blob: 7683d4f754d269dfd642fc92f43cbd1c7bab72dc [file] [log] [blame]
Linus Torvalds1da177e2005-04-16 15:20:36 -07001/*
2 * DECnet An implementation of the DECnet protocol suite for the LINUX
3 * operating system. DECnet is implemented using the BSD Socket
4 * interface as the means of communication with the user level.
5 *
6 * DECnet Network Services Protocol (Input)
7 *
8 * Author: Eduardo Marcelo Serrat <emserrat@geocities.com>
9 *
10 * Changes:
11 *
12 * Steve Whitehouse: Split into dn_nsp_in.c and dn_nsp_out.c from
13 * original dn_nsp.c.
14 * Steve Whitehouse: Updated to work with my new routing architecture.
15 * Steve Whitehouse: Add changes from Eduardo Serrat's patches.
16 * Steve Whitehouse: Put all ack handling code in a common routine.
17 * Steve Whitehouse: Put other common bits into dn_nsp_rx()
18 * Steve Whitehouse: More checks on skb->len to catch bogus packets
19 * Fixed various race conditions and possible nasties.
20 * Steve Whitehouse: Now handles returned conninit frames.
21 * David S. Miller: New socket locking
22 * Steve Whitehouse: Fixed lockup when socket filtering was enabled.
23 * Paul Koning: Fix to push CC sockets into RUN when acks are
24 * received.
25 * Steve Whitehouse:
26 * Patrick Caulfield: Checking conninits for correctness & sending of error
27 * responses.
28 * Steve Whitehouse: Added backlog congestion level return codes.
29 * Patrick Caulfield:
30 * Steve Whitehouse: Added flow control support (outbound)
31 * Steve Whitehouse: Prepare for nonlinear skbs
32 */
33
34/******************************************************************************
35 (c) 1995-1998 E.M. Serrat emserrat@geocities.com
36
37 This program is free software; you can redistribute it and/or modify
38 it under the terms of the GNU General Public License as published by
39 the Free Software Foundation; either version 2 of the License, or
40 any later version.
41
42 This program is distributed in the hope that it will be useful,
43 but WITHOUT ANY WARRANTY; without even the implied warranty of
44 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
45 GNU General Public License for more details.
46*******************************************************************************/
47
Linus Torvalds1da177e2005-04-16 15:20:36 -070048#include <linux/errno.h>
49#include <linux/types.h>
50#include <linux/socket.h>
51#include <linux/in.h>
52#include <linux/kernel.h>
53#include <linux/sched.h>
54#include <linux/timer.h>
55#include <linux/string.h>
56#include <linux/sockios.h>
57#include <linux/net.h>
58#include <linux/netdevice.h>
59#include <linux/inet.h>
60#include <linux/route.h>
61#include <net/sock.h>
Arnaldo Carvalho de Meloc752f072005-08-09 20:08:28 -070062#include <net/tcp_states.h>
Linus Torvalds1da177e2005-04-16 15:20:36 -070063#include <asm/system.h>
64#include <linux/fcntl.h>
65#include <linux/mm.h>
66#include <linux/termios.h>
67#include <linux/interrupt.h>
68#include <linux/proc_fs.h>
69#include <linux/stat.h>
70#include <linux/init.h>
71#include <linux/poll.h>
72#include <linux/netfilter_decnet.h>
73#include <net/neighbour.h>
74#include <net/dst.h>
75#include <net/dn.h>
76#include <net/dn_nsp.h>
77#include <net/dn_dev.h>
78#include <net/dn_route.h>
79
80extern int decnet_log_martians;
81
82static void dn_log_martian(struct sk_buff *skb, const char *msg)
83{
84 if (decnet_log_martians && net_ratelimit()) {
85 char *devname = skb->dev ? skb->dev->name : "???";
86 struct dn_skb_cb *cb = DN_SKB_CB(skb);
Steven Whitehousec4ea94a2006-03-20 22:42:39 -080087 printk(KERN_INFO "DECnet: Martian packet (%s) dev=%s src=0x%04hx dst=0x%04hx srcport=0x%04hx dstport=0x%04hx\n", msg, devname, dn_ntohs(cb->src), dn_ntohs(cb->dst), dn_ntohs(cb->src_port), dn_ntohs(cb->dst_port));
Linus Torvalds1da177e2005-04-16 15:20:36 -070088 }
89}
90
91/*
92 * For this function we've flipped the cross-subchannel bit
93 * if the message is an otherdata or linkservice message. Thus
94 * we can use it to work out what to update.
