Commit | Line | Data |
---|---|---|
ee5d8f4d | 1 | // SPDX-License-Identifier: GPL-2.0-or-later |
1da177e4 LT |
2 | /* |
3 | * X.25 Packet Layer release 002 | |
4 | * | |
5 | * This is ALPHA test software. This code may break your machine, | |
6 | * randomly fail to work with new releases, misbehave and/or generally | |
f8e1d201 | 7 | * screw up. It might even work. |
1da177e4 LT |
8 | * |
9 | * This code REQUIRES 2.1.15 or higher | |
10 | * | |
1da177e4 LT |
11 | * History |
12 | * X.25 001 Jonathan Naylor Started coding. | |
13 | * X.25 002 Jonathan Naylor Centralised disconnection code. | |
14 | * New timer architecture. | |
f8e1d201 | 15 | * 2000-03-20 Daniela Squassoni Disabling/enabling of facilities |
1da177e4 LT |
16 | * negotiation. |
17 | * 2000-11-10 Henner Eisen Check and reset for out-of-sequence | |
18 | * i-frames. | |
19 | */ | |
20 | ||
b73e9e3c | 21 | #define pr_fmt(fmt) "X25: " fmt |
22 | ||
5a0e3ad6 | 23 | #include <linux/slab.h> |
1da177e4 LT |
24 | #include <linux/errno.h> |
25 | #include <linux/kernel.h> | |
26 | #include <linux/string.h> | |
27 | #include <linux/skbuff.h> | |
28 | #include <net/sock.h> | |
c752f073 | 29 | #include <net/tcp_states.h> |
1da177e4 LT |
30 | #include <net/x25.h> |
31 | ||
32 | static int x25_queue_rx_frame(struct sock *sk, struct sk_buff *skb, int more) | |
33 | { | |
34 | struct sk_buff *skbo, *skbn = skb; | |
35 | struct x25_sock *x25 = x25_sk(sk); | |
36 | ||
37 | if (more) { | |
38 | x25->fraglen += skb->len; | |
39 | skb_queue_tail(&x25->fragment_queue, skb); | |
40 | skb_set_owner_r(skb, sk); | |
41 | return 0; | |
42 | } | |
43 | ||
44 | if (!more && x25->fraglen > 0) { /* End of fragment */ | |
45 | int len = x25->fraglen + skb->len; | |
46 | ||
47 | if ((skbn = alloc_skb(len, GFP_ATOMIC)) == NULL){ | |
48 | kfree_skb(skb); | |
49 | return 1; | |
50 | } | |
51 | ||
52 | skb_queue_tail(&x25->fragment_queue, skb); | |
53 | ||
badff6d0 | 54 | skb_reset_transport_header(skbn); |
1da177e4 LT |
55 | |
56 | skbo = skb_dequeue(&x25->fragment_queue); | |
1a4e2d09 ACM |
57 | skb_copy_from_linear_data(skbo, skb_put(skbn, skbo->len), |
58 | skbo->len); | |
1da177e4 LT |
59 | kfree_skb(skbo); |
60 | ||
61 | while ((skbo = | |
62 | skb_dequeue(&x25->fragment_queue)) != NULL) { | |
63 | skb_pull(skbo, (x25->neighbour->extended) ? | |
64 | X25_EXT_MIN_LEN : X25_STD_MIN_LEN); | |
1a4e2d09 ACM |
65 | skb_copy_from_linear_data(skbo, |
66 | skb_put(skbn, skbo->len), | |
67 | skbo->len); | |
1da177e4 LT |
68 | kfree_skb(skbo); |
69 | } | |
70 | ||
f8e1d201 | 71 | x25->fraglen = 0; |
1da177e4 LT |
72 | } |
73 | ||
74 | skb_set_owner_r(skbn, sk); | |
75 | skb_queue_tail(&sk->sk_receive_queue, skbn); | |
76 | if (!sock_flag(sk, SOCK_DEAD)) | |
676d2369 | 77 | sk->sk_data_ready(sk); |
1da177e4 LT |
78 | |
79 | return 0; | |
80 | } | |
81 | ||
82 | /* | |
83 | * State machine for state 1, Awaiting Call Accepted State. | |
84 | * The handling of the timer(s) is in file x25_timer.c. | |
