1 | // SPDX-License-Identifier: GPL-2.0-or-later |
2 | /* |
3 | * |
4 | * Copyright (C) Jonathan Naylor G4KLX (g4klx@g4klx.demon.co.uk) |
5 | */ |
6 | #include <linux/errno.h> |
7 | #include <linux/types.h> |
8 | #include <linux/socket.h> |
9 | #include <linux/in.h> |
10 | #include <linux/kernel.h> |
11 | #include <linux/timer.h> |
12 | #include <linux/string.h> |
13 | #include <linux/sockios.h> |
14 | #include <linux/net.h> |
15 | #include <linux/slab.h> |
16 | #include <net/ax25.h> |
17 | #include <linux/inet.h> |
18 | #include <linux/netdevice.h> |
19 | #include <linux/skbuff.h> |
20 | #include <net/sock.h> |
21 | #include <net/tcp_states.h> |
22 | #include <linux/fcntl.h> |
23 | #include <linux/mm.h> |
24 | #include <linux/interrupt.h> |
25 | #include <net/rose.h> |
26 | |
27 | static int rose_create_facilities(unsigned char *buffer, struct rose_sock *rose); |
28 | |
29 | /* |
30 | * This routine purges all of the queues of frames. |
31 | */ |
32 | void rose_clear_queues(struct sock *sk) |
33 | { |
34 | skb_queue_purge(list: &sk->sk_write_queue); |
35 | skb_queue_purge(list: &rose_sk(sk)->ack_queue); |
36 | } |
37 | |
38 | /* |
39 | * This routine purges the input queue of those frames that have been |
40 | * acknowledged. This replaces the boxes labelled "V(a) <- N(r)" on the |
41 | * SDL diagram. |
42 | */ |
43 | void rose_frames_acked(struct sock *sk, unsigned short nr) |
44 | { |
45 | struct sk_buff *skb; |
46 | struct rose_sock *rose = rose_sk(sk); |
47 | |
48 | /* |
49 | * Remove all the ack-ed frames from the ack queue. |
50 | */ |
51 | if (rose->va != nr) { |
52 | while (skb_peek(list_: &rose->ack_queue) != NULL && rose->va != nr) { |
53 | skb = skb_dequeue(list: &rose->ack_queue); |
54 | kfree_skb(skb); |
55 | rose->va = (rose->va + 1) % ROSE_MODULUS; |
56 | } |
57 | } |
58 | } |
59 | |
60 | void rose_requeue_frames(struct sock *sk) |
61 | { |
62 | struct sk_buff *skb, *skb_prev = NULL; |
63 | |
64 | /* |
65 | * Requeue all the un-ack-ed frames on the output queue to be picked |
66 | * up by rose_kick. This arrangement handles the possibility of an |
67 | * empty output queue. |
68 | */ |
69 | while ((skb = skb_dequeue(list: &rose_sk(sk)->ack_queue)) != NULL) { |
70 | if (skb_prev == NULL) |
71 | skb_queue_head(list: &sk->sk_write_queue, newsk: skb); |
72 | else |
73 | skb_append(old: skb_prev, newsk: skb, list: &sk->sk_write_queue); |
74 | skb_prev = skb; |
75 | } |
76 | } |
77 | |
78 | /* |
79 | * Validate that the value of nr is between va and vs. Return true or |
80 | * false for testing. |
81 | */ |
82 | int rose_validate_nr(struct sock *sk, unsigned short nr) |
83 | { |
84 | struct rose_sock *rose = rose_sk(sk); |
85 | unsigned short vc = rose->va; |
86 | |
87 | while (vc != rose->vs) { |
88 | if (nr == vc) return 1; |
89 | vc = (vc + 1) % ROSE_MODULUS; |
90 | } |
91 | |
92 | return nr == rose->vs; |
93 | } |
94 | |
95 | /* |
96 | * This routine is called when the packet layer internally generates a |
97 | * control frame. |
98 | */ |
99 | void rose_write_internal(struct sock *sk, int frametype) |
100 | { |
101 | struct rose_sock *rose = rose_sk(sk); |
102 | struct sk_buff *skb; |
