1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * 4 * Copyright (C) Alan Cox GW4PTS (alan@lxorguk.ukuu.org.uk) 5 * Copyright (C) Jonathan Naylor G4KLX (g4klx@g4klx.demon.co.uk) 6 * Copyright (C) Darryl Miles G7LED (dlm@g7led.demon.co.uk) 7 * Copyright (C) Steven Whitehouse GW7RRM (stevew@acm.org) 8 * Copyright (C) Joerg Reuter DL1BKE (jreuter@yaina.de) 9 * Copyright (C) Hans-Joachim Hetscher DD8NE (dd8ne@bnv-bamberg.de) 10 * Copyright (C) Hans Alblas PE1AYX (hans@esrac.ele.tue.nl) 11 * Copyright (C) Frederic Rible F1OAT (frible@teaser.fr) 12 */ 13 #include <linux/capability.h> 14 #include <linux/module.h> 15 #include <linux/errno.h> 16 #include <linux/types.h> 17 #include <linux/socket.h> 18 #include <linux/in.h> 19 #include <linux/kernel.h> 20 #include <linux/sched/signal.h> 21 #include <linux/timer.h> 22 #include <linux/string.h> 23 #include <linux/sockios.h> 24 #include <linux/net.h> 25 #include <linux/slab.h> 26 #include <net/ax25.h> 27 #include <linux/inet.h> 28 #include <linux/netdevice.h> 29 #include <linux/if_arp.h> 30 #include <linux/skbuff.h> 31 #include <net/sock.h> 32 #include <linux/uaccess.h> 33 #include <linux/fcntl.h> 34 #include <linux/termios.h> /* For TIOCINQ/OUTQ */ 35 #include <linux/mm.h> 36 #include <linux/interrupt.h> 37 #include <linux/notifier.h> 38 #include <linux/proc_fs.h> 39 #include <linux/stat.h> 40 #include <linux/sysctl.h> 41 #include <linux/init.h> 42 #include <linux/spinlock.h> 43 #include <net/net_namespace.h> 44 #include <net/tcp_states.h> 45 #include <net/ip.h> 46 #include <net/arp.h> 47 48 49 50 HLIST_HEAD(ax25_list); 51 DEFINE_SPINLOCK(ax25_list_lock); 52 53 static const struct proto_ops ax25_proto_ops; 54 55 static void ax25_free_sock(struct sock *sk) 56 { 57 ax25_cb_put(sk_to_ax25(sk)); 58 } 59 60 /* 61 * Socket removal during an interrupt is now safe. 62 */ 63 static void ax25_cb_del(ax25_cb *ax25) 64 { 65 spin_lock_bh(&ax25_list_lock); 66 if (!hlist_unhashed(&ax25->ax25_node)) { 67 hlist_del_init(&ax25->ax25_node); 68 ax25_cb_put(ax25); 69 } 70 spin_unlock_bh(&ax25_list_lock); 71 } 72 73 /* 74 * Kill all bound sockets on a dropped device. 75 */ 76 static void ax25_kill_by_device(struct net_device *dev) 77 { 78 ax25_dev *ax25_dev; 79 ax25_cb *s; 80 struct sock *sk; 81 82 if ((ax25_dev = ax25_dev_ax25dev(dev)) == NULL) 83 return; 84 ax25_dev->device_up = false; 85 86 spin_lock_bh(&ax25_list_lock); 87 again: 88 ax25_for_each(s, &ax25_list) { 89 if (s->ax25_dev == ax25_dev) { 90 sk = s->sk; 91 if (!sk) { 92 spin_unlock_bh(&ax25_list_lock); 93 ax25_disconnect(s, ENETUNREACH); 94 s->ax25_dev = NULL; 95 ax25_cb_del(s); 96 spin_lock_bh(&ax25_list_lock); 97 goto again; 98 } 99 sock_hold(sk); 100 spin_unlock_bh(&ax25_list_lock); 101 lock_sock(sk); 102 ax25_disconnect(s, ENETUNREACH); 103 s->ax25_dev = NULL; 104 if (sk->sk_socket) { 105 dev_put_track(ax25_dev->dev, &ax25_dev->dev_tracker); 106 ax25_dev_put(ax25_dev); 107 } 108 ax25_cb_del(s); 109 release_sock(sk); 110 spin_lock_bh(&ax25_list_lock); 111 sock_put(sk); 112 /* The entry could have been deleted from the 113 * list meanwhile and thus the next pointer is 114 * no longer valid. Play it safe and restart 115 * the scan. Forward progress is ensured 116 * because we set s->ax25_dev to NULL and we 117 * are never passed a NULL 'dev' argument. 118 */ 119 goto again; 120 } 121 } 122 spin_unlock_bh(&ax25_list_lock); 123 } 124 125 /* 126 * Handle device status changes. 127 */ 128 static int ax25_device_event(struct notifier_block *this, unsigned long event, 129 void *ptr) 130 { 131 struct net_device *dev = netdev_notifier_info_to_dev(ptr); 132 133 if (!net_eq(dev_net(dev), &init_net)) 134 return NOTIFY_DONE; 135 136 /* Reject non AX.25 devices */ 137 if (dev->type != ARPHRD_AX25) 138 return NOTIFY_DONE; 139 140 switch (event) { 141 case NETDEV_UP: 142 ax25_dev_device_up(dev); 143 break; 144 case NETDEV_DOWN: 145 ax25_kill_by_device(dev); 146 ax25_rt_device_down(dev); 147 ax25_dev_device_down(dev); 148 break; 149 default: 150 break; 151 } 152 153 return NOTIFY_DONE; 154 } 155 156 /* 157 * Add a socket to the bound sockets list. 158 */ 159 void ax25_cb_add(ax25_cb *ax25) 160 { 161 spin_lock_bh(&ax25_list_lock); 162 ax25_cb_hold(ax25); 163 hlist_add_head(&ax25->ax25_node, &ax25_list); 164 spin_unlock_bh(&ax25_list_lock); 165 } 166 167 /* 168 * Find a socket that wants to accept the SABM we have just 169 * received. 170 */ 171 struct sock *ax25_find_listener(ax25_address *addr, int digi, 172 struct net_device *dev, int type) 173 { 174 ax25_cb *s; 175 176 spin_lock(&ax25_list_lock); 177 ax25_for_each(s, &ax25_list) { 178 if ((s->iamdigi && !digi) || (!s->iamdigi && digi)) 179 continue; 180 if (s->sk && !ax25cmp(&s->source_addr, addr) && 181 s->sk->sk_type == type && s->sk->sk_state == TCP_LISTEN) { 182 /* If device is null we match any device */ 183 if (s->ax25_dev == NULL || s->ax25_dev->dev == dev) { 184 sock_hold(s->sk); 185 spin_unlock(&ax25_list_lock); 186 return s->sk; 187 } 188 } 189 } 190 spin_unlock(&ax25_list_lock); 191 192 return NULL; 193 } 194 195 /* 196 * Find an AX.25 socket given both ends. 197 */ 198 struct sock *ax25_get_socket(ax25_address *my_addr, ax25_address *dest_addr, 199 int type) 200 { 201 struct sock *sk = NULL; 202 ax25_cb *s; 203 204 spin_lock(&ax25_list_lock); 205 ax25_for_each(s, &ax25_list) { 206 if (s->sk && !ax25cmp(&s->source_addr, my_addr) && 207 !ax25cmp(&s->dest_addr, dest_addr) && 208 s->sk->sk_type == type) { 209 sk = s->sk; 210 sock_hold(sk); 211 break; 212 } 213 } 214 215 spin_unlock(&ax25_list_lock); 216 217 return sk; 218 } 219 220 /* 221 * Find an AX.25 control block given both ends. It will only pick up 222 * floating AX.25 control blocks or non Raw socket bound control blocks. 