0001
0002
0003
0004
0005
0006
0007
0008
0009
0010
0011
0012
0013 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
0014
0015 #include <linux/errno.h>
0016 #include <linux/types.h>
0017 #include <linux/socket.h>
0018 #include <linux/in.h>
0019 #include <linux/kernel.h>
0020 #include <linux/timer.h>
0021 #include <linux/string.h>
0022 #include <linux/sockios.h>
0023 #include <linux/net.h>
0024 #include <linux/inet.h>
0025 #include <linux/netdevice.h>
0026 #include <linux/skbuff.h>
0027 #include <linux/slab.h>
0028 #include <net/sock.h>
0029 #include <linux/uaccess.h>
0030 #include <linux/fcntl.h>
0031 #include <linux/mm.h>
0032 #include <linux/interrupt.h>
0033 #include <net/lapb.h>
0034
0035
0036
0037
0038
0039 static void lapb_state0_machine(struct lapb_cb *lapb, struct sk_buff *skb,
0040 struct lapb_frame *frame)
0041 {
0042 switch (frame->type) {
0043 case LAPB_SABM:
0044 lapb_dbg(1, "(%p) S0 RX SABM(%d)\n", lapb->dev, frame->pf);
0045 if (lapb->mode & LAPB_EXTENDED) {
0046 lapb_dbg(1, "(%p) S0 TX DM(%d)\n",
0047 lapb->dev, frame->pf);
0048 lapb_send_control(lapb, LAPB_DM, frame->pf,
0049 LAPB_RESPONSE);
0050 } else {
0051 lapb_dbg(1, "(%p) S0 TX UA(%d)\n",
0052 lapb->dev, frame->pf);
0053 lapb_dbg(0, "(%p) S0 -> S3\n", lapb->dev);
0054 lapb_send_control(lapb, LAPB_UA, frame->pf,
0055 LAPB_RESPONSE);
0056 lapb_stop_t1timer(lapb);
0057 lapb_stop_t2timer(lapb);
0058 lapb->state = LAPB_STATE_3;
0059 lapb->condition = 0x00;
0060 lapb->n2count = 0;
0061 lapb->vs = 0;
0062 lapb->vr = 0;
0063 lapb->va = 0;
0064 lapb_connect_indication(lapb, LAPB_OK);
0065 }
0066 break;
0067
0068 case LAPB_SABME:
0069 lapb_dbg(1, "(%p) S0 RX SABME(%d)\n", lapb->dev, frame->pf);
0070 if (lapb->mode & LAPB_EXTENDED) {
0071 lapb_dbg(1, "(%p) S0 TX UA(%d)\n",
0072 lapb->dev, frame->pf);
0073 lapb_dbg(0, "(%p) S0 -> S3\n", lapb->dev);
0074 lapb_send_control(lapb, LAPB_UA, frame->pf,
0075 LAPB_RESPONSE);
0076 lapb_stop_t1timer(lapb);
0077 lapb_stop_t2timer(lapb);
0078 lapb->state = LAPB_STATE_3;
0079 lapb->condition = 0x00;
0080 lapb->n2count = 0;
0081 lapb->vs = 0;
0082 lapb->vr = 0;
0083 lapb->va = 0;
0084 lapb_connect_indication(lapb, LAPB_OK);
0085 } else {
0086 lapb_dbg(1, "(%p) S0 TX DM(%d)\n",
0087 lapb->dev, frame->pf);
0088 lapb_send_control(lapb, LAPB_DM, frame->pf,
0089 LAPB_RESPONSE);
0090 }
0091 break;
0092
0093 case LAPB_DISC:
0094 lapb_dbg(1, "(%p) S0 RX DISC(%d)\n", lapb->dev, frame->pf);
0095 lapb_dbg(1, "(%p) S0 TX UA(%d)\n", lapb->dev, frame->pf);
0096 lapb_send_control(lapb, LAPB_UA, frame->pf, LAPB_RESPONSE);
