OMAPDSS: VENC: fix NULL pointer dereference in DSS2 VENC sysfs debug attr on OMAP4
[zen-stable.git] / drivers / isdn / pcbit / capi.c
blobac5a91ccde8102b18a3ae39a7a309e6137f9b978
1 /*
2 * CAPI encoder/decoder for
3 * Portugal Telecom CAPI 2.0
5 * Copyright (C) 1996 Universidade de Lisboa
6 *
7 * Written by Pedro Roque Marques (roque@di.fc.ul.pt)
9 * This software may be used and distributed according to the terms of
10 * the GNU General Public License, incorporated herein by reference.
12 * Not compatible with the AVM Gmbh. CAPI 2.0
17 * Documentation:
18 * - "Common ISDN API - Perfil Português - Versão 2.1",
19 * Telecom Portugal, Fev 1992.
20 * - "Common ISDN API - Especificação de protocolos para
21 * acesso aos canais B", Inesc, Jan 1994.
25 * TODO: better decoding of Information Elements
26 * for debug purposes mainly
27 * encode our number in CallerPN and ConnectedPN
30 #include <linux/string.h>
31 #include <linux/kernel.h>
33 #include <linux/types.h>
34 #include <linux/slab.h>
35 #include <linux/mm.h>
37 #include <linux/skbuff.h>
39 #include <asm/io.h>
40 #include <asm/string.h>
42 #include <linux/isdnif.h>
44 #include "pcbit.h"
45 #include "edss1.h"
46 #include "capi.h"
50 * Encoding of CAPI messages
54 int capi_conn_req(const char * calledPN, struct sk_buff **skb, int proto)
56 ushort len;
59 * length
60 * AppInfoMask - 2
61 * BC0 - 3
62 * BC1 - 1
63 * Chan - 2
64 * Keypad - 1
65 * CPN - 1
66 * CPSA - 1
67 * CalledPN - 2 + strlen
68 * CalledPSA - 1
69 * rest... - 4
70 * ----------------
71 * Total 18 + strlen
74 len = 18 + strlen(calledPN);
76 if (proto == ISDN_PROTO_L2_TRANS)
77 len++;
79 if ((*skb = dev_alloc_skb(len)) == NULL) {
81 printk(KERN_WARNING "capi_conn_req: alloc_skb failed\n");
82 return -1;
85 /* InfoElmMask */
86 *((ushort*) skb_put(*skb, 2)) = AppInfoMask;
88 if (proto == ISDN_PROTO_L2_TRANS)
90 /* Bearer Capability - Mandatory*/
91 *(skb_put(*skb, 1)) = 3; /* BC0.Length */
92 *(skb_put(*skb, 1)) = 0x80; /* Speech */
93 *(skb_put(*skb, 1)) = 0x10; /* Circuit Mode */
94 *(skb_put(*skb, 1)) = 0x23; /* A-law */
96 else
98 /* Bearer Capability - Mandatory*/
99 *(skb_put(*skb, 1)) = 2; /* BC0.Length */
100 *(skb_put(*skb, 1)) = 0x88; /* Digital Information */
101 *(skb_put(*skb, 1)) = 0x90; /* BC0.Octect4 */
104 /* Bearer Capability - Optional*/
105 *(skb_put(*skb, 1)) = 0; /* BC1.Length = 0 */
107 *(skb_put(*skb, 1)) = 1; /* ChannelID.Length = 1 */
108 *(skb_put(*skb, 1)) = 0x83; /* Basic Interface - Any Channel */
110 *(skb_put(*skb, 1)) = 0; /* Keypad.Length = 0 */
113 *(skb_put(*skb, 1)) = 0; /* CallingPN.Length = 0 */
114 *(skb_put(*skb, 1)) = 0; /* CallingPSA.Length = 0 */
116 /* Called Party Number */
117 *(skb_put(*skb, 1)) = strlen(calledPN) + 1;
118 *(skb_put(*skb, 1)) = 0x81;
119 memcpy(skb_put(*skb, strlen(calledPN)), calledPN, strlen(calledPN));
121 /* '#' */
123 *(skb_put(*skb, 1)) = 0; /* CalledPSA.Length = 0 */
125 /* LLC.Length = 0; */
126 /* HLC0.Length = 0; */
127 /* HLC1.Length = 0; */
128 /* UTUS.Length = 0; */
129 memset(skb_put(*skb, 4), 0, 4);
131 return len;
134 int capi_conn_resp(struct pcbit_chan* chan, struct sk_buff **skb)
137 if ((*skb = dev_alloc_skb(5)) == NULL) {
139 printk(KERN_WARNING "capi_conn_resp: alloc_skb failed\n");
140 return -1;
143 *((ushort*) skb_put(*skb, 2) ) = chan->callref;
