]>
Commit | Line | Data |
---|---|---|
fd9871f7 | 1 | // SPDX-License-Identifier: GPL-2.0-or-later |
1da177e4 LT |
2 | /* |
3 | * DECnet An implementation of the DECnet protocol suite for the LINUX | |
4 | * operating system. DECnet is implemented using the BSD Socket | |
5 | * interface as the means of communication with the user level. | |
6 | * | |
7 | * DECnet Network Services Protocol (Input) | |
8 | * | |
9 | * Author: Eduardo Marcelo Serrat <emserrat@geocities.com> | |
10 | * | |
11 | * Changes: | |
12 | * | |
13 | * Steve Whitehouse: Split into dn_nsp_in.c and dn_nsp_out.c from | |
14 | * original dn_nsp.c. | |
15 | * Steve Whitehouse: Updated to work with my new routing architecture. | |
16 | * Steve Whitehouse: Add changes from Eduardo Serrat's patches. | |
17 | * Steve Whitehouse: Put all ack handling code in a common routine. | |
18 | * Steve Whitehouse: Put other common bits into dn_nsp_rx() | |
19 | * Steve Whitehouse: More checks on skb->len to catch bogus packets | |
20 | * Fixed various race conditions and possible nasties. | |
21 | * Steve Whitehouse: Now handles returned conninit frames. | |
22 | * David S. Miller: New socket locking | |
23 | * Steve Whitehouse: Fixed lockup when socket filtering was enabled. | |
24 | * Paul Koning: Fix to push CC sockets into RUN when acks are | |
25 | * received. | |
26 | * Steve Whitehouse: | |
27 | * Patrick Caulfield: Checking conninits for correctness & sending of error | |
28 | * responses. | |
29 | * Steve Whitehouse: Added backlog congestion level return codes. | |
30 | * Patrick Caulfield: | |
31 | * Steve Whitehouse: Added flow control support (outbound) | |
32 | * Steve Whitehouse: Prepare for nonlinear skbs | |
33 | */ | |
34 | ||
35 | /****************************************************************************** | |
36 | (c) 1995-1998 E.M. Serrat emserrat@geocities.com | |
429eb0fa | 37 | |
1da177e4 LT |
38 | *******************************************************************************/ |
39 | ||
1da177e4 LT |
40 | #include <linux/errno.h> |
41 | #include <linux/types.h> | |
42 | #include <linux/socket.h> | |
43 | #include <linux/in.h> | |
44 | #include <linux/kernel.h> | |
1da177e4 LT |
45 | #include <linux/timer.h> |
46 | #include <linux/string.h> | |
47 | #include <linux/sockios.h> | |
48 | #include <linux/net.h> | |
49 | #include <linux/netdevice.h> | |
50 | #include <linux/inet.h> | |
51 | #include <linux/route.h> | |
5a0e3ad6 | 52 | #include <linux/slab.h> |
1da177e4 | 53 | #include <net/sock.h> |
c752f073 | 54 | #include <net/tcp_states.h> |
1da177e4 LT |
55 | #include <linux/fcntl.h> |
56 | #include <linux/mm.h> | |
429eb0fa | 57 | #include <linux/termios.h> |
1da177e4 LT |
58 | #include <linux/interrupt.h> |
59 | #include <linux/proc_fs.h> | |
60 | #include <linux/stat.h> | |
61 | #include <linux/init.h> | |
62 | #include <linux/poll.h> | |
63 | #include <linux/netfilter_decnet.h> | |
64 | #include <net/neighbour.h> | |
65 | #include <net/dst.h> | |
66 | #include <net/dn.h> | |
67 | #include <net/dn_nsp.h> | |
68 | #include <net/dn_dev.h> | |
69 | #include <net/dn_route.h> | |
70 | ||
71 | extern int decnet_log_martians; | |
72 | ||
73 | static void dn_log_martian(struct sk_buff *skb, const char *msg) | |
74 | { | |
e87cc472 | 75 | if (decnet_log_martians) { |
1da177e4 LT |
76 | char *devname = skb->dev ? skb->dev->name : "???"; |
77 | struct dn_skb_cb *cb = DN_SKB_CB(skb); | |
e87cc472 JP |
78 | net_info_ratelimited("DECnet: Martian packet (%s) dev=%s src=0x%04hx dst=0x%04hx srcport=0x%04hx dstport=0x%04hx\n", |
79 | msg, devname, | |
80 | le16_to_cpu(cb->src), | |
81 | le16_to_cpu(cb->dst), | |
82 | le16_to_cpu(cb->src_port), | |
83 | le16_to_cpu(cb->dst_port)); | |
