1 /*
2 * DECnet An implementation of the DECnet protocol suite for the LINUX
3 * operating system. DECnet is implemented using the BSD Socket
4 * interface as the means of communication with the user level.
5 *
6 * DECnet Network Services Protocol (Input)
7 *
8 * Author: Eduardo Marcelo Serrat <emserrat@geocities.com>
9 *
10 * Changes:
11 *
12 * Steve Whitehouse: Split into dn_nsp_in.c and dn_nsp_out.c from
13 * original dn_nsp.c.
14 * Steve Whitehouse: Updated to work with my new routing architecture.
15 * Steve Whitehouse: Add changes from Eduardo Serrat's patches.
16 * Steve Whitehouse: Put all ack handling code in a common routine.
17 * Steve Whitehouse: Put other common bits into dn_nsp_rx()
18 * Steve Whitehouse: More checks on skb->len to catch bogus packets
19 * Fixed various race conditions and possible nasties.
20 * Steve Whitehouse: Now handles returned conninit frames.
21 * David S. Miller: New socket locking
22 * Steve Whitehouse: Fixed lockup when socket filtering was enabled.
23 * Paul Koning: Fix to push CC sockets into RUN when acks are
24 * received.
25 * Steve Whitehouse:
26 * Patrick Caulfield: Checking conninits for correctness & sending of error
27 * responses.
28 * Steve Whitehouse: Added backlog congestion level return codes.
29 * Patrick Caulfield:
30 * Steve Whitehouse: Added flow control support (outbound)
31 * Steve Whitehouse: Prepare for nonlinear skbs
32 */
33
34 /******************************************************************************
35 (c) 1995-1998 E.M. Serrat emserrat@geocities.com
36
37 This program is free software; you can redistribute it and/or modify
38 it under the terms of the GNU General Public License as published by
39 the Free Software Foundation; either version 2 of the License, or
40 any later version.
41
42 This program is distributed in the hope that it will be useful,
43 but WITHOUT ANY WARRANTY; without even the implied warranty of
44 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
45 GNU General Public License for more details.
46 *******************************************************************************/
47
48 #include <linux/errno.h>
49 #include <linux/types.h>
50 #include <linux/socket.h>
51 #include <linux/in.h>
52 #include <linux/kernel.h>
53 #include <linux/timer.h>
54 #include <linux/string.h>
55 #include <linux/sockios.h>
56 #include <linux/net.h>
57 #include <linux/netdevice.h>
58 #include <linux/inet.h>
59 #include <linux/route.h>
60 #include <linux/slab.h>
61 #include <net/sock.h>
62 #include <net/tcp_states.h>
63 #include <asm/system.h>
64 #include <linux/fcntl.h>
65 #include <linux/mm.h>
66 #include <linux/termios.h>
67 #include <linux/interrupt.h>
68 #include <linux/proc_fs.h>
69 #include <linux/stat.h>
70 #include <linux/init.h>
71 #include <linux/poll.h>
72 #include <linux/netfilter_decnet.h>
73 #include <net/neighbour.h>
74 #include <net/dst.h>
75 #include <net/dn.h>
76 #include <net/dn_nsp.h>
77 #include <net/dn_dev.h>
78 #include <net/dn_route.h>
79
80 extern int decnet_log_martians;
81
dn_log_martian(struct sk_buff * skb,const char * msg)82 static void dn_log_martian(struct sk_buff *skb, const char *msg)
83 {
84 if (decnet_log_martians && net_ratelimit()) {
85 char *devname = skb->dev ? skb->dev->name : "???";
86 struct dn_skb_cb *cb = DN_SKB_CB(skb);
87 printk(KERN_INFO "DECnet: Martian packet (%s) dev=%s src=0x%04hx dst=0x%04hx srcport=0x%04hx dstport=0x%04hx\n",
88 msg, devname, le16_to_cpu(cb->src), le16_to_cpu(cb->dst),
89 le16_to_cpu(cb->src_port), le16_to_cpu(cb->dst_port));
90 }
91 }
92
93 /*
94 * For this function we've flipped the cross-subchannel bit
95 * if the message is an otherdata or linkservice message. Thus
96 * we can use it to work out what to update.
