1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28#include <linux/module.h>
29#include <linux/debugfs.h>
30#include <linux/kthread.h>
31#include <asm/unaligned.h>
32
33#include <net/bluetooth/bluetooth.h>
34#include <net/bluetooth/hci_core.h>
35#include <net/bluetooth/l2cap.h>
36#include <net/bluetooth/rfcomm.h>
37
38#define VERSION "1.11"
39
40static bool disable_cfc;
41static bool l2cap_ertm;
42static int channel_mtu = -1;
43static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
44
45static struct task_struct *rfcomm_thread;
46
47static DEFINE_MUTEX(rfcomm_mutex);
48#define rfcomm_lock() mutex_lock(&rfcomm_mutex)
49#define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
50
51
52static LIST_HEAD(session_list);
53
54static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
55static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
56static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
57static int rfcomm_queue_disc(struct rfcomm_dlc *d);
58static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
59static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
60static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
61static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
62static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
63static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
64
65static void rfcomm_process_connect(struct rfcomm_session *s);
66
67static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
68 bdaddr_t *dst,
69 u8 sec_level,
70 int *err);
71static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
72static struct rfcomm_session *rfcomm_session_del(struct rfcomm_session *s);
73
74
75#define __get_dlci(b) ((b & 0xfc) >> 2)
76#define __get_channel(b) ((b & 0xf8) >> 3)
77#define __get_dir(b) ((b & 0x04) >> 2)
78#define __get_type(b) ((b & 0xef))
79
80#define __test_ea(b) ((b & 0x01))
81#define __test_cr(b) (!!(b & 0x02))
82#define __test_pf(b) (!!(b & 0x10))
83
84#define __session_dir(s) ((s)->initiator ? 0x00 : 0x01)
85
86#define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
87#define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
88#define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
89#define __srv_channel(dlci) (dlci >> 1)
90#define __dir(dlci) (dlci & 0x01)
91
92#define __len8(len) (((len) << 1) | 1)
93#define __len16(len) ((len) << 1)
94
95
96#define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
97#define __get_mcc_type(b) ((b & 0xfc) >> 2)
98#define __get_mcc_len(b) ((b & 0xfe) >> 1)
99
100
101#define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
102#define __get_rpn_data_bits(line) ((line) & 0x3)
103#define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
104#define __get_rpn_parity(line) (((line) >> 3) & 0x7)
105
106static DECLARE_WAIT_QUEUE_HEAD(rfcomm_wq);
107
108static void rfcomm_schedule(void)
109{
110 wake_up_all(&rfcomm_wq);
111}
112
113
114
115
116static unsigned char rfcomm_crc_table[256] = {
117 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
118 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
119 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
120 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
121
122 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
123 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
124 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
125 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
126
127 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
128 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
129 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
130 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
131
132 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
133 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
134 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
135 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
136
137 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
138 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
139 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
140 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
141
142 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
143 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
144 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
145 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
146
147 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
148 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
149 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
150 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
151
152 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
153 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
154 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
155 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
156};
157
158
159#define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
160
161
162static inline u8 __fcs(u8 *data)
163{
164 return 0xff - __crc(data);
165}
166
167
168static inline u8 __fcs2(u8 *data)
169{
170 return 0xff - rfcomm_crc_table[__crc(data) ^ data[2]];
171}
172
173
174static inline int __check_fcs(u8 *data, int type, u8 fcs)
175{
176 u8 f = __crc(data);
177
178 if (type != RFCOMM_UIH)
179 f = rfcomm_crc_table[f ^ data[2]];
180
181 return rfcomm_crc_table[f ^ fcs] != 0xcf;
182}
183
184
185static void rfcomm_l2state_change(struct sock *sk)
186{
187 BT_DBG("%p state %d", sk, sk->sk_state);
188 rfcomm_schedule();
189}
190
191static void rfcomm_l2data_ready(struct sock *sk)
192{
193 BT_DBG("%p", sk);
194 rfcomm_schedule();
195}
196
197static int rfcomm_l2sock_create(struct socket **sock)
198{
199 int err;
200
201 BT_DBG("");
202
203 err = sock_create_kern(&init_net, PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
204 if (!err) {
205 struct sock *sk = (*sock)->sk;
206 sk->sk_data_ready = rfcomm_l2data_ready;
207 sk->sk_state_change = rfcomm_l2state_change;
208 }
209 return err;
210}
211
212static int rfcomm_check_security(struct rfcomm_dlc *d)
213{
214 struct sock *sk = d->session->sock->sk;
215 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
216
217 __u8 auth_type;
218
219 switch (d->sec_level) {
220 case BT_SECURITY_HIGH:
221 case BT_SECURITY_FIPS:
222 auth_type = HCI_AT_GENERAL_BONDING_MITM;
223 break;
224 case BT_SECURITY_MEDIUM:
225 auth_type = HCI_AT_GENERAL_BONDING;
226 break;
227 default:
228 auth_type = HCI_AT_NO_BONDING;
229 break;
230 }
231
232 return hci_conn_security(conn->hcon, d->sec_level, auth_type,
233 d->out);
234}
235
236static void rfcomm_session_timeout(unsigned long arg)
237{
238 struct rfcomm_session *s = (void *) arg;
239
240 BT_DBG("session %p state %ld", s, s->state);
241
242 set_bit(RFCOMM_TIMED_OUT, &s->flags);
243 rfcomm_schedule();
244}
245
246static void rfcomm_session_set_timer(struct rfcomm_session *s, long timeout)
