xref: /freebsd/sys/netgraph/ng_lmi.c (revision 95ee2897e98f5d444f26ed2334cc7c439f9c16c6)
1 /*
2  * ng_lmi.c
3  */
4 
5 /*-
6  * Copyright (c) 1996-1999 Whistle Communications, Inc.
7  * All rights reserved.
8  *
9  * Subject to the following obligations and disclaimer of warranty, use and
10  * redistribution of this software, in source or object code forms, with or
11  * without modifications are expressly permitted by Whistle Communications;
12  * provided, however, that:
13  * 1. Any and all reproductions of the source or object code must include the
14  *    copyright notice above and the following disclaimer of warranties; and
15  * 2. No rights are granted, in any manner or form, to use Whistle
16  *    Communications, Inc. trademarks, including the mark "WHISTLE
17  *    COMMUNICATIONS" on advertising, endorsements, or otherwise except as
18  *    such appears in the above copyright notice or in the software.
19  *
20  * THIS SOFTWARE IS BEING PROVIDED BY WHISTLE COMMUNICATIONS "AS IS", AND
21  * TO THE MAXIMUM EXTENT PERMITTED BY LAW, WHISTLE COMMUNICATIONS MAKES NO
22  * REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, REGARDING THIS SOFTWARE,
23  * INCLUDING WITHOUT LIMITATION, ANY AND ALL IMPLIED WARRANTIES OF
24  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT.
25  * WHISTLE COMMUNICATIONS DOES NOT WARRANT, GUARANTEE, OR MAKE ANY
26  * REPRESENTATIONS REGARDING THE USE OF, OR THE RESULTS OF THE USE OF THIS
27  * SOFTWARE IN TERMS OF ITS CORRECTNESS, ACCURACY, RELIABILITY OR OTHERWISE.
28  * IN NO EVENT SHALL WHISTLE COMMUNICATIONS BE LIABLE FOR ANY DAMAGES
29  * RESULTING FROM OR ARISING OUT OF ANY USE OF THIS SOFTWARE, INCLUDING
30  * WITHOUT LIMITATION, ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
31  * PUNITIVE, OR CONSEQUENTIAL DAMAGES, PROCUREMENT OF SUBSTITUTE GOODS OR
32  * SERVICES, LOSS OF USE, DATA OR PROFITS, HOWEVER CAUSED AND UNDER ANY
33  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
34  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35  * THIS SOFTWARE, EVEN IF WHISTLE COMMUNICATIONS IS ADVISED OF THE POSSIBILITY
36  * OF SUCH DAMAGE.
37  *
38  * Author: Julian Elischer <julian@freebsd.org>
39  * $Whistle: ng_lmi.c,v 1.38 1999/11/01 09:24:52 julian Exp $
40  */
41 
42 /*
43  * This node performs the frame relay LMI protocol. It knows how
44  * to do ITU Annex A, ANSI Annex D, and "Group-of-Four" variants
45  * of the protocol.
46  *
47  * A specific protocol can be forced by connecting the corresponding
48  * hook to DLCI 0 or 1023 (as appropriate) of a frame relay link.
49  *
50  * Alternately, this node can do auto-detection of the LMI protocol
51  * by connecting hook "auto0" to DLCI 0 and "auto1023" to DLCI 1023.
52  */
53 
54 #include <sys/param.h>
55 #include <sys/systm.h>
56 #include <sys/errno.h>
57 #include <sys/kernel.h>
58 #include <sys/malloc.h>
59 #include <sys/mbuf.h>
60 #include <sys/syslog.h>
61 #include <netgraph/ng_message.h>
62 #include <netgraph/netgraph.h>
63 #include <netgraph/ng_lmi.h>
64 
65 /*
66  * Human readable names for LMI
67  */
68 #define NAME_ANNEXA	NG_LMI_HOOK_ANNEXA
69 #define NAME_ANNEXD	NG_LMI_HOOK_ANNEXD
70 #define NAME_GROUP4	NG_LMI_HOOK_GROUPOF4
71 #define NAME_NONE	"None"
72 
73 #define MAX_DLCIS	128
74 #define MAXDLCI		1023
75 
76 /*
77  * DLCI states
78  */
79 #define DLCI_NULL	0
80 #define DLCI_UP		1
81 #define DLCI_DOWN	2
82 
83 /*
84  * Any received LMI frame should be at least this long
85  */
86 #define LMI_MIN_LENGTH	8	/* XXX verify */
87 
88 /*
89  * Netgraph node methods and type descriptor
90  */
91 static ng_constructor_t	nglmi_constructor;
92 static ng_rcvmsg_t	nglmi_rcvmsg;
93 static ng_shutdown_t	nglmi_shutdown;
94 static ng_newhook_t	nglmi_newhook;
