1 /*
2 * DECnet An implementation of the DECnet protocol suite for the LINUX
3 * operating system. DECnet is implemented using the BSD Socket
4 * interface as the means of communication with the user level.
5 *
6 * DECnet Network Services Protocol (Input)
7 *
8 * Author: Eduardo Marcelo Serrat <emserrat@geocities.com>
9 *
10 * Changes:
11 *
12 * Steve Whitehouse: Split into dn_nsp_in.c and dn_nsp_out.c from
13 * original dn_nsp.c.
14 * Steve Whitehouse: Updated to work with my new routing architecture.
15 * Steve Whitehouse: Add changes from Eduardo Serrat's patches.
16 * Steve Whitehouse: Put all ack handling code in a common routine.
17 * Steve Whitehouse: Put other common bits into dn_nsp_rx()
18 * Steve Whitehouse: More checks on skb->len to catch bogus packets
19 * Fixed various race conditions and possible nasties.
20 * Steve Whitehouse: Now handles returned conninit frames.
21 * David S. Miller: New socket locking
22 * Steve Whitehouse: Fixed lockup when socket filtering was enabled.
23 * Paul Koning: Fix to push CC sockets into RUN when acks are
24 * received.
25 * Steve Whitehouse:
26 * Patrick Caulfield: Checking conninits for correctness & sending of error
27 * responses.
28 * Steve Whitehouse: Added backlog congestion level return codes.
29 * Patrick Caulfield:
30 * Steve Whitehouse: Added flow control support (outbound)
31 * Steve Whitehouse: Prepare for nonlinear skbs
32 */
33
34 /******************************************************************************
35 (c) 1995-1998 E.M. Serrat emserrat@geocities.com
36
37 This program is free software; you can redistribute it and/or modify
38 it under the terms of the GNU General Public License as published by
39 the Free Software Foundation; either version 2 of the License, or
40 any later version.
41
42 This program is distributed in the hope that it will be useful,
43 but WITHOUT ANY WARRANTY; without even the implied warranty of
44 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
45 GNU General Public License for more details.
46 *******************************************************************************/
47
48 #include <linux/errno.h>
49 #include <linux/types.h>
50 #include <linux/socket.h>
51 #include <linux/in.h>
52 #include <linux/kernel.h>
53 #include <linux/timer.h>
54 #include <linux/string.h>
55 #include <linux/sockios.h>
56 #include <linux/net.h>
57 #include <linux/netdevice.h>
58 #include <linux/inet.h>
59 #include <linux/route.h>
60 #include <linux/slab.h>
61 #include <net/sock.h>
62 #include <net/tcp_states.h>
63 #include <linux/fcntl.h>
64 #include <linux/mm.h>
65 #include <linux/termios.h>
66 #include <linux/interrupt.h>
67 #include <linux/proc_fs.h>
68 #include <linux/stat.h>
69 #include <linux/init.h>
70 #include <linux/poll.h>
71 #include <linux/netfilter_decnet.h>
72 #include <net/neighbour.h>
73 #include <net/dst.h>
74 #include <net/dn.h>
75 #include <net/dn_nsp.h>
76 #include <net/dn_dev.h>
77 #include <net/dn_route.h>
78
79 extern int decnet_log_martians;
80
dn_log_martian(struct sk_buff * skb,const char * msg)81 static void dn_log_martian(struct sk_buff *skb, const char *msg)
82 {
83 if (decnet_log_martians) {
84 char *devname = skb->dev ? skb->dev->name : "???";
85 struct dn_skb_cb *cb = DN_SKB_CB(skb);
86 net_info_ratelimited("DECnet: Martian packet (%s) dev=%s src=0x%04hx dst=0x%04hx srcport=0x%04hx dstport=0x%04hx\n",
87 msg, devname,
88 le16_to_cpu(cb->src),
89 le16_to_cpu(cb->dst),
90 le16_to_cpu(cb->src_port),
91 le16_to_cpu(cb->dst_port));
92 }
93 }
94
95 /*
96 * For this function we've flipped the cross-subchannel bit
97 * if the message is an otherdata or linkservice message. Thus
98 * we can use it to work out what to update.