223 */ 224 ax25_cb *ax25_find_cb(const ax25_address *src_addr, ax25_address *dest_addr, 225 ax25_digi *digi, struct net_device *dev) 226 { 227 ax25_cb *s; 228 229 spin_lock_bh(&ax25_list_lock); 230 ax25_for_each(s, &ax25_list) { 231 if (s->sk && s->sk->sk_type != SOCK_SEQPACKET) 232 continue; 233 if (s->ax25_dev == NULL) 234 continue; 235 if (ax25cmp(&s->source_addr, src_addr) == 0 && ax25cmp(&s->dest_addr, dest_addr) == 0 && s->ax25_dev->dev == dev) { 236 if (digi != NULL && digi->ndigi != 0) { 237 if (s->digipeat == NULL) 238 continue; 239 if (ax25digicmp(s->digipeat, digi) != 0) 240 continue; 241 } else { 242 if (s->digipeat != NULL && s->digipeat->ndigi != 0) 243 continue; 244 } 245 ax25_cb_hold(s); 246 spin_unlock_bh(&ax25_list_lock); 247 248 return s; 249 } 250 } 251 spin_unlock_bh(&ax25_list_lock); 252 253 return NULL; 254 } 255 256 EXPORT_SYMBOL(ax25_find_cb); 257 258 void ax25_send_to_raw(ax25_address *addr, struct sk_buff *skb, int proto) 259 { 260 ax25_cb *s; 261 struct sk_buff *copy; 262 263 spin_lock(&ax25_list_lock); 264 ax25_for_each(s, &ax25_list) { 265 if (s->sk != NULL && ax25cmp(&s->source_addr, addr) == 0 && 266 s->sk->sk_type == SOCK_RAW && 267 s->sk->sk_protocol == proto && 268 s->ax25_dev->dev == skb->dev && 269 atomic_read(&s->sk->sk_rmem_alloc) <= s->sk->sk_rcvbuf) { 270 if ((copy = skb_clone(skb, GFP_ATOMIC)) == NULL) 271 continue; 272 if (sock_queue_rcv_skb(s->sk, copy) != 0) 273 kfree_skb(copy); 274 } 275 } 276 spin_unlock(&ax25_list_lock); 277 } 278 279 /* 280 * Deferred destroy. 281 */ 282 void ax25_destroy_socket(ax25_cb *); 283 284 /* 285 * Handler for deferred kills. 286 */ 287 static void ax25_destroy_timer(struct timer_list *t) 288 { 289 ax25_cb *ax25 = from_timer(ax25, t, dtimer); 290 struct sock *sk; 291 292 sk=ax25->sk; 293 294 bh_lock_sock(sk); 295 sock_hold(sk); 296 ax25_destroy_socket(ax25); 297 bh_unlock_sock(sk); 298 sock_put(sk); 299 } 300 301 /* 302 * This is called from user mode and the timers. Thus it protects itself 303 * against interrupt users but doesn't worry about being called during 304 * work. Once it is removed from the queue no interrupt or bottom half 305 * will touch it and we are (fairly 8-) ) safe. 306 */ 307 void ax25_destroy_socket(ax25_cb *ax25) 308 { 309 struct sk_buff *skb; 310 311 ax25_cb_del(ax25); 312 313 ax25_stop_heartbeat(ax25); 314 ax25_stop_t1timer(ax25); 315 ax25_stop_t2timer(ax25); 316 ax25_stop_t3timer(ax25); 317 ax25_stop_idletimer(ax25); 318 319 ax25_clear_queues(ax25); /* Flush the queues */ 320 321 if (ax25->sk != NULL) { 322 while ((skb = skb_dequeue(&ax25->sk->sk_receive_queue)) != NULL) { 323 if (skb->sk != ax25->sk) { 324 /* A pending connection */ 325 ax25_cb *sax25 = sk_to_ax25(skb->sk); 326 327 /* Queue the unaccepted socket for death */ 328 sock_orphan(skb->sk); 329 330 /* 9A4GL: hack to release unaccepted sockets */ 331 skb->sk->sk_state = TCP_LISTEN; 332 333 ax25_start_heartbeat(sax25); 334 sax25->state = AX25_STATE_0; 335 } 336 337 kfree_skb(skb); 338 } 339 skb_queue_purge(&ax25->sk->sk_write_queue); 340 } 341 342 if (ax25->sk != NULL) { 343 if (sk_has_allocations(ax25->sk)) { 344 /* Defer: outstanding buffers */ 345 timer_setup(&ax25->dtimer, ax25_destroy_timer, 0); 346 ax25->dtimer.expires = jiffies + 2 * HZ; 347 add_timer(&ax25->dtimer); 348 } else { 349 struct sock *sk=ax25->sk; 350 ax25->sk=NULL; 351 sock_put(sk); 352 } 353 } else { 354 ax25_cb_put(ax25); 355 } 356 } 357 358 /* 359 * dl1bke 960311: set parameters for existing AX.25 connections, 360 * includes a KILL command to abort any connection. 361 * VERY useful for debugging ;-) 362 */ 363 static int ax25_ctl_ioctl(const unsigned int cmd, void __user *arg) 364 { 365 struct ax25_ctl_struct ax25_ctl; 366 ax25_digi digi; 367 ax25_dev *ax25_dev; 368 ax25_cb *ax25; 369 unsigned int k; 370 int ret = 0; 371 372 if (copy_from_user(&ax25_ctl, arg, sizeof(ax25_ctl))) 373 return -EFAULT; 374 375 if (ax25_ctl.digi_count > AX25_MAX_DIGIS) 376 return -EINVAL; 377 378 if (ax25_ctl.arg > ULONG_MAX / HZ && ax25_ctl.cmd != AX25_KILL) 379 return -EINVAL; 380 381 ax25_dev = ax25_addr_ax25dev(&ax25_ctl.port_addr); 382 if (!ax25_dev) 383 return -ENODEV; 384 385 digi.ndigi = ax25_ctl.digi_count; 386 for (k = 0; k < digi.ndigi; k++) 387 digi.calls[k] = ax25_ctl.digi_addr[k]; 388 389 ax25 = ax25_find_cb(&ax25_ctl.source_addr, &ax25_ctl.dest_addr, &digi, ax25_dev->dev); 390 if (!ax25) { 391 ax25_dev_put(ax25_dev); 392 return -ENOTCONN; 393 } 394 395 switch (ax25_ctl.cmd) { 396 case AX25_KILL: 397 ax25_send_control(ax25, AX25_DISC, AX25_POLLON, AX25_COMMAND); 398 #ifdef CONFIG_AX25_DAMA_SLAVE 399 if (ax25_dev->dama.slave && ax25->ax25_dev->values[AX25_VALUES_PROTOCOL] == AX25_PROTO_DAMA_SLAVE) 400 ax25_dama_off(ax25); 401 #endif 402 ax25_disconnect(ax25, ENETRESET); 403 break; 404 405 case AX25_WINDOW: 406 if (ax25->modulus == AX25_MODULUS) { 407 if (ax25_ctl.arg < 1 || ax25_ctl.arg > 7) 408 goto einval_put; 409 } else { 410 if (ax25_ctl.arg < 1 || ax25_ctl.arg > 63) 411 goto einval_put; 412 } 413 ax25->window = ax25_ctl.arg; 414 break; 415 416 case AX25_T1: 417 if (ax25_ctl.arg < 1 || ax25_ctl.arg > ULONG_MAX / HZ) 418 goto einval_put; 419 ax25->rtt = (ax25_ctl.arg * HZ) / 2; 420 ax25->t1 = ax25_ctl.arg * HZ; 421 break; 422 423 case AX25_T2: 424 if (ax25_ctl.arg < 1 || ax25_ctl.arg > ULONG_MAX / HZ) 425 goto einval_put; 426 ax25->t2 = ax25_ctl.arg * HZ; 427 break; 428 429 case AX25_N2: 430 if (ax25_ctl.arg < 1 || ax25_ctl.arg > 31) 431 goto einval_put; 432 ax25->n2count = 0; 433 ax25->n2 = ax25_ctl.arg; 434 break; 435 436 case AX25_T3: 437 if (ax25_ctl.arg > ULONG_MAX / HZ) 438 goto einval_put; 439 ax25->t3 = ax25_ctl.arg * HZ; 440 break; 441 442 case AX25_IDLE: 443 if (ax25_ctl.arg > ULONG_MAX / (60 * HZ)) 444 goto einval_put; 445 446 ax25->idle = ax25_ctl.arg * 60 * HZ; 447 break; 448 449 case AX25_PACLEN: 450 if (ax25_ctl.arg < 16 || ax25_ctl.arg > 65535) 451 goto einval_put; 452 ax25->paclen = ax25_ctl.arg; 453 break; 454 455 default: 456 goto einval_put; 457 } 458 459 out_put: 460 ax25_dev_put(ax25_dev); 461 ax25_cb_put(ax25); 462 return ret; 463 464 einval_put: 465 ret = -EINVAL; 466 goto out_put; 467 } 468 469 static void ax25_fillin_cb_from_dev(ax25_cb *ax25, ax25_dev *ax25_dev) 470 { 471 ax25->rtt = msecs_to_jiffies(ax25_dev->values[AX25_VALUES_T1]) / 2; 472 ax25->t1 = msecs_to_jiffies(ax25_dev->values[AX25_VALUES_T1]); 473 ax25->t2 = msecs_to_jiffies(ax25_dev->values[AX25_VALUES_T2]); 474 ax25->t3 = msecs_to_jiffies(ax25_dev->values[AX25_VALUES_T3]); 475 ax25->n2 = ax25_dev->values[AX25_VALUES_N2]; 476 ax25->paclen = ax25_dev->values[AX25_VALUES_PACLEN]; 477 ax25->idle = msecs_to_jiffies(ax25_dev->values[AX25_VALUES_IDLE]); 478 ax25->backoff = ax25_dev->values[AX25_VALUES_BACKOFF]; 479 480 if (ax25_dev->values[AX25_VALUES_AXDEFMODE]) { 481 ax25->modulus = AX25_EMODULUS; 482 ax25->window = ax25_dev->values[AX25_VALUES_EWINDOW]; 483 } else { 484 ax25->modulus = AX25_MODULUS; 485 ax25->window = ax25_dev->values[AX25_VALUES_WINDOW]; 486 } 487 } 488 489 /* 490 * Fill in a created AX.25 created control block with the default 491 * values for a particular device. 