1 /*
2 * DECnet An implementation of the DECnet protocol suite for the LINUX
3 * operating system. DECnet is implemented using the BSD Socket
4 * interface as the means of communication with the user level.
5 *
6 * DECnet Network Services Protocol (Input)
7 *
8 * Author: Eduardo Marcelo Serrat <emserrat@geocities.com>
9 *
10 * Changes:
11 *
12 * Steve Whitehouse: Split into dn_nsp_in.c and dn_nsp_out.c from
13 * original dn_nsp.c.
14 * Steve Whitehouse: Updated to work with my new routing architecture.
15 * Steve Whitehouse: Add changes from Eduardo Serrat's patches.
16 * Steve Whitehouse: Put all ack handling code in a common routine.
17 * Steve Whitehouse: Put other common bits into dn_nsp_rx()
18 * Steve Whitehouse: More checks on skb->len to catch bogus packets
19 * Fixed various race conditions and possible nasties.
20 * Steve Whitehouse: Now handles returned conninit frames.
21 * David S. Miller: New socket locking
22 * Steve Whitehouse: Fixed lockup when socket filtering was enabled.
23 * Paul Koning: Fix to push CC sockets into RUN when acks are
24 * received.
25 * Steve Whitehouse:
26 * Patrick Caulfield: Checking conninits for correctness & sending of error
27 * responses.
28 * Steve Whitehouse: Added backlog congestion level return codes.
29 * Patrick Caulfield:
30 * Steve Whitehouse: Added flow control support (outbound)
31 * Steve Whitehouse: Prepare for nonlinear skbs
32 */
33
34 /******************************************************************************
35 (c) 1995-1998 E.M. Serrat emserrat@geocities.com
36
37 This program is free software; you can redistribute it and/or modify
38 it under the terms of the GNU General Public License as published by
39 the Free Software Foundation; either version 2 of the License, or
40 any later version.
41
42 This program is distributed in the hope that it will be useful,
43 but WITHOUT ANY WARRANTY; without even the implied warranty of
44 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
45 GNU General Public License for more details.
46 *******************************************************************************/
47
48 #include <linux/errno.h>
49 #include <linux/types.h>
50 #include <linux/socket.h>
51 #include <linux/in.h>
52 #include <linux/kernel.h>
53 #include <linux/timer.h>
54 #include <linux/string.h>
55 #include <linux/sockios.h>
56 #include <linux/net.h>
57 #include <linux/netdevice.h>
58 #include <linux/inet.h>
59 #include <linux/route.h>
60 #include <linux/slab.h>
61 #include <net/sock.h>
62 #include <net/tcp_states.h>
63 #include <linux/fcntl.h>
64 #include <linux/mm.h>
65 #include <linux/termios.h>
66 #include <linux/interrupt.h>
67 #include <linux/proc_fs.h>
68 #include <linux/stat.h>
69 #include <linux/init.h>
70 #include <linux/poll.h>
71 #include <linux/netfilter_decnet.h>
72 #include <net/neighbour.h>
73 #include <net/dst.h>
74 #include <net/dn.h>
75 #include <net/dn_nsp.h>
76 #include <net/dn_dev.h>
77 #include <net/dn_route.h>
78
79 extern int decnet_log_martians;
80
dn_log_martian(struct sk_buff * skb,const char * msg)81 static void dn_log_martian(struct sk_buff *skb, const char *msg)
82 {
83 if (decnet_log_martians) {
84 char *devname = skb->dev ? skb->dev->name : "???";
85 struct dn_skb_cb *cb = DN_SKB_CB(skb);
86 net_info_ratelimited("DECnet: Martian packet (%s) dev=%s src=0x%04hx dst=0x%04hx srcport=0x%04hx dstport=0x%04hx\n",
87 msg, devname,
88 le16_to_cpu(cb->src),
89 le16_to_cpu(cb->dst),
90 le16_to_cpu(cb->src_port),
91 le16_to_cpu(cb->dst_port));
92 }
93 }
94
95 /*
96 * For this function we've flipped the cross-subchannel bit
97 * if the message is an otherdata or linkservice message. Thus
98 * we can use it to work out what to update.
