1 /*
2 * Generic PPP layer for Linux.
3 *
4 * Copyright 1999-2002 Paul Mackerras.
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 *
11 * The generic PPP layer handles the PPP network interfaces, the
12 * /dev/ppp device, packet and VJ compression, and multilink.
13 * It talks to PPP `channels' via the interface defined in
14 * include/linux/ppp_channel.h. Channels provide the basic means for
15 * sending and receiving PPP frames on some kind of communications
16 * channel.
17 *
18 * Part of the code in this driver was inspired by the old async-only
19 * PPP driver, written by Michael Callahan and Al Longyear, and
20 * subsequently hacked by Paul Mackerras.
21 *
22 * ==FILEVERSION 20020217==
23 */
24
25 #include <linux/config.h>
26 #include <linux/module.h>
27 #include <linux/kernel.h>
28 #include <linux/kmod.h>
29 #include <linux/init.h>
30 #include <linux/list.h>
31 #include <linux/devfs_fs_kernel.h>
32 #include <linux/netdevice.h>
33 #include <linux/poll.h>
34 #include <linux/ppp_defs.h>
35 #include <linux/filter.h>
36 #include <linux/if_ppp.h>
37 #include <linux/ppp_channel.h>
38 #include <linux/ppp-comp.h>
39 #include <linux/skbuff.h>
40 #include <linux/rtnetlink.h>
41 #include <linux/if_arp.h>
42 #include <linux/ip.h>
43 #include <linux/tcp.h>
44 #include <linux/spinlock.h>
45 #include <linux/smp_lock.h>
46 #include <linux/rwsem.h>
47 #include <linux/stddef.h>
48 #include <net/slhc_vj.h>
49 #include <asm/atomic.h>
50
51 #define PPP_VERSION "2.4.2"
52
53 /*
54 * Network protocols we support.
55 */
56 #define NP_IP 0 /* Internet Protocol V4 */
57 #define NP_IPV6 1 /* Internet Protocol V6 */
58 #define NP_IPX 2 /* IPX protocol */
59 #define NP_AT 3 /* Appletalk protocol */
60 #define NUM_NP 4 /* Number of NPs. */
61
62 #define MPHDRLEN 6 /* multilink protocol header length */
63 #define MPHDRLEN_SSN 4 /* ditto with short sequence numbers */
64 #define MIN_FRAG_SIZE 64
65
66 /*
67 * An instance of /dev/ppp can be associated with either a ppp
68 * interface unit or a ppp channel. In both cases, file->private_data
69 * points to one of these.
70 */
71 struct ppp_file {
72 enum {
73 INTERFACE=1, CHANNEL
74 } kind;
75 struct sk_buff_head xq; /* pppd transmit queue */
76 struct sk_buff_head rq; /* receive queue for pppd */
77 wait_queue_head_t rwait; /* for poll on reading /dev/ppp */
78 atomic_t refcnt; /* # refs (incl /dev/ppp attached) */
79 int hdrlen; /* space to leave for headers */
80 int index; /* interface unit / channel number */
81 int dead; /* unit/channel has been shut down */
82 };
83
84 #define PF_TO_X(pf, X) ((X *)((char *)(pf) - offsetof(X, file)))
85
86 #define PF_TO_PPP(pf) PF_TO_X(pf, struct ppp)
87 #define PF_TO_CHANNEL(pf) PF_TO_X(pf, struct channel)
88
89 #define ROUNDUP(n, x) (((n) + (x) - 1) / (x))
90
91 /*
92 * Data structure describing one ppp unit.
93 * A ppp unit corresponds to a ppp network interface device
94 * and represents a multilink bundle.
95 * It can have 0 or more ppp channels connected to it.
96 */
97 struct ppp {
98 struct ppp_file file; /* stuff for read/write/poll 0 */
99 struct file *owner; /* file that owns this unit 48 */
100 struct list_head channels; /* list of attached channels 4c */
101 int n_channels; /* how many channels are attached 54 */
102 spinlock_t rlock; /* lock for receive side 58 */
103 spinlock_t wlock; /* lock for transmit side 5c */
104 int mru; /* max receive unit 60 */
105 unsigned int flags; /* control bits 64 */
106 unsigned int xstate; /* transmit state bits 68 */
107 unsigned int rstate; /* receive state bits 6c */
108 int debug; /* debug flags 70 */
109 struct slcompress *vj; /* state for VJ header compression */
110 enum NPmode npmode[NUM_NP]; /* what to do with each net proto 78 */
111 struct sk_buff *xmit_pending; /* a packet ready to go out 88 */
112 struct compressor *xcomp; /* transmit packet compressor 8c */
113 void *xc_state; /* its internal state 90 */
114 struct compressor *rcomp; /* receive decompressor 94 */
115 void *rc_state; /* its internal state 98 */
116 unsigned long last_xmit; /* jiffies when last pkt sent 9c */
117 unsigned long last_recv; /* jiffies when last pkt rcvd a0 */
118 struct net_device *dev; /* network interface device a4 */
119 #ifdef CONFIG_PPP_MULTILINK
120 int nxchan; /* next channel to send something on */
121 u32 nxseq; /* next sequence number to send */
122 int mrru; /* MP: max reconst. receive unit */
123 u32 nextseq; /* MP: seq no of next packet */
124 u32 minseq; /* MP: min of most recent seqnos */
125 struct sk_buff_head mrq; /* MP: receive reconstruction queue */
126 #endif /* CONFIG_PPP_MULTILINK */
127 struct net_device_stats stats; /* statistics */
128 #ifdef CONFIG_PPP_FILTER
129 struct sock_fprog pass_filter; /* filter for packets to pass */
130 struct sock_fprog active_filter;/* filter for pkts to reset idle */
131 #endif /* CONFIG_PPP_FILTER */
132 };
133
134 /*
135 * Bits in flags: SC_NO_TCP_CCID, SC_CCP_OPEN, SC_CCP_UP, SC_LOOP_TRAFFIC,
136 * SC_MULTILINK, SC_MP_SHORTSEQ, SC_MP_XSHORTSEQ, SC_COMP_TCP, SC_REJ_COMP_TCP.
137 * Bits in rstate: SC_DECOMP_RUN, SC_DC_ERROR, SC_DC_FERROR.
138 * Bits in xstate: SC_COMP_RUN
139 */
140 #define SC_FLAG_BITS (SC_NO_TCP_CCID|SC_CCP_OPEN|SC_CCP_UP|SC_LOOP_TRAFFIC \
141 |SC_MULTILINK|SC_MP_SHORTSEQ|SC_MP_XSHORTSEQ \
142 |SC_COMP_TCP|SC_REJ_COMP_TCP)
143
144 /*
145 * Private data structure for each channel.
146 * This includes the data structure used for multilink.
147 */
148 struct channel {
149 struct ppp_file file; /* stuff for read/write/poll */
150 struct list_head list; /* link in all/new_channels list */
151 struct ppp_channel *chan; /* public channel data structure */
152 struct rw_semaphore chan_sem; /* protects `chan' during chan ioctl */
153 spinlock_t downl; /* protects `chan', file.xq dequeue */
154 struct ppp *ppp; /* ppp unit we're connected to */
155 struct list_head clist; /* link in list of channels per unit */
156 rwlock_t upl; /* protects `ppp' */
157 #ifdef CONFIG_PPP_MULTILINK
158 u8 avail; /* flag used in multilink stuff */
159 u8 had_frag; /* >= 1 fragments have been sent */
160 u32 lastseq; /* MP: last sequence # received */
161 #endif /* CONFIG_PPP_MULTILINK */
162 };
163
164 /*
165 * SMP locking issues:
166 * Both the ppp.rlock and ppp.wlock locks protect the ppp.channels
167 * list and the ppp.n_channels field, you need to take both locks
168 * before you modify them.
169 * The lock ordering is: channel.upl -> ppp.wlock -> ppp.rlock ->
170 * channel.downl.
171 */
172
173 /*
174 * A cardmap represents a mapping from unsigned integers to pointers,
175 * and provides a fast "find lowest unused number" operation.
176 * It uses a broad (32-way) tree with a bitmap at each level.
177 * It is designed to be space-efficient for small numbers of entries
178 * and time-efficient for large numbers of entries.
179 */
180 #define CARDMAP_ORDER 5
181 #define CARDMAP_WIDTH (1U << CARDMAP_ORDER)
182 #define CARDMAP_MASK (CARDMAP_WIDTH - 1)
183
184 struct cardmap {
185 int shift;
186 unsigned long inuse;
187 struct cardmap *parent;
188 void *ptr[CARDMAP_WIDTH];
189 };
190 static void *cardmap_get(struct cardmap *map, unsigned int nr);
191 static void cardmap_set(struct cardmap **map, unsigned int nr, void *ptr);
192 static unsigned int cardmap_find_first_free(struct cardmap *map);
193 static void cardmap_destroy(struct cardmap **map);
194
195 /*
196 * all_ppp_sem protects the all_ppp_units mapping.
197 * It also ensures that finding a ppp unit in the all_ppp_units map
198 * and updating its file.refcnt field is atomic.
199 */
200 static DECLARE_MUTEX(all_ppp_sem);
201 static struct cardmap *all_ppp_units;
202 static atomic_t ppp_unit_count = ATOMIC_INIT(0);
203
204 /*
205 * all_channels_lock protects all_channels and last_channel_index,
206 * and the atomicity of find a channel and updating its file.refcnt
207 * field.
208 */
209 static spinlock_t all_channels_lock = SPIN_LOCK_UNLOCKED;
210 static LIST_HEAD(all_channels);
211 static LIST_HEAD(new_channels);
212 static int last_channel_index;
213 static atomic_t channel_count = ATOMIC_INIT(0);
214
215 /* Get the PPP protocol number from a skb */
216 #define PPP_PROTO(skb) (((skb)->data[0] << 8) + (skb)->data[1])
217
218 /* We limit the length of ppp->file.rq to this (arbitrary) value */
219 #define PPP_MAX_RQLEN 32
220
221 /*
222 * Maximum number of multilink fragments queued up.
223 * This has to be large enough to cope with the maximum latency of
224 * the slowest channel relative to the others. Strictly it should
225 * depend on the number of channels and their characteristics.
226 */
227 #define PPP_MP_MAX_QLEN 128
228
229 /* Multilink header bits. */
230 #define B 0x80 /* this fragment begins a packet */
231 #define E 0x40 /* this fragment ends a packet */
232
233 /* Compare multilink sequence numbers (assumed to be 32 bits wide) */
234 #define seq_before(a, b) ((s32)((a) - (b)) < 0)
235 #define seq_after(a, b) ((s32)((a) - (b)) > 0)
236
237 /* Prototypes. */
238 static int ppp_unattached_ioctl(struct ppp_file *pf, struct file *file,
239 unsigned int cmd, unsigned long arg);
240 static void ppp_xmit_process(struct ppp *ppp);
241 static void ppp_send_frame(struct ppp *ppp, struct sk_buff *skb);
242 static void ppp_push(struct ppp *ppp);
243 static void ppp_channel_push(struct channel *pch);
244 static void ppp_receive_frame(struct ppp *ppp, struct sk_buff *skb,
245 struct channel *pch);
246 static void ppp_receive_error(struct ppp *ppp);
247 static void ppp_receive_nonmp_frame(struct ppp *ppp, struct sk_buff *skb);
248 static struct sk_buff *ppp_decompress_frame(struct ppp *ppp,
249 struct sk_buff *skb);
250 #ifdef CONFIG_PPP_MULTILINK
251 static void ppp_receive_mp_frame(struct ppp *ppp, struct sk_buff *skb,
252 struct channel *pch);
253 static void ppp_mp_insert(struct ppp *ppp, struct sk_buff *skb);
254 static struct sk_buff *ppp_mp_reconstruct(struct ppp *ppp);
255 static int ppp_mp_explode(struct ppp *ppp, struct sk_buff *skb);
256 #endif /* CONFIG_PPP_MULTILINK */
257 static int ppp_set_compress(struct ppp *ppp, unsigned long arg);
258 static void ppp_ccp_peek(struct ppp *ppp, struct sk_buff *skb, int inbound);
259 static void ppp_ccp_closed(struct ppp *ppp);
260 static struct compressor *find_compressor(int type);
261 static void ppp_get_stats(struct ppp *ppp, struct ppp_stats *st);
262 static struct ppp *ppp_create_interface(int unit, int *retp);
263 static void init_ppp_file(struct ppp_file *pf, int kind);
264 static void ppp_shutdown_interface(struct ppp *ppp);
265 static void ppp_destroy_interface(struct ppp *ppp);
266 static struct ppp *ppp_find_unit(int unit);
267 static struct channel *ppp_find_channel(int unit);
268 static int ppp_connect_channel(struct channel *pch, int unit);
269 static int ppp_disconnect_channel(struct channel *pch);
270 static void ppp_destroy_channel(struct channel *pch);
271
272 /* Translates a PPP protocol number to a NP index (NP == network protocol) */
proto_to_npindex(int proto)273 static inline int proto_to_npindex(int proto)
274 {
275 switch (proto) {
276 case PPP_IP:
277 return NP_IP;
278 case PPP_IPV6:
279 return NP_IPV6;
280 case PPP_IPX:
281 return NP_IPX;
282 case PPP_AT:
283 return NP_AT;
284 }
285 return -EINVAL;
286 }
287
288 /* Translates an NP index into a PPP protocol number */
289 static const int npindex_to_proto[NUM_NP] = {
290 PPP_IP,
291 PPP_IPV6,
292 PPP_IPX,
293 PPP_AT,
294 };
295
296 /* Translates an ethertype into an NP index */
ethertype_to_npindex(int ethertype)297 static inline int ethertype_to_npindex(int ethertype)
298 {
299 switch (ethertype) {
300 case ETH_P_IP:
301 return NP_IP;
302 case ETH_P_IPV6:
303 return NP_IPV6;
304 case ETH_P_IPX:
305 return NP_IPX;
306 case ETH_P_PPPTALK:
307 case ETH_P_ATALK:
308 return NP_AT;
309 }
310 return -1;
311 }
312
313 /* Translates an NP index into an ethertype */
314 static const int npindex_to_ethertype[NUM_NP] = {
315 ETH_P_IP,
316 ETH_P_IPV6,
317 ETH_P_IPX,
318 ETH_P_PPPTALK,
319 };
320
321 /*
322 * Locking shorthand.