492 */ 493 void ax25_fillin_cb(ax25_cb *ax25, ax25_dev *ax25_dev) 494 { 495 ax25->ax25_dev = ax25_dev; 496 497 if (ax25->ax25_dev != NULL) { 498 ax25_fillin_cb_from_dev(ax25, ax25_dev); 499 return; 500 } 501 502 /* 503 * No device, use kernel / AX.25 spec default values 504 */ 505 ax25->rtt = msecs_to_jiffies(AX25_DEF_T1) / 2; 506 ax25->t1 = msecs_to_jiffies(AX25_DEF_T1); 507 ax25->t2 = msecs_to_jiffies(AX25_DEF_T2); 508 ax25->t3 = msecs_to_jiffies(AX25_DEF_T3); 509 ax25->n2 = AX25_DEF_N2; 510 ax25->paclen = AX25_DEF_PACLEN; 511 ax25->idle = msecs_to_jiffies(AX25_DEF_IDLE); 512 ax25->backoff = AX25_DEF_BACKOFF; 513 514 if (AX25_DEF_AXDEFMODE) { 515 ax25->modulus = AX25_EMODULUS; 516 ax25->window = AX25_DEF_EWINDOW; 517 } else { 518 ax25->modulus = AX25_MODULUS; 519 ax25->window = AX25_DEF_WINDOW; 520 } 521 } 522 523 /* 524 * Create an empty AX.25 control block. 525 */ 526 ax25_cb *ax25_create_cb(void) 527 { 528 ax25_cb *ax25; 529 530 if ((ax25 = kzalloc(sizeof(*ax25), GFP_ATOMIC)) == NULL) 531 return NULL; 532 533 refcount_set(&ax25->refcount, 1); 534 535 skb_queue_head_init(&ax25->write_queue); 536 skb_queue_head_init(&ax25->frag_queue); 537 skb_queue_head_init(&ax25->ack_queue); 538 skb_queue_head_init(&ax25->reseq_queue); 539 540 ax25_setup_timers(ax25); 541 542 ax25_fillin_cb(ax25, NULL); 543 544 ax25->state = AX25_STATE_0; 545 546 return ax25; 547 } 548 549 /* 550 * Handling for system calls applied via the various interfaces to an 551 * AX25 socket object 552 */ 553 554 static int ax25_setsockopt(struct socket *sock, int level, int optname, 555 sockptr_t optval, unsigned int optlen) 556 { 557 struct sock *sk = sock->sk; 558 ax25_cb *ax25; 559 struct net_device *dev; 560 char devname[IFNAMSIZ]; 561 unsigned int opt; 562 int res = 0; 563 564 if (level != SOL_AX25) 565 return -ENOPROTOOPT; 566 567 if (optlen < sizeof(unsigned int)) 568 return -EINVAL; 569 570 if (copy_from_sockptr(&opt, optval, sizeof(unsigned int))) 571 return -EFAULT; 572 573 lock_sock(sk); 574 ax25 = sk_to_ax25(sk); 575 576 switch (optname) { 577 case AX25_WINDOW: 578 if (ax25->modulus == AX25_MODULUS) { 579 if (opt < 1 || opt > 7) { 580 res = -EINVAL; 581 break; 582 } 583 } else { 584 if (opt < 1 || opt > 63) { 585 res = -EINVAL; 586 break; 587 } 588 } 589 ax25->window = opt; 590 break; 591 592 case AX25_T1: 593 if (opt < 1 || opt > UINT_MAX / HZ) { 594 res = -EINVAL; 595 break; 596 } 597 ax25->rtt = (opt * HZ) >> 1; 598 ax25->t1 = opt * HZ; 599 break; 600 601 case AX25_T2: 602 if (opt < 1 || opt > UINT_MAX / HZ) { 603 res = -EINVAL; 604 break; 605 } 606 ax25->t2 = opt * HZ; 607 break; 608 609 case AX25_N2: 610 if (opt < 1 || opt > 31) { 611 res = -EINVAL; 612 break; 613 } 614 ax25->n2 = opt; 615 break; 616 617 case AX25_T3: 618 if (opt < 1 || opt > UINT_MAX / HZ) { 619 res = -EINVAL; 620 break; 621 } 622 ax25->t3 = opt * HZ; 623 break; 624 625 case AX25_IDLE: 626 if (opt > UINT_MAX / (60 * HZ)) { 627 res = -EINVAL; 628 break; 629 } 630 ax25->idle = opt * 60 * HZ; 631 break; 632 633 case AX25_BACKOFF: 634 if (opt > 2) { 635 res = -EINVAL; 636 break; 637 } 638 ax25->backoff = opt; 639 break; 640 641 case AX25_EXTSEQ: 642 ax25->modulus = opt ? AX25_EMODULUS : AX25_MODULUS; 643 break; 644 645 case AX25_PIDINCL: 646 ax25->pidincl = opt ? 1 : 0; 647 break; 648 649 case AX25_IAMDIGI: 650 ax25->iamdigi = opt ? 1 : 0; 651 break; 652 653 case AX25_PACLEN: 654 if (opt < 16 || opt > 65535) { 655 res = -EINVAL; 656 break; 657 } 658 ax25->paclen = opt; 659 break; 660 661 case SO_BINDTODEVICE: 662 if (optlen > IFNAMSIZ - 1) 663 optlen = IFNAMSIZ - 1; 664 665 memset(devname, 0, sizeof(devname)); 666 667 if (copy_from_sockptr(devname, optval, optlen)) { 668 res = -EFAULT; 669 break; 670 } 671 672 if (sk->sk_type == SOCK_SEQPACKET && 673 (sock->state != SS_UNCONNECTED || 674 sk->sk_state == TCP_LISTEN)) { 675 res = -EADDRNOTAVAIL; 676 break; 677 } 678 679 rtnl_lock(); 680 dev = __dev_get_by_name(&init_net, devname); 681 if (!dev) { 682 rtnl_unlock(); 683 res = -ENODEV; 684 break; 685 } 686 687 ax25->ax25_dev = ax25_dev_ax25dev(dev); 688 if (!ax25->ax25_dev) { 689 rtnl_unlock(); 690 res = -ENODEV; 691 break; 692 } 693 ax25_fillin_cb(ax25, ax25->ax25_dev); 694 rtnl_unlock(); 695 break; 696 697 default: 698 res = -ENOPROTOOPT; 699 } 700 release_sock(sk); 701 702 return res; 703 } 704 705 static int ax25_getsockopt(struct socket *sock, int level, int optname, 706 char __user *optval, int __user *optlen) 707 { 708 struct sock *sk = sock->sk; 709 ax25_cb *ax25; 710 struct ax25_dev *ax25_dev; 711 char devname[IFNAMSIZ]; 712 void *valptr; 713 int val = 0; 714 int maxlen, length; 715 716 if (level != SOL_AX25) 717 return -ENOPROTOOPT; 718 719 if (get_user(maxlen, optlen)) 720 return -EFAULT; 721 722 if (maxlen < 1) 723 return -EFAULT; 724 725 valptr = (void *) &val; 726 length = min_t(unsigned int, maxlen, sizeof(int)); 727 728 lock_sock(sk); 729 ax25 = sk_to_ax25(sk); 730 731 switch (optname) { 732 case AX25_WINDOW: 733 val = ax25->window; 734 break; 735 736 case AX25_T1: 737 val = ax25->t1 / HZ; 738 break; 739 740 case AX25_T2: 741 val = ax25->t2 / HZ; 742 break; 743 744 case AX25_N2: 745 val = ax25->n2; 746 break; 747 748 case AX25_T3: 749 val = ax25->t3 / HZ; 750 break; 751 752 case AX25_IDLE: 753 val = ax25->idle / (60 * HZ); 754 break; 755 756 case AX25_BACKOFF: 757 val = ax25->backoff; 758 break; 759 760 case AX25_EXTSEQ: 761 val = (ax25->modulus == AX25_EMODULUS); 762 break; 763 764 case AX25_PIDINCL: 765 val = ax25->pidincl; 766 break; 767 768 case AX25_IAMDIGI: 769 val = ax25->iamdigi; 770 break; 771 772 case AX25_PACLEN: 773 val = ax25->paclen; 774 break; 775 776 case SO_BINDTODEVICE: 777 ax25_dev = ax25->ax25_dev; 778 779 if (ax25_dev != NULL && ax25_dev->dev != NULL) { 780 strlcpy(devname, ax25_dev->dev->name, sizeof(devname)); 781 length = strlen(devname) + 1; 782 } else { 783 *devname = '\0'; 784 length = 1; 785 } 786 787 valptr = (void *) devname; 788 break; 789 790 default: 791 release_sock(sk); 792 return -ENOPROTOOPT; 793 } 794 release_sock(sk); 795 796 if (put_user(length, optlen)) 797 return -EFAULT; 798 799 return copy_to_user(optval, valptr, length) ? -EFAULT : 0; 800 } 801 802 static int ax25_listen(struct socket *sock, int backlog) 803 { 804 struct sock *sk = sock->sk; 805 int res = 0; 806 807 lock_sock(sk); 808 if (sk->sk_type == SOCK_SEQPACKET && sk->sk_state != TCP_LISTEN) { 809 sk->sk_max_ack_backlog = backlog; 810 sk->sk_state = TCP_LISTEN; 811 goto out; 812 } 813 res = -EOPNOTSUPP; 814 815 out: 816 release_sock(sk); 817 818 return res; 819 } 820 821 /* 822 * XXX: when creating ax25_sock we should update the .obj_size setting 823 * below. 