net/decnet/dn_nsp_in.c

0001 // SPDX-License-Identifier: GPL-2.0-or-later
0002 /*
0003  * DECnet       An implementation of the DECnet protocol suite for the LINUX
0004  *              operating system.  DECnet is implemented using the  BSD Socket
0005  *              interface as the means of communication with the user level.
0006  *
0007  *              DECnet Network Services Protocol (Input)
0008  *
0009  * Author:      Eduardo Marcelo Serrat <emserrat@geocities.com>
0010  *
0011  * Changes:
0012  *
0013  *    Steve Whitehouse:  Split into dn_nsp_in.c and dn_nsp_out.c from
0014  *                       original dn_nsp.c.
0015  *    Steve Whitehouse:  Updated to work with my new routing architecture.
0016  *    Steve Whitehouse:  Add changes from Eduardo Serrat's patches.
0017  *    Steve Whitehouse:  Put all ack handling code in a common routine.
0018  *    Steve Whitehouse:  Put other common bits into dn_nsp_rx()
0019  *    Steve Whitehouse:  More checks on skb->len to catch bogus packets
0020  *                       Fixed various race conditions and possible nasties.
0021  *    Steve Whitehouse:  Now handles returned conninit frames.
0022  *     David S. Miller:  New socket locking
0023  *    Steve Whitehouse:  Fixed lockup when socket filtering was enabled.
0024  *         Paul Koning:  Fix to push CC sockets into RUN when acks are
0025  *                       received.
0026  *    Steve Whitehouse:
0027  *   Patrick Caulfield:  Checking conninits for correctness & sending of error
0028  *                       responses.
0029  *    Steve Whitehouse:  Added backlog congestion level return codes.
0030  *   Patrick Caulfield:
0031  *    Steve Whitehouse:  Added flow control support (outbound)
0032  *    Steve Whitehouse:  Prepare for nonlinear skbs
0033  */
0034
0035 /******************************************************************************
0036     (c) 1995-1998 E.M. Serrat       emserrat@geocities.com
0037
0038 *******************************************************************************/
0039
0040 #include <linux/errno.h>
0041 #include <linux/filter.h>
0042 #include <linux/types.h>
0043 #include <linux/socket.h>
0044 #include <linux/in.h>
0045 #include <linux/kernel.h>
0046 #include <linux/timer.h>
0047 #include <linux/string.h>
0048 #include <linux/sockios.h>
0049 #include <linux/net.h>
0050 #include <linux/netdevice.h>
0051 #include <linux/inet.h>
0052 #include <linux/route.h>
0053 #include <linux/slab.h>
0054 #include <net/sock.h>
0055 #include <net/tcp_states.h>
0056 #include <linux/fcntl.h>
0057 #include <linux/mm.h>
0058 #include <linux/termios.h>
0059 #include <linux/interrupt.h>
0060 #include <linux/proc_fs.h>
0061 #include <linux/stat.h>
0062 #include <linux/init.h>
0063 #include <linux/poll.h>
0064 #include <linux/netfilter_decnet.h>
0065 #include <net/neighbour.h>
0066 #include <net/dst.h>
0067 #include <net/dn.h>
0068 #include <net/dn_nsp.h>
0069 #include <net/dn_dev.h>
0070 #include <net/dn_route.h>
0071
0072 extern int decnet_log_martians;
0073
0074 static void dn_log_martian(struct sk_buff *skb, const char *msg)
0075 {
0076     if (decnet_log_martians) {
0077         char *devname = skb->dev ? skb->dev->name : "???";
0078         struct dn_skb_cb *cb = DN_SKB_CB(skb);
0079         net_info_ratelimited("DECnet: Martian packet (%s) dev=%s src=0x%04hx dst=0x%04hx srcport=0x%04hx dstport=0x%04hx\n",
0080                      msg, devname,
0081                      le16_to_cpu(cb->src),
0082                      le16_to_cpu(cb->dst),
0083                      le16_to_cpu(cb->src_port),
0084                      le16_to_cpu(cb->dst_port));
0085     }
0086 }
0087
0088 /*
0089  * For this function we've flipped the cross-subchannel bit
0090  * if the message is an otherdata or linkservice message. Thus
0091  * we can use it to work out what to update.
