1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28#include <linux/module.h>
29#include <linux/debugfs.h>
30#include <linux/kthread.h>
31#include <asm/unaligned.h>
32
33#include <net/bluetooth/bluetooth.h>
34#include <net/bluetooth/hci_core.h>
35#include <net/bluetooth/l2cap.h>
36#include <net/bluetooth/rfcomm.h>
37
38#define VERSION "1.11"
39
40static bool disable_cfc;
41static bool l2cap_ertm;
42static int channel_mtu = -1;
43static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
44
45static struct task_struct *rfcomm_thread;
46
47static DEFINE_MUTEX(rfcomm_mutex);
48#define rfcomm_lock() mutex_lock(&rfcomm_mutex)
49#define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
50
51
52static LIST_HEAD(session_list);
53
54static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
55static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
56static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
57static int rfcomm_queue_disc(struct rfcomm_dlc *d);
58static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
59static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
60static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
61static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
62static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
63static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
64
65static void rfcomm_process_connect(struct rfcomm_session *s);
66
67static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
68 bdaddr_t *dst,
69 u8 sec_level,
70 int *err);
71static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
72static struct rfcomm_session *rfcomm_session_del(struct rfcomm_session *s);
73
74
75#define __get_dlci(b) ((b & 0xfc) >> 2)
76#define __get_channel(b) ((b & 0xf8) >> 3)
77#define __get_dir(b) ((b & 0x04) >> 2)
78#define __get_type(b) ((b & 0xef))
79
80#define __test_ea(b) ((b & 0x01))
81#define __test_cr(b) (!!(b & 0x02))
82#define __test_pf(b) (!!(b & 0x10))
83
84#define __session_dir(s) ((s)->initiator ? 0x00 : 0x01)
85
86#define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
87#define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
88#define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
89#define __srv_channel(dlci) (dlci >> 1)
90#define __dir(dlci) (dlci & 0x01)
91
92#define __len8(len) (((len) << 1) | 1)
93#define __len16(len) ((len) << 1)
94
95
96#define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
97#define __get_mcc_type(b) ((b & 0xfc) >> 2)
98#define __get_mcc_len(b) ((b & 0xfe) >> 1)
99
100
101#define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
102#define __get_rpn_data_bits(line) ((line) & 0x3)
103#define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
104#define __get_rpn_parity(line) (((line) >> 3) & 0x7)
105
106static DECLARE_WAIT_QUEUE_HEAD(rfcomm_wq);
107
108static void rfcomm_schedule(void)
109{
110 wake_up_all(&rfcomm_wq);
111}
112
113
114
115
116static unsigned char rfcomm_crc_table[256] = {
117 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
118 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
119 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
120 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
121
122 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
123 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
124 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
125 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
126
127 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
128 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
129 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
130 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
131
132 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
133 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
134 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
135 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
136
137 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
138 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
139 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
140 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
141
142 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
143 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
144 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
145 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
146
147 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
148 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
149 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
150 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
151
152 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
153 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
154 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
155 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
156};
157
158
159#define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
160
161
162static inline u8 __fcs(u8 *data)
163{
164 return 0xff - __crc(data);
165}
166
167
168static inline u8 __fcs2(u8 *data)
169{
170 return 0xff - rfcomm_crc_table[__crc(data) ^ data[2]];
171}
172
173
174static inline int __check_fcs(u8 *data, int type, u8 fcs)
175{
176 u8 f = __crc(data);
177
178 if (type != RFCOMM_UIH)
179 f = rfcomm_crc_table[f ^ data[2]];
180
181 return rfcomm_crc_table[f ^ fcs] != 0xcf;
182}
183
184
185static void rfcomm_l2state_change(struct sock *sk)
186{
187 BT_DBG("%p state %d", sk, sk->sk_state);
188 rfcomm_schedule();
189}
190
191static void rfcomm_l2data_ready(struct sock *sk)
192{
193 BT_DBG("%p", sk);
194 rfcomm_schedule();
195}
196
197static int rfcomm_l2sock_create(struct socket **sock)
198{
199 int err;
200
201 BT_DBG("");
202
203 err = sock_create_kern(&init_net, PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
204 if (!err) {
205 struct sock *sk = (*sock)->sk;
206 sk->sk_data_ready = rfcomm_l2data_ready;
207 sk->sk_state_change = rfcomm_l2state_change;
208 }
209 return err;
210}
211
212static int rfcomm_check_security(struct rfcomm_dlc *d)
213{
214 struct sock *sk = d->session->sock->sk;
215 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
216
217 __u8 auth_type;
218
219 switch (d->sec_level) {
220 case BT_SECURITY_HIGH:
221 case BT_SECURITY_FIPS:
222 auth_type = HCI_AT_GENERAL_BONDING_MITM;
223 break;
224 case BT_SECURITY_MEDIUM:
225 auth_type = HCI_AT_GENERAL_BONDING;
226 break;
227 default:
228 auth_type = HCI_AT_NO_BONDING;
229 break;
230 }
231
232 return hci_conn_security(conn->hcon, d->sec_level, auth_type,
233 d->out);
234}
235
236static void rfcomm_session_timeout(struct timer_list *t)
237{
238 struct rfcomm_session *s = from_timer(s, t, timer);
239
240 BT_DBG("session %p state %ld", s, s->state);
241
242 set_bit(RFCOMM_TIMED_OUT, &s->flags);
243 rfcomm_schedule();