247{
248 BT_DBG("session %p state %ld timeout %ld", s, s->state, timeout);
249
250 mod_timer(&s->timer, jiffies + timeout);
251}
252
253static void rfcomm_session_clear_timer(struct rfcomm_session *s)
254{
255 BT_DBG("session %p state %ld", s, s->state);
256
257 del_timer_sync(&s->timer);
258}
259
260
261static void rfcomm_dlc_timeout(unsigned long arg)
262{
263 struct rfcomm_dlc *d = (void *) arg;
264
265 BT_DBG("dlc %p state %ld", d, d->state);
266
267 set_bit(RFCOMM_TIMED_OUT, &d->flags);
268 rfcomm_dlc_put(d);
269 rfcomm_schedule();
270}
271
272static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
273{
274 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
275
276 if (!mod_timer(&d->timer, jiffies + timeout))
277 rfcomm_dlc_hold(d);
278}
279
280static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
281{
282 BT_DBG("dlc %p state %ld", d, d->state);
283
284 if (del_timer(&d->timer))
285 rfcomm_dlc_put(d);
286}
287
288static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
289{
290 BT_DBG("%p", d);
291
292 d->state = BT_OPEN;
293 d->flags = 0;
294 d->mscex = 0;
295 d->sec_level = BT_SECURITY_LOW;
296 d->mtu = RFCOMM_DEFAULT_MTU;
297 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
298
299 d->cfc = RFCOMM_CFC_DISABLED;
300 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
301}
302
303struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
304{
305 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
306
307 if (!d)
308 return NULL;
309
310 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d);
311
312 skb_queue_head_init(&d->tx_queue);
313 mutex_init(&d->lock);
314 atomic_set(&d->refcnt, 1);
315
316 rfcomm_dlc_clear_state(d);
317
318 BT_DBG("%p", d);
319
320 return d;
321}
322
323void rfcomm_dlc_free(struct rfcomm_dlc *d)
324{
325 BT_DBG("%p", d);
326
327 skb_queue_purge(&d->tx_queue);
328 kfree(d);
329}
330
331static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
332{
333 BT_DBG("dlc %p session %p", d, s);
334
335 rfcomm_session_clear_timer(s);
336 rfcomm_dlc_hold(d);
337 list_add(&d->list, &s->dlcs);
338 d->session = s;
339}
340
341static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
342{
343 struct rfcomm_session *s = d->session;
344
345 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
346
347 list_del(&d->list);
348 d->session = NULL;
349 rfcomm_dlc_put(d);
350
351 if (list_empty(&s->dlcs))
352 rfcomm_session_set_timer(s, RFCOMM_IDLE_TIMEOUT);
353}
354
355static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
356{
357 struct rfcomm_dlc *d;
358
359 list_for_each_entry(d, &s->dlcs, list)
360 if (d->dlci == dlci)
361 return d;
362
363 return NULL;
364}
365
366static int rfcomm_check_channel(u8 channel)
367{
368 return channel < 1 || channel > 30;
369}
370
371static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
372{
373 struct rfcomm_session *s;
374 int err = 0;
375 u8 dlci;
376
377 BT_DBG("dlc %p state %ld %pMR -> %pMR channel %d",
378 d, d->state, src, dst, channel);
379
380 if (rfcomm_check_channel(channel))
381 return -EINVAL;
382
383 if (d->state != BT_OPEN && d->state != BT_CLOSED)
384 return 0;
385
386 s = rfcomm_session_get(src, dst);
387 if (!s) {
388 s = rfcomm_session_create(src, dst, d->sec_level, &err);
389 if (!s)
390 return err;
391 }
392
393 dlci = __dlci(__session_dir(s), channel);
394
395
396 if (rfcomm_dlc_get(s, dlci))
397 return -EBUSY;
398
399 rfcomm_dlc_clear_state(d);
400
401 d->dlci = dlci;
402 d->addr = __addr(s->initiator, dlci);
403 d->priority = 7;
404
405 d->state = BT_CONFIG;
406 rfcomm_dlc_link(s, d);
407
408 d->out = 1;
409
410 d->mtu = s->mtu;
411 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
412
413 if (s->state == BT_CONNECTED) {
414 if (rfcomm_check_security(d))
415 rfcomm_send_pn(s, 1, d);
416 else
417 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
418 }
419
420 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
421
422 return 0;
423}
424
425int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
426{
427 int r;
428
429 rfcomm_lock();
430
431 r = __rfcomm_dlc_open(d, src, dst, channel);
432
433 rfcomm_unlock();
434 return r;
435}
436
437static void __rfcomm_dlc_disconn(struct rfcomm_dlc *d)
438{
439 struct rfcomm_session *s = d->session;
440
441 d->state = BT_DISCONN;
442 if (skb_queue_empty(&d->tx_queue)) {
443 rfcomm_send_disc(s, d->dlci);
444 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
445 } else {
446 rfcomm_queue_disc(d);
447 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
448 }
449}
450
451static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
452{
453 struct rfcomm_session *s = d->session;
454 if (!s)
455 return 0;
456
457 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
458 d, d->state, d->dlci, err, s);
459
460 switch (d->state) {
461 case BT_CONNECT:
462 case BT_CONFIG:
463 case BT_OPEN:
464 case BT_CONNECT2:
465 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
466 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
467 rfcomm_schedule();
468 return 0;
469 }
470 }
471
472 switch (d->state) {
473 case BT_CONNECT:
474 case BT_CONNECTED:
475 __rfcomm_dlc_disconn(d);
476 break;
477
478 case BT_CONFIG:
479 if (s->state != BT_BOUND) {
480 __rfcomm_dlc_disconn(d);
481 break;
482 }
483
484
485
486
487 default:
488 rfcomm_dlc_clear_timer(d);
489
490 rfcomm_dlc_lock(d);
491 d->state = BT_CLOSED;
492 d->state_change(d, err);
493 rfcomm_dlc_unlock(d);
494
495 skb_queue_purge(&d->tx_queue);
496 rfcomm_dlc_unlink(d);
497 }
498
499 return 0;
500}
501
502int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
503{
504 int r = 0;
505 struct rfcomm_dlc *d_list;
506 struct rfcomm_session *s, *s_list;
507
508 BT_DBG("dlc %p state %ld dlci %d err %d", d, d->state, d->dlci, err);
509
510 rfcomm_lock();
511
512 s = d->session;
513 if (!s)
514 goto no_session;
515
516
517
518
519 list_for_each_entry(s_list, &session_list, list) {
520 if (s_list == s) {
521 list_for_each_entry(d_list, &s->dlcs, list) {
522 if (d_list == d) {
523 r = __rfcomm_dlc_close(d, err);
524 break;
525 }
526 }
527 break;
528 }
529 }
530
531no_session:
532 rfcomm_unlock();
533 return r;
534}
535
536struct rfcomm_dlc *rfcomm_dlc_exists(bdaddr_t *src, bdaddr_t *dst, u8 channel)
537{
538 struct rfcomm_session *s;
539 struct rfcomm_dlc *dlc = NULL;
540 u8 dlci;
541
542 if (rfcomm_check_channel(channel))
543 return ERR_PTR(-EINVAL);
544
545 rfcomm_lock();
546 s = rfcomm_session_get(src, dst);
547 if (s) {
548 dlci = __dlci(__session_dir(s), channel);
549 dlc = rfcomm_dlc_get(s, dlci);
550 }
551 rfcomm_unlock();
552 return dlc;
553}
554
555int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
556{
557 int len = skb->len;
558
559 if (d->state != BT_CONNECTED)
560 return -ENOTCONN;
561
562 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
563
564 if (len > d->mtu)
