Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 1 | /* |
| 2 | * DECnet An implementation of the DECnet protocol suite for the LINUX |
| 3 | * operating system. DECnet is implemented using the BSD Socket |
| 4 | * interface as the means of communication with the user level. |
| 5 | * |
| 6 | * DECnet Network Services Protocol (Input) |
| 7 | * |
| 8 | * Author: Eduardo Marcelo Serrat <emserrat@geocities.com> |
| 9 | * |
| 10 | * Changes: |
| 11 | * |
| 12 | * Steve Whitehouse: Split into dn_nsp_in.c and dn_nsp_out.c from |
| 13 | * original dn_nsp.c. |
| 14 | * Steve Whitehouse: Updated to work with my new routing architecture. |
| 15 | * Steve Whitehouse: Add changes from Eduardo Serrat's patches. |
| 16 | * Steve Whitehouse: Put all ack handling code in a common routine. |
| 17 | * Steve Whitehouse: Put other common bits into dn_nsp_rx() |
| 18 | * Steve Whitehouse: More checks on skb->len to catch bogus packets |
| 19 | * Fixed various race conditions and possible nasties. |
| 20 | * Steve Whitehouse: Now handles returned conninit frames. |
| 21 | * David S. Miller: New socket locking |
| 22 | * Steve Whitehouse: Fixed lockup when socket filtering was enabled. |
| 23 | * Paul Koning: Fix to push CC sockets into RUN when acks are |
| 24 | * received. |
| 25 | * Steve Whitehouse: |
| 26 | * Patrick Caulfield: Checking conninits for correctness & sending of error |
| 27 | * responses. |
| 28 | * Steve Whitehouse: Added backlog congestion level return codes. |
| 29 | * Patrick Caulfield: |
| 30 | * Steve Whitehouse: Added flow control support (outbound) |
| 31 | * Steve Whitehouse: Prepare for nonlinear skbs |
| 32 | */ |
| 33 | |
| 34 | /****************************************************************************** |
| 35 | (c) 1995-1998 E.M. Serrat emserrat@geocities.com |
| 36 | |
| 37 | This program is free software; you can redistribute it and/or modify |
| 38 | it under the terms of the GNU General Public License as published by |
| 39 | the Free Software Foundation; either version 2 of the License, or |
| 40 | any later version. |
| 41 | |
| 42 | This program is distributed in the hope that it will be useful, |
| 43 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 44 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 45 | GNU General Public License for more details. |
| 46 | *******************************************************************************/ |
| 47 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 48 | #include <linux/errno.h> |
| 49 | #include <linux/types.h> |
| 50 | #include <linux/socket.h> |
| 51 | #include <linux/in.h> |
| 52 | #include <linux/kernel.h> |
| 53 | #include <linux/sched.h> |
| 54 | #include <linux/timer.h> |
| 55 | #include <linux/string.h> |
| 56 | #include <linux/sockios.h> |
| 57 | #include <linux/net.h> |
| 58 | #include <linux/netdevice.h> |
| 59 | #include <linux/inet.h> |
| 60 | #include <linux/route.h> |
| 61 | #include <net/sock.h> |
Arnaldo Carvalho de Melo | c752f07 | 2005-08-09 20:08:28 -0700 | [diff] [blame] | 62 | #include <net/tcp_states.h> |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 63 | #include <asm/system.h> |
| 64 | #include <linux/fcntl.h> |
| 65 | #include <linux/mm.h> |
| 66 | #include <linux/termios.h> |
| 67 | #include <linux/interrupt.h> |
| 68 | #include <linux/proc_fs.h> |
| 69 | #include <linux/stat.h> |
| 70 | #include <linux/init.h> |
| 71 | #include <linux/poll.h> |
| 72 | #include <linux/netfilter_decnet.h> |
| 73 | #include <net/neighbour.h> |
| 74 | #include <net/dst.h> |
| 75 | #include <net/dn.h> |
| 76 | #include <net/dn_nsp.h> |
| 77 | #include <net/dn_dev.h> |
| 78 | #include <net/dn_route.h> |
| 79 | |
| 80 | extern int decnet_log_martians; |
| 81 | |
| 82 | static void dn_log_martian(struct sk_buff *skb, const char *msg) |
| 83 | { |
| 84 | if (decnet_log_martians && net_ratelimit()) { |
| 85 | char *devname = skb->dev ? skb->dev->name : "???"; |
| 86 | struct dn_skb_cb *cb = DN_SKB_CB(skb); |
