, 0);
1111 hdr[1] = __ctrl(RFCOMM_UIH, 0);
1112 hdr[2] = 0x01 | ((len + 2) << 1);
1113 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
1114 hdr[4] = 0x01 | (len << 1);
1115
1116 crc[0] = __fcs(hdr);
1117
1118 iv[0].iov_base = hdr;
1119 iv[0].iov_len = 5;
1120 iv[1].iov_base = pattern;
1121 iv[1].iov_len = len;
1122 iv[2].iov_base = crc;
1123 iv[2].iov_len = 1;
1124
1125 memset(&msg, 0, sizeof(msg));
1126
1127 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
1128}
1129
1130static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
1131{
1132 struct rfcomm_hdr *hdr;
1133 u8 buf[16], *ptr = buf;
1134
1135 BT_DBG("%p addr %d credits %d", s, addr, credits);
1136
1137 hdr = (void *) ptr; ptr += sizeof(*hdr);
1138 hdr->addr = addr;
1139 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1140 hdr->len = __len8(0);
1141
1142 *ptr = credits; ptr++;
1143
1144 *ptr = __fcs(buf); ptr++;
1145
1146 return rfcomm_send_frame(s, buf, ptr - buf);
1147}
1148
1149static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1150{
1151 struct rfcomm_hdr *hdr;
1152 int len = skb->len;
1153 u8 *crc;
1154
1155 if (len > 127) {
1156 hdr = (void *) skb_push(skb, 4);
1157 put_unaligned(cpu_to_le16(__len16(len)), (__le16 *) &hdr->len);
1158 } else {
1159 hdr = (void *) skb_push(skb, 3);
1160 hdr->len = __len8(len);
1161 }
1162 hdr->addr = addr;
1163 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1164
1165 crc = skb_put(skb, 1);
1166 *crc = __fcs((void *) hdr);
1167}
1168
1169
1170static struct rfcomm_session *rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1171{
1172 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1173
1174 if (dlci) {
1175
1176 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1177 if (!d) {
1178 rfcomm_send_dm(s, dlci);
1179 return s;
1180 }
1181
1182 switch (d->state) {
1183 case BT_CONNECT:
1184 rfcomm_dlc_clear_timer(d);
1185
1186 rfcomm_dlc_lock(d);
1187 d->state = BT_CONNECTED;
1188 d->state_change(d, 0);
1189 rfcomm_dlc_unlock(d);
1190
1191 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1192 break;
1193
1194 case BT_DISCONN:
1195 d->state = BT_CLOSED;
1196 __rfcomm_dlc_close(d, 0);
1197
1198 if (list_empty(&s->dlcs)) {
1199 s->state = BT_DISCONN;
1200 rfcomm_send_disc(s, 0);
1201 rfcomm_session_clear_timer(s);
1202 }
1203
1204 break;
1205 }
1206 } else {
1207
1208 switch (s->state) {
1209 case BT_CONNECT:
1210 s->state = BT_CONNECTED;
1211 rfcomm_process_connect(s);
1212 break;
1213
1214 case BT_DISCONN:
1215 s = rfcomm_session_close(s, ECONNRESET);
1216 break;
1217 }
1218 }
1219 return s;
1220}
1221
1222static struct rfcomm_session *rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1223{
1224 int err = 0;
1225
1226 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1227
1228 if (dlci) {
1229
1230 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1231 if (d) {
1232 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1233 err = ECONNREFUSED;
1234 else
1235 err = ECONNRESET;
1236
1237 d->state = BT_CLOSED;
1238 __rfcomm_dlc_close(d, err);
1239 }
1240 } else {
1241 if (s->state == BT_CONNECT)
1242 err = ECONNREFUSED;
1243 else
1244 err = ECONNRESET;
1245
1246 s = rfcomm_session_close(s, err);
1247 }
1248 return s;
1249}
1250
1251static struct rfcomm_session *rfcomm_recv_disc(struct rfcomm_session *s,
1252 u8 dlci)
1253{
1254 int err = 0;
1255
1256 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1257
1258 if (dlci) {