824 */ 825 static struct proto ax25_proto = { 826 .name = "AX25", 827 .owner = THIS_MODULE, 828 .obj_size = sizeof(struct ax25_sock), 829 }; 830 831 static int ax25_create(struct net *net, struct socket *sock, int protocol, 832 int kern) 833 { 834 struct sock *sk; 835 ax25_cb *ax25; 836 837 if (protocol < 0 || protocol > U8_MAX) 838 return -EINVAL; 839 840 if (!net_eq(net, &init_net)) 841 return -EAFNOSUPPORT; 842 843 switch (sock->type) { 844 case SOCK_DGRAM: 845 if (protocol == 0 || protocol == PF_AX25) 846 protocol = AX25_P_TEXT; 847 break; 848 849 case SOCK_SEQPACKET: 850 switch (protocol) { 851 case 0: 852 case PF_AX25: /* For CLX */ 853 protocol = AX25_P_TEXT; 854 break; 855 case AX25_P_SEGMENT: 856 #ifdef CONFIG_INET 857 case AX25_P_ARP: 858 case AX25_P_IP: 859 #endif 860 #ifdef CONFIG_NETROM 861 case AX25_P_NETROM: 862 #endif 863 #ifdef CONFIG_ROSE 864 case AX25_P_ROSE: 865 #endif 866 return -ESOCKTNOSUPPORT; 867 #ifdef CONFIG_NETROM_MODULE 868 case AX25_P_NETROM: 869 if (ax25_protocol_is_registered(AX25_P_NETROM)) 870 return -ESOCKTNOSUPPORT; 871 break; 872 #endif 873 #ifdef CONFIG_ROSE_MODULE 874 case AX25_P_ROSE: 875 if (ax25_protocol_is_registered(AX25_P_ROSE)) 876 return -ESOCKTNOSUPPORT; 877 break; 878 #endif 879 default: 880 break; 881 } 882 break; 883 884 case SOCK_RAW: 885 if (!capable(CAP_NET_RAW)) 886 return -EPERM; 887 break; 888 default: 889 return -ESOCKTNOSUPPORT; 890 } 891 892 sk = sk_alloc(net, PF_AX25, GFP_ATOMIC, &ax25_proto, kern); 893 if (sk == NULL) 894 return -ENOMEM; 895 896 ax25 = ax25_sk(sk)->cb = ax25_create_cb(); 897 if (!ax25) { 898 sk_free(sk); 899 return -ENOMEM; 900 } 901 902 sock_init_data(sock, sk); 903 904 sk->sk_destruct = ax25_free_sock; 905 sock->ops = &ax25_proto_ops; 906 sk->sk_protocol = protocol; 907 908 ax25->sk = sk; 909 910 return 0; 911 } 912 913 struct sock *ax25_make_new(struct sock *osk, struct ax25_dev *ax25_dev) 914 { 915 struct sock *sk; 916 ax25_cb *ax25, *oax25; 917 918 sk = sk_alloc(sock_net(osk), PF_AX25, GFP_ATOMIC, osk->sk_prot, 0); 919 if (sk == NULL) 920 return NULL; 921 922 if ((ax25 = ax25_create_cb()) == NULL) { 923 sk_free(sk); 924 return NULL; 925 } 926 927 switch (osk->sk_type) { 928 case SOCK_DGRAM: 929 break; 930 case SOCK_SEQPACKET: 931 break; 932 default: 933 sk_free(sk); 934 ax25_cb_put(ax25); 935 return NULL; 936 } 937 938 sock_init_data(NULL, sk); 939 940 sk->sk_type = osk->sk_type; 941 sk->sk_priority = osk->sk_priority; 942 sk->sk_protocol = osk->sk_protocol; 943 sk->sk_rcvbuf = osk->sk_rcvbuf; 944 sk->sk_sndbuf = osk->sk_sndbuf; 945 sk->sk_state = TCP_ESTABLISHED; 946 sock_copy_flags(sk, osk); 947 948 oax25 = sk_to_ax25(osk); 949 950 ax25->modulus = oax25->modulus; 951 ax25->backoff = oax25->backoff; 952 ax25->pidincl = oax25->pidincl; 953 ax25->iamdigi = oax25->iamdigi; 954 ax25->rtt = oax25->rtt; 955 ax25->t1 = oax25->t1; 956 ax25->t2 = oax25->t2; 957 ax25->t3 = oax25->t3; 958 ax25->n2 = oax25->n2; 959 ax25->idle = oax25->idle; 960 ax25->paclen = oax25->paclen; 961 ax25->window = oax25->window; 962 963 ax25->ax25_dev = ax25_dev; 964 ax25->source_addr = oax25->source_addr; 965 966 if (oax25->digipeat != NULL) { 967 ax25->digipeat = kmemdup(oax25->digipeat, sizeof(ax25_digi), 968 GFP_ATOMIC); 969 if (ax25->digipeat == NULL) { 970 sk_free(sk); 971 ax25_cb_put(ax25); 972 return NULL; 973 } 974 } 975 976 ax25_sk(sk)->cb = ax25; 977 sk->sk_destruct = ax25_free_sock; 978 ax25->sk = sk; 979 980 return sk; 981 } 982 983 static int ax25_release(struct socket *sock) 984 { 985 struct sock *sk = sock->sk; 986 ax25_cb *ax25; 987 ax25_dev *ax25_dev; 988 989 if (sk == NULL) 990 return 0; 991 992 sock_hold(sk); 993 lock_sock(sk); 994 sock_orphan(sk); 995 ax25 = sk_to_ax25(sk); 996 ax25_dev = ax25->ax25_dev; 997 998 if (sk->sk_type == SOCK_SEQPACKET) { 999 switch (ax25->state) { 1000 case AX25_STATE_0: 1001 if (!sock_flag(ax25->sk, SOCK_DEAD)) { 1002 release_sock(sk); 1003 ax25_disconnect(ax25, 0); 1004 lock_sock(sk); 1005 } 1006 ax25_destroy_socket(ax25); 1007 break; 1008 1009 case AX25_STATE_1: 1010 case AX25_STATE_2: 1011 ax25_send_control(ax25, AX25_DISC, AX25_POLLON, AX25_COMMAND); 1012 release_sock(sk); 1013 ax25_disconnect(ax25, 0); 1014 lock_sock(sk); 1015 if (!sock_flag(ax25->sk, SOCK_DESTROY)) 1016 ax25_destroy_socket(ax25); 1017 break; 1018 1019 case AX25_STATE_3: 1020 case AX25_STATE_4: 1021 ax25_clear_queues(ax25); 1022 ax25->n2count = 0; 1023 1024 switch (ax25->ax25_dev->values[AX25_VALUES_PROTOCOL]) { 1025 case AX25_PROTO_STD_SIMPLEX: 1026 case AX25_PROTO_STD_DUPLEX: 1027 ax25_send_control(ax25, 1028 AX25_DISC, 1029 AX25_POLLON, 1030 AX25_COMMAND); 1031 ax25_stop_t2timer(ax25); 1032 ax25_stop_t3timer(ax25); 1033 ax25_stop_idletimer(ax25); 1034 break; 1035 #ifdef CONFIG_AX25_DAMA_SLAVE 1036 case AX25_PROTO_DAMA_SLAVE: 1037 ax25_stop_t3timer(ax25); 1038 ax25_stop_idletimer(ax25); 1039 break; 1040 #endif 1041 } 1042 ax25_calculate_t1(ax25); 1043 ax25_start_t1timer(ax25); 1044 ax25->state = AX25_STATE_2; 1045 sk->sk_state = TCP_CLOSE; 1046 sk->sk_shutdown |= SEND_SHUTDOWN; 1047 sk->sk_state_change(sk); 1048 sock_set_flag(sk, SOCK_DESTROY); 1049 break; 1050 1051 default: 1052 break; 1053 } 1054 } else { 1055 sk->sk_state = TCP_CLOSE; 1056 sk->sk_shutdown |= SEND_SHUTDOWN; 1057 sk->sk_state_change(sk); 1058 ax25_destroy_socket(ax25); 1059 } 1060 if (ax25_dev) { 1061 if (!ax25_dev->device_up) { 1062 del_timer_sync(&ax25->timer); 1063 del_timer_sync(&ax25->t1timer); 1064 del_timer_sync(&ax25->t2timer); 1065 del_timer_sync(&ax25->t3timer); 1066 del_timer_sync(&ax25->idletimer); 1067 } 1068 dev_put_track(ax25_dev->dev, &ax25_dev->dev_tracker); 1069 ax25_dev_put(ax25_dev); 1070 } 1071 1072 sock->sk = NULL; 1073 release_sock(sk); 1074 sock_put(sk); 1075 1076 return 0; 1077 } 1078 1079 /* 1080 * We support a funny extension here so you can (as root) give any callsign 1081 * digipeated via a local address as source. This hack is obsolete now 1082 * that we've implemented support for SO_BINDTODEVICE. It is however small 1083 * and trivially backward compatible. 