Commit | Line | Data |
---|---|---|
8e87d142 | 1 | /* |
1da177e4 LT |
2 | RFCOMM implementation for Linux Bluetooth stack (BlueZ). |
3 | Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> | |
4 | Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> | |
5 | ||
6 | This program is free software; you can redistribute it and/or modify | |
7 | it under the terms of the GNU General Public License version 2 as | |
8 | published by the Free Software Foundation; | |
9 | ||
10 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS | |
11 | OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | |
12 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. | |
13 | IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY | |
8e87d142 YH |
14 | CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES |
15 | WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | |
16 | ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | |
1da177e4 LT |
17 | OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
18 | ||
8e87d142 YH |
19 | ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, |
20 | COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS | |
1da177e4 LT |
21 | SOFTWARE IS DISCLAIMED. |
22 | */ | |
23 | ||
1da177e4 LT |
24 | /* |
25 | * Bluetooth RFCOMM core. | |
1da177e4 LT |
26 | */ |
27 | ||
1da177e4 LT |
28 | #include <linux/module.h> |
29 | #include <linux/errno.h> | |
30 | #include <linux/kernel.h> | |
31 | #include <linux/sched.h> | |
32 | #include <linux/signal.h> | |
33 | #include <linux/init.h> | |
34 | #include <linux/wait.h> | |
be9d1227 | 35 | #include <linux/device.h> |
1da177e4 | 36 | #include <linux/net.h> |
4a3e2f71 | 37 | #include <linux/mutex.h> |
a524eccc | 38 | #include <linux/kthread.h> |
4a3e2f71 | 39 | |
1da177e4 LT |
40 | #include <net/sock.h> |
41 | #include <asm/uaccess.h> | |
42 | #include <asm/unaligned.h> | |
43 | ||
44 | #include <net/bluetooth/bluetooth.h> | |
45 | #include <net/bluetooth/hci_core.h> | |
46 | #include <net/bluetooth/l2cap.h> | |
47 | #include <net/bluetooth/rfcomm.h> | |
48 | ||
5f9018af | 49 | #define VERSION "1.11" |
56f3a40a | 50 | |
7c2660b0 | 51 | static int disable_cfc = 0; |
98bcd08b | 52 | static int channel_mtu = -1; |
56f3a40a MH |
53 | static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU; |
54 | ||
1da177e4 LT |
55 | static struct task_struct *rfcomm_thread; |
56 | ||
4a3e2f71 AV |
57 | static DEFINE_MUTEX(rfcomm_mutex); |
58 | #define rfcomm_lock() mutex_lock(&rfcomm_mutex) | |
59 | #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex) | |
1da177e4 LT |
60 | |
61 | static unsigned long rfcomm_event; | |
62 | ||
63 | static LIST_HEAD(session_list); | |
1da177e4 LT |
64 | |
65 | static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len); | |
66 | static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci); | |
67 | static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci); | |
68 | static int rfcomm_queue_disc(struct rfcomm_dlc *d); | |
69 | static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type); | |
70 | static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d); | |
71 | static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig); | |
72 | static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len); | |
73 | static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits); | |
74 | static void rfcomm_make_uih(struct sk_buff *skb, u8 addr); | |
75 | ||
76 | static void rfcomm_process_connect(struct rfcomm_session *s); | |
77 | ||
78 | static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err); | |
79 | static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst); | |
80 | static void rfcomm_session_del(struct rfcomm_session *s); | |
81 | ||
82 | /* ---- RFCOMM frame parsing macros ---- */ | |
83 | #define __get_dlci(b) ((b & 0xfc) >> 2) | |
84 | #define __get_channel(b) ((b & 0xf8) >> 3) | |
85 | #define __get_dir(b) ((b & 0x04) >> 2) | |
86 | #define __get_type(b) ((b & 0xef)) | |
87 | ||
88 | #define __test_ea(b) ((b & 0x01)) | |
89 | #define __test_cr(b) ((b & 0x02)) | |
90 | #define __test_pf(b) ((b & 0x10)) | |
91 | ||
92 | #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01) | |
93 | #define __ctrl(type, pf) (((type & 0xef) | (pf << 4))) | |
94 | #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir) | |
95 | #define __srv_channel(dlci) (dlci >> 1) | |
96 | #define __dir(dlci) (dlci & 0x01) | |
97 | ||
98 | #define __len8(len) (((len) << 1) | 1) | |
99 | #define __len16(len) ((len) << 1) | |
100 | ||
101 | /* MCC macros */ | |
102 | #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01)) | |
103 | #define __get_mcc_type(b) ((b & 0xfc) >> 2) | |
104 | #define __get_mcc_len(b) ((b & 0xfe) >> 1) | |
105 | ||
106 | /* RPN macros */ | |
3a5e903c | 107 | #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3)) |
1da177e4 LT |
108 | #define __get_rpn_data_bits(line) ((line) & 0x3) |
109 | #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1) | |
3a5e903c | 110 | #define __get_rpn_parity(line) (((line) >> 3) & 0x7) |
1da177e4 LT |
111 | |
112 | static inline void rfcomm_schedule(uint event) | |
113 | { | |
114 | if (!rfcomm_thread) | |
115 | return; | |
116 | //set_bit(event, &rfcomm_event); | |
117 | set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event); | |
118 | wake_up_process(rfcomm_thread); | |
119 | } | |
120 | ||
121 | static inline void rfcomm_session_put(struct rfcomm_session *s) | |
122 | { | |
123 | if (atomic_dec_and_test(&s->refcnt)) | |
124 | rfcomm_session_del(s); | |
125 | } | |
126 | ||
127 | /* ---- RFCOMM FCS computation ---- */ | |
128 | ||
408c1ce2 | 129 | /* reversed, 8-bit, poly=0x07 */ |
8e87d142 | 130 | static unsigned char rfcomm_crc_table[256] = { |
408c1ce2 MH |
131 | 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75, |
132 | 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b, | |
133 | 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69, | |
134 | 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67, | |
135 | ||
136 | 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d, | |
137 | 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43, | |
138 | 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51, | |
139 | 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f, | |
140 | ||
141 | 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05, | |
142 | 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b, | |
143 | 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19, | |
144 | 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17, | |
145 | ||
146 | 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d, | |
147 | 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33, | |
148 | 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21, | |
149 | 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f, | |
150 | ||
151 | 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95, | |
152 | 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b, | |
153 | 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89, | |
154 | 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87, | |
155 | ||
156 | 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad, | |
157 | 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3, | |
158 | 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1, | |
159 | 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf, | |
160 | ||
161 | 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5, | |
162 | 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb, | |
163 | 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9, | |
164 | 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7, | |
165 | ||
166 | 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd, | |
167 | 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3, | |
168 | 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1, | |
169 | 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf | |
170 | }; | |
171 | ||
1da177e4 LT |
172 | /* CRC on 2 bytes */ |
173 | #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]]) | |
174 | ||
8e87d142 | 175 | /* FCS on 2 bytes */ |
1da177e4 LT |
176 | static inline u8 __fcs(u8 *data) |
177 | { | |
178 | return (0xff - __crc(data)); | |
179 | } | |
180 | ||
8e87d142 | 181 | /* FCS on 3 bytes */ |
1da177e4 LT |
182 | static inline u8 __fcs2(u8 *data) |
183 | { | |
184 | return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]); | |
185 | } | |
186 | ||
187 | /* Check FCS */ | |
188 | static inline int __check_fcs(u8 *data, int type, u8 fcs) | |
189 | { | |
190 | u8 f = __crc(data); | |
191 | ||
192 | if (type != RFCOMM_UIH) | |
193 | f = rfcomm_crc_table[f ^ data[2]]; | |
194 | ||
195 | return rfcomm_crc_table[f ^ fcs] != 0xcf; | |
196 | } | |
197 | ||
198 | /* ---- L2CAP callbacks ---- */ | |
199 | static void rfcomm_l2state_change(struct sock *sk) | |
200 | { | |
201 | BT_DBG("%p state %d", sk, sk->sk_state); | |
