net/ax25/ax25_std_in.c

0001 // SPDX-License-Identifier: GPL-2.0-or-later
0002 /*
0003  *
0004  * Copyright (C) Alan Cox GW4PTS (alan@lxorguk.ukuu.org.uk)
0005  * Copyright (C) Jonathan Naylor G4KLX (g4klx@g4klx.demon.co.uk)
0006  * Copyright (C) Joerg Reuter DL1BKE (jreuter@yaina.de)
0007  * Copyright (C) Hans-Joachim Hetscher DD8NE (dd8ne@bnv-bamberg.de)
0008  *
0009  * Most of this code is based on the SDL diagrams published in the 7th ARRL
0010  * Computer Networking Conference papers. The diagrams have mistakes in them,
0011  * but are mostly correct. Before you modify the code could you read the SDL
0012  * diagrams as the code is not obvious and probably very easy to break.
0013  */
0014 #include <linux/errno.h>
0015 #include <linux/types.h>
0016 #include <linux/socket.h>
0017 #include <linux/in.h>
0018 #include <linux/kernel.h>
0019 #include <linux/timer.h>
0020 #include <linux/string.h>
0021 #include <linux/sockios.h>
0022 #include <linux/net.h>
0023 #include <net/ax25.h>
0024 #include <linux/inet.h>
0025 #include <linux/netdevice.h>
0026 #include <linux/skbuff.h>
0027 #include <net/sock.h>
0028 #include <net/tcp_states.h>
0029 #include <linux/uaccess.h>
0030 #include <linux/fcntl.h>
0031 #include <linux/mm.h>
0032 #include <linux/interrupt.h>
0033
0034 /*
0035  *  State machine for state 1, Awaiting Connection State.
0036  *  The handling of the timer(s) is in file ax25_std_timer.c.
0037  *  Handling of state 0 and connection release is in ax25.c.
0038  */
0039 static int ax25_std_state1_machine(ax25_cb *ax25, struct sk_buff *skb, int frametype, int pf, int type)
0040 {
0041     switch (frametype) {
0042     case AX25_SABM:
0043         ax25->modulus = AX25_MODULUS;
0044         ax25->window  = ax25->ax25_dev->values[AX25_VALUES_WINDOW];
0045         ax25_send_control(ax25, AX25_UA, pf, AX25_RESPONSE);
0046         break;
0047
0048     case AX25_SABME:
0049         ax25->modulus = AX25_EMODULUS;
0050         ax25->window  = ax25->ax25_dev->values[AX25_VALUES_EWINDOW];
0051         ax25_send_control(ax25, AX25_UA, pf, AX25_RESPONSE);
0052         break;
0053
0054     case AX25_DISC:
0055         ax25_send_control(ax25, AX25_DM, pf, AX25_RESPONSE);
0056         break;
0057
0058     case AX25_UA:
0059         if (pf) {
0060             ax25_calculate_rtt(ax25);
0061             ax25_stop_t1timer(ax25);
0062             ax25_start_t3timer(ax25);
0063             ax25_start_idletimer(ax25);
0064             ax25->vs      = 0;
0065             ax25->va      = 0;
0066             ax25->vr      = 0;
0067             ax25->state   = AX25_STATE_3;
0068             ax25->n2count = 0;
0069             if (ax25->sk != NULL) {
0070                 bh_lock_sock(ax25->sk);
0071                 ax25->sk->sk_state = TCP_ESTABLISHED;
0072                 /* For WAIT_SABM connections we will produce an accept ready socket here */
0073                 if (!sock_flag(ax25->sk, SOCK_DEAD))
0074                     ax25->sk->sk_state_change(ax25->sk);
0075                 bh_unlock_sock(ax25->sk);
0076             }
0077         }
0078         break;
0079
0080     case AX25_DM:
0081         if (pf) {
0082             if (ax25->modulus == AX25_MODULUS) {
0083                 ax25_disconnect(ax25, ECONNREFUSED);
0084             } else {
0085                 ax25->modulus = AX25_MODULUS;
0086                 ax25->window  = ax25->ax25_dev->values[AX25_VALUES_WINDOW];
0087             }
0088         }
0089         break;
0090
0091     default:
0092         break;
0093     }
0094
0095     return 0;
0096 }
0097
0098 /*
0099  *  State machine for state 2, Awaiting Release State.
0100  *  The handling of the timer(s) is in file ax25_std_timer.c
0101  *  Handling of state 0 and connection release is in ax25.c.