Steven Whitehouse | c4ea94a | 2006-03-20 22:42:39 -0800 | [diff] [blame] | 87 | printk(KERN_INFO "DECnet: Martian packet (%s) dev=%s src=0x%04hx dst=0x%04hx srcport=0x%04hx dstport=0x%04hx\n", msg, devname, dn_ntohs(cb->src), dn_ntohs(cb->dst), dn_ntohs(cb->src_port), dn_ntohs(cb->dst_port)); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 88 | } |
| 89 | } |
| 90 | |
| 91 | /* |
| 92 | * For this function we've flipped the cross-subchannel bit |
| 93 | * if the message is an otherdata or linkservice message. Thus |
| 94 | * we can use it to work out what to update. |
| 95 | */ |
| 96 | static void dn_ack(struct sock *sk, struct sk_buff *skb, unsigned short ack) |
| 97 | { |
| 98 | struct dn_scp *scp = DN_SK(sk); |
| 99 | unsigned short type = ((ack >> 12) & 0x0003); |
| 100 | int wakeup = 0; |
| 101 | |
| 102 | switch(type) { |
| 103 | case 0: /* ACK - Data */ |
| 104 | if (dn_after(ack, scp->ackrcv_dat)) { |
| 105 | scp->ackrcv_dat = ack & 0x0fff; |
| 106 | wakeup |= dn_nsp_check_xmit_queue(sk, skb, &scp->data_xmit_queue, ack); |
| 107 | } |
| 108 | break; |
| 109 | case 1: /* NAK - Data */ |
| 110 | break; |
| 111 | case 2: /* ACK - OtherData */ |
| 112 | if (dn_after(ack, scp->ackrcv_oth)) { |
| 113 | scp->ackrcv_oth = ack & 0x0fff; |
| 114 | wakeup |= dn_nsp_check_xmit_queue(sk, skb, &scp->other_xmit_queue, ack); |
| 115 | } |
| 116 | break; |
| 117 | case 3: /* NAK - OtherData */ |
| 118 | break; |
| 119 | } |
| 120 | |
| 121 | if (wakeup && !sock_flag(sk, SOCK_DEAD)) |
| 122 | sk->sk_state_change(sk); |
| 123 | } |
| 124 | |
| 125 | /* |
| 126 | * This function is a universal ack processor. |
| 127 | */ |
| 128 | static int dn_process_ack(struct sock *sk, struct sk_buff *skb, int oth) |
| 129 | { |
Steven Whitehouse | c4ea94a | 2006-03-20 22:42:39 -0800 | [diff] [blame] | 130 | __le16 *ptr = (__le16 *)skb->data; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 131 | int len = 0; |
| 132 | unsigned short ack; |
| 133 | |
| 134 | if (skb->len < 2) |
| 135 | return len; |
| 136 | |
| 137 | if ((ack = dn_ntohs(*ptr)) & 0x8000) { |
| 138 | skb_pull(skb, 2); |
| 139 | ptr++; |
| 140 | len += 2; |
| 141 | if ((ack & 0x4000) == 0) { |
| 142 | if (oth) |
| 143 | ack ^= 0x2000; |
| 144 | dn_ack(sk, skb, ack); |
| 145 | } |
| 146 | } |
| 147 | |
| 148 | if (skb->len < 2) |
| 149 | return len; |
| 150 | |
| 151 | if ((ack = dn_ntohs(*ptr)) & 0x8000) { |
| 152 | skb_pull(skb, 2); |
| 153 | len += 2; |
| 154 | if ((ack & 0x4000) == 0) { |
| 155 | if (oth) |
| 156 | ack ^= 0x2000; |
| 157 | dn_ack(sk, skb, ack); |
| 158 | } |
| 159 | } |
| 160 | |
| 161 | return len; |
| 162 | } |
| 163 | |
| 164 | |
| 165 | /** |
| 166 | * dn_check_idf - Check an image data field format is correct. |
| 167 | * @pptr: Pointer to pointer to image data |
| 168 | * @len: Pointer to length of image data |
| 169 | * @max: The maximum allowed length of the data in the image data field |
| 170 | * @follow_on: Check that this many bytes exist beyond the end of the image data |
| 171 | * |
| 172 | * Returns: 0 if ok, -1 on error |
| 173 | */ |
| 174 | static inline int dn_check_idf(unsigned char **pptr, int *len, unsigned char max, unsigned char follow_on) |
| 175 | { |
| 176 | unsigned char *ptr = *pptr; |
| 177 | unsigned char flen = *ptr++; |
| 178 | |
| 179 | (*len)--; |
| 180 | if (flen > max) |
| 181 | return -1; |
| 182 | if ((flen + follow_on) > *len) |
| 183 | return -1; |
| 184 | |
| 185 | *len -= flen; |
| 186 | *pptr = ptr + flen; |
| 187 | return 0; |
| 188 | } |
| 189 | |
| 190 | /* |
| 191 | * Table of reason codes to pass back to node which sent us a badly |
| 192 | * formed message, plus text messages for the log. A zero entry in |
| 193 | * the reason field means "don't reply" otherwise a disc init is sent with |
| 194 | * the specified reason code. |
| 195 | */ |
| 196 | static struct { |
| 197 | unsigned short reason; |
| 198 | const char *text; |
| 199 | } ci_err_table[] = { |
| 200 | { 0, "CI: Truncated message" }, |
