1 /* 2 * X.25 Packet Layer release 002 3 * 4 * This is ALPHA test software. This code may break your machine, 5 * randomly fail to work with new releases, misbehave and/or generally 6 * screw up. It might even work. 7 * 8 * This code REQUIRES 2.1.15 or higher 9 * 10 * This module: 11 * This module is free software; you can redistribute it and/or 12 * modify it under the terms of the GNU General Public License 13 * as published by the Free Software Foundation; either version 14 * 2 of the License, or (at your option) any later version. 15 * 16 * History 17 * X.25 001 Jonathan Naylor Started coding. 18 * X.25 002 Jonathan Naylor Centralised disconnection code. 19 * New timer architecture. 20 * 2000-03-20 Daniela Squassoni Disabling/enabling of facilities 21 * negotiation. 22 * 2000-11-10 Henner Eisen Check and reset for out-of-sequence 23 * i-frames. 24 */ 25 26 #include <linux/slab.h> 27 #include <linux/errno.h> 28 #include <linux/kernel.h> 29 #include <linux/string.h> 30 #include <linux/skbuff.h> 31 #include <net/sock.h> 32 #include <net/tcp_states.h> 33 #include <net/x25.h> 34 35 static int x25_queue_rx_frame(struct sock *sk, struct sk_buff *skb, int more) 36 { 37 struct sk_buff *skbo, *skbn = skb; 38 struct x25_sock *x25 = x25_sk(sk); 39 40 if (more) { 41 x25->fraglen += skb->len; 42 skb_queue_tail(&x25->fragment_queue, skb); 43 skb_set_owner_r(skb, sk); 44 return 0; 45 } 46 47 if (!more && x25->fraglen > 0) { /* End of fragment */ 48 int len = x25->fraglen + skb->len; 49 50 if ((skbn = alloc_skb(len, GFP_ATOMIC)) == NULL){ 51 kfree_skb(skb); 52 return 1; 53 } 54 55 skb_queue_tail(&x25->fragment_queue, skb); 56 57 skb_reset_transport_header(skbn); 58 59 skbo = skb_dequeue(&x25->fragment_queue); 60 skb_copy_from_linear_data(skbo, skb_put(skbn, skbo->len), 61 skbo->len); 62 kfree_skb(skbo); 63 64 while ((skbo = 65 skb_dequeue(&x25->fragment_queue)) != NULL) { 66 skb_pull(skbo, (x25->neighbour->extended) ? 67 X25_EXT_MIN_LEN : X25_STD_MIN_LEN); 68 skb_copy_from_linear_data(skbo, 69 skb_put(skbn, skbo->len), 70 skbo->len); 71 kfree_skb(skbo); 72 } 73 74 x25->fraglen = 0; 75 } 76 77 skb_set_owner_r(skbn, sk); 78 skb_queue_tail(&sk->sk_receive_queue, skbn); 79 if (!sock_flag(sk, SOCK_DEAD)) 80 sk->sk_data_ready(sk, skbn->len); 81 82 return 0; 83 } 84 85 /* 86 * State machine for state 1, Awaiting Call Accepted State. 87 * The handling of the timer(s) is in file x25_timer.c. 88 * Handling of state 0 and connection release is in af_x25.c. 89 */ 90 static int x25_state1_machine(struct sock *sk, struct sk_buff *skb, int frametype) 91 { 92 struct x25_address source_addr, dest_addr; 93 int len; 94 struct x25_sock *x25 = x25_sk(sk); 95 96 switch (frametype) { 97 case X25_CALL_ACCEPTED: { 98 99 x25_stop_timer(sk); 100 x25->condition = 0x00; 101 x25->vs = 0; 102 x25->va = 0; 103 x25->vr = 0; 104 x25->vl = 0; 105 x25->state = X25_STATE_3; 106 sk->sk_state = TCP_ESTABLISHED; 107 /* 108 * Parse the data in the frame. 