projects / mirror_ubuntu-jammy-kernel.git / blame
| Commit | Line | Data |
|---|---|---|
| fd9871f7 | 1 | // SPDX-License-Identifier: GPL-2.0-or-later |
| 1da177e4 LT |
2 | /* |
| 3 | * DECnet An implementation of the DECnet protocol suite for the LINUX | |
| 4 | * operating system. DECnet is implemented using the BSD Socket | |
| 5 | * interface as the means of communication with the user level. | |
| 6 | * | |
| 7 | * DECnet Network Services Protocol (Input) | |
| 8 | * | |
| 9 | * Author: Eduardo Marcelo Serrat <emserrat@geocities.com> | |
| 10 | * | |
| 11 | * Changes: | |
| 12 | * | |
| 13 | * Steve Whitehouse: Split into dn_nsp_in.c and dn_nsp_out.c from | |
| 14 | * original dn_nsp.c. | |
| 15 | * Steve Whitehouse: Updated to work with my new routing architecture. | |
| 16 | * Steve Whitehouse: Add changes from Eduardo Serrat's patches. | |
| 17 | * Steve Whitehouse: Put all ack handling code in a common routine. | |
| 18 | * Steve Whitehouse: Put other common bits into dn_nsp_rx() | |
| 19 | * Steve Whitehouse: More checks on skb->len to catch bogus packets | |
| 20 | * Fixed various race conditions and possible nasties. | |
| 21 | * Steve Whitehouse: Now handles returned conninit frames. | |
| 22 | * David S. Miller: New socket locking | |
| 23 | * Steve Whitehouse: Fixed lockup when socket filtering was enabled. | |
| 24 | * Paul Koning: Fix to push CC sockets into RUN when acks are | |
| 25 | * received. | |
| 26 | * Steve Whitehouse: | |
| 27 | * Patrick Caulfield: Checking conninits for correctness & sending of error | |
| 28 | * responses. | |
| 29 | * Steve Whitehouse: Added backlog congestion level return codes. | |
| 30 | * Patrick Caulfield: | |
| 31 | * Steve Whitehouse: Added flow control support (outbound) | |
| 32 | * Steve Whitehouse: Prepare for nonlinear skbs | |
| 33 | */ | |
| 34 | ||
| 35 | /****************************************************************************** | |
| 36 | (c) 1995-1998 E.M. Serrat emserrat@geocities.com | |
| 429eb0fa | 37 | |
| 1da177e4 LT |
38 | *******************************************************************************/ |
| 39 | ||
| 1da177e4 LT |
40 | #include <linux/errno.h> |
| 41 | #include <linux/types.h> | |
| 42 | #include <linux/socket.h> | |
| 43 | #include <linux/in.h> | |
| 44 | #include <linux/kernel.h> | |
| 1da177e4 LT |
45 | #include <linux/timer.h> |
| 46 | #include <linux/string.h> | |
| 47 | #include <linux/sockios.h> | |
| 48 | #include <linux/net.h> | |
| 49 | #include <linux/netdevice.h> | |
| 50 | #include <linux/inet.h> | |
| 51 | #include <linux/route.h> | |
| 5a0e3ad6 | 52 | #include <linux/slab.h> |
| 1da177e4 | 53 | #include <net/sock.h> |
| c752f073 | 54 | #include <net/tcp_states.h> |
| 1da177e4 LT |
55 | #include <linux/fcntl.h> |
| 56 | #include <linux/mm.h> | |
| 429eb0fa | 57 | #include <linux/termios.h> |
| 1da177e4 LT |
58 | #include <linux/interrupt.h> |
| 59 | #include <linux/proc_fs.h> | |
| 60 | #include <linux/stat.h> | |
| 61 | #include <linux/init.h> | |
| 62 | #include <linux/poll.h> | |
| 63 | #include <linux/netfilter_decnet.h> | |
| 64 | #include <net/neighbour.h> | |
| 65 | #include <net/dst.h> | |
| 66 | #include <net/dn.h> | |
| 67 | #include <net/dn_nsp.h> | |
| 68 | #include <net/dn_dev.h> | |
| 69 | #include <net/dn_route.h> | |
| 70 | ||
| 71 | extern int decnet_log_martians; | |
| 72 | ||
| 73 | static void dn_log_martian(struct sk_buff *skb, const char *msg) | |
| 74 | { | |
| e87cc472 | 75 | if (decnet_log_martians) { |
| 1da177e4 LT |
76 | char *devname = skb->dev ? skb->dev->name : "???"; |
| 77 | struct dn_skb_cb *cb = DN_SKB_CB(skb); | |
| e87cc472 JP |
78 | net_info_ratelimited("DECnet: Martian packet (%s) dev=%s src=0x%04hx dst=0x%04hx srcport=0x%04hx dstport=0x%04hx\n", |
| 79 | msg, devname, | |
| 80 | le16_to_cpu(cb->src), | |
| 81 | le16_to_cpu(cb->dst), | |
| 82 | le16_to_cpu(cb->src_port), | |
| 83 | le16_to_cpu(cb->dst_port)); | |
| 1da177e4 LT |
84 | } |
