1 /*
2 * DECnet An implementation of the DECnet protocol suite for the LINUX
3 * operating system. DECnet is implemented using the BSD Socket
4 * interface as the means of communication with the user level.
5 *
6 * DECnet Network Services Protocol (Input)
7 *
8 * Author: Eduardo Marcelo Serrat <emserrat@geocities.com>
9 *
10 * Changes:
11 *
12 * Steve Whitehouse: Split into dn_nsp_in.c and dn_nsp_out.c from
13 * original dn_nsp.c.
14 * Steve Whitehouse: Updated to work with my new routing architecture.
15 * Steve Whitehouse: Add changes from Eduardo Serrat's patches.
16 * Steve Whitehouse: Put all ack handling code in a common routine.
17 * Steve Whitehouse: Put other common bits into dn_nsp_rx()
18 * Steve Whitehouse: More checks on skb->len to catch bogus packets
19 * Fixed various race conditions and possible nasties.
20 * Steve Whitehouse: Now handles returned conninit frames.
21 * David S. Miller: New socket locking
22 * Steve Whitehouse: Fixed lockup when socket filtering was enabled.
23 * Paul Koning: Fix to push CC sockets into RUN when acks are
24 * received.
25 * Steve Whitehouse:
26 * Patrick Caulfield: Checking conninits for correctness & sending of error
27 * responses.
28 * Steve Whitehouse: Added backlog congestion level return codes.
29 * Patrick Caulfield:
30 * Steve Whitehouse: Added flow control support (outbound)
31 * Steve Whitehouse: Prepare for nonlinear skbs
32 */
33
34 /******************************************************************************
35 (c) 1995-1998 E.M. Serrat emserrat@geocities.com
36
37 This program is free software; you can redistribute it and/or modify
38 it under the terms of the GNU General Public License as published by
39 the Free Software Foundation; either version 2 of the License, or
40 any later version.
41
42 This program is distributed in the hope that it will be useful,
43 but WITHOUT ANY WARRANTY; without even the implied warranty of
44 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
45 GNU General Public License for more details.
46 *******************************************************************************/
47
48 #include <linux/errno.h>
49 #include <linux/types.h>
50 #include <linux/socket.h>
51 #include <linux/in.h>
52 #include <linux/kernel.h>
53 #include <linux/timer.h>
54 #include <linux/string.h>
55 #include <linux/sockios.h>
56 #include <linux/net.h>
57 #include <linux/netdevice.h>
58 #include <linux/inet.h>
59 #include <linux/route.h>
60 #include <linux/slab.h>
61 #include <net/sock.h>
62 #include <net/tcp_states.h>
63 #include <linux/fcntl.h>
64 #include <linux/mm.h>
65 #include <linux/termios.h>
66 #include <linux/interrupt.h>
67 #include <linux/proc_fs.h>
68 #include <linux/stat.h>
69 #include <linux/init.h>
70 #include <linux/poll.h>
71 #include <linux/netfilter_decnet.h>
72 #include <net/neighbour.h>
73 #include <net/dst.h>
74 #include <net/dn.h>
75 #include <net/dn_nsp.h>
76 #include <net/dn_dev.h>
77 #include <net/dn_route.h>
78
79 extern int decnet_log_martians;
80
dn_log_martian(struct sk_buff * skb,const char * msg)81 static void dn_log_martian(struct sk_buff *skb, const char *msg)
82 {
83 if (decnet_log_martians && net_ratelimit()) {
84 char *devname = skb->dev ? skb->dev->name : "???";
85 struct dn_skb_cb *cb = DN_SKB_CB(skb);
86 printk(KERN_INFO "DECnet: Martian packet (%s) dev=%s src=0x%04hx dst=0x%04hx srcport=0x%04hx dstport=0x%04hx\n",
87 msg, devname, le16_to_cpu(cb->src), le16_to_cpu(cb->dst),
88 le16_to_cpu(cb->src_port), le16_to_cpu(cb->dst_port));
89 }
90 }
91
92 /*
93 * For this function we've flipped the cross-subchannel bit
94 * if the message is an otherdata or linkservice message. Thus
95 * we can use it to work out what to update.
