[SCSI] fusion - memory leak, and initializing fields
[linux-2.6] / drivers / isdn / i4l / isdn_ppp.c
1 /* $Id: isdn_ppp.c,v 1.1.2.3 2004/02/10 01:07:13 keil Exp $
2  *
3  * Linux ISDN subsystem, functions for synchronous PPP (linklevel).
4  *
5  * Copyright 1995,96 by Michael Hipp (Michael.Hipp@student.uni-tuebingen.de)
6  *
7  * This software may be used and distributed according to the terms
8  * of the GNU General Public License, incorporated herein by reference.
9  *
10  */
11
12 #include <linux/config.h>
13 #include <linux/isdn.h>
14 #include <linux/poll.h>
15 #include <linux/ppp-comp.h>
16 #ifdef CONFIG_IPPP_FILTER
17 #include <linux/filter.h>
18 #endif
19
20 #include "isdn_common.h"
21 #include "isdn_ppp.h"
22 #include "isdn_net.h"
23
24 #ifndef PPP_IPX
25 #define PPP_IPX 0x002b
26 #endif
27
28 /* Prototypes */
29 static int isdn_ppp_fill_rq(unsigned char *buf, int len, int proto, int slot);
30 static int isdn_ppp_closewait(int slot);
31 static void isdn_ppp_push_higher(isdn_net_dev * net_dev, isdn_net_local * lp,
32                                  struct sk_buff *skb, int proto);
33 static int isdn_ppp_if_get_unit(char *namebuf);
34 static int isdn_ppp_set_compressor(struct ippp_struct *is,struct isdn_ppp_comp_data *);
35 static struct sk_buff *isdn_ppp_decompress(struct sk_buff *,
36                                 struct ippp_struct *,struct ippp_struct *,int *proto);
37 static void isdn_ppp_receive_ccp(isdn_net_dev * net_dev, isdn_net_local * lp,
38                                 struct sk_buff *skb,int proto);
39 static struct sk_buff *isdn_ppp_compress(struct sk_buff *skb_in,int *proto,
40         struct ippp_struct *is,struct ippp_struct *master,int type);
41 static void isdn_ppp_send_ccp(isdn_net_dev *net_dev, isdn_net_local *lp,
42          struct sk_buff *skb);
43
44 /* New CCP stuff */
45 static void isdn_ppp_ccp_kickup(struct ippp_struct *is);
46 static void isdn_ppp_ccp_xmit_reset(struct ippp_struct *is, int proto,
47                                     unsigned char code, unsigned char id,
48                                     unsigned char *data, int len);
49 static struct ippp_ccp_reset *isdn_ppp_ccp_reset_alloc(struct ippp_struct *is);
50 static void isdn_ppp_ccp_reset_free(struct ippp_struct *is);
51 static void isdn_ppp_ccp_reset_free_state(struct ippp_struct *is,
52                                           unsigned char id);
53 static void isdn_ppp_ccp_timer_callback(unsigned long closure);
54 static struct ippp_ccp_reset_state *isdn_ppp_ccp_reset_alloc_state(struct ippp_struct *is,
55                                                       unsigned char id);
56 static void isdn_ppp_ccp_reset_trans(struct ippp_struct *is,
57                                      struct isdn_ppp_resetparams *rp);
58 static void isdn_ppp_ccp_reset_ack_rcvd(struct ippp_struct *is,
59                                         unsigned char id);
60
61
62
63 #ifdef CONFIG_ISDN_MPP
64 static ippp_bundle * isdn_ppp_bundle_arr = NULL;
65  
66 static int isdn_ppp_mp_bundle_array_init(void);
67 static int isdn_ppp_mp_init( isdn_net_local * lp, ippp_bundle * add_to );
68 static void isdn_ppp_mp_receive(isdn_net_dev * net_dev, isdn_net_local * lp, 
69                                                         struct sk_buff *skb);
70 static void isdn_ppp_mp_cleanup( isdn_net_local * lp );
71
72 static int isdn_ppp_bundle(struct ippp_struct *, int unit);
73 #endif  /* CONFIG_ISDN_MPP */
74   
75 char *isdn_ppp_revision = "$Revision: 1.1.2.3 $";
76
77 static struct ippp_struct *ippp_table[ISDN_MAX_CHANNELS];
78
79 static struct isdn_ppp_compressor *ipc_head = NULL;
80
81 /*
82  * frame log (debug)
83  */
84 static void
85 isdn_ppp_frame_log(char *info, char *data, int len, int maxlen,int unit,int slot)
86 {
87         int cnt,
88          j,
89          i;
90         char buf[80];
91
92         if (len < maxlen)
93                 maxlen = len;
94
95         for (i = 0, cnt = 0; cnt < maxlen; i++) {
96                 for (j = 0; j < 16 && cnt < maxlen; j++, cnt++)
97                         sprintf(buf + j * 3, "%02x ", (unsigned char) data[cnt]);
98                 printk(KERN_DEBUG "[%d/%d].%s[%d]: %s\n",unit,slot, info, i, buf);
99         }
100 }
101
102 /*
103  * unbind isdn_net_local <=> ippp-device
104  * note: it can happen, that we hangup/free the master before the slaves
105  *       in this case we bind another lp to the master device
106  */
107 int
108 isdn_ppp_free(isdn_net_local * lp)
109 {
110         struct ippp_struct *is;
111
112         if (lp->ppp_slot < 0 || lp->ppp_slot > ISDN_MAX_CHANNELS) {
113                 printk(KERN_ERR "%s: ppp_slot(%d) out of range\n",
114                         __FUNCTION__, lp->ppp_slot);
115                 return 0;
116         }
117
118 #ifdef CONFIG_ISDN_MPP
119         spin_lock(&lp->netdev->pb->lock);
120 #endif
121         isdn_net_rm_from_bundle(lp);
122 #ifdef CONFIG_ISDN_MPP
123         if (lp->netdev->pb->ref_ct == 1)        /* last link in queue? */
124                 isdn_ppp_mp_cleanup(lp);
125
126         lp->netdev->pb->ref_ct--;
127         spin_unlock(&lp->netdev->pb->lock);
128 #endif /* CONFIG_ISDN_MPP */
129         if (lp->ppp_slot < 0 || lp->ppp_slot > ISDN_MAX_CHANNELS) {
130                 printk(KERN_ERR "%s: ppp_slot(%d) now invalid\n",
131                         __FUNCTION__, lp->ppp_slot);
132                 return 0;
133         }
134         is = ippp_table[lp->ppp_slot];
135         if ((is->state & IPPP_CONNECT))
136                 isdn_ppp_closewait(lp->ppp_slot);       /* force wakeup on ippp device */
137         else if (is->state & IPPP_ASSIGNED)
138                 is->state = IPPP_OPEN;  /* fallback to 'OPEN but not ASSIGNED' state */
139
140         if (is->debug & 0x1)
141                 printk(KERN_DEBUG "isdn_ppp_free %d %lx %lx\n", lp->ppp_slot, (long) lp, (long) is->lp);
142
143         is->lp = NULL;          /* link is down .. set lp to NULL */
144         lp->ppp_slot = -1;      /* is this OK ?? */
145
146         return 0;
147 }
148
149 /*
150  * bind isdn_net_local <=> ippp-device
151  *
152  * This function is allways called with holding dev->lock so
153  * no additional lock is needed
154  */
155 int
156 isdn_ppp_bind(isdn_net_local * lp)
157 {
158         int i;
159         int unit = 0;
160         struct ippp_struct *is;
161         int retval;
162
163         if (lp->pppbind < 0) {  /* device bounded to ippp device ? */
164                 isdn_net_dev *net_dev = dev->netdev;
165                 char exclusive[ISDN_MAX_CHANNELS];      /* exclusive flags */
166                 memset(exclusive, 0, ISDN_MAX_CHANNELS);
167                 while (net_dev) {       /* step through net devices to find exclusive minors */
168                         isdn_net_local *lp = net_dev->local;
169                         if (lp->pppbind >= 0)
170                                 exclusive[lp->pppbind] = 1;
171                         net_dev = net_dev->next;
172                 }
173                 /*
174                  * search a free device / slot
175                  */
176                 for (i = 0; i < ISDN_MAX_CHANNELS; i++) {
177                         if (ippp_table[i]->state == IPPP_OPEN && !exclusive[ippp_table[i]->minor]) {    /* OPEN, but not connected! */
178                                 break;
179                         }
180                 }
181         } else {
182                 for (i = 0; i < ISDN_MAX_CHANNELS; i++) {
183                         if (ippp_table[i]->minor == lp->pppbind &&
184                             (ippp_table[i]->state & IPPP_OPEN) == IPPP_OPEN)
185                                 break;
186                 }
187         }
188
189         if (i >= ISDN_MAX_CHANNELS) {
190                 printk(KERN_WARNING "isdn_ppp_bind: Can't find a (free) connection to the ipppd daemon.\n");
191                 retval = -1;
192                 goto out;
193         }
194         unit = isdn_ppp_if_get_unit(lp->name);  /* get unit number from interface name .. ugly! */
195         if (unit < 0) {
196                 printk(KERN_ERR "isdn_ppp_bind: illegal interface name %s.\n", lp->name);
197                 retval = -1;
198                 goto out;
199         }
200         
201         lp->ppp_slot = i;
202         is = ippp_table[i];
203         is->lp = lp;
204         is->unit = unit;
205         is->state = IPPP_OPEN | IPPP_ASSIGNED;  /* assigned to a netdevice but not connected */
206 #ifdef CONFIG_ISDN_MPP
207         retval = isdn_ppp_mp_init(lp, NULL);
208         if (retval < 0)
209                 goto out;
210 #endif /* CONFIG_ISDN_MPP */
211
212         retval = lp->ppp_slot;
213
214  out:
215         return retval;
216 }
217
218 /*
219  * kick the ipppd on the device
220  * (wakes up daemon after B-channel connect)
221  */
222
223 void
224 isdn_ppp_wakeup_daemon(isdn_net_local * lp)
225 {
226         if (lp->ppp_slot < 0 || lp->ppp_slot >= ISDN_MAX_CHANNELS) {
227                 printk(KERN_ERR "%s: ppp_slot(%d) out of range\n",
228                         __FUNCTION__, lp->ppp_slot);
229                 return;
230         }
231         ippp_table[lp->ppp_slot]->state = IPPP_OPEN | IPPP_CONNECT | IPPP_NOBLOCK;
232         wake_up_interruptible(&ippp_table[lp->ppp_slot]->wq);
233 }
234
235 /*
236  * there was a hangup on the netdevice
237  * force wakeup of the ippp device
238  * go into 'device waits for release' state
239  */
240 static int
241 isdn_ppp_closewait(int slot)
242 {
243         struct ippp_struct *is;
244
245         if (slot < 0 || slot >= ISDN_MAX_CHANNELS) {
246                 printk(KERN_ERR "%s: slot(%d) out of range\n",
247                         __FUNCTION__, slot);
248                 return 0;
249         }
250         is = ippp_table[slot];
251         if (is->state)
252                 wake_up_interruptible(&is->wq);
253         is->state = IPPP_CLOSEWAIT;
254         return 1;
255 }
256
257 /*
258  * isdn_ppp_find_slot / isdn_ppp_free_slot
259  */
260
261 static int
262 isdn_ppp_get_slot(void)
263 {
264         int i;
265         for (i = 0; i < ISDN_MAX_CHANNELS; i++) {
266                 if (!ippp_table[i]->state)
267                         return i;
268         }
269         return -1;
270 }
271
272 /*
273  * isdn_ppp_open
274  */
275
276 int
277 isdn_ppp_open(int min, struct file *file)
278 {
279         int slot;
280         struct ippp_struct *is;
281
282         if (min < 0 || min > ISDN_MAX_CHANNELS)
283                 return -ENODEV;
284
285         slot = isdn_ppp_get_slot();
286         if (slot < 0) {
287                 return -EBUSY;
288         }
289         is = file->private_data = ippp_table[slot];
290         
291         printk(KERN_DEBUG "ippp, open, slot: %d, minor: %d, state: %04x\n",
292                slot, min, is->state);
293
294         /* compression stuff */
295         is->link_compressor   = is->compressor = NULL;
296         is->link_decompressor = is->decompressor = NULL;
297         is->link_comp_stat    = is->comp_stat = NULL;
298         is->link_decomp_stat  = is->decomp_stat = NULL;
299         is->compflags = 0;
300
301         is->reset = isdn_ppp_ccp_reset_alloc(is);
302
303         is->lp = NULL;
304         is->mp_seqno = 0;       /* MP sequence number */
305         is->pppcfg = 0;         /* ppp configuration */
306         is->mpppcfg = 0;        /* mppp configuration */
307         is->last_link_seqno = -1;       /* MP: maybe set to Bundle-MIN, when joining a bundle ?? */
308         is->unit = -1;          /* set, when we have our interface */
309         is->mru = 1524;         /* MRU, default 1524 */
310         is->maxcid = 16;        /* VJ: maxcid */
311         is->tk = current;
312         init_waitqueue_head(&is->wq);
313         is->first = is->rq + NUM_RCV_BUFFS - 1; /* receive queue */
314         is->last = is->rq;
315         is->minor = min;
316 #ifdef CONFIG_ISDN_PPP_VJ
317         /*
318          * VJ header compression init
319          */
320         is->slcomp = slhc_init(16, 16); /* not necessary for 2. link in bundle */
321 #endif
322 #ifdef CONFIG_IPPP_FILTER
323         is->pass_filter = NULL;
324         is->active_filter = NULL;
325 #endif
326         is->state = IPPP_OPEN;
327
328         return 0;
329 }
330
331 /*
332  * release ippp device
333  */
334 void
335 isdn_ppp_release(int min, struct file *file)
336 {
337         int i;
338         struct ippp_struct *is;
339
340         if (min < 0 || min >= ISDN_MAX_CHANNELS)
341                 return;
342         is = file->private_data;
343
344         if (!is) {
345                 printk(KERN_ERR "%s: no file->private_data\n", __FUNCTION__);
346                 return;
347         }
348         if (is->debug & 0x1)
349                 printk(KERN_DEBUG "ippp: release, minor: %d %lx\n", min, (long) is->lp);
350
351         if (is->lp) {           /* a lp address says: this link is still up */
352                 isdn_net_dev *p = is->lp->netdev;
353
354                 if (!p) {
355                         printk(KERN_ERR "%s: no lp->netdev\n", __FUNCTION__);
356                         return;
357                 }
358                 is->state &= ~IPPP_CONNECT;     /* -> effect: no call of wakeup */
359                 /*
360                  * isdn_net_hangup() calls isdn_ppp_free()
361                  * isdn_ppp_free() sets is->lp to NULL and lp->ppp_slot to -1
362                  * removing the IPPP_CONNECT flag omits calling of isdn_ppp_wakeup_daemon()
363                  */
364                 isdn_net_hangup(&p->dev);
365         }
366         for (i = 0; i < NUM_RCV_BUFFS; i++) {
367                 kfree(is->rq[i].buf);
368                 is->rq[i].buf = NULL;
369         }
370         is->first = is->rq + NUM_RCV_BUFFS - 1; /* receive queue */
371         is->last = is->rq;
372
373 #ifdef CONFIG_ISDN_PPP_VJ
374 /* TODO: if this was the previous master: link the slcomp to the new master */
375         slhc_free(is->slcomp);
376         is->slcomp = NULL;
377 #endif
378 #ifdef CONFIG_IPPP_FILTER
379         kfree(is->pass_filter);
380         is->pass_filter = NULL;
381         kfree(is->active_filter);
382         is->active_filter = NULL;
383 #endif
384
385 /* TODO: if this was the previous master: link the stuff to the new master */
386         if(is->comp_stat)
387                 is->compressor->free(is->comp_stat);
388         if(is->link_comp_stat)
389                 is->link_compressor->free(is->link_comp_stat);
390         if(is->link_decomp_stat)
391                 is->link_decompressor->free(is->link_decomp_stat);
392         if(is->decomp_stat)
393                 is->decompressor->free(is->decomp_stat);
394         is->compressor   = is->link_compressor   = NULL;
395         is->decompressor = is->link_decompressor = NULL;
396         is->comp_stat    = is->link_comp_stat    = NULL;
397         is->decomp_stat  = is->link_decomp_stat  = NULL;
398
399         /* Clean up if necessary */
400         if(is->reset)
401                 isdn_ppp_ccp_reset_free(is);
402
403         /* this slot is ready for new connections */
404         is->state = 0;
405 }
406
407 /*
408  * get_arg .. ioctl helper
409  */
410 static int
411 get_arg(void __user *b, void *val, int len)
412 {
413         if (len <= 0)
414                 len = sizeof(void *);
415         if (copy_from_user(val, b, len))
416                 return -EFAULT;
417         return 0;
418 }
419
420 /*
421  * set arg .. ioctl helper
422  */
423 static int
424 set_arg(void __user *b, void *val,int len)
425 {
426         if(len <= 0)
427                 len = sizeof(void *);
428         if (copy_to_user(b, val, len))
