drivers/net/ppp_generic.c at v2.6.14-rc2 · tjh.dev/kernel

tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
kernel / drivers / net / ppp_generic.c
at v2.6.14-rc2 2775 lines 67 kB view raw
   1/*
   2 * Generic PPP layer for Linux.
   3 *
   4 * Copyright 1999-2002 Paul Mackerras.
   5 *
   6 *  This program is free software; you can redistribute it and/or
   7 *  modify it under the terms of the GNU General Public License
   8 *  as published by the Free Software Foundation; either version
   9 *  2 of the License, or (at your option) any later version.
  10 *
  11 * The generic PPP layer handles the PPP network interfaces, the
  12 * /dev/ppp device, packet and VJ compression, and multilink.
  13 * It talks to PPP `channels' via the interface defined in
  14 * include/linux/ppp_channel.h.  Channels provide the basic means for
  15 * sending and receiving PPP frames on some kind of communications
  16 * channel.
  17 *
  18 * Part of the code in this driver was inspired by the old async-only
  19 * PPP driver, written by Michael Callahan and Al Longyear, and
  20 * subsequently hacked by Paul Mackerras.
  21 *
  22 * ==FILEVERSION 20041108==
  23 */
  24
  25#include <linux/config.h>
  26#include <linux/module.h>
  27#include <linux/kernel.h>
  28#include <linux/kmod.h>
  29#include <linux/init.h>
  30#include <linux/list.h>
  31#include <linux/devfs_fs_kernel.h>
  32#include <linux/netdevice.h>
  33#include <linux/poll.h>
  34#include <linux/ppp_defs.h>
  35#include <linux/filter.h>
  36#include <linux/if_ppp.h>
  37#include <linux/ppp_channel.h>
  38#include <linux/ppp-comp.h>
  39#include <linux/skbuff.h>
  40#include <linux/rtnetlink.h>
  41#include <linux/if_arp.h>
  42#include <linux/ip.h>
  43#include <linux/tcp.h>
  44#include <linux/spinlock.h>
  45#include <linux/smp_lock.h>
  46#include <linux/rwsem.h>
  47#include <linux/stddef.h>
  48#include <linux/device.h>
  49#include <net/slhc_vj.h>
  50#include <asm/atomic.h>
  51
  52#define PPP_VERSION	"2.4.2"
  53
  54/*
  55 * Network protocols we support.
  56 */
  57#define NP_IP	0		/* Internet Protocol V4 */
  58#define NP_IPV6	1		/* Internet Protocol V6 */
  59#define NP_IPX	2		/* IPX protocol */
  60#define NP_AT	3		/* Appletalk protocol */
  61#define NP_MPLS_UC 4		/* MPLS unicast */
  62#define NP_MPLS_MC 5		/* MPLS multicast */
  63#define NUM_NP	6		/* Number of NPs. */
  64
  65#define MPHDRLEN	6	/* multilink protocol header length */
  66#define MPHDRLEN_SSN	4	/* ditto with short sequence numbers */
  67#define MIN_FRAG_SIZE	64
  68
  69/*
  70 * An instance of /dev/ppp can be associated with either a ppp
  71 * interface unit or a ppp channel.  In both cases, file->private_data
  72 * points to one of these.
  73 */
  74struct ppp_file {
  75	enum {
  76		INTERFACE=1, CHANNEL
  77	}		kind;
  78	struct sk_buff_head xq;		/* pppd transmit queue */
  79	struct sk_buff_head rq;		/* receive queue for pppd */
  80	wait_queue_head_t rwait;	/* for poll on reading /dev/ppp */
  81	atomic_t	refcnt;		/* # refs (incl /dev/ppp attached) */
  82	int		hdrlen;		/* space to leave for headers */
  83	int		index;		/* interface unit / channel number */
  84	int		dead;		/* unit/channel has been shut down */
  85};
  86
  87#define PF_TO_X(pf, X)		((X *)((char *)(pf) - offsetof(X, file)))
  88
  89#define PF_TO_PPP(pf)		PF_TO_X(pf, struct ppp)
  90#define PF_TO_CHANNEL(pf)	PF_TO_X(pf, struct channel)
  91
  92#define ROUNDUP(n, x)		(((n) + (x) - 1) / (x))
  93
  94/*
  95 * Data structure describing one ppp unit.
  96 * A ppp unit corresponds to a ppp network interface device
  97 * and represents a multilink bundle.
  98 * It can have 0 or more ppp channels connected to it.
  99 */
 100struct ppp {
 101	struct ppp_file	file;		/* stuff for read/write/poll 0 */
 102	struct file	*owner;		/* file that owns this unit 48 */
 103	struct list_head channels;	/* list of attached channels 4c */
 104	int		n_channels;	/* how many channels are attached 54 */
 105	spinlock_t	rlock;		/* lock for receive side 58 */
 106	spinlock_t	wlock;		/* lock for transmit side 5c */
 107	int		mru;		/* max receive unit 60 */
 108	unsigned int	flags;		/* control bits 64 */
 109	unsigned int	xstate;		/* transmit state bits 68 */
 110	unsigned int	rstate;		/* receive state bits 6c */
 111	int		debug;		/* debug flags 70 */
 112	struct slcompress *vj;		/* state for VJ header compression */
 113	enum NPmode	npmode[NUM_NP];	/* what to do with each net proto 78 */
 114	struct sk_buff	*xmit_pending;	/* a packet ready to go out 88 */
 115	struct compressor *xcomp;	/* transmit packet compressor 8c */
 116	void		*xc_state;	/* its internal state 90 */
 117	struct compressor *rcomp;	/* receive decompressor 94 */
 118	void		*rc_state;	/* its internal state 98 */
 119	unsigned long	last_xmit;	/* jiffies when last pkt sent 9c */
 120	unsigned long	last_recv;	/* jiffies when last pkt rcvd a0 */
 121	struct net_device *dev;		/* network interface device a4 */
 122#ifdef CONFIG_PPP_MULTILINK
 123	int		nxchan;		/* next channel to send something on */
 124	u32		nxseq;		/* next sequence number to send */
 125	int		mrru;		/* MP: max reconst. receive unit */
 126	u32		nextseq;	/* MP: seq no of next packet */
 127	u32		minseq;		/* MP: min of most recent seqnos */
 128	struct sk_buff_head mrq;	/* MP: receive reconstruction queue */
 129#endif /* CONFIG_PPP_MULTILINK */
 130	struct net_device_stats stats;	/* statistics */
 131#ifdef CONFIG_PPP_FILTER
 132	struct sock_filter *pass_filter;	/* filter for packets to pass */
 133	struct sock_filter *active_filter;/* filter for pkts to reset idle */
 134	unsigned pass_len, active_len;
 135#endif /* CONFIG_PPP_FILTER */
 136};
 137
 138/*
 139 * Bits in flags: SC_NO_TCP_CCID, SC_CCP_OPEN, SC_CCP_UP, SC_LOOP_TRAFFIC,
 140 * SC_MULTILINK, SC_MP_SHORTSEQ, SC_MP_XSHORTSEQ, SC_COMP_TCP, SC_REJ_COMP_TCP.
 141 * Bits in rstate: SC_DECOMP_RUN, SC_DC_ERROR, SC_DC_FERROR.
 142 * Bits in xstate: SC_COMP_RUN
 143 */
 144#define SC_FLAG_BITS	(SC_NO_TCP_CCID|SC_CCP_OPEN|SC_CCP_UP|SC_LOOP_TRAFFIC \
 145			 |SC_MULTILINK|SC_MP_SHORTSEQ|SC_MP_XSHORTSEQ \
 146			 |SC_COMP_TCP|SC_REJ_COMP_TCP)
 147
 148/*
 149 * Private data structure for each channel.
 150 * This includes the data structure used for multilink.
 151 */
 152struct channel {
 153	struct ppp_file	file;		/* stuff for read/write/poll */
 154	struct list_head list;		/* link in all/new_channels list */
 155	struct ppp_channel *chan;	/* public channel data structure */
 156	struct rw_semaphore chan_sem;	/* protects `chan' during chan ioctl */
 157	spinlock_t	downl;		/* protects `chan', file.xq dequeue */
 158	struct ppp	*ppp;		/* ppp unit we're connected to */
 159	struct list_head clist;		/* link in list of channels per unit */
 160	rwlock_t	upl;		/* protects `ppp' */
 161#ifdef CONFIG_PPP_MULTILINK
 162	u8		avail;		/* flag used in multilink stuff */
 163	u8		had_frag;	/* >= 1 fragments have been sent */
 164	u32		lastseq;	/* MP: last sequence # received */
 165#endif /* CONFIG_PPP_MULTILINK */
 166};
 167
 168/*
 169 * SMP locking issues:
 170 * Both the ppp.rlock and ppp.wlock locks protect the ppp.channels
 171 * list and the ppp.n_channels field, you need to take both locks
 172 * before you modify them.
 173 * The lock ordering is: channel.upl -> ppp.wlock -> ppp.rlock ->
 174 * channel.downl.
 175 */
 176
 177/*
 178 * A cardmap represents a mapping from unsigned integers to pointers,
 179 * and provides a fast "find lowest unused number" operation.
 180 * It uses a broad (32-way) tree with a bitmap at each level.
 181 * It is designed to be space-efficient for small numbers of entries
 182 * and time-efficient for large numbers of entries.
 183 */
 184#define CARDMAP_ORDER	5
 185#define CARDMAP_WIDTH	(1U << CARDMAP_ORDER)
 186#define CARDMAP_MASK	(CARDMAP_WIDTH - 1)
 187
 188struct cardmap {
 189	int shift;
 190	unsigned long inuse;
 191	struct cardmap *parent;
 192	void *ptr[CARDMAP_WIDTH];
 193};
 194static void *cardmap_get(struct cardmap *map, unsigned int nr);
 195static void cardmap_set(struct cardmap **map, unsigned int nr, void *ptr);
 196static unsigned int cardmap_find_first_free(struct cardmap *map);
 197static void cardmap_destroy(struct cardmap **map);
 198
 199/*
 200 * all_ppp_sem protects the all_ppp_units mapping.
 201 * It also ensures that finding a ppp unit in the all_ppp_units map
 202 * and updating its file.refcnt field is atomic.
 203 */
 204static DECLARE_MUTEX(all_ppp_sem);
 205static struct cardmap *all_ppp_units;
 206static atomic_t ppp_unit_count = ATOMIC_INIT(0);
 207
 208/*
 209 * all_channels_lock protects all_channels and last_channel_index,
 210 * and the atomicity of find a channel and updating its file.refcnt
 211 * field.
 212 */
 213static DEFINE_SPINLOCK(all_channels_lock);
 214static LIST_HEAD(all_channels);
 215static LIST_HEAD(new_channels);
 216static int last_channel_index;
 217static atomic_t channel_count = ATOMIC_INIT(0);
 218
 219/* Get the PPP protocol number from a skb */
 220#define PPP_PROTO(skb)	(((skb)->data[0] << 8) + (skb)->data[1])
 221
 222/* We limit the length of ppp->file.rq to this (arbitrary) value */
 223#define PPP_MAX_RQLEN	32
 224
 225/*
 226 * Maximum number of multilink fragments queued up.
 227 * This has to be large enough to cope with the maximum latency of
 228 * the slowest channel relative to the others.  Strictly it should
 229 * depend on the number of channels and their characteristics.