| 201 | { NSP_REASON_ID, "CI: Destination username error" }, |
| 202 | { NSP_REASON_ID, "CI: Destination username type" }, |
| 203 | { NSP_REASON_US, "CI: Source username error" }, |
| 204 | { 0, "CI: Truncated at menuver" }, |
| 205 | { 0, "CI: Truncated before access or user data" }, |
| 206 | { NSP_REASON_IO, "CI: Access data format error" }, |
| 207 | { NSP_REASON_IO, "CI: User data format error" } |
| 208 | }; |
| 209 | |
| 210 | /* |
| 211 | * This function uses a slightly different lookup method |
| 212 | * to find its sockets, since it searches on object name/number |
| 213 | * rather than port numbers. Various tests are done to ensure that |
| 214 | * the incoming data is in the correct format before it is queued to |
| 215 | * a socket. |
| 216 | */ |
| 217 | static struct sock *dn_find_listener(struct sk_buff *skb, unsigned short *reason) |
| 218 | { |
| 219 | struct dn_skb_cb *cb = DN_SKB_CB(skb); |
| 220 | struct nsp_conn_init_msg *msg = (struct nsp_conn_init_msg *)skb->data; |
| 221 | struct sockaddr_dn dstaddr; |
| 222 | struct sockaddr_dn srcaddr; |
| 223 | unsigned char type = 0; |
| 224 | int dstlen; |
| 225 | int srclen; |
| 226 | unsigned char *ptr; |
| 227 | int len; |
| 228 | int err = 0; |
| 229 | unsigned char menuver; |
| 230 | |
| 231 | memset(&dstaddr, 0, sizeof(struct sockaddr_dn)); |
| 232 | memset(&srcaddr, 0, sizeof(struct sockaddr_dn)); |
| 233 | |
| 234 | /* |
| 235 | * 1. Decode & remove message header |
| 236 | */ |
| 237 | cb->src_port = msg->srcaddr; |
| 238 | cb->dst_port = msg->dstaddr; |
| 239 | cb->services = msg->services; |
| 240 | cb->info = msg->info; |
| 241 | cb->segsize = dn_ntohs(msg->segsize); |
| 242 | |
| 243 | if (!pskb_may_pull(skb, sizeof(*msg))) |
| 244 | goto err_out; |
| 245 | |
| 246 | skb_pull(skb, sizeof(*msg)); |
| 247 | |
| 248 | len = skb->len; |
| 249 | ptr = skb->data; |
| 250 | |
| 251 | /* |
| 252 | * 2. Check destination end username format |
| 253 | */ |
| 254 | dstlen = dn_username2sockaddr(ptr, len, &dstaddr, &type); |
| 255 | err++; |
| 256 | if (dstlen < 0) |
| 257 | goto err_out; |
| 258 | |
| 259 | err++; |
| 260 | if (type > 1) |
| 261 | goto err_out; |
| 262 | |
| 263 | len -= dstlen; |
| 264 | ptr += dstlen; |
| 265 | |
| 266 | /* |
| 267 | * 3. Check source end username format |
| 268 | */ |
| 269 | srclen = dn_username2sockaddr(ptr, len, &srcaddr, &type); |
| 270 | err++; |
| 271 | if (srclen < 0) |
| 272 | goto err_out; |
| 273 | |
| 274 | len -= srclen; |
| 275 | ptr += srclen; |
| 276 | err++; |
| 277 | if (len < 1) |
| 278 | goto err_out; |
| 279 | |
| 280 | menuver = *ptr; |
| 281 | ptr++; |
| 282 | len--; |
| 283 | |
| 284 | /* |
| 285 | * 4. Check that optional data actually exists if menuver says it does |
| 286 | */ |
| 287 | err++; |
| 288 | if ((menuver & (DN_MENUVER_ACC | DN_MENUVER_USR)) && (len < 1)) |
| 289 | goto err_out; |
| 290 | |
| 291 | /* |
| 292 | * 5. Check optional access data format |
| 293 | */ |
| 294 | err++; |
| 295 | if (menuver & DN_MENUVER_ACC) { |
| 296 | if (dn_check_idf(&ptr, &len, 39, 1)) |
| 297 | goto err_out; |
| 298 | if (dn_check_idf(&ptr, &len, 39, 1)) |
| 299 | goto err_out; |
| 300 | if (dn_check_idf(&ptr, &len, 39, (menuver & DN_MENUVER_USR) ? 1 : 0)) |
| 301 | goto err_out; |
| 302 | } |
| 303 | |
| 304 | /* |
| 305 | * 6. Check optional user data format |
| 306 | */ |
| 307 | err++; |
| 308 | if (menuver & DN_MENUVER_USR) { |
| 309 | if (dn_check_idf(&ptr, &len, 16, 0)) |
| 310 | goto err_out; |
| 311 | } |
| 312 | |
| 313 | /* |
| 314 | * 7. Look up socket based on destination end username |
| 315 | */ |
| 316 | return dn_sklist_find_listener(&dstaddr); |
| 317 | err_out: |
| 318 | dn_log_martian(skb, ci_err_table[err].text); |
| 319 | *reason = ci_err_table[err].reason; |
| 320 | return NULL; |
| 321 | } |
| 322 | |
| 323 | |
| 324 | static void dn_nsp_conn_init(struct sock *sk, struct sk_buff *skb) |
| 325 | { |
| 326 | if (sk_acceptq_is_full(sk)) { |
