1 /*
2  * llc_sap.c - driver routines for SAP component.
3  *
4  * Copyright (c) 1997 by Procom Technology, Inc.
5  * 		 2001-2003 by Arnaldo Carvalho de Melo <acme@conectiva.com.br>
6  *
7  * This program can be redistributed or modified under the terms of the
8  * GNU General Public License as published by the Free Software Foundation.
9  * This program is distributed without any warranty or implied warranty
10  * of merchantability or fitness for a particular purpose.
11  *
12  * See the GNU General Public License for more details.
13  */
14 
15 #include <net/llc.h>
16 #include <net/llc_if.h>
17 #include <net/llc_conn.h>
18 #include <net/llc_pdu.h>
19 #include <net/llc_sap.h>
20 #include <net/llc_s_ac.h>
21 #include <net/llc_s_ev.h>
22 #include <net/llc_s_st.h>
23 #include <net/sock.h>
24 #include <net/tcp_states.h>
25 #include <linux/llc.h>
26 #include <linux/slab.h>
27 
llc_mac_header_len(unsigned short devtype)28 static int llc_mac_header_len(unsigned short devtype)
29 {
30 	switch (devtype) {
31 	case ARPHRD_ETHER:
32 	case ARPHRD_LOOPBACK:
33 		return sizeof(struct ethhdr);
34 #if defined(CONFIG_TR) || defined(CONFIG_TR_MODULE)
35 	case ARPHRD_IEEE802_TR:
36 		return sizeof(struct trh_hdr);
37 #endif
38 	}
39 	return 0;
40 }
41 
42 /**
43  *	llc_alloc_frame - allocates sk_buff for frame
44  *	@dev: network device this skb will be sent over
45  *	@type: pdu type to allocate
46  *	@data_size: data size to allocate
47  *
48  *	Allocates an sk_buff for frame and initializes sk_buff fields.
49  *	Returns allocated skb or %NULL when out of memory.
50  */
llc_alloc_frame(struct sock * sk,struct net_device * dev,u8 type,u32 data_size)51 struct sk_buff *llc_alloc_frame(struct sock *sk, struct net_device *dev,
52 				u8 type, u32 data_size)
53 {
54 	int hlen = type == LLC_PDU_TYPE_U ? 3 : 4;
55 	struct sk_buff *skb;
56 
57 	hlen += llc_mac_header_len(dev->type);
58 	skb = alloc_skb(hlen + data_size, GFP_ATOMIC);
59 
60 	if (skb) {
61 		skb_reset_mac_header(skb);
62 		skb_reserve(skb, hlen);
63 		skb_reset_network_header(skb);
64 		skb_reset_transport_header(skb);
65 		skb->protocol = htons(ETH_P_802_2);
66 		skb->dev      = dev;
67 		if (sk != NULL)
68 			skb_set_owner_w(skb, sk);
69 	}
70 	return skb;
71 }
72 
llc_save_primitive(struct sock * sk,struct sk_buff * skb,u8 prim)73 void llc_save_primitive(struct sock *sk, struct sk_buff* skb, u8 prim)
74 {
75 	struct sockaddr_llc *addr;
76 
77        /* save primitive for use by the user. */
78 	addr		  = llc_ui_skb_cb(skb);
79 
80 	memset(addr, 0, sizeof(*addr));
81 	addr->sllc_family = sk->sk_family;
82 	addr->sllc_arphrd = skb->dev->type;
83 	addr->sllc_test   = prim == LLC_TEST_PRIM;
84 	addr->sllc_xid    = prim == LLC_XID_PRIM;
85 	addr->sllc_ua     = prim == LLC_DATAUNIT_PRIM;
86 	llc_pdu_decode_sa(skb, addr->sllc_mac);
87 	llc_pdu_decode_ssap(skb, &addr->sllc_sap);
88 }
89 
90 /**
91  *	llc_sap_rtn_pdu - Informs upper layer on rx of an UI, XID or TEST pdu.
92  *	@sap: pointer to SAP
93  *	@skb: received pdu
94  */
llc_sap_rtn_pdu(struct llc_sap * sap,struct sk_buff * skb)95 void llc_sap_rtn_pdu(struct llc_sap *sap, struct sk_buff *skb)
96 {
97 	struct llc_sap_state_ev *ev = llc_sap_ev(skb);
98 	struct llc_pdu_un *pdu = llc_pdu_un_hdr(skb);
99 
100 	switch (LLC_U_PDU_RSP(pdu)) {
101 	case LLC_1_PDU_CMD_TEST:
102 		ev->prim = LLC_TEST_PRIM;	break;
103 	case LLC_1_PDU_CMD_XID:
104 		ev->prim = LLC_XID_PRIM;	break;
105 	case LLC_1_PDU_CMD_UI:
106 		ev->prim = LLC_DATAUNIT_PRIM;	break;
107 	}
108 	ev->ind_cfm_flag = LLC_IND;
109 }
110 
111 /**
112  *	llc_find_sap_trans - finds transition for event
113  *	@sap: pointer to SAP
114  *	@skb: happened event
115  *
116  *	This function finds transition that matches with happened event.
