1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  *
4  * Copyright (C) Jonathan Naylor G4KLX (g4klx@g4klx.demon.co.uk)
5  * Copyright (C) Terry Dawson VK2KTJ (terry@animats.net)
6  */
7 #include <linux/errno.h>
8 #include <linux/types.h>
9 #include <linux/socket.h>
10 #include <linux/in.h>
11 #include <linux/kernel.h>
12 #include <linux/timer.h>
13 #include <linux/string.h>
14 #include <linux/sockios.h>
15 #include <linux/net.h>
16 #include <linux/slab.h>
17 #include <net/ax25.h>
18 #include <linux/inet.h>
19 #include <linux/netdevice.h>
20 #include <net/arp.h>
21 #include <linux/if_arp.h>
22 #include <linux/skbuff.h>
23 #include <net/sock.h>
24 #include <net/tcp_states.h>
25 #include <linux/uaccess.h>
26 #include <linux/fcntl.h>
27 #include <linux/termios.h>	/* For TIOCINQ/OUTQ */
28 #include <linux/mm.h>
29 #include <linux/interrupt.h>
30 #include <linux/notifier.h>
31 #include <linux/init.h>
32 #include <net/rose.h>
33 #include <linux/seq_file.h>
34 #include <linux/export.h>
35 
36 static unsigned int rose_neigh_no = 1;
37 
38 static struct rose_node  *rose_node_list;
39 static DEFINE_SPINLOCK(rose_node_list_lock);
40 static struct rose_neigh *rose_neigh_list;
41 static DEFINE_SPINLOCK(rose_neigh_list_lock);
42 static struct rose_route *rose_route_list;
43 static DEFINE_SPINLOCK(rose_route_list_lock);
44 
45 struct rose_neigh *rose_loopback_neigh;
46 
47 /*
48  *	Add a new route to a node, and in the process add the node and the
49  *	neighbour if it is new.
50  */
rose_add_node(struct rose_route_struct * rose_route,struct net_device * dev)51 static int __must_check rose_add_node(struct rose_route_struct *rose_route,
52 	struct net_device *dev)
53 {
54 	struct rose_node  *rose_node, *rose_tmpn, *rose_tmpp;
55 	struct rose_neigh *rose_neigh;
56 	int i, res = 0;
57 
58 	spin_lock_bh(&rose_node_list_lock);
59 	spin_lock_bh(&rose_neigh_list_lock);
60 
61 	rose_node = rose_node_list;
62 	while (rose_node != NULL) {
63 		if ((rose_node->mask == rose_route->mask) &&
64 		    (rosecmpm(&rose_route->address, &rose_node->address,
65 			      rose_route->mask) == 0))
66 			break;
67 		rose_node = rose_node->next;
68 	}
69 
70 	if (rose_node != NULL && rose_node->loopback) {
71 		res = -EINVAL;
72 		goto out;
73 	}
74 
75 	rose_neigh = rose_neigh_list;
76 	while (rose_neigh != NULL) {
77 		if (ax25cmp(&rose_route->neighbour,
78 			    &rose_neigh->callsign) == 0 &&
79 		    rose_neigh->dev == dev)
80 			break;
81 		rose_neigh = rose_neigh->next;
82 	}
83 
84 	if (rose_neigh == NULL) {
85 		rose_neigh = kmalloc(sizeof(*rose_neigh), GFP_ATOMIC);
86 		if (rose_neigh == NULL) {
87 			res = -ENOMEM;
88 			goto out;
89 		}
90 
91 		rose_neigh->callsign  = rose_route->neighbour;
92 		rose_neigh->digipeat  = NULL;
93 		rose_neigh->ax25      = NULL;
94 		rose_neigh->dev       = dev;
95 		rose_neigh->count     = 0;
96 		rose_neigh->use       = 0;
97 		rose_neigh->dce_mode  = 0;
98 		rose_neigh->loopback  = 0;
99 		rose_neigh->number    = rose_neigh_no++;
100 		rose_neigh->restarted = 0;
101 
102 		skb_queue_head_init(&rose_neigh->queue);
103 
104 		timer_setup(&rose_neigh->ftimer, NULL, 0);
105 		timer_setup(&rose_neigh->t0timer, NULL, 0);
106 
107 		if (rose_route->ndigis != 0) {
108 			rose_neigh->digipeat =
109 				kmalloc(sizeof(ax25_digi), GFP_ATOMIC);
110 			if (rose_neigh->digipeat == NULL) {
111 				kfree(rose_neigh);
112 				res = -ENOMEM;
113 				goto out;
114 			}
115 
116 			rose_neigh->digipeat->ndigi      = rose_route->ndigis;
117 			rose_neigh->digipeat->lastrepeat = -1;
118 
119 			for (i = 0; i < rose_route->ndigis; i++) {
120 				rose_neigh->digipeat->calls[i]    =
121 					rose_route->digipeaters[i];
122 				rose_neigh->digipeat->repeated[i] = 0;
123 			}
124 		}
125 
126 		rose_neigh->next = rose_neigh_list;
127 		rose_neigh_list  = rose_neigh;
128 	}
129 
130 	/*
131 	 * This is a new node to be inserted into the list. Find where it needs
132 	 * to be inserted into the list, and insert it. We want to be sure
133 	 * to order the list in descending order of mask size to ensure that
134 	 * later when we are searching this list the first match will be the
135 	 * best match.