99 */
dn_ack(struct sock * sk,struct sk_buff * skb,unsigned short ack)100 static void dn_ack(struct sock *sk, struct sk_buff *skb, unsigned short ack)
101 {
102 struct dn_scp *scp = DN_SK(sk);
103 unsigned short type = ((ack >> 12) & 0x0003);
104 int wakeup = 0;
105
106 switch (type) {
107 case 0: /* ACK - Data */
108 if (dn_after(ack, scp->ackrcv_dat)) {
109 scp->ackrcv_dat = ack & 0x0fff;
110 wakeup |= dn_nsp_check_xmit_queue(sk, skb,
111 &scp->data_xmit_queue,
112 ack);
113 }
114 break;
115 case 1: /* NAK - Data */
116 break;
117 case 2: /* ACK - OtherData */
118 if (dn_after(ack, scp->ackrcv_oth)) {
119 scp->ackrcv_oth = ack & 0x0fff;
120 wakeup |= dn_nsp_check_xmit_queue(sk, skb,
121 &scp->other_xmit_queue,
122 ack);
123 }
124 break;
125 case 3: /* NAK - OtherData */
126 break;
127 }
128
129 if (wakeup && !sock_flag(sk, SOCK_DEAD))
130 sk->sk_state_change(sk);
131 }
132
133 /*
134 * This function is a universal ack processor.
135 */
dn_process_ack(struct sock * sk,struct sk_buff * skb,int oth)136 static int dn_process_ack(struct sock *sk, struct sk_buff *skb, int oth)
137 {
138 __le16 *ptr = (__le16 *)skb->data;
139 int len = 0;
140 unsigned short ack;
141
142 if (skb->len < 2)
143 return len;
144
145 if ((ack = le16_to_cpu(*ptr)) & 0x8000) {
146 skb_pull(skb, 2);
147 ptr++;
148 len += 2;
149 if ((ack & 0x4000) == 0) {
150 if (oth)
151 ack ^= 0x2000;
152 dn_ack(sk, skb, ack);
153 }
154 }
155
156 if (skb->len < 2)
157 return len;
158
159 if ((ack = le16_to_cpu(*ptr)) & 0x8000) {
160 skb_pull(skb, 2);
161 len += 2;
162 if ((ack & 0x4000) == 0) {
163 if (oth)
164 ack ^= 0x2000;
165 dn_ack(sk, skb, ack);
166 }
167 }
168
169 return len;
170 }
171
172
173 /**
174 * dn_check_idf - Check an image data field format is correct.
175 * @pptr: Pointer to pointer to image data
176 * @len: Pointer to length of image data
177 * @max: The maximum allowed length of the data in the image data field
178 * @follow_on: Check that this many bytes exist beyond the end of the image data
179 *
180 * Returns: 0 if ok, -1 on error
181 */
dn_check_idf(unsigned char ** pptr,int * len,unsigned char max,unsigned char follow_on)182 static inline int dn_check_idf(unsigned char **pptr, int *len, unsigned char max, unsigned char follow_on)
183 {
184 unsigned char *ptr = *pptr;
185 unsigned char flen = *ptr++;
186
187 (*len)--;
188 if (flen > max)
189 return -1;
190 if ((flen + follow_on) > *len)
191 return -1;
192
193 *len -= flen;
194 *pptr = ptr + flen;
195 return 0;
196 }
197
198 /*
199 * Table of reason codes to pass back to node which sent us a badly
200 * formed message, plus text messages for the log. A zero entry in
201 * the reason field means "don't reply" otherwise a disc init is sent with
202 * the specified reason code.
203 */
204 static struct {
205 unsigned short reason;
206 const char *text;
207 } ci_err_table[] = {
208 { 0, "CI: Truncated message" },
209 { NSP_REASON_ID, "CI: Destination username error" },
210 { NSP_REASON_ID, "CI: Destination username type" },
211 { NSP_REASON_US, "CI: Source username error" },
212 { 0, "CI: Truncated at menuver" },
213 { 0, "CI: Truncated before access or user data" },
214 { NSP_REASON_IO, "CI: Access data format error" },
215 { NSP_REASON_IO, "CI: User data format error" }
216 };
217
218 /*
219 * This function uses a slightly different lookup method
220 * to find its sockets, since it searches on object name/number
221 * rather than port numbers. Various tests are done to ensure that
222 * the incoming data is in the correct format before it is queued to
223 * a socket.