323 */
324 #define ppp_xmit_lock(ppp) spin_lock_bh(&(ppp)->wlock)
325 #define ppp_xmit_unlock(ppp) spin_unlock_bh(&(ppp)->wlock)
326 #define ppp_recv_lock(ppp) spin_lock_bh(&(ppp)->rlock)
327 #define ppp_recv_unlock(ppp) spin_unlock_bh(&(ppp)->rlock)
328 #define ppp_lock(ppp) do { ppp_xmit_lock(ppp); \
329 ppp_recv_lock(ppp); } while (0)
330 #define ppp_unlock(ppp) do { ppp_recv_unlock(ppp); \
331 ppp_xmit_unlock(ppp); } while (0)
332
333 /*
334 * /dev/ppp device routines.
335 * The /dev/ppp device is used by pppd to control the ppp unit.
336 * It supports the read, write, ioctl and poll functions.
337 * Open instances of /dev/ppp can be in one of three states:
338 * unattached, attached to a ppp unit, or attached to a ppp channel.
339 */
ppp_open(struct inode * inode,struct file * file)340 static int ppp_open(struct inode *inode, struct file *file)
341 {
342 /*
343 * This could (should?) be enforced by the permissions on /dev/ppp.
344 */
345 if (!capable(CAP_NET_ADMIN))
346 return -EPERM;
347 return 0;
348 }
349
ppp_release(struct inode * inode,struct file * file)350 static int ppp_release(struct inode *inode, struct file *file)
351 {
352 struct ppp_file *pf = file->private_data;
353 struct ppp *ppp;
354
355 if (pf != 0) {
356 file->private_data = 0;
357 if (pf->kind == INTERFACE) {
358 ppp = PF_TO_PPP(pf);
359 if (file == ppp->owner)
360 ppp_shutdown_interface(ppp);
361 }
362 if (atomic_dec_and_test(&pf->refcnt)) {
363 switch (pf->kind) {
364 case INTERFACE:
365 ppp_destroy_interface(PF_TO_PPP(pf));
366 break;
367 case CHANNEL:
368 ppp_destroy_channel(PF_TO_CHANNEL(pf));
369 break;
370 }
371 }
372 }
373 return 0;
374 }
375
ppp_read(struct file * file,char * buf,size_t count,loff_t * ppos)376 static ssize_t ppp_read(struct file *file, char *buf,
377 size_t count, loff_t *ppos)
378 {
379 struct ppp_file *pf = file->private_data;
380 DECLARE_WAITQUEUE(wait, current);
381 ssize_t ret = 0;
382 struct sk_buff *skb = 0;
383
384 if (pf == 0)
385 return -ENXIO;
386 add_wait_queue(&pf->rwait, &wait);
387 for (;;) {
388 set_current_state(TASK_INTERRUPTIBLE);
389 skb = skb_dequeue(&pf->rq);
390 if (skb)
391 break;
392 ret = 0;
393 if (pf->dead)
394 break;
395 ret = -EAGAIN;
396 if (file->f_flags & O_NONBLOCK)
397 break;
398 ret = -ERESTARTSYS;
399 if (signal_pending(current))
400 break;
401 schedule();
402 }
403 set_current_state(TASK_RUNNING);
404 remove_wait_queue(&pf->rwait, &wait);
405
406 if (skb == 0)
407 goto err1;
408
409 ret = -EOVERFLOW;
410 if (skb->len > count)
411 goto err2;
412 ret = -EFAULT;
413 if (copy_to_user(buf, skb->data, skb->len))
414 goto err2;
415 ret = skb->len;
416
417 err2:
418 kfree_skb(skb);
419 err1:
420 return ret;
421 }
422
ppp_write(struct file * file,const char * buf,size_t count,loff_t * ppos)423 static ssize_t ppp_write(struct file *file, const char *buf,
424 size_t count, loff_t *ppos)
425 {
426 struct ppp_file *pf = file->private_data;
427 struct sk_buff *skb;
428 ssize_t ret;
429
430 if (pf == 0)
431 return -ENXIO;
432 ret = -ENOMEM;
433 skb = alloc_skb(count + pf->hdrlen, GFP_KERNEL);
434 if (skb == 0)
435 goto err1;
436 skb_reserve(skb, pf->hdrlen);
437 ret = -EFAULT;
438 if (copy_from_user(skb_put(skb, count), buf, count)) {
439 kfree_skb(skb);
440 goto err1;
441 }
442
443 skb_queue_tail(&pf->xq, skb);
444
445 switch (pf->kind) {
446 case INTERFACE:
447 ppp_xmit_process(PF_TO_PPP(pf));
448 break;
449 case CHANNEL:
450 ppp_channel_push(PF_TO_CHANNEL(pf));
451 break;
452 }
453
454 ret = count;
455
456 err1:
457 return ret;
458 }
459
460 /* No kernel lock - fine */
ppp_poll(struct file * file,poll_table * wait)461 static unsigned int ppp_poll(struct file *file, poll_table *wait)
462 {
463 struct ppp_file *pf = file->private_data;
464 unsigned int mask;
465
466 if (pf == 0)
467 return 0;
468 poll_wait(file, &pf->rwait, wait);
469 mask = POLLOUT | POLLWRNORM;
470 if (skb_peek(&pf->rq) != 0)
471 mask |= POLLIN | POLLRDNORM;
472 if (pf->dead)
473 mask |= POLLHUP;
474 return mask;
475 }
476
ppp_ioctl(struct inode * inode,struct file * file,unsigned int cmd,unsigned long arg)477 static int ppp_ioctl(struct inode *inode, struct file *file,
478 unsigned int cmd, unsigned long arg)
479 {
480 struct ppp_file *pf = file->private_data;
481 struct ppp *ppp;
482 int err = -EFAULT, val, val2, i;
483 struct ppp_idle idle;
484 struct npioctl npi;
485 int unit, cflags;
486 struct slcompress *vj;
487
488 if (pf == 0)
489 return ppp_unattached_ioctl(pf, file, cmd, arg);
490
491 if (cmd == PPPIOCDETACH) {
492 /*
493 * We have to be careful here... if the file descriptor
494 * has been dup'd, we could have another process in the
495 * middle of a poll using the same file *, so we had
496 * better not free the interface data structures -
497 * instead we fail the ioctl. Even in this case, we
498 * shut down the interface if we are the owner of it.
499 * Actually, we should get rid of PPPIOCDETACH, userland
500 * (i.e. pppd) could achieve the same effect by closing
501 * this fd and reopening /dev/ppp.
502 */
503 err = -EINVAL;
504 if (pf->kind == INTERFACE) {
505 ppp = PF_TO_PPP(pf);
506 if (file == ppp->owner)
507 ppp_shutdown_interface(ppp);
508 }
509 if (atomic_read(&file->f_count) <= 2) {
510 ppp_release(inode, file);
511 err = 0;
512 } else
513 printk(KERN_DEBUG "PPPIOCDETACH file->f_count=%d\n",
514 atomic_read(&file->f_count));
515 return err;
516 }
517
518 if (pf->kind == CHANNEL) {
519 struct channel *pch = PF_TO_CHANNEL(pf);
520 struct ppp_channel *chan;
521
522 switch (cmd) {
523 case PPPIOCCONNECT:
524 if (get_user(unit, (int *) arg))
525 break;
526 err = ppp_connect_channel(pch, unit);
527 break;
528
529 case PPPIOCDISCONN:
530 err = ppp_disconnect_channel(pch);
531 break;
532
533 default:
534 down_read(&pch->chan_sem);
535 chan = pch->chan;
536 err = -ENOTTY;
537 if (chan && chan->ops->ioctl)
538 err = chan->ops->ioctl(chan, cmd, arg);
539 up_read(&pch->chan_sem);
540 }
541 return err;
542 }
543
544 if (pf->kind != INTERFACE) {
545 /* can't happen */
546 printk(KERN_ERR "PPP: not interface or channel??\n");
547 return -EINVAL;
548 }
549
550 ppp = PF_TO_PPP(pf);
551 switch (cmd) {
552 case PPPIOCSMRU:
553 if (get_user(val, (int *) arg))
554 break;
555 ppp->mru = val;
556 err = 0;
557 break;
558
559 case PPPIOCSFLAGS:
560 if (get_user(val, (int *) arg))
561 break;
562 ppp_lock(ppp);
563 cflags = ppp->flags & ~val;
564 ppp->flags = val & SC_FLAG_BITS;
565 ppp_unlock(ppp);
566 if (cflags & SC_CCP_OPEN)
567 ppp_ccp_closed(ppp);
568 err = 0;
569 break;
570
571 case PPPIOCGFLAGS:
572 val = ppp->flags | ppp->xstate | ppp->rstate;
573 if (put_user(val, (int *) arg))
574 break;
575 err = 0;
576 break;
577
578 case PPPIOCSCOMPRESS:
579 err = ppp_set_compress(ppp, arg);
580 break;
581
582 case PPPIOCGUNIT:
583 if (put_user(ppp->file.index, (int *) arg))
584 break;
585 err = 0;
586 break;
587
588 case PPPIOCSDEBUG:
589 if (get_user(val, (int *) arg))
590 break;
591 ppp->debug = val;
592 err = 0;
593 break;
594
595 case PPPIOCGDEBUG:
596 if (put_user(ppp->debug, (int *) arg))
597 break;
598 err = 0;
599 break;
600
601 case PPPIOCGIDLE:
602 idle.xmit_idle = (jiffies - ppp->last_xmit) / HZ;
603 idle.recv_idle = (jiffies - ppp->last_recv) / HZ;
604 if (copy_to_user((void *) arg, &idle, sizeof(idle)))
605 break;
606 err = 0;
607 break;
608
609 case PPPIOCSMAXCID:
610 if (get_user(val, (int *) arg))
611 break;
612 val2 = 15;
613 if ((val >> 16) != 0) {
614 val2 = val >> 16;
615 val &= 0xffff;
616 }
617 vj = slhc_init(val2+1, val+1);
618 if (vj == 0) {
619 printk(KERN_ERR "PPP: no memory (VJ compressor)\n");
620 err = -ENOMEM;
621 break;
622 }
623 ppp_lock(ppp);
624 if (ppp->vj != 0)
625 slhc_free(ppp->vj);
626 ppp->vj = vj;
627 ppp_unlock(ppp);
628 err = 0;
629 break;
630
631 case PPPIOCGNPMODE:
632 case PPPIOCSNPMODE:
633 if (copy_from_user(&npi, (void *) arg, sizeof(npi)))
634 break;
