1 /*********************************************************************
2  *
3  * Filename:      irlap_frame.c
4  * Version:       1.0
5  * Description:   Build and transmit IrLAP frames
6  * Status:        Stable
7  * Author:        Dag Brattli <dagb@cs.uit.no>
8  * Created at:    Tue Aug 19 10:27:26 1997
9  * Modified at:   Wed Jan  5 08:59:04 2000
10  * Modified by:   Dag Brattli <dagb@cs.uit.no>
11  *
12  *     Copyright (c) 1998-2000 Dag Brattli <dagb@cs.uit.no>,
13  *     All Rights Reserved.
14  *     Copyright (c) 2000-2003 Jean Tourrilhes <jt@hpl.hp.com>
15  *
16  *     This program is free software; you can redistribute it and/or
17  *     modify it under the terms of the GNU General Public License as
18  *     published by the Free Software Foundation; either version 2 of
19  *     the License, or (at your option) any later version.
20  *
21  *     Neither Dag Brattli nor University of Tromsø admit liability nor
22  *     provide warranty for any of this software. This material is
23  *     provided "AS-IS" and at no charge.
24  *
25  ********************************************************************/
26 
27 #include <linux/skbuff.h>
28 #include <linux/if.h>
29 #include <linux/if_ether.h>
30 #include <linux/netdevice.h>
31 #include <linux/irda.h>
32 #include <linux/slab.h>
33 
34 #include <net/pkt_sched.h>
35 #include <net/sock.h>
36 
37 #include <asm/byteorder.h>
38 
39 #include <net/irda/irda.h>
40 #include <net/irda/irda_device.h>
41 #include <net/irda/irlap.h>
42 #include <net/irda/wrapper.h>
43 #include <net/irda/timer.h>
44 #include <net/irda/irlap_frame.h>
45 #include <net/irda/qos.h>
46 
47 static void irlap_send_i_frame(struct irlap_cb *self, struct sk_buff *skb,
48 			       int command);
49 
50 /*
51  * Function irlap_insert_info (self, skb)
52  *
53  *    Insert minimum turnaround time and speed information into the skb. We
54  *    need to do this since it's per packet relevant information. Safe to
55  *    have this function inlined since it's only called from one place
56  */
irlap_insert_info(struct irlap_cb * self,struct sk_buff * skb)57 static inline void irlap_insert_info(struct irlap_cb *self,
58 				     struct sk_buff *skb)
59 {
60 	struct irda_skb_cb *cb = (struct irda_skb_cb *) skb->cb;
61 
62 	/*
63 	 * Insert MTT (min. turn time) and speed into skb, so that the
64 	 * device driver knows which settings to use
65 	 */
66 	cb->magic = LAP_MAGIC;
67 	cb->mtt = self->mtt_required;
68 	cb->next_speed = self->speed;
69 
70 	/* Reset */
71 	self->mtt_required = 0;
72 
73 	/*
74 	 * Delay equals negotiated BOFs count, plus the number of BOFs to
75 	 * force the negotiated minimum turnaround time
76 	 */
77 	cb->xbofs = self->bofs_count;
78 	cb->next_xbofs = self->next_bofs;
79 	cb->xbofs_delay = self->xbofs_delay;
80 
81 	/* Reset XBOF's delay (used only for getting min turn time) */
82 	self->xbofs_delay = 0;
83 	/* Put the correct xbofs value for the next packet */
84 	self->bofs_count = self->next_bofs;
85 }
86 
87 /*
88  * Function irlap_queue_xmit (self, skb)
89  *
90  *    A little wrapper for dev_queue_xmit, so we can insert some common
91  *    code into it.
92  */
irlap_queue_xmit(struct irlap_cb * self,struct sk_buff * skb)93 void irlap_queue_xmit(struct irlap_cb *self, struct sk_buff *skb)
94 {
95 	/* Some common init stuff */
96 	skb->dev = self->netdev;
97 	skb_reset_mac_header(skb);
98 	skb_reset_network_header(skb);
99 	skb_reset_transport_header(skb);
100 	skb->protocol = htons(ETH_P_IRDA);
101 	skb->priority = TC_PRIO_BESTEFFORT;
102 
103 	irlap_insert_info(self, skb);
104 
105 	if (unlikely(self->mode & IRDA_MODE_MONITOR)) {
106 		IRDA_DEBUG(3, "%s(): %s is in monitor mode\n", __func__,
107 			   self->netdev->name);
108 		dev_kfree_skb(skb);
109 		return;
110 	}
111 
112 	dev_queue_xmit(skb);
113 }
114 
115 /*
116  * Function irlap_send_snrm_cmd (void)
117  *
118  *    Transmits a connect SNRM command frame
119  */
irlap_send_snrm_frame(struct irlap_cb * self,struct qos_info * qos)120 void irlap_send_snrm_frame(struct irlap_cb *self, struct qos_info *qos)
121 {
122 	struct sk_buff *tx_skb;
123 	struct snrm_frame *frame;
124 	int ret;
125 
126 	IRDA_ASSERT(self != NULL, return;);
127 	IRDA_ASSERT(self->magic == LAP_MAGIC, return;);
128 
129 	/* Allocate frame */
130 	tx_skb = alloc_skb(sizeof(struct snrm_frame) +
131 			   IRLAP_NEGOCIATION_PARAMS_LEN,
132 			   GFP_ATOMIC);
133 	if (!tx_skb)
134 		return;
135 
136 	frame = (struct snrm_frame *) skb_put(tx_skb, 2);
137 
138 	/* Insert connection address field */
139 	if (qos)
140 		frame->caddr = CMD_FRAME | CBROADCAST;
141 	else
142 		frame->caddr = CMD_FRAME | self->caddr;
143 
144 	/* Insert control field */
145 	frame->control = SNRM_CMD | PF_BIT;
146 
147 	/*
148 	 *  If we are establishing a connection then insert QoS parameters
149 	 */
150 	if (qos) {
151 		skb_put(tx_skb, 9); /* 25 left */
152 		frame->saddr = cpu_to_le32(self->saddr);
153 		frame->daddr = cpu_to_le32(self->daddr);
154 
155 		frame->ncaddr = self->caddr;
156 
157 		ret = irlap_insert_qos_negotiation_params(self, tx_skb);
158 		if (ret < 0) {
159 			dev_kfree_skb(tx_skb);
160 			return;
161 		}
162 	}
163 	irlap_queue_xmit(self, tx_skb);
164 }
165 
166 /*
167  * Function irlap_recv_snrm_cmd (skb, info)
168  *
169  *    Received SNRM (Set Normal Response Mode) command frame
170  *
171  */
irlap_recv_snrm_cmd(struct irlap_cb * self,struct sk_buff * skb,struct irlap_info * info)172 static void irlap_recv_snrm_cmd(struct irlap_cb *self, struct sk_buff *skb,
173 				struct irlap_info *info)
174 {
175 	struct snrm_frame *frame;
176 
