1 /* $NetBSD: rfcomm_dlc.c,v 1.9 2018/09/03 16:29:36 riastradh Exp $ */
2
3 /*-
4 * Copyright (c) 2006 Itronix Inc.
5 * All rights reserved.
6 *
7 * Written by Iain Hibbert for Itronix Inc.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. The name of Itronix Inc. may not be used to endorse
18 * or promote products derived from this software without specific
19 * prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY ITRONIX INC. ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
23 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
24 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ITRONIX INC. BE LIABLE FOR ANY
25 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
26 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
27 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
28 * ON ANY THEORY OF LIABILITY, WHETHER IN
29 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
31 * POSSIBILITY OF SUCH DAMAGE.
32 */
33
34 #include <sys/cdefs.h>
35 __KERNEL_RCSID(0, "$NetBSD: rfcomm_dlc.c,v 1.9 2018/09/03 16:29:36 riastradh Exp $");
36
37 #include <sys/param.h>
38 #include <sys/kernel.h>
39 #include <sys/mbuf.h>
40 #include <sys/proc.h>
41 #include <sys/socketvar.h>
42 #include <sys/systm.h>
43
44 #include <netbt/bluetooth.h>
45 #include <netbt/hci.h>
46 #include <netbt/l2cap.h>
47 #include <netbt/rfcomm.h>
48
49 /*
50 * rfcomm_dlc_lookup(rfcomm_session, dlci)
51 *
52 * Find DLC on session with matching dlci
53 */
54 struct rfcomm_dlc *
rfcomm_dlc_lookup(struct rfcomm_session * rs,int dlci)55 rfcomm_dlc_lookup(struct rfcomm_session *rs, int dlci)
56 {
57 struct rfcomm_dlc *dlc;
58
59 LIST_FOREACH(dlc, &rs->rs_dlcs, rd_next) {
60 if (dlc->rd_dlci == dlci)
61 break;
62 }
63
64 return dlc;
65 }
66
67 /*
68 * rfcomm_dlc_newconn(rfcomm_session, dlci)
69 *
70 * handle a new dlc request (since its called from a couple of places)
71 */
72 struct rfcomm_dlc *
rfcomm_dlc_newconn(struct rfcomm_session * rs,int dlci)73 rfcomm_dlc_newconn(struct rfcomm_session *rs, int dlci)
74 {
75 struct rfcomm_session *ls;
76 struct rfcomm_dlc *new, *dlc, *any, *best;
77 struct sockaddr_bt laddr, raddr, addr;
78 int chan;
79
80 /*
81 * Search amongst the listening DLC community for the best match for
82 * address & channel. We keep listening DLC's hanging on listening
83 * sessions in a last first order, so scan the entire bunch and keep
84 * a note of the best address and BDADDR_ANY matches in order to find
85 * the oldest and most specific match.
86 */
87 l2cap_sockaddr_pcb(rs->rs_l2cap, &laddr);
88 l2cap_peeraddr_pcb(rs->rs_l2cap, &raddr);
89 chan = RFCOMM_CHANNEL(dlci);
90 new = NULL;
91
92 any = best = NULL;
93 LIST_FOREACH(ls, &rfcomm_session_listen, rs_next) {
94 l2cap_sockaddr_pcb(ls->rs_l2cap, &addr);
95
96 if (addr.bt_psm != laddr.bt_psm)
97 continue;
98
99 if (bdaddr_same(&laddr.bt_bdaddr, &addr.bt_bdaddr)) {
100 LIST_FOREACH(dlc, &ls->rs_dlcs, rd_next) {
101 if (dlc->rd_laddr.bt_channel == chan)
102 best = dlc;
103 }
104 }
105
106 if (bdaddr_any(&addr.bt_bdaddr)) {
107 LIST_FOREACH(dlc, &ls->rs_dlcs, rd_next) {
108 if (dlc->rd_laddr.bt_channel == chan)
109 any = dlc;
110 }
111 }
112 }
113
114 dlc = best ? best : any;
115
116 /* XXX
117 * Note that if this fails, we could have missed a chance to open
118 * a connection - really need to rewrite the strategy for storing
119 * listening DLC's so all can be checked in turn..