202 | rfcomm_schedule(RFCOMM_SCHED_STATE); | |
203 | } | |
204 | ||
205 | static void rfcomm_l2data_ready(struct sock *sk, int bytes) | |
206 | { | |
207 | BT_DBG("%p bytes %d", sk, bytes); | |
208 | rfcomm_schedule(RFCOMM_SCHED_RX); | |
209 | } | |
210 | ||
211 | static int rfcomm_l2sock_create(struct socket **sock) | |
212 | { | |
213 | int err; | |
214 | ||
215 | BT_DBG(""); | |
216 | ||
217 | err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock); | |
218 | if (!err) { | |
219 | struct sock *sk = (*sock)->sk; | |
220 | sk->sk_data_ready = rfcomm_l2data_ready; | |
221 | sk->sk_state_change = rfcomm_l2state_change; | |
222 | } | |
223 | return err; | |
224 | } | |
225 | ||
9f2c8a03 | 226 | static inline int rfcomm_check_security(struct rfcomm_dlc *d) |
77db1980 MH |
227 | { |
228 | struct sock *sk = d->session->sock->sk; | |
0684e5f9 MH |
229 | __u8 auth_type; |
230 | ||
231 | switch (d->sec_level) { | |
232 | case BT_SECURITY_HIGH: | |
233 | auth_type = HCI_AT_GENERAL_BONDING_MITM; | |
234 | break; | |
235 | case BT_SECURITY_MEDIUM: | |
236 | auth_type = HCI_AT_GENERAL_BONDING; | |
237 | break; | |
238 | default: | |
239 | auth_type = HCI_AT_NO_BONDING; | |
240 | break; | |
241 | } | |
77db1980 | 242 | |
0684e5f9 MH |
243 | return hci_conn_security(l2cap_pi(sk)->conn->hcon, d->sec_level, |
244 | auth_type); | |
77db1980 MH |
245 | } |
246 | ||
1da177e4 LT |
247 | /* ---- RFCOMM DLCs ---- */ |
248 | static void rfcomm_dlc_timeout(unsigned long arg) | |
249 | { | |
250 | struct rfcomm_dlc *d = (void *) arg; | |
251 | ||
252 | BT_DBG("dlc %p state %ld", d, d->state); | |
253 | ||
254 | set_bit(RFCOMM_TIMED_OUT, &d->flags); | |
255 | rfcomm_dlc_put(d); | |
256 | rfcomm_schedule(RFCOMM_SCHED_TIMEO); | |
257 | } | |
258 | ||
259 | static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout) | |
260 | { | |
261 | BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout); | |
262 | ||
263 | if (!mod_timer(&d->timer, jiffies + timeout)) | |
264 | rfcomm_dlc_hold(d); | |
265 | } | |
266 | ||
267 | static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d) | |
268 | { | |
269 | BT_DBG("dlc %p state %ld", d, d->state); | |
270 | ||
271 | if (timer_pending(&d->timer) && del_timer(&d->timer)) | |
272 | rfcomm_dlc_put(d); | |
273 | } | |
274 | ||
275 | static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d) | |
276 | { | |
277 | BT_DBG("%p", d); | |
278 | ||
279 | d->state = BT_OPEN; | |
280 | d->flags = 0; | |
281 | d->mscex = 0; | |
282 | d->mtu = RFCOMM_DEFAULT_MTU; | |
283 | d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV; | |
284 | ||
285 | d->cfc = RFCOMM_CFC_DISABLED; | |
286 | d->rx_credits = RFCOMM_DEFAULT_CREDITS; | |
287 | } | |
288 | ||
dd0fc66f | 289 | struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio) |
1da177e4 | 290 | { |
25ea6db0 MH |
291 | struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio); |
292 | ||
1da177e4 LT |
293 | if (!d) |
294 | return NULL; | |
1da177e4 | 295 | |
b24b8a24 | 296 | setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d); |
1da177e4 LT |
297 | |
298 | skb_queue_head_init(&d->tx_queue); | |
299 | spin_lock_init(&d->lock); | |
300 | atomic_set(&d->refcnt, 1); | |
301 | ||
302 | rfcomm_dlc_clear_state(d); | |
8e87d142 | 303 | |
1da177e4 | 304 | BT_DBG("%p", d); |
25ea6db0 | 305 | |
1da177e4 LT |
306 | return d; |
307 | } | |
308 | ||
309 | void rfcomm_dlc_free(struct rfcomm_dlc *d) | |
310 | { | |
311 | BT_DBG("%p", d); | |
312 | ||
313 | skb_queue_purge(&d->tx_queue); | |
314 | kfree(d); | |
315 | } | |
316 | ||
317 | static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d) | |
318 | { | |
319 | BT_DBG("dlc %p session %p", d, s); | |
320 | ||
321 | rfcomm_session_hold(s); | |
322 | ||
323 | rfcomm_dlc_hold(d); | |
324 | list_add(&d->list, &s->dlcs); | |
325 | d->session = s; | |
326 | } | |
327 | ||
328 | static void rfcomm_dlc_unlink(struct rfcomm_dlc *d) | |
329 | { | |
330 | struct rfcomm_session *s = d->session; | |
331 | ||
332 | BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s); | |
333 | ||
334 | list_del(&d->list); | |
335 | d->session = NULL; | |
336 | rfcomm_dlc_put(d); | |
337 | ||
338 | rfcomm_session_put(s); | |
339 | } | |
340 | ||
341 | static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci) | |
342 | { | |
343 | struct rfcomm_dlc *d; | |
344 | struct list_head *p; | |
345 | ||
346 | list_for_each(p, &s->dlcs) { | |
347 | d = list_entry(p, struct rfcomm_dlc, list); | |
348 | if (d->dlci == dlci) | |
349 | return d; | |
350 | } | |
351 | return NULL; | |
352 | } | |
353 | ||
354 | static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel) | |
355 | { | |
356 | struct rfcomm_session *s; | |
357 | int err = 0; | |
358 | u8 dlci; | |
359 | ||
8e87d142 | 360 | BT_DBG("dlc %p state %ld %s %s channel %d", |
1da177e4 LT |
361 | d, d->state, batostr(src), batostr(dst), channel); |
362 | ||
363 | if (channel < 1 || channel > 30) | |
364 | return -EINVAL; | |
365 | ||
366 | if (d->state != BT_OPEN && d->state != BT_CLOSED) | |
367 | return 0; | |
368 | ||
369 | s = rfcomm_session_get(src, dst); | |
370 | if (!s) { | |
371 | s = rfcomm_session_create(src, dst, &err); | |
372 | if (!s) | |
373 | return err; | |
374 | } | |
375 | ||
376 | dlci = __dlci(!s->initiator, channel); | |
377 | ||
378 | /* Check if DLCI already exists */ | |
379 | if (rfcomm_dlc_get(s, dlci)) | |
380 | return -EBUSY; | |
381 | ||
382 | rfcomm_dlc_clear_state(d); | |
383 | ||
384 | d->dlci = dlci; | |
385 | d->addr = __addr(s->initiator, dlci); | |
386 | d->priority = 7; | |
387 | ||
77db1980 | 388 | d->state = BT_CONFIG; |
1da177e4 LT |
389 | rfcomm_dlc_link(s, d); |
390 | ||
77db1980 MH |
391 | d->out = 1; |
392 | ||
1da177e4 LT |
393 | d->mtu = s->mtu; |
394 | d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc; | |
395 | ||
77db1980 | 396 | if (s->state == BT_CONNECTED) { |
9f2c8a03 | 397 | if (rfcomm_check_security(d)) |
77db1980 | 398 | rfcomm_send_pn(s, 1, d); |
8c1b2355 MH |
399 | else |
400 | set_bit(RFCOMM_AUTH_PENDING, &d->flags); | |
77db1980 MH |
401 | } |
402 | ||
1da177e4 | 403 | rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT); |
77db1980 | 404 | |
1da177e4 LT |
405 | return 0; |
406 | } | |
407 | ||
408 | int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel) | |
409 | { | |
410 | int r; | |
411 | ||
412 | rfcomm_lock(); | |
413 | ||
414 | r = __rfcomm_dlc_open(d, src, dst, channel); | |
415 | ||
416 | rfcomm_unlock(); | |
417 | return r; | |
418 | } | |
419 | ||
420 | static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err) | |
421 | { | |
422 | struct rfcomm_session *s = d->session; | |
423 | if (!s) | |
424 | return 0; | |
425 | ||
426 | BT_DBG("dlc %p state %ld dlci %d err %d session %p", | |
427 | d, d->state, d->dlci, err, s); | |
428 | ||
429 | switch (d->state) { | |
1da177e4 | 430 | case BT_CONNECT: |
bb23c0ab MH |
431 | case BT_CONFIG: |
432 | if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { | |
433 | set_bit(RFCOMM_AUTH_REJECT, &d->flags); | |
434 | rfcomm_schedule(RFCOMM_SCHED_AUTH); | |
435 | break; | |
436 | } | |
437 | /* Fall through */ | |
438 | ||
439 | case BT_CONNECTED: | |
1da177e4 LT |
440 | d->state = BT_DISCONN; |
441 | if (skb_queue_empty(&d->tx_queue)) { | |
442 | rfcomm_send_disc(s, d->dlci); | |
443 | rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT); | |
444 | } else { | |
445 | rfcomm_queue_disc(d); | |
446 | rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2); | |
447 | } | |
448 | break; | |
449 | ||
bb23c0ab | 450 | case BT_OPEN: |
8bf47941 | 451 | case BT_CONNECT2: |
bb23c0ab MH |
452 | if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { |
453 | set_bit(RFCOMM_AUTH_REJECT, &d->flags); | |
454 | rfcomm_schedule(RFCOMM_SCHED_AUTH); | |
455 | break; | |
456 | } | |
457 | /* Fall through */ | |
458 | ||
1da177e4 LT |
459 | default: |
460 | rfcomm_dlc_clear_timer(d); | |
461 | ||
462 | rfcomm_dlc_lock(d); | |
463 | d->state = BT_CLOSED; | |
1905f6c7 | 464 | d->state_change(d, err); |
4c8411f8 | 465 | rfcomm_dlc_unlock(d); |
1da177e4 LT |
466 | |
467 | skb_queue_purge(&d->tx_queue); | |
1da177e4 LT |
468 | rfcomm_dlc_unlink(d); |
469 | } | |
470 | ||
471 | return 0; | |
472 | } | |
473 | ||
474 | int rfcomm_dlc_close(struct rfcomm_dlc *d, int err) | |
475 | { | |
476 | int r; | |
477 | ||
478 | rfcomm_lock(); | |
479 | ||
480 | r = __rfcomm_dlc_close(d, err); | |
481 | ||
482 | rfcomm_unlock(); | |
483 | return r; | |
484 | } | |
485 | ||
486 | int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb) | |
487 | { | |
488 | int len = skb->len; | |
489 | ||
490 | if (d->state != BT_CONNECTED) | |
491 | return -ENOTCONN; | |
492 | ||
493 | BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len); | |
494 | ||
495 | if (len > d->mtu) | |
496 | return -EINVAL; | |
497 | ||
498 | rfcomm_make_uih(skb, d->addr); | |
499 | skb_queue_tail(&d->tx_queue, skb); | |