103 | unsigned char *dptr; |
104 | unsigned char lci1, lci2; |
105 | int maxfaclen = 0; |
106 | int len, faclen; |
107 | int reserve; |
108 | |
109 | reserve = AX25_BPQ_HEADER_LEN + AX25_MAX_HEADER_LEN + 1; |
110 | len = ROSE_MIN_LEN; |
111 | |
112 | switch (frametype) { |
113 | case ROSE_CALL_REQUEST: |
114 | len += 1 + ROSE_ADDR_LEN + ROSE_ADDR_LEN; |
115 | maxfaclen = 256; |
116 | break; |
117 | case ROSE_CALL_ACCEPTED: |
118 | case ROSE_CLEAR_REQUEST: |
119 | case ROSE_RESET_REQUEST: |
120 | len += 2; |
121 | break; |
122 | } |
123 | |
124 | skb = alloc_skb(size: reserve + len + maxfaclen, GFP_ATOMIC); |
125 | if (!skb) |
126 | return; |
127 | |
128 | /* |
129 | * Space for AX.25 header and PID. |
130 | */ |
131 | skb_reserve(skb, len: reserve); |
132 | |
133 | dptr = skb_put(skb, len); |
134 | |
135 | lci1 = (rose->lci >> 8) & 0x0F; |
136 | lci2 = (rose->lci >> 0) & 0xFF; |
137 | |
138 | switch (frametype) { |
139 | case ROSE_CALL_REQUEST: |
140 | *dptr++ = ROSE_GFI | lci1; |
141 | *dptr++ = lci2; |
142 | *dptr++ = frametype; |
143 | *dptr++ = ROSE_CALL_REQ_ADDR_LEN_VAL; |
144 | memcpy(dptr, &rose->dest_addr, ROSE_ADDR_LEN); |
145 | dptr += ROSE_ADDR_LEN; |
146 | memcpy(dptr, &rose->source_addr, ROSE_ADDR_LEN); |
147 | dptr += ROSE_ADDR_LEN; |
148 | faclen = rose_create_facilities(buffer: dptr, rose); |
149 | skb_put(skb, len: faclen); |
150 | dptr += faclen; |
151 | break; |
152 | |
153 | case ROSE_CALL_ACCEPTED: |
154 | *dptr++ = ROSE_GFI | lci1; |
155 | *dptr++ = lci2; |
156 | *dptr++ = frametype; |
157 | *dptr++ = 0x00; /* Address length */ |
158 | *dptr++ = 0; /* Facilities length */ |
159 | break; |
160 | |
161 | case ROSE_CLEAR_REQUEST: |
162 | *dptr++ = ROSE_GFI | lci1; |
163 | *dptr++ = lci2; |
164 | *dptr++ = frametype; |
165 | *dptr++ = rose->cause; |
166 | *dptr++ = rose->diagnostic; |
167 | break; |
168 | |
169 | case ROSE_RESET_REQUEST: |
170 | *dptr++ = ROSE_GFI | lci1; |
171 | *dptr++ = lci2; |
172 | *dptr++ = frametype; |
173 | *dptr++ = ROSE_DTE_ORIGINATED; |
174 | *dptr++ = 0; |
175 | break; |
176 | |
177 | case ROSE_RR: |
178 | case ROSE_RNR: |
179 | *dptr++ = ROSE_GFI | lci1; |
180 | *dptr++ = lci2; |
181 | *dptr = frametype; |
182 | *dptr++ |= (rose->vr << 5) & 0xE0; |
183 | break; |
184 | |
185 | case ROSE_CLEAR_CONFIRMATION: |
186 | case ROSE_RESET_CONFIRMATION: |
187 | *dptr++ = ROSE_GFI | lci1; |
188 | *dptr++ = lci2; |
189 | *dptr++ = frametype; |
190 | break; |
191 | |
192 | default: |
193 | printk(KERN_ERR "ROSE: rose_write_internal - invalid frametype %02X\n" , frametype); |
194 | kfree_skb(skb); |
195 | return; |
196 | } |
197 | |
198 | rose_transmit_link(skb, rose->neighbour); |
199 | } |
200 | |
201 | int rose_decode(struct sk_buff *skb, int *ns, int *nr, int *q, int *d, int *m) |
202 | { |
203 | unsigned char *frame; |
204 | |
205 | frame = skb->data; |
206 | |
207 | *ns = *nr = *q = *d = *m = 0; |
208 | |
209 | switch (frame[2]) { |
210 | case ROSE_CALL_REQUEST: |
211 | case ROSE_CALL_ACCEPTED: |
212 | case ROSE_CLEAR_REQUEST: |
213 | case ROSE_CLEAR_CONFIRMATION: |
214 | case ROSE_RESET_REQUEST: |
215 | case ROSE_RESET_CONFIRMATION: |
