Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland...
[sfrench/cifs-2.6.git] / drivers / infiniband / hw / nes / nes_cm.c
1 /*
2  * Copyright (c) 2006 - 2009 Intel Corporation.  All rights reserved.
3  *
4  * This software is available to you under a choice of one of two
5  * licenses.  You may choose to be licensed under the terms of the GNU
6  * General Public License (GPL) Version 2, available from the file
7  * COPYING in the main directory of this source tree, or the
8  * OpenIB.org BSD license below:
9  *
10  *     Redistribution and use in source and binary forms, with or
11  *     without modification, are permitted provided that the following
12  *     conditions are met:
13  *
14  *      - Redistributions of source code must retain the above
15  *        copyright notice, this list of conditions and the following
16  *        disclaimer.
17  *
18  *      - Redistributions in binary form must reproduce the above
19  *        copyright notice, this list of conditions and the following
20  *        disclaimer in the documentation and/or other materials
21  *        provided with the distribution.
22  *
23  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
24  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
25  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
26  * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
27  * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
28  * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
29  * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
30  * SOFTWARE.
31  *
32  */
33
34
35 #define TCPOPT_TIMESTAMP 8
36
37 #include <asm/atomic.h>
38 #include <linux/skbuff.h>
39 #include <linux/ip.h>
40 #include <linux/tcp.h>
41 #include <linux/init.h>
42 #include <linux/if_arp.h>
43 #include <linux/if_vlan.h>
44 #include <linux/notifier.h>
45 #include <linux/net.h>
46 #include <linux/types.h>
47 #include <linux/timer.h>
48 #include <linux/time.h>
49 #include <linux/delay.h>
50 #include <linux/etherdevice.h>
51 #include <linux/netdevice.h>
52 #include <linux/random.h>
53 #include <linux/list.h>
54 #include <linux/threads.h>
55 #include <linux/highmem.h>
56 #include <linux/slab.h>
57 #include <net/arp.h>
58 #include <net/neighbour.h>
59 #include <net/route.h>
60 #include <net/ip_fib.h>
61 #include <net/tcp.h>
62
63 #include "nes.h"
64
65 u32 cm_packets_sent;
66 u32 cm_packets_bounced;
67 u32 cm_packets_dropped;
68 u32 cm_packets_retrans;
69 u32 cm_packets_created;
70 u32 cm_packets_received;
71 atomic_t cm_listens_created;
72 atomic_t cm_listens_destroyed;
73 u32 cm_backlog_drops;
74 atomic_t cm_loopbacks;
75 atomic_t cm_nodes_created;
76 atomic_t cm_nodes_destroyed;
77 atomic_t cm_accel_dropped_pkts;
78 atomic_t cm_resets_recvd;
79
80 static inline int mini_cm_accelerated(struct nes_cm_core *,
81         struct nes_cm_node *);
82 static struct nes_cm_listener *mini_cm_listen(struct nes_cm_core *,
83         struct nes_vnic *, struct nes_cm_info *);
84 static int mini_cm_del_listen(struct nes_cm_core *, struct nes_cm_listener *);
85 static struct nes_cm_node *mini_cm_connect(struct nes_cm_core *,
86         struct nes_vnic *, u16, void *, struct nes_cm_info *);
87 static int mini_cm_close(struct nes_cm_core *, struct nes_cm_node *);
88 static int mini_cm_accept(struct nes_cm_core *, struct ietf_mpa_frame *,
89         struct nes_cm_node *);
90 static int mini_cm_reject(struct nes_cm_core *, struct ietf_mpa_frame *,
91         struct nes_cm_node *);
92 static int mini_cm_recv_pkt(struct nes_cm_core *, struct nes_vnic *,
93         struct sk_buff *);
94 static int mini_cm_dealloc_core(struct nes_cm_core *);
95 static int mini_cm_get(struct nes_cm_core *);
96 static int mini_cm_set(struct nes_cm_core *, u32, u32);
97
98 static void form_cm_frame(struct sk_buff *, struct nes_cm_node *,
99         void *, u32, void *, u32, u8);
100 static int add_ref_cm_node(struct nes_cm_node *);
101 static int rem_ref_cm_node(struct nes_cm_core *, struct nes_cm_node *);
102
103 static int nes_cm_disconn_true(struct nes_qp *);
104 static int nes_cm_post_event(struct nes_cm_event *event);
105 static int nes_disconnect(struct nes_qp *nesqp, int abrupt);
106 static void nes_disconnect_worker(struct work_struct *work);
107
108 static int send_mpa_request(struct nes_cm_node *, struct sk_buff *);
109 static int send_mpa_reject(struct nes_cm_node *);
110 static int send_syn(struct nes_cm_node *, u32, struct sk_buff *);
111 static int send_reset(struct nes_cm_node *, struct sk_buff *);
112 static int send_ack(struct nes_cm_node *cm_node, struct sk_buff *skb);
113 static int send_fin(struct nes_cm_node *cm_node, struct sk_buff *skb);
114 static void process_packet(struct nes_cm_node *, struct sk_buff *,
115         struct nes_cm_core *);
116
117 static void active_open_err(struct nes_cm_node *, struct sk_buff *, int);
118 static void passive_open_err(struct nes_cm_node *, struct sk_buff *, int);
119 static void cleanup_retrans_entry(struct nes_cm_node *);
120 static void handle_rcv_mpa(struct nes_cm_node *, struct sk_buff *);
121 static void free_retrans_entry(struct nes_cm_node *cm_node);
122 static int handle_tcp_options(struct nes_cm_node *cm_node, struct tcphdr *tcph,
123         struct sk_buff *skb, int optionsize, int passive);
124
125 /* CM event handler functions */
126 static void cm_event_connected(struct nes_cm_event *);
127 static void cm_event_connect_error(struct nes_cm_event *);
128 static void cm_event_reset(struct nes_cm_event *);
129 static void cm_event_mpa_req(struct nes_cm_event *);
130 static void cm_event_mpa_reject(struct nes_cm_event *);
131 static void handle_recv_entry(struct nes_cm_node *cm_node, u32 rem_node);
132
133 static void print_core(struct nes_cm_core *core);
134
135 /* External CM API Interface */
136 /* instance of function pointers for client API */
137 /* set address of this instance to cm_core->cm_ops at cm_core alloc */
138 static struct nes_cm_ops nes_cm_api = {
139         mini_cm_accelerated,
140         mini_cm_listen,
141         mini_cm_del_listen,
142         mini_cm_connect,
143         mini_cm_close,
144         mini_cm_accept,
145         mini_cm_reject,
146         mini_cm_recv_pkt,
147         mini_cm_dealloc_core,
148         mini_cm_get,
149         mini_cm_set
150 };
151
152 static struct nes_cm_core *g_cm_core;
153
154 atomic_t cm_connects;
155 atomic_t cm_accepts;
156 atomic_t cm_disconnects;
157 atomic_t cm_closes;
158 atomic_t cm_connecteds;
159 atomic_t cm_connect_reqs;
160 atomic_t cm_rejects;
161
162
163 /**
164  * create_event
165  */
166 static struct nes_cm_event *create_event(struct nes_cm_node *cm_node,
167                 enum nes_cm_event_type type)
168 {
169         struct nes_cm_event *event;
170
171         if (!cm_node->cm_id)
172                 return NULL;
173
174         /* allocate an empty event */
175         event = kzalloc(sizeof(*event), GFP_ATOMIC);
176
177         if (!event)
178                 return NULL;
179
180         event->type = type;
181         event->cm_node = cm_node;
182         event->cm_info.rem_addr = cm_node->rem_addr;
183         event->cm_info.loc_addr = cm_node->loc_addr;
184         event->cm_info.rem_port = cm_node->rem_port;
185         event->cm_info.loc_port = cm_node->loc_port;
186         event->cm_info.cm_id = cm_node->cm_id;
187
188         nes_debug(NES_DBG_CM, "cm_node=%p Created event=%p, type=%u, "
189                 "dst_addr=%08x[%x], src_addr=%08x[%x]\n",
190                 cm_node, event, type, event->cm_info.loc_addr,
191                 event->cm_info.loc_port, event->cm_info.rem_addr,
192                 event->cm_info.rem_port);
193
194         nes_cm_post_event(event);
195         return event;
196 }
197
198
199 /**
200  * send_mpa_request
201  */
202 static int send_mpa_request(struct nes_cm_node *cm_node, struct sk_buff *skb)
203 {
204         if (!skb) {
205                 nes_debug(NES_DBG_CM, "skb set to NULL\n");
206                 return -1;
207         }
208
209         /* send an MPA Request frame */
210         form_cm_frame(skb, cm_node, NULL, 0, &cm_node->mpa_frame,
211                         cm_node->mpa_frame_size, SET_ACK);
212
213         return schedule_nes_timer(cm_node, skb, NES_TIMER_TYPE_SEND, 1, 0);
214 }
215
216
217
218 static int send_mpa_reject(struct nes_cm_node *cm_node)
219 {
220         struct sk_buff  *skb = NULL;
221
222         skb = dev_alloc_skb(MAX_CM_BUFFER);
223         if (!skb) {
224                 nes_debug(NES_DBG_CM, "Failed to get a Free pkt\n");
225                 return -ENOMEM;
226         }
227
228         /* send an MPA reject frame */
229         form_cm_frame(skb, cm_node, NULL, 0, &cm_node->mpa_frame,
230                         cm_node->mpa_frame_size, SET_ACK | SET_FIN);
231
232         cm_node->state = NES_CM_STATE_FIN_WAIT1;
233         return schedule_nes_timer(cm_node, skb, NES_TIMER_TYPE_SEND, 1, 0);
234 }
235
236
237 /**
238  * recv_mpa - process a received TCP pkt, we are expecting an
239  * IETF MPA frame
240  */
241 static int parse_mpa(struct nes_cm_node *cm_node, u8 *buffer, u32 *type,
242                 u32 len)
243 {
244         struct ietf_mpa_frame *mpa_frame;
245
246         *type = NES_MPA_REQUEST_ACCEPT;
247
248         /* assume req frame is in tcp data payload */
249         if (len < sizeof(struct ietf_mpa_frame)) {
250                 nes_debug(NES_DBG_CM, "The received ietf buffer was too small (%x)\n", len);
251                 return -EINVAL;
252         }
253
254         mpa_frame = (struct ietf_mpa_frame *)buffer;
255         cm_node->mpa_frame_size = ntohs(mpa_frame->priv_data_len);
256         /* make sure mpa private data len is less than 512 bytes */
257         if (cm_node->mpa_frame_size > IETF_MAX_PRIV_DATA_LEN) {
258                 nes_debug(NES_DBG_CM, "The received Length of Private"
259                         " Data field exceeds 512 octets\n");
260                 return -EINVAL;
261         }
262         /*
263          * make sure MPA receiver interoperate with the
264          * received MPA version and MPA key information
265          *
266          */
267         if (mpa_frame->rev != mpa_version) {
268                 nes_debug(NES_DBG_CM, "The received mpa version"
269                                 " can not be interoperated\n");
270                 return -EINVAL;
271         }
272         if (cm_node->state != NES_CM_STATE_MPAREQ_SENT) {
273                 if (memcmp(mpa_frame->key, IEFT_MPA_KEY_REQ, IETF_MPA_KEY_SIZE)) {
274                         nes_debug(NES_DBG_CM, "Unexpected MPA Key received \n");
275                         return -EINVAL;
276                 }
277         } else {
278                 if (memcmp(mpa_frame->key, IEFT_MPA_KEY_REP, IETF_MPA_KEY_SIZE)) {
279                         nes_debug(NES_DBG_CM, "Unexpected MPA Key received \n");
280                         return -EINVAL;
281                 }
282         }
283
284         if (cm_node->mpa_frame_size + sizeof(struct ietf_mpa_frame) != len) {
285                 nes_debug(NES_DBG_CM, "The received ietf buffer was not right"
286                                 " complete (%x + %x != %x)\n",
287                                 cm_node->mpa_frame_size,
288                                 (u32)sizeof(struct ietf_mpa_frame), len);
289                 return -EINVAL;
290         }
291         /* make sure it does not exceed the max size */
292         if (len > MAX_CM_BUFFER) {
293                 nes_debug(NES_DBG_CM, "The received ietf buffer was too large"
294                                 " (%x + %x != %x)\n",
295                                 cm_node->mpa_frame_size,
296                                 (u32)sizeof(struct ietf_mpa_frame), len);
297                 return -EINVAL;
298         }
299
300         /* copy entire MPA frame to our cm_node's frame */
301         memcpy(cm_node->mpa_frame_buf, buffer + sizeof(struct ietf_mpa_frame),
302                         cm_node->mpa_frame_size);
303
304         if (mpa_frame->flags & IETF_MPA_FLAGS_REJECT)
305                 *type = NES_MPA_REQUEST_REJECT;
306         return 0;
307 }
308
309
310 /**
311  * form_cm_frame - get a free packet and build empty frame Use
312  * node info to build.