224 */
dn_find_listener(struct sk_buff * skb,unsigned short * reason)225 static struct sock *dn_find_listener(struct sk_buff *skb, unsigned short *reason)
226 {
227 struct dn_skb_cb *cb = DN_SKB_CB(skb);
228 struct nsp_conn_init_msg *msg = (struct nsp_conn_init_msg *)skb->data;
229 struct sockaddr_dn dstaddr;
230 struct sockaddr_dn srcaddr;
231 unsigned char type = 0;
232 int dstlen;
233 int srclen;
234 unsigned char *ptr;
235 int len;
236 int err = 0;
237 unsigned char menuver;
238
239 memset(&dstaddr, 0, sizeof(struct sockaddr_dn));
240 memset(&srcaddr, 0, sizeof(struct sockaddr_dn));
241
242 /*
243 * 1. Decode & remove message header
244 */
245 cb->src_port = msg->srcaddr;
246 cb->dst_port = msg->dstaddr;
247 cb->services = msg->services;
248 cb->info = msg->info;
249 cb->segsize = le16_to_cpu(msg->segsize);
250
251 if (!pskb_may_pull(skb, sizeof(*msg)))
252 goto err_out;
253
254 skb_pull(skb, sizeof(*msg));
255
256 len = skb->len;
257 ptr = skb->data;
258
259 /*
260 * 2. Check destination end username format
261 */
262 dstlen = dn_username2sockaddr(ptr, len, &dstaddr, &type);
263 err++;
264 if (dstlen < 0)
265 goto err_out;
266
267 err++;
268 if (type > 1)
269 goto err_out;
270
271 len -= dstlen;
272 ptr += dstlen;
273
274 /*
275 * 3. Check source end username format
276 */
277 srclen = dn_username2sockaddr(ptr, len, &srcaddr, &type);
278 err++;
279 if (srclen < 0)
280 goto err_out;
281
282 len -= srclen;
283 ptr += srclen;
284 err++;
285 if (len < 1)
286 goto err_out;
287
288 menuver = *ptr;
289 ptr++;
290 len--;
291
292 /*
293 * 4. Check that optional data actually exists if menuver says it does
294 */
295 err++;
296 if ((menuver & (DN_MENUVER_ACC | DN_MENUVER_USR)) && (len < 1))
297 goto err_out;
298
299 /*
300 * 5. Check optional access data format
301 */
302 err++;
303 if (menuver & DN_MENUVER_ACC) {
304 if (dn_check_idf(&ptr, &len, 39, 1))
305 goto err_out;
306 if (dn_check_idf(&ptr, &len, 39, 1))
307 goto err_out;
308 if (dn_check_idf(&ptr, &len, 39, (menuver & DN_MENUVER_USR) ? 1 : 0))
309 goto err_out;
310 }
311
312 /*
313 * 6. Check optional user data format
314 */
315 err++;
316 if (menuver & DN_MENUVER_USR) {
317 if (dn_check_idf(&ptr, &len, 16, 0))
318 goto err_out;
319 }
320
321 /*
322 * 7. Look up socket based on destination end username
323 */
324 return dn_sklist_find_listener(&dstaddr);
325 err_out:
326 dn_log_martian(skb, ci_err_table[err].text);
327 *reason = ci_err_table[err].reason;
328 return NULL;
329 }
330
331
dn_nsp_conn_init(struct sock * sk,struct sk_buff * skb)332 static void dn_nsp_conn_init(struct sock *sk, struct sk_buff *skb)
333 {
334 if (sk_acceptq_is_full(sk)) {
335 kfree_skb(skb);
336 return;
337 }
338
339 sk->sk_ack_backlog++;
340 skb_queue_tail(&sk->sk_receive_queue, skb);
341 sk->sk_state_change(sk);
342 }
343
dn_nsp_conn_conf(struct sock * sk,struct sk_buff * skb)344 static void dn_nsp_conn_conf(struct sock *sk, struct sk_buff *skb)
