1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * llc_sap.c - driver routines for SAP component. 4 * 5 * Copyright (c) 1997 by Procom Technology, Inc. 6 * 2001-2003 by Arnaldo Carvalho de Melo <acme@conectiva.com.br> 7 */ 8 9 #include <net/llc.h> 10 #include <net/llc_if.h> 11 #include <net/llc_conn.h> 12 #include <net/llc_pdu.h> 13 #include <net/llc_sap.h> 14 #include <net/llc_s_ac.h> 15 #include <net/llc_s_ev.h> 16 #include <net/llc_s_st.h> 17 #include <net/sock.h> 18 #include <net/tcp_states.h> 19 #include <linux/llc.h> 20 #include <linux/slab.h> 21 22 static int llc_mac_header_len(unsigned short devtype) 23 { 24 switch (devtype) { 25 case ARPHRD_ETHER: 26 case ARPHRD_LOOPBACK: 27 return sizeof(struct ethhdr); 28 } 29 return 0; 30 } 31 32 /** 33 * llc_alloc_frame - allocates sk_buff for frame 34 * @sk: socket to allocate frame to 35 * @dev: network device this skb will be sent over 36 * @type: pdu type to allocate 37 * @data_size: data size to allocate 38 * 39 * Allocates an sk_buff for frame and initializes sk_buff fields. 40 * Returns allocated skb or %NULL when out of memory. 41 */ 42 struct sk_buff *llc_alloc_frame(struct sock *sk, struct net_device *dev, 43 u8 type, u32 data_size) 44 { 45 int hlen = type == LLC_PDU_TYPE_U ? 3 : 4; 46 struct sk_buff *skb; 47 48 hlen += llc_mac_header_len(dev->type); 49 skb = alloc_skb(hlen + data_size, GFP_ATOMIC); 50 51 if (skb) { 52 skb_reset_mac_header(skb); 53 skb_reserve(skb, hlen); 54 skb_reset_network_header(skb); 55 skb_reset_transport_header(skb); 56 skb->protocol = htons(ETH_P_802_2); 57 skb->dev = dev; 58 if (sk != NULL) 59 skb_set_owner_w(skb, sk); 60 } 61 return skb; 62 } 63 64 void llc_save_primitive(struct sock *sk, struct sk_buff *skb, u8 prim) 65 { 66 struct sockaddr_llc *addr; 67 68 /* save primitive for use by the user. */ 69 addr = llc_ui_skb_cb(skb); 70 71 memset(addr, 0, sizeof(*addr)); 72 addr->sllc_family = sk->sk_family; 73 addr->sllc_arphrd = skb->dev->type; 74 addr->sllc_test = prim == LLC_TEST_PRIM; 75 addr->sllc_xid = prim == LLC_XID_PRIM; 76 addr->sllc_ua = prim == LLC_DATAUNIT_PRIM; 77 llc_pdu_decode_sa(skb, addr->sllc_mac); 78 llc_pdu_decode_ssap(skb, &addr->sllc_sap); 79 } 80 81 /** 82 * llc_sap_rtn_pdu - Informs upper layer on rx of an UI, XID or TEST pdu. 83 * @sap: pointer to SAP 84 * @skb: received pdu 85 */ 86 void llc_sap_rtn_pdu(struct llc_sap *sap, struct sk_buff *skb) 87 { 88 struct llc_sap_state_ev *ev = llc_sap_ev(skb); 89 struct llc_pdu_un *pdu = llc_pdu_un_hdr(skb); 90 91 switch (LLC_U_PDU_RSP(pdu)) { 92 case LLC_1_PDU_CMD_TEST: 93 ev->prim = LLC_TEST_PRIM; break; 94 case LLC_1_PDU_CMD_XID: 95 ev->prim = LLC_XID_PRIM; break; 96 case LLC_1_PDU_CMD_UI: 97 ev->prim = LLC_DATAUNIT_PRIM; break; 98 } 99 ev->ind_cfm_flag = LLC_IND; 100 } 101 102 /** 103 * llc_find_sap_trans - finds transition for event 104 * @sap: pointer to SAP 105 * @skb: happened event 106 * 107 * This function finds transition that matches with happened event. 108 * Returns the pointer to found transition on success or %NULL for 109 * failure. 