313  */
314 static void form_cm_frame(struct sk_buff *skb,
315         struct nes_cm_node *cm_node, void *options, u32 optionsize,
316         void *data, u32 datasize, u8 flags)
317 {
318         struct tcphdr *tcph;
319         struct iphdr *iph;
320         struct ethhdr *ethh;
321         u8 *buf;
322         u16 packetsize = sizeof(*iph);
323
324         packetsize += sizeof(*tcph);
325         packetsize +=  optionsize + datasize;
326
327         memset(skb->data, 0x00, ETH_HLEN + sizeof(*iph) + sizeof(*tcph));
328
329         skb->len = 0;
330         buf = skb_put(skb, packetsize + ETH_HLEN);
331
332         ethh = (struct ethhdr *) buf;
333         buf += ETH_HLEN;
334
335         iph = (struct iphdr *)buf;
336         buf += sizeof(*iph);
337         tcph = (struct tcphdr *)buf;
338         skb_reset_mac_header(skb);
339         skb_set_network_header(skb, ETH_HLEN);
340         skb_set_transport_header(skb, ETH_HLEN+sizeof(*iph));
341         buf += sizeof(*tcph);
342
343         skb->ip_summed = CHECKSUM_PARTIAL;
344         skb->protocol = htons(0x800);
345         skb->data_len = 0;
346         skb->mac_len = ETH_HLEN;
347
348         memcpy(ethh->h_dest, cm_node->rem_mac, ETH_ALEN);
349         memcpy(ethh->h_source, cm_node->loc_mac, ETH_ALEN);
350         ethh->h_proto = htons(0x0800);
351
352         iph->version = IPVERSION;
353         iph->ihl = 5;           /* 5 * 4Byte words, IP headr len */
354         iph->tos = 0;
355         iph->tot_len = htons(packetsize);
356         iph->id = htons(++cm_node->tcp_cntxt.loc_id);
357
358         iph->frag_off = htons(0x4000);
359         iph->ttl = 0x40;
360         iph->protocol = 0x06;   /* IPPROTO_TCP */
361
362         iph->saddr = htonl(cm_node->loc_addr);
363         iph->daddr = htonl(cm_node->rem_addr);
364
365         tcph->source = htons(cm_node->loc_port);
366         tcph->dest = htons(cm_node->rem_port);
367         tcph->seq = htonl(cm_node->tcp_cntxt.loc_seq_num);
368
369         if (flags & SET_ACK) {
370                 cm_node->tcp_cntxt.loc_ack_num = cm_node->tcp_cntxt.rcv_nxt;
371                 tcph->ack_seq = htonl(cm_node->tcp_cntxt.loc_ack_num);
372                 tcph->ack = 1;
373         } else
374                 tcph->ack_seq = 0;
375
376         if (flags & SET_SYN) {
377                 cm_node->tcp_cntxt.loc_seq_num++;
378                 tcph->syn = 1;
379         } else
380                 cm_node->tcp_cntxt.loc_seq_num += datasize;
381
382         if (flags & SET_FIN) {
383                 cm_node->tcp_cntxt.loc_seq_num++;
384                 tcph->fin = 1;
385         }
386
387         if (flags & SET_RST)
388                 tcph->rst = 1;
389
390         tcph->doff = (u16)((sizeof(*tcph) + optionsize + 3) >> 2);
391         tcph->window = htons(cm_node->tcp_cntxt.rcv_wnd);
392         tcph->urg_ptr = 0;
393         if (optionsize)
394                 memcpy(buf, options, optionsize);
395         buf += optionsize;
396         if (datasize)
397                 memcpy(buf, data, datasize);
398
399         skb_shinfo(skb)->nr_frags = 0;
400         cm_packets_created++;
401
402 }
403
404
405 /**
406  * print_core - dump a cm core
407  */
408 static void print_core(struct nes_cm_core *core)
409 {
410         nes_debug(NES_DBG_CM, "---------------------------------------------\n");
411         nes_debug(NES_DBG_CM, "CM Core  -- (core = %p )\n", core);
412         if (!core)
413                 return;
414         nes_debug(NES_DBG_CM, "---------------------------------------------\n");
415
416         nes_debug(NES_DBG_CM, "State         : %u \n",  core->state);
417
418         nes_debug(NES_DBG_CM, "Listen Nodes  : %u \n", atomic_read(&core->listen_node_cnt));
419         nes_debug(NES_DBG_CM, "Active Nodes  : %u \n", atomic_read(&core->node_cnt));
420
421         nes_debug(NES_DBG_CM, "core          : %p \n", core);
422
423         nes_debug(NES_DBG_CM, "-------------- end core ---------------\n");
424 }
425
426
427 /**
428  * schedule_nes_timer
429  * note - cm_node needs to be protected before calling this. Encase in:
430  *                      rem_ref_cm_node(cm_core, cm_node);add_ref_cm_node(cm_node);
431  */
432 int schedule_nes_timer(struct nes_cm_node *cm_node, struct sk_buff *skb,
433                 enum nes_timer_type type, int send_retrans,
434                 int close_when_complete)
435 {
436         unsigned long  flags;
437         struct nes_cm_core *cm_core = cm_node->cm_core;
438         struct nes_timer_entry *new_send;
439         int ret = 0;
440         u32 was_timer_set;
441
442         new_send = kzalloc(sizeof(*new_send), GFP_ATOMIC);
443         if (!new_send)
444                 return -ENOMEM;
445
446         /* new_send->timetosend = currenttime */
447         new_send->retrycount = NES_DEFAULT_RETRYS;
448         new_send->retranscount = NES_DEFAULT_RETRANS;
449         new_send->skb = skb;
450         new_send->timetosend = jiffies;
451         new_send->type = type;
452         new_send->netdev = cm_node->netdev;
453         new_send->send_retrans = send_retrans;
454         new_send->close_when_complete = close_when_complete;
455
456         if (type == NES_TIMER_TYPE_CLOSE) {
457                 new_send->timetosend += (HZ/10);
458                 if (cm_node->recv_entry) {
459                         kfree(new_send);
460                         WARN_ON(1);
461                         return -EINVAL;
462                 }
463                 cm_node->recv_entry = new_send;
464         }
465
466         if (type == NES_TIMER_TYPE_SEND) {
467                 new_send->seq_num = ntohl(tcp_hdr(skb)->seq);
468                 atomic_inc(&new_send->skb->users);
469                 spin_lock_irqsave(&cm_node->retrans_list_lock, flags);
470                 cm_node->send_entry = new_send;
471                 add_ref_cm_node(cm_node);
472                 spin_unlock_irqrestore(&cm_node->retrans_list_lock, flags);
473                 new_send->timetosend = jiffies + NES_RETRY_TIMEOUT;
474
475                 ret = nes_nic_cm_xmit(new_send->skb, cm_node->netdev);
476                 if (ret != NETDEV_TX_OK) {
477                         nes_debug(NES_DBG_CM, "Error sending packet %p "
478                                 "(jiffies = %lu)\n", new_send, jiffies);
479                         new_send->timetosend = jiffies;
480                         ret = NETDEV_TX_OK;
481                 } else {
482                         cm_packets_sent++;
483                         if (!send_retrans) {
484                                 cleanup_retrans_entry(cm_node);
485                                 if (close_when_complete)
486                                         rem_ref_cm_node(cm_core, cm_node);
487                                 return ret;
488                         }
489                 }
490         }
491
492         was_timer_set = timer_pending(&cm_core->tcp_timer);
493
494         if (!was_timer_set) {
495                 cm_core->tcp_timer.expires = new_send->timetosend;
496                 add_timer(&cm_core->tcp_timer);
497         }
498
499         return ret;
500 }
501
502 static void nes_retrans_expired(struct nes_cm_node *cm_node)
503 {
504         struct iw_cm_id *cm_id = cm_node->cm_id;
505         switch (cm_node->state) {
506         case NES_CM_STATE_SYN_RCVD:
507         case NES_CM_STATE_CLOSING:
508                 rem_ref_cm_node(cm_node->cm_core, cm_node);
509                 break;
510         case NES_CM_STATE_LAST_ACK:
511         case NES_CM_STATE_FIN_WAIT1:
512                 if (cm_node->cm_id)
513                         cm_id->rem_ref(cm_id);
514                 cm_node->state = NES_CM_STATE_CLOSED;
515                 send_reset(cm_node, NULL);
516                 break;
517         default:
518                 add_ref_cm_node(cm_node);
519                 send_reset(cm_node, NULL);
520                 create_event(cm_node, NES_CM_EVENT_ABORTED);
521         }
522 }
523
524 static void handle_recv_entry(struct nes_cm_node *cm_node, u32 rem_node)
525 {
526         struct nes_timer_entry *recv_entry = cm_node->recv_entry;
527         struct iw_cm_id *cm_id = cm_node->cm_id;
528         struct nes_qp *nesqp;
529         unsigned long qplockflags;
530
531         if (!recv_entry)
532                 return;
533         nesqp = (struct nes_qp *)recv_entry->skb;
534         if (nesqp) {
535                 spin_lock_irqsave(&nesqp->lock, qplockflags);
536                 if (nesqp->cm_id) {
537                         nes_debug(NES_DBG_CM, "QP%u: cm_id = %p, "
538                                 "refcount = %d: HIT A "
539                                 "NES_TIMER_TYPE_CLOSE with something "
540                                 "to do!!!\n", nesqp->hwqp.qp_id, cm_id,
541                                 atomic_read(&nesqp->refcount));
542                         nesqp->hw_tcp_state = NES_AEQE_TCP_STATE_CLOSED;
543                         nesqp->last_aeq = NES_AEQE_AEID_RESET_SENT;
544                         nesqp->ibqp_state = IB_QPS_ERR;
545                         spin_unlock_irqrestore(&nesqp->lock, qplockflags);
546                         nes_cm_disconn(nesqp);
547                 } else {
548                         spin_unlock_irqrestore(&nesqp->lock, qplockflags);
549                         nes_debug(NES_DBG_CM, "QP%u: cm_id = %p, "
550                                 "refcount = %d: HIT A "
551                                 "NES_TIMER_TYPE_CLOSE with nothing "
552                                 "to do!!!\n", nesqp->hwqp.qp_id, cm_id,
553                                 atomic_read(&nesqp->refcount));
554                 }
555         } else if (rem_node) {
556                 /* TIME_WAIT state */
557                 rem_ref_cm_node(cm_node->cm_core, cm_node);
558         }
559         if (cm_node->cm_id)
560                 cm_id->rem_ref(cm_id);
561         kfree(recv_entry);
562         cm_node->recv_entry = NULL;
563 }
564
565 /**
566  * nes_cm_timer_tick
567  */
568 static void nes_cm_timer_tick(unsigned long pass)
569 {
570         unsigned long flags;
571         unsigned long nexttimeout = jiffies + NES_LONG_TIME;
572         struct nes_cm_node *cm_node;
573         struct nes_timer_entry *send_entry, *recv_entry;
574         struct list_head *list_core_temp;
575         struct list_head *list_node;
576         struct nes_cm_core *cm_core = g_cm_core;
577         u32 settimer = 0;
578         unsigned long timetosend;
579         int ret = NETDEV_TX_OK;
580
581         struct list_head timer_list;
582         INIT_LIST_HEAD(&timer_list);
583         spin_lock_irqsave(&cm_core->ht_lock, flags);
584
585         list_for_each_safe(list_node, list_core_temp,
586                                 &cm_core->connected_nodes) {
587                 cm_node = container_of(list_node, struct nes_cm_node, list);
588                 if ((cm_node->recv_entry) || (cm_node->send_entry)) {
589                         add_ref_cm_node(cm_node);
590                         list_add(&cm_node->timer_entry, &timer_list);
591                 }
592         }
593         spin_unlock_irqrestore(&cm_core->ht_lock, flags);
594
595         list_for_each_safe(list_node, list_core_temp, &timer_list) {
596                 cm_node = container_of(list_node, struct nes_cm_node,
597                                         timer_entry);
598                 recv_entry = cm_node->recv_entry;
599
600                 if (recv_entry) {
601                         if (time_after(recv_entry->timetosend, jiffies)) {
602                                 if (nexttimeout > recv_entry->timetosend ||
603                                                 !settimer) {
604                                         nexttimeout = recv_entry->timetosend;
605                                         settimer = 1;
606                                 }
607                         } else
608                                 handle_recv_entry(cm_node, 1);
609                 }
610
611                 spin_lock_irqsave(&cm_node->retrans_list_lock, flags);
612                 do {
613                         send_entry = cm_node->send_entry;
614                         if (!send_entry)
615                                 break;
616                         if (time_after(send_entry->timetosend, jiffies)) {
617                                 if (cm_node->state != NES_CM_STATE_TSA) {
618                                         if ((nexttimeout >
619                                                 send_entry->timetosend) ||
620                                                 !settimer) {
621                                                 nexttimeout =
622                                                         send_entry->timetosend;
623                                                 settimer = 1;
624                                         }
625                                 } else {
626                                         free_retrans_entry(cm_node);
627                                 }
628                                 break;
629                         }
630
631                         if ((cm_node->state == NES_CM_STATE_TSA) ||
632                                 (cm_node->state == NES_CM_STATE_CLOSED)) {
633                                 free_retrans_entry(cm_node);
634                                 break;
635                         }
636
637                         if (!send_entry->retranscount ||
638                                 !send_entry->retrycount) {
639                                 cm_packets_dropped++;
640                                 free_retrans_entry(cm_node);
641
642                                 spin_unlock_irqrestore(
643                                         &cm_node->retrans_list_lock, flags);
644                                 nes_retrans_expired(cm_node);
645                                 cm_node->state = NES_CM_STATE_CLOSED;
646                                 spin_lock_irqsave(&cm_node->retrans_list_lock,
647                                         flags);
648                                 break;
649                         }
650                         atomic_inc(&send_entry->skb->users);
651                         cm_packets_retrans++;
652                         nes_debug(NES_DBG_CM, "Retransmitting send_entry %p "
653                                 "for node %p, jiffies = %lu, time to send = "
654                                 "%lu, retranscount = %u, send_entry->seq_num = "
655                                 "0x%08X, cm_node->tcp_cntxt.rem_ack_num = "
656                                 "0x%08X\n", send_entry, cm_node, jiffies,
657                                 send_entry->timetosend,
658                                 send_entry->retranscount,
659                                 send_entry->seq_num,
660                                 cm_node->tcp_cntxt.rem_ack_num);
661
662                         spin_unlock_irqrestore(&cm_node->retrans_list_lock,
663                                 flags);
664                         ret = nes_nic_cm_xmit(send_entry->skb, cm_node->netdev);
665                         spin_lock_irqsave(&cm_node->retrans_list_lock, flags);
666                         if (ret != NETDEV_TX_OK) {
667                                 nes_debug(NES_DBG_CM, "rexmit failed for "
668                                         "node=%p\n", cm_node);
669                                 cm_packets_bounced++;
670                                 send_entry->retrycount--;
671                                 nexttimeout = jiffies + NES_SHORT_TIME;
672                                 settimer = 1;
673                                 break;
674                         } else {
675                                 cm_packets_sent++;
676                         }
677                         nes_debug(NES_DBG_CM, "Packet Sent: retrans count = "
678                                 "%u, retry count = %u.\n",
679                                 send_entry->retranscount,
680                                 send_entry->retrycount);
681                         if (send_entry->send_retrans) {
682                                 send_entry->retranscount--;
683                                 timetosend = (NES_RETRY_TIMEOUT <<
684                                         (NES_DEFAULT_RETRANS - send_entry->retranscount));
685
686                                 send_entry->timetosend = jiffies +
687                                         min(timetosend, NES_MAX_TIMEOUT);
688                                 if (nexttimeout > send_entry->timetosend ||
689                                         !settimer) {
690                                         nexttimeout = send_entry->timetosend;
691                                         settimer = 1;
692                                 }
693                         } else {
694                                 int close_when_complete;
695                                 close_when_complete =
696                                         send_entry->close_when_complete;
697                                 nes_debug(NES_DBG_CM, "cm_node=%p state=%d\n",
698                                         cm_node, cm_node->state);
699                                 free_retrans_entry(cm_node);
700                                 if (close_when_complete)
701                                         rem_ref_cm_node(cm_node->cm_core,
702                                                 cm_node);
703                         }
704                 } while (0);
705
706                 spin_unlock_irqrestore(&cm_node->retrans_list_lock, flags);
707                 rem_ref_cm_node(cm_node->cm_core, cm_node);
708         }
709
710         if (settimer) {
711                 if (!timer_pending(&cm_core->tcp_timer)) {
712                         cm_core->tcp_timer.expires  = nexttimeout;
713                         add_timer(&cm_core->tcp_timer);
714                 }
715         }
716 }
717
718
719 /**
720  * send_syn
721  */
722 static int send_syn(struct nes_cm_node *cm_node, u32 sendack,
723         struct sk_buff *skb)
724 {
725         int ret;
726         int flags = SET_SYN;
727         char optionsbuffer[sizeof(struct option_mss) +
728                 sizeof(struct option_windowscale) + sizeof(struct option_base) +
