bsd/netat/asp_proto.c

   1 /*
   2  * Copyright (c) 2000 Apple Computer, Inc. All rights reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * The contents of this file constitute Original Code as defined in and
   7  * are subject to the Apple Public Source License Version 1.1 (the
   8  * "License").  You may not use this file except in compliance with the
   9  * License.  Please obtain a copy of the License at
  10  * http://www.apple.com/publicsource and read it before using this file.
  11  *
  12  * This Original Code and all software distributed under the License are
  13  * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  14  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  15  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  16  * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT.  Please see the
  17  * License for the specific language governing rights and limitations
  18  * under the License.
  19  *
  20  * @APPLE_LICENSE_HEADER_END@
  21  */
  22 /*
  23  *      Copyright (c) 1995 Apple Computer, Inc.
  24  *
  25  *  Change Log:
  26  *    Created February 20, 1995 by Tuyen Nguyen
  27  *    Modified for MP, 1996 by Tuyen Nguyen
  28  *   Modified, March 17, 1997 by Tuyen Nguyen for MacOSX.
  29  */
  30
  31 #include <sys/errno.h>
  32 #include <sys/types.h>
  33 #include <sys/param.h>
  34 #include <machine/spl.h>
  35 #include <sys/systm.h>
  36 #include <sys/kernel.h>
  37 #include <sys/proc.h>
  38 #include <sys/filedesc.h>
  39 #include <sys/fcntl.h>
  40 #include <sys/mbuf.h>
  41 #include <sys/ioctl.h>
  42 #include <sys/malloc.h>
  43 #include <kern/locks.h>
  44 #include <sys/socket.h>
  45 #include <sys/socketvar.h>
  46
  47 #include <net/if.h>
  48
  49 #include <netat/appletalk.h>
  50 #include <netat/sysglue.h>
  51 #include <netat/at_pcb.h>
  52 #include <netat/atp.h>
  53 #include <netat/ddp.h>
  54 #include <netat/asp.h>
  55 #include <netat/at_var.h>
  56 #include <netat/debug.h>
  57
  58 static int loop_cnt;
  59 #define CHK_LOOP(str) { \
  60   if (loop_cnt++ > 100) { \
  61      kprintf("%s", str); \
  62      break; \
  63   } \
  64 }
  65
  66 #define atpBDSsize    (sizeof(struct atpBDS)*ATP_TRESP_MAX)
  67 #define aspCMDsize    (atpBDSsize+sizeof(struct atp_set_default)+TOTAL_ATP_HDR_SIZE)
  68 #define SCBS_PER_BLK  16
  69 #define TICKS_PER_SEC HZ
  70 #define SESS_TMO_RES  2
  71 #define DEF_SESS_TMO  120
  72 #define NEXT_SEQ_NUM(x) (x = (x == 65535) ? 0 : (x + 1))
  73 #define MAX_RCV_CNT   5
  74 #define BAD_REMADDR(addr) \
  75         ( (*(long *)&scb->rem_addr != *(long *)&addr) \
  76         && ((scb->rem_addr.net != addr.net) \
  77                 || (scb->rem_addr.node != addr.node)) )
  78
  79 int  ASPputmsg();
  80 int  ASPgetmsg();
  81 void asp_init();
  82 void asp_ack_reply();
  83 void asp_nak_reply();
  84 void asp_clock();
  85 void asp_clock_locked(void *);
  86 int  asp_open();
  87 int  asp_close();
  88 int  asp_wput();
  89 StaticProc asp_scb_t *asp_find_scb();
  90 StaticProc asp_scb_t *asp_scb_alloc();
  91
  92 StaticProc void asp_putnext();
  93 StaticProc void asp_iocack();
  94 StaticProc void asp_iocnak();
  95 StaticProc void asp_dequeue_scb();
  96 StaticProc void asp_scb_free();
  97 StaticProc void asp_timout();
  98 StaticProc void asp_untimout();
  99 StaticProc void asp_hangup();
 100 StaticProc void asp_send_tickle();
 101 StaticProc void asp_send_tickle_locked(void *);
 102 StaticProc void asp_accept();
 103 StaticProc int  asp_send_req();
 104
 105 extern at_ifaddr_t *ifID_home;
 106 extern int atp_pidM[];
 107 extern gref_t *atp_inputQ[];
 108 extern lck_mtx_t *atalk_mutex;
 109 gbuf_t *scb_resource_m = 0;
 110 unsigned char asp_inpC[256];
 111 asp_scb_t *asp_scbQ[256];
 112
 113 static at_retry_t asp_def_retry = {2, -1, 1};
 114 static unsigned char scb_tmo_cnt;
 115 asp_scb_t *scb_used_list;
 116 static asp_scb_t *scb_tmo_list;
 117 asp_scb_t *scb_free_list;
 118
 119 int
 120 asp_readable(gref)
 121         gref_t *gref;
 122 {
 123         return (((asp_scb_t *)gref->info)->sess_ioc ? 1 : 0);
 124 }
 125
 126 void
 127 asp_init()
 128 {
 129         scb_tmo_cnt = 1;
 130         scb_tmo_list = 0;
 131         scb_used_list = 0;
 132         scb_free_list = 0;
 133         bzero(asp_inpC, sizeof(asp_inpC));
 134         bzero(asp_scbQ, sizeof(asp_scbQ));
 135 }
 136
 137 /*
 138  * the open routine allocates a state structure
 139  */
 140 int asp_open(gref)
 141         gref_t *gref;
 142 {
 143         asp_scb_t *scb;
 144
 145         /*
 146          * if no asp structure available, return failure
 147          */
 148         if ((scb = asp_scb_alloc()) == 0)
 149             return ENOBUFS;
 150
 151         /*
 152          * initialize the gref data structure
 153          */
 154         gref->info = (void *)scb;
 155         gref->readable = asp_readable;
 156
 157         /*
 158          * initialize the scb data structure
 159          */
 160         scb->dflag = 1;
 161         scb->magic_num = 222;
 162         scb->state = ASPSTATE_Idle;
 163         scb->pid = gref->pid;
 164         scb->gref = gref;
 165         scb->session_timer = DEF_SESS_TMO;
 166         scb->cmd_retry = asp_def_retry;
 167         if ((scb->next_scb = scb_used_list) != 0)
 168                 scb->next_scb->prev_scb = scb;
 169         scb_used_list = scb;
 170
 171         /*
 172          * return success
 173          */
 174         dPrintf(D_M_ASP, D_L_INFO, ("asp_open: pid=%d\n", scb->pid));
 175         return 0;
 176 } /* asp_open */
 177
 178 /*
 179  * the close routine frees all the data structures
 180  */
 181 int
 182 asp_close(gref)
 183         gref_t *gref;
 184 {
 185         unsigned char sock_num;
 186         asp_scb_t *scb, *new_scb;
 187         gbuf_t *m;
 188
 189         scb = (asp_scb_t *)gref->info;
 190         dPrintf(D_M_ASP, D_L_INFO, ("asp_close: loc=%d\n",
 191                 scb->loc_addr.socket));
 192
 193         if (scb->pid && scb->sess_ioc && (scb->dflag != 1)) {
 194                 /*
 195                  * send the CloseSess response to peer
 196                  */
 197                 if (gbuf_type(scb->sess_ioc) != MSG_PROTO) {
 198                         m = scb->sess_ioc;
 199                         scb->sess_ioc = gbuf_next(m);
 200                         atp_send_rsp(scb->gref, m, TRUE);
 201                 }
 202         }
 203
 204         if (scb->atp_state) {
 205                 sock_num = scb->loc_addr.socket;
 206                 if ((scb->dflag != 1) && scb->stat_msg) {
 207                         untimeout(atp_retry_req, scb->stat_msg);
 208                         gbuf_freem(scb->stat_msg);
 209                         scb->stat_msg = 0;
 210                 }
 211                 if (asp_scbQ[sock_num]->next_scb == 0) {
 212                         asp_scbQ[sock_num] = 0;
 213                         asp_inpC[sock_num] = 0;
 214                         dPrintf(D_M_ASP, D_L_INFO,
 215                         ("         : atp_close(), loc=%d\n", scb->loc_addr.socket));
 216                         atp_close(gref, 0);
 217                 } else {
 218                         asp_inpC[sock_num]--;
 219                         if (scb == asp_scbQ[sock_num]) {
 220                                 new_scb = scb->next_scb;
 221                                 new_scb->prev_scb = 0;
 222                                 asp_scbQ[sock_num] = new_scb;
 223                                 new_scb->atp_state->atp_gref = new_scb->gref;
 224                                 new_scb->atp_state->pid = new_scb->pid;
 225                                 atp_inputQ[sock_num] = new_scb->gref;
 226                         } else {
 227                                 if ((scb->prev_scb->next_scb = scb->next_scb) != 0)
 228                                         scb->next_scb->prev_scb = scb->prev_scb;
 229                         }
 230                         scb->next_scb = 0;
 231                 }
 232         } else
 233                 asp_dequeue_scb(scb);
 234
 235         /*
 236          * free all allocated blocks if any
 237          */
 238         if (scb->stat_msg) {
 239                 gbuf_freem(scb->stat_msg);
 240                 scb->stat_msg = 0;
 241         }
 242         if (scb->sess_ioc) {
 243                 gbuf_freel(scb->sess_ioc);
 244                 scb->sess_ioc = 0;
 245         }
 246         if (scb->req_msgq) {
 247                 gbuf_freel(scb->req_msgq);
 248                 scb->req_msgq = 0;
 249         }
 250
 251         scb->rem_addr.node = 0;
 252
 253         /*
 254          * stop all timers
 255          */
 256         scb->tmo_cnt = 0;
 257         asp_untimout(asp_hangup, scb);
 258         untimeout(asp_send_tickle_locked, (void *)scb); /* added for 2225395 */
 259
 260         /*
 261          * free the asp session control block
 262          */
 263         scb->state = ASPSTATE_Close;
 264         asp_scb_free(scb);
 265         return 0;
 266 } /* asp_close */
 267
 268 static char *aspStateStr(state)
 269      int state;
 270 {
 271   return ((state==ASPSTATE_Close)? "Close":
 272           (state==ASPSTATE_Idle)? "Idle":
 273           (state==ASPSTATE_WaitingForGetStatusRsp)? "GetStatusRsp":
 274           (state==ASPSTATE_WaitingForOpenSessRsp)? "OpenSessRsp":
 275           (state==ASPSTATE_WaitingForCommandRsp)? "CmdRsp":
 276           (state==ASPSTATE_WaitingForWriteContinue)? "WriteCont":
 277           (state==ASPSTATE_WaitingForWriteRsp)? "WriteRsp":
 278           (state==ASPSTATE_WaitingForWriteContinueRsp)? "WriteContRsp":
 279           (state==ASPSTATE_WaitingForCloseSessRsp)? "CloseSessRsp":
 280           "unknown");
 281 }
 282
 283 static char *aspCmdStr(aspCmd)
 284      int aspCmd;
 285 {
 286 return ((aspCmd==ASPFUNC_CloseSess)? "CloseSess":
 287         (aspCmd==ASPFUNC_Command)? "Command":
 288         (aspCmd==ASPFUNC_GetStatus)? "GetStatus":
 289         (aspCmd==ASPFUNC_OpenSess)? "OpenSess":
 290         (aspCmd==ASPFUNC_Tickle)? "Tickle":
 291         (aspCmd==ASPFUNC_Write)? "Write":
 292         (aspCmd==ASPFUNC_WriteContinue)? "WriteContinue":
 293         (aspCmd==ASPFUNC_Attention)? "Attention":
 294         (aspCmd==ASPFUNC_CmdReply)? "CmdReply": "unknown");
 295 }
 296
 297 static char *aspIOCStr(aspIOC)
 298      int aspIOC;
 299 {
 300 return (
 301         (aspIOC==ASPIOC_ClientBind)? "ClientBind":
 302         (aspIOC==ASPIOC_CloseSession)? "CloseSession":
 303         (aspIOC==ASPIOC_GetLocEntity)? "GetLocEntity":
 304         (aspIOC==ASPIOC_GetRemEntity)? "GetRemEntity":
 305         (aspIOC==ASPIOC_GetSession)? "GetSession":
 306         (aspIOC==ASPIOC_GetStatus)? "GetStatus":
 307         (aspIOC==ASPIOC_ListenerBind)? "ListenerBind":
 308         (aspIOC==ASPIOC_OpenSession)? "OpenSession":
 309         (aspIOC==ASPIOC_StatusBlock)? "StatusBlock":
 310         (aspIOC==ASPIOC_SetPid)? "SetPid":
 311         (aspIOC==ASPIOC_GetSessId)? "GetSessId":
 312         (aspIOC==ASPIOC_EnableSelect)? "EnableSelect":
 313         (aspIOC==ASPIOC_Look)? "Look":
 314         "unknown"
 315         );
 316 }
 317
 318 #ifdef AT_MBUF_TRACE
 319
 320 static char mbuf_str[100];
 321 char *mbuf_totals()
 322 {
 323   sprintf(mbuf_str,
 324           /*
 325           "dat = %d, prot = %d, ioc = %d, err = %d, hu = %d, ack = %d, nak = %d, ctl = %d",
 326           */
 327           "dat = %d, prot = %d, ioc = %d, ctl = %d",
 328           mbstat.m_mtypes[MSG_DATA], mbstat.m_mtypes[MSG_PROTO], mbstat.m_mtypes[MSG_IOCTL],
 329           /*
 330           mbstat.m_mtypes[MSG_ERROR], mbstat.m_mtypes[MSG_HANGUP], mbstat.m_mtypes[MSG_IOCACK],
 331           mbstat.m_mtypes[MSG_IOCNAK],
