ppp_async.c source code [linux/drivers/net/ppp/ppp_async.c]

1	// SPDX-License-Identifier: GPL-2.0-or-later
2	/*
3	* PPP async serial channel driver for Linux.
4	*
5	* Copyright 1999 Paul Mackerras.
6	*
7	* This driver provides the encapsulation and framing for sending
8	* and receiving PPP frames over async serial lines. It relies on
9	* the generic PPP layer to give it frames to send and to process
10	* received frames. It implements the PPP line discipline.
11	*
12	* Part of the code in this driver was inspired by the old async-only
13	* PPP driver, written by Michael Callahan and Al Longyear, and
14	* subsequently hacked by Paul Mackerras.
15	*/
16
17	#include <linux/module.h>
18	#include <linux/kernel.h>
19	#include <linux/skbuff.h>
20	#include <linux/tty.h>
21	#include <linux/netdevice.h>
22	#include <linux/poll.h>
23	#include <linux/crc-ccitt.h>
24	#include <linux/ppp_defs.h>
25	#include <linux/ppp-ioctl.h>
26	#include <linux/ppp_channel.h>
27	#include <linux/spinlock.h>
28	#include <linux/init.h>
29	#include <linux/interrupt.h>
30	#include <linux/jiffies.h>
31	#include <linux/slab.h>
32	#include <linux/unaligned.h>
33	#include <linux/uaccess.h>
34	#include <asm/string.h>
35
36	#define PPP_VERSION "2.4.2"
37
38	#define OBUFSIZE 4096
39
40	/ Structure for storing local state. /
41	struct asyncppp {
42	struct tty_struct *tty;
43	unsigned int flags;
44	unsigned int state;
45	unsigned int rbits;
46	int mru;
47	spinlock_t xmit_lock;
48	spinlock_t recv_lock;
49	unsigned long xmit_flags;
50	u32 xaccm[`8`];
51	u32 raccm;
52	unsigned int bytes_sent;
53	unsigned int bytes_rcvd;
54
55	struct sk_buff *tpkt;
56	int tpkt_pos;
57	u16 tfcs;
58	unsigned char *optr;
59	unsigned char *olim;
60	unsigned long last_xmit;
61
62	struct sk_buff *rpkt;
63	int lcp_fcs;
64	struct sk_buff_head rqueue;
65
66	struct tasklet_struct tsk;
67
68	refcount_t refcnt;
69	struct completion dead;
70	struct ppp_channel chan; / interface to generic ppp layer /
71	unsigned char obuf[OBUFSIZE];
72	};
73
74	/ Bit numbers in xmit_flags /
75	#define XMIT_WAKEUP 0
76	#define XMIT_FULL 1
77	#define XMIT_BUSY 2
78
79	/ State bits /
80	#define SC_TOSS 1
81	#define SC_ESCAPE 2
82	#define SC_PREV_ERROR 4
83
84	/ Bits in rbits /
85	#define SC_RCV_BITS (SC_RCV_B7_1\|SC_RCV_B7_0\|SC_RCV_ODDP\|SC_RCV_EVNP)
86
87	static int flag_time = HZ;
88	module_param(flag_time, int, `0`);
89	MODULE_PARM_DESC(flag_time, "ppp_async: interval between flagged packets (in clock ticks)");
90	MODULE_DESCRIPTION("PPP async serial channel module");
91	MODULE_LICENSE("GPL");
92	MODULE_ALIAS_LDISC(N_PPP);
93
94	/*
95	* Prototypes.
96	*/
97	static int ppp_async_encode(struct asyncppp *ap);
98	static int ppp_async_send(struct ppp_channel chan, struct* sk_buff *skb);
99	static int ppp_async_push(struct asyncppp *ap);
100	static void ppp_async_flush_output(struct asyncppp *ap);
101	static void ppp_async_input(struct asyncppp ap, const* unsigned char *buf,
102	const u8 flags, int* count);
103	static int ppp_async_ioctl(struct ppp_channel chan, unsigned* int cmd,
104	unsigned long arg);
105	static void ppp_async_process(struct tasklet_struct *t);
106
107	static void async_lcp_peek(struct asyncppp ap, unsigned* char *data,
108	int len, int inbound);
109
110	static const struct ppp_channel_ops async_ops = {
111	.start_xmit = ppp_async_send,
112	.ioctl = ppp_async_ioctl,
113	};
114
115	/*
116	* Routines implementing the PPP line discipline.
