Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/netbt/rfcomm_session.c
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /* $NetBSD: rfcomm_session.c,v 1.14.4.1 2010/01/03 17:52:13 jdc Exp $ */ 2 3 /*- 4 * Copyright (c) 2006 Itronix Inc. 5 * All rights reserved. 6 * 7 * Written by Iain Hibbert for Itronix Inc. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. The name of Itronix Inc. may not be used to endorse 18 * or promote products derived from this software without specific 19 * prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY ITRONIX INC. ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 23 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 24 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ITRONIX INC. BE LIABLE FOR ANY 25 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 26 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 27 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 28 * ON ANY THEORY OF LIABILITY, WHETHER IN 29 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 30 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 31 * POSSIBILITY OF SUCH DAMAGE. 32 */ 33 34 #include <sys/cdefs.h> 35 __KERNEL_RCSID(0, "$NetBSD: rfcomm_session.c,v 1.14.4.1 2010/01/03 17:52:13 jdc Exp $"); 36 37 #include <sys/param.h> 38 #include <sys/kernel.h> 39 #include <sys/mbuf.h> 40 #include <sys/proc.h> 41 #include <sys/socketvar.h> 42 #include <sys/systm.h> 43 #include <sys/types.h> 44 45 #include <netbt/bluetooth.h> 46 #include <netbt/hci.h> 47 #include <netbt/l2cap.h> 48 #include <netbt/rfcomm.h> 49 50 /****************************************************************************** 51 * 52 * RFCOMM Multiplexer Sessions sit directly on L2CAP channels, and can 53 * multiplex up to 30 incoming and 30 outgoing connections. 54 * Only one Multiplexer is allowed between any two devices. 55 */ 56 57 static void rfcomm_session_timeout(void *); 58 static void rfcomm_session_recv_sabm(struct rfcomm_session *, int); 59 static void rfcomm_session_recv_disc(struct rfcomm_session *, int); 60 static void rfcomm_session_recv_ua(struct rfcomm_session *, int); 61 static void rfcomm_session_recv_dm(struct rfcomm_session *, int); 62 static void rfcomm_session_recv_uih(struct rfcomm_session *, int, int, struct mbuf *, int); 63 static void rfcomm_session_recv_mcc(struct rfcomm_session *, struct mbuf *); 64 static void rfcomm_session_recv_mcc_test(struct rfcomm_session *, int, struct mbuf *); 65 static void rfcomm_session_recv_mcc_fcon(struct rfcomm_session *, int); 66 static void rfcomm_session_recv_mcc_fcoff(struct rfcomm_session *, int); 67 static void rfcomm_session_recv_mcc_msc(struct rfcomm_session *, int, struct mbuf *); 68 static void rfcomm_session_recv_mcc_rpn(struct rfcomm_session *, int, struct mbuf *); 69 static void rfcomm_session_recv_mcc_rls(struct rfcomm_session *, int, struct mbuf *); 70 static void rfcomm_session_recv_mcc_pn(struct rfcomm_session *, int, struct mbuf *); 71 static void rfcomm_session_recv_mcc_nsc(struct rfcomm_session *, int, struct mbuf *); 72 73 /* L2CAP callbacks */ 74 static void rfcomm_session_connecting(void *); 75 static void rfcomm_session_connected(void *); 76 static void rfcomm_session_disconnected(void *, int); 77 static void *rfcomm_session_newconn(void *, struct sockaddr_bt *, struct sockaddr_bt *); 78 static void rfcomm_session_complete(void *, int); 79 static void rfcomm_session_linkmode(void *, int); 80 static void rfcomm_session_input(void *, struct mbuf *); 81 82 static const struct btproto rfcomm_session_proto = { 83 rfcomm_session_connecting, 84 rfcomm_session_connected, 85 rfcomm_session_disconnected, 86 rfcomm_session_newconn, 87 rfcomm_session_complete, 88 rfcomm_session_linkmode, 89 rfcomm_session_input, 90 }; 91 92 struct rfcomm_session_list 93 rfcomm_session_active = LIST_HEAD_INITIALIZER(rfcomm_session_active); 94 95 struct rfcomm_session_list 96 rfcomm_session_listen = LIST_HEAD_INITIALIZER(rfcomm_session_listen); 97 98 POOL_INIT(rfcomm_credit_pool, sizeof(struct rfcomm_credit), 99 0, 0, 0, "rfcomm_credit", NULL, IPL_SOFTNET); 100 101 /* 102 * RFCOMM System Parameters (see section 5.3) 103 */ 104 int rfcomm_mtu_default = 127; /* bytes */ 105 int rfcomm_ack_timeout = 20; /* seconds */ 106 int rfcomm_mcc_timeout = 20; /* seconds */ 107 108 /* 109 * Reversed CRC table as per TS 07.10 Annex B.3.5 110 */ 111 static const uint8_t crctable[256] = { /* reversed, 8-bit, poly=0x07 */ 112 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75, 113 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b, 114 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69, 115 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67, 116 117 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d, 118 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43, 119 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51, 120 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f, 121 122 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05, 123 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b, 124 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19, 125 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17, 126 127 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d, 128 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33, 129 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21, 130 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f, 131 132 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95, 133 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b, 134 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89, 135 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87, 136 137 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad, 138 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3, 