95 static ng_rcvdata_t	nglmi_rcvdata;
96 static ng_disconnect_t	nglmi_disconnect;
97 static int	nglmi_checkdata(hook_p hook, struct mbuf *m);
98 
99 static struct ng_type typestruct = {
100 	.version =	NG_ABI_VERSION,
101 	.name =		NG_LMI_NODE_TYPE,
102 	.constructor =	nglmi_constructor,
103 	.rcvmsg	=	nglmi_rcvmsg,
104 	.shutdown =	nglmi_shutdown,
105 	.newhook =	nglmi_newhook,
106 	.rcvdata =	nglmi_rcvdata,
107 	.disconnect =	nglmi_disconnect,
108 };
109 NETGRAPH_INIT(lmi, &typestruct);
110 
111 /*
112  * Info and status per node
113  */
114 struct nglmi_softc {
115 	node_p  node;		/* netgraph node */
116 	int     flags;		/* state */
117 	int     poll_count;	/* the count of times for autolmi */
118 	int     poll_state;	/* state of auto detect machine */
119 	u_char  remote_seq;	/* sequence number the remote sent */
120 	u_char  local_seq;	/* last sequence number we sent */
121 	u_char  protoID;	/* 9 for group of 4, 8 otherwise */
122 	u_long  seq_retries;	/* sent this how many time so far */
123 	struct	callout	handle;	/* see timeout(9) */
124 	int     liv_per_full;
125 	int     liv_rate;
126 	int     livs;
127 	int     need_full;
128 	hook_p  lmi_channel;	/* whatever we ended up using */
129 	hook_p  lmi_annexA;
130 	hook_p  lmi_annexD;
131 	hook_p  lmi_group4;
132 	hook_p  lmi_channel0;	/* auto-detect on DLCI 0 */
133 	hook_p  lmi_channel1023;/* auto-detect on DLCI 1023 */
134 	char   *protoname;	/* cache protocol name */
135 	u_char  dlci_state[MAXDLCI + 1];
136 	int     invalidx;	/* next dlci's to invalidate */
137 };
138 typedef struct nglmi_softc *sc_p;
139 
140 /*
141  * Other internal functions
142  */
143 static void	LMI_ticker(node_p node, hook_p hook, void *arg1, int arg2);
144 static void	nglmi_startup_fixed(sc_p sc, hook_p hook);
145 static void	nglmi_startup_auto(sc_p sc);
146 static void	nglmi_startup(sc_p sc);
147 static void	nglmi_inquire(sc_p sc, int full);
148 static void	ngauto_state_machine(sc_p sc);
149 
150 /*
151  * Values for 'flags' field
152  * NB: the SCF_CONNECTED flag is set if and only if the timer is running.
153  */
154 #define	SCF_CONNECTED	0x01	/* connected to something */
155 #define	SCF_AUTO	0x02	/* we are auto-detecting */
156 #define	SCF_FIXED	0x04	/* we are fixed from the start */
157 
158 #define	SCF_LMITYPE	0x18	/* mask for determining Annex mode */
159 #define	SCF_NOLMI	0x00	/* no LMI type selected yet */
160 #define	SCF_ANNEX_A	0x08	/* running annex A mode */
161 #define	SCF_ANNEX_D	0x10	/* running annex D mode */
162 #define	SCF_GROUP4	0x18	/* running group of 4 */
163 
164 #define SETLMITYPE(sc, annex)						\
165 do {									\
166 	(sc)->flags &= ~SCF_LMITYPE;					\
167 	(sc)->flags |= (annex);						\
168 } while (0)
169 
170 #define NOPROTO(sc) (((sc)->flags & SCF_LMITYPE) == SCF_NOLMI)
171 #define ANNEXA(sc) (((sc)->flags & SCF_LMITYPE) == SCF_ANNEX_A)
172 #define ANNEXD(sc) (((sc)->flags & SCF_LMITYPE) == SCF_ANNEX_D)
173 #define GROUP4(sc) (((sc)->flags & SCF_LMITYPE) == SCF_GROUP4)
174 
175 #define LMIPOLLSIZE	3
176 #define LMI_PATIENCE	8	/* declare all DLCI DOWN after N LMI failures */
177 
178 /*
179  * Node constructor
180  */
181 static int
nglmi_constructor(node_p node)182 nglmi_constructor(node_p node)
183 {
184 	sc_p sc;
185 
186 	sc = malloc(sizeof(*sc), M_NETGRAPH, M_WAITOK | M_ZERO);
187 
188 	NG_NODE_SET_PRIVATE(node, sc);
189 	sc->node = node;
190 
191 	ng_callout_init(&sc->handle);
192 	sc->protoname = NAME_NONE;
193 	sc->liv_per_full = NG_LMI_SEQ_PER_FULL;	/* make this dynamic */
194 	sc->liv_rate = NG_LMI_KEEPALIVE_RATE;
195 	return (0);
196 }
197 
198 /*
199  * The LMI channel has a private pointer which is the same as the
200  * node private pointer. The debug channel has a NULL private pointer.
