1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * X.25 Packet Layer release 002 4 * 5 * This is ALPHA test software. This code may break your machine, 6 * randomly fail to work with new releases, misbehave and/or generally 7 * screw up. It might even work. 8 * 9 * This code REQUIRES 2.1.15 or higher 10 * 11 * History 12 * X.25 001 Split from x25_subr.c 13 * mar/20/00 Daniela Squassoni Disabling/enabling of facilities 14 * negotiation. 15 * apr/14/05 Shaun Pereira - Allow fast select with no restriction 16 * on response. 17 */ 18 19 #define pr_fmt(fmt) "X25: " fmt 20 21 #include <linux/kernel.h> 22 #include <linux/string.h> 23 #include <linux/skbuff.h> 24 #include <net/sock.h> 25 #include <net/x25.h> 26 27 /** 28 * x25_parse_facilities - Parse facilities from skb into the facilities structs 29 * 30 * @skb: sk_buff to parse 31 * @facilities: Regular facilities, updated as facilities are found 32 * @dte_facs: ITU DTE facilities, updated as DTE facilities are found 33 * @vc_fac_mask: mask is updated with all facilities found 34 * 35 * Return codes: 36 * -1 - Parsing error, caller should drop call and clean up 37 * 0 - Parse OK, this skb has no facilities 38 * >0 - Parse OK, returns the length of the facilities header 39 * 40 */ 41 int x25_parse_facilities(struct sk_buff *skb, struct x25_facilities *facilities, 42 struct x25_dte_facilities *dte_facs, unsigned long *vc_fac_mask) 43 { 44 unsigned char *p; 45 unsigned int len; 46 47 *vc_fac_mask = 0; 48 49 /* 50 * The kernel knows which facilities were set on an incoming call but 51 * currently this information is not available to userspace. Here we 52 * give userspace who read incoming call facilities 0 length to indicate 53 * it wasn't set. 54 */ 55 dte_facs->calling_len = 0; 56 dte_facs->called_len = 0; 57 memset(dte_facs->called_ae, '\0', sizeof(dte_facs->called_ae)); 58 memset(dte_facs->calling_ae, '\0', sizeof(dte_facs->calling_ae)); 59 60 if (!pskb_may_pull(skb, 1)) 61 return 0; 62 63 len = skb->data[0]; 64 65 if (!pskb_may_pull(skb, 1 + len)) 66 return -1; 67 68 p = skb->data + 1; 69 70 while (len > 0) { 71 switch (*p & X25_FAC_CLASS_MASK) { 72 case X25_FAC_CLASS_A: 73 if (len < 2) 74 return -1; 75 switch (*p) { 76 case X25_FAC_REVERSE: 77 if((p[1] & 0x81) == 0x81) { 78 facilities->reverse = p[1] & 0x81; 79 *vc_fac_mask |= X25_MASK_REVERSE; 80 break; 81 } 82 83 if((p[1] & 0x01) == 0x01) { 84 facilities->reverse = p[1] & 0x01; 85 *vc_fac_mask |= X25_MASK_REVERSE; 86 break; 87 } 88 89 if((p[1] & 0x80) == 0x80) { 90 facilities->reverse = p[1] & 0x80; 91 *vc_fac_mask |= X25_MASK_REVERSE; 92 break; 93 } 94 95 if(p[1] == 0x00) { 96 facilities->reverse 97 = X25_DEFAULT_REVERSE; 98 *vc_fac_mask |= X25_MASK_REVERSE; 99 break; 100 } 101 fallthrough; 102 case X25_FAC_THROUGHPUT: 103 facilities->throughput = p[1]; 104 *vc_fac_mask |= X25_MASK_THROUGHPUT; 105 break; 106 case X25_MARKER: 107 break; 108 default: 109 pr_debug("unknown facility " 110 "%02X, value %02X\n", 111 p[0], p[1]); 112 break; 113 } 114 p += 2; 115 len -= 2; 116 break; 117 case X25_FAC_CLASS_B: 118 if (len < 3) 119 return -1; 120 switch (*p) { 121 case X25_FAC_PACKET_SIZE: 122 facilities->pacsize_in = p[1]; 123 facilities->pacsize_out = p[2]; 124 *vc_fac_mask |= X25_MASK_PACKET_SIZE; 125 break; 126 case X25_FAC_WINDOW_SIZE: 127 facilities->winsize_in = p[1]; 128 facilities->winsize_out = p[2]; 129 *vc_fac_mask |= X25_MASK_WINDOW_SIZE; 130 break; 131 default: 132 pr_debug("unknown facility " 133 "%02X, values %02X, %02X\n", 134 p[0], p[1], p[2]); 135 break; 136 } 137 p += 3; 138 len -= 3; 139 break; 140 case X25_FAC_CLASS_C: 141 if (len < 4) 142 return -1; 143 pr_debug("unknown facility %02X, " 144 "values %02X, %02X, %02X\n", 145 p[0], p[1], p[2], p[3]); 146 p += 4; 147 len -= 4; 148 break; 149 case X25_FAC_CLASS_D: 150 if (len < p[1] + 2) 151 return -1; 152 switch (*p) { 153 case X25_FAC_CALLING_AE: 154 if (p[1] > X25_MAX_DTE_FACIL_LEN || p[1] <= 1) 155 return -1; 156 if (p[2] > X25_MAX_AE_LEN) 157 return -1; 158 dte_facs->calling_len = p[2]; 159 memcpy(dte_facs->calling_ae, &p[3], p[1] - 1); 160 *vc_fac_mask |= X25_MASK_CALLING_AE; 161 break; 162 case X25_FAC_CALLED_AE: 163 if (p[1] > X25_MAX_DTE_FACIL_LEN || p[1] <= 1) 164 return -1; 165 if (p[2] > X25_MAX_AE_LEN) 166 return -1; 167 dte_facs->called_len = p[2]; 168 memcpy(dte_facs->called_ae, &p[3], p[1] - 1); 169 *vc_fac_mask |= X25_MASK_CALLED_AE; 170 break; 171 default: 172 pr_debug("unknown facility %02X," 173 "length %d\n", p[0], p[1]); 174 break; 175 } 176 len -= p[1] + 2; 177 p += p[1] + 2; 178 break; 179 } 180 } 181 182 return p - skb->data; 183 } 184 185 /* 186 * Create a set of facilities. 187 */ 188 int x25_create_facilities(unsigned char *buffer, 189 struct x25_facilities *facilities, 190 struct x25_dte_facilities *dte_facs, unsigned long facil_mask) 191 { 192 unsigned char *p = buffer + 1; 193 int len; 194 195 if (!facil_mask) { 196 /* 197 * Length of the facilities field in call_req or 198 * call_accept packets 199 */ 200 buffer[0] = 0; 201 len = 1; /* 1 byte for the length field */ 202 return len; 203 } 204 205 if (facilities->reverse && (facil_mask & X25_MASK_REVERSE)) { 206 *p++ = X25_FAC_REVERSE; 207 *p++ = facilities->reverse; 208 } 209 210 if (facilities->throughput && (facil_mask & X25_MASK_THROUGHPUT)) { 211 *p++ = X25_FAC_THROUGHPUT; 212 *p++ = facilities->throughput; 213 } 214 215 if ((facilities->pacsize_in || facilities->pacsize_out) && 216 (facil_mask & X25_MASK_PACKET_SIZE)) { 217 *p++ = X25_FAC_PACKET_SIZE; 218 *p++ = facilities->pacsize_in ? : facilities->pacsize_out; 219 *p++ = facilities->pacsize_out ? : facilities->pacsize_in; 220 } 221 222 if ((facilities->winsize_in || facilities->winsize_out) && 223 (facil_mask & X25_MASK_WINDOW_SIZE)) { 224 *p++ = X25_FAC_WINDOW_SIZE; 225 *p++ = facilities->winsize_in ? : facilities->winsize_out; 226 *p++ = facilities->winsize_out ? : facilities->winsize_in; 227 } 228 229 if (facil_mask & (X25_MASK_CALLING_AE|X25_MASK_CALLED_AE)) { 230 *p++ = X25_MARKER; 231 *p++ = X25_DTE_SERVICES; 232 } 233 234 if (dte_facs->calling_len && (facil_mask & X25_MASK_CALLING_AE)) { 235 unsigned int bytecount = (dte_facs->calling_len + 1) >> 1; 236 *p++ = X25_FAC_CALLING_AE; 237 *p++ = 1 + bytecount; 238 *p++ = dte_facs->calling_len; 239 memcpy(p, dte_facs->calling_ae, bytecount); 240 p += bytecount; 241 } 242 243 if (dte_facs->called_len && (facil_mask & X25_MASK_CALLED_AE)) { 244 unsigned int bytecount = (dte_facs->called_len % 2) ? 