97 */
dn_ack(struct sock * sk,struct sk_buff * skb,unsigned short ack)98 static void dn_ack(struct sock *sk, struct sk_buff *skb, unsigned short ack)
99 {
100 struct dn_scp *scp = DN_SK(sk);
101 unsigned short type = ((ack >> 12) & 0x0003);
102 int wakeup = 0;
103
104 switch (type) {
105 case 0: /* ACK - Data */
106 if (dn_after(ack, scp->ackrcv_dat)) {
107 scp->ackrcv_dat = ack & 0x0fff;
108 wakeup |= dn_nsp_check_xmit_queue(sk, skb,
109 &scp->data_xmit_queue,
110 ack);
111 }
112 break;
113 case 1: /* NAK - Data */
114 break;
115 case 2: /* ACK - OtherData */
116 if (dn_after(ack, scp->ackrcv_oth)) {
117 scp->ackrcv_oth = ack & 0x0fff;
118 wakeup |= dn_nsp_check_xmit_queue(sk, skb,
119 &scp->other_xmit_queue,
120 ack);
121 }
122 break;
123 case 3: /* NAK - OtherData */
124 break;
125 }
126
127 if (wakeup && !sock_flag(sk, SOCK_DEAD))
128 sk->sk_state_change(sk);
129 }
130
131 /*
132 * This function is a universal ack processor.
133 */
dn_process_ack(struct sock * sk,struct sk_buff * skb,int oth)134 static int dn_process_ack(struct sock *sk, struct sk_buff *skb, int oth)
135 {
136 __le16 *ptr = (__le16 *)skb->data;
137 int len = 0;
138 unsigned short ack;
139
140 if (skb->len < 2)
141 return len;
142
143 if ((ack = le16_to_cpu(*ptr)) & 0x8000) {
144 skb_pull(skb, 2);
145 ptr++;
146 len += 2;
147 if ((ack & 0x4000) == 0) {
148 if (oth)
149 ack ^= 0x2000;
150 dn_ack(sk, skb, ack);
151 }
152 }
153
154 if (skb->len < 2)
155 return len;
156
157 if ((ack = le16_to_cpu(*ptr)) & 0x8000) {
158 skb_pull(skb, 2);
159 len += 2;
160 if ((ack & 0x4000) == 0) {
161 if (oth)
162 ack ^= 0x2000;
163 dn_ack(sk, skb, ack);
164 }
165 }
166
167 return len;
168 }
169
170
171 /**
172 * dn_check_idf - Check an image data field format is correct.
173 * @pptr: Pointer to pointer to image data
174 * @len: Pointer to length of image data
175 * @max: The maximum allowed length of the data in the image data field
176 * @follow_on: Check that this many bytes exist beyond the end of the image data
177 *
178 * Returns: 0 if ok, -1 on error
179 */
dn_check_idf(unsigned char ** pptr,int * len,unsigned char max,unsigned char follow_on)180 static inline int dn_check_idf(unsigned char **pptr, int *len, unsigned char max, unsigned char follow_on)
181 {
182 unsigned char *ptr = *pptr;
183 unsigned char flen = *ptr++;
184
185 (*len)--;
186 if (flen > max)
187 return -1;
188 if ((flen + follow_on) > *len)
189 return -1;
190
191 *len -= flen;
192 *pptr = ptr + flen;
193 return 0;
194 }
195
196 /*
197 * Table of reason codes to pass back to node which sent us a badly
198 * formed message, plus text messages for the log. A zero entry in
199 * the reason field means "don't reply" otherwise a disc init is sent with
200 * the specified reason code.
201 */
202 static struct {
203 unsigned short reason;
204 const char *text;
205 } ci_err_table[] = {
206 { 0, "CI: Truncated message" },
207 { NSP_REASON_ID, "CI: Destination username error" },
208 { NSP_REASON_ID, "CI: Destination username type" },
209 { NSP_REASON_US, "CI: Source username error" },
210 { 0, "CI: Truncated at menuver" },
211 { 0, "CI: Truncated before access or user data" },
212 { NSP_REASON_IO, "CI: Access data format error" },
213 { NSP_REASON_IO, "CI: User data format error" }
214 };
215
216 /*
217 * This function uses a slightly different lookup method
218 * to find its sockets, since it searches on object name/number
219 * rather than port numbers. Various tests are done to ensure that
220 * the incoming data is in the correct format before it is queued to
221 * a socket.