177 	if (pskb_may_pull(skb,sizeof(struct snrm_frame))) {
178 		frame = (struct snrm_frame *) skb->data;
179 
180 		/* Copy the new connection address ignoring the C/R bit */
181 		info->caddr = frame->ncaddr & 0xFE;
182 
183 		/* Check if the new connection address is valid */
184 		if ((info->caddr == 0x00) || (info->caddr == 0xfe)) {
185 			IRDA_DEBUG(3, "%s(), invalid connection address!\n",
186 				   __func__);
187 			return;
188 		}
189 
190 		/* Copy peer device address */
191 		info->daddr = le32_to_cpu(frame->saddr);
192 		info->saddr = le32_to_cpu(frame->daddr);
193 
194 		/* Only accept if addressed directly to us */
195 		if (info->saddr != self->saddr) {
196 			IRDA_DEBUG(2, "%s(), not addressed to us!\n",
197 				   __func__);
198 			return;
199 		}
200 		irlap_do_event(self, RECV_SNRM_CMD, skb, info);
201 	} else {
202 		/* Signal that this SNRM frame does not contain and I-field */
203 		irlap_do_event(self, RECV_SNRM_CMD, skb, NULL);
204 	}
205 }
206 
207 /*
208  * Function irlap_send_ua_response_frame (qos)
209  *
210  *    Send UA (Unnumbered Acknowledgement) frame
211  *
212  */
irlap_send_ua_response_frame(struct irlap_cb * self,struct qos_info * qos)213 void irlap_send_ua_response_frame(struct irlap_cb *self, struct qos_info *qos)
214 {
215 	struct sk_buff *tx_skb;
216 	struct ua_frame *frame;
217 	int ret;
218 
219 	IRDA_DEBUG(2, "%s() <%ld>\n", __func__, jiffies);
220 
221 	IRDA_ASSERT(self != NULL, return;);
222 	IRDA_ASSERT(self->magic == LAP_MAGIC, return;);
223 
224 	/* Allocate frame */
225 	tx_skb = alloc_skb(sizeof(struct ua_frame) +
226 			   IRLAP_NEGOCIATION_PARAMS_LEN,
227 			   GFP_ATOMIC);
228 	if (!tx_skb)
229 		return;
230 
231 	frame = (struct ua_frame *) skb_put(tx_skb, 10);
232 
233 	/* Build UA response */
234 	frame->caddr = self->caddr;
235 	frame->control = UA_RSP | PF_BIT;
236 
237 	frame->saddr = cpu_to_le32(self->saddr);
238 	frame->daddr = cpu_to_le32(self->daddr);
239 
240 	/* Should we send QoS negotiation parameters? */
241 	if (qos) {
242 		ret = irlap_insert_qos_negotiation_params(self, tx_skb);
243 		if (ret < 0) {
244 			dev_kfree_skb(tx_skb);
245 			return;
246 		}
247 	}
248 
249 	irlap_queue_xmit(self, tx_skb);
250 }
251 
252 
253 /*
254  * Function irlap_send_dm_frame (void)
255  *
256  *    Send disconnected mode (DM) frame
257  *
258  */
irlap_send_dm_frame(struct irlap_cb * self)259 void irlap_send_dm_frame( struct irlap_cb *self)
260 {
261 	struct sk_buff *tx_skb = NULL;
262 	struct dm_frame *frame;
263 
264 	IRDA_ASSERT(self != NULL, return;);
265 	IRDA_ASSERT(self->magic == LAP_MAGIC, return;);
266 
267 	tx_skb = alloc_skb(sizeof(struct dm_frame), GFP_ATOMIC);
268 	if (!tx_skb)
269 		return;
270 
271 	frame = (struct dm_frame *)skb_put(tx_skb, 2);
272 
273 	if (self->state == LAP_NDM)
274 		frame->caddr = CBROADCAST;
275 	else
276 		frame->caddr = self->caddr;
277 
278 	frame->control = DM_RSP | PF_BIT;
279 
280 	irlap_queue_xmit(self, tx_skb);
281 }
282 
283 /*
284  * Function irlap_send_disc_frame (void)
285  *
286  *    Send disconnect (DISC) frame
287  *
288  */
irlap_send_disc_frame(struct irlap_cb * self)289 void irlap_send_disc_frame(struct irlap_cb *self)
290 {
291 	struct sk_buff *tx_skb = NULL;
292 	struct disc_frame *frame;
293 
294 	IRDA_DEBUG(3, "%s()\n", __func__);
295 
296 	IRDA_ASSERT(self != NULL, return;);
297 	IRDA_ASSERT(self->magic == LAP_MAGIC, return;);
298 
299 	tx_skb = alloc_skb(sizeof(struct disc_frame), GFP_ATOMIC);
300 	if (!tx_skb)
301 		return;
302 
303 	frame = (struct disc_frame *)skb_put(tx_skb, 2);
304 
305 	frame->caddr = self->caddr | CMD_FRAME;
306 	frame->control = DISC_CMD | PF_BIT;
307 
308 	irlap_queue_xmit(self, tx_skb);
309 }
310 
311 /*
312  * Function irlap_send_discovery_xid_frame (S, s, command)
313  *
314  *    Build and transmit a XID (eXchange station IDentifier) discovery
315  *    frame.
316  */
irlap_send_discovery_xid_frame(struct irlap_cb * self,int S,__u8 s,__u8 command,discovery_t * discovery)317 void irlap_send_discovery_xid_frame(struct irlap_cb *self, int S, __u8 s,
318 				    __u8 command, discovery_t *discovery)
319 {
320 	struct sk_buff *tx_skb = NULL;
321 	struct xid_frame *frame;
322 	__u32 bcast = BROADCAST;
323 	__u8 *info;
324 
325 	IRDA_DEBUG(4, "%s(), s=%d, S=%d, command=%d\n", __func__,
326 		   s, S, command);
327 
328 	IRDA_ASSERT(self != NULL, return;);
329 	IRDA_ASSERT(self->magic == LAP_MAGIC, return;);
330 	IRDA_ASSERT(discovery != NULL, return;);
331 
332 	tx_skb = alloc_skb(sizeof(struct xid_frame) + IRLAP_DISCOVERY_INFO_LEN,
333 			   GFP_ATOMIC);
334 	if (!tx_skb)
335 		return;
336 
337 	skb_put(tx_skb, 14);
338 	frame = (struct xid_frame *) tx_skb->data;
339 
340 	if (command) {
341 		frame->caddr = CBROADCAST | CMD_FRAME;
342 		frame->control =  XID_CMD | PF_BIT;
343 	} else {
344 		frame->caddr = CBROADCAST;
345 		frame->control =  XID_RSP | PF_BIT;
346 	}
347 	frame->ident = XID_FORMAT;
348 
349 	frame->saddr = cpu_to_le32(self->saddr);
350 
351 	if (command)
352 		frame->daddr = cpu_to_le32(bcast);
353 	else
354 		frame->daddr = cpu_to_le32(discovery->data.daddr);
355 
356 	switch (S) {
357 	case 1:
358 		frame->flags = 0x00;
359 		break;
360 	case 6:
361 		frame->flags = 0x01;
362 		break;
363 	case 8:
364 		frame->flags = 0x02;
365 		break;
366 	case 16:
367 		frame->flags = 0x03;
368 		break;
369 	default:
370 		frame->flags = 0x02;
371 		break;
372 	}
373 
374 	frame->slotnr = s;
375 	frame->version = 0x00;
376 
377 	/*
378 	 *  Provide info for final slot only in commands, and for all
379 	 *  responses. Send the second byte of the hint only if the
380 	 *  EXTENSION bit is set in the first byte.
