1 /*
2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
22 */
24 /*
25 * Bluetooth RFCOMM core.
26 */
28 #include <linux/module.h>
29 #include <linux/debugfs.h>
30 #include <linux/kthread.h>
31 #include <asm/unaligned.h>
33 #include <net/bluetooth/bluetooth.h>
34 #include <net/bluetooth/hci_core.h>
35 #include <net/bluetooth/l2cap.h>
36 #include <net/bluetooth/rfcomm.h>
38 #define VERSION "1.11"
40 static bool disable_cfc;
41 static bool l2cap_ertm;
42 static int channel_mtu = -1;
43 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
45 static struct task_struct *rfcomm_thread;
47 static DEFINE_MUTEX(rfcomm_mutex);
48 #define rfcomm_lock() mutex_lock(&rfcomm_mutex)
49 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
52 static LIST_HEAD(session_list);
54 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
55 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
56 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
57 static int rfcomm_queue_disc(struct rfcomm_dlc *d);
58 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
59 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
60 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
61 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
62 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
63 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
65 static void rfcomm_process_connect(struct rfcomm_session *s);
67 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
68 bdaddr_t *dst,
69 u8 sec_level,
70 int *err);
71 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
72 static void rfcomm_session_del(struct rfcomm_session *s);
74 /* ---- RFCOMM frame parsing macros ---- */
75 #define __get_dlci(b) ((b & 0xfc) >> 2)
76 #define __get_channel(b) ((b & 0xf8) >> 3)
77 #define __get_dir(b) ((b & 0x04) >> 2)
78 #define __get_type(b) ((b & 0xef))
80 #define __test_ea(b) ((b & 0x01))
81 #define __test_cr(b) ((b & 0x02))
82 #define __test_pf(b) ((b & 0x10))
84 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
85 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
86 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
87 #define __srv_channel(dlci) (dlci >> 1)
88 #define __dir(dlci) (dlci & 0x01)
90 #define __len8(len) (((len) << 1) | 1)
91 #define __len16(len) ((len) << 1)
93 /* MCC macros */
94 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
95 #define __get_mcc_type(b) ((b & 0xfc) >> 2)
96 #define __get_mcc_len(b) ((b & 0xfe) >> 1)
98 /* RPN macros */
99 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
100 #define __get_rpn_data_bits(line) ((line) & 0x3)
101 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
102 #define __get_rpn_parity(line) (((line) >> 3) & 0x7)
104 static void rfcomm_schedule(void)
105 {
106 if (!rfcomm_thread)
107 return;
108 wake_up_process(rfcomm_thread);
109 }
111 static void rfcomm_session_put(struct rfcomm_session *s)
112 {
113 if (atomic_dec_and_test(&s->refcnt))
114 rfcomm_session_del(s);
115 }
117 /* ---- RFCOMM FCS computation ---- */
119 /* reversed, 8-bit, poly=0x07 */
120 static unsigned char rfcomm_crc_table[256] = {
121 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
122 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
123 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
124 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
126 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
127 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
128 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
129 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
131 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
132 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
133 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
134 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
136 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
137 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
138 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
139 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
141 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
142 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
143 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
144 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
146 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
147 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
148 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
149 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
151 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
152 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
153 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
154 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
156 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
157 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
158 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
159 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
160 };
162 /* CRC on 2 bytes */
163 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
165 /* FCS on 2 bytes */
166 static inline u8 __fcs(u8 *data)
167 {
168 return 0xff - __crc(data);
169 }
171 /* FCS on 3 bytes */
172 static inline u8 __fcs2(u8 *data)
173 {
174 return 0xff - rfcomm_crc_table[__crc(data) ^ data[2]];
175 }
177 /* Check FCS */
178 static inline int __check_fcs(u8 *data, int type, u8 fcs)
179 {
180 u8 f = __crc(data);
182 if (type != RFCOMM_UIH)
183 f = rfcomm_crc_table[f ^ data[2]];
185 return rfcomm_crc_table[f ^ fcs] != 0xcf;
186 }
188 /* ---- L2CAP callbacks ---- */
189 static void rfcomm_l2state_change(struct sock *sk)
190 {
191 BT_DBG("%p state %d", sk, sk->sk_state);
192 rfcomm_schedule();
193 }
195 static void rfcomm_l2data_ready(struct sock *sk, int bytes)
196 {
197 BT_DBG("%p bytes %d", sk, bytes);
198 rfcomm_schedule();
199 }
201 static int rfcomm_l2sock_create(struct socket **sock)
202 {
203 int err;
205 BT_DBG("");
207 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
208 if (!err) {
209 struct sock *sk = (*sock)->sk;
210 sk->sk_data_ready = rfcomm_l2data_ready;
211 sk->sk_state_change = rfcomm_l2state_change;
212 }
213 return err;
214 }
216 static int rfcomm_check_security(struct rfcomm_dlc *d)
217 {
218 struct sock *sk = d->session->sock->sk;
219 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
221 __u8 auth_type;
223 switch (d->sec_level) {
224 case BT_SECURITY_HIGH:
225 auth_type = HCI_AT_GENERAL_BONDING_MITM;
226 break;
227 case BT_SECURITY_MEDIUM:
228 auth_type = HCI_AT_GENERAL_BONDING;
229 break;
230 default:
231 auth_type = HCI_AT_NO_BONDING;
232 break;
233 }
235 return hci_conn_security(conn->hcon, d->sec_level, auth_type);
236 }
238 static void rfcomm_session_timeout(unsigned long arg)
239 {
240 struct rfcomm_session *s = (void *) arg;
242 BT_DBG("session %p state %ld", s, s->state);
244 set_bit(RFCOMM_TIMED_OUT, &s->flags);
245 rfcomm_schedule();
246 }
248 static void rfcomm_session_set_timer(struct rfcomm_session *s, long timeout)
249 {
250 BT_DBG("session %p state %ld timeout %ld", s, s->state, timeout);
252 if (!mod_timer(&s->timer, jiffies + timeout))
253 rfcomm_session_hold(s);
254 }
256 static void rfcomm_session_clear_timer(struct rfcomm_session *s)
257 {
258 BT_DBG("session %p state %ld", s, s->state);
260 if (timer_pending(&s->timer) && del_timer(&s->timer))