117  *	Returns the pointer to found transition on success or %NULL for
118  *	failure.
119  */
llc_find_sap_trans(struct llc_sap * sap,struct sk_buff * skb)120 static struct llc_sap_state_trans *llc_find_sap_trans(struct llc_sap *sap,
121 						      struct sk_buff* skb)
122 {
123 	int i = 0;
124 	struct llc_sap_state_trans *rc = NULL;
125 	struct llc_sap_state_trans **next_trans;
126 	struct llc_sap_state *curr_state = &llc_sap_state_table[sap->state - 1];
127 	/*
128 	 * Search thru events for this state until list exhausted or until
129 	 * its obvious the event is not valid for the current state
130 	 */
131 	for (next_trans = curr_state->transitions; next_trans[i]->ev; i++)
132 		if (!next_trans[i]->ev(sap, skb)) {
133 			rc = next_trans[i]; /* got event match; return it */
134 			break;
135 		}
136 	return rc;
137 }
138 
139 /**
140  *	llc_exec_sap_trans_actions - execute actions related to event
141  *	@sap: pointer to SAP
142  *	@trans: pointer to transition that it's actions must be performed
143  *	@skb: happened event.
144  *
145  *	This function executes actions that is related to happened event.
146  *	Returns 0 for success and 1 for failure of at least one action.
147  */
llc_exec_sap_trans_actions(struct llc_sap * sap,struct llc_sap_state_trans * trans,struct sk_buff * skb)148 static int llc_exec_sap_trans_actions(struct llc_sap *sap,
149 				      struct llc_sap_state_trans *trans,
150 				      struct sk_buff *skb)
151 {
152 	int rc = 0;
153 	llc_sap_action_t *next_action = trans->ev_actions;
154 
155 	for (; next_action && *next_action; next_action++)
156 		if ((*next_action)(sap, skb))
157 			rc = 1;
158 	return rc;
159 }
160 
161 /**
162  *	llc_sap_next_state - finds transition, execs actions & change SAP state
163  *	@sap: pointer to SAP
164  *	@skb: happened event
165  *
166  *	This function finds transition that matches with happened event, then
167  *	executes related actions and finally changes state of SAP. It returns
168  *	0 on success and 1 for failure.
169  */
llc_sap_next_state(struct llc_sap * sap,struct sk_buff * skb)170 static int llc_sap_next_state(struct llc_sap *sap, struct sk_buff *skb)
171 {
172 	int rc = 1;
173 	struct llc_sap_state_trans *trans;
174 
175 	if (sap->state > LLC_NR_SAP_STATES)
176 		goto out;
177 	trans = llc_find_sap_trans(sap, skb);
178 	if (!trans)
179 		goto out;
180 	/*
181 	 * Got the state to which we next transition; perform the actions
182 	 * associated with this transition before actually transitioning to the
183 	 * next state
184 	 */
185 	rc = llc_exec_sap_trans_actions(sap, trans, skb);
186 	if (rc)
187 		goto out;
188 	/*
189 	 * Transition SAP to next state if all actions execute successfully
190 	 */
191 	sap->state = trans->next_state;
192 out:
193 	return rc;
194 }
195 
196 /**
197  *	llc_sap_state_process - sends event to SAP state machine
198  *	@sap: sap to use
199  *	@skb: pointer to occurred event
200  *
201  *	After executing actions of the event, upper layer will be indicated
202  *	if needed(on receiving an UI frame). sk can be null for the
203  *	datalink_proto case.
204  */
llc_sap_state_process(struct llc_sap * sap,struct sk_buff * skb)205 static void llc_sap_state_process(struct llc_sap *sap, struct sk_buff *skb)
206 {
207 	struct llc_sap_state_ev *ev = llc_sap_ev(skb);
208 
209 	/*
210 	 * We have to hold the skb, because llc_sap_next_state
211 	 * will kfree it in the sending path and we need to
212 	 * look at the skb->cb, where we encode llc_sap_state_ev.
213 	 */
214 	skb_get(skb);
215 	ev->ind_cfm_flag = 0;
216 	llc_sap_next_state(sap, skb);
217 	if (ev->ind_cfm_flag == LLC_IND) {
218 		if (skb->sk->sk_state == TCP_LISTEN)
219 			kfree_skb(skb);
220 		else {
221 			llc_save_primitive(skb->sk, skb, ev->prim);
222 
223 			/* queue skb to the user. */
224 			if (sock_queue_rcv_skb(skb->sk, skb))
225 				kfree_skb(skb);
226 		}
227 	}
228 	kfree_skb(skb);
229 }
230 
231 /**
232  *	llc_build_and_send_test_pkt - TEST interface for upper layers.
