1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * 4 * Copyright Jonathan Naylor G4KLX (g4klx@g4klx.demon.co.uk) 5 * Copyright Alan Cox GW4PTS (alan@lxorguk.ukuu.org.uk) 6 * Copyright Darryl Miles G7LED (dlm@g7led.demon.co.uk) 7 */ 8 #include <linux/module.h> 9 #include <linux/moduleparam.h> 10 #include <linux/capability.h> 11 #include <linux/errno.h> 12 #include <linux/types.h> 13 #include <linux/socket.h> 14 #include <linux/in.h> 15 #include <linux/slab.h> 16 #include <linux/kernel.h> 17 #include <linux/sched/signal.h> 18 #include <linux/timer.h> 19 #include <linux/string.h> 20 #include <linux/sockios.h> 21 #include <linux/net.h> 22 #include <linux/stat.h> 23 #include <net/ax25.h> 24 #include <linux/inet.h> 25 #include <linux/netdevice.h> 26 #include <linux/if_arp.h> 27 #include <linux/skbuff.h> 28 #include <net/net_namespace.h> 29 #include <net/sock.h> 30 #include <linux/uaccess.h> 31 #include <linux/fcntl.h> 32 #include <linux/termios.h> /* For TIOCINQ/OUTQ */ 33 #include <linux/mm.h> 34 #include <linux/interrupt.h> 35 #include <linux/notifier.h> 36 #include <net/netrom.h> 37 #include <linux/proc_fs.h> 38 #include <linux/seq_file.h> 39 #include <net/ip.h> 40 #include <net/tcp_states.h> 41 #include <net/arp.h> 42 #include <linux/init.h> 43 44 static int nr_ndevs = 4; 45 46 int sysctl_netrom_default_path_quality = NR_DEFAULT_QUAL; 47 int sysctl_netrom_obsolescence_count_initialiser = NR_DEFAULT_OBS; 48 int sysctl_netrom_network_ttl_initialiser = NR_DEFAULT_TTL; 49 int sysctl_netrom_transport_timeout = NR_DEFAULT_T1; 50 int sysctl_netrom_transport_maximum_tries = NR_DEFAULT_N2; 51 int sysctl_netrom_transport_acknowledge_delay = NR_DEFAULT_T2; 52 int sysctl_netrom_transport_busy_delay = NR_DEFAULT_T4; 53 int sysctl_netrom_transport_requested_window_size = NR_DEFAULT_WINDOW; 54 int sysctl_netrom_transport_no_activity_timeout = NR_DEFAULT_IDLE; 55 int sysctl_netrom_routing_control = NR_DEFAULT_ROUTING; 56 int sysctl_netrom_link_fails_count = NR_DEFAULT_FAILS; 57 int sysctl_netrom_reset_circuit = NR_DEFAULT_RESET; 58 59 static unsigned short circuit = 0x101; 60 61 static HLIST_HEAD(nr_list); 62 static DEFINE_SPINLOCK(nr_list_lock); 63 64 static const struct proto_ops nr_proto_ops; 65 66 /* 67 * Socket removal during an interrupt is now safe. 68 */ 69 static void nr_remove_socket(struct sock *sk) 70 { 71 spin_lock_bh(&nr_list_lock); 72 sk_del_node_init(sk); 73 spin_unlock_bh(&nr_list_lock); 74 } 75 76 /* 77 * Kill all bound sockets on a dropped device. 78 */ 79 static void nr_kill_by_device(struct net_device *dev) 80 { 81 struct sock *s; 82 83 spin_lock_bh(&nr_list_lock); 84 sk_for_each(s, &nr_list) 85 if (nr_sk(s)->device == dev) 86 nr_disconnect(s, ENETUNREACH); 87 spin_unlock_bh(&nr_list_lock); 88 } 89 90 /* 91 * Handle device status changes. 92 */ 93 static int nr_device_event(struct notifier_block *this, unsigned long event, void *ptr) 94 { 95 struct net_device *dev = netdev_notifier_info_to_dev(ptr); 96 97 if (!net_eq(dev_net(dev), &init_net)) 98 return NOTIFY_DONE; 99 100 if (event != NETDEV_DOWN) 101 return NOTIFY_DONE; 102 103 nr_kill_by_device(dev); 104 nr_rt_device_down(dev); 105 106 return NOTIFY_DONE; 107 } 108 109 /* 110 * Add a socket to the bound sockets list. 111 */ 112 static void nr_insert_socket(struct sock *sk) 113 { 114 spin_lock_bh(&nr_list_lock); 115 sk_add_node(sk, &nr_list); 116 spin_unlock_bh(&nr_list_lock); 117 } 118 119 /* 120 * Find a socket that wants to accept the Connect Request we just 121 * received. 122 */ 123 static struct sock *nr_find_listener(ax25_address *addr) 124 { 125 struct sock *s; 126 127 spin_lock_bh(&nr_list_lock); 128 sk_for_each(s, &nr_list) 129 if (!ax25cmp(&nr_sk(s)->source_addr, addr) && 130 s->sk_state == TCP_LISTEN) { 131 sock_hold(s); 132 goto found; 133 } 134 s = NULL; 135 found: 136 spin_unlock_bh(&nr_list_lock); 137 return s; 138 } 139 140 /* 141 * Find a connected NET/ROM socket given my circuit IDs. 142 */ 143 static struct sock *nr_find_socket(unsigned char index, unsigned char id) 144 { 145 struct sock *s; 146 147 spin_lock_bh(&nr_list_lock); 148 sk_for_each(s, &nr_list) { 149 struct nr_sock *nr = nr_sk(s); 150 151 if (nr->my_index == index && nr->my_id == id) { 152 sock_hold(s); 153 goto found; 154 } 155 } 156 s = NULL; 157 found: 158 spin_unlock_bh(&nr_list_lock); 159 return s; 160 } 161 162 /* 163 * Find a connected NET/ROM socket given their circuit IDs. 164 */ 165 static struct sock *nr_find_peer(unsigned char index, unsigned char id, 166 ax25_address *dest) 167 { 168 struct sock *s; 169 170 