261 rfcomm_session_put(s);
262 }
264 /* ---- RFCOMM DLCs ---- */
265 static void rfcomm_dlc_timeout(unsigned long arg)
266 {
267 struct rfcomm_dlc *d = (void *) arg;
269 BT_DBG("dlc %p state %ld", d, d->state);
271 set_bit(RFCOMM_TIMED_OUT, &d->flags);
272 rfcomm_dlc_put(d);
273 rfcomm_schedule();
274 }
276 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
277 {
278 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
280 if (!mod_timer(&d->timer, jiffies + timeout))
281 rfcomm_dlc_hold(d);
282 }
284 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
285 {
286 BT_DBG("dlc %p state %ld", d, d->state);
288 if (timer_pending(&d->timer) && del_timer(&d->timer))
289 rfcomm_dlc_put(d);
290 }
292 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
293 {
294 BT_DBG("%p", d);
296 d->state = BT_OPEN;
297 d->flags = 0;
298 d->mscex = 0;
299 d->sec_level = BT_SECURITY_LOW;
300 d->mtu = RFCOMM_DEFAULT_MTU;
301 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
303 d->cfc = RFCOMM_CFC_DISABLED;
304 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
305 }
307 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
308 {
309 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
311 if (!d)
312 return NULL;
314 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d);
316 skb_queue_head_init(&d->tx_queue);
317 spin_lock_init(&d->lock);
318 atomic_set(&d->refcnt, 1);
320 rfcomm_dlc_clear_state(d);
322 BT_DBG("%p", d);
324 return d;
325 }
327 void rfcomm_dlc_free(struct rfcomm_dlc *d)
328 {
329 BT_DBG("%p", d);
331 skb_queue_purge(&d->tx_queue);
332 kfree(d);
333 }
335 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
336 {
337 BT_DBG("dlc %p session %p", d, s);
339 rfcomm_session_hold(s);
341 rfcomm_session_clear_timer(s);
342 rfcomm_dlc_hold(d);
343 list_add(&d->list, &s->dlcs);
344 d->session = s;
345 }
347 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
348 {
349 struct rfcomm_session *s = d->session;
351 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
353 list_del(&d->list);
354 d->session = NULL;
355 rfcomm_dlc_put(d);
357 if (list_empty(&s->dlcs))
358 rfcomm_session_set_timer(s, RFCOMM_IDLE_TIMEOUT);
360 rfcomm_session_put(s);
361 }
363 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
364 {
365 struct rfcomm_dlc *d;
367 list_for_each_entry(d, &s->dlcs, list)
368 if (d->dlci == dlci)
369 return d;
371 return NULL;
372 }
374 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
375 {
376 struct rfcomm_session *s;
377 int err = 0;
378 u8 dlci;
380 BT_DBG("dlc %p state %ld %pMR -> %pMR channel %d",
381 d, d->state, src, dst, channel);
383 if (channel < 1 || channel > 30)
384 return -EINVAL;
386 if (d->state != BT_OPEN && d->state != BT_CLOSED)
387 return 0;
389 s = rfcomm_session_get(src, dst);
390 if (!s) {
391 s = rfcomm_session_create(src, dst, d->sec_level, &err);
392 if (!s)
393 return err;
394 }
396 dlci = __dlci(!s->initiator, channel);
398 /* Check if DLCI already exists */
399 if (rfcomm_dlc_get(s, dlci))
400 return -EBUSY;
402 rfcomm_dlc_clear_state(d);
404 d->dlci = dlci;
405 d->addr = __addr(s->initiator, dlci);
406 d->priority = 7;
408 d->state = BT_CONFIG;
409 rfcomm_dlc_link(s, d);
411 d->out = 1;
413 d->mtu = s->mtu;
414 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
416 if (s->state == BT_CONNECTED) {
417 if (rfcomm_check_security(d))
418 rfcomm_send_pn(s, 1, d);
419 else
420 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
421 }
423 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
425 return 0;
426 }
428 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
429 {
430 int r;
432 rfcomm_lock();
434 r = __rfcomm_dlc_open(d, src, dst, channel);
436 rfcomm_unlock();
437 return r;
438 }
440 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
441 {
442 struct rfcomm_session *s = d->session;
443 if (!s)
444 return 0;
446 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
447 d, d->state, d->dlci, err, s);
449 switch (d->state) {
450 case BT_CONNECT:
451 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
452 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
453 rfcomm_schedule();
454 break;
455 }
456 /* Fall through */
458 case BT_CONNECTED:
459 d->state = BT_DISCONN;
460 if (skb_queue_empty(&d->tx_queue)) {
461 rfcomm_send_disc(s, d->dlci);
462 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
463 } else {
464 rfcomm_queue_disc(d);
465 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
466 }
467 break;
469 case BT_OPEN:
470 case BT_CONNECT2:
471 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
472 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
473 rfcomm_schedule();
474 break;
475 }
476 /* Fall through */
478 default:
479 rfcomm_dlc_clear_timer(d);
481 rfcomm_dlc_lock(d);
482 d->state = BT_CLOSED;
483 d->state_change(d, err);
484 rfcomm_dlc_unlock(d);
486 skb_queue_purge(&d->tx_queue);
487 rfcomm_dlc_unlink(d);
488 }
490 return 0;
491 }
493 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
494 {
495 int r;
497 rfcomm_lock();
499 r = __rfcomm_dlc_close(d, err);
501 rfcomm_unlock();
502 return r;
503 }
505 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
506 {
507 int len = skb->len;
509 if (d->state != BT_CONNECTED)
510 return -ENOTCONN;
512 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
514 if (len > d->mtu)
515 return -EINVAL;
517 rfcomm_make_uih(skb, d->addr);
518 skb_queue_tail(&d->tx_queue, skb);
520 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
521 rfcomm_schedule();
522 return len;
523 }
525 void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
526 {
527 BT_DBG("dlc %p state %ld", d, d->state);
529 if (!d->cfc) {
530 d->v24_sig |= RFCOMM_V24_FC;
531 set_bit(RFCOMM_MSC_PENDING, &d->flags);
532 }
533 rfcomm_schedule();
534 }
536 void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
537 {
538 BT_DBG("dlc %p state %ld", d, d->state);
540 if (!d->cfc) {
541 d->v24_sig &= ~RFCOMM_V24_FC;
542 set_bit(RFCOMM_MSC_PENDING, &d->flags);
543 }
544 rfcomm_schedule();
545 }
547 /*
548 Set/get modem status functions use _local_ status i.e. what we report
549 to the other side.
550 Remote status is provided by dlc->modem_status() callback.
551 */
552 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
553 {
554 BT_DBG("dlc %p state %ld v24_sig 0x%x",
555 d, d->state, v24_sig);
557 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
558 v24_sig |= RFCOMM_V24_FC;
559 else
560 v24_sig &= ~RFCOMM_V24_FC;
562 d->v24_sig = v24_sig;
564 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
565 rfcomm_schedule();
567 return 0;
568 }
570 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
571 {
572 BT_DBG("dlc %p state %ld v24_sig 0x%x",
573 d, d->state, d->v24_sig);
575 *v24_sig = d->v24_sig;
576 return 0;
577 }
579 /* ---- RFCOMM sessions ---- */
580 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
581 {
582 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
584 if (!s)
585 return NULL;
587 BT_DBG("session %p sock %p", s, sock);
589 setup_timer(&s->timer, rfcomm_session_timeout, (unsigned long) s);
591 INIT_LIST_HEAD(&s->dlcs);
592 s->state = state;
593 s->sock = sock;
595 s->mtu = RFCOMM_DEFAULT_MTU;
596 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
598 /* Do not increment module usage count for listening sessions.