500 | ||
501 | if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags)) | |
502 | rfcomm_schedule(RFCOMM_SCHED_TX); | |
503 | return len; | |
504 | } | |
505 | ||
b5606c2d | 506 | void __rfcomm_dlc_throttle(struct rfcomm_dlc *d) |
1da177e4 LT |
507 | { |
508 | BT_DBG("dlc %p state %ld", d, d->state); | |
509 | ||
510 | if (!d->cfc) { | |
511 | d->v24_sig |= RFCOMM_V24_FC; | |
512 | set_bit(RFCOMM_MSC_PENDING, &d->flags); | |
513 | } | |
514 | rfcomm_schedule(RFCOMM_SCHED_TX); | |
515 | } | |
516 | ||
b5606c2d | 517 | void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d) |
1da177e4 LT |
518 | { |
519 | BT_DBG("dlc %p state %ld", d, d->state); | |
520 | ||
521 | if (!d->cfc) { | |
522 | d->v24_sig &= ~RFCOMM_V24_FC; | |
523 | set_bit(RFCOMM_MSC_PENDING, &d->flags); | |
524 | } | |
525 | rfcomm_schedule(RFCOMM_SCHED_TX); | |
526 | } | |
527 | ||
8e87d142 | 528 | /* |
1da177e4 LT |
529 | Set/get modem status functions use _local_ status i.e. what we report |
530 | to the other side. | |
531 | Remote status is provided by dlc->modem_status() callback. | |
532 | */ | |
533 | int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig) | |
534 | { | |
8e87d142 | 535 | BT_DBG("dlc %p state %ld v24_sig 0x%x", |
1da177e4 LT |
536 | d, d->state, v24_sig); |
537 | ||
538 | if (test_bit(RFCOMM_RX_THROTTLED, &d->flags)) | |
539 | v24_sig |= RFCOMM_V24_FC; | |
540 | else | |
541 | v24_sig &= ~RFCOMM_V24_FC; | |
8e87d142 | 542 | |
1da177e4 LT |
543 | d->v24_sig = v24_sig; |
544 | ||
545 | if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags)) | |
546 | rfcomm_schedule(RFCOMM_SCHED_TX); | |
547 | ||
548 | return 0; | |
549 | } | |
550 | ||
551 | int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig) | |
552 | { | |
8e87d142 | 553 | BT_DBG("dlc %p state %ld v24_sig 0x%x", |
1da177e4 LT |
554 | d, d->state, d->v24_sig); |
555 | ||
556 | *v24_sig = d->v24_sig; | |
557 | return 0; | |
558 | } | |
559 | ||
560 | /* ---- RFCOMM sessions ---- */ | |
561 | static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state) | |
562 | { | |
25ea6db0 MH |
563 | struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL); |
564 | ||
1da177e4 LT |
565 | if (!s) |
566 | return NULL; | |
1da177e4 LT |
567 | |
568 | BT_DBG("session %p sock %p", s, sock); | |
569 | ||
570 | INIT_LIST_HEAD(&s->dlcs); | |
571 | s->state = state; | |
572 | s->sock = sock; | |
573 | ||
574 | s->mtu = RFCOMM_DEFAULT_MTU; | |
7c2660b0 | 575 | s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN; |
1da177e4 LT |
576 | |
577 | /* Do not increment module usage count for listening sessions. | |
578 | * Otherwise we won't be able to unload the module. */ | |
579 | if (state != BT_LISTEN) | |
580 | if (!try_module_get(THIS_MODULE)) { | |
581 | kfree(s); | |
582 | return NULL; | |
583 | } | |
584 | ||
585 | list_add(&s->list, &session_list); | |
586 | ||
587 | return s; | |
588 | } | |
589 | ||
590 | static void rfcomm_session_del(struct rfcomm_session *s) | |
591 | { | |
592 | int state = s->state; | |
593 | ||
594 | BT_DBG("session %p state %ld", s, s->state); | |
595 | ||
596 | list_del(&s->list); | |
597 | ||
598 | if (state == BT_CONNECTED) | |
599 | rfcomm_send_disc(s, 0); | |
600 | ||
601 | sock_release(s->sock); | |
602 | kfree(s); | |
603 | ||
604 | if (state != BT_LISTEN) | |
605 | module_put(THIS_MODULE); | |
606 | } | |
607 | ||
608 | static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst) | |
609 | { | |
610 | struct rfcomm_session *s; | |
611 | struct list_head *p, *n; | |
612 | struct bt_sock *sk; | |
613 | list_for_each_safe(p, n, &session_list) { | |
614 | s = list_entry(p, struct rfcomm_session, list); | |
8e87d142 | 615 | sk = bt_sk(s->sock->sk); |
1da177e4 LT |
616 | |
617 | if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) && | |
618 | !bacmp(&sk->dst, dst)) | |
619 | return s; | |
620 | } | |
621 | return NULL; | |
622 | } | |
623 | ||
624 | static void rfcomm_session_close(struct rfcomm_session *s, int err) | |
625 | { | |
626 | struct rfcomm_dlc *d; | |
627 | struct list_head *p, *n; | |
628 | ||
629 | BT_DBG("session %p state %ld err %d", s, s->state, err); | |
630 | ||
631 | rfcomm_session_hold(s); | |
632 | ||
633 | s->state = BT_CLOSED; | |
634 | ||
635 | /* Close all dlcs */ | |
636 | list_for_each_safe(p, n, &s->dlcs) { | |
637 | d = list_entry(p, struct rfcomm_dlc, list); | |
638 | d->state = BT_CLOSED; | |
639 | __rfcomm_dlc_close(d, err); | |
640 | } | |
641 | ||
642 | rfcomm_session_put(s); | |
643 | } | |
644 | ||
645 | static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err) | |
646 | { | |
647 | struct rfcomm_session *s = NULL; | |
648 | struct sockaddr_l2 addr; | |
649 | struct socket *sock; | |
650 | struct sock *sk; | |
651 | ||
652 | BT_DBG("%s %s", batostr(src), batostr(dst)); | |
653 | ||
654 | *err = rfcomm_l2sock_create(&sock); | |
655 | if (*err < 0) | |
656 | return NULL; | |
657 | ||
658 | bacpy(&addr.l2_bdaddr, src); | |
659 | addr.l2_family = AF_BLUETOOTH; | |
660 | addr.l2_psm = 0; | |
37e62f55 | 661 | addr.l2_cid = 0; |
48db9ca4 | 662 | *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr)); |
1da177e4 LT |
663 | if (*err < 0) |
664 | goto failed; | |
665 | ||
666 | /* Set L2CAP options */ | |
667 | sk = sock->sk; | |
668 | lock_sock(sk); | |
56f3a40a | 669 | l2cap_pi(sk)->imtu = l2cap_mtu; |
1da177e4 LT |
670 | release_sock(sk); |
671 | ||
672 | s = rfcomm_session_add(sock, BT_BOUND); | |
673 | if (!s) { | |
674 | *err = -ENOMEM; | |
675 | goto failed; | |
676 | } | |
677 | ||
1da177e4 LT |
678 | s->initiator = 1; |
679 | ||
680 | bacpy(&addr.l2_bdaddr, dst); | |
681 | addr.l2_family = AF_BLUETOOTH; | |
b4324b5d | 682 | addr.l2_psm = cpu_to_le16(RFCOMM_PSM); |
37e62f55 | 683 | addr.l2_cid = 0; |
48db9ca4 | 684 | *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK); |
b4c612a4 | 685 | if (*err == 0 || *err == -EINPROGRESS) |
1da177e4 LT |
686 | return s; |
687 | ||
688 | rfcomm_session_del(s); | |
689 | return NULL; | |
690 | ||
691 | failed: | |
692 | sock_release(sock); | |
693 | return NULL; | |
694 | } | |
695 | ||
696 | void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst) | |
697 | { | |
698 | struct sock *sk = s->sock->sk; | |
699 | if (src) | |
700 | bacpy(src, &bt_sk(sk)->src); | |
701 | if (dst) | |
702 | bacpy(dst, &bt_sk(sk)->dst); | |
703 | } | |
704 | ||
705 | /* ---- RFCOMM frame sending ---- */ | |
706 | static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len) | |
707 | { | |
708 | struct socket *sock = s->sock; | |
709 | struct kvec iv = { data, len }; | |
710 | struct msghdr msg; | |
711 | ||
712 | BT_DBG("session %p len %d", s, len); | |
713 | ||
714 | memset(&msg, 0, sizeof(msg)); | |
715 | ||
716 | return kernel_sendmsg(sock, &msg, &iv, 1, len); | |
717 | } | |
718 | ||
719 | static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci) | |
720 | { | |
721 | struct rfcomm_cmd cmd; | |
722 | ||
723 | BT_DBG("%p dlci %d", s, dlci); | |
724 | ||
725 | cmd.addr = __addr(s->initiator, dlci); | |
726 | cmd.ctrl = __ctrl(RFCOMM_SABM, 1); | |
727 | cmd.len = __len8(0); | |
728 | cmd.fcs = __fcs2((u8 *) &cmd); | |
729 | ||
730 | return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); | |
731 | } | |
732 | ||
733 | static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci) | |
734 | { | |
735 | struct rfcomm_cmd cmd; | |
736 | ||
737 | BT_DBG("%p dlci %d", s, dlci); | |
738 | ||
739 | cmd.addr = __addr(!s->initiator, dlci); | |
740 | cmd.ctrl = __ctrl(RFCOMM_UA, 1); | |
741 | cmd.len = __len8(0); | |
742 | cmd.fcs = __fcs2((u8 *) &cmd); | |
743 | ||
744 | return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); | |
745 | } | |
746 | ||
747 | static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci) | |
748 | { | |
749 | struct rfcomm_cmd cmd; | |
750 | ||
751 | BT_DBG("%p dlci %d", s, dlci); | |
752 | ||
753 | cmd.addr = __addr(s->initiator, dlci); | |
754 | cmd.ctrl = __ctrl(RFCOMM_DISC, 1); | |
755 | cmd.len = __len8(0); | |
756 | cmd.fcs = __fcs2((u8 *) &cmd); | |
757 | ||
758 | return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); | |
759 | } | |
760 | ||
761 | static int rfcomm_queue_disc(struct rfcomm_dlc *d) | |
762 | { | |
763 | struct rfcomm_cmd *cmd; | |
764 | struct sk_buff *skb; | |
765 | ||
766 | BT_DBG("dlc %p dlci %d", d, d->dlci); | |
767 | ||
768 | skb = alloc_skb(sizeof(*cmd), GFP_KERNEL); | |
769 | if (!skb) | |
770 | return -ENOMEM; | |
771 | ||
772 | cmd = (void *) __skb_put(skb, sizeof(*cmd)); | |
773 | cmd->addr = d->addr; | |
774 | cmd->ctrl = __ctrl(RFCOMM_DISC, 1); | |
775 | cmd->len = __len8(0); | |
776 | cmd->fcs = __fcs2((u8 *) cmd); | |
777 | ||
778 | skb_queue_tail(&d->tx_queue, skb); | |
779 | rfcomm_schedule(RFCOMM_SCHED_TX); | |
780 | return 0; | |
781 | } | |
782 | ||
783 | static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci) | |
784 | { | |
785 | struct rfcomm_cmd cmd; | |