 332           */
 333           mbstat.m_mtypes[MSG_CTL]);
 334   return(&mbuf_str[0]);
 335 }
 336
 337 void trace_beg(str, m)
 338      char *str;
 339      gbuf_t *m;
 340 {
 341         int i = 0, j = 0;
 342         gbuf_t *mdata, *mchain;
 343
 344         if (m)
 345           for (i = 0, j = 0, mdata = m, mchain = m; mdata; i++) {
 346             mdata = gbuf_cont(mdata);
 347             if (!mdata && mchain) {
 348               mdata = gbuf_next(mchain);
 349               mchain = mdata;
 350               j++;
 351             }
 352           }
 353         dPrintf(D_M_ASP, D_L_TRACE,
 354                 ("%s: %s, m# = %d, c# = %d\n", str, mbuf_totals(), i, j));
 355 }
 356
 357 void trace_end(str)
 358      char *str;
 359 {
 360         dPrintf(D_M_ASP, D_L_TRACE,
 361                 ("  %s: %s\n", str, mbuf_totals()));
 362 }
 363 #endif /* AT_MBUF_TRACE */
 364
 365 /*
 366  * the write routine
 367  */
 368 int asp_wput(gref, m)
 369         gref_t *gref;
 370         gbuf_t *m;
 371 {
 372         int err;
 373         unsigned char sockSav, sock_num;
 374         gbuf_t *mioc, *mdata;
 375         ioc_t *iocbp;
 376         asp_scb_t *scb, *server_scb, *curr_scb;
 377         at_inet_t *addr;
 378         asp_word_t aw;
 379         union asp_primitives *primitives;
 380         asp_status_cmd_t *status_cmd;
 381         asp_open_cmd_t *open_cmd;
 382         at_retry_t Retry;
 383
 384         scb = (asp_scb_t *)gref->info;
 385         if (scb->dflag == 0) {
 386                 atp_wput(gref, m);
 387                 return 0;
 388         }
 389
 390         if (gbuf_type(m) != MSG_IOCTL) {
 391                 dPrintf(D_M_ASP, D_L_WARNING,
 392                         ("asp_wput: UNKNOWN message, type=%d\n",
 393                          gbuf_type(m)));
 394                 gbuf_freem(m);
 395                 return 0;
 396         }
 397
 398         mioc = m;
 399         iocbp = (ioc_t *)gbuf_rptr(mioc);
 400
 401         dPrintf(D_M_ASP_LOW, D_L_INFO,
 402                 ("asp_wput: %s, loc=%d, state=%s\n",
 403                  aspIOCStr(iocbp->ioc_cmd), scb->loc_addr.socket,
 404                  aspStateStr(scb->state)));
 405
 406         switch (iocbp->ioc_cmd) {
 407         case ASPIOC_CloseSession:
 408                 if ((scb->state == ASPSTATE_Close) || (scb->rem_addr.node == 0))
 409                         break;
 410
 411                 Retry.retries = 3;
 412                 Retry.interval = 1;
 413                 aw.func = ASPFUNC_CloseSess;
 414                 aw.param1 = scb->sess_id;
 415                 aw.param2 = 0;
 416                 iocbp->ioc_private = (void *)scb;
 417                 scb->ioc_wait = (unsigned char)(iocbp->ioc_cmd & 0xff);
 418                 iocbp->ioc_cmd = AT_ATP_ISSUE_REQUEST;
 419                 asp_send_req(gref, mioc, &scb->rem_addr, &Retry, &aw,
 420                              0, ASPSTATE_WaitingForCloseSessRsp, 0x01);
 421                 return 0;
 422
 423         case ASPIOC_ClientBind:
 424                 /*
 425                  * open an ATP channel
 426                  */
 427                 if ((err = atp_open(gref, 0)) != 0) {
 428                         asp_iocnak(gref, mioc, err);
 429                         return 0;
 430                 }
 431                 scb->atp_state = (atp_state_t *)gref->info;
 432                 scb->atp_state->pid = scb->pid;
 433                 /*
 434                  * bind to any available socket
 435                  */
 436                 scb->dflag = 2;
 437                 sockSav = scb->dflag;
 438                 if ((sock_num = (at_socket)atp_bind(gref, 0, &sockSav)) == 0) {
 439                         scb->atp_state = (atp_state_t *)0;
 440                         atp_close(gref, 0);
 441                         gref->info = (void *)scb;
 442                         asp_iocnak(gref, mioc, EINVAL);
 443                         return 0;
 444                 }
 445                 gref->info = (void *)scb;
 446                 asp_dequeue_scb(scb);
 447                 scb->atp_state->dflag = scb->dflag;
 448                 scb->loc_addr.socket = sock_num;
 449                 asp_scbQ[sock_num] = scb;
 450                 asp_inpC[sock_num]++;
 451                 atp_pidM[sock_num] = 0;
 452                 break;
 453
 454         case ASPIOC_ListenerBind:
 455                 /*
 456                  * open an ATP channel
 457                  */
 458                 if ((err = atp_open(gref, 0)) != 0) {
 459                         asp_iocnak(gref, mioc, err);
 460                         return 0;
 461                 }
 462                 scb->atp_state = (atp_state_t *)gref->info;
 463                 scb->atp_state->pid = scb->pid;
 464                 /*
 465                  * bind to any available socket
 466                  */
 467                 if ((sock_num = (at_socket)atp_bind(gref, 0, 0)) == 0) {
 468                         scb->atp_state = (atp_state_t *)0;
 469                         atp_close(gref, 0);
 470                         gref->info = (void *)scb;
 471                         asp_iocnak(gref, mioc, EINVAL);
 472                         return 0;
 473                 }
 474                 gref->info = (void *)scb;
 475                 asp_dequeue_scb(scb);
 476                 scb->atp_state->dflag = scb->dflag;
 477                 scb->loc_addr.socket = sock_num;
 478                 asp_scbQ[sock_num] = scb;
 479                 asp_inpC[sock_num]++;
 480                 if (gbuf_cont(mioc))
 481                         *(at_inet_t *)gbuf_rptr(gbuf_cont(mioc)) = scb->loc_addr;
 482                 break;
 483
 484         case ASPIOC_GetLocEntity:
 485                 if ((gbuf_cont(mioc) == 0) || (scb->atp_state == 0)) {
 486                         asp_iocnak(gref, mioc, EPROTOTYPE);
 487                         return 0;
 488                 }
 489                 *(at_inet_t *)gbuf_rptr(gbuf_cont(mioc)) = scb->loc_addr;
 490                 break;
 491
 492         case ASPIOC_GetRemEntity:
 493                 if ((gbuf_cont(mioc) == 0) || (scb->atp_state == 0)) {
 494                         asp_iocnak(gref, mioc, EPROTOTYPE);
 495                         return 0;
 496                 }
 497                 *(at_inet_t *)gbuf_rptr(gbuf_cont(mioc)) = scb->rem_addr;
 498                 break;
 499
 500         case ASPIOC_GetSession:
 501                 if ((mdata = gbuf_cont(mioc)) == 0) {
 502                         asp_iocnak(gref, mioc, EPROTOTYPE);
 503                         return 0;
 504                 }
 505                 addr = (at_inet_t *)gbuf_rptr(mdata);
 506                 scb->tickle_interval = (unsigned short)addr->node;
 507                 scb->session_timer = addr->net;
 508                 server_scb = asp_scbQ[addr->socket];
 509 /*### LD 10/28/97: changed to make sure we're not accessing a null server_scb */
 510                 if (server_scb == 0) {
 511                         asp_iocnak(gref, mioc, EPROTOTYPE);
 512                         return 0;
 513                 }
 514                 if (server_scb->sess_ioc == 0) {
 515                         asp_iocnak(gref, mioc, EPROTOTYPE);
 516                         return 0;
 517                 }
 518
 519                 /*
 520                  * open an ATP channel
 521                  */
 522                 if ((err = atp_open(gref, 0)) != 0) {
 523                         gref->info = (void *)scb;
 524                         asp_iocnak(gref, mioc, err);
 525                         return 0;
 526                 }
 527                 scb->atp_state = (atp_state_t *)gref->info;
 528                 scb->atp_state->pid = scb->pid;
 529                 /*
 530                  * bind to any available socket
 531                  */
 532                 scb->dflag = 3;
 533                 sockSav = scb->dflag;
 534                 if ((sock_num = (at_socket)atp_bind(gref, 0, &sockSav)) == 0) {
 535                         atp_close(gref, 0);
 536                         asp_dequeue_scb(scb);
 537                         sock_num = sockSav;
 538                         scb->loc_addr.socket = sock_num;
 539                         for (curr_scb = asp_scbQ[sock_num];
 540                                 curr_scb->next_scb; curr_scb = curr_scb->next_scb) ;
 541                         scb->prev_scb = curr_scb;
 542                         curr_scb->next_scb = scb;
 543                         scb->atp_state = curr_scb->atp_state;
 544                 } else {
 545                         asp_dequeue_scb(scb);
 546                         scb->loc_addr.socket = sock_num;
 547                         asp_scbQ[sock_num] = scb;
 548                         scb->atp_state->dflag = scb->dflag;
 549                 }
 550                 gref->info = (void *)scb;
 551                 asp_inpC[sock_num]++;
 552                 gbuf_cont(mioc) = 0;
 553                 asp_accept(server_scb, scb, mdata);
 554                 break;
 555
 556         case ASPIOC_GetStatus:
 557                 if ((mdata = gbuf_cont(mioc)) == 0) {
 558                         asp_iocnak(gref, mioc, EINVAL);
 559                         return 0;
 560                 }
 561                 gbuf_cont(mioc) = 0;
 562                 status_cmd = (asp_status_cmd_t *)gbuf_rptr(mdata);
 563                 aw.func = ASPFUNC_GetStatus;
 564                 aw.param1 = 0;
 565                 aw.param2 = 0;
 566                 scb->ioc_wait = (unsigned char)(iocbp->ioc_cmd & 0xff);
 567                 iocbp->ioc_cmd = AT_ATP_ISSUE_REQUEST_DEF;
 568                 /* bms:  make sure this is an ALO request */
 569                 asp_send_req(gref, mioc, &status_cmd->SLSEntityIdentifier,
 570                              &status_cmd->Retry, &aw, 0, ASPSTATE_WaitingForGetStatusRsp, 0xff);
 571                 gbuf_freeb(mdata);
 572                 return 0;
 573
 574         case ASPIOC_OpenSession:
 575                 if ((mdata = gbuf_cont(mioc)) == 0) {
 576                         asp_iocnak(gref, mioc, EINVAL);
 577                         return 0;
 578                 }
 579                 gbuf_cont(mioc) = 0;
 580                 open_cmd = (asp_open_cmd_t *)gbuf_rptr(mdata);
 581                 scb->svc_addr = open_cmd->SLSEntityIdentifier;
 582                 scb->rem_addr = scb->svc_addr;
 583                 scb->rem_node = scb->rem_addr.node;
 584                 scb->rem_addr.node = 0;
 585                 scb->tickle_interval = open_cmd->TickleInterval;
 586                 scb->session_timer = open_cmd->SessionTimer;
 587                 aw.func = ASPFUNC_OpenSess;
 588                 aw.param1 = scb->loc_addr.socket;
 589                 aw.param2 = htons(ASP_Version);
 590                 scb->ioc_wait = (unsigned char)(iocbp->ioc_cmd & 0xff);
 591                 iocbp->ioc_cmd = AT_ATP_ISSUE_REQUEST_DEF;
 592                 asp_send_req(gref, mioc, &open_cmd->SLSEntityIdentifier,
 593                              &open_cmd->Retry, &aw, 1, ASPSTATE_WaitingForOpenSessRsp, 0x01);
 594                 gbuf_freeb(mdata);
 595                 return 0;
 596
 597         case ASPIOC_StatusBlock:
 598                 /*
 599                  * save the server status block
 600                  */
 601           if (scb->stat_msg)
 602                         gbuf_freem(scb->stat_msg);
 603           scb->stat_msg = gbuf_cont(mioc);
 604           gbuf_cont(mioc) = 0;
 605           break;
 606
 607           /* *** Does scb->pid get used in a packet header,
 608                  and if so is it in ASP, or in ATP?