136 	 */
137 	if (rose_node == NULL) {
138 		rose_tmpn = rose_node_list;
139 		rose_tmpp = NULL;
140 
141 		while (rose_tmpn != NULL) {
142 			if (rose_tmpn->mask > rose_route->mask) {
143 				rose_tmpp = rose_tmpn;
144 				rose_tmpn = rose_tmpn->next;
145 			} else {
146 				break;
147 			}
148 		}
149 
150 		/* create new node */
151 		rose_node = kmalloc(sizeof(*rose_node), GFP_ATOMIC);
152 		if (rose_node == NULL) {
153 			res = -ENOMEM;
154 			goto out;
155 		}
156 
157 		rose_node->address      = rose_route->address;
158 		rose_node->mask         = rose_route->mask;
159 		rose_node->count        = 1;
160 		rose_node->loopback     = 0;
161 		rose_node->neighbour[0] = rose_neigh;
162 
163 		if (rose_tmpn == NULL) {
164 			if (rose_tmpp == NULL) {	/* Empty list */
165 				rose_node_list  = rose_node;
166 				rose_node->next = NULL;
167 			} else {
168 				rose_tmpp->next = rose_node;
169 				rose_node->next = NULL;
170 			}
171 		} else {
172 			if (rose_tmpp == NULL) {	/* 1st node */
173 				rose_node->next = rose_node_list;
174 				rose_node_list  = rose_node;
175 			} else {
176 				rose_tmpp->next = rose_node;
177 				rose_node->next = rose_tmpn;
178 			}
179 		}
180 		rose_neigh->count++;
181 
182 		goto out;
183 	}
184 
185 	/* We have space, slot it in */
186 	if (rose_node->count < 3) {
187 		rose_node->neighbour[rose_node->count] = rose_neigh;
188 		rose_node->count++;
189 		rose_neigh->count++;
190 	}
191 
192 out:
193 	spin_unlock_bh(&rose_neigh_list_lock);
194 	spin_unlock_bh(&rose_node_list_lock);
195 
196 	return res;
197 }
198 
199 /*
200  * Caller is holding rose_node_list_lock.
201  */
rose_remove_node(struct rose_node * rose_node)202 static void rose_remove_node(struct rose_node *rose_node)
203 {
204 	struct rose_node *s;
205 
206 	if ((s = rose_node_list) == rose_node) {
207 		rose_node_list = rose_node->next;
208 		kfree(rose_node);
209 		return;
210 	}
211 
212 	while (s != NULL && s->next != NULL) {
213 		if (s->next == rose_node) {
214 			s->next = rose_node->next;
215 			kfree(rose_node);
216 			return;
217 		}
218 
219 		s = s->next;
220 	}
221 }
222 
223 /*
224  * Caller is holding rose_neigh_list_lock.
225  */
rose_remove_neigh(struct rose_neigh * rose_neigh)226 static void rose_remove_neigh(struct rose_neigh *rose_neigh)
227 {
228 	struct rose_neigh *s;
229 
230 	del_timer_sync(&rose_neigh->ftimer);
231 	del_timer_sync(&rose_neigh->t0timer);
232 
233 	skb_queue_purge(&rose_neigh->queue);
234 
235 	if ((s = rose_neigh_list) == rose_neigh) {
236 		rose_neigh_list = rose_neigh->next;
237 		if (rose_neigh->ax25)
238 			ax25_cb_put(rose_neigh->ax25);
239 		kfree(rose_neigh->digipeat);
240 		kfree(rose_neigh);
241 		return;
242 	}
243 
244 	while (s != NULL && s->next != NULL) {
245 		if (s->next == rose_neigh) {
246 			s->next = rose_neigh->next;
247 			if (rose_neigh->ax25)
248 				ax25_cb_put(rose_neigh->ax25);
249 			kfree(rose_neigh->digipeat);
250 			kfree(rose_neigh);
251 			return;
252 		}
253 
254 		s = s->next;
255 	}
256 }
257 
258 /*
259  * Caller is holding rose_route_list_lock.
260  */
rose_remove_route(struct rose_route * rose_route)261 static void rose_remove_route(struct rose_route *rose_route)
262 {
263 	struct rose_route *s;
264 
265 	if (rose_route->neigh1 != NULL)
266 		rose_route->neigh1->use--;
267 
268 	if (rose_route->neigh2 != NULL)
269 		rose_route->neigh2->use--;
270 
271 	if ((s = rose_route_list) == rose_route) {
272 		rose_route_list = rose_route->next;
273 		kfree(rose_route);
274 		return;
275 	}
276 
277 	while (s != NULL && s->next != NULL) {
278 		if (s->next == rose_route) {
279 			s->next = rose_route->next;
280 			kfree(rose_route);
281 			return;
282 		}
283 
284 		s = s->next;
285 	}
286 }
287 
288 /*
289  *	"Delete" a node. Strictly speaking remove a route to a node. The node
290  *	is only deleted if no routes are left to it.
291  */
rose_del_node(struct rose_route_struct * rose_route,struct net_device * dev)292 static int rose_del_node(struct rose_route_struct *rose_route,
293 	struct net_device *dev)
294 {
295 	struct rose_node  *rose_node;
296 	struct rose_neigh *rose_neigh;
297 	int i, err = 0;
298 
299 	spin_lock_bh(&rose_node_list_lock);
300 	spin_lock_bh(&rose_neigh_list_lock);
301 
302 	rose_node = rose_node_list;
303 	while (rose_node != NULL) {
304 		if ((rose_node->mask == rose_route->mask) &&
305 		    (rosecmpm(&rose_route->address, &rose_node->address,
306 			      rose_route->mask) == 0))
307 			break;
308 		rose_node = rose_node->next;
309 	}
310 
311 	if (rose_node == NULL || rose_node->loopback) {
312 		err = -EINVAL;
313 		goto out;
314 	}
315 
316 	rose_neigh = rose_neigh_list;
317 	while (rose_neigh != NULL) {
318 		if (ax25cmp(&rose_route->neighbour,
319 			    &rose_neigh->callsign) == 0 &&
320 		    rose_neigh->dev == dev)
321 			break;
322 		rose_neigh = rose_neigh->next;
323 	}
324 
325 	if (rose_neigh == NULL) {
326 		err = -EINVAL;
327 		goto out;
328 	}
329 
330 	for (i = 0; i < rose_node->count; i++) {
331 		if (rose_node->neighbour[i] == rose_neigh) {
332 			rose_neigh->count--;
333 
334 			if (rose_neigh->count == 0 && rose_neigh->use == 0)
335 				rose_remove_neigh(rose_neigh);
336 
337 			rose_node->count--;
338 
339 			if (rose_node->count == 0) {
340 				rose_remove_node(rose_node);
341 			} else {
342 				switch (i) {
343 				case 0:
344 					rose_node->neighbour[0] =
345 						rose_node->neighbour[1];
346 					fallthrough;
347 				case 1:
348 					rose_node->neighbour[1] =
349 						rose_node->neighbour[2];
350 					break;
351 				case 2:
352 					break;
353 				}
354 			}
355 			goto out;
356 		}
357 	}
358 	err = -EINVAL;
359 
360 out:
361 	spin_unlock_bh(&rose_neigh_list_lock);
362 	spin_unlock_bh(&rose_node_list_lock);
363 
364 	return err;
365 }
366 
367 /*
368  *	Add the loopback neighbour.