565 return -EINVAL;
566
567 rfcomm_make_uih(skb, d->addr);
568 skb_queue_tail(&d->tx_queue, skb);
569
570 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
571 rfcomm_schedule();
572 return len;
573}
574
575void rfcomm_dlc_send_noerror(struct rfcomm_dlc *d, struct sk_buff *skb)
576{
577 int len = skb->len;
578
579 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
580
581 rfcomm_make_uih(skb, d->addr);
582 skb_queue_tail(&d->tx_queue, skb);
583
584 if (d->state == BT_CONNECTED &&
585 !test_bit(RFCOMM_TX_THROTTLED, &d->flags))
586 rfcomm_schedule();
587}
588
589void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
590{
591 BT_DBG("dlc %p state %ld", d, d->state);
592
593 if (!d->cfc) {
594 d->v24_sig |= RFCOMM_V24_FC;
595 set_bit(RFCOMM_MSC_PENDING, &d->flags);
596 }
597 rfcomm_schedule();
598}
599
600void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
601{
602 BT_DBG("dlc %p state %ld", d, d->state);
603
604 if (!d->cfc) {
605 d->v24_sig &= ~RFCOMM_V24_FC;
606 set_bit(RFCOMM_MSC_PENDING, &d->flags);
607 }
608 rfcomm_schedule();
609}
610
611
612
613
614
615
616int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
617{
618 BT_DBG("dlc %p state %ld v24_sig 0x%x",
619 d, d->state, v24_sig);
620
621 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
622 v24_sig |= RFCOMM_V24_FC;
623 else
624 v24_sig &= ~RFCOMM_V24_FC;
625
626 d->v24_sig = v24_sig;
627
628 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
629 rfcomm_schedule();
630
631 return 0;
632}
633
634int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
635{
636 BT_DBG("dlc %p state %ld v24_sig 0x%x",
637 d, d->state, d->v24_sig);
638
639 *v24_sig = d->v24_sig;
640 return 0;
641}
642
643
644static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
645{
646 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
647
648 if (!s)
649 return NULL;
650
651 BT_DBG("session %p sock %p", s, sock);
652
653 setup_timer(&s->timer, rfcomm_session_timeout, (unsigned long) s);
654
655 INIT_LIST_HEAD(&s->dlcs);
656 s->state = state;
657 s->sock = sock;
658
659 s->mtu = RFCOMM_DEFAULT_MTU;
660 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
661
662
663
664 if (state != BT_LISTEN)
665 if (!try_module_get(THIS_MODULE)) {
666 kfree(s);
667 return NULL;
668 }
669
670 list_add(&s->list, &session_list);
671
672 return s;
673}
674
675static struct rfcomm_session *rfcomm_session_del(struct rfcomm_session *s)
676{
677 int state = s->state;
678
679 BT_DBG("session %p state %ld", s, s->state);
680
681 list_del(&s->list);
682
683 rfcomm_session_clear_timer(s);
684 sock_release(s->sock);
685 kfree(s);
686
687 if (state != BT_LISTEN)
688 module_put(THIS_MODULE);
689
690 return NULL;
691}
692
693static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
694{
695 struct rfcomm_session *s, *n;
696 struct l2cap_chan *chan;
697 list_for_each_entry_safe(s, n, &session_list, list) {
698 chan = l2cap_pi(s->sock->sk)->chan;
699
700 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&chan->src, src)) &&
701 !bacmp(&chan->dst, dst))
702 return s;
703 }
704 return NULL;
705}
706
707static struct rfcomm_session *rfcomm_session_close(struct rfcomm_session *s,
708 int err)
709{
710 struct rfcomm_dlc *d, *n;
711
712 s->state = BT_CLOSED;
713
714 BT_DBG("session %p state %ld err %d", s, s->state, err);
715
716
717 list_for_each_entry_safe(d, n, &s->dlcs, list) {
718 d->state = BT_CLOSED;
719 __rfcomm_dlc_close(d, err);
720 }
721
722 rfcomm_session_clear_timer(s);
723 return rfcomm_session_del(s);
724}
725
726static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
727 bdaddr_t *dst,
728 u8 sec_level,
729 int *err)
730{
731 struct rfcomm_session *s = NULL;
732 struct sockaddr_l2 addr;
733 struct socket *sock;
734 struct sock *sk;
735
736 BT_DBG("%pMR -> %pMR", src, dst);
737
738 *err = rfcomm_l2sock_create(&sock);
739 if (*err < 0)
740 return NULL;
741
742 bacpy(&addr.l2_bdaddr, src);
743 addr.l2_family = AF_BLUETOOTH;
744 addr.l2_psm = 0;
745 addr.l2_cid = 0;
746 addr.l2_bdaddr_type = BDADDR_BREDR;
747 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
748 if (*err < 0)
749 goto failed;
750
751
752 sk = sock->sk;
753 lock_sock(sk);
754 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
755 l2cap_pi(sk)->chan->sec_level = sec_level;
756 if (l2cap_ertm)
757 l2cap_pi(sk)->chan->mode = L2CAP_MODE_ERTM;
758 release_sock(sk);
759
760 s = rfcomm_session_add(sock, BT_BOUND);
761 if (!s) {
762 *err = -ENOMEM;
763 goto failed;
764 }
765
766 s->initiator = 1;
767
768 bacpy(&addr.l2_bdaddr, dst);
769 addr.l2_family = AF_BLUETOOTH;
770 addr.l2_psm = cpu_to_le16(L2CAP_PSM_RFCOMM);
771 addr.l2_cid = 0;
772 addr.l2_bdaddr_type = BDADDR_BREDR;
773 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
774 if (*err == 0 || *err == -EINPROGRESS)
775 return s;
776
777 return rfcomm_session_del(s);
778
779failed:
780 sock_release(sock);
781 return NULL;
782}
783
784void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
785{
786 struct l2cap_chan *chan = l2cap_pi(s->sock->sk)->chan;
787 if (src)
788 bacpy(src, &chan->src);
789 if (dst)
790 bacpy(dst, &chan->dst);
791}
792
793
794static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
795{
796 struct kvec iv = { data, len };
797 struct msghdr msg;
798
799 BT_DBG("session %p len %d", s, len);
800
801 memset(&msg, 0, sizeof(msg));
802
803 return kernel_sendmsg(s->sock, &msg, &iv, 1, len);
804}
805
806static int rfcomm_send_cmd(struct rfcomm_session *s, struct rfcomm_cmd *cmd)
807{
808 BT_DBG("%p cmd %u", s, cmd->ctrl);
809
810 return rfcomm_send_frame(s, (void *) cmd, sizeof(*cmd));
811}
812
813static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
814{
815 struct rfcomm_cmd cmd;
816
817 BT_DBG("%p dlci %d", s, dlci);
818
819 cmd.addr = __addr(s->initiator, dlci);
820 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
821 cmd.len = __len8(0);
822 cmd.fcs = __fcs2((u8 *) &cmd);
823
824 return rfcomm_send_cmd(s, &cmd);
825}
826
827static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
828{
829 struct rfcomm_cmd cmd;
830
831 BT_DBG("%p dlci %d", s, dlci);
832
833 cmd.addr = __addr(!s->initiator, dlci);
834 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
835 cmd.len = __len8(0);
836 cmd.fcs = __fcs2((u8 *) &cmd);
837
838 return rfcomm_send_cmd(s, &cmd);
839}
840
841static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
842{
843 struct rfcomm_cmd cmd;
844
845 BT_DBG("%p dlci %d", s, dlci);
846
847 cmd.addr = __addr(s->initiator, dlci);
848 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
849 cmd.len = __len8(0);
850 cmd.fcs = __fcs2((u8 *) &cmd);
851
852 return rfcomm_send_cmd(s, &cmd);
853}
854
855static int rfcomm_queue_disc(struct rfcomm_dlc *d)
856{
857 struct rfcomm_cmd *cmd;
858 struct sk_buff *skb;
859
860 BT_DBG("dlc %p dlci %d", d, d->dlci);
861
862 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
