1 /*
2 * This program is free software; you can redistribute it and/or modify
3 * it under the terms of the GNU General Public License as published by
4 * the Free Software Foundation; either version 2 of the License, or
5 * (at your option) any later version.
6 *
7 * Copyright (C) Alan Cox GW4PTS (alan@lxorguk.ukuu.org.uk)
8 * Copyright (C) Jonathan Naylor G4KLX (g4klx@g4klx.demon.co.uk)
9 * Copyright (C) Darryl Miles G7LED (dlm@g7led.demon.co.uk)
10 * Copyright (C) Steven Whitehouse GW7RRM (stevew@acm.org)
11 * Copyright (C) Joerg Reuter DL1BKE (jreuter@yaina.de)
12 * Copyright (C) Hans-Joachim Hetscher DD8NE (dd8ne@bnv-bamberg.de)
13 * Copyright (C) Hans Alblas PE1AYX (hans@esrac.ele.tue.nl)
14 * Copyright (C) Frederic Rible F1OAT (frible@teaser.fr)
15 */
16 #include <linux/capability.h>
17 #include <linux/module.h>
18 #include <linux/errno.h>
19 #include <linux/types.h>
20 #include <linux/socket.h>
21 #include <linux/in.h>
22 #include <linux/kernel.h>
23 #include <linux/sched/signal.h>
24 #include <linux/timer.h>
25 #include <linux/string.h>
26 #include <linux/sockios.h>
27 #include <linux/net.h>
28 #include <linux/slab.h>
29 #include <net/ax25.h>
30 #include <linux/inet.h>
31 #include <linux/netdevice.h>
32 #include <linux/if_arp.h>
33 #include <linux/skbuff.h>
34 #include <net/sock.h>
35 #include <linux/uaccess.h>
36 #include <linux/fcntl.h>
37 #include <linux/termios.h> /* For TIOCINQ/OUTQ */
38 #include <linux/mm.h>
39 #include <linux/interrupt.h>
40 #include <linux/notifier.h>
41 #include <linux/proc_fs.h>
42 #include <linux/stat.h>
43 #include <linux/sysctl.h>
44 #include <linux/init.h>
45 #include <linux/spinlock.h>
46 #include <net/net_namespace.h>
47 #include <net/tcp_states.h>
48 #include <net/ip.h>
49 #include <net/arp.h>
50
51
52
53 HLIST_HEAD(ax25_list);
54 DEFINE_SPINLOCK(ax25_list_lock);
55
56 static const struct proto_ops ax25_proto_ops;
57
ax25_free_sock(struct sock * sk)58 static void ax25_free_sock(struct sock *sk)
59 {
60 ax25_cb_put(sk_to_ax25(sk));
61 }
62
63 /*
64 * Socket removal during an interrupt is now safe.
65 */
ax25_cb_del(ax25_cb * ax25)66 static void ax25_cb_del(ax25_cb *ax25)
67 {
68 if (!hlist_unhashed(&ax25->ax25_node)) {
69 spin_lock_bh(&ax25_list_lock);
70 hlist_del_init(&ax25->ax25_node);
71 spin_unlock_bh(&ax25_list_lock);
72 ax25_cb_put(ax25);
73 }
74 }
75
76 /*
77 * Kill all bound sockets on a dropped device.
78 */
ax25_kill_by_device(struct net_device * dev)79 static void ax25_kill_by_device(struct net_device *dev)
80 {
81 ax25_dev *ax25_dev;
82 ax25_cb *s;
83
84 if ((ax25_dev = ax25_dev_ax25dev(dev)) == NULL)
85 return;
86
87 spin_lock_bh(&ax25_list_lock);
88 again:
89 ax25_for_each(s, &ax25_list) {
90 if (s->ax25_dev == ax25_dev) {
91 s->ax25_dev = NULL;
92 spin_unlock_bh(&ax25_list_lock);
93 ax25_disconnect(s, ENETUNREACH);
94 spin_lock_bh(&ax25_list_lock);
95
96 /* The entry could have been deleted from the
97 * list meanwhile and thus the next pointer is
98 * no longer valid. Play it safe and restart
99 * the scan. Forward progress is ensured
100 * because we set s->ax25_dev to NULL and we
101 * are never passed a NULL 'dev' argument.
102 */
103 goto again;
104 }
105 }
106 spin_unlock_bh(&ax25_list_lock);
107 }
108
109 /*
110 * Handle device status changes.
111 */
ax25_device_event(struct notifier_block * this,unsigned long event,void * ptr)112 static int ax25_device_event(struct notifier_block *this, unsigned long event,
113 void *ptr)
114 {
115 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
116
117 if (!net_eq(dev_net(dev), &init_net))
118 return NOTIFY_DONE;
119
120 /* Reject non AX.25 devices */
121 if (dev->type != ARPHRD_AX25)
122 return NOTIFY_DONE;
123
124 switch (event) {
125 case NETDEV_UP:
126 ax25_dev_device_up(dev);
127 break;
128 case NETDEV_DOWN:
129 ax25_kill_by_device(dev);
130 ax25_rt_device_down(dev);
131 ax25_dev_device_down(dev);
132 break;
133 default:
134 break;
135 }
136
137 return NOTIFY_DONE;
138 }
139
140 /*
141 * Add a socket to the bound sockets list.
142 */
ax25_cb_add(ax25_cb * ax25)143 void ax25_cb_add(ax25_cb *ax25)
144 {
145 spin_lock_bh(&ax25_list_lock);
146 ax25_cb_hold(ax25);
147 hlist_add_head(&ax25->ax25_node, &ax25_list);
148 spin_unlock_bh(&ax25_list_lock);
149 }
150
151 /*
152 * Find a socket that wants to accept the SABM we have just
153 * received.
154 */
ax25_find_listener(ax25_address * addr,int digi,struct net_device * dev,int type)155 struct sock *ax25_find_listener(ax25_address *addr, int digi,
156 struct net_device *dev, int type)
157 {
158 ax25_cb *s;
159
160 spin_lock(&ax25_list_lock);
161 ax25_for_each(s, &ax25_list) {
162 if ((s->iamdigi && !digi) || (!s->iamdigi && digi))
163 continue;
164 if (s->sk && !ax25cmp(&s->source_addr, addr) &&
165 s->sk->sk_type == type && s->sk->sk_state == TCP_LISTEN) {
166 /* If device is null we match any device */
167 if (s->ax25_dev == NULL || s->ax25_dev->dev == dev) {
168 sock_hold(s->sk);
169 spin_unlock(&ax25_list_lock);
170 return s->sk;
171 }
172 }
173 }
174 spin_unlock(&ax25_list_lock);
175
176 return NULL;
177 }
178
179 /*
180 * Find an AX.25 socket given both ends.
181 */
ax25_get_socket(ax25_address * my_addr,ax25_address * dest_addr,int type)182 struct sock *ax25_get_socket(ax25_address *my_addr, ax25_address *dest_addr,
183 int type)
184 {
185 struct sock *sk = NULL;
186 ax25_cb *s;
187
188 spin_lock(&ax25_list_lock);
189 ax25_for_each(s, &ax25_list) {
190 if (s->sk && !ax25cmp(&s->source_addr, my_addr) &&
191 !ax25cmp(&s->dest_addr, dest_addr) &&
192 s->sk->sk_type == type) {
193 sk = s->sk;
194 sock_hold(sk);
195 break;
196 }
197 }
198
199 spin_unlock(&ax25_list_lock);
200
201 return sk;
202 }
203
204 /*
205 * Find an AX.25 control block given both ends. It will only pick up
206 * floating AX.25 control blocks or non Raw socket bound control blocks.
207 */
ax25_find_cb(ax25_address * src_addr,ax25_address * dest_addr,ax25_digi * digi,struct net_device * dev)208 ax25_cb *ax25_find_cb(ax25_address *src_addr, ax25_address *dest_addr,
209 ax25_digi *digi, struct net_device *dev)
210 {
211 ax25_cb *s;
212
213 spin_lock_bh(&ax25_list_lock);
214 ax25_for_each(s, &ax25_list) {
215 if (s->sk && s->sk->sk_type != SOCK_SEQPACKET)
216 continue;
217 if (s->ax25_dev == NULL)
218 continue;
219 if (ax25cmp(&s->source_addr, src_addr) == 0 && ax25cmp(&s->dest_addr, dest_addr) == 0 && s->ax25_dev->dev == dev) {
220 if (digi != NULL && digi->ndigi != 0) {
221 if (s->digipeat == NULL)
222 continue;
223 if (ax25digicmp(s->digipeat, digi) != 0)
224 continue;
225 } else {
226 if (s->digipeat != NULL && s->digipeat->ndigi != 0)
227 continue;
228 }
229 ax25_cb_hold(s);
230 spin_unlock_bh(&ax25_list_lock);
231
232 return s;
233 }
234 }
235 spin_unlock_bh(&ax25_list_lock);
236
237 return NULL;
238 }
239
240 EXPORT_SYMBOL(ax25_find_cb);
241
ax25_send_to_raw(ax25_address * addr,struct sk_buff * skb,int proto)242 void ax25_send_to_raw(ax25_address *addr, struct sk_buff *skb, int proto)
243 {
244 ax25_cb *s;
245 struct sk_buff *copy;
246
247 spin_lock(&ax25_list_lock);
248 ax25_for_each(s, &ax25_list) {
249 if (s->sk != NULL && ax25cmp(&s->source_addr, addr) == 0 &&
250 s->sk->sk_type == SOCK_RAW &&
251 s->sk->sk_protocol == proto &&
252 s->ax25_dev->dev == skb->dev &&
253 atomic_read(&s->sk->sk_rmem_alloc) <= s->sk->sk_rcvbuf) {
254 if ((copy = skb_clone(skb, GFP_ATOMIC)) == NULL)
255 continue;
256 if (sock_queue_rcv_skb(s->sk, copy) != 0)
257 kfree_skb(copy);
258 }
259 }
260 spin_unlock(&ax25_list_lock);
261 }
262
263 /*
264 * Deferred destroy.