0092  */
0093 static void dn_ack(struct sock *sk, struct sk_buff *skb, unsigned short ack)
0094 {
0095     struct dn_scp *scp = DN_SK(sk);
0096     unsigned short type = ((ack >> 12) & 0x0003);
0097     int wakeup = 0;
0098
0099     switch (type) {
0100     case 0: /* ACK - Data */
0101         if (dn_after(ack, scp->ackrcv_dat)) {
0102             scp->ackrcv_dat = ack & 0x0fff;
0103             wakeup |= dn_nsp_check_xmit_queue(sk, skb,
0104                               &scp->data_xmit_queue,
0105                               ack);
0106         }
0107         break;
0108     case 1: /* NAK - Data */
0109         break;
0110     case 2: /* ACK - OtherData */
0111         if (dn_after(ack, scp->ackrcv_oth)) {
0112             scp->ackrcv_oth = ack & 0x0fff;
0113             wakeup |= dn_nsp_check_xmit_queue(sk, skb,
0114                               &scp->other_xmit_queue,
0115                               ack);
0116         }
0117         break;
0118     case 3: /* NAK - OtherData */
0119         break;
0120     }
0121
0122     if (wakeup && !sock_flag(sk, SOCK_DEAD))
0123         sk->sk_state_change(sk);
0124 }
0125
0126 /*
0127  * This function is a universal ack processor.
0128  */
0129 static int dn_process_ack(struct sock *sk, struct sk_buff *skb, int oth)
0130 {
0131     __le16 *ptr = (__le16 *)skb->data;
0132     int len = 0;
0133     unsigned short ack;
0134
0135     if (skb->len < 2)
0136         return len;
0137
0138     if ((ack = le16_to_cpu(*ptr)) & 0x8000) {
0139         skb_pull(skb, 2);
0140         ptr++;
0141         len += 2;
0142         if ((ack & 0x4000) == 0) {
0143             if (oth)
0144                 ack ^= 0x2000;
0145             dn_ack(sk, skb, ack);
0146         }
0147     }
0148
0149     if (skb->len < 2)
0150         return len;
0151
0152     if ((ack = le16_to_cpu(*ptr)) & 0x8000) {
0153         skb_pull(skb, 2);
0154         len += 2;
0155         if ((ack & 0x4000) == 0) {
0156             if (oth)
0157                 ack ^= 0x2000;
0158             dn_ack(sk, skb, ack);
0159         }
0160     }
0161
0162     return len;
0163 }
0164
0165
0166 /**
0167  * dn_check_idf - Check an image data field format is correct.
0168  * @pptr: Pointer to pointer to image data
0169  * @len: Pointer to length of image data
0170  * @max: The maximum allowed length of the data in the image data field
0171  * @follow_on: Check that this many bytes exist beyond the end of the image data
0172  *
0173  * Returns: 0 if ok, -1 on error
0174  */
0175 static inline int dn_check_idf(unsigned char **pptr, int *len, unsigned char max, unsigned char follow_on)
0176 {
0177     unsigned char *ptr = *pptr;
0178     unsigned char flen = *ptr++;
0179
0180     (*len)--;
0181     if (flen > max)
0182         return -1;
0183     if ((flen + follow_on) > *len)
0184         return -1;
0185
0186     *len -= flen;
0187     *pptr = ptr + flen;
0188     return 0;
0189 }
0190
0191 /*
0192  * Table of reason codes to pass back to node which sent us a badly
0193  * formed message, plus text messages for the log. A zero entry in
0194  * the reason field means "don't reply" otherwise a disc init is sent with
0195  * the specified reason code.
0196  */
0197 static struct {
0198     unsigned short reason;
0199     const char *text;
0200 } ci_err_table[] = {
0201  { 0,             "CI: Truncated message" },
0202  { NSP_REASON_ID, "CI: Destination username error" },
0203  { NSP_REASON_ID, "CI: Destination username type" },
0204  { NSP_REASON_US, "CI: Source username error" },
0205  { 0,             "CI: Truncated at menuver" },
0206  { 0,             "CI: Truncated before access or user data" },
0207  { NSP_REASON_IO, "CI: Access data format error" },
0208  { NSP_REASON_IO, "CI: User data format error" }
0209 };
0210
0211 /*
0212  * This function uses a slightly different lookup method
0213  * to find its sockets, since it searches on object name/number
0214  * rather than port numbers. Various tests are done to ensure that
0215  * the incoming data is in the correct format before it is queued to
0216  * a socket.
