1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  *
4  * Copyright (C) Jonathan Naylor G4KLX (g4klx@g4klx.demon.co.uk)
5  * Copyright (C) Terry Dawson VK2KTJ (terry@animats.net)
6  */
7 #include <linux/errno.h>
8 #include <linux/types.h>
9 #include <linux/socket.h>
10 #include <linux/in.h>
11 #include <linux/kernel.h>
12 #include <linux/timer.h>
13 #include <linux/string.h>
14 #include <linux/sockios.h>
15 #include <linux/net.h>
16 #include <linux/slab.h>
17 #include <net/ax25.h>
18 #include <linux/inet.h>
19 #include <linux/netdevice.h>
20 #include <net/arp.h>
21 #include <linux/if_arp.h>
22 #include <linux/skbuff.h>
23 #include <net/sock.h>
24 #include <net/tcp_states.h>
25 #include <linux/uaccess.h>
26 #include <linux/fcntl.h>
27 #include <linux/termios.h>	/* For TIOCINQ/OUTQ */
28 #include <linux/mm.h>
29 #include <linux/interrupt.h>
30 #include <linux/notifier.h>
31 #include <linux/init.h>
32 #include <net/rose.h>
33 #include <linux/seq_file.h>
34 #include <linux/export.h>
35 
36 static unsigned int rose_neigh_no = 1;
37 
38 static struct rose_node  *rose_node_list;
39 static DEFINE_SPINLOCK(rose_node_list_lock);
40 static struct rose_neigh *rose_neigh_list;
41 static DEFINE_SPINLOCK(rose_neigh_list_lock);
42 static struct rose_route *rose_route_list;
43 static DEFINE_SPINLOCK(rose_route_list_lock);
44 
45 struct rose_neigh *rose_loopback_neigh;
46 
47 /*
48  *	Add a new route to a node, and in the process add the node and the
49  *	neighbour if it is new.
50  */
rose_add_node(struct rose_route_struct * rose_route,struct net_device * dev)51 static int __must_check rose_add_node(struct rose_route_struct *rose_route,
52 	struct net_device *dev)
53 {
54 	struct rose_node  *rose_node, *rose_tmpn, *rose_tmpp;
55 	struct rose_neigh *rose_neigh;
56 	int i, res = 0;
57 
58 	spin_lock_bh(&rose_node_list_lock);
59 	spin_lock_bh(&rose_neigh_list_lock);
60 
61 	rose_node = rose_node_list;
62 	while (rose_node != NULL) {
63 		if ((rose_node->mask == rose_route->mask) &&
64 		    (rosecmpm(&rose_route->address, &rose_node->address,
65 			      rose_route->mask) == 0))
66 			break;
67 		rose_node = rose_node->next;
68 	}
69 
70 	if (rose_node != NULL && rose_node->loopback) {
71 		res = -EINVAL;
72 		goto out;
73 	}
74 
75 	rose_neigh = rose_neigh_list;
76 	while (rose_neigh != NULL) {
77 		if (ax25cmp(&rose_route->neighbour,
78 			    &rose_neigh->callsign) == 0 &&
79 		    rose_neigh->dev == dev)
80 			break;
81 		rose_neigh = rose_neigh->next;
82 	}
83 
84 	if (rose_neigh == NULL) {
85 		rose_neigh = kmalloc(sizeof(*rose_neigh), GFP_ATOMIC);
86 		if (rose_neigh == NULL) {
87 			res = -ENOMEM;
88 			goto out;
89 		}
90 
91 		rose_neigh->callsign  = rose_route->neighbour;
92 		rose_neigh->digipeat  = NULL;
93 		rose_neigh->ax25      = NULL;
94 		rose_neigh->dev       = dev;
95 		rose_neigh->count     = 0;
96 		rose_neigh->use       = 0;
97 		rose_neigh->dce_mode  = 0;
98 		rose_neigh->loopback  = 0;
99 		rose_neigh->number    = rose_neigh_no++;
100 		rose_neigh->restarted = 0;
101 
102 		skb_queue_head_init(&rose_neigh->queue);
103 
104 		timer_setup(&rose_neigh->ftimer, NULL, 0);
105 		timer_setup(&rose_neigh->t0timer, NULL, 0);
106 
107 		if (rose_route->ndigis != 0) {
108 			rose_neigh->digipeat =
109 				kmalloc(sizeof(ax25_digi), GFP_ATOMIC);
110 			if (rose_neigh->digipeat == NULL) {
111 				kfree(rose_neigh);
112 				res = -ENOMEM;
113 				goto out;
114 			}
115 
116 			rose_neigh->digipeat->ndigi      = rose_route->ndigis;
117 			rose_neigh->digipeat->lastrepeat = -1;
118 
119 			for (i = 0; i < rose_route->ndigis; i++) {
120 				rose_neigh->digipeat->calls[i]    =
121 					rose_route->digipeaters[i];
122 				rose_neigh->digipeat->repeated[i] = 0;
123 			}
124 		}
125 
126 		rose_neigh->next = rose_neigh_list;
127 		rose_neigh_list  = rose_neigh;
128 	}
129 
130 	/*
131 	 * This is a new node to be inserted into the list. Find where it needs
132 	 * to be inserted into the list, and insert it. We want to be sure
133 	 * to order the list in descending order of mask size to ensure that
134 	 * later when we are searching this list the first match will be the
135 	 * best match.
