Avoid beyond bounds copy while caching ACL
[zen-stable.git] / net / irda / irlap_frame.c
blob8c004161a843a2e33a963ddd254c4a0e5a129969
1 /*********************************************************************
3 * Filename: irlap_frame.c
4 * Version: 1.0
5 * Description: Build and transmit IrLAP frames
6 * Status: Stable
7 * Author: Dag Brattli <dagb@cs.uit.no>
8 * Created at: Tue Aug 19 10:27:26 1997
9 * Modified at: Wed Jan 5 08:59:04 2000
10 * Modified by: Dag Brattli <dagb@cs.uit.no>
12 * Copyright (c) 1998-2000 Dag Brattli <dagb@cs.uit.no>,
13 * All Rights Reserved.
14 * Copyright (c) 2000-2003 Jean Tourrilhes <jt@hpl.hp.com>
16 * This program is free software; you can redistribute it and/or
17 * modify it under the terms of the GNU General Public License as
18 * published by the Free Software Foundation; either version 2 of
19 * the License, or (at your option) any later version.
21 * Neither Dag Brattli nor University of Tromsø admit liability nor
22 * provide warranty for any of this software. This material is
23 * provided "AS-IS" and at no charge.
25 ********************************************************************/
27 #include <linux/skbuff.h>
28 #include <linux/if.h>
29 #include <linux/if_ether.h>
30 #include <linux/netdevice.h>
31 #include <linux/irda.h>
32 #include <linux/slab.h>
34 #include <net/pkt_sched.h>
35 #include <net/sock.h>
37 #include <asm/byteorder.h>
39 #include <net/irda/irda.h>
40 #include <net/irda/irda_device.h>
41 #include <net/irda/irlap.h>
42 #include <net/irda/wrapper.h>
43 #include <net/irda/timer.h>
44 #include <net/irda/irlap_frame.h>
45 #include <net/irda/qos.h>
47 static void irlap_send_i_frame(struct irlap_cb *self, struct sk_buff *skb,
48 int command);
51 * Function irlap_insert_info (self, skb)
53 * Insert minimum turnaround time and speed information into the skb. We
54 * need to do this since it's per packet relevant information. Safe to
55 * have this function inlined since it's only called from one place
57 static inline void irlap_insert_info(struct irlap_cb *self,
58 struct sk_buff *skb)
60 struct irda_skb_cb *cb = (struct irda_skb_cb *) skb->cb;
63 * Insert MTT (min. turn time) and speed into skb, so that the
64 * device driver knows which settings to use
66 cb->magic = LAP_MAGIC;
67 cb->mtt = self->mtt_required;
68 cb->next_speed = self->speed;
70 /* Reset */
71 self->mtt_required = 0;
74 * Delay equals negotiated BOFs count, plus the number of BOFs to
75 * force the negotiated minimum turnaround time
77 cb->xbofs = self->bofs_count;
78 cb->next_xbofs = self->next_bofs;
79 cb->xbofs_delay = self->xbofs_delay;
81 /* Reset XBOF's delay (used only for getting min turn time) */
82 self->xbofs_delay = 0;
83 /* Put the correct xbofs value for the next packet */
84 self->bofs_count = self->next_bofs;
88 * Function irlap_queue_xmit (self, skb)
90 * A little wrapper for dev_queue_xmit, so we can insert some common
91 * code into it.
93 void irlap_queue_xmit(struct irlap_cb *self, struct sk_buff *skb)
95 /* Some common init stuff */
96 skb->dev = self->netdev;
97 skb_reset_mac_header(skb);
98 skb_reset_network_header(skb);
99 skb_reset_transport_header(skb);
100 skb->protocol = htons(ETH_P_IRDA);
101 skb->priority = TC_PRIO_BESTEFFORT;
103 irlap_insert_info(self, skb);
105 if (unlikely(self->mode & IRDA_MODE_MONITOR)) {
106 IRDA_DEBUG(3, "%s(): %s is in monitor mode\n", __func__,
107 self->netdev->name);
108 dev_kfree_skb(skb);
109 return;
112 dev_queue_xmit(skb);
116 * Function irlap_send_snrm_cmd (void)
118 * Transmits a connect SNRM command frame
120 void irlap_send_snrm_frame(struct irlap_cb *self, struct qos_info *qos)
122 struct sk_buff *tx_skb;
123 struct snrm_frame *frame;
124 int ret;
126 IRDA_ASSERT(self != NULL, return;);
127 IRDA_ASSERT(self->magic == LAP_MAGIC, return;);
129 /* Allocate frame */
130 tx_skb = alloc_skb(sizeof(struct snrm_frame) +
131 IRLAP_NEGOCIATION_PARAMS_LEN,
132 GFP_ATOMIC);
133 if (!tx_skb)
134 return;
136 frame = (struct snrm_frame *) skb_put(tx_skb, 2);
138 /* Insert connection address field */
139 if (qos)
140 frame->caddr = CMD_FRAME | CBROADCAST;
141 else
142 frame->caddr = CMD_FRAME | self->caddr;
144 /* Insert control field */
145 frame->control = SNRM_CMD | PF_BIT;
148 * If we are establishing a connection then insert QoS parameters
150 if (qos) {
151 skb_put(tx_skb, 9); /* 25 left */
152 frame->saddr = cpu_to_le32(self->saddr);
153 frame->daddr = cpu_to_le32(self->daddr);
155 frame->ncaddr = self->caddr;
157 ret = irlap_insert_qos_negotiation_params(self, tx_skb);
158 if (ret < 0) {
159 dev_kfree_skb(tx_skb);
160 return;
163 irlap_queue_xmit(self, tx_skb);
167 * Function irlap_recv_snrm_cmd (skb, info)
169 * Received SNRM (Set Normal Response Mode) command frame
172 static void irlap_recv_snrm_cmd(struct irlap_cb *self, struct sk_buff *skb,