265 */
266 void ax25_destroy_socket(ax25_cb *);
267
268 /*
269 * Handler for deferred kills.
270 */
ax25_destroy_timer(struct timer_list * t)271 static void ax25_destroy_timer(struct timer_list *t)
272 {
273 ax25_cb *ax25 = from_timer(ax25, t, dtimer);
274 struct sock *sk;
275
276 sk=ax25->sk;
277
278 bh_lock_sock(sk);
279 sock_hold(sk);
280 ax25_destroy_socket(ax25);
281 bh_unlock_sock(sk);
282 sock_put(sk);
283 }
284
285 /*
286 * This is called from user mode and the timers. Thus it protects itself
287 * against interrupt users but doesn't worry about being called during
288 * work. Once it is removed from the queue no interrupt or bottom half
289 * will touch it and we are (fairly 8-) ) safe.
290 */
ax25_destroy_socket(ax25_cb * ax25)291 void ax25_destroy_socket(ax25_cb *ax25)
292 {
293 struct sk_buff *skb;
294
295 ax25_cb_del(ax25);
296
297 ax25_stop_heartbeat(ax25);
298 ax25_stop_t1timer(ax25);
299 ax25_stop_t2timer(ax25);
300 ax25_stop_t3timer(ax25);
301 ax25_stop_idletimer(ax25);
302
303 ax25_clear_queues(ax25); /* Flush the queues */
304
305 if (ax25->sk != NULL) {
306 while ((skb = skb_dequeue(&ax25->sk->sk_receive_queue)) != NULL) {
307 if (skb->sk != ax25->sk) {
308 /* A pending connection */
309 ax25_cb *sax25 = sk_to_ax25(skb->sk);
310
311 /* Queue the unaccepted socket for death */
312 sock_orphan(skb->sk);
313
314 /* 9A4GL: hack to release unaccepted sockets */
315 skb->sk->sk_state = TCP_LISTEN;
316
317 ax25_start_heartbeat(sax25);
318 sax25->state = AX25_STATE_0;
319 }
320
321 kfree_skb(skb);
322 }
323 skb_queue_purge(&ax25->sk->sk_write_queue);
324 }
325
326 if (ax25->sk != NULL) {
327 if (sk_has_allocations(ax25->sk)) {
328 /* Defer: outstanding buffers */
329 timer_setup(&ax25->dtimer, ax25_destroy_timer, 0);
330 ax25->dtimer.expires = jiffies + 2 * HZ;
331 add_timer(&ax25->dtimer);
332 } else {
333 struct sock *sk=ax25->sk;
334 ax25->sk=NULL;
335 sock_put(sk);
336 }
337 } else {
338 ax25_cb_put(ax25);
339 }
340 }
341
342 /*
343 * dl1bke 960311: set parameters for existing AX.25 connections,
344 * includes a KILL command to abort any connection.
345 * VERY useful for debugging ;-)
346 */
ax25_ctl_ioctl(const unsigned int cmd,void __user * arg)347 static int ax25_ctl_ioctl(const unsigned int cmd, void __user *arg)
348 {
349 struct ax25_ctl_struct ax25_ctl;
350 ax25_digi digi;
351 ax25_dev *ax25_dev;
352 ax25_cb *ax25;
353 unsigned int k;
354 int ret = 0;
355
356 if (copy_from_user(&ax25_ctl, arg, sizeof(ax25_ctl)))
357 return -EFAULT;
358
359 if ((ax25_dev = ax25_addr_ax25dev(&ax25_ctl.port_addr)) == NULL)
360 return -ENODEV;
361
362 if (ax25_ctl.digi_count > AX25_MAX_DIGIS)
363 return -EINVAL;
364
365 if (ax25_ctl.arg > ULONG_MAX / HZ && ax25_ctl.cmd != AX25_KILL)
366 return -EINVAL;
367
368 digi.ndigi = ax25_ctl.digi_count;
369 for (k = 0; k < digi.ndigi; k++)
370 digi.calls[k] = ax25_ctl.digi_addr[k];
371
372 if ((ax25 = ax25_find_cb(&ax25_ctl.source_addr, &ax25_ctl.dest_addr, &digi, ax25_dev->dev)) == NULL)
373 return -ENOTCONN;
374
375 switch (ax25_ctl.cmd) {
376 case AX25_KILL:
377 ax25_send_control(ax25, AX25_DISC, AX25_POLLON, AX25_COMMAND);
378 #ifdef CONFIG_AX25_DAMA_SLAVE
379 if (ax25_dev->dama.slave && ax25->ax25_dev->values[AX25_VALUES_PROTOCOL] == AX25_PROTO_DAMA_SLAVE)
380 ax25_dama_off(ax25);
381 #endif
382 ax25_disconnect(ax25, ENETRESET);
383 break;
384
385 case AX25_WINDOW:
386 if (ax25->modulus == AX25_MODULUS) {
387 if (ax25_ctl.arg < 1 || ax25_ctl.arg > 7)
388 goto einval_put;
389 } else {
390 if (ax25_ctl.arg < 1 || ax25_ctl.arg > 63)
391 goto einval_put;
392 }
393 ax25->window = ax25_ctl.arg;
394 break;
395
396 case AX25_T1:
397 if (ax25_ctl.arg < 1 || ax25_ctl.arg > ULONG_MAX / HZ)
398 goto einval_put;
399 ax25->rtt = (ax25_ctl.arg * HZ) / 2;
400 ax25->t1 = ax25_ctl.arg * HZ;
401 break;
402
403 case AX25_T2:
404 if (ax25_ctl.arg < 1 || ax25_ctl.arg > ULONG_MAX / HZ)
405 goto einval_put;
406 ax25->t2 = ax25_ctl.arg * HZ;
407 break;
408
409 case AX25_N2:
410 if (ax25_ctl.arg < 1 || ax25_ctl.arg > 31)
411 goto einval_put;
412 ax25->n2count = 0;
413 ax25->n2 = ax25_ctl.arg;
414 break;
415
416 case AX25_T3:
417 if (ax25_ctl.arg > ULONG_MAX / HZ)
418 goto einval_put;
419 ax25->t3 = ax25_ctl.arg * HZ;
420 break;
421
422 case AX25_IDLE:
423 if (ax25_ctl.arg > ULONG_MAX / (60 * HZ))
424 goto einval_put;
425
426 ax25->idle = ax25_ctl.arg * 60 * HZ;
427 break;
428
429 case AX25_PACLEN:
430 if (ax25_ctl.arg < 16 || ax25_ctl.arg > 65535)
431 goto einval_put;
432 ax25->paclen = ax25_ctl.arg;
433 break;
434
435 default:
436 goto einval_put;
437 }
438
439 out_put:
440 ax25_cb_put(ax25);
441 return ret;
442
443 einval_put:
444 ret = -EINVAL;
445 goto out_put;
446 }
447
ax25_fillin_cb_from_dev(ax25_cb * ax25,ax25_dev * ax25_dev)448 static void ax25_fillin_cb_from_dev(ax25_cb *ax25, ax25_dev *ax25_dev)
449 {
450 ax25->rtt = msecs_to_jiffies(ax25_dev->values[AX25_VALUES_T1]) / 2;
451 ax25->t1 = msecs_to_jiffies(ax25_dev->values[AX25_VALUES_T1]);
452 ax25->t2 = msecs_to_jiffies(ax25_dev->values[AX25_VALUES_T2]);
453 ax25->t3 = msecs_to_jiffies(ax25_dev->values[AX25_VALUES_T3]);
454 ax25->n2 = ax25_dev->values[AX25_VALUES_N2];
455 ax25->paclen = ax25_dev->values[AX25_VALUES_PACLEN];
456 ax25->idle = msecs_to_jiffies(ax25_dev->values[AX25_VALUES_IDLE]);
457 ax25->backoff = ax25_dev->values[AX25_VALUES_BACKOFF];
458
459 if (ax25_dev->values[AX25_VALUES_AXDEFMODE]) {
460 ax25->modulus = AX25_EMODULUS;
461 ax25->window = ax25_dev->values[AX25_VALUES_EWINDOW];
462 } else {
463 ax25->modulus = AX25_MODULUS;
464 ax25->window = ax25_dev->values[AX25_VALUES_WINDOW];
465 }
466 }
467
468 /*
469 * Fill in a created AX.25 created control block with the default
470 * values for a particular device.