233  *	@sap: sap to use
234  *	@skb: packet to send
235  *	@dmac: destination mac address
236  *	@dsap: destination sap
237  *
238  *	This function is called when upper layer wants to send a TEST pdu.
239  *	Returns 0 for success, 1 otherwise.
240  */
llc_build_and_send_test_pkt(struct llc_sap * sap,struct sk_buff * skb,u8 * dmac,u8 dsap)241 void llc_build_and_send_test_pkt(struct llc_sap *sap,
242 				 struct sk_buff *skb, u8 *dmac, u8 dsap)
243 {
244 	struct llc_sap_state_ev *ev = llc_sap_ev(skb);
245 
246 	ev->saddr.lsap = sap->laddr.lsap;
247 	ev->daddr.lsap = dsap;
248 	memcpy(ev->saddr.mac, skb->dev->dev_addr, IFHWADDRLEN);
249 	memcpy(ev->daddr.mac, dmac, IFHWADDRLEN);
250 
251 	ev->type      = LLC_SAP_EV_TYPE_PRIM;
252 	ev->prim      = LLC_TEST_PRIM;
253 	ev->prim_type = LLC_PRIM_TYPE_REQ;
254 	llc_sap_state_process(sap, skb);
255 }
256 
257 /**
258  *	llc_build_and_send_xid_pkt - XID interface for upper layers
259  *	@sap: sap to use
260  *	@skb: packet to send
261  *	@dmac: destination mac address
262  *	@dsap: destination sap
263  *
264  *	This function is called when upper layer wants to send a XID pdu.
265  *	Returns 0 for success, 1 otherwise.
266  */
llc_build_and_send_xid_pkt(struct llc_sap * sap,struct sk_buff * skb,u8 * dmac,u8 dsap)267 void llc_build_and_send_xid_pkt(struct llc_sap *sap, struct sk_buff *skb,
268 				u8 *dmac, u8 dsap)
269 {
270 	struct llc_sap_state_ev *ev = llc_sap_ev(skb);
271 
272 	ev->saddr.lsap = sap->laddr.lsap;
273 	ev->daddr.lsap = dsap;
274 	memcpy(ev->saddr.mac, skb->dev->dev_addr, IFHWADDRLEN);
275 	memcpy(ev->daddr.mac, dmac, IFHWADDRLEN);
276 
277 	ev->type      = LLC_SAP_EV_TYPE_PRIM;
278 	ev->prim      = LLC_XID_PRIM;
279 	ev->prim_type = LLC_PRIM_TYPE_REQ;
280 	llc_sap_state_process(sap, skb);
281 }
282 
283 /**
284  *	llc_sap_rcv - sends received pdus to the sap state machine
285  *	@sap: current sap component structure.
286  *	@skb: received frame.
287  *
288  *	Sends received pdus to the sap state machine.
289  */
llc_sap_rcv(struct llc_sap * sap,struct sk_buff * skb,struct sock * sk)290 static void llc_sap_rcv(struct llc_sap *sap, struct sk_buff *skb,
291 			struct sock *sk)
292 {
293 	struct llc_sap_state_ev *ev = llc_sap_ev(skb);
294 
295 	ev->type   = LLC_SAP_EV_TYPE_PDU;
296 	ev->reason = 0;
297 	skb->sk = sk;
298 	llc_sap_state_process(sap, skb);
299 }
300 
llc_dgram_match(const struct llc_sap * sap,const struct llc_addr * laddr,const struct sock * sk)301 static inline bool llc_dgram_match(const struct llc_sap *sap,
302 				   const struct llc_addr *laddr,
303 				   const struct sock *sk)
304 {
305      struct llc_sock *llc = llc_sk(sk);
306 
307      return sk->sk_type == SOCK_DGRAM &&
308 	  llc->laddr.lsap == laddr->lsap &&
309 	  llc_mac_match(llc->laddr.mac, laddr->mac);
310 }
311 
312 /**
313  *	llc_lookup_dgram - Finds dgram socket for the local sap/mac
314  *	@sap: SAP
315  *	@laddr: address of local LLC (MAC + SAP)
316  *
317  *	Search socket list of the SAP and finds connection using the local
318  *	mac, and local sap. Returns pointer for socket found, %NULL otherwise.