85 | * Handling of state 0 and connection release is in af_x25.c. | |
86 | */ | |
87 | static int x25_state1_machine(struct sock *sk, struct sk_buff *skb, int frametype) | |
88 | { | |
89 | struct x25_address source_addr, dest_addr; | |
f5eb917b | 90 | int len; |
95c30430 | 91 | struct x25_sock *x25 = x25_sk(sk); |
1da177e4 LT |
92 | |
93 | switch (frametype) { | |
fddc5f3e JP |
94 | case X25_CALL_ACCEPTED: { |
95 | ||
96 | x25_stop_timer(sk); | |
97 | x25->condition = 0x00; | |
98 | x25->vs = 0; | |
99 | x25->va = 0; | |
100 | x25->vr = 0; | |
101 | x25->vl = 0; | |
102 | x25->state = X25_STATE_3; | |
103 | sk->sk_state = TCP_ESTABLISHED; | |
104 | /* | |
105 | * Parse the data in the frame. | |
106 | */ | |
cb101ed2 MD |
107 | if (!pskb_may_pull(skb, X25_STD_MIN_LEN)) |
108 | goto out_clear; | |
fddc5f3e JP |
109 | skb_pull(skb, X25_STD_MIN_LEN); |
110 | ||
111 | len = x25_parse_address_block(skb, &source_addr, | |
112 | &dest_addr); | |
113 | if (len > 0) | |
114 | skb_pull(skb, len); | |
115 | else if (len < 0) | |
116 | goto out_clear; | |
117 | ||
118 | len = x25_parse_facilities(skb, &x25->facilities, | |
119 | &x25->dte_facilities, | |
120 | &x25->vc_facil_mask); | |
121 | if (len > 0) | |
122 | skb_pull(skb, len); | |
123 | else if (len < 0) | |
124 | goto out_clear; | |
125 | /* | |
126 | * Copy any Call User Data. | |
127 | */ | |
128 | if (skb->len > 0) { | |
c7fd0d48 MD |
129 | if (skb->len > X25_MAX_CUD_LEN) |
130 | goto out_clear; | |
131 | ||
cb101ed2 MD |
132 | skb_copy_bits(skb, 0, x25->calluserdata.cuddata, |
133 | skb->len); | |
fddc5f3e | 134 | x25->calluserdata.cudlength = skb->len; |
1da177e4 | 135 | } |
fddc5f3e JP |
136 | if (!sock_flag(sk, SOCK_DEAD)) |
137 | sk->sk_state_change(sk); | |
138 | break; | |
139 | } | |
b020fcf6 MS |
140 | case X25_CALL_REQUEST: |
141 | /* call collision */ | |
142 | x25->causediag.cause = 0x01; | |
143 | x25->causediag.diagnostic = 0x48; | |
144 | ||
145 | x25_write_internal(sk, X25_CLEAR_REQUEST); | |
146 | x25_disconnect(sk, EISCONN, 0x01, 0x48); | |
147 | break; | |
148 | ||
fddc5f3e | 149 | case X25_CLEAR_REQUEST: |
cb101ed2 MD |
150 | if (!pskb_may_pull(skb, X25_STD_MIN_LEN + 2)) |
151 | goto out_clear; | |
152 | ||
fddc5f3e JP |
153 | x25_write_internal(sk, X25_CLEAR_CONFIRMATION); |
154 | x25_disconnect(sk, ECONNREFUSED, skb->data[3], skb->data[4]); | |
155 | break; | |
1da177e4 | 156 | |
fddc5f3e JP |
157 | default: |
158 | break; | |
1da177e4 LT |
159 | } |
160 | ||
161 | return 0; | |
95c30430 | 162 | |
163 | out_clear: | |
164 | x25_write_internal(sk, X25_CLEAR_REQUEST); | |
165 | x25->state = X25_STATE_2; | |
166 | x25_start_t23timer(sk); | |
167 | return 0; | |
1da177e4 LT |
168 | } |
169 | ||
170 | /* | |
171 | * State machine for state 2, Awaiting Clear Confirmation State. | |
172 | * The handling of the timer(s) is in file x25_timer.c | |
173 | * Handling of state 0 and connection release is in af_x25.c. | |
174 | */ | |
