net/ax25/ax25_in.c

0001 // SPDX-License-Identifier: GPL-2.0-or-later
0002 /*
0003  *
0004  * Copyright (C) Alan Cox GW4PTS (alan@lxorguk.ukuu.org.uk)
0005  * Copyright (C) Jonathan Naylor G4KLX (g4klx@g4klx.demon.co.uk)
0006  * Copyright (C) Joerg Reuter DL1BKE (jreuter@yaina.de)
0007  * Copyright (C) Hans-Joachim Hetscher DD8NE (dd8ne@bnv-bamberg.de)
0008  */
0009 #include <linux/errno.h>
0010 #include <linux/types.h>
0011 #include <linux/socket.h>
0012 #include <linux/in.h>
0013 #include <linux/kernel.h>
0014 #include <linux/timer.h>
0015 #include <linux/string.h>
0016 #include <linux/sockios.h>
0017 #include <linux/net.h>
0018 #include <linux/slab.h>
0019 #include <net/ax25.h>
0020 #include <linux/inet.h>
0021 #include <linux/netdevice.h>
0022 #include <linux/skbuff.h>
0023 #include <net/sock.h>
0024 #include <net/tcp_states.h>
0025 #include <linux/uaccess.h>
0026 #include <linux/fcntl.h>
0027 #include <linux/mm.h>
0028 #include <linux/interrupt.h>
0029
0030 /*
0031  *  Given a fragment, queue it on the fragment queue and if the fragment
0032  *  is complete, send it back to ax25_rx_iframe.
0033  */
0034 static int ax25_rx_fragment(ax25_cb *ax25, struct sk_buff *skb)
0035 {
0036     struct sk_buff *skbn, *skbo;
0037
0038     if (ax25->fragno != 0) {
0039         if (!(*skb->data & AX25_SEG_FIRST)) {
0040             if ((ax25->fragno - 1) == (*skb->data & AX25_SEG_REM)) {
0041                 /* Enqueue fragment */
0042                 ax25->fragno = *skb->data & AX25_SEG_REM;
0043                 skb_pull(skb, 1);   /* skip fragno */
0044                 ax25->fraglen += skb->len;
0045                 skb_queue_tail(&ax25->frag_queue, skb);
0046
0047                 /* Last fragment received ? */
0048                 if (ax25->fragno == 0) {
0049                     skbn = alloc_skb(AX25_MAX_HEADER_LEN +
0050                              ax25->fraglen,
0051                              GFP_ATOMIC);
0052                     if (!skbn) {
0053                         skb_queue_purge(&ax25->frag_queue);
0054                         return 1;
0055                     }
0056
0057                     skb_reserve(skbn, AX25_MAX_HEADER_LEN);
0058
0059                     skbn->dev   = ax25->ax25_dev->dev;
0060                     skb_reset_network_header(skbn);
0061                     skb_reset_transport_header(skbn);
0062
0063                     /* Copy data from the fragments */
0064                     while ((skbo = skb_dequeue(&ax25->frag_queue)) != NULL) {
0065                         skb_copy_from_linear_data(skbo,
0066                               skb_put(skbn, skbo->len),
0067                                       skbo->len);
0068                         kfree_skb(skbo);
0069                     }
0070
0071                     ax25->fraglen = 0;
0072
0073                     if (ax25_rx_iframe(ax25, skbn) == 0)
0074                         kfree_skb(skbn);
0075                 }
0076
0077                 return 1;
0078             }
0079         }
0080     } else {
0081         /* First fragment received */
0082         if (*skb->data & AX25_SEG_FIRST) {
0083             skb_queue_purge(&ax25->frag_queue);
0084             ax25->fragno = *skb->data & AX25_SEG_REM;
0085             skb_pull(skb, 1);       /* skip fragno */
0086             ax25->fraglen = skb->len;
0087             skb_queue_tail(&ax25->frag_queue, skb);
0088             return 1;
0089         }
0090     }
0091
0092     return 0;
0093 }
0094
0095 /*
0096  *  This is where all valid I frames are sent to, to be dispatched to
0097  *  whichever protocol requires them.
0098  */
0099 int ax25_rx_iframe(ax25_cb *ax25, struct sk_buff *skb)
0100 {
0101     int (*func)(struct sk_buff *, ax25_cb *);
0102     unsigned char pid;
0103     int queued = 0;
0104
0105     if (skb == NULL) return 0;
0106
0107     ax25_start_idletimer(ax25);
0108
0109     pid = *skb->data;
0110
0111     if (pid == AX25_P_IP) {
0112         /* working around a TCP bug to keep additional listeners
0113          * happy. TCP re-uses the buffer and destroys the original
0114          * content.
