• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  *
4  * Copyright (C) Alan Cox GW4PTS (alan@lxorguk.ukuu.org.uk)
5  * Copyright (C) Jonathan Naylor G4KLX (g4klx@g4klx.demon.co.uk)
6  * Copyright (C) Joerg Reuter DL1BKE (jreuter@yaina.de)
7  * Copyright (C) Hans-Joachim Hetscher DD8NE (dd8ne@bnv-bamberg.de)
8  *
9  * Most of this code is based on the SDL diagrams published in the 7th ARRL
10  * Computer Networking Conference papers. The diagrams have mistakes in them,
11  * but are mostly correct. Before you modify the code could you read the SDL
12  * diagrams as the code is not obvious and probably very easy to break.
13  */
14 #include <linux/errno.h>
15 #include <linux/types.h>
16 #include <linux/socket.h>
17 #include <linux/in.h>
18 #include <linux/kernel.h>
19 #include <linux/timer.h>
20 #include <linux/string.h>
21 #include <linux/sockios.h>
22 #include <linux/net.h>
23 #include <net/ax25.h>
24 #include <linux/inet.h>
25 #include <linux/netdevice.h>
26 #include <linux/skbuff.h>
27 #include <net/sock.h>
28 #include <net/tcp_states.h>
29 #include <linux/uaccess.h>
30 #include <linux/fcntl.h>
31 #include <linux/mm.h>
32 #include <linux/interrupt.h>
33 
34 /*
35  *	State machine for state 1, Awaiting Connection State.
36  *	The handling of the timer(s) is in file ax25_std_timer.c.
37  *	Handling of state 0 and connection release is in ax25.c.
38  */
ax25_std_state1_machine(ax25_cb * ax25,struct sk_buff * skb,int frametype,int pf,int type)39 static int ax25_std_state1_machine(ax25_cb *ax25, struct sk_buff *skb, int frametype, int pf, int type)
40 {
41 	switch (frametype) {
42 	case AX25_SABM:
43 		ax25->modulus = AX25_MODULUS;
44 		ax25->window  = ax25->ax25_dev->values[AX25_VALUES_WINDOW];
45 		ax25_send_control(ax25, AX25_UA, pf, AX25_RESPONSE);
46 		break;
47 
48 	case AX25_SABME:
49 		ax25->modulus = AX25_EMODULUS;
50 		ax25->window  = ax25->ax25_dev->values[AX25_VALUES_EWINDOW];
51 		ax25_send_control(ax25, AX25_UA, pf, AX25_RESPONSE);
52 		break;
53 
54 	case AX25_DISC:
55 		ax25_send_control(ax25, AX25_DM, pf, AX25_RESPONSE);
56 		break;
57 
58 	case AX25_UA:
59 		if (pf) {
60 			ax25_calculate_rtt(ax25);
61 			ax25_stop_t1timer(ax25);
62 			ax25_start_t3timer(ax25);
63 			ax25_start_idletimer(ax25);
64 			ax25->vs      = 0;
65 			ax25->va      = 0;
66 			ax25->vr      = 0;
67 			ax25->state   = AX25_STATE_3;
68 			ax25->n2count = 0;
69 			if (ax25->sk != NULL) {
70 				bh_lock_sock(ax25->sk);
71 				ax25->sk->sk_state = TCP_ESTABLISHED;
72 				/* For WAIT_SABM connections we will produce an accept ready socket here */
73 				if (!sock_flag(ax25->sk, SOCK_DEAD))
74 					ax25->sk->sk_state_change(ax25->sk);
75 				bh_unlock_sock(ax25->sk);
76 			}
77 		}
78 		break;
79 
80 	case AX25_DM:
81 		if (pf) {
82 			if (ax25->modulus == AX25_MODULUS) {
83 				ax25_disconnect(ax25, ECONNREFUSED);
84 			} else {
85 				ax25->modulus = AX25_MODULUS;
86 				ax25->window  = ax25->ax25_dev->values[AX25_VALUES_WINDOW];
87 			}
88 		}
89 		break;
90 
91 	default:
92 		break;
93 	}
94 
95 	return 0;
96 }
97 
98 /*
99  *	State machine for state 2, Awaiting Release State.
100  *	The handling of the timer(s) is in file ax25_std_timer.c
101  *	Handling of state 0 and connection release is in ax25.c.