222 */
dn_find_listener(struct sk_buff * skb,unsigned short * reason)223 static struct sock *dn_find_listener(struct sk_buff *skb, unsigned short *reason)
224 {
225 struct dn_skb_cb *cb = DN_SKB_CB(skb);
226 struct nsp_conn_init_msg *msg = (struct nsp_conn_init_msg *)skb->data;
227 struct sockaddr_dn dstaddr;
228 struct sockaddr_dn srcaddr;
229 unsigned char type = 0;
230 int dstlen;
231 int srclen;
232 unsigned char *ptr;
233 int len;
234 int err = 0;
235 unsigned char menuver;
236
237 memset(&dstaddr, 0, sizeof(struct sockaddr_dn));
238 memset(&srcaddr, 0, sizeof(struct sockaddr_dn));
239
240 /*
241 * 1. Decode & remove message header
242 */
243 cb->src_port = msg->srcaddr;
244 cb->dst_port = msg->dstaddr;
245 cb->services = msg->services;
246 cb->info = msg->info;
247 cb->segsize = le16_to_cpu(msg->segsize);
248
249 if (!pskb_may_pull(skb, sizeof(*msg)))
250 goto err_out;
251
252 skb_pull(skb, sizeof(*msg));
253
254 len = skb->len;
255 ptr = skb->data;
256
257 /*
258 * 2. Check destination end username format
259 */
260 dstlen = dn_username2sockaddr(ptr, len, &dstaddr, &type);
261 err++;
262 if (dstlen < 0)
263 goto err_out;
264
265 err++;
266 if (type > 1)
267 goto err_out;
268
269 len -= dstlen;
270 ptr += dstlen;
271
272 /*
273 * 3. Check source end username format
274 */
275 srclen = dn_username2sockaddr(ptr, len, &srcaddr, &type);
276 err++;
277 if (srclen < 0)
278 goto err_out;
279
280 len -= srclen;
281 ptr += srclen;
282 err++;
283 if (len < 1)
284 goto err_out;
285
286 menuver = *ptr;
287 ptr++;
288 len--;
289
290 /*
291 * 4. Check that optional data actually exists if menuver says it does
292 */
293 err++;
294 if ((menuver & (DN_MENUVER_ACC | DN_MENUVER_USR)) && (len < 1))
295 goto err_out;
296
297 /*
298 * 5. Check optional access data format
299 */
300 err++;
301 if (menuver & DN_MENUVER_ACC) {
302 if (dn_check_idf(&ptr, &len, 39, 1))
303 goto err_out;
304 if (dn_check_idf(&ptr, &len, 39, 1))
305 goto err_out;
306 if (dn_check_idf(&ptr, &len, 39, (menuver & DN_MENUVER_USR) ? 1 : 0))
307 goto err_out;
308 }
309
310 /*
311 * 6. Check optional user data format
312 */
313 err++;
314 if (menuver & DN_MENUVER_USR) {
315 if (dn_check_idf(&ptr, &len, 16, 0))
316 goto err_out;
317 }
318
319 /*
320 * 7. Look up socket based on destination end username
321 */
322 return dn_sklist_find_listener(&dstaddr);
323 err_out:
324 dn_log_martian(skb, ci_err_table[err].text);
325 *reason = ci_err_table[err].reason;
326 return NULL;
327 }
328
329
dn_nsp_conn_init(struct sock * sk,struct sk_buff * skb)330 static void dn_nsp_conn_init(struct sock *sk, struct sk_buff *skb)
331 {
332 if (sk_acceptq_is_full(sk)) {
333 kfree_skb(skb);
334 return;
335 }
336
337 sk->sk_ack_backlog++;
338 skb_queue_tail(&sk->sk_receive_queue, skb);
339 sk->sk_state_change(sk);
340 }
341
dn_nsp_conn_conf(struct sock * sk,struct sk_buff * skb)342 static void dn_nsp_conn_conf(struct sock *sk, struct sk_buff *skb)