244}
245
246static void rfcomm_session_set_timer(struct rfcomm_session *s, long timeout)
247{
248 BT_DBG("session %p state %ld timeout %ld", s, s->state, timeout);
249
250 mod_timer(&s->timer, jiffies + timeout);
251}
252
253static void rfcomm_session_clear_timer(struct rfcomm_session *s)
254{
255 BT_DBG("session %p state %ld", s, s->state);
256
257 del_timer_sync(&s->timer);
258}
259
260
261static void rfcomm_dlc_timeout(struct timer_list *t)
262{
263 struct rfcomm_dlc *d = from_timer(d, t, timer);
264
265 BT_DBG("dlc %p state %ld", d, d->state);
266
267 set_bit(RFCOMM_TIMED_OUT, &d->flags);
268 rfcomm_dlc_put(d);
269 rfcomm_schedule();
270}
271
272static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
273{
274 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
275
276 if (!mod_timer(&d->timer, jiffies + timeout))
277 rfcomm_dlc_hold(d);
278}
279
280static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
281{
282 BT_DBG("dlc %p state %ld", d, d->state);
283
284 if (del_timer(&d->timer))
285 rfcomm_dlc_put(d);
286}
287
288static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
289{
290 BT_DBG("%p", d);
291
292 d->state = BT_OPEN;
293 d->flags = 0;
294 d->mscex = 0;
295 d->sec_level = BT_SECURITY_LOW;
296 d->mtu = RFCOMM_DEFAULT_MTU;
297 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
298
299 d->cfc = RFCOMM_CFC_DISABLED;
300 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
301}
302
303struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
304{
305 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
306
307 if (!d)
308 return NULL;
309
310 timer_setup(&d->timer, rfcomm_dlc_timeout, 0);
311
312 skb_queue_head_init(&d->tx_queue);
313 mutex_init(&d->lock);
314 refcount_set(&d->refcnt, 1);
315
316 rfcomm_dlc_clear_state(d);
317
318 BT_DBG("%p", d);
319
320 return d;
321}
322
323void rfcomm_dlc_free(struct rfcomm_dlc *d)
324{
325 BT_DBG("%p", d);
326
327 skb_queue_purge(&d->tx_queue);
328 kfree(d);
329}
330
331static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
332{
333 BT_DBG("dlc %p session %p", d, s);
334
335 rfcomm_session_clear_timer(s);
336 rfcomm_dlc_hold(d);
337 list_add(&d->list, &s->dlcs);
338 d->session = s;
339}
340
341static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
342{
343 struct rfcomm_session *s = d->session;
344
345 BT_DBG("dlc %p refcnt %d session %p", d, refcount_read(&d->refcnt), s);
346
347 list_del(&d->list);
348 d->session = NULL;
349 rfcomm_dlc_put(d);
350
351 if (list_empty(&s->dlcs))
352 rfcomm_session_set_timer(s, RFCOMM_IDLE_TIMEOUT);
353}
354
355static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
356{
357 struct rfcomm_dlc *d;
358
359 list_for_each_entry(d, &s->dlcs, list)
360 if (d->dlci == dlci)
361 return d;
362
363 return NULL;
364}
365
366static int rfcomm_check_channel(u8 channel)
367{
368 return channel < 1 || channel > 30;
369}
370
371static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
372{
373 struct rfcomm_session *s;
374 int err = 0;
375 u8 dlci;
376
377 BT_DBG("dlc %p state %ld %pMR -> %pMR channel %d",
378 d, d->state, src, dst, channel);
379
380 if (rfcomm_check_channel(channel))
381 return -EINVAL;
382
383 if (d->state != BT_OPEN && d->state != BT_CLOSED)
384 return 0;
385
386 s = rfcomm_session_get(src, dst);
387 if (!s) {
388 s = rfcomm_session_create(src, dst, d->sec_level, &err);
389 if (!s)
390 return err;
391 }
392
393 dlci = __dlci(__session_dir(s), channel);
394
395
396 if (rfcomm_dlc_get(s, dlci))
397 return -EBUSY;
398
399 rfcomm_dlc_clear_state(d);
400
401 d->dlci = dlci;
402 d->addr = __addr(s->initiator, dlci);
403 d->priority = 7;
404
405 d->state = BT_CONFIG;
406 rfcomm_dlc_link(s, d);
407
408 d->out = 1;
409
410 d->mtu = s->mtu;
411 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
412
413 if (s->state == BT_CONNECTED) {
414 if (rfcomm_check_security(d))
415 rfcomm_send_pn(s, 1, d);
416 else
417 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
418 }
419
420 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
421
422 return 0;
423}
424
425int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
426{
427 int r;
428
429 rfcomm_lock();
430
431 r = __rfcomm_dlc_open(d, src, dst, channel);
432
433 rfcomm_unlock();
434 return r;
435}
436
437static void __rfcomm_dlc_disconn(struct rfcomm_dlc *d)
438{
439 struct rfcomm_session *s = d->session;
440
441 d->state = BT_DISCONN;
442 if (skb_queue_empty(&d->tx_queue)) {
443 rfcomm_send_disc(s, d->dlci);
444 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
445 } else {
446 rfcomm_queue_disc(d);
447 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
448 }
449}
450
451static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
452{
453 struct rfcomm_session *s = d->session;
454 if (!s)
455 return 0;
456
457 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
458 d, d->state, d->dlci, err, s);
459
460 switch (d->state) {
461 case BT_CONNECT:
462 case BT_CONFIG:
463 case BT_OPEN:
464 case BT_CONNECT2:
465 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
466 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
467 rfcomm_schedule();
468 return 0;
469 }
470 }
471
472 switch (d->state) {
473 case BT_CONNECT:
474 case BT_CONNECTED:
475 __rfcomm_dlc_disconn(d);
476 break;
477
478 case BT_CONFIG:
479 if (s->state != BT_BOUND) {
480 __rfcomm_dlc_disconn(d);
481 break;
482 }
483
484
485
486
487
488 default:
489 rfcomm_dlc_clear_timer(d);
490
491 rfcomm_dlc_lock(d);
492 d->state = BT_CLOSED;
493 d->state_change(d, err);
494 rfcomm_dlc_unlock(d);
495
496 skb_queue_purge(&d->tx_queue);
497 rfcomm_dlc_unlink(d);
498 }
499
500 return 0;
501}
502
503int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
504{
505 int r = 0;
506 struct rfcomm_dlc *d_list;
507 struct rfcomm_session *s, *s_list;
508
509 BT_DBG("dlc %p state %ld dlci %d err %d", d, d->state, d->dlci, err);
510
511 rfcomm_lock();
512
513 s = d->session;
514 if (!s)
515 goto no_session;
516
517
518
519
520 list_for_each_entry(s_list, &session_list, list) {
521 if (s_list == s) {
522 list_for_each_entry(d_list, &s->dlcs, list) {
523 if (d_list == d) {
524 r = __rfcomm_dlc_close(d, err);
525 break;
526 }
527 }
528 break;
529 }
530 }
531
532no_session:
533 rfcomm_unlock();
534 return r;
535}
536
537struct rfcomm_dlc *rfcomm_dlc_exists(bdaddr_t *src, bdaddr_t *dst, u8 channel)
538{
539 struct rfcomm_session *s;
540 struct rfcomm_dlc *dlc = NULL;
541 u8 dlci;
542
543 if (rfcomm_check_channel(channel))
544 return ERR_PTR(-EINVAL);
545
546 rfcomm_lock();
547 s = rfcomm_session_get(src, dst);
548 if (s) {
549 dlci = __dlci(__session_dir(s), channel);
550 dlc = rfcomm_dlc_get(s, dlci);
551 }
552 rfcomm_unlock();
553 return dlc;
554}
555
556int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
557{
558 int len = skb->len;
559
560 if (d->state != BT_CONNECTED)