0097 break;
0098
0099 default:
0100 break;
0101 }
0102
0103 kfree_skb(skb);
0104 }
0105
0106
0107
0108
0109
0110 static void lapb_state1_machine(struct lapb_cb *lapb, struct sk_buff *skb,
0111 struct lapb_frame *frame)
0112 {
0113 switch (frame->type) {
0114 case LAPB_SABM:
0115 lapb_dbg(1, "(%p) S1 RX SABM(%d)\n", lapb->dev, frame->pf);
0116 if (lapb->mode & LAPB_EXTENDED) {
0117 lapb_dbg(1, "(%p) S1 TX DM(%d)\n",
0118 lapb->dev, frame->pf);
0119 lapb_send_control(lapb, LAPB_DM, frame->pf,
0120 LAPB_RESPONSE);
0121 } else {
0122 lapb_dbg(1, "(%p) S1 TX UA(%d)\n",
0123 lapb->dev, frame->pf);
0124 lapb_send_control(lapb, LAPB_UA, frame->pf,
0125 LAPB_RESPONSE);
0126 }
0127 break;
0128
0129 case LAPB_SABME:
0130 lapb_dbg(1, "(%p) S1 RX SABME(%d)\n", lapb->dev, frame->pf);
0131 if (lapb->mode & LAPB_EXTENDED) {
0132 lapb_dbg(1, "(%p) S1 TX UA(%d)\n",
0133 lapb->dev, frame->pf);
0134 lapb_send_control(lapb, LAPB_UA, frame->pf,
0135 LAPB_RESPONSE);
0136 } else {
0137 lapb_dbg(1, "(%p) S1 TX DM(%d)\n",
0138 lapb->dev, frame->pf);
0139 lapb_send_control(lapb, LAPB_DM, frame->pf,
0140 LAPB_RESPONSE);
0141 }
0142 break;
0143
0144 case LAPB_DISC:
0145 lapb_dbg(1, "(%p) S1 RX DISC(%d)\n", lapb->dev, frame->pf);
0146 lapb_dbg(1, "(%p) S1 TX DM(%d)\n", lapb->dev, frame->pf);
0147 lapb_send_control(lapb, LAPB_DM, frame->pf, LAPB_RESPONSE);
0148 break;
0149
0150 case LAPB_UA:
0151 lapb_dbg(1, "(%p) S1 RX UA(%d)\n", lapb->dev, frame->pf);
0152 if (frame->pf) {
0153 lapb_dbg(0, "(%p) S1 -> S3\n", lapb->dev);
0154 lapb_stop_t1timer(lapb);
0155 lapb_stop_t2timer(lapb);
0156 lapb->state = LAPB_STATE_3;
0157 lapb->condition = 0x00;
0158 lapb->n2count = 0;
0159 lapb->vs = 0;
0160 lapb->vr = 0;
0161 lapb->va = 0;
0162 lapb_connect_confirmation(lapb, LAPB_OK);
0163 }
0164 break;
0165
0166 case LAPB_DM:
0167 lapb_dbg(1, "(%p) S1 RX DM(%d)\n", lapb->dev, frame->pf);
0168 if (frame->pf) {
0169 lapb_dbg(0, "(%p) S1 -> S0\n", lapb->dev);
0170 lapb_clear_queues(lapb);
0171 lapb->state = LAPB_STATE_0;
0172 lapb_start_t1timer(lapb);
0173 lapb_stop_t2timer(lapb);
0174 lapb_disconnect_indication(lapb, LAPB_REFUSED);
0175 }
0176 break;
0177 }
0178
0179 kfree_skb(skb);
0180 }
0181
0182
0183
0184
0185
0186 static void lapb_state2_machine(struct lapb_cb *lapb, struct sk_buff *skb,
0187 struct lapb_frame *frame)
0188 {
0189 switch (frame->type) {
0190 case LAPB_SABM:
0191 case LAPB_SABME:
0192 lapb_dbg(1, "(%p) S2 RX {SABM,SABME}(%d)\n",
0193 lapb->dev, frame->pf);
0194 lapb_dbg(1, "(%p) S2 TX DM(%d)\n", lapb->dev, frame->pf);