139 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1, 140 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf, 141 142 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5, 143 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb, 144 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9, 145 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7, 146 147 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd, 148 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3, 149 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1, 150 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf 151 }; 152 153 #define FCS(f, d) crctable[(f) ^ (d)] 154 155 /* 156 * rfcomm_session_alloc(list, sockaddr) 157 * 158 * allocate a new session and fill in the blanks, then 159 * attach session to front of specified list (active or listen) 160 */ 161 struct rfcomm_session * 162 rfcomm_session_alloc(struct rfcomm_session_list *list, 163 struct sockaddr_bt *laddr) 164 { 165 struct rfcomm_session *rs; 166 struct sockopt sopt; 167 int err; 168 169 rs = malloc(sizeof(*rs), M_BLUETOOTH, M_NOWAIT | M_ZERO); 170 if (rs == NULL) 171 return NULL; 172 173 rs->rs_state = RFCOMM_SESSION_CLOSED; 174 175 callout_init(&rs->rs_timeout, 0); 176 callout_setfunc(&rs->rs_timeout, rfcomm_session_timeout, rs); 177 178 SIMPLEQ_INIT(&rs->rs_credits); 179 LIST_INIT(&rs->rs_dlcs); 180 181 err = l2cap_attach(&rs->rs_l2cap, &rfcomm_session_proto, rs); 182 if (err) { 183 free(rs, M_BLUETOOTH); 184 return NULL; 185 } 186 187 sockopt_init(&sopt, BTPROTO_L2CAP, SO_L2CAP_OMTU, 0); 188 (void)l2cap_getopt(rs->rs_l2cap, &sopt); 189 (void)sockopt_get(&sopt, &rs->rs_mtu, sizeof(rs->rs_mtu)); 190 sockopt_destroy(&sopt); 191 192 if (laddr->bt_psm == L2CAP_PSM_ANY) 193 laddr->bt_psm = L2CAP_PSM_RFCOMM; 194 195 (void)l2cap_bind(rs->rs_l2cap, laddr); 196 197 LIST_INSERT_HEAD(list, rs, rs_next); 198 199 return rs; 200 } 201 202 /* 203 * rfcomm_session_free(rfcomm_session) 204 * 205 * release a session, including any cleanup 206 */ 207 void 208 rfcomm_session_free(struct rfcomm_session *rs) 209 { 210 struct rfcomm_credit *credit; 211 212 KASSERT(rs != NULL); 213 KASSERT(LIST_EMPTY(&rs->rs_dlcs)); 214 215 rs->rs_state = RFCOMM_SESSION_CLOSED; 216 217 /* 218 * If the callout is already invoked we have no way to stop it, 219 * but it will call us back right away (there are no DLC's) so 220 * not to worry. 221 */ 222 callout_stop(&rs->rs_timeout); 223 if (callout_invoking(&rs->rs_timeout)) 224 return; 225 226 /* 227 * Take care that rfcomm_session_disconnected() doesnt call 228 * us back either as it will do if the l2cap_channel has not 229 * been closed when we detach it.. 230 */ 231 if (rs->rs_flags & RFCOMM_SESSION_FREE) 232 return; 233 234 rs->rs_flags |= RFCOMM_SESSION_FREE; 235 236 /* throw away any remaining credit notes */ 237 while ((credit = SIMPLEQ_FIRST(&rs->rs_credits)) != NULL) { 238 SIMPLEQ_REMOVE_HEAD(&rs->rs_credits, rc_next); 239 pool_put(&rfcomm_credit_pool, credit); 240 } 241 242 KASSERT(SIMPLEQ_EMPTY(&rs->rs_credits)); 243 244 /* Goodbye! */ 245 LIST_REMOVE(rs, rs_next); 246 l2cap_detach(&rs->rs_l2cap); 247 callout_destroy(&rs->rs_timeout); 248 free(rs, M_BLUETOOTH); 249 } 250 251 /* 252 * rfcomm_session_lookup(sockaddr, sockaddr) 253 * 254 * Find active rfcomm session matching src and dest addresses 255 * when src is BDADDR_ANY match any local address 256 */ 257 struct rfcomm_session * 258 rfcomm_session_lookup(struct sockaddr_bt *src, struct sockaddr_bt *dest) 259 { 260 struct rfcomm_session *rs; 261 struct sockaddr_bt addr; 262 263 LIST_FOREACH(rs, &rfcomm_session_active, rs_next) { 264 if (rs->rs_state == RFCOMM_SESSION_CLOSED) 265 continue; 266 267 l2cap_sockaddr(rs->rs_l2cap, &addr); 268 269 if (bdaddr_same(&src->bt_bdaddr, &addr.bt_bdaddr) == 0) 270 if (bdaddr_any(&src->bt_bdaddr) == 0) 271 continue; 272 273 l2cap_peeraddr(rs->rs_l2cap, &addr); 274 275 if (addr.bt_psm != dest->bt_psm) 276 continue; 277 278 if (bdaddr_same(&dest->bt_bdaddr, &addr.bt_bdaddr)) 279 break; 280 } 281 282 return rs; 283 } 284 285 /* 286 * rfcomm_session_timeout(rfcomm_session) 287 * 288 * Session timeouts are scheduled when a session is left or 289 * created with no DLCs, and when SABM(0) or DISC(0) are 290 * sent. 291 * 292 * So, if it is in an open state with DLC's attached then 293 * we leave it alone, otherwise the session is lost. 294 */ 295 static void 296 rfcomm_session_timeout(void *arg) 297 { 298 struct rfcomm_session *rs = arg; 299 struct rfcomm_dlc *dlc; 300 301 KASSERT(rs != NULL); 302 303 mutex_enter(bt_lock); 304 callout_ack(&rs->rs_timeout); 305 306 if (rs->rs_state != RFCOMM_SESSION_OPEN) { 307 DPRINTF("timeout\n"); 308 rs->rs_state = RFCOMM_SESSION_CLOSED; 309 310 while (!LIST_EMPTY(&rs->rs_dlcs)) { 311 dlc = LIST_FIRST(&rs->rs_dlcs); 312 313 rfcomm_dlc_close(dlc, ETIMEDOUT); 314 } 315 } 316 317 if (LIST_EMPTY(&rs->rs_dlcs)) { 318 DPRINTF("expiring\n"); 319 rfcomm_session_free(rs); 320 } 321 mutex_exit(bt_lock); 322 } 323 324 /*********************************************************************** 325 * 326 * RFCOMM Session L2CAP protocol callbacks 327 * 328 */ 329 330 static void 331 rfcomm_session_connecting(void *arg) 332 { 333 /* struct rfcomm_session *rs = arg; */ 334 335 DPRINTF("Connecting\n"); 336 } 337 338 static void 339 rfcomm_session_connected(void *arg) 340 { 341 struct rfcomm_session *rs = arg; 342 struct sockopt sopt; 343 344 DPRINTF("Connected\n"); 345 346 /* 347 * L2CAP is open. 348 * 349 * If we are initiator, we can send our SABM(0) 350 * a timeout should be active? 