1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 *
4 * Copyright (C) Alan Cox GW4PTS (alan@lxorguk.ukuu.org.uk)
5 * Copyright (C) Jonathan Naylor G4KLX (g4klx@g4klx.demon.co.uk)
6 * Copyright (C) Darryl Miles G7LED (dlm@g7led.demon.co.uk)
7 * Copyright (C) Steven Whitehouse GW7RRM (stevew@acm.org)
8 * Copyright (C) Joerg Reuter DL1BKE (jreuter@yaina.de)
9 * Copyright (C) Hans-Joachim Hetscher DD8NE (dd8ne@bnv-bamberg.de)
10 * Copyright (C) Hans Alblas PE1AYX (hans@esrac.ele.tue.nl)
11 * Copyright (C) Frederic Rible F1OAT (frible@teaser.fr)
12 */
13 #include <linux/capability.h>
14 #include <linux/module.h>
15 #include <linux/errno.h>
16 #include <linux/types.h>
17 #include <linux/socket.h>
18 #include <linux/in.h>
19 #include <linux/kernel.h>
20 #include <linux/sched/signal.h>
21 #include <linux/timer.h>
22 #include <linux/string.h>
23 #include <linux/sockios.h>
24 #include <linux/net.h>
25 #include <linux/slab.h>
26 #include <net/ax25.h>
27 #include <linux/inet.h>
28 #include <linux/netdevice.h>
29 #include <linux/if_arp.h>
30 #include <linux/skbuff.h>
31 #include <net/sock.h>
32 #include <linux/uaccess.h>
33 #include <linux/fcntl.h>
34 #include <linux/termios.h> /* For TIOCINQ/OUTQ */
35 #include <linux/mm.h>
36 #include <linux/interrupt.h>
37 #include <linux/notifier.h>
38 #include <linux/proc_fs.h>
39 #include <linux/stat.h>
40 #include <linux/sysctl.h>
41 #include <linux/init.h>
42 #include <linux/spinlock.h>
43 #include <net/net_namespace.h>
44 #include <net/tcp_states.h>
45 #include <net/ip.h>
46 #include <net/arp.h>
47
48
49
50 HLIST_HEAD(ax25_list);
51 DEFINE_SPINLOCK(ax25_list_lock);
52
53 static const struct proto_ops ax25_proto_ops;
54
ax25_free_sock(struct sock * sk)55 static void ax25_free_sock(struct sock *sk)
56 {
57 ax25_cb_put(sk_to_ax25(sk));
58 }
59
60 /*
61 * Socket removal during an interrupt is now safe.
62 */
ax25_cb_del(ax25_cb * ax25)63 static void ax25_cb_del(ax25_cb *ax25)
64 {
65 if (!hlist_unhashed(&ax25->ax25_node)) {
66 spin_lock_bh(&ax25_list_lock);
67 hlist_del_init(&ax25->ax25_node);
68 spin_unlock_bh(&ax25_list_lock);
69 ax25_cb_put(ax25);
70 }
71 }
72
73 /*
74 * Kill all bound sockets on a dropped device.
75 */
ax25_kill_by_device(struct net_device * dev)76 static void ax25_kill_by_device(struct net_device *dev)
77 {
78 ax25_dev *ax25_dev;
79 ax25_cb *s;
80 struct sock *sk;
81
82 if ((ax25_dev = ax25_dev_ax25dev(dev)) == NULL)
83 return;
84
85 spin_lock_bh(&ax25_list_lock);
86 again:
87 ax25_for_each(s, &ax25_list) {
88 if (s->ax25_dev == ax25_dev) {
89 sk = s->sk;
90 if (!sk) {
91 spin_unlock_bh(&ax25_list_lock);
92 ax25_disconnect(s, ENETUNREACH);
93 s->ax25_dev = NULL;
94 spin_lock_bh(&ax25_list_lock);
95 goto again;
96 }
97 sock_hold(sk);
98 spin_unlock_bh(&ax25_list_lock);
99 lock_sock(sk);
100 ax25_disconnect(s, ENETUNREACH);
101 s->ax25_dev = NULL;
102 if (sk->sk_socket) {
103 dev_put(ax25_dev->dev);
104 ax25_dev_put(ax25_dev);
105 }
106 release_sock(sk);
107 spin_lock_bh(&ax25_list_lock);
108 sock_put(sk);
109 /* The entry could have been deleted from the
110 * list meanwhile and thus the next pointer is
111 * no longer valid. Play it safe and restart
112 * the scan. Forward progress is ensured
113 * because we set s->ax25_dev to NULL and we
114 * are never passed a NULL 'dev' argument.
115 */
116 goto again;
117 }
118 }
119 spin_unlock_bh(&ax25_list_lock);
120 }
121
122 /*
123 * Handle device status changes.
124 */
ax25_device_event(struct notifier_block * this,unsigned long event,void * ptr)125 static int ax25_device_event(struct notifier_block *this, unsigned long event,
126 void *ptr)
127 {
128 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
129
130 if (!net_eq(dev_net(dev), &init_net))
131 return NOTIFY_DONE;
132
133 /* Reject non AX.25 devices */
134 if (dev->type != ARPHRD_AX25)
135 return NOTIFY_DONE;
136
137 switch (event) {
138 case NETDEV_UP:
139 ax25_dev_device_up(dev);
140 break;
141 case NETDEV_DOWN:
142 ax25_kill_by_device(dev);
143 ax25_rt_device_down(dev);
144 ax25_dev_device_down(dev);
145 break;
146 default:
147 break;
148 }
149
150 return NOTIFY_DONE;
151 }
152
153 /*
154 * Add a socket to the bound sockets list.
155 */
ax25_cb_add(ax25_cb * ax25)156 void ax25_cb_add(ax25_cb *ax25)
157 {
158 spin_lock_bh(&ax25_list_lock);
159 ax25_cb_hold(ax25);
160 hlist_add_head(&ax25->ax25_node, &ax25_list);
161 spin_unlock_bh(&ax25_list_lock);
162 }
163
164 /*
165 * Find a socket that wants to accept the SABM we have just
166 * received.
167 */
ax25_find_listener(ax25_address * addr,int digi,struct net_device * dev,int type)168 struct sock *ax25_find_listener(ax25_address *addr, int digi,
169 struct net_device *dev, int type)
170 {
171 ax25_cb *s;
172
173 spin_lock(&ax25_list_lock);
174 ax25_for_each(s, &ax25_list) {
175 if ((s->iamdigi && !digi) || (!s->iamdigi && digi))
176 continue;
177 if (s->sk && !ax25cmp(&s->source_addr, addr) &&
178 s->sk->sk_type == type && s->sk->sk_state == TCP_LISTEN) {
179 /* If device is null we match any device */
180 if (s->ax25_dev == NULL || s->ax25_dev->dev == dev) {
181 sock_hold(s->sk);
182 spin_unlock(&ax25_list_lock);
183 return s->sk;
184 }
185 }
186 }
187 spin_unlock(&ax25_list_lock);
188
189 return NULL;
190 }
191
192 /*
193 * Find an AX.25 socket given both ends.
194 */
ax25_get_socket(ax25_address * my_addr,ax25_address * dest_addr,int type)195 struct sock *ax25_get_socket(ax25_address *my_addr, ax25_address *dest_addr,
196 int type)
197 {
198 struct sock *sk = NULL;
199 ax25_cb *s;
200
201 spin_lock(&ax25_list_lock);
202 ax25_for_each(s, &ax25_list) {
203 if (s->sk && !ax25cmp(&s->source_addr, my_addr) &&
204 !ax25cmp(&s->dest_addr, dest_addr) &&
205 s->sk->sk_type == type) {
206 sk = s->sk;
207 sock_hold(sk);
208 break;
209 }
210 }
211
212 spin_unlock(&ax25_list_lock);
213
214 return sk;
215 }
216
217 /*
218 * Find an AX.25 control block given both ends. It will only pick up
219 * floating AX.25 control blocks or non Raw socket bound control blocks.
220 */
ax25_find_cb(ax25_address * src_addr,ax25_address * dest_addr,ax25_digi * digi,struct net_device * dev)221 ax25_cb *ax25_find_cb(ax25_address *src_addr, ax25_address *dest_addr,
222 ax25_digi *digi, struct net_device *dev)
223 {
224 ax25_cb *s;
225
226 spin_lock_bh(&ax25_list_lock);
227 ax25_for_each(s, &ax25_list) {
228 if (s->sk && s->sk->sk_type != SOCK_SEQPACKET)
229 continue;
230 if (s->ax25_dev == NULL)
231 continue;
232 if (ax25cmp(&s->source_addr, src_addr) == 0 && ax25cmp(&s->dest_addr, dest_addr) == 0 && s->ax25_dev->dev == dev) {
233 if (digi != NULL && digi->ndigi != 0) {
234 if (s->digipeat == NULL)
235 continue;
236 if (ax25digicmp(s->digipeat, digi) != 0)
237 continue;
238 } else {
239 if (s->digipeat != NULL && s->digipeat->ndigi != 0)
240 continue;
241 }
242 ax25_cb_hold(s);
243 spin_unlock_bh(&ax25_list_lock);
244
245 return s;
246 }
247 }
248 spin_unlock_bh(&ax25_list_lock);
249
250 return NULL;
251 }
252
253 EXPORT_SYMBOL(ax25_find_cb);
254
ax25_send_to_raw(ax25_address * addr,struct sk_buff * skb,int proto)255 void ax25_send_to_raw(ax25_address *addr, struct sk_buff *skb, int proto)
256 {
257 ax25_cb *s;
258 struct sk_buff *copy;
259
260 spin_lock(&ax25_list_lock);
261 ax25_for_each(s, &ax25_list) {
262 if (s->sk != NULL && ax25cmp(&s->source_addr, addr) == 0 &&
263 s->sk->sk_type == SOCK_RAW &&
264 s->sk->sk_protocol == proto &&
265 s->ax25_dev->dev == skb->dev &&
266 atomic_read(&s->sk->sk_rmem_alloc) <= s->sk->sk_rcvbuf) {
267 if ((copy = skb_clone(skb, GFP_ATOMIC)) == NULL)
268 continue;
269 if (sock_queue_rcv_skb(s->sk, copy) != 0)
270 kfree_skb(copy);
271 }
272 }
273 spin_unlock(&ax25_list_lock);
274 }
275
276 /*
277 * Deferred destroy.