0115          */
0116         struct sk_buff *skbn = skb_copy(skb, GFP_ATOMIC);
0117         if (skbn != NULL) {
0118             kfree_skb(skb);
0119             skb = skbn;
0120         }
0121
0122         skb_pull(skb, 1);   /* Remove PID */
0123         skb->mac_header = skb->network_header;
0124         skb_reset_network_header(skb);
0125         skb->dev      = ax25->ax25_dev->dev;
0126         skb->pkt_type = PACKET_HOST;
0127         skb->protocol = htons(ETH_P_IP);
0128         netif_rx(skb);
0129         return 1;
0130     }
0131     if (pid == AX25_P_SEGMENT) {
0132         skb_pull(skb, 1);   /* Remove PID */
0133         return ax25_rx_fragment(ax25, skb);
0134     }
0135
0136     if ((func = ax25_protocol_function(pid)) != NULL) {
0137         skb_pull(skb, 1);   /* Remove PID */
0138         return (*func)(skb, ax25);
0139     }
0140
0141     if (ax25->sk != NULL && ax25->ax25_dev->values[AX25_VALUES_CONMODE] == 2) {
0142         if ((!ax25->pidincl && ax25->sk->sk_protocol == pid) ||
0143             ax25->pidincl) {
0144             if (sock_queue_rcv_skb(ax25->sk, skb) == 0)
0145                 queued = 1;
0146             else
0147                 ax25->condition |= AX25_COND_OWN_RX_BUSY;
0148         }
0149     }
0150
0151     return queued;
0152 }
0153
0154 /*
0155  *  Higher level upcall for a LAPB frame
0156  */
0157 static int ax25_process_rx_frame(ax25_cb *ax25, struct sk_buff *skb, int type, int dama)
0158 {
0159     int queued = 0;
0160
0161     if (ax25->state == AX25_STATE_0)
0162         return 0;
0163
0164     switch (ax25->ax25_dev->values[AX25_VALUES_PROTOCOL]) {
0165     case AX25_PROTO_STD_SIMPLEX:
0166     case AX25_PROTO_STD_DUPLEX:
0167         queued = ax25_std_frame_in(ax25, skb, type);
0168         break;
0169
0170 #ifdef CONFIG_AX25_DAMA_SLAVE
0171     case AX25_PROTO_DAMA_SLAVE:
0172         if (dama || ax25->ax25_dev->dama.slave)
0173             queued = ax25_ds_frame_in(ax25, skb, type);
0174         else
0175             queued = ax25_std_frame_in(ax25, skb, type);
0176         break;
0177 #endif
0178     }
0179
0180     return queued;
0181 }
0182
0183 static int ax25_rcv(struct sk_buff *skb, struct net_device *dev,
0184             const ax25_address *dev_addr, struct packet_type *ptype)
0185 {
0186     ax25_address src, dest, *next_digi = NULL;
0187     int type = 0, mine = 0, dama;
0188     struct sock *make, *sk;
0189     ax25_digi dp, reverse_dp;
0190     ax25_cb *ax25;
0191     ax25_dev *ax25_dev;
0192
0193     /*
0194      *  Process the AX.25/LAPB frame.
0195      */
0196
0197     skb_reset_transport_header(skb);
0198
0199     if ((ax25_dev = ax25_dev_ax25dev(dev)) == NULL)
0200         goto free;
0201
0202     /*
0203      *  Parse the address header.
0204      */
0205
0206     if (ax25_addr_parse(skb->data, skb->len, &src, &dest, &dp, &type, &dama) == NULL)
0207         goto free;
0208
0209     /*
0210      *  Ours perhaps ?