471 */
ax25_fillin_cb(ax25_cb * ax25,ax25_dev * ax25_dev)472 void ax25_fillin_cb(ax25_cb *ax25, ax25_dev *ax25_dev)
473 {
474 ax25->ax25_dev = ax25_dev;
475
476 if (ax25->ax25_dev != NULL) {
477 ax25_fillin_cb_from_dev(ax25, ax25_dev);
478 return;
479 }
480
481 /*
482 * No device, use kernel / AX.25 spec default values
483 */
484 ax25->rtt = msecs_to_jiffies(AX25_DEF_T1) / 2;
485 ax25->t1 = msecs_to_jiffies(AX25_DEF_T1);
486 ax25->t2 = msecs_to_jiffies(AX25_DEF_T2);
487 ax25->t3 = msecs_to_jiffies(AX25_DEF_T3);
488 ax25->n2 = AX25_DEF_N2;
489 ax25->paclen = AX25_DEF_PACLEN;
490 ax25->idle = msecs_to_jiffies(AX25_DEF_IDLE);
491 ax25->backoff = AX25_DEF_BACKOFF;
492
493 if (AX25_DEF_AXDEFMODE) {
494 ax25->modulus = AX25_EMODULUS;
495 ax25->window = AX25_DEF_EWINDOW;
496 } else {
497 ax25->modulus = AX25_MODULUS;
498 ax25->window = AX25_DEF_WINDOW;
499 }
500 }
501
502 /*
503 * Create an empty AX.25 control block.
504 */
ax25_create_cb(void)505 ax25_cb *ax25_create_cb(void)
506 {
507 ax25_cb *ax25;
508
509 if ((ax25 = kzalloc(sizeof(*ax25), GFP_ATOMIC)) == NULL)
510 return NULL;
511
512 refcount_set(&ax25->refcount, 1);
513
514 skb_queue_head_init(&ax25->write_queue);
515 skb_queue_head_init(&ax25->frag_queue);
516 skb_queue_head_init(&ax25->ack_queue);
517 skb_queue_head_init(&ax25->reseq_queue);
518
519 ax25_setup_timers(ax25);
520
521 ax25_fillin_cb(ax25, NULL);
522
523 ax25->state = AX25_STATE_0;
524
525 return ax25;
526 }
527
528 /*
529 * Handling for system calls applied via the various interfaces to an
530 * AX25 socket object
531 */
532
ax25_setsockopt(struct socket * sock,int level,int optname,char __user * optval,unsigned int optlen)533 static int ax25_setsockopt(struct socket *sock, int level, int optname,
534 char __user *optval, unsigned int optlen)
535 {
536 struct sock *sk = sock->sk;
537 ax25_cb *ax25;
538 struct net_device *dev;
539 char devname[IFNAMSIZ];
540 unsigned long opt;
541 int res = 0;
542
543 if (level != SOL_AX25)
544 return -ENOPROTOOPT;
545
546 if (optlen < sizeof(unsigned int))
547 return -EINVAL;
548
549 if (get_user(opt, (unsigned int __user *)optval))
550 return -EFAULT;
551
552 lock_sock(sk);
553 ax25 = sk_to_ax25(sk);
554
555 switch (optname) {
556 case AX25_WINDOW:
557 if (ax25->modulus == AX25_MODULUS) {
558 if (opt < 1 || opt > 7) {
559 res = -EINVAL;
560 break;
561 }
562 } else {
563 if (opt < 1 || opt > 63) {
564 res = -EINVAL;
565 break;
566 }
567 }
568 ax25->window = opt;
569 break;
570
571 case AX25_T1:
572 if (opt < 1 || opt > ULONG_MAX / HZ) {
573 res = -EINVAL;
574 break;
575 }
576 ax25->rtt = (opt * HZ) >> 1;
577 ax25->t1 = opt * HZ;
578 break;
579
580 case AX25_T2:
581 if (opt < 1 || opt > ULONG_MAX / HZ) {
582 res = -EINVAL;
583 break;
584 }
585 ax25->t2 = opt * HZ;
586 break;
587
588 case AX25_N2:
589 if (opt < 1 || opt > 31) {
590 res = -EINVAL;
591 break;
592 }
593 ax25->n2 = opt;
594 break;
595
596 case AX25_T3:
597 if (opt < 1 || opt > ULONG_MAX / HZ) {
598 res = -EINVAL;
599 break;
600 }
601 ax25->t3 = opt * HZ;
602 break;
603
604 case AX25_IDLE:
605 if (opt > ULONG_MAX / (60 * HZ)) {
606 res = -EINVAL;
607 break;
608 }
609 ax25->idle = opt * 60 * HZ;
610 break;
611
612 case AX25_BACKOFF:
613 if (opt > 2) {
614 res = -EINVAL;
615 break;
616 }
617 ax25->backoff = opt;
618 break;
619
620 case AX25_EXTSEQ:
621 ax25->modulus = opt ? AX25_EMODULUS : AX25_MODULUS;
622 break;
623
624 case AX25_PIDINCL:
625 ax25->pidincl = opt ? 1 : 0;
626 break;
627
628 case AX25_IAMDIGI:
629 ax25->iamdigi = opt ? 1 : 0;
630 break;
631
632 case AX25_PACLEN:
633 if (opt < 16 || opt > 65535) {
634 res = -EINVAL;
635 break;
636 }
637 ax25->paclen = opt;
638 break;
639
640 case SO_BINDTODEVICE:
641 if (optlen > IFNAMSIZ)
642 optlen = IFNAMSIZ;
643
644 if (copy_from_user(devname, optval, optlen)) {
645 res = -EFAULT;
646 break;
647 }
648
649 if (sk->sk_type == SOCK_SEQPACKET &&
650 (sock->state != SS_UNCONNECTED ||
651 sk->sk_state == TCP_LISTEN)) {
652 res = -EADDRNOTAVAIL;
653 break;
654 }
655
656 dev = dev_get_by_name(&init_net, devname);
657 if (!dev) {
658 res = -ENODEV;
659 break;
660 }
661
662 ax25->ax25_dev = ax25_dev_ax25dev(dev);
663 ax25_fillin_cb(ax25, ax25->ax25_dev);
664 dev_put(dev);
665 break;
666
667 default:
668 res = -ENOPROTOOPT;
669 }
670 release_sock(sk);
671
672 return res;
673 }
674
ax25_getsockopt(struct socket * sock,int level,int optname,char __user * optval,int __user * optlen)675 static int ax25_getsockopt(struct socket *sock, int level, int optname,
676 char __user *optval, int __user *optlen)
677 {
678 struct sock *sk = sock->sk;
679 ax25_cb *ax25;
680 struct ax25_dev *ax25_dev;
681 char devname[IFNAMSIZ];
682 void *valptr;
683 int val = 0;
684 int maxlen, length;
685
686 if (level != SOL_AX25)
687 return -ENOPROTOOPT;
688
689 if (get_user(maxlen, optlen))
690 return -EFAULT;
691
692 if (maxlen < 1)
693 return -EFAULT;
694
695 valptr = (void *) &val;
696 length = min_t(unsigned int, maxlen, sizeof(int));
697
698 lock_sock(sk);
699 ax25 = sk_to_ax25(sk);
700
701 switch (optname) {
702 case AX25_WINDOW:
703 val = ax25->window;
704 break;
705
706 case AX25_T1:
707 val = ax25->t1 / HZ;
708 break;
709
710 case AX25_T2:
711 val = ax25->t2 / HZ;
712 break;
713
714 case AX25_N2:
715 val = ax25->n2;
716 break;
717
718 case AX25_T3:
719 val = ax25->t3 / HZ;
720 break;
721
722 case AX25_IDLE:
723 val = ax25->idle / (60 * HZ);
724 break;
725
726 case AX25_BACKOFF:
727 val = ax25->backoff;
728 break;
729
730 case AX25_EXTSEQ:
731 val = (ax25->modulus == AX25_EMODULUS);
732 break;
733
734 case AX25_PIDINCL:
735 val = ax25->pidincl;
736 break;
737
738 case AX25_IAMDIGI:
739 val = ax25->iamdigi;
740 break;
741
742 case AX25_PACLEN:
743 val = ax25->paclen;
744 break;
745
746 case SO_BINDTODEVICE:
747 ax25_dev = ax25->ax25_dev;
748
749 if (ax25_dev != NULL && ax25_dev->dev != NULL) {
750 strlcpy(devname, ax25_dev->dev->name, sizeof(devname));
751 length = strlen(devname) + 1;
752 } else {
753 *devname = '\0';
754 length = 1;
755 }
756
757 valptr = (void *) devname;
758 break;
759
760 default:
761 release_sock(sk);
762 return -ENOPROTOOPT;
763 }
764 release_sock(sk);
765
766 if (put_user(length, optlen))
767 return -EFAULT;
768
769 return copy_to_user(optval, valptr, length) ? -EFAULT : 0;
770 }
771
ax25_listen(struct socket * sock,int backlog)772 static int ax25_listen(struct socket *sock, int backlog)
773 {
774 struct sock *sk = sock->sk;
775 int res = 0;
776
777 lock_sock(sk);
778 if (sk->sk_type == SOCK_SEQPACKET && sk->sk_state != TCP_LISTEN) {
779 sk->sk_max_ack_backlog = backlog;
780 sk->sk_state = TCP_LISTEN;
781 goto out;
782 }
783 res = -EOPNOTSUPP;
784
785 out:
786 release_sock(sk);
787
788 return res;
789 }
790
791 /*
792 * XXX: when creating ax25_sock we should update the .obj_size setting
793 * below.
794 */
795 static struct proto ax25_proto = {
796 .name = "AX25",
797 .owner = THIS_MODULE,
798 .obj_size = sizeof(struct ax25_sock),
799 };
800
ax25_create(struct net * net,struct socket * sock,int protocol,int kern)801 static int ax25_create(struct net *net, struct socket *sock, int protocol,
802 int kern)
803 {
804 struct sock *sk;
805 ax25_cb *ax25;
806
807 if (protocol < 0 || protocol > SK_PROTOCOL_MAX)
808 return -EINVAL;
809
810 if (!net_eq(net, &init_net))
811 return -EAFNOSUPPORT;
812
813 switch (sock->type) {
814 case SOCK_DGRAM:
815 if (protocol == 0 || protocol == PF_AX25)
816 protocol = AX25_P_TEXT;
817 break;
818
819 case SOCK_SEQPACKET:
820 switch (protocol) {
821 case 0:
822 case PF_AX25: /* For CLX */
823 protocol = AX25_P_TEXT;
824 break;
825 case AX25_P_SEGMENT:
826 #ifdef CONFIG_INET
827 case AX25_P_ARP:
828 case AX25_P_IP:
829 #endif
830 #ifdef CONFIG_NETROM
831 case AX25_P_NETROM:
832 #endif
833 #ifdef CONFIG_ROSE
834 case AX25_P_ROSE:
835 #endif
836 return -ESOCKTNOSUPPORT;
837 #ifdef CONFIG_NETROM_MODULE
838 case AX25_P_NETROM:
839 if (ax25_protocol_is_registered(AX25_P_NETROM))
840 return -ESOCKTNOSUPPORT;
841 break;
842 #endif
843 #ifdef CONFIG_ROSE_MODULE
844 case AX25_P_ROSE:
845 if (ax25_protocol_is_registered(AX25_P_ROSE))
846 return -ESOCKTNOSUPPORT;
847 #endif
848 default:
849 break;
850 }
851 break;
852
853 case SOCK_RAW:
854 break;
855 default:
856 return -ESOCKTNOSUPPORT;
857 }
858
859 sk = sk_alloc(net, PF_AX25, GFP_ATOMIC, &ax25_proto, kern);
860 if (sk == NULL)
861 return -ENOMEM;
862
863 ax25 = ax25_sk(sk)->cb = ax25_create_cb();
864 if (!ax25) {
865 sk_free(sk);
866 return -ENOMEM;
867 }
868
869 sock_init_data(sock, sk);
870
871 sk->sk_destruct = ax25_free_sock;
872 sock->ops = &ax25_proto_ops;
873 sk->sk_protocol = protocol;
874
875 ax25->sk = sk;
876
877 return 0;
878 }
879
ax25_make_new(struct sock * osk,struct ax25_dev * ax25_dev)880 struct sock *ax25_make_new(struct sock *osk, struct ax25_dev *ax25_dev)
881 {
882 struct sock *sk;
883 ax25_cb *ax25, *oax25;
884
885 sk = sk_alloc(sock_net(osk), PF_AX25, GFP_ATOMIC, osk->sk_prot, 0);
886 if (sk == NULL)
887 return NULL;
888
889 if ((ax25 = ax25_create_cb()) == NULL) {
890 sk_free(sk);
891 return NULL;
892 }
893
894 switch (osk->sk_type) {
895 case SOCK_DGRAM:
896 break;
897 case SOCK_SEQPACKET:
898 break;
899 default:
900 sk_free(sk);
901 ax25_cb_put(ax25);
902 return NULL;
903 }
904
905 sock_init_data(NULL, sk);
906
907 sk->sk_type = osk->sk_type;
908 sk->sk_priority = osk->sk_priority;
909 sk->sk_protocol = osk->sk_protocol;
910 sk->sk_rcvbuf = osk->sk_rcvbuf;
911 sk->sk_sndbuf = osk->sk_sndbuf;
912 sk->sk_state = TCP_ESTABLISHED;
913 sock_copy_flags(sk, osk);
914
915 oax25 = sk_to_ax25(osk);
916
917 ax25->modulus = oax25->modulus;
918 ax25->backoff = oax25->backoff;
919 ax25->pidincl = oax25->pidincl;
920 ax25->iamdigi = oax25->iamdigi;
921 ax25->rtt = oax25->rtt;
922 ax25->t1 = oax25->t1;
923 ax25->t2 = oax25->t2;
924 ax25->t3 = oax25->t3;
925 ax25->n2 = oax25->n2;
926 ax25->idle = oax25->idle;
927 ax25->paclen = oax25->paclen;
928 ax25->window = oax25->window;
929
930 ax25->ax25_dev = ax25_dev;
931 ax25->source_addr = oax25->source_addr;
932
933 if (oax25->digipeat != NULL) {
934 ax25->digipeat = kmemdup(oax25->digipeat, sizeof(ax25_digi),
935 GFP_ATOMIC);
936 if (ax25->digipeat == NULL) {
937 sk_free(sk);
938 ax25_cb_put(ax25);
939 return NULL;
940 }
941 }
942
943 ax25_sk(sk)->cb = ax25;
944 sk->sk_destruct = ax25_free_sock;
945 ax25->sk = sk;
946
947 return sk;
948 }
949
ax25_release(struct socket * sock)950 static int ax25_release(struct socket *sock)
951 {
952 struct sock *sk = sock->sk;
953 ax25_cb *ax25;
954
955 if (sk == NULL)
956 return 0;
957
958 sock_hold(sk);
959 sock_orphan(sk);
960 lock_sock(sk);
961 ax25 = sk_to_ax25(sk);
962
963 if (sk->sk_type == SOCK_SEQPACKET) {
964 switch (ax25->state) {
965 case AX25_STATE_0:
966 release_sock(sk);
967 ax25_disconnect(ax25, 0);
968 lock_sock(sk);
969 ax25_destroy_socket(ax25);
970 break;
971
972 case AX25_STATE_1:
973 case AX25_STATE_2:
974 ax25_send_control(ax25, AX25_DISC, AX25_POLLON, AX25_COMMAND);
975 release_sock(sk);
976 ax25_disconnect(ax25, 0);
977 lock_sock(sk);
978 if (!sock_flag(ax25->sk, SOCK_DESTROY))
979 ax25_destroy_socket(ax25);
980 break;
981
982 case AX25_STATE_3:
983 case AX25_STATE_4:
984 ax25_clear_queues(ax25);
985 ax25->n2count = 0;
986
987 switch (ax25->ax25_dev->values[AX25_VALUES_PROTOCOL]) {
988 case AX25_PROTO_STD_SIMPLEX:
989 case AX25_PROTO_STD_DUPLEX:
990 ax25_send_control(ax25,
991 AX25_DISC,
992 AX25_POLLON,
993 AX25_COMMAND);
994 ax25_stop_t2timer(ax25);
995 ax25_stop_t3timer(ax25);
996 ax25_stop_idletimer(ax25);
997 break;
998 #ifdef CONFIG_AX25_DAMA_SLAVE
999 case AX25_PROTO_DAMA_SLAVE:
1000 ax25_stop_t3timer(ax25);
1001 ax25_stop_idletimer(ax25);
1002 break;
1003 #endif
1004 }
1005 ax25_calculate_t1(ax25);
1006 ax25_start_t1timer(ax25);
1007 ax25->state = AX25_STATE_2;
1008 sk->sk_state = TCP_CLOSE;
1009 sk->sk_shutdown |= SEND_SHUTDOWN;
1010 sk->sk_state_change(sk);
1011 sock_set_flag(sk, SOCK_DESTROY);
1012 break;
1013
1014 default:
1015 break;
1016 }
1017 } else {
1018 sk->sk_state = TCP_CLOSE;
1019 sk->sk_shutdown |= SEND_SHUTDOWN;
1020 sk->sk_state_change(sk);
1021 ax25_destroy_socket(ax25);
1022 }
1023
1024 sock->sk = NULL;
1025 release_sock(sk);
1026 sock_put(sk);
1027
1028 return 0;
1029 }
1030
1031 /*
1032 * We support a funny extension here so you can (as root) give any callsign
1033 * digipeated via a local address as source. This hack is obsolete now
1034 * that we've implemented support for SO_BINDTODEVICE. It is however small
1035 * and trivially backward compatible.
1036 */
ax25_bind(struct socket * sock,struct sockaddr * uaddr,int addr_len)1037 static int ax25_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
1038 {
1039 struct sock *sk = sock->sk;
1040 struct full_sockaddr_ax25 *addr = (struct full_sockaddr_ax25 *)uaddr;
1041 ax25_dev *ax25_dev = NULL;
1042 ax25_uid_assoc *user;
1043 ax25_address call;
1044 ax25_cb *ax25;
1045 int err = 0;
1046
1047 if (addr_len != sizeof(struct sockaddr_ax25) &&
1048 addr_len != sizeof(struct full_sockaddr_ax25))
1049 /* support for old structure may go away some time
1050 * ax25_bind(): uses old (6 digipeater) socket structure.
1051 */
1052 if ((addr_len < sizeof(struct sockaddr_ax25) + sizeof(ax25_address) * 6) ||
1053 (addr_len > sizeof(struct full_sockaddr_ax25)))
1054 return -EINVAL;
1055
1056 if (addr->fsa_ax25.sax25_family != AF_AX25)
1057 return -EINVAL;
1058
1059 user = ax25_findbyuid(current_euid());
1060 if (user) {
1061 call = user->call;
1062 ax25_uid_put(user);
1063 } else {
1064 if (ax25_uid_policy && !capable(CAP_NET_ADMIN))
1065 return -EACCES;
1066
1067 call = addr->fsa_ax25.sax25_call;
1068 }
1069
1070 lock_sock(sk);
1071
1072 ax25 = sk_to_ax25(sk);
1073 if (!sock_flag(sk, SOCK_ZAPPED)) {
1074 err = -EINVAL;
1075 goto out;
1076 }
1077
1078 ax25->source_addr = call;
1079
1080 /*
1081 * User already set interface with SO_BINDTODEVICE
1082 */
1083 if (ax25->ax25_dev != NULL)
1084 goto done;
1085
1086 if (addr_len > sizeof(struct sockaddr_ax25) && addr->fsa_ax25.sax25_ndigis == 1) {
1087 if (ax25cmp(&addr->fsa_digipeater[0], &null_ax25_address) != 0 &&
1088 (ax25_dev = ax25_addr_ax25dev(&addr->fsa_digipeater[0])) == NULL) {
1089 err = -EADDRNOTAVAIL;
1090 goto out;
1091 }
1092 } else {
1093 if ((ax25_dev = ax25_addr_ax25dev(&addr->fsa_ax25.sax25_call)) == NULL) {
1094 err = -EADDRNOTAVAIL;
1095 goto out;
1096 }
1097 }
1098
1099 if (ax25_dev != NULL)
1100 ax25_fillin_cb(ax25, ax25_dev);
1101
1102 done:
1103 ax25_cb_add(ax25);
1104 sock_reset_flag(sk, SOCK_ZAPPED);
1105
1106 out:
1107 release_sock(sk);
1108
1109 return err;
1110 }
1111
1112 /*
1113 * FIXME: nonblock behaviour looks like it may have a bug.
1114 */
ax25_connect(struct socket * sock,struct sockaddr * uaddr,int addr_len,int flags)1115 static int __must_check ax25_connect(struct socket *sock,
1116 struct sockaddr *uaddr, int addr_len, int flags)
1117 {
1118 struct sock *sk = sock->sk;
1119 ax25_cb *ax25 = sk_to_ax25(sk), *ax25t;
1120 struct full_sockaddr_ax25 *fsa = (struct full_sockaddr_ax25 *)uaddr;
1121 ax25_digi *digi = NULL;
1122 int ct = 0, err = 0;
1123
1124 /*
1125 * some sanity checks. code further down depends on this
1126 */
1127
1128 if (addr_len == sizeof(struct sockaddr_ax25))
1129 /* support for this will go away in early 2.5.x
1130 * ax25_connect(): uses obsolete socket structure
1131 */
1132 ;
1133 else if (addr_len != sizeof(struct full_sockaddr_ax25))
1134 /* support for old structure may go away some time
1135 * ax25_connect(): uses old (6 digipeater) socket structure.
1136 */
1137 if ((addr_len < sizeof(struct sockaddr_ax25) + sizeof(ax25_address) * 6) ||
1138 (addr_len > sizeof(struct full_sockaddr_ax25)))
1139 return -EINVAL;
1140
1141
1142 if (fsa->fsa_ax25.sax25_family != AF_AX25)
1143 return -EINVAL;
1144
1145 lock_sock(sk);
1146
1147 /* deal with restarts */
1148 if (sock->state == SS_CONNECTING) {
1149 switch (sk->sk_state) {
1150 case TCP_SYN_SENT: /* still trying */
1151 err = -EINPROGRESS;
1152 goto out_release;
1153
1154 case TCP_ESTABLISHED: /* connection established */
1155 sock->state = SS_CONNECTED;
1156 goto out_release;
1157
1158 case TCP_CLOSE: /* connection refused */
1159 sock->state = SS_UNCONNECTED;
1160 err = -ECONNREFUSED;
1161 goto out_release;
1162 }
1163 }
1164
1165 if (sk->sk_state == TCP_ESTABLISHED && sk->sk_type == SOCK_SEQPACKET) {
1166 err = -EISCONN; /* No reconnect on a seqpacket socket */
1167 goto out_release;
1168 }
1169
1170 sk->sk_state = TCP_CLOSE;
1171 sock->state = SS_UNCONNECTED;
1172
1173 kfree(ax25->digipeat);
1174 ax25->digipeat = NULL;
1175
1176 /*
1177 * Handle digi-peaters to be used.
1178 */
1179 if (addr_len > sizeof(struct sockaddr_ax25) &&
1180 fsa->fsa_ax25.sax25_ndigis != 0) {
1181 /* Valid number of digipeaters ? */
1182 if (fsa->fsa_ax25.sax25_ndigis < 1 || fsa->fsa_ax25.sax25_ndigis > AX25_MAX_DIGIS) {
1183 err = -EINVAL;
1184 goto out_release;
1185 }
1186
1187 if ((digi = kmalloc(sizeof(ax25_digi), GFP_KERNEL)) == NULL) {
1188 err = -ENOBUFS;
1189 goto out_release;
1190 }
1191
1192 digi->ndigi = fsa->fsa_ax25.sax25_ndigis;
1193 digi->lastrepeat = -1;
1194
1195 while (ct < fsa->fsa_ax25.sax25_ndigis) {
1196 if ((fsa->fsa_digipeater[ct].ax25_call[6] &
1197 AX25_HBIT) && ax25->iamdigi) {
1198 digi->repeated[ct] = 1;
1199 digi->lastrepeat = ct;
1200 } else {
1201 digi->repeated[ct] = 0;
1202 }
1203 digi->calls[ct] = fsa->fsa_digipeater[ct];
1204 ct++;
1205 }
1206 }
1207
1208 /*
1209 * Must bind first - autobinding in this may or may not work. If
1210 * the socket is already bound, check to see if the device has
1211 * been filled in, error if it hasn't.
1212 */
1213 if (sock_flag(sk, SOCK_ZAPPED)) {
1214 /* check if we can remove this feature. It is broken. */
1215 printk(KERN_WARNING "ax25_connect(): %s uses autobind, please contact jreuter@yaina.de\n",
1216 current->comm);
1217 if ((err = ax25_rt_autobind(ax25, &fsa->fsa_ax25.sax25_call)) < 0) {
1218 kfree(digi);
1219 goto out_release;
1220 }
1221
1222 ax25_fillin_cb(ax25, ax25->ax25_dev);
1223 ax25_cb_add(ax25);
1224 } else {
1225 if (ax25->ax25_dev == NULL) {
1226 kfree(digi);
1227 err = -EHOSTUNREACH;
1228 goto out_release;
1229 }
1230 }
1231
1232 if (sk->sk_type == SOCK_SEQPACKET &&
1233 (ax25t=ax25_find_cb(&ax25->source_addr, &fsa->fsa_ax25.sax25_call, digi,
1234 ax25->ax25_dev->dev))) {
1235 kfree(digi);
1236 err = -EADDRINUSE; /* Already such a connection */
1237 ax25_cb_put(ax25t);
1238 goto out_release;
1239 }
1240
1241 ax25->dest_addr = fsa->fsa_ax25.sax25_call;
1242 ax25->digipeat = digi;
1243
1244 /* First the easy one */
1245 if (sk->sk_type != SOCK_SEQPACKET) {
1246 sock->state = SS_CONNECTED;
1247 sk->sk_state = TCP_ESTABLISHED;
1248 goto out_release;
1249 }
1250
1251 /* Move to connecting socket, ax.25 lapb WAIT_UA.. */
1252 sock->state = SS_CONNECTING;
1253 sk->sk_state = TCP_SYN_SENT;
1254
1255 switch (ax25->ax25_dev->values[AX25_VALUES_PROTOCOL]) {
1256 case AX25_PROTO_STD_SIMPLEX:
1257 case AX25_PROTO_STD_DUPLEX:
1258 ax25_std_establish_data_link(ax25);
1259 break;
1260
1261 #ifdef CONFIG_AX25_DAMA_SLAVE
1262 case AX25_PROTO_DAMA_SLAVE:
1263 ax25->modulus = AX25_MODULUS;
1264 ax25->window = ax25->ax25_dev->values[AX25_VALUES_WINDOW];
1265 if (ax25->ax25_dev->dama.slave)
1266 ax25_ds_establish_data_link(ax25);
1267 else
1268 ax25_std_establish_data_link(ax25);
1269 break;
1270 #endif
1271 }
1272
1273 ax25->state = AX25_STATE_1;
1274
1275 ax25_start_heartbeat(ax25);
1276
1277 /* Now the loop */
1278 if (sk->sk_state != TCP_ESTABLISHED && (flags & O_NONBLOCK)) {
1279 err = -EINPROGRESS;
1280 goto out_release;
1281 }
1282
1283 if (sk->sk_state == TCP_SYN_SENT) {
1284 DEFINE_WAIT(wait);
1285
1286 for (;;) {
1287 prepare_to_wait(sk_sleep(sk), &wait,
1288 TASK_INTERRUPTIBLE);
1289 if (sk->sk_state != TCP_SYN_SENT)
1290 break;
1291 if (!signal_pending(current)) {
1292 release_sock(sk);
1293 schedule();
1294 lock_sock(sk);
1295 continue;
1296 }
1297 err = -ERESTARTSYS;
1298 break;
1299 }
1300 finish_wait(sk_sleep(sk), &wait);
1301
1302 if (err)
1303 goto out_release;
1304 }
1305
1306 if (sk->sk_state != TCP_ESTABLISHED) {
1307 /* Not in ABM, not in WAIT_UA -> failed */
1308 sock->state = SS_UNCONNECTED;
1309 err = sock_error(sk); /* Always set at this point */
1310 goto out_release;
1311 }
1312
1313 sock->state = SS_CONNECTED;
1314
1315 err = 0;
1316 out_release:
1317 release_sock(sk);
1318
1319 return err;
1320 }
1321
ax25_accept(struct socket * sock,struct socket * newsock,int flags,bool kern)1322 static int ax25_accept(struct socket *sock, struct socket *newsock, int flags,
1323 bool kern)
1324 {
1325 struct sk_buff *skb;
1326 struct sock *newsk;
1327 DEFINE_WAIT(wait);
1328 struct sock *sk;
1329 int err = 0;
1330
1331 if (sock->state != SS_UNCONNECTED)
1332 return -EINVAL;
1333
1334 if ((sk = sock->sk) == NULL)
1335 return -EINVAL;
1336
1337 lock_sock(sk);
1338 if (sk->sk_type != SOCK_SEQPACKET) {
1339 err = -EOPNOTSUPP;
1340 goto out;
1341 }
1342
1343 if (sk->sk_state != TCP_LISTEN) {
1344 err = -EINVAL;
1345 goto out;
1346 }
1347
1348 /*
1349 * The read queue this time is holding sockets ready to use
1350 * hooked into the SABM we saved
1351 */
1352 for (;;) {
1353 prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE);
1354 skb = skb_dequeue(&sk->sk_receive_queue);
1355 if (skb)
1356 break;
1357
1358 if (flags & O_NONBLOCK) {
1359 err = -EWOULDBLOCK;
1360 break;
1361 }
1362 if (!signal_pending(current)) {
1363 release_sock(sk);
1364 schedule();
1365 lock_sock(sk);
1366 continue;
1367 }
1368 err = -ERESTARTSYS;
1369 break;
1370 }
1371 finish_wait(sk_sleep(sk), &wait);
1372
1373 if (err)
1374 goto out;
1375
1376 newsk = skb->sk;
1377 sock_graft(newsk, newsock);
1378
1379 /* Now attach up the new socket */
1380 kfree_skb(skb);
1381 sk->sk_ack_backlog--;
1382 newsock->state = SS_CONNECTED;
1383
1384 out:
1385 release_sock(sk);
1386
1387 return err;
1388 }
1389
ax25_getname(struct socket * sock,struct sockaddr * uaddr,int peer)1390 static int ax25_getname(struct socket *sock, struct sockaddr *uaddr,
1391 int peer)
1392 {
1393 struct full_sockaddr_ax25 *fsa = (struct full_sockaddr_ax25 *)uaddr;
1394 struct sock *sk = sock->sk;
1395 unsigned char ndigi, i;
1396 ax25_cb *ax25;
1397 int err = 0;
1398
1399 memset(fsa, 0, sizeof(*fsa));
1400 lock_sock(sk);
1401 ax25 = sk_to_ax25(sk);
1402
1403 if (peer != 0) {
1404 if (sk->sk_state != TCP_ESTABLISHED) {
1405 err = -ENOTCONN;
1406 goto out;
1407 }
1408
1409 fsa->fsa_ax25.sax25_family = AF_AX25;
1410 fsa->fsa_ax25.sax25_call = ax25->dest_addr;
1411
1412 if (ax25->digipeat != NULL) {
1413 ndigi = ax25->digipeat->ndigi;
1414 fsa->fsa_ax25.sax25_ndigis = ndigi;
1415 for (i = 0; i < ndigi; i++)
1416 fsa->fsa_digipeater[i] =
1417 ax25->digipeat->calls[i];
1418 }
1419 } else {
1420 fsa->fsa_ax25.sax25_family = AF_AX25;
1421 fsa->fsa_ax25.sax25_call = ax25->source_addr;
1422 fsa->fsa_ax25.sax25_ndigis = 1;
1423 if (ax25->ax25_dev != NULL) {
1424 memcpy(&fsa->fsa_digipeater[0],
1425 ax25->ax25_dev->dev->dev_addr, AX25_ADDR_LEN);
1426 } else {
1427 fsa->fsa_digipeater[0] = null_ax25_address;
1428 }
1429 }
1430 err = sizeof (struct full_sockaddr_ax25);
1431
1432 out:
1433 release_sock(sk);
1434
1435 return err;
1436 }
1437
ax25_sendmsg(struct socket * sock,struct msghdr * msg,size_t len)1438 static int ax25_sendmsg(struct socket *sock, struct msghdr *msg, size_t len)
1439 {
1440 DECLARE_SOCKADDR(struct sockaddr_ax25 *, usax, msg->msg_name);
1441 struct sock *sk = sock->sk;
1442 struct sockaddr_ax25 sax;
1443 struct sk_buff *skb;
1444 ax25_digi dtmp, *dp;
1445 ax25_cb *ax25;
1446 size_t size;
1447 int lv, err, addr_len = msg->msg_namelen;
1448
1449 if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_EOR|MSG_CMSG_COMPAT))
1450 return -EINVAL;
1451
1452 lock_sock(sk);
1453 ax25 = sk_to_ax25(sk);
1454
1455 if (sock_flag(sk, SOCK_ZAPPED)) {
1456 err = -EADDRNOTAVAIL;
1457 goto out;
1458 }
1459
1460 if (sk->sk_shutdown & SEND_SHUTDOWN) {
1461 send_sig(SIGPIPE, current, 0);
1462 err = -EPIPE;
1463 goto out;
1464 }
1465
1466 if (ax25->ax25_dev == NULL) {
1467 err = -ENETUNREACH;
1468 goto out;
1469 }
1470
1471 if (len > ax25->ax25_dev->dev->mtu) {
1472 err = -EMSGSIZE;
1473 goto out;
1474 }
1475
1476 if (usax != NULL) {
1477 if (usax->sax25_family != AF_AX25) {
1478 err = -EINVAL;
1479 goto out;
1480 }
1481
1482 if (addr_len == sizeof(struct sockaddr_ax25))
1483 /* ax25_sendmsg(): uses obsolete socket structure */
1484 ;
1485 else if (addr_len != sizeof(struct full_sockaddr_ax25))
1486 /* support for old structure may go away some time
1487 * ax25_sendmsg(): uses old (6 digipeater)
1488 * socket structure.