729                 TCP_OPTIONS_PADDING];
730
731         int optionssize = 0;
732         /* Sending MSS option */
733         union all_known_options *options;
734
735         if (!cm_node)
736                 return -EINVAL;
737
738         options = (union all_known_options *)&optionsbuffer[optionssize];
739         options->as_mss.optionnum = OPTION_NUMBER_MSS;
740         options->as_mss.length = sizeof(struct option_mss);
741         options->as_mss.mss = htons(cm_node->tcp_cntxt.mss);
742         optionssize += sizeof(struct option_mss);
743
744         options = (union all_known_options *)&optionsbuffer[optionssize];
745         options->as_windowscale.optionnum = OPTION_NUMBER_WINDOW_SCALE;
746         options->as_windowscale.length = sizeof(struct option_windowscale);
747         options->as_windowscale.shiftcount = cm_node->tcp_cntxt.rcv_wscale;
748         optionssize += sizeof(struct option_windowscale);
749
750         if (sendack && !(NES_DRV_OPT_SUPRESS_OPTION_BC & nes_drv_opt)) {
751                 options = (union all_known_options *)&optionsbuffer[optionssize];
752                 options->as_base.optionnum = OPTION_NUMBER_WRITE0;
753                 options->as_base.length = sizeof(struct option_base);
754                 optionssize += sizeof(struct option_base);
755                 /* we need the size to be a multiple of 4 */
756                 options = (union all_known_options *)&optionsbuffer[optionssize];
757                 options->as_end = 1;
758                 optionssize += 1;
759                 options = (union all_known_options *)&optionsbuffer[optionssize];
760                 options->as_end = 1;
761                 optionssize += 1;
762         }
763
764         options = (union all_known_options *)&optionsbuffer[optionssize];
765         options->as_end = OPTION_NUMBER_END;
766         optionssize += 1;
767
768         if (!skb)
769                 skb = dev_alloc_skb(MAX_CM_BUFFER);
770         if (!skb) {
771                 nes_debug(NES_DBG_CM, "Failed to get a Free pkt\n");
772                 return -1;
773         }
774
775         if (sendack)
776                 flags |= SET_ACK;
777
778         form_cm_frame(skb, cm_node, optionsbuffer, optionssize, NULL, 0, flags);
779         ret = schedule_nes_timer(cm_node, skb, NES_TIMER_TYPE_SEND, 1, 0);
780
781         return ret;
782 }
783
784
785 /**
786  * send_reset
787  */
788 static int send_reset(struct nes_cm_node *cm_node, struct sk_buff *skb)
789 {
790         int ret;
791         int flags = SET_RST | SET_ACK;
792
793         if (!skb)
794                 skb = dev_alloc_skb(MAX_CM_BUFFER);
795         if (!skb) {
796                 nes_debug(NES_DBG_CM, "Failed to get a Free pkt\n");
797                 return -ENOMEM;
798         }
799
800         form_cm_frame(skb, cm_node, NULL, 0, NULL, 0, flags);
801         ret = schedule_nes_timer(cm_node, skb, NES_TIMER_TYPE_SEND, 0, 1);
802
803         return ret;
804 }
805
806
807 /**
808  * send_ack
809  */
810 static int send_ack(struct nes_cm_node *cm_node, struct sk_buff *skb)
811 {
812         int ret;
813
814         if (!skb)
815                 skb = dev_alloc_skb(MAX_CM_BUFFER);
816
817         if (!skb) {
818                 nes_debug(NES_DBG_CM, "Failed to get a Free pkt\n");
819                 return -1;
820         }
821
822         form_cm_frame(skb, cm_node, NULL, 0, NULL, 0, SET_ACK);
823         ret = schedule_nes_timer(cm_node, skb, NES_TIMER_TYPE_SEND, 0, 0);
824
825         return ret;
826 }
827
828
829 /**
830  * send_fin
831  */
832 static int send_fin(struct nes_cm_node *cm_node, struct sk_buff *skb)
833 {
834         int ret;
835
836         /* if we didn't get a frame get one */
837         if (!skb)
838                 skb = dev_alloc_skb(MAX_CM_BUFFER);
839
840         if (!skb) {
841                 nes_debug(NES_DBG_CM, "Failed to get a Free pkt\n");
842                 return -1;
843         }
844
845         form_cm_frame(skb, cm_node, NULL, 0, NULL, 0, SET_ACK | SET_FIN);
846         ret = schedule_nes_timer(cm_node, skb, NES_TIMER_TYPE_SEND, 1, 0);
847
848         return ret;
849 }
850
851
852 /**
853  * find_node - find a cm node that matches the reference cm node
854  */
855 static struct nes_cm_node *find_node(struct nes_cm_core *cm_core,
856                 u16 rem_port, nes_addr_t rem_addr, u16 loc_port, nes_addr_t loc_addr)
857 {
858         unsigned long flags;
859         struct list_head *hte;
860         struct nes_cm_node *cm_node;
861
862         /* get a handle on the hte */
863         hte = &cm_core->connected_nodes;
864
865         /* walk list and find cm_node associated with this session ID */
866         spin_lock_irqsave(&cm_core->ht_lock, flags);
867         list_for_each_entry(cm_node, hte, list) {
868                 /* compare quad, return node handle if a match */
869                 nes_debug(NES_DBG_CM, "finding node %x:%x =? %x:%x ^ %x:%x =? %x:%x\n",
870                                 cm_node->loc_addr, cm_node->loc_port,
871                                 loc_addr, loc_port,
872                                 cm_node->rem_addr, cm_node->rem_port,
873                                 rem_addr, rem_port);
874                 if ((cm_node->loc_addr == loc_addr) && (cm_node->loc_port == loc_port) &&
875                                 (cm_node->rem_addr == rem_addr) && (cm_node->rem_port == rem_port)) {
876                         add_ref_cm_node(cm_node);
877                         spin_unlock_irqrestore(&cm_core->ht_lock, flags);
878                         return cm_node;
879                 }
880         }
881         spin_unlock_irqrestore(&cm_core->ht_lock, flags);
882
883         /* no owner node */
884         return NULL;
885 }
886
887
888 /**
889  * find_listener - find a cm node listening on this addr-port pair
890  */
891 static struct nes_cm_listener *find_listener(struct nes_cm_core *cm_core,
892                 nes_addr_t dst_addr, u16 dst_port, enum nes_cm_listener_state listener_state)
893 {
894         unsigned long flags;
895         struct nes_cm_listener *listen_node;
896
897         /* walk list and find cm_node associated with this session ID */
898         spin_lock_irqsave(&cm_core->listen_list_lock, flags);
899         list_for_each_entry(listen_node, &cm_core->listen_list.list, list) {
900                 /* compare node pair, return node handle if a match */
901                 if (((listen_node->loc_addr == dst_addr) ||
902                                 listen_node->loc_addr == 0x00000000) &&
903                                 (listen_node->loc_port == dst_port) &&
904                                 (listener_state & listen_node->listener_state)) {
905                         atomic_inc(&listen_node->ref_count);
906                         spin_unlock_irqrestore(&cm_core->listen_list_lock, flags);
907                         return listen_node;
908                 }
909         }
910         spin_unlock_irqrestore(&cm_core->listen_list_lock, flags);
911
912         /* no listener */
913         return NULL;
914 }
915
916
917 /**
918  * add_hte_node - add a cm node to the hash table
919  */
920 static int add_hte_node(struct nes_cm_core *cm_core, struct nes_cm_node *cm_node)
921 {
922         unsigned long flags;
923         struct list_head *hte;
924
925         if (!cm_node || !cm_core)
926                 return -EINVAL;
927
928         nes_debug(NES_DBG_CM, "Adding Node %p to Active Connection HT\n",
929                 cm_node);
930
931         spin_lock_irqsave(&cm_core->ht_lock, flags);
932
933         /* get a handle on the hash table element (list head for this slot) */
934         hte = &cm_core->connected_nodes;
935         list_add_tail(&cm_node->list, hte);
936         atomic_inc(&cm_core->ht_node_cnt);
937
938         spin_unlock_irqrestore(&cm_core->ht_lock, flags);
939
940         return 0;
941 }
942
943
944 /**
945  * mini_cm_dec_refcnt_listen
946  */
947 static int mini_cm_dec_refcnt_listen(struct nes_cm_core *cm_core,
948         struct nes_cm_listener *listener, int free_hanging_nodes)
949 {
950         int ret = -EINVAL;
951         int err = 0;
952         unsigned long flags;
953         struct list_head *list_pos = NULL;
954         struct list_head *list_temp = NULL;
955         struct nes_cm_node *cm_node = NULL;
956         struct list_head reset_list;
957
958         nes_debug(NES_DBG_CM, "attempting listener= %p free_nodes= %d, "
959                 "refcnt=%d\n", listener, free_hanging_nodes,
960                 atomic_read(&listener->ref_count));
961         /* free non-accelerated child nodes for this listener */
962         INIT_LIST_HEAD(&reset_list);
963         if (free_hanging_nodes) {
964                 spin_lock_irqsave(&cm_core->ht_lock, flags);
965                 list_for_each_safe(list_pos, list_temp,
966                                    &g_cm_core->connected_nodes) {
967                         cm_node = container_of(list_pos, struct nes_cm_node,
968                                 list);
969                         if ((cm_node->listener == listener) &&
970                             (!cm_node->accelerated)) {
971                                 add_ref_cm_node(cm_node);
972                                 list_add(&cm_node->reset_entry, &reset_list);
973                         }
974                 }
975                 spin_unlock_irqrestore(&cm_core->ht_lock, flags);
976         }
977
978         list_for_each_safe(list_pos, list_temp, &reset_list) {
979                 cm_node = container_of(list_pos, struct nes_cm_node,
980                                 reset_entry);
981                 {
982                         struct nes_cm_node *loopback = cm_node->loopbackpartner;
983                         enum nes_cm_node_state old_state;
984                         if (NES_CM_STATE_FIN_WAIT1 <= cm_node->state) {
985                                 rem_ref_cm_node(cm_node->cm_core, cm_node);
986                         } else {
987                                 if (!loopback) {
988                                         cleanup_retrans_entry(cm_node);
989                                         err = send_reset(cm_node, NULL);
990                                         if (err) {
991                                                 cm_node->state =
992                                                          NES_CM_STATE_CLOSED;
993                                                 WARN_ON(1);
994                                         } else {
995                                                 old_state = cm_node->state;
996                                                 cm_node->state = NES_CM_STATE_LISTENER_DESTROYED;
997                                                 if (old_state != NES_CM_STATE_MPAREQ_RCVD)
998                                                         rem_ref_cm_node(
999                                                                 cm_node->cm_core,
1000                                                                 cm_node);
1001                                         }
1002                                 } else {
1003                                         struct nes_cm_event event;
1004
1005                                         event.cm_node = loopback;
1006                                         event.cm_info.rem_addr =
1007                                                         loopback->rem_addr;
1008                                         event.cm_info.loc_addr =
1009                                                         loopback->loc_addr;
1010                                         event.cm_info.rem_port =
1011                                                         loopback->rem_port;
1012                                         event.cm_info.loc_port =
1013                                                          loopback->loc_port;
1014                                         event.cm_info.cm_id = loopback->cm_id;
1015                                         add_ref_cm_node(loopback);
1016                                         loopback->state = NES_CM_STATE_CLOSED;
1017                                         cm_event_connect_error(&event);
1018                                         cm_node->state = NES_CM_STATE_LISTENER_DESTROYED;
1019
1020                                         rem_ref_cm_node(cm_node->cm_core,
1021                                                          cm_node);
1022
1023                                 }
1024                         }
1025                 }
1026         }
1027
1028         spin_lock_irqsave(&cm_core->listen_list_lock, flags);
1029         if (!atomic_dec_return(&listener->ref_count)) {
1030                 list_del(&listener->list);
1031
1032                 /* decrement our listen node count */
1033                 atomic_dec(&cm_core->listen_node_cnt);
1034
1035                 spin_unlock_irqrestore(&cm_core->listen_list_lock, flags);
1036
1037                 if (listener->nesvnic) {
1038                         nes_manage_apbvt(listener->nesvnic, listener->loc_port,
1039                                         PCI_FUNC(listener->nesvnic->nesdev->pcidev->devfn), NES_MANAGE_APBVT_DEL);
1040                 }
1041
1042                 nes_debug(NES_DBG_CM, "destroying listener (%p)\n", listener);
1043
1044                 kfree(listener);
1045                 listener = NULL;
1046                 ret = 0;
1047                 atomic_inc(&cm_listens_destroyed);
1048         } else {
1049                 spin_unlock_irqrestore(&cm_core->listen_list_lock, flags);
1050         }
1051         if (listener) {
1052                 if (atomic_read(&listener->pend_accepts_cnt) > 0)
1053                         nes_debug(NES_DBG_CM, "destroying listener (%p)"
1054                                         " with non-zero pending accepts=%u\n",
1055                                         listener, atomic_read(&listener->pend_accepts_cnt));
1056         }
1057
1058         return ret;
1059 }
1060
1061
1062 /**
1063  * mini_cm_del_listen
1064  */
1065 static int mini_cm_del_listen(struct nes_cm_core *cm_core,
1066                 struct nes_cm_listener *listener)
1067 {
1068         listener->listener_state = NES_CM_LISTENER_PASSIVE_STATE;
1069         listener->cm_id = NULL; /* going to be destroyed pretty soon */
1070         return mini_cm_dec_refcnt_listen(cm_core, listener, 1);
1071 }
1072
1073
1074 /**
1075  * mini_cm_accelerated
1076  */
1077 static inline int mini_cm_accelerated(struct nes_cm_core *cm_core,
1078                 struct nes_cm_node *cm_node)
1079 {
1080         u32 was_timer_set;
1081         cm_node->accelerated = 1;
1082
1083         if (cm_node->accept_pend) {
1084                 BUG_ON(!cm_node->listener);
1085                 atomic_dec(&cm_node->listener->pend_accepts_cnt);
1086                 cm_node->accept_pend = 0;
1087                 BUG_ON(atomic_read(&cm_node->listener->pend_accepts_cnt) < 0);
1088         }
1089
1090         was_timer_set = timer_pending(&cm_core->tcp_timer);
1091         if (!was_timer_set) {
1092                 cm_core->tcp_timer.expires = jiffies + NES_SHORT_TIME;
1093                 add_timer(&cm_core->tcp_timer);
1094         }
1095
1096         return 0;
1097 }
1098
1099
1100 /**
1101  * nes_addr_resolve_neigh
1102  */
1103 static int nes_addr_resolve_neigh(struct nes_vnic *nesvnic, u32 dst_ip, int arpindex)
1104 {
1105         struct rtable *rt;
1106         struct flowi fl;
1107         struct neighbour *neigh;
1108         int rc = arpindex;
1109         struct nes_adapter *nesadapter = nesvnic->nesdev->nesadapter;
1110
1111         memset(&fl, 0, sizeof fl);
1112         fl.nl_u.ip4_u.daddr = htonl(dst_ip);
1113         if (ip_route_output_key(&init_net, &rt, &fl)) {
1114                 printk(KERN_ERR "%s: ip_route_output_key failed for 0x%08X\n",
1115                                 __func__, dst_ip);
1116                 return rc;
1117         }
1118
1119         neigh = neigh_lookup(&arp_tbl, &rt->rt_gateway, nesvnic->netdev);
1120         if (neigh) {
1121                 if (neigh->nud_state & NUD_VALID) {
1122                         nes_debug(NES_DBG_CM, "Neighbor MAC address for 0x%08X"
1123                                   " is %pM, Gateway is 0x%08X \n", dst_ip,
1124                                   neigh->ha, ntohl(rt->rt_gateway));
1125
1126                         if (arpindex >= 0) {
1127                                 if (!memcmp(nesadapter->arp_table[arpindex].mac_addr,
1128                                                         neigh->ha, ETH_ALEN)){
1129                                         /* Mac address same as in nes_arp_table */
1130                                         neigh_release(neigh);
1131                                         ip_rt_put(rt);
1132                                         return rc;
1133                                 }
1134
1135                                 nes_manage_arp_cache(nesvnic->netdev,
1136                                                 nesadapter->arp_table[arpindex].mac_addr,
1137                                                 dst_ip, NES_ARP_DELETE);
1138                         }
1139
1140                         nes_manage_arp_cache(nesvnic->netdev, neigh->ha,
1141                                              dst_ip, NES_ARP_ADD);
1142                         rc = nes_arp_table(nesvnic->nesdev, dst_ip, NULL,
1143                                            NES_ARP_RESOLVE);
1144                 }
1145                 neigh_release(neigh);
1146         }
1147
1148         if ((neigh == NULL) || (!(neigh->nud_state & NUD_VALID)))
1149                 neigh_event_send(rt->dst.neighbour, NULL);
1150
1151         ip_rt_put(rt);
1152         return rc;
1153 }
1154
1155 /**
1156  * make_cm_node - create a new instance of a cm node
1157  */
1158 static struct nes_cm_node *make_cm_node(struct nes_cm_core *cm_core,
1159                 struct nes_vnic *nesvnic, struct nes_cm_info *cm_info,
1160                 struct nes_cm_listener *listener)
1161 {
1162         struct nes_cm_node *cm_node;
1163         struct timespec ts;
1164         int oldarpindex = 0;
1165         int arpindex = 0;
1166         struct nes_device *nesdev;
1167         struct nes_adapter *nesadapter;