 230 */
 231#define PPP_MP_MAX_QLEN	128
 232
 233/* Multilink header bits. */
 234#define B	0x80		/* this fragment begins a packet */
 235#define E	0x40		/* this fragment ends a packet */
 236
 237/* Compare multilink sequence numbers (assumed to be 32 bits wide) */
 238#define seq_before(a, b)	((s32)((a) - (b)) < 0)
 239#define seq_after(a, b)		((s32)((a) - (b)) > 0)
 240
 241/* Prototypes. */
 242static int ppp_unattached_ioctl(struct ppp_file *pf, struct file *file,
 243				unsigned int cmd, unsigned long arg);
 244static void ppp_xmit_process(struct ppp *ppp);
 245static void ppp_send_frame(struct ppp *ppp, struct sk_buff *skb);
 246static void ppp_push(struct ppp *ppp);
 247static void ppp_channel_push(struct channel *pch);
 248static void ppp_receive_frame(struct ppp *ppp, struct sk_buff *skb,
 249			      struct channel *pch);
 250static void ppp_receive_error(struct ppp *ppp);
 251static void ppp_receive_nonmp_frame(struct ppp *ppp, struct sk_buff *skb);
 252static struct sk_buff *ppp_decompress_frame(struct ppp *ppp,
 253					    struct sk_buff *skb);
 254#ifdef CONFIG_PPP_MULTILINK
 255static void ppp_receive_mp_frame(struct ppp *ppp, struct sk_buff *skb,
 256				struct channel *pch);
 257static void ppp_mp_insert(struct ppp *ppp, struct sk_buff *skb);
 258static struct sk_buff *ppp_mp_reconstruct(struct ppp *ppp);
 259static int ppp_mp_explode(struct ppp *ppp, struct sk_buff *skb);
 260#endif /* CONFIG_PPP_MULTILINK */
 261static int ppp_set_compress(struct ppp *ppp, unsigned long arg);
 262static void ppp_ccp_peek(struct ppp *ppp, struct sk_buff *skb, int inbound);
 263static void ppp_ccp_closed(struct ppp *ppp);
 264static struct compressor *find_compressor(int type);
 265static void ppp_get_stats(struct ppp *ppp, struct ppp_stats *st);
 266static struct ppp *ppp_create_interface(int unit, int *retp);
 267static void init_ppp_file(struct ppp_file *pf, int kind);
 268static void ppp_shutdown_interface(struct ppp *ppp);
 269static void ppp_destroy_interface(struct ppp *ppp);
 270static struct ppp *ppp_find_unit(int unit);
 271static struct channel *ppp_find_channel(int unit);
 272static int ppp_connect_channel(struct channel *pch, int unit);
 273static int ppp_disconnect_channel(struct channel *pch);
 274static void ppp_destroy_channel(struct channel *pch);
 275
 276static struct class *ppp_class;
 277
 278/* Translates a PPP protocol number to a NP index (NP == network protocol) */
 279static inline int proto_to_npindex(int proto)
 280{
 281	switch (proto) {
 282	case PPP_IP:
 283		return NP_IP;
 284	case PPP_IPV6:
 285		return NP_IPV6;
 286	case PPP_IPX:
 287		return NP_IPX;
 288	case PPP_AT:
 289		return NP_AT;
 290	case PPP_MPLS_UC:
 291		return NP_MPLS_UC;
 292	case PPP_MPLS_MC:
 293		return NP_MPLS_MC;
 294	}
 295	return -EINVAL;
 296}
 297
 298/* Translates an NP index into a PPP protocol number */
 299static const int npindex_to_proto[NUM_NP] = {
 300	PPP_IP,
 301	PPP_IPV6,
 302	PPP_IPX,
 303	PPP_AT,
 304	PPP_MPLS_UC,
 305	PPP_MPLS_MC,
 306};
 307	
 308/* Translates an ethertype into an NP index */
 309static inline int ethertype_to_npindex(int ethertype)
 310{
 311	switch (ethertype) {
 312	case ETH_P_IP:
 313		return NP_IP;
 314	case ETH_P_IPV6:
 315		return NP_IPV6;
 316	case ETH_P_IPX:
 317		return NP_IPX;
 318	case ETH_P_PPPTALK:
 319	case ETH_P_ATALK:
 320		return NP_AT;
 321	case ETH_P_MPLS_UC:
 322		return NP_MPLS_UC;
 323	case ETH_P_MPLS_MC:
 324		return NP_MPLS_MC;
 325	}
 326	return -1;
 327}
 328
 329/* Translates an NP index into an ethertype */
 330static const int npindex_to_ethertype[NUM_NP] = {
 331	ETH_P_IP,
 332	ETH_P_IPV6,
 333	ETH_P_IPX,
 334	ETH_P_PPPTALK,
 335	ETH_P_MPLS_UC,
 336	ETH_P_MPLS_MC,
 337};
 338
 339/*
 340 * Locking shorthand.
 341 */
 342#define ppp_xmit_lock(ppp)	spin_lock_bh(&(ppp)->wlock)
 343#define ppp_xmit_unlock(ppp)	spin_unlock_bh(&(ppp)->wlock)
 344#define ppp_recv_lock(ppp)	spin_lock_bh(&(ppp)->rlock)
 345#define ppp_recv_unlock(ppp)	spin_unlock_bh(&(ppp)->rlock)
 346#define ppp_lock(ppp)		do { ppp_xmit_lock(ppp); \
 347				     ppp_recv_lock(ppp); } while (0)
 348#define ppp_unlock(ppp)		do { ppp_recv_unlock(ppp); \
 349				     ppp_xmit_unlock(ppp); } while (0)
 350
 351/*
 352 * /dev/ppp device routines.
 353 * The /dev/ppp device is used by pppd to control the ppp unit.
 354 * It supports the read, write, ioctl and poll functions.
 355 * Open instances of /dev/ppp can be in one of three states:
 356 * unattached, attached to a ppp unit, or attached to a ppp channel.
 357 */
 358static int ppp_open(struct inode *inode, struct file *file)
 359{
 360	/*
 361	 * This could (should?) be enforced by the permissions on /dev/ppp.
 362	 */
 363	if (!capable(CAP_NET_ADMIN))
 364		return -EPERM;
 365	return 0;
 366}
 367
 368static int ppp_release(struct inode *inode, struct file *file)
 369{
 370	struct ppp_file *pf = file->private_data;
 371	struct ppp *ppp;
 372
 373	if (pf != 0) {
 374		file->private_data = NULL;
 375		if (pf->kind == INTERFACE) {
 376			ppp = PF_TO_PPP(pf);
 377			if (file == ppp->owner)
 378				ppp_shutdown_interface(ppp);
 379		}
 380		if (atomic_dec_and_test(&pf->refcnt)) {
 381			switch (pf->kind) {
 382			case INTERFACE:
 383				ppp_destroy_interface(PF_TO_PPP(pf));
 384				break;
 385			case CHANNEL:
 386				ppp_destroy_channel(PF_TO_CHANNEL(pf));
 387				break;
 388			}
 389		}
 390	}
 391	return 0;
 392}
 393
 394static ssize_t ppp_read(struct file *file, char __user *buf,
 395			size_t count, loff_t *ppos)
 396{
 397	struct ppp_file *pf = file->private_data;
 398	DECLARE_WAITQUEUE(wait, current);
 399	ssize_t ret;
 400	struct sk_buff *skb = NULL;
 401
 402	ret = count;
 403
 404	if (pf == 0)
 405		return -ENXIO;
 406	add_wait_queue(&pf->rwait, &wait);
 407	for (;;) {
 408		set_current_state(TASK_INTERRUPTIBLE);
 409		skb = skb_dequeue(&pf->rq);
 410		if (skb)
 411			break;
 412		ret = 0;
 413		if (pf->dead)
 414			break;
 415		if (pf->kind == INTERFACE) {
 416			/*
 417			 * Return 0 (EOF) on an interface that has no
 418			 * channels connected, unless it is looping
 419			 * network traffic (demand mode).
 420			 */
 421			struct ppp *ppp = PF_TO_PPP(pf);
 422			if (ppp->n_channels == 0
 423			    && (ppp->flags & SC_LOOP_TRAFFIC) == 0)
 424				break;
 425		}
 426		ret = -EAGAIN;
 427		if (file->f_flags & O_NONBLOCK)
 428			break;
 429		ret = -ERESTARTSYS;
 430		if (signal_pending(current))
 431			break;
 432		schedule();
 433	}
 434	set_current_state(TASK_RUNNING);
 435	remove_wait_queue(&pf->rwait, &wait);
 436
 437	if (skb == 0)
 438		goto out;
 439
 440	ret = -EOVERFLOW;
 441	if (skb->len > count)
 442		goto outf;
 443	ret = -EFAULT;
 444	if (copy_to_user(buf, skb->data, skb->len))
 445		goto outf;
 446	ret = skb->len;
 447
 448 outf:
 449	kfree_skb(skb);
 450 out:
 451	return ret;
 452}
 453
 454static ssize_t ppp_write(struct file *file, const char __user *buf,
 455			 size_t count, loff_t *ppos)
 456{
 457	struct ppp_file *pf = file->private_data;
 458	struct sk_buff *skb;
 459	ssize_t ret;
 460
 461	if (pf == 0)
 462		return -ENXIO;
 463	ret = -ENOMEM;
 464	skb = alloc_skb(count + pf->hdrlen, GFP_KERNEL);
 465	if (skb == 0)
 466		goto out;
 467	skb_reserve(skb, pf->hdrlen);
 468	ret = -EFAULT;
 469	if (copy_from_user(skb_put(skb, count), buf, count)) {
 470		kfree_skb(skb);
 471		goto out;
 472	}
 473
 474	skb_queue_tail(&pf->xq, skb);
 475
 476	switch (pf->kind) {
 477	case INTERFACE:
 478		ppp_xmit_process(PF_TO_PPP(pf));
 479		break;
 480	case CHANNEL:
 481		ppp_channel_push(PF_TO_CHANNEL(pf));
 482		break;
 483	}
 484
 485	ret = count;
 486
 487 out:
 488	return ret;
 489}
 490
 491/* No kernel lock - fine */
 492static unsigned int ppp_poll(struct file *file, poll_table *wait)
 493{
 494	struct ppp_file *pf = file->private_data;
 495	unsigned int mask;
 496
 497	if (pf == 0)
 498		return 0;
 499	poll_wait(file, &pf->rwait, wait);
 500	mask = POLLOUT | POLLWRNORM;
 501	if (skb_peek(&pf->rq) != 0)
 502		mask |= POLLIN | POLLRDNORM;
 503	if (pf->dead)
 504		mask |= POLLHUP;
 505	else if (pf->kind == INTERFACE) {
 506		/* see comment in ppp_read */
 507		struct ppp *ppp = PF_TO_PPP(pf);
 508		if (ppp->n_channels == 0
 509		    && (ppp->flags & SC_LOOP_TRAFFIC) == 0)
 510			mask |= POLLIN | POLLRDNORM;
 511	}
 512
 513	return mask;
 514}
 515
 516#ifdef CONFIG_PPP_FILTER
 517static int get_filter(void __user *arg, struct sock_filter **p)
 518{
 519	struct sock_fprog uprog;
 520	struct sock_filter *code = NULL;
 521	int len, err;
 522
 523	if (copy_from_user(&uprog, arg, sizeof(uprog)))
 524		return -EFAULT;
 525
 526	if (uprog.len > BPF_MAXINSNS)
 527		return -EINVAL;
 528
 529	if (!uprog.len) {
 530		*p = NULL;
 531		return 0;
 532	}
 533
 534	len = uprog.len * sizeof(struct sock_filter);
 535	code = kmalloc(len, GFP_KERNEL);
 536	if (code == NULL)
 537		return -ENOMEM;
 538
 539	if (copy_from_user(code, uprog.filter, len)) {
 540		kfree(code);
 541		return -EFAULT;
 542	}
 543
 544	err = sk_chk_filter(code, uprog.len);
 545	if (err) {
 546		kfree(code);
 547		return err;
 548	}
 549
 550	*p = code;
 551	return uprog.len;
 552}
 553#endif /* CONFIG_PPP_FILTER */
 554
 555static int ppp_ioctl(struct inode *inode, struct file *file,
 556		     unsigned int cmd, unsigned long arg)
 557{
 558	struct ppp_file *pf = file->private_data;
 559	struct ppp *ppp;
 560	int err = -EFAULT, val, val2, i;
 561	struct ppp_idle idle;
 562	struct npioctl npi;
 563	int unit, cflags;
 564	struct slcompress *vj;
 565	void __user *argp = (void __user *)arg;
 566	int __user *p = argp;
 567
 568	if (pf == 0)
 569		return ppp_unattached_ioctl(pf, file, cmd, arg);
 570
 571	if (cmd == PPPIOCDETACH) {
 572		/*
 573		 * We have to be careful here... if the file descriptor
 574		 * has been dup'd, we could have another process in the
 575		 * middle of a poll using the same file *, so we had
 576		 * better not free the interface data structures -
 577		 * instead we fail the ioctl.  Even in this case, we
 578		 * shut down the interface if we are the owner of it.
 579		 * Actually, we should get rid of PPPIOCDETACH, userland
 580		 * (i.e. pppd) could achieve the same effect by closing
 581		 * this fd and reopening /dev/ppp.