| 85 | } | |
| 86 | ||
| 87 | /* | |
| 88 | * For this function we've flipped the cross-subchannel bit | |
| 89 | * if the message is an otherdata or linkservice message. Thus | |
| 90 | * we can use it to work out what to update. | |
| 91 | */ | |
| 92 | static void dn_ack(struct sock *sk, struct sk_buff *skb, unsigned short ack) | |
| 93 | { | |
| 94 | struct dn_scp *scp = DN_SK(sk); | |
| 95 | unsigned short type = ((ack >> 12) & 0x0003); | |
| 96 | int wakeup = 0; | |
| 97 | ||
| 06f8fe11 JP |
98 | switch (type) { |
| 99 | case 0: /* ACK - Data */ | |
| 100 | if (dn_after(ack, scp->ackrcv_dat)) { | |
| 101 | scp->ackrcv_dat = ack & 0x0fff; | |
| 102 | wakeup |= dn_nsp_check_xmit_queue(sk, skb, | |
| 103 | &scp->data_xmit_queue, | |
| 104 | ack); | |
| 105 | } | |
| 106 | break; | |
| 107 | case 1: /* NAK - Data */ | |
| 108 | break; | |
| 109 | case 2: /* ACK - OtherData */ | |
| 110 | if (dn_after(ack, scp->ackrcv_oth)) { | |
| 111 | scp->ackrcv_oth = ack & 0x0fff; | |
| 112 | wakeup |= dn_nsp_check_xmit_queue(sk, skb, | |
| 113 | &scp->other_xmit_queue, | |
| 114 | ack); | |
| 115 | } | |
| 116 | break; | |
| 117 | case 3: /* NAK - OtherData */ | |
| 118 | break; | |
| 1da177e4 LT |
119 | } |
| 120 | ||
| 121 | if (wakeup && !sock_flag(sk, SOCK_DEAD)) | |
| 122 | sk->sk_state_change(sk); | |
| 123 | } | |
| 124 | ||
| 125 | /* | |
| 126 | * This function is a universal ack processor. | |
| 127 | */ | |
| 128 | static int dn_process_ack(struct sock *sk, struct sk_buff *skb, int oth) | |
| 129 | { | |
| c4ea94ab | 130 | __le16 *ptr = (__le16 *)skb->data; |
| 1da177e4 LT |
131 | int len = 0; |
| 132 | unsigned short ack; | |
| 133 | ||
| 134 | if (skb->len < 2) | |
| 135 | return len; | |
| 136 | ||
| c4106aa8 | 137 | if ((ack = le16_to_cpu(*ptr)) & 0x8000) { |
| 1da177e4 LT |
138 | skb_pull(skb, 2); |
| 139 | ptr++; | |
| 140 | len += 2; | |
| 141 | if ((ack & 0x4000) == 0) { | |
| 429eb0fa | 142 | if (oth) |
| 1da177e4 LT |
143 | ack ^= 0x2000; |
| 144 | dn_ack(sk, skb, ack); | |
| 145 | } | |
| 146 | } | |
| 147 | ||
| 148 | if (skb->len < 2) | |
| 149 | return len; | |
| 150 | ||
| c4106aa8 | 151 | if ((ack = le16_to_cpu(*ptr)) & 0x8000) { |
| 1da177e4 LT |
152 | skb_pull(skb, 2); |
| 153 | len += 2; | |
| 154 | if ((ack & 0x4000) == 0) { | |
| 429eb0fa | 155 | if (oth) |
| 1da177e4 LT |
156 | ack ^= 0x2000; |
| 157 | dn_ack(sk, skb, ack); | |
| 158 | } | |
| 159 | } | |
| 160 | ||
| 161 | return len; | |
| 162 | } | |
| 163 | ||
| 164 | ||
| 165 | /** | |
| 166 | * dn_check_idf - Check an image data field format is correct. | |
| 167 | * @pptr: Pointer to pointer to image data | |
| 168 | * @len: Pointer to length of image data | |
| 169 | * @max: The maximum allowed length of the data in the image data field | |
| 170 | * @follow_on: Check that this many bytes exist beyond the end of the image data | |
| 171 | * | |
| 172 | * Returns: 0 if ok, -1 on error | |
| 173 | */ | |
| 174 | static inline int dn_check_idf(unsigned char **pptr, int *len, unsigned char max, unsigned char follow_on) | |
| 175 | { | |
| 176 | unsigned char *ptr = *pptr; | |
| 177 | unsigned char flen = *ptr++; | |
| 178 | ||
| 179 | (*len)--; | |
| 180 | if (flen > max) | |
| 181 | return -1; | |
| 182 | if ((flen + follow_on) > *len) | |
| 183 | return -1; | |
| 184 | ||
| 185 | *len -= flen; | |
| 186 | *pptr = ptr + flen; | |
| 187 | return 0; | |
| 188 | } | |
| 189 | ||
| 190 | /* | |
| 191 | * Table of reason codes to pass back to node which sent us a badly | |
| 192 | * formed message, plus text messages for the log. A zero entry in | |
| 193 | * the reason field means "don't reply" otherwise a disc init is sent with | |
| 194 | * the specified reason code. | |
| 195 | */ | |
| 196 | static struct { | |
| 197 | unsigned short reason; | |
| 198 | const char *text; | |
| 199 | } ci_err_table[] = { | |
| 200 | { 0, "CI: Truncated message" }, | |
| 201 | { NSP_REASON_ID, "CI: Destination username error" }, | |