1168
1169         /* create an hte and cm_node for this instance */
1170         cm_node = kzalloc(sizeof(*cm_node), GFP_ATOMIC);
1171         if (!cm_node)
1172                 return NULL;
1173
1174         /* set our node specific transport info */
1175         cm_node->loc_addr = cm_info->loc_addr;
1176         cm_node->rem_addr = cm_info->rem_addr;
1177         cm_node->loc_port = cm_info->loc_port;
1178         cm_node->rem_port = cm_info->rem_port;
1179         cm_node->send_write0 = send_first;
1180         nes_debug(NES_DBG_CM, "Make node addresses : loc = %pI4:%x, rem = %pI4:%x\n",
1181                   &cm_node->loc_addr, cm_node->loc_port,
1182                   &cm_node->rem_addr, cm_node->rem_port);
1183         cm_node->listener = listener;
1184         cm_node->netdev = nesvnic->netdev;
1185         cm_node->cm_id = cm_info->cm_id;
1186         memcpy(cm_node->loc_mac, nesvnic->netdev->dev_addr, ETH_ALEN);
1187
1188         nes_debug(NES_DBG_CM, "listener=%p, cm_id=%p\n", cm_node->listener,
1189                         cm_node->cm_id);
1190
1191         spin_lock_init(&cm_node->retrans_list_lock);
1192
1193         cm_node->loopbackpartner = NULL;
1194         atomic_set(&cm_node->ref_count, 1);
1195         /* associate our parent CM core */
1196         cm_node->cm_core = cm_core;
1197         cm_node->tcp_cntxt.loc_id = NES_CM_DEF_LOCAL_ID;
1198         cm_node->tcp_cntxt.rcv_wscale = NES_CM_DEFAULT_RCV_WND_SCALE;
1199         cm_node->tcp_cntxt.rcv_wnd = NES_CM_DEFAULT_RCV_WND_SCALED >>
1200                         NES_CM_DEFAULT_RCV_WND_SCALE;
1201         ts = current_kernel_time();
1202         cm_node->tcp_cntxt.loc_seq_num = htonl(ts.tv_nsec);
1203         cm_node->tcp_cntxt.mss = nesvnic->max_frame_size - sizeof(struct iphdr) -
1204                         sizeof(struct tcphdr) - ETH_HLEN - VLAN_HLEN;
1205         cm_node->tcp_cntxt.rcv_nxt = 0;
1206         /* get a unique session ID , add thread_id to an upcounter to handle race */
1207         atomic_inc(&cm_core->node_cnt);
1208         cm_node->conn_type = cm_info->conn_type;
1209         cm_node->apbvt_set = 0;
1210         cm_node->accept_pend = 0;
1211
1212         cm_node->nesvnic = nesvnic;
1213         /* get some device handles, for arp lookup */
1214         nesdev = nesvnic->nesdev;
1215         nesadapter = nesdev->nesadapter;
1216
1217         cm_node->loopbackpartner = NULL;
1218
1219         /* get the mac addr for the remote node */
1220         if (ipv4_is_loopback(htonl(cm_node->rem_addr)))
1221                 arpindex = nes_arp_table(nesdev, ntohl(nesvnic->local_ipaddr), NULL, NES_ARP_RESOLVE);
1222         else {
1223                 oldarpindex = nes_arp_table(nesdev, cm_node->rem_addr, NULL, NES_ARP_RESOLVE);
1224                 arpindex = nes_addr_resolve_neigh(nesvnic, cm_info->rem_addr, oldarpindex);
1225
1226         }
1227         if (arpindex < 0) {
1228                 kfree(cm_node);
1229                 return NULL;
1230         }
1231
1232         /* copy the mac addr to node context */
1233         memcpy(cm_node->rem_mac, nesadapter->arp_table[arpindex].mac_addr, ETH_ALEN);
1234         nes_debug(NES_DBG_CM, "Remote mac addr from arp table: %pM\n",
1235                   cm_node->rem_mac);
1236
1237         add_hte_node(cm_core, cm_node);
1238         atomic_inc(&cm_nodes_created);
1239
1240         return cm_node;
1241 }
1242
1243
1244 /**
1245  * add_ref_cm_node - destroy an instance of a cm node
1246  */
1247 static int add_ref_cm_node(struct nes_cm_node *cm_node)
1248 {
1249         atomic_inc(&cm_node->ref_count);
1250         return 0;
1251 }
1252
1253
1254 /**
1255  * rem_ref_cm_node - destroy an instance of a cm node
1256  */
1257 static int rem_ref_cm_node(struct nes_cm_core *cm_core,
1258         struct nes_cm_node *cm_node)
1259 {
1260         unsigned long flags;
1261         struct nes_qp *nesqp;
1262
1263         if (!cm_node)
1264                 return -EINVAL;
1265
1266         spin_lock_irqsave(&cm_node->cm_core->ht_lock, flags);
1267         if (atomic_dec_return(&cm_node->ref_count)) {
1268                 spin_unlock_irqrestore(&cm_node->cm_core->ht_lock, flags);
1269                 return 0;
1270         }
1271         list_del(&cm_node->list);
1272         atomic_dec(&cm_core->ht_node_cnt);
1273         spin_unlock_irqrestore(&cm_node->cm_core->ht_lock, flags);
1274
1275         /* if the node is destroyed before connection was accelerated */
1276         if (!cm_node->accelerated && cm_node->accept_pend) {
1277                 BUG_ON(!cm_node->listener);
1278                 atomic_dec(&cm_node->listener->pend_accepts_cnt);
1279                 BUG_ON(atomic_read(&cm_node->listener->pend_accepts_cnt) < 0);
1280         }
1281         WARN_ON(cm_node->send_entry);
1282         if (cm_node->recv_entry)
1283                 handle_recv_entry(cm_node, 0);
1284         if (cm_node->listener) {
1285                 mini_cm_dec_refcnt_listen(cm_core, cm_node->listener, 0);
1286         } else {
1287                 if (cm_node->apbvt_set && cm_node->nesvnic) {
1288                         nes_manage_apbvt(cm_node->nesvnic, cm_node->loc_port,
1289                                 PCI_FUNC(
1290                                 cm_node->nesvnic->nesdev->pcidev->devfn),
1291                                 NES_MANAGE_APBVT_DEL);
1292                 }
1293         }
1294
1295         atomic_dec(&cm_core->node_cnt);
1296         atomic_inc(&cm_nodes_destroyed);
1297         nesqp = cm_node->nesqp;
1298         if (nesqp) {
1299                 nesqp->cm_node = NULL;
1300                 nes_rem_ref(&nesqp->ibqp);
1301                 cm_node->nesqp = NULL;
1302         }
1303
1304         kfree(cm_node);
1305         return 0;
1306 }
1307
1308 /**
1309  * process_options
1310  */
1311 static int process_options(struct nes_cm_node *cm_node, u8 *optionsloc,
1312         u32 optionsize, u32 syn_packet)
1313 {
1314         u32 tmp;
1315         u32 offset = 0;
1316         union all_known_options *all_options;
1317         char got_mss_option = 0;
1318
1319         while (offset < optionsize) {
1320                 all_options = (union all_known_options *)(optionsloc + offset);
1321                 switch (all_options->as_base.optionnum) {
1322                 case OPTION_NUMBER_END:
1323                         offset = optionsize;
1324                         break;
1325                 case OPTION_NUMBER_NONE:
1326                         offset += 1;
1327                         continue;
1328                 case OPTION_NUMBER_MSS:
1329                         nes_debug(NES_DBG_CM, "%s: MSS Length: %d Offset: %d "
1330                                 "Size: %d\n", __func__,
1331                                 all_options->as_mss.length, offset, optionsize);
1332                         got_mss_option = 1;
1333                         if (all_options->as_mss.length != 4) {
1334                                 return 1;
1335                         } else {
1336                                 tmp = ntohs(all_options->as_mss.mss);
1337                                 if (tmp > 0 && tmp <
1338                                         cm_node->tcp_cntxt.mss)
1339                                         cm_node->tcp_cntxt.mss = tmp;
1340                         }
1341                         break;
1342                 case OPTION_NUMBER_WINDOW_SCALE:
1343                         cm_node->tcp_cntxt.snd_wscale =
1344                                 all_options->as_windowscale.shiftcount;
1345                         break;
1346                 case OPTION_NUMBER_WRITE0:
1347                         cm_node->send_write0 = 1;
1348                         break;
1349                 default:
1350                         nes_debug(NES_DBG_CM, "TCP Option not understood: %x\n",
1351                                 all_options->as_base.optionnum);
1352                         break;
1353                 }
1354                 offset += all_options->as_base.length;
1355         }
1356         if ((!got_mss_option) && (syn_packet))
1357                 cm_node->tcp_cntxt.mss = NES_CM_DEFAULT_MSS;
1358         return 0;
1359 }
1360
1361 static void drop_packet(struct sk_buff *skb)
1362 {
1363         atomic_inc(&cm_accel_dropped_pkts);
1364         dev_kfree_skb_any(skb);
1365 }
1366
1367 static void handle_fin_pkt(struct nes_cm_node *cm_node)
1368 {
1369         nes_debug(NES_DBG_CM, "Received FIN, cm_node = %p, state = %u. "
1370                 "refcnt=%d\n", cm_node, cm_node->state,
1371                 atomic_read(&cm_node->ref_count));
1372         switch (cm_node->state) {
1373         case NES_CM_STATE_SYN_RCVD:
1374         case NES_CM_STATE_SYN_SENT:
1375         case NES_CM_STATE_ESTABLISHED:
1376         case NES_CM_STATE_MPAREJ_RCVD:
1377                 cm_node->tcp_cntxt.rcv_nxt++;
1378                 cleanup_retrans_entry(cm_node);
1379                 cm_node->state = NES_CM_STATE_LAST_ACK;
1380                 send_fin(cm_node, NULL);
1381                 break;
1382         case NES_CM_STATE_MPAREQ_SENT:
1383                 create_event(cm_node, NES_CM_EVENT_ABORTED);
1384                 cm_node->tcp_cntxt.rcv_nxt++;
1385                 cleanup_retrans_entry(cm_node);
1386                 cm_node->state = NES_CM_STATE_CLOSED;
1387                 add_ref_cm_node(cm_node);
1388                 send_reset(cm_node, NULL);
1389                 break;
1390         case NES_CM_STATE_FIN_WAIT1:
1391                 cm_node->tcp_cntxt.rcv_nxt++;
1392                 cleanup_retrans_entry(cm_node);
1393                 cm_node->state = NES_CM_STATE_CLOSING;
1394                 send_ack(cm_node, NULL);
1395                 /* Wait for ACK as this is simultanous close..
1396                 * After we receive ACK, do not send anything..
1397                 * Just rm the node.. Done.. */
1398                 break;
1399         case NES_CM_STATE_FIN_WAIT2:
1400                 cm_node->tcp_cntxt.rcv_nxt++;
1401                 cleanup_retrans_entry(cm_node);
1402                 cm_node->state = NES_CM_STATE_TIME_WAIT;
1403                 send_ack(cm_node, NULL);
1404                 schedule_nes_timer(cm_node, NULL,  NES_TIMER_TYPE_CLOSE, 1, 0);
1405                 break;
1406         case NES_CM_STATE_TIME_WAIT:
1407                 cm_node->tcp_cntxt.rcv_nxt++;
1408                 cleanup_retrans_entry(cm_node);
1409                 cm_node->state = NES_CM_STATE_CLOSED;
1410                 rem_ref_cm_node(cm_node->cm_core, cm_node);
1411                 break;
1412         case NES_CM_STATE_TSA:
1413         default:
1414                 nes_debug(NES_DBG_CM, "Error Rcvd FIN for node-%p state = %d\n",
1415                         cm_node, cm_node->state);
1416                 break;
1417         }
1418 }
1419
1420
1421 static void handle_rst_pkt(struct nes_cm_node *cm_node, struct sk_buff *skb,
1422         struct tcphdr *tcph)
1423 {
1424
1425         int     reset = 0;      /* whether to send reset in case of err.. */
1426         int     passive_state;
1427         atomic_inc(&cm_resets_recvd);
1428         nes_debug(NES_DBG_CM, "Received Reset, cm_node = %p, state = %u."
1429                         " refcnt=%d\n", cm_node, cm_node->state,
1430                         atomic_read(&cm_node->ref_count));
1431         cleanup_retrans_entry(cm_node);
1432         switch (cm_node->state) {
1433         case NES_CM_STATE_SYN_SENT:
1434         case NES_CM_STATE_MPAREQ_SENT:
1435                 nes_debug(NES_DBG_CM, "%s[%u] create abort for cm_node=%p "
1436                         "listener=%p state=%d\n", __func__, __LINE__, cm_node,
1437                         cm_node->listener, cm_node->state);
1438                 active_open_err(cm_node, skb, reset);
1439                 break;
1440         case NES_CM_STATE_MPAREQ_RCVD:
1441                 passive_state = atomic_add_return(1, &cm_node->passive_state);
1442                 if (passive_state ==  NES_SEND_RESET_EVENT)
1443                         create_event(cm_node, NES_CM_EVENT_RESET);
1444                 cm_node->state = NES_CM_STATE_CLOSED;
1445                 dev_kfree_skb_any(skb);
1446                 break;
1447         case NES_CM_STATE_ESTABLISHED:
1448         case NES_CM_STATE_SYN_RCVD:
1449         case NES_CM_STATE_LISTENING:
1450                 nes_debug(NES_DBG_CM, "Bad state %s[%u]\n", __func__, __LINE__);
1451                 passive_open_err(cm_node, skb, reset);
1452                 break;
1453         case NES_CM_STATE_TSA:
1454                 active_open_err(cm_node, skb, reset);
1455                 break;
1456         case NES_CM_STATE_CLOSED:
1457                 drop_packet(skb);
1458                 break;
1459         case NES_CM_STATE_FIN_WAIT1:
1460         case NES_CM_STATE_LAST_ACK:
1461                 cm_node->cm_id->rem_ref(cm_node->cm_id);
1462         case NES_CM_STATE_TIME_WAIT:
1463                 cm_node->state = NES_CM_STATE_CLOSED;
1464                 rem_ref_cm_node(cm_node->cm_core, cm_node);
1465                 drop_packet(skb);
1466                 break;
1467         default:
1468                 drop_packet(skb);
1469                 break;
1470         }
1471 }
1472
1473
1474 static void handle_rcv_mpa(struct nes_cm_node *cm_node, struct sk_buff *skb)
1475 {
1476
1477         int     ret = 0;
1478         int datasize = skb->len;
1479         u8 *dataloc = skb->data;
1480
1481         enum nes_cm_event_type type = NES_CM_EVENT_UNKNOWN;
1482         u32     res_type;
1483         ret = parse_mpa(cm_node, dataloc, &res_type, datasize);
1484         if (ret) {
1485                 nes_debug(NES_DBG_CM, "didn't like MPA Request\n");
1486                 if (cm_node->state == NES_CM_STATE_MPAREQ_SENT) {
1487                         nes_debug(NES_DBG_CM, "%s[%u] create abort for "
1488                                 "cm_node=%p listener=%p state=%d\n", __func__,
1489                                 __LINE__, cm_node, cm_node->listener,
1490                                 cm_node->state);
1491                         active_open_err(cm_node, skb, 1);
1492                 } else {
1493                         passive_open_err(cm_node, skb, 1);
1494                 }
1495                 return;
1496         }
1497
1498         switch (cm_node->state) {
1499         case NES_CM_STATE_ESTABLISHED:
1500                 if (res_type == NES_MPA_REQUEST_REJECT) {
1501                         /*BIG problem as we are receiving the MPA.. So should
1502                         * not be REJECT.. This is Passive Open.. We can
1503                         * only receive it Reject for Active Open...*/
1504                         WARN_ON(1);
1505                 }
1506                 cm_node->state = NES_CM_STATE_MPAREQ_RCVD;
1507                 type = NES_CM_EVENT_MPA_REQ;
1508                 atomic_set(&cm_node->passive_state,
1509                                 NES_PASSIVE_STATE_INDICATED);
1510                 break;
1511         case NES_CM_STATE_MPAREQ_SENT:
1512                 cleanup_retrans_entry(cm_node);
1513                 if (res_type == NES_MPA_REQUEST_REJECT) {
1514                         type = NES_CM_EVENT_MPA_REJECT;
1515                         cm_node->state = NES_CM_STATE_MPAREJ_RCVD;
1516                 } else {
1517                         type = NES_CM_EVENT_CONNECTED;
1518                         cm_node->state = NES_CM_STATE_TSA;
1519                 }
1520
1521                 break;
1522         default:
1523                 WARN_ON(1);
1524                 break;
1525         }
1526         dev_kfree_skb_any(skb);
1527         create_event(cm_node, type);
1528 }
1529
1530 static void indicate_pkt_err(struct nes_cm_node *cm_node, struct sk_buff *skb)
1531 {
1532         switch (cm_node->state) {
1533         case NES_CM_STATE_SYN_SENT:
1534         case NES_CM_STATE_MPAREQ_SENT:
1535                 nes_debug(NES_DBG_CM, "%s[%u] create abort for cm_node=%p "
1536                         "listener=%p state=%d\n", __func__, __LINE__, cm_node,
1537                         cm_node->listener, cm_node->state);
1538                 active_open_err(cm_node, skb, 1);
1539                 break;
1540         case NES_CM_STATE_ESTABLISHED:
1541         case NES_CM_STATE_SYN_RCVD:
1542                 passive_open_err(cm_node, skb, 1);
1543                 break;
1544         case NES_CM_STATE_TSA:
1545         default:
1546                 drop_packet(skb);
1547         }
1548 }
1549
1550 static int check_syn(struct nes_cm_node *cm_node, struct tcphdr *tcph,
1551         struct sk_buff *skb)
1552 {
1553         int err;
1554
1555         err = ((ntohl(tcph->ack_seq) == cm_node->tcp_cntxt.loc_seq_num))? 0 : 1;
1556         if (err)
1557                 active_open_err(cm_node, skb, 1);
1558
1559         return err;
1560 }
1561
1562 static int check_seq(struct nes_cm_node *cm_node, struct tcphdr *tcph,
1563         struct sk_buff *skb)
1564 {
1565         int err = 0;
1566         u32 seq;
1567         u32 ack_seq;
1568         u32 loc_seq_num = cm_node->tcp_cntxt.loc_seq_num;
1569         u32 rcv_nxt = cm_node->tcp_cntxt.rcv_nxt;
1570         u32 rcv_wnd;
1571         seq = ntohl(tcph->seq);
1572         ack_seq = ntohl(tcph->ack_seq);
1573         rcv_wnd = cm_node->tcp_cntxt.rcv_wnd;
1574         if (ack_seq != loc_seq_num)
1575                 err = 1;
1576         else if (!between(seq, rcv_nxt, (rcv_nxt+rcv_wnd)))
1577                 err = 1;
1578         if (err) {
1579                 nes_debug(NES_DBG_CM, "%s[%u] create abort for cm_node=%p "
1580                         "listener=%p state=%d\n", __func__, __LINE__, cm_node,
1581                         cm_node->listener, cm_node->state);
1582                 indicate_pkt_err(cm_node, skb);
1583                 nes_debug(NES_DBG_CM, "seq ERROR cm_node =%p seq=0x%08X "
1584                         "rcv_nxt=0x%08X rcv_wnd=0x%x\n", cm_node, seq, rcv_nxt,
1585                         rcv_wnd);
1586         }
1587         return err;
1588 }
1589
1590 /*
1591  * handle_syn_pkt() is for Passive node. The syn packet is received when a node
1592  * is created with a listener or it may comein as rexmitted packet which in
1593  * that case will be just dropped.