635 err = proto_to_npindex(npi.protocol);
636 if (err < 0)
637 break;
638 i = err;
639 if (cmd == PPPIOCGNPMODE) {
640 err = -EFAULT;
641 npi.mode = ppp->npmode[i];
642 if (copy_to_user((void *) arg, &npi, sizeof(npi)))
643 break;
644 } else {
645 ppp->npmode[i] = npi.mode;
646 /* we may be able to transmit more packets now (??) */
647 netif_wake_queue(ppp->dev);
648 }
649 err = 0;
650 break;
651
652 #ifdef CONFIG_PPP_FILTER
653 case PPPIOCSPASS:
654 case PPPIOCSACTIVE:
655 {
656 struct sock_fprog uprog, *filtp;
657 struct sock_filter *code = NULL;
658 int len;
659
660 if (copy_from_user(&uprog, (void *) arg, sizeof(uprog)))
661 break;
662 if (uprog.len > 0 && uprog.len < 65536) {
663 err = -ENOMEM;
664 len = uprog.len * sizeof(struct sock_filter);
665 code = kmalloc(len, GFP_KERNEL);
666 if (code == 0)
667 break;
668 err = -EFAULT;
669 if (copy_from_user(code, uprog.filter, len)) {
670 kfree(code);
671 break;
672 }
673 err = sk_chk_filter(code, uprog.len);
674 if (err) {
675 kfree(code);
676 break;
677 }
678 }
679 filtp = (cmd == PPPIOCSPASS)? &ppp->pass_filter: &ppp->active_filter;
680 ppp_lock(ppp);
681 if (filtp->filter)
682 kfree(filtp->filter);
683 filtp->filter = code;
684 filtp->len = uprog.len;
685 ppp_unlock(ppp);
686 err = 0;
687 break;
688 }
689 #endif /* CONFIG_PPP_FILTER */
690
691 #ifdef CONFIG_PPP_MULTILINK
692 case PPPIOCSMRRU:
693 if (get_user(val, (int *) arg))
694 break;
695 ppp_recv_lock(ppp);
696 ppp->mrru = val;
697 ppp_recv_unlock(ppp);
698 err = 0;
699 break;
700 #endif /* CONFIG_PPP_MULTILINK */
701
702 default:
703 err = -ENOTTY;
704 }
705
706 return err;
707 }
708
ppp_unattached_ioctl(struct ppp_file * pf,struct file * file,unsigned int cmd,unsigned long arg)709 static int ppp_unattached_ioctl(struct ppp_file *pf, struct file *file,
710 unsigned int cmd, unsigned long arg)
711 {
712 int unit, err = -EFAULT;
713 struct ppp *ppp;
714 struct channel *chan;
715
716 switch (cmd) {
717 case PPPIOCNEWUNIT:
718 /* Create a new ppp unit */
719 if (get_user(unit, (int *) arg))
720 break;
721 ppp = ppp_create_interface(unit, &err);
722 if (ppp == 0)
723 break;
724 file->private_data = &ppp->file;
725 ppp->owner = file;
726 err = -EFAULT;
727 if (put_user(ppp->file.index, (int *) arg))
728 break;
729 err = 0;
730 break;
731
732 case PPPIOCATTACH:
733 /* Attach to an existing ppp unit */
734 if (get_user(unit, (int *) arg))
735 break;
736 down(&all_ppp_sem);
737 err = -ENXIO;
738 ppp = ppp_find_unit(unit);
739 if (ppp != 0) {
740 atomic_inc(&ppp->file.refcnt);
741 file->private_data = &ppp->file;
742 err = 0;
743 }
744 up(&all_ppp_sem);
745 break;
746
747 case PPPIOCATTCHAN:
748 if (get_user(unit, (int *) arg))
749 break;
750 spin_lock_bh(&all_channels_lock);
751 err = -ENXIO;
752 chan = ppp_find_channel(unit);
753 if (chan != 0) {
754 atomic_inc(&chan->file.refcnt);
755 file->private_data = &chan->file;
756 err = 0;
757 }
758 spin_unlock_bh(&all_channels_lock);
759 break;
760
761 default:
762 err = -ENOTTY;
763 }
764 return err;
765 }
766
767 static struct file_operations ppp_device_fops = {
768 owner: THIS_MODULE,
769 read: ppp_read,
770 write: ppp_write,
771 poll: ppp_poll,
772 ioctl: ppp_ioctl,
773 open: ppp_open,
774 release: ppp_release
775 };
776
777 #define PPP_MAJOR 108
778
779 static devfs_handle_t devfs_handle;
780
781 /* Called at boot time if ppp is compiled into the kernel,
782 or at module load time (from init_module) if compiled as a module. */
ppp_init(void)783 int __init ppp_init(void)
784 {
785 int err;
786
787 printk(KERN_INFO "PPP generic driver version " PPP_VERSION "\n");
788 err = devfs_register_chrdev(PPP_MAJOR, "ppp", &ppp_device_fops);
789 if (err)
790 printk(KERN_ERR "failed to register PPP device (%d)\n", err);
791 devfs_handle = devfs_register(NULL, "ppp", DEVFS_FL_DEFAULT,
792 PPP_MAJOR, 0,
793 S_IFCHR | S_IRUSR | S_IWUSR,
794 &ppp_device_fops, NULL);
795
796 return 0;
797 }
798
799 /*
800 * Network interface unit routines.
801 */
802 static int
ppp_start_xmit(struct sk_buff * skb,struct net_device * dev)803 ppp_start_xmit(struct sk_buff *skb, struct net_device *dev)
804 {
805 struct ppp *ppp = (struct ppp *) dev->priv;
806 int npi, proto;
807 unsigned char *pp;
808
809 npi = ethertype_to_npindex(ntohs(skb->protocol));
810 if (npi < 0)
811 goto err1;
812
813 /* Drop, accept or reject the packet */
814 switch (ppp->npmode[npi]) {
815 case NPMODE_PASS:
816 break;
817 case NPMODE_QUEUE:
818 /* it would be nice to have a way to tell the network
819 system to queue this one up for later. */
820 goto err1;
821 case NPMODE_DROP:
822 case NPMODE_ERROR:
823 goto err1;
824 }
825
826 /* Put the 2-byte PPP protocol number on the front,
827 making sure there is room for the address and control fields. */
828 if (skb_headroom(skb) < PPP_HDRLEN) {
829 struct sk_buff *ns;
830
831 ns = alloc_skb(skb->len + dev->hard_header_len, GFP_ATOMIC);
832 if (ns == 0)
833 goto err1;
834 skb_reserve(ns, dev->hard_header_len);
835 memcpy(skb_put(ns, skb->len), skb->data, skb->len);
836 kfree_skb(skb);
837 skb = ns;
838 }
839 pp = skb_push(skb, 2);
840 proto = npindex_to_proto[npi];
841 pp[0] = proto >> 8;
842 pp[1] = proto;
843
844 netif_stop_queue(dev);
845 skb_queue_tail(&ppp->file.xq, skb);
846 ppp_xmit_process(ppp);
847 return 0;
848
849 err1:
850 kfree_skb(skb);
851 ++ppp->stats.tx_dropped;
852 return 0;
853 }
854
855 static struct net_device_stats *
ppp_net_stats(struct net_device * dev)856 ppp_net_stats(struct net_device *dev)
857 {
858 struct ppp *ppp = (struct ppp *) dev->priv;
859
860 return &ppp->stats;
861 }
862
863 static int
ppp_net_ioctl(struct net_device * dev,struct ifreq * ifr,int cmd)864 ppp_net_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
865 {
866 struct ppp *ppp = dev->priv;
867 int err = -EFAULT;
868 void *addr = (void *) ifr->ifr_ifru.ifru_data;
869 struct ppp_stats stats;
870 struct ppp_comp_stats cstats;
871 char *vers;
872
873 switch (cmd) {
874 case SIOCGPPPSTATS:
875 ppp_get_stats(ppp, &stats);
876 if (copy_to_user(addr, &stats, sizeof(stats)))
877 break;
878 err = 0;
879 break;
880
881 case SIOCGPPPCSTATS:
882 memset(&cstats, 0, sizeof(cstats));
883 if (ppp->xc_state != 0)
884 ppp->xcomp->comp_stat(ppp->xc_state, &cstats.c);
885 if (ppp->rc_state != 0)
886 ppp->rcomp->decomp_stat(ppp->rc_state, &cstats.d);
887 if (copy_to_user(addr, &cstats, sizeof(cstats)))
888 break;
889 err = 0;
890 break;
891
892 case SIOCGPPPVER:
893 vers = PPP_VERSION;
894 if (copy_to_user(addr, vers, strlen(vers) + 1))
895 break;
896 err = 0;
897 break;
898
899 default:
900 err = -EINVAL;
901 }
902
903 return err;
904 }
905
906 static int
ppp_net_init(struct net_device * dev)907 ppp_net_init(struct net_device *dev)
908 {
909 dev->hard_header_len = PPP_HDRLEN;
910 dev->mtu = PPP_MTU;
911 dev->hard_start_xmit = ppp_start_xmit;
912 dev->get_stats = ppp_net_stats;
913 dev->do_ioctl = ppp_net_ioctl;
914 dev->addr_len = 0;
915 dev->tx_queue_len = 3;
916 dev->type = ARPHRD_PPP;
917 dev->flags = IFF_POINTOPOINT | IFF_NOARP | IFF_MULTICAST;
918 return 0;
919 }
920
921 /*
922 * Transmit-side routines.
923 */
924
925 /*
926 * Called to do any work queued up on the transmit side
927 * that can now be done.
928 */
929 static void
ppp_xmit_process(struct ppp * ppp)930 ppp_xmit_process(struct ppp *ppp)
931 {
932 struct sk_buff *skb;
933
934 ppp_xmit_lock(ppp);
935 if (ppp->dev != 0) {
936 ppp_push(ppp);
937 while (ppp->xmit_pending == 0
938 && (skb = skb_dequeue(&ppp->file.xq)) != 0)
939 ppp_send_frame(ppp, skb);
940 /* If there's no work left to do, tell the core net
941 code that we can accept some more. */
942 if (ppp->xmit_pending == 0 && skb_peek(&ppp->file.xq) == 0)
943 netif_wake_queue(ppp->dev);
944 }
945 ppp_xmit_unlock(ppp);
946 }
947
948 /*
949 * Compress and send a frame.
950 * The caller should have locked the xmit path,
951 * and xmit_pending should be 0.