| 202 | { NSP_REASON_ID, "CI: Destination username type" }, | |
| 203 | { NSP_REASON_US, "CI: Source username error" }, | |
| 204 | { 0, "CI: Truncated at menuver" }, | |
| 205 | { 0, "CI: Truncated before access or user data" }, | |
| 206 | { NSP_REASON_IO, "CI: Access data format error" }, | |
| 207 | { NSP_REASON_IO, "CI: User data format error" } | |
| 208 | }; | |
| 209 | ||
| 210 | /* | |
| 211 | * This function uses a slightly different lookup method | |
| 212 | * to find its sockets, since it searches on object name/number | |
| 213 | * rather than port numbers. Various tests are done to ensure that | |
| 214 | * the incoming data is in the correct format before it is queued to | |
| 215 | * a socket. | |
| 216 | */ | |
| 217 | static struct sock *dn_find_listener(struct sk_buff *skb, unsigned short *reason) | |
| 218 | { | |
| 219 | struct dn_skb_cb *cb = DN_SKB_CB(skb); | |
| 220 | struct nsp_conn_init_msg *msg = (struct nsp_conn_init_msg *)skb->data; | |
| 221 | struct sockaddr_dn dstaddr; | |
| 222 | struct sockaddr_dn srcaddr; | |
| 223 | unsigned char type = 0; | |
| 224 | int dstlen; | |
| 225 | int srclen; | |
| 226 | unsigned char *ptr; | |
| 227 | int len; | |
| 228 | int err = 0; | |
| 229 | unsigned char menuver; | |
| 230 | ||
| 231 | memset(&dstaddr, 0, sizeof(struct sockaddr_dn)); | |
| 232 | memset(&srcaddr, 0, sizeof(struct sockaddr_dn)); | |
| 233 | ||
| 234 | /* | |
| 235 | * 1. Decode & remove message header | |
| 236 | */ | |
| 237 | cb->src_port = msg->srcaddr; | |
| 238 | cb->dst_port = msg->dstaddr; | |
| 239 | cb->services = msg->services; | |
| 240 | cb->info = msg->info; | |
| c4106aa8 | 241 | cb->segsize = le16_to_cpu(msg->segsize); |
| 1da177e4 LT |
242 | |
| 243 | if (!pskb_may_pull(skb, sizeof(*msg))) | |
| 244 | goto err_out; | |
| 245 | ||
| 246 | skb_pull(skb, sizeof(*msg)); | |
| 247 | ||
| 248 | len = skb->len; | |
| 249 | ptr = skb->data; | |
| 250 | ||
| 251 | /* | |
| 252 | * 2. Check destination end username format | |
| 253 | */ | |
| 254 | dstlen = dn_username2sockaddr(ptr, len, &dstaddr, &type); | |
| 255 | err++; | |
| 256 | if (dstlen < 0) | |
| 257 | goto err_out; | |
| 258 | ||
| 259 | err++; | |
| 260 | if (type > 1) | |
| 261 | goto err_out; | |
| 262 | ||
| 263 | len -= dstlen; | |
| 264 | ptr += dstlen; | |
| 265 | ||
| 266 | /* | |
| 267 | * 3. Check source end username format | |
| 268 | */ | |
| 269 | srclen = dn_username2sockaddr(ptr, len, &srcaddr, &type); | |
| 270 | err++; | |
| 271 | if (srclen < 0) | |
| 272 | goto err_out; | |
| 273 | ||
| 274 | len -= srclen; | |
| 275 | ptr += srclen; | |
| 276 | err++; | |
| 277 | if (len < 1) | |
| 278 | goto err_out; | |
| 279 | ||
| 280 | menuver = *ptr; | |
| 281 | ptr++; | |
| 282 | len--; | |
| 283 | ||
| 284 | /* | |
| 285 | * 4. Check that optional data actually exists if menuver says it does | |
| 286 | */ | |
| 287 | err++; | |
| 288 | if ((menuver & (DN_MENUVER_ACC | DN_MENUVER_USR)) && (len < 1)) | |
| 289 | goto err_out; | |
| 290 | ||
| 291 | /* | |
| 292 | * 5. Check optional access data format | |
| 293 | */ | |
| 294 | err++; | |
| 295 | if (menuver & DN_MENUVER_ACC) { | |
| 296 | if (dn_check_idf(&ptr, &len, 39, 1)) | |
| 297 | goto err_out; | |
| 298 | if (dn_check_idf(&ptr, &len, 39, 1)) | |
| 299 | goto err_out; | |
| 300 | if (dn_check_idf(&ptr, &len, 39, (menuver & DN_MENUVER_USR) ? 1 : 0)) | |
| 301 | goto err_out; | |
| 302 | } | |
| 303 | ||
| 304 | /* | |
| 305 | * 6. Check optional user data format | |
| 306 | */ | |
| 307 | err++; | |
| 308 | if (menuver & DN_MENUVER_USR) { | |
| 309 | if (dn_check_idf(&ptr, &len, 16, 0)) | |
| 310 | goto err_out; | |
| 311 | } | |
| 312 | ||
| 313 | /* | |
| 314 | * 7. Look up socket based on destination end username | |
| 315 | */ | |
| 316 | return dn_sklist_find_listener(&dstaddr); | |
| 317 | err_out: | |
| 318 | dn_log_martian(skb, ci_err_table[err].text); | |
| 319 | *reason = ci_err_table[err].reason; | |