1da177e4 LT |
84 | } |
85 | } | |
86 | ||
87 | /* | |
88 | * For this function we've flipped the cross-subchannel bit | |
89 | * if the message is an otherdata or linkservice message. Thus | |
90 | * we can use it to work out what to update. | |
91 | */ | |
92 | static void dn_ack(struct sock *sk, struct sk_buff *skb, unsigned short ack) | |
93 | { | |
94 | struct dn_scp *scp = DN_SK(sk); | |
95 | unsigned short type = ((ack >> 12) & 0x0003); | |
96 | int wakeup = 0; | |
97 | ||
06f8fe11 JP |
98 | switch (type) { |
99 | case 0: /* ACK - Data */ | |
100 | if (dn_after(ack, scp->ackrcv_dat)) { | |
101 | scp->ackrcv_dat = ack & 0x0fff; | |
102 | wakeup |= dn_nsp_check_xmit_queue(sk, skb, | |
103 | &scp->data_xmit_queue, | |
104 | ack); | |
105 | } | |
106 | break; | |
107 | case 1: /* NAK - Data */ | |
108 | break; | |
109 | case 2: /* ACK - OtherData */ | |
110 | if (dn_after(ack, scp->ackrcv_oth)) { | |
111 | scp->ackrcv_oth = ack & 0x0fff; | |
112 | wakeup |= dn_nsp_check_xmit_queue(sk, skb, | |
113 | &scp->other_xmit_queue, | |
114 | ack); | |
115 | } | |
116 | break; | |
117 | case 3: /* NAK - OtherData */ | |
118 | break; | |
1da177e4 LT |
119 | } |
120 | ||
121 | if (wakeup && !sock_flag(sk, SOCK_DEAD)) | |
122 | sk->sk_state_change(sk); | |
123 | } | |
124 | ||
125 | /* | |
126 | * This function is a universal ack processor. | |
127 | */ | |
128 | static int dn_process_ack(struct sock *sk, struct sk_buff *skb, int oth) | |
129 | { | |
c4ea94ab | 130 | __le16 *ptr = (__le16 *)skb->data; |
1da177e4 LT |
131 | int len = 0; |
132 | unsigned short ack; | |
133 | ||
134 | if (skb->len < 2) | |
135 | return len; | |
136 | ||
c4106aa8 | 137 | if ((ack = le16_to_cpu(*ptr)) & 0x8000) { |
1da177e4 LT |
138 | skb_pull(skb, 2); |
139 | ptr++; | |
140 | len += 2; | |
141 | if ((ack & 0x4000) == 0) { | |
429eb0fa | 142 | if (oth) |
1da177e4 LT |
143 | ack ^= 0x2000; |
144 | dn_ack(sk, skb, ack); | |
145 | } | |
146 | } | |
147 | ||
148 | if (skb->len < 2) | |
149 | return len; | |
150 | ||
c4106aa8 | 151 | if ((ack = le16_to_cpu(*ptr)) & 0x8000) { |
1da177e4 LT |
152 | skb_pull(skb, 2); |
153 | len += 2; | |
154 | if ((ack & 0x4000) == 0) { | |
429eb0fa | 155 | if (oth) |
1da177e4 LT |
156 | ack ^= 0x2000; |
157 | dn_ack(sk, skb, ack); | |
158 | } | |
159 | } | |
160 | ||
161 | return len; | |
162 | } | |
163 | ||
164 | ||
165 | /** | |
166 | * dn_check_idf - Check an image data field format is correct. | |
167 | * @pptr: Pointer to pointer to image data | |
168 | * @len: Pointer to length of image data | |
169 | * @max: The maximum allowed length of the data in the image data field | |
170 | * @follow_on: Check that this many bytes exist beyond the end of the image data | |
171 | * | |
172 | * Returns: 0 if ok, -1 on error | |
173 | */ | |
174 | static inline int dn_check_idf(unsigned char **pptr, int *len, unsigned char max, unsigned char follow_on) | |
175 | { | |
176 | unsigned char *ptr = *pptr; | |
177 | unsigned char flen = *ptr++; | |
178 | ||
179 | (*len)--; | |
180 | if (flen > max) | |
181 | return -1; | |
182 | if ((flen + follow_on) > *len) | |
183 | return -1; | |
184 | ||
185 | *len -= flen; | |
186 | *pptr = ptr + flen; | |
187 | return 0; | |
188 | } | |
189 | ||
190 | /* | |
191 | * Table of reason codes to pass back to node which sent us a badly | |
192 | * formed message, plus text messages for the log. A zero entry in | |
193 | * the reason field means "don't reply" otherwise a disc init is sent with | |
194 | * the specified reason code. | |
195 | */ | |
196 | static struct { | |
197 | unsigned short reason; | |
198 | const char *text; | |
199 | } ci_err_table[] = { | |
200 | { 0, "CI: Truncated message" }, | |
201 | { NSP_REASON_ID, "CI: Destination username error" }, | |
