1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  *
4  * Copyright (C) Jonathan Naylor G4KLX (g4klx@g4klx.demon.co.uk)
5  */
6 #include <linux/errno.h>
7 #include <linux/types.h>
8 #include <linux/socket.h>
9 #include <linux/in.h>
10 #include <linux/kernel.h>
11 #include <linux/timer.h>
12 #include <linux/string.h>
13 #include <linux/sockios.h>
14 #include <linux/net.h>
15 #include <linux/slab.h>
16 #include <net/ax25.h>
17 #include <linux/inet.h>
18 #include <linux/netdevice.h>
19 #include <linux/skbuff.h>
20 #include <net/sock.h>
21 #include <net/tcp_states.h>
22 #include <linux/fcntl.h>
23 #include <linux/mm.h>
24 #include <linux/interrupt.h>
25 #include <net/rose.h>
26 
27 static int rose_create_facilities(unsigned char *buffer, struct rose_sock *rose);
28 
29 /*
30  *	This routine purges all of the queues of frames.
31  */
rose_clear_queues(struct sock * sk)32 void rose_clear_queues(struct sock *sk)
33 {
34 	skb_queue_purge(&sk->sk_write_queue);
35 	skb_queue_purge(&rose_sk(sk)->ack_queue);
36 }
37 
38 /*
39  * This routine purges the input queue of those frames that have been
40  * acknowledged. This replaces the boxes labelled "V(a) <- N(r)" on the
41  * SDL diagram.
42  */
rose_frames_acked(struct sock * sk,unsigned short nr)43 void rose_frames_acked(struct sock *sk, unsigned short nr)
44 {
45 	struct sk_buff *skb;
46 	struct rose_sock *rose = rose_sk(sk);
47 
48 	/*
49 	 * Remove all the ack-ed frames from the ack queue.
50 	 */
51 	if (rose->va != nr) {
52 		while (skb_peek(&rose->ack_queue) != NULL && rose->va != nr) {
53 			skb = skb_dequeue(&rose->ack_queue);
54 			kfree_skb(skb);
55 			rose->va = (rose->va + 1) % ROSE_MODULUS;
56 		}
57 	}
58 }
59 
rose_requeue_frames(struct sock * sk)60 void rose_requeue_frames(struct sock *sk)
61 {
62 	struct sk_buff *skb, *skb_prev = NULL;
63 
64 	/*
65 	 * Requeue all the un-ack-ed frames on the output queue to be picked
66 	 * up by rose_kick. This arrangement handles the possibility of an
67 	 * empty output queue.
68 	 */
69 	while ((skb = skb_dequeue(&rose_sk(sk)->ack_queue)) != NULL) {
70 		if (skb_prev == NULL)
71 			skb_queue_head(&sk->sk_write_queue, skb);
72 		else
73 			skb_append(skb_prev, skb, &sk->sk_write_queue);
74 		skb_prev = skb;
75 	}
76 }
77 
78 /*
79  *	Validate that the value of nr is between va and vs. Return true or
80  *	false for testing.
81  */
rose_validate_nr(struct sock * sk,unsigned short nr)82 int rose_validate_nr(struct sock *sk, unsigned short nr)
83 {
84 	struct rose_sock *rose = rose_sk(sk);
85 	unsigned short vc = rose->va;
86 
87 	while (vc != rose->vs) {
88 		if (nr == vc) return 1;
89 		vc = (vc + 1) % ROSE_MODULUS;
90 	}
91 
92 	return nr == rose->vs;
93 }
94 
95 /*
96  *  This routine is called when the packet layer internally generates a
97  *  control frame.
98  */
rose_write_internal(struct sock * sk,int frametype)99 void rose_write_internal(struct sock *sk, int frametype)
100 {
101 	struct rose_sock *rose = rose_sk(sk);
102 	struct sk_buff *skb;
103 	unsigned char  *dptr;
104 	unsigned char  lci1, lci2;
105 	int maxfaclen = 0;
106 	int len, faclen;
107 	int reserve;
108 
109 	reserve = AX25_BPQ_HEADER_LEN + AX25_MAX_HEADER_LEN + 1;
110 	len = ROSE_MIN_LEN;
111 
112 	switch (frametype) {
113 	case ROSE_CALL_REQUEST:
114 		len   += 1 + ROSE_ADDR_LEN + ROSE_ADDR_LEN;
115 		maxfaclen = 256;
116 		break;
117 	case ROSE_CALL_ACCEPTED:
118 	case ROSE_CLEAR_REQUEST:
119 	case ROSE_RESET_REQUEST:
120 		len   += 2;
121 		break;
122 	}
123 
124 	skb = alloc_skb(reserve + len + maxfaclen, GFP_ATOMIC);
125 	if (!skb)
126 		return;
127 
128 	/*
129 	 *	Space for AX.25 header and PID.