0211      */
0212     if (dp.lastrepeat + 1 < dp.ndigi)       /* Not yet digipeated completely */
0213         next_digi = &dp.calls[dp.lastrepeat + 1];
0214
0215     /*
0216      *  Pull of the AX.25 headers leaving the CTRL/PID bytes
0217      */
0218     skb_pull(skb, ax25_addr_size(&dp));
0219
0220     /* For our port addresses ? */
0221     if (ax25cmp(&dest, dev_addr) == 0 && dp.lastrepeat + 1 == dp.ndigi)
0222         mine = 1;
0223
0224     /* Also match on any registered callsign from L3/4 */
0225     if (!mine && ax25_listen_mine(&dest, dev) && dp.lastrepeat + 1 == dp.ndigi)
0226         mine = 1;
0227
0228     /* UI frame - bypass LAPB processing */
0229     if ((*skb->data & ~0x10) == AX25_UI && dp.lastrepeat + 1 == dp.ndigi) {
0230         skb_set_transport_header(skb, 2); /* skip control and pid */
0231
0232         ax25_send_to_raw(&dest, skb, skb->data[1]);
0233
0234         if (!mine && ax25cmp(&dest, (ax25_address *)dev->broadcast) != 0)
0235             goto free;
0236
0237         /* Now we are pointing at the pid byte */
0238         switch (skb->data[1]) {
0239         case AX25_P_IP:
0240             skb_pull(skb,2);        /* drop PID/CTRL */
0241             skb_reset_transport_header(skb);
0242             skb_reset_network_header(skb);
0243             skb->dev      = dev;
0244             skb->pkt_type = PACKET_HOST;
0245             skb->protocol = htons(ETH_P_IP);
0246             netif_rx(skb);
0247             break;
0248
0249         case AX25_P_ARP:
0250             skb_pull(skb,2);
0251             skb_reset_transport_header(skb);
0252             skb_reset_network_header(skb);
0253             skb->dev      = dev;
0254             skb->pkt_type = PACKET_HOST;
0255             skb->protocol = htons(ETH_P_ARP);
0256             netif_rx(skb);
0257             break;
0258         case AX25_P_TEXT:
0259             /* Now find a suitable dgram socket */
0260             sk = ax25_get_socket(&dest, &src, SOCK_DGRAM);
0261             if (sk != NULL) {
0262                 bh_lock_sock(sk);
0263                 if (atomic_read(&sk->sk_rmem_alloc) >=
0264                     sk->sk_rcvbuf) {
0265                     kfree_skb(skb);
0266                 } else {
0267                     /*
0268                      *  Remove the control and PID.
0269                      */
0270                     skb_pull(skb, 2);
0271                     if (sock_queue_rcv_skb(sk, skb) != 0)
0272                         kfree_skb(skb);
0273                 }
0274                 bh_unlock_sock(sk);
0275                 sock_put(sk);
0276             } else {
0277                 kfree_skb(skb);
0278             }
0279             break;
0280
0281         default:
0282             kfree_skb(skb); /* Will scan SOCK_AX25 RAW sockets */
0283             break;
0284         }
0285
0286         return 0;
0287     }
0288
0289     /*
0290      *  Is connected mode supported on this device ?
0291      *  If not, should we DM the incoming frame (except DMs) or
0292      *  silently ignore them. For now we stay quiet.
0293      */
0294     if (ax25_dev->values[AX25_VALUES_CONMODE] == 0)
0295         goto free;
0296
0297     /* LAPB */
0298
0299     /* AX.25 state 1-4 */
0300
0301     ax25_digi_invert(&dp, &reverse_dp);
0302
0303     if ((ax25 = ax25_find_cb(&dest, &src, &reverse_dp, dev)) != NULL) {
0304         /*
0305          *  Process the frame. If it is queued up internally it
0306          *  returns one otherwise we free it immediately. This
0307          *  routine itself wakes the user context layers so we do
0308          *  no further work
0309          */
0310         if (ax25_process_rx_frame(ax25, skb, type, dama) == 0)
0311             kfree_skb(skb);
0312
0313         ax25_cb_put(ax25);
0314         return 0;
0315     }
0316
0317     /* AX.25 state 0 (disconnected) */
0318
0319     /* a) received not a SABM(E) */
0320
0321     if ((*skb->data & ~AX25_PF) != AX25_SABM &&
0322         (*skb->data & ~AX25_PF) != AX25_SABME) {
0323         /*
0324          *  Never reply to a DM. Also ignore any connects for
0325          *  addresses that are not our interfaces and not a socket.