117	*/
118
119	/*
120	* We have a potential race on dereferencing tty->disc_data,
121	* because the tty layer provides no locking at all - thus one
122	* cpu could be running ppp_asynctty_receive while another
123	* calls ppp_asynctty_close, which zeroes tty->disc_data and
124	* frees the memory that ppp_asynctty_receive is using. The best
125	* way to fix this is to use a rwlock in the tty struct, but for now
126	* we use a single global rwlock for all ttys in ppp line discipline.
127	*
128	* FIXME: this is no longer true. The _close path for the ldisc is
129	* now guaranteed to be sane.
130	*/
131	static DEFINE_RWLOCK(disc_data_lock);
132
133	static struct asyncppp ap_get(struct* tty_struct *tty)
134	{
135	struct asyncppp *ap;
136
137	read_lock(&disc_data_lock);
138	ap = tty->disc_data;
139	if (ap != NULL)
140	refcount_inc(r: &ap->refcnt);
141	read_unlock(&disc_data_lock);
142	return ap;
143	}
144
145	static void ap_put(struct asyncppp *ap)
146	{
147	if (refcount_dec_and_test(r: &ap->refcnt))
148	complete(&ap->dead);
149	}
150
151	/*
152	* Called when a tty is put into PPP line discipline. Called in process
153	* context.
154	*/
155	static int
156	ppp_asynctty_open(struct tty_struct *tty)
157	{
158	struct asyncppp *ap;
159	int err;
160	int speed;
161
162	if (tty->ops->write == NULL)
163	return -EOPNOTSUPP;
164
165	err = -ENOMEM;
166	ap = kzalloc(sizeof(*ap), GFP_KERNEL);
167	if (!ap)
168	goto out;
169
170	/ initialize the asyncppp structure /
171	ap->tty = tty;
172	ap->mru = PPP_MRU;
173	spin_lock_init(&ap->xmit_lock);
174	spin_lock_init(&ap->recv_lock);
175	ap->xaccm[`0`] = ~`0U`;
176	ap->xaccm[`3`] = `0x60000000U`;
177	ap->raccm = ~`0U`;
178	ap->optr = ap->obuf;
179	ap->olim = ap->obuf;
180	ap->lcp_fcs = -`1`;
181
182	skb_queue_head_init(list: &ap->rqueue);
183	tasklet_setup(t: &ap->tsk, callback: ppp_async_process);
184
185	refcount_set(r: &ap->refcnt, n: `1`);
186	init_completion(x: &ap->dead);
187
188	ap->chan.private = ap;
189	ap->chan.ops = &async_ops;
190	ap->chan.mtu = PPP_MRU;
191	speed = tty_get_baud_rate(tty);
192	ap->chan.speed = speed;
193	err = ppp_register_channel(&ap->chan);
194	if (err)
195	goto out_free;
196
197	tty->disc_data = ap;
198	tty->receive_room = `65536`;
199	return `0`;
200
201	out_free:
202	kfree(objp: ap);
203	out:
204	return err;
205	}
206
207	/*
208	* Called when the tty is put into another line discipline
209	* or it hangs up. We have to wait for any cpu currently
210	* executing in any of the other ppp_asynctty_* routines to
211	* finish before we can call ppp_unregister_channel and free
212	* the asyncppp struct. This routine must be called from
213	* process context, not interrupt or softirq context.
214	*/
215	static void
216	ppp_asynctty_close(struct tty_struct *tty)
217	{
218	struct asyncppp *ap;
219
220	write_lock_irq(&disc_data_lock);
221	ap = tty->disc_data;
222	tty->disc_data = NULL;
223	write_unlock_irq(&disc_data_lock);
224	if (!ap)
225	return;
226
227	/*
228	* We have now ensured that nobody can start using ap from now
229	* on, but we have to wait for all existing users to finish.
230	* Note that ppp_unregister_channel ensures that no calls to
231	* our channel ops (i.e. ppp_async_send/ioctl) are in progress
232	* by the time it returns.
233	*/
234	if (!refcount_dec_and_test(r: &ap->refcnt))
235	wait_for_completion(&ap->dead);
236	tasklet_kill(t: &ap->tsk);
237
238	ppp_unregister_channel(&ap->chan);
239	kfree_skb(skb: ap->rpkt);
240	skb_queue_purge(list: &ap->rqueue);
241	kfree_skb(skb: ap->tpkt);
242	kfree(objp: ap);
243	}
244
245	/*
246	* Called on tty hangup in process context.
