1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 *
4 * Copyright (C) Alan Cox GW4PTS (alan@lxorguk.ukuu.org.uk)
5 * Copyright (C) Jonathan Naylor G4KLX (g4klx@g4klx.demon.co.uk)
6 * Copyright (C) Darryl Miles G7LED (dlm@g7led.demon.co.uk)
7 * Copyright (C) Steven Whitehouse GW7RRM (stevew@acm.org)
8 * Copyright (C) Joerg Reuter DL1BKE (jreuter@yaina.de)
9 * Copyright (C) Hans-Joachim Hetscher DD8NE (dd8ne@bnv-bamberg.de)
10 * Copyright (C) Hans Alblas PE1AYX (hans@esrac.ele.tue.nl)
11 * Copyright (C) Frederic Rible F1OAT (frible@teaser.fr)
12 */
13 #include <linux/capability.h>
14 #include <linux/module.h>
15 #include <linux/errno.h>
16 #include <linux/types.h>
17 #include <linux/socket.h>
18 #include <linux/in.h>
19 #include <linux/kernel.h>
20 #include <linux/sched/signal.h>
21 #include <linux/timer.h>
22 #include <linux/string.h>
23 #include <linux/sockios.h>
24 #include <linux/net.h>
25 #include <linux/slab.h>
26 #include <net/ax25.h>
27 #include <linux/inet.h>
28 #include <linux/netdevice.h>
29 #include <linux/if_arp.h>
30 #include <linux/skbuff.h>
31 #include <net/sock.h>
32 #include <linux/uaccess.h>
33 #include <linux/fcntl.h>
34 #include <linux/termios.h> /* For TIOCINQ/OUTQ */
35 #include <linux/mm.h>
36 #include <linux/interrupt.h>
37 #include <linux/notifier.h>
38 #include <linux/proc_fs.h>
39 #include <linux/stat.h>
40 #include <linux/sysctl.h>
41 #include <linux/init.h>
42 #include <linux/spinlock.h>
43 #include <net/net_namespace.h>
44 #include <net/tcp_states.h>
45 #include <net/ip.h>
46 #include <net/arp.h>
47
48
49
50 HLIST_HEAD(ax25_list);
51 DEFINE_SPINLOCK(ax25_list_lock);
52
53 static const struct proto_ops ax25_proto_ops;
54
ax25_free_sock(struct sock * sk)55 static void ax25_free_sock(struct sock *sk)
56 {
57 ax25_cb_put(sk_to_ax25(sk));
58 }
59
60 /*
61 * Socket removal during an interrupt is now safe.
62 */
ax25_cb_del(ax25_cb * ax25)63 static void ax25_cb_del(ax25_cb *ax25)
64 {
65 if (!hlist_unhashed(&ax25->ax25_node)) {
66 spin_lock_bh(&ax25_list_lock);
67 hlist_del_init(&ax25->ax25_node);
68 spin_unlock_bh(&ax25_list_lock);
69 ax25_cb_put(ax25);
70 }
71 }
72
73 /*
74 * Kill all bound sockets on a dropped device.
75 */
ax25_kill_by_device(struct net_device * dev)76 static void ax25_kill_by_device(struct net_device *dev)
77 {
78 ax25_dev *ax25_dev;
79 ax25_cb *s;
80
81 if ((ax25_dev = ax25_dev_ax25dev(dev)) == NULL)
82 return;
83
84 spin_lock_bh(&ax25_list_lock);
85 again:
86 ax25_for_each(s, &ax25_list) {
87 if (s->ax25_dev == ax25_dev) {
88 s->ax25_dev = NULL;
89 spin_unlock_bh(&ax25_list_lock);
90 ax25_disconnect(s, ENETUNREACH);
91 spin_lock_bh(&ax25_list_lock);
92
93 /* The entry could have been deleted from the
94 * list meanwhile and thus the next pointer is
95 * no longer valid. Play it safe and restart
96 * the scan. Forward progress is ensured
97 * because we set s->ax25_dev to NULL and we
98 * are never passed a NULL 'dev' argument.
99 */
100 goto again;
101 }
102 }
103 spin_unlock_bh(&ax25_list_lock);
104 }
105
106 /*
107 * Handle device status changes.
108 */
ax25_device_event(struct notifier_block * this,unsigned long event,void * ptr)109 static int ax25_device_event(struct notifier_block *this, unsigned long event,
110 void *ptr)
111 {
112 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
113
114 if (!net_eq(dev_net(dev), &init_net))
115 return NOTIFY_DONE;
116
117 /* Reject non AX.25 devices */
118 if (dev->type != ARPHRD_AX25)
119 return NOTIFY_DONE;
120
121 switch (event) {
122 case NETDEV_UP:
123 ax25_dev_device_up(dev);
124 break;
125 case NETDEV_DOWN:
126 ax25_kill_by_device(dev);
127 ax25_rt_device_down(dev);
128 ax25_dev_device_down(dev);
129 break;
130 default:
131 break;
132 }
133
134 return NOTIFY_DONE;
135 }
136
137 /*
138 * Add a socket to the bound sockets list.
139 */
ax25_cb_add(ax25_cb * ax25)140 void ax25_cb_add(ax25_cb *ax25)
141 {
142 spin_lock_bh(&ax25_list_lock);
143 ax25_cb_hold(ax25);
144 hlist_add_head(&ax25->ax25_node, &ax25_list);
145 spin_unlock_bh(&ax25_list_lock);
146 }
147
148 /*
149 * Find a socket that wants to accept the SABM we have just
150 * received.
151 */
ax25_find_listener(ax25_address * addr,int digi,struct net_device * dev,int type)152 struct sock *ax25_find_listener(ax25_address *addr, int digi,
153 struct net_device *dev, int type)
154 {
155 ax25_cb *s;
156
157 spin_lock(&ax25_list_lock);
158 ax25_for_each(s, &ax25_list) {
159 if ((s->iamdigi && !digi) || (!s->iamdigi && digi))
160 continue;
161 if (s->sk && !ax25cmp(&s->source_addr, addr) &&
162 s->sk->sk_type == type && s->sk->sk_state == TCP_LISTEN) {
163 /* If device is null we match any device */
164 if (s->ax25_dev == NULL || s->ax25_dev->dev == dev) {
165 sock_hold(s->sk);
166 spin_unlock(&ax25_list_lock);
167 return s->sk;
168 }
169 }
170 }
171 spin_unlock(&ax25_list_lock);
172
173 return NULL;
174 }
175
176 /*
177 * Find an AX.25 socket given both ends.
178 */
ax25_get_socket(ax25_address * my_addr,ax25_address * dest_addr,int type)179 struct sock *ax25_get_socket(ax25_address *my_addr, ax25_address *dest_addr,
180 int type)
181 {
182 struct sock *sk = NULL;
183 ax25_cb *s;
184
185 spin_lock(&ax25_list_lock);
186 ax25_for_each(s, &ax25_list) {
187 if (s->sk && !ax25cmp(&s->source_addr, my_addr) &&
188 !ax25cmp(&s->dest_addr, dest_addr) &&
189 s->sk->sk_type == type) {
190 sk = s->sk;
191 sock_hold(sk);
192 break;
193 }
194 }
195
196 spin_unlock(&ax25_list_lock);
197
198 return sk;
199 }
200
201 /*
202 * Find an AX.25 control block given both ends. It will only pick up
203 * floating AX.25 control blocks or non Raw socket bound control blocks.
204 */
ax25_find_cb(ax25_address * src_addr,ax25_address * dest_addr,ax25_digi * digi,struct net_device * dev)205 ax25_cb *ax25_find_cb(ax25_address *src_addr, ax25_address *dest_addr,
206 ax25_digi *digi, struct net_device *dev)
207 {
208 ax25_cb *s;
209
210 spin_lock_bh(&ax25_list_lock);
211 ax25_for_each(s, &ax25_list) {
212 if (s->sk && s->sk->sk_type != SOCK_SEQPACKET)
213 continue;
214 if (s->ax25_dev == NULL)
215 continue;
216 if (ax25cmp(&s->source_addr, src_addr) == 0 && ax25cmp(&s->dest_addr, dest_addr) == 0 && s->ax25_dev->dev == dev) {
217 if (digi != NULL && digi->ndigi != 0) {
218 if (s->digipeat == NULL)
219 continue;
220 if (ax25digicmp(s->digipeat, digi) != 0)
221 continue;
222 } else {
223 if (s->digipeat != NULL && s->digipeat->ndigi != 0)
224 continue;
225 }
226 ax25_cb_hold(s);
227 spin_unlock_bh(&ax25_list_lock);
228
229 return s;
230 }
231 }
232 spin_unlock_bh(&ax25_list_lock);
233
234 return NULL;
235 }
236
237 EXPORT_SYMBOL(ax25_find_cb);
238
ax25_send_to_raw(ax25_address * addr,struct sk_buff * skb,int proto)239 void ax25_send_to_raw(ax25_address *addr, struct sk_buff *skb, int proto)
240 {
241 ax25_cb *s;
242 struct sk_buff *copy;
243
244 spin_lock(&ax25_list_lock);
245 ax25_for_each(s, &ax25_list) {
246 if (s->sk != NULL && ax25cmp(&s->source_addr, addr) == 0 &&
247 s->sk->sk_type == SOCK_RAW &&
248 s->sk->sk_protocol == proto &&
249 s->ax25_dev->dev == skb->dev &&
250 atomic_read(&s->sk->sk_rmem_alloc) <= s->sk->sk_rcvbuf) {
251 if ((copy = skb_clone(skb, GFP_ATOMIC)) == NULL)
252 continue;
253 if (sock_queue_rcv_skb(s->sk, copy) != 0)
254 kfree_skb(copy);
255 }
256 }
257 spin_unlock(&ax25_list_lock);
258 }
259
260 /*
261 * Deferred destroy.