136 	 */
137 	if (rose_node == NULL) {
138 		rose_tmpn = rose_node_list;
139 		rose_tmpp = NULL;
140 
141 		while (rose_tmpn != NULL) {
142 			if (rose_tmpn->mask > rose_route->mask) {
143 				rose_tmpp = rose_tmpn;
144 				rose_tmpn = rose_tmpn->next;
145 			} else {
146 				break;
147 			}
148 		}
149 
150 		/* create new node */
151 		rose_node = kmalloc(sizeof(*rose_node), GFP_ATOMIC);
152 		if (rose_node == NULL) {
153 			res = -ENOMEM;
154 			goto out;
155 		}
156 
157 		rose_node->address      = rose_route->address;
158 		rose_node->mask         = rose_route->mask;
159 		rose_node->count        = 1;
160 		rose_node->loopback     = 0;
161 		rose_node->neighbour[0] = rose_neigh;
162 
163 		if (rose_tmpn == NULL) {
164 			if (rose_tmpp == NULL) {	/* Empty list */
165 				rose_node_list  = rose_node;
166 				rose_node->next = NULL;
167 			} else {
168 				rose_tmpp->next = rose_node;
169 				rose_node->next = NULL;
170 			}
171 		} else {
172 			if (rose_tmpp == NULL) {	/* 1st node */
173 				rose_node->next = rose_node_list;
174 				rose_node_list  = rose_node;
175 			} else {
176 				rose_tmpp->next = rose_node;
177 				rose_node->next = rose_tmpn;
178 			}
179 		}
180 		rose_neigh->count++;
181 
182 		goto out;
183 	}
184 
185 	/* We have space, slot it in */
186 	if (rose_node->count < 3) {
187 		rose_node->neighbour[rose_node->count] = rose_neigh;
188 		rose_node->count++;
189 		rose_neigh->count++;
190 	}
191 
192 out:
193 	spin_unlock_bh(&rose_neigh_list_lock);
194 	spin_unlock_bh(&rose_node_list_lock);
195 
196 	return res;
197 }
198 
199 /*
200  * Caller is holding rose_node_list_lock.
201  */
rose_remove_node(struct rose_node * rose_node)202 static void rose_remove_node(struct rose_node *rose_node)
203 {
204 	struct rose_node *s;
205 
206 	if ((s = rose_node_list) == rose_node) {
207 		rose_node_list = rose_node->next;
208 		kfree(rose_node);
209 		return;
210 	}
211 
212 	while (s != NULL && s->next != NULL) {
213 		if (s->next == rose_node) {
214 			s->next = rose_node->next;
215 			kfree(rose_node);
216 			return;
217 		}
218 
219 		s = s->next;
220 	}
221 }
222 
223 /*
224  * Caller is holding rose_neigh_list_lock.
225  */
rose_remove_neigh(struct rose_neigh * rose_neigh)226 static void rose_remove_neigh(struct rose_neigh *rose_neigh)
227 {
228 	struct rose_neigh *s;
229 
230 	rose_stop_ftimer(rose_neigh);
231 	rose_stop_t0timer(rose_neigh);
232 
233 	skb_queue_purge(&rose_neigh->queue);
234 
235 	if ((s = rose_neigh_list) == rose_neigh) {
236 		rose_neigh_list = rose_neigh->next;
237 		if (rose_neigh->ax25)
238 			ax25_cb_put(rose_neigh->ax25);
239 		kfree(rose_neigh->digipeat);
240 		kfree(rose_neigh);
241 		return;
242 	}
243 
244 	while (s != NULL && s->next != NULL) {
245 		if (s->next == rose_neigh) {
246 			s->next = rose_neigh->next;
247 			if (rose_neigh->ax25)
248 				ax25_cb_put(rose_neigh->ax25);
249 			kfree(rose_neigh->digipeat);
250 			kfree(rose_neigh);
251 			return;
252 		}
253 
254 		s = s->next;
255 	}
256 }
257 
258 /*
259  * Caller is holding rose_route_list_lock.
260  */
rose_remove_route(struct rose_route * rose_route)261 static void rose_remove_route(struct rose_route *rose_route)
262 {
263 	struct rose_route *s;
264 
265 	if (rose_route->neigh1 != NULL)
266 		rose_route->neigh1->use--;
267 
268 	if (rose_route->neigh2 != NULL)
269 		rose_route->neigh2->use--;
270 
271 	if ((s = rose_route_list) == rose_route) {
272 		rose_route_list = rose_route->next;
273 		kfree(rose_route);
274 		return;
275 	}
276 
277 	while (s != NULL && s->next != NULL) {
278 		if (s->next == rose_route) {
279 			s->next = rose_route->next;
280 			kfree(rose_route);
281 			return;
282 		}
283 
284 		s = s->next;
285 	}
286 }
287 
288 /*
289  *	"Delete" a node. Strictly speaking remove a route to a node. The node
290  *	is only deleted if no routes are left to it.
291  */
rose_del_node(struct rose_route_struct * rose_route,struct net_device * dev)292 static int rose_del_node(struct rose_route_struct *rose_route,
293 	struct net_device *dev)
294 {
295 	struct rose_node  *rose_node;
296 	struct rose_neigh *rose_neigh;
297 	int i, err = 0;
298 
299 	spin_lock_bh(&rose_node_list_lock);
300 	spin_lock_bh(&rose_neigh_list_lock);
301 
302 	rose_node = rose_node_list;
303 	while (rose_node != NULL) {
304 		if ((rose_node->mask == rose_route->mask) &&
305 		    (rosecmpm(&rose_route->address, &rose_node->address,
306 			      rose_route->mask) == 0))
307 			break;
308 		rose_node = rose_node->next;
309 	}
310 
311 	if (rose_node == NULL || rose_node->loopback) {
312 		err = -EINVAL;
313 		goto out;
314 	}
315 
316 	rose_neigh = rose_neigh_list;
317 	while (rose_neigh != NULL) {
318 		if (ax25cmp(&rose_route->neighbour,
319 			    &rose_neigh->callsign) == 0 &&
320 		    rose_neigh->dev == dev)
321 			break;
322 		rose_neigh = rose_neigh->next;
323 	}
324 
325 	if (rose_neigh == NULL) {
326 		err = -EINVAL;
327 		goto out;
328 	}
329 
330 	for (i = 0; i < rose_node->count; i++) {
331 		if (rose_node->neighbour[i] == rose_neigh) {
332 			rose_neigh->count--;
333 
334 			if (rose_neigh->count == 0 && rose_neigh->use == 0)
335 				rose_remove_neigh(rose_neigh);
336 
337 			rose_node->count--;
338 
339 			if (rose_node->count == 0) {
340 				rose_remove_node(rose_node);
341 			} else {
342 				switch (i) {
343 				case 0:
344 					rose_node->neighbour[0] =
345 						rose_node->neighbour[1];
346 					fallthrough;
347 				case 1:
348 					rose_node->neighbour[1] =
349 						rose_node->neighbour[2];
350 				case 2:
351 					break;
352 				}
353 			}
354 			goto out;
355 		}
356 	}
357 	err = -EINVAL;
358 
359 out:
360 	spin_unlock_bh(&rose_neigh_list_lock);
361 	spin_unlock_bh(&rose_node_list_lock);
362 
363 	return err;
364 }
365 
366 /*
367  *	Add the loopback neighbour.