110 */ 111 static const struct llc_sap_state_trans *llc_find_sap_trans(struct llc_sap *sap, 112 struct sk_buff *skb) 113 { 114 int i = 0; 115 const struct llc_sap_state_trans *rc = NULL; 116 const struct llc_sap_state_trans **next_trans; 117 struct llc_sap_state *curr_state = &llc_sap_state_table[sap->state - 1]; 118 /* 119 * Search thru events for this state until list exhausted or until 120 * its obvious the event is not valid for the current state 121 */ 122 for (next_trans = curr_state->transitions; next_trans[i]->ev; i++) 123 if (!next_trans[i]->ev(sap, skb)) { 124 rc = next_trans[i]; /* got event match; return it */ 125 break; 126 } 127 return rc; 128 } 129 130 /** 131 * llc_exec_sap_trans_actions - execute actions related to event 132 * @sap: pointer to SAP 133 * @trans: pointer to transition that it's actions must be performed 134 * @skb: happened event. 135 * 136 * This function executes actions that is related to happened event. 137 * Returns 0 for success and 1 for failure of at least one action. 138 */ 139 static int llc_exec_sap_trans_actions(struct llc_sap *sap, 140 const struct llc_sap_state_trans *trans, 141 struct sk_buff *skb) 142 { 143 int rc = 0; 144 const llc_sap_action_t *next_action = trans->ev_actions; 145 146 for (; next_action && *next_action; next_action++) 147 if ((*next_action)(sap, skb)) 148 rc = 1; 149 return rc; 150 } 151 152 /** 153 * llc_sap_next_state - finds transition, execs actions & change SAP state 154 * @sap: pointer to SAP 155 * @skb: happened event 156 * 157 * This function finds transition that matches with happened event, then 158 * executes related actions and finally changes state of SAP. It returns 159 * 0 on success and 1 for failure. 160 */ 161 static int llc_sap_next_state(struct llc_sap *sap, struct sk_buff *skb) 162 { 163 const struct llc_sap_state_trans *trans; 164 int rc = 1; 165 166 if (sap->state > LLC_NR_SAP_STATES) 167 goto out; 168 trans = llc_find_sap_trans(sap, skb); 169 if (!trans) 170 goto out; 171 /* 172 * Got the state to which we next transition; perform the actions 173 * associated with this transition before actually transitioning to the 174 * next state 175 */ 176 rc = llc_exec_sap_trans_actions(sap, trans, skb); 177 if (rc) 178 goto out; 179 /* 180 * Transition SAP to next state if all actions execute successfully 181 */ 182 sap->state = trans->next_state; 183 out: 184 return rc; 185 } 186 187 /** 188 * llc_sap_state_process - sends event to SAP state machine 189 * @sap: sap to use 190 * @skb: pointer to occurred event 191 * 192 * After executing actions of the event, upper layer will be indicated 193 * if needed(on receiving an UI frame). sk can be null for the 194 * datalink_proto case. 195 * 196 * This function always consumes a reference to the skb. 197 */ 198 static void llc_sap_state_process(struct llc_sap *sap, struct sk_buff *skb) 199 { 200 struct llc_sap_state_ev *ev = llc_sap_ev(skb); 201 202 ev->ind_cfm_flag = 0; 203 llc_sap_next_state(sap, skb); 204 205 if (ev->ind_cfm_flag == LLC_IND && skb->sk->sk_state != TCP_LISTEN) { 206 llc_save_primitive(skb->sk, skb, ev->prim); 207 208 /* queue skb to the user. */ 209 if (sock_queue_rcv_skb(skb->sk, skb) == 0) 210 return; 211 } 212 kfree_skb(skb); 213 } 214 215 /** 216 * llc_build_and_send_test_pkt - TEST interface for upper layers. 