202 | { NSP_REASON_ID, "CI: Destination username type" }, | |
203 | { NSP_REASON_US, "CI: Source username error" }, | |
204 | { 0, "CI: Truncated at menuver" }, | |
205 | { 0, "CI: Truncated before access or user data" }, | |
206 | { NSP_REASON_IO, "CI: Access data format error" }, | |
207 | { NSP_REASON_IO, "CI: User data format error" } | |
208 | }; | |
209 | ||
210 | /* | |
211 | * This function uses a slightly different lookup method | |
212 | * to find its sockets, since it searches on object name/number | |
213 | * rather than port numbers. Various tests are done to ensure that | |
214 | * the incoming data is in the correct format before it is queued to | |
215 | * a socket. | |
216 | */ | |
217 | static struct sock *dn_find_listener(struct sk_buff *skb, unsigned short *reason) | |
218 | { | |
219 | struct dn_skb_cb *cb = DN_SKB_CB(skb); | |
220 | struct nsp_conn_init_msg *msg = (struct nsp_conn_init_msg *)skb->data; | |
221 | struct sockaddr_dn dstaddr; | |
222 | struct sockaddr_dn srcaddr; | |
223 | unsigned char type = 0; | |
224 | int dstlen; | |
225 | int srclen; | |
226 | unsigned char *ptr; | |
227 | int len; | |
228 | int err = 0; | |
229 | unsigned char menuver; | |
230 | ||
231 | memset(&dstaddr, 0, sizeof(struct sockaddr_dn)); | |
232 | memset(&srcaddr, 0, sizeof(struct sockaddr_dn)); | |
233 | ||
234 | /* | |
235 | * 1. Decode & remove message header | |
236 | */ | |
237 | cb->src_port = msg->srcaddr; | |
238 | cb->dst_port = msg->dstaddr; | |
239 | cb->services = msg->services; | |
240 | cb->info = msg->info; | |
c4106aa8 | 241 | cb->segsize = le16_to_cpu(msg->segsize); |
1da177e4 LT |
242 | |
243 | if (!pskb_may_pull(skb, sizeof(*msg))) | |
244 | goto err_out; | |
245 | ||
246 | skb_pull(skb, sizeof(*msg)); | |
247 | ||
248 | len = skb->len; | |
249 | ptr = skb->data; | |
250 | ||
251 | /* | |
252 | * 2. Check destination end username format | |
253 | */ | |
254 | dstlen = dn_username2sockaddr(ptr, len, &dstaddr, &type); | |
255 | err++; | |
256 | if (dstlen < 0) | |
257 | goto err_out; | |
258 | ||
259 | err++; | |
260 | if (type > 1) | |
261 | goto err_out; | |
262 | ||
263 | len -= dstlen; | |
264 | ptr += dstlen; | |
265 | ||
266 | /* | |
267 | * 3. Check source end username format | |
268 | */ | |
269 | srclen = dn_username2sockaddr(ptr, len, &srcaddr, &type); | |
270 | err++; | |
271 | if (srclen < 0) | |
272 | goto err_out; | |
273 | ||
274 | len -= srclen; | |
275 | ptr += srclen; | |
276 | err++; | |
277 | if (len < 1) | |
278 | goto err_out; | |
279 | ||
280 | menuver = *ptr; | |
281 | ptr++; | |
282 | len--; | |
283 | ||
284 | /* | |
285 | * 4. Check that optional data actually exists if menuver says it does | |
286 | */ | |
287 | err++; | |
288 | if ((menuver & (DN_MENUVER_ACC | DN_MENUVER_USR)) && (len < 1)) | |
289 | goto err_out; | |
290 | ||
291 | /* | |
292 | * 5. Check optional access data format | |
293 | */ | |
294 | err++; | |
295 | if (menuver & DN_MENUVER_ACC) { | |
296 | if (dn_check_idf(&ptr, &len, 39, 1)) | |
297 | goto err_out; | |
298 | if (dn_check_idf(&ptr, &len, 39, 1)) | |
299 | goto err_out; | |
300 | if (dn_check_idf(&ptr, &len, 39, (menuver & DN_MENUVER_USR) ? 1 : 0)) | |
301 | goto err_out; | |
302 | } | |
303 | ||
304 | /* | |
305 | * 6. Check optional user data format | |
306 | */ | |
307 | err++; | |
308 | if (menuver & DN_MENUVER_USR) { | |
309 | if (dn_check_idf(&ptr, &len, 16, 0)) | |
310 | goto err_out; | |
311 | } | |
312 | ||
313 | /* | |
314 | * 7. Look up socket based on destination end username | |
315 | */ | |
316 | return dn_sklist_find_listener(&dstaddr); | |
317 | err_out: | |
318 | dn_log_martian(skb, ci_err_table[err].text); | |