429                 return -EFAULT;
430         return 0;
431 }
432
433 static int get_filter(void __user *arg, struct sock_filter **p)
434 {
435         struct sock_fprog uprog;
436         struct sock_filter *code = NULL;
437         int len, err;
438
439         if (copy_from_user(&uprog, arg, sizeof(uprog)))
440                 return -EFAULT;
441
442         if (!uprog.len) {
443                 *p = NULL;
444                 return 0;
445         }
446
447         /* uprog.len is unsigned short, so no overflow here */
448         len = uprog.len * sizeof(struct sock_filter);
449         code = kmalloc(len, GFP_KERNEL);
450         if (code == NULL)
451                 return -ENOMEM;
452
453         if (copy_from_user(code, uprog.filter, len)) {
454                 kfree(code);
455                 return -EFAULT;
456         }
457
458         err = sk_chk_filter(code, uprog.len);
459         if (err) {
460                 kfree(code);
461                 return err;
462         }
463
464         *p = code;
465         return uprog.len;
466 }
467
468 /*
469  * ippp device ioctl
470  */
471 int
472 isdn_ppp_ioctl(int min, struct file *file, unsigned int cmd, unsigned long arg)
473 {
474         unsigned long val;
475         int r,i,j;
476         struct ippp_struct *is;
477         isdn_net_local *lp;
478         struct isdn_ppp_comp_data data;
479         void __user *argp = (void __user *)arg;
480
481         is = (struct ippp_struct *) file->private_data;
482         lp = is->lp;
483
484         if (is->debug & 0x1)
485                 printk(KERN_DEBUG "isdn_ppp_ioctl: minor: %d cmd: %x state: %x\n", min, cmd, is->state);
486
487         if (!(is->state & IPPP_OPEN))
488                 return -EINVAL;
489
490         switch (cmd) {
491                 case PPPIOCBUNDLE:
492 #ifdef CONFIG_ISDN_MPP
493                         if (!(is->state & IPPP_CONNECT))
494                                 return -EINVAL;
495                         if ((r = get_arg(argp, &val, sizeof(val) )))
496                                 return r;
497                         printk(KERN_DEBUG "iPPP-bundle: minor: %d, slave unit: %d, master unit: %d\n",
498                                (int) min, (int) is->unit, (int) val);
499                         return isdn_ppp_bundle(is, val);
500 #else
501                         return -1;
502 #endif
503                         break;
504                 case PPPIOCGUNIT:       /* get ppp/isdn unit number */
505                         if ((r = set_arg(argp, &is->unit, sizeof(is->unit) )))
506                                 return r;
507                         break;
508                 case PPPIOCGIFNAME:
509                         if(!lp)
510                                 return -EINVAL;
511                         if ((r = set_arg(argp, lp->name, strlen(lp->name))))
512                                 return r;
513                         break;
514                 case PPPIOCGMPFLAGS:    /* get configuration flags */
515                         if ((r = set_arg(argp, &is->mpppcfg, sizeof(is->mpppcfg) )))
516                                 return r;
517                         break;
518                 case PPPIOCSMPFLAGS:    /* set configuration flags */
519                         if ((r = get_arg(argp, &val, sizeof(val) )))
520                                 return r;
521                         is->mpppcfg = val;
522                         break;
523                 case PPPIOCGFLAGS:      /* get configuration flags */
524                         if ((r = set_arg(argp, &is->pppcfg,sizeof(is->pppcfg) )))
525                                 return r;
526                         break;
527                 case PPPIOCSFLAGS:      /* set configuration flags */
528                         if ((r = get_arg(argp, &val, sizeof(val) ))) {
529                                 return r;
530                         }
531                         if (val & SC_ENABLE_IP && !(is->pppcfg & SC_ENABLE_IP) && (is->state & IPPP_CONNECT)) {
532                                 if (lp) {
533                                         /* OK .. we are ready to send buffers */
534                                         is->pppcfg = val; /* isdn_ppp_xmit test for SC_ENABLE_IP !!! */
535                                         netif_wake_queue(&lp->netdev->dev);
536                                         break;
537                                 }
538                         }
539                         is->pppcfg = val;
540                         break;
541                 case PPPIOCGIDLE:       /* get idle time information */
542                         if (lp) {
543                                 struct ppp_idle pidle;
544                                 pidle.xmit_idle = pidle.recv_idle = lp->huptimer;
545                                 if ((r = set_arg(argp, &pidle,sizeof(struct ppp_idle))))
546                                          return r;
547                         }
548                         break;
549                 case PPPIOCSMRU:        /* set receive unit size for PPP */
550                         if ((r = get_arg(argp, &val, sizeof(val) )))
551                                 return r;
552                         is->mru = val;
553                         break;
554                 case PPPIOCSMPMRU:
555                         break;
556                 case PPPIOCSMPMTU:
557                         break;
558                 case PPPIOCSMAXCID:     /* set the maximum compression slot id */
559                         if ((r = get_arg(argp, &val, sizeof(val) )))
560                                 return r;
561                         val++;
562                         if (is->maxcid != val) {
563 #ifdef CONFIG_ISDN_PPP_VJ
564                                 struct slcompress *sltmp;
565 #endif
566                                 if (is->debug & 0x1)
567                                         printk(KERN_DEBUG "ippp, ioctl: changed MAXCID to %ld\n", val);
568                                 is->maxcid = val;
569 #ifdef CONFIG_ISDN_PPP_VJ
570                                 sltmp = slhc_init(16, val);
571                                 if (!sltmp) {
572                                         printk(KERN_ERR "ippp, can't realloc slhc struct\n");
573                                         return -ENOMEM;
574                                 }
575                                 if (is->slcomp)
576                                         slhc_free(is->slcomp);
577                                 is->slcomp = sltmp;
578 #endif
579                         }
580                         break;
581                 case PPPIOCGDEBUG:
582                         if ((r = set_arg(argp, &is->debug, sizeof(is->debug) )))
583                                 return r;
584                         break;
585                 case PPPIOCSDEBUG:
586                         if ((r = get_arg(argp, &val, sizeof(val) )))
587                                 return r;
588                         is->debug = val;
589                         break;
590                 case PPPIOCGCOMPRESSORS:
591                         {
592                                 unsigned long protos[8] = {0,};
593                                 struct isdn_ppp_compressor *ipc = ipc_head;
594                                 while(ipc) {
595                                         j = ipc->num / (sizeof(long)*8);
596                                         i = ipc->num % (sizeof(long)*8);
597                                         if(j < 8)
598                                                 protos[j] |= (0x1<<i);
599                                         ipc = ipc->next;
600                                 }
601                                 if ((r = set_arg(argp,protos,8*sizeof(long) )))
602                                         return r;
603                         }
604                         break;
605                 case PPPIOCSCOMPRESSOR:
606                         if ((r = get_arg(argp, &data, sizeof(struct isdn_ppp_comp_data))))
607                                 return r;
608                         return isdn_ppp_set_compressor(is, &data);
609                 case PPPIOCGCALLINFO:
610                         {
611                                 struct pppcallinfo pci;
612                                 memset((char *) &pci,0,sizeof(struct pppcallinfo));
613                                 if(lp)
614                                 {
615                                         strncpy(pci.local_num,lp->msn,63);
616                                         if(lp->dial) {
617                                                 strncpy(pci.remote_num,lp->dial->num,63);
618                                         }
619                                         pci.charge_units = lp->charge;
620                                         if(lp->outgoing)
621                                                 pci.calltype = CALLTYPE_OUTGOING;
622                                         else
623                                                 pci.calltype = CALLTYPE_INCOMING;
624                                         if(lp->flags & ISDN_NET_CALLBACK)
625                                                 pci.calltype |= CALLTYPE_CALLBACK;
626                                 }
627                                 return set_arg(argp,&pci,sizeof(struct pppcallinfo));
628                         }
629 #ifdef CONFIG_IPPP_FILTER
630                 case PPPIOCSPASS:
631                         {
632                                 struct sock_filter *code;
633                                 int len = get_filter(argp, &code);
634                                 if (len < 0)
635                                         return len;
636                                 kfree(is->pass_filter);
637                                 is->pass_filter = code;
638                                 is->pass_len = len;
639                                 break;
640                         }
641                 case PPPIOCSACTIVE:
642                         {
643                                 struct sock_filter *code;
644                                 int len = get_filter(argp, &code);
645                                 if (len < 0)
646                                         return len;
647                                 kfree(is->active_filter);
648                                 is->active_filter = code;
649                                 is->active_len = len;
650                                 break;
651                         }
652 #endif /* CONFIG_IPPP_FILTER */
653                 default:
654                         break;
655         }
656         return 0;
657 }
658
659 unsigned int
660 isdn_ppp_poll(struct file *file, poll_table * wait)
661 {
662         u_int mask;
663         struct ippp_buf_queue *bf, *bl;
664         u_long flags;
665         struct ippp_struct *is;
666
667         is = file->private_data;
668
669         if (is->debug & 0x2)
670                 printk(KERN_DEBUG "isdn_ppp_poll: minor: %d\n",
671                                 MINOR(file->f_dentry->d_inode->i_rdev));
672
673         /* just registers wait_queue hook. This doesn't really wait. */
674         poll_wait(file, &is->wq, wait);
675
676         if (!(is->state & IPPP_OPEN)) {
677                 if(is->state == IPPP_CLOSEWAIT)
678                         return POLLHUP;
679                 printk(KERN_DEBUG "isdn_ppp: device not open\n");
680                 return POLLERR;
681         }
682         /* we're always ready to send .. */
683         mask = POLLOUT | POLLWRNORM;
684
685         spin_lock_irqsave(&is->buflock, flags);
686         bl = is->last;
687         bf = is->first;
688         /*
689          * if IPPP_NOBLOCK is set we return even if we have nothing to read
690          */
691         if (bf->next != bl || (is->state & IPPP_NOBLOCK)) {
692                 is->state &= ~IPPP_NOBLOCK;
693                 mask |= POLLIN | POLLRDNORM;
694         }
695         spin_unlock_irqrestore(&is->buflock, flags);
696         return mask;
697 }
698
699 /*
700  *  fill up isdn_ppp_read() queue ..
701  */
702
703 static int
704 isdn_ppp_fill_rq(unsigned char *buf, int len, int proto, int slot)
705 {
706         struct ippp_buf_queue *bf, *bl;
707         u_long flags;
708         u_char *nbuf;
709         struct ippp_struct *is;
710
711         if (slot < 0 || slot >= ISDN_MAX_CHANNELS) {
712                 printk(KERN_WARNING "ippp: illegal slot(%d).\n", slot);
713                 return 0;
714         }
715         is = ippp_table[slot];
716
717         if (!(is->state & IPPP_CONNECT)) {
718                 printk(KERN_DEBUG "ippp: device not activated.\n");
719                 return 0;
720         }
721         nbuf = (unsigned char *) kmalloc(len + 4, GFP_ATOMIC);
722         if (!nbuf) {
723                 printk(KERN_WARNING "ippp: Can't alloc buf\n");
724                 return 0;
725         }
726         nbuf[0] = PPP_ALLSTATIONS;
727         nbuf[1] = PPP_UI;
728         nbuf[2] = proto >> 8;
729         nbuf[3] = proto & 0xff;
730         memcpy(nbuf + 4, buf, len);
731
732         spin_lock_irqsave(&is->buflock, flags);
733         bf = is->first;
734         bl = is->last;
735
736         if (bf == bl) {
737                 printk(KERN_WARNING "ippp: Queue is full; discarding first buffer\n");
738                 bf = bf->next;
739                 kfree(bf->buf);
740                 is->first = bf;
741         }
742         bl->buf = (char *) nbuf;
743         bl->len = len + 4;
744
745         is->last = bl->next;
746         spin_unlock_irqrestore(&is->buflock, flags);
747         wake_up_interruptible(&is->wq);
748         return len;
749 }
750
751 /*
752  * read() .. non-blocking: ipppd calls it only after select()
753  *           reports, that there is data
754  */
755
756 int
757 isdn_ppp_read(int min, struct file *file, char __user *buf, int count)
758 {
759         struct ippp_struct *is;
760         struct ippp_buf_queue *b;
761         u_long flags;
762         u_char *save_buf;
763
764         is = file->private_data;
765
766         if (!(is->state & IPPP_OPEN))
767                 return 0;
768
769         if (!access_ok(VERIFY_WRITE, buf, count))
770                 return -EFAULT;
771
772         spin_lock_irqsave(&is->buflock, flags);
773         b = is->first->next;
774         save_buf = b->buf;
775         if (!save_buf) {
776                 spin_unlock_irqrestore(&is->buflock, flags);
777                 return -EAGAIN;
778         }
779         if (b->len < count)
780                 count = b->len;
781         b->buf = NULL;
782         is->first = b;
783
784         spin_unlock_irqrestore(&is->buflock, flags);
785         copy_to_user(buf, save_buf, count);
786         kfree(save_buf);
787
788         return count;
789 }
790
791 /*
792  * ipppd wanna write a packet to the card .. non-blocking
793  */
794
795 int
796 isdn_ppp_write(int min, struct file *file, const char __user *buf, int count)
797 {
798         isdn_net_local *lp;
799         struct ippp_struct *is;
800         int proto;
801         unsigned char protobuf[4];
802
803         is = file->private_data;
804
805         if (!(is->state & IPPP_CONNECT))
806                 return 0;
807
808         lp = is->lp;
809
810         /* -> push it directly to the lowlevel interface */
811
812         if (!lp)
813                 printk(KERN_DEBUG "isdn_ppp_write: lp == NULL\n");
814         else {
815                 /*
816                  * Don't reset huptimer for
817                  * LCP packets. (Echo requests).