863 if (!skb)
864 return -ENOMEM;
865
866 cmd = (void *) __skb_put(skb, sizeof(*cmd));
867 cmd->addr = d->addr;
868 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
869 cmd->len = __len8(0);
870 cmd->fcs = __fcs2((u8 *) cmd);
871
872 skb_queue_tail(&d->tx_queue, skb);
873 rfcomm_schedule();
874 return 0;
875}
876
877static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
878{
879 struct rfcomm_cmd cmd;
880
881 BT_DBG("%p dlci %d", s, dlci);
882
883 cmd.addr = __addr(!s->initiator, dlci);
884 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
885 cmd.len = __len8(0);
886 cmd.fcs = __fcs2((u8 *) &cmd);
887
888 return rfcomm_send_cmd(s, &cmd);
889}
890
891static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
892{
893 struct rfcomm_hdr *hdr;
894 struct rfcomm_mcc *mcc;
895 u8 buf[16], *ptr = buf;
896
897 BT_DBG("%p cr %d type %d", s, cr, type);
898
899 hdr = (void *) ptr; ptr += sizeof(*hdr);
900 hdr->addr = __addr(s->initiator, 0);
901 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
902 hdr->len = __len8(sizeof(*mcc) + 1);
903
904 mcc = (void *) ptr; ptr += sizeof(*mcc);
905 mcc->type = __mcc_type(0, RFCOMM_NSC);
906 mcc->len = __len8(1);
907
908
909 *ptr = __mcc_type(cr, type); ptr++;
910
911 *ptr = __fcs(buf); ptr++;
912
913 return rfcomm_send_frame(s, buf, ptr - buf);
914}
915
916static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
917{
918 struct rfcomm_hdr *hdr;
919 struct rfcomm_mcc *mcc;
920 struct rfcomm_pn *pn;
921 u8 buf[16], *ptr = buf;
922
923 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
924
925 hdr = (void *) ptr; ptr += sizeof(*hdr);
926 hdr->addr = __addr(s->initiator, 0);
927 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
928 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
929
930 mcc = (void *) ptr; ptr += sizeof(*mcc);
931 mcc->type = __mcc_type(cr, RFCOMM_PN);
932 mcc->len = __len8(sizeof(*pn));
933
934 pn = (void *) ptr; ptr += sizeof(*pn);
935 pn->dlci = d->dlci;
936 pn->priority = d->priority;
937 pn->ack_timer = 0;
938 pn->max_retrans = 0;
939
940 if (s->cfc) {
941 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
942 pn->credits = RFCOMM_DEFAULT_CREDITS;
943 } else {
944 pn->flow_ctrl = 0;
945 pn->credits = 0;
946 }
947
948 if (cr && channel_mtu >= 0)
949 pn->mtu = cpu_to_le16(channel_mtu);
950 else
951 pn->mtu = cpu_to_le16(d->mtu);
952
953 *ptr = __fcs(buf); ptr++;
954
955 return rfcomm_send_frame(s, buf, ptr - buf);
956}
957
958int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
959 u8 bit_rate, u8 data_bits, u8 stop_bits,
960 u8 parity, u8 flow_ctrl_settings,
961 u8 xon_char, u8 xoff_char, u16 param_mask)
962{
963 struct rfcomm_hdr *hdr;
964 struct rfcomm_mcc *mcc;
965 struct rfcomm_rpn *rpn;
966 u8 buf[16], *ptr = buf;
967
968 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
969 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
970 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
971 flow_ctrl_settings, xon_char, xoff_char, param_mask);
972
973 hdr = (void *) ptr; ptr += sizeof(*hdr);
974 hdr->addr = __addr(s->initiator, 0);
975 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
976 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
977
978 mcc = (void *) ptr; ptr += sizeof(*mcc);
979 mcc->type = __mcc_type(cr, RFCOMM_RPN);
980 mcc->len = __len8(sizeof(*rpn));
981
982 rpn = (void *) ptr; ptr += sizeof(*rpn);
983 rpn->dlci = __addr(1, dlci);
984 rpn->bit_rate = bit_rate;
985 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
986 rpn->flow_ctrl = flow_ctrl_settings;
987 rpn->xon_char = xon_char;
988 rpn->xoff_char = xoff_char;
989 rpn->param_mask = cpu_to_le16(param_mask);
990
991 *ptr = __fcs(buf); ptr++;
992
993 return rfcomm_send_frame(s, buf, ptr - buf);
994}
995
996static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
997{
998 struct rfcomm_hdr *hdr;
999 struct rfcomm_mcc *mcc;
1000 struct rfcomm_rls *rls;
1001 u8 buf[16], *ptr = buf;
1002
1003 BT_DBG("%p cr %d status 0x%x", s, cr, status);
1004
1005 hdr = (void *) ptr; ptr += sizeof(*hdr);
1006 hdr->addr = __addr(s->initiator, 0);
1007 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1008 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
1009
1010 mcc = (void *) ptr; ptr += sizeof(*mcc);
1011 mcc->type = __mcc_type(cr, RFCOMM_RLS);
1012 mcc->len = __len8(sizeof(*rls));
1013
1014 rls = (void *) ptr; ptr += sizeof(*rls);
1015 rls->dlci = __addr(1, dlci);
1016 rls->status = status;
1017
1018 *ptr = __fcs(buf); ptr++;
1019
1020 return rfcomm_send_frame(s, buf, ptr - buf);
1021}
1022
1023static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
1024{
1025 struct rfcomm_hdr *hdr;
1026 struct rfcomm_mcc *mcc;
1027 struct rfcomm_msc *msc;
1028 u8 buf[16], *ptr = buf;
1029
1030 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
1031
1032 hdr = (void *) ptr; ptr += sizeof(*hdr);
1033 hdr->addr = __addr(s->initiator, 0);
1034 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1035 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
1036
1037 mcc = (void *) ptr; ptr += sizeof(*mcc);
1038 mcc->type = __mcc_type(cr, RFCOMM_MSC);
1039 mcc->len = __len8(sizeof(*msc));
1040
1041 msc = (void *) ptr; ptr += sizeof(*msc);
1042 msc->dlci = __addr(1, dlci);
1043 msc->v24_sig = v24_sig | 0x01;
1044
1045 *ptr = __fcs(buf); ptr++;
1046
1047 return rfcomm_send_frame(s, buf, ptr - buf);
1048}
1049
1050static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
1051{
1052 struct rfcomm_hdr *hdr;
1053 struct rfcomm_mcc *mcc;
1054 u8 buf[16], *ptr = buf;
1055
1056 BT_DBG("%p cr %d", s, cr);
1057
1058 hdr = (void *) ptr; ptr += sizeof(*hdr);
1059 hdr->addr = __addr(s->initiator, 0);
1060 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1061 hdr->len = __len8(sizeof(*mcc));
1062
1063 mcc = (void *) ptr; ptr += sizeof(*mcc);
1064 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
1065 mcc->len = __len8(0);
1066
1067 *ptr = __fcs(buf); ptr++;
1068
1069 return rfcomm_send_frame(s, buf, ptr - buf);
1070}
1071
1072static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
1073{
1074 struct rfcomm_hdr *hdr;
1075 struct rfcomm_mcc *mcc;
1076 u8 buf[16], *ptr = buf;
1077
1078 BT_DBG("%p cr %d", s, cr);
1079
1080 hdr = (void *) ptr; ptr += sizeof(*hdr);
1081 hdr->addr = __addr(s->initiator, 0);
1082 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1083 hdr->len = __len8(sizeof(*mcc));
1084
1085 mcc = (void *) ptr; ptr += sizeof(*mcc);
1086 mcc->type = __mcc_type(cr, RFCOMM_FCON);
1087 mcc->len = __len8(0);
1088
1089 *ptr = __fcs(buf); ptr++;
1090
1091 return rfcomm_send_frame(s, buf, ptr - buf);
1092}
1093
1094static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
1095{
1096 struct socket *sock = s->sock;
1097 struct kvec iv[3];
1098 struct msghdr msg;
1099 unsigned char hdr[5], crc[1];
1100
1101 if (len > 125)