| 327 | kfree_skb(skb); |
| 328 | return; |
| 329 | } |
| 330 | |
| 331 | sk->sk_ack_backlog++; |
| 332 | skb_queue_tail(&sk->sk_receive_queue, skb); |
| 333 | sk->sk_state_change(sk); |
| 334 | } |
| 335 | |
| 336 | static void dn_nsp_conn_conf(struct sock *sk, struct sk_buff *skb) |
| 337 | { |
| 338 | struct dn_skb_cb *cb = DN_SKB_CB(skb); |
| 339 | struct dn_scp *scp = DN_SK(sk); |
| 340 | unsigned char *ptr; |
| 341 | |
| 342 | if (skb->len < 4) |
| 343 | goto out; |
| 344 | |
| 345 | ptr = skb->data; |
| 346 | cb->services = *ptr++; |
| 347 | cb->info = *ptr++; |
Steven Whitehouse | c4ea94a | 2006-03-20 22:42:39 -0800 | [diff] [blame] | 348 | cb->segsize = dn_ntohs(*(__le16 *)ptr); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 349 | |
| 350 | if ((scp->state == DN_CI) || (scp->state == DN_CD)) { |
| 351 | scp->persist = 0; |
| 352 | scp->addrrem = cb->src_port; |
| 353 | sk->sk_state = TCP_ESTABLISHED; |
| 354 | scp->state = DN_RUN; |
| 355 | scp->services_rem = cb->services; |
| 356 | scp->info_rem = cb->info; |
| 357 | scp->segsize_rem = cb->segsize; |
| 358 | |
| 359 | if ((scp->services_rem & NSP_FC_MASK) == NSP_FC_NONE) |
| 360 | scp->max_window = decnet_no_fc_max_cwnd; |
| 361 | |
| 362 | if (skb->len > 0) { |
Steven Whitehouse | 375d9d7 | 2006-11-07 15:09:17 -0800 | [diff] [blame] | 363 | u16 dlen = *skb->data; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 364 | if ((dlen <= 16) && (dlen <= skb->len)) { |
Steven Whitehouse | 375d9d7 | 2006-11-07 15:09:17 -0800 | [diff] [blame] | 365 | scp->conndata_in.opt_optl = dn_htons(dlen); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 366 | memcpy(scp->conndata_in.opt_data, skb->data + 1, dlen); |
| 367 | } |
| 368 | } |
| 369 | dn_nsp_send_link(sk, DN_NOCHANGE, 0); |
| 370 | if (!sock_flag(sk, SOCK_DEAD)) |
| 371 | sk->sk_state_change(sk); |
| 372 | } |
| 373 | |
| 374 | out: |
| 375 | kfree_skb(skb); |
| 376 | } |
| 377 | |
| 378 | static void dn_nsp_conn_ack(struct sock *sk, struct sk_buff *skb) |
| 379 | { |
| 380 | struct dn_scp *scp = DN_SK(sk); |
| 381 | |
| 382 | if (scp->state == DN_CI) { |
| 383 | scp->state = DN_CD; |
| 384 | scp->persist = 0; |
| 385 | } |
| 386 | |
| 387 | kfree_skb(skb); |
| 388 | } |
| 389 | |
| 390 | static void dn_nsp_disc_init(struct sock *sk, struct sk_buff *skb) |
| 391 | { |
| 392 | struct dn_scp *scp = DN_SK(sk); |
| 393 | struct dn_skb_cb *cb = DN_SKB_CB(skb); |
| 394 | unsigned short reason; |
| 395 | |
| 396 | if (skb->len < 2) |
| 397 | goto out; |
| 398 | |
Steven Whitehouse | c4ea94a | 2006-03-20 22:42:39 -0800 | [diff] [blame] | 399 | reason = dn_ntohs(*(__le16 *)skb->data); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 400 | skb_pull(skb, 2); |
| 401 | |
Steven Whitehouse | c4ea94a | 2006-03-20 22:42:39 -0800 | [diff] [blame] | 402 | scp->discdata_in.opt_status = dn_htons(reason); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 403 | scp->discdata_in.opt_optl = 0; |
| 404 | memset(scp->discdata_in.opt_data, 0, 16); |
| 405 | |
| 406 | if (skb->len > 0) { |
Steven Whitehouse | 375d9d7 | 2006-11-07 15:09:17 -0800 | [diff] [blame] | 407 | u16 dlen = *skb->data; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 408 | if ((dlen <= 16) && (dlen <= skb->len)) { |
Steven Whitehouse | 375d9d7 | 2006-11-07 15:09:17 -0800 | [diff] [blame] | 409 | scp->discdata_in.opt_optl = dn_htons(dlen); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 410 | memcpy(scp->discdata_in.opt_data, skb->data + 1, dlen); |
| 411 | } |
| 412 | } |
| 413 | |
| 414 | scp->addrrem = cb->src_port; |
| 415 | sk->sk_state = TCP_CLOSE; |
| 416 | |
| 417 | switch(scp->state) { |
| 418 | case DN_CI: |
| 419 | case DN_CD: |
| 420 | scp->state = DN_RJ; |
| 421 | sk->sk_err = ECONNREFUSED; |
| 422 | break; |
| 423 | case DN_RUN: |
| 424 | sk->sk_shutdown |= SHUTDOWN_MASK; |
| 425 | scp->state = DN_DN; |
| 426 | break; |
| 427 | case DN_DI: |
| 428 | scp->state = DN_DIC; |
| 429 | break; |
| 430 | } |
| 431 | |