818                  */
819                 if (copy_from_user(protobuf, buf, 4))
820                         return -EFAULT;
821                 proto = PPP_PROTOCOL(protobuf);
822                 if (proto != PPP_LCP)
823                         lp->huptimer = 0;
824
825                 if (lp->isdn_device < 0 || lp->isdn_channel < 0)
826                         return 0;
827
828                 if ((dev->drv[lp->isdn_device]->flags & DRV_FLAG_RUNNING) &&
829                         lp->dialstate == 0 &&
830                     (lp->flags & ISDN_NET_CONNECTED)) {
831                         unsigned short hl;
832                         struct sk_buff *skb;
833                         /*
834                          * we need to reserve enought space in front of
835                          * sk_buff. old call to dev_alloc_skb only reserved
836                          * 16 bytes, now we are looking what the driver want
837                          */
838                         hl = dev->drv[lp->isdn_device]->interface->hl_hdrlen;
839                         skb = alloc_skb(hl+count, GFP_ATOMIC);
840                         if (!skb) {
841                                 printk(KERN_WARNING "isdn_ppp_write: out of memory!\n");
842                                 return count;
843                         }
844                         skb_reserve(skb, hl);
845                         if (copy_from_user(skb_put(skb, count), buf, count))
846                         {
847                                 kfree_skb(skb);
848                                 return -EFAULT;
849                         }
850                         if (is->debug & 0x40) {
851                                 printk(KERN_DEBUG "ppp xmit: len %d\n", (int) skb->len);
852                                 isdn_ppp_frame_log("xmit", skb->data, skb->len, 32,is->unit,lp->ppp_slot);
853                         }
854
855                         isdn_ppp_send_ccp(lp->netdev,lp,skb); /* keeps CCP/compression states in sync */
856
857                         isdn_net_write_super(lp, skb);
858                 }
859         }
860         return count;
861 }
862
863 /*
864  * init memory, structures etc.
865  */
866
867 int
868 isdn_ppp_init(void)
869 {
870         int i,
871          j;
872          
873 #ifdef CONFIG_ISDN_MPP
874         if( isdn_ppp_mp_bundle_array_init() < 0 )
875                 return -ENOMEM;
876 #endif /* CONFIG_ISDN_MPP */
877
878         for (i = 0; i < ISDN_MAX_CHANNELS; i++) {
879                 if (!(ippp_table[i] = (struct ippp_struct *)
880                       kmalloc(sizeof(struct ippp_struct), GFP_KERNEL))) {
881                         printk(KERN_WARNING "isdn_ppp_init: Could not alloc ippp_table\n");
882                         for (j = 0; j < i; j++)
883                                 kfree(ippp_table[j]);
884                         return -1;
885                 }
886                 memset((char *) ippp_table[i], 0, sizeof(struct ippp_struct));
887                 spin_lock_init(&ippp_table[i]->buflock);
888                 ippp_table[i]->state = 0;
889                 ippp_table[i]->first = ippp_table[i]->rq + NUM_RCV_BUFFS - 1;
890                 ippp_table[i]->last = ippp_table[i]->rq;
891
892                 for (j = 0; j < NUM_RCV_BUFFS; j++) {
893                         ippp_table[i]->rq[j].buf = NULL;
894                         ippp_table[i]->rq[j].last = ippp_table[i]->rq +
895                             (NUM_RCV_BUFFS + j - 1) % NUM_RCV_BUFFS;
896                         ippp_table[i]->rq[j].next = ippp_table[i]->rq + (j + 1) % NUM_RCV_BUFFS;
897                 }
898         }
899         return 0;
900 }
901
902 void
903 isdn_ppp_cleanup(void)
904 {
905         int i;
906
907         for (i = 0; i < ISDN_MAX_CHANNELS; i++)
908                 kfree(ippp_table[i]);
909
910 #ifdef CONFIG_ISDN_MPP
911         kfree(isdn_ppp_bundle_arr);
912 #endif /* CONFIG_ISDN_MPP */
913
914 }
915
916 /*
917  * check for address/control field and skip if allowed
918  * retval != 0 -> discard packet silently
919  */
920 static int isdn_ppp_skip_ac(struct ippp_struct *is, struct sk_buff *skb) 
921 {
922         if (skb->len < 1)
923                 return -1;
924
925         if (skb->data[0] == 0xff) {
926                 if (skb->len < 2)
927                         return -1;
928
929                 if (skb->data[1] != 0x03)
930                         return -1;
931
932                 // skip address/control (AC) field
933                 skb_pull(skb, 2);
934         } else { 
935                 if (is->pppcfg & SC_REJ_COMP_AC)
936                         // if AC compression was not negotiated, but used, discard packet
937                         return -1;
938         }
939         return 0;
940 }
941
942 /*
943  * get the PPP protocol header and pull skb
944  * retval < 0 -> discard packet silently
945  */
946 static int isdn_ppp_strip_proto(struct sk_buff *skb) 
947 {
948         int proto;
949         
950         if (skb->len < 1)
951                 return -1;
952
953         if (skb->data[0] & 0x1) {
954                 // protocol field is compressed
955                 proto = skb->data[0];
956                 skb_pull(skb, 1);
957         } else {
958                 if (skb->len < 2)
959                         return -1;
960                 proto = ((int) skb->data[0] << 8) + skb->data[1];
961                 skb_pull(skb, 2);
962         }
963         return proto;
964 }
965
966
967 /*
968  * handler for incoming packets on a syncPPP interface
969  */
970 void isdn_ppp_receive(isdn_net_dev * net_dev, isdn_net_local * lp, struct sk_buff *skb)
971 {
972         struct ippp_struct *is;
973         int slot;
974         int proto;
975
976         if (net_dev->local->master)
977                 BUG(); // we're called with the master device always
978
979         slot = lp->ppp_slot;
980         if (slot < 0 || slot >= ISDN_MAX_CHANNELS) {
981                 printk(KERN_ERR "isdn_ppp_receive: lp->ppp_slot(%d)\n",
982                         lp->ppp_slot);
983                 kfree_skb(skb);
984                 return;
985         }
986         is = ippp_table[slot];
987
988         if (is->debug & 0x4) {
989                 printk(KERN_DEBUG "ippp_receive: is:%08lx lp:%08lx slot:%d unit:%d len:%d\n",
990                        (long)is,(long)lp,lp->ppp_slot,is->unit,(int) skb->len);
991                 isdn_ppp_frame_log("receive", skb->data, skb->len, 32,is->unit,lp->ppp_slot);
992         }
993
994         if (isdn_ppp_skip_ac(is, skb) < 0) {
995                 kfree_skb(skb);
996                 return;
997         }
998         proto = isdn_ppp_strip_proto(skb);
999         if (proto < 0) {
1000                 kfree_skb(skb);
1001                 return;
1002         }
1003   
1004 #ifdef CONFIG_ISDN_MPP
1005         if (is->compflags & SC_LINK_DECOMP_ON) {
1006                 skb = isdn_ppp_decompress(skb, is, NULL, &proto);
1007                 if (!skb) // decompression error
1008                         return;
1009         }
1010         
1011         if (!(is->mpppcfg & SC_REJ_MP_PROT)) { // we agreed to receive MPPP
1012                 if (proto == PPP_MP) {
1013                         isdn_ppp_mp_receive(net_dev, lp, skb);
1014                         return;
1015                 }
1016         } 
1017 #endif
1018         isdn_ppp_push_higher(net_dev, lp, skb, proto);
1019 }
1020
1021 /*
1022  * we receive a reassembled frame, MPPP has been taken care of before.
1023  * address/control and protocol have been stripped from the skb
1024  * note: net_dev has to be master net_dev
1025  */
1026 static void
1027 isdn_ppp_push_higher(isdn_net_dev * net_dev, isdn_net_local * lp, struct sk_buff *skb, int proto)
1028 {
1029         struct net_device *dev = &net_dev->dev;
1030         struct ippp_struct *is, *mis;
1031         isdn_net_local *mlp = NULL;
1032         int slot;
1033
1034         slot = lp->ppp_slot;
1035         if (slot < 0 || slot >= ISDN_MAX_CHANNELS) {
1036                 printk(KERN_ERR "isdn_ppp_push_higher: lp->ppp_slot(%d)\n",
1037                         lp->ppp_slot);
1038                 goto drop_packet;
1039         }
1040         is = ippp_table[slot];
1041         
1042         if (lp->master) { // FIXME?
1043                 mlp = (isdn_net_local *) lp->master->priv;
1044                 slot = mlp->ppp_slot;
1045                 if (slot < 0 || slot > ISDN_MAX_CHANNELS) {
1046                         printk(KERN_ERR "isdn_ppp_push_higher: master->ppp_slot(%d)\n",
1047                                 lp->ppp_slot);
1048                         goto drop_packet;
1049                 }
1050         }
1051         mis = ippp_table[slot];
1052
1053         if (is->debug & 0x10) {
1054                 printk(KERN_DEBUG "push, skb %d %04x\n", (int) skb->len, proto);
1055                 isdn_ppp_frame_log("rpush", skb->data, skb->len, 32,is->unit,lp->ppp_slot);
1056         }
1057         if (mis->compflags & SC_DECOMP_ON) {
1058                 skb = isdn_ppp_decompress(skb, is, mis, &proto);
1059                 if (!skb) // decompression error
1060                         return;
1061         }
1062         switch (proto) {
1063                 case PPP_IPX:  /* untested */
1064                         if (is->debug & 0x20)
1065                                 printk(KERN_DEBUG "isdn_ppp: IPX\n");
1066                         skb->protocol = htons(ETH_P_IPX);
1067                         break;
1068                 case PPP_IP:
1069                         if (is->debug & 0x20)
1070                                 printk(KERN_DEBUG "isdn_ppp: IP\n");
1071                         skb->protocol = htons(ETH_P_IP);
1072                         break;
1073                 case PPP_COMP:
1074                 case PPP_COMPFRAG:
1075                         printk(KERN_INFO "isdn_ppp: unexpected compressed frame dropped\n");
1076                         goto drop_packet;
1077 #ifdef CONFIG_ISDN_PPP_VJ
1078                 case PPP_VJC_UNCOMP:
1079                         if (is->debug & 0x20)
1080                                 printk(KERN_DEBUG "isdn_ppp: VJC_UNCOMP\n");
1081                         if (net_dev->local->ppp_slot < 0) {
1082                                 printk(KERN_ERR "%s: net_dev->local->ppp_slot(%d) out of range\n",
1083                                         __FUNCTION__, net_dev->local->ppp_slot);
1084                                 goto drop_packet;
1085                         }
1086                         if (slhc_remember(ippp_table[net_dev->local->ppp_slot]->slcomp, skb->data, skb->len) <= 0) {
1087                                 printk(KERN_WARNING "isdn_ppp: received illegal VJC_UNCOMP frame!\n");
1088                                 goto drop_packet;
1089                         }
1090                         skb->protocol = htons(ETH_P_IP);
1091                         break;
1092                 case PPP_VJC_COMP:
1093                         if (is->debug & 0x20)
1094                                 printk(KERN_DEBUG "isdn_ppp: VJC_COMP\n");
1095                         {
1096                                 struct sk_buff *skb_old = skb;
1097                                 int pkt_len;
1098                                 skb = dev_alloc_skb(skb_old->len + 128);
1099
1100                                 if (!skb) {
1101                                         printk(KERN_WARNING "%s: Memory squeeze, dropping packet.\n", dev->name);
1102                                         skb = skb_old;
1103                                         goto drop_packet;
1104                                 }
1105                                 skb_put(skb, skb_old->len + 128);
1106                                 memcpy(skb->data, skb_old->data, skb_old->len);
1107                                 if (net_dev->local->ppp_slot < 0) {
1108                                         printk(KERN_ERR "%s: net_dev->local->ppp_slot(%d) out of range\n",
1109                                                 __FUNCTION__, net_dev->local->ppp_slot);
1110                                         goto drop_packet;
1111                                 }
1112                                 pkt_len = slhc_uncompress(ippp_table[net_dev->local->ppp_slot]->slcomp,
1113                                                 skb->data, skb_old->len);
1114                                 kfree_skb(skb_old);
1115                                 if (pkt_len < 0)
1116                                         goto drop_packet;
1117
1118                                 skb_trim(skb, pkt_len);
1119                                 skb->protocol = htons(ETH_P_IP);
1120                         }
1121                         break;
1122 #endif
1123                 case PPP_CCP:
1124                 case PPP_CCPFRAG:
1125                         isdn_ppp_receive_ccp(net_dev,lp,skb,proto);
1126                         /* Dont pop up ResetReq/Ack stuff to the daemon any
1127                            longer - the job is done already */
1128                         if(skb->data[0] == CCP_RESETREQ ||
1129                            skb->data[0] == CCP_RESETACK)
1130                                 break;
1131                         /* fall through */
1132                 default:
1133                         isdn_ppp_fill_rq(skb->data, skb->len, proto, lp->ppp_slot);     /* push data to pppd device */
1134                         kfree_skb(skb);
1135                         return;
1136         }
1137
1138 #ifdef CONFIG_IPPP_FILTER
1139         /* check if the packet passes the pass and active filters
1140          * the filter instructions are constructed assuming
1141          * a four-byte PPP header on each packet (which is still present) */
1142         skb_push(skb, 4);
1143
1144         {
1145                 u_int16_t *p = (u_int16_t *) skb->data;
1146
1147                 *p = 0; /* indicate inbound */
1148         }
1149
1150         if (is->pass_filter
1151             && sk_run_filter(skb, is->pass_filter, is->pass_len) == 0) {
1152                 if (is->debug & 0x2)
1153                         printk(KERN_DEBUG "IPPP: inbound frame filtered.\n");
1154                 kfree_skb(skb);
1155                 return;
1156         }
1157         if (!(is->active_filter
1158               && sk_run_filter(skb, is->active_filter,
1159                                is->active_len) == 0)) {
1160                 if (is->debug & 0x2)
1161                         printk(KERN_DEBUG "IPPP: link-active filter: reseting huptimer.\n");
1162                 lp->huptimer = 0;
1163                 if (mlp)
1164                         mlp->huptimer = 0;
1165         }
1166         skb_pull(skb, 4);
1167 #else /* CONFIG_IPPP_FILTER */
1168         lp->huptimer = 0;
1169         if (mlp)
1170                 mlp->huptimer = 0;
1171 #endif /* CONFIG_IPPP_FILTER */
1172         skb->dev = dev;
1173         skb->mac.raw = skb->data;
1174         netif_rx(skb);
1175         /* net_dev->local->stats.rx_packets++; done in isdn_net.c */
1176         return;
1177
1178  drop_packet:
1179         net_dev->local->stats.rx_dropped++;
1180         kfree_skb(skb);
1181 }
1182
1183 /*
1184  * isdn_ppp_skb_push ..
1185  * checks whether we have enough space at the beginning of the skb
1186  * and allocs a new SKB if necessary
1187  */
1188 static unsigned char *isdn_ppp_skb_push(struct sk_buff **skb_p,int len)
1189 {
1190         struct sk_buff *skb = *skb_p;
1191
1192         if(skb_headroom(skb) < len) {
1193                 struct sk_buff *nskb = skb_realloc_headroom(skb, len);
1194
1195                 if (!nskb) {
1196                         printk(KERN_ERR "isdn_ppp_skb_push: can't realloc headroom!\n");
1197                         dev_kfree_skb(skb);
1198                         return NULL;
1199                 }
1200                 printk(KERN_DEBUG "isdn_ppp_skb_push:under %d %d\n",skb_headroom(skb),len);
1201                 dev_kfree_skb(skb);
1202                 *skb_p = nskb;
1203                 return skb_push(nskb, len);
1204         }
1205         return skb_push(skb,len);
1206 }
1207
1208 /*
1209  * send ppp frame .. we expect a PIDCOMPressable proto --
1210  *  (here: currently always PPP_IP,PPP_VJC_COMP,PPP_VJC_UNCOMP)
1211  *
1212  * VJ compression may change skb pointer!!! .. requeue with old
1213  * skb isn't allowed!!