96 */
dn_ack(struct sock * sk,struct sk_buff * skb,unsigned short ack)97 static void dn_ack(struct sock *sk, struct sk_buff *skb, unsigned short ack)
98 {
99 struct dn_scp *scp = DN_SK(sk);
100 unsigned short type = ((ack >> 12) & 0x0003);
101 int wakeup = 0;
102
103 switch (type) {
104 case 0: /* ACK - Data */
105 if (dn_after(ack, scp->ackrcv_dat)) {
106 scp->ackrcv_dat = ack & 0x0fff;
107 wakeup |= dn_nsp_check_xmit_queue(sk, skb,
108 &scp->data_xmit_queue,
109 ack);
110 }
111 break;
112 case 1: /* NAK - Data */
113 break;
114 case 2: /* ACK - OtherData */
115 if (dn_after(ack, scp->ackrcv_oth)) {
116 scp->ackrcv_oth = ack & 0x0fff;
117 wakeup |= dn_nsp_check_xmit_queue(sk, skb,
118 &scp->other_xmit_queue,
119 ack);
120 }
121 break;
122 case 3: /* NAK - OtherData */
123 break;
124 }
125
126 if (wakeup && !sock_flag(sk, SOCK_DEAD))
127 sk->sk_state_change(sk);
128 }
129
130 /*
131 * This function is a universal ack processor.
132 */
dn_process_ack(struct sock * sk,struct sk_buff * skb,int oth)133 static int dn_process_ack(struct sock *sk, struct sk_buff *skb, int oth)
134 {
135 __le16 *ptr = (__le16 *)skb->data;
136 int len = 0;
137 unsigned short ack;
138
139 if (skb->len < 2)
140 return len;
141
142 if ((ack = le16_to_cpu(*ptr)) & 0x8000) {
143 skb_pull(skb, 2);
144 ptr++;
145 len += 2;
146 if ((ack & 0x4000) == 0) {
147 if (oth)
148 ack ^= 0x2000;
149 dn_ack(sk, skb, ack);
150 }
151 }
152
153 if (skb->len < 2)
154 return len;
155
156 if ((ack = le16_to_cpu(*ptr)) & 0x8000) {
157 skb_pull(skb, 2);
158 len += 2;
159 if ((ack & 0x4000) == 0) {
160 if (oth)
161 ack ^= 0x2000;
162 dn_ack(sk, skb, ack);
163 }
164 }
165
166 return len;
167 }
168
169
170 /**
171 * dn_check_idf - Check an image data field format is correct.
172 * @pptr: Pointer to pointer to image data
173 * @len: Pointer to length of image data
174 * @max: The maximum allowed length of the data in the image data field
175 * @follow_on: Check that this many bytes exist beyond the end of the image data
176 *
177 * Returns: 0 if ok, -1 on error
178 */
dn_check_idf(unsigned char ** pptr,int * len,unsigned char max,unsigned char follow_on)179 static inline int dn_check_idf(unsigned char **pptr, int *len, unsigned char max, unsigned char follow_on)
180 {
181 unsigned char *ptr = *pptr;
182 unsigned char flen = *ptr++;
183
184 (*len)--;
185 if (flen > max)
186 return -1;
187 if ((flen + follow_on) > *len)
188 return -1;
189
190 *len -= flen;
191 *pptr = ptr + flen;
192 return 0;
193 }
194
195 /*
196 * Table of reason codes to pass back to node which sent us a badly
197 * formed message, plus text messages for the log. A zero entry in
198 * the reason field means "don't reply" otherwise a disc init is sent with
199 * the specified reason code.
200 */
201 static struct {
202 unsigned short reason;
203 const char *text;
204 } ci_err_table[] = {
205 { 0, "CI: Truncated message" },
206 { NSP_REASON_ID, "CI: Destination username error" },
207 { NSP_REASON_ID, "CI: Destination username type" },
208 { NSP_REASON_US, "CI: Source username error" },
209 { 0, "CI: Truncated at menuver" },
210 { 0, "CI: Truncated before access or user data" },
211 { NSP_REASON_IO, "CI: Access data format error" },
212 { NSP_REASON_IO, "CI: User data format error" }
213 };
214
215 /*
216 * This function uses a slightly different lookup method
217 * to find its sockets, since it searches on object name/number
218 * rather than port numbers. Various tests are done to ensure that
219 * the incoming data is in the correct format before it is queued to
220 * a socket.