599 * Otherwise we won't be able to unload the module. */
600 if (state != BT_LISTEN)
601 if (!try_module_get(THIS_MODULE)) {
602 kfree(s);
603 return NULL;
604 }
606 list_add(&s->list, &session_list);
608 return s;
609 }
611 static void rfcomm_session_del(struct rfcomm_session *s)
612 {
613 int state = s->state;
615 BT_DBG("session %p state %ld", s, s->state);
617 list_del(&s->list);
619 if (state == BT_CONNECTED)
620 rfcomm_send_disc(s, 0);
622 rfcomm_session_clear_timer(s);
623 sock_release(s->sock);
624 kfree(s);
626 if (state != BT_LISTEN)
627 module_put(THIS_MODULE);
628 }
630 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
631 {
632 struct rfcomm_session *s;
633 struct list_head *p, *n;
634 struct bt_sock *sk;
635 list_for_each_safe(p, n, &session_list) {
636 s = list_entry(p, struct rfcomm_session, list);
637 sk = bt_sk(s->sock->sk);
639 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
640 !bacmp(&sk->dst, dst))
641 return s;
642 }
643 return NULL;
644 }
646 static void rfcomm_session_close(struct rfcomm_session *s, int err)
647 {
648 struct rfcomm_dlc *d;
649 struct list_head *p, *n;
651 BT_DBG("session %p state %ld err %d", s, s->state, err);
653 rfcomm_session_hold(s);
655 s->state = BT_CLOSED;
657 /* Close all dlcs */
658 list_for_each_safe(p, n, &s->dlcs) {
659 d = list_entry(p, struct rfcomm_dlc, list);
660 d->state = BT_CLOSED;
661 __rfcomm_dlc_close(d, err);
662 }
664 rfcomm_session_clear_timer(s);
665 rfcomm_session_put(s);
666 }
668 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
669 bdaddr_t *dst,
670 u8 sec_level,
671 int *err)
672 {
673 struct rfcomm_session *s = NULL;
674 struct sockaddr_l2 addr;
675 struct socket *sock;
676 struct sock *sk;
678 BT_DBG("%pMR -> %pMR", src, dst);
680 *err = rfcomm_l2sock_create(&sock);
681 if (*err < 0)
682 return NULL;
684 bacpy(&addr.l2_bdaddr, src);
685 addr.l2_family = AF_BLUETOOTH;
686 addr.l2_psm = 0;
687 addr.l2_cid = 0;
688 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
689 if (*err < 0)
690 goto failed;
692 /* Set L2CAP options */
693 sk = sock->sk;
694 lock_sock(sk);
695 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
696 l2cap_pi(sk)->chan->sec_level = sec_level;
697 if (l2cap_ertm)
698 l2cap_pi(sk)->chan->mode = L2CAP_MODE_ERTM;
699 release_sock(sk);
701 s = rfcomm_session_add(sock, BT_BOUND);
702 if (!s) {
703 *err = -ENOMEM;
704 goto failed;
705 }
707 s->initiator = 1;
709 bacpy(&addr.l2_bdaddr, dst);
710 addr.l2_family = AF_BLUETOOTH;
711 addr.l2_psm = __constant_cpu_to_le16(RFCOMM_PSM);
712 addr.l2_cid = 0;
713 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
714 if (*err == 0 || *err == -EINPROGRESS)
715 return s;
717 rfcomm_session_del(s);
718 return NULL;
720 failed:
721 sock_release(sock);
722 return NULL;
723 }
725 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
726 {
727 struct sock *sk = s->sock->sk;
728 if (src)
729 bacpy(src, &bt_sk(sk)->src);
730 if (dst)
731 bacpy(dst, &bt_sk(sk)->dst);
732 }
734 /* ---- RFCOMM frame sending ---- */
735 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
736 {
737 struct kvec iv = { data, len };
738 struct msghdr msg;
740 BT_DBG("session %p len %d", s, len);
742 memset(&msg, 0, sizeof(msg));
744 return kernel_sendmsg(s->sock, &msg, &iv, 1, len);
745 }
747 static int rfcomm_send_cmd(struct rfcomm_session *s, struct rfcomm_cmd *cmd)
748 {
749 BT_DBG("%p cmd %u", s, cmd->ctrl);
751 return rfcomm_send_frame(s, (void *) cmd, sizeof(*cmd));
752 }
754 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
755 {
756 struct rfcomm_cmd cmd;
758 BT_DBG("%p dlci %d", s, dlci);
760 cmd.addr = __addr(s->initiator, dlci);
761 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
762 cmd.len = __len8(0);
763 cmd.fcs = __fcs2((u8 *) &cmd);
765 return rfcomm_send_cmd(s, &cmd);
766 }
768 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
769 {
770 struct rfcomm_cmd cmd;
772 BT_DBG("%p dlci %d", s, dlci);
774 cmd.addr = __addr(!s->initiator, dlci);
775 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
776 cmd.len = __len8(0);
777 cmd.fcs = __fcs2((u8 *) &cmd);
779 return rfcomm_send_cmd(s, &cmd);
780 }
782 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
783 {
784 struct rfcomm_cmd cmd;
786 BT_DBG("%p dlci %d", s, dlci);
788 cmd.addr = __addr(s->initiator, dlci);
789 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
790 cmd.len = __len8(0);
791 cmd.fcs = __fcs2((u8 *) &cmd);
793 return rfcomm_send_cmd(s, &cmd);
794 }
796 static int rfcomm_queue_disc(struct rfcomm_dlc *d)
797 {
798 struct rfcomm_cmd *cmd;
799 struct sk_buff *skb;
801 BT_DBG("dlc %p dlci %d", d, d->dlci);
803 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
804 if (!skb)
805 return -ENOMEM;
807 cmd = (void *) __skb_put(skb, sizeof(*cmd));
808 cmd->addr = d->addr;
809 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
810 cmd->len = __len8(0);
811 cmd->fcs = __fcs2((u8 *) cmd);
813 skb_queue_tail(&d->tx_queue, skb);
814 rfcomm_schedule();
815 return 0;
816 }
818 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
819 {
820 struct rfcomm_cmd cmd;
822 BT_DBG("%p dlci %d", s, dlci);
824 cmd.addr = __addr(!s->initiator, dlci);
825 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
826 cmd.len = __len8(0);
827 cmd.fcs = __fcs2((u8 *) &cmd);
829 return rfcomm_send_cmd(s, &cmd);
830 }
832 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
833 {
834 struct rfcomm_hdr *hdr;
835 struct rfcomm_mcc *mcc;
836 u8 buf[16], *ptr = buf;
838 BT_DBG("%p cr %d type %d", s, cr, type);
840 hdr = (void *) ptr; ptr += sizeof(*hdr);
841 hdr->addr = __addr(s->initiator, 0);
842 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
843 hdr->len = __len8(sizeof(*mcc) + 1);
845 mcc = (void *) ptr; ptr += sizeof(*mcc);
846 mcc->type = __mcc_type(cr, RFCOMM_NSC);
847 mcc->len = __len8(1);
849 /* Type that we didn't like */
850 *ptr = __mcc_type(cr, type); ptr++;
852 *ptr = __fcs(buf); ptr++;
854 return rfcomm_send_frame(s, buf, ptr - buf);
855 }
857 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
858 {
859 struct rfcomm_hdr *hdr;
860 struct rfcomm_mcc *mcc;
861 struct rfcomm_pn *pn;
862 u8 buf[16], *ptr = buf;
864 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
866 hdr = (void *) ptr; ptr += sizeof(*hdr);
867 hdr->addr = __addr(s->initiator, 0);
868 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
869 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
871 mcc = (void *) ptr; ptr += sizeof(*mcc);
872 mcc->type = __mcc_type(cr, RFCOMM_PN);
873 mcc->len = __len8(sizeof(*pn));
875 pn = (void *) ptr; ptr += sizeof(*pn);
876 pn->dlci = d->dlci;
877 pn->priority = d->priority;
878 pn->ack_timer = 0;
879 pn->max_retrans = 0;
881 if (s->cfc) {
882 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
883 pn->credits = RFCOMM_DEFAULT_CREDITS;
884 } else {
885 pn->flow_ctrl = 0;
886 pn->credits = 0;
887 }
889 if (cr && channel_mtu >= 0)
890 pn->mtu = cpu_to_le16(channel_mtu);
891 else
892 pn->mtu = cpu_to_le16(d->mtu);
894 *ptr = __fcs(buf); ptr++;
896 return rfcomm_send_frame(s, buf, ptr - buf);
897 }