0195 lapb_send_control(lapb, LAPB_DM, frame->pf, LAPB_RESPONSE);
0196 break;
0197
0198 case LAPB_DISC:
0199 lapb_dbg(1, "(%p) S2 RX DISC(%d)\n", lapb->dev, frame->pf);
0200 lapb_dbg(1, "(%p) S2 TX UA(%d)\n", lapb->dev, frame->pf);
0201 lapb_send_control(lapb, LAPB_UA, frame->pf, LAPB_RESPONSE);
0202 break;
0203
0204 case LAPB_UA:
0205 lapb_dbg(1, "(%p) S2 RX UA(%d)\n", lapb->dev, frame->pf);
0206 if (frame->pf) {
0207 lapb_dbg(0, "(%p) S2 -> S0\n", lapb->dev);
0208 lapb->state = LAPB_STATE_0;
0209 lapb_start_t1timer(lapb);
0210 lapb_stop_t2timer(lapb);
0211 lapb_disconnect_confirmation(lapb, LAPB_OK);
0212 }
0213 break;
0214
0215 case LAPB_DM:
0216 lapb_dbg(1, "(%p) S2 RX DM(%d)\n", lapb->dev, frame->pf);
0217 if (frame->pf) {
0218 lapb_dbg(0, "(%p) S2 -> S0\n", lapb->dev);
0219 lapb->state = LAPB_STATE_0;
0220 lapb_start_t1timer(lapb);
0221 lapb_stop_t2timer(lapb);
0222 lapb_disconnect_confirmation(lapb, LAPB_NOTCONNECTED);
0223 }
0224 break;
0225
0226 case LAPB_I:
0227 case LAPB_REJ:
0228 case LAPB_RNR:
0229 case LAPB_RR:
0230 lapb_dbg(1, "(%p) S2 RX {I,REJ,RNR,RR}(%d)\n",
0231 lapb->dev, frame->pf);
0232 lapb_dbg(1, "(%p) S2 RX DM(%d)\n", lapb->dev, frame->pf);
0233 if (frame->pf)
0234 lapb_send_control(lapb, LAPB_DM, frame->pf,
0235 LAPB_RESPONSE);
0236 break;
0237 }
0238
0239 kfree_skb(skb);
0240 }
0241
0242
0243
0244
0245
0246 static void lapb_state3_machine(struct lapb_cb *lapb, struct sk_buff *skb,
0247 struct lapb_frame *frame)
0248 {
0249 int queued = 0;
0250 int modulus = (lapb->mode & LAPB_EXTENDED) ? LAPB_EMODULUS :
0251 LAPB_SMODULUS;
0252
0253 switch (frame->type) {
0254 case LAPB_SABM:
0255 lapb_dbg(1, "(%p) S3 RX SABM(%d)\n", lapb->dev, frame->pf);
0256 if (lapb->mode & LAPB_EXTENDED) {
0257 lapb_dbg(1, "(%p) S3 TX DM(%d)\n",
0258 lapb->dev, frame->pf);
0259 lapb_send_control(lapb, LAPB_DM, frame->pf,
0260 LAPB_RESPONSE);
0261 } else {
0262 lapb_dbg(1, "(%p) S3 TX UA(%d)\n",
0263 lapb->dev, frame->pf);
0264 lapb_send_control(lapb, LAPB_UA, frame->pf,
0265 LAPB_RESPONSE);
0266 lapb_stop_t1timer(lapb);
0267 lapb_stop_t2timer(lapb);
0268 lapb->condition = 0x00;
0269 lapb->n2count = 0;
0270 lapb->vs = 0;
0271 lapb->vr = 0;
0272 lapb->va = 0;
0273 lapb_requeue_frames(lapb);
0274 }
0275 break;
0276
0277 case LAPB_SABME:
0278 lapb_dbg(1, "(%p) S3 RX SABME(%d)\n", lapb->dev, frame->pf);
0279 if (lapb->mode & LAPB_EXTENDED) {
0280 lapb_dbg(1, "(%p) S3 TX UA(%d)\n",
0281 lapb->dev, frame->pf);
0282 lapb_send_control(lapb, LAPB_UA, frame->pf,
0283 LAPB_RESPONSE);
0284 lapb_stop_t1timer(lapb);