343 {
344 struct dn_skb_cb *cb = DN_SKB_CB(skb);
345 struct dn_scp *scp = DN_SK(sk);
346 unsigned char *ptr;
347
348 if (skb->len < 4)
349 goto out;
350
351 ptr = skb->data;
352 cb->services = *ptr++;
353 cb->info = *ptr++;
354 cb->segsize = le16_to_cpu(*(__le16 *)ptr);
355
356 if ((scp->state == DN_CI) || (scp->state == DN_CD)) {
357 scp->persist = 0;
358 scp->addrrem = cb->src_port;
359 sk->sk_state = TCP_ESTABLISHED;
360 scp->state = DN_RUN;
361 scp->services_rem = cb->services;
362 scp->info_rem = cb->info;
363 scp->segsize_rem = cb->segsize;
364
365 if ((scp->services_rem & NSP_FC_MASK) == NSP_FC_NONE)
366 scp->max_window = decnet_no_fc_max_cwnd;
367
368 if (skb->len > 0) {
369 u16 dlen = *skb->data;
370 if ((dlen <= 16) && (dlen <= skb->len)) {
371 scp->conndata_in.opt_optl = cpu_to_le16(dlen);
372 skb_copy_from_linear_data_offset(skb, 1,
373 scp->conndata_in.opt_data, dlen);
374 }
375 }
376 dn_nsp_send_link(sk, DN_NOCHANGE, 0);
377 if (!sock_flag(sk, SOCK_DEAD))
378 sk->sk_state_change(sk);
379 }
380
381 out:
382 kfree_skb(skb);
383 }
384
dn_nsp_conn_ack(struct sock * sk,struct sk_buff * skb)385 static void dn_nsp_conn_ack(struct sock *sk, struct sk_buff *skb)
386 {
387 struct dn_scp *scp = DN_SK(sk);
388
389 if (scp->state == DN_CI) {
390 scp->state = DN_CD;
391 scp->persist = 0;
392 }
393
394 kfree_skb(skb);
395 }
396
dn_nsp_disc_init(struct sock * sk,struct sk_buff * skb)397 static void dn_nsp_disc_init(struct sock *sk, struct sk_buff *skb)
398 {
399 struct dn_scp *scp = DN_SK(sk);
400 struct dn_skb_cb *cb = DN_SKB_CB(skb);
401 unsigned short reason;
402
403 if (skb->len < 2)
404 goto out;
405
406 reason = le16_to_cpu(*(__le16 *)skb->data);
407 skb_pull(skb, 2);
408
409 scp->discdata_in.opt_status = cpu_to_le16(reason);
410 scp->discdata_in.opt_optl = 0;
411 memset(scp->discdata_in.opt_data, 0, 16);
412
413 if (skb->len > 0) {
414 u16 dlen = *skb->data;
415 if ((dlen <= 16) && (dlen <= skb->len)) {
416 scp->discdata_in.opt_optl = cpu_to_le16(dlen);
417 skb_copy_from_linear_data_offset(skb, 1, scp->discdata_in.opt_data, dlen);
418 }
419 }
420
421 scp->addrrem = cb->src_port;
422 sk->sk_state = TCP_CLOSE;
423
424 switch (scp->state) {
425 case DN_CI:
426 case DN_CD:
427 scp->state = DN_RJ;
428 sk->sk_err = ECONNREFUSED;
429 break;
430 case DN_RUN:
431 sk->sk_shutdown |= SHUTDOWN_MASK;
432 scp->state = DN_DN;
433 break;
434 case DN_DI:
435 scp->state = DN_DIC;
436 break;
437 }
438
439 if (!sock_flag(sk, SOCK_DEAD)) {
440 if (sk->sk_socket->state != SS_UNCONNECTED)
441 sk->sk_socket->state = SS_DISCONNECTING;
442 sk->sk_state_change(sk);
443 }
444
445 /*
446 * It appears that its possible for remote machines to send disc
447 * init messages with no port identifier if we are in the CI and
448 * possibly also the CD state. Obviously we shouldn't reply with
449 * a message if we don't know what the end point is.