0217  */
0218 static struct sock *dn_find_listener(struct sk_buff *skb, unsigned short *reason)
0219 {
0220     struct dn_skb_cb *cb = DN_SKB_CB(skb);
0221     struct nsp_conn_init_msg *msg = (struct nsp_conn_init_msg *)skb->data;
0222     struct sockaddr_dn dstaddr;
0223     struct sockaddr_dn srcaddr;
0224     unsigned char type = 0;
0225     int dstlen;
0226     int srclen;
0227     unsigned char *ptr;
0228     int len;
0229     int err = 0;
0230     unsigned char menuver;
0231
0232     memset(&dstaddr, 0, sizeof(struct sockaddr_dn));
0233     memset(&srcaddr, 0, sizeof(struct sockaddr_dn));
0234
0235     /*
0236      * 1. Decode & remove message header
0237      */
0238     cb->src_port = msg->srcaddr;
0239     cb->dst_port = msg->dstaddr;
0240     cb->services = msg->services;
0241     cb->info     = msg->info;
0242     cb->segsize  = le16_to_cpu(msg->segsize);
0243
0244     if (!pskb_may_pull(skb, sizeof(*msg)))
0245         goto err_out;
0246
0247     skb_pull(skb, sizeof(*msg));
0248
0249     len = skb->len;
0250     ptr = skb->data;
0251
0252     /*
0253      * 2. Check destination end username format
0254      */
0255     dstlen = dn_username2sockaddr(ptr, len, &dstaddr, &type);
0256     err++;
0257     if (dstlen < 0)
0258         goto err_out;
0259
0260     err++;
0261     if (type > 1)
0262         goto err_out;
0263
0264     len -= dstlen;
0265     ptr += dstlen;
0266
0267     /*
0268      * 3. Check source end username format
0269      */
0270     srclen = dn_username2sockaddr(ptr, len, &srcaddr, &type);
0271     err++;
0272     if (srclen < 0)
0273         goto err_out;
0274
0275     len -= srclen;
0276     ptr += srclen;
0277     err++;
0278     if (len < 1)
0279         goto err_out;
0280
0281     menuver = *ptr;
0282     ptr++;
0283     len--;
0284
0285     /*
0286      * 4. Check that optional data actually exists if menuver says it does
0287      */
0288     err++;
0289     if ((menuver & (DN_MENUVER_ACC | DN_MENUVER_USR)) && (len < 1))
0290         goto err_out;
0291
0292     /*
0293      * 5. Check optional access data format
0294      */
0295     err++;
0296     if (menuver & DN_MENUVER_ACC) {
0297         if (dn_check_idf(&ptr, &len, 39, 1))
0298             goto err_out;
0299         if (dn_check_idf(&ptr, &len, 39, 1))
0300             goto err_out;
0301         if (dn_check_idf(&ptr, &len, 39, (menuver & DN_MENUVER_USR) ? 1 : 0))
0302             goto err_out;
0303     }
0304
0305     /*
0306      * 6. Check optional user data format
0307      */
0308     err++;
0309     if (menuver & DN_MENUVER_USR) {
0310         if (dn_check_idf(&ptr, &len, 16, 0))
0311             goto err_out;
0312     }
0313
0314     /*
0315      * 7. Look up socket based on destination end username
0316      */
0317     return dn_sklist_find_listener(&dstaddr);
0318 err_out:
0319     dn_log_martian(skb, ci_err_table[err].text);
0320     *reason = ci_err_table[err].reason;
0321     return NULL;
0322 }
0323
0324
0325 static void dn_nsp_conn_init(struct sock *sk, struct sk_buff *skb)
0326 {
0327     if (sk_acceptq_is_full(sk)) {
0328         kfree_skb(skb);
0329         return;
0330     }
0331
0332     sk_acceptq_added(sk);
0333     skb_queue_tail(&sk->sk_receive_queue, skb);
0334     sk->sk_state_change(sk);
0335 }
0336
0337 static void dn_nsp_conn_conf(struct sock *sk, struct sk_buff *skb)
0338 {
0339     struct dn_skb_cb *cb = DN_SKB_CB(skb);