0285 lapb_stop_t2timer(lapb);
0286 lapb->condition = 0x00;
0287 lapb->n2count = 0;
0288 lapb->vs = 0;
0289 lapb->vr = 0;
0290 lapb->va = 0;
0291 lapb_requeue_frames(lapb);
0292 } else {
0293 lapb_dbg(1, "(%p) S3 TX DM(%d)\n",
0294 lapb->dev, frame->pf);
0295 lapb_send_control(lapb, LAPB_DM, frame->pf,
0296 LAPB_RESPONSE);
0297 }
0298 break;
0299
0300 case LAPB_DISC:
0301 lapb_dbg(1, "(%p) S3 RX DISC(%d)\n", lapb->dev, frame->pf);
0302 lapb_dbg(0, "(%p) S3 -> S0\n", lapb->dev);
0303 lapb_clear_queues(lapb);
0304 lapb_send_control(lapb, LAPB_UA, frame->pf, LAPB_RESPONSE);
0305 lapb_start_t1timer(lapb);
0306 lapb_stop_t2timer(lapb);
0307 lapb->state = LAPB_STATE_0;
0308 lapb_disconnect_indication(lapb, LAPB_OK);
0309 break;
0310
0311 case LAPB_DM:
0312 lapb_dbg(1, "(%p) S3 RX DM(%d)\n", lapb->dev, frame->pf);
0313 lapb_dbg(0, "(%p) S3 -> S0\n", lapb->dev);
0314 lapb_clear_queues(lapb);
0315 lapb->state = LAPB_STATE_0;
0316 lapb_start_t1timer(lapb);
0317 lapb_stop_t2timer(lapb);
0318 lapb_disconnect_indication(lapb, LAPB_NOTCONNECTED);
0319 break;
0320
0321 case LAPB_RNR:
0322 lapb_dbg(1, "(%p) S3 RX RNR(%d) R%d\n",
0323 lapb->dev, frame->pf, frame->nr);
0324 lapb->condition |= LAPB_PEER_RX_BUSY_CONDITION;
0325 lapb_check_need_response(lapb, frame->cr, frame->pf);
0326 if (lapb_validate_nr(lapb, frame->nr)) {
0327 lapb_check_iframes_acked(lapb, frame->nr);
0328 } else {
0329 lapb->frmr_data = *frame;
0330 lapb->frmr_type = LAPB_FRMR_Z;
0331 lapb_transmit_frmr(lapb);
0332 lapb_dbg(0, "(%p) S3 -> S4\n", lapb->dev);
0333 lapb_start_t1timer(lapb);
0334 lapb_stop_t2timer(lapb);
0335 lapb->state = LAPB_STATE_4;
0336 lapb->n2count = 0;
0337 }
0338 break;
0339
0340 case LAPB_RR:
0341 lapb_dbg(1, "(%p) S3 RX RR(%d) R%d\n",
0342 lapb->dev, frame->pf, frame->nr);
0343 lapb->condition &= ~LAPB_PEER_RX_BUSY_CONDITION;
0344 lapb_check_need_response(lapb, frame->cr, frame->pf);
0345 if (lapb_validate_nr(lapb, frame->nr)) {
0346 lapb_check_iframes_acked(lapb, frame->nr);
0347 } else {
0348 lapb->frmr_data = *frame;
0349 lapb->frmr_type = LAPB_FRMR_Z;
0350 lapb_transmit_frmr(lapb);
0351 lapb_dbg(0, "(%p) S3 -> S4\n", lapb->dev);
0352 lapb_start_t1timer(lapb);
0353 lapb_stop_t2timer(lapb);
0354 lapb->state = LAPB_STATE_4;
0355 lapb->n2count = 0;
0356 }
0357 break;
0358
0359 case LAPB_REJ:
0360 lapb_dbg(1, "(%p) S3 RX REJ(%d) R%d\n",
0361 lapb->dev, frame->pf, frame->nr);
0362 lapb->condition &= ~LAPB_PEER_RX_BUSY_CONDITION;
0363 lapb_check_need_response(lapb, frame->cr, frame->pf);