247	*
248	* Wait for I/O to driver to complete and unregister PPP channel.
249	* This is already done by the close routine, so just call that.
250	*/
251	static void ppp_asynctty_hangup(struct tty_struct *tty)
252	{
253	ppp_asynctty_close(tty);
254	}
255
256	/*
257	* Read does nothing - no data is ever available this way.
258	* Pppd reads and writes packets via /dev/ppp instead.
259	*/
260	static ssize_t
261	ppp_asynctty_read(struct tty_struct tty, struct* file file, u8 buf,
262	size_t count, void *cookie, unsigned* long offset)
263	{
264	return -EAGAIN;
265	}
266
267	/*
268	* Write on the tty does nothing, the packets all come in
269	* from the ppp generic stuff.
270	*/
271	static ssize_t
272	ppp_asynctty_write(struct tty_struct tty, struct* file file, const* u8 *buf,
273	size_t count)
274	{
275	return -EAGAIN;
276	}
277
278	/*
279	* Called in process context only. May be re-entered by multiple
280	* ioctl calling threads.
281	*/
282
283	static int
284	ppp_asynctty_ioctl(struct tty_struct tty, unsigned* int cmd, unsigned long arg)
285	{
286	struct asyncppp *ap = ap_get(tty);
287	int err, val;
288	int __user p = (int* __user *)arg;
289
290	if (!ap)
291	return -ENXIO;
292	err = -EFAULT;
293	switch (cmd) {
294	case PPPIOCGCHAN:
295	err = -EFAULT;
296	if (put_user(ppp_channel_index(&ap->chan), p))
297	break;
298	err = `0`;
299	break;
300
301	case PPPIOCGUNIT:
302	err = -EFAULT;
303	if (put_user(ppp_unit_number(&ap->chan), p))
304	break;
305	err = `0`;
306	break;
307
308	case TCFLSH:
309	/ flush our buffers and the serial port's buffer /
310	if (arg == TCIOFLUSH \|\| arg == TCOFLUSH)
311	ppp_async_flush_output(ap);
312	err = n_tty_ioctl_helper(tty, cmd, arg);
313	break;
314
315	case FIONREAD:
316	val = `0`;
317	if (put_user(val, p))
318	break;
319	err = `0`;
320	break;
321
322	default:
323	/ Try the various mode ioctls /
324	err = tty_mode_ioctl(tty, cmd, arg);
325	}
326
327	ap_put(ap);
328	return err;
329	}
330
331	/ May sleep, don't call from interrupt level or with interrupts disabled /
332	static void
333	ppp_asynctty_receive(struct tty_struct tty, const* u8 buf, const* u8 *cflags,
334	size_t count)
335	{
336	struct asyncppp *ap = ap_get(tty);
337	unsigned long flags;
338
339	if (!ap)
340	return;
341	spin_lock_irqsave(&ap->recv_lock, flags);
342	ppp_async_input(ap, buf, flags: cflags, count);
343	spin_unlock_irqrestore(lock: &ap->recv_lock, flags);
344	if (!skb_queue_empty(list: &ap->rqueue))
345	tasklet_schedule(t: &ap->tsk);
346	ap_put(ap);
347	tty_unthrottle(tty);
348	}
349
350	static void
351	ppp_asynctty_wakeup(struct tty_struct *tty)
352	{
353	struct asyncppp *ap = ap_get(tty);
354
355	clear_bit(nr: TTY_DO_WRITE_WAKEUP, addr: &tty->flags);
356	if (!ap)
357	return;
358	set_bit(XMIT_WAKEUP, addr: &ap->xmit_flags);
359	tasklet_schedule(t: &ap->tsk);
360	ap_put(ap);
361	}
362
363
364	static struct tty_ldisc_ops ppp_ldisc = {
365	.owner = THIS_MODULE,
366	.num = N_PPP,
367	.name = "ppp",
368	.open = ppp_asynctty_open,
369	.close = ppp_asynctty_close,
370	.hangup = ppp_asynctty_hangup,
371	.read = ppp_asynctty_read,
372	.write = ppp_asynctty_write,
373	.ioctl = ppp_asynctty_ioctl,
374	.receive_buf = ppp_asynctty_receive,
375	.write_wakeup = ppp_asynctty_wakeup,
376	};
377
378	static int __init
379	ppp_async_init(void)
380	{
381	int err;
382
383	err = tty_register_ldisc(new_ldisc: &ppp_ldisc);
384	if (err != `0`)
385	printk(KERN_ERR "PPP_async: error %d registering line disc.\n",
386	err);
387	return err;
388	}
389
390	/*
391	* The following routines provide the PPP channel interface.