201  */
202 static int
nglmi_newhook(node_p node,hook_p hook,const char * name)203 nglmi_newhook(node_p node, hook_p hook, const char *name)
204 {
205 	sc_p sc = NG_NODE_PRIVATE(node);
206 
207 	if (strcmp(name, NG_LMI_HOOK_DEBUG) == 0) {
208 		NG_HOOK_SET_PRIVATE(hook, NULL);
209 		return (0);
210 	}
211 	if (sc->flags & SCF_CONNECTED) {
212 		/* already connected, return an error */
213 		return (EINVAL);
214 	}
215 	if (strcmp(name, NG_LMI_HOOK_ANNEXA) == 0) {
216 		sc->lmi_annexA = hook;
217 		NG_HOOK_SET_PRIVATE(hook, NG_NODE_PRIVATE(node));
218 		sc->protoID = 8;
219 		SETLMITYPE(sc, SCF_ANNEX_A);
220 		sc->protoname = NAME_ANNEXA;
221 		nglmi_startup_fixed(sc, hook);
222 	} else if (strcmp(name, NG_LMI_HOOK_ANNEXD) == 0) {
223 		sc->lmi_annexD = hook;
224 		NG_HOOK_SET_PRIVATE(hook, NG_NODE_PRIVATE(node));
225 		sc->protoID = 8;
226 		SETLMITYPE(sc, SCF_ANNEX_D);
227 		sc->protoname = NAME_ANNEXD;
228 		nglmi_startup_fixed(sc, hook);
229 	} else if (strcmp(name, NG_LMI_HOOK_GROUPOF4) == 0) {
230 		sc->lmi_group4 = hook;
231 		NG_HOOK_SET_PRIVATE(hook, NG_NODE_PRIVATE(node));
232 		sc->protoID = 9;
233 		SETLMITYPE(sc, SCF_GROUP4);
234 		sc->protoname = NAME_GROUP4;
235 		nglmi_startup_fixed(sc, hook);
236 	} else if (strcmp(name, NG_LMI_HOOK_AUTO0) == 0) {
237 		/* Note this, and if B is already installed, we're complete */
238 		sc->lmi_channel0 = hook;
239 		sc->protoname = NAME_NONE;
240 		NG_HOOK_SET_PRIVATE(hook, NG_NODE_PRIVATE(node));
241 		if (sc->lmi_channel1023)
242 			nglmi_startup_auto(sc);
243 	} else if (strcmp(name, NG_LMI_HOOK_AUTO1023) == 0) {
244 		/* Note this, and if A is already installed, we're complete */
245 		sc->lmi_channel1023 = hook;
246 		sc->protoname = NAME_NONE;
247 		NG_HOOK_SET_PRIVATE(hook, NG_NODE_PRIVATE(node));
248 		if (sc->lmi_channel0)
249 			nglmi_startup_auto(sc);
250 	} else
251 		return (EINVAL);		/* unknown hook */
252 	return (0);
253 }
254 
255 /*
256  * We have just attached to a live (we hope) node.
257  * Fire out a LMI inquiry, and then start up the timers.
258  */
259 static void
LMI_ticker(node_p node,hook_p hook,void * arg1,int arg2)260 LMI_ticker(node_p node, hook_p hook, void *arg1, int arg2)
261 {
262 	sc_p sc = NG_NODE_PRIVATE(node);
263 
264 	if (sc->flags & SCF_AUTO) {
265 		ngauto_state_machine(sc);
266 		ng_callout(&sc->handle, node, NULL, NG_LMI_POLL_RATE * hz,
267 		    LMI_ticker, NULL, 0);
268 	} else {
269 		if (sc->livs++ >= sc->liv_per_full) {
270 			nglmi_inquire(sc, 1);
271 			/* sc->livs = 0; *//* do this when we get the answer! */
272 		} else {
273 			nglmi_inquire(sc, 0);
274 		}
275 		ng_callout(&sc->handle, node, NULL, sc->liv_rate * hz,
276 		    LMI_ticker, NULL, 0);
277 	}
278 }
279 
280 static void
nglmi_startup_fixed(sc_p sc,hook_p hook)281 nglmi_startup_fixed(sc_p sc, hook_p hook)
282 {
283 	sc->flags |= (SCF_FIXED | SCF_CONNECTED);
284 	sc->lmi_channel = hook;
285 	nglmi_startup(sc);
286 }
287 
288 static void
nglmi_startup_auto(sc_p sc)289 nglmi_startup_auto(sc_p sc)
290 {
291 	sc->flags |= (SCF_AUTO | SCF_CONNECTED);
292 	sc->poll_state = 0;	/* reset state machine */
293 	sc->poll_count = 0;
294 	nglmi_startup(sc);
295 }
296 
297 static void
nglmi_startup(sc_p sc)298 nglmi_startup(sc_p sc)
299 {
300 	sc->remote_seq = 0;
301 	sc->local_seq = 1;
302 	sc->seq_retries = 0;
303 	sc->livs = sc->liv_per_full - 1;
304 	/* start off the ticker in 1 sec */
305 	ng_callout(&sc->handle, sc->node, NULL, hz, LMI_ticker, NULL, 0);
306 }
307 
308 static void
nglmi_inquire(sc_p sc,int full)309 nglmi_inquire(sc_p sc, int full)
310 {
311 	struct mbuf *m;
312 	struct ng_tag_prio *ptag;
313 	char   *cptr, *start;
314 	int     error;
315 
316 	if (sc->lmi_channel == NULL)
317 		return;
318 	MGETHDR(m, M_NOWAIT, MT_DATA);
319 	if (m == NULL) {
320 		log(LOG_ERR, "nglmi: unable to start up LMI processing\n");
321 		return;
322 	}
323 	m->m_pkthdr.rcvif = NULL;
324 
325 	/* Attach a tag to packet, marking it of link level state priority, so
326 	 * that device driver would put it in the beginning of queue */
327 
328 	ptag = (struct ng_tag_prio *)m_tag_alloc(NGM_GENERIC_COOKIE, NG_TAG_PRIO,
329 	    (sizeof(struct ng_tag_prio) - sizeof(struct m_tag)), M_NOWAIT);
