include/linux/highuid.h


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97

#ifndef _LINUX_HIGHUID_H
#define _LINUX_HIGHUID_H

#include <linux/types.h>

/*
 * general notes:
 *
 * CONFIG_UID16 is defined if the given architecture needs to
 * support backwards compatibility for old system calls.
 *
 * kernel code should use uid_t and gid_t at all times when dealing with
 * kernel-private data.
 *
 * old_uid_t and old_gid_t should only be different if CONFIG_UID16 is
 * defined, else the platform should provide dummy typedefs for them
 * such that they are equivalent to __kernel_{u,g}id_t.
 *
 * uid16_t and gid16_t are used on all architectures. (when dealing
 * with structures hard coded to 16 bits, such as in filesystems)
 */


/*
 * This is the "overflow" UID and GID. They are used to signify uid/gid
 * overflow to old programs when they request uid/gid information but are
 * using the old 16 bit interfaces.
 * When you run a libc5 program, it will think that all highuid files or
 * processes are owned by this uid/gid.
 * The idea is that it's better to do so than possibly return 0 in lieu of
 * 65536, etc.
 */

extern int overflowuid;
extern int overflowgid;

extern void __bad_uid(void);
extern void __bad_gid(void);

#define DEFAULT_OVERFLOWUID	65534
#define DEFAULT_OVERFLOWGID	65534

#ifdef CONFIG_UID16

/* prevent uid mod 65536 effect by returning a default value for high UIDs */
#define high2lowuid(uid) ((uid) & ~0xFFFF ? (old_uid_t)overflowuid : (old_uid_t)(uid))
#define high2lowgid(gid) ((gid) & ~0xFFFF ? (old_gid_t)overflowgid : (old_gid_t)(gid))
/*
 * -1 is different in 16 bits than it is in 32 bits
 * these macros are used by chown(), setreuid(), ...,
 */
#define low2highuid(uid) ((uid) == (old_uid_t)-1 ? (uid_t)-1 : (uid_t)(uid))
#define low2highgid(gid) ((gid) == (old_gid_t)-1 ? (gid_t)-1 : (gid_t)(gid))

#define __convert_uid(size, uid) \
	(size >= sizeof(uid) ? (uid) : high2lowuid(uid))
#define __convert_gid(size, gid) \
	(size >= sizeof(gid) ? (gid) : high2lowgid(gid))
	

#else

#define __convert_uid(size, uid) (uid)
#define __convert_gid(size, gid) (gid)

#endif /* !CONFIG_UID16 */

/* uid/gid input should be always 32bit uid_t */
#define SET_UID(var, uid) do { (var) = __convert_uid(sizeof(var), (uid)); } while (0)
#define SET_GID(var, gid) do { (var) = __convert_gid(sizeof(var), (gid)); } while (0)

/*
 * Everything below this line is needed on all architectures, to deal with
 * filesystems that only store 16 bits of the UID/GID, etc.
 */

/*
 * This is the UID and GID that will get written to disk if a filesystem
 * only supports 16-bit UIDs and the kernel has a high UID/GID to write
 */
extern int fs_overflowuid;
extern int fs_overflowgid;

#define DEFAULT_FS_OVERFLOWUID	65534
#define DEFAULT_FS_OVERFLOWGID	65534

/*
 * Since these macros are used in architectures that only need limited
 * 16-bit UID back compatibility, we won't use old_uid_t and old_gid_t
 */
#define fs_high2lowuid(uid) ((uid) & ~0xFFFF ? (uid16_t)fs_overflowuid : (uid16_t)(uid))
#define fs_high2lowgid(gid) ((gid) & ~0xFFFF ? (gid16_t)fs_overflowgid : (gid16_t)(gid))

#define low_16_bits(x)	((x) & 0xFFFF)
#define high_16_bits(x)	(((x) & 0xFFFF0000) >> 16)

