search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix buffer overflow if server sends corrupt response to small
[linux-2.6.22.y-op.git] / net / irda / irlap_frame.c
blob3013c49ab975e865b593746911f0d88f2921c8b0
1 /*********************************************************************
2 *
3 * Filename: irlap_frame.c
4 * Version: 1.0
5 * Description: Build and transmit IrLAP frames
6 * Status: Stable
7 * Author: Dag Brattli <dagb@cs.uit.no>
8 * Created at: Tue Aug 19 10:27:26 1997
9 * Modified at: Wed Jan 5 08:59:04 2000
10 * Modified by: Dag Brattli <dagb@cs.uit.no>
11 *
12 * Copyright (c) 1998-2000 Dag Brattli <dagb@cs.uit.no>,
13 * All Rights Reserved.
14 * Copyright (c) 2000-2003 Jean Tourrilhes <jt@hpl.hp.com>
15 *
16 * This program is free software; you can redistribute it and/or
17 * modify it under the terms of the GNU General Public License as
18 * published by the Free Software Foundation; either version 2 of
19 * the License, or (at your option) any later version.
20 *
21 * Neither Dag Brattli nor University of Tromsø admit liability nor
22 * provide warranty for any of this software. This material is
23 * provided "AS-IS" and at no charge.
24 *
25 ********************************************************************/
26
27 #include <linux/skbuff.h>
28 #include <linux/if.h>
29 #include <linux/if_ether.h>
30 #include <linux/netdevice.h>
31 #include <linux/irda.h>
32
33 #include <net/pkt_sched.h>
34 #include <net/sock.h>
35
36 #include <asm/byteorder.h>
37
38 #include <net/irda/irda.h>
39 #include <net/irda/irda_device.h>
40 #include <net/irda/irlap.h>
41 #include <net/irda/wrapper.h>
42 #include <net/irda/timer.h>
43 #include <net/irda/irlap_frame.h>
44 #include <net/irda/qos.h>
45
46 static void irlap_send_i_frame(struct irlap_cb *self, struct sk_buff *skb,
47 int command);
48
49 /*
50 * Function irlap_insert_info (self, skb)
51 *
52 * Insert minimum turnaround time and speed information into the skb. We
53 * need to do this since it's per packet relevant information. Safe to
54 * have this function inlined since it's only called from one place
55 */
56 static inline void irlap_insert_info(struct irlap_cb *self,
57 struct sk_buff *skb)
58 {
59 struct irda_skb_cb *cb = (struct irda_skb_cb *) skb->cb;
60
61 /*
62 * Insert MTT (min. turn time) and speed into skb, so that the
63 * device driver knows which settings to use
64 */
65 cb->magic = LAP_MAGIC;
66 cb->mtt = self->mtt_required;
67 cb->next_speed = self->speed;
68
69 /* Reset */
70 self->mtt_required = 0;
71
72 /*
73 * Delay equals negotiated BOFs count, plus the number of BOFs to
74 * force the negotiated minimum turnaround time
75 */
76 cb->xbofs = self->bofs_count;
77 cb->next_xbofs = self->next_bofs;
78 cb->xbofs_delay = self->xbofs_delay;
79
80 /* Reset XBOF's delay (used only for getting min turn time) */
81 self->xbofs_delay = 0;
82 /* Put the correct xbofs value for the next packet */
83 self->bofs_count = self->next_bofs;
84 }
85
86 /*
87 * Function irlap_queue_xmit (self, skb)
88 *
89 * A little wrapper for dev_queue_xmit, so we can insert some common
90 * code into it.
91 */
92 void irlap_queue_xmit(struct irlap_cb *self, struct sk_buff *skb)
93 {
94 /* Some common init stuff */
95 skb->dev = self->netdev;
96 skb_reset_mac_header(skb);
97 skb_reset_network_header(skb);
98 skb_reset_transport_header(skb);
99 skb->protocol = htons(ETH_P_IRDA);
100 skb->priority = TC_PRIO_BESTEFFORT;
101
102 irlap_insert_info(self, skb);
103
104 dev_queue_xmit(skb);
105 }
106
107 /*
108 * Function irlap_send_snrm_cmd (void)
109 *
110 * Transmits a connect SNRM command frame
111 */
112 void irlap_send_snrm_frame(struct irlap_cb *self, struct qos_info *qos)
113 {
114 struct sk_buff *tx_skb;
115 struct snrm_frame *frame;
116 int ret;
117
118 IRDA_ASSERT(self != NULL, return;);
119 IRDA_ASSERT(self->magic == LAP_MAGIC, return;);
120
121 /* Allocate frame */
122 tx_skb = alloc_skb(sizeof(struct snrm_frame) +
123 IRLAP_NEGOCIATION_PARAMS_LEN,
124 GFP_ATOMIC);
125 if (!tx_skb)
126 return;
127
128 frame = (struct snrm_frame *) skb_put(tx_skb, 2);
129
130 /* Insert connection address field */
131 if (qos)
132 frame->caddr = CMD_FRAME | CBROADCAST;
133 else
134 frame->caddr = CMD_FRAME | self->caddr;
135
136 /* Insert control field */
137 frame->control = SNRM_CMD | PF_BIT;
138
139 /*
140 * If we are establishing a connection then insert QoS paramerters
141 */
142 if (qos) {
143 skb_put(tx_skb, 9); /* 25 left */
144 frame->saddr = cpu_to_le32(self->saddr);
145 frame->daddr = cpu_to_le32(self->daddr);
146
147 frame->ncaddr = self->caddr;
148
149 ret = irlap_insert_qos_negotiation_params(self, tx_skb);
150 if (ret < 0) {
151 dev_kfree_skb(tx_skb);
152 return;
153 }
154 }
155 irlap_queue_xmit(self, tx_skb);
156 }
157
158 /*
159 * Function irlap_recv_snrm_cmd (skb, info)
160 *
161 * Received SNRM (Set Normal Response Mode) command frame
162 *
163 */
164 static void irlap_recv_snrm_cmd(struct irlap_cb *self, struct sk_buff *skb,
165 struct irlap_info *info)
166 {
167 struct snrm_frame *frame;
168
169 if (pskb_may_pull(skb,sizeof(struct snrm_frame))) {