95 */
96static void dn_ack(struct sock *sk, struct sk_buff *skb, unsigned short ack)
97{
98 struct dn_scp *scp = DN_SK(sk);
99 unsigned short type = ((ack >> 12) & 0x0003);
100 int wakeup = 0;
101
102 switch(type) {
103 case 0: /* ACK - Data */
104 if (dn_after(ack, scp->ackrcv_dat)) {
105 scp->ackrcv_dat = ack & 0x0fff;
106 wakeup |= dn_nsp_check_xmit_queue(sk, skb, &scp->data_xmit_queue, ack);
107 }
108 break;
109 case 1: /* NAK - Data */
110 break;
111 case 2: /* ACK - OtherData */
112 if (dn_after(ack, scp->ackrcv_oth)) {
113 scp->ackrcv_oth = ack & 0x0fff;
114 wakeup |= dn_nsp_check_xmit_queue(sk, skb, &scp->other_xmit_queue, ack);
115 }
116 break;
117 case 3: /* NAK - OtherData */
118 break;
119 }
120
121 if (wakeup && !sock_flag(sk, SOCK_DEAD))
122 sk->sk_state_change(sk);
123}
124
125/*
126 * This function is a universal ack processor.
127 */
128static int dn_process_ack(struct sock *sk, struct sk_buff *skb, int oth)
129{
Steven Whitehousec4ea94a2006-03-20 22:42:39 -0800130 __le16 *ptr = (__le16 *)skb->data;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700131 int len = 0;
132 unsigned short ack;
133
134 if (skb->len < 2)
135 return len;
136
137 if ((ack = dn_ntohs(*ptr)) & 0x8000) {
138 skb_pull(skb, 2);
139 ptr++;
140 len += 2;
141 if ((ack & 0x4000) == 0) {
142 if (oth)
143 ack ^= 0x2000;
144 dn_ack(sk, skb, ack);
145 }
146 }
147
148 if (skb->len < 2)
149 return len;
150
151 if ((ack = dn_ntohs(*ptr)) & 0x8000) {
152 skb_pull(skb, 2);
153 len += 2;
154 if ((ack & 0x4000) == 0) {
155 if (oth)
156 ack ^= 0x2000;
157 dn_ack(sk, skb, ack);
158 }
159 }
160
161 return len;
162}
163
164
165/**
166 * dn_check_idf - Check an image data field format is correct.
167 * @pptr: Pointer to pointer to image data
168 * @len: Pointer to length of image data
169 * @max: The maximum allowed length of the data in the image data field
170 * @follow_on: Check that this many bytes exist beyond the end of the image data
171 *
172 * Returns: 0 if ok, -1 on error
173 */
174static inline int dn_check_idf(unsigned char **pptr, int *len, unsigned char max, unsigned char follow_on)
175{
176 unsigned char *ptr = *pptr;
177 unsigned char flen = *ptr++;
178
179 (*len)--;
180 if (flen > max)
181 return -1;
182 if ((flen + follow_on) > *len)
183 return -1;
184
185 *len -= flen;
186 *pptr = ptr + flen;
187 return 0;
188}
189
190/*
191 * Table of reason codes to pass back to node which sent us a badly
192 * formed message, plus text messages for the log. A zero entry in
193 * the reason field means "don't reply" otherwise a disc init is sent with
194 * the specified reason code.
195 */
196static struct {
197 unsigned short reason;
198 const char *text;
199} ci_err_table[] = {
200 { 0, "CI: Truncated message" },
201 { NSP_REASON_ID, "CI: Destination username error" },
202 { NSP_REASON_ID, "CI: Destination username type" },
203 { NSP_REASON_US, "CI: Source username error" },
204 { 0, "CI: Truncated at menuver" },
205 { 0, "CI: Truncated before access or user data" },
206 { NSP_REASON_IO, "CI: Access data format error" },
207 { NSP_REASON_IO, "CI: User data format error" }
208};
209
210/*
211 * This function uses a slightly different lookup method
212 * to find its sockets, since it searches on object name/number
213 * rather than port numbers. Various tests are done to ensure that
214 * the incoming data is in the correct format before it is queued to
215 * a socket.
