1 /*
2  * This program is free software; you can redistribute it and/or modify
3  * it under the terms of the GNU General Public License as published by
4  * the Free Software Foundation; either version 2 of the License, or
5  * (at your option) any later version.
6  *
7  * Copyright (C) Alan Cox GW4PTS (alan@lxorguk.ukuu.org.uk)
8  * Copyright (C) Jonathan Naylor G4KLX (g4klx@g4klx.demon.co.uk)
9  * Copyright (C) Joerg Reuter DL1BKE (jreuter@yaina.de)
10  * Copyright (C) Frederic Rible F1OAT (frible@teaser.fr)
11  */
12 #include <linux/errno.h>
13 #include <linux/types.h>
14 #include <linux/socket.h>
15 #include <linux/in.h>
16 #include <linux/kernel.h>
17 #include <linux/timer.h>
18 #include <linux/string.h>
19 #include <linux/sockios.h>
20 #include <linux/net.h>
21 #include <linux/slab.h>
22 #include <net/ax25.h>
23 #include <linux/inet.h>
24 #include <linux/netdevice.h>
25 #include <linux/skbuff.h>
26 #include <net/sock.h>
27 #include <net/tcp_states.h>
28 #include <asm/uaccess.h>
29 #include <linux/fcntl.h>
30 #include <linux/mm.h>
31 #include <linux/interrupt.h>
32 
33 /*
34  *	This routine purges all the queues of frames.
35  */
ax25_clear_queues(ax25_cb * ax25)36 void ax25_clear_queues(ax25_cb *ax25)
37 {
38 	skb_queue_purge(&ax25->write_queue);
39 	skb_queue_purge(&ax25->ack_queue);
40 	skb_queue_purge(&ax25->reseq_queue);
41 	skb_queue_purge(&ax25->frag_queue);
42 }
43 
44 /*
45  * This routine purges the input queue of those frames that have been
46  * acknowledged. This replaces the boxes labelled "V(a) <- N(r)" on the
47  * SDL diagram.
48  */
ax25_frames_acked(ax25_cb * ax25,unsigned short nr)49 void ax25_frames_acked(ax25_cb *ax25, unsigned short nr)
50 {
51 	struct sk_buff *skb;
52 
53 	/*
54 	 * Remove all the ack-ed frames from the ack queue.
55 	 */
56 	if (ax25->va != nr) {
57 		while (skb_peek(&ax25->ack_queue) != NULL && ax25->va != nr) {
58 			skb = skb_dequeue(&ax25->ack_queue);
59 			kfree_skb(skb);
60 			ax25->va = (ax25->va + 1) % ax25->modulus;
61 		}
62 	}
63 }
64 
ax25_requeue_frames(ax25_cb * ax25)65 void ax25_requeue_frames(ax25_cb *ax25)
66 {
67 	struct sk_buff *skb;
68 
69 	/*
70 	 * Requeue all the un-ack-ed frames on the output queue to be picked
71 	 * up by ax25_kick called from the timer. This arrangement handles the
72 	 * possibility of an empty output queue.
73 	 */
74 	while ((skb = skb_dequeue_tail(&ax25->ack_queue)) != NULL)
75 		skb_queue_head(&ax25->write_queue, skb);
76 }
77 
78 /*
79  *	Validate that the value of nr is between va and vs. Return true or
80  *	false for testing.
81  */
ax25_validate_nr(ax25_cb * ax25,unsigned short nr)82 int ax25_validate_nr(ax25_cb *ax25, unsigned short nr)
83 {
84 	unsigned short vc = ax25->va;
85 
86 	while (vc != ax25->vs) {
87 		if (nr == vc) return 1;
88 		vc = (vc + 1) % ax25->modulus;
89 	}
90 
91 	if (nr == ax25->vs) return 1;
92 
93 	return 0;
94 }
95 
96 /*
97  *	This routine is the centralised routine for parsing the control
98  *	information for the different frame formats.