| 320 | return NULL; | |
| 321 | } | |
| 322 | ||
| 323 | ||
| 324 | static void dn_nsp_conn_init(struct sock *sk, struct sk_buff *skb) | |
| 325 | { | |
| 326 | if (sk_acceptq_is_full(sk)) { | |
| 327 | kfree_skb(skb); | |
| 328 | return; | |
| 329 | } | |
| 330 | ||
| 7976a11b | 331 | sk_acceptq_added(sk); |
| 1da177e4 LT |
332 | skb_queue_tail(&sk->sk_receive_queue, skb); |
| 333 | sk->sk_state_change(sk); | |
| 334 | } | |
| 335 | ||
| 336 | static void dn_nsp_conn_conf(struct sock *sk, struct sk_buff *skb) | |
| 337 | { | |
| 338 | struct dn_skb_cb *cb = DN_SKB_CB(skb); | |
| 339 | struct dn_scp *scp = DN_SK(sk); | |
| 340 | unsigned char *ptr; | |
| 341 | ||
| 342 | if (skb->len < 4) | |
| 343 | goto out; | |
| 344 | ||
| 345 | ptr = skb->data; | |
| 346 | cb->services = *ptr++; | |
| 347 | cb->info = *ptr++; | |
| c4106aa8 | 348 | cb->segsize = le16_to_cpu(*(__le16 *)ptr); |
| 1da177e4 LT |
349 | |
| 350 | if ((scp->state == DN_CI) || (scp->state == DN_CD)) { | |
| 351 | scp->persist = 0; | |
| 429eb0fa YH |
352 | scp->addrrem = cb->src_port; |
| 353 | sk->sk_state = TCP_ESTABLISHED; | |
| 354 | scp->state = DN_RUN; | |
| 1da177e4 LT |
355 | scp->services_rem = cb->services; |
| 356 | scp->info_rem = cb->info; | |
| 357 | scp->segsize_rem = cb->segsize; | |
| 358 | ||
| 359 | if ((scp->services_rem & NSP_FC_MASK) == NSP_FC_NONE) | |
| 360 | scp->max_window = decnet_no_fc_max_cwnd; | |
| 361 | ||
| 362 | if (skb->len > 0) { | |
| 375d9d71 | 363 | u16 dlen = *skb->data; |
| 1da177e4 | 364 | if ((dlen <= 16) && (dlen <= skb->len)) { |
| c4106aa8 | 365 | scp->conndata_in.opt_optl = cpu_to_le16(dlen); |
| d626f62b ACM |
366 | skb_copy_from_linear_data_offset(skb, 1, |
| 367 | scp->conndata_in.opt_data, dlen); | |
| 1da177e4 LT |
368 | } |
| 369 | } | |
| 429eb0fa YH |
370 | dn_nsp_send_link(sk, DN_NOCHANGE, 0); |
| 371 | if (!sock_flag(sk, SOCK_DEAD)) | |
| 372 | sk->sk_state_change(sk); | |
| 373 | } | |
| 1da177e4 LT |
374 | |
| 375 | out: | |
| 429eb0fa | 376 | kfree_skb(skb); |
| 1da177e4 LT |
377 | } |
| 378 | ||
| 379 | static void dn_nsp_conn_ack(struct sock *sk, struct sk_buff *skb) | |
| 380 | { | |
| 381 | struct dn_scp *scp = DN_SK(sk); | |
| 382 | ||
| 383 | if (scp->state == DN_CI) { | |
| 384 | scp->state = DN_CD; | |
| 385 | scp->persist = 0; | |
| 386 | } | |
| 387 | ||
| 388 | kfree_skb(skb); | |
| 389 | } | |
| 390 | ||
| 391 | static void dn_nsp_disc_init(struct sock *sk, struct sk_buff *skb) | |
| 392 | { | |
| 393 | struct dn_scp *scp = DN_SK(sk); | |
| 394 | struct dn_skb_cb *cb = DN_SKB_CB(skb); | |
| 395 | unsigned short reason; | |
| 396 | ||
| 397 | if (skb->len < 2) | |
| 398 | goto out; | |
| 399 | ||
| c4106aa8 | 400 | reason = le16_to_cpu(*(__le16 *)skb->data); |
| 1da177e4 LT |
401 | skb_pull(skb, 2); |
| 402 | ||
| c4106aa8 | 403 | scp->discdata_in.opt_status = cpu_to_le16(reason); |
| 1da177e4 LT |
404 | scp->discdata_in.opt_optl = 0; |
| 405 | memset(scp->discdata_in.opt_data, 0, 16); | |
| 406 | ||
| 407 | if (skb->len > 0) { | |
| 375d9d71 | 408 | u16 dlen = *skb->data; |
| 1da177e4 | 409 | if ((dlen <= 16) && (dlen <= skb->len)) { |
| c4106aa8 | 410 | scp->discdata_in.opt_optl = cpu_to_le16(dlen); |
| d626f62b | 411 | skb_copy_from_linear_data_offset(skb, 1, scp->discdata_in.opt_data, dlen); |
| 1da177e4 LT |
412 | } |
| 413 | } | |
| 414 | ||
| 415 | scp->addrrem = cb->src_port; | |
| 416 | sk->sk_state = TCP_CLOSE; | |
| 417 | ||
| 06f8fe11 JP |
418 | switch (scp->state) { |
| 419 | case DN_CI: | |
| 420 | case DN_CD: | |
| 421 | scp->state = DN_RJ; | |
| 422 | sk->sk_err = ECONNREFUSED; | |
| 423 | break; | |
| 424 | case DN_RUN: | |
| 425 | sk->sk_shutdown |= SHUTDOWN_MASK; | |
| 426 | scp->state = DN_DN; | |
| 427 | break; | |
| 428 | case DN_DI: | |
| 429 | scp->state = DN_DIC; | |
| 430 | break; | |
| 1da177e4 LT |
431 | } |
| 432 | ||
| 433 | if (!sock_flag(sk, SOCK_DEAD)) { | |
| 434 | if (sk->sk_socket->state != SS_UNCONNECTED) | |