369  */
rose_add_loopback_neigh(void)370 void rose_add_loopback_neigh(void)
371 {
372 	struct rose_neigh *sn;
373 
374 	rose_loopback_neigh = kmalloc(sizeof(struct rose_neigh), GFP_KERNEL);
375 	if (!rose_loopback_neigh)
376 		return;
377 	sn = rose_loopback_neigh;
378 
379 	sn->callsign  = null_ax25_address;
380 	sn->digipeat  = NULL;
381 	sn->ax25      = NULL;
382 	sn->dev       = NULL;
383 	sn->count     = 0;
384 	sn->use       = 0;
385 	sn->dce_mode  = 1;
386 	sn->loopback  = 1;
387 	sn->number    = rose_neigh_no++;
388 	sn->restarted = 1;
389 
390 	skb_queue_head_init(&sn->queue);
391 
392 	timer_setup(&sn->ftimer, NULL, 0);
393 	timer_setup(&sn->t0timer, NULL, 0);
394 
395 	spin_lock_bh(&rose_neigh_list_lock);
396 	sn->next = rose_neigh_list;
397 	rose_neigh_list           = sn;
398 	spin_unlock_bh(&rose_neigh_list_lock);
399 }
400 
401 /*
402  *	Add a loopback node.
403  */
rose_add_loopback_node(const rose_address * address)404 int rose_add_loopback_node(const rose_address *address)
405 {
406 	struct rose_node *rose_node;
407 	int err = 0;
408 
409 	spin_lock_bh(&rose_node_list_lock);
410 
411 	rose_node = rose_node_list;
412 	while (rose_node != NULL) {
413 		if ((rose_node->mask == 10) &&
414 		     (rosecmpm(address, &rose_node->address, 10) == 0) &&
415 		     rose_node->loopback)
416 			break;
417 		rose_node = rose_node->next;
418 	}
419 
420 	if (rose_node != NULL)
421 		goto out;
422 
423 	if ((rose_node = kmalloc(sizeof(*rose_node), GFP_ATOMIC)) == NULL) {
424 		err = -ENOMEM;
425 		goto out;
426 	}
427 
428 	rose_node->address      = *address;
429 	rose_node->mask         = 10;
430 	rose_node->count        = 1;
431 	rose_node->loopback     = 1;
432 	rose_node->neighbour[0] = rose_loopback_neigh;
433 
434 	/* Insert at the head of list. Address is always mask=10 */
435 	rose_node->next = rose_node_list;
436 	rose_node_list  = rose_node;
437 
438 	rose_loopback_neigh->count++;
439 
440 out:
441 	spin_unlock_bh(&rose_node_list_lock);
442 
443 	return err;
444 }
445 
446 /*
447  *	Delete a loopback node.
448  */
rose_del_loopback_node(const rose_address * address)449 void rose_del_loopback_node(const rose_address *address)
450 {
451 	struct rose_node *rose_node;
452 
453 	spin_lock_bh(&rose_node_list_lock);
454 
455 	rose_node = rose_node_list;
456 	while (rose_node != NULL) {
457 		if ((rose_node->mask == 10) &&
458 		    (rosecmpm(address, &rose_node->address, 10) == 0) &&
459 		    rose_node->loopback)
460 			break;
461 		rose_node = rose_node->next;
462 	}
463 
464 	if (rose_node == NULL)
465 		goto out;
466 
467 	rose_remove_node(rose_node);
468 
469 	rose_loopback_neigh->count--;
470 
471 out:
472 	spin_unlock_bh(&rose_node_list_lock);
473 }
474 
475 /*
476  *	A device has been removed. Remove its routes and neighbours.
477  */
rose_rt_device_down(struct net_device * dev)478 void rose_rt_device_down(struct net_device *dev)
479 {
480 	struct rose_neigh *s, *rose_neigh;
481 	struct rose_node  *t, *rose_node;
482 	int i;
483 
484 	spin_lock_bh(&rose_node_list_lock);
485 	spin_lock_bh(&rose_neigh_list_lock);
486 	rose_neigh = rose_neigh_list;
487 	while (rose_neigh != NULL) {
488 		s          = rose_neigh;
489 		rose_neigh = rose_neigh->next;
490 
491 		if (s->dev != dev)
492 			continue;
493 
494 		rose_node = rose_node_list;
495 
496 		while (rose_node != NULL) {
497 			t         = rose_node;
498 			rose_node = rose_node->next;
499 
500 			for (i = 0; i < t->count; i++) {
501 				if (t->neighbour[i] != s)
502 					continue;
503 
504 				t->count--;
505 
506 				switch (i) {
507 				case 0:
508 					t->neighbour[0] = t->neighbour[1];
509 					fallthrough;
510 				case 1:
511 					t->neighbour[1] = t->neighbour[2];
512 					break;
513 				case 2:
514 					break;
515 				}
516 			}
517 
518 			if (t->count <= 0)
519 				rose_remove_node(t);
520 		}
521 
522 		rose_remove_neigh(s);
523 	}
524 	spin_unlock_bh(&rose_neigh_list_lock);
525 	spin_unlock_bh(&rose_node_list_lock);
526 }
527 
528 #if 0 /* Currently unused */
529 /*
530  *	A device has been removed. Remove its links.
531  */
532 void rose_route_device_down(struct net_device *dev)
533 {
534 	struct rose_route *s, *rose_route;
535 
536 	spin_lock_bh(&rose_route_list_lock);
537 	rose_route = rose_route_list;
538 	while (rose_route != NULL) {
539 		s          = rose_route;
540 		rose_route = rose_route->next;
541 
542 		if (s->neigh1->dev == dev || s->neigh2->dev == dev)
543 			rose_remove_route(s);
544 	}
545 	spin_unlock_bh(&rose_route_list_lock);
546 }
547 #endif
548 
549 /*
550  *	Clear all nodes and neighbours out, except for neighbours with
551  *	active connections going through them.
552  *  Do not clear loopback neighbour and nodes.