278 */
279 void ax25_destroy_socket(ax25_cb *);
280
281 /*
282 * Handler for deferred kills.
283 */
ax25_destroy_timer(struct timer_list * t)284 static void ax25_destroy_timer(struct timer_list *t)
285 {
286 ax25_cb *ax25 = from_timer(ax25, t, dtimer);
287 struct sock *sk;
288
289 sk=ax25->sk;
290
291 bh_lock_sock(sk);
292 sock_hold(sk);
293 ax25_destroy_socket(ax25);
294 bh_unlock_sock(sk);
295 sock_put(sk);
296 }
297
298 /*
299 * This is called from user mode and the timers. Thus it protects itself
300 * against interrupt users but doesn't worry about being called during
301 * work. Once it is removed from the queue no interrupt or bottom half
302 * will touch it and we are (fairly 8-) ) safe.
303 */
ax25_destroy_socket(ax25_cb * ax25)304 void ax25_destroy_socket(ax25_cb *ax25)
305 {
306 struct sk_buff *skb;
307
308 ax25_cb_del(ax25);
309
310 ax25_stop_heartbeat(ax25);
311 ax25_stop_t1timer(ax25);
312 ax25_stop_t2timer(ax25);
313 ax25_stop_t3timer(ax25);
314 ax25_stop_idletimer(ax25);
315
316 ax25_clear_queues(ax25); /* Flush the queues */
317
318 if (ax25->sk != NULL) {
319 while ((skb = skb_dequeue(&ax25->sk->sk_receive_queue)) != NULL) {
320 if (skb->sk != ax25->sk) {
321 /* A pending connection */
322 ax25_cb *sax25 = sk_to_ax25(skb->sk);
323
324 /* Queue the unaccepted socket for death */
325 sock_orphan(skb->sk);
326
327 /* 9A4GL: hack to release unaccepted sockets */
328 skb->sk->sk_state = TCP_LISTEN;
329
330 ax25_start_heartbeat(sax25);
331 sax25->state = AX25_STATE_0;
332 }
333
334 kfree_skb(skb);
335 }
336 skb_queue_purge(&ax25->sk->sk_write_queue);
337 }
338
339 if (ax25->sk != NULL) {
340 if (sk_has_allocations(ax25->sk)) {
341 /* Defer: outstanding buffers */
342 timer_setup(&ax25->dtimer, ax25_destroy_timer, 0);
343 ax25->dtimer.expires = jiffies + 2 * HZ;
344 add_timer(&ax25->dtimer);
345 } else {
346 struct sock *sk=ax25->sk;
347 ax25->sk=NULL;
348 sock_put(sk);
349 }
350 } else {
351 ax25_cb_put(ax25);
352 }
353 }
354
355 /*
356 * dl1bke 960311: set parameters for existing AX.25 connections,
357 * includes a KILL command to abort any connection.
358 * VERY useful for debugging ;-)
359 */
ax25_ctl_ioctl(const unsigned int cmd,void __user * arg)360 static int ax25_ctl_ioctl(const unsigned int cmd, void __user *arg)
361 {
362 struct ax25_ctl_struct ax25_ctl;
363 ax25_digi digi;
364 ax25_dev *ax25_dev;
365 ax25_cb *ax25;
366 unsigned int k;
367 int ret = 0;
368
369 if (copy_from_user(&ax25_ctl, arg, sizeof(ax25_ctl)))
370 return -EFAULT;
371
372 if (ax25_ctl.digi_count > AX25_MAX_DIGIS)
373 return -EINVAL;
374
375 if (ax25_ctl.arg > ULONG_MAX / HZ && ax25_ctl.cmd != AX25_KILL)
376 return -EINVAL;
377
378 ax25_dev = ax25_addr_ax25dev(&ax25_ctl.port_addr);
379 if (!ax25_dev)
380 return -ENODEV;
381
382 digi.ndigi = ax25_ctl.digi_count;
383 for (k = 0; k < digi.ndigi; k++)
384 digi.calls[k] = ax25_ctl.digi_addr[k];
385
386 ax25 = ax25_find_cb(&ax25_ctl.source_addr, &ax25_ctl.dest_addr, &digi, ax25_dev->dev);
387 if (!ax25) {
388 ax25_dev_put(ax25_dev);
389 return -ENOTCONN;
390 }
391
392 switch (ax25_ctl.cmd) {
393 case AX25_KILL:
394 ax25_send_control(ax25, AX25_DISC, AX25_POLLON, AX25_COMMAND);
395 #ifdef CONFIG_AX25_DAMA_SLAVE
396 if (ax25_dev->dama.slave && ax25->ax25_dev->values[AX25_VALUES_PROTOCOL] == AX25_PROTO_DAMA_SLAVE)
397 ax25_dama_off(ax25);
398 #endif
399 ax25_disconnect(ax25, ENETRESET);
400 break;
401
402 case AX25_WINDOW:
403 if (ax25->modulus == AX25_MODULUS) {
404 if (ax25_ctl.arg < 1 || ax25_ctl.arg > 7)
405 goto einval_put;
406 } else {
407 if (ax25_ctl.arg < 1 || ax25_ctl.arg > 63)
408 goto einval_put;
409 }
410 ax25->window = ax25_ctl.arg;
411 break;
412
413 case AX25_T1:
414 if (ax25_ctl.arg < 1 || ax25_ctl.arg > ULONG_MAX / HZ)
415 goto einval_put;
416 ax25->rtt = (ax25_ctl.arg * HZ) / 2;
417 ax25->t1 = ax25_ctl.arg * HZ;
418 break;
419
420 case AX25_T2:
421 if (ax25_ctl.arg < 1 || ax25_ctl.arg > ULONG_MAX / HZ)
422 goto einval_put;
423 ax25->t2 = ax25_ctl.arg * HZ;
424 break;
425
426 case AX25_N2:
427 if (ax25_ctl.arg < 1 || ax25_ctl.arg > 31)
428 goto einval_put;
429 ax25->n2count = 0;
430 ax25->n2 = ax25_ctl.arg;
431 break;
432
433 case AX25_T3:
434 if (ax25_ctl.arg > ULONG_MAX / HZ)
435 goto einval_put;
436 ax25->t3 = ax25_ctl.arg * HZ;
437 break;
438
439 case AX25_IDLE:
440 if (ax25_ctl.arg > ULONG_MAX / (60 * HZ))
441 goto einval_put;
442
443 ax25->idle = ax25_ctl.arg * 60 * HZ;
444 break;
445
446 case AX25_PACLEN:
447 if (ax25_ctl.arg < 16 || ax25_ctl.arg > 65535)
448 goto einval_put;
449 ax25->paclen = ax25_ctl.arg;
450 break;
451
452 default:
453 goto einval_put;
454 }
455
456 out_put:
457 ax25_dev_put(ax25_dev);
458 ax25_cb_put(ax25);
459 return ret;
460
461 einval_put:
462 ret = -EINVAL;
463 goto out_put;
464 }
465
ax25_fillin_cb_from_dev(ax25_cb * ax25,ax25_dev * ax25_dev)466 static void ax25_fillin_cb_from_dev(ax25_cb *ax25, ax25_dev *ax25_dev)
467 {
468 ax25->rtt = msecs_to_jiffies(ax25_dev->values[AX25_VALUES_T1]) / 2;
469 ax25->t1 = msecs_to_jiffies(ax25_dev->values[AX25_VALUES_T1]);
470 ax25->t2 = msecs_to_jiffies(ax25_dev->values[AX25_VALUES_T2]);
471 ax25->t3 = msecs_to_jiffies(ax25_dev->values[AX25_VALUES_T3]);
472 ax25->n2 = ax25_dev->values[AX25_VALUES_N2];
473 ax25->paclen = ax25_dev->values[AX25_VALUES_PACLEN];
474 ax25->idle = msecs_to_jiffies(ax25_dev->values[AX25_VALUES_IDLE]);
475 ax25->backoff = ax25_dev->values[AX25_VALUES_BACKOFF];
476
477 if (ax25_dev->values[AX25_VALUES_AXDEFMODE]) {
478 ax25->modulus = AX25_EMODULUS;
479 ax25->window = ax25_dev->values[AX25_VALUES_EWINDOW];
480 } else {
481 ax25->modulus = AX25_MODULUS;
482 ax25->window = ax25_dev->values[AX25_VALUES_WINDOW];
483 }
484 }
485
486 /*
487 * Fill in a created AX.25 created control block with the default
488 * values for a particular device.