899 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
900 u8 bit_rate, u8 data_bits, u8 stop_bits,
901 u8 parity, u8 flow_ctrl_settings,
902 u8 xon_char, u8 xoff_char, u16 param_mask)
903 {
904 struct rfcomm_hdr *hdr;
905 struct rfcomm_mcc *mcc;
906 struct rfcomm_rpn *rpn;
907 u8 buf[16], *ptr = buf;
909 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
910 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
911 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
912 flow_ctrl_settings, xon_char, xoff_char, param_mask);
914 hdr = (void *) ptr; ptr += sizeof(*hdr);
915 hdr->addr = __addr(s->initiator, 0);
916 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
917 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
919 mcc = (void *) ptr; ptr += sizeof(*mcc);
920 mcc->type = __mcc_type(cr, RFCOMM_RPN);
921 mcc->len = __len8(sizeof(*rpn));
923 rpn = (void *) ptr; ptr += sizeof(*rpn);
924 rpn->dlci = __addr(1, dlci);
925 rpn->bit_rate = bit_rate;
926 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
927 rpn->flow_ctrl = flow_ctrl_settings;
928 rpn->xon_char = xon_char;
929 rpn->xoff_char = xoff_char;
930 rpn->param_mask = cpu_to_le16(param_mask);
932 *ptr = __fcs(buf); ptr++;
934 return rfcomm_send_frame(s, buf, ptr - buf);
935 }
937 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
938 {
939 struct rfcomm_hdr *hdr;
940 struct rfcomm_mcc *mcc;
941 struct rfcomm_rls *rls;
942 u8 buf[16], *ptr = buf;
944 BT_DBG("%p cr %d status 0x%x", s, cr, status);
946 hdr = (void *) ptr; ptr += sizeof(*hdr);
947 hdr->addr = __addr(s->initiator, 0);
948 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
949 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
951 mcc = (void *) ptr; ptr += sizeof(*mcc);
952 mcc->type = __mcc_type(cr, RFCOMM_RLS);
953 mcc->len = __len8(sizeof(*rls));
955 rls = (void *) ptr; ptr += sizeof(*rls);
956 rls->dlci = __addr(1, dlci);
957 rls->status = status;
959 *ptr = __fcs(buf); ptr++;
961 return rfcomm_send_frame(s, buf, ptr - buf);
962 }
964 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
965 {
966 struct rfcomm_hdr *hdr;
967 struct rfcomm_mcc *mcc;
968 struct rfcomm_msc *msc;
969 u8 buf[16], *ptr = buf;
971 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
973 hdr = (void *) ptr; ptr += sizeof(*hdr);
974 hdr->addr = __addr(s->initiator, 0);
975 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
976 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
978 mcc = (void *) ptr; ptr += sizeof(*mcc);
979 mcc->type = __mcc_type(cr, RFCOMM_MSC);
980 mcc->len = __len8(sizeof(*msc));
982 msc = (void *) ptr; ptr += sizeof(*msc);
983 msc->dlci = __addr(1, dlci);
984 msc->v24_sig = v24_sig | 0x01;
986 *ptr = __fcs(buf); ptr++;
988 return rfcomm_send_frame(s, buf, ptr - buf);
989 }
991 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
992 {
993 struct rfcomm_hdr *hdr;
994 struct rfcomm_mcc *mcc;
995 u8 buf[16], *ptr = buf;
997 BT_DBG("%p cr %d", s, cr);
999 hdr = (void *) ptr; ptr += sizeof(*hdr);
1000 hdr->addr = __addr(s->initiator, 0);
1001 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1002 hdr->len = __len8(sizeof(*mcc));
1004 mcc = (void *) ptr; ptr += sizeof(*mcc);
1005 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
1006 mcc->len = __len8(0);
1008 *ptr = __fcs(buf); ptr++;
1010 return rfcomm_send_frame(s, buf, ptr - buf);
1011 }
1013 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
1014 {
1015 struct rfcomm_hdr *hdr;
1016 struct rfcomm_mcc *mcc;
1017 u8 buf[16], *ptr = buf;
1019 BT_DBG("%p cr %d", s, cr);
1021 hdr = (void *) ptr; ptr += sizeof(*hdr);
1022 hdr->addr = __addr(s->initiator, 0);
1023 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1024 hdr->len = __len8(sizeof(*mcc));
1026 mcc = (void *) ptr; ptr += sizeof(*mcc);
1027 mcc->type = __mcc_type(cr, RFCOMM_FCON);
1028 mcc->len = __len8(0);
1030 *ptr = __fcs(buf); ptr++;
1032 return rfcomm_send_frame(s, buf, ptr - buf);
1033 }
1035 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
1036 {
1037 struct socket *sock = s->sock;
1038 struct kvec iv[3];
1039 struct msghdr msg;
1040 unsigned char hdr[5], crc[1];
1042 if (len > 125)
1043 return -EINVAL;
1045 BT_DBG("%p cr %d", s, cr);
1047 hdr[0] = __addr(s->initiator, 0);
1048 hdr[1] = __ctrl(RFCOMM_UIH, 0);
1049 hdr[2] = 0x01 | ((len + 2) << 1);
1050 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
1051 hdr[4] = 0x01 | (len << 1);
1053 crc[0] = __fcs(hdr);
1055 iv[0].iov_base = hdr;
1056 iv[0].iov_len = 5;
1057 iv[1].iov_base = pattern;
1058 iv[1].iov_len = len;
1059 iv[2].iov_base = crc;
1060 iv[2].iov_len = 1;
1062 memset(&msg, 0, sizeof(msg));
1064 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
1065 }
1067 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
1068 {
1069 struct rfcomm_hdr *hdr;
1070 u8 buf[16], *ptr = buf;
1072 BT_DBG("%p addr %d credits %d", s, addr, credits);
1074 hdr = (void *) ptr; ptr += sizeof(*hdr);
1075 hdr->addr = addr;
1076 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1077 hdr->len = __len8(0);
1079 *ptr = credits; ptr++;
1081 *ptr = __fcs(buf); ptr++;
1083 return rfcomm_send_frame(s, buf, ptr - buf);
1084 }
1086 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1087 {
1088 struct rfcomm_hdr *hdr;
1089 int len = skb->len;
1090 u8 *crc;
1092 if (len > 127) {
1093 hdr = (void *) skb_push(skb, 4);
1094 put_unaligned(cpu_to_le16(__len16(len)), (__le16 *) &hdr->len);
1095 } else {
1096 hdr = (void *) skb_push(skb, 3);
1097 hdr->len = __len8(len);
1098 }
1099 hdr->addr = addr;
1100 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1102 crc = skb_put(skb, 1);
1103 *crc = __fcs((void *) hdr);
1104 }
1106 /* ---- RFCOMM frame reception ---- */
1107 static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1108 {
1109 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1111 if (dlci) {
1112 /* Data channel */
1113 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1114 if (!d) {
1115 rfcomm_send_dm(s, dlci);
1116 return 0;
1117 }
1119 switch (d->state) {
1120 case BT_CONNECT:
1121 rfcomm_dlc_clear_timer(d);
1123 rfcomm_dlc_lock(d);
1124 d->state = BT_CONNECTED;
1125 d->state_change(d, 0);
1126 rfcomm_dlc_unlock(d);
1128 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1129 break;
1131 case BT_DISCONN:
1132 d->state = BT_CLOSED;
1133 __rfcomm_dlc_close(d, 0);
1135 if (list_empty(&s->dlcs)) {
1136 s->state = BT_DISCONN;
1137 rfcomm_send_disc(s, 0);
1138 rfcomm_session_clear_timer(s);
1139 }
1141 break;
1142 }
1143 } else {
1144 /* Control channel */
1145 switch (s->state) {
1146 case BT_CONNECT:
1147 s->state = BT_CONNECTED;
1148 rfcomm_process_connect(s);
1149 break;
1151 case BT_DISCONN:
1152 /* rfcomm_session_put is called later so don't do
1153 * anything here otherwise we will mess up the session
1154 * reference counter:
1155 *
1156 * (a) when we are the initiator dlc_unlink will drive
1157 * the reference counter to 0 (there is no initial put
1158 * after session_add)
1159 *
1160 * (b) when we are not the initiator rfcomm_rx_process
1161 * will explicitly call put to balance the initial hold
1162 * done after session add.