1214  */
1215
1216 int
1217 isdn_ppp_xmit(struct sk_buff *skb, struct net_device *netdev)
1218 {
1219         isdn_net_local *lp,*mlp;
1220         isdn_net_dev *nd;
1221         unsigned int proto = PPP_IP;     /* 0x21 */
1222         struct ippp_struct *ipt,*ipts;
1223         int slot, retval = 0;
1224
1225         mlp = (isdn_net_local *) (netdev->priv);
1226         nd = mlp->netdev;       /* get master lp */
1227
1228         slot = mlp->ppp_slot;
1229         if (slot < 0 || slot >= ISDN_MAX_CHANNELS) {
1230                 printk(KERN_ERR "isdn_ppp_xmit: lp->ppp_slot(%d)\n",
1231                         mlp->ppp_slot);
1232                 kfree_skb(skb);
1233                 goto out;
1234         }
1235         ipts = ippp_table[slot];
1236
1237         if (!(ipts->pppcfg & SC_ENABLE_IP)) {   /* PPP connected ? */
1238                 if (ipts->debug & 0x1)
1239                         printk(KERN_INFO "%s: IP frame delayed.\n", netdev->name);
1240                 retval = 1;
1241                 goto out;
1242         }
1243
1244         switch (ntohs(skb->protocol)) {
1245                 case ETH_P_IP:
1246                         proto = PPP_IP;
1247                         break;
1248                 case ETH_P_IPX:
1249                         proto = PPP_IPX;        /* untested */
1250                         break;
1251                 default:
1252                         printk(KERN_ERR "isdn_ppp: skipped unsupported protocol: %#x.\n", 
1253                                skb->protocol);
1254                         dev_kfree_skb(skb);
1255                         goto out;
1256         }
1257
1258         lp = isdn_net_get_locked_lp(nd);
1259         if (!lp) {
1260                 printk(KERN_WARNING "%s: all channels busy - requeuing!\n", netdev->name);
1261                 retval = 1;
1262                 goto out;
1263         }
1264         /* we have our lp locked from now on */
1265
1266         slot = lp->ppp_slot;
1267         if (slot < 0 || slot > ISDN_MAX_CHANNELS) {
1268                 printk(KERN_ERR "isdn_ppp_xmit: lp->ppp_slot(%d)\n",
1269                         lp->ppp_slot);
1270                 kfree_skb(skb);
1271                 goto unlock;
1272         }
1273         ipt = ippp_table[slot];
1274
1275         /*
1276          * after this line .. requeueing in the device queue is no longer allowed!!!
1277          */
1278
1279         /* Pull off the fake header we stuck on earlier to keep
1280          * the fragmentation code happy.
1281          */
1282         skb_pull(skb,IPPP_MAX_HEADER);
1283
1284 #ifdef CONFIG_IPPP_FILTER
1285         /* check if we should pass this packet
1286          * the filter instructions are constructed assuming
1287          * a four-byte PPP header on each packet */
1288         *skb_push(skb, 4) = 1; /* indicate outbound */
1289
1290         {
1291                 u_int16_t *p = (u_int16_t *) skb->data;
1292
1293                 p++;
1294                 *p   = htons(proto);
1295         }
1296
1297         if (ipt->pass_filter
1298             && sk_run_filter(skb, ipt->pass_filter, ipt->pass_len) == 0) {
1299                 if (ipt->debug & 0x4)
1300                         printk(KERN_DEBUG "IPPP: outbound frame filtered.\n");
1301                 kfree_skb(skb);
1302                 goto unlock;
1303         }
1304         if (!(ipt->active_filter
1305               && sk_run_filter(skb, ipt->active_filter,
1306                                ipt->active_len) == 0)) {
1307                 if (ipt->debug & 0x4)
1308                         printk(KERN_DEBUG "IPPP: link-active filter: reseting huptimer.\n");
1309                 lp->huptimer = 0;
1310         }
1311         skb_pull(skb, 4);
1312 #else /* CONFIG_IPPP_FILTER */
1313         lp->huptimer = 0;
1314 #endif /* CONFIG_IPPP_FILTER */
1315
1316         if (ipt->debug & 0x4)
1317                 printk(KERN_DEBUG "xmit skb, len %d\n", (int) skb->len);
1318         if (ipts->debug & 0x40)
1319                 isdn_ppp_frame_log("xmit0", skb->data, skb->len, 32,ipts->unit,lp->ppp_slot);
1320
1321 #ifdef CONFIG_ISDN_PPP_VJ
1322         if (proto == PPP_IP && ipts->pppcfg & SC_COMP_TCP) {    /* ipts here? probably yes, but check this again */
1323                 struct sk_buff *new_skb;
1324                 unsigned short hl;
1325                 /*
1326                  * we need to reserve enought space in front of
1327                  * sk_buff. old call to dev_alloc_skb only reserved
1328                  * 16 bytes, now we are looking what the driver want.
1329                  */
1330                 hl = dev->drv[lp->isdn_device]->interface->hl_hdrlen + IPPP_MAX_HEADER;
1331                 /* 
1332                  * Note: hl might still be insufficient because the method
1333                  * above does not account for a possibible MPPP slave channel
1334                  * which had larger HL header space requirements than the
1335                  * master.
1336                  */
1337                 new_skb = alloc_skb(hl+skb->len, GFP_ATOMIC);
1338                 if (new_skb) {
1339                         u_char *buf;
1340                         int pktlen;
1341
1342                         skb_reserve(new_skb, hl);
1343                         new_skb->dev = skb->dev;
1344                         skb_put(new_skb, skb->len);
1345                         buf = skb->data;
1346
1347                         pktlen = slhc_compress(ipts->slcomp, skb->data, skb->len, new_skb->data,
1348                                  &buf, !(ipts->pppcfg & SC_NO_TCP_CCID));
1349
1350                         if (buf != skb->data) { 
1351                                 if (new_skb->data != buf)
1352                                         printk(KERN_ERR "isdn_ppp: FATAL error after slhc_compress!!\n");
1353                                 dev_kfree_skb(skb);
1354                                 skb = new_skb;
1355                         } else {
1356                                 dev_kfree_skb(new_skb);
1357                         }
1358
1359                         skb_trim(skb, pktlen);
1360                         if (skb->data[0] & SL_TYPE_COMPRESSED_TCP) {    /* cslip? style -> PPP */
1361                                 proto = PPP_VJC_COMP;
1362                                 skb->data[0] ^= SL_TYPE_COMPRESSED_TCP;
1363                         } else {
1364                                 if (skb->data[0] >= SL_TYPE_UNCOMPRESSED_TCP)
1365                                         proto = PPP_VJC_UNCOMP;
1366                                 skb->data[0] = (skb->data[0] & 0x0f) | 0x40;
1367                         }
1368                 }
1369         }
1370 #endif
1371
1372         /*
1373          * normal (single link) or bundle compression
1374          */
1375         if(ipts->compflags & SC_COMP_ON) {
1376                 /* We send compressed only if both down- und upstream
1377                    compression is negotiated, that means, CCP is up */
1378                 if(ipts->compflags & SC_DECOMP_ON) {
1379                         skb = isdn_ppp_compress(skb,&proto,ipt,ipts,0);
1380                 } else {
1381                         printk(KERN_DEBUG "isdn_ppp: CCP not yet up - sending as-is\n");
1382                 }
1383         }
1384
1385         if (ipt->debug & 0x24)
1386                 printk(KERN_DEBUG "xmit2 skb, len %d, proto %04x\n", (int) skb->len, proto);
1387
1388 #ifdef CONFIG_ISDN_MPP
1389         if (ipt->mpppcfg & SC_MP_PROT) {
1390                 /* we get mp_seqno from static isdn_net_local */
1391                 long mp_seqno = ipts->mp_seqno;
1392                 ipts->mp_seqno++;
1393                 if (ipt->mpppcfg & SC_OUT_SHORT_SEQ) {
1394                         unsigned char *data = isdn_ppp_skb_push(&skb, 3);
1395                         if(!data)
1396                                 goto unlock;
1397                         mp_seqno &= 0xfff;
1398                         data[0] = MP_BEGIN_FRAG | MP_END_FRAG | ((mp_seqno >> 8) & 0xf);        /* (B)egin & (E)ndbit .. */
1399                         data[1] = mp_seqno & 0xff;
1400                         data[2] = proto;        /* PID compression */
1401                 } else {
1402                         unsigned char *data = isdn_ppp_skb_push(&skb, 5);
1403                         if(!data)
1404                                 goto unlock;
1405                         data[0] = MP_BEGIN_FRAG | MP_END_FRAG;  /* (B)egin & (E)ndbit .. */
1406                         data[1] = (mp_seqno >> 16) & 0xff;      /* sequence number: 24bit */
1407                         data[2] = (mp_seqno >> 8) & 0xff;
1408                         data[3] = (mp_seqno >> 0) & 0xff;
1409                         data[4] = proto;        /* PID compression */
1410                 }
1411                 proto = PPP_MP; /* MP Protocol, 0x003d */
1412         }
1413 #endif
1414
1415         /*
1416          * 'link in bundle' compression  ...
1417          */
1418         if(ipt->compflags & SC_LINK_COMP_ON)
1419                 skb = isdn_ppp_compress(skb,&proto,ipt,ipts,1);
1420
1421         if( (ipt->pppcfg & SC_COMP_PROT) && (proto <= 0xff) ) {
1422                 unsigned char *data = isdn_ppp_skb_push(&skb,1);
1423                 if(!data)
1424                         goto unlock;
1425                 data[0] = proto & 0xff;
1426         }
1427         else {
1428                 unsigned char *data = isdn_ppp_skb_push(&skb,2);
1429                 if(!data)
1430                         goto unlock;
1431                 data[0] = (proto >> 8) & 0xff;
1432                 data[1] = proto & 0xff;
1433         }
1434         if(!(ipt->pppcfg & SC_COMP_AC)) {
1435                 unsigned char *data = isdn_ppp_skb_push(&skb,2);
1436                 if(!data)
1437                         goto unlock;
1438                 data[0] = 0xff;    /* All Stations */
1439                 data[1] = 0x03;    /* Unnumbered information */
1440         }
1441
1442         /* tx-stats are now updated via BSENT-callback */
1443
1444         if (ipts->debug & 0x40) {
1445                 printk(KERN_DEBUG "skb xmit: len: %d\n", (int) skb->len);
1446                 isdn_ppp_frame_log("xmit", skb->data, skb->len, 32,ipt->unit,lp->ppp_slot);
1447         }
1448         
1449         isdn_net_writebuf_skb(lp, skb);
1450
1451  unlock:
1452         spin_unlock_bh(&lp->xmit_lock);
1453  out:
1454         return retval;
1455 }
1456
1457 #ifdef CONFIG_IPPP_FILTER
1458 /*
1459  * check if this packet may trigger auto-dial.
1460  */
1461
1462 int isdn_ppp_autodial_filter(struct sk_buff *skb, isdn_net_local *lp)
1463 {
1464         struct ippp_struct *is = ippp_table[lp->ppp_slot];
1465         u_int16_t proto;
1466         int drop = 0;
1467
1468         switch (ntohs(skb->protocol)) {
1469         case ETH_P_IP:
1470                 proto = PPP_IP;
1471                 break;
1472         case ETH_P_IPX:
1473                 proto = PPP_IPX;
1474                 break;
1475         default:
1476                 printk(KERN_ERR "isdn_ppp_autodial_filter: unsupported protocol 0x%x.\n",
1477                        skb->protocol);
1478                 return 1;
1479         }
1480
1481         /* the filter instructions are constructed assuming
1482          * a four-byte PPP header on each packet. we have to
1483          * temporarily remove part of the fake header stuck on
1484          * earlier.
