1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * X.25 Packet Layer release 002 4 * 5 * This is ALPHA test software. This code may break your machine, 6 * randomly fail to work with new releases, misbehave and/or generally 7 * screw up. It might even work. 8 * 9 * This code REQUIRES 2.1.15 or higher 10 * 11 * History 12 * X.25 001 Jonathan Naylor Started coding. 13 * X.25 002 Jonathan Naylor Centralised disconnect handling. 14 * New timer architecture. 15 * 2000-03-11 Henner Eisen MSG_EOR handling more POSIX compliant. 16 * 2000-03-22 Daniela Squassoni Allowed disabling/enabling of 17 * facilities negotiation and increased 18 * the throughput upper limit. 19 * 2000-08-27 Arnaldo C. Melo s/suser/capable/ + micro cleanups 20 * 2000-09-04 Henner Eisen Set sock->state in x25_accept(). 21 * Fixed x25_output() related skb leakage. 22 * 2000-10-02 Henner Eisen Made x25_kick() single threaded per socket. 23 * 2000-10-27 Henner Eisen MSG_DONTWAIT for fragment allocation. 24 * 2000-11-14 Henner Eisen Closing datalink from NETDEV_GOING_DOWN 25 * 2002-10-06 Arnaldo C. Melo Get rid of cli/sti, move proc stuff to 26 * x25_proc.c, using seq_file 27 * 2005-04-02 Shaun Pereira Selective sub address matching 28 * with call user data 29 * 2005-04-15 Shaun Pereira Fast select with no restriction on 30 * response 31 */ 32 33 #define pr_fmt(fmt) "X25: " fmt 34 35 #include <linux/module.h> 36 #include <linux/capability.h> 37 #include <linux/errno.h> 38 #include <linux/kernel.h> 39 #include <linux/sched/signal.h> 40 #include <linux/timer.h> 41 #include <linux/string.h> 42 #include <linux/net.h> 43 #include <linux/netdevice.h> 44 #include <linux/if_arp.h> 45 #include <linux/skbuff.h> 46 #include <linux/slab.h> 47 #include <net/sock.h> 48 #include <net/tcp_states.h> 49 #include <linux/uaccess.h> 50 #include <linux/fcntl.h> 51 #include <linux/termios.h> /* For TIOCINQ/OUTQ */ 52 #include <linux/notifier.h> 53 #include <linux/init.h> 54 #include <linux/compat.h> 55 #include <linux/ctype.h> 56 57 #include <net/x25.h> 58 #include <net/compat.h> 59 60 int sysctl_x25_restart_request_timeout = X25_DEFAULT_T20; 61 int sysctl_x25_call_request_timeout = X25_DEFAULT_T21; 62 int sysctl_x25_reset_request_timeout = X25_DEFAULT_T22; 63 int sysctl_x25_clear_request_timeout = X25_DEFAULT_T23; 64 int sysctl_x25_ack_holdback_timeout = X25_DEFAULT_T2; 65 int sysctl_x25_forward = 0; 66 67 HLIST_HEAD(x25_list); 68 DEFINE_RWLOCK(x25_list_lock); 69 70 static const struct proto_ops x25_proto_ops; 71 72 static const struct x25_address null_x25_address = {" "}; 73 74 #ifdef CONFIG_COMPAT 75 struct compat_x25_subscrip_struct { 76 char device[200-sizeof(compat_ulong_t)]; 77 compat_ulong_t global_facil_mask; 78 compat_uint_t extended; 79 }; 80 #endif 81 82 83 int x25_parse_address_block(struct sk_buff *skb, 84 struct x25_address *called_addr, 85 struct x25_address *calling_addr) 86 { 87 unsigned char len; 88 int needed; 89 int rc; 90 91 if (!pskb_may_pull(skb, 1)) { 92 /* packet has no address block */ 93 rc = 0; 94 goto empty; 95 } 96 97 len = *skb->data; 98 needed = 1 + ((len >> 4) + (len & 0x0f) + 1) / 2; 99 100 if (!pskb_may_pull(skb, needed)) { 101 /* packet is too short to hold the addresses it claims 102 to hold */ 103 rc = -1; 104 goto empty; 105 } 106 107 return x25_addr_ntoa(skb->data, called_addr, calling_addr); 108 109 empty: 110 *called_addr->x25_addr = 0; 111 *calling_addr->x25_addr = 0; 112 113 return rc; 114 } 115 116 117 int x25_addr_ntoa(unsigned char *p, struct x25_address *called_addr, 118 struct x25_address *calling_addr) 119 { 120 unsigned int called_len, calling_len; 121 char *called, *calling; 122 unsigned int i; 123 124 called_len = (*p >> 0) & 0x0F; 125 calling_len = (*p >> 4) & 0x0F; 126 127 called = called_addr->x25_addr; 128 calling = calling_addr->x25_addr; 129 p++; 130 131 for (i = 0; i < (called_len + calling_len); i++) { 132 if (i < called_len) { 133 if (i % 2 != 0) { 134 *called++ = ((*p >> 0) & 0x0F) + '0'; 135 p++; 136 } else { 137 *called++ = ((*p >> 4) & 0x0F) + '0'; 138 } 139 } else { 140 if (i % 2 != 0) { 141 *calling++ = ((*p >> 0) & 0x0F) + '0'; 142 p++; 143 } else { 144 *calling++ = ((*p >> 4) & 0x0F) + '0'; 145 } 146 } 147 } 148 149 *called = *calling = '\0'; 150 151 return 1 + (called_len + calling_len + 1) / 2; 152 } 153 154 int x25_addr_aton(unsigned char *p, struct x25_address *called_addr, 155 struct x25_address *calling_addr) 156 { 157 unsigned int called_len, calling_len; 158 char *called, *calling; 159 int i; 160 161 called = called_addr->x25_addr; 162 calling = calling_addr->x25_addr; 163 164 called_len = strlen(called); 165 calling_len = strlen(calling); 166 167 *p++ = (calling_len << 4) | (called_len << 0); 168 169 for (i = 0; i < (called_len + calling_len); i++) { 170 if (i < called_len) { 171 if (i % 2 != 0) { 172 *p |= (*called++ - '0') << 0; 173 p++; 174 } else { 175 *p = 0x00; 176 *p |= (*called++ - '0') << 4; 177 } 178 } else { 179 if (i % 2 != 0) { 180 *p |= (*calling++ - '0') << 0; 181 p++; 182 } else { 183 *p = 0x00; 184 *p |= (*calling++ - '0') << 4; 185 } 186 } 187 } 188 189 return 1 + (called_len + calling_len + 1) / 2; 190 } 191 192 /* 193 * Socket removal during an interrupt is now safe. 194 */ 195 static void x25_remove_socket(struct sock *sk) 196 { 197 write_lock_bh(&x25_list_lock); 198 sk_del_node_init(sk); 199 write_unlock_bh(&x25_list_lock); 200 } 201 202 /* 203 * Kill all bound sockets on a dropped device. 204 */ 205 static void x25_kill_by_device(struct net_device *dev) 206 { 207 struct sock *s; 208 209 write_lock_bh(&x25_list_lock); 210 211 sk_for_each(s, &x25_list) 212 if (x25_sk(s)->neighbour && x25_sk(s)->neighbour->dev == dev) 213 x25_disconnect(s, ENETUNREACH, 0, 0); 214 215 write_unlock_bh(&x25_list_lock); 216 } 217 218 /* 219 * Handle device status changes. 