489 */
ax25_fillin_cb(ax25_cb * ax25,ax25_dev * ax25_dev)490 void ax25_fillin_cb(ax25_cb *ax25, ax25_dev *ax25_dev)
491 {
492 ax25->ax25_dev = ax25_dev;
493
494 if (ax25->ax25_dev != NULL) {
495 ax25_fillin_cb_from_dev(ax25, ax25_dev);
496 return;
497 }
498
499 /*
500 * No device, use kernel / AX.25 spec default values
501 */
502 ax25->rtt = msecs_to_jiffies(AX25_DEF_T1) / 2;
503 ax25->t1 = msecs_to_jiffies(AX25_DEF_T1);
504 ax25->t2 = msecs_to_jiffies(AX25_DEF_T2);
505 ax25->t3 = msecs_to_jiffies(AX25_DEF_T3);
506 ax25->n2 = AX25_DEF_N2;
507 ax25->paclen = AX25_DEF_PACLEN;
508 ax25->idle = msecs_to_jiffies(AX25_DEF_IDLE);
509 ax25->backoff = AX25_DEF_BACKOFF;
510
511 if (AX25_DEF_AXDEFMODE) {
512 ax25->modulus = AX25_EMODULUS;
513 ax25->window = AX25_DEF_EWINDOW;
514 } else {
515 ax25->modulus = AX25_MODULUS;
516 ax25->window = AX25_DEF_WINDOW;
517 }
518 }
519
520 /*
521 * Create an empty AX.25 control block.
522 */
ax25_create_cb(void)523 ax25_cb *ax25_create_cb(void)
524 {
525 ax25_cb *ax25;
526
527 if ((ax25 = kzalloc(sizeof(*ax25), GFP_ATOMIC)) == NULL)
528 return NULL;
529
530 refcount_set(&ax25->refcount, 1);
531
532 skb_queue_head_init(&ax25->write_queue);
533 skb_queue_head_init(&ax25->frag_queue);
534 skb_queue_head_init(&ax25->ack_queue);
535 skb_queue_head_init(&ax25->reseq_queue);
536
537 ax25_setup_timers(ax25);
538
539 ax25_fillin_cb(ax25, NULL);
540
541 ax25->state = AX25_STATE_0;
542
543 return ax25;
544 }
545
546 /*
547 * Handling for system calls applied via the various interfaces to an
548 * AX25 socket object
549 */
550
ax25_setsockopt(struct socket * sock,int level,int optname,char __user * optval,unsigned int optlen)551 static int ax25_setsockopt(struct socket *sock, int level, int optname,
552 char __user *optval, unsigned int optlen)
553 {
554 struct sock *sk = sock->sk;
555 ax25_cb *ax25;
556 struct net_device *dev;
557 char devname[IFNAMSIZ];
558 unsigned long opt;
559 int res = 0;
560
561 if (level != SOL_AX25)
562 return -ENOPROTOOPT;
563
564 if (optlen < sizeof(unsigned int))
565 return -EINVAL;
566
567 if (get_user(opt, (unsigned int __user *)optval))
568 return -EFAULT;
569
570 lock_sock(sk);
571 ax25 = sk_to_ax25(sk);
572
573 switch (optname) {
574 case AX25_WINDOW:
575 if (ax25->modulus == AX25_MODULUS) {
576 if (opt < 1 || opt > 7) {
577 res = -EINVAL;
578 break;
579 }
580 } else {
581 if (opt < 1 || opt > 63) {
582 res = -EINVAL;
583 break;
584 }
585 }
586 ax25->window = opt;
587 break;
588
589 case AX25_T1:
590 if (opt < 1 || opt > ULONG_MAX / HZ) {
591 res = -EINVAL;
592 break;
593 }
594 ax25->rtt = (opt * HZ) >> 1;
595 ax25->t1 = opt * HZ;
596 break;
597
598 case AX25_T2:
599 if (opt < 1 || opt > ULONG_MAX / HZ) {
600 res = -EINVAL;
601 break;
602 }
603 ax25->t2 = opt * HZ;
604 break;
605
606 case AX25_N2:
607 if (opt < 1 || opt > 31) {
608 res = -EINVAL;
609 break;
610 }
611 ax25->n2 = opt;
612 break;
613
614 case AX25_T3:
615 if (opt < 1 || opt > ULONG_MAX / HZ) {
616 res = -EINVAL;
617 break;
618 }
619 ax25->t3 = opt * HZ;
620 break;
621
622 case AX25_IDLE:
623 if (opt > ULONG_MAX / (60 * HZ)) {
624 res = -EINVAL;
625 break;
626 }
627 ax25->idle = opt * 60 * HZ;
628 break;
629
630 case AX25_BACKOFF:
631 if (opt > 2) {
632 res = -EINVAL;
633 break;
634 }
635 ax25->backoff = opt;
636 break;
637
638 case AX25_EXTSEQ:
639 ax25->modulus = opt ? AX25_EMODULUS : AX25_MODULUS;
640 break;
641
642 case AX25_PIDINCL:
643 ax25->pidincl = opt ? 1 : 0;
644 break;
645
646 case AX25_IAMDIGI:
647 ax25->iamdigi = opt ? 1 : 0;
648 break;
649
650 case AX25_PACLEN:
651 if (opt < 16 || opt > 65535) {
652 res = -EINVAL;
653 break;
654 }
655 ax25->paclen = opt;
656 break;
657
658 case SO_BINDTODEVICE:
659 if (optlen > IFNAMSIZ - 1)
660 optlen = IFNAMSIZ - 1;
661
662 memset(devname, 0, sizeof(devname));
663
664 if (copy_from_user(devname, optval, optlen)) {
665 res = -EFAULT;
666 break;
667 }
668
669 if (sk->sk_type == SOCK_SEQPACKET &&
670 (sock->state != SS_UNCONNECTED ||
671 sk->sk_state == TCP_LISTEN)) {
672 res = -EADDRNOTAVAIL;
673 break;
674 }
675
676 rtnl_lock();
677 dev = __dev_get_by_name(&init_net, devname);
678 if (!dev) {
679 rtnl_unlock();
680 res = -ENODEV;
681 break;
682 }
683
684 ax25->ax25_dev = ax25_dev_ax25dev(dev);
685 if (!ax25->ax25_dev) {
686 rtnl_unlock();
687 res = -ENODEV;
688 break;
689 }
690 ax25_fillin_cb(ax25, ax25->ax25_dev);
691 rtnl_unlock();
692 break;
693
694 default:
695 res = -ENOPROTOOPT;
696 }
697 release_sock(sk);
698
699 return res;
700 }
701
ax25_getsockopt(struct socket * sock,int level,int optname,char __user * optval,int __user * optlen)702 static int ax25_getsockopt(struct socket *sock, int level, int optname,
703 char __user *optval, int __user *optlen)
704 {
705 struct sock *sk = sock->sk;
706 ax25_cb *ax25;
707 struct ax25_dev *ax25_dev;
708 char devname[IFNAMSIZ];
709 void *valptr;
710 int val = 0;
711 int maxlen, length;
712
713 if (level != SOL_AX25)
714 return -ENOPROTOOPT;
715
716 if (get_user(maxlen, optlen))
717 return -EFAULT;
718
719 if (maxlen < 1)
720 return -EFAULT;
721
722 valptr = (void *) &val;
723 length = min_t(unsigned int, maxlen, sizeof(int));
724
725 lock_sock(sk);
726 ax25 = sk_to_ax25(sk);
727
728 switch (optname) {
729 case AX25_WINDOW:
730 val = ax25->window;
731 break;
732
733 case AX25_T1:
734 val = ax25->t1 / HZ;
735 break;
736
737 case AX25_T2:
738 val = ax25->t2 / HZ;
739 break;
740
741 case AX25_N2:
742 val = ax25->n2;
743 break;
744
745 case AX25_T3:
746 val = ax25->t3 / HZ;
747 break;
748
749 case AX25_IDLE:
750 val = ax25->idle / (60 * HZ);
751 break;
752
753 case AX25_BACKOFF:
754 val = ax25->backoff;
755 break;
756
757 case AX25_EXTSEQ:
758 val = (ax25->modulus == AX25_EMODULUS);
759 break;
760
761 case AX25_PIDINCL:
762 val = ax25->pidincl;
763 break;
764
765 case AX25_IAMDIGI:
766 val = ax25->iamdigi;
767 break;
768
769 case AX25_PACLEN:
770 val = ax25->paclen;
771 break;
772
773 case SO_BINDTODEVICE:
774 ax25_dev = ax25->ax25_dev;
775
776 if (ax25_dev != NULL && ax25_dev->dev != NULL) {
777 strlcpy(devname, ax25_dev->dev->name, sizeof(devname));
778 length = strlen(devname) + 1;
779 } else {
780 *devname = '\0';
781 length = 1;
782 }
783
784 valptr = (void *) devname;
785 break;
786
787 default:
788 release_sock(sk);
789 return -ENOPROTOOPT;
790 }
791 release_sock(sk);
792
793 if (put_user(length, optlen))
794 return -EFAULT;
795
796 return copy_to_user(optval, valptr, length) ? -EFAULT : 0;
797 }
798
ax25_listen(struct socket * sock,int backlog)799 static int ax25_listen(struct socket *sock, int backlog)
800 {
801 struct sock *sk = sock->sk;
802 int res = 0;
803
804 lock_sock(sk);
805 if (sk->sk_type == SOCK_SEQPACKET && sk->sk_state != TCP_LISTEN) {
806 sk->sk_max_ack_backlog = backlog;
807 sk->sk_state = TCP_LISTEN;
808 goto out;
809 }
810 res = -EOPNOTSUPP;
811
812 out:
813 release_sock(sk);
814
815 return res;
816 }
817
818 /*
819 * XXX: when creating ax25_sock we should update the .obj_size setting
820 * below.