173 struct irlap_info *info)
175 struct snrm_frame *frame;
177 if (pskb_may_pull(skb,sizeof(struct snrm_frame))) {
178 frame = (struct snrm_frame *) skb->data;
180 /* Copy the new connection address ignoring the C/R bit */
181 info->caddr = frame->ncaddr & 0xFE;
183 /* Check if the new connection address is valid */
184 if ((info->caddr == 0x00) || (info->caddr == 0xfe)) {
185 IRDA_DEBUG(3, "%s(), invalid connection address!\n",
186 __func__);
187 return;
190 /* Copy peer device address */
191 info->daddr = le32_to_cpu(frame->saddr);
192 info->saddr = le32_to_cpu(frame->daddr);
194 /* Only accept if addressed directly to us */
195 if (info->saddr != self->saddr) {
196 IRDA_DEBUG(2, "%s(), not addressed to us!\n",
197 __func__);
198 return;
200 irlap_do_event(self, RECV_SNRM_CMD, skb, info);
201 } else {
202 /* Signal that this SNRM frame does not contain and I-field */
203 irlap_do_event(self, RECV_SNRM_CMD, skb, NULL);
208 * Function irlap_send_ua_response_frame (qos)
210 * Send UA (Unnumbered Acknowledgement) frame
213 void irlap_send_ua_response_frame(struct irlap_cb *self, struct qos_info *qos)
215 struct sk_buff *tx_skb;
216 struct ua_frame *frame;
217 int ret;
219 IRDA_DEBUG(2, "%s() <%ld>\n", __func__, jiffies);
221 IRDA_ASSERT(self != NULL, return;);
222 IRDA_ASSERT(self->magic == LAP_MAGIC, return;);
224 /* Allocate frame */
225 tx_skb = alloc_skb(sizeof(struct ua_frame) +
226 IRLAP_NEGOCIATION_PARAMS_LEN,
227 GFP_ATOMIC);
228 if (!tx_skb)
229 return;
231 frame = (struct ua_frame *) skb_put(tx_skb, 10);
233 /* Build UA response */
234 frame->caddr = self->caddr;
235 frame->control = UA_RSP | PF_BIT;
237 frame->saddr = cpu_to_le32(self->saddr);
238 frame->daddr = cpu_to_le32(self->daddr);
240 /* Should we send QoS negotiation parameters? */
241 if (qos) {
242 ret = irlap_insert_qos_negotiation_params(self, tx_skb);
243 if (ret < 0) {
244 dev_kfree_skb(tx_skb);
245 return;
249 irlap_queue_xmit(self, tx_skb);
254 * Function irlap_send_dm_frame (void)
256 * Send disconnected mode (DM) frame
259 void irlap_send_dm_frame( struct irlap_cb *self)
261 struct sk_buff *tx_skb = NULL;
262 struct dm_frame *frame;
264 IRDA_ASSERT(self != NULL, return;);
265 IRDA_ASSERT(self->magic == LAP_MAGIC, return;);
267 tx_skb = alloc_skb(sizeof(struct dm_frame), GFP_ATOMIC);
268 if (!tx_skb)
269 return;
271 frame = (struct dm_frame *)skb_put(tx_skb, 2);
273 if (self->state == LAP_NDM)
274 frame->caddr = CBROADCAST;
275 else
276 frame->caddr = self->caddr;
278 frame->control = DM_RSP | PF_BIT;
280 irlap_queue_xmit(self, tx_skb);
284 * Function irlap_send_disc_frame (void)
286 * Send disconnect (DISC) frame
289 void irlap_send_disc_frame(struct irlap_cb *self)
291 struct sk_buff *tx_skb = NULL;
292 struct disc_frame *frame;
294 IRDA_DEBUG(3, "%s()\n", __func__);
296 IRDA_ASSERT(self != NULL, return;);
297 IRDA_ASSERT(self->magic == LAP_MAGIC, return;);
299 tx_skb = alloc_skb(sizeof(struct disc_frame), GFP_ATOMIC);
300 if (!tx_skb)
301 return;
303 frame = (struct disc_frame *)skb_put(tx_skb, 2);
305 frame->caddr = self->caddr | CMD_FRAME;
306 frame->control = DISC_CMD | PF_BIT;
308 irlap_queue_xmit(self, tx_skb);
312 * Function irlap_send_discovery_xid_frame (S, s, command)
314 * Build and transmit a XID (eXchange station IDentifier) discovery
315 * frame.
317 void irlap_send_discovery_xid_frame(struct irlap_cb *self, int S, __u8 s,
318 __u8 command, discovery_t *discovery)
320 struct sk_buff *tx_skb = NULL;
321 struct xid_frame *frame;
322 __u32 bcast = BROADCAST;
323 __u8 *info;
325 IRDA_DEBUG(4, "%s(), s=%d, S=%d, command=%d\n", __func__,
326 s, S, command);
328 IRDA_ASSERT(self != NULL, return;);
329 IRDA_ASSERT(self->magic == LAP_MAGIC, return;);
330 IRDA_ASSERT(discovery != NULL, return;);
332 tx_skb = alloc_skb(sizeof(struct xid_frame) + IRLAP_DISCOVERY_INFO_LEN,
333 GFP_ATOMIC);
334 if (!tx_skb)
335 return;
337 skb_put(tx_skb, 14);
338 frame = (struct xid_frame *) tx_skb->data;
340 if (command) {
341 frame->caddr = CBROADCAST | CMD_FRAME;
342 frame->control = XID_CMD | PF_BIT;
343 } else {
344 frame->caddr = CBROADCAST;
345 frame->control = XID_RSP | PF_BIT;
347 frame->ident = XID_FORMAT;
349 frame->saddr = cpu_to_le32(self->saddr);
351 if (command)
352 frame->daddr = cpu_to_le32(bcast);
353 else
354 frame->daddr = cpu_to_le32(discovery->data.daddr);
356 switch (S) {
357 case 1:
358 frame->flags = 0x00;
359 break;
360 case 6:
361 frame->flags = 0x01;
362 break;
363 case 8:
364 frame->flags = 0x02;
365 break;
366 case 16:
367 frame->flags = 0x03;
368 break;
369 default:
370 frame->flags = 0x02;
371 break;
374 frame->slotnr = s;
375 frame->version = 0x00;
378 * Provide info for final slot only in commands, and for all
379 * responses. Send the second byte of the hint only if the
380 * EXTENSION bit is set in the first byte.