 582		 */
 583		err = -EINVAL;
 584		if (pf->kind == INTERFACE) {
 585			ppp = PF_TO_PPP(pf);
 586			if (file == ppp->owner)
 587				ppp_shutdown_interface(ppp);
 588		}
 589		if (atomic_read(&file->f_count) <= 2) {
 590			ppp_release(inode, file);
 591			err = 0;
 592		} else
 593			printk(KERN_DEBUG "PPPIOCDETACH file->f_count=%d\n",
 594			       atomic_read(&file->f_count));
 595		return err;
 596	}
 597
 598	if (pf->kind == CHANNEL) {
 599		struct channel *pch = PF_TO_CHANNEL(pf);
 600		struct ppp_channel *chan;
 601
 602		switch (cmd) {
 603		case PPPIOCCONNECT:
 604			if (get_user(unit, p))
 605				break;
 606			err = ppp_connect_channel(pch, unit);
 607			break;
 608
 609		case PPPIOCDISCONN:
 610			err = ppp_disconnect_channel(pch);
 611			break;
 612
 613		default:
 614			down_read(&pch->chan_sem);
 615			chan = pch->chan;
 616			err = -ENOTTY;
 617			if (chan && chan->ops->ioctl)
 618				err = chan->ops->ioctl(chan, cmd, arg);
 619			up_read(&pch->chan_sem);
 620		}
 621		return err;
 622	}
 623
 624	if (pf->kind != INTERFACE) {
 625		/* can't happen */
 626		printk(KERN_ERR "PPP: not interface or channel??\n");
 627		return -EINVAL;
 628	}
 629
 630	ppp = PF_TO_PPP(pf);
 631	switch (cmd) {
 632	case PPPIOCSMRU:
 633		if (get_user(val, p))
 634			break;
 635		ppp->mru = val;
 636		err = 0;
 637		break;
 638
 639	case PPPIOCSFLAGS:
 640		if (get_user(val, p))
 641			break;
 642		ppp_lock(ppp);
 643		cflags = ppp->flags & ~val;
 644		ppp->flags = val & SC_FLAG_BITS;
 645		ppp_unlock(ppp);
 646		if (cflags & SC_CCP_OPEN)
 647			ppp_ccp_closed(ppp);
 648		err = 0;
 649		break;
 650
 651	case PPPIOCGFLAGS:
 652		val = ppp->flags | ppp->xstate | ppp->rstate;
 653		if (put_user(val, p))
 654			break;
 655		err = 0;
 656		break;
 657
 658	case PPPIOCSCOMPRESS:
 659		err = ppp_set_compress(ppp, arg);
 660		break;
 661
 662	case PPPIOCGUNIT:
 663		if (put_user(ppp->file.index, p))
 664			break;
 665		err = 0;
 666		break;
 667
 668	case PPPIOCSDEBUG:
 669		if (get_user(val, p))
 670			break;
 671		ppp->debug = val;
 672		err = 0;
 673		break;
 674
 675	case PPPIOCGDEBUG:
 676		if (put_user(ppp->debug, p))
 677			break;
 678		err = 0;
 679		break;
 680
 681	case PPPIOCGIDLE:
 682		idle.xmit_idle = (jiffies - ppp->last_xmit) / HZ;
 683		idle.recv_idle = (jiffies - ppp->last_recv) / HZ;
 684		if (copy_to_user(argp, &idle, sizeof(idle)))
 685			break;
 686		err = 0;
 687		break;
 688
 689	case PPPIOCSMAXCID:
 690		if (get_user(val, p))
 691			break;
 692		val2 = 15;
 693		if ((val >> 16) != 0) {
 694			val2 = val >> 16;
 695			val &= 0xffff;
 696		}
 697		vj = slhc_init(val2+1, val+1);
 698		if (vj == 0) {
 699			printk(KERN_ERR "PPP: no memory (VJ compressor)\n");
 700			err = -ENOMEM;
 701			break;
 702		}
 703		ppp_lock(ppp);
 704		if (ppp->vj != 0)
 705			slhc_free(ppp->vj);
 706		ppp->vj = vj;
 707		ppp_unlock(ppp);
 708		err = 0;
 709		break;
 710
 711	case PPPIOCGNPMODE:
 712	case PPPIOCSNPMODE:
 713		if (copy_from_user(&npi, argp, sizeof(npi)))
 714			break;
 715		err = proto_to_npindex(npi.protocol);
 716		if (err < 0)
 717			break;
 718		i = err;
 719		if (cmd == PPPIOCGNPMODE) {
 720			err = -EFAULT;
 721			npi.mode = ppp->npmode[i];
 722			if (copy_to_user(argp, &npi, sizeof(npi)))
 723				break;
 724		} else {
 725			ppp->npmode[i] = npi.mode;
 726			/* we may be able to transmit more packets now (??) */
 727			netif_wake_queue(ppp->dev);
 728		}
 729		err = 0;
 730		break;
 731
 732#ifdef CONFIG_PPP_FILTER
 733	case PPPIOCSPASS:
 734	{
 735		struct sock_filter *code;
 736		err = get_filter(argp, &code);
 737		if (err >= 0) {
 738			ppp_lock(ppp);
 739			kfree(ppp->pass_filter);
 740			ppp->pass_filter = code;
 741			ppp->pass_len = err;
 742			ppp_unlock(ppp);
 743			err = 0;
 744		}
 745		break;
 746	}
 747	case PPPIOCSACTIVE:
 748	{
 749		struct sock_filter *code;
 750		err = get_filter(argp, &code);
 751		if (err >= 0) {
 752			ppp_lock(ppp);
 753			kfree(ppp->active_filter);
 754			ppp->active_filter = code;
 755			ppp->active_len = err;
 756			ppp_unlock(ppp);
 757			err = 0;
 758		}
 759		break;
 760	}
 761#endif /* CONFIG_PPP_FILTER */
 762
 763#ifdef CONFIG_PPP_MULTILINK
 764	case PPPIOCSMRRU:
 765		if (get_user(val, p))
 766			break;
 767		ppp_recv_lock(ppp);
 768		ppp->mrru = val;
 769		ppp_recv_unlock(ppp);
 770		err = 0;
 771		break;
 772#endif /* CONFIG_PPP_MULTILINK */
 773
 774	default:
 775		err = -ENOTTY;
 776	}
 777
 778	return err;
 779}
 780
 781static int ppp_unattached_ioctl(struct ppp_file *pf, struct file *file,
 782				unsigned int cmd, unsigned long arg)
 783{
 784	int unit, err = -EFAULT;
 785	struct ppp *ppp;
 786	struct channel *chan;
 787	int __user *p = (int __user *)arg;
 788
 789	switch (cmd) {
 790	case PPPIOCNEWUNIT:
 791		/* Create a new ppp unit */
 792		if (get_user(unit, p))
 793			break;
 794		ppp = ppp_create_interface(unit, &err);
 795		if (ppp == 0)
 796			break;
 797		file->private_data = &ppp->file;
 798		ppp->owner = file;
 799		err = -EFAULT;
 800		if (put_user(ppp->file.index, p))
 801			break;
 802		err = 0;
 803		break;
 804
 805	case PPPIOCATTACH:
 806		/* Attach to an existing ppp unit */
 807		if (get_user(unit, p))
 808			break;
 809		down(&all_ppp_sem);
 810		err = -ENXIO;
 811		ppp = ppp_find_unit(unit);
 812		if (ppp != 0) {
 813			atomic_inc(&ppp->file.refcnt);
 814			file->private_data = &ppp->file;
 815			err = 0;
 816		}
 817		up(&all_ppp_sem);
 818		break;
 819
 820	case PPPIOCATTCHAN:
 821		if (get_user(unit, p))
 822			break;
 823		spin_lock_bh(&all_channels_lock);
 824		err = -ENXIO;
 825		chan = ppp_find_channel(unit);
 826		if (chan != 0) {
 827			atomic_inc(&chan->file.refcnt);
 828			file->private_data = &chan->file;
 829			err = 0;
 830		}
 831		spin_unlock_bh(&all_channels_lock);
 832		break;
 833
 834	default:
 835		err = -ENOTTY;
 836	}
 837	return err;
 838}
 839
 840static struct file_operations ppp_device_fops = {
 841	.owner		= THIS_MODULE,
 842	.read		= ppp_read,
 843	.write		= ppp_write,
 844	.poll		= ppp_poll,
 845	.ioctl		= ppp_ioctl,
 846	.open		= ppp_open,
 847	.release	= ppp_release
 848};
 849
 850#define PPP_MAJOR	108
 851
 852/* Called at boot time if ppp is compiled into the kernel,
 853   or at module load time (from init_module) if compiled as a module. */
 854static int __init ppp_init(void)
 855{
 856	int err;
 857
 858	printk(KERN_INFO "PPP generic driver version " PPP_VERSION "\n");
 859	err = register_chrdev(PPP_MAJOR, "ppp", &ppp_device_fops);
 860	if (!err) {
 861		ppp_class = class_create(THIS_MODULE, "ppp");
 862		if (IS_ERR(ppp_class)) {
 863			err = PTR_ERR(ppp_class);
 864			goto out_chrdev;
 865		}
 866		class_device_create(ppp_class, MKDEV(PPP_MAJOR, 0), NULL, "ppp");
 867		err = devfs_mk_cdev(MKDEV(PPP_MAJOR, 0),
 868				S_IFCHR|S_IRUSR|S_IWUSR, "ppp");
 869		if (err)
 870			goto out_class;
 871	}
 872
 873out:
 874	if (err)
 875		printk(KERN_ERR "failed to register PPP device (%d)\n", err);
 876	return err;
 877
 878out_class:
 879	class_device_destroy(ppp_class, MKDEV(PPP_MAJOR,0));
 880	class_destroy(ppp_class);
 881out_chrdev:
 882	unregister_chrdev(PPP_MAJOR, "ppp");
 883	goto out;
 884}
 885
 886/*
 887 * Network interface unit routines.
 888 */
 889static int
 890ppp_start_xmit(struct sk_buff *skb, struct net_device *dev)
 891{
 892	struct ppp *ppp = (struct ppp *) dev->priv;
 893	int npi, proto;
 894	unsigned char *pp;
 895
 896	npi = ethertype_to_npindex(ntohs(skb->protocol));
 897	if (npi < 0)
 898		goto outf;
 899
 900	/* Drop, accept or reject the packet */
 901	switch (ppp->npmode[npi]) {
 902	case NPMODE_PASS:
 903		break;
 904	case NPMODE_QUEUE:
 905		/* it would be nice to have a way to tell the network
 906		   system to queue this one up for later. */
 907		goto outf;
 908	case NPMODE_DROP:
 909	case NPMODE_ERROR:
 910		goto outf;
 911	}
 912
 913	/* Put the 2-byte PPP protocol number on the front,
 914	   making sure there is room for the address and control fields. */
 915	if (skb_headroom(skb) < PPP_HDRLEN) {
 916		struct sk_buff *ns;
 917
 918		ns = alloc_skb(skb->len + dev->hard_header_len, GFP_ATOMIC);
 919		if (ns == 0)
 920			goto outf;
 921		skb_reserve(ns, dev->hard_header_len);
 922		skb_copy_bits(skb, 0, skb_put(ns, skb->len), skb->len);
 923		kfree_skb(skb);
 924		skb = ns;
 925	}
 926	pp = skb_push(skb, 2);
 927	proto = npindex_to_proto[npi];
 928	pp[0] = proto >> 8;
 929	pp[1] = proto;
 930
 931	netif_stop_queue(dev);
 932	skb_queue_tail(&ppp->file.xq, skb);
 933	ppp_xmit_process(ppp);
 934	return 0;
 935
 936 outf:
 937	kfree_skb(skb);
 938	++ppp->stats.tx_dropped;
 939	return 0;
 940}
 941
 942static struct net_device_stats *
 943ppp_net_stats(struct net_device *dev)
 944{
 945	struct ppp *ppp = (struct ppp *) dev->priv;
 946
 947	return &ppp->stats;
 948}
 949
 950static int
 951ppp_net_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
 952{
 953	struct ppp *ppp = dev->priv;
 954	int err = -EFAULT;
 955	void __user *addr = (void __user *) ifr->ifr_ifru.ifru_data;
 956	struct ppp_stats stats;
 957	struct ppp_comp_stats cstats;
 958	char *vers;
 959
 960	switch (cmd) {
 961	case SIOCGPPPSTATS:
 962		ppp_get_stats(ppp, &stats);
 963		if (copy_to_user(addr, &stats, sizeof(stats)))
 964			break;
 965		err = 0;
 966		break;
 967
 968	case SIOCGPPPCSTATS:
 969		memset(&cstats, 0, sizeof(cstats));
 970		if (ppp->xc_state != 0)
 971			ppp->xcomp->comp_stat(ppp->xc_state, &cstats.c);
 972		if (ppp->rc_state != 0)
 973			ppp->rcomp->decomp_stat(ppp->rc_state, &cstats.d);
 974		if (copy_to_user(addr, &cstats, sizeof(cstats)))
 975			break;
 976		err = 0;
 977		break;
 978
 979	case SIOCGPPPVER:
 980		vers = PPP_VERSION;
 981		if (copy_to_user(addr, vers, strlen(vers) + 1))
 982			break;
 983		err = 0;
 984		break;
 985
 986	default:
 987		err = -EINVAL;
 988	}
 989
 990	return err;
 991}
 992
 993static void ppp_setup(struct net_device *dev)
 994{
 995	dev->hard_header_len = PPP_HDRLEN;
 996	dev->mtu = PPP_MTU;
 997	dev->addr_len = 0;
 998	dev->tx_queue_len = 3;
 999	dev->type = ARPHRD_PPP;
1000	dev->flags = IFF_POINTOPOINT | IFF_NOARP | IFF_MULTICAST;
1001}
1002
1003/*
1004 * Transmit-side routines.