381 	 */
382 	if (!command || (frame->slotnr == 0xff)) {
383 		int len;
384 
385 		if (discovery->data.hints[0] & HINT_EXTENSION) {
386 			info = skb_put(tx_skb, 2);
387 			info[0] = discovery->data.hints[0];
388 			info[1] = discovery->data.hints[1];
389 		} else {
390 			info = skb_put(tx_skb, 1);
391 			info[0] = discovery->data.hints[0];
392 		}
393 		info = skb_put(tx_skb, 1);
394 		info[0] = discovery->data.charset;
395 
396 		len = IRDA_MIN(discovery->name_len, skb_tailroom(tx_skb));
397 		info = skb_put(tx_skb, len);
398 		memcpy(info, discovery->data.info, len);
399 	}
400 	irlap_queue_xmit(self, tx_skb);
401 }
402 
403 /*
404  * Function irlap_recv_discovery_xid_rsp (skb, info)
405  *
406  *    Received a XID discovery response
407  *
408  */
irlap_recv_discovery_xid_rsp(struct irlap_cb * self,struct sk_buff * skb,struct irlap_info * info)409 static void irlap_recv_discovery_xid_rsp(struct irlap_cb *self,
410 					 struct sk_buff *skb,
411 					 struct irlap_info *info)
412 {
413 	struct xid_frame *xid;
414 	discovery_t *discovery = NULL;
415 	__u8 *discovery_info;
416 	char *text;
417 
418 	IRDA_DEBUG(4, "%s()\n", __func__);
419 
420 	IRDA_ASSERT(self != NULL, return;);
421 	IRDA_ASSERT(self->magic == LAP_MAGIC, return;);
422 
423 	if (!pskb_may_pull(skb, sizeof(struct xid_frame))) {
424 		IRDA_ERROR("%s: frame too short!\n", __func__);
425 		return;
426 	}
427 
428 	xid = (struct xid_frame *) skb->data;
429 
430 	info->daddr = le32_to_cpu(xid->saddr);
431 	info->saddr = le32_to_cpu(xid->daddr);
432 
433 	/* Make sure frame is addressed to us */
434 	if ((info->saddr != self->saddr) && (info->saddr != BROADCAST)) {
435 		IRDA_DEBUG(0, "%s(), frame is not addressed to us!\n",
436 			   __func__);
437 		return;
438 	}
439 
440 	if ((discovery = kzalloc(sizeof(discovery_t), GFP_ATOMIC)) == NULL) {
441 		IRDA_WARNING("%s: kmalloc failed!\n", __func__);
442 		return;
443 	}
444 
445 	discovery->data.daddr = info->daddr;
446 	discovery->data.saddr = self->saddr;
447 	discovery->timestamp = jiffies;
448 
449 	IRDA_DEBUG(4, "%s(), daddr=%08x\n", __func__,
450 		   discovery->data.daddr);
451 
452 	discovery_info = skb_pull(skb, sizeof(struct xid_frame));
453 
454 	/* Get info returned from peer */
455 	discovery->data.hints[0] = discovery_info[0];
456 	if (discovery_info[0] & HINT_EXTENSION) {
457 		IRDA_DEBUG(4, "EXTENSION\n");
458 		discovery->data.hints[1] = discovery_info[1];
459 		discovery->data.charset = discovery_info[2];
460 		text = (char *) &discovery_info[3];
461 	} else {
462 		discovery->data.hints[1] = 0;
463 		discovery->data.charset = discovery_info[1];
464 		text = (char *) &discovery_info[2];
465 	}
466 	/*
467 	 *  Terminate info string, should be safe since this is where the
468 	 *  FCS bytes resides.
469 	 */
470 	skb->data[skb->len] = '\0';
471 	strncpy(discovery->data.info, text, NICKNAME_MAX_LEN);
472 	discovery->name_len = strlen(discovery->data.info);
473 
474 	info->discovery = discovery;
475 
476 	irlap_do_event(self, RECV_DISCOVERY_XID_RSP, skb, info);
477 }
478 
479 /*
480  * Function irlap_recv_discovery_xid_cmd (skb, info)
481  *
482  *    Received a XID discovery command
483  *
484  */
irlap_recv_discovery_xid_cmd(struct irlap_cb * self,struct sk_buff * skb,struct irlap_info * info)485 static void irlap_recv_discovery_xid_cmd(struct irlap_cb *self,
486 					 struct sk_buff *skb,
487 					 struct irlap_info *info)
488 {
489 	struct xid_frame *xid;
490 	discovery_t *discovery = NULL;
491 	__u8 *discovery_info;
492 	char *text;
493 
494 	if (!pskb_may_pull(skb, sizeof(struct xid_frame))) {
495 		IRDA_ERROR("%s: frame too short!\n", __func__);
496 		return;
497 	}
498 
499 	xid = (struct xid_frame *) skb->data;
500 
501 	info->daddr = le32_to_cpu(xid->saddr);
502 	info->saddr = le32_to_cpu(xid->daddr);
503 
504 	/* Make sure frame is addressed to us */
505 	if ((info->saddr != self->saddr) && (info->saddr != BROADCAST)) {
506 		IRDA_DEBUG(0, "%s(), frame is not addressed to us!\n",
507 			   __func__);
508 		return;
509 	}
510 
511 	switch (xid->flags & 0x03) {
512 	case 0x00:
513 		info->S = 1;
514 		break;
515 	case 0x01:
516 		info->S = 6;
517 		break;
518 	case 0x02:
519 		info->S = 8;
520 		break;
521 	case 0x03:
522 		info->S = 16;
523 		break;
524 	default:
525 		/* Error!! */
526 		return;
527 	}
528 	info->s = xid->slotnr;
529 
530 	discovery_info = skb_pull(skb, sizeof(struct xid_frame));
531 
532 	/*
533 	 *  Check if last frame
534 	 */
535 	if (info->s == 0xff) {
536 		/* Check if things are sane at this point... */
537 		if((discovery_info == NULL) ||
538 		   !pskb_may_pull(skb, 3)) {
539 			IRDA_ERROR("%s: discovery frame too short!\n",
540 				   __func__);
541 			return;
542 		}
543 
544 		/*
545 		 *  We now have some discovery info to deliver!
546 		 */
547 		discovery = kmalloc(sizeof(discovery_t), GFP_ATOMIC);
548 		if (!discovery) {
549 			IRDA_WARNING("%s: unable to malloc!\n", __func__);
550 			return;
551 		}
552 
553 		discovery->data.daddr = info->daddr;
554 		discovery->data.saddr = self->saddr;
555 		discovery->timestamp = jiffies;
556 
557 		discovery->data.hints[0] = discovery_info[0];
558 		if (discovery_info[0] & HINT_EXTENSION) {
559 			discovery->data.hints[1] = discovery_info[1];
560 			discovery->data.charset = discovery_info[2];
561 			text = (char *) &discovery_info[3];
562 		} else {
563 			discovery->data.hints[1] = 0;
564 			discovery->data.charset = discovery_info[1];
565 			text = (char *) &discovery_info[2];
566 		}
567 		/*
568 		 *  Terminate string, should be safe since this is where the
569 		 *  FCS bytes resides.