821 */
822 static struct proto ax25_proto = {
823 .name = "AX25",
824 .owner = THIS_MODULE,
825 .obj_size = sizeof(struct ax25_sock),
826 };
827
ax25_create(struct net * net,struct socket * sock,int protocol,int kern)828 static int ax25_create(struct net *net, struct socket *sock, int protocol,
829 int kern)
830 {
831 struct sock *sk;
832 ax25_cb *ax25;
833
834 if (protocol < 0 || protocol > SK_PROTOCOL_MAX)
835 return -EINVAL;
836
837 if (!net_eq(net, &init_net))
838 return -EAFNOSUPPORT;
839
840 switch (sock->type) {
841 case SOCK_DGRAM:
842 if (protocol == 0 || protocol == PF_AX25)
843 protocol = AX25_P_TEXT;
844 break;
845
846 case SOCK_SEQPACKET:
847 switch (protocol) {
848 case 0:
849 case PF_AX25: /* For CLX */
850 protocol = AX25_P_TEXT;
851 break;
852 case AX25_P_SEGMENT:
853 #ifdef CONFIG_INET
854 case AX25_P_ARP:
855 case AX25_P_IP:
856 #endif
857 #ifdef CONFIG_NETROM
858 case AX25_P_NETROM:
859 #endif
860 #ifdef CONFIG_ROSE
861 case AX25_P_ROSE:
862 #endif
863 return -ESOCKTNOSUPPORT;
864 #ifdef CONFIG_NETROM_MODULE
865 case AX25_P_NETROM:
866 if (ax25_protocol_is_registered(AX25_P_NETROM))
867 return -ESOCKTNOSUPPORT;
868 break;
869 #endif
870 #ifdef CONFIG_ROSE_MODULE
871 case AX25_P_ROSE:
872 if (ax25_protocol_is_registered(AX25_P_ROSE))
873 return -ESOCKTNOSUPPORT;
874 #endif
875 default:
876 break;
877 }
878 break;
879
880 case SOCK_RAW:
881 if (!capable(CAP_NET_RAW))
882 return -EPERM;
883 break;
884 default:
885 return -ESOCKTNOSUPPORT;
886 }
887
888 sk = sk_alloc(net, PF_AX25, GFP_ATOMIC, &ax25_proto, kern);
889 if (sk == NULL)
890 return -ENOMEM;
891
892 ax25 = ax25_sk(sk)->cb = ax25_create_cb();
893 if (!ax25) {
894 sk_free(sk);
895 return -ENOMEM;
896 }
897
898 sock_init_data(sock, sk);
899
900 sk->sk_destruct = ax25_free_sock;
901 sock->ops = &ax25_proto_ops;
902 sk->sk_protocol = protocol;
903
904 ax25->sk = sk;
905
906 return 0;
907 }
908
ax25_make_new(struct sock * osk,struct ax25_dev * ax25_dev)909 struct sock *ax25_make_new(struct sock *osk, struct ax25_dev *ax25_dev)
910 {
911 struct sock *sk;
912 ax25_cb *ax25, *oax25;
913
914 sk = sk_alloc(sock_net(osk), PF_AX25, GFP_ATOMIC, osk->sk_prot, 0);
915 if (sk == NULL)
916 return NULL;
917
918 if ((ax25 = ax25_create_cb()) == NULL) {
919 sk_free(sk);
920 return NULL;
921 }
922
923 switch (osk->sk_type) {
924 case SOCK_DGRAM:
925 break;
926 case SOCK_SEQPACKET:
927 break;
928 default:
929 sk_free(sk);
930 ax25_cb_put(ax25);
931 return NULL;
932 }
933
934 sock_init_data(NULL, sk);
935
936 sk->sk_type = osk->sk_type;
937 sk->sk_priority = osk->sk_priority;
938 sk->sk_protocol = osk->sk_protocol;
939 sk->sk_rcvbuf = osk->sk_rcvbuf;
940 sk->sk_sndbuf = osk->sk_sndbuf;
941 sk->sk_state = TCP_ESTABLISHED;
942 sock_copy_flags(sk, osk);
943
944 oax25 = sk_to_ax25(osk);
945
946 ax25->modulus = oax25->modulus;
947 ax25->backoff = oax25->backoff;
948 ax25->pidincl = oax25->pidincl;
949 ax25->iamdigi = oax25->iamdigi;
950 ax25->rtt = oax25->rtt;
951 ax25->t1 = oax25->t1;
952 ax25->t2 = oax25->t2;
953 ax25->t3 = oax25->t3;
954 ax25->n2 = oax25->n2;
955 ax25->idle = oax25->idle;
956 ax25->paclen = oax25->paclen;
957 ax25->window = oax25->window;
958
959 ax25->ax25_dev = ax25_dev;
960 ax25->source_addr = oax25->source_addr;
961
962 if (oax25->digipeat != NULL) {
963 ax25->digipeat = kmemdup(oax25->digipeat, sizeof(ax25_digi),
964 GFP_ATOMIC);
965 if (ax25->digipeat == NULL) {
966 sk_free(sk);
967 ax25_cb_put(ax25);
968 return NULL;
969 }
970 }
971
972 ax25_sk(sk)->cb = ax25;
973 sk->sk_destruct = ax25_free_sock;
974 ax25->sk = sk;
975
976 return sk;
977 }
978
ax25_release(struct socket * sock)979 static int ax25_release(struct socket *sock)
980 {
981 struct sock *sk = sock->sk;
982 ax25_cb *ax25;
983 ax25_dev *ax25_dev;
984
985 if (sk == NULL)
986 return 0;
987
988 sock_hold(sk);
989 lock_sock(sk);
990 sock_orphan(sk);
991 ax25 = sk_to_ax25(sk);
992 ax25_dev = ax25->ax25_dev;
993
994 if (sk->sk_type == SOCK_SEQPACKET) {
995 switch (ax25->state) {
996 case AX25_STATE_0:
997 release_sock(sk);
998 ax25_disconnect(ax25, 0);
999 lock_sock(sk);
1000 ax25_destroy_socket(ax25);
1001 break;
1002
1003 case AX25_STATE_1:
1004 case AX25_STATE_2:
1005 ax25_send_control(ax25, AX25_DISC, AX25_POLLON, AX25_COMMAND);
1006 release_sock(sk);
1007 ax25_disconnect(ax25, 0);
1008 lock_sock(sk);
1009 if (!sock_flag(ax25->sk, SOCK_DESTROY))
1010 ax25_destroy_socket(ax25);
1011 break;
1012
1013 case AX25_STATE_3:
1014 case AX25_STATE_4:
1015 ax25_clear_queues(ax25);
1016 ax25->n2count = 0;
1017
1018 switch (ax25->ax25_dev->values[AX25_VALUES_PROTOCOL]) {
1019 case AX25_PROTO_STD_SIMPLEX:
1020 case AX25_PROTO_STD_DUPLEX:
1021 ax25_send_control(ax25,
1022 AX25_DISC,
1023 AX25_POLLON,
1024 AX25_COMMAND);
1025 ax25_stop_t2timer(ax25);
1026 ax25_stop_t3timer(ax25);
1027 ax25_stop_idletimer(ax25);
1028 break;
1029 #ifdef CONFIG_AX25_DAMA_SLAVE
1030 case AX25_PROTO_DAMA_SLAVE:
1031 ax25_stop_t3timer(ax25);
1032 ax25_stop_idletimer(ax25);
1033 break;
1034 #endif
1035 }
1036 ax25_calculate_t1(ax25);
1037 ax25_start_t1timer(ax25);
1038 ax25->state = AX25_STATE_2;
1039 sk->sk_state = TCP_CLOSE;
1040 sk->sk_shutdown |= SEND_SHUTDOWN;
1041 sk->sk_state_change(sk);
1042 sock_set_flag(sk, SOCK_DESTROY);
1043 break;
1044
1045 default:
1046 break;
1047 }
1048 } else {
1049 sk->sk_state = TCP_CLOSE;
1050 sk->sk_shutdown |= SEND_SHUTDOWN;
1051 sk->sk_state_change(sk);
1052 ax25_destroy_socket(ax25);
1053 }
1054 if (ax25_dev) {
1055 del_timer_sync(&ax25->timer);
1056 del_timer_sync(&ax25->t1timer);
1057 del_timer_sync(&ax25->t2timer);
1058 del_timer_sync(&ax25->t3timer);
1059 del_timer_sync(&ax25->idletimer);
1060 dev_put(ax25_dev->dev);
1061 ax25_dev_put(ax25_dev);
1062 }
1063
1064 sock->sk = NULL;
1065 release_sock(sk);
1066 sock_put(sk);
1067
1068 return 0;
1069 }
1070
1071 /*
1072 * We support a funny extension here so you can (as root) give any callsign
1073 * digipeated via a local address as source. This hack is obsolete now
1074 * that we've implemented support for SO_BINDTODEVICE. It is however small
1075 * and trivially backward compatible.