spin_lock_bh(&nr_list_lock); 171 sk_for_each(s, &nr_list) { 172 struct nr_sock *nr = nr_sk(s); 173 174 if (nr->your_index == index && nr->your_id == id && 175 !ax25cmp(&nr->dest_addr, dest)) { 176 sock_hold(s); 177 goto found; 178 } 179 } 180 s = NULL; 181 found: 182 spin_unlock_bh(&nr_list_lock); 183 return s; 184 } 185 186 /* 187 * Find next free circuit ID. 188 */ 189 static unsigned short nr_find_next_circuit(void) 190 { 191 unsigned short id = circuit; 192 unsigned char i, j; 193 struct sock *sk; 194 195 for (;;) { 196 i = id / 256; 197 j = id % 256; 198 199 if (i != 0 && j != 0) { 200 if ((sk=nr_find_socket(i, j)) == NULL) 201 break; 202 sock_put(sk); 203 } 204 205 id++; 206 } 207 208 return id; 209 } 210 211 /* 212 * Deferred destroy. 213 */ 214 void nr_destroy_socket(struct sock *); 215 216 /* 217 * Handler for deferred kills. 218 */ 219 static void nr_destroy_timer(struct timer_list *t) 220 { 221 struct sock *sk = from_timer(sk, t, sk_timer); 222 bh_lock_sock(sk); 223 sock_hold(sk); 224 nr_destroy_socket(sk); 225 bh_unlock_sock(sk); 226 sock_put(sk); 227 } 228 229 /* 230 * This is called from user mode and the timers. Thus it protects itself 231 * against interrupt users but doesn't worry about being called during 232 * work. Once it is removed from the queue no interrupt or bottom half 233 * will touch it and we are (fairly 8-) ) safe. 234 */ 235 void nr_destroy_socket(struct sock *sk) 236 { 237 struct sk_buff *skb; 238 239 nr_remove_socket(sk); 240 241 nr_stop_heartbeat(sk); 242 nr_stop_t1timer(sk); 243 nr_stop_t2timer(sk); 244 nr_stop_t4timer(sk); 245 nr_stop_idletimer(sk); 246 247 nr_clear_queues(sk); /* Flush the queues */ 248 249 while ((skb = skb_dequeue(&sk->sk_receive_queue)) != NULL) { 250 if (skb->sk != sk) { /* A pending connection */ 251 /* Queue the unaccepted socket for death */ 252 sock_set_flag(skb->sk, SOCK_DEAD); 253 nr_start_heartbeat(skb->sk); 254 nr_sk(skb->sk)->state = NR_STATE_0; 255 } 256 257 kfree_skb(skb); 258 } 259 260 if (sk_has_allocations(sk)) { 261 /* Defer: outstanding buffers */ 262 sk->sk_timer.function = nr_destroy_timer; 263 sk->sk_timer.expires = jiffies + 2 * HZ; 264 add_timer(&sk->sk_timer); 265 } else 266 sock_put(sk); 267 } 268 269 /* 270 * Handling for system calls applied via the various interfaces to a 271 * NET/ROM socket object. 272 */ 273 274 static int nr_setsockopt(struct socket *sock, int level, int optname, 275 char __user *optval, unsigned int optlen) 276 { 277 struct sock *sk = sock->sk; 278 struct nr_sock *nr = nr_sk(sk); 279 unsigned long opt; 280 281 if (level != SOL_NETROM) 282 return -ENOPROTOOPT; 283 284 if (optlen < sizeof(unsigned int)) 285 return -EINVAL; 286 287 if (get_user(opt, (unsigned int __user *)optval)) 288 return -EFAULT; 289 290 switch (optname) { 291 case NETROM_T1: 292 if (opt < 1 || opt > ULONG_MAX / HZ) 293 return -EINVAL; 294 nr->t1 = opt * HZ; 295 return 0; 296 297 case NETROM_T2: 298 if (opt < 1 || opt > ULONG_MAX / HZ) 299 return -EINVAL; 300 nr->t2 = opt * HZ; 301 return 0; 302 303 case NETROM_N2: 304 if (opt < 1 || opt > 31) 305 return -EINVAL; 306 nr->n2 = opt; 307 return 0; 308 309 case NETROM_T4: 310 if (opt < 1 || opt > ULONG_MAX / HZ) 311 return -EINVAL; 312 nr->t4 = opt * HZ; 313 return 0; 314 315 case NETROM_IDLE: 316 if (opt > ULONG_MAX / (60 * HZ)) 317 return -EINVAL; 318 nr->idle = opt * 60 * HZ; 319 return 0; 320 321 default: 322 return -ENOPROTOOPT; 323 } 324 } 325 326 static int nr_getsockopt(struct socket *sock, int level, int optname, 327 char __user *optval, int __user *optlen) 328 { 329 struct sock *sk = sock->sk; 330 struct nr_sock *nr = nr_sk(sk); 331 int val = 0; 332 int len; 333 334 if (level != SOL_NETROM) 335 return -ENOPROTOOPT; 336 337 if (get_user(len, optlen)) 338 return -EFAULT; 339 340 if (len < 0) 341 return -EINVAL; 342 343 switch (optname) { 344 case NETROM_T1: 345 val = nr->t1 / HZ; 346 break; 347 348 case NETROM_T2: 349 val = nr->t2 / HZ; 350 break; 351 352 case NETROM_N2: 353 val = nr->n2; 354 break; 355 356 case NETROM_T4: 357 val = nr->t4 / HZ; 358 break; 359 360 case NETROM_IDLE: 361 val = nr->idle / (60 * HZ); 362 break; 363 364 default: 365 return -ENOPROTOOPT; 366 } 367 368 len = min_t(unsigned int, len, sizeof(int)); 369 370 if (put_user(len, optlen)) 371 return -EFAULT; 372 373 return copy_to_user(optval, &val, len) ? -EFAULT : 0; 374 } 375 376 static int nr_listen(struct socket *sock, int backlog) 377 { 378 struct sock *sk = sock->sk; 379 380 lock_sock(sk); 381 if (sk->sk_state != TCP_LISTEN) { 382 memset(&nr_sk(sk)->user_addr, 