0340     struct dn_scp *scp = DN_SK(sk);
0341     unsigned char *ptr;
0342
0343     if (skb->len < 4)
0344         goto out;
0345
0346     ptr = skb->data;
0347     cb->services = *ptr++;
0348     cb->info = *ptr++;
0349     cb->segsize = le16_to_cpu(*(__le16 *)ptr);
0350
0351     if ((scp->state == DN_CI) || (scp->state == DN_CD)) {
0352         scp->persist = 0;
0353         scp->addrrem = cb->src_port;
0354         sk->sk_state = TCP_ESTABLISHED;
0355         scp->state = DN_RUN;
0356         scp->services_rem = cb->services;
0357         scp->info_rem = cb->info;
0358         scp->segsize_rem = cb->segsize;
0359
0360         if ((scp->services_rem & NSP_FC_MASK) == NSP_FC_NONE)
0361             scp->max_window = decnet_no_fc_max_cwnd;
0362
0363         if (skb->len > 0) {
0364             u16 dlen = *skb->data;
0365             if ((dlen <= 16) && (dlen <= skb->len)) {
0366                 scp->conndata_in.opt_optl = cpu_to_le16(dlen);
0367                 skb_copy_from_linear_data_offset(skb, 1,
0368                           scp->conndata_in.opt_data, dlen);
0369             }
0370         }
0371         dn_nsp_send_link(sk, DN_NOCHANGE, 0);
0372         if (!sock_flag(sk, SOCK_DEAD))
0373             sk->sk_state_change(sk);
0374     }
0375
0376 out:
0377     kfree_skb(skb);
0378 }
0379
0380 static void dn_nsp_conn_ack(struct sock *sk, struct sk_buff *skb)
0381 {
0382     struct dn_scp *scp = DN_SK(sk);
0383
0384     if (scp->state == DN_CI) {
0385         scp->state = DN_CD;
0386         scp->persist = 0;
0387     }
0388
0389     kfree_skb(skb);
0390 }
0391
0392 static void dn_nsp_disc_init(struct sock *sk, struct sk_buff *skb)
0393 {
0394     struct dn_scp *scp = DN_SK(sk);
0395     struct dn_skb_cb *cb = DN_SKB_CB(skb);
0396     unsigned short reason;
0397
0398     if (skb->len < 2)
0399         goto out;
0400
0401     reason = le16_to_cpu(*(__le16 *)skb->data);
0402     skb_pull(skb, 2);
0403
0404     scp->discdata_in.opt_status = cpu_to_le16(reason);
0405     scp->discdata_in.opt_optl   = 0;
0406     memset(scp->discdata_in.opt_data, 0, 16);
0407
0408     if (skb->len > 0) {
0409         u16 dlen = *skb->data;
0410         if ((dlen <= 16) && (dlen <= skb->len)) {
0411             scp->discdata_in.opt_optl = cpu_to_le16(dlen);
0412             skb_copy_from_linear_data_offset(skb, 1, scp->discdata_in.opt_data, dlen);
0413         }
0414     }
0415
0416     scp->addrrem = cb->src_port;
0417     sk->sk_state = TCP_CLOSE;
0418
0419     switch (scp->state) {
0420     case DN_CI:
0421     case DN_CD:
0422         scp->state = DN_RJ;
0423         sk->sk_err = ECONNREFUSED;
0424         break;
0425     case DN_RUN:
0426         sk->sk_shutdown |= SHUTDOWN_MASK;
0427         scp->state = DN_DN;
0428         break;
0429     case DN_DI:
0430         scp->state = DN_DIC;
0431         break;
0432     }
0433
0434     if (!sock_flag(sk, SOCK_DEAD)) {
0435         if (sk->sk_socket->state != SS_UNCONNECTED)
0436             sk->sk_socket->state = SS_DISCONNECTING;
0437         sk->sk_state_change(sk);
0438     }
0439
0440     /*
0441      * It appears that its possible for remote machines to send disc
0442      * init messages with no port identifier if we are in the CI and
0443      * possibly also the CD state. Obviously we shouldn't reply with
0444      * a message if we don't know what the end point is.