#endif /* _LINUX_HIGHUID_H */
/*
 *	LAPB release 002
 *
 *	This code REQUIRES 2.1.15 or higher/ NET3.038
 *
 *	This module:
 *		This module is free software; you can redistribute it and/or
 *		modify it under the terms of the GNU General Public License
 *		as published by the Free Software Foundation; either version
 *		2 of the License, or (at your option) any later version.
 *
 *	History
 *	LAPB 001	Jonathan Naulor	Started Coding
 *	LAPB 002	Jonathan Naylor	New timer architecture.
 *	2000-10-29	Henner Eisen	lapb_data_indication() return status.
 */

#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt

#include <linux/errno.h>
#include <linux/types.h>
#include <linux/socket.h>
#include <linux/in.h>
#include <linux/kernel.h>
#include <linux/timer.h>
#include <linux/string.h>
#include <linux/sockios.h>
#include <linux/net.h>
#include <linux/inet.h>
#include <linux/netdevice.h>
#include <linux/skbuff.h>
#include <linux/slab.h>
#include <net/sock.h>
#include <linux/uaccess.h>
#include <linux/fcntl.h>
#include <linux/mm.h>
#include <linux/interrupt.h>
#include <net/lapb.h>

/*
 *	State machine for state 0, Disconnected State.
 *	The handling of the timer(s) is in file lapb_timer.c.
 */
static void lapb_state0_machine(struct lapb_cb *lapb, struct sk_buff *skb,
				struct lapb_frame *frame)
{
	switch (frame->type) {
	case LAPB_SABM:
		lapb_dbg(1, "(%p) S0 RX SABM(%d)\n", lapb->dev, frame->pf);
		if (lapb->mode & LAPB_EXTENDED) {
			lapb_dbg(1, "(%p) S0 TX DM(%d)\n",
				 lapb->dev, frame->pf);
			lapb_send_control(lapb, LAPB_DM, frame->pf,
					  LAPB_RESPONSE);
		} else {
			lapb_dbg(1, "(%p) S0 TX UA(%d)\n",
				 lapb->dev, frame->pf);
			lapb_dbg(0, "(%p) S0 -> S3\n", lapb->dev);
			lapb_send_control(lapb, LAPB_UA, frame->pf,
					  LAPB_RESPONSE);
			lapb_stop_t1timer(lapb);
			lapb_stop_t2timer(lapb);
			lapb->state     = LAPB_STATE_3;
			lapb->condition = 0x00;
			lapb->n2count   = 0;
			lapb->vs        = 0;
			lapb->vr        = 0;
			lapb->va        = 0;
			lapb_connect_indication(lapb, LAPB_OK);
		}
		break;

	case LAPB_SABME:
		lapb_dbg(1, "(%p) S0 RX SABME(%d)\n", lapb->dev, frame->pf);
		if (lapb->mode & LAPB_EXTENDED) {
			lapb_dbg(1, "(%p) S0 TX UA(%d)\n",
				 lapb->dev, frame->pf);
			lapb_dbg(0, "(%p) S0 -> S3\n", lapb->dev);
			lapb_send_control(lapb, LAPB_UA, frame->pf,
					  LAPB_RESPONSE);
			lapb_stop_t1timer(lapb);
			lapb_stop_t2timer(lapb);
			lapb->state     = LAPB_STATE_3;
			lapb->condition = 0x00;
			lapb->n2count   = 0;
			lapb->vs        = 0;
			lapb->vr        = 0;
			lapb->va        = 0;
			lapb_connect_indication(lapb, LAPB_OK);
		} else {
			lapb_dbg(1, "(%p) S0 TX DM(%d)\n",
				 lapb->dev, frame->pf);
			lapb_send_control(lapb, LAPB_DM, frame->pf,
					  LAPB_RESPONSE);
		}
		break;

