1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * X.25 Packet Layer release 002
4 *
5 * This is ALPHA test software. This code may break your machine,
6 * randomly fail to work with new releases, misbehave and/or generally
7 * screw up. It might even work.
8 *
9 * This code REQUIRES 2.1.15 or higher
10 *
11 * History
12 * X.25 001 Jonathan Naylor Started coding.
13 * X.25 002 Jonathan Naylor Centralised disconnection processing.
14 * mar/20/00 Daniela Squassoni Disabling/enabling of facilities
15 * negotiation.
16 * jun/24/01 Arnaldo C. Melo use skb_queue_purge, cleanups
17 * apr/04/15 Shaun Pereira Fast select with no
18 * restriction on response.
19 */
20
21 #define pr_fmt(fmt) "X25: " fmt
22
23 #include <linux/slab.h>
24 #include <linux/kernel.h>
25 #include <linux/string.h>
26 #include <linux/skbuff.h>
27 #include <net/sock.h>
28 #include <net/tcp_states.h>
29 #include <net/x25.h>
30
31 /*
32 * This routine purges all of the queues of frames.
33 */
x25_clear_queues(struct sock * sk)34 void x25_clear_queues(struct sock *sk)
35 {
36 struct x25_sock *x25 = x25_sk(sk);
37
38 skb_queue_purge(&sk->sk_write_queue);
39 skb_queue_purge(&x25->ack_queue);
40 skb_queue_purge(&x25->interrupt_in_queue);
41 skb_queue_purge(&x25->interrupt_out_queue);
42 skb_queue_purge(&x25->fragment_queue);
43 x25->fraglen = 0;
44 }
45
46
47 /*
48 * This routine purges the input queue of those frames that have been
49 * acknowledged. This replaces the boxes labelled "V(a) <- N(r)" on the
50 * SDL diagram.
51 */
x25_frames_acked(struct sock * sk,unsigned short nr)52 void x25_frames_acked(struct sock *sk, unsigned short nr)
53 {
54 struct sk_buff *skb;
55 struct x25_sock *x25 = x25_sk(sk);
56 int modulus = x25->neighbour->extended ? X25_EMODULUS : X25_SMODULUS;
57
58 /*
59 * Remove all the ack-ed frames from the ack queue.
60 */
61 if (x25->va != nr)
62 while (skb_peek(&x25->ack_queue) && x25->va != nr) {
63 skb = skb_dequeue(&x25->ack_queue);
64 kfree_skb(skb);
65 x25->va = (x25->va + 1) % modulus;
66 }
67 }
68
x25_requeue_frames(struct sock * sk)69 void x25_requeue_frames(struct sock *sk)
70 {
71 struct sk_buff *skb, *skb_prev = NULL;
72
73 /*
74 * Requeue all the un-ack-ed frames on the output queue to be picked
75 * up by x25_kick. This arrangement handles the possibility of an empty
76 * output queue.
77 */
78 while ((skb = skb_dequeue(&x25_sk(sk)->ack_queue)) != NULL) {
79 if (!skb_prev)
80 skb_queue_head(&sk->sk_write_queue, skb);
81 else
82 skb_append(skb_prev, skb, &sk->sk_write_queue);
83 skb_prev = skb;
84 }
85 }
86
87 /*
88 * Validate that the value of nr is between va and vs. Return true or
89 * false for testing.
90 */
x25_validate_nr(struct sock * sk,unsigned short nr)91 int x25_validate_nr(struct sock *sk, unsigned short nr)
92 {
93 struct x25_sock *x25 = x25_sk(sk);
94 unsigned short vc = x25->va;
95 int modulus = x25->neighbour->extended ? X25_EMODULUS : X25_SMODULUS;
96
97 while (vc != x25->vs) {
98 if (nr == vc)
99 return 1;
100 vc = (vc + 1) % modulus;
101 }
102
103 return nr == x25->vs ? 1 : 0;
104 }
105
106 /*
107 * This routine is called when the packet layer internally generates a
108 * control frame.
109 */
x25_write_internal(struct sock * sk,int frametype)110 void x25_write_internal(struct sock *sk, int frametype)
111 {
112 struct x25_sock *x25 = x25_sk(sk);
113 struct sk_buff *skb;
114 unsigned char *dptr;
115 unsigned char facilities[X25_MAX_FAC_LEN];
116 unsigned char addresses[1 + X25_ADDR_LEN];
117 unsigned char lci1, lci2;
118 /*
119 * Default safe frame size.
120 */
121 int len = X25_MAX_L2_LEN + X25_EXT_MIN_LEN;
122
123 /*
124 * Adjust frame size.
125 */
126 switch (frametype) {
127 case X25_CALL_REQUEST:
128 len += 1 + X25_ADDR_LEN + X25_MAX_FAC_LEN + X25_MAX_CUD_LEN;
129 break;
130 case X25_CALL_ACCEPTED: /* fast sel with no restr on resp */
131 if (x25->facilities.reverse & 0x80) {
132 len += 1 + X25_MAX_FAC_LEN + X25_MAX_CUD_LEN;
133 } else {
134 len += 1 + X25_MAX_FAC_LEN;
135 }
136 break;
137 case X25_CLEAR_REQUEST:
138 case X25_RESET_REQUEST:
139 len += 2;
140 break;
141 case X25_RR:
142 case X25_RNR:
143 case X25_REJ:
144 case X25_CLEAR_CONFIRMATION:
145 case X25_INTERRUPT_CONFIRMATION:
146 case X25_RESET_CONFIRMATION:
147 break;
148 default:
149 pr_err("invalid frame type %02X\n", frametype);
150 return;
151 }
152
153 if ((skb = alloc_skb(len, GFP_ATOMIC)) == NULL)
154 return;
155
156 /*
157 * Space for Ethernet and 802.2 LLC headers.
158 */
159 skb_reserve(skb, X25_MAX_L2_LEN);
160
161 /*
162 * Make space for the GFI and LCI, and fill them in.
163 */
164 dptr = skb_put(skb, 2);
165
166 lci1 = (x25->lci >> 8) & 0x0F;
167 lci2 = (x25->lci >> 0) & 0xFF;
168
169 if (x25->neighbour->extended) {
170 *dptr++ = lci1 | X25_GFI_EXTSEQ;
171 *dptr++ = lci2;
172 } else {
173 *dptr++ = lci1 | X25_GFI_STDSEQ;
174 *dptr++ = lci2;
175 }
176
177 /*
178 * Now fill in the frame type specific information.
179 */
180 switch (frametype) {
181
182 case X25_CALL_REQUEST:
183 dptr = skb_put(skb, 1);
184 *dptr++ = X25_CALL_REQUEST;
185 len = x25_addr_aton(addresses, &x25->dest_addr,
186 &x25->source_addr);
187 skb_put_data(skb, addresses, len);
188 len = x25_create_facilities(facilities,
189 &x25->facilities,
190 &x25->dte_facilities,
191 x25->neighbour->global_facil_mask);
192 skb_put_data(skb, facilities, len);
193 skb_put_data(skb, x25->calluserdata.cuddata,
194 x25->calluserdata.cudlength);
195 x25->calluserdata.cudlength = 0;
196 break;
197
198 case X25_CALL_ACCEPTED:
199 dptr = skb_put(skb, 2);
200 *dptr++ = X25_CALL_ACCEPTED;
201 *dptr++ = 0x00; /* Address lengths */
202 len = x25_create_facilities(facilities,
203 &x25->facilities,
204 &x25->dte_facilities,
205 x25->vc_facil_mask);
206 skb_put_data(skb, facilities, len);
207
208 /* fast select with no restriction on response
209 allows call user data. Userland must
210 ensure it is ours and not theirs */
211 if(x25->facilities.reverse & 0x80) {
212 skb_put_data(skb,
213 x25->calluserdata.cuddata,
214 x25->calluserdata.cudlength);
215 }
216 x25->calluserdata.cudlength = 0;
217 break;
218
219 case X25_CLEAR_REQUEST:
220 dptr = skb_put(skb, 3);
221 *dptr++ = frametype;
222 *dptr++ = x25->causediag.cause;
223 *dptr++ = x25->causediag.diagnostic;
224 break;
225
226 case X25_RESET_REQUEST:
227 dptr = skb_put(skb, 3);
228 *dptr++ = frametype;
229 *dptr++ = 0x00; /* XXX */
230 *dptr++ = 0x00; /* XXX */
231 break;
232
233 case X25_RR:
234 case X25_RNR:
235 case X25_REJ:
236 if (x25->neighbour->extended) {
237 dptr = skb_put(skb, 2);
238 *dptr++ = frametype;
239 *dptr++ = (x25->vr << 1) & 0xFE;
240 } else {
241 dptr = skb_put(skb, 1);
242 *dptr = frametype;
243 *dptr++ |= (x25->vr << 5) & 0xE0;
244 }
245 break;
246
247 case X25_CLEAR_CONFIRMATION:
248 case X25_INTERRUPT_CONFIRMATION:
249 case X25_RESET_CONFIRMATION:
250 dptr = skb_put(skb, 1);
251 *dptr = frametype;
252 break;
253 }
254
255 x25_transmit_link(skb, x25->neighbour);
256 }
257
258 /*
259 * Unpick the contents of the passed X.25 Packet Layer frame.