1259 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1260 if (d) {
1261 rfcomm_send_ua(s, dlci);
1262
1263 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1264 err = ECONNREFUSED;
1265 else
1266 err = ECONNRESET;
1267
1268 d->state = BT_CLOSED;
1269 __rfcomm_dlc_close(d, err);
1270 } else
1271 rfcomm_send_dm(s, dlci);
1272
1273 } else {
1274 rfcomm_send_ua(s, 0);
1275
1276 if (s->state == BT_CONNECT)
1277 err = ECONNREFUSED;
1278 else
1279 err = ECONNRESET;
1280
1281 s = rfcomm_session_close(s, err);
1282 }
1283 return s;
1284}
1285
1286void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1287{
1288 struct sock *sk = d->session->sock->sk;
1289 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
1290
1291 BT_DBG("dlc %p", d);
1292
1293 rfcomm_send_ua(d->session, d->dlci);
1294
1295 rfcomm_dlc_clear_timer(d);
1296
1297 rfcomm_dlc_lock(d);
1298 d->state = BT_CONNECTED;
1299 d->state_change(d, 0);
1300 rfcomm_dlc_unlock(d);
1301
1302 if (d->role_switch)
1303 hci_conn_switch_role(conn->hcon, 0x00);
1304
1305 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1306}
1307
1308static void rfcomm_check_accept(struct rfcomm_dlc *d)
1309{
1310 if (rfcomm_check_security(d)) {
1311 if (d->defer_setup) {
1312 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1313 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1314
1315 rfcomm_dlc_lock(d);
1316 d->state = BT_CONNECT2;
1317 d->state_change(d, 0);
1318 rfcomm_dlc_unlock(d);
1319 } else
1320 rfcomm_dlc_accept(d);
1321 } else {
1322 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1323 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1324 }
1325}
1326
1327static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1328{
1329 struct rfcomm_dlc *d;
1330 u8 channel;
1331
1332 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1333
1334 if (!dlci) {
1335 rfcomm_send_ua(s, 0);
1336
1337 if (s->state == BT_OPEN) {
1338 s->state = BT_CONNECTED;
1339 rfcomm_process_connect(s);
1340 }
1341 return 0;
1342 }
1343
1344
1345 d = rfcomm_dlc_get(s, dlci);
1346 if (d) {
1347 if (d->state == BT_OPEN) {
1348
1349 rfcomm_check_accept(d);
1350 }
1351 return 0;
1352 }
1353
1354
1355 channel = __srv_channel(dlci);
1356 if (rfcomm_connect_ind(s, channel, &d)) {
1357 d->dlci = dlci;
1358 d->addr = __addr(s->initiator, dlci);
1359 rfcomm_dlc_link(s, d);
1360
1361 rfcomm_check_accept(d);
1362 } else {
1363 rfcomm_send_dm(s, dlci);
1364 }
1365
1366 return 0;
1367}
1368
1369static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1370{
1371 struct rfcomm_session *s = d->session;
1372
1373 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1374 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1375
1376 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1377 pn->flow_ctrl == 0xe0) {
1378 d->cfc = RFCOMM_CFC_ENABLED;
1379 d->tx_credits = pn->credits;
1380 } else {
1381 d->cfc = RFCOMM_CFC_DISABLED;
1382 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1383 }
1384
1385 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1386 s->cfc = d->cfc;
1387
1388 d->priority = pn->priority;
1389
1390 d->mtu = __le16_to_cpu(pn->mtu);
1391
1392 if (cr && d->mtu > s->mtu)
1393 d->mtu = s->mtu;
1394
1395 return 0;
1396}
1397
1398static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1399{
1400 struct rfcomm_pn *pn = (void *) skb->data;
1401 struct rfcomm_dlc *d;
1402 u8 dlci = pn->dlci;
1403
1404 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1405
1406 if (!dlci)