99 */
dn_ack(struct sock * sk,struct sk_buff * skb,unsigned short ack)100 static void dn_ack(struct sock *sk, struct sk_buff *skb, unsigned short ack)
101 {
102 struct dn_scp *scp = DN_SK(sk);
103 unsigned short type = ((ack >> 12) & 0x0003);
104 int wakeup = 0;
105
106 switch (type) {
107 case 0: /* ACK - Data */
108 if (dn_after(ack, scp->ackrcv_dat)) {
109 scp->ackrcv_dat = ack & 0x0fff;
110 wakeup |= dn_nsp_check_xmit_queue(sk, skb,
111 &scp->data_xmit_queue,
112 ack);
113 }
114 break;
115 case 1: /* NAK - Data */
116 break;
117 case 2: /* ACK - OtherData */
118 if (dn_after(ack, scp->ackrcv_oth)) {
119 scp->ackrcv_oth = ack & 0x0fff;
120 wakeup |= dn_nsp_check_xmit_queue(sk, skb,
121 &scp->other_xmit_queue,
122 ack);
123 }
124 break;
125 case 3: /* NAK - OtherData */
126 break;
127 }
128
129 if (wakeup && !sock_flag(sk, SOCK_DEAD))
130 sk->sk_state_change(sk);
131 }
132
133 /*
134 * This function is a universal ack processor.
135 */
dn_process_ack(struct sock * sk,struct sk_buff * skb,int oth)136 static int dn_process_ack(struct sock *sk, struct sk_buff *skb, int oth)
137 {
138 __le16 *ptr = (__le16 *)skb->data;
139 int len = 0;
140 unsigned short ack;
141
142 if (skb->len < 2)
143 return len;
144
145 if ((ack = le16_to_cpu(*ptr)) & 0x8000) {
146 skb_pull(skb, 2);
147 ptr++;
148 len += 2;
149 if ((ack & 0x4000) == 0) {
150 if (oth)
151 ack ^= 0x2000;
152 dn_ack(sk, skb, ack);
153 }
154 }
155
156 if (skb->len < 2)
157 return len;
158
159 if ((ack = le16_to_cpu(*ptr)) & 0x8000) {
160 skb_pull(skb, 2);
161 len += 2;
162 if ((ack & 0x4000) == 0) {
163 if (oth)
164 ack ^= 0x2000;
165 dn_ack(sk, skb, ack);
166 }
167 }
168
169 return len;
170 }
171
172
173 /**
174 * dn_check_idf - Check an image data field format is correct.
175 * @pptr: Pointer to pointer to image data
176 * @len: Pointer to length of image data
177 * @max: The maximum allowed length of the data in the image data field
178 * @follow_on: Check that this many bytes exist beyond the end of the image data
179 *
180 * Returns: 0 if ok, -1 on error
181 */
dn_check_idf(unsigned char ** pptr,int * len,unsigned char max,unsigned char follow_on)182 static inline int dn_check_idf(unsigned char **pptr, int *len, unsigned char max, unsigned char follow_on)
183 {
184 unsigned char *ptr = *pptr;
185 unsigned char flen = *ptr++;
186
187 (*len)--;
188 if (flen > max)
189 return -1;
190 if ((flen + follow_on) > *len)
191 return -1;
192
193 *len -= flen;
194 *pptr = ptr + flen;
195 return 0;
196 }
197
198 /*
199 * Table of reason codes to pass back to node which sent us a badly
200 * formed message, plus text messages for the log. A zero entry in
201 * the reason field means "don't reply" otherwise a disc init is sent with
202 * the specified reason code.
203 */
204 static struct {
205 unsigned short reason;
206 const char *text;
207 } ci_err_table[] = {
208 { 0, "CI: Truncated message" },
209 { NSP_REASON_ID, "CI: Destination username error" },
210 { NSP_REASON_ID, "CI: Destination username type" },
211 { NSP_REASON_US, "CI: Source username error" },
212 { 0, "CI: Truncated at menuver" },
213 { 0, "CI: Truncated before access or user data" },
214 { NSP_REASON_IO, "CI: Access data format error" },
215 { NSP_REASON_IO, "CI: User data format error" }
216 };
217
218 /*
219 * This function uses a slightly different lookup method
220 * to find its sockets, since it searches on object name/number
221 * rather than port numbers. Various tests are done to ensure that
222 * the incoming data is in the correct format before it is queued to
223 * a socket.