0326          */
0327         if ((*skb->data & ~AX25_PF) != AX25_DM && mine)
0328             ax25_return_dm(dev, &src, &dest, &dp);
0329
0330         goto free;
0331     }
0332
0333     /* b) received SABM(E) */
0334
0335     if (dp.lastrepeat + 1 == dp.ndigi)
0336         sk = ax25_find_listener(&dest, 0, dev, SOCK_SEQPACKET);
0337     else
0338         sk = ax25_find_listener(next_digi, 1, dev, SOCK_SEQPACKET);
0339
0340     if (sk != NULL) {
0341         bh_lock_sock(sk);
0342         if (sk_acceptq_is_full(sk) ||
0343             (make = ax25_make_new(sk, ax25_dev)) == NULL) {
0344             if (mine)
0345                 ax25_return_dm(dev, &src, &dest, &dp);
0346             kfree_skb(skb);
0347             bh_unlock_sock(sk);
0348             sock_put(sk);
0349
0350             return 0;
0351         }
0352
0353         ax25 = sk_to_ax25(make);
0354         skb_set_owner_r(skb, make);
0355         skb_queue_head(&sk->sk_receive_queue, skb);
0356
0357         make->sk_state = TCP_ESTABLISHED;
0358
0359         sk_acceptq_added(sk);
0360         bh_unlock_sock(sk);
0361     } else {
0362         if (!mine)
0363             goto free;
0364
0365         if ((ax25 = ax25_create_cb()) == NULL) {
0366             ax25_return_dm(dev, &src, &dest, &dp);
0367             goto free;
0368         }
0369
0370         ax25_fillin_cb(ax25, ax25_dev);
0371     }
0372
0373     ax25->source_addr = dest;
0374     ax25->dest_addr   = src;
0375
0376     /*
0377      *  Sort out any digipeated paths.
0378      */
0379     if (dp.ndigi && !ax25->digipeat &&
0380         (ax25->digipeat = kmalloc(sizeof(ax25_digi), GFP_ATOMIC)) == NULL) {
0381         kfree_skb(skb);
0382         ax25_destroy_socket(ax25);
0383         if (sk)
0384             sock_put(sk);
0385         return 0;
0386     }
0387
0388     if (dp.ndigi == 0) {
0389         kfree(ax25->digipeat);
0390         ax25->digipeat = NULL;
0391     } else {
0392         /* Reverse the source SABM's path */
0393         memcpy(ax25->digipeat, &reverse_dp, sizeof(ax25_digi));
0394     }
0395
0396     if ((*skb->data & ~AX25_PF) == AX25_SABME) {
0397         ax25->modulus = AX25_EMODULUS;
0398         ax25->window  = ax25_dev->values[AX25_VALUES_EWINDOW];
0399     } else {
0400         ax25->modulus = AX25_MODULUS;
0401         ax25->window  = ax25_dev->values[AX25_VALUES_WINDOW];
0402     }
0403
0404     ax25_send_control(ax25, AX25_UA, AX25_POLLON, AX25_RESPONSE);
0405
0406 #ifdef CONFIG_AX25_DAMA_SLAVE
0407     if (dama && ax25->ax25_dev->values[AX25_VALUES_PROTOCOL] == AX25_PROTO_DAMA_SLAVE)
0408         ax25_dama_on(ax25);
0409 #endif
0410
0411     ax25->state = AX25_STATE_3;
0412
0413     ax25_cb_add(ax25);
0414
0415     ax25_start_heartbeat(ax25);
0416     ax25_start_t3timer(ax25);
0417     ax25_start_idletimer(ax25);
0418
0419     if (sk) {
0420         if (!sock_flag(sk, SOCK_DEAD))
0421             sk->sk_data_ready(sk);
0422         sock_put(sk);
0423     } else {
0424 free:
0425         kfree_skb(skb);
0426     }
0427     return 0;
0428 }
0429
0430 /*
0431  *  Receive an AX.25 frame via a SLIP interface.
0432  */
0433 int ax25_kiss_rcv(struct sk_buff *skb, struct net_device *dev,
0434           struct packet_type *ptype, struct net_device *orig_dev)
0435 {
0436     skb_orphan(skb);
0437
0438     if (!net_eq(dev_net(dev), &init_net)) {
0439         kfree_skb(skb);
0440         return 0;
0441     }
0442
0443     if ((*skb->data & 0x0F) != 0) {
0444         kfree_skb(skb); /* Not a KISS data frame */
0445         return 0;
0446     }
0447
0448     skb_pull(skb, AX25_KISS_HEADER_LEN);    /* Remove the KISS byte */
0449
0450     return ax25_rcv(skb, dev, (const ax25_address *)dev->dev_addr, ptype);
0451 }