1084 */ 1085 static int ax25_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) 1086 { 1087 struct sock *sk = sock->sk; 1088 struct full_sockaddr_ax25 *addr = (struct full_sockaddr_ax25 *)uaddr; 1089 ax25_dev *ax25_dev = NULL; 1090 ax25_uid_assoc *user; 1091 ax25_address call; 1092 ax25_cb *ax25; 1093 int err = 0; 1094 1095 if (addr_len != sizeof(struct sockaddr_ax25) && 1096 addr_len != sizeof(struct full_sockaddr_ax25)) 1097 /* support for old structure may go away some time 1098 * ax25_bind(): uses old (6 digipeater) socket structure. 1099 */ 1100 if ((addr_len < sizeof(struct sockaddr_ax25) + sizeof(ax25_address) * 6) || 1101 (addr_len > sizeof(struct full_sockaddr_ax25))) 1102 return -EINVAL; 1103 1104 if (addr->fsa_ax25.sax25_family != AF_AX25) 1105 return -EINVAL; 1106 1107 user = ax25_findbyuid(current_euid()); 1108 if (user) { 1109 call = user->call; 1110 ax25_uid_put(user); 1111 } else { 1112 if (ax25_uid_policy && !capable(CAP_NET_ADMIN)) 1113 return -EACCES; 1114 1115 call = addr->fsa_ax25.sax25_call; 1116 } 1117 1118 lock_sock(sk); 1119 1120 ax25 = sk_to_ax25(sk); 1121 if (!sock_flag(sk, SOCK_ZAPPED)) { 1122 err = -EINVAL; 1123 goto out; 1124 } 1125 1126 ax25->source_addr = call; 1127 1128 /* 1129 * User already set interface with SO_BINDTODEVICE 1130 */ 1131 if (ax25->ax25_dev != NULL) 1132 goto done; 1133 1134 if (addr_len > sizeof(struct sockaddr_ax25) && addr->fsa_ax25.sax25_ndigis == 1) { 1135 if (ax25cmp(&addr->fsa_digipeater[0], &null_ax25_address) != 0 && 1136 (ax25_dev = ax25_addr_ax25dev(&addr->fsa_digipeater[0])) == NULL) { 1137 err = -EADDRNOTAVAIL; 1138 goto out; 1139 } 1140 } else { 1141 if ((ax25_dev = ax25_addr_ax25dev(&addr->fsa_ax25.sax25_call)) == NULL) { 1142 err = -EADDRNOTAVAIL; 1143 goto out; 1144 } 1145 } 1146 1147 if (ax25_dev) { 1148 ax25_fillin_cb(ax25, ax25_dev); 1149 dev_hold_track(ax25_dev->dev, &ax25_dev->dev_tracker, GFP_ATOMIC); 1150 } 1151 1152 done: 1153 ax25_cb_add(ax25); 1154 sock_reset_flag(sk, SOCK_ZAPPED); 1155 1156 out: 1157 release_sock(sk); 1158 1159 return err; 1160 } 1161 1162 /* 1163 * FIXME: nonblock behaviour looks like it may have a bug. 1164 */ 1165 static int __must_check ax25_connect(struct socket *sock, 1166 struct sockaddr *uaddr, int addr_len, int flags) 1167 { 1168 struct sock *sk = sock->sk; 1169 ax25_cb *ax25 = sk_to_ax25(sk), *ax25t; 1170 struct full_sockaddr_ax25 *fsa = (struct full_sockaddr_ax25 *)uaddr; 1171 ax25_digi *digi = NULL; 1172 int ct = 0, err = 0; 1173 1174 /* 1175 * some sanity checks. code further down depends on this 1176 */ 1177 1178 if (addr_len == sizeof(struct sockaddr_ax25)) 1179 /* support for this will go away in early 2.5.x 1180 * ax25_connect(): uses obsolete socket structure 1181 */ 1182 ; 1183 else if (addr_len != sizeof(struct full_sockaddr_ax25)) 1184 /* support for old structure may go away some time 1185 * ax25_connect(): uses old (6 digipeater) socket structure. 1186 */ 1187 if ((addr_len < sizeof(struct sockaddr_ax25) + sizeof(ax25_address) * 6) || 1188 (addr_len > sizeof(struct full_sockaddr_ax25))) 1189 return -EINVAL; 1190 1191 1192 if (fsa->fsa_ax25.sax25_family != AF_AX25) 1193 return -EINVAL; 1194 1195 lock_sock(sk); 1196 1197 /* deal with restarts */ 1198 if (sock->state == SS_CONNECTING) { 1199 switch (sk->sk_state) { 1200 case TCP_SYN_SENT: /* still trying */ 1201 err = -EINPROGRESS; 1202 goto out_release; 1203 1204 case TCP_ESTABLISHED: /* connection established */ 1205 sock->state = SS_CONNECTED; 1206 goto out_release; 1207 1208 case TCP_CLOSE: /* connection refused */ 1209 sock->state = SS_UNCONNECTED; 1210 err = -ECONNREFUSED; 1211 goto out_release; 1212 } 1213 } 1214 1215 if (sk->sk_state == TCP_ESTABLISHED && sk->sk_type == SOCK_SEQPACKET) { 1216 err = -EISCONN; /* No reconnect on a seqpacket socket */ 1217 goto out_release; 1218 } 1219 1220 sk->sk_state = TCP_CLOSE; 1221 sock->state = SS_UNCONNECTED; 1222 1223 kfree(ax25->digipeat); 1224 ax25->digipeat = NULL; 1225 1226 /* 1227 * Handle digi-peaters to be used. 1228 */ 1229 if (addr_len > sizeof(struct sockaddr_ax25) && 1230 fsa->fsa_ax25.sax25_ndigis != 0) { 1231 /* Valid number of digipeaters ? */ 1232 if (fsa->fsa_ax25.sax25_ndigis < 1 || 1233 fsa->fsa_ax25.sax25_ndigis > AX25_MAX_DIGIS || 1234 addr_len < sizeof(struct sockaddr_ax25) + 1235 sizeof(ax25_address) * fsa->fsa_ax25.sax25_ndigis) { 1236 err = -EINVAL; 1237 goto out_release; 1238 } 1239 1240 if ((digi = kmalloc(sizeof(ax25_digi), GFP_KERNEL)) == NULL) { 1241 err = -ENOBUFS; 1242 goto out_release; 1243 } 1244 1245 digi->ndigi = fsa->fsa_ax25.sax25_ndigis; 1246 digi->lastrepeat = -1; 1247 1248 while (ct < fsa->fsa_ax25.sax25_ndigis) { 1249 if ((fsa->fsa_digipeater[ct].ax25_call[6] & 1250 AX25_HBIT) && ax25->iamdigi) { 1251 digi->repeated[ct] = 1; 1252 digi->lastrepeat = ct; 1253 } else { 1254 digi->repeated[ct] = 0; 1255 } 1256 digi->calls[ct] = fsa->fsa_digipeater[ct]; 1257 ct++; 1258 } 1259 } 1260 1261 /* 1262 * Must bind first - autobinding in this may or may not work. If 1263 * the socket is already bound, check to see if the device has 1264 * been filled in, error if it hasn't. 1265 */ 1266 if (sock_flag(sk, SOCK_ZAPPED)) { 1267 /* check if we can remove this feature. It is broken. */ 1268 printk(KERN_WARNING "ax25_connect(): %s uses autobind, please contact jreuter@yaina.de\n", 1269 current->comm); 1270 if ((err = ax25_rt_autobind(ax25, &fsa->fsa_ax25.sax25_call)) < 0) { 1271 kfree(digi); 1272 goto out_release; 1273 } 1274 1275 ax25_fillin_cb(ax25, ax25->ax25_dev); 1276 ax25_cb_add(ax25); 1277 } else { 1278 if (ax25->ax25_dev == NULL) { 1279 kfree(digi); 1280 err = -EHOSTUNREACH; 1281 goto out_release; 1282 } 1283 } 1284 1285 if (sk->sk_type == SOCK_SEQPACKET && 1286 (ax25t=ax25_find_cb(&ax25->source_addr, &fsa->fsa_ax25.sax25_call, digi, 1287 ax25->ax25_dev->dev))) { 1288 kfree(digi); 1289 err = -EADDRINUSE; /* Already such a connection */ 1290 ax25_cb_put(ax25t); 1291 goto out_release; 1292 } 1293 1294 ax25->dest_addr = fsa->fsa_ax25.sax25_call; 1295 ax25->digipeat = digi; 1296 1297 /* First the easy one */ 1298 if (sk->sk_type != SOCK_SEQPACKET) { 1299 sock->state = SS_CONNECTED; 1300 sk->sk_state = TCP_ESTABLISHED; 1301 goto out_release; 1302 } 1303 1304 /* Move to connecting socket, ax.25 lapb WAIT_UA.. */ 1305 sock->state = SS_CONNECTING; 1306 sk->sk_state = TCP_SYN_SENT; 1307 1308 switch (ax25->ax25_dev->values[AX25_VALUES_PROTOCOL]) { 1309 case AX25_PROTO_STD_SIMPLEX: 1310 case AX25_PROTO_STD_DUPLEX: 1311 ax25_std_establish_data_link(ax25); 1312 break; 1313 1314 #ifdef CONFIG_AX25_DAMA_SLAVE 1315 case AX25_PROTO_DAMA_SLAVE: 1316 ax25->modulus = AX25_MODULUS; 1317 ax25->window = ax25->ax25_dev->values[AX25_VALUES_WINDOW]; 1318 if (ax25->ax25_dev->dama.slave) 1319 ax25_ds_establish_data_link(ax25); 1320 else 1321 ax25_std_establish_data_link(ax25); 1322 break; 1323 #endif 1324 } 1325 1326 ax25->state = AX25_STATE_1; 1327 1328 ax25_start_heartbeat(ax25); 1329 1330 /* Now the loop */ 1331 if (sk->sk_state != TCP_ESTABLISHED && (flags & O_NONBLOCK)) { 1332 err = -EINPROGRESS; 1333 goto out_release; 1334 } 1335 1336 if (sk->sk_state == TCP_SYN_SENT) { 1337 DEFINE_WAIT(wait); 1338 1339 for (;;) { 1340 prepare_to_wait(sk_sleep(sk), &wait, 1341 TASK_INTERRUPTIBLE); 1342 if (sk->sk_state != TCP_SYN_SENT) 1343 break; 1344 if (!signal_pending(current)) { 1345 release_sock(sk); 1346 schedule(); 1347 lock_sock(sk); 1348 continue; 1349 } 1350 err = -ERESTARTSYS; 1351 break; 1352 } 1353 finish_wait(sk_sleep(sk), &wait); 1354 1355 if (err) 1356 goto out_release; 1357 } 1358 1359 if (sk->sk_state != TCP_ESTABLISHED) { 1360 /* Not in ABM, not in WAIT_UA -> failed */ 1361 sock->state = SS_UNCONNECTED; 1362 err = sock_error(sk); /* Always set at this point */ 1363 goto out_release; 1364 } 1365 1366 sock->state = SS_CONNECTED; 1367 1368 err = 0; 1369 out_release: 1370 release_sock(sk); 1371 1372 return err; 1373 } 1374 1375 static int ax25_accept(struct socket *sock, struct socket *newsock, int flags, 1376 bool kern) 1377 { 1378 struct sk_buff *skb; 1379 struct sock *newsk; 1380 DEFINE_WAIT(wait); 1381 struct sock *sk; 1382 int err = 0; 1383 1384 if (sock->state != SS_UNCONNECTED) 1385 return -EINVAL; 1386 1387 if ((sk = sock->sk) == NULL) 1388 return -EINVAL; 1389 1390 lock_sock(sk); 1391 if (sk->sk_type != SOCK_SEQPACKET) { 1392 err = -EOPNOTSUPP; 1393 goto out; 1394 } 1395 1396 if (sk->sk_state != TCP_LISTEN) { 1397 err = -EINVAL; 1398 goto out; 1399 } 1400 1401 /* 1402 * The read queue this time is holding sockets ready to use 1403 * hooked into the SABM we saved 1404 */ 1405 for (;;) { 1406 prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE); 1407 skb = skb_dequeue(&sk->sk_receive_queue); 1408 if (skb) 1409 break; 1410 1411 if (flags & O_NONBLOCK) { 1412 err = -EWOULDBLOCK; 1413 break; 1414 } 1415 if (!signal_pending(current)) { 1416 release_sock(sk); 1417 schedule(); 1418 lock_sock(sk); 1419 continue; 1420 } 1421 err = -ERESTARTSYS; 1422 break; 1423 } 1424 finish_wait(sk_sleep(sk), &wait); 1425 1426 if (err) 1427 goto out; 1428 1429 newsk = skb->sk; 1430 sock_graft(newsk, newsock); 1431 1432 /* Now attach up the new socket */ 1433 kfree_skb(skb); 1434 sk_acceptq_removed(sk); 1435 newsock->state = SS_CONNECTED; 1436 1437 out: 1438 release_sock(sk); 1439 1440 return err; 1441 } 1442 1443 static int ax25_getname(struct socket *sock, struct sockaddr *uaddr, 1444 int peer) 1445 { 1446 struct full_sockaddr_ax25 *fsa = (struct full_sockaddr_ax25 *)uaddr; 1447 struct sock *sk = sock->sk; 1448 unsigned char ndigi, i; 1449 ax25_cb *ax25; 1450 int err = 0; 1451 1452 memset(fsa, 0, sizeof(*fsa)); 1453 lock_sock(sk); 1454 ax25 = sk_to_ax25(sk); 1455 1456 if (peer != 0) { 1457 if (sk->sk_state != TCP_ESTABLISHED) { 1458 err = -ENOTCONN; 1459 goto out; 1460 } 1461 1462 fsa->fsa_ax25.sax25_family = AF_AX25; 1463 fsa->fsa_ax25.sax25_call = ax25->dest_addr; 1464 1465 if (ax25->digipeat != NULL) { 1466 ndigi = ax25->digipeat->ndigi; 1467 fsa->fsa_ax25.sax25_ndigis = ndigi; 1468 for (i = 0; i < ndigi; i++) 1469 fsa->fsa_digipeater[i] = 1470 ax25->digipeat->calls[i]; 1471 } 1472 } else { 1473 fsa->fsa_ax25.sax25_family = AF_AX25; 1474 fsa->fsa_ax25.sax25_call = ax25->source_addr; 1475 fsa->fsa_ax25.sax25_ndigis = 1; 1476 if (ax25->ax25_dev != NULL) { 1477 memcpy(&fsa->fsa_digipeater[0], 1478 ax25->ax25_dev->dev->dev_addr, AX25_ADDR_LEN); 1479 } else { 1480 fsa->fsa_digipeater[0] = null_ax25_address; 1481 } 1482 } 1483 err = sizeof (struct full_sockaddr_ax25); 1484 1485 out: 1486 release_sock(sk); 1487 1488 return err; 1489 } 1490 1491 static int ax25_sendmsg(struct socket *sock, struct msghdr *msg, size_t len) 1492 { 1493 DECLARE_SOCKADDR(struct sockaddr_ax25 *, usax, msg->msg_name); 1494 struct sock *sk = sock->sk; 1495 struct sockaddr_ax25 sax; 1496 struct sk_buff *skb; 1497 ax25_digi dtmp, *dp; 1498 ax25_cb *ax25; 1499 size_t size; 1500 int lv, err, addr_len = msg->msg_namelen; 1501 1502 if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_EOR|MSG_CMSG_COMPAT)) 1503 return -EINVAL; 1504 1505 lock_sock(sk); 1506 ax25 = sk_to_ax25(sk); 1507 1508 if (sock_flag(sk, SOCK_ZAPPED)) { 1509 err = -EADDRNOTAVAIL; 1510 goto out; 1511 } 1512 1513 if (sk->sk_shutdown & SEND_SHUTDOWN) { 1514 send_sig(SIGPIPE, current, 0); 1515 err = -EPIPE; 1516 goto out; 1517 } 1518 1519 if (ax25->ax25_dev == NULL) { 1520 err = -ENETUNREACH; 1521 goto out; 1522 } 1523 1524 if (len > ax25->ax25_dev->dev->mtu) { 1525 err = -EMSGSIZE; 1526 goto out; 1527 } 1528 1529 if (usax != NULL) { 1530 if (usax->sax25_family != AF_AX25) { 1531 err = -EINVAL; 1532 goto out; 1533 } 1534 1535 if (addr_len == sizeof(struct sockaddr_ax25)) 1536 /* ax25_sendmsg(): uses obsolete socket structure */ 1537 ; 1538 else if (addr_len != sizeof(struct full_sockaddr_ax25)) 1539 /* support for old structure may go away some time 1540 * ax25_sendmsg(): uses old (6 digipeater) 1541 * socket structure. 1542 */ 1543 if ((addr_len < sizeof(struct sockaddr_ax25) + sizeof(ax25_address) * 6) || 1544 (addr_len > sizeof(struct full_sockaddr_ax25))) { 1545 err = -EINVAL; 1546 goto out; 1547 } 1548 1549 1550 if (addr_len > sizeof(struct sockaddr_ax25) && usax->sax25_ndigis != 0) { 1551 int ct = 0; 1552 struct full_sockaddr_ax25 *fsa = (struct full_sockaddr_ax25 *)usax; 1553 1554 /* Valid number of digipeaters ? */ 1555 if (usax->sax25_ndigis < 1 || 1556 usax->sax25_ndigis > AX25_MAX_DIGIS || 1557 addr_len < sizeof(struct sockaddr_ax25) + 1558 sizeof(ax25_address) * usax->sax25_ndigis) { 1559 err = -EINVAL; 1560 goto out; 1561 } 1562 1563 dtmp.ndigi = usax->sax25_ndigis; 1564 1565 while (ct < usax->sax25_ndigis) { 1566 dtmp.repeated[ct] = 0; 1567 dtmp.calls[ct] = fsa->fsa_digipeater[ct]; 1568 ct++; 1569 } 1570 1571 dtmp.lastrepeat = 0; 1572 } 1573 1574 sax = *usax; 1575 if (sk->sk_type == SOCK_SEQPACKET && 1576 ax25cmp(&ax25->dest_addr, &sax.sax25_call)) { 1577 err = -EISCONN; 1578 goto out; 1579 } 1580 if (usax->sax25_ndigis == 0) 1581 dp = NULL; 