224 */
dn_find_listener(struct sk_buff * skb,unsigned short * reason)225 static struct sock *dn_find_listener(struct sk_buff *skb, unsigned short *reason)
226 {
227 struct dn_skb_cb *cb = DN_SKB_CB(skb);
228 struct nsp_conn_init_msg *msg = (struct nsp_conn_init_msg *)skb->data;
229 struct sockaddr_dn dstaddr;
230 struct sockaddr_dn srcaddr;
231 unsigned char type = 0;
232 int dstlen;
233 int srclen;
234 unsigned char *ptr;
235 int len;
236 int err = 0;
237 unsigned char menuver;
238
239 memset(&dstaddr, 0, sizeof(struct sockaddr_dn));
240 memset(&srcaddr, 0, sizeof(struct sockaddr_dn));
241
242 /*
243 * 1. Decode & remove message header
244 */
245 cb->src_port = msg->srcaddr;
246 cb->dst_port = msg->dstaddr;
247 cb->services = msg->services;
248 cb->info = msg->info;
249 cb->segsize = le16_to_cpu(msg->segsize);
250
251 if (!pskb_may_pull(skb, sizeof(*msg)))
252 goto err_out;
253
254 skb_pull(skb, sizeof(*msg));
255
256 len = skb->len;
257 ptr = skb->data;
258
259 /*
260 * 2. Check destination end username format
261 */
262 dstlen = dn_username2sockaddr(ptr, len, &dstaddr, &type);
263 err++;
264 if (dstlen < 0)
265 goto err_out;
266
267 err++;
268 if (type > 1)
269 goto err_out;
270
271 len -= dstlen;
272 ptr += dstlen;
273
274 /*
275 * 3. Check source end username format
276 */
277 srclen = dn_username2sockaddr(ptr, len, &srcaddr, &type);
278 err++;
279 if (srclen < 0)
280 goto err_out;
281
282 len -= srclen;
283 ptr += srclen;
284 err++;
285 if (len < 1)
286 goto err_out;
287
288 menuver = *ptr;
289 ptr++;
290 len--;
291
292 /*
293 * 4. Check that optional data actually exists if menuver says it does
294 */
295 err++;
296 if ((menuver & (DN_MENUVER_ACC | DN_MENUVER_USR)) && (len < 1))
297 goto err_out;
298
299 /*
300 * 5. Check optional access data format
301 */
302 err++;
303 if (menuver & DN_MENUVER_ACC) {
304 if (dn_check_idf(&ptr, &len, 39, 1))
305 goto err_out;
306 if (dn_check_idf(&ptr, &len, 39, 1))
307 goto err_out;
308 if (dn_check_idf(&ptr, &len, 39, (menuver & DN_MENUVER_USR) ? 1 : 0))
309 goto err_out;
310 }
311
312 /*
313 * 6. Check optional user data format
314 */
315 err++;
316 if (menuver & DN_MENUVER_USR) {
317 if (dn_check_idf(&ptr, &len, 16, 0))
318 goto err_out;
319 }
320
321 /*
322 * 7. Look up socket based on destination end username
323 */
324 return dn_sklist_find_listener(&dstaddr);
325 err_out:
326 dn_log_martian(skb, ci_err_table[err].text);
327 *reason = ci_err_table[err].reason;
328 return NULL;
329 }
330
331
dn_nsp_conn_init(struct sock * sk,struct sk_buff * skb)332 static void dn_nsp_conn_init(struct sock *sk, struct sk_buff *skb)
333 {
334 if (sk_acceptq_is_full(sk)) {
335 kfree_skb(skb);
336 return;
337 }
338
339 sk->sk_ack_backlog++;
340 skb_queue_tail(&sk->sk_receive_queue, skb);
341 sk->sk_state_change(sk);
342 }
343
dn_nsp_conn_conf(struct sock * sk,struct sk_buff * skb)344 static void dn_nsp_conn_conf(struct sock *sk, struct sk_buff *skb)