170 frame = (struct snrm_frame *) skb->data;
171
172 /* Copy the new connection address ignoring the C/R bit */
173 info->caddr = frame->ncaddr & 0xFE;
174
175 /* Check if the new connection address is valid */
176 if ((info->caddr == 0x00) || (info->caddr == 0xfe)) {
177 IRDA_DEBUG(3, "%s(), invalid connection address!\n",
178 __FUNCTION__);
179 return;
180 }
181
182 /* Copy peer device address */
183 info->daddr = le32_to_cpu(frame->saddr);
184 info->saddr = le32_to_cpu(frame->daddr);
185
186 /* Only accept if addressed directly to us */
187 if (info->saddr != self->saddr) {
188 IRDA_DEBUG(2, "%s(), not addressed to us!\n",
189 __FUNCTION__);
190 return;
191 }
192 irlap_do_event(self, RECV_SNRM_CMD, skb, info);
193 } else {
194 /* Signal that this SNRM frame does not contain and I-field */
195 irlap_do_event(self, RECV_SNRM_CMD, skb, NULL);
196 }
197 }
198
199 /*
200 * Function irlap_send_ua_response_frame (qos)
201 *
202 * Send UA (Unnumbered Acknowledgement) frame
203 *
204 */
205 void irlap_send_ua_response_frame(struct irlap_cb *self, struct qos_info *qos)
206 {
207 struct sk_buff *tx_skb;
208 struct ua_frame *frame;
209 int ret;
210
211 IRDA_DEBUG(2, "%s() <%ld>\n", __FUNCTION__, jiffies);
212
213 IRDA_ASSERT(self != NULL, return;);
214 IRDA_ASSERT(self->magic == LAP_MAGIC, return;);
215
216 /* Allocate frame */
217 tx_skb = alloc_skb(sizeof(struct ua_frame) +
218 IRLAP_NEGOCIATION_PARAMS_LEN,
219 GFP_ATOMIC);
220 if (!tx_skb)
221 return;
222
223 frame = (struct ua_frame *) skb_put(tx_skb, 10);
224
225 /* Build UA response */
226 frame->caddr = self->caddr;
227 frame->control = UA_RSP | PF_BIT;
228
229 frame->saddr = cpu_to_le32(self->saddr);
230 frame->daddr = cpu_to_le32(self->daddr);
231
232 /* Should we send QoS negotiation parameters? */
233 if (qos) {
234 ret = irlap_insert_qos_negotiation_params(self, tx_skb);
235 if (ret < 0) {
236 dev_kfree_skb(tx_skb);
237 return;
238 }
239 }
240
241 irlap_queue_xmit(self, tx_skb);
242 }
243
244
245 /*
246 * Function irlap_send_dm_frame (void)
247 *
248 * Send disconnected mode (DM) frame
249 *
250 */
251 void irlap_send_dm_frame( struct irlap_cb *self)
252 {
253 struct sk_buff *tx_skb = NULL;
254 struct dm_frame *frame;
255
256 IRDA_ASSERT(self != NULL, return;);
257 IRDA_ASSERT(self->magic == LAP_MAGIC, return;);
258
259 tx_skb = alloc_skb(sizeof(struct dm_frame), GFP_ATOMIC);
260 if (!tx_skb)
261 return;
262
263 frame = (struct dm_frame *)skb_put(tx_skb, 2);
264
265 if (self->state == LAP_NDM)
266 frame->caddr = CBROADCAST;
267 else
268 frame->caddr = self->caddr;
269
270 frame->control = DM_RSP | PF_BIT;
271
272 irlap_queue_xmit(self, tx_skb);
273 }
274
275 /*
276 * Function irlap_send_disc_frame (void)
277 *
278 * Send disconnect (DISC) frame
279 *
280 */
281 void irlap_send_disc_frame(struct irlap_cb *self)
282 {
283 struct sk_buff *tx_skb = NULL;
284 struct disc_frame *frame;
285
286 IRDA_DEBUG(3, "%s()\n", __FUNCTION__);
287
288 IRDA_ASSERT(self != NULL, return;);
289 IRDA_ASSERT(self->magic == LAP_MAGIC, return;);
290
291 tx_skb = alloc_skb(sizeof(struct disc_frame), GFP_ATOMIC);
292 if (!tx_skb)
293 return;
294
295 frame = (struct disc_frame *)skb_put(tx_skb, 2);
296
297 frame->caddr = self->caddr | CMD_FRAME;
298 frame->control = DISC_CMD | PF_BIT;
299
300 irlap_queue_xmit(self, tx_skb);
301 }
302
303 /*
304 * Function irlap_send_discovery_xid_frame (S, s, command)
305 *
306 * Build and transmit a XID (eXchange station IDentifier) discovery
307 * frame.
308 */
309 void irlap_send_discovery_xid_frame(struct irlap_cb *self, int S, __u8 s,
310 __u8 command, discovery_t *discovery)
311 {
312 struct sk_buff *tx_skb = NULL;
313 struct xid_frame *frame;
314 __u32 bcast = BROADCAST;
315 __u8 *info;
316
317 IRDA_DEBUG(4, "%s(), s=%d, S=%d, command=%d\n", __FUNCTION__,
318 s, S, command);
319
320 IRDA_ASSERT(self != NULL, return;);
321 IRDA_ASSERT(self->magic == LAP_MAGIC, return;);
322 IRDA_ASSERT(discovery != NULL, return;);
323
324 tx_skb = alloc_skb(sizeof(struct xid_frame) + IRLAP_DISCOVERY_INFO_LEN,
325 GFP_ATOMIC);
326 if (!tx_skb)
327 return;
328
329 skb_put(tx_skb, 14);
330 frame = (struct xid_frame *) tx_skb->data;
331
332 if (command) {
333 frame->caddr = CBROADCAST | CMD_FRAME;
334 frame->control = XID_CMD | PF_BIT;
335 } else {
336 frame->caddr = CBROADCAST;
337 frame->control = XID_RSP | PF_BIT;
338 }
339 frame->ident = XID_FORMAT;
340
341 frame->saddr = cpu_to_le32(self->saddr);
342
343 if (command)
344 frame->daddr = cpu_to_le32(bcast);
345 else
346 frame->daddr = cpu_to_le32(discovery->data.daddr);
347
348 switch (S) {
349 case 1:
350 frame->flags = 0x00;
351 break;
352 case 6:
353 frame->flags = 0x01;
354 break;
355 case 8:
356 frame->flags = 0x02;
357 break;
358 case 16:
359 frame->flags = 0x03;
360 break;
361 default:
362 frame->flags = 0x02;
363 break;
364 }
365
366 frame->slotnr = s;
367 frame->version = 0x00;
368
369 /*
370 * Provide info for final slot only in commands, and for all
371 * responses. Send the second byte of the hint only if the
372 * EXTENSION bit is set in the first byte.