1102 return -EINVAL;
1103
1104 BT_DBG("%p cr %d", s, cr);
1105
1106 hdr[0] = __addr(s->initiator, 0);
1107 hdr[1] = __ctrl(RFCOMM_UIH, 0);
1108 hdr[2] = 0x01 | ((len + 2) << 1);
1109 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
1110 hdr[4] = 0x01 | (len << 1);
1111
1112 crc[0] = __fcs(hdr);
1113
1114 iv[0].iov_base = hdr;
1115 iv[0].iov_len = 5;
1116 iv[1].iov_base = pattern;
1117 iv[1].iov_len = len;
1118 iv[2].iov_base = crc;
1119 iv[2].iov_len = 1;
1120
1121 memset(&msg, 0, sizeof(msg));
1122
1123 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
1124}
1125
1126static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
1127{
1128 struct rfcomm_hdr *hdr;
1129 u8 buf[16], *ptr = buf;
1130
1131 BT_DBG("%p addr %d credits %d", s, addr, credits);
1132
1133 hdr = (void *) ptr; ptr += sizeof(*hdr);
1134 hdr->addr = addr;
1135 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1136 hdr->len = __len8(0);
1137
1138 *ptr = credits; ptr++;
1139
1140 *ptr = __fcs(buf); ptr++;
1141
1142 return rfcomm_send_frame(s, buf, ptr - buf);
1143}
1144
1145static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1146{
1147 struct rfcomm_hdr *hdr;
1148 int len = skb->len;
1149 u8 *crc;
1150
1151 if (len > 127) {
1152 hdr = (void *) skb_push(skb, 4);
1153 put_unaligned(cpu_to_le16(__len16(len)), (__le16 *) &hdr->len);
1154 } else {
1155 hdr = (void *) skb_push(skb, 3);
1156 hdr->len = __len8(len);
1157 }
1158 hdr->addr = addr;
1159 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1160
1161 crc = skb_put(skb, 1);
1162 *crc = __fcs((void *) hdr);
1163}
1164
1165
1166static struct rfcomm_session *rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1167{
1168 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1169
1170 if (dlci) {
1171
1172 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1173 if (!d) {
1174 rfcomm_send_dm(s, dlci);
1175 return s;
1176 }
1177
1178 switch (d->state) {
1179 case BT_CONNECT:
1180 rfcomm_dlc_clear_timer(d);
1181
1182 rfcomm_dlc_lock(d);
1183 d->state = BT_CONNECTED;
1184 d->state_change(d, 0);
1185 rfcomm_dlc_unlock(d);
1186
1187 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1188 break;
1189
1190 case BT_DISCONN:
1191 d->state = BT_CLOSED;
1192 __rfcomm_dlc_close(d, 0);
1193
1194 if (list_empty(&s->dlcs)) {
1195 s->state = BT_DISCONN;
1196 rfcomm_send_disc(s, 0);
1197 rfcomm_session_clear_timer(s);
1198 }
1199
1200 break;
1201 }
1202 } else {
1203
1204 switch (s->state) {
1205 case BT_CONNECT:
1206 s->state = BT_CONNECTED;
1207 rfcomm_process_connect(s);
1208 break;
1209
1210 case BT_DISCONN:
1211 s = rfcomm_session_close(s, ECONNRESET);
1212 break;
1213 }
1214 }
1215 return s;
1216}
1217
1218static struct rfcomm_session *rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1219{
1220 int err = 0;
1221
1222 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1223
1224 if (dlci) {
1225
1226 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1227 if (d) {
1228 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1229 err = ECONNREFUSED;
1230 else
1231 err = ECONNRESET;
1232
1233 d->state = BT_CLOSED;
1234 __rfcomm_dlc_close(d, err);
1235 }
1236 } else {
1237 if (s->state == BT_CONNECT)
1238 err = ECONNREFUSED;
1239 else
1240 err = ECONNRESET;
1241
1242 s = rfcomm_session_close(s, err);
1243 }
1244 return s;
1245}
1246
1247static struct rfcomm_session *rfcomm_recv_disc(struct rfcomm_session *s,
1248 u8 dlci)
1249{
1250 int err = 0;
1251
1252 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1253
1254 if (dlci) {
1255 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1256 if (d) {
1257 rfcomm_send_ua(s, dlci);
1258
1259 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1260 err = ECONNREFUSED;
1261 else
1262 err = ECONNRESET;
1263
1264 d->state = BT_CLOSED;
1265 __rfcomm_dlc_close(d, err);
1266 } else
1267 rfcomm_send_dm(s, dlci);
1268
1269 } else {
1270 rfcomm_send_ua(s, 0);
1271
1272 if (s->state == BT_CONNECT)
1273 err = ECONNREFUSED;
1274 else
1275 err = ECONNRESET;
1276
1277 s = rfcomm_session_close(s, err);
1278 }
1279 return s;
1280}
1281
1282void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1283{
1284 struct sock *sk = d->session->sock->sk;
1285 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
1286
1287 BT_DBG("dlc %p", d);
1288
1289 rfcomm_send_ua(d->session, d->dlci);
1290
1291 rfcomm_dlc_clear_timer(d);
1292
1293 rfcomm_dlc_lock(d);
1294 d->state = BT_CONNECTED;
1295 d->state_change(d, 0);
1296 rfcomm_dlc_unlock(d);
1297
1298 if (d->role_switch)
1299 hci_conn_switch_role(conn->hcon, 0x00);
1300
1301 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1302}
1303
1304static void rfcomm_check_accept(struct rfcomm_dlc *d)
1305{
1306 if (rfcomm_check_security(d)) {
1307 if (d->defer_setup) {
1308 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1309 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1310
1311 rfcomm_dlc_lock(d);
1312 d->state = BT_CONNECT2;
1313 d->state_change(d, 0);
1314 rfcomm_dlc_unlock(d);
1315 } else
1316 rfcomm_dlc_accept(d);
1317 } else {
1318 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1319 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1320 }
1321}
1322
1323static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1324{
1325 struct rfcomm_dlc *d;
1326 u8 channel;
1327
1328 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1329
1330 if (!dlci) {
1331 rfcomm_send_ua(s, 0);
1332
1333 if (s->state == BT_OPEN) {
1334 s->state = BT_CONNECTED;
1335 rfcomm_process_connect(s);
1336 }
1337 return 0;
1338 }
1339
1340
1341 d = rfcomm_dlc_get(s, dlci);
1342 if (d) {
1343 if (d->state == BT_OPEN) {
1344
1345 rfcomm_check_accept(d);
1346 }
1347 return 0;
1348 }
1349
1350
1351 channel = __srv_channel(dlci);
1352 if (rfcomm_connect_ind(s, channel, &d)) {
1353 d->dlci = dlci;
1354 d->addr = __addr(s->initiator, dlci);
1355 rfcomm_dlc_link(s, d);
1356
1357 rfcomm_check_accept(d);
1358 } else {
1359 rfcomm_send_dm(s, dlci);
1360 }
1361
1362 return 0;
1363}
1364
1365static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1366{
1367 struct rfcomm_session *s = d->session;
1368
1369 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1370 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1371
1372 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1373 pn->flow_ctrl == 0xe0) {
1374 d->cfc = RFCOMM_CFC_ENABLED;
1375 d->tx_credits = pn->credits;
1376 } else {
1377 d->cfc = RFCOMM_CFC_DISABLED;
1378 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1379 }
1380
1381 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1382 s->cfc = d->cfc;
1383
1384 d->priority = pn->priority;
1385
1386 d->mtu = __le16_to_cpu(pn->mtu);
1387
1388 if (cr && d->mtu > s->mtu)
1389 d->mtu = s->mtu;
1390
1391 return 0;
1392}
1393
1394static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1395{
1396 struct rfcomm_pn *pn = (void *) skb->data;