0, AX25_ADDR_LEN); 383 sk->sk_max_ack_backlog = backlog; 384 sk->sk_state = TCP_LISTEN; 385 release_sock(sk); 386 return 0; 387 } 388 release_sock(sk); 389 390 return -EOPNOTSUPP; 391 } 392 393 static struct proto nr_proto = { 394 .name = "NETROM", 395 .owner = THIS_MODULE, 396 .obj_size = sizeof(struct nr_sock), 397 }; 398 399 static int nr_create(struct net *net, struct socket *sock, int protocol, 400 int kern) 401 { 402 struct sock *sk; 403 struct nr_sock *nr; 404 405 if (!net_eq(net, &init_net)) 406 return -EAFNOSUPPORT; 407 408 if (sock->type != SOCK_SEQPACKET || protocol != 0) 409 return -ESOCKTNOSUPPORT; 410 411 sk = sk_alloc(net, PF_NETROM, GFP_ATOMIC, &nr_proto, kern); 412 if (sk == NULL) 413 return -ENOMEM; 414 415 nr = nr_sk(sk); 416 417 sock_init_data(sock, sk); 418 419 sock->ops = &nr_proto_ops; 420 sk->sk_protocol = protocol; 421 422 skb_queue_head_init(&nr->ack_queue); 423 skb_queue_head_init(&nr->reseq_queue); 424 skb_queue_head_init(&nr->frag_queue); 425 426 nr_init_timers(sk); 427 428 nr->t1 = 429 msecs_to_jiffies(sysctl_netrom_transport_timeout); 430 nr->t2 = 431 msecs_to_jiffies(sysctl_netrom_transport_acknowledge_delay); 432 nr->n2 = 433 msecs_to_jiffies(sysctl_netrom_transport_maximum_tries); 434 nr->t4 = 435 msecs_to_jiffies(sysctl_netrom_transport_busy_delay); 436 nr->idle = 437 msecs_to_jiffies(sysctl_netrom_transport_no_activity_timeout); 438 nr->window = sysctl_netrom_transport_requested_window_size; 439 440 nr->bpqext = 1; 441 nr->state = NR_STATE_0; 442 443 return 0; 444 } 445 446 static struct sock *nr_make_new(struct sock *osk) 447 { 448 struct sock *sk; 449 struct nr_sock *nr, *onr; 450 451 if (osk->sk_type != SOCK_SEQPACKET) 452 return NULL; 453 454 sk = sk_alloc(sock_net(osk), PF_NETROM, GFP_ATOMIC, osk->sk_prot, 0); 455 if (sk == NULL) 456 return NULL; 457 458 nr = nr_sk(sk); 459 460 sock_init_data(NULL, sk); 461 462 sk->sk_type = osk->sk_type; 463 sk->sk_priority = osk->sk_priority; 464 sk->sk_protocol = osk->sk_protocol; 465 sk->sk_rcvbuf = osk->sk_rcvbuf; 466 sk->sk_sndbuf = osk->sk_sndbuf; 467 sk->sk_state = TCP_ESTABLISHED; 468 sock_copy_flags(sk, osk); 469 470 skb_queue_head_init(&nr->ack_queue); 471 skb_queue_head_init(&nr->reseq_queue); 472 skb_queue_head_init(&nr->frag_queue); 473 474 nr_init_timers(sk); 475 476 onr = nr_sk(osk); 477 478 nr->t1 = onr->t1; 479 nr->t2 = onr->t2; 480 nr->n2 = onr->n2; 481 nr->t4 = onr->t4; 482 nr->idle = onr->idle; 483 nr->window = onr->window; 484 485 nr->device = onr->device; 486 nr->bpqext = onr->bpqext; 487 488 return sk; 489 } 490 491 static int nr_release(struct socket *sock) 492 { 493 struct sock *sk = sock->sk; 494 struct nr_sock *nr; 495 496 if (sk == NULL) return 0; 497 498 sock_hold(sk); 499 sock_orphan(sk); 500 lock_sock(sk); 501 nr = nr_sk(sk); 502 503 switch (nr->state) { 504 case NR_STATE_0: 505 case NR_STATE_1: 506 case NR_STATE_2: 507 nr_disconnect(sk, 0); 508 nr_destroy_socket(sk); 509 break; 510 511 case NR_STATE_3: 512 nr_clear_queues(sk); 513 nr->n2count = 0; 514 nr_write_internal(sk, NR_DISCREQ); 515 nr_start_t1timer(sk); 516 nr_stop_t2timer(sk); 517 nr_stop_t4timer(sk); 518 nr_stop_idletimer(sk); 519 nr->state = NR_STATE_2; 520 sk->sk_state = TCP_CLOSE; 521 sk->sk_shutdown |= SEND_SHUTDOWN; 522 sk->sk_state_change(sk); 523 sock_set_flag(sk, SOCK_DESTROY); 524 break; 525 526 default: 527 break; 528 } 529 530 sock->sk = NULL; 531 release_sock(sk); 532 sock_put(sk); 533 534 return 0; 535 } 536 537 static int nr_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) 538 { 539 struct sock *sk = sock->sk; 540 struct nr_sock *nr = nr_sk(sk); 541 struct full_sockaddr_ax25 *addr = (struct full_sockaddr_ax25 *)uaddr; 542 struct net_device *dev; 543 ax25_uid_assoc *user; 544 ax25_address *source; 545 546 lock_sock(sk); 547 if (!sock_flag(sk, SOCK_ZAPPED)) { 548 release_sock(sk); 549 return -EINVAL; 550 } 551 if (addr_len < sizeof(struct sockaddr_ax25) || addr_len > sizeof(struct full_sockaddr_ax25)) { 552 release_sock(sk); 553 return -EINVAL; 554 } 555 if (addr_len < (addr->fsa_ax25.sax25_ndigis * sizeof(ax25_address) + sizeof(struct sockaddr_ax25))) { 556 release_sock(sk); 557 return -EINVAL; 558 } 559 if (addr->fsa_ax25.sax25_family != AF_NETROM) { 560 release_sock(sk); 561 return -EINVAL; 562 } 563 if ((dev = nr_dev_get(&addr->fsa_ax25.sax25_call)) == NULL) { 564 release_sock(sk); 565 return -EADDRNOTAVAIL; 566 } 567 568 /* 569 * Only the super user can set an arbitrary user callsign. 