1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 *
4 * Copyright (C) Alan Cox GW4PTS (alan@lxorguk.ukuu.org.uk)
5 * Copyright (C) Jonathan Naylor G4KLX (g4klx@g4klx.demon.co.uk)
6 * Copyright (C) Darryl Miles G7LED (dlm@g7led.demon.co.uk)
7 * Copyright (C) Steven Whitehouse GW7RRM (stevew@acm.org)
8 * Copyright (C) Joerg Reuter DL1BKE (jreuter@yaina.de)
9 * Copyright (C) Hans-Joachim Hetscher DD8NE (dd8ne@bnv-bamberg.de)
10 * Copyright (C) Hans Alblas PE1AYX (hans@esrac.ele.tue.nl)
11 * Copyright (C) Frederic Rible F1OAT (frible@teaser.fr)
12 */
13 #include <linux/capability.h>
14 #include <linux/module.h>
15 #include <linux/errno.h>
16 #include <linux/types.h>
17 #include <linux/socket.h>
18 #include <linux/in.h>
19 #include <linux/kernel.h>
20 #include <linux/sched/signal.h>
21 #include <linux/timer.h>
22 #include <linux/string.h>
23 #include <linux/sockios.h>
24 #include <linux/net.h>
25 #include <linux/slab.h>
26 #include <net/ax25.h>
27 #include <linux/inet.h>
28 #include <linux/netdevice.h>
29 #include <linux/if_arp.h>
30 #include <linux/skbuff.h>
31 #include <net/sock.h>
32 #include <linux/uaccess.h>
33 #include <linux/fcntl.h>
34 #include <linux/termios.h> /* For TIOCINQ/OUTQ */
35 #include <linux/mm.h>
36 #include <linux/interrupt.h>
37 #include <linux/notifier.h>
38 #include <linux/proc_fs.h>
39 #include <linux/stat.h>
40 #include <linux/sysctl.h>
41 #include <linux/init.h>
42 #include <linux/spinlock.h>
43 #include <net/net_namespace.h>
44 #include <net/tcp_states.h>
45 #include <net/ip.h>
46 #include <net/arp.h>
47
48
49
50 HLIST_HEAD(ax25_list);
51 DEFINE_SPINLOCK(ax25_list_lock);
52
53 static const struct proto_ops ax25_proto_ops;
54
ax25_free_sock(struct sock * sk)55 static void ax25_free_sock(struct sock *sk)
56 {
57 ax25_cb_put(sk_to_ax25(sk));
58 }
59
60 /*
61 * Socket removal during an interrupt is now safe.
62 */
ax25_cb_del(ax25_cb * ax25)63 static void ax25_cb_del(ax25_cb *ax25)
64 {
65 if (!hlist_unhashed(&ax25->ax25_node)) {
66 spin_lock_bh(&ax25_list_lock);
67 hlist_del_init(&ax25->ax25_node);
68 spin_unlock_bh(&ax25_list_lock);
69 ax25_cb_put(ax25);
70 }
71 }
72
73 /*
74 * Kill all bound sockets on a dropped device.
75 */
ax25_kill_by_device(struct net_device * dev)76 static void ax25_kill_by_device(struct net_device *dev)
77 {
78 ax25_dev *ax25_dev;
79 ax25_cb *s;
80
81 if ((ax25_dev = ax25_dev_ax25dev(dev)) == NULL)
82 return;
83
84 spin_lock_bh(&ax25_list_lock);
85 again:
86 ax25_for_each(s, &ax25_list) {
87 if (s->ax25_dev == ax25_dev) {
88 s->ax25_dev = NULL;
89 spin_unlock_bh(&ax25_list_lock);
90 ax25_disconnect(s, ENETUNREACH);
91 spin_lock_bh(&ax25_list_lock);
92
93 /* The entry could have been deleted from the
94 * list meanwhile and thus the next pointer is
95 * no longer valid. Play it safe and restart
96 * the scan. Forward progress is ensured
97 * because we set s->ax25_dev to NULL and we
98 * are never passed a NULL 'dev' argument.
99 */
100 goto again;
101 }
102 }
103 spin_unlock_bh(&ax25_list_lock);
104 }
105
106 /*
107 * Handle device status changes.