319 | *reason = ci_err_table[err].reason; | |
320 | return NULL; | |
321 | } | |
322 | ||
323 | ||
324 | static void dn_nsp_conn_init(struct sock *sk, struct sk_buff *skb) | |
325 | { | |
326 | if (sk_acceptq_is_full(sk)) { | |
327 | kfree_skb(skb); | |
328 | return; | |
329 | } | |
330 | ||
7976a11b | 331 | sk_acceptq_added(sk); |
1da177e4 LT |
332 | skb_queue_tail(&sk->sk_receive_queue, skb); |
333 | sk->sk_state_change(sk); | |
334 | } | |
335 | ||
336 | static void dn_nsp_conn_conf(struct sock *sk, struct sk_buff *skb) | |
337 | { | |
338 | struct dn_skb_cb *cb = DN_SKB_CB(skb); | |
339 | struct dn_scp *scp = DN_SK(sk); | |
340 | unsigned char *ptr; | |
341 | ||
342 | if (skb->len < 4) | |
343 | goto out; | |
344 | ||
345 | ptr = skb->data; | |
346 | cb->services = *ptr++; | |
347 | cb->info = *ptr++; | |
c4106aa8 | 348 | cb->segsize = le16_to_cpu(*(__le16 *)ptr); |
1da177e4 LT |
349 | |
350 | if ((scp->state == DN_CI) || (scp->state == DN_CD)) { | |
351 | scp->persist = 0; | |
429eb0fa YH |
352 | scp->addrrem = cb->src_port; |
353 | sk->sk_state = TCP_ESTABLISHED; | |
354 | scp->state = DN_RUN; | |
1da177e4 LT |
355 | scp->services_rem = cb->services; |
356 | scp->info_rem = cb->info; | |
357 | scp->segsize_rem = cb->segsize; | |
358 | ||
359 | if ((scp->services_rem & NSP_FC_MASK) == NSP_FC_NONE) | |
360 | scp->max_window = decnet_no_fc_max_cwnd; | |
361 | ||
362 | if (skb->len > 0) { | |
375d9d71 | 363 | u16 dlen = *skb->data; |
1da177e4 | 364 | if ((dlen <= 16) && (dlen <= skb->len)) { |
c4106aa8 | 365 | scp->conndata_in.opt_optl = cpu_to_le16(dlen); |
d626f62b ACM |
366 | skb_copy_from_linear_data_offset(skb, 1, |
367 | scp->conndata_in.opt_data, dlen); | |
1da177e4 LT |
368 | } |
369 | } | |
429eb0fa YH |
370 | dn_nsp_send_link(sk, DN_NOCHANGE, 0); |
371 | if (!sock_flag(sk, SOCK_DEAD)) | |
372 | sk->sk_state_change(sk); | |
373 | } | |
1da177e4 LT |
374 | |
375 | out: | |
429eb0fa | 376 | kfree_skb(skb); |
1da177e4 LT |
377 | } |
378 | ||
379 | static void dn_nsp_conn_ack(struct sock *sk, struct sk_buff *skb) | |
380 | { | |
381 | struct dn_scp *scp = DN_SK(sk); | |
382 | ||
383 | if (scp->state == DN_CI) { | |
384 | scp->state = DN_CD; | |
385 | scp->persist = 0; | |
386 | } | |
387 | ||
388 | kfree_skb(skb); | |
389 | } | |
390 | ||
391 | static void dn_nsp_disc_init(struct sock *sk, struct sk_buff *skb) | |
392 | { | |
393 | struct dn_scp *scp = DN_SK(sk); | |
394 | struct dn_skb_cb *cb = DN_SKB_CB(skb); | |
395 | unsigned short reason; | |
396 | ||
397 | if (skb->len < 2) | |
398 | goto out; | |
399 | ||
c4106aa8 | 400 | reason = le16_to_cpu(*(__le16 *)skb->data); |
1da177e4 LT |
401 | skb_pull(skb, 2); |
402 | ||
c4106aa8 | 403 | scp->discdata_in.opt_status = cpu_to_le16(reason); |
1da177e4 LT |
404 | scp->discdata_in.opt_optl = 0; |
405 | memset(scp->discdata_in.opt_data, 0, 16); | |
406 | ||
407 | if (skb->len > 0) { | |
375d9d71 | 408 | u16 dlen = *skb->data; |
1da177e4 | 409 | if ((dlen <= 16) && (dlen <= skb->len)) { |
c4106aa8 | 410 | scp->discdata_in.opt_optl = cpu_to_le16(dlen); |
d626f62b | 411 | skb_copy_from_linear_data_offset(skb, 1, scp->discdata_in.opt_data, dlen); |
1da177e4 LT |
412 | } |
413 | } | |
414 | ||
415 | scp->addrrem = cb->src_port; | |
416 | sk->sk_state = TCP_CLOSE; | |
417 | ||
06f8fe11 JP |
418 | switch (scp->state) { |
419 | case DN_CI: | |
420 | case DN_CD: | |
421 | scp->state = DN_RJ; | |
422 | sk->sk_err = ECONNREFUSED; | |
423 | break; | |
424 | case DN_RUN: | |
425 | sk->sk_shutdown |= SHUTDOWN_MASK; | |
426 | scp->state = DN_DN; | |
427 | break; | |
428 | case DN_DI: | |
429 | scp->state = DN_DIC; | |
430 | break; | |
1da177e4 LT |
431 | } |
432 | ||
433 | if (!sock_flag(sk, SOCK_DEAD)) { | |