561 return -ENOTCONN;
562
563 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
564
565 if (len > d->mtu)
566 return -EINVAL;
567
568 rfcomm_make_uih(skb, d->addr);
569 skb_queue_tail(&d->tx_queue, skb);
570
571 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
572 rfcomm_schedule();
573 return len;
574}
575
576void rfcomm_dlc_send_noerror(struct rfcomm_dlc *d, struct sk_buff *skb)
577{
578 int len = skb->len;
579
580 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
581
582 rfcomm_make_uih(skb, d->addr);
583 skb_queue_tail(&d->tx_queue, skb);
584
585 if (d->state == BT_CONNECTED &&
586 !test_bit(RFCOMM_TX_THROTTLED, &d->flags))
587 rfcomm_schedule();
588}
589
590void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
591{
592 BT_DBG("dlc %p state %ld", d, d->state);
593
594 if (!d->cfc) {
595 d->v24_sig |= RFCOMM_V24_FC;
596 set_bit(RFCOMM_MSC_PENDING, &d->flags);
597 }
598 rfcomm_schedule();
599}
600
601void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
602{
603 BT_DBG("dlc %p state %ld", d, d->state);
604
605 if (!d->cfc) {
606 d->v24_sig &= ~RFCOMM_V24_FC;
607 set_bit(RFCOMM_MSC_PENDING, &d->flags);
608 }
609 rfcomm_schedule();
610}
611
612
613
614
615
616
617int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
618{
619 BT_DBG("dlc %p state %ld v24_sig 0x%x",
620 d, d->state, v24_sig);
621
622 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
623 v24_sig |= RFCOMM_V24_FC;
624 else
625 v24_sig &= ~RFCOMM_V24_FC;
626
627 d->v24_sig = v24_sig;
628
629 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
630 rfcomm_schedule();
631
632 return 0;
633}
634
635int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
636{
637 BT_DBG("dlc %p state %ld v24_sig 0x%x",
638 d, d->state, d->v24_sig);
639
640 *v24_sig = d->v24_sig;
641 return 0;
642}
643
644
645static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
646{
647 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
648
649 if (!s)
650 return NULL;
651
652 BT_DBG("session %p sock %p", s, sock);
653
654 timer_setup(&s->timer, rfcomm_session_timeout, 0);
655
656 INIT_LIST_HEAD(&s->dlcs);
657 s->state = state;
658 s->sock = sock;
659
660 s->mtu = RFCOMM_DEFAULT_MTU;
661 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
662
663
664
665 if (state != BT_LISTEN)
666 if (!try_module_get(THIS_MODULE)) {
667 kfree(s);
668 return NULL;
669 }
670
671 list_add(&s->list, &session_list);
672
673 return s;
674}
675
676static struct rfcomm_session *rfcomm_session_del(struct rfcomm_session *s)
677{
678 int state = s->state;
679
680 BT_DBG("session %p state %ld", s, s->state);
681
682 list_del(&s->list);
683
684 rfcomm_session_clear_timer(s);
685 sock_release(s->sock);
686 kfree(s);
687
688 if (state != BT_LISTEN)
689 module_put(THIS_MODULE);
690
691 return NULL;
692}
693
694static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
695{
696 struct rfcomm_session *s, *n;
697 struct l2cap_chan *chan;
698 list_for_each_entry_safe(s, n, &session_list, list) {
699 chan = l2cap_pi(s->sock->sk)->chan;
700
701 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&chan->src, src)) &&
702 !bacmp(&chan->dst, dst))
703 return s;
704 }
705 return NULL;
706}
707
708static struct rfcomm_session *rfcomm_session_close(struct rfcomm_session *s,
709 int err)
710{
711 struct rfcomm_dlc *d, *n;
712
713 s->state = BT_CLOSED;
714
715 BT_DBG("session %p state %ld err %d", s, s->state, err);
716
717
718 list_for_each_entry_safe(d, n, &s->dlcs, list) {
719 d->state = BT_CLOSED;
720 __rfcomm_dlc_close(d, err);
721 }
722
723 rfcomm_session_clear_timer(s);
724 return rfcomm_session_del(s);
725}
726
727static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
728 bdaddr_t *dst,
729 u8 sec_level,
730 int *err)
731{
732 struct rfcomm_session *s = NULL;
733 struct sockaddr_l2 addr;
734 struct socket *sock;
735 struct sock *sk;
736
737 BT_DBG("%pMR -> %pMR", src, dst);
738
739 *err = rfcomm_l2sock_create(&sock);
740 if (*err < 0)
741 return NULL;
742
743 bacpy(&addr.l2_bdaddr, src);
744 addr.l2_family = AF_BLUETOOTH;
745 addr.l2_psm = 0;
746 addr.l2_cid = 0;
747 addr.l2_bdaddr_type = BDADDR_BREDR;
748 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
749 if (*err < 0)
750 goto failed;
751
752
753 sk = sock->sk;
754 lock_sock(sk);
755 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
756 l2cap_pi(sk)->chan->sec_level = sec_level;
757 if (l2cap_ertm)
758 l2cap_pi(sk)->chan->mode = L2CAP_MODE_ERTM;
759 release_sock(sk);
760
761 s = rfcomm_session_add(sock, BT_BOUND);
762 if (!s) {
763 *err = -ENOMEM;
764 goto failed;
765 }
766
767 s->initiator = 1;
768
769 bacpy(&addr.l2_bdaddr, dst);
770 addr.l2_family = AF_BLUETOOTH;
771 addr.l2_psm = cpu_to_le16(L2CAP_PSM_RFCOMM);
772 addr.l2_cid = 0;
773 addr.l2_bdaddr_type = BDADDR_BREDR;
774 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
775 if (*err == 0 || *err == -EINPROGRESS)
776 return s;
777
778 return rfcomm_session_del(s);
779
780failed:
781 sock_release(sock);
782 return NULL;
783}
784
785void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
786{
787 struct l2cap_chan *chan = l2cap_pi(s->sock->sk)->chan;
788 if (src)
789 bacpy(src, &chan->src);
790 if (dst)
791 bacpy(dst, &chan->dst);
792}
793
794
795static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
796{
797 struct kvec iv = { data, len };
798 struct msghdr msg;
799
800 BT_DBG("session %p len %d", s, len);
801
802 memset(&msg, 0, sizeof(msg));
803
804 return kernel_sendmsg(s->sock, &msg, &iv, 1, len);
805}
806
807static int rfcomm_send_cmd(struct rfcomm_session *s, struct rfcomm_cmd *cmd)
808{
809 BT_DBG("%p cmd %u", s, cmd->ctrl);
810
811 return rfcomm_send_frame(s, (void *) cmd, sizeof(*cmd));
812}
813
814static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
815{
816 struct rfcomm_cmd cmd;
817
818 BT_DBG("%p dlci %d", s, dlci);
819
820 cmd.addr = __addr(s->initiator, dlci);
821 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
822 cmd.len = __len8(0);
823 cmd.fcs = __fcs2((u8 *) &cmd);
824
825 return rfcomm_send_cmd(s, &cmd);
826}
827
828static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
829{
830 struct rfcomm_cmd cmd;
831
832 BT_DBG("%p dlci %d", s, dlci);
833
834 cmd.addr = __addr(!s->initiator, dlci);
835 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
836 cmd.len = __len8(0);
837 cmd.fcs = __fcs2((u8 *) &cmd);
838
839 return rfcomm_send_cmd(s, &cmd);
840}
841
842static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
843{
844 struct rfcomm_cmd cmd;
845
846 BT_DBG("%p dlci %d", s, dlci);
847
848 cmd.addr = __addr(s->initiator, dlci);
849 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
850 cmd.len = __len8(0);
851 cmd.fcs = __fcs2((u8 *) &cmd);
852
853 return rfcomm_send_cmd(s, &cmd);
854}
855
856static int rfcomm_queue_disc(struct rfcomm_dlc *d)