175 | static int x25_state2_machine(struct sock *sk, struct sk_buff *skb, int frametype) | |
176 | { | |
177 | switch (frametype) { | |
178 | ||
179 | case X25_CLEAR_REQUEST: | |
cb101ed2 MD |
180 | if (!pskb_may_pull(skb, X25_STD_MIN_LEN + 2)) |
181 | goto out_clear; | |
182 | ||
1da177e4 LT |
183 | x25_write_internal(sk, X25_CLEAR_CONFIRMATION); |
184 | x25_disconnect(sk, 0, skb->data[3], skb->data[4]); | |
185 | break; | |
186 | ||
187 | case X25_CLEAR_CONFIRMATION: | |
188 | x25_disconnect(sk, 0, 0, 0); | |
189 | break; | |
190 | ||
191 | default: | |
192 | break; | |
193 | } | |
194 | ||
195 | return 0; | |
cb101ed2 MD |
196 | |
197 | out_clear: | |
198 | x25_write_internal(sk, X25_CLEAR_REQUEST); | |
199 | x25_start_t23timer(sk); | |
200 | return 0; | |
1da177e4 LT |
201 | } |
202 | ||
203 | /* | |
204 | * State machine for state 3, Connected State. | |
205 | * The handling of the timer(s) is in file x25_timer.c | |
206 | * Handling of state 0 and connection release is in af_x25.c. | |
207 | */ | |
208 | static int x25_state3_machine(struct sock *sk, struct sk_buff *skb, int frametype, int ns, int nr, int q, int d, int m) | |
209 | { | |
210 | int queued = 0; | |
211 | int modulus; | |
212 | struct x25_sock *x25 = x25_sk(sk); | |
f8e1d201 | 213 | |
1da177e4 LT |
214 | modulus = (x25->neighbour->extended) ? X25_EMODULUS : X25_SMODULUS; |
215 | ||
216 | switch (frametype) { | |
217 | ||
218 | case X25_RESET_REQUEST: | |
219 | x25_write_internal(sk, X25_RESET_CONFIRMATION); | |
220 | x25_stop_timer(sk); | |
221 | x25->condition = 0x00; | |
222 | x25->vs = 0; | |
223 | x25->vr = 0; | |
224 | x25->va = 0; | |
225 | x25->vl = 0; | |
226 | x25_requeue_frames(sk); | |
227 | break; | |
228 | ||
229 | case X25_CLEAR_REQUEST: | |
cb101ed2 MD |
230 | if (!pskb_may_pull(skb, X25_STD_MIN_LEN + 2)) |
231 | goto out_clear; | |
232 | ||
1da177e4 LT |
233 | x25_write_internal(sk, X25_CLEAR_CONFIRMATION); |
234 | x25_disconnect(sk, 0, skb->data[3], skb->data[4]); | |
235 | break; | |
236 | ||
237 | case X25_RR: | |
238 | case X25_RNR: | |
239 | if (!x25_validate_nr(sk, nr)) { | |
240 | x25_clear_queues(sk); | |
241 | x25_write_internal(sk, X25_RESET_REQUEST); | |
242 | x25_start_t22timer(sk); | |
243 | x25->condition = 0x00; | |
244 | x25->vs = 0; | |
245 | x25->vr = 0; | |
246 | x25->va = 0; | |
247 | x25->vl = 0; | |
248 | x25->state = X25_STATE_4; | |
249 | } else { | |
250 | x25_frames_acked(sk, nr); | |
251 | if (frametype == X25_RNR) { | |
252 | x25->condition |= X25_COND_PEER_RX_BUSY; | |
253 | } else { | |
254 | x25->condition &= ~X25_COND_PEER_RX_BUSY; | |
255 | } | |
256 | } | |
257 | break; | |
258 | ||
259 | case X25_DATA: /* XXX */ | |
260 | x25->condition &= ~X25_COND_PEER_RX_BUSY; | |
261 | if ((ns != x25->vr) || !x25_validate_nr(sk, nr)) { | |
262 | x25_clear_queues(sk); | |
263 | x25_write_internal(sk, X25_RESET_REQUEST); | |
264 | x25_start_t22timer(sk); | |
265 | x25->condition = 0x00; | |
266 | x25->vs = 0; | |
267 | x25->vr = 0; | |
268 | x25->va = 0; | |