216 */
217static struct sock *dn_find_listener(struct sk_buff *skb, unsigned short *reason)
218{
219 struct dn_skb_cb *cb = DN_SKB_CB(skb);
220 struct nsp_conn_init_msg *msg = (struct nsp_conn_init_msg *)skb->data;
221 struct sockaddr_dn dstaddr;
222 struct sockaddr_dn srcaddr;
223 unsigned char type = 0;
224 int dstlen;
225 int srclen;
226 unsigned char *ptr;
227 int len;
228 int err = 0;
229 unsigned char menuver;
230
231 memset(&dstaddr, 0, sizeof(struct sockaddr_dn));
232 memset(&srcaddr, 0, sizeof(struct sockaddr_dn));
233
234 /*
235 * 1. Decode & remove message header
236 */
237 cb->src_port = msg->srcaddr;
238 cb->dst_port = msg->dstaddr;
239 cb->services = msg->services;
240 cb->info = msg->info;
241 cb->segsize = dn_ntohs(msg->segsize);
242
243 if (!pskb_may_pull(skb, sizeof(*msg)))
244 goto err_out;
245
246 skb_pull(skb, sizeof(*msg));
247
248 len = skb->len;
249 ptr = skb->data;
250
251 /*
252 * 2. Check destination end username format
253 */
254 dstlen = dn_username2sockaddr(ptr, len, &dstaddr, &type);
255 err++;
256 if (dstlen < 0)
257 goto err_out;
258
259 err++;
260 if (type > 1)
261 goto err_out;
262
263 len -= dstlen;
264 ptr += dstlen;
265
266 /*
267 * 3. Check source end username format
268 */
269 srclen = dn_username2sockaddr(ptr, len, &srcaddr, &type);
270 err++;
271 if (srclen < 0)
272 goto err_out;
273
274 len -= srclen;
275 ptr += srclen;
276 err++;
277 if (len < 1)
278 goto err_out;
279
280 menuver = *ptr;
281 ptr++;
282 len--;
283
284 /*
285 * 4. Check that optional data actually exists if menuver says it does
286 */
287 err++;
288 if ((menuver & (DN_MENUVER_ACC | DN_MENUVER_USR)) && (len < 1))
289 goto err_out;
290
291 /*
292 * 5. Check optional access data format
293 */
294 err++;
295 if (menuver & DN_MENUVER_ACC) {
296 if (dn_check_idf(&ptr, &len, 39, 1))
297 goto err_out;
298 if (dn_check_idf(&ptr, &len, 39, 1))
299 goto err_out;
300 if (dn_check_idf(&ptr, &len, 39, (menuver & DN_MENUVER_USR) ? 1 : 0))
301 goto err_out;
302 }
303
304 /*
305 * 6. Check optional user data format
306 */
307 err++;
308 if (menuver & DN_MENUVER_USR) {
309 if (dn_check_idf(&ptr, &len, 16, 0))
310 goto err_out;
311 }
312
313 /*
314 * 7. Look up socket based on destination end username
315 */
316 return dn_sklist_find_listener(&dstaddr);
317err_out:
318 dn_log_martian(skb, ci_err_table[err].text);
319 *reason = ci_err_table[err].reason;
320 return NULL;
321}
322
323
324static void dn_nsp_conn_init(struct sock *sk, struct sk_buff *skb)
325{
326 if (sk_acceptq_is_full(sk)) {
327 kfree_skb(skb);
328 return;
329 }
330
331 sk->sk_ack_backlog++;
332 skb_queue_tail(&sk->sk_receive_queue, skb);
333 sk->sk_state_change(sk);
334}
335
336static void dn_nsp_conn_conf(struct sock *sk, struct sk_buff *skb)
337{
338 struct dn_skb_cb *cb = DN_SKB_CB(skb);
339 struct dn_scp *scp = DN_SK(sk);
340 unsigned char *ptr;
341
342 if (skb->len < 4)
343 goto out;
344
345 ptr = skb->data;
346 cb->services = *ptr++;
347 cb->info = *ptr++;
Steven Whitehousec4ea94a2006-03-20 22:42:39 -0800348 cb->segsize = dn_ntohs(*(__le16 *)ptr);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700349
