1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  *
4  * Copyright Jonathan Naylor G4KLX (g4klx@g4klx.demon.co.uk)
5  */
6 #include <linux/errno.h>
7 #include <linux/types.h>
8 #include <linux/socket.h>
9 #include <linux/in.h>
10 #include <linux/kernel.h>
11 #include <linux/timer.h>
12 #include <linux/string.h>
13 #include <linux/sockios.h>
14 #include <linux/net.h>
15 #include <linux/slab.h>
16 #include <net/ax25.h>
17 #include <linux/inet.h>
18 #include <linux/netdevice.h>
19 #include <linux/skbuff.h>
20 #include <net/sock.h>
21 #include <net/tcp_states.h>
22 #include <linux/uaccess.h>
23 #include <linux/fcntl.h>
24 #include <linux/mm.h>
25 #include <linux/interrupt.h>
26 #include <net/netrom.h>
27 
28 /*
29  *	This routine purges all of the queues of frames.
30  */
nr_clear_queues(struct sock * sk)31 void nr_clear_queues(struct sock *sk)
32 {
33 	struct nr_sock *nr = nr_sk(sk);
34 
35 	skb_queue_purge(&sk->sk_write_queue);
36 	skb_queue_purge(&nr->ack_queue);
37 	skb_queue_purge(&nr->reseq_queue);
38 	skb_queue_purge(&nr->frag_queue);
39 }
40 
41 /*
42  * This routine purges the input queue of those frames that have been
43  * acknowledged. This replaces the boxes labelled "V(a) <- N(r)" on the
44  * SDL diagram.
45  */
nr_frames_acked(struct sock * sk,unsigned short nr)46 void nr_frames_acked(struct sock *sk, unsigned short nr)
47 {
48 	struct nr_sock *nrom = nr_sk(sk);
49 	struct sk_buff *skb;
50 
51 	/*
52 	 * Remove all the ack-ed frames from the ack queue.
53 	 */
54 	if (nrom->va != nr) {
55 		while (skb_peek(&nrom->ack_queue) != NULL && nrom->va != nr) {
56 			skb = skb_dequeue(&nrom->ack_queue);
57 			kfree_skb(skb);
58 			nrom->va = (nrom->va + 1) % NR_MODULUS;
59 		}
60 	}
61 }
62 
63 /*
64  * Requeue all the un-ack-ed frames on the output queue to be picked
65  * up by nr_kick called from the timer. This arrangement handles the
66  * possibility of an empty output queue.
67  */
nr_requeue_frames(struct sock * sk)68 void nr_requeue_frames(struct sock *sk)
69 {
70 	struct sk_buff *skb, *skb_prev = NULL;
71 
72 	while ((skb = skb_dequeue(&nr_sk(sk)->ack_queue)) != NULL) {
73 		if (skb_prev == NULL)
74 			skb_queue_head(&sk->sk_write_queue, skb);
75 		else
76 			skb_append(skb_prev, skb, &sk->sk_write_queue);
77 		skb_prev = skb;
78 	}
79 }
80 
81 /*
82  *	Validate that the value of nr is between va and vs. Return true or
83  *	false for testing.
84  */
nr_validate_nr(struct sock * sk,unsigned short nr)85 int nr_validate_nr(struct sock *sk, unsigned short nr)
86 {
87 	struct nr_sock *nrom = nr_sk(sk);
88 	unsigned short vc = nrom->va;
89 
90 	while (vc != nrom->vs) {
91 		if (nr == vc) return 1;
92 		vc = (vc + 1) % NR_MODULUS;
93 	}
94 
95 	return nr == nrom->vs;
96 }
97 
98 /*
99  *	Check that ns is within the receive window.
100  */
nr_in_rx_window(struct sock * sk,unsigned short ns)101 int nr_in_rx_window(struct sock *sk, unsigned short ns)
102 {
103 	struct nr_sock *nr = nr_sk(sk);
104 	unsigned short vc = nr->vr;
105 	unsigned short vt = (nr->vl + nr->window) % NR_MODULUS;
106 
107 	while (vc != vt) {
108 		if (ns == vc) return 1;
109 		vc = (vc + 1) % NR_MODULUS;
110 	}
111 
112 	return 0;
113 }
114 
115 /*
116  *  This routine is called when the HDLC layer internally generates a
117  *  control frame.