786 | ||
787 | BT_DBG("%p dlci %d", s, dlci); | |
788 | ||
789 | cmd.addr = __addr(!s->initiator, dlci); | |
790 | cmd.ctrl = __ctrl(RFCOMM_DM, 1); | |
791 | cmd.len = __len8(0); | |
792 | cmd.fcs = __fcs2((u8 *) &cmd); | |
793 | ||
794 | return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); | |
795 | } | |
796 | ||
797 | static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type) | |
798 | { | |
799 | struct rfcomm_hdr *hdr; | |
800 | struct rfcomm_mcc *mcc; | |
801 | u8 buf[16], *ptr = buf; | |
802 | ||
803 | BT_DBG("%p cr %d type %d", s, cr, type); | |
804 | ||
805 | hdr = (void *) ptr; ptr += sizeof(*hdr); | |
806 | hdr->addr = __addr(s->initiator, 0); | |
807 | hdr->ctrl = __ctrl(RFCOMM_UIH, 0); | |
808 | hdr->len = __len8(sizeof(*mcc) + 1); | |
809 | ||
810 | mcc = (void *) ptr; ptr += sizeof(*mcc); | |
811 | mcc->type = __mcc_type(cr, RFCOMM_NSC); | |
812 | mcc->len = __len8(1); | |
813 | ||
814 | /* Type that we didn't like */ | |
815 | *ptr = __mcc_type(cr, type); ptr++; | |
816 | ||
817 | *ptr = __fcs(buf); ptr++; | |
818 | ||
819 | return rfcomm_send_frame(s, buf, ptr - buf); | |
820 | } | |
821 | ||
822 | static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d) | |
823 | { | |
824 | struct rfcomm_hdr *hdr; | |
825 | struct rfcomm_mcc *mcc; | |
826 | struct rfcomm_pn *pn; | |
827 | u8 buf[16], *ptr = buf; | |
828 | ||
829 | BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu); | |
830 | ||
831 | hdr = (void *) ptr; ptr += sizeof(*hdr); | |
832 | hdr->addr = __addr(s->initiator, 0); | |
833 | hdr->ctrl = __ctrl(RFCOMM_UIH, 0); | |
834 | hdr->len = __len8(sizeof(*mcc) + sizeof(*pn)); | |
835 | ||
836 | mcc = (void *) ptr; ptr += sizeof(*mcc); | |
837 | mcc->type = __mcc_type(cr, RFCOMM_PN); | |
838 | mcc->len = __len8(sizeof(*pn)); | |
839 | ||
840 | pn = (void *) ptr; ptr += sizeof(*pn); | |
841 | pn->dlci = d->dlci; | |
842 | pn->priority = d->priority; | |
843 | pn->ack_timer = 0; | |
844 | pn->max_retrans = 0; | |
845 | ||
846 | if (s->cfc) { | |
847 | pn->flow_ctrl = cr ? 0xf0 : 0xe0; | |
848 | pn->credits = RFCOMM_DEFAULT_CREDITS; | |
849 | } else { | |
850 | pn->flow_ctrl = 0; | |
851 | pn->credits = 0; | |
852 | } | |
853 | ||
98bcd08b | 854 | if (cr && channel_mtu >= 0) |
b4324b5d | 855 | pn->mtu = cpu_to_le16(channel_mtu); |
98bcd08b | 856 | else |
b4324b5d | 857 | pn->mtu = cpu_to_le16(d->mtu); |
1da177e4 LT |
858 | |
859 | *ptr = __fcs(buf); ptr++; | |
860 | ||
861 | return rfcomm_send_frame(s, buf, ptr - buf); | |
862 | } | |
863 | ||
3a5e903c S |
864 | int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci, |
865 | u8 bit_rate, u8 data_bits, u8 stop_bits, | |
8e87d142 | 866 | u8 parity, u8 flow_ctrl_settings, |
3a5e903c | 867 | u8 xon_char, u8 xoff_char, u16 param_mask) |
1da177e4 LT |
868 | { |
869 | struct rfcomm_hdr *hdr; | |
870 | struct rfcomm_mcc *mcc; | |
871 | struct rfcomm_rpn *rpn; | |
872 | u8 buf[16], *ptr = buf; | |
873 | ||
874 | BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x" | |
8e87d142 YH |
875 | " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x", |
876 | s, cr, dlci, bit_rate, data_bits, stop_bits, parity, | |
3a5e903c | 877 | flow_ctrl_settings, xon_char, xoff_char, param_mask); |
1da177e4 LT |
878 | |
879 | hdr = (void *) ptr; ptr += sizeof(*hdr); | |
880 | hdr->addr = __addr(s->initiator, 0); | |
881 | hdr->ctrl = __ctrl(RFCOMM_UIH, 0); | |
882 | hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn)); | |
883 | ||
884 | mcc = (void *) ptr; ptr += sizeof(*mcc); | |
885 | mcc->type = __mcc_type(cr, RFCOMM_RPN); | |
886 | mcc->len = __len8(sizeof(*rpn)); | |
887 | ||
888 | rpn = (void *) ptr; ptr += sizeof(*rpn); | |
889 | rpn->dlci = __addr(1, dlci); | |
890 | rpn->bit_rate = bit_rate; | |
891 | rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity); | |
892 | rpn->flow_ctrl = flow_ctrl_settings; | |
893 | rpn->xon_char = xon_char; | |
894 | rpn->xoff_char = xoff_char; | |
e8db8c99 | 895 | rpn->param_mask = cpu_to_le16(param_mask); |
1da177e4 LT |
896 | |
897 | *ptr = __fcs(buf); ptr++; | |
898 | ||
899 | return rfcomm_send_frame(s, buf, ptr - buf); | |
900 | } | |
901 | ||
902 | static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status) | |
903 | { | |
904 | struct rfcomm_hdr *hdr; | |
905 | struct rfcomm_mcc *mcc; | |
906 | struct rfcomm_rls *rls; | |
907 | u8 buf[16], *ptr = buf; | |
908 | ||
909 | BT_DBG("%p cr %d status 0x%x", s, cr, status); | |
910 | ||
911 | hdr = (void *) ptr; ptr += sizeof(*hdr); | |
912 | hdr->addr = __addr(s->initiator, 0); | |
913 | hdr->ctrl = __ctrl(RFCOMM_UIH, 0); | |
914 | hdr->len = __len8(sizeof(*mcc) + sizeof(*rls)); | |
915 | ||
916 | mcc = (void *) ptr; ptr += sizeof(*mcc); | |
917 | mcc->type = __mcc_type(cr, RFCOMM_RLS); | |
918 | mcc->len = __len8(sizeof(*rls)); | |
919 | ||
920 | rls = (void *) ptr; ptr += sizeof(*rls); | |
921 | rls->dlci = __addr(1, dlci); | |
922 | rls->status = status; | |
923 | ||
924 | *ptr = __fcs(buf); ptr++; | |
925 | ||
926 | return rfcomm_send_frame(s, buf, ptr - buf); | |
927 | } | |
928 | ||
929 | static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig) | |
930 | { | |
931 | struct rfcomm_hdr *hdr; | |
932 | struct rfcomm_mcc *mcc; | |
933 | struct rfcomm_msc *msc; | |
934 | u8 buf[16], *ptr = buf; | |
935 | ||
936 | BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig); | |
937 | ||
938 | hdr = (void *) ptr; ptr += sizeof(*hdr); | |
939 | hdr->addr = __addr(s->initiator, 0); | |
940 | hdr->ctrl = __ctrl(RFCOMM_UIH, 0); | |
941 | hdr->len = __len8(sizeof(*mcc) + sizeof(*msc)); | |
942 | ||
943 | mcc = (void *) ptr; ptr += sizeof(*mcc); | |
944 | mcc->type = __mcc_type(cr, RFCOMM_MSC); | |
945 | mcc->len = __len8(sizeof(*msc)); | |
946 | ||
947 | msc = (void *) ptr; ptr += sizeof(*msc); | |
948 | msc->dlci = __addr(1, dlci); | |
949 | msc->v24_sig = v24_sig | 0x01; | |
950 | ||
951 | *ptr = __fcs(buf); ptr++; | |
952 | ||
953 | return rfcomm_send_frame(s, buf, ptr - buf); | |
954 | } | |
955 | ||
956 | static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr) | |
957 | { | |
958 | struct rfcomm_hdr *hdr; | |
959 | struct rfcomm_mcc *mcc; | |
960 | u8 buf[16], *ptr = buf; | |
961 | ||
962 | BT_DBG("%p cr %d", s, cr); | |
963 | ||
964 | hdr = (void *) ptr; ptr += sizeof(*hdr); | |
965 | hdr->addr = __addr(s->initiator, 0); | |
966 | hdr->ctrl = __ctrl(RFCOMM_UIH, 0); | |
967 | hdr->len = __len8(sizeof(*mcc)); | |
968 | ||
969 | mcc = (void *) ptr; ptr += sizeof(*mcc); | |
970 | mcc->type = __mcc_type(cr, RFCOMM_FCOFF); | |
971 | mcc->len = __len8(0); | |
972 | ||
973 | *ptr = __fcs(buf); ptr++; | |
974 | ||
975 | return rfcomm_send_frame(s, buf, ptr - buf); | |
976 | } | |
977 | ||
978 | static int rfcomm_send_fcon(struct rfcomm_session *s, int cr) | |
979 | { | |
980 | struct rfcomm_hdr *hdr; | |
981 | struct rfcomm_mcc *mcc; | |
982 | u8 buf[16], *ptr = buf; | |
983 | ||
984 | BT_DBG("%p cr %d", s, cr); | |
985 | ||
986 | hdr = (void *) ptr; ptr += sizeof(*hdr); | |
987 | hdr->addr = __addr(s->initiator, 0); | |
988 | hdr->ctrl = __ctrl(RFCOMM_UIH, 0); | |
989 | hdr->len = __len8(sizeof(*mcc)); | |
990 | ||
991 | mcc = (void *) ptr; ptr += sizeof(*mcc); | |
992 | mcc->type = __mcc_type(cr, RFCOMM_FCON); | |
993 | mcc->len = __len8(0); | |
994 | ||
995 | *ptr = __fcs(buf); ptr++; | |
996 | ||
997 | return rfcomm_send_frame(s, buf, ptr - buf); | |
998 | } | |
999 | ||
1000 | static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len) | |
1001 | { | |
1002 | struct socket *sock = s->sock; | |
1003 | struct kvec iv[3]; | |
1004 | struct msghdr msg; | |
1005 | unsigned char hdr[5], crc[1]; | |
1006 | ||
1007 | if (len > 125) | |
1008 | return -EINVAL; | |
1009 | ||
1010 | BT_DBG("%p cr %d", s, cr); | |
1011 | ||
1012 | hdr[0] = __addr(s->initiator, 0); | |
1013 | hdr[1] = __ctrl(RFCOMM_UIH, 0); | |
1014 | hdr[2] = 0x01 | ((len + 2) << 1); | |
1015 | hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2); | |
1016 | hdr[4] = 0x01 | (len << 1); | |
1017 | ||
1018 | crc[0] = __fcs(hdr); | |
1019 | ||
1020 | iv[0].iov_base = hdr; | |
1021 | iv[0].iov_len = 5; | |
1022 | iv[1].iov_base = pattern; | |
1023 | iv[1].iov_len = len; | |
1024 | iv[2].iov_base = crc; | |
1025 | iv[2].iov_len = 1; | |
1026 | ||
1027 | memset(&msg, 0, sizeof(msg)); | |
1028 | ||
1029 | return kernel_sendmsg(sock, &msg, iv, 3, 6 + len); | |
1030 | } | |
1031 | ||
1032 | static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits) | |
1033 | { | |
1034 | struct rfcomm_hdr *hdr; | |
1035 | u8 buf[16], *ptr = buf; | |
1036 | ||
1037 | BT_DBG("%p addr %d credits %d", s, addr, credits); | |
1038 | ||
1039 | hdr = (void *) ptr; ptr += sizeof(*hdr); | |
1040 | hdr->addr = addr; | |
1041 | hdr->ctrl = __ctrl(RFCOMM_UIH, 1); | |
1042 | hdr->len = __len8(0); | |
1043 | ||
1044 | *ptr = credits; ptr++; | |
1045 | ||
1046 | *ptr = __fcs(buf); ptr++; | |