217 * @sap: sap to use 218 * @skb: packet to send 219 * @dmac: destination mac address 220 * @dsap: destination sap 221 * 222 * This function is called when upper layer wants to send a TEST pdu. 223 * Returns 0 for success, 1 otherwise. 224 */ 225 void llc_build_and_send_test_pkt(struct llc_sap *sap, 226 struct sk_buff *skb, u8 *dmac, u8 dsap) 227 { 228 struct llc_sap_state_ev *ev = llc_sap_ev(skb); 229 230 ev->saddr.lsap = sap->laddr.lsap; 231 ev->daddr.lsap = dsap; 232 memcpy(ev->saddr.mac, skb->dev->dev_addr, IFHWADDRLEN); 233 memcpy(ev->daddr.mac, dmac, IFHWADDRLEN); 234 235 ev->type = LLC_SAP_EV_TYPE_PRIM; 236 ev->prim = LLC_TEST_PRIM; 237 ev->prim_type = LLC_PRIM_TYPE_REQ; 238 llc_sap_state_process(sap, skb); 239 } 240 241 /** 242 * llc_build_and_send_xid_pkt - XID interface for upper layers 243 * @sap: sap to use 244 * @skb: packet to send 245 * @dmac: destination mac address 246 * @dsap: destination sap 247 * 248 * This function is called when upper layer wants to send a XID pdu. 249 * Returns 0 for success, 1 otherwise. 250 */ 251 void llc_build_and_send_xid_pkt(struct llc_sap *sap, struct sk_buff *skb, 252 u8 *dmac, u8 dsap) 253 { 254 struct llc_sap_state_ev *ev = llc_sap_ev(skb); 255 256 ev->saddr.lsap = sap->laddr.lsap; 257 ev->daddr.lsap = dsap; 258 memcpy(ev->saddr.mac, skb->dev->dev_addr, IFHWADDRLEN); 259 memcpy(ev->daddr.mac, dmac, IFHWADDRLEN); 260 261 ev->type = LLC_SAP_EV_TYPE_PRIM; 262 ev->prim = LLC_XID_PRIM; 263 ev->prim_type = LLC_PRIM_TYPE_REQ; 264 llc_sap_state_process(sap, skb); 265 } 266 267 /** 268 * llc_sap_rcv - sends received pdus to the sap state machine 269 * @sap: current sap component structure. 270 * @skb: received frame. 271 * @sk: socket to associate to frame 272 * 273 * Sends received pdus to the sap state machine. 274 */ 275 static void llc_sap_rcv(struct llc_sap *sap, struct sk_buff *skb, 276 struct sock *sk) 277 { 278 struct llc_sap_state_ev *ev = llc_sap_ev(skb); 279 280 ev->type = LLC_SAP_EV_TYPE_PDU; 281 ev->reason = 0; 282 skb_orphan(skb); 283 sock_hold(sk); 284 skb->sk = sk; 285 skb->destructor = sock_efree; 286 llc_sap_state_process(sap, skb); 287 } 288 289 static inline bool llc_dgram_match(const struct llc_sap *sap, 290 const struct llc_addr *laddr, 291 const struct sock *sk, 292 const struct net *net) 293 { 294 struct llc_sock *llc = llc_sk(sk); 295 296 return sk->sk_type == SOCK_DGRAM && 297 net_eq(sock_net(sk), net) && 298 llc->laddr.lsap == laddr->lsap && 299 ether_addr_equal(llc->laddr.mac, laddr->mac); 300 } 301 302 /** 303 * llc_lookup_dgram - Finds dgram socket for the local sap/mac 304 * @sap: SAP 305 * @laddr: address of local LLC (MAC + SAP) 306 * @net: netns to look up a socket in 307 * 308 * Search socket list of the SAP and finds connection using the local 309 * mac, and local sap. Returns pointer for socket found, %NULL otherwise. 