1485          */
1486         *skb_pull(skb, IPPP_MAX_HEADER - 4) = 1; /* indicate outbound */
1487
1488         {
1489                 u_int16_t *p = (u_int16_t *) skb->data;
1490
1491                 p++;
1492                 *p   = htons(proto);
1493         }
1494         
1495         drop |= is->pass_filter
1496                 && sk_run_filter(skb, is->pass_filter, is->pass_len) == 0;
1497         drop |= is->active_filter
1498                 && sk_run_filter(skb, is->active_filter, is->active_len) == 0;
1499         
1500         skb_push(skb, IPPP_MAX_HEADER - 4);
1501         return drop;
1502 }
1503 #endif
1504 #ifdef CONFIG_ISDN_MPP
1505
1506 /* this is _not_ rfc1990 header, but something we convert both short and long
1507  * headers to for convinience's sake:
1508  *      byte 0 is flags as in rfc1990
1509  *      bytes 1...4 is 24-bit seqence number converted to host byte order 
1510  */
1511 #define MP_HEADER_LEN   5
1512
1513 #define MP_LONGSEQ_MASK         0x00ffffff
1514 #define MP_SHORTSEQ_MASK        0x00000fff
1515 #define MP_LONGSEQ_MAX          MP_LONGSEQ_MASK
1516 #define MP_SHORTSEQ_MAX         MP_SHORTSEQ_MASK
1517 #define MP_LONGSEQ_MAXBIT       ((MP_LONGSEQ_MASK+1)>>1)
1518 #define MP_SHORTSEQ_MAXBIT      ((MP_SHORTSEQ_MASK+1)>>1)
1519
1520 /* sequence-wrap safe comparisions (for long sequence)*/ 
1521 #define MP_LT(a,b)      ((a-b)&MP_LONGSEQ_MAXBIT)
1522 #define MP_LE(a,b)      !((b-a)&MP_LONGSEQ_MAXBIT)
1523 #define MP_GT(a,b)      ((b-a)&MP_LONGSEQ_MAXBIT)
1524 #define MP_GE(a,b)      !((a-b)&MP_LONGSEQ_MAXBIT)
1525
1526 #define MP_SEQ(f)       ((*(u32*)(f->data+1)))
1527 #define MP_FLAGS(f)     (f->data[0])
1528
1529 static int isdn_ppp_mp_bundle_array_init(void)
1530 {
1531         int i;
1532         int sz = ISDN_MAX_CHANNELS*sizeof(ippp_bundle);
1533         if( (isdn_ppp_bundle_arr = (ippp_bundle*)kmalloc(sz, 
1534                                                         GFP_KERNEL)) == NULL )
1535                 return -ENOMEM;
1536         memset(isdn_ppp_bundle_arr, 0, sz);
1537         for( i = 0; i < ISDN_MAX_CHANNELS; i++ )
1538                 spin_lock_init(&isdn_ppp_bundle_arr[i].lock);
1539         return 0;
1540 }
1541
1542 static ippp_bundle * isdn_ppp_mp_bundle_alloc(void)
1543 {
1544         int i;
1545         for( i = 0; i < ISDN_MAX_CHANNELS; i++ )
1546                 if (isdn_ppp_bundle_arr[i].ref_ct <= 0)
1547                         return (isdn_ppp_bundle_arr + i);
1548         return NULL;
1549 }
1550
1551 static int isdn_ppp_mp_init( isdn_net_local * lp, ippp_bundle * add_to )
1552 {
1553         struct ippp_struct * is;
1554
1555         if (lp->ppp_slot < 0) {
1556                 printk(KERN_ERR "%s: lp->ppp_slot(%d) out of range\n",
1557                         __FUNCTION__, lp->ppp_slot);
1558                 return(-EINVAL);
1559         }
1560
1561         is = ippp_table[lp->ppp_slot];
1562         if (add_to) {
1563                 if( lp->netdev->pb )
1564                         lp->netdev->pb->ref_ct--;
1565                 lp->netdev->pb = add_to;
1566         } else {                /* first link in a bundle */
1567                 is->mp_seqno = 0;
1568                 if ((lp->netdev->pb = isdn_ppp_mp_bundle_alloc()) == NULL)
1569                         return -ENOMEM;
1570                 lp->next = lp->last = lp;       /* nobody else in a queue */
1571                 lp->netdev->pb->frags = NULL;
1572                 lp->netdev->pb->frames = 0;
1573                 lp->netdev->pb->seq = UINT_MAX;
1574         }
1575         lp->netdev->pb->ref_ct++;
1576         
1577         is->last_link_seqno = 0;
1578         return 0;
1579 }
1580
1581 static u32 isdn_ppp_mp_get_seq( int short_seq, 
1582                                         struct sk_buff * skb, u32 last_seq );
1583 static struct sk_buff * isdn_ppp_mp_discard( ippp_bundle * mp,
1584                         struct sk_buff * from, struct sk_buff * to );
1585 static void isdn_ppp_mp_reassembly( isdn_net_dev * net_dev, isdn_net_local * lp,
1586                                 struct sk_buff * from, struct sk_buff * to );
1587 static void isdn_ppp_mp_free_skb( ippp_bundle * mp, struct sk_buff * skb );
1588 static void isdn_ppp_mp_print_recv_pkt( int slot, struct sk_buff * skb );
1589
1590 static void isdn_ppp_mp_receive(isdn_net_dev * net_dev, isdn_net_local * lp, 
1591                                                         struct sk_buff *skb)
1592 {
1593         struct ippp_struct *is;
1594         isdn_net_local * lpq;
1595         ippp_bundle * mp;
1596         isdn_mppp_stats * stats;
1597         struct sk_buff * newfrag, * frag, * start, *nextf;
1598         u32 newseq, minseq, thisseq;
1599         unsigned long flags;
1600         int slot;
1601
1602         spin_lock_irqsave(&net_dev->pb->lock, flags);
1603         mp = net_dev->pb;
1604         stats = &mp->stats;
1605         slot = lp->ppp_slot;
1606         if (slot < 0 || slot > ISDN_MAX_CHANNELS) {
1607                 printk(KERN_ERR "%s: lp->ppp_slot(%d)\n",
1608                         __FUNCTION__, lp->ppp_slot);
1609                 stats->frame_drops++;
1610                 dev_kfree_skb(skb);
1611                 spin_unlock_irqrestore(&mp->lock, flags);
1612                 return;
1613         }
1614         is = ippp_table[slot];
1615         if( ++mp->frames > stats->max_queue_len )
1616                 stats->max_queue_len = mp->frames;
1617         
1618         if (is->debug & 0x8)
1619                 isdn_ppp_mp_print_recv_pkt(lp->ppp_slot, skb);
1620
1621         newseq = isdn_ppp_mp_get_seq(is->mpppcfg & SC_IN_SHORT_SEQ, 
1622                                                 skb, is->last_link_seqno);
1623
1624
1625         /* if this packet seq # is less than last already processed one,
1626          * toss it right away, but check for sequence start case first 
1627          */
1628         if( mp->seq > MP_LONGSEQ_MAX && (newseq & MP_LONGSEQ_MAXBIT) ) {
1629                 mp->seq = newseq;       /* the first packet: required for
1630                                          * rfc1990 non-compliant clients --
1631                                          * prevents constant packet toss */
1632         } else if( MP_LT(newseq, mp->seq) ) {
1633                 stats->frame_drops++;
1634                 isdn_ppp_mp_free_skb(mp, skb);
1635                 spin_unlock_irqrestore(&mp->lock, flags);
1636                 return;
1637         }
1638         
1639         /* find the minimum received sequence number over all links */
1640         is->last_link_seqno = minseq = newseq;
1641         for (lpq = net_dev->queue;;) {
1642                 slot = lpq->ppp_slot;
1643                 if (slot < 0 || slot > ISDN_MAX_CHANNELS) {
1644                         printk(KERN_ERR "%s: lpq->ppp_slot(%d)\n",
1645                                 __FUNCTION__, lpq->ppp_slot);
1646                 } else {
1647                         u32 lls = ippp_table[slot]->last_link_seqno;
1648                         if (MP_LT(lls, minseq))
1649                                 minseq = lls;
1650                 }
1651                 if ((lpq = lpq->next) == net_dev->queue)
1652                         break;
1653         }
1654         if (MP_LT(minseq, mp->seq))
1655                 minseq = mp->seq;       /* can't go beyond already processed
1656                                          * packets */
1657         newfrag = skb;
1658
1659         /* if this new fragment is before the first one, then enqueue it now. */
1660         if ((frag = mp->frags) == NULL || MP_LT(newseq, MP_SEQ(frag))) {
1661                 newfrag->next = frag;
1662                 mp->frags = frag = newfrag;
1663                 newfrag = NULL;
1664         }
1665
1666         start = MP_FLAGS(frag) & MP_BEGIN_FRAG &&
1667                                 MP_SEQ(frag) == mp->seq ? frag : NULL;
1668
1669         /* 
1670          * main fragment traversing loop
1671          *
1672          * try to accomplish several tasks:
1673          * - insert new fragment into the proper sequence slot (once that's done
1674          *   newfrag will be set to NULL)
1675          * - reassemble any complete fragment sequence (non-null 'start'
1676          *   indicates there is a continguous sequence present)
1677          * - discard any incomplete sequences that are below minseq -- due
1678          *   to the fact that sender always increment sequence number, if there
1679          *   is an incomplete sequence below minseq, no new fragments would
1680          *   come to complete such sequence and it should be discarded
1681          *
1682          * loop completes when we accomplished the following tasks:
1683          * - new fragment is inserted in the proper sequence ('newfrag' is 
1684          *   set to NULL)
1685          * - we hit a gap in the sequence, so no reassembly/processing is 
1686          *   possible ('start' would be set to NULL)
1687          *
1688          * algorightm for this code is derived from code in the book
1689          * 'PPP Design And Debugging' by James Carlson (Addison-Wesley)
1690          */
1691         while (start != NULL || newfrag != NULL) {
1692
1693                 thisseq = MP_SEQ(frag);
1694                 nextf = frag->next;
1695
1696                 /* drop any duplicate fragments */
1697                 if (newfrag != NULL && thisseq == newseq) {
1698                         isdn_ppp_mp_free_skb(mp, newfrag);
1699                         newfrag = NULL;
1700                 }
1701
1702                 /* insert new fragment before next element if possible. */
1703                 if (newfrag != NULL && (nextf == NULL || 
1704                                                 MP_LT(newseq, MP_SEQ(nextf)))) {
1705                         newfrag->next = nextf;
1706                         frag->next = nextf = newfrag;
1707                         newfrag = NULL;
1708                 }
1709
1710                 if (start != NULL) {
1711                         /* check for misplaced start */
1712                         if (start != frag && (MP_FLAGS(frag) & MP_BEGIN_FRAG)) {
1713                                 printk(KERN_WARNING"isdn_mppp(seq %d): new "
1714                                       "BEGIN flag with no prior END", thisseq);
1715                                 stats->seqerrs++;
1716                                 stats->frame_drops++;
1717                                 start = isdn_ppp_mp_discard(mp, start,frag);
1718                                 nextf = frag->next;
1719                         }
1720                 } else if (MP_LE(thisseq, minseq)) {            
1721                         if (MP_FLAGS(frag) & MP_BEGIN_FRAG)
1722                                 start = frag;
1723                         else {
1724                                 if (MP_FLAGS(frag) & MP_END_FRAG)
1725                                         stats->frame_drops++;
1726                                 if( mp->frags == frag )
1727                                         mp->frags = nextf;      
1728                                 isdn_ppp_mp_free_skb(mp, frag);
1729                                 frag = nextf;
1730                                 continue;
1731                         }
1732                 }
1733                 
1734                 /* if start is non-null and we have end fragment, then
1735                  * we have full reassembly sequence -- reassemble 
1736                  * and process packet now
1737                  */
1738                 if (start != NULL && (MP_FLAGS(frag) & MP_END_FRAG)) {
1739                         minseq = mp->seq = (thisseq+1) & MP_LONGSEQ_MASK;
1740                         /* Reassemble the packet then dispatch it */
1741                         isdn_ppp_mp_reassembly(net_dev, lp, start, nextf);
1742       
1743                         start = NULL;
1744                         frag = NULL;
1745
1746                         mp->frags = nextf;
1747                 }
1748
1749                 /* check if need to update start pointer: if we just
1750                  * reassembled the packet and sequence is contiguous
1751                  * then next fragment should be the start of new reassembly
1752                  * if sequence is contiguous, but we haven't reassembled yet,
1753                  * keep going.
1754                  * if sequence is not contiguous, either clear everyting
1755                  * below low watermark and set start to the next frag or
1756                  * clear start ptr.
1757                  */ 
1758                 if (nextf != NULL && 
1759                     ((thisseq+1) & MP_LONGSEQ_MASK) == MP_SEQ(nextf)) {
1760                         /* if we just reassembled and the next one is here, 
1761                          * then start another reassembly. */
1762
1763                         if (frag == NULL) {
1764                                 if (MP_FLAGS(nextf) & MP_BEGIN_FRAG)
1765                                         start = nextf;
1766                                 else
1767                                 {
1768                                         printk(KERN_WARNING"isdn_mppp(seq %d):"
1769                                                 " END flag with no following "
1770                                                 "BEGIN", thisseq);
1771                                         stats->seqerrs++;
1772                                 }
1773                         }
1774
1775                 } else {
1776                         if ( nextf != NULL && frag != NULL &&
1777                                                 MP_LT(thisseq, minseq)) {
1778                                 /* we've got a break in the sequence
1779                                  * and we not at the end yet
1780                                  * and we did not just reassembled
1781                                  *(if we did, there wouldn't be anything before)
1782                                  * and we below the low watermark 
1783                                  * discard all the frames below low watermark 
1784                                  * and start over */
1785                                 stats->frame_drops++;
1786                                 mp->frags = isdn_ppp_mp_discard(mp,start,nextf);
1787                         }
1788                         /* break in the sequence, no reassembly */
1789                         start = NULL;
1790                 }
1791                                 
1792                 frag = nextf;
1793         }       /* while -- main loop */
1794         
1795         if (mp->frags == NULL)
1796                 mp->frags = frag;
1797                 
1798         /* rather straighforward way to deal with (not very) possible 
1799          * queue overflow */
1800         if (mp->frames > MP_MAX_QUEUE_LEN) {
1801                 stats->overflows++;
1802                 while (mp->frames > MP_MAX_QUEUE_LEN) {
1803                         frag = mp->frags->next;
1804                         isdn_ppp_mp_free_skb(mp, mp->frags);
1805                         mp->frags = frag;
1806                 }
1807         }
1808         spin_unlock_irqrestore(&mp->lock, flags);
1809 }
1810
1811 static void isdn_ppp_mp_cleanup( isdn_net_local * lp )
1812 {
1813         struct sk_buff * frag = lp->netdev->pb->frags;
1814         struct sk_buff * nextfrag;
1815         while( frag ) {
1816                 nextfrag = frag->next;
1817                 isdn_ppp_mp_free_skb(lp->netdev->pb, frag);
1818                 frag = nextfrag;
1819         }
1820         lp->netdev->pb->frags = NULL;
1821 }
1822
1823 static u32 isdn_ppp_mp_get_seq( int short_seq, 
1824                                         struct sk_buff * skb, u32 last_seq )
1825 {
1826         u32 seq;
1827         int flags = skb->data[0] & (MP_BEGIN_FRAG | MP_END_FRAG);
1828    
1829         if( !short_seq )
1830         {
1831                 seq = ntohl(*(u32*)skb->data) & MP_LONGSEQ_MASK;
1832                 skb_push(skb,1);
1833         }
1834         else
1835         {
1836                 /* convert 12-bit short seq number to 24-bit long one 
1837                 */
1838                 seq = ntohs(*(u16*)skb->data) & MP_SHORTSEQ_MASK;
1839         
1840                 /* check for seqence wrap */
1841                 if( !(seq &  MP_SHORTSEQ_MAXBIT) && 
1842                      (last_seq &  MP_SHORTSEQ_MAXBIT) && 
1843                      (unsigned long)last_seq <= MP_LONGSEQ_MAX )
1844                         seq |= (last_seq + MP_SHORTSEQ_MAX+1) & 
1845                                         (~MP_SHORTSEQ_MASK & MP_LONGSEQ_MASK);
1846                 else
1847                         seq |= last_seq & (~MP_SHORTSEQ_MASK & MP_LONGSEQ_MASK);
1848                 
1849                 skb_push(skb, 3);       /* put converted seqence back in skb */
1850         }
1851         *(u32*)(skb->data+1) = seq;     /* put seqence back in _host_ byte
1852                                          * order */
1853         skb->data[0] = flags;           /* restore flags */
1854         return seq;
1855 }
1856
1857 struct sk_buff * isdn_ppp_mp_discard( ippp_bundle * mp,
1858                         struct sk_buff * from, struct sk_buff * to )
1859 {
1860         if( from )
1861                 while (from != to) {
1862                         struct sk_buff * next = from->next;
1863                         isdn_ppp_mp_free_skb(mp, from);
1864                         from = next;
1865                 }
1866         return from;
1867 }
1868
1869 void isdn_ppp_mp_reassembly( isdn_net_dev * net_dev, isdn_net_local * lp,
1870                                 struct sk_buff * from, struct sk_buff * to )
1871 {
1872         ippp_bundle * mp = net_dev->pb;
1873         int proto;
1874         struct sk_buff * skb;
1875         unsigned int tot_len;
1876
1877         if (lp->ppp_slot < 0 || lp->ppp_slot >= ISDN_MAX_CHANNELS) {
1878                 printk(KERN_ERR "%s: lp->ppp_slot(%d) out of range\n",
1879                         __FUNCTION__, lp->ppp_slot);
1880                 return;
1881         }
1882         if( MP_FLAGS(from) == (MP_BEGIN_FRAG | MP_END_FRAG) ) {
1883                 if( ippp_table[lp->ppp_slot]->debug & 0x40 )
1884                         printk(KERN_DEBUG "isdn_mppp: reassembly: frame %d, "
1885                                         "len %d\n", MP_SEQ(from), from->len );
1886                 skb = from;
1887                 skb_pull(skb, MP_HEADER_LEN);
1888                 mp->frames--;   
1889         } else {
1890                 struct sk_buff * frag;
1891                 int n;
1892
1893                 for(tot_len=n=0, frag=from; frag != to; frag=frag->next, n++)
1894                         tot_len += frag->len - MP_HEADER_LEN;
1895
1896                 if( ippp_table[lp->ppp_slot]->debug & 0x40 )
1897                         printk(KERN_DEBUG"isdn_mppp: reassembling frames %d "
1898                                 "to %d, len %d\n", MP_SEQ(from), 
1899                                 (MP_SEQ(from)+n-1) & MP_LONGSEQ_MASK, tot_len );
1900                 if( (skb = dev_alloc_skb(tot_len)) == NULL ) {
1901                         printk(KERN_ERR "isdn_mppp: cannot allocate sk buff "
1902                                         "of size %d\n", tot_len);
1903                         isdn_ppp_mp_discard(mp, from, to);
1904                         return;
1905                 }
1906
1907                 while( from != to ) {
1908                         unsigned int len = from->len - MP_HEADER_LEN;
1909
1910                         memcpy(skb_put(skb,len), from->data+MP_HEADER_LEN, len);
1911                         frag = from->next;
1912                         isdn_ppp_mp_free_skb(mp, from);
1913                         from = frag; 
1914                 }
1915         }
1916         proto = isdn_ppp_strip_proto(skb);
1917         isdn_ppp_push_higher(net_dev, lp, skb, proto);
1918 }
1919
1920 static void isdn_ppp_mp_free_skb(ippp_bundle * mp, struct sk_buff * skb)
1921 {
1922         dev_kfree_skb(skb);
1923         mp->frames--;
1924 }
1925
1926 static void isdn_ppp_mp_print_recv_pkt( int slot, struct sk_buff * skb )
1927 {
1928         printk(KERN_DEBUG "mp_recv: %d/%d -> %02x %02x %02x %02x %02x %02x\n", 
1929                 slot, (int) skb->len, 
1930                 (int) skb->data[0], (int) skb->data[1], (int) skb->data[2],
1931                 (int) skb->data[3], (int) skb->data[4], (int) skb->data[5]);
1932 }
1933
1934 static int
1935 isdn_ppp_bundle(struct ippp_struct *is, int unit)
1936 {
1937         char ifn[IFNAMSIZ + 1];
1938         isdn_net_dev *p;
1939         isdn_net_local *lp, *nlp;
1940         int rc;
1941         unsigned long flags;
1942
1943         sprintf(ifn, "ippp%d", unit);
1944         p = isdn_net_findif(ifn);
1945         if (!p) {
1946                 printk(KERN_ERR "ippp_bundle: cannot find %s\n", ifn);
1947                 return -EINVAL;
1948         }
1949
1950         spin_lock_irqsave(&p->pb->lock, flags);
1951
1952         nlp = is->lp;
1953         lp = p->queue;
1954         if( nlp->ppp_slot < 0 || nlp->ppp_slot >= ISDN_MAX_CHANNELS ||
1955                 lp->ppp_slot < 0 || lp->ppp_slot >= ISDN_MAX_CHANNELS ) {
1956                 printk(KERN_ERR "ippp_bundle: binding to invalid slot %d\n",
1957                         nlp->ppp_slot < 0 || nlp->ppp_slot >= ISDN_MAX_CHANNELS ? 