350 if ((scp->state == DN_CI) || (scp->state == DN_CD)) {
351 scp->persist = 0;
352 scp->addrrem = cb->src_port;
353 sk->sk_state = TCP_ESTABLISHED;
354 scp->state = DN_RUN;
355 scp->services_rem = cb->services;
356 scp->info_rem = cb->info;
357 scp->segsize_rem = cb->segsize;
358
359 if ((scp->services_rem & NSP_FC_MASK) == NSP_FC_NONE)
360 scp->max_window = decnet_no_fc_max_cwnd;
361
362 if (skb->len > 0) {
Steven Whitehouse375d9d72006-11-07 15:09:17 -0800363 u16 dlen = *skb->data;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700364 if ((dlen <= 16) && (dlen <= skb->len)) {
Steven Whitehouse375d9d72006-11-07 15:09:17 -0800365 scp->conndata_in.opt_optl = dn_htons(dlen);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700366 memcpy(scp->conndata_in.opt_data, skb->data + 1, dlen);
367 }
368 }
369 dn_nsp_send_link(sk, DN_NOCHANGE, 0);
370 if (!sock_flag(sk, SOCK_DEAD))
371 sk->sk_state_change(sk);
372 }
373
374out:
375 kfree_skb(skb);
376}
377
378static void dn_nsp_conn_ack(struct sock *sk, struct sk_buff *skb)
379{
380 struct dn_scp *scp = DN_SK(sk);
381
382 if (scp->state == DN_CI) {
383 scp->state = DN_CD;
384 scp->persist = 0;
385 }
386
387 kfree_skb(skb);
388}
389
390static void dn_nsp_disc_init(struct sock *sk, struct sk_buff *skb)
391{
392 struct dn_scp *scp = DN_SK(sk);
393 struct dn_skb_cb *cb = DN_SKB_CB(skb);
394 unsigned short reason;
395
396 if (skb->len < 2)
397 goto out;
398
Steven Whitehousec4ea94a2006-03-20 22:42:39 -0800399 reason = dn_ntohs(*(__le16 *)skb->data);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700400 skb_pull(skb, 2);
401
Steven Whitehousec4ea94a2006-03-20 22:42:39 -0800402 scp->discdata_in.opt_status = dn_htons(reason);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700403 scp->discdata_in.opt_optl = 0;
404 memset(scp->discdata_in.opt_data, 0, 16);
405
406 if (skb->len > 0) {
Steven Whitehouse375d9d72006-11-07 15:09:17 -0800407 u16 dlen = *skb->data;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700408 if ((dlen <= 16) && (dlen <= skb->len)) {
Steven Whitehouse375d9d72006-11-07 15:09:17 -0800409 scp->discdata_in.opt_optl = dn_htons(dlen);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700410 memcpy(scp->discdata_in.opt_data, skb->data + 1, dlen);
411 }
412 }
413
414 scp->addrrem = cb->src_port;
415 sk->sk_state = TCP_CLOSE;
416
417 switch(scp->state) {
418 case DN_CI:
419 case DN_CD:
420 scp->state = DN_RJ;
421 sk->sk_err = ECONNREFUSED;
422 break;
423 case DN_RUN:
424 sk->sk_shutdown |= SHUTDOWN_MASK;
425 scp->state = DN_DN;
426 break;
427 case DN_DI:
428 scp->state = DN_DIC;
429 break;
430 }
431
432 if (!sock_flag(sk, SOCK_DEAD)) {
433 if (sk->sk_socket->state != SS_UNCONNECTED)
434 sk->sk_socket->state = SS_DISCONNECTING;
435 sk->sk_state_change(sk);
436 }
437
438 /*
439 * It appears that its possible for remote machines to send disc
440 * init messages with no port identifier if we are in the CI and
441 * possibly also the CD state. Obviously we shouldn't reply with
442 * a message if we don't know what the end point is.
