update for 2.3.9
[ppp.git] / linux / ppp.c
1 /*  PPP for Linux
2  *
3  *  Michael Callahan <callahan@maths.ox.ac.uk>
4  *  Al Longyear <longyear@netcom.com>
5  *  Extensively rewritten by Paul Mackerras <paulus@cs.anu.edu.au>
6  *
7  *  ==FILEVERSION 990510==
8  *
9  *  NOTE TO MAINTAINERS:
10  *     If you modify this file at all, please set the number above to the
11  *     date of the modification as YYMMDD (year month day).
12  *     ppp.c is shipped with a PPP distribution as well as with the kernel;
13  *     if everyone increases the FILEVERSION number above, then scripts
14  *     can do the right thing when deciding whether to install a new ppp.c
15  *     file.  Don't change the format of that line otherwise, so the
16  *     installation script can recognize it.
17  */
18
19 /*
20    Sources:
21
22    slip.c
23
24    RFC1331: The Point-to-Point Protocol (PPP) for the Transmission of
25    Multi-protocol Datagrams over Point-to-Point Links
26
27    RFC1332: IPCP
28
29    ppp-2.0
30
31    Flags for this module (any combination is acceptable for testing.):
32
33    OPTIMIZE_FLAG_TIME - Number of jiffies to force sending of leading flag
34                         character. This is normally set to ((HZ * 3) / 2).
35                         This is 1.5 seconds. If zero then the leading
36                         flag is always sent.
37
38    CHECK_CHARACTERS   - Enable the checking on all received characters for
39                         8 data bits, no parity. This adds a small amount of
40                         processing for each received character.
41 */
42
43 #define OPTIMIZE_FLAG_TIME      ((HZ * 3)/2)
44 #define CHECK_CHARACTERS        1
45
46 #define PPP_MAX_RCV_QLEN        32      /* max # frames we queue up for pppd */
47
48 /* $Id: ppp.c,v 1.30 1999/07/23 07:07:34 paulus Exp $ */
49
50 #include <linux/version.h>
51 #include <linux/config.h>
52 #include <linux/module.h>
53 #include <linux/kernel.h>
54 #include <linux/sched.h>
55 #include <linux/types.h>
56 #include <linux/fcntl.h>
57 #include <linux/interrupt.h>
58 #include <linux/ptrace.h>
59
60 /* a macro to generate linux version number codes */
61 #define VERSION(major,minor,patch) (((((major)<<8)+(minor))<<8)+(patch))
62
63 #if LINUX_VERSION_CODE < VERSION(2,1,14)
64 #include <linux/ioport.h>
65 #endif
66
67 #if LINUX_VERSION_CODE >= VERSION(2,1,23)
68 #include <linux/poll.h>
69 #endif
70
71 #include <linux/in.h>
72 #include <linux/malloc.h>
73 #include <linux/tty.h>
74 #include <linux/errno.h>
75 #include <linux/sched.h>        /* to get the struct task_struct */
76 #include <linux/string.h>       /* used in new tty drivers */
77 #include <linux/signal.h>       /* used in new tty drivers */
78 #include <asm/system.h>
79 #include <asm/bitops.h>
80 #include <linux/if.h>
81 #include <linux/if_ether.h>
82 #include <linux/netdevice.h>
83 #include <linux/skbuff.h>
84 #include <linux/inet.h>
85 #include <linux/ioctl.h>
86 #include <linux/ip.h>
87 #include <linux/tcp.h>
88 #include <linux/if_arp.h>
89 #include <net/slhc_vj.h>
90
91 #define fcstab  ppp_crc16_table         /* Name of the table in the kernel */
92 #include <linux/ppp_defs.h>
93
94 #include <linux/socket.h>
95 #include <linux/if_ppp.h>
96 #include <linux/if_pppvar.h>
97 #include <linux/ppp-comp.h>
98
99 #ifdef CONFIG_KMOD
100 #include <linux/kmod.h>
101 #endif
102 #ifdef CONFIG_KERNELD
103 #include <linux/kerneld.h>
104 #endif
105
106 #undef PPP_VERSION
107 #define PPP_VERSION     "2.3.9"
108
109 #if LINUX_VERSION_CODE >= VERSION(2,1,4)
110
111 #if LINUX_VERSION_CODE >= VERSION(2,1,5)
112 #include <asm/uaccess.h>
113 #else
114 #include <asm/segment.h>
115 #endif
116
117 #define GET_USER        get_user
118 #define PUT_USER        put_user
119 #define COPY_FROM_USER  copy_from_user
120 #define COPY_TO_USER    copy_to_user
121
122 #else  /* 2.0.x and 2.1.x before 2.1.4 */
123
124 #define GET_USER(val, src)      \
125         (verify_area(VERIFY_READ, src, sizeof(*src))? -EFAULT: \
126          ((val) = get_user(src), 0))
127 #define PUT_USER(val, dst)      \
128         (verify_area(VERIFY_WRITE, dst, sizeof(*dst))? -EFAULT: \
129          (put_user(val, dst), 0))
130 #define COPY_FROM_USER(dst, src, size)  \
131         (verify_area(VERIFY_READ, src, size)? -EFAULT: \
132          (memcpy_fromfs(dst, src, size), 0))
133 #define COPY_TO_USER(dst, src, size)    \
134         (verify_area(VERIFY_WRITE, dst, size)? -EFAULT: \
135          (memcpy_tofs(dst, src, size), 0))
136
137 #endif /* < 2.1.4 */
138
139 #if LINUX_VERSION_CODE < VERSION(2,1,37)
140 #define test_and_set_bit(nr, addr)      set_bit(nr, addr)
141 #endif
142
143 #if LINUX_VERSION_CODE < VERSION(2,1,25)
144 #define net_device_stats        enet_statistics
145 #endif
146
147 #if LINUX_VERSION_CODE < VERSION(2,1,57)
148 #define signal_pending(tsk)     ((tsk)->signal & ~(tsk)->blocked)
149 #endif
150
151 #if LINUX_VERSION_CODE < VERSION(2,1,60)
152 typedef int             rw_ret_t;
153 typedef unsigned int    rw_count_t;
154 #else
155 typedef ssize_t         rw_ret_t;
156 typedef size_t          rw_count_t;
157 #endif
158
159 #if LINUX_VERSION_CODE < VERSION(2,1,86)
160 #define KFREE_SKB(s)    dev_kfree_skb((s), FREE_WRITE)
161 #else
162 #define KFREE_SKB(s)    kfree_skb(s)
163 #endif
164
165 #if LINUX_VERSION_CODE < VERSION(2,1,15)
166 #define LIBERATE_SKB(s) ((s)->free = 1)
167 #else
168 #define LIBERATE_SKB(s) do { } while (0)
169 #endif
170
171 #if LINUX_VERSION_CODE < VERSION(2,1,95)
172 #define SUSER()         suser()
173 #else
174 #define SUSER()         capable(CAP_NET_ADMIN)
175 #endif
176
177 #if LINUX_VERSION_CODE < VERSION(2,2,0)
178 #define wmb()           mb()
179 #endif
180
181 /*
182  * Local functions
183  */
184
185 static int ppp_register_compressor (struct compressor *cp);
186 static void ppp_unregister_compressor (struct compressor *cp);
187
188 static void ppp_async_init(struct ppp *ppp);
189 static void ppp_async_release(struct ppp *ppp);
190 static int ppp_tty_sync_push(struct ppp *ppp);
191 static int ppp_tty_push(struct ppp *ppp);
192 static int ppp_async_encode(struct ppp *ppp);
193 static int ppp_async_send(struct ppp *, struct sk_buff *);
194 static int ppp_sync_send(struct ppp *, struct sk_buff *);
195 static void ppp_tty_flush_output(struct ppp *);
196
197 static int ppp_ioctl(struct ppp *, unsigned int, unsigned long);
198 static int ppp_set_compression (struct ppp *ppp, struct ppp_option_data *odp);
199 static void ppp_proto_ccp(struct ppp *ppp, __u8 *dp, int len, int rcvd);
200 static void ppp_ccp_closed(struct ppp *ppp);
201 static int ppp_receive_frame(struct ppp *, struct sk_buff *);
202 static void ppp_receive_error(struct ppp *ppp);
203 static void ppp_output_wakeup(struct ppp *ppp);
204 static void ppp_send_ctrl(struct ppp *ppp, struct sk_buff *skb);
205 static void ppp_send_frame(struct ppp *ppp, struct sk_buff *skb);
206 static void ppp_send_frames(struct ppp *ppp);
207 static struct sk_buff *ppp_vj_compress(struct ppp *ppp, struct sk_buff *skb);
208
209 static struct ppp *ppp_find (int pid_value);
210 static struct ppp *ppp_alloc (void);
211 static void ppp_generic_init(struct ppp *ppp);
212 static void ppp_release(struct ppp *ppp);
213 static void ppp_print_buffer (const char *, const __u8 *, int);
214 static struct compressor *find_compressor (int type);
215
216 #ifndef OPTIMIZE_FLAG_TIME
217 #define OPTIMIZE_FLAG_TIME      0
218 #endif
219
220 /*
221  * Parameters which may be changed via insmod.
222  */
223
224 static int  flag_time = OPTIMIZE_FLAG_TIME;
225 #if LINUX_VERSION_CODE >= VERSION(2,1,19) 
226 MODULE_PARM(flag_time, "i");
227 #endif
228
229 #define CHECK_PPP_MAGIC(ppp)    do { \
230         if (ppp->magic != PPP_MAGIC) { \
231                 printk(ppp_magic_warn, ppp, __FILE__, __LINE__); \
232         } \
233 } while (0)
234 #define CHECK_PPP(a)    do { \
235         CHECK_PPP_MAGIC(ppp); \
236         if (!ppp->inuse) { \
237                 printk(ppp_warning, __LINE__); \
238                 return a; \
239         } \
240 } while (0)
241 #define CHECK_PPP_VOID() do { \
242         CHECK_PPP_MAGIC(ppp); \
243         if (!ppp->inuse) { \
244                 printk(ppp_warning, __LINE__); \
245                 return; \
246         } \
247 } while (0)
248
249 #define tty2ppp(tty)    ((struct ppp *) ((tty)->disc_data))
250 #define dev2ppp(dev)    ((struct ppp *) ((dev)->priv))
251 #define ppp2tty(ppp)    ((ppp)->tty)
252 #define ppp2dev(ppp)    (&(ppp)->dev)
253
254 static struct ppp *ppp_list = NULL;
255 static struct ppp *ppp_last = NULL;
256
257 /* Define these strings only once for all macro invocations */
258 static char ppp_warning[] = KERN_WARNING "PPP: ALERT! not INUSE! %d\n";
259 static char ppp_magic_warn[] = KERN_WARNING "bad magic for ppp %p at %s:%d\n";
260
261 static char szVersion[]         = PPP_VERSION;
262
263 #if LINUX_VERSION_CODE < VERSION(2,1,18)
264 static struct symbol_table ppp_syms = {
265 #include <linux/symtab_begin.h>
266         X(ppp_register_compressor),
267         X(ppp_unregister_compressor),
268 #include <linux/symtab_end.h>
269 };
270 #else
271 EXPORT_SYMBOL(ppp_register_compressor);
272 EXPORT_SYMBOL(ppp_unregister_compressor);
273 #endif
274
275 /*************************************************************
276  * LINE DISCIPLINE SUPPORT
277  *    The following code implements the PPP line discipline
278  *    and supports using PPP on an async serial line.
279  *************************************************************/
280
281 #define in_xmap(ppp,c)  (ppp->xmit_async_map[(c) >> 5] & (1 << ((c) & 0x1f)))
282 #define in_rmap(ppp,c)  ((((unsigned int) (__u8) (c)) < 0x20) && \
283                         ppp->recv_async_map & (1 << (c)))
284
285 /*
286  * TTY callbacks
287  */
288
289 static rw_ret_t ppp_tty_read(struct tty_struct *, struct file *, __u8 *,
290                              rw_count_t);
291 static rw_ret_t ppp_tty_write(struct tty_struct *, struct file *, const __u8 *,
292                               rw_count_t);
293 static int ppp_tty_ioctl(struct tty_struct *, struct file *, unsigned int,
294                          unsigned long);
295 #if LINUX_VERSION_CODE < VERSION(2,1,23)
296 static int ppp_tty_select(struct tty_struct *tty, struct inode *inode,
297                         struct file *filp, int sel_type, select_table * wait);
298 #else
299 static unsigned int ppp_tty_poll(struct tty_struct *tty, struct file *filp,
300                                  poll_table * wait);
301 #endif
302 static int ppp_tty_open (struct tty_struct *);
303 static void ppp_tty_close (struct tty_struct *);
304 static int ppp_tty_room (struct tty_struct *tty);
305 static void ppp_tty_receive (struct tty_struct *tty, const __u8 * cp,
306                              char *fp, int count);
307 static void ppp_tty_wakeup (struct tty_struct *tty);
308
309 __u16 ppp_crc16_table[256] =
310 {
311         0x0000, 0x1189, 0x2312, 0x329b, 0x4624, 0x57ad, 0x6536, 0x74bf,
312         0x8c48, 0x9dc1, 0xaf5a, 0xbed3, 0xca6c, 0xdbe5, 0xe97e, 0xf8f7,
313         0x1081, 0x0108, 0x3393, 0x221a, 0x56a5, 0x472c, 0x75b7, 0x643e,
314         0x9cc9, 0x8d40, 0xbfdb, 0xae52, 0xdaed, 0xcb64, 0xf9ff, 0xe876,
315         0x2102, 0x308b, 0x0210, 0x1399, 0x6726, 0x76af, 0x4434, 0x55bd,
316         0xad4a, 0xbcc3, 0x8e58, 0x9fd1, 0xeb6e, 0xfae7, 0xc87c, 0xd9f5,
317         0x3183, 0x200a, 0x1291, 0x0318, 0x77a7, 0x662e, 0x54b5, 0x453c,
318         0xbdcb, 0xac42, 0x9ed9, 0x8f50, 0xfbef, 0xea66, 0xd8fd, 0xc974,
319         0x4204, 0x538d, 0x6116, 0x709f, 0x0420, 0x15a9, 0x2732, 0x36bb,
320         0xce4c, 0xdfc5, 0xed5e, 0xfcd7, 0x8868, 0x99e1, 0xab7a, 0xbaf3,
321         0x5285, 0x430c, 0x7197, 0x601e, 0x14a1, 0x0528, 0x37b3, 0x263a,
322         0xdecd, 0xcf44, 0xfddf, 0xec56, 0x98e9, 0x8960, 0xbbfb, 0xaa72,
323         0x6306, 0x728f, 0x4014, 0x519d, 0x2522, 0x34ab, 0x0630, 0x17b9,
324         0xef4e, 0xfec7, 0xcc5c, 0xddd5, 0xa96a, 0xb8e3, 0x8a78, 0x9bf1,
325         0x7387, 0x620e, 0x5095, 0x411c, 0x35a3, 0x242a, 0x16b1, 0x0738,
326         0xffcf, 0xee46, 0xdcdd, 0xcd54, 0xb9eb, 0xa862, 0x9af9, 0x8b70,
327         0x8408, 0x9581, 0xa71a, 0xb693, 0xc22c, 0xd3a5, 0xe13e, 0xf0b7,
328         0x0840, 0x19c9, 0x2b52, 0x3adb, 0x4e64, 0x5fed, 0x6d76, 0x7cff,
329         0x9489, 0x8500, 0xb79b, 0xa612, 0xd2ad, 0xc324, 0xf1bf, 0xe036,
330         0x18c1, 0x0948, 0x3bd3, 0x2a5a, 0x5ee5, 0x4f6c, 0x7df7, 0x6c7e,
331         0xa50a, 0xb483, 0x8618, 0x9791, 0xe32e, 0xf2a7, 0xc03c, 0xd1b5,
332         0x2942, 0x38cb, 0x0a50, 0x1bd9, 0x6f66, 0x7eef, 0x4c74, 0x5dfd,
333         0xb58b, 0xa402, 0x9699, 0x8710, 0xf3af, 0xe226, 0xd0bd, 0xc134,
334         0x39c3, 0x284a, 0x1ad1, 0x0b58, 0x7fe7, 0x6e6e, 0x5cf5, 0x4d7c,
335         0xc60c, 0xd785, 0xe51e, 0xf497, 0x8028, 0x91a1, 0xa33a, 0xb2b3,
336         0x4a44, 0x5bcd, 0x6956, 0x78df, 0x0c60, 0x1de9, 0x2f72, 0x3efb,
337         0xd68d, 0xc704, 0xf59f, 0xe416, 0x90a9, 0x8120, 0xb3bb, 0xa232,
338         0x5ac5, 0x4b4c, 0x79d7, 0x685e, 0x1ce1, 0x0d68, 0x3ff3, 0x2e7a,
339         0xe70e, 0xf687, 0xc41c, 0xd595, 0xa12a, 0xb0a3, 0x8238, 0x93b1,
340         0x6b46, 0x7acf, 0x4854, 0x59dd, 0x2d62, 0x3ceb, 0x0e70, 0x1ff9,
341         0xf78f, 0xe606, 0xd49d, 0xc514, 0xb1ab, 0xa022, 0x92b9, 0x8330,
342         0x7bc7, 0x6a4e, 0x58d5, 0x495c, 0x3de3, 0x2c6a, 0x1ef1, 0x0f78
343 };
344 #if LINUX_VERSION_CODE >= VERSION(2,1,18)
345 EXPORT_SYMBOL(ppp_crc16_table);
346 #endif
347
348 #ifdef CHECK_CHARACTERS
349 static __u32 paritytab[8] =
350 {
351         0x96696996, 0x69969669, 0x69969669, 0x96696996,
352         0x69969669, 0x96696996, 0x96696996, 0x69969669
353 };
354 #endif
355
356 /*
357  * This procedure is called at initialization time to register
358  * the PPP line discipline.