0102  */
0103 static int ax25_std_state2_machine(ax25_cb *ax25, struct sk_buff *skb, int frametype, int pf, int type)
0104 {
0105     switch (frametype) {
0106     case AX25_SABM:
0107     case AX25_SABME:
0108         ax25_send_control(ax25, AX25_DM, pf, AX25_RESPONSE);
0109         break;
0110
0111     case AX25_DISC:
0112         ax25_send_control(ax25, AX25_UA, pf, AX25_RESPONSE);
0113         ax25_disconnect(ax25, 0);
0114         break;
0115
0116     case AX25_DM:
0117     case AX25_UA:
0118         if (pf)
0119             ax25_disconnect(ax25, 0);
0120         break;
0121
0122     case AX25_I:
0123     case AX25_REJ:
0124     case AX25_RNR:
0125     case AX25_RR:
0126         if (pf) ax25_send_control(ax25, AX25_DM, AX25_POLLON, AX25_RESPONSE);
0127         break;
0128
0129     default:
0130         break;
0131     }
0132
0133     return 0;
0134 }
0135
0136 /*
0137  *  State machine for state 3, Connected State.
0138  *  The handling of the timer(s) is in file ax25_std_timer.c
0139  *  Handling of state 0 and connection release is in ax25.c.
0140  */
0141 static int ax25_std_state3_machine(ax25_cb *ax25, struct sk_buff *skb, int frametype, int ns, int nr, int pf, int type)
0142 {
0143     int queued = 0;
0144
0145     switch (frametype) {
0146     case AX25_SABM:
0147     case AX25_SABME:
0148         if (frametype == AX25_SABM) {
0149             ax25->modulus = AX25_MODULUS;
0150             ax25->window  = ax25->ax25_dev->values[AX25_VALUES_WINDOW];
0151         } else {
0152             ax25->modulus = AX25_EMODULUS;
0153             ax25->window  = ax25->ax25_dev->values[AX25_VALUES_EWINDOW];
0154         }
0155         ax25_send_control(ax25, AX25_UA, pf, AX25_RESPONSE);
0156         ax25_stop_t1timer(ax25);
0157         ax25_stop_t2timer(ax25);
0158         ax25_start_t3timer(ax25);
0159         ax25_start_idletimer(ax25);
0160         ax25->condition = 0x00;
0161         ax25->vs        = 0;
0162         ax25->va        = 0;
0163         ax25->vr        = 0;
0164         ax25_requeue_frames(ax25);
0165         break;
0166
0167     case AX25_DISC:
0168         ax25_send_control(ax25, AX25_UA, pf, AX25_RESPONSE);
0169         ax25_disconnect(ax25, 0);
0170         break;
0171
0172     case AX25_DM:
0173         ax25_disconnect(ax25, ECONNRESET);
0174         break;
0175
0176     case AX25_RR:
0177     case AX25_RNR:
0178         if (frametype == AX25_RR)
0179             ax25->condition &= ~AX25_COND_PEER_RX_BUSY;
0180         else
0181             ax25->condition |= AX25_COND_PEER_RX_BUSY;
0182         if (type == AX25_COMMAND && pf)
0183             ax25_std_enquiry_response(ax25);
0184         if (ax25_validate_nr(ax25, nr)) {
0185             ax25_check_iframes_acked(ax25, nr);
0186         } else {
0187             ax25_std_nr_error_recovery(ax25);
0188             ax25->state = AX25_STATE_1;
0189         }
0190         break;
0191
0192     case AX25_REJ:
0193         ax25->condition &= ~AX25_COND_PEER_RX_BUSY;
0194         if (type == AX25_COMMAND && pf)
0195             ax25_std_enquiry_response(ax25);
0196         if (ax25_validate_nr(ax25, nr)) {
0197             ax25_frames_acked(ax25, nr);
0198             ax25_calculate_rtt(ax25);
0199             ax25_stop_t1timer(ax25);
0200             ax25_start_t3timer(ax25);
0201             ax25_requeue_frames(ax25);
0202         } else {
0203             ax25_std_nr_error_recovery(ax25);
0204             ax25->state = AX25_STATE_1;
0205         }
0206         break;
0207
0208     case AX25_I:
0209         if (!ax25_validate_nr(ax25, nr)) {
0210             ax25_std_nr_error_recovery(ax25);
0211             ax25->state = AX25_STATE_1;
0212             break;
0213         }
0214         if (ax25->condition & AX25_COND_PEER_RX_BUSY) {
0215             ax25_frames_acked(ax25, nr);
0216         } else {
0217             ax25_check_iframes_acked(ax25, nr);
0218         }
0219         if (ax25->condition & AX25_COND_OWN_RX_BUSY) {
0220             if (pf) ax25_std_enquiry_response(ax25);