345 {
346 struct dn_skb_cb *cb = DN_SKB_CB(skb);
347 struct dn_scp *scp = DN_SK(sk);
348 unsigned char *ptr;
349
350 if (skb->len < 4)
351 goto out;
352
353 ptr = skb->data;
354 cb->services = *ptr++;
355 cb->info = *ptr++;
356 cb->segsize = le16_to_cpu(*(__le16 *)ptr);
357
358 if ((scp->state == DN_CI) || (scp->state == DN_CD)) {
359 scp->persist = 0;
360 scp->addrrem = cb->src_port;
361 sk->sk_state = TCP_ESTABLISHED;
362 scp->state = DN_RUN;
363 scp->services_rem = cb->services;
364 scp->info_rem = cb->info;
365 scp->segsize_rem = cb->segsize;
366
367 if ((scp->services_rem & NSP_FC_MASK) == NSP_FC_NONE)
368 scp->max_window = decnet_no_fc_max_cwnd;
369
370 if (skb->len > 0) {
371 u16 dlen = *skb->data;
372 if ((dlen <= 16) && (dlen <= skb->len)) {
373 scp->conndata_in.opt_optl = cpu_to_le16(dlen);
374 skb_copy_from_linear_data_offset(skb, 1,
375 scp->conndata_in.opt_data, dlen);
376 }
377 }
378 dn_nsp_send_link(sk, DN_NOCHANGE, 0);
379 if (!sock_flag(sk, SOCK_DEAD))
380 sk->sk_state_change(sk);
381 }
382
383 out:
384 kfree_skb(skb);
385 }
386
dn_nsp_conn_ack(struct sock * sk,struct sk_buff * skb)387 static void dn_nsp_conn_ack(struct sock *sk, struct sk_buff *skb)
388 {
389 struct dn_scp *scp = DN_SK(sk);
390
391 if (scp->state == DN_CI) {
392 scp->state = DN_CD;
393 scp->persist = 0;
394 }
395
396 kfree_skb(skb);
397 }
398
dn_nsp_disc_init(struct sock * sk,struct sk_buff * skb)399 static void dn_nsp_disc_init(struct sock *sk, struct sk_buff *skb)
400 {
401 struct dn_scp *scp = DN_SK(sk);
402 struct dn_skb_cb *cb = DN_SKB_CB(skb);
403 unsigned short reason;
404
405 if (skb->len < 2)
406 goto out;
407
408 reason = le16_to_cpu(*(__le16 *)skb->data);
409 skb_pull(skb, 2);
410
411 scp->discdata_in.opt_status = cpu_to_le16(reason);
412 scp->discdata_in.opt_optl = 0;
413 memset(scp->discdata_in.opt_data, 0, 16);
414
415 if (skb->len > 0) {
416 u16 dlen = *skb->data;
417 if ((dlen <= 16) && (dlen <= skb->len)) {
418 scp->discdata_in.opt_optl = cpu_to_le16(dlen);
419 skb_copy_from_linear_data_offset(skb, 1, scp->discdata_in.opt_data, dlen);
420 }
421 }
422
423 scp->addrrem = cb->src_port;
424 sk->sk_state = TCP_CLOSE;
425
426 switch (scp->state) {
427 case DN_CI:
428 case DN_CD:
429 scp->state = DN_RJ;
430 sk->sk_err = ECONNREFUSED;
431 break;
432 case DN_RUN:
433 sk->sk_shutdown |= SHUTDOWN_MASK;
434 scp->state = DN_DN;
435 break;
436 case DN_DI:
437 scp->state = DN_DIC;
438 break;
439 }
440
441 if (!sock_flag(sk, SOCK_DEAD)) {
442 if (sk->sk_socket->state != SS_UNCONNECTED)
443 sk->sk_socket->state = SS_DISCONNECTING;
444 sk->sk_state_change(sk);
445 }
446
447 /*
448 * It appears that its possible for remote machines to send disc
449 * init messages with no port identifier if we are in the CI and
450 * possibly also the CD state. Obviously we shouldn't reply with
451 * a message if we don't know what the end point is.