952 */
953 static void
ppp_send_frame(struct ppp * ppp,struct sk_buff * skb)954 ppp_send_frame(struct ppp *ppp, struct sk_buff *skb)
955 {
956 int proto = PPP_PROTO(skb);
957 struct sk_buff *new_skb;
958 int len;
959 unsigned char *cp;
960
961 if (proto < 0x8000) {
962 #ifdef CONFIG_PPP_FILTER
963 /* check if we should pass this packet */
964 /* the filter instructions are constructed assuming
965 a four-byte PPP header on each packet */
966 *skb_push(skb, 2) = 1;
967 if (ppp->pass_filter.filter
968 && sk_run_filter(skb, ppp->pass_filter.filter,
969 ppp->pass_filter.len) == 0) {
970 if (ppp->debug & 1)
971 printk(KERN_DEBUG "PPP: outbound frame not passed\n");
972 kfree_skb(skb);
973 return;
974 }
975 /* if this packet passes the active filter, record the time */
976 if (!(ppp->active_filter.filter
977 && sk_run_filter(skb, ppp->active_filter.filter,
978 ppp->active_filter.len) == 0))
979 ppp->last_xmit = jiffies;
980 skb_pull(skb, 2);
981 #else
982 /* for data packets, record the time */
983 ppp->last_xmit = jiffies;
984 #endif /* CONFIG_PPP_FILTER */
985 }
986
987 ++ppp->stats.tx_packets;
988 ppp->stats.tx_bytes += skb->len - 2;
989
990 switch (proto) {
991 case PPP_IP:
992 if (ppp->vj == 0 || (ppp->flags & SC_COMP_TCP) == 0)
993 break;
994 /* try to do VJ TCP header compression */
995 new_skb = alloc_skb(skb->len + ppp->dev->hard_header_len - 2,
996 GFP_ATOMIC);
997 if (new_skb == 0) {
998 printk(KERN_ERR "PPP: no memory (VJ comp pkt)\n");
999 goto drop;
1000 }
1001 skb_reserve(new_skb, ppp->dev->hard_header_len - 2);
1002 cp = skb->data + 2;
1003 len = slhc_compress(ppp->vj, cp, skb->len - 2,
1004 new_skb->data + 2, &cp,
1005 !(ppp->flags & SC_NO_TCP_CCID));
1006 if (cp == skb->data + 2) {
1007 /* didn't compress */
1008 kfree_skb(new_skb);
1009 } else {
1010 if (cp[0] & SL_TYPE_COMPRESSED_TCP) {
1011 proto = PPP_VJC_COMP;
1012 cp[0] &= ~SL_TYPE_COMPRESSED_TCP;
1013 } else {
1014 proto = PPP_VJC_UNCOMP;
1015 cp[0] = skb->data[2];
1016 }
1017 kfree_skb(skb);
1018 skb = new_skb;
1019 cp = skb_put(skb, len + 2);
1020 cp[0] = 0;
1021 cp[1] = proto;
1022 }
1023 break;
1024
1025 case PPP_CCP:
1026 /* peek at outbound CCP frames */
1027 ppp_ccp_peek(ppp, skb, 0);
1028 break;
1029 }
1030
1031 /* try to do packet compression */
1032 if ((ppp->xstate & SC_COMP_RUN) && ppp->xc_state != 0
1033 && proto != PPP_LCP && proto != PPP_CCP) {
1034 new_skb = alloc_skb(ppp->dev->mtu + ppp->dev->hard_header_len,
1035 GFP_ATOMIC);
1036 if (new_skb == 0) {
1037 printk(KERN_ERR "PPP: no memory (comp pkt)\n");
1038 goto drop;
1039 }
1040 if (ppp->dev->hard_header_len > PPP_HDRLEN)
1041 skb_reserve(new_skb,
1042 ppp->dev->hard_header_len - PPP_HDRLEN);
1043
1044 /* compressor still expects A/C bytes in hdr */
1045 len = ppp->xcomp->compress(ppp->xc_state, skb->data - 2,
1046 new_skb->data, skb->len + 2,
1047 ppp->dev->mtu + PPP_HDRLEN);
1048 if (len > 0 && (ppp->flags & SC_CCP_UP)) {
1049 kfree_skb(skb);
1050 skb = new_skb;
1051 skb_put(skb, len);
1052 skb_pull(skb, 2); /* pull off A/C bytes */
1053 } else {
1054 /* didn't compress, or CCP not up yet */
1055 kfree_skb(new_skb);
1056 }
1057 }
1058
1059 /*
1060 * If we are waiting for traffic (demand dialling),
1061 * queue it up for pppd to receive.
1062 */
1063 if (ppp->flags & SC_LOOP_TRAFFIC) {
1064 if (ppp->file.rq.qlen > PPP_MAX_RQLEN)
1065 goto drop;
1066 skb_queue_tail(&ppp->file.rq, skb);
1067 wake_up_interruptible(&ppp->file.rwait);
1068 return;
1069 }
1070
1071 ppp->xmit_pending = skb;
1072 ppp_push(ppp);
1073 return;
1074
1075 drop:
1076 kfree_skb(skb);
1077 ++ppp->stats.tx_errors;
1078 }
1079
1080 /*
1081 * Try to send the frame in xmit_pending.
1082 * The caller should have the xmit path locked.
1083 */
1084 static void
ppp_push(struct ppp * ppp)1085 ppp_push(struct ppp *ppp)
1086 {
1087 struct list_head *list;
1088 struct channel *pch;
1089 struct sk_buff *skb = ppp->xmit_pending;
1090
1091 if (skb == 0)
1092 return;
1093
1094 list = &ppp->channels;
1095 if (list_empty(list)) {
1096 /* nowhere to send the packet, just drop it */
1097 ppp->xmit_pending = 0;
1098 kfree_skb(skb);
1099 return;
1100 }
1101
1102 if ((ppp->flags & SC_MULTILINK) == 0) {
1103 /* not doing multilink: send it down the first channel */
1104 list = list->next;
1105 pch = list_entry(list, struct channel, clist);
1106
1107 spin_lock_bh(&pch->downl);
1108 if (pch->chan) {
1109 if (pch->chan->ops->start_xmit(pch->chan, skb))
1110 ppp->xmit_pending = 0;
1111 } else {
1112 /* channel got unregistered */
1113 kfree_skb(skb);
1114 ppp->xmit_pending = 0;
1115 }
1116 spin_unlock_bh(&pch->downl);
1117 return;
1118 }
1119
1120 #ifdef CONFIG_PPP_MULTILINK
1121 /* Multilink: fragment the packet over as many links
1122 as can take the packet at the moment. */
1123 if (!ppp_mp_explode(ppp, skb))
1124 return;
1125 #endif /* CONFIG_PPP_MULTILINK */
1126
1127 ppp->xmit_pending = 0;
1128 kfree_skb(skb);
1129 }
1130
1131 #ifdef CONFIG_PPP_MULTILINK
1132 /*
1133 * Divide a packet to be transmitted into fragments and
1134 * send them out the individual links.
1135 */
ppp_mp_explode(struct ppp * ppp,struct sk_buff * skb)1136 static int ppp_mp_explode(struct ppp *ppp, struct sk_buff *skb)
1137 {
1138 int nch, len, fragsize;
1139 int i, bits, hdrlen, mtu;
1140 int flen, fnb;
1141 unsigned char *p, *q;
1142 struct list_head *list;
1143 struct channel *pch;
1144 struct sk_buff *frag;
1145 struct ppp_channel *chan;
1146
1147 nch = 0;
1148 hdrlen = (ppp->flags & SC_MP_XSHORTSEQ)? MPHDRLEN_SSN: MPHDRLEN;
1149 list = &ppp->channels;
1150 while ((list = list->next) != &ppp->channels) {
1151 pch = list_entry(list, struct channel, clist);
1152 nch += pch->avail = (skb_queue_len(&pch->file.xq) == 0);
1153 /*
1154 * If a channel hasn't had a fragment yet, it has to get
1155 * one before we send any fragments on later channels.
1156 * If it can't take a fragment now, don't give any
1157 * to subsequent channels.
1158 */
1159 if (!pch->had_frag && !pch->avail) {
1160 while ((list = list->next) != &ppp->channels) {
1161 pch = list_entry(list, struct channel, clist);
1162 pch->avail = 0;
1163 }
1164 break;
1165 }
1166 }
1167 if (nch == 0)
1168 return 0; /* can't take now, leave it in xmit_pending */
1169
1170 /* Do protocol field compression (XXX this should be optional) */
1171 p = skb->data;
1172 len = skb->len;
1173 if (*p == 0) {
1174 ++p;
1175 --len;
1176 }
1177
1178 /* decide on fragment size */
1179 fragsize = len;
1180 if (nch > 1) {
1181 int maxch = ROUNDUP(len, MIN_FRAG_SIZE);
1182 if (nch > maxch)
1183 nch = maxch;
1184 fragsize = ROUNDUP(fragsize, nch);
1185 }
1186
1187 /* skip to the channel after the one we last used
1188 and start at that one */
1189 for (i = 0; i < ppp->nxchan; ++i) {
1190 list = list->next;
1191 if (list == &ppp->channels) {
1192 i = 0;
1193 break;
1194 }
1195 }
1196
1197 /* create a fragment for each channel */
1198 bits = B;
1199 do {
1200 list = list->next;
1201 if (list == &ppp->channels) {
1202 i = 0;
1203 continue;
1204 }
1205 pch = list_entry(list, struct channel, clist);
1206 ++i;
1207 if (!pch->avail)
1208 continue;
1209
1210 /* check the channel's mtu and whether it is still attached. */
1211 spin_lock_bh(&pch->downl);
1212 if (pch->chan == 0 || (mtu = pch->chan->mtu) < hdrlen) {
1213 /* can't use this channel */
1214 spin_unlock_bh(&pch->downl);
1215 pch->avail = 0;
1216 if (--nch == 0)
1217 break;
1218 continue;
1219 }
1220
1221 /*
1222 * We have to create multiple fragments for this channel
1223 * if fragsize is greater than the channel's mtu.
1224 */
1225 if (fragsize > len)
1226 fragsize = len;
1227 for (flen = fragsize; flen > 0; flen -= fnb) {
1228 fnb = flen;
1229 if (fnb > mtu + 2 - hdrlen)
1230 fnb = mtu + 2 - hdrlen;
1231 if (fnb >= len)
1232 bits |= E;
1233 frag = alloc_skb(fnb + hdrlen, GFP_ATOMIC);
1234 if (frag == 0)
1235 goto noskb;
1236 q = skb_put(frag, fnb + hdrlen);
1237 /* make the MP header */
1238 q[0] = PPP_MP >> 8;
1239 q[1] = PPP_MP;
1240 if (ppp->flags & SC_MP_XSHORTSEQ) {
1241 q[2] = bits + ((ppp->nxseq >> 8) & 0xf);
1242 q[3] = ppp->nxseq;
1243 } else {
1244 q[2] = bits;
1245 q[3] = ppp->nxseq >> 16;
1246 q[4] = ppp->nxseq >> 8;
1247 q[5] = ppp->nxseq;
1248 }
1249
1250 /* copy the data in */
1251 memcpy(q + hdrlen, p, fnb);
1252
1253 /* try to send it down the channel */
1254 chan = pch->chan;
1255 if (!chan->ops->start_xmit(chan, frag))
1256 skb_queue_tail(&pch->file.xq, frag);
1257 pch->had_frag = 1;
1258 p += fnb;
1259 len -= fnb;
1260 ++ppp->nxseq;
1261 bits = 0;
1262 }
1263 spin_unlock_bh(&pch->downl);
1264 } while (len > 0);
1265 ppp->nxchan = i;
1266
1267 return 1;
1268
1269 noskb:
1270 spin_unlock_bh(&pch->downl);
1271 if (ppp->debug & 1)
1272 printk(KERN_ERR "PPP: no memory (fragment)\n");
1273 ++ppp->stats.tx_errors;
1274 ++ppp->nxseq;
1275 return 1; /* abandon the frame */
1276 }
1277 #endif /* CONFIG_PPP_MULTILINK */
1278
1279 /*
1280 * Try to send data out on a channel.
1281 */
1282 static void
ppp_channel_push(struct channel * pch)1283 ppp_channel_push(struct channel *pch)
1284 {
1285 struct sk_buff *skb;
1286 struct ppp *ppp;
1287
1288 spin_lock_bh(&pch->downl);
1289 if (pch->chan != 0) {
1290 while (skb_queue_len(&pch->file.xq) > 0) {
1291 skb = skb_dequeue(&pch->file.xq);
1292 if (!pch->chan->ops->start_xmit(pch->chan, skb)) {
1293 /* put the packet back and try again later */
1294 skb_queue_head(&pch->file.xq, skb);
1295 break;
1296 }
1297 }
1298 } else {
1299 /* channel got deregistered */
1300 skb_queue_purge(&pch->file.xq);
1301 }
1302 spin_unlock_bh(&pch->downl);
1303 /* see if there is anything from the attached unit to be sent */
1304 if (skb_queue_len(&pch->file.xq) == 0) {
1305 read_lock_bh(&pch->upl);
1306 ppp = pch->ppp;
1307 if (ppp != 0)
1308 ppp_xmit_process(ppp);
1309 read_unlock_bh(&pch->upl);
1310 }
1311 }
1312
1313 /*
1314 * Receive-side routines.