368  */
rose_add_loopback_neigh(void)369 void rose_add_loopback_neigh(void)
370 {
371 	struct rose_neigh *sn;
372 
373 	rose_loopback_neigh = kmalloc(sizeof(struct rose_neigh), GFP_KERNEL);
374 	if (!rose_loopback_neigh)
375 		return;
376 	sn = rose_loopback_neigh;
377 
378 	sn->callsign  = null_ax25_address;
379 	sn->digipeat  = NULL;
380 	sn->ax25      = NULL;
381 	sn->dev       = NULL;
382 	sn->count     = 0;
383 	sn->use       = 0;
384 	sn->dce_mode  = 1;
385 	sn->loopback  = 1;
386 	sn->number    = rose_neigh_no++;
387 	sn->restarted = 1;
388 
389 	skb_queue_head_init(&sn->queue);
390 
391 	timer_setup(&sn->ftimer, NULL, 0);
392 	timer_setup(&sn->t0timer, NULL, 0);
393 
394 	spin_lock_bh(&rose_neigh_list_lock);
395 	sn->next = rose_neigh_list;
396 	rose_neigh_list           = sn;
397 	spin_unlock_bh(&rose_neigh_list_lock);
398 }
399 
400 /*
401  *	Add a loopback node.
402  */
rose_add_loopback_node(rose_address * address)403 int rose_add_loopback_node(rose_address *address)
404 {
405 	struct rose_node *rose_node;
406 	int err = 0;
407 
408 	spin_lock_bh(&rose_node_list_lock);
409 
410 	rose_node = rose_node_list;
411 	while (rose_node != NULL) {
412 		if ((rose_node->mask == 10) &&
413 		     (rosecmpm(address, &rose_node->address, 10) == 0) &&
414 		     rose_node->loopback)
415 			break;
416 		rose_node = rose_node->next;
417 	}
418 
419 	if (rose_node != NULL)
420 		goto out;
421 
422 	if ((rose_node = kmalloc(sizeof(*rose_node), GFP_ATOMIC)) == NULL) {
423 		err = -ENOMEM;
424 		goto out;
425 	}
426 
427 	rose_node->address      = *address;
428 	rose_node->mask         = 10;
429 	rose_node->count        = 1;
430 	rose_node->loopback     = 1;
431 	rose_node->neighbour[0] = rose_loopback_neigh;
432 
433 	/* Insert at the head of list. Address is always mask=10 */
434 	rose_node->next = rose_node_list;
435 	rose_node_list  = rose_node;
436 
437 	rose_loopback_neigh->count++;
438 
439 out:
440 	spin_unlock_bh(&rose_node_list_lock);
441 
442 	return err;
443 }
444 
445 /*
446  *	Delete a loopback node.
447  */
rose_del_loopback_node(rose_address * address)448 void rose_del_loopback_node(rose_address *address)
449 {
450 	struct rose_node *rose_node;
451 
452 	spin_lock_bh(&rose_node_list_lock);
453 
454 	rose_node = rose_node_list;
455 	while (rose_node != NULL) {
456 		if ((rose_node->mask == 10) &&
457 		    (rosecmpm(address, &rose_node->address, 10) == 0) &&
458 		    rose_node->loopback)
459 			break;
460 		rose_node = rose_node->next;
461 	}
462 
463 	if (rose_node == NULL)
464 		goto out;
465 
466 	rose_remove_node(rose_node);
467 
468 	rose_loopback_neigh->count--;
469 
470 out:
471 	spin_unlock_bh(&rose_node_list_lock);
472 }
473 
474 /*
475  *	A device has been removed. Remove its routes and neighbours.
476  */
rose_rt_device_down(struct net_device * dev)477 void rose_rt_device_down(struct net_device *dev)
478 {
479 	struct rose_neigh *s, *rose_neigh;
480 	struct rose_node  *t, *rose_node;
481 	int i;
482 
483 	spin_lock_bh(&rose_node_list_lock);
484 	spin_lock_bh(&rose_neigh_list_lock);
485 	rose_neigh = rose_neigh_list;
486 	while (rose_neigh != NULL) {
487 		s          = rose_neigh;
488 		rose_neigh = rose_neigh->next;
489 
490 		if (s->dev != dev)
491 			continue;
492 
493 		rose_node = rose_node_list;
494 
495 		while (rose_node != NULL) {
496 			t         = rose_node;
497 			rose_node = rose_node->next;
498 
499 			for (i = 0; i < t->count; i++) {
500 				if (t->neighbour[i] != s)
501 					continue;
502 
503 				t->count--;
504 
505 				switch (i) {
506 				case 0:
507 					t->neighbour[0] = t->neighbour[1];
508 					fallthrough;
509 				case 1:
510 					t->neighbour[1] = t->neighbour[2];
511 				case 2:
512 					break;
513 				}
514 			}
515 
516 			if (t->count <= 0)
517 				rose_remove_node(t);
518 		}
519 
520 		rose_remove_neigh(s);
521 	}
522 	spin_unlock_bh(&rose_neigh_list_lock);
523 	spin_unlock_bh(&rose_node_list_lock);
524 }
525 
526 #if 0 /* Currently unused */
527 /*
528  *	A device has been removed. Remove its links.
529  */
530 void rose_route_device_down(struct net_device *dev)
531 {
532 	struct rose_route *s, *rose_route;
533 
534 	spin_lock_bh(&rose_route_list_lock);
535 	rose_route = rose_route_list;
536 	while (rose_route != NULL) {
537 		s          = rose_route;
538 		rose_route = rose_route->next;
539 
540 		if (s->neigh1->dev == dev || s->neigh2->dev == dev)
541 			rose_remove_route(s);
542 	}
543 	spin_unlock_bh(&rose_route_list_lock);
544 }
545 #endif
546 
547 /*
548  *	Clear all nodes and neighbours out, except for neighbours with
549  *	active connections going through them.
550  *  Do not clear loopback neighbour and nodes.