452 */
453 if (scp->addrrem) {
454 dn_nsp_send_disc(sk, NSP_DISCCONF, NSP_REASON_DC, GFP_ATOMIC);
455 }
456 scp->persist_fxn = dn_destroy_timer;
457 scp->persist = dn_nsp_persist(sk);
458
459 out:
460 kfree_skb(skb);
461 }
462
463 /*
464 * disc_conf messages are also called no_resources or no_link
465 * messages depending upon the "reason" field.
466 */
dn_nsp_disc_conf(struct sock * sk,struct sk_buff * skb)467 static void dn_nsp_disc_conf(struct sock *sk, struct sk_buff *skb)
468 {
469 struct dn_scp *scp = DN_SK(sk);
470 unsigned short reason;
471
472 if (skb->len != 2)
473 goto out;
474
475 reason = le16_to_cpu(*(__le16 *)skb->data);
476
477 sk->sk_state = TCP_CLOSE;
478
479 switch (scp->state) {
480 case DN_CI:
481 scp->state = DN_NR;
482 break;
483 case DN_DR:
484 if (reason == NSP_REASON_DC)
485 scp->state = DN_DRC;
486 if (reason == NSP_REASON_NL)
487 scp->state = DN_CN;
488 break;
489 case DN_DI:
490 scp->state = DN_DIC;
491 break;
492 case DN_RUN:
493 sk->sk_shutdown |= SHUTDOWN_MASK;
494 case DN_CC:
495 scp->state = DN_CN;
496 }
497
498 if (!sock_flag(sk, SOCK_DEAD)) {
499 if (sk->sk_socket->state != SS_UNCONNECTED)
500 sk->sk_socket->state = SS_DISCONNECTING;
501 sk->sk_state_change(sk);
502 }
503
504 scp->persist_fxn = dn_destroy_timer;
505 scp->persist = dn_nsp_persist(sk);
506
507 out:
508 kfree_skb(skb);
509 }
510
dn_nsp_linkservice(struct sock * sk,struct sk_buff * skb)511 static void dn_nsp_linkservice(struct sock *sk, struct sk_buff *skb)
512 {
513 struct dn_scp *scp = DN_SK(sk);
514 unsigned short segnum;
515 unsigned char lsflags;
516 signed char fcval;
517 int wake_up = 0;
518 char *ptr = skb->data;
519 unsigned char fctype = scp->services_rem & NSP_FC_MASK;
520
521 if (skb->len != 4)
522 goto out;
523
524 segnum = le16_to_cpu(*(__le16 *)ptr);
525 ptr += 2;
526 lsflags = *(unsigned char *)ptr++;
527 fcval = *ptr;
528
529 /*
530 * Here we ignore erronous packets which should really
531 * should cause a connection abort. It is not critical
532 * for now though.
533 */
534 if (lsflags & 0xf8)
535 goto out;
536
537 if (seq_next(scp->numoth_rcv, segnum)) {
538 seq_add(&scp->numoth_rcv, 1);
539 switch(lsflags & 0x04) { /* FCVAL INT */
540 case 0x00: /* Normal Request */
541 switch(lsflags & 0x03) { /* FCVAL MOD */
542 case 0x00: /* Request count */
543 if (fcval < 0) {
544 unsigned char p_fcval = -fcval;
545 if ((scp->flowrem_dat > p_fcval) &&
546 (fctype == NSP_FC_SCMC)) {
547 scp->flowrem_dat -= p_fcval;
548 }
549 } else if (fcval > 0) {
550 scp->flowrem_dat += fcval;
551 wake_up = 1;
552 }
553 break;
554 case 0x01: /* Stop outgoing data */
555 scp->flowrem_sw = DN_DONTSEND;
556 break;
557 case 0x02: /* Ok to start again */
558 scp->flowrem_sw = DN_SEND;
559 dn_nsp_output(sk);
560 wake_up = 1;
561 }
562 break;
563 case 0x04: /* Interrupt Request */
564 if (fcval > 0) {
565 scp->flowrem_oth += fcval;
566 wake_up = 1;
567 }
568 break;
569 }
570 if (wake_up && !sock_flag(sk, SOCK_DEAD))
571 sk->sk_state_change(sk);
572 }
573
574 dn_nsp_send_oth_ack(sk);
575
576 out:
577 kfree_skb(skb);
578 }
579
580 /*
581 * Copy of sock_queue_rcv_skb (from sock.h) without
582 * bh_lock_sock() (its already held when this is called) which
583 * also allows data and other data to be queued to a socket.