144 *(skb_put(*skb, 1)) = 0x01; /* ACCEPT_CALL */
145 *(skb_put(*skb, 1)) = 0;
146 *(skb_put(*skb, 1)) = 0;
148 return 5;
151 int capi_conn_active_req(struct pcbit_chan* chan, struct sk_buff **skb)
154 * 8 bytes
157 if ((*skb = dev_alloc_skb(8)) == NULL) {
159 printk(KERN_WARNING "capi_conn_active_req: alloc_skb failed\n");
160 return -1;
163 *((ushort*) skb_put(*skb, 2) ) = chan->callref;
165 #ifdef DEBUG
166 printk(KERN_DEBUG "Call Reference: %04x\n", chan->callref);
167 #endif
169 *(skb_put(*skb, 1)) = 0; /* BC.Length = 0; */
170 *(skb_put(*skb, 1)) = 0; /* ConnectedPN.Length = 0 */
171 *(skb_put(*skb, 1)) = 0; /* PSA.Length */
172 *(skb_put(*skb, 1)) = 0; /* LLC.Length = 0; */
173 *(skb_put(*skb, 1)) = 0; /* HLC.Length = 0; */
174 *(skb_put(*skb, 1)) = 0; /* UTUS.Length = 0; */
176 return 8;
179 int capi_conn_active_resp(struct pcbit_chan* chan, struct sk_buff **skb)
182 * 2 bytes
185 if ((*skb = dev_alloc_skb(2)) == NULL) {
187 printk(KERN_WARNING "capi_conn_active_resp: alloc_skb failed\n");
188 return -1;
191 *((ushort*) skb_put(*skb, 2) ) = chan->callref;
193 return 2;
197 int capi_select_proto_req(struct pcbit_chan *chan, struct sk_buff **skb,
198 int outgoing)
202 * 18 bytes
205 if ((*skb = dev_alloc_skb(18)) == NULL) {
207 printk(KERN_WARNING "capi_select_proto_req: alloc_skb failed\n");
208 return -1;
211 *((ushort*) skb_put(*skb, 2) ) = chan->callref;
213 /* Layer2 protocol */
215 switch (chan->proto) {
216 case ISDN_PROTO_L2_X75I:
217 *(skb_put(*skb, 1)) = 0x05; /* LAPB */
218 break;
219 case ISDN_PROTO_L2_HDLC:
220 *(skb_put(*skb, 1)) = 0x02;
221 break;
222 case ISDN_PROTO_L2_TRANS:
224 * Voice (a-law)
226 *(skb_put(*skb, 1)) = 0x06;
227 break;
228 default:
229 #ifdef DEBUG
230 printk(KERN_DEBUG "Transparent\n");
231 #endif
232 *(skb_put(*skb, 1)) = 0x03;
233 break;
236 *(skb_put(*skb, 1)) = (outgoing ? 0x02 : 0x42); /* Don't ask */
237 *(skb_put(*skb, 1)) = 0x00;
239 *((ushort *) skb_put(*skb, 2)) = MRU;
242 *(skb_put(*skb, 1)) = 0x08; /* Modulo */
243 *(skb_put(*skb, 1)) = 0x07; /* Max Window */
245 *(skb_put(*skb, 1)) = 0x01; /* No Layer3 Protocol */
248 * 2 - layer3 MTU [10]
249 * - Modulo [12]
250 * - Window
251 * - layer1 proto [14]
252 * - bitrate
253 * - sub-channel [16]
254 * - layer1dataformat [17]
257 memset(skb_put(*skb, 8), 0, 8);
259 return 18;
263 int capi_activate_transp_req(struct pcbit_chan *chan, struct sk_buff **skb)
266 if ((*skb = dev_alloc_skb(7)) == NULL) {
268 printk(KERN_WARNING "capi_activate_transp_req: alloc_skb failed\n");
269 return -1;
272 *((ushort*) skb_put(*skb, 2) ) = chan->callref;
275 *(skb_put(*skb, 1)) = chan->layer2link; /* Layer2 id */
276 *(skb_put(*skb, 1)) = 0x00; /* Transmit by default */
278 *((ushort *) skb_put(*skb, 2)) = MRU;
280 *(skb_put(*skb, 1)) = 0x01; /* Enables reception*/
282 return 7;
285 int capi_tdata_req(struct pcbit_chan* chan, struct sk_buff *skb)
287 ushort data_len;
291 * callref - 2
292 * layer2link - 1
293 * wBlockLength - 2
294 * data - 4
295 * sernum - 1
298 data_len = skb->len;
300 if(skb_headroom(skb) < 10)
302 printk(KERN_CRIT "No headspace (%u) on headroom %p for capi header\n", skb_headroom(skb), skb);
304 else
306 skb_push(skb, 10);
309 *((u16 *) (skb->data)) = chan->callref;
310 skb->data[2] = chan->layer2link;
311 *((u16 *) (skb->data + 3)) = data_len;