1397 struct rfcomm_dlc *d;
1398 u8 dlci = pn->dlci;
1399
1400 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1401
1402 if (!dlci)
1403 return 0;
1404
1405 d = rfcomm_dlc_get(s, dlci);
1406 if (d) {
1407 if (cr) {
1408
1409 rfcomm_apply_pn(d, cr, pn);
1410 rfcomm_send_pn(s, 0, d);
1411 } else {
1412
1413 switch (d->state) {
1414 case BT_CONFIG:
1415 rfcomm_apply_pn(d, cr, pn);
1416
1417 d->state = BT_CONNECT;
1418 rfcomm_send_sabm(s, d->dlci);
1419 break;
1420 }
1421 }
1422 } else {
1423 u8 channel = __srv_channel(dlci);
1424
1425 if (!cr)
1426 return 0;
1427
1428
1429
1430 if (rfcomm_connect_ind(s, channel, &d)) {
1431 d->dlci = dlci;
1432 d->addr = __addr(s->initiator, dlci);
1433 rfcomm_dlc_link(s, d);
1434
1435 rfcomm_apply_pn(d, cr, pn);
1436
1437 d->state = BT_OPEN;
1438 rfcomm_send_pn(s, 0, d);
1439 } else {
1440 rfcomm_send_dm(s, dlci);
1441 }
1442 }
1443 return 0;
1444}
1445
1446static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1447{
1448 struct rfcomm_rpn *rpn = (void *) skb->data;
1449 u8 dlci = __get_dlci(rpn->dlci);
1450
1451 u8 bit_rate = 0;
1452 u8 data_bits = 0;
1453 u8 stop_bits = 0;
1454 u8 parity = 0;
1455 u8 flow_ctrl = 0;
1456 u8 xon_char = 0;
1457 u8 xoff_char = 0;
1458 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1459
1460 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1461 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1462 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1463
1464 if (!cr)
1465 return 0;
1466
1467 if (len == 1) {
1468
1469 bit_rate = RFCOMM_RPN_BR_9600;
1470 data_bits = RFCOMM_RPN_DATA_8;
1471 stop_bits = RFCOMM_RPN_STOP_1;
1472 parity = RFCOMM_RPN_PARITY_NONE;
1473 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1474 xon_char = RFCOMM_RPN_XON_CHAR;
1475 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1476 goto rpn_out;
1477 }
1478
1479
1480
1481
1482 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1483 bit_rate = rpn->bit_rate;
1484 if (bit_rate > RFCOMM_RPN_BR_230400) {
1485 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1486 bit_rate = RFCOMM_RPN_BR_9600;
1487 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1488 }
1489 }
1490
1491 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
1492 data_bits = __get_rpn_data_bits(rpn->line_settings);
1493 if (data_bits != RFCOMM_RPN_DATA_8) {
1494 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1495 data_bits = RFCOMM_RPN_DATA_8;
1496 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1497 }
1498 }
1499
1500 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
1501 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1502 if (stop_bits != RFCOMM_RPN_STOP_1) {
1503 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1504 stop_bits = RFCOMM_RPN_STOP_1;
1505 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1506 }
1507 }
1508
1509 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
1510 parity = __get_rpn_parity(rpn->line_settings);
1511 if (parity != RFCOMM_RPN_PARITY_NONE) {
1512 BT_DBG("RPN parity mismatch 0x%x", parity);
1513 parity = RFCOMM_RPN_PARITY_NONE;
1514 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1515 }
1516 }
1517
1518 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
1519 flow_ctrl = rpn->flow_ctrl;
1520 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1521 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1522 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1523 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1524 }
1525 }
1526
1527 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
1528 xon_char = rpn->xon_char;
1529 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1530 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1531 xon_char = RFCOMM_RPN_XON_CHAR;
1532 rpn_mask ^= RFCOMM_RPN_PM_XON;
1533 }
1534 }
1535
1536 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
1537 xoff_char = rpn->xoff_char;
1538 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1539 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1540 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1541 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1542 }
1543 }
1544
1545rpn_out:
1546 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1547 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1548
1549 return 0;
1550}
1551
1552static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1553{
1554 struct rfcomm_rls *rls = (void *) skb->data;
1555 u8 dlci = __get_dlci(rls->dlci);
1556
1557 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1558
1559 if (!cr)
1560 return 0;
1561
1562
1563
1564
1565
1566 rfcomm_send_rls(s, 0, dlci, rls->status);
1567
1568 return 0;
1569}
1570
1571static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1572{
1573 struct rfcomm_msc *msc = (void *) skb->data;
1574 struct rfcomm_dlc *d;
1575 u8 dlci = __get_dlci(msc->dlci);
1576
1577 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1578
1579 d = rfcomm_dlc_get(s, dlci);
1580 if (!d)
1581 return 0;
1582
1583 if (cr) {
1584 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1585 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1586 else
1587 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1588
1589 rfcomm_dlc_lock(d);
1590
1591 d->remote_v24_sig = msc->v24_sig;
1592
1593 if (d->modem_status)
1594 d->modem_status(d, msc->v24_sig);
1595
1596 rfcomm_dlc_unlock(d);
1597
1598 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1599
1600 d->mscex |= RFCOMM_MSCEX_RX;
1601 } else
1602 d->mscex |= RFCOMM_MSCEX_TX;
1603
1604 return 0;
1605}
1606
1607static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1608{
1609 struct rfcomm_mcc *mcc = (void *) skb->data;
1610 u8 type, cr, len;
1611
1612 cr = __test_cr(mcc->type);
1613 type = __get_mcc_type(mcc->type);
1614 len = __get_mcc_len(mcc->len);
1615
1616 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1617
1618 skb_pull(skb, 2);
1619
1620 switch (type) {
1621 case RFCOMM_PN:
1622 rfcomm_recv_pn(s, cr, skb);
1623 break;
1624
1625 case RFCOMM_RPN:
1626 rfcomm_recv_rpn(s, cr, len, skb);
1627 break;
1628
1629 case RFCOMM_RLS:
1630 rfcomm_recv_rls(s, cr, skb);
1631 break;
1632
1633 case RFCOMM_MSC:
1634 rfcomm_recv_msc(s, cr, skb);
1635 break;
1636
1637 case RFCOMM_FCOFF:
1638 if (cr) {
1639 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1640 rfcomm_send_fcoff(s, 0);
1641 }
1642 break;
1643
1644 case RFCOMM_FCON:
1645 if (cr) {
1646 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1647 rfcomm_send_fcon(s, 0);
1648 }
1649 break;
1650
1651 case RFCOMM_TEST:
1652 if (cr)
1653 rfcomm_send_test(s, 0, skb->data, skb->len);
1654 break;
1655
1656 case RFCOMM_NSC:
1657 break;
1658
1659 default:
1660 BT_ERR("Unknown control type 0x%02x", type);
1661 rfcomm_send_nsc(s, cr, type);
1662 break;
1663 }
1664 return 0;
1665}
1666