| 432 | if (!sock_flag(sk, SOCK_DEAD)) { |
| 433 | if (sk->sk_socket->state != SS_UNCONNECTED) |
| 434 | sk->sk_socket->state = SS_DISCONNECTING; |
| 435 | sk->sk_state_change(sk); |
| 436 | } |
| 437 | |
| 438 | /* |
| 439 | * It appears that its possible for remote machines to send disc |
| 440 | * init messages with no port identifier if we are in the CI and |
| 441 | * possibly also the CD state. Obviously we shouldn't reply with |
| 442 | * a message if we don't know what the end point is. |
| 443 | */ |
| 444 | if (scp->addrrem) { |
| 445 | dn_nsp_send_disc(sk, NSP_DISCCONF, NSP_REASON_DC, GFP_ATOMIC); |
| 446 | } |
| 447 | scp->persist_fxn = dn_destroy_timer; |
| 448 | scp->persist = dn_nsp_persist(sk); |
| 449 | |
| 450 | out: |
| 451 | kfree_skb(skb); |
| 452 | } |
| 453 | |
| 454 | /* |
| 455 | * disc_conf messages are also called no_resources or no_link |
| 456 | * messages depending upon the "reason" field. |
| 457 | */ |
| 458 | static void dn_nsp_disc_conf(struct sock *sk, struct sk_buff *skb) |
| 459 | { |
| 460 | struct dn_scp *scp = DN_SK(sk); |
| 461 | unsigned short reason; |
| 462 | |
| 463 | if (skb->len != 2) |
| 464 | goto out; |
| 465 | |
Steven Whitehouse | c4ea94a | 2006-03-20 22:42:39 -0800 | [diff] [blame] | 466 | reason = dn_ntohs(*(__le16 *)skb->data); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 467 | |
| 468 | sk->sk_state = TCP_CLOSE; |
| 469 | |
| 470 | switch(scp->state) { |
| 471 | case DN_CI: |
| 472 | scp->state = DN_NR; |
| 473 | break; |
| 474 | case DN_DR: |
| 475 | if (reason == NSP_REASON_DC) |
| 476 | scp->state = DN_DRC; |
| 477 | if (reason == NSP_REASON_NL) |
| 478 | scp->state = DN_CN; |
| 479 | break; |
| 480 | case DN_DI: |
| 481 | scp->state = DN_DIC; |
| 482 | break; |
| 483 | case DN_RUN: |
| 484 | sk->sk_shutdown |= SHUTDOWN_MASK; |
| 485 | case DN_CC: |
| 486 | scp->state = DN_CN; |
| 487 | } |
| 488 | |
| 489 | if (!sock_flag(sk, SOCK_DEAD)) { |
| 490 | if (sk->sk_socket->state != SS_UNCONNECTED) |
| 491 | sk->sk_socket->state = SS_DISCONNECTING; |
| 492 | sk->sk_state_change(sk); |
| 493 | } |
| 494 | |
| 495 | scp->persist_fxn = dn_destroy_timer; |
| 496 | scp->persist = dn_nsp_persist(sk); |
| 497 | |
| 498 | out: |
| 499 | kfree_skb(skb); |
| 500 | } |
| 501 | |
| 502 | static void dn_nsp_linkservice(struct sock *sk, struct sk_buff *skb) |
| 503 | { |
| 504 | struct dn_scp *scp = DN_SK(sk); |
| 505 | unsigned short segnum; |
| 506 | unsigned char lsflags; |
| 507 | signed char fcval; |
| 508 | int wake_up = 0; |
| 509 | char *ptr = skb->data; |
| 510 | unsigned char fctype = scp->services_rem & NSP_FC_MASK; |
| 511 | |
| 512 | if (skb->len != 4) |
| 513 | goto out; |
| 514 | |
Steven Whitehouse | c4ea94a | 2006-03-20 22:42:39 -0800 | [diff] [blame] | 515 | segnum = dn_ntohs(*(__le16 *)ptr); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 516 | ptr += 2; |
| 517 | lsflags = *(unsigned char *)ptr++; |
| 518 | fcval = *ptr; |
| 519 | |
| 520 | /* |
| 521 | * Here we ignore erronous packets which should really |
| 522 | * should cause a connection abort. It is not critical |
| 523 | * for now though. |
| 524 | */ |
| 525 | if (lsflags & 0xf8) |
| 526 | goto out; |
| 527 | |
| 528 | if (seq_next(scp->numoth_rcv, segnum)) { |
| 529 | seq_add(&scp->numoth_rcv, 1); |
| 530 | switch(lsflags & 0x04) { /* FCVAL INT */ |
| 531 | case 0x00: /* Normal Request */ |
| 532 | switch(lsflags & 0x03) { /* FCVAL MOD */ |
| 533 | case 0x00: /* Request count */ |
| 534 | if (fcval < 0) { |
| 535 | unsigned char p_fcval = -fcval; |
| 536 | if ((scp->flowrem_dat > p_fcval) && |
| 537 | (fctype == NSP_FC_SCMC)) { |
| 538 | scp->flowrem_dat -= p_fcval; |
| 539 | } |
| 540 | } else if (fcval > 0) { |
| 541 | scp->flowrem_dat += fcval; |
| 542 | wake_up = 1; |
| 543 | } |
| 544 | break; |
| 545 | case 0x01: /* Stop outgoing data */ |
| 546 | scp->flowrem_sw = DN_DONTSEND; |
| 547 | break; |
| 548 | case 0x02: /* Ok to start again */ |
| 549 | scp->flowrem_sw = DN_SEND; |