392	*/
393	static int
394	ppp_async_ioctl(struct ppp_channel chan, unsigned* int cmd, unsigned long arg)
395	{
396	struct asyncppp *ap = chan->private;
397	void __user argp = (void* __user *)arg;
398	int __user *p = argp;
399	int err, val;
400	u32 accm[`8`];
401
402	err = -EFAULT;
403	switch (cmd) {
404	case PPPIOCGFLAGS:
405	val = ap->flags \| ap->rbits;
406	if (put_user(val, p))
407	break;
408	err = `0`;
409	break;
410	case PPPIOCSFLAGS:
411	if (get_user(val, p))
412	break;
413	ap->flags = val & ~SC_RCV_BITS;
414	spin_lock_irq(lock: &ap->recv_lock);
415	ap->rbits = val & SC_RCV_BITS;
416	spin_unlock_irq(lock: &ap->recv_lock);
417	err = `0`;
418	break;
419
420	case PPPIOCGASYNCMAP:
421	if (put_user(ap->xaccm[`0`], (u32 __user *)argp))
422	break;
423	err = `0`;
424	break;
425	case PPPIOCSASYNCMAP:
426	if (get_user(ap->xaccm[`0`], (u32 __user *)argp))
427	break;
428	err = `0`;
429	break;
430
431	case PPPIOCGRASYNCMAP:
432	if (put_user(ap->raccm, (u32 __user *)argp))
433	break;
434	err = `0`;
435	break;
436	case PPPIOCSRASYNCMAP:
437	if (get_user(ap->raccm, (u32 __user *)argp))
438	break;
439	err = `0`;
440	break;
441
442	case PPPIOCGXASYNCMAP:
443	if (copy_to_user(to: argp, from: ap->xaccm, n: sizeof(ap->xaccm)))
444	break;
445	err = `0`;
446	break;
447	case PPPIOCSXASYNCMAP:
448	if (copy_from_user(to: accm, from: argp, n: sizeof(accm)))
449	break;
450	accm[`2`] &= ~`0x40000000U`; / can't escape 0x5e /
451	accm[`3`] \|= `0x60000000U`; / must escape 0x7d, 0x7e /
452	memcpy(ap->xaccm, accm, sizeof(ap->xaccm));
453	err = `0`;
454	break;
455
456	case PPPIOCGMRU:
457	if (put_user(ap->mru, p))
458	break;
459	err = `0`;
460	break;
461	case PPPIOCSMRU:
462	if (get_user(val, p))
463	break;
464	if (val > U16_MAX) {
465	err = -EINVAL;
466	break;
467	}
468	if (val < PPP_MRU)
469	val = PPP_MRU;
470	ap->mru = val;
471	err = `0`;
472	break;
473
474	default:
475	err = -ENOTTY;
476	}
477
478	return err;
479	}
480
481	/*
482	* This is called at softirq level to deliver received packets
483	* to the ppp_generic code, and to tell the ppp_generic code
484	* if we can accept more output now.
485	*/
486	static void ppp_async_process(struct tasklet_struct *t)
487	{
488	struct asyncppp *ap = from_tasklet(ap, t, tsk);
489	struct sk_buff *skb;
490
491	/ process received packets /
492	while ((skb = skb_dequeue(list: &ap->rqueue)) != NULL) {
493	if (skb->cb[`0`])
494	ppp_input_error(&ap->chan, code: `0`);
495	ppp_input(&ap->chan, skb);
496	}
497
498	/ try to push more stuff out /
499	if (test_bit(XMIT_WAKEUP, &ap->xmit_flags) && ppp_async_push(ap))
500	ppp_output_wakeup(&ap->chan);
501	}
502
503	/*
504	* Procedures for encapsulation and framing.
505	*/
506
507	/*
508	* Procedure to encode the data for async serial transmission.
509	* Does octet stuffing (escaping), puts the address/control bytes
510	* on if A/C compression is disabled, and does protocol compression.
511	* Assumes ap->tpkt != 0 on entry.
512	* Returns 1 if we finished the current frame, 0 otherwise.