553  */
rose_clear_routes(void)554 static int rose_clear_routes(void)
555 {
556 	struct rose_neigh *s, *rose_neigh;
557 	struct rose_node  *t, *rose_node;
558 
559 	spin_lock_bh(&rose_node_list_lock);
560 	spin_lock_bh(&rose_neigh_list_lock);
561 
562 	rose_neigh = rose_neigh_list;
563 	rose_node  = rose_node_list;
564 
565 	while (rose_node != NULL) {
566 		t         = rose_node;
567 		rose_node = rose_node->next;
568 		if (!t->loopback)
569 			rose_remove_node(t);
570 	}
571 
572 	while (rose_neigh != NULL) {
573 		s          = rose_neigh;
574 		rose_neigh = rose_neigh->next;
575 
576 		if (s->use == 0 && !s->loopback) {
577 			s->count = 0;
578 			rose_remove_neigh(s);
579 		}
580 	}
581 
582 	spin_unlock_bh(&rose_neigh_list_lock);
583 	spin_unlock_bh(&rose_node_list_lock);
584 
585 	return 0;
586 }
587 
588 /*
589  *	Check that the device given is a valid AX.25 interface that is "up".
590  * 	called with RTNL
591  */
rose_ax25_dev_find(char * devname)592 static struct net_device *rose_ax25_dev_find(char *devname)
593 {
594 	struct net_device *dev;
595 
596 	if ((dev = __dev_get_by_name(&init_net, devname)) == NULL)
597 		return NULL;
598 
599 	if ((dev->flags & IFF_UP) && dev->type == ARPHRD_AX25)
600 		return dev;
601 
602 	return NULL;
603 }
604 
605 /*
606  *	Find the first active ROSE device, usually "rose0".
607  */
rose_dev_first(void)608 struct net_device *rose_dev_first(void)
609 {
610 	struct net_device *dev, *first = NULL;
611 
612 	rcu_read_lock();
613 	for_each_netdev_rcu(&init_net, dev) {
614 		if ((dev->flags & IFF_UP) && dev->type == ARPHRD_ROSE)
615 			if (first == NULL || strncmp(dev->name, first->name, 3) < 0)
616 				first = dev;
617 	}
618 	if (first)
619 		dev_hold(first);
620 	rcu_read_unlock();
621 
622 	return first;
623 }
624 
625 /*
626  *	Find the ROSE device for the given address.
627  */
rose_dev_get(rose_address * addr)628 struct net_device *rose_dev_get(rose_address *addr)
629 {
630 	struct net_device *dev;
631 
632 	rcu_read_lock();
633 	for_each_netdev_rcu(&init_net, dev) {
634 		if ((dev->flags & IFF_UP) && dev->type == ARPHRD_ROSE &&
635 		    rosecmp(addr, (const rose_address *)dev->dev_addr) == 0) {
636 			dev_hold(dev);
637 			goto out;
638 		}
639 	}
640 	dev = NULL;
641 out:
642 	rcu_read_unlock();
643 	return dev;
644 }
645 
rose_dev_exists(rose_address * addr)646 static int rose_dev_exists(rose_address *addr)
647 {
648 	struct net_device *dev;
649 
650 	rcu_read_lock();
651 	for_each_netdev_rcu(&init_net, dev) {
652 		if ((dev->flags & IFF_UP) && dev->type == ARPHRD_ROSE &&
653 		    rosecmp(addr, (const rose_address *)dev->dev_addr) == 0)
654 			goto out;
655 	}
656 	dev = NULL;
657 out:
658 	rcu_read_unlock();
659 	return dev != NULL;
660 }
661 
662 
663 
664 
rose_route_free_lci(unsigned int lci,struct rose_neigh * neigh)665 struct rose_route *rose_route_free_lci(unsigned int lci, struct rose_neigh *neigh)
666 {
667 	struct rose_route *rose_route;
668 
669 	for (rose_route = rose_route_list; rose_route != NULL; rose_route = rose_route->next)
670 		if ((rose_route->neigh1 == neigh && rose_route->lci1 == lci) ||
671 		    (rose_route->neigh2 == neigh && rose_route->lci2 == lci))
672 			return rose_route;
673 
674 	return NULL;
675 }
676 
677 /*
678  *	Find a neighbour or a route given a ROSE address.
679  */
rose_get_neigh(rose_address * addr,unsigned char * cause,unsigned char * diagnostic,int route_frame)680 struct rose_neigh *rose_get_neigh(rose_address *addr, unsigned char *cause,
681 	unsigned char *diagnostic, int route_frame)
682 {
683 	struct rose_neigh *res = NULL;
684 	struct rose_node *node;
685 	int failed = 0;
686 	int i;
687 
688 	if (!route_frame) spin_lock_bh(&rose_node_list_lock);
689 	for (node = rose_node_list; node != NULL; node = node->next) {
690 		if (rosecmpm(addr, &node->address, node->mask) == 0) {
691 			for (i = 0; i < node->count; i++) {
692 				if (node->neighbour[i]->restarted) {
693 					res = node->neighbour[i];
694 					goto out;
695 				}
696 			}
697 		}
698 	}
699 	if (!route_frame) { /* connect request */
700 		for (node = rose_node_list; node != NULL; node = node->next) {
701 			if (rosecmpm(addr, &node->address, node->mask) == 0) {
702 				for (i = 0; i < node->count; i++) {
703 					if (!rose_ftimer_running(node->neighbour[i])) {
704 						res = node->neighbour[i];
705 						goto out;
706 					}
707 					failed = 1;
708 				}
709 			}
710 		}
711 	}
712 
713 	if (failed) {
714 		*cause      = ROSE_OUT_OF_ORDER;
715 		*diagnostic = 0;
716 	} else {
717 		*cause      = ROSE_NOT_OBTAINABLE;
718 		*diagnostic = 0;
719 	}
720 
721 out:
722 	if (!route_frame) spin_unlock_bh(&rose_node_list_lock);
723 	return res;
724 }
725 
726 /*
727  *	Handle the ioctls that control the routing functions.