1489 */
1490 if ((addr_len < sizeof(struct sockaddr_ax25) + sizeof(ax25_address) * 6) ||
1491 (addr_len > sizeof(struct full_sockaddr_ax25))) {
1492 err = -EINVAL;
1493 goto out;
1494 }
1495
1496
1497 if (addr_len > sizeof(struct sockaddr_ax25) && usax->sax25_ndigis != 0) {
1498 int ct = 0;
1499 struct full_sockaddr_ax25 *fsa = (struct full_sockaddr_ax25 *)usax;
1500
1501 /* Valid number of digipeaters ? */
1502 if (usax->sax25_ndigis < 1 || usax->sax25_ndigis > AX25_MAX_DIGIS) {
1503 err = -EINVAL;
1504 goto out;
1505 }
1506
1507 dtmp.ndigi = usax->sax25_ndigis;
1508
1509 while (ct < usax->sax25_ndigis) {
1510 dtmp.repeated[ct] = 0;
1511 dtmp.calls[ct] = fsa->fsa_digipeater[ct];
1512 ct++;
1513 }
1514
1515 dtmp.lastrepeat = 0;
1516 }
1517
1518 sax = *usax;
1519 if (sk->sk_type == SOCK_SEQPACKET &&
1520 ax25cmp(&ax25->dest_addr, &sax.sax25_call)) {
1521 err = -EISCONN;
1522 goto out;
1523 }
1524 if (usax->sax25_ndigis == 0)
1525 dp = NULL;
1526 else
1527 dp = &dtmp;
1528 } else {
1529 /*
1530 * FIXME: 1003.1g - if the socket is like this because
1531 * it has become closed (not started closed) and is VC
1532 * we ought to SIGPIPE, EPIPE
1533 */
1534 if (sk->sk_state != TCP_ESTABLISHED) {
1535 err = -ENOTCONN;
1536 goto out;
1537 }
1538 sax.sax25_family = AF_AX25;
1539 sax.sax25_call = ax25->dest_addr;
1540 dp = ax25->digipeat;
1541 }
1542
1543 /* Build a packet */
1544 /* Assume the worst case */
1545 size = len + ax25->ax25_dev->dev->hard_header_len;
1546
1547 skb = sock_alloc_send_skb(sk, size, msg->msg_flags&MSG_DONTWAIT, &err);
1548 if (skb == NULL)
1549 goto out;
1550
1551 skb_reserve(skb, size - len);
1552
1553 /* User data follows immediately after the AX.25 data */
1554 if (memcpy_from_msg(skb_put(skb, len), msg, len)) {
1555 err = -EFAULT;
1556 kfree_skb(skb);
1557 goto out;
1558 }
1559
1560 skb_reset_network_header(skb);
1561
1562 /* Add the PID if one is not supplied by the user in the skb */
1563 if (!ax25->pidincl)
1564 *(u8 *)skb_push(skb, 1) = sk->sk_protocol;
1565
1566 if (sk->sk_type == SOCK_SEQPACKET) {
1567 /* Connected mode sockets go via the LAPB machine */
1568 if (sk->sk_state != TCP_ESTABLISHED) {
1569 kfree_skb(skb);
1570 err = -ENOTCONN;
1571 goto out;
1572 }
1573
1574 /* Shove it onto the queue and kick */
1575 ax25_output(ax25, ax25->paclen, skb);
1576
1577 err = len;
1578 goto out;
1579 }
1580
1581 skb_push(skb, 1 + ax25_addr_size(dp));
1582
1583 /* Building AX.25 Header */
1584
1585 /* Build an AX.25 header */
1586 lv = ax25_addr_build(skb->data, &ax25->source_addr, &sax.sax25_call,
1587 dp, AX25_COMMAND, AX25_MODULUS);
1588
1589 skb_set_transport_header(skb, lv);
1590
1591 *skb_transport_header(skb) = AX25_UI;
1592
1593 /* Datagram frames go straight out of the door as UI */
1594 ax25_queue_xmit(skb, ax25->ax25_dev->dev);
1595
1596 err = len;
1597
1598 out:
1599 release_sock(sk);
1600
1601 return err;
1602 }
1603
ax25_recvmsg(struct socket * sock,struct msghdr * msg,size_t size,int flags)1604 static int ax25_recvmsg(struct socket *sock, struct msghdr *msg, size_t size,
1605 int flags)
1606 {
1607 struct sock *sk = sock->sk;
1608 struct sk_buff *skb;
1609 int copied;
1610 int err = 0;
1611
1612 lock_sock(sk);
1613 /*
1614 * This works for seqpacket too. The receiver has ordered the
1615 * queue for us! We do one quick check first though
1616 */
1617 if (sk->sk_type == SOCK_SEQPACKET && sk->sk_state != TCP_ESTABLISHED) {
1618 err = -ENOTCONN;
1619 goto out;
1620 }
1621
1622 /* Now we can treat all alike */
1623 skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT,
1624 flags & MSG_DONTWAIT, &err);
1625 if (skb == NULL)
1626 goto out;
1627
1628 if (!sk_to_ax25(sk)->pidincl)
1629 skb_pull(skb, 1); /* Remove PID */
1630
1631 skb_reset_transport_header(skb);
1632 copied = skb->len;
1633
1634 if (copied > size) {
1635 copied = size;
1636 msg->msg_flags |= MSG_TRUNC;
1637 }
1638
1639 skb_copy_datagram_msg(skb, 0, msg, copied);
1640
1641 if (msg->msg_name) {
1642 ax25_digi digi;
1643 ax25_address src;
1644 const unsigned char *mac = skb_mac_header(skb);
1645 DECLARE_SOCKADDR(struct sockaddr_ax25 *, sax, msg->msg_name);
1646
1647 memset(sax, 0, sizeof(struct full_sockaddr_ax25));
1648 ax25_addr_parse(mac + 1, skb->data - mac - 1, &src, NULL,
1649 &digi, NULL, NULL);
1650 sax->sax25_family = AF_AX25;
1651 /* We set this correctly, even though we may not let the
1652 application know the digi calls further down (because it
1653 did NOT ask to know them). This could get political... **/
1654 sax->sax25_ndigis = digi.ndigi;
1655 sax->sax25_call = src;
1656
1657 if (sax->sax25_ndigis != 0) {
1658 int ct;
1659 struct full_sockaddr_ax25 *fsa = (struct full_sockaddr_ax25 *)sax;
1660
1661 for (ct = 0; ct < digi.ndigi; ct++)
1662 fsa->fsa_digipeater[ct] = digi.calls[ct];
1663 }
1664 msg->msg_namelen = sizeof(struct full_sockaddr_ax25);
1665 }
1666
1667 skb_free_datagram(sk, skb);
1668 err = copied;
1669
1670 out:
1671 release_sock(sk);
1672
1673 return err;
1674 }
1675
ax25_shutdown(struct socket * sk,int how)1676 static int ax25_shutdown(struct socket *sk, int how)
1677 {
1678 /* FIXME - generate DM and RNR states */
1679 return -EOPNOTSUPP;
1680 }
1681
ax25_ioctl(struct socket * sock,unsigned int cmd,unsigned long arg)1682 static int ax25_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
1683 {
1684 struct sock *sk = sock->sk;
1685 void __user *argp = (void __user *)arg;
1686 int res = 0;
1687
1688 lock_sock(sk);
1689 switch (cmd) {
1690 case TIOCOUTQ: {
1691 long amount;
1692
1693 amount = sk->sk_sndbuf - sk_wmem_alloc_get(sk);
1694 if (amount < 0)
1695 amount = 0;
1696 res = put_user(amount, (int __user *)argp);
1697 break;
1698 }
1699
1700 case TIOCINQ: {
1701 struct sk_buff *skb;
1702 long amount = 0L;
1703 /* These two are safe on a single CPU system as only user tasks fiddle here */
1704 if ((skb = skb_peek(&sk->sk_receive_queue)) != NULL)
1705 amount = skb->len;
1706 res = put_user(amount, (int __user *) argp);
1707 break;
1708 }
1709
1710 case SIOCGSTAMP:
1711 res = sock_get_timestamp(sk, argp);
1712 break;
1713
1714 case SIOCGSTAMPNS:
1715 res = sock_get_timestampns(sk, argp);
1716 break;
1717
1718 case SIOCAX25ADDUID: /* Add a uid to the uid/call map table */
1719 case SIOCAX25DELUID: /* Delete a uid from the uid/call map table */
1720 case SIOCAX25GETUID: {
1721 struct sockaddr_ax25 sax25;
1722 if (copy_from_user(&sax25, argp, sizeof(sax25))) {
1723 res = -EFAULT;
1724 break;
1725 }
1726 res = ax25_uid_ioctl(cmd, &sax25);
1727 break;
1728 }
1729
1730 case SIOCAX25NOUID: { /* Set the default policy (default/bar) */
1731 long amount;
1732 if (!capable(CAP_NET_ADMIN)) {
1733 res = -EPERM;
1734 break;
1735 }
1736 if (get_user(amount, (long __user *)argp)) {
1737 res = -EFAULT;
1738 break;
1739 }
1740 if (amount < 0 || amount > AX25_NOUID_BLOCK) {
1741 res = -EINVAL;
1742 break;
1743 }
1744 ax25_uid_policy = amount;
1745 res = 0;
1746 break;
1747 }
1748
1749 case SIOCADDRT:
1750 case SIOCDELRT:
1751 case SIOCAX25OPTRT:
1752 if (!capable(CAP_NET_ADMIN)) {
1753 res = -EPERM;
1754 break;
1755 }
1756 res = ax25_rt_ioctl(cmd, argp);
1757 break;
1758
1759 case SIOCAX25CTLCON:
1760 if (!capable(CAP_NET_ADMIN)) {
1761 res = -EPERM;