1594  */
1595
1596 static void handle_syn_pkt(struct nes_cm_node *cm_node, struct sk_buff *skb,
1597         struct tcphdr *tcph)
1598 {
1599         int ret;
1600         u32 inc_sequence;
1601         int optionsize;
1602
1603         optionsize = (tcph->doff << 2) - sizeof(struct tcphdr);
1604         skb_trim(skb, 0);
1605         inc_sequence = ntohl(tcph->seq);
1606
1607         switch (cm_node->state) {
1608         case NES_CM_STATE_SYN_SENT:
1609         case NES_CM_STATE_MPAREQ_SENT:
1610                 /* Rcvd syn on active open connection*/
1611                 active_open_err(cm_node, skb, 1);
1612                 break;
1613         case NES_CM_STATE_LISTENING:
1614                 /* Passive OPEN */
1615                 if (atomic_read(&cm_node->listener->pend_accepts_cnt) >
1616                                 cm_node->listener->backlog) {
1617                         nes_debug(NES_DBG_CM, "drop syn due to backlog "
1618                                 "pressure \n");
1619                         cm_backlog_drops++;
1620                         passive_open_err(cm_node, skb, 0);
1621                         break;
1622                 }
1623                 ret = handle_tcp_options(cm_node, tcph, skb, optionsize,
1624                         1);
1625                 if (ret) {
1626                         passive_open_err(cm_node, skb, 0);
1627                         /* drop pkt */
1628                         break;
1629                 }
1630                 cm_node->tcp_cntxt.rcv_nxt = inc_sequence + 1;
1631                 BUG_ON(cm_node->send_entry);
1632                 cm_node->accept_pend = 1;
1633                 atomic_inc(&cm_node->listener->pend_accepts_cnt);
1634
1635                 cm_node->state = NES_CM_STATE_SYN_RCVD;
1636                 send_syn(cm_node, 1, skb);
1637                 break;
1638         case NES_CM_STATE_CLOSED:
1639                 cleanup_retrans_entry(cm_node);
1640                 add_ref_cm_node(cm_node);
1641                 send_reset(cm_node, skb);
1642                 break;
1643         case NES_CM_STATE_TSA:
1644         case NES_CM_STATE_ESTABLISHED:
1645         case NES_CM_STATE_FIN_WAIT1:
1646         case NES_CM_STATE_FIN_WAIT2:
1647         case NES_CM_STATE_MPAREQ_RCVD:
1648         case NES_CM_STATE_LAST_ACK:
1649         case NES_CM_STATE_CLOSING:
1650         case NES_CM_STATE_UNKNOWN:
1651         default:
1652                 drop_packet(skb);
1653                 break;
1654         }
1655 }
1656
1657 static void handle_synack_pkt(struct nes_cm_node *cm_node, struct sk_buff *skb,
1658         struct tcphdr *tcph)
1659 {
1660
1661         int ret;
1662         u32 inc_sequence;
1663         int optionsize;
1664
1665         optionsize = (tcph->doff << 2) - sizeof(struct tcphdr);
1666         skb_trim(skb, 0);
1667         inc_sequence = ntohl(tcph->seq);
1668         switch (cm_node->state) {
1669         case NES_CM_STATE_SYN_SENT:
1670                 cleanup_retrans_entry(cm_node);
1671                 /* active open */
1672                 if (check_syn(cm_node, tcph, skb))
1673                         return;
1674                 cm_node->tcp_cntxt.rem_ack_num = ntohl(tcph->ack_seq);
1675                 /* setup options */
1676                 ret = handle_tcp_options(cm_node, tcph, skb, optionsize, 0);
1677                 if (ret) {
1678                         nes_debug(NES_DBG_CM, "cm_node=%p tcp_options failed\n",
1679                                 cm_node);
1680                         break;
1681                 }
1682                 cleanup_retrans_entry(cm_node);
1683                 cm_node->tcp_cntxt.rcv_nxt = inc_sequence + 1;
1684                 send_mpa_request(cm_node, skb);
1685                 cm_node->state = NES_CM_STATE_MPAREQ_SENT;
1686                 break;
1687         case NES_CM_STATE_MPAREQ_RCVD:
1688                 /* passive open, so should not be here */
1689                 passive_open_err(cm_node, skb, 1);
1690                 break;
1691         case NES_CM_STATE_LISTENING:
1692                 cm_node->tcp_cntxt.loc_seq_num = ntohl(tcph->ack_seq);
1693                 cleanup_retrans_entry(cm_node);
1694                 cm_node->state = NES_CM_STATE_CLOSED;
1695                 send_reset(cm_node, skb);
1696                 break;
1697         case NES_CM_STATE_CLOSED:
1698                 cm_node->tcp_cntxt.loc_seq_num = ntohl(tcph->ack_seq);
1699                 cleanup_retrans_entry(cm_node);
1700                 add_ref_cm_node(cm_node);
1701                 send_reset(cm_node, skb);
1702                 break;
1703         case NES_CM_STATE_ESTABLISHED:
1704         case NES_CM_STATE_FIN_WAIT1:
1705         case NES_CM_STATE_FIN_WAIT2:
1706         case NES_CM_STATE_LAST_ACK:
1707         case NES_CM_STATE_TSA:
1708         case NES_CM_STATE_CLOSING:
1709         case NES_CM_STATE_UNKNOWN:
1710         case NES_CM_STATE_MPAREQ_SENT:
1711         default:
1712                 drop_packet(skb);
1713                 break;
1714         }
1715 }
1716
1717 static int handle_ack_pkt(struct nes_cm_node *cm_node, struct sk_buff *skb,
1718         struct tcphdr *tcph)
1719 {
1720         int datasize = 0;
1721         u32 inc_sequence;
1722         int ret = 0;
1723         int optionsize;
1724         optionsize = (tcph->doff << 2) - sizeof(struct tcphdr);
1725
1726         if (check_seq(cm_node, tcph, skb))
1727                 return -EINVAL;
1728
1729         skb_pull(skb, tcph->doff << 2);
1730         inc_sequence = ntohl(tcph->seq);
1731         datasize = skb->len;
1732         switch (cm_node->state) {
1733         case NES_CM_STATE_SYN_RCVD:
1734                 /* Passive OPEN */
1735                 cleanup_retrans_entry(cm_node);
1736                 ret = handle_tcp_options(cm_node, tcph, skb, optionsize, 1);
1737                 if (ret)
1738                         break;
1739                 cm_node->tcp_cntxt.rem_ack_num = ntohl(tcph->ack_seq);
1740                 cm_node->state = NES_CM_STATE_ESTABLISHED;
1741                 if (datasize) {
1742                         cm_node->tcp_cntxt.rcv_nxt = inc_sequence + datasize;
1743                         handle_rcv_mpa(cm_node, skb);
1744                 } else  /* rcvd ACK only */
1745                         dev_kfree_skb_any(skb);
1746                 break;
1747         case NES_CM_STATE_ESTABLISHED:
1748                 /* Passive OPEN */
1749                 cleanup_retrans_entry(cm_node);
1750                 if (datasize) {
1751                         cm_node->tcp_cntxt.rcv_nxt = inc_sequence + datasize;
1752                         handle_rcv_mpa(cm_node, skb);
1753                 } else
1754                         drop_packet(skb);
1755                 break;
1756         case NES_CM_STATE_MPAREQ_SENT:
1757                 cm_node->tcp_cntxt.rem_ack_num = ntohl(tcph->ack_seq);
1758                 if (datasize) {
1759                         cm_node->tcp_cntxt.rcv_nxt = inc_sequence + datasize;
1760                         handle_rcv_mpa(cm_node, skb);
1761                 } else  /* Could be just an ack pkt.. */
1762                         dev_kfree_skb_any(skb);
1763                 break;
1764         case NES_CM_STATE_LISTENING:
1765                 cleanup_retrans_entry(cm_node);
1766                 cm_node->state = NES_CM_STATE_CLOSED;
1767                 send_reset(cm_node, skb);
1768                 break;
1769         case NES_CM_STATE_CLOSED:
1770                 cleanup_retrans_entry(cm_node);
1771                 add_ref_cm_node(cm_node);
1772                 send_reset(cm_node, skb);
1773                 break;
1774         case NES_CM_STATE_LAST_ACK:
1775         case NES_CM_STATE_CLOSING:
1776                 cleanup_retrans_entry(cm_node);
1777                 cm_node->state = NES_CM_STATE_CLOSED;
1778                 cm_node->cm_id->rem_ref(cm_node->cm_id);
1779                 rem_ref_cm_node(cm_node->cm_core, cm_node);
1780                 drop_packet(skb);
1781                 break;
1782         case NES_CM_STATE_FIN_WAIT1:
1783                 cleanup_retrans_entry(cm_node);
1784                 drop_packet(skb);
1785                 cm_node->state = NES_CM_STATE_FIN_WAIT2;
1786                 break;
1787         case NES_CM_STATE_SYN_SENT:
1788         case NES_CM_STATE_FIN_WAIT2:
1789         case NES_CM_STATE_TSA:
1790         case NES_CM_STATE_MPAREQ_RCVD:
1791         case NES_CM_STATE_UNKNOWN:
1792         default:
1793                 cleanup_retrans_entry(cm_node);
1794                 drop_packet(skb);
1795                 break;
1796         }
1797         return ret;
1798 }
1799
1800
1801
1802 static int handle_tcp_options(struct nes_cm_node *cm_node, struct tcphdr *tcph,
1803         struct sk_buff *skb, int optionsize, int passive)
1804 {
1805         u8 *optionsloc = (u8 *)&tcph[1];
1806         if (optionsize) {
1807                 if (process_options(cm_node, optionsloc, optionsize,
1808                         (u32)tcph->syn)) {
1809                         nes_debug(NES_DBG_CM, "%s: Node %p, Sending RESET\n",
1810                                 __func__, cm_node);
1811                         if (passive)
1812                                 passive_open_err(cm_node, skb, 1);
1813                         else
1814                                 active_open_err(cm_node, skb, 1);
1815                         return 1;
1816                 }
1817         }
1818
1819         cm_node->tcp_cntxt.snd_wnd = ntohs(tcph->window) <<
1820                         cm_node->tcp_cntxt.snd_wscale;
1821
1822         if (cm_node->tcp_cntxt.snd_wnd > cm_node->tcp_cntxt.max_snd_wnd)
1823                 cm_node->tcp_cntxt.max_snd_wnd = cm_node->tcp_cntxt.snd_wnd;
1824         return 0;
1825 }
1826
1827 /*
1828  * active_open_err() will send reset() if flag set..
1829  * It will also send ABORT event.
1830  */
1831
1832 static void active_open_err(struct nes_cm_node *cm_node, struct sk_buff *skb,
1833         int reset)
1834 {
1835         cleanup_retrans_entry(cm_node);
1836         if (reset) {
1837                 nes_debug(NES_DBG_CM, "ERROR active err called for cm_node=%p, "
1838                                 "state=%d\n", cm_node, cm_node->state);
1839                 add_ref_cm_node(cm_node);
1840                 send_reset(cm_node, skb);
1841         } else
1842                 dev_kfree_skb_any(skb);
1843
1844         cm_node->state = NES_CM_STATE_CLOSED;
1845         create_event(cm_node, NES_CM_EVENT_ABORTED);
1846 }
1847
1848 /*
1849  * passive_open_err() will either do a reset() or will free up the skb and
1850  * remove the cm_node.
1851  */
1852
1853 static void passive_open_err(struct nes_cm_node *cm_node, struct sk_buff *skb,
1854         int reset)
1855 {
1856         cleanup_retrans_entry(cm_node);
1857         cm_node->state = NES_CM_STATE_CLOSED;
1858         if (reset) {
1859                 nes_debug(NES_DBG_CM, "passive_open_err sending RST for "
1860                         "cm_node=%p state =%d\n", cm_node, cm_node->state);
1861                 send_reset(cm_node, skb);
1862         } else {
1863                 dev_kfree_skb_any(skb);
1864                 rem_ref_cm_node(cm_node->cm_core, cm_node);
1865         }
1866 }
1867
1868 /*
1869  * free_retrans_entry() routines assumes that the retrans_list_lock has
1870  * been acquired before calling.
1871  */
1872 static void free_retrans_entry(struct nes_cm_node *cm_node)
1873 {
1874         struct nes_timer_entry *send_entry;
1875         send_entry = cm_node->send_entry;
1876         if (send_entry) {
1877                 cm_node->send_entry = NULL;
1878                 dev_kfree_skb_any(send_entry->skb);
1879                 kfree(send_entry);
1880                 rem_ref_cm_node(cm_node->cm_core, cm_node);
1881         }
1882 }
1883
1884 static void cleanup_retrans_entry(struct nes_cm_node *cm_node)
1885 {
1886         unsigned long flags;
1887
1888         spin_lock_irqsave(&cm_node->retrans_list_lock, flags);
1889         free_retrans_entry(cm_node);
1890         spin_unlock_irqrestore(&cm_node->retrans_list_lock, flags);
1891 }
1892
1893 /**
1894  * process_packet
1895  * Returns skb if to be freed, else it will return NULL if already used..