1163 */
1164 break;
1165 }
1166 }
1167 return 0;
1168 }
1170 static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1171 {
1172 int err = 0;
1174 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1176 if (dlci) {
1177 /* Data DLC */
1178 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1179 if (d) {
1180 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1181 err = ECONNREFUSED;
1182 else
1183 err = ECONNRESET;
1185 d->state = BT_CLOSED;
1186 __rfcomm_dlc_close(d, err);
1187 }
1188 } else {
1189 if (s->state == BT_CONNECT)
1190 err = ECONNREFUSED;
1191 else
1192 err = ECONNRESET;
1194 s->state = BT_CLOSED;
1195 rfcomm_session_close(s, err);
1196 }
1197 return 0;
1198 }
1200 static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1201 {
1202 int err = 0;
1204 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1206 if (dlci) {
1207 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1208 if (d) {
1209 rfcomm_send_ua(s, dlci);
1211 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1212 err = ECONNREFUSED;
1213 else
1214 err = ECONNRESET;
1216 d->state = BT_CLOSED;
1217 __rfcomm_dlc_close(d, err);
1218 } else
1219 rfcomm_send_dm(s, dlci);
1221 } else {
1222 rfcomm_send_ua(s, 0);
1224 if (s->state == BT_CONNECT)
1225 err = ECONNREFUSED;
1226 else
1227 err = ECONNRESET;
1229 s->state = BT_CLOSED;
1230 rfcomm_session_close(s, err);
1231 }
1233 return 0;
1234 }
1236 void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1237 {
1238 struct sock *sk = d->session->sock->sk;
1239 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
1241 BT_DBG("dlc %p", d);
1243 rfcomm_send_ua(d->session, d->dlci);
1245 rfcomm_dlc_clear_timer(d);
1247 rfcomm_dlc_lock(d);
1248 d->state = BT_CONNECTED;
1249 d->state_change(d, 0);
1250 rfcomm_dlc_unlock(d);
1252 if (d->role_switch)
1253 hci_conn_switch_role(conn->hcon, 0x00);
1255 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1256 }
1258 static void rfcomm_check_accept(struct rfcomm_dlc *d)
1259 {
1260 if (rfcomm_check_security(d)) {
1261 if (d->defer_setup) {
1262 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1263 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1265 rfcomm_dlc_lock(d);
1266 d->state = BT_CONNECT2;
1267 d->state_change(d, 0);
1268 rfcomm_dlc_unlock(d);
1269 } else
1270 rfcomm_dlc_accept(d);
1271 } else {
1272 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1273 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1274 }
1275 }
1277 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1278 {
1279 struct rfcomm_dlc *d;
1280 u8 channel;
1282 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1284 if (!dlci) {
1285 rfcomm_send_ua(s, 0);
1287 if (s->state == BT_OPEN) {
1288 s->state = BT_CONNECTED;
1289 rfcomm_process_connect(s);
1290 }
1291 return 0;
1292 }
1294 /* Check if DLC exists */
1295 d = rfcomm_dlc_get(s, dlci);
1296 if (d) {
1297 if (d->state == BT_OPEN) {
1298 /* DLC was previously opened by PN request */
1299 rfcomm_check_accept(d);
1300 }
1301 return 0;
1302 }
1304 /* Notify socket layer about incoming connection */
1305 channel = __srv_channel(dlci);
1306 if (rfcomm_connect_ind(s, channel, &d)) {
1307 d->dlci = dlci;
1308 d->addr = __addr(s->initiator, dlci);
1309 rfcomm_dlc_link(s, d);
1311 rfcomm_check_accept(d);
1312 } else {
1313 rfcomm_send_dm(s, dlci);
1314 }
1316 return 0;
1317 }
1319 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1320 {
1321 struct rfcomm_session *s = d->session;
1323 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1324 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1326 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1327 pn->flow_ctrl == 0xe0) {
1328 d->cfc = RFCOMM_CFC_ENABLED;
1329 d->tx_credits = pn->credits;
1330 } else {
1331 d->cfc = RFCOMM_CFC_DISABLED;
1332 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1333 }
1335 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1336 s->cfc = d->cfc;
1338 d->priority = pn->priority;
1340 d->mtu = __le16_to_cpu(pn->mtu);
1342 if (cr && d->mtu > s->mtu)
1343 d->mtu = s->mtu;
1345 return 0;
1346 }
1348 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1349 {
1350 struct rfcomm_pn *pn = (void *) skb->data;
1351 struct rfcomm_dlc *d;
1352 u8 dlci = pn->dlci;
1354 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1356 if (!dlci)
1357 return 0;
1359 d = rfcomm_dlc_get(s, dlci);
1360 if (d) {
1361 if (cr) {
1362 /* PN request */
1363 rfcomm_apply_pn(d, cr, pn);
1364 rfcomm_send_pn(s, 0, d);
1365 } else {
1366 /* PN response */
1367 switch (d->state) {
1368 case BT_CONFIG:
1369 rfcomm_apply_pn(d, cr, pn);
1371 d->state = BT_CONNECT;
1372 rfcomm_send_sabm(s, d->dlci);
1373 break;
1374 }
1375 }
1376 } else {
1377 u8 channel = __srv_channel(dlci);
1379 if (!cr)
1380 return 0;
1382 /* PN request for non existing DLC.
