From 41984c75770632921e3b945cc7185ea1dc255d74 Mon Sep 17 00:00:00 2001
From: Jaganath Kanakkassery <jaganathx.kanakkassery@intel.com>
Date: Thu, 15 Dec 2016 22:34:41 +0530
Subject: [PATCH] Bluetooth: RFCOMM: Handle non supported message types

If peer sends any non supported message then it has to be
responded with NSC (Non Supported Command) response.

> ACL Data RX: Handle 256 flags 0x02 dlen 18
      Channel: 64 len 14 [PSM 3 mode 0] {chan 0}
      RFCOMM: Unnumbered Info with Header Check (UIH) (0xef)
         Address: 0x03 cr 1 dlci 0x00
         Control: 0xef poll/final 0
         Length: 10
         FCS: 0x70
         MCC Message type: Unknown CMD (0x33)
           Length: 8
        01 22 34 55 67 88 9a bb 70

< ACL Data TX: Handle 256 flags 0x00 dlen 11
      Channel: 64 len 7 [PSM 3 mode 0] {chan 0}
      RFCOMM: Unnumbered Info with Header Check (UIH) (0xef)
         Address: 0x01 cr 0 dlci 0x00
         Control: 0xef poll/final 0
         Length: 3
         FCS: 0xaa
         MCC Message type: Non Supported Command RSP (0x04)
           Length: 1
           cr 1, mcc_cmd_type 33

Change-Id: I7be3b64a9cf437276c10868d52e0b9c555018df0
Signed-off-by: Jaganath Kanakkassery <jaganathx.kanakkassery@intel.com>
---
 subsys/bluetooth/host/rfcomm.c          | 17 +++++++++++++++++
 subsys/bluetooth/host/rfcomm_internal.h |  1 +
 2 files changed, 18 insertions(+)

diff --git a/subsys/bluetooth/host/rfcomm.c b/subsys/bluetooth/host/rfcomm.c
index d2a4412a19a..139bec3c564 100644
--- a/subsys/bluetooth/host/rfcomm.c
+++ b/subsys/bluetooth/host/rfcomm.c
@@ -634,6 +634,22 @@ static int rfcomm_send_test(struct bt_rfcomm_session *session, uint8_t cr,
 	return bt_l2cap_chan_send(&session->br_chan.chan, buf);
 }
 
+static int rfcomm_send_nsc(struct bt_rfcomm_session *session, uint8_t cmd_type)
+{
+	struct net_buf *buf;
+	uint8_t fcs;
+
+	buf = rfcomm_make_uih_msg(session, BT_RFCOMM_MSG_RESP_CR,
+				  BT_RFCOMM_NSC, sizeof(cmd_type));
+
+	net_buf_add_u8(buf, cmd_type);
+
+	fcs = rfcomm_calc_fcs(BT_RFCOMM_FCS_LEN_UIH, buf->data);
+	net_buf_add_u8(buf, fcs);
+
+	return bt_l2cap_chan_send(&session->br_chan.chan, buf);
+}
+
 static void rfcomm_dlc_connected(struct bt_rfcomm_dlc *dlc)
 {
 	dlc->state = BT_RFCOMM_STATE_CONNECTED;
@@ -1127,6 +1143,7 @@ static void rfcomm_handle_msg(struct bt_rfcomm_session *session,
 		break;
 	default:
 		BT_WARN("Unknown/Unsupported RFCOMM Msg type 0x%02x", msg_type);
+		rfcomm_send_nsc(session, hdr->type);
 		break;
 	}
 }
diff --git a/subsys/bluetooth/host/rfcomm_internal.h b/subsys/bluetooth/host/rfcomm_internal.h
index f58e365425f..3dc48288d8f 100644
--- a/subsys/bluetooth/host/rfcomm_internal.h
+++ b/subsys/bluetooth/host/rfcomm_internal.h
@@ -95,6 +95,7 @@ struct bt_rfcomm_rpn {
 } __packed;
 
 #define BT_RFCOMM_TEST  0x08
+#define BT_RFCOMM_NSC   0x04
 
 /* Default RPN Settings */
 #define BT_RFCOMM_RPN_BAUD_RATE_9600    0x03