351 * 352 * We must take note of the L2CAP MTU because currently 353 * the L2CAP implementation can only do Basic Mode. 354 */ 355 sockopt_init(&sopt, BTPROTO_L2CAP, SO_L2CAP_OMTU, 0); 356 (void)l2cap_getopt(rs->rs_l2cap, &sopt); 357 (void)sockopt_get(&sopt, &rs->rs_mtu, sizeof(rs->rs_mtu)); 358 sockopt_destroy(&sopt); 359 360 rs->rs_mtu -= 6; /* (RFCOMM overhead could be this big) */ 361 if (rs->rs_mtu < RFCOMM_MTU_MIN) { 362 rfcomm_session_disconnected(rs, EINVAL); 363 return; 364 } 365 366 if (IS_INITIATOR(rs)) { 367 int err; 368 369 err = rfcomm_session_send_frame(rs, RFCOMM_FRAME_SABM, 0); 370 if (err) 371 rfcomm_session_disconnected(rs, err); 372 373 callout_schedule(&rs->rs_timeout, rfcomm_ack_timeout * hz); 374 } 375 } 376 377 static void 378 rfcomm_session_disconnected(void *arg, int err) 379 { 380 struct rfcomm_session *rs = arg; 381 struct rfcomm_dlc *dlc; 382 383 DPRINTF("Disconnected\n"); 384 385 rs->rs_state = RFCOMM_SESSION_CLOSED; 386 387 while (!LIST_EMPTY(&rs->rs_dlcs)) { 388 dlc = LIST_FIRST(&rs->rs_dlcs); 389 390 rfcomm_dlc_close(dlc, err); 391 } 392 393 rfcomm_session_free(rs); 394 } 395 396 static void * 397 rfcomm_session_newconn(void *arg, struct sockaddr_bt *laddr, 398 struct sockaddr_bt *raddr) 399 { 400 struct rfcomm_session *new, *rs = arg; 401 402 DPRINTF("New Connection\n"); 403 404 /* 405 * Incoming session connect request. We should return a new 406 * session pointer if this is acceptable. The L2CAP layer 407 * passes local and remote addresses, which we must check as 408 * only one RFCOMM session is allowed between any two devices 409 */ 410 new = rfcomm_session_lookup(laddr, raddr); 411 if (new != NULL) 412 return NULL; 413 414 new = rfcomm_session_alloc(&rfcomm_session_active, laddr); 415 if (new == NULL) 416 return NULL; 417 418 new->rs_mtu = rs->rs_mtu; 419 new->rs_state = RFCOMM_SESSION_WAIT_CONNECT; 420 421 /* 422 * schedule an expiry so that if nothing comes of it we 423 * can punt. 424 */ 425 callout_schedule(&new->rs_timeout, rfcomm_mcc_timeout * hz); 426 427 return new->rs_l2cap; 428 } 429 430 static void 431 rfcomm_session_complete(void *arg, int count) 432 { 433 struct rfcomm_session *rs = arg; 434 struct rfcomm_credit *credit; 435 struct rfcomm_dlc *dlc; 436 437 /* 438 * count L2CAP packets are 'complete', meaning that they are cleared 439 * our buffers (for best effort) or arrived safe (for guaranteed) so 440 * we can take it off our list and pass the message on, so that 441 * eventually the data can be removed from the sockbuf 442 */ 443 while (count-- > 0) { 444 credit = SIMPLEQ_FIRST(&rs->rs_credits); 445 #ifdef DIAGNOSTIC 446 if (credit == NULL) { 447 printf("%s: too many packets completed!\n", __func__); 448 break; 449 } 450 #endif 451 dlc = credit->rc_dlc; 452 if (dlc != NULL) { 453 dlc->rd_pending--; 454 (*dlc->rd_proto->complete) 455 (dlc->rd_upper, credit->rc_len); 456 457 /* 458 * if not using credit flow control, we may push 459 * more data now 460 */ 461 if ((rs->rs_flags & RFCOMM_SESSION_CFC) == 0 462 && dlc->rd_state == RFCOMM_DLC_OPEN) { 463 rfcomm_dlc_start(dlc); 464 } 465 466 /* 467 * When shutdown is indicated, we are just waiting to 468 * clear outgoing data. 469 */ 470 if ((dlc->rd_flags & RFCOMM_DLC_SHUTDOWN) 471 && dlc->rd_txbuf == NULL && dlc->rd_pending == 0) { 472 dlc->rd_state = RFCOMM_DLC_WAIT_DISCONNECT; 473 rfcomm_session_send_frame(rs, RFCOMM_FRAME_DISC, 474 dlc->rd_dlci); 475 callout_schedule(&dlc->rd_timeout, 476 rfcomm_ack_timeout * hz); 477 } 478 } 479 480 SIMPLEQ_REMOVE_HEAD(&rs->rs_credits, rc_next); 481 pool_put(&rfcomm_credit_pool, credit); 482 } 483 484 /* 485 * If session is closed, we are just waiting to clear the queue 486 */ 487 if (rs->rs_state == RFCOMM_SESSION_CLOSED) { 488 if (SIMPLEQ_EMPTY(&rs->rs_credits)) 489 l2cap_disconnect(rs->rs_l2cap, 0); 490 } 491 } 492 493 /* 494 * Link Mode changed 495 * 496 * This is called when a mode change is complete. Proceed with connections 497 * where appropriate, or pass the new mode to any active DLCs. 498 */ 499 static void 500 rfcomm_session_linkmode(void *arg, int new) 501 { 502 struct rfcomm_session *rs = arg; 503 struct rfcomm_dlc *dlc, *next; 504 int err, mode = 0; 505 506 DPRINTF("auth %s, encrypt %s, secure %s\n", 507 (new & L2CAP_LM_AUTH ? "on" : "off"), 508 (new & L2CAP_LM_ENCRYPT ? "on" : "off"), 509 (new & L2CAP_LM_SECURE ? "on" : "off")); 510 511 if (new & L2CAP_LM_AUTH) 512 mode |= RFCOMM_LM_AUTH; 513 514 if (new & L2CAP_LM_ENCRYPT) 515 mode |= RFCOMM_LM_ENCRYPT; 516 517 if (new & L2CAP_LM_SECURE) 518 mode |= RFCOMM_LM_SECURE; 519 520 next = LIST_FIRST(&rs->rs_dlcs); 521 while ((dlc = next) != NULL) { 522 next = LIST_NEXT(dlc, rd_next); 523 524 switch (dlc->rd_state) { 525 case RFCOMM_DLC_WAIT_SEND_SABM: /* we are connecting */ 526 if ((mode & dlc->rd_mode) != dlc->rd_mode) { 527 rfcomm_dlc_close(dlc, ECONNABORTED); 528 } else { 529 err = rfcomm_session_send_frame(rs, 530 RFCOMM_FRAME_SABM, dlc->rd_dlci); 531 if (err) { 532 rfcomm_dlc_close(dlc, err); 533 } else { 534 dlc->rd_state = RFCOMM_DLC_WAIT_RECV_UA; 535 callout_schedule(&dlc->rd_timeout, 536 rfcomm_ack_timeout * hz); 537 break; 538 } 539 } 540 541 /* 542 * If we aborted the connection and there are no more DLCs 543 * on the session, it is our responsibility to disconnect. 544 */ 545 if (!LIST_EMPTY(&rs->rs_dlcs)) 546 break; 547 548 rs->rs_state = RFCOMM_SESSION_WAIT_DISCONNECT; 549 rfcomm_session_send_frame(rs, RFCOMM_FRAME_DISC, 0); 550 callout_schedule(&rs->rs_timeout, rfcomm_ack_timeout * hz); 551 break; 552 553 case RFCOMM_DLC_WAIT_SEND_UA: /* they are connecting */ 554 if ((mode & dlc->rd_mode) != dlc->rd_mode) { 555 rfcomm_session_send_frame(rs, 556 RFCOMM_FRAME_DM, dlc->rd_dlci); 557 rfcomm_dlc_close(dlc, ECONNABORTED); 558 break; 559 } 560 561 err = rfcomm_session_send_frame(rs, 562 RFCOMM_FRAME_UA, dlc->rd_dlci); 563 if (err) { 564 rfcomm_session_send_frame(rs, 565 RFCOMM_FRAME_DM, dlc->rd_dlci); 566 rfcomm_dlc_close(dlc, err); 567 break; 568 } 569 570 err = rfcomm_dlc_open(dlc); 571 if (err) { 572 rfcomm_session_send_frame(rs, 573 RFCOMM_FRAME_DM, dlc->rd_dlci); 574 rfcomm_dlc_close(dlc, err); 575 break; 576 } 577 578 break; 579 580 case RFCOMM_DLC_WAIT_RECV_UA: 581 case RFCOMM_DLC_OPEN: /* already established */ 582 (*dlc->rd_proto->linkmode)(dlc->rd_upper, mode); 583 break; 584 585 default: 586 break; 587 } 588 } 589 } 590 591 /* 592 * Receive data from L2CAP layer for session. There is always exactly one 593 * RFCOMM frame contained in each L2CAP frame. 