551  */
rose_clear_routes(void)552 static int rose_clear_routes(void)
553 {
554 	struct rose_neigh *s, *rose_neigh;
555 	struct rose_node  *t, *rose_node;
556 
557 	spin_lock_bh(&rose_node_list_lock);
558 	spin_lock_bh(&rose_neigh_list_lock);
559 
560 	rose_neigh = rose_neigh_list;
561 	rose_node  = rose_node_list;
562 
563 	while (rose_node != NULL) {
564 		t         = rose_node;
565 		rose_node = rose_node->next;
566 		if (!t->loopback)
567 			rose_remove_node(t);
568 	}
569 
570 	while (rose_neigh != NULL) {
571 		s          = rose_neigh;
572 		rose_neigh = rose_neigh->next;
573 
574 		if (s->use == 0 && !s->loopback) {
575 			s->count = 0;
576 			rose_remove_neigh(s);
577 		}
578 	}
579 
580 	spin_unlock_bh(&rose_neigh_list_lock);
581 	spin_unlock_bh(&rose_node_list_lock);
582 
583 	return 0;
584 }
585 
586 /*
587  *	Check that the device given is a valid AX.25 interface that is "up".
588  * 	called with RTNL
589  */
rose_ax25_dev_find(char * devname)590 static struct net_device *rose_ax25_dev_find(char *devname)
591 {
592 	struct net_device *dev;
593 
594 	if ((dev = __dev_get_by_name(&init_net, devname)) == NULL)
595 		return NULL;
596 
597 	if ((dev->flags & IFF_UP) && dev->type == ARPHRD_AX25)
598 		return dev;
599 
600 	return NULL;
601 }
602 
603 /*
604  *	Find the first active ROSE device, usually "rose0".
605  */
rose_dev_first(void)606 struct net_device *rose_dev_first(void)
607 {
608 	struct net_device *dev, *first = NULL;
609 
610 	rcu_read_lock();
611 	for_each_netdev_rcu(&init_net, dev) {
612 		if ((dev->flags & IFF_UP) && dev->type == ARPHRD_ROSE)
613 			if (first == NULL || strncmp(dev->name, first->name, 3) < 0)
614 				first = dev;
615 	}
616 	rcu_read_unlock();
617 
618 	return first;
619 }
620 
621 /*
622  *	Find the ROSE device for the given address.
623  */
rose_dev_get(rose_address * addr)624 struct net_device *rose_dev_get(rose_address *addr)
625 {
626 	struct net_device *dev;
627 
628 	rcu_read_lock();
629 	for_each_netdev_rcu(&init_net, dev) {
630 		if ((dev->flags & IFF_UP) && dev->type == ARPHRD_ROSE && rosecmp(addr, (rose_address *)dev->dev_addr) == 0) {
631 			dev_hold(dev);
632 			goto out;
633 		}
634 	}
635 	dev = NULL;
636 out:
637 	rcu_read_unlock();
638 	return dev;
639 }
640 
rose_dev_exists(rose_address * addr)641 static int rose_dev_exists(rose_address *addr)
642 {
643 	struct net_device *dev;
644 
645 	rcu_read_lock();
646 	for_each_netdev_rcu(&init_net, dev) {
647 		if ((dev->flags & IFF_UP) && dev->type == ARPHRD_ROSE && rosecmp(addr, (rose_address *)dev->dev_addr) == 0)
648 			goto out;
649 	}
650 	dev = NULL;
651 out:
652 	rcu_read_unlock();
653 	return dev != NULL;
654 }
655 
656 
657 
658 
rose_route_free_lci(unsigned int lci,struct rose_neigh * neigh)659 struct rose_route *rose_route_free_lci(unsigned int lci, struct rose_neigh *neigh)
660 {
661 	struct rose_route *rose_route;
662 
663 	for (rose_route = rose_route_list; rose_route != NULL; rose_route = rose_route->next)
664 		if ((rose_route->neigh1 == neigh && rose_route->lci1 == lci) ||
665 		    (rose_route->neigh2 == neigh && rose_route->lci2 == lci))
666 			return rose_route;
667 
668 	return NULL;
669 }
670 
671 /*
672  *	Find a neighbour or a route given a ROSE address.
673  */
rose_get_neigh(rose_address * addr,unsigned char * cause,unsigned char * diagnostic,int route_frame)674 struct rose_neigh *rose_get_neigh(rose_address *addr, unsigned char *cause,
675 	unsigned char *diagnostic, int route_frame)
676 {
677 	struct rose_neigh *res = NULL;
678 	struct rose_node *node;
679 	int failed = 0;
680 	int i;
681 
682 	if (!route_frame) spin_lock_bh(&rose_node_list_lock);
683 	for (node = rose_node_list; node != NULL; node = node->next) {
684 		if (rosecmpm(addr, &node->address, node->mask) == 0) {
685 			for (i = 0; i < node->count; i++) {
686 				if (node->neighbour[i]->restarted) {
687 					res = node->neighbour[i];
688 					goto out;
689 				}
690 			}
691 		}
692 	}
693 	if (!route_frame) { /* connect request */
694 		for (node = rose_node_list; node != NULL; node = node->next) {
695 			if (rosecmpm(addr, &node->address, node->mask) == 0) {
696 				for (i = 0; i < node->count; i++) {
697 					if (!rose_ftimer_running(node->neighbour[i])) {
698 						res = node->neighbour[i];
699 						goto out;
700 					}
701 					failed = 1;
702 				}
703 			}
704 		}
705 	}
706 
707 	if (failed) {
708 		*cause      = ROSE_OUT_OF_ORDER;
709 		*diagnostic = 0;
710 	} else {
711 		*cause      = ROSE_NOT_OBTAINABLE;
712 		*diagnostic = 0;
713 	}
714 
715 out:
716 	if (!route_frame) spin_unlock_bh(&rose_node_list_lock);
717 	return res;
718 }
719 
720 /*
721  *	Handle the ioctls that control the routing functions.