330 	if (ptag != NULL) {	/* if it failed, well, it was optional anyhow */
331 		ptag->priority = NG_PRIO_LINKSTATE;
332 		ptag->discardability = -1;
333 		m_tag_prepend(m, &ptag->tag);
334 	}
335 
336 	m->m_data += 4;		/* leave some room for a header */
337 	cptr = start = mtod(m, char *);
338 	/* add in the header for an LMI inquiry. */
339 	*cptr++ = 0x03;		/* UI frame */
340 	if (GROUP4(sc))
341 		*cptr++ = 0x09;	/* proto discriminator */
342 	else
343 		*cptr++ = 0x08;	/* proto discriminator */
344 	*cptr++ = 0x00;		/* call reference */
345 	*cptr++ = 0x75;		/* inquiry */
346 
347 	/* If we are Annex-D, add locking shift to codeset 5. */
348 	if (ANNEXD(sc))
349 		*cptr++ = 0x95;	/* locking shift */
350 	/* Add a request type */
351 	if (ANNEXA(sc))
352 		*cptr++ = 0x51;	/* report type */
353 	else
354 		*cptr++ = 0x01;	/* report type */
355 	*cptr++ = 0x01;		/* size = 1 */
356 	if (full)
357 		*cptr++ = 0x00;	/* full */
358 	else
359 		*cptr++ = 0x01;	/* partial */
360 
361 	/* Add a link verification IE */
362 	if (ANNEXA(sc))
363 		*cptr++ = 0x53;	/* verification IE */
364 	else
365 		*cptr++ = 0x03;	/* verification IE */
366 	*cptr++ = 0x02;		/* 2 extra bytes */
367 	*cptr++ = sc->local_seq;
368 	*cptr++ = sc->remote_seq;
369 	sc->seq_retries++;
370 
371 	/* Send it */
372 	m->m_len = m->m_pkthdr.len = cptr - start;
373 	NG_SEND_DATA_ONLY(error, sc->lmi_channel, m);
374 
375 	/* If we've been sending requests for long enough, and there has
376 	 * been no response, then mark as DOWN, any DLCIs that are UP. */
377 	if (sc->seq_retries == LMI_PATIENCE) {
378 		int     count;
379 
380 		for (count = 0; count < MAXDLCI; count++)
381 			if (sc->dlci_state[count] == DLCI_UP)
382 				sc->dlci_state[count] = DLCI_DOWN;
383 	}
384 }
385 
386 /*
387  * State machine for LMI auto-detect. The transitions are ordered
388  * to try the more likely possibilities first.
389  */
390 static void
ngauto_state_machine(sc_p sc)391 ngauto_state_machine(sc_p sc)
392 {
393 	if ((sc->poll_count <= 0) || (sc->poll_count > LMIPOLLSIZE)) {
394 		/* time to change states in the auto probe machine */
395 		/* capture wild values of poll_count while we are at it */
396 		sc->poll_count = LMIPOLLSIZE;
397 		sc->poll_state++;
398 	}
399 	switch (sc->poll_state) {
400 	case 7:
401 		log(LOG_WARNING, "nglmi: no response from exchange\n");
402 	default:		/* capture bad states */
403 		sc->poll_state = 1;
404 	case 1:
405 		sc->lmi_channel = sc->lmi_channel0;
406 		SETLMITYPE(sc, SCF_ANNEX_D);
407 		break;
408 	case 2:
409 		sc->lmi_channel = sc->lmi_channel1023;
410 		SETLMITYPE(sc, SCF_ANNEX_D);
411 		break;
412 	case 3:
413 		sc->lmi_channel = sc->lmi_channel0;
414 		SETLMITYPE(sc, SCF_ANNEX_A);
415 		break;
416 	case 4:
417 		sc->lmi_channel = sc->lmi_channel1023;
418 		SETLMITYPE(sc, SCF_GROUP4);
419 		break;
420 	case 5:
421 		sc->lmi_channel = sc->lmi_channel1023;
422 		SETLMITYPE(sc, SCF_ANNEX_A);
423 		break;
424 	case 6:
425 		sc->lmi_channel = sc->lmi_channel0;
426 		SETLMITYPE(sc, SCF_GROUP4);
427 		break;
428 	}
429 
430 	/* send an inquirey encoded appropriately */
431 	nglmi_inquire(sc, 0);
432 	sc->poll_count--;
433 }
434 
435 /*
436  * Receive a netgraph control message.
437  */
438 static int
nglmi_rcvmsg(node_p node,item_p item,hook_p lasthook)439 nglmi_rcvmsg(node_p node, item_p item, hook_p lasthook)
440 {
441 	sc_p    sc = NG_NODE_PRIVATE(node);
442 	struct ng_mesg *resp = NULL;
443 	int     error = 0;
444 	struct ng_mesg *msg;
445 
446 	NGI_GET_MSG(item, msg);
447 	switch (msg->header.typecookie) {
448 	case NGM_GENERIC_COOKIE:
449 		switch (msg->header.cmd) {
450 		case NGM_TEXT_STATUS:
451 		    {
452 			char   *arg;
453 			int     pos, count;
454 
455 			NG_MKRESPONSE(resp, msg, NG_TEXTRESPONSE, M_NOWAIT);
456 			if (resp == NULL) {
457 				error = ENOMEM;
458 				break;
459 			}
460 			arg = resp->data;
461 			pos = sprintf(arg, "protocol %s ", sc->protoname);
462 			if (sc->flags & SCF_FIXED)
463 				pos += sprintf(arg + pos, "fixed\n");
464 			else if (sc->flags & SCF_AUTO)
465 				pos += sprintf(arg + pos, "auto-detecting\n");
466 			else
467 				pos += sprintf(arg + pos, "auto on dlci %d\n",
468 				    (sc->lmi_channel == sc->lmi_channel0) ?