513	*/
514
515	#define PUT_BYTE(ap, buf, c, islcp) do { \
516	if ((islcp && c < 0x20) \|\| (ap->xaccm[c >> 5] & (1 << (c & 0x1f)))) {\
517	*buf++ = PPP_ESCAPE; \
518	*buf++ = c ^ PPP_TRANS; \
519	} else \
520	*buf++ = c; \
521	} while (0)
522
523	static int
524	ppp_async_encode(struct asyncppp *ap)
525	{
526	int fcs, i, count, c, proto;
527	unsigned char buf, buflim;
528	unsigned char *data;
529	int islcp;
530
531	buf = ap->obuf;
532	ap->olim = buf;
533	ap->optr = buf;
534	i = ap->tpkt_pos;
535	data = ap->tpkt->data;
536	count = ap->tpkt->len;
537	fcs = ap->tfcs;
538	proto = get_unaligned_be16(p: data);
539
540	/*
541	* LCP packets with code values between 1 (configure-request)
542	* and 7 (code-reject) must be sent as though no options
543	* had been negotiated.
544	*/
545	islcp = proto == PPP_LCP && count >= `3` && `1` <= data[`2`] && data[`2`] <= `7`;
546
547	if (i == `0`) {
548	if (islcp)
549	async_lcp_peek(ap, data, len: count, inbound: `0`);
550
551	/*
552	* Start of a new packet - insert the leading FLAG
553	* character if necessary.
554	*/
555	if (islcp \|\| flag_time == `0` \|\|
556	time_after_eq(jiffies, ap->last_xmit + flag_time))
557	*buf++ = PPP_FLAG;
558	ap->last_xmit = jiffies;
559	fcs = PPP_INITFCS;
560
561	/*
562	* Put in the address/control bytes if necessary
563	*/
564	if ((ap->flags & SC_COMP_AC) == `0` \|\| islcp) {
565	PUT_BYTE(ap, buf, `0xff`, islcp);
566	fcs = PPP_FCS(fcs, `0xff`);
567	PUT_BYTE(ap, buf, `0x03`, islcp);
568	fcs = PPP_FCS(fcs, `0x03`);
569	}
570	}
571
572	/*
573	* Once we put in the last byte, we need to put in the FCS
574	* and closing flag, so make sure there is at least 7 bytes
575	* of free space in the output buffer.
576	*/
577	buflim = ap->obuf + OBUFSIZE - `6`;
578	while (i < count && buf < buflim) {
579	c = data[i++];
580	if (i == `1` && c == `0` && (ap->flags & SC_COMP_PROT))
581	continue; / compress protocol field /
582	fcs = PPP_FCS(fcs, c);
583	PUT_BYTE(ap, buf, c, islcp);
584	}
585
586	if (i < count) {
587	/*
588	* Remember where we are up to in this packet.
589	*/
590	ap->olim = buf;
591	ap->tpkt_pos = i;
592	ap->tfcs = fcs;
593	return `0`;
594	}
595
596	/*
597	* We have finished the packet. Add the FCS and flag.
598	*/
599	fcs = ~fcs;
600	c = fcs & `0xff`;
601	PUT_BYTE(ap, buf, c, islcp);
602	c = (fcs >> `8`) & `0xff`;
603	PUT_BYTE(ap, buf, c, islcp);
604	*buf++ = PPP_FLAG;
605	ap->olim = buf;
606
607	consume_skb(skb: ap->tpkt);
608	ap->tpkt = NULL;
609	return `1`;
610	}
611
612	/*
613	* Transmit-side routines.
614	*/
615
616	/*
617	* Send a packet to the peer over an async tty line.
618	* Returns 1 iff the packet was accepted.
619	* If the packet was not accepted, we will call ppp_output_wakeup
620	* at some later time.
621	*/
622	static int
623	ppp_async_send(struct ppp_channel chan, struct* sk_buff *skb)
624	{
625	struct asyncppp *ap = chan->private;
626
627	ppp_async_push(ap);
628
629	if (test_and_set_bit(XMIT_FULL, addr: &ap->xmit_flags))
630	return `0`; / already full /
631	ap->tpkt = skb;
632	ap->tpkt_pos = `0`;
633
634	ppp_async_push(ap);
635	return `1`;
636	}
637
638	/*
639	* Push as much data as possible out to the tty.
640	*/
641	static int
642	ppp_async_push(struct asyncppp *ap)
643	{
644	int avail, sent, done = `0`;
645	struct tty_struct *tty = ap->tty;
646	int tty_stuffed = `0`;
647
648	/*
649	* We can get called recursively here if the tty write
650	* function calls our wakeup function. This can happen
651	* for example on a pty with both the master and slave
652	* set to PPP line discipline.