359  */
360 static int
361 ppp_first_time(void)
362 {
363         static struct tty_ldisc ppp_ldisc;
364         int    status;
365
366         printk(KERN_INFO
367                "PPP: version %s (demand dialling)"
368                "\n", szVersion);
369
370 #ifndef MODULE /* slhc module logic has its own copyright announcement */
371         printk(KERN_INFO
372                "TCP compression code copyright 1989 Regents of the "
373                "University of California\n");
374 #endif
375
376         /*
377          * Register the tty discipline
378          */
379         (void) memset (&ppp_ldisc, 0, sizeof (ppp_ldisc));
380         ppp_ldisc.magic         = TTY_LDISC_MAGIC;
381 #if LINUX_VERSION_CODE >= VERSION(2,1,28)
382         ppp_ldisc.name          = "ppp";
383 #endif
384         ppp_ldisc.open          = ppp_tty_open;
385         ppp_ldisc.close         = ppp_tty_close;
386         ppp_ldisc.read          = ppp_tty_read;
387         ppp_ldisc.write         = ppp_tty_write;
388         ppp_ldisc.ioctl         = ppp_tty_ioctl;
389 #if LINUX_VERSION_CODE < VERSION(2,1,23)
390         ppp_ldisc.select        = ppp_tty_select;
391 #else
392         ppp_ldisc.poll          = ppp_tty_poll;
393 #endif
394         ppp_ldisc.receive_room  = ppp_tty_room;
395         ppp_ldisc.receive_buf   = ppp_tty_receive;
396         ppp_ldisc.write_wakeup  = ppp_tty_wakeup;
397
398         status = tty_register_ldisc (N_PPP, &ppp_ldisc);
399         if (status == 0)
400                 printk(KERN_INFO "PPP line discipline registered.\n");
401         else
402                 printk(KERN_ERR "error registering line discipline: %d\n",
403                        status);
404         return status;
405 }
406
407
408 #ifndef MODULE
409 /*
410  * Called at boot time if the PPP driver is compiled into the kernel.
411  */
412 int
413 ppp_init(struct device *dev)
414 {
415         static int first_time = 1;
416         int    answer = 0;
417
418         if (first_time) {
419                 first_time = 0;
420                 answer     = ppp_first_time();
421 #if LINUX_VERSION_CODE < VERSION(2,1,18)
422                 if (answer == 0)
423                         (void) register_symtab(&ppp_syms);
424 #endif
425         }
426         if (answer == 0)
427                 answer = -ENODEV;
428         return answer;
429 }
430 #endif
431
432 /*
433  * Initialize the async-specific parts of the ppp structure.
434  */
435 static void
436 ppp_async_init(struct ppp *ppp)
437 {
438         ppp->escape = 0;
439         ppp->toss   = 0xE0;
440         ppp->tty_pushing = 0;
441
442         memset (ppp->xmit_async_map, 0, sizeof (ppp->xmit_async_map));
443         ppp->xmit_async_map[0] = 0xffffffff;
444         ppp->xmit_async_map[3] = 0x60000000;
445         ppp->recv_async_map    = 0xffffffff;
446
447         ppp->tpkt = NULL;
448         ppp->tfcs = PPP_INITFCS;
449         ppp->optr = ppp->obuf;
450         ppp->olim = ppp->obuf;
451
452         ppp->rpkt = NULL;
453         ppp->rfcs = PPP_INITFCS;
454
455         ppp->tty  = NULL;
456         ppp->backup_tty = NULL;
457
458         ppp->bytes_sent = 0;
459         ppp->bytes_rcvd = 0;
460 }
461
462 /*
463  * Clean up the async-specific parts of the ppp structure.
464  */
465 static void
466 ppp_async_release(struct ppp *ppp)
467 {
468         struct sk_buff *skb;
469
470         if ((skb = ppp->rpkt) != NULL)
471                 KFREE_SKB(skb);
472         ppp->rpkt = NULL;
473         if ((skb = ppp->tpkt) != NULL)
474                 KFREE_SKB(skb);
475         ppp->tpkt = NULL;
476 }
477
478 /*
479  * TTY callback.
480  *
481  * Called when the tty discipline is switched to PPP.
482  */
483
484 static int
485 ppp_tty_open (struct tty_struct *tty)
486 {
487         struct ppp *ppp;
488
489         /*
490          * Allocate a ppp structure to use.
491          */
492         tty->disc_data = NULL;
493         ppp = ppp_find(current->pid);
494         if (ppp != NULL) {
495                 /*
496                  * If we are taking over a ppp unit which is currently
497                  * connected to a loopback pty, there's not much to do.
498                  */
499                 CHECK_PPP(-EINVAL);
500
501         } else {
502                 ppp = ppp_alloc();
503                 if (ppp == NULL) {
504                         printk(KERN_ERR "ppp_alloc failed\n");
505                         return -ENFILE;
506                 }
507
508                 /*
509                  * Initialize the control block
510                  */
511                 ppp_generic_init(ppp);
512                 ppp_async_init(ppp);
513
514                 MOD_INC_USE_COUNT;
515         }
516
517         tty->disc_data = ppp;
518         ppp->tty       = tty;
519
520         /*
521          * Flush any pending characters in the driver
522          */
523         if (tty->driver.flush_buffer)
524                 tty->driver.flush_buffer (tty);
525
526         return ppp->line;
527 }
528
529 /*
530  * TTY callback.
531  *
532  * Called when the line discipline is changed to something
533  * else, the tty is closed, or the tty detects a hangup.
534  */
535
536 static void
537 ppp_tty_close (struct tty_struct *tty)
538 {
539         struct ppp *ppp = tty2ppp(tty);
540
541         if (ppp == NULL)
542                 return;
543         tty->disc_data = NULL;
544         if (ppp->magic != PPP_MAGIC) {
545                 printk(KERN_WARNING "ppp_tty_close: bogus\n");
546                 return;
547         }
548         if (!ppp->inuse) {
549                 printk(KERN_WARNING "ppp_tty_close: not inuse\n");
550                 ppp->tty = ppp->backup_tty = 0;
551                 return;
552         }
553         if (tty == ppp->backup_tty)
554                 ppp->backup_tty = 0;
555         if (tty != ppp->tty)
556                 return;
557         if (ppp->backup_tty) {
558                 ppp->tty = ppp->backup_tty;
559                 if (ppp_tty_push(ppp))
560                         ppp_output_wakeup(ppp);
561                 wake_up_interruptible(&ppp->read_wait);
562         } else {
563                 ppp->tty = 0;
564                 ppp->sc_xfer = 0;
565                 if (ppp->flags & SC_DEBUG)
566                         printk(KERN_INFO "ppp: channel %s closing.\n",
567                                ppp2dev(ppp)->name);
568
569                 ppp_async_release(ppp);
570                 ppp_release(ppp);
571                 MOD_DEC_USE_COUNT;
572         }
573 }
574
575 /*
576  * Read a PPP frame from the rcv_q list,
577  * waiting if necessary
578  */
579 static rw_ret_t
580 ppp_tty_read(struct tty_struct *tty, struct file *file, __u8 * buf,
581              rw_count_t nr)
582 {
583         struct ppp *ppp = tty2ppp (tty);
584         struct sk_buff *skb;
585         rw_ret_t len, err;
586
587         /*
588          * Validate the pointers
589          */
590         if (!ppp)
591                 return -EIO;
592         CHECK_PPP(-ENXIO);
593
594         /*
595          * Before we attempt to write the frame to the user, ensure that the
596          * user has access to the pages for the total buffer length.
597          */
598         err = verify_area(VERIFY_WRITE, buf, nr);
599         if (err != 0)
600                 return (err);
601
602         /*
603          * Wait for a frame to arrive if necessary.
604          * We increment the module use count so that the module
605          * can't go away while we're sleeping.
606          */
607         MOD_INC_USE_COUNT;
608         skb = NULL;
609         for (;;) {
610                 ppp = tty2ppp(tty);
611                 err = 0;
612                 if (!ppp || ppp->magic != PPP_MAGIC || !ppp->inuse
613                     || tty != ppp->tty)
614                         break;
615
616                 skb = skb_dequeue(&ppp->rcv_q);
617                 if (skb != 0)
618                         break;
619
620                 /*
621                  * If no frame is available, return -EAGAIN or wait.
622                  */
623                 err = -EAGAIN;
624                 if (file->f_flags & O_NONBLOCK)
625                         break;
626
627                 interruptible_sleep_on(&ppp->read_wait);
628                 err = -EINTR;
629                 if (signal_pending(current))
630                         break;
631         }
632         MOD_DEC_USE_COUNT;
633         if (skb == 0)
634                 return err;
635
636         /*
637          * Ensure that the frame will fit within the caller's buffer.
638          * If not, just discard the frame.
639          */
640         len = skb->len;
641         if (len > nr) {
642                 if (ppp->flags & SC_DEBUG)
643                         printk(KERN_DEBUG
644                                "ppp: read of %lu bytes too small for %ld "
645                                "frame\n", (unsigned long) nr, (long) len);
646                 ppp->stats.ppp_ierrors++;
647                 err = -EOVERFLOW;
648                 goto out;
649         }
650
651         /*
652          * Copy the received data from the buffer to the caller's area.
653          */
654         err = len;
655         if (COPY_TO_USER(buf, skb->data, len))
656                 err = -EFAULT;
657
658 out:
659         KFREE_SKB(skb);
660         return err;
661 }
662
663 /*
664  * Writing to a tty in ppp line discipline sends a PPP frame.
665  * Used by pppd to send control packets (LCP, etc.).
666  */
667 static rw_ret_t
668 ppp_tty_write(struct tty_struct *tty, struct file *file, const __u8 * data,
669               rw_count_t count)
670 {
671         struct ppp *ppp = tty2ppp (tty);
672         __u8 *new_data;
673         struct sk_buff *skb;
674
675         /*
676          * Verify the pointers.
677          */
678         if (!ppp)
679                 return -EIO;
680
681         if (ppp->magic != PPP_MAGIC)
682                 return -EIO;
683
684         CHECK_PPP(-ENXIO);
685
686         /*
687          * Ensure that the caller does not wish to send too much.
688          */
689         if (count > PPP_MTU + PPP_HDRLEN) {
690                 if (ppp->flags & SC_DEBUG)
691                         printk(KERN_WARNING
692                                "ppp_tty_write: truncating user packet "
693                                "from %lu to mtu %d\n", (unsigned long) count,
694                                PPP_MTU + PPP_HDRLEN);
695                 count = PPP_MTU + PPP_HDRLEN;
696         }
697
698         /*
699          * Allocate a buffer for the data and fetch it from the user space.
700          */
701         skb = alloc_skb(count, GFP_KERNEL);
702         if (skb == NULL) {
703                 printk(KERN_ERR "ppp_tty_write: no memory\n");
704                 return 0;
705         }
706         LIBERATE_SKB(skb);
707         new_data = skb_put(skb, count);
708
709         /*
710          * Retrieve the user's buffer
711          */
712         if (COPY_FROM_USER(new_data, data, count)) {
713                 KFREE_SKB(skb);
714                 return -EFAULT;
715         }
716
717         /*
718          * Send the frame
719          */
720         ppp_send_ctrl(ppp, skb);
721
722         return (rw_ret_t) count;
723 }
724
725 /*
726  * Process the IOCTL call for the tty device.
727  * Only the ioctls that relate to using ppp on async serial lines
728  * are processed here; the rest are handled by ppp_ioctl.
729  */
730 static int
731 ppp_tty_ioctl (struct tty_struct *tty, struct file * file,
732                unsigned int param2, unsigned long param3)
733 {
734         struct ppp *ppp = tty2ppp (tty);
735         register int temp_i = 0;
736         int error = -EFAULT;
737
738         /*
739          * Verify the status of the PPP device.
740          */
741         if (!ppp || ppp->magic != PPP_MAGIC || !ppp->inuse)
742                 return -ENXIO;
743
744         /*
745          * The user must have an euid of root to do these requests.
746          */
747         if (!SUSER())
748                 return -EPERM;
749
750         switch (param2) {
751         case PPPIOCGASYNCMAP:
752                 /*
753                  * Retrieve the transmit async map
754                  */
755                 if (PUT_USER(ppp->xmit_async_map[0], (int *) param3))
756                         break;
757                 error = 0;
758                 break;
759
760         case PPPIOCSASYNCMAP:
761                 /*
762                  * Set the transmit async map
763                  */
764                 if (GET_USER(temp_i, (int *) param3))
765                         break;
766                 ppp->xmit_async_map[0] = temp_i;
767                 if (ppp->flags & SC_DEBUG)
768                         printk(KERN_INFO
769                                "ppp_tty_ioctl: set xmit asyncmap %x\n",
770                                ppp->xmit_async_map[0]);
771                 error = 0;
772                 break;
773
774         case PPPIOCSRASYNCMAP:
775                 /*
776                  * Set the receive async map
777                  */
778                 if (GET_USER(temp_i, (int *) param3))
779                         break;
780                 ppp->recv_async_map = temp_i;
781                 if (ppp->flags & SC_DEBUG)
782                         printk(KERN_INFO
783                                "ppp_tty_ioctl: set rcv asyncmap %x\n",
784                                ppp->recv_async_map);
785                 error = 0;
786                 break;
787
788         case PPPIOCGXASYNCMAP:
789                 /*
790                  * Get the map of characters to be escaped on transmission.