570 		 */
571 		skb->data[skb->len] = '\0';
572 		strncpy(discovery->data.info, text, NICKNAME_MAX_LEN);
573 		discovery->name_len = strlen(discovery->data.info);
574 
575 		info->discovery = discovery;
576 	} else
577 		info->discovery = NULL;
578 
579 	irlap_do_event(self, RECV_DISCOVERY_XID_CMD, skb, info);
580 }
581 
582 /*
583  * Function irlap_send_rr_frame (self, command)
584  *
585  *    Build and transmit RR (Receive Ready) frame. Notice that it is currently
586  *    only possible to send RR frames with the poll bit set.
587  */
irlap_send_rr_frame(struct irlap_cb * self,int command)588 void irlap_send_rr_frame(struct irlap_cb *self, int command)
589 {
590 	struct sk_buff *tx_skb;
591 	struct rr_frame *frame;
592 
593 	tx_skb = alloc_skb(sizeof(struct rr_frame), GFP_ATOMIC);
594 	if (!tx_skb)
595 		return;
596 
597 	frame = (struct rr_frame *)skb_put(tx_skb, 2);
598 
599 	frame->caddr = self->caddr;
600 	frame->caddr |= (command) ? CMD_FRAME : 0;
601 
602 	frame->control = RR | PF_BIT | (self->vr << 5);
603 
604 	irlap_queue_xmit(self, tx_skb);
605 }
606 
607 /*
608  * Function irlap_send_rd_frame (self)
609  *
610  *    Request disconnect. Used by a secondary station to request the
611  *    disconnection of the link.
612  */
irlap_send_rd_frame(struct irlap_cb * self)613 void irlap_send_rd_frame(struct irlap_cb *self)
614 {
615 	struct sk_buff *tx_skb;
616 	struct rd_frame *frame;
617 
618 	tx_skb = alloc_skb(sizeof(struct rd_frame), GFP_ATOMIC);
619 	if (!tx_skb)
620 		return;
621 
622 	frame = (struct rd_frame *)skb_put(tx_skb, 2);
623 
624 	frame->caddr = self->caddr;
625 	frame->caddr = RD_RSP | PF_BIT;
626 
627 	irlap_queue_xmit(self, tx_skb);
628 }
629 
630 /*
631  * Function irlap_recv_rr_frame (skb, info)
632  *
633  *    Received RR (Receive Ready) frame from peer station, no harm in
634  *    making it inline since its called only from one single place
635  *    (irlap_driver_rcv).
636  */
irlap_recv_rr_frame(struct irlap_cb * self,struct sk_buff * skb,struct irlap_info * info,int command)637 static inline void irlap_recv_rr_frame(struct irlap_cb *self,
638 				       struct sk_buff *skb,
639 				       struct irlap_info *info, int command)
640 {
641 	info->nr = skb->data[1] >> 5;
642 
643 	/* Check if this is a command or a response frame */
644 	if (command)
645 		irlap_do_event(self, RECV_RR_CMD, skb, info);
646 	else
647 		irlap_do_event(self, RECV_RR_RSP, skb, info);
648 }
649 
650 /*
651  * Function irlap_recv_rnr_frame (self, skb, info)
652  *
653  *    Received RNR (Receive Not Ready) frame from peer station
654  *
655  */
irlap_recv_rnr_frame(struct irlap_cb * self,struct sk_buff * skb,struct irlap_info * info,int command)656 static void irlap_recv_rnr_frame(struct irlap_cb *self, struct sk_buff *skb,
657 				 struct irlap_info *info, int command)
658 {
659 	info->nr = skb->data[1] >> 5;
660 
661 	IRDA_DEBUG(4, "%s(), nr=%d, %ld\n", __func__, info->nr, jiffies);
662 
663 	if (command)
664 		irlap_do_event(self, RECV_RNR_CMD, skb, info);
665 	else
666 		irlap_do_event(self, RECV_RNR_RSP, skb, info);
667 }
668 
irlap_recv_rej_frame(struct irlap_cb * self,struct sk_buff * skb,struct irlap_info * info,int command)669 static void irlap_recv_rej_frame(struct irlap_cb *self, struct sk_buff *skb,
670 				 struct irlap_info *info, int command)
671 {
672 	IRDA_DEBUG(0, "%s()\n", __func__);
673 
674 	info->nr = skb->data[1] >> 5;
675 
676 	/* Check if this is a command or a response frame */
677 	if (command)
678 		irlap_do_event(self, RECV_REJ_CMD, skb, info);
679 	else
680 		irlap_do_event(self, RECV_REJ_RSP, skb, info);
681 }
682 
irlap_recv_srej_frame(struct irlap_cb * self,struct sk_buff * skb,struct irlap_info * info,int command)683 static void irlap_recv_srej_frame(struct irlap_cb *self, struct sk_buff *skb,
684 				  struct irlap_info *info, int command)
685 {
686 	IRDA_DEBUG(0, "%s()\n", __func__);
687 
688 	info->nr = skb->data[1] >> 5;
689 
690 	/* Check if this is a command or a response frame */
691 	if (command)
692 		irlap_do_event(self, RECV_SREJ_CMD, skb, info);
693 	else
694 		irlap_do_event(self, RECV_SREJ_RSP, skb, info);
695 }
696 
irlap_recv_disc_frame(struct irlap_cb * self,struct sk_buff * skb,struct irlap_info * info,int command)697 static void irlap_recv_disc_frame(struct irlap_cb *self, struct sk_buff *skb,
698 				  struct irlap_info *info, int command)
699 {
700 	IRDA_DEBUG(2, "%s()\n", __func__);
701 
702 	/* Check if this is a command or a response frame */
703 	if (command)
704 		irlap_do_event(self, RECV_DISC_CMD, skb, info);
705 	else
706 		irlap_do_event(self, RECV_RD_RSP, skb, info);
707 }
708 
709 /*
710  * Function irlap_recv_ua_frame (skb, frame)
711  *
712  *    Received UA (Unnumbered Acknowledgement) frame
713  *
714  */
irlap_recv_ua_frame(struct irlap_cb * self,struct sk_buff * skb,struct irlap_info * info)715 static inline void irlap_recv_ua_frame(struct irlap_cb *self,
716 				       struct sk_buff *skb,
717 				       struct irlap_info *info)
718 {
719 	irlap_do_event(self, RECV_UA_RSP, skb, info);
720 }
721 
722 /*
723  * Function irlap_send_data_primary(self, skb)
724  *
725  *    Send I-frames as the primary station but without the poll bit set
726  *
727  */
irlap_send_data_primary(struct irlap_cb * self,struct sk_buff * skb)728 void irlap_send_data_primary(struct irlap_cb *self, struct sk_buff *skb)
729 {
730 	struct sk_buff *tx_skb;
731 
732 	if (skb->data[1] == I_FRAME) {
733 
734 		/*
735 		 *  Insert frame sequence number (Vs) in control field before
736 		 *  inserting into transmit window queue.