120 */
121 if (dlc != NULL)
122 new = (*dlc->rd_proto->newconn)(dlc->rd_upper, &laddr, &raddr);
123
124 if (new == NULL) {
125 rfcomm_session_send_frame(rs, RFCOMM_FRAME_DM, dlci);
126 return NULL;
127 }
128
129 new->rd_dlci = dlci;
130 new->rd_mtu = rfcomm_mtu_default;
131 new->rd_mode = dlc->rd_mode;
132
133 memcpy(&new->rd_laddr, &laddr, sizeof(struct sockaddr_bt));
134 new->rd_laddr.bt_channel = chan;
135
136 memcpy(&new->rd_raddr, &raddr, sizeof(struct sockaddr_bt));
137 new->rd_raddr.bt_channel = chan;
138
139 new->rd_session = rs;
140 new->rd_state = RFCOMM_DLC_WAIT_CONNECT;
141 LIST_INSERT_HEAD(&rs->rs_dlcs, new, rd_next);
142
143 return new;
144 }
145
146 /*
147 * rfcomm_dlc_close(dlc, error)
148 *
149 * detach DLC from session and clean up
150 */
151 void
rfcomm_dlc_close(struct rfcomm_dlc * dlc,int err)152 rfcomm_dlc_close(struct rfcomm_dlc *dlc, int err)
153 {
154 struct rfcomm_session *rs;
155 struct rfcomm_credit *credit;
156
157 KASSERT(dlc->rd_state != RFCOMM_DLC_CLOSED);
158
159 /* Clear credit history */
160 rs = dlc->rd_session;
161 SIMPLEQ_FOREACH(credit, &rs->rs_credits, rc_next)
162 if (credit->rc_dlc == dlc)
163 credit->rc_dlc = NULL;
164
165 callout_stop(&dlc->rd_timeout);
166
167 LIST_REMOVE(dlc, rd_next);
168 dlc->rd_session = NULL;
169 dlc->rd_state = RFCOMM_DLC_CLOSED;
170
171 (*dlc->rd_proto->disconnected)(dlc->rd_upper, err);
172
173 /*
174 * It is the responsibility of the party who sends the last
175 * DISC(dlci) to disconnect the session, but we will schedule
176 * an expiry just in case that doesnt happen..
177 */
178 if (LIST_EMPTY(&rs->rs_dlcs)) {
179 if (rs->rs_state == RFCOMM_SESSION_LISTEN)
180 rfcomm_session_free(rs);
181 else
182 callout_schedule(&rs->rs_timeout,
183 rfcomm_ack_timeout * hz);
184 }
185 }
186
187 /*
188 * rfcomm_dlc_timeout(dlc)
189 *
190 * DLC timeout function is scheduled when we sent any of SABM,
191 * DISC, MCC_MSC, or MCC_PN and should be cancelled when we get
192 * the relevant response. There is nothing to do but shut this
193 * DLC down.
194 */
195 void
rfcomm_dlc_timeout(void * arg)196 rfcomm_dlc_timeout(void *arg)
197 {
198 struct rfcomm_dlc *dlc = arg;
199
200 mutex_enter(bt_lock);
201 callout_ack(&dlc->rd_timeout);
202
203 if (dlc->rd_state != RFCOMM_DLC_CLOSED)
204 rfcomm_dlc_close(dlc, ETIMEDOUT);
205 else if (dlc->rd_flags & RFCOMM_DLC_DETACH) {
206 callout_destroy(&dlc->rd_timeout);
207 free(dlc, M_BLUETOOTH);
208 }
209
210 mutex_exit(bt_lock);
211 }
212
213 /*
214 * rfcomm_dlc_setmode(rfcomm_dlc)
215 *
216 * Set link mode for DLC. This is only called when the session is
217 * already open, so we don't need to worry about any previous mode
218 * settings.