| 435 | sk->sk_socket->state = SS_DISCONNECTING; | |
| 436 | sk->sk_state_change(sk); | |
| 437 | } | |
| 438 | ||
| 429eb0fa | 439 | /* |
| 1da177e4 LT |
440 | * It appears that its possible for remote machines to send disc |
| 441 | * init messages with no port identifier if we are in the CI and | |
| 442 | * possibly also the CD state. Obviously we shouldn't reply with | |
| 443 | * a message if we don't know what the end point is. | |
| 444 | */ | |
| 445 | if (scp->addrrem) { | |
| 446 | dn_nsp_send_disc(sk, NSP_DISCCONF, NSP_REASON_DC, GFP_ATOMIC); | |
| 447 | } | |
| 448 | scp->persist_fxn = dn_destroy_timer; | |
| 449 | scp->persist = dn_nsp_persist(sk); | |
| 450 | ||
| 451 | out: | |
| 452 | kfree_skb(skb); | |
| 453 | } | |
| 454 | ||
| 455 | /* | |
| 456 | * disc_conf messages are also called no_resources or no_link | |
| 457 | * messages depending upon the "reason" field. | |
| 458 | */ | |
| 459 | static void dn_nsp_disc_conf(struct sock *sk, struct sk_buff *skb) | |
| 460 | { | |
| 461 | struct dn_scp *scp = DN_SK(sk); | |
| 462 | unsigned short reason; | |
| 463 | ||
| 464 | if (skb->len != 2) | |
| 465 | goto out; | |
| 466 | ||
| c4106aa8 | 467 | reason = le16_to_cpu(*(__le16 *)skb->data); |
| 1da177e4 LT |
468 | |
| 469 | sk->sk_state = TCP_CLOSE; | |
| 470 | ||
| 06f8fe11 JP |
471 | switch (scp->state) { |
| 472 | case DN_CI: | |
| 473 | scp->state = DN_NR; | |
| 474 | break; | |
| 475 | case DN_DR: | |
| 476 | if (reason == NSP_REASON_DC) | |
| 477 | scp->state = DN_DRC; | |
| 478 | if (reason == NSP_REASON_NL) | |
| 1da177e4 | 479 | scp->state = DN_CN; |
| 06f8fe11 JP |
480 | break; |
| 481 | case DN_DI: | |
| 482 | scp->state = DN_DIC; | |
| 483 | break; | |
| 484 | case DN_RUN: | |
| 485 | sk->sk_shutdown |= SHUTDOWN_MASK; | |
| df561f66 | 486 | fallthrough; |
| 06f8fe11 JP |
487 | case DN_CC: |
| 488 | scp->state = DN_CN; | |
| 1da177e4 LT |
489 | } |
| 490 | ||
| 491 | if (!sock_flag(sk, SOCK_DEAD)) { | |
| 492 | if (sk->sk_socket->state != SS_UNCONNECTED) | |
| 493 | sk->sk_socket->state = SS_DISCONNECTING; | |
| 494 | sk->sk_state_change(sk); | |
| 495 | } | |
| 496 | ||
| 497 | scp->persist_fxn = dn_destroy_timer; | |
| 498 | scp->persist = dn_nsp_persist(sk); | |
| 499 | ||
| 500 | out: | |
| 501 | kfree_skb(skb); | |
| 502 | } | |
| 503 | ||
| 504 | static void dn_nsp_linkservice(struct sock *sk, struct sk_buff *skb) | |
| 505 | { | |
| 506 | struct dn_scp *scp = DN_SK(sk); | |
| 507 | unsigned short segnum; | |
| 508 | unsigned char lsflags; | |
| 509 | signed char fcval; | |
| 510 | int wake_up = 0; | |
| 511 | char *ptr = skb->data; | |
| 512 | unsigned char fctype = scp->services_rem & NSP_FC_MASK; | |
| 513 | ||
| 514 | if (skb->len != 4) | |
| 515 | goto out; | |
| 516 | ||
| c4106aa8 | 517 | segnum = le16_to_cpu(*(__le16 *)ptr); |
| 1da177e4 LT |
518 | ptr += 2; |
| 519 | lsflags = *(unsigned char *)ptr++; | |
| 520 | fcval = *ptr; | |
| 521 | ||
| 522 | /* | |
| e51443d5 | 523 | * Here we ignore erroneous packets which should really |
| 429eb0fa | 524 | * should cause a connection abort. It is not critical |
| 1da177e4 LT |
525 | * for now though. |
| 526 | */ | |
| 527 | if (lsflags & 0xf8) | |
| 528 | goto out; | |
| 529 | ||
| 530 | if (seq_next(scp->numoth_rcv, segnum)) { | |
| 531 | seq_add(&scp->numoth_rcv, 1); | |
| 532 | switch(lsflags & 0x04) { /* FCVAL INT */ | |
| 533 | case 0x00: /* Normal Request */ | |
| 534 | switch(lsflags & 0x03) { /* FCVAL MOD */ | |
| 429eb0fa | 535 | case 0x00: /* Request count */ |
| 1da177e4 LT |
536 | if (fcval < 0) { |
| 537 | unsigned char p_fcval = -fcval; | |
| 538 | if ((scp->flowrem_dat > p_fcval) && | |
| 539 | (fctype == NSP_FC_SCMC)) { | |
| 540 | scp->flowrem_dat -= p_fcval; | |
| 541 | } | |
| 542 | } else if (fcval > 0) { | |
| 543 | scp->flowrem_dat += fcval; | |
| 544 | wake_up = 1; | |
| 545 | } | |
| 429eb0fa | 546 | break; |
| 1da177e4 LT |
547 | case 0x01: /* Stop outgoing data */ |