102  */
ax25_std_state2_machine(ax25_cb * ax25,struct sk_buff * skb,int frametype,int pf,int type)103 static int ax25_std_state2_machine(ax25_cb *ax25, struct sk_buff *skb, int frametype, int pf, int type)
104 {
105 	switch (frametype) {
106 	case AX25_SABM:
107 	case AX25_SABME:
108 		ax25_send_control(ax25, AX25_DM, pf, AX25_RESPONSE);
109 		break;
110 
111 	case AX25_DISC:
112 		ax25_send_control(ax25, AX25_UA, pf, AX25_RESPONSE);
113 		ax25_disconnect(ax25, 0);
114 		break;
115 
116 	case AX25_DM:
117 	case AX25_UA:
118 		if (pf)
119 			ax25_disconnect(ax25, 0);
120 		break;
121 
122 	case AX25_I:
123 	case AX25_REJ:
124 	case AX25_RNR:
125 	case AX25_RR:
126 		if (pf) ax25_send_control(ax25, AX25_DM, AX25_POLLON, AX25_RESPONSE);
127 		break;
128 
129 	default:
130 		break;
131 	}
132 
133 	return 0;
134 }
135 
136 /*
137  *	State machine for state 3, Connected State.
138  *	The handling of the timer(s) is in file ax25_std_timer.c
139  *	Handling of state 0 and connection release is in ax25.c.
140  */
ax25_std_state3_machine(ax25_cb * ax25,struct sk_buff * skb,int frametype,int ns,int nr,int pf,int type)141 static int ax25_std_state3_machine(ax25_cb *ax25, struct sk_buff *skb, int frametype, int ns, int nr, int pf, int type)
142 {
143 	int queued = 0;
144 
145 	switch (frametype) {
146 	case AX25_SABM:
147 	case AX25_SABME:
148 		if (frametype == AX25_SABM) {
149 			ax25->modulus = AX25_MODULUS;
150 			ax25->window  = ax25->ax25_dev->values[AX25_VALUES_WINDOW];
151 		} else {
152 			ax25->modulus = AX25_EMODULUS;
153 			ax25->window  = ax25->ax25_dev->values[AX25_VALUES_EWINDOW];
154 		}
155 		ax25_send_control(ax25, AX25_UA, pf, AX25_RESPONSE);
156 		ax25_stop_t1timer(ax25);
157 		ax25_stop_t2timer(ax25);
158 		ax25_start_t3timer(ax25);
159 		ax25_start_idletimer(ax25);
160 		ax25->condition = 0x00;
161 		ax25->vs        = 0;
162 		ax25->va        = 0;
163 		ax25->vr        = 0;
164 		ax25_requeue_frames(ax25);
165 		break;
166 
167 	case AX25_DISC:
168 		ax25_send_control(ax25, AX25_UA, pf, AX25_RESPONSE);
169 		ax25_disconnect(ax25, 0);
170 		break;
171 
172 	case AX25_DM:
173 		ax25_disconnect(ax25, ECONNRESET);
174 		break;
175 
176 	case AX25_RR:
177 	case AX25_RNR:
178 		if (frametype == AX25_RR)
179 			ax25->condition &= ~AX25_COND_PEER_RX_BUSY;
180 		else
181 			ax25->condition |= AX25_COND_PEER_RX_BUSY;
182 		if (type == AX25_COMMAND && pf)
183 			ax25_std_enquiry_response(ax25);
184 		if (ax25_validate_nr(ax25, nr)) {
185 			ax25_check_iframes_acked(ax25, nr);
186 		} else {
187 			ax25_std_nr_error_recovery(ax25);
188 			ax25->state = AX25_STATE_1;
189 		}
190 		break;
191 
192 	case AX25_REJ:
193 		ax25->condition &= ~AX25_COND_PEER_RX_BUSY;
194 		if (type == AX25_COMMAND && pf)
195 			ax25_std_enquiry_response(ax25);
196 		if (ax25_validate_nr(ax25, nr)) {
197 			ax25_frames_acked(ax25, nr);
198 			ax25_calculate_rtt(ax25);
199 			ax25_stop_t1timer(ax25);
200 			ax25_start_t3timer(ax25);
201 			ax25_requeue_frames(ax25);
202 		} else {
203 			ax25_std_nr_error_recovery(ax25);
204 			ax25->state = AX25_STATE_1;
205 		}
206 		break;
207 
208 	case AX25_I:
209 		if (!ax25_validate_nr(ax25, nr)) {
210 			ax25_std_nr_error_recovery(ax25);
211 			ax25->state = AX25_STATE_1;
212 			break;
213 		}
214 		if (ax25->condition & AX25_COND_PEER_RX_BUSY) {