584 */
dn_queue_skb(struct sock * sk,struct sk_buff * skb,int sig,struct sk_buff_head * queue)585 static __inline__ int dn_queue_skb(struct sock *sk, struct sk_buff *skb, int sig, struct sk_buff_head *queue)
586 {
587 int err;
588
589 /* Cast skb->rcvbuf to unsigned... It's pointless, but reduces
590 number of warnings when compiling with -W --ANK
591 */
592 if (atomic_read(&sk->sk_rmem_alloc) + skb->truesize >=
593 (unsigned int)sk->sk_rcvbuf) {
594 err = -ENOMEM;
595 goto out;
596 }
597
598 err = sk_filter(sk, skb);
599 if (err)
600 goto out;
601
602 skb_set_owner_r(skb, sk);
603 skb_queue_tail(queue, skb);
604
605 if (!sock_flag(sk, SOCK_DEAD))
606 sk->sk_data_ready(sk);
607 out:
608 return err;
609 }
610
dn_nsp_otherdata(struct sock * sk,struct sk_buff * skb)611 static void dn_nsp_otherdata(struct sock *sk, struct sk_buff *skb)
612 {
613 struct dn_scp *scp = DN_SK(sk);
614 unsigned short segnum;
615 struct dn_skb_cb *cb = DN_SKB_CB(skb);
616 int queued = 0;
617
618 if (skb->len < 2)
619 goto out;
620
621 cb->segnum = segnum = le16_to_cpu(*(__le16 *)skb->data);
622 skb_pull(skb, 2);
623
624 if (seq_next(scp->numoth_rcv, segnum)) {
625
626 if (dn_queue_skb(sk, skb, SIGURG, &scp->other_receive_queue) == 0) {
627 seq_add(&scp->numoth_rcv, 1);
628 scp->other_report = 0;
629 queued = 1;
630 }
631 }
632
633 dn_nsp_send_oth_ack(sk);
634 out:
635 if (!queued)
636 kfree_skb(skb);
637 }
638
dn_nsp_data(struct sock * sk,struct sk_buff * skb)639 static void dn_nsp_data(struct sock *sk, struct sk_buff *skb)
640 {
641 int queued = 0;
642 unsigned short segnum;
643 struct dn_skb_cb *cb = DN_SKB_CB(skb);
644 struct dn_scp *scp = DN_SK(sk);
645
646 if (skb->len < 2)
647 goto out;
648
649 cb->segnum = segnum = le16_to_cpu(*(__le16 *)skb->data);
650 skb_pull(skb, 2);
651
652 if (seq_next(scp->numdat_rcv, segnum)) {
653 if (dn_queue_skb(sk, skb, SIGIO, &sk->sk_receive_queue) == 0) {
654 seq_add(&scp->numdat_rcv, 1);
655 queued = 1;
656 }
657
658 if ((scp->flowloc_sw == DN_SEND) && dn_congested(sk)) {
659 scp->flowloc_sw = DN_DONTSEND;
660 dn_nsp_send_link(sk, DN_DONTSEND, 0);
661 }
662 }
663
664 dn_nsp_send_data_ack(sk);
665 out:
666 if (!queued)
667 kfree_skb(skb);
668 }
669
670 /*
671 * If one of our conninit messages is returned, this function
672 * deals with it. It puts the socket into the NO_COMMUNICATION
673 * state.