653	* We use the XMIT_BUSY bit to detect this and get out,
654	* leaving the XMIT_WAKEUP bit set to tell the other
655	* instance that it may now be able to write more now.
656	*/
657	if (test_and_set_bit(XMIT_BUSY, addr: &ap->xmit_flags))
658	return `0`;
659	spin_lock_bh(lock: &ap->xmit_lock);
660	for (;;) {
661	if (test_and_clear_bit(XMIT_WAKEUP, addr: &ap->xmit_flags))
662	tty_stuffed = `0`;
663	if (!tty_stuffed && ap->optr < ap->olim) {
664	avail = ap->olim - ap->optr;
665	set_bit(nr: TTY_DO_WRITE_WAKEUP, addr: &tty->flags);
666	sent = tty->ops->write(tty, ap->optr, avail);
667	if (sent < `0`)
668	goto flush; / error, e.g. loss of CD /
669	ap->optr += sent;
670	if (sent < avail)
671	tty_stuffed = `1`;
672	continue;
673	}
674	if (ap->optr >= ap->olim && ap->tpkt) {
675	if (ppp_async_encode(ap)) {
676	/ finished processing ap->tpkt /
677	clear_bit(XMIT_FULL, addr: &ap->xmit_flags);
678	done = `1`;
679	}
680	continue;
681	}
682	/*
683	* We haven't made any progress this time around.
684	* Clear XMIT_BUSY to let other callers in, but
685	* after doing so we have to check if anyone set
686	* XMIT_WAKEUP since we last checked it. If they
687	* did, we should try again to set XMIT_BUSY and go
688	* around again in case XMIT_BUSY was still set when
689	* the other caller tried.
690	*/
691	clear_bit(XMIT_BUSY, addr: &ap->xmit_flags);
692	/ any more work to do? if not, exit the loop /
693	if (!(test_bit(XMIT_WAKEUP, &ap->xmit_flags) \|\|
694	(!tty_stuffed && ap->tpkt)))
695	break;
696	/ more work to do, see if we can do it now /
697	if (test_and_set_bit(XMIT_BUSY, addr: &ap->xmit_flags))
698	break;
699	}
700	spin_unlock_bh(lock: &ap->xmit_lock);
701	return done;
702
703	flush:
704	clear_bit(XMIT_BUSY, addr: &ap->xmit_flags);
705	if (ap->tpkt) {
706	kfree_skb(skb: ap->tpkt);
707	ap->tpkt = NULL;
708	clear_bit(XMIT_FULL, addr: &ap->xmit_flags);
709	done = `1`;
710	}
711	ap->optr = ap->olim;
712	spin_unlock_bh(lock: &ap->xmit_lock);
713	return done;
714	}
715
716	/*
717	* Flush output from our internal buffers.
718	* Called for the TCFLSH ioctl. Can be entered in parallel
719	* but this is covered by the xmit_lock.
720	*/
721	static void
722	ppp_async_flush_output(struct asyncppp *ap)
723	{
724	int done = `0`;
725
726	spin_lock_bh(lock: &ap->xmit_lock);
727	ap->optr = ap->olim;
728	if (ap->tpkt != NULL) {
729	kfree_skb(skb: ap->tpkt);
730	ap->tpkt = NULL;
731	clear_bit(XMIT_FULL, addr: &ap->xmit_flags);
732	done = `1`;
733	}
734	spin_unlock_bh(lock: &ap->xmit_lock);
735	if (done)
736	ppp_output_wakeup(&ap->chan);
737	}
738
739	/*
740	* Receive-side routines.