215 			ax25_frames_acked(ax25, nr);
216 		} else {
217 			ax25_check_iframes_acked(ax25, nr);
218 		}
219 		if (ax25->condition & AX25_COND_OWN_RX_BUSY) {
220 			if (pf) ax25_std_enquiry_response(ax25);
221 			break;
222 		}
223 		if (ns == ax25->vr) {
224 			ax25->vr = (ax25->vr + 1) % ax25->modulus;
225 			queued = ax25_rx_iframe(ax25, skb);
226 			if (ax25->condition & AX25_COND_OWN_RX_BUSY)
227 				ax25->vr = ns;	/* ax25->vr - 1 */
228 			ax25->condition &= ~AX25_COND_REJECT;
229 			if (pf) {
230 				ax25_std_enquiry_response(ax25);
231 			} else {
232 				if (!(ax25->condition & AX25_COND_ACK_PENDING)) {
233 					ax25->condition |= AX25_COND_ACK_PENDING;
234 					ax25_start_t2timer(ax25);
235 				}
236 			}
237 		} else {
238 			if (ax25->condition & AX25_COND_REJECT) {
239 				if (pf) ax25_std_enquiry_response(ax25);
240 			} else {
241 				ax25->condition |= AX25_COND_REJECT;
242 				ax25_send_control(ax25, AX25_REJ, pf, AX25_RESPONSE);
243 				ax25->condition &= ~AX25_COND_ACK_PENDING;
244 			}
245 		}
246 		break;
247 
248 	case AX25_FRMR:
249 	case AX25_ILLEGAL:
250 		ax25_std_establish_data_link(ax25);
251 		ax25->state = AX25_STATE_1;
252 		break;
253 
254 	default:
255 		break;
256 	}
257 
258 	return queued;
259 }
260 
261 /*
262  *	State machine for state 4, Timer Recovery State.
263  *	The handling of the timer(s) is in file ax25_std_timer.c
264  *	Handling of state 0 and connection release is in ax25.c.
265  */
ax25_std_state4_machine(ax25_cb * ax25,struct sk_buff * skb,int frametype,int ns,int nr,int pf,int type)266 static int ax25_std_state4_machine(ax25_cb *ax25, struct sk_buff *skb, int frametype, int ns, int nr, int pf, int type)
267 {
268 	int queued = 0;
269 
270 	switch (frametype) {
271 	case AX25_SABM:
272 	case AX25_SABME:
273 		if (frametype == AX25_SABM) {
274 			ax25->modulus = AX25_MODULUS;
275 			ax25->window  = ax25->ax25_dev->values[AX25_VALUES_WINDOW];
276 		} else {
277 			ax25->modulus = AX25_EMODULUS;
278 			ax25->window  = ax25->ax25_dev->values[AX25_VALUES_EWINDOW];
279 		}
280 		ax25_send_control(ax25, AX25_UA, pf, AX25_RESPONSE);
281 		ax25_stop_t1timer(ax25);
282 		ax25_stop_t2timer(ax25);
283 		ax25_start_t3timer(ax25);
284 		ax25_start_idletimer(ax25);
285 		ax25->condition = 0x00;
286 		ax25->vs        = 0;
287 		ax25->va        = 0;
288 		ax25->vr        = 0;
289 		ax25->state     = AX25_STATE_3;
290 		ax25->n2count   = 0;
291 		ax25_requeue_frames(ax25);
292 		break;
293 
294 	case AX25_DISC:
295 		ax25_send_control(ax25, AX25_UA, pf, AX25_RESPONSE);
296 		ax25_disconnect(ax25, 0);
297 		break;
298 
299 	case AX25_DM:
300 		ax25_disconnect(ax25, ECONNRESET);
301 		break;
302 
303 	case AX25_RR:
304 	case AX25_RNR:
305 		if (frametype == AX25_RR)
306 			ax25->condition &= ~AX25_COND_PEER_RX_BUSY;
307 		else
308 			ax25->condition |= AX25_COND_PEER_RX_BUSY;
309 		if (type == AX25_RESPONSE && pf) {
310 			ax25_stop_t1timer(ax25);
311 			ax25->n2count = 0;
312 			if (ax25_validate_nr(ax25, nr)) {
313 				ax25_frames_acked(ax25, nr);
314 				if (ax25->vs == ax25->va) {
315 					ax25_start_t3timer(ax25);
316 					ax25->state   = AX25_STATE_3;
317 				} else {
318 					ax25_requeue_frames(ax25);
319 				}
320 			} else {
321 				ax25_std_nr_error_recovery(ax25);
322 				ax25->state = AX25_STATE_1;
323 			}
324 			break;
325 		}