0445      */
0446     if (scp->addrrem) {
0447         dn_nsp_send_disc(sk, NSP_DISCCONF, NSP_REASON_DC, GFP_ATOMIC);
0448     }
0449     scp->persist_fxn = dn_destroy_timer;
0450     scp->persist = dn_nsp_persist(sk);
0451
0452 out:
0453     kfree_skb(skb);
0454 }
0455
0456 /*
0457  * disc_conf messages are also called no_resources or no_link
0458  * messages depending upon the "reason" field.
0459  */
0460 static void dn_nsp_disc_conf(struct sock *sk, struct sk_buff *skb)
0461 {
0462     struct dn_scp *scp = DN_SK(sk);
0463     unsigned short reason;
0464
0465     if (skb->len != 2)
0466         goto out;
0467
0468     reason = le16_to_cpu(*(__le16 *)skb->data);
0469
0470     sk->sk_state = TCP_CLOSE;
0471
0472     switch (scp->state) {
0473     case DN_CI:
0474         scp->state = DN_NR;
0475         break;
0476     case DN_DR:
0477         if (reason == NSP_REASON_DC)
0478             scp->state = DN_DRC;
0479         if (reason == NSP_REASON_NL)
0480             scp->state = DN_CN;
0481         break;
0482     case DN_DI:
0483         scp->state = DN_DIC;
0484         break;
0485     case DN_RUN:
0486         sk->sk_shutdown |= SHUTDOWN_MASK;
0487         fallthrough;
0488     case DN_CC:
0489         scp->state = DN_CN;
0490     }
0491
0492     if (!sock_flag(sk, SOCK_DEAD)) {
0493         if (sk->sk_socket->state != SS_UNCONNECTED)
0494             sk->sk_socket->state = SS_DISCONNECTING;
0495         sk->sk_state_change(sk);
0496     }
0497
0498     scp->persist_fxn = dn_destroy_timer;
0499     scp->persist = dn_nsp_persist(sk);
0500
0501 out:
0502     kfree_skb(skb);
0503 }
0504
0505 static void dn_nsp_linkservice(struct sock *sk, struct sk_buff *skb)
0506 {
0507     struct dn_scp *scp = DN_SK(sk);
0508     unsigned short segnum;
0509     unsigned char lsflags;
0510     signed char fcval;
0511     int wake_up = 0;
0512     char *ptr = skb->data;
0513     unsigned char fctype = scp->services_rem & NSP_FC_MASK;
0514
0515     if (skb->len != 4)
0516         goto out;
0517
0518     segnum = le16_to_cpu(*(__le16 *)ptr);
0519     ptr += 2;
0520     lsflags = *(unsigned char *)ptr++;
0521     fcval = *ptr;
0522
0523     /*
0524      * Here we ignore erroneous packets which should really
0525      * should cause a connection abort. It is not critical
0526      * for now though.
0527      */
0528     if (lsflags & 0xf8)
0529         goto out;
0530
0531     if (seq_next(scp->numoth_rcv, segnum)) {
0532         seq_add(&scp->numoth_rcv, 1);
0533         switch(lsflags & 0x04) { /* FCVAL INT */
0534         case 0x00: /* Normal Request */
0535             switch(lsflags & 0x03) { /* FCVAL MOD */
0536             case 0x00: /* Request count */
0537                 if (fcval < 0) {
0538                     unsigned char p_fcval = -fcval;
0539                     if ((scp->flowrem_dat > p_fcval) &&
0540                         (fctype == NSP_FC_SCMC)) {
0541                         scp->flowrem_dat -= p_fcval;
0542                     }
0543                 } else if (fcval > 0) {
0544                     scp->flowrem_dat += fcval;
0545                     wake_up = 1;
0546                 }
0547                 break;
0548             case 0x01: /* Stop outgoing data */
0549                 scp->flowrem_sw = DN_DONTSEND;
0550                 break;
0551             case 0x02: /* Ok to start again */
0552                 scp->flowrem_sw = DN_SEND;
0553                 dn_nsp_output(sk);
0554                 wake_up = 1;
0555             }
0556             break;
0557         case 0x04: /* Interrupt Request */
0558             if (fcval > 0) {
0559                 scp->flowrem_oth += fcval;
0560                 wake_up = 1;
0561             }
0562             break;
0563         }
0564         if (wake_up && !sock_flag(sk, SOCK_DEAD))
0565             sk->sk_state_change(sk);
0566     }
0567
0568     dn_nsp_send_oth_ack(sk);
0569
0570 out:
0571     kfree_skb(skb);
0572 }
0573
0574 /*
0575  * Copy of sock_queue_rcv_skb (from sock.h) without
0576  * bh_lock_sock() (its already held when this is called) which
0577  * also allows data and other data to be queued to a socket.
0578  */
0579 static __inline__ int dn_queue_skb(struct sock *sk, struct sk_buff *skb, int sig, struct sk_buff_head *queue)
0580 {
0581     int err;
0582
0583     /* Cast skb->rcvbuf to unsigned... It's pointless, but reduces
0584        number of warnings when compiling with -W --ANK
0585      */
0586     if (atomic_read(&sk->sk_rmem_alloc) + skb->truesize >=
0587         (unsigned int)sk->sk_rcvbuf) {
0588         err = -ENOMEM;
0589         goto out;
0590     }
0591
0592     err = sk_filter(sk, skb);
0593     if (err)
0594         goto out;
0595
0596     skb_set_owner_r(skb, sk);
0597     skb_queue_tail(queue, skb);
0598
0599     if (!sock_flag(sk, SOCK_DEAD))
0600         sk->sk_data_ready(sk);
0601 out:
0602     return err;
0603 }
0604
0605 static void dn_nsp_otherdata(struct sock *sk, struct sk_buff *skb)
0606 {
0607     struct dn_scp *scp = DN_SK(sk);
0608     unsigned short segnum;
0609     struct dn_skb_cb *cb = DN_SKB_CB(skb);
0610     int queued = 0;
0611
0612     if (skb->len < 2)
0613         goto out;
0614
0615     cb->segnum = segnum = le16_to_cpu(*(__le16 *)skb->data);
0616     skb_pull(skb, 2);
0617
0618     if (seq_next(scp->numoth_rcv, segnum)) {
0619
0620         if (dn_queue_skb(sk, skb, SIGURG, &scp->other_receive_queue) == 0) {
0621             seq_add(&scp->numoth_rcv, 1);
0622             scp->other_report = 0;
0623             queued = 1;
0624         }
0625     }
0626
0627     dn_nsp_send_oth_ack(sk);
0628 out:
0629     if (!queued)
0630         kfree_skb(skb);
0631 }
0632
0633 static void dn_nsp_data(struct sock *sk, struct sk_buff *skb)
0634 {
0635     int queued = 0;
0636     unsigned short segnum;
0637     struct dn_skb_cb *cb = DN_SKB_CB(skb);
0638     struct dn_scp *scp = DN_SK(sk);
0639
0640     if (skb->len < 2)
0641         goto out;
0642
0643     cb->segnum = segnum = le16_to_cpu(*(__le16 *)skb->data);
0644     skb_pull(skb, 2);
0645
0646     if (seq_next(scp->numdat_rcv, segnum)) {
0647         if (dn_queue_skb(sk, skb, SIGIO, &sk->sk_receive_queue) == 0) {
0648             seq_add(&scp->numdat_rcv, 1);
0649             queued = 1;
0650         }
0651
0652         if ((scp->flowloc_sw == DN_SEND) && dn_congested(sk)) {
0653             scp->flowloc_sw = DN_DONTSEND;
0654             dn_nsp_send_link(sk, DN_DONTSEND, 0);
0655         }
0656     }
0657
0658     dn_nsp_send_data_ack(sk);
0659 out:
0660     if (!queued)
0661         kfree_skb(skb);
0662 }
0663
0664 /*
0665  * If one of our conninit messages is returned, this function
0666  * deals with it. It puts the socket into the NO_COMMUNICATION
0667  * state.