737 		 */
738 		skb->data[1] = I_FRAME | (self->vs << 1);
739 
740 		/*
741 		 *  Insert frame in store, in case of retransmissions
742 		 *  Increase skb reference count, see irlap_do_event()
743 		 */
744 		skb_get(skb);
745 		skb_queue_tail(&self->wx_list, skb);
746 
747 		/* Copy buffer */
748 		tx_skb = skb_clone(skb, GFP_ATOMIC);
749 		if (tx_skb == NULL) {
750 			return;
751 		}
752 
753 		self->vs = (self->vs + 1) % 8;
754 		self->ack_required = FALSE;
755 		self->window -= 1;
756 
757 		irlap_send_i_frame( self, tx_skb, CMD_FRAME);
758 	} else {
759 		IRDA_DEBUG(4, "%s(), sending unreliable frame\n", __func__);
760 		irlap_send_ui_frame(self, skb_get(skb), self->caddr, CMD_FRAME);
761 		self->window -= 1;
762 	}
763 }
764 /*
765  * Function irlap_send_data_primary_poll (self, skb)
766  *
767  *    Send I(nformation) frame as primary with poll bit set
768  */
irlap_send_data_primary_poll(struct irlap_cb * self,struct sk_buff * skb)769 void irlap_send_data_primary_poll(struct irlap_cb *self, struct sk_buff *skb)
770 {
771 	struct sk_buff *tx_skb;
772 	int transmission_time;
773 
774 	/* Stop P timer */
775 	del_timer(&self->poll_timer);
776 
777 	/* Is this reliable or unreliable data? */
778 	if (skb->data[1] == I_FRAME) {
779 
780 		/*
781 		 *  Insert frame sequence number (Vs) in control field before
782 		 *  inserting into transmit window queue.
783 		 */
784 		skb->data[1] = I_FRAME | (self->vs << 1);
785 
786 		/*
787 		 *  Insert frame in store, in case of retransmissions
788 		 *  Increase skb reference count, see irlap_do_event()
789 		 */
790 		skb_get(skb);
791 		skb_queue_tail(&self->wx_list, skb);
792 
793 		/* Copy buffer */
794 		tx_skb = skb_clone(skb, GFP_ATOMIC);
795 		if (tx_skb == NULL) {
796 			return;
797 		}
798 
799 		/*
800 		 *  Set poll bit if necessary. We do this to the copied
801 		 *  skb, since retransmitted need to set or clear the poll
802 		 *  bit depending on when they are sent.
803 		 */
804 		tx_skb->data[1] |= PF_BIT;
805 
806 		self->vs = (self->vs + 1) % 8;
807 		self->ack_required = FALSE;
808 
809 		irlap_next_state(self, LAP_NRM_P);
810 		irlap_send_i_frame(self, tx_skb, CMD_FRAME);
811 	} else {
812 		IRDA_DEBUG(4, "%s(), sending unreliable frame\n", __func__);
813 
814 		if (self->ack_required) {
815 			irlap_send_ui_frame(self, skb_get(skb), self->caddr, CMD_FRAME);
816 			irlap_next_state(self, LAP_NRM_P);
817 			irlap_send_rr_frame(self, CMD_FRAME);
818 			self->ack_required = FALSE;
819 		} else {
820 			skb->data[1] |= PF_BIT;
821 			irlap_next_state(self, LAP_NRM_P);
822 			irlap_send_ui_frame(self, skb_get(skb), self->caddr, CMD_FRAME);
823 		}
824 	}
825 
826 	/* How much time we took for transmission of all frames.
827 	 * We don't know, so let assume we used the full window. Jean II */
828 	transmission_time = self->final_timeout;
829 
830 	/* Reset parameter so that we can fill next window */
831 	self->window = self->window_size;
832 
833 #ifdef CONFIG_IRDA_DYNAMIC_WINDOW
834 	/* Remove what we have not used. Just do a prorata of the
835 	 * bytes left in window to window capacity.
836 	 * See max_line_capacities[][] in qos.c for details. Jean II */
837 	transmission_time -= (self->final_timeout * self->bytes_left
838 			      / self->line_capacity);
839 	IRDA_DEBUG(4, "%s() adjusting transmission_time : ft=%d, bl=%d, lc=%d -> tt=%d\n", __func__, self->final_timeout, self->bytes_left, self->line_capacity, transmission_time);
840 
841 	/* We are allowed to transmit a maximum number of bytes again. */
842 	self->bytes_left = self->line_capacity;
843 #endif /* CONFIG_IRDA_DYNAMIC_WINDOW */
844 
845 	/*
846 	 * The network layer has a intermediate buffer between IrLAP
847 	 * and the IrDA driver which can contain 8 frames. So, even
848 	 * though IrLAP is currently sending the *last* frame of the
849 	 * tx-window, the driver most likely has only just started
850 	 * sending the *first* frame of the same tx-window.
851 	 * I.e. we are always at the very beginning of or Tx window.
852 	 * Now, we are supposed to set the final timer from the end
853 	 * of our tx-window to let the other peer reply. So, we need
854 	 * to add extra time to compensate for the fact that we
855 	 * are really at the start of tx-window, otherwise the final timer
856 	 * might expire before he can answer...
857 	 * Jean II
858 	 */
859 	irlap_start_final_timer(self, self->final_timeout + transmission_time);
860 
861 	/*
862 	 * The clever amongst you might ask why we do this adjustement
863 	 * only here, and not in all the other cases in irlap_event.c.
864 	 * In all those other case, we only send a very short management
865 	 * frame (few bytes), so the adjustement would be lost in the
866 	 * noise...
867 	 * The exception of course is irlap_resend_rejected_frame().
868 	 * Jean II */
869 }
870 
871 /*
872  * Function irlap_send_data_secondary_final (self, skb)
873  *
874  *    Send I(nformation) frame as secondary with final bit set
875  *
876  */
irlap_send_data_secondary_final(struct irlap_cb * self,struct sk_buff * skb)877 void irlap_send_data_secondary_final(struct irlap_cb *self,
878 				     struct sk_buff *skb)
879 {
880 	struct sk_buff *tx_skb = NULL;
881 
882 	IRDA_ASSERT(self != NULL, return;);
883 	IRDA_ASSERT(self->magic == LAP_MAGIC, return;);
884 	IRDA_ASSERT(skb != NULL, return;);
885 
886 	/* Is this reliable or unreliable data? */
887 	if (skb->data[1] == I_FRAME) {
888 
889 		/*
890 		 *  Insert frame sequence number (Vs) in control field before
891 		 *  inserting into transmit window queue.