313 chan->s_refnum = (chan->s_refnum + 1) % 8;
314 *((u32 *) (skb->data + 5)) = chan->s_refnum;
316 skb->data[9] = 0; /* HDLC frame number */
318 return 10;
321 int capi_tdata_resp(struct pcbit_chan *chan, struct sk_buff ** skb)
324 if ((*skb = dev_alloc_skb(4)) == NULL) {
326 printk(KERN_WARNING "capi_tdata_resp: alloc_skb failed\n");
327 return -1;
330 *((ushort*) skb_put(*skb, 2) ) = chan->callref;
332 *(skb_put(*skb, 1)) = chan->layer2link;
333 *(skb_put(*skb, 1)) = chan->r_refnum;
335 return (*skb)->len;
338 int capi_disc_req(ushort callref, struct sk_buff **skb, u_char cause)
341 if ((*skb = dev_alloc_skb(6)) == NULL) {
343 printk(KERN_WARNING "capi_disc_req: alloc_skb failed\n");
344 return -1;
347 *((ushort*) skb_put(*skb, 2) ) = callref;
349 *(skb_put(*skb, 1)) = 2; /* Cause.Length = 2; */
350 *(skb_put(*skb, 1)) = 0x80;
351 *(skb_put(*skb, 1)) = 0x80 | cause;
354 * Change it: we should send 'Sic transit gloria Mundi' here ;-)
357 *(skb_put(*skb, 1)) = 0; /* UTUS.Length = 0; */
359 return 6;
362 int capi_disc_resp(struct pcbit_chan *chan, struct sk_buff **skb)
364 if ((*skb = dev_alloc_skb(2)) == NULL) {
366 printk(KERN_WARNING "capi_disc_resp: alloc_skb failed\n");
367 return -1;
370 *((ushort*) skb_put(*skb, 2)) = chan->callref;
372 return 2;
377 * Decoding of CAPI messages
381 int capi_decode_conn_ind(struct pcbit_chan * chan,
382 struct sk_buff *skb,
383 struct callb_data *info)
385 int CIlen, len;
387 /* Call Reference [CAPI] */
388 chan->callref = *((ushort*) skb->data);
389 skb_pull(skb, 2);
391 #ifdef DEBUG
392 printk(KERN_DEBUG "Call Reference: %04x\n", chan->callref);
393 #endif
395 /* Channel Identification */
397 /* Expect
398 Len = 1
399 Octect 3 = 0100 10CC - [ 7 Basic, 4 , 2-1 chan ]
402 CIlen = skb->data[0];
403 #ifdef DEBUG
404 if (CIlen == 1) {
406 if ( ((skb->data[1]) & 0xFC) == 0x48 )
407 printk(KERN_DEBUG "decode_conn_ind: chan ok\n");
408 printk(KERN_DEBUG "phyChan = %d\n", skb->data[1] & 0x03);
410 else
411 printk(KERN_DEBUG "conn_ind: CIlen = %d\n", CIlen);
412 #endif
413 skb_pull(skb, CIlen + 1);
415 /* Calling Party Number */
416 /* An "additional service" as far as Portugal Telecom is concerned */
418 len = skb->data[0];
420 if (len > 0) {
421 int count = 1;
423 #ifdef DEBUG
424 printk(KERN_DEBUG "CPN: Octect 3 %02x\n", skb->data[1]);
425 #endif
426 if ((skb->data[1] & 0x80) == 0)
427 count = 2;
429 if (!(info->data.setup.CallingPN = kmalloc(len - count + 1, GFP_ATOMIC)))
430 return -1;
432 skb_copy_from_linear_data_offset(skb, count + 1,
433 info->data.setup.CallingPN,
434 len - count);
435 info->data.setup.CallingPN[len - count] = 0;
438 else {
439 info->data.setup.CallingPN = NULL;
440 printk(KERN_DEBUG "NULL CallingPN\n");
443 skb_pull(skb, len + 1);
445 /* Calling Party Subaddress */
446 skb_pull(skb, skb->data[0] + 1);
448 /* Called Party Number */
450 len = skb->data[0];
452 if (len > 0) {
453 int count = 1;
455 if ((skb->data[1] & 0x80) == 0)
456 count = 2;
458 if (!(info->data.setup.CalledPN = kmalloc(len - count + 1, GFP_ATOMIC)))
459 return -1;
461 skb_copy_from_linear_data_offset(skb, count + 1,
462 info->data.setup.CalledPN,
463 len - count);
464 info->data.setup.CalledPN[len - count] = 0;
467 else {
468 info->data.setup.CalledPN = NULL;
469 printk(KERN_DEBUG "NULL CalledPN\n");