0668  */
0669 static void dn_returned_conn_init(struct sock *sk, struct sk_buff *skb)
0670 {
0671     struct dn_scp *scp = DN_SK(sk);
0672
0673     if (scp->state == DN_CI) {
0674         scp->state = DN_NC;
0675         sk->sk_state = TCP_CLOSE;
0676         if (!sock_flag(sk, SOCK_DEAD))
0677             sk->sk_state_change(sk);
0678     }
0679
0680     kfree_skb(skb);
0681 }
0682
0683 static int dn_nsp_no_socket(struct sk_buff *skb, unsigned short reason)
0684 {
0685     struct dn_skb_cb *cb = DN_SKB_CB(skb);
0686     int ret = NET_RX_DROP;
0687
0688     /* Must not reply to returned packets */
0689     if (cb->rt_flags & DN_RT_F_RTS)
0690         goto out;
0691
0692     if ((reason != NSP_REASON_OK) && ((cb->nsp_flags & 0x0c) == 0x08)) {
0693         switch (cb->nsp_flags & 0x70) {
0694         case 0x10:
0695         case 0x60: /* (Retransmitted) Connect Init */
0696             dn_nsp_return_disc(skb, NSP_DISCINIT, reason);
0697             ret = NET_RX_SUCCESS;
0698             break;
0699         case 0x20: /* Connect Confirm */
0700             dn_nsp_return_disc(skb, NSP_DISCCONF, reason);
0701             ret = NET_RX_SUCCESS;
0702             break;
0703         }
0704     }
0705
0706 out:
0707     kfree_skb(skb);
0708     return ret;
0709 }
0710
0711 static int dn_nsp_rx_packet(struct net *net, struct sock *sk2,
0712                 struct sk_buff *skb)
0713 {
0714     struct dn_skb_cb *cb = DN_SKB_CB(skb);
0715     struct sock *sk = NULL;
0716     unsigned char *ptr = (unsigned char *)skb->data;
0717     unsigned short reason = NSP_REASON_NL;
0718
0719     if (!pskb_may_pull(skb, 2))
0720         goto free_out;
0721
0722     skb_reset_transport_header(skb);
0723     cb->nsp_flags = *ptr++;
0724
0725     if (decnet_debug_level & 2)
0726         printk(KERN_DEBUG "dn_nsp_rx: Message type 0x%02x\n", (int)cb->nsp_flags);
0727
0728     if (cb->nsp_flags & 0x83)
0729         goto free_out;
0730
0731     /*
0732      * Filter out conninits and useless packet types
0733      */
0734     if ((cb->nsp_flags & 0x0c) == 0x08) {
0735         switch (cb->nsp_flags & 0x70) {
0736         case 0x00: /* NOP */
0737         case 0x70: /* Reserved */
0738         case 0x50: /* Reserved, Phase II node init */
0739             goto free_out;
0740         case 0x10:
0741         case 0x60:
0742             if (unlikely(cb->rt_flags & DN_RT_F_RTS))
0743                 goto free_out;
0744             sk = dn_find_listener(skb, &reason);
0745             goto got_it;
0746         }
0747     }
0748
0749     if (!pskb_may_pull(skb, 3))
0750         goto free_out;
0751
0752     /*
0753      * Grab the destination address.
0754      */
0755     cb->dst_port = *(__le16 *)ptr;
0756     cb->src_port = 0;
0757     ptr += 2;
0758
0759     /*
0760      * If not a connack, grab the source address too.
0761      */
0762     if (pskb_may_pull(skb, 5)) {
0763         cb->src_port = *(__le16 *)ptr;
0764         ptr += 2;
0765         skb_pull(skb, 5);
0766     }
0767
0768     /*
0769      * Returned packets...
0770      * Swap src & dst and look up in the normal way.
0771      */
0772     if (unlikely(cb->rt_flags & DN_RT_F_RTS)) {
0773         swap(cb->dst_port, cb->src_port);
0774         swap(cb->dst, cb->src);
0775     }
0776
0777     /*
0778      * Find the socket to which this skb is destined.
0779      */
0780     sk = dn_find_by_skb(skb);
0781 got_it:
0782     if (sk != NULL) {
0783         struct dn_scp *scp = DN_SK(sk);
0784
0785         /* Reset backoff */
0786         scp->nsp_rxtshift = 0;
0787
0788         /*
0789          * We linearize everything except data segments here.