219 */
220 int
rfcomm_dlc_setmode(struct rfcomm_dlc * dlc)221 rfcomm_dlc_setmode(struct rfcomm_dlc *dlc)
222 {
223 struct sockopt sopt;
224 int mode = 0, err;
225
226 KASSERT(dlc->rd_session != NULL);
227 KASSERT(dlc->rd_session->rs_state == RFCOMM_SESSION_OPEN);
228
229 DPRINTF("dlci %d, auth %s, encrypt %s, secure %s\n", dlc->rd_dlci,
230 (dlc->rd_mode & RFCOMM_LM_AUTH ? "yes" : "no"),
231 (dlc->rd_mode & RFCOMM_LM_ENCRYPT ? "yes" : "no"),
232 (dlc->rd_mode & RFCOMM_LM_SECURE ? "yes" : "no"));
233
234 if (dlc->rd_mode & RFCOMM_LM_AUTH)
235 mode |= L2CAP_LM_AUTH;
236
237 if (dlc->rd_mode & RFCOMM_LM_ENCRYPT)
238 mode |= L2CAP_LM_ENCRYPT;
239
240 if (dlc->rd_mode & RFCOMM_LM_SECURE)
241 mode |= L2CAP_LM_SECURE;
242
243 sockopt_init(&sopt, BTPROTO_L2CAP, SO_L2CAP_LM, 0);
244 sockopt_setint(&sopt, mode);
245 err = l2cap_setopt(dlc->rd_session->rs_l2cap, &sopt);
246 sockopt_destroy(&sopt);
247
248 return err;
249 }
250
251 /*
252 * rfcomm_dlc_connect(rfcomm_dlc)
253 *
254 * initiate DLC connection (session is already connected)
255 */
256 int
rfcomm_dlc_connect(struct rfcomm_dlc * dlc)257 rfcomm_dlc_connect(struct rfcomm_dlc *dlc)
258 {
259 struct rfcomm_mcc_pn pn;
260 int err = 0;
261
262 KASSERT(dlc->rd_session != NULL);
263 KASSERT(dlc->rd_session->rs_state == RFCOMM_SESSION_OPEN);
264 KASSERT(dlc->rd_state == RFCOMM_DLC_WAIT_SESSION);
265
266 /*
267 * If we have not already sent a PN on the session, we must send
268 * a PN to negotiate Credit Flow Control, and this setting will
269 * apply to all future connections for this session. We ask for
270 * this every time, in order to establish initial credits.
271 */
272 memset(&pn, 0, sizeof(pn));
273 pn.dlci = dlc->rd_dlci;
274 pn.priority = dlc->rd_dlci | 0x07;
275 pn.mtu = htole16(dlc->rd_mtu);
276
277 pn.flow_control = 0xf0;
278 dlc->rd_rxcred = (dlc->rd_rxsize / dlc->rd_mtu);
279 dlc->rd_rxcred = uimin(dlc->rd_rxcred, RFCOMM_CREDITS_DEFAULT);
280 pn.credits = dlc->rd_rxcred;
281
282 err = rfcomm_session_send_mcc(dlc->rd_session, 1,
283 RFCOMM_MCC_PN, &pn, sizeof(pn));
284 if (err)
285 return err;
286
287 dlc->rd_state = RFCOMM_DLC_WAIT_CONNECT;
288 callout_schedule(&dlc->rd_timeout, rfcomm_mcc_timeout * hz);
289
290 return 0;
291 }
292
293 /*
294 * rfcomm_dlc_open(rfcomm_dlc)
295 *
296 * send "Modem Status Command" and mark DLC as open.