1667static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1668{
1669 struct rfcomm_dlc *d;
1670
1671 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1672
1673 d = rfcomm_dlc_get(s, dlci);
1674 if (!d) {
1675 rfcomm_send_dm(s, dlci);
1676 goto drop;
1677 }
1678
1679 if (pf && d->cfc) {
1680 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1681
1682 d->tx_credits += credits;
1683 if (d->tx_credits)
1684 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1685 }
1686
1687 if (skb->len && d->state == BT_CONNECTED) {
1688 rfcomm_dlc_lock(d);
1689 d->rx_credits--;
1690 d->data_ready(d, skb);
1691 rfcomm_dlc_unlock(d);
1692 return 0;
1693 }
1694
1695drop:
1696 kfree_skb(skb);
1697 return 0;
1698}
1699
1700static struct rfcomm_session *rfcomm_recv_frame(struct rfcomm_session *s,
1701 struct sk_buff *skb)
1702{
1703 struct rfcomm_hdr *hdr = (void *) skb->data;
1704 u8 type, dlci, fcs;
1705
1706 if (!s) {
1707
1708 kfree_skb(skb);
1709 return s;
1710 }
1711
1712 dlci = __get_dlci(hdr->addr);
1713 type = __get_type(hdr->ctrl);
1714
1715
1716 skb->len--; skb->tail--;
1717 fcs = *(u8 *)skb_tail_pointer(skb);
1718
1719 if (__check_fcs(skb->data, type, fcs)) {
1720 BT_ERR("bad checksum in packet");
1721 kfree_skb(skb);
1722 return s;
1723 }
1724
1725 if (__test_ea(hdr->len))
1726 skb_pull(skb, 3);
1727 else
1728 skb_pull(skb, 4);
1729
1730 switch (type) {
1731 case RFCOMM_SABM:
1732 if (__test_pf(hdr->ctrl))
1733 rfcomm_recv_sabm(s, dlci);
1734 break;
1735
1736 case RFCOMM_DISC:
1737 if (__test_pf(hdr->ctrl))
1738 s = rfcomm_recv_disc(s, dlci);
1739 break;
1740
1741 case RFCOMM_UA:
1742 if (__test_pf(hdr->ctrl))
1743 s = rfcomm_recv_ua(s, dlci);
1744 break;
1745
1746 case RFCOMM_DM:
1747 s = rfcomm_recv_dm(s, dlci);
1748 break;
1749
1750 case RFCOMM_UIH:
1751 if (dlci) {
1752 rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1753 return s;
1754 }
1755 rfcomm_recv_mcc(s, skb);
1756 break;
1757
1758 default:
1759 BT_ERR("Unknown packet type 0x%02x", type);
1760 break;
1761 }
1762 kfree_skb(skb);
1763 return s;
1764}
1765
1766
1767
1768static void rfcomm_process_connect(struct rfcomm_session *s)
1769{
1770 struct rfcomm_dlc *d, *n;
1771
1772 BT_DBG("session %p state %ld", s, s->state);
1773
1774 list_for_each_entry_safe(d, n, &s->dlcs, list) {
1775 if (d->state == BT_CONFIG) {
1776 d->mtu = s->mtu;
1777 if (rfcomm_check_security(d)) {
1778 rfcomm_send_pn(s, 1, d);
1779 } else {
1780 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1781 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1782 }
1783 }
1784 }
1785}
1786
1787
1788
1789
1790static int rfcomm_process_tx(struct rfcomm_dlc *d)
1791{
1792 struct sk_buff *skb;
1793 int err;
1794
1795 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1796 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1797
1798
1799 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1800 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1801
1802 if (d->cfc) {
1803
1804
1805 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1806 d->rx_credits <= (d->cfc >> 2)) {
1807 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1808 d->rx_credits = d->cfc;
1809 }
1810 } else {
1811
1812
1813 d->tx_credits = 5;
1814 }
1815
1816 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1817 return skb_queue_len(&d->tx_queue);
1818
1819 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1820 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1821 if (err < 0) {
1822 skb_queue_head(&d->tx_queue, skb);
1823 break;
1824 }
1825 kfree_skb(skb);
1826 d->tx_credits--;
1827 }
1828
1829 if (d->cfc && !d->tx_credits) {
1830
1831
1832 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1833 }
1834
1835 return skb_queue_len(&d->tx_queue);
1836}
1837
1838static void rfcomm_process_dlcs(struct rfcomm_session *s)
1839{
1840 struct rfcomm_dlc *d, *n;
1841
1842 BT_DBG("session %p state %ld", s, s->state);
1843
1844 list_for_each_entry_safe(d, n, &s->dlcs, list) {
1845 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1846 __rfcomm_dlc_close(d, ETIMEDOUT);
1847 continue;
1848 }
1849
1850 if (test_bit(RFCOMM_ENC_DROP, &d->flags)) {
1851 __rfcomm_dlc_close(d, ECONNREFUSED);
1852 continue;
1853 }
1854
1855 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1856 rfcomm_dlc_clear_timer(d);
1857 if (d->out) {
1858 rfcomm_send_pn(s, 1, d);
1859 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
1860 } else {
1861 if (d->defer_setup) {
1862 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1863 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1864
1865 rfcomm_dlc_lock(d);
1866 d->state = BT_CONNECT2;
1867 d->state_change(d, 0);
1868 rfcomm_dlc_unlock(d);
1869 } else
1870 rfcomm_dlc_accept(d);
1871 }
1872 continue;
1873 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1874 rfcomm_dlc_clear_timer(d);
1875 if (!d->out)
1876 rfcomm_send_dm(s, d->dlci);
1877 else
1878 d->state = BT_CLOSED;
1879 __rfcomm_dlc_close(d, ECONNREFUSED);
1880 continue;
1881 }
1882
1883 if (test_bit(RFCOMM_SEC_PENDING, &d->flags))
1884 continue;
1885
1886 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1887 continue;
1888
1889 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1890 d->mscex == RFCOMM_MSCEX_OK)
1891 rfcomm_process_tx(d);
1892 }
1893}
1894
1895static struct rfcomm_session *rfcomm_process_rx(struct rfcomm_session *s)
1896{
1897 struct socket *sock = s->sock;
1898 struct sock *sk = sock->sk;
1899 struct sk_buff *skb;
1900
1901 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1902
1903
1904 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1905 skb_orphan(skb);
1906 if (!skb_linearize(skb)) {
1907 s = rfcomm_recv_frame(s, skb);
1908 if (!s)
1909 break;
1910 } else {
1911 kfree_skb(skb);
1912 }
1913 }
1914
1915 if (s && (sk->sk_state == BT_CLOSED))
1916 s = rfcomm_session_close(s, sk->sk_err);
1917
1918 return s;
1919}
1920
1921static void rfcomm_accept_connection(struct rfcomm_session *s)
1922{
1923 struct socket *sock = s->sock, *nsock;
1924 int err;
1925
1926
1927
1928 if (list_empty(&bt_sk(sock->sk)->accept_q))
1929 return;
1930
1931 BT_DBG("session %p", s);
1932
1933 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1934 if (err < 0)
1935 return;
1936
1937
1938 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1939 nsock->sk->sk_state_change = rfcomm_l2state_change;
1940
1941 s = rfcomm_session_add(nsock, BT_OPEN);
1942 if (s) {
1943
1944
1945 s->mtu = min(l2cap_pi(nsock->sk)->chan->omtu,
1946 l2cap_pi(nsock->sk)->chan->imtu) - 5;
1947
1948 rfcomm_schedule();
1949 } else
1950 sock_release(nsock);
1951}
1952
1953static struct rfcomm_session *rfcomm_check_connection(struct rfcomm_session *s)
1954{
1955 struct sock *sk = s->sock->sk;
1956
1957 BT_DBG("%p state %ld", s, s->state);
1958
1959 switch (sk->sk_state) {
1960 case BT_CONNECTED:
1961 s->state = BT_CONNECT;
1962
1963
1964