108 */
ax25_device_event(struct notifier_block * this,unsigned long event,void * ptr)109 static int ax25_device_event(struct notifier_block *this, unsigned long event,
110 void *ptr)
111 {
112 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
113
114 if (!net_eq(dev_net(dev), &init_net))
115 return NOTIFY_DONE;
116
117 /* Reject non AX.25 devices */
118 if (dev->type != ARPHRD_AX25)
119 return NOTIFY_DONE;
120
121 switch (event) {
122 case NETDEV_UP:
123 ax25_dev_device_up(dev);
124 break;
125 case NETDEV_DOWN:
126 ax25_kill_by_device(dev);
127 ax25_rt_device_down(dev);
128 ax25_dev_device_down(dev);
129 break;
130 default:
131 break;
132 }
133
134 return NOTIFY_DONE;
135 }
136
137 /*
138 * Add a socket to the bound sockets list.
139 */
ax25_cb_add(ax25_cb * ax25)140 void ax25_cb_add(ax25_cb *ax25)
141 {
142 spin_lock_bh(&ax25_list_lock);
143 ax25_cb_hold(ax25);
144 hlist_add_head(&ax25->ax25_node, &ax25_list);
145 spin_unlock_bh(&ax25_list_lock);
146 }
147
148 /*
149 * Find a socket that wants to accept the SABM we have just
150 * received.
151 */
ax25_find_listener(ax25_address * addr,int digi,struct net_device * dev,int type)152 struct sock *ax25_find_listener(ax25_address *addr, int digi,
153 struct net_device *dev, int type)
154 {
155 ax25_cb *s;
156
157 spin_lock(&ax25_list_lock);
158 ax25_for_each(s, &ax25_list) {
159 if ((s->iamdigi && !digi) || (!s->iamdigi && digi))
160 continue;
161 if (s->sk && !ax25cmp(&s->source_addr, addr) &&
162 s->sk->sk_type == type && s->sk->sk_state == TCP_LISTEN) {
163 /* If device is null we match any device */
164 if (s->ax25_dev == NULL || s->ax25_dev->dev == dev) {
165 sock_hold(s->sk);
166 spin_unlock(&ax25_list_lock);
167 return s->sk;
168 }
169 }
170 }
171 spin_unlock(&ax25_list_lock);
172
173 return NULL;
174 }
175
176 /*
177 * Find an AX.25 socket given both ends.
178 */
ax25_get_socket(ax25_address * my_addr,ax25_address * dest_addr,int type)179 struct sock *ax25_get_socket(ax25_address *my_addr, ax25_address *dest_addr,
180 int type)
181 {
182 struct sock *sk = NULL;
183 ax25_cb *s;
184
185 spin_lock(&ax25_list_lock);
186 ax25_for_each(s, &ax25_list) {
187 if (s->sk && !ax25cmp(&s->source_addr, my_addr) &&
188 !ax25cmp(&s->dest_addr, dest_addr) &&
189 s->sk->sk_type == type) {
190 sk = s->sk;
191 sock_hold(sk);
192 break;
193 }
194 }
195
196 spin_unlock(&ax25_list_lock);
197
198 return sk;
199 }
200
201 /*
202 * Find an AX.25 control block given both ends. It will only pick up
203 * floating AX.25 control blocks or non Raw socket bound control blocks.
204 */
ax25_find_cb(ax25_address * src_addr,ax25_address * dest_addr,ax25_digi * digi,struct net_device * dev)205 ax25_cb *ax25_find_cb(ax25_address *src_addr, ax25_address *dest_addr,
206 ax25_digi *digi, struct net_device *dev)
207 {
208 ax25_cb *s;
209
210 spin_lock_bh(&ax25_list_lock);
211 ax25_for_each(s, &ax25_list) {
212 if (s->sk && s->sk->sk_type != SOCK_SEQPACKET)
213 continue;
214 if (s->ax25_dev == NULL)
215 continue;
216 if (ax25cmp(&s->source_addr, src_addr) == 0 && ax25cmp(&s->dest_addr, dest_addr) == 0 && s->ax25_dev->dev == dev) {
217 if (digi != NULL && digi->ndigi != 0) {
218 if (s->digipeat == NULL)
219 continue;
220 if (ax25digicmp(s->digipeat, digi) != 0)
221 continue;
222 } else {
223 if (s->digipeat != NULL && s->digipeat->ndigi != 0)
224 continue;
225 }
226 ax25_cb_hold(s);
227 spin_unlock_bh(&ax25_list_lock);
228
229 return s;
230 }
231 }
232 spin_unlock_bh(&ax25_list_lock);
233
234 return NULL;
235 }
236
237 EXPORT_SYMBOL(ax25_find_cb);
238
ax25_send_to_raw(ax25_address * addr,struct sk_buff * skb,int proto)239 void ax25_send_to_raw(ax25_address *addr, struct sk_buff *skb, int proto)
240 {
241 ax25_cb *s;
242 struct sk_buff *copy;
243
244 spin_lock(&ax25_list_lock);
245 ax25_for_each(s, &ax25_list) {
246 if (s->sk != NULL && ax25cmp(&s->source_addr, addr) == 0 &&
247 s->sk->sk_type == SOCK_RAW &&
248 s->sk->sk_protocol == proto &&
249 s->ax25_dev->dev == skb->dev &&
250 atomic_read(&s->sk->sk_rmem_alloc) <= s->sk->sk_rcvbuf) {
251 if ((copy = skb_clone(skb, GFP_ATOMIC)) == NULL)
252 continue;
253 if (sock_queue_rcv_skb(s->sk, copy) != 0)
254 kfree_skb(copy);
255 }
256 }
257 spin_unlock(&ax25_list_lock);
258 }
259
260 /*
261 * Deferred destroy.