310 */ 311 static struct sock *llc_lookup_dgram(struct llc_sap *sap, 312 const struct llc_addr *laddr, 313 const struct net *net) 314 { 315 struct sock *rc; 316 struct hlist_nulls_node *node; 317 int slot = llc_sk_laddr_hashfn(sap, laddr); 318 struct hlist_nulls_head *laddr_hb = &sap->sk_laddr_hash[slot]; 319 320 rcu_read_lock_bh(); 321 again: 322 sk_nulls_for_each_rcu(rc, node, laddr_hb) { 323 if (llc_dgram_match(sap, laddr, rc, net)) { 324 /* Extra checks required by SLAB_TYPESAFE_BY_RCU */ 325 if (unlikely(!refcount_inc_not_zero(&rc->sk_refcnt))) 326 goto again; 327 if (unlikely(llc_sk(rc)->sap != sap || 328 !llc_dgram_match(sap, laddr, rc, net))) { 329 sock_put(rc); 330 continue; 331 } 332 goto found; 333 } 334 } 335 rc = NULL; 336 /* 337 * if the nulls value we got at the end of this lookup is 338 * not the expected one, we must restart lookup. 339 * We probably met an item that was moved to another chain. 340 */ 341 if (unlikely(get_nulls_value(node) != slot)) 342 goto again; 343 found: 344 rcu_read_unlock_bh(); 345 return rc; 346 } 347 348 static inline bool llc_mcast_match(const struct llc_sap *sap, 349 const struct llc_addr *laddr, 350 const struct sk_buff *skb, 351 const struct sock *sk) 352 { 353 struct llc_sock *llc = llc_sk(sk); 354 355 return sk->sk_type == SOCK_DGRAM && 356 llc->laddr.lsap == laddr->lsap && 357 llc->dev == skb->dev; 358 } 359 360 static void llc_do_mcast(struct llc_sap *sap, struct sk_buff *skb, 361 struct sock **stack, int count) 362 { 363 struct sk_buff *skb1; 364 int i; 365 366 for (i = 0; i < count; i++) { 367 skb1 = skb_clone(skb, GFP_ATOMIC); 368 if (!skb1) { 369 sock_put(stack[i]); 370 continue; 371 } 372 373 llc_sap_rcv(sap, skb1, stack[i]); 374 sock_put(stack[i]); 375 } 376 } 377 378 /** 379 * llc_sap_mcast - Deliver multicast PDU's to all matching datagram sockets. 380 * @sap: SAP 381 * @laddr: address of local LLC (MAC + SAP) 382 * @skb: PDU to deliver 383 * 384 * Search socket list of the SAP and finds connections with same sap. 385 * Deliver clone to each. 386 */ 387 static void llc_sap_mcast(struct llc_sap *sap, 388 const struct llc_addr *laddr, 389 struct sk_buff *skb) 390 { 391 int i = 0; 392 struct sock *sk; 393 struct sock *stack[256 / sizeof(struct sock *)]; 394 struct llc_sock *llc; 395 struct hlist_head *dev_hb = llc_sk_dev_hash(sap, skb->dev->ifindex); 396 397 spin_lock_bh(&sap->sk_lock); 398 hlist_for_each_entry(llc, dev_hb, dev_hash_node) { 399 400 sk = &llc->sk; 401 402 if (!llc_mcast_match(sap, laddr, skb, sk)) 403 continue; 404 405 sock_hold(sk); 406 if (i < ARRAY_SIZE(stack)) 407 stack[i++] = sk; 408 else { 409 llc_do_mcast(sap, skb, stack, i); 410 i = 0; 411 } 412 } 413 spin_unlock_bh(&sap->sk_lock); 414 415 llc_do_mcast(sap, skb, stack, i); 416 } 417 418 419 void llc_sap_handler(struct llc_sap *sap, struct sk_buff *skb) 420 { 421 struct llc_addr laddr; 422 423 llc_pdu_decode_da(skb, laddr.mac); 424 llc_pdu_decode_dsap(skb, &laddr.lsap); 425 426 if (is_multicast_ether_addr(laddr.mac)) { 427 llc_sap_mcast(sap, &laddr, skb); 428 kfree_skb(skb); 429 } else { 430 struct sock *sk = llc_lookup_dgram(sap, &laddr, dev_net(skb->dev)); 431 if (sk) { 432 llc_sap_rcv(sap, skb, sk); 433 sock_put(sk); 434 } else 435 kfree_skb(skb); 436 } 437 } 438