443 */
444 if (scp->addrrem) {
445 dn_nsp_send_disc(sk, NSP_DISCCONF, NSP_REASON_DC, GFP_ATOMIC);
446 }
447 scp->persist_fxn = dn_destroy_timer;
448 scp->persist = dn_nsp_persist(sk);
449
450out:
451 kfree_skb(skb);
452}
453
454/*
455 * disc_conf messages are also called no_resources or no_link
456 * messages depending upon the "reason" field.
457 */
458static void dn_nsp_disc_conf(struct sock *sk, struct sk_buff *skb)
459{
460 struct dn_scp *scp = DN_SK(sk);
461 unsigned short reason;
462
463 if (skb->len != 2)
464 goto out;
465
Steven Whitehousec4ea94a2006-03-20 22:42:39 -0800466 reason = dn_ntohs(*(__le16 *)skb->data);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700467
468 sk->sk_state = TCP_CLOSE;
469
470 switch(scp->state) {
471 case DN_CI:
472 scp->state = DN_NR;
473 break;
474 case DN_DR:
475 if (reason == NSP_REASON_DC)
476 scp->state = DN_DRC;
477 if (reason == NSP_REASON_NL)
478 scp->state = DN_CN;
479 break;
480 case DN_DI:
481 scp->state = DN_DIC;
482 break;
483 case DN_RUN:
484 sk->sk_shutdown |= SHUTDOWN_MASK;
485 case DN_CC:
486 scp->state = DN_CN;
487 }
488
489 if (!sock_flag(sk, SOCK_DEAD)) {
490 if (sk->sk_socket->state != SS_UNCONNECTED)
491 sk->sk_socket->state = SS_DISCONNECTING;
492 sk->sk_state_change(sk);
493 }
494
495 scp->persist_fxn = dn_destroy_timer;
496 scp->persist = dn_nsp_persist(sk);
497
498out:
499 kfree_skb(skb);
500}
501
502static void dn_nsp_linkservice(struct sock *sk, struct sk_buff *skb)
503{
504 struct dn_scp *scp = DN_SK(sk);
505 unsigned short segnum;
506 unsigned char lsflags;
507 signed char fcval;
508 int wake_up = 0;
509 char *ptr = skb->data;
510 unsigned char fctype = scp->services_rem & NSP_FC_MASK;
511
512 if (skb->len != 4)
513 goto out;
514
Steven Whitehousec4ea94a2006-03-20 22:42:39 -0800515 segnum = dn_ntohs(*(__le16 *)ptr);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700516 ptr += 2;
517 lsflags = *(unsigned char *)ptr++;
518 fcval = *ptr;
519
520 /*
521 * Here we ignore erronous packets which should really
522 * should cause a connection abort. It is not critical
523 * for now though.
524 */
525 if (lsflags & 0xf8)
526 goto out;
527
528 if (seq_next(scp->numoth_rcv, segnum)) {
529 seq_add(&scp->numoth_rcv, 1);
530 switch(lsflags & 0x04) { /* FCVAL INT */
531 case 0x00: /* Normal Request */
532 switch(lsflags & 0x03) { /* FCVAL MOD */
533 case 0x00: /* Request count */
534 if (fcval < 0) {
535 unsigned char p_fcval = -fcval;
536 if ((scp->flowrem_dat > p_fcval) &&
537 (fctype == NSP_FC_SCMC)) {
538 scp->flowrem_dat -= p_fcval;
539 }
540 } else if (fcval > 0) {
541 scp->flowrem_dat += fcval;
542 wake_up = 1;
543 }
544 break;
545 case 0x01: /* Stop outgoing data */
546 scp->flowrem_sw = DN_DONTSEND;
547 break;
548 case 0x02: /* Ok to start again */
549 scp->flowrem_sw = DN_SEND;
550 dn_nsp_output(sk);
551 wake_up = 1;
552 }
553 break;
554 case 0x04: /* Interrupt Request */
555 if (fcval > 0) {
556 scp->flowrem_oth += fcval;
557 wake_up = 1;
558 }
559 break;
560 }
561 if (wake_up && !sock_flag(sk, SOCK_DEAD))
562 sk->sk_state_change(sk);
563 }
564
565 dn_nsp_send_oth_ack(sk);
566
567out:
568 kfree_skb(skb);
569}
570
571/*
572 * Copy of sock_queue_rcv_skb (from sock.h) without
573 * bh_lock_sock() (its already held when this is called) which
574 * also allows data and other data to be queued to a socket.