326 		if (type == AX25_COMMAND && pf)
327 			ax25_std_enquiry_response(ax25);
328 		if (ax25_validate_nr(ax25, nr)) {
329 			ax25_frames_acked(ax25, nr);
330 		} else {
331 			ax25_std_nr_error_recovery(ax25);
332 			ax25->state = AX25_STATE_1;
333 		}
334 		break;
335 
336 	case AX25_REJ:
337 		ax25->condition &= ~AX25_COND_PEER_RX_BUSY;
338 		if (pf && type == AX25_RESPONSE) {
339 			ax25_stop_t1timer(ax25);
340 			ax25->n2count = 0;
341 			if (ax25_validate_nr(ax25, nr)) {
342 				ax25_frames_acked(ax25, nr);
343 				if (ax25->vs == ax25->va) {
344 					ax25_start_t3timer(ax25);
345 					ax25->state   = AX25_STATE_3;
346 				} else {
347 					ax25_requeue_frames(ax25);
348 				}
349 			} else {
350 				ax25_std_nr_error_recovery(ax25);
351 				ax25->state = AX25_STATE_1;
352 			}
353 			break;
354 		}
355 		if (type == AX25_COMMAND && pf)
356 			ax25_std_enquiry_response(ax25);
357 		if (ax25_validate_nr(ax25, nr)) {
358 			ax25_frames_acked(ax25, nr);
359 			ax25_requeue_frames(ax25);
360 		} else {
361 			ax25_std_nr_error_recovery(ax25);
362 			ax25->state = AX25_STATE_1;
363 		}
364 		break;
365 
366 	case AX25_I:
367 		if (!ax25_validate_nr(ax25, nr)) {
368 			ax25_std_nr_error_recovery(ax25);
369 			ax25->state = AX25_STATE_1;
370 			break;
371 		}
372 		ax25_frames_acked(ax25, nr);
373 		if (ax25->condition & AX25_COND_OWN_RX_BUSY) {
374 			if (pf)
375 				ax25_std_enquiry_response(ax25);
376 			break;
377 		}
378 		if (ns == ax25->vr) {
379 			ax25->vr = (ax25->vr + 1) % ax25->modulus;
380 			queued = ax25_rx_iframe(ax25, skb);
381 			if (ax25->condition & AX25_COND_OWN_RX_BUSY)
382 				ax25->vr = ns;	/* ax25->vr - 1 */
383 			ax25->condition &= ~AX25_COND_REJECT;
384 			if (pf) {
385 				ax25_std_enquiry_response(ax25);
386 			} else {
387 				if (!(ax25->condition & AX25_COND_ACK_PENDING)) {
388 					ax25->condition |= AX25_COND_ACK_PENDING;
389 					ax25_start_t2timer(ax25);
390 				}
391 			}
392 		} else {
393 			if (ax25->condition & AX25_COND_REJECT) {
394 				if (pf) ax25_std_enquiry_response(ax25);
395 			} else {
396 				ax25->condition |= AX25_COND_REJECT;
397 				ax25_send_control(ax25, AX25_REJ, pf, AX25_RESPONSE);
398 				ax25->condition &= ~AX25_COND_ACK_PENDING;
399 			}
400 		}
401 		break;
402 
403 	case AX25_FRMR:
404 	case AX25_ILLEGAL:
405 		ax25_std_establish_data_link(ax25);
406 		ax25->state = AX25_STATE_1;
407 		break;
408 
409 	default:
410 		break;
411 	}
412 
413 	return queued;
414 }
415 
416 /*
417  *	Higher level upcall for a LAPB frame
418  */
ax25_std_frame_in(ax25_cb * ax25,struct sk_buff * skb,int type)419 int ax25_std_frame_in(ax25_cb *ax25, struct sk_buff *skb, int type)
420 {
421 	int queued = 0, frametype, ns, nr, pf;
422 
423 	frametype = ax25_decode(ax25, skb, &ns, &nr, &pf);
424 
425 	switch (ax25->state) {
426 	case AX25_STATE_1:
427 		queued = ax25_std_state1_machine(ax25, skb, frametype, pf, type);
428 		break;
429 	case AX25_STATE_2:
430 		queued = ax25_std_state2_machine(ax25, skb, frametype, pf, type);
431 		break;
432 	case AX25_STATE_3:
433 		queued = ax25_std_state3_machine(ax25, skb, frametype, ns, nr, pf, type);
434 		break;
435 	case AX25_STATE_4:
436 		queued = ax25_std_state4_machine(ax25, skb, frametype, ns, nr, pf, type);
437 		break;
438 	}
439 
440 	ax25_kick(ax25);
441 
442 	return queued;
443 }
444