791                  */
792                 if (COPY_TO_USER((void *) param3, ppp->xmit_async_map,
793                                  sizeof (ppp->xmit_async_map)))
794                         break;
795                 error = 0;
796                 break;
797
798         case PPPIOCSXASYNCMAP:
799                 /*
800                  * Set the map of characters to be escaped on transmission.
801                  */
802                 {
803                         __u32 temp_tbl[8];
804
805                         if (COPY_FROM_USER(temp_tbl, (void *) param3,
806                                            sizeof (temp_tbl)))
807                                 break;
808
809                         temp_tbl[1]  =  0x00000000;
810                         temp_tbl[2] &= ~0x40000000;
811                         temp_tbl[3] |=  0x60000000;
812
813                         memcpy(ppp->xmit_async_map, temp_tbl,
814                                sizeof (ppp->xmit_async_map));
815
816                         if (ppp->flags & SC_DEBUG)
817                                 printk(KERN_INFO
818                                        "ppp_tty_ioctl: set xasyncmap\n");
819                         error = 0;
820                 }
821                 break;
822
823         case PPPIOCXFERUNIT:
824                 /*
825                  * Set up this PPP unit to be used next time this
826                  * process sets a tty to PPP line discipline.
827                  */
828                 ppp->backup_tty = tty;
829                 ppp->sc_xfer = current->pid;
830                 error = 0;
831                 break;
832
833         case TCGETS:
834         case TCGETA:
835                 /*
836                  * Allow users to read, but not set, the serial port parameters
837                  */
838                 error = n_tty_ioctl (tty, file, param2, param3);
839                 break;
840
841         case TCFLSH:
842                 /*
843                  * Flush our buffers, then call the generic code to
844                  * flush the serial port's buffer.
845                  */
846                 if (param3 == TCIFLUSH || param3 == TCIOFLUSH) {
847                         struct sk_buff *skb;
848                         while ((skb = skb_dequeue(&ppp->rcv_q)) != NULL)
849                                 KFREE_SKB(skb);
850                 }
851                 if (param3 == TCIOFLUSH || param3 == TCOFLUSH)
852                         ppp_tty_flush_output(ppp);
853                 error = n_tty_ioctl (tty, file, param2, param3);
854                 break;
855
856         case FIONREAD:
857                 /*
858                  * Returns how many bytes are available for a read().
859                  */
860                 {
861                         unsigned long flags;
862                         struct sk_buff *skb;
863                         int count = 0;
864
865                         save_flags(flags);
866                         cli();
867                         skb = skb_peek(&ppp->rcv_q);
868                         if (skb != 0)
869                                 count = skb->len;
870                         restore_flags(flags);
871                         if (PUT_USER(count, (int *) param3))
872                                 break;
873                         error = 0;
874                 }
875                 break;
876
877         default:
878                 /*
879                  *  All other ioctl() events will come here.
880                  */
881                 error = ppp_ioctl(ppp, param2, param3);
882                 break;
883         }
884         return error;
885 }
886
887 /*
888  * TTY callback.
889  *
890  * Process the select() or poll() statement for the PPP device.
891  */
892
893 #if LINUX_VERSION_CODE < VERSION(2,1,23)
894 static int
895 ppp_tty_select(struct tty_struct *tty, struct inode *inode,
896                struct file *filp, int sel_type, select_table * wait)
897 {
898         struct ppp *ppp = tty2ppp(tty);
899         int result = 1;
900
901         /*
902          * Verify the status of the PPP device.
903          */
904         if (!ppp || tty != ppp->tty)
905                 return -EBADF;
906
907         CHECK_PPP(-EBADF);
908
909         switch (sel_type) {
910         case SEL_IN:
911                 /* The fd is readable if the receive queue isn't empty. */
912                 if (skb_peek(&ppp->rcv_q) != NULL)
913                         break;
914                 /* fall through */
915         case SEL_EX:
916                 /* Check for exceptions or read errors. */
917                 /* Is this a pty link and the remote disconnected? */
918                 if (tty->flags & (1 << TTY_OTHER_CLOSED))
919                         break;
920
921                 /* Is this a local link and the modem disconnected? */
922                 if (tty_hung_up_p (filp))
923                         break;
924
925                 select_wait(&ppp->read_wait, wait);
926                 result = 0;
927                 break;
928
929         case SEL_OUT:
930                 /* The fd is always writable. */
931                 break;
932         }
933         return result;
934 }
935
936 #else   /* 2.1.23 or later */
937
938 static unsigned int
939 ppp_tty_poll(struct tty_struct *tty, struct file *filp, poll_table * wait)
940 {
941         struct ppp *ppp = tty2ppp(tty);
942         unsigned int mask = 0;
943
944         if (ppp && ppp->magic == PPP_MAGIC && tty == ppp->tty) {
945                 CHECK_PPP(0);
946
947                 poll_wait(filp, &ppp->read_wait, wait);
948
949                 if (skb_peek(&ppp->rcv_q) != NULL)
950                         mask |= POLLIN | POLLRDNORM;
951                 if (tty->flags & (1 << TTY_OTHER_CLOSED)
952                     || tty_hung_up_p(filp))
953                         mask |= POLLHUP;
954                 mask |= POLLOUT | POLLWRNORM;
955         }
956         return mask;
957 }
958 #endif  /* >= 2.1.23 */
959
960 /*
961  * This function is called by the tty driver when the transmit buffer has
962  * additional space. It is used by the ppp code to continue to transmit
963  * the current buffer should the buffer have been partially sent.
964  */
965 static void
966 ppp_tty_wakeup (struct tty_struct *tty)
967 {
968         struct ppp *ppp = tty2ppp (tty);
969
970         tty->flags &= ~(1 << TTY_DO_WRITE_WAKEUP);
971         if (!ppp)
972                 return;
973         CHECK_PPP_VOID();
974         if (tty != ppp->tty)
975                 return;
976
977         if (ppp_tty_push(ppp))
978                 ppp_output_wakeup(ppp);
979 }
980
981 /*
982  * Send a packet to the peer over a synchronous tty line.
983  * All encoding and FCS are handled by hardware.
984  * Addr/Ctrl and Protocol field compression implemented.
985  * Returns -1 iff the packet could not be accepted at present,
986  * 0 if the packet was accepted but we can't accept another yet, or
987  * 1 if we can accept another packet immediately.
988  * If this procedure returns 0, ppp_output_wakeup will be called
989  * exactly once.
990  */
991 static int
992 ppp_sync_send(struct ppp *ppp, struct sk_buff *skb)
993 {
994         unsigned char *data;
995         int islcp;
996         
997         CHECK_PPP(0);
998
999         if (ppp->tpkt != NULL)
1000                 return -1;
1001         ppp->tpkt = skb;
1002
1003         data = ppp->tpkt->data;
1004         
1005         /*
1006          * LCP packets with code values between 1 (configure-reqest)
1007          * and 7 (code-reject) must be sent as though no options
1008          * had been negotiated.
1009          */
1010         islcp = PPP_PROTOCOL(data) == PPP_LCP
1011                 && 1 <= data[PPP_HDRLEN] && data[PPP_HDRLEN] <= 7;
1012
1013         /* only reset idle time for data packets */
1014         if (PPP_PROTOCOL(data) < 0x8000)
1015                 ppp->last_xmit = jiffies;
1016         ++ppp->stats.ppp_opackets;
1017         ppp->stats.ppp_ooctects += ppp->tpkt->len;
1018
1019         if ( !(data[2]) && (ppp->flags & SC_COMP_PROT) ) {
1020                 /* compress protocol field */
1021                 data[2] = data[1];
1022                 data[1] = data[0];
1023                 skb_pull(ppp->tpkt,1);
1024                 data = ppp->tpkt->data;
1025         }
1026         
1027         /*
1028          * Do address/control compression
1029          */
1030         if ((ppp->flags & SC_COMP_AC) && !islcp
1031             && PPP_ADDRESS(data) == PPP_ALLSTATIONS
1032             && PPP_CONTROL(data) == PPP_UI) {
1033                 /* strip addr and control field */
1034                 skb_pull(ppp->tpkt,2);
1035         }
1036
1037         return ppp_tty_sync_push(ppp);
1038 }
1039
1040 /*
1041  * Push a synchronous frame out to the tty.
1042  * Returns 1 if frame accepted (or discarded), 0 otherwise.
1043  */
1044 static int
1045 ppp_tty_sync_push(struct ppp *ppp)
1046 {
1047         int sent;
1048         struct tty_struct *tty = ppp2tty(ppp);
1049         unsigned long flags;
1050                 
1051         CHECK_PPP(0);
1052
1053         if (ppp->tpkt == NULL)
1054                 return 0;
1055                 
1056         /* prevent reentrancy with tty_pushing flag */          
1057         save_flags(flags);
1058         cli();
1059         if (ppp->tty_pushing) {
1060                 /* record wakeup attempt so we don't lose */
1061                 /* a wakeup call while doing push processing */
1062                 ppp->woke_up=1;
1063                 restore_flags(flags);
1064                 return 0;
1065         }
1066         ppp->tty_pushing = 1;
1067         restore_flags(flags);
1068         
1069         if (tty == NULL || tty->disc_data != (void *) ppp)
1070                 goto flush;
1071                 
1072         for(;;){
1073                 ppp->woke_up=0;
1074                 
1075                 /* Note: Sync driver accepts complete frame or nothing */
1076                 tty->flags |= (1 << TTY_DO_WRITE_WAKEUP);
1077                 sent = tty->driver.write(tty, 0, ppp->tpkt->data, ppp->tpkt->len);
1078                 if (sent < 0) {
1079                         /* write error (possible loss of CD) */
1080                         /* record error and discard current packet */
1081                         ppp->stats.ppp_oerrors++;
1082                         break;
1083                 }
1084                 ppp->stats.ppp_obytes += sent;
1085                 if (sent < ppp->tpkt->len) {
1086                         /* driver unable to accept frame just yet */
1087                         save_flags(flags);
1088                         cli();
1089                         if (ppp->woke_up) {
1090                                 /* wake up called while processing */
1091                                 /* try to send the frame again */
1092                                 restore_flags(flags);
1093                                 continue;
1094                         }
1095                         /* wait for wakeup callback to try send again */
1096                         ppp->tty_pushing = 0;
1097                         restore_flags(flags);
1098                         return 0;
1099                 }
1100                 break;
1101         }
1102 flush:  
1103         /* done with current packet (sent or discarded) */
1104         KFREE_SKB(ppp->tpkt);
1105         ppp->tpkt = 0;
1106         ppp->tty_pushing = 0;
1107         return 1;
1108 }
1109
1110 /*
1111  * Send a packet to the peer over an async tty line.
1112  * Returns -1 iff the packet could not be accepted at present,
1113  * 0 if the packet was accepted but we can't accept another yet, or
1114  * 1 if we can accept another packet immediately.
1115  * If this procedure returns 0, ppp_output_wakeup will be called
1116  * exactly once.
1117  */
1118 static int
1119 ppp_async_send(struct ppp *ppp, struct sk_buff *skb)
1120 {
1121         CHECK_PPP(0);
1122
1123         ppp_tty_push(ppp);
1124
1125         if (ppp->tpkt != NULL)
1126                 return -1;
1127         ppp->tpkt = skb;
1128         ppp->tpkt_pos = 0;
1129
1130         return ppp_tty_push(ppp);
1131 }
1132
1133 /*
1134  * Push as much data as possible out to the tty.
1135  * Returns 1 if we finished encoding the current frame, 0 otherwise.
1136  */
1137 static int
1138 ppp_tty_push(struct ppp *ppp)
1139 {
1140         int avail, sent, done = 0;
1141         struct tty_struct *tty = ppp2tty(ppp);
1142         
1143         if (ppp->flags & SC_SYNC) 
1144                 return ppp_tty_sync_push(ppp);
1145
1146         CHECK_PPP(0);
1147         if (ppp->tty_pushing) {
1148                 ppp->woke_up = 1;
1149                 return 0;
1150         }
1151         if (tty == NULL || tty->disc_data != (void *) ppp)
1152                 goto flush;
1153         while (ppp->optr < ppp->olim || ppp->tpkt != 0) {
1154                 ppp->tty_pushing = 1;
1155                 mb();
1156                 ppp->woke_up = 0;
1157                 avail = ppp->olim - ppp->optr;
1158                 if (avail > 0) {
1159                         tty->flags |= (1 << TTY_DO_WRITE_WAKEUP);
1160                         sent = tty->driver.write(tty, 0, ppp->optr, avail);
1161                         if (sent < 0)
1162                                 goto flush;     /* error, e.g. loss of CD */
1163                         ppp->stats.ppp_obytes += sent;
1164                         ppp->optr += sent;
1165                         if (sent < avail) {
1166                                 wmb();
1167                                 ppp->tty_pushing = 0;
1168                                 mb();
1169                                 if (ppp->woke_up)
1170                                         continue;
1171                                 return done;
1172                         }
1173                 }
1174                 if (ppp->tpkt != 0)
1175                         done = ppp_async_encode(ppp);
1176                 wmb();
1177                 ppp->tty_pushing = 0;
1178         }
1179         return done;
1180
1181 flush:
1182         ppp->tty_pushing = 1;
1183         mb();
1184         ppp->stats.ppp_oerrors++;
1185         if (ppp->tpkt != 0) {
1186                 KFREE_SKB(ppp->tpkt);
1187                 ppp->tpkt = 0;
1188                 done = 1;
1189         }
1190         ppp->optr = ppp->olim;
1191         wmb();
1192         ppp->tty_pushing = 0;
1193         return done;
1194 }
1195
1196 /*
1197  * Procedure to encode the data for async serial transmission.
1198  * Does octet stuffing (escaping) and address/control
1199  * and protocol compression.
1200  * Assumes ppp->opkt != 0 on entry.
1201  * Returns 1 if we finished the current frame, 0 otherwise.
1202  */
1203 static int
1204 ppp_async_encode(struct ppp *ppp)
1205 {
1206         int fcs, i, count, c;
1207         unsigned char *buf, *buflim;
1208         unsigned char *data;
1209         int islcp;
1210
1211         CHECK_PPP(0);
1212
1213         buf = ppp->obuf;
1214         ppp->olim = buf;
1215         ppp->optr = buf;
1216         i = ppp->tpkt_pos;
1217         data = ppp->tpkt->data;
1218         count = ppp->tpkt->len;
1219         fcs = ppp->tfcs;
1220
1221         /*
1222          * LCP packets with code values between 1 (configure-reqest)
1223          * and 7 (code-reject) must be sent as though no options
1224          * had been negotiated.
1225          */
1226         islcp = PPP_PROTOCOL(data) == PPP_LCP
1227                 && 1 <= data[PPP_HDRLEN] && data[PPP_HDRLEN] <= 7;
1228
1229         if (i == 0) {
1230                 /*
1231                  * Start of a new packet - insert the leading FLAG
1232                  * character if necessary.