594 */ 595 static void 596 rfcomm_session_input(void *arg, struct mbuf *m) 597 { 598 struct rfcomm_session *rs = arg; 599 int dlci, len, type, pf; 600 uint8_t fcs, b; 601 602 KASSERT(m != NULL); 603 KASSERT(rs != NULL); 604 605 /* 606 * UIH frames: FCS is only calculated on address and control fields 607 * For other frames: FCS is calculated on address, control and length 608 * Length may extend to two octets 609 */ 610 fcs = 0xff; 611 612 if (m->m_pkthdr.len < 4) { 613 DPRINTF("short frame (%d), discarded\n", m->m_pkthdr.len); 614 goto done; 615 } 616 617 /* address - one octet */ 618 m_copydata(m, 0, 1, &b); 619 m_adj(m, 1); 620 fcs = FCS(fcs, b); 621 dlci = RFCOMM_DLCI(b); 622 623 /* control - one octet */ 624 m_copydata(m, 0, 1, &b); 625 m_adj(m, 1); 626 fcs = FCS(fcs, b); 627 type = RFCOMM_TYPE(b); 628 pf = RFCOMM_PF(b); 629 630 /* length - may be two octets */ 631 m_copydata(m, 0, 1, &b); 632 m_adj(m, 1); 633 if (type != RFCOMM_FRAME_UIH) 634 fcs = FCS(fcs, b); 635 len = (b >> 1) & 0x7f; 636 637 if (RFCOMM_EA(b) == 0) { 638 if (m->m_pkthdr.len < 2) { 639 DPRINTF("short frame (%d, EA = 0), discarded\n", 640 m->m_pkthdr.len); 641 goto done; 642 } 643 644 m_copydata(m, 0, 1, &b); 645 m_adj(m, 1); 646 if (type != RFCOMM_FRAME_UIH) 647 fcs = FCS(fcs, b); 648 649 len |= (b << 7); 650 } 651 652 /* FCS byte is last octet in frame */ 653 m_copydata(m, m->m_pkthdr.len - 1, 1, &b); 654 m_adj(m, -1); 655 fcs = FCS(fcs, b); 656 657 if (fcs != 0xcf) { 658 DPRINTF("Bad FCS value (%#2.2x), frame discarded\n", fcs); 659 goto done; 660 } 661 662 DPRINTFN(10, "dlci %d, type %2.2x, len = %d\n", dlci, type, len); 663 664 switch (type) { 665 case RFCOMM_FRAME_SABM: 666 if (pf) 667 rfcomm_session_recv_sabm(rs, dlci); 668 break; 669 670 case RFCOMM_FRAME_DISC: 671 if (pf) 672 rfcomm_session_recv_disc(rs, dlci); 673 break; 674 675 case RFCOMM_FRAME_UA: 676 if (pf) 677 rfcomm_session_recv_ua(rs, dlci); 678 break; 679 680 case RFCOMM_FRAME_DM: 681 rfcomm_session_recv_dm(rs, dlci); 682 break; 683 684 case RFCOMM_FRAME_UIH: 685 rfcomm_session_recv_uih(rs, dlci, pf, m, len); 686 return; /* (no release) */ 687 688 default: 689 UNKNOWN(type); 690 break; 691 } 692 693 done: 694 m_freem(m); 695 } 696 697 /*********************************************************************** 698 * 699 * RFCOMM Session receive processing 700 */ 701 702 /* 703 * rfcomm_session_recv_sabm(rfcomm_session, dlci) 704 * 705 * Set Asyncrhonous Balanced Mode - open the channel. 706 */ 707 static void 708 rfcomm_session_recv_sabm(struct rfcomm_session *rs, int dlci) 709 { 710 struct rfcomm_dlc *dlc; 711 int err; 712 713 DPRINTFN(5, "SABM(%d)\n", dlci); 714 715 if (dlci == 0) { /* Open Session */ 716 rs->rs_state = RFCOMM_SESSION_OPEN; 717 rfcomm_session_send_frame(rs, RFCOMM_FRAME_UA, 0); 718 LIST_FOREACH(dlc, &rs->rs_dlcs, rd_next) { 719 if (dlc->rd_state == RFCOMM_DLC_WAIT_SESSION) 720 rfcomm_dlc_connect(dlc); 721 } 722 return; 723 } 724 725 if (rs->rs_state != RFCOMM_SESSION_OPEN) { 726 DPRINTF("session was not even open!\n"); 727 return; 728 } 729 730 /* validate direction bit */ 731 if ((IS_INITIATOR(rs) && !RFCOMM_DIRECTION(dlci)) 732 || (!IS_INITIATOR(rs) && RFCOMM_DIRECTION(dlci))) { 733 DPRINTF("Invalid direction bit on DLCI\n"); 734 return; 735 } 736 737 /* 738 * look for our DLC - this may exist if we received PN 739 * already, or we may have to fabricate a new one. 740 */ 741 dlc = rfcomm_dlc_lookup(rs, dlci); 742 if (dlc == NULL) { 743 dlc = rfcomm_dlc_newconn(rs, dlci); 744 if (dlc == NULL) 745 return; /* (DM is sent) */ 746 } 747 748 /* 749 * ..but if this DLC is not waiting to connect, they did 750 * something wrong, ignore it. 751 */ 752 if (dlc->rd_state != RFCOMM_DLC_WAIT_CONNECT) 753 return; 754 755 /* set link mode */ 756 err = rfcomm_dlc_setmode(dlc); 757 if (err == EINPROGRESS) { 758 dlc->rd_state = RFCOMM_DLC_WAIT_SEND_UA; 759 (*dlc->rd_proto->connecting)(dlc->rd_upper); 760 return; 761 } 762 if (err) 763 goto close; 764 765 err = rfcomm_session_send_frame(rs, RFCOMM_FRAME_UA, dlci); 766 if (err) 767 goto close; 768 769 /* and mark it open */ 770 err = rfcomm_dlc_open(dlc); 771 if (err) 772 goto close; 773 774 return; 775 776 close: 777 rfcomm_dlc_close(dlc, err); 778 } 779 780 /* 781 * Receive Disconnect Command 782 */ 783 static void 784 rfcomm_session_recv_disc(struct rfcomm_session *rs, int dlci) 785 { 786 struct rfcomm_dlc *dlc; 787 788 DPRINTFN(5, "DISC(%d)\n", dlci); 789 790 if (dlci == 0) { 791 /* 792 * Disconnect Session 793 * 794 * We set the session state to CLOSED so that when 795 * the UA frame is clear the session will be closed 796 * automatically. We wont bother to close any DLC's 797 * just yet as there should be none. In the unlikely 798 * event that something is left, it will get flushed 799 * out as the session goes down. 800 */ 801 rfcomm_session_send_frame(rs, RFCOMM_FRAME_UA, 0); 802 rs->rs_state = RFCOMM_SESSION_CLOSED; 803 return; 804 } 805 806 dlc = rfcomm_dlc_lookup(rs, dlci); 807 if (dlc == NULL) { 808 rfcomm_session_send_frame(rs, RFCOMM_FRAME_DM, dlci); 809 return; 810 } 811 812 rfcomm_dlc_close(dlc, ECONNRESET); 813 rfcomm_session_send_frame(rs, RFCOMM_FRAME_UA, dlci); 814 } 815 816 /* 817 * Receive Unnumbered Acknowledgement Response 818 * 819 * This should be a response to a DISC or SABM frame that we 820 * have previously sent. If unexpected, ignore it. 821 */ 822 static void 823 rfcomm_session_recv_ua(struct rfcomm_session *rs, int dlci) 824 { 825 struct rfcomm_dlc *dlc; 826 827 DPRINTFN(5, "UA(%d)\n", dlci); 828 829 if (dlci == 0) { 830 switch (rs->rs_state) { 831 case RFCOMM_SESSION_WAIT_CONNECT: /* We sent SABM */ 832 callout_stop(&rs->rs_timeout); 833 rs->rs_state = RFCOMM_SESSION_OPEN; 834 LIST_FOREACH(dlc, &rs->rs_dlcs, rd_next) { 835 if (dlc->rd_state == RFCOMM_DLC_WAIT_SESSION) 836 rfcomm_dlc_connect(dlc); 837 } 838 break; 839 840 case RFCOMM_SESSION_WAIT_DISCONNECT: /* We sent DISC */ 841 callout_stop(&rs->rs_timeout); 842 rs->rs_state = RFCOMM_SESSION_CLOSED; 843 l2cap_disconnect(rs->rs_l2cap, 0); 844 break; 845 846 default: 847 DPRINTF("Received spurious UA(0)!