1315 */
1316
1317 /* misuse a few fields of the skb for MP reconstruction */
1318 #define sequence priority
1319 #define BEbits cb[0]
1320
1321 static inline void
ppp_do_recv(struct ppp * ppp,struct sk_buff * skb,struct channel * pch)1322 ppp_do_recv(struct ppp *ppp, struct sk_buff *skb, struct channel *pch)
1323 {
1324 ppp_recv_lock(ppp);
1325 /* ppp->dev == 0 means interface is closing down */
1326 if (ppp->dev != 0)
1327 ppp_receive_frame(ppp, skb, pch);
1328 else
1329 kfree_skb(skb);
1330 ppp_recv_unlock(ppp);
1331 }
1332
1333 void
ppp_input(struct ppp_channel * chan,struct sk_buff * skb)1334 ppp_input(struct ppp_channel *chan, struct sk_buff *skb)
1335 {
1336 struct channel *pch = chan->ppp;
1337 int proto;
1338
1339 if (pch == 0 || skb->len == 0) {
1340 kfree_skb(skb);
1341 return;
1342 }
1343
1344 proto = PPP_PROTO(skb);
1345 read_lock_bh(&pch->upl);
1346 if (pch->ppp == 0 || proto >= 0xc000 || proto == PPP_CCPFRAG) {
1347 /* put it on the channel queue */
1348 skb_queue_tail(&pch->file.rq, skb);
1349 /* drop old frames if queue too long */
1350 while (pch->file.rq.qlen > PPP_MAX_RQLEN
1351 && (skb = skb_dequeue(&pch->file.rq)) != 0)
1352 kfree_skb(skb);
1353 wake_up_interruptible(&pch->file.rwait);
1354 } else {
1355 ppp_do_recv(pch->ppp, skb, pch);
1356 }
1357 read_unlock_bh(&pch->upl);
1358 }
1359
1360 /* Put a 0-length skb in the receive queue as an error indication */
1361 void
ppp_input_error(struct ppp_channel * chan,int code)1362 ppp_input_error(struct ppp_channel *chan, int code)
1363 {
1364 struct channel *pch = chan->ppp;
1365 struct sk_buff *skb;
1366
1367 if (pch == 0)
1368 return;
1369
1370 read_lock_bh(&pch->upl);
1371 if (pch->ppp != 0) {
1372 skb = alloc_skb(0, GFP_ATOMIC);
1373 if (skb != 0) {
1374 skb->len = 0; /* probably unnecessary */
1375 skb->cb[0] = code;
1376 ppp_do_recv(pch->ppp, skb, pch);
1377 }
1378 }
1379 read_unlock_bh(&pch->upl);
1380 }
1381
1382 /*
1383 * We come in here to process a received frame.
1384 * The receive side of the ppp unit is locked.
1385 */
1386 static void
ppp_receive_frame(struct ppp * ppp,struct sk_buff * skb,struct channel * pch)1387 ppp_receive_frame(struct ppp *ppp, struct sk_buff *skb, struct channel *pch)
1388 {
1389 if (skb->len >= 2) {
1390 #ifdef CONFIG_PPP_MULTILINK
1391 /* XXX do channel-level decompression here */
1392 if (PPP_PROTO(skb) == PPP_MP)
1393 ppp_receive_mp_frame(ppp, skb, pch);
1394 else
1395 #endif /* CONFIG_PPP_MULTILINK */
1396 ppp_receive_nonmp_frame(ppp, skb);
1397 return;
1398 }
1399
1400 if (skb->len > 0)
1401 /* note: a 0-length skb is used as an error indication */
1402 ++ppp->stats.rx_length_errors;
1403
1404 kfree_skb(skb);
1405 ppp_receive_error(ppp);
1406 }
1407
1408 static void
ppp_receive_error(struct ppp * ppp)1409 ppp_receive_error(struct ppp *ppp)
1410 {
1411 ++ppp->stats.rx_errors;
1412 if (ppp->vj != 0)
1413 slhc_toss(ppp->vj);
1414 }
1415
1416 static void
ppp_receive_nonmp_frame(struct ppp * ppp,struct sk_buff * skb)1417 ppp_receive_nonmp_frame(struct ppp *ppp, struct sk_buff *skb)
1418 {
1419 struct sk_buff *ns;
1420 int proto, len, npi;
1421
1422 /*
1423 * Decompress the frame, if compressed.
1424 * Note that some decompressors need to see uncompressed frames
1425 * that come in as well as compressed frames.
1426 */
1427 if (ppp->rc_state != 0 && (ppp->rstate & SC_DECOMP_RUN)
1428 && (ppp->rstate & (SC_DC_FERROR | SC_DC_ERROR)) == 0)
1429 skb = ppp_decompress_frame(ppp, skb);
1430
1431 proto = PPP_PROTO(skb);
1432 switch (proto) {
1433 case PPP_VJC_COMP:
1434 /* decompress VJ compressed packets */
1435 if (ppp->vj == 0 || (ppp->flags & SC_REJ_COMP_TCP))
1436 goto err;
1437 if (skb_tailroom(skb) < 124) {
1438 /* copy to a new sk_buff with more tailroom */
1439 ns = dev_alloc_skb(skb->len + 128);
1440 if (ns == 0) {
1441 printk(KERN_ERR"PPP: no memory (VJ decomp)\n");
1442 goto err;
1443 }
1444 skb_reserve(ns, 2);
1445 memcpy(skb_put(ns, skb->len), skb->data, skb->len);
1446 kfree_skb(skb);
1447 skb = ns;
1448 }
1449 len = slhc_uncompress(ppp->vj, skb->data + 2, skb->len - 2);
1450 if (len <= 0) {
1451 printk(KERN_DEBUG "PPP: VJ decompression error\n");
1452 goto err;
1453 }
1454 len += 2;
1455 if (len > skb->len)
1456 skb_put(skb, len - skb->len);
1457 else if (len < skb->len)
1458 skb_trim(skb, len);
1459 proto = PPP_IP;
1460 break;
1461
1462 case PPP_VJC_UNCOMP:
1463 if (ppp->vj == 0 || (ppp->flags & SC_REJ_COMP_TCP))
1464 goto err;
1465 if (slhc_remember(ppp->vj, skb->data + 2, skb->len - 2) <= 0) {
1466 printk(KERN_ERR "PPP: VJ uncompressed error\n");
1467 goto err;
1468 }
1469 proto = PPP_IP;
1470 break;
1471
1472 case PPP_CCP:
1473 ppp_ccp_peek(ppp, skb, 1);
1474 break;
1475 }
1476
1477 ++ppp->stats.rx_packets;
1478 ppp->stats.rx_bytes += skb->len - 2;
1479
1480 npi = proto_to_npindex(proto);
1481 if (npi < 0) {
1482 /* control or unknown frame - pass it to pppd */
1483 skb_queue_tail(&ppp->file.rq, skb);
1484 /* limit queue length by dropping old frames */
1485 while (ppp->file.rq.qlen > PPP_MAX_RQLEN
1486 && (skb = skb_dequeue(&ppp->file.rq)) != 0)
1487 kfree_skb(skb);
1488 /* wake up any process polling or blocking on read */
1489 wake_up_interruptible(&ppp->file.rwait);
1490
1491 } else {
1492 /* network protocol frame - give it to the kernel */
1493
1494 #ifdef CONFIG_PPP_FILTER
1495 /* check if the packet passes the pass and active filters */
1496 /* the filter instructions are constructed assuming
1497 a four-byte PPP header on each packet */
1498 *skb_push(skb, 2) = 0;
1499 if (ppp->pass_filter.filter
1500 && sk_run_filter(skb, ppp->pass_filter.filter,
1501 ppp->pass_filter.len) == 0) {
1502 if (ppp->debug & 1)
1503 printk(KERN_DEBUG "PPP: inbound frame not passed\n");
1504 kfree_skb(skb);
1505 return;
1506 }
1507 if (!(ppp->active_filter.filter
1508 && sk_run_filter(skb, ppp->active_filter.filter,
1509 ppp->active_filter.len) == 0))
1510 ppp->last_recv = jiffies;
1511 skb_pull(skb, 2);
1512 #else
1513 ppp->last_recv = jiffies;
1514 #endif /* CONFIG_PPP_FILTER */
1515
1516 if ((ppp->dev->flags & IFF_UP) == 0
1517 || ppp->npmode[npi] != NPMODE_PASS) {
1518 kfree_skb(skb);
1519 } else {
1520 skb_pull(skb, 2); /* chop off protocol */
1521 skb->dev = ppp->dev;
1522 skb->protocol = htons(npindex_to_ethertype[npi]);
1523 skb->mac.raw = skb->data;
1524 netif_rx(skb);
1525 ppp->dev->last_rx = jiffies;
1526 }
1527 }
1528 return;
1529
1530 err:
1531 kfree_skb(skb);
1532 ppp_receive_error(ppp);
1533 }
1534
1535 static struct sk_buff *
ppp_decompress_frame(struct ppp * ppp,struct sk_buff * skb)1536 ppp_decompress_frame(struct ppp *ppp, struct sk_buff *skb)
1537 {
1538 int proto = PPP_PROTO(skb);
1539 struct sk_buff *ns;
1540 int len;
1541
1542 if (proto == PPP_COMP) {
1543 ns = dev_alloc_skb(ppp->mru + PPP_HDRLEN);
1544 if (ns == 0) {
1545 printk(KERN_ERR "ppp_decompress_frame: no memory\n");
1546 goto err;
1547 }
1548 /* the decompressor still expects the A/C bytes in the hdr */
1549 len = ppp->rcomp->decompress(ppp->rc_state, skb->data - 2,
1550 skb->len + 2, ns->data, ppp->mru + PPP_HDRLEN);
1551 if (len < 0) {
1552 /* Pass the compressed frame to pppd as an
1553 error indication. */
1554 if (len == DECOMP_FATALERROR)
1555 ppp->rstate |= SC_DC_FERROR;
1556 kfree_skb(ns);
1557 goto err;
1558 }
1559
1560 kfree_skb(skb);
1561 skb = ns;
1562 skb_put(skb, len);
1563 skb_pull(skb, 2); /* pull off the A/C bytes */
1564
1565 } else {
1566 /* Uncompressed frame - pass to decompressor so it
1567 can update its dictionary if necessary. */
1568 if (ppp->rcomp->incomp)
1569 ppp->rcomp->incomp(ppp->rc_state, skb->data - 2,
1570 skb->len + 2);
1571 }
1572
1573 return skb;
1574
1575 err:
1576 ppp->rstate |= SC_DC_ERROR;
1577 ppp_receive_error(ppp);
1578 return skb;
1579 }
1580
1581 #ifdef CONFIG_PPP_MULTILINK
1582 /*
1583 * Receive a multilink frame.
1584 * We put it on the reconstruction queue and then pull off
1585 * as many completed frames as we can.
1586 */
1587 static void
ppp_receive_mp_frame(struct ppp * ppp,struct sk_buff * skb,struct channel * pch)1588 ppp_receive_mp_frame(struct ppp *ppp, struct sk_buff *skb, struct channel *pch)
1589 {
1590 u32 mask, seq;
1591 struct list_head *l;
1592 int mphdrlen = (ppp->flags & SC_MP_SHORTSEQ)? MPHDRLEN_SSN: MPHDRLEN;
1593
1594 if (skb->len < mphdrlen + 1 || ppp->mrru == 0)
1595 goto err; /* no good, throw it away */
1596
1597 /* Decode sequence number and begin/end bits */
1598 if (ppp->flags & SC_MP_SHORTSEQ) {
1599 seq = ((skb->data[2] & 0x0f) << 8) | skb->data[3];
1600 mask = 0xfff;
1601 } else {
1602 seq = (skb->data[3] << 16) | (skb->data[4] << 8)| skb->data[5];
1603 mask = 0xffffff;
1604 }
1605 skb->BEbits = skb->data[2];
1606 skb_pull(skb, mphdrlen); /* pull off PPP and MP headers */
1607
1608 /*
1609 * Do protocol ID decompression on the first fragment of each packet.
1610 */
1611 if ((skb->BEbits & B) && (skb->data[0] & 1))
1612 *skb_push(skb, 1) = 0;
1613
1614 /*
1615 * Expand sequence number to 32 bits, making it as close
1616 * as possible to ppp->minseq.
1617 */
1618 seq |= ppp->minseq & ~mask;
1619 if ((int)(ppp->minseq - seq) > (int)(mask >> 1))
1620 seq += mask + 1;
1621 else if ((int)(seq - ppp->minseq) > (int)(mask >> 1))
1622 seq -= mask + 1; /* should never happen */
1623 skb->sequence = seq;
1624 pch->lastseq = seq;
1625
1626 /*
1627 * If this packet comes before the next one we were expecting,
1628 * drop it.
1629 */
1630 if (seq_before(seq, ppp->nextseq)) {
1631 kfree_skb(skb);
1632 ++ppp->stats.rx_dropped;
1633 ppp_receive_error(ppp);
1634 return;
1635 }
1636
1637 /*
1638 * Reevaluate minseq, the minimum over all channels of the
1639 * last sequence number received on each channel. Because of
1640 * the increasing sequence number rule, we know that any fragment
1641 * before `minseq' which hasn't arrived is never going to arrive.
1642 * The list of channels can't change because we have the receive
1643 * side of the ppp unit locked.