1047 | ||
1048 | return rfcomm_send_frame(s, buf, ptr - buf); | |
1049 | } | |
1050 | ||
1051 | static void rfcomm_make_uih(struct sk_buff *skb, u8 addr) | |
1052 | { | |
1053 | struct rfcomm_hdr *hdr; | |
1054 | int len = skb->len; | |
1055 | u8 *crc; | |
1056 | ||
1057 | if (len > 127) { | |
1058 | hdr = (void *) skb_push(skb, 4); | |
b4324b5d | 1059 | put_unaligned(cpu_to_le16(__len16(len)), (__le16 *) &hdr->len); |
1da177e4 LT |
1060 | } else { |
1061 | hdr = (void *) skb_push(skb, 3); | |
1062 | hdr->len = __len8(len); | |
1063 | } | |
1064 | hdr->addr = addr; | |
1065 | hdr->ctrl = __ctrl(RFCOMM_UIH, 0); | |
1066 | ||
1067 | crc = skb_put(skb, 1); | |
1068 | *crc = __fcs((void *) hdr); | |
1069 | } | |
1070 | ||
1071 | /* ---- RFCOMM frame reception ---- */ | |
1072 | static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci) | |
1073 | { | |
1074 | BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); | |
1075 | ||
1076 | if (dlci) { | |
1077 | /* Data channel */ | |
1078 | struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); | |
1079 | if (!d) { | |
1080 | rfcomm_send_dm(s, dlci); | |
1081 | return 0; | |
1082 | } | |
1083 | ||
1084 | switch (d->state) { | |
1085 | case BT_CONNECT: | |
1086 | rfcomm_dlc_clear_timer(d); | |
1087 | ||
1088 | rfcomm_dlc_lock(d); | |
1089 | d->state = BT_CONNECTED; | |
1090 | d->state_change(d, 0); | |
1091 | rfcomm_dlc_unlock(d); | |
1092 | ||
1093 | rfcomm_send_msc(s, 1, dlci, d->v24_sig); | |
1094 | break; | |
1095 | ||
1096 | case BT_DISCONN: | |
1097 | d->state = BT_CLOSED; | |
1098 | __rfcomm_dlc_close(d, 0); | |
9cf5b0ea MH |
1099 | |
1100 | if (list_empty(&s->dlcs)) { | |
1101 | s->state = BT_DISCONN; | |
1102 | rfcomm_send_disc(s, 0); | |
1103 | } | |
1104 | ||
1da177e4 LT |
1105 | break; |
1106 | } | |
1107 | } else { | |
1108 | /* Control channel */ | |
1109 | switch (s->state) { | |
1110 | case BT_CONNECT: | |
1111 | s->state = BT_CONNECTED; | |
1112 | rfcomm_process_connect(s); | |
1113 | break; | |
9cf5b0ea MH |
1114 | |
1115 | case BT_DISCONN: | |
1116 | rfcomm_session_put(s); | |
1117 | break; | |
1da177e4 LT |
1118 | } |
1119 | } | |
1120 | return 0; | |
1121 | } | |
1122 | ||
1123 | static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci) | |
1124 | { | |
1125 | int err = 0; | |
1126 | ||
1127 | BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); | |
1128 | ||
1129 | if (dlci) { | |
1130 | /* Data DLC */ | |
1131 | struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); | |
1132 | if (d) { | |
1133 | if (d->state == BT_CONNECT || d->state == BT_CONFIG) | |
1134 | err = ECONNREFUSED; | |
1135 | else | |
1136 | err = ECONNRESET; | |
1137 | ||
1138 | d->state = BT_CLOSED; | |
1139 | __rfcomm_dlc_close(d, err); | |
1140 | } | |
1141 | } else { | |
1142 | if (s->state == BT_CONNECT) | |
1143 | err = ECONNREFUSED; | |
1144 | else | |
1145 | err = ECONNRESET; | |
1146 | ||
1147 | s->state = BT_CLOSED; | |
1148 | rfcomm_session_close(s, err); | |
1149 | } | |
1150 | return 0; | |
1151 | } | |
1152 | ||
1153 | static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci) | |
1154 | { | |
1155 | int err = 0; | |
1156 | ||
1157 | BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); | |
1158 | ||
1159 | if (dlci) { | |
1160 | struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); | |
1161 | if (d) { | |
1162 | rfcomm_send_ua(s, dlci); | |
1163 | ||
1164 | if (d->state == BT_CONNECT || d->state == BT_CONFIG) | |
1165 | err = ECONNREFUSED; | |
1166 | else | |
1167 | err = ECONNRESET; | |
1168 | ||
1169 | d->state = BT_CLOSED; | |
1170 | __rfcomm_dlc_close(d, err); | |
8e87d142 | 1171 | } else |
1da177e4 | 1172 | rfcomm_send_dm(s, dlci); |
8e87d142 | 1173 | |
1da177e4 LT |
1174 | } else { |
1175 | rfcomm_send_ua(s, 0); | |
1176 | ||
1177 | if (s->state == BT_CONNECT) | |
1178 | err = ECONNREFUSED; | |
1179 | else | |
1180 | err = ECONNRESET; | |
1181 | ||
1182 | s->state = BT_CLOSED; | |
1183 | rfcomm_session_close(s, err); | |
1184 | } | |
1185 | ||
1186 | return 0; | |
1187 | } | |
1188 | ||
bb23c0ab | 1189 | void rfcomm_dlc_accept(struct rfcomm_dlc *d) |
1da177e4 | 1190 | { |
300b9397 MH |
1191 | struct sock *sk = d->session->sock->sk; |
1192 | ||
1da177e4 LT |
1193 | BT_DBG("dlc %p", d); |
1194 | ||
1195 | rfcomm_send_ua(d->session, d->dlci); | |
1196 | ||
e2139b32 JH |
1197 | rfcomm_dlc_clear_timer(d); |
1198 | ||
1da177e4 LT |
1199 | rfcomm_dlc_lock(d); |
1200 | d->state = BT_CONNECTED; | |
1201 | d->state_change(d, 0); | |
1202 | rfcomm_dlc_unlock(d); | |
1203 | ||
9f2c8a03 | 1204 | if (d->role_switch) |
300b9397 MH |
1205 | hci_conn_switch_role(l2cap_pi(sk)->conn->hcon, 0x00); |
1206 | ||
1da177e4 LT |
1207 | rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig); |
1208 | } | |
1209 | ||
bb23c0ab MH |
1210 | static void rfcomm_check_accept(struct rfcomm_dlc *d) |
1211 | { | |
9f2c8a03 | 1212 | if (rfcomm_check_security(d)) { |
bb23c0ab MH |
1213 | if (d->defer_setup) { |
1214 | set_bit(RFCOMM_DEFER_SETUP, &d->flags); | |
1215 | rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); | |
8bf47941 MH |
1216 | |
1217 | rfcomm_dlc_lock(d); | |
1218 | d->state = BT_CONNECT2; | |
1219 | d->state_change(d, 0); | |
1220 | rfcomm_dlc_unlock(d); | |
bb23c0ab MH |
1221 | } else |
1222 | rfcomm_dlc_accept(d); | |
8c1b2355 MH |
1223 | } else { |
1224 | set_bit(RFCOMM_AUTH_PENDING, &d->flags); | |
1225 | rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); | |
bb23c0ab MH |
1226 | } |
1227 | } | |
1228 | ||
1da177e4 LT |
1229 | static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci) |
1230 | { | |
1231 | struct rfcomm_dlc *d; | |
1232 | u8 channel; | |
1233 | ||
1234 | BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); | |
1235 | ||
1236 | if (!dlci) { | |
1237 | rfcomm_send_ua(s, 0); | |
1238 | ||
1239 | if (s->state == BT_OPEN) { | |
1240 | s->state = BT_CONNECTED; | |
1241 | rfcomm_process_connect(s); | |
1242 | } | |
1243 | return 0; | |
1244 | } | |
1245 | ||
1246 | /* Check if DLC exists */ | |
1247 | d = rfcomm_dlc_get(s, dlci); | |
1248 | if (d) { | |
1249 | if (d->state == BT_OPEN) { | |
1250 | /* DLC was previously opened by PN request */ | |
bb23c0ab | 1251 | rfcomm_check_accept(d); |
1da177e4 LT |
1252 | } |
1253 | return 0; | |
1254 | } | |
1255 | ||
1256 | /* Notify socket layer about incoming connection */ | |
1257 | channel = __srv_channel(dlci); | |
1258 | if (rfcomm_connect_ind(s, channel, &d)) { | |
1259 | d->dlci = dlci; | |
1260 | d->addr = __addr(s->initiator, dlci); | |
1261 | rfcomm_dlc_link(s, d); | |
1262 | ||
bb23c0ab | 1263 | rfcomm_check_accept(d); |
1da177e4 LT |
1264 | } else { |
1265 | rfcomm_send_dm(s, dlci); | |
1266 | } | |
1267 | ||
1268 | return 0; | |
1269 | } | |
1270 | ||
1271 | static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn) | |
1272 | { | |
1273 | struct rfcomm_session *s = d->session; | |
1274 | ||
8e87d142 | 1275 | BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d", |
1da177e4 LT |
1276 | d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits); |
1277 | ||
7c2660b0 MH |
1278 | if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) || |
1279 | pn->flow_ctrl == 0xe0) { | |
1280 | d->cfc = RFCOMM_CFC_ENABLED; | |
1da177e4 LT |
1281 | d->tx_credits = pn->credits; |
1282 | } else { | |
7c2660b0 | 1283 | d->cfc = RFCOMM_CFC_DISABLED; |
1da177e4 LT |
1284 | set_bit(RFCOMM_TX_THROTTLED, &d->flags); |
1285 | } | |
1286 | ||
7c2660b0 MH |
1287 | if (s->cfc == RFCOMM_CFC_UNKNOWN) |
1288 | s->cfc = d->cfc; | |
1289 | ||
1da177e4 LT |
1290 | d->priority = pn->priority; |
1291 | ||
b4324b5d | 1292 | d->mtu = __le16_to_cpu(pn->mtu); |
98bcd08b MH |
1293 | |
1294 | if (cr && d->mtu > s->mtu) | |
1295 | d->mtu = s->mtu; | |
1da177e4 LT |
1296 | |
1297 | return 0; | |
1298 | } | |
1299 | ||
1300 | static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb) | |
1301 | { | |
1302 | struct rfcomm_pn *pn = (void *) skb->data; | |
1303 | struct rfcomm_dlc *d; | |
1304 | u8 dlci = pn->dlci; | |
1305 | ||
1306 | BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); | |
1307 | ||
1308 | if (!dlci) | |
1309 | return 0; | |
1310 | ||
1311 | d = rfcomm_dlc_get(s, dlci); | |
1312 | if (d) { | |
1313 | if (cr) { | |
1314 | /* PN request */ | |
1315 | rfcomm_apply_pn(d, cr, pn); | |
1316 | rfcomm_send_pn(s, 0, d); | |
1317 | } else { | |
1318 | /* PN response */ | |
1319 | switch (d->state) { | |
1320 | case BT_CONFIG: | |
1321 | rfcomm_apply_pn(d, cr, pn); | |
1322 | ||
1323 | d->state = BT_CONNECT; | |
1324 | rfcomm_send_sabm(s, d->dlci); | |
1325 | break; | |
1326 | } | |
1327 | } | |
1328 | } else { | |
1329 | u8 channel = __srv_channel(dlci); | |
1330 | ||
1331 | if (!cr) | |
1332 | return 0; | |
1333 | ||
1334 | /* PN request for non existing DLC. | |
1335 | * Assume incoming connection. */ | |
1336 | if (rfcomm_connect_ind(s, channel, &d)) { | |
1337 | d->dlci = dlci; | |