| 548 | scp->flowrem_sw = DN_DONTSEND; | |
| 549 | break; | |
| 550 | case 0x02: /* Ok to start again */ | |
| 551 | scp->flowrem_sw = DN_SEND; | |
| 552 | dn_nsp_output(sk); | |
| 553 | wake_up = 1; | |
| 554 | } | |
| 555 | break; | |
| 556 | case 0x04: /* Interrupt Request */ | |
| 557 | if (fcval > 0) { | |
| 558 | scp->flowrem_oth += fcval; | |
| 559 | wake_up = 1; | |
| 560 | } | |
| 561 | break; | |
| 429eb0fa | 562 | } |
| 1da177e4 LT |
563 | if (wake_up && !sock_flag(sk, SOCK_DEAD)) |
| 564 | sk->sk_state_change(sk); | |
| 429eb0fa | 565 | } |
| 1da177e4 LT |
566 | |
| 567 | dn_nsp_send_oth_ack(sk); | |
| 568 | ||
| 569 | out: | |
| 570 | kfree_skb(skb); | |
| 571 | } | |
| 572 | ||
| 573 | /* | |
| 574 | * Copy of sock_queue_rcv_skb (from sock.h) without | |
| 575 | * bh_lock_sock() (its already held when this is called) which | |
| 576 | * also allows data and other data to be queued to a socket. | |
| 577 | */ | |
| 578 | static __inline__ int dn_queue_skb(struct sock *sk, struct sk_buff *skb, int sig, struct sk_buff_head *queue) | |
| 579 | { | |
| 580 | int err; | |
| 429eb0fa YH |
581 | |
| 582 | /* Cast skb->rcvbuf to unsigned... It's pointless, but reduces | |
| 583 | number of warnings when compiling with -W --ANK | |
| 584 | */ | |
| 585 | if (atomic_read(&sk->sk_rmem_alloc) + skb->truesize >= | |
| 95c96174 | 586 | (unsigned int)sk->sk_rcvbuf) { |
| 429eb0fa YH |
587 | err = -ENOMEM; |
| 588 | goto out; | |
| 589 | } | |
| 1da177e4 | 590 | |
| fda9ef5d | 591 | err = sk_filter(sk, skb); |
| 1da177e4 LT |
592 | if (err) |
| 593 | goto out; | |
| 594 | ||
| 429eb0fa YH |
595 | skb_set_owner_r(skb, sk); |
| 596 | skb_queue_tail(queue, skb); | |
| 1da177e4 | 597 | |
| 9948bb6a | 598 | if (!sock_flag(sk, SOCK_DEAD)) |
| 676d2369 | 599 | sk->sk_data_ready(sk); |
| 1da177e4 | 600 | out: |
| 429eb0fa | 601 | return err; |
| 1da177e4 LT |
602 | } |
| 603 | ||
| 604 | static void dn_nsp_otherdata(struct sock *sk, struct sk_buff *skb) | |
| 605 | { | |
| 606 | struct dn_scp *scp = DN_SK(sk); | |
| 607 | unsigned short segnum; | |
| 608 | struct dn_skb_cb *cb = DN_SKB_CB(skb); | |
| 609 | int queued = 0; | |
| 610 | ||
| 611 | if (skb->len < 2) | |
| 612 | goto out; | |
| 613 | ||
| c4106aa8 | 614 | cb->segnum = segnum = le16_to_cpu(*(__le16 *)skb->data); |
| 1da177e4 LT |
615 | skb_pull(skb, 2); |
| 616 | ||
| 617 | if (seq_next(scp->numoth_rcv, segnum)) { | |
| 618 | ||
| 619 | if (dn_queue_skb(sk, skb, SIGURG, &scp->other_receive_queue) == 0) { | |
| 620 | seq_add(&scp->numoth_rcv, 1); | |
| 621 | scp->other_report = 0; | |
| 622 | queued = 1; | |
| 623 | } | |
| 624 | } | |
| 625 | ||
| 626 | dn_nsp_send_oth_ack(sk); | |
| 627 | out: | |
| 628 | if (!queued) | |
| 629 | kfree_skb(skb); | |
| 630 | } | |
| 631 | ||
| 632 | static void dn_nsp_data(struct sock *sk, struct sk_buff *skb) | |
| 633 | { | |
| 634 | int queued = 0; | |
| 635 | unsigned short segnum; | |
| 636 | struct dn_skb_cb *cb = DN_SKB_CB(skb); | |
| 637 | struct dn_scp *scp = DN_SK(sk); | |
| 638 | ||
| 639 | if (skb->len < 2) | |
| 640 | goto out; | |
| 641 | ||
| c4106aa8 | 642 | cb->segnum = segnum = le16_to_cpu(*(__le16 *)skb->data); |
| 1da177e4 LT |
643 | skb_pull(skb, 2); |
| 644 | ||
| 645 | if (seq_next(scp->numdat_rcv, segnum)) { | |
| 429eb0fa | 646 | if (dn_queue_skb(sk, skb, SIGIO, &sk->sk_receive_queue) == 0) { |
| 1da177e4 | 647 | seq_add(&scp->numdat_rcv, 1); |
| 429eb0fa YH |
648 | queued = 1; |
| 649 | } | |
| 1da177e4 LT |
650 | |
| 651 | if ((scp->flowloc_sw == DN_SEND) && dn_congested(sk)) { | |
| 652 | scp->flowloc_sw = DN_DONTSEND; | |
| 653 | dn_nsp_send_link(sk, DN_DONTSEND, 0); | |
| 654 | } | |
| 429eb0fa | 655 | } |
| 1da177e4 LT |
656 | |
| 657 | dn_nsp_send_data_ack(sk); | |
| 658 | out: | |
| 659 | if (!queued) | |
| 660 | kfree_skb(skb); | |
| 661 | } | |
| 662 | ||
| 663 | /* | |
| 664 | * If one of our conninit messages is returned, this function | |