1407 return 0;
1408
1409 d = rfcomm_dlc_get(s, dlci);
1410 if (d) {
1411 if (cr) {
1412
1413 rfcomm_apply_pn(d, cr, pn);
1414 rfcomm_send_pn(s, 0, d);
1415 } else {
1416
1417 switch (d->state) {
1418 case BT_CONFIG:
1419 rfcomm_apply_pn(d, cr, pn);
1420
1421 d->state = BT_CONNECT;
1422 rfcomm_send_sabm(s, d->dlci);
1423 break;
1424 }
1425 }
1426 } else {
1427 u8 channel = __srv_channel(dlci);
1428
1429 if (!cr)
1430 return 0;
1431
1432
1433
1434 if (rfcomm_connect_ind(s, channel, &d)) {
1435 d->dlci = dlci;
1436 d->addr = __addr(s->initiator, dlci);
1437 rfcomm_dlc_link(s, d);
1438
1439 rfcomm_apply_pn(d, cr, pn);
1440
1441 d->state = BT_OPEN;
1442 rfcomm_send_pn(s, 0, d);
1443 } else {
1444 rfcomm_send_dm(s, dlci);
1445 }
1446 }
1447 return 0;
1448}
1449
1450static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1451{
1452 struct rfcomm_rpn *rpn = (void *) skb->data;
1453 u8 dlci = __get_dlci(rpn->dlci);
1454
1455 u8 bit_rate = 0;
1456 u8 data_bits = 0;
1457 u8 stop_bits = 0;
1458 u8 parity = 0;
1459 u8 flow_ctrl = 0;
1460 u8 xon_char = 0;
1461 u8 xoff_char = 0;
1462 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1463
1464 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1465 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1466 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1467
1468 if (!cr)
1469 return 0;
1470
1471 if (len == 1) {
1472
1473 bit_rate = RFCOMM_RPN_BR_9600;
1474 data_bits = RFCOMM_RPN_DATA_8;
1475 stop_bits = RFCOMM_RPN_STOP_1;
1476 parity = RFCOMM_RPN_PARITY_NONE;
1477 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1478 xon_char = RFCOMM_RPN_XON_CHAR;
1479 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1480 goto rpn_out;
1481 }
1482
1483
1484
1485
1486 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1487 bit_rate = rpn->bit_rate;
1488 if (bit_rate > RFCOMM_RPN_BR_230400) {
1489 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1490 bit_rate = RFCOMM_RPN_BR_9600;
1491 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1492 }
1493 }
1494
1495 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
1496 data_bits = __get_rpn_data_bits(rpn->line_settings);
1497 if (data_bits != RFCOMM_RPN_DATA_8) {
1498 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1499 data_bits = RFCOMM_RPN_DATA_8;
1500 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1501 }
1502 }
1503
1504 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
1505 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1506 if (stop_bits != RFCOMM_RPN_STOP_1) {
1507 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1508 stop_bits = RFCOMM_RPN_STOP_1;
1509 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1510 }
1511 }
1512
1513 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
1514 parity = __get_rpn_parity(rpn->line_settings);
1515 if (parity != RFCOMM_RPN_PARITY_NONE) {
1516 BT_DBG("RPN parity mismatch 0x%x", parity);
1517 parity = RFCOMM_RPN_PARITY_NONE;
1518 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1519 }
1520 }
1521
1522 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
1523 flow_ctrl = rpn->flow_ctrl;
1524 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1525 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1526 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1527 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1528 }
1529 }
1530
1531 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
1532 xon_char = rpn->xon_char;