741	*/
742
743	/ see how many ordinary chars there are at the start of buf /
744	static inline int
745	scan_ordinary(struct asyncppp ap, const* unsigned char buf, int* count)
746	{
747	int i, c;
748
749	for (i = `0`; i < count; ++i) {
750	c = buf[i];
751	if (c == PPP_ESCAPE \|\| c == PPP_FLAG \|\|
752	(c < `0x20` && (ap->raccm & (`1` << c)) != `0`))
753	break;
754	}
755	return i;
756	}
757
758	/ called when a flag is seen - do end-of-packet processing /
759	static void
760	process_input_packet(struct asyncppp *ap)
761	{
762	struct sk_buff *skb;
763	unsigned char *p;
764	unsigned int len, fcs;
765
766	skb = ap->rpkt;
767	if (ap->state & (SC_TOSS \| SC_ESCAPE))
768	goto err;
769
770	if (skb == NULL)
771	return; / 0-length packet /
772
773	/ check the FCS /
774	p = skb->data;
775	len = skb->len;
776	if (len < `3`)
777	goto err; / too short /
778	fcs = PPP_INITFCS;
779	for (; len > `0`; --len)
780	fcs = PPP_FCS(fcs, *p++);
781	if (fcs != PPP_GOODFCS)
782	goto err; / bad FCS /
783	skb_trim(skb, len: skb->len - `2`);
784
785	/ check for address/control and protocol compression /
786	p = skb->data;
787	if (p[`0`] == PPP_ALLSTATIONS) {
788	/ chop off address/control /
789	if (p[`1`] != PPP_UI \|\| skb->len < `3`)
790	goto err;
791	p = skb_pull(skb, len: `2`);
792	}
793
794	/ If protocol field is not compressed, it can be LCP packet /
795	if (!(p[`0`] & `0x01`)) {
796	unsigned int proto;
797
798	if (skb->len < `2`)
799	goto err;
800	proto = (p[`0`] << `8`) + p[`1`];
801	if (proto == PPP_LCP)
802	async_lcp_peek(ap, data: p, len: skb->len, inbound: `1`);
803	}
804
805	/ queue the frame to be processed /
806	skb->cb[`0`] = ap->state;
807	skb_queue_tail(list: &ap->rqueue, newsk: skb);
808	ap->rpkt = NULL;
809	ap->state = `0`;
810	return;
811
812	err:
813	/ frame had an error, remember that, reset SC_TOSS & SC_ESCAPE /
814	ap->state = SC_PREV_ERROR;
815	if (skb) {
816	/ make skb appear as freshly allocated /
817	skb_trim(skb, len: `0`);
818	skb_reserve(skb, len: - skb_headroom(skb));
819	}
820	}
821
822	/ Called when the tty driver has data for us. Runs parallel with the*
823	other ldisc functions but will not be re-entered /*
824
825	static void
826	ppp_async_input(struct asyncppp ap, const* u8 buf, const* u8 flags, int* count)
827	{
828	struct sk_buff *skb;
829	int c, i, j, n, s, f;
830	unsigned char *sp;
831
832	/ update bits used for 8-bit cleanness detection /
833	if (~ap->rbits & SC_RCV_BITS) {
834	s = `0`;
835	for (i = `0`; i < count; ++i) {
836	c = buf[i];
837	if (flags && flags[i] != `0`)
838	continue;
839	s \|= (c & `0x80`)? SC_RCV_B7_1: SC_RCV_B7_0;
840	c = ((c >> `4`) ^ c) & `0xf`;
841	s \|= (`0x6996` & (`1` << c))? SC_RCV_ODDP: SC_RCV_EVNP;
842	}
843	ap->rbits \|= s;
844	}
845
846	while (count > `0`) {
847	/ scan through and see how many chars we can do in bulk /
848	if ((ap->state & SC_ESCAPE) && buf[`0`] == PPP_ESCAPE)
849	n = `1`;
850	else
851	n = scan_ordinary(ap, buf, count);
852
853	f = `0`;
854	if (flags && (ap->state & SC_TOSS) == `0`) {
855	/ check the flags to see if any char had an error /
856	for (j = `0`; j < n; ++j)
857	if ((f = flags[j]) != `0`)
858	break;
859	}
860	if (f != `0`) {
861	/ start tossing /
862	ap->state \|= SC_TOSS;
863
864	} else if (n > `0` && (ap->state & SC_TOSS) == `0`) {
865	/ stuff the chars in the skb /
866	skb = ap->rpkt;
867	if (!skb) {
868	skb = dev_alloc_skb(length: ap->mru + PPP_HDRLEN + `2`);
869	if (!skb)
870	goto nomem;
871	ap->rpkt = skb;
872	}
873	if (skb->len == `0`) {
874	/ Try to get the payload 4-byte aligned.*
875	* This should match the
876	* PPP_ALLSTATIONS/PPP_UI/compressed tests in
877	* process_input_packet, but we do not have
878	* enough chars here to test buf[1] and buf[2].