382 if (!command || (frame->slotnr == 0xff)) {
383 int len;
385 if (discovery->data.hints[0] & HINT_EXTENSION) {
386 info = skb_put(tx_skb, 2);
387 info[0] = discovery->data.hints[0];
388 info[1] = discovery->data.hints[1];
389 } else {
390 info = skb_put(tx_skb, 1);
391 info[0] = discovery->data.hints[0];
393 info = skb_put(tx_skb, 1);
394 info[0] = discovery->data.charset;
396 len = IRDA_MIN(discovery->name_len, skb_tailroom(tx_skb));
397 info = skb_put(tx_skb, len);
398 memcpy(info, discovery->data.info, len);
400 irlap_queue_xmit(self, tx_skb);
404 * Function irlap_recv_discovery_xid_rsp (skb, info)
406 * Received a XID discovery response
409 static void irlap_recv_discovery_xid_rsp(struct irlap_cb *self,
410 struct sk_buff *skb,
411 struct irlap_info *info)
413 struct xid_frame *xid;
414 discovery_t *discovery = NULL;
415 __u8 *discovery_info;
416 char *text;
418 IRDA_DEBUG(4, "%s()\n", __func__);
420 IRDA_ASSERT(self != NULL, return;);
421 IRDA_ASSERT(self->magic == LAP_MAGIC, return;);
423 if (!pskb_may_pull(skb, sizeof(struct xid_frame))) {
424 IRDA_ERROR("%s: frame too short!\n", __func__);
425 return;
428 xid = (struct xid_frame *) skb->data;
430 info->daddr = le32_to_cpu(xid->saddr);
431 info->saddr = le32_to_cpu(xid->daddr);
433 /* Make sure frame is addressed to us */
434 if ((info->saddr != self->saddr) && (info->saddr != BROADCAST)) {
435 IRDA_DEBUG(0, "%s(), frame is not addressed to us!\n",
436 __func__);
437 return;
440 if ((discovery = kzalloc(sizeof(discovery_t), GFP_ATOMIC)) == NULL) {
441 IRDA_WARNING("%s: kmalloc failed!\n", __func__);
442 return;
445 discovery->data.daddr = info->daddr;
446 discovery->data.saddr = self->saddr;
447 discovery->timestamp = jiffies;
449 IRDA_DEBUG(4, "%s(), daddr=%08x\n", __func__,
450 discovery->data.daddr);
452 discovery_info = skb_pull(skb, sizeof(struct xid_frame));
454 /* Get info returned from peer */
455 discovery->data.hints[0] = discovery_info[0];
456 if (discovery_info[0] & HINT_EXTENSION) {
457 IRDA_DEBUG(4, "EXTENSION\n");
458 discovery->data.hints[1] = discovery_info[1];
459 discovery->data.charset = discovery_info[2];
460 text = (char *) &discovery_info[3];
461 } else {
462 discovery->data.hints[1] = 0;
463 discovery->data.charset = discovery_info[1];
464 text = (char *) &discovery_info[2];
467 * Terminate info string, should be safe since this is where the
468 * FCS bytes resides.
470 skb->data[skb->len] = '\0';
471 strncpy(discovery->data.info, text, NICKNAME_MAX_LEN);
472 discovery->name_len = strlen(discovery->data.info);
474 info->discovery = discovery;
476 irlap_do_event(self, RECV_DISCOVERY_XID_RSP, skb, info);
480 * Function irlap_recv_discovery_xid_cmd (skb, info)
482 * Received a XID discovery command
485 static void irlap_recv_discovery_xid_cmd(struct irlap_cb *self,
486 struct sk_buff *skb,
487 struct irlap_info *info)
489 struct xid_frame *xid;
490 discovery_t *discovery = NULL;
491 __u8 *discovery_info;
492 char *text;
494 if (!pskb_may_pull(skb, sizeof(struct xid_frame))) {
495 IRDA_ERROR("%s: frame too short!\n", __func__);
496 return;
499 xid = (struct xid_frame *) skb->data;
501 info->daddr = le32_to_cpu(xid->saddr);
502 info->saddr = le32_to_cpu(xid->daddr);
504 /* Make sure frame is addressed to us */
505 if ((info->saddr != self->saddr) && (info->saddr != BROADCAST)) {
506 IRDA_DEBUG(0, "%s(), frame is not addressed to us!\n",
507 __func__);
508 return;
511 switch (xid->flags & 0x03) {
512 case 0x00:
513 info->S = 1;
514 break;
515 case 0x01:
516 info->S = 6;
517 break;
518 case 0x02:
519 info->S = 8;
520 break;
521 case 0x03:
522 info->S = 16;
523 break;
524 default:
525 /* Error!! */
526 return;
528 info->s = xid->slotnr;
530 discovery_info = skb_pull(skb, sizeof(struct xid_frame));
533 * Check if last frame
535 if (info->s == 0xff) {
536 /* Check if things are sane at this point... */
537 if((discovery_info == NULL) ||
538 !pskb_may_pull(skb, 3)) {
539 IRDA_ERROR("%s: discovery frame too short!\n",
540 __func__);
541 return;
545 * We now have some discovery info to deliver!