1958                         nlp->ppp_slot : lp->ppp_slot );
1959                 rc = -EINVAL;
1960                 goto out;
1961         }
1962
1963         isdn_net_add_to_bundle(p, nlp);
1964
1965         ippp_table[nlp->ppp_slot]->unit = ippp_table[lp->ppp_slot]->unit;
1966
1967         /* maybe also SC_CCP stuff */
1968         ippp_table[nlp->ppp_slot]->pppcfg |= ippp_table[lp->ppp_slot]->pppcfg &
1969                 (SC_ENABLE_IP | SC_NO_TCP_CCID | SC_REJ_COMP_TCP);
1970         ippp_table[nlp->ppp_slot]->mpppcfg |= ippp_table[lp->ppp_slot]->mpppcfg &
1971                 (SC_MP_PROT | SC_REJ_MP_PROT | SC_OUT_SHORT_SEQ | SC_IN_SHORT_SEQ);
1972         rc = isdn_ppp_mp_init(nlp, p->pb);
1973 out:
1974         spin_unlock_irqrestore(&p->pb->lock, flags);
1975         return rc;
1976 }
1977   
1978 #endif /* CONFIG_ISDN_MPP */
1979   
1980 /*
1981  * network device ioctl handlers
1982  */
1983
1984 static int
1985 isdn_ppp_dev_ioctl_stats(int slot, struct ifreq *ifr, struct net_device *dev)
1986 {
1987         struct ppp_stats __user *res = ifr->ifr_data;
1988         struct ppp_stats t;
1989         isdn_net_local *lp = (isdn_net_local *) dev->priv;
1990
1991         if (!access_ok(VERIFY_WRITE, res, sizeof(struct ppp_stats)))
1992                 return -EFAULT;
1993
1994         /* build a temporary stat struct and copy it to user space */
1995
1996         memset(&t, 0, sizeof(struct ppp_stats));
1997         if (dev->flags & IFF_UP) {
1998                 t.p.ppp_ipackets = lp->stats.rx_packets;
1999                 t.p.ppp_ibytes = lp->stats.rx_bytes;
2000                 t.p.ppp_ierrors = lp->stats.rx_errors;
2001                 t.p.ppp_opackets = lp->stats.tx_packets;
2002                 t.p.ppp_obytes = lp->stats.tx_bytes;
2003                 t.p.ppp_oerrors = lp->stats.tx_errors;
2004 #ifdef CONFIG_ISDN_PPP_VJ
2005                 if (slot >= 0 && ippp_table[slot]->slcomp) {
2006                         struct slcompress *slcomp = ippp_table[slot]->slcomp;
2007                         t.vj.vjs_packets = slcomp->sls_o_compressed + slcomp->sls_o_uncompressed;
2008                         t.vj.vjs_compressed = slcomp->sls_o_compressed;
2009                         t.vj.vjs_searches = slcomp->sls_o_searches;
2010                         t.vj.vjs_misses = slcomp->sls_o_misses;
2011                         t.vj.vjs_errorin = slcomp->sls_i_error;
2012                         t.vj.vjs_tossed = slcomp->sls_i_tossed;
2013                         t.vj.vjs_uncompressedin = slcomp->sls_i_uncompressed;
2014                         t.vj.vjs_compressedin = slcomp->sls_i_compressed;
2015                 }
2016 #endif
2017         }
2018         if (copy_to_user(res, &t, sizeof(struct ppp_stats)))
2019                 return -EFAULT;
2020         return 0;
2021 }
2022
2023 int
2024 isdn_ppp_dev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
2025 {
2026         int error=0;
2027         int len;
2028         isdn_net_local *lp = (isdn_net_local *) dev->priv;
2029
2030
2031         if (lp->p_encap != ISDN_NET_ENCAP_SYNCPPP)
2032                 return -EINVAL;
2033
2034         switch (cmd) {
2035 #define PPP_VERSION "2.3.7"
2036                 case SIOCGPPPVER:
2037                         len = strlen(PPP_VERSION) + 1;
2038                         if (copy_to_user(ifr->ifr_data, PPP_VERSION, len))
2039                                 error = -EFAULT;
2040                         break;
2041
2042                 case SIOCGPPPSTATS:
2043                         error = isdn_ppp_dev_ioctl_stats(lp->ppp_slot, ifr, dev);
2044                         break;
2045                 default:
2046                         error = -EINVAL;
2047                         break;
2048         }
2049         return error;
2050 }
2051
2052 static int
2053 isdn_ppp_if_get_unit(char *name)
2054 {
2055         int len,
2056          i,
2057          unit = 0,
2058          deci;
2059
2060         len = strlen(name);
2061
2062         if (strncmp("ippp", name, 4) || len > 8)
2063                 return -1;
2064
2065         for (i = 0, deci = 1; i < len; i++, deci *= 10) {
2066                 char a = name[len - i - 1];
2067                 if (a >= '0' && a <= '9')
2068                         unit += (a - '0') * deci;
2069                 else
2070                         break;
2071         }
2072         if (!i || len - i != 4)
2073                 unit = -1;
2074
2075         return unit;
2076 }
2077
2078
2079 int
2080 isdn_ppp_dial_slave(char *name)
2081 {
2082 #ifdef CONFIG_ISDN_MPP
2083         isdn_net_dev *ndev;
2084         isdn_net_local *lp;
2085         struct net_device *sdev;
2086
2087         if (!(ndev = isdn_net_findif(name)))
2088                 return 1;
2089         lp = ndev->local;
2090         if (!(lp->flags & ISDN_NET_CONNECTED))
2091                 return 5;
2092
2093         sdev = lp->slave;
2094         while (sdev) {
2095                 isdn_net_local *mlp = (isdn_net_local *) sdev->priv;
2096                 if (!(mlp->flags & ISDN_NET_CONNECTED))
2097                         break;
2098                 sdev = mlp->slave;
2099         }
2100         if (!sdev)
2101                 return 2;
2102
2103         isdn_net_dial_req((isdn_net_local *) sdev->priv);
2104         return 0;
2105 #else
2106         return -1;
2107 #endif
2108 }
2109
2110 int
2111 isdn_ppp_hangup_slave(char *name)
2112 {
2113 #ifdef CONFIG_ISDN_MPP
2114         isdn_net_dev *ndev;
2115         isdn_net_local *lp;
2116         struct net_device *sdev;
2117
2118         if (!(ndev = isdn_net_findif(name)))
2119                 return 1;
2120         lp = ndev->local;
2121         if (!(lp->flags & ISDN_NET_CONNECTED))
2122                 return 5;
2123
2124         sdev = lp->slave;
2125         while (sdev) {
2126                 isdn_net_local *mlp = (isdn_net_local *) sdev->priv;
2127
2128                 if (mlp->slave) { /* find last connected link in chain */
2129                         isdn_net_local *nlp = (isdn_net_local *) mlp->slave->priv;
2130
2131                         if (!(nlp->flags & ISDN_NET_CONNECTED))
2132                                 break;
2133                 } else if (mlp->flags & ISDN_NET_CONNECTED)
2134                         break;
2135                 
2136                 sdev = mlp->slave;
2137         }
2138         if (!sdev)
2139                 return 2;
2140
2141         isdn_net_hangup(sdev);
2142         return 0;
2143 #else
2144         return -1;
2145 #endif
2146 }
2147
2148 /*
2149  * PPP compression stuff
2150  */
2151
2152
2153 /* Push an empty CCP Data Frame up to the daemon to wake it up and let it
2154    generate a CCP Reset-Request or tear down CCP altogether */
2155
2156 static void isdn_ppp_ccp_kickup(struct ippp_struct *is)
2157 {
2158         isdn_ppp_fill_rq(NULL, 0, PPP_COMP, is->lp->ppp_slot);
2159 }
2160
2161 /* In-kernel handling of CCP Reset-Request and Reset-Ack is necessary,
2162    but absolutely nontrivial. The most abstruse problem we are facing is
2163    that the generation, reception and all the handling of timeouts and
2164    resends including proper request id management should be entirely left
2165    to the (de)compressor, but indeed is not covered by the current API to
2166    the (de)compressor. The API is a prototype version from PPP where only
2167    some (de)compressors have yet been implemented and all of them are
2168    rather simple in their reset handling. Especially, their is only one
2169    outstanding ResetAck at a time with all of them and ResetReq/-Acks do
2170    not have parameters. For this very special case it was sufficient to
2171    just return an error code from the decompressor and have a single
2172    reset() entry to communicate all the necessary information between
2173    the framework and the (de)compressor. Bad enough, LZS is different
2174    (and any other compressor may be different, too). It has multiple
2175    histories (eventually) and needs to Reset each of them independently
2176    and thus uses multiple outstanding Acks and history numbers as an
2177    additional parameter to Reqs/Acks.
2178    All that makes it harder to port the reset state engine into the
2179    kernel because it is not just the same simple one as in (i)pppd but
2180    it must be able to pass additional parameters and have multiple out-
2181    standing Acks. We are trying to achieve the impossible by handling
2182    reset transactions independent by their id. The id MUST change when
2183    the data portion changes, thus any (de)compressor who uses more than
2184    one resettable state must provide and recognize individual ids for
2185    each individual reset transaction. The framework itself does _only_
2186    differentiate them by id, because it has no other semantics like the
2187    (de)compressor might.