221 */
dn_find_listener(struct sk_buff * skb,unsigned short * reason)222 static struct sock *dn_find_listener(struct sk_buff *skb, unsigned short *reason)
223 {
224 struct dn_skb_cb *cb = DN_SKB_CB(skb);
225 struct nsp_conn_init_msg *msg = (struct nsp_conn_init_msg *)skb->data;
226 struct sockaddr_dn dstaddr;
227 struct sockaddr_dn srcaddr;
228 unsigned char type = 0;
229 int dstlen;
230 int srclen;
231 unsigned char *ptr;
232 int len;
233 int err = 0;
234 unsigned char menuver;
235
236 memset(&dstaddr, 0, sizeof(struct sockaddr_dn));
237 memset(&srcaddr, 0, sizeof(struct sockaddr_dn));
238
239 /*
240 * 1. Decode & remove message header
241 */
242 cb->src_port = msg->srcaddr;
243 cb->dst_port = msg->dstaddr;
244 cb->services = msg->services;
245 cb->info = msg->info;
246 cb->segsize = le16_to_cpu(msg->segsize);
247
248 if (!pskb_may_pull(skb, sizeof(*msg)))
249 goto err_out;
250
251 skb_pull(skb, sizeof(*msg));
252
253 len = skb->len;
254 ptr = skb->data;
255
256 /*
257 * 2. Check destination end username format
258 */
259 dstlen = dn_username2sockaddr(ptr, len, &dstaddr, &type);
260 err++;
261 if (dstlen < 0)
262 goto err_out;
263
264 err++;
265 if (type > 1)
266 goto err_out;
267
268 len -= dstlen;
269 ptr += dstlen;
270
271 /*
272 * 3. Check source end username format
273 */
274 srclen = dn_username2sockaddr(ptr, len, &srcaddr, &type);
275 err++;
276 if (srclen < 0)
277 goto err_out;
278
279 len -= srclen;
280 ptr += srclen;
281 err++;
282 if (len < 1)
283 goto err_out;
284
285 menuver = *ptr;
286 ptr++;
287 len--;
288
289 /*
290 * 4. Check that optional data actually exists if menuver says it does
291 */
292 err++;
293 if ((menuver & (DN_MENUVER_ACC | DN_MENUVER_USR)) && (len < 1))
294 goto err_out;
295
296 /*
297 * 5. Check optional access data format
298 */
299 err++;
300 if (menuver & DN_MENUVER_ACC) {
301 if (dn_check_idf(&ptr, &len, 39, 1))
302 goto err_out;
303 if (dn_check_idf(&ptr, &len, 39, 1))
304 goto err_out;
305 if (dn_check_idf(&ptr, &len, 39, (menuver & DN_MENUVER_USR) ? 1 : 0))
306 goto err_out;
307 }
308
309 /*
310 * 6. Check optional user data format
311 */
312 err++;
313 if (menuver & DN_MENUVER_USR) {
314 if (dn_check_idf(&ptr, &len, 16, 0))
315 goto err_out;
316 }
317
318 /*
319 * 7. Look up socket based on destination end username
320 */
321 return dn_sklist_find_listener(&dstaddr);
322 err_out:
323 dn_log_martian(skb, ci_err_table[err].text);
324 *reason = ci_err_table[err].reason;
325 return NULL;
326 }
327
328
dn_nsp_conn_init(struct sock * sk,struct sk_buff * skb)329 static void dn_nsp_conn_init(struct sock *sk, struct sk_buff *skb)
330 {
331 if (sk_acceptq_is_full(sk)) {
332 kfree_skb(skb);
333 return;
334 }
335
336 sk->sk_ack_backlog++;
337 skb_queue_tail(&sk->sk_receive_queue, skb);
338 sk->sk_state_change(sk);
339 }
340
dn_nsp_conn_conf(struct sock * sk,struct sk_buff * skb)341 static void dn_nsp_conn_conf(struct sock *sk, struct sk_buff *skb)