722  */
rose_rt_ioctl(unsigned int cmd,void __user * arg)723 int rose_rt_ioctl(unsigned int cmd, void __user *arg)
724 {
725 	struct rose_route_struct rose_route;
726 	struct net_device *dev;
727 	int err;
728 
729 	switch (cmd) {
730 	case SIOCADDRT:
731 		if (copy_from_user(&rose_route, arg, sizeof(struct rose_route_struct)))
732 			return -EFAULT;
733 		if ((dev = rose_ax25_dev_find(rose_route.device)) == NULL)
734 			return -EINVAL;
735 		if (rose_dev_exists(&rose_route.address)) /* Can't add routes to ourself */
736 			return -EINVAL;
737 		if (rose_route.mask > 10) /* Mask can't be more than 10 digits */
738 			return -EINVAL;
739 		if (rose_route.ndigis > AX25_MAX_DIGIS)
740 			return -EINVAL;
741 		err = rose_add_node(&rose_route, dev);
742 		return err;
743 
744 	case SIOCDELRT:
745 		if (copy_from_user(&rose_route, arg, sizeof(struct rose_route_struct)))
746 			return -EFAULT;
747 		if ((dev = rose_ax25_dev_find(rose_route.device)) == NULL)
748 			return -EINVAL;
749 		err = rose_del_node(&rose_route, dev);
750 		return err;
751 
752 	case SIOCRSCLRRT:
753 		return rose_clear_routes();
754 
755 	default:
756 		return -EINVAL;
757 	}
758 
759 	return 0;
760 }
761 
rose_del_route_by_neigh(struct rose_neigh * rose_neigh)762 static void rose_del_route_by_neigh(struct rose_neigh *rose_neigh)
763 {
764 	struct rose_route *rose_route, *s;
765 
766 	rose_neigh->restarted = 0;
767 
768 	rose_stop_t0timer(rose_neigh);
769 	rose_start_ftimer(rose_neigh);
770 
771 	skb_queue_purge(&rose_neigh->queue);
772 
773 	spin_lock_bh(&rose_route_list_lock);
774 
775 	rose_route = rose_route_list;
776 
777 	while (rose_route != NULL) {
778 		if ((rose_route->neigh1 == rose_neigh && rose_route->neigh2 == rose_neigh) ||
779 		    (rose_route->neigh1 == rose_neigh && rose_route->neigh2 == NULL)       ||
780 		    (rose_route->neigh2 == rose_neigh && rose_route->neigh1 == NULL)) {
781 			s = rose_route->next;
782 			rose_remove_route(rose_route);
783 			rose_route = s;
784 			continue;
785 		}
786 
787 		if (rose_route->neigh1 == rose_neigh) {
788 			rose_route->neigh1->use--;
789 			rose_route->neigh1 = NULL;
790 			rose_transmit_clear_request(rose_route->neigh2, rose_route->lci2, ROSE_OUT_OF_ORDER, 0);
791 		}
792 
793 		if (rose_route->neigh2 == rose_neigh) {
794 			rose_route->neigh2->use--;
795 			rose_route->neigh2 = NULL;
796 			rose_transmit_clear_request(rose_route->neigh1, rose_route->lci1, ROSE_OUT_OF_ORDER, 0);
797 		}
798 
799 		rose_route = rose_route->next;
800 	}
801 	spin_unlock_bh(&rose_route_list_lock);
802 }
803 
804 /*
805  * 	A level 2 link has timed out, therefore it appears to be a poor link,
806  *	then don't use that neighbour until it is reset. Blow away all through
807  *	routes and connections using this route.
808  */
rose_link_failed(ax25_cb * ax25,int reason)809 void rose_link_failed(ax25_cb *ax25, int reason)
810 {
811 	struct rose_neigh *rose_neigh;
812 
813 	spin_lock_bh(&rose_neigh_list_lock);
814 	rose_neigh = rose_neigh_list;
815 	while (rose_neigh != NULL) {
816 		if (rose_neigh->ax25 == ax25)
817 			break;
818 		rose_neigh = rose_neigh->next;
819 	}
820 
821 	if (rose_neigh != NULL) {
822 		rose_neigh->ax25 = NULL;
823 		ax25_cb_put(ax25);
824 
825 		rose_del_route_by_neigh(rose_neigh);
826 		rose_kill_by_neigh(rose_neigh);
827 	}
828 	spin_unlock_bh(&rose_neigh_list_lock);
829 }
830 
831 /*
832  * 	A device has been "downed" remove its link status. Blow away all
833  *	through routes and connections that use this device.
834  */
rose_link_device_down(struct net_device * dev)835 void rose_link_device_down(struct net_device *dev)
836 {
837 	struct rose_neigh *rose_neigh;
838 
839 	for (rose_neigh = rose_neigh_list; rose_neigh != NULL; rose_neigh = rose_neigh->next) {
840 		if (rose_neigh->dev == dev) {
841 			rose_del_route_by_neigh(rose_neigh);
842 			rose_kill_by_neigh(rose_neigh);
843 		}
844 	}
845 }
846 
847 /*
848  *	Route a frame to an appropriate AX.25 connection.
849  *	A NULL ax25_cb indicates an internally generated frame.
850  */
rose_route_frame(struct sk_buff * skb,ax25_cb * ax25)851 int rose_route_frame(struct sk_buff *skb, ax25_cb *ax25)
852 {
853 	struct rose_neigh *rose_neigh, *new_neigh;
854 	struct rose_route *rose_route;
855 	struct rose_facilities_struct facilities;
856 	rose_address *src_addr, *dest_addr;
857 	struct sock *sk;
858 	unsigned short frametype;
859 	unsigned int lci, new_lci;
860 	unsigned char cause, diagnostic;
861 	struct net_device *dev;
862 	int res = 0;
863 	char buf[11];
864 
865 	if (skb->len < ROSE_MIN_LEN)
866 		return res;
867 
868 	if (!ax25)
869 		return rose_loopback_queue(skb, NULL);
870 
871 	frametype = skb->data[2];
872 	lci = ((skb->data[0] << 8) & 0xF00) + ((skb->data[1] << 0) & 0x0FF);
873 	if (frametype == ROSE_CALL_REQUEST &&
874 	    (skb->len <= ROSE_CALL_REQ_FACILITIES_OFF ||
875 	     skb->data[ROSE_CALL_REQ_ADDR_LEN_OFF] !=
876 	     ROSE_CALL_REQ_ADDR_LEN_VAL))
877 		return res;
878 	src_addr  = (rose_address *)(skb->data + ROSE_CALL_REQ_SRC_ADDR_OFF);
879 	dest_addr = (rose_address *)(skb->data + ROSE_CALL_REQ_DEST_ADDR_OFF);
880 
881 	spin_lock_bh(&rose_neigh_list_lock);
882 	spin_lock_bh(&rose_route_list_lock);
883 
884 	rose_neigh = rose_neigh_list;
885 	while (rose_neigh != NULL) {
886 		if (ax25cmp(&ax25->dest_addr, &rose_neigh->callsign) == 0 &&
887 		    ax25->ax25_dev->dev == rose_neigh->dev)
888 			break;
889 		rose_neigh = rose_neigh->next;
890 	}
891 
892 	if (rose_neigh == NULL) {
893 		printk("rose_route : unknown neighbour or device %s\n",
894 		       ax2asc(buf, &ax25->dest_addr));
895 		goto out;
896 	}
897 
898 	/*
899 	 *	Obviously the link is working, halt the ftimer.