570 */ 571 if (addr->fsa_ax25.sax25_ndigis == 1) { 572 if (!capable(CAP_NET_BIND_SERVICE)) { 573 dev_put(dev); 574 release_sock(sk); 575 return -EPERM; 576 } 577 nr->user_addr = addr->fsa_digipeater[0]; 578 nr->source_addr = addr->fsa_ax25.sax25_call; 579 } else { 580 source = &addr->fsa_ax25.sax25_call; 581 582 user = ax25_findbyuid(current_euid()); 583 if (user) { 584 nr->user_addr = user->call; 585 ax25_uid_put(user); 586 } else { 587 if (ax25_uid_policy && !capable(CAP_NET_BIND_SERVICE)) { 588 release_sock(sk); 589 dev_put(dev); 590 return -EPERM; 591 } 592 nr->user_addr = *source; 593 } 594 595 nr->source_addr = *source; 596 } 597 598 nr->device = dev; 599 nr_insert_socket(sk); 600 601 sock_reset_flag(sk, SOCK_ZAPPED); 602 dev_put(dev); 603 release_sock(sk); 604 605 return 0; 606 } 607 608 static int nr_connect(struct socket *sock, struct sockaddr *uaddr, 609 int addr_len, int flags) 610 { 611 struct sock *sk = sock->sk; 612 struct nr_sock *nr = nr_sk(sk); 613 struct sockaddr_ax25 *addr = (struct sockaddr_ax25 *)uaddr; 614 ax25_address *source = NULL; 615 ax25_uid_assoc *user; 616 struct net_device *dev; 617 int err = 0; 618 619 lock_sock(sk); 620 if (sk->sk_state == TCP_ESTABLISHED && sock->state == SS_CONNECTING) { 621 sock->state = SS_CONNECTED; 622 goto out_release; /* Connect completed during a ERESTARTSYS event */ 623 } 624 625 if (sk->sk_state == TCP_CLOSE && sock->state == SS_CONNECTING) { 626 sock->state = SS_UNCONNECTED; 627 err = -ECONNREFUSED; 628 goto out_release; 629 } 630 631 if (sk->sk_state == TCP_ESTABLISHED) { 632 err = -EISCONN; /* No reconnect on a seqpacket socket */ 633 goto out_release; 634 } 635 636 sk->sk_state = TCP_CLOSE; 637 sock->state = SS_UNCONNECTED; 638 639 if (addr_len != sizeof(struct sockaddr_ax25) && addr_len != sizeof(struct full_sockaddr_ax25)) { 640 err = -EINVAL; 641 goto out_release; 642 } 643 if (addr->sax25_family != AF_NETROM) { 644 err = -EINVAL; 645 goto out_release; 646 } 647 if (sock_flag(sk, SOCK_ZAPPED)) { /* Must bind first - autobinding in this may or may not work */ 648 sock_reset_flag(sk, SOCK_ZAPPED); 649 650 if ((dev = nr_dev_first()) == NULL) { 651 err = -ENETUNREACH; 652 goto out_release; 653 } 654 source = (ax25_address *)dev->dev_addr; 655 656 user = ax25_findbyuid(current_euid()); 657 if (user) { 658 nr->user_addr = user->call; 659 ax25_uid_put(user); 660 } else { 661 if (ax25_uid_policy && !capable(CAP_NET_ADMIN)) { 662 dev_put(dev); 663 err = -EPERM; 664 goto out_release; 665 } 666 nr->user_addr = *source; 667 } 668 669 nr->source_addr = *source; 670 nr->device = dev; 671 672 dev_put(dev); 673 nr_insert_socket(sk); /* Finish the bind */ 674 } 675 676 nr->dest_addr = addr->sax25_call; 677 678 release_sock(sk); 679 circuit = nr_find_next_circuit(); 680 lock_sock(sk); 681 682 nr->my_index = circuit / 256; 683 nr->my_id = circuit % 256; 684 685 circuit++; 686 687 /* Move to connecting socket, start sending Connect Requests */ 688 sock->state = SS_CONNECTING; 689 sk->sk_state = TCP_SYN_SENT; 690 691 nr_establish_data_link(sk); 692 693 nr->state = NR_STATE_1; 694 695 nr_start_heartbeat(sk); 696 697 /* Now the loop */ 698 if (sk->sk_state != TCP_ESTABLISHED && (flags & O_NONBLOCK)) { 699 err = -EINPROGRESS; 700 goto out_release; 701 } 702 703 /* 704 * A Connect Ack with Choke or timeout or failed routing will go to 705 * closed. 706 */ 707 if (sk->sk_state == TCP_SYN_SENT) { 708 DEFINE_WAIT(wait); 709 710 for (;;) { 711 prepare_to_wait(sk_sleep(sk), &wait, 712 TASK_INTERRUPTIBLE); 713 if (sk->sk_state != TCP_SYN_SENT) 714 break; 715 if (!signal_pending(current)) { 716 release_sock(sk); 717 schedule(); 718 lock_sock(sk); 719 continue; 720 } 721 err = -ERESTARTSYS; 722 break; 723 } 724 finish_wait(sk_sleep(sk), &wait); 725 if (err) 726 goto out_release; 727 } 728 729 if (sk->sk_state != TCP_ESTABLISHED) { 730 sock->state = SS_UNCONNECTED; 731 err = sock_error(sk); /* Always set at this point */ 732 goto out_release; 733 } 734 735 sock->state = SS_CONNECTED; 736 737 out_release: 738 release_sock(sk); 739 740 return err; 741 } 742 743 static int nr_accept(struct socket *sock, struct socket *newsock, int flags, 744 bool kern) 745 { 746 struct sk_buff *skb; 747 struct sock *newsk; 748 DEFINE_WAIT(wait); 749 struct sock *sk; 750 int err = 0; 751 752 if ((sk = sock->sk) == NULL) 753 return -EINVAL; 754 755 lock_sock(sk); 756 if (sk->sk_type != SOCK_SEQPACKET) { 757 err = -EOPNOTSUPP; 758 goto out_release; 759 } 760 761 if (sk->sk_state != TCP_LISTEN) { 762 err = -EINVAL; 763 goto out_release; 764 } 765 766 /* 767 * The write queue this time is holding sockets ready to use 768 * hooked into the SABM we saved 769 */ 