342 {
343 struct dn_skb_cb *cb = DN_SKB_CB(skb);
344 struct dn_scp *scp = DN_SK(sk);
345 unsigned char *ptr;
346
347 if (skb->len < 4)
348 goto out;
349
350 ptr = skb->data;
351 cb->services = *ptr++;
352 cb->info = *ptr++;
353 cb->segsize = le16_to_cpu(*(__le16 *)ptr);
354
355 if ((scp->state == DN_CI) || (scp->state == DN_CD)) {
356 scp->persist = 0;
357 scp->addrrem = cb->src_port;
358 sk->sk_state = TCP_ESTABLISHED;
359 scp->state = DN_RUN;
360 scp->services_rem = cb->services;
361 scp->info_rem = cb->info;
362 scp->segsize_rem = cb->segsize;
363
364 if ((scp->services_rem & NSP_FC_MASK) == NSP_FC_NONE)
365 scp->max_window = decnet_no_fc_max_cwnd;
366
367 if (skb->len > 0) {
368 u16 dlen = *skb->data;
369 if ((dlen <= 16) && (dlen <= skb->len)) {
370 scp->conndata_in.opt_optl = cpu_to_le16(dlen);
371 skb_copy_from_linear_data_offset(skb, 1,
372 scp->conndata_in.opt_data, dlen);
373 }
374 }
375 dn_nsp_send_link(sk, DN_NOCHANGE, 0);
376 if (!sock_flag(sk, SOCK_DEAD))
377 sk->sk_state_change(sk);
378 }
379
380 out:
381 kfree_skb(skb);
382 }
383
dn_nsp_conn_ack(struct sock * sk,struct sk_buff * skb)384 static void dn_nsp_conn_ack(struct sock *sk, struct sk_buff *skb)
385 {
386 struct dn_scp *scp = DN_SK(sk);
387
388 if (scp->state == DN_CI) {
389 scp->state = DN_CD;
390 scp->persist = 0;
391 }
392
393 kfree_skb(skb);
394 }
395
dn_nsp_disc_init(struct sock * sk,struct sk_buff * skb)396 static void dn_nsp_disc_init(struct sock *sk, struct sk_buff *skb)
397 {
398 struct dn_scp *scp = DN_SK(sk);
399 struct dn_skb_cb *cb = DN_SKB_CB(skb);
400 unsigned short reason;
401
402 if (skb->len < 2)
403 goto out;
404
405 reason = le16_to_cpu(*(__le16 *)skb->data);
406 skb_pull(skb, 2);
407
408 scp->discdata_in.opt_status = cpu_to_le16(reason);
409 scp->discdata_in.opt_optl = 0;
410 memset(scp->discdata_in.opt_data, 0, 16);
411
412 if (skb->len > 0) {
413 u16 dlen = *skb->data;
414 if ((dlen <= 16) && (dlen <= skb->len)) {
415 scp->discdata_in.opt_optl = cpu_to_le16(dlen);
416 skb_copy_from_linear_data_offset(skb, 1, scp->discdata_in.opt_data, dlen);
417 }
418 }
419
420 scp->addrrem = cb->src_port;
421 sk->sk_state = TCP_CLOSE;
422
423 switch (scp->state) {
424 case DN_CI:
425 case DN_CD:
426 scp->state = DN_RJ;
427 sk->sk_err = ECONNREFUSED;
428 break;
429 case DN_RUN:
430 sk->sk_shutdown |= SHUTDOWN_MASK;
431 scp->state = DN_DN;
432 break;
433 case DN_DI:
434 scp->state = DN_DIC;
435 break;
436 }
437
438 if (!sock_flag(sk, SOCK_DEAD)) {
439 if (sk->sk_socket->state != SS_UNCONNECTED)
440 sk->sk_socket->state = SS_DISCONNECTING;
441 sk->sk_state_change(sk);
442 }
443
444 /*
445 * It appears that its possible for remote machines to send disc
446 * init messages with no port identifier if we are in the CI and
447 * possibly also the CD state. Obviously we shouldn't reply with
448 * a message if we don't know what the end point is.