1076 */
ax25_bind(struct socket * sock,struct sockaddr * uaddr,int addr_len)1077 static int ax25_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
1078 {
1079 struct sock *sk = sock->sk;
1080 struct full_sockaddr_ax25 *addr = (struct full_sockaddr_ax25 *)uaddr;
1081 ax25_dev *ax25_dev = NULL;
1082 ax25_uid_assoc *user;
1083 ax25_address call;
1084 ax25_cb *ax25;
1085 int err = 0;
1086
1087 if (addr_len != sizeof(struct sockaddr_ax25) &&
1088 addr_len != sizeof(struct full_sockaddr_ax25))
1089 /* support for old structure may go away some time
1090 * ax25_bind(): uses old (6 digipeater) socket structure.
1091 */
1092 if ((addr_len < sizeof(struct sockaddr_ax25) + sizeof(ax25_address) * 6) ||
1093 (addr_len > sizeof(struct full_sockaddr_ax25)))
1094 return -EINVAL;
1095
1096 if (addr->fsa_ax25.sax25_family != AF_AX25)
1097 return -EINVAL;
1098
1099 user = ax25_findbyuid(current_euid());
1100 if (user) {
1101 call = user->call;
1102 ax25_uid_put(user);
1103 } else {
1104 if (ax25_uid_policy && !capable(CAP_NET_ADMIN))
1105 return -EACCES;
1106
1107 call = addr->fsa_ax25.sax25_call;
1108 }
1109
1110 lock_sock(sk);
1111
1112 ax25 = sk_to_ax25(sk);
1113 if (!sock_flag(sk, SOCK_ZAPPED)) {
1114 err = -EINVAL;
1115 goto out;
1116 }
1117
1118 ax25->source_addr = call;
1119
1120 /*
1121 * User already set interface with SO_BINDTODEVICE
1122 */
1123 if (ax25->ax25_dev != NULL)
1124 goto done;
1125
1126 if (addr_len > sizeof(struct sockaddr_ax25) && addr->fsa_ax25.sax25_ndigis == 1) {
1127 if (ax25cmp(&addr->fsa_digipeater[0], &null_ax25_address) != 0 &&
1128 (ax25_dev = ax25_addr_ax25dev(&addr->fsa_digipeater[0])) == NULL) {
1129 err = -EADDRNOTAVAIL;
1130 goto out;
1131 }
1132 } else {
1133 if ((ax25_dev = ax25_addr_ax25dev(&addr->fsa_ax25.sax25_call)) == NULL) {
1134 err = -EADDRNOTAVAIL;
1135 goto out;
1136 }
1137 }
1138
1139 if (ax25_dev) {
1140 ax25_fillin_cb(ax25, ax25_dev);
1141 dev_hold(ax25_dev->dev);
1142 }
1143
1144 done:
1145 ax25_cb_add(ax25);
1146 sock_reset_flag(sk, SOCK_ZAPPED);
1147
1148 out:
1149 release_sock(sk);
1150
1151 return err;
1152 }
1153
1154 /*
1155 * FIXME: nonblock behaviour looks like it may have a bug.
1156 */
ax25_connect(struct socket * sock,struct sockaddr * uaddr,int addr_len,int flags)1157 static int __must_check ax25_connect(struct socket *sock,
1158 struct sockaddr *uaddr, int addr_len, int flags)
1159 {
1160 struct sock *sk = sock->sk;
1161 ax25_cb *ax25 = sk_to_ax25(sk), *ax25t;
1162 struct full_sockaddr_ax25 *fsa = (struct full_sockaddr_ax25 *)uaddr;
1163 ax25_digi *digi = NULL;
1164 int ct = 0, err = 0;
1165
1166 /*
1167 * some sanity checks. code further down depends on this
1168 */
1169
1170 if (addr_len == sizeof(struct sockaddr_ax25))
1171 /* support for this will go away in early 2.5.x
1172 * ax25_connect(): uses obsolete socket structure
1173 */
1174 ;
1175 else if (addr_len != sizeof(struct full_sockaddr_ax25))
1176 /* support for old structure may go away some time
1177 * ax25_connect(): uses old (6 digipeater) socket structure.
1178 */
1179 if ((addr_len < sizeof(struct sockaddr_ax25) + sizeof(ax25_address) * 6) ||
1180 (addr_len > sizeof(struct full_sockaddr_ax25)))
1181 return -EINVAL;
1182
1183
1184 if (fsa->fsa_ax25.sax25_family != AF_AX25)
1185 return -EINVAL;
1186
1187 lock_sock(sk);
1188
1189 /* deal with restarts */
1190 if (sock->state == SS_CONNECTING) {
1191 switch (sk->sk_state) {
1192 case TCP_SYN_SENT: /* still trying */
1193 err = -EINPROGRESS;
1194 goto out_release;
1195
1196 case TCP_ESTABLISHED: /* connection established */
1197 sock->state = SS_CONNECTED;
1198 goto out_release;
1199
1200 case TCP_CLOSE: /* connection refused */
1201 sock->state = SS_UNCONNECTED;
1202 err = -ECONNREFUSED;
1203 goto out_release;
1204 }
1205 }
1206
1207 if (sk->sk_state == TCP_ESTABLISHED && sk->sk_type == SOCK_SEQPACKET) {
1208 err = -EISCONN; /* No reconnect on a seqpacket socket */
1209 goto out_release;
1210 }
1211
1212 sk->sk_state = TCP_CLOSE;
1213 sock->state = SS_UNCONNECTED;
1214
1215 kfree(ax25->digipeat);
1216 ax25->digipeat = NULL;
1217
1218 /*
1219 * Handle digi-peaters to be used.
1220 */
1221 if (addr_len > sizeof(struct sockaddr_ax25) &&
1222 fsa->fsa_ax25.sax25_ndigis != 0) {
1223 /* Valid number of digipeaters ? */
1224 if (fsa->fsa_ax25.sax25_ndigis < 1 ||
1225 fsa->fsa_ax25.sax25_ndigis > AX25_MAX_DIGIS ||
1226 addr_len < sizeof(struct sockaddr_ax25) +
1227 sizeof(ax25_address) * fsa->fsa_ax25.sax25_ndigis) {
1228 err = -EINVAL;
1229 goto out_release;
1230 }
1231
1232 if ((digi = kmalloc(sizeof(ax25_digi), GFP_KERNEL)) == NULL) {
1233 err = -ENOBUFS;
1234 goto out_release;
1235 }
1236
1237 digi->ndigi = fsa->fsa_ax25.sax25_ndigis;
1238 digi->lastrepeat = -1;
1239
1240 while (ct < fsa->fsa_ax25.sax25_ndigis) {
1241 if ((fsa->fsa_digipeater[ct].ax25_call[6] &
1242 AX25_HBIT) && ax25->iamdigi) {
1243 digi->repeated[ct] = 1;
1244 digi->lastrepeat = ct;
1245 } else {
1246 digi->repeated[ct] = 0;
1247 }
1248 digi->calls[ct] = fsa->fsa_digipeater[ct];
1249 ct++;
1250 }
1251 }
1252
1253 /*
1254 * Must bind first - autobinding in this may or may not work. If
1255 * the socket is already bound, check to see if the device has
1256 * been filled in, error if it hasn't.