892 		 */
893 		skb->data[1] = I_FRAME | (self->vs << 1);
894 
895 		/*
896 		 *  Insert frame in store, in case of retransmissions
897 		 *  Increase skb reference count, see irlap_do_event()
898 		 */
899 		skb_get(skb);
900 		skb_queue_tail(&self->wx_list, skb);
901 
902 		tx_skb = skb_clone(skb, GFP_ATOMIC);
903 		if (tx_skb == NULL) {
904 			return;
905 		}
906 
907 		tx_skb->data[1] |= PF_BIT;
908 
909 		self->vs = (self->vs + 1) % 8;
910 		self->ack_required = FALSE;
911 
912 		irlap_send_i_frame(self, tx_skb, RSP_FRAME);
913 	} else {
914 		if (self->ack_required) {
915 			irlap_send_ui_frame(self, skb_get(skb), self->caddr, RSP_FRAME);
916 			irlap_send_rr_frame(self, RSP_FRAME);
917 			self->ack_required = FALSE;
918 		} else {
919 			skb->data[1] |= PF_BIT;
920 			irlap_send_ui_frame(self, skb_get(skb), self->caddr, RSP_FRAME);
921 		}
922 	}
923 
924 	self->window = self->window_size;
925 #ifdef CONFIG_IRDA_DYNAMIC_WINDOW
926 	/* We are allowed to transmit a maximum number of bytes again. */
927 	self->bytes_left = self->line_capacity;
928 #endif /* CONFIG_IRDA_DYNAMIC_WINDOW */
929 
930 	irlap_start_wd_timer(self, self->wd_timeout);
931 }
932 
933 /*
934  * Function irlap_send_data_secondary (self, skb)
935  *
936  *    Send I(nformation) frame as secondary without final bit set
937  *
938  */
irlap_send_data_secondary(struct irlap_cb * self,struct sk_buff * skb)939 void irlap_send_data_secondary(struct irlap_cb *self, struct sk_buff *skb)
940 {
941 	struct sk_buff *tx_skb = NULL;
942 
943 	/* Is this reliable or unreliable data? */
944 	if (skb->data[1] == I_FRAME) {
945 
946 		/*
947 		 *  Insert frame sequence number (Vs) in control field before
948 		 *  inserting into transmit window queue.
949 		 */
950 		skb->data[1] = I_FRAME | (self->vs << 1);
951 
952 		/*
953 		 *  Insert frame in store, in case of retransmissions
954 		 *  Increase skb reference count, see irlap_do_event()
955 		 */
956 		skb_get(skb);
957 		skb_queue_tail(&self->wx_list, skb);
958 
959 		tx_skb = skb_clone(skb, GFP_ATOMIC);
960 		if (tx_skb == NULL) {
961 			return;
962 		}
963 
964 		self->vs = (self->vs + 1) % 8;
965 		self->ack_required = FALSE;
966 		self->window -= 1;
967 
968 		irlap_send_i_frame(self, tx_skb, RSP_FRAME);
969 	} else {
970 		irlap_send_ui_frame(self, skb_get(skb), self->caddr, RSP_FRAME);
971 		self->window -= 1;
972 	}
973 }
974 
975 /*
976  * Function irlap_resend_rejected_frames (nr)
977  *
978  *    Resend frames which has not been acknowledged. Should be safe to
979  *    traverse the list without locking it since this function will only be
980  *    called from interrupt context (BH)
981  */
irlap_resend_rejected_frames(struct irlap_cb * self,int command)982 void irlap_resend_rejected_frames(struct irlap_cb *self, int command)
983 {
984 	struct sk_buff *tx_skb;
985 	struct sk_buff *skb;
986 
987 	IRDA_ASSERT(self != NULL, return;);
988 	IRDA_ASSERT(self->magic == LAP_MAGIC, return;);
989 
990 	/*  Resend unacknowledged frame(s) */
991 	skb_queue_walk(&self->wx_list, skb) {
992 		irlap_wait_min_turn_around(self, &self->qos_tx);
993 
994 		/* We copy the skb to be retransmitted since we will have to
995 		 * modify it. Cloning will confuse packet sniffers
996 		 */
997 		/* tx_skb = skb_clone( skb, GFP_ATOMIC); */
998 		tx_skb = skb_copy(skb, GFP_ATOMIC);
999 		if (!tx_skb) {
1000 			IRDA_DEBUG(0, "%s(), unable to copy\n", __func__);
1001 			return;
1002 		}
1003 
1004 		/* Clear old Nr field + poll bit */
1005 		tx_skb->data[1] &= 0x0f;
1006 
1007 		/*
1008 		 *  Set poll bit on the last frame retransmitted
1009 		 */
1010 		if (skb_queue_is_last(&self->wx_list, skb))
1011 			tx_skb->data[1] |= PF_BIT; /* Set p/f bit */
1012 		else
1013 			tx_skb->data[1] &= ~PF_BIT; /* Clear p/f bit */
1014 
1015 		irlap_send_i_frame(self, tx_skb, command);
1016 	}
1017 #if 0 /* Not yet */
1018 	/*
1019 	 *  We can now fill the window with additional data frames
1020 	 */
1021 	while (!skb_queue_empty(&self->txq)) {
1022 
1023 		IRDA_DEBUG(0, "%s(), sending additional frames!\n", __func__);
1024 		if (self->window > 0) {
1025 			skb = skb_dequeue( &self->txq);
1026 			IRDA_ASSERT(skb != NULL, return;);
1027 
1028 			/*
1029 			 *  If send window > 1 then send frame with pf
1030 			 *  bit cleared
1031 			 */
1032 			if ((self->window > 1) &&
1033 			    !skb_queue_empty(&self->txq)) {
1034 				irlap_send_data_primary(self, skb);
1035 			} else {
1036 				irlap_send_data_primary_poll(self, skb);
1037 			}
1038 			kfree_skb(skb);
1039 		}
1040 	}
1041 #endif
1042 }
1043 
irlap_resend_rejected_frame(struct irlap_cb * self,int command)1044 void irlap_resend_rejected_frame(struct irlap_cb *self, int command)
1045 {
1046 	struct sk_buff *tx_skb;
1047 	struct sk_buff *skb;
1048 
1049 	IRDA_ASSERT(self != NULL, return;);
1050 	IRDA_ASSERT(self->magic == LAP_MAGIC, return;);
1051 
1052 	/*  Resend unacknowledged frame(s) */
1053 	skb = skb_peek(&self->wx_list);
1054 	if (skb != NULL) {
1055 		irlap_wait_min_turn_around(self, &self->qos_tx);
1056 
1057 		/* We copy the skb to be retransmitted since we will have to
1058 		 * modify it. Cloning will confuse packet sniffers
1059 		 */
1060 		/* tx_skb = skb_clone( skb, GFP_ATOMIC); */
1061 		tx_skb = skb_copy(skb, GFP_ATOMIC);
1062 		if (!tx_skb) {
1063 			IRDA_DEBUG(0, "%s(), unable to copy\n", __func__);
1064 			return;
1065 		}
1066 
1067 		/* Clear old Nr field + poll bit */
1068 		tx_skb->data[1] &= 0x0f;
1069 
1070 		/*  Set poll/final bit */
1071 		tx_skb->data[1] |= PF_BIT; /* Set p/f bit */
1072 
1073 		irlap_send_i_frame(self, tx_skb, command);
1074 	}
1075 }
1076 
1077 /*
1078  * Function irlap_send_ui_frame (self, skb, command)
1079  *
1080  *    Contruct and transmit an Unnumbered Information (UI) frame
1081  *
1082  */
irlap_send_ui_frame(struct irlap_cb * self,struct sk_buff * skb,__u8 caddr,int command)1083 void irlap_send_ui_frame(struct irlap_cb *self, struct sk_buff *skb,
1084 			 __u8 caddr, int command)
1085 {
1086 	IRDA_DEBUG(4, "%s()\n", __func__);
1087 
1088 	IRDA_ASSERT(self != NULL, return;);
1089 	IRDA_ASSERT(self->magic == LAP_MAGIC, return;);
1090 	IRDA_ASSERT(skb != NULL, return;);
1091 
1092 	/* Insert connection address */
1093 	skb->data[0] = caddr | ((command) ? CMD_FRAME : 0);
1094 
1095 	irlap_queue_xmit(self, skb);
1096 }
1097 
1098 /*
1099  * Function irlap_send_i_frame (skb)
1100  *
1101  *    Contruct and transmit Information (I) frame
1102  */
irlap_send_i_frame(struct irlap_cb * self,struct sk_buff * skb,int command)1103 static void irlap_send_i_frame(struct irlap_cb *self, struct sk_buff *skb,
1104 			       int command)
1105 {
1106 	/* Insert connection address */
1107 	skb->data[0] = self->caddr;
1108 	skb->data[0] |= (command) ? CMD_FRAME : 0;
1109 
1110 	/* Insert next to receive (Vr) */
1111 	skb->data[1] |= (self->vr << 5);  /* insert nr */
1112 
1113 	irlap_queue_xmit(self, skb);
1114 }
1115 
1116 /*
1117  * Function irlap_recv_i_frame (skb, frame)
1118  *
1119  *    Receive and parse an I (Information) frame, no harm in making it inline
1120  *    since it's called only from one single place (irlap_driver_rcv).