262 */
263 void ax25_destroy_socket(ax25_cb *);
264
265 /*
266 * Handler for deferred kills.
267 */
ax25_destroy_timer(struct timer_list * t)268 static void ax25_destroy_timer(struct timer_list *t)
269 {
270 ax25_cb *ax25 = from_timer(ax25, t, dtimer);
271 struct sock *sk;
272
273 sk=ax25->sk;
274
275 bh_lock_sock(sk);
276 sock_hold(sk);
277 ax25_destroy_socket(ax25);
278 bh_unlock_sock(sk);
279 sock_put(sk);
280 }
281
282 /*
283 * This is called from user mode and the timers. Thus it protects itself
284 * against interrupt users but doesn't worry about being called during
285 * work. Once it is removed from the queue no interrupt or bottom half
286 * will touch it and we are (fairly 8-) ) safe.
287 */
ax25_destroy_socket(ax25_cb * ax25)288 void ax25_destroy_socket(ax25_cb *ax25)
289 {
290 struct sk_buff *skb;
291
292 ax25_cb_del(ax25);
293
294 ax25_stop_heartbeat(ax25);
295 ax25_stop_t1timer(ax25);
296 ax25_stop_t2timer(ax25);
297 ax25_stop_t3timer(ax25);
298 ax25_stop_idletimer(ax25);
299
300 ax25_clear_queues(ax25); /* Flush the queues */
301
302 if (ax25->sk != NULL) {
303 while ((skb = skb_dequeue(&ax25->sk->sk_receive_queue)) != NULL) {
304 if (skb->sk != ax25->sk) {
305 /* A pending connection */
306 ax25_cb *sax25 = sk_to_ax25(skb->sk);
307
308 /* Queue the unaccepted socket for death */
309 sock_orphan(skb->sk);
310
311 /* 9A4GL: hack to release unaccepted sockets */
312 skb->sk->sk_state = TCP_LISTEN;
313
314 ax25_start_heartbeat(sax25);
315 sax25->state = AX25_STATE_0;
316 }
317
318 kfree_skb(skb);
319 }
320 skb_queue_purge(&ax25->sk->sk_write_queue);
321 }
322
323 if (ax25->sk != NULL) {
324 if (sk_has_allocations(ax25->sk)) {
325 /* Defer: outstanding buffers */
326 timer_setup(&ax25->dtimer, ax25_destroy_timer, 0);
327 ax25->dtimer.expires = jiffies + 2 * HZ;
328 add_timer(&ax25->dtimer);
329 } else {
330 struct sock *sk=ax25->sk;
331 ax25->sk=NULL;
332 sock_put(sk);
333 }
334 } else {
335 ax25_cb_put(ax25);
336 }
337 }
338
339 /*
340 * dl1bke 960311: set parameters for existing AX.25 connections,
341 * includes a KILL command to abort any connection.