728  */
rose_rt_ioctl(unsigned int cmd,void __user * arg)729 int rose_rt_ioctl(unsigned int cmd, void __user *arg)
730 {
731 	struct rose_route_struct rose_route;
732 	struct net_device *dev;
733 	int err;
734 
735 	switch (cmd) {
736 	case SIOCADDRT:
737 		if (copy_from_user(&rose_route, arg, sizeof(struct rose_route_struct)))
738 			return -EFAULT;
739 		if ((dev = rose_ax25_dev_find(rose_route.device)) == NULL)
740 			return -EINVAL;
741 		if (rose_dev_exists(&rose_route.address)) /* Can't add routes to ourself */
742 			return -EINVAL;
743 		if (rose_route.mask > 10) /* Mask can't be more than 10 digits */
744 			return -EINVAL;
745 		if (rose_route.ndigis > AX25_MAX_DIGIS)
746 			return -EINVAL;
747 		err = rose_add_node(&rose_route, dev);
748 		return err;
749 
750 	case SIOCDELRT:
751 		if (copy_from_user(&rose_route, arg, sizeof(struct rose_route_struct)))
752 			return -EFAULT;
753 		if ((dev = rose_ax25_dev_find(rose_route.device)) == NULL)
754 			return -EINVAL;
755 		err = rose_del_node(&rose_route, dev);
756 		return err;
757 
758 	case SIOCRSCLRRT:
759 		return rose_clear_routes();
760 
761 	default:
762 		return -EINVAL;
763 	}
764 
765 	return 0;
766 }
767 
rose_del_route_by_neigh(struct rose_neigh * rose_neigh)768 static void rose_del_route_by_neigh(struct rose_neigh *rose_neigh)
769 {
770 	struct rose_route *rose_route, *s;
771 
772 	rose_neigh->restarted = 0;
773 
774 	rose_stop_t0timer(rose_neigh);
775 	rose_start_ftimer(rose_neigh);
776 
777 	skb_queue_purge(&rose_neigh->queue);
778 
779 	spin_lock_bh(&rose_route_list_lock);
780 
781 	rose_route = rose_route_list;
782 
783 	while (rose_route != NULL) {
784 		if ((rose_route->neigh1 == rose_neigh && rose_route->neigh2 == rose_neigh) ||
785 		    (rose_route->neigh1 == rose_neigh && rose_route->neigh2 == NULL)       ||
786 		    (rose_route->neigh2 == rose_neigh && rose_route->neigh1 == NULL)) {
787 			s = rose_route->next;
788 			rose_remove_route(rose_route);
789 			rose_route = s;
790 			continue;
791 		}
792 
793 		if (rose_route->neigh1 == rose_neigh) {
794 			rose_route->neigh1->use--;
795 			rose_route->neigh1 = NULL;
796 			rose_transmit_clear_request(rose_route->neigh2, rose_route->lci2, ROSE_OUT_OF_ORDER, 0);
797 		}
798 
799 		if (rose_route->neigh2 == rose_neigh) {
800 			rose_route->neigh2->use--;
801 			rose_route->neigh2 = NULL;
802 			rose_transmit_clear_request(rose_route->neigh1, rose_route->lci1, ROSE_OUT_OF_ORDER, 0);
803 		}
804 
805 		rose_route = rose_route->next;
806 	}
807 	spin_unlock_bh(&rose_route_list_lock);
808 }
809 
810 /*
811  * 	A level 2 link has timed out, therefore it appears to be a poor link,
812  *	then don't use that neighbour until it is reset. Blow away all through
813  *	routes and connections using this route.
814  */
rose_link_failed(ax25_cb * ax25,int reason)815 void rose_link_failed(ax25_cb *ax25, int reason)
816 {
817 	struct rose_neigh *rose_neigh;
818 
819 	spin_lock_bh(&rose_neigh_list_lock);
820 	rose_neigh = rose_neigh_list;
821 	while (rose_neigh != NULL) {
822 		if (rose_neigh->ax25 == ax25)
823 			break;
824 		rose_neigh = rose_neigh->next;
825 	}
826 
827 	if (rose_neigh != NULL) {
828 		rose_neigh->ax25 = NULL;
829 		ax25_cb_put(ax25);
830 
831 		rose_del_route_by_neigh(rose_neigh);
832 		rose_kill_by_neigh(rose_neigh);
833 	}
834 	spin_unlock_bh(&rose_neigh_list_lock);
835 }
836 
837 /*
838  * 	A device has been "downed" remove its link status. Blow away all
839  *	through routes and connections that use this device.
840  */
rose_link_device_down(struct net_device * dev)841 void rose_link_device_down(struct net_device *dev)
842 {
843 	struct rose_neigh *rose_neigh;
844 
845 	for (rose_neigh = rose_neigh_list; rose_neigh != NULL; rose_neigh = rose_neigh->next) {
846 		if (rose_neigh->dev == dev) {
847 			rose_del_route_by_neigh(rose_neigh);
848 			rose_kill_by_neigh(rose_neigh);
849 		}
850 	}
851 }
852 
853 /*
854  *	Route a frame to an appropriate AX.25 connection.
855  *	A NULL ax25_cb indicates an internally generated frame.
856  */
rose_route_frame(struct sk_buff * skb,ax25_cb * ax25)857 int rose_route_frame(struct sk_buff *skb, ax25_cb *ax25)
858 {
859 	struct rose_neigh *rose_neigh, *new_neigh;
860 	struct rose_route *rose_route;
861 	struct rose_facilities_struct facilities;
862 	rose_address *src_addr, *dest_addr;
863 	struct sock *sk;
864 	unsigned short frametype;
865 	unsigned int lci, new_lci;
866 	unsigned char cause, diagnostic;
867 	struct net_device *dev;
868 	int res = 0;
869 	char buf[11];
870 
871 	if (skb->len < ROSE_MIN_LEN)
872 		return res;
873 
874 	if (!ax25)
875 		return rose_loopback_queue(skb, NULL);
876 
877 	frametype = skb->data[2];
878 	lci = ((skb->data[0] << 8) & 0xF00) + ((skb->data[1] << 0) & 0x0FF);
879 	if (frametype == ROSE_CALL_REQUEST &&
880 	    (skb->len <= ROSE_CALL_REQ_FACILITIES_OFF ||
881 	     skb->data[ROSE_CALL_REQ_ADDR_LEN_OFF] !=
882 	     ROSE_CALL_REQ_ADDR_LEN_VAL))
883 		return res;
884 	src_addr  = (rose_address *)(skb->data + ROSE_CALL_REQ_SRC_ADDR_OFF);
885 	dest_addr = (rose_address *)(skb->data + ROSE_CALL_REQ_DEST_ADDR_OFF);
886 
887 	spin_lock_bh(&rose_neigh_list_lock);
888 	spin_lock_bh(&rose_route_list_lock);
889 
890 	rose_neigh = rose_neigh_list;
891 	while (rose_neigh != NULL) {
892 		if (ax25cmp(&ax25->dest_addr, &rose_neigh->callsign) == 0 &&
893 		    ax25->ax25_dev->dev == rose_neigh->dev)
894 			break;
895 		rose_neigh = rose_neigh->next;
896 	}
897 
898 	if (rose_neigh == NULL) {
899 		printk("rose_route : unknown neighbour or device %s\n",
900 		       ax2asc(buf, &ax25->dest_addr));
901 		goto out;
902 	}
903 
904 	/*
905 	 *	Obviously the link is working, halt the ftimer.