1582 else 1583 dp = &dtmp; 1584 } else { 1585 /* 1586 * FIXME: 1003.1g - if the socket is like this because 1587 * it has become closed (not started closed) and is VC 1588 * we ought to SIGPIPE, EPIPE 1589 */ 1590 if (sk->sk_state != TCP_ESTABLISHED) { 1591 err = -ENOTCONN; 1592 goto out; 1593 } 1594 sax.sax25_family = AF_AX25; 1595 sax.sax25_call = ax25->dest_addr; 1596 dp = ax25->digipeat; 1597 } 1598 1599 /* Build a packet */ 1600 /* Assume the worst case */ 1601 size = len + ax25->ax25_dev->dev->hard_header_len; 1602 1603 skb = sock_alloc_send_skb(sk, size, msg->msg_flags&MSG_DONTWAIT, &err); 1604 if (skb == NULL) 1605 goto out; 1606 1607 skb_reserve(skb, size - len); 1608 1609 /* User data follows immediately after the AX.25 data */ 1610 if (memcpy_from_msg(skb_put(skb, len), msg, len)) { 1611 err = -EFAULT; 1612 kfree_skb(skb); 1613 goto out; 1614 } 1615 1616 skb_reset_network_header(skb); 1617 1618 /* Add the PID if one is not supplied by the user in the skb */ 1619 if (!ax25->pidincl) 1620 *(u8 *)skb_push(skb, 1) = sk->sk_protocol; 1621 1622 if (sk->sk_type == SOCK_SEQPACKET) { 1623 /* Connected mode sockets go via the LAPB machine */ 1624 if (sk->sk_state != TCP_ESTABLISHED) { 1625 kfree_skb(skb); 1626 err = -ENOTCONN; 1627 goto out; 1628 } 1629 1630 /* Shove it onto the queue and kick */ 1631 ax25_output(ax25, ax25->paclen, skb); 1632 1633 err = len; 1634 goto out; 1635 } 1636 1637 skb_push(skb, 1 + ax25_addr_size(dp)); 1638 1639 /* Building AX.25 Header */ 1640 1641 /* Build an AX.25 header */ 1642 lv = ax25_addr_build(skb->data, &ax25->source_addr, &sax.sax25_call, 1643 dp, AX25_COMMAND, AX25_MODULUS); 1644 1645 skb_set_transport_header(skb, lv); 1646 1647 *skb_transport_header(skb) = AX25_UI; 1648 1649 /* Datagram frames go straight out of the door as UI */ 1650 ax25_queue_xmit(skb, ax25->ax25_dev->dev); 1651 1652 err = len; 1653 1654 out: 1655 release_sock(sk); 1656 1657 return err; 1658 } 1659 1660 static int ax25_recvmsg(struct socket *sock, struct msghdr *msg, size_t size, 1661 int flags) 1662 { 1663 struct sock *sk = sock->sk; 1664 struct sk_buff *skb; 1665 int copied; 1666 int err = 0; 1667 1668 lock_sock(sk); 1669 /* 1670 * This works for seqpacket too. The receiver has ordered the 1671 * queue for us! We do one quick check first though 1672 */ 1673 if (sk->sk_type == SOCK_SEQPACKET && sk->sk_state != TCP_ESTABLISHED) { 1674 err = -ENOTCONN; 1675 goto out; 1676 } 1677 1678 /* Now we can treat all alike */ 1679 skb = skb_recv_datagram(sk, flags, &err); 1680 if (skb == NULL) 1681 goto out; 1682 1683 if (!sk_to_ax25(sk)->pidincl) 1684 skb_pull(skb, 1); /* Remove PID */ 1685 1686 skb_reset_transport_header(skb); 1687 copied = skb->len; 1688 1689 if (copied > size) { 1690 copied = size; 1691 msg->msg_flags |= MSG_TRUNC; 1692 } 1693 1694 skb_copy_datagram_msg(skb, 0, msg, copied); 1695 1696 if (msg->msg_name) { 1697 ax25_digi digi; 1698 ax25_address src; 1699 const unsigned char *mac = skb_mac_header(skb); 1700 DECLARE_SOCKADDR(struct sockaddr_ax25 *, sax, msg->msg_name); 1701 1702 memset(sax, 0, sizeof(struct full_sockaddr_ax25)); 1703 ax25_addr_parse(mac + 1, skb->data - mac - 1, &src, NULL, 1704 &digi, NULL, NULL); 1705 sax->sax25_family = AF_AX25; 1706 /* We set this correctly, even though we may not let the 1707 application know the digi calls further down (because it 1708 did NOT ask to know them). This could get political... **/ 1709 sax->sax25_ndigis = digi.ndigi; 1710 sax->sax25_call = src; 1711 1712 if (sax->sax25_ndigis != 0) { 1713 int ct; 1714 struct full_sockaddr_ax25 *fsa = (struct full_sockaddr_ax25 *)sax; 1715 1716 for (ct = 0; ct < digi.ndigi; ct++) 1717 fsa->fsa_digipeater[ct] = digi.calls[ct]; 1718 } 1719 msg->msg_namelen = sizeof(struct full_sockaddr_ax25); 1720 } 1721 1722 skb_free_datagram(sk, skb); 1723 err = copied; 1724 1725 out: 1726 release_sock(sk); 1727 1728 return err; 1729 } 1730 1731 static int ax25_shutdown(struct socket *sk, int how) 1732 { 1733 /* FIXME - generate DM and RNR states */ 1734 return -EOPNOTSUPP; 1735 } 1736 1737 static int ax25_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) 1738 { 1739 struct sock *sk = sock->sk; 1740 void __user *argp = (void __user *)arg; 1741 int res = 0; 1742 1743 lock_sock(sk); 1744 switch (cmd) { 1745 case TIOCOUTQ: { 1746 long amount; 1747 1748 amount = sk->sk_sndbuf - sk_wmem_alloc_get(sk); 1749 if (amount < 0) 1750 amount = 0; 1751 res = put_user(amount, (int __user *)argp); 1752 break; 1753 } 1754 1755 case TIOCINQ: { 1756 struct sk_buff *skb; 1757 long amount = 0L; 1758 /* These two are safe on a single CPU system as only user tasks fiddle here */ 1759 if ((skb = skb_peek(&sk->sk_receive_queue)) != NULL) 1760 amount = skb->len; 1761 res = put_user(amount, (int __user *) argp); 1762 break; 1763 } 1764 1765 case SIOCAX25ADDUID: /* Add a uid to the uid/call map table */ 1766 case SIOCAX25DELUID: /* Delete a uid from the uid/call map table */ 1767 case SIOCAX25GETUID: { 1768 struct sockaddr_ax25 sax25; 1769 if (copy_from_user(&sax25, argp, sizeof(sax25))) { 1770 res = -EFAULT; 1771 break; 1772 } 1773 res = ax25_uid_ioctl(cmd, &sax25); 1774 break; 1775 } 1776 1777 case SIOCAX25NOUID: { /* Set the default policy (default/bar) */ 1778 long amount; 1779 if (!capable(CAP_NET_ADMIN)) { 1780 res = -EPERM; 1781 break; 1782 } 1783 if (get_user(amount, (long __user *)argp)) { 1784 res = -EFAULT; 1785 break; 1786 } 1787 if (amount < 0 || amount > AX25_NOUID_BLOCK) { 1788 res = -EINVAL; 1789 break; 1790 } 1791 ax25_uid_policy = amount; 1792 res = 0; 1793 break; 1794 } 1795 1796 case SIOCADDRT: 1797 case SIOCDELRT: 1798 case SIOCAX25OPTRT: 1799 if (!capable(CAP_NET_ADMIN)) { 1800 res = -EPERM; 1801 break; 1802 } 1803 res = ax25_rt_ioctl(cmd, argp); 1804 break; 1805 1806 case SIOCAX25CTLCON: 1807 if (!capable(CAP_NET_ADMIN)) { 1808 res = -EPERM; 1809 break; 1810 } 1811 res = ax25_ctl_ioctl(cmd, argp); 1812 break; 1813 1814 case SIOCAX25GETINFO: 1815 case SIOCAX25GETINFOOLD: { 1816 ax25_cb *ax25 = sk_to_ax25(sk); 1817 struct ax25_info_struct ax25_info; 1818 1819 ax25_info.t1 = ax25->t1 / HZ; 1820 ax25_info.t2 = ax25->t2 / HZ; 1821 ax25_info.t3 = ax25->t3 / HZ; 1822 ax25_info.idle = ax25->idle / (60 * HZ); 1823 ax25_info.n2 = ax25->n2; 1824 ax25_info.t1timer = ax25_display_timer(&ax25->t1timer) / HZ; 1825 ax25_info.t2timer = ax25_display_timer(&ax25->t2timer) / HZ; 1826 ax25_info.t3timer = ax25_display_timer(&ax25->t3timer) / HZ; 