857{
858 struct rfcomm_cmd *cmd;
859 struct sk_buff *skb;
860
861 BT_DBG("dlc %p dlci %d", d, d->dlci);
862
863 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
864 if (!skb)
865 return -ENOMEM;
866
867 cmd = __skb_put(skb, sizeof(*cmd));
868 cmd->addr = d->addr;
869 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
870 cmd->len = __len8(0);
871 cmd->fcs = __fcs2((u8 *) cmd);
872
873 skb_queue_tail(&d->tx_queue, skb);
874 rfcomm_schedule();
875 return 0;
876}
877
878static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
879{
880 struct rfcomm_cmd cmd;
881
882 BT_DBG("%p dlci %d", s, dlci);
883
884 cmd.addr = __addr(!s->initiator, dlci);
885 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
886 cmd.len = __len8(0);
887 cmd.fcs = __fcs2((u8 *) &cmd);
888
889 return rfcomm_send_cmd(s, &cmd);
890}
891
892static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
893{
894 struct rfcomm_hdr *hdr;
895 struct rfcomm_mcc *mcc;
896 u8 buf[16], *ptr = buf;
897
898 BT_DBG("%p cr %d type %d", s, cr, type);
899
900 hdr = (void *) ptr; ptr += sizeof(*hdr);
901 hdr->addr = __addr(s->initiator, 0);
902 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
903 hdr->len = __len8(sizeof(*mcc) + 1);
904
905 mcc = (void *) ptr; ptr += sizeof(*mcc);
906 mcc->type = __mcc_type(0, RFCOMM_NSC);
907 mcc->len = __len8(1);
908
909
910 *ptr = __mcc_type(cr, type); ptr++;
911
912 *ptr = __fcs(buf); ptr++;
913
914 return rfcomm_send_frame(s, buf, ptr - buf);
915}
916
917static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
918{
919 struct rfcomm_hdr *hdr;
920 struct rfcomm_mcc *mcc;
921 struct rfcomm_pn *pn;
922 u8 buf[16], *ptr = buf;
923
924 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
925
926 hdr = (void *) ptr; ptr += sizeof(*hdr);
927 hdr->addr = __addr(s->initiator, 0);
928 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
929 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
930
931 mcc = (void *) ptr; ptr += sizeof(*mcc);
932 mcc->type = __mcc_type(cr, RFCOMM_PN);
933 mcc->len = __len8(sizeof(*pn));
934
935 pn = (void *) ptr; ptr += sizeof(*pn);
936 pn->dlci = d->dlci;
937 pn->priority = d->priority;
938 pn->ack_timer = 0;
939 pn->max_retrans = 0;
940
941 if (s->cfc) {
942 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
943 pn->credits = RFCOMM_DEFAULT_CREDITS;
944 } else {
945 pn->flow_ctrl = 0;
946 pn->credits = 0;
947 }
948
949 if (cr && channel_mtu >= 0)
950 pn->mtu = cpu_to_le16(channel_mtu);
951 else
952 pn->mtu = cpu_to_le16(d->mtu);
953
954 *ptr = __fcs(buf); ptr++;
955
956 return rfcomm_send_frame(s, buf, ptr - buf);
957}
958
959int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
960 u8 bit_rate, u8 data_bits, u8 stop_bits,
961 u8 parity, u8 flow_ctrl_settings,
962 u8 xon_char, u8 xoff_char, u16 param_mask)
963{
964 struct rfcomm_hdr *hdr;
965 struct rfcomm_mcc *mcc;
966 struct rfcomm_rpn *rpn;
967 u8 buf[16], *ptr = buf;
968
969 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
970 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
971 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
972 flow_ctrl_settings, xon_char, xoff_char, param_mask);
973
974 hdr = (void *) ptr; ptr += sizeof(*hdr);
975 hdr->addr = __addr(s->initiator, 0);
976 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
977 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
978
979 mcc = (void *) ptr; ptr += sizeof(*mcc);
980 mcc->type = __mcc_type(cr, RFCOMM_RPN);
981 mcc->len = __len8(sizeof(*rpn));
982
983 rpn = (void *) ptr; ptr += sizeof(*rpn);
984 rpn->dlci = __addr(1, dlci);
985 rpn->bit_rate = bit_rate;
986 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
987 rpn->flow_ctrl = flow_ctrl_settings;
988 rpn->xon_char = xon_char;
989 rpn->xoff_char = xoff_char;
990 rpn->param_mask = cpu_to_le16(param_mask);
991
992 *ptr = __fcs(buf); ptr++;
993
994 return rfcomm_send_frame(s, buf, ptr - buf);
995}
996
997static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
998{
999 struct rfcomm_hdr *hdr;
1000 struct rfcomm_mcc *mcc;
1001 struct rfcomm_rls *rls;
1002 u8 buf[16], *ptr = buf;
1003
1004 BT_DBG("%p cr %d status 0x%x", s, cr, status);
1005
1006 hdr = (void *) ptr; ptr += sizeof(*hdr);
1007 hdr->addr = __addr(s->initiator, 0);
1008 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1009 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
1010
1011 mcc = (void *) ptr; ptr += sizeof(*mcc);
1012 mcc->type = __mcc_type(cr, RFCOMM_RLS);
1013 mcc->len = __len8(sizeof(*rls));
1014
1015 rls = (void *) ptr; ptr += sizeof(*rls);
1016 rls->dlci = __addr(1, dlci);
1017 rls->status = status;
1018
1019 *ptr = __fcs(buf); ptr++;
1020
1021 return rfcomm_send_frame(s, buf, ptr - buf);
1022}
1023
1024static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
1025{
1026 struct rfcomm_hdr *hdr;
1027 struct rfcomm_mcc *mcc;
1028 struct rfcomm_msc *msc;
1029 u8 buf[16], *ptr = buf;
1030
1031 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
1032
1033 hdr = (void *) ptr; ptr += sizeof(*hdr);
1034 hdr->addr = __addr(s->initiator, 0);
1035 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1036 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
1037
1038 mcc = (void *) ptr; ptr += sizeof(*mcc);
1039 mcc->type = __mcc_type(cr, RFCOMM_MSC);
1040 mcc->len = __len8(sizeof(*msc));
1041
1042 msc = (void *) ptr; ptr += sizeof(*msc);
1043 msc->dlci = __addr(1, dlci);
1044 msc->v24_sig = v24_sig | 0x01;
1045
1046 *ptr = __fcs(buf); ptr++;
1047
1048 return rfcomm_send_frame(s, buf, ptr - buf);
1049}
1050
1051static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
1052{
1053 struct rfcomm_hdr *hdr;
1054 struct rfcomm_mcc *mcc;
1055 u8 buf[16], *ptr = buf;
1056
1057 BT_DBG("%p cr %d", s, cr);
1058
1059 hdr = (void *) ptr; ptr += sizeof(*hdr);
1060 hdr->addr = __addr(s->initiator, 0);
1061 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1062 hdr->len = __len8(sizeof(*mcc));
1063
1064 mcc = (void *) ptr; ptr += sizeof(*mcc);
1065 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
1066 mcc->len = __len8(0);
1067
1068 *ptr = __fcs(buf); ptr++;
1069
1070 return rfcomm_send_frame(s, buf, ptr - buf);
1071}
1072
1073static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
1074{
1075 struct rfcomm_hdr *hdr;
1076 struct rfcomm_mcc *mcc;
1077 u8 buf[16], *ptr = buf;
1078
1079 BT_DBG("%p cr %d", s, cr);
1080
1081 hdr = (void *) ptr; ptr += sizeof(*hdr);
1082 hdr->addr = __addr(s->initiator, 0);
1083 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1084 hdr->len = __len8(sizeof(*mcc));
1085
1086 mcc = (void *) ptr; ptr += sizeof(*mcc);
1087 mcc->type = __mcc_type(cr, RFCOMM_FCON);
1088 mcc->len = __len8(0);
1089
1090 *ptr = __fcs(buf); ptr++;
1091
1092 return rfcomm_send_frame(s, buf, ptr - buf);
1093}
1094
1095static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