| 665 | * deals with it. It puts the socket into the NO_COMMUNICATION | |
| 666 | * state. | |
| 667 | */ | |
| 668 | static void dn_returned_conn_init(struct sock *sk, struct sk_buff *skb) | |
| 669 | { | |
| 670 | struct dn_scp *scp = DN_SK(sk); | |
| 671 | ||
| 672 | if (scp->state == DN_CI) { | |
| 673 | scp->state = DN_NC; | |
| 674 | sk->sk_state = TCP_CLOSE; | |
| 675 | if (!sock_flag(sk, SOCK_DEAD)) | |
| 676 | sk->sk_state_change(sk); | |
| 677 | } | |
| 678 | ||
| 679 | kfree_skb(skb); | |
| 680 | } | |
| 681 | ||
| 682 | static int dn_nsp_no_socket(struct sk_buff *skb, unsigned short reason) | |
| 683 | { | |
| 684 | struct dn_skb_cb *cb = DN_SKB_CB(skb); | |
| 685 | int ret = NET_RX_DROP; | |
| 686 | ||
| 687 | /* Must not reply to returned packets */ | |
| 688 | if (cb->rt_flags & DN_RT_F_RTS) | |
| 689 | goto out; | |
| 690 | ||
| 691 | if ((reason != NSP_REASON_OK) && ((cb->nsp_flags & 0x0c) == 0x08)) { | |
| 06f8fe11 JP |
692 | switch (cb->nsp_flags & 0x70) { |
| 693 | case 0x10: | |
| 694 | case 0x60: /* (Retransmitted) Connect Init */ | |
| 695 | dn_nsp_return_disc(skb, NSP_DISCINIT, reason); | |
| 696 | ret = NET_RX_SUCCESS; | |
| 697 | break; | |
| 698 | case 0x20: /* Connect Confirm */ | |
| 699 | dn_nsp_return_disc(skb, NSP_DISCCONF, reason); | |
| 700 | ret = NET_RX_SUCCESS; | |
| 701 | break; | |
| 1da177e4 LT |
702 | } |
| 703 | } | |
| 704 | ||
| 705 | out: | |
| 706 | kfree_skb(skb); | |
| 707 | return ret; | |
| 708 | } | |
| 709 | ||
| 0c4b51f0 EB |
710 | static int dn_nsp_rx_packet(struct net *net, struct sock *sk2, |
| 711 | struct sk_buff *skb) | |
| 1da177e4 LT |
712 | { |
| 713 | struct dn_skb_cb *cb = DN_SKB_CB(skb); | |
| 714 | struct sock *sk = NULL; | |
| 715 | unsigned char *ptr = (unsigned char *)skb->data; | |
| 716 | unsigned short reason = NSP_REASON_NL; | |
| 717 | ||
| 718 | if (!pskb_may_pull(skb, 2)) | |
| 719 | goto free_out; | |
| 720 | ||
| badff6d0 | 721 | skb_reset_transport_header(skb); |
| 1da177e4 LT |
722 | cb->nsp_flags = *ptr++; |
| 723 | ||
| 724 | if (decnet_debug_level & 2) | |
| 725 | printk(KERN_DEBUG "dn_nsp_rx: Message type 0x%02x\n", (int)cb->nsp_flags); | |
| 726 | ||
| 429eb0fa | 727 | if (cb->nsp_flags & 0x83) |
| 1da177e4 LT |
728 | goto free_out; |
| 729 | ||
| 730 | /* | |
| 731 | * Filter out conninits and useless packet types | |
| 732 | */ | |
| 733 | if ((cb->nsp_flags & 0x0c) == 0x08) { | |
| 06f8fe11 JP |
734 | switch (cb->nsp_flags & 0x70) { |
| 735 | case 0x00: /* NOP */ | |
| 736 | case 0x70: /* Reserved */ | |
| 737 | case 0x50: /* Reserved, Phase II node init */ | |
| 738 | goto free_out; | |
| 739 | case 0x10: | |
| 740 | case 0x60: | |
| 741 | if (unlikely(cb->rt_flags & DN_RT_F_RTS)) | |
| 1da177e4 | 742 | goto free_out; |
| 06f8fe11 JP |
743 | sk = dn_find_listener(skb, &reason); |
| 744 | goto got_it; | |
| 1da177e4 LT |
745 | } |
| 746 | } | |
| 747 | ||
| 748 | if (!pskb_may_pull(skb, 3)) | |
| 749 | goto free_out; | |
| 750 | ||
| 751 | /* | |
| 752 | * Grab the destination address. | |
| 753 | */ | |
| c4ea94ab | 754 | cb->dst_port = *(__le16 *)ptr; |
| 1da177e4 LT |
755 | cb->src_port = 0; |
| 756 | ptr += 2; | |
| 757 | ||
| 758 | /* | |
| 759 | * If not a connack, grab the source address too. | |
| 760 | */ | |
| 761 | if (pskb_may_pull(skb, 5)) { | |
| c4ea94ab | 762 | cb->src_port = *(__le16 *)ptr; |
| 1da177e4 LT |
763 | ptr += 2; |
| 764 | skb_pull(skb, 5); | |
| 765 | } | |
| 766 | ||
| 767 | /* | |
| 768 | * Returned packets... | |
| 769 | * Swap src & dst and look up in the normal way. | |
| 770 | */ | |
| 771 | if (unlikely(cb->rt_flags & DN_RT_F_RTS)) { | |
| 68ad08c4 GS |
772 | swap(cb->dst_port, cb->src_port); |
| 773 | swap(cb->dst, cb->src); | |
| 1da177e4 LT |
774 | } |
| 775 | ||
| 776 | /* | |
| 777 | * Find the socket to which this skb is destined. | |
| 778 | */ | |
| 779 | sk = dn_find_by_skb(skb); | |
| 780 | got_it: | |
| 781 | if (sk != NULL) { | |
| 782 | struct dn_scp *scp = DN_SK(sk); | |