1338 | d->addr = __addr(s->initiator, dlci); | |
1339 | rfcomm_dlc_link(s, d); | |
1340 | ||
1341 | rfcomm_apply_pn(d, cr, pn); | |
1342 | ||
1343 | d->state = BT_OPEN; | |
1344 | rfcomm_send_pn(s, 0, d); | |
1345 | } else { | |
1346 | rfcomm_send_dm(s, dlci); | |
1347 | } | |
1348 | } | |
1349 | return 0; | |
1350 | } | |
1351 | ||
1352 | static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb) | |
1353 | { | |
1354 | struct rfcomm_rpn *rpn = (void *) skb->data; | |
1355 | u8 dlci = __get_dlci(rpn->dlci); | |
1356 | ||
1357 | u8 bit_rate = 0; | |
1358 | u8 data_bits = 0; | |
1359 | u8 stop_bits = 0; | |
1360 | u8 parity = 0; | |
1361 | u8 flow_ctrl = 0; | |
1362 | u8 xon_char = 0; | |
1363 | u8 xoff_char = 0; | |
1364 | u16 rpn_mask = RFCOMM_RPN_PM_ALL; | |
3a5e903c S |
1365 | |
1366 | BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x", | |
1367 | dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl, | |
1368 | rpn->xon_char, rpn->xoff_char, rpn->param_mask); | |
1369 | ||
1370 | if (!cr) | |
1da177e4 | 1371 | return 0; |
3a5e903c | 1372 | |
1da177e4 | 1373 | if (len == 1) { |
3a5e903c | 1374 | /* This is a request, return default settings */ |
1da177e4 LT |
1375 | bit_rate = RFCOMM_RPN_BR_115200; |
1376 | data_bits = RFCOMM_RPN_DATA_8; | |
1377 | stop_bits = RFCOMM_RPN_STOP_1; | |
1378 | parity = RFCOMM_RPN_PARITY_NONE; | |
1379 | flow_ctrl = RFCOMM_RPN_FLOW_NONE; | |
1380 | xon_char = RFCOMM_RPN_XON_CHAR; | |
1381 | xoff_char = RFCOMM_RPN_XOFF_CHAR; | |
1da177e4 LT |
1382 | goto rpn_out; |
1383 | } | |
3a5e903c S |
1384 | |
1385 | /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit, | |
1386 | * no parity, no flow control lines, normal XON/XOFF chars */ | |
1387 | ||
e8db8c99 | 1388 | if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) { |
1da177e4 LT |
1389 | bit_rate = rpn->bit_rate; |
1390 | if (bit_rate != RFCOMM_RPN_BR_115200) { | |
1391 | BT_DBG("RPN bit rate mismatch 0x%x", bit_rate); | |
1392 | bit_rate = RFCOMM_RPN_BR_115200; | |
1393 | rpn_mask ^= RFCOMM_RPN_PM_BITRATE; | |
1394 | } | |
1395 | } | |
3a5e903c | 1396 | |
e8db8c99 | 1397 | if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) { |
1da177e4 LT |
1398 | data_bits = __get_rpn_data_bits(rpn->line_settings); |
1399 | if (data_bits != RFCOMM_RPN_DATA_8) { | |
1400 | BT_DBG("RPN data bits mismatch 0x%x", data_bits); | |
1401 | data_bits = RFCOMM_RPN_DATA_8; | |
1402 | rpn_mask ^= RFCOMM_RPN_PM_DATA; | |
1403 | } | |
1404 | } | |
3a5e903c | 1405 | |
e8db8c99 | 1406 | if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) { |
1da177e4 LT |
1407 | stop_bits = __get_rpn_stop_bits(rpn->line_settings); |
1408 | if (stop_bits != RFCOMM_RPN_STOP_1) { | |
1409 | BT_DBG("RPN stop bits mismatch 0x%x", stop_bits); | |
1410 | stop_bits = RFCOMM_RPN_STOP_1; | |
1411 | rpn_mask ^= RFCOMM_RPN_PM_STOP; | |
1412 | } | |
1413 | } | |
3a5e903c | 1414 | |
e8db8c99 | 1415 | if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) { |
1da177e4 LT |
1416 | parity = __get_rpn_parity(rpn->line_settings); |
1417 | if (parity != RFCOMM_RPN_PARITY_NONE) { | |
1418 | BT_DBG("RPN parity mismatch 0x%x", parity); | |
1419 | parity = RFCOMM_RPN_PARITY_NONE; | |
1420 | rpn_mask ^= RFCOMM_RPN_PM_PARITY; | |
1421 | } | |
1422 | } | |
3a5e903c | 1423 | |
e8db8c99 | 1424 | if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) { |
1da177e4 LT |
1425 | flow_ctrl = rpn->flow_ctrl; |
1426 | if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) { | |
1427 | BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl); | |
1428 | flow_ctrl = RFCOMM_RPN_FLOW_NONE; | |
1429 | rpn_mask ^= RFCOMM_RPN_PM_FLOW; | |
1430 | } | |
1431 | } | |
3a5e903c | 1432 | |
e8db8c99 | 1433 | if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) { |
1da177e4 LT |
1434 | xon_char = rpn->xon_char; |
1435 | if (xon_char != RFCOMM_RPN_XON_CHAR) { | |
1436 | BT_DBG("RPN XON char mismatch 0x%x", xon_char); | |
1437 | xon_char = RFCOMM_RPN_XON_CHAR; | |
1438 | rpn_mask ^= RFCOMM_RPN_PM_XON; | |
1439 | } | |
1440 | } | |
3a5e903c | 1441 | |
e8db8c99 | 1442 | if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) { |
1da177e4 LT |
1443 | xoff_char = rpn->xoff_char; |
1444 | if (xoff_char != RFCOMM_RPN_XOFF_CHAR) { | |
1445 | BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char); | |
1446 | xoff_char = RFCOMM_RPN_XOFF_CHAR; | |
1447 | rpn_mask ^= RFCOMM_RPN_PM_XOFF; | |
1448 | } | |
1449 | } | |
1450 | ||
1451 | rpn_out: | |
3a5e903c S |
1452 | rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits, |
1453 | parity, flow_ctrl, xon_char, xoff_char, rpn_mask); | |
1da177e4 LT |
1454 | |
1455 | return 0; | |
1456 | } | |
1457 | ||
1458 | static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb) | |
1459 | { | |
1460 | struct rfcomm_rls *rls = (void *) skb->data; | |
1461 | u8 dlci = __get_dlci(rls->dlci); | |
1462 | ||
1463 | BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status); | |
3a5e903c | 1464 | |
1da177e4 LT |
1465 | if (!cr) |
1466 | return 0; | |
1467 | ||
3a5e903c S |
1468 | /* We should probably do something with this information here. But |
1469 | * for now it's sufficient just to reply -- Bluetooth 1.1 says it's | |
1470 | * mandatory to recognise and respond to RLS */ | |
1da177e4 LT |
1471 | |
1472 | rfcomm_send_rls(s, 0, dlci, rls->status); | |
1473 | ||
1474 | return 0; | |
1475 | } | |
1476 | ||
1477 | static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb) | |
1478 | { | |
1479 | struct rfcomm_msc *msc = (void *) skb->data; | |
1480 | struct rfcomm_dlc *d; | |
1481 | u8 dlci = __get_dlci(msc->dlci); | |
1482 | ||
1483 | BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig); | |
1484 | ||
1485 | d = rfcomm_dlc_get(s, dlci); | |
3a5e903c | 1486 | if (!d) |
1da177e4 LT |
1487 | return 0; |
1488 | ||
1489 | if (cr) { | |
1490 | if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc) | |
1491 | set_bit(RFCOMM_TX_THROTTLED, &d->flags); | |
1492 | else | |
1493 | clear_bit(RFCOMM_TX_THROTTLED, &d->flags); | |
3a5e903c | 1494 | |
1da177e4 | 1495 | rfcomm_dlc_lock(d); |
8b6b3da7 MH |
1496 | |
1497 | d->remote_v24_sig = msc->v24_sig; | |
1498 | ||
1da177e4 LT |
1499 | if (d->modem_status) |
1500 | d->modem_status(d, msc->v24_sig); | |
8b6b3da7 | 1501 | |
1da177e4 | 1502 | rfcomm_dlc_unlock(d); |
8e87d142 | 1503 | |
1da177e4 LT |
1504 | rfcomm_send_msc(s, 0, dlci, msc->v24_sig); |
1505 | ||
1506 | d->mscex |= RFCOMM_MSCEX_RX; | |
3a5e903c | 1507 | } else |
1da177e4 LT |
1508 | d->mscex |= RFCOMM_MSCEX_TX; |
1509 | ||
1510 | return 0; | |
1511 | } | |
1512 | ||
1513 | static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb) | |
1514 | { | |
1515 | struct rfcomm_mcc *mcc = (void *) skb->data; | |
1516 | u8 type, cr, len; | |
1517 | ||
1518 | cr = __test_cr(mcc->type); | |
1519 | type = __get_mcc_type(mcc->type); | |
1520 | len = __get_mcc_len(mcc->len); | |
1521 | ||
1522 | BT_DBG("%p type 0x%x cr %d", s, type, cr); | |
1523 | ||
1524 | skb_pull(skb, 2); | |
1525 | ||
1526 | switch (type) { | |
1527 | case RFCOMM_PN: | |
1528 | rfcomm_recv_pn(s, cr, skb); | |
1529 | break; | |
1530 | ||
1531 | case RFCOMM_RPN: | |
1532 | rfcomm_recv_rpn(s, cr, len, skb); | |
1533 | break; | |
1534 | ||
1535 | case RFCOMM_RLS: | |
1536 | rfcomm_recv_rls(s, cr, skb); | |
1537 | break; | |
1538 | ||
1539 | case RFCOMM_MSC: | |
1540 | rfcomm_recv_msc(s, cr, skb); | |
1541 | break; | |
1542 | ||
1543 | case RFCOMM_FCOFF: | |
1544 | if (cr) { | |
1545 | set_bit(RFCOMM_TX_THROTTLED, &s->flags); | |
1546 | rfcomm_send_fcoff(s, 0); | |
1547 | } | |
1548 | break; | |
1549 | ||
1550 | case RFCOMM_FCON: | |
1551 | if (cr) { | |
1552 | clear_bit(RFCOMM_TX_THROTTLED, &s->flags); | |
1553 | rfcomm_send_fcon(s, 0); | |
1554 | } | |
1555 | break; | |
1556 | ||
1557 | case RFCOMM_TEST: | |
1558 | if (cr) | |
1559 | rfcomm_send_test(s, 0, skb->data, skb->len); | |
1560 | break; | |
1561 | ||
1562 | case RFCOMM_NSC: | |
1563 | break; | |
1564 | ||
1565 | default: | |
1566 | BT_ERR("Unknown control type 0x%02x", type); | |
1567 | rfcomm_send_nsc(s, cr, type); | |
1568 | break; | |
1569 | } | |
1570 | return 0; | |
1571 | } | |
1572 | ||
1573 | static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb) | |
1574 | { | |
1575 | struct rfcomm_dlc *d; | |
1576 | ||
1577 | BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf); | |
1578 | ||
1579 | d = rfcomm_dlc_get(s, dlci); | |
1580 | if (!d) { | |
1581 | rfcomm_send_dm(s, dlci); | |
1582 | goto drop; | |
1583 | } | |
1584 | ||
1585 | if (pf && d->cfc) { | |
1586 | u8 credits = *(u8 *) skb->data; skb_pull(skb, 1); | |
1587 | ||
1588 | d->tx_credits += credits; | |
1589 | if (d->tx_credits) | |
1590 | clear_bit(RFCOMM_TX_THROTTLED, &d->flags); | |
1591 | } | |
1592 | ||
1593 | if (skb->len && d->state == BT_CONNECTED) { | |
1594 | rfcomm_dlc_lock(d); | |
1595 | d->rx_credits--; | |
1596 | d->data_ready(d, skb); | |