1257 */
1258 if (sock_flag(sk, SOCK_ZAPPED)) {
1259 /* check if we can remove this feature. It is broken. */
1260 printk(KERN_WARNING "ax25_connect(): %s uses autobind, please contact jreuter@yaina.de\n",
1261 current->comm);
1262 if ((err = ax25_rt_autobind(ax25, &fsa->fsa_ax25.sax25_call)) < 0) {
1263 kfree(digi);
1264 goto out_release;
1265 }
1266
1267 ax25_fillin_cb(ax25, ax25->ax25_dev);
1268 ax25_cb_add(ax25);
1269 } else {
1270 if (ax25->ax25_dev == NULL) {
1271 kfree(digi);
1272 err = -EHOSTUNREACH;
1273 goto out_release;
1274 }
1275 }
1276
1277 if (sk->sk_type == SOCK_SEQPACKET &&
1278 (ax25t=ax25_find_cb(&ax25->source_addr, &fsa->fsa_ax25.sax25_call, digi,
1279 ax25->ax25_dev->dev))) {
1280 kfree(digi);
1281 err = -EADDRINUSE; /* Already such a connection */
1282 ax25_cb_put(ax25t);
1283 goto out_release;
1284 }
1285
1286 ax25->dest_addr = fsa->fsa_ax25.sax25_call;
1287 ax25->digipeat = digi;
1288
1289 /* First the easy one */
1290 if (sk->sk_type != SOCK_SEQPACKET) {
1291 sock->state = SS_CONNECTED;
1292 sk->sk_state = TCP_ESTABLISHED;
1293 goto out_release;
1294 }
1295
1296 /* Move to connecting socket, ax.25 lapb WAIT_UA.. */
1297 sock->state = SS_CONNECTING;
1298 sk->sk_state = TCP_SYN_SENT;
1299
1300 switch (ax25->ax25_dev->values[AX25_VALUES_PROTOCOL]) {
1301 case AX25_PROTO_STD_SIMPLEX:
1302 case AX25_PROTO_STD_DUPLEX:
1303 ax25_std_establish_data_link(ax25);
1304 break;
1305
1306 #ifdef CONFIG_AX25_DAMA_SLAVE
1307 case AX25_PROTO_DAMA_SLAVE:
1308 ax25->modulus = AX25_MODULUS;
1309 ax25->window = ax25->ax25_dev->values[AX25_VALUES_WINDOW];
1310 if (ax25->ax25_dev->dama.slave)
1311 ax25_ds_establish_data_link(ax25);
1312 else
1313 ax25_std_establish_data_link(ax25);
1314 break;
1315 #endif
1316 }
1317
1318 ax25->state = AX25_STATE_1;
1319
1320 ax25_start_heartbeat(ax25);
1321
1322 /* Now the loop */
1323 if (sk->sk_state != TCP_ESTABLISHED && (flags & O_NONBLOCK)) {
1324 err = -EINPROGRESS;
1325 goto out_release;
1326 }
1327
1328 if (sk->sk_state == TCP_SYN_SENT) {
1329 DEFINE_WAIT(wait);
1330
1331 for (;;) {
1332 prepare_to_wait(sk_sleep(sk), &wait,
1333 TASK_INTERRUPTIBLE);
1334 if (sk->sk_state != TCP_SYN_SENT)
1335 break;
1336 if (!signal_pending(current)) {
1337 release_sock(sk);
1338 schedule();
1339 lock_sock(sk);
1340 continue;
1341 }
1342 err = -ERESTARTSYS;
1343 break;
1344 }
1345 finish_wait(sk_sleep(sk), &wait);
1346
1347 if (err)
1348 goto out_release;
1349 }
1350
1351 if (sk->sk_state != TCP_ESTABLISHED) {
1352 /* Not in ABM, not in WAIT_UA -> failed */
1353 sock->state = SS_UNCONNECTED;
1354 err = sock_error(sk); /* Always set at this point */
1355 goto out_release;
1356 }
1357
1358 sock->state = SS_CONNECTED;
1359
1360 err = 0;
1361 out_release:
1362 release_sock(sk);
1363
1364 return err;
1365 }
1366
ax25_accept(struct socket * sock,struct socket * newsock,int flags,bool kern)1367 static int ax25_accept(struct socket *sock, struct socket *newsock, int flags,
1368 bool kern)
1369 {
1370 struct sk_buff *skb;
1371 struct sock *newsk;
1372 DEFINE_WAIT(wait);
1373 struct sock *sk;
1374 int err = 0;
1375
1376 if (sock->state != SS_UNCONNECTED)
1377 return -EINVAL;
1378
1379 if ((sk = sock->sk) == NULL)
1380 return -EINVAL;
1381
1382 lock_sock(sk);
1383 if (sk->sk_type != SOCK_SEQPACKET) {
1384 err = -EOPNOTSUPP;
1385 goto out;
1386 }
1387
1388 if (sk->sk_state != TCP_LISTEN) {
1389 err = -EINVAL;
1390 goto out;
1391 }
1392
1393 /*
1394 * The read queue this time is holding sockets ready to use
1395 * hooked into the SABM we saved
1396 */
1397 for (;;) {
1398 prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE);
1399 skb = skb_dequeue(&sk->sk_receive_queue);
1400 if (skb)
1401 break;
1402
1403 if (flags & O_NONBLOCK) {
1404 err = -EWOULDBLOCK;
1405 break;
1406 }
1407 if (!signal_pending(current)) {
1408 release_sock(sk);
1409 schedule();
1410 lock_sock(sk);
1411 continue;
1412 }
1413 err = -ERESTARTSYS;
1414 break;
1415 }
1416 finish_wait(sk_sleep(sk), &wait);
1417
1418 if (err)
1419 goto out;
1420
1421 newsk = skb->sk;
1422 sock_graft(newsk, newsock);
1423
1424 /* Now attach up the new socket */
1425 kfree_skb(skb);
1426 sk->sk_ack_backlog--;
1427 newsock->state = SS_CONNECTED;
1428
1429 out:
1430 release_sock(sk);
1431
1432 return err;
1433 }
1434
ax25_getname(struct socket * sock,struct sockaddr * uaddr,int peer)1435 static int ax25_getname(struct socket *sock, struct sockaddr *uaddr,
1436 int peer)
1437 {
1438 struct full_sockaddr_ax25 *fsa = (struct full_sockaddr_ax25 *)uaddr;
1439 struct sock *sk = sock->sk;
1440 unsigned char ndigi, i;
1441 ax25_cb *ax25;
1442 int err = 0;
1443
1444 memset(fsa, 0, sizeof(*fsa));
1445 lock_sock(sk);
1446 ax25 = sk_to_ax25(sk);
1447
1448 if (peer != 0) {
1449 if (sk->sk_state != TCP_ESTABLISHED) {
1450 err = -ENOTCONN;
1451 goto out;
1452 }
1453
1454 fsa->fsa_ax25.sax25_family = AF_AX25;
1455 fsa->fsa_ax25.sax25_call = ax25->dest_addr;
1456
1457 if (ax25->digipeat != NULL) {
1458 ndigi = ax25->digipeat->ndigi;
1459 fsa->fsa_ax25.sax25_ndigis = ndigi;
1460 for (i = 0; i < ndigi; i++)
1461 fsa->fsa_digipeater[i] =
1462 ax25->digipeat->calls[i];
1463 }
1464 } else {
1465 fsa->fsa_ax25.sax25_family = AF_AX25;
1466 fsa->fsa_ax25.sax25_call = ax25->source_addr;
1467 fsa->fsa_ax25.sax25_ndigis = 1;
1468 if (ax25->ax25_dev != NULL) {
1469 memcpy(&fsa->fsa_digipeater[0],
1470 ax25->ax25_dev->dev->dev_addr, AX25_ADDR_LEN);
1471 } else {
1472 fsa->fsa_digipeater[0] = null_ax25_address;
1473 }
1474 }
1475 err = sizeof (struct full_sockaddr_ax25);
1476
1477 out:
1478 release_sock(sk);
1479
1480 return err;
1481 }
1482
ax25_sendmsg(struct socket * sock,struct msghdr * msg,size_t len)1483 static int ax25_sendmsg(struct socket *sock, struct msghdr *msg, size_t len)
1484 {
1485 DECLARE_SOCKADDR(struct sockaddr_ax25 *, usax, msg->msg_name);
1486 struct sock *sk = sock->sk;
1487 struct sockaddr_ax25 sax;
1488 struct sk_buff *skb;
1489 ax25_digi dtmp, *dp;
1490 ax25_cb *ax25;
1491 size_t size;
1492 int lv, err, addr_len = msg->msg_namelen;
1493
1494 if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_EOR|MSG_CMSG_COMPAT))
1495 return -EINVAL;
1496
1497 lock_sock(sk);
1498 ax25 = sk_to_ax25(sk);
1499
1500 if (sock_flag(sk, SOCK_ZAPPED)) {
1501 err = -EADDRNOTAVAIL;
1502 goto out;
1503 }
1504
1505 if (sk->sk_shutdown & SEND_SHUTDOWN) {
1506 send_sig(SIGPIPE, current, 0);
1507 err = -EPIPE;
1508 goto out;
1509 }
1510
1511 if (ax25->ax25_dev == NULL) {
1512 err = -ENETUNREACH;
1513 goto out;
1514 }
1515
1516 if (len > ax25->ax25_dev->dev->mtu) {
1517 err = -EMSGSIZE;
1518 goto out;
1519 }
1520
1521 if (usax != NULL) {
1522 if (usax->sax25_family != AF_AX25) {
1523 err = -EINVAL;
1524 goto out;
1525 }
1526
1527 if (addr_len == sizeof(struct sockaddr_ax25))
1528 /* ax25_sendmsg(): uses obsolete socket structure */
1529 ;
1530 else if (addr_len != sizeof(struct full_sockaddr_ax25))
1531 /* support for old structure may go away some time
1532 * ax25_sendmsg(): uses old (6 digipeater)
1533 * socket structure.