269 | x25->vl = 0; | |
270 | x25->state = X25_STATE_4; | |
271 | break; | |
272 | } | |
273 | x25_frames_acked(sk, nr); | |
274 | if (ns == x25->vr) { | |
275 | if (x25_queue_rx_frame(sk, skb, m) == 0) { | |
276 | x25->vr = (x25->vr + 1) % modulus; | |
277 | queued = 1; | |
278 | } else { | |
279 | /* Should never happen */ | |
280 | x25_clear_queues(sk); | |
281 | x25_write_internal(sk, X25_RESET_REQUEST); | |
282 | x25_start_t22timer(sk); | |
283 | x25->condition = 0x00; | |
284 | x25->vs = 0; | |
285 | x25->vr = 0; | |
286 | x25->va = 0; | |
287 | x25->vl = 0; | |
288 | x25->state = X25_STATE_4; | |
289 | break; | |
290 | } | |
291 | if (atomic_read(&sk->sk_rmem_alloc) > | |
6bf1574e | 292 | (sk->sk_rcvbuf >> 1)) |
1da177e4 LT |
293 | x25->condition |= X25_COND_OWN_RX_BUSY; |
294 | } | |
295 | /* | |
296 | * If the window is full Ack it immediately, else | |
297 | * start the holdback timer. | |
298 | */ | |
299 | if (((x25->vl + x25->facilities.winsize_in) % modulus) == x25->vr) { | |
300 | x25->condition &= ~X25_COND_ACK_PENDING; | |
301 | x25_stop_timer(sk); | |
302 | x25_enquiry_response(sk); | |
303 | } else { | |
304 | x25->condition |= X25_COND_ACK_PENDING; | |
305 | x25_start_t2timer(sk); | |
306 | } | |
307 | break; | |
308 | ||
309 | case X25_INTERRUPT_CONFIRMATION: | |
b7792e34 | 310 | clear_bit(X25_INTERRUPT_FLAG, &x25->flags); |
1da177e4 LT |
311 | break; |
312 | ||
313 | case X25_INTERRUPT: | |
314 | if (sock_flag(sk, SOCK_URGINLINE)) | |
315 | queued = !sock_queue_rcv_skb(sk, skb); | |
316 | else { | |
317 | skb_set_owner_r(skb, sk); | |
318 | skb_queue_tail(&x25->interrupt_in_queue, skb); | |
319 | queued = 1; | |
320 | } | |
321 | sk_send_sigurg(sk); | |
322 | x25_write_internal(sk, X25_INTERRUPT_CONFIRMATION); | |
323 | break; | |
324 | ||
325 | default: | |
b73e9e3c | 326 | pr_warn("unknown %02X in state 3\n", frametype); |
1da177e4 LT |
327 | break; |
328 | } | |
329 | ||
330 | return queued; | |
cb101ed2 MD |
331 | |
332 | out_clear: | |
333 | x25_write_internal(sk, X25_CLEAR_REQUEST); | |
334 | x25->state = X25_STATE_2; | |
335 | x25_start_t23timer(sk); | |
336 | return 0; | |
1da177e4 LT |
337 | } |
338 | ||
339 | /* | |
340 | * State machine for state 4, Awaiting Reset Confirmation State. | |
341 | * The handling of the timer(s) is in file x25_timer.c | |
342 | * Handling of state 0 and connection release is in af_x25.c. | |
343 | */ | |
344 | static int x25_state4_machine(struct sock *sk, struct sk_buff *skb, int frametype) | |
345 | { | |
cb101ed2 MD |
346 | struct x25_sock *x25 = x25_sk(sk); |
347 | ||
1da177e4 LT |
348 | switch (frametype) { |
349 | ||
350 | case X25_RESET_REQUEST: | |
351 | x25_write_internal(sk, X25_RESET_CONFIRMATION); | |
df561f66 | 352 | fallthrough; |
1da177e4 | 353 | case X25_RESET_CONFIRMATION: { |
1da177e4 LT |
354 | x25_stop_timer(sk); |
355 | x25->condition = 0x00; | |
356 | x25->va = 0; | |
357 | x25->vr = 0; | |
358 | x25->vs = 0; | |
359 | x25->vl = 0; | |