1383 * Assume incoming connection. */
1384 if (rfcomm_connect_ind(s, channel, &d)) {
1385 d->dlci = dlci;
1386 d->addr = __addr(s->initiator, dlci);
1387 rfcomm_dlc_link(s, d);
1389 rfcomm_apply_pn(d, cr, pn);
1391 d->state = BT_OPEN;
1392 rfcomm_send_pn(s, 0, d);
1393 } else {
1394 rfcomm_send_dm(s, dlci);
1395 }
1396 }
1397 return 0;
1398 }
1400 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1401 {
1402 struct rfcomm_rpn *rpn = (void *) skb->data;
1403 u8 dlci = __get_dlci(rpn->dlci);
1405 u8 bit_rate = 0;
1406 u8 data_bits = 0;
1407 u8 stop_bits = 0;
1408 u8 parity = 0;
1409 u8 flow_ctrl = 0;
1410 u8 xon_char = 0;
1411 u8 xoff_char = 0;
1412 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1414 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1415 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1416 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1418 if (!cr)
1419 return 0;
1421 if (len == 1) {
1422 /* This is a request, return default (according to ETSI TS 07.10) settings */
1423 bit_rate = RFCOMM_RPN_BR_9600;
1424 data_bits = RFCOMM_RPN_DATA_8;
1425 stop_bits = RFCOMM_RPN_STOP_1;
1426 parity = RFCOMM_RPN_PARITY_NONE;
1427 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1428 xon_char = RFCOMM_RPN_XON_CHAR;
1429 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1430 goto rpn_out;
1431 }
1433 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1434 * no parity, no flow control lines, normal XON/XOFF chars */
1436 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1437 bit_rate = rpn->bit_rate;
1438 if (bit_rate > RFCOMM_RPN_BR_230400) {
1439 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1440 bit_rate = RFCOMM_RPN_BR_9600;
1441 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1442 }
1443 }
1445 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
1446 data_bits = __get_rpn_data_bits(rpn->line_settings);
1447 if (data_bits != RFCOMM_RPN_DATA_8) {
1448 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1449 data_bits = RFCOMM_RPN_DATA_8;
1450 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1451 }
1452 }
1454 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
1455 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1456 if (stop_bits != RFCOMM_RPN_STOP_1) {
1457 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1458 stop_bits = RFCOMM_RPN_STOP_1;
1459 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1460 }
1461 }
1463 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
1464 parity = __get_rpn_parity(rpn->line_settings);
1465 if (parity != RFCOMM_RPN_PARITY_NONE) {
1466 BT_DBG("RPN parity mismatch 0x%x", parity);
1467 parity = RFCOMM_RPN_PARITY_NONE;
1468 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1469 }
1470 }
1472 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
1473 flow_ctrl = rpn->flow_ctrl;
1474 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1475 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1476 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1477 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1478 }
1479 }
1481 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
1482 xon_char = rpn->xon_char;
1483 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1484 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1485 xon_char = RFCOMM_RPN_XON_CHAR;
1486 rpn_mask ^= RFCOMM_RPN_PM_XON;
1487 }
1488 }
1490 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
1491 xoff_char = rpn->xoff_char;
1492 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1493 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1494 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1495 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1496 }
1497 }
1499 rpn_out:
1500 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1501 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1503 return 0;
1504 }
1506 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1507 {
1508 struct rfcomm_rls *rls = (void *) skb->data;
1509 u8 dlci = __get_dlci(rls->dlci);
1511 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1513 if (!cr)
1514 return 0;
1516 /* We should probably do something with this information here. But
1517 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1518 * mandatory to recognise and respond to RLS */
1520 rfcomm_send_rls(s, 0, dlci, rls->status);
1522 return 0;
1523 }
1525 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1526 {
1527 struct rfcomm_msc *msc = (void *) skb->data;
1528 struct rfcomm_dlc *d;
1529 u8 dlci = __get_dlci(msc->dlci);
1531 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1533 d = rfcomm_dlc_get(s, dlci);
1534 if (!d)
1535 return 0;
1537 if (cr) {
1538 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1539 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1540 else
1541 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1543 rfcomm_dlc_lock(d);
1545 d->remote_v24_sig = msc->v24_sig;
1547 if (d->modem_status)
1548 d->modem_status(d, msc->v24_sig);
1550 rfcomm_dlc_unlock(d);
1552 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1554 d->mscex |= RFCOMM_MSCEX_RX;
1555 } else
1556 d->mscex |= RFCOMM_MSCEX_TX;
1558 return 0;
1559 }
1561 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1562 {
1563 struct rfcomm_mcc *mcc = (void *) skb->data;
1564 u8 type, cr, len;
1566 cr = __test_cr(mcc->type);
1567 type = __get_mcc_type(mcc->type);
1568 len = __get_mcc_len(mcc->len);
1570 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1572 skb_pull(skb, 2);
1574 switch (type) {
1575 case RFCOMM_PN:
1576 rfcomm_recv_pn(s, cr, skb);
1577 break;
1579 case RFCOMM_RPN:
1580 rfcomm_recv_rpn(s, cr, len, skb);
1581 break;
1583 case RFCOMM_RLS:
1584 rfcomm_recv_rls(s, cr, skb);
1585 break;
1587 case RFCOMM_MSC:
1588 rfcomm_recv_msc(s, cr, skb);
1589 break;
1591 case RFCOMM_FCOFF:
1592 if (cr) {
1593 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1594 rfcomm_send_fcoff(s, 0);
1595 }
1596 break;
1598 case RFCOMM_FCON:
1599 if (cr) {
1600 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1601 rfcomm_send_fcon(s, 0);
1602 }
1603 break;
1605 case RFCOMM_TEST:
1606 if (cr)
1607 rfcomm_send_test(s, 0, skb->data, skb->len);
1608 break;
1610 case RFCOMM_NSC:
1611 break;
1613 default:
1614 BT_ERR("Unknown control type 0x%02x", type);
1615 rfcomm_send_nsc(s, cr, type);
1616 break;
1617 }
1618 return 0;
1619 }
1621 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1622 {
1623 struct rfcomm_dlc *d;
1625 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1627 d = rfcomm_dlc_get(s, dlci);
1628 if (!d) {
1629 rfcomm_send_dm(s, dlci);
1630 goto drop;
1631 }
1633 if (pf && d->cfc) {
1634 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1636 d->tx_credits += credits;
1637 if (d->tx_credits)
1638 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1639 }
1641 if (skb->len && d->state == BT_CONNECTED) {
1642 rfcomm_dlc_lock(d);
1643 d->rx_credits--;
1644 d->data_ready(d, skb);
1645 rfcomm_dlc_unlock(d);
1646 return 0;
1647 }
1649 drop:
1650 kfree_skb(skb);
1651 return 0;
1652 }
1654 static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb)
1655 {
1656 struct rfcomm_hdr *hdr = (void *) skb->data;
1657 u8 type, dlci, fcs;
1659 dlci = __get_dlci(hdr->addr);
1660 type = __get_type(hdr->ctrl);
1662 /* Trim FCS */
1663 skb->len--; skb->tail--;
1664 fcs = *(u8 *)skb_tail_pointer(skb);
1666 if (__check_fcs(skb->data, type, fcs)) {
1667 BT_ERR("bad checksum in packet");
1668 kfree_skb(skb);
1669 return -EILSEQ;
1670 }
1672 if (__test_ea(hdr->len))
1673 skb_pull(skb, 3);
1674 else
1675 skb_pull(skb, 4);
1677 switch (type) {
1678 case RFCOMM_SABM:
1679 if (__test_pf(hdr->ctrl))
1680 rfcomm_recv_sabm(s, dlci);
1681 break;
1683 case RFCOMM_DISC:
1684 if (__test_pf(hdr->ctrl))
1685 rfcomm_recv_disc(s, dlci);
1686 break;
1688 case RFCOMM_UA:
1689 if (__test_pf(hdr->ctrl))
1690 rfcomm_recv_ua(s, dlci);
1691 break;
1693 case RFCOMM_DM:
1694 rfcomm_recv_dm(s, dlci);
1695 break;
1697 case RFCOMM_UIH:
1698 if (dlci)
1699 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1701 rfcomm_recv_mcc(s, skb);
1702 break;
1704 default:
1705 BT_ERR("Unknown packet type 0x%02x", type);
1706 break;
1707 }
1708 kfree_skb(skb);
1709 return 0;
1710 }
1712 /* ---- Connection and data processing ---- */
1714 static void rfcomm_process_connect(struct rfcomm_session *s)
1715 {
1716 struct rfcomm_dlc *d;
1717 struct list_head *p, *n;
1719 BT_DBG("session %p state %ld", s, s->state);
1721 list_for_each_safe(p, n, &s->dlcs) {
1722 d = list_entry(p, struct rfcomm_dlc, list);
1723 if (d->state == BT_CONFIG) {
1724 d->mtu = s->mtu;
1725 if (rfcomm_check_security(d)) {
1726 rfcomm_send_pn(s, 1, d);
1727 } else {
1728 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1729 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1730 }
1731 }
1732 }
1733 }
1735 /* Send data queued for the DLC.