434 | if (sk->sk_socket->state != SS_UNCONNECTED) | |
435 | sk->sk_socket->state = SS_DISCONNECTING; | |
436 | sk->sk_state_change(sk); | |
437 | } | |
438 | ||
429eb0fa | 439 | /* |
1da177e4 LT |
440 | * It appears that its possible for remote machines to send disc |
441 | * init messages with no port identifier if we are in the CI and | |
442 | * possibly also the CD state. Obviously we shouldn't reply with | |
443 | * a message if we don't know what the end point is. | |
444 | */ | |
445 | if (scp->addrrem) { | |
446 | dn_nsp_send_disc(sk, NSP_DISCCONF, NSP_REASON_DC, GFP_ATOMIC); | |
447 | } | |
448 | scp->persist_fxn = dn_destroy_timer; | |
449 | scp->persist = dn_nsp_persist(sk); | |
450 | ||
451 | out: | |
452 | kfree_skb(skb); | |
453 | } | |
454 | ||
455 | /* | |
456 | * disc_conf messages are also called no_resources or no_link | |
457 | * messages depending upon the "reason" field. | |
458 | */ | |
459 | static void dn_nsp_disc_conf(struct sock *sk, struct sk_buff *skb) | |
460 | { | |
461 | struct dn_scp *scp = DN_SK(sk); | |
462 | unsigned short reason; | |
463 | ||
464 | if (skb->len != 2) | |
465 | goto out; | |
466 | ||
c4106aa8 | 467 | reason = le16_to_cpu(*(__le16 *)skb->data); |
1da177e4 LT |
468 | |
469 | sk->sk_state = TCP_CLOSE; | |
470 | ||
06f8fe11 JP |
471 | switch (scp->state) { |
472 | case DN_CI: | |
473 | scp->state = DN_NR; | |
474 | break; | |
475 | case DN_DR: | |
476 | if (reason == NSP_REASON_DC) | |
477 | scp->state = DN_DRC; | |
478 | if (reason == NSP_REASON_NL) | |
1da177e4 | 479 | scp->state = DN_CN; |
06f8fe11 JP |
480 | break; |
481 | case DN_DI: | |
482 | scp->state = DN_DIC; | |
483 | break; | |
484 | case DN_RUN: | |
485 | sk->sk_shutdown |= SHUTDOWN_MASK; | |
df561f66 | 486 | fallthrough; |
06f8fe11 JP |
487 | case DN_CC: |
488 | scp->state = DN_CN; | |
1da177e4 LT |
489 | } |
490 | ||
491 | if (!sock_flag(sk, SOCK_DEAD)) { | |
492 | if (sk->sk_socket->state != SS_UNCONNECTED) | |
493 | sk->sk_socket->state = SS_DISCONNECTING; | |
494 | sk->sk_state_change(sk); | |
495 | } | |
496 | ||
497 | scp->persist_fxn = dn_destroy_timer; | |
498 | scp->persist = dn_nsp_persist(sk); | |
499 | ||
500 | out: | |
501 | kfree_skb(skb); | |
502 | } | |
503 | ||
504 | static void dn_nsp_linkservice(struct sock *sk, struct sk_buff *skb) | |
505 | { | |
506 | struct dn_scp *scp = DN_SK(sk); | |
507 | unsigned short segnum; | |
508 | unsigned char lsflags; | |
509 | signed char fcval; | |
510 | int wake_up = 0; | |
511 | char *ptr = skb->data; | |
512 | unsigned char fctype = scp->services_rem & NSP_FC_MASK; | |
513 | ||
514 | if (skb->len != 4) | |
515 | goto out; | |
516 | ||
c4106aa8 | 517 | segnum = le16_to_cpu(*(__le16 *)ptr); |
1da177e4 LT |
518 | ptr += 2; |
519 | lsflags = *(unsigned char *)ptr++; | |
520 | fcval = *ptr; | |
521 | ||
522 | /* | |
e51443d5 | 523 | * Here we ignore erroneous packets which should really |
429eb0fa | 524 | * should cause a connection abort. It is not critical |
1da177e4 LT |
525 | * for now though. |
526 | */ | |
527 | if (lsflags & 0xf8) | |
528 | goto out; | |
529 | ||
530 | if (seq_next(scp->numoth_rcv, segnum)) { | |
531 | seq_add(&scp->numoth_rcv, 1); | |
532 | switch(lsflags & 0x04) { /* FCVAL INT */ | |
533 | case 0x00: /* Normal Request */ | |
534 | switch(lsflags & 0x03) { /* FCVAL MOD */ | |
429eb0fa | 535 | case 0x00: /* Request count */ |
1da177e4 LT |
536 | if (fcval < 0) { |
537 | unsigned char p_fcval = -fcval; | |
538 | if ((scp->flowrem_dat > p_fcval) && | |
539 | (fctype == NSP_FC_SCMC)) { | |
540 | scp->flowrem_dat -= p_fcval; | |
541 | } | |
542 | } else if (fcval > 0) { | |
543 | scp->flowrem_dat += fcval; | |
544 | wake_up = 1; | |
545 | } | |
429eb0fa | 546 | break; |
1da177e4 LT |