1533 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1534 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1535 xon_char = RFCOMM_RPN_XON_CHAR;
1536 rpn_mask ^= RFCOMM_RPN_PM_XON;
1537 }
1538 }
1539
1540 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
1541 xoff_char = rpn->xoff_char;
1542 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1543 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1544 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1545 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1546 }
1547 }
1548
1549rpn_out:
1550 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1551 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1552
1553 return 0;
1554}
1555
1556static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1557{
1558 struct rfcomm_rls *rls = (void *) skb->data;
1559 u8 dlci = __get_dlci(rls->dlci);
1560
1561 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1562
1563 if (!cr)
1564 return 0;
1565
1566
1567
1568
1569
1570 rfcomm_send_rls(s, 0, dlci, rls->status);
1571
1572 return 0;
1573}
1574
1575static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1576{
1577 struct rfcomm_msc *msc = (void *) skb->data;
1578 struct rfcomm_dlc *d;
1579 u8 dlci = __get_dlci(msc->dlci);
1580
1581 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1582
1583 d = rfcomm_dlc_get(s, dlci);
1584 if (!d)
1585 return 0;
1586
1587 if (cr) {
1588 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1589 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1590 else
1591 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1592
1593 rfcomm_dlc_lock(d);
1594
1595 d->remote_v24_sig = msc->v24_sig;
1596
1597 if (d->modem_status)
1598 d->modem_status(d, msc->v24_sig);
1599
1600 rfcomm_dlc_unlock(d);
1601
1602 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1603
1604 d->mscex |= RFCOMM_MSCEX_RX;
1605 } else
1606 d->mscex |= RFCOMM_MSCEX_TX;
1607
1608 return 0;
1609}
1610
1611static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1612{
1613 struct rfcomm_mcc *mcc = (void *) skb->data;
1614 u8 type, cr, len;
1615
1616 cr = __test_cr(mcc->type);
1617 type = __get_mcc_type(mcc->type);
1618 len = __get_mcc_len(mcc->len);
1619
1620 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1621
1622 skb_pull(skb, 2);
1623
1624 switch (type) {
1625 case RFCOMM_PN:
1626 rfcomm_recv_pn(s, cr, skb);
1627 break;
1628
1629 case RFCOMM_RPN:
1630 rfcomm_recv_rpn(s, cr, len, skb);
1631 break;
1632
1633 case RFCOMM_RLS:
1634 rfcomm_recv_rls(s, cr, skb);
1635 break;
1636
1637 case RFCOMM_MSC:
1638 rfcomm_recv_msc(s, cr, skb);
1639 break;
1640
1641 case RFCOMM_FCOFF:
1642 if (cr) {
1643 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1644 rfcomm_send_fcoff(s, 0);
1645 }
1646 break;
1647
1648 case RFCOMM_FCON:
1649 if (cr) {
1650 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1651 rfcomm_send_fcon(s, 0);
1652 }
1653 break;
1654
1655 case RFCOMM_TEST:
1656 if (cr)
1657 rfcomm_send_test(s, 0, skb->data, skb->len);
1658 break;
1659
1660 case RFCOMM_NSC:
1661 break;
1662
1663 default:
1664 BT_ERR("Unknown control type 0x%02x", type);
1665 rfcomm_send_nsc(s, cr, type);
1666 break;
1667 }
1668 return 0;
1669}
1670
1671static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1672{
1673 struct rfcomm_dlc *d;
1674
1675 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1676
1677 d = rfcomm_dlc_get(s, dlci);
1678 if (!d) {
1679 rfcomm_send_dm(s, dlci);