220 */ 221 static int x25_device_event(struct notifier_block *this, unsigned long event, 222 void *ptr) 223 { 224 struct net_device *dev = netdev_notifier_info_to_dev(ptr); 225 struct x25_neigh *nb; 226 227 if (!net_eq(dev_net(dev), &init_net)) 228 return NOTIFY_DONE; 229 230 if (dev->type == ARPHRD_X25 231 #if IS_ENABLED(CONFIG_LLC) 232 || dev->type == ARPHRD_ETHER 233 #endif 234 ) { 235 switch (event) { 236 case NETDEV_REGISTER: 237 case NETDEV_POST_TYPE_CHANGE: 238 x25_link_device_up(dev); 239 break; 240 case NETDEV_DOWN: 241 nb = x25_get_neigh(dev); 242 if (nb) { 243 x25_link_terminated(nb); 244 x25_neigh_put(nb); 245 } 246 x25_route_device_down(dev); 247 break; 248 case NETDEV_PRE_TYPE_CHANGE: 249 case NETDEV_UNREGISTER: 250 x25_link_device_down(dev); 251 break; 252 case NETDEV_CHANGE: 253 if (!netif_carrier_ok(dev)) { 254 nb = x25_get_neigh(dev); 255 if (nb) { 256 x25_link_terminated(nb); 257 x25_neigh_put(nb); 258 } 259 } 260 break; 261 } 262 } 263 264 return NOTIFY_DONE; 265 } 266 267 /* 268 * Add a socket to the bound sockets list. 269 */ 270 static void x25_insert_socket(struct sock *sk) 271 { 272 write_lock_bh(&x25_list_lock); 273 sk_add_node(sk, &x25_list); 274 write_unlock_bh(&x25_list_lock); 275 } 276 277 /* 278 * Find a socket that wants to accept the Call Request we just 279 * received. Check the full list for an address/cud match. 280 * If no cuds match return the next_best thing, an address match. 281 * Note: if a listening socket has cud set it must only get calls 282 * with matching cud. 283 */ 284 static struct sock *x25_find_listener(struct x25_address *addr, 285 struct sk_buff *skb) 286 { 287 struct sock *s; 288 struct sock *next_best; 289 290 read_lock_bh(&x25_list_lock); 291 next_best = NULL; 292 293 sk_for_each(s, &x25_list) 294 if ((!strcmp(addr->x25_addr, 295 x25_sk(s)->source_addr.x25_addr) || 296 !strcmp(x25_sk(s)->source_addr.x25_addr, 297 null_x25_address.x25_addr)) && 298 s->sk_state == TCP_LISTEN) { 299 /* 300 * Found a listening socket, now check the incoming 301 * call user data vs this sockets call user data 302 */ 303 if (x25_sk(s)->cudmatchlength > 0 && 304 skb->len >= x25_sk(s)->cudmatchlength) { 305 if((memcmp(x25_sk(s)->calluserdata.cuddata, 306 skb->data, 307 x25_sk(s)->cudmatchlength)) == 0) { 308 sock_hold(s); 309 goto found; 310 } 311 } else 312 next_best = s; 313 } 314 if (next_best) { 315 s = next_best; 316 sock_hold(s); 317 goto found; 318 } 319 s = NULL; 320 found: 321 read_unlock_bh(&x25_list_lock); 322 return s; 323 } 324 325 /* 326 * Find a connected X.25 socket given my LCI and neighbour. 327 */ 328 static struct sock *__x25_find_socket(unsigned int lci, struct x25_neigh *nb) 329 { 330 struct sock *s; 331 332 sk_for_each(s, &x25_list) 333 if (x25_sk(s)->lci == lci && x25_sk(s)->neighbour == nb) { 334 sock_hold(s); 335 goto found; 336 } 337 s = NULL; 338 found: 339 return s; 340 } 341 342 struct sock *x25_find_socket(unsigned int lci, struct x25_neigh *nb) 343 { 344 struct sock *s; 345 346 read_lock_bh(&x25_list_lock); 347 s = __x25_find_socket(lci, nb); 348 read_unlock_bh(&x25_list_lock); 349 return s; 350 } 351 352 /* 353 * Find a unique LCI for a given device. 354 */ 355 static unsigned int x25_new_lci(struct x25_neigh *nb) 356 { 357 unsigned int lci = 1; 358 struct sock *sk; 359 360 while ((sk = x25_find_socket(lci, nb)) != NULL) { 361 sock_put(sk); 362 if (++lci == 4096) { 363 lci = 0; 364 break; 365 } 366 cond_resched(); 367 } 368 369 return lci; 370 } 371 372 /* 373 * Deferred destroy. 374 */ 375 static void __x25_destroy_socket(struct sock *); 376 377 /* 378 * handler for deferred kills. 379 */ 380 static void x25_destroy_timer(struct timer_list *t) 381 { 382 struct sock *sk = from_timer(sk, t, sk_timer); 383 384 x25_destroy_socket_from_timer(sk); 385 } 386 387 /* 388 * This is called from user mode and the timers. Thus it protects itself 389 * against interrupt users but doesn't worry about being called during 390 * work. Once it is removed from the queue no interrupt or bottom half 391 * will touch it and we are (fairly 8-) ) safe. 392 * Not static as it's used by the timer 393 */ 394 static void __x25_destroy_socket(struct sock *sk) 395 { 396 struct sk_buff *skb; 397 398 x25_stop_heartbeat(sk); 399 x25_stop_timer(sk); 400 401 x25_remove_socket(sk); 402 x25_clear_queues(sk); /* Flush the queues */ 403 404 while ((skb = skb_dequeue(&sk->sk_receive_queue)) != NULL) { 405 if (skb->sk != sk) { /* A pending connection */ 406 /* 407 * Queue the unaccepted socket for death 408 */ 409 skb->sk->sk_state = TCP_LISTEN; 410 sock_set_flag(skb->sk, SOCK_DEAD); 411 x25_start_heartbeat(skb->sk); 412 x25_sk(skb->sk)->state = X25_STATE_0; 413 } 414 415 kfree_skb(skb); 416 } 417 418 if (sk_has_allocations(sk)) { 419 /* Defer: outstanding buffers */ 420 sk->sk_timer.expires = jiffies + 10 * HZ; 421 sk->sk_timer.function = x25_destroy_timer; 422 add_timer(&sk->sk_timer); 423 } else { 424 /* drop last reference so sock_put will free */ 425 __sock_put(sk); 426 } 427 } 428 429 void x25_destroy_socket_from_timer(struct sock *sk) 430 { 431 sock_hold(sk); 432 bh_lock_sock(sk); 433 __x25_destroy_socket(sk); 434 bh_unlock_sock(sk); 435 sock_put(sk); 436 } 437 438 /* 439 * Handling for system calls applied via the various interfaces to a 440 * X.25 socket object. 