1096{
1097 struct socket *sock = s->sock;
1098 struct kvec iv[3];
1099 struct msghdr msg;
1100 unsigned char hdr[5], crc[1];
1101
1102 if (len > 125)
1103 return -EINVAL;
1104
1105 BT_DBG("%p cr %d", s, cr);
1106
1107 hdr[0] = __addr(s->initiator, 0);
1108 hdr[1] = __ctrl(RFCOMM_UIH, 0);
1109 hdr[2] = 0x01 | ((len + 2) << 1);
1110 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
1111 hdr[4] = 0x01 | (len << 1);
1112
1113 crc[0] = __fcs(hdr);
1114
1115 iv[0].iov_base = hdr;
1116 iv[0].iov_len = 5;
1117 iv[1].iov_base = pattern;
1118 iv[1].iov_len = len;
1119 iv[2].iov_base = crc;
1120 iv[2].iov_len = 1;
1121
1122 memset(&msg, 0, sizeof(msg));
1123
1124 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
1125}
1126
1127static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
1128{
1129 struct rfcomm_hdr *hdr;
1130 u8 buf[16], *ptr = buf;
1131
1132 BT_DBG("%p addr %d credits %d", s, addr, credits);
1133
1134 hdr = (void *) ptr; ptr += sizeof(*hdr);
1135 hdr->addr = addr;
1136 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1137 hdr->len = __len8(0);
1138
1139 *ptr = credits; ptr++;
1140
1141 *ptr = __fcs(buf); ptr++;
1142
1143 return rfcomm_send_frame(s, buf, ptr - buf);
1144}
1145
1146static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1147{
1148 struct rfcomm_hdr *hdr;
1149 int len = skb->len;
1150 u8 *crc;
1151
1152 if (len > 127) {
1153 hdr = skb_push(skb, 4);
1154 put_unaligned(cpu_to_le16(__len16(len)), (__le16 *) &hdr->len);
1155 } else {
1156 hdr = skb_push(skb, 3);
1157 hdr->len = __len8(len);
1158 }
1159 hdr->addr = addr;
1160 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1161
1162 crc = skb_put(skb, 1);
1163 *crc = __fcs((void *) hdr);
1164}
1165
1166
1167static struct rfcomm_session *rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1168{
1169 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1170
1171 if (dlci) {
1172
1173 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1174 if (!d) {
1175 rfcomm_send_dm(s, dlci);
1176 return s;
1177 }
1178
1179 switch (d->state) {
1180 case BT_CONNECT:
1181 rfcomm_dlc_clear_timer(d);
1182
1183 rfcomm_dlc_lock(d);
1184 d->state = BT_CONNECTED;
1185 d->state_change(d, 0);
1186 rfcomm_dlc_unlock(d);
1187
1188 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1189 break;
1190
1191 case BT_DISCONN:
1192 d->state = BT_CLOSED;
1193 __rfcomm_dlc_close(d, 0);
1194
1195 if (list_empty(&s->dlcs)) {
1196 s->state = BT_DISCONN;
1197 rfcomm_send_disc(s, 0);
1198 rfcomm_session_clear_timer(s);
1199 }
1200
1201 break;
1202 }
1203 } else {
1204
1205 switch (s->state) {
1206 case BT_CONNECT:
1207 s->state = BT_CONNECTED;
1208 rfcomm_process_connect(s);
1209 break;
1210
1211 case BT_DISCONN:
1212 s = rfcomm_session_close(s, ECONNRESET);
1213 break;
1214 }
1215 }
1216 return s;
1217}
1218
1219static struct rfcomm_session *rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1220{
1221 int err = 0;
1222
1223 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1224
1225 if (dlci) {
1226
1227 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1228 if (d) {
1229 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1230 err = ECONNREFUSED;
1231 else
1232 err = ECONNRESET;
1233
1234 d->state = BT_CLOSED;
1235 __rfcomm_dlc_close(d, err);
1236 }
1237 } else {
1238 if (s->state == BT_CONNECT)
1239 err = ECONNREFUSED;
1240 else
1241 err = ECONNRESET;
1242
1243 s = rfcomm_session_close(s, err);
1244 }
1245 return s;
1246}
1247
1248static struct rfcomm_session *rfcomm_recv_disc(struct rfcomm_session *s,
1249 u8 dlci)
1250{
1251 int err = 0;
1252
1253 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1254
1255 if (dlci) {
1256 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1257 if (d) {
1258 rfcomm_send_ua(s, dlci);
1259
1260 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1261 err = ECONNREFUSED;
1262 else
1263 err = ECONNRESET;
1264
1265 d->state = BT_CLOSED;
1266 __rfcomm_dlc_close(d, err);
1267 } else
1268 rfcomm_send_dm(s, dlci);
1269
1270 } else {
1271 rfcomm_send_ua(s, 0);
1272
1273 if (s->state == BT_CONNECT)
1274 err = ECONNREFUSED;
1275 else
1276 err = ECONNRESET;
1277
1278 s = rfcomm_session_close(s, err);
1279 }
1280 return s;
1281}
1282
1283void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1284{
1285 struct sock *sk = d->session->sock->sk;
1286 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
1287
1288 BT_DBG("dlc %p", d);
1289
1290 rfcomm_send_ua(d->session, d->dlci);
1291
1292 rfcomm_dlc_clear_timer(d);
1293
1294 rfcomm_dlc_lock(d);
1295 d->state = BT_CONNECTED;
1296 d->state_change(d, 0);
1297 rfcomm_dlc_unlock(d);
1298
1299 if (d->role_switch)
1300 hci_conn_switch_role(conn->hcon, 0x00);
1301
1302 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1303}
1304
1305static void rfcomm_check_accept(struct rfcomm_dlc *d)
1306{
1307 if (rfcomm_check_security(d)) {
1308 if (d->defer_setup) {
1309 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1310 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1311
1312 rfcomm_dlc_lock(d);
1313 d->state = BT_CONNECT2;
1314 d->state_change(d, 0);
1315 rfcomm_dlc_unlock(d);
1316 } else
1317 rfcomm_dlc_accept(d);
1318 } else {
1319 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1320 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1321 }
1322}
1323
1324static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1325{
1326 struct rfcomm_dlc *d;
1327 u8 channel;
1328
1329 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1330
1331 if (!dlci) {
1332 rfcomm_send_ua(s, 0);
1333
1334 if (s->state == BT_OPEN) {
1335 s->state = BT_CONNECTED;
1336 rfcomm_process_connect(s);
1337 }
1338 return 0;
1339 }
1340
1341
1342 d = rfcomm_dlc_get(s, dlci);
1343 if (d) {
1344 if (d->state == BT_OPEN) {
1345
1346 rfcomm_check_accept(d);
1347 }
1348 return 0;
1349 }
1350
1351
1352 channel = __srv_channel(dlci);
1353 if (rfcomm_connect_ind(s, channel, &d)) {
1354 d->dlci = dlci;
1355 d->addr = __addr(s->initiator, dlci);
1356 rfcomm_dlc_link(s, d);
1357
1358 rfcomm_check_accept(d);
1359 } else {
1360 rfcomm_send_dm(s, dlci);
1361 }
1362
1363 return 0;
1364}
1365
1366static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1367{
1368 struct rfcomm_session *s = d->session;
1369
1370 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1371 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1372
1373 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1374 pn->flow_ctrl == 0xe0) {
1375 d->cfc = RFCOMM_CFC_ENABLED;
1376 d->tx_credits = pn->credits;
1377 } else {
1378 d->cfc = RFCOMM_CFC_DISABLED;
1379 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1380 }
1381
1382 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1383 s->cfc = d->cfc;
1384
1385 d->priority = pn->priority;
1386
1387 d->mtu = __le16_to_cpu(pn->mtu);