547 discovery = kmalloc(sizeof(discovery_t), GFP_ATOMIC);
548 if (!discovery) {
549 IRDA_WARNING("%s: unable to malloc!\n", __func__);
550 return;
553 discovery->data.daddr = info->daddr;
554 discovery->data.saddr = self->saddr;
555 discovery->timestamp = jiffies;
557 discovery->data.hints[0] = discovery_info[0];
558 if (discovery_info[0] & HINT_EXTENSION) {
559 discovery->data.hints[1] = discovery_info[1];
560 discovery->data.charset = discovery_info[2];
561 text = (char *) &discovery_info[3];
562 } else {
563 discovery->data.hints[1] = 0;
564 discovery->data.charset = discovery_info[1];
565 text = (char *) &discovery_info[2];
568 * Terminate string, should be safe since this is where the
569 * FCS bytes resides.
571 skb->data[skb->len] = '\0';
572 strncpy(discovery->data.info, text, NICKNAME_MAX_LEN);
573 discovery->name_len = strlen(discovery->data.info);
575 info->discovery = discovery;
576 } else
577 info->discovery = NULL;
579 irlap_do_event(self, RECV_DISCOVERY_XID_CMD, skb, info);
583 * Function irlap_send_rr_frame (self, command)
585 * Build and transmit RR (Receive Ready) frame. Notice that it is currently
586 * only possible to send RR frames with the poll bit set.
588 void irlap_send_rr_frame(struct irlap_cb *self, int command)
590 struct sk_buff *tx_skb;
591 struct rr_frame *frame;
593 tx_skb = alloc_skb(sizeof(struct rr_frame), GFP_ATOMIC);
594 if (!tx_skb)
595 return;
597 frame = (struct rr_frame *)skb_put(tx_skb, 2);
599 frame->caddr = self->caddr;
600 frame->caddr |= (command) ? CMD_FRAME : 0;
602 frame->control = RR | PF_BIT | (self->vr << 5);
604 irlap_queue_xmit(self, tx_skb);
608 * Function irlap_send_rd_frame (self)
610 * Request disconnect. Used by a secondary station to request the
611 * disconnection of the link.
613 void irlap_send_rd_frame(struct irlap_cb *self)
615 struct sk_buff *tx_skb;
616 struct rd_frame *frame;
618 tx_skb = alloc_skb(sizeof(struct rd_frame), GFP_ATOMIC);
619 if (!tx_skb)
620 return;
622 frame = (struct rd_frame *)skb_put(tx_skb, 2);
624 frame->caddr = self->caddr;
625 frame->caddr = RD_RSP | PF_BIT;
627 irlap_queue_xmit(self, tx_skb);
631 * Function irlap_recv_rr_frame (skb, info)
633 * Received RR (Receive Ready) frame from peer station, no harm in
634 * making it inline since its called only from one single place
635 * (irlap_driver_rcv).
637 static inline void irlap_recv_rr_frame(struct irlap_cb *self,
638 struct sk_buff *skb,
639 struct irlap_info *info, int command)
641 info->nr = skb->data[1] >> 5;
643 /* Check if this is a command or a response frame */
644 if (command)
645 irlap_do_event(self, RECV_RR_CMD, skb, info);
646 else
647 irlap_do_event(self, RECV_RR_RSP, skb, info);
651 * Function irlap_recv_rnr_frame (self, skb, info)
653 * Received RNR (Receive Not Ready) frame from peer station
656 static void irlap_recv_rnr_frame(struct irlap_cb *self, struct sk_buff *skb,
657 struct irlap_info *info, int command)
659 info->nr = skb->data[1] >> 5;
661 IRDA_DEBUG(4, "%s(), nr=%d, %ld\n", __func__, info->nr, jiffies);
663 if (command)
664 irlap_do_event(self, RECV_RNR_CMD, skb, info);
665 else
666 irlap_do_event(self, RECV_RNR_RSP, skb, info);
669 static void irlap_recv_rej_frame(struct irlap_cb *self, struct sk_buff *skb,
670 struct irlap_info *info, int command)
672 IRDA_DEBUG(0, "%s()\n", __func__);
674 info->nr = skb->data[1] >> 5;
676 /* Check if this is a command or a response frame */
677 if (command)
678 irlap_do_event(self, RECV_REJ_CMD, skb, info);
679 else
680 irlap_do_event(self, RECV_REJ_RSP, skb, info);
683 static void irlap_recv_srej_frame(struct irlap_cb *self, struct sk_buff *skb,
684 struct irlap_info *info, int command)
686 IRDA_DEBUG(0, "%s()\n", __func__);
688 info->nr = skb->data[1] >> 5;
690 /* Check if this is a command or a response frame */
691 if (command)
692 irlap_do_event(self, RECV_SREJ_CMD, skb, info);
693 else
694 irlap_do_event(self, RECV_SREJ_RSP, skb, info);
697 static void irlap_recv_disc_frame(struct irlap_cb *self, struct sk_buff *skb,
698 struct irlap_info *info, int command)
700 IRDA_DEBUG(2, "%s()\n", __func__);
702 /* Check if this is a command or a response frame */
703 if (command)
704 irlap_do_event(self, RECV_DISC_CMD, skb, info);
705 else
706 irlap_do_event(self, RECV_RD_RSP, skb, info);
710 * Function irlap_recv_ua_frame (skb, frame)
712 * Received UA (Unnumbered Acknowledgement) frame
715 static inline void irlap_recv_ua_frame(struct irlap_cb *self,
716 struct sk_buff *skb,
717 struct irlap_info *info)
719 irlap_do_event(self, RECV_UA_RSP, skb, info);
723 * Function irlap_send_data_primary(self, skb)
725 * Send I-frames as the primary station but without the poll bit set
728 void irlap_send_data_primary(struct irlap_cb *self, struct sk_buff *skb)
730 struct sk_buff *tx_skb;
732 if (skb->data[1] == I_FRAME) {
735 * Insert frame sequence number (Vs) in control field before
736 * inserting into transmit window queue.