\n"); 848 break; 849 } 850 851 return; 852 } 853 854 /* 855 * If we have no DLC on this dlci, we may have aborted 856 * without shutting down properly, so check if the session 857 * needs disconnecting. 858 */ 859 dlc = rfcomm_dlc_lookup(rs, dlci); 860 if (dlc == NULL) 861 goto check; 862 863 switch (dlc->rd_state) { 864 case RFCOMM_DLC_WAIT_RECV_UA: /* We sent SABM */ 865 rfcomm_dlc_open(dlc); 866 return; 867 868 case RFCOMM_DLC_WAIT_DISCONNECT: /* We sent DISC */ 869 rfcomm_dlc_close(dlc, 0); 870 break; 871 872 default: 873 DPRINTF("Received spurious UA(%d)!\n", dlci); 874 return; 875 } 876 877 check: /* last one out turns out the light */ 878 if (LIST_EMPTY(&rs->rs_dlcs)) { 879 rs->rs_state = RFCOMM_SESSION_WAIT_DISCONNECT; 880 rfcomm_session_send_frame(rs, RFCOMM_FRAME_DISC, 0); 881 callout_schedule(&rs->rs_timeout, rfcomm_ack_timeout * hz); 882 } 883 } 884 885 /* 886 * Receive Disconnected Mode Response 887 * 888 * If this does not apply to a known DLC then we may ignore it. 889 */ 890 static void 891 rfcomm_session_recv_dm(struct rfcomm_session *rs, int dlci) 892 { 893 struct rfcomm_dlc *dlc; 894 895 DPRINTFN(5, "DM(%d)\n", dlci); 896 897 dlc = rfcomm_dlc_lookup(rs, dlci); 898 if (dlc == NULL) 899 return; 900 901 if (dlc->rd_state == RFCOMM_DLC_WAIT_CONNECT) 902 rfcomm_dlc_close(dlc, ECONNREFUSED); 903 else 904 rfcomm_dlc_close(dlc, ECONNRESET); 905 } 906 907 /* 908 * Receive Unnumbered Information with Header check (MCC or data packet) 909 */ 910 static void 911 rfcomm_session_recv_uih(struct rfcomm_session *rs, int dlci, 912 int pf, struct mbuf *m, int len) 913 { 914 struct rfcomm_dlc *dlc; 915 uint8_t credits = 0; 916 917 DPRINTFN(10, "UIH(%d)\n", dlci); 918 919 if (dlci == 0) { 920 rfcomm_session_recv_mcc(rs, m); 921 return; 922 } 923 924 if (m->m_pkthdr.len != len + pf) { 925 DPRINTF("Bad Frame Length (%d), frame discarded\n", 926 m->m_pkthdr.len); 927 928 goto discard; 929 } 930 931 dlc = rfcomm_dlc_lookup(rs, dlci); 932 if (dlc == NULL) { 933 DPRINTF("UIH received for non existent DLC, discarded\n"); 934 rfcomm_session_send_frame(rs, RFCOMM_FRAME_DM, dlci); 935 goto discard; 936 } 937 938 if (dlc->rd_state != RFCOMM_DLC_OPEN) { 939 DPRINTF("non-open DLC (state = %d), discarded\n", 940 dlc->rd_state); 941 goto discard; 942 } 943 944 /* if PF is set, credits were included */ 945 if (rs->rs_flags & RFCOMM_SESSION_CFC) { 946 if (pf != 0) { 947 if (m->m_pkthdr.len < sizeof(credits)) { 948 DPRINTF("Bad PF value, UIH discarded\n"); 949 goto discard; 950 } 951 952 m_copydata(m, 0, sizeof(credits), &credits); 953 m_adj(m, sizeof(credits)); 954 955 dlc->rd_txcred += credits; 956 957 if (credits > 0 && dlc->rd_txbuf != NULL) 958 rfcomm_dlc_start(dlc); 959 } 960 961 if (len == 0) 962 goto discard; 963 964 if (dlc->rd_rxcred == 0) { 965 DPRINTF("Credit limit reached, UIH discarded\n"); 966 goto discard; 967 } 968 969 if (len > dlc->rd_rxsize) { 970 DPRINTF("UIH frame exceeds rxsize, discarded\n"); 971 goto discard; 972 } 973 974 dlc->rd_rxcred--; 975 dlc->rd_rxsize -= len; 976 } 977 978 (*dlc->rd_proto->input)(dlc->rd_upper, m); 979 return; 980 981 discard: 982 m_freem(m); 983 } 984 985 /* 986 * Receive Multiplexer Control Command 987 */ 988 static void 989 rfcomm_session_recv_mcc(struct rfcomm_session *rs, struct mbuf *m) 990 { 991 int type, cr, len; 992 uint8_t b; 993 994 /* 995 * Extract MCC header. 996 * 997 * Fields are variable length using extension bit = 1 to signify the 998 * last octet in the sequence. 999 * 1000 * Only single octet types are defined in TS 07.10/RFCOMM spec 1001 * 1002 * Length can realistically only use 15 bits (max RFCOMM MTU) 1003 */ 1004 if (m->m_pkthdr.len < sizeof(b)) { 1005 DPRINTF("Short MCC header, discarded\n"); 1006 goto release; 1007 } 1008 1009 m_copydata(m, 0, sizeof(b), &b); 1010 m_adj(m, sizeof(b)); 1011 1012 if (RFCOMM_EA(b) == 0) { /* verify no extensions */ 1013 DPRINTF("MCC type EA = 0, discarded\n"); 1014 goto release; 1015 } 1016 1017 type = RFCOMM_MCC_TYPE(b); 1018 cr = RFCOMM_CR(b); 1019 1020 len = 0; 1021 do { 1022 if (m->m_pkthdr.len < sizeof(b)) { 1023 DPRINTF("Short MCC header, discarded\n"); 1024 goto release; 1025 } 1026 1027 m_copydata(m, 0, sizeof(b), &b); 1028 m_adj(m, sizeof(b)); 1029 1030 len = (len << 7) | (b >> 1); 1031 len = min(len, RFCOMM_MTU_MAX); 1032 } while (RFCOMM_EA(b) == 0); 1033 1034 if (len != m->m_pkthdr.len) { 1035 DPRINTF("Incorrect MCC length, discarded\n"); 1036 goto release; 1037 } 1038 1039 DPRINTFN(2, "MCC %s type %2.2x (%d bytes)\n", 1040 (cr ? "command" : "response"), type, len); 1041 1042 /* 1043 * pass to command handler 1044 */ 1045 switch(type) { 1046 case RFCOMM_MCC_TEST: /* Test */ 1047 rfcomm_session_recv_mcc_test(rs, cr, m); 1048 break; 1049 1050 case RFCOMM_MCC_FCON: /* Flow Control On */ 1051 rfcomm_session_recv_mcc_fcon(rs, cr); 1052 break; 1053 1054 case RFCOMM_MCC_FCOFF: /* Flow Control Off */ 1055 rfcomm_session_recv_mcc_fcoff(rs, cr); 