1005 */
1006
1007/*
1008 * Called to do any work queued up on the transmit side
1009 * that can now be done.
1010 */
1011static void
1012ppp_xmit_process(struct ppp *ppp)
1013{
1014	struct sk_buff *skb;
1015
1016	ppp_xmit_lock(ppp);
1017	if (ppp->dev != 0) {
1018		ppp_push(ppp);
1019		while (ppp->xmit_pending == 0
1020		       && (skb = skb_dequeue(&ppp->file.xq)) != 0)
1021			ppp_send_frame(ppp, skb);
1022		/* If there's no work left to do, tell the core net
1023		   code that we can accept some more. */
1024		if (ppp->xmit_pending == 0 && skb_peek(&ppp->file.xq) == 0)
1025			netif_wake_queue(ppp->dev);
1026	}
1027	ppp_xmit_unlock(ppp);
1028}
1029
1030/*
1031 * Compress and send a frame.
1032 * The caller should have locked the xmit path,
1033 * and xmit_pending should be 0.
1034 */
1035static void
1036ppp_send_frame(struct ppp *ppp, struct sk_buff *skb)
1037{
1038	int proto = PPP_PROTO(skb);
1039	struct sk_buff *new_skb;
1040	int len;
1041	unsigned char *cp;
1042
1043	if (proto < 0x8000) {
1044#ifdef CONFIG_PPP_FILTER
1045		/* check if we should pass this packet */
1046		/* the filter instructions are constructed assuming
1047		   a four-byte PPP header on each packet */
1048		*skb_push(skb, 2) = 1;
1049		if (ppp->pass_filter
1050		    && sk_run_filter(skb, ppp->pass_filter,
1051				     ppp->pass_len) == 0) {
1052			if (ppp->debug & 1)
1053				printk(KERN_DEBUG "PPP: outbound frame not passed\n");
1054			kfree_skb(skb);
1055			return;
1056		}
1057		/* if this packet passes the active filter, record the time */
1058		if (!(ppp->active_filter
1059		      && sk_run_filter(skb, ppp->active_filter,
1060				       ppp->active_len) == 0))
1061			ppp->last_xmit = jiffies;
1062		skb_pull(skb, 2);
1063#else
1064		/* for data packets, record the time */
1065		ppp->last_xmit = jiffies;
1066#endif /* CONFIG_PPP_FILTER */
1067	}
1068
1069	++ppp->stats.tx_packets;
1070	ppp->stats.tx_bytes += skb->len - 2;
1071
1072	switch (proto) {
1073	case PPP_IP:
1074		if (ppp->vj == 0 || (ppp->flags & SC_COMP_TCP) == 0)
1075			break;
1076		/* try to do VJ TCP header compression */
1077		new_skb = alloc_skb(skb->len + ppp->dev->hard_header_len - 2,
1078				    GFP_ATOMIC);
1079		if (new_skb == 0) {
1080			printk(KERN_ERR "PPP: no memory (VJ comp pkt)\n");
1081			goto drop;
1082		}
1083		skb_reserve(new_skb, ppp->dev->hard_header_len - 2);
1084		cp = skb->data + 2;
1085		len = slhc_compress(ppp->vj, cp, skb->len - 2,
1086				    new_skb->data + 2, &cp,
1087				    !(ppp->flags & SC_NO_TCP_CCID));
1088		if (cp == skb->data + 2) {
1089			/* didn't compress */
1090			kfree_skb(new_skb);
1091		} else {
1092			if (cp[0] & SL_TYPE_COMPRESSED_TCP) {
1093				proto = PPP_VJC_COMP;
1094				cp[0] &= ~SL_TYPE_COMPRESSED_TCP;
1095			} else {
1096				proto = PPP_VJC_UNCOMP;
1097				cp[0] = skb->data[2];
1098			}
1099			kfree_skb(skb);
1100			skb = new_skb;
1101			cp = skb_put(skb, len + 2);
1102			cp[0] = 0;
1103			cp[1] = proto;
1104		}
1105		break;
1106
1107	case PPP_CCP:
1108		/* peek at outbound CCP frames */
1109		ppp_ccp_peek(ppp, skb, 0);
1110		break;
1111	}
1112
1113	/* try to do packet compression */
1114	if ((ppp->xstate & SC_COMP_RUN) && ppp->xc_state != 0
1115	    && proto != PPP_LCP && proto != PPP_CCP) {
1116		new_skb = alloc_skb(ppp->dev->mtu + ppp->dev->hard_header_len,
1117				    GFP_ATOMIC);
1118		if (new_skb == 0) {
1119			printk(KERN_ERR "PPP: no memory (comp pkt)\n");
1120			goto drop;
1121		}
1122		if (ppp->dev->hard_header_len > PPP_HDRLEN)
1123			skb_reserve(new_skb,
1124				    ppp->dev->hard_header_len - PPP_HDRLEN);
1125
1126		/* compressor still expects A/C bytes in hdr */
1127		len = ppp->xcomp->compress(ppp->xc_state, skb->data - 2,
1128					   new_skb->data, skb->len + 2,
1129					   ppp->dev->mtu + PPP_HDRLEN);
1130		if (len > 0 && (ppp->flags & SC_CCP_UP)) {
1131			kfree_skb(skb);
1132			skb = new_skb;
1133			skb_put(skb, len);
1134			skb_pull(skb, 2);	/* pull off A/C bytes */
1135		} else {
1136			/* didn't compress, or CCP not up yet */
1137			kfree_skb(new_skb);
1138		}
1139	}
1140
1141	/*
1142	 * If we are waiting for traffic (demand dialling),
1143	 * queue it up for pppd to receive.
1144	 */
1145	if (ppp->flags & SC_LOOP_TRAFFIC) {
1146		if (ppp->file.rq.qlen > PPP_MAX_RQLEN)
1147			goto drop;
1148		skb_queue_tail(&ppp->file.rq, skb);
1149		wake_up_interruptible(&ppp->file.rwait);
1150		return;
1151	}
1152
1153	ppp->xmit_pending = skb;
1154	ppp_push(ppp);
1155	return;
1156
1157 drop:
1158	kfree_skb(skb);
1159	++ppp->stats.tx_errors;
1160}
1161
1162/*
1163 * Try to send the frame in xmit_pending.
1164 * The caller should have the xmit path locked.
1165 */
1166static void
1167ppp_push(struct ppp *ppp)
1168{
1169	struct list_head *list;
1170	struct channel *pch;
1171	struct sk_buff *skb = ppp->xmit_pending;
1172
1173	if (skb == 0)
1174		return;
1175
1176	list = &ppp->channels;
1177	if (list_empty(list)) {
1178		/* nowhere to send the packet, just drop it */
1179		ppp->xmit_pending = NULL;
1180		kfree_skb(skb);
1181		return;
1182	}
1183
1184	if ((ppp->flags & SC_MULTILINK) == 0) {
1185		/* not doing multilink: send it down the first channel */
1186		list = list->next;
1187		pch = list_entry(list, struct channel, clist);
1188
1189		spin_lock_bh(&pch->downl);
1190		if (pch->chan) {
1191			if (pch->chan->ops->start_xmit(pch->chan, skb))
1192				ppp->xmit_pending = NULL;
1193		} else {
1194			/* channel got unregistered */
1195			kfree_skb(skb);
1196			ppp->xmit_pending = NULL;
1197		}
1198		spin_unlock_bh(&pch->downl);
1199		return;
1200	}
1201
1202#ifdef CONFIG_PPP_MULTILINK
1203	/* Multilink: fragment the packet over as many links
1204	   as can take the packet at the moment. */
1205	if (!ppp_mp_explode(ppp, skb))
1206		return;
1207#endif /* CONFIG_PPP_MULTILINK */
1208
1209	ppp->xmit_pending = NULL;
1210	kfree_skb(skb);
1211}
1212
1213#ifdef CONFIG_PPP_MULTILINK
1214/*
1215 * Divide a packet to be transmitted into fragments and
1216 * send them out the individual links.
1217 */
1218static int ppp_mp_explode(struct ppp *ppp, struct sk_buff *skb)
1219{
1220	int len, fragsize;
1221	int i, bits, hdrlen, mtu;
1222	int flen;
1223	int navail, nfree;
1224	int nbigger;
1225	unsigned char *p, *q;
1226	struct list_head *list;
1227	struct channel *pch;
1228	struct sk_buff *frag;
1229	struct ppp_channel *chan;
1230
1231	nfree = 0;	/* # channels which have no packet already queued */
1232	navail = 0;	/* total # of usable channels (not deregistered) */
1233	hdrlen = (ppp->flags & SC_MP_XSHORTSEQ)? MPHDRLEN_SSN: MPHDRLEN;
1234	i = 0;
1235	list_for_each_entry(pch, &ppp->channels, clist) {
1236		navail += pch->avail = (pch->chan != NULL);
1237		if (pch->avail) {
1238			if (skb_queue_empty(&pch->file.xq) ||
1239			    !pch->had_frag) {
1240				pch->avail = 2;
1241				++nfree;
1242			}
1243			if (!pch->had_frag && i < ppp->nxchan)
1244				ppp->nxchan = i;
1245		}
1246		++i;
1247	}
1248
1249	/*
1250	 * Don't start sending this packet unless at least half of
1251	 * the channels are free.  This gives much better TCP
1252	 * performance if we have a lot of channels.
1253	 */
1254	if (nfree == 0 || nfree < navail / 2)
1255		return 0;	/* can't take now, leave it in xmit_pending */
1256
1257	/* Do protocol field compression (XXX this should be optional) */
1258	p = skb->data;
1259	len = skb->len;
1260	if (*p == 0) {
1261		++p;
1262		--len;
1263	}
1264
1265	/*
1266	 * Decide on fragment size.
1267	 * We create a fragment for each free channel regardless of
1268	 * how small they are (i.e. even 0 length) in order to minimize
1269	 * the time that it will take to detect when a channel drops
1270	 * a fragment.
1271	 */
1272	fragsize = len;
1273	if (nfree > 1)
1274		fragsize = ROUNDUP(fragsize, nfree);
1275	/* nbigger channels get fragsize bytes, the rest get fragsize-1,
1276	   except if nbigger==0, then they all get fragsize. */
1277	nbigger = len % nfree;
1278
1279	/* skip to the channel after the one we last used
1280	   and start at that one */
1281	list = &ppp->channels;
1282	for (i = 0; i < ppp->nxchan; ++i) {
1283		list = list->next;
1284		if (list == &ppp->channels) {
1285			i = 0;
1286			break;
1287		}
1288	}
1289
1290	/* create a fragment for each channel */
1291	bits = B;
1292	while (nfree > 0 || len > 0) {
1293		list = list->next;
1294		if (list == &ppp->channels) {
1295			i = 0;
1296			continue;
1297		}
1298		pch = list_entry(list, struct channel, clist);
1299		++i;
1300		if (!pch->avail)
1301			continue;
1302
1303		/*
1304		 * Skip this channel if it has a fragment pending already and
1305		 * we haven't given a fragment to all of the free channels.
1306		 */
1307		if (pch->avail == 1) {
1308			if (nfree > 0)
1309				continue;
1310		} else {
1311			--nfree;
1312			pch->avail = 1;
1313		}
1314
1315		/* check the channel's mtu and whether it is still attached. */
1316		spin_lock_bh(&pch->downl);
1317		if (pch->chan == NULL) {
1318			/* can't use this channel, it's being deregistered */
1319			spin_unlock_bh(&pch->downl);
1320			pch->avail = 0;
1321			if (--navail == 0)
1322				break;
1323			continue;
1324		}
1325
1326		/*
1327		 * Create a fragment for this channel of
1328		 * min(max(mtu+2-hdrlen, 4), fragsize, len) bytes.
1329		 * If mtu+2-hdrlen < 4, that is a ridiculously small
1330		 * MTU, so we use mtu = 2 + hdrlen.
1331		 */
1332		if (fragsize > len)
1333			fragsize = len;
1334		flen = fragsize;
1335		mtu = pch->chan->mtu + 2 - hdrlen;
1336		if (mtu < 4)
1337			mtu = 4;
1338		if (flen > mtu)
1339			flen = mtu;
1340		if (flen == len && nfree == 0)
1341			bits |= E;
1342		frag = alloc_skb(flen + hdrlen + (flen == 0), GFP_ATOMIC);
1343		if (frag == 0)
1344			goto noskb;
1345		q = skb_put(frag, flen + hdrlen);
1346
1347		/* make the MP header */
1348		q[0] = PPP_MP >> 8;
1349		q[1] = PPP_MP;
1350		if (ppp->flags & SC_MP_XSHORTSEQ) {
1351			q[2] = bits + ((ppp->nxseq >> 8) & 0xf);
1352			q[3] = ppp->nxseq;
1353		} else {
1354			q[2] = bits;
1355			q[3] = ppp->nxseq >> 16;
1356			q[4] = ppp->nxseq >> 8;
1357			q[5] = ppp->nxseq;
1358		}
1359
1360		/*
1361		 * Copy the data in.