469 				    0 : 1023);
470 			pos += sprintf(arg + pos,
471 			    "keepalive period: %d seconds\n", sc->liv_rate);
472 			pos += sprintf(arg + pos,
473 			    "unacknowledged keepalives: %ld\n",
474 			    sc->seq_retries);
475 			for (count = 0;
476 			     ((count <= MAXDLCI)
477 			      && (pos < (NG_TEXTRESPONSE - 20)));
478 			     count++) {
479 				if (sc->dlci_state[count]) {
480 					pos += sprintf(arg + pos,
481 					       "dlci %d %s\n", count,
482 					       (sc->dlci_state[count]
483 					== DLCI_UP) ? "up" : "down");
484 				}
485 			}
486 			resp->header.arglen = pos + 1;
487 			break;
488 		    }
489 		default:
490 			error = EINVAL;
491 			break;
492 		}
493 		break;
494 	case NGM_LMI_COOKIE:
495 		switch (msg->header.cmd) {
496 		case NGM_LMI_GET_STATUS:
497 		    {
498 			struct nglmistat *stat;
499 			int k;
500 
501 			NG_MKRESPONSE(resp, msg, sizeof(*stat), M_NOWAIT);
502 			if (!resp) {
503 				error = ENOMEM;
504 				break;
505 			}
506 			stat = (struct nglmistat *) resp->data;
507 			strncpy(stat->proto,
508 			     sc->protoname, sizeof(stat->proto) - 1);
509 			strncpy(stat->hook,
510 			      sc->protoname, sizeof(stat->hook) - 1);
511 			stat->autod = !!(sc->flags & SCF_AUTO);
512 			stat->fixed = !!(sc->flags & SCF_FIXED);
513 			for (k = 0; k <= MAXDLCI; k++) {
514 				switch (sc->dlci_state[k]) {
515 				case DLCI_UP:
516 					stat->up[k / 8] |= (1 << (k % 8));
517 					/* fall through */
518 				case DLCI_DOWN:
519 					stat->seen[k / 8] |= (1 << (k % 8));
520 					break;
521 				}
522 			}
523 			break;
524 		    }
525 		default:
526 			error = EINVAL;
527 			break;
528 		}
529 		break;
530 	default:
531 		error = EINVAL;
532 		break;
533 	}
534 
535 	NG_RESPOND_MSG(error, node, item, resp);
536 	NG_FREE_MSG(msg);
537 	return (error);
538 }
539 
540 #define STEPBY(stepsize)			\
541 	do {					\
542 		packetlen -= (stepsize);	\
543 		data += (stepsize);		\
544 	} while (0)
545 
546 /*
547  * receive data, and use it to update our status.
548  * Anything coming in on the debug port is discarded.
549  */
550 static int
nglmi_rcvdata(hook_p hook,item_p item)551 nglmi_rcvdata(hook_p hook, item_p item)
552 {
553 	sc_p    sc = NG_NODE_PRIVATE(NG_HOOK_NODE(hook));
554 	const	u_char *data;
555 	unsigned short dlci;
556 	u_short packetlen;
557 	int     resptype_seen = 0;
558 	struct mbuf *m;
559 
560 	NGI_GET_M(item, m);
561 	NG_FREE_ITEM(item);
562 	if (NG_HOOK_PRIVATE(hook) == NULL) {
563 		goto drop;
564 	}
565 	packetlen = m->m_len;
566 
567 	/* XXX what if it's more than 1 mbuf? */
568 	if ((packetlen > MHLEN) && !(m->m_flags & M_EXT)) {
569 		log(LOG_WARNING, "nglmi: packetlen (%d) too big\n", packetlen);
570 		goto drop;
571 	}
572 	if (m->m_len < packetlen && (m = m_pullup(m, packetlen)) == NULL) {
573 		log(LOG_WARNING,
574 		    "nglmi: m_pullup failed for %d bytes\n", packetlen);
575 		return (0);
576 	}
577 	if (nglmi_checkdata(hook, m) == 0)
578 		return (0);
579 
580 	/* pass the first 4 bytes (already checked in the nglmi_checkdata()) */
581 	data = mtod(m, const u_char *);
582 	STEPBY(4);
583 
584 	/* Now check if there is a 'locking shift'. This is only seen in
585 	 * Annex D frames. don't bother checking, we already did that. Don't
586 	 * increment immediately as it might not be there. */
587 	if (ANNEXD(sc))
588 		STEPBY(1);
589 
590 	/* If we get this far we should consider that it is a legitimate
591 	 * frame and we know what it is. */
592 	if (sc->flags & SCF_AUTO) {
593 		/* note the hook that this valid channel came from and drop
594 		 * out of auto probe mode. */
595 		if (ANNEXA(sc))
596 			sc->protoname = NAME_ANNEXA;
597 		else if (ANNEXD(sc))
598 			sc->protoname = NAME_ANNEXD;
599 		else if (GROUP4(sc))
600 			sc->protoname = NAME_GROUP4;
601 		else {
602 			log(LOG_ERR, "nglmi: No known type\n");
603 			goto drop;
604 		}
605 		sc->lmi_channel = hook;
606 		sc->flags &= ~SCF_AUTO;
607 		log(LOG_INFO, "nglmi: auto-detected %s LMI on DLCI %d\n",
608 		    sc->protoname, hook == sc->lmi_channel0 ? 0 : 1023);
609 	}
610 
611 	/* While there is more data in the status packet, keep processing
612 	 * status items. First make sure there is enough data for the
613 	 * segment descriptor's length field. */
614 	while (packetlen >= 2) {
615 		u_int   segtype = data[0];
616 		u_int   segsize = data[1];
617 
618 		/* Now that we know how long it claims to be, make sure
619 		 * there is enough data for the next seg. */