547 | case 0x01: /* Stop outgoing data */ |
548 | scp->flowrem_sw = DN_DONTSEND; | |
549 | break; | |
550 | case 0x02: /* Ok to start again */ | |
551 | scp->flowrem_sw = DN_SEND; | |
552 | dn_nsp_output(sk); | |
553 | wake_up = 1; | |
554 | } | |
555 | break; | |
556 | case 0x04: /* Interrupt Request */ | |
557 | if (fcval > 0) { | |
558 | scp->flowrem_oth += fcval; | |
559 | wake_up = 1; | |
560 | } | |
561 | break; | |
429eb0fa | 562 | } |
1da177e4 LT |
563 | if (wake_up && !sock_flag(sk, SOCK_DEAD)) |
564 | sk->sk_state_change(sk); | |
429eb0fa | 565 | } |
1da177e4 LT |
566 | |
567 | dn_nsp_send_oth_ack(sk); | |
568 | ||
569 | out: | |
570 | kfree_skb(skb); | |
571 | } | |
572 | ||
573 | /* | |
574 | * Copy of sock_queue_rcv_skb (from sock.h) without | |
575 | * bh_lock_sock() (its already held when this is called) which | |
576 | * also allows data and other data to be queued to a socket. | |
577 | */ | |
578 | static __inline__ int dn_queue_skb(struct sock *sk, struct sk_buff *skb, int sig, struct sk_buff_head *queue) | |
579 | { | |
580 | int err; | |
429eb0fa YH |
581 | |
582 | /* Cast skb->rcvbuf to unsigned... It's pointless, but reduces | |
583 | number of warnings when compiling with -W --ANK | |
584 | */ | |
585 | if (atomic_read(&sk->sk_rmem_alloc) + skb->truesize >= | |
95c96174 | 586 | (unsigned int)sk->sk_rcvbuf) { |
429eb0fa YH |
587 | err = -ENOMEM; |
588 | goto out; | |
589 | } | |
1da177e4 | 590 | |
fda9ef5d | 591 | err = sk_filter(sk, skb); |
1da177e4 LT |
592 | if (err) |
593 | goto out; | |
594 | ||
429eb0fa YH |
595 | skb_set_owner_r(skb, sk); |
596 | skb_queue_tail(queue, skb); | |
1da177e4 | 597 | |
9948bb6a | 598 | if (!sock_flag(sk, SOCK_DEAD)) |
676d2369 | 599 | sk->sk_data_ready(sk); |
1da177e4 | 600 | out: |
429eb0fa | 601 | return err; |
1da177e4 LT |
602 | } |
603 | ||
604 | static void dn_nsp_otherdata(struct sock *sk, struct sk_buff *skb) | |
605 | { | |
606 | struct dn_scp *scp = DN_SK(sk); | |
607 | unsigned short segnum; | |
608 | struct dn_skb_cb *cb = DN_SKB_CB(skb); | |
609 | int queued = 0; | |
610 | ||
611 | if (skb->len < 2) | |
612 | goto out; | |
613 | ||
c4106aa8 | 614 | cb->segnum = segnum = le16_to_cpu(*(__le16 *)skb->data); |
1da177e4 LT |
615 | skb_pull(skb, 2); |
616 | ||
617 | if (seq_next(scp->numoth_rcv, segnum)) { | |
618 | ||
619 | if (dn_queue_skb(sk, skb, SIGURG, &scp->other_receive_queue) == 0) { | |
620 | seq_add(&scp->numoth_rcv, 1); | |
621 | scp->other_report = 0; | |
622 | queued = 1; | |
623 | } | |
624 | } | |
625 | ||
626 | dn_nsp_send_oth_ack(sk); | |
627 | out: | |
628 | if (!queued) | |
629 | kfree_skb(skb); | |
630 | } | |
631 | ||
632 | static void dn_nsp_data(struct sock *sk, struct sk_buff *skb) | |
633 | { | |
634 | int queued = 0; | |
635 | unsigned short segnum; | |
636 | struct dn_skb_cb *cb = DN_SKB_CB(skb); | |
637 | struct dn_scp *scp = DN_SK(sk); | |
638 | ||
639 | if (skb->len < 2) | |
640 | goto out; | |
641 | ||
c4106aa8 | 642 | cb->segnum = segnum = le16_to_cpu(*(__le16 *)skb->data); |
1da177e4 LT |
643 | skb_pull(skb, 2); |
644 | ||
645 | if (seq_next(scp->numdat_rcv, segnum)) { | |
429eb0fa | 646 | if (dn_queue_skb(sk, skb, SIGIO, &sk->sk_receive_queue) == 0) { |
1da177e4 | 647 | seq_add(&scp->numdat_rcv, 1); |
429eb0fa YH |
648 | queued = 1; |
649 | } | |
1da177e4 LT |
650 | |
651 | if ((scp->flowloc_sw == DN_SEND) && dn_congested(sk)) { | |
652 | scp->flowloc_sw = DN_DONTSEND; | |
653 | dn_nsp_send_link(sk, DN_DONTSEND, 0); | |
654 | } | |
429eb0fa | 655 | } |
1da177e4 LT |
656 | |
657 | dn_nsp_send_data_ack(sk); | |
658 | out: | |
659 | if (!queued) | |
660 | kfree_skb(skb); | |
661 | } | |
662 | ||
663 | /* | |
664 | * If one of our conninit messages is returned, this function | |