1362		 * Unfortunately there is a bug in older versions of
1363		 * the Linux PPP multilink reconstruction code where it
1364		 * drops 0-length fragments.  Therefore we make sure the
1365		 * fragment has at least one byte of data.  Any bytes
1366		 * we add in this situation will end up as padding on the
1367		 * end of the reconstructed packet.
1368		 */
1369		if (flen == 0)
1370			*skb_put(frag, 1) = 0;
1371		else
1372			memcpy(q + hdrlen, p, flen);
1373
1374		/* try to send it down the channel */
1375		chan = pch->chan;
1376		if (!skb_queue_empty(&pch->file.xq) ||
1377		    !chan->ops->start_xmit(chan, frag))
1378			skb_queue_tail(&pch->file.xq, frag);
1379		pch->had_frag = 1;
1380		p += flen;
1381		len -= flen;
1382		++ppp->nxseq;
1383		bits = 0;
1384		spin_unlock_bh(&pch->downl);
1385
1386		if (--nbigger == 0 && fragsize > 0)
1387			--fragsize;
1388	}
1389	ppp->nxchan = i;
1390
1391	return 1;
1392
1393 noskb:
1394	spin_unlock_bh(&pch->downl);
1395	if (ppp->debug & 1)
1396		printk(KERN_ERR "PPP: no memory (fragment)\n");
1397	++ppp->stats.tx_errors;
1398	++ppp->nxseq;
1399	return 1;	/* abandon the frame */
1400}
1401#endif /* CONFIG_PPP_MULTILINK */
1402
1403/*
1404 * Try to send data out on a channel.
1405 */
1406static void
1407ppp_channel_push(struct channel *pch)
1408{
1409	struct sk_buff *skb;
1410	struct ppp *ppp;
1411
1412	spin_lock_bh(&pch->downl);
1413	if (pch->chan != 0) {
1414		while (!skb_queue_empty(&pch->file.xq)) {
1415			skb = skb_dequeue(&pch->file.xq);
1416			if (!pch->chan->ops->start_xmit(pch->chan, skb)) {
1417				/* put the packet back and try again later */
1418				skb_queue_head(&pch->file.xq, skb);
1419				break;
1420			}
1421		}
1422	} else {
1423		/* channel got deregistered */
1424		skb_queue_purge(&pch->file.xq);
1425	}
1426	spin_unlock_bh(&pch->downl);
1427	/* see if there is anything from the attached unit to be sent */
1428	if (skb_queue_empty(&pch->file.xq)) {
1429		read_lock_bh(&pch->upl);
1430		ppp = pch->ppp;
1431		if (ppp != 0)
1432			ppp_xmit_process(ppp);
1433		read_unlock_bh(&pch->upl);
1434	}
1435}
1436
1437/*
1438 * Receive-side routines.
1439 */
1440
1441/* misuse a few fields of the skb for MP reconstruction */
1442#define sequence	priority
1443#define BEbits		cb[0]
1444
1445static inline void
1446ppp_do_recv(struct ppp *ppp, struct sk_buff *skb, struct channel *pch)
1447{
1448	ppp_recv_lock(ppp);
1449	/* ppp->dev == 0 means interface is closing down */
1450	if (ppp->dev != 0)
1451		ppp_receive_frame(ppp, skb, pch);
1452	else
1453		kfree_skb(skb);
1454	ppp_recv_unlock(ppp);
1455}
1456
1457void
1458ppp_input(struct ppp_channel *chan, struct sk_buff *skb)
1459{
1460	struct channel *pch = chan->ppp;
1461	int proto;
1462
1463	if (pch == 0 || skb->len == 0) {
1464		kfree_skb(skb);
1465		return;
1466	}
1467
1468	proto = PPP_PROTO(skb);
1469	read_lock_bh(&pch->upl);
1470	if (pch->ppp == 0 || proto >= 0xc000 || proto == PPP_CCPFRAG) {
1471		/* put it on the channel queue */
1472		skb_queue_tail(&pch->file.rq, skb);
1473		/* drop old frames if queue too long */
1474		while (pch->file.rq.qlen > PPP_MAX_RQLEN
1475		       && (skb = skb_dequeue(&pch->file.rq)) != 0)
1476			kfree_skb(skb);
1477		wake_up_interruptible(&pch->file.rwait);
1478	} else {
1479		ppp_do_recv(pch->ppp, skb, pch);
1480	}
1481	read_unlock_bh(&pch->upl);
1482}
1483
1484/* Put a 0-length skb in the receive queue as an error indication */
1485void
1486ppp_input_error(struct ppp_channel *chan, int code)
1487{
1488	struct channel *pch = chan->ppp;
1489	struct sk_buff *skb;
1490
1491	if (pch == 0)
1492		return;
1493
1494	read_lock_bh(&pch->upl);
1495	if (pch->ppp != 0) {
1496		skb = alloc_skb(0, GFP_ATOMIC);
1497		if (skb != 0) {
1498			skb->len = 0;		/* probably unnecessary */
1499			skb->cb[0] = code;
1500			ppp_do_recv(pch->ppp, skb, pch);
1501		}
1502	}
1503	read_unlock_bh(&pch->upl);
1504}
1505
1506/*
1507 * We come in here to process a received frame.
1508 * The receive side of the ppp unit is locked.
1509 */
1510static void
1511ppp_receive_frame(struct ppp *ppp, struct sk_buff *skb, struct channel *pch)
1512{
1513	if (skb->len >= 2) {
1514#ifdef CONFIG_PPP_MULTILINK
1515		/* XXX do channel-level decompression here */
1516		if (PPP_PROTO(skb) == PPP_MP)
1517			ppp_receive_mp_frame(ppp, skb, pch);
1518		else
1519#endif /* CONFIG_PPP_MULTILINK */
1520			ppp_receive_nonmp_frame(ppp, skb);
1521		return;
1522	}
1523
1524	if (skb->len > 0)
1525		/* note: a 0-length skb is used as an error indication */
1526		++ppp->stats.rx_length_errors;
1527
1528	kfree_skb(skb);
1529	ppp_receive_error(ppp);
1530}
1531
1532static void
1533ppp_receive_error(struct ppp *ppp)
1534{
1535	++ppp->stats.rx_errors;
1536	if (ppp->vj != 0)
1537		slhc_toss(ppp->vj);
1538}
1539
1540static void
1541ppp_receive_nonmp_frame(struct ppp *ppp, struct sk_buff *skb)
1542{
1543	struct sk_buff *ns;
1544	int proto, len, npi;
1545
1546	/*
1547	 * Decompress the frame, if compressed.
1548	 * Note that some decompressors need to see uncompressed frames
1549	 * that come in as well as compressed frames.
1550	 */
1551	if (ppp->rc_state != 0 && (ppp->rstate & SC_DECOMP_RUN)
1552	    && (ppp->rstate & (SC_DC_FERROR | SC_DC_ERROR)) == 0)
1553		skb = ppp_decompress_frame(ppp, skb);
1554
1555	proto = PPP_PROTO(skb);
1556	switch (proto) {
1557	case PPP_VJC_COMP:
1558		/* decompress VJ compressed packets */
1559		if (ppp->vj == 0 || (ppp->flags & SC_REJ_COMP_TCP))
1560			goto err;
1561
1562		if (skb_tailroom(skb) < 124) {
1563			/* copy to a new sk_buff with more tailroom */
1564			ns = dev_alloc_skb(skb->len + 128);
1565			if (ns == 0) {
1566				printk(KERN_ERR"PPP: no memory (VJ decomp)\n");
1567				goto err;
1568			}
1569			skb_reserve(ns, 2);
1570			skb_copy_bits(skb, 0, skb_put(ns, skb->len), skb->len);
1571			kfree_skb(skb);
1572			skb = ns;
1573		}
1574		else if (!pskb_may_pull(skb, skb->len))
1575			goto err;
1576
1577		len = slhc_uncompress(ppp->vj, skb->data + 2, skb->len - 2);
1578		if (len <= 0) {
1579			printk(KERN_DEBUG "PPP: VJ decompression error\n");
1580			goto err;
1581		}
1582		len += 2;
1583		if (len > skb->len)
1584			skb_put(skb, len - skb->len);
1585		else if (len < skb->len)
1586			skb_trim(skb, len);
1587		proto = PPP_IP;
1588		break;
1589
1590	case PPP_VJC_UNCOMP:
1591		if (ppp->vj == 0 || (ppp->flags & SC_REJ_COMP_TCP))
1592			goto err;
1593		
1594		/* Until we fix the decompressor need to make sure
1595		 * data portion is linear.
1596		 */
1597		if (!pskb_may_pull(skb, skb->len)) 
1598			goto err;
1599
1600		if (slhc_remember(ppp->vj, skb->data + 2, skb->len - 2) <= 0) {
1601			printk(KERN_ERR "PPP: VJ uncompressed error\n");
1602			goto err;
1603		}
1604		proto = PPP_IP;
1605		break;
1606
1607	case PPP_CCP:
1608		ppp_ccp_peek(ppp, skb, 1);
1609		break;
1610	}
1611
1612	++ppp->stats.rx_packets;
1613	ppp->stats.rx_bytes += skb->len - 2;
1614
1615	npi = proto_to_npindex(proto);
1616	if (npi < 0) {
1617		/* control or unknown frame - pass it to pppd */
1618		skb_queue_tail(&ppp->file.rq, skb);
1619		/* limit queue length by dropping old frames */
1620		while (ppp->file.rq.qlen > PPP_MAX_RQLEN
1621		       && (skb = skb_dequeue(&ppp->file.rq)) != 0)
1622			kfree_skb(skb);
1623		/* wake up any process polling or blocking on read */
1624		wake_up_interruptible(&ppp->file.rwait);
1625
1626	} else {
1627		/* network protocol frame - give it to the kernel */
1628
1629#ifdef CONFIG_PPP_FILTER
1630		/* check if the packet passes the pass and active filters */
1631		/* the filter instructions are constructed assuming
1632		   a four-byte PPP header on each packet */
1633		*skb_push(skb, 2) = 0;
1634		if (ppp->pass_filter
1635		    && sk_run_filter(skb, ppp->pass_filter,
1636				     ppp->pass_len) == 0) {
1637			if (ppp->debug & 1)
1638				printk(KERN_DEBUG "PPP: inbound frame not passed\n");
1639			kfree_skb(skb);
1640			return;
1641		}
1642		if (!(ppp->active_filter
1643		      && sk_run_filter(skb, ppp->active_filter,
1644				       ppp->active_len) == 0))
1645			ppp->last_recv = jiffies;
1646		skb_pull(skb, 2);
1647#else
1648		ppp->last_recv = jiffies;
1649#endif /* CONFIG_PPP_FILTER */
1650
1651		if ((ppp->dev->flags & IFF_UP) == 0
1652		    || ppp->npmode[npi] != NPMODE_PASS) {
1653			kfree_skb(skb);
1654		} else {
1655			skb_pull(skb, 2);	/* chop off protocol */
1656			skb->dev = ppp->dev;
1657			skb->protocol = htons(npindex_to_ethertype[npi]);
1658			skb->mac.raw = skb->data;
1659			netif_rx(skb);
1660			ppp->dev->last_rx = jiffies;
1661		}
1662	}
1663	return;
1664
1665 err:
1666	kfree_skb(skb);
1667	ppp_receive_error(ppp);
1668}
1669
1670static struct sk_buff *
1671ppp_decompress_frame(struct ppp *ppp, struct sk_buff *skb)
1672{
1673	int proto = PPP_PROTO(skb);
1674	struct sk_buff *ns;
1675	int len;
1676
1677	/* Until we fix all the decompressor's need to make sure
1678	 * data portion is linear.
1679	 */
1680	if (!pskb_may_pull(skb, skb->len))
1681		goto err;
1682
1683	if (proto == PPP_COMP) {
1684		ns = dev_alloc_skb(ppp->mru + PPP_HDRLEN);
1685		if (ns == 0) {
1686			printk(KERN_ERR "ppp_decompress_frame: no memory\n");
1687			goto err;
1688		}
1689		/* the decompressor still expects the A/C bytes in the hdr */
1690		len = ppp->rcomp->decompress(ppp->rc_state, skb->data - 2,
1691				skb->len + 2, ns->data, ppp->mru + PPP_HDRLEN);
1692		if (len < 0) {
1693			/* Pass the compressed frame to pppd as an
1694			   error indication. */
1695			if (len == DECOMP_FATALERROR)
1696				ppp->rstate |= SC_DC_FERROR;
1697			kfree_skb(ns);
1698			goto err;
1699		}
1700
1701		kfree_skb(skb);
1702		skb = ns;
1703		skb_put(skb, len);
1704		skb_pull(skb, 2);	/* pull off the A/C bytes */
1705
1706	} else {
1707		/* Uncompressed frame - pass to decompressor so it
1708		   can update its dictionary if necessary. */
1709		if (ppp->rcomp->incomp)
1710			ppp->rcomp->incomp(ppp->rc_state, skb->data - 2,
1711					   skb->len + 2);
1712	}
1713
1714	return skb;
1715
1716 err:
1717	ppp->rstate |= SC_DC_ERROR;
1718	ppp_receive_error(ppp);
1719	return skb;
1720}
1721
1722#ifdef CONFIG_PPP_MULTILINK
1723/*
1724 * Receive a multilink frame.