441 */ 442 443 static int x25_setsockopt(struct socket *sock, int level, int optname, 444 sockptr_t optval, unsigned int optlen) 445 { 446 int opt; 447 struct sock *sk = sock->sk; 448 int rc = -ENOPROTOOPT; 449 450 if (level != SOL_X25 || optname != X25_QBITINCL) 451 goto out; 452 453 rc = -EINVAL; 454 if (optlen < sizeof(int)) 455 goto out; 456 457 rc = -EFAULT; 458 if (copy_from_sockptr(&opt, optval, sizeof(int))) 459 goto out; 460 461 if (opt) 462 set_bit(X25_Q_BIT_FLAG, &x25_sk(sk)->flags); 463 else 464 clear_bit(X25_Q_BIT_FLAG, &x25_sk(sk)->flags); 465 rc = 0; 466 out: 467 return rc; 468 } 469 470 static int x25_getsockopt(struct socket *sock, int level, int optname, 471 char __user *optval, int __user *optlen) 472 { 473 struct sock *sk = sock->sk; 474 int val, len, rc = -ENOPROTOOPT; 475 476 if (level != SOL_X25 || optname != X25_QBITINCL) 477 goto out; 478 479 rc = -EFAULT; 480 if (get_user(len, optlen)) 481 goto out; 482 483 len = min_t(unsigned int, len, sizeof(int)); 484 485 rc = -EINVAL; 486 if (len < 0) 487 goto out; 488 489 rc = -EFAULT; 490 if (put_user(len, optlen)) 491 goto out; 492 493 val = test_bit(X25_Q_BIT_FLAG, &x25_sk(sk)->flags); 494 rc = copy_to_user(optval, &val, len) ? -EFAULT : 0; 495 out: 496 return rc; 497 } 498 499 static int x25_listen(struct socket *sock, int backlog) 500 { 501 struct sock *sk = sock->sk; 502 int rc = -EOPNOTSUPP; 503 504 lock_sock(sk); 505 if (sk->sk_state != TCP_LISTEN) { 506 memset(&x25_sk(sk)->dest_addr, 0, X25_ADDR_LEN); 507 sk->sk_max_ack_backlog = backlog; 508 sk->sk_state = TCP_LISTEN; 509 rc = 0; 510 } 511 release_sock(sk); 512 513 return rc; 514 } 515 516 static struct proto x25_proto = { 517 .name = "X25", 518 .owner = THIS_MODULE, 519 .obj_size = sizeof(struct x25_sock), 520 }; 521 522 static struct sock *x25_alloc_socket(struct net *net, int kern) 523 { 524 struct x25_sock *x25; 525 struct sock *sk = sk_alloc(net, AF_X25, GFP_ATOMIC, &x25_proto, kern); 526 527 if (!sk) 528 goto out; 529 530 sock_init_data(NULL, sk); 531 532 x25 = x25_sk(sk); 533 skb_queue_head_init(&x25->ack_queue); 534 skb_queue_head_init(&x25->fragment_queue); 535 skb_queue_head_init(&x25->interrupt_in_queue); 536 skb_queue_head_init(&x25->interrupt_out_queue); 537 out: 538 return sk; 539 } 540 541 static int x25_create(struct net *net, struct socket *sock, int protocol, 542 int kern) 543 { 544 struct sock *sk; 545 struct x25_sock *x25; 546 int rc = -EAFNOSUPPORT; 547 548 if (!net_eq(net, &init_net)) 549 goto out; 550 551 rc = -ESOCKTNOSUPPORT; 552 if (sock->type != SOCK_SEQPACKET) 553 goto out; 554 555 rc = -EINVAL; 556 if (protocol) 557 goto out; 558 559 rc = -ENOBUFS; 560 if ((sk = x25_alloc_socket(net, kern)) == NULL) 561 goto out; 562 563 x25 = x25_sk(sk); 564 565 sock_init_data(sock, sk); 566 567 x25_init_timers(sk); 568 569 sock->ops = &x25_proto_ops; 570 sk->sk_protocol = protocol; 571 sk->sk_backlog_rcv = x25_backlog_rcv; 572 573 x25->t21 = sysctl_x25_call_request_timeout; 574 x25->t22 = sysctl_x25_reset_request_timeout; 575 x25->t23 = sysctl_x25_clear_request_timeout; 576 x25->t2 = sysctl_x25_ack_holdback_timeout; 577 x25->state = X25_STATE_0; 578 x25->cudmatchlength = 0; 579 set_bit(X25_ACCPT_APPRV_FLAG, &x25->flags); /* normally no cud */ 580 /* on call accept */ 581 582 x25->facilities.winsize_in = X25_DEFAULT_WINDOW_SIZE; 583 x25->facilities.winsize_out = X25_DEFAULT_WINDOW_SIZE; 584 x25->facilities.pacsize_in = X25_DEFAULT_PACKET_SIZE; 585 x25->facilities.pacsize_out = X25_DEFAULT_PACKET_SIZE; 586 x25->facilities.throughput = 0; /* by default don't negotiate 587 throughput */ 588 x25->facilities.reverse = X25_DEFAULT_REVERSE; 589 x25->dte_facilities.calling_len = 0; 590 x25->dte_facilities.called_len = 0; 591 memset(x25->dte_facilities.called_ae, '\0', 592 sizeof(x25->dte_facilities.called_ae)); 593 memset(x25->dte_facilities.calling_ae, '\0', 594 sizeof(x25->dte_facilities.calling_ae)); 595 596 rc = 0; 597 out: 598 return rc; 599 } 600 601 static struct sock *x25_make_new(struct sock *osk) 602 { 603 struct sock *sk = NULL; 604 struct x25_sock *x25, *ox25; 605 606 if (osk->sk_type != SOCK_SEQPACKET) 607 goto out; 608 609 if ((sk = x25_alloc_socket(sock_net(osk), 0)) == NULL) 610 goto out; 611 612 x25 = x25_sk(sk); 613 614 sk->sk_type = osk->sk_type; 615 sk->sk_priority = osk->sk_priority; 616 sk->sk_protocol = osk->sk_protocol; 617 sk->sk_rcvbuf = osk->sk_rcvbuf; 618 sk->sk_sndbuf = osk->sk_sndbuf; 619 sk->sk_state = TCP_ESTABLISHED; 620 sk->sk_backlog_rcv = osk->sk_backlog_rcv; 621 sock_copy_flags(sk, osk); 622 623 ox25 = x25_sk(osk); 624 x25->t21 = ox25->t21; 625 x25->t22 = ox25->t22; 626 x25->t23 = ox25->t23; 627 x25->t2 = ox25->t2; 628 x25->flags = ox25->flags; 629 x25->facilities = ox25->facilities; 630 x25->dte_facilities = ox25->dte_facilities; 631 x25->cudmatchlength = ox25->cudmatchlength; 632 633 clear_bit(X25_INTERRUPT_FLAG, &x25->flags); 634 x25_init_timers(sk); 635 out: 636 return sk; 637 } 638 639 static int x25_release(struct socket *sock) 640 { 641 struct sock *sk = sock->sk; 642 struct x25_sock *x25; 643 644 if (!sk) 645 return 0; 646 647 x25 = x25_sk(sk); 648 649 sock_hold(sk); 650 lock_sock(sk); 651 switch (x25->state) { 652 653 case X25_STATE_0: 654 case X25_STATE_2: 655 x25_disconnect(sk, 0, 0, 0); 656 __x25_destroy_socket(sk); 657 goto out; 658 659 case X25_STATE_1: 660 case X25_STATE_3: 661 case X25_STATE_4: 662 x25_clear_queues(sk); 663 x25_write_internal(sk, X25_CLEAR_REQUEST); 664 x25_start_t23timer(sk); 665 x25->state = X25_STATE_2; 666 sk->sk_state = TCP_CLOSE; 667 sk->sk_shutdown |= SEND_SHUTDOWN; 668 sk->sk_state_change(sk); 669 sock_set_flag(sk, SOCK_DEAD); 670 sock_set_flag(sk, SOCK_DESTROY); 671 break; 672 673 case X25_STATE_5: 674 x25_write_internal(sk, X25_CLEAR_REQUEST); 675 x25_disconnect(sk, 0, 0, 0); 676 __x25_destroy_socket(sk); 677 goto out; 678 } 679 680 sock_orphan(sk); 681 out: 682 release_sock(sk); 683 sock_put(sk); 684 return 0; 685 } 686 687 static int x25_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) 688 { 689 struct sock *sk = sock->sk; 690 struct sockaddr_x25 *addr = (struct sockaddr_x25 *)uaddr; 691 int len, i, rc = 0; 692 693 if (addr_len != sizeof(struct sockaddr_x25) || 694 addr->sx25_family != AF_X25) { 695 rc = -EINVAL; 696 goto out; 697 } 698 699 /* check for the null_x25_address */ 700 if (strcmp(addr->sx25_addr.x25_addr, null_x25_address.x25_addr)) { 