900 	 */
901 	rose_stop_ftimer(rose_neigh);
902 
903 	/*
904 	 *	LCI of zero is always for us, and its always a restart
905 	 * 	frame.
906 	 */
907 	if (lci == 0) {
908 		rose_link_rx_restart(skb, rose_neigh, frametype);
909 		goto out;
910 	}
911 
912 	/*
913 	 *	Find an existing socket.
914 	 */
915 	if ((sk = rose_find_socket(lci, rose_neigh)) != NULL) {
916 		if (frametype == ROSE_CALL_REQUEST) {
917 			struct rose_sock *rose = rose_sk(sk);
918 
919 			/* Remove an existing unused socket */
920 			rose_clear_queues(sk);
921 			rose->cause	 = ROSE_NETWORK_CONGESTION;
922 			rose->diagnostic = 0;
923 			rose->neighbour->use--;
924 			rose->neighbour	 = NULL;
925 			rose->lci	 = 0;
926 			rose->state	 = ROSE_STATE_0;
927 			sk->sk_state	 = TCP_CLOSE;
928 			sk->sk_err	 = 0;
929 			sk->sk_shutdown	 |= SEND_SHUTDOWN;
930 			if (!sock_flag(sk, SOCK_DEAD)) {
931 				sk->sk_state_change(sk);
932 				sock_set_flag(sk, SOCK_DEAD);
933 			}
934 		}
935 		else {
936 			skb_reset_transport_header(skb);
937 			res = rose_process_rx_frame(sk, skb);
938 			goto out;
939 		}
940 	}
941 
942 	/*
943 	 *	Is is a Call Request and is it for us ?
944 	 */
945 	if (frametype == ROSE_CALL_REQUEST)
946 		if ((dev = rose_dev_get(dest_addr)) != NULL) {
947 			res = rose_rx_call_request(skb, dev, rose_neigh, lci);
948 			dev_put(dev);
949 			goto out;
950 		}
951 
952 	if (!sysctl_rose_routing_control) {
953 		rose_transmit_clear_request(rose_neigh, lci, ROSE_NOT_OBTAINABLE, 0);
954 		goto out;
955 	}
956 
957 	/*
958 	 *	Route it to the next in line if we have an entry for it.
959 	 */
960 	rose_route = rose_route_list;
961 	while (rose_route != NULL) {
962 		if (rose_route->lci1 == lci &&
963 		    rose_route->neigh1 == rose_neigh) {
964 			if (frametype == ROSE_CALL_REQUEST) {
965 				/* F6FBB - Remove an existing unused route */
966 				rose_remove_route(rose_route);
967 				break;
968 			} else if (rose_route->neigh2 != NULL) {
969 				skb->data[0] &= 0xF0;
970 				skb->data[0] |= (rose_route->lci2 >> 8) & 0x0F;
971 				skb->data[1]  = (rose_route->lci2 >> 0) & 0xFF;
972 				rose_transmit_link(skb, rose_route->neigh2);
973 				if (frametype == ROSE_CLEAR_CONFIRMATION)
974 					rose_remove_route(rose_route);
975 				res = 1;
976 				goto out;
977 			} else {
978 				if (frametype == ROSE_CLEAR_CONFIRMATION)
979 					rose_remove_route(rose_route);
980 				goto out;
981 			}
982 		}
983 		if (rose_route->lci2 == lci &&
984 		    rose_route->neigh2 == rose_neigh) {
985 			if (frametype == ROSE_CALL_REQUEST) {
986 				/* F6FBB - Remove an existing unused route */
987 				rose_remove_route(rose_route);
988 				break;
989 			} else if (rose_route->neigh1 != NULL) {
990 				skb->data[0] &= 0xF0;
991 				skb->data[0] |= (rose_route->lci1 >> 8) & 0x0F;
992 				skb->data[1]  = (rose_route->lci1 >> 0) & 0xFF;
993 				rose_transmit_link(skb, rose_route->neigh1);
994 				if (frametype == ROSE_CLEAR_CONFIRMATION)
995 					rose_remove_route(rose_route);
996 				res = 1;
997 				goto out;
998 			} else {
999 				if (frametype == ROSE_CLEAR_CONFIRMATION)
1000 					rose_remove_route(rose_route);
1001 				goto out;
1002 			}
1003 		}
1004 		rose_route = rose_route->next;
1005 	}
1006 
1007 	/*
1008 	 *	We know that:
1009 	 *	1. The frame isn't for us,
1010 	 *	2. It isn't "owned" by any existing route.
1011 	 */
1012 	if (frametype != ROSE_CALL_REQUEST) {	/* XXX */
1013 		res = 0;
1014 		goto out;
1015 	}
1016 
1017 	memset(&facilities, 0x00, sizeof(struct rose_facilities_struct));
1018 
1019 	if (!rose_parse_facilities(skb->data + ROSE_CALL_REQ_FACILITIES_OFF,
1020 				   skb->len - ROSE_CALL_REQ_FACILITIES_OFF,
1021 				   &facilities)) {
1022 		rose_transmit_clear_request(rose_neigh, lci, ROSE_INVALID_FACILITY, 76);
1023 		goto out;
1024 	}
1025 
1026 	/*
1027 	 *	Check for routing loops.