450 */
451 if (scp->addrrem) {
452 dn_nsp_send_disc(sk, NSP_DISCCONF, NSP_REASON_DC, GFP_ATOMIC);
453 }
454 scp->persist_fxn = dn_destroy_timer;
455 scp->persist = dn_nsp_persist(sk);
456
457 out:
458 kfree_skb(skb);
459 }
460
461 /*
462 * disc_conf messages are also called no_resources or no_link
463 * messages depending upon the "reason" field.
464 */
dn_nsp_disc_conf(struct sock * sk,struct sk_buff * skb)465 static void dn_nsp_disc_conf(struct sock *sk, struct sk_buff *skb)
466 {
467 struct dn_scp *scp = DN_SK(sk);
468 unsigned short reason;
469
470 if (skb->len != 2)
471 goto out;
472
473 reason = le16_to_cpu(*(__le16 *)skb->data);
474
475 sk->sk_state = TCP_CLOSE;
476
477 switch (scp->state) {
478 case DN_CI:
479 scp->state = DN_NR;
480 break;
481 case DN_DR:
482 if (reason == NSP_REASON_DC)
483 scp->state = DN_DRC;
484 if (reason == NSP_REASON_NL)
485 scp->state = DN_CN;
486 break;
487 case DN_DI:
488 scp->state = DN_DIC;
489 break;
490 case DN_RUN:
491 sk->sk_shutdown |= SHUTDOWN_MASK;
492 case DN_CC:
493 scp->state = DN_CN;
494 }
495
496 if (!sock_flag(sk, SOCK_DEAD)) {
497 if (sk->sk_socket->state != SS_UNCONNECTED)
498 sk->sk_socket->state = SS_DISCONNECTING;
499 sk->sk_state_change(sk);
500 }
501
502 scp->persist_fxn = dn_destroy_timer;
503 scp->persist = dn_nsp_persist(sk);
504
505 out:
506 kfree_skb(skb);
507 }
508
dn_nsp_linkservice(struct sock * sk,struct sk_buff * skb)509 static void dn_nsp_linkservice(struct sock *sk, struct sk_buff *skb)
510 {
511 struct dn_scp *scp = DN_SK(sk);
512 unsigned short segnum;
513 unsigned char lsflags;
514 signed char fcval;
515 int wake_up = 0;
516 char *ptr = skb->data;
517 unsigned char fctype = scp->services_rem & NSP_FC_MASK;
518
519 if (skb->len != 4)
520 goto out;
521
522 segnum = le16_to_cpu(*(__le16 *)ptr);
523 ptr += 2;
524 lsflags = *(unsigned char *)ptr++;
525 fcval = *ptr;
526
527 /*
528 * Here we ignore erronous packets which should really
529 * should cause a connection abort. It is not critical
530 * for now though.
531 */
532 if (lsflags & 0xf8)
533 goto out;
534
535 if (seq_next(scp->numoth_rcv, segnum)) {
536 seq_add(&scp->numoth_rcv, 1);
537 switch(lsflags & 0x04) { /* FCVAL INT */
538 case 0x00: /* Normal Request */
539 switch(lsflags & 0x03) { /* FCVAL MOD */
540 case 0x00: /* Request count */
541 if (fcval < 0) {
542 unsigned char p_fcval = -fcval;
543 if ((scp->flowrem_dat > p_fcval) &&
544 (fctype == NSP_FC_SCMC)) {
545 scp->flowrem_dat -= p_fcval;
546 }
547 } else if (fcval > 0) {
548 scp->flowrem_dat += fcval;
549 wake_up = 1;
550 }
551 break;
552 case 0x01: /* Stop outgoing data */
553 scp->flowrem_sw = DN_DONTSEND;
554 break;
555 case 0x02: /* Ok to start again */
556 scp->flowrem_sw = DN_SEND;
557 dn_nsp_output(sk);
558 wake_up = 1;
559 }
560 break;
561 case 0x04: /* Interrupt Request */
562 if (fcval > 0) {
563 scp->flowrem_oth += fcval;
564 wake_up = 1;
565 }
566 break;
567 }
568 if (wake_up && !sock_flag(sk, SOCK_DEAD))
569 sk->sk_state_change(sk);
570 }
571
572 dn_nsp_send_oth_ack(sk);
573
574 out:
575 kfree_skb(skb);
576 }
577
578 /*
579 * Copy of sock_queue_rcv_skb (from sock.h) without
580 * bh_lock_sock() (its already held when this is called) which
581 * also allows data and other data to be queued to a socket.