297 */
298 int
rfcomm_dlc_open(struct rfcomm_dlc * dlc)299 rfcomm_dlc_open(struct rfcomm_dlc *dlc)
300 {
301 struct rfcomm_mcc_msc msc;
302 int err;
303
304 KASSERT(dlc->rd_session != NULL);
305 KASSERT(dlc->rd_session->rs_state == RFCOMM_SESSION_OPEN);
306
307 memset(&msc, 0, sizeof(msc));
308 msc.address = RFCOMM_MKADDRESS(1, dlc->rd_dlci);
309 msc.modem = dlc->rd_lmodem & 0xfe; /* EA = 0 */
310 msc.brk = 0x00 | 0x01; /* EA = 1 */
311
312 err = rfcomm_session_send_mcc(dlc->rd_session, 1,
313 RFCOMM_MCC_MSC, &msc, sizeof(msc));
314 if (err)
315 return err;
316
317 callout_schedule(&dlc->rd_timeout, rfcomm_mcc_timeout * hz);
318
319 dlc->rd_state = RFCOMM_DLC_OPEN;
320 (*dlc->rd_proto->connected)(dlc->rd_upper);
321
322 return 0;
323 }
324
325 /*
326 * rfcomm_dlc_start(rfcomm_dlc)
327 *
328 * Start sending data (and/or credits) for DLC. Our strategy is to
329 * send anything we can down to the l2cap layer. When credits run
330 * out, data will naturally bunch up. When not using credit flow
331 * control, we limit the number of packets we have pending to reduce
332 * flow control lag.
333 * We should deal with channel priority somehow.
334 */
335 void
rfcomm_dlc_start(struct rfcomm_dlc * dlc)336 rfcomm_dlc_start(struct rfcomm_dlc *dlc)
337 {
338 struct rfcomm_session *rs = dlc->rd_session;
339 struct mbuf *m;
340 int len, credits;
341
342 KASSERT(rs != NULL);
343 KASSERT(rs->rs_state == RFCOMM_SESSION_OPEN);
344 KASSERT(dlc->rd_state == RFCOMM_DLC_OPEN);
345
346 for (;;) {
347 credits = 0;
348 len = dlc->rd_mtu;
349 if (rs->rs_flags & RFCOMM_SESSION_CFC) {
350 credits = (dlc->rd_rxsize / dlc->rd_mtu);
351 credits -= dlc->rd_rxcred;
352 credits = uimin(credits, RFCOMM_CREDITS_MAX);
353
354 if (credits > 0)
355 len--;
356
357 if (dlc->rd_txcred == 0)
358 len = 0;
359 } else {
360 if (rs->rs_flags & RFCOMM_SESSION_RFC)
361 break;
362
363 if (dlc->rd_rmodem & RFCOMM_MSC_FC)
364 break;
365
366 if (dlc->rd_pending > RFCOMM_CREDITS_DEFAULT)
367 break;
368 }
369
370 if (dlc->rd_txbuf == NULL)
371 len = 0;
372
373 if (len == 0) {
374 if (credits == 0)
375 break;
376
377 /*
378 * No need to send small numbers of credits on their
379 * own unless the other end hasn't many left.
380 */
381 if (credits < RFCOMM_CREDITS_DEFAULT
382 && dlc->rd_rxcred > RFCOMM_CREDITS_DEFAULT)
383 break;
384
385 m = NULL;
386 } else {
387 /*
388 * take what data we can from (front of) txbuf
389 */
390 m = dlc->rd_txbuf;
391 if (len < m->m_pkthdr.len) {
392 dlc->rd_txbuf = m_split(m, len, M_DONTWAIT);
393 if (dlc->rd_txbuf == NULL) {
394 dlc->rd_txbuf = m;
395 break;
396 }
397 } else {
398 dlc->rd_txbuf = NULL;
399 len = m->m_pkthdr.len;
400 }
401 }
402
403 DPRINTFN(10, "dlci %d send %d bytes, %d credits, rxcred = %d\n",
404 dlc->rd_dlci, len, credits, dlc->rd_rxcred);
405
406 if (rfcomm_session_send_uih(rs, dlc, credits, m)) {
407 printf("%s: lost %d bytes on DLCI %d\n",
408 __func__, len, dlc->rd_dlci);
409
410 break;
411 }
412
413 dlc->rd_pending++;
414
415 if (rs->rs_flags & RFCOMM_SESSION_CFC) {
416 if (len > 0)
417 dlc->rd_txcred--;
418
419 if (credits > 0)
420 dlc->rd_rxcred += credits;
421 }
422 }
423 }
424