345 {
346 struct dn_skb_cb *cb = DN_SKB_CB(skb);
347 struct dn_scp *scp = DN_SK(sk);
348 unsigned char *ptr;
349
350 if (skb->len < 4)
351 goto out;
352
353 ptr = skb->data;
354 cb->services = *ptr++;
355 cb->info = *ptr++;
356 cb->segsize = le16_to_cpu(*(__le16 *)ptr);
357
358 if ((scp->state == DN_CI) || (scp->state == DN_CD)) {
359 scp->persist = 0;
360 scp->addrrem = cb->src_port;
361 sk->sk_state = TCP_ESTABLISHED;
362 scp->state = DN_RUN;
363 scp->services_rem = cb->services;
364 scp->info_rem = cb->info;
365 scp->segsize_rem = cb->segsize;
366
367 if ((scp->services_rem & NSP_FC_MASK) == NSP_FC_NONE)
368 scp->max_window = decnet_no_fc_max_cwnd;
369
370 if (skb->len > 0) {
371 u16 dlen = *skb->data;
372 if ((dlen <= 16) && (dlen <= skb->len)) {
373 scp->conndata_in.opt_optl = cpu_to_le16(dlen);
374 skb_copy_from_linear_data_offset(skb, 1,
375 scp->conndata_in.opt_data, dlen);
376 }
377 }
378 dn_nsp_send_link(sk, DN_NOCHANGE, 0);
379 if (!sock_flag(sk, SOCK_DEAD))
380 sk->sk_state_change(sk);
381 }
382
383 out:
384 kfree_skb(skb);
385 }
386
dn_nsp_conn_ack(struct sock * sk,struct sk_buff * skb)387 static void dn_nsp_conn_ack(struct sock *sk, struct sk_buff *skb)
388 {
389 struct dn_scp *scp = DN_SK(sk);
390
391 if (scp->state == DN_CI) {
392 scp->state = DN_CD;
393 scp->persist = 0;
394 }
395
396 kfree_skb(skb);
397 }
398
dn_nsp_disc_init(struct sock * sk,struct sk_buff * skb)399 static void dn_nsp_disc_init(struct sock *sk, struct sk_buff *skb)
400 {
401 struct dn_scp *scp = DN_SK(sk);
402 struct dn_skb_cb *cb = DN_SKB_CB(skb);
403 unsigned short reason;
404
405 if (skb->len < 2)
406 goto out;
407
408 reason = le16_to_cpu(*(__le16 *)skb->data);
409 skb_pull(skb, 2);
410
411 scp->discdata_in.opt_status = cpu_to_le16(reason);
412 scp->discdata_in.opt_optl = 0;
413 memset(scp->discdata_in.opt_data, 0, 16);
414
415 if (skb->len > 0) {
416 u16 dlen = *skb->data;
417 if ((dlen <= 16) && (dlen <= skb->len)) {
418 scp->discdata_in.opt_optl = cpu_to_le16(dlen);
419 skb_copy_from_linear_data_offset(skb, 1, scp->discdata_in.opt_data, dlen);
420 }
421 }
422
423 scp->addrrem = cb->src_port;
424 sk->sk_state = TCP_CLOSE;
425
426 switch (scp->state) {
427 case DN_CI:
428 case DN_CD:
429 scp->state = DN_RJ;
430 sk->sk_err = ECONNREFUSED;
431 break;
432 case DN_RUN:
433 sk->sk_shutdown |= SHUTDOWN_MASK;
434 scp->state = DN_DN;
435 break;
436 case DN_DI:
437 scp->state = DN_DIC;
438 break;
439 }
440
441 if (!sock_flag(sk, SOCK_DEAD)) {
442 if (sk->sk_socket->state != SS_UNCONNECTED)
443 sk->sk_socket->state = SS_DISCONNECTING;
444 sk->sk_state_change(sk);
445 }
446
447 /*
448 * It appears that its possible for remote machines to send disc
449 * init messages with no port identifier if we are in the CI and
450 * possibly also the CD state. Obviously we shouldn't reply with
451 * a message if we don't know what the end point is.