1725 * We put it on the reconstruction queue and then pull off
1726 * as many completed frames as we can.
1727 */
1728static void
1729ppp_receive_mp_frame(struct ppp *ppp, struct sk_buff *skb, struct channel *pch)
1730{
1731	u32 mask, seq;
1732	struct channel *ch;
1733	int mphdrlen = (ppp->flags & SC_MP_SHORTSEQ)? MPHDRLEN_SSN: MPHDRLEN;
1734
1735	if (!pskb_may_pull(skb, mphdrlen) || ppp->mrru == 0)
1736		goto err;		/* no good, throw it away */
1737
1738	/* Decode sequence number and begin/end bits */
1739	if (ppp->flags & SC_MP_SHORTSEQ) {
1740		seq = ((skb->data[2] & 0x0f) << 8) | skb->data[3];
1741		mask = 0xfff;
1742	} else {
1743		seq = (skb->data[3] << 16) | (skb->data[4] << 8)| skb->data[5];
1744		mask = 0xffffff;
1745	}
1746	skb->BEbits = skb->data[2];
1747	skb_pull(skb, mphdrlen);	/* pull off PPP and MP headers */
1748
1749	/*
1750	 * Do protocol ID decompression on the first fragment of each packet.
1751	 */
1752	if ((skb->BEbits & B) && (skb->data[0] & 1))
1753		*skb_push(skb, 1) = 0;
1754
1755	/*
1756	 * Expand sequence number to 32 bits, making it as close
1757	 * as possible to ppp->minseq.
1758	 */
1759	seq |= ppp->minseq & ~mask;
1760	if ((int)(ppp->minseq - seq) > (int)(mask >> 1))
1761		seq += mask + 1;
1762	else if ((int)(seq - ppp->minseq) > (int)(mask >> 1))
1763		seq -= mask + 1;	/* should never happen */
1764	skb->sequence = seq;
1765	pch->lastseq = seq;
1766
1767	/*
1768	 * If this packet comes before the next one we were expecting,
1769	 * drop it.
1770	 */
1771	if (seq_before(seq, ppp->nextseq)) {
1772		kfree_skb(skb);
1773		++ppp->stats.rx_dropped;
1774		ppp_receive_error(ppp);
1775		return;
1776	}
1777
1778	/*
1779	 * Reevaluate minseq, the minimum over all channels of the
1780	 * last sequence number received on each channel.  Because of
1781	 * the increasing sequence number rule, we know that any fragment
1782	 * before `minseq' which hasn't arrived is never going to arrive.
1783	 * The list of channels can't change because we have the receive
1784	 * side of the ppp unit locked.
1785	 */
1786	list_for_each_entry(ch, &ppp->channels, clist) {
1787		if (seq_before(ch->lastseq, seq))
1788			seq = ch->lastseq;
1789	}
1790	if (seq_before(ppp->minseq, seq))
1791		ppp->minseq = seq;
1792
1793	/* Put the fragment on the reconstruction queue */
1794	ppp_mp_insert(ppp, skb);
1795
1796	/* If the queue is getting long, don't wait any longer for packets
1797	   before the start of the queue. */
1798	if (skb_queue_len(&ppp->mrq) >= PPP_MP_MAX_QLEN
1799	    && seq_before(ppp->minseq, ppp->mrq.next->sequence))
1800		ppp->minseq = ppp->mrq.next->sequence;
1801
1802	/* Pull completed packets off the queue and receive them. */
1803	while ((skb = ppp_mp_reconstruct(ppp)) != 0)
1804		ppp_receive_nonmp_frame(ppp, skb);
1805
1806	return;
1807
1808 err:
1809	kfree_skb(skb);
1810	ppp_receive_error(ppp);
1811}
1812
1813/*
1814 * Insert a fragment on the MP reconstruction queue.
1815 * The queue is ordered by increasing sequence number.
1816 */
1817static void
1818ppp_mp_insert(struct ppp *ppp, struct sk_buff *skb)
1819{
1820	struct sk_buff *p;
1821	struct sk_buff_head *list = &ppp->mrq;
1822	u32 seq = skb->sequence;
1823
1824	/* N.B. we don't need to lock the list lock because we have the
1825	   ppp unit receive-side lock. */
1826	for (p = list->next; p != (struct sk_buff *)list; p = p->next)
1827		if (seq_before(seq, p->sequence))
1828			break;
1829	__skb_insert(skb, p->prev, p, list);
1830}
1831
1832/*
1833 * Reconstruct a packet from the MP fragment queue.
1834 * We go through increasing sequence numbers until we find a
1835 * complete packet, or we get to the sequence number for a fragment
1836 * which hasn't arrived but might still do so.
1837 */
1838struct sk_buff *
1839ppp_mp_reconstruct(struct ppp *ppp)
1840{
1841	u32 seq = ppp->nextseq;
1842	u32 minseq = ppp->minseq;
1843	struct sk_buff_head *list = &ppp->mrq;
1844	struct sk_buff *p, *next;
1845	struct sk_buff *head, *tail;
1846	struct sk_buff *skb = NULL;
1847	int lost = 0, len = 0;
1848
1849	if (ppp->mrru == 0)	/* do nothing until mrru is set */
1850		return NULL;
1851	head = list->next;
1852	tail = NULL;
1853	for (p = head; p != (struct sk_buff *) list; p = next) {
1854		next = p->next;
1855		if (seq_before(p->sequence, seq)) {
1856			/* this can't happen, anyway ignore the skb */
1857			printk(KERN_ERR "ppp_mp_reconstruct bad seq %u < %u\n",
1858			       p->sequence, seq);
1859			head = next;
1860			continue;
1861		}
1862		if (p->sequence != seq) {
1863			/* Fragment `seq' is missing.  If it is after
1864			   minseq, it might arrive later, so stop here. */
1865			if (seq_after(seq, minseq))
1866				break;
1867			/* Fragment `seq' is lost, keep going. */
1868			lost = 1;
1869			seq = seq_before(minseq, p->sequence)?
1870				minseq + 1: p->sequence;
1871			next = p;
1872			continue;
1873		}
1874
1875		/*
1876		 * At this point we know that all the fragments from
1877		 * ppp->nextseq to seq are either present or lost.
1878		 * Also, there are no complete packets in the queue
1879		 * that have no missing fragments and end before this
1880		 * fragment.
1881		 */
1882
1883		/* B bit set indicates this fragment starts a packet */
1884		if (p->BEbits & B) {
1885			head = p;
1886			lost = 0;
1887			len = 0;
1888		}
1889
1890		len += p->len;
1891
1892		/* Got a complete packet yet? */
1893		if (lost == 0 && (p->BEbits & E) && (head->BEbits & B)) {
1894			if (len > ppp->mrru + 2) {
1895				++ppp->stats.rx_length_errors;
1896				printk(KERN_DEBUG "PPP: reconstructed packet"
1897				       " is too long (%d)\n", len);
1898			} else if (p == head) {
1899				/* fragment is complete packet - reuse skb */
1900				tail = p;
1901				skb = skb_get(p);
1902				break;
1903			} else if ((skb = dev_alloc_skb(len)) == NULL) {
1904				++ppp->stats.rx_missed_errors;
1905				printk(KERN_DEBUG "PPP: no memory for "
1906				       "reconstructed packet");
1907			} else {
1908				tail = p;
1909				break;
1910			}
1911			ppp->nextseq = seq + 1;
1912		}
1913
1914		/*
1915		 * If this is the ending fragment of a packet,
1916		 * and we haven't found a complete valid packet yet,
1917		 * we can discard up to and including this fragment.
1918		 */
1919		if (p->BEbits & E)
1920			head = next;
1921
1922		++seq;
1923	}
1924
1925	/* If we have a complete packet, copy it all into one skb. */
1926	if (tail != NULL) {
1927		/* If we have discarded any fragments,
1928		   signal a receive error. */
1929		if (head->sequence != ppp->nextseq) {
1930			if (ppp->debug & 1)
1931				printk(KERN_DEBUG "  missed pkts %u..%u\n",
1932				       ppp->nextseq, head->sequence-1);
1933			++ppp->stats.rx_dropped;
1934			ppp_receive_error(ppp);
1935		}
1936
1937		if (head != tail)
1938			/* copy to a single skb */
1939			for (p = head; p != tail->next; p = p->next)
1940				skb_copy_bits(p, 0, skb_put(skb, p->len), p->len);
1941		ppp->nextseq = tail->sequence + 1;
1942		head = tail->next;
1943	}
1944
1945	/* Discard all the skbuffs that we have copied the data out of
1946	   or that we can't use. */
1947	while ((p = list->next) != head) {
1948		__skb_unlink(p, list);
1949		kfree_skb(p);
1950	}
1951
1952	return skb;
1953}
1954#endif /* CONFIG_PPP_MULTILINK */
1955
1956/*
1957 * Channel interface.
1958 */
1959
1960/*
1961 * Create a new, unattached ppp channel.
1962 */
1963int
1964ppp_register_channel(struct ppp_channel *chan)
1965{
1966	struct channel *pch;
1967
1968	pch = kmalloc(sizeof(struct channel), GFP_KERNEL);
1969	if (pch == 0)
1970		return -ENOMEM;
1971	memset(pch, 0, sizeof(struct channel));
1972	pch->ppp = NULL;
1973	pch->chan = chan;
1974	chan->ppp = pch;
1975	init_ppp_file(&pch->file, CHANNEL);
1976	pch->file.hdrlen = chan->hdrlen;
1977#ifdef CONFIG_PPP_MULTILINK
1978	pch->lastseq = -1;
1979#endif /* CONFIG_PPP_MULTILINK */
1980	init_rwsem(&pch->chan_sem);
1981	spin_lock_init(&pch->downl);
1982	rwlock_init(&pch->upl);
1983	spin_lock_bh(&all_channels_lock);
1984	pch->file.index = ++last_channel_index;
1985	list_add(&pch->list, &new_channels);
1986	atomic_inc(&channel_count);
1987	spin_unlock_bh(&all_channels_lock);
1988	return 0;
1989}
1990
1991/*
1992 * Return the index of a channel.
1993 */
1994int ppp_channel_index(struct ppp_channel *chan)
1995{
1996	struct channel *pch = chan->ppp;
1997
1998	if (pch != 0)
1999		return pch->file.index;
2000	return -1;
2001}
2002
2003/*
2004 * Return the PPP unit number to which a channel is connected.
2005 */
2006int ppp_unit_number(struct ppp_channel *chan)
2007{
2008	struct channel *pch = chan->ppp;
2009	int unit = -1;
2010
2011	if (pch != 0) {
2012		read_lock_bh(&pch->upl);
2013		if (pch->ppp != 0)
2014			unit = pch->ppp->file.index;
2015		read_unlock_bh(&pch->upl);
2016	}
2017	return unit;
2018}
2019
2020/*
2021 * Disconnect a channel from the generic layer.
2022 * This must be called in process context.
2023 */
2024void
2025ppp_unregister_channel(struct ppp_channel *chan)
2026{
2027	struct channel *pch = chan->ppp;
2028
2029	if (pch == 0)
2030		return;		/* should never happen */
2031	chan->ppp = NULL;
2032
2033	/*
2034	 * This ensures that we have returned from any calls into the
2035	 * the channel's start_xmit or ioctl routine before we proceed.
2036	 */
2037	down_write(&pch->chan_sem);
2038	spin_lock_bh(&pch->downl);
2039	pch->chan = NULL;
2040	spin_unlock_bh(&pch->downl);
2041	up_write(&pch->chan_sem);
2042	ppp_disconnect_channel(pch);
2043	spin_lock_bh(&all_channels_lock);
2044	list_del(&pch->list);
2045	spin_unlock_bh(&all_channels_lock);
2046	pch->file.dead = 1;
2047	wake_up_interruptible(&pch->file.rwait);
2048	if (atomic_dec_and_test(&pch->file.refcnt))
2049		ppp_destroy_channel(pch);
2050}
2051
2052/*
2053 * Callback from a channel when it can accept more to transmit.
2054 * This should be called at BH/softirq level, not interrupt level.