701 702 len = strlen(addr->sx25_addr.x25_addr); 703 for (i = 0; i < len; i++) { 704 if (!isdigit(addr->sx25_addr.x25_addr[i])) { 705 rc = -EINVAL; 706 goto out; 707 } 708 } 709 } 710 711 lock_sock(sk); 712 if (sock_flag(sk, SOCK_ZAPPED)) { 713 x25_sk(sk)->source_addr = addr->sx25_addr; 714 x25_insert_socket(sk); 715 sock_reset_flag(sk, SOCK_ZAPPED); 716 } else { 717 rc = -EINVAL; 718 } 719 release_sock(sk); 720 SOCK_DEBUG(sk, "x25_bind: socket is bound\n"); 721 out: 722 return rc; 723 } 724 725 static int x25_wait_for_connection_establishment(struct sock *sk) 726 { 727 DECLARE_WAITQUEUE(wait, current); 728 int rc; 729 730 add_wait_queue_exclusive(sk_sleep(sk), &wait); 731 for (;;) { 732 __set_current_state(TASK_INTERRUPTIBLE); 733 rc = -ERESTARTSYS; 734 if (signal_pending(current)) 735 break; 736 rc = sock_error(sk); 737 if (rc) { 738 sk->sk_socket->state = SS_UNCONNECTED; 739 break; 740 } 741 rc = 0; 742 if (sk->sk_state != TCP_ESTABLISHED) { 743 release_sock(sk); 744 schedule(); 745 lock_sock(sk); 746 } else 747 break; 748 } 749 __set_current_state(TASK_RUNNING); 750 remove_wait_queue(sk_sleep(sk), &wait); 751 return rc; 752 } 753 754 static int x25_connect(struct socket *sock, struct sockaddr *uaddr, 755 int addr_len, int flags) 756 { 757 struct sock *sk = sock->sk; 758 struct x25_sock *x25 = x25_sk(sk); 759 struct sockaddr_x25 *addr = (struct sockaddr_x25 *)uaddr; 760 struct x25_route *rt; 761 int rc = 0; 762 763 lock_sock(sk); 764 if (sk->sk_state == TCP_ESTABLISHED && sock->state == SS_CONNECTING) { 765 sock->state = SS_CONNECTED; 766 goto out; /* Connect completed during a ERESTARTSYS event */ 767 } 768 769 rc = -ECONNREFUSED; 770 if (sk->sk_state == TCP_CLOSE && sock->state == SS_CONNECTING) { 771 sock->state = SS_UNCONNECTED; 772 goto out; 773 } 774 775 rc = -EISCONN; /* No reconnect on a seqpacket socket */ 776 if (sk->sk_state == TCP_ESTABLISHED) 777 goto out; 778 779 rc = -EALREADY; /* Do nothing if call is already in progress */ 780 if (sk->sk_state == TCP_SYN_SENT) 781 goto out; 782 783 sk->sk_state = TCP_CLOSE; 784 sock->state = SS_UNCONNECTED; 785 786 rc = -EINVAL; 787 if (addr_len != sizeof(struct sockaddr_x25) || 788 addr->sx25_family != AF_X25) 789 goto out; 790 791 rc = -ENETUNREACH; 792 rt = x25_get_route(&addr->sx25_addr); 793 if (!rt) 794 goto out; 795 796 x25->neighbour = x25_get_neigh(rt->dev); 797 if (!x25->neighbour) 798 goto out_put_route; 799 800 x25_limit_facilities(&x25->facilities, x25->neighbour); 801 802 x25->lci = x25_new_lci(x25->neighbour); 803 if (!x25->lci) 804 goto out_put_neigh; 805 806 rc = -EINVAL; 807 if (sock_flag(sk, SOCK_ZAPPED)) /* Must bind first - autobinding does not work */ 808 goto out_put_neigh; 809 810 if (!strcmp(x25->source_addr.x25_addr, null_x25_address.x25_addr)) 811 memset(&x25->source_addr, '\0', X25_ADDR_LEN); 812 813 x25->dest_addr = addr->sx25_addr; 814 815 /* Move to connecting socket, start sending Connect Requests */ 816 sock->state = SS_CONNECTING; 817 sk->sk_state = TCP_SYN_SENT; 818 819 x25->state = X25_STATE_1; 820 821 x25_write_internal(sk, X25_CALL_REQUEST); 822 823 x25_start_heartbeat(sk); 824 x25_start_t21timer(sk); 825 826 /* Now the loop */ 827 rc = -EINPROGRESS; 828 if (sk->sk_state != TCP_ESTABLISHED && (flags & O_NONBLOCK)) 829 goto out; 830 831 rc = x25_wait_for_connection_establishment(sk); 832 if (rc) 833 goto out_put_neigh; 834 835 sock->state = SS_CONNECTED; 836 rc = 0; 837 out_put_neigh: 838 if (rc && x25->neighbour) { 839 read_lock_bh(&x25_list_lock); 840 x25_neigh_put(x25->neighbour); 841 x25->neighbour = NULL; 842 read_unlock_bh(&x25_list_lock); 843 x25->state = X25_STATE_0; 844 } 845 out_put_route: 846 x25_route_put(rt); 847 out: 848 release_sock(sk); 849 return rc; 850 } 851 852 static int x25_wait_for_data(struct sock *sk, long timeout) 853 { 854 DECLARE_WAITQUEUE(wait, current); 855 int rc = 0; 856 857 add_wait_queue_exclusive(sk_sleep(sk), &wait); 858 for (;;) { 859 __set_current_state(TASK_INTERRUPTIBLE); 860 if (sk->sk_shutdown & RCV_SHUTDOWN) 861 break; 862 rc = -ERESTARTSYS; 863 if (signal_pending(current)) 864 break; 865 rc = -EAGAIN; 866 if (!timeout) 867 break; 868 rc = 0; 869 if (skb_queue_empty(&sk->sk_receive_queue)) { 870 release_sock(sk); 871 timeout = schedule_timeout(timeout); 872 lock_sock(sk); 873 } else 874 break; 875 } 876 __set_current_state(TASK_RUNNING); 877 remove_wait_queue(sk_sleep(sk), &wait); 878 return rc; 879 } 880 881 static int x25_accept(struct socket *sock, struct socket *newsock, int flags, 882 bool kern) 883 { 884 struct sock *sk = sock->sk; 885 struct sock *newsk; 886 struct sk_buff *skb; 887 int rc = -EINVAL; 888 889 if (!sk) 890 goto out; 891 892 rc = -EOPNOTSUPP; 893 if (sk->sk_type != SOCK_SEQPACKET) 894 goto out; 895 896 lock_sock(sk); 897 rc = -EINVAL; 898 if (sk->sk_state != TCP_LISTEN) 899 goto out2; 900 901 rc = x25_wait_for_data(sk, sk->sk_rcvtimeo); 902 if (rc) 903 goto out2; 904 skb = skb_dequeue(&sk->sk_receive_queue); 905 rc = -EINVAL; 906 if (!skb->sk) 907 goto out2; 908 newsk = skb->sk; 909 sock_graft(newsk, newsock); 910 911 /* Now attach up the new socket */ 912 skb->sk = NULL; 913 kfree_skb(skb); 914 sk_acceptq_removed(sk); 915 newsock->state = SS_CONNECTED; 916 rc = 0; 917 out2: 918 release_sock(sk); 919 out: 920 return rc; 921 } 922 923 static int x25_getname(struct socket *sock, struct sockaddr *uaddr, 924 int peer) 925 { 926 struct sockaddr_x25 *sx25 = (struct sockaddr_x25 *)uaddr; 927 struct sock *sk = sock->sk; 928 struct x25_sock *x25 = x25_sk(sk); 929 int rc = 0; 930 931 if (peer) { 932 if (sk->sk_state != TCP_ESTABLISHED) { 933 rc = -ENOTCONN; 934 goto out; 935 } 936 sx25->sx25_addr = x25->dest_addr; 937 } else 938 sx25->sx25_addr = x25->source_addr; 939 940 sx25->sx25_family = AF_X25; 941 rc = sizeof(*sx25); 942 943 out: 944 return rc; 945 } 