738 skb->data[1] = I_FRAME | (self->vs << 1);
741 * Insert frame in store, in case of retransmissions
742 * Increase skb reference count, see irlap_do_event()
744 skb_get(skb);
745 skb_queue_tail(&self->wx_list, skb);
747 /* Copy buffer */
748 tx_skb = skb_clone(skb, GFP_ATOMIC);
749 if (tx_skb == NULL) {
750 return;
753 self->vs = (self->vs + 1) % 8;
754 self->ack_required = FALSE;
755 self->window -= 1;
757 irlap_send_i_frame( self, tx_skb, CMD_FRAME);
758 } else {
759 IRDA_DEBUG(4, "%s(), sending unreliable frame\n", __func__);
760 irlap_send_ui_frame(self, skb_get(skb), self->caddr, CMD_FRAME);
761 self->window -= 1;
765 * Function irlap_send_data_primary_poll (self, skb)
767 * Send I(nformation) frame as primary with poll bit set
769 void irlap_send_data_primary_poll(struct irlap_cb *self, struct sk_buff *skb)
771 struct sk_buff *tx_skb;
772 int transmission_time;
774 /* Stop P timer */
775 del_timer(&self->poll_timer);
777 /* Is this reliable or unreliable data? */
778 if (skb->data[1] == I_FRAME) {
781 * Insert frame sequence number (Vs) in control field before
782 * inserting into transmit window queue.
784 skb->data[1] = I_FRAME | (self->vs << 1);
787 * Insert frame in store, in case of retransmissions
788 * Increase skb reference count, see irlap_do_event()
790 skb_get(skb);
791 skb_queue_tail(&self->wx_list, skb);
793 /* Copy buffer */
794 tx_skb = skb_clone(skb, GFP_ATOMIC);
795 if (tx_skb == NULL) {
796 return;
800 * Set poll bit if necessary. We do this to the copied
801 * skb, since retransmitted need to set or clear the poll
802 * bit depending on when they are sent.
804 tx_skb->data[1] |= PF_BIT;
806 self->vs = (self->vs + 1) % 8;
807 self->ack_required = FALSE;
809 irlap_next_state(self, LAP_NRM_P);
810 irlap_send_i_frame(self, tx_skb, CMD_FRAME);
811 } else {
812 IRDA_DEBUG(4, "%s(), sending unreliable frame\n", __func__);
814 if (self->ack_required) {
815 irlap_send_ui_frame(self, skb_get(skb), self->caddr, CMD_FRAME);
816 irlap_next_state(self, LAP_NRM_P);
817 irlap_send_rr_frame(self, CMD_FRAME);
818 self->ack_required = FALSE;
819 } else {
820 skb->data[1] |= PF_BIT;
821 irlap_next_state(self, LAP_NRM_P);
822 irlap_send_ui_frame(self, skb_get(skb), self->caddr, CMD_FRAME);
826 /* How much time we took for transmission of all frames.
827 * We don't know, so let assume we used the full window. Jean II */
828 transmission_time = self->final_timeout;
830 /* Reset parameter so that we can fill next window */
831 self->window = self->window_size;
833 #ifdef CONFIG_IRDA_DYNAMIC_WINDOW
834 /* Remove what we have not used. Just do a prorata of the
835 * bytes left in window to window capacity.
836 * See max_line_capacities[][] in qos.c for details. Jean II */
837 transmission_time -= (self->final_timeout * self->bytes_left
838 / self->line_capacity);
839 IRDA_DEBUG(4, "%s() adjusting transmission_time : ft=%d, bl=%d, lc=%d -> tt=%d\n", __func__, self->final_timeout, self->bytes_left, self->line_capacity, transmission_time);
841 /* We are allowed to transmit a maximum number of bytes again. */
842 self->bytes_left = self->line_capacity;
843 #endif /* CONFIG_IRDA_DYNAMIC_WINDOW */
846 * The network layer has a intermediate buffer between IrLAP
847 * and the IrDA driver which can contain 8 frames. So, even
848 * though IrLAP is currently sending the *last* frame of the
849 * tx-window, the driver most likely has only just started
850 * sending the *first* frame of the same tx-window.
851 * I.e. we are always at the very beginning of or Tx window.
852 * Now, we are supposed to set the final timer from the end
853 * of our tx-window to let the other peer reply. So, we need
854 * to add extra time to compensate for the fact that we
855 * are really at the start of tx-window, otherwise the final timer
856 * might expire before he can answer...
857 * Jean II
859 irlap_start_final_timer(self, self->final_timeout + transmission_time);
862 * The clever amongst you might ask why we do this adjustement
863 * only here, and not in all the other cases in irlap_event.c.
864 * In all those other case, we only send a very short management
865 * frame (few bytes), so the adjustement would be lost in the
866 * noise...
867 * The exception of course is irlap_resend_rejected_frame().
868 * Jean II */
872 * Function irlap_send_data_secondary_final (self, skb)
874 * Send I(nformation) frame as secondary with final bit set
877 void irlap_send_data_secondary_final(struct irlap_cb *self,
878 struct sk_buff *skb)
880 struct sk_buff *tx_skb = NULL;
882 IRDA_ASSERT(self != NULL, return;);
883 IRDA_ASSERT(self->magic == LAP_MAGIC, return;);
884 IRDA_ASSERT(skb != NULL, return;);
886 /* Is this reliable or unreliable data? */
887 if (skb->data[1] == I_FRAME) {
890 * Insert frame sequence number (Vs) in control field before
891 * inserting into transmit window queue.