1896  */
1897 static void process_packet(struct nes_cm_node *cm_node, struct sk_buff *skb,
1898         struct nes_cm_core *cm_core)
1899 {
1900         enum nes_tcpip_pkt_type pkt_type = NES_PKT_TYPE_UNKNOWN;
1901         struct tcphdr *tcph = tcp_hdr(skb);
1902         u32     fin_set = 0;
1903         int ret = 0;
1904         skb_pull(skb, ip_hdr(skb)->ihl << 2);
1905
1906         nes_debug(NES_DBG_CM, "process_packet: cm_node=%p state =%d syn=%d "
1907                 "ack=%d rst=%d fin=%d\n", cm_node, cm_node->state, tcph->syn,
1908                 tcph->ack, tcph->rst, tcph->fin);
1909
1910         if (tcph->rst)
1911                 pkt_type = NES_PKT_TYPE_RST;
1912         else if (tcph->syn) {
1913                 pkt_type = NES_PKT_TYPE_SYN;
1914                 if (tcph->ack)
1915                         pkt_type = NES_PKT_TYPE_SYNACK;
1916         } else if (tcph->ack)
1917                 pkt_type = NES_PKT_TYPE_ACK;
1918         if (tcph->fin)
1919                 fin_set = 1;
1920
1921         switch (pkt_type) {
1922         case NES_PKT_TYPE_SYN:
1923                 handle_syn_pkt(cm_node, skb, tcph);
1924                 break;
1925         case NES_PKT_TYPE_SYNACK:
1926                 handle_synack_pkt(cm_node, skb, tcph);
1927                 break;
1928         case NES_PKT_TYPE_ACK:
1929                 ret = handle_ack_pkt(cm_node, skb, tcph);
1930                 if (fin_set && !ret)
1931                         handle_fin_pkt(cm_node);
1932                 break;
1933         case NES_PKT_TYPE_RST:
1934                 handle_rst_pkt(cm_node, skb, tcph);
1935                 break;
1936         default:
1937                 if ((fin_set) && (!check_seq(cm_node, tcph, skb)))
1938                         handle_fin_pkt(cm_node);
1939                 drop_packet(skb);
1940                 break;
1941         }
1942 }
1943
1944 /**
1945  * mini_cm_listen - create a listen node with params
1946  */
1947 static struct nes_cm_listener *mini_cm_listen(struct nes_cm_core *cm_core,
1948         struct nes_vnic *nesvnic, struct nes_cm_info *cm_info)
1949 {
1950         struct nes_cm_listener *listener;
1951         unsigned long flags;
1952
1953         nes_debug(NES_DBG_CM, "Search for 0x%08x : 0x%04x\n",
1954                 cm_info->loc_addr, cm_info->loc_port);
1955
1956         /* cannot have multiple matching listeners */
1957         listener = find_listener(cm_core, htonl(cm_info->loc_addr),
1958                         htons(cm_info->loc_port), NES_CM_LISTENER_EITHER_STATE);
1959         if (listener && listener->listener_state == NES_CM_LISTENER_ACTIVE_STATE) {
1960                 /* find automatically incs ref count ??? */
1961                 atomic_dec(&listener->ref_count);
1962                 nes_debug(NES_DBG_CM, "Not creating listener since it already exists\n");
1963                 return NULL;
1964         }
1965
1966         if (!listener) {
1967                 /* create a CM listen node (1/2 node to compare incoming traffic to) */
1968                 listener = kzalloc(sizeof(*listener), GFP_ATOMIC);
1969                 if (!listener) {
1970                         nes_debug(NES_DBG_CM, "Not creating listener memory allocation failed\n");
1971                         return NULL;
1972                 }
1973
1974                 listener->loc_addr = htonl(cm_info->loc_addr);
1975                 listener->loc_port = htons(cm_info->loc_port);
1976                 listener->reused_node = 0;
1977
1978                 atomic_set(&listener->ref_count, 1);
1979         }
1980         /* pasive case */
1981         /* find already inc'ed the ref count */
1982         else {
1983                 listener->reused_node = 1;
1984         }
1985
1986         listener->cm_id = cm_info->cm_id;
1987         atomic_set(&listener->pend_accepts_cnt, 0);
1988         listener->cm_core = cm_core;
1989         listener->nesvnic = nesvnic;
1990         atomic_inc(&cm_core->node_cnt);
1991
1992         listener->conn_type = cm_info->conn_type;
1993         listener->backlog = cm_info->backlog;
1994         listener->listener_state = NES_CM_LISTENER_ACTIVE_STATE;
1995
1996         if (!listener->reused_node) {
1997                 spin_lock_irqsave(&cm_core->listen_list_lock, flags);
1998                 list_add(&listener->list, &cm_core->listen_list.list);
1999                 spin_unlock_irqrestore(&cm_core->listen_list_lock, flags);
2000                 atomic_inc(&cm_core->listen_node_cnt);
2001         }
2002
2003         nes_debug(NES_DBG_CM, "Api - listen(): addr=0x%08X, port=0x%04x,"
2004                         " listener = %p, backlog = %d, cm_id = %p.\n",
2005                         cm_info->loc_addr, cm_info->loc_port,
2006                         listener, listener->backlog, listener->cm_id);
2007
2008         return listener;
2009 }
2010
2011
2012 /**
2013  * mini_cm_connect - make a connection node with params
2014  */
2015 static struct nes_cm_node *mini_cm_connect(struct nes_cm_core *cm_core,
2016         struct nes_vnic *nesvnic, u16 private_data_len,
2017         void *private_data, struct nes_cm_info *cm_info)
2018 {
2019         int ret = 0;
2020         struct nes_cm_node *cm_node;
2021         struct nes_cm_listener *loopbackremotelistener;
2022         struct nes_cm_node *loopbackremotenode;
2023         struct nes_cm_info loopback_cm_info;
2024         u16 mpa_frame_size = sizeof(struct ietf_mpa_frame) + private_data_len;
2025         struct ietf_mpa_frame *mpa_frame = NULL;
2026
2027         /* create a CM connection node */
2028         cm_node = make_cm_node(cm_core, nesvnic, cm_info, NULL);
2029         if (!cm_node)
2030                 return NULL;
2031         mpa_frame = &cm_node->mpa_frame;
2032         memcpy(mpa_frame->key, IEFT_MPA_KEY_REQ, IETF_MPA_KEY_SIZE);
2033         mpa_frame->flags = IETF_MPA_FLAGS_CRC;
2034         mpa_frame->rev =  IETF_MPA_VERSION;
2035         mpa_frame->priv_data_len = htons(private_data_len);
2036
2037         /* set our node side to client (active) side */
2038         cm_node->tcp_cntxt.client = 1;
2039         cm_node->tcp_cntxt.rcv_wscale = NES_CM_DEFAULT_RCV_WND_SCALE;
2040
2041         if (cm_info->loc_addr == cm_info->rem_addr) {
2042                 loopbackremotelistener = find_listener(cm_core,
2043                                 ntohl(nesvnic->local_ipaddr), cm_node->rem_port,
2044                                 NES_CM_LISTENER_ACTIVE_STATE);
2045                 if (loopbackremotelistener == NULL) {
2046                         create_event(cm_node, NES_CM_EVENT_ABORTED);
2047                 } else {
2048                         loopback_cm_info = *cm_info;
2049                         loopback_cm_info.loc_port = cm_info->rem_port;
2050                         loopback_cm_info.rem_port = cm_info->loc_port;
2051                         loopback_cm_info.cm_id = loopbackremotelistener->cm_id;
2052                         loopbackremotenode = make_cm_node(cm_core, nesvnic,
2053                                 &loopback_cm_info, loopbackremotelistener);
2054                         if (!loopbackremotenode) {
2055                                 rem_ref_cm_node(cm_node->cm_core, cm_node);
2056                                 return NULL;
2057                         }
2058                         atomic_inc(&cm_loopbacks);
2059                         loopbackremotenode->loopbackpartner = cm_node;
2060                         loopbackremotenode->tcp_cntxt.rcv_wscale =
2061                                 NES_CM_DEFAULT_RCV_WND_SCALE;
2062                         cm_node->loopbackpartner = loopbackremotenode;
2063                         memcpy(loopbackremotenode->mpa_frame_buf, private_data,
2064                                 private_data_len);
2065                         loopbackremotenode->mpa_frame_size = private_data_len;
2066
2067                         /* we are done handling this state. */
2068                         /* set node to a TSA state */
2069                         cm_node->state = NES_CM_STATE_TSA;
2070                         cm_node->tcp_cntxt.rcv_nxt =
2071                                 loopbackremotenode->tcp_cntxt.loc_seq_num;
2072                         loopbackremotenode->tcp_cntxt.rcv_nxt =
2073                                 cm_node->tcp_cntxt.loc_seq_num;
2074                         cm_node->tcp_cntxt.max_snd_wnd =
2075                                 loopbackremotenode->tcp_cntxt.rcv_wnd;
2076                         loopbackremotenode->tcp_cntxt.max_snd_wnd =
2077                                 cm_node->tcp_cntxt.rcv_wnd;
2078                         cm_node->tcp_cntxt.snd_wnd =
2079                                 loopbackremotenode->tcp_cntxt.rcv_wnd;
2080                         loopbackremotenode->tcp_cntxt.snd_wnd =
2081                                 cm_node->tcp_cntxt.rcv_wnd;
2082                         cm_node->tcp_cntxt.snd_wscale =
2083                                 loopbackremotenode->tcp_cntxt.rcv_wscale;
2084                         loopbackremotenode->tcp_cntxt.snd_wscale =
2085                                 cm_node->tcp_cntxt.rcv_wscale;
2086                         loopbackremotenode->state = NES_CM_STATE_MPAREQ_RCVD;
2087                         create_event(loopbackremotenode, NES_CM_EVENT_MPA_REQ);
2088                 }
2089                 return cm_node;
2090         }
2091
2092         /* set our node side to client (active) side */
2093         cm_node->tcp_cntxt.client = 1;
2094         /* init our MPA frame ptr */
2095         memcpy(mpa_frame->priv_data, private_data, private_data_len);
2096
2097         cm_node->mpa_frame_size = mpa_frame_size;
2098
2099         /* send a syn and goto syn sent state */
2100         cm_node->state = NES_CM_STATE_SYN_SENT;
2101         ret = send_syn(cm_node, 0, NULL);
2102
2103         if (ret) {
2104                 /* error in sending the syn free up the cm_node struct */
2105                 nes_debug(NES_DBG_CM, "Api - connect() FAILED: dest "
2106                         "addr=0x%08X, port=0x%04x, cm_node=%p, cm_id = %p.\n",
2107                         cm_node->rem_addr, cm_node->rem_port, cm_node,
2108                         cm_node->cm_id);
2109                 rem_ref_cm_node(cm_node->cm_core, cm_node);
2110                 cm_node = NULL;
2111         }
2112
2113         if (cm_node)
2114                 nes_debug(NES_DBG_CM, "Api - connect(): dest addr=0x%08X,"
2115                         "port=0x%04x, cm_node=%p, cm_id = %p.\n",
2116                         cm_node->rem_addr, cm_node->rem_port, cm_node,
2117                         cm_node->cm_id);
2118
2119         return cm_node;
2120 }
2121
2122
2123 /**
2124  * mini_cm_accept - accept a connection
2125  * This function is never called
2126  */
2127 static int mini_cm_accept(struct nes_cm_core *cm_core,
2128         struct ietf_mpa_frame *mpa_frame, struct nes_cm_node *cm_node)
2129 {
2130         return 0;
2131 }
2132
2133
2134 /**
2135  * mini_cm_reject - reject and teardown a connection
2136  */
2137 static int mini_cm_reject(struct nes_cm_core *cm_core,
2138         struct ietf_mpa_frame *mpa_frame, struct nes_cm_node *cm_node)
2139 {
2140         int ret = 0;
2141         int err = 0;
2142         int passive_state;
2143         struct nes_cm_event event;
2144         struct iw_cm_id *cm_id = cm_node->cm_id;
2145         struct nes_cm_node *loopback = cm_node->loopbackpartner;
2146
2147         nes_debug(NES_DBG_CM, "%s cm_node=%p type=%d state=%d\n",
2148                 __func__, cm_node, cm_node->tcp_cntxt.client, cm_node->state);
2149
2150         if (cm_node->tcp_cntxt.client)
2151                 return ret;
2152         cleanup_retrans_entry(cm_node);
2153
2154         if (!loopback) {
2155                 passive_state = atomic_add_return(1, &cm_node->passive_state);
2156                 if (passive_state == NES_SEND_RESET_EVENT) {
2157                         cm_node->state = NES_CM_STATE_CLOSED;
2158                         rem_ref_cm_node(cm_core, cm_node);
2159                 } else {
2160                         if (cm_node->state == NES_CM_STATE_LISTENER_DESTROYED) {
2161                                 rem_ref_cm_node(cm_core, cm_node);
2162                         } else {
2163                                 ret = send_mpa_reject(cm_node);
2164                                 if (ret) {
2165                                         cm_node->state = NES_CM_STATE_CLOSED;
2166                                         err = send_reset(cm_node, NULL);
2167                                         if (err)
2168                                                 WARN_ON(1);
2169                                 } else
2170                                         cm_id->add_ref(cm_id);
2171                         }
2172                 }
2173         } else {
2174                 cm_node->cm_id = NULL;
2175                 if (cm_node->state == NES_CM_STATE_LISTENER_DESTROYED) {
2176                         rem_ref_cm_node(cm_core, cm_node);
2177                         rem_ref_cm_node(cm_core, loopback);
2178                 } else {
2179                         event.cm_node = loopback;
2180                         event.cm_info.rem_addr = loopback->rem_addr;
2181                         event.cm_info.loc_addr = loopback->loc_addr;
2182                         event.cm_info.rem_port = loopback->rem_port;
2183                         event.cm_info.loc_port = loopback->loc_port;
2184                         event.cm_info.cm_id = loopback->cm_id;
2185                         cm_event_mpa_reject(&event);
2186                         rem_ref_cm_node(cm_core, cm_node);
2187                         loopback->state = NES_CM_STATE_CLOSING;
2188
2189                         cm_id = loopback->cm_id;
2190                         rem_ref_cm_node(cm_core, loopback);
2191                         cm_id->rem_ref(cm_id);
2192                 }
2193         }
2194
2195         return ret;
2196 }
2197
2198
2199 /**
2200  * mini_cm_close
2201  */
2202 static int mini_cm_close(struct nes_cm_core *cm_core, struct nes_cm_node *cm_node)
2203 {
2204         int ret = 0;
2205
2206         if (!cm_core || !cm_node)
2207                 return -EINVAL;
2208
2209         switch (cm_node->state) {
2210         case NES_CM_STATE_SYN_RCVD:
2211         case NES_CM_STATE_SYN_SENT:
2212         case NES_CM_STATE_ONE_SIDE_ESTABLISHED:
2213         case NES_CM_STATE_ESTABLISHED:
2214         case NES_CM_STATE_ACCEPTING:
2215         case NES_CM_STATE_MPAREQ_SENT:
2216         case NES_CM_STATE_MPAREQ_RCVD:
2217                 cleanup_retrans_entry(cm_node);
2218                 send_reset(cm_node, NULL);
2219                 break;
2220         case NES_CM_STATE_CLOSE_WAIT:
2221                 cm_node->state = NES_CM_STATE_LAST_ACK;
2222                 send_fin(cm_node, NULL);
2223                 break;
2224         case NES_CM_STATE_FIN_WAIT1:
2225         case NES_CM_STATE_FIN_WAIT2:
2226         case NES_CM_STATE_LAST_ACK:
2227         case NES_CM_STATE_TIME_WAIT:
2228         case NES_CM_STATE_CLOSING:
2229                 ret = -1;
2230                 break;
2231         case NES_CM_STATE_LISTENING:
2232                 cleanup_retrans_entry(cm_node);
2233                 send_reset(cm_node, NULL);
2234                 break;
2235         case NES_CM_STATE_MPAREJ_RCVD:
2236         case NES_CM_STATE_UNKNOWN:
2237         case NES_CM_STATE_INITED:
2238         case NES_CM_STATE_CLOSED:
2239         case NES_CM_STATE_LISTENER_DESTROYED:
2240                 ret = rem_ref_cm_node(cm_core, cm_node);
2241                 break;
2242         case NES_CM_STATE_TSA:
2243                 if (cm_node->send_entry)
2244                         printk(KERN_ERR "ERROR Close got called from STATE_TSA "
2245                                 "send_entry=%p\n", cm_node->send_entry);
2246                 ret = rem_ref_cm_node(cm_core, cm_node);
2247                 break;
2248         }
2249         return ret;
2250 }
2251
2252
2253 /**
2254  * recv_pkt - recv an ETHERNET packet, and process it through CM
2255  * node state machine
2256  */
2257 static int mini_cm_recv_pkt(struct nes_cm_core *cm_core,
2258         struct nes_vnic *nesvnic, struct sk_buff *skb)
2259 {
2260         struct nes_cm_node *cm_node = NULL;
2261         struct nes_cm_listener *listener = NULL;
2262         struct iphdr *iph;
2263         struct tcphdr *tcph;