0364 if (lapb_validate_nr(lapb, frame->nr)) {
0365 lapb_frames_acked(lapb, frame->nr);
0366 lapb_stop_t1timer(lapb);
0367 lapb->n2count = 0;
0368 lapb_requeue_frames(lapb);
0369 } else {
0370 lapb->frmr_data = *frame;
0371 lapb->frmr_type = LAPB_FRMR_Z;
0372 lapb_transmit_frmr(lapb);
0373 lapb_dbg(0, "(%p) S3 -> S4\n", lapb->dev);
0374 lapb_start_t1timer(lapb);
0375 lapb_stop_t2timer(lapb);
0376 lapb->state = LAPB_STATE_4;
0377 lapb->n2count = 0;
0378 }
0379 break;
0380
0381 case LAPB_I:
0382 lapb_dbg(1, "(%p) S3 RX I(%d) S%d R%d\n",
0383 lapb->dev, frame->pf, frame->ns, frame->nr);
0384 if (!lapb_validate_nr(lapb, frame->nr)) {
0385 lapb->frmr_data = *frame;
0386 lapb->frmr_type = LAPB_FRMR_Z;
0387 lapb_transmit_frmr(lapb);
0388 lapb_dbg(0, "(%p) S3 -> S4\n", lapb->dev);
0389 lapb_start_t1timer(lapb);
0390 lapb_stop_t2timer(lapb);
0391 lapb->state = LAPB_STATE_4;
0392 lapb->n2count = 0;
0393 break;
0394 }
0395 if (lapb->condition & LAPB_PEER_RX_BUSY_CONDITION)
0396 lapb_frames_acked(lapb, frame->nr);
0397 else
0398 lapb_check_iframes_acked(lapb, frame->nr);
0399
0400 if (frame->ns == lapb->vr) {
0401 int cn;
0402 cn = lapb_data_indication(lapb, skb);
0403 queued = 1;
0404
0405
0406
0407
0408
0409
0410
0411 if (cn == NET_RX_DROP) {
0412 pr_debug("rx congestion\n");
0413 break;
0414 }
0415 lapb->vr = (lapb->vr + 1) % modulus;
0416 lapb->condition &= ~LAPB_REJECT_CONDITION;
0417 if (frame->pf)
0418 lapb_enquiry_response(lapb);
0419 else {
0420 if (!(lapb->condition &
0421 LAPB_ACK_PENDING_CONDITION)) {
0422 lapb->condition |= LAPB_ACK_PENDING_CONDITION;
0423 lapb_start_t2timer(lapb);
0424 }
0425 }
0426 } else {
0427 if (lapb->condition & LAPB_REJECT_CONDITION) {
0428 if (frame->pf)
0429 lapb_enquiry_response(lapb);
0430 } else {
0431 lapb_dbg(1, "(%p) S3 TX REJ(%d) R%d\n",
0432 lapb->dev, frame->pf, lapb->vr);
0433 lapb->condition |= LAPB_REJECT_CONDITION;
0434 lapb_send_control(lapb, LAPB_REJ, frame->pf,
0435 LAPB_RESPONSE);
0436 lapb->condition &= ~LAPB_ACK_PENDING_CONDITION;
0437 }
0438 }
0439 break;
0440
0441 case LAPB_FRMR:
0442 lapb_dbg(1, "(%p) S3 RX FRMR(%d) %5ph\n",
0443 lapb->dev, frame->pf,
0444 skb->data);
0445 lapb_establish_data_link(lapb);
0446 lapb_dbg(0, "(%p) S3 -> S1\n", lapb->dev);
0447 lapb_requeue_frames(lapb);
0448 lapb->state = LAPB_STATE_1;
0449 break;
0450
0451 case LAPB_ILLEGAL:
0452 lapb_dbg(1, "(%p) S3 RX ILLEGAL(%d)\n", lapb->dev, frame->pf);
0453 lapb->frmr_data = *frame;
0454 lapb->frmr_type = LAPB_FRMR_W;
0455 lapb_transmit_frmr(lapb);
0456 lapb_dbg(0, "(%p) S3 -> S4\n", lapb->dev);