99  */
ax25_decode(ax25_cb * ax25,struct sk_buff * skb,int * ns,int * nr,int * pf)100 int ax25_decode(ax25_cb *ax25, struct sk_buff *skb, int *ns, int *nr, int *pf)
101 {
102 	unsigned char *frame;
103 	int frametype = AX25_ILLEGAL;
104 
105 	frame = skb->data;
106 	*ns = *nr = *pf = 0;
107 
108 	if (ax25->modulus == AX25_MODULUS) {
109 		if ((frame[0] & AX25_S) == 0) {
110 			frametype = AX25_I;			/* I frame - carries NR/NS/PF */
111 			*ns = (frame[0] >> 1) & 0x07;
112 			*nr = (frame[0] >> 5) & 0x07;
113 			*pf = frame[0] & AX25_PF;
114 		} else if ((frame[0] & AX25_U) == 1) { 	/* S frame - take out PF/NR */
115 			frametype = frame[0] & 0x0F;
116 			*nr = (frame[0] >> 5) & 0x07;
117 			*pf = frame[0] & AX25_PF;
118 		} else if ((frame[0] & AX25_U) == 3) { 	/* U frame - take out PF */
119 			frametype = frame[0] & ~AX25_PF;
120 			*pf = frame[0] & AX25_PF;
121 		}
122 		skb_pull(skb, 1);
123 	} else {
124 		if ((frame[0] & AX25_S) == 0) {
125 			frametype = AX25_I;			/* I frame - carries NR/NS/PF */
126 			*ns = (frame[0] >> 1) & 0x7F;
127 			*nr = (frame[1] >> 1) & 0x7F;
128 			*pf = frame[1] & AX25_EPF;
129 			skb_pull(skb, 2);
130 		} else if ((frame[0] & AX25_U) == 1) { 	/* S frame - take out PF/NR */
131 			frametype = frame[0] & 0x0F;
132 			*nr = (frame[1] >> 1) & 0x7F;
133 			*pf = frame[1] & AX25_EPF;
134 			skb_pull(skb, 2);
135 		} else if ((frame[0] & AX25_U) == 3) { 	/* U frame - take out PF */
136 			frametype = frame[0] & ~AX25_PF;
137 			*pf = frame[0] & AX25_PF;
138 			skb_pull(skb, 1);
139 		}
140 	}
141 
142 	return frametype;
143 }
144 
145 /*
146  *	This routine is called when the HDLC layer internally  generates a
147  *	command or  response  for  the remote machine ( eg. RR, UA etc. ).
148  *	Only supervisory or unnumbered frames are processed.
149  */
ax25_send_control(ax25_cb * ax25,int frametype,int poll_bit,int type)150 void ax25_send_control(ax25_cb *ax25, int frametype, int poll_bit, int type)
151 {
152 	struct sk_buff *skb;
153 	unsigned char  *dptr;
154 
155 	if ((skb = alloc_skb(ax25->ax25_dev->dev->hard_header_len + 2, GFP_ATOMIC)) == NULL)
156 		return;
157 
158 	skb_reserve(skb, ax25->ax25_dev->dev->hard_header_len);
159 
160 	skb_reset_network_header(skb);
161 
162 	/* Assume a response - address structure for DTE */
163 	if (ax25->modulus == AX25_MODULUS) {
164 		dptr = skb_put(skb, 1);
165 		*dptr = frametype;
166 		*dptr |= (poll_bit) ? AX25_PF : 0;
167 		if ((frametype & AX25_U) == AX25_S)		/* S frames carry NR */
168 			*dptr |= (ax25->vr << 5);
169 	} else {
170 		if ((frametype & AX25_U) == AX25_U) {
171 			dptr = skb_put(skb, 1);
172 			*dptr = frametype;
173 			*dptr |= (poll_bit) ? AX25_PF : 0;
174 		} else {
175 			dptr = skb_put(skb, 2);
176 			dptr[0] = frametype;
177 			dptr[1] = (ax25->vr << 1);
178 			dptr[1] |= (poll_bit) ? AX25_EPF : 0;
179 		}
180 	}
181 
182 	ax25_transmit_buffer(ax25, skb, type);
183 }
184 
185 /*
186  *	Send a 'DM' to an unknown connection attempt, or an invalid caller.