665 | * deals with it. It puts the socket into the NO_COMMUNICATION | |
666 | * state. | |
667 | */ | |
668 | static void dn_returned_conn_init(struct sock *sk, struct sk_buff *skb) | |
669 | { | |
670 | struct dn_scp *scp = DN_SK(sk); | |
671 | ||
672 | if (scp->state == DN_CI) { | |
673 | scp->state = DN_NC; | |
674 | sk->sk_state = TCP_CLOSE; | |
675 | if (!sock_flag(sk, SOCK_DEAD)) | |
676 | sk->sk_state_change(sk); | |
677 | } | |
678 | ||
679 | kfree_skb(skb); | |
680 | } | |
681 | ||
682 | static int dn_nsp_no_socket(struct sk_buff *skb, unsigned short reason) | |
683 | { | |
684 | struct dn_skb_cb *cb = DN_SKB_CB(skb); | |
685 | int ret = NET_RX_DROP; | |
686 | ||
687 | /* Must not reply to returned packets */ | |
688 | if (cb->rt_flags & DN_RT_F_RTS) | |
689 | goto out; | |
690 | ||
691 | if ((reason != NSP_REASON_OK) && ((cb->nsp_flags & 0x0c) == 0x08)) { | |
06f8fe11 JP |
692 | switch (cb->nsp_flags & 0x70) { |
693 | case 0x10: | |
694 | case 0x60: /* (Retransmitted) Connect Init */ | |
695 | dn_nsp_return_disc(skb, NSP_DISCINIT, reason); | |
696 | ret = NET_RX_SUCCESS; | |
697 | break; | |
698 | case 0x20: /* Connect Confirm */ | |
699 | dn_nsp_return_disc(skb, NSP_DISCCONF, reason); | |
700 | ret = NET_RX_SUCCESS; | |
701 | break; | |
1da177e4 LT |
702 | } |
703 | } | |
704 | ||
705 | out: | |
706 | kfree_skb(skb); | |
707 | return ret; | |
708 | } | |
709 | ||
0c4b51f0 EB |
710 | static int dn_nsp_rx_packet(struct net *net, struct sock *sk2, |
711 | struct sk_buff *skb) | |
1da177e4 LT |
712 | { |
713 | struct dn_skb_cb *cb = DN_SKB_CB(skb); | |
714 | struct sock *sk = NULL; | |
715 | unsigned char *ptr = (unsigned char *)skb->data; | |
716 | unsigned short reason = NSP_REASON_NL; | |
717 | ||
718 | if (!pskb_may_pull(skb, 2)) | |
719 | goto free_out; | |
720 | ||
badff6d0 | 721 | skb_reset_transport_header(skb); |
1da177e4 LT |
722 | cb->nsp_flags = *ptr++; |
723 | ||
724 | if (decnet_debug_level & 2) | |
725 | printk(KERN_DEBUG "dn_nsp_rx: Message type 0x%02x\n", (int)cb->nsp_flags); | |
726 | ||
429eb0fa | 727 | if (cb->nsp_flags & 0x83) |
1da177e4 LT |
728 | goto free_out; |
729 | ||
730 | /* | |
731 | * Filter out conninits and useless packet types | |
732 | */ | |
733 | if ((cb->nsp_flags & 0x0c) == 0x08) { | |
06f8fe11 JP |
734 | switch (cb->nsp_flags & 0x70) { |
735 | case 0x00: /* NOP */ | |
736 | case 0x70: /* Reserved */ | |
737 | case 0x50: /* Reserved, Phase II node init */ | |
738 | goto free_out; | |
739 | case 0x10: | |
740 | case 0x60: | |
741 | if (unlikely(cb->rt_flags & DN_RT_F_RTS)) | |
1da177e4 | 742 | goto free_out; |
06f8fe11 JP |
743 | sk = dn_find_listener(skb, &reason); |
744 | goto got_it; | |
1da177e4 LT |
745 | } |
746 | } | |
747 | ||
748 | if (!pskb_may_pull(skb, 3)) | |
749 | goto free_out; | |
750 | ||
751 | /* | |
752 | * Grab the destination address. | |
753 | */ | |
c4ea94ab | 754 | cb->dst_port = *(__le16 *)ptr; |
1da177e4 LT |
755 | cb->src_port = 0; |
756 | ptr += 2; | |
757 | ||
758 | /* | |
759 | * If not a connack, grab the source address too. | |
760 | */ | |
761 | if (pskb_may_pull(skb, 5)) { | |
c4ea94ab | 762 | cb->src_port = *(__le16 *)ptr; |
1da177e4 LT |
763 | ptr += 2; |
764 | skb_pull(skb, 5); | |
765 | } | |
766 | ||
767 | /* | |
768 | * Returned packets... | |
769 | * Swap src & dst and look up in the normal way. | |
770 | */ | |
771 | if (unlikely(cb->rt_flags & DN_RT_F_RTS)) { | |
68ad08c4 GS |
772 | swap(cb->dst_port, cb->src_port); |
773 | swap(cb->dst, cb->src); | |
1da177e4 LT |
774 | } |
775 | ||
776 | /* | |
777 | * Find the socket to which this skb is destined. | |
778 | */ | |
779 | sk = dn_find_by_skb(skb); | |
780 | got_it: | |
781 | if (sk != NULL) { | |