260 */
x25_decode(struct sock * sk,struct sk_buff * skb,int * ns,int * nr,int * q,int * d,int * m)261 int x25_decode(struct sock *sk, struct sk_buff *skb, int *ns, int *nr, int *q,
262 int *d, int *m)
263 {
264 struct x25_sock *x25 = x25_sk(sk);
265 unsigned char *frame;
266
267 if (!pskb_may_pull(skb, X25_STD_MIN_LEN))
268 return X25_ILLEGAL;
269 frame = skb->data;
270
271 *ns = *nr = *q = *d = *m = 0;
272
273 switch (frame[2]) {
274 case X25_CALL_REQUEST:
275 case X25_CALL_ACCEPTED:
276 case X25_CLEAR_REQUEST:
277 case X25_CLEAR_CONFIRMATION:
278 case X25_INTERRUPT:
279 case X25_INTERRUPT_CONFIRMATION:
280 case X25_RESET_REQUEST:
281 case X25_RESET_CONFIRMATION:
282 case X25_RESTART_REQUEST:
283 case X25_RESTART_CONFIRMATION:
284 case X25_REGISTRATION_REQUEST:
285 case X25_REGISTRATION_CONFIRMATION:
286 case X25_DIAGNOSTIC:
287 return frame[2];
288 }
289
290 if (x25->neighbour->extended) {
291 if (frame[2] == X25_RR ||
292 frame[2] == X25_RNR ||
293 frame[2] == X25_REJ) {
294 if (!pskb_may_pull(skb, X25_EXT_MIN_LEN))
295 return X25_ILLEGAL;
296 frame = skb->data;
297
298 *nr = (frame[3] >> 1) & 0x7F;
299 return frame[2];
300 }
301 } else {
302 if ((frame[2] & 0x1F) == X25_RR ||
303 (frame[2] & 0x1F) == X25_RNR ||
304 (frame[2] & 0x1F) == X25_REJ) {
305 *nr = (frame[2] >> 5) & 0x07;
306 return frame[2] & 0x1F;
307 }
308 }
309
310 if (x25->neighbour->extended) {
311 if ((frame[2] & 0x01) == X25_DATA) {
312 if (!pskb_may_pull(skb, X25_EXT_MIN_LEN))
313 return X25_ILLEGAL;
314 frame = skb->data;
315
316 *q = (frame[0] & X25_Q_BIT) == X25_Q_BIT;
317 *d = (frame[0] & X25_D_BIT) == X25_D_BIT;
318 *m = (frame[3] & X25_EXT_M_BIT) == X25_EXT_M_BIT;
319 *nr = (frame[3] >> 1) & 0x7F;
320 *ns = (frame[2] >> 1) & 0x7F;
321 return X25_DATA;
322 }
323 } else {
324 if ((frame[2] & 0x01) == X25_DATA) {
325 *q = (frame[0] & X25_Q_BIT) == X25_Q_BIT;
326 *d = (frame[0] & X25_D_BIT) == X25_D_BIT;
327 *m = (frame[2] & X25_STD_M_BIT) == X25_STD_M_BIT;
328 *nr = (frame[2] >> 5) & 0x07;
329 *ns = (frame[2] >> 1) & 0x07;
330 return X25_DATA;
331 }
332 }
333
334 pr_debug("invalid PLP frame %3ph\n", frame);
335
336 return X25_ILLEGAL;
337 }
338
x25_disconnect(struct sock * sk,int reason,unsigned char cause,unsigned char diagnostic)339 void x25_disconnect(struct sock *sk, int reason, unsigned char cause,
340 unsigned char diagnostic)
341 {
342 struct x25_sock *x25 = x25_sk(sk);
343
344 x25_clear_queues(sk);
345 x25_stop_timer(sk);
346
347 x25->lci = 0;
348 x25->state = X25_STATE_0;
349
350 x25->causediag.cause = cause;
351 x25->causediag.diagnostic = diagnostic;
352
353 sk->sk_state = TCP_CLOSE;
354 sk->sk_err = reason;
355 sk->sk_shutdown |= SEND_SHUTDOWN;
356
357 if (!sock_flag(sk, SOCK_DEAD)) {
358 sk->sk_state_change(sk);
359 sock_set_flag(sk, SOCK_DEAD);
360 }
361 if (x25->neighbour) {
362 read_lock_bh(&x25_list_lock);
363 x25_neigh_put(x25->neighbour);
364 x25->neighbour = NULL;
365 read_unlock_bh(&x25_list_lock);
366 }
367 }
368
369 /*
370 * Clear an own-rx-busy condition and tell the peer about this, provided
371 * that there is a significant amount of free receive buffer space available.
372 */
x25_check_rbuf(struct sock * sk)373 void x25_check_rbuf(struct sock *sk)
374 {
375 struct x25_sock *x25 = x25_sk(sk);
376
377 if (atomic_read(&sk->sk_rmem_alloc) < (sk->sk_rcvbuf >> 1) &&
378 (x25->condition & X25_COND_OWN_RX_BUSY)) {
379 x25->condition &= ~X25_COND_OWN_RX_BUSY;
380 x25->condition &= ~X25_COND_ACK_PENDING;
381 x25->vl = x25->vr;
382 x25_write_internal(sk, X25_RR);
383 x25_stop_timer(sk);
384 }
385 }
386