0221             break;
0222         }
0223         if (ns == ax25->vr) {
0224             ax25->vr = (ax25->vr + 1) % ax25->modulus;
0225             queued = ax25_rx_iframe(ax25, skb);
0226             if (ax25->condition & AX25_COND_OWN_RX_BUSY)
0227                 ax25->vr = ns;  /* ax25->vr - 1 */
0228             ax25->condition &= ~AX25_COND_REJECT;
0229             if (pf) {
0230                 ax25_std_enquiry_response(ax25);
0231             } else {
0232                 if (!(ax25->condition & AX25_COND_ACK_PENDING)) {
0233                     ax25->condition |= AX25_COND_ACK_PENDING;
0234                     ax25_start_t2timer(ax25);
0235                 }
0236             }
0237         } else {
0238             if (ax25->condition & AX25_COND_REJECT) {
0239                 if (pf) ax25_std_enquiry_response(ax25);
0240             } else {
0241                 ax25->condition |= AX25_COND_REJECT;
0242                 ax25_send_control(ax25, AX25_REJ, pf, AX25_RESPONSE);
0243                 ax25->condition &= ~AX25_COND_ACK_PENDING;
0244             }
0245         }
0246         break;
0247
0248     case AX25_FRMR:
0249     case AX25_ILLEGAL:
0250         ax25_std_establish_data_link(ax25);
0251         ax25->state = AX25_STATE_1;
0252         break;
0253
0254     default:
0255         break;
0256     }
0257
0258     return queued;
0259 }
0260
0261 /*
0262  *  State machine for state 4, Timer Recovery State.
0263  *  The handling of the timer(s) is in file ax25_std_timer.c
0264  *  Handling of state 0 and connection release is in ax25.c.
0265  */
0266 static int ax25_std_state4_machine(ax25_cb *ax25, struct sk_buff *skb, int frametype, int ns, int nr, int pf, int type)
0267 {
0268     int queued = 0;
0269
0270     switch (frametype) {
0271     case AX25_SABM:
0272     case AX25_SABME:
0273         if (frametype == AX25_SABM) {
0274             ax25->modulus = AX25_MODULUS;
0275             ax25->window  = ax25->ax25_dev->values[AX25_VALUES_WINDOW];
0276         } else {
0277             ax25->modulus = AX25_EMODULUS;
0278             ax25->window  = ax25->ax25_dev->values[AX25_VALUES_EWINDOW];
0279         }
0280         ax25_send_control(ax25, AX25_UA, pf, AX25_RESPONSE);
0281         ax25_stop_t1timer(ax25);
0282         ax25_stop_t2timer(ax25);
0283         ax25_start_t3timer(ax25);
0284         ax25_start_idletimer(ax25);
0285         ax25->condition = 0x00;
0286         ax25->vs        = 0;
0287         ax25->va        = 0;
0288         ax25->vr        = 0;
0289         ax25->state     = AX25_STATE_3;
0290         ax25->n2count   = 0;
0291         ax25_requeue_frames(ax25);
0292         break;
0293
0294     case AX25_DISC:
0295         ax25_send_control(ax25, AX25_UA, pf, AX25_RESPONSE);
0296         ax25_disconnect(ax25, 0);
0297         break;
0298
0299     case AX25_DM:
0300         ax25_disconnect(ax25, ECONNRESET);
0301         break;
0302
0303     case AX25_RR:
0304     case AX25_RNR:
0305         if (frametype == AX25_RR)
0306             ax25->condition &= ~AX25_COND_PEER_RX_BUSY;
0307         else
0308             ax25->condition |= AX25_COND_PEER_RX_BUSY;
0309         if (type == AX25_RESPONSE && pf) {
0310             ax25_stop_t1timer(ax25);
0311             ax25->n2count = 0;
0312             if (ax25_validate_nr(ax25, nr)) {
0313                 ax25_frames_acked(ax25, nr);
0314                 if (ax25->vs == ax25->va) {
0315                     ax25_start_t3timer(ax25);
0316                     ax25->state   = AX25_STATE_3;
0317                 } else {
0318                     ax25_requeue_frames(ax25);
0319                 }
0320             } else {
0321                 ax25_std_nr_error_recovery(ax25);
0322                 ax25->state = AX25_STATE_1;
0323             }
0324             break;
0325         }
0326         if (type == AX25_COMMAND && pf)
0327             ax25_std_enquiry_response(ax25);
0328         if (ax25_validate_nr(ax25, nr)) {