1736 * Return number of frames left in the queue.
1737 */
1738 static int rfcomm_process_tx(struct rfcomm_dlc *d)
1739 {
1740 struct sk_buff *skb;
1741 int err;
1743 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1744 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1746 /* Send pending MSC */
1747 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1748 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1750 if (d->cfc) {
1751 /* CFC enabled.
1752 * Give them some credits */
1753 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1754 d->rx_credits <= (d->cfc >> 2)) {
1755 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1756 d->rx_credits = d->cfc;
1757 }
1758 } else {
1759 /* CFC disabled.
1760 * Give ourselves some credits */
1761 d->tx_credits = 5;
1762 }
1764 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1765 return skb_queue_len(&d->tx_queue);
1767 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1768 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1769 if (err < 0) {
1770 skb_queue_head(&d->tx_queue, skb);
1771 break;
1772 }
1773 kfree_skb(skb);
1774 d->tx_credits--;
1775 }
1777 if (d->cfc && !d->tx_credits) {
1778 /* We're out of TX credits.
1779 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1780 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1781 }
1783 return skb_queue_len(&d->tx_queue);
1784 }
1786 static void rfcomm_process_dlcs(struct rfcomm_session *s)
1787 {
1788 struct rfcomm_dlc *d;
1789 struct list_head *p, *n;
1791 BT_DBG("session %p state %ld", s, s->state);
1793 list_for_each_safe(p, n, &s->dlcs) {
1794 d = list_entry(p, struct rfcomm_dlc, list);
1796 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1797 __rfcomm_dlc_close(d, ETIMEDOUT);
1798 continue;
1799 }
1801 if (test_bit(RFCOMM_ENC_DROP, &d->flags)) {
1802 __rfcomm_dlc_close(d, ECONNREFUSED);
1803 continue;
1804 }
1806 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1807 rfcomm_dlc_clear_timer(d);
1808 if (d->out) {
1809 rfcomm_send_pn(s, 1, d);
1810 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
1811 } else {
1812 if (d->defer_setup) {
1813 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1814 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1816 rfcomm_dlc_lock(d);
1817 d->state = BT_CONNECT2;
1818 d->state_change(d, 0);
1819 rfcomm_dlc_unlock(d);
1820 } else
1821 rfcomm_dlc_accept(d);
1822 }
1823 continue;
1824 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1825 rfcomm_dlc_clear_timer(d);
1826 if (!d->out)
1827 rfcomm_send_dm(s, d->dlci);
1828 else
1829 d->state = BT_CLOSED;
1830 __rfcomm_dlc_close(d, ECONNREFUSED);
1831 continue;
1832 }
1834 if (test_bit(RFCOMM_SEC_PENDING, &d->flags))
1835 continue;
1837 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1838 continue;
1840 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1841 d->mscex == RFCOMM_MSCEX_OK)
1842 rfcomm_process_tx(d);
1843 }
1844 }
1846 static void rfcomm_process_rx(struct rfcomm_session *s)
1847 {
1848 struct socket *sock = s->sock;
1849 struct sock *sk = sock->sk;
1850 struct sk_buff *skb;
1852 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1854 /* Get data directly from socket receive queue without copying it. */
1855 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1856 skb_orphan(skb);
1857 if (!skb_linearize(skb))
1858 rfcomm_recv_frame(s, skb);
1859 else
1860 kfree_skb(skb);
1861 }
1863 if (sk->sk_state == BT_CLOSED) {
1864 if (!s->initiator)
1865 rfcomm_session_put(s);
1867 rfcomm_session_close(s, sk->sk_err);
1868 }
1869 }
1871 static void rfcomm_accept_connection(struct rfcomm_session *s)
1872 {
1873 struct socket *sock = s->sock, *nsock;
1874 int err;
1876 /* Fast check for a new connection.
1877 * Avoids unnesesary socket allocations. */
1878 if (list_empty(&bt_sk(sock->sk)->accept_q))
1879 return;
1881 BT_DBG("session %p", s);
1883 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1884 if (err < 0)
1885 return;
1887 /* Set our callbacks */
1888 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1889 nsock->sk->sk_state_change = rfcomm_l2state_change;
1891 s = rfcomm_session_add(nsock, BT_OPEN);
1892 if (s) {
1893 rfcomm_session_hold(s);
1895 /* We should adjust MTU on incoming sessions.
1896 * L2CAP MTU minus UIH header and FCS. */
1897 s->mtu = min(l2cap_pi(nsock->sk)->chan->omtu,
1898 l2cap_pi(nsock->sk)->chan->imtu) - 5;
1900 rfcomm_schedule();
1901 } else
1902 sock_release(nsock);
1903 }
1905 static void rfcomm_check_connection(struct rfcomm_session *s)
1906 {
1907 struct sock *sk = s->sock->sk;
1909 BT_DBG("%p state %ld", s, s->state);
1911 switch (sk->sk_state) {
1912 case BT_CONNECTED:
1913 s->state = BT_CONNECT;
1915 /* We can adjust MTU on outgoing sessions.