373 */
374 if (!command || (frame->slotnr == 0xff)) {
375 int len;
376
377 if (discovery->data.hints[0] & HINT_EXTENSION) {
378 info = skb_put(tx_skb, 2);
379 info[0] = discovery->data.hints[0];
380 info[1] = discovery->data.hints[1];
381 } else {
382 info = skb_put(tx_skb, 1);
383 info[0] = discovery->data.hints[0];
384 }
385 info = skb_put(tx_skb, 1);
386 info[0] = discovery->data.charset;
387
388 len = IRDA_MIN(discovery->name_len, skb_tailroom(tx_skb));
389 info = skb_put(tx_skb, len);
390 memcpy(info, discovery->data.info, len);
391 }
392 irlap_queue_xmit(self, tx_skb);
393 }
394
395 /*
396 * Function irlap_recv_discovery_xid_rsp (skb, info)
397 *
398 * Received a XID discovery response
399 *
400 */
401 static void irlap_recv_discovery_xid_rsp(struct irlap_cb *self,
402 struct sk_buff *skb,
403 struct irlap_info *info)
404 {
405 struct xid_frame *xid;
406 discovery_t *discovery = NULL;
407 __u8 *discovery_info;
408 char *text;
409
410 IRDA_DEBUG(4, "%s()\n", __FUNCTION__);
411
412 IRDA_ASSERT(self != NULL, return;);
413 IRDA_ASSERT(self->magic == LAP_MAGIC, return;);
414
415 if (!pskb_may_pull(skb, sizeof(struct xid_frame))) {
416 IRDA_ERROR("%s: frame too short!\n", __FUNCTION__);
417 return;
418 }
419
420 xid = (struct xid_frame *) skb->data;
421
422 info->daddr = le32_to_cpu(xid->saddr);
423 info->saddr = le32_to_cpu(xid->daddr);
424
425 /* Make sure frame is addressed to us */
426 if ((info->saddr != self->saddr) && (info->saddr != BROADCAST)) {
427 IRDA_DEBUG(0, "%s(), frame is not addressed to us!\n",
428 __FUNCTION__);
429 return;
430 }
431
432 if ((discovery = kzalloc(sizeof(discovery_t), GFP_ATOMIC)) == NULL) {
433 IRDA_WARNING("%s: kmalloc failed!\n", __FUNCTION__);
434 return;
435 }
436
437 discovery->data.daddr = info->daddr;
438 discovery->data.saddr = self->saddr;
439 discovery->timestamp = jiffies;
440
441 IRDA_DEBUG(4, "%s(), daddr=%08x\n", __FUNCTION__,
442 discovery->data.daddr);
443
444 discovery_info = skb_pull(skb, sizeof(struct xid_frame));
445
446 /* Get info returned from peer */
447 discovery->data.hints[0] = discovery_info[0];
448 if (discovery_info[0] & HINT_EXTENSION) {
449 IRDA_DEBUG(4, "EXTENSION\n");
450 discovery->data.hints[1] = discovery_info[1];
451 discovery->data.charset = discovery_info[2];
452 text = (char *) &discovery_info[3];
453 } else {
454 discovery->data.hints[1] = 0;
455 discovery->data.charset = discovery_info[1];
456 text = (char *) &discovery_info[2];
457 }
458 /*
459 * Terminate info string, should be safe since this is where the
460 * FCS bytes resides.
461 */
462 skb->data[skb->len] = '\0';
463 strncpy(discovery->data.info, text, NICKNAME_MAX_LEN);
464 discovery->name_len = strlen(discovery->data.info);
465
466 info->discovery = discovery;
467
468 irlap_do_event(self, RECV_DISCOVERY_XID_RSP, skb, info);
469 }
470
471 /*
472 * Function irlap_recv_discovery_xid_cmd (skb, info)
473 *
474 * Received a XID discovery command
475 *
476 */
477 static void irlap_recv_discovery_xid_cmd(struct irlap_cb *self,
478 struct sk_buff *skb,
479 struct irlap_info *info)
480 {
481 struct xid_frame *xid;
482 discovery_t *discovery = NULL;
483 __u8 *discovery_info;
484 char *text;
485
486 if (!pskb_may_pull(skb, sizeof(struct xid_frame))) {
487 IRDA_ERROR("%s: frame too short!\n", __FUNCTION__);
488 return;
489 }
490
491 xid = (struct xid_frame *) skb->data;
492
493 info->daddr = le32_to_cpu(xid->saddr);
494 info->saddr = le32_to_cpu(xid->daddr);
495
496 /* Make sure frame is addressed to us */
497 if ((info->saddr != self->saddr) && (info->saddr != BROADCAST)) {
498 IRDA_DEBUG(0, "%s(), frame is not addressed to us!\n",
499 __FUNCTION__);
500 return;
501 }
502
503 switch (xid->flags & 0x03) {
504 case 0x00:
505 info->S = 1;
506 break;
507 case 0x01:
508 info->S = 6;
509 break;
510 case 0x02:
511 info->S = 8;
512 break;
513 case 0x03:
514 info->S = 16;
515 break;
516 default:
517 /* Error!! */
518 return;
519 }
520 info->s = xid->slotnr;
521
522 discovery_info = skb_pull(skb, sizeof(struct xid_frame));
523
524 /*
525 * Check if last frame
526 */
527 if (info->s == 0xff) {
528 /* Check if things are sane at this point... */
529 if((discovery_info == NULL) ||
530 !pskb_may_pull(skb, 3)) {
531 IRDA_ERROR("%s: discovery frame too short!\n",
532 __FUNCTION__);
533 return;
534 }
535
536 /*
537 * We now have some discovery info to deliver!
538 */
539 discovery = kmalloc(sizeof(discovery_t), GFP_ATOMIC);
540 if (!discovery) {
541 IRDA_WARNING("%s: unable to malloc!\n", __FUNCTION__);
542 return;
543 }
544
545 discovery->data.daddr = info->daddr;
546 discovery->data.saddr = self->saddr;
547 discovery->timestamp = jiffies;
548
549 discovery->data.hints[0] = discovery_info[0];
550 if (discovery_info[0] & HINT_EXTENSION) {
551 discovery->data.hints[1] = discovery_info[1];
552 discovery->data.charset = discovery_info[2];
553 text = (char *) &discovery_info[3];
554 } else {
555 discovery->data.hints[1] = 0;
556 discovery->data.charset = discovery_info[1];
557 text = (char *) &discovery_info[2];
558 }
559 /*
560 * Terminate string, should be safe since this is where the
561 * FCS bytes resides.