342 * VERY useful for debugging ;-)
343 */
ax25_ctl_ioctl(const unsigned int cmd,void __user * arg)344 static int ax25_ctl_ioctl(const unsigned int cmd, void __user *arg)
345 {
346 struct ax25_ctl_struct ax25_ctl;
347 ax25_digi digi;
348 ax25_dev *ax25_dev;
349 ax25_cb *ax25;
350 unsigned int k;
351 int ret = 0;
352
353 if (copy_from_user(&ax25_ctl, arg, sizeof(ax25_ctl)))
354 return -EFAULT;
355
356 if ((ax25_dev = ax25_addr_ax25dev(&ax25_ctl.port_addr)) == NULL)
357 return -ENODEV;
358
359 if (ax25_ctl.digi_count > AX25_MAX_DIGIS)
360 return -EINVAL;
361
362 if (ax25_ctl.arg > ULONG_MAX / HZ && ax25_ctl.cmd != AX25_KILL)
363 return -EINVAL;
364
365 digi.ndigi = ax25_ctl.digi_count;
366 for (k = 0; k < digi.ndigi; k++)
367 digi.calls[k] = ax25_ctl.digi_addr[k];
368
369 if ((ax25 = ax25_find_cb(&ax25_ctl.source_addr, &ax25_ctl.dest_addr, &digi, ax25_dev->dev)) == NULL)
370 return -ENOTCONN;
371
372 switch (ax25_ctl.cmd) {
373 case AX25_KILL:
374 ax25_send_control(ax25, AX25_DISC, AX25_POLLON, AX25_COMMAND);
375 #ifdef CONFIG_AX25_DAMA_SLAVE
376 if (ax25_dev->dama.slave && ax25->ax25_dev->values[AX25_VALUES_PROTOCOL] == AX25_PROTO_DAMA_SLAVE)
377 ax25_dama_off(ax25);
378 #endif
379 ax25_disconnect(ax25, ENETRESET);
380 break;
381
382 case AX25_WINDOW:
383 if (ax25->modulus == AX25_MODULUS) {
384 if (ax25_ctl.arg < 1 || ax25_ctl.arg > 7)
385 goto einval_put;
386 } else {
387 if (ax25_ctl.arg < 1 || ax25_ctl.arg > 63)
388 goto einval_put;
389 }
390 ax25->window = ax25_ctl.arg;
391 break;
392
393 case AX25_T1:
394 if (ax25_ctl.arg < 1 || ax25_ctl.arg > ULONG_MAX / HZ)
395 goto einval_put;
396 ax25->rtt = (ax25_ctl.arg * HZ) / 2;
397 ax25->t1 = ax25_ctl.arg * HZ;
398 break;
399
400 case AX25_T2:
401 if (ax25_ctl.arg < 1 || ax25_ctl.arg > ULONG_MAX / HZ)
402 goto einval_put;
403 ax25->t2 = ax25_ctl.arg * HZ;
404 break;
405
406 case AX25_N2:
407 if (ax25_ctl.arg < 1 || ax25_ctl.arg > 31)
408 goto einval_put;
409 ax25->n2count = 0;
410 ax25->n2 = ax25_ctl.arg;
411 break;
412
413 case AX25_T3:
414 if (ax25_ctl.arg > ULONG_MAX / HZ)
415 goto einval_put;
416 ax25->t3 = ax25_ctl.arg * HZ;
417 break;
418
419 case AX25_IDLE:
420 if (ax25_ctl.arg > ULONG_MAX / (60 * HZ))
421 goto einval_put;
422
423 ax25->idle = ax25_ctl.arg * 60 * HZ;
424 break;
425
426 case AX25_PACLEN:
427 if (ax25_ctl.arg < 16 || ax25_ctl.arg > 65535)
428 goto einval_put;
429 ax25->paclen = ax25_ctl.arg;
430 break;
431
432 default:
433 goto einval_put;
434 }
435
436 out_put:
437 ax25_cb_put(ax25);
438 return ret;
439
440 einval_put:
441 ret = -EINVAL;
442 goto out_put;
443 }
444
ax25_fillin_cb_from_dev(ax25_cb * ax25,ax25_dev * ax25_dev)445 static void ax25_fillin_cb_from_dev(ax25_cb *ax25, ax25_dev *ax25_dev)
446 {
447 ax25->rtt = msecs_to_jiffies(ax25_dev->values[AX25_VALUES_T1]) / 2;
448 ax25->t1 = msecs_to_jiffies(ax25_dev->values[AX25_VALUES_T1]);
449 ax25->t2 = msecs_to_jiffies(ax25_dev->values[AX25_VALUES_T2]);
450 ax25->t3 = msecs_to_jiffies(ax25_dev->values[AX25_VALUES_T3]);
451 ax25->n2 = ax25_dev->values[AX25_VALUES_N2];
452 ax25->paclen = ax25_dev->values[AX25_VALUES_PACLEN];
453 ax25->idle = msecs_to_jiffies(ax25_dev->values[AX25_VALUES_IDLE]);
454 ax25->backoff = ax25_dev->values[AX25_VALUES_BACKOFF];
455
456 if (ax25_dev->values[AX25_VALUES_AXDEFMODE]) {
457 ax25->modulus = AX25_EMODULUS;
458 ax25->window = ax25_dev->values[AX25_VALUES_EWINDOW];
459 } else {
460 ax25->modulus = AX25_MODULUS;
461 ax25->window = ax25_dev->values[AX25_VALUES_WINDOW];
462 }
463 }
464
465 /*
466 * Fill in a created AX.25 created control block with the default
467 * values for a particular device.