262 */
263 void ax25_destroy_socket(ax25_cb *);
264
265 /*
266 * Handler for deferred kills.
267 */
ax25_destroy_timer(struct timer_list * t)268 static void ax25_destroy_timer(struct timer_list *t)
269 {
270 ax25_cb *ax25 = from_timer(ax25, t, dtimer);
271 struct sock *sk;
272
273 sk=ax25->sk;
274
275 bh_lock_sock(sk);
276 sock_hold(sk);
277 ax25_destroy_socket(ax25);
278 bh_unlock_sock(sk);
279 sock_put(sk);
280 }
281
282 /*
283 * This is called from user mode and the timers. Thus it protects itself
284 * against interrupt users but doesn't worry about being called during
285 * work. Once it is removed from the queue no interrupt or bottom half
286 * will touch it and we are (fairly 8-) ) safe.
287 */
ax25_destroy_socket(ax25_cb * ax25)288 void ax25_destroy_socket(ax25_cb *ax25)
289 {
290 struct sk_buff *skb;
291
292 ax25_cb_del(ax25);
293
294 ax25_stop_heartbeat(ax25);
295 ax25_stop_t1timer(ax25);
296 ax25_stop_t2timer(ax25);
297 ax25_stop_t3timer(ax25);
298 ax25_stop_idletimer(ax25);
299
300 ax25_clear_queues(ax25); /* Flush the queues */
301
302 if (ax25->sk != NULL) {
303 while ((skb = skb_dequeue(&ax25->sk->sk_receive_queue)) != NULL) {
304 if (skb->sk != ax25->sk) {
305 /* A pending connection */
306 ax25_cb *sax25 = sk_to_ax25(skb->sk);
307
308 /* Queue the unaccepted socket for death */
309 sock_orphan(skb->sk);
310
311 /* 9A4GL: hack to release unaccepted sockets */
312 skb->sk->sk_state = TCP_LISTEN;
313
314 ax25_start_heartbeat(sax25);
315 sax25->state = AX25_STATE_0;
316 }
317
318 kfree_skb(skb);
319 }
320 skb_queue_purge(&ax25->sk->sk_write_queue);
321 }
322
323 if (ax25->sk != NULL) {
324 if (sk_has_allocations(ax25->sk)) {
325 /* Defer: outstanding buffers */
326 timer_setup(&ax25->dtimer, ax25_destroy_timer, 0);
327 ax25->dtimer.expires = jiffies + 2 * HZ;
328 add_timer(&ax25->dtimer);
329 } else {
330 struct sock *sk=ax25->sk;
331 ax25->sk=NULL;
332 sock_put(sk);
333 }
334 } else {
335 ax25_cb_put(ax25);
336 }
337 }
338
339 /*
340 * dl1bke 960311: set parameters for existing AX.25 connections,
341 * includes a KILL command to abort any connection.
342 * VERY useful for debugging ;-)
343 */
ax25_ctl_ioctl(const unsigned int cmd,void __user * arg)344 static int ax25_ctl_ioctl(const unsigned int cmd, void __user *arg)
345 {
346 struct ax25_ctl_struct ax25_ctl;
347 ax25_digi digi;
348 ax25_dev *ax25_dev;
349 ax25_cb *ax25;
350 unsigned int k;
351 int ret = 0;
352
353 if (copy_from_user(&ax25_ctl, arg, sizeof(ax25_ctl)))
354 return -EFAULT;
355
356 if ((ax25_dev = ax25_addr_ax25dev(&ax25_ctl.port_addr)) == NULL)
357 return -ENODEV;
358
359 if (ax25_ctl.digi_count > AX25_MAX_DIGIS)
360 return -EINVAL;
361
362 if (ax25_ctl.arg > ULONG_MAX / HZ && ax25_ctl.cmd != AX25_KILL)
363 return -EINVAL;
364
365 digi.ndigi = ax25_ctl.digi_count;
366 for (k = 0; k < digi.ndigi; k++)
367 digi.calls[k] = ax25_ctl.digi_addr[k];
368
369 if ((ax25 = ax25_find_cb(&ax25_ctl.source_addr, &ax25_ctl.dest_addr, &digi, ax25_dev->dev)) == NULL)
370 return -ENOTCONN;
371
372 switch (ax25_ctl.cmd) {
373 case AX25_KILL:
374 ax25_send_control(ax25, AX25_DISC, AX25_POLLON, AX25_COMMAND);
375 #ifdef CONFIG_AX25_DAMA_SLAVE
376 if (ax25_dev->dama.slave && ax25->ax25_dev->values[AX25_VALUES_PROTOCOL] == AX25_PROTO_DAMA_SLAVE)
377 ax25_dama_off(ax25);
378 #endif
379 ax25_disconnect(ax25, ENETRESET);
380 break;
381
382 case AX25_WINDOW:
383 if (ax25->modulus == AX25_MODULUS) {
384 if (ax25_ctl.arg < 1 || ax25_ctl.arg > 7)
385 goto einval_put;
386 } else {
387 if (ax25_ctl.arg < 1 || ax25_ctl.arg > 63)
388 goto einval_put;
389 }
390 ax25->window = ax25_ctl.arg;
391 break;
392
393 case AX25_T1:
394 if (ax25_ctl.arg < 1 || ax25_ctl.arg > ULONG_MAX / HZ)
395 goto einval_put;
396 ax25->rtt = (ax25_ctl.arg * HZ) / 2;
397 ax25->t1 = ax25_ctl.arg * HZ;
398 break;
399
400 case AX25_T2:
401 if (ax25_ctl.arg < 1 || ax25_ctl.arg > ULONG_MAX / HZ)
402 goto einval_put;
403 ax25->t2 = ax25_ctl.arg * HZ;
404 break;
405
406 case AX25_N2:
407 if (ax25_ctl.arg < 1 || ax25_ctl.arg > 31)
408 goto einval_put;
409 ax25->n2count = 0;
410 ax25->n2 = ax25_ctl.arg;
411 break;
412
413 case AX25_T3:
414 if (ax25_ctl.arg > ULONG_MAX / HZ)
415 goto einval_put;
416 ax25->t3 = ax25_ctl.arg * HZ;
417 break;
418
419 case AX25_IDLE:
420 if (ax25_ctl.arg > ULONG_MAX / (60 * HZ))
421 goto einval_put;
422
423 ax25->idle = ax25_ctl.arg * 60 * HZ;
424 break;
425
426 case AX25_PACLEN:
427 if (ax25_ctl.arg < 16 || ax25_ctl.arg > 65535)
428 goto einval_put;
429 ax25->paclen = ax25_ctl.arg;
430 break;
431
432 default:
433 goto einval_put;
434 }
435
436 out_put:
437 ax25_cb_put(ax25);
438 return ret;
439
440 einval_put:
441 ret = -EINVAL;
442 goto out_put;
443 }
444
ax25_fillin_cb_from_dev(ax25_cb * ax25,ax25_dev * ax25_dev)445 static void ax25_fillin_cb_from_dev(ax25_cb *ax25, ax25_dev *ax25_dev)
446 {
447 ax25->rtt = msecs_to_jiffies(ax25_dev->values[AX25_VALUES_T1]) / 2;
448 ax25->t1 = msecs_to_jiffies(ax25_dev->values[AX25_VALUES_T1]);
449 ax25->t2 = msecs_to_jiffies(ax25_dev->values[AX25_VALUES_T2]);
450 ax25->t3 = msecs_to_jiffies(ax25_dev->values[AX25_VALUES_T3]);
451 ax25->n2 = ax25_dev->values[AX25_VALUES_N2];
452 ax25->paclen = ax25_dev->values[AX25_VALUES_PACLEN];
453 ax25->idle = msecs_to_jiffies(ax25_dev->values[AX25_VALUES_IDLE]);
454 ax25->backoff = ax25_dev->values[AX25_VALUES_BACKOFF];
455
456 if (ax25_dev->values[AX25_VALUES_AXDEFMODE]) {
457 ax25->modulus = AX25_EMODULUS;
458 ax25->window = ax25_dev->values[AX25_VALUES_EWINDOW];
459 } else {
460 ax25->modulus = AX25_MODULUS;
461 ax25->window = ax25_dev->values[AX25_VALUES_WINDOW];
462 }
463 }
464
465 /*
466 * Fill in a created AX.25 created control block with the default
467 * values for a particular device.
468 */
ax25_fillin_cb(ax25_cb * ax25,ax25_dev * ax25_dev)469 void ax25_fillin_cb(ax25_cb *ax25, ax25_dev *ax25_dev)
470 {
471 ax25->ax25_dev = ax25_dev;
472
473 if (ax25->ax25_dev != NULL) {
474 ax25_fillin_cb_from_dev(ax25, ax25_dev);
475 return;
476 }
477
478 /*
479 * No device, use kernel / AX.25 spec default values
480 */
481 ax25->rtt = msecs_to_jiffies(AX25_DEF_T1) / 2;
482 ax25->t1 = msecs_to_jiffies(AX25_DEF_T1);
483 ax25->t2 = msecs_to_jiffies(AX25_DEF_T2);
484 ax25->t3 = msecs_to_jiffies(AX25_DEF_T3);
485 ax25->n2 = AX25_DEF_N2;
486 ax25->paclen = AX25_DEF_PACLEN;
487 ax25->idle = msecs_to_jiffies(AX25_DEF_IDLE);
488 ax25->backoff = AX25_DEF_BACKOFF;
489
490 if (AX25_DEF_AXDEFMODE) {
491 ax25->modulus = AX25_EMODULUS;
492 ax25->window = AX25_DEF_EWINDOW;
493 } else {
494 ax25->modulus = AX25_MODULUS;
495 ax25->window = AX25_DEF_WINDOW;
496 }
497 }
498
499 /*
500 * Create an empty AX.25 control block.
501 */
ax25_create_cb(void)502 ax25_cb *ax25_create_cb(void)
503 {
504 ax25_cb *ax25;
505
506 if ((ax25 = kzalloc(sizeof(*ax25), GFP_ATOMIC)) == NULL)
507 return NULL;
508
509 refcount_set(&ax25->refcount, 1);
510
511 skb_queue_head_init(&ax25->write_queue);
512 skb_queue_head_init(&ax25->frag_queue);
513 skb_queue_head_init(&ax25->ack_queue);
514 skb_queue_head_init(&ax25->reseq_queue);
515
516 ax25_setup_timers(ax25);
517
518 ax25_fillin_cb(ax25, NULL);
519
520 ax25->state = AX25_STATE_0;
521
522 return ax25;
523 }
524
525 /*
526 * Handling for system calls applied via the various interfaces to an
527 * AX25 socket object
528 */
529
ax25_setsockopt(struct socket * sock,int level,int optname,char __user * optval,unsigned int optlen)530 static int ax25_setsockopt(struct socket *sock, int level, int optname,
531 char __user *optval, unsigned int optlen)
532 {
533 struct sock *sk = sock->sk;
534 ax25_cb *ax25;
535 struct net_device *dev;
536 char devname[IFNAMSIZ];
537 unsigned long opt;
538 int res = 0;
539
540 if (level != SOL_AX25)
541 return -ENOPROTOOPT;
542
543 if (optlen < sizeof(unsigned int))
544 return -EINVAL;
545
546 if (get_user(opt, (unsigned int __user *)optval))
547 return -EFAULT;
548
549 lock_sock(sk);
550 ax25 = sk_to_ax25(sk);
551
552 switch (optname) {
553 case AX25_WINDOW:
554 if (ax25->modulus == AX25_MODULUS) {
555 if (opt < 1 || opt > 7) {
556 res = -EINVAL;
557 break;
558 }
559 } else {
560 if (opt < 1 || opt > 63) {
561 res = -EINVAL;
562 break;
563 }
564 }
565 ax25->window = opt;
566 break;
567
568 case AX25_T1:
569 if (opt < 1 || opt > ULONG_MAX / HZ) {
570 res = -EINVAL;
571 break;
572 }
573 ax25->rtt = (opt * HZ) >> 1;
574 ax25->t1 = opt * HZ;
575 break;
576
577 case AX25_T2:
578 if (opt < 1 || opt > ULONG_MAX / HZ) {
579 res = -EINVAL;
580 break;
581 }
582 ax25->t2 = opt * HZ;
583 break;
584
585 case AX25_N2:
586 if (opt < 1 || opt > 31) {
587 res = -EINVAL;
588 break;
589 }
590 ax25->n2 = opt;
591 break;
592
593 case AX25_T3:
594 if (opt < 1 || opt > ULONG_MAX / HZ) {
595 res = -EINVAL;
596 break;
597 }
598 ax25->t3 = opt * HZ;
599 break;
600
601 case AX25_IDLE:
602 if (opt > ULONG_MAX / (60 * HZ)) {
603 res = -EINVAL;
604 break;
605 }
606 ax25->idle = opt * 60 * HZ;
607 break;
608
609 case AX25_BACKOFF:
610 if (opt > 2) {
611 res = -EINVAL;
612 break;
613 }
614 ax25->backoff = opt;
615 break;
616
617 case AX25_EXTSEQ:
618 ax25->modulus = opt ? AX25_EMODULUS : AX25_MODULUS;
619 break;
620
621 case AX25_PIDINCL:
622 ax25->pidincl = opt ? 1 : 0;
623 break;
624
625 case AX25_IAMDIGI:
626 ax25->iamdigi = opt ? 1 : 0;
627 break;
628
629 case AX25_PACLEN:
630 if (opt < 16 || opt > 65535) {
631 res = -EINVAL;
632 break;
633 }
634 ax25->paclen = opt;
635 break;
636
637 case SO_BINDTODEVICE:
638 if (optlen > IFNAMSIZ)
639 optlen = IFNAMSIZ;
640
641 if (copy_from_user(devname, optval, optlen)) {
642 res = -EFAULT;
643 break;
644 }
645
646 if (sk->sk_type == SOCK_SEQPACKET &&
647 (sock->state != SS_UNCONNECTED ||
648 sk->sk_state == TCP_LISTEN)) {
649 res = -EADDRNOTAVAIL;
650 break;
651 }
652
653 rtnl_lock();
654 dev = __dev_get_by_name(&init_net, devname);
655 if (!dev) {
656 rtnl_unlock();
657 res = -ENODEV;
658 break;
659 }
660
661 ax25->ax25_dev = ax25_dev_ax25dev(dev);
662 if (!ax25->ax25_dev) {
663 rtnl_unlock();
664 res = -ENODEV;
665 break;
666 }
667 ax25_fillin_cb(ax25, ax25->ax25_dev);
668 rtnl_unlock();
669 break;
670
671 default:
672 res = -ENOPROTOOPT;
673 }
674 release_sock(sk);
675
676 return res;
677 }
678
ax25_getsockopt(struct socket * sock,int level,int optname,char __user * optval,int __user * optlen)679 static int ax25_getsockopt(struct socket *sock, int level, int optname,
680 char __user *optval, int __user *optlen)
681 {
682 struct sock *sk = sock->sk;
683 ax25_cb *ax25;
684 struct ax25_dev *ax25_dev;
685 char devname[IFNAMSIZ];
686 void *valptr;
687 int val = 0;
688 int maxlen, length;
689
690 if (level != SOL_AX25)
691 return -ENOPROTOOPT;
692
693 if (get_user(maxlen, optlen))
694 return -EFAULT;
695
696 if (maxlen < 1)
697 return -EFAULT;
698
699 valptr = (void *) &val;
700 length = min_t(unsigned int, maxlen, sizeof(int));
701
702 lock_sock(sk);
703 ax25 = sk_to_ax25(sk);
704
705 switch (optname) {
706 case AX25_WINDOW:
707 val = ax25->window;
708 break;
709
710 case AX25_T1:
711 val = ax25->t1 / HZ;
712 break;
713
714 case AX25_T2:
715 val = ax25->t2 / HZ;
716 break;
717
718 case AX25_N2:
719 val = ax25->n2;
720 break;
721
722 case AX25_T3:
723 val = ax25->t3 / HZ;
724 break;
725
726 case AX25_IDLE:
727 val = ax25->idle / (60 * HZ);
728 break;
729
730 case AX25_BACKOFF:
731 val = ax25->backoff;
732 break;
733
734 case AX25_EXTSEQ:
735 val = (ax25->modulus == AX25_EMODULUS);
736 break;
737
738 case AX25_PIDINCL:
739 val = ax25->pidincl;
740 break;
741
742 case AX25_IAMDIGI:
743 val = ax25->iamdigi;
744 break;
745
746 case AX25_PACLEN:
747 val = ax25->paclen;
748 break;
749
750 case SO_BINDTODEVICE:
751 ax25_dev = ax25->ax25_dev;
752
753 if (ax25_dev != NULL && ax25_dev->dev != NULL) {
754 strlcpy(devname, ax25_dev->dev->name, sizeof(devname));
755 length = strlen(devname) + 1;
756 } else {
757 *devname = '\0';
758 length = 1;
759 }
760
761 valptr = (void *) devname;
762 break;
763
764 default:
765 release_sock(sk);
766 return -ENOPROTOOPT;
767 }
768 release_sock(sk);
769
770 if (put_user(length, optlen))
771 return -EFAULT;
772
773 return copy_to_user(optval, valptr, length) ? -EFAULT : 0;
774 }
775
ax25_listen(struct socket * sock,int backlog)776 static int ax25_listen(struct socket *sock, int backlog)
777 {
778 struct sock *sk = sock->sk;
779 int res = 0;
780
781 lock_sock(sk);
782 if (sk->sk_type == SOCK_SEQPACKET && sk->sk_state != TCP_LISTEN) {
783 sk->sk_max_ack_backlog = backlog;
784 sk->sk_state = TCP_LISTEN;
785 goto out;
786 }
787 res = -EOPNOTSUPP;
788
789 out:
790 release_sock(sk);
791
792 return res;
793 }
794
795 /*
796 * XXX: when creating ax25_sock we should update the .obj_size setting
797 * below.
798 */
799 static struct proto ax25_proto = {
800 .name = "AX25",
801 .owner = THIS_MODULE,
802 .obj_size = sizeof(struct ax25_sock),
803 };
804
ax25_create(struct net * net,struct socket * sock,int protocol,int kern)805 static int ax25_create(struct net *net, struct socket *sock, int protocol,
806 int kern)
807 {
808 struct sock *sk;
809 ax25_cb *ax25;
810
811 if (protocol < 0 || protocol > SK_PROTOCOL_MAX)
812 return -EINVAL;
813
814 if (!net_eq(net, &init_net))
815 return -EAFNOSUPPORT;
816
817 switch (sock->type) {
818 case SOCK_DGRAM:
819 if (protocol == 0 || protocol == PF_AX25)
820 protocol = AX25_P_TEXT;
821 break;
822
823 case SOCK_SEQPACKET:
824 switch (protocol) {
825 case 0:
826 case PF_AX25: /* For CLX */
827 protocol = AX25_P_TEXT;
828 break;
829 case AX25_P_SEGMENT:
830 #ifdef CONFIG_INET
831 case AX25_P_ARP:
832 case AX25_P_IP:
833 #endif
834 #ifdef CONFIG_NETROM
835 case AX25_P_NETROM:
836 #endif
837 #ifdef CONFIG_ROSE
838 case AX25_P_ROSE:
839 #endif
840 return -ESOCKTNOSUPPORT;
841 #ifdef CONFIG_NETROM_MODULE
842 case AX25_P_NETROM:
843 if (ax25_protocol_is_registered(AX25_P_NETROM))
844 return -ESOCKTNOSUPPORT;
845 break;
846 #endif
847 #ifdef CONFIG_ROSE_MODULE
848 case AX25_P_ROSE:
849 if (ax25_protocol_is_registered(AX25_P_ROSE))
850 return -ESOCKTNOSUPPORT;
851 #endif
852 default:
853 break;
854 }
855 break;
856
857 case SOCK_RAW:
858 if (!capable(CAP_NET_RAW))
859 return -EPERM;
860 break;
861 default:
862 return -ESOCKTNOSUPPORT;
863 }
864
865 sk = sk_alloc(net, PF_AX25, GFP_ATOMIC, &ax25_proto, kern);
866 if (sk == NULL)
867 return -ENOMEM;
868
869 ax25 = ax25_sk(sk)->cb = ax25_create_cb();
870 if (!ax25) {
871 sk_free(sk);
872 return -ENOMEM;
873 }
874
875 sock_init_data(sock, sk);
876
877 sk->sk_destruct = ax25_free_sock;
878 sock->ops = &ax25_proto_ops;
879 sk->sk_protocol = protocol;
880
881 ax25->sk = sk;
882
883 return 0;
884 }
885
ax25_make_new(struct sock * osk,struct ax25_dev * ax25_dev)886 struct sock *ax25_make_new(struct sock *osk, struct ax25_dev *ax25_dev)
887 {
888 struct sock *sk;
889 ax25_cb *ax25, *oax25;
890
891 sk = sk_alloc(sock_net(osk), PF_AX25, GFP_ATOMIC, osk->sk_prot, 0);
892 if (sk == NULL)
893 return NULL;
894
895 if ((ax25 = ax25_create_cb()) == NULL) {
896 sk_free(sk);
897 return NULL;
898 }
899
900 switch (osk->sk_type) {
901 case SOCK_DGRAM:
902 break;
903 case SOCK_SEQPACKET:
904 break;
905 default:
906 sk_free(sk);
907 ax25_cb_put(ax25);
908 return NULL;
909 }
910
911 sock_init_data(NULL, sk);
912
913 sk->sk_type = osk->sk_type;
914 sk->sk_priority = osk->sk_priority;
915 sk->sk_protocol = osk->sk_protocol;
916 sk->sk_rcvbuf = osk->sk_rcvbuf;
917 sk->sk_sndbuf = osk->sk_sndbuf;
918 sk->sk_state = TCP_ESTABLISHED;
919 sock_copy_flags(sk, osk);
920
921 oax25 = sk_to_ax25(osk);
922
923 ax25->modulus = oax25->modulus;
924 ax25->backoff = oax25->backoff;
925 ax25->pidincl = oax25->pidincl;
926 ax25->iamdigi = oax25->iamdigi;
927 ax25->rtt = oax25->rtt;
928 ax25->t1 = oax25->t1;
929 ax25->t2 = oax25->t2;
930 ax25->t3 = oax25->t3;
931 ax25->n2 = oax25->n2;
932 ax25->idle = oax25->idle;
933 ax25->paclen = oax25->paclen;
934 ax25->window = oax25->window;
935
936 ax25->ax25_dev = ax25_dev;
937 ax25->source_addr = oax25->source_addr;
938
939 if (oax25->digipeat != NULL) {
940 ax25->digipeat = kmemdup(oax25->digipeat, sizeof(ax25_digi),
941 GFP_ATOMIC);
942 if (ax25->digipeat == NULL) {
943 sk_free(sk);
944 ax25_cb_put(ax25);
945 return NULL;
946 }
947 }
948
949 ax25_sk(sk)->cb = ax25;
950 sk->sk_destruct = ax25_free_sock;
951 ax25->sk = sk;
952
953 return sk;
954 }
955
ax25_release(struct socket * sock)956 static int ax25_release(struct socket *sock)
957 {
958 struct sock *sk = sock->sk;
959 ax25_cb *ax25;
960
961 if (sk == NULL)
962 return 0;
963
964 sock_hold(sk);
965 sock_orphan(sk);
966 lock_sock(sk);
967 ax25 = sk_to_ax25(sk);
968
969 if (sk->sk_type == SOCK_SEQPACKET) {
970 switch (ax25->state) {
971 case AX25_STATE_0:
972 release_sock(sk);
973 ax25_disconnect(ax25, 0);
974 lock_sock(sk);
975 ax25_destroy_socket(ax25);
976 break;
977
978 case AX25_STATE_1:
979 case AX25_STATE_2:
980 ax25_send_control(ax25, AX25_DISC, AX25_POLLON, AX25_COMMAND);
981 release_sock(sk);
982 ax25_disconnect(ax25, 0);
983 lock_sock(sk);
984 if (!sock_flag(ax25->sk, SOCK_DESTROY))
985 ax25_destroy_socket(ax25);
986 break;
987
988 case AX25_STATE_3:
989 case AX25_STATE_4:
990 ax25_clear_queues(ax25);
991 ax25->n2count = 0;
992
993 switch (ax25->ax25_dev->values[AX25_VALUES_PROTOCOL]) {
994 case AX25_PROTO_STD_SIMPLEX:
995 case AX25_PROTO_STD_DUPLEX:
996 ax25_send_control(ax25,
997 AX25_DISC,
998 AX25_POLLON,
999 AX25_COMMAND);
1000 ax25_stop_t2timer(ax25);
1001 ax25_stop_t3timer(ax25);
1002 ax25_stop_idletimer(ax25);
1003 break;
1004 #ifdef CONFIG_AX25_DAMA_SLAVE
1005 case AX25_PROTO_DAMA_SLAVE:
1006 ax25_stop_t3timer(ax25);
1007 ax25_stop_idletimer(ax25);
1008 break;
1009 #endif
1010 }
1011 ax25_calculate_t1(ax25);
1012 ax25_start_t1timer(ax25);
1013 ax25->state = AX25_STATE_2;
1014 sk->sk_state = TCP_CLOSE;
1015 sk->sk_shutdown |= SEND_SHUTDOWN;
1016 sk->sk_state_change(sk);
1017 sock_set_flag(sk, SOCK_DESTROY);
1018 break;
1019
1020 default:
1021 break;
1022 }
1023 } else {
1024 sk->sk_state = TCP_CLOSE;
1025 sk->sk_shutdown |= SEND_SHUTDOWN;
1026 sk->sk_state_change(sk);
1027 ax25_destroy_socket(ax25);
1028 }
1029
1030 sock->sk = NULL;
1031 release_sock(sk);
1032 sock_put(sk);
1033
1034 return 0;
1035 }
1036
1037 /*
1038 * We support a funny extension here so you can (as root) give any callsign
1039 * digipeated via a local address as source. This hack is obsolete now
1040 * that we've implemented support for SO_BINDTODEVICE. It is however small
1041 * and trivially backward compatible.
1042 */
ax25_bind(struct socket * sock,struct sockaddr * uaddr,int addr_len)1043 static int ax25_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
1044 {
1045 struct sock *sk = sock->sk;
1046 struct full_sockaddr_ax25 *addr = (struct full_sockaddr_ax25 *)uaddr;
1047 ax25_dev *ax25_dev = NULL;
1048 ax25_uid_assoc *user;
1049 ax25_address call;
1050 ax25_cb *ax25;
1051 int err = 0;
1052
1053 if (addr_len != sizeof(struct sockaddr_ax25) &&
1054 addr_len != sizeof(struct full_sockaddr_ax25))
1055 /* support for old structure may go away some time
1056 * ax25_bind(): uses old (6 digipeater) socket structure.
1057 */
1058 if ((addr_len < sizeof(struct sockaddr_ax25) + sizeof(ax25_address) * 6) ||
1059 (addr_len > sizeof(struct full_sockaddr_ax25)))
1060 return -EINVAL;
1061
1062 if (addr->fsa_ax25.sax25_family != AF_AX25)
1063 return -EINVAL;
1064
1065 user = ax25_findbyuid(current_euid());
1066 if (user) {
1067 call = user->call;
1068 ax25_uid_put(user);
1069 } else {
1070 if (ax25_uid_policy && !capable(CAP_NET_ADMIN))
1071 return -EACCES;
1072
1073 call = addr->fsa_ax25.sax25_call;
1074 }
1075
1076 lock_sock(sk);
1077
1078 ax25 = sk_to_ax25(sk);
1079 if (!sock_flag(sk, SOCK_ZAPPED)) {
1080 err = -EINVAL;
1081 goto out;
1082 }
1083
1084 ax25->source_addr = call;
1085
1086 /*
1087 * User already set interface with SO_BINDTODEVICE
1088 */
1089 if (ax25->ax25_dev != NULL)
1090 goto done;
1091
1092 if (addr_len > sizeof(struct sockaddr_ax25) && addr->fsa_ax25.sax25_ndigis == 1) {
1093 if (ax25cmp(&addr->fsa_digipeater[0], &null_ax25_address) != 0 &&
1094 (ax25_dev = ax25_addr_ax25dev(&addr->fsa_digipeater[0])) == NULL) {
1095 err = -EADDRNOTAVAIL;
1096 goto out;
1097 }
1098 } else {
1099 if ((ax25_dev = ax25_addr_ax25dev(&addr->fsa_ax25.sax25_call)) == NULL) {
1100 err = -EADDRNOTAVAIL;
1101 goto out;
1102 }
1103 }
1104
1105 if (ax25_dev != NULL)
1106 ax25_fillin_cb(ax25, ax25_dev);
1107
1108 done:
1109 ax25_cb_add(ax25);
1110 sock_reset_flag(sk, SOCK_ZAPPED);
1111
1112 out:
1113 release_sock(sk);
1114
1115 return err;
1116 }
1117
1118 /*
1119 * FIXME: nonblock behaviour looks like it may have a bug.
1120 */
ax25_connect(struct socket * sock,struct sockaddr * uaddr,int addr_len,int flags)1121 static int __must_check ax25_connect(struct socket *sock,
1122 struct sockaddr *uaddr, int addr_len, int flags)
1123 {
1124 struct sock *sk = sock->sk;
1125 ax25_cb *ax25 = sk_to_ax25(sk), *ax25t;
1126 struct full_sockaddr_ax25 *fsa = (struct full_sockaddr_ax25 *)uaddr;
1127 ax25_digi *digi = NULL;
1128 int ct = 0, err = 0;
1129
1130 /*
1131 * some sanity checks. code further down depends on this
1132 */
1133
1134 if (addr_len == sizeof(struct sockaddr_ax25))
1135 /* support for this will go away in early 2.5.x
1136 * ax25_connect(): uses obsolete socket structure
1137 */
1138 ;
1139 else if (addr_len != sizeof(struct full_sockaddr_ax25))
1140 /* support for old structure may go away some time
1141 * ax25_connect(): uses old (6 digipeater) socket structure.
1142 */
1143 if ((addr_len < sizeof(struct sockaddr_ax25) + sizeof(ax25_address) * 6) ||
1144 (addr_len > sizeof(struct full_sockaddr_ax25)))
1145 return -EINVAL;
1146
1147
1148 if (fsa->fsa_ax25.sax25_family != AF_AX25)
1149 return -EINVAL;
1150
1151 lock_sock(sk);
1152
1153 /* deal with restarts */
1154 if (sock->state == SS_CONNECTING) {
1155 switch (sk->sk_state) {
1156 case TCP_SYN_SENT: /* still trying */
1157 err = -EINPROGRESS;
1158 goto out_release;
1159
1160 case TCP_ESTABLISHED: /* connection established */
1161 sock->state = SS_CONNECTED;
1162 goto out_release;
1163
1164 case TCP_CLOSE: /* connection refused */
1165 sock->state = SS_UNCONNECTED;
1166 err = -ECONNREFUSED;
1167 goto out_release;
1168 }
1169 }
1170
1171 if (sk->sk_state == TCP_ESTABLISHED && sk->sk_type == SOCK_SEQPACKET) {
1172 err = -EISCONN; /* No reconnect on a seqpacket socket */
1173 goto out_release;
1174 }
1175
1176 sk->sk_state = TCP_CLOSE;
1177 sock->state = SS_UNCONNECTED;
1178
1179 kfree(ax25->digipeat);
1180 ax25->digipeat = NULL;
1181
1182 /*
1183 * Handle digi-peaters to be used.
1184 */
1185 if (addr_len > sizeof(struct sockaddr_ax25) &&
1186 fsa->fsa_ax25.sax25_ndigis != 0) {
1187 /* Valid number of digipeaters ? */
1188 if (fsa->fsa_ax25.sax25_ndigis < 1 || fsa->fsa_ax25.sax25_ndigis > AX25_MAX_DIGIS) {
1189 err = -EINVAL;
1190 goto out_release;
1191 }
1192
1193 if ((digi = kmalloc(sizeof(ax25_digi), GFP_KERNEL)) == NULL) {
1194 err = -ENOBUFS;
1195 goto out_release;
1196 }
1197
1198 digi->ndigi = fsa->fsa_ax25.sax25_ndigis;
1199 digi->lastrepeat = -1;
1200
1201 while (ct < fsa->fsa_ax25.sax25_ndigis) {
1202 if ((fsa->fsa_digipeater[ct].ax25_call[6] &
1203 AX25_HBIT) && ax25->iamdigi) {
1204 digi->repeated[ct] = 1;
1205 digi->lastrepeat = ct;
1206 } else {
1207 digi->repeated[ct] = 0;
1208 }
1209 digi->calls[ct] = fsa->fsa_digipeater[ct];
1210 ct++;
1211 }
1212 }
1213
1214 /*
1215 * Must bind first - autobinding in this may or may not work. If
1216 * the socket is already bound, check to see if the device has
1217 * been filled in, error if it hasn't.
1218 */
1219 if (sock_flag(sk, SOCK_ZAPPED)) {
1220 /* check if we can remove this feature. It is broken. */
1221 printk(KERN_WARNING "ax25_connect(): %s uses autobind, please contact jreuter@yaina.de\n",
1222 current->comm);
1223 if ((err = ax25_rt_autobind(ax25, &fsa->fsa_ax25.sax25_call)) < 0) {
1224 kfree(digi);
1225 goto out_release;
1226 }
1227
1228 ax25_fillin_cb(ax25, ax25->ax25_dev);
1229 ax25_cb_add(ax25);
1230 } else {
1231 if (ax25->ax25_dev == NULL) {
1232 kfree(digi);
1233 err = -EHOSTUNREACH;
1234 goto out_release;
1235 }
1236 }
1237
1238 if (sk->sk_type == SOCK_SEQPACKET &&
1239 (ax25t=ax25_find_cb(&ax25->source_addr, &fsa->fsa_ax25.sax25_call, digi,
1240 ax25->ax25_dev->dev))) {
1241 kfree(digi);
1242 err = -EADDRINUSE; /* Already such a connection */
1243 ax25_cb_put(ax25t);
1244 goto out_release;
1245 }
1246
1247 ax25->dest_addr = fsa->fsa_ax25.sax25_call;
1248 ax25->digipeat = digi;
1249
1250 /* First the easy one */
1251 if (sk->sk_type != SOCK_SEQPACKET) {
1252 sock->state = SS_CONNECTED;
1253 sk->sk_state = TCP_ESTABLISHED;
1254 goto out_release;
1255 }
1256
1257 /* Move to connecting socket, ax.25 lapb WAIT_UA.. */
1258 sock->state = SS_CONNECTING;
1259 sk->sk_state = TCP_SYN_SENT;
1260
1261 switch (ax25->ax25_dev->values[AX25_VALUES_PROTOCOL]) {
1262 case AX25_PROTO_STD_SIMPLEX:
1263 case AX25_PROTO_STD_DUPLEX:
1264 ax25_std_establish_data_link(ax25);
1265 break;
1266
1267 #ifdef CONFIG_AX25_DAMA_SLAVE
1268 case AX25_PROTO_DAMA_SLAVE:
1269 ax25->modulus = AX25_MODULUS;
1270 ax25->window = ax25->ax25_dev->values[AX25_VALUES_WINDOW];
1271 if (ax25->ax25_dev->dama.slave)
1272 ax25_ds_establish_data_link(ax25);
1273 else
1274 ax25_std_establish_data_link(ax25);
1275 break;
1276 #endif
1277 }
1278
1279 ax25->state = AX25_STATE_1;
1280
1281 ax25_start_heartbeat(ax25);
1282
1283 /* Now the loop */
1284 if (sk->sk_state != TCP_ESTABLISHED && (flags & O_NONBLOCK)) {
1285 err = -EINPROGRESS;
1286 goto out_release;
1287 }
1288
1289 if (sk->sk_state == TCP_SYN_SENT) {
1290 DEFINE_WAIT(wait);
1291
1292 for (;;) {
1293 prepare_to_wait(sk_sleep(sk), &wait,
1294 TASK_INTERRUPTIBLE);
1295 if (sk->sk_state != TCP_SYN_SENT)
1296 break;
1297 if (!signal_pending(current)) {
1298 release_sock(sk);
1299 schedule();
1300 lock_sock(sk);
1301 continue;
1302 }
1303 err = -ERESTARTSYS;
1304 break;
1305 }
1306 finish_wait(sk_sleep(sk), &wait);
1307
1308 if (err)
1309 goto out_release;
1310 }
1311
1312 if (sk->sk_state != TCP_ESTABLISHED) {
1313 /* Not in ABM, not in WAIT_UA -> failed */
1314 sock->state = SS_UNCONNECTED;
1315 err = sock_error(sk); /* Always set at this point */
1316 goto out_release;
1317 }
1318
1319 sock->state = SS_CONNECTED;
1320
1321 err = 0;
1322 out_release:
1323 release_sock(sk);
1324
1325 return err;
1326 }
1327
ax25_accept(struct socket * sock,struct socket * newsock,int flags,bool kern)1328 static int ax25_accept(struct socket *sock, struct socket *newsock, int flags,
1329 bool kern)
1330 {
1331 struct sk_buff *skb;
1332 struct sock *newsk;
1333 DEFINE_WAIT(wait);
1334 struct sock *sk;
1335 int err = 0;
1336
1337 if (sock->state != SS_UNCONNECTED)
1338 return -EINVAL;
1339
1340 if ((sk = sock->sk) == NULL)
1341 return -EINVAL;
1342
1343 lock_sock(sk);
1344 if (sk->sk_type != SOCK_SEQPACKET) {
1345 err = -EOPNOTSUPP;
1346 goto out;
1347 }
1348
1349 if (sk->sk_state != TCP_LISTEN) {
1350 err = -EINVAL;
1351 goto out;
1352 }
1353
1354 /*
1355 * The read queue this time is holding sockets ready to use
1356 * hooked into the SABM we saved
1357 */
1358 for (;;) {
1359 prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE);
1360 skb = skb_dequeue(&sk->sk_receive_queue);
1361 if (skb)
1362 break;
1363
1364 if (flags & O_NONBLOCK) {
1365 err = -EWOULDBLOCK;
1366 break;
1367 }
1368 if (!signal_pending(current)) {
1369 release_sock(sk);
1370 schedule();
1371 lock_sock(sk);
1372 continue;
1373 }
1374 err = -ERESTARTSYS;
1375 break;
1376 }
1377 finish_wait(sk_sleep(sk), &wait);
1378
1379 if (err)
1380 goto out;
1381
1382 newsk = skb->sk;
1383 sock_graft(newsk, newsock);
1384
1385 /* Now attach up the new socket */
1386 kfree_skb(skb);
1387 sk->sk_ack_backlog--;
1388 newsock->state = SS_CONNECTED;
1389
1390 out:
1391 release_sock(sk);
1392
1393 return err;
1394 }
1395
ax25_getname(struct socket * sock,struct sockaddr * uaddr,int peer)1396 static int ax25_getname(struct socket *sock, struct sockaddr *uaddr,
1397 int peer)
1398 {
1399 struct full_sockaddr_ax25 *fsa = (struct full_sockaddr_ax25 *)uaddr;
1400 struct sock *sk = sock->sk;
1401 unsigned char ndigi, i;
1402 ax25_cb *ax25;
1403 int err = 0;
1404
1405 memset(fsa, 0, sizeof(*fsa));
1406 lock_sock(sk);
1407 ax25 = sk_to_ax25(sk);
1408
1409 if (peer != 0) {
1410 if (sk->sk_state != TCP_ESTABLISHED) {
1411 err = -ENOTCONN;
1412 goto out;
1413 }
1414
1415 fsa->fsa_ax25.sax25_family = AF_AX25;
1416 fsa->fsa_ax25.sax25_call = ax25->dest_addr;
1417
1418 if (ax25->digipeat != NULL) {
1419 ndigi = ax25->digipeat->ndigi;
1420 fsa->fsa_ax25.sax25_ndigis = ndigi;
1421 for (i = 0; i < ndigi; i++)
1422 fsa->fsa_digipeater[i] =
1423 ax25->digipeat->calls[i];
1424 }
1425 } else {
1426 fsa->fsa_ax25.sax25_family = AF_AX25;
1427 fsa->fsa_ax25.sax25_call = ax25->source_addr;
1428 fsa->fsa_ax25.sax25_ndigis = 1;
1429 if (ax25->ax25_dev != NULL) {
1430 memcpy(&fsa->fsa_digipeater[0],
1431 ax25->ax25_dev->dev->dev_addr, AX25_ADDR_LEN);
1432 } else {
1433 fsa->fsa_digipeater[0] = null_ax25_address;
1434 }
1435 }
1436 err = sizeof (struct full_sockaddr_ax25);
1437
1438 out:
1439 release_sock(sk);
1440
1441 return err;
1442 }
1443
ax25_sendmsg(struct socket * sock,struct msghdr * msg,size_t len)1444 static int ax25_sendmsg(struct socket *sock, struct msghdr *msg, size_t len)
1445 {
1446 DECLARE_SOCKADDR(struct sockaddr_ax25 *, usax, msg->msg_name);
1447 struct sock *sk = sock->sk;
1448 struct sockaddr_ax25 sax;
1449 struct sk_buff *skb;
1450 ax25_digi dtmp, *dp;
1451 ax25_cb *ax25;
1452 size_t size;
1453 int lv, err, addr_len = msg->msg_namelen;
1454
1455 if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_EOR|MSG_CMSG_COMPAT))
1456 return -EINVAL;
1457
1458 lock_sock(sk);
1459 ax25 = sk_to_ax25(sk);
1460
1461 if (sock_flag(sk, SOCK_ZAPPED)) {
1462 err = -EADDRNOTAVAIL;
1463 goto out;
1464 }
1465
1466 if (sk->sk_shutdown & SEND_SHUTDOWN) {
1467 send_sig(SIGPIPE, current, 0);
1468 err = -EPIPE;
1469 goto out;
1470 }
1471
1472 if (ax25->ax25_dev == NULL) {
1473 err = -ENETUNREACH;
1474 goto out;
1475 }
1476
1477 if (len > ax25->ax25_dev->dev->mtu) {
1478 err = -EMSGSIZE;
1479 goto out;
1480 }
1481
1482 if (usax != NULL) {
1483 if (usax->sax25_family != AF_AX25) {
1484 err = -EINVAL;
1485 goto out;
1486 }
1487
1488 if (addr_len == sizeof(struct sockaddr_ax25))
1489 /* ax25_sendmsg(): uses obsolete socket structure */
1490 ;
1491 else if (addr_len != sizeof(struct full_sockaddr_ax25))
1492 /* support for old structure may go away some time
1493 * ax25_sendmsg(): uses old (6 digipeater)
1494 * socket structure.
1495 */
1496 if ((addr_len < sizeof(struct sockaddr_ax25) + sizeof(ax25_address) * 6) ||
1497 (addr_len > sizeof(struct full_sockaddr_ax25))) {
1498 err = -EINVAL;
1499 goto out;
1500 }
1501
1502
1503 if (addr_len > sizeof(struct sockaddr_ax25) && usax->sax25_ndigis != 0) {
1504 int ct = 0;
1505 struct full_sockaddr_ax25 *fsa = (struct full_sockaddr_ax25 *)usax;
1506
1507 /* Valid number of digipeaters ? */
1508 if (usax->sax25_ndigis < 1 || usax->sax25_ndigis > AX25_MAX_DIGIS) {
1509 err = -EINVAL;
1510 goto out;
1511 }
1512
1513 dtmp.ndigi = usax->sax25_ndigis;
1514
1515 while (ct < usax->sax25_ndigis) {
1516 dtmp.repeated[ct] = 0;
1517 dtmp.calls[ct] = fsa->fsa_digipeater[ct];
1518 ct++;
1519 }
1520
1521 dtmp.lastrepeat = 0;
1522 }
1523
1524 sax = *usax;
1525 if (sk->sk_type == SOCK_SEQPACKET &&
1526 ax25cmp(&ax25->dest_addr, &sax.sax25_call)) {
1527 err = -EISCONN;
1528 goto out;
1529 }
1530 if (usax->sax25_ndigis == 0)
1531 dp = NULL;
1532 else
1533 dp = &dtmp;
1534 } else {
1535 /*
1536 * FIXME: 1003.1g - if the socket is like this because
1537 * it has become closed (not started closed) and is VC
1538 * we ought to SIGPIPE, EPIPE
1539 */
1540 if (sk->sk_state != TCP_ESTABLISHED) {
1541 err = -ENOTCONN;
1542 goto out;
1543 }
1544 sax.sax25_family = AF_AX25;
1545 sax.sax25_call = ax25->dest_addr;
1546 dp = ax25->digipeat;
1547 }
1548
1549 /* Build a packet */
1550 /* Assume the worst case */
1551 size = len + ax25->ax25_dev->dev->hard_header_len;
1552
1553 skb = sock_alloc_send_skb(sk, size, msg->msg_flags&MSG_DONTWAIT, &err);
1554 if (skb == NULL)
1555 goto out;
1556
1557 skb_reserve(skb, size - len);
1558
1559 /* User data follows immediately after the AX.25 data */
1560 if (memcpy_from_msg(skb_put(skb, len), msg, len)) {
1561 err = -EFAULT;
1562 kfree_skb(skb);
1563 goto out;
1564 }
1565
1566 skb_reset_network_header(skb);
1567
1568 /* Add the PID if one is not supplied by the user in the skb */
1569 if (!ax25->pidincl)
1570 *(u8 *)skb_push(skb, 1) = sk->sk_protocol;
1571
1572 if (sk->sk_type == SOCK_SEQPACKET) {
1573 /* Connected mode sockets go via the LAPB machine */
1574 if (sk->sk_state != TCP_ESTABLISHED) {
1575 kfree_skb(skb);
1576 err = -ENOTCONN;
1577 goto out;
1578 }
1579
1580 /* Shove it onto the queue and kick */
1581 ax25_output(ax25, ax25->paclen, skb);
1582
1583 err = len;
1584 goto out;
1585 }
1586
1587 skb_push(skb, 1 + ax25_addr_size(dp));
1588
1589 /* Building AX.25 Header */
1590
1591 /* Build an AX.25 header */
1592 lv = ax25_addr_build(skb->data, &ax25->source_addr, &sax.sax25_call,
1593 dp, AX25_COMMAND, AX25_MODULUS);
1594
1595 skb_set_transport_header(skb, lv);
1596
1597 *skb_transport_header(skb) = AX25_UI;
1598
1599 /* Datagram frames go straight out of the door as UI */
1600 ax25_queue_xmit(skb, ax25->ax25_dev->dev);
1601
1602 err = len;
1603
1604 out:
1605 release_sock(sk);
1606
1607 return err;
1608 }
1609
ax25_recvmsg(struct socket * sock,struct msghdr * msg,size_t size,int flags)1610 static int ax25_recvmsg(struct socket *sock, struct msghdr *msg, size_t size,
1611 int flags)
1612 {
1613 struct sock *sk = sock->sk;
1614 struct sk_buff *skb;
1615 int copied;
1616 int err = 0;
1617
1618 lock_sock(sk);
1619 /*
1620 * This works for seqpacket too. The receiver has ordered the
1621 * queue for us! We do one quick check first though
1622 */
1623 if (sk->sk_type == SOCK_SEQPACKET && sk->sk_state != TCP_ESTABLISHED) {
1624 err = -ENOTCONN;
1625 goto out;
1626 }
1627
1628 /* Now we can treat all alike */
1629 skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT,
1630 flags & MSG_DONTWAIT, &err);
1631 if (skb == NULL)
1632 goto out;
1633
1634 if (!sk_to_ax25(sk)->pidincl)
1635 skb_pull(skb, 1); /* Remove PID */
1636
1637 skb_reset_transport_header(skb);
1638 copied = skb->len;
1639
1640 if (copied > size) {
1641 copied = size;
1642 msg->msg_flags |= MSG_TRUNC;
1643 }
1644
1645 skb_copy_datagram_msg(skb, 0, msg, copied);
1646
1647 if (msg->msg_name) {
1648 ax25_digi digi;
1649 ax25_address src;
1650 const unsigned char *mac = skb_mac_header(skb);
1651 DECLARE_SOCKADDR(struct sockaddr_ax25 *, sax, msg->msg_name);
1652
1653 memset(sax, 0, sizeof(struct full_sockaddr_ax25));
1654 ax25_addr_parse(mac + 1, skb->data - mac - 1, &src, NULL,
1655 &digi, NULL, NULL);
1656 sax->sax25_family = AF_AX25;
1657 /* We set this correctly, even though we may not let the
1658 application know the digi calls further down (because it
1659 did NOT ask to know them). This could get political... **/
1660 sax->sax25_ndigis = digi.ndigi;
1661 sax->sax25_call = src;
1662
1663 if (sax->sax25_ndigis != 0) {
1664 int ct;
1665 struct full_sockaddr_ax25 *fsa = (struct full_sockaddr_ax25 *)sax;
1666
1667 for (ct = 0; ct < digi.ndigi; ct++)
1668 fsa->fsa_digipeater[ct] = digi.calls[ct];
1669 }
1670 msg->msg_namelen = sizeof(struct full_sockaddr_ax25);
1671 }
1672
1673 skb_free_datagram(sk, skb);
1674 err = copied;
1675
1676 out:
1677 release_sock(sk);
1678
1679 return err;
1680 }
1681
ax25_shutdown(struct socket * sk,int how)1682 static int ax25_shutdown(struct socket *sk, int how)
1683 {
1684 /* FIXME - generate DM and RNR states */
1685 return -EOPNOTSUPP;
1686 }
1687
ax25_ioctl(struct socket * sock,unsigned int cmd,unsigned long arg)1688 static int ax25_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
1689 {
1690 struct sock *sk = sock->sk;
1691 void __user *argp = (void __user *)arg;
1692 int res = 0;
1693
1694 lock_sock(sk);
1695 switch (cmd) {
1696 case TIOCOUTQ: {
1697 long amount;
1698
1699 amount = sk->sk_sndbuf - sk_wmem_alloc_get(sk);
1700 if (amount < 0)
1701 amount = 0;
1702 res = put_user(amount, (int __user *)argp);
1703 break;
1704 }
1705
1706 case TIOCINQ: {
1707 struct sk_buff *skb;
1708 long amount = 0L;
1709 /* These two are safe on a single CPU system as only user tasks fiddle here */
1710 if ((skb = skb_peek(&sk->sk_receive_queue)) != NULL)
1711 amount = skb->len;
1712 res = put_user(amount, (int __user *) argp);
1713 break;
1714 }
1715
1716 case SIOCAX25ADDUID: /* Add a uid to the uid/call map table */
1717 case SIOCAX25DELUID: /* Delete a uid from the uid/call map table */
1718 case SIOCAX25GETUID: {
1719 struct sockaddr_ax25 sax25;
1720 if (copy_from_user(&sax25, argp, sizeof(sax25))) {
1721 res = -EFAULT;
1722 break;
1723 }
1724 res = ax25_uid_ioctl(cmd, &sax25);
1725 break;
1726 }
1727
1728 case SIOCAX25NOUID: { /* Set the default policy (default/bar) */
1729 long amount;
1730 if (!capable(CAP_NET_ADMIN)) {
1731 res = -EPERM;
1732 break;
1733 }
1734 if (get_user(amount, (long __user *)argp)) {
1735 res = -EFAULT;
1736 break;
1737 }
1738 if (amount < 0 || amount > AX25_NOUID_BLOCK) {
1739 res = -EINVAL;
1740 break;
1741 }
1742 ax25_uid_policy = amount;
1743 res = 0;
1744 break;
1745 }
1746
1747 case SIOCADDRT:
1748 case SIOCDELRT:
1749 case SIOCAX25OPTRT:
1750 if (!capable(CAP_NET_ADMIN)) {
1751 res = -EPERM;
1752 break;
1753 }
1754 res = ax25_rt_ioctl(cmd, argp);
1755 break;
1756
1757 case SIOCAX25CTLCON:
1758 if (!capable(CAP_NET_ADMIN)) {
1759 res = -EPERM;
1760 break;
1761 }
1762 res = ax25_ctl_ioctl(cmd, argp);
1763 break;
1764
1765 case SIOCAX25GETINFO:
1766 case SIOCAX25GETINFOOLD: {
1767 ax25_cb *ax25 = sk_to_ax25(sk);
1768 struct ax25_info_struct ax25_info;
1769
1770 ax25_info.t1 = ax25->t1 / HZ;
1771 ax25_info.t2 = ax25->t2 / HZ;
1772 ax25_info.t3 = ax25->t3 / HZ;
1773 ax25_info.idle = ax25->idle / (60 * HZ);
1774 ax25_info.n2 = ax25->n2;
1775 ax25_info.t1timer = ax25_display_timer(&ax25->t1timer) / HZ;
1776 ax25_info.t2timer = ax25_display_timer(&ax25->t2timer) / HZ;
1777 ax25_info.t3timer = ax25_display_timer(&ax25->t3timer) / HZ;
1778 ax25_info.idletimer = ax25_display_timer(&ax25->idletimer) / (60 * HZ);
1779 ax25_info.n2count = ax25->n2count;
1780 ax25_info.state = ax25->state;
1781 ax25_info.rcv_q = sk_rmem_alloc_get(sk);
1782 ax25_info.snd_q = sk_wmem_alloc_get(sk);
1783 ax25_info.vs = ax25->vs;
1784 ax25_info.vr = ax25->vr;
1785 ax25_info.va = ax25->va;
1786 ax25_info.vs_max = ax25->vs; /* reserved */
1787 ax25_info.paclen = ax25->paclen;
1788 ax25_info.window = ax25->window;
1789
1790 /* old structure? */
1791 if (cmd == SIOCAX25GETINFOOLD) {
1792 static int warned = 0;
1793 if (!warned) {
1794 printk(KERN_INFO "%s uses old SIOCAX25GETINFO\n",
1795 current->comm);
1796 warned=1;
1797 }
1798
1799 if (copy_to_user(argp, &ax25_info, sizeof(struct ax25_info_struct_deprecated))) {
1800 res = -EFAULT;
1801 break;
1802 }
1803 } else {
1804 if (copy_to_user(argp, &ax25_info, sizeof(struct ax25_info_struct))) {
1805 res = -EINVAL;
1806 break;
1807 }
1808 }
1809 res = 0;
1810 break;
1811 }
1812
1813 case SIOCAX25ADDFWD:
1814 case SIOCAX25DELFWD: {
1815 struct ax25_fwd_struct ax25_fwd;
1816 if (!capable(CAP_NET_ADMIN)) {
1817 res = -EPERM;
1818 break;
1819 }
1820 if (copy_from_user(&ax25_fwd, argp, sizeof(ax25_fwd))) {
1821 res = -EFAULT;
1822 break;
1823 }
1824 res = ax25_fwd_ioctl(cmd, &ax25_fwd);
1825 break;
1826 }
1827
1828 case SIOCGIFADDR:
1829 case SIOCSIFADDR:
1830 case SIOCGIFDSTADDR:
1831 case SIOCSIFDSTADDR:
1832 case SIOCGIFBRDADDR:
1833 case SIOCSIFBRDADDR:
1834 case SIOCGIFNETMASK:
1835 case SIOCSIFNETMASK:
1836 case SIOCGIFMETRIC:
1837 case SIOCSIFMETRIC:
1838 res = -EINVAL;
1839 break;
1840
1841 default:
1842 res = -ENOIOCTLCMD;
1843 break;
1844 }
1845 release_sock(sk);
1846
1847 return res;
1848 }
1849
1850 #ifdef CONFIG_PROC_FS
1851
ax25_info_start(struct seq_file * seq,loff_t * pos)1852 static void *ax25_info_start(struct seq_file *seq, loff_t *pos)
1853 __acquires(ax25_list_lock)
1854 {
1855 spin_lock_bh(&ax25_list_lock);
1856 return seq_hlist_start(&ax25_list, *pos);
1857 }
1858
ax25_info_next(struct seq_file * seq,void * v,loff_t * pos)1859 static void *ax25_info_next(struct seq_file *seq, void *v, loff_t *pos)
1860 {
1861 return seq_hlist_next(v, &ax25_list, pos);
1862 }
1863
ax25_info_stop(struct seq_file * seq,void * v)1864 static void ax25_info_stop(struct seq_file *seq, void *v)
1865 __releases(ax25_list_lock)
1866 {
1867 spin_unlock_bh(&ax25_list_lock);
1868 }
1869
ax25_info_show(struct seq_file * seq,void * v)1870 static int ax25_info_show(struct seq_file *seq, void *v)
1871 {
1872 ax25_cb *ax25 = hlist_entry(v, struct ax25_cb, ax25_node);
1873 char buf[11];
1874 int k;
1875
1876
1877 /*
1878 * New format:
1879 * magic dev src_addr dest_addr,digi1,digi2,.. st vs vr va t1 t1 t2 t2 t3 t3 idle idle n2 n2 rtt window paclen Snd-Q Rcv-Q inode
1880 */
1881
1882 seq_printf(seq, "%p %s %s%s ",
1883 ax25,
1884 ax25->ax25_dev == NULL? "???" : ax25->ax25_dev->dev->name,
1885 ax2asc(buf, &ax25->source_addr),
1886 ax25->iamdigi? "*":"");
1887 seq_printf(seq, "%s", ax2asc(buf, &ax25->dest_addr));
1888
1889 for (k=0; (ax25->digipeat != NULL) && (k < ax25->digipeat->ndigi); k++) {
1890 seq_printf(seq, ",%s%s",
1891 ax2asc(buf, &ax25->digipeat->calls[k]),
1892 ax25->digipeat->repeated[k]? "*":"");
1893 }
1894
1895 seq_printf(seq, " %d %d %d %d %lu %lu %lu %lu %lu %lu %lu %lu %d %d %lu %d %d",
1896 ax25->state,
1897 ax25->vs, ax25->vr, ax25->va,
1898 ax25_display_timer(&ax25->t1timer) / HZ, ax25->t1 / HZ,
1899 ax25_display_timer(&ax25->t2timer) / HZ, ax25->t2 / HZ,
1900 ax25_display_timer(&ax25->t3timer) / HZ, ax25->t3 / HZ,
1901 ax25_display_timer(&ax25->idletimer) / (60 * HZ),
1902 ax25->idle / (60 * HZ),
1903 ax25->n2count, ax25->n2,
1904 ax25->rtt / HZ,
1905 ax25->window,
1906 ax25->paclen);
1907
1908 if (ax25->sk != NULL) {
1909 seq_printf(seq, " %d %d %lu\n",
1910 sk_wmem_alloc_get(ax25->sk),
1911 sk_rmem_alloc_get(ax25->sk),
1912 sock_i_ino(ax25->sk));
1913 } else {
1914 seq_puts(seq, " * * *\n");
1915 }
1916 return 0;
1917 }
1918
1919 static const struct seq_operations ax25_info_seqops = {
1920 .start = ax25_info_start,
1921 .next = ax25_info_next,
1922 .stop = ax25_info_stop,
1923 .show = ax25_info_show,
1924 };
1925 #endif
1926
1927 static const struct net_proto_family ax25_family_ops = {
1928 .family = PF_AX25,
1929 .create = ax25_create,
1930 .owner = THIS_MODULE,
1931 };
1932
1933 static const struct proto_ops ax25_proto_ops = {
1934 .family = PF_AX25,
1935 .owner = THIS_MODULE,
1936 .release = ax25_release,
1937 .bind = ax25_bind,
1938 .connect = ax25_connect,
1939 .socketpair = sock_no_socketpair,
1940 .accept = ax25_accept,
1941 .getname = ax25_getname,
1942 .poll = datagram_poll,
1943 .ioctl = ax25_ioctl,
1944 .gettstamp = sock_gettstamp,
1945 .listen = ax25_listen,
1946 .shutdown = ax25_shutdown,
1947 .setsockopt = ax25_setsockopt,
1948 .getsockopt = ax25_getsockopt,
1949 .sendmsg = ax25_sendmsg,
1950 .recvmsg = ax25_recvmsg,
1951 .mmap = sock_no_mmap,
1952 .sendpage = sock_no_sendpage,
1953 };
1954
1955 /*
1956 * Called by socket.c on kernel start up
1957 */
1958 static struct packet_type ax25_packet_type __read_mostly = {
1959 .type = cpu_to_be16(ETH_P_AX25),
1960 .func = ax25_kiss_rcv,
1961 };
1962
1963 static struct notifier_block ax25_dev_notifier = {
1964 .notifier_call = ax25_device_event,
1965 };
1966
ax25_init(void)1967 static int __init ax25_init(void)
1968 {
1969 int rc = proto_register(&ax25_proto, 0);
1970
1971 if (rc != 0)
1972 goto out;
1973
1974 sock_register(&ax25_family_ops);
1975 dev_add_pack(&ax25_packet_type);
1976 register_netdevice_notifier(&ax25_dev_notifier);
1977
1978 proc_create_seq("ax25_route", 0444, init_net.proc_net, &ax25_rt_seqops);
1979 proc_create_seq("ax25", 0444, init_net.proc_net, &ax25_info_seqops);
1980 proc_create_seq("ax25_calls", 0444, init_net.proc_net,
1981 &ax25_uid_seqops);
1982 out:
1983 return rc;
1984 }
1985 module_init(ax25_init);
1986
1987
1988 MODULE_AUTHOR("Jonathan Naylor G4KLX <g4klx@g4klx.demon.co.uk>");
1989 MODULE_DESCRIPTION("The amateur radio AX.25 link layer protocol");
1990 MODULE_LICENSE("GPL");
1991 MODULE_ALIAS_NETPROTO(PF_AX25);
1992
ax25_exit(void)1993 static void __exit ax25_exit(void)
1994 {
1995 remove_proc_entry("ax25_route", init_net.proc_net);
1996 remove_proc_entry("ax25", init_net.proc_net);
1997 remove_proc_entry("ax25_calls", init_net.proc_net);
1998
1999 unregister_netdevice_notifier(&ax25_dev_notifier);
2000
2001 dev_remove_pack(&ax25_packet_type);
2002
2003 sock_unregister(PF_AX25);
2004 proto_unregister(&ax25_proto);
2005
2006 ax25_rt_free();
2007 ax25_uid_free();
2008 ax25_dev_free();
2009 }
2010 module_exit(ax25_exit);
2011