1233                  */
1234                 if (islcp || flag_time == 0
1235                     || jiffies - ppp->last_xmit >= flag_time)
1236                         *buf++ = PPP_FLAG;
1237                 /* only reset idle time for data packets */
1238                 if (PPP_PROTOCOL(data) < 0x8000)
1239                         ppp->last_xmit = jiffies;
1240                 fcs = PPP_INITFCS;
1241                 ++ppp->stats.ppp_opackets;
1242                 ppp->stats.ppp_ooctects += count;
1243
1244                 /*
1245                  * Do address/control compression
1246                  */
1247                 if ((ppp->flags & SC_COMP_AC) != 0 && !islcp
1248                     && PPP_ADDRESS(data) == PPP_ALLSTATIONS
1249                     && PPP_CONTROL(data) == PPP_UI)
1250                         i += 2;
1251         }
1252
1253         /*
1254          * Once we put in the last byte, we need to put in the FCS
1255          * and closing flag, so make sure there is at least 7 bytes
1256          * of free space in the output buffer.
1257          */
1258         buflim = buf + OBUFSIZE - 6;
1259         while (i < count && buf < buflim) {
1260                 c = data[i++];
1261                 if (i == 3 && c == 0 && (ppp->flags & SC_COMP_PROT))
1262                         continue;       /* compress protocol field */
1263                 fcs = PPP_FCS(fcs, c);
1264                 if (in_xmap(ppp, c) || (islcp && c < 0x20)) {
1265                         *buf++ = PPP_ESCAPE;
1266                         c ^= 0x20;
1267                 }
1268                 *buf++ = c;
1269         }
1270
1271         if (i == count) {
1272                 /*
1273                  * We have finished the packet.  Add the FCS and flag.
1274                  */
1275                 fcs = ~fcs;
1276                 c = fcs & 0xff;
1277                 if (in_xmap(ppp, c) || (islcp && c < 0x20)) {
1278                         *buf++ = PPP_ESCAPE;
1279                         c ^= 0x20;
1280                 }
1281                 *buf++ = c;
1282                 c = (fcs >> 8) & 0xff;
1283                 if (in_xmap(ppp, c) || (islcp && c < 0x20)) {
1284                         *buf++ = PPP_ESCAPE;
1285                         c ^= 0x20;
1286                 }
1287                 *buf++ = c;
1288                 *buf++ = PPP_FLAG;
1289                 ppp->olim = buf;
1290
1291                 KFREE_SKB(ppp->tpkt);
1292                 ppp->tpkt = 0;
1293                 return 1;
1294         }
1295
1296         /*
1297          * Remember where we are up to in this packet.
1298          */
1299         ppp->olim = buf;
1300         ppp->tpkt_pos = i;
1301         ppp->tfcs = fcs;
1302         return 0;
1303 }
1304
1305 /*
1306  * Flush output from our internal buffers.
1307  * Called for the TCFLSH ioctl.
1308  */
1309 static void
1310 ppp_tty_flush_output(struct ppp *ppp)
1311 {
1312         struct sk_buff *skb;
1313         int done = 0;
1314
1315         while ((skb = skb_dequeue(&ppp->xmt_q)) != NULL)
1316                 KFREE_SKB(skb);
1317         ppp->tty_pushing = 1;
1318         mb();
1319         ppp->optr = ppp->olim;
1320         if (ppp->tpkt != NULL) {
1321                 KFREE_SKB(ppp->tpkt);
1322                 ppp->tpkt = 0;
1323                 done = 1;
1324         }
1325         wmb();
1326         ppp->tty_pushing = 0;
1327         if (done)
1328                 ppp_output_wakeup(ppp);
1329 }
1330
1331 /*
1332  * Callback function from tty driver. Return the amount of space left
1333  * in the receiver's buffer to decide if remote transmitter is to be
1334  * throttled.
1335  */
1336 static int
1337 ppp_tty_room (struct tty_struct *tty)
1338 {
1339         return 65536;       /* We can handle an infinite amount of data. :-) */
1340 }
1341
1342 /*
1343  * Callback function when data is available at the tty driver.
1344  */
1345 static void
1346 ppp_tty_receive (struct tty_struct *tty, const __u8 * data,
1347                  char *flags, int count)
1348 {
1349         register struct ppp *ppp = tty2ppp (tty);
1350         struct sk_buff *skb;
1351         int chr, flg;
1352         unsigned char *p;
1353
1354         if (ppp != 0)
1355                 CHECK_PPP_VOID();
1356         /*
1357          * This can happen if stuff comes in on the backup tty.
1358          */
1359         if (ppp == 0 || tty != ppp->tty)
1360                 return;
1361         /*
1362          * Verify the table pointer and ensure that the line is
1363          * still in PPP discipline.
1364          */
1365         if (ppp->magic != PPP_MAGIC) {
1366                 if (ppp->flags & SC_DEBUG)
1367                         printk(KERN_DEBUG
1368                                "PPP: tty_receive called but couldn't find "
1369                                "PPP struct.\n");
1370                 return;
1371         }
1372         /*
1373          * Print the buffer if desired
1374          */
1375         if (ppp->flags & SC_LOG_RAWIN)
1376                 ppp_print_buffer ("receive buffer", data, count);
1377
1378         ppp->stats.ppp_ibytes += count;
1379         skb = ppp->rpkt;
1380         
1381         if ( ppp->flags & SC_SYNC ) {
1382                 /* synchronous mode */
1383                 
1384                 if (ppp->toss==0xE0) {
1385                         /* this is the 1st frame, reset vj comp */
1386                         ppp_receive_error(ppp);
1387                         ppp->toss = 0;
1388                 }
1389                 
1390                 /*
1391                  * Allocate an skbuff for frame.
1392                  * The 128 is room for VJ header expansion.
1393                  */
1394                 
1395                 if (skb == NULL)
1396                         skb = dev_alloc_skb(ppp->mru + 128 + PPP_HDRLEN);
1397                         
1398                 if (skb == NULL) {
1399                         if (ppp->flags & SC_DEBUG)
1400                                 printk(KERN_DEBUG "couldn't "
1401                                        "alloc skb for recv\n");
1402                 } else {
1403                         LIBERATE_SKB(skb);
1404                         /*
1405                          * Decompress A/C and protocol compression here.
1406                          */
1407                         p = skb_put(skb, 2);
1408                         p[0] = PPP_ALLSTATIONS;
1409                         p[1] = PPP_UI;
1410                         if (*data == PPP_ALLSTATIONS) {
1411                                 data += 2;
1412                                 count -= 2;
1413                         }
1414                         if ((*data & 1) != 0) {
1415                                 p = skb_put(skb, 1);
1416                                 p[0] = 0;
1417                         }
1418
1419                         /* copy frame to socket buffer */
1420                         p = skb_put(skb, count);
1421                         memcpy(p,data,count);
1422                         
1423                         /*
1424                          * Check if we've overflowed the MRU
1425                          */
1426                         if (skb->len >= ppp->mru + PPP_HDRLEN + 2
1427                             || skb_tailroom(skb) <= 0) {
1428                                 ++ppp->estats.rx_length_errors;
1429                                 if (ppp->flags & SC_DEBUG)
1430                                         printk(KERN_DEBUG "rcv frame too long: "
1431                                                "len=%d mru=%d hroom=%d troom=%d\n",
1432                                                skb->len, ppp->mru, skb_headroom(skb),
1433                                                skb_tailroom(skb));
1434                         } else {
1435                                 if (!ppp_receive_frame(ppp, skb)) {
1436                                         KFREE_SKB(skb);
1437                                         ppp_receive_error(ppp);
1438                                 }
1439                         }
1440                 
1441                         /* Reset for the next frame */
1442                         skb = NULL;
1443                 }
1444                 ppp->rpkt = skb;
1445                 return;
1446         }
1447         
1448         while (count-- > 0) {
1449                 /*
1450                  * Collect the character and error condition for the character.
1451                  * Set the toss flag for the first character error.
1452                  */
1453                 chr = *data++;
1454                 if (flags) {
1455                         flg = *flags++;
1456                         if (flg) {
1457                                 if (ppp->toss == 0)
1458                                         ppp->toss = flg;
1459                                 switch (flg) {
1460                                 case TTY_OVERRUN:
1461                                         ++ppp->estats.rx_fifo_errors;
1462                                         break;
1463                                 case TTY_FRAME:
1464                                 case TTY_BREAK:
1465                                         ++ppp->estats.rx_frame_errors;
1466                                         break;
1467                                 }
1468                                 continue;
1469                         }
1470                 }
1471
1472                 /*
1473                  * Set the flags for d7 being 0/1 and parity being
1474                  * even/odd so that the normal processing would have
1475                  * all flags set at the end of the session.  A
1476                  * missing flag bit indicates an error condition.
1477                  */
1478
1479 #ifdef CHECK_CHARACTERS
1480                 if (chr & 0x80)
1481                         ppp->flags |= SC_RCV_B7_1;
1482                 else
1483                         ppp->flags |= SC_RCV_B7_0;
1484
1485                 if (paritytab[chr >> 5] & (1 << (chr & 0x1F)))
1486                         ppp->flags |= SC_RCV_ODDP;
1487                 else
1488                         ppp->flags |= SC_RCV_EVNP;
1489 #endif
1490
1491                 if (chr == PPP_FLAG) {
1492                         /*
1493                          * FLAG. This is the end of the block. If the block
1494                          * ends with ESC FLAG, then the block is to be ignored.
1495                          */
1496                         if (ppp->escape)
1497                                 ppp->toss |= 0x80;
1498                         /*
1499                          * Process the frame if it was received correctly.
1500                          * If there was an error, let the VJ decompressor know.
1501                          * There are 4 cases here:
1502                          * skb != NULL, toss != 0: error in frame
1503                          * skb != NULL, toss == 0: frame ok
1504                          * skb == NULL, toss != 0: very first frame,
1505                          *      error on 1st char, or alloc_skb failed
1506                          * skb == NULL, toss == 0: empty frame (~~)
1507                          */
1508                         if (ppp->toss || !ppp_receive_frame(ppp, skb)) {
1509                                 if (ppp->toss && (ppp->flags & SC_DEBUG))
1510                                         printk(KERN_DEBUG
1511                                                "ppp: tossing frame (%x)\n",
1512                                                ppp->toss);
1513                                 if (skb != NULL)
1514                                         KFREE_SKB(skb);
1515                                 if (!(ppp->toss == 0xE0 || ppp->toss == 0x80))
1516                                         ++ppp->stats.ppp_ierrors;
1517                                 ppp_receive_error(ppp);
1518                         }
1519                         /*
1520                          * Reset for the next frame.
1521                          */
1522                         skb = NULL;
1523                         ppp->rfcs = PPP_INITFCS;
1524                         ppp->escape = 0;
1525                         ppp->toss = 0;
1526                         continue;
1527                 }
1528
1529                 /* If we're tossing, look no further. */
1530                 if (ppp->toss != 0)
1531                         continue;
1532
1533                 /* If this is a control char to be ignored, do so */
1534                 if (in_rmap(ppp, chr))
1535                         continue;
1536
1537                 /*
1538                  * Modify the next character if preceded by escape.
1539                  * The escape character (0x7d) could be an escaped
1540                  * 0x5d, if it follows an escape :-)
1541                  */
1542                 if (ppp->escape) {
1543                         chr ^= PPP_TRANS;
1544                         ppp->escape = 0;
1545                 } else if (chr == PPP_ESCAPE) {
1546                         ppp->escape = PPP_TRANS;
1547                         continue;
1548                 }
1549
1550                 /*
1551                  * Allocate an skbuff on the first character received.
1552                  * The 128 is room for VJ header expansion and FCS.
1553                  */
1554                 if (skb == NULL) {
1555                         skb = dev_alloc_skb(ppp->mru + 128 + PPP_HDRLEN);
1556                         if (skb == NULL) {
1557                                 if (ppp->flags & SC_DEBUG)
1558                                         printk(KERN_DEBUG "couldn't "
1559                                                "alloc skb for recv\n");
1560                                 ppp->toss = 1;
1561                                 continue;
1562                         }
1563                         LIBERATE_SKB(skb);
1564                 }
1565
1566                 /*
1567                  * Decompress A/C and protocol compression here.
1568                  */
1569                 if (skb->len == 0 && chr != PPP_ALLSTATIONS) {
1570                         p = skb_put(skb, 2);
1571                         p[0] = PPP_ALLSTATIONS;
1572                         p[1] = PPP_UI;
1573                 }
1574                 if (skb->len == 2 && (chr & 1) != 0) {
1575                         p = skb_put(skb, 1);
1576                         p[0] = 0;
1577                 }
1578
1579                 /*
1580                  * Check if we've overflowed the MRU
1581                  */
1582                 if (skb->len >= ppp->mru + PPP_HDRLEN + 2
1583                     || skb_tailroom(skb) <= 0) {
1584                         ++ppp->estats.rx_length_errors;
1585                         ppp->toss = 0xC0;
1586                         if (ppp->flags & SC_DEBUG)
1587                                 printk(KERN_DEBUG "rcv frame too long: "
1588                                        "len=%d mru=%d hroom=%d troom=%d\n",
1589                                        skb->len, ppp->mru, skb_headroom(skb),
1590                                        skb_tailroom(skb));
1591                         continue;
1592                 }
1593
1594                 /*
1595                  * Store the character and update the FCS.
1596                  */
1597                 p = skb_put(skb, 1);
1598                 *p = chr;
1599                 ppp->rfcs = PPP_FCS(ppp->rfcs, chr);
1600         }
1601         ppp->rpkt = skb;
1602 }
1603
1604 /*************************************************************
1605  * PPP NETWORK INTERFACE SUPPORT
1606  *      The following code implements the PPP network
1607  *      interface device and handles those parts of
1608  *      the PPP processing which are independent of the
1609  *      type of hardware link being used, including
1610  *      VJ and packet compression.
1611  *************************************************************/
1612
1613 /*
1614  * Network device driver callback routines
1615  */
1616
1617 static int ppp_init_dev(struct device *dev);
1618 static int ppp_dev_open(struct device *);
1619 static int ppp_dev_ioctl(struct device *dev, struct ifreq *ifr, int cmd);
1620 static int ppp_dev_close(struct device *);
1621 static int ppp_dev_xmit(struct sk_buff *, struct device *);
1622 static struct net_device_stats *ppp_dev_stats (struct device *);
1623
1624 #if LINUX_VERSION_CODE < VERSION(2,1,15)
1625 static int ppp_dev_header(struct sk_buff *, struct device *, __u16,
1626                           void *, void *, unsigned int);
1627 static int ppp_dev_rebuild(void *eth, struct device *dev,
1628                            unsigned long raddr, struct sk_buff *skb);
1629 #endif
1630
1631 /*
1632  * Information for the protocol decoder
1633  */
1634
1635 typedef int (*pfn_proto)  (struct ppp *, struct sk_buff *);
1636
1637 typedef struct ppp_proto_struct {
1638         int             proto;
1639         pfn_proto       func;
1640 } ppp_proto_type;
1641
1642 static int rcv_proto_ip         (struct ppp *, struct sk_buff *);
1643 static int rcv_proto_ipv6       (struct ppp *, struct sk_buff *);
1644 static int rcv_proto_ipx        (struct ppp *, struct sk_buff *);
1645 static int rcv_proto_at         (struct ppp *, struct sk_buff *);
1646 static int rcv_proto_vjc_comp   (struct ppp *, struct sk_buff *);
1647 static int rcv_proto_vjc_uncomp (struct ppp *, struct sk_buff *);
1648 static int rcv_proto_ccp        (struct ppp *, struct sk_buff *);
1649 static int rcv_proto_unknown    (struct ppp *, struct sk_buff *);
1650
1651 static
1652 ppp_proto_type proto_list[] = {
1653         { PPP_IP,         rcv_proto_ip         },
1654         { PPP_IPV6,       rcv_proto_ipv6       },
1655         { PPP_IPX,        rcv_proto_ipx        },
1656         { PPP_AT,         rcv_proto_at         },
1657         { PPP_VJC_COMP,   rcv_proto_vjc_comp   },
1658         { PPP_VJC_UNCOMP, rcv_proto_vjc_uncomp },
1659         { PPP_CCP,        rcv_proto_ccp        },
1660         { 0,              rcv_proto_unknown    }  /* !!! MUST BE LAST !!! */
1661 };
1662
1663 /*
1664  * Called when the PPP network interface device is actually created.