1388
1389 if (cr && d->mtu > s->mtu)
1390 d->mtu = s->mtu;
1391
1392 return 0;
1393}
1394
1395static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1396{
1397 struct rfcomm_pn *pn = (void *) skb->data;
1398 struct rfcomm_dlc *d;
1399 u8 dlci = pn->dlci;
1400
1401 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1402
1403 if (!dlci)
1404 return 0;
1405
1406 d = rfcomm_dlc_get(s, dlci);
1407 if (d) {
1408 if (cr) {
1409
1410 rfcomm_apply_pn(d, cr, pn);
1411 rfcomm_send_pn(s, 0, d);
1412 } else {
1413
1414 switch (d->state) {
1415 case BT_CONFIG:
1416 rfcomm_apply_pn(d, cr, pn);
1417
1418 d->state = BT_CONNECT;
1419 rfcomm_send_sabm(s, d->dlci);
1420 break;
1421 }
1422 }
1423 } else {
1424 u8 channel = __srv_channel(dlci);
1425
1426 if (!cr)
1427 return 0;
1428
1429
1430
1431 if (rfcomm_connect_ind(s, channel, &d)) {
1432 d->dlci = dlci;
1433 d->addr = __addr(s->initiator, dlci);
1434 rfcomm_dlc_link(s, d);
1435
1436 rfcomm_apply_pn(d, cr, pn);
1437
1438 d->state = BT_OPEN;
1439 rfcomm_send_pn(s, 0, d);
1440 } else {
1441 rfcomm_send_dm(s, dlci);
1442 }
1443 }
1444 return 0;
1445}
1446
1447static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1448{
1449 struct rfcomm_rpn *rpn = (void *) skb->data;
1450 u8 dlci = __get_dlci(rpn->dlci);
1451
1452 u8 bit_rate = 0;
1453 u8 data_bits = 0;
1454 u8 stop_bits = 0;
1455 u8 parity = 0;
1456 u8 flow_ctrl = 0;
1457 u8 xon_char = 0;
1458 u8 xoff_char = 0;
1459 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1460
1461 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1462 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1463 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1464
1465 if (!cr)
1466 return 0;
1467
1468 if (len == 1) {
1469
1470 bit_rate = RFCOMM_RPN_BR_9600;
1471 data_bits = RFCOMM_RPN_DATA_8;
1472 stop_bits = RFCOMM_RPN_STOP_1;
1473 parity = RFCOMM_RPN_PARITY_NONE;
1474 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1475 xon_char = RFCOMM_RPN_XON_CHAR;
1476 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1477 goto rpn_out;
1478 }
1479
1480
1481
1482
1483 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1484 bit_rate = rpn->bit_rate;
1485 if (bit_rate > RFCOMM_RPN_BR_230400) {
1486 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1487 bit_rate = RFCOMM_RPN_BR_9600;
1488 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1489 }
1490 }
1491
1492 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
1493 data_bits = __get_rpn_data_bits(rpn->line_settings);
1494 if (data_bits != RFCOMM_RPN_DATA_8) {
1495 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1496 data_bits = RFCOMM_RPN_DATA_8;
1497 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1498 }
1499 }
1500
1501 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
1502 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1503 if (stop_bits != RFCOMM_RPN_STOP_1) {
1504 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1505 stop_bits = RFCOMM_RPN_STOP_1;
1506 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1507 }
1508 }
1509
1510 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
1511 parity = __get_rpn_parity(rpn->line_settings);
1512 if (parity != RFCOMM_RPN_PARITY_NONE) {
1513 BT_DBG("RPN parity mismatch 0x%x", parity);
1514 parity = RFCOMM_RPN_PARITY_NONE;
1515 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1516 }
1517 }
1518
1519 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
1520 flow_ctrl = rpn->flow_ctrl;
1521 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1522 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1523 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1524 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1525 }
1526 }
1527
1528 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
1529 xon_char = rpn->xon_char;
1530 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1531 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1532 xon_char = RFCOMM_RPN_XON_CHAR;
1533 rpn_mask ^= RFCOMM_RPN_PM_XON;
1534 }
1535 }
1536
1537 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
1538 xoff_char = rpn->xoff_char;
1539 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1540 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1541 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1542 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1543 }
1544 }
1545
1546rpn_out:
1547 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1548 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1549
1550 return 0;
1551}
1552
1553static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1554{
1555 struct rfcomm_rls *rls = (void *) skb->data;
1556 u8 dlci = __get_dlci(rls->dlci);
1557
1558 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1559
1560 if (!cr)
1561 return 0;
1562
1563
1564
1565
1566
1567 rfcomm_send_rls(s, 0, dlci, rls->status);
1568
1569 return 0;
1570}
1571
1572static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1573{
1574 struct rfcomm_msc *msc = (void *) skb->data;
1575 struct rfcomm_dlc *d;
1576 u8 dlci = __get_dlci(msc->dlci);
1577
1578 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1579
1580 d = rfcomm_dlc_get(s, dlci);
1581 if (!d)
1582 return 0;
1583
1584 if (cr) {
1585 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1586 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1587 else
1588 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1589
1590 rfcomm_dlc_lock(d);
1591
1592 d->remote_v24_sig = msc->v24_sig;
1593
1594 if (d->modem_status)
1595 d->modem_status(d, msc->v24_sig);
1596
1597 rfcomm_dlc_unlock(d);
1598
1599 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1600
1601 d->mscex |= RFCOMM_MSCEX_RX;
1602 } else
1603 d->mscex |= RFCOMM_MSCEX_TX;
1604
1605 return 0;
1606}
1607
1608static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1609{
1610 struct rfcomm_mcc *mcc = (void *) skb->data;
1611 u8 type, cr, len;
1612
1613 cr = __test_cr(mcc->type);
1614 type = __get_mcc_type(mcc->type);
1615 len = __get_mcc_len(mcc->len);
1616
1617 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1618
1619 skb_pull(skb, 2);
1620
1621 switch (type) {
1622 case RFCOMM_PN:
1623 rfcomm_recv_pn(s, cr, skb);
1624 break;
1625
1626 case RFCOMM_RPN:
1627 rfcomm_recv_rpn(s, cr, len, skb);
1628 break;
1629
1630 case RFCOMM_RLS:
1631 rfcomm_recv_rls(s, cr, skb);
1632 break;
1633
1634 case RFCOMM_MSC:
1635 rfcomm_recv_msc(s, cr, skb);
1636 break;
1637
1638 case RFCOMM_FCOFF:
1639 if (cr) {
1640 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1641 rfcomm_send_fcoff(s, 0);
1642 }
1643 break;
1644
1645 case RFCOMM_FCON:
1646 if (cr) {
1647 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1648 rfcomm_send_fcon(s, 0);
1649 }
1650 break;
1651
1652 case RFCOMM_TEST:
1653 if (cr)
1654 rfcomm_send_test(s, 0, skb->data, skb->len);