	case LAPB_DISC:
		lapb_dbg(1, "(%p) S0 RX DISC(%d)\n", lapb->dev, frame->pf);
		lapb_dbg(1, "(%p) S0 TX UA(%d)\n", lapb->dev, frame->pf);
		lapb_send_control(lapb, LAPB_UA, frame->pf, LAPB_RESPONSE);
		break;

	default:
		break;
	}

	kfree_skb(skb);
}

/*
 *	State machine for state 1, Awaiting Connection State.
 *	The handling of the timer(s) is in file lapb_timer.c.
 */
static void lapb_state1_machine(struct lapb_cb *lapb, struct sk_buff *skb,
				struct lapb_frame *frame)
{
	switch (frame->type) {
	case LAPB_SABM:
		lapb_dbg(1, "(%p) S1 RX SABM(%d)\n", lapb->dev, frame->pf);
		if (lapb->mode & LAPB_EXTENDED) {
			lapb_dbg(1, "(%p) S1 TX DM(%d)\n",
				 lapb->dev, frame->pf);
			lapb_send_control(lapb, LAPB_DM, frame->pf,
					  LAPB_RESPONSE);
		} else {
			lapb_dbg(1, "(%p) S1 TX UA(%d)\n",
				 lapb->dev, frame->pf);
			lapb_send_control(lapb, LAPB_UA, frame->pf,
					  LAPB_RESPONSE);
		}
		break;

	case LAPB_SABME:
		lapb_dbg(1, "(%p) S1 RX SABME(%d)\n", lapb->dev, frame->pf);
		if (lapb->mode & LAPB_EXTENDED) {
			lapb_dbg(1, "(%p) S1 TX UA(%d)\n",
				 lapb->dev, frame->pf);
			lapb_send_control(lapb, LAPB_UA, frame->pf,
					  LAPB_RESPONSE);
		} else {
			lapb_dbg(1, "(%p) S1 TX DM(%d)\n",
				 lapb->dev, frame->pf);
			lapb_send_control(lapb, LAPB_DM, frame->pf,
					  LAPB_RESPONSE);
		}
		break;

	case LAPB_DISC:
		lapb_dbg(1, "(%p) S1 RX DISC(%d)\n", lapb->dev, frame->pf);
		lapb_dbg(1, "(%p) S1 TX DM(%d)\n", lapb->dev, frame->pf);
		lapb_send_control(lapb, LAPB_DM, frame->pf, LAPB_RESPONSE);
		break;

	case LAPB_UA:
		lapb_dbg(1, "(%p) S1 RX UA(%d)\n", lapb->dev, frame->pf);
		if (frame->pf) {
			lapb_dbg(0, "(%p) S1 -> S3\n", lapb->dev);
			lapb_stop_t1timer(lapb);
			lapb_stop_t2timer(lapb);
			lapb->state     = LAPB_STATE_3;
			lapb->condition = 0x00;
			lapb->n2count   = 0;
			lapb->vs        = 0;
			lapb->vr        = 0;
			lapb->va        = 0;
			lapb_connect_confirmation(lapb, LAPB_OK);
		}
		break;

	case LAPB_DM:
		lapb_dbg(1, "(%p) S1 RX DM(%d)\n", lapb->dev, frame->pf);
		if (frame->pf) {
			lapb_dbg(0, "(%p) S1 -> S0\n", lapb->dev);
			lapb_clear_queues(lapb);
			lapb->state = LAPB_STATE_0;
			lapb_start_t1timer(lapb);
			lapb_stop_t2timer(lapb);
			lapb_disconnect_indication(lapb, LAPB_REFUSED);
		}
		break;
	}