130 	 */
131 	skb_reserve(skb, reserve);
132 
133 	dptr = skb_put(skb, len);
134 
135 	lci1 = (rose->lci >> 8) & 0x0F;
136 	lci2 = (rose->lci >> 0) & 0xFF;
137 
138 	switch (frametype) {
139 	case ROSE_CALL_REQUEST:
140 		*dptr++ = ROSE_GFI | lci1;
141 		*dptr++ = lci2;
142 		*dptr++ = frametype;
143 		*dptr++ = ROSE_CALL_REQ_ADDR_LEN_VAL;
144 		memcpy(dptr, &rose->dest_addr,  ROSE_ADDR_LEN);
145 		dptr   += ROSE_ADDR_LEN;
146 		memcpy(dptr, &rose->source_addr, ROSE_ADDR_LEN);
147 		dptr   += ROSE_ADDR_LEN;
148 		faclen = rose_create_facilities(dptr, rose);
149 		skb_put(skb, faclen);
150 		dptr   += faclen;
151 		break;
152 
153 	case ROSE_CALL_ACCEPTED:
154 		*dptr++ = ROSE_GFI | lci1;
155 		*dptr++ = lci2;
156 		*dptr++ = frametype;
157 		*dptr++ = 0x00;		/* Address length */
158 		*dptr++ = 0;		/* Facilities length */
159 		break;
160 
161 	case ROSE_CLEAR_REQUEST:
162 		*dptr++ = ROSE_GFI | lci1;
163 		*dptr++ = lci2;
164 		*dptr++ = frametype;
165 		*dptr++ = rose->cause;
166 		*dptr++ = rose->diagnostic;
167 		break;
168 
169 	case ROSE_RESET_REQUEST:
170 		*dptr++ = ROSE_GFI | lci1;
171 		*dptr++ = lci2;
172 		*dptr++ = frametype;
173 		*dptr++ = ROSE_DTE_ORIGINATED;
174 		*dptr++ = 0;
175 		break;
176 
177 	case ROSE_RR:
178 	case ROSE_RNR:
179 		*dptr++ = ROSE_GFI | lci1;
180 		*dptr++ = lci2;
181 		*dptr   = frametype;
182 		*dptr++ |= (rose->vr << 5) & 0xE0;
183 		break;
184 
185 	case ROSE_CLEAR_CONFIRMATION:
186 	case ROSE_RESET_CONFIRMATION:
187 		*dptr++ = ROSE_GFI | lci1;
188 		*dptr++ = lci2;
189 		*dptr++  = frametype;
190 		break;
191 
192 	default:
193 		printk(KERN_ERR "ROSE: rose_write_internal - invalid frametype %02X\n", frametype);
194 		kfree_skb(skb);
195 		return;
196 	}
197 
198 	rose_transmit_link(skb, rose->neighbour);
199 }
200 
rose_decode(struct sk_buff * skb,int * ns,int * nr,int * q,int * d,int * m)201 int rose_decode(struct sk_buff *skb, int *ns, int *nr, int *q, int *d, int *m)
202 {
203 	unsigned char *frame;
204 
205 	frame = skb->data;
206 
207 	*ns = *nr = *q = *d = *m = 0;
208 
209 	switch (frame[2]) {
210 	case ROSE_CALL_REQUEST:
211 	case ROSE_CALL_ACCEPTED:
212 	case ROSE_CLEAR_REQUEST:
213 	case ROSE_CLEAR_CONFIRMATION:
214 	case ROSE_RESET_REQUEST:
215 	case ROSE_RESET_CONFIRMATION:
216 		return frame[2];
217 	default:
218 		break;
219 	}
220 
221 	if ((frame[2] & 0x1F) == ROSE_RR  ||
222 	    (frame[2] & 0x1F) == ROSE_RNR) {
223 		*nr = (frame[2] >> 5) & 0x07;
224 		return frame[2] & 0x1F;
225 	}
226 
227 	if ((frame[2] & 0x01) == ROSE_DATA) {
228 		*q  = (frame[0] & ROSE_Q_BIT) == ROSE_Q_BIT;
229 		*d  = (frame[0] & ROSE_D_BIT) == ROSE_D_BIT;
230 		*m  = (frame[2] & ROSE_M_BIT) == ROSE_M_BIT;
231 		*nr = (frame[2] >> 5) & 0x07;
232 		*ns = (frame[2] >> 1) & 0x07;
233 		return ROSE_DATA;
234 	}
235 
236 	return ROSE_ILLEGAL;
237 }
238 