245 dte_facs->called_len / 2 + 1 : 246 dte_facs->called_len / 2; 247 *p++ = X25_FAC_CALLED_AE; 248 *p++ = 1 + bytecount; 249 *p++ = dte_facs->called_len; 250 memcpy(p, dte_facs->called_ae, bytecount); 251 p+=bytecount; 252 } 253 254 len = p - buffer; 255 buffer[0] = len - 1; 256 257 return len; 258 } 259 260 /* 261 * Try to reach a compromise on a set of facilities. 262 * 263 * The only real problem is with reverse charging. 264 */ 265 int x25_negotiate_facilities(struct sk_buff *skb, struct sock *sk, 266 struct x25_facilities *new, struct x25_dte_facilities *dte) 267 { 268 struct x25_sock *x25 = x25_sk(sk); 269 struct x25_facilities *ours = &x25->facilities; 270 struct x25_facilities theirs; 271 int len; 272 273 memset(&theirs, 0, sizeof(theirs)); 274 memcpy(new, ours, sizeof(*new)); 275 memset(dte, 0, sizeof(*dte)); 276 277 len = x25_parse_facilities(skb, &theirs, dte, &x25->vc_facil_mask); 278 if (len < 0) 279 return len; 280 281 /* 282 * They want reverse charging, we won't accept it. 283 */ 284 if ((theirs.reverse & 0x01 ) && (ours->reverse & 0x01)) { 285 net_dbg_ratelimited("X.25: rejecting reverse charging request\n"); 286 return -1; 287 } 288 289 new->reverse = theirs.reverse; 290 291 if (theirs.throughput) { 292 int theirs_in = theirs.throughput & 0x0f; 293 int theirs_out = theirs.throughput & 0xf0; 294 int ours_in = ours->throughput & 0x0f; 295 int ours_out = ours->throughput & 0xf0; 296 if (!ours_in || theirs_in < ours_in) { 297 net_dbg_ratelimited("X.25: inbound throughput negotiated\n"); 298 new->throughput = (new->throughput & 0xf0) | theirs_in; 299 } 300 if (!ours_out || theirs_out < ours_out) { 301 net_dbg_ratelimited( 302 "X.25: outbound throughput negotiated\n"); 303 new->throughput = (new->throughput & 0x0f) | theirs_out; 304 } 305 } 306 307 if (theirs.pacsize_in && theirs.pacsize_out) { 308 if (theirs.pacsize_in < ours->pacsize_in) { 309 net_dbg_ratelimited("X.25: packet size inwards negotiated down\n"); 310 new->pacsize_in = theirs.pacsize_in; 311 } 312 if (theirs.pacsize_out < ours->pacsize_out) { 313 net_dbg_ratelimited("X.25: packet size outwards negotiated down\n"); 314 new->pacsize_out = theirs.pacsize_out; 315 } 316 } 317 318 if (theirs.winsize_in && theirs.winsize_out) { 319 if (theirs.winsize_in < ours->winsize_in) { 320 net_dbg_ratelimited("X.25: window size inwards negotiated down\n"); 321 new->winsize_in = theirs.winsize_in; 322 } 323 if (theirs.winsize_out < ours->winsize_out) { 324 net_dbg_ratelimited("X.25: window size outwards negotiated down\n"); 325 new->winsize_out = theirs.winsize_out; 326 } 327 } 328 329 return len; 330 } 331 332 /* 333 * Limit values of certain facilities according to the capability of the 334 * currently attached x25 link. 335 */ 336 void x25_limit_facilities(struct x25_facilities *facilities, 337 struct x25_neigh *nb) 338 { 339 340 if (!nb->extended) { 341 if (facilities->winsize_in > 7) { 342 pr_debug("incoming winsize limited to 7\n"); 343 facilities->winsize_in = 7; 344 } 345 if (facilities->winsize_out > 7) { 346 facilities->winsize_out = 7; 347 pr_debug("outgoing winsize limited to 7\n"); 348 } 349 } 350 } 351