620 		if (packetlen < segsize + 2)
621 			break;
622 		switch (segtype) {
623 		case 0x01:
624 		case 0x51:
625 			if (resptype_seen) {
626 				log(LOG_WARNING, "nglmi: dup MSGTYPE\n");
627 				goto nextIE;
628 			}
629 			resptype_seen++;
630 			/* The remote end tells us what kind of response
631 			 * this is. Only expect a type 0 or 1. if we are a
632 			 * full status, invalidate a few DLCIs just to see
633 			 * that they are still ok. */
634 			if (segsize != 1)
635 				goto nextIE;
636 			switch (data[2]) {
637 			case 1:
638 				/* partial status, do no extra processing */
639 				break;
640 			case 0:
641 			    {
642 				int     count = 0;
643 				int     idx = sc->invalidx;
644 
645 				for (count = 0; count < 10; count++) {
646 					if (idx > MAXDLCI)
647 						idx = 0;
648 					if (sc->dlci_state[idx] == DLCI_UP)
649 						sc->dlci_state[idx] = DLCI_DOWN;
650 					idx++;
651 				}
652 				sc->invalidx = idx;
653 				/* we got and we wanted one. relax
654 				 * now.. but don't reset to 0 if it
655 				 * was unrequested. */
656 				if (sc->livs > sc->liv_per_full)
657 					sc->livs = 0;
658 				break;
659 			    }
660 			}
661 			break;
662 		case 0x03:
663 		case 0x53:
664 			/* The remote tells us what it thinks the sequence
665 			 * numbers are. If it's not size 2, it must be a
666 			 * duplicate to have gotten this far, skip it. */
667 			if (segsize != 2)
668 				goto nextIE;
669 			sc->remote_seq = data[2];
670 			if (sc->local_seq == data[3]) {
671 				sc->local_seq++;
672 				sc->seq_retries = 0;
673 				/* Note that all 3 Frame protocols seem to
674 				 * not like 0 as a sequence number. */
675 				if (sc->local_seq == 0)
676 					sc->local_seq = 1;
677 			}
678 			break;
679 		case 0x07:
680 		case 0x57:
681 			/* The remote tells us about a DLCI that it knows
682 			 * about. There may be many of these in a single
683 			 * status response */
684 			switch (segsize) {
685 			case 6:/* only on 'group of 4' */
686 				dlci = ((u_short) data[2] & 0xff) << 8;
687 				dlci |= (data[3] & 0xff);
688 				if ((dlci < 1024) && (dlci > 0)) {
689 				  /* XXX */
690 				}
691 				break;
692 			case 3:
693 				dlci = ((u_short) data[2] & 0x3f) << 4;
694 				dlci |= ((data[3] & 0x78) >> 3);
695 				if ((dlci < 1024) && (dlci > 0)) {
696 					/* set up the bottom half of the
697 					 * support for that dlci if it's not
698 					 * already been done */
699 					/* store this information somewhere */
700 				}
701 				break;
702 			default:
703 				goto nextIE;
704 			}
705 			if (sc->dlci_state[dlci] != DLCI_UP) {
706 				/* bring new DLCI to life */
707 				/* may do more here some day */
708 				if (sc->dlci_state[dlci] != DLCI_DOWN)
709 					log(LOG_INFO,
710 					    "nglmi: DLCI %d became active\n",
711 					    dlci);
712 				sc->dlci_state[dlci] = DLCI_UP;
713 			}
714 			break;
715 		}
716 nextIE:
717 		STEPBY(segsize + 2);
718 	}
719 	NG_FREE_M(m);
720 	return (0);
721 
722 drop:
723 	NG_FREE_M(m);
724 	return (EINVAL);
725 }
726 
727 /*
728  * Check that a packet is entirely kosha.
729  * return 1 of ok, and 0 if not.
730  * All data is discarded if a 0 is returned.
731  */
732 static int
nglmi_checkdata(hook_p hook,struct mbuf * m)733 nglmi_checkdata(hook_p hook, struct mbuf *m)
734 {
735 	sc_p    sc = NG_NODE_PRIVATE(NG_HOOK_NODE(hook));
736 	const	u_char *data;
737 	u_short packetlen;
738 	unsigned short dlci;
739 	u_char  type;
740 	u_char  nextbyte;
741 	int     seq_seen = 0;
742 	int     resptype_seen = 0;	/* 0 , 1 (partial) or 2 (full) */
743 #if 0
744 	int     highest_dlci = 0;
745 #endif
746 
747 	packetlen = m->m_len;
748 	data = mtod(m, const u_char *);
749 	if (*data != 0x03) {
750 		log(LOG_WARNING, "nglmi: unexpected value in LMI(%d)\n", 1);
751 		goto reject;
752 	}
753 	STEPBY(1);
754 
755 	/* look at the protocol ID */
756 	nextbyte = *data;
757 	if (sc->flags & SCF_AUTO) {
758 		SETLMITYPE(sc, SCF_NOLMI);	/* start with a clean slate */
759 		switch (nextbyte) {
760 		case 0x8:
761 			sc->protoID = 8;
762 			break;
763 		case 0x9:
764 			SETLMITYPE(sc, SCF_GROUP4);
765 			sc->protoID = 9;
766 			break;
767 		default:
768 			log(LOG_WARNING, "nglmi: bad Protocol ID(%d)\n",
769 			    (int) nextbyte);
770 			goto reject;
771 		}
772 	} else {
773 		if (nextbyte != sc->protoID) {
774 			log(LOG_WARNING, "nglmi: unexpected Protocol ID(%d)\n",
775 			    (int) nextbyte);
776 			goto reject;
777 		}
778 	}