906 	 */
907 	rose_stop_ftimer(rose_neigh);
908 
909 	/*
910 	 *	LCI of zero is always for us, and its always a restart
911 	 * 	frame.
912 	 */
913 	if (lci == 0) {
914 		rose_link_rx_restart(skb, rose_neigh, frametype);
915 		goto out;
916 	}
917 
918 	/*
919 	 *	Find an existing socket.
920 	 */
921 	if ((sk = rose_find_socket(lci, rose_neigh)) != NULL) {
922 		if (frametype == ROSE_CALL_REQUEST) {
923 			struct rose_sock *rose = rose_sk(sk);
924 
925 			/* Remove an existing unused socket */
926 			rose_clear_queues(sk);
927 			rose->cause	 = ROSE_NETWORK_CONGESTION;
928 			rose->diagnostic = 0;
929 			rose->neighbour->use--;
930 			rose->neighbour	 = NULL;
931 			rose->lci	 = 0;
932 			rose->state	 = ROSE_STATE_0;
933 			sk->sk_state	 = TCP_CLOSE;
934 			sk->sk_err	 = 0;
935 			sk->sk_shutdown	 |= SEND_SHUTDOWN;
936 			if (!sock_flag(sk, SOCK_DEAD)) {
937 				sk->sk_state_change(sk);
938 				sock_set_flag(sk, SOCK_DEAD);
939 			}
940 		}
941 		else {
942 			skb_reset_transport_header(skb);
943 			res = rose_process_rx_frame(sk, skb);
944 			goto out;
945 		}
946 	}
947 
948 	/*
949 	 *	Is is a Call Request and is it for us ?
950 	 */
951 	if (frametype == ROSE_CALL_REQUEST)
952 		if ((dev = rose_dev_get(dest_addr)) != NULL) {
953 			res = rose_rx_call_request(skb, dev, rose_neigh, lci);
954 			dev_put(dev);
955 			goto out;
956 		}
957 
958 	if (!sysctl_rose_routing_control) {
959 		rose_transmit_clear_request(rose_neigh, lci, ROSE_NOT_OBTAINABLE, 0);
960 		goto out;
961 	}
962 
963 	/*
964 	 *	Route it to the next in line if we have an entry for it.
965 	 */
966 	rose_route = rose_route_list;
967 	while (rose_route != NULL) {
968 		if (rose_route->lci1 == lci &&
969 		    rose_route->neigh1 == rose_neigh) {
970 			if (frametype == ROSE_CALL_REQUEST) {
971 				/* F6FBB - Remove an existing unused route */
972 				rose_remove_route(rose_route);
973 				break;
974 			} else if (rose_route->neigh2 != NULL) {
975 				skb->data[0] &= 0xF0;
976 				skb->data[0] |= (rose_route->lci2 >> 8) & 0x0F;
977 				skb->data[1]  = (rose_route->lci2 >> 0) & 0xFF;
978 				rose_transmit_link(skb, rose_route->neigh2);
979 				if (frametype == ROSE_CLEAR_CONFIRMATION)
980 					rose_remove_route(rose_route);
981 				res = 1;
982 				goto out;
983 			} else {
984 				if (frametype == ROSE_CLEAR_CONFIRMATION)
985 					rose_remove_route(rose_route);
986 				goto out;
987 			}
988 		}
989 		if (rose_route->lci2 == lci &&
990 		    rose_route->neigh2 == rose_neigh) {
991 			if (frametype == ROSE_CALL_REQUEST) {
992 				/* F6FBB - Remove an existing unused route */
993 				rose_remove_route(rose_route);
994 				break;
995 			} else if (rose_route->neigh1 != NULL) {
996 				skb->data[0] &= 0xF0;
997 				skb->data[0] |= (rose_route->lci1 >> 8) & 0x0F;
998 				skb->data[1]  = (rose_route->lci1 >> 0) & 0xFF;
999 				rose_transmit_link(skb, rose_route->neigh1);
1000 				if (frametype == ROSE_CLEAR_CONFIRMATION)
1001 					rose_remove_route(rose_route);
1002 				res = 1;
1003 				goto out;
1004 			} else {
1005 				if (frametype == ROSE_CLEAR_CONFIRMATION)
1006 					rose_remove_route(rose_route);
1007 				goto out;
1008 			}
1009 		}
1010 		rose_route = rose_route->next;
1011 	}
1012 
1013 	/*
1014 	 *	We know that:
1015 	 *	1. The frame isn't for us,
1016 	 *	2. It isn't "owned" by any existing route.
1017 	 */
1018 	if (frametype != ROSE_CALL_REQUEST) {	/* XXX */
1019 		res = 0;
1020 		goto out;
1021 	}
1022 
1023 	memset(&facilities, 0x00, sizeof(struct rose_facilities_struct));
1024 
1025 	if (!rose_parse_facilities(skb->data + ROSE_CALL_REQ_FACILITIES_OFF,
1026 				   skb->len - ROSE_CALL_REQ_FACILITIES_OFF,
1027 				   &facilities)) {
1028 		rose_transmit_clear_request(rose_neigh, lci, ROSE_INVALID_FACILITY, 76);
1029 		goto out;
1030 	}
1031 
1032 	/*
1033 	 *	Check for routing loops.