 609                  If not, do we need this call for anything?
 610                  (cap does currently use it in _ANS code.)
 611              *** */
 612         case ASPIOC_SetPid:
 613                 if (gbuf_cont(mioc) == 0) {
 614                         asp_iocnak(gref, mioc, EINVAL);
 615                         return 0;
 616                 }
 617                 scb->pid = *(int *)gbuf_rptr(gbuf_cont(mioc));
 618                 break;
 619
 620         case ASPIOC_GetSessId:
 621                 if (gbuf_cont(mioc) == 0) {
 622                         asp_iocnak(gref, mioc, EINVAL);
 623                         return 0;
 624                 }
 625                 *(gref_t **)gbuf_rptr(gbuf_cont(mioc)) = gref;
 626                 break;
 627
 628         case ASPIOC_Look:
 629                 if (gbuf_cont(mioc) == 0) {
 630                         asp_iocnak(gref, mioc, EINVAL);
 631                         return 0;
 632                 }
 633                 if (scb->sess_ioc) {
 634                         primitives = (union asp_primitives *)gbuf_rptr(scb->sess_ioc);
 635                         if (primitives->Primitive == ASPFUNC_CmdReply)
 636                                 *(int *)gbuf_rptr(gbuf_cont(mioc)) = 0;
 637                         else
 638                                 *(int *)gbuf_rptr(gbuf_cont(mioc)) = 1;
 639                 } else
 640                         *(int *)gbuf_rptr(gbuf_cont(mioc)) = -1;
 641                 break;
 642
 643         case DDP_IOC_GET_CFG:
 644                 {
 645                 struct atp_state *atp = (struct atp_state *)gref->info;
 646                 if (atp->dflag)
 647                         atp = (struct atp_state *)atp->atp_msgq;
 648
 649                 if (gbuf_cont(mioc) == 0) {
 650                         asp_iocnak(gref, mioc, EINVAL);
 651                         return 0;
 652                 }
 653                 /* *** borrowed from ddp_proto.c to handle DDP_IOC_GET_CFG
 654                        on atp fd *** */
 655                 scb->state = ASPSTATE_Idle;
 656                 {
 657                 /* *** was ddp_get_cfg() *** */
 658                   ddp_addr_t *cfgp =
 659                     (ddp_addr_t *)gbuf_rptr(gbuf_cont(mioc));
 660                   cfgp->inet.net = ifID_home->ifThisNode.s_net;
 661                   cfgp->inet.node = ifID_home->ifThisNode.s_node;
 662                   cfgp->inet.socket = atp->atp_socket_no;
 663                   cfgp->ddptype = DDP_ATP;
 664                 }
 665                 gbuf_wset(gbuf_cont(mioc), sizeof(at_inet_t));
 666                 }
 667                 break;
 668
 669         default:
 670                 asp_iocnak(gref, mioc, EINVAL);
 671                 return 0;
 672         }
 673
 674         asp_iocack(gref, mioc);
 675         return 0;
 676 } /* asp_wput */
 677
 678 /*
 679  * send request routine
 680  */
 681 StaticProc int
 682 asp_send_req(gref, mioc, dest, retry, awp, xo, state, bitmap)
 683         gref_t *gref;
 684         gbuf_t *mioc;
 685         at_inet_t *dest;
 686         at_retry_t *retry;
 687         asp_word_t *awp;
 688         unsigned char xo;
 689         unsigned char state;
 690         unsigned char bitmap;
 691 {
 692         int i;
 693         gbuf_t *mdata;
 694         ioc_t *iocbp;
 695         struct atp_set_default *sd;
 696         at_ddp_t *ddp;
 697         at_atp_t *atp;
 698         struct atpBDS *atpBDS;
 699         asp_scb_t *scb = (asp_scb_t *)gref->info;
 700
 701         /*
 702          * allocate an ATP buffer for the request
 703          */
 704         if ((gbuf_cont(mioc) = gbuf_alloc(aspCMDsize, PRI_MED)) == 0) {
 705                 if (awp->func == ASPFUNC_Tickle)
 706                         gbuf_freem(mioc);
 707                 else
 708                         asp_iocnak(gref, mioc, ENOBUFS);
 709                 dPrintf(D_M_ASP, D_L_WARNING,
 710                 ("asp_send_req: ENOBUFS, loc=%d\n", scb->loc_addr.socket));
 711
 712                 return -1;
 713         }
 714         mdata = gbuf_cont(mioc);
 715         iocbp = (ioc_t *)gbuf_rptr(mioc);
 716
 717         /*
 718          * build the request
 719          */
 720         atpBDS = (struct atpBDS *)gbuf_rptr(mdata);
 721         gbuf_wset(mdata,atpBDSsize);
 722         for (i=0; i < ATP_TRESP_MAX; i++) {
 723                 *(unsigned long  *)atpBDS[i].bdsBuffAddr = 1;
 724                 *(unsigned short *)atpBDS[i].bdsBuffSz = ATP_DATA_SIZE;
 725         }
 726         sd = (struct atp_set_default *)gbuf_wptr(mdata);
 727         gbuf_winc(mdata,sizeof(struct atp_set_default));
 728         sd->def_retries = (retry->retries == -1) ?
 729                 ATP_INFINITE_RETRIES : retry->retries;
 730         sd->def_rate = retry->interval*TICKS_PER_SEC;
 731         sd->def_BDSlen = atpBDSsize;
 732         ddp = (at_ddp_t *)gbuf_wptr(mdata);
 733         NET_ASSIGN(ddp->src_net, scb->loc_addr.net);
 734         ddp->src_node = scb->loc_addr.node;
 735         NET_ASSIGN(ddp->dst_net, dest->net);
 736         ddp->dst_node = dest->node;
 737         ddp->dst_socket = dest->socket;
 738         UAS_ASSIGN(ddp->checksum, 0);
 739         atp = ATP_ATP_HDR(gbuf_wptr(mdata));
 740         atp->xo = xo;
 741         atp->xo_relt = xo;
 742         atp->bitmap = bitmap;
 743         gbuf_winc(mdata,TOTAL_ATP_HDR_SIZE);
 744         *(asp_word_t *)atp->user_bytes = *awp;
 745         iocbp->ioc_count = gbuf_len(mdata);
 746         iocbp->ioc_rval = 0;
 747
 748         /*
 749          * send the request
 750          */
 751         scb->state = state;
 752         dPrintf(D_M_ASP, D_L_INFO,
 753                 ("asp_send_req: %s, loc=%d, rem= %d, len=%d, state=%s\n",
 754                  aspCmdStr(awp->func),
 755                  scb->loc_addr.socket, ddp->dst_socket, iocbp->ioc_count,
 756                  aspStateStr(scb->state)));
 757
 758         atp_send_req(gref, mioc);
 759         return 0;
 760 }
 761
 762 /*
 763  * send tickle routine - locked version
 764  */
 765 StaticProc void
 766 asp_send_tickle_locked(scb)
 767         void *scb;
 768 {
 769         atalk_lock();
 770         asp_send_tickle((asp_scb_t *)scb);
 771         atalk_unlock();
 772 }
 773
 774
 775 /*
 776  * send tickle routine
 777  */
 778 StaticProc void
 779 asp_send_tickle(scb)
 780         asp_scb_t *scb;
 781 {
 782         gbuf_t *mioc;
 783         at_retry_t retry;
 784         asp_word_t aw;
 785         at_inet_t *dest;
 786
 787
 788         /*
 789          * make sure the connection is still there
 790          */
 791         if (scb->rem_addr.node == 0) {
 792                 return;
 793         }
 794
 795         if ((mioc = gbuf_alloc(sizeof(ioc_t), PRI_HI)) == 0) {
 796                 dPrintf(D_M_ASP, D_L_WARNING,
 797                 ("asp_send_tickle: ENOBUFS 0, loc=%d, rem=%d\n",
 798                         scb->loc_addr.socket,scb->rem_addr.socket));
 799                 timeout(asp_send_tickle_locked, (void *)scb, 10);
 800                 return;
 801         }
 802         gbuf_wset(mioc,sizeof(ioc_t));
 803         gbuf_set_type(mioc, MSG_IOCTL);
 804
 805         dest = scb->svc_addr.node ?