879	*/
880	if (buf[`0`] != PPP_ALLSTATIONS)
881	skb_reserve(skb, len: `2` + (buf[`0`] & `1`));
882	}
883	if (n > skb_tailroom(skb)) {
884	/ packet overflowed MRU /
885	ap->state \|= SC_TOSS;
886	} else {
887	sp = skb_put_data(skb, data: buf, len: n);
888	if (ap->state & SC_ESCAPE) {
889	sp[`0`] ^= PPP_TRANS;
890	ap->state &= ~SC_ESCAPE;
891	}
892	}
893	}
894
895	if (n >= count)
896	break;
897
898	c = buf[n];
899	if (flags != NULL && flags[n] != `0`) {
900	ap->state \|= SC_TOSS;
901	} else if (c == PPP_FLAG) {
902	process_input_packet(ap);
903	} else if (c == PPP_ESCAPE) {
904	ap->state \|= SC_ESCAPE;
905	} else if (I_IXON(ap->tty)) {
906	if (c == START_CHAR(ap->tty))
907	start_tty(tty: ap->tty);
908	else if (c == STOP_CHAR(ap->tty))
909	stop_tty(tty: ap->tty);
910	}
911	/ otherwise it's a char in the recv ACCM /
912	++n;
913
914	buf += n;
915	if (flags)
916	flags += n;
917	count -= n;
918	}
919	return;
920
921	nomem:
922	printk(KERN_ERR "PPPasync: no memory (input pkt)\n");
923	ap->state \|= SC_TOSS;
924	}
925
926	/*
927	* We look at LCP frames going past so that we can notice
928	* and react to the LCP configure-ack from the peer.
929	* In the situation where the peer has been sent a configure-ack
930	* already, LCP is up once it has sent its configure-ack
931	* so the immediately following packet can be sent with the
932	* configured LCP options. This allows us to process the following
933	* packet correctly without pppd needing to respond quickly.
934	*
935	* We only respond to the received configure-ack if we have just
936	* sent a configure-request, and the configure-ack contains the
937	* same data (this is checked using a 16-bit crc of the data).
938	*/
939	#define CONFREQ 1 /* LCP code field values */
940	#define CONFACK 2
941	#define LCP_MRU 1 /* LCP option numbers */
942	#define LCP_ASYNCMAP 2
943
944	static void async_lcp_peek(struct asyncppp ap, unsigned* char *data,
945	int len, int inbound)
946	{
947	int dlen, fcs, i, code;
948	u32 val;
949
950	data += `2`; / skip protocol bytes /
951	len -= `2`;
952	if (len < `4`) / 4 = code, ID, length /
953	return;
954	code = data[`0`];
955	if (code != CONFACK && code != CONFREQ)
956	return;
957	dlen = get_unaligned_be16(p: data + `2`);
958	if (len < dlen)
959	return; / packet got truncated or length is bogus /
960
961	if (code == (inbound? CONFACK: CONFREQ)) {
962	/*
963	* sent confreq or received confack:
964	* calculate the crc of the data from the ID field on.
965	*/
966	fcs = PPP_INITFCS;
967	for (i = `1`; i < dlen; ++i)
968	fcs = PPP_FCS(fcs, data[i]);
969
970	if (!inbound) {
971	/ outbound confreq - remember the crc for later /
972	ap->lcp_fcs = fcs;
973	return;
974	}
975
976	/ received confack, check the crc /
977	fcs ^= ap->lcp_fcs;
978	ap->lcp_fcs = -`1`;
979	if (fcs != `0`)
980	return;
981	} else if (inbound)
982	return; / not interested in received confreq /
983
984	/ process the options in the confack /
985	data += `4`;
986	dlen -= `4`;
987	/ data[0] is code, data[1] is length /
988	while (dlen >= `2` && dlen >= data[`1`] && data[`1`] >= `2`) {
989	switch (data[`0`]) {
990	case LCP_MRU:
991	val = get_unaligned_be16(p: data + `2`);
992	if (inbound)
993	ap->mru = val;
994	else
995	ap->chan.mtu = val;
996	break;
997	case LCP_ASYNCMAP:
998	val = get_unaligned_be32(p: data + `2`);
999	if (inbound)
1000	ap->raccm = val;
1001	else
1002	ap->xaccm[`0`] = val;
1003	break;
1004	}
1005	dlen -= data[`1`];
1006	data += data[`1`];
1007	}
1008	}
1009
1010	static void __exit ppp_async_cleanup(void)
1011	{
1012	tty_unregister_ldisc(ldisc: &ppp_ldisc);
1013	}
1014
1015	module_init(ppp_async_init);
1016	module_exit(ppp_async_cleanup);
1017

source code of linux/drivers/net/ppp/ppp_async.c