782 | struct dn_scp *scp = DN_SK(sk); | |
1da177e4 LT |
783 | |
784 | /* Reset backoff */ | |
785 | scp->nsp_rxtshift = 0; | |
786 | ||
787 | /* | |
788 | * We linearize everything except data segments here. | |
789 | */ | |
790 | if (cb->nsp_flags & ~0x60) { | |
364c6bad | 791 | if (unlikely(skb_linearize(skb))) |
1da177e4 LT |
792 | goto free_out; |
793 | } | |
794 | ||
58a5a7b9 | 795 | return sk_receive_skb(sk, skb, 0); |
1da177e4 LT |
796 | } |
797 | ||
798 | return dn_nsp_no_socket(skb, reason); | |
799 | ||
800 | free_out: | |
801 | kfree_skb(skb); | |
802 | return NET_RX_DROP; | |
803 | } | |
804 | ||
805 | int dn_nsp_rx(struct sk_buff *skb) | |
806 | { | |
29a26a56 EB |
807 | return NF_HOOK(NFPROTO_DECNET, NF_DN_LOCAL_IN, |
808 | &init_net, NULL, skb, skb->dev, NULL, | |
5d877d87 | 809 | dn_nsp_rx_packet); |
1da177e4 LT |
810 | } |
811 | ||
812 | /* | |
813 | * This is the main receive routine for sockets. It is called | |
814 | * from the above when the socket is not busy, and also from | |
815 | * sock_release() when there is a backlog queued up. | |
816 | */ | |
817 | int dn_nsp_backlog_rcv(struct sock *sk, struct sk_buff *skb) | |
818 | { | |
819 | struct dn_scp *scp = DN_SK(sk); | |
820 | struct dn_skb_cb *cb = DN_SKB_CB(skb); | |
821 | ||
822 | if (cb->rt_flags & DN_RT_F_RTS) { | |
823 | if (cb->nsp_flags == 0x18 || cb->nsp_flags == 0x68) | |
824 | dn_returned_conn_init(sk, skb); | |
825 | else | |
826 | kfree_skb(skb); | |
827 | return NET_RX_SUCCESS; | |
828 | } | |
829 | ||
830 | /* | |
831 | * Control packet. | |
832 | */ | |
833 | if ((cb->nsp_flags & 0x0c) == 0x08) { | |
06f8fe11 JP |
834 | switch (cb->nsp_flags & 0x70) { |
835 | case 0x10: | |
836 | case 0x60: | |
837 | dn_nsp_conn_init(sk, skb); | |
838 | break; | |
839 | case 0x20: | |
840 | dn_nsp_conn_conf(sk, skb); | |
841 | break; | |
842 | case 0x30: | |
843 | dn_nsp_disc_init(sk, skb); | |
844 | break; | |
845 | case 0x40: | |
846 | dn_nsp_disc_conf(sk, skb); | |
847 | break; | |
1da177e4 LT |
848 | } |
849 | ||
850 | } else if (cb->nsp_flags == 0x24) { | |
851 | /* | |
852 | * Special for connacks, 'cos they don't have | |
853 | * ack data or ack otherdata info. | |
854 | */ | |
855 | dn_nsp_conn_ack(sk, skb); | |
856 | } else { | |
857 | int other = 1; | |
858 | ||
859 | /* both data and ack frames can kick a CC socket into RUN */ | |
860 | if ((scp->state == DN_CC) && !sock_flag(sk, SOCK_DEAD)) { | |
861 | scp->state = DN_RUN; | |
862 | sk->sk_state = TCP_ESTABLISHED; | |
863 | sk->sk_state_change(sk); | |
864 | } | |
865 | ||
866 | if ((cb->nsp_flags & 0x1c) == 0) | |
867 | other = 0; | |
868 | if (cb->nsp_flags == 0x04) | |
869 | other = 0; | |
870 | ||
871 | /* | |
872 | * Read out ack data here, this applies equally | |
5debe0b3 | 873 | * to data, other data, link service and both |
1da177e4 LT |
874 | * ack data and ack otherdata. |
875 | */ | |
876 | dn_process_ack(sk, skb, other); | |
877 | ||
878 | /* | |
879 | * If we've some sort of data here then call a | |
880 | * suitable routine for dealing with it, otherwise | |
881 | * the packet is an ack and can be discarded. | |
882 | */ | |
883 | if ((cb->nsp_flags & 0x0c) == 0) { | |
884 | ||
885 | if (scp->state != DN_RUN) | |
886 | goto free_out; | |
887 | ||
06f8fe11 JP |
888 | switch (cb->nsp_flags) { |
889 | case 0x10: /* LS */ | |
890 | dn_nsp_linkservice(sk, skb); | |
891 | break; | |
892 | case 0x30: /* OD */ | |
893 | dn_nsp_otherdata(sk, skb); | |
894 | break; | |
895 | default: | |
896 | dn_nsp_data(sk, skb); | |
1da177e4 LT |
897 | } |
898 | ||
899 | } else { /* Ack, chuck it out here */ | |
900 | free_out: | |
901 | kfree_skb(skb); | |
902 | } | |
903 | } | |
904 | ||
905 | return NET_RX_SUCCESS; | |
906 | } |