[SCTP]: Fix NULL dereference of asoc.
[linux-2.6] / net / lapb / lapb_timer.c
1 /*
2  *      LAPB release 002
3  *
4  *      This code REQUIRES 2.1.15 or higher/ NET3.038
5  *
6  *      This module:
7  *              This module is free software; you can redistribute it and/or
8  *              modify it under the terms of the GNU General Public License
9  *              as published by the Free Software Foundation; either version
10  *              2 of the License, or (at your option) any later version.
11  *
12  *      History
13  *      LAPB 001        Jonathan Naylor Started Coding
14  *      LAPB 002        Jonathan Naylor New timer architecture.
15  */
16
17 #include <linux/errno.h>
18 #include <linux/types.h>
19 #include <linux/socket.h>
20 #include <linux/in.h>
21 #include <linux/kernel.h>
22 #include <linux/jiffies.h>
23 #include <linux/timer.h>
24 #include <linux/string.h>
25 #include <linux/sockios.h>
26 #include <linux/net.h>
27 #include <linux/inet.h>
28 #include <linux/skbuff.h>
29 #include <net/sock.h>
30 #include <asm/uaccess.h>
31 #include <asm/system.h>
32 #include <linux/fcntl.h>
33 #include <linux/mm.h>
34 #include <linux/interrupt.h>
35 #include <net/lapb.h>
36
37 static void lapb_t1timer_expiry(unsigned long);
38 static void lapb_t2timer_expiry(unsigned long);
39
40 void lapb_start_t1timer(struct lapb_cb *lapb)
41 {
42         del_timer(&lapb->t1timer);
43
44         lapb->t1timer.data     = (unsigned long)lapb;
45         lapb->t1timer.function = &lapb_t1timer_expiry;
46         lapb->t1timer.expires  = jiffies + lapb->t1;
47
48         add_timer(&lapb->t1timer);
49 }
50
51 void lapb_start_t2timer(struct lapb_cb *lapb)
52 {
53         del_timer(&lapb->t2timer);
54
55         lapb->t2timer.data     = (unsigned long)lapb;
56         lapb->t2timer.function = &lapb_t2timer_expiry;
57         lapb->t2timer.expires  = jiffies + lapb->t2;
58
59         add_timer(&lapb->t2timer);
60 }
61
62 void lapb_stop_t1timer(struct lapb_cb *lapb)
63 {
64         del_timer(&lapb->t1timer);
65 }
66
67 void lapb_stop_t2timer(struct lapb_cb *lapb)
68 {
69         del_timer(&lapb->t2timer);
70 }
71
72 int lapb_t1timer_running(struct lapb_cb *lapb)
73 {
74         return timer_pending(&lapb->t1timer);
75 }
76
77 static void lapb_t2timer_expiry(unsigned long param)
78 {
79         struct lapb_cb *lapb = (struct lapb_cb *)param;
80
81         if (lapb->condition & LAPB_ACK_PENDING_CONDITION) {
82                 lapb->condition &= ~LAPB_ACK_PENDING_CONDITION;
83                 lapb_timeout_response(lapb);
84         }
85 }
86
87 static void lapb_t1timer_expiry(unsigned long param)
88 {
89         struct lapb_cb *lapb = (struct lapb_cb *)param;
90
91         switch (lapb->state) {
92
93                 /*
94                  *      If we are a DCE, keep going DM .. DM .. DM
95                  */
96                 case LAPB_STATE_0:
97                         if (lapb->mode & LAPB_DCE)
98                                 lapb_send_control(lapb, LAPB_DM, LAPB_POLLOFF, LAPB_RESPONSE);
99                         break;
100
101                 /*
102                  *      Awaiting connection state, send SABM(E), up to N2 times.
103                  */
104                 case LAPB_STATE_1:
105                         if (lapb->n2count == lapb->n2) {
106                                 lapb_clear_queues(lapb);
107                                 lapb->state = LAPB_STATE_0;
108                                 lapb_disconnect_indication(lapb, LAPB_TIMEDOUT);
109 #if LAPB_DEBUG > 0
110                                 printk(KERN_DEBUG "lapb: (%p) S1 -> S0\n", lapb->dev);
111 #endif
112                                 return;
113                         } else {
114                                 lapb->n2count++;
115                                 if (lapb->mode & LAPB_EXTENDED) {
116 #if LAPB_DEBUG > 1
117                                         printk(KERN_DEBUG "lapb: (%p) S1 TX SABME(1)\n", lapb->dev);
118 #endif
119                                         lapb_send_control(lapb, LAPB_SABME, LAPB_POLLON, LAPB_COMMAND);
120                                 } else {
121 #if LAPB_DEBUG > 1
122                                         printk(KERN_DEBUG "lapb: (%p) S1 TX SABM(1)\n", lapb->dev);
123 #endif
124                                         lapb_send_control(lapb, LAPB_SABM, LAPB_POLLON, LAPB_COMMAND);
125                                 }
126                         }
127                         break;
128
129                 /*
130                  *      Awaiting disconnection state, send DISC, up to N2 times.
131                  */
132                 case LAPB_STATE_2:
133                         if (lapb->n2count == lapb->n2) {
134                                 lapb_clear_queues(lapb);
135                                 lapb->state = LAPB_STATE_0;
136                                 lapb_disconnect_confirmation(lapb, LAPB_TIMEDOUT);
137 #if LAPB_DEBUG > 0
138                                 printk(KERN_DEBUG "lapb: (%p) S2 -> S0\n", lapb->dev);
139 #endif
140                                 return;
141                         } else {
142                                 lapb->n2count++;
143 #if LAPB_DEBUG > 1
144                                 printk(KERN_DEBUG "lapb: (%p) S2 TX DISC(1)\n", lapb->dev);
145 #endif
146                                 lapb_send_control(lapb, LAPB_DISC, LAPB_POLLON, LAPB_COMMAND);
147                         }
148                         break;
149
150                 /*
151                  *      Data transfer state, restransmit I frames, up to N2 times.
152                  */
153                 case LAPB_STATE_3:
154                         if (lapb->n2count == lapb->n2) {
155                                 lapb_clear_queues(lapb);
156                                 lapb->state = LAPB_STATE_0;
157                                 lapb_stop_t2timer(lapb);
158                                 lapb_disconnect_indication(lapb, LAPB_TIMEDOUT);
159 #if LAPB_DEBUG > 0
160                                 printk(KERN_DEBUG "lapb: (%p) S3 -> S0\n", lapb->dev);
161 #endif
162                                 return;
163                         } else {
164                                 lapb->n2count++;
165                                 lapb_requeue_frames(lapb);
166                         }
167                         break;
168
169                 /*
170                  *      Frame reject state, restransmit FRMR frames, up to N2 times.
171                  */
172                 case LAPB_STATE_4:
173                         if (lapb->n2count == lapb->n2) {
174                                 lapb_clear_queues(lapb);
175                                 lapb->state = LAPB_STATE_0;
176                                 lapb_disconnect_indication(lapb, LAPB_TIMEDOUT);
177 #if LAPB_DEBUG > 0
178                                 printk(KERN_DEBUG "lapb: (%p) S4 -> S0\n", lapb->dev);
179 #endif
180                                 return;
181                         } else {
182                                 lapb->n2count++;
183                                 lapb_transmit_frmr(lapb);
184                         }
185                         break;
186         }
187
188         lapb_start_t1timer(lapb);
189 }