1644 */
1645 for (l = ppp->channels.next; l != &ppp->channels; l = l->next) {
1646 struct channel *ch = list_entry(l, struct channel, clist);
1647 if (seq_before(ch->lastseq, seq))
1648 seq = ch->lastseq;
1649 }
1650 if (seq_before(ppp->minseq, seq))
1651 ppp->minseq = seq;
1652
1653 /* Put the fragment on the reconstruction queue */
1654 ppp_mp_insert(ppp, skb);
1655
1656 /* If the queue is getting long, don't wait any longer for packets
1657 before the start of the queue. */
1658 if (skb_queue_len(&ppp->mrq) >= PPP_MP_MAX_QLEN
1659 && seq_before(ppp->minseq, ppp->mrq.next->sequence))
1660 ppp->minseq = ppp->mrq.next->sequence;
1661
1662 /* Pull completed packets off the queue and receive them. */
1663 while ((skb = ppp_mp_reconstruct(ppp)) != 0)
1664 ppp_receive_nonmp_frame(ppp, skb);
1665
1666 return;
1667
1668 err:
1669 kfree_skb(skb);
1670 ppp_receive_error(ppp);
1671 }
1672
1673 /*
1674 * Insert a fragment on the MP reconstruction queue.
1675 * The queue is ordered by increasing sequence number.
1676 */
1677 static void
ppp_mp_insert(struct ppp * ppp,struct sk_buff * skb)1678 ppp_mp_insert(struct ppp *ppp, struct sk_buff *skb)
1679 {
1680 struct sk_buff *p;
1681 struct sk_buff_head *list = &ppp->mrq;
1682 u32 seq = skb->sequence;
1683
1684 /* N.B. we don't need to lock the list lock because we have the
1685 ppp unit receive-side lock. */
1686 for (p = list->next; p != (struct sk_buff *)list; p = p->next)
1687 if (seq_before(seq, p->sequence))
1688 break;
1689 __skb_insert(skb, p->prev, p, list);
1690 }
1691
1692 /*
1693 * Reconstruct a packet from the MP fragment queue.
1694 * We go through increasing sequence numbers until we find a
1695 * complete packet, or we get to the sequence number for a fragment
1696 * which hasn't arrived but might still do so.
1697 */
1698 struct sk_buff *
ppp_mp_reconstruct(struct ppp * ppp)1699 ppp_mp_reconstruct(struct ppp *ppp)
1700 {
1701 u32 seq = ppp->nextseq;
1702 u32 minseq = ppp->minseq;
1703 struct sk_buff_head *list = &ppp->mrq;
1704 struct sk_buff *p, *next;
1705 struct sk_buff *head, *tail;
1706 struct sk_buff *skb = NULL;
1707 int lost = 0, len = 0;
1708
1709 if (ppp->mrru == 0) /* do nothing until mrru is set */
1710 return NULL;
1711 head = list->next;
1712 tail = NULL;
1713 for (p = head; p != (struct sk_buff *) list; p = next) {
1714 next = p->next;
1715 if (seq_before(p->sequence, seq)) {
1716 /* this can't happen, anyway ignore the skb */
1717 printk(KERN_ERR "ppp_mp_reconstruct bad seq %u < %u\n",
1718 p->sequence, seq);
1719 head = next;
1720 continue;
1721 }
1722 if (p->sequence != seq) {
1723 /* Fragment `seq' is missing. If it is after
1724 minseq, it might arrive later, so stop here. */
1725 if (seq_after(seq, minseq))
1726 break;
1727 /* Fragment `seq' is lost, keep going. */
1728 lost = 1;
1729 seq = seq_before(minseq, p->sequence)?
1730 minseq + 1: p->sequence;
1731 next = p;
1732 continue;
1733 }
1734
1735 /*
1736 * At this point we know that all the fragments from
1737 * ppp->nextseq to seq are either present or lost.
1738 * Also, there are no complete packets in the queue
1739 * that have no missing fragments and end before this
1740 * fragment.
1741 */
1742
1743 /* B bit set indicates this fragment starts a packet */
1744 if (p->BEbits & B) {
1745 head = p;
1746 lost = 0;
1747 len = 0;
1748 }
1749
1750 len += p->len;
1751
1752 /* Got a complete packet yet? */
1753 if (lost == 0 && (p->BEbits & E) && (head->BEbits & B)) {
1754 if (len > ppp->mrru + 2) {
1755 ++ppp->stats.rx_length_errors;
1756 printk(KERN_DEBUG "PPP: reconstructed packet"
1757 " is too long (%d)\n", len);
1758 } else if (p == head) {
1759 /* fragment is complete packet - reuse skb */
1760 tail = p;
1761 skb = skb_get(p);
1762 break;
1763 } else if ((skb = dev_alloc_skb(len)) == NULL) {
1764 ++ppp->stats.rx_missed_errors;
1765 printk(KERN_DEBUG "PPP: no memory for "
1766 "reconstructed packet");
1767 } else {
1768 tail = p;
1769 break;
1770 }
1771 ppp->nextseq = seq + 1;
1772 }
1773
1774 /*
1775 * If this is the ending fragment of a packet,
1776 * and we haven't found a complete valid packet yet,
1777 * we can discard up to and including this fragment.
1778 */
1779 if (p->BEbits & E)
1780 head = next;
1781
1782 ++seq;
1783 }
1784
1785 /* If we have a complete packet, copy it all into one skb. */
1786 if (tail != NULL) {
1787 /* If we have discarded any fragments,
1788 signal a receive error. */
1789 if (head->sequence != ppp->nextseq) {
1790 if (ppp->debug & 1)
1791 printk(KERN_DEBUG " missed pkts %u..%u\n",
1792 ppp->nextseq, head->sequence-1);
1793 ++ppp->stats.rx_dropped;
1794 ppp_receive_error(ppp);
1795 }
1796
1797 if (head != tail)
1798 /* copy to a single skb */
1799 for (p = head; p != tail->next; p = p->next)
1800 memcpy(skb_put(skb, p->len), p->data, p->len);
1801 ppp->nextseq = tail->sequence + 1;
1802 head = tail->next;
1803 }
1804
1805 /* Discard all the skbuffs that we have copied the data out of
1806 or that we can't use. */
1807 while ((p = list->next) != head) {
1808 __skb_unlink(p, list);
1809 kfree_skb(p);
1810 }
1811
1812 return skb;
1813 }
1814 #endif /* CONFIG_PPP_MULTILINK */
1815
1816 /*
1817 * Channel interface.
1818 */
1819
1820 /*
1821 * Create a new, unattached ppp channel.
1822 */
1823 int
ppp_register_channel(struct ppp_channel * chan)1824 ppp_register_channel(struct ppp_channel *chan)
1825 {
1826 struct channel *pch;
1827
1828 pch = kmalloc(sizeof(struct channel), GFP_KERNEL);
1829 if (pch == 0)
1830 return -ENOMEM;
1831 memset(pch, 0, sizeof(struct channel));
1832 pch->ppp = NULL;
1833 pch->chan = chan;
1834 chan->ppp = pch;
1835 init_ppp_file(&pch->file, CHANNEL);
1836 pch->file.hdrlen = chan->hdrlen;
1837 #ifdef CONFIG_PPP_MULTILINK
1838 pch->lastseq = -1;
1839 #endif /* CONFIG_PPP_MULTILINK */
1840 init_rwsem(&pch->chan_sem);
1841 spin_lock_init(&pch->downl);
1842 pch->upl = RW_LOCK_UNLOCKED;
1843 spin_lock_bh(&all_channels_lock);
1844 pch->file.index = ++last_channel_index;
1845 list_add(&pch->list, &new_channels);
1846 atomic_inc(&channel_count);
1847 spin_unlock_bh(&all_channels_lock);
1848 MOD_INC_USE_COUNT;
1849 return 0;
1850 }
1851
1852 /*
1853 * Return the index of a channel.
1854 */
ppp_channel_index(struct ppp_channel * chan)1855 int ppp_channel_index(struct ppp_channel *chan)
1856 {
1857 struct channel *pch = chan->ppp;
1858
1859 if (pch != 0)
1860 return pch->file.index;
1861 return -1;
1862 }
1863
1864 /*
1865 * Return the PPP unit number to which a channel is connected.
1866 */
ppp_unit_number(struct ppp_channel * chan)1867 int ppp_unit_number(struct ppp_channel *chan)
1868 {
1869 struct channel *pch = chan->ppp;
1870 int unit = -1;
1871
1872 if (pch != 0) {
1873 read_lock_bh(&pch->upl);
1874 if (pch->ppp != 0)
1875 unit = pch->ppp->file.index;
1876 read_unlock_bh(&pch->upl);
1877 }
1878 return unit;
1879 }
1880
1881 /*
1882 * Disconnect a channel from the generic layer.
1883 * This must be called in process context.
1884 */
1885 void
ppp_unregister_channel(struct ppp_channel * chan)1886 ppp_unregister_channel(struct ppp_channel *chan)
1887 {
1888 struct channel *pch = chan->ppp;
1889
1890 if (pch == 0)
1891 return; /* should never happen */
1892 chan->ppp = 0;
1893
1894 /*
1895 * This ensures that we have returned from any calls into the
1896 * the channel's start_xmit or ioctl routine before we proceed.
1897 */
1898 down_write(&pch->chan_sem);
1899 spin_lock_bh(&pch->downl);
1900 pch->chan = 0;
1901 spin_unlock_bh(&pch->downl);
1902 up_write(&pch->chan_sem);
1903 ppp_disconnect_channel(pch);
1904 spin_lock_bh(&all_channels_lock);
1905 list_del(&pch->list);
1906 spin_unlock_bh(&all_channels_lock);
1907 pch->file.dead = 1;
1908 wake_up_interruptible(&pch->file.rwait);
1909 if (atomic_dec_and_test(&pch->file.refcnt))
1910 ppp_destroy_channel(pch);
1911 MOD_DEC_USE_COUNT;
1912 }
1913
1914 /*
1915 * Callback from a channel when it can accept more to transmit.
1916 * This should be called at BH/softirq level, not interrupt level.
1917 */
1918 void
ppp_output_wakeup(struct ppp_channel * chan)1919 ppp_output_wakeup(struct ppp_channel *chan)
1920 {
1921 struct channel *pch = chan->ppp;
1922
1923 if (pch == 0)
1924 return;
1925 ppp_channel_push(pch);
1926 }
1927
1928 /*
1929 * Compression control.
1930 */
1931
1932 /* Process the PPPIOCSCOMPRESS ioctl. */
1933 static int
ppp_set_compress(struct ppp * ppp,unsigned long arg)1934 ppp_set_compress(struct ppp *ppp, unsigned long arg)
1935 {
1936 int err;
1937 struct compressor *cp, *ocomp;
1938 struct ppp_option_data data;
1939 void *state, *ostate;
1940 unsigned char ccp_option[CCP_MAX_OPTION_LENGTH];
1941 #ifdef CONFIG_KMOD
1942 char modname[32];
1943 #endif
1944
1945 err = -EFAULT;
1946 if (copy_from_user(&data, (void *) arg, sizeof(data))
1947 || (data.length <= CCP_MAX_OPTION_LENGTH
1948 && copy_from_user(ccp_option, data.ptr, data.length)))
1949 goto err1;
1950 err = -EINVAL;
1951 if (data.length > CCP_MAX_OPTION_LENGTH
1952 || ccp_option[1] < 2 || ccp_option[1] > data.length)
1953 goto err1;
1954
1955 cp = find_compressor(ccp_option[0]);
1956 #ifdef CONFIG_KMOD
1957 if (cp == 0) {
1958 sprintf(modname, "ppp-compress-%d", ccp_option[0]);
1959 request_module(modname);
1960 cp = find_compressor(ccp_option[0]);
1961 }
1962 #endif /* CONFIG_KMOD */
1963 if (cp == 0)
1964 goto err1;
1965 /*
1966 * XXX race: the compressor module could get unloaded between
1967 * here and when we do the comp_alloc or decomp_alloc call below.
1968 */
1969
1970 err = -ENOBUFS;
1971 if (data.transmit) {
1972 state = cp->comp_alloc(ccp_option, data.length);
1973 if (state != 0) {
1974 ppp_xmit_lock(ppp);
1975 ppp->xstate &= ~SC_COMP_RUN;
1976 ocomp = ppp->xcomp;
1977 ostate = ppp->xc_state;
1978 ppp->xcomp = cp;
1979 ppp->xc_state = state;
1980 ppp_xmit_unlock(ppp);
1981 if (ostate != 0)
1982 ocomp->comp_free(ostate);
1983 err = 0;
1984 }
1985
1986 } else {
1987 state = cp->decomp_alloc(ccp_option, data.length);
1988 if (state != 0) {
1989 ppp_recv_lock(ppp);
1990 ppp->rstate &= ~SC_DECOMP_RUN;
1991 ocomp = ppp->rcomp;
1992 ostate = ppp->rc_state;
1993 ppp->rcomp = cp;
1994 ppp->rc_state = state;
1995 ppp_recv_unlock(ppp);
1996 if (ostate != 0)
1997 ocomp->decomp_free(ostate);
1998 err = 0;
1999 }
2000 }
2001
2002 err1:
2003 return err;
2004 }
2005
2006 /*
2007 * Look at a CCP packet and update our state accordingly.