1034 	 */
1035 	rose_route = rose_route_list;
1036 	while (rose_route != NULL) {
1037 		if (rose_route->rand == facilities.rand &&
1038 		    rosecmp(src_addr, &rose_route->src_addr) == 0 &&
1039 		    ax25cmp(&facilities.dest_call, &rose_route->src_call) == 0 &&
1040 		    ax25cmp(&facilities.source_call, &rose_route->dest_call) == 0) {
1041 			rose_transmit_clear_request(rose_neigh, lci, ROSE_NOT_OBTAINABLE, 120);
1042 			goto out;
1043 		}
1044 		rose_route = rose_route->next;
1045 	}
1046 
1047 	if ((new_neigh = rose_get_neigh(dest_addr, &cause, &diagnostic, 1)) == NULL) {
1048 		rose_transmit_clear_request(rose_neigh, lci, cause, diagnostic);
1049 		goto out;
1050 	}
1051 
1052 	if ((new_lci = rose_new_lci(new_neigh)) == 0) {
1053 		rose_transmit_clear_request(rose_neigh, lci, ROSE_NETWORK_CONGESTION, 71);
1054 		goto out;
1055 	}
1056 
1057 	if ((rose_route = kmalloc(sizeof(*rose_route), GFP_ATOMIC)) == NULL) {
1058 		rose_transmit_clear_request(rose_neigh, lci, ROSE_NETWORK_CONGESTION, 120);
1059 		goto out;
1060 	}
1061 
1062 	rose_route->lci1      = lci;
1063 	rose_route->src_addr  = *src_addr;
1064 	rose_route->dest_addr = *dest_addr;
1065 	rose_route->src_call  = facilities.dest_call;
1066 	rose_route->dest_call = facilities.source_call;
1067 	rose_route->rand      = facilities.rand;
1068 	rose_route->neigh1    = rose_neigh;
1069 	rose_route->lci2      = new_lci;
1070 	rose_route->neigh2    = new_neigh;
1071 
1072 	rose_route->neigh1->use++;
1073 	rose_route->neigh2->use++;
1074 
1075 	rose_route->next = rose_route_list;
1076 	rose_route_list  = rose_route;
1077 
1078 	skb->data[0] &= 0xF0;
1079 	skb->data[0] |= (rose_route->lci2 >> 8) & 0x0F;
1080 	skb->data[1]  = (rose_route->lci2 >> 0) & 0xFF;
1081 
1082 	rose_transmit_link(skb, rose_route->neigh2);
1083 	res = 1;
1084 
1085 out:
1086 	spin_unlock_bh(&rose_route_list_lock);
1087 	spin_unlock_bh(&rose_neigh_list_lock);
1088 
1089 	return res;
1090 }
1091 
1092 #ifdef CONFIG_PROC_FS
1093 
rose_node_start(struct seq_file * seq,loff_t * pos)1094 static void *rose_node_start(struct seq_file *seq, loff_t *pos)
1095 	__acquires(rose_node_list_lock)
1096 {
1097 	struct rose_node *rose_node;
1098 	int i = 1;
1099 
1100 	spin_lock_bh(&rose_node_list_lock);
1101 	if (*pos == 0)
1102 		return SEQ_START_TOKEN;
1103 
1104 	for (rose_node = rose_node_list; rose_node && i < *pos;
1105 	     rose_node = rose_node->next, ++i);
1106 
1107 	return (i == *pos) ? rose_node : NULL;
1108 }
1109 
rose_node_next(struct seq_file * seq,void * v,loff_t * pos)1110 static void *rose_node_next(struct seq_file *seq, void *v, loff_t *pos)
1111 {
1112 	++*pos;
1113 
1114 	return (v == SEQ_START_TOKEN) ? rose_node_list
1115 		: ((struct rose_node *)v)->next;
1116 }
1117 
rose_node_stop(struct seq_file * seq,void * v)1118 static void rose_node_stop(struct seq_file *seq, void *v)
1119 	__releases(rose_node_list_lock)
1120 {
1121 	spin_unlock_bh(&rose_node_list_lock);
1122 }
1123 
rose_node_show(struct seq_file * seq,void * v)1124 static int rose_node_show(struct seq_file *seq, void *v)
1125 {
1126 	char rsbuf[11];
1127 	int i;
1128 
1129 	if (v == SEQ_START_TOKEN)
1130 		seq_puts(seq, "address    mask n neigh neigh neigh\n");
1131 	else {
1132 		const struct rose_node *rose_node = v;
1133 		seq_printf(seq, "%-10s %04d %d",
1134 			   rose2asc(rsbuf, &rose_node->address),
1135 			   rose_node->mask,
1136 			   rose_node->count);
1137 
1138 		for (i = 0; i < rose_node->count; i++)
1139 			seq_printf(seq, " %05d", rose_node->neighbour[i]->number);
1140 
1141 		seq_puts(seq, "\n");
1142 	}
1143 	return 0;
1144 }
1145 
1146 const struct seq_operations rose_node_seqops = {
1147 	.start = rose_node_start,
1148 	.next = rose_node_next,
1149 	.stop = rose_node_stop,
1150 	.show = rose_node_show,
1151 };
1152 
rose_neigh_start(struct seq_file * seq,loff_t * pos)1153 static void *rose_neigh_start(struct seq_file *seq, loff_t *pos)
1154 	__acquires(rose_neigh_list_lock)
1155 {
1156 	struct rose_neigh *rose_neigh;
1157 	int i = 1;
1158 
1159 	spin_lock_bh(&rose_neigh_list_lock);
1160 	if (*pos == 0)
1161 		return SEQ_START_TOKEN;
1162 
1163 	for (rose_neigh = rose_neigh_list; rose_neigh && i < *pos;
1164 	     rose_neigh = rose_neigh->next, ++i);
1165 
1166 	return (i == *pos) ? rose_neigh : NULL;
1167 }
1168 
rose_neigh_next(struct seq_file * seq,void * v,loff_t * pos)1169 static void *rose_neigh_next(struct seq_file *seq, void *v, loff_t *pos)
1170 {
1171 	++*pos;
1172 
1173 	return (v == SEQ_START_TOKEN) ? rose_neigh_list
1174 		: ((struct rose_neigh *)v)->next;
1175 }
1176 
rose_neigh_stop(struct seq_file * seq,void * v)1177 static void rose_neigh_stop(struct seq_file *seq, void *v)