1680 goto drop;
1681 }
1682
1683 if (pf && d->cfc) {
1684 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1685
1686 d->tx_credits += credits;
1687 if (d->tx_credits)
1688 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1689 }
1690
1691 if (skb->len && d->state == BT_CONNECTED) {
1692 rfcomm_dlc_lock(d);
1693 d->rx_credits--;
1694 d->data_ready(d, skb);
1695 rfcomm_dlc_unlock(d);
1696 return 0;
1697 }
1698
1699drop:
1700 kfree_skb(skb);
1701 return 0;
1702}
1703
1704static struct rfcomm_session *rfcomm_recv_frame(struct rfcomm_session *s,
1705 struct sk_buff *skb)
1706{
1707 struct rfcomm_hdr *hdr = (void *) skb->data;
1708 u8 type, dlci, fcs;
1709
1710 if (!s) {
1711
1712 kfree_skb(skb);
1713 return s;
1714 }
1715
1716 dlci = __get_dlci(hdr->addr);
1717 type = __get_type(hdr->ctrl);
1718
1719
1720 skb->len--; skb->tail--;
1721 fcs = *(u8 *)skb_tail_pointer(skb);
1722
1723 if (__check_fcs(skb->data, type, fcs)) {
1724 BT_ERR("bad checksum in packet");
1725 kfree_skb(skb);
1726 return s;
1727 }
1728
1729 if (__test_ea(hdr->len))
1730 skb_pull(skb, 3);
1731 else
1732 skb_pull(skb, 4);
1733
1734 switch (type) {
1735 case RFCOMM_SABM:
1736 if (__test_pf(hdr->ctrl))
1737 rfcomm_recv_sabm(s, dlci);
1738 break;
1739
1740 case RFCOMM_DISC:
1741 if (__test_pf(hdr->ctrl))
1742 s = rfcomm_recv_disc(s, dlci);
1743 break;
1744
1745 case RFCOMM_UA:
1746 if (__test_pf(hdr->ctrl))
1747 s = rfcomm_recv_ua(s, dlci);
1748 break;
1749
1750 case RFCOMM_DM:
1751 s = rfcomm_recv_dm(s, dlci);
1752 break;
1753
1754 case RFCOMM_UIH:
1755 if (dlci) {
1756 rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1757 return s;
1758 }
1759 rfcomm_recv_mcc(s, skb);
1760 break;
1761
1762 default:
1763 BT_ERR("Unknown packet type 0x%02x", type);
1764 break;
1765 }
1766 kfree_skb(skb);
1767 return s;
1768}
1769
1770
1771
1772static void rfcomm_process_connect(struct rfcomm_session *s)
1773{
1774 struct rfcomm_dlc *d;
1775 struct list_head *p, *n;
1776
1777 BT_DBG("session %p state %ld", s, s->state);
1778
1779 list_for_each_safe(p, n, &s->dlcs) {
1780 d = list_entry(p, struct rfcomm_dlc, list);
1781 if (d->state == BT_CONFIG) {
1782 d->mtu = s->mtu;
1783 if (rfcomm_check_security(d)) {
1784 rfcomm_send_pn(s, 1, d);
1785 } else {
1786 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1787 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1788 }
1789 }
1790 }
1791}
1792
1793
1794
1795
1796static int rfcomm_process_tx(struct rfcomm_dlc *d)
1797{
1798 struct sk_buff *skb;
1799 int err;
1800
1801 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1802 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1803
1804
1805 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1806 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1807
1808 if (d->cfc) {
1809
1810
1811 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1812 d->rx_credits <= (d->cfc >> 2)) {
1813 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1814 d->rx_credits = d->cfc;
1815 }
1816 } else {
1817
1818
1819 d->tx_credits = 5;
1820 }
1821
1822 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1823 return skb_queue_len(&d->tx_queue);
1824
1825 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1826 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1827 if (err < 0) {
1828 skb_queue_head(&d->tx_queue, skb);
1829 break;
1830 }
1831 kfree_skb(skb);
1832 d->tx_credits--;
1833 }
1834
1835 if (d->cfc && !d->tx_credits) {
1836
1837