 806                 (at_inet_t *)&scb->svc_addr : (at_inet_t *)&scb->rem_addr;
 807         retry.interval = scb->tickle_interval;
 808         retry.retries  = -1;
 809         retry.backoff  = 1;
 810         aw.func = ASPFUNC_Tickle;
 811         aw.param1 = scb->sess_id;
 812         aw.param2 = 0;
 813         ((ioc_t *)gbuf_rptr(mioc))->ioc_cr = (void *)scb;
 814         ((ioc_t *)gbuf_rptr(mioc))->ioc_cmd = AT_ATP_ISSUE_REQUEST_TICKLE;
 815
 816         if (asp_send_req(scb->gref, mioc, dest, &retry, &aw, 0, scb->state, 0)) {
 817                 dPrintf(D_M_ASP, D_L_WARNING,
 818                         ("asp_send_tickle: ENOBUFS 1, loc=%d, rem=%d\n",
 819                          scb->loc_addr.socket,scb->rem_addr.socket));
 820
 821                 timeout(asp_send_tickle_locked, (void *)scb, 10);
 822                 return;
 823         }
 824 }
 825
 826 /*
 827  * accept connection routine
 828  */
 829 StaticProc void
 830 asp_accept(scb, sess_scb, m)
 831         asp_scb_t *scb;
 832         asp_scb_t *sess_scb;
 833         gbuf_t *m;
 834 {
 835         gbuf_t *mdata;
 836         at_ddp_t *ddp;
 837         at_atp_t *atp;
 838         asp_word_t *awp;
 839         at_inet_t rem_addr;
 840
 841         mdata = scb->sess_ioc;
 842         ddp = (at_ddp_t *)gbuf_rptr(mdata);
 843         atp = (at_atp_t *)(gbuf_rptr(mdata) + DDP_X_HDR_SIZE);
 844         rem_addr.net = NET_VALUE(ddp->src_net);
 845         rem_addr.node = ddp->src_node;
 846         rem_addr.socket = ddp->src_socket;
 847         awp = (asp_word_t *)atp->user_bytes;
 848
 849         sess_scb->loc_addr.net = NET_VALUE(ddp->dst_net);
 850         sess_scb->loc_addr.node = ddp->dst_node;
 851         NET_ASSIGN(ddp->src_net, sess_scb->loc_addr.net);
 852         ddp->src_node = sess_scb->loc_addr.node;
 853         NET_ASSIGN(ddp->dst_net, rem_addr.net);
 854         ddp->dst_node = rem_addr.node;
 855         ddp->dst_socket = rem_addr.socket;
 856
 857         sess_scb->sess_id = sess_scb->loc_addr.socket;
 858         sess_scb->rem_socket = rem_addr.socket;
 859         sess_scb->rem_addr = rem_addr;
 860         sess_scb->rem_addr.socket = awp->param1;
 861         sess_scb->reply_socket = sess_scb->rem_addr.socket;
 862         awp->func = sess_scb->loc_addr.socket;
 863         awp->param1 = sess_scb->sess_id;
 864         awp->param2 = 0;
 865         gbuf_freeb(m);
 866         scb->sess_ioc = gbuf_next(mdata);
 867         gbuf_next(mdata) = 0;
 868         asp_timout(asp_hangup, sess_scb, sess_scb->session_timer);
 869         atp_send_rsp(scb->gref, mdata, TRUE);
 870         asp_send_tickle(sess_scb);
 871         dPrintf(D_M_ASP, D_L_INFO,
 872                 ("asp_accept: ACCEPT connect request, loc=%d, rem=%x.%x.%d\n",
 873                 sess_scb->loc_addr.socket,
 874                 sess_scb->rem_addr.net,
 875                 sess_scb->rem_addr.node,sess_scb->rem_addr.socket));
 876 } /* asp_accept */
 877
 878 /*
 879  * timer routine - locked version
 880  */
 881 void asp_clock_locked(arg)
 882         void *arg;
 883 {
 884         atalk_lock();
 885         asp_clock(arg);
 886         atalk_unlock();
 887 }
 888
 889 /*
 890  * timer routine
 891  */
 892 void asp_clock(arg)
 893         void *arg;
 894 {
 895         asp_scb_t *scb;
 896         void (*tmo_func)();
 897
 898         if (scb_tmo_list)
 899                 scb_tmo_list->tmo_delta--;
 900         while (((scb = scb_tmo_list) != 0) && (scb_tmo_list->tmo_delta == 0)) {
 901                 if ((scb_tmo_list = scb->next_tmo) != 0)
 902                         scb_tmo_list->prev_tmo = 0;
 903                 if ((tmo_func = scb->tmo_func) != 0) {
 904                         scb->tmo_func = 0;
 905                         (*tmo_func)(scb);
 906                 }
 907         }
 908
 909         if (++scb_tmo_cnt == 0) scb_tmo_cnt++;
 910         timeout(asp_clock_locked, (void *)arg, (1<<SESS_TMO_RES)*TICKS_PER_SEC);
 911
 912 }
 913
 914 /*
 915  * ACK reply routine
 916  */
 917 void
 918 asp_ack_reply(gref, mioc)
 919         register gref_t *gref;
 920         register gbuf_t *mioc;
 921 {
 922         int len, msize, nbds;
 923         register gbuf_t *mdata, *m, *mx;
 924         struct atpBDS *atpBDS;
 925         at_ddp_t *ddp;
 926         at_atp_t *atp;
 927         register asp_scb_t *scb, *sess_scb;
 928         register ioc_t *iocbp;
 929         register asp_word_t *awp;
 930         register asp_command_ind_t *command_ind;
 931         register asp_cmdreply_ind_t *cmdreply_ind;
 932         at_inet_t rem_addr;
 933
 934         iocbp = (ioc_t *)gbuf_rptr(mioc);
 935
 936         if (iocbp->ioc_cmd == AT_ATP_ISSUE_REQUEST_TICKLE) {
 937                 /*
 938                  * ignore the ack for the tickle request
 939                  */
 940                 scb = (asp_scb_t *)iocbp->ioc_cr;
 941                 scb->tickle_tid = (unsigned short)iocbp->ioc_rval;
 942                 gbuf_freem(mioc);
 943                 return;
 944         }
 945
 946         scb = (asp_scb_t *)gref->info;
 947         if (scb == 0) {
 948                 gbuf_freem(mioc);
 949                 return;
 950         }
 951
 952         if (iocbp->ioc_cmd == AT_ATP_GET_POLL) {
 953                 /*
 954                  * if no data, just drop the request
 955                  */
 956                 if ((mdata = gbuf_cont(mioc)) == 0) {
 957                         gbuf_freeb(mioc);
 958                         return;
 959                 }
 960
 961                 gbuf_set_type(mioc, MSG_IOCTL);
 962                 ddp = (at_ddp_t *)gbuf_rptr(mdata);
 963                 gbuf_rinc(mdata,DDP_X_HDR_SIZE);
 964                 atp = (at_atp_t *)gbuf_rptr(mdata);
 965                 gbuf_rinc(mdata,ATP_HDR_SIZE);
 966                 rem_addr.net = NET_VALUE(ddp->src_net);
 967                 rem_addr.node = ddp->src_node;
 968                 rem_addr.socket = ddp->src_socket;
 969                 awp = (asp_word_t *)atp->user_bytes;
 970
 971                 if (scb->next_scb) {
 972                         /*
 973                          * find the responsible scb
 974                          */
 975                         if ((scb = asp_find_scb(scb->loc_addr.socket, &rem_addr)) == 0) {
 976                                 gbuf_freem(mioc);
 977                                 return;
 978                         }
 979                 }
 980                 dPrintf(D_M_ASP, D_L_INFO,
 981                         ("asp_ack_reply: %s, loc=%d, rem=%x.%x.%d\n",
 982                         aspCmdStr(awp->func),scb->loc_addr.socket,
 983                         NET_VALUE(ddp->src_net) ,ddp->src_node,ddp->src_socket));
 984
 985                 if (scb->rem_addr.node)
 986                         asp_untimout(asp_hangup, scb);
 987
 988                 switch (awp->func) {
 989                 case ASPFUNC_GetStatus:
 990                         /*
 991                          * ignore if this is not a server socket
 992                          */
 993                         mx = 0;
 994                         if ((scb->dflag != 1) || (scb->stat_msg
 995                                         && ((mx = gbuf_dupb(scb->stat_msg)) == 0)))
 996                                 break;
 997                         gbuf_freeb(mioc);
 998
 999                         /*
1000                          * send the status block
1001                          */
1002                         if (gbuf_cont(mdata)) {
1003                                 gbuf_freem(gbuf_cont(mdata));
1004                                 gbuf_cont(mdata) = 0;
1005                         }
1006                         gbuf_rdec(mdata,TOTAL_ATP_HDR_SIZE);
1007                         if ((m = gbuf_alloc( (TOTAL_ATP_HDR_SIZE+atpBDSsize), PRI_MED)) == 0) {
1008                                 gbuf_freem(mdata);
1009                                 gbuf_freeb(mx);
1010                                 goto l_done;
1011                         }
1012                         bcopy(gbuf_rptr(mdata), gbuf_rptr(m), TOTAL_ATP_HDR_SIZE);
1013                         gbuf_freeb(mdata);
1014                         mdata = m;
1015                         ddp = (at_ddp_t *)gbuf_rptr(mdata);
1016                         gbuf_wset(mdata,DDP_X_HDR_SIZE);
1017                         atp = (at_atp_t *)gbuf_wptr(mdata);
1018                         gbuf_winc(mdata,ATP_HDR_SIZE);
1019                         awp = (asp_word_t *)atp->user_bytes;
1020                         NET_NET(ddp->src_net, ddp->dst_net);
1021                         ddp->src_node = ddp->dst_node;
1022                         NET_ASSIGN(ddp->dst_net, rem_addr.net);
1023                         ddp->dst_node = rem_addr.node;
1024                         ddp->dst_socket = rem_addr.socket;
1025                         UAS_ASSIGN(ddp->checksum, 0);
1026                         atpBDS = (struct atpBDS *)gbuf_wptr(mdata);
1027                         msize = mx ? gbuf_msgsize(mx) : 0;
1028                         for (nbds=0; (nbds < ATP_TRESP_MAX) && (msize > 0); nbds++) {
1029                                 len = msize < ATP_DATA_SIZE ? msize : ATP_DATA_SIZE;
1030                                 msize -= ATP_DATA_SIZE;
1031                                 *(long *)atpBDS[nbds].bdsUserData = 0;
1032                                 UAL_ASSIGN(atpBDS[nbds].bdsBuffAddr, 1);
1033                                 UAS_ASSIGN(atpBDS[nbds].bdsBuffSz, len);
1034                         }
1035                         UAS_ASSIGN(atpBDS[0].bdsDataSz, nbds);
1036                         gbuf_winc(mdata,atpBDSsize);
1037                         gbuf_cont(mdata) = mx;
1038                         atp_send_rsp(gref, mdata, FALSE);
1039                         goto l_done;
1040
1041                 case ASPFUNC_OpenSess:
1042                         /*
1043                          * ignore if server is not ready
1044                          */
1045                         if ((scb->dflag != 1) || (scb->stat_msg == 0))
1046                                 break;
1047                         gbuf_freeb(mioc);
1048
1049                         if (gbuf_cont(mdata)) {
1050                                 gbuf_freem(gbuf_cont(mdata));
1051                                 gbuf_cont(mdata) = 0;
1052                         }
1053                         gbuf_rdec(mdata,TOTAL_ATP_HDR_SIZE);
1054                         gbuf_wset(mdata,TOTAL_ATP_HDR_SIZE);
1055                         if (awp->param2 != ASP_Version) {
1056                                 /*
1057                                  * bad version number, send the OpenSession response
1058                                  */
1059                                 awp->func = 0;
1060                                 awp->param1 = 0;
1061                                 awp->param2 = htons((unsigned short)ASPERR_BadVersNum);
1062                                 dPrintf(D_M_ASP, D_L_INFO,
1063                                         ("             : version=%d\n",
1064                                         ASPERR_BadVersNum));
1065
1066                                 NET_NET(ddp->src_net, ddp->dst_net);
1067                                 ddp->src_node = ddp->dst_node;
1068                                 NET_ASSIGN(ddp->dst_net, rem_addr.net);
1069                                 ddp->dst_node = rem_addr.node;
1070                                 ddp->dst_socket = rem_addr.socket;
1071                                 atp_send_rsp(gref, mdata, FALSE);
1072                                 return;
1073                         }
1074
1075                         /*
1076                          * queue the connection request
1077                          */
1078                         gbuf_next(mdata) = 0;
1079                         if ((m = scb->sess_ioc) == 0) {
1080                                 scb->sess_ioc = mdata;
1081                                 if (scb->get_wait)
1082                                         wakeup(&scb->event);
1083                                 else
1084                                         atalk_notify_sel(gref);
1085                         } else {
1086                                 while (gbuf_next(m))
1087                                         m = gbuf_next(m);
1088                                 gbuf_next(m) = mdata;
1089                         }
1090                         dPrintf(D_M_ASP, D_L_INFO,
1091                                 ("             : QUEUE connect request\n"));
1092
1093                         return;
1094
1095                 case ASPFUNC_Command:
1096                 case ASPFUNC_Write:
1097                         if ( (scb->sess_id != awp->param1)
1098                              || (scb->rcv_seq_num != ntohs(awp->param2))
1099                              || BAD_REMADDR(rem_addr) ) {
1100                                 char era[8], ra[8];
1101                                 sprintf(era,"%d.%d", scb->rem_addr.node,scb->rem_addr.socket);
1102                                 sprintf(ra,"%d.%d", rem_addr.node,rem_addr.socket);
1103                                 dPrintf(D_M_ASP, D_L_WARNING,
1104                                         ("             : DROP, id=%d,esn=%d,sn=%d,erem=%s,rem=%s\n",
1105                                         scb->sess_id,scb->rcv_seq_num,awp->param2,era,ra));
1106                                 gbuf_cont(mioc) = 0;
1107                                 gbuf_rdec(mdata,TOTAL_ATP_HDR_SIZE);
1108                                 atp_drop_req(gref, mdata);
1109                                 break;
1110                         }
1111                         scb->reply_socket = rem_addr.socket;
1112                         if (awp->func == ASPFUNC_Write)
1113                                 scb->wrt_seq_num = scb->rcv_seq_num;
1114                         NEXT_SEQ_NUM(scb->rcv_seq_num);
1115                         gbuf_set_type(mioc, MSG_PROTO);
1116                         gbuf_wset(mioc,sizeof(asp_command_ind_t));
1117                         command_ind = (asp_command_ind_t *)gbuf_rptr(mioc);
1118                         command_ind->Primitive = (int)awp->func;
1119                         command_ind->ReqRefNum =
1120                                 ntohs(*(unsigned short *)atp->tid);
1121                         command_ind->ReqType = awp->func;
1122
1123                         mdata = gbuf_strip(mdata);
1124                         gbuf_cont(mioc) = mdata;
1125                         if (scb->req_flag) {
1126                                 if ((mx = scb->req_msgq) != 0) {
1127                                         while (gbuf_next(mx))
1128                                                 mx = gbuf_next(mx);
1129                                         gbuf_next(mx) = mioc;
1130                                 } else
1131                                         scb->req_msgq = mioc;
1132                         } else {
1133                                 scb->req_flag = 1;
1134                                 asp_putnext(scb->gref, mioc);
1135                         }
1136                         goto l_done;
1137
1138                 case ASPFUNC_WriteContinue:
1139                         if ( (scb->sess_id != awp->param1)
1140                              || (scb->snd_seq_num != awp->param2)
1141                              || BAD_REMADDR(rem_addr) ) {
1142                                 break;
1143                         }
1144                         scb->reply_socket = rem_addr.socket;
1145                         gbuf_set_type(mioc, MSG_PROTO);
1146                         gbuf_wset(mioc,sizeof(asp_command_ind_t));
1147                         command_ind = (asp_command_ind_t *)gbuf_rptr(mioc);
1148                         command_ind->Primitive = (int)awp->func;
1149                         command_ind->ReqRefNum =
1150                                 ntohs(*(unsigned short *)atp->tid);
1151                         command_ind->ReqType = awp->func;
1152
1153                         mdata = gbuf_strip(mdata);
1154                         gbuf_cont(mioc) = mdata;
1155                         asp_putnext(scb->gref, mioc);
1156                         goto l_done;
1157
1158                 case ASPFUNC_Tickle:
1159                         if (scb->stat_msg) {
1160                                 sess_scb = asp_scbQ[awp->param1];
1161                                 if (sess_scb && sess_scb->next_scb)
1162                                         sess_scb = asp_find_scb(
1163                                                 sess_scb->loc_addr.socket, &rem_addr);
1164                                 if (sess_scb) {
1165                                 if (sess_scb->rem_addr.node)
1166                                         asp_untimout(asp_hangup, sess_scb);
1167                                 if (sess_scb->rem_addr.node)
1168                                         asp_timout(asp_hangup, sess_scb, sess_scb->session_timer);
1169                                 }
1170                         }
1171                         dPrintf(D_M_ASP, D_L_INFO,
1172                                 ("             : Tickle, %d -> %d, id=%d\n",
1173                                 ddp->src_socket,ddp->dst_socket,awp->param1));
1174                         break;
1175
1176                 case ASPFUNC_CloseSess:
1177                         if ( (scb->sess_id != awp->param1)
1178                              || (scb->state == ASPSTATE_Close)
1179                              || (scb->state == ASPSTATE_WaitingForCloseSessRsp)
1180                              || (scb->rem_addr.net != rem_addr.net)
1181                              || (scb->rem_addr.node != rem_addr.node) ) {
1182                                 dPrintf(D_M_ASP, D_L_INFO,
1183                                         ("             : CLOSE retry, loc=%d, rem=%x.%x.%d\n",
1184                                         scb->loc_addr.socket,
1185                                         scb->rem_addr.net,
1186                                         scb->rem_addr.node,
1187                                         scb->rem_addr.socket));
1188
1189                                 break;
1190                         }
1191                         gbuf_freeb(mioc);
1192
1193                         /*
1194                          * build the CloseSess response to be sent to peer
1195                          * when the session is closed by the user.