| 550 | dn_nsp_output(sk); |
| 551 | wake_up = 1; |
| 552 | } |
| 553 | break; |
| 554 | case 0x04: /* Interrupt Request */ |
| 555 | if (fcval > 0) { |
| 556 | scp->flowrem_oth += fcval; |
| 557 | wake_up = 1; |
| 558 | } |
| 559 | break; |
| 560 | } |
| 561 | if (wake_up && !sock_flag(sk, SOCK_DEAD)) |
| 562 | sk->sk_state_change(sk); |
| 563 | } |
| 564 | |
| 565 | dn_nsp_send_oth_ack(sk); |
| 566 | |
| 567 | out: |
| 568 | kfree_skb(skb); |
| 569 | } |
| 570 | |
| 571 | /* |
| 572 | * Copy of sock_queue_rcv_skb (from sock.h) without |
| 573 | * bh_lock_sock() (its already held when this is called) which |
| 574 | * also allows data and other data to be queued to a socket. |
| 575 | */ |
| 576 | static __inline__ int dn_queue_skb(struct sock *sk, struct sk_buff *skb, int sig, struct sk_buff_head *queue) |
| 577 | { |
| 578 | int err; |
| 579 | |
| 580 | /* Cast skb->rcvbuf to unsigned... It's pointless, but reduces |
| 581 | number of warnings when compiling with -W --ANK |
| 582 | */ |
| 583 | if (atomic_read(&sk->sk_rmem_alloc) + skb->truesize >= |
| 584 | (unsigned)sk->sk_rcvbuf) { |
| 585 | err = -ENOMEM; |
| 586 | goto out; |
| 587 | } |
| 588 | |
Dmitry Mishin | fda9ef5 | 2006-08-31 15:28:39 -0700 | [diff] [blame] | 589 | err = sk_filter(sk, skb); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 590 | if (err) |
| 591 | goto out; |
| 592 | |
| 593 | skb_set_owner_r(skb, sk); |
| 594 | skb_queue_tail(queue, skb); |
| 595 | |
| 596 | /* This code only runs from BH or BH protected context. |
| 597 | * Therefore the plain read_lock is ok here. -DaveM |
| 598 | */ |
| 599 | read_lock(&sk->sk_callback_lock); |
| 600 | if (!sock_flag(sk, SOCK_DEAD)) { |
| 601 | struct socket *sock = sk->sk_socket; |
| 602 | wake_up_interruptible(sk->sk_sleep); |
| 603 | if (sock && sock->fasync_list && |
| 604 | !test_bit(SOCK_ASYNC_WAITDATA, &sock->flags)) |
| 605 | __kill_fasync(sock->fasync_list, sig, |
| 606 | (sig == SIGURG) ? POLL_PRI : POLL_IN); |
| 607 | } |
| 608 | read_unlock(&sk->sk_callback_lock); |
| 609 | out: |
| 610 | return err; |
| 611 | } |
| 612 | |
| 613 | static void dn_nsp_otherdata(struct sock *sk, struct sk_buff *skb) |
| 614 | { |
| 615 | struct dn_scp *scp = DN_SK(sk); |
| 616 | unsigned short segnum; |
| 617 | struct dn_skb_cb *cb = DN_SKB_CB(skb); |
| 618 | int queued = 0; |
| 619 | |
| 620 | if (skb->len < 2) |
| 621 | goto out; |
| 622 | |
Steven Whitehouse | c4ea94a | 2006-03-20 22:42:39 -0800 | [diff] [blame] | 623 | cb->segnum = segnum = dn_ntohs(*(__le16 *)skb->data); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 624 | skb_pull(skb, 2); |
| 625 | |
| 626 | if (seq_next(scp->numoth_rcv, segnum)) { |
| 627 | |
| 628 | if (dn_queue_skb(sk, skb, SIGURG, &scp->other_receive_queue) == 0) { |
| 629 | seq_add(&scp->numoth_rcv, 1); |
| 630 | scp->other_report = 0; |
| 631 | queued = 1; |
| 632 | } |
| 633 | } |
| 634 | |
| 635 | dn_nsp_send_oth_ack(sk); |
| 636 | out: |
| 637 | if (!queued) |
| 638 | kfree_skb(skb); |
| 639 | } |
| 640 | |
| 641 | static void dn_nsp_data(struct sock *sk, struct sk_buff *skb) |
| 642 | { |
| 643 | int queued = 0; |
| 644 | unsigned short segnum; |
| 645 | struct dn_skb_cb *cb = DN_SKB_CB(skb); |
| 646 | struct dn_scp *scp = DN_SK(sk); |
| 647 | |
| 648 | if (skb->len < 2) |
| 649 | goto out; |
| 650 | |
Steven Whitehouse | c4ea94a | 2006-03-20 22:42:39 -0800 | [diff] [blame] | 651 | cb->segnum = segnum = dn_ntohs(*(__le16 *)skb->data); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 652 | skb_pull(skb, 2); |
| 653 | |
| 654 | if (seq_next(scp->numdat_rcv, segnum)) { |
| 655 | if (dn_queue_skb(sk, skb, SIGIO, &sk->sk_receive_queue) == 0) { |
| 656 | seq_add(&scp->numdat_rcv, 1); |
| 657 | queued = 1; |
| 658 | } |
| 659 | |
| 660 | if ((scp->flowloc_sw == DN_SEND) && dn_congested(sk)) { |
| 661 | scp->flowloc_sw = DN_DONTSEND; |
| 662 | dn_nsp_send_link(sk, DN_DONTSEND, 0); |
| 663 | } |
| 664 | } |
| 665 | |
| 666 | dn_nsp_send_data_ack(sk); |