2264         struct nes_cm_info nfo;
2265         int skb_handled = 1;
2266         __be32 tmp_daddr, tmp_saddr;
2267
2268         if (!skb)
2269                 return 0;
2270         if (skb->len < sizeof(struct iphdr) + sizeof(struct tcphdr)) {
2271                 return 0;
2272         }
2273
2274         iph = (struct iphdr *)skb->data;
2275         tcph = (struct tcphdr *)(skb->data + sizeof(struct iphdr));
2276
2277         nfo.loc_addr = ntohl(iph->daddr);
2278         nfo.loc_port = ntohs(tcph->dest);
2279         nfo.rem_addr = ntohl(iph->saddr);
2280         nfo.rem_port = ntohs(tcph->source);
2281
2282         tmp_daddr = cpu_to_be32(iph->daddr);
2283         tmp_saddr = cpu_to_be32(iph->saddr);
2284
2285         nes_debug(NES_DBG_CM, "Received packet: dest=%pI4:0x%04X src=%pI4:0x%04X\n",
2286                   &tmp_daddr, tcph->dest, &tmp_saddr, tcph->source);
2287
2288         do {
2289                 cm_node = find_node(cm_core,
2290                         nfo.rem_port, nfo.rem_addr,
2291                         nfo.loc_port, nfo.loc_addr);
2292
2293                 if (!cm_node) {
2294                         /* Only type of packet accepted are for */
2295                         /* the PASSIVE open (syn only) */
2296                         if ((!tcph->syn) || (tcph->ack)) {
2297                                 skb_handled = 0;
2298                                 break;
2299                         }
2300                         listener = find_listener(cm_core, nfo.loc_addr,
2301                                 nfo.loc_port,
2302                                 NES_CM_LISTENER_ACTIVE_STATE);
2303                         if (!listener) {
2304                                 nfo.cm_id = NULL;
2305                                 nfo.conn_type = 0;
2306                                 nes_debug(NES_DBG_CM, "Unable to find listener for the pkt\n");
2307                                 skb_handled = 0;
2308                                 break;
2309                         }
2310                         nfo.cm_id = listener->cm_id;
2311                         nfo.conn_type = listener->conn_type;
2312                         cm_node = make_cm_node(cm_core, nesvnic, &nfo,
2313                                 listener);
2314                         if (!cm_node) {
2315                                 nes_debug(NES_DBG_CM, "Unable to allocate "
2316                                         "node\n");
2317                                 cm_packets_dropped++;
2318                                 atomic_dec(&listener->ref_count);
2319                                 dev_kfree_skb_any(skb);
2320                                 break;
2321                         }
2322                         if (!tcph->rst && !tcph->fin) {
2323                                 cm_node->state = NES_CM_STATE_LISTENING;
2324                         } else {
2325                                 cm_packets_dropped++;
2326                                 rem_ref_cm_node(cm_core, cm_node);
2327                                 dev_kfree_skb_any(skb);
2328                                 break;
2329                         }
2330                         add_ref_cm_node(cm_node);
2331                 } else if (cm_node->state == NES_CM_STATE_TSA) {
2332                         rem_ref_cm_node(cm_core, cm_node);
2333                         atomic_inc(&cm_accel_dropped_pkts);
2334                         dev_kfree_skb_any(skb);
2335                         break;
2336                 }
2337                 skb_reset_network_header(skb);
2338                 skb_set_transport_header(skb, sizeof(*tcph));
2339                 skb->len = ntohs(iph->tot_len);
2340                 process_packet(cm_node, skb, cm_core);
2341                 rem_ref_cm_node(cm_core, cm_node);
2342         } while (0);
2343         return skb_handled;
2344 }
2345
2346
2347 /**
2348  * nes_cm_alloc_core - allocate a top level instance of a cm core
2349  */
2350 static struct nes_cm_core *nes_cm_alloc_core(void)
2351 {
2352         struct nes_cm_core *cm_core;
2353
2354         /* setup the CM core */
2355         /* alloc top level core control structure */
2356         cm_core = kzalloc(sizeof(*cm_core), GFP_KERNEL);
2357         if (!cm_core)
2358                 return NULL;
2359
2360         INIT_LIST_HEAD(&cm_core->connected_nodes);
2361         init_timer(&cm_core->tcp_timer);
2362         cm_core->tcp_timer.function = nes_cm_timer_tick;
2363
2364         cm_core->mtu   = NES_CM_DEFAULT_MTU;
2365         cm_core->state = NES_CM_STATE_INITED;
2366         cm_core->free_tx_pkt_max = NES_CM_DEFAULT_FREE_PKTS;
2367
2368         atomic_set(&cm_core->events_posted, 0);
2369
2370         cm_core->api = &nes_cm_api;
2371
2372         spin_lock_init(&cm_core->ht_lock);
2373         spin_lock_init(&cm_core->listen_list_lock);
2374
2375         INIT_LIST_HEAD(&cm_core->listen_list.list);
2376
2377         nes_debug(NES_DBG_CM, "Init CM Core completed -- cm_core=%p\n", cm_core);
2378
2379         nes_debug(NES_DBG_CM, "Enable QUEUE EVENTS\n");
2380         cm_core->event_wq = create_singlethread_workqueue("nesewq");
2381         cm_core->post_event = nes_cm_post_event;
2382         nes_debug(NES_DBG_CM, "Enable QUEUE DISCONNECTS\n");
2383         cm_core->disconn_wq = create_singlethread_workqueue("nesdwq");
2384
2385         print_core(cm_core);
2386         return cm_core;
2387 }
2388
2389
2390 /**
2391  * mini_cm_dealloc_core - deallocate a top level instance of a cm core
2392  */
2393 static int mini_cm_dealloc_core(struct nes_cm_core *cm_core)
2394 {
2395         nes_debug(NES_DBG_CM, "De-Alloc CM Core (%p)\n", cm_core);
2396
2397         if (!cm_core)
2398                 return -EINVAL;
2399
2400         barrier();
2401
2402         if (timer_pending(&cm_core->tcp_timer)) {
2403                 del_timer(&cm_core->tcp_timer);
2404         }
2405
2406         destroy_workqueue(cm_core->event_wq);
2407         destroy_workqueue(cm_core->disconn_wq);
2408         nes_debug(NES_DBG_CM, "\n");
2409         kfree(cm_core);
2410
2411         return 0;
2412 }
2413
2414
2415 /**
2416  * mini_cm_get
2417  */
2418 static int mini_cm_get(struct nes_cm_core *cm_core)
2419 {
2420         return cm_core->state;
2421 }
2422
2423
2424 /**
2425  * mini_cm_set
2426  */
2427 static int mini_cm_set(struct nes_cm_core *cm_core, u32 type, u32 value)
2428 {
2429         int ret = 0;
2430
2431         switch (type) {
2432         case NES_CM_SET_PKT_SIZE:
2433                 cm_core->mtu = value;
2434                 break;
2435         case NES_CM_SET_FREE_PKT_Q_SIZE:
2436                 cm_core->free_tx_pkt_max = value;
2437                 break;
2438         default:
2439                 /* unknown set option */
2440                 ret = -EINVAL;
2441         }
2442
2443         return ret;
2444 }
2445
2446
2447 /**
2448  * nes_cm_init_tsa_conn setup HW; MPA frames must be
2449  * successfully exchanged when this is called
2450  */
2451 static int nes_cm_init_tsa_conn(struct nes_qp *nesqp, struct nes_cm_node *cm_node)
2452 {
2453         int ret = 0;
2454
2455         if (!nesqp)
2456                 return -EINVAL;
2457
2458         nesqp->nesqp_context->misc |= cpu_to_le32(NES_QPCONTEXT_MISC_IPV4 |
2459                         NES_QPCONTEXT_MISC_NO_NAGLE | NES_QPCONTEXT_MISC_DO_NOT_FRAG |
2460                         NES_QPCONTEXT_MISC_DROS);
2461
2462         if (cm_node->tcp_cntxt.snd_wscale || cm_node->tcp_cntxt.rcv_wscale)
2463                 nesqp->nesqp_context->misc |= cpu_to_le32(NES_QPCONTEXT_MISC_WSCALE);
2464
2465         nesqp->nesqp_context->misc2 |= cpu_to_le32(64 << NES_QPCONTEXT_MISC2_TTL_SHIFT);
2466
2467         nesqp->nesqp_context->mss |= cpu_to_le32(((u32)cm_node->tcp_cntxt.mss) << 16);
2468
2469         nesqp->nesqp_context->tcp_state_flow_label |= cpu_to_le32(
2470                         (u32)NES_QPCONTEXT_TCPSTATE_EST << NES_QPCONTEXT_TCPFLOW_TCP_STATE_SHIFT);
2471
2472         nesqp->nesqp_context->pd_index_wscale |= cpu_to_le32(
2473                         (cm_node->tcp_cntxt.snd_wscale << NES_QPCONTEXT_PDWSCALE_SND_WSCALE_SHIFT) &
2474                         NES_QPCONTEXT_PDWSCALE_SND_WSCALE_MASK);
2475
2476         nesqp->nesqp_context->pd_index_wscale |= cpu_to_le32(
2477                         (cm_node->tcp_cntxt.rcv_wscale << NES_QPCONTEXT_PDWSCALE_RCV_WSCALE_SHIFT) &
2478                         NES_QPCONTEXT_PDWSCALE_RCV_WSCALE_MASK);
2479
2480         nesqp->nesqp_context->keepalive = cpu_to_le32(0x80);
2481         nesqp->nesqp_context->ts_recent = 0;
2482         nesqp->nesqp_context->ts_age = 0;
2483         nesqp->nesqp_context->snd_nxt = cpu_to_le32(cm_node->tcp_cntxt.loc_seq_num);
2484         nesqp->nesqp_context->snd_wnd = cpu_to_le32(cm_node->tcp_cntxt.snd_wnd);
2485         nesqp->nesqp_context->rcv_nxt = cpu_to_le32(cm_node->tcp_cntxt.rcv_nxt);
2486         nesqp->nesqp_context->rcv_wnd = cpu_to_le32(cm_node->tcp_cntxt.rcv_wnd <<
2487                         cm_node->tcp_cntxt.rcv_wscale);
2488         nesqp->nesqp_context->snd_max = cpu_to_le32(cm_node->tcp_cntxt.loc_seq_num);
2489         nesqp->nesqp_context->snd_una = cpu_to_le32(cm_node->tcp_cntxt.loc_seq_num);
2490         nesqp->nesqp_context->srtt = 0;
2491         nesqp->nesqp_context->rttvar = cpu_to_le32(0x6);
2492         nesqp->nesqp_context->ssthresh = cpu_to_le32(0x3FFFC000);
2493         nesqp->nesqp_context->cwnd = cpu_to_le32(2*cm_node->tcp_cntxt.mss);
2494         nesqp->nesqp_context->snd_wl1 = cpu_to_le32(cm_node->tcp_cntxt.rcv_nxt);
2495         nesqp->nesqp_context->snd_wl2 = cpu_to_le32(cm_node->tcp_cntxt.loc_seq_num);
2496         nesqp->nesqp_context->max_snd_wnd = cpu_to_le32(cm_node->tcp_cntxt.max_snd_wnd);
2497
2498         nes_debug(NES_DBG_CM, "QP%u: rcv_nxt = 0x%08X, snd_nxt = 0x%08X,"
2499                         " Setting MSS to %u, PDWscale = 0x%08X, rcv_wnd = %u, context misc = 0x%08X.\n",
2500                         nesqp->hwqp.qp_id, le32_to_cpu(nesqp->nesqp_context->rcv_nxt),
2501                         le32_to_cpu(nesqp->nesqp_context->snd_nxt),
2502                         cm_node->tcp_cntxt.mss, le32_to_cpu(nesqp->nesqp_context->pd_index_wscale),
2503                         le32_to_cpu(nesqp->nesqp_context->rcv_wnd),
2504                         le32_to_cpu(nesqp->nesqp_context->misc));
2505         nes_debug(NES_DBG_CM, "  snd_wnd  = 0x%08X.\n", le32_to_cpu(nesqp->nesqp_context->snd_wnd));
2506         nes_debug(NES_DBG_CM, "  snd_cwnd = 0x%08X.\n", le32_to_cpu(nesqp->nesqp_context->cwnd));
2507         nes_debug(NES_DBG_CM, "  max_swnd = 0x%08X.\n", le32_to_cpu(nesqp->nesqp_context->max_snd_wnd));
2508
2509         nes_debug(NES_DBG_CM, "Change cm_node state to TSA\n");
2510         cm_node->state = NES_CM_STATE_TSA;
2511
2512         return ret;
2513 }
2514
2515
2516 /**
2517  * nes_cm_disconn
2518  */
2519 int nes_cm_disconn(struct nes_qp *nesqp)
2520 {
2521         struct disconn_work *work;
2522
2523         work = kzalloc(sizeof *work, GFP_ATOMIC);
2524         if (!work)
2525                 return -ENOMEM; /* Timer will clean up */
2526
2527         nes_add_ref(&nesqp->ibqp);
2528         work->nesqp = nesqp;
2529         INIT_WORK(&work->work, nes_disconnect_worker);
2530         queue_work(g_cm_core->disconn_wq, &work->work);
2531         return 0;
2532 }
2533
2534
2535 /**
2536  * nes_disconnect_worker
2537  */
2538 static void nes_disconnect_worker(struct work_struct *work)
2539 {
2540         struct disconn_work *dwork = container_of(work, struct disconn_work, work);
2541         struct nes_qp *nesqp = dwork->nesqp;
2542
2543         kfree(dwork);
2544         nes_debug(NES_DBG_CM, "processing AEQE id 0x%04X for QP%u.\n",
2545                         nesqp->last_aeq, nesqp->hwqp.qp_id);
2546         nes_cm_disconn_true(nesqp);
2547         nes_rem_ref(&nesqp->ibqp);
2548 }
2549
2550
2551 /**
2552  * nes_cm_disconn_true
2553  */
2554 static int nes_cm_disconn_true(struct nes_qp *nesqp)
2555 {
2556         unsigned long flags;
2557         int ret = 0;
2558         struct iw_cm_id *cm_id;
2559         struct iw_cm_event cm_event;
2560         struct nes_vnic *nesvnic;
2561         u16 last_ae;
2562         u8 original_hw_tcp_state;
2563         u8 original_ibqp_state;
2564         enum iw_cm_event_status disconn_status = IW_CM_EVENT_STATUS_OK;
2565         int issue_disconn = 0;
2566         int issue_close = 0;
2567         int issue_flush = 0;
2568         u32 flush_q = NES_CQP_FLUSH_RQ;
2569         struct ib_event ibevent;
2570
2571         if (!nesqp) {
2572                 nes_debug(NES_DBG_CM, "disconnect_worker nesqp is NULL\n");
2573                 return -1;
2574         }
2575
2576         spin_lock_irqsave(&nesqp->lock, flags);
2577         cm_id = nesqp->cm_id;
2578         /* make sure we havent already closed this connection */
2579         if (!cm_id) {
2580                 nes_debug(NES_DBG_CM, "QP%u disconnect_worker cmid is NULL\n",
2581                                 nesqp->hwqp.qp_id);
2582                 spin_unlock_irqrestore(&nesqp->lock, flags);
2583                 return -1;
2584         }
2585
2586         nesvnic = to_nesvnic(nesqp->ibqp.device);
2587         nes_debug(NES_DBG_CM, "Disconnecting QP%u\n", nesqp->hwqp.qp_id);
2588
2589         original_hw_tcp_state = nesqp->hw_tcp_state;
2590         original_ibqp_state   = nesqp->ibqp_state;
2591         last_ae = nesqp->last_aeq;
2592
2593         if (nesqp->term_flags) {
2594                 issue_disconn = 1;
2595                 issue_close = 1;
2596                 nesqp->cm_id = NULL;
2597                 if (nesqp->flush_issued == 0) {
2598                         nesqp->flush_issued = 1;
2599                         issue_flush = 1;
2600                 }
2601         } else if ((original_hw_tcp_state == NES_AEQE_TCP_STATE_CLOSE_WAIT) ||
2602                         ((original_ibqp_state == IB_QPS_RTS) &&
2603                         (last_ae == NES_AEQE_AEID_LLP_CONNECTION_RESET))) {
2604                 issue_disconn = 1;
2605                 if (last_ae == NES_AEQE_AEID_LLP_CONNECTION_RESET)
2606                         disconn_status = IW_CM_EVENT_STATUS_RESET;
2607         }
2608
2609         if (((original_hw_tcp_state == NES_AEQE_TCP_STATE_CLOSED) ||
2610                  (original_hw_tcp_state == NES_AEQE_TCP_STATE_TIME_WAIT) ||
2611                  (last_ae == NES_AEQE_AEID_RDMAP_ROE_BAD_LLP_CLOSE) ||
2612                  (last_ae == NES_AEQE_AEID_LLP_CONNECTION_RESET))) {
2613                 issue_close = 1;
2614                 nesqp->cm_id = NULL;
2615                 if (nesqp->flush_issued == 0) {
2616                         nesqp->flush_issued = 1;
2617                         issue_flush = 1;
2618                 }
2619         }
2620
2621         spin_unlock_irqrestore(&nesqp->lock, flags);
2622
2623         if ((issue_flush) && (nesqp->destroyed == 0)) {
2624                 /* Flush the queue(s) */
2625                 if (nesqp->hw_iwarp_state >= NES_AEQE_IWARP_STATE_TERMINATE)
2626                         flush_q |= NES_CQP_FLUSH_SQ;
2627                 flush_wqes(nesvnic->nesdev, nesqp, flush_q, 1);
2628
2629                 if (nesqp->term_flags) {
2630                         ibevent.device = nesqp->ibqp.device;
2631                         ibevent.event = nesqp->terminate_eventtype;
2632                         ibevent.element.qp = &nesqp->ibqp;
2633                         nesqp->ibqp.event_handler(&ibevent, nesqp->ibqp.qp_context);
2634                 }
2635         }
2636
2637         if ((cm_id) && (cm_id->event_handler)) {
2638                 if (issue_disconn) {
2639                         atomic_inc(&cm_disconnects);
2640                         cm_event.event = IW_CM_EVENT_DISCONNECT;
2641                         cm_event.status = disconn_status;
2642                         cm_event.local_addr = cm_id->local_addr;
2643                         cm_event.remote_addr = cm_id->remote_addr;
2644                         cm_event.private_data = NULL;
2645                         cm_event.private_data_len = 0;
2646
2647                         nes_debug(NES_DBG_CM, "Generating a CM Disconnect Event"
2648                                 " for  QP%u, SQ Head = %u, SQ Tail = %u. "
2649                                 "cm_id = %p, refcount = %u.\n",
2650                                 nesqp->hwqp.qp_id, nesqp->hwqp.sq_head,
2651                                 nesqp->hwqp.sq_tail, cm_id,