360 | x25->state = X25_STATE_3; | |
361 | x25_requeue_frames(sk); | |
362 | break; | |
363 | } | |
364 | case X25_CLEAR_REQUEST: | |
cb101ed2 MD |
365 | if (!pskb_may_pull(skb, X25_STD_MIN_LEN + 2)) |
366 | goto out_clear; | |
367 | ||
1da177e4 LT |
368 | x25_write_internal(sk, X25_CLEAR_CONFIRMATION); |
369 | x25_disconnect(sk, 0, skb->data[3], skb->data[4]); | |
370 | break; | |
371 | ||
372 | default: | |
373 | break; | |
374 | } | |
375 | ||
376 | return 0; | |
cb101ed2 MD |
377 | |
378 | out_clear: | |
379 | x25_write_internal(sk, X25_CLEAR_REQUEST); | |
380 | x25->state = X25_STATE_2; | |
381 | x25_start_t23timer(sk); | |
382 | return 0; | |
1da177e4 LT |
383 | } |
384 | ||
f8fc57e8 MS |
385 | /* |
386 | * State machine for state 5, Call Accepted / Call Connected pending (X25_ACCPT_APPRV_FLAG). | |
387 | * The handling of the timer(s) is in file x25_timer.c | |
388 | * Handling of state 0 and connection release is in af_x25.c. | |
389 | */ | |
390 | static int x25_state5_machine(struct sock *sk, struct sk_buff *skb, int frametype) | |
391 | { | |
392 | struct x25_sock *x25 = x25_sk(sk); | |
393 | ||
394 | switch (frametype) { | |
395 | case X25_CLEAR_REQUEST: | |
396 | if (!pskb_may_pull(skb, X25_STD_MIN_LEN + 2)) { | |
397 | x25_write_internal(sk, X25_CLEAR_REQUEST); | |
398 | x25->state = X25_STATE_2; | |
399 | x25_start_t23timer(sk); | |
400 | return 0; | |
401 | } | |
402 | ||
403 | x25_write_internal(sk, X25_CLEAR_CONFIRMATION); | |
404 | x25_disconnect(sk, 0, skb->data[3], skb->data[4]); | |
405 | break; | |
406 | ||
407 | default: | |
408 | break; | |
409 | } | |
410 | ||
411 | return 0; | |
412 | } | |
413 | ||
1da177e4 LT |
414 | /* Higher level upcall for a LAPB frame */ |
415 | int x25_process_rx_frame(struct sock *sk, struct sk_buff *skb) | |
416 | { | |
417 | struct x25_sock *x25 = x25_sk(sk); | |
418 | int queued = 0, frametype, ns, nr, q, d, m; | |
419 | ||
420 | if (x25->state == X25_STATE_0) | |
421 | return 0; | |
422 | ||
423 | frametype = x25_decode(sk, skb, &ns, &nr, &q, &d, &m); | |
424 | ||
425 | switch (x25->state) { | |
fddc5f3e JP |
426 | case X25_STATE_1: |
427 | queued = x25_state1_machine(sk, skb, frametype); | |
428 | break; | |
429 | case X25_STATE_2: | |
430 | queued = x25_state2_machine(sk, skb, frametype); | |
431 | break; | |
432 | case X25_STATE_3: | |
433 | queued = x25_state3_machine(sk, skb, frametype, ns, nr, q, d, m); | |
434 | break; | |
435 | case X25_STATE_4: | |
436 | queued = x25_state4_machine(sk, skb, frametype); | |
437 | break; | |
f8fc57e8 MS |
438 | case X25_STATE_5: |
439 | queued = x25_state5_machine(sk, skb, frametype); | |
440 | break; | |
1da177e4 LT |
441 | } |
442 | ||
443 | x25_kick(sk); | |
444 | ||
445 | return queued; | |
446 | } | |
447 | ||
448 | int x25_backlog_rcv(struct sock *sk, struct sk_buff *skb) | |
449 | { | |
450 | int queued = x25_process_rx_frame(sk, skb); | |
451 | ||
452 | if (!queued) | |
453 | kfree_skb(skb); | |
454 | ||
455 | return 0; | |
456 | } |