468 */
ax25_fillin_cb(ax25_cb * ax25,ax25_dev * ax25_dev)469 void ax25_fillin_cb(ax25_cb *ax25, ax25_dev *ax25_dev)
470 {
471 ax25->ax25_dev = ax25_dev;
472
473 if (ax25->ax25_dev != NULL) {
474 ax25_fillin_cb_from_dev(ax25, ax25_dev);
475 return;
476 }
477
478 /*
479 * No device, use kernel / AX.25 spec default values
480 */
481 ax25->rtt = msecs_to_jiffies(AX25_DEF_T1) / 2;
482 ax25->t1 = msecs_to_jiffies(AX25_DEF_T1);
483 ax25->t2 = msecs_to_jiffies(AX25_DEF_T2);
484 ax25->t3 = msecs_to_jiffies(AX25_DEF_T3);
485 ax25->n2 = AX25_DEF_N2;
486 ax25->paclen = AX25_DEF_PACLEN;
487 ax25->idle = msecs_to_jiffies(AX25_DEF_IDLE);
488 ax25->backoff = AX25_DEF_BACKOFF;
489
490 if (AX25_DEF_AXDEFMODE) {
491 ax25->modulus = AX25_EMODULUS;
492 ax25->window = AX25_DEF_EWINDOW;
493 } else {
494 ax25->modulus = AX25_MODULUS;
495 ax25->window = AX25_DEF_WINDOW;
496 }
497 }
498
499 /*
500 * Create an empty AX.25 control block.
501 */
ax25_create_cb(void)502 ax25_cb *ax25_create_cb(void)
503 {
504 ax25_cb *ax25;
505
506 if ((ax25 = kzalloc(sizeof(*ax25), GFP_ATOMIC)) == NULL)
507 return NULL;
508
509 refcount_set(&ax25->refcount, 1);
510
511 skb_queue_head_init(&ax25->write_queue);
512 skb_queue_head_init(&ax25->frag_queue);
513 skb_queue_head_init(&ax25->ack_queue);
514 skb_queue_head_init(&ax25->reseq_queue);
515
516 ax25_setup_timers(ax25);
517
518 ax25_fillin_cb(ax25, NULL);
519
520 ax25->state = AX25_STATE_0;
521
522 return ax25;
523 }
524
525 /*
526 * Handling for system calls applied via the various interfaces to an
527 * AX25 socket object
528 */
529
ax25_setsockopt(struct socket * sock,int level,int optname,sockptr_t optval,unsigned int optlen)530 static int ax25_setsockopt(struct socket *sock, int level, int optname,
531 sockptr_t optval, unsigned int optlen)
532 {
533 struct sock *sk = sock->sk;
534 ax25_cb *ax25;
535 struct net_device *dev;
536 char devname[IFNAMSIZ];
537 unsigned long opt;
538 int res = 0;
539
540 if (level != SOL_AX25)
541 return -ENOPROTOOPT;
542
543 if (optlen < sizeof(unsigned int))
544 return -EINVAL;
545
546 if (copy_from_sockptr(&opt, optval, sizeof(unsigned int)))
547 return -EFAULT;
548
549 lock_sock(sk);
550 ax25 = sk_to_ax25(sk);
551
552 switch (optname) {
553 case AX25_WINDOW:
554 if (ax25->modulus == AX25_MODULUS) {
555 if (opt < 1 || opt > 7) {
556 res = -EINVAL;
557 break;
558 }
559 } else {
560 if (opt < 1 || opt > 63) {
561 res = -EINVAL;
562 break;
563 }
564 }
565 ax25->window = opt;
566 break;
567
568 case AX25_T1:
569 if (opt < 1 || opt > ULONG_MAX / HZ) {
570 res = -EINVAL;
571 break;
572 }
573 ax25->rtt = (opt * HZ) >> 1;
574 ax25->t1 = opt * HZ;
575 break;
576
577 case AX25_T2:
578 if (opt < 1 || opt > ULONG_MAX / HZ) {
579 res = -EINVAL;
580 break;
581 }
582 ax25->t2 = opt * HZ;
583 break;
584
585 case AX25_N2:
586 if (opt < 1 || opt > 31) {
587 res = -EINVAL;
588 break;
589 }
590 ax25->n2 = opt;
591 break;
592
593 case AX25_T3:
594 if (opt < 1 || opt > ULONG_MAX / HