diff options
Diffstat (limited to 'sys/netgraph/bluetooth/socket/ng_btsocket_rfcomm.c')
| -rw-r--r-- | sys/netgraph/bluetooth/socket/ng_btsocket_rfcomm.c | 3570 |
1 files changed, 3570 insertions, 0 deletions
diff --git a/sys/netgraph/bluetooth/socket/ng_btsocket_rfcomm.c b/sys/netgraph/bluetooth/socket/ng_btsocket_rfcomm.c new file mode 100644 index 0000000..4565e91 --- /dev/null +++ b/sys/netgraph/bluetooth/socket/ng_btsocket_rfcomm.c @@ -0,0 +1,3570 @@ +/* + * ng_btsocket_rfcomm.c + * + * Copyright (c) 2001-2003 Maksim Yevmenkin <m_evmenkin@yahoo.com> + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: ng_btsocket_rfcomm.c,v 1.24 2003/04/07 01:37:05 max Exp $ + * $FreeBSD$ + */ + +#include <sys/param.h> +#include <sys/systm.h> +#include <sys/domain.h> +#include <sys/endian.h> +#include <sys/errno.h> +#include <sys/filedesc.h> +#include <sys/ioccom.h> +#include <sys/kernel.h> +#include <sys/lock.h> +#include <sys/malloc.h> +#include <sys/mbuf.h> +#include <sys/mutex.h> +#include <sys/proc.h> +#include <sys/protosw.h> +#include <sys/queue.h> +#include <sys/socket.h> +#include <sys/socketvar.h> +#include <sys/sysctl.h> +#include <sys/taskqueue.h> +#include <sys/uio.h> +#include <netgraph/ng_message.h> +#include <netgraph/netgraph.h> +#include <bitstring.h> +#include "ng_bluetooth.h" +#include "ng_hci.h" +#include "ng_l2cap.h" +#include "ng_btsocket.h" +#include "ng_btsocket_l2cap.h" +#include "ng_btsocket_rfcomm.h" + +/* MALLOC define */ +#ifdef NG_SEPARATE_MALLOC +MALLOC_DEFINE(M_NETGRAPH_BTSOCKET_RFCOMM, "netgraph_btsocks_rfcomm", + "Netgraph Bluetooth RFCOMM sockets"); +#else +#define M_NETGRAPH_BTSOCKET_RFCOMM M_NETGRAPH +#endif /* NG_SEPARATE_MALLOC */ + +/* Debug */ +#define NG_BTSOCKET_RFCOMM_INFO \ + if (ng_btsocket_rfcomm_debug_level >= NG_BTSOCKET_INFO_LEVEL) \ + printf + +#define NG_BTSOCKET_RFCOMM_WARN \ + if (ng_btsocket_rfcomm_debug_level >= NG_BTSOCKET_WARN_LEVEL) \ + printf + +#define NG_BTSOCKET_RFCOMM_ERR \ + if (ng_btsocket_rfcomm_debug_level >= NG_BTSOCKET_ERR_LEVEL) \ + printf + +#define NG_BTSOCKET_RFCOMM_ALERT \ + if (ng_btsocket_rfcomm_debug_level >= NG_BTSOCKET_ALERT_LEVEL) \ + printf + +#define ALOT 0x7fff + +/* Local prototypes */ +static void ng_btsocket_rfcomm_upcall + (struct socket *so, void *arg, int waitflag); +static void ng_btsocket_rfcomm_sessions_task + (void *ctx, int pending); +static void ng_btsocket_rfcomm_session_task + (ng_btsocket_rfcomm_session_p s); +#define ng_btsocket_rfcomm_task_wakeup() \ + taskqueue_enqueue(taskqueue_swi_giant, &ng_btsocket_rfcomm_task) + +static ng_btsocket_rfcomm_pcb_p ng_btsocket_rfcomm_connect_ind + (ng_btsocket_rfcomm_session_p s, int channel); +static void ng_btsocket_rfcomm_connect_cfm + (ng_btsocket_rfcomm_session_p s); + +static int ng_btsocket_rfcomm_session_create + (ng_btsocket_rfcomm_session_p *sp, struct socket *l2so, + bdaddr_p src, bdaddr_p dst, struct thread *td); +static int ng_btsocket_rfcomm_session_accept + (ng_btsocket_rfcomm_session_p s0); +static int ng_btsocket_rfcomm_session_connect + (ng_btsocket_rfcomm_session_p s); +static int ng_btsocket_rfcomm_session_receive + (ng_btsocket_rfcomm_session_p s); +static int ng_btsocket_rfcomm_session_send + (ng_btsocket_rfcomm_session_p s); +static void ng_btsocket_rfcomm_session_clean + (ng_btsocket_rfcomm_session_p s); +static void ng_btsocket_rfcomm_session_process_pcb + (ng_btsocket_rfcomm_session_p s); +static ng_btsocket_rfcomm_session_p ng_btsocket_rfcomm_session_by_addr + (bdaddr_p src, bdaddr_p dst); + +static int ng_btsocket_rfcomm_receive_frame + (ng_btsocket_rfcomm_session_p s, struct mbuf *m0); +static int ng_btsocket_rfcomm_receive_sabm + (ng_btsocket_rfcomm_session_p s, int dlci); +static int ng_btsocket_rfcomm_receive_disc + (ng_btsocket_rfcomm_session_p s, int dlci); +static int ng_btsocket_rfcomm_receive_ua + (ng_btsocket_rfcomm_session_p s, int dlci); +static int ng_btsocket_rfcomm_receive_dm + (ng_btsocket_rfcomm_session_p s, int dlci); +static int ng_btsocket_rfcomm_receive_uih + (ng_btsocket_rfcomm_session_p s, int dlci, int pf, struct mbuf *m0); +static int ng_btsocket_rfcomm_receive_mcc + (ng_btsocket_rfcomm_session_p s, struct mbuf *m0); +static int ng_btsocket_rfcomm_receive_test + (ng_btsocket_rfcomm_session_p s, struct mbuf *m0); +static int ng_btsocket_rfcomm_receive_fc + (ng_btsocket_rfcomm_session_p s, struct mbuf *m0); +static int ng_btsocket_rfcomm_receive_msc + (ng_btsocket_rfcomm_session_p s, struct mbuf *m0); +static int ng_btsocket_rfcomm_receive_rpn + (ng_btsocket_rfcomm_session_p s, struct mbuf *m0); +static int ng_btsocket_rfcomm_receive_rls + (ng_btsocket_rfcomm_session_p s, struct mbuf *m0); +static int ng_btsocket_rfcomm_receive_pn + (ng_btsocket_rfcomm_session_p s, struct mbuf *m0); +static void ng_btsocket_rfcomm_set_pn + (ng_btsocket_rfcomm_pcb_p pcb, u_int8_t cr, u_int8_t flow_control, + u_int8_t credits, u_int16_t mtu); + +static int ng_btsocket_rfcomm_send_command + (ng_btsocket_rfcomm_session_p s, u_int8_t type, u_int8_t dlci); +static int ng_btsocket_rfcomm_send_uih + (ng_btsocket_rfcomm_session_p s, u_int8_t address, u_int8_t pf, + u_int8_t credits, struct mbuf *data); +static int ng_btsocket_rfcomm_send_msc + (ng_btsocket_rfcomm_pcb_p pcb); +static int ng_btsocket_rfcomm_send_pn + (ng_btsocket_rfcomm_pcb_p pcb); +static int ng_btsocket_rfcomm_send_credits + (ng_btsocket_rfcomm_pcb_p pcb); + +static int ng_btsocket_rfcomm_pcb_send + (ng_btsocket_rfcomm_pcb_p pcb, int limit); +static int ng_btsocket_rfcomm_pcb_kill + (ng_btsocket_rfcomm_pcb_p pcb, int error); +static ng_btsocket_rfcomm_pcb_p ng_btsocket_rfcomm_pcb_by_channel + (bdaddr_p src, int channel); +static ng_btsocket_rfcomm_pcb_p ng_btsocket_rfcomm_pcb_by_dlci + (ng_btsocket_rfcomm_session_p s, int dlci); +static ng_btsocket_rfcomm_pcb_p ng_btsocket_rfcomm_pcb_listener + (bdaddr_p src, int channel); + +static void ng_btsocket_rfcomm_timeout + (ng_btsocket_rfcomm_pcb_p pcb); +static void ng_btsocket_rfcomm_untimeout + (ng_btsocket_rfcomm_pcb_p pcb); +static void ng_btsocket_rfcomm_process_timeout + (void *xpcb); + +static struct mbuf * ng_btsocket_rfcomm_prepare_packet + (struct sockbuf *sb, int length); + +/* Globals */ +extern int ifqmaxlen; +static u_int32_t ng_btsocket_rfcomm_debug_level; +static u_int32_t ng_btsocket_rfcomm_timo; +struct task ng_btsocket_rfcomm_task; +static LIST_HEAD(, ng_btsocket_rfcomm_session) ng_btsocket_rfcomm_sessions; +static struct mtx ng_btsocket_rfcomm_sessions_mtx; +static LIST_HEAD(, ng_btsocket_rfcomm_pcb) ng_btsocket_rfcomm_sockets; +static struct mtx ng_btsocket_rfcomm_sockets_mtx; + +/* Sysctl tree */ +SYSCTL_DECL(_net_bluetooth_rfcomm_sockets); +SYSCTL_NODE(_net_bluetooth_rfcomm_sockets, OID_AUTO, stream, CTLFLAG_RW, + 0, "Bluetooth STREAM RFCOMM sockets family"); +SYSCTL_INT(_net_bluetooth_rfcomm_sockets_stream, OID_AUTO, debug_level, + CTLFLAG_RW, + &ng_btsocket_rfcomm_debug_level, NG_BTSOCKET_INFO_LEVEL, + "Bluetooth STREAM RFCOMM sockets debug level"); +SYSCTL_INT(_net_bluetooth_rfcomm_sockets_stream, OID_AUTO, timeout, + CTLFLAG_RW, + &ng_btsocket_rfcomm_timo, 60, + "Bluetooth STREAM RFCOMM sockets timeout"); + +/***************************************************************************** + ***************************************************************************** + ** RFCOMM CRC + ***************************************************************************** + *****************************************************************************/ + +static u_int8_t ng_btsocket_rfcomm_crc_table[256] = { + 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75, + 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b, + 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69, + 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67, + + 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d, + 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43, + 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51, + 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f, + + 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05, + 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b, + 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19, + 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17, + + 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d, + 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33, + 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21, + 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f, + + 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95, + 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b, + 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89, + 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87, + + 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad, + 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3, + 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1, + 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf, + + 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5, + 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb, + 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9, + 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7, + + 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd, + 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3, + 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1, + 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf +}; + +/* CRC */ +static u_int8_t +ng_btsocket_rfcomm_crc(u_int8_t *data, int length) +{ + u_int8_t crc = 0xff; + + while (length --) + crc = ng_btsocket_rfcomm_crc_table[crc ^ *data++]; + + return (crc); +} /* ng_btsocket_rfcomm_crc */ + +/* FCS on 2 bytes */ +static u_int8_t +ng_btsocket_rfcomm_fcs2(u_int8_t *data) +{ + return (0xff - ng_btsocket_rfcomm_crc(data, 2)); +} /* ng_btsocket_rfcomm_fcs2 */ + +/* FCS on 3 bytes */ +static u_int8_t +ng_btsocket_rfcomm_fcs3(u_int8_t *data) +{ + return (0xff - ng_btsocket_rfcomm_crc(data, 3)); +} /* ng_btsocket_rfcomm_fcs3 */ + +/* + * Check FCS + * + * From Bluetooth spec + * + * "... In 07.10, the frame check sequence (FCS) is calculated on different + * sets of fields for different frame types. These are the fields that the + * FCS are calculated on: + * + * For SABM, DISC, UA, DM frames: on Address, Control and length field. + * For UIH frames: on Address and Control field. + * + * (This is stated here for clarification, and to set the standard for RFCOMM; + * the fields included in FCS calculation have actually changed in version + * 7.0.0 of TS 07.10, but RFCOMM will not change the FCS calculation scheme + * from the one above.) ..." + */ + +static int +ng_btsocket_rfcomm_check_fcs(u_int8_t *data, int type, u_int8_t fcs) +{ + if (type != RFCOMM_FRAME_UIH) + return (ng_btsocket_rfcomm_fcs3(data) != fcs); + + return (ng_btsocket_rfcomm_fcs2(data) != fcs); +} /* ng_btsocket_rfcomm_check_fcs */ + +/***************************************************************************** + ***************************************************************************** + ** Socket interface + ***************************************************************************** + *****************************************************************************/ + +/* + * Initialize everything + */ + +void +ng_btsocket_rfcomm_init(void) +{ + ng_btsocket_rfcomm_debug_level = NG_BTSOCKET_WARN_LEVEL; + ng_btsocket_rfcomm_timo = 60; + + /* RFCOMM task */ + TASK_INIT(&ng_btsocket_rfcomm_task, 0, + ng_btsocket_rfcomm_sessions_task, NULL); + + /* RFCOMM sessions list */ + LIST_INIT(&ng_btsocket_rfcomm_sessions); + mtx_init(&ng_btsocket_rfcomm_sessions_mtx, + "btsocks_rfcomm_sessions_mtx", NULL, MTX_DEF); + + /* RFCOMM sockets list */ + LIST_INIT(&ng_btsocket_rfcomm_sockets); + mtx_init(&ng_btsocket_rfcomm_sockets_mtx, + "btsocks_rfcomm_sockets_mtx", NULL, MTX_DEF); +} /* ng_btsocket_rfcomm_init */ + +/* + * Abort connection on socket + */ + +int +ng_btsocket_rfcomm_abort(struct socket *so) +{ + so->so_error = ECONNABORTED; + + return (ng_btsocket_rfcomm_detach(so)); +} /* ng_btsocket_rfcomm_abort */ + +/* + * Accept connection on socket. Nothing to do here, socket must be connected + * and ready, so just return peer address and be done with it. + */ + +int +ng_btsocket_rfcomm_accept(struct socket *so, struct sockaddr **nam) +{ + return (ng_btsocket_rfcomm_peeraddr(so, nam)); +} /* ng_btsocket_rfcomm_accept */ + +/* + * Create and attach new socket + */ + +int +ng_btsocket_rfcomm_attach(struct socket *so, int proto, struct thread *td) +{ + ng_btsocket_rfcomm_pcb_p pcb = so2rfcomm_pcb(so); + int error; + + /* Check socket and protocol */ + if (so->so_type != SOCK_STREAM) + return (ESOCKTNOSUPPORT); + +#if 0 /* XXX sonewconn() calls "pru_attach" with proto == 0 */ + if (proto != 0) + if (proto != BLUETOOTH_PROTO_RFCOMM) + return (EPROTONOSUPPORT); +#endif /* XXX */ + + if (pcb != NULL) + return (EISCONN); + + /* Reserve send and receive space if it is not reserved yet */ + if ((so->so_snd.sb_hiwat == 0) || (so->so_rcv.sb_hiwat == 0)) { + error = soreserve(so, NG_BTSOCKET_RFCOMM_SENDSPACE, + NG_BTSOCKET_RFCOMM_RECVSPACE); + if (error != 0) + return (error); + } + + /* Allocate the PCB */ + MALLOC(pcb, ng_btsocket_rfcomm_pcb_p, sizeof(*pcb), + M_NETGRAPH_BTSOCKET_RFCOMM, M_NOWAIT | M_ZERO); + if (pcb == NULL) + return (ENOMEM); + + /* Link the PCB and the socket */ + so->so_pcb = (caddr_t) pcb; + pcb->so = so; + + /* Initialize PCB */ + pcb->state = NG_BTSOCKET_RFCOMM_DLC_CLOSED; + pcb->flags = NG_BTSOCKET_RFCOMM_DLC_CFC; + + pcb->lmodem = + pcb->rmodem = (RFCOMM_MODEM_RTC | RFCOMM_MODEM_RTR | RFCOMM_MODEM_DV); + + pcb->mtu = RFCOMM_DEFAULT_MTU; + pcb->tx_cred = 0; + pcb->rx_cred = RFCOMM_DEFAULT_CREDITS; + + mtx_init(&pcb->pcb_mtx, "btsocks_rfcomm_pcb_mtx", NULL, MTX_DEF); + callout_handle_init(&pcb->timo); + + /* Add the PCB to the list */ + mtx_lock(&ng_btsocket_rfcomm_sockets_mtx); + LIST_INSERT_HEAD(&ng_btsocket_rfcomm_sockets, pcb, next); + mtx_unlock(&ng_btsocket_rfcomm_sockets_mtx); + + return (0); +} /* ng_btsocket_rfcomm_attach */ + +/* + * Bind socket + */ + +int +ng_btsocket_rfcomm_bind(struct socket *so, struct sockaddr *nam, + struct thread *td) +{ + ng_btsocket_rfcomm_pcb_t *pcb = so2rfcomm_pcb(so); + struct sockaddr_rfcomm *sa = (struct sockaddr_rfcomm *) nam; + + if (pcb == NULL) + return (EINVAL); + + /* Verify address */ + if (sa == NULL) + return (EINVAL); + if (sa->rfcomm_family != AF_BLUETOOTH) + return (EAFNOSUPPORT); + if (sa->rfcomm_len != sizeof(*sa)) + return (EINVAL); + if (sa->rfcomm_channel > 30) + return (EINVAL); + if (sa->rfcomm_channel != 0 && + ng_btsocket_rfcomm_pcb_by_channel(&sa->rfcomm_bdaddr, sa->rfcomm_channel) != NULL) + return (EADDRINUSE); + + bcopy(&sa->rfcomm_bdaddr, &pcb->src, sizeof(pcb->src)); + pcb->channel = sa->rfcomm_channel; + + return (0); +} /* ng_btsocket_rfcomm_bind */ + +/* + * Connect socket + */ + +int +ng_btsocket_rfcomm_connect(struct socket *so, struct sockaddr *nam, + struct thread *td) +{ + ng_btsocket_rfcomm_pcb_t *pcb = so2rfcomm_pcb(so); + struct sockaddr_rfcomm *sa = (struct sockaddr_rfcomm *) nam; + ng_btsocket_rfcomm_session_t *s = NULL; + struct socket *l2so = NULL; + int dlci, error = 0; + + if (pcb == NULL) + return (EINVAL); + + /* Verify address */ + if (sa == NULL) + return (EINVAL); + if (sa->rfcomm_family != AF_BLUETOOTH) + return (EAFNOSUPPORT); + if (sa->rfcomm_len != sizeof(*sa)) + return (EINVAL); + if (sa->rfcomm_channel > 30) + return (EINVAL); + if (sa->rfcomm_channel == 0 || + bcmp(&sa->rfcomm_bdaddr, NG_HCI_BDADDR_ANY, sizeof(bdaddr_t)) == 0) + return (EDESTADDRREQ); + + /* + * XXX FIXME - This is FUBAR. socreate() will call soalloc(1), i.e. + * soalloc() is allowed to sleep in MALLOC. This creates "could sleep" + * WITNESS warnings. To work around this problem we will create L2CAP + * socket first and then check if we actually need it. Note that we + * will not check for errors in socreate() because if we failed to + * create L2CAP socket at this point we still might have already open + * session. + */ + + error = socreate(PF_BLUETOOTH, &l2so, SOCK_SEQPACKET, + BLUETOOTH_PROTO_L2CAP, td->td_ucred, td); + + /* + * Look for session between "pcb->src" and "sa->rfcomm_bdaddr" (dst) + */ + + mtx_lock(&ng_btsocket_rfcomm_sessions_mtx); + + s = ng_btsocket_rfcomm_session_by_addr(&pcb->src, &sa->rfcomm_bdaddr); + if (s == NULL) { + /* + * We need to create new RFCOMM session. Check if we have L2CAP + * socket. If l2so == NULL then error has the error code from + * socreate() + */ + + if (l2so == NULL) { + mtx_unlock(&ng_btsocket_rfcomm_sessions_mtx); + return (error); + } + + error = ng_btsocket_rfcomm_session_create(&s, l2so, + &pcb->src, &sa->rfcomm_bdaddr, td); + if (error != 0) { + mtx_unlock(&ng_btsocket_rfcomm_sessions_mtx); + soclose(l2so); + + return (error); + } + } else if (l2so != NULL) + soclose(l2so); /* we don't need new L2CAP socket */ + + /* + * Check if we already have the same DLCI the the same session + */ + + mtx_lock(&s->session_mtx); + mtx_lock(&pcb->pcb_mtx); + + dlci = RFCOMM_MKDLCI(!INITIATOR(s), sa->rfcomm_channel); + + if (ng_btsocket_rfcomm_pcb_by_dlci(s, dlci) != NULL) { + mtx_unlock(&pcb->pcb_mtx); + mtx_unlock(&s->session_mtx); + mtx_unlock(&ng_btsocket_rfcomm_sessions_mtx); + + return (EBUSY); + } + + /* + * Check session state and if its not acceptable then refuse connection + */ + + switch (s->state) { + case NG_BTSOCKET_RFCOMM_SESSION_CONNECTING: + case NG_BTSOCKET_RFCOMM_SESSION_CONNECTED: + case NG_BTSOCKET_RFCOMM_SESSION_OPEN: + /* + * Update destination address and channel and attach + * DLC to the session + */ + + bcopy(&sa->rfcomm_bdaddr, &pcb->dst, sizeof(pcb->dst)); + pcb->channel = sa->rfcomm_channel; + pcb->dlci = dlci; + + LIST_INSERT_HEAD(&s->dlcs, pcb, session_next); + pcb->session = s; + + ng_btsocket_rfcomm_timeout(pcb); + soisconnecting(pcb->so); + + if (s->state == NG_BTSOCKET_RFCOMM_SESSION_OPEN) { + pcb->mtu = s->mtu; + bcopy(&so2l2cap_pcb(s->l2so)->src, &pcb->src, + sizeof(pcb->src)); + + pcb->state = NG_BTSOCKET_RFCOMM_DLC_CONFIGURING; + + error = ng_btsocket_rfcomm_send_pn(pcb); + if (error == 0) + error = ng_btsocket_rfcomm_task_wakeup(); + } else + pcb->state = NG_BTSOCKET_RFCOMM_DLC_W4_CONNECT; + break; + + default: + error = ECONNRESET; + break; + } + + mtx_unlock(&pcb->pcb_mtx); + mtx_unlock(&s->session_mtx); + mtx_unlock(&ng_btsocket_rfcomm_sessions_mtx); + + return (error); +} /* ng_btsocket_rfcomm_connect */ + +/* + * Process ioctl's calls on socket. + * XXX FIXME this should provide interface to the RFCOMM multiplexor channel + */ + +int +ng_btsocket_rfcomm_control(struct socket *so, u_long cmd, caddr_t data, + struct ifnet *ifp, struct thread *td) +{ + return (EINVAL); +} /* ng_btsocket_rfcomm_control */ + +/* + * Process getsockopt/setsockopt system calls + */ + +int +ng_btsocket_rfcomm_ctloutput(struct socket *so, struct sockopt *sopt) +{ + ng_btsocket_rfcomm_pcb_p pcb = so2rfcomm_pcb(so); + struct ng_btsocket_rfcomm_fc_info fcinfo; + int error = 0; + + if (pcb == NULL) + return (EINVAL); + if (sopt->sopt_level != SOL_RFCOMM) + return (0); + + mtx_lock(&pcb->pcb_mtx); + + switch (sopt->sopt_dir) { + case SOPT_GET: + switch (sopt->sopt_name) { + case SO_RFCOMM_MTU: + error = sooptcopyout(sopt, &pcb->mtu, sizeof(pcb->mtu)); + break; + + case SO_RFCOMM_FC_INFO: + fcinfo.lmodem = pcb->lmodem; + fcinfo.rmodem = pcb->rmodem; + fcinfo.tx_cred = pcb->tx_cred; + fcinfo.rx_cred = pcb->rx_cred; + fcinfo.cfc = (pcb->flags & NG_BTSOCKET_RFCOMM_DLC_CFC)? + 1 : 0; + fcinfo.reserved = 0; + + error = sooptcopyout(sopt, &fcinfo, sizeof(fcinfo)); + break; + + default: + error = ENOPROTOOPT; + break; + } + break; + + case SOPT_SET: + switch (sopt->sopt_name) { + default: + error = ENOPROTOOPT; + break; + } + break; + + default: + error = EINVAL; + break; + } + + mtx_unlock(&pcb->pcb_mtx); + + return (error); +} /* ng_btsocket_rfcomm_ctloutput */ + +/* + * Detach and destroy socket + */ + +int +ng_btsocket_rfcomm_detach(struct socket *so) +{ + ng_btsocket_rfcomm_pcb_p pcb = so2rfcomm_pcb(so); + + if (pcb == NULL) + return (EINVAL); + + mtx_lock(&pcb->pcb_mtx); + + switch (pcb->state) { + case NG_BTSOCKET_RFCOMM_DLC_W4_CONNECT: + case NG_BTSOCKET_RFCOMM_DLC_CONFIGURING: + case NG_BTSOCKET_RFCOMM_DLC_CONNECTING: + case NG_BTSOCKET_RFCOMM_DLC_CONNECTED: + /* XXX What to do with pending request? */ + if (pcb->flags & NG_BTSOCKET_RFCOMM_DLC_TIMO) + ng_btsocket_rfcomm_untimeout(pcb); + + if (pcb->state == NG_BTSOCKET_RFCOMM_DLC_W4_CONNECT) + pcb->flags |= NG_BTSOCKET_RFCOMM_DLC_DETACHED; + else + pcb->state = NG_BTSOCKET_RFCOMM_DLC_DISCONNECTING; + + ng_btsocket_rfcomm_task_wakeup(); + break; + + case NG_BTSOCKET_RFCOMM_DLC_DISCONNECTING: + ng_btsocket_rfcomm_task_wakeup(); + break; + } + + while (pcb->state != NG_BTSOCKET_RFCOMM_DLC_CLOSED) + msleep(&pcb->state, &pcb->pcb_mtx, PZERO, "rf_det", 0); + + if (pcb->session != NULL) + panic("%s: pcb->session != NULL\n", __func__); + if (pcb->flags & NG_BTSOCKET_RFCOMM_DLC_TIMO) + panic("%s: timeout on closed DLC, flags=%#x\n", + __func__, pcb->flags); + + mtx_lock(&ng_btsocket_rfcomm_sockets_mtx); + LIST_REMOVE(pcb, next); + mtx_unlock(&ng_btsocket_rfcomm_sockets_mtx); + + mtx_unlock(&pcb->pcb_mtx); + + mtx_destroy(&pcb->pcb_mtx); + bzero(pcb, sizeof(*pcb)); + FREE(pcb, M_NETGRAPH_BTSOCKET_RFCOMM); + + soisdisconnected(so); + so->so_pcb = NULL; + sotryfree(so); + + return (0); +} /* ng_btsocket_rfcomm_detach */ + +/* + * Disconnect socket + */ + +int +ng_btsocket_rfcomm_disconnect(struct socket *so) +{ + ng_btsocket_rfcomm_pcb_p pcb = so2rfcomm_pcb(so); + + if (pcb == NULL) + return (EINVAL); + + mtx_lock(&pcb->pcb_mtx); + + if (pcb->state == NG_BTSOCKET_RFCOMM_DLC_DISCONNECTING) { + mtx_unlock(&pcb->pcb_mtx); + return (EINPROGRESS); + } + + /* XXX What to do with pending request? */ + if (pcb->flags & NG_BTSOCKET_RFCOMM_DLC_TIMO) + ng_btsocket_rfcomm_untimeout(pcb); + + switch (pcb->state) { + case NG_BTSOCKET_RFCOMM_DLC_CONFIGURING: /* XXX can we get here? */ + case NG_BTSOCKET_RFCOMM_DLC_CONNECTING: /* XXX can we get here? */ + case NG_BTSOCKET_RFCOMM_DLC_CONNECTED: + + /* + * Just change DLC state and enqueue RFCOMM task. It will + * queue and send DISC on the DLC. + */ + + pcb->state = NG_BTSOCKET_RFCOMM_DLC_DISCONNECTING; + soisdisconnecting(so); + + ng_btsocket_rfcomm_task_wakeup(); + break; + +/* + * case NG_BTSOCKET_RFCOMM_DLC_CLOSED: + * case NG_BTSOCKET_RFCOMM_DLC_W4_CONNECT: + * case NG_BTSOCKET_RFCOMM_DLC_DISCONNECTING: + */ + default: + panic("%s: Invalid DLC state=%d, flags=%#x\n", + __func__, pcb->state, pcb->flags); + break; + } + + mtx_unlock(&pcb->pcb_mtx); + + return (0); +} /* ng_btsocket_rfcomm_disconnect */ + +/* + * Listen on socket. First call to listen() will create listening RFCOMM session + */ + +int +ng_btsocket_rfcomm_listen(struct socket *so, struct thread *td) +{ + ng_btsocket_rfcomm_pcb_p pcb = so2rfcomm_pcb(so); + ng_btsocket_rfcomm_session_p s = NULL; + struct socket *l2so = NULL; + int error; + + if (pcb == NULL) + return (EINVAL); + if (pcb->channel < 1 || pcb->channel > 30) + return (EDESTADDRREQ); + + /* + * XXX FIXME - This is FUBAR. socreate() will call soalloc(1), i.e. + * soalloc() is allowed to sleep in MALLOC. This creates "could sleep" + * WITNESS warnings. To work around this problem we will create L2CAP + * socket first and then check if we actually need it. Note that we + * will not check for errors in socreate() because if we failed to + * create L2CAP socket at this point we still might have already open + * session. + */ + + error = socreate(PF_BLUETOOTH, &l2so, SOCK_SEQPACKET, + BLUETOOTH_PROTO_L2CAP, td->td_ucred, td); + + /* + * Look for the session in LISTENING state. There can only be one. + */ + + mtx_lock(&ng_btsocket_rfcomm_sessions_mtx); + + LIST_FOREACH(s, &ng_btsocket_rfcomm_sessions, next) + if (s->state == NG_BTSOCKET_RFCOMM_SESSION_LISTENING) + break; + + if (s == NULL) { + /* + * We need to create default RFCOMM session. Check if we have + * L2CAP socket. If l2so == NULL then error has the error code + * from socreate() + */ + + if (l2so == NULL) { + mtx_unlock(&ng_btsocket_rfcomm_sessions_mtx); + return (error); + } + + /* + * Create default listen RFCOMM session. The default RFCOMM + * session will listen on ANY address. + * + * XXX FIXME Note that currently there is no way to adjust MTU + * for the default session. + */ + + error = ng_btsocket_rfcomm_session_create(&s, l2so, + NG_HCI_BDADDR_ANY, NULL, td); + if (error != 0) { + mtx_unlock(&ng_btsocket_rfcomm_sessions_mtx); + soclose(l2so); + + return (error); + } + } else if (l2so != NULL) + soclose(l2so); /* we don't need new L2CAP socket */ + + mtx_unlock(&ng_btsocket_rfcomm_sessions_mtx); + + return (0); +} /* ng_btsocket_listen */ + +/* + * Get peer address + */ + +int +ng_btsocket_rfcomm_peeraddr(struct socket *so, struct sockaddr **nam) +{ + ng_btsocket_rfcomm_pcb_p pcb = so2rfcomm_pcb(so); + struct sockaddr_rfcomm sa; + + if (pcb == NULL) + return (EINVAL); + + bcopy(&pcb->dst, &sa.rfcomm_bdaddr, sizeof(sa.rfcomm_bdaddr)); + sa.rfcomm_channel = pcb->channel; + sa.rfcomm_len = sizeof(sa); + sa.rfcomm_family = AF_BLUETOOTH; + + *nam = dup_sockaddr((struct sockaddr *) &sa, 0); + + return ((*nam == NULL)? ENOMEM : 0); +} /* ng_btsocket_rfcomm_peeraddr */ + +/* + * Send data to socket + */ + +int +ng_btsocket_rfcomm_send(struct socket *so, int flags, struct mbuf *m, + struct sockaddr *nam, struct mbuf *control, struct thread *td) +{ + ng_btsocket_rfcomm_pcb_t *pcb = so2rfcomm_pcb(so); + int error = 0; + + /* Check socket and input */ + if (pcb == NULL || m == NULL || control != NULL) { + error = EINVAL; + goto drop; + } + + mtx_lock(&pcb->pcb_mtx); + + /* Make sure DLC is connected */ + if (pcb->state != NG_BTSOCKET_RFCOMM_DLC_CONNECTED) { + mtx_unlock(&pcb->pcb_mtx); + error = ENOTCONN; + goto drop; + } + + /* Put the packet on the socket's send queue and wakeup RFCOMM task */ + sbappend(&pcb->so->so_snd, m); + m = NULL; + + if (!(pcb->flags & NG_BTSOCKET_RFCOMM_DLC_SENDING)) { + pcb->flags |= NG_BTSOCKET_RFCOMM_DLC_SENDING; + error = ng_btsocket_rfcomm_task_wakeup(); + } + + mtx_unlock(&pcb->pcb_mtx); +drop: + NG_FREE_M(m); /* checks for != NULL */ + NG_FREE_M(control); + + return (error); +} /* ng_btsocket_rfcomm_send */ + +/* + * Get socket address + */ + +int +ng_btsocket_rfcomm_sockaddr(struct socket *so, struct sockaddr **nam) +{ + ng_btsocket_rfcomm_pcb_p pcb = so2rfcomm_pcb(so); + struct sockaddr_rfcomm sa; + + if (pcb == NULL) + return (EINVAL); + + bcopy(&pcb->src, &sa.rfcomm_bdaddr, sizeof(sa.rfcomm_bdaddr)); + sa.rfcomm_channel = pcb->channel; + sa.rfcomm_len = sizeof(sa); + sa.rfcomm_family = AF_BLUETOOTH; + + *nam = dup_sockaddr((struct sockaddr *) &sa, 0); + + return ((*nam == NULL)? ENOMEM : 0); +} /* ng_btsocket_rfcomm_sockaddr */ + +/* + * Upcall function for L2CAP sockets. Enqueue RFCOMM task. + */ + +static void +ng_btsocket_rfcomm_upcall(struct socket *so, void *arg, int waitflag) +{ + int error; + + if (so == NULL) + panic("%s: so == NULL\n", __func__); + + if ((error = ng_btsocket_rfcomm_task_wakeup()) != 0) + NG_BTSOCKET_RFCOMM_ALERT( +"%s: Could not enqueue RFCOMM task, error=%d\n", __func__, error); +} /* ng_btsocket_rfcomm_upcall */ + +/* + * RFCOMM task. Will handle all RFCOMM sessions in one pass. + * XXX FIXME does not scale very well + */ + +static void +ng_btsocket_rfcomm_sessions_task(void *ctx, int pending) +{ + ng_btsocket_rfcomm_session_p s = NULL, s_next = NULL; + + mtx_lock(&ng_btsocket_rfcomm_sessions_mtx); + + for (s = LIST_FIRST(&ng_btsocket_rfcomm_sessions); s != NULL; ) { + mtx_lock(&s->session_mtx); + s_next = LIST_NEXT(s, next); + + ng_btsocket_rfcomm_session_task(s); + + if (s->state == NG_BTSOCKET_RFCOMM_SESSION_CLOSED) { + /* Unlink and clean the session */ + LIST_REMOVE(s, next); + + NG_BT_MBUFQ_DRAIN(&s->outq); + if (!LIST_EMPTY(&s->dlcs)) + panic("%s: DLC list is not empty\n", __func__); + + /* Close L2CAP socket */ + s->l2so->so_upcallarg = NULL; + s->l2so->so_upcall = NULL; + s->l2so->so_rcv.sb_flags &= ~SB_UPCALL; + s->l2so->so_snd.sb_flags &= ~SB_UPCALL; + soclose(s->l2so); + + mtx_unlock(&s->session_mtx); + + mtx_destroy(&s->session_mtx); + bzero(s, sizeof(*s)); + FREE(s, M_NETGRAPH_BTSOCKET_RFCOMM); + } else + mtx_unlock(&s->session_mtx); + + s = s_next; + } + + mtx_unlock(&ng_btsocket_rfcomm_sessions_mtx); +} /* ng_btsocket_rfcomm_sessions_task */ + +/* + * Process RFCOMM session. Will handle all RFCOMM sockets in one pass. + */ + +static void +ng_btsocket_rfcomm_session_task(ng_btsocket_rfcomm_session_p s) +{ + mtx_assert(&s->session_mtx, MA_OWNED); + + if (s->l2so->so_state & SS_CANTRCVMORE) { + NG_BTSOCKET_RFCOMM_INFO( +"%s: L2CAP connection has been terminated, so=%p, so_state=%#x, so_count=%d, " \ +"state=%d, flags=%#x\n", __func__, s->l2so, s->l2so->so_state, + s->l2so->so_count, s->state, s->flags); + + s->state = NG_BTSOCKET_RFCOMM_SESSION_CLOSED; + ng_btsocket_rfcomm_session_clean(s); + } + + /* Now process upcall */ + switch (s->state) { + /* Try to accept new L2CAP connection(s) */ + case NG_BTSOCKET_RFCOMM_SESSION_LISTENING: + while (ng_btsocket_rfcomm_session_accept(s) == 0) + ; + break; + + /* Process the results of the L2CAP connect */ + case NG_BTSOCKET_RFCOMM_SESSION_CONNECTING: + ng_btsocket_rfcomm_session_process_pcb(s); + + if (ng_btsocket_rfcomm_session_connect(s) != 0) { + s->state = NG_BTSOCKET_RFCOMM_SESSION_CLOSED; + ng_btsocket_rfcomm_session_clean(s); + } + break; + + /* Try to receive/send more data */ + case NG_BTSOCKET_RFCOMM_SESSION_CONNECTED: + case NG_BTSOCKET_RFCOMM_SESSION_OPEN: + case NG_BTSOCKET_RFCOMM_SESSION_DISCONNECTING: + ng_btsocket_rfcomm_session_process_pcb(s); + + if (ng_btsocket_rfcomm_session_receive(s) != 0) { + s->state = NG_BTSOCKET_RFCOMM_SESSION_CLOSED; + ng_btsocket_rfcomm_session_clean(s); + } else if (ng_btsocket_rfcomm_session_send(s) != 0) { + s->state = NG_BTSOCKET_RFCOMM_SESSION_CLOSED; + ng_btsocket_rfcomm_session_clean(s); + } + break; + + case NG_BTSOCKET_RFCOMM_SESSION_CLOSED: + break; + + default: + panic("%s: Invalid session state=%d, flags=%#x\n", + __func__, s->state, s->flags); + break; + } +} /* ng_btsocket_rfcomm_session_task */ + +/* + * Process RFCOMM connection indicator. Caller must hold s->session_mtx + */ + +static ng_btsocket_rfcomm_pcb_p +ng_btsocket_rfcomm_connect_ind(ng_btsocket_rfcomm_session_p s, int channel) +{ + ng_btsocket_rfcomm_pcb_p pcb = NULL, pcb1 = NULL; + ng_btsocket_l2cap_pcb_p l2pcb = NULL; + struct socket *so1 = NULL; + + mtx_assert(&s->session_mtx, MA_OWNED); + + /* + * Try to find RFCOMM socket that listens on given source address + * and channel. This will return the best possible match. + */ + + l2pcb = so2l2cap_pcb(s->l2so); + pcb = ng_btsocket_rfcomm_pcb_listener(&l2pcb->src, channel); + if (pcb == NULL) + return (NULL); + + /* + * Check the pending connections queue and if we have space then + * create new socket and set proper source and destination address, + * and channel. + */ + + mtx_lock(&pcb->pcb_mtx); + + if (pcb->so->so_qlen <= pcb->so->so_qlimit) + so1 = sonewconn(pcb->so, 0); + + mtx_unlock(&pcb->pcb_mtx); + + if (so1 == NULL) + return (NULL); + + /* + * If we got here than we have created new socket. So complete the + * connection. Set source and destination address from the session. + */ + + pcb1 = so2rfcomm_pcb(so1); + if (pcb1 == NULL) + panic("%s: pcb1 == NULL\n", __func__); + + mtx_lock(&pcb1->pcb_mtx); + + bcopy(&l2pcb->src, &pcb1->src, sizeof(pcb1->src)); + bcopy(&l2pcb->dst, &pcb1->dst, sizeof(pcb1->dst)); + pcb1->channel = channel; + + /* Link new DLC to the session. We already hold s->session_mtx */ + LIST_INSERT_HEAD(&s->dlcs, pcb1, session_next); + pcb1->session = s; + + mtx_unlock(&pcb1->pcb_mtx); + + return (pcb1); +} /* ng_btsocket_rfcomm_connect_ind */ + +/* + * Process RFCOMM connect confirmation. Caller must hold s->session_mtx. + */ + +static void +ng_btsocket_rfcomm_connect_cfm(ng_btsocket_rfcomm_session_p s) +{ + ng_btsocket_rfcomm_pcb_p pcb = NULL, pcb_next = NULL; + struct socket *so = NULL; + int error; + + mtx_assert(&s->session_mtx, MA_OWNED); + + /* + * Wake up all waiting sockets and send PN request for each of them. + * Note that timeout already been set in ng_btsocket_rfcomm_connect() + * + * Note: cannot use LIST_FOREACH because ng_btsocket_rfcomm_pcb_kill + * will unlink DLC from the session + */ + + for (pcb = LIST_FIRST(&s->dlcs); pcb != NULL; ) { + mtx_lock(&pcb->pcb_mtx); + pcb_next = LIST_NEXT(pcb, session_next); + + if (pcb->state == NG_BTSOCKET_RFCOMM_DLC_W4_CONNECT) { + pcb->mtu = s->mtu; + bcopy(&so2l2cap_pcb(s->l2so)->src, &pcb->src, + sizeof(pcb->src)); + + error = ng_btsocket_rfcomm_send_pn(pcb); + if (error == 0) + pcb->state = NG_BTSOCKET_RFCOMM_DLC_CONFIGURING; + else if (ng_btsocket_rfcomm_pcb_kill(pcb, error)) + so = pcb->so; + else + so = NULL; + } + + mtx_unlock(&pcb->pcb_mtx); + pcb = pcb_next; + + if (so != NULL) + ng_btsocket_rfcomm_detach(so); + } +} /* ng_btsocket_rfcomm_connect_cfm */ + +/***************************************************************************** + ***************************************************************************** + ** RFCOMM sessions + ***************************************************************************** + *****************************************************************************/ + +/* + * Create new RFCOMM session. That function WILL NOT take ownership over l2so. + * Caller MUST free l2so if function failed. + */ + +static int +ng_btsocket_rfcomm_session_create(ng_btsocket_rfcomm_session_p *sp, + struct socket *l2so, bdaddr_p src, bdaddr_p dst, + struct thread *td) +{ + ng_btsocket_rfcomm_session_p s = NULL; + struct sockaddr_l2cap l2sa; + struct sockopt l2sopt; + int mtu, error; + + mtx_assert(&ng_btsocket_rfcomm_sessions_mtx, MA_OWNED); + + /* Allocate the RFCOMM session */ + MALLOC(s, ng_btsocket_rfcomm_session_p, sizeof(*s), + M_NETGRAPH_BTSOCKET_RFCOMM, M_NOWAIT | M_ZERO); + if (s == NULL) + return (ENOMEM); + + /* Set defaults */ + s->mtu = RFCOMM_DEFAULT_MTU; + s->flags = 0; + s->state = NG_BTSOCKET_RFCOMM_SESSION_CLOSED; + NG_BT_MBUFQ_INIT(&s->outq, ifqmaxlen); + + /* + * XXX Mark session mutex as DUPOK to prevent "duplicated lock of + * the same type" message. When accepting new L2CAP connection + * ng_btsocket_rfcomm_session_accept() holds both session mutexes + * for "old" (accepting) session and "new" (created) session. + */ + + mtx_init(&s->session_mtx, "btsocks_rfcomm_session_mtx", NULL, + MTX_DEF|MTX_DUPOK); + + LIST_INIT(&s->dlcs); + + /* Prepare L2CAP socket */ + l2so->so_upcallarg = NULL; + l2so->so_upcall = ng_btsocket_rfcomm_upcall; + l2so->so_rcv.sb_flags |= SB_UPCALL; + l2so->so_snd.sb_flags |= SB_UPCALL; + l2so->so_state |= SS_NBIO; + s->l2so = l2so; + + mtx_lock(&s->session_mtx); + + /* + * "src" == NULL and "dst" == NULL means just create session. + * caller must do the rest + */ + + if (src == NULL && dst == NULL) + goto done; + + /* + * Set incoming MTU on L2CAP socket. It is RFCOMM session default MTU + * plus 5 bytes: RFCOMM frame header, one extra byte for length and one + * extra byte for credits. + */ + + mtu = s->mtu + sizeof(struct rfcomm_frame_hdr) + 1 + 1; + + l2sopt.sopt_dir = SOPT_SET; + l2sopt.sopt_level = SOL_L2CAP; + l2sopt.sopt_name = SO_L2CAP_IMTU; + l2sopt.sopt_val = (void *) &mtu; + l2sopt.sopt_valsize = sizeof(mtu); + l2sopt.sopt_td = NULL; + + error = sosetopt(s->l2so, &l2sopt); + if (error != 0) + goto bad; + + /* Bind socket to "src" address */ + l2sa.l2cap_len = sizeof(l2sa); + l2sa.l2cap_family = AF_BLUETOOTH; + l2sa.l2cap_psm = (dst == NULL)? htole16(NG_L2CAP_PSM_RFCOMM) : 0; + bcopy(src, &l2sa.l2cap_bdaddr, sizeof(l2sa.l2cap_bdaddr)); + + error = sobind(s->l2so, (struct sockaddr *) &l2sa, td); + if (error != 0) + goto bad; + + /* If "dst" is not NULL then initiate connect(), otherwise listen() */ + if (dst == NULL) { + s->flags = 0; + s->state = NG_BTSOCKET_RFCOMM_SESSION_LISTENING; + + error = solisten(s->l2so, 10, td); + if (error != 0) + goto bad; + } else { + s->flags = NG_BTSOCKET_RFCOMM_SESSION_INITIATOR; + s->state = NG_BTSOCKET_RFCOMM_SESSION_CONNECTING; + + l2sa.l2cap_len = sizeof(l2sa); + l2sa.l2cap_family = AF_BLUETOOTH; + l2sa.l2cap_psm = htole16(NG_L2CAP_PSM_RFCOMM); + bcopy(dst, &l2sa.l2cap_bdaddr, sizeof(l2sa.l2cap_bdaddr)); + + error = soconnect(s->l2so, (struct sockaddr *) &l2sa, td); + if (error != 0) + goto bad; + } + +done: + LIST_INSERT_HEAD(&ng_btsocket_rfcomm_sessions, s, next); + *sp = s; + + mtx_unlock(&s->session_mtx); + + return (0); + +bad: + mtx_unlock(&s->session_mtx); + + /* Return L2CAP socket back to its original state */ + l2so->so_upcallarg = NULL; + l2so->so_upcall = NULL; + l2so->so_rcv.sb_flags &= ~SB_UPCALL; + l2so->so_snd.sb_flags &= ~SB_UPCALL; + l2so->so_state &= ~SS_NBIO; + + mtx_destroy(&s->session_mtx); + bzero(s, sizeof(*s)); + FREE(s, M_NETGRAPH_BTSOCKET_RFCOMM); + + return (error); +} /* ng_btsocket_rfcomm_session_create */ + +/* + * Process accept() on RFCOMM session + * XXX FIXME locking for "l2so"? + */ + +static int +ng_btsocket_rfcomm_session_accept(ng_btsocket_rfcomm_session_p s0) +{ + struct socket *l2so = NULL; + struct sockaddr_l2cap *l2sa = NULL; + ng_btsocket_l2cap_pcb_t *l2pcb = NULL; + ng_btsocket_rfcomm_session_p s = NULL; + int error = 0; + + mtx_assert(&ng_btsocket_rfcomm_sessions_mtx, MA_OWNED); + mtx_assert(&s0->session_mtx, MA_OWNED); + + /* Check if there is a complete L2CAP connection in the queue */ + if ((error = s0->l2so->so_error) != 0) { + NG_BTSOCKET_RFCOMM_ERR( +"%s: Could not accept connection on L2CAP socket, error=%d\n", __func__, error); + s0->l2so->so_error = 0; + + return (error); + } + + if (TAILQ_EMPTY(&s0->l2so->so_comp)) { + if (s0->l2so->so_state & SS_CANTRCVMORE) + return (ECONNABORTED); + + return (EWOULDBLOCK); + } + + /* Accept incoming L2CAP connection */ + l2so = TAILQ_FIRST(&s0->l2so->so_comp); + if (l2so == NULL) + panic("%s: l2so == NULL\n", __func__); + + TAILQ_REMOVE(&s0->l2so->so_comp, l2so, so_list); + s0->l2so->so_qlen --; + + soref(l2so); + l2so->so_state &= ~SS_COMP; + l2so->so_state |= SS_NBIO; + l2so->so_head = NULL; + + error = soaccept(l2so, (struct sockaddr **) &l2sa); + if (error != 0) { + NG_BTSOCKET_RFCOMM_ERR( +"%s: soaccept() on L2CAP socket failed, error=%d\n", __func__, error); + soclose(l2so); + + return (error); + } + + /* + * Check if there is already active RFCOMM session between two devices. + * If so then close L2CAP connection. We only support one RFCOMM session + * between each pair of devices. Note that here we assume session in any + * state. The session even could be in the middle of disconnecting. + */ + + l2pcb = so2l2cap_pcb(l2so); + s = ng_btsocket_rfcomm_session_by_addr(&l2pcb->src, &l2pcb->dst); + if (s == NULL) { + /* Create a new RFCOMM session */ + error = ng_btsocket_rfcomm_session_create(&s, l2so, NULL, NULL, + curthread /* XXX */); + if (error == 0) { + mtx_lock(&s->session_mtx); + + s->flags = 0; + s->state = NG_BTSOCKET_RFCOMM_SESSION_CONNECTED; + + /* + * Adjust MTU on incomming connection. Reserve 5 bytes: + * RFCOMM frame header, one extra byte for length and + * one extra byte for credits. + */ + + s->mtu = min(l2pcb->imtu, l2pcb->omtu) - + sizeof(struct rfcomm_frame_hdr) - 1 - 1; + + mtx_unlock(&s->session_mtx); + } else { + NG_BTSOCKET_RFCOMM_ALERT( +"%s: Failed to create new RFCOMM session, error=%d\n", __func__, error); + + soclose(l2so); + } + } else { + NG_BTSOCKET_RFCOMM_WARN( +"%s: Rejecting duplicating RFCOMM session between src=%x:%x:%x:%x:%x:%x and " \ +"dst=%x:%x:%x:%x:%x:%x, state=%d, flags=%#x\n", __func__, + l2pcb->src.b[5], l2pcb->src.b[4], l2pcb->src.b[3], + l2pcb->src.b[2], l2pcb->src.b[1], l2pcb->src.b[0], + l2pcb->dst.b[5], l2pcb->dst.b[4], l2pcb->dst.b[3], + l2pcb->dst.b[2], l2pcb->dst.b[1], l2pcb->dst.b[0], + s->state, s->flags); + + error = EBUSY; + soclose(l2so); + } + + return (error); +} /* ng_btsocket_rfcomm_session_accept */ + +/* + * Process connect() on RFCOMM session + * XXX FIXME locking for "l2so"? + */ + +static int +ng_btsocket_rfcomm_session_connect(ng_btsocket_rfcomm_session_p s) +{ + ng_btsocket_l2cap_pcb_p l2pcb = so2l2cap_pcb(s->l2so); + int error; + + mtx_assert(&s->session_mtx, MA_OWNED); + + /* First check if connection has failed */ + if ((error = s->l2so->so_error) != 0) { + s->l2so->so_error = 0; + + NG_BTSOCKET_RFCOMM_ERR( +"%s: Could not connect RFCOMM session, error=%d, state=%d, flags=%#x\n", + __func__, error, s->state, s->flags); + + return (error); + } + + /* Is connection still in progress? */ + if (s->l2so->so_state & SS_ISCONNECTING) + return (0); + + /* + * If we got here then we are connected. Send SABM on DLCI 0 to + * open multiplexor channel. + */ + + if (error == 0) { + s->state = NG_BTSOCKET_RFCOMM_SESSION_CONNECTED; + + /* + * Adjust MTU on outgoing connection. Reserve 5 bytes: RFCOMM + * frame header, one extra byte for length and one extra byte + * for credits. + */ + + s->mtu = min(l2pcb->imtu, l2pcb->omtu) - + sizeof(struct rfcomm_frame_hdr) - 1 - 1; + + error = ng_btsocket_rfcomm_send_command(s,RFCOMM_FRAME_SABM,0); + if (error == 0) + error = ng_btsocket_rfcomm_task_wakeup(); + } + + return (error); +}/* ng_btsocket_rfcomm_session_connect */ + +/* + * Receive data on RFCOMM session + * XXX FIXME locking for "l2so"? + */ + +static int +ng_btsocket_rfcomm_session_receive(ng_btsocket_rfcomm_session_p s) +{ + struct mbuf *m = NULL; + struct uio uio; + int more, flags, error; + + mtx_assert(&s->session_mtx, MA_OWNED); + + /* Can we read from the L2CAP socket? */ + if (!soreadable(s->l2so)) + return (0); + + /* First check for error on L2CAP socket */ + if ((error = s->l2so->so_error) != 0) { + s->l2so->so_error = 0; + + NG_BTSOCKET_RFCOMM_ERR( +"%s: Could not receive data from L2CAP socket, error=%d, state=%d, flags=%#x\n", + __func__, error, s->state, s->flags); + + return (error); + } + + /* + * Read all packets from the L2CAP socket. + * XXX FIXME/VERIFY is that correct? For now use m->m_nextpkt as + * indication that there is more packets on the socket's buffer. + * Also what should we use in uio.uio_resid? + * May be s->mtu + sizeof(struct rfcomm_frame_hdr) + 1 + 1? + */ + + for (more = 1; more; ) { + /* Try to get next packet from socket */ + bzero(&uio, sizeof(uio)); +/* uio.uio_td = NULL; */ + uio.uio_resid = 1000000000; + flags = MSG_DONTWAIT; + + m = NULL; + error = (*s->l2so->so_proto->pr_usrreqs->pru_soreceive)(s->l2so, + NULL, &uio, &m, (struct mbuf **) NULL, &flags); + if (error != 0) { + if (error == EWOULDBLOCK) + return (0); /* XXX can happen? */ + + NG_BTSOCKET_RFCOMM_ERR( +"%s: Could not receive data from L2CAP socket, error=%d\n", __func__, error); + + return (error); + } + + more = (m->m_nextpkt != NULL); + m->m_nextpkt = NULL; + + ng_btsocket_rfcomm_receive_frame(s, m); + } + + return (0); +} /* ng_btsocket_rfcomm_session_receive */ + +/* + * Send data on RFCOMM session + * XXX FIXME locking for "l2so"? + */ + +static int +ng_btsocket_rfcomm_session_send(ng_btsocket_rfcomm_session_p s) +{ + struct mbuf *m = NULL; + int error; + + mtx_assert(&s->session_mtx, MA_OWNED); + + /* Send as much as we can from the session queue */ + while (sowriteable(s->l2so)) { + /* Check if socket still OK */ + if ((error = s->l2so->so_error) != 0) { + s->l2so->so_error = 0; + + NG_BTSOCKET_RFCOMM_ERR( +"%s: Detected error=%d on L2CAP socket, state=%d, flags=%#x\n", + __func__, error, s->state, s->flags); + + return (error); + } + + NG_BT_MBUFQ_DEQUEUE(&s->outq, m); + if (m == NULL) + return (0); /* we are done */ + + /* Call send function on the L2CAP socket */ + error = (*s->l2so->so_proto->pr_usrreqs->pru_sosend) + (s->l2so, NULL, NULL, m, NULL, 0, + curthread /* XXX */); + if (error != 0) { + NG_BTSOCKET_RFCOMM_ERR( +"%s: Could not send data to L2CAP socket, error=%d\n", __func__, error); + + return (error); + } + } + + return (0); +} /* ng_btsocket_rfcomm_session_send */ + +/* + * Close and disconnect all DLCs for the given session. Caller must hold + * s->sesson_mtx. Will wakeup session. + */ + +static void +ng_btsocket_rfcomm_session_clean(ng_btsocket_rfcomm_session_p s) +{ + ng_btsocket_rfcomm_pcb_p pcb = NULL, pcb_next = NULL; + struct socket *so = NULL; + int error; + + mtx_assert(&s->session_mtx, MA_OWNED); + + /* + * Note: cannot use LIST_FOREACH because ng_btsocket_rfcomm_pcb_kill + * will unlink DLC from the session + */ + + for (pcb = LIST_FIRST(&s->dlcs); pcb != NULL; ) { + mtx_lock(&pcb->pcb_mtx); + pcb_next = LIST_NEXT(pcb, session_next); + + NG_BTSOCKET_RFCOMM_INFO( +"%s: Disconnecting dlci=%d, state=%d, flags=%#x\n", + __func__, pcb->dlci, pcb->state, pcb->flags); + + if (pcb->state == NG_BTSOCKET_RFCOMM_DLC_CONNECTED) + error = ECONNRESET; + else + error = ECONNREFUSED; + + if (ng_btsocket_rfcomm_pcb_kill(pcb, error)) + so = pcb->so; + else + so = NULL; + + mtx_unlock(&pcb->pcb_mtx); + pcb = pcb_next; + + if (so != NULL) + ng_btsocket_rfcomm_detach(so); + } +} /* ng_btsocket_rfcomm_session_clean */ + +/* + * Process all DLCs on the session. Caller MUST hold s->session_mtx. + */ + +static void +ng_btsocket_rfcomm_session_process_pcb(ng_btsocket_rfcomm_session_p s) +{ + ng_btsocket_rfcomm_pcb_p pcb = NULL, pcb_next = NULL; + struct socket *so = NULL; + int error; + + mtx_assert(&s->session_mtx, MA_OWNED); + + /* + * Note: cannot use LIST_FOREACH because ng_btsocket_rfcomm_pcb_kill + * will unlink DLC from the session + */ + + for (pcb = LIST_FIRST(&s->dlcs); pcb != NULL; ) { + so = NULL; + + mtx_lock(&pcb->pcb_mtx); + pcb_next = LIST_NEXT(pcb, session_next); + + switch (pcb->state) { + + /* + * If DLC in W4_CONNECT state then we should check for both + * timeout and detach. + */ + + case NG_BTSOCKET_RFCOMM_DLC_W4_CONNECT: + if (pcb->flags & NG_BTSOCKET_RFCOMM_DLC_DETACHED) { + if (ng_btsocket_rfcomm_pcb_kill(pcb, 0)) + so = pcb->so; + } else if (pcb->flags & NG_BTSOCKET_RFCOMM_DLC_TIMEDOUT) + if (ng_btsocket_rfcomm_pcb_kill(pcb, ETIMEDOUT)) + so = pcb->so; + break; + + /* + * If DLC in CONFIGURING or CONNECTING state then we only + * should check for timeout. If detach() was called then + * DLC will be moved into DISCONNECTING state. + */ + + case NG_BTSOCKET_RFCOMM_DLC_CONFIGURING: + case NG_BTSOCKET_RFCOMM_DLC_CONNECTING: + if (pcb->flags & NG_BTSOCKET_RFCOMM_DLC_TIMEDOUT) + if (ng_btsocket_rfcomm_pcb_kill(pcb, ETIMEDOUT)) + so = pcb->so; + break; + + /* + * If DLC in CONNECTED state then we need to send data (if any) + * from the socket's send queue. Note that we will send data + * from either all sockets or none. This may overload session's + * outgoing queue (but we do not check for that). + * + * XXX FIXME need scheduler for RFCOMM sockets + */ + + case NG_BTSOCKET_RFCOMM_DLC_CONNECTED: + error = ng_btsocket_rfcomm_pcb_send(pcb, ALOT); + if (error != 0) + if (ng_btsocket_rfcomm_pcb_kill(pcb, error)) + so = pcb->so; + break; + + /* + * If DLC in DISCONNECTING state then we must send DISC frame. + * Note that if DLC has timeout set then we do not need to + * resend DISC frame. + * + * XXX FIXME need to drain all data from the socket's queue + * if LINGER option was set + */ + + case NG_BTSOCKET_RFCOMM_DLC_DISCONNECTING: + if (!(pcb->flags & NG_BTSOCKET_RFCOMM_DLC_TIMO)) { + error = ng_btsocket_rfcomm_send_command( + pcb->session, RFCOMM_FRAME_DISC, + pcb->dlci); + if (error == 0) + ng_btsocket_rfcomm_timeout(pcb); + else if (ng_btsocket_rfcomm_pcb_kill(pcb,error)) + so = pcb->so; + } else if (pcb->flags & NG_BTSOCKET_RFCOMM_DLC_TIMEDOUT) + if (ng_btsocket_rfcomm_pcb_kill(pcb, ETIMEDOUT)) + so = pcb->so; + break; + +/* case NG_BTSOCKET_RFCOMM_DLC_CLOSED: */ + default: + panic("%s: Invalid DLC state=%d, flags=%#x\n", + __func__, pcb->state, pcb->flags); + break; + } + + mtx_unlock(&pcb->pcb_mtx); + pcb = pcb_next; + + if (so != NULL) + ng_btsocket_rfcomm_detach(so); + } +} /* ng_btsocket_rfcomm_session_process_pcb */ + +/* + * Find RFCOMM session between "src" and "dst". + * Caller MUST hold ng_btsocket_rfcomm_sessions_mtx. + */ + +static ng_btsocket_rfcomm_session_p +ng_btsocket_rfcomm_session_by_addr(bdaddr_p src, bdaddr_p dst) +{ + ng_btsocket_rfcomm_session_p s = NULL; + ng_btsocket_l2cap_pcb_p l2pcb = NULL; + int any_src; + + mtx_assert(&ng_btsocket_rfcomm_sessions_mtx, MA_OWNED); + + any_src = (bcmp(src, NG_HCI_BDADDR_ANY, sizeof(*src)) == 0); + + LIST_FOREACH(s, &ng_btsocket_rfcomm_sessions, next) { + l2pcb = so2l2cap_pcb(s->l2so); + + if ((any_src || bcmp(&l2pcb->src, src, sizeof(*src)) == 0) && + bcmp(&l2pcb->dst, dst, sizeof(*dst)) == 0) + break; + } + + return (s); +} /* ng_btsocket_rfcomm_session_by_addr */ + +/***************************************************************************** + ***************************************************************************** + ** RFCOMM + ***************************************************************************** + *****************************************************************************/ + +/* + * Process incoming RFCOMM frame. Caller must hold s->session_mtx. + * XXX FIXME check frame length + */ + +static int +ng_btsocket_rfcomm_receive_frame(ng_btsocket_rfcomm_session_p s, + struct mbuf *m0) +{ + struct rfcomm_frame_hdr *hdr = NULL; + struct mbuf *m = NULL; + u_int16_t length; + u_int8_t dlci, type; + int error = 0; + + mtx_assert(&s->session_mtx, MA_OWNED); + + /* Pullup as much as we can into first mbuf (for direct access) */ + length = min(m0->m_pkthdr.len, MHLEN); + if (m0->m_len < length) { + if ((m0 = m_pullup(m0, length)) == NULL) { + NG_BTSOCKET_RFCOMM_ALERT( +"%s: m_pullup(%d) failed\n", __func__, length); + + return (ENOBUFS); + } + } + + hdr = mtod(m0, struct rfcomm_frame_hdr *); + dlci = RFCOMM_DLCI(hdr->address); + type = RFCOMM_TYPE(hdr->control); + + /* Test EA bit in length. If not set then we have 2 bytes of length */ + if (!RFCOMM_EA(hdr->length)) { + bcopy(&hdr->length, &length, sizeof(length)); + length = le16toh(length); + m_adj(m0, sizeof(*hdr) + 1); + } else { + length = hdr->length >> 1; + m_adj(m0, sizeof(*hdr)); + } + + NG_BTSOCKET_RFCOMM_INFO( +"%s: Got frame type=%#x, dlci=%d, length=%d, cr=%d, pf=%d, len=%d\n", + __func__, type, dlci, length, RFCOMM_CR(hdr->address), + RFCOMM_PF(hdr->control), m0->m_pkthdr.len); + + /* + * Get FCS (the last byte in the frame) + * XXX this will not work if mbuf chain ends with empty mbuf. + * XXX let's hope it never happens :) + */ + + for (m = m0; m->m_next != NULL; m = m->m_next) + ; + if (m->m_len <= 0) + panic("%s: Empty mbuf at the end of the chain, len=%d\n", + __func__, m->m_len); + + /* + * Check FCS. We only need to calculate FCS on first 2 or 3 bytes + * and already m_pullup'ed mbuf chain, so it should be safe. + */ + + if (ng_btsocket_rfcomm_check_fcs((u_int8_t *) hdr, type, m->m_data[m->m_len - 1])) { + NG_BTSOCKET_RFCOMM_ERR( +"%s: Invalid RFCOMM packet. Bad checksum\n", __func__); + NG_FREE_M(m0); + + return (EINVAL); + } + + m_adj(m0, -1); /* Trim FCS byte */ + + /* + * Process RFCOMM frame. + * + * From TS 07.10 spec + * + * "... In the case where a SABM or DISC command with the P bit set + * to 0 is received then the received frame shall be discarded..." + * + * "... If a unsolicited DM response is received then the frame shall + * be processed irrespective of the P/F setting... " + * + * "... The station may transmit response frames with the F bit set + * to 0 at any opportunity on an asynchronous basis. However, in the + * case where a UA response is received with the F bit set to 0 then + * the received frame shall be discarded..." + * + * From Bluetooth spec + * + * "... When credit based flow control is being used, the meaning of + * the P/F bit in the control field of the RFCOMM header is redefined + * for UIH frames..." + */ + + switch (type) { + case RFCOMM_FRAME_SABM: + if (RFCOMM_PF(hdr->control)) + error = ng_btsocket_rfcomm_receive_sabm(s, dlci); + break; + + case RFCOMM_FRAME_DISC: + if (RFCOMM_PF(hdr->control)) + error = ng_btsocket_rfcomm_receive_disc(s, dlci); + break; + + case RFCOMM_FRAME_UA: + if (RFCOMM_PF(hdr->control)) + error = ng_btsocket_rfcomm_receive_ua(s, dlci); + break; + + case RFCOMM_FRAME_DM: + error = ng_btsocket_rfcomm_receive_dm(s, dlci); + break; + + case RFCOMM_FRAME_UIH: + if (dlci == 0) + error = ng_btsocket_rfcomm_receive_mcc(s, m0); + else + error = ng_btsocket_rfcomm_receive_uih(s, dlci, + RFCOMM_PF(hdr->control), m0); + + return (error); + /* NOT REACHED */ + + default: + NG_BTSOCKET_RFCOMM_ERR( +"%s: Invalid RFCOMM packet. Unknown type=%#x\n", __func__, type); + error = EINVAL; + break; + } + + NG_FREE_M(m0); + + return (error); +} /* ng_btsocket_rfcomm_receive_frame */ + +/* + * Process RFCOMM SABM frame + */ + +static int +ng_btsocket_rfcomm_receive_sabm(ng_btsocket_rfcomm_session_p s, int dlci) +{ + ng_btsocket_rfcomm_pcb_p pcb = NULL; + struct socket *so = NULL; + int error = 0; + + mtx_assert(&s->session_mtx, MA_OWNED); + + NG_BTSOCKET_RFCOMM_INFO( +"%s: Got SABM, session state=%d, flags=%#x, mtu=%d, dlci=%d\n", + __func__, s->state, s->flags, s->mtu, dlci); + + /* DLCI == 0 means open multiplexor channel */ + if (dlci == 0) { + switch (s->state) { + case NG_BTSOCKET_RFCOMM_SESSION_CONNECTED: + case NG_BTSOCKET_RFCOMM_SESSION_OPEN: + error = ng_btsocket_rfcomm_send_command(s, + RFCOMM_FRAME_UA, dlci); + if (error == 0) { + s->state = NG_BTSOCKET_RFCOMM_SESSION_OPEN; + ng_btsocket_rfcomm_connect_cfm(s); + } else { + s->state = NG_BTSOCKET_RFCOMM_SESSION_CLOSED; + ng_btsocket_rfcomm_session_clean(s); + } + break; + + default: + NG_BTSOCKET_RFCOMM_WARN( +"%s: Got SABM for session in invalid state state=%d, flags=%#x\n", + __func__, s->state, s->flags); + error = EINVAL; + break; + } + + return (error); + } + + /* Make sure multiplexor channel is open */ + if (s->state != NG_BTSOCKET_RFCOMM_SESSION_OPEN) { + NG_BTSOCKET_RFCOMM_ERR( +"%s: Got SABM for dlci=%d with mulitplexor channel closed, state=%d, " \ +"flags=%#x\n", __func__, dlci, s->state, s->flags); + + return (EINVAL); + } + + /* + * Check if we have this DLCI. This might happen when remote + * peer uses PN command before actual open (SABM) happens. + */ + + pcb = ng_btsocket_rfcomm_pcb_by_dlci(s, dlci); + if (pcb != NULL) { + mtx_lock(&pcb->pcb_mtx); + + if (pcb->state != NG_BTSOCKET_RFCOMM_DLC_CONNECTING) { + NG_BTSOCKET_RFCOMM_ERR( +"%s: Got SABM for dlci=%d in invalid state=%d, flags=%#x\n", + __func__, dlci, pcb->state, pcb->flags); + mtx_unlock(&pcb->pcb_mtx); + + return (ENOENT); + } + + ng_btsocket_rfcomm_untimeout(pcb); + + error = ng_btsocket_rfcomm_send_command(s,RFCOMM_FRAME_UA,dlci); + if (error == 0) + error = ng_btsocket_rfcomm_send_msc(pcb); + + if (error == 0) { + pcb->state = NG_BTSOCKET_RFCOMM_DLC_CONNECTED; + soisconnected(pcb->so); + } else if (ng_btsocket_rfcomm_pcb_kill(pcb, error)) + so = pcb->so; + + mtx_unlock(&pcb->pcb_mtx); + + if (so != NULL) + ng_btsocket_rfcomm_detach(so); + + return (error); + } + + /* + * We do not have requested DLCI, so it must be an incoming connection + * with default parameters. Try to accept it. + */ + + pcb = ng_btsocket_rfcomm_connect_ind(s, RFCOMM_SRVCHANNEL(dlci)); + if (pcb != NULL) { + mtx_lock(&pcb->pcb_mtx); + + pcb->dlci = dlci; + + error = ng_btsocket_rfcomm_send_command(s,RFCOMM_FRAME_UA,dlci); + if (error == 0) { + pcb->state = NG_BTSOCKET_RFCOMM_DLC_CONNECTED; + soisconnected(pcb->so); + } else if (ng_btsocket_rfcomm_pcb_kill(pcb, error)) + so = pcb->so; + + mtx_unlock(&pcb->pcb_mtx); + + if (so != NULL) + ng_btsocket_rfcomm_detach(so); + } else + /* Nobody is listen()ing on the requested DLCI */ + error = ng_btsocket_rfcomm_send_command(s,RFCOMM_FRAME_DM,dlci); + + return (error); +} /* ng_btsocket_rfcomm_receive_sabm */ + +/* + * Process RFCOMM DISC frame + */ + +static int +ng_btsocket_rfcomm_receive_disc(ng_btsocket_rfcomm_session_p s, int dlci) +{ + ng_btsocket_rfcomm_pcb_p pcb = NULL; + int error = 0; + + mtx_assert(&s->session_mtx, MA_OWNED); + + NG_BTSOCKET_RFCOMM_INFO( +"%s: Got DISC, session state=%d, flags=%#x, mtu=%d, dlci=%d\n", + __func__, s->state, s->flags, s->mtu, dlci); + + /* DLCI == 0 means close multiplexor channel */ + if (dlci == 0) { + /* XXX FIXME assume that remote side will close the socket */ + error = ng_btsocket_rfcomm_send_command(s, RFCOMM_FRAME_UA, 0); + if (error == 0) + s->state = NG_BTSOCKET_RFCOMM_SESSION_DISCONNECTING; + else + s->state = NG_BTSOCKET_RFCOMM_SESSION_CLOSED; /* XXX */ + + ng_btsocket_rfcomm_session_clean(s); + } else { + pcb = ng_btsocket_rfcomm_pcb_by_dlci(s, dlci); + if (pcb != NULL) { + struct socket *so = NULL; + int err; + + mtx_lock(&pcb->pcb_mtx); + + NG_BTSOCKET_RFCOMM_INFO( +"%s: Got DISC for dlci=%d, state=%d, flags=%#x\n", + __func__, dlci, pcb->state, pcb->flags); + + error = ng_btsocket_rfcomm_send_command(s, + RFCOMM_FRAME_UA, dlci); + + if (pcb->state == NG_BTSOCKET_RFCOMM_DLC_CONNECTED) + err = 0; + else + err = ECONNREFUSED; + + if (ng_btsocket_rfcomm_pcb_kill(pcb, err)) + so = pcb->so; + + mtx_unlock(&pcb->pcb_mtx); + + if (so != NULL) + ng_btsocket_rfcomm_detach(so); + } else { + NG_BTSOCKET_RFCOMM_WARN( +"%s: Got DISC for non-existing dlci=%d\n", __func__, dlci); + + error = ng_btsocket_rfcomm_send_command(s, + RFCOMM_FRAME_DM, dlci); + } + } + + return (error); +} /* ng_btsocket_rfcomm_receive_disc */ + +/* + * Process RFCOMM UA frame + */ + +static int +ng_btsocket_rfcomm_receive_ua(ng_btsocket_rfcomm_session_p s, int dlci) +{ + ng_btsocket_rfcomm_pcb_p pcb = NULL; + int error = 0; + + mtx_assert(&s->session_mtx, MA_OWNED); + + NG_BTSOCKET_RFCOMM_INFO( +"%s: Got UA, session state=%d, flags=%#x, mtu=%d, dlci=%d\n", + __func__, s->state, s->flags, s->mtu, dlci); + + /* dlci == 0 means multiplexor channel */ + if (dlci == 0) { + switch (s->state) { + case NG_BTSOCKET_RFCOMM_SESSION_CONNECTED: + s->state = NG_BTSOCKET_RFCOMM_SESSION_OPEN; + ng_btsocket_rfcomm_connect_cfm(s); + break; + + case NG_BTSOCKET_RFCOMM_SESSION_DISCONNECTING: + s->state = NG_BTSOCKET_RFCOMM_SESSION_CLOSED; + ng_btsocket_rfcomm_session_clean(s); + break; + + default: + NG_BTSOCKET_RFCOMM_WARN( +"%s: Got UA for session in invalid state=%d(%d), flags=%#x, mtu=%d\n", + __func__, s->state, INITIATOR(s), s->flags, + s->mtu); + error = ENOENT; + break; + } + + return (error); + } + + /* Check if we have this DLCI */ + pcb = ng_btsocket_rfcomm_pcb_by_dlci(s, dlci); + if (pcb != NULL) { + struct socket *so = NULL; + + mtx_lock(&pcb->pcb_mtx); + + NG_BTSOCKET_RFCOMM_INFO( +"%s: Got UA for dlci=%d, state=%d, flags=%#x\n", + __func__, dlci, pcb->state, pcb->flags); + + switch (pcb->state) { + case NG_BTSOCKET_RFCOMM_DLC_CONNECTING: + ng_btsocket_rfcomm_untimeout(pcb); + + error = ng_btsocket_rfcomm_send_msc(pcb); + if (error == 0) { + pcb->state = NG_BTSOCKET_RFCOMM_DLC_CONNECTED; + soisconnected(pcb->so); + } + break; + + case NG_BTSOCKET_RFCOMM_DLC_DISCONNECTING: + if (ng_btsocket_rfcomm_pcb_kill(pcb, 0)) + so = pcb->so; + break; + + default: + NG_BTSOCKET_RFCOMM_WARN( +"%s: Got UA for dlci=%d in invalid state=%d, flags=%#x\n", + __func__, dlci, pcb->state, pcb->flags); + error = ENOENT; + break; + } + + mtx_unlock(&pcb->pcb_mtx); + + if (so != NULL) + ng_btsocket_rfcomm_detach(so); + } else { + NG_BTSOCKET_RFCOMM_WARN( +"%s: Got UA for non-existing dlci=%d\n", __func__, dlci); + + error = ng_btsocket_rfcomm_send_command(s,RFCOMM_FRAME_DM,dlci); + } + + return (error); +} /* ng_btsocket_rfcomm_receive_ua */ + +/* + * Process RFCOMM DM frame + */ + +static int +ng_btsocket_rfcomm_receive_dm(ng_btsocket_rfcomm_session_p s, int dlci) +{ + ng_btsocket_rfcomm_pcb_p pcb = NULL; + int error; + + mtx_assert(&s->session_mtx, MA_OWNED); + + NG_BTSOCKET_RFCOMM_INFO( +"%s: Got DM, session state=%d, flags=%#x, mtu=%d, dlci=%d\n", + __func__, s->state, s->flags, s->mtu, dlci); + + /* DLCI == 0 means multiplexor channel */ + if (dlci == 0) { + /* Disconnect all dlc's on the session */ + s->state = NG_BTSOCKET_RFCOMM_SESSION_CLOSED; + ng_btsocket_rfcomm_session_clean(s); + } else { + pcb = ng_btsocket_rfcomm_pcb_by_dlci(s, dlci); + if (pcb != NULL) { + struct socket *so = NULL; + + mtx_lock(&pcb->pcb_mtx); + + NG_BTSOCKET_RFCOMM_INFO( +"%s: Got DM for dlci=%d, state=%d, flags=%#x\n", + __func__, dlci, pcb->state, pcb->flags); + + if (pcb->state == NG_BTSOCKET_RFCOMM_DLC_CONNECTED) + error = ECONNRESET; + else + error = ECONNREFUSED; + + if (ng_btsocket_rfcomm_pcb_kill(pcb, error)) + so = pcb->so; + + mtx_unlock(&pcb->pcb_mtx); + + if (so != NULL) + ng_btsocket_rfcomm_detach(so); + } else + NG_BTSOCKET_RFCOMM_WARN( +"%s: Got DM for non-existing dlci=%d\n", __func__, dlci); + } + + return (0); +} /* ng_btsocket_rfcomm_receive_dm */ + +/* + * Process RFCOMM UIH frame (data) + */ + +static int +ng_btsocket_rfcomm_receive_uih(ng_btsocket_rfcomm_session_p s, int dlci, + int pf, struct mbuf *m0) +{ + ng_btsocket_rfcomm_pcb_p pcb = NULL; + int error = 0; + + mtx_assert(&s->session_mtx, MA_OWNED); + + NG_BTSOCKET_RFCOMM_INFO( +"%s: Got UIH, session state=%d, flags=%#x, mtu=%d, dlci=%d, pf=%d, len=%d\n", + __func__, s->state, s->flags, s->mtu, dlci, pf, + m0->m_pkthdr.len); + + /* XXX should we do it here? Check for session flow control */ + if (s->flags & NG_BTSOCKET_RFCOMM_SESSION_LFC) { + NG_BTSOCKET_RFCOMM_WARN( +"%s: Got UIH with session flow control asserted, state=%d, flags=%#x\n", + __func__, s->state, s->flags); + goto drop; + } + + /* Check if we have this dlci */ + pcb = ng_btsocket_rfcomm_pcb_by_dlci(s, dlci); + if (pcb == NULL) { + NG_BTSOCKET_RFCOMM_WARN( +"%s: Got UIH for non-existing dlci=%d\n", __func__, dlci); + error = ng_btsocket_rfcomm_send_command(s,RFCOMM_FRAME_DM,dlci); + goto drop; + } + + mtx_lock(&pcb->pcb_mtx); + + /* Check dlci state */ + if (pcb->state != NG_BTSOCKET_RFCOMM_DLC_CONNECTED) { + NG_BTSOCKET_RFCOMM_WARN( +"%s: Got UIH for dlci=%d in invalid state=%d, flags=%#x\n", + __func__, dlci, pcb->state, pcb->flags); + error = EINVAL; + goto drop1; + } + + /* Check dlci flow control */ + if (((pcb->flags & NG_BTSOCKET_RFCOMM_DLC_CFC) && pcb->rx_cred <= 0) || + (pcb->lmodem & RFCOMM_MODEM_FC)) { + NG_BTSOCKET_RFCOMM_ERR( +"%s: Got UIH for dlci=%d with asserted flow control, state=%d, " \ +"flags=%#x, rx_cred=%d, lmodem=%#x\n", + __func__, dlci, pcb->state, pcb->flags, + pcb->rx_cred, pcb->lmodem); + goto drop1; + } + + /* Did we get any credits? */ + if ((pcb->flags & NG_BTSOCKET_RFCOMM_DLC_CFC) && pf) { + NG_BTSOCKET_RFCOMM_INFO( +"%s: Got %d more credits for dlci=%d, state=%d, flags=%#x, " \ +"rx_cred=%d, tx_cred=%d\n", + __func__, *mtod(m0, u_int8_t *), dlci, pcb->state, + pcb->flags, pcb->rx_cred, pcb->tx_cred); + + pcb->tx_cred += *mtod(m0, u_int8_t *); + m_adj(m0, 1); + + /* Send more from the DLC. XXX check for errors? */ + ng_btsocket_rfcomm_pcb_send(pcb, ALOT); + } + + /* OK the of the rest of the mbuf is the data */ + if (m0->m_pkthdr.len > 0) { + /* If we are using credit flow control decrease rx_cred here */ + if (pcb->flags & NG_BTSOCKET_RFCOMM_DLC_CFC) { + /* Give remote peer more credits (if needed) */ + if (-- pcb->rx_cred <= RFCOMM_MAX_CREDITS / 2) + ng_btsocket_rfcomm_send_credits(pcb); + else + NG_BTSOCKET_RFCOMM_INFO( +"%s: Remote side still has credits, dlci=%d, state=%d, flags=%#x, " \ +"rx_cred=%d, tx_cred=%d\n", __func__, dlci, pcb->state, pcb->flags, + pcb->rx_cred, pcb->tx_cred); + } + + /* Check packet against mtu on dlci */ + if (m0->m_pkthdr.len > pcb->mtu) { + NG_BTSOCKET_RFCOMM_ERR( +"%s: Got oversized UIH for dlci=%d, state=%d, flags=%#x, mtu=%d, len=%d\n", + __func__, dlci, pcb->state, pcb->flags, + pcb->mtu, m0->m_pkthdr.len); + + error = EMSGSIZE; + } else if (m0->m_pkthdr.len > sbspace(&pcb->so->so_rcv)) { + + /* + * This is really bad. Receive queue on socket does + * not have enough space for the packet. We do not + * have any other choice but drop the packet. + */ + + NG_BTSOCKET_RFCOMM_ERR( +"%s: Not enough space in socket receive queue. Dropping UIH for dlci=%d, " \ +"state=%d, flags=%#x, len=%d, space=%ld\n", + __func__, dlci, pcb->state, pcb->flags, + m0->m_pkthdr.len, sbspace(&pcb->so->so_rcv)); + + error = ENOBUFS; + } else { + /* Append packet to the socket receive queue */ + sbappend(&pcb->so->so_rcv, m0); + m0 = NULL; + + sorwakeup(pcb->so); + } + } +drop1: + mtx_unlock(&pcb->pcb_mtx); +drop: + NG_FREE_M(m0); /* checks for != NULL */ + + return (error); +} /* ng_btsocket_rfcomm_receive_uih */ + +/* + * Process RFCOMM MCC command (Multiplexor) + * + * From TS 07.10 spec + * + * "5.4.3.1 Information Data + * + * ...The frames (UIH) sent by the initiating station have the C/R bit set + * to 1 and those sent by the responding station have the C/R bit set to 0..." + * + * "5.4.6.2 Operating procedures + * + * Messages always exist in pairs; a command message and a corresponding + * response message. If the C/R bit is set to 1 the message is a command, + * if it is set to 0 the message is a response... + * + * ... + * + * NOTE: Notice that when UIH frames are used to convey information on DLCI 0 + * there are at least two different fields that contain a C/R bit, and the + * bits are set of different form. The C/R bit in the Type field shall be set + * as it is stated above, while the C/R bit in the Address field (see subclause + * 5.2.1.2) shall be set as it is described in subclause 5.4.3.1." + */ + +static int +ng_btsocket_rfcomm_receive_mcc(ng_btsocket_rfcomm_session_p s, struct mbuf *m0) +{ + struct rfcomm_mcc_hdr *hdr = NULL; + u_int8_t cr, type, length; + + mtx_assert(&s->session_mtx, MA_OWNED); + + /* + * We can access data directly in the first mbuf, because we have + * m_pullup()'ed mbuf chain in ng_btsocket_rfcomm_receive_frame(). + * All MCC commands should fit into single mbuf (except probably TEST). + */ + + hdr = mtod(m0, struct rfcomm_mcc_hdr *); + cr = RFCOMM_CR(hdr->type); + type = RFCOMM_MCC_TYPE(hdr->type); + length = RFCOMM_MCC_LENGTH(hdr->length); + + /* Check MCC frame length */ + if (sizeof(*hdr) + length != m0->m_pkthdr.len) { + NG_BTSOCKET_RFCOMM_ERR( +"%s: Invalid MCC frame length=%d, len=%d\n", + __func__, length, m0->m_pkthdr.len); + NG_FREE_M(m0); + + return (EMSGSIZE); + } + + switch (type) { + case RFCOMM_MCC_TEST: + return (ng_btsocket_rfcomm_receive_test(s, m0)); + /* NOT REACHED */ + + case RFCOMM_MCC_FCON: + case RFCOMM_MCC_FCOFF: + return (ng_btsocket_rfcomm_receive_fc(s, m0)); + /* NOT REACHED */ + + case RFCOMM_MCC_MSC: + return (ng_btsocket_rfcomm_receive_msc(s, m0)); + /* NOT REACHED */ + + case RFCOMM_MCC_RPN: + return (ng_btsocket_rfcomm_receive_rpn(s, m0)); + /* NOT REACHED */ + + case RFCOMM_MCC_RLS: + return (ng_btsocket_rfcomm_receive_rls(s, m0)); + /* NOT REACHED */ + + case RFCOMM_MCC_PN: + return (ng_btsocket_rfcomm_receive_pn(s, m0)); + /* NOT REACHED */ + + case RFCOMM_MCC_NSC: + NG_BTSOCKET_RFCOMM_ERR( +"%s: Got MCC NSC, type=%#x, cr=%d, length=%d, session state=%d, flags=%#x, " \ +"mtu=%d, len=%d\n", __func__, RFCOMM_MCC_TYPE(*((u_int8_t *)(hdr + 1))), cr, + length, s->state, s->flags, s->mtu, m0->m_pkthdr.len); + NG_FREE_M(m0); + break; + + default: + NG_BTSOCKET_RFCOMM_ERR( +"%s: Got unknown MCC, type=%#x, cr=%d, length=%d, session state=%d, " \ +"flags=%#x, mtu=%d, len=%d\n", + __func__, type, cr, length, s->state, s->flags, + s->mtu, m0->m_pkthdr.len); + + /* Reuse mbuf to send NSC */ + hdr = mtod(m0, struct rfcomm_mcc_hdr *); + m0->m_pkthdr.len = m0->m_len = sizeof(*hdr); + + /* Create MCC NSC header */ + hdr->type = RFCOMM_MKMCC_TYPE(0, RFCOMM_MCC_NSC); + hdr->length = RFCOMM_MKLEN8(1); + + /* Put back MCC command type we did not like */ + m0->m_data[m0->m_len] = RFCOMM_MKMCC_TYPE(cr, type); + m0->m_pkthdr.len ++; + m0->m_len ++; + + /* Send UIH frame */ + return (ng_btsocket_rfcomm_send_uih(s, + RFCOMM_MKADDRESS(INITIATOR(s), 0), 0, 0, m0)); + /* NOT REACHED */ + } + + return (0); +} /* ng_btsocket_rfcomm_receive_mcc */ + +/* + * Receive RFCOMM TEST MCC command + */ + +static int +ng_btsocket_rfcomm_receive_test(ng_btsocket_rfcomm_session_p s, struct mbuf *m0) +{ + struct rfcomm_mcc_hdr *hdr = mtod(m0, struct rfcomm_mcc_hdr *); + int error = 0; + + mtx_assert(&s->session_mtx, MA_OWNED); + + NG_BTSOCKET_RFCOMM_INFO( +"%s: Got MCC TEST, cr=%d, length=%d, session state=%d, flags=%#x, mtu=%d, " \ +"len=%d\n", __func__, RFCOMM_CR(hdr->type), RFCOMM_MCC_LENGTH(hdr->length), + s->state, s->flags, s->mtu, m0->m_pkthdr.len); + + if (RFCOMM_CR(hdr->type)) { + hdr->type = RFCOMM_MKMCC_TYPE(0, RFCOMM_MCC_TEST); + error = ng_btsocket_rfcomm_send_uih(s, + RFCOMM_MKADDRESS(INITIATOR(s), 0), 0, 0, m0); + } else + NG_FREE_M(m0); /* XXX ignore response */ + + return (error); +} /* ng_btsocket_rfcomm_receive_test */ + +/* + * Receive RFCOMM FCON/FCOFF MCC command + */ + +static int +ng_btsocket_rfcomm_receive_fc(ng_btsocket_rfcomm_session_p s, struct mbuf *m0) +{ + struct rfcomm_mcc_hdr *hdr = mtod(m0, struct rfcomm_mcc_hdr *); + u_int8_t type = RFCOMM_MCC_TYPE(hdr->type); + int error = 0; + + mtx_assert(&s->session_mtx, MA_OWNED); + + /* + * Turn ON/OFF aggregate flow on the entire session. When remote peer + * asserted flow control no transmission shall occur except on dlci 0 + * (control channel). + */ + + NG_BTSOCKET_RFCOMM_INFO( +"%s: Got MCC FC%s, cr=%d, length=%d, session state=%d, flags=%#x, mtu=%d, " \ +"len=%d\n", __func__, (type == RFCOMM_MCC_FCON)? "ON" : "OFF", + RFCOMM_CR(hdr->type), RFCOMM_MCC_LENGTH(hdr->length), + s->state, s->flags, s->mtu, m0->m_pkthdr.len); + + if (RFCOMM_CR(hdr->type)) { + if (type == RFCOMM_MCC_FCON) + s->flags &= ~NG_BTSOCKET_RFCOMM_SESSION_RFC; + else + s->flags |= NG_BTSOCKET_RFCOMM_SESSION_RFC; + + hdr->type = RFCOMM_MKMCC_TYPE(0, type); + error = ng_btsocket_rfcomm_send_uih(s, + RFCOMM_MKADDRESS(INITIATOR(s), 0), 0, 0, m0); + } else + NG_FREE_M(m0); /* XXX ignore response */ + + return (error); +} /* ng_btsocket_rfcomm_receive_fc */ + +/* + * Receive RFCOMM MSC MCC command + */ + +static int +ng_btsocket_rfcomm_receive_msc(ng_btsocket_rfcomm_session_p s, struct mbuf *m0) +{ + struct rfcomm_mcc_hdr *hdr = mtod(m0, struct rfcomm_mcc_hdr*); + struct rfcomm_mcc_msc *msc = (struct rfcomm_mcc_msc *)(hdr+1); + ng_btsocket_rfcomm_pcb_t *pcb = NULL; + int error = 0; + + mtx_assert(&s->session_mtx, MA_OWNED); + + NG_BTSOCKET_RFCOMM_INFO( +"%s: Got MCC MSC, dlci=%d, cr=%d, length=%d, session state=%d, flags=%#x, " \ +"mtu=%d, len=%d\n", + __func__, RFCOMM_DLCI(msc->address), RFCOMM_CR(hdr->type), + RFCOMM_MCC_LENGTH(hdr->length), s->state, s->flags, + s->mtu, m0->m_pkthdr.len); + + if (RFCOMM_CR(hdr->type)) { + pcb = ng_btsocket_rfcomm_pcb_by_dlci(s, RFCOMM_DLCI(msc->address)); + if (pcb == NULL) { + NG_BTSOCKET_RFCOMM_WARN( +"%s: Got MSC command for non-existing dlci=%d\n", + __func__, RFCOMM_DLCI(msc->address)); + NG_FREE_M(m0); + + return (ENOENT); + } + + mtx_lock(&pcb->pcb_mtx); + + if (pcb->state != NG_BTSOCKET_RFCOMM_DLC_CONNECTING && + pcb->state != NG_BTSOCKET_RFCOMM_DLC_CONNECTED) { + NG_BTSOCKET_RFCOMM_WARN( +"%s: Got MSC on dlci=%d in invalid state=%d\n", + __func__, RFCOMM_DLCI(msc->address), + pcb->state); + + mtx_unlock(&pcb->pcb_mtx); + NG_FREE_M(m0); + + return (EINVAL); + } + + pcb->rmodem = msc->modem; /* Update remote port signals */ + + hdr->type = RFCOMM_MKMCC_TYPE(0, RFCOMM_MCC_MSC); + error = ng_btsocket_rfcomm_send_uih(s, + RFCOMM_MKADDRESS(INITIATOR(s), 0), 0, 0, m0); + +#if 0 /* YYY */ + /* Send more data from DLC. XXX check for errors? */ + if (!(pcb->rmodem & RFCOMM_MODEM_FC) && + !(pcb->flags & NG_BTSOCKET_RFCOMM_DLC_CFC)) + ng_btsocket_rfcomm_pcb_send(pcb, ALOT); +#endif /* YYY */ + + mtx_unlock(&pcb->pcb_mtx); + } else + NG_FREE_M(m0); /* XXX ignore response */ + + return (error); +} /* ng_btsocket_rfcomm_receive_msc */ + +/* + * Receive RFCOMM RPN MCC command + * XXX FIXME do we need htole16/le16toh for RPN param_mask? + */ + +static int +ng_btsocket_rfcomm_receive_rpn(ng_btsocket_rfcomm_session_p s, struct mbuf *m0) +{ + struct rfcomm_mcc_hdr *hdr = mtod(m0, struct rfcomm_mcc_hdr *); + struct rfcomm_mcc_rpn *rpn = (struct rfcomm_mcc_rpn *)(hdr + 1); + int error = 0; + u_int16_t param_mask; + u_int8_t bit_rate, data_bits, stop_bits, parity, + flow_control, xon_char, xoff_char; + + mtx_assert(&s->session_mtx, MA_OWNED); + + NG_BTSOCKET_RFCOMM_INFO( +"%s: Got MCC RPN, dlci=%d, cr=%d, length=%d, session state=%d, flags=%#x, " \ +"mtu=%d, len=%d\n", + __func__, RFCOMM_DLCI(rpn->dlci), RFCOMM_CR(hdr->type), + RFCOMM_MCC_LENGTH(hdr->length), s->state, s->flags, + s->mtu, m0->m_pkthdr.len); + + if (RFCOMM_CR(hdr->type)) { + param_mask = RFCOMM_RPN_PM_ALL; + + if (RFCOMM_MCC_LENGTH(hdr->length) == 1) { + /* Request - return default setting */ + bit_rate = RFCOMM_RPN_BR_115200; + data_bits = RFCOMM_RPN_DATA_8; + stop_bits = RFCOMM_RPN_STOP_1; + parity = RFCOMM_RPN_PARITY_NONE; + flow_control = RFCOMM_RPN_FLOW_NONE; + xon_char = RFCOMM_RPN_XON_CHAR; + xoff_char = RFCOMM_RPN_XOFF_CHAR; + } else { + /* + * Ignore/accept bit_rate, 8 bits, 1 stop bit, no + * parity, no flow control lines, default XON/XOFF + * chars. + */ + + bit_rate = rpn->bit_rate; + rpn->param_mask = le16toh(rpn->param_mask); /* XXX */ + + data_bits = RFCOMM_RPN_DATA_BITS(rpn->line_settings); + if (rpn->param_mask & RFCOMM_RPN_PM_DATA && + data_bits != RFCOMM_RPN_DATA_8) { + data_bits = RFCOMM_RPN_DATA_8; + param_mask ^= RFCOMM_RPN_PM_DATA; + } + + stop_bits = RFCOMM_RPN_STOP_BITS(rpn->line_settings); + if (rpn->param_mask & RFCOMM_RPN_PM_STOP && + stop_bits != RFCOMM_RPN_STOP_1) { + stop_bits = RFCOMM_RPN_STOP_1; + param_mask ^= RFCOMM_RPN_PM_STOP; + } + + parity = RFCOMM_RPN_PARITY(rpn->line_settings); + if (rpn->param_mask & RFCOMM_RPN_PM_PARITY && + parity != RFCOMM_RPN_PARITY_NONE) { + parity = RFCOMM_RPN_PARITY_NONE; + param_mask ^= RFCOMM_RPN_PM_PARITY; + } + + flow_control = rpn->flow_control; + if (rpn->param_mask & RFCOMM_RPN_PM_FLOW && + flow_control != RFCOMM_RPN_FLOW_NONE) { + flow_control = RFCOMM_RPN_FLOW_NONE; + param_mask ^= RFCOMM_RPN_PM_FLOW; + } + + xon_char = rpn->xon_char; + if (rpn->param_mask & RFCOMM_RPN_PM_XON && + xon_char != RFCOMM_RPN_XON_CHAR) { + xon_char = RFCOMM_RPN_XON_CHAR; + param_mask ^= RFCOMM_RPN_PM_XON; + } + + xoff_char = rpn->xoff_char; + if (rpn->param_mask & RFCOMM_RPN_PM_XOFF && + xoff_char != RFCOMM_RPN_XOFF_CHAR) { + xoff_char = RFCOMM_RPN_XOFF_CHAR; + param_mask ^= RFCOMM_RPN_PM_XOFF; + } + } + + rpn->bit_rate = bit_rate; + rpn->line_settings = RFCOMM_MKRPN_LINE_SETTINGS(data_bits, + stop_bits, parity); + rpn->flow_control = flow_control; + rpn->xon_char = xon_char; + rpn->xoff_char = xoff_char; + rpn->param_mask = htole16(param_mask); /* XXX */ + + m0->m_pkthdr.len = m0->m_len = sizeof(*hdr) + sizeof(*rpn); + + hdr->type = RFCOMM_MKMCC_TYPE(0, RFCOMM_MCC_RPN); + error = ng_btsocket_rfcomm_send_uih(s, + RFCOMM_MKADDRESS(INITIATOR(s), 0), 0, 0, m0); + } else + NG_FREE_M(m0); /* XXX ignore response */ + + return (error); +} /* ng_btsocket_rfcomm_receive_rpn */ + +/* + * Receive RFCOMM RLS MCC command + */ + +static int +ng_btsocket_rfcomm_receive_rls(ng_btsocket_rfcomm_session_p s, struct mbuf *m0) +{ + struct rfcomm_mcc_hdr *hdr = mtod(m0, struct rfcomm_mcc_hdr *); + struct rfcomm_mcc_rls *rls = (struct rfcomm_mcc_rls *)(hdr + 1); + int error = 0; + + mtx_assert(&s->session_mtx, MA_OWNED); + + /* + * XXX FIXME Do we have to do anything else here? Remote peer tries to + * tell us something about DLCI. Just report what we have received and + * return back received values as required by TS 07.10 spec. + */ + + NG_BTSOCKET_RFCOMM_INFO( +"%s: Got MCC RLS, dlci=%d, status=%#x, cr=%d, length=%d, session state=%d, " \ +"flags=%#x, mtu=%d, len=%d\n", + __func__, RFCOMM_DLCI(rls->address), rls->status, + RFCOMM_CR(hdr->type), RFCOMM_MCC_LENGTH(hdr->length), + s->state, s->flags, s->mtu, m0->m_pkthdr.len); + + if (RFCOMM_CR(hdr->type)) { + if (rls->status & 0x1) + NG_BTSOCKET_RFCOMM_ERR( +"%s: Got RLS dlci=%d, error=%#x\n", __func__, RFCOMM_DLCI(rls->address), + rls->status >> 1); + + hdr->type = RFCOMM_MKMCC_TYPE(0, RFCOMM_MCC_RLS); + error = ng_btsocket_rfcomm_send_uih(s, + RFCOMM_MKADDRESS(INITIATOR(s), 0), 0, 0, m0); + } else + NG_FREE_M(m0); /* XXX ignore responses */ + + return (error); +} /* ng_btsocket_rfcomm_receive_rls */ + +/* + * Receive RFCOMM PN MCC command + */ + +static int +ng_btsocket_rfcomm_receive_pn(ng_btsocket_rfcomm_session_p s, struct mbuf *m0) +{ + struct rfcomm_mcc_hdr *hdr = mtod(m0, struct rfcomm_mcc_hdr*); + struct rfcomm_mcc_pn *pn = (struct rfcomm_mcc_pn *)(hdr+1); + ng_btsocket_rfcomm_pcb_t *pcb = NULL; + int error = 0; + + mtx_assert(&s->session_mtx, MA_OWNED); + + NG_BTSOCKET_RFCOMM_INFO( +"%s: Got MCC PN, dlci=%d, cr=%d, length=%d, flow_control=%#x, priority=%d, " \ +"ack_timer=%d, mtu=%d, max_retrans=%d, credits=%d, session state=%d, " \ +"flags=%#x, session mtu=%d, len=%d\n", + __func__, pn->dlci, RFCOMM_CR(hdr->type), + RFCOMM_MCC_LENGTH(hdr->length), pn->flow_control, pn->priority, + pn->ack_timer, le16toh(pn->mtu), pn->max_retrans, pn->credits, + s->state, s->flags, s->mtu, m0->m_pkthdr.len); + + if (pn->dlci == 0) { + NG_BTSOCKET_RFCOMM_ERR("%s: Zero dlci in MCC PN\n", __func__); + NG_FREE_M(m0); + + return (EINVAL); + } + + /* Check if we have this dlci */ + pcb = ng_btsocket_rfcomm_pcb_by_dlci(s, pn->dlci); + if (pcb != NULL) { + mtx_lock(&pcb->pcb_mtx); + + if (RFCOMM_CR(hdr->type)) { + /* PN Request */ + ng_btsocket_rfcomm_set_pn(pcb, 1, pn->flow_control, + pn->credits, pn->mtu); + + if (pcb->flags & NG_BTSOCKET_RFCOMM_DLC_CFC) { + pn->flow_control = 0xe0; + pn->credits = RFCOMM_DEFAULT_CREDITS; + } else { + pn->flow_control = 0; + pn->credits = 0; + } + + hdr->type = RFCOMM_MKMCC_TYPE(0, RFCOMM_MCC_PN); + error = ng_btsocket_rfcomm_send_uih(s, + RFCOMM_MKADDRESS(INITIATOR(s), 0), + 0, 0, m0); + } else { + /* PN Response - proceed with SABM. Timeout still set */ + if (pcb->state == NG_BTSOCKET_RFCOMM_DLC_CONFIGURING) { + ng_btsocket_rfcomm_set_pn(pcb, 0, + pn->flow_control, pn->credits, pn->mtu); + + pcb->state = NG_BTSOCKET_RFCOMM_DLC_CONNECTING; + error = ng_btsocket_rfcomm_send_command(s, + RFCOMM_FRAME_SABM, pn->dlci); + } else + NG_BTSOCKET_RFCOMM_WARN( +"%s: Got PN response for dlci=%d in invalid state=%d\n", + __func__, pn->dlci, pcb->state); + + NG_FREE_M(m0); + } + + mtx_unlock(&pcb->pcb_mtx); + } else if (RFCOMM_CR(hdr->type)) { + /* PN request to non-existing dlci - incomming connection */ + pcb = ng_btsocket_rfcomm_connect_ind(s, + RFCOMM_SRVCHANNEL(pn->dlci)); + if (pcb != NULL) { + struct socket *so = NULL; + + mtx_lock(&pcb->pcb_mtx); + + pcb->dlci = pn->dlci; + + ng_btsocket_rfcomm_set_pn(pcb, 1, pn->flow_control, + pn->credits, pn->mtu); + + if (pcb->flags & NG_BTSOCKET_RFCOMM_DLC_CFC) { + pn->flow_control = 0xe0; + pn->credits = RFCOMM_DEFAULT_CREDITS; + } else { + pn->flow_control = 0; + pn->credits = 0; + } + + hdr->type = RFCOMM_MKMCC_TYPE(0, RFCOMM_MCC_PN); + error = ng_btsocket_rfcomm_send_uih(s, + RFCOMM_MKADDRESS(INITIATOR(s), 0), + 0, 0, m0); + + if (error == 0) { + ng_btsocket_rfcomm_timeout(pcb); + pcb->state = NG_BTSOCKET_RFCOMM_DLC_CONNECTING; + soisconnecting(pcb->so); + } else if (ng_btsocket_rfcomm_pcb_kill(pcb, error)) + so = pcb->so; + + mtx_unlock(&pcb->pcb_mtx); + + if (so != NULL) + ng_btsocket_rfcomm_detach(so); + } else { + /* Nobody is listen()ing on this channel */ + error = ng_btsocket_rfcomm_send_command(s, + RFCOMM_FRAME_DM, pn->dlci); + NG_FREE_M(m0); + } + } else + NG_FREE_M(m0); /* XXX ignore response to non-existing dlci */ + + return (error); +} /* ng_btsocket_rfcomm_receive_pn */ + +/* + * Set PN parameters for dlci. Caller must hold pcb->pcb_mtx. + * + * From Bluetooth spec. + * + * "... The CL1 - CL4 field is completely redefined. (In TS07.10 this defines + * the convergence layer to use, which is not applicable to RFCOMM. In RFCOMM, + * in Bluetooth versions up to 1.0B, this field was forced to 0). + * + * In the PN request sent prior to a DLC establishment, this field must contain + * the value 15 (0xF), indicating support of credit based flow control in the + * sender. See Table 5.3 below. If the PN response contains any other value + * than 14 (0xE) in this field, it is inferred that the peer RFCOMM entity is + * not supporting the credit based flow control feature. (This is only possible + * if the peer RFCOMM implementation is only conforming to Bluetooth version + * 1.0B.) If a PN request is sent on an already open DLC, then this field must + * contain the value zero; it is not possible to set initial credits more + * than once per DLC activation. A responding implementation must set this + * field in the PN response to 14 (0xE), if (and only if) the value in the PN + * request was 15..." + */ + +static void +ng_btsocket_rfcomm_set_pn(ng_btsocket_rfcomm_pcb_p pcb, u_int8_t cr, + u_int8_t flow_control, u_int8_t credits, u_int16_t mtu) +{ + mtx_assert(&pcb->pcb_mtx, MA_OWNED); + + pcb->mtu = le16toh(mtu); + + if (cr) { + if (flow_control == 0xf0) { + pcb->flags |= NG_BTSOCKET_RFCOMM_DLC_CFC; + pcb->tx_cred = credits; + } else { + pcb->flags &= ~NG_BTSOCKET_RFCOMM_DLC_CFC; + pcb->tx_cred = 0; + } + } else { + if (flow_control == 0xe0) { + pcb->flags |= NG_BTSOCKET_RFCOMM_DLC_CFC; + pcb->tx_cred = credits; + } else { + pcb->flags &= ~NG_BTSOCKET_RFCOMM_DLC_CFC; + pcb->tx_cred = 0; + } + } + + NG_BTSOCKET_RFCOMM_INFO( +"%s: cr=%d, dlci=%d, state=%d, flags=%#x, mtu=%d, rx_cred=%d, tx_cred=%d\n", + __func__, cr, pcb->dlci, pcb->state, pcb->flags, pcb->mtu, + pcb->rx_cred, pcb->tx_cred); +} /* ng_btsocket_rfcomm_set_pn */ + +/* + * Send RFCOMM SABM/DISC/UA/DM frames. Caller must hold s->session_mtx + */ + +static int +ng_btsocket_rfcomm_send_command(ng_btsocket_rfcomm_session_p s, + u_int8_t type, u_int8_t dlci) +{ + struct rfcomm_cmd_hdr *hdr = NULL; + struct mbuf *m = NULL; + int cr; + + mtx_assert(&s->session_mtx, MA_OWNED); + + NG_BTSOCKET_RFCOMM_INFO( +"%s: Sending command type %#x, session state=%d, flags=%#x, mtu=%d, dlci=%d\n", + __func__, type, s->state, s->flags, s->mtu, dlci); + + switch (type) { + case RFCOMM_FRAME_SABM: + case RFCOMM_FRAME_DISC: + cr = INITIATOR(s); + break; + + case RFCOMM_FRAME_UA: + case RFCOMM_FRAME_DM: + cr = !INITIATOR(s); + break; + + default: + panic("%s: Invalid frame type=%#x\n", __func__, type); + return (EINVAL); + /* NOT REACHED */ + } + + MGETHDR(m, M_DONTWAIT, MT_DATA); + if (m == NULL) + return (ENOBUFS); + + m->m_pkthdr.len = m->m_len = sizeof(*hdr); + + hdr = mtod(m, struct rfcomm_cmd_hdr *); + hdr->address = RFCOMM_MKADDRESS(cr, dlci); + hdr->control = RFCOMM_MKCONTROL(type, 1); + hdr->length = RFCOMM_MKLEN8(0); + hdr->fcs = ng_btsocket_rfcomm_fcs3((u_int8_t *) hdr); + + NG_BT_MBUFQ_ENQUEUE(&s->outq, m); + + return (0); +} /* ng_btsocket_rfcomm_send_command */ + +/* + * Send RFCOMM UIH frame. Caller must hold s->session_mtx + */ + +static int +ng_btsocket_rfcomm_send_uih(ng_btsocket_rfcomm_session_p s, u_int8_t address, + u_int8_t pf, u_int8_t credits, struct mbuf *data) +{ + struct rfcomm_frame_hdr *hdr = NULL; + struct mbuf *m = NULL, *mcrc = NULL; + u_int16_t length; + + mtx_assert(&s->session_mtx, MA_OWNED); + + MGETHDR(m, M_DONTWAIT, MT_DATA); + if (m == NULL) { + NG_FREE_M(data); + return (ENOBUFS); + } + m->m_pkthdr.len = m->m_len = sizeof(*hdr); + + MGET(mcrc, M_DONTWAIT, MT_DATA); + if (mcrc == NULL) { + NG_FREE_M(data); + return (ENOBUFS); + } + mcrc->m_len = 1; + + /* Fill UIH frame header */ + hdr = mtod(m, struct rfcomm_frame_hdr *); + hdr->address = address; + hdr->control = RFCOMM_MKCONTROL(RFCOMM_FRAME_UIH, pf); + + /* Calculate FCS */ + mcrc->m_data[0] = ng_btsocket_rfcomm_fcs2((u_int8_t *) hdr); + + /* Put length back */ + length = (data != NULL)? data->m_pkthdr.len : 0; + if (length > 127) { + u_int16_t l = htole16(RFCOMM_MKLEN16(length)); + + bcopy(&l, &hdr->length, sizeof(l)); + m->m_pkthdr.len ++; + m->m_len ++; + } else + hdr->length = RFCOMM_MKLEN8(length); + + if (pf) { + m->m_data[m->m_len] = credits; + m->m_pkthdr.len ++; + m->m_len ++; + } + + /* Add payload */ + if (data != NULL) { + m_cat(m, data); + m->m_pkthdr.len += length; + } + + /* Put FCS back */ + m_cat(m, mcrc); + m->m_pkthdr.len ++; + + NG_BTSOCKET_RFCOMM_INFO( +"%s: Sending UIH state=%d, flags=%#x, address=%d, length=%d, pf=%d, " \ +"credits=%d, len=%d\n", + __func__, s->state, s->flags, address, length, pf, credits, + m->m_pkthdr.len); + + NG_BT_MBUFQ_ENQUEUE(&s->outq, m); + + return (0); +} /* ng_btsocket_rfcomm_send_uih */ + +/* + * Send MSC request. Caller must hold pcb->pcb_mtx and pcb->session->session_mtx + */ + +static int +ng_btsocket_rfcomm_send_msc(ng_btsocket_rfcomm_pcb_p pcb) +{ + struct mbuf *m = NULL; + struct rfcomm_mcc_hdr *hdr = NULL; + struct rfcomm_mcc_msc *msc = NULL; + + mtx_assert(&pcb->session->session_mtx, MA_OWNED); + mtx_assert(&pcb->pcb_mtx, MA_OWNED); + + MGETHDR(m, M_DONTWAIT, MT_DATA); + if (m == NULL) + return (ENOBUFS); + + m->m_pkthdr.len = m->m_len = sizeof(*hdr) + sizeof(*msc); + + hdr = mtod(m, struct rfcomm_mcc_hdr *); + msc = (struct rfcomm_mcc_msc *)(hdr + 1); + + hdr->type = RFCOMM_MKMCC_TYPE(1, RFCOMM_MCC_MSC); + hdr->length = RFCOMM_MKLEN8(sizeof(*msc)); + + msc->address = RFCOMM_MKADDRESS(1, pcb->dlci); + msc->modem = pcb->lmodem; + + NG_BTSOCKET_RFCOMM_INFO( +"%s: Sending MSC dlci=%d, state=%d, flags=%#x, address=%d, modem=%#x\n", + __func__, pcb->dlci, pcb->state, pcb->flags, msc->address, + msc->modem); + + return (ng_btsocket_rfcomm_send_uih(pcb->session, + RFCOMM_MKADDRESS(INITIATOR(pcb->session), 0), 0, 0, m)); +} /* ng_btsocket_rfcomm_send_msc */ + +/* + * Send PN request. Caller must hold pcb->pcb_mtx and pcb->session->session_mtx + */ + +static int +ng_btsocket_rfcomm_send_pn(ng_btsocket_rfcomm_pcb_p pcb) +{ + struct mbuf *m = NULL; + struct rfcomm_mcc_hdr *hdr = NULL; + struct rfcomm_mcc_pn *pn = NULL; + + mtx_assert(&pcb->session->session_mtx, MA_OWNED); + mtx_assert(&pcb->pcb_mtx, MA_OWNED); + + MGETHDR(m, M_DONTWAIT, MT_DATA); + if (m == NULL) + return (ENOBUFS); + + m->m_pkthdr.len = m->m_len = sizeof(*hdr) + sizeof(*pn); + + hdr = mtod(m, struct rfcomm_mcc_hdr *); + pn = (struct rfcomm_mcc_pn *)(hdr + 1); + + hdr->type = RFCOMM_MKMCC_TYPE(1, RFCOMM_MCC_PN); + hdr->length = RFCOMM_MKLEN8(sizeof(*pn)); + + pn->dlci = pcb->dlci; + pn->priority = 0; + pn->ack_timer = 0; + pn->mtu = htole16(pcb->mtu); + pn->max_retrans = 0; + + if (pcb->flags & NG_BTSOCKET_RFCOMM_DLC_CFC) { + pn->flow_control = 0xf0; + pn->credits = pcb->rx_cred; + } else { + pn->flow_control = 0; + pn->credits = 0; + } + + NG_BTSOCKET_RFCOMM_INFO( +"%s: Sending PN dlci=%d, state=%d, flags=%#x, mtu=%d, flow_control=%#x, " \ +"credits=%d\n", __func__, pcb->dlci, pcb->state, pcb->flags, pcb->mtu, + pn->flow_control, pn->credits); + + return (ng_btsocket_rfcomm_send_uih(pcb->session, + RFCOMM_MKADDRESS(INITIATOR(pcb->session), 0), 0, 0, m)); +} /* ng_btsocket_rfcomm_send_pn */ + +/* + * Calculate and send credits based on available space in receive buffer + */ + +static int +ng_btsocket_rfcomm_send_credits(ng_btsocket_rfcomm_pcb_p pcb) +{ + int error = 0; + u_int8_t credits; + + mtx_assert(&pcb->pcb_mtx, MA_OWNED); + mtx_assert(&pcb->session->session_mtx, MA_OWNED); + + NG_BTSOCKET_RFCOMM_INFO( +"%s: Sending more credits, dlci=%d, state=%d, flags=%#x, mtu=%d, " \ +"space=%ld, tx_cred=%d, rx_cred=%d\n", + __func__, pcb->dlci, pcb->state, pcb->flags, pcb->mtu, + sbspace(&pcb->so->so_rcv), pcb->tx_cred, pcb->rx_cred); + + credits = sbspace(&pcb->so->so_rcv) / pcb->mtu; + if (credits > 0) { + if (pcb->rx_cred + credits > RFCOMM_MAX_CREDITS) + credits = RFCOMM_MAX_CREDITS - pcb->rx_cred; + + error = ng_btsocket_rfcomm_send_uih( + pcb->session, + RFCOMM_MKADDRESS(INITIATOR(pcb->session), + pcb->dlci), 1, credits, NULL); + if (error == 0) { + pcb->rx_cred += credits; + + NG_BTSOCKET_RFCOMM_INFO( +"%s: Gave remote side %d more credits, dlci=%d, state=%d, flags=%#x, " \ +"rx_cred=%d, tx_cred=%d\n", __func__, credits, pcb->dlci, pcb->state, + pcb->flags, pcb->rx_cred, pcb->tx_cred); + } else + NG_BTSOCKET_RFCOMM_ERR( +"%s: Could not send credits, error=%d, dlci=%d, state=%d, flags=%#x, " \ +"mtu=%d, space=%ld, tx_cred=%d, rx_cred=%d\n", + __func__, error, pcb->dlci, pcb->state, + pcb->flags, pcb->mtu, sbspace(&pcb->so->so_rcv), + pcb->tx_cred, pcb->rx_cred); + } + + return (error); +} /* ng_btsocket_rfcomm_send_credits */ + +/***************************************************************************** + ***************************************************************************** + ** RFCOMM DLCs + ***************************************************************************** + *****************************************************************************/ + +/* + * Send data from socket send buffer + * Caller must hold pcb->pcb_mtx and pcb->session->session_mtx + */ + +static int +ng_btsocket_rfcomm_pcb_send(ng_btsocket_rfcomm_pcb_p pcb, int limit) +{ + struct mbuf *m = NULL; + int sent, length, error; + + mtx_assert(&pcb->session->session_mtx, MA_OWNED); + mtx_assert(&pcb->pcb_mtx, MA_OWNED); + + if (pcb->flags & NG_BTSOCKET_RFCOMM_DLC_CFC) + limit = min(limit, pcb->tx_cred); + else if (!(pcb->rmodem & RFCOMM_MODEM_FC)) + limit = min(limit, RFCOMM_MAX_CREDITS); /* XXX ??? */ + else + limit = 0; + + if (limit == 0) { + NG_BTSOCKET_RFCOMM_INFO( +"%s: Could not send - remote flow control asserted, dlci=%d, flags=%#x, " \ +"rmodem=%#x, tx_cred=%d\n", + __func__, pcb->dlci, pcb->flags, pcb->rmodem, + pcb->tx_cred); + + return (0); + } + + for (error = 0, sent = 0; sent < limit; sent ++) { + length = min(pcb->mtu, pcb->so->so_snd.sb_cc); + if (length == 0) + break; + + /* Get the chunk from the socket's send buffer */ + m = ng_btsocket_rfcomm_prepare_packet(&pcb->so->so_snd, length); + if (m == NULL) { + error = ENOBUFS; + break; + } + + sbdrop(&pcb->so->so_snd, length); + + error = ng_btsocket_rfcomm_send_uih(pcb->session, + RFCOMM_MKADDRESS(INITIATOR(pcb->session), + pcb->dlci), 0, 0, m); + if (error != 0) + break; + } + + if (pcb->flags & NG_BTSOCKET_RFCOMM_DLC_CFC) + pcb->tx_cred -= sent; + + if (error == 0 && sent > 0) { + pcb->flags &= ~NG_BTSOCKET_RFCOMM_DLC_SENDING; + sowwakeup(pcb->so); + } + + return (error); +} /* ng_btsocket_rfcomm_pcb_send */ + +/* + * Unlink and disconnect DLC. If ng_btsocket_rfcomm_pcb_kill() returns + * non zero value than socket has no reference and has to be detached. + * Caller must hold pcb->pcb_mtx and pcb->session->session_mtx + */ + +static int +ng_btsocket_rfcomm_pcb_kill(ng_btsocket_rfcomm_pcb_p pcb, int error) +{ + ng_btsocket_rfcomm_session_p s = pcb->session; + + mtx_assert(&pcb->session->session_mtx, MA_OWNED); + mtx_assert(&pcb->pcb_mtx, MA_OWNED); + + NG_BTSOCKET_RFCOMM_INFO( +"%s: Killing DLC, so=%p, dlci=%d, state=%d, flags=%#x, error=%d\n", + __func__, pcb->so, pcb->dlci, pcb->state, pcb->flags, error); + + if (pcb->session == NULL) + panic("%s: DLC without session, pcb=%p, state=%d, flags=%#x\n", + __func__, pcb, pcb->state, pcb->flags); + + if (pcb->flags & NG_BTSOCKET_RFCOMM_DLC_TIMO) + ng_btsocket_rfcomm_untimeout(pcb); + + /* Detach DLC from the session. Does not matter which state DLC in */ + LIST_REMOVE(pcb, session_next); + pcb->session = NULL; + + /* Change DLC state and wakeup all sleepers */ + pcb->state = NG_BTSOCKET_RFCOMM_DLC_CLOSED; + pcb->so->so_error = error; + soisdisconnected(pcb->so); + wakeup(&pcb->state); + + /* Check if we have any DLCs left on the session */ + if (LIST_EMPTY(&s->dlcs) && INITIATOR(s)) { + NG_BTSOCKET_RFCOMM_INFO( +"%s: Disconnecting session, state=%d, flags=%#x, mtu=%d\n", + __func__, s->state, s->flags, s->mtu); + + switch (s->state) { + case NG_BTSOCKET_RFCOMM_SESSION_CLOSED: + case NG_BTSOCKET_RFCOMM_SESSION_DISCONNECTING: + /* + * Do not have to do anything here. We can get here + * when L2CAP connection was terminated or we have + * received DISC on multiplexor channel + */ + break; + + case NG_BTSOCKET_RFCOMM_SESSION_OPEN: + /* Send DISC on multiplexor channel */ + error = ng_btsocket_rfcomm_send_command(s, + RFCOMM_FRAME_DISC, 0); + if (error == 0) { + s->state = NG_BTSOCKET_RFCOMM_SESSION_DISCONNECTING; + break; + } + /* FALL THROUGH */ + + case NG_BTSOCKET_RFCOMM_SESSION_CONNECTING: + case NG_BTSOCKET_RFCOMM_SESSION_CONNECTED: + s->state = NG_BTSOCKET_RFCOMM_SESSION_CLOSED; + break; + +/* case NG_BTSOCKET_RFCOMM_SESSION_LISTENING: */ + default: + panic("%s: Invalid session state=%d, flags=%#x\n", + __func__, s->state, s->flags); + break; + } + + ng_btsocket_rfcomm_task_wakeup(); + } + + return (pcb->so->so_state & SS_NOFDREF); +} /* ng_btsocket_rfcomm_pcb_kill */ + +/* + * Look for RFCOMM socket with given channel and source address + */ + +static ng_btsocket_rfcomm_pcb_p +ng_btsocket_rfcomm_pcb_by_channel(bdaddr_p src, int channel) +{ + ng_btsocket_rfcomm_pcb_p pcb = NULL; + + mtx_lock(&ng_btsocket_rfcomm_sockets_mtx); + + LIST_FOREACH(pcb, &ng_btsocket_rfcomm_sockets, next) + if (pcb->channel == channel && + bcmp(&pcb->src, src, sizeof(*src)) == 0) + break; + + mtx_unlock(&ng_btsocket_rfcomm_sockets_mtx); + + return (pcb); +} /* ng_btsocket_rfcomm_pcb_by_channel */ + +/* + * Look for given dlci for given RFCOMM session. Caller must hold s->session_mtx + */ + +static ng_btsocket_rfcomm_pcb_p +ng_btsocket_rfcomm_pcb_by_dlci(ng_btsocket_rfcomm_session_p s, int dlci) +{ + ng_btsocket_rfcomm_pcb_p pcb = NULL; + + mtx_assert(&s->session_mtx, MA_OWNED); + + LIST_FOREACH(pcb, &s->dlcs, session_next) + if (pcb->dlci == dlci) + break; + + return (pcb); +} /* ng_btsocket_rfcomm_pcb_by_dlci */ + +/* + * Look for socket that listens on given src address and given channel + */ + +static ng_btsocket_rfcomm_pcb_p +ng_btsocket_rfcomm_pcb_listener(bdaddr_p src, int channel) +{ + ng_btsocket_rfcomm_pcb_p pcb = NULL, pcb1 = NULL; + + mtx_lock(&ng_btsocket_rfcomm_sockets_mtx); + + LIST_FOREACH(pcb, &ng_btsocket_rfcomm_sockets, next) { + if (pcb->channel != channel || + !(pcb->so->so_options & SO_ACCEPTCONN)) + continue; + + if (bcmp(&pcb->src, src, sizeof(*src)) == 0) + break; + + if (bcmp(&pcb->src, NG_HCI_BDADDR_ANY, sizeof(bdaddr_t)) == 0) + pcb1 = pcb; + } + + mtx_unlock(&ng_btsocket_rfcomm_sockets_mtx); + + return ((pcb != NULL)? pcb : pcb1); +} /* ng_btsocket_rfcomm_pcb_listener */ + +/***************************************************************************** + ***************************************************************************** + ** Misc. functions + ***************************************************************************** + *****************************************************************************/ + +/* + * Set timeout. Caller MUST hold pcb_mtx + */ + +static void +ng_btsocket_rfcomm_timeout(ng_btsocket_rfcomm_pcb_p pcb) +{ + mtx_assert(&pcb->pcb_mtx, MA_OWNED); + + if (!(pcb->flags & NG_BTSOCKET_RFCOMM_DLC_TIMO)) { + pcb->flags |= NG_BTSOCKET_RFCOMM_DLC_TIMO; + pcb->flags &= ~NG_BTSOCKET_RFCOMM_DLC_TIMEDOUT; + pcb->timo = timeout(ng_btsocket_rfcomm_process_timeout, pcb, + ng_btsocket_rfcomm_timo * hz); + } else + panic("%s: Duplicated socket timeout?!\n", __func__); +} /* ng_btsocket_rfcomm_timeout */ + +/* + * Unset pcb timeout. Caller MUST hold pcb_mtx + */ + +static void +ng_btsocket_rfcomm_untimeout(ng_btsocket_rfcomm_pcb_p pcb) +{ + mtx_assert(&pcb->pcb_mtx, MA_OWNED); + + if (pcb->flags & NG_BTSOCKET_RFCOMM_DLC_TIMO) { + untimeout(ng_btsocket_rfcomm_process_timeout, pcb, pcb->timo); + pcb->flags &= ~NG_BTSOCKET_RFCOMM_DLC_TIMO; + pcb->flags &= ~NG_BTSOCKET_RFCOMM_DLC_TIMEDOUT; + } else + panic("%s: No socket timeout?!\n", __func__); +} /* ng_btsocket_rfcomm_timeout */ + +/* + * Process pcb timeout + */ + +static void +ng_btsocket_rfcomm_process_timeout(void *xpcb) +{ + ng_btsocket_rfcomm_pcb_p pcb = (ng_btsocket_rfcomm_pcb_p) xpcb; + + mtx_lock(&pcb->pcb_mtx); + + NG_BTSOCKET_RFCOMM_INFO( +"%s: Timeout, so=%p, dlci=%d, state=%d, flags=%#x\n", + __func__, pcb->so, pcb->dlci, pcb->state, pcb->flags); + + pcb->flags &= ~NG_BTSOCKET_RFCOMM_DLC_TIMO; + pcb->flags |= NG_BTSOCKET_RFCOMM_DLC_TIMEDOUT; + + switch (pcb->state) { + case NG_BTSOCKET_RFCOMM_DLC_CONFIGURING: + case NG_BTSOCKET_RFCOMM_DLC_CONNECTING: + pcb->state = NG_BTSOCKET_RFCOMM_DLC_DISCONNECTING; + break; + + case NG_BTSOCKET_RFCOMM_DLC_W4_CONNECT: + case NG_BTSOCKET_RFCOMM_DLC_DISCONNECTING: + break; + + default: + panic( +"%s: DLC timeout in invalid state, dlci=%d, state=%d, flags=%#x\n", + __func__, pcb->dlci, pcb->state, pcb->flags); + break; + } + + ng_btsocket_rfcomm_task_wakeup(); + + mtx_unlock(&pcb->pcb_mtx); +} /* ng_btsocket_rfcomm_process_timeout */ + +/* + * Get up to length bytes from the socket buffer + */ + +static struct mbuf * +ng_btsocket_rfcomm_prepare_packet(struct sockbuf *sb, int length) +{ + struct mbuf *top = NULL, *m = NULL, *n = NULL, *nextpkt = NULL; + int mlen, noff, len; + + MGETHDR(top, M_DONTWAIT, MT_DATA); + if (top == NULL) + return (NULL); + + top->m_pkthdr.len = length; + top->m_len = 0; + mlen = MHLEN; + + m = top; + n = sb->sb_mb; + nextpkt = n->m_nextpkt; + noff = 0; + + while (length > 0 && n != NULL) { + len = min(mlen - m->m_len, n->m_len - noff); + if (len > length) + len = length; + + bcopy(mtod(n, caddr_t)+noff, mtod(m, caddr_t)+m->m_len, len); + m->m_len += len; + noff += len; + length -= len; + + if (length > 0 && m->m_len == mlen) { + MGET(m->m_next, M_DONTWAIT, MT_DATA); + if (m->m_next == NULL) { + NG_FREE_M(top); + return (NULL); + } + + m = m->m_next; + m->m_len = 0; + mlen = MLEN; + } + + if (noff == n->m_len) { + noff = 0; + n = n->m_next; + + if (n == NULL) + n = nextpkt; + + nextpkt = (n != NULL)? n->m_nextpkt : NULL; + } + } + + if (length < 0) + panic("%s: length=%d\n", __func__, length); + if (length > 0 && n == NULL) + panic("%s: bogus length=%d, n=%p\n", __func__, length, n); + + return (top); +} /* ng_btsocket_rfcomm_prepare_packet */ + |