2055 */
2056void
2057ppp_output_wakeup(struct ppp_channel *chan)
2058{
2059	struct channel *pch = chan->ppp;
2060
2061	if (pch == 0)
2062		return;
2063	ppp_channel_push(pch);
2064}
2065
2066/*
2067 * Compression control.
2068 */
2069
2070/* Process the PPPIOCSCOMPRESS ioctl. */
2071static int
2072ppp_set_compress(struct ppp *ppp, unsigned long arg)
2073{
2074	int err;
2075	struct compressor *cp, *ocomp;
2076	struct ppp_option_data data;
2077	void *state, *ostate;
2078	unsigned char ccp_option[CCP_MAX_OPTION_LENGTH];
2079
2080	err = -EFAULT;
2081	if (copy_from_user(&data, (void __user *) arg, sizeof(data))
2082	    || (data.length <= CCP_MAX_OPTION_LENGTH
2083		&& copy_from_user(ccp_option, (void __user *) data.ptr, data.length)))
2084		goto out;
2085	err = -EINVAL;
2086	if (data.length > CCP_MAX_OPTION_LENGTH
2087	    || ccp_option[1] < 2 || ccp_option[1] > data.length)
2088		goto out;
2089
2090	cp = find_compressor(ccp_option[0]);
2091#ifdef CONFIG_KMOD
2092	if (cp == 0) {
2093		request_module("ppp-compress-%d", ccp_option[0]);
2094		cp = find_compressor(ccp_option[0]);
2095	}
2096#endif /* CONFIG_KMOD */
2097	if (cp == 0)
2098		goto out;
2099
2100	err = -ENOBUFS;
2101	if (data.transmit) {
2102		state = cp->comp_alloc(ccp_option, data.length);
2103		if (state != 0) {
2104			ppp_xmit_lock(ppp);
2105			ppp->xstate &= ~SC_COMP_RUN;
2106			ocomp = ppp->xcomp;
2107			ostate = ppp->xc_state;
2108			ppp->xcomp = cp;
2109			ppp->xc_state = state;
2110			ppp_xmit_unlock(ppp);
2111			if (ostate != 0) {
2112				ocomp->comp_free(ostate);
2113				module_put(ocomp->owner);
2114			}
2115			err = 0;
2116		} else
2117			module_put(cp->owner);
2118
2119	} else {
2120		state = cp->decomp_alloc(ccp_option, data.length);
2121		if (state != 0) {
2122			ppp_recv_lock(ppp);
2123			ppp->rstate &= ~SC_DECOMP_RUN;
2124			ocomp = ppp->rcomp;
2125			ostate = ppp->rc_state;
2126			ppp->rcomp = cp;
2127			ppp->rc_state = state;
2128			ppp_recv_unlock(ppp);
2129			if (ostate != 0) {
2130				ocomp->decomp_free(ostate);
2131				module_put(ocomp->owner);
2132			}
2133			err = 0;
2134		} else
2135			module_put(cp->owner);
2136	}
2137
2138 out:
2139	return err;
2140}
2141
2142/*
2143 * Look at a CCP packet and update our state accordingly.
2144 * We assume the caller has the xmit or recv path locked.
2145 */
2146static void
2147ppp_ccp_peek(struct ppp *ppp, struct sk_buff *skb, int inbound)
2148{
2149	unsigned char *dp;
2150	int len;
2151
2152	if (!pskb_may_pull(skb, CCP_HDRLEN + 2))
2153		return;	/* no header */
2154	dp = skb->data + 2;
2155
2156	switch (CCP_CODE(dp)) {
2157	case CCP_CONFREQ:
2158
2159		/* A ConfReq starts negotiation of compression 
2160		 * in one direction of transmission,
2161		 * and hence brings it down...but which way?
2162		 *
2163		 * Remember:
2164		 * A ConfReq indicates what the sender would like to receive
2165		 */
2166		if(inbound)
2167			/* He is proposing what I should send */
2168			ppp->xstate &= ~SC_COMP_RUN;
2169		else	
2170			/* I am proposing to what he should send */
2171			ppp->rstate &= ~SC_DECOMP_RUN;
2172		
2173		break;
2174		
2175	case CCP_TERMREQ:
2176	case CCP_TERMACK:
2177		/*
2178		 * CCP is going down, both directions of transmission 
2179		 */
2180		ppp->rstate &= ~SC_DECOMP_RUN;
2181		ppp->xstate &= ~SC_COMP_RUN;
2182		break;
2183
2184	case CCP_CONFACK:
2185		if ((ppp->flags & (SC_CCP_OPEN | SC_CCP_UP)) != SC_CCP_OPEN)
2186			break;
2187		len = CCP_LENGTH(dp);
2188		if (!pskb_may_pull(skb, len + 2))
2189			return;		/* too short */
2190		dp += CCP_HDRLEN;
2191		len -= CCP_HDRLEN;
2192		if (len < CCP_OPT_MINLEN || len < CCP_OPT_LENGTH(dp))
2193			break;
2194		if (inbound) {
2195			/* we will start receiving compressed packets */
2196			if (ppp->rc_state == 0)
2197				break;
2198			if (ppp->rcomp->decomp_init(ppp->rc_state, dp, len,
2199					ppp->file.index, 0, ppp->mru, ppp->debug)) {
2200				ppp->rstate |= SC_DECOMP_RUN;
2201				ppp->rstate &= ~(SC_DC_ERROR | SC_DC_FERROR);
2202			}
2203		} else {
2204			/* we will soon start sending compressed packets */
2205			if (ppp->xc_state == 0)
2206				break;
2207			if (ppp->xcomp->comp_init(ppp->xc_state, dp, len,
2208					ppp->file.index, 0, ppp->debug))
2209				ppp->xstate |= SC_COMP_RUN;
2210		}
2211		break;
2212
2213	case CCP_RESETACK:
2214		/* reset the [de]compressor */
2215		if ((ppp->flags & SC_CCP_UP) == 0)
2216			break;
2217		if (inbound) {
2218			if (ppp->rc_state && (ppp->rstate & SC_DECOMP_RUN)) {
2219				ppp->rcomp->decomp_reset(ppp->rc_state);
2220				ppp->rstate &= ~SC_DC_ERROR;
2221			}
2222		} else {
2223			if (ppp->xc_state && (ppp->xstate & SC_COMP_RUN))
2224				ppp->xcomp->comp_reset(ppp->xc_state);
2225		}
2226		break;
2227	}
2228}
2229
2230/* Free up compression resources. */
2231static void
2232ppp_ccp_closed(struct ppp *ppp)
2233{
2234	void *xstate, *rstate;
2235	struct compressor *xcomp, *rcomp;
2236
2237	ppp_lock(ppp);
2238	ppp->flags &= ~(SC_CCP_OPEN | SC_CCP_UP);
2239	ppp->xstate = 0;
2240	xcomp = ppp->xcomp;
2241	xstate = ppp->xc_state;
2242	ppp->xc_state = NULL;
2243	ppp->rstate = 0;
2244	rcomp = ppp->rcomp;
2245	rstate = ppp->rc_state;
2246	ppp->rc_state = NULL;
2247	ppp_unlock(ppp);
2248
2249	if (xstate) {
2250		xcomp->comp_free(xstate);
2251		module_put(xcomp->owner);
2252	}
2253	if (rstate) {
2254		rcomp->decomp_free(rstate);
2255		module_put(rcomp->owner);
2256	}
2257}
2258
2259/* List of compressors. */
2260static LIST_HEAD(compressor_list);
2261static DEFINE_SPINLOCK(compressor_list_lock);
2262
2263struct compressor_entry {
2264	struct list_head list;
2265	struct compressor *comp;
2266};
2267
2268static struct compressor_entry *
2269find_comp_entry(int proto)
2270{
2271	struct compressor_entry *ce;
2272
2273	list_for_each_entry(ce, &compressor_list, list) {
2274		if (ce->comp->compress_proto == proto)
2275			return ce;
2276	}
2277	return NULL;
2278}
2279
2280/* Register a compressor */
2281int
2282ppp_register_compressor(struct compressor *cp)
2283{
2284	struct compressor_entry *ce;
2285	int ret;
2286	spin_lock(&compressor_list_lock);
2287	ret = -EEXIST;
2288	if (find_comp_entry(cp->compress_proto) != 0)
2289		goto out;
2290	ret = -ENOMEM;
2291	ce = kmalloc(sizeof(struct compressor_entry), GFP_ATOMIC);
2292	if (ce == 0)
2293		goto out;
2294	ret = 0;
2295	ce->comp = cp;
2296	list_add(&ce->list, &compressor_list);
2297 out:
2298	spin_unlock(&compressor_list_lock);
2299	return ret;
2300}
2301
2302/* Unregister a compressor */
2303void
2304ppp_unregister_compressor(struct compressor *cp)
2305{
2306	struct compressor_entry *ce;
2307
2308	spin_lock(&compressor_list_lock);
2309	ce = find_comp_entry(cp->compress_proto);
2310	if (ce != 0 && ce->comp == cp) {
2311		list_del(&ce->list);
2312		kfree(ce);
2313	}
2314	spin_unlock(&compressor_list_lock);
2315}
2316
2317/* Find a compressor. */
2318static struct compressor *
2319find_compressor(int type)
2320{
2321	struct compressor_entry *ce;
2322	struct compressor *cp = NULL;
2323
2324	spin_lock(&compressor_list_lock);
2325	ce = find_comp_entry(type);
2326	if (ce != 0) {
2327		cp = ce->comp;
2328		if (!try_module_get(cp->owner))
2329			cp = NULL;
2330	}
2331	spin_unlock(&compressor_list_lock);
2332	return cp;
2333}
2334
2335/*
2336 * Miscelleneous stuff.
2337 */
2338
2339static void
2340ppp_get_stats(struct ppp *ppp, struct ppp_stats *st)
2341{
2342	struct slcompress *vj = ppp->vj;
2343
2344	memset(st, 0, sizeof(*st));
2345	st->p.ppp_ipackets = ppp->stats.rx_packets;
2346	st->p.ppp_ierrors = ppp->stats.rx_errors;
2347	st->p.ppp_ibytes = ppp->stats.rx_bytes;
2348	st->p.ppp_opackets = ppp->stats.tx_packets;
2349	st->p.ppp_oerrors = ppp->stats.tx_errors;
2350	st->p.ppp_obytes = ppp->stats.tx_bytes;
2351	if (vj == 0)
2352		return;
2353	st->vj.vjs_packets = vj->sls_o_compressed + vj->sls_o_uncompressed;
2354	st->vj.vjs_compressed = vj->sls_o_compressed;
2355	st->vj.vjs_searches = vj->sls_o_searches;
2356	st->vj.vjs_misses = vj->sls_o_misses;
2357	st->vj.vjs_errorin = vj->sls_i_error;
2358	st->vj.vjs_tossed = vj->sls_i_tossed;
2359	st->vj.vjs_uncompressedin = vj->sls_i_uncompressed;
2360	st->vj.vjs_compressedin = vj->sls_i_compressed;
2361}
2362
2363/*
2364 * Stuff for handling the lists of ppp units and channels
2365 * and for initialization.
2366 */
2367
2368/*
2369 * Create a new ppp interface unit.  Fails if it can't allocate memory
2370 * or if there is already a unit with the requested number.
2371 * unit == -1 means allocate a new number.
2372 */
2373static struct ppp *
2374ppp_create_interface(int unit, int *retp)
2375{
2376	struct ppp *ppp;
2377	struct net_device *dev = NULL;
2378	int ret = -ENOMEM;
2379	int i;
2380
2381	ppp = kmalloc(sizeof(struct ppp), GFP_KERNEL);
2382	if (!ppp)
2383		goto out;
2384	dev = alloc_netdev(0, "", ppp_setup);
2385	if (!dev)
2386		goto out1;
2387	memset(ppp, 0, sizeof(struct ppp));
2388
2389	ppp->mru = PPP_MRU;
2390	init_ppp_file(&ppp->file, INTERFACE);
2391	ppp->file.hdrlen = PPP_HDRLEN - 2;	/* don't count proto bytes */
2392	for (i = 0; i < NUM_NP; ++i)
2393		ppp->npmode[i] = NPMODE_PASS;
2394	INIT_LIST_HEAD(&ppp->channels);
2395	spin_lock_init(&ppp->rlock);
2396	spin_lock_init(&ppp->wlock);
2397#ifdef CONFIG_PPP_MULTILINK
2398	ppp->minseq = -1;
2399	skb_queue_head_init(&ppp->mrq);
2400#endif /* CONFIG_PPP_MULTILINK */
2401	ppp->dev = dev;
2402	dev->priv = ppp;
2403
2404	dev->hard_start_xmit = ppp_start_xmit;
2405	dev->get_stats = ppp_net_stats;
2406	dev->do_ioctl = ppp_net_ioctl;
2407
2408	ret = -EEXIST;
2409	down(&all_ppp_sem);
2410	if (unit < 0)
2411		unit = cardmap_find_first_free(all_ppp_units);
2412	else if (cardmap_get(all_ppp_units, unit) != NULL)
2413		goto out2;	/* unit already exists */
2414
2415	/* Initialize the new ppp unit */
2416	ppp->file.index = unit;
2417	sprintf(dev->name, "ppp%d", unit);
2418
2419	ret = register_netdev(dev);
2420	if (ret != 0) {
2421		printk(KERN_ERR "PPP: couldn't register device %s (%d)\n",
2422		       dev->name, ret);
2423		goto out2;
2424	}
2425
2426	atomic_inc(&ppp_unit_count);
2427	cardmap_set(&all_ppp_units, unit, ppp);
2428	up(&all_ppp_sem);
2429	*retp = 0;
2430	return ppp;
2431
2432out2:
2433	up(&all_ppp_sem);
2434	free_netdev(dev);
2435out1:
2436	kfree(ppp);
2437out:
2438	*retp = ret;
2439	return NULL;
2440}
2441
2442/*
2443 * Initialize a ppp_file structure.