452 */
453 if (scp->addrrem) {
454 dn_nsp_send_disc(sk, NSP_DISCCONF, NSP_REASON_DC, GFP_ATOMIC);
455 }
456 scp->persist_fxn = dn_destroy_timer;
457 scp->persist = dn_nsp_persist(sk);
458
459 out:
460 kfree_skb(skb);
461 }
462
463 /*
464 * disc_conf messages are also called no_resources or no_link
465 * messages depending upon the "reason" field.
466 */
dn_nsp_disc_conf(struct sock * sk,struct sk_buff * skb)467 static void dn_nsp_disc_conf(struct sock *sk, struct sk_buff *skb)
468 {
469 struct dn_scp *scp = DN_SK(sk);
470 unsigned short reason;
471
472 if (skb->len != 2)
473 goto out;
474
475 reason = le16_to_cpu(*(__le16 *)skb->data);
476
477 sk->sk_state = TCP_CLOSE;
478
479 switch (scp->state) {
480 case DN_CI:
481 scp->state = DN_NR;
482 break;
483 case DN_DR:
484 if (reason == NSP_REASON_DC)
485 scp->state = DN_DRC;
486 if (reason == NSP_REASON_NL)
487 scp->state = DN_CN;
488 break;
489 case DN_DI:
490 scp->state = DN_DIC;
491 break;
492 case DN_RUN:
493 sk->sk_shutdown |= SHUTDOWN_MASK;
494 /* fall through */
495 case DN_CC:
496 scp->state = DN_CN;
497 }
498
499 if (!sock_flag(sk, SOCK_DEAD)) {
500 if (sk->sk_socket->state != SS_UNCONNECTED)
501 sk->sk_socket->state = SS_DISCONNECTING;
502 sk->sk_state_change(sk);
503 }
504
505 scp->persist_fxn = dn_destroy_timer;
506 scp->persist = dn_nsp_persist(sk);
507
508 out:
509 kfree_skb(skb);
510 }
511
dn_nsp_linkservice(struct sock * sk,struct sk_buff * skb)512 static void dn_nsp_linkservice(struct sock *sk, struct sk_buff *skb)
513 {
514 struct dn_scp *scp = DN_SK(sk);
515 unsigned short segnum;
516 unsigned char lsflags;
517 signed char fcval;
518 int wake_up = 0;
519 char *ptr = skb->data;
520 unsigned char fctype = scp->services_rem & NSP_FC_MASK;
521
522 if (skb->len != 4)
523 goto out;
524
525 segnum = le16_to_cpu(*(__le16 *)ptr);
526 ptr += 2;
527 lsflags = *(unsigned char *)ptr++;
528 fcval = *ptr;
529
530 /*
531 * Here we ignore erronous packets which should really
532 * should cause a connection abort. It is not critical
533 * for now though.
534 */
535 if (lsflags & 0xf8)
536 goto out;
537
538 if (seq_next(scp->numoth_rcv, segnum)) {
539 seq_add(&scp->numoth_rcv, 1);
540 switch(lsflags & 0x04) { /* FCVAL INT */
541 case 0x00: /* Normal Request */
542 switch(lsflags & 0x03) { /* FCVAL MOD */
543 case 0x00: /* Request count */
544 if (fcval < 0) {
545 unsigned char p_fcval = -fcval;
546 if ((scp->flowrem_dat > p_fcval) &&
547 (fctype == NSP_FC_SCMC)) {
548 scp->flowrem_dat -= p_fcval;
549 }
550 } else if (fcval > 0) {
551 scp->flowrem_dat += fcval;
552 wake_up = 1;
553 }
554 break;
555 case 0x01: /* Stop outgoing data */
556 scp->flowrem_sw = DN_DONTSEND;
557 break;
558 case 0x02: /* Ok to start again */
559 scp->flowrem_sw = DN_SEND;
560 dn_nsp_output(sk);
561 wake_up = 1;
562 }
563 break;
564 case 0x04: /* Interrupt Request */
565 if (fcval > 0) {
566 scp->flowrem_oth += fcval;
567 wake_up = 1;
568 }
569 break;
570 }
571 if (wake_up && !sock_flag(sk, SOCK_DEAD))
572 sk->sk_state_change(sk);
573 }
574
575 dn_nsp_send_oth_ack(sk);
576
577 out:
578 kfree_skb(skb);
579 }
580
581 /*
582 * Copy of sock_queue_rcv_skb (from sock.h) without
583 * bh_lock_sock() (its already held when this is called) which
584 * also allows data and other data to be queued to a socket.