1121  */
irlap_recv_i_frame(struct irlap_cb * self,struct sk_buff * skb,struct irlap_info * info,int command)1122 static inline void irlap_recv_i_frame(struct irlap_cb *self,
1123 				      struct sk_buff *skb,
1124 				      struct irlap_info *info, int command)
1125 {
1126 	info->nr = skb->data[1] >> 5;          /* Next to receive */
1127 	info->pf = skb->data[1] & PF_BIT;      /* Final bit */
1128 	info->ns = (skb->data[1] >> 1) & 0x07; /* Next to send */
1129 
1130 	/* Check if this is a command or a response frame */
1131 	if (command)
1132 		irlap_do_event(self, RECV_I_CMD, skb, info);
1133 	else
1134 		irlap_do_event(self, RECV_I_RSP, skb, info);
1135 }
1136 
1137 /*
1138  * Function irlap_recv_ui_frame (self, skb, info)
1139  *
1140  *    Receive and parse an Unnumbered Information (UI) frame
1141  *
1142  */
irlap_recv_ui_frame(struct irlap_cb * self,struct sk_buff * skb,struct irlap_info * info)1143 static void irlap_recv_ui_frame(struct irlap_cb *self, struct sk_buff *skb,
1144 				struct irlap_info *info)
1145 {
1146 	IRDA_DEBUG( 4, "%s()\n", __func__);
1147 
1148 	info->pf = skb->data[1] & PF_BIT;      /* Final bit */
1149 
1150 	irlap_do_event(self, RECV_UI_FRAME, skb, info);
1151 }
1152 
1153 /*
1154  * Function irlap_recv_frmr_frame (skb, frame)
1155  *
1156  *    Received Frame Reject response.
1157  *
1158  */
irlap_recv_frmr_frame(struct irlap_cb * self,struct sk_buff * skb,struct irlap_info * info)1159 static void irlap_recv_frmr_frame(struct irlap_cb *self, struct sk_buff *skb,
1160 				  struct irlap_info *info)
1161 {
1162 	__u8 *frame;
1163 	int w, x, y, z;
1164 
1165 	IRDA_DEBUG(0, "%s()\n", __func__);
1166 
1167 	IRDA_ASSERT(self != NULL, return;);
1168 	IRDA_ASSERT(self->magic == LAP_MAGIC, return;);
1169 	IRDA_ASSERT(skb != NULL, return;);
1170 	IRDA_ASSERT(info != NULL, return;);
1171 
1172 	if (!pskb_may_pull(skb, 4)) {
1173 		IRDA_ERROR("%s: frame too short!\n", __func__);
1174 		return;
1175 	}
1176 
1177 	frame = skb->data;
1178 
1179 	info->nr = frame[2] >> 5;          /* Next to receive */
1180 	info->pf = frame[2] & PF_BIT;      /* Final bit */
1181 	info->ns = (frame[2] >> 1) & 0x07; /* Next to send */
1182 
1183 	w = frame[3] & 0x01;
1184 	x = frame[3] & 0x02;
1185 	y = frame[3] & 0x04;
1186 	z = frame[3] & 0x08;
1187 
1188 	if (w) {
1189 		IRDA_DEBUG(0, "Rejected control field is undefined or not "
1190 		      "implemented.\n");
1191 	}
1192 	if (x) {
1193 		IRDA_DEBUG(0, "Rejected control field was invalid because it "
1194 		      "contained a non permitted I field.\n");
1195 	}
1196 	if (y) {
1197 		IRDA_DEBUG(0, "Received I field exceeded the maximum negotiated "
1198 		      "for the existing connection or exceeded the maximum "
1199 		      "this station supports if no connection exists.\n");
1200 	}
1201 	if (z) {
1202 		IRDA_DEBUG(0, "Rejected control field control field contained an "
1203 		      "invalid Nr count.\n");
1204 	}
1205 	irlap_do_event(self, RECV_FRMR_RSP, skb, info);
1206 }
1207 
1208 /*
1209  * Function irlap_send_test_frame (self, daddr)
1210  *
1211  *    Send a test frame response
1212  *
1213  */
irlap_send_test_frame(struct irlap_cb * self,__u8 caddr,__u32 daddr,struct sk_buff * cmd)1214 void irlap_send_test_frame(struct irlap_cb *self, __u8 caddr, __u32 daddr,
1215 			   struct sk_buff *cmd)
1216 {
1217 	struct sk_buff *tx_skb;
1218 	struct test_frame *frame;
1219 	__u8 *info;
1220 
1221 	tx_skb = alloc_skb(cmd->len + sizeof(struct test_frame), GFP_ATOMIC);
1222 	if (!tx_skb)
1223 		return;
1224 
1225 	/* Broadcast frames must include saddr and daddr fields */
1226 	if (caddr == CBROADCAST) {
1227 		frame = (struct test_frame *)
1228 			skb_put(tx_skb, sizeof(struct test_frame));
1229 
1230 		/* Insert the swapped addresses */
1231 		frame->saddr = cpu_to_le32(self->saddr);
1232 		frame->daddr = cpu_to_le32(daddr);
1233 	} else
1234 		frame = (struct test_frame *) skb_put(tx_skb, LAP_ADDR_HEADER + LAP_CTRL_HEADER);
1235 
1236 	frame->caddr = caddr;
1237 	frame->control = TEST_RSP | PF_BIT;
1238 
1239 	/* Copy info */
1240 	info = skb_put(tx_skb, cmd->len);
1241 	memcpy(info, cmd->data, cmd->len);
1242 
1243 	/* Return to sender */
1244 	irlap_wait_min_turn_around(self, &self->qos_tx);
1245 	irlap_queue_xmit(self, tx_skb);
1246 }
1247 
1248 /*
1249  * Function irlap_recv_test_frame (self, skb)
1250  *
1251  *    Receive a test frame
1252  *
1253  */
irlap_recv_test_frame(struct irlap_cb * self,struct sk_buff * skb,struct irlap_info * info,int command)1254 static void irlap_recv_test_frame(struct irlap_cb *self, struct sk_buff *skb,
1255 				  struct irlap_info *info, int command)
1256 {
1257 	struct test_frame *frame;
1258 
1259 	IRDA_DEBUG(2, "%s()\n", __func__);
1260 
1261 	if (!pskb_may_pull(skb, sizeof(*frame))) {
1262 		IRDA_ERROR("%s: frame too short!\n", __func__);
1263 		return;
1264 	}
1265 	frame = (struct test_frame *) skb->data;
1266 
1267 	/* Broadcast frames must carry saddr and daddr fields */
1268 	if (info->caddr == CBROADCAST) {
1269 		if (skb->len < sizeof(struct test_frame)) {
1270 			IRDA_DEBUG(0, "%s() test frame too short!\n",
1271 				   __func__);
1272 			return;
1273 		}
1274 
1275 		/* Read and swap addresses */
1276 		info->daddr = le32_to_cpu(frame->saddr);
1277 		info->saddr = le32_to_cpu(frame->daddr);
1278 
1279 		/* Make sure frame is addressed to us */
1280 		if ((info->saddr != self->saddr) &&
1281 		    (info->saddr != BROADCAST)) {
1282 			return;
1283 		}
1284 	}
1285 
1286 	if (command)
1287 		irlap_do_event(self, RECV_TEST_CMD, skb, info);
1288 	else
1289 		irlap_do_event(self, RECV_TEST_RSP, skb, info);
1290 }
1291 
1292 /*
1293  * Function irlap_driver_rcv (skb, netdev, ptype)
1294  *
1295  *    Called when a frame is received. Dispatches the right receive function
1296  *    for processing of the frame.