449 */
450 if (scp->addrrem) {
451 dn_nsp_send_disc(sk, NSP_DISCCONF, NSP_REASON_DC, GFP_ATOMIC);
452 }
453 scp->persist_fxn = dn_destroy_timer;
454 scp->persist = dn_nsp_persist(sk);
455
456 out:
457 kfree_skb(skb);
458 }
459
460 /*
461 * disc_conf messages are also called no_resources or no_link
462 * messages depending upon the "reason" field.
463 */
dn_nsp_disc_conf(struct sock * sk,struct sk_buff * skb)464 static void dn_nsp_disc_conf(struct sock *sk, struct sk_buff *skb)
465 {
466 struct dn_scp *scp = DN_SK(sk);
467 unsigned short reason;
468
469 if (skb->len != 2)
470 goto out;
471
472 reason = le16_to_cpu(*(__le16 *)skb->data);
473
474 sk->sk_state = TCP_CLOSE;
475
476 switch (scp->state) {
477 case DN_CI:
478 scp->state = DN_NR;
479 break;
480 case DN_DR:
481 if (reason == NSP_REASON_DC)
482 scp->state = DN_DRC;
483 if (reason == NSP_REASON_NL)
484 scp->state = DN_CN;
485 break;
486 case DN_DI:
487 scp->state = DN_DIC;
488 break;
489 case DN_RUN:
490 sk->sk_shutdown |= SHUTDOWN_MASK;
491 case DN_CC:
492 scp->state = DN_CN;
493 }
494
495 if (!sock_flag(sk, SOCK_DEAD)) {
496 if (sk->sk_socket->state != SS_UNCONNECTED)
497 sk->sk_socket->state = SS_DISCONNECTING;
498 sk->sk_state_change(sk);
499 }
500
501 scp->persist_fxn = dn_destroy_timer;
502 scp->persist = dn_nsp_persist(sk);
503
504 out:
505 kfree_skb(skb);
506 }
507
dn_nsp_linkservice(struct sock * sk,struct sk_buff * skb)508 static void dn_nsp_linkservice(struct sock *sk, struct sk_buff *skb)
509 {
510 struct dn_scp *scp = DN_SK(sk);
511 unsigned short segnum;
512 unsigned char lsflags;
513 signed char fcval;
514 int wake_up = 0;
515 char *ptr = skb->data;
516 unsigned char fctype = scp->services_rem & NSP_FC_MASK;
517
518 if (skb->len != 4)
519 goto out;
520
521 segnum = le16_to_cpu(*(__le16 *)ptr);
522 ptr += 2;
523 lsflags = *(unsigned char *)ptr++;
524 fcval = *ptr;
525
526 /*
527 * Here we ignore erronous packets which should really
528 * should cause a connection abort. It is not critical
529 * for now though.
530 */
531 if (lsflags & 0xf8)
532 goto out;
533
534 if (seq_next(scp->numoth_rcv, segnum)) {
535 seq_add(&scp->numoth_rcv, 1);
536 switch(lsflags & 0x04) { /* FCVAL INT */
537 case 0x00: /* Normal Request */
538 switch(lsflags & 0x03) { /* FCVAL MOD */
539 case 0x00: /* Request count */
540 if (fcval < 0) {
541 unsigned char p_fcval = -fcval;
542 if ((scp->flowrem_dat > p_fcval) &&
543 (fctype == NSP_FC_SCMC)) {
544 scp->flowrem_dat -= p_fcval;
545 }
546 } else if (fcval > 0) {
547 scp->flowrem_dat += fcval;
548 wake_up = 1;
549 }
550 break;
551 case 0x01: /* Stop outgoing data */
552 scp->flowrem_sw = DN_DONTSEND;
553 break;
554 case 0x02: /* Ok to start again */
555 scp->flowrem_sw = DN_SEND;
556 dn_nsp_output(sk);
557 wake_up = 1;
558 }
559 break;
560 case 0x04: /* Interrupt Request */
561 if (fcval > 0) {
562 scp->flowrem_oth += fcval;
563 wake_up = 1;
564 }
565 break;
566 }
567 if (wake_up && !sock_flag(sk, SOCK_DEAD))
568 sk->sk_state_change(sk);
569 }
570
571 dn_nsp_send_oth_ack(sk);
572
573 out:
574 kfree_skb(skb);
575 }
576
577 /*
578 * Copy of sock_queue_rcv_skb (from sock.h) without
579 * bh_lock_sock() (its already held when this is called) which
580 * also allows data and other data to be queued to a socket.