1655 break;
1656
1657 case RFCOMM_NSC:
1658 break;
1659
1660 default:
1661 BT_ERR("Unknown control type 0x%02x", type);
1662 rfcomm_send_nsc(s, cr, type);
1663 break;
1664 }
1665 return 0;
1666}
1667
1668static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1669{
1670 struct rfcomm_dlc *d;
1671
1672 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1673
1674 d = rfcomm_dlc_get(s, dlci);
1675 if (!d) {
1676 rfcomm_send_dm(s, dlci);
1677 goto drop;
1678 }
1679
1680 if (pf && d->cfc) {
1681 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1682
1683 d->tx_credits += credits;
1684 if (d->tx_credits)
1685 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1686 }
1687
1688 if (skb->len && d->state == BT_CONNECTED) {
1689 rfcomm_dlc_lock(d);
1690 d->rx_credits--;
1691 d->data_ready(d, skb);
1692 rfcomm_dlc_unlock(d);
1693 return 0;
1694 }
1695
1696drop:
1697 kfree_skb(skb);
1698 return 0;
1699}
1700
1701static struct rfcomm_session *rfcomm_recv_frame(struct rfcomm_session *s,
1702 struct sk_buff *skb)
1703{
1704 struct rfcomm_hdr *hdr = (void *) skb->data;
1705 u8 type, dlci, fcs;
1706
1707 if (!s) {
1708
1709 kfree_skb(skb);
1710 return s;
1711 }
1712
1713 dlci = __get_dlci(hdr->addr);
1714 type = __get_type(hdr->ctrl);
1715
1716
1717 skb->len--; skb->tail--;
1718 fcs = *(u8 *)skb_tail_pointer(skb);
1719
1720 if (__check_fcs(skb->data, type, fcs)) {
1721 BT_ERR("bad checksum in packet");
1722 kfree_skb(skb);
1723 return s;
1724 }
1725
1726 if (__test_ea(hdr->len))
1727 skb_pull(skb, 3);
1728 else
1729 skb_pull(skb, 4);
1730
1731 switch (type) {
1732 case RFCOMM_SABM:
1733 if (__test_pf(hdr->ctrl))
1734 rfcomm_recv_sabm(s, dlci);
1735 break;
1736
1737 case RFCOMM_DISC:
1738 if (__test_pf(hdr->ctrl))
1739 s = rfcomm_recv_disc(s, dlci);
1740 break;
1741
1742 case RFCOMM_UA:
1743 if (__test_pf(hdr->ctrl))
1744 s = rfcomm_recv_ua(s, dlci);
1745 break;
1746
1747 case RFCOMM_DM:
1748 s = rfcomm_recv_dm(s, dlci);
1749 break;
1750
1751 case RFCOMM_UIH:
1752 if (dlci) {
1753 rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1754 return s;
1755 }
1756 rfcomm_recv_mcc(s, skb);
1757 break;
1758
1759 default:
1760 BT_ERR("Unknown packet type 0x%02x", type);
1761 break;
1762 }
1763 kfree_skb(skb);
1764 return s;
1765}
1766
1767
1768
1769static void rfcomm_process_connect(struct rfcomm_session *s)
1770{
1771 struct rfcomm_dlc *d, *n;
1772
1773 BT_DBG("session %p state %ld", s, s->state);
1774
1775 list_for_each_entry_safe(d, n, &s->dlcs, list) {
1776 if (d->state == BT_CONFIG) {
1777 d->mtu = s->mtu;
1778 if (rfcomm_check_security(d)) {
1779 rfcomm_send_pn(s, 1, d);
1780 } else {
1781 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1782 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1783 }
1784 }
1785 }
1786}
1787
1788
1789
1790
1791static int rfcomm_process_tx(struct rfcomm_dlc *d)
1792{
1793 struct sk_buff *skb;
1794 int err;
1795
1796 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1797 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1798
1799
1800 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1801 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1802
1803 if (d->cfc) {
1804
1805
1806 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1807 d->rx_credits <= (d->cfc >> 2)) {
1808 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1809 d->rx_credits = d->cfc;
1810 }
1811 } else {
1812
1813
1814 d->tx_credits = 5;
1815 }
1816
1817 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1818 return skb_queue_len(&d->tx_queue);
1819
1820 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1821 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1822 if (err < 0) {
1823 skb_queue_head(&d->tx_queue, skb);
1824 break;
1825 }
1826 kfree_skb(skb);
1827 d->tx_credits--;
1828 }
1829
1830 if (d->cfc && !d->tx_credits) {
1831
1832
1833 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1834 }
1835
1836 return skb_queue_len(&d->tx_queue);
1837}
1838
1839static void rfcomm_process_dlcs(struct rfcomm_session *s)
1840{
1841 struct rfcomm_dlc *d, *n;
1842
1843 BT_DBG("session %p state %ld", s, s->state);
1844
1845 list_for_each_entry_safe(d, n, &s->dlcs, list) {
1846 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1847 __rfcomm_dlc_close(d, ETIMEDOUT);
1848 continue;
1849 }
1850
1851 if (test_bit(RFCOMM_ENC_DROP, &d->flags)) {
1852 __rfcomm_dlc_close(d, ECONNREFUSED);
1853 continue;
1854 }
1855
1856 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1857 rfcomm_dlc_clear_timer(d);
1858 if (d->out) {
1859 rfcomm_send_pn(s, 1, d);
1860 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
1861 } else {
1862 if (d->defer_setup) {
1863 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1864 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1865
1866 rfcomm_dlc_lock(d);
1867 d->state = BT_CONNECT2;
1868 d->state_change(d, 0);
1869 rfcomm_dlc_unlock(d);
1870 } else
1871 rfcomm_dlc_accept(d);
1872 }
1873 continue;
1874 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1875 rfcomm_dlc_clear_timer(d);
1876 if (!d->out)
1877 rfcomm_send_dm(s, d->dlci);
1878 else
1879 d->state = BT_CLOSED;
1880 __rfcomm_dlc_close(d, ECONNREFUSED);
1881 continue;
1882 }
1883
1884 if (test_bit(RFCOMM_SEC_PENDING, &d->flags))
1885 continue;
1886
1887 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1888 continue;
1889
1890 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1891 d->mscex == RFCOMM_MSCEX_OK)
1892 rfcomm_process_tx(d);
1893 }
1894}
1895
1896static struct rfcomm_session *rfcomm_process_rx(struct rfcomm_session *s)
1897{
1898 struct socket *sock = s->sock;
1899 struct sock *sk = sock->sk;
1900 struct sk_buff *skb;
1901
1902 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1903
1904
1905 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1906 skb_orphan(skb);
1907 if (!skb_linearize(skb)) {
1908 s = rfcomm_recv_frame(s, skb);
1909 if (!s)
1910 break;
1911 } else {
1912 kfree_skb(skb);
1913 }
1914 }
1915
1916 if (s && (sk->sk_state == BT_CLOSED))
1917 s = rfcomm_session_close(s, sk->sk_err);
1918
1919 return s;
1920}
1921
1922static void rfcomm_accept_connection(struct rfcomm_session *s)
1923{
1924 struct socket *sock = s->sock, *nsock;
1925 int err;
1926
1927
1928
1929 if (list_empty(&bt_sk(sock->sk)->accept_q))
1930 return;
1931
1932 BT_DBG("session %p", s);
1933
1934 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1935 if (err < 0)
1936 return;
1937
1938
1939 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1940 nsock->sk->sk_state_change = rfcomm_l2state_change;
1941
1942 s = rfcomm_session_add(nsock, BT_OPEN);
1943 if (s) {
1944
1945
1946 s->mtu = min(l2cap_pi(nsock->sk)->chan->omtu,
1947 l2cap_pi(nsock->sk)->chan->imtu) - 5;
1948
1949 rfcomm_schedule();
1950 } else
1951 sock_release(nsock);
1952}
1953