	kfree_skb(skb);
}

/*
 *	State machine for state 2, Awaiting Release State.
 *	The handling of the timer(s) is in file lapb_timer.c
 */
static void lapb_state2_machine(struct lapb_cb *lapb, struct sk_buff *skb,
				struct lapb_frame *frame)
{
	switch (frame->type) {
	case LAPB_SABM:
	case LAPB_SABME:
		lapb_dbg(1, "(%p) S2 RX {SABM,SABME}(%d)\n",
			 lapb->dev, frame->pf);
		lapb_dbg(1, "(%p) S2 TX DM(%d)\n", lapb->dev, frame->pf);
		lapb_send_control(lapb, LAPB_DM, frame->pf, LAPB_RESPONSE);
		break;

	case LAPB_DISC:
		lapb_dbg(1, "(%p) S2 RX DISC(%d)\n", lapb->dev, frame->pf);
		lapb_dbg(1, "(%p) S2 TX UA(%d)\n", lapb->dev, frame->pf);
		lapb_send_control(lapb, LAPB_UA, frame->pf, LAPB_RESPONSE);
		break;

	case LAPB_UA:
		lapb_dbg(1, "(%p) S2 RX UA(%d)\n", lapb->dev, frame->pf);
		if (frame->pf) {
			lapb_dbg(0, "(%p) S2 -> S0\n", lapb->dev);
			lapb->state = LAPB_STATE_0;
			lapb_start_t1timer(lapb);
			lapb_stop_t2timer(lapb);
			lapb_disconnect_confirmation(lapb, LAPB_OK);
		}
		break;

	case LAPB_DM:
		lapb_dbg(1, "(%p) S2 RX DM(%d)\n", lapb->dev, frame->pf);
		if (frame->pf) {
			lapb_dbg(0, "(%p) S2 -> S0\n", lapb->dev);
			lapb->state = LAPB_STATE_0;
			lapb_start_t1timer(lapb);
			lapb_stop_t2timer(lapb);
			lapb_disconnect_confirmation(lapb, LAPB_NOTCONNECTED);
		}
		break;

	case LAPB_I:
	case LAPB_REJ:
	case LAPB_RNR:
	case LAPB_RR:
		lapb_dbg(1, "(%p) S2 RX {I,REJ,RNR,RR}(%d)\n",
		       lapb->dev, frame->pf);
		lapb_dbg(1, "(%p) S2 RX DM(%d)\n", lapb->dev, frame->pf);
		if (frame->pf)
			lapb_send_control(lapb, LAPB_DM, frame->pf,
					  LAPB_RESPONSE);
		break;
	}

	kfree_skb(skb);
}

/*
 *	State machine for state 3, Connected State.
 *	The handling of the timer(s) is in file lapb_timer.c
 */
static void lapb_state3_machine(struct lapb_cb *lapb, struct sk_buff *skb,
				struct lapb_frame *frame)
{
	int queued = 0;
	int modulus = (lapb->mode & LAPB_EXTENDED) ? LAPB_EMODULUS :
						     LAPB_SMODULUS;

	switch (frame->type) {
	case LAPB_SABM:
		lapb_dbg(1, "(%p) S3 RX SABM(%d)\n", lapb->dev, frame->pf);
		if (lapb->mode & LAPB_EXTENDED) {
			lapb_dbg(1, "(%p) S3 TX DM(%d)\n",
				 lapb->dev, frame->pf);
			lapb_send_control(lapb, LAPB_DM, frame->pf,
					  LAPB_RESPONSE);
		} else {
			lapb_dbg(1, "(%p) S3 TX UA(%d)\n",
				 lapb->dev, frame->pf);
			lapb_send_control(lapb, LAPB_UA, frame->pf,
					  LAPB_RESPONSE);
			lapb_stop_t1timer(lapb);
			lapb_stop_t2timer(lapb);
			lapb->condition = 0x00;
			lapb->n2count   = 0;
			lapb->vs        = 0;
			lapb->vr        = 0;
			lapb->va        = 0;
			lapb_requeue_frames(lapb);
		}
		break;