582 */
dn_queue_skb(struct sock * sk,struct sk_buff * skb,int sig,struct sk_buff_head * queue)583 static __inline__ int dn_queue_skb(struct sock *sk, struct sk_buff *skb, int sig, struct sk_buff_head *queue)
584 {
585 int err;
586 int skb_len;
587
588 /* Cast skb->rcvbuf to unsigned... It's pointless, but reduces
589 number of warnings when compiling with -W --ANK
590 */
591 if (atomic_read(&sk->sk_rmem_alloc) + skb->truesize >=
592 (unsigned)sk->sk_rcvbuf) {
593 err = -ENOMEM;
594 goto out;
595 }
596
597 err = sk_filter(sk, skb);
598 if (err)
599 goto out;
600
601 skb_len = skb->len;
602 skb_set_owner_r(skb, sk);
603 skb_queue_tail(queue, skb);
604
605 if (!sock_flag(sk, SOCK_DEAD))
606 sk->sk_data_ready(sk, skb_len);
607 out:
608 return err;
609 }
610
dn_nsp_otherdata(struct sock * sk,struct sk_buff * skb)611 static void dn_nsp_otherdata(struct sock *sk, struct sk_buff *skb)
612 {
613 struct dn_scp *scp = DN_SK(sk);
614 unsigned short segnum;
615 struct dn_skb_cb *cb = DN_SKB_CB(skb);
616 int queued = 0;
617
618 if (skb->len < 2)
619 goto out;
620
621 cb->segnum = segnum = le16_to_cpu(*(__le16 *)skb->data);
622 skb_pull(skb, 2);
623
624 if (seq_next(scp->numoth_rcv, segnum)) {
625
626 if (dn_queue_skb(sk, skb, SIGURG, &scp->other_receive_queue) == 0) {
627 seq_add(&scp->numoth_rcv, 1);
628 scp->other_report = 0;
629 queued = 1;
630 }
631 }
632
633 dn_nsp_send_oth_ack(sk);
634 out:
635 if (!queued)
636 kfree_skb(skb);
637 }
638
dn_nsp_data(struct sock * sk,struct sk_buff * skb)639 static void dn_nsp_data(struct sock *sk, struct sk_buff *skb)
640 {
641 int queued = 0;
642 unsigned short segnum;
643 struct dn_skb_cb *cb = DN_SKB_CB(skb);
644 struct dn_scp *scp = DN_SK(sk);
645
646 if (skb->len < 2)
647 goto out;
648
649 cb->segnum = segnum = le16_to_cpu(*(__le16 *)skb->data);
650 skb_pull(skb, 2);
651
652 if (seq_next(scp->numdat_rcv, segnum)) {
653 if (dn_queue_skb(sk, skb, SIGIO, &sk->sk_receive_queue) == 0) {
654 seq_add(&scp->numdat_rcv, 1);
655 queued = 1;
656 }
657
658 if ((scp->flowloc_sw == DN_SEND) && dn_congested(sk)) {
659 scp->flowloc_sw = DN_DONTSEND;
660 dn_nsp_send_link(sk, DN_DONTSEND, 0);
661 }
662 }
663
664 dn_nsp_send_data_ack(sk);
665 out:
666 if (!queued)
667 kfree_skb(skb);
668 }
669
670 /*
671 * If one of our conninit messages is returned, this function
672 * deals with it. It puts the socket into the NO_COMMUNICATION
673 * state.