2188    This looks like a major redesign of the interface would be nice,
2189    but I don't have an idea how to do it better. */
2190
2191 /* Send a CCP Reset-Request or Reset-Ack directly from the kernel. This is
2192    getting that lengthy because there is no simple "send-this-frame-out"
2193    function above but every wrapper does a bit different. Hope I guess
2194    correct in this hack... */
2195
2196 static void isdn_ppp_ccp_xmit_reset(struct ippp_struct *is, int proto,
2197                                     unsigned char code, unsigned char id,
2198                                     unsigned char *data, int len)
2199 {
2200         struct sk_buff *skb;
2201         unsigned char *p;
2202         int hl;
2203         int cnt = 0;
2204         isdn_net_local *lp = is->lp;
2205
2206         /* Alloc large enough skb */
2207         hl = dev->drv[lp->isdn_device]->interface->hl_hdrlen;
2208         skb = alloc_skb(len + hl + 16,GFP_ATOMIC);
2209         if(!skb) {
2210                 printk(KERN_WARNING
2211                        "ippp: CCP cannot send reset - out of memory\n");
2212                 return;
2213         }
2214         skb_reserve(skb, hl);
2215
2216         /* We may need to stuff an address and control field first */
2217         if(!(is->pppcfg & SC_COMP_AC)) {
2218                 p = skb_put(skb, 2);
2219                 *p++ = 0xff;
2220                 *p++ = 0x03;
2221         }
2222
2223         /* Stuff proto, code, id and length */
2224         p = skb_put(skb, 6);
2225         *p++ = (proto >> 8);
2226         *p++ = (proto & 0xff);
2227         *p++ = code;
2228         *p++ = id;
2229         cnt = 4 + len;
2230         *p++ = (cnt >> 8);
2231         *p++ = (cnt & 0xff);
2232
2233         /* Now stuff remaining bytes */
2234         if(len) {
2235                 p = skb_put(skb, len);
2236                 memcpy(p, data, len);
2237         }
2238
2239         /* skb is now ready for xmit */
2240         printk(KERN_DEBUG "Sending CCP Frame:\n");
2241         isdn_ppp_frame_log("ccp-xmit", skb->data, skb->len, 32, is->unit,lp->ppp_slot);
2242
2243         isdn_net_write_super(lp, skb);
2244 }
2245
2246 /* Allocate the reset state vector */
2247 static struct ippp_ccp_reset *isdn_ppp_ccp_reset_alloc(struct ippp_struct *is)
2248 {
2249         struct ippp_ccp_reset *r;
2250         r = kmalloc(sizeof(struct ippp_ccp_reset), GFP_KERNEL);
2251         if(!r) {
2252                 printk(KERN_ERR "ippp_ccp: failed to allocate reset data"
2253                        " structure - no mem\n");
2254                 return NULL;
2255         }
2256         memset(r, 0, sizeof(struct ippp_ccp_reset));
2257         printk(KERN_DEBUG "ippp_ccp: allocated reset data structure %p\n", r);
2258         is->reset = r;
2259         return r;
2260 }
2261
2262 /* Destroy the reset state vector. Kill all pending timers first. */
2263 static void isdn_ppp_ccp_reset_free(struct ippp_struct *is)
2264 {
2265         unsigned int id;
2266
2267         printk(KERN_DEBUG "ippp_ccp: freeing reset data structure %p\n",
2268                is->reset);
2269         for(id = 0; id < 256; id++) {
2270                 if(is->reset->rs[id]) {
2271                         isdn_ppp_ccp_reset_free_state(is, (unsigned char)id);
2272                 }
2273         }
2274         kfree(is->reset);
2275         is->reset = NULL;
2276 }
2277
2278 /* Free a given state and clear everything up for later reallocation */
2279 static void isdn_ppp_ccp_reset_free_state(struct ippp_struct *is,
2280                                           unsigned char id)
2281 {
2282         struct ippp_ccp_reset_state *rs;
2283
2284         if(is->reset->rs[id]) {
2285                 printk(KERN_DEBUG "ippp_ccp: freeing state for id %d\n", id);
2286                 rs = is->reset->rs[id];
2287                 /* Make sure the kernel will not call back later */
2288                 if(rs->ta)
2289                         del_timer(&rs->timer);
2290                 is->reset->rs[id] = NULL;
2291                 kfree(rs);
2292         } else {
2293                 printk(KERN_WARNING "ippp_ccp: id %d is not allocated\n", id);
2294         }
2295 }
2296
2297 /* The timer callback function which is called when a ResetReq has timed out,
2298    aka has never been answered by a ResetAck */
2299 static void isdn_ppp_ccp_timer_callback(unsigned long closure)
2300 {
2301         struct ippp_ccp_reset_state *rs =
2302                 (struct ippp_ccp_reset_state *)closure;
2303
2304         if(!rs) {
2305                 printk(KERN_ERR "ippp_ccp: timer cb with zero closure.\n");
2306                 return;
2307         }
2308         if(rs->ta && rs->state == CCPResetSentReq) {
2309                 /* We are correct here */
2310                 if(!rs->expra) {
2311                         /* Hmm, there is no Ack really expected. We can clean
2312                            up the state now, it will be reallocated if the
2313                            decompressor insists on another reset */
2314                         rs->ta = 0;
2315                         isdn_ppp_ccp_reset_free_state(rs->is, rs->id);
2316                         return;
2317                 }
2318                 printk(KERN_DEBUG "ippp_ccp: CCP Reset timed out for id %d\n",
2319                        rs->id);
2320                 /* Push it again */
2321                 isdn_ppp_ccp_xmit_reset(rs->is, PPP_CCP, CCP_RESETREQ, rs->id,
2322                                         rs->data, rs->dlen);
2323                 /* Restart timer */
2324                 rs->timer.expires = jiffies + HZ*5;
2325                 add_timer(&rs->timer);
2326         } else {
2327                 printk(KERN_WARNING "ippp_ccp: timer cb in wrong state %d\n",
2328                        rs->state);
2329         }
2330 }
2331
2332 /* Allocate a new reset transaction state */
2333 static struct ippp_ccp_reset_state *isdn_ppp_ccp_reset_alloc_state(struct ippp_struct *is,
2334                                                       unsigned char id)
2335 {
2336         struct ippp_ccp_reset_state *rs;
2337         if(is->reset->rs[id]) {
2338                 printk(KERN_WARNING "ippp_ccp: old state exists for id %d\n",
2339                        id);
2340                 return NULL;
2341         } else {
2342                 rs = kmalloc(sizeof(struct ippp_ccp_reset_state), GFP_KERNEL);
2343                 if(!rs)
2344                         return NULL;
2345                 memset(rs, 0, sizeof(struct ippp_ccp_reset_state));
2346                 rs->state = CCPResetIdle;
2347                 rs->is = is;
2348                 rs->id = id;
2349                 rs->timer.data = (unsigned long)rs;
2350                 rs->timer.function = isdn_ppp_ccp_timer_callback;
2351                 is->reset->rs[id] = rs;
2352         }
2353         return rs;
2354 }
2355
2356
2357 /* A decompressor wants a reset with a set of parameters - do what is
2358    necessary to fulfill it */
2359 static void isdn_ppp_ccp_reset_trans(struct ippp_struct *is,
2360                                      struct isdn_ppp_resetparams *rp)
2361 {
2362         struct ippp_ccp_reset_state *rs;
2363
2364         if(rp->valid) {
2365                 /* The decompressor defines parameters by itself */
2366                 if(rp->rsend) {
2367                         /* And he wants us to send a request */
2368                         if(!(rp->idval)) {
2369                                 printk(KERN_ERR "ippp_ccp: decompressor must"
2370                                        " specify reset id\n");
2371                                 return;
2372                         }
2373                         if(is->reset->rs[rp->id]) {
2374                                 /* There is already a transaction in existence
2375                                    for this id. May be still waiting for a
2376                                    Ack or may be wrong. */
2377                                 rs = is->reset->rs[rp->id];
2378                                 if(rs->state == CCPResetSentReq && rs->ta) {
2379                                         printk(KERN_DEBUG "ippp_ccp: reset"
2380                                                " trans still in progress"
2381                                                " for id %d\n", rp->id);
2382                                 } else {
2383                                         printk(KERN_WARNING "ippp_ccp: reset"
2384                                                " trans in wrong state %d for"
2385                                                " id %d\n", rs->state, rp->id);
2386                                 }
2387                         } else {
2388                                 /* Ok, this is a new transaction */
2389                                 printk(KERN_DEBUG "ippp_ccp: new trans for id"
2390                                        " %d to be started\n", rp->id);
2391                                 rs = isdn_ppp_ccp_reset_alloc_state(is, rp->id);
2392                                 if(!rs) {
2393                                         printk(KERN_ERR "ippp_ccp: out of mem"
2394                                                " allocing ccp trans\n");
2395                                         return;
2396                                 }
2397                                 rs->state = CCPResetSentReq;
2398                                 rs->expra = rp->expra;
2399                                 if(rp->dtval) {
2400                                         rs->dlen = rp->dlen;
2401                                         memcpy(rs->data, rp->data, rp->dlen);
2402                                 }
2403                                 /* HACK TODO - add link comp here */
2404                                 isdn_ppp_ccp_xmit_reset(is, PPP_CCP,
2405                                                         CCP_RESETREQ, rs->id,
2406                                                         rs->data, rs->dlen);
2407                                 /* Start the timer */
2408                                 rs->timer.expires = jiffies + 5*HZ;
2409                                 add_timer(&rs->timer);
2410                                 rs->ta = 1;
2411                         }
2412                 } else {
2413                         printk(KERN_DEBUG "ippp_ccp: no reset sent\n");
2414                 }
2415         } else {
2416                 /* The reset params are invalid. The decompressor does not
2417                    care about them, so we just send the minimal requests
2418                    and increase ids only when an Ack is received for a
2419                    given id */
2420                 if(is->reset->rs[is->reset->lastid]) {
2421                         /* There is already a transaction in existence
2422                            for this id. May be still waiting for a
2423                            Ack or may be wrong. */
2424                         rs = is->reset->rs[is->reset->lastid];
2425                         if(rs->state == CCPResetSentReq && rs->ta) {
2426                                 printk(KERN_DEBUG "ippp_ccp: reset"
2427                                        " trans still in progress"
2428                                        " for id %d\n", rp->id);
2429                         } else {
2430                                 printk(KERN_WARNING "ippp_ccp: reset"
2431                                        " trans in wrong state %d for"
2432                                        " id %d\n", rs->state, rp->id);
2433                         }
2434                 } else {
2435                         printk(KERN_DEBUG "ippp_ccp: new trans for id"
2436                                " %d to be started\n", is->reset->lastid);
2437                         rs = isdn_ppp_ccp_reset_alloc_state(is,
2438                                                             is->reset->lastid);
2439                         if(!rs) {
2440                                 printk(KERN_ERR "ippp_ccp: out of mem"
2441                                        " allocing ccp trans\n");
2442                                 return;
2443                         }
2444                         rs->state = CCPResetSentReq;
2445                         /* We always expect an Ack if the decompressor doesn't
2446                            know better */
2447                         rs->expra = 1;
2448                         rs->dlen = 0;
2449                         /* HACK TODO - add link comp here */
2450                         isdn_ppp_ccp_xmit_reset(is, PPP_CCP, CCP_RESETREQ,
2451                                                 rs->id, NULL, 0);
2452                         /* Start the timer */
2453                         rs->timer.expires = jiffies + 5*HZ;
2454                         add_timer(&rs->timer);
2455                         rs->ta = 1;
2456                 }
2457         }
2458 }
2459
2460 /* An Ack was received for this id. This means we stop the timer and clean
2461    up the state prior to calling the decompressors reset routine. */
2462 static void isdn_ppp_ccp_reset_ack_rcvd(struct ippp_struct *is,
2463                                         unsigned char id)
2464 {
2465         struct ippp_ccp_reset_state *rs = is->reset->rs[id];
2466
2467         if(rs) {
2468                 if(rs->ta && rs->state == CCPResetSentReq) {
2469                         /* Great, we are correct */
2470                         if(!rs->expra)
2471                                 printk(KERN_DEBUG "ippp_ccp: ResetAck received"
2472                                        " for id %d but not expected\n", id);
2473                 } else {
2474                         printk(KERN_INFO "ippp_ccp: ResetAck received out of"
2475                                "sync for id %d\n", id);
2476                 }
2477                 if(rs->ta) {
2478                         rs->ta = 0;
2479                         del_timer(&rs->timer);
2480                 }
2481                 isdn_ppp_ccp_reset_free_state(is, id);
2482         } else {
2483                 printk(KERN_INFO "ippp_ccp: ResetAck received for unknown id"
2484                        " %d\n", id);
2485         }
2486         /* Make sure the simple reset stuff uses a new id next time */
2487         is->reset->lastid++;
2488 }
2489
2490 /* 
2491  * decompress packet
2492  *
2493  * if master = 0, we're trying to uncompress an per-link compressed packet,
2494  * as opposed to an compressed reconstructed-from-MPPP packet.
2495  * proto is updated to protocol field of uncompressed packet.
2496  *
2497  * retval: decompressed packet,
2498  *         same packet if uncompressed,
2499  *         NULL if decompression error
2500  */
2501
2502 static struct sk_buff *isdn_ppp_decompress(struct sk_buff *skb,struct ippp_struct *is,struct ippp_struct *master,
2503         int *proto)
2504 {
2505         void *stat = NULL;
2506         struct isdn_ppp_compressor *ipc = NULL;
2507         struct sk_buff *skb_out;
2508         int len;
2509         struct ippp_struct *ri;
2510         struct isdn_ppp_resetparams rsparm;
2511         unsigned char rsdata[IPPP_RESET_MAXDATABYTES];
2512
2513         if(!master) {
2514                 // per-link decompression 
2515                 stat = is->link_decomp_stat;
2516                 ipc = is->link_decompressor;
2517                 ri = is;
2518         } else {
2519                 stat = master->decomp_stat;
2520                 ipc = master->decompressor;
2521                 ri = master;
2522         }
2523
2524         if (!ipc) {
2525                 // no decompressor -> we can't decompress.
2526                 printk(KERN_DEBUG "ippp: no decompressor defined!\n");
2527                 return skb;
2528         }
2529         if (!stat) // if we have a compressor, stat has been set as well
2530                 BUG();
2531
2532         if((master && *proto == PPP_COMP) || (!master && *proto == PPP_COMPFRAG) ) {
2533                 // compressed packets are compressed by their protocol type
2534
2535                 // Set up reset params for the decompressor
2536                 memset(&rsparm, 0, sizeof(rsparm));
2537                 rsparm.data = rsdata;
2538                 rsparm.maxdlen = IPPP_RESET_MAXDATABYTES;
2539   
2540                 skb_out = dev_alloc_skb(is->mru + PPP_HDRLEN);
2541                 len = ipc->decompress(stat, skb, skb_out, &rsparm);
2542                 kfree_skb(skb);
2543                 if (len <= 0) {
2544                         switch(len) {
2545                         case DECOMP_ERROR:
2546                                 printk(KERN_INFO "ippp: decomp wants reset %s params\n",
2547                                        rsparm.valid ? "with" : "without");
2548                                 
2549                                 isdn_ppp_ccp_reset_trans(ri, &rsparm);
2550                                 break;
2551                         case DECOMP_FATALERROR:
2552                                 ri->pppcfg |= SC_DC_FERROR;
2553                                 /* Kick ipppd to recognize the error */
2554                                 isdn_ppp_ccp_kickup(ri);
2555                                 break;
2556                         }
2557                         kfree_skb(skb_out);
2558                         return NULL;
2559                 }
2560                 *proto = isdn_ppp_strip_proto(skb_out);
2561                 if (*proto < 0) {
2562                         kfree_skb(skb_out);
2563                         return NULL;
2564                 }
2565                 return skb_out;
2566         } else { 
2567                 // uncompressed packets are fed through the decompressor to
2568                 // update the decompressor state
2569                 ipc->incomp(stat, skb, *proto);
2570                 return skb;
2571         }
2572 }
2573
2574 /*
2575  * compress a frame 
2576  *   type=0: normal/bundle compression
2577  *       =1: link compression
2578  * returns original skb if we haven't compressed the frame
2579  * and a new skb pointer if we've done it
2580  */
2581 static struct sk_buff *isdn_ppp_compress(struct sk_buff *skb_in,int *proto,
2582         struct ippp_struct *is,struct ippp_struct *master,int type)
2583 {
2584     int ret;
2585     int new_proto;
2586     struct isdn_ppp_compressor *compressor;
2587     void *stat;
2588     struct sk_buff *skb_out;
2589
2590         /* we do not compress control protocols */
2591     if(*proto < 0 || *proto > 0x3fff) {
2592             return skb_in;
2593     }
2594
2595         if(type) { /* type=1 => Link compression */
2596                 return skb_in;
2597         }
2598         else {
2599                 if(!master) {
2600                         compressor = is->compressor;
2601                         stat = is->comp_stat;
2602                 }
2603                 else {
2604                         compressor = master->compressor;
2605                         stat = master->comp_stat;
2606                 }
2607                 new_proto = PPP_COMP;
2608         }
2609
2610         if(!compressor) {
2611                 printk(KERN_ERR "isdn_ppp: No compressor set!\n");
2612                 return skb_in;
2613         }
2614         if(!stat) {
2615                 printk(KERN_ERR "isdn_ppp: Compressor not initialized?\n");
2616                 return skb_in;
2617         }
2618
2619         /* Allow for at least 150 % expansion (for now) */
2620         skb_out = alloc_skb(skb_in->len + skb_in->len/2 + 32 +
2621                 skb_headroom(skb_in), GFP_ATOMIC);
2622         if(!skb_out)
2623                 return skb_in;
2624         skb_reserve(skb_out, skb_headroom(skb_in));
2625
2626         ret = (compressor->compress)(stat,skb_in,skb_out,*proto);
2627         if(!ret) {
2628                 dev_kfree_skb(skb_out);
2629                 return skb_in;
2630         }
2631         
2632         dev_kfree_skb(skb_in);
2633         *proto = new_proto;
2634         return skb_out;
2635 }
2636
2637 /*
2638  * we received a CCP frame .. 