1838 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1839 }
1840
1841 return skb_queue_len(&d->tx_queue);
1842}
1843
1844static void rfcomm_process_dlcs(struct rfcomm_session *s)
1845{
1846 struct rfcomm_dlc *d;
1847 struct list_head *p, *n;
1848
1849 BT_DBG("session %p state %ld", s, s->state);
1850
1851 list_for_each_safe(p, n, &s->dlcs) {
1852 d = list_entry(p, struct rfcomm_dlc, list);
1853
1854 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1855 __rfcomm_dlc_close(d, ETIMEDOUT);
1856 continue;
1857 }
1858
1859 if (test_bit(RFCOMM_ENC_DROP, &d->flags)) {
1860 __rfcomm_dlc_close(d, ECONNREFUSED);
1861 continue;
1862 }
1863
1864 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1865 rfcomm_dlc_clear_timer(d);
1866 if (d->out) {
1867 rfcomm_send_pn(s, 1, d);
1868 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
1869 } else {
1870 if (d->defer_setup) {
1871 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1872 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1873
1874 rfcomm_dlc_lock(d);
1875 d->state = BT_CONNECT2;
1876 d->state_change(d, 0);
1877 rfcomm_dlc_unlock(d);
1878 } else
1879 rfcomm_dlc_accept(d);
1880 }
1881 continue;
1882 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1883 rfcomm_dlc_clear_timer(d);
1884 if (!d->out)
1885 rfcomm_send_dm(s, d->dlci);
1886 else
1887 d->state = BT_CLOSED;
1888 __rfcomm_dlc_close(d, ECONNREFUSED);
1889 continue;
1890 }
1891
1892 if (test_bit(RFCOMM_SEC_PENDING, &d->flags))
1893 continue;
1894
1895 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1896 continue;
1897
1898 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1899 d->mscex == RFCOMM_MSCEX_OK)
1900 rfcomm_process_tx(d);
1901 }
1902}
1903
1904static struct rfcomm_session *rfcomm_process_rx(struct rfcomm_session *s)
1905{
1906 struct socket *sock = s->sock;
1907 struct sock *sk = sock->sk;
1908 struct sk_buff *skb;
1909
1910 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1911
1912
1913 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1914 skb_orphan(skb);
1915 if (!skb_linearize(skb)) {
1916 s = rfcomm_recv_frame(s, skb);
1917 if (!s)
1918 break;
1919 } else {
1920 kfree_skb(skb);
1921 }
1922 }
1923
1924 if (s && (sk->sk_state == BT_CLOSED))
1925 s = rfcomm_session_close(s, sk->sk_err);
1926
1927 return s;
1928}
1929
1930static void rfcomm_accept_connection(struct rfcomm_session *s)
1931{
1932 struct socket *sock = s->sock, *nsock;
1933 int err;
1934
1935
1936
1937 if (list_empty(&bt_sk(sock->sk)->accept_q))
1938 return;
1939
1940 BT_DBG("session %p", s);
1941
1942 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1943 if (err < 0)
1944 return;
1945
1946
1947 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1948 nsock->sk->sk_state_change = rfcomm_l2state_change;
1949
1950 s = rfcomm_session_add(nsock, BT_OPEN);
1951 if (s) {
1952
1953
1954 s->mtu = min(l2cap_pi(nsock->sk)->chan->omtu,
1955 l2cap_pi(nsock->sk)->chan->imtu) - 5;
1956
1957 rfcomm_schedule();
1958 } else
1959 sock_release(nsock);
1960}
1961
1962static struct rfcomm_session *rfcomm_check_connection(struct rfcomm_session *s)
1963{
1964 struct sock *sk = s->sock->sk;
1965
1966 BT_DBG("%p state %ld", s, s->state);
1967
1968 switch (sk->sk_state) {
1969 case BT_CONNECTED:
1970 s->state = BT_CONNECT;
1971
1972
1973
1974 s->mtu = min(l2cap_pi(sk)->chan->omtu, l2cap_pi(sk)->chan->imtu) - 5;
1975
1976 rfcomm_send_sabm(s, 0);
1977 break;
1978
1979 case BT_CLOSED:
1980 s = rfcomm_session_close(s, sk->sk_err);