575 */
576static __inline__ int dn_queue_skb(struct sock *sk, struct sk_buff *skb, int sig, struct sk_buff_head *queue)
577{
578 int err;
579
580 /* Cast skb->rcvbuf to unsigned... It's pointless, but reduces
581 number of warnings when compiling with -W --ANK
582 */
583 if (atomic_read(&sk->sk_rmem_alloc) + skb->truesize >=
584 (unsigned)sk->sk_rcvbuf) {
585 err = -ENOMEM;
586 goto out;
587 }
588
Dmitry Mishinfda9ef52006-08-31 15:28:39 -0700589 err = sk_filter(sk, skb);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700590 if (err)
591 goto out;
592
593 skb_set_owner_r(skb, sk);
594 skb_queue_tail(queue, skb);
595
596 /* This code only runs from BH or BH protected context.
597 * Therefore the plain read_lock is ok here. -DaveM
598 */
599 read_lock(&sk->sk_callback_lock);
600 if (!sock_flag(sk, SOCK_DEAD)) {
601 struct socket *sock = sk->sk_socket;
602 wake_up_interruptible(sk->sk_sleep);
603 if (sock && sock->fasync_list &&
604 !test_bit(SOCK_ASYNC_WAITDATA, &sock->flags))
605 __kill_fasync(sock->fasync_list, sig,
606 (sig == SIGURG) ? POLL_PRI : POLL_IN);
607 }
608 read_unlock(&sk->sk_callback_lock);
609out:
610 return err;
611}
612
613static void dn_nsp_otherdata(struct sock *sk, struct sk_buff *skb)
614{
615 struct dn_scp *scp = DN_SK(sk);
616 unsigned short segnum;
617 struct dn_skb_cb *cb = DN_SKB_CB(skb);
618 int queued = 0;
619
620 if (skb->len < 2)
621 goto out;
622
Steven Whitehousec4ea94a2006-03-20 22:42:39 -0800623 cb->segnum = segnum = dn_ntohs(*(__le16 *)skb->data);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700624 skb_pull(skb, 2);
625
626 if (seq_next(scp->numoth_rcv, segnum)) {
627
628 if (dn_queue_skb(sk, skb, SIGURG, &scp->other_receive_queue) == 0) {
629 seq_add(&scp->numoth_rcv, 1);
630 scp->other_report = 0;
631 queued = 1;
632 }
633 }
634
635 dn_nsp_send_oth_ack(sk);
636out:
637 if (!queued)
638 kfree_skb(skb);
639}
640
641static void dn_nsp_data(struct sock *sk, struct sk_buff *skb)
642{
643 int queued = 0;
644 unsigned short segnum;
645 struct dn_skb_cb *cb = DN_SKB_CB(skb);
646 struct dn_scp *scp = DN_SK(sk);
647
648 if (skb->len < 2)
649 goto out;
650
Steven Whitehousec4ea94a2006-03-20 22:42:39 -0800651 cb->segnum = segnum = dn_ntohs(*(__le16 *)skb->data);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700652 skb_pull(skb, 2);
653
654 if (seq_next(scp->numdat_rcv, segnum)) {
655 if (dn_queue_skb(sk, skb, SIGIO, &sk->sk_receive_queue) == 0) {
656 seq_add(&scp->numdat_rcv, 1);
657 queued = 1;
658 }
659
660 if ((scp->flowloc_sw == DN_SEND) && dn_congested(sk)) {
661 scp->flowloc_sw = DN_DONTSEND;
662 dn_nsp_send_link(sk, DN_DONTSEND, 0);
663 }
664 }
665
666 dn_nsp_send_data_ack(sk);
667out:
668 if (!queued)
669 kfree_skb(skb);
670}
671
672/*
673 * If one of our conninit messages is returned, this function
674 * deals with it. It puts the socket into the NO_COMMUNICATION
675 * state.