674 */
dn_returned_conn_init(struct sock * sk,struct sk_buff * skb)675 static void dn_returned_conn_init(struct sock *sk, struct sk_buff *skb)
676 {
677 struct dn_scp *scp = DN_SK(sk);
678
679 if (scp->state == DN_CI) {
680 scp->state = DN_NC;
681 sk->sk_state = TCP_CLOSE;
682 if (!sock_flag(sk, SOCK_DEAD))
683 sk->sk_state_change(sk);
684 }
685
686 kfree_skb(skb);
687 }
688
dn_nsp_no_socket(struct sk_buff * skb,unsigned short reason)689 static int dn_nsp_no_socket(struct sk_buff *skb, unsigned short reason)
690 {
691 struct dn_skb_cb *cb = DN_SKB_CB(skb);
692 int ret = NET_RX_DROP;
693
694 /* Must not reply to returned packets */
695 if (cb->rt_flags & DN_RT_F_RTS)
696 goto out;
697
698 if ((reason != NSP_REASON_OK) && ((cb->nsp_flags & 0x0c) == 0x08)) {
699 switch (cb->nsp_flags & 0x70) {
700 case 0x10:
701 case 0x60: /* (Retransmitted) Connect Init */
702 dn_nsp_return_disc(skb, NSP_DISCINIT, reason);
703 ret = NET_RX_SUCCESS;
704 break;
705 case 0x20: /* Connect Confirm */
706 dn_nsp_return_disc(skb, NSP_DISCCONF, reason);
707 ret = NET_RX_SUCCESS;
708 break;
709 }
710 }
711
712 out:
713 kfree_skb(skb);
714 return ret;
715 }
716
dn_nsp_rx_packet(struct sk_buff * skb)717 static int dn_nsp_rx_packet(struct sk_buff *skb)
718 {
719 struct dn_skb_cb *cb = DN_SKB_CB(skb);
720 struct sock *sk = NULL;
721 unsigned char *ptr = (unsigned char *)skb->data;
722 unsigned short reason = NSP_REASON_NL;
723
724 if (!pskb_may_pull(skb, 2))
725 goto free_out;
726
727 skb_reset_transport_header(skb);
728 cb->nsp_flags = *ptr++;
729
730 if (decnet_debug_level & 2)
731 printk(KERN_DEBUG "dn_nsp_rx: Message type 0x%02x\n", (int)cb->nsp_flags);
732
733 if (cb->nsp_flags & 0x83)
734 goto free_out;
735
736 /*
737 * Filter out conninits and useless packet types
738 */
739 if ((cb->nsp_flags & 0x0c) == 0x08) {
740 switch (cb->nsp_flags & 0x70) {
741 case 0x00: /* NOP */
742 case 0x70: /* Reserved */
743 case 0x50: /* Reserved, Phase II node init */
744 goto free_out;
745 case 0x10:
746 case 0x60:
747 if (unlikely(cb->rt_flags & DN_RT_F_RTS))
748 goto free_out;
749 sk = dn_find_listener(skb, &reason);
750 goto got_it;
751 }
752 }
753
754 if (!pskb_may_pull(skb, 3))
755 goto free_out;
756
757 /*
758 * Grab the destination address.
759 */
760 cb->dst_port = *(__le16 *)ptr;
761 cb->src_port = 0;
762 ptr += 2;
763
764 /*
765 * If not a connack, grab the source address too.
766 */
767 if (pskb_may_pull(skb, 5)) {
768 cb->src_port = *(__le16 *)ptr;
769 ptr += 2;
770 skb_pull(skb, 5);
771 }
772
773 /*
774 * Returned packets...
775 * Swap src & dst and look up in the normal way.
776 */
777 if (unlikely(cb->rt_flags & DN_RT_F_RTS)) {
778 __le16 tmp = cb->dst_port;
779 cb->dst_port = cb->src_port;
780 cb->src_port = tmp;
781 tmp = cb->dst;
782 cb->dst = cb->src;
783 cb->src = tmp;
784 }
785
786 /*
787 * Find the socket to which this skb is destined.