585 */
dn_queue_skb(struct sock * sk,struct sk_buff * skb,int sig,struct sk_buff_head * queue)586 static __inline__ int dn_queue_skb(struct sock *sk, struct sk_buff *skb, int sig, struct sk_buff_head *queue)
587 {
588 int err;
589
590 /* Cast skb->rcvbuf to unsigned... It's pointless, but reduces
591 number of warnings when compiling with -W --ANK
592 */
593 if (atomic_read(&sk->sk_rmem_alloc) + skb->truesize >=
594 (unsigned int)sk->sk_rcvbuf) {
595 err = -ENOMEM;
596 goto out;
597 }
598
599 err = sk_filter(sk, skb);
600 if (err)
601 goto out;
602
603 skb_set_owner_r(skb, sk);
604 skb_queue_tail(queue, skb);
605
606 if (!sock_flag(sk, SOCK_DEAD))
607 sk->sk_data_ready(sk);
608 out:
609 return err;
610 }
611
dn_nsp_otherdata(struct sock * sk,struct sk_buff * skb)612 static void dn_nsp_otherdata(struct sock *sk, struct sk_buff *skb)
613 {
614 struct dn_scp *scp = DN_SK(sk);
615 unsigned short segnum;
616 struct dn_skb_cb *cb = DN_SKB_CB(skb);
617 int queued = 0;
618
619 if (skb->len < 2)
620 goto out;
621
622 cb->segnum = segnum = le16_to_cpu(*(__le16 *)skb->data);
623 skb_pull(skb, 2);
624
625 if (seq_next(scp->numoth_rcv, segnum)) {
626
627 if (dn_queue_skb(sk, skb, SIGURG, &scp->other_receive_queue) == 0) {
628 seq_add(&scp->numoth_rcv, 1);
629 scp->other_report = 0;
630 queued = 1;
631 }
632 }
633
634 dn_nsp_send_oth_ack(sk);
635 out:
636 if (!queued)
637 kfree_skb(skb);
638 }
639
dn_nsp_data(struct sock * sk,struct sk_buff * skb)640 static void dn_nsp_data(struct sock *sk, struct sk_buff *skb)
641 {
642 int queued = 0;
643 unsigned short segnum;
644 struct dn_skb_cb *cb = DN_SKB_CB(skb);
645 struct dn_scp *scp = DN_SK(sk);
646
647 if (skb->len < 2)
648 goto out;
649
650 cb->segnum = segnum = le16_to_cpu(*(__le16 *)skb->data);
651 skb_pull(skb, 2);
652
653 if (seq_next(scp->numdat_rcv, segnum)) {
654 if (dn_queue_skb(sk, skb, SIGIO, &sk->sk_receive_queue) == 0) {
655 seq_add(&scp->numdat_rcv, 1);
656 queued = 1;
657 }
658
659 if ((scp->flowloc_sw == DN_SEND) && dn_congested(sk)) {
660 scp->flowloc_sw = DN_DONTSEND;
661 dn_nsp_send_link(sk, DN_DONTSEND, 0);
662 }
663 }
664
665 dn_nsp_send_data_ack(sk);
666 out:
667 if (!queued)
668 kfree_skb(skb);
669 }
670
671 /*
672 * If one of our conninit messages is returned, this function
673 * deals with it. It puts the socket into the NO_COMMUNICATION
674 * state.