1196                          */
1197                         if (gbuf_cont(mdata)) {
1198                                 gbuf_freem(gbuf_cont(mdata));
1199                                 gbuf_cont(mdata) = 0;
1200                         }
1201                         gbuf_rdec(mdata,TOTAL_ATP_HDR_SIZE);
1202                         gbuf_wset(mdata,TOTAL_ATP_HDR_SIZE);
1203                         NET_NET(ddp->src_net, ddp->dst_net);
1204                         ddp->src_node = ddp->dst_node;
1205                         NET_ASSIGN(ddp->dst_net, rem_addr.net);
1206                         ddp->dst_node = rem_addr.node;
1207                         ddp->dst_socket = rem_addr.socket;
1208                         awp->func = 0;
1209                         awp->param1 = 0;
1210                         awp->param2 = 0;
1211                         dPrintf(D_M_ASP,D_L_INFO,
1212                                 ("             : CLOSE, loc=%d, rem=%x.%x.%d\n",
1213                                 scb->loc_addr.socket,
1214                                 scb->rem_addr.net,
1215                                 scb->rem_addr.node,
1216                                 scb->rem_addr.socket));
1217
1218                         gbuf_next(mdata) = 0;
1219                         if (scb->sess_ioc)
1220                                 gbuf_freel(scb->sess_ioc);
1221                         scb->sess_ioc = mdata;
1222                         scb->state = ASPSTATE_Close;
1223
1224                         /*
1225                          * notify upstream of the CloseSess from peer
1226                          */
1227                         asp_hangup(scb);
1228                         return;
1229
1230                 case ASPFUNC_Attention:
1231                         if ( (scb->sess_id != awp->param1)
1232                              || (scb->rem_addr.net != rem_addr.net)
1233                              || (scb->rem_addr.node != rem_addr.node) ) {
1234                                 break;
1235                         }
1236                         gbuf_set_type(mioc, MSG_PROTO);
1237                         gbuf_wset(mioc,sizeof(asp_command_ind_t));
1238                         command_ind = (asp_command_ind_t *)gbuf_rptr(mioc);
1239                         command_ind->Primitive = (int)awp->func;
1240                         command_ind->ReqRefNum =
1241                                 ntohs(*(unsigned short *)atp->tid);
1242                         command_ind->ReqType = awp->func;
1243                         scb->attn_tid = *(unsigned short *)atp->tid;
1244                         scb->attn_flag = 1;
1245                         gbuf_rdec(mdata,2); /* attention code */
1246
1247                         mdata = gbuf_strip(mdata);
1248                         gbuf_cont(mioc) = mdata;
1249                         asp_putnext(scb->gref, mioc);
1250                         goto l_done;
1251
1252                 default:
1253                         dPrintf(D_M_ASP, D_L_WARNING,
1254                                 ("             : UNKNOWN func, func=%d\n",
1255                                 awp->func));
1256
1257                         break;
1258                 }
1259         }
1260
1261         else if (iocbp->ioc_cmd == AT_ATP_REQUEST_COMPLETE) {
1262                 if (scb->next_scb) {
1263                         /*
1264                          * find the responsible scb
1265                          */
1266                         scb = (asp_scb_t *)iocbp->ioc_private;
1267                         if ((scb == 0) || (scb->magic_num != 222)) {
1268                                 dPrintf(D_M_ASP, D_L_ERROR,
1269                                         ("asp_ack_reply: CAN'T find scb 1\n"));
1270                                 gbuf_freem(mioc);
1271                                 return;
1272                         }
1273                 }
1274                 dPrintf(D_M_ASP, D_L_INFO,
1275                         ("asp_ack_reply: RSP, loc=%d, rem=%x.%x.%d, state=%s\n",
1276                         scb->loc_addr.socket,
1277                         scb->rem_addr.net,
1278                         scb->rem_addr.node,
1279                         scb->rem_addr.socket,
1280                         aspStateStr(scb->state)));
1281
1282                 switch (scb->state) {
1283                 case ASPSTATE_Close:
1284                 case ASPSTATE_Idle:
1285                         scb->rem_addr.node = 0;
1286                         gbuf_freem(mioc);
1287                         if (scb->get_wait)
1288                                 wakeup(&scb->event);
1289                         else
1290                                 atalk_notify_sel(gref);
1291                         return;
1292
1293                 case ASPSTATE_WaitingForGetStatusRsp:
1294                         scb->ioc_wait = 0;
1295                         scb->state = ASPSTATE_Idle;
1296                         mx = gbuf_cont(mioc);
1297                         gbuf_cont(mioc) = 0;
1298                         mdata = gbuf_cont(mx);
1299                         gbuf_cont(mx) = 0;
1300                         iocbp->ioc_cmd = ASPIOC_GetStatus;
1301                         iocbp->ioc_count = 0;
1302                         iocbp->ioc_rval = mdata ? gbuf_msgsize(mdata) : 0;
1303                         gbuf_freeb(mx);
1304                         atalk_putnext(gref, mioc);
1305                         atalk_putnext(gref, mdata);
1306                         return;
1307
1308                 case ASPSTATE_WaitingForOpenSessRsp:
1309                         scb->ioc_wait = 0;
1310                         scb->state = ASPSTATE_Idle;
1311                         mx = gbuf_cont(mioc);
1312                         gbuf_cont(mioc) = 0;
1313                         if (gbuf_cont(mx)) {
1314                                 gbuf_freem(gbuf_cont(mx));
1315                                 gbuf_cont(mx) = 0;
1316                         }
1317                         iocbp->ioc_cmd = ASPIOC_OpenSession;
1318                         iocbp->ioc_rval = 0;
1319                         iocbp->ioc_count = 0;
1320                         atpBDS = (struct atpBDS *)gbuf_rptr(mx);
1321                         awp = (asp_word_t *)atpBDS->bdsUserData;
1322                         if (awp->param2) {
1323                                 gbuf_freeb(mx);
1324                                 asp_iocnak(gref, mioc, ECONNREFUSED);
1325                         } else {
1326                                 scb->rem_addr.node = scb->rem_node;
1327                                 scb->rem_addr.socket = awp->func;
1328                                 /* bms:  need to set the reply_socket for client side too.