674 */
dn_returned_conn_init(struct sock * sk,struct sk_buff * skb)675 static void dn_returned_conn_init(struct sock *sk, struct sk_buff *skb)
676 {
677 struct dn_scp *scp = DN_SK(sk);
678
679 if (scp->state == DN_CI) {
680 scp->state = DN_NC;
681 sk->sk_state = TCP_CLOSE;
682 if (!sock_flag(sk, SOCK_DEAD))
683 sk->sk_state_change(sk);
684 }
685
686 kfree_skb(skb);
687 }
688
dn_nsp_no_socket(struct sk_buff * skb,unsigned short reason)689 static int dn_nsp_no_socket(struct sk_buff *skb, unsigned short reason)
690 {
691 struct dn_skb_cb *cb = DN_SKB_CB(skb);
692 int ret = NET_RX_DROP;
693
694 /* Must not reply to returned packets */
695 if (cb->rt_flags & DN_RT_F_RTS)
696 goto out;
697
698 if ((reason != NSP_REASON_OK) && ((cb->nsp_flags & 0x0c) == 0x08)) {
699 switch (cb->nsp_flags & 0x70) {
700 case 0x10:
701 case 0x60: /* (Retransmitted) Connect Init */
702 dn_nsp_return_disc(skb, NSP_DISCINIT, reason);
703 ret = NET_RX_SUCCESS;
704 break;
705 case 0x20: /* Connect Confirm */
706 dn_nsp_return_disc(skb, NSP_DISCCONF, reason);
707 ret = NET_RX_SUCCESS;
708 break;
709 }
710 }
711
712 out:
713 kfree_skb(skb);
714 return ret;
715 }
716
dn_nsp_rx_packet(struct net * net,struct sock * sk2,struct sk_buff * skb)717 static int dn_nsp_rx_packet(struct net *net, struct sock *sk2,
718 struct sk_buff *skb)
719 {
720 struct dn_skb_cb *cb = DN_SKB_CB(skb);
721 struct sock *sk = NULL;
722 unsigned char *ptr = (unsigned char *)skb->data;
723 unsigned short reason = NSP_REASON_NL;
724
725 if (!pskb_may_pull(skb, 2))
726 goto free_out;
727
728 skb_reset_transport_header(skb);
729 cb->nsp_flags = *ptr++;
730
731 if (decnet_debug_level & 2)
732 printk(KERN_DEBUG "dn_nsp_rx: Message type 0x%02x\n", (int)cb->nsp_flags);
733
734 if (cb->nsp_flags & 0x83)
735 goto free_out;
736
737 /*
738 * Filter out conninits and useless packet types
739 */
740 if ((cb->nsp_flags & 0x0c) == 0x08) {
741 switch (cb->nsp_flags & 0x70) {
742 case 0x00: /* NOP */
743 case 0x70: /* Reserved */
744 case 0x50: /* Reserved, Phase II node init */
745 goto free_out;
746 case 0x10:
747 case 0x60:
748 if (unlikely(cb->rt_flags & DN_RT_F_RTS))
749 goto free_out;
750 sk = dn_find_listener(skb, &reason);
751 goto got_it;
752 }
753 }
754
755 if (!pskb_may_pull(skb, 3))
756 goto free_out;
757
758 /*
759 * Grab the destination address.
760 */
761 cb->dst_port = *(__le16 *)ptr;
762 cb->src_port = 0;
763 ptr += 2;
764
765 /*
766 * If not a connack, grab the source address too.
767 */
768 if (pskb_may_pull(skb, 5)) {
769 cb->src_port = *(__le16 *)ptr;
770 ptr += 2;
771 skb_pull(skb, 5);
772 }
773
774 /*
775 * Returned packets...
776 * Swap src & dst and look up in the normal way.
777 */
778 if (unlikely(cb->rt_flags & DN_RT_F_RTS)) {
779 __le16 tmp = cb->dst_port;
780 cb->dst_port = cb->src_port;
781 cb->src_port = tmp;
782 tmp = cb->dst;
783 cb->dst = cb->src;
784 cb->src = tmp;
785 }
786
787 /*
788 * Find the socket to which this skb is destined.