rose_parse_national(unsigned char * p,struct rose_facilities_struct * facilities,int len)239 static int rose_parse_national(unsigned char *p, struct rose_facilities_struct *facilities, int len)
240 {
241 	unsigned char *pt;
242 	unsigned char l, lg, n = 0;
243 	int fac_national_digis_received = 0;
244 
245 	do {
246 		switch (*p & 0xC0) {
247 		case 0x00:
248 			if (len < 2)
249 				return -1;
250 			p   += 2;
251 			n   += 2;
252 			len -= 2;
253 			break;
254 
255 		case 0x40:
256 			if (len < 3)
257 				return -1;
258 			if (*p == FAC_NATIONAL_RAND)
259 				facilities->rand = ((p[1] << 8) & 0xFF00) + ((p[2] << 0) & 0x00FF);
260 			p   += 3;
261 			n   += 3;
262 			len -= 3;
263 			break;
264 
265 		case 0x80:
266 			if (len < 4)
267 				return -1;
268 			p   += 4;
269 			n   += 4;
270 			len -= 4;
271 			break;
272 
273 		case 0xC0:
274 			if (len < 2)
275 				return -1;
276 			l = p[1];
277 			if (len < 2 + l)
278 				return -1;
279 			if (*p == FAC_NATIONAL_DEST_DIGI) {
280 				if (!fac_national_digis_received) {
281 					if (l < AX25_ADDR_LEN)
282 						return -1;
283 					memcpy(&facilities->source_digis[0], p + 2, AX25_ADDR_LEN);
284 					facilities->source_ndigis = 1;
285 				}
286 			}
287 			else if (*p == FAC_NATIONAL_SRC_DIGI) {
288 				if (!fac_national_digis_received) {
289 					if (l < AX25_ADDR_LEN)
290 						return -1;
291 					memcpy(&facilities->dest_digis[0], p + 2, AX25_ADDR_LEN);
292 					facilities->dest_ndigis = 1;
293 				}
294 			}
295 			else if (*p == FAC_NATIONAL_FAIL_CALL) {
296 				if (l < AX25_ADDR_LEN)
297 					return -1;
298 				memcpy(&facilities->fail_call, p + 2, AX25_ADDR_LEN);
299 			}
300 			else if (*p == FAC_NATIONAL_FAIL_ADD) {
301 				if (l < 1 + ROSE_ADDR_LEN)
302 					return -1;
303 				memcpy(&facilities->fail_addr, p + 3, ROSE_ADDR_LEN);
304 			}
305 			else if (*p == FAC_NATIONAL_DIGIS) {
306 				if (l % AX25_ADDR_LEN)
307 					return -1;
308 				fac_national_digis_received = 1;
309 				facilities->source_ndigis = 0;
310 				facilities->dest_ndigis   = 0;
311 				for (pt = p + 2, lg = 0 ; lg < l ; pt += AX25_ADDR_LEN, lg += AX25_ADDR_LEN) {
312 					if (pt[6] & AX25_HBIT) {
313 						if (facilities->dest_ndigis >= ROSE_MAX_DIGIS)
314 							return -1;
315 						memcpy(&facilities->dest_digis[facilities->dest_ndigis++], pt, AX25_ADDR_LEN);
316 					} else {
317 						if (facilities->source_ndigis >= ROSE_MAX_DIGIS)
318 							return -1;
319 						memcpy(&facilities->source_digis[facilities->source_ndigis++], pt, AX25_ADDR_LEN);
320 					}
321 				}
322 			}
323 			p   += l + 2;
324 			n   += l + 2;
325 			len -= l + 2;
326 			break;
327 		}
328 	} while (*p != 0x00 && len > 0);
329 
330 	return n;
331 }
332 
rose_parse_ccitt(unsigned char * p,struct rose_facilities_struct * facilities,int len)333 static int rose_parse_ccitt(unsigned char *p, struct rose_facilities_struct *facilities, int len)
334 {
335 	unsigned char l, n = 0;
336 	char callsign[11];