2008 * We assume the caller has the xmit or recv path locked.
2009 */
2010 static void
ppp_ccp_peek(struct ppp * ppp,struct sk_buff * skb,int inbound)2011 ppp_ccp_peek(struct ppp *ppp, struct sk_buff *skb, int inbound)
2012 {
2013 unsigned char *dp = skb->data + 2;
2014 int len;
2015
2016 if (skb->len < CCP_HDRLEN + 2
2017 || skb->len < (len = CCP_LENGTH(dp)) + 2)
2018 return; /* too short */
2019
2020 switch (CCP_CODE(dp)) {
2021 case CCP_CONFREQ:
2022
2023 /* A ConfReq starts negotiation of compression
2024 * in one direction of transmission,
2025 * and hence brings it down...but which way?
2026 *
2027 * Remember:
2028 * A ConfReq indicates what the sender would like to receive
2029 */
2030 if(inbound)
2031 /* He is proposing what I should send */
2032 ppp->xstate &= ~SC_COMP_RUN;
2033 else
2034 /* I am proposing to what he should send */
2035 ppp->rstate &= ~SC_DECOMP_RUN;
2036
2037 break;
2038
2039 case CCP_TERMREQ:
2040 case CCP_TERMACK:
2041 /*
2042 * CCP is going down, both directions of transmission
2043 */
2044 ppp->rstate &= ~SC_DECOMP_RUN;
2045 ppp->xstate &= ~SC_COMP_RUN;
2046 break;
2047
2048 case CCP_CONFACK:
2049 if ((ppp->flags & (SC_CCP_OPEN | SC_CCP_UP)) != SC_CCP_OPEN)
2050 break;
2051 dp += CCP_HDRLEN;
2052 len -= CCP_HDRLEN;
2053 if (len < CCP_OPT_MINLEN || len < CCP_OPT_LENGTH(dp))
2054 break;
2055 if (inbound) {
2056 /* we will start receiving compressed packets */
2057 if (ppp->rc_state == 0)
2058 break;
2059 if (ppp->rcomp->decomp_init(ppp->rc_state, dp, len,
2060 ppp->file.index, 0, ppp->mru, ppp->debug)) {
2061 ppp->rstate |= SC_DECOMP_RUN;
2062 ppp->rstate &= ~(SC_DC_ERROR | SC_DC_FERROR);
2063 }
2064 } else {
2065 /* we will soon start sending compressed packets */
2066 if (ppp->xc_state == 0)
2067 break;
2068 if (ppp->xcomp->comp_init(ppp->xc_state, dp, len,
2069 ppp->file.index, 0, ppp->debug))
2070 ppp->xstate |= SC_COMP_RUN;
2071 }
2072 break;
2073
2074 case CCP_RESETACK:
2075 /* reset the [de]compressor */
2076 if ((ppp->flags & SC_CCP_UP) == 0)
2077 break;
2078 if (inbound) {
2079 if (ppp->rc_state && (ppp->rstate & SC_DECOMP_RUN)) {
2080 ppp->rcomp->decomp_reset(ppp->rc_state);
2081 ppp->rstate &= ~SC_DC_ERROR;
2082 }
2083 } else {
2084 if (ppp->xc_state && (ppp->xstate & SC_COMP_RUN))
2085 ppp->xcomp->comp_reset(ppp->xc_state);
2086 }
2087 break;
2088 }
2089 }
2090
2091 /* Free up compression resources. */
2092 static void
ppp_ccp_closed(struct ppp * ppp)2093 ppp_ccp_closed(struct ppp *ppp)
2094 {
2095 void *xstate, *rstate;
2096 struct compressor *xcomp, *rcomp;
2097
2098 ppp_lock(ppp);
2099 ppp->flags &= ~(SC_CCP_OPEN | SC_CCP_UP);
2100 ppp->xstate = 0;
2101 xcomp = ppp->xcomp;
2102 xstate = ppp->xc_state;
2103 ppp->xc_state = 0;
2104 ppp->rstate = 0;
2105 rcomp = ppp->rcomp;
2106 rstate = ppp->rc_state;
2107 ppp->rc_state = 0;
2108 ppp_unlock(ppp);
2109
2110 if (xstate)
2111 xcomp->comp_free(xstate);
2112 if (rstate)
2113 rcomp->decomp_free(rstate);
2114 }
2115
2116 /* List of compressors. */
2117 static LIST_HEAD(compressor_list);
2118 static spinlock_t compressor_list_lock = SPIN_LOCK_UNLOCKED;
2119
2120 struct compressor_entry {
2121 struct list_head list;
2122 struct compressor *comp;
2123 };
2124
2125 static struct compressor_entry *
find_comp_entry(int proto)2126 find_comp_entry(int proto)
2127 {
2128 struct compressor_entry *ce;
2129 struct list_head *list = &compressor_list;
2130
2131 while ((list = list->next) != &compressor_list) {
2132 ce = list_entry(list, struct compressor_entry, list);
2133 if (ce->comp->compress_proto == proto)
2134 return ce;
2135 }
2136 return 0;
2137 }
2138
2139 /* Register a compressor */
2140 int
ppp_register_compressor(struct compressor * cp)2141 ppp_register_compressor(struct compressor *cp)
2142 {
2143 struct compressor_entry *ce;
2144 int ret;
2145 spin_lock(&compressor_list_lock);
2146 ret = -EEXIST;
2147 if (find_comp_entry(cp->compress_proto) != 0)
2148 goto err1;
2149 ret = -ENOMEM;
2150 ce = kmalloc(sizeof(struct compressor_entry), GFP_ATOMIC);
2151 if (ce == 0)
2152 goto err1;
2153 ret = 0;
2154 ce->comp = cp;
2155 list_add(&ce->list, &compressor_list);
2156 err1:
2157 spin_unlock(&compressor_list_lock);
2158 return ret;
2159 }
2160
2161 /* Unregister a compressor */
2162 void
ppp_unregister_compressor(struct compressor * cp)2163 ppp_unregister_compressor(struct compressor *cp)
2164 {
2165 struct compressor_entry *ce;
2166
2167 spin_lock(&compressor_list_lock);
2168 ce = find_comp_entry(cp->compress_proto);
2169 if (ce != 0 && ce->comp == cp) {
2170 list_del(&ce->list);
2171 kfree(ce);
2172 }
2173 spin_unlock(&compressor_list_lock);
2174 }
2175
2176 /* Find a compressor. */
2177 static struct compressor *
find_compressor(int type)2178 find_compressor(int type)
2179 {
2180 struct compressor_entry *ce;
2181 struct compressor *cp = 0;
2182
2183 spin_lock(&compressor_list_lock);
2184 ce = find_comp_entry(type);
2185 if (ce != 0)
2186 cp = ce->comp;
2187 spin_unlock(&compressor_list_lock);
2188 return cp;
2189 }
2190
2191 /*
2192 * Miscelleneous stuff.
2193 */
2194
2195 static void
ppp_get_stats(struct ppp * ppp,struct ppp_stats * st)2196 ppp_get_stats(struct ppp *ppp, struct ppp_stats *st)
2197 {
2198 struct slcompress *vj = ppp->vj;
2199
2200 memset(st, 0, sizeof(*st));
2201 st->p.ppp_ipackets = ppp->stats.rx_packets;
2202 st->p.ppp_ierrors = ppp->stats.rx_errors;
2203 st->p.ppp_ibytes = ppp->stats.rx_bytes;
2204 st->p.ppp_opackets = ppp->stats.tx_packets;
2205 st->p.ppp_oerrors = ppp->stats.tx_errors;
2206 st->p.ppp_obytes = ppp->stats.tx_bytes;
2207 if (vj == 0)
2208 return;
2209 st->vj.vjs_packets = vj->sls_o_compressed + vj->sls_o_uncompressed;
2210 st->vj.vjs_compressed = vj->sls_o_compressed;
2211 st->vj.vjs_searches = vj->sls_o_searches;
2212 st->vj.vjs_misses = vj->sls_o_misses;
2213 st->vj.vjs_errorin = vj->sls_i_error;
2214 st->vj.vjs_tossed = vj->sls_i_tossed;
2215 st->vj.vjs_uncompressedin = vj->sls_i_uncompressed;
2216 st->vj.vjs_compressedin = vj->sls_i_compressed;
2217 }
2218
2219 /*
2220 * Stuff for handling the lists of ppp units and channels
2221 * and for initialization.
2222 */
2223
2224 /*
2225 * Create a new ppp interface unit. Fails if it can't allocate memory
2226 * or if there is already a unit with the requested number.
2227 * unit == -1 means allocate a new number.
2228 */
2229 static struct ppp *
ppp_create_interface(int unit,int * retp)2230 ppp_create_interface(int unit, int *retp)
2231 {
2232 struct ppp *ppp;
2233 struct net_device *dev = NULL;
2234 int ret = -ENOMEM;
2235 int i;
2236
2237 ppp = kmalloc(sizeof(struct ppp), GFP_KERNEL);
2238 if (ppp == 0)
2239 goto err;
2240 dev = kmalloc(sizeof(struct net_device), GFP_KERNEL);
2241 if (dev == 0)
2242 goto err;
2243 memset(ppp, 0, sizeof(struct ppp));
2244 memset(dev, 0, sizeof(struct net_device));
2245
2246 ret = -EEXIST;
2247 down(&all_ppp_sem);
2248 if (unit < 0)
2249 unit = cardmap_find_first_free(all_ppp_units);
2250 else if (cardmap_get(all_ppp_units, unit) != NULL)
2251 goto err_unlock; /* unit already exists */
2252
2253 /* Initialize the new ppp unit */
2254 ppp->file.index = unit;
2255 ppp->mru = PPP_MRU;
2256 init_ppp_file(&ppp->file, INTERFACE);
2257 ppp->file.hdrlen = PPP_HDRLEN - 2; /* don't count proto bytes */
2258 for (i = 0; i < NUM_NP; ++i)
2259 ppp->npmode[i] = NPMODE_PASS;
2260 INIT_LIST_HEAD(&ppp->channels);
2261 spin_lock_init(&ppp->rlock);
2262 spin_lock_init(&ppp->wlock);
2263 #ifdef CONFIG_PPP_MULTILINK
2264 ppp->minseq = -1;
2265 skb_queue_head_init(&ppp->mrq);
2266 #endif /* CONFIG_PPP_MULTILINK */
2267
2268 ppp->dev = dev;
2269 dev->init = ppp_net_init;
2270 sprintf(dev->name, "ppp%d", unit);
2271 dev->priv = ppp;
2272 dev->features |= NETIF_F_DYNALLOC;
2273
2274 rtnl_lock();
2275 ret = register_netdevice(dev);
2276 rtnl_unlock();
2277 if (ret != 0) {
2278 printk(KERN_ERR "PPP: couldn't register device %s (%d)\n",
2279 dev->name, ret);
2280 goto err_unlock;
2281 }
2282
2283 atomic_inc(&ppp_unit_count);
2284 cardmap_set(&all_ppp_units, unit, ppp);
2285 up(&all_ppp_sem);
2286 *retp = 0;
2287 return ppp;
2288
2289 err_unlock:
2290 up(&all_ppp_sem);
2291 err:
2292 *retp = ret;
2293 if (ppp)
2294 kfree(ppp);
2295 if (dev)
2296 kfree(dev);
2297 return NULL;
2298 }
2299
2300 /*
2301 * Initialize a ppp_file structure.
2302 */
2303 static void
init_ppp_file(struct ppp_file * pf,int kind)2304 init_ppp_file(struct ppp_file *pf, int kind)
2305 {
2306 pf->kind = kind;
2307 skb_queue_head_init(&pf->xq);
2308 skb_queue_head_init(&pf->rq);
2309 atomic_set(&pf->refcnt, 1);
2310 init_waitqueue_head(&pf->rwait);
2311 }
2312
2313 /*
2314 * Take down a ppp interface unit - called when the owning file
2315 * (the one that created the unit) is closed or detached.