472 skb_pull(skb, len + 1);
474 /* Called Party Subaddress */
475 skb_pull(skb, skb->data[0] + 1);
477 /* LLC */
478 skb_pull(skb, skb->data[0] + 1);
480 /* HLC */
481 skb_pull(skb, skb->data[0] + 1);
483 /* U2U */
484 skb_pull(skb, skb->data[0] + 1);
486 return 0;
490 * returns errcode
493 int capi_decode_conn_conf(struct pcbit_chan * chan, struct sk_buff *skb,
494 int *complete)
496 int errcode;
498 chan->callref = *((ushort *) skb->data); /* Update CallReference */
499 skb_pull(skb, 2);
501 errcode = *((ushort *) skb->data); /* read errcode */
502 skb_pull(skb, 2);
504 *complete = *(skb->data);
505 skb_pull(skb, 1);
507 /* FIX ME */
508 /* This is actually a firmware bug */
509 if (!*complete)
511 printk(KERN_DEBUG "complete=%02x\n", *complete);
512 *complete = 1;
516 /* Optional Bearer Capability */
517 skb_pull(skb, *(skb->data) + 1);
519 /* Channel Identification */
520 skb_pull(skb, *(skb->data) + 1);
522 /* High Layer Compatibility follows */
523 skb_pull(skb, *(skb->data) + 1);
525 return errcode;
528 int capi_decode_conn_actv_ind(struct pcbit_chan * chan, struct sk_buff *skb)
530 ushort len;
531 #ifdef DEBUG
532 char str[32];
533 #endif
535 /* Yet Another Bearer Capability */
536 skb_pull(skb, *(skb->data) + 1);
539 /* Connected Party Number */
540 len=*(skb->data);
542 #ifdef DEBUG
543 if (len > 1 && len < 31) {
544 skb_copy_from_linear_data_offset(skb, 2, str, len - 1);
545 str[len] = 0;
546 printk(KERN_DEBUG "Connected Party Number: %s\n", str);
548 else
549 printk(KERN_DEBUG "actv_ind CPN len = %d\n", len);
550 #endif
552 skb_pull(skb, len + 1);
554 /* Connected Subaddress */
555 skb_pull(skb, *(skb->data) + 1);
557 /* Low Layer Capability */
558 skb_pull(skb, *(skb->data) + 1);
560 /* High Layer Capability */
561 skb_pull(skb, *(skb->data) + 1);
563 return 0;
566 int capi_decode_conn_actv_conf(struct pcbit_chan * chan, struct sk_buff *skb)
568 ushort errcode;
570 errcode = *((ushort*) skb->data);
571 skb_pull(skb, 2);
573 /* Channel Identification
574 skb_pull(skb, skb->data[0] + 1);
576 return errcode;
580 int capi_decode_sel_proto_conf(struct pcbit_chan *chan, struct sk_buff *skb)
582 ushort errcode;
584 chan->layer2link = *(skb->data);
585 skb_pull(skb, 1);
587 errcode = *((ushort*) skb->data);
588 skb_pull(skb, 2);
590 return errcode;
593 int capi_decode_actv_trans_conf(struct pcbit_chan *chan, struct sk_buff *skb)
595 ushort errcode;
597 if (chan->layer2link != *(skb->data) )
598 printk("capi_decode_actv_trans_conf: layer2link doesn't match\n");
600 skb_pull(skb, 1);
602 errcode = *((ushort*) skb->data);
603 skb_pull(skb, 2);
605 return errcode;
608 int capi_decode_disc_ind(struct pcbit_chan *chan, struct sk_buff *skb)
610 ushort len;
611 #ifdef DEBUG
612 int i;
613 #endif
614 /* Cause */
616 len = *(skb->data);
617 skb_pull(skb, 1);
619 #ifdef DEBUG
621 for (i=0; i<len; i++)
622 printk(KERN_DEBUG "Cause Octect %d: %02x\n", i+3,
623 *(skb->data + i));
624 #endif
626 skb_pull(skb, len);
628 return 0;
631 #ifdef DEBUG
632 int capi_decode_debug_188(u_char *hdr, ushort hdrlen)
634 char str[64];
635 int len;
637 len = hdr[0];
639 if (len < 64 && len == hdrlen - 1) {
640 memcpy(str, hdr + 1, hdrlen - 1);
641 str[hdrlen - 1] = 0;
642 printk("%s\n", str);
644 else
645 printk("debug message incorrect\n");
647 return 0;
649 #endif