337 
338 	do {
339 		switch (*p & 0xC0) {
340 		case 0x00:
341 			if (len < 2)
342 				return -1;
343 			p   += 2;
344 			n   += 2;
345 			len -= 2;
346 			break;
347 
348 		case 0x40:
349 			if (len < 3)
350 				return -1;
351 			p   += 3;
352 			n   += 3;
353 			len -= 3;
354 			break;
355 
356 		case 0x80:
357 			if (len < 4)
358 				return -1;
359 			p   += 4;
360 			n   += 4;
361 			len -= 4;
362 			break;
363 
364 		case 0xC0:
365 			if (len < 2)
366 				return -1;
367 			l = p[1];
368 
369 			/* Prevent overflows*/
370 			if (l < 10 || l > 20)
371 				return -1;
372 
373 			if (*p == FAC_CCITT_DEST_NSAP) {
374 				memcpy(&facilities->source_addr, p + 7, ROSE_ADDR_LEN);
375 				memcpy(callsign, p + 12,   l - 10);
376 				callsign[l - 10] = '\0';
377 				asc2ax(&facilities->source_call, callsign);
378 			}
379 			if (*p == FAC_CCITT_SRC_NSAP) {
380 				memcpy(&facilities->dest_addr, p + 7, ROSE_ADDR_LEN);
381 				memcpy(callsign, p + 12, l - 10);
382 				callsign[l - 10] = '\0';
383 				asc2ax(&facilities->dest_call, callsign);
384 			}
385 			p   += l + 2;
386 			n   += l + 2;
387 			len -= l + 2;
388 			break;
389 		}
390 	} while (*p != 0x00 && len > 0);
391 
392 	return n;
393 }
394 
rose_parse_facilities(unsigned char * p,unsigned packet_len,struct rose_facilities_struct * facilities)395 int rose_parse_facilities(unsigned char *p, unsigned packet_len,
396 	struct rose_facilities_struct *facilities)
397 {
398 	int facilities_len, len;
399 
400 	facilities_len = *p++;
401 
402 	if (facilities_len == 0 || (unsigned int)facilities_len > packet_len)
403 		return 0;
404 
405 	while (facilities_len >= 3 && *p == 0x00) {
406 		facilities_len--;
407 		p++;
408 
409 		switch (*p) {
410 		case FAC_NATIONAL:		/* National */
411 			len = rose_parse_national(p + 1, facilities, facilities_len - 1);
412 			break;
413 
414 		case FAC_CCITT:		/* CCITT */
415 			len = rose_parse_ccitt(p + 1, facilities, facilities_len - 1);
416 			break;
417 
418 		default:
419 			printk(KERN_DEBUG "ROSE: rose_parse_facilities - unknown facilities family %02X\n", *p);
420 			len = 1;
421 			break;
422 		}
423 
424 		if (len < 0)
425 			return 0;
426 		if (WARN_ON(len >= facilities_len))
427 			return 0;
428 		facilities_len -= len + 1;
429 		p += len + 1;
430 	}
431 
432 	return facilities_len == 0;
433 }
434 
rose_create_facilities(unsigned char * buffer,struct rose_sock * rose)435 static int rose_create_facilities(unsigned char *buffer, struct rose_sock *rose)
436 {
437 	unsigned char *p = buffer + 1;
438 	char *callsign;
439 	char buf[11];
440 	int len, nb;
441 
442 	/* National Facilities */
443 	if (rose->rand != 0 || rose->source_ndigis == 1 || rose->dest_ndigis == 1) {
444 		*p++ = 0x00;
445 		*p++ = FAC_NATIONAL;
446 
447 		if (rose->rand != 0) {
448 			*p++ = FAC_NATIONAL_RAND;
449 			*p++ = (rose->rand >> 8) & 0xFF;
450 			*p++ = (rose->rand >> 0) & 0xFF;