1981 break;
1982 }
1983 return s;
1984}
1985
1986static void rfcomm_process_sessions(void)
1987{
1988 struct list_head *p, *n;
1989
1990 rfcomm_lock();
1991
1992 list_for_each_safe(p, n, &session_list) {
1993 struct rfcomm_session *s;
1994 s = list_entry(p, struct rfcomm_session, list);
1995
1996 if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) {
1997 s->state = BT_DISCONN;
1998 rfcomm_send_disc(s, 0);
1999 continue;
2000 }
2001
2002 switch (s->state) {
2003 case BT_LISTEN:
2004 rfcomm_accept_connection(s);
2005 continue;
2006
2007 case BT_BOUND:
2008 s = rfcomm_check_connection(s);
2009 break;
2010
2011 default:
2012 s = rfcomm_process_rx(s);
2013 break;
2014 }
2015
2016 if (s)
2017 rfcomm_process_dlcs(s);
2018 }
2019
2020 rfcomm_unlock();
2021}
2022
2023static int rfcomm_add_listener(bdaddr_t *ba)
2024{
2025 struct sockaddr_l2 addr;
2026 struct socket *sock;
2027 struct sock *sk;
2028 struct rfcomm_session *s;
2029 int err = 0;
2030
2031
2032 err = rfcomm_l2sock_create(&sock);
2033 if (err < 0) {
2034 BT_ERR("Create socket failed %d", err);
2035 return err;
2036 }
2037
2038
2039 bacpy(&addr.l2_bdaddr, ba);
2040 addr.l2_family = AF_BLUETOOTH;
2041 addr.l2_psm = cpu_to_le16(L2CAP_PSM_RFCOMM);
2042 addr.l2_cid = 0;
2043 addr.l2_bdaddr_type = BDADDR_BREDR;
2044 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
2045 if (err < 0) {
2046 BT_ERR("Bind failed %d", err);
2047 goto failed;
2048 }
2049
2050
2051 sk = sock->sk;
2052 lock_sock(sk);
2053 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
2054 release_sock(sk);
2055
2056
2057 err = kernel_listen(sock, 10);
2058 if (err) {
2059 BT_ERR("Listen failed %d", err);
2060 goto failed;
2061 }
2062
2063
2064 s = rfcomm_session_add(sock, BT_LISTEN);
2065 if (!s) {
2066 err = -ENOMEM;
2067 goto failed;
2068 }
2069
2070 return 0;
2071failed:
2072 sock_release(sock);
2073 return err;
2074}
2075
2076static void rfcomm_kill_listener(void)
2077{
2078 struct rfcomm_session *s;
2079 struct list_head *p, *n;
2080
2081 BT_DBG("");
2082
2083 list_for_each_safe(p, n, &session_list) {
2084 s = list_entry(p, struct rfcomm_session, list);
2085 rfcomm_session_del(s);
2086 }
2087}
2088
2089static int rfcomm_run(void *unused)
2090{
2091 DEFINE_WAIT_FUNC(wait, woken_wake_function);
2092 BT_DBG("");
2093
2094 set_user_nice(current, -10);
2095
2096 rfcomm_add_listener(BDADDR_ANY);
2097
2098 add_wait_queue(&rfcomm_wq, &wait);
2099 while (!kthread_should_stop()) {
2100
2101
2102 rfcomm_process_sessions();
2103
2104 wait_woken(&wait, TASK_INTERRUPTIBLE, MAX_SCHEDULE_TIMEOUT);
2105 }
2106 remove_wait_queue(&rfcomm_wq, &wait);
2107
2108 rfcomm_kill_listener();
2109
2110 return 0;
2111}
2112
2113static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
2114{
2115 struct rfcomm_session *s;
2116 struct rfcomm_dlc *d;
2117 struct list_head *p, *n;
2118
2119 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
2120
2121 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
2122 if (!s)
2123 return;
2124
2125 list_for_each_safe(p, n, &s->dlcs) {
2126 d = list_entry(p, struct rfcomm_dlc, list);
2127
2128 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) {
2129 rfcomm_dlc_clear_timer(d);
2130 if (status || encrypt == 0x00) {
2131 set_bit(RFCOMM_ENC_DROP, &d->flags);
2132 continue;
2133 }
2134 }
2135
2136 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) {
2137 if (d->sec_level == BT_SECURITY_MEDIUM) {
2138 set_bit(RFCOMM_SEC_PENDING, &d->flags);