562 */
563 skb->data[skb->len] = '\0';
564 strncpy(discovery->data.info, text, NICKNAME_MAX_LEN);
565 discovery->name_len = strlen(discovery->data.info);
566
567 info->discovery = discovery;
568 } else
569 info->discovery = NULL;
570
571 irlap_do_event(self, RECV_DISCOVERY_XID_CMD, skb, info);
572 }
573
574 /*
575 * Function irlap_send_rr_frame (self, command)
576 *
577 * Build and transmit RR (Receive Ready) frame. Notice that it is currently
578 * only possible to send RR frames with the poll bit set.
579 */
580 void irlap_send_rr_frame(struct irlap_cb *self, int command)
581 {
582 struct sk_buff *tx_skb;
583 struct rr_frame *frame;
584
585 tx_skb = alloc_skb(sizeof(struct rr_frame), GFP_ATOMIC);
586 if (!tx_skb)
587 return;
588
589 frame = (struct rr_frame *)skb_put(tx_skb, 2);
590
591 frame->caddr = self->caddr;
592 frame->caddr |= (command) ? CMD_FRAME : 0;
593
594 frame->control = RR | PF_BIT | (self->vr << 5);
595
596 irlap_queue_xmit(self, tx_skb);
597 }
598
599 /*
600 * Function irlap_send_rd_frame (self)
601 *
602 * Request disconnect. Used by a secondary station to request the
603 * disconnection of the link.
604 */
605 void irlap_send_rd_frame(struct irlap_cb *self)
606 {
607 struct sk_buff *tx_skb;
608 struct rd_frame *frame;
609
610 tx_skb = alloc_skb(sizeof(struct rd_frame), GFP_ATOMIC);
611 if (!tx_skb)
612 return;
613
614 frame = (struct rd_frame *)skb_put(tx_skb, 2);
615
616 frame->caddr = self->caddr;
617 frame->caddr = RD_RSP | PF_BIT;
618
619 irlap_queue_xmit(self, tx_skb);
620 }
621
622 /*
623 * Function irlap_recv_rr_frame (skb, info)
624 *
625 * Received RR (Receive Ready) frame from peer station, no harm in
626 * making it inline since its called only from one single place
627 * (irlap_driver_rcv).
628 */
629 static inline void irlap_recv_rr_frame(struct irlap_cb *self,
630 struct sk_buff *skb,
631 struct irlap_info *info, int command)
632 {
633 info->nr = skb->data[1] >> 5;
634
635 /* Check if this is a command or a response frame */
636 if (command)
637 irlap_do_event(self, RECV_RR_CMD, skb, info);
638 else
639 irlap_do_event(self, RECV_RR_RSP, skb, info);
640 }
641
642 /*
643 * Function irlap_recv_rnr_frame (self, skb, info)
644 *
645 * Received RNR (Receive Not Ready) frame from peer station
646 *
647 */
648 static void irlap_recv_rnr_frame(struct irlap_cb *self, struct sk_buff *skb,
649 struct irlap_info *info, int command)
650 {
651 info->nr = skb->data[1] >> 5;
652
653 IRDA_DEBUG(4, "%s(), nr=%d, %ld\n", __FUNCTION__, info->nr, jiffies);
654
655 if (command)
656 irlap_do_event(self, RECV_RNR_CMD, skb, info);
657 else
658 irlap_do_event(self, RECV_RNR_RSP, skb, info);
659 }
660
661 static void irlap_recv_rej_frame(struct irlap_cb *self, struct sk_buff *skb,
662 struct irlap_info *info, int command)
663 {
664 IRDA_DEBUG(0, "%s()\n", __FUNCTION__);
665
666 info->nr = skb->data[1] >> 5;
667
668 /* Check if this is a command or a response frame */
669 if (command)
670 irlap_do_event(self, RECV_REJ_CMD, skb, info);
671 else
672 irlap_do_event(self, RECV_REJ_RSP, skb, info);
673 }
674
675 static void irlap_recv_srej_frame(struct irlap_cb *self, struct sk_buff *skb,
676 struct irlap_info *info, int command)
677 {
678 IRDA_DEBUG(0, "%s()\n", __FUNCTION__);
679
680 info->nr = skb->data[1] >> 5;
681
682 /* Check if this is a command or a response frame */
683 if (command)
684 irlap_do_event(self, RECV_SREJ_CMD, skb, info);
685 else
686 irlap_do_event(self, RECV_SREJ_RSP, skb, info);
687 }
688
689 static void irlap_recv_disc_frame(struct irlap_cb *self, struct sk_buff *skb,
690 struct irlap_info *info, int command)
691 {
692 IRDA_DEBUG(2, "%s()\n", __FUNCTION__);
693
694 /* Check if this is a command or a response frame */
695 if (command)
696 irlap_do_event(self, RECV_DISC_CMD, skb, info);
697 else
698 irlap_do_event(self, RECV_RD_RSP, skb, info);
699 }
700
701 /*
702 * Function irlap_recv_ua_frame (skb, frame)
703 *
704 * Received UA (Unnumbered Acknowledgement) frame
705 *
706 */
707 static inline void irlap_recv_ua_frame(struct irlap_cb *self,
708 struct sk_buff *skb,
709 struct irlap_info *info)
710 {
711 irlap_do_event(self, RECV_UA_RSP, skb, info);
712 }
713
714 /*
715 * Function irlap_send_data_primary(self, skb)
716 *
717 * Send I-frames as the primary station but without the poll bit set
718 *
719 */
720 void irlap_send_data_primary(struct irlap_cb *self, struct sk_buff *skb)
721 {
722 struct sk_buff *tx_skb;
723
724 if (skb->data[1] == I_FRAME) {
725
726 /*
727 * Insert frame sequence number (Vs) in control field before
728 * inserting into transmit window queue.