1028 	 */
1029 	rose_route = rose_route_list;
1030 	while (rose_route != NULL) {
1031 		if (rose_route->rand == facilities.rand &&
1032 		    rosecmp(src_addr, &rose_route->src_addr) == 0 &&
1033 		    ax25cmp(&facilities.dest_call, &rose_route->src_call) == 0 &&
1034 		    ax25cmp(&facilities.source_call, &rose_route->dest_call) == 0) {
1035 			rose_transmit_clear_request(rose_neigh, lci, ROSE_NOT_OBTAINABLE, 120);
1036 			goto out;
1037 		}
1038 		rose_route = rose_route->next;
1039 	}
1040 
1041 	if ((new_neigh = rose_get_neigh(dest_addr, &cause, &diagnostic, 1)) == NULL) {
1042 		rose_transmit_clear_request(rose_neigh, lci, cause, diagnostic);
1043 		goto out;
1044 	}
1045 
1046 	if ((new_lci = rose_new_lci(new_neigh)) == 0) {
1047 		rose_transmit_clear_request(rose_neigh, lci, ROSE_NETWORK_CONGESTION, 71);
1048 		goto out;
1049 	}
1050 
1051 	if ((rose_route = kmalloc(sizeof(*rose_route), GFP_ATOMIC)) == NULL) {
1052 		rose_transmit_clear_request(rose_neigh, lci, ROSE_NETWORK_CONGESTION, 120);
1053 		goto out;
1054 	}
1055 
1056 	rose_route->lci1      = lci;
1057 	rose_route->src_addr  = *src_addr;
1058 	rose_route->dest_addr = *dest_addr;
1059 	rose_route->src_call  = facilities.dest_call;
1060 	rose_route->dest_call = facilities.source_call;
1061 	rose_route->rand      = facilities.rand;
1062 	rose_route->neigh1    = rose_neigh;
1063 	rose_route->lci2      = new_lci;
1064 	rose_route->neigh2    = new_neigh;
1065 
1066 	rose_route->neigh1->use++;
1067 	rose_route->neigh2->use++;
1068 
1069 	rose_route->next = rose_route_list;
1070 	rose_route_list  = rose_route;
1071 
1072 	skb->data[0] &= 0xF0;
1073 	skb->data[0] |= (rose_route->lci2 >> 8) & 0x0F;
1074 	skb->data[1]  = (rose_route->lci2 >> 0) & 0xFF;
1075 
1076 	rose_transmit_link(skb, rose_route->neigh2);
1077 	res = 1;
1078 
1079 out:
1080 	spin_unlock_bh(&rose_route_list_lock);
1081 	spin_unlock_bh(&rose_neigh_list_lock);
1082 
1083 	return res;
1084 }
1085 
1086 #ifdef CONFIG_PROC_FS
1087 
rose_node_start(struct seq_file * seq,loff_t * pos)1088 static void *rose_node_start(struct seq_file *seq, loff_t *pos)
1089 	__acquires(rose_node_list_lock)
1090 {
1091 	struct rose_node *rose_node;
1092 	int i = 1;
1093 
1094 	spin_lock_bh(&rose_node_list_lock);
1095 	if (*pos == 0)
1096 		return SEQ_START_TOKEN;
1097 
1098 	for (rose_node = rose_node_list; rose_node && i < *pos;
1099 	     rose_node = rose_node->next, ++i);
1100 
1101 	return (i == *pos) ? rose_node : NULL;
1102 }
1103 
rose_node_next(struct seq_file * seq,void * v,loff_t * pos)1104 static void *rose_node_next(struct seq_file *seq, void *v, loff_t *pos)
1105 {
1106 	++*pos;
1107 
1108 	return (v == SEQ_START_TOKEN) ? rose_node_list
1109 		: ((struct rose_node *)v)->next;
1110 }
1111 
rose_node_stop(struct seq_file * seq,void * v)1112 static void rose_node_stop(struct seq_file *seq, void *v)
1113 	__releases(rose_node_list_lock)
1114 {
1115 	spin_unlock_bh(&rose_node_list_lock);
1116 }
1117 
rose_node_show(struct seq_file * seq,void * v)1118 static int rose_node_show(struct seq_file *seq, void *v)
1119 {
1120 	char rsbuf[11];
1121 	int i;
1122 
1123 	if (v == SEQ_START_TOKEN)
1124 		seq_puts(seq, "address    mask n neigh neigh neigh\n");
1125 	else {
1126 		const struct rose_node *rose_node = v;
1127 		/* if (rose_node->loopback) {
1128 			seq_printf(seq, "%-10s %04d 1 loopback\n",
1129 				   rose2asc(rsbuf, &rose_node->address),
1130 				   rose_node->mask);
1131 		} else { */
1132 			seq_printf(seq, "%-10s %04d %d",
1133 				   rose2asc(rsbuf, &rose_node->address),
1134 				   rose_node->mask,
1135 				   rose_node->count);
1136 
1137 			for (i = 0; i < rose_node->count; i++)
1138 				seq_printf(seq, " %05d",
1139 					rose_node->neighbour[i]->number);
1140 
1141 			seq_puts(seq, "\n");
1142 		/* } */
1143 	}
1144 	return 0;
1145 }
1146 
1147 const struct seq_operations rose_node_seqops = {
1148 	.start = rose_node_start,
1149 	.next = rose_node_next,
1150 	.stop = rose_node_stop,
1151 	.show = rose_node_show,
1152 };
1153 
rose_neigh_start(struct seq_file * seq,loff_t * pos)1154 static void *rose_neigh_start(struct seq_file *seq, loff_t *pos)
1155 	__acquires(rose_neigh_list_lock)
1156 {
1157 	struct rose_neigh *rose_neigh;
1158 	int i = 1;
1159 
1160 	spin_lock_bh(&rose_neigh_list_lock);
1161 	if (*pos == 0)
1162 		return SEQ_START_TOKEN;
1163 
1164 	for (rose_neigh = rose_neigh_list; rose_neigh && i < *pos;
1165 	     rose_neigh = rose_neigh->next, ++i);
1166 
1167 	return (i == *pos) ? rose_neigh : NULL;
1168 }
1169 
rose_neigh_next(struct seq_file * seq,void * v,loff_t * pos)1170 static void *rose_neigh_next(struct seq_file *seq, void *v, loff_t *pos)
1171 {
1172 	++*pos;
1173 
1174 	return (v == SEQ_START_TOKEN) ? rose_neigh_list