770 for (;;) { 771 prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE); 772 skb = skb_dequeue(&sk->sk_receive_queue); 773 if (skb) 774 break; 775 776 if (flags & O_NONBLOCK) { 777 err = -EWOULDBLOCK; 778 break; 779 } 780 if (!signal_pending(current)) { 781 release_sock(sk); 782 schedule(); 783 lock_sock(sk); 784 continue; 785 } 786 err = -ERESTARTSYS; 787 break; 788 } 789 finish_wait(sk_sleep(sk), &wait); 790 if (err) 791 goto out_release; 792 793 newsk = skb->sk; 794 sock_graft(newsk, newsock); 795 796 /* Now attach up the new socket */ 797 kfree_skb(skb); 798 sk_acceptq_removed(sk); 799 800 out_release: 801 release_sock(sk); 802 803 return err; 804 } 805 806 static int nr_getname(struct socket *sock, struct sockaddr *uaddr, 807 int peer) 808 { 809 struct full_sockaddr_ax25 *sax = (struct full_sockaddr_ax25 *)uaddr; 810 struct sock *sk = sock->sk; 811 struct nr_sock *nr = nr_sk(sk); 812 int uaddr_len; 813 814 memset(&sax->fsa_ax25, 0, sizeof(struct sockaddr_ax25)); 815 816 lock_sock(sk); 817 if (peer != 0) { 818 if (sk->sk_state != TCP_ESTABLISHED) { 819 release_sock(sk); 820 return -ENOTCONN; 821 } 822 sax->fsa_ax25.sax25_family = AF_NETROM; 823 sax->fsa_ax25.sax25_ndigis = 1; 824 sax->fsa_ax25.sax25_call = nr->user_addr; 825 memset(sax->fsa_digipeater, 0, sizeof(sax->fsa_digipeater)); 826 sax->fsa_digipeater[0] = nr->dest_addr; 827 uaddr_len = sizeof(struct full_sockaddr_ax25); 828 } else { 829 sax->fsa_ax25.sax25_family = AF_NETROM; 830 sax->fsa_ax25.sax25_ndigis = 0; 831 sax->fsa_ax25.sax25_call = nr->source_addr; 832 uaddr_len = sizeof(struct sockaddr_ax25); 833 } 834 release_sock(sk); 835 836 return uaddr_len; 837 } 838 839 int nr_rx_frame(struct sk_buff *skb, struct net_device *dev) 840 { 841 struct sock *sk; 842 struct sock *make; 843 struct nr_sock *nr_make; 844 ax25_address *src, *dest, *user; 845 unsigned short circuit_index, circuit_id; 846 unsigned short peer_circuit_index, peer_circuit_id; 847 unsigned short frametype, flags, window, timeout; 848 int ret; 849 850 skb_orphan(skb); 851 852 /* 853 * skb->data points to the netrom frame start 854 */ 855 856 src = (ax25_address *)(skb->data + 0); 857 dest = (ax25_address *)(skb->data + 7); 858 859 circuit_index = skb->data[15]; 860 circuit_id = skb->data[16]; 861 peer_circuit_index = skb->data[17]; 862 peer_circuit_id = skb->data[18]; 863 frametype = skb->data[19] & 0x0F; 864 flags = skb->data[19] & 0xF0; 865 866 /* 867 * Check for an incoming IP over NET/ROM frame. 868 */ 869 if (frametype == NR_PROTOEXT && 870 circuit_index == NR_PROTO_IP && circuit_id == NR_PROTO_IP) { 871 skb_pull(skb, NR_NETWORK_LEN + NR_TRANSPORT_LEN); 872 skb_reset_transport_header(skb); 873 874 return nr_rx_ip(skb, dev); 875 } 876 877 /* 878 * Find an existing socket connection, based on circuit ID, if it's 879 * a Connect Request base it on their circuit ID. 880 * 881 * Circuit ID 0/0 is not valid but it could still be a "reset" for a 882 * circuit that no longer exists at the other end ... 883 */ 884 885 sk = NULL; 886 887 if (circuit_index == 0 && circuit_id == 0) { 888 if (frametype == NR_CONNACK && flags == NR_CHOKE_FLAG) 889 sk = nr_find_peer(peer_circuit_index, peer_circuit_id, src); 890 } else { 891 if (frametype == NR_CONNREQ) 892 sk = nr_find_peer(circuit_index, circuit_id, src); 893 else 894 sk = nr_find_socket(circuit_index, circuit_id); 895 } 896 897 if (sk != NULL) { 898 bh_lock_sock(sk); 899 skb_reset_transport_header(skb); 900 901 if (frametype == NR_CONNACK && skb->len == 22) 902 nr_sk(sk)->bpqext = 1; 903 else 904 nr_sk(sk)->bpqext = 0; 905 906 ret = nr_process_rx_frame(sk, skb); 907 bh_unlock_sock(sk); 908 sock_put(sk); 909 return ret; 910 } 911 912 /* 913 * Now it should be a CONNREQ. 914 */ 915 if (frametype != NR_CONNREQ) { 916 /* 917 * Here it would be nice to be able to send a reset but 918 * NET/ROM doesn't have one. We've tried to extend the protocol 919 * by sending NR_CONNACK | NR_CHOKE_FLAGS replies but that 920 * apparently kills BPQ boxes... :-( 921 * So now we try to follow the established behaviour of 922 * G8PZT's Xrouter which is sending packets with command type 7 923 * as an extension of the protocol. 