	case LAPB_SABME:
		lapb_dbg(1, "(%p) S3 RX SABME(%d)\n", lapb->dev, frame->pf);
		if (lapb->mode & LAPB_EXTENDED) {
			lapb_dbg(1, "(%p) S3 TX UA(%d)\n",
				 lapb->dev, frame->pf);
			lapb_send_control(lapb, LAPB_UA, frame->pf,
					  LAPB_RESPONSE);
			lapb_stop_t1timer(lapb);
			lapb_stop_t2timer(lapb);
			lapb->condition = 0x00;
			lapb->n2count   = 0;
			lapb->vs        = 0;
			lapb->vr        = 0;
			lapb->va        = 0;
			lapb_requeue_frames(lapb);
		} else {
			lapb_dbg(1, "(%p) S3 TX DM(%d)\n",
				 lapb->dev, frame->pf);
			lapb_send_control(lapb, LAPB_DM, frame->pf,
					  LAPB_RESPONSE);
		}
		break;

	case LAPB_DISC:
		lapb_dbg(1, "(%p) S3 RX DISC(%d)\n", lapb->dev, frame->pf);
		lapb_dbg(0, "(%p) S3 -> S0\n", lapb->dev);
		lapb_clear_queues(lapb);
		lapb_send_control(lapb, LAPB_UA, frame->pf, LAPB_RESPONSE);
		lapb_start_t1timer(lapb);
		lapb_stop_t2timer(lapb);
		lapb->state = LAPB_STATE_0;
		lapb_disconnect_indication(lapb, LAPB_OK);
		break;

	case LAPB_DM:
		lapb_dbg(1, "(%p) S3 RX DM(%d)\n", lapb->dev, frame->pf);
		lapb_dbg(0, "(%p) S3 -> S0\n", lapb->dev);
		lapb_clear_queues(lapb);
		lapb->state = LAPB_STATE_0;
		lapb_start_t1timer(lapb);
		lapb_stop_t2timer(lapb);
		lapb_disconnect_indication(lapb, LAPB_NOTCONNECTED);
		break;

	case LAPB_RNR:
		lapb_dbg(1, "(%p) S3 RX RNR(%d) R%d\n",
			 lapb->dev, frame->pf, frame->nr);
		lapb->condition |= LAPB_PEER_RX_BUSY_CONDITION;
		lapb_check_need_response(lapb, frame->cr, frame->pf);
		if (lapb_validate_nr(lapb, frame->nr)) {
			lapb_check_iframes_acked(lapb, frame->nr);
		} else {
			lapb->frmr_data = *frame;
			lapb->frmr_type = LAPB_FRMR_Z;
			lapb_transmit_frmr(lapb);
			lapb_dbg(0, "(%p) S3 -> S4\n", lapb->dev);
			lapb_start_t1timer(lapb);
			lapb_stop_t2timer(lapb);
			lapb->state   = LAPB_STATE_4;
			lapb->n2count = 0;
		}
		break;

	case LAPB_RR:
		lapb_dbg(1, "(%p) S3 RX RR(%d) R%d\n",
			 lapb->dev, frame->pf, frame->nr);
		lapb->condition &= ~LAPB_PEER_RX_BUSY_CONDITION;
		lapb_check_need_response(lapb, frame->cr, frame->pf);
		if (lapb_validate_nr(lapb, frame->nr)) {
			lapb_check_iframes_acked(lapb, frame->nr);
		} else {
			lapb->frmr_data = *frame;
			lapb->frmr_type = LAPB_FRMR_Z;
			lapb_transmit_frmr(lapb);
			lapb_dbg(0, "(%p) S3 -> S4\n", lapb->dev);
			lapb_start_t1timer(lapb);
			lapb_stop_t2timer(lapb);
			lapb->state   = LAPB_STATE_4;
			lapb->n2count = 0;
		}
		break;