0457 lapb_start_t1timer(lapb);
0458 lapb_stop_t2timer(lapb);
0459 lapb->state = LAPB_STATE_4;
0460 lapb->n2count = 0;
0461 break;
0462 }
0463
0464 if (!queued)
0465 kfree_skb(skb);
0466 }
0467
0468
0469
0470
0471
0472 static void lapb_state4_machine(struct lapb_cb *lapb, struct sk_buff *skb,
0473 struct lapb_frame *frame)
0474 {
0475 switch (frame->type) {
0476 case LAPB_SABM:
0477 lapb_dbg(1, "(%p) S4 RX SABM(%d)\n", lapb->dev, frame->pf);
0478 if (lapb->mode & LAPB_EXTENDED) {
0479 lapb_dbg(1, "(%p) S4 TX DM(%d)\n",
0480 lapb->dev, frame->pf);
0481 lapb_send_control(lapb, LAPB_DM, frame->pf,
0482 LAPB_RESPONSE);
0483 } else {
0484 lapb_dbg(1, "(%p) S4 TX UA(%d)\n",
0485 lapb->dev, frame->pf);
0486 lapb_dbg(0, "(%p) S4 -> S3\n", lapb->dev);
0487 lapb_send_control(lapb, LAPB_UA, frame->pf,
0488 LAPB_RESPONSE);
0489 lapb_stop_t1timer(lapb);
0490 lapb_stop_t2timer(lapb);
0491 lapb->state = LAPB_STATE_3;
0492 lapb->condition = 0x00;
0493 lapb->n2count = 0;
0494 lapb->vs = 0;
0495 lapb->vr = 0;
0496 lapb->va = 0;
0497 lapb_connect_indication(lapb, LAPB_OK);
0498 }
0499 break;
0500
0501 case LAPB_SABME:
0502 lapb_dbg(1, "(%p) S4 RX SABME(%d)\n", lapb->dev, frame->pf);
0503 if (lapb->mode & LAPB_EXTENDED) {
0504 lapb_dbg(1, "(%p) S4 TX UA(%d)\n",
0505 lapb->dev, frame->pf);
0506 lapb_dbg(0, "(%p) S4 -> S3\n", lapb->dev);
0507 lapb_send_control(lapb, LAPB_UA, frame->pf,
0508 LAPB_RESPONSE);
0509 lapb_stop_t1timer(lapb);
0510 lapb_stop_t2timer(lapb);
0511 lapb->state = LAPB_STATE_3;
0512 lapb->condition = 0x00;
0513 lapb->n2count = 0;
0514 lapb->vs = 0;
0515 lapb->vr = 0;
0516 lapb->va = 0;
0517 lapb_connect_indication(lapb, LAPB_OK);
0518 } else {
0519 lapb_dbg(1, "(%p) S4 TX DM(%d)\n",
0520 lapb->dev, frame->pf);
0521 lapb_send_control(lapb, LAPB_DM, frame->pf,
0522 LAPB_RESPONSE);
0523 }
0524 break;
0525 }
0526
0527 kfree_skb(skb);
0528 }
0529
0530
0531
0532
0533 void lapb_data_input(struct lapb_cb *lapb, struct sk_buff *skb)
0534 {
0535 struct lapb_frame frame;
0536
0537 if (lapb_decode(lapb, skb, &frame) < 0) {
0538 kfree_skb(skb);
0539 return;
0540 }
0541
0542 switch (lapb->state) {
0543 case LAPB_STATE_0:
0544 lapb_state0_machine(lapb, skb, &frame); break;
0545 case LAPB_STATE_1:
0546 lapb_state1_machine(lapb, skb, &frame); break;
0547 case LAPB_STATE_2:
0548 lapb_state2_machine(lapb, skb, &frame); break;
0549 case LAPB_STATE_3:
0550 lapb_state3_machine(lapb, skb, &frame); break;
0551 case LAPB_STATE_4:
0552 lapb_state4_machine(lapb, skb, &frame); break;
0553 }
0554
0555 lapb_kick(lapb);
0556 }