0329             ax25_frames_acked(ax25, nr);
0330         } else {
0331             ax25_std_nr_error_recovery(ax25);
0332             ax25->state = AX25_STATE_1;
0333         }
0334         break;
0335
0336     case AX25_REJ:
0337         ax25->condition &= ~AX25_COND_PEER_RX_BUSY;
0338         if (pf && type == AX25_RESPONSE) {
0339             ax25_stop_t1timer(ax25);
0340             ax25->n2count = 0;
0341             if (ax25_validate_nr(ax25, nr)) {
0342                 ax25_frames_acked(ax25, nr);
0343                 if (ax25->vs == ax25->va) {
0344                     ax25_start_t3timer(ax25);
0345                     ax25->state   = AX25_STATE_3;
0346                 } else {
0347                     ax25_requeue_frames(ax25);
0348                 }
0349             } else {
0350                 ax25_std_nr_error_recovery(ax25);
0351                 ax25->state = AX25_STATE_1;
0352             }
0353             break;
0354         }
0355         if (type == AX25_COMMAND && pf)
0356             ax25_std_enquiry_response(ax25);
0357         if (ax25_validate_nr(ax25, nr)) {
0358             ax25_frames_acked(ax25, nr);
0359             ax25_requeue_frames(ax25);
0360         } else {
0361             ax25_std_nr_error_recovery(ax25);
0362             ax25->state = AX25_STATE_1;
0363         }
0364         break;
0365
0366     case AX25_I:
0367         if (!ax25_validate_nr(ax25, nr)) {
0368             ax25_std_nr_error_recovery(ax25);
0369             ax25->state = AX25_STATE_1;
0370             break;
0371         }
0372         ax25_frames_acked(ax25, nr);
0373         if (ax25->condition & AX25_COND_OWN_RX_BUSY) {
0374             if (pf)
0375                 ax25_std_enquiry_response(ax25);
0376             break;
0377         }
0378         if (ns == ax25->vr) {
0379             ax25->vr = (ax25->vr + 1) % ax25->modulus;
0380             queued = ax25_rx_iframe(ax25, skb);
0381             if (ax25->condition & AX25_COND_OWN_RX_BUSY)
0382                 ax25->vr = ns;  /* ax25->vr - 1 */
0383             ax25->condition &= ~AX25_COND_REJECT;
0384             if (pf) {
0385                 ax25_std_enquiry_response(ax25);
0386             } else {
0387                 if (!(ax25->condition & AX25_COND_ACK_PENDING)) {
0388                     ax25->condition |= AX25_COND_ACK_PENDING;
0389                     ax25_start_t2timer(ax25);
0390                 }
0391             }
0392         } else {
0393             if (ax25->condition & AX25_COND_REJECT) {
0394                 if (pf) ax25_std_enquiry_response(ax25);
0395             } else {
0396                 ax25->condition |= AX25_COND_REJECT;
0397                 ax25_send_control(ax25, AX25_REJ, pf, AX25_RESPONSE);
0398                 ax25->condition &= ~AX25_COND_ACK_PENDING;
0399             }
0400         }
0401         break;
0402
0403     case AX25_FRMR:
0404     case AX25_ILLEGAL:
0405         ax25_std_establish_data_link(ax25);
0406         ax25->state = AX25_STATE_1;
0407         break;
0408
0409     default:
0410         break;
0411     }
0412
0413     return queued;
0414 }
0415
0416 /*
0417  *  Higher level upcall for a LAPB frame
0418  */
0419 int ax25_std_frame_in(ax25_cb *ax25, struct sk_buff *skb, int type)
0420 {
0421     int queued = 0, frametype, ns, nr, pf;
0422
0423     frametype = ax25_decode(ax25, skb, &ns, &nr, &pf);
0424
0425     switch (ax25->state) {
0426     case AX25_STATE_1:
0427         queued = ax25_std_state1_machine(ax25, skb, frametype, pf, type);
0428         break;
0429     case AX25_STATE_2:
0430         queued = ax25_std_state2_machine(ax25, skb, frametype, pf, type);
0431         break;
0432     case AX25_STATE_3:
0433         queued = ax25_std_state3_machine(ax25, skb, frametype, ns, nr, pf, type);
0434         break;
0435     case AX25_STATE_4:
0436         queued = ax25_std_state4_machine(ax25, skb, frametype, ns, nr, pf, type);
0437         break;
0438     }
0439
0440     ax25_kick(ax25);
0441
0442     return queued;
0443 }