779 	STEPBY(1);
780 
781 	/* check call reference (always null in non ISDN frame relay) */
782 	if (*data != 0x00) {
783 		log(LOG_WARNING, "nglmi: unexpected Call Reference (0x%x)\n",
784 		    data[-1]);
785 		goto reject;
786 	}
787 	STEPBY(1);
788 
789 	/* check message type */
790 	switch ((type = *data)) {
791 	case 0x75:		/* Status enquiry */
792 		log(LOG_WARNING, "nglmi: unexpected message type(0x%x)\n",
793 		    data[-1]);
794 		goto reject;
795 	case 0x7D:		/* Status message */
796 		break;
797 	default:
798 		log(LOG_WARNING,
799 		    "nglmi: unexpected msg type(0x%x) \n", (int) type);
800 		goto reject;
801 	}
802 	STEPBY(1);
803 
804 	/* Now check if there is a 'locking shift'. This is only seen in
805 	 * Annex D frames. Don't increment immediately as it might not be
806 	 * there. */
807 	nextbyte = *data;
808 	if (sc->flags & SCF_AUTO) {
809 		if (!(GROUP4(sc))) {
810 			if (nextbyte == 0x95) {
811 				SETLMITYPE(sc, SCF_ANNEX_D);
812 				STEPBY(1);
813 			} else
814 				SETLMITYPE(sc, SCF_ANNEX_A);
815 		} else if (nextbyte == 0x95) {
816 			log(LOG_WARNING, "nglmi: locking shift seen in G4\n");
817 			goto reject;
818 		}
819 	} else {
820 		if (ANNEXD(sc)) {
821 			if (*data == 0x95)
822 				STEPBY(1);
823 			else {
824 				log(LOG_WARNING,
825 				    "nglmi: locking shift missing\n");
826 				goto reject;
827 			}
828 		} else if (*data == 0x95) {
829 			log(LOG_WARNING, "nglmi: locking shift seen\n");
830 			goto reject;
831 		}
832 	}
833 
834 	/* While there is more data in the status packet, keep processing
835 	 * status items. First make sure there is enough data for the
836 	 * segment descriptor's length field. */
837 	while (packetlen >= 2) {
838 		u_int   segtype = data[0];
839 		u_int   segsize = data[1];
840 
841 		/* Now that we know how long it claims to be, make sure
842 		 * there is enough data for the next seg. */
843 		if (packetlen < (segsize + 2)) {
844 			log(LOG_WARNING, "nglmi: IE longer than packet\n");
845 			break;
846 		}
847 		switch (segtype) {
848 		case 0x01:
849 		case 0x51:
850 			/* According to MCI's HP analyser, we should just
851 			 * ignore if there is mor ethan one of these (?). */
852 			if (resptype_seen) {
853 				log(LOG_WARNING, "nglmi: dup MSGTYPE\n");
854 				goto nextIE;
855 			}
856 			if (segsize != 1) {
857 				log(LOG_WARNING, "nglmi: MSGTYPE wrong size\n");
858 				goto reject;
859 			}
860 			/* The remote end tells us what kind of response
861 			 * this is. Only expect a type 0 or 1. if it was a
862 			 * full (type 0) check we just asked for a type
863 			 * full. */
864 			switch (data[2]) {
865 			case 1:/* partial */
866 				if (sc->livs > sc->liv_per_full) {
867 					log(LOG_WARNING,
868 					  "nglmi: LIV when FULL expected\n");
869 					goto reject;	/* need full */
870 				}
871 				resptype_seen = 1;
872 				break;
873 			case 0:/* full */
874 				/* Full response is always acceptable */
875 				resptype_seen = 2;
876 				break;
877 			default:
878 				log(LOG_WARNING,
879 				 "nglmi: Unknown report type %d\n", data[2]);
880 				goto reject;
881 			}
882 			break;
883 		case 0x03:
884 		case 0x53:
885 			/* The remote tells us what it thinks the sequence
886 			 * numbers are. I would have thought that there
887 			 * needs to be one and only one of these, but MCI
888 			 * want us to just ignore extras. (?) */
889 			if (resptype_seen == 0) {
890 				log(LOG_WARNING, "nglmi: no TYPE before SEQ\n");
891 				goto reject;
892 			}
893 			if (seq_seen != 0)	/* already seen seq numbers */
894 				goto nextIE;
895 			if (segsize != 2) {
896 				log(LOG_WARNING, "nglmi: bad SEQ sts size\n");
897 				goto reject;
898 			}
899 			if (sc->local_seq != data[3]) {
900 				log(LOG_WARNING, "nglmi: unexpected SEQ\n");
901 				goto reject;
902 			}
903 			seq_seen = 1;
904 			break;
905 		case 0x07:
906 		case 0x57:
907 			/* The remote tells us about a DLCI that it knows
908 			 * about. There may be many of these in a single
909 			 * status response */
910 			if (seq_seen != 1) {	/* already seen seq numbers? */
911 				log(LOG_WARNING,
912 				    "nglmi: No sequence before DLCI\n");
913 				goto reject;
914 			}
915 			if (resptype_seen != 2) {	/* must be full */
916 				log(LOG_WARNING,
917 				    "nglmi: No resp type before DLCI\n");
918 				goto reject;
919 			}
920 			if (GROUP4(sc)) {
921 				if (segsize != 6) {
922 					log(LOG_WARNING,
923 					    "nglmi: wrong IE segsize\n");