893 skb->data[1] = I_FRAME | (self->vs << 1);
896 * Insert frame in store, in case of retransmissions
897 * Increase skb reference count, see irlap_do_event()
899 skb_get(skb);
900 skb_queue_tail(&self->wx_list, skb);
902 tx_skb = skb_clone(skb, GFP_ATOMIC);
903 if (tx_skb == NULL) {
904 return;
907 tx_skb->data[1] |= PF_BIT;
909 self->vs = (self->vs + 1) % 8;
910 self->ack_required = FALSE;
912 irlap_send_i_frame(self, tx_skb, RSP_FRAME);
913 } else {
914 if (self->ack_required) {
915 irlap_send_ui_frame(self, skb_get(skb), self->caddr, RSP_FRAME);
916 irlap_send_rr_frame(self, RSP_FRAME);
917 self->ack_required = FALSE;
918 } else {
919 skb->data[1] |= PF_BIT;
920 irlap_send_ui_frame(self, skb_get(skb), self->caddr, RSP_FRAME);
924 self->window = self->window_size;
925 #ifdef CONFIG_IRDA_DYNAMIC_WINDOW
926 /* We are allowed to transmit a maximum number of bytes again. */
927 self->bytes_left = self->line_capacity;
928 #endif /* CONFIG_IRDA_DYNAMIC_WINDOW */
930 irlap_start_wd_timer(self, self->wd_timeout);
934 * Function irlap_send_data_secondary (self, skb)
936 * Send I(nformation) frame as secondary without final bit set
939 void irlap_send_data_secondary(struct irlap_cb *self, struct sk_buff *skb)
941 struct sk_buff *tx_skb = NULL;
943 /* Is this reliable or unreliable data? */
944 if (skb->data[1] == I_FRAME) {
947 * Insert frame sequence number (Vs) in control field before
948 * inserting into transmit window queue.
950 skb->data[1] = I_FRAME | (self->vs << 1);
953 * Insert frame in store, in case of retransmissions
954 * Increase skb reference count, see irlap_do_event()
956 skb_get(skb);
957 skb_queue_tail(&self->wx_list, skb);
959 tx_skb = skb_clone(skb, GFP_ATOMIC);
960 if (tx_skb == NULL) {
961 return;
964 self->vs = (self->vs + 1) % 8;
965 self->ack_required = FALSE;
966 self->window -= 1;
968 irlap_send_i_frame(self, tx_skb, RSP_FRAME);
969 } else {
970 irlap_send_ui_frame(self, skb_get(skb), self->caddr, RSP_FRAME);
971 self->window -= 1;
976 * Function irlap_resend_rejected_frames (nr)
978 * Resend frames which has not been acknowledged. Should be safe to
979 * traverse the list without locking it since this function will only be
980 * called from interrupt context (BH)
982 void irlap_resend_rejected_frames(struct irlap_cb *self, int command)
984 struct sk_buff *tx_skb;
985 struct sk_buff *skb;
987 IRDA_ASSERT(self != NULL, return;);
988 IRDA_ASSERT(self->magic == LAP_MAGIC, return;);
990 /* Resend unacknowledged frame(s) */
991 skb_queue_walk(&self->wx_list, skb) {
992 irlap_wait_min_turn_around(self, &self->qos_tx);
994 /* We copy the skb to be retransmitted since we will have to
995 * modify it. Cloning will confuse packet sniffers
997 /* tx_skb = skb_clone( skb, GFP_ATOMIC); */
998 tx_skb = skb_copy(skb, GFP_ATOMIC);
999 if (!tx_skb) {
1000 IRDA_DEBUG(0, "%s(), unable to copy\n", __func__);
1001 return;
1004 /* Clear old Nr field + poll bit */
1005 tx_skb->data[1] &= 0x0f;
1008 * Set poll bit on the last frame retransmitted
1010 if (skb_queue_is_last(&self->wx_list, skb))
1011 tx_skb->data[1] |= PF_BIT; /* Set p/f bit */
1012 else
1013 tx_skb->data[1] &= ~PF_BIT; /* Clear p/f bit */
1015 irlap_send_i_frame(self, tx_skb, command);
1017 #if 0 /* Not yet */
1019 * We can now fill the window with additional data frames
1021 while (!skb_queue_empty(&self->txq)) {
1023 IRDA_DEBUG(0, "%s(), sending additional frames!\n", __func__);
1024 if (self->window > 0) {
1025 skb = skb_dequeue( &self->txq);
1026 IRDA_ASSERT(skb != NULL, return;);
1029 * If send window > 1 then send frame with pf
1030 * bit cleared
1032 if ((self->window > 1) &&
1033 !skb_queue_empty(&self->txq)) {
1034 irlap_send_data_primary(self, skb);
1035 } else {
1036 irlap_send_data_primary_poll(self, skb);
1038 kfree_skb(skb);
1041 #endif
1044 void irlap_resend_rejected_frame(struct irlap_cb *self, int command)
1046 struct sk_buff *tx_skb;
1047 struct sk_buff *skb;
1049 IRDA_ASSERT(self != NULL, return;);
1050 IRDA_ASSERT(self->magic == LAP_MAGIC, return;);
1052 /* Resend unacknowledged frame(s) */
1053 skb = skb_peek(&self->wx_list);
1054 if (skb != NULL) {
1055 irlap_wait_min_turn_around(self, &self->qos_tx);
1057 /* We copy the skb to be retransmitted since we will have to
1058 * modify it. Cloning will confuse packet sniffers
1060 /* tx_skb = skb_clone( skb, GFP_ATOMIC); */
1061 tx_skb = skb_copy(skb, GFP_ATOMIC);
1062 if (!tx_skb) {
1063 IRDA_DEBUG(0, "%s(), unable to copy\n", __func__);
1064 return;
1067 /* Clear old Nr field + poll bit */
1068 tx_skb->data[1] &= 0x0f;
1070 /* Set poll/final bit */
1071 tx_skb->data[1] |= PF_BIT; /* Set p/f bit */
1073 irlap_send_i_frame(self, tx_skb, command);
1078 * Function irlap_send_ui_frame (self, skb, command)
1080 * Contruct and transmit an Unnumbered Information (UI) frame
1083 void irlap_send_ui_frame(struct irlap_cb *self, struct sk_buff *skb,
1084 __u8 caddr, int command)
1086 IRDA_DEBUG(4, "%s()\n", __func__);
1088 IRDA_ASSERT(self != NULL, return;);
1089 IRDA_ASSERT(self->magic == LAP_MAGIC, return;);
1090 IRDA_ASSERT(skb != NULL, return;);
1092 /* Insert connection address */
1093 skb->data[0] = caddr | ((command) ? CMD_FRAME : 0);
1095 irlap_queue_xmit(self, skb);
1099 * Function irlap_send_i_frame (skb)
1101 * Contruct and transmit Information (I) frame
1103 static void irlap_send_i_frame(struct irlap_cb *self, struct sk_buff *skb,
1104 int command)
1106 /* Insert connection address */
1107 skb->data[0] = self->caddr;
1108 skb->data[0] |= (command) ? CMD_FRAME : 0;
1110 /* Insert next to receive (Vr) */
1111 skb->data[1] |= (self->vr << 5); /* insert nr */
1113 irlap_queue_xmit(self, skb);
1117 * Function irlap_recv_i_frame (skb, frame)
1119 * Receive and parse an I (Information) frame, no harm in making it inline
1120 * since it's called only from one single place (irlap_driver_rcv).