1329                                 This makes ALO atten replies sent by the client work. */
1330                                 scb->reply_socket = scb->rem_addr.socket;
1331                                 scb->sess_id = awp->param1;
1332                                 gbuf_freeb(mx);
1333                                 atalk_putnext(gref, mioc);
1334                                 asp_timout(asp_hangup, scb, scb->session_timer);
1335                                 asp_send_tickle(scb);
1336                                 dPrintf(D_M_ASP, D_L_INFO,
1337                                         ("asp_ack_reply: CONNECT, loc=%d, rem=%x.%x.%d\n",
1338                                         scb->loc_addr.socket,
1339                                         scb->rem_addr.net,
1340                                         scb->rem_addr.node,
1341                                         scb->rem_addr.socket));
1342                         }
1343                         return;
1344
1345                 case ASPSTATE_WaitingForCommandRsp:
1346                 case ASPSTATE_WaitingForWriteRsp:
1347                 case ASPSTATE_WaitingForWriteContinueRsp:
1348                         if (scb->rem_addr.node)
1349                                 asp_untimout(asp_hangup, scb);
1350                         NEXT_SEQ_NUM(scb->snd_seq_num);
1351                         scb->state = ASPSTATE_Idle;
1352                         gbuf_set_type(mioc, MSG_PROTO);
1353                         mx = gbuf_cont(mioc);
1354                         mdata = gbuf_cont(mx);
1355                         gbuf_cont(mioc) = mdata;
1356                         atpBDS = (struct atpBDS *)gbuf_rptr(mx);
1357                         cmdreply_ind = (asp_cmdreply_ind_t *)gbuf_rptr(mioc);
1358                         cmdreply_ind->Primitive = ASPFUNC_CmdReply;
1359                         cmdreply_ind->CmdResult = ntohl(*(int *)atpBDS->bdsUserData);
1360                         gbuf_wset(mioc,sizeof(asp_cmdreply_ind_t));
1361                         gbuf_freeb(mx);
1362                         asp_putnext(scb->gref, mioc);
1363                         goto l_done;
1364
1365                 case ASPSTATE_WaitingForCloseSessRsp:
1366                         scb->ioc_wait = 0;
1367                         scb->state = ASPSTATE_Close;
1368                         scb->rem_addr.node = 0;
1369                         iocbp->ioc_cmd = ASPIOC_CloseSession;
1370                         iocbp->ioc_rval = 0;
1371                         if (gbuf_cont(mioc)) {
1372                                 gbuf_freem(gbuf_cont(mioc));
1373                                 gbuf_cont(mioc) = 0;
1374                         }
1375                         atalk_putnext(scb->gref, mioc);
1376                         atp_cancel_req(scb->gref, (unsigned int)scb->tickle_tid);
1377                         scb->tickle_tid = 0;
1378                         return;
1379
1380                 default:
1381                         dPrintf(D_M_ASP, D_L_WARNING,
1382                         ("             : UNKNOWN state, state=%s\n",
1383                          aspStateStr(scb->state)));
1384                         break;
1385                 }
1386         }
1387
1388         else {
1389                 if (scb->next_scb) {
1390                         /*
1391                          * find the responsible scb
1392                          */
1393                         scb = (asp_scb_t *)iocbp->ioc_cr;
1394                         if ((scb == 0) || (scb->magic_num != 222)) {
1395                                 dPrintf(D_M_ASP, D_L_ERROR,
1396                                         ("asp_ack_reply: CAN'T find scb 2\n"));
1397                                 gbuf_freem(mioc);
1398                                 return;
1399                         }
1400                 }
1401
1402                 switch (scb->state) {
1403                 case ASPSTATE_Close:
1404                         scb->rem_addr.node = 0;
1405                         break;
1406                 }
1407         }
1408
1409         if (mioc != 0)
1410                 gbuf_freem(mioc);
1411
1412 l_done:
1413         if (scb->rem_addr.node)
1414                 asp_timout(asp_hangup, scb, scb->session_timer);
1415 } /* asp_ack_reply */
1416
1417 /*
1418  * NAK reply routine
1419  */
1420 void
1421 asp_nak_reply(gref, mioc)
1422         register gref_t *gref;
1423         register gbuf_t *mioc;
1424 {
1425         register asp_scb_t *scb;
1426         register ioc_t *iocbp;
1427
1428         iocbp = (ioc_t *)gbuf_rptr(mioc);
1429
1430         if (iocbp->ioc_cmd == AT_ATP_ISSUE_REQUEST_TICKLE) {
1431                 /*
1432                  * no tickle, close session
1433                  */
1434                 scb = (asp_scb_t *)iocbp->ioc_cr;
1435                 gbuf_freem(mioc);
1436                 asp_hangup(scb);
1437                 dPrintf(D_M_ASP, D_L_WARNING,
1438                         ("tickle_nak: loc=%d, rem=%x.%x.%d, state=%s\n",
1439                         scb->loc_addr.socket,
1440                         scb->rem_addr.net,
1441                         scb->rem_addr.node,
1442                         scb->rem_addr.socket,
1443                         aspStateStr(scb->state)));
1444
1445                 return;
1446         }
1447
1448         scb = (asp_scb_t *)gref->info;
1449         if (scb == 0) {
1450                 gbuf_freem(mioc);
1451                 return;
1452         }
1453
1454         if (iocbp->ioc_cmd == AT_ATP_REQUEST_COMPLETE) {
1455                 if (scb->next_scb) {
1456                         /*
1457                          * find the responsible scb
1458                          */
1459                         scb = (asp_scb_t *)iocbp->ioc_private;
1460                         if ((scb == 0) || (scb->magic_num != 222)) {
1461                                 dPrintf(D_M_ASP, D_L_ERROR,
1462                                         ("asp_nak_reply: CAN'T find scb 1\n"));
1463                                 gbuf_freem(mioc);
1464                                 return;
1465                         }
1466                 }
1467                 dPrintf(D_M_ASP, D_L_WARNING,
1468                         ("asp_nak_reply: RSP, loc=%d, rem=%x.%x.%d, state=%s\n",
1469                         scb->loc_addr.socket,
1470                         scb->rem_addr.net,
1471                         scb->rem_addr.node,
1472                         scb->rem_addr.socket,
1473                         aspStateStr(scb->state)));
1474
1475                 switch (scb->state) {
1476                 case ASPSTATE_WaitingForGetStatusRsp:
1477                         iocbp->ioc_cmd = ASPIOC_GetStatus;
1478                         break;
1479
1480                 case ASPSTATE_WaitingForOpenSessRsp:
1481                         iocbp->ioc_cmd = ASPIOC_OpenSession;
1482                         break;
1483
1484                 case ASPSTATE_WaitingForCommandRsp:
1485                 case ASPSTATE_WaitingForWriteRsp:
1486                 case ASPSTATE_WaitingForWriteContinueRsp:
1487                         scb->state = ASPSTATE_Idle;
1488
1489                         /* last remaining use of MSG_ERROR */
1490                         gbuf_set_type(mioc, MSG_ERROR);
1491                         *gbuf_rptr(mioc) = (u_char)EPROTOTYPE;
1492                         gbuf_wset(mioc, 1);
1493                         if (gbuf_cont(mioc)) {
1494                                 gbuf_freem(gbuf_cont(mioc));
1495                                 gbuf_cont(mioc) = 0;
1496                         }
1497
1498                         asp_putnext(scb->gref, mioc);
1499                         return;
1500
1501                 case ASPSTATE_WaitingForCloseSessRsp:
1502                         scb->state = ASPSTATE_Close;
1503                         /* fall through */
1504                 case ASPSTATE_Close: /* new for PR-2296832 */
1505                         scb->rem_addr.node = 0;
1506                         iocbp->ioc_cmd = ASPIOC_CloseSession;
1507                         iocbp->ioc_rval = 0;
1508                         if (gbuf_cont(mioc)) {
1509                                 gbuf_freem(gbuf_cont(mioc));
1510                                 gbuf_cont(mioc) = 0;
1511                         }
1512                         gbuf_set_type(mioc, MSG_IOCACK);
1513                         atalk_putnext(scb->gref, mioc);
1514                         return;
1515
1516                 default:
1517                         gbuf_freem(mioc);
1518                         return;
1519                 }
1520                 scb->state = ASPSTATE_Idle;
1521                 atalk_putnext(gref, mioc);
1522         }
1523
1524         else {
1525                 if (scb->next_scb) {
1526                         /*
1527                          * find the responsible scb
1528                          */
1529                         scb = (asp_scb_t *)iocbp->ioc_cr;
1530                         if ((scb == 0) || (scb->magic_num != 222)) {
1531                                 dPrintf(D_M_ASP, D_L_ERROR,
1532                                         ("asp_nak_reply: CAN'T find scb 2\n"));
1533                                 gbuf_freem(mioc);
1534                                 return;
1535                         }
1536                 }
1537
1538                 switch (scb->state) {
1539                 case ASPSTATE_Close:
1540                         scb->rem_addr.node = 0;
1541                         break;
1542                 }
1543
1544                 gbuf_freem(mioc);
1545         }
1546 } /* asp_nak_reply */
1547
1548 /*
1549  * delete scb from the use list
1550  */
1551 StaticProc void
1552 asp_dequeue_scb(scb)
1553         asp_scb_t *scb;
1554 {
1555
1556         if (scb == scb_used_list) {
1557                 if ((scb_used_list = scb->next_scb) != 0)
1558                         scb->next_scb->prev_scb = 0;
1559         } else {
1560                 if ((scb->prev_scb->next_scb = scb->next_scb) != 0)
1561                         scb->next_scb->prev_scb = scb->prev_scb;
1562         }
1563
1564         scb->next_scb = 0;
1565         scb->prev_scb = 0;
1566 }
1567
1568 /*
1569  * find scb routine
1570  */
1571 StaticProc asp_scb_t *
1572 asp_find_scb(sock_num, rem_addr)
1573         unsigned char sock_num;
1574         at_inet_t *rem_addr;
1575 {
1576         asp_scb_t *scb;
1577         asp_scb_t *alt_scb = 0;
1578
1579         for (scb = asp_scbQ[sock_num]; scb; scb = scb->next_scb) {
1580                 if ((scb->rem_addr.net == rem_addr->net)
1581                         && (scb->rem_addr.node == rem_addr->node)) {
1582                         if ((scb->rem_addr.socket == rem_addr->socket)
1583                                         || (scb->rem_socket == rem_addr->socket))
1584                                 break;
1585                         else if (alt_scb == 0)
1586                                 alt_scb = scb;
1587                 }
1588         }
1589
1590         if ((scb == 0) && ((scb = alt_scb) == 0)) {
1591                 dPrintf(D_M_ASP, D_L_ERROR,
1592                         ("asp_find_scb: CAN'T find scb, loc=%d, rem=%x.%x.%d\n",
1593                         sock_num,
1594                         rem_addr->net,
1595                         rem_addr->node,
1596                         rem_addr->socket));
1597         }
1598
1599         return scb;
1600 }
1601
1602 /*
1603  * timout routine
1604  */
1605 StaticProc void
1606 asp_timout(func, scb, seconds)
1607         void (*func)();
1608         register asp_scb_t *scb;
1609         int seconds;
1610 {
1611         unsigned char sum;
1612         register asp_scb_t *curr_scb, *prev_scb;
1613
1614         if (scb->tmo_func)
1615                 return;
1616
1617         scb->tmo_func = func;
1618         scb->tmo_delta = (seconds>>SESS_TMO_RES);
1619         scb->tmo_cnt = scb_tmo_cnt;
1620
1621         if (scb_tmo_list == 0) {
1622                 scb->next_tmo = scb->prev_tmo = 0;
1623                 scb_tmo_list = scb;
1624                 return;
1625         }
1626
1627         prev_scb = 0;
1628         curr_scb = scb_tmo_list;
1629         sum = 0;
1630
1631         while (1) {
1632                 sum += curr_scb->tmo_delta;
1633                 if (sum > scb->tmo_delta) {
1634                         sum -= curr_scb->tmo_delta;
1635                         scb->tmo_delta -= sum;
1636                         curr_scb->tmo_delta -= scb->tmo_delta;
1637                         break;
1638                 }
1639                 prev_scb = curr_scb;
1640                 if ((curr_scb = curr_scb->next_tmo) == 0) {
1641                         scb->tmo_delta -= sum;
1642                         break;
1643                 }
1644         }
1645
1646         if (prev_scb) {
1647                 scb->prev_tmo = prev_scb;
1648                 if ((scb->next_tmo = prev_scb->next_tmo) != 0)
1649                         prev_scb->next_tmo->prev_tmo = scb;
1650                 prev_scb->next_tmo = scb;
1651         } else {
1652                 scb->prev_tmo = 0;
1653                 scb->next_tmo = scb_tmo_list;
1654                 scb_tmo_list->prev_tmo = scb;
1655                 scb_tmo_list = scb;
1656         }
1657 }
1658
1659 /*
1660  * untimout routine
1661  */
1662 StaticProc void
1663 asp_untimout(func, scb)
1664         void (*func)();
1665         register asp_scb_t *scb;
1666 {
1667
1668         if ((scb->tmo_cnt == scb_tmo_cnt) || (scb->tmo_func == 0))
1669                 return;
1670
1671         if (scb_tmo_list == scb) {
1672                 if ((scb_tmo_list = scb->next_tmo) != 0) {
1673                         scb_tmo_list->prev_tmo = 0;
1674                         scb->next_tmo->tmo_delta += scb->tmo_delta;
1675                 }
1676         } else if (scb->prev_tmo) {
1677                 if ((scb->prev_tmo->next_tmo = scb->next_tmo) != 0) {
1678                         scb->next_tmo->prev_tmo = scb->prev_tmo;
1679                         scb->next_tmo->tmo_delta += scb->tmo_delta;
1680                 }
1681                 scb->prev_tmo = 0;
1682         }
1683         scb->tmo_func = 0;
1684 }
1685
1686 /*
1687  * hangup routine
1688  */
1689 StaticProc void
1690 asp_hangup(scb)
1691         asp_scb_t *scb;
1692 {
1693         int s;
1694
1695         /*
1696          * set the state to Close
1697          */
1698         scb->state = ASPSTATE_Close;
1699         if (scb->tickle_tid) {
1700                 atp_cancel_req(scb->gref, (unsigned int)scb->tickle_tid);
1701                 scb->tickle_tid = 0;
1702         }
1703
1704         /*
1705          * notify upstream of the hangup
1706          */
1707         if (scb->rem_addr.node) {
1708                 if (scb->get_wait)
1709                         wakeup(&scb->event);
1710                 else
1711                         atalk_notify_sel(scb->gref);
1712         }
1713 }
1714
1715 StaticProc void
1716 asp_iocack(gref, mioc)
1717         gref_t *gref;
1718         gbuf_t *mioc;
1719 {
1720         if (gbuf_cont(mioc))
1721                 ((ioc_t *)gbuf_rptr(mioc))->ioc_count = gbuf_msgsize(gbuf_cont(mioc));
1722         else
1723                 ((ioc_t *)gbuf_rptr(mioc))->ioc_count = 0;
1724
1725         gbuf_set_type(mioc, MSG_IOCACK);
1726         atalk_putnext(gref, mioc);
1727 }
1728
1729 StaticProc void
1730 asp_iocnak(gref, mioc, err)
1731         gref_t *gref;
1732         gbuf_t *mioc;
1733         int err;
1734 {
1735         ((ioc_t *)gbuf_rptr(mioc))->ioc_count = 0;
1736         if (err == 0)
1737                 err = ENXIO;
1738         ((ioc_t *)gbuf_rptr(mioc))->ioc_error = err;
1739         ((ioc_t *)gbuf_rptr(mioc))->ioc_rval = -1;
1740         if (gbuf_cont(mioc)) {
1741                 gbuf_freem(gbuf_cont(mioc));
1742                 gbuf_cont(mioc) = 0;
1743         }
1744
1745         gbuf_set_type(mioc, MSG_IOCNAK);
1746         atalk_putnext(gref, mioc);
1747 }
1748
1749 /*
1750  * the alloc scb routine
1751  */
1752 StaticProc asp_scb_t *
1753 asp_scb_alloc()
1754 {
1755         int i;
1756         gbuf_t *m;
1757         asp_scb_t *scb, *scb_array;
1758
1759         if (scb_free_list == 0) {
1760                 if ((m = gbuf_alloc(SCBS_PER_BLK*sizeof(asp_scb_t), PRI_MED)) == 0)
1761                         return (asp_scb_t *)0;
1762                 bzero((char *)gbuf_rptr(m), SCBS_PER_BLK*sizeof(asp_scb_t));
1763                 gbuf_cont(m) = scb_resource_m;
1764                 scb_resource_m = m;
1765                 scb_array = (asp_scb_t *)gbuf_rptr(m);
1766                 for (i=0; i < SCBS_PER_BLK-1; i++)
1767                         scb_array[i].next_scb = (asp_scb_t *)&scb_array[i+1];
1768                 scb_array[i].next_scb = 0;
1769                 scb_free_list = (asp_scb_t *)&scb_array[0];
1770         }
1771
1772         scb = scb_free_list;
1773         scb_free_list = scb->next_scb;
1774         ATEVENTINIT(scb->event);
1775         ATEVENTINIT(scb->delay_event);
1776
1777         return scb;
1778 }
1779
1780 /*
1781  * the free scb routine
1782  */
1783 StaticProc void
1784 asp_scb_free(scb)
1785         asp_scb_t *scb;
1786 {
1787
1788         bzero((char *)scb, sizeof(asp_scb_t));
1789         scb->next_scb = scb_free_list;
1790         scb_free_list = scb;
1791 }
1792
1793 /*
1794  * routine to pass up receive data
1795  */
1796 StaticProc void
1797 asp_putnext(gref, mproto)
1798         gref_t *gref;
1799         gbuf_t *mproto;
1800 {
1801         gbuf_t *m;
1802         asp_scb_t *scb;
1803
1804         scb = (asp_scb_t *)gref->info;
1805
1806         /*
1807          * queue the message.