	case LAPB_REJ:
		lapb_dbg(1, "(%p) S3 RX REJ(%d) R%d\n",
			 lapb->dev, frame->pf, frame->nr);
		lapb->condition &= ~LAPB_PEER_RX_BUSY_CONDITION;
		lapb_check_need_response(lapb, frame->cr, frame->pf);
		if (lapb_validate_nr(lapb, frame->nr)) {
			lapb_frames_acked(lapb, frame->nr);
			lapb_stop_t1timer(lapb);
			lapb->n2count = 0;
			lapb_requeue_frames(lapb);
		} else {
			lapb->frmr_data = *frame;
			lapb->frmr_type = LAPB_FRMR_Z;
			lapb_transmit_frmr(lapb);
			lapb_dbg(0, "(%p) S3 -> S4\n", lapb->dev);
			lapb_start_t1timer(lapb);
			lapb_stop_t2timer(lapb);
			lapb->state   = LAPB_STATE_4;
			lapb->n2count = 0;
		}
		break;

	case LAPB_I:
		lapb_dbg(1, "(%p) S3 RX I(%d) S%d R%d\n",
			 lapb->dev, frame->pf, frame->ns, frame->nr);
		if (!lapb_validate_nr(lapb, frame->nr)) {
			lapb->frmr_data = *frame;
			lapb->frmr_type = LAPB_FRMR_Z;
			lapb_transmit_frmr(lapb);
			lapb_dbg(0, "(%p) S3 -> S4\n", lapb->dev);
			lapb_start_t1timer(lapb);
			lapb_stop_t2timer(lapb);
			lapb->state   = LAPB_STATE_4;
			lapb->n2count = 0;
			break;
		}
		if (lapb->condition & LAPB_PEER_RX_BUSY_CONDITION)
			lapb_frames_acked(lapb, frame->nr);
		else
			lapb_check_iframes_acked(lapb, frame->nr);

		if (frame->ns == lapb->vr) {
			int cn;
			cn = lapb_data_indication(lapb, skb);
			queued = 1;
			/*
			 * If upper layer has dropped the frame, we
			 * basically ignore any further protocol
			 * processing. This will cause the peer
			 * to re-transmit the frame later like
			 * a frame lost on the wire.
			 */
			if (cn == NET_RX_DROP) {
				pr_debug("rx congestion\n");
				break;
			}
			lapb->vr = (lapb->vr + 1) % modulus;
			lapb->condition &= ~LAPB_REJECT_CONDITION;
			if (frame->pf)
				lapb_enquiry_response(lapb);
			else {
				if (!(lapb->condition &
				      LAPB_ACK_PENDING_CONDITION)) {
					lapb->condition |= LAPB_ACK_PENDING_CONDITION;
					lapb_start_t2timer(lapb);
				}
			}
		} else {
			if (lapb->condition & LAPB_REJECT_CONDITION) {
				if (frame->pf)
					lapb_enquiry_response(lapb);
			} else {
				lapb_dbg(1, "(%p) S3 TX REJ(%d) R%d\n",
					 lapb->dev, frame->pf, lapb->vr);
				lapb->condition |= LAPB_REJECT_CONDITION;
				lapb_send_control(lapb, LAPB_REJ, frame->pf,
						  LAPB_RESPONSE);
				lapb->condition &= ~LAPB_ACK_PENDING_CONDITION;
			}
		}
		break;

	case LAPB_FRMR:
		lapb_dbg(1, "(%p) S3 RX FRMR(%d) %5ph\n",
			 lapb->dev, frame->pf,
			 skb->data);
		lapb_establish_data_link(lapb);
		lapb_dbg(0, "(%p) S3 -> S1\n", lapb->dev);
		lapb_requeue_frames(lapb);
		lapb->state = LAPB_STATE_1;
		break;