216 | return frame[2]; |
217 | default: |
218 | break; |
219 | } |
220 | |
221 | if ((frame[2] & 0x1F) == ROSE_RR || |
222 | (frame[2] & 0x1F) == ROSE_RNR) { |
223 | *nr = (frame[2] >> 5) & 0x07; |
224 | return frame[2] & 0x1F; |
225 | } |
226 | |
227 | if ((frame[2] & 0x01) == ROSE_DATA) { |
228 | *q = (frame[0] & ROSE_Q_BIT) == ROSE_Q_BIT; |
229 | *d = (frame[0] & ROSE_D_BIT) == ROSE_D_BIT; |
230 | *m = (frame[2] & ROSE_M_BIT) == ROSE_M_BIT; |
231 | *nr = (frame[2] >> 5) & 0x07; |
232 | *ns = (frame[2] >> 1) & 0x07; |
233 | return ROSE_DATA; |
234 | } |
235 | |
236 | return ROSE_ILLEGAL; |
237 | } |
238 | |
239 | static int rose_parse_national(unsigned char *p, struct rose_facilities_struct *facilities, int len) |
240 | { |
241 | unsigned char *pt; |
242 | unsigned char l, lg, n = 0; |
243 | int fac_national_digis_received = 0; |
244 | |
245 | do { |
246 | switch (*p & 0xC0) { |
247 | case 0x00: |
248 | if (len < 2) |
249 | return -1; |
250 | p += 2; |
251 | n += 2; |
252 | len -= 2; |
253 | break; |
254 | |
255 | case 0x40: |
256 | if (len < 3) |
257 | return -1; |
258 | if (*p == FAC_NATIONAL_RAND) |
259 | facilities->rand = ((p[1] << 8) & 0xFF00) + ((p[2] << 0) & 0x00FF); |
260 | p += 3; |
261 | n += 3; |
262 | len -= 3; |
263 | break; |
264 | |
265 | case 0x80: |
266 | if (len < 4) |
267 | return -1; |
268 | p += 4; |
269 | n += 4; |
270 | len -= 4; |
271 | break; |
272 | |
273 | case 0xC0: |
274 | if (len < 2) |
275 | return -1; |
276 | l = p[1]; |
277 | if (len < 2 + l) |
278 | return -1; |
279 | if (*p == FAC_NATIONAL_DEST_DIGI) { |
280 | if (!fac_national_digis_received) { |
281 | if (l < AX25_ADDR_LEN) |
282 | return -1; |
283 | memcpy(&facilities->source_digis[0], p + 2, AX25_ADDR_LEN); |
284 | facilities->source_ndigis = 1; |
285 | } |
286 | } |
287 | else if (*p == FAC_NATIONAL_SRC_DIGI) { |
288 | if (!fac_national_digis_received) { |
289 | if (l < AX25_ADDR_LEN) |
290 | return -1; |
291 | memcpy(&facilities->dest_digis[0], p + 2, AX25_ADDR_LEN); |
292 | facilities->dest_ndigis = 1; |
293 | } |
294 | } |
295 | else if (*p == FAC_NATIONAL_FAIL_CALL) { |
296 | if (l < AX25_ADDR_LEN) |
297 | return -1; |
298 | memcpy(&facilities->fail_call, p + 2, AX25_ADDR_LEN); |
299 | } |
300 | else if (*p == FAC_NATIONAL_FAIL_ADD) { |
301 | if (l < 1 + ROSE_ADDR_LEN) |
302 | return -1; |
303 | memcpy(&facilities->fail_addr, p + 3, ROSE_ADDR_LEN); |
304 | } |
305 | else if (*p == FAC_NATIONAL_DIGIS) { |
306 | if (l % AX25_ADDR_LEN) |
307 | return -1; |
308 | fac_national_digis_received = 1; |
309 | facilities->source_ndigis = 0; |
310 | facilities->dest_ndigis = 0; |
311 | for (pt = p + 2, lg = 0 ; lg < l ; pt += AX25_ADDR_LEN, lg += AX25_ADDR_LEN) { |
312 | if (pt[6] & AX25_HBIT) { |
313 | if (facilities->dest_ndigis >= ROSE_MAX_DIGIS) |
314 | return -1; |
315 | memcpy(&facilities->dest_digis[facilities->dest_ndigis++], pt, AX25_ADDR_LEN); |
316 | } else { |
317 | if (facilities->source_ndigis >= ROSE_MAX_DIGIS) |
318 | return -1; |
319 | memcpy(&facilities->source_digis[facilities->source_ndigis++], pt, AX25_ADDR_LEN); |
320 | } |
321 | } |
322 | } |
323 | p += l + 2; |
324 | n += l + 2; |