1297  *
1298  * Note on skb management :
1299  * After calling the higher layers of the IrDA stack, we always
1300  * kfree() the skb, which drop the reference count (and potentially
1301  * destroy it).
1302  * If a higher layer of the stack want to keep the skb around (to put
1303  * in a queue or pass it to the higher layer), it will need to use
1304  * skb_get() to keep a reference on it. This is usually done at the
1305  * LMP level in irlmp.c.
1306  * Jean II
1307  */
irlap_driver_rcv(struct sk_buff * skb,struct net_device * dev,struct packet_type * ptype,struct net_device * orig_dev)1308 int irlap_driver_rcv(struct sk_buff *skb, struct net_device *dev,
1309 		     struct packet_type *ptype, struct net_device *orig_dev)
1310 {
1311 	struct irlap_info info;
1312 	struct irlap_cb *self;
1313 	int command;
1314 	__u8 control;
1315 	int ret = -1;
1316 
1317 	if (!net_eq(dev_net(dev), &init_net))
1318 		goto out;
1319 
1320 	/* FIXME: should we get our own field? */
1321 	self = (struct irlap_cb *) dev->atalk_ptr;
1322 
1323 	/* If the net device is down, then IrLAP is gone! */
1324 	if (!self || self->magic != LAP_MAGIC)
1325 		goto err;
1326 
1327 	/* We are no longer an "old" protocol, so we need to handle
1328 	 * share and non linear skbs. This should never happen, so
1329 	 * we don't need to be clever about it. Jean II */
1330 	if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL) {
1331 		IRDA_ERROR("%s: can't clone shared skb!\n", __func__);
1332 		goto err;
1333 	}
1334 
1335 	/* Check if frame is large enough for parsing */
1336 	if (!pskb_may_pull(skb, 2)) {
1337 		IRDA_ERROR("%s: frame too short!\n", __func__);
1338 		goto err;
1339 	}
1340 
1341 	command    = skb->data[0] & CMD_FRAME;
1342 	info.caddr = skb->data[0] & CBROADCAST;
1343 
1344 	info.pf      = skb->data[1] &  PF_BIT;
1345 	info.control = skb->data[1] & ~PF_BIT; /* Mask away poll/final bit */
1346 
1347 	control = info.control;
1348 
1349 	/*  First we check if this frame has a valid connection address */
1350 	if ((info.caddr != self->caddr) && (info.caddr != CBROADCAST)) {
1351 		IRDA_DEBUG(0, "%s(), wrong connection address!\n",
1352 			   __func__);
1353 		goto out;
1354 	}
1355 	/*
1356 	 *  Optimize for the common case and check if the frame is an
1357 	 *  I(nformation) frame. Only I-frames have bit 0 set to 0
1358 	 */
1359 	if (~control & 0x01) {
1360 		irlap_recv_i_frame(self, skb, &info, command);
1361 		goto out;
1362 	}
1363 	/*
1364 	 *  We now check is the frame is an S(upervisory) frame. Only
1365 	 *  S-frames have bit 0 set to 1 and bit 1 set to 0
1366 	 */
1367 	if (~control & 0x02) {
1368 		/*
1369 		 *  Received S(upervisory) frame, check which frame type it is
1370 		 *  only the first nibble is of interest
1371 		 */
1372 		switch (control & 0x0f) {
1373 		case RR:
1374 			irlap_recv_rr_frame(self, skb, &info, command);
1375 			break;
1376 		case RNR:
1377 			irlap_recv_rnr_frame(self, skb, &info, command);
1378 			break;
1379 		case REJ:
1380 			irlap_recv_rej_frame(self, skb, &info, command);
1381 			break;
1382 		case SREJ:
1383 			irlap_recv_srej_frame(self, skb, &info, command);
1384 			break;
1385 		default:
1386 			IRDA_WARNING("%s: Unknown S-frame %02x received!\n",
1387 				__func__, info.control);
1388 			break;
1389 		}
1390 		goto out;
1391 	}
1392 	/*
1393 	 *  This must be a C(ontrol) frame
1394 	 */
1395 	switch (control) {
1396 	case XID_RSP:
1397 		irlap_recv_discovery_xid_rsp(self, skb, &info);
1398 		break;
1399 	case XID_CMD:
1400 		irlap_recv_discovery_xid_cmd(self, skb, &info);
1401 		break;
1402 	case SNRM_CMD:
1403 		irlap_recv_snrm_cmd(self, skb, &info);
1404 		break;
1405 	case DM_RSP:
1406 		irlap_do_event(self, RECV_DM_RSP, skb, &info);
1407 		break;
1408 	case DISC_CMD: /* And RD_RSP since they have the same value */
1409 		irlap_recv_disc_frame(self, skb, &info, command);
1410 		break;
1411 	case TEST_CMD:
1412 		irlap_recv_test_frame(self, skb, &info, command);
1413 		break;
1414 	case UA_RSP:
1415 		irlap_recv_ua_frame(self, skb, &info);
1416 		break;
1417 	case FRMR_RSP:
1418 		irlap_recv_frmr_frame(self, skb, &info);
1419 		break;
1420 	case UI_FRAME:
1421 		irlap_recv_ui_frame(self, skb, &info);
1422 		break;
1423 	default:
1424 		IRDA_WARNING("%s: Unknown frame %02x received!\n",
1425 				__func__, info.control);
1426 		break;
1427 	}
1428 out:
1429 	ret = 0;
1430 err:
1431 	/* Always drop our reference on the skb */
1432 	dev_kfree_skb(skb);
1433 	return ret;
1434 }
1435