581 */
dn_queue_skb(struct sock * sk,struct sk_buff * skb,int sig,struct sk_buff_head * queue)582 static __inline__ int dn_queue_skb(struct sock *sk, struct sk_buff *skb, int sig, struct sk_buff_head *queue)
583 {
584 int err;
585 int skb_len;
586
587 /* Cast skb->rcvbuf to unsigned... It's pointless, but reduces
588 number of warnings when compiling with -W --ANK
589 */
590 if (atomic_read(&sk->sk_rmem_alloc) + skb->truesize >=
591 (unsigned)sk->sk_rcvbuf) {
592 err = -ENOMEM;
593 goto out;
594 }
595
596 err = sk_filter(sk, skb);
597 if (err)
598 goto out;
599
600 skb_len = skb->len;
601 skb_set_owner_r(skb, sk);
602 skb_queue_tail(queue, skb);
603
604 if (!sock_flag(sk, SOCK_DEAD))
605 sk->sk_data_ready(sk, skb_len);
606 out:
607 return err;
608 }
609
dn_nsp_otherdata(struct sock * sk,struct sk_buff * skb)610 static void dn_nsp_otherdata(struct sock *sk, struct sk_buff *skb)
611 {
612 struct dn_scp *scp = DN_SK(sk);
613 unsigned short segnum;
614 struct dn_skb_cb *cb = DN_SKB_CB(skb);
615 int queued = 0;
616
617 if (skb->len < 2)
618 goto out;
619
620 cb->segnum = segnum = le16_to_cpu(*(__le16 *)skb->data);
621 skb_pull(skb, 2);
622
623 if (seq_next(scp->numoth_rcv, segnum)) {
624
625 if (dn_queue_skb(sk, skb, SIGURG, &scp->other_receive_queue) == 0) {
626 seq_add(&scp->numoth_rcv, 1);
627 scp->other_report = 0;
628 queued = 1;
629 }
630 }
631
632 dn_nsp_send_oth_ack(sk);
633 out:
634 if (!queued)
635 kfree_skb(skb);
636 }
637
dn_nsp_data(struct sock * sk,struct sk_buff * skb)638 static void dn_nsp_data(struct sock *sk, struct sk_buff *skb)
639 {
640 int queued = 0;
641 unsigned short segnum;
642 struct dn_skb_cb *cb = DN_SKB_CB(skb);
643 struct dn_scp *scp = DN_SK(sk);
644
645 if (skb->len < 2)
646 goto out;
647
648 cb->segnum = segnum = le16_to_cpu(*(__le16 *)skb->data);
649 skb_pull(skb, 2);
650
651 if (seq_next(scp->numdat_rcv, segnum)) {
652 if (dn_queue_skb(sk, skb, SIGIO, &sk->sk_receive_queue) == 0) {
653 seq_add(&scp->numdat_rcv, 1);
654 queued = 1;
655 }
656
657 if ((scp->flowloc_sw == DN_SEND) && dn_congested(sk)) {
658 scp->flowloc_sw = DN_DONTSEND;
659 dn_nsp_send_link(sk, DN_DONTSEND, 0);
660 }
661 }
662
663 dn_nsp_send_data_ack(sk);
664 out:
665 if (!queued)
666 kfree_skb(skb);
667 }
668
669 /*
670 * If one of our conninit messages is returned, this function
671 * deals with it. It puts the socket into the NO_COMMUNICATION
672 * state.