1665  */
1666 static int
1667 ppp_init_dev (struct device *dev)
1668 {
1669         dev->hard_header_len  = PPP_HDRLEN;
1670 #if LINUX_VERSION_CODE < VERSION(2,1,15)
1671         dev->hard_header      = ppp_dev_header;
1672         dev->rebuild_header   = ppp_dev_rebuild;
1673 #endif
1674
1675         /* device INFO */
1676         dev->mtu              = PPP_MTU;
1677         dev->hard_start_xmit  = ppp_dev_xmit;
1678         dev->open             = ppp_dev_open;
1679         dev->stop             = ppp_dev_close;
1680         dev->get_stats        = ppp_dev_stats;
1681         dev->do_ioctl         = ppp_dev_ioctl;
1682         dev->addr_len         = 0;
1683         dev->tx_queue_len     = 10;
1684         dev->type             = ARPHRD_PPP;
1685
1686 #if LINUX_VERSION_CODE < VERSION(2,1,20)
1687         {
1688                 int    indx;
1689
1690                 for (indx = 0; indx < DEV_NUMBUFFS; indx++)
1691                         skb_queue_head_init (&dev->buffs[indx]);
1692         }
1693 #else
1694         dev_init_buffers(dev);
1695 #endif
1696
1697         dev->flags = IFF_POINTOPOINT | IFF_NOARP | IFF_MULTICAST;
1698
1699         return 0;
1700 }
1701
1702 /*
1703  * Callback from the network layer when the device goes up.
1704  */
1705
1706 static int
1707 ppp_dev_open (struct device *dev)
1708 {
1709         struct ppp *ppp = dev2ppp(dev);
1710
1711         if (!ppp->inuse || ppp2tty(ppp) == NULL) {
1712                 printk(KERN_ERR "ppp: %s not active\n", dev->name);
1713                 return -ENXIO;
1714         }
1715
1716         MOD_INC_USE_COUNT;
1717
1718         return 0;
1719 }
1720
1721 /*
1722  * Callback from the network layer when the ppp device goes down.
1723  */
1724
1725 static int
1726 ppp_dev_close (struct device *dev)
1727 {
1728         struct ppp *ppp = dev2ppp (dev);
1729
1730         CHECK_PPP_MAGIC(ppp);
1731
1732         MOD_DEC_USE_COUNT;
1733
1734         return 0;
1735 }
1736
1737 static inline void
1738 get_vj_stats(struct vjstat *vj, struct slcompress *slc)
1739 {
1740         vj->vjs_packets    = slc->sls_o_compressed + slc->sls_o_uncompressed;
1741         vj->vjs_compressed = slc->sls_o_compressed;
1742         vj->vjs_searches   = slc->sls_o_searches;
1743         vj->vjs_misses     = slc->sls_o_misses;
1744         vj->vjs_errorin    = slc->sls_i_error;
1745         vj->vjs_tossed     = slc->sls_i_tossed;
1746         vj->vjs_uncompressedin = slc->sls_i_uncompressed;
1747         vj->vjs_compressedin   = slc->sls_i_compressed;
1748 }
1749
1750 /*
1751  * Callback from the network layer to process the sockioctl functions.
1752  */
1753 static int
1754 ppp_dev_ioctl (struct device *dev, struct ifreq *ifr, int cmd)
1755 {
1756         struct ppp *ppp = dev2ppp(dev);
1757         int nb;
1758         union {
1759                 struct ppp_stats stats;
1760                 struct ppp_comp_stats cstats;
1761                 char vers[32];
1762         } u;
1763
1764         CHECK_PPP_MAGIC(ppp);
1765
1766         memset(&u, 0, sizeof(u));
1767         switch (cmd) {
1768         case SIOCGPPPSTATS:
1769                 u.stats.p = ppp->stats;
1770                 if (ppp->slcomp != NULL)
1771                         get_vj_stats(&u.stats.vj, ppp->slcomp);
1772                 nb = sizeof(u.stats);
1773                 break;
1774
1775         case SIOCGPPPCSTATS:
1776                 if (ppp->sc_xc_state != NULL)
1777                         (*ppp->sc_xcomp->comp_stat)
1778                                 (ppp->sc_xc_state, &u.cstats.c);
1779                 if (ppp->sc_rc_state != NULL)
1780                         (*ppp->sc_rcomp->decomp_stat)
1781                                 (ppp->sc_rc_state, &u.cstats.d);
1782                 nb = sizeof(u.cstats);
1783                 break;
1784
1785         case SIOCGPPPVER:
1786                 strcpy(u.vers, szVersion);
1787                 nb = strlen(u.vers) + 1;
1788                 break;
1789
1790         default:
1791                 return -EINVAL;
1792         }
1793
1794         if (COPY_TO_USER((void *) ifr->ifr_ifru.ifru_data, &u, nb))
1795                 return -EFAULT;
1796         return 0;
1797 }
1798
1799 /*
1800  * Process the generic PPP ioctls, i.e. those which are not specific
1801  * to any particular type of hardware link.
1802  */
1803 static int
1804 ppp_ioctl(struct ppp *ppp, unsigned int param2, unsigned long param3)
1805 {
1806         register int temp_i = 0, oldflags;
1807         int error = -EFAULT;
1808         unsigned long flags;
1809         struct ppp_idle cur_ddinfo;
1810         struct npioctl npi;
1811
1812         CHECK_PPP(-ENXIO);
1813
1814         /*
1815          * The user must have an euid of root to do these requests.
1816          */
1817         if (!SUSER())
1818                 return -EPERM;
1819
1820         switch (param2) {
1821         case PPPIOCSMRU:
1822                 /*
1823                  * Set the MRU value
1824                  */
1825                 if (GET_USER(temp_i, (int *) param3))
1826                         break;
1827                 if (temp_i < PPP_MRU)
1828                         temp_i = PPP_MRU;
1829                 ppp->mru = temp_i;
1830                 if (ppp->flags & SC_DEBUG)
1831                         printk(KERN_INFO
1832                                "ppp_ioctl: set mru to %x\n", temp_i);
1833                 error = 0;
1834                 break;
1835
1836         case PPPIOCGFLAGS:
1837                 /*
1838                  * Fetch the current flags
1839                  */
1840                 temp_i = ppp->flags & SC_MASK;
1841 #ifndef CHECK_CHARACTERS /* Don't generate errors if we don't check chars. */
1842                 temp_i |= SC_RCV_B7_1 | SC_RCV_B7_0 |
1843                           SC_RCV_ODDP | SC_RCV_EVNP;
1844 #endif
1845                 if (PUT_USER(temp_i, (int *) param3))
1846                         break;
1847                 error = 0;
1848                 break;
1849
1850         case PPPIOCSFLAGS:
1851                 /*
1852                  * Set the flags for the various options
1853                  */
1854                 if (GET_USER(temp_i, (int *) param3))
1855                         break;
1856
1857                 if (ppp->flags & ~temp_i & SC_CCP_OPEN)
1858                         ppp_ccp_closed(ppp);
1859
1860                 save_flags(flags);
1861                 cli();
1862                 oldflags = ppp->flags;
1863                 temp_i = (temp_i & SC_MASK) | (oldflags & ~SC_MASK);
1864                 ppp->flags = temp_i;
1865                 restore_flags(flags);
1866
1867                 if ((oldflags | temp_i) & SC_DEBUG)
1868                         printk(KERN_INFO
1869                                "ppp_ioctl: set flags to %x\n", temp_i);
1870                 error = 0;
1871                 break;
1872
1873         case PPPIOCSCOMPRESS:
1874                 /*
1875                  * Set the compression mode
1876                  */
1877                 error = ppp_set_compression
1878                         (ppp, (struct ppp_option_data *) param3);
1879                 break;
1880
1881         case PPPIOCGUNIT:
1882                 /*
1883                  * Obtain the unit number for this device.
1884                  */
1885                 if (PUT_USER(ppp->line, (int *) param3))
1886                         break;
1887                 if (ppp->flags & SC_DEBUG)
1888                         printk(KERN_INFO
1889                                "ppp_ioctl: get unit: %d\n", ppp->line);
1890                 error = 0;
1891                 break;
1892
1893         case PPPIOCSDEBUG:
1894                 /*
1895                  * Set the debug level
1896                  */
1897                 if (GET_USER(temp_i, (int *) param3))
1898                         break;
1899                 temp_i = (temp_i & 0x1F) << 16;
1900
1901                 if ((ppp->flags | temp_i) & SC_DEBUG)
1902                         printk(KERN_INFO
1903                                "ppp_ioctl: set dbg flags to %x\n", temp_i);
1904
1905                 save_flags(flags);
1906                 cli();
1907                 ppp->flags = (ppp->flags & ~0x1F0000) | temp_i;
1908                 restore_flags(flags);
1909                 error = 0;
1910                 break;
1911
1912         case PPPIOCGDEBUG:
1913                 /*
1914                  * Get the debug level
1915                  */
1916                 temp_i = (ppp->flags >> 16) & 0x1F;
1917                 if (PUT_USER(temp_i, (int *) param3))
1918                         break;
1919                 error = 0;
1920                 break;
1921
1922         case PPPIOCGIDLE:
1923                 /*
1924                  * Get the times since the last send/receive frame operation
1925                  */
1926                 /* change absolute times to relative times. */
1927                 cur_ddinfo.xmit_idle = (jiffies - ppp->last_xmit) / HZ;
1928                 cur_ddinfo.recv_idle = (jiffies - ppp->last_recv) / HZ;
1929                 if (COPY_TO_USER((void *) param3, &cur_ddinfo,
1930                                  sizeof (cur_ddinfo)))
1931                         break;
1932                 error = 0;
1933                 break;
1934
1935         case PPPIOCSMAXCID:
1936                 /*
1937                  * Set the maximum VJ header compression slot number.
1938                  */
1939                 if (GET_USER(temp_i, (int *) param3))
1940                         break;
1941                 error = -EINVAL;
1942                 if (temp_i < 2 || temp_i > 255)
1943                         break;
1944                 ++temp_i;
1945                 if (ppp->flags & SC_DEBUG)
1946                         printk(KERN_INFO "ppp_ioctl: set maxcid to %d\n",
1947                                temp_i);
1948                 if (ppp->slcomp != NULL)
1949                         slhc_free(ppp->slcomp);
1950                 ppp->slcomp = slhc_init(16, temp_i);
1951
1952                 error = -ENOMEM;
1953                 if (ppp->slcomp == NULL) {
1954                         printk(KERN_ERR "ppp: no memory for VJ compression\n");
1955                         break;
1956                 }
1957                 error = 0;
1958                 break;
1959
1960         case PPPIOCGNPMODE:
1961         case PPPIOCSNPMODE:
1962                 if (COPY_FROM_USER(&npi, (void *) param3, sizeof(npi)))
1963                         break;
1964
1965                 switch (npi.protocol) {
1966                 case PPP_IP:
1967                         npi.protocol = NP_IP;
1968                         break;
1969                 case PPP_IPX:
1970                         npi.protocol = NP_IPX;
1971                         break;
1972                 case PPP_AT:
1973                         npi.protocol = NP_AT;
1974                         break;
1975                 default:
1976                         if (ppp->flags & SC_DEBUG)
1977                                 printk(KERN_DEBUG "pppioc[gs]npmode: "
1978                                        "invalid proto %d\n", npi.protocol);
1979                         error = -EINVAL;
1980                         goto out;
1981                 }
1982
1983                 if (param2 == PPPIOCGNPMODE) {
1984                         npi.mode = ppp->sc_npmode[npi.protocol];
1985                         if (COPY_TO_USER((void *) param3, &npi, sizeof(npi)))
1986                                 break;
1987                 } else {
1988                         ppp->sc_npmode[npi.protocol] = npi.mode;
1989                         if (ppp->flags & SC_DEBUG)
1990                                 printk(KERN_DEBUG "ppp: set np %d to %d\n",
1991                                        npi.protocol, npi.mode);
1992                         mark_bh(NET_BH);
1993                 }
1994                 error = 0;
1995                 break;
1996
1997         default:
1998                 /*
1999                  *  All other ioctl() events will come here.
2000                  */
2001                 if (ppp->flags & SC_DEBUG)
2002                         printk(KERN_ERR
2003                                "ppp_ioctl: invalid ioctl: %x, addr %lx\n",
2004                                param2, param3);
2005
2006                 error = -ENOIOCTLCMD;
2007                 break;
2008         }
2009 out:
2010         return error;
2011 }
2012
2013 /*
2014  * Process the set-compression ioctl.
2015  */
2016 static int
2017 ppp_set_compression (struct ppp *ppp, struct ppp_option_data *odp)
2018 {
2019         struct compressor *cp;
2020         int error, nb;
2021         unsigned long flags;
2022         __u8 *ptr;
2023         __u8 ccp_option[CCP_MAX_OPTION_LENGTH];
2024         struct ppp_option_data data;
2025
2026         /*
2027          * Fetch the compression parameters
2028          */
2029         error = -EFAULT;
2030         if (COPY_FROM_USER(&data, odp, sizeof (data)))
2031                 goto out;
2032
2033         nb  = data.length;
2034         ptr = data.ptr;
2035         if ((unsigned) nb >= CCP_MAX_OPTION_LENGTH)
2036                 nb = CCP_MAX_OPTION_LENGTH;
2037
2038         if (COPY_FROM_USER(ccp_option, ptr, nb))
2039                 goto out;
2040
2041         error = -EINVAL;
2042         if (ccp_option[1] < 2)  /* preliminary check on the length byte */
2043                 goto out;
2044
2045         save_flags(flags);
2046         cli();
2047         ppp->flags &= ~(data.transmit? SC_COMP_RUN: SC_DECOMP_RUN);
2048         restore_flags(flags);
2049
2050         cp = find_compressor (ccp_option[0]);
2051 #if defined(CONFIG_KMOD) || defined(CONFIG_KERNELD)
2052         if (cp == NULL) {
2053                 char modname[32];
2054                 sprintf(modname, "ppp-compress-%d", ccp_option[0]);
2055                 request_module(modname);
2056                 cp = find_compressor(ccp_option[0]);
2057         }
2058 #endif /* CONFIG_KMOD */
2059
2060         if (cp == NULL) {
2061                 if (ppp->flags & SC_DEBUG)
2062                         printk(KERN_DEBUG
2063                                "%s: no compressor for [%x %x %x], %x\n",
2064                                ppp->name, ccp_option[0], ccp_option[1],
2065                                ccp_option[2], nb);
2066                 goto out;               /* compressor not loaded */
2067         }
2068
2069         /*
2070          * Found a handler for the protocol - try to allocate
2071          * a compressor or decompressor.