2444 */
2445static void
2446init_ppp_file(struct ppp_file *pf, int kind)
2447{
2448	pf->kind = kind;
2449	skb_queue_head_init(&pf->xq);
2450	skb_queue_head_init(&pf->rq);
2451	atomic_set(&pf->refcnt, 1);
2452	init_waitqueue_head(&pf->rwait);
2453}
2454
2455/*
2456 * Take down a ppp interface unit - called when the owning file
2457 * (the one that created the unit) is closed or detached.
2458 */
2459static void ppp_shutdown_interface(struct ppp *ppp)
2460{
2461	struct net_device *dev;
2462
2463	down(&all_ppp_sem);
2464	ppp_lock(ppp);
2465	dev = ppp->dev;
2466	ppp->dev = NULL;
2467	ppp_unlock(ppp);
2468	/* This will call dev_close() for us. */
2469	if (dev) {
2470		unregister_netdev(dev);
2471		free_netdev(dev);
2472	}
2473	cardmap_set(&all_ppp_units, ppp->file.index, NULL);
2474	ppp->file.dead = 1;
2475	ppp->owner = NULL;
2476	wake_up_interruptible(&ppp->file.rwait);
2477	up(&all_ppp_sem);
2478}
2479
2480/*
2481 * Free the memory used by a ppp unit.  This is only called once
2482 * there are no channels connected to the unit and no file structs
2483 * that reference the unit.
2484 */
2485static void ppp_destroy_interface(struct ppp *ppp)
2486{
2487	atomic_dec(&ppp_unit_count);
2488
2489	if (!ppp->file.dead || ppp->n_channels) {
2490		/* "can't happen" */
2491		printk(KERN_ERR "ppp: destroying ppp struct %p but dead=%d "
2492		       "n_channels=%d !\n", ppp, ppp->file.dead,
2493		       ppp->n_channels);
2494		return;
2495	}
2496
2497	ppp_ccp_closed(ppp);
2498	if (ppp->vj) {
2499		slhc_free(ppp->vj);
2500		ppp->vj = NULL;
2501	}
2502	skb_queue_purge(&ppp->file.xq);
2503	skb_queue_purge(&ppp->file.rq);
2504#ifdef CONFIG_PPP_MULTILINK
2505	skb_queue_purge(&ppp->mrq);
2506#endif /* CONFIG_PPP_MULTILINK */
2507#ifdef CONFIG_PPP_FILTER
2508	kfree(ppp->pass_filter);
2509	ppp->pass_filter = NULL;
2510	kfree(ppp->active_filter);
2511	ppp->active_filter = NULL;
2512#endif /* CONFIG_PPP_FILTER */
2513
2514	kfree(ppp);
2515}
2516
2517/*
2518 * Locate an existing ppp unit.
2519 * The caller should have locked the all_ppp_sem.
2520 */
2521static struct ppp *
2522ppp_find_unit(int unit)
2523{
2524	return cardmap_get(all_ppp_units, unit);
2525}
2526
2527/*
2528 * Locate an existing ppp channel.
2529 * The caller should have locked the all_channels_lock.
2530 * First we look in the new_channels list, then in the
2531 * all_channels list.  If found in the new_channels list,
2532 * we move it to the all_channels list.  This is for speed
2533 * when we have a lot of channels in use.
2534 */
2535static struct channel *
2536ppp_find_channel(int unit)
2537{
2538	struct channel *pch;
2539
2540	list_for_each_entry(pch, &new_channels, list) {
2541		if (pch->file.index == unit) {
2542			list_del(&pch->list);
2543			list_add(&pch->list, &all_channels);
2544			return pch;
2545		}
2546	}
2547	list_for_each_entry(pch, &all_channels, list) {
2548		if (pch->file.index == unit)
2549			return pch;
2550	}
2551	return NULL;
2552}
2553
2554/*
2555 * Connect a PPP channel to a PPP interface unit.
2556 */
2557static int
2558ppp_connect_channel(struct channel *pch, int unit)
2559{
2560	struct ppp *ppp;
2561	int ret = -ENXIO;
2562	int hdrlen;
2563
2564	down(&all_ppp_sem);
2565	ppp = ppp_find_unit(unit);
2566	if (ppp == 0)
2567		goto out;
2568	write_lock_bh(&pch->upl);
2569	ret = -EINVAL;
2570	if (pch->ppp != 0)
2571		goto outl;
2572
2573	ppp_lock(ppp);
2574	if (pch->file.hdrlen > ppp->file.hdrlen)
2575		ppp->file.hdrlen = pch->file.hdrlen;
2576	hdrlen = pch->file.hdrlen + 2;	/* for protocol bytes */
2577	if (ppp->dev && hdrlen > ppp->dev->hard_header_len)
2578		ppp->dev->hard_header_len = hdrlen;
2579	list_add_tail(&pch->clist, &ppp->channels);
2580	++ppp->n_channels;
2581	pch->ppp = ppp;
2582	atomic_inc(&ppp->file.refcnt);
2583	ppp_unlock(ppp);
2584	ret = 0;
2585
2586 outl:
2587	write_unlock_bh(&pch->upl);
2588 out:
2589	up(&all_ppp_sem);
2590	return ret;
2591}
2592
2593/*
2594 * Disconnect a channel from its ppp unit.
2595 */
2596static int
2597ppp_disconnect_channel(struct channel *pch)
2598{
2599	struct ppp *ppp;
2600	int err = -EINVAL;
2601
2602	write_lock_bh(&pch->upl);
2603	ppp = pch->ppp;
2604	pch->ppp = NULL;
2605	write_unlock_bh(&pch->upl);
2606	if (ppp != 0) {
2607		/* remove it from the ppp unit's list */
2608		ppp_lock(ppp);
2609		list_del(&pch->clist);
2610		if (--ppp->n_channels == 0)
2611			wake_up_interruptible(&ppp->file.rwait);
2612		ppp_unlock(ppp);
2613		if (atomic_dec_and_test(&ppp->file.refcnt))
2614			ppp_destroy_interface(ppp);
2615		err = 0;
2616	}
2617	return err;
2618}
2619
2620/*
2621 * Free up the resources used by a ppp channel.
2622 */
2623static void ppp_destroy_channel(struct channel *pch)
2624{
2625	atomic_dec(&channel_count);
2626
2627	if (!pch->file.dead) {
2628		/* "can't happen" */
2629		printk(KERN_ERR "ppp: destroying undead channel %p !\n",
2630		       pch);
2631		return;
2632	}
2633	skb_queue_purge(&pch->file.xq);
2634	skb_queue_purge(&pch->file.rq);
2635	kfree(pch);
2636}
2637
2638static void __exit ppp_cleanup(void)
2639{
2640	/* should never happen */
2641	if (atomic_read(&ppp_unit_count) || atomic_read(&channel_count))
2642		printk(KERN_ERR "PPP: removing module but units remain!\n");
2643	cardmap_destroy(&all_ppp_units);
2644	if (unregister_chrdev(PPP_MAJOR, "ppp") != 0)
2645		printk(KERN_ERR "PPP: failed to unregister PPP device\n");
2646	devfs_remove("ppp");
2647	class_device_destroy(ppp_class, MKDEV(PPP_MAJOR, 0));
2648	class_destroy(ppp_class);
2649}
2650
2651/*
2652 * Cardmap implementation.
2653 */
2654static void *cardmap_get(struct cardmap *map, unsigned int nr)
2655{
2656	struct cardmap *p;
2657	int i;
2658
2659	for (p = map; p != NULL; ) {
2660		if ((i = nr >> p->shift) >= CARDMAP_WIDTH)
2661			return NULL;
2662		if (p->shift == 0)
2663			return p->ptr[i];
2664		nr &= ~(CARDMAP_MASK << p->shift);
2665		p = p->ptr[i];
2666	}
2667	return NULL;
2668}
2669
2670static void cardmap_set(struct cardmap **pmap, unsigned int nr, void *ptr)
2671{
2672	struct cardmap *p;
2673	int i;
2674
2675	p = *pmap;
2676	if (p == NULL || (nr >> p->shift) >= CARDMAP_WIDTH) {
2677		do {
2678			/* need a new top level */
2679			struct cardmap *np = kmalloc(sizeof(*np), GFP_KERNEL);
2680			memset(np, 0, sizeof(*np));
2681			np->ptr[0] = p;
2682			if (p != NULL) {
2683				np->shift = p->shift + CARDMAP_ORDER;
2684				p->parent = np;
2685			} else
2686				np->shift = 0;
2687			p = np;
2688		} while ((nr >> p->shift) >= CARDMAP_WIDTH);
2689		*pmap = p;
2690	}
2691	while (p->shift > 0) {
2692		i = (nr >> p->shift) & CARDMAP_MASK;
2693		if (p->ptr[i] == NULL) {
2694			struct cardmap *np = kmalloc(sizeof(*np), GFP_KERNEL);
2695			memset(np, 0, sizeof(*np));
2696			np->shift = p->shift - CARDMAP_ORDER;
2697			np->parent = p;
2698			p->ptr[i] = np;
2699		}
2700		if (ptr == NULL)
2701			clear_bit(i, &p->inuse);
2702		p = p->ptr[i];
2703	}
2704	i = nr & CARDMAP_MASK;
2705	p->ptr[i] = ptr;
2706	if (ptr != NULL)
2707		set_bit(i, &p->inuse);
2708	else
2709		clear_bit(i, &p->inuse);
2710}
2711
2712static unsigned int cardmap_find_first_free(struct cardmap *map)
2713{
2714	struct cardmap *p;
2715	unsigned int nr = 0;
2716	int i;
2717
2718	if ((p = map) == NULL)
2719		return 0;
2720	for (;;) {
2721		i = find_first_zero_bit(&p->inuse, CARDMAP_WIDTH);
2722		if (i >= CARDMAP_WIDTH) {
2723			if (p->parent == NULL)
2724				return CARDMAP_WIDTH << p->shift;
2725			p = p->parent;
2726			i = (nr >> p->shift) & CARDMAP_MASK;
2727			set_bit(i, &p->inuse);
2728			continue;
2729		}
2730		nr = (nr & (~CARDMAP_MASK << p->shift)) | (i << p->shift);
2731		if (p->shift == 0 || p->ptr[i] == NULL)
2732			return nr;
2733		p = p->ptr[i];
2734	}
2735}
2736
2737static void cardmap_destroy(struct cardmap **pmap)
2738{
2739	struct cardmap *p, *np;
2740	int i;
2741
2742	for (p = *pmap; p != NULL; p = np) {
2743		if (p->shift != 0) {
2744			for (i = 0; i < CARDMAP_WIDTH; ++i)
2745				if (p->ptr[i] != NULL)
2746					break;
2747			if (i < CARDMAP_WIDTH) {
2748				np = p->ptr[i];
2749				p->ptr[i] = NULL;
2750				continue;
2751			}
2752		}
2753		np = p->parent;
2754		kfree(p);
2755	}
2756	*pmap = NULL;
2757}
2758
2759/* Module/initialization stuff */
2760
2761module_init(ppp_init);
2762module_exit(ppp_cleanup);
2763
2764EXPORT_SYMBOL(ppp_register_channel);
2765EXPORT_SYMBOL(ppp_unregister_channel);
2766EXPORT_SYMBOL(ppp_channel_index);
2767EXPORT_SYMBOL(ppp_unit_number);
2768EXPORT_SYMBOL(ppp_input);
2769EXPORT_SYMBOL(ppp_input_error);
2770EXPORT_SYMBOL(ppp_output_wakeup);
2771EXPORT_SYMBOL(ppp_register_compressor);
2772EXPORT_SYMBOL(ppp_unregister_compressor);
2773MODULE_LICENSE("GPL");
2774MODULE_ALIAS_CHARDEV_MAJOR(PPP_MAJOR);
2775MODULE_ALIAS("/dev/ppp");