788 */
789 sk = dn_find_by_skb(skb);
790 got_it:
791 if (sk != NULL) {
792 struct dn_scp *scp = DN_SK(sk);
793
794 /* Reset backoff */
795 scp->nsp_rxtshift = 0;
796
797 /*
798 * We linearize everything except data segments here.
799 */
800 if (cb->nsp_flags & ~0x60) {
801 if (unlikely(skb_linearize(skb)))
802 goto free_out;
803 }
804
805 return sk_receive_skb(sk, skb, 0);
806 }
807
808 return dn_nsp_no_socket(skb, reason);
809
810 free_out:
811 kfree_skb(skb);
812 return NET_RX_DROP;
813 }
814
dn_nsp_rx(struct sk_buff * skb)815 int dn_nsp_rx(struct sk_buff *skb)
816 {
817 return NF_HOOK(NFPROTO_DECNET, NF_DN_LOCAL_IN, skb, skb->dev, NULL,
818 dn_nsp_rx_packet);
819 }
820
821 /*
822 * This is the main receive routine for sockets. It is called
823 * from the above when the socket is not busy, and also from
824 * sock_release() when there is a backlog queued up.
825 */
dn_nsp_backlog_rcv(struct sock * sk,struct sk_buff * skb)826 int dn_nsp_backlog_rcv(struct sock *sk, struct sk_buff *skb)
827 {
828 struct dn_scp *scp = DN_SK(sk);
829 struct dn_skb_cb *cb = DN_SKB_CB(skb);
830
831 if (cb->rt_flags & DN_RT_F_RTS) {
832 if (cb->nsp_flags == 0x18 || cb->nsp_flags == 0x68)
833 dn_returned_conn_init(sk, skb);
834 else
835 kfree_skb(skb);
836 return NET_RX_SUCCESS;
837 }
838
839 /*
840 * Control packet.
841 */
842 if ((cb->nsp_flags & 0x0c) == 0x08) {
843 switch (cb->nsp_flags & 0x70) {
844 case 0x10:
845 case 0x60:
846 dn_nsp_conn_init(sk, skb);
847 break;
848 case 0x20:
849 dn_nsp_conn_conf(sk, skb);
850 break;
851 case 0x30:
852 dn_nsp_disc_init(sk, skb);
853 break;
854 case 0x40:
855 dn_nsp_disc_conf(sk, skb);
856 break;
857 }
858
859 } else if (cb->nsp_flags == 0x24) {
860 /*
861 * Special for connacks, 'cos they don't have
862 * ack data or ack otherdata info.
863 */
864 dn_nsp_conn_ack(sk, skb);
865 } else {
866 int other = 1;
867
868 /* both data and ack frames can kick a CC socket into RUN */
869 if ((scp->state == DN_CC) && !sock_flag(sk, SOCK_DEAD)) {
870 scp->state = DN_RUN;
871 sk->sk_state = TCP_ESTABLISHED;
872 sk->sk_state_change(sk);
873 }
874
875 if ((cb->nsp_flags & 0x1c) == 0)
876 other = 0;
877 if (cb->nsp_flags == 0x04)
878 other = 0;
879
880 /*
881 * Read out ack data here, this applies equally
882 * to data, other data, link serivce and both
883 * ack data and ack otherdata.
884 */
885 dn_process_ack(sk, skb, other);
886
887 /*
888 * If we've some sort of data here then call a
889 * suitable routine for dealing with it, otherwise
890 * the packet is an ack and can be discarded.
891 */
892 if ((cb->nsp_flags & 0x0c) == 0) {
893
894 if (scp->state != DN_RUN)
895 goto free_out;
896
897 switch (cb->nsp_flags) {
898 case 0x10: /* LS */
899 dn_nsp_linkservice(sk, skb);
900 break;
901 case 0x30: /* OD */
902 dn_nsp_otherdata(sk, skb);
903 break;
904 default:
905 dn_nsp_data(sk, skb);
906 }
907
908 } else { /* Ack, chuck it out here */
909 free_out:
910 kfree_skb(skb);
911 }
912 }
913
914 return NET_RX_SUCCESS;
915 }
916
917