2639  * not a clean solution, but we MUST handle a few cases in the kernel
2640  */
2641 static void isdn_ppp_receive_ccp(isdn_net_dev *net_dev, isdn_net_local *lp,
2642          struct sk_buff *skb,int proto)
2643 {
2644         struct ippp_struct *is;
2645         struct ippp_struct *mis;
2646         int len;
2647         struct isdn_ppp_resetparams rsparm;
2648         unsigned char rsdata[IPPP_RESET_MAXDATABYTES];  
2649
2650         printk(KERN_DEBUG "Received CCP frame from peer slot(%d)\n",
2651                 lp->ppp_slot);
2652         if (lp->ppp_slot < 0 || lp->ppp_slot > ISDN_MAX_CHANNELS) {
2653                 printk(KERN_ERR "%s: lp->ppp_slot(%d) out of range\n",
2654                         __FUNCTION__, lp->ppp_slot);
2655                 return;
2656         }
2657         is = ippp_table[lp->ppp_slot];
2658         isdn_ppp_frame_log("ccp-rcv", skb->data, skb->len, 32, is->unit,lp->ppp_slot);
2659
2660         if(lp->master) {
2661                 int slot = ((isdn_net_local *) (lp->master->priv))->ppp_slot;
2662                 if (slot < 0 || slot > ISDN_MAX_CHANNELS) {
2663                         printk(KERN_ERR "%s: slot(%d) out of range\n",
2664                                 __FUNCTION__, slot);
2665                         return;
2666                 }       
2667                 mis = ippp_table[slot];
2668         } else
2669                 mis = is;
2670
2671         switch(skb->data[0]) {
2672         case CCP_CONFREQ:
2673                 if(is->debug & 0x10)
2674                         printk(KERN_DEBUG "Disable compression here!\n");
2675                 if(proto == PPP_CCP)
2676                         mis->compflags &= ~SC_COMP_ON;          
2677                 else
2678                         is->compflags &= ~SC_LINK_COMP_ON;              
2679                 break;
2680         case CCP_TERMREQ:
2681         case CCP_TERMACK:
2682                 if(is->debug & 0x10)
2683                         printk(KERN_DEBUG "Disable (de)compression here!\n");
2684                 if(proto == PPP_CCP)
2685                         mis->compflags &= ~(SC_DECOMP_ON|SC_COMP_ON);           
2686                 else
2687                         is->compflags &= ~(SC_LINK_DECOMP_ON|SC_LINK_COMP_ON);          
2688                 break;
2689         case CCP_CONFACK:
2690                 /* if we RECEIVE an ackowledge we enable the decompressor */
2691                 if(is->debug & 0x10)
2692                         printk(KERN_DEBUG "Enable decompression here!\n");
2693                 if(proto == PPP_CCP) {
2694                         if (!mis->decompressor)
2695                                 break;
2696                         mis->compflags |= SC_DECOMP_ON;
2697                 } else {
2698                         if (!is->decompressor)
2699                                 break;
2700                         is->compflags |= SC_LINK_DECOMP_ON;
2701                 }
2702                 break;
2703
2704         case CCP_RESETACK:
2705                 printk(KERN_DEBUG "Received ResetAck from peer\n");
2706                 len = (skb->data[2] << 8) | skb->data[3];
2707                 len -= 4;
2708
2709                 if(proto == PPP_CCP) {
2710                         /* If a reset Ack was outstanding for this id, then
2711                            clean up the state engine */
2712                         isdn_ppp_ccp_reset_ack_rcvd(mis, skb->data[1]);
2713                         if(mis->decompressor && mis->decomp_stat)
2714                                 mis->decompressor->
2715                                         reset(mis->decomp_stat,
2716                                               skb->data[0],
2717                                               skb->data[1],
2718                                               len ? &skb->data[4] : NULL,
2719                                               len, NULL);
2720                         /* TODO: This is not easy to decide here */
2721                         mis->compflags &= ~SC_DECOMP_DISCARD;
2722                 }
2723                 else {
2724                         isdn_ppp_ccp_reset_ack_rcvd(is, skb->data[1]);
2725                         if(is->link_decompressor && is->link_decomp_stat)
2726                                 is->link_decompressor->
2727                                         reset(is->link_decomp_stat,
2728                                               skb->data[0],
2729                                               skb->data[1],
2730                                               len ? &skb->data[4] : NULL,
2731                                               len, NULL);
2732                         /* TODO: neither here */
2733                         is->compflags &= ~SC_LINK_DECOMP_DISCARD;
2734                 }
2735                 break;
2736
2737         case CCP_RESETREQ:
2738                 printk(KERN_DEBUG "Received ResetReq from peer\n");
2739                 /* Receiving a ResetReq means we must reset our compressor */
2740                 /* Set up reset params for the reset entry */
2741                 memset(&rsparm, 0, sizeof(rsparm));
2742                 rsparm.data = rsdata;
2743                 rsparm.maxdlen = IPPP_RESET_MAXDATABYTES; 
2744                 /* Isolate data length */
2745                 len = (skb->data[2] << 8) | skb->data[3];
2746                 len -= 4;
2747                 if(proto == PPP_CCP) {
2748                         if(mis->compressor && mis->comp_stat)
2749                                 mis->compressor->
2750                                         reset(mis->comp_stat,
2751                                               skb->data[0],
2752                                               skb->data[1],
2753                                               len ? &skb->data[4] : NULL,
2754                                               len, &rsparm);
2755                 }
2756                 else {
2757                         if(is->link_compressor && is->link_comp_stat)
2758                                 is->link_compressor->
2759                                         reset(is->link_comp_stat,
2760                                               skb->data[0],
2761                                               skb->data[1],
2762                                               len ? &skb->data[4] : NULL,
2763                                               len, &rsparm);
2764                 }
2765                 /* Ack the Req as specified by rsparm */
2766                 if(rsparm.valid) {
2767                         /* Compressor reset handler decided how to answer */
2768                         if(rsparm.rsend) {
2769                                 /* We should send a Frame */
2770                                 isdn_ppp_ccp_xmit_reset(is, proto, CCP_RESETACK,
2771                                                         rsparm.idval ? rsparm.id
2772                                                         : skb->data[1],
2773                                                         rsparm.dtval ?
2774                                                         rsparm.data : NULL,
2775                                                         rsparm.dtval ?
2776                                                         rsparm.dlen : 0);
2777                         } else {
2778                                 printk(KERN_DEBUG "ResetAck suppressed\n");
2779                         }
2780                 } else {
2781                         /* We answer with a straight reflected Ack */
2782                         isdn_ppp_ccp_xmit_reset(is, proto, CCP_RESETACK,
2783                                                 skb->data[1],
2784                                                 len ? &skb->data[4] : NULL,
2785                                                 len);
2786                 }
2787                 break;
2788         }
2789 }
2790
2791
2792 /*
2793  * Daemon sends a CCP frame ...
2794  */
2795
2796 /* TODO: Clean this up with new Reset semantics */
2797
2798 /* I believe the CCP handling as-is is done wrong. Compressed frames
2799  * should only be sent/received after CCP reaches UP state, which means
2800  * both sides have sent CONF_ACK. Currently, we handle both directions
2801  * independently, which means we may accept compressed frames too early
2802  * (supposedly not a problem), but may also mean we send compressed frames
2803  * too early, which may turn out to be a problem.
2804  * This part of state machine should actually be handled by (i)pppd, but
2805  * that's too big of a change now. --kai
2806  */
2807
2808 /* Actually, we might turn this into an advantage: deal with the RFC in
2809  * the old tradition of beeing generous on what we accept, but beeing
2810  * strict on what we send. Thus we should just
2811  * - accept compressed frames as soon as decompression is negotiated
2812  * - send compressed frames only when decomp *and* comp are negotiated
2813  * - drop rx compressed frames if we cannot decomp (instead of pushing them
2814  *   up to ipppd)
2815  * and I tried to modify this file according to that. --abp
2816  */
2817
2818 static void isdn_ppp_send_ccp(isdn_net_dev *net_dev, isdn_net_local *lp, struct sk_buff *skb)
2819 {
2820         struct ippp_struct *mis,*is;
2821         int proto, slot = lp->ppp_slot;
2822         unsigned char *data;
2823
2824         if(!skb || skb->len < 3)
2825                 return;
2826         if (slot < 0 || slot >= ISDN_MAX_CHANNELS) {
2827                 printk(KERN_ERR "%s: lp->ppp_slot(%d) out of range\n",
2828                         __FUNCTION__, slot);
2829                 return;
2830         }       
2831         is = ippp_table[slot];
2832         /* Daemon may send with or without address and control field comp */
2833         data = skb->data;
2834         if(!(is->pppcfg & SC_COMP_AC) && data[0] == 0xff && data[1] == 0x03) {
2835                 data += 2;
2836                 if(skb->len < 5)
2837                         return;
2838         }
2839
2840         proto = ((int)data[0]<<8)+data[1];
2841         if(proto != PPP_CCP && proto != PPP_CCPFRAG)
2842                 return;
2843
2844         printk(KERN_DEBUG "Received CCP frame from daemon:\n");
2845         isdn_ppp_frame_log("ccp-xmit", skb->data, skb->len, 32, is->unit,lp->ppp_slot);
2846
2847         if (lp->master) {
2848                 slot = ((isdn_net_local *) (lp->master->priv))->ppp_slot;
2849                 if (slot < 0 || slot > ISDN_MAX_CHANNELS) {
2850                         printk(KERN_ERR "%s: slot(%d) out of range\n",
2851                                 __FUNCTION__, slot);
2852                         return;
2853                 }       
2854                 mis = ippp_table[slot];
2855         } else
2856                 mis = is;
2857         if (mis != is)
2858                 printk(KERN_DEBUG "isdn_ppp: Ouch! Master CCP sends on slave slot!\n");
2859         
2860         switch(data[2]) {
2861         case CCP_CONFREQ:
2862                 if(is->debug & 0x10)
2863                         printk(KERN_DEBUG "Disable decompression here!\n");
2864                 if(proto == PPP_CCP)
2865                         is->compflags &= ~SC_DECOMP_ON;
2866                 else
2867                         is->compflags &= ~SC_LINK_DECOMP_ON;
2868                 break;
2869         case CCP_TERMREQ:
2870         case CCP_TERMACK:
2871                 if(is->debug & 0x10)
2872                         printk(KERN_DEBUG "Disable (de)compression here!\n");
2873                 if(proto == PPP_CCP)
2874                         is->compflags &= ~(SC_DECOMP_ON|SC_COMP_ON);
2875                 else
2876                         is->compflags &= ~(SC_LINK_DECOMP_ON|SC_LINK_COMP_ON);
2877                 break;
2878         case CCP_CONFACK:
2879                 /* if we SEND an ackowledge we can/must enable the compressor */
2880                 if(is->debug & 0x10)
2881                         printk(KERN_DEBUG "Enable compression here!\n");
2882                 if(proto == PPP_CCP) {
2883                         if (!is->compressor)
2884                                 break;
2885                         is->compflags |= SC_COMP_ON;
2886                 } else {
2887                         if (!is->compressor)
2888                                 break;
2889                         is->compflags |= SC_LINK_COMP_ON;
2890                 }
2891                 break;
2892         case CCP_RESETACK:
2893                 /* If we send a ACK we should reset our compressor */
2894                 if(is->debug & 0x10)
2895                         printk(KERN_DEBUG "Reset decompression state here!\n");
2896                 printk(KERN_DEBUG "ResetAck from daemon passed by\n");
2897                 if(proto == PPP_CCP) {
2898                         /* link to master? */
2899                         if(is->compressor && is->comp_stat)
2900                                 is->compressor->reset(is->comp_stat, 0, 0,
2901                                                       NULL, 0, NULL);
2902                         is->compflags &= ~SC_COMP_DISCARD;      
2903                 }
2904                 else {
2905                         if(is->link_compressor && is->link_comp_stat)
2906                                 is->link_compressor->reset(is->link_comp_stat,
2907                                                            0, 0, NULL, 0, NULL);
2908                         is->compflags &= ~SC_LINK_COMP_DISCARD; 
2909                 }
2910                 break;
2911         case CCP_RESETREQ:
2912                 /* Just let it pass by */
2913                 printk(KERN_DEBUG "ResetReq from daemon passed by\n");
2914                 break;
2915         }
2916 }
2917
2918 int isdn_ppp_register_compressor(struct isdn_ppp_compressor *ipc)
2919 {
2920         ipc->next = ipc_head;
2921         ipc->prev = NULL;
2922         if(ipc_head) {
2923                 ipc_head->prev = ipc;
2924         }
2925         ipc_head = ipc;
2926         return 0;
2927 }
2928
2929 int isdn_ppp_unregister_compressor(struct isdn_ppp_compressor *ipc)
2930 {
2931         if(ipc->prev)
2932                 ipc->prev->next = ipc->next;
2933         else
2934                 ipc_head = ipc->next;
2935         if(ipc->next)
2936                 ipc->next->prev = ipc->prev;
2937         ipc->prev = ipc->next = NULL;
2938         return 0;
2939 }
2940
2941 static int isdn_ppp_set_compressor(struct ippp_struct *is, struct isdn_ppp_comp_data *data)
2942 {
2943         struct isdn_ppp_compressor *ipc = ipc_head;
2944         int ret;
2945         void *stat;
2946         int num = data->num;
2947
2948         if(is->debug & 0x10)
2949                 printk(KERN_DEBUG "[%d] Set %s type %d\n",is->unit,
2950                         (data->flags&IPPP_COMP_FLAG_XMIT)?"compressor":"decompressor",num);
2951
2952         /* If is has no valid reset state vector, we cannot allocate a
2953            decompressor. The decompressor would cause reset transactions
2954            sooner or later, and they need that vector. */
2955
2956         if(!(data->flags & IPPP_COMP_FLAG_XMIT) && !is->reset) {
2957                 printk(KERN_ERR "ippp_ccp: no reset data structure - can't"
2958                        " allow decompression.\n");
2959                 return -ENOMEM;
2960         }
2961
2962         while(ipc) {
2963                 if(ipc->num == num) {
2964                         stat = ipc->alloc(data);
2965                         if(stat) {
2966                                 ret = ipc->init(stat,data,is->unit,0);
2967                                 if(!ret) {
2968                                         printk(KERN_ERR "Can't init (de)compression!\n");
2969                                         ipc->free(stat);
2970                                         stat = NULL;
2971                                         break;
2972                                 }
2973                         }
2974                         else {
2975                                 printk(KERN_ERR "Can't alloc (de)compression!\n");
2976                                 break;
2977                         }
2978
2979                         if(data->flags & IPPP_COMP_FLAG_XMIT) {
2980                                 if(data->flags & IPPP_COMP_FLAG_LINK) {
2981                                         if(is->link_comp_stat)
2982                                                 is->link_compressor->free(is->link_comp_stat);
2983                                         is->link_comp_stat = stat;
2984                                         is->link_compressor = ipc;
2985                                 }
2986                                 else {
2987                                         if(is->comp_stat)
2988                                                 is->compressor->free(is->comp_stat);
2989                                         is->comp_stat = stat;
2990                                         is->compressor = ipc;
2991                                 }
2992                         }
2993                         else {
2994                                 if(data->flags & IPPP_COMP_FLAG_LINK) {
2995                                         if(is->link_decomp_stat)
2996                                                 is->link_decompressor->free(is->link_decomp_stat);
2997                                         is->link_decomp_stat = stat;
2998                                         is->link_decompressor = ipc;
2999                                 }
3000                                 else {
3001                                         if(is->decomp_stat)
3002                                                 is->decompressor->free(is->decomp_stat);
3003                                         is->decomp_stat = stat;
3004                                         is->decompressor = ipc;
3005                                 }
3006                         }
3007                         return 0;
3008                 }
3009                 ipc = ipc->next;
3010         }
3011         return -EINVAL;
3012 }