2139 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
2140 continue;
2141 } else if (d->sec_level == BT_SECURITY_HIGH ||
2142 d->sec_level == BT_SECURITY_FIPS) {
2143 set_bit(RFCOMM_ENC_DROP, &d->flags);
2144 continue;
2145 }
2146 }
2147
2148 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2149 continue;
2150
2151 if (!status && hci_conn_check_secure(conn, d->sec_level))
2152 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2153 else
2154 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2155 }
2156
2157 rfcomm_schedule();
2158}
2159
2160static struct hci_cb rfcomm_cb = {
2161 .name = "RFCOMM",
2162 .security_cfm = rfcomm_security_cfm
2163};
2164
2165static int rfcomm_dlc_debugfs_show(struct seq_file *f, void *x)
2166{
2167 struct rfcomm_session *s;
2168
2169 rfcomm_lock();
2170
2171 list_for_each_entry(s, &session_list, list) {
2172 struct l2cap_chan *chan = l2cap_pi(s->sock->sk)->chan;
2173 struct rfcomm_dlc *d;
2174 list_for_each_entry(d, &s->dlcs, list) {
2175 seq_printf(f, "%pMR %pMR %ld %d %d %d %d\n",
2176 &chan->src, &chan->dst,
2177 d->state, d->dlci, d->mtu,
2178 d->rx_credits, d->tx_credits);
2179 }
2180 }
2181
2182 rfcomm_unlock();
2183
2184 return 0;
2185}
2186
2187static int rfcomm_dlc_debugfs_open(struct inode *inode, struct file *file)
2188{
2189 return single_open(file, rfcomm_dlc_debugfs_show, inode->i_private);
2190}
2191
2192static const struct file_operations rfcomm_dlc_debugfs_fops = {
2193 .open = rfcomm_dlc_debugfs_open,
2194 .read = seq_read,
2195 .llseek = seq_lseek,
2196 .release = single_release,
2197};
2198
2199static struct dentry *rfcomm_dlc_debugfs;
2200
2201
2202static int __init rfcomm_init(void)
2203{
2204 int err;
2205
2206 hci_register_cb(&rfcomm_cb);
2207
2208 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2209 if (IS_ERR(rfcomm_thread)) {
2210 err = PTR_ERR(rfcomm_thread);
2211 goto unregister;
2212 }
2213
2214 err = rfcomm_init_ttys();
2215 if (err < 0)
2216 goto stop;
2217
2218 err = rfcomm_init_sockets();
2219 if (err < 0)
2220 goto cleanup;
2221
2222 BT_INFO("RFCOMM ver %s", VERSION);
2223
2224 if (IS_ERR_OR_NULL(bt_debugfs))
2225 return 0;
2226
2227 rfcomm_dlc_debugfs = debugfs_create_file("rfcomm_dlc", 0444,
2228 bt_debugfs, NULL,
2229 &rfcomm_dlc_debugfs_fops);
2230
2231 return 0;
2232
2233cleanup:
2234 rfcomm_cleanup_ttys();
2235
2236stop:
2237 kthread_stop(rfcomm_thread);
2238
2239unregister:
2240 hci_unregister_cb(&rfcomm_cb);
2241
2242 return err;
2243}
2244
2245static void __exit rfcomm_exit(void)
2246{
2247 debugfs_remove(rfcomm_dlc_debugfs);
2248
2249 hci_unregister_cb(&rfcomm_cb);
2250
2251 kthread_stop(rfcomm_thread);
2252
2253 rfcomm_cleanup_ttys();
2254
2255 rfcomm_cleanup_sockets();
2256}
2257
2258module_init(rfcomm_init);
2259module_exit(rfcomm_exit);
2260
2261module_param(disable_cfc, bool, 0644);
2262MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2263
2264module_param(channel_mtu, int, 0644);
2265MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2266
2267module_param(l2cap_mtu, uint, 0644);
2268MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2269
2270module_param(l2cap_ertm, bool, 0644);
2271MODULE_PARM_DESC(l2cap_ertm, "Use L2CAP ERTM mode for connection");
2272
2273MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2274MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2275MODULE_VERSION(VERSION);
2276MODULE_LICENSE("GPL");
2277MODULE_ALIAS("bt-proto-3");
2278