| 667 | out: |
| 668 | if (!queued) |
| 669 | kfree_skb(skb); |
| 670 | } |
| 671 | |
| 672 | /* |
| 673 | * If one of our conninit messages is returned, this function |
| 674 | * deals with it. It puts the socket into the NO_COMMUNICATION |
| 675 | * state. |
| 676 | */ |
| 677 | static void dn_returned_conn_init(struct sock *sk, struct sk_buff *skb) |
| 678 | { |
| 679 | struct dn_scp *scp = DN_SK(sk); |
| 680 | |
| 681 | if (scp->state == DN_CI) { |
| 682 | scp->state = DN_NC; |
| 683 | sk->sk_state = TCP_CLOSE; |
| 684 | if (!sock_flag(sk, SOCK_DEAD)) |
| 685 | sk->sk_state_change(sk); |
| 686 | } |
| 687 | |
| 688 | kfree_skb(skb); |
| 689 | } |
| 690 | |
| 691 | static int dn_nsp_no_socket(struct sk_buff *skb, unsigned short reason) |
| 692 | { |
| 693 | struct dn_skb_cb *cb = DN_SKB_CB(skb); |
| 694 | int ret = NET_RX_DROP; |
| 695 | |
| 696 | /* Must not reply to returned packets */ |
| 697 | if (cb->rt_flags & DN_RT_F_RTS) |
| 698 | goto out; |
| 699 | |
| 700 | if ((reason != NSP_REASON_OK) && ((cb->nsp_flags & 0x0c) == 0x08)) { |
| 701 | switch(cb->nsp_flags & 0x70) { |
| 702 | case 0x10: |
| 703 | case 0x60: /* (Retransmitted) Connect Init */ |
| 704 | dn_nsp_return_disc(skb, NSP_DISCINIT, reason); |
| 705 | ret = NET_RX_SUCCESS; |
| 706 | break; |
| 707 | case 0x20: /* Connect Confirm */ |
| 708 | dn_nsp_return_disc(skb, NSP_DISCCONF, reason); |
| 709 | ret = NET_RX_SUCCESS; |
| 710 | break; |
| 711 | } |
| 712 | } |
| 713 | |
| 714 | out: |
| 715 | kfree_skb(skb); |
| 716 | return ret; |
| 717 | } |
| 718 | |
| 719 | static int dn_nsp_rx_packet(struct sk_buff *skb) |
| 720 | { |
| 721 | struct dn_skb_cb *cb = DN_SKB_CB(skb); |
| 722 | struct sock *sk = NULL; |
| 723 | unsigned char *ptr = (unsigned char *)skb->data; |
| 724 | unsigned short reason = NSP_REASON_NL; |
| 725 | |
| 726 | if (!pskb_may_pull(skb, 2)) |
| 727 | goto free_out; |
| 728 | |
| 729 | skb->h.raw = skb->data; |
| 730 | cb->nsp_flags = *ptr++; |
| 731 | |
| 732 | if (decnet_debug_level & 2) |
| 733 | printk(KERN_DEBUG "dn_nsp_rx: Message type 0x%02x\n", (int)cb->nsp_flags); |
| 734 | |
| 735 | if (cb->nsp_flags & 0x83) |
| 736 | goto free_out; |
| 737 | |
| 738 | /* |
| 739 | * Filter out conninits and useless packet types |
| 740 | */ |
| 741 | if ((cb->nsp_flags & 0x0c) == 0x08) { |
| 742 | switch(cb->nsp_flags & 0x70) { |
| 743 | case 0x00: /* NOP */ |
| 744 | case 0x70: /* Reserved */ |
| 745 | case 0x50: /* Reserved, Phase II node init */ |
| 746 | goto free_out; |
| 747 | case 0x10: |
| 748 | case 0x60: |
| 749 | if (unlikely(cb->rt_flags & DN_RT_F_RTS)) |
| 750 | goto free_out; |
| 751 | sk = dn_find_listener(skb, &reason); |
| 752 | goto got_it; |
| 753 | } |
| 754 | } |
| 755 | |
| 756 | if (!pskb_may_pull(skb, 3)) |
| 757 | goto free_out; |
| 758 | |
| 759 | /* |
| 760 | * Grab the destination address. |
| 761 | */ |
Steven Whitehouse | c4ea94a | 2006-03-20 22:42:39 -0800 | [diff] [blame] | 762 | cb->dst_port = *(__le16 *)ptr; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 763 | cb->src_port = 0; |
| 764 | ptr += 2; |
| 765 | |
| 766 | /* |
| 767 | * If not a connack, grab the source address too. |
| 768 | */ |
| 769 | if (pskb_may_pull(skb, 5)) { |
Steven Whitehouse | c4ea94a | 2006-03-20 22:42:39 -0800 | [diff] [blame] | 770 | cb->src_port = *(__le16 *)ptr; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 771 | ptr += 2; |
| 772 | skb_pull(skb, 5); |
| 773 | } |
| 774 | |
| 775 | /* |
| 776 | * Returned packets... |
| 777 | * Swap src & dst and look up in the normal way. |
| 778 | */ |
| 779 | if (unlikely(cb->rt_flags & DN_RT_F_RTS)) { |
Steven Whitehouse | c4ea94a | 2006-03-20 22:42:39 -0800 | [diff] [blame] | 780 | __le16 tmp = cb->dst_port; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 781 | cb->dst_port = cb->src_port; |
| 782 | cb->src_port = tmp; |
| 783 | tmp = cb->dst; |
| 784 | cb->dst = cb->src; |
| 785 | cb->src = tmp; |
| 786 | } |
| 787 | |
| 788 | /* |