1056 break; 1057 1058 case RFCOMM_MCC_MSC: /* Modem Status Command */ 1059 rfcomm_session_recv_mcc_msc(rs, cr, m); 1060 break; 1061 1062 case RFCOMM_MCC_RPN: /* Remote Port Negotiation */ 1063 rfcomm_session_recv_mcc_rpn(rs, cr, m); 1064 break; 1065 1066 case RFCOMM_MCC_RLS: /* Remote Line Status */ 1067 rfcomm_session_recv_mcc_rls(rs, cr, m); 1068 break; 1069 1070 case RFCOMM_MCC_PN: /* Parameter Negotiation */ 1071 rfcomm_session_recv_mcc_pn(rs, cr, m); 1072 break; 1073 1074 case RFCOMM_MCC_NSC: /* Non Supported Command */ 1075 rfcomm_session_recv_mcc_nsc(rs, cr, m); 1076 break; 1077 1078 default: 1079 b = RFCOMM_MKMCC_TYPE(cr, type); 1080 rfcomm_session_send_mcc(rs, 0, RFCOMM_MCC_NSC, &b, sizeof(b)); 1081 } 1082 1083 release: 1084 m_freem(m); 1085 } 1086 1087 /* 1088 * process TEST command/response 1089 */ 1090 static void 1091 rfcomm_session_recv_mcc_test(struct rfcomm_session *rs, int cr, struct mbuf *m) 1092 { 1093 void *data; 1094 int len; 1095 1096 if (cr == 0) /* ignore ack */ 1097 return; 1098 1099 /* 1100 * we must send all the data they included back as is 1101 */ 1102 1103 len = m->m_pkthdr.len; 1104 if (len > RFCOMM_MTU_MAX) 1105 return; 1106 1107 data = malloc(len, M_BLUETOOTH, M_NOWAIT); 1108 if (data == NULL) 1109 return; 1110 1111 m_copydata(m, 0, len, data); 1112 rfcomm_session_send_mcc(rs, 0, RFCOMM_MCC_TEST, data, len); 1113 free(data, M_BLUETOOTH); 1114 } 1115 1116 /* 1117 * process Flow Control ON command/response 1118 */ 1119 static void 1120 rfcomm_session_recv_mcc_fcon(struct rfcomm_session *rs, int cr) 1121 { 1122 1123 if (cr == 0) /* ignore ack */ 1124 return; 1125 1126 rs->rs_flags |= RFCOMM_SESSION_RFC; 1127 rfcomm_session_send_mcc(rs, 0, RFCOMM_MCC_FCON, NULL, 0); 1128 } 1129 1130 /* 1131 * process Flow Control OFF command/response 1132 */ 1133 static void 1134 rfcomm_session_recv_mcc_fcoff(struct rfcomm_session *rs, int cr) 1135 { 1136 1137 if (cr == 0) /* ignore ack */ 1138 return; 1139 1140 rs->rs_flags &= ~RFCOMM_SESSION_RFC; 1141 rfcomm_session_send_mcc(rs, 0, RFCOMM_MCC_FCOFF, NULL, 0); 1142 } 1143 1144 /* 1145 * process Modem Status Command command/response 1146 */ 1147 static void 1148 rfcomm_session_recv_mcc_msc(struct rfcomm_session *rs, int cr, struct mbuf *m) 1149 { 1150 struct rfcomm_mcc_msc msc; /* (3 octets) */ 1151 struct rfcomm_dlc *dlc; 1152 int len = 0; 1153 1154 /* [ADDRESS] */ 1155 if (m->m_pkthdr.len < sizeof(msc.address)) 1156 return; 1157 1158 m_copydata(m, 0, sizeof(msc.address), &msc.address); 1159 m_adj(m, sizeof(msc.address)); 1160 len += sizeof(msc.address); 1161 1162 dlc = rfcomm_dlc_lookup(rs, RFCOMM_DLCI(msc.address)); 1163 1164 if (cr == 0) { /* ignore acks */ 1165 if (dlc != NULL) 1166 callout_stop(&dlc->rd_timeout); 1167 1168 return; 1169 } 1170 1171 if (dlc == NULL) { 1172 rfcomm_session_send_frame(rs, RFCOMM_FRAME_DM, 1173 RFCOMM_DLCI(msc.address)); 1174 return; 1175 } 1176 1177 /* [SIGNALS] */ 1178 if (m->m_pkthdr.len < sizeof(msc.modem)) 1179 return; 1180 1181 m_copydata(m, 0, sizeof(msc.modem), &msc.modem); 1182 m_adj(m, sizeof(msc.modem)); 1183 len += sizeof(msc.modem); 1184 1185 dlc->rd_rmodem = msc.modem; 1186 /* XXX how do we signal this upstream? */ 1187 1188 if (RFCOMM_EA(msc.modem) == 0) { 1189 if (m->m_pkthdr.len < sizeof(msc.brk)) 1190 return; 1191 1192 m_copydata(m, 0, sizeof(msc.brk), &msc.brk); 1193 m_adj(m, sizeof(msc.brk)); 1194 len += sizeof(msc.brk); 1195 1196 /* XXX how do we signal this upstream? */ 1197 } 1198 1199 rfcomm_session_send_mcc(rs, 0, RFCOMM_MCC_MSC, &msc, len); 1200 } 1201 1202 /* 1203 * process Remote Port Negotiation command/response 1204 */ 1205 static void 1206 rfcomm_session_recv_mcc_rpn(struct rfcomm_session *rs, int cr, struct mbuf *m) 1207 { 1208 struct rfcomm_mcc_rpn rpn; 1209 uint16_t mask; 1210 1211 if (cr == 0) /* ignore ack */ 1212 return; 1213 1214 /* default values */ 1215 rpn.bit_rate = RFCOMM_RPN_BR_9600; 1216 rpn.line_settings = RFCOMM_RPN_8_N_1; 1217 rpn.flow_control = RFCOMM_RPN_FLOW_NONE; 1218 rpn.xon_char = RFCOMM_RPN_XON_CHAR; 1219 rpn.xoff_char = RFCOMM_RPN_XOFF_CHAR; 1220 1221 if (m->m_pkthdr.len == sizeof(rpn)) { 1222 m_copydata(m, 0, sizeof(rpn), &rpn); 1223 rpn.param_mask = RFCOMM_RPN_PM_ALL; 1224 } else if (m->m_pkthdr.len == 1) { 1225 m_copydata(m, 0, 1, &rpn); 1226 rpn.param_mask = le16toh(rpn.param_mask); 1227 } else { 1228 DPRINTF("Bad RPN length (%d)\n", m->m_pkthdr.len); 1229 return; 1230 } 1231 1232 mask = 0; 1233 1234 if (rpn.param_mask & RFCOMM_RPN_PM_RATE) 1235 mask |= RFCOMM_RPN_PM_RATE; 1236 1237 if (rpn.param_mask & RFCOMM_RPN_PM_DATA 1238 && RFCOMM_RPN_DATA_BITS(rpn.line_settings) == RFCOMM_RPN_DATA_8) 1239 mask |= RFCOMM_RPN_PM_DATA; 1240 1241 if (rpn.param_mask & RFCOMM_RPN_PM_STOP 1242 && RFCOMM_RPN_STOP_BITS(rpn.line_settings) == RFCOMM_RPN_STOP_1) 1243 mask |= RFCOMM_RPN_PM_STOP; 1244 1245 if (rpn.param_mask & RFCOMM_RPN_PM_PARITY 1246 && RFCOMM_RPN_PARITY(rpn.line_settings) == RFCOMM_RPN_PARITY_NONE) 1247 mask |= RFCOMM_RPN_PM_PARITY; 1248 1249 if (rpn.param_mask & RFCOMM_RPN_PM_XON 1250 && rpn.xon_char == RFCOMM_RPN_XON_CHAR) 1251 mask |= RFCOMM_RPN_PM_XON; 1252 1253 if (rpn.param_mask & RFCOMM_RPN_PM_XOFF 1254 && rpn.xoff_char == RFCOMM_RPN_XOFF_CHAR) 1255 mask |= RFCOMM_RPN_PM_XOFF; 1256 1257 if (rpn.param_mask & RFCOMM_RPN_PM_FLOW 1258 && rpn.flow_control == RFCOMM_RPN_FLOW_NONE) 1259 mask |= RFCOMM_RPN_PM_FLOW; 1260 1261 rpn.param_mask = htole16(mask); 1262 1263 rfcomm_session_send_mcc(rs, 0, RFCOMM_MCC_RPN, &rpn, sizeof(rpn)); 1264 } 1265 1266 /* 1267 * process Remote Line Status command/response 1268 */ 1269 static void 1270 rfcomm_session_recv_mcc_rls(struct rfcomm_session *rs, int cr, struct mbuf *m) 1271 { 1272 struct rfcomm_mcc_rls rls; 1273 1274 if (cr == 0) /* ignore ack */ 1275 return; 1276 1277 if (m->m_pkthdr.len != sizeof(rls)) { 1278 DPRINTF("Bad RLS length %d\n", m->m_pkthdr.len); 1279 return; 1280 } 1281 1282 m_copydata(m, 0, sizeof(rls), &rls); 1283 1284 /* 1285 * So far as I can tell, we just send back what 1286 * they sent us. This signifies errors that seem 1287 * irrelevent for RFCOMM over L2CAP. 1288 */ 1289 rls.address |= 0x03; /* EA = 1, CR = 1 */ 1290 rls.status &= 0x0f; /* only 4 bits valid */ 1291 1292 rfcomm_session_send_mcc(rs, 0, RFCOMM_MCC_RLS, &rls, sizeof(rls)); 1293 } 1294 1295 /* 1296 * process Parameter Negotiation command/response 1297 */ 1298 static void 1299 rfcomm_session_recv_mcc_pn(struct rfcomm_session *rs, int cr, struct mbuf *m) 1300 { 1301 struct rfcomm_dlc *dlc; 1302 struct rfcomm_mcc_pn pn; 1303 int err; 1304 1305 if (m->m_pkthdr.len != sizeof(pn)) { 1306 DPRINTF("Bad PN length %d\n", m->m_pkthdr.len); 1307 return; 1308 } 1309 1310 m_copydata(m, 0, sizeof(pn), &pn); 1311 1312 pn.dlci &= 0x3f; 1313 pn.mtu = le16toh(pn.mtu); 1314 1315 dlc = rfcomm_dlc_lookup(rs, pn.dlci); 1316 if (cr) { /* Command */ 1317 /* 1318 * If there is no DLC present, this is a new 1319 * connection so attempt to make one 1320 */ 1321 if (dlc == NULL) { 1322 dlc = rfcomm_dlc_newconn(rs, pn.dlci); 1323 if (dlc == NULL) 1324 return; /* (DM is sent) */ 1325 } 1326 1327 /* accept any valid MTU, and offer it back */ 1328 pn.mtu = min(pn.mtu, RFCOMM_MTU_MAX); 1329 pn.mtu = min(pn.mtu, rs->rs_mtu); 1330 pn.mtu = max(pn.mtu, RFCOMM_MTU_MIN); 1331 dlc->rd_mtu = pn.mtu; 1332 pn.mtu = htole16(pn.mtu); 1333 1334 /* credits are only set before DLC is open */ 1335 if (dlc->rd_state == RFCOMM_DLC_WAIT_CONNECT 1336 && (pn.flow_control & 0xf0) == 0xf0) { 1337 rs->rs_flags |= RFCOMM_SESSION_CFC; 1338 dlc->rd_txcred = pn.credits & 0x07; 1339 1340 dlc->rd_rxcred = (dlc->rd_rxsize / dlc->rd_mtu); 1341 dlc->rd_rxcred = min(dlc->rd_rxcred, 1342 RFCOMM_CREDITS_DEFAULT); 1343 1344 pn.flow_control = 0xe0; 1345 pn.credits = dlc->rd_rxcred; 1346 } else { 1347 pn.flow_control = 0x00; 1348 pn.credits = 0x00; 1349 } 1350 1351 /* unused fields must be ignored and set to zero */ 1352 pn.ack_timer = 0; 1353 pn.max_retrans = 0; 1354 1355 /* send our response */ 1356 err = rfcomm_session_send_mcc(rs, 0, 1357 RFCOMM_MCC_PN, &pn, sizeof(pn)); 1358 if (err) 1359 goto close; 1360 1361 } else { /* Response */ 1362 /* ignore responses with no matching DLC */ 1363 if (dlc == NULL) 1364 return; 1365 1366 callout_stop(&dlc->rd_timeout); 1367 1368 /* reject invalid or unacceptable MTU */ 1369 if (pn.mtu < RFCOMM_MTU_MIN || pn.mtu > dlc->rd_mtu) { 1370 dlc->rd_state = RFCOMM_DLC_WAIT_DISCONNECT; 1371 err = rfcomm_session_send_frame(rs, RFCOMM_FRAME_DISC, 1372 pn.dlci); 1373 if (err) 1374 goto close; 1375 1376 callout_schedule(&dlc->rd_timeout, 1377 rfcomm_ack_timeout * hz); 1378 return; 1379 } 1380 dlc->rd_mtu = pn.mtu; 1381 1382 /* if DLC is not waiting to connect, we are done */ 1383 if (dlc->rd_state != RFCOMM_DLC_WAIT_CONNECT) 1384 return; 1385 1386 /* set initial credits according to RFCOMM spec */ 1387 if ((pn.flow_control & 0xf0) == 0xe0) { 1388 rs->rs_flags |= RFCOMM_SESSION_CFC; 1389 dlc->rd_txcred = (pn.credits & 0x07); 1390 } 1391 1392 callout_schedule(&dlc->rd_timeout, rfcomm_ack_timeout * hz); 1393 1394 /* set link mode */ 1395 err = rfcomm_dlc_setmode(dlc); 1396 if (err == EINPROGRESS) { 1397 dlc->rd_state = RFCOMM_DLC_WAIT_SEND_SABM; 1398 (*dlc->rd_proto->connecting)(dlc->rd_upper); 1399 return; 1400 } 1401 if (err) 1402 goto close; 1403 1404 /* we can proceed now */ 1405 err = rfcomm_session_send_frame(rs, RFCOMM_FRAME_SABM, pn.dlci); 1406 if (err) 1407 goto close; 1408 1409 dlc->rd_state = RFCOMM_DLC_WAIT_RECV_UA; 1410 } 1411 return; 1412 1413 close: 1414 rfcomm_dlc_close(dlc, err); 1415 } 1416 1417 /* 1418 * process Non Supported Command command/response 1419 */ 1420 static void 1421 rfcomm_session_recv_mcc_nsc(struct rfcomm_session *rs, 1422 int cr, struct mbuf *m) 1423 { 1424 struct rfcomm_dlc *dlc, *next; 1425 1426 /* 1427 * Since we did nothing that is not mandatory, 1428 * we just abort the whole session.. 1429 */ 1430 1431 next = LIST_FIRST(&rs->rs_dlcs); 1432 while ((dlc = next) != NULL) { 1433 next = LIST_NEXT(dlc, rd_next); 1434 rfcomm_dlc_close(dlc, ECONNABORTED); 1435 } 1436 1437 rfcomm_session_free(rs); 1438 } 1439 1440 /*********************************************************************** 1441 * 1442 * RFCOMM Session outward frame/uih/mcc building 1443 */ 1444 1445 /* 1446 * SABM/DISC/DM/UA frames are all minimal and mostly identical. 1447 */ 1448 int 1449 rfcomm_session_send_frame(struct rfcomm_session *rs, int type, int dlci) 1450 { 1451 struct rfcomm_cmd_hdr *hdr; 1452 struct rfcomm_credit *credit; 1453 struct mbuf *m; 1454 uint8_t fcs, cr; 1455 1456 credit = pool_get(&rfcomm_credit_pool, PR_NOWAIT); 1457 if (credit == NULL) 1458 return ENOMEM; 1459 1460 m = m_gethdr(M_DONTWAIT, MT_DATA); 1461 if (m == NULL) { 1462 pool_put(&rfcomm_credit_pool, credit); 1463 return ENOMEM; 1464 } 1465 1466 /* 1467 * The CR (command/response) bit identifies the frame either as a 1468 * commmand or a response and is used along with the DLCI to form 1469 * the address. Commands contain the non-initiator address, whereas 1470 * responses contain the initiator address, so the CR value is 1471 * also dependent on the session direction. 1472 */ 1473 if (type == RFCOMM_FRAME_UA || type == RFCOMM_FRAME_DM) 1474 cr = IS_INITIATOR(rs) ? 0 : 1; 1475 else 1476 cr = IS_INITIATOR(rs) ? 