946 947 int x25_rx_call_request(struct sk_buff *skb, struct x25_neigh *nb, 948 unsigned int lci) 949 { 950 struct sock *sk; 951 struct sock *make; 952 struct x25_sock *makex25; 953 struct x25_address source_addr, dest_addr; 954 struct x25_facilities facilities; 955 struct x25_dte_facilities dte_facilities; 956 int len, addr_len, rc; 957 958 /* 959 * Remove the LCI and frame type. 960 */ 961 skb_pull(skb, X25_STD_MIN_LEN); 962 963 /* 964 * Extract the X.25 addresses and convert them to ASCII strings, 965 * and remove them. 966 * 967 * Address block is mandatory in call request packets 968 */ 969 addr_len = x25_parse_address_block(skb, &source_addr, &dest_addr); 970 if (addr_len <= 0) 971 goto out_clear_request; 972 skb_pull(skb, addr_len); 973 974 /* 975 * Get the length of the facilities, skip past them for the moment 976 * get the call user data because this is needed to determine 977 * the correct listener 978 * 979 * Facilities length is mandatory in call request packets 980 */ 981 if (!pskb_may_pull(skb, 1)) 982 goto out_clear_request; 983 len = skb->data[0] + 1; 984 if (!pskb_may_pull(skb, len)) 985 goto out_clear_request; 986 skb_pull(skb,len); 987 988 /* 989 * Ensure that the amount of call user data is valid. 990 */ 991 if (skb->len > X25_MAX_CUD_LEN) 992 goto out_clear_request; 993 994 /* 995 * Get all the call user data so it can be used in 996 * x25_find_listener and skb_copy_from_linear_data up ahead. 997 */ 998 if (!pskb_may_pull(skb, skb->len)) 999 goto out_clear_request; 1000 1001 /* 1002 * Find a listener for the particular address/cud pair. 1003 */ 1004 sk = x25_find_listener(&source_addr,skb); 1005 skb_push(skb,len); 1006 1007 if (sk != NULL && sk_acceptq_is_full(sk)) { 1008 goto out_sock_put; 1009 } 1010 1011 /* 1012 * We dont have any listeners for this incoming call. 1013 * Try forwarding it. 1014 */ 1015 if (sk == NULL) { 1016 skb_push(skb, addr_len + X25_STD_MIN_LEN); 1017 if (sysctl_x25_forward && 1018 x25_forward_call(&dest_addr, nb, skb, lci) > 0) 1019 { 1020 /* Call was forwarded, dont process it any more */ 1021 kfree_skb(skb); 1022 rc = 1; 1023 goto out; 1024 } else { 1025 /* No listeners, can't forward, clear the call */ 1026 goto out_clear_request; 1027 } 1028 } 1029 1030 /* 1031 * Try to reach a compromise on the requested facilities. 1032 */ 1033 len = x25_negotiate_facilities(skb, sk, &facilities, &dte_facilities); 1034 if (len == -1) 1035 goto out_sock_put; 1036 1037 /* 1038 * current neighbour/link might impose additional limits 1039 * on certain facilties 1040 */ 1041 1042 x25_limit_facilities(&facilities, nb); 1043 1044 /* 1045 * Try to create a new socket. 1046 */ 1047 make = x25_make_new(sk); 1048 if (!make) 1049 goto out_sock_put; 1050 1051 /* 1052 * Remove the facilities 1053 */ 1054 skb_pull(skb, len); 1055 1056 skb->sk = make; 1057 make->sk_state = TCP_ESTABLISHED; 1058 1059 makex25 = x25_sk(make); 1060 makex25->lci = lci; 1061 makex25->dest_addr = dest_addr; 1062 makex25->source_addr = source_addr; 1063 x25_neigh_hold(nb); 1064 makex25->neighbour = nb; 1065 makex25->facilities = facilities; 1066 makex25->dte_facilities= dte_facilities; 1067 makex25->vc_facil_mask = x25_sk(sk)->vc_facil_mask; 1068 /* ensure no reverse facil on accept */ 1069 makex25->vc_facil_mask &= ~X25_MASK_REVERSE; 1070 /* ensure no calling address extension on accept */ 1071 makex25->vc_facil_mask &= ~X25_MASK_CALLING_AE; 1072 makex25->cudmatchlength = x25_sk(sk)->cudmatchlength; 1073 1074 /* Normally all calls are accepted immediately */ 1075 if (test_bit(X25_ACCPT_APPRV_FLAG, &makex25->flags)) { 1076 x25_write_internal(make, X25_CALL_ACCEPTED); 1077 makex25->state = X25_STATE_3; 1078 } else { 1079 makex25->state = X25_STATE_5; 1080 } 1081 1082 /* 1083 * Incoming Call User Data. 1084 */ 1085 skb_copy_from_linear_data(skb, makex25->calluserdata.cuddata, skb->len); 1086 makex25->calluserdata.cudlength = skb->len; 1087 1088 sk_acceptq_added(sk); 1089 1090 x25_insert_socket(make); 1091 1092 skb_queue_head(&sk->sk_receive_queue, skb); 1093 1094 x25_start_heartbeat(make); 1095 1096 if (!sock_flag(sk, SOCK_DEAD)) 1097 sk->sk_data_ready(sk); 1098 rc = 1; 1099 sock_put(sk); 1100 out: 1101 return rc; 1102 out_sock_put: 1103 sock_put(sk); 1104 out_clear_request: 1105 rc = 0; 1106 x25_transmit_clear_request(nb, lci, 0x01); 1107 goto out; 1108 } 1109 1110 static int x25_sendmsg(struct socket *sock, struct msghdr *msg, size_t len) 1111 { 1112 struct sock *sk = sock->sk; 1113 struct x25_sock *x25 = x25_sk(sk); 1114 DECLARE_SOCKADDR(struct sockaddr_x25 *, usx25, msg->msg_name); 1115 struct sockaddr_x25 sx25; 1116 struct sk_buff *skb; 1117 unsigned char *asmptr; 1118 int noblock = msg->msg_flags & MSG_DONTWAIT; 1119 size_t size; 1120 int qbit = 0, rc = -EINVAL; 1121 1122 lock_sock(sk); 1123 if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_OOB|MSG_EOR|MSG_CMSG_COMPAT)) 1124 goto out; 1125 1126 /* we currently don't support segmented records at the user interface */ 1127 if (!(msg->msg_flags & (MSG_EOR|MSG_OOB))) 1128 goto out; 1129 1130 rc = -EADDRNOTAVAIL; 1131 if (sock_flag(sk, SOCK_ZAPPED)) 1132 goto out; 1133 1134 rc = -EPIPE; 1135 if (sk->sk_shutdown & SEND_SHUTDOWN) { 1136 send_sig(SIGPIPE, current, 0); 1137 goto out; 1138 } 1139 1140 rc = -ENETUNREACH; 1141 if (!x25->neighbour) 1142 goto out; 1143 1144 if (usx25) { 1145 rc = -EINVAL; 1146 if (msg->msg_namelen < sizeof(sx25)) 1147 goto out; 1148 memcpy(&sx25, usx25, sizeof(sx25)); 1149 rc = -EISCONN; 1150 if (strcmp(x25->dest_addr.x25_addr, sx25.sx25_addr.x25_addr)) 1151 goto out; 1152 rc = -EINVAL; 1153 if (sx25.sx25_family != AF_X25) 1154 goto out; 1155 } else { 1156 /* 1157 * FIXME 1003.1g - if the socket is like this because 1158 * it has become closed (not started closed) we ought 1159 * to SIGPIPE, EPIPE; 1160 */ 1161 rc = -ENOTCONN; 1162 if (sk->sk_state != TCP_ESTABLISHED) 1163 goto out; 1164 1165 sx25.sx25_family = AF_X25; 1166 sx25.sx25_addr = x25->dest_addr; 1167 } 1168 1169 /* Sanity check the packet size */ 1170 if (len > 65535) { 1171 rc = -EMSGSIZE; 1172 goto out; 1173 } 1174 1175 SOCK_DEBUG(sk, "x25_sendmsg: sendto: Addresses built.\n"); 1176 1177 /* Build a packet */ 1178 SOCK_DEBUG(sk, "x25_sendmsg: sendto: building packet.\n"); 1179 1180 if ((msg->msg_flags & MSG_OOB) && len > 32) 1181 len = 32; 1182 1183 size = len + X25_MAX_L2_LEN + X25_EXT_MIN_LEN; 1184 1185 release_sock(sk); 1186 skb = sock_alloc_send_skb(sk, size, noblock, &rc); 1187 lock_sock(sk); 1188 if (!skb) 1189 goto out; 1190 X25_SKB_CB(skb)->flags = msg->msg_flags; 1191 1192 skb_reserve(skb, X25_MAX_L2_LEN + X25_EXT_MIN_LEN); 1193 1194 /* 1195 * Put the data on the end 1196 */ 1197 SOCK_DEBUG(sk, "x25_sendmsg: Copying user data\n"); 1198 1199 skb_reset_transport_header(skb); 1200 skb_put(skb, len); 1201 1202 rc = memcpy_from_msg(skb_transport_header(skb), msg, len); 1203 if (rc) 1204 goto out_kfree_skb; 1205 1206 /* 1207 * If the Q BIT Include socket option is in force, the first 1208 * byte of the user data is the logical value of the Q Bit. 1209 */ 1210 if (test_bit(X25_Q_BIT_FLAG, &x25->flags)) { 1211 if (!pskb_may_pull(skb, 1)) 1212 goto out_kfree_skb; 1213 1214 qbit = skb->data[0]; 1215 skb_pull(skb, 1); 1216 } 1217 1218 /* 1219 * Push down the X.25 header 1220 */ 1221 SOCK_DEBUG(sk, "x25_sendmsg: Building X.25 Header.\n"); 1222 1223 if (msg->msg_flags & MSG_OOB) { 1224 if (x25->neighbour->extended) { 1225 asmptr = skb_push(skb, X25_STD_MIN_LEN); 1226 *asmptr++ = ((x25->lci >> 8) & 0x0F) | X25_GFI_EXTSEQ; 1227 *asmptr++ = (x25->lci >> 0) & 0xFF; 1228 *asmptr++ = X25_INTERRUPT; 1229 } else { 1230 asmptr = skb_push(skb, X25_STD_MIN_LEN); 1231 *asmptr++ = ((x25->lci >> 8) & 0x0F) | X25_GFI_STDSEQ; 1232 *asmptr++ = (x25->lci >> 0) & 0xFF; 1233 *asmptr++ = X25_INTERRUPT; 1234 } 1235 } else { 1236 if (x25->neighbour->extended) { 1237 /* Build an Extended X.25 header */ 1238 asmptr = skb_push(skb, X25_EXT_MIN_LEN); 1239 *asmptr++ = ((x25->lci >> 8) & 0x0F) | X25_GFI_EXTSEQ; 1240 *asmptr++ = (x25->lci >> 0) & 0xFF; 1241 *asmptr++ = X25_DATA; 1242 *asmptr++ = X25_DATA; 1243 } else { 1244 /* Build an Standard X.25 header */ 1245 asmptr = skb_push(skb, X25_STD_MIN_LEN); 1246 *asmptr++ = ((x25->lci >> 8) & 0x0F) | X25_GFI_STDSEQ; 1247 *asmptr++ = (x25->lci >> 0) & 0xFF; 1248 *asmptr++ = X25_DATA; 1249 } 1250 1251 if (qbit) 1252 skb->data[0] |= X25_Q_BIT; 1253 } 1254 1255 SOCK_DEBUG(sk, "x25_sendmsg: Built header.\n"); 1256 SOCK_DEBUG(sk, "x25_sendmsg: Transmitting buffer\n"); 1257 1258 rc = -ENOTCONN; 1259 if (sk->sk_state != TCP_ESTABLISHED) 1260 goto out_kfree_skb; 1261 1262 if (msg->msg_flags & MSG_OOB) 1263 skb_queue_tail(&x25->interrupt_out_queue, skb); 1264 else { 1265 rc = x25_output(sk, skb); 1266 len = rc; 1267 if (rc < 0) 1268 kfree_skb(skb); 1269 else if (test_bit(X25_Q_BIT_FLAG, &x25->flags)) 1270 len++; 1271 } 1272 1273 x25_kick(sk); 1274 rc = len; 1275 out: 1276 release_sock(sk); 1277 return rc; 1278 out_kfree_skb: 1279 kfree_skb(skb); 1280 goto out; 1281 } 1282 1283 1284 static int x25_recvmsg(struct socket *sock, struct msghdr *msg, size_t size, 1285 int flags) 1286 { 1287 struct sock *sk = sock->sk; 1288 struct x25_sock *x25 = x25_sk(sk); 1289 DECLARE_SOCKADDR(struct sockaddr_x25 *, sx25, msg->msg_name); 1290 size_t copied; 1291 int qbit, header_len; 1292 struct sk_buff *skb; 1293 unsigned char *asmptr; 1294 int rc = -ENOTCONN; 1295 1296 lock_sock(sk); 1297 1298 if (x25->neighbour == NULL) 1299 goto out; 1300 1301 header_len = x25->neighbour->extended ? 1302 X25_EXT_MIN_LEN : X25_STD_MIN_LEN; 1303 1304 /* 1305 * This works for seqpacket too. The receiver has ordered the queue for 1306 * us! We do one quick check first though 1307 */ 1308 if (sk->sk_state != TCP_ESTABLISHED) 1309 goto out; 1310 1311 if (flags & MSG_OOB) { 1312 rc = -EINVAL; 1313 if (sock_flag(sk, SOCK_URGINLINE) || 1314 !skb_peek(&x25->interrupt_in_queue)) 1315 goto out; 1316 1317 skb = skb_dequeue(&x25->interrupt_in_queue); 1318 1319 if (!pskb_may_pull(skb, X25_STD_MIN_LEN)) 1320 goto out_free_dgram; 1321 1322 skb_pull(skb, X25_STD_MIN_LEN); 1323 1324 /* 1325 * No Q bit information on Interrupt data. 1326 */ 1327 if (test_bit(X25_Q_BIT_FLAG, &x25->flags)) { 1328 asmptr = skb_push(skb, 1); 1329 *asmptr = 0x00; 1330 } 1331 1332 msg->msg_flags |= MSG_OOB; 1333 } else { 1334 /* Now we can treat all alike */ 1335 release_sock(sk); 1336 skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, 1337 flags & MSG_DONTWAIT, &rc); 1338 lock_sock(sk); 1339 if (!skb) 1340 goto out; 1341 1342 if (!pskb_may_pull(skb, header_len)) 1343 goto out_free_dgram; 1344 1345 qbit = (skb->data[0] & X25_Q_BIT) == X25_Q_BIT; 1346 1347 skb_pull(skb, header_len); 1348 1349 if (test_bit(X25_Q_BIT_FLAG, &x25->flags)) { 1350 asmptr = skb_push(skb, 1); 1351 *asmptr = qbit; 1352 } 1353 } 1354 1355 skb_reset_transport_header(skb); 1356 copied = skb->len; 1357 1358 if (copied > size) { 1359 copied = size; 1360 msg->msg_flags |= MSG_TRUNC; 1361 } 1362 1363 /* Currently, each datagram always contains a complete record */ 1364 msg->msg_flags |= MSG_EOR; 1365 1366 rc = skb_copy_datagram_msg(skb, 0, msg, copied); 1367 if (rc) 1368 goto out_free_dgram; 1369 1370 if (sx25) { 1371 sx25->sx25_family = AF_X25; 1372 sx25->sx25_addr = x25->dest_addr; 1373 msg->msg_namelen = sizeof(*sx25); 1374 } 1375 1376 x25_check_rbuf(sk); 1377 rc = copied; 1378 out_free_dgram: 1379 skb_free_datagram(sk, skb); 1380 out: 1381 release_sock(sk); 1382 return rc; 1383 } 1384 1385 1386 static int x25_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) 1387 { 1388 struct sock *sk = sock->sk; 1389 struct x25_sock *x25 = x25_sk(sk); 1390 void __user *argp = (void __user *)arg; 1391 int rc; 1392 1393 switch (cmd) { 1394 case TIOCOUTQ: { 1395 int amount; 1396 1397 amount = sk->sk_sndbuf - sk_wmem_alloc_get(sk); 1398 if (amount < 0) 1399 amount = 0; 1400 rc = put_user(amount, (unsigned int __user *)argp); 1401 break; 1402 } 1403 1404 case TIOCINQ: { 1405 struct sk_buff *skb; 1406 int amount = 0; 1407 /* 1408 * These two are safe on a single CPU system as 1409 * only user tasks fiddle here 1410 */ 1411 lock_sock(sk); 1412 if ((skb = skb_peek(&sk->sk_receive_queue)) != NULL) 1413 amount = skb->len; 1414 release_sock(sk); 1415 rc = put_user(amount, (unsigned int __user *)argp); 1416 break; 1417 } 1418 1419 case SIOCGIFADDR: 1420 case SIOCSIFADDR: 1421 case SIOCGIFDSTADDR: 1422 case SIOCSIFDSTADDR: 1423 case SIOCGIFBRDADDR: 1424 case SIOCSIFBRDADDR: 1425 case SIOCGIFNETMASK: 1426 case SIOCSIFNETMASK: 1427 case SIOCGIFMETRIC: 1428 case SIOCSIFMETRIC: 1429 rc = -EINVAL; 1430 break; 1431 case SIOCADDRT: 1432 case SIOCDELRT: 1433 rc = -EPERM; 1434 if (!capable(CAP_NET_ADMIN)) 1435 break; 1436 rc = x25_route_ioctl(cmd, argp); 1437 break; 1438 case SIOCX25GSUBSCRIP: 1439 rc = x25_subscr_ioctl(cmd, argp); 1440 break; 1441 case SIOCX25SSUBSCRIP: 1442 rc = -EPERM; 1443 if (!capable(CAP_NET_ADMIN)) 1444 break; 1445 rc = x25_subscr_ioctl(cmd, argp); 1446 break; 1447 case SIOCX25GFACILITIES: { 1448 lock_sock(sk); 1449 rc = copy_to_user(argp, &x25->facilities, 1450 sizeof(x25->facilities)) 1451 ? -EFAULT : 0; 1452 release_sock(sk); 1453 break; 1454 } 1455 1456 case SIOCX25SFACILITIES: { 1457 struct x25_facilities facilities; 1458 rc = -EFAULT; 1459 if (copy_from_user(&facilities, argp, sizeof(facilities))) 1460 break; 1461 rc = -EINVAL; 1462 lock_sock(sk); 1463 if (sk->sk_state != TCP_LISTEN && 1464 sk->sk_state != TCP_CLOSE) 1465 goto out_fac_release; 1466 if (facilities.pacsize_in < X25_PS16 || 1467 facilities.pacsize_in > X25_PS4096) 1468 goto out_fac_release; 1469 if (facilities.pacsize_out < X25_PS16 || 1470 facilities.pacsize_out > X25_PS4096) 1471 goto out_fac_release; 1472 if (facilities.winsize_in < 1 || 1473 facilities.winsize_in > 127) 1474 goto out_fac_release; 1475 if (facilities.throughput) { 1476 int out = facilities.throughput & 0xf0; 1477 int in = facilities.throughput & 0x0f; 1478 if (!out) 1479 facilities.throughput |= 1480 X25_DEFAULT_THROUGHPUT << 4; 1481 else if (out < 0x30 || out > 0xD0) 1482 goto out_fac_release; 1483 if (!in) 1484 facilities.throughput |= 1485 X25_DEFAULT_THROUGHPUT; 1486 else if (in < 0x03 || in > 0x0D) 1487 goto out_fac_release; 1488 } 1489 if (facilities.reverse && 1490 (facilities.reverse & 0x81) != 0x81) 1491 goto out_fac_release; 1492 x25->facilities = facilities; 1493 rc = 0; 1494 out_fac_release: 1495 release_sock(sk); 1496 break; 1497 } 1498 1499 case SIOCX25GDTEFACILITIES: { 1500 lock_sock(sk); 1501 rc = copy_to_user(argp, &x25->dte_facilities, 1502 sizeof(x25->dte_facilities)); 1503 release_sock(sk); 1504 if (rc) 1505 rc = -EFAULT; 1506 break; 1507 } 1508 1509 case SIOCX25SDTEFACILITIES: { 1510 struct x25_dte_facilities dtefacs; 1511 rc = -EFAULT; 1512 if (copy_from_user(&dtefacs, argp, sizeof(dtefacs))) 1513 break; 1514 rc = -EINVAL; 1515 lock_sock(sk); 1516 if (sk->sk_state != TCP_LISTEN && 1517 sk->sk_state != TCP_CLOSE) 1518 goto out_dtefac_release; 1519 if (dtefacs.calling_len > X25_MAX_AE_LEN) 1520 goto out_dtefac_release; 1521 if (dtefacs.called_len > X25_MAX_AE_LEN) 1522 goto out_dtefac_release; 1523 x25->dte_facilities = dtefacs; 1524 rc = 0; 1525 out_dtefac_release: 1526 release_sock(sk); 1527 break; 1528 } 1529 1530 case SIOCX25GCALLUSERDATA: { 1531 lock_sock(sk); 1532 rc = copy_to_user(argp, &x25->calluserdata, 1533 sizeof(x25->calluserdata)) 1534 ? -EFAULT : 0; 1535 release_sock(sk); 1536 break; 1537 } 1538 1539 case SIOCX25SCALLUSERDATA: { 1540 struct x25_calluserdata calluserdata; 1541 1542 rc = -EFAULT; 1543 if (copy_from_user(&calluserdata, argp, sizeof(calluserdata))) 1544 break; 1545 rc = -EINVAL; 1546 if (calluserdata.cudlength > X25_MAX_CUD_LEN) 1547 break; 1548 lock_sock(sk); 1549 x25->calluserdata = calluserdata; 1550 release_sock(sk); 1551 rc = 0; 1552 break; 1553 } 1554 1555 case SIOCX25GCAUSEDIAG: { 1556 lock_sock(sk); 1557 rc = copy_to_user(argp, &x25->causediag, sizeof(x25->causediag)) 1558 ? -EFAULT : 0; 1559 release_sock(sk); 1560 break; 1561 } 1562 1563 case SIOCX25SCAUSEDIAG: { 1564 struct x25_causediag causediag; 1565 rc = -EFAULT; 1566 if (copy_from_user(&causediag, argp, sizeof(causediag))) 1567 break; 1568 lock_sock(sk); 1569 x25->causediag = causediag; 1570 release_sock(sk); 1571 rc = 0; 1572 break; 1573 1574 } 1575 1576 case SIOCX25SCUDMATCHLEN: { 1577 struct x25_subaddr sub_addr; 1578 rc = -EINVAL; 1579 lock_sock(sk); 1580 if(sk->sk_state != TCP_CLOSE) 1581 goto out_cud_release; 1582 rc = -EFAULT; 1583 if (copy_from_user(&sub_addr, argp, 1584 sizeof(sub_addr))) 1585 goto out_cud_release; 1586 rc = -EINVAL; 1587 if (sub_addr.cudmatchlength > X25_MAX_CUD_LEN) 1588 goto out_cud_release; 1589 x25->cudmatchlength = sub_addr.cudmatchlength; 1590 rc = 0; 1591 out_cud_release: 1592 release_sock(sk); 1593 break; 1594 } 1595 1596 case SIOCX25CALLACCPTAPPRV: { 1597 rc = -EINVAL; 1598 lock_sock(sk); 1599 if (sk->sk_state == TCP_CLOSE) { 1600 clear_bit(X25_ACCPT_APPRV_FLAG, &x25->flags); 1601 rc = 0; 1602 } 1603 release_sock(sk); 1604 break; 1605 } 1606 1607 case SIOCX25SENDCALLACCPT: { 1608 rc = -EINVAL; 1609 lock_sock(sk); 1610 if (sk->sk_state != TCP_ESTABLISHED) 1611 goto out_sendcallaccpt_release; 1612 /* must call accptapprv above */ 1613 if (test_bit(X25_ACCPT_APPRV_FLAG, &x25->flags)) 1614 goto out_sendcallaccpt_release; 1615 x25_write_internal(sk, X25_CALL_ACCEPTED); 1616 x25->state = X25_STATE_3; 1617 rc = 0; 1618 out_sendcallaccpt_release: 1619 release_sock(sk); 1620 break; 1621 } 1622 1623 default: 1624 rc = -ENOIOCTLCMD; 1625 break; 1626 } 1627 1628 return rc; 1629 } 1630 1631 static const struct net_proto_family x25_family_ops = { 1632 .family = AF_X25, 1633 .create = x25_create, 1634 .owner = THIS_MODULE, 1635 }; 1636 1637 #ifdef CONFIG_COMPAT 1638 static int compat_x25_subscr_ioctl(unsigned int cmd, 1639 struct compat_x25_subscrip_struct __user *x25_subscr32) 1640 { 1641 struct compat_x25_subscrip_struct x25_subscr; 1642 struct x25_neigh *nb; 1643 struct net_device *dev; 1644 int rc = -EINVAL; 1645 1646 rc = -EFAULT; 1647 if (copy_from_user(&x25_subscr, x25_subscr32, sizeof(*x25_subscr32))) 1648 goto out; 1649 1650 rc = -EINVAL; 1651 dev = x25_dev_get(x25_subscr.device); 1652 if (dev == NULL) 1653 goto out; 1654 1655 nb = x25_get_neigh(dev); 1656 if (nb == NULL) 1657 goto out_dev_put; 1658 1659 dev_put(dev); 1660 1661 if (cmd == SIOCX25GSUBSCRIP) { 1662 read_lock_bh(&x25_neigh_list_lock); 1663 x25_subscr.extended = nb->extended; 1664 x25_subscr.global_facil_mask = nb->global_facil_mask; 1665 read_unlock_bh(&x25_neigh_list_lock); 1666 rc = copy_to_user(x25_subscr32, &x25_subscr, 1667 sizeof(*x25_subscr32)) ? -EFAULT : 0; 1668 } else { 1669 rc = -EINVAL; 1670 if (x25_subscr.extended == 0 || x25_subscr.extended == 1) { 1671 rc = 0; 1672 write_lock_bh(&x25_neigh_list_lock); 1673 nb->extended = x25_subscr.extended; 1674 nb->global_facil_mask = x25_subscr.global_facil_mask; 1675 write_unlock_bh(&x25_neigh_list_lock); 1676 } 1677 } 1678 x25_neigh_put(nb); 1679 out: 1680 return rc; 1681 out_dev_put: 1682 dev_put(dev); 1683 goto out; 1684 } 1685 1686 static int compat_x25_ioctl(struct socket *sock, unsigned int cmd, 1687 unsigned long arg) 1688 { 1689 void __user *argp = compat_ptr(arg); 1690 int rc = -ENOIOCTLCMD; 1691 1692 switch(cmd) { 1693 case TIOCOUTQ: 1694 case TIOCINQ: 1695 rc = x25_ioctl(sock, cmd, (unsigned long)argp); 1696 break; 1697 case SIOCGIFADDR: 1698 case SIOCSIFADDR: 1699 case SIOCGIFDSTADDR: 1700 case SIOCSIFDSTADDR: 1701 case SIOCGIFBRDADDR: 1702 case SIOCSIFBRDADDR: 1703 case SIOCGIFNETMASK: 1704 case SIOCSIFNETMASK: 1705 case SIOCGIFMETRIC: 1706 case SIOCSIFMETRIC: 1707 rc = -EINVAL; 1708 break; 1709 case SIOCADDRT: 1710 case SIOCDELRT: 1711 rc = -EPERM; 1712 if (!capable(CAP_NET_ADMIN)) 1713 break; 1714 rc = x25_route_ioctl(cmd, argp); 1715 break; 1716 case SIOCX25GSUBSCRIP: 1717 rc = compat_x25_subscr_ioctl(cmd, argp); 1718 break; 1719 case SIOCX25SSUBSCRIP: 1720 rc = -EPERM; 1721 if (!capable(CAP_NET_ADMIN)) 1722 break; 1723 rc = compat_x25_subscr_ioctl(cmd, argp); 1724 break; 1725 case SIOCX25GFACILITIES: 1726 case SIOCX25SFACILITIES: 1727 case SIOCX25GDTEFACILITIES: 1728 case SIOCX25SDTEFACILITIES: 1729 case SIOCX25GCALLUSERDATA: 1730 case SIOCX25SCALLUSERDATA: 1731 case SIOCX25GCAUSEDIAG: 1732 case SIOCX25SCAUSEDIAG: 1733 case SIOCX25SCUDMATCHLEN: 1734 case SIOCX25CALLACCPTAPPRV: 1735 case SIOCX25SENDCALLACCPT: 1736 rc = x25_ioctl(sock, cmd, (unsigned long)argp); 1737 break; 1738 default: 1739 rc = -ENOIOCTLCMD; 1740 break; 1741 } 1742 return rc; 1743 } 1744 #endif 1745 1746 static const struct proto_ops x25_proto_ops = { 1747 .family = AF_X25, 1748 .owner = THIS_MODULE, 1749 .release = x25_release, 1750 .bind = x25_bind, 1751 .connect = x25_connect, 1752 .socketpair = sock_no_socketpair, 1753 .accept = x25_accept, 1754 .getname = x25_getname, 1755 .poll = datagram_poll, 1756 .ioctl = x25_ioctl, 1757 #ifdef CONFIG_COMPAT 1758 .compat_ioctl = compat_x25_ioctl, 1759 #endif 1760 .gettstamp = sock_gettstamp, 1761 .listen = x25_listen, 1762 .shutdown = sock_no_shutdown, 1763 .setsockopt = x25_setsockopt, 1764 .getsockopt = x25_getsockopt, 1765 .sendmsg = x25_sendmsg, 1766 .recvmsg = x25_recvmsg, 1767 .mmap = sock_no_mmap, 1768 .sendpage = sock_no_sendpage, 1769 }; 1770 1771 static struct packet_type x25_packet_type __read_mostly = { 1772 .type = cpu_to_be16(ETH_P_X25), 1773 .func = x25_lapb_receive_frame, 1774 }; 1775 1776 static struct notifier_block x25_dev_notifier = { 1777 .notifier_call = x25_device_event, 1778 }; 1779 1780 void x25_kill_by_neigh(struct x25_neigh *nb) 1781 { 1782 struct sock *s; 1783 1784 write_lock_bh(&x25_list_lock); 1785 1786 sk_for_each(s, &x25_list) 1787 if (x25_sk(s)->neighbour == nb) 1788 x25_disconnect(s, ENETUNREACH, 0, 0); 1789 1790 write_unlock_bh(&x25_list_lock); 1791 1792 /* Remove any related forwards */ 1793 x25_clear_forward_by_dev(nb->dev); 1794 } 1795 1796 static int __init x25_init(void) 1797 { 1798 int rc; 1799 1800 rc = proto_register(&x25_proto, 0); 1801 if (rc) 1802 goto out; 1803 1804 rc = sock_register(&x25_family_ops); 1805 if (rc) 1806 goto out_proto; 1807 1808 dev_add_pack(&x25_packet_type); 1809 1810 rc = register_netdevice_notifier(&x25_dev_notifier); 1811 if (rc) 1812 goto out_sock; 1813 1814 rc = x25_register_sysctl(); 1815 if (rc) 1816 goto out_dev; 1817 1818 rc = x25_proc_init(); 1819 if (rc) 1820 goto out_sysctl; 1821 1822 pr_info("Linux Version 0.2\n"); 1823 1824 out: 1825 return rc; 1826 out_sysctl: 1827 x25_unregister_sysctl(); 1828 out_dev: 1829 unregister_netdevice_notifier(&x25_dev_notifier); 1830 out_sock: 1831 dev_remove_pack(&x25_packet_type); 1832 sock_unregister(AF_X25); 1833 out_proto: 1834 proto_unregister(&x25_proto); 1835 goto out; 1836 } 1837 module_init(x25_init); 1838 1839 static void __exit x25_exit(void) 1840 { 1841 x25_proc_exit(); 1842 x25_link_free(); 1843 x25_route_free(); 1844 1845 x25_unregister_sysctl(); 1846 1847 unregister_netdevice_notifier(&x25_dev_notifier); 1848 1849 dev_remove_pack(&x25_packet_type); 1850 1851 sock_unregister(AF_X25); 1852 proto_unregister(&x25_proto); 1853 } 1854 module_exit(x25_exit); 1855 1856 MODULE_AUTHOR("Jonathan Naylor <g4klx@g4klx.demon.co.uk>"); 1857 MODULE_DESCRIPTION("The X.25 Packet Layer network layer protocol"); 1858 MODULE_LICENSE("GPL"); 1859 MODULE_ALIAS_NETPROTO(PF_X25); 1860