0790          */
0791         if (cb->nsp_flags & ~0x60) {
0792             if (unlikely(skb_linearize(skb)))
0793                 goto free_out;
0794         }
0795
0796         return sk_receive_skb(sk, skb, 0);
0797     }
0798
0799     return dn_nsp_no_socket(skb, reason);
0800
0801 free_out:
0802     kfree_skb(skb);
0803     return NET_RX_DROP;
0804 }
0805
0806 int dn_nsp_rx(struct sk_buff *skb)
0807 {
0808     return NF_HOOK(NFPROTO_DECNET, NF_DN_LOCAL_IN,
0809                &init_net, NULL, skb, skb->dev, NULL,
0810                dn_nsp_rx_packet);
0811 }
0812
0813 /*
0814  * This is the main receive routine for sockets. It is called
0815  * from the above when the socket is not busy, and also from
0816  * sock_release() when there is a backlog queued up.
0817  */
0818 int dn_nsp_backlog_rcv(struct sock *sk, struct sk_buff *skb)
0819 {
0820     struct dn_scp *scp = DN_SK(sk);
0821     struct dn_skb_cb *cb = DN_SKB_CB(skb);
0822
0823     if (cb->rt_flags & DN_RT_F_RTS) {
0824         if (cb->nsp_flags == 0x18 || cb->nsp_flags == 0x68)
0825             dn_returned_conn_init(sk, skb);
0826         else
0827             kfree_skb(skb);
0828         return NET_RX_SUCCESS;
0829     }
0830
0831     /*
0832      * Control packet.
0833      */
0834     if ((cb->nsp_flags & 0x0c) == 0x08) {
0835         switch (cb->nsp_flags & 0x70) {
0836         case 0x10:
0837         case 0x60:
0838             dn_nsp_conn_init(sk, skb);
0839             break;
0840         case 0x20:
0841             dn_nsp_conn_conf(sk, skb);
0842             break;
0843         case 0x30:
0844             dn_nsp_disc_init(sk, skb);
0845             break;
0846         case 0x40:
0847             dn_nsp_disc_conf(sk, skb);
0848             break;
0849         }
0850
0851     } else if (cb->nsp_flags == 0x24) {
0852         /*
0853          * Special for connacks, 'cos they don't have
0854          * ack data or ack otherdata info.
0855          */
0856         dn_nsp_conn_ack(sk, skb);
0857     } else {
0858         int other = 1;
0859
0860         /* both data and ack frames can kick a CC socket into RUN */
0861         if ((scp->state == DN_CC) && !sock_flag(sk, SOCK_DEAD)) {
0862             scp->state = DN_RUN;
0863             sk->sk_state = TCP_ESTABLISHED;
0864             sk->sk_state_change(sk);
0865         }
0866
0867         if ((cb->nsp_flags & 0x1c) == 0)
0868             other = 0;
0869         if (cb->nsp_flags == 0x04)
0870             other = 0;
0871
0872         /*
0873          * Read out ack data here, this applies equally
0874          * to data, other data, link service and both
0875          * ack data and ack otherdata.
0876          */
0877         dn_process_ack(sk, skb, other);
0878
0879         /*
0880          * If we've some sort of data here then call a
0881          * suitable routine for dealing with it, otherwise
0882          * the packet is an ack and can be discarded.
0883          */
0884         if ((cb->nsp_flags & 0x0c) == 0) {
0885
0886             if (scp->state != DN_RUN)
0887                 goto free_out;
0888
0889             switch (cb->nsp_flags) {
0890             case 0x10: /* LS */
0891                 dn_nsp_linkservice(sk, skb);
0892                 break;
0893             case 0x30: /* OD */
0894                 dn_nsp_otherdata(sk, skb);
0895                 break;
0896             default:
0897                 dn_nsp_data(sk, skb);
0898             }
0899
0900         } else { /* Ack, chuck it out here */
0901 free_out:
0902             kfree_skb(skb);
0903         }
0904     }
0905
0906     return NET_RX_SUCCESS;
0907 }