924 */ 925 if (sysctl_netrom_reset_circuit && 926 (frametype != NR_RESET || flags != 0)) 927 nr_transmit_reset(skb, 1); 928 929 return 0; 930 } 931 932 sk = nr_find_listener(dest); 933 934 user = (ax25_address *)(skb->data + 21); 935 936 if (sk == NULL || sk_acceptq_is_full(sk) || 937 (make = nr_make_new(sk)) == NULL) { 938 nr_transmit_refusal(skb, 0); 939 if (sk) 940 sock_put(sk); 941 return 0; 942 } 943 944 bh_lock_sock(sk); 945 946 window = skb->data[20]; 947 948 sock_hold(make); 949 skb->sk = make; 950 skb->destructor = sock_efree; 951 make->sk_state = TCP_ESTABLISHED; 952 953 /* Fill in his circuit details */ 954 nr_make = nr_sk(make); 955 nr_make->source_addr = *dest; 956 nr_make->dest_addr = *src; 957 nr_make->user_addr = *user; 958 959 nr_make->your_index = circuit_index; 960 nr_make->your_id = circuit_id; 961 962 bh_unlock_sock(sk); 963 circuit = nr_find_next_circuit(); 964 bh_lock_sock(sk); 965 966 nr_make->my_index = circuit / 256; 967 nr_make->my_id = circuit % 256; 968 969 circuit++; 970 971 /* Window negotiation */ 972 if (window < nr_make->window) 973 nr_make->window = window; 974 975 /* L4 timeout negotiation */ 976 if (skb->len == 37) { 977 timeout = skb->data[36] * 256 + skb->data[35]; 978 if (timeout * HZ < nr_make->t1) 979 nr_make->t1 = timeout * HZ; 980 nr_make->bpqext = 1; 981 } else { 982 nr_make->bpqext = 0; 983 } 984 985 nr_write_internal(make, NR_CONNACK); 986 987 nr_make->condition = 0x00; 988 nr_make->vs = 0; 989 nr_make->va = 0; 990 nr_make->vr = 0; 991 nr_make->vl = 0; 992 nr_make->state = NR_STATE_3; 993 sk_acceptq_added(sk); 994 skb_queue_head(&sk->sk_receive_queue, skb); 995 996 if (!sock_flag(sk, SOCK_DEAD)) 997 sk->sk_data_ready(sk); 998 999 bh_unlock_sock(sk); 1000 sock_put(sk); 1001 1002 nr_insert_socket(make); 1003 1004 nr_start_heartbeat(make); 1005 nr_start_idletimer(make); 1006 1007 return 1; 1008 } 1009 1010 static int nr_sendmsg(struct socket *sock, struct msghdr *msg, size_t len) 1011 { 1012 struct sock *sk = sock->sk; 1013 struct nr_sock *nr = nr_sk(sk); 1014 DECLARE_SOCKADDR(struct sockaddr_ax25 *, usax, msg->msg_name); 1015 int err; 1016 struct sockaddr_ax25 sax; 1017 struct sk_buff *skb; 1018 unsigned char *asmptr; 1019 int size; 1020 1021 if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_EOR|MSG_CMSG_COMPAT)) 1022 return -EINVAL; 1023 1024 lock_sock(sk); 1025 if (sock_flag(sk, SOCK_ZAPPED)) { 1026 err = -EADDRNOTAVAIL; 1027 goto out; 1028 } 1029 1030 if (sk->sk_shutdown & SEND_SHUTDOWN) { 1031 send_sig(SIGPIPE, current, 0); 1032 err = -EPIPE; 1033 goto out; 1034 } 1035 1036 if (nr->device == NULL) { 1037 err = -ENETUNREACH; 1038 goto out; 1039 } 1040 1041 if (usax) { 1042 if (msg->msg_namelen < sizeof(sax)) { 1043 err = -EINVAL; 1044 goto out; 1045 } 1046 sax = *usax; 1047 if (ax25cmp(&nr->dest_addr, &sax.sax25_call) != 0) { 1048 err = -EISCONN; 1049 goto out; 1050 } 1051 if (sax.sax25_family != AF_NETROM) { 1052 err = -EINVAL; 1053 goto out; 1054 } 1055 } else { 1056 if (sk->sk_state != TCP_ESTABLISHED) { 1057 err = -ENOTCONN; 1058 goto out; 1059 } 1060 sax.sax25_family = AF_NETROM; 1061 sax.sax25_call = nr->dest_addr; 1062 } 1063 1064 /* Build a packet - the conventional user limit is 236 bytes. We can 1065 do ludicrously large NetROM frames but must not overflow */ 1066 if (len > 65536) { 1067 err = -EMSGSIZE; 1068 goto out; 1069 } 1070 1071 size = len + NR_NETWORK_LEN + NR_TRANSPORT_LEN; 1072 1073 if ((skb = sock_alloc_send_skb(sk, size, msg->msg_flags & MSG_DONTWAIT, &err)) == NULL) 1074 goto out; 1075 1076 skb_reserve(skb, size - len); 1077 skb_reset_transport_header(skb); 1078 1079 /* 1080 * Push down the NET/ROM header 1081 */ 1082 1083 asmptr = skb_push(skb, NR_TRANSPORT_LEN); 1084 1085 /* Build a NET/ROM Transport header */ 1086 1087 *asmptr++ = nr->your_index; 1088 *asmptr++ = nr->your_id; 1089 *asmptr++ = 0; /* To be filled in later */ 1090 *asmptr++ = 0; /* Ditto */ 1091 *asmptr++ = NR_INFO; 1092 1093 /* 1094 * Put the data on the end 1095 */ 1096 skb_put(skb, len); 1097 1098 /* User data follows immediately after the NET/ROM transport header */ 1099 if (memcpy_from_msg(skb_transport_header(skb), msg, len)) { 1100 kfree_skb(skb); 1101 err = -EFAULT; 1102 goto out; 1103 } 1104 1105 if (sk->sk_state != TCP_ESTABLISHED) { 1106 kfree_skb(skb); 1107 err = -ENOTCONN; 1108 goto out; 1109 } 1110 1111 nr_output(sk, skb); /* Shove it onto the queue */ 1112 1113 err = len; 1114 out: 1115 release_sock(sk); 1116 return err; 1117 } 1118 1119 static int nr_recvmsg(struct socket *sock, struct msghdr *msg, size_t size, 1120 int flags) 1121 { 1122 struct sock *sk = sock->sk; 1123 DECLARE_SOCKADDR(struct sockaddr_ax25 *, sax, msg->msg_name); 1124 size_t copied; 1125 struct sk_buff *skb; 1126 int er; 1127 1128 /* 1129 * This works for seqpacket too. The receiver has ordered the queue for 1130 * us! We do one quick check first though 1131 */ 1132 1133 lock_sock(sk); 1134 if (sk->sk_state != TCP_ESTABLISHED) { 