1954static struct rfcomm_session *rfcomm_check_connection(struct rfcomm_session *s)
1955{
1956 struct sock *sk = s->sock->sk;
1957
1958 BT_DBG("%p state %ld", s, s->state);
1959
1960 switch (sk->sk_state) {
1961 case BT_CONNECTED:
1962 s->state = BT_CONNECT;
1963
1964
1965
1966 s->mtu = min(l2cap_pi(sk)->chan->omtu, l2cap_pi(sk)->chan->imtu) - 5;
1967
1968 rfcomm_send_sabm(s, 0);
1969 break;
1970
1971 case BT_CLOSED:
1972 s = rfcomm_session_close(s, sk->sk_err);
1973 break;
1974 }
1975 return s;
1976}
1977
1978static void rfcomm_process_sessions(void)
1979{
1980 struct rfcomm_session *s, *n;
1981
1982 rfcomm_lock();
1983
1984 list_for_each_entry_safe(s, n, &session_list, list) {
1985 if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) {
1986 s->state = BT_DISCONN;
1987 rfcomm_send_disc(s, 0);
1988 continue;
1989 }
1990
1991 switch (s->state) {
1992 case BT_LISTEN:
1993 rfcomm_accept_connection(s);
1994 continue;
1995
1996 case BT_BOUND:
1997 s = rfcomm_check_connection(s);
1998 break;
1999
2000 default:
2001 s = rfcomm_process_rx(s);
2002 break;
2003 }
2004
2005 if (s)
2006 rfcomm_process_dlcs(s);
2007 }
2008
2009 rfcomm_unlock();
2010}
2011
2012static int rfcomm_add_listener(bdaddr_t *ba)
2013{
2014 struct sockaddr_l2 addr;
2015 struct socket *sock;
2016 struct sock *sk;
2017 struct rfcomm_session *s;
2018 int err = 0;
2019
2020
2021 err = rfcomm_l2sock_create(&sock);
2022 if (err < 0) {
2023 BT_ERR("Create socket failed %d", err);
2024 return err;
2025 }
2026
2027
2028 bacpy(&addr.l2_bdaddr, ba);
2029 addr.l2_family = AF_BLUETOOTH;
2030 addr.l2_psm = cpu_to_le16(L2CAP_PSM_RFCOMM);
2031 addr.l2_cid = 0;
2032 addr.l2_bdaddr_type = BDADDR_BREDR;
2033 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
2034 if (err < 0) {
2035 BT_ERR("Bind failed %d", err);
2036 goto failed;
2037 }
2038
2039
2040 sk = sock->sk;
2041 lock_sock(sk);
2042 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
2043 release_sock(sk);
2044
2045
2046 err = kernel_listen(sock, 10);
2047 if (err) {
2048 BT_ERR("Listen failed %d", err);
2049 goto failed;
2050 }
2051
2052
2053 s = rfcomm_session_add(sock, BT_LISTEN);
2054 if (!s) {
2055 err = -ENOMEM;
2056 goto failed;
2057 }
2058
2059 return 0;
2060failed:
2061 sock_release(sock);
2062 return err;
2063}
2064
2065static void rfcomm_kill_listener(void)
2066{
2067 struct rfcomm_session *s, *n;
2068
2069 BT_DBG("");
2070
2071 list_for_each_entry_safe(s, n, &session_list, list)
2072 rfcomm_session_del(s);
2073}
2074
2075static int rfcomm_run(void *unused)
2076{
2077 DEFINE_WAIT_FUNC(wait, woken_wake_function);
2078 BT_DBG("");
2079
2080 set_user_nice(current, -10);
2081
2082 rfcomm_add_listener(BDADDR_ANY);
2083
2084 add_wait_queue(&rfcomm_wq, &wait);
2085 while (!kthread_should_stop()) {
2086
2087
2088 rfcomm_process_sessions();
2089
2090 wait_woken(&wait, TASK_INTERRUPTIBLE, MAX_SCHEDULE_TIMEOUT);
2091 }
2092 remove_wait_queue(&rfcomm_wq, &wait);
2093
2094 rfcomm_kill_listener();
2095
2096 return 0;
2097}
2098
2099static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
2100{
2101 struct rfcomm_session *s;
2102 struct rfcomm_dlc *d, *n;
2103
2104 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
2105
2106 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
2107 if (!s)
2108 return;
2109
2110 list_for_each_entry_safe(d, n, &s->dlcs, list) {
2111 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) {
2112 rfcomm_dlc_clear_timer(d);
2113 if (status || encrypt == 0x00) {
2114 set_bit(RFCOMM_ENC_DROP, &d->flags);
2115 continue;
2116 }
2117 }
2118
2119 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) {
2120 if (d->sec_level == BT_SECURITY_MEDIUM) {
2121 set_bit(RFCOMM_SEC_PENDING, &d->flags);
2122 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
2123 continue;
2124 } else if (d->sec_level == BT_SECURITY_HIGH ||
2125 d->sec_level == BT_SECURITY_FIPS) {
2126 set_bit(RFCOMM_ENC_DROP, &d->flags);
2127 continue;
2128 }
2129 }
2130
2131 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2132 continue;
2133
2134 if (!status && hci_conn_check_secure(conn, d->sec_level))
2135 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2136 else
2137 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2138 }
2139
2140 rfcomm_schedule();
2141}
2142
2143static struct hci_cb rfcomm_cb = {
2144 .name = "RFCOMM",
2145 .security_cfm = rfcomm_security_cfm
2146};
2147
2148static int rfcomm_dlc_debugfs_show(struct seq_file *f, void *x)
2149{
2150 struct rfcomm_session *s;
2151
2152 rfcomm_lock();
2153
2154 list_for_each_entry(s, &session_list, list) {
2155 struct l2cap_chan *chan = l2cap_pi(s->sock->sk)->chan;
2156 struct rfcomm_dlc *d;
2157 list_for_each_entry(d, &s->dlcs, list) {
2158 seq_printf(f, "%pMR %pMR %ld %d %d %d %d\n",
2159 &chan->src, &chan->dst,
2160 d->state, d->dlci, d->mtu,
2161 d->rx_credits, d->tx_credits);
2162 }
2163 }
2164
2165 rfcomm_unlock();
2166
2167 return 0;
2168}
2169
2170DEFINE_SHOW_ATTRIBUTE(rfcomm_dlc_debugfs);
2171
2172static struct dentry *rfcomm_dlc_debugfs;
2173
2174
2175static int __init rfcomm_init(void)
2176{
2177 int err;
2178
2179 hci_register_cb(&rfcomm_cb);
2180
2181 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2182 if (IS_ERR(rfcomm_thread)) {
2183 err = PTR_ERR(rfcomm_thread);
2184 goto unregister;
2185 }
2186
2187 err = rfcomm_init_ttys();
2188 if (err < 0)
2189 goto stop;
2190
2191 err = rfcomm_init_sockets();
2192 if (err < 0)
2193 goto cleanup;
2194
2195 BT_INFO("RFCOMM ver %s", VERSION);
2196
2197 if (IS_ERR_OR_NULL(bt_debugfs))
2198 return 0;
2199
2200 rfcomm_dlc_debugfs = debugfs_create_file("rfcomm_dlc", 0444,
2201 bt_debugfs, NULL,
2202 &rfcomm_dlc_debugfs_fops);
2203
2204 return 0;
2205
2206cleanup:
2207 rfcomm_cleanup_ttys();
2208
2209stop:
2210 kthread_stop(rfcomm_thread);
2211
2212unregister:
2213 hci_unregister_cb(&rfcomm_cb);
2214
2215 return err;
2216}
2217
2218static void __exit rfcomm_exit(void)
2219{
2220 debugfs_remove(rfcomm_dlc_debugfs);
2221
2222 hci_unregister_cb(&rfcomm_cb);
2223
2224 kthread_stop(rfcomm_thread);
2225
2226 rfcomm_cleanup_ttys();
2227
2228 rfcomm_cleanup_sockets();
2229}
2230
2231module_init(rfcomm_init);
2232module_exit(rfcomm_exit);
2233
2234module_param(disable_cfc, bool, 0644);
2235MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2236
2237module_param(channel_mtu, int, 0644);
2238MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2239
2240module_param(l2cap_mtu, uint, 0644);
2241MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2242
2243module_param(l2cap_ertm, bool, 0644);
2244MODULE_PARM_DESC(l2cap_ertm, "Use L2CAP ERTM mode for connection");
2245
2246MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2247MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2248MODULE_VERSION(VERSION);
2249MODULE_LICENSE("GPL");
2250MODULE_ALIAS("bt-proto-3");
2251