187  *
188  *	Note: src here is the sender, thus it's the target of the DM
189  */
ax25_return_dm(struct net_device * dev,ax25_address * src,ax25_address * dest,ax25_digi * digi)190 void ax25_return_dm(struct net_device *dev, ax25_address *src, ax25_address *dest, ax25_digi *digi)
191 {
192 	struct sk_buff *skb;
193 	char *dptr;
194 	ax25_digi retdigi;
195 
196 	if (dev == NULL)
197 		return;
198 
199 	if ((skb = alloc_skb(dev->hard_header_len + 1, GFP_ATOMIC)) == NULL)
200 		return;	/* Next SABM will get DM'd */
201 
202 	skb_reserve(skb, dev->hard_header_len);
203 	skb_reset_network_header(skb);
204 
205 	ax25_digi_invert(digi, &retdigi);
206 
207 	dptr = skb_put(skb, 1);
208 
209 	*dptr = AX25_DM | AX25_PF;
210 
211 	/*
212 	 *	Do the address ourselves
213 	 */
214 	dptr  = skb_push(skb, ax25_addr_size(digi));
215 	dptr += ax25_addr_build(dptr, dest, src, &retdigi, AX25_RESPONSE, AX25_MODULUS);
216 
217 	ax25_queue_xmit(skb, dev);
218 }
219 
220 /*
221  *	Exponential backoff for AX.25
222  */
ax25_calculate_t1(ax25_cb * ax25)223 void ax25_calculate_t1(ax25_cb *ax25)
224 {
225 	int n, t = 2;
226 
227 	switch (ax25->backoff) {
228 	case 0:
229 		break;
230 
231 	case 1:
232 		t += 2 * ax25->n2count;
233 		break;
234 
235 	case 2:
236 		for (n = 0; n < ax25->n2count; n++)
237 			t *= 2;
238 		if (t > 8) t = 8;
239 		break;
240 	}
241 
242 	ax25->t1 = t * ax25->rtt;
243 }
244 
245 /*
246  *	Calculate the Round Trip Time
247  */
ax25_calculate_rtt(ax25_cb * ax25)248 void ax25_calculate_rtt(ax25_cb *ax25)
249 {
250 	if (ax25->backoff == 0)
251 		return;
252 
253 	if (ax25_t1timer_running(ax25) && ax25->n2count == 0)
254 		ax25->rtt = (9 * ax25->rtt + ax25->t1 - ax25_display_timer(&ax25->t1timer)) / 10;
255 
256 	if (ax25->rtt < AX25_T1CLAMPLO)
257 		ax25->rtt = AX25_T1CLAMPLO;
258 
259 	if (ax25->rtt > AX25_T1CLAMPHI)
260 		ax25->rtt = AX25_T1CLAMPHI;
261 }
262 
ax25_disconnect(ax25_cb * ax25,int reason)263 void ax25_disconnect(ax25_cb *ax25, int reason)
264 {
265 	ax25_clear_queues(ax25);
266 
267 	ax25_stop_t1timer(ax25);
268 	ax25_stop_t2timer(ax25);
269 	ax25_stop_t3timer(ax25);
270 	ax25_stop_idletimer(ax25);
271 
272 	ax25->state = AX25_STATE_0;
273 
274 	ax25_link_failed(ax25, reason);
275 
276 	if (ax25->sk != NULL) {
277 		local_bh_disable();
278 		bh_lock_sock(ax25->sk);
279 		ax25->sk->sk_state     = TCP_CLOSE;
280 		ax25->sk->sk_err       = reason;
281 		ax25->sk->sk_shutdown |= SEND_SHUTDOWN;
282 		if (!sock_flag(ax25->sk, SOCK_DEAD)) {
283 			ax25->sk->sk_state_change(ax25->sk);
284 			sock_set_flag(ax25->sk, SOCK_DEAD);
285 		}
286 		bh_unlock_sock(ax25->sk);
287 		local_bh_enable();
288 	}
289 }
290