1597 | rfcomm_dlc_unlock(d); | |
1598 | return 0; | |
1599 | } | |
1600 | ||
1601 | drop: | |
1602 | kfree_skb(skb); | |
1603 | return 0; | |
1604 | } | |
1605 | ||
1606 | static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb) | |
1607 | { | |
1608 | struct rfcomm_hdr *hdr = (void *) skb->data; | |
1609 | u8 type, dlci, fcs; | |
1610 | ||
1611 | dlci = __get_dlci(hdr->addr); | |
1612 | type = __get_type(hdr->ctrl); | |
1613 | ||
1614 | /* Trim FCS */ | |
1615 | skb->len--; skb->tail--; | |
27a884dc | 1616 | fcs = *(u8 *)skb_tail_pointer(skb); |
1da177e4 LT |
1617 | |
1618 | if (__check_fcs(skb->data, type, fcs)) { | |
1619 | BT_ERR("bad checksum in packet"); | |
1620 | kfree_skb(skb); | |
1621 | return -EILSEQ; | |
1622 | } | |
1623 | ||
1624 | if (__test_ea(hdr->len)) | |
1625 | skb_pull(skb, 3); | |
1626 | else | |
1627 | skb_pull(skb, 4); | |
1628 | ||
1629 | switch (type) { | |
1630 | case RFCOMM_SABM: | |
1631 | if (__test_pf(hdr->ctrl)) | |
1632 | rfcomm_recv_sabm(s, dlci); | |
1633 | break; | |
1634 | ||
1635 | case RFCOMM_DISC: | |
1636 | if (__test_pf(hdr->ctrl)) | |
1637 | rfcomm_recv_disc(s, dlci); | |
1638 | break; | |
1639 | ||
1640 | case RFCOMM_UA: | |
1641 | if (__test_pf(hdr->ctrl)) | |
1642 | rfcomm_recv_ua(s, dlci); | |
1643 | break; | |
1644 | ||
1645 | case RFCOMM_DM: | |
1646 | rfcomm_recv_dm(s, dlci); | |
1647 | break; | |
1648 | ||
1649 | case RFCOMM_UIH: | |
1650 | if (dlci) | |
1651 | return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb); | |
1652 | ||
1653 | rfcomm_recv_mcc(s, skb); | |
1654 | break; | |
1655 | ||
1656 | default: | |
1657 | BT_ERR("Unknown packet type 0x%02x\n", type); | |
1658 | break; | |
1659 | } | |
1660 | kfree_skb(skb); | |
1661 | return 0; | |
1662 | } | |
1663 | ||
1664 | /* ---- Connection and data processing ---- */ | |
1665 | ||
1666 | static void rfcomm_process_connect(struct rfcomm_session *s) | |
1667 | { | |
1668 | struct rfcomm_dlc *d; | |
1669 | struct list_head *p, *n; | |
1670 | ||
1671 | BT_DBG("session %p state %ld", s, s->state); | |
1672 | ||
1673 | list_for_each_safe(p, n, &s->dlcs) { | |
1674 | d = list_entry(p, struct rfcomm_dlc, list); | |
1675 | if (d->state == BT_CONFIG) { | |
1676 | d->mtu = s->mtu; | |
9f2c8a03 | 1677 | if (rfcomm_check_security(d)) { |
8c1b2355 MH |
1678 | rfcomm_send_pn(s, 1, d); |
1679 | } else { | |
77db1980 MH |
1680 | set_bit(RFCOMM_AUTH_PENDING, &d->flags); |
1681 | rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); | |
8c1b2355 | 1682 | } |
1da177e4 LT |
1683 | } |
1684 | } | |
1685 | } | |
1686 | ||
1687 | /* Send data queued for the DLC. | |
1688 | * Return number of frames left in the queue. | |
1689 | */ | |
1690 | static inline int rfcomm_process_tx(struct rfcomm_dlc *d) | |
1691 | { | |
1692 | struct sk_buff *skb; | |
1693 | int err; | |
1694 | ||
8e87d142 | 1695 | BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d", |
1da177e4 LT |
1696 | d, d->state, d->cfc, d->rx_credits, d->tx_credits); |
1697 | ||
1698 | /* Send pending MSC */ | |
1699 | if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags)) | |
8e87d142 | 1700 | rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig); |
1da177e4 LT |
1701 | |
1702 | if (d->cfc) { | |
8e87d142 | 1703 | /* CFC enabled. |
1da177e4 LT |
1704 | * Give them some credits */ |
1705 | if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) && | |
8e87d142 | 1706 | d->rx_credits <= (d->cfc >> 2)) { |
1da177e4 LT |
1707 | rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits); |
1708 | d->rx_credits = d->cfc; | |
1709 | } | |
1710 | } else { | |
1711 | /* CFC disabled. | |
1712 | * Give ourselves some credits */ | |
1713 | d->tx_credits = 5; | |
1714 | } | |
1715 | ||
1716 | if (test_bit(RFCOMM_TX_THROTTLED, &d->flags)) | |
1717 | return skb_queue_len(&d->tx_queue); | |
1718 | ||
1719 | while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) { | |
1720 | err = rfcomm_send_frame(d->session, skb->data, skb->len); | |
1721 | if (err < 0) { | |
1722 | skb_queue_head(&d->tx_queue, skb); | |
1723 | break; | |
1724 | } | |
1725 | kfree_skb(skb); | |
1726 | d->tx_credits--; | |
1727 | } | |
1728 | ||
1729 | if (d->cfc && !d->tx_credits) { | |
1730 | /* We're out of TX credits. | |
1731 | * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */ | |
1732 | set_bit(RFCOMM_TX_THROTTLED, &d->flags); | |
1733 | } | |
1734 | ||
1735 | return skb_queue_len(&d->tx_queue); | |
1736 | } | |
1737 | ||
1738 | static inline void rfcomm_process_dlcs(struct rfcomm_session *s) | |
1739 | { | |
1740 | struct rfcomm_dlc *d; | |
1741 | struct list_head *p, *n; | |
1742 | ||
1743 | BT_DBG("session %p state %ld", s, s->state); | |
1744 | ||
1745 | list_for_each_safe(p, n, &s->dlcs) { | |
1746 | d = list_entry(p, struct rfcomm_dlc, list); | |
1747 | ||
1748 | if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) { | |
1749 | __rfcomm_dlc_close(d, ETIMEDOUT); | |
1750 | continue; | |
1751 | } | |
1752 | ||
1753 | if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) { | |
1754 | rfcomm_dlc_clear_timer(d); | |
77db1980 MH |
1755 | if (d->out) { |
1756 | rfcomm_send_pn(s, 1, d); | |
1757 | rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT); | |
bb23c0ab MH |
1758 | } else { |
1759 | if (d->defer_setup) { | |
1760 | set_bit(RFCOMM_DEFER_SETUP, &d->flags); | |
1761 | rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); | |
8bf47941 MH |
1762 | |
1763 | rfcomm_dlc_lock(d); | |
1764 | d->state = BT_CONNECT2; | |
1765 | d->state_change(d, 0); | |
1766 | rfcomm_dlc_unlock(d); | |
bb23c0ab MH |
1767 | } else |
1768 | rfcomm_dlc_accept(d); | |
1769 | } | |
1da177e4 LT |
1770 | continue; |
1771 | } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) { | |
1772 | rfcomm_dlc_clear_timer(d); | |
77db1980 MH |
1773 | if (!d->out) |
1774 | rfcomm_send_dm(s, d->dlci); | |
1775 | else | |
1776 | d->state = BT_CLOSED; | |
1da177e4 LT |
1777 | __rfcomm_dlc_close(d, ECONNREFUSED); |
1778 | continue; | |
1779 | } | |
1780 | ||
6e1031a4 JG |
1781 | if (test_bit(RFCOMM_SEC_PENDING, &d->flags)) |
1782 | continue; | |
1783 | ||
1da177e4 LT |
1784 | if (test_bit(RFCOMM_TX_THROTTLED, &s->flags)) |
1785 | continue; | |
1786 | ||
1787 | if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) && | |
77db1980 | 1788 | d->mscex == RFCOMM_MSCEX_OK) |
1da177e4 LT |
1789 | rfcomm_process_tx(d); |
1790 | } | |
1791 | } | |
1792 | ||
1793 | static inline void rfcomm_process_rx(struct rfcomm_session *s) | |
1794 | { | |
1795 | struct socket *sock = s->sock; | |
1796 | struct sock *sk = sock->sk; | |
1797 | struct sk_buff *skb; | |
1798 | ||
1799 | BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue)); | |
1800 | ||
1801 | /* Get data directly from socket receive queue without copying it. */ | |
1802 | while ((skb = skb_dequeue(&sk->sk_receive_queue))) { | |
1803 | skb_orphan(skb); | |
1804 | rfcomm_recv_frame(s, skb); | |
1805 | } | |
1806 | ||
1807 | if (sk->sk_state == BT_CLOSED) { | |
1808 | if (!s->initiator) | |
1809 | rfcomm_session_put(s); | |
1810 | ||
1811 | rfcomm_session_close(s, sk->sk_err); | |
1812 | } | |
1813 | } | |
1814 | ||
1815 | static inline void rfcomm_accept_connection(struct rfcomm_session *s) | |
1816 | { | |
1817 | struct socket *sock = s->sock, *nsock; | |
1818 | int err; | |
1819 | ||
1820 | /* Fast check for a new connection. | |
1821 | * Avoids unnesesary socket allocations. */ | |
1822 | if (list_empty(&bt_sk(sock->sk)->accept_q)) | |
1823 | return; | |
1824 | ||
1825 | BT_DBG("session %p", s); | |
1826 | ||
48db9ca4 MH |
1827 | err = kernel_accept(sock, &nsock, O_NONBLOCK); |
1828 | if (err < 0) | |
1da177e4 LT |
1829 | return; |
1830 | ||
1da177e4 LT |
1831 | /* Set our callbacks */ |
1832 | nsock->sk->sk_data_ready = rfcomm_l2data_ready; | |
1833 | nsock->sk->sk_state_change = rfcomm_l2state_change; | |
1834 | ||
1835 | s = rfcomm_session_add(nsock, BT_OPEN); | |
1836 | if (s) { | |
1837 | rfcomm_session_hold(s); | |
98bcd08b MH |
1838 | |
1839 | /* We should adjust MTU on incoming sessions. | |
1840 | * L2CAP MTU minus UIH header and FCS. */ | |
1841 | s->mtu = min(l2cap_pi(nsock->sk)->omtu, l2cap_pi(nsock->sk)->imtu) - 5; | |
1842 | ||
1da177e4 LT |
1843 | rfcomm_schedule(RFCOMM_SCHED_RX); |
1844 | } else | |
1845 | sock_release(nsock); | |
1846 | } | |
1847 | ||
1848 | static inline void rfcomm_check_connection(struct rfcomm_session *s) | |
1849 | { | |
1850 | struct sock *sk = s->sock->sk; | |
1851 | ||
1852 | BT_DBG("%p state %ld", s, s->state); | |
1853 | ||
1854 | switch(sk->sk_state) { | |
1855 | case BT_CONNECTED: | |
1856 | s->state = BT_CONNECT; | |
1857 | ||
1858 | /* We can adjust MTU on outgoing sessions. | |
1859 | * L2CAP MTU minus UIH header and FCS. */ | |
1860 | s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5; | |
1861 | ||
1862 | rfcomm_send_sabm(s, 0); | |
1863 | break; | |
1864 | ||
1865 | case BT_CLOSED: | |
1866 | s->state = BT_CLOSED; | |