| 789 | * Find the socket to which this skb is destined. |
| 790 | */ |
| 791 | sk = dn_find_by_skb(skb); |
| 792 | got_it: |
| 793 | if (sk != NULL) { |
| 794 | struct dn_scp *scp = DN_SK(sk); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 795 | |
| 796 | /* Reset backoff */ |
| 797 | scp->nsp_rxtshift = 0; |
| 798 | |
| 799 | /* |
| 800 | * We linearize everything except data segments here. |
| 801 | */ |
| 802 | if (cb->nsp_flags & ~0x60) { |
Herbert Xu | 364c6ba | 2006-06-09 16:10:40 -0700 | [diff] [blame] | 803 | if (unlikely(skb_linearize(skb))) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 804 | goto free_out; |
| 805 | } |
| 806 | |
Arnaldo Carvalho de Melo | 25995ff | 2005-12-27 02:42:22 -0200 | [diff] [blame] | 807 | return sk_receive_skb(sk, skb); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 808 | } |
| 809 | |
| 810 | return dn_nsp_no_socket(skb, reason); |
| 811 | |
| 812 | free_out: |
| 813 | kfree_skb(skb); |
| 814 | return NET_RX_DROP; |
| 815 | } |
| 816 | |
| 817 | int dn_nsp_rx(struct sk_buff *skb) |
| 818 | { |
| 819 | return NF_HOOK(PF_DECnet, NF_DN_LOCAL_IN, skb, skb->dev, NULL, dn_nsp_rx_packet); |
| 820 | } |
| 821 | |
| 822 | /* |
| 823 | * This is the main receive routine for sockets. It is called |
| 824 | * from the above when the socket is not busy, and also from |
| 825 | * sock_release() when there is a backlog queued up. |
| 826 | */ |
| 827 | int dn_nsp_backlog_rcv(struct sock *sk, struct sk_buff *skb) |
| 828 | { |
| 829 | struct dn_scp *scp = DN_SK(sk); |
| 830 | struct dn_skb_cb *cb = DN_SKB_CB(skb); |
| 831 | |
| 832 | if (cb->rt_flags & DN_RT_F_RTS) { |
| 833 | if (cb->nsp_flags == 0x18 || cb->nsp_flags == 0x68) |
| 834 | dn_returned_conn_init(sk, skb); |
| 835 | else |
| 836 | kfree_skb(skb); |
| 837 | return NET_RX_SUCCESS; |
| 838 | } |
| 839 | |
| 840 | /* |
| 841 | * Control packet. |
| 842 | */ |
| 843 | if ((cb->nsp_flags & 0x0c) == 0x08) { |
| 844 | switch(cb->nsp_flags & 0x70) { |
| 845 | case 0x10: |
| 846 | case 0x60: |
| 847 | dn_nsp_conn_init(sk, skb); |
| 848 | break; |
| 849 | case 0x20: |
| 850 | dn_nsp_conn_conf(sk, skb); |
| 851 | break; |
| 852 | case 0x30: |
| 853 | dn_nsp_disc_init(sk, skb); |
| 854 | break; |
| 855 | case 0x40: |
| 856 | dn_nsp_disc_conf(sk, skb); |
| 857 | break; |
| 858 | } |
| 859 | |
| 860 | } else if (cb->nsp_flags == 0x24) { |
| 861 | /* |
| 862 | * Special for connacks, 'cos they don't have |
| 863 | * ack data or ack otherdata info. |
| 864 | */ |
| 865 | dn_nsp_conn_ack(sk, skb); |
| 866 | } else { |
| 867 | int other = 1; |
| 868 | |
| 869 | /* both data and ack frames can kick a CC socket into RUN */ |
| 870 | if ((scp->state == DN_CC) && !sock_flag(sk, SOCK_DEAD)) { |
| 871 | scp->state = DN_RUN; |
| 872 | sk->sk_state = TCP_ESTABLISHED; |
| 873 | sk->sk_state_change(sk); |
| 874 | } |
| 875 | |
| 876 | if ((cb->nsp_flags & 0x1c) == 0) |
| 877 | other = 0; |
| 878 | if (cb->nsp_flags == 0x04) |
| 879 | other = 0; |
| 880 | |
| 881 | /* |
| 882 | * Read out ack data here, this applies equally |
| 883 | * to data, other data, link serivce and both |
| 884 | * ack data and ack otherdata. |
| 885 | */ |
| 886 | dn_process_ack(sk, skb, other); |
| 887 | |
| 888 | /* |
| 889 | * If we've some sort of data here then call a |
| 890 | * suitable routine for dealing with it, otherwise |
| 891 | * the packet is an ack and can be discarded. |
| 892 | */ |
| 893 | if ((cb->nsp_flags & 0x0c) == 0) { |
| 894 | |
| 895 | if (scp->state != DN_RUN) |
| 896 | goto free_out; |
| 897 | |
| 898 | switch(cb->nsp_flags) { |
| 899 | case 0x10: /* LS */ |
| 900 | dn_nsp_linkservice(sk, skb); |
| 901 | break; |
| 902 | case 0x30: /* OD */ |
| 903 | dn_nsp_otherdata(sk, skb); |
| 904 | break; |
| 905 | default: |
| 906 | dn_nsp_data(sk, skb); |
| 907 | } |
| 908 | |
| 909 | } else { /* Ack, chuck it out here */ |
| 910 | free_out: |
| 911 | kfree_skb(skb); |
| 912 | } |
| 913 | } |
| 914 | |
| 915 | return NET_RX_SUCCESS; |
| 916 | } |
| 917 | |