| 1da177e4 LT |
783 | |
| 784 | /* Reset backoff */ | |
| 785 | scp->nsp_rxtshift = 0; | |
| 786 | ||
| 787 | /* | |
| 788 | * We linearize everything except data segments here. | |
| 789 | */ | |
| 790 | if (cb->nsp_flags & ~0x60) { | |
| 364c6bad | 791 | if (unlikely(skb_linearize(skb))) |
| 1da177e4 LT |
792 | goto free_out; |
| 793 | } | |
| 794 | ||
| 58a5a7b9 | 795 | return sk_receive_skb(sk, skb, 0); |
| 1da177e4 LT |
796 | } |
| 797 | ||
| 798 | return dn_nsp_no_socket(skb, reason); | |
| 799 | ||
| 800 | free_out: | |
| 801 | kfree_skb(skb); | |
| 802 | return NET_RX_DROP; | |
| 803 | } | |
| 804 | ||
| 805 | int dn_nsp_rx(struct sk_buff *skb) | |
| 806 | { | |
| 29a26a56 EB |
807 | return NF_HOOK(NFPROTO_DECNET, NF_DN_LOCAL_IN, |
| 808 | &init_net, NULL, skb, skb->dev, NULL, | |
| 5d877d87 | 809 | dn_nsp_rx_packet); |
| 1da177e4 LT |
810 | } |
| 811 | ||
| 812 | /* | |
| 813 | * This is the main receive routine for sockets. It is called | |
| 814 | * from the above when the socket is not busy, and also from | |
| 815 | * sock_release() when there is a backlog queued up. | |
| 816 | */ | |
| 817 | int dn_nsp_backlog_rcv(struct sock *sk, struct sk_buff *skb) | |
| 818 | { | |
| 819 | struct dn_scp *scp = DN_SK(sk); | |
| 820 | struct dn_skb_cb *cb = DN_SKB_CB(skb); | |
| 821 | ||
| 822 | if (cb->rt_flags & DN_RT_F_RTS) { | |
| 823 | if (cb->nsp_flags == 0x18 || cb->nsp_flags == 0x68) | |
| 824 | dn_returned_conn_init(sk, skb); | |
| 825 | else | |
| 826 | kfree_skb(skb); | |
| 827 | return NET_RX_SUCCESS; | |
| 828 | } | |
| 829 | ||
| 830 | /* | |
| 831 | * Control packet. | |
| 832 | */ | |
| 833 | if ((cb->nsp_flags & 0x0c) == 0x08) { | |
| 06f8fe11 JP |
834 | switch (cb->nsp_flags & 0x70) { |
| 835 | case 0x10: | |
| 836 | case 0x60: | |
| 837 | dn_nsp_conn_init(sk, skb); | |
| 838 | break; | |
| 839 | case 0x20: | |
| 840 | dn_nsp_conn_conf(sk, skb); | |
| 841 | break; | |
| 842 | case 0x30: | |
| 843 | dn_nsp_disc_init(sk, skb); | |
| 844 | break; | |
| 845 | case 0x40: | |
| 846 | dn_nsp_disc_conf(sk, skb); | |
| 847 | break; | |
| 1da177e4 LT |
848 | } |
| 849 | ||
| 850 | } else if (cb->nsp_flags == 0x24) { | |
| 851 | /* | |
| 852 | * Special for connacks, 'cos they don't have | |
| 853 | * ack data or ack otherdata info. | |
| 854 | */ | |
| 855 | dn_nsp_conn_ack(sk, skb); | |
| 856 | } else { | |
| 857 | int other = 1; | |
| 858 | ||
| 859 | /* both data and ack frames can kick a CC socket into RUN */ | |
| 860 | if ((scp->state == DN_CC) && !sock_flag(sk, SOCK_DEAD)) { | |
| 861 | scp->state = DN_RUN; | |
| 862 | sk->sk_state = TCP_ESTABLISHED; | |
| 863 | sk->sk_state_change(sk); | |
| 864 | } | |
| 865 | ||
| 866 | if ((cb->nsp_flags & 0x1c) == 0) | |
| 867 | other = 0; | |
| 868 | if (cb->nsp_flags == 0x04) | |
| 869 | other = 0; | |
| 870 | ||
| 871 | /* | |
| 872 | * Read out ack data here, this applies equally | |
| 5debe0b3 | 873 | * to data, other data, link service and both |
| 1da177e4 LT |
874 | * ack data and ack otherdata. |
| 875 | */ | |
| 876 | dn_process_ack(sk, skb, other); | |
| 877 | ||
| 878 | /* | |
| 879 | * If we've some sort of data here then call a | |
| 880 | * suitable routine for dealing with it, otherwise | |
| 881 | * the packet is an ack and can be discarded. | |
| 882 | */ | |
| 883 | if ((cb->nsp_flags & 0x0c) == 0) { | |
| 884 | ||
| 885 | if (scp->state != DN_RUN) | |
| 886 | goto free_out; | |
| 887 | ||
| 06f8fe11 JP |
888 | switch (cb->nsp_flags) { |
| 889 | case 0x10: /* LS */ | |
| 890 | dn_nsp_linkservice(sk, skb); | |
| 891 | break; | |
| 892 | case 0x30: /* OD */ | |
| 893 | dn_nsp_otherdata(sk, skb); | |
| 894 | break; | |
| 895 | default: | |
| 896 | dn_nsp_data(sk, skb); | |
| 1da177e4 LT |
897 | } |
| 898 | ||
| 899 | } else { /* Ack, chuck it out here */ | |
| 900 | free_out: | |
| 901 | kfree_skb(skb); | |
| 902 | } | |
| 903 | } | |
| 904 | ||
| 905 | return NET_RX_SUCCESS; | |
| 906 | } |