1534 */
1535 if ((addr_len < sizeof(struct sockaddr_ax25) + sizeof(ax25_address) * 6) ||
1536 (addr_len > sizeof(struct full_sockaddr_ax25))) {
1537 err = -EINVAL;
1538 goto out;
1539 }
1540
1541
1542 if (addr_len > sizeof(struct sockaddr_ax25) && usax->sax25_ndigis != 0) {
1543 int ct = 0;
1544 struct full_sockaddr_ax25 *fsa = (struct full_sockaddr_ax25 *)usax;
1545
1546 /* Valid number of digipeaters ? */
1547 if (usax->sax25_ndigis < 1 ||
1548 usax->sax25_ndigis > AX25_MAX_DIGIS ||
1549 addr_len < sizeof(struct sockaddr_ax25) +
1550 sizeof(ax25_address) * usax->sax25_ndigis) {
1551 err = -EINVAL;
1552 goto out;
1553 }
1554
1555 dtmp.ndigi = usax->sax25_ndigis;
1556
1557 while (ct < usax->sax25_ndigis) {
1558 dtmp.repeated[ct] = 0;
1559 dtmp.calls[ct] = fsa->fsa_digipeater[ct];
1560 ct++;
1561 }
1562
1563 dtmp.lastrepeat = 0;
1564 }
1565
1566 sax = *usax;
1567 if (sk->sk_type == SOCK_SEQPACKET &&
1568 ax25cmp(&ax25->dest_addr, &sax.sax25_call)) {
1569 err = -EISCONN;
1570 goto out;
1571 }
1572 if (usax->sax25_ndigis == 0)
1573 dp = NULL;
1574 else
1575 dp = &dtmp;
1576 } else {
1577 /*
1578 * FIXME: 1003.1g - if the socket is like this because
1579 * it has become closed (not started closed) and is VC
1580 * we ought to SIGPIPE, EPIPE
1581 */
1582 if (sk->sk_state != TCP_ESTABLISHED) {
1583 err = -ENOTCONN;
1584 goto out;
1585 }
1586 sax.sax25_family = AF_AX25;
1587 sax.sax25_call = ax25->dest_addr;
1588 dp = ax25->digipeat;
1589 }
1590
1591 /* Build a packet */
1592 /* Assume the worst case */
1593 size = len + ax25->ax25_dev->dev->hard_header_len;
1594
1595 skb = sock_alloc_send_skb(sk, size, msg->msg_flags&MSG_DONTWAIT, &err);
1596 if (skb == NULL)
1597 goto out;
1598
1599 skb_reserve(skb, size - len);
1600
1601 /* User data follows immediately after the AX.25 data */
1602 if (memcpy_from_msg(skb_put(skb, len), msg, len)) {
1603 err = -EFAULT;
1604 kfree_skb(skb);
1605 goto out;
1606 }
1607
1608 skb_reset_network_header(skb);
1609
1610 /* Add the PID if one is not supplied by the user in the skb */
1611 if (!ax25->pidincl)
1612 *(u8 *)skb_push(skb, 1) = sk->sk_protocol;
1613
1614 if (sk->sk_type == SOCK_SEQPACKET) {
1615 /* Connected mode sockets go via the LAPB machine */
1616 if (sk->sk_state != TCP_ESTABLISHED) {
1617 kfree_skb(skb);
1618 err = -ENOTCONN;
1619 goto out;
1620 }
1621
1622 /* Shove it onto the queue and kick */
1623 ax25_output(ax25, ax25->paclen, skb);
1624
1625 err = len;
1626 goto out;
1627 }
1628
1629 skb_push(skb, 1 + ax25_addr_size(dp));
1630
1631 /* Building AX.25 Header */
1632
1633 /* Build an AX.25 header */
1634 lv = ax25_addr_build(skb->data, &ax25->source_addr, &sax.sax25_call,
1635 dp, AX25_COMMAND, AX25_MODULUS);
1636
1637 skb_set_transport_header(skb, lv);
1638
1639 *skb_transport_header(skb) = AX25_UI;
1640
1641 /* Datagram frames go straight out of the door as UI */
1642 ax25_queue_xmit(skb, ax25->ax25_dev->dev);
1643
1644 err = len;
1645
1646 out:
1647 release_sock(sk);
1648
1649 return err;
1650 }
1651
ax25_recvmsg(struct socket * sock,struct msghdr * msg,size_t size,int flags)1652 static int ax25_recvmsg(struct socket *sock, struct msghdr *msg, size_t size,
1653 int flags)
1654 {
1655 struct sock *sk = sock->sk;
1656 struct sk_buff *skb;
1657 int copied;
1658 int err = 0;
1659
1660 lock_sock(sk);
1661 /*
1662 * This works for seqpacket too. The receiver has ordered the
1663 * queue for us! We do one quick check first though
1664 */
1665 if (sk->sk_type == SOCK_SEQPACKET && sk->sk_state != TCP_ESTABLISHED) {
1666 err = -ENOTCONN;
1667 goto out;
1668 }
1669
1670 /* Now we can treat all alike */
1671 skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT,
1672 flags & MSG_DONTWAIT, &err);
1673 if (skb == NULL)
1674 goto out;
1675
1676 if (!sk_to_ax25(sk)->pidincl)
1677 skb_pull(skb, 1); /* Remove PID */
1678
1679 skb_reset_transport_header(skb);
1680 copied = skb->len;
1681
1682 if (copied > size) {
1683 copied = size;
1684 msg->msg_flags |= MSG_TRUNC;
1685 }
1686
1687 skb_copy_datagram_msg(skb, 0, msg, copied);
1688
1689 if (msg->msg_name) {
1690 ax25_digi digi;
1691 ax25_address src;
1692 const unsigned char *mac = skb_mac_header(skb);
1693 DECLARE_SOCKADDR(struct sockaddr_ax25 *, sax, msg->msg_name);
1694
1695 memset(sax, 0, sizeof(struct full_sockaddr_ax25));
1696 ax25_addr_parse(mac + 1, skb->data - mac - 1, &src, NULL,
1697 &digi, NULL, NULL);
1698 sax->sax25_family = AF_AX25;
1699 /* We set this correctly, even though we may not let the
1700 application know the digi calls further down (because it
1701 did NOT ask to know them). This could get political... **/
1702 sax->sax25_ndigis = digi.ndigi;
1703 sax->sax25_call = src;
1704
1705 if (sax->sax25_ndigis != 0) {
1706 int ct;
1707 struct full_sockaddr_ax25 *fsa = (struct full_sockaddr_ax25 *)sax;
1708
1709 for (ct = 0; ct < digi.ndigi; ct++)
1710 fsa->fsa_digipeater[ct] = digi.calls[ct];
1711 }
1712 msg->msg_namelen = sizeof(struct full_sockaddr_ax25);
1713 }
1714
1715 skb_free_datagram(sk, skb);
1716 err = copied;
1717
1718 out:
1719 release_sock(sk);
1720
1721 return err;
1722 }
1723
ax25_shutdown(struct socket * sk,int how)1724 static int ax25_shutdown(struct socket *sk, int how)
1725 {
1726 /* FIXME - generate DM and RNR states */
1727 return -EOPNOTSUPP;
1728 }
1729
ax25_ioctl(struct socket * sock,unsigned int cmd,unsigned long arg)1730 static int ax25_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
1731 {
1732 struct sock *sk = sock->sk;
1733 void __user *argp = (void __user *)arg;
1734 int res = 0;
1735
1736 lock_sock(sk);
1737 switch (cmd) {
1738 case TIOCOUTQ: {
1739 long amount;
1740
1741 amount = sk->sk_sndbuf - sk_wmem_alloc_get(sk);
1742 if (amount < 0)
1743 amount = 0;
1744 res = put_user(amount, (int __user *)argp);
1745 break;
1746 }
1747
1748 case TIOCINQ: {
1749 struct sk_buff *skb;
1750 long amount = 0L;
1751 /* These two are safe on a single CPU system as only user tasks fiddle here */
1752 if ((skb = skb_peek(&sk->sk_receive_queue)) != NULL)
1753 amount = skb->len;
1754 res = put_user(amount, (int __user *) argp);
1755 break;
1756 }
1757
1758 case SIOCAX25ADDUID: /* Add a uid to the uid/call map table */
1759 case SIOCAX25DELUID: /* Delete a uid from the uid/call map table */
1760 case SIOCAX25GETUID: {
1761 struct sockaddr_ax25 sax25;
1762 if (copy_from_user(&sax25, argp, sizeof(sax25))) {
1763 res = -EFAULT;
1764 break;
1765 }
1766 res = ax25_uid_ioctl(cmd, &sax25);
1767 break;
1768 }
1769
1770 case SIOCAX25NOUID: { /* Set the default policy (default/bar) */
1771 long amount;
1772 if (!capable(CAP_NET_ADMIN)) {
1773 res = -EPERM;
1774 break;
1775 }
1776 if (get_user(amount, (long __user *)argp)) {
1777 res = -EFAULT;
1778 break;
1779 }
1780 if (amount < 0 || amount > AX25_NOUID_BLOCK) {
1781 res = -EINVAL;
1782 break;
1783 }
1784 ax25_uid_policy = amount;
1785 res = 0;
1786 break;
1787 }
1788
1789 case SIOCADDRT:
1790 case SIOCDELRT:
1791 case SIOCAX25OPTRT:
1792 if (!capable(CAP_NET_ADMIN)) {
1793 res = -EPERM;
1794 break;
1795 }
1796 res = ax25_rt_ioctl(cmd, argp);
1797 break;
1798
1799 case SIOCAX25CTLCON:
1800 if (!capable(CAP_NET_ADMIN)) {
1801 res = -EPERM;
1802 break;
1803 }
1804 res = ax25_ctl_ioctl(cmd, argp);