1867 | rfcomm_session_close(s, sk->sk_err); | |
1868 | break; | |
1869 | } | |
1870 | } | |
1871 | ||
1872 | static inline void rfcomm_process_sessions(void) | |
1873 | { | |
1874 | struct list_head *p, *n; | |
1875 | ||
1876 | rfcomm_lock(); | |
1877 | ||
1878 | list_for_each_safe(p, n, &session_list) { | |
1879 | struct rfcomm_session *s; | |
1880 | s = list_entry(p, struct rfcomm_session, list); | |
1881 | ||
1882 | if (s->state == BT_LISTEN) { | |
1883 | rfcomm_accept_connection(s); | |
1884 | continue; | |
1885 | } | |
1886 | ||
1887 | rfcomm_session_hold(s); | |
1888 | ||
1889 | switch (s->state) { | |
1890 | case BT_BOUND: | |
1891 | rfcomm_check_connection(s); | |
1892 | break; | |
1893 | ||
1894 | default: | |
1895 | rfcomm_process_rx(s); | |
1896 | break; | |
1897 | } | |
1898 | ||
1899 | rfcomm_process_dlcs(s); | |
1900 | ||
1901 | rfcomm_session_put(s); | |
1902 | } | |
1903 | ||
1904 | rfcomm_unlock(); | |
1905 | } | |
1906 | ||
1da177e4 LT |
1907 | static int rfcomm_add_listener(bdaddr_t *ba) |
1908 | { | |
1909 | struct sockaddr_l2 addr; | |
1910 | struct socket *sock; | |
1911 | struct sock *sk; | |
1912 | struct rfcomm_session *s; | |
1913 | int err = 0; | |
1914 | ||
1915 | /* Create socket */ | |
1916 | err = rfcomm_l2sock_create(&sock); | |
8e87d142 | 1917 | if (err < 0) { |
1da177e4 LT |
1918 | BT_ERR("Create socket failed %d", err); |
1919 | return err; | |
1920 | } | |
1921 | ||
1922 | /* Bind socket */ | |
1923 | bacpy(&addr.l2_bdaddr, ba); | |
1924 | addr.l2_family = AF_BLUETOOTH; | |
b4324b5d | 1925 | addr.l2_psm = cpu_to_le16(RFCOMM_PSM); |
37e62f55 | 1926 | addr.l2_cid = 0; |
48db9ca4 | 1927 | err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr)); |
1da177e4 LT |
1928 | if (err < 0) { |
1929 | BT_ERR("Bind failed %d", err); | |
1930 | goto failed; | |
1931 | } | |
1932 | ||
1933 | /* Set L2CAP options */ | |
1934 | sk = sock->sk; | |
1935 | lock_sock(sk); | |
56f3a40a | 1936 | l2cap_pi(sk)->imtu = l2cap_mtu; |
1da177e4 LT |
1937 | release_sock(sk); |
1938 | ||
1939 | /* Start listening on the socket */ | |
48db9ca4 | 1940 | err = kernel_listen(sock, 10); |
1da177e4 LT |
1941 | if (err) { |
1942 | BT_ERR("Listen failed %d", err); | |
1943 | goto failed; | |
1944 | } | |
1945 | ||
1946 | /* Add listening session */ | |
1947 | s = rfcomm_session_add(sock, BT_LISTEN); | |
1948 | if (!s) | |
1949 | goto failed; | |
1950 | ||
1951 | rfcomm_session_hold(s); | |
1952 | return 0; | |
1953 | failed: | |
1954 | sock_release(sock); | |
1955 | return err; | |
1956 | } | |
1957 | ||
1958 | static void rfcomm_kill_listener(void) | |
1959 | { | |
1960 | struct rfcomm_session *s; | |
1961 | struct list_head *p, *n; | |
1962 | ||
1963 | BT_DBG(""); | |
1964 | ||
1965 | list_for_each_safe(p, n, &session_list) { | |
1966 | s = list_entry(p, struct rfcomm_session, list); | |
1967 | rfcomm_session_del(s); | |
1968 | } | |
1969 | } | |
1970 | ||
1971 | static int rfcomm_run(void *unused) | |
1972 | { | |
a524eccc | 1973 | BT_DBG(""); |
1da177e4 | 1974 | |
1da177e4 | 1975 | set_user_nice(current, -10); |
1da177e4 | 1976 | |
1da177e4 LT |
1977 | rfcomm_add_listener(BDADDR_ANY); |
1978 | ||
a524eccc MH |
1979 | while (!kthread_should_stop()) { |
1980 | set_current_state(TASK_INTERRUPTIBLE); | |
1981 | if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) { | |
1982 | /* No pending events. Let's sleep. | |
1983 | * Incoming connections and data will wake us up. */ | |
1984 | schedule(); | |
1985 | } | |
1986 | set_current_state(TASK_RUNNING); | |
1987 | ||
1988 | /* Process stuff */ | |
1989 | clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event); | |
1990 | rfcomm_process_sessions(); | |
1991 | } | |
1da177e4 LT |
1992 | |
1993 | rfcomm_kill_listener(); | |
1994 | ||
1da177e4 LT |
1995 | return 0; |
1996 | } | |
1997 | ||
8c1b2355 | 1998 | static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt) |
1da177e4 LT |
1999 | { |
2000 | struct rfcomm_session *s; | |
2001 | struct rfcomm_dlc *d; | |
2002 | struct list_head *p, *n; | |
2003 | ||
2004 | BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt); | |
2005 | ||
2006 | s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst); | |
2007 | if (!s) | |
2008 | return; | |
2009 | ||
2010 | rfcomm_session_hold(s); | |
2011 | ||
2012 | list_for_each_safe(p, n, &s->dlcs) { | |
2013 | d = list_entry(p, struct rfcomm_dlc, list); | |
2014 | ||
8c84b830 MH |
2015 | if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) { |
2016 | rfcomm_dlc_clear_timer(d); | |
2017 | if (status || encrypt == 0x00) { | |
2018 | __rfcomm_dlc_close(d, ECONNREFUSED); | |
2019 | continue; | |
2020 | } | |
2021 | } | |
2022 | ||
2023 | if (d->state == BT_CONNECTED && !status && encrypt == 0x00) { | |
2024 | if (d->sec_level == BT_SECURITY_MEDIUM) { | |
2025 | set_bit(RFCOMM_SEC_PENDING, &d->flags); | |
2026 | rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); | |
2027 | continue; | |
2028 | } else if (d->sec_level == BT_SECURITY_HIGH) { | |
2029 | __rfcomm_dlc_close(d, ECONNREFUSED); | |
2030 | continue; | |
2031 | } | |
9719f8af MH |
2032 | } |
2033 | ||
1da177e4 LT |
2034 | if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags)) |
2035 | continue; | |
2036 | ||
8c1b2355 | 2037 | if (!status) |
1da177e4 LT |
2038 | set_bit(RFCOMM_AUTH_ACCEPT, &d->flags); |
2039 | else | |
2040 | set_bit(RFCOMM_AUTH_REJECT, &d->flags); | |
2041 | } | |
2042 | ||
2043 | rfcomm_session_put(s); | |
2044 | ||
2045 | rfcomm_schedule(RFCOMM_SCHED_AUTH); | |
2046 | } | |
2047 | ||
2048 | static struct hci_cb rfcomm_cb = { | |
2049 | .name = "RFCOMM", | |
8c1b2355 | 2050 | .security_cfm = rfcomm_security_cfm |
1da177e4 LT |
2051 | }; |
2052 | ||
be9d1227 | 2053 | static ssize_t rfcomm_dlc_sysfs_show(struct class *dev, char *buf) |
1da177e4 LT |
2054 | { |
2055 | struct rfcomm_session *s; | |
2056 | struct list_head *pp, *p; | |
be9d1227 | 2057 | char *str = buf; |
1da177e4 LT |
2058 | |
2059 | rfcomm_lock(); | |
2060 | ||
2061 | list_for_each(p, &session_list) { | |
2062 | s = list_entry(p, struct rfcomm_session, list); | |
be9d1227 MH |
2063 | list_for_each(pp, &s->dlcs) { |
2064 | struct sock *sk = s->sock->sk; | |
2065 | struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list); | |
1da177e4 | 2066 | |
be9d1227 MH |
2067 | str += sprintf(str, "%s %s %ld %d %d %d %d\n", |
2068 | batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst), | |
2069 | d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits); | |
1da177e4 LT |
2070 | } |
2071 | } | |
1da177e4 | 2072 | |
1da177e4 | 2073 | rfcomm_unlock(); |
1da177e4 | 2074 | |
be9d1227 | 2075 | return (str - buf); |
1da177e4 LT |
2076 | } |
2077 | ||
be9d1227 | 2078 | static CLASS_ATTR(rfcomm_dlc, S_IRUGO, rfcomm_dlc_sysfs_show, NULL); |
1da177e4 LT |
2079 | |
2080 | /* ---- Initialization ---- */ | |
2081 | static int __init rfcomm_init(void) | |
2082 | { | |
2083 | l2cap_load(); | |
2084 | ||
2085 | hci_register_cb(&rfcomm_cb); | |
2086 | ||
a524eccc MH |
2087 | rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd"); |
2088 | if (IS_ERR(rfcomm_thread)) { | |
2089 | hci_unregister_cb(&rfcomm_cb); | |
2090 | return PTR_ERR(rfcomm_thread); | |
2091 | } | |
1da177e4 | 2092 | |
df5c37ea MH |
2093 | if (class_create_file(bt_class, &class_attr_rfcomm_dlc) < 0) |
2094 | BT_ERR("Failed to create RFCOMM info file"); | |
1da177e4 LT |
2095 | |
2096 | rfcomm_init_sockets(); | |
2097 | ||
2098 | #ifdef CONFIG_BT_RFCOMM_TTY | |
2099 | rfcomm_init_ttys(); | |
2100 | #endif | |
2101 | ||
be9d1227 MH |
2102 | BT_INFO("RFCOMM ver %s", VERSION); |
2103 | ||
1da177e4 LT |
2104 | return 0; |
2105 | } | |
2106 | ||
2107 | static void __exit rfcomm_exit(void) | |
2108 | { | |
a91f2e39 | 2109 | class_remove_file(bt_class, &class_attr_rfcomm_dlc); |
be9d1227 | 2110 | |
1da177e4 LT |
2111 | hci_unregister_cb(&rfcomm_cb); |
2112 | ||
a524eccc | 2113 | kthread_stop(rfcomm_thread); |
1da177e4 LT |
2114 | |
2115 | #ifdef CONFIG_BT_RFCOMM_TTY | |
2116 | rfcomm_cleanup_ttys(); | |
2117 | #endif | |
2118 | ||
2119 | rfcomm_cleanup_sockets(); | |
1da177e4 LT |
2120 | } |
2121 | ||
2122 | module_init(rfcomm_init); | |
2123 | module_exit(rfcomm_exit); | |
2124 | ||
7c2660b0 MH |
2125 | module_param(disable_cfc, bool, 0644); |
2126 | MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control"); | |
2127 | ||
98bcd08b MH |
2128 | module_param(channel_mtu, int, 0644); |
2129 | MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel"); | |
2130 | ||
56f3a40a MH |
2131 | module_param(l2cap_mtu, uint, 0644); |
2132 | MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection"); | |
2133 | ||
63fbd24e | 2134 | MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); |
1da177e4 LT |
2135 | MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION); |
2136 | MODULE_VERSION(VERSION); | |
2137 | MODULE_LICENSE("GPL"); | |
2138 | MODULE_ALIAS("bt-proto-3"); |