673 */
dn_returned_conn_init(struct sock * sk,struct sk_buff * skb)674 static void dn_returned_conn_init(struct sock *sk, struct sk_buff *skb)
675 {
676 struct dn_scp *scp = DN_SK(sk);
677
678 if (scp->state == DN_CI) {
679 scp->state = DN_NC;
680 sk->sk_state = TCP_CLOSE;
681 if (!sock_flag(sk, SOCK_DEAD))
682 sk->sk_state_change(sk);
683 }
684
685 kfree_skb(skb);
686 }
687
dn_nsp_no_socket(struct sk_buff * skb,unsigned short reason)688 static int dn_nsp_no_socket(struct sk_buff *skb, unsigned short reason)
689 {
690 struct dn_skb_cb *cb = DN_SKB_CB(skb);
691 int ret = NET_RX_DROP;
692
693 /* Must not reply to returned packets */
694 if (cb->rt_flags & DN_RT_F_RTS)
695 goto out;
696
697 if ((reason != NSP_REASON_OK) && ((cb->nsp_flags & 0x0c) == 0x08)) {
698 switch (cb->nsp_flags & 0x70) {
699 case 0x10:
700 case 0x60: /* (Retransmitted) Connect Init */
701 dn_nsp_return_disc(skb, NSP_DISCINIT, reason);
702 ret = NET_RX_SUCCESS;
703 break;
704 case 0x20: /* Connect Confirm */
705 dn_nsp_return_disc(skb, NSP_DISCCONF, reason);
706 ret = NET_RX_SUCCESS;
707 break;
708 }
709 }
710
711 out:
712 kfree_skb(skb);
713 return ret;
714 }
715
dn_nsp_rx_packet(struct sk_buff * skb)716 static int dn_nsp_rx_packet(struct sk_buff *skb)
717 {
718 struct dn_skb_cb *cb = DN_SKB_CB(skb);
719 struct sock *sk = NULL;
720 unsigned char *ptr = (unsigned char *)skb->data;
721 unsigned short reason = NSP_REASON_NL;
722
723 if (!pskb_may_pull(skb, 2))
724 goto free_out;
725
726 skb_reset_transport_header(skb);
727 cb->nsp_flags = *ptr++;
728
729 if (decnet_debug_level & 2)
730 printk(KERN_DEBUG "dn_nsp_rx: Message type 0x%02x\n", (int)cb->nsp_flags);
731
732 if (cb->nsp_flags & 0x83)
733 goto free_out;
734
735 /*
736 * Filter out conninits and useless packet types
737 */
738 if ((cb->nsp_flags & 0x0c) == 0x08) {
739 switch (cb->nsp_flags & 0x70) {
740 case 0x00: /* NOP */
741 case 0x70: /* Reserved */
742 case 0x50: /* Reserved, Phase II node init */
743 goto free_out;
744 case 0x10:
745 case 0x60:
746 if (unlikely(cb->rt_flags & DN_RT_F_RTS))
747 goto free_out;
748 sk = dn_find_listener(skb, &reason);
749 goto got_it;
750 }
751 }
752
753 if (!pskb_may_pull(skb, 3))
754 goto free_out;
755
756 /*
757 * Grab the destination address.
758 */
759 cb->dst_port = *(__le16 *)ptr;
760 cb->src_port = 0;
761 ptr += 2;
762
763 /*
764 * If not a connack, grab the source address too.
765 */
766 if (pskb_may_pull(skb, 5)) {
767 cb->src_port = *(__le16 *)ptr;
768 ptr += 2;
769 skb_pull(skb, 5);
770 }
771
772 /*
773 * Returned packets...
774 * Swap src & dst and look up in the normal way.
775 */
776 if (unlikely(cb->rt_flags & DN_RT_F_RTS)) {
777 __le16 tmp = cb->dst_port;
778 cb->dst_port = cb->src_port;
779 cb->src_port = tmp;
780 tmp = cb->dst;
781 cb->dst = cb->src;
782 cb->src = tmp;
783 }
784
785 /*
786 * Find the socket to which this skb is destined.