924 					goto reject;
925 				}
926 				dlci = ((u_short) data[2] & 0xff) << 8;
927 				dlci |= (data[3] & 0xff);
928 			} else {
929 				if (segsize != 3) {
930 					log(LOG_WARNING,
931 					    "nglmi: DLCI headersize of %d"
932 					    " not supported\n", segsize - 1);
933 					goto reject;
934 				}
935 				dlci = ((u_short) data[2] & 0x3f) << 4;
936 				dlci |= ((data[3] & 0x78) >> 3);
937 			}
938 			/* async can only have one of these */
939 #if 0				/* async not yet accepted */
940 			if (async && highest_dlci) {
941 				log(LOG_WARNING,
942 				    "nglmi: Async with > 1 DLCI\n");
943 				goto reject;
944 			}
945 #endif
946 			/* Annex D says these will always be Ascending, but
947 			 * the HP test for G4 says we should accept
948 			 * duplicates, so for now allow that. ( <= vs. < ) */
949 #if 0
950 			/* MCI tests want us to accept out of order for AnxD */
951 			if ((!GROUP4(sc)) && (dlci < highest_dlci)) {
952 				/* duplicate or mis-ordered dlci */
953 				/* (spec says they will increase in number) */
954 				log(LOG_WARNING, "nglmi: DLCI out of order\n");
955 				goto reject;
956 			}
957 #endif
958 			if (dlci > 1023) {
959 				log(LOG_WARNING, "nglmi: DLCI out of range\n");
960 				goto reject;
961 			}
962 #if 0
963 			highest_dlci = dlci;
964 #endif
965 			break;
966 		default:
967 			log(LOG_WARNING,
968 			    "nglmi: unknown LMI segment type %d\n", segtype);
969 		}
970 nextIE:
971 		STEPBY(segsize + 2);
972 	}
973 	if (packetlen != 0) {	/* partial junk at end? */
974 		log(LOG_WARNING,
975 		    "nglmi: %d bytes extra at end of packet\n", packetlen);
976 		goto print;
977 	}
978 	if (resptype_seen == 0) {
979 		log(LOG_WARNING, "nglmi: No response type seen\n");
980 		goto reject;	/* had no response type */
981 	}
982 	if (seq_seen == 0) {
983 		log(LOG_WARNING, "nglmi: No sequence numbers seen\n");
984 		goto reject;	/* had no sequence numbers */
985 	}
986 	return (1);
987 
988 print:
989 	{
990 		int     i, j, k, pos;
991 		char    buf[100];
992 		int     loc;
993 		const	u_char *bp = mtod(m, const u_char *);
994 
995 		k = i = 0;
996 		loc = (m->m_len - packetlen);
997 		log(LOG_WARNING, "nglmi: error at location %d\n", loc);
998 		while (k < m->m_len) {
999 			pos = 0;
1000 			j = 0;
1001 			while ((j++ < 16) && k < m->m_len) {
1002 				pos += sprintf(buf + pos, "%c%02x",
1003 					       ((loc == k) ? '>' : ' '),
1004 					       bp[k]);
1005 				k++;
1006 			}
1007 			if (i == 0)
1008 				log(LOG_WARNING, "nglmi: packet data:%s\n", buf);
1009 			else
1010 				log(LOG_WARNING, "%04d              :%s\n", k, buf);
1011 			i++;
1012 		}
1013 	}
1014 	return (1);
1015 reject:
1016 	{
1017 		int     i, j, k, pos;
1018 		char    buf[100];
1019 		int     loc;
1020 		const	u_char *bp = mtod(m, const u_char *);
1021 
1022 		k = i = 0;
1023 		loc = (m->m_len - packetlen);
1024 		log(LOG_WARNING, "nglmi: error at location %d\n", loc);
1025 		while (k < m->m_len) {
1026 			pos = 0;
1027 			j = 0;
1028 			while ((j++ < 16) && k < m->m_len) {
1029 				pos += sprintf(buf + pos, "%c%02x",
1030 					       ((loc == k) ? '>' : ' '),
1031 					       bp[k]);
1032 				k++;
1033 			}
1034 			if (i == 0)
1035 				log(LOG_WARNING, "nglmi: packet data:%s\n", buf);
1036 			else
1037 				log(LOG_WARNING, "%04d              :%s\n", k, buf);
1038 			i++;
1039 		}
1040 	}
1041 	NG_FREE_M(m);
1042 	return (0);
1043 }
1044 
1045 /*
1046  * Do local shutdown processing..
1047  * Cut any remaining links and free our local resources.
1048  */
1049 static int
nglmi_shutdown(node_p node)1050 nglmi_shutdown(node_p node)
1051 {
1052 	const sc_p sc = NG_NODE_PRIVATE(node);
1053 
1054 	NG_NODE_SET_PRIVATE(node, NULL);
1055 	NG_NODE_UNREF(sc->node);
1056 	free(sc, M_NETGRAPH);
1057 	return (0);
1058 }
1059 
1060 /*
1061  * Hook disconnection
1062  * For this type, removal of any link except "debug" destroys the node.
1063  */
1064 static int
nglmi_disconnect(hook_p hook)1065 nglmi_disconnect(hook_p hook)
1066 {
1067 	const sc_p sc = NG_NODE_PRIVATE(NG_HOOK_NODE(hook));
1068 
1069 	/* OK to remove debug hook(s) */
1070 	if (NG_HOOK_PRIVATE(hook) == NULL)
1071 		return (0);
1072 
1073 	/* Stop timer if it's currently active */
1074 	if (sc->flags & SCF_CONNECTED)
1075 		ng_uncallout(&sc->handle, sc->node);
1076 
1077 	/* Self-destruct */
1078 	if (NG_NODE_IS_VALID(NG_HOOK_NODE(hook)))
1079 		ng_rmnode_self(NG_HOOK_NODE(hook));
1080 	return (0);
1081 }
1082