676 */
677static void dn_returned_conn_init(struct sock *sk, struct sk_buff *skb)
678{
679 struct dn_scp *scp = DN_SK(sk);
680
681 if (scp->state == DN_CI) {
682 scp->state = DN_NC;
683 sk->sk_state = TCP_CLOSE;
684 if (!sock_flag(sk, SOCK_DEAD))
685 sk->sk_state_change(sk);
686 }
687
688 kfree_skb(skb);
689}
690
691static int dn_nsp_no_socket(struct sk_buff *skb, unsigned short reason)
692{
693 struct dn_skb_cb *cb = DN_SKB_CB(skb);
694 int ret = NET_RX_DROP;
695
696 /* Must not reply to returned packets */
697 if (cb->rt_flags & DN_RT_F_RTS)
698 goto out;
699
700 if ((reason != NSP_REASON_OK) && ((cb->nsp_flags & 0x0c) == 0x08)) {
701 switch(cb->nsp_flags & 0x70) {
702 case 0x10:
703 case 0x60: /* (Retransmitted) Connect Init */
704 dn_nsp_return_disc(skb, NSP_DISCINIT, reason);
705 ret = NET_RX_SUCCESS;
706 break;
707 case 0x20: /* Connect Confirm */
708 dn_nsp_return_disc(skb, NSP_DISCCONF, reason);
709 ret = NET_RX_SUCCESS;
710 break;
711 }
712 }
713
714out:
715 kfree_skb(skb);
716 return ret;
717}
718
719static int dn_nsp_rx_packet(struct sk_buff *skb)
720{
721 struct dn_skb_cb *cb = DN_SKB_CB(skb);
722 struct sock *sk = NULL;
723 unsigned char *ptr = (unsigned char *)skb->data;
724 unsigned short reason = NSP_REASON_NL;
725
726 if (!pskb_may_pull(skb, 2))
727 goto free_out;
728
729 skb->h.raw = skb->data;
730 cb->nsp_flags = *ptr++;
731
732 if (decnet_debug_level & 2)
733 printk(KERN_DEBUG "dn_nsp_rx: Message type 0x%02x\n", (int)cb->nsp_flags);
734
735 if (cb->nsp_flags & 0x83)
736 goto free_out;
737
738 /*
739 * Filter out conninits and useless packet types
740 */
741 if ((cb->nsp_flags & 0x0c) == 0x08) {
742 switch(cb->nsp_flags & 0x70) {
743 case 0x00: /* NOP */
744 case 0x70: /* Reserved */
745 case 0x50: /* Reserved, Phase II node init */
746 goto free_out;
747 case 0x10:
748 case 0x60:
749 if (unlikely(cb->rt_flags & DN_RT_F_RTS))
750 goto free_out;
751 sk = dn_find_listener(skb, &reason);
752 goto got_it;
753 }
754 }
755
756 if (!pskb_may_pull(skb, 3))
757 goto free_out;
758
759 /*
760 * Grab the destination address.
761 */
Steven Whitehousec4ea94a2006-03-20 22:42:39 -0800762 cb->dst_port = *(__le16 *)ptr;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700763 cb->src_port = 0;
764 ptr += 2;
765
766 /*
767 * If not a connack, grab the source address too.
768 */
769 if (pskb_may_pull(skb, 5)) {
Steven Whitehousec4ea94a2006-03-20 22:42:39 -0800770 cb->src_port = *(__le16 *)ptr;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700771 ptr += 2;
772 skb_pull(skb, 5);
773 }
774
775 /*
776 * Returned packets...
777 * Swap src & dst and look up in the normal way.
778 */
779 if (unlikely(cb->rt_flags & DN_RT_F_RTS)) {
Steven Whitehousec4ea94a2006-03-20 22:42:39 -0800780 __le16 tmp = cb->dst_port;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700781 cb->dst_port = cb->src_port;
782 cb->src_port = tmp;
783 tmp = cb->dst;
784 cb->dst = cb->src;
785 cb->src = tmp;
786 }
787
788 /*
789 * Find the socket to which this skb is destined.