2316 */
ppp_shutdown_interface(struct ppp * ppp)2317 static void ppp_shutdown_interface(struct ppp *ppp)
2318 {
2319 struct net_device *dev;
2320
2321 down(&all_ppp_sem);
2322 ppp_lock(ppp);
2323 dev = ppp->dev;
2324 ppp->dev = 0;
2325 ppp_unlock(ppp);
2326 if (dev) {
2327 rtnl_lock();
2328 dev_close(dev);
2329 unregister_netdevice(dev);
2330 rtnl_unlock();
2331 }
2332 cardmap_set(&all_ppp_units, ppp->file.index, NULL);
2333 ppp->file.dead = 1;
2334 ppp->owner = NULL;
2335 wake_up_interruptible(&ppp->file.rwait);
2336 up(&all_ppp_sem);
2337 }
2338
2339 /*
2340 * Free the memory used by a ppp unit. This is only called once
2341 * there are no channels connected to the unit and no file structs
2342 * that reference the unit.
2343 */
ppp_destroy_interface(struct ppp * ppp)2344 static void ppp_destroy_interface(struct ppp *ppp)
2345 {
2346 atomic_dec(&ppp_unit_count);
2347
2348 if (!ppp->file.dead || ppp->n_channels) {
2349 /* "can't happen" */
2350 printk(KERN_ERR "ppp: destroying ppp struct %p but dead=%d "
2351 "n_channels=%d !\n", ppp, ppp->file.dead,
2352 ppp->n_channels);
2353 return;
2354 }
2355
2356 ppp_ccp_closed(ppp);
2357 if (ppp->vj) {
2358 slhc_free(ppp->vj);
2359 ppp->vj = 0;
2360 }
2361 skb_queue_purge(&ppp->file.xq);
2362 skb_queue_purge(&ppp->file.rq);
2363 #ifdef CONFIG_PPP_MULTILINK
2364 skb_queue_purge(&ppp->mrq);
2365 #endif /* CONFIG_PPP_MULTILINK */
2366 #ifdef CONFIG_PPP_FILTER
2367 if (ppp->pass_filter.filter) {
2368 kfree(ppp->pass_filter.filter);
2369 ppp->pass_filter.filter = NULL;
2370 }
2371 if (ppp->active_filter.filter) {
2372 kfree(ppp->active_filter.filter);
2373 ppp->active_filter.filter = 0;
2374 }
2375 #endif /* CONFIG_PPP_FILTER */
2376
2377 if (ppp->xmit_pending)
2378 kfree_skb(ppp->xmit_pending);
2379
2380 kfree(ppp);
2381 }
2382
2383 /*
2384 * Locate an existing ppp unit.
2385 * The caller should have locked the all_ppp_sem.
2386 */
2387 static struct ppp *
ppp_find_unit(int unit)2388 ppp_find_unit(int unit)
2389 {
2390 return cardmap_get(all_ppp_units, unit);
2391 }
2392
2393 /*
2394 * Locate an existing ppp channel.
2395 * The caller should have locked the all_channels_lock.
2396 * First we look in the new_channels list, then in the
2397 * all_channels list. If found in the new_channels list,
2398 * we move it to the all_channels list. This is for speed
2399 * when we have a lot of channels in use.
2400 */
2401 static struct channel *
ppp_find_channel(int unit)2402 ppp_find_channel(int unit)
2403 {
2404 struct channel *pch;
2405 struct list_head *list;
2406
2407 list = &new_channels;
2408 while ((list = list->next) != &new_channels) {
2409 pch = list_entry(list, struct channel, list);
2410 if (pch->file.index == unit) {
2411 list_del(&pch->list);
2412 list_add(&pch->list, &all_channels);
2413 return pch;
2414 }
2415 }
2416 list = &all_channels;
2417 while ((list = list->next) != &all_channels) {
2418 pch = list_entry(list, struct channel, list);
2419 if (pch->file.index == unit)
2420 return pch;
2421 }
2422 return 0;
2423 }
2424
2425 /*
2426 * Connect a PPP channel to a PPP interface unit.
2427 */
2428 static int
ppp_connect_channel(struct channel * pch,int unit)2429 ppp_connect_channel(struct channel *pch, int unit)
2430 {
2431 struct ppp *ppp;
2432 int ret = -ENXIO;
2433 int hdrlen;
2434
2435 down(&all_ppp_sem);
2436 ppp = ppp_find_unit(unit);
2437 if (ppp == 0)
2438 goto err1;
2439
2440 write_lock_bh(&pch->upl);
2441 ret = -EINVAL;
2442 if (pch->ppp != 0)
2443 goto err2;
2444
2445 ppp_lock(ppp);
2446 if (pch->file.hdrlen > ppp->file.hdrlen)
2447 ppp->file.hdrlen = pch->file.hdrlen;
2448 hdrlen = pch->file.hdrlen + 2; /* for protocol bytes */
2449 if (ppp->dev && hdrlen > ppp->dev->hard_header_len)
2450 ppp->dev->hard_header_len = hdrlen;
2451 list_add_tail(&pch->clist, &ppp->channels);
2452 ++ppp->n_channels;
2453 pch->ppp = ppp;
2454 atomic_inc(&ppp->file.refcnt);
2455 ppp_unlock(ppp);
2456 ret = 0;
2457
2458 err2:
2459 write_unlock_bh(&pch->upl);
2460 err1:
2461 up(&all_ppp_sem);
2462 return ret;
2463 }
2464
2465 /*
2466 * Disconnect a channel from its ppp unit.
2467 */
2468 static int
ppp_disconnect_channel(struct channel * pch)2469 ppp_disconnect_channel(struct channel *pch)
2470 {
2471 struct ppp *ppp;
2472 int err = -EINVAL;
2473
2474 write_lock_bh(&pch->upl);
2475 ppp = pch->ppp;
2476 pch->ppp = NULL;
2477 write_unlock_bh(&pch->upl);
2478 if (ppp != 0) {
2479 /* remove it from the ppp unit's list */
2480 ppp_lock(ppp);
2481 list_del(&pch->clist);
2482 --ppp->n_channels;
2483 ppp_unlock(ppp);
2484 if (atomic_dec_and_test(&ppp->file.refcnt))
2485 ppp_destroy_interface(ppp);
2486 err = 0;
2487 }
2488 return err;
2489 }
2490
2491 /*
2492 * Free up the resources used by a ppp channel.
2493 */
ppp_destroy_channel(struct channel * pch)2494 static void ppp_destroy_channel(struct channel *pch)
2495 {
2496 atomic_dec(&channel_count);
2497
2498 if (!pch->file.dead) {
2499 /* "can't happen" */
2500 printk(KERN_ERR "ppp: destroying undead channel %p !\n",
2501 pch);
2502 return;
2503 }
2504 skb_queue_purge(&pch->file.xq);
2505 skb_queue_purge(&pch->file.rq);
2506 kfree(pch);
2507 }
2508
ppp_cleanup(void)2509 static void __exit ppp_cleanup(void)
2510 {
2511 /* should never happen */
2512 if (atomic_read(&ppp_unit_count) || atomic_read(&channel_count))
2513 printk(KERN_ERR "PPP: removing module but units remain!\n");
2514 cardmap_destroy(&all_ppp_units);
2515 if (devfs_unregister_chrdev(PPP_MAJOR, "ppp") != 0)
2516 printk(KERN_ERR "PPP: failed to unregister PPP device\n");
2517 devfs_unregister(devfs_handle);
2518 }
2519
2520 /*
2521 * Cardmap implementation.
2522 */
cardmap_get(struct cardmap * map,unsigned int nr)2523 static void *cardmap_get(struct cardmap *map, unsigned int nr)
2524 {
2525 struct cardmap *p;
2526 int i;
2527
2528 for (p = map; p != NULL; ) {
2529 if ((i = nr >> p->shift) >= CARDMAP_WIDTH)
2530 return NULL;
2531 if (p->shift == 0)
2532 return p->ptr[i];
2533 nr &= ~(CARDMAP_MASK << p->shift);
2534 p = p->ptr[i];
2535 }
2536 return NULL;
2537 }
2538
cardmap_set(struct cardmap ** pmap,unsigned int nr,void * ptr)2539 static void cardmap_set(struct cardmap **pmap, unsigned int nr, void *ptr)
2540 {
2541 struct cardmap *p;
2542 int i;
2543
2544 p = *pmap;
2545 if (p == NULL || (nr >> p->shift) >= CARDMAP_WIDTH) {
2546 do {
2547 /* need a new top level */
2548 struct cardmap *np = kmalloc(sizeof(*np), GFP_KERNEL);
2549 memset(np, 0, sizeof(*np));
2550 np->ptr[0] = p;
2551 if (p != NULL) {
2552 np->shift = p->shift + CARDMAP_ORDER;
2553 p->parent = np;
2554 } else
2555 np->shift = 0;
2556 p = np;
2557 } while ((nr >> p->shift) >= CARDMAP_WIDTH);
2558 *pmap = p;
2559 }
2560 while (p->shift > 0) {
2561 i = (nr >> p->shift) & CARDMAP_MASK;
2562 if (p->ptr[i] == NULL) {
2563 struct cardmap *np = kmalloc(sizeof(*np), GFP_KERNEL);
2564 memset(np, 0, sizeof(*np));
2565 np->shift = p->shift - CARDMAP_ORDER;
2566 np->parent = p;
2567 p->ptr[i] = np;
2568 }
2569 if (ptr == NULL)
2570 clear_bit(i, &p->inuse);
2571 p = p->ptr[i];
2572 }
2573 i = nr & CARDMAP_MASK;
2574 p->ptr[i] = ptr;
2575 if (ptr != NULL)
2576 set_bit(i, &p->inuse);
2577 else
2578 clear_bit(i, &p->inuse);
2579 }
2580
cardmap_find_first_free(struct cardmap * map)2581 static unsigned int cardmap_find_first_free(struct cardmap *map)
2582 {
2583 struct cardmap *p;
2584 unsigned int nr = 0;
2585 int i;
2586
2587 if ((p = map) == NULL)
2588 return 0;
2589 for (;;) {
2590 i = find_first_zero_bit(&p->inuse, CARDMAP_WIDTH);
2591 if (i >= CARDMAP_WIDTH) {
2592 if (p->parent == NULL)
2593 return CARDMAP_WIDTH << p->shift;
2594 p = p->parent;
2595 i = (nr >> p->shift) & CARDMAP_MASK;
2596 set_bit(i, &p->inuse);
2597 continue;
2598 }
2599 nr = (nr & (~CARDMAP_MASK << p->shift)) | (i << p->shift);
2600 if (p->shift == 0 || p->ptr[i] == NULL)
2601 return nr;
2602 p = p->ptr[i];
2603 }
2604 }
2605
cardmap_destroy(struct cardmap ** pmap)2606 static void cardmap_destroy(struct cardmap **pmap)
2607 {
2608 struct cardmap *p, *np;
2609 int i;
2610
2611 for (p = *pmap; p != NULL; p = np) {
2612 if (p->shift != 0) {
2613 for (i = 0; i < CARDMAP_WIDTH; ++i)
2614 if (p->ptr[i] != NULL)
2615 break;
2616 if (i < CARDMAP_WIDTH) {
2617 np = p->ptr[i];
2618 p->ptr[i] = NULL;
2619 continue;
2620 }
2621 }
2622 np = p->parent;
2623 kfree(p);
2624 }
2625 *pmap = NULL;
2626 }
2627
2628 /* Module/initialization stuff */
2629
2630 module_init(ppp_init);
2631 module_exit(ppp_cleanup);
2632
2633 EXPORT_SYMBOL(ppp_register_channel);
2634 EXPORT_SYMBOL(ppp_unregister_channel);
2635 EXPORT_SYMBOL(ppp_channel_index);
2636 EXPORT_SYMBOL(ppp_unit_number);
2637 EXPORT_SYMBOL(ppp_input);
2638 EXPORT_SYMBOL(ppp_input_error);
2639 EXPORT_SYMBOL(ppp_output_wakeup);
2640 EXPORT_SYMBOL(ppp_register_compressor);
2641 EXPORT_SYMBOL(ppp_unregister_compressor);
2642 EXPORT_SYMBOL(all_ppp_units); /* for debugging */
2643 EXPORT_SYMBOL(all_channels); /* for debugging */
2644 MODULE_LICENSE("GPL");
2645