1916 * L2CAP MTU minus UIH header and FCS. */
1917 s->mtu = min(l2cap_pi(sk)->chan->omtu, l2cap_pi(sk)->chan->imtu) - 5;
1919 rfcomm_send_sabm(s, 0);
1920 break;
1922 case BT_CLOSED:
1923 s->state = BT_CLOSED;
1924 rfcomm_session_close(s, sk->sk_err);
1925 break;
1926 }
1927 }
1929 static void rfcomm_process_sessions(void)
1930 {
1931 struct list_head *p, *n;
1933 rfcomm_lock();
1935 list_for_each_safe(p, n, &session_list) {
1936 struct rfcomm_session *s;
1937 s = list_entry(p, struct rfcomm_session, list);
1939 if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) {
1940 s->state = BT_DISCONN;
1941 rfcomm_send_disc(s, 0);
1942 rfcomm_session_put(s);
1943 continue;
1944 }
1946 if (s->state == BT_LISTEN) {
1947 rfcomm_accept_connection(s);
1948 continue;
1949 }
1951 rfcomm_session_hold(s);
1953 switch (s->state) {
1954 case BT_BOUND:
1955 rfcomm_check_connection(s);
1956 break;
1958 default:
1959 rfcomm_process_rx(s);
1960 break;
1961 }
1963 rfcomm_process_dlcs(s);
1965 rfcomm_session_put(s);
1966 }
1968 rfcomm_unlock();
1969 }
1971 static int rfcomm_add_listener(bdaddr_t *ba)
1972 {
1973 struct sockaddr_l2 addr;
1974 struct socket *sock;
1975 struct sock *sk;
1976 struct rfcomm_session *s;
1977 int err = 0;
1979 /* Create socket */
1980 err = rfcomm_l2sock_create(&sock);
1981 if (err < 0) {
1982 BT_ERR("Create socket failed %d", err);
1983 return err;
1984 }
1986 /* Bind socket */
1987 bacpy(&addr.l2_bdaddr, ba);
1988 addr.l2_family = AF_BLUETOOTH;
1989 addr.l2_psm = __constant_cpu_to_le16(RFCOMM_PSM);
1990 addr.l2_cid = 0;
1991 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1992 if (err < 0) {
1993 BT_ERR("Bind failed %d", err);
1994 goto failed;
1995 }
1997 /* Set L2CAP options */
1998 sk = sock->sk;
1999 lock_sock(sk);
2000 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
2001 release_sock(sk);
2003 /* Start listening on the socket */
2004 err = kernel_listen(sock, 10);
2005 if (err) {
2006 BT_ERR("Listen failed %d", err);
2007 goto failed;
2008 }
2010 /* Add listening session */
2011 s = rfcomm_session_add(sock, BT_LISTEN);
2012 if (!s)
2013 goto failed;
2015 rfcomm_session_hold(s);
2016 return 0;
2017 failed:
2018 sock_release(sock);
2019 return err;
2020 }
2022 static void rfcomm_kill_listener(void)
2023 {
2024 struct rfcomm_session *s;
2025 struct list_head *p, *n;
2027 BT_DBG("");
2029 list_for_each_safe(p, n, &session_list) {
2030 s = list_entry(p, struct rfcomm_session, list);
2031 rfcomm_session_del(s);
2032 }
2033 }
2035 static int rfcomm_run(void *unused)
2036 {
2037 BT_DBG("");
2039 set_user_nice(current, -10);
2041 rfcomm_add_listener(BDADDR_ANY);
2043 while (1) {
2044 set_current_state(TASK_INTERRUPTIBLE);
2046 if (kthread_should_stop())
2047 break;
2049 /* Process stuff */
2050 rfcomm_process_sessions();
2052 schedule();
2053 }
2054 __set_current_state(TASK_RUNNING);
2056 rfcomm_kill_listener();
2058 return 0;
2059 }
2061 static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
2062 {
2063 struct rfcomm_session *s;
2064 struct rfcomm_dlc *d;
2065 struct list_head *p, *n;
2067 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
2069 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
2070 if (!s)
2071 return;
2073 rfcomm_session_hold(s);
2075 list_for_each_safe(p, n, &s->dlcs) {
2076 d = list_entry(p, struct rfcomm_dlc, list);
2078 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) {
2079 rfcomm_dlc_clear_timer(d);
2080 if (status || encrypt == 0x00) {
2081 set_bit(RFCOMM_ENC_DROP, &d->flags);
2082 continue;
2083 }
2084 }
2086 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) {
2087 if (d->sec_level == BT_SECURITY_MEDIUM) {
2088 set_bit(RFCOMM_SEC_PENDING, &d->flags);
2089 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
2090 continue;
2091 } else if (d->sec_level == BT_SECURITY_HIGH) {
2092 set_bit(RFCOMM_ENC_DROP, &d->flags);
2093 continue;
2094 }
2095 }
2097 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2098 continue;
2100 if (!status && hci_conn_check_secure(conn, d->sec_level))
2101 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2102 else
2103 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2104 }
2106 rfcomm_session_put(s);
2108 rfcomm_schedule();
2109 }
2111 static struct hci_cb rfcomm_cb = {
2112 .name = "RFCOMM",
2113 .security_cfm = rfcomm_security_cfm
2114 };
2116 static int rfcomm_dlc_debugfs_show(struct seq_file *f, void *x)
2117 {
2118 struct rfcomm_session *s;
2120 rfcomm_lock();
2122 list_for_each_entry(s, &session_list, list) {
2123 struct rfcomm_dlc *d;
2124 list_for_each_entry(d, &s->dlcs, list) {
2125 struct sock *sk = s->sock->sk;
2127 seq_printf(f, "%pMR %pMR %ld %d %d %d %d\n",
2128 &bt_sk(sk)->src, &bt_sk(sk)->dst,
2129 d->state, d->dlci, d->mtu,
2130 d->rx_credits, d->tx_credits);
2131 }
2132 }
2134 rfcomm_unlock();
2136 return 0;
2137 }
2139 static int rfcomm_dlc_debugfs_open(struct inode *inode, struct file *file)
2140 {
2141 return single_open(file, rfcomm_dlc_debugfs_show, inode->i_private);
2142 }
2144 static const struct file_operations rfcomm_dlc_debugfs_fops = {
2145 .open = rfcomm_dlc_debugfs_open,
2146 .read = seq_read,
2147 .llseek = seq_lseek,
2148 .release = single_release,
2149 };
2151 static struct dentry *rfcomm_dlc_debugfs;
2153 /* ---- Initialization ---- */
2154 static int __init rfcomm_init(void)
2155 {
2156 int err;
2158 hci_register_cb(&rfcomm_cb);
2160 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2161 if (IS_ERR(rfcomm_thread)) {
2162 err = PTR_ERR(rfcomm_thread);
2163 goto unregister;
2164 }
2166 if (bt_debugfs) {
2167 rfcomm_dlc_debugfs = debugfs_create_file("rfcomm_dlc", 0444,
2168 bt_debugfs, NULL, &rfcomm_dlc_debugfs_fops);
2169 if (!rfcomm_dlc_debugfs)
2170 BT_ERR("Failed to create RFCOMM debug file");
2171 }
2173 err = rfcomm_init_ttys();
2174 if (err < 0)
2175 goto stop;
2177 err = rfcomm_init_sockets();
2178 if (err < 0)
2179 goto cleanup;
2181 BT_INFO("RFCOMM ver %s", VERSION);
2183 return 0;
2185 cleanup:
2186 rfcomm_cleanup_ttys();
2188 stop:
2189 kthread_stop(rfcomm_thread);
2191 unregister:
2192 hci_unregister_cb(&rfcomm_cb);
2194 return err;
2195 }
2197 static void __exit rfcomm_exit(void)
2198 {
2199 debugfs_remove(rfcomm_dlc_debugfs);
2201 hci_unregister_cb(&rfcomm_cb);
2203 kthread_stop(rfcomm_thread);
2205 rfcomm_cleanup_ttys();
2207 rfcomm_cleanup_sockets();
2208 }
2210 module_init(rfcomm_init);
2211 module_exit(rfcomm_exit);
2213 module_param(disable_cfc, bool, 0644);
2214 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2216 module_param(channel_mtu, int, 0644);
2217 MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2219 module_param(l2cap_mtu, uint, 0644);
2220 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2222 module_param(l2cap_ertm, bool, 0644);
2223 MODULE_PARM_DESC(l2cap_ertm, "Use L2CAP ERTM mode for connection");
2225 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2226 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2227 MODULE_VERSION(VERSION);
2228 MODULE_LICENSE("GPL");
2229 MODULE_ALIAS("bt-proto-3");