319  */
llc_lookup_dgram(struct llc_sap * sap,const struct llc_addr * laddr)320 static struct sock *llc_lookup_dgram(struct llc_sap *sap,
321 				     const struct llc_addr *laddr)
322 {
323 	struct sock *rc;
324 	struct hlist_nulls_node *node;
325 	int slot = llc_sk_laddr_hashfn(sap, laddr);
326 	struct hlist_nulls_head *laddr_hb = &sap->sk_laddr_hash[slot];
327 
328 	rcu_read_lock_bh();
329 again:
330 	sk_nulls_for_each_rcu(rc, node, laddr_hb) {
331 		if (llc_dgram_match(sap, laddr, rc)) {
332 			/* Extra checks required by SLAB_DESTROY_BY_RCU */
333 			if (unlikely(!atomic_inc_not_zero(&rc->sk_refcnt)))
334 				goto again;
335 			if (unlikely(llc_sk(rc)->sap != sap ||
336 				     !llc_dgram_match(sap, laddr, rc))) {
337 				sock_put(rc);
338 				continue;
339 			}
340 			goto found;
341 		}
342 	}
343 	rc = NULL;
344 	/*
345 	 * if the nulls value we got at the end of this lookup is
346 	 * not the expected one, we must restart lookup.
347 	 * We probably met an item that was moved to another chain.
348 	 */
349 	if (unlikely(get_nulls_value(node) != slot))
350 		goto again;
351 found:
352 	rcu_read_unlock_bh();
353 	return rc;
354 }
355 
llc_mcast_match(const struct llc_sap * sap,const struct llc_addr * laddr,const struct sk_buff * skb,const struct sock * sk)356 static inline bool llc_mcast_match(const struct llc_sap *sap,
357 				   const struct llc_addr *laddr,
358 				   const struct sk_buff *skb,
359 				   const struct sock *sk)
360 {
361      struct llc_sock *llc = llc_sk(sk);
362 
363      return sk->sk_type == SOCK_DGRAM &&
364 	  llc->laddr.lsap == laddr->lsap &&
365 	  llc->dev == skb->dev;
366 }
367 
llc_do_mcast(struct llc_sap * sap,struct sk_buff * skb,struct sock ** stack,int count)368 static void llc_do_mcast(struct llc_sap *sap, struct sk_buff *skb,
369 			 struct sock **stack, int count)
370 {
371 	struct sk_buff *skb1;
372 	int i;
373 
374 	for (i = 0; i < count; i++) {
375 		skb1 = skb_clone(skb, GFP_ATOMIC);
376 		if (!skb1) {
377 			sock_put(stack[i]);
378 			continue;
379 		}
380 
381 		llc_sap_rcv(sap, skb1, stack[i]);
382 		sock_put(stack[i]);
383 	}
384 }
385 
386 /**
387  * 	llc_sap_mcast - Deliver multicast PDU's to all matching datagram sockets.
388  *	@sap: SAP
389  *	@laddr: address of local LLC (MAC + SAP)
390  *
391  *	Search socket list of the SAP and finds connections with same sap.
392  *	Deliver clone to each.
393  */
llc_sap_mcast(struct llc_sap * sap,const struct llc_addr * laddr,struct sk_buff * skb)394 static void llc_sap_mcast(struct llc_sap *sap,
395 			  const struct llc_addr *laddr,
396 			  struct sk_buff *skb)
397 {
398 	int i = 0, count = 256 / sizeof(struct sock *);
399 	struct sock *sk, *stack[count];
400 	struct hlist_node *node;
401 	struct llc_sock *llc;
402 	struct hlist_head *dev_hb = llc_sk_dev_hash(sap, skb->dev->ifindex);
403 
404 	spin_lock_bh(&sap->sk_lock);
405 	hlist_for_each_entry(llc, node, dev_hb, dev_hash_node) {
406 
407 		sk = &llc->sk;
408 
409 		if (!llc_mcast_match(sap, laddr, skb, sk))
410 			continue;
411 
412 		sock_hold(sk);
413 		if (i < count)
414 			stack[i++] = sk;
415 		else {
416 			llc_do_mcast(sap, skb, stack, i);
417 			i = 0;
418 		}
419 	}
420 	spin_unlock_bh(&sap->sk_lock);
421 
422 	llc_do_mcast(sap, skb, stack, i);
423 }
424 
425 
llc_sap_handler(struct llc_sap * sap,struct sk_buff * skb)426 void llc_sap_handler(struct llc_sap *sap, struct sk_buff *skb)
427 {
428 	struct llc_addr laddr;
429 
430 	llc_pdu_decode_da(skb, laddr.mac);
431 	llc_pdu_decode_dsap(skb, &laddr.lsap);
432 
433 	if (llc_mac_multicast(laddr.mac)) {
434 		llc_sap_mcast(sap, &laddr, skb);
435 		kfree_skb(skb);
436 	} else {
437 		struct sock *sk = llc_lookup_dgram(sap, &laddr);
438 		if (sk) {
439 			llc_sap_rcv(sap, skb, sk);
440 			sock_put(sk);
441 		} else
442 			kfree_skb(skb);
443 	}
444 }
445