1805 break;
1806
1807 case SIOCAX25GETINFO:
1808 case SIOCAX25GETINFOOLD: {
1809 ax25_cb *ax25 = sk_to_ax25(sk);
1810 struct ax25_info_struct ax25_info;
1811
1812 ax25_info.t1 = ax25->t1 / HZ;
1813 ax25_info.t2 = ax25->t2 / HZ;
1814 ax25_info.t3 = ax25->t3 / HZ;
1815 ax25_info.idle = ax25->idle / (60 * HZ);
1816 ax25_info.n2 = ax25->n2;
1817 ax25_info.t1timer = ax25_display_timer(&ax25->t1timer) / HZ;
1818 ax25_info.t2timer = ax25_display_timer(&ax25->t2timer) / HZ;
1819 ax25_info.t3timer = ax25_display_timer(&ax25->t3timer) / HZ;
1820 ax25_info.idletimer = ax25_display_timer(&ax25->idletimer) / (60 * HZ);
1821 ax25_info.n2count = ax25->n2count;
1822 ax25_info.state = ax25->state;
1823 ax25_info.rcv_q = sk_rmem_alloc_get(sk);
1824 ax25_info.snd_q = sk_wmem_alloc_get(sk);
1825 ax25_info.vs = ax25->vs;
1826 ax25_info.vr = ax25->vr;
1827 ax25_info.va = ax25->va;
1828 ax25_info.vs_max = ax25->vs; /* reserved */
1829 ax25_info.paclen = ax25->paclen;
1830 ax25_info.window = ax25->window;
1831
1832 /* old structure? */
1833 if (cmd == SIOCAX25GETINFOOLD) {
1834 static int warned = 0;
1835 if (!warned) {
1836 printk(KERN_INFO "%s uses old SIOCAX25GETINFO\n",
1837 current->comm);
1838 warned=1;
1839 }
1840
1841 if (copy_to_user(argp, &ax25_info, sizeof(struct ax25_info_struct_deprecated))) {
1842 res = -EFAULT;
1843 break;
1844 }
1845 } else {
1846 if (copy_to_user(argp, &ax25_info, sizeof(struct ax25_info_struct))) {
1847 res = -EINVAL;
1848 break;
1849 }
1850 }
1851 res = 0;
1852 break;
1853 }
1854
1855 case SIOCAX25ADDFWD:
1856 case SIOCAX25DELFWD: {
1857 struct ax25_fwd_struct ax25_fwd;
1858 if (!capable(CAP_NET_ADMIN)) {
1859 res = -EPERM;
1860 break;
1861 }
1862 if (copy_from_user(&ax25_fwd, argp, sizeof(ax25_fwd))) {
1863 res = -EFAULT;
1864 break;
1865 }
1866 res = ax25_fwd_ioctl(cmd, &ax25_fwd);
1867 break;
1868 }
1869
1870 case SIOCGIFADDR:
1871 case SIOCSIFADDR:
1872 case SIOCGIFDSTADDR:
1873 case SIOCSIFDSTADDR:
1874 case SIOCGIFBRDADDR:
1875 case SIOCSIFBRDADDR:
1876 case SIOCGIFNETMASK:
1877 case SIOCSIFNETMASK:
1878 case SIOCGIFMETRIC:
1879 case SIOCSIFMETRIC:
1880 res = -EINVAL;
1881 break;
1882
1883 default:
1884 res = -ENOIOCTLCMD;
1885 break;
1886 }
1887 release_sock(sk);
1888
1889 return res;
1890 }
1891
1892 #ifdef CONFIG_PROC_FS
1893
ax25_info_start(struct seq_file * seq,loff_t * pos)1894 static void *ax25_info_start(struct seq_file *seq, loff_t *pos)
1895 __acquires(ax25_list_lock)
1896 {
1897 spin_lock_bh(&ax25_list_lock);
1898 return seq_hlist_start(&ax25_list, *pos);
1899 }
1900
ax25_info_next(struct seq_file * seq,void * v,loff_t * pos)1901 static void *ax25_info_next(struct seq_file *seq, void *v, loff_t *pos)
1902 {
1903 return seq_hlist_next(v, &ax25_list, pos);
1904 }
1905
ax25_info_stop(struct seq_file * seq,void * v)1906 static void ax25_info_stop(struct seq_file *seq, void *v)
1907 __releases(ax25_list_lock)
1908 {
1909 spin_unlock_bh(&ax25_list_lock);
1910 }
1911
ax25_info_show(struct seq_file * seq,void * v)1912 static int ax25_info_show(struct seq_file *seq, void *v)
1913 {
1914 ax25_cb *ax25 = hlist_entry(v, struct ax25_cb, ax25_node);
1915 char buf[11];
1916 int k;
1917
1918
1919 /*
1920 * New format:
1921 * magic dev src_addr dest_addr,digi1,digi2,.. st vs vr va t1 t1 t2 t2 t3 t3 idle idle n2 n2 rtt window paclen Snd-Q Rcv-Q inode
1922 */
1923
1924 seq_printf(seq, "%p %s %s%s ",
1925 ax25,
1926 ax25->ax25_dev == NULL? "???" : ax25->ax25_dev->dev->name,
1927 ax2asc(buf, &ax25->source_addr),
1928 ax25->iamdigi? "*":"");
1929 seq_printf(seq, "%s", ax2asc(buf, &ax25->dest_addr));
1930
1931 for (k=0; (ax25->digipeat != NULL) && (k < ax25->digipeat->ndigi); k++) {
1932 seq_printf(seq, ",%s%s",
1933 ax2asc(buf, &ax25->digipeat->calls[k]),
1934 ax25->digipeat->repeated[k]? "*":"");
1935 }
1936
1937 seq_printf(seq, " %d %d %d %d %lu %lu %lu %lu %lu %lu %lu %lu %d %d %lu %d %d",
1938 ax25->state,
1939 ax25->vs, ax25->vr, ax25->va,
1940 ax25_display_timer(&ax25->t1timer) / HZ, ax25->t1 / HZ,
1941 ax25_display_timer(&ax25->t2timer) / HZ, ax25->t2 / HZ,
1942 ax25_display_timer(&ax25->t3timer) / HZ, ax25->t3 / HZ,
1943 ax25_display_timer(&ax25->idletimer) / (60 * HZ),
1944 ax25->idle / (60 * HZ),
1945 ax25->n2count, ax25->n2,
1946 ax25->rtt / HZ,
1947 ax25->window,
1948 ax25->paclen);
1949
1950 if (ax25->sk != NULL) {
1951 seq_printf(seq, " %d %d %lu\n",
1952 sk_wmem_alloc_get(ax25->sk),
1953 sk_rmem_alloc_get(ax25->sk),
1954 sock_i_ino(ax25->sk));
1955 } else {
1956 seq_puts(seq, " * * *\n");
1957 }
1958 return 0;
1959 }
1960
1961 static const struct seq_operations ax25_info_seqops = {
1962 .start = ax25_info_start,
1963 .next = ax25_info_next,
1964 .stop = ax25_info_stop,
1965 .show = ax25_info_show,
1966 };
1967 #endif
1968
1969 static const struct net_proto_family ax25_family_ops = {
1970 .family = PF_AX25,
1971 .create = ax25_create,
1972 .owner = THIS_MODULE,
1973 };
1974
1975 static const struct proto_ops ax25_proto_ops = {
1976 .family = PF_AX25,
1977 .owner = THIS_MODULE,
1978 .release = ax25_release,
1979 .bind = ax25_bind,
1980 .connect = ax25_connect,
1981 .socketpair = sock_no_socketpair,
1982 .accept = ax25_accept,
1983 .getname = ax25_getname,
1984 .poll = datagram_poll,
1985 .ioctl = ax25_ioctl,
1986 .gettstamp = sock_gettstamp,
1987 .listen = ax25_listen,
1988 .shutdown = ax25_shutdown,
1989 .setsockopt = ax25_setsockopt,
1990 .getsockopt = ax25_getsockopt,
1991 .sendmsg = ax25_sendmsg,
1992 .recvmsg = ax25_recvmsg,
1993 .mmap = sock_no_mmap,
1994 .sendpage = sock_no_sendpage,
1995 };
1996
1997 /*
1998 * Called by socket.c on kernel start up
1999 */
2000 static struct packet_type ax25_packet_type __read_mostly = {
2001 .type = cpu_to_be16(ETH_P_AX25),
2002 .func = ax25_kiss_rcv,
2003 };
2004
2005 static struct notifier_block ax25_dev_notifier = {
2006 .notifier_call = ax25_device_event,
2007 };
2008
ax25_init(void)2009 static int __init ax25_init(void)
2010 {
2011 int rc = proto_register(&ax25_proto, 0);
2012
2013 if (rc != 0)
2014 goto out;
2015
2016 sock_register(&ax25_family_ops);
2017 dev_add_pack(&ax25_packet_type);
2018 register_netdevice_notifier(&ax25_dev_notifier);
2019
2020 proc_create_seq("ax25_route", 0444, init_net.proc_net, &ax25_rt_seqops);
2021 proc_create_seq("ax25", 0444, init_net.proc_net, &ax25_info_seqops);
2022 proc_create_seq("ax25_calls", 0444, init_net.proc_net,
2023 &ax25_uid_seqops);
2024 out:
2025 return rc;
2026 }
2027 module_init(ax25_init);
2028
2029
2030 MODULE_AUTHOR("Jonathan Naylor G4KLX <g4klx@g4klx.demon.co.uk>");
2031 MODULE_DESCRIPTION("The amateur radio AX.25 link layer protocol");
2032 MODULE_LICENSE("GPL");
2033 MODULE_ALIAS_NETPROTO(PF_AX25);
2034
ax25_exit(void)2035 static void __exit ax25_exit(void)
2036 {
2037 remove_proc_entry("ax25_route", init_net.proc_net);
2038 remove_proc_entry("ax25", init_net.proc_net);
2039 remove_proc_entry("ax25_calls", init_net.proc_net);
2040
2041 unregister_netdevice_notifier(&ax25_dev_notifier);
2042
2043 dev_remove_pack(&ax25_packet_type);
2044
2045 sock_unregister(PF_AX25);
2046 proto_unregister(&ax25_proto);
2047
2048 ax25_rt_free();
2049 ax25_uid_free();
2050 ax25_dev_free();
2051 }
2052 module_exit(ax25_exit);
2053