1827 ax25_info.idletimer = ax25_display_timer(&ax25->idletimer) / (60 * HZ); 1828 ax25_info.n2count = ax25->n2count; 1829 ax25_info.state = ax25->state; 1830 ax25_info.rcv_q = sk_rmem_alloc_get(sk); 1831 ax25_info.snd_q = sk_wmem_alloc_get(sk); 1832 ax25_info.vs = ax25->vs; 1833 ax25_info.vr = ax25->vr; 1834 ax25_info.va = ax25->va; 1835 ax25_info.vs_max = ax25->vs; /* reserved */ 1836 ax25_info.paclen = ax25->paclen; 1837 ax25_info.window = ax25->window; 1838 1839 /* old structure? */ 1840 if (cmd == SIOCAX25GETINFOOLD) { 1841 static int warned = 0; 1842 if (!warned) { 1843 printk(KERN_INFO "%s uses old SIOCAX25GETINFO\n", 1844 current->comm); 1845 warned=1; 1846 } 1847 1848 if (copy_to_user(argp, &ax25_info, sizeof(struct ax25_info_struct_deprecated))) { 1849 res = -EFAULT; 1850 break; 1851 } 1852 } else { 1853 if (copy_to_user(argp, &ax25_info, sizeof(struct ax25_info_struct))) { 1854 res = -EINVAL; 1855 break; 1856 } 1857 } 1858 res = 0; 1859 break; 1860 } 1861 1862 case SIOCAX25ADDFWD: 1863 case SIOCAX25DELFWD: { 1864 struct ax25_fwd_struct ax25_fwd; 1865 if (!capable(CAP_NET_ADMIN)) { 1866 res = -EPERM; 1867 break; 1868 } 1869 if (copy_from_user(&ax25_fwd, argp, sizeof(ax25_fwd))) { 1870 res = -EFAULT; 1871 break; 1872 } 1873 res = ax25_fwd_ioctl(cmd, &ax25_fwd); 1874 break; 1875 } 1876 1877 case SIOCGIFADDR: 1878 case SIOCSIFADDR: 1879 case SIOCGIFDSTADDR: 1880 case SIOCSIFDSTADDR: 1881 case SIOCGIFBRDADDR: 1882 case SIOCSIFBRDADDR: 1883 case SIOCGIFNETMASK: 1884 case SIOCSIFNETMASK: 1885 case SIOCGIFMETRIC: 1886 case SIOCSIFMETRIC: 1887 res = -EINVAL; 1888 break; 1889 1890 default: 1891 res = -ENOIOCTLCMD; 1892 break; 1893 } 1894 release_sock(sk); 1895 1896 return res; 1897 } 1898 1899 #ifdef CONFIG_PROC_FS 1900 1901 static void *ax25_info_start(struct seq_file *seq, loff_t *pos) 1902 __acquires(ax25_list_lock) 1903 { 1904 spin_lock_bh(&ax25_list_lock); 1905 return seq_hlist_start(&ax25_list, *pos); 1906 } 1907 1908 static void *ax25_info_next(struct seq_file *seq, void *v, loff_t *pos) 1909 { 1910 return seq_hlist_next(v, &ax25_list, pos); 1911 } 1912 1913 static void ax25_info_stop(struct seq_file *seq, void *v) 1914 __releases(ax25_list_lock) 1915 { 1916 spin_unlock_bh(&ax25_list_lock); 1917 } 1918 1919 static int ax25_info_show(struct seq_file *seq, void *v) 1920 { 1921 ax25_cb *ax25 = hlist_entry(v, struct ax25_cb, ax25_node); 1922 char buf[11]; 1923 int k; 1924 1925 1926 /* 1927 * New format: 1928 * magic dev src_addr dest_addr,digi1,digi2,.. st vs vr va t1 t1 t2 t2 t3 t3 idle idle n2 n2 rtt window paclen Snd-Q Rcv-Q inode 1929 */ 1930 1931 seq_printf(seq, "%p %s %s%s ", 1932 ax25, 1933 ax25->ax25_dev == NULL? "???" : ax25->ax25_dev->dev->name, 1934 ax2asc(buf, &ax25->source_addr), 1935 ax25->iamdigi? "*":""); 1936 seq_printf(seq, "%s", ax2asc(buf, &ax25->dest_addr)); 1937 1938 for (k=0; (ax25->digipeat != NULL) && (k < ax25->digipeat->ndigi); k++) { 1939 seq_printf(seq, ",%s%s", 1940 ax2asc(buf, &ax25->digipeat->calls[k]), 1941 ax25->digipeat->repeated[k]? "*":""); 1942 } 1943 1944 seq_printf(seq, " %d %d %d %d %lu %lu %lu %lu %lu %lu %lu %lu %d %d %lu %d %d", 1945 ax25->state, 1946 ax25->vs, ax25->vr, ax25->va, 1947 ax25_display_timer(&ax25->t1timer) / HZ, ax25->t1 / HZ, 1948 ax25_display_timer(&ax25->t2timer) / HZ, ax25->t2 / HZ, 1949 ax25_display_timer(&ax25->t3timer) / HZ, ax25->t3 / HZ, 1950 ax25_display_timer(&ax25->idletimer) / (60 * HZ), 1951 ax25->idle / (60 * HZ), 1952 ax25->n2count, ax25->n2, 1953 ax25->rtt / HZ, 1954 ax25->window, 1955 ax25->paclen); 1956 1957 if (ax25->sk != NULL) { 1958 seq_printf(seq, " %d %d %lu\n", 1959 sk_wmem_alloc_get(ax25->sk), 1960 sk_rmem_alloc_get(ax25->sk), 1961 sock_i_ino(ax25->sk)); 1962 } else { 1963 seq_puts(seq, " * * *\n"); 1964 } 1965 return 0; 1966 } 1967 1968 static const struct seq_operations ax25_info_seqops = { 1969 .start = ax25_info_start, 1970 .next = ax25_info_next, 1971 .stop = ax25_info_stop, 1972 .show = ax25_info_show, 1973 }; 1974 #endif 1975 1976 static const struct net_proto_family ax25_family_ops = { 1977 .family = PF_AX25, 1978 .create = ax25_create, 1979 .owner = THIS_MODULE, 1980 }; 1981 1982 static const struct proto_ops ax25_proto_ops = { 1983 .family = PF_AX25, 1984 .owner = THIS_MODULE, 1985 .release = ax25_release, 1986 .bind = ax25_bind, 1987 .connect = ax25_connect, 1988 .socketpair = sock_no_socketpair, 1989 .accept = ax25_accept, 1990 .getname = ax25_getname, 1991 .poll = datagram_poll, 1992 .ioctl = ax25_ioctl, 1993 .gettstamp = sock_gettstamp, 1994 .listen = ax25_listen, 1995 .shutdown = ax25_shutdown, 1996 .setsockopt = ax25_setsockopt, 1997 .getsockopt = ax25_getsockopt, 1998 .sendmsg = ax25_sendmsg, 1999 .recvmsg = ax25_recvmsg, 2000 .mmap = sock_no_mmap, 2001 .sendpage = sock_no_sendpage, 2002 }; 2003 2004 /* 2005 * Called by socket.c on kernel start up 2006 */ 2007 static struct packet_type ax25_packet_type __read_mostly = { 2008 .type = cpu_to_be16(ETH_P_AX25), 2009 .func = ax25_kiss_rcv, 2010 }; 2011 2012 static struct notifier_block ax25_dev_notifier = { 2013 .notifier_call = ax25_device_event, 2014 }; 2015 2016 static int __init ax25_init(void) 2017 { 2018 int rc = proto_register(&ax25_proto, 0); 2019 2020 if (rc != 0) 2021 goto out; 2022 2023 sock_register(&ax25_family_ops); 2024 dev_add_pack(&ax25_packet_type); 2025 register_netdevice_notifier(&ax25_dev_notifier); 2026 2027 proc_create_seq("ax25_route", 0444, init_net.proc_net, &ax25_rt_seqops); 2028 proc_create_seq("ax25", 0444, init_net.proc_net, &ax25_info_seqops); 2029 proc_create_seq("ax25_calls", 0444, init_net.proc_net, 2030 &ax25_uid_seqops); 2031 out: 2032 return rc; 2033 } 2034 module_init(ax25_init); 2035 2036 2037 MODULE_AUTHOR("Jonathan Naylor G4KLX <g4klx@g4klx.demon.co.uk>"); 2038 MODULE_DESCRIPTION("The amateur radio AX.25 link layer protocol"); 2039 MODULE_LICENSE("GPL"); 2040 MODULE_ALIAS_NETPROTO(PF_AX25); 2041 2042 static void __exit ax25_exit(void) 2043 { 2044 remove_proc_entry("ax25_route", init_net.proc_net); 2045 remove_proc_entry("ax25", init_net.proc_net); 2046 remove_proc_entry("ax25_calls", init_net.proc_net); 2047 2048 unregister_netdevice_notifier(&ax25_dev_notifier); 2049 2050 dev_remove_pack(&ax25_packet_type); 2051 2052 sock_unregister(PF_AX25); 2053 proto_unregister(&ax25_proto); 2054 2055 ax25_rt_free(); 2056 ax25_uid_free(); 2057 ax25_dev_free(); 2058 } 2059 module_exit(ax25_exit); 2060