1175 		: ((struct rose_neigh *)v)->next;
1176 }
1177 
rose_neigh_stop(struct seq_file * seq,void * v)1178 static void rose_neigh_stop(struct seq_file *seq, void *v)
1179 	__releases(rose_neigh_list_lock)
1180 {
1181 	spin_unlock_bh(&rose_neigh_list_lock);
1182 }
1183 
rose_neigh_show(struct seq_file * seq,void * v)1184 static int rose_neigh_show(struct seq_file *seq, void *v)
1185 {
1186 	char buf[11];
1187 	int i;
1188 
1189 	if (v == SEQ_START_TOKEN)
1190 		seq_puts(seq,
1191 			 "addr  callsign  dev  count use mode restart  t0  tf digipeaters\n");
1192 	else {
1193 		struct rose_neigh *rose_neigh = v;
1194 
1195 		/* if (!rose_neigh->loopback) { */
1196 		seq_printf(seq, "%05d %-9s %-4s   %3d %3d  %3s     %3s %3lu %3lu",
1197 			   rose_neigh->number,
1198 			   (rose_neigh->loopback) ? "RSLOOP-0" : ax2asc(buf, &rose_neigh->callsign),
1199 			   rose_neigh->dev ? rose_neigh->dev->name : "???",
1200 			   rose_neigh->count,
1201 			   rose_neigh->use,
1202 			   (rose_neigh->dce_mode) ? "DCE" : "DTE",
1203 			   (rose_neigh->restarted) ? "yes" : "no",
1204 			   ax25_display_timer(&rose_neigh->t0timer) / HZ,
1205 			   ax25_display_timer(&rose_neigh->ftimer)  / HZ);
1206 
1207 		if (rose_neigh->digipeat != NULL) {
1208 			for (i = 0; i < rose_neigh->digipeat->ndigi; i++)
1209 				seq_printf(seq, " %s", ax2asc(buf, &rose_neigh->digipeat->calls[i]));
1210 		}
1211 
1212 		seq_puts(seq, "\n");
1213 	}
1214 	return 0;
1215 }
1216 
1217 
1218 const struct seq_operations rose_neigh_seqops = {
1219 	.start = rose_neigh_start,
1220 	.next = rose_neigh_next,
1221 	.stop = rose_neigh_stop,
1222 	.show = rose_neigh_show,
1223 };
1224 
rose_route_start(struct seq_file * seq,loff_t * pos)1225 static void *rose_route_start(struct seq_file *seq, loff_t *pos)
1226 	__acquires(rose_route_list_lock)
1227 {
1228 	struct rose_route *rose_route;
1229 	int i = 1;
1230 
1231 	spin_lock_bh(&rose_route_list_lock);
1232 	if (*pos == 0)
1233 		return SEQ_START_TOKEN;
1234 
1235 	for (rose_route = rose_route_list; rose_route && i < *pos;
1236 	     rose_route = rose_route->next, ++i);
1237 
1238 	return (i == *pos) ? rose_route : NULL;
1239 }
1240 
rose_route_next(struct seq_file * seq,void * v,loff_t * pos)1241 static void *rose_route_next(struct seq_file *seq, void *v, loff_t *pos)
1242 {
1243 	++*pos;
1244 
1245 	return (v == SEQ_START_TOKEN) ? rose_route_list
1246 		: ((struct rose_route *)v)->next;
1247 }
1248 
rose_route_stop(struct seq_file * seq,void * v)1249 static void rose_route_stop(struct seq_file *seq, void *v)
1250 	__releases(rose_route_list_lock)
1251 {
1252 	spin_unlock_bh(&rose_route_list_lock);
1253 }
1254 
rose_route_show(struct seq_file * seq,void * v)1255 static int rose_route_show(struct seq_file *seq, void *v)
1256 {
1257 	char buf[11], rsbuf[11];
1258 
1259 	if (v == SEQ_START_TOKEN)
1260 		seq_puts(seq,
1261 			 "lci  address     callsign   neigh  <-> lci  address     callsign   neigh\n");
1262 	else {
1263 		struct rose_route *rose_route = v;
1264 
1265 		if (rose_route->neigh1)
1266 			seq_printf(seq,
1267 				   "%3.3X  %-10s  %-9s  %05d      ",
1268 				   rose_route->lci1,
1269 				   rose2asc(rsbuf, &rose_route->src_addr),
1270 				   ax2asc(buf, &rose_route->src_call),
1271 				   rose_route->neigh1->number);
1272 		else
1273 			seq_puts(seq,
1274 				 "000  *           *          00000      ");
1275 
1276 		if (rose_route->neigh2)
1277 			seq_printf(seq,
1278 				   "%3.3X  %-10s  %-9s  %05d\n",
1279 				   rose_route->lci2,
1280 				   rose2asc(rsbuf, &rose_route->dest_addr),
1281 				   ax2asc(buf, &rose_route->dest_call),
1282 				   rose_route->neigh2->number);
1283 		 else
1284 			 seq_puts(seq,
1285 				  "000  *           *          00000\n");
1286 		}
1287 	return 0;
1288 }
1289 
1290 struct seq_operations rose_route_seqops = {
1291 	.start = rose_route_start,
1292 	.next = rose_route_next,
1293 	.stop = rose_route_stop,
1294 	.show = rose_route_show,
1295 };
1296 #endif /* CONFIG_PROC_FS */
1297 
1298 /*
1299  *	Release all memory associated with ROSE routing structures.
1300  */
rose_rt_free(void)1301 void __exit rose_rt_free(void)
1302 {
1303 	struct rose_neigh *s, *rose_neigh = rose_neigh_list;
1304 	struct rose_node  *t, *rose_node  = rose_node_list;
1305 	struct rose_route *u, *rose_route = rose_route_list;
1306 
1307 	while (rose_neigh != NULL) {
1308 		s          = rose_neigh;
1309 		rose_neigh = rose_neigh->next;
1310 
1311 		rose_remove_neigh(s);
1312 	}
1313 
1314 	while (rose_node != NULL) {
1315 		t         = rose_node;
1316 		rose_node = rose_node->next;
1317 
1318 		rose_remove_node(t);
1319 	}
1320 
1321 	while (rose_route != NULL) {
1322 		u          = rose_route;
1323 		rose_route = rose_route->next;
1324 
1325 		rose_remove_route(u);
1326 	}
1327 }
1328