789 */
790 sk = dn_find_by_skb(skb);
791 got_it:
792 if (sk != NULL) {
793 struct dn_scp *scp = DN_SK(sk);
794
795 /* Reset backoff */
796 scp->nsp_rxtshift = 0;
797
798 /*
799 * We linearize everything except data segments here.
800 */
801 if (cb->nsp_flags & ~0x60) {
802 if (unlikely(skb_linearize(skb)))
803 goto free_out;
804 }
805
806 return sk_receive_skb(sk, skb, 0);
807 }
808
809 return dn_nsp_no_socket(skb, reason);
810
811 free_out:
812 kfree_skb(skb);
813 return NET_RX_DROP;
814 }
815
dn_nsp_rx(struct sk_buff * skb)816 int dn_nsp_rx(struct sk_buff *skb)
817 {
818 return NF_HOOK(NFPROTO_DECNET, NF_DN_LOCAL_IN,
819 &init_net, NULL, skb, skb->dev, NULL,
820 dn_nsp_rx_packet);
821 }
822
823 /*
824 * This is the main receive routine for sockets. It is called
825 * from the above when the socket is not busy, and also from
826 * sock_release() when there is a backlog queued up.
827 */
dn_nsp_backlog_rcv(struct sock * sk,struct sk_buff * skb)828 int dn_nsp_backlog_rcv(struct sock *sk, struct sk_buff *skb)
829 {
830 struct dn_scp *scp = DN_SK(sk);
831 struct dn_skb_cb *cb = DN_SKB_CB(skb);
832
833 if (cb->rt_flags & DN_RT_F_RTS) {
834 if (cb->nsp_flags == 0x18 || cb->nsp_flags == 0x68)
835 dn_returned_conn_init(sk, skb);
836 else
837 kfree_skb(skb);
838 return NET_RX_SUCCESS;
839 }
840
841 /*
842 * Control packet.
843 */
844 if ((cb->nsp_flags & 0x0c) == 0x08) {
845 switch (cb->nsp_flags & 0x70) {
846 case 0x10:
847 case 0x60:
848 dn_nsp_conn_init(sk, skb);
849 break;
850 case 0x20:
851 dn_nsp_conn_conf(sk, skb);
852 break;
853 case 0x30:
854 dn_nsp_disc_init(sk, skb);
855 break;
856 case 0x40:
857 dn_nsp_disc_conf(sk, skb);
858 break;
859 }
860
861 } else if (cb->nsp_flags == 0x24) {
862 /*
863 * Special for connacks, 'cos they don't have
864 * ack data or ack otherdata info.
865 */
866 dn_nsp_conn_ack(sk, skb);
867 } else {
868 int other = 1;
869
870 /* both data and ack frames can kick a CC socket into RUN */
871 if ((scp->state == DN_CC) && !sock_flag(sk, SOCK_DEAD)) {
872 scp->state = DN_RUN;
873 sk->sk_state = TCP_ESTABLISHED;
874 sk->sk_state_change(sk);
875 }
876
877 if ((cb->nsp_flags & 0x1c) == 0)
878 other = 0;
879 if (cb->nsp_flags == 0x04)
880 other = 0;
881
882 /*
883 * Read out ack data here, this applies equally
884 * to data, other data, link serivce and both
885 * ack data and ack otherdata.
886 */
887 dn_process_ack(sk, skb, other);
888
889 /*
890 * If we've some sort of data here then call a
891 * suitable routine for dealing with it, otherwise
892 * the packet is an ack and can be discarded.
893 */
894 if ((cb->nsp_flags & 0x0c) == 0) {
895
896 if (scp->state != DN_RUN)
897 goto free_out;
898
899 switch (cb->nsp_flags) {
900 case 0x10: /* LS */
901 dn_nsp_linkservice(sk, skb);
902 break;
903 case 0x30: /* OD */
904 dn_nsp_otherdata(sk, skb);
905 break;
906 default:
907 dn_nsp_data(sk, skb);
908 }
909
910 } else { /* Ack, chuck it out here */
911 free_out:
912 kfree_skb(skb);
913 }
914 }
915
916 return NET_RX_SUCCESS;
917 }
918
919