2072          */
2073         error = 0;
2074         if (data.transmit) {
2075                 if (ppp->sc_xc_state != NULL)
2076                         (*ppp->sc_xcomp->comp_free)(ppp->sc_xc_state);
2077                 ppp->sc_xc_state = NULL;
2078
2079                 ppp->sc_xcomp    = cp;
2080                 ppp->sc_xc_state = cp->comp_alloc(ccp_option, nb);
2081                 if (ppp->sc_xc_state == NULL) {
2082                         if (ppp->flags & SC_DEBUG)
2083                                 printk(KERN_DEBUG "%s: comp_alloc failed\n",
2084                                        ppp->name);
2085                         error = -ENOBUFS;
2086                 }
2087         } else {
2088                 if (ppp->sc_rc_state != NULL)
2089                         (*ppp->sc_rcomp->decomp_free)(ppp->sc_rc_state);
2090                 ppp->sc_rc_state = NULL;
2091
2092                 ppp->sc_rcomp    = cp;
2093                 ppp->sc_rc_state = cp->decomp_alloc(ccp_option, nb);
2094                 if (ppp->sc_rc_state == NULL) {
2095                         if (ppp->flags & SC_DEBUG)
2096                                 printk(KERN_DEBUG "%s: decomp_alloc failed\n",
2097                                        ppp->name);
2098                         error = -ENOBUFS;
2099                 }
2100         }
2101 out:
2102         return error;
2103 }
2104
2105 /*
2106  * Handle a CCP packet.
2107  *
2108  * The CCP packet is passed along to the pppd process just like any
2109  * other PPP frame. The difference is that some processing needs to be
2110  * immediate or the compressors will become confused on the peer.
2111  */
2112
2113 static void ppp_proto_ccp(struct ppp *ppp, __u8 *dp, int len, int rcvd)
2114 {
2115         int slen    = CCP_LENGTH(dp);
2116         __u8 *opt = dp   + CCP_HDRLEN;
2117         int opt_len = slen - CCP_HDRLEN;
2118         unsigned long flags;
2119
2120         if (slen > len)
2121                 return;
2122
2123         if (ppp->flags & SC_DEBUG)
2124                 printk(KERN_DEBUG "ppp_proto_ccp rcvd=%d code=%x flags=%x\n",
2125                        rcvd, CCP_CODE(dp), ppp->flags);
2126         save_flags(flags);
2127         switch (CCP_CODE(dp)) {
2128         case CCP_CONFREQ:
2129         case CCP_TERMREQ:
2130         case CCP_TERMACK:
2131                 /*
2132                  * CCP must be going down - disable compression
2133                  */
2134                 if (ppp->flags & SC_CCP_UP) {
2135                         cli();
2136                         ppp->flags &= ~(SC_CCP_UP   |
2137                                         SC_COMP_RUN |
2138                                         SC_DECOMP_RUN);
2139                 }
2140                 break;
2141
2142         case CCP_CONFACK:
2143                 if ((ppp->flags & SC_CCP_OPEN) == 0)
2144                         break;
2145                 if (ppp->flags & SC_CCP_UP)
2146                         break;
2147                 if (slen < (CCP_HDRLEN + CCP_OPT_MINLEN))
2148                         break;
2149                 if (slen < (CCP_OPT_LENGTH (opt) + CCP_HDRLEN))
2150                         break;
2151                 if (!rcvd) {
2152                         /*
2153                          * we're agreeing to send compressed packets.
2154                          */
2155                         if (ppp->sc_xc_state == NULL)
2156                                 break;
2157
2158                         if ((*ppp->sc_xcomp->comp_init)
2159                             (ppp->sc_xc_state,
2160                              opt, opt_len,
2161                              ppp->line, 0, ppp->flags & SC_DEBUG)) {
2162                                 if (ppp->flags & SC_DEBUG)
2163                                         printk(KERN_DEBUG "%s: comp running\n",
2164                                                ppp->name);
2165                                 cli();
2166                                 ppp->flags |= SC_COMP_RUN;
2167                         }
2168                         break;
2169                 }
2170
2171                 /*
2172                  * peer is agreeing to send compressed packets.
2173                  */
2174                 if (ppp->sc_rc_state == NULL)
2175                         break;
2176
2177                 if ((*ppp->sc_rcomp->decomp_init)
2178                     (ppp->sc_rc_state,
2179                      opt, opt_len,
2180                      ppp->line, 0, ppp->mru, ppp->flags & SC_DEBUG)) {
2181                         if (ppp->flags & SC_DEBUG)
2182                                 printk(KERN_DEBUG "%s: decomp running\n",
2183                                        ppp->name);
2184                         cli();
2185                         ppp->flags |= SC_DECOMP_RUN;
2186                         ppp->flags &= ~(SC_DC_ERROR | SC_DC_FERROR);
2187                 }
2188                 break;
2189
2190         case CCP_RESETACK:
2191                 /*
2192                  * CCP Reset-ack resets compressors and decompressors
2193                  * as it passes through.
2194                  */
2195                 if ((ppp->flags & SC_CCP_UP) == 0)
2196                         break;
2197
2198                 if (!rcvd) {
2199                         if (ppp->sc_xc_state && (ppp->flags & SC_COMP_RUN)) {
2200                                 (*ppp->sc_xcomp->comp_reset)(ppp->sc_xc_state);
2201                                 if (ppp->flags & SC_DEBUG)
2202                                         printk(KERN_DEBUG "%s: comp reset\n",
2203                                                ppp->name);
2204                         }
2205                 } else {
2206                         if (ppp->sc_rc_state && (ppp->flags & SC_DECOMP_RUN)) {
2207                               (*ppp->sc_rcomp->decomp_reset)(ppp->sc_rc_state);
2208                               if (ppp->flags & SC_DEBUG)
2209                                         printk(KERN_DEBUG "%s: decomp reset\n",
2210                                                ppp->name);
2211                               cli();
2212                               ppp->flags &= ~SC_DC_ERROR;
2213                         }
2214                 }
2215                 break;
2216         }
2217         restore_flags(flags);
2218 }
2219
2220 /*
2221  * CCP is down; free (de)compressor state if necessary.
2222  */
2223
2224 static void
2225 ppp_ccp_closed(struct ppp *ppp)
2226 {
2227         unsigned long flags;
2228
2229         save_flags(flags);
2230         cli();
2231         ppp->flags &= ~(SC_CCP_OPEN | SC_CCP_UP | SC_COMP_RUN | SC_DECOMP_RUN);
2232         restore_flags(flags);
2233         if (ppp->flags & SC_DEBUG)
2234                 printk(KERN_DEBUG "%s: ccp closed\n", ppp->name);
2235         if (ppp->sc_xc_state) {
2236                 (*ppp->sc_xcomp->comp_free) (ppp->sc_xc_state);
2237                 ppp->sc_xc_state = NULL;
2238         }
2239
2240         if (ppp->sc_rc_state) {
2241                 (*ppp->sc_rcomp->decomp_free) (ppp->sc_rc_state);
2242                 ppp->sc_rc_state = NULL;
2243         }
2244 }
2245
2246 /*************************************************************
2247  * RECEIVE-SIDE ROUTINES
2248  *************************************************************/
2249
2250 /*
2251  * On entry, a received frame is in skb.
2252  * Check it and dispose as appropriate.
2253  */
2254 static int
2255 ppp_receive_frame(struct ppp *ppp, struct sk_buff *skb)
2256 {
2257         __u8    *data;
2258         int     count;
2259         int     proto;
2260         int     new_count;
2261         struct sk_buff *new_skb;
2262         ppp_proto_type  *proto_ptr;
2263
2264         /*
2265          * An empty frame is ignored. This occurs if the FLAG sequence
2266          * precedes and follows each frame.
2267          */
2268         if (skb == NULL)
2269                 return 1;
2270         if (skb->len == 0) {
2271                 KFREE_SKB(skb);
2272                 return 1;
2273         }
2274         data = skb->data;
2275         count = skb->len;
2276
2277         /*
2278          * Generate an error if the frame is too small.
2279          */
2280         if (count < PPP_HDRLEN + 2) {
2281                 if (ppp->flags & SC_DEBUG)
2282                         printk(KERN_DEBUG
2283                                "ppp: got runt ppp frame, %d chars\n", count);
2284                 ++ppp->estats.rx_length_errors;
2285                 return 0;
2286         }
2287
2288         if ( !(ppp->flags & SC_SYNC) ) { 
2289                 /*
2290                  * Verify the FCS of the frame and discard the FCS characters
2291                  * from the end of the buffer.
2292                  */
2293                 if (ppp->rfcs != PPP_GOODFCS) {
2294                         if (ppp->flags & SC_DEBUG) {
2295                                 printk(KERN_DEBUG
2296                                        "ppp: frame with bad fcs, length = %d\n",
2297                                        count);
2298                                 ppp_print_buffer("bad frame", data, count);
2299                         }
2300                         ++ppp->estats.rx_crc_errors;
2301                         return 0;
2302                 }
2303                 count -= 2;             /* ignore the fcs characters */
2304                 skb_trim(skb, count);
2305         }
2306         
2307         /*
2308          * Process the active decompressor.
2309          */
2310         if (ppp->sc_rc_state != NULL &&
2311             (ppp->flags & SC_DECOMP_RUN) &&
2312             ((ppp->flags & (SC_DC_FERROR | SC_DC_ERROR)) == 0)) {
2313                 if (PPP_PROTOCOL(data) == PPP_COMP) {
2314                         /*
2315                          * If the frame is compressed then decompress it.
2316                          */
2317                         new_skb = dev_alloc_skb(ppp->mru + 128 + PPP_HDRLEN);
2318                         if (new_skb == NULL) {
2319                                 printk(KERN_ERR "ppp_recv_frame: no memory\n");
2320                                 new_count = DECOMP_ERROR;
2321                         } else {
2322                                 LIBERATE_SKB(new_skb);
2323                                 new_count = (*ppp->sc_rcomp->decompress)
2324                                         (ppp->sc_rc_state, data, count,
2325                                          new_skb->data, ppp->mru + PPP_HDRLEN);
2326                         }
2327                         if (new_count > 0) {
2328                                 /* Frame was decompressed OK */
2329                                 KFREE_SKB(skb);
2330                                 skb = new_skb;
2331                                 count = new_count;
2332                                 data = skb_put(skb, count);
2333
2334                         } else {
2335                                 /*
2336                                  * On a decompression error, we pass the
2337                                  * compressed frame up to pppd as an
2338                                  * error indication.
2339                                  */
2340                                 if (ppp->flags & SC_DEBUG)
2341                                         printk(KERN_INFO "%s: decomp err %d\n",
2342                                                ppp->name, new_count);
2343                                 if (new_skb != 0)
2344                                         KFREE_SKB(new_skb);
2345                                 if (ppp->slcomp != 0)
2346                                         slhc_toss(ppp->slcomp);
2347                                 ++ppp->stats.ppp_ierrors;
2348                                 if (new_count == DECOMP_FATALERROR) {
2349                                         ppp->flags |= SC_DC_FERROR;
2350                                 } else {
2351                                         ppp->flags |= SC_DC_ERROR;
2352                                 }
2353                         }
2354
2355
2356                 } else {
2357                         /*
2358                          * The frame is not compressed. Pass it to the
2359                          * decompression code so it can update its
2360                          * dictionary if necessary.
2361                          */
2362                         (*ppp->sc_rcomp->incomp)(ppp->sc_rc_state,
2363                                                  data, count);
2364                 }
2365         }
2366         else if (PPP_PROTOCOL(data) == PPP_COMP && (ppp->flags & SC_DEBUG))
2367                 printk(KERN_INFO "%s: not decomp, rc_state=%p flags=%x\n",
2368                        ppp->name, ppp->sc_rc_state, ppp->flags);
2369
2370         /*
2371          * Count the frame and print it
2372          */
2373         ++ppp->stats.ppp_ipackets;
2374         ppp->stats.ppp_ioctects += count;
2375         if (ppp->flags & SC_LOG_INPKT)
2376                 ppp_print_buffer ("receive frame", data, count);
2377
2378         /*
2379          * Find the procedure to handle this protocol.
2380          * The last one is marked as protocol 0 which is the 'catch-all'
2381          * to feed it to the pppd daemon.
2382          */
2383         proto = PPP_PROTOCOL(data);
2384         proto_ptr = proto_list;
2385         while (proto_ptr->proto != 0 && proto_ptr->proto != proto)
2386                 ++proto_ptr;
2387
2388         /*
2389          * Update the appropriate statistic counter.
2390          */
2391         if (!(*proto_ptr->func)(ppp, skb)) {
2392                 KFREE_SKB(skb);
2393                 ++ppp->stats.ppp_discards;
2394         }
2395
2396         return 1;
2397 }
2398
2399 /*
2400  * An input error has been detected, so we need to inform
2401  * the VJ decompressor.
2402  */
2403 static void
2404 ppp_receive_error(struct ppp *ppp)
2405 {
2406         CHECK_PPP_VOID();
2407
2408         if (ppp->slcomp != 0)
2409                 slhc_toss(ppp->slcomp);
2410 }
2411
2412 /*
2413  * Put the input frame into the networking system for the indicated protocol
2414  */
2415 static int
2416 ppp_rcv_rx(struct ppp *ppp, __u16 proto, struct sk_buff *skb)
2417 {
2418
2419         /*
2420          * Fill in a few fields of the skb and give it to netif_rx().