451 		}
452 
453 		/* Sent before older facilities */
454 		if ((rose->source_ndigis > 0) || (rose->dest_ndigis > 0)) {
455 			int maxdigi = 0;
456 			*p++ = FAC_NATIONAL_DIGIS;
457 			*p++ = AX25_ADDR_LEN * (rose->source_ndigis + rose->dest_ndigis);
458 			for (nb = 0 ; nb < rose->source_ndigis ; nb++) {
459 				if (++maxdigi >= ROSE_MAX_DIGIS)
460 					break;
461 				memcpy(p, &rose->source_digis[nb], AX25_ADDR_LEN);
462 				p[6] |= AX25_HBIT;
463 				p += AX25_ADDR_LEN;
464 			}
465 			for (nb = 0 ; nb < rose->dest_ndigis ; nb++) {
466 				if (++maxdigi >= ROSE_MAX_DIGIS)
467 					break;
468 				memcpy(p, &rose->dest_digis[nb], AX25_ADDR_LEN);
469 				p[6] &= ~AX25_HBIT;
470 				p += AX25_ADDR_LEN;
471 			}
472 		}
473 
474 		/* For compatibility */
475 		if (rose->source_ndigis > 0) {
476 			*p++ = FAC_NATIONAL_SRC_DIGI;
477 			*p++ = AX25_ADDR_LEN;
478 			memcpy(p, &rose->source_digis[0], AX25_ADDR_LEN);
479 			p   += AX25_ADDR_LEN;
480 		}
481 
482 		/* For compatibility */
483 		if (rose->dest_ndigis > 0) {
484 			*p++ = FAC_NATIONAL_DEST_DIGI;
485 			*p++ = AX25_ADDR_LEN;
486 			memcpy(p, &rose->dest_digis[0], AX25_ADDR_LEN);
487 			p   += AX25_ADDR_LEN;
488 		}
489 	}
490 
491 	*p++ = 0x00;
492 	*p++ = FAC_CCITT;
493 
494 	*p++ = FAC_CCITT_DEST_NSAP;
495 
496 	callsign = ax2asc(buf, &rose->dest_call);
497 
498 	*p++ = strlen(callsign) + 10;
499 	*p++ = (strlen(callsign) + 9) * 2;		/* ??? */
500 
501 	*p++ = 0x47; *p++ = 0x00; *p++ = 0x11;
502 	*p++ = ROSE_ADDR_LEN * 2;
503 	memcpy(p, &rose->dest_addr, ROSE_ADDR_LEN);
504 	p   += ROSE_ADDR_LEN;
505 
506 	memcpy(p, callsign, strlen(callsign));
507 	p   += strlen(callsign);
508 
509 	*p++ = FAC_CCITT_SRC_NSAP;
510 
511 	callsign = ax2asc(buf, &rose->source_call);
512 
513 	*p++ = strlen(callsign) + 10;
514 	*p++ = (strlen(callsign) + 9) * 2;		/* ??? */
515 
516 	*p++ = 0x47; *p++ = 0x00; *p++ = 0x11;
517 	*p++ = ROSE_ADDR_LEN * 2;
518 	memcpy(p, &rose->source_addr, ROSE_ADDR_LEN);
519 	p   += ROSE_ADDR_LEN;
520 
521 	memcpy(p, callsign, strlen(callsign));
522 	p   += strlen(callsign);
523 
524 	len       = p - buffer;
525 	buffer[0] = len - 1;
526 
527 	return len;
528 }
529 
rose_disconnect(struct sock * sk,int reason,int cause,int diagnostic)530 void rose_disconnect(struct sock *sk, int reason, int cause, int diagnostic)
531 {
532 	struct rose_sock *rose = rose_sk(sk);
533 
534 	rose_stop_timer(sk);
535 	rose_stop_idletimer(sk);
536 
537 	rose_clear_queues(sk);
538 
539 	rose->lci   = 0;
540 	rose->state = ROSE_STATE_0;
541 
542 	if (cause != -1)
543 		rose->cause = cause;
544 
545 	if (diagnostic != -1)
546 		rose->diagnostic = diagnostic;
547 
548 	sk->sk_state     = TCP_CLOSE;
549 	sk->sk_err       = reason;
550 	sk->sk_shutdown |= SEND_SHUTDOWN;
551 
552 	if (!sock_flag(sk, SOCK_DEAD)) {
553 		sk->sk_state_change(sk);
554 		sock_set_flag(sk, SOCK_DEAD);
555 	}
556 }
557