1762 break;
1763 }
1764 res = ax25_ctl_ioctl(cmd, argp);
1765 break;
1766
1767 case SIOCAX25GETINFO:
1768 case SIOCAX25GETINFOOLD: {
1769 ax25_cb *ax25 = sk_to_ax25(sk);
1770 struct ax25_info_struct ax25_info;
1771
1772 ax25_info.t1 = ax25->t1 / HZ;
1773 ax25_info.t2 = ax25->t2 / HZ;
1774 ax25_info.t3 = ax25->t3 / HZ;
1775 ax25_info.idle = ax25->idle / (60 * HZ);
1776 ax25_info.n2 = ax25->n2;
1777 ax25_info.t1timer = ax25_display_timer(&ax25->t1timer) / HZ;
1778 ax25_info.t2timer = ax25_display_timer(&ax25->t2timer) / HZ;
1779 ax25_info.t3timer = ax25_display_timer(&ax25->t3timer) / HZ;
1780 ax25_info.idletimer = ax25_display_timer(&ax25->idletimer) / (60 * HZ);
1781 ax25_info.n2count = ax25->n2count;
1782 ax25_info.state = ax25->state;
1783 ax25_info.rcv_q = sk_rmem_alloc_get(sk);
1784 ax25_info.snd_q = sk_wmem_alloc_get(sk);
1785 ax25_info.vs = ax25->vs;
1786 ax25_info.vr = ax25->vr;
1787 ax25_info.va = ax25->va;
1788 ax25_info.vs_max = ax25->vs; /* reserved */
1789 ax25_info.paclen = ax25->paclen;
1790 ax25_info.window = ax25->window;
1791
1792 /* old structure? */
1793 if (cmd == SIOCAX25GETINFOOLD) {
1794 static int warned = 0;
1795 if (!warned) {
1796 printk(KERN_INFO "%s uses old SIOCAX25GETINFO\n",
1797 current->comm);
1798 warned=1;
1799 }
1800
1801 if (copy_to_user(argp, &ax25_info, sizeof(struct ax25_info_struct_deprecated))) {
1802 res = -EFAULT;
1803 break;
1804 }
1805 } else {
1806 if (copy_to_user(argp, &ax25_info, sizeof(struct ax25_info_struct))) {
1807 res = -EINVAL;
1808 break;
1809 }
1810 }
1811 res = 0;
1812 break;
1813 }
1814
1815 case SIOCAX25ADDFWD:
1816 case SIOCAX25DELFWD: {
1817 struct ax25_fwd_struct ax25_fwd;
1818 if (!capable(CAP_NET_ADMIN)) {
1819 res = -EPERM;
1820 break;
1821 }
1822 if (copy_from_user(&ax25_fwd, argp, sizeof(ax25_fwd))) {
1823 res = -EFAULT;
1824 break;
1825 }
1826 res = ax25_fwd_ioctl(cmd, &ax25_fwd);
1827 break;
1828 }
1829
1830 case SIOCGIFADDR:
1831 case SIOCSIFADDR:
1832 case SIOCGIFDSTADDR:
1833 case SIOCSIFDSTADDR:
1834 case SIOCGIFBRDADDR:
1835 case SIOCSIFBRDADDR:
1836 case SIOCGIFNETMASK:
1837 case SIOCSIFNETMASK:
1838 case SIOCGIFMETRIC:
1839 case SIOCSIFMETRIC:
1840 res = -EINVAL;
1841 break;
1842
1843 default:
1844 res = -ENOIOCTLCMD;
1845 break;
1846 }
1847 release_sock(sk);
1848
1849 return res;
1850 }
1851
1852 #ifdef CONFIG_PROC_FS
1853
ax25_info_start(struct seq_file * seq,loff_t * pos)1854 static void *ax25_info_start(struct seq_file *seq, loff_t *pos)
1855 __acquires(ax25_list_lock)
1856 {
1857 spin_lock_bh(&ax25_list_lock);
1858 return seq_hlist_start(&ax25_list, *pos);
1859 }
1860
ax25_info_next(struct seq_file * seq,void * v,loff_t * pos)1861 static void *ax25_info_next(struct seq_file *seq, void *v, loff_t *pos)
1862 {
1863 return seq_hlist_next(v, &ax25_list, pos);
1864 }
1865
ax25_info_stop(struct seq_file * seq,void * v)1866 static void ax25_info_stop(struct seq_file *seq, void *v)
1867 __releases(ax25_list_lock)
1868 {
1869 spin_unlock_bh(&ax25_list_lock);
1870 }
1871
ax25_info_show(struct seq_file * seq,void * v)1872 static int ax25_info_show(struct seq_file *seq, void *v)
1873 {
1874 ax25_cb *ax25 = hlist_entry(v, struct ax25_cb, ax25_node);
1875 char buf[11];
1876 int k;
1877
1878
1879 /*
1880 * New format:
1881 * magic dev src_addr dest_addr,digi1,digi2,.. st vs vr va t1 t1 t2 t2 t3 t3 idle idle n2 n2 rtt window paclen Snd-Q Rcv-Q inode
1882 */
1883
1884 seq_printf(seq, "%8.8lx %s %s%s ",
1885 (long) ax25,
1886 ax25->ax25_dev == NULL? "???" : ax25->ax25_dev->dev->name,
1887 ax2asc(buf, &ax25->source_addr),
1888 ax25->iamdigi? "*":"");
1889 seq_printf(seq, "%s", ax2asc(buf, &ax25->dest_addr));
1890
1891 for (k=0; (ax25->digipeat != NULL) && (k < ax25->digipeat->ndigi); k++) {
1892 seq_printf(seq, ",%s%s",
1893 ax2asc(buf, &ax25->digipeat->calls[k]),
1894 ax25->digipeat->repeated[k]? "*":"");
1895 }
1896
1897 seq_printf(seq, " %d %d %d %d %lu %lu %lu %lu %lu %lu %lu %lu %d %d %lu %d %d",
1898 ax25->state,
1899 ax25->vs, ax25->vr, ax25->va,
1900 ax25_display_timer(&ax25->t1timer) / HZ, ax25->t1 / HZ,
1901 ax25_display_timer(&ax25->t2timer) / HZ, ax25->t2 / HZ,
1902 ax25_display_timer(&ax25->t3timer) / HZ, ax25->t3 / HZ,
1903 ax25_display_timer(&ax25->idletimer) / (60 * HZ),
1904 ax25->idle / (60 * HZ),
1905 ax25->n2count, ax25->n2,
1906 ax25->rtt / HZ,
1907 ax25->window,
1908 ax25->paclen);
1909
1910 if (ax25->sk != NULL) {
1911 seq_printf(seq, " %d %d %lu\n",
1912 sk_wmem_alloc_get(ax25->sk),
1913 sk_rmem_alloc_get(ax25->sk),
1914 sock_i_ino(ax25->sk));
1915 } else {
1916 seq_puts(seq, " * * *\n");
1917 }
1918 return 0;
1919 }
1920
1921 static const struct seq_operations ax25_info_seqops = {
1922 .start = ax25_info_start,
1923 .next = ax25_info_next,
1924 .stop = ax25_info_stop,
1925 .show = ax25_info_show,
1926 };
1927 #endif
1928
1929 static const struct net_proto_family ax25_family_ops = {
1930 .family = PF_AX25,
1931 .create = ax25_create,
1932 .owner = THIS_MODULE,
1933 };
1934
1935 static const struct proto_ops ax25_proto_ops = {
1936 .family = PF_AX25,
1937 .owner = THIS_MODULE,
1938 .release = ax25_release,
1939 .bind = ax25_bind,
1940 .connect = ax25_connect,
1941 .socketpair = sock_no_socketpair,
1942 .accept = ax25_accept,
1943 .getname = ax25_getname,
1944 .poll = datagram_poll,
1945 .ioctl = ax25_ioctl,
1946 .listen = ax25_listen,
1947 .shutdown = ax25_shutdown,
1948 .setsockopt = ax25_setsockopt,
1949 .getsockopt = ax25_getsockopt,
1950 .sendmsg = ax25_sendmsg,
1951 .recvmsg = ax25_recvmsg,
1952 .mmap = sock_no_mmap,
1953 .sendpage = sock_no_sendpage,
1954 };
1955
1956 /*
1957 * Called by socket.c on kernel start up
1958 */
1959 static struct packet_type ax25_packet_type __read_mostly = {
1960 .type = cpu_to_be16(ETH_P_AX25),
1961 .func = ax25_kiss_rcv,
1962 };
1963
1964 static struct notifier_block ax25_dev_notifier = {
1965 .notifier_call = ax25_device_event,
1966 };
1967
ax25_init(void)1968 static int __init ax25_init(void)
1969 {
1970 int rc = proto_register(&ax25_proto, 0);
1971
1972 if (rc != 0)
1973 goto out;
1974
1975 sock_register(&ax25_family_ops);
1976 dev_add_pack(&ax25_packet_type);
1977 register_netdevice_notifier(&ax25_dev_notifier);
1978
1979 proc_create_seq("ax25_route", 0444, init_net.proc_net, &ax25_rt_seqops);
1980 proc_create_seq("ax25", 0444, init_net.proc_net, &ax25_info_seqops);
1981 proc_create_seq("ax25_calls", 0444, init_net.proc_net,
1982 &ax25_uid_seqops);
1983 out:
1984 return rc;
1985 }
1986 module_init(ax25_init);
1987
1988
1989 MODULE_AUTHOR("Jonathan Naylor G4KLX <g4klx@g4klx.demon.co.uk>");
1990 MODULE_DESCRIPTION("The amateur radio AX.25 link layer protocol");
1991 MODULE_LICENSE("GPL");
1992 MODULE_ALIAS_NETPROTO(PF_AX25);
1993
ax25_exit(void)1994 static void __exit ax25_exit(void)
1995 {
1996 remove_proc_entry("ax25_route", init_net.proc_net);
1997 remove_proc_entry("ax25", init_net.proc_net);
1998 remove_proc_entry("ax25_calls", init_net.proc_net);
1999
2000 unregister_netdevice_notifier(&ax25_dev_notifier);
2001
2002 dev_remove_pack(&ax25_packet_type);
2003
2004 sock_unregister(PF_AX25);
2005 proto_unregister(&ax25_proto);
2006
2007 ax25_rt_free();
2008 ax25_uid_free();
2009 ax25_dev_free();
2010 }
2011 module_exit(ax25_exit);
2012