118  */
nr_write_internal(struct sock * sk,int frametype)119 void nr_write_internal(struct sock *sk, int frametype)
120 {
121 	struct nr_sock *nr = nr_sk(sk);
122 	struct sk_buff *skb;
123 	unsigned char  *dptr;
124 	int len, timeout;
125 
126 	len = NR_TRANSPORT_LEN;
127 
128 	switch (frametype & 0x0F) {
129 	case NR_CONNREQ:
130 		len += 17;
131 		break;
132 	case NR_CONNACK:
133 		len += (nr->bpqext) ? 2 : 1;
134 		break;
135 	case NR_DISCREQ:
136 	case NR_DISCACK:
137 	case NR_INFOACK:
138 		break;
139 	default:
140 		printk(KERN_ERR "NET/ROM: nr_write_internal - invalid frame type %d\n", frametype);
141 		return;
142 	}
143 
144 	skb = alloc_skb(NR_NETWORK_LEN + len, GFP_ATOMIC);
145 	if (!skb)
146 		return;
147 
148 	/*
149 	 *	Space for AX.25 and NET/ROM network header
150 	 */
151 	skb_reserve(skb, NR_NETWORK_LEN);
152 
153 	dptr = skb_put(skb, len);
154 
155 	switch (frametype & 0x0F) {
156 	case NR_CONNREQ:
157 		timeout  = nr->t1 / HZ;
158 		*dptr++  = nr->my_index;
159 		*dptr++  = nr->my_id;
160 		*dptr++  = 0;
161 		*dptr++  = 0;
162 		*dptr++  = frametype;
163 		*dptr++  = nr->window;
164 		memcpy(dptr, &nr->user_addr, AX25_ADDR_LEN);
165 		dptr[6] &= ~AX25_CBIT;
166 		dptr[6] &= ~AX25_EBIT;
167 		dptr[6] |= AX25_SSSID_SPARE;
168 		dptr    += AX25_ADDR_LEN;
169 		memcpy(dptr, &nr->source_addr, AX25_ADDR_LEN);
170 		dptr[6] &= ~AX25_CBIT;
171 		dptr[6] &= ~AX25_EBIT;
172 		dptr[6] |= AX25_SSSID_SPARE;
173 		dptr    += AX25_ADDR_LEN;
174 		*dptr++  = timeout % 256;
175 		*dptr++  = timeout / 256;
176 		break;
177 
178 	case NR_CONNACK:
179 		*dptr++ = nr->your_index;
180 		*dptr++ = nr->your_id;
181 		*dptr++ = nr->my_index;
182 		*dptr++ = nr->my_id;
183 		*dptr++ = frametype;
184 		*dptr++ = nr->window;
185 		if (nr->bpqext) *dptr++ = sysctl_netrom_network_ttl_initialiser;
186 		break;
187 
188 	case NR_DISCREQ:
189 	case NR_DISCACK:
190 		*dptr++ = nr->your_index;
191 		*dptr++ = nr->your_id;
192 		*dptr++ = 0;
193 		*dptr++ = 0;
194 		*dptr++ = frametype;
195 		break;
196 
197 	case NR_INFOACK:
198 		*dptr++ = nr->your_index;
199 		*dptr++ = nr->your_id;
200 		*dptr++ = 0;
201 		*dptr++ = nr->vr;
202 		*dptr++ = frametype;
203 		break;
204 	}
205 
206 	nr_transmit_buffer(sk, skb);
207 }
208 
209 /*
210  * This routine is called to send an error reply.
211  */
__nr_transmit_reply(struct sk_buff * skb,int mine,unsigned char cmdflags)212 void __nr_transmit_reply(struct sk_buff *skb, int mine, unsigned char cmdflags)
213 {
214 	struct sk_buff *skbn;
215 	unsigned char *dptr;
216 	int len;
217 
218 	len = NR_NETWORK_LEN + NR_TRANSPORT_LEN + 1;
219 
220 	if ((skbn = alloc_skb(len, GFP_ATOMIC)) == NULL)
221 		return;
222 
223 	skb_reserve(skbn, 0);
224 
225 	dptr = skb_put(skbn, NR_NETWORK_LEN + NR_TRANSPORT_LEN);
226 
227 	skb_copy_from_linear_data_offset(skb, 7, dptr, AX25_ADDR_LEN);
228 	dptr[6] &= ~AX25_CBIT;
229 	dptr[6] &= ~AX25_EBIT;
230 	dptr[6] |= AX25_SSSID_SPARE;
231 	dptr += AX25_ADDR_LEN;
232 
233 	skb_copy_from_linear_data(skb, dptr, AX25_ADDR_LEN);
234 	dptr[6] &= ~AX25_CBIT;
235 	dptr[6] |= AX25_EBIT;
236 	dptr[6] |= AX25_SSSID_SPARE;
237 	dptr += AX25_ADDR_LEN;
238 
239 	*dptr++ = sysctl_netrom_network_ttl_initialiser;
240 
241 	if (mine) {
242 		*dptr++ = 0;
243 		*dptr++ = 0;
244 		*dptr++ = skb->data[15];
245 		*dptr++ = skb->data[16];
246 	} else {
247 		*dptr++ = skb->data[15];
248 		*dptr++ = skb->data[16];
249 		*dptr++ = 0;
250 		*dptr++ = 0;
251 	}
252 
253 	*dptr++ = cmdflags;
254 	*dptr++ = 0;
255 
256 	if (!nr_route_frame(skbn, NULL))
257 		kfree_skb(skbn);
258 }
259 
nr_disconnect(struct sock * sk,int reason)260 void nr_disconnect(struct sock *sk, int reason)
261 {
262 	nr_stop_t1timer(sk);
263 	nr_stop_t2timer(sk);
264 	nr_stop_t4timer(sk);
265 	nr_stop_idletimer(sk);
266 
267 	nr_clear_queues(sk);
268 
269 	nr_sk(sk)->state = NR_STATE_0;
270 
271 	sk->sk_state     = TCP_CLOSE;
272 	sk->sk_err       = reason;
273 	sk->sk_shutdown |= SEND_SHUTDOWN;
274 
275 	if (!sock_flag(sk, SOCK_DEAD)) {
276 		sk->sk_state_change(sk);
277 		sock_set_flag(sk, SOCK_DEAD);
278 	}
279 }
280