790 */
791 sk = dn_find_by_skb(skb);
792got_it:
793 if (sk != NULL) {
794 struct dn_scp *scp = DN_SK(sk);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700795
796 /* Reset backoff */
797 scp->nsp_rxtshift = 0;
798
799 /*
800 * We linearize everything except data segments here.
801 */
802 if (cb->nsp_flags & ~0x60) {
Herbert Xu364c6ba2006-06-09 16:10:40 -0700803 if (unlikely(skb_linearize(skb)))
Linus Torvalds1da177e2005-04-16 15:20:36 -0700804 goto free_out;
805 }
806
Arnaldo Carvalho de Melo25995ff2005-12-27 02:42:22 -0200807 return sk_receive_skb(sk, skb);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700808 }
809
810 return dn_nsp_no_socket(skb, reason);
811
812free_out:
813 kfree_skb(skb);
814 return NET_RX_DROP;
815}
816
817int dn_nsp_rx(struct sk_buff *skb)
818{
819 return NF_HOOK(PF_DECnet, NF_DN_LOCAL_IN, skb, skb->dev, NULL, dn_nsp_rx_packet);
820}
821
822/*
823 * This is the main receive routine for sockets. It is called
824 * from the above when the socket is not busy, and also from
825 * sock_release() when there is a backlog queued up.
826 */
827int dn_nsp_backlog_rcv(struct sock *sk, struct sk_buff *skb)
828{
829 struct dn_scp *scp = DN_SK(sk);
830 struct dn_skb_cb *cb = DN_SKB_CB(skb);
831
832 if (cb->rt_flags & DN_RT_F_RTS) {
833 if (cb->nsp_flags == 0x18 || cb->nsp_flags == 0x68)
834 dn_returned_conn_init(sk, skb);
835 else
836 kfree_skb(skb);
837 return NET_RX_SUCCESS;
838 }
839
840 /*
841 * Control packet.
842 */
843 if ((cb->nsp_flags & 0x0c) == 0x08) {
844 switch(cb->nsp_flags & 0x70) {
845 case 0x10:
846 case 0x60:
847 dn_nsp_conn_init(sk, skb);
848 break;
849 case 0x20:
850 dn_nsp_conn_conf(sk, skb);
851 break;
852 case 0x30:
853 dn_nsp_disc_init(sk, skb);
854 break;
855 case 0x40:
856 dn_nsp_disc_conf(sk, skb);
857 break;
858 }
859
860 } else if (cb->nsp_flags == 0x24) {
861 /*
862 * Special for connacks, 'cos they don't have
863 * ack data or ack otherdata info.
864 */
865 dn_nsp_conn_ack(sk, skb);
866 } else {
867 int other = 1;
868
869 /* both data and ack frames can kick a CC socket into RUN */
870 if ((scp->state == DN_CC) && !sock_flag(sk, SOCK_DEAD)) {
871 scp->state = DN_RUN;
872 sk->sk_state = TCP_ESTABLISHED;
873 sk->sk_state_change(sk);
874 }
875
876 if ((cb->nsp_flags & 0x1c) == 0)
877 other = 0;
878 if (cb->nsp_flags == 0x04)
879 other = 0;
880
881 /*
882 * Read out ack data here, this applies equally
883 * to data, other data, link serivce and both
884 * ack data and ack otherdata.
885 */
886 dn_process_ack(sk, skb, other);
887
888 /*
889 * If we've some sort of data here then call a
890 * suitable routine for dealing with it, otherwise
891 * the packet is an ack and can be discarded.
892 */
893 if ((cb->nsp_flags & 0x0c) == 0) {
894
895 if (scp->state != DN_RUN)
896 goto free_out;
897
898 switch(cb->nsp_flags) {
899 case 0x10: /* LS */
900 dn_nsp_linkservice(sk, skb);
901 break;
902 case 0x30: /* OD */
903 dn_nsp_otherdata(sk, skb);
904 break;
905 default:
906 dn_nsp_data(sk, skb);
907 }
908
909 } else { /* Ack, chuck it out here */
910free_out:
911 kfree_skb(skb);
912 }
913 }
914
915 return NET_RX_SUCCESS;
916}
917