1122 static inline void irlap_recv_i_frame(struct irlap_cb *self,
1123 struct sk_buff *skb,
1124 struct irlap_info *info, int command)
1126 info->nr = skb->data[1] >> 5; /* Next to receive */
1127 info->pf = skb->data[1] & PF_BIT; /* Final bit */
1128 info->ns = (skb->data[1] >> 1) & 0x07; /* Next to send */
1130 /* Check if this is a command or a response frame */
1131 if (command)
1132 irlap_do_event(self, RECV_I_CMD, skb, info);
1133 else
1134 irlap_do_event(self, RECV_I_RSP, skb, info);
1138 * Function irlap_recv_ui_frame (self, skb, info)
1140 * Receive and parse an Unnumbered Information (UI) frame
1143 static void irlap_recv_ui_frame(struct irlap_cb *self, struct sk_buff *skb,
1144 struct irlap_info *info)
1146 IRDA_DEBUG( 4, "%s()\n", __func__);
1148 info->pf = skb->data[1] & PF_BIT; /* Final bit */
1150 irlap_do_event(self, RECV_UI_FRAME, skb, info);
1154 * Function irlap_recv_frmr_frame (skb, frame)
1156 * Received Frame Reject response.
1159 static void irlap_recv_frmr_frame(struct irlap_cb *self, struct sk_buff *skb,
1160 struct irlap_info *info)
1162 __u8 *frame;
1163 int w, x, y, z;
1165 IRDA_DEBUG(0, "%s()\n", __func__);
1167 IRDA_ASSERT(self != NULL, return;);
1168 IRDA_ASSERT(self->magic == LAP_MAGIC, return;);
1169 IRDA_ASSERT(skb != NULL, return;);
1170 IRDA_ASSERT(info != NULL, return;);
1172 if (!pskb_may_pull(skb, 4)) {
1173 IRDA_ERROR("%s: frame too short!\n", __func__);
1174 return;
1177 frame = skb->data;
1179 info->nr = frame[2] >> 5; /* Next to receive */
1180 info->pf = frame[2] & PF_BIT; /* Final bit */
1181 info->ns = (frame[2] >> 1) & 0x07; /* Next to send */
1183 w = frame[3] & 0x01;
1184 x = frame[3] & 0x02;
1185 y = frame[3] & 0x04;
1186 z = frame[3] & 0x08;
1188 if (w) {
1189 IRDA_DEBUG(0, "Rejected control field is undefined or not "
1190 "implemented.\n");
1192 if (x) {
1193 IRDA_DEBUG(0, "Rejected control field was invalid because it "
1194 "contained a non permitted I field.\n");
1196 if (y) {
1197 IRDA_DEBUG(0, "Received I field exceeded the maximum negotiated "
1198 "for the existing connection or exceeded the maximum "
1199 "this station supports if no connection exists.\n");
1201 if (z) {
1202 IRDA_DEBUG(0, "Rejected control field control field contained an "
1203 "invalid Nr count.\n");
1205 irlap_do_event(self, RECV_FRMR_RSP, skb, info);
1209 * Function irlap_send_test_frame (self, daddr)
1211 * Send a test frame response
1214 void irlap_send_test_frame(struct irlap_cb *self, __u8 caddr, __u32 daddr,
1215 struct sk_buff *cmd)
1217 struct sk_buff *tx_skb;
1218 struct test_frame *frame;
1219 __u8 *info;
1221 tx_skb = alloc_skb(cmd->len + sizeof(struct test_frame), GFP_ATOMIC);
1222 if (!tx_skb)
1223 return;
1225 /* Broadcast frames must include saddr and daddr fields */
1226 if (caddr == CBROADCAST) {
1227 frame = (struct test_frame *)
1228 skb_put(tx_skb, sizeof(struct test_frame));
1230 /* Insert the swapped addresses */
1231 frame->saddr = cpu_to_le32(self->saddr);
1232 frame->daddr = cpu_to_le32(daddr);
1233 } else
1234 frame = (struct test_frame *) skb_put(tx_skb, LAP_ADDR_HEADER + LAP_CTRL_HEADER);
1236 frame->caddr = caddr;
1237 frame->control = TEST_RSP | PF_BIT;
1239 /* Copy info */
1240 info = skb_put(tx_skb, cmd->len);
1241 memcpy(info, cmd->data, cmd->len);
1243 /* Return to sender */
1244 irlap_wait_min_turn_around(self, &self->qos_tx);
1245 irlap_queue_xmit(self, tx_skb);
1249 * Function irlap_recv_test_frame (self, skb)
1251 * Receive a test frame
1254 static void irlap_recv_test_frame(struct irlap_cb *self, struct sk_buff *skb,
1255 struct irlap_info *info, int command)
1257 struct test_frame *frame;
1259 IRDA_DEBUG(2, "%s()\n", __func__);
1261 if (!pskb_may_pull(skb, sizeof(*frame))) {
1262 IRDA_ERROR("%s: frame too short!\n", __func__);
1263 return;
1265 frame = (struct test_frame *) skb->data;
1267 /* Broadcast frames must carry saddr and daddr fields */
1268 if (info->caddr == CBROADCAST) {
1269 if (skb->len < sizeof(struct test_frame)) {
1270 IRDA_DEBUG(0, "%s() test frame too short!\n",
1271 __func__);
1272 return;
1275 /* Read and swap addresses */
1276 info->daddr = le32_to_cpu(frame->saddr);
1277 info->saddr = le32_to_cpu(frame->daddr);
1279 /* Make sure frame is addressed to us */
1280 if ((info->saddr != self->saddr) &&
1281 (info->saddr != BROADCAST)) {
1282 return;
1286 if (command)
1287 irlap_do_event(self, RECV_TEST_CMD, skb, info);
1288 else
1289 irlap_do_event(self, RECV_TEST_RSP, skb, info);
1293 * Function irlap_driver_rcv (skb, netdev, ptype)
1295 * Called when a frame is received. Dispatches the right receive function
1296 * for processing of the frame.
