OMAPDSS: VENC: fix NULL pointer dereference in DSS2 VENC sysfs debug attr on OMAP4
[zen-stable.git] / net / ax25 / ax25_subr.c
blobc6715ee4ab8f6099e25a58421998127df1a96dda
1 /*
2 * This program is free software; you can redistribute it and/or modify
3 * it under the terms of the GNU General Public License as published by
4 * the Free Software Foundation; either version 2 of the License, or
5 * (at your option) any later version.
7 * Copyright (C) Alan Cox GW4PTS (alan@lxorguk.ukuu.org.uk)
8 * Copyright (C) Jonathan Naylor G4KLX (g4klx@g4klx.demon.co.uk)
9 * Copyright (C) Joerg Reuter DL1BKE (jreuter@yaina.de)
10 * Copyright (C) Frederic Rible F1OAT (frible@teaser.fr)
12 #include <linux/errno.h>
13 #include <linux/types.h>
14 #include <linux/socket.h>
15 #include <linux/in.h>
16 #include <linux/kernel.h>
17 #include <linux/timer.h>
18 #include <linux/string.h>
19 #include <linux/sockios.h>
20 #include <linux/net.h>
21 #include <linux/slab.h>
22 #include <net/ax25.h>
23 #include <linux/inet.h>
24 #include <linux/netdevice.h>
25 #include <linux/skbuff.h>
26 #include <net/sock.h>
27 #include <net/tcp_states.h>
28 #include <asm/uaccess.h>
29 #include <asm/system.h>
30 #include <linux/fcntl.h>
31 #include <linux/mm.h>
32 #include <linux/interrupt.h>
35 * This routine purges all the queues of frames.
37 void ax25_clear_queues(ax25_cb *ax25)
39 skb_queue_purge(&ax25->write_queue);
40 skb_queue_purge(&ax25->ack_queue);
41 skb_queue_purge(&ax25->reseq_queue);
42 skb_queue_purge(&ax25->frag_queue);
46 * This routine purges the input queue of those frames that have been
47 * acknowledged. This replaces the boxes labelled "V(a) <- N(r)" on the
48 * SDL diagram.
50 void ax25_frames_acked(ax25_cb *ax25, unsigned short nr)
52 struct sk_buff *skb;
55 * Remove all the ack-ed frames from the ack queue.
57 if (ax25->va != nr) {
58 while (skb_peek(&ax25->ack_queue) != NULL && ax25->va != nr) {
59 skb = skb_dequeue(&ax25->ack_queue);
60 kfree_skb(skb);
61 ax25->va = (ax25->va + 1) % ax25->modulus;
66 void ax25_requeue_frames(ax25_cb *ax25)
68 struct sk_buff *skb;
71 * Requeue all the un-ack-ed frames on the output queue to be picked
72 * up by ax25_kick called from the timer. This arrangement handles the
73 * possibility of an empty output queue.
75 while ((skb = skb_dequeue_tail(&ax25->ack_queue)) != NULL)
76 skb_queue_head(&ax25->write_queue, skb);
80 * Validate that the value of nr is between va and vs. Return true or
81 * false for testing.
83 int ax25_validate_nr(ax25_cb *ax25, unsigned short nr)
85 unsigned short vc = ax25->va;
87 while (vc != ax25->vs) {
88 if (nr == vc) return 1;
89 vc = (vc + 1) % ax25->modulus;
92 if (nr == ax25->vs) return 1;
94 return 0;
98 * This routine is the centralised routine for parsing the control
99 * information for the different frame formats.
101 int ax25_decode(ax25_cb *ax25, struct sk_buff *skb, int *ns, int *nr, int *pf)
103 unsigned char *frame;
104 int frametype = AX25_ILLEGAL;
106 frame = skb->data;
107 *ns = *nr = *pf = 0;
109 if (ax25->modulus == AX25_MODULUS) {
110 if ((frame[0] & AX25_S) == 0) {
111 frametype = AX25_I; /* I frame - carries NR/NS/PF */
112 *ns = (frame[0] >> 1) & 0x07;
113 *nr = (frame[0] >> 5) & 0x07;
114 *pf = frame[0] & AX25_PF;
115 } else if ((frame[0] & AX25_U) == 1) { /* S frame - take out PF/NR */
116 frametype = frame[0] & 0x0F;
117 *nr = (frame[0] >> 5) & 0x07;
118 *pf = frame[0] & AX25_PF;
119 } else if ((frame[0] & AX25_U) == 3) { /* U frame - take out PF */
120 frametype = frame[0] & ~AX25_PF;
121 *pf = frame[0] & AX25_PF;
123 skb_pull(skb, 1);
124 } else {
125 if ((frame[0] & AX25_S) == 0) {
126 frametype = AX25_I; /* I frame - carries NR/NS/PF */
127 *ns = (frame[0] >> 1) & 0x7F;
128 *nr = (frame[1] >> 1) & 0x7F;
129 *pf = frame[1] & AX25_EPF;
130 skb_pull(skb, 2);
131 } else if ((frame[0] & AX25_U) == 1) { /* S frame - take out PF/NR */
132 frametype = frame[0] & 0x0F;
133 *nr = (frame[1] >> 1) & 0x7F;
134 *pf = frame[1] & AX25_EPF;
135 skb_pull(skb, 2);
136 } else if ((frame[0] & AX25_U) == 3) { /* U frame - take out PF */
137 frametype = frame[0] & ~AX25_PF;
138 *pf = frame[0] & AX25_PF;
139 skb_pull(skb, 1);
143 return frametype;
147 * This routine is called when the HDLC layer internally generates a
148 * command or response for the remote machine ( eg. RR, UA etc. ).