325 | len -= l + 2; |
326 | break; |
327 | } |
328 | } while (*p != 0x00 && len > 0); |
329 | |
330 | return n; |
331 | } |
332 | |
333 | static int rose_parse_ccitt(unsigned char *p, struct rose_facilities_struct *facilities, int len) |
334 | { |
335 | unsigned char l, n = 0; |
336 | char callsign[11]; |
337 | |
338 | do { |
339 | switch (*p & 0xC0) { |
340 | case 0x00: |
341 | if (len < 2) |
342 | return -1; |
343 | p += 2; |
344 | n += 2; |
345 | len -= 2; |
346 | break; |
347 | |
348 | case 0x40: |
349 | if (len < 3) |
350 | return -1; |
351 | p += 3; |
352 | n += 3; |
353 | len -= 3; |
354 | break; |
355 | |
356 | case 0x80: |
357 | if (len < 4) |
358 | return -1; |
359 | p += 4; |
360 | n += 4; |
361 | len -= 4; |
362 | break; |
363 | |
364 | case 0xC0: |
365 | if (len < 2) |
366 | return -1; |
367 | l = p[1]; |
368 | |
369 | /* Prevent overflows*/ |
370 | if (l < 10 || l > 20) |
371 | return -1; |
372 | |
373 | if (*p == FAC_CCITT_DEST_NSAP) { |
374 | memcpy(&facilities->source_addr, p + 7, ROSE_ADDR_LEN); |
375 | memcpy(callsign, p + 12, l - 10); |
376 | callsign[l - 10] = '\0'; |
377 | asc2ax(addr: &facilities->source_call, callsign); |
378 | } |
379 | if (*p == FAC_CCITT_SRC_NSAP) { |
380 | memcpy(&facilities->dest_addr, p + 7, ROSE_ADDR_LEN); |
381 | memcpy(callsign, p + 12, l - 10); |
382 | callsign[l - 10] = '\0'; |
383 | asc2ax(addr: &facilities->dest_call, callsign); |
384 | } |
385 | p += l + 2; |
386 | n += l + 2; |
387 | len -= l + 2; |
388 | break; |
389 | } |
390 | } while (*p != 0x00 && len > 0); |
391 | |
392 | return n; |
393 | } |
394 | |
395 | int rose_parse_facilities(unsigned char *p, unsigned packet_len, |
396 | struct rose_facilities_struct *facilities) |
397 | { |
398 | int facilities_len, len; |
399 | |
400 | facilities_len = *p++; |
401 | |
402 | if (facilities_len == 0 || (unsigned int)facilities_len > packet_len) |
403 | return 0; |
404 | |
405 | while (facilities_len >= 3 && *p == 0x00) { |
406 | facilities_len--; |
407 | p++; |
408 | |
409 | switch (*p) { |
410 | case FAC_NATIONAL: /* National */ |
411 | len = rose_parse_national(p: p + 1, facilities, len: facilities_len - 1); |
412 | break; |
413 | |
414 | case FAC_CCITT: /* CCITT */ |
415 | len = rose_parse_ccitt(p: p + 1, facilities, len: facilities_len - 1); |
416 | break; |
417 | |
418 | default: |
419 | printk(KERN_DEBUG "ROSE: rose_parse_facilities - unknown facilities family %02X\n" , *p); |
420 | len = 1; |
421 | break; |
422 | } |
423 | |
424 | if (len < 0) |
425 | return 0; |
426 | if (WARN_ON(len >= facilities_len)) |
427 | return 0; |
428 | facilities_len -= len + 1; |
429 | p += len + 1; |
430 | } |
431 | |
432 | return facilities_len == 0; |
433 | } |
434 | |
435 | static int rose_create_facilities(unsigned char *buffer, struct rose_sock *rose) |
436 | { |
437 | unsigned char *p = buffer + 1; |
438 | char *callsign; |
439 | char buf[11]; |
440 | int len, nb; |
441 | |
442 | /* National Facilities */ |
443 | if (rose->rand != 0 || rose->source_ndigis == 1 || rose->dest_ndigis == 1) { |
444 | *p++ = 0x00; |
445 | *p++ = FAC_NATIONAL; |
446 | |
447 | if (rose->rand != 0) { |