675 */
dn_returned_conn_init(struct sock * sk,struct sk_buff * skb)676 static void dn_returned_conn_init(struct sock *sk, struct sk_buff *skb)
677 {
678 struct dn_scp *scp = DN_SK(sk);
679
680 if (scp->state == DN_CI) {
681 scp->state = DN_NC;
682 sk->sk_state = TCP_CLOSE;
683 if (!sock_flag(sk, SOCK_DEAD))
684 sk->sk_state_change(sk);
685 }
686
687 kfree_skb(skb);
688 }
689
dn_nsp_no_socket(struct sk_buff * skb,unsigned short reason)690 static int dn_nsp_no_socket(struct sk_buff *skb, unsigned short reason)
691 {
692 struct dn_skb_cb *cb = DN_SKB_CB(skb);
693 int ret = NET_RX_DROP;
694
695 /* Must not reply to returned packets */
696 if (cb->rt_flags & DN_RT_F_RTS)
697 goto out;
698
699 if ((reason != NSP_REASON_OK) && ((cb->nsp_flags & 0x0c) == 0x08)) {
700 switch (cb->nsp_flags & 0x70) {
701 case 0x10:
702 case 0x60: /* (Retransmitted) Connect Init */
703 dn_nsp_return_disc(skb, NSP_DISCINIT, reason);
704 ret = NET_RX_SUCCESS;
705 break;
706 case 0x20: /* Connect Confirm */
707 dn_nsp_return_disc(skb, NSP_DISCCONF, reason);
708 ret = NET_RX_SUCCESS;
709 break;
710 }
711 }
712
713 out:
714 kfree_skb(skb);
715 return ret;
716 }
717
dn_nsp_rx_packet(struct net * net,struct sock * sk2,struct sk_buff * skb)718 static int dn_nsp_rx_packet(struct net *net, struct sock *sk2,
719 struct sk_buff *skb)
720 {
721 struct dn_skb_cb *cb = DN_SKB_CB(skb);
722 struct sock *sk = NULL;
723 unsigned char *ptr = (unsigned char *)skb->data;
724 unsigned short reason = NSP_REASON_NL;
725
726 if (!pskb_may_pull(skb, 2))
727 goto free_out;
728
729 skb_reset_transport_header(skb);
730 cb->nsp_flags = *ptr++;
731
732 if (decnet_debug_level & 2)
733 printk(KERN_DEBUG "dn_nsp_rx: Message type 0x%02x\n", (int)cb->nsp_flags);
734
735 if (cb->nsp_flags & 0x83)
736 goto free_out;
737
738 /*
739 * Filter out conninits and useless packet types
740 */
741 if ((cb->nsp_flags & 0x0c) == 0x08) {
742 switch (cb->nsp_flags & 0x70) {
743 case 0x00: /* NOP */
744 case 0x70: /* Reserved */
745 case 0x50: /* Reserved, Phase II node init */
746 goto free_out;
747 case 0x10:
748 case 0x60:
749 if (unlikely(cb->rt_flags & DN_RT_F_RTS))
750 goto free_out;
751 sk = dn_find_listener(skb, &reason);
752 goto got_it;
753 }
754 }
755
756 if (!pskb_may_pull(skb, 3))
757 goto free_out;
758
759 /*
760 * Grab the destination address.
761 */
762 cb->dst_port = *(__le16 *)ptr;
763 cb->src_port = 0;
764 ptr += 2;
765
766 /*
767 * If not a connack, grab the source address too.
768 */
769 if (pskb_may_pull(skb, 5)) {
770 cb->src_port = *(__le16 *)ptr;
771 ptr += 2;
772 skb_pull(skb, 5);
773 }
774
775 /*
776 * Returned packets...
777 * Swap src & dst and look up in the normal way.
778 */
779 if (unlikely(cb->rt_flags & DN_RT_F_RTS)) {
780 swap(cb->dst_port, cb->src_port);
781 swap(cb->dst, cb->src);
782 }
783
784 /*
785 * Find the socket to which this skb is destined.