729 */
730 skb->data[1] = I_FRAME | (self->vs << 1);
731
732 /*
733 * Insert frame in store, in case of retransmissions
734 * Increase skb reference count, see irlap_do_event()
735 */
736 skb_get(skb);
737 skb_queue_tail(&self->wx_list, skb);
738
739 /* Copy buffer */
740 tx_skb = skb_clone(skb, GFP_ATOMIC);
741 if (tx_skb == NULL) {
742 return;
743 }
744
745 self->vs = (self->vs + 1) % 8;
746 self->ack_required = FALSE;
747 self->window -= 1;
748
749 irlap_send_i_frame( self, tx_skb, CMD_FRAME);
750 } else {
751 IRDA_DEBUG(4, "%s(), sending unreliable frame\n", __FUNCTION__);
752 irlap_send_ui_frame(self, skb_get(skb), self->caddr, CMD_FRAME);
753 self->window -= 1;
754 }
755 }
756 /*
757 * Function irlap_send_data_primary_poll (self, skb)
758 *
759 * Send I(nformation) frame as primary with poll bit set
760 */
761 void irlap_send_data_primary_poll(struct irlap_cb *self, struct sk_buff *skb)
762 {
763 struct sk_buff *tx_skb;
764 int transmission_time;
765
766 /* Stop P timer */
767 del_timer(&self->poll_timer);
768
769 /* Is this reliable or unreliable data? */
770 if (skb->data[1] == I_FRAME) {
771
772 /*
773 * Insert frame sequence number (Vs) in control field before
774 * inserting into transmit window queue.
775 */
776 skb->data[1] = I_FRAME | (self->vs << 1);
777
778 /*
779 * Insert frame in store, in case of retransmissions
780 * Increase skb reference count, see irlap_do_event()
781 */
782 skb_get(skb);
783 skb_queue_tail(&self->wx_list, skb);
784
785 /* Copy buffer */
786 tx_skb = skb_clone(skb, GFP_ATOMIC);
787 if (tx_skb == NULL) {
788 return;
789 }
790
791 /*
792 * Set poll bit if necessary. We do this to the copied
793 * skb, since retransmitted need to set or clear the poll
794 * bit depending on when they are sent.
795 */
796 tx_skb->data[1] |= PF_BIT;
797
798 self->vs = (self->vs + 1) % 8;
799 self->ack_required = FALSE;
800
801 irlap_next_state(self, LAP_NRM_P);
802 irlap_send_i_frame(self, tx_skb, CMD_FRAME);
803 } else {
804 IRDA_DEBUG(4, "%s(), sending unreliable frame\n", __FUNCTION__);
805
806 if (self->ack_required) {
807 irlap_send_ui_frame(self, skb_get(skb), self->caddr, CMD_FRAME);
808 irlap_next_state(self, LAP_NRM_P);
809 irlap_send_rr_frame(self, CMD_FRAME);
810 self->ack_required = FALSE;
811 } else {
812 skb->data[1] |= PF_BIT;
813 irlap_next_state(self, LAP_NRM_P);
814 irlap_send_ui_frame(self, skb_get(skb), self->caddr, CMD_FRAME);
815 }
816 }
817
818 /* How much time we took for transmission of all frames.
819 * We don't know, so let assume we used the full window. Jean II */
820 transmission_time = self->final_timeout;
821
822 /* Reset parameter so that we can fill next window */
823 self->window = self->window_size;
824
825 #ifdef CONFIG_IRDA_DYNAMIC_WINDOW
826 /* Remove what we have not used. Just do a prorata of the
827 * bytes left in window to window capacity.
828 * See max_line_capacities[][] in qos.c for details. Jean II */
829 transmission_time -= (self->final_timeout * self->bytes_left
830 / self->line_capacity);
831 IRDA_DEBUG(4, "%s() adjusting transmission_time : ft=%d, bl=%d, lc=%d -> tt=%d\n", __FUNCTION__, self->final_timeout, self->bytes_left, self->line_capacity, transmission_time);
832
833 /* We are allowed to transmit a maximum number of bytes again. */
834 self->bytes_left = self->line_capacity;
835 #endif /* CONFIG_IRDA_DYNAMIC_WINDOW */
836
837 /*
838 * The network layer has a intermediate buffer between IrLAP
839 * and the IrDA driver which can contain 8 frames. So, even
840 * though IrLAP is currently sending the *last* frame of the
841 * tx-window, the driver most likely has only just started
842 * sending the *first* frame of the same tx-window.
843 * I.e. we are always at the very begining of or Tx window.
844 * Now, we are supposed to set the final timer from the end
845 * of our tx-window to let the other peer reply. So, we need
846 * to add extra time to compensate for the fact that we
847 * are really at the start of tx-window, otherwise the final timer
848 * might expire before he can answer...
849 * Jean II
850 */
851 irlap_start_final_timer(self, self->final_timeout + transmission_time);
852
853 /*
854 * The clever amongst you might ask why we do this adjustement
855 * only here, and not in all the other cases in irlap_event.c.
856 * In all those other case, we only send a very short management
857 * frame (few bytes), so the adjustement would be lost in the
858 * noise...
859 * The exception of course is irlap_resend_rejected_frame().
860 * Jean II */
861 }
862
863 /*
864 * Function irlap_send_data_secondary_final (self, skb)
865 *
866 * Send I(nformation) frame as secondary with final bit set
867 *
868 */
869 void irlap_send_data_secondary_final(struct irlap_cb *self,
870 struct sk_buff *skb)
871 {
872 struct sk_buff *tx_skb = NULL;
873
874 IRDA_ASSERT(self != NULL, return;);
875 IRDA_ASSERT(self->magic == LAP_MAGIC, return;);
876 IRDA_ASSERT(skb != NULL, return;);
877
878 /* Is this reliable or unreliable data? */
879 if (skb->data[1] == I_FRAME) {
880
881 /*
882 * Insert frame sequence number (Vs) in control field before
883 * inserting into transmit window queue.
884 */
885 skb->data[1] = I_FRAME | (self->vs << 1);
886
887 /*
888 * Insert frame in store, in case of retransmissions
889 * Increase skb reference count, see irlap_do_event()
890 */
891 skb_get(skb);
892 skb_queue_tail(&self->wx_list, skb);
893
894 tx_skb = skb_clone(skb, GFP_ATOMIC);
895 if (tx_skb == NULL) {
896 return;
897 }
898
899 tx_skb->data[1] |= PF_BIT;
900
901 self->vs = (self->vs + 1) % 8;
902 self->ack_required = FALSE;
903
904 irlap_send_i_frame(self, tx_skb, RSP_FRAME);
905 } else {
906 if (self->ack_required) {
907 irlap_send_ui_frame(self, skb_get(skb), self->caddr, RSP_FRAME);
908 irlap_send_rr_frame(self, RSP_FRAME);
909 self->ack_required = FALSE;
910 } else {
911 skb->data[1] |= PF_BIT;
912 irlap_send_ui_frame(self, skb_get(skb), self->caddr, RSP_FRAME);
913 }
914 }
915
916 self->window = self->window_size;
917 #ifdef CONFIG_IRDA_DYNAMIC_WINDOW
918 /* We are allowed to transmit a maximum number of bytes again. */
919 self->bytes_left = self->line_capacity;
920 #endif /* CONFIG_IRDA_DYNAMIC_WINDOW */
921
922 irlap_start_wd_timer(self, self->wd_timeout);
923 }
924
925 /*
926 * Function irlap_send_data_secondary (self, skb)
927 *
928 * Send I(nformation) frame as secondary without final bit set
929 *
930 */
931 void irlap_send_data_secondary(struct irlap_cb *self, struct sk_buff *skb)
932 {
933 struct sk_buff *tx_skb = NULL;
934
935 /* Is this reliable or unreliable data? */
936 if (skb->data[1] == I_FRAME) {
937
938 /*
939 * Insert frame sequence number (Vs) in control field before
940 * inserting into transmit window queue.
941 */
942 skb->data[1] = I_FRAME | (self->vs << 1);
943
944 /*
945 * Insert frame in store, in case of retransmissions
946 * Increase skb reference count, see irlap_do_event()
947 */
948 skb_get(skb);
949 skb_queue_tail(&self->wx_list, skb);
950
951 tx_skb = skb_clone(skb, GFP_ATOMIC);
952 if (tx_skb == NULL) {
953 return;
954 }
955
956 self->vs = (self->vs + 1) % 8;
957 self->ack_required = FALSE;
958 self->window -= 1;
959
960 irlap_send_i_frame(self, tx_skb, RSP_FRAME);
961 } else {
962 irlap_send_ui_frame(self, skb_get(skb), self->caddr, RSP_FRAME);
963 self->window -= 1;
964 }
965 }
966
967 /*
968 * Function irlap_resend_rejected_frames (nr)
969 *
970 * Resend frames which has not been acknowledged. Should be safe to
971 * traverse the list without locking it since this function will only be
972 * called from interrupt context (BH)
973 */
974 void irlap_resend_rejected_frames(struct irlap_cb *self, int command)
975 {
976 struct sk_buff *tx_skb;
977 struct sk_buff *skb;
978 int count;
979
980 IRDA_ASSERT(self != NULL, return;);
981 IRDA_ASSERT(self->magic == LAP_MAGIC, return;);
982
983 /* Initialize variables */
984 count = skb_queue_len(&self->wx_list);
985
986 /* Resend unacknowledged frame(s) */
987 skb = skb_peek(&self->wx_list);
988 while (skb != NULL) {
989 irlap_wait_min_turn_around(self, &self->qos_tx);
990
991 /* We copy the skb to be retransmitted since we will have to
992 * modify it. Cloning will confuse packet sniffers
993 */
994 /* tx_skb = skb_clone( skb, GFP_ATOMIC); */
995 tx_skb = skb_copy(skb, GFP_ATOMIC);
996 if (!tx_skb) {
997 IRDA_DEBUG(0, "%s(), unable to copy\n", __FUNCTION__);
998 return;
999 }
1000
1001 /* Clear old Nr field + poll bit */
1002 tx_skb->data[1] &= 0x0f;
1003
1004 /*
1005 * Set poll bit on the last frame retransmitted
1006 */
1007 if (count-- == 1)
1008 tx_skb->data[1] |= PF_BIT; /* Set p/f bit */
1009 else
1010 tx_skb->data[1] &= ~PF_BIT; /* Clear p/f bit */
1011
1012 irlap_send_i_frame(self, tx_skb, command);
1013
1014 /*
1015 * If our skb is the last buffer in the list, then
1016 * we are finished, if not, move to the next sk-buffer
1017 */
1018 if (skb == skb_peek_tail(&self->wx_list))
1019 skb = NULL;
1020 else
1021 skb = skb->next;
1022 }
1023 #if 0 /* Not yet */
1024 /*
1025 * We can now fill the window with additional data frames
1026 */
1027 while (!skb_queue_empty(&self->txq)) {
1028
1029 IRDA_DEBUG(0, "%s(), sending additional frames!\n", __FUNCTION__);
1030 if (self->window > 0) {
1031 skb = skb_dequeue( &self->txq);
1032 IRDA_ASSERT(skb != NULL, return;);
1033
1034 /*
1035 * If send window > 1 then send frame with pf
1036 * bit cleared
1037 */
1038 if ((self->window > 1) &&
1039 !skb_queue_empty(&self->txq)) {
1040 irlap_send_data_primary(self, skb);
1041 } else {
1042 irlap_send_data_primary_poll(self, skb);
1043 }
1044 kfree_skb(skb);
1045 }
1046 }
1047 #endif
1048 }
1049
1050 void irlap_resend_rejected_frame(struct irlap_cb *self, int command)
1051 {
1052 struct sk_buff *tx_skb;
1053 struct sk_buff *skb;
1054
1055 IRDA_ASSERT(self != NULL, return;);
1056 IRDA_ASSERT(self->magic == LAP_MAGIC, return;);
1057
1058 /* Resend unacknowledged frame(s) */
1059 skb = skb_peek(&self->wx_list);
1060 if (skb != NULL) {
1061 irlap_wait_min_turn_around(self, &self->qos_tx);
1062
1063 /* We copy the skb to be retransmitted since we will have to
1064 * modify it. Cloning will confuse packet sniffers
1065 */
1066 /* tx_skb = skb_clone( skb, GFP_ATOMIC); */
1067 tx_skb = skb_copy(skb, GFP_ATOMIC);
1068 if (!tx_skb) {
1069 IRDA_DEBUG(0, "%s(), unable to copy\n", __FUNCTION__);
1070 return;
1071 }
1072
1073 /* Clear old Nr field + poll bit */
1074 tx_skb->data[1] &= 0x0f;
1075
1076 /* Set poll/final bit */
1077 tx_skb->data[1] |= PF_BIT; /* Set p/f bit */
1078
1079 irlap_send_i_frame(self, tx_skb, command);
1080 }
1081 }
1082
1083 /*
1084 * Function irlap_send_ui_frame (self, skb, command)
1085 *
1086 * Contruct and transmit an Unnumbered Information (UI) frame
1087 *
1088 */
1089 void irlap_send_ui_frame(struct irlap_cb *self, struct sk_buff *skb,
1090 __u8 caddr, int command)
1091 {
1092 IRDA_DEBUG(4, "%s()\n", __FUNCTION__);
1093
1094 IRDA_ASSERT(self != NULL, return;);
1095 IRDA_ASSERT(self->magic == LAP_MAGIC, return;);
1096 IRDA_ASSERT(skb != NULL, return;);
1097
1098 /* Insert connection address */
1099 skb->data[0] = caddr | ((command) ? CMD_FRAME : 0);
1100
1101 irlap_queue_xmit(self, skb);
1102 }
1103
1104 /*
1105 * Function irlap_send_i_frame (skb)
1106 *
1107 * Contruct and transmit Information (I) frame
1108 */
1109 static void irlap_send_i_frame(struct irlap_cb *self, struct sk_buff *skb,
1110 int command)
1111 {
1112 /* Insert connection address */
1113 skb->data[0] = self->caddr;
1114 skb->data[0] |= (command) ? CMD_FRAME : 0;
1115
1116 /* Insert next to receive (Vr) */
1117 skb->data[1] |= (self->vr << 5); /* insert nr */
1118
1119 irlap_queue_xmit(self, skb);
1120 }
1121
1122 /*
1123 * Function irlap_recv_i_frame (skb, frame)
1124 *
1125 * Receive and parse an I (Information) frame, no harm in making it inline
1126 * since it's called only from one single place (irlap_driver_rcv).
1127 */
1128 static inline void irlap_recv_i_frame(struct irlap_cb *self,
1129 struct sk_buff *skb,
1130 struct irlap_info *info, int command)
1131 {
1132 info->nr = skb->data[1] >> 5; /* Next to receive */
1133 info->pf = skb->data[1] & PF_BIT; /* Final bit */
1134 info->ns = (skb->data[1] >> 1) & 0x07; /* Next to send */
1135
1136 /* Check if this is a command or a response frame */
1137 if (command)
1138 irlap_do_event(self, RECV_I_CMD, skb, info);
1139 else
1140 irlap_do_event(self, RECV_I_RSP, skb, info);
1141 }
1142
1143 /*
1144 * Function irlap_recv_ui_frame (self, skb, info)
1145 *
1146 * Receive and parse an Unnumbered Information (UI) frame
1147 *
1148 */
1149 static void irlap_recv_ui_frame(struct irlap_cb *self, struct sk_buff *skb,
1150 struct irlap_info *info)
1151 {
1152 IRDA_DEBUG( 4, "%s()\n", __FUNCTION__);
1153
1154 info->pf = skb->data[1] & PF_BIT; /* Final bit */
1155
1156 irlap_do_event(self, RECV_UI_FRAME, skb, info);
1157 }
1158
1159 /*
1160 * Function irlap_recv_frmr_frame (skb, frame)
1161 *
1162 * Received Frame Reject response.
1163 *
1164 */
1165 static void irlap_recv_frmr_frame(struct irlap_cb *self, struct sk_buff *skb,
1166 struct irlap_info *info)
1167 {
1168 __u8 *frame;
1169 int w, x, y, z;
1170
1171 IRDA_DEBUG(0, "%s()\n", __FUNCTION__);
1172
1173 IRDA_ASSERT(self != NULL, return;);
1174 IRDA_ASSERT(self->magic == LAP_MAGIC, return;);
1175 IRDA_ASSERT(skb != NULL, return;);
1176 IRDA_ASSERT(info != NULL, return;);
1177
1178 if (!pskb_may_pull(skb, 4)) {
1179 IRDA_ERROR("%s: frame too short!\n", __FUNCTION__);
1180 return;
1181 }
1182
1183 frame = skb->data;
1184
1185 info->nr = frame[2] >> 5; /* Next to receive */
1186 info->pf = frame[2] & PF_BIT; /* Final bit */
1187 info->ns = (frame[2] >> 1) & 0x07; /* Next to send */
1188
1189 w = frame[3] & 0x01;
1190 x = frame[3] & 0x02;
1191 y = frame[3] & 0x04;
1192 z = frame[3] & 0x08;
1193
1194 if (w) {
1195 IRDA_DEBUG(0, "Rejected control field is undefined or not "
1196 "implemented.\n");
1197 }
1198 if (x) {
1199 IRDA_DEBUG(0, "Rejected control field was invalid because it "
1200 "contained a non permitted I field.\n");
1201 }
1202 if (y) {
1203 IRDA_DEBUG(0, "Received I field exceeded the maximum negotiated "
1204 "for the existing connection or exceeded the maximum "
1205 "this station supports if no connection exists.\n");
1206 }
1207 if (z) {
1208 IRDA_DEBUG(0, "Rejected control field control field contained an "
1209 "invalid Nr count.\n");
1210 }
1211 irlap_do_event(self, RECV_FRMR_RSP, skb, info);
1212 }
1213
1214 /*
1215 * Function irlap_send_test_frame (self, daddr)
1216 *
1217 * Send a test frame response
1218 *
1219 */
1220 void irlap_send_test_frame(struct irlap_cb *self, __u8 caddr, __u32 daddr,
1221 struct sk_buff *cmd)
1222 {
1223 struct sk_buff *tx_skb;
1224 struct test_frame *frame;
1225 __u8 *info;
1226
1227 tx_skb = alloc_skb(cmd->len + sizeof(struct test_frame), GFP_ATOMIC);
1228 if (!tx_skb)
1229 return;
1230
1231 /* Broadcast frames must include saddr and daddr fields */
1232 if (caddr == CBROADCAST) {
1233 frame = (struct test_frame *)
1234 skb_put(tx_skb, sizeof(struct test_frame));
1235
1236 /* Insert the swapped addresses */
1237 frame->saddr = cpu_to_le32(self->saddr);
1238 frame->daddr = cpu_to_le32(daddr);
1239 } else
1240 frame = (struct test_frame *) skb_put(tx_skb, LAP_ADDR_HEADER + LAP_CTRL_HEADER);
1241
1242 frame->caddr = caddr;
1243 frame->control = TEST_RSP | PF_BIT;
1244
1245 /* Copy info */
1246 info = skb_put(tx_skb, cmd->len);
1247 memcpy(info, cmd->data, cmd->len);
1248
1249 /* Return to sender */
1250 irlap_wait_min_turn_around(self, &self->qos_tx);
1251 irlap_queue_xmit(self, tx_skb);
1252 }
1253
1254 /*
1255 * Function irlap_recv_test_frame (self, skb)
1256 *
1257 * Receive a test frame
1258 *
1259 */
1260 static void irlap_recv_test_frame(struct irlap_cb *self, struct sk_buff *skb,
1261 struct irlap_info *info, int command)
1262 {
1263 struct test_frame *frame;
1264
1265 IRDA_DEBUG(2, "%s()\n", __FUNCTION__);
1266
1267 if (!pskb_may_pull(skb, sizeof(*frame))) {
1268 IRDA_ERROR("%s: frame too short!\n", __FUNCTION__);
1269 return;
1270 }
1271 frame = (struct test_frame *) skb->data;
1272
1273 /* Broadcast frames must carry saddr and daddr fields */
1274 if (info->caddr == CBROADCAST) {
1275 if (skb->len < sizeof(struct test_frame)) {
1276 IRDA_DEBUG(0, "%s() test frame too short!\n",
1277 __FUNCTION__);
1278 return;
1279 }
1280
1281 /* Read and swap addresses */
1282 info->daddr = le32_to_cpu(frame->saddr);
1283 info->saddr = le32_to_cpu(frame->daddr);
1284
1285 /* Make sure frame is addressed to us */
1286 if ((info->saddr != self->saddr) &&
1287 (info->saddr != BROADCAST)) {
1288 return;
1289 }
1290 }
1291
1292 if (command)
1293 irlap_do_event(self, RECV_TEST_CMD, skb, info);
1294 else
1295 irlap_do_event(self, RECV_TEST_RSP, skb, info);
1296 }
1297
1298 /*
1299 * Function irlap_driver_rcv (skb, netdev, ptype)
1300 *
1301 * Called when a frame is received. Dispatches the right receive function
1302 * for processing of the frame.