	case LAPB_ILLEGAL:
		lapb_dbg(1, "(%p) S3 RX ILLEGAL(%d)\n", lapb->dev, frame->pf);
		lapb->frmr_data = *frame;
		lapb->frmr_type = LAPB_FRMR_W;
		lapb_transmit_frmr(lapb);
		lapb_dbg(0, "(%p) S3 -> S4\n", lapb->dev);
		lapb_start_t1timer(lapb);
		lapb_stop_t2timer(lapb);
		lapb->state   = LAPB_STATE_4;
		lapb->n2count = 0;
		break;
	}

	if (!queued)
		kfree_skb(skb);
}

/*
 *	State machine for state 4, Frame Reject State.
 *	The handling of the timer(s) is in file lapb_timer.c.
 */
static void lapb_state4_machine(struct lapb_cb *lapb, struct sk_buff *skb,
				struct lapb_frame *frame)
{
	switch (frame->type) {
	case LAPB_SABM:
		lapb_dbg(1, "(%p) S4 RX SABM(%d)\n", lapb->dev, frame->pf);
		if (lapb->mode & LAPB_EXTENDED) {
			lapb_dbg(1, "(%p) S4 TX DM(%d)\n",
				 lapb->dev, frame->pf);
			lapb_send_control(lapb, LAPB_DM, frame->pf,
					  LAPB_RESPONSE);
		} else {
			lapb_dbg(1, "(%p) S4 TX UA(%d)\n",
				 lapb->dev, frame->pf);
			lapb_dbg(0, "(%p) S4 -> S3\n", lapb->dev);
			lapb_send_control(lapb, LAPB_UA, frame->pf,
					  LAPB_RESPONSE);
			lapb_stop_t1timer(lapb);
			lapb_stop_t2timer(lapb);
			lapb->state     = LAPB_STATE_3;
			lapb->condition = 0x00;
			lapb->n2count   = 0;
			lapb->vs        = 0;
			lapb->vr        = 0;
			lapb->va        = 0;
			lapb_connect_indication(lapb, LAPB_OK);
		}
		break;

	case LAPB_SABME:
		lapb_dbg(1, "(%p) S4 RX SABME(%d)\n", lapb->dev, frame->pf);
		if (lapb->mode & LAPB_EXTENDED) {
			lapb_dbg(1, "(%p) S4 TX UA(%d)\n",
				 lapb->dev, frame->pf);
			lapb_dbg(0, "(%p) S4 -> S3\n", lapb->dev);
			lapb_send_control(lapb, LAPB_UA, frame->pf,
					  LAPB_RESPONSE);
			lapb_stop_t1timer(lapb);
			lapb_stop_t2timer(lapb);
			lapb->state     = LAPB_STATE_3;
			lapb->condition = 0x00;
			lapb->n2count   = 0;
			lapb->vs        = 0;
			lapb->vr        = 0;
			lapb->va        = 0;
			lapb_connect_indication(lapb, LAPB_OK);
		} else {
			lapb_dbg(1, "(%p) S4 TX DM(%d)\n",
				 lapb->dev, frame->pf);
			lapb_send_control(lapb, LAPB_DM, frame->pf,
					  LAPB_RESPONSE);
		}
		break;
	}

	kfree_skb(skb);
}

/*
 *	Process an incoming LAPB frame
 */
void lapb_data_input(struct lapb_cb *lapb, struct sk_buff *skb)
{
	struct lapb_frame frame;

	if (lapb_decode(lapb, skb, &frame) < 0) {
		kfree_skb(skb);
		return;
	}

	switch (lapb->state) {
	case LAPB_STATE_0:
		lapb_state0_machine(lapb, skb, &frame); break;
	case LAPB_STATE_1:
		lapb_state1_machine(lapb, skb, &frame); break;
	case LAPB_STATE_2:
		lapb_state2_machine(lapb, skb, &frame); break;
	case LAPB_STATE_3:
		lapb_state3_machine(lapb, skb, &frame); break;
	case LAPB_STATE_4:
		lapb_state4_machine(lapb, skb, &frame); break;
	}

	lapb_kick(lapb);
}