786 */
787 sk = dn_find_by_skb(skb);
788 got_it:
789 if (sk != NULL) {
790 struct dn_scp *scp = DN_SK(sk);
791
792 /* Reset backoff */
793 scp->nsp_rxtshift = 0;
794
795 /*
796 * We linearize everything except data segments here.
797 */
798 if (cb->nsp_flags & ~0x60) {
799 if (unlikely(skb_linearize(skb)))
800 goto free_out;
801 }
802
803 return sk_receive_skb(sk, skb, 0);
804 }
805
806 return dn_nsp_no_socket(skb, reason);
807
808 free_out:
809 kfree_skb(skb);
810 return NET_RX_DROP;
811 }
812
dn_nsp_rx(struct sk_buff * skb)813 int dn_nsp_rx(struct sk_buff *skb)
814 {
815 return NF_HOOK(NFPROTO_DECNET, NF_DN_LOCAL_IN,
816 &init_net, NULL, skb, skb->dev, NULL,
817 dn_nsp_rx_packet);
818 }
819
820 /*
821 * This is the main receive routine for sockets. It is called
822 * from the above when the socket is not busy, and also from
823 * sock_release() when there is a backlog queued up.
824 */
dn_nsp_backlog_rcv(struct sock * sk,struct sk_buff * skb)825 int dn_nsp_backlog_rcv(struct sock *sk, struct sk_buff *skb)
826 {
827 struct dn_scp *scp = DN_SK(sk);
828 struct dn_skb_cb *cb = DN_SKB_CB(skb);
829
830 if (cb->rt_flags & DN_RT_F_RTS) {
831 if (cb->nsp_flags == 0x18 || cb->nsp_flags == 0x68)
832 dn_returned_conn_init(sk, skb);
833 else
834 kfree_skb(skb);
835 return NET_RX_SUCCESS;
836 }
837
838 /*
839 * Control packet.
840 */
841 if ((cb->nsp_flags & 0x0c) == 0x08) {
842 switch (cb->nsp_flags & 0x70) {
843 case 0x10:
844 case 0x60:
845 dn_nsp_conn_init(sk, skb);
846 break;
847 case 0x20:
848 dn_nsp_conn_conf(sk, skb);
849 break;
850 case 0x30:
851 dn_nsp_disc_init(sk, skb);
852 break;
853 case 0x40:
854 dn_nsp_disc_conf(sk, skb);
855 break;
856 }
857
858 } else if (cb->nsp_flags == 0x24) {
859 /*
860 * Special for connacks, 'cos they don't have
861 * ack data or ack otherdata info.
862 */
863 dn_nsp_conn_ack(sk, skb);
864 } else {
865 int other = 1;
866
867 /* both data and ack frames can kick a CC socket into RUN */
868 if ((scp->state == DN_CC) && !sock_flag(sk, SOCK_DEAD)) {
869 scp->state = DN_RUN;
870 sk->sk_state = TCP_ESTABLISHED;
871 sk->sk_state_change(sk);
872 }
873
874 if ((cb->nsp_flags & 0x1c) == 0)
875 other = 0;
876 if (cb->nsp_flags == 0x04)
877 other = 0;
878
879 /*
880 * Read out ack data here, this applies equally
881 * to data, other data, link serivce and both
882 * ack data and ack otherdata.
883 */
884 dn_process_ack(sk, skb, other);
885
886 /*
887 * If we've some sort of data here then call a
888 * suitable routine for dealing with it, otherwise
889 * the packet is an ack and can be discarded.
890 */
891 if ((cb->nsp_flags & 0x0c) == 0) {
892
893 if (scp->state != DN_RUN)
894 goto free_out;
895
896 switch (cb->nsp_flags) {
897 case 0x10: /* LS */
898 dn_nsp_linkservice(sk, skb);
899 break;
900 case 0x30: /* OD */
901 dn_nsp_otherdata(sk, skb);
902 break;
903 default:
904 dn_nsp_data(sk, skb);
905 }
906
907 } else { /* Ack, chuck it out here */
908 free_out:
909 kfree_skb(skb);
910 }
911 }
912
913 return NET_RX_SUCCESS;
914 }
915