1178 	__releases(rose_neigh_list_lock)
1179 {
1180 	spin_unlock_bh(&rose_neigh_list_lock);
1181 }
1182 
rose_neigh_show(struct seq_file * seq,void * v)1183 static int rose_neigh_show(struct seq_file *seq, void *v)
1184 {
1185 	char buf[11];
1186 	int i;
1187 
1188 	if (v == SEQ_START_TOKEN)
1189 		seq_puts(seq,
1190 			 "addr  callsign  dev  count use mode restart  t0  tf digipeaters\n");
1191 	else {
1192 		struct rose_neigh *rose_neigh = v;
1193 
1194 		/* if (!rose_neigh->loopback) { */
1195 		seq_printf(seq, "%05d %-9s %-4s   %3d %3d  %3s     %3s %3lu %3lu",
1196 			   rose_neigh->number,
1197 			   (rose_neigh->loopback) ? "RSLOOP-0" : ax2asc(buf, &rose_neigh->callsign),
1198 			   rose_neigh->dev ? rose_neigh->dev->name : "???",
1199 			   rose_neigh->count,
1200 			   rose_neigh->use,
1201 			   (rose_neigh->dce_mode) ? "DCE" : "DTE",
1202 			   (rose_neigh->restarted) ? "yes" : "no",
1203 			   ax25_display_timer(&rose_neigh->t0timer) / HZ,
1204 			   ax25_display_timer(&rose_neigh->ftimer)  / HZ);
1205 
1206 		if (rose_neigh->digipeat != NULL) {
1207 			for (i = 0; i < rose_neigh->digipeat->ndigi; i++)
1208 				seq_printf(seq, " %s", ax2asc(buf, &rose_neigh->digipeat->calls[i]));
1209 		}
1210 
1211 		seq_puts(seq, "\n");
1212 	}
1213 	return 0;
1214 }
1215 
1216 
1217 const struct seq_operations rose_neigh_seqops = {
1218 	.start = rose_neigh_start,
1219 	.next = rose_neigh_next,
1220 	.stop = rose_neigh_stop,
1221 	.show = rose_neigh_show,
1222 };
1223 
rose_route_start(struct seq_file * seq,loff_t * pos)1224 static void *rose_route_start(struct seq_file *seq, loff_t *pos)
1225 	__acquires(rose_route_list_lock)
1226 {
1227 	struct rose_route *rose_route;
1228 	int i = 1;
1229 
1230 	spin_lock_bh(&rose_route_list_lock);
1231 	if (*pos == 0)
1232 		return SEQ_START_TOKEN;
1233 
1234 	for (rose_route = rose_route_list; rose_route && i < *pos;
1235 	     rose_route = rose_route->next, ++i);
1236 
1237 	return (i == *pos) ? rose_route : NULL;
1238 }
1239 
rose_route_next(struct seq_file * seq,void * v,loff_t * pos)1240 static void *rose_route_next(struct seq_file *seq, void *v, loff_t *pos)
1241 {
1242 	++*pos;
1243 
1244 	return (v == SEQ_START_TOKEN) ? rose_route_list
1245 		: ((struct rose_route *)v)->next;
1246 }
1247 
rose_route_stop(struct seq_file * seq,void * v)1248 static void rose_route_stop(struct seq_file *seq, void *v)
1249 	__releases(rose_route_list_lock)
1250 {
1251 	spin_unlock_bh(&rose_route_list_lock);
1252 }
1253 
rose_route_show(struct seq_file * seq,void * v)1254 static int rose_route_show(struct seq_file *seq, void *v)
1255 {
1256 	char buf[11], rsbuf[11];
1257 
1258 	if (v == SEQ_START_TOKEN)
1259 		seq_puts(seq,
1260 			 "lci  address     callsign   neigh  <-> lci  address     callsign   neigh\n");
1261 	else {
1262 		struct rose_route *rose_route = v;
1263 
1264 		if (rose_route->neigh1)
1265 			seq_printf(seq,
1266 				   "%3.3X  %-10s  %-9s  %05d      ",
1267 				   rose_route->lci1,
1268 				   rose2asc(rsbuf, &rose_route->src_addr),
1269 				   ax2asc(buf, &rose_route->src_call),
1270 				   rose_route->neigh1->number);
1271 		else
1272 			seq_puts(seq,
1273 				 "000  *           *          00000      ");
1274 
1275 		if (rose_route->neigh2)
1276 			seq_printf(seq,
1277 				   "%3.3X  %-10s  %-9s  %05d\n",
1278 				   rose_route->lci2,
1279 				   rose2asc(rsbuf, &rose_route->dest_addr),
1280 				   ax2asc(buf, &rose_route->dest_call),
1281 				   rose_route->neigh2->number);
1282 		 else
1283 			 seq_puts(seq,
1284 				  "000  *           *          00000\n");
1285 		}
1286 	return 0;
1287 }
1288 
1289 struct seq_operations rose_route_seqops = {
1290 	.start = rose_route_start,
1291 	.next = rose_route_next,
1292 	.stop = rose_route_stop,
1293 	.show = rose_route_show,
1294 };
1295 #endif /* CONFIG_PROC_FS */
1296 
1297 /*
1298  *	Release all memory associated with ROSE routing structures.
1299  */
rose_rt_free(void)1300 void __exit rose_rt_free(void)
1301 {
1302 	struct rose_neigh *s, *rose_neigh = rose_neigh_list;
1303 	struct rose_node  *t, *rose_node  = rose_node_list;
1304 	struct rose_route *u, *rose_route = rose_route_list;
1305 
1306 	while (rose_neigh != NULL) {
1307 		s          = rose_neigh;
1308 		rose_neigh = rose_neigh->next;
1309 
1310 		rose_remove_neigh(s);
1311 	}
1312 
1313 	while (rose_node != NULL) {
1314 		t         = rose_node;
1315 		rose_node = rose_node->next;
1316 
1317 		rose_remove_node(t);
1318 	}
1319 
1320 	while (rose_route != NULL) {
1321 		u          = rose_route;
1322 		rose_route = rose_route->next;
1323 
1324 		rose_remove_route(u);
1325 	}
1326 }
1327