1298 * Note on skb management :
1299 * After calling the higher layers of the IrDA stack, we always
1300 * kfree() the skb, which drop the reference count (and potentially
1301 * destroy it).
1302 * If a higher layer of the stack want to keep the skb around (to put
1303 * in a queue or pass it to the higher layer), it will need to use
1304 * skb_get() to keep a reference on it. This is usually done at the
1305 * LMP level in irlmp.c.
1306 * Jean II
1308 int irlap_driver_rcv(struct sk_buff *skb, struct net_device *dev,
1309 struct packet_type *ptype, struct net_device *orig_dev)
1311 struct irlap_info info;
1312 struct irlap_cb *self;
1313 int command;
1314 __u8 control;
1315 int ret = -1;
1317 if (!net_eq(dev_net(dev), &init_net))
1318 goto out;
1320 /* FIXME: should we get our own field? */
1321 self = (struct irlap_cb *) dev->atalk_ptr;
1323 /* If the net device is down, then IrLAP is gone! */
1324 if (!self || self->magic != LAP_MAGIC)
1325 goto err;
1327 /* We are no longer an "old" protocol, so we need to handle
1328 * share and non linear skbs. This should never happen, so
1329 * we don't need to be clever about it. Jean II */
1330 if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL) {
1331 IRDA_ERROR("%s: can't clone shared skb!\n", __func__);
1332 goto err;
1335 /* Check if frame is large enough for parsing */
1336 if (!pskb_may_pull(skb, 2)) {
1337 IRDA_ERROR("%s: frame too short!\n", __func__);
1338 goto err;
1341 command = skb->data[0] & CMD_FRAME;
1342 info.caddr = skb->data[0] & CBROADCAST;
1344 info.pf = skb->data[1] & PF_BIT;
1345 info.control = skb->data[1] & ~PF_BIT; /* Mask away poll/final bit */
1347 control = info.control;
1349 /* First we check if this frame has a valid connection address */
1350 if ((info.caddr != self->caddr) && (info.caddr != CBROADCAST)) {
1351 IRDA_DEBUG(0, "%s(), wrong connection address!\n",
1352 __func__);
1353 goto out;
1356 * Optimize for the common case and check if the frame is an
1357 * I(nformation) frame. Only I-frames have bit 0 set to 0
1359 if (~control & 0x01) {
1360 irlap_recv_i_frame(self, skb, &info, command);
1361 goto out;
1364 * We now check is the frame is an S(upervisory) frame. Only
1365 * S-frames have bit 0 set to 1 and bit 1 set to 0
1367 if (~control & 0x02) {
1369 * Received S(upervisory) frame, check which frame type it is
1370 * only the first nibble is of interest
1372 switch (control & 0x0f) {
1373 case RR:
1374 irlap_recv_rr_frame(self, skb, &info, command);
1375 break;
1376 case RNR:
1377 irlap_recv_rnr_frame(self, skb, &info, command);
1378 break;
1379 case REJ:
1380 irlap_recv_rej_frame(self, skb, &info, command);
1381 break;
1382 case SREJ:
1383 irlap_recv_srej_frame(self, skb, &info, command);
1384 break;
1385 default:
1386 IRDA_WARNING("%s: Unknown S-frame %02x received!\n",
1387 __func__, info.control);
1388 break;
1390 goto out;
1393 * This must be a C(ontrol) frame
1395 switch (control) {
1396 case XID_RSP:
1397 irlap_recv_discovery_xid_rsp(self, skb, &info);
1398 break;
1399 case XID_CMD:
1400 irlap_recv_discovery_xid_cmd(self, skb, &info);
1401 break;
1402 case SNRM_CMD:
1403 irlap_recv_snrm_cmd(self, skb, &info);
1404 break;
1405 case DM_RSP:
1406 irlap_do_event(self, RECV_DM_RSP, skb, &info);
1407 break;
1408 case DISC_CMD: /* And RD_RSP since they have the same value */
1409 irlap_recv_disc_frame(self, skb, &info, command);
1410 break;
1411 case TEST_CMD:
1412 irlap_recv_test_frame(self, skb, &info, command);
1413 break;
1414 case UA_RSP:
1415 irlap_recv_ua_frame(self, skb, &info);
1416 break;
1417 case FRMR_RSP:
1418 irlap_recv_frmr_frame(self, skb, &info);
1419 break;
1420 case UI_FRAME:
1421 irlap_recv_ui_frame(self, skb, &info);
1422 break;
1423 default:
1424 IRDA_WARNING("%s: Unknown frame %02x received!\n",
1425 __func__, info.control);
1426 break;
1428 out:
1429 ret = 0;
1430 err:
1431 /* Always drop our reference on the skb */
1432 dev_kfree_skb(skb);
1433 return ret;