1965 s->mtu = min(l2cap_pi(sk)->chan->omtu, l2cap_pi(sk)->chan->imtu) - 5;
1966
1967 rfcomm_send_sabm(s, 0);
1968 break;
1969
1970 case BT_CLOSED:
1971 s = rfcomm_session_close(s, sk->sk_err);
1972 break;
1973 }
1974 return s;
1975}
1976
1977static void rfcomm_process_sessions(void)
1978{
1979 struct rfcomm_session *s, *n;
1980
1981 rfcomm_lock();
1982
1983 list_for_each_entry_safe(s, n, &session_list, list) {
1984 if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) {
1985 s->state = BT_DISCONN;
1986 rfcomm_send_disc(s, 0);
1987 continue;
1988 }
1989
1990 switch (s->state) {
1991 case BT_LISTEN:
1992 rfcomm_accept_connection(s);
1993 continue;
1994
1995 case BT_BOUND:
1996 s = rfcomm_check_connection(s);
1997 break;
1998
1999 default:
2000 s = rfcomm_process_rx(s);
2001 break;
2002 }
2003
2004 if (s)
2005 rfcomm_process_dlcs(s);
2006 }
2007
2008 rfcomm_unlock();
2009}
2010
2011static int rfcomm_add_listener(bdaddr_t *ba)
2012{
2013 struct sockaddr_l2 addr;
2014 struct socket *sock;
2015 struct sock *sk;
2016 struct rfcomm_session *s;
2017 int err = 0;
2018
2019
2020 err = rfcomm_l2sock_create(&sock);
2021 if (err < 0) {
2022 BT_ERR("Create socket failed %d", err);
2023 return err;
2024 }
2025
2026
2027 bacpy(&addr.l2_bdaddr, ba);
2028 addr.l2_family = AF_BLUETOOTH;
2029 addr.l2_psm = cpu_to_le16(L2CAP_PSM_RFCOMM);
2030 addr.l2_cid = 0;
2031 addr.l2_bdaddr_type = BDADDR_BREDR;
2032 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
2033 if (err < 0) {
2034 BT_ERR("Bind failed %d", err);
2035 goto failed;
2036 }
2037
2038
2039 sk = sock->sk;
2040 lock_sock(sk);
2041 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
2042 release_sock(sk);
2043
2044
2045 err = kernel_listen(sock, 10);
2046 if (err) {
2047 BT_ERR("Listen failed %d", err);
2048 goto failed;
2049 }
2050
2051
2052 s = rfcomm_session_add(sock, BT_LISTEN);
2053 if (!s) {
2054 err = -ENOMEM;
2055 goto failed;
2056 }
2057
2058 return 0;
2059failed:
2060 sock_release(sock);
2061 return err;
2062}
2063
2064static void rfcomm_kill_listener(void)
2065{
2066 struct rfcomm_session *s, *n;
2067
2068 BT_DBG("");
2069
2070 list_for_each_entry_safe(s, n, &session_list, list)
2071 rfcomm_session_del(s);
2072}
2073
2074static int rfcomm_run(void *unused)
2075{
2076 DEFINE_WAIT_FUNC(wait, woken_wake_function);
2077 BT_DBG("");
2078
2079 set_user_nice(current, -10);
2080
2081 rfcomm_add_listener(BDADDR_ANY);
2082
2083 add_wait_queue(&rfcomm_wq, &wait);
2084 while (!kthread_should_stop()) {
2085
2086
2087 rfcomm_process_sessions();
2088
2089 wait_woken(&wait, TASK_INTERRUPTIBLE, MAX_SCHEDULE_TIMEOUT);
2090 }
2091 remove_wait_queue(&rfcomm_wq, &wait);
2092
2093 rfcomm_kill_listener();
2094
2095 return 0;
2096}
2097
2098static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
2099{
2100 struct rfcomm_session *s;
2101 struct rfcomm_dlc *d, *n;
2102
2103 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
2104
2105 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
2106 if (!s)
2107 return;
2108
2109 list_for_each_entry_safe(d, n, &s->dlcs, list) {
2110 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) {
2111 rfcomm_dlc_clear_timer(d);
2112 if (status || encrypt == 0x00) {
2113 set_bit(RFCOMM_ENC_DROP, &d->flags);
2114 continue;
2115 }
2116 }
2117
2118 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) {
2119 if (d->sec_level == BT_SECURITY_MEDIUM) {
2120 set_bit(RFCOMM_SEC_PENDING, &d->flags);
2121 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
2122 continue;
2123 } else if (d->sec_level == BT_SECURITY_HIGH ||
2124 d->sec_level == BT_SECURITY_FIPS) {
2125 set_bit(RFCOMM_ENC_DROP, &d->flags);
2126 continue;
2127 }
2128 }
2129
2130 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2131 continue;
2132
2133 if (!status && hci_conn_check_secure(conn, d->sec_level))
2134 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2135 else
2136 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2137 }
2138
2139 rfcomm_schedule();
2140}
2141
2142static struct hci_cb rfcomm_cb = {
2143 .name = "RFCOMM",
2144 .security_cfm = rfcomm_security_cfm
2145};
2146
2147static int rfcomm_dlc_debugfs_show(struct seq_file *f, void *x)
2148{
2149 struct rfcomm_session *s;
2150
2151 rfcomm_lock();
2152
2153 list_for_each_entry(s, &session_list, list) {
2154 struct l2cap_chan *chan = l2cap_pi(s->sock->sk)->chan;
2155 struct rfcomm_dlc *d;
2156 list_for_each_entry(d, &s->dlcs, list) {
2157 seq_printf(f, "%pMR %pMR %ld %d %d %d %d\n",
2158 &chan->src, &chan->dst,
2159 d->state, d->dlci, d->mtu,
2160 d->rx_credits, d->tx_credits);
2161 }
2162 }
2163
2164 rfcomm_unlock();
2165
2166 return 0;
2167}
2168
2169static int rfcomm_dlc_debugfs_open(struct inode *inode, struct file *file)
2170{
2171 return single_open(file, rfcomm_dlc_debugfs_show, inode->i_private);
2172}
2173
2174static const struct file_operations rfcomm_dlc_debugfs_fops = {
2175 .open = rfcomm_dlc_debugfs_open,
2176 .read = seq_read,
2177 .llseek = seq_lseek,
2178 .release = single_release,
2179};
2180
2181static struct dentry *rfcomm_dlc_debugfs;
2182
2183
2184static int __init rfcomm_init(void)
2185{
2186 int err;
2187
2188 hci_register_cb(&rfcomm_cb);
2189
2190 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2191 if (IS_ERR(rfcomm_thread)) {
2192 err = PTR_ERR(rfcomm_thread);
2193 goto unregister;
2194 }
2195
2196 err = rfcomm_init_ttys();
2197 if (err < 0)
2198 goto stop;
2199
2200 err = rfcomm_init_sockets();
2201 if (err < 0)
2202 goto cleanup;
2203
2204 BT_INFO("RFCOMM ver %s", VERSION);
2205
2206 if (IS_ERR_OR_NULL(bt_debugfs))
2207 return 0;
2208
2209 rfcomm_dlc_debugfs = debugfs_create_file("rfcomm_dlc", 0444,
2210 bt_debugfs, NULL,
2211 &rfcomm_dlc_debugfs_fops);
2212
2213 return 0;
2214
2215cleanup:
2216 rfcomm_cleanup_ttys();
2217
2218stop:
2219 kthread_stop(rfcomm_thread);
2220
2221unregister:
2222 hci_unregister_cb(&rfcomm_cb);
2223
2224 return err;
2225}
2226
2227static void __exit rfcomm_exit(void)
2228{
2229 debugfs_remove(rfcomm_dlc_debugfs);
2230
2231 hci_unregister_cb(&rfcomm_cb);
2232
2233 kthread_stop(rfcomm_thread);
2234
2235 rfcomm_cleanup_ttys();
2236
2237 rfcomm_cleanup_sockets();
2238}
2239
2240module_init(rfcomm_init);
2241module_exit(rfcomm_exit);
2242
2243module_param(disable_cfc, bool, 0644);
2244MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2245
2246module_param(channel_mtu, int, 0644);
2247MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2248
2249module_param(l2cap_mtu, uint, 0644);
2250MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2251
2252module_param(l2cap_ertm, bool, 0644);
2253MODULE_PARM_DESC(l2cap_ertm, "Use L2CAP ERTM mode for connection");
2254
2255MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2256MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2257MODULE_VERSION(VERSION);
2258MODULE_LICENSE("GPL");
2259MODULE_ALIAS("bt-proto-3");
2260