149 * Only supervisory or unnumbered frames are processed.
151 void ax25_send_control(ax25_cb *ax25, int frametype, int poll_bit, int type)
153 struct sk_buff *skb;
154 unsigned char *dptr;
156 if ((skb = alloc_skb(ax25->ax25_dev->dev->hard_header_len + 2, GFP_ATOMIC)) == NULL)
157 return;
159 skb_reserve(skb, ax25->ax25_dev->dev->hard_header_len);
161 skb_reset_network_header(skb);
163 /* Assume a response - address structure for DTE */
164 if (ax25->modulus == AX25_MODULUS) {
165 dptr = skb_put(skb, 1);
166 *dptr = frametype;
167 *dptr |= (poll_bit) ? AX25_PF : 0;
168 if ((frametype & AX25_U) == AX25_S) /* S frames carry NR */
169 *dptr |= (ax25->vr << 5);
170 } else {
171 if ((frametype & AX25_U) == AX25_U) {
172 dptr = skb_put(skb, 1);
173 *dptr = frametype;
174 *dptr |= (poll_bit) ? AX25_PF : 0;
175 } else {
176 dptr = skb_put(skb, 2);
177 dptr[0] = frametype;
178 dptr[1] = (ax25->vr << 1);
179 dptr[1] |= (poll_bit) ? AX25_EPF : 0;
183 ax25_transmit_buffer(ax25, skb, type);
187 * Send a 'DM' to an unknown connection attempt, or an invalid caller.
189 * Note: src here is the sender, thus it's the target of the DM
191 void ax25_return_dm(struct net_device *dev, ax25_address *src, ax25_address *dest, ax25_digi *digi)
193 struct sk_buff *skb;
194 char *dptr;
195 ax25_digi retdigi;
197 if (dev == NULL)
198 return;
200 if ((skb = alloc_skb(dev->hard_header_len + 1, GFP_ATOMIC)) == NULL)
201 return; /* Next SABM will get DM'd */
203 skb_reserve(skb, dev->hard_header_len);
204 skb_reset_network_header(skb);
206 ax25_digi_invert(digi, &retdigi);
208 dptr = skb_put(skb, 1);
210 *dptr = AX25_DM | AX25_PF;
213 * Do the address ourselves
215 dptr = skb_push(skb, ax25_addr_size(digi));
216 dptr += ax25_addr_build(dptr, dest, src, &retdigi, AX25_RESPONSE, AX25_MODULUS);
218 ax25_queue_xmit(skb, dev);
222 * Exponential backoff for AX.25
224 void ax25_calculate_t1(ax25_cb *ax25)
226 int n, t = 2;
228 switch (ax25->backoff) {
229 case 0:
230 break;
232 case 1:
233 t += 2 * ax25->n2count;
234 break;
236 case 2:
237 for (n = 0; n < ax25->n2count; n++)
238 t *= 2;
239 if (t > 8) t = 8;
240 break;
243 ax25->t1 = t * ax25->rtt;
247 * Calculate the Round Trip Time
249 void ax25_calculate_rtt(ax25_cb *ax25)
251 if (ax25->backoff == 0)
252 return;
254 if (ax25_t1timer_running(ax25) && ax25->n2count == 0)
255 ax25->rtt = (9 * ax25->rtt + ax25->t1 - ax25_display_timer(&ax25->t1timer)) / 10;
257 if (ax25->rtt < AX25_T1CLAMPLO)
258 ax25->rtt = AX25_T1CLAMPLO;
260 if (ax25->rtt > AX25_T1CLAMPHI)
261 ax25->rtt = AX25_T1CLAMPHI;
264 void ax25_disconnect(ax25_cb *ax25, int reason)
266 ax25_clear_queues(ax25);
268 ax25_stop_t1timer(ax25);
269 ax25_stop_t2timer(ax25);
270 ax25_stop_t3timer(ax25);
271 ax25_stop_idletimer(ax25);
273 ax25->state = AX25_STATE_0;
275 ax25_link_failed(ax25, reason);
277 if (ax25->sk != NULL) {
278 local_bh_disable();
279 bh_lock_sock(ax25->sk);
280 ax25->sk->sk_state = TCP_CLOSE;
281 ax25->sk->sk_err = reason;
282 ax25->sk->sk_shutdown |= SEND_SHUTDOWN;
283 if (!sock_flag(ax25->sk, SOCK_DEAD)) {
284 ax25->sk->sk_state_change(ax25->sk);
285 sock_set_flag(ax25->sk, SOCK_DEAD);
287 bh_unlock_sock(ax25->sk);
288 local_bh_enable();