1135 release_sock(sk); 1136 return -ENOTCONN; 1137 } 1138 1139 /* Now we can treat all alike */ 1140 if ((skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, flags & MSG_DONTWAIT, &er)) == NULL) { 1141 release_sock(sk); 1142 return er; 1143 } 1144 1145 skb_reset_transport_header(skb); 1146 copied = skb->len; 1147 1148 if (copied > size) { 1149 copied = size; 1150 msg->msg_flags |= MSG_TRUNC; 1151 } 1152 1153 er = skb_copy_datagram_msg(skb, 0, msg, copied); 1154 if (er < 0) { 1155 skb_free_datagram(sk, skb); 1156 release_sock(sk); 1157 return er; 1158 } 1159 1160 if (sax != NULL) { 1161 memset(sax, 0, sizeof(*sax)); 1162 sax->sax25_family = AF_NETROM; 1163 skb_copy_from_linear_data_offset(skb, 7, sax->sax25_call.ax25_call, 1164 AX25_ADDR_LEN); 1165 msg->msg_namelen = sizeof(*sax); 1166 } 1167 1168 skb_free_datagram(sk, skb); 1169 1170 release_sock(sk); 1171 return copied; 1172 } 1173 1174 1175 static int nr_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) 1176 { 1177 struct sock *sk = sock->sk; 1178 void __user *argp = (void __user *)arg; 1179 1180 switch (cmd) { 1181 case TIOCOUTQ: { 1182 long amount; 1183 1184 lock_sock(sk); 1185 amount = sk->sk_sndbuf - sk_wmem_alloc_get(sk); 1186 if (amount < 0) 1187 amount = 0; 1188 release_sock(sk); 1189 return put_user(amount, (int __user *)argp); 1190 } 1191 1192 case TIOCINQ: { 1193 struct sk_buff *skb; 1194 long amount = 0L; 1195 1196 lock_sock(sk); 1197 /* These two are safe on a single CPU system as only user tasks fiddle here */ 1198 if ((skb = skb_peek(&sk->sk_receive_queue)) != NULL) 1199 amount = skb->len; 1200 release_sock(sk); 1201 return put_user(amount, (int __user *)argp); 1202 } 1203 1204 case SIOCGIFADDR: 1205 case SIOCSIFADDR: 1206 case SIOCGIFDSTADDR: 1207 case SIOCSIFDSTADDR: 1208 case SIOCGIFBRDADDR: 1209 case SIOCSIFBRDADDR: 1210 case SIOCGIFNETMASK: 1211 case SIOCSIFNETMASK: 1212 case SIOCGIFMETRIC: 1213 case SIOCSIFMETRIC: 1214 return -EINVAL; 1215 1216 case SIOCADDRT: 1217 case SIOCDELRT: 1218 case SIOCNRDECOBS: 1219 if (!capable(CAP_NET_ADMIN)) 1220 return -EPERM; 1221 return nr_rt_ioctl(cmd, argp); 1222 1223 default: 1224 return -ENOIOCTLCMD; 1225 } 1226 1227 return 0; 1228 } 1229 1230 #ifdef CONFIG_PROC_FS 1231 1232 static void *nr_info_start(struct seq_file *seq, loff_t *pos) 1233 { 1234 spin_lock_bh(&nr_list_lock); 1235 return seq_hlist_start_head(&nr_list, *pos); 1236 } 1237 1238 static void *nr_info_next(struct seq_file *seq, void *v, loff_t *pos) 1239 { 1240 return seq_hlist_next(v, &nr_list, pos); 1241 } 1242 1243 static void nr_info_stop(struct seq_file *seq, void *v) 1244 { 1245 spin_unlock_bh(&nr_list_lock); 1246 } 1247 1248 static int nr_info_show(struct seq_file *seq, void *v) 1249 { 1250 struct sock *s = sk_entry(v); 1251 struct net_device *dev; 1252 struct nr_sock *nr; 1253 const char *devname; 1254 char buf[11]; 1255 1256 if (v == SEQ_START_TOKEN) 1257 seq_puts(seq, 1258 "user_addr dest_node src_node dev my your st vs vr va t1 t2 t4 idle n2 wnd Snd-Q Rcv-Q inode\n"); 1259 1260 else { 1261 1262 bh_lock_sock(s); 1263 nr = nr_sk(s); 1264 1265 if ((dev = nr->device) == NULL) 1266 devname = "???"; 1267 else 1268 devname = dev->name; 1269 1270 seq_printf(seq, "%-9s ", ax2asc(buf, &nr->user_addr)); 1271 seq_printf(seq, "%-9s ", ax2asc(buf, &nr->dest_addr)); 1272 seq_printf(seq, 1273 "%-9s %-3s %02X/%02X %02X/%02X %2d %3d %3d %3d %3lu/%03lu %2lu/%02lu %3lu/%03lu %3lu/%03lu %2d/%02d %3d %5d %5d %ld\n", 1274 ax2asc(buf, &nr->source_addr), 1275 devname, 1276 nr->my_index, 1277 nr->my_id, 1278 nr->your_index, 1279 nr->your_id, 1280 nr->state, 1281 nr->vs, 1282 nr->vr, 1283 nr->va, 1284 ax25_display_timer(&nr->t1timer) / HZ, 1285 nr->t1 / HZ, 1286 ax25_display_timer(&nr->t2timer) / HZ, 1287 nr->t2 / HZ, 1288 ax25_display_timer(&nr->t4timer) / HZ, 1289 nr->t4 / HZ, 1290 ax25_display_timer(&nr->idletimer) / (60 * HZ), 1291 nr->idle / (60 * HZ), 1292 nr->n2count, 1293 nr->n2, 1294 nr->window, 1295 sk_wmem_alloc_get(s), 1296 sk_rmem_alloc_get(s), 1297 s->sk_socket ? SOCK_INODE(s->sk_socket)->i_ino : 0L); 1298 1299 bh_unlock_sock(s); 1300 } 1301 return 0; 1302 } 1303 1304 static const struct seq_operations nr_info_seqops = { 1305 .start = nr_info_start, 1306 .next = nr_info_next, 1307 .stop = nr_info_stop, 1308 .show = nr_info_show, 1309 }; 1310 #endif /* CONFIG_PROC_FS */ 1311 1312 static const struct net_proto_family nr_family_ops = { 1313 .family = PF_NETROM, 1314 .create = nr_create, 1315 .owner = THIS_MODULE, 1316 }; 1317 1318 static const struct proto_ops nr_proto_ops = { 1319 .family = PF_NETROM, 1320 .owner = THIS_MODULE, 1321 .release = nr_release, 1322 .bind = nr_bind, 1323 .connect = nr_connect, 1324 .socketpair = sock_no_socketpair, 1325 .accept = nr_accept, 1326 .getname = nr_getname, 1327 .poll = datagram_poll, 1328 .ioctl = nr_ioctl, 1329 .gettstamp = sock_gettstamp, 1330 .listen = nr_listen, 1331 .shutdown = sock_no_shutdown, 1332 .setsockopt = nr_setsockopt, 1333 .getsockopt = nr_getsockopt, 1334 .sendmsg = nr_sendmsg, 1335 .recvmsg = nr_recvmsg, 1336 .mmap = sock_no_mmap, 1337 .sendpage = sock_no_sendpage, 1338 }; 1339 1340 static struct notifier_block nr_dev_notifier = { 1341 .notifier_call = nr_device_event, 1342 }; 1343 1344 static struct net_device **dev_nr; 1345 1346 static struct ax25_protocol nr_pid = { 1347 .pid = AX25_P_NETROM, 1348 .func = nr_route_frame 1349 }; 1350 1351 static struct ax25_linkfail nr_linkfail_notifier = { 1352 .func = nr_link_failed, 1353 }; 1354 1355 static int __init nr_proto_init(void) 1356 { 1357 int i; 1358 int rc = proto_register(&nr_proto, 0); 1359 1360 if (rc) 1361 return rc; 1362 1363 if (nr_ndevs > 0x7fffffff/sizeof(struct net_device *)) { 1364 pr_err("NET/ROM: %s - nr_ndevs parameter too large\n", 1365 __func__); 1366 rc = -EINVAL; 1367 goto unregister_proto; 1368 } 1369 1370 dev_nr = kcalloc(nr_ndevs, sizeof(struct net_device *), GFP_KERNEL); 1371 if (!dev_nr) { 1372 pr_err("NET/ROM: %s - unable to allocate device array\n", 1373 __func__); 1374 rc = -ENOMEM; 1375 goto unregister_proto; 1376 } 1377 1378 for (i = 0; i < nr_ndevs; i++) { 1379 char name[IFNAMSIZ]; 1380 struct net_device *dev; 1381 1382 sprintf(name, "nr%d", i); 1383 dev = alloc_netdev(0, name, NET_NAME_UNKNOWN, nr_setup); 1384 if (!dev) { 1385 rc = -ENOMEM; 1386 goto fail; 1387 } 1388 1389 dev->base_addr = i; 1390 rc = register_netdev(dev); 1391 if (rc) { 1392 free_netdev(dev); 1393 goto fail; 1394 } 1395 dev_nr[i] = dev; 1396 } 1397 1398 rc = sock_register(&nr_family_ops); 1399 if (rc) 1400 goto fail; 1401 1402 rc = register_netdevice_notifier(&nr_dev_notifier); 1403 if (rc) 1404 goto out_sock; 1405 1406 ax25_register_pid(&nr_pid); 1407 ax25_linkfail_register(&nr_linkfail_notifier); 1408 1409 #ifdef CONFIG_SYSCTL 1410 rc = nr_register_sysctl(); 1411 if (rc) 1412 goto out_sysctl; 1413 #endif 1414 1415 nr_loopback_init(); 1416 1417 rc = -ENOMEM; 1418 if (!proc_create_seq("nr", 0444, init_net.proc_net, &nr_info_seqops)) 1419 goto proc_remove1; 1420 if (!proc_create_seq("nr_neigh", 0444, init_net.proc_net, 1421 &nr_neigh_seqops)) 1422 goto proc_remove2; 1423 if (!proc_create_seq("nr_nodes", 0444, init_net.proc_net, 1424 &nr_node_seqops)) 1425 goto proc_remove3; 1426 1427 return 0; 1428 1429 proc_remove3: 1430 remove_proc_entry("nr_neigh", init_net.proc_net); 1431 proc_remove2: 1432 remove_proc_entry("nr", init_net.proc_net); 1433 proc_remove1: 1434 1435 nr_loopback_clear(); 1436 nr_rt_free(); 1437 1438 #ifdef CONFIG_SYSCTL 1439 nr_unregister_sysctl(); 1440 out_sysctl: 1441 #endif 1442 ax25_linkfail_release(&nr_linkfail_notifier); 1443 ax25_protocol_release(AX25_P_NETROM); 1444 unregister_netdevice_notifier(&nr_dev_notifier); 1445 out_sock: 1446 sock_unregister(PF_NETROM); 1447 fail: 1448 while (--i >= 0) { 1449 unregister_netdev(dev_nr[i]); 1450 free_netdev(dev_nr[i]); 1451 } 1452 kfree(dev_nr); 1453 unregister_proto: 1454 proto_unregister(&nr_proto); 1455 return rc; 1456 } 1457 1458 module_init(nr_proto_init); 1459 1460 module_param(nr_ndevs, int, 0); 1461 MODULE_PARM_DESC(nr_ndevs, "number of NET/ROM devices"); 1462 1463 MODULE_AUTHOR("Jonathan Naylor G4KLX <g4klx@g4klx.demon.co.uk>"); 1464 MODULE_DESCRIPTION("The amateur radio NET/ROM network and transport layer protocol"); 1465 MODULE_LICENSE("GPL"); 1466 MODULE_ALIAS_NETPROTO(PF_NETROM); 1467 1468 static void __exit nr_exit(void) 1469 { 1470 int i; 1471 1472 remove_proc_entry("nr", init_net.proc_net); 1473 remove_proc_entry("nr_neigh", init_net.proc_net); 1474 remove_proc_entry("nr_nodes", init_net.proc_net); 1475 nr_loopback_clear(); 1476 1477 nr_rt_free(); 1478 1479 #ifdef CONFIG_SYSCTL 1480 nr_unregister_sysctl(); 1481 #endif 1482 1483 ax25_linkfail_release(&nr_linkfail_notifier); 1484 ax25_protocol_release(AX25_P_NETROM); 1485 1486 unregister_netdevice_notifier(&nr_dev_notifier); 1487 1488 sock_unregister(PF_NETROM); 1489 1490 for (i = 0; i < nr_ndevs; i++) { 1491 struct net_device *dev = dev_nr[i]; 1492 if (dev) { 1493 unregister_netdev(dev); 1494 free_netdev(dev); 1495 } 1496 } 1497 1498 kfree(dev_nr); 1499 proto_unregister(&nr_proto); 1500 } 1501 module_exit(nr_exit); 1502