2421          */
2422         skb->dev      = ppp2dev(ppp);   /* We are the device */
2423         skb->protocol = htons(proto);
2424         skb_pull(skb, PPP_HDRLEN);      /* pull off ppp header */
2425         skb->mac.raw   = skb->data;
2426         ppp->last_recv = jiffies;
2427         netif_rx (skb);
2428         return 1;
2429 }
2430
2431 /*
2432  * Process the receipt of an IP frame
2433  */
2434 static int
2435 rcv_proto_ip(struct ppp *ppp, struct sk_buff *skb)
2436 {
2437         CHECK_PPP(0);
2438         if ((ppp2dev(ppp)->flags & IFF_UP) && (skb->len > 0)
2439             && ppp->sc_npmode[NP_IP] == NPMODE_PASS)
2440                 return ppp_rcv_rx(ppp, ETH_P_IP, skb);
2441         return 0;
2442 }
2443
2444 /*
2445  * Process the receipt of an IPv6 frame
2446  */
2447 static int
2448 rcv_proto_ipv6(struct ppp *ppp, struct sk_buff *skb)
2449 {
2450         CHECK_PPP(0);
2451         if ((ppp2dev(ppp)->flags & IFF_UP) && (skb->len > 0)
2452             && ppp->sc_npmode[NP_IPV6] == NPMODE_PASS)
2453                 return ppp_rcv_rx(ppp, ETH_P_IPV6, skb);
2454         return 0;
2455 }
2456
2457 /*
2458  * Process the receipt of an IPX frame
2459  */
2460 static int
2461 rcv_proto_ipx(struct ppp *ppp, struct sk_buff *skb)
2462 {
2463         CHECK_PPP(0);
2464         if (((ppp2dev(ppp)->flags & IFF_UP) != 0) && (skb->len > 0)
2465             && ppp->sc_npmode[NP_IPX] == NPMODE_PASS)
2466                 return ppp_rcv_rx(ppp, ETH_P_IPX, skb);
2467         return 0;
2468 }
2469
2470 /*
2471  * Process the receipt of an Appletalk frame
2472  */
2473 static int
2474 rcv_proto_at(struct ppp *ppp, struct sk_buff *skb)
2475 {
2476         CHECK_PPP(0);
2477         if ((ppp2dev(ppp)->flags & IFF_UP) && (skb->len > 0)
2478             && ppp->sc_npmode[NP_AT] == NPMODE_PASS)
2479                 return ppp_rcv_rx(ppp, ETH_P_PPPTALK, skb);
2480         return 0;
2481 }
2482
2483 /*
2484  * Process the receipt of an VJ Compressed frame
2485  */
2486 static int
2487 rcv_proto_vjc_comp(struct ppp *ppp, struct sk_buff *skb)
2488 {
2489         int new_count;
2490
2491         CHECK_PPP(0);
2492         if ((ppp->flags & SC_REJ_COMP_TCP) || ppp->slcomp == NULL)
2493                 return 0;
2494         new_count = slhc_uncompress(ppp->slcomp, skb->data + PPP_HDRLEN,
2495                                     skb->len - PPP_HDRLEN);
2496         if (new_count <= 0) {
2497                 if (ppp->flags & SC_DEBUG)
2498                         printk(KERN_NOTICE
2499                                "ppp: error in VJ decompression\n");
2500                 return 0;
2501         }
2502         new_count += PPP_HDRLEN;
2503         if (new_count > skb->len)
2504                 skb_put(skb, new_count - skb->len);
2505         else
2506                 skb_trim(skb, new_count);
2507         return rcv_proto_ip(ppp, skb);
2508 }
2509
2510 /*
2511  * Process the receipt of an VJ Un-compressed frame
2512  */
2513 static int
2514 rcv_proto_vjc_uncomp(struct ppp *ppp, struct sk_buff *skb)
2515 {
2516         CHECK_PPP(0);
2517         if ((ppp->flags & SC_REJ_COMP_TCP) || ppp->slcomp == NULL)
2518                 return 0;
2519         if (slhc_remember(ppp->slcomp, skb->data + PPP_HDRLEN,
2520                           skb->len - PPP_HDRLEN) <= 0) {
2521                 if (ppp->flags & SC_DEBUG)
2522                         printk(KERN_NOTICE "ppp: error in VJ memorizing\n");
2523                 return 0;
2524         }
2525         return rcv_proto_ip(ppp, skb);
2526 }
2527
2528 static int
2529 rcv_proto_ccp(struct ppp *ppp, struct sk_buff *skb)
2530 {
2531         CHECK_PPP(0);
2532         ppp_proto_ccp (ppp, skb->data + PPP_HDRLEN, skb->len - PPP_HDRLEN, 1);
2533         return rcv_proto_unknown(ppp, skb);
2534 }
2535
2536 /*
2537  * Receive all unclassified protocols.
2538  */
2539 static int
2540 rcv_proto_unknown(struct ppp *ppp, struct sk_buff *skb)
2541 {
2542         CHECK_PPP(0);
2543
2544         /*
2545          * Limit queue length by dropping old frames.
2546          */
2547         skb_queue_tail(&ppp->rcv_q, skb);
2548         while (ppp->rcv_q.qlen > PPP_MAX_RCV_QLEN) {
2549                 struct sk_buff *skb = skb_dequeue(&ppp->rcv_q);
2550                 if (skb)
2551                         KFREE_SKB(skb);
2552         }
2553
2554         wake_up_interruptible (&ppp->read_wait);
2555         if (ppp->tty->fasync != NULL)
2556                 kill_fasync (ppp->tty->fasync, SIGIO);
2557
2558         return 1;
2559 }
2560
2561 /*************************************************************
2562  * TRANSMIT-SIDE ROUTINES
2563  *************************************************************/
2564
2565 /* local function to store a value into the LQR frame */
2566 extern inline __u8 * store_long (register __u8 *p, register int value) {
2567         *p++ = (__u8) (value >> 24);
2568         *p++ = (__u8) (value >> 16);
2569         *p++ = (__u8) (value >>  8);
2570         *p++ = (__u8) value;
2571         return p;
2572 }
2573
2574 /*
2575  * Compress and send an frame to the peer.
2576  * Should be called with xmit_busy == 1, having been set by the caller.
2577  * That is, we use xmit_busy as a lock to prevent reentry of this
2578  * procedure.
2579  */
2580 static void
2581 ppp_send_frame(struct ppp *ppp, struct sk_buff *skb)
2582 {
2583         int     proto;
2584         __u8    *data;
2585         int     count;
2586         __u8    *p;
2587         int     ret;
2588
2589         CHECK_PPP_VOID();
2590         data = skb->data;
2591         count = skb->len;
2592
2593         /* dump the buffer */
2594         if (ppp->flags & SC_LOG_OUTPKT)
2595                 ppp_print_buffer ("write frame", data, count);
2596
2597         /*
2598          * Handle various types of protocol-specific compression
2599          * and other processing, including:
2600          * - VJ TCP header compression
2601          * - updating LQR packets
2602          * - updating CCP state on CCP packets
2603          */
2604         proto = PPP_PROTOCOL(data);
2605         switch (proto) {
2606         case PPP_IP:
2607                 if ((ppp->flags & SC_COMP_TCP) && ppp->slcomp != NULL)
2608                         skb = ppp_vj_compress(ppp, skb);
2609                 break;
2610
2611         case PPP_LQR:
2612                 /*
2613                  * Update the LQR frame with the current MIB information.
2614                  * This way the information is accurate and up-to-date.
2615                  */
2616                 if (count < 48)
2617                         break;
2618                 p = data + 40;  /* Point to last two items. */
2619                 p = store_long(p, ppp->stats.ppp_opackets + 1);
2620                 p = store_long(p, ppp->stats.ppp_ooctects + count);
2621                 ++ppp->stats.ppp_olqrs;
2622                 break;
2623
2624         case PPP_CCP:
2625                 /*
2626                  * Outbound compression control frames
2627                  */
2628                 ppp_proto_ccp(ppp, data + PPP_HDRLEN, count - PPP_HDRLEN, 0);
2629                 break;
2630         }
2631         data = skb->data;
2632         count = skb->len;
2633
2634         /*
2635          * Compress the whole frame if possible.
2636          */
2637         if (((ppp->flags & SC_COMP_RUN) != 0)   &&
2638             (ppp->sc_xc_state != (void *) 0)    &&
2639             (proto != PPP_LCP)                  &&
2640             (proto != PPP_CCP)) {
2641                 struct sk_buff *new_skb;
2642                 int new_count;
2643
2644                 /* Allocate an skb for the compressed frame. */
2645                 new_skb = alloc_skb(ppp->mtu + PPP_HDRLEN, GFP_ATOMIC);
2646                 if (new_skb == NULL) {
2647                         printk(KERN_ERR "ppp_send_frame: no memory\n");
2648                         KFREE_SKB(skb);
2649                         ppp->xmit_busy = 0;
2650                         return;
2651                 }
2652                 LIBERATE_SKB(new_skb);
2653
2654                 /* Compress the frame. */
2655                 new_count = (*ppp->sc_xcomp->compress)
2656                         (ppp->sc_xc_state, data, new_skb->data,
2657                          count, ppp->mtu + PPP_HDRLEN);
2658
2659                 /* Did it compress? */
2660                 if (new_count > 0 && (ppp->flags & SC_CCP_UP)) {
2661                         skb_put(new_skb, new_count);
2662                         KFREE_SKB(skb);
2663                         skb = new_skb;
2664                 } else {
2665                         /*
2666                          * The frame could not be compressed, or it could not
2667                          * be sent in compressed form because CCP is down.
2668                          */
2669                         KFREE_SKB(new_skb);
2670                 }
2671         }
2672
2673         /*
2674          * Send the frame
2675          */
2676         if ( ppp->flags & SC_SYNC ) 
2677                 ret = ppp_sync_send(ppp, skb);
2678         else
2679                 ret = ppp_async_send(ppp, skb);
2680         if (ret > 0) {
2681                 /* we can release the lock */
2682                 ppp->xmit_busy = 0;
2683         } else if (ret < 0) {
2684                 /* can't happen, since the caller got the xmit_busy lock */
2685                 printk(KERN_ERR "ppp: ppp_async_send didn't accept pkt\n");
2686         }
2687 }
2688
2689 /*
2690  * Apply VJ TCP header compression to a packet.
2691  */
2692 static struct sk_buff *
2693 ppp_vj_compress(struct ppp *ppp, struct sk_buff *skb)
2694 {
2695         __u8 *orig_data, *data;
2696         struct sk_buff *new_skb;
2697         int len, proto;
2698
2699         new_skb = alloc_skb(skb->len, GFP_ATOMIC);
2700         if (new_skb == NULL) {
2701                 printk(KERN_ERR "ppp: no memory for vj compression\n");
2702                 return skb;
2703         }
2704         LIBERATE_SKB(new_skb);
2705
2706         orig_data = data = skb->data + PPP_HDRLEN;
2707         len = slhc_compress(ppp->slcomp, data, skb->len - PPP_HDRLEN,
2708                             new_skb->data + PPP_HDRLEN, &data,
2709                             (ppp->flags & SC_NO_TCP_CCID) == 0);
2710
2711         if (data == orig_data) {
2712                 /* Couldn't compress the data */
2713                 KFREE_SKB(new_skb);
2714                 return skb;
2715         }
2716
2717         /* The data has been changed */
2718         if (data[0] & SL_TYPE_COMPRESSED_TCP) {
2719                 proto = PPP_VJC_COMP;
2720                 data[0] ^= SL_TYPE_COMPRESSED_TCP;
2721         } else {
2722                 if (data[0] >= SL_TYPE_UNCOMPRESSED_TCP)
2723                         proto = PPP_VJC_UNCOMP;
2724                 else
2725                         proto = PPP_IP;
2726                 data[0] = orig_data[0];
2727         }
2728
2729         data = skb_put(new_skb, len + PPP_HDRLEN);
2730         data[0] = PPP_ALLSTATIONS;
2731         data[1] = PPP_UI;
2732         data[2] = 0;
2733         data[3] = proto;
2734
2735         KFREE_SKB(skb);
2736         return new_skb;
2737 }
2738
2739 static inline void
2740 ppp_send_frames(struct ppp *ppp)
2741 {
2742         struct sk_buff *skb;
2743
2744         while (!test_and_set_bit(0, &ppp->xmit_busy)) {
2745                 skb = skb_dequeue(&ppp->xmt_q);
2746                 if (skb == NULL) {
2747                         ppp->xmit_busy = 0;
2748                         break;
2749                 }
2750                 ppp_send_frame(ppp, skb);
2751         }
2752         if (!ppp->xmit_busy && ppp->dev.tbusy) {
2753                 ppp->dev.tbusy = 0;
2754                 mark_bh(NET_BH);
2755         }
2756 }
2757
2758 /*
2759  * Called from the hardware (tty) layer when it can accept
2760  * another packet.
2761  */
2762 static void
2763 ppp_output_wakeup(struct ppp *ppp)
2764 {
2765         CHECK_PPP_VOID();
2766
2767         if (!ppp->xmit_busy) {
2768                 printk(KERN_ERR "ppp_output_wakeup called but xmit_busy==0\n");
2769                 return;
2770         }
2771         ppp->xmit_busy = 0;
2772         ppp_send_frames(ppp);
2773 }
2774
2775 /*
2776  * Send a control frame (from pppd).
2777  */
2778 static void
2779 ppp_send_ctrl(struct ppp *ppp, struct sk_buff *skb)
2780 {
2781         CHECK_PPP_VOID();
2782
2783         /*
2784          * Put the packet on the queue, then send as many as we can.
2785          */
2786         skb_queue_tail(&ppp->xmt_q, skb);
2787         ppp_send_frames(ppp);
2788 }
2789
2790
2791 /*************************************************************
2792  * NETWORK OUTPUT
2793  *    This routine accepts requests from the network layer
2794  *    and attempts to deliver the packets.
2795  *************************************************************/
2796 /*
2797  * Send a frame to the peer.
2798  * Returns 1 iff the frame was not accepted.
2799  */
2800 static int
2801 ppp_dev_xmit(struct sk_buff *skb, struct device *dev)
2802 {
2803         struct ppp *ppp = dev2ppp(dev);
2804         struct tty_struct *tty = ppp2tty(ppp);
2805         enum NPmode npmode;
2806         int proto;
2807         unsigned char *hdr;
2808
2809         /* just a little sanity check. */
2810         if (skb == NULL)
2811                 return 0;
2812         if (skb->data == NULL) {
2813                 KFREE_SKB(skb);
2814                 return 0;
2815         }
2816
2817         /*
2818          * Avoid timing problem should tty hangup while data is
2819          * queued to be sent.
2820          */
2821         if (!ppp->inuse) {
2822                 KFREE_SKB(skb);
2823                 return 0;
2824         }
2825
2826         /*
2827          * Validate the tty interface
2828          */
2829         if (tty == NULL) {
2830                 if (ppp->flags & SC_DEBUG)
2831                         printk(KERN_ERR
2832                                "ppp_dev_xmit: %s not connected to a TTY!\n",
2833                                dev->name);
2834                 KFREE_SKB(skb);
2835                 return 0;
2836         }
2837
2838         /*
2839          * Work out the appropriate network-protocol mode for this packet.
2840          */
2841         npmode = NPMODE_PASS;   /* default */
2842         switch (ntohs(skb->protocol)) {
2843         case ETH_P_IP:
2844                 proto = PPP_IP;
2845                 npmode = ppp->sc_npmode[NP_IP];
2846                 break;
2847         case ETH_P_IPV6:
2848                 proto = PPP_IPV6;
2849                 npmode = ppp->sc_npmode[NP_IPV6];
2850                 break;
2851         case ETH_P_IPX:
2852                 proto = PPP_IPX;
2853                 npmode = ppp->sc_npmode[NP_IPX];
2854                 break;
2855         case ETH_P_PPPTALK:
2856         case ETH_P_ATALK:
2857                 proto = PPP_AT;
2858                 npmode = ppp->sc_npmode[NP_AT];
2859                 break;
2860         default:
2861                 if (ppp->flags & SC_DEBUG)
2862                         printk(KERN_INFO "%s: packet for unknown proto %x\n",
2863                                ppp->name, ntohs(skb->protocol));
2864                 KFREE_SKB(skb);
2865                 return 0;
2866         }
2867
2868         /*
2869          * Drop, accept or reject the packet depending on the mode.
2870          */
2871         switch (npmode) {
2872         case NPMODE_PASS:
2873                 break;
2874
2875         case NPMODE_QUEUE:
2876                 /*
2877                  * We may not send the packet now, so drop it.
2878                  * XXX It would be nice to be able to return it to the
2879                  * network system to be queued and retransmitted later.
2880                  */
2881                 if (ppp->flags & SC_DEBUG)
2882                         printk(KERN_DEBUG "%s: returning frame\n", ppp->name);
2883                 KFREE_SKB(skb);
2884                 return 0;
2885
2886         case NPMODE_ERROR:
2887         case NPMODE_DROP:
2888                 if (ppp->flags & SC_DEBUG)
2889                         printk(KERN_DEBUG
2890                                "ppp_dev_xmit: dropping (npmode = %d) on %s\n",
2891                                npmode, ppp->name);
2892                 KFREE_SKB(skb);
2893                 return 0;
2894         }
2895
2896         /*
2897          * The dev->tbusy field acts as a lock to allow only
2898          * one packet to be processed at a time.  If we can't
2899          * get the lock, try again later.
2900          * We deliberately queue as little as possible inside
2901          * the ppp driver in order to minimize the latency
2902          * for high-priority packets.
2903          */
2904         if (test_and_set_bit(0, &ppp->xmit_busy)) {
2905                 dev->tbusy = 1; /* can't take it now */
2906                 return 1;
2907         }
2908         dev->tbusy = 0;
2909
2910         /*
2911          * Put the 4-byte PPP header on the packet.