109 */ 110 skb_pull(skb, X25_STD_MIN_LEN); 111 112 len = x25_parse_address_block(skb, &source_addr, 113 &dest_addr); 114 if (len > 0) 115 skb_pull(skb, len); 116 else if (len < 0) 117 goto out_clear; 118 119 len = x25_parse_facilities(skb, &x25->facilities, 120 &x25->dte_facilities, 121 &x25->vc_facil_mask); 122 if (len > 0) 123 skb_pull(skb, len); 124 else if (len < 0) 125 goto out_clear; 126 /* 127 * Copy any Call User Data. 128 */ 129 if (skb->len > 0) { 130 if (skb->len > X25_MAX_CUD_LEN) 131 goto out_clear; 132 133 skb_copy_from_linear_data(skb, 134 x25->calluserdata.cuddata, 135 skb->len); 136 x25->calluserdata.cudlength = skb->len; 137 } 138 if (!sock_flag(sk, SOCK_DEAD)) 139 sk->sk_state_change(sk); 140 break; 141 } 142 case X25_CLEAR_REQUEST: 143 x25_write_internal(sk, X25_CLEAR_CONFIRMATION); 144 x25_disconnect(sk, ECONNREFUSED, skb->data[3], skb->data[4]); 145 break; 146 147 default: 148 break; 149 } 150 151 return 0; 152 153 out_clear: 154 x25_write_internal(sk, X25_CLEAR_REQUEST); 155 x25->state = X25_STATE_2; 156 x25_start_t23timer(sk); 157 return 0; 158 } 159 160 /* 161 * State machine for state 2, Awaiting Clear Confirmation State. 162 * The handling of the timer(s) is in file x25_timer.c 163 * Handling of state 0 and connection release is in af_x25.c. 164 */ 165 static int x25_state2_machine(struct sock *sk, struct sk_buff *skb, int frametype) 166 { 167 switch (frametype) { 168 169 case X25_CLEAR_REQUEST: 170 x25_write_internal(sk, X25_CLEAR_CONFIRMATION); 171 x25_disconnect(sk, 0, skb->data[3], skb->data[4]); 172 break; 173 174 case X25_CLEAR_CONFIRMATION: 175 x25_disconnect(sk, 0, 0, 0); 176 break; 177 178 default: 179 break; 180 } 181 182 return 0; 183 } 184 185 /* 186 * State machine for state 3, Connected State. 187 * The handling of the timer(s) is in file x25_timer.c 188 * Handling of state 0 and connection release is in af_x25.c. 189 */ 190 static int x25_state3_machine(struct sock *sk, struct sk_buff *skb, int frametype, int ns, int nr, int q, int d, int m) 191 { 192 int queued = 0; 193 int modulus; 194 struct x25_sock *x25 = x25_sk(sk); 195 196 modulus = (x25->neighbour->extended) ? X25_EMODULUS : X25_SMODULUS; 197 198 switch (frametype) { 199 200 case X25_RESET_REQUEST: 201 x25_write_internal(sk, X25_RESET_CONFIRMATION); 202 x25_stop_timer(sk); 203 x25->condition = 0x00; 204 x25->vs = 0; 205 x25->vr = 0; 206 x25->va = 0; 207 x25->vl = 0; 208 x25_requeue_frames(sk); 209 break; 210 211 case X25_CLEAR_REQUEST: 212 x25_write_internal(sk, X25_CLEAR_CONFIRMATION); 213 x25_disconnect(sk, 0, skb->data[3], skb->data[4]); 214 break; 215 216 case X25_RR: 217 case X25_RNR: 218 if (!x25_validate_nr(sk, nr)) { 219 x25_clear_queues(sk); 220 x25_write_internal(sk, X25_RESET_REQUEST); 221 x25_start_t22timer(sk); 222 x25->condition = 0x00; 223 x25->vs = 0; 224 x25->vr = 0; 225 x25->va = 0; 226 x25->vl = 0; 227 x25->state = X25_STATE_4; 228 } else { 229 x25_frames_acked(sk, nr); 230 if (frametype == X25_RNR) { 231 x25->condition |= X25_COND_PEER_RX_BUSY; 232 } else { 233 x25->condition &= ~X25_COND_PEER_RX_BUSY; 234 } 235 } 236 break; 237 238 case X25_DATA: /* XXX */ 239 x25->condition &= ~X25_COND_PEER_RX_BUSY; 240 if ((ns != x25->vr) || !x25_validate_nr(sk, nr)) { 241 x25_clear_queues(sk); 242 x25_write_internal(sk, X25_RESET_REQUEST); 243 x25_start_t22timer(sk); 244 x25->condition = 0x00; 245 x25->vs = 0; 246 x25->vr = 0; 247 x25->va = 0; 248 x25->vl = 0; 249 x25->state = X25_STATE_4; 250 break; 251 } 252 x25_frames_acked(sk, nr); 253 if (ns == x25->vr) { 254 if (x25_queue_rx_frame(sk, skb, m) == 0) { 255 x25->vr = (x25->vr + 1) % modulus; 256 queued = 1; 257 } else { 258 /* Should never happen */ 259 x25_clear_queues(sk); 260 x25_write_internal(sk, X25_RESET_REQUEST); 261 x25_start_t22timer(sk); 262 x25->condition = 0x00; 263 x25->vs = 0; 264 x25->vr = 0; 265 x25->va = 0; 266 x25->vl = 0; 267 x25->state = X25_STATE_4; 268 break; 269 } 270 if (atomic_read(&sk->sk_rmem_alloc) > 271 (sk->sk_rcvbuf >> 1)) 272 x25->condition |= X25_COND_OWN_RX_BUSY; 273 } 274 /* 275 * If the window is full Ack it immediately, else 276 * start the holdback timer. 277 */ 278 if (((x25->vl + x25->facilities.winsize_in) % modulus) == x25->vr) { 279 x25->condition &= ~X25_COND_ACK_PENDING; 280 x25_stop_timer(sk); 281 x25_enquiry_response(sk); 282 } else { 283 x25->condition |= X25_COND_ACK_PENDING; 284 x25_start_t2timer(sk); 285 } 286 break; 287 288 case X25_INTERRUPT_CONFIRMATION: 289 clear_bit(X25_INTERRUPT_FLAG, &x25->flags); 290 break; 291 292 case X25_INTERRUPT: 293 if (sock_flag(sk, SOCK_URGINLINE)) 294 queued = !sock_queue_rcv_skb(sk, skb); 295 else { 296 skb_set_owner_r(skb, sk); 297 skb_queue_tail(&x25->interrupt_in_queue, skb); 298 queued = 1; 299 } 300 sk_send_sigurg(sk); 301 x25_write_internal(sk, X25_INTERRUPT_CONFIRMATION); 302 break; 303 304 default: 305 printk(KERN_WARNING "x25: unknown %02X in state 3\n", frametype); 306 break; 307 } 308 309 return queued; 310 } 311 312 /* 313 * State machine for state 4, Awaiting Reset Confirmation State. 314 * The handling of the timer(s) is in file x25_timer.c 315 * Handling of state 0 and connection release is in af_x25.c. 316 */ 317 static int x25_state4_machine(struct sock *sk, struct sk_buff *skb, int frametype) 318 { 319 switch (frametype) { 320 321 case X25_RESET_REQUEST: 322 x25_write_internal(sk, X25_RESET_CONFIRMATION); 323 case X25_RESET_CONFIRMATION: { 324 struct x25_sock *x25 = x25_sk(sk); 325 326 x25_stop_timer(sk); 327 x25->condition = 0x00; 328 x25->va = 0; 329 x25->vr = 0; 330 x25->vs = 0; 331 x25->vl = 0; 332 x25->state = X25_STATE_3; 333 x25_requeue_frames(sk); 334 break; 335 } 336 case X25_CLEAR_REQUEST: 337 x25_write_internal(sk, X25_CLEAR_CONFIRMATION); 338 x25_disconnect(sk, 0, skb->data[3], skb->data[4]); 339 break; 340 341 default: 342 break; 343 } 344 345 return 0; 346 } 347 348 /* Higher level upcall for a LAPB frame */ 349 int x25_process_rx_frame(struct sock *sk, struct sk_buff *skb) 350 { 351 struct x25_sock *x25 = x25_sk(sk); 352 int queued = 0, frametype, ns, nr, q, d, m; 353 354 if (x25->state == X25_STATE_0) 355 return 0; 356 357 frametype = x25_decode(sk, skb, &ns, &nr, &q, &d, &m); 358 359 switch (x25->state) { 360 case X25_STATE_1: 361 queued = x25_state1_machine(sk, skb, frametype); 362 break; 363 case X25_STATE_2: 364 queued = x25_state2_machine(sk, skb, frametype); 365 break; 366 case X25_STATE_3: 367 queued = x25_state3_machine(sk, skb, frametype, ns, nr, q, d, m); 368 break; 369 case X25_STATE_4: 370 queued = x25_state4_machine(sk, skb, frametype); 371 break; 372 } 373 374 x25_kick(sk); 375 376 return queued; 377 } 378 379 int x25_backlog_rcv(struct sock *sk, struct sk_buff *skb) 380 { 381 int queued = x25_process_rx_frame(sk, skb); 382 383 if (!queued) 384 kfree_skb(skb); 385 386 return 0; 387 } 388