1 : 0; 1477 1478 hdr = mtod(m, struct rfcomm_cmd_hdr *); 1479 hdr->address = RFCOMM_MKADDRESS(cr, dlci); 1480 hdr->control = RFCOMM_MKCONTROL(type, 1); /* PF = 1 */ 1481 hdr->length = (0x00 << 1) | 0x01; /* len = 0x00, EA = 1 */ 1482 1483 fcs = 0xff; 1484 fcs = FCS(fcs, hdr->address); 1485 fcs = FCS(fcs, hdr->control); 1486 fcs = FCS(fcs, hdr->length); 1487 fcs = 0xff - fcs; /* ones complement */ 1488 hdr->fcs = fcs; 1489 1490 m->m_pkthdr.len = m->m_len = sizeof(struct rfcomm_cmd_hdr); 1491 1492 /* empty credit note */ 1493 credit->rc_dlc = NULL; 1494 credit->rc_len = m->m_pkthdr.len; 1495 SIMPLEQ_INSERT_TAIL(&rs->rs_credits, credit, rc_next); 1496 1497 DPRINTFN(5, "dlci %d type %2.2x (%d bytes, fcs=%#2.2x)\n", 1498 dlci, type, m->m_pkthdr.len, fcs); 1499 1500 return l2cap_send(rs->rs_l2cap, m); 1501 } 1502 1503 /* 1504 * rfcomm_session_send_uih(rfcomm_session, rfcomm_dlc, credits, mbuf) 1505 * 1506 * UIH frame is per DLC data or Multiplexer Control Commands 1507 * when no DLC is given. Data mbuf is optional (just credits 1508 * will be sent in that case) 1509 */ 1510 int 1511 rfcomm_session_send_uih(struct rfcomm_session *rs, struct rfcomm_dlc *dlc, 1512 int credits, struct mbuf *m) 1513 { 1514 struct rfcomm_credit *credit; 1515 struct mbuf *m0 = NULL; 1516 int err, len; 1517 uint8_t fcs, *hdr; 1518 1519 KASSERT(rs != NULL); 1520 1521 len = (m == NULL) ? 0 : m->m_pkthdr.len; 1522 KASSERT(!(credits == 0 && len == 0)); 1523 1524 /* 1525 * Make a credit note for the completion notification 1526 */ 1527 credit = pool_get(&rfcomm_credit_pool, PR_NOWAIT); 1528 if (credit == NULL) 1529 goto nomem; 1530 1531 credit->rc_len = len; 1532 credit->rc_dlc = dlc; 1533 1534 /* 1535 * Wrap UIH frame information around payload. 1536 * 1537 * [ADDRESS] [CONTROL] [LENGTH] [CREDITS] [...] [FCS] 1538 * 1539 * Address is one octet. 1540 * Control is one octet. 1541 * Length is one or two octets. 1542 * Credits may be one octet. 1543 * 1544 * FCS is one octet and calculated on address and 1545 * control octets only. 1546 * 1547 * If there are credits to be sent, we will set the PF 1548 * flag and include them in the frame. 1549 */ 1550 m0 = m_gethdr(M_DONTWAIT, MT_DATA); 1551 if (m0 == NULL) 1552 goto nomem; 1553 1554 MH_ALIGN(m0, 5); /* (max 5 header octets) */ 1555 hdr = mtod(m0, uint8_t *); 1556 1557 /* CR bit is set according to the initiator of the session */ 1558 *hdr = RFCOMM_MKADDRESS((IS_INITIATOR(rs) ? 1 : 0), 1559 (dlc ? dlc->rd_dlci : 0)); 1560 fcs = FCS(0xff, *hdr); 1561 hdr++; 1562 1563 /* PF bit is set if credits are being sent */ 1564 *hdr = RFCOMM_MKCONTROL(RFCOMM_FRAME_UIH, (credits > 0 ? 1 : 0)); 1565 fcs = FCS(fcs, *hdr); 1566 hdr++; 1567 1568 if (len < (1 << 7)) { 1569 *hdr++ = ((len << 1) & 0xfe) | 0x01; /* 7 bits, EA = 1 */ 1570 } else { 1571 *hdr++ = ((len << 1) & 0xfe); /* 7 bits, EA = 0 */ 1572 *hdr++ = ((len >> 7) & 0xff); /* 8 bits, no EA */ 1573 } 1574 1575 if (credits > 0) 1576 *hdr++ = (uint8_t)credits; 1577 1578 m0->m_len = hdr - mtod(m0, uint8_t *); 1579 1580 /* Append payload */ 1581 m0->m_next = m; 1582 m = NULL; 1583 1584 m0->m_pkthdr.len = m0->m_len + len; 1585 1586 /* Append FCS */ 1587 fcs = 0xff - fcs; /* ones complement */ 1588 len = m0->m_pkthdr.len; 1589 m_copyback(m0, len, sizeof(fcs), &fcs); 1590 if (m0->m_pkthdr.len != len + sizeof(fcs)) 1591 goto nomem; 1592 1593 DPRINTFN(10, "dlci %d, pktlen %d (%d data, %d credits), fcs=%#2.2x\n", 1594 dlc ? dlc->rd_dlci : 0, m0->m_pkthdr.len, credit->rc_len, 1595 credits, fcs); 1596 1597 /* 1598 * UIH frame ready to go.. 1599 */ 1600 err = l2cap_send(rs->rs_l2cap, m0); 1601 if (err) 1602 goto fail; 1603 1604 SIMPLEQ_INSERT_TAIL(&rs->rs_credits, credit, rc_next); 1605 return 0; 1606 1607 nomem: 1608 err = ENOMEM; 1609 1610 if (m0 != NULL) 1611 m_freem(m0); 1612 1613 if (m != NULL) 1614 m_freem(m); 1615 1616 fail: 1617 if (credit != NULL) 1618 pool_put(&rfcomm_credit_pool, credit); 1619 1620 return err; 1621 } 1622 1623 /* 1624 * send Multiplexer Control Command (or Response) on session 1625 */ 1626 int 1627 rfcomm_session_send_mcc(struct rfcomm_session *rs, int cr, 1628 uint8_t type, void *data, int len) 1629 { 1630 struct mbuf *m; 1631 uint8_t *hdr; 1632 int hlen; 1633 1634 m = m_gethdr(M_DONTWAIT, MT_DATA); 1635 if (m == NULL) 1636 return ENOMEM; 1637 1638 hdr = mtod(m, uint8_t *); 1639 1640 /* 1641 * Technically the type field can extend past one octet, but none 1642 * currently defined will do that. 1643 */ 1644 *hdr++ = RFCOMM_MKMCC_TYPE(cr, type); 1645 1646 /* 1647 * In the frame, the max length size is 2 octets (15 bits) whereas 1648 * no max length size is specified for MCC commands. We must allow 1649 * for 3 octets since for MCC frames we use 7 bits + EA in each. 1650 * 1651 * Only test data can possibly be that big. 1652 * 1653 * XXX Should we check this against the MTU? 1654 */ 1655 if (len < (1 << 7)) { 1656 *hdr++ = ((len << 1) & 0xfe) | 0x01; /* 7 bits, EA = 1 */ 1657 } else if (len < (1 << 14)) { 1658 *hdr++ = ((len << 1) & 0xfe); /* 7 bits, EA = 0 */ 1659 *hdr++ = ((len >> 6) & 0xfe) | 0x01; /* 7 bits, EA = 1 */ 1660 } else if (len < (1 << 15)) { 1661 *hdr++ = ((len << 1) & 0xfe); /* 7 bits, EA = 0 */ 1662 *hdr++ = ((len >> 6) & 0xfe); /* 7 bits, EA = 0 */ 1663 *hdr++ = ((len >> 13) & 0x02) | 0x01; /* 1 bit, EA = 1 */ 1664 } else { 1665 DPRINTF("incredible length! (%d)\n", len); 1666 m_freem(m); 1667 return EMSGSIZE; 1668 } 1669 1670 /* 1671 * add command data (to same mbuf if possible) 1672 */ 1673 hlen = hdr - mtod(m, uint8_t *); 1674 1675 if (len > 0) { 1676 m->m_pkthdr.len = m->m_len = MHLEN; 1677 m_copyback(m, hlen, len, data); 1678 if (m->m_pkthdr.len != max(MHLEN, hlen + len)) { 1679 m_freem(m); 1680 return ENOMEM; 1681 } 1682 } 1683 1684 m->m_pkthdr.len = hlen + len; 1685 m->m_len = min(MHLEN, m->m_pkthdr.len); 1686 1687 DPRINTFN(5, "%s type %2.2x len %d\n", 1688 (cr ? "command" : "response"), type, m->m_pkthdr.len); 1689 1690 return rfcomm_session_send_uih(rs, NULL, 0, m); 1691 }
Cache object: d47961adf05a0104801625a7770685d9
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]