2912          * If there isn't room for it, we have to copy the packet.
2913          */
2914         if (skb_headroom(skb) < PPP_HDRLEN) {
2915                 struct sk_buff *new_skb;
2916
2917                 new_skb = alloc_skb(skb->len + PPP_HDRLEN, GFP_ATOMIC);
2918                 if (new_skb == NULL) {
2919                         printk(KERN_ERR "%s: skb hdr alloc failed\n",
2920                                ppp->name);
2921                         KFREE_SKB(skb);
2922                         ppp->xmit_busy = 0;
2923                         ppp_send_frames(ppp);
2924                         return 0;
2925                 }
2926                 LIBERATE_SKB(new_skb);
2927                 skb_reserve(new_skb, PPP_HDRLEN);
2928                 memcpy(skb_put(new_skb, skb->len), skb->data, skb->len);
2929                 KFREE_SKB(skb);
2930                 skb = new_skb;
2931         }
2932
2933         hdr = skb_push(skb, PPP_HDRLEN);
2934         hdr[0] = PPP_ALLSTATIONS;
2935         hdr[1] = PPP_UI;
2936         hdr[2] = proto >> 8;
2937         hdr[3] = proto;
2938
2939         ppp_send_frame(ppp, skb);
2940         if (!ppp->xmit_busy)
2941                 ppp_send_frames(ppp);
2942         return 0;
2943 }
2944
2945 #if LINUX_VERSION_CODE < VERSION(2,1,15)
2946 /*
2947  * Null hard_header and header_rebuild routines.
2948  */
2949 static int ppp_dev_header(struct sk_buff *skb, struct device *dev,
2950                           unsigned short type, void *daddr,
2951                           void *saddr, unsigned int len)
2952 {
2953         return 0;
2954 }
2955
2956 static int ppp_dev_rebuild(void *eth, struct device *dev,
2957                            unsigned long raddr, struct sk_buff *skb)
2958 {
2959         return 0;
2960 }
2961 #endif /* < 2.1.15 */
2962
2963 /*
2964  * Generate the statistic information for the /proc/net/dev listing.
2965  */
2966 static struct net_device_stats *
2967 ppp_dev_stats (struct device *dev)
2968 {
2969         struct ppp *ppp = dev2ppp (dev);
2970
2971         ppp->estats.rx_packets = ppp->stats.ppp_ipackets;
2972         ppp->estats.rx_errors  = ppp->stats.ppp_ierrors;
2973         ppp->estats.tx_packets = ppp->stats.ppp_opackets;
2974         ppp->estats.tx_errors  = ppp->stats.ppp_oerrors;
2975 #if LINUX_VERSION_CODE >= VERSION(2,1,25)
2976         ppp->estats.rx_bytes   = ppp->stats.ppp_ibytes;
2977         ppp->estats.tx_bytes   = ppp->stats.ppp_obytes;
2978 #endif
2979
2980         return &ppp->estats;
2981 }
2982
2983 /*************************************************************
2984  * UTILITIES
2985  *    Miscellany called by various functions above.
2986  *************************************************************/
2987
2988 /* Locate the previous instance of the PPP channel */
2989 static struct ppp *
2990 ppp_find(int pid_value)
2991 {
2992         struct ppp      *ppp;
2993
2994         /* try to find the device which this pid is already using */
2995         for (ppp = ppp_list; ppp != 0; ppp = ppp->next) {
2996                 if (ppp->inuse && ppp->sc_xfer == pid_value) {
2997                         ppp->sc_xfer = 0;
2998                         break;
2999                 }
3000         }
3001         return ppp;
3002 }
3003
3004 /* allocate or create a PPP channel */
3005 static struct ppp *
3006 ppp_alloc(void)
3007 {
3008         int             if_num;
3009         int             status;
3010         struct device   *dev;
3011         struct ppp      *ppp;
3012
3013         /* try to find an free device */
3014         for (ppp = ppp_list; ppp != 0; ppp = ppp->next) {
3015                 if (!test_and_set_bit(0, &ppp->inuse)) {
3016                         dev = ppp2dev(ppp);
3017                         if (dev->flags & IFF_UP) {
3018                                 clear_bit(0, &ppp->inuse);
3019                                 continue;
3020                         }
3021                         /* Reregister device */
3022                         unregister_netdev(dev);
3023                         if (register_netdev(dev) == 0)
3024                                 return ppp;
3025                         printk(KERN_DEBUG "could not reregister ppp device\n");
3026                         /* leave inuse set in this case */
3027                 }
3028         }
3029
3030         /*
3031          * There are no available units, so make a new one.
3032          */
3033         ppp = (struct ppp *) kmalloc(sizeof(struct ppp), GFP_KERNEL);
3034         if (ppp == 0) {
3035                 printk(KERN_ERR "ppp: struct ppp allocation failed\n");
3036                 return 0;
3037         }
3038         memset(ppp, 0, sizeof(*ppp));
3039
3040         /* initialize channel control data */
3041         ppp->magic = PPP_MAGIC;
3042         ppp->next = NULL;
3043         ppp->inuse = 1;
3044         ppp->read_wait = NULL;
3045
3046         /*
3047          * Make up a suitable name for this device
3048          */
3049         dev = ppp2dev(ppp);
3050         dev->name = ppp->name;
3051 #if LINUX_VERSION_CODE < VERSION(2,1,31)
3052         if_num = (ppp_list == 0)? 0: ppp_last->line + 1;
3053         sprintf(ppp->name, "ppp%d", if_num);
3054 #else
3055         if_num = dev_alloc_name(dev, "ppp%d");
3056 #endif
3057         if (if_num < 0) {
3058                 printk(KERN_ERR "ppp: dev_alloc_name failed (%d)\n", if_num);
3059                 kfree(ppp);
3060                 return 0;
3061         }
3062         ppp->line = if_num;
3063         ppp->slcomp = NULL;
3064
3065         dev->next = NULL;
3066         dev->init = ppp_init_dev;
3067         dev->name = ppp->name;
3068         dev->priv = (void *) ppp;
3069
3070         /* register device so that we can be ifconfig'd */
3071         /* ppp_init_dev() will be called as a side-effect */
3072         status = register_netdev (dev);
3073         if (status == 0) {
3074                 printk(KERN_INFO "registered device %s\n", dev->name);
3075         } else {
3076                 printk(KERN_ERR
3077                        "ppp_alloc - register_netdev(%s) = %d failure.\n",
3078                        dev->name, status);
3079                 kfree(ppp);
3080                 ppp = NULL;
3081         }
3082
3083         /* link this unit into our list */
3084         if (ppp_list == 0)
3085                 ppp_list = ppp;
3086         else
3087                 ppp_last->next = ppp;
3088         ppp_last = ppp;
3089
3090         return ppp;
3091 }
3092
3093 /*
3094  * Initialize the generic parts of the ppp structure.
3095  */
3096 static void
3097 ppp_generic_init(struct ppp *ppp)
3098 {
3099         int indx;
3100
3101         ppp->flags  = 0;
3102         ppp->mtu    = PPP_MTU;
3103         ppp->mru    = PPP_MRU;
3104
3105         skb_queue_head_init(&ppp->xmt_q);
3106         skb_queue_head_init(&ppp->rcv_q);
3107
3108         ppp->last_xmit  = jiffies;
3109         ppp->last_recv  = jiffies;
3110         ppp->xmit_busy  = 0;
3111
3112         /* clear statistics */
3113         memset(&ppp->stats, 0, sizeof (struct pppstat));
3114         memset(&ppp->estats, 0, sizeof(struct net_device_stats));
3115
3116         /* PPP compression data */
3117         ppp->sc_xc_state = NULL;
3118         ppp->sc_rc_state = NULL;
3119
3120         for (indx = 0; indx < NUM_NP; ++indx)
3121                 ppp->sc_npmode[indx] = NPMODE_PASS;
3122 }
3123
3124 /*
3125  * Called to clean up the generic parts of the ppp structure.
3126  */
3127 static void
3128 ppp_release(struct ppp *ppp)
3129 {
3130         struct sk_buff *skb;
3131
3132         CHECK_PPP_MAGIC(ppp);
3133
3134         if (ppp->flags & SC_DEBUG)
3135                 printk(KERN_DEBUG "%s released\n", ppp->name);
3136
3137         ppp_ccp_closed(ppp);
3138
3139         /* Ensure that the pppd process is not hanging on select()/poll() */
3140         wake_up_interruptible(&ppp->read_wait);
3141
3142         if (ppp->slcomp) {
3143                 slhc_free(ppp->slcomp);
3144                 ppp->slcomp = NULL;
3145         }
3146
3147         while ((skb = skb_dequeue(&ppp->rcv_q)) != NULL)
3148                 KFREE_SKB(skb);
3149         while ((skb = skb_dequeue(&ppp->xmt_q)) != NULL)
3150                 KFREE_SKB(skb);
3151
3152         ppp->inuse = 0;
3153         if (ppp->dev.tbusy) {
3154                 ppp->dev.tbusy = 0;
3155                 mark_bh(NET_BH);
3156         }
3157 }
3158
3159 /*
3160  * Utility procedures to print a buffer in hex/ascii
3161  */
3162 static void
3163 ppp_print_hex (register __u8 * out, const __u8 * in, int count)
3164 {
3165         register __u8 next_ch;
3166         static char hex[] = "0123456789ABCDEF";
3167
3168         while (count-- > 0) {
3169                 next_ch = *in++;
3170                 *out++ = hex[(next_ch >> 4) & 0x0F];
3171                 *out++ = hex[next_ch & 0x0F];
3172                 ++out;
3173         }
3174 }
3175
3176 static void
3177 ppp_print_char (register __u8 * out, const __u8 * in, int count)
3178 {
3179         register __u8 next_ch;
3180
3181         while (count-- > 0) {
3182                 next_ch = *in++;
3183
3184                 if (next_ch < 0x20 || next_ch > 0x7e)
3185                         *out++ = '.';
3186                 else {
3187                         *out++ = next_ch;
3188                         if (next_ch == '%')   /* printk/syslogd has a bug !! */
3189                                 *out++ = '%';
3190                 }
3191         }
3192         *out = '\0';
3193 }
3194
3195 static void
3196 ppp_print_buffer (const char *name, const __u8 *buf, int count)
3197 {
3198         __u8 line[44];
3199
3200         if (name != NULL)
3201                 printk(KERN_DEBUG "ppp: %s, count = %d\n", name, count);
3202
3203         while (count > 8) {
3204                 memset (line, 32, 44);
3205                 ppp_print_hex (line, buf, 8);
3206                 ppp_print_char (&line[8 * 3], buf, 8);
3207                 printk(KERN_DEBUG "%s\n", line);
3208                 count -= 8;
3209                 buf += 8;
3210         }
3211
3212         if (count > 0) {
3213                 memset (line, 32, 44);
3214                 ppp_print_hex (line, buf, count);
3215                 ppp_print_char (&line[8 * 3], buf, count);
3216                 printk(KERN_DEBUG "%s\n", line);
3217         }
3218 }
3219
3220 /*************************************************************
3221  * Compressor module interface
3222  *************************************************************/
3223
3224 struct compressor_link {
3225         struct compressor_link  *next;
3226         struct compressor       *comp;
3227 };
3228
3229 static struct compressor_link *ppp_compressors = (struct compressor_link *) 0;
3230
3231 static struct compressor *find_compressor (int type)
3232 {
3233         struct compressor_link *lnk;
3234         unsigned long flags;
3235
3236         save_flags(flags);
3237         cli();
3238
3239         lnk = ppp_compressors;
3240         while (lnk != (struct compressor_link *) 0) {
3241                 if ((int) (__u8) lnk->comp->compress_proto == type) {
3242                         restore_flags(flags);
3243                         return lnk->comp;
3244                 }
3245                 lnk = lnk->next;
3246         }
3247
3248         restore_flags(flags);
3249         return (struct compressor *) 0;
3250 }
3251
3252 static int ppp_register_compressor (struct compressor *cp)
3253 {
3254         struct compressor_link *new;
3255         unsigned long flags;
3256
3257         new = (struct compressor_link *)
3258                 kmalloc (sizeof (struct compressor_link), GFP_KERNEL);
3259
3260         if (new == (struct compressor_link *) 0)
3261                 return 1;
3262
3263         save_flags(flags);
3264         cli();
3265
3266         if (find_compressor (cp->compress_proto)) {
3267                 restore_flags(flags);
3268                 kfree (new);
3269                 return 0;
3270         }
3271
3272         new->next       = ppp_compressors;
3273         new->comp       = cp;
3274         ppp_compressors = new;
3275
3276         restore_flags(flags);
3277         return 0;
3278 }
3279
3280 static void ppp_unregister_compressor (struct compressor *cp)
3281 {
3282         struct compressor_link *prev = (struct compressor_link *) 0;
3283         struct compressor_link *lnk;
3284         unsigned long flags;
3285
3286         save_flags(flags);
3287         cli();
3288
3289         lnk  = ppp_compressors;
3290         while (lnk != (struct compressor_link *) 0) {
3291                 if (lnk->comp == cp) {
3292                         if (prev)
3293                                 prev->next = lnk->next;
3294                         else
3295                                 ppp_compressors = lnk->next;
3296                         kfree (lnk);
3297                         break;
3298                 }
3299                 prev = lnk;
3300                 lnk  = lnk->next;
3301         }
3302         restore_flags(flags);
3303 }
3304
3305 /*************************************************************
3306  * Module support routines
3307  *************************************************************/
3308
3309 #ifdef MODULE
3310 int
3311 init_module(void)
3312 {
3313         int status;
3314
3315         /* register our line disciplines */
3316         status = ppp_first_time();
3317         if (status != 0)
3318                 printk(KERN_INFO "PPP: ppp_init() failure %d\n", status);
3319 #if LINUX_VERSION_CODE < VERSION(2,1,18)
3320         else
3321                 (void) register_symtab (&ppp_syms);
3322 #endif
3323
3324         return status;
3325 }
3326
3327 void
3328 cleanup_module(void)
3329 {
3330         int status;
3331         struct ppp *ppp, *next_ppp;
3332         int busy = 0;
3333
3334         /*
3335          * Ensure that the devices are not in operation.
3336          */
3337         for (ppp = ppp_list; ppp != 0; ppp = ppp->next) {
3338                 CHECK_PPP_MAGIC(ppp);
3339                 if (ppp->inuse || (ppp->dev.flags & IFF_UP))
3340                         ++busy;
3341         }
3342         if (busy)
3343                 printk(KERN_CRIT "PPP: removing despite %d units in use!\n",
3344                        busy);
3345
3346         /*
3347          * Release the tty registration of the line discipline so that
3348          * ttys can no longer be put into PPP line discipline.
3349          */
3350         status = tty_register_ldisc (N_PPP, NULL);
3351         if (status != 0)
3352                 printk(KERN_ERR
3353                        "PPP: Unable to unregister ppp line discipline "
3354                        "(err = %d)\n", status);
3355         else
3356                 printk(KERN_INFO
3357                        "PPP: ppp line discipline successfully unregistered\n");
3358
3359         /*
3360          * De-register the devices so that there is no problem with them
3361          */
3362         for (ppp = ppp_list; ppp != 0; ppp = next_ppp) {
3363                 next_ppp = ppp->next;
3364                 unregister_netdev(&ppp->dev);
3365                 kfree (ppp);
3366         }
3367 }
3368 #endif