2652                                 atomic_read(&nesqp->refcount));
2653
2654                         ret = cm_id->event_handler(cm_id, &cm_event);
2655                         if (ret)
2656                                 nes_debug(NES_DBG_CM, "OFA CM event_handler "
2657                                         "returned, ret=%d\n", ret);
2658                 }
2659
2660                 if (issue_close) {
2661                         atomic_inc(&cm_closes);
2662                         nes_disconnect(nesqp, 1);
2663
2664                         cm_id->provider_data = nesqp;
2665                         /* Send up the close complete event */
2666                         cm_event.event = IW_CM_EVENT_CLOSE;
2667                         cm_event.status = IW_CM_EVENT_STATUS_OK;
2668                         cm_event.provider_data = cm_id->provider_data;
2669                         cm_event.local_addr = cm_id->local_addr;
2670                         cm_event.remote_addr = cm_id->remote_addr;
2671                         cm_event.private_data = NULL;
2672                         cm_event.private_data_len = 0;
2673
2674                         ret = cm_id->event_handler(cm_id, &cm_event);
2675                         if (ret) {
2676                                 nes_debug(NES_DBG_CM, "OFA CM event_handler returned, ret=%d\n", ret);
2677                         }
2678
2679                         cm_id->rem_ref(cm_id);
2680                 }
2681         }
2682
2683         return 0;
2684 }
2685
2686
2687 /**
2688  * nes_disconnect
2689  */
2690 static int nes_disconnect(struct nes_qp *nesqp, int abrupt)
2691 {
2692         int ret = 0;
2693         struct nes_vnic *nesvnic;
2694         struct nes_device *nesdev;
2695         struct nes_ib_device *nesibdev;
2696
2697         nesvnic = to_nesvnic(nesqp->ibqp.device);
2698         if (!nesvnic)
2699                 return -EINVAL;
2700
2701         nesdev = nesvnic->nesdev;
2702         nesibdev = nesvnic->nesibdev;
2703
2704         nes_debug(NES_DBG_CM, "netdev refcnt = %u.\n",
2705                         atomic_read(&nesvnic->netdev->refcnt));
2706
2707         if (nesqp->active_conn) {
2708
2709                 /* indicate this connection is NOT active */
2710                 nesqp->active_conn = 0;
2711         } else {
2712                 /* Need to free the Last Streaming Mode Message */
2713                 if (nesqp->ietf_frame) {
2714                         if (nesqp->lsmm_mr)
2715                                 nesibdev->ibdev.dereg_mr(nesqp->lsmm_mr);
2716                         pci_free_consistent(nesdev->pcidev,
2717                                         nesqp->private_data_len+sizeof(struct ietf_mpa_frame),
2718                                         nesqp->ietf_frame, nesqp->ietf_frame_pbase);
2719                 }
2720         }
2721
2722         /* close the CM node down if it is still active */
2723         if (nesqp->cm_node) {
2724                 nes_debug(NES_DBG_CM, "Call close API\n");
2725
2726                 g_cm_core->api->close(g_cm_core, nesqp->cm_node);
2727         }
2728
2729         return ret;
2730 }
2731
2732
2733 /**
2734  * nes_accept
2735  */
2736 int nes_accept(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param)
2737 {
2738         u64 u64temp;
2739         struct ib_qp *ibqp;
2740         struct nes_qp *nesqp;
2741         struct nes_vnic *nesvnic;
2742         struct nes_device *nesdev;
2743         struct nes_cm_node *cm_node;
2744         struct nes_adapter *adapter;
2745         struct ib_qp_attr attr;
2746         struct iw_cm_event cm_event;
2747         struct nes_hw_qp_wqe *wqe;
2748         struct nes_v4_quad nes_quad;
2749         u32 crc_value;
2750         int ret;
2751         int passive_state;
2752         struct nes_ib_device *nesibdev;
2753         struct ib_mr *ibmr = NULL;
2754         struct ib_phys_buf ibphysbuf;
2755         struct nes_pd *nespd;
2756         u64 tagged_offset;
2757
2758         ibqp = nes_get_qp(cm_id->device, conn_param->qpn);
2759         if (!ibqp)
2760                 return -EINVAL;
2761
2762         /* get all our handles */
2763         nesqp = to_nesqp(ibqp);
2764         nesvnic = to_nesvnic(nesqp->ibqp.device);
2765         nesdev = nesvnic->nesdev;
2766         adapter = nesdev->nesadapter;
2767
2768         cm_node = (struct nes_cm_node *)cm_id->provider_data;
2769         nes_debug(NES_DBG_CM, "nes_accept: cm_node= %p nesvnic=%p, netdev=%p,"
2770                 "%s\n", cm_node, nesvnic, nesvnic->netdev,
2771                 nesvnic->netdev->name);
2772
2773         if (NES_CM_STATE_LISTENER_DESTROYED == cm_node->state) {
2774                 if (cm_node->loopbackpartner)
2775                         rem_ref_cm_node(cm_node->cm_core, cm_node->loopbackpartner);
2776                 rem_ref_cm_node(cm_node->cm_core, cm_node);
2777                 return -EINVAL;
2778         }
2779
2780         /* associate the node with the QP */
2781         nesqp->cm_node = (void *)cm_node;
2782         cm_node->nesqp = nesqp;
2783
2784         nes_debug(NES_DBG_CM, "QP%u, cm_node=%p, jiffies = %lu listener = %p\n",
2785                 nesqp->hwqp.qp_id, cm_node, jiffies, cm_node->listener);
2786         atomic_inc(&cm_accepts);
2787
2788         nes_debug(NES_DBG_CM, "netdev refcnt = %u.\n",
2789                         atomic_read(&nesvnic->netdev->refcnt));
2790
2791         /* allocate the ietf frame and space for private data */
2792         nesqp->ietf_frame = pci_alloc_consistent(nesdev->pcidev,
2793                 sizeof(struct ietf_mpa_frame) + conn_param->private_data_len,
2794                 &nesqp->ietf_frame_pbase);
2795
2796         if (!nesqp->ietf_frame) {
2797                 nes_debug(NES_DBG_CM, "Unable to allocate memory for private "
2798                         "data\n");
2799                 return -ENOMEM;
2800         }
2801
2802
2803         /* setup the MPA frame */
2804         nesqp->private_data_len = conn_param->private_data_len;
2805         memcpy(nesqp->ietf_frame->key, IEFT_MPA_KEY_REP, IETF_MPA_KEY_SIZE);
2806
2807         memcpy(nesqp->ietf_frame->priv_data, conn_param->private_data,
2808                         conn_param->private_data_len);
2809
2810         nesqp->ietf_frame->priv_data_len =
2811                 cpu_to_be16(conn_param->private_data_len);
2812         nesqp->ietf_frame->rev = mpa_version;
2813         nesqp->ietf_frame->flags = IETF_MPA_FLAGS_CRC;
2814
2815         /* setup our first outgoing iWarp send WQE (the IETF frame response) */
2816         wqe = &nesqp->hwqp.sq_vbase[0];
2817
2818         if (cm_id->remote_addr.sin_addr.s_addr !=
2819                         cm_id->local_addr.sin_addr.s_addr) {
2820                 u64temp = (unsigned long)nesqp;
2821                 nesibdev = nesvnic->nesibdev;
2822                 nespd = nesqp->nespd;
2823                 ibphysbuf.addr = nesqp->ietf_frame_pbase;
2824                 ibphysbuf.size = conn_param->private_data_len +
2825                                         sizeof(struct ietf_mpa_frame);
2826                 tagged_offset = (u64)(unsigned long)nesqp->ietf_frame;
2827                 ibmr = nesibdev->ibdev.reg_phys_mr((struct ib_pd *)nespd,
2828                                                 &ibphysbuf, 1,
2829                                                 IB_ACCESS_LOCAL_WRITE,
2830                                                 &tagged_offset);
2831                 if (!ibmr) {
2832                         nes_debug(NES_DBG_CM, "Unable to register memory region"
2833                                         "for lSMM for cm_node = %p \n",
2834                                         cm_node);
2835                         pci_free_consistent(nesdev->pcidev,
2836                                 nesqp->private_data_len+sizeof(struct ietf_mpa_frame),
2837                                 nesqp->ietf_frame, nesqp->ietf_frame_pbase);
2838                         return -ENOMEM;
2839                 }
2840
2841                 ibmr->pd = &nespd->ibpd;
2842                 ibmr->device = nespd->ibpd.device;
2843                 nesqp->lsmm_mr = ibmr;
2844
2845                 u64temp |= NES_SW_CONTEXT_ALIGN>>1;
2846                 set_wqe_64bit_value(wqe->wqe_words,
2847                         NES_IWARP_SQ_WQE_COMP_CTX_LOW_IDX,
2848                         u64temp);
2849                 wqe->wqe_words[NES_IWARP_SQ_WQE_MISC_IDX] =
2850                         cpu_to_le32(NES_IWARP_SQ_WQE_STREAMING |
2851                         NES_IWARP_SQ_WQE_WRPDU);
2852                 wqe->wqe_words[NES_IWARP_SQ_WQE_TOTAL_PAYLOAD_IDX] =
2853                         cpu_to_le32(conn_param->private_data_len +
2854                         sizeof(struct ietf_mpa_frame));
2855                 set_wqe_64bit_value(wqe->wqe_words,
2856                                         NES_IWARP_SQ_WQE_FRAG0_LOW_IDX,
2857                                         (u64)(unsigned long)nesqp->ietf_frame);
2858                 wqe->wqe_words[NES_IWARP_SQ_WQE_LENGTH0_IDX] =
2859                         cpu_to_le32(conn_param->private_data_len +
2860                         sizeof(struct ietf_mpa_frame));
2861                 wqe->wqe_words[NES_IWARP_SQ_WQE_STAG0_IDX] = ibmr->lkey;
2862                 if (nesqp->sq_kmapped) {
2863                         nesqp->sq_kmapped = 0;
2864                         kunmap(nesqp->page);
2865                 }
2866
2867                 nesqp->nesqp_context->ird_ord_sizes |=
2868                         cpu_to_le32(NES_QPCONTEXT_ORDIRD_LSMM_PRESENT |
2869                         NES_QPCONTEXT_ORDIRD_WRPDU);
2870         } else {
2871                 nesqp->nesqp_context->ird_ord_sizes |=
2872                         cpu_to_le32(NES_QPCONTEXT_ORDIRD_WRPDU);
2873         }
2874         nesqp->skip_lsmm = 1;
2875
2876
2877         /* Cache the cm_id in the qp */
2878         nesqp->cm_id = cm_id;
2879         cm_node->cm_id = cm_id;
2880
2881         /*  nesqp->cm_node = (void *)cm_id->provider_data; */
2882         cm_id->provider_data = nesqp;
2883         nesqp->active_conn   = 0;
2884
2885         if (cm_node->state == NES_CM_STATE_TSA)
2886                 nes_debug(NES_DBG_CM, "Already state = TSA for cm_node=%p\n",
2887                         cm_node);
2888
2889         nes_cm_init_tsa_conn(nesqp, cm_node);
2890
2891         nesqp->nesqp_context->tcpPorts[0] =
2892                 cpu_to_le16(ntohs(cm_id->local_addr.sin_port));
2893         nesqp->nesqp_context->tcpPorts[1] =
2894                 cpu_to_le16(ntohs(cm_id->remote_addr.sin_port));
2895
2896         if (ipv4_is_loopback(cm_id->remote_addr.sin_addr.s_addr))
2897                 nesqp->nesqp_context->ip0 =
2898                         cpu_to_le32(ntohl(nesvnic->local_ipaddr));
2899         else
2900                 nesqp->nesqp_context->ip0 =
2901                         cpu_to_le32(ntohl(cm_id->remote_addr.sin_addr.s_addr));
2902
2903         nesqp->nesqp_context->misc2 |= cpu_to_le32(
2904                         (u32)PCI_FUNC(nesdev->pcidev->devfn) <<
2905                         NES_QPCONTEXT_MISC2_SRC_IP_SHIFT);
2906
2907         nesqp->nesqp_context->arp_index_vlan |=
2908                 cpu_to_le32(nes_arp_table(nesdev,
2909                         le32_to_cpu(nesqp->nesqp_context->ip0), NULL,
2910                         NES_ARP_RESOLVE) << 16);
2911
2912         nesqp->nesqp_context->ts_val_delta = cpu_to_le32(
2913                 jiffies - nes_read_indexed(nesdev, NES_IDX_TCP_NOW));
2914
2915         nesqp->nesqp_context->ird_index = cpu_to_le32(nesqp->hwqp.qp_id);
2916
2917         nesqp->nesqp_context->ird_ord_sizes |= cpu_to_le32(
2918                 ((u32)1 << NES_QPCONTEXT_ORDIRD_IWARP_MODE_SHIFT));
2919         nesqp->nesqp_context->ird_ord_sizes |=
2920                 cpu_to_le32((u32)conn_param->ord);
2921
2922         memset(&nes_quad, 0, sizeof(nes_quad));
2923         nes_quad.DstIpAdrIndex =
2924                 cpu_to_le32((u32)PCI_FUNC(nesdev->pcidev->devfn) << 24);
2925         if (ipv4_is_loopback(cm_id->remote_addr.sin_addr.s_addr))
2926                 nes_quad.SrcIpadr = nesvnic->local_ipaddr;
2927         else
2928                 nes_quad.SrcIpadr = cm_id->remote_addr.sin_addr.s_addr;
2929         nes_quad.TcpPorts[0] = cm_id->remote_addr.sin_port;
2930         nes_quad.TcpPorts[1] = cm_id->local_addr.sin_port;
2931
2932         /* Produce hash key */
2933         crc_value = get_crc_value(&nes_quad);
2934         nesqp->hte_index = cpu_to_be32(crc_value ^ 0xffffffff);
2935         nes_debug(NES_DBG_CM, "HTE Index = 0x%08X, CRC = 0x%08X\n",
2936                 nesqp->hte_index, nesqp->hte_index & adapter->hte_index_mask);
2937
2938         nesqp->hte_index &= adapter->hte_index_mask;
2939         nesqp->nesqp_context->hte_index = cpu_to_le32(nesqp->hte_index);
2940
2941         cm_node->cm_core->api->accelerated(cm_node->cm_core, cm_node);
2942
2943         nes_debug(NES_DBG_CM, "QP%u, Destination IP = 0x%08X:0x%04X, local = "
2944                         "0x%08X:0x%04X, rcv_nxt=0x%08X, snd_nxt=0x%08X, mpa + "
2945                         "private data length=%zu.\n", nesqp->hwqp.qp_id,
2946                         ntohl(cm_id->remote_addr.sin_addr.s_addr),
2947                         ntohs(cm_id->remote_addr.sin_port),
2948                         ntohl(cm_id->local_addr.sin_addr.s_addr),
2949                         ntohs(cm_id->local_addr.sin_port),
2950                         le32_to_cpu(nesqp->nesqp_context->rcv_nxt),
2951                         le32_to_cpu(nesqp->nesqp_context->snd_nxt),
2952                         conn_param->private_data_len +
2953                         sizeof(struct ietf_mpa_frame));
2954
2955
2956         /* notify OF layer that accept event was successful */
2957         cm_id->add_ref(cm_id);
2958         nes_add_ref(&nesqp->ibqp);
2959
2960         cm_event.event = IW_CM_EVENT_ESTABLISHED;
2961         cm_event.status = IW_CM_EVENT_STATUS_ACCEPTED;
2962         cm_event.provider_data = (void *)nesqp;
2963         cm_event.local_addr = cm_id->local_addr;
2964         cm_event.remote_addr = cm_id->remote_addr;
2965         cm_event.private_data = NULL;
2966         cm_event.private_data_len = 0;
2967         ret = cm_id->event_handler(cm_id, &cm_event);
2968         attr.qp_state = IB_QPS_RTS;
2969         nes_modify_qp(&nesqp->ibqp, &attr, IB_QP_STATE, NULL);
2970         if (cm_node->loopbackpartner) {
2971                 cm_node->loopbackpartner->mpa_frame_size =
2972                         nesqp->private_data_len;
2973                 /* copy entire MPA frame to our cm_node's frame */
2974                 memcpy(cm_node->loopbackpartner->mpa_frame_buf,
2975                         nesqp->ietf_frame->priv_data, nesqp->private_data_len);
2976                 create_event(cm_node->loopbackpartner, NES_CM_EVENT_CONNECTED);
2977         }
2978         if (ret)
2979                 printk(KERN_ERR "%s[%u] OFA CM event_handler returned, "
2980                         "ret=%d\n", __func__, __LINE__, ret);
2981
2982         passive_state = atomic_add_return(1, &cm_node->passive_state);
2983         if (passive_state == NES_SEND_RESET_EVENT)
2984                 create_event(cm_node, NES_CM_EVENT_RESET);
2985         return 0;
2986 }
2987
2988
2989 /**
2990  * nes_reject
2991  */
2992 int nes_reject(struct iw_cm_id *cm_id, const void *pdata, u8 pdata_len)
2993 {
2994         struct nes_cm_node *cm_node;
2995         struct nes_cm_node *loopback;
2996
2997         struct nes_cm_core *cm_core;
2998
2999         atomic_inc(&cm_rejects);
3000         cm_node = (struct nes_cm_node *) cm_id->provider_data;
3001         loopback = cm_node->loopbackpartner;
3002         cm_core = cm_node->cm_core;
3003         cm_node->cm_id = cm_id;
3004         cm_node->mpa_frame_size = sizeof(struct ietf_mpa_frame) + pdata_len;
3005
3006         if (cm_node->mpa_frame_size > MAX_CM_BUFFER)
3007                 return -EINVAL;
3008
3009         memcpy(&cm_node->mpa_frame.key[0], IEFT_MPA_KEY_REP, IETF_MPA_KEY_SIZE);
3010         if (loopback) {
3011                 memcpy(&loopback->mpa_frame.priv_data, pdata, pdata_len);
3012                 loopback->mpa_frame.priv_data_len = pdata_len;
3013                 loopback->mpa_frame_size = sizeof(struct ietf_mpa_frame) +
3014                                 pdata_len;
3015         } else {
3016                 memcpy(&cm_node->mpa_frame.priv_data, pdata, pdata_len);