1808          */
1809         gbuf_next(mproto) = 0;
1810         if ((m = scb->sess_ioc) == 0)
1811                 scb->sess_ioc = mproto;
1812         else {
1813                 while (gbuf_next(m))
1814                         m = gbuf_next(m);
1815                 gbuf_next(m) = mproto;
1816         }
1817         scb->rcv_cnt++;
1818         if (scb->rcv_cnt >= MAX_RCV_CNT)
1819                 scb->snd_stop = 1;
1820
1821         if (scb->get_wait)
1822                 wakeup(&scb->event);
1823         else if (mproto == scb->sess_ioc)
1824                 atalk_notify_sel(gref);
1825
1826 } /* asp_putnext */
1827
1828 /*
1829  * The following two routines are direct entries from system
1830  * calls to allow fast sending and recving of ASP data.
1831  */
1832
1833 /* in ASPputmsg we expect:
1834
1835     ASPFUNC_CmdReply
1836     ASPFUNC_Attention
1837     ASPFUNC_Command
1838     ASPFUNC_Write
1839     ASPFUNC_WriteContinue
1840
1841     bms:  Make this callable from the kernel.
1842     If mreq != NULL, then must be called from kernel space and the following apply:
1843     1)  *mreq is data to be sent already in mbuf chains.
1844     2)  datptr->len = size of data
1845 */
1846
1847 int ASPputmsg(gref_t *gref, strbuf_t *ctlptr, strbuf_t *datptr, gbuf_t *mreq, int flags, int *errp)
1848 {
1849     int i, err, len, offset, remain, size, copy_len;
1850     gbuf_t *mioc, *mdata, *mx, *m0;
1851     ioc_t *iocbp;
1852     strbuf_t ctlbuf;
1853     strbuf_t datbuf;
1854     asp_scb_t *scb;
1855     int nbds, result, msize, Primitive;
1856     unsigned char *wptr;
1857     struct atp_set_default *sd;
1858     at_ddp_t *ddp;
1859     at_atp_t *atp;
1860     struct atpBDS *atpBDS;
1861     asp_word_t *awp;
1862     union asp_primitives *primitives;
1863     unsigned short tid;
1864     caddr_t             dataptr;
1865
1866     if ((scb = (asp_scb_t *)gref->info) == 0) {
1867                 dPrintf(D_M_ASP, D_L_ERROR,
1868                         ("ASPputmsg: stale handle=0x%x, pid=%d\n",
1869                         (u_int) gref, gref->pid));
1870
1871         *errp = EINVAL;
1872         return -1;
1873     }
1874
1875     if (scb->state == ASPSTATE_Close)
1876         return 0;
1877     if (scb->snd_stop) {
1878         *errp = EAGAIN;
1879         return -1;
1880     }
1881
1882     /*
1883      * copy in the control and data info
1884      */
1885      if (mreq != NULL) {
1886         /* being called from kernel space */
1887         bcopy (ctlptr, &ctlbuf, sizeof (strbuf_t));
1888         bcopy (datptr, &datbuf, sizeof (strbuf_t));
1889      } else {
1890         /* being called from user space */
1891         if ((err = copyin(CAST_USER_ADDR_T(ctlptr), (caddr_t)&ctlbuf, sizeof(ctlbuf))) != 0)
1892             goto l_err;
1893         if ((err = copyin(CAST_USER_ADDR_T(datptr), (caddr_t)&datbuf, sizeof(datbuf))) != 0)
1894             goto l_err;
1895      }
1896
1897      /* Radar 5423396: check for bogus length
1898       *                Max ASP data is 8 ATP packets
1899       */
1900
1901      if ((ctlbuf.len < 0) || (ctlbuf.len > (ATP_DATA_SIZE * 8))) {
1902              err = EINVAL;
1903              goto l_err;
1904      }
1905      if ((datbuf.len < 0) || (datbuf.len > (ATP_DATA_SIZE * 8))) {
1906              err = EINVAL;
1907              goto l_err;
1908      }
1909
1910     /*
1911      * allocate buffer and copy in the control content
1912      */
1913     if (!(mioc = gbuf_alloc_wait(ctlbuf.len, TRUE))) {
1914         /* error return should not be possible */
1915         err = ENOBUFS;
1916         goto l_err;
1917     }
1918     gbuf_set_type(mioc, MSG_IOCTL); /* for later, in ATP */
1919     gbuf_wset(mioc, ctlbuf.len);
1920
1921     if (mreq != NULL) {
1922         /* being called from kernel space */
1923         bcopy (ctlbuf.buf, gbuf_rptr(mioc), ctlbuf.len);
1924     } else {
1925         /* being called from user space */
1926         if ((err = copyin(CAST_USER_ADDR_T(ctlbuf.buf), (caddr_t)gbuf_rptr(mioc), ctlbuf.len)) != 0) {
1927             gbuf_freem(mioc);
1928             goto l_err;
1929         }
1930     }
1931
1932     iocbp = (ioc_t *)gbuf_rptr(mioc);
1933     primitives = (union asp_primitives *)gbuf_rptr(mioc);
1934     Primitive = primitives->Primitive;
1935         dPrintf(D_M_ASP, D_L_INFO,
1936                 ("ASPputmsg: %s\n", aspCmdStr(Primitive)));
1937
1938     /*
1939      * copy in the data content into multiple mbuf clusters if
1940      * required.  ATP now expects reply data to be placed in
1941      * standard clusters, not the large external clusters that
1942      * were used previously.
1943      */
1944
1945     /* set offset for use by some commands */
1946     offset = (Primitive == ASPFUNC_CmdReply) ? 0 : aspCMDsize;
1947         size = 0;
1948     if (mreq != NULL) {
1949         /* The data from the in-kernel call for use by AFP is passed
1950          * in as one large external cluster.  This needs to be copied
1951          * to a chain of standard clusters.
1952          */
1953         remain = gbuf_len(mreq);
1954         dataptr = mtod(mreq, caddr_t);
1955     } else {
1956         /* copyin from user space */
1957         remain = datbuf.len;
1958         dataptr = (caddr_t)datbuf.buf;
1959     }
1960
1961     /* allocate first buffer */
1962     if (!(mdata = gbuf_alloc_wait((remain + offset > MCLBYTES ? MCLBYTES : remain + offset), TRUE))) {
1963         /* error return should not be possible */
1964         err = ENOBUFS;
1965         gbuf_freem(mioc);
1966         goto l_err;
1967     }
1968     gbuf_wset(mdata, 0);                /* init length to zero */
1969     gbuf_cont(mioc) = mdata;
1970
1971         while (remain) {
1972                 if (remain + offset > MCLBYTES)
1973                         copy_len = MCLBYTES - offset;
1974                 else
1975                         copy_len = remain;
1976                 remain -= copy_len;
1977                 if (mreq != NULL)
1978                         bcopy (dataptr, (gbuf_rptr(mdata) + offset), copy_len);
1979                 else if ((err = copyin(CAST_USER_ADDR_T(dataptr), (caddr_t)(gbuf_rptr(mdata) + offset), copy_len)) != 0) {
1980                         gbuf_freem(mioc);
1981                         goto l_err;
1982                 }
1983                 gbuf_wset(mdata, (copy_len + offset));
1984                 size += copy_len + offset;
1985                 dataptr += copy_len;
1986                 offset = 0;
1987                 if (remain) {
1988                         /* allocate the next mbuf */
1989                         if ((gbuf_cont(mdata) = m_get((M_WAIT), MSG_DATA)) == 0) {
1990                                 err = ENOBUFS;
1991                                 gbuf_freem(mioc);
1992                                 goto l_err;
1993                         }
1994                         mdata = gbuf_cont(mdata);
1995                         MCLGET(mdata, M_WAIT);
1996                         if (!(mdata->m_flags & M_EXT)) {
1997                                 err = ENOBUFS;
1998                                 gbuf_freem(mioc);
1999                                 goto l_err;
2000                         }
2001                 }
2002         }
2003         mdata = gbuf_cont(mioc);                        /* code further on down expects this to b e set */
2004         mdata->m_pkthdr.len = size;                     /* set packet hdr len */
2005
2006         if (mreq != 0)
2007                 gbuf_freem(mreq);
2008
2009         switch (Primitive) {
2010
2011     case ASPFUNC_Command:
2012     case ASPFUNC_Write:
2013     case ASPFUNC_WriteContinue:
2014     case ASPFUNC_Attention:
2015         /*
2016          * build the command/write/write_continue request
2017          */
2018         wptr = gbuf_rptr(mdata);
2019         atpBDS = (struct atpBDS *)wptr;
2020         wptr += atpBDSsize;
2021         for (i=0; i < ATP_TRESP_MAX; i++) {
2022             *(unsigned long  *)atpBDS[i].bdsBuffAddr = 1;
2023             *(unsigned short *)atpBDS[i].bdsBuffSz = ATP_DATA_SIZE;
2024         }
2025         sd = (struct atp_set_default *)wptr;
2026         wptr += sizeof(struct atp_set_default);
2027         sd->def_retries = (scb->cmd_retry.retries == -1) ?