448 | *p++ = FAC_NATIONAL_RAND; |
449 | *p++ = (rose->rand >> 8) & 0xFF; |
450 | *p++ = (rose->rand >> 0) & 0xFF; |
451 | } |
452 | |
453 | /* Sent before older facilities */ |
454 | if ((rose->source_ndigis > 0) || (rose->dest_ndigis > 0)) { |
455 | int maxdigi = 0; |
456 | *p++ = FAC_NATIONAL_DIGIS; |
457 | *p++ = AX25_ADDR_LEN * (rose->source_ndigis + rose->dest_ndigis); |
458 | for (nb = 0 ; nb < rose->source_ndigis ; nb++) { |
459 | if (++maxdigi >= ROSE_MAX_DIGIS) |
460 | break; |
461 | memcpy(p, &rose->source_digis[nb], AX25_ADDR_LEN); |
462 | p[6] |= AX25_HBIT; |
463 | p += AX25_ADDR_LEN; |
464 | } |
465 | for (nb = 0 ; nb < rose->dest_ndigis ; nb++) { |
466 | if (++maxdigi >= ROSE_MAX_DIGIS) |
467 | break; |
468 | memcpy(p, &rose->dest_digis[nb], AX25_ADDR_LEN); |
469 | p[6] &= ~AX25_HBIT; |
470 | p += AX25_ADDR_LEN; |
471 | } |
472 | } |
473 | |
474 | /* For compatibility */ |
475 | if (rose->source_ndigis > 0) { |
476 | *p++ = FAC_NATIONAL_SRC_DIGI; |
477 | *p++ = AX25_ADDR_LEN; |
478 | memcpy(p, &rose->source_digis[0], AX25_ADDR_LEN); |
479 | p += AX25_ADDR_LEN; |
480 | } |
481 | |
482 | /* For compatibility */ |
483 | if (rose->dest_ndigis > 0) { |
484 | *p++ = FAC_NATIONAL_DEST_DIGI; |
485 | *p++ = AX25_ADDR_LEN; |
486 | memcpy(p, &rose->dest_digis[0], AX25_ADDR_LEN); |
487 | p += AX25_ADDR_LEN; |
488 | } |
489 | } |
490 | |
491 | *p++ = 0x00; |
492 | *p++ = FAC_CCITT; |
493 | |
494 | *p++ = FAC_CCITT_DEST_NSAP; |
495 | |
496 | callsign = ax2asc(buf, &rose->dest_call); |
497 | |
498 | *p++ = strlen(callsign) + 10; |
499 | *p++ = (strlen(callsign) + 9) * 2; /* ??? */ |
500 | |
501 | *p++ = 0x47; *p++ = 0x00; *p++ = 0x11; |
502 | *p++ = ROSE_ADDR_LEN * 2; |
503 | memcpy(p, &rose->dest_addr, ROSE_ADDR_LEN); |
504 | p += ROSE_ADDR_LEN; |
505 | |
506 | memcpy(p, callsign, strlen(callsign)); |
507 | p += strlen(callsign); |
508 | |
509 | *p++ = FAC_CCITT_SRC_NSAP; |
510 | |
511 | callsign = ax2asc(buf, &rose->source_call); |
512 | |
513 | *p++ = strlen(callsign) + 10; |
514 | *p++ = (strlen(callsign) + 9) * 2; /* ??? */ |
515 | |
516 | *p++ = 0x47; *p++ = 0x00; *p++ = 0x11; |
517 | *p++ = ROSE_ADDR_LEN * 2; |
518 | memcpy(p, &rose->source_addr, ROSE_ADDR_LEN); |
519 | p += ROSE_ADDR_LEN; |
520 | |
521 | memcpy(p, callsign, strlen(callsign)); |
522 | p += strlen(callsign); |
523 | |
524 | len = p - buffer; |
525 | buffer[0] = len - 1; |
526 | |
527 | return len; |
528 | } |
529 | |
530 | void rose_disconnect(struct sock *sk, int reason, int cause, int diagnostic) |
531 | { |
532 | struct rose_sock *rose = rose_sk(sk); |
533 | |
534 | rose_stop_timer(sk); |
535 | rose_stop_idletimer(sk); |
536 | |
537 | rose_clear_queues(sk); |
538 | |
539 | rose->lci = 0; |
540 | rose->state = ROSE_STATE_0; |
541 | |
542 | if (cause != -1) |
543 | rose->cause = cause; |
544 | |
545 | if (diagnostic != -1) |
546 | rose->diagnostic = diagnostic; |
547 | |
548 | sk->sk_state = TCP_CLOSE; |
549 | sk->sk_err = reason; |
550 | sk->sk_shutdown |= SEND_SHUTDOWN; |
551 | |
552 | if (!sock_flag(sk, flag: SOCK_DEAD)) { |
553 | sk->sk_state_change(sk); |
554 | sock_set_flag(sk, flag: SOCK_DEAD); |
555 | } |
556 | } |
557 | |