787 */
788 sk = dn_find_by_skb(skb);
789 got_it:
790 if (sk != NULL) {
791 struct dn_scp *scp = DN_SK(sk);
792
793 /* Reset backoff */
794 scp->nsp_rxtshift = 0;
795
796 /*
797 * We linearize everything except data segments here.
798 */
799 if (cb->nsp_flags & ~0x60) {
800 if (unlikely(skb_linearize(skb)))
801 goto free_out;
802 }
803
804 return sk_receive_skb(sk, skb, 0);
805 }
806
807 return dn_nsp_no_socket(skb, reason);
808
809 free_out:
810 kfree_skb(skb);
811 return NET_RX_DROP;
812 }
813
dn_nsp_rx(struct sk_buff * skb)814 int dn_nsp_rx(struct sk_buff *skb)
815 {
816 return NF_HOOK(NFPROTO_DECNET, NF_DN_LOCAL_IN, skb, skb->dev, NULL,
817 dn_nsp_rx_packet);
818 }
819
820 /*
821 * This is the main receive routine for sockets. It is called
822 * from the above when the socket is not busy, and also from
823 * sock_release() when there is a backlog queued up.
824 */
dn_nsp_backlog_rcv(struct sock * sk,struct sk_buff * skb)825 int dn_nsp_backlog_rcv(struct sock *sk, struct sk_buff *skb)
826 {
827 struct dn_scp *scp = DN_SK(sk);
828 struct dn_skb_cb *cb = DN_SKB_CB(skb);
829
830 if (cb->rt_flags & DN_RT_F_RTS) {
831 if (cb->nsp_flags == 0x18 || cb->nsp_flags == 0x68)
832 dn_returned_conn_init(sk, skb);
833 else
834 kfree_skb(skb);
835 return NET_RX_SUCCESS;
836 }
837
838 /*
839 * Control packet.
840 */
841 if ((cb->nsp_flags & 0x0c) == 0x08) {
842 switch (cb->nsp_flags & 0x70) {
843 case 0x10:
844 case 0x60:
845 dn_nsp_conn_init(sk, skb);
846 break;
847 case 0x20:
848 dn_nsp_conn_conf(sk, skb);
849 break;
850 case 0x30:
851 dn_nsp_disc_init(sk, skb);
852 break;
853 case 0x40:
854 dn_nsp_disc_conf(sk, skb);
855 break;
856 }
857
858 } else if (cb->nsp_flags == 0x24) {
859 /*
860 * Special for connacks, 'cos they don't have
861 * ack data or ack otherdata info.
862 */
863 dn_nsp_conn_ack(sk, skb);
864 } else {
865 int other = 1;
866
867 /* both data and ack frames can kick a CC socket into RUN */
868 if ((scp->state == DN_CC) && !sock_flag(sk, SOCK_DEAD)) {
869 scp->state = DN_RUN;
870 sk->sk_state = TCP_ESTABLISHED;
871 sk->sk_state_change(sk);
872 }
873
874 if ((cb->nsp_flags & 0x1c) == 0)
875 other = 0;
876 if (cb->nsp_flags == 0x04)
877 other = 0;
878
879 /*
880 * Read out ack data here, this applies equally
881 * to data, other data, link serivce and both
882 * ack data and ack otherdata.
883 */
884 dn_process_ack(sk, skb, other);
885
886 /*
887 * If we've some sort of data here then call a
888 * suitable routine for dealing with it, otherwise
889 * the packet is an ack and can be discarded.
890 */
891 if ((cb->nsp_flags & 0x0c) == 0) {
892
893 if (scp->state != DN_RUN)
894 goto free_out;
895
896 switch (cb->nsp_flags) {
897 case 0x10: /* LS */
898 dn_nsp_linkservice(sk, skb);
899 break;
900 case 0x30: /* OD */
901 dn_nsp_otherdata(sk, skb);
902 break;
903 default:
904 dn_nsp_data(sk, skb);
905 }
906
907 } else { /* Ack, chuck it out here */
908 free_out:
909 kfree_skb(skb);
910 }
911 }
912
913 return NET_RX_SUCCESS;
914 }
915
916