2028           ATP_INFINITE_RETRIES : scb->cmd_retry.retries;
2029         sd->def_rate = scb->cmd_retry.interval*TICKS_PER_SEC;
2030         sd->def_BDSlen = atpBDSsize;
2031         ddp = (at_ddp_t *)wptr;
2032         NET_ASSIGN(ddp->src_net, scb->loc_addr.net);
2033         ddp->src_node = scb->loc_addr.node;
2034         NET_ASSIGN(ddp->dst_net, scb->rem_addr.net);
2035         ddp->dst_node = scb->rem_addr.node;
2036         ddp->dst_socket = scb->rem_addr.socket;
2037         UAS_ASSIGN(ddp->checksum, 0);
2038         atp = ATP_ATP_HDR(wptr);
2039         wptr += TOTAL_ATP_HDR_SIZE;
2040         atp->xo = 1;
2041         atp->xo_relt = 1;
2042         atp->bitmap = 0xff;
2043         awp = (asp_word_t *)atp->user_bytes;
2044         awp->func = (unsigned char)Primitive;
2045         awp->param1 = scb->sess_id;
2046         awp->param2 = htons(scb->snd_seq_num);
2047         iocbp->ioc_private = (void *)scb;
2048         iocbp->ioc_count = gbuf_len(mdata);
2049         iocbp->ioc_rval = 0;
2050         iocbp->ioc_cmd = AT_ATP_ISSUE_REQUEST_DEF;
2051
2052         /*
2053          * send the command/write/write_continue/attention request
2054          */
2055         switch (awp->func) {
2056         case ASPFUNC_Command:
2057             scb->state = ASPSTATE_WaitingForCommandRsp;
2058             break;
2059         case ASPFUNC_Write:
2060             scb->state = ASPSTATE_WaitingForWriteRsp;
2061             break;
2062         case ASPFUNC_WriteContinue:
2063             scb->state = ASPSTATE_WaitingForWriteContinueRsp;
2064             awp->param2 = htons(scb->wrt_seq_num);
2065             break;
2066         case ASPFUNC_Attention:
2067             scb->state = ASPSTATE_WaitingForCommandRsp;
2068             atp->xo = 0;
2069             atp->xo_relt = 0;
2070             atp->bitmap = 0x01;
2071             gbuf_wdec(mdata,2);
2072             awp->param2 = htons(*(unsigned short *)gbuf_wptr(mdata));
2073             break;
2074         }
2075         dPrintf(D_M_ASP,D_L_INFO,
2076             ("ASPputmsg: %s, loc=%d, rem=%x.%x.%d\n",
2077              (awp->func == ASPFUNC_Command ? "CommandReq" :
2078               awp->func == ASPFUNC_Write ? "WriteReq" :
2079               awp->func == ASPFUNC_WriteContinue ? "WriteContinue" :
2080               "AttentionReq"),scb->loc_addr.socket,
2081              NET_VALUE(ddp->dst_net),ddp->dst_node,ddp->dst_socket));
2082         atp_send_req(gref, mioc);
2083         return 0;
2084
2085     case ASPFUNC_CmdReply:
2086
2087         if (scb->req_msgq) {
2088             mx = scb->req_msgq;
2089             scb->req_msgq = gbuf_next(mx);
2090             gbuf_next(mx) = 0;
2091             asp_putnext(scb->gref, mx);
2092         } else
2093             scb->req_flag = 0;
2094
2095         result = primitives->CmdReplyReq.CmdResult;
2096         tid = primitives->CmdReplyReq.ReqRefNum;
2097
2098         /* Re-use the original mioc mbuf to send the response. */
2099         gbuf_rinc(mioc,sizeof(void *));
2100         gbuf_wset(mioc,0);
2101         ddp = (at_ddp_t *)gbuf_wptr(mioc);
2102         gbuf_winc(mioc,DDP_X_HDR_SIZE);
2103         atp = (at_atp_t *)gbuf_wptr(mioc);
2104         gbuf_winc(mioc,ATP_HDR_SIZE);
2105         NET_ASSIGN(ddp->src_net, scb->loc_addr.net);
2106         ddp->src_node = scb->loc_addr.node;
2107         NET_ASSIGN(ddp->dst_net, scb->rem_addr.net);
2108         ddp->dst_node = scb->rem_addr.node;
2109         ddp->dst_socket = scb->reply_socket;
2110         ddp->type = DDP_ATP;
2111         UAS_ASSIGN(ddp->checksum, 0);
2112         UAS_ASSIGN(atp->tid, htons(tid));
2113         if (scb->attn_flag && (tid == scb->attn_tid)) {
2114            scb->attn_flag = 0;
2115             atp->xo = 0;
2116             atp->xo_relt = 0;
2117         } else {
2118             atp->xo = 1;
2119             atp->xo_relt = 1;
2120         }
2121         /* setup the atpBDS struct - only the length field is used,
2122          * except for the first one which contains the bds count in
2123          * bdsDataSz.
2124          */
2125         atpBDS = (struct atpBDS *)gbuf_wptr(mioc);
2126         msize = mdata ? gbuf_msgsize(mdata) : 0;
2127         for (nbds=0; (nbds < ATP_TRESP_MAX) && (msize > 0); nbds++) {
2128             len = msize < ATP_DATA_SIZE ? msize : ATP_DATA_SIZE;
2129             msize -= ATP_DATA_SIZE;
2130             *(long *)atpBDS[nbds].bdsUserData = 0;
2131             UAL_ASSIGN(atpBDS[nbds].bdsBuffAddr, 1);
2132             UAS_ASSIGN(atpBDS[nbds].bdsBuffSz, len);
2133         }
2134         UAS_ASSIGN(atpBDS[0].bdsDataSz, nbds);
2135         *(long *)atpBDS[0].bdsUserData = (long)result;
2136         *(long *)atp->user_bytes = (long)result;
2137         gbuf_winc(mioc,atpBDSsize);
2138                 dPrintf(D_M_ASP, D_L_INFO,
2139                         ("ASPputmsg: ATP CmdReplyReq, loc=%d, state=%s, msgsize = %d, result = %d, tid = %d\n",
2140                          scb->loc_addr.socket, aspStateStr(scb->state),
2141                          (mdata ? gbuf_msgsize(mdata) : 0), result, tid));
2142         atp_send_rsp(gref, mioc, TRUE);
2143         return 0;
2144     }
2145
2146     /* Not an expected ASPFUNC */
2147     gbuf_freem(mioc);
2148     err = EOPNOTSUPP;
2149
2150 l_err:
2151     *errp = err;
2152     return -1;
2153 } /* ASPputmsg */
2154
2155
2156 /* bms:  make this callable from kernel.  reply date is passed back as a mbuf chain in *mreply  */
2157 int ASPgetmsg(gref_t *gref, strbuf_t *ctlptr, strbuf_t *datptr, gbuf_t **mreply, int *flags, int *errp)
2158 {
2159     int err, len, sum, rval;
2160     gbuf_t *mproto, *mdata;
2161     strbuf_t ctlbuf;
2162     strbuf_t datbuf;
2163     asp_scb_t *scb;
2164     unsigned char get_wait;
2165
2166     if ((scb = (asp_scb_t *)gref->info) == 0) {
2167                 dPrintf(D_M_ASP, D_L_ERROR,
2168                         ("ASPgetmsg: stale handle=0x%x, pid=%d\n",
2169                         (u_int) gref, gref->pid));
2170
2171                 *errp = EINVAL;
2172                 return -1;
2173         }
2174
2175     if (scb->state == ASPSTATE_Close)
2176         return 0;
2177
2178     /*
2179      * get receive data
2180      */
2181     while ((mproto = scb->sess_ioc) == 0) {
2182         scb->get_wait = 1;
2183            lck_mtx_assert(atalk_mutex, LCK_MTX_ASSERT_OWNED);
2184         err = msleep(&scb->event, atalk_mutex, PSOCK | PCATCH, "aspgetmsg", 0);
2185         if (err != 0) {
2186             scb->get_wait = 0;
2187             *errp = err;
2188             return -1;
2189         }
2190         if (scb->state == ASPSTATE_Close) {
2191             scb->get_wait = 0;
2192             return 0;
2193         }
2194     }
2195     get_wait = scb->get_wait;
2196     scb->get_wait = 0;
2197     if ((ctlptr == 0) && (datptr == 0))
2198         return 0;
2199     scb->sess_ioc = gbuf_next(mproto);
2200     mdata = gbuf_cont(mproto);
2201
2202     /* last remaining use of MSG_ERROR */
2203     if (gbuf_type(mproto) == MSG_ERROR) {
2204         err = (int)gbuf_rptr(mproto)[0];
2205         goto l_err;
2206     }
2207
2208     /*
2209      * copy in the control and data info
2210      */
2211     if (mreply != NULL) {
2212         /* called from kernel space */
2213         bcopy (ctlptr, &ctlbuf, sizeof(ctlbuf));
2214         bcopy (datptr, &datbuf, sizeof(datbuf));
2215     } else {
2216         /* called from user space */
2217         if ((err = copyin(CAST_USER_ADDR_T(ctlptr),
2218                 (caddr_t)&ctlbuf, sizeof(ctlbuf))) != 0)
2219             goto l_err;
2220         if ((err = copyin(CAST_USER_ADDR_T(datptr),
2221                 (caddr_t)&datbuf, sizeof(datbuf))) != 0)
2222             goto l_err;
2223     }
2224     if ((datbuf.maxlen < 0) || (datbuf.maxlen < gbuf_msgsize(mdata))) {
2225         gbuf_next(mproto) = scb->sess_ioc;
2226         scb->sess_ioc = mproto;
2227         return MOREDATA;
2228     }
2229
2230     if (get_wait == 0) {
2231         /*
2232          * this is a hack to support the select() call.
2233          * we're not supposed to dequeue messages in the Streams
2234          * head's read queue this way; but there is no better way.
2235          */
2236         if (scb->sess_ioc != 0)
2237             atalk_notify_sel(gref);
2238
2239     }
2240
2241     /*
2242      * copy out the control content and info
2243      */
2244     ctlbuf.len = gbuf_len(mproto);
2245
2246     if (mreply != NULL) {
2247         /* called from kernel space */
2248         bcopy (gbuf_rptr(mproto), ctlbuf.buf, ctlbuf.len);
2249         bcopy (&ctlbuf, ctlptr, sizeof(ctlbuf));
2250     } else {
2251         /* called from user space */
2252         if ((err = copyout((caddr_t)gbuf_rptr(mproto),
2253                 CAST_USER_ADDR_T(ctlbuf.buf), ctlbuf.len)) != 0)
2254             goto l_err;
2255         if ((err = copyout((caddr_t)&ctlbuf,
2256                 CAST_USER_ADDR_T(ctlptr), sizeof(ctlbuf))) != 0)
2257             goto l_err;
2258     }
2259
2260     /*
2261      * copy out the data content and info
2262      */
2263     for (rval = 0, sum = 0; mdata && (rval == 0); mdata = gbuf_cont(mdata))
2264     {
2265         len = gbuf_len(mdata);
2266         if (len) {
2267             if ((len + sum) > datbuf.maxlen) {
2268                 len = datbuf.maxlen - sum;
2269                 rval = MOREDATA;
2270             }
2271
2272             if (mreply == NULL) {
2273                 /* called from user space */
2274                 if ((err = copyout((caddr_t)gbuf_rptr(mdata), CAST_USER_ADDR_T(&datbuf.buf[sum]), len)) != 0)
2275                     goto l_err;
2276             }
2277             sum += len;
2278         }
2279     }
2280     datbuf.len = sum;
2281     if (mreply != NULL) {
2282         /* called from kernel space */
2283         bcopy (&datbuf, datptr, sizeof(datbuf));
2284     } else {
2285         /* called from user space */
2286         if ((err = copyout((caddr_t)&datbuf, CAST_USER_ADDR_T(datptr), sizeof(datbuf))) != 0)
2287             goto l_err;
2288     }
2289
2290     if (mreply != NULL) {
2291         /* called from kernel space */
2292         /* return the reply data in mbufs, so dont free them.
2293         Just free the proto info */
2294         mdata = gbuf_cont(mproto);
2295         *mreply = mdata;
2296         gbuf_cont(mproto) = NULL;
2297         gbuf_freem(mproto);
2298     } else {
2299         /* called from user space */
2300         gbuf_freem(mproto);
2301     }
2302
2303     if (scb->sess_ioc)
2304         scb->rcv_cnt--;
2305     else {
2306         scb->rcv_cnt = 0;
2307         scb->snd_stop = 0;
2308     }
2309     return rval;
2310
2311 l_err:
2312     gbuf_next(mproto) = scb->sess_ioc;
2313     scb->sess_ioc = mproto;
2314     *errp = err;
2315     return -1;
2316 }