1303 *
1304 * Note on skb management :
1305 * After calling the higher layers of the IrDA stack, we always
1306 * kfree() the skb, which drop the reference count (and potentially
1307 * destroy it).
1308 * If a higher layer of the stack want to keep the skb around (to put
1309 * in a queue or pass it to the higher layer), it will need to use
1310 * skb_get() to keep a reference on it. This is usually done at the
1311 * LMP level in irlmp.c.
1312 * Jean II
1313 */
1314 int irlap_driver_rcv(struct sk_buff *skb, struct net_device *dev,
1315 struct packet_type *ptype, struct net_device *orig_dev)
1316 {
1317 struct irlap_info info;
1318 struct irlap_cb *self;
1319 int command;
1320 __u8 control;
1321
1322 /* FIXME: should we get our own field? */
1323 self = (struct irlap_cb *) dev->atalk_ptr;
1324
1325 /* If the net device is down, then IrLAP is gone! */
1326 if (!self || self->magic != LAP_MAGIC) {
1327 dev_kfree_skb(skb);
1328 return -1;
1329 }
1330
1331 /* We are no longer an "old" protocol, so we need to handle
1332 * share and non linear skbs. This should never happen, so
1333 * we don't need to be clever about it. Jean II */
1334 if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL) {
1335 IRDA_ERROR("%s: can't clone shared skb!\n", __FUNCTION__);
1336 dev_kfree_skb(skb);
1337 return -1;
1338 }
1339
1340 /* Check if frame is large enough for parsing */
1341 if (!pskb_may_pull(skb, 2)) {
1342 IRDA_ERROR("%s: frame too short!\n", __FUNCTION__);
1343 dev_kfree_skb(skb);
1344 return -1;
1345 }
1346
1347 command = skb->data[0] & CMD_FRAME;
1348 info.caddr = skb->data[0] & CBROADCAST;
1349
1350 info.pf = skb->data[1] & PF_BIT;
1351 info.control = skb->data[1] & ~PF_BIT; /* Mask away poll/final bit */
1352
1353 control = info.control;
1354
1355 /* First we check if this frame has a valid connection address */
1356 if ((info.caddr != self->caddr) && (info.caddr != CBROADCAST)) {
1357 IRDA_DEBUG(0, "%s(), wrong connection address!\n",
1358 __FUNCTION__);
1359 goto out;
1360 }
1361 /*
1362 * Optimize for the common case and check if the frame is an
1363 * I(nformation) frame. Only I-frames have bit 0 set to 0
1364 */
1365 if (~control & 0x01) {
1366 irlap_recv_i_frame(self, skb, &info, command);
1367 goto out;
1368 }
1369 /*
1370 * We now check is the frame is an S(upervisory) frame. Only
1371 * S-frames have bit 0 set to 1 and bit 1 set to 0
1372 */
1373 if (~control & 0x02) {
1374 /*
1375 * Received S(upervisory) frame, check which frame type it is
1376 * only the first nibble is of interest
1377 */
1378 switch (control & 0x0f) {
1379 case RR:
1380 irlap_recv_rr_frame(self, skb, &info, command);
1381 break;
1382 case RNR:
1383 irlap_recv_rnr_frame(self, skb, &info, command);
1384 break;
1385 case REJ:
1386 irlap_recv_rej_frame(self, skb, &info, command);
1387 break;
1388 case SREJ:
1389 irlap_recv_srej_frame(self, skb, &info, command);
1390 break;
1391 default:
1392 IRDA_WARNING("%s: Unknown S-frame %02x received!\n",
1393 __FUNCTION__, info.control);
1394 break;
1395 }
1396 goto out;
1397 }
1398 /*
1399 * This must be a C(ontrol) frame
1400 */
1401 switch (control) {
1402 case XID_RSP:
1403 irlap_recv_discovery_xid_rsp(self, skb, &info);
1404 break;
1405 case XID_CMD:
1406 irlap_recv_discovery_xid_cmd(self, skb, &info);
1407 break;
1408 case SNRM_CMD:
1409 irlap_recv_snrm_cmd(self, skb, &info);
1410 break;
1411 case DM_RSP:
1412 irlap_do_event(self, RECV_DM_RSP, skb, &info);
1413 break;
1414 case DISC_CMD: /* And RD_RSP since they have the same value */
1415 irlap_recv_disc_frame(self, skb, &info, command);
1416 break;
1417 case TEST_CMD:
1418 irlap_recv_test_frame(self, skb, &info, command);
1419 break;
1420 case UA_RSP:
1421 irlap_recv_ua_frame(self, skb, &info);
1422 break;
1423 case FRMR_RSP:
1424 irlap_recv_frmr_frame(self, skb, &info);
1425 break;
1426 case UI_FRAME:
1427 irlap_recv_ui_frame(self, skb, &info);
1428 break;
1429 default:
1430 IRDA_WARNING("%s: Unknown frame %02x received!\n",
1431 __FUNCTION__, info.control);
1432 break;
1433 }
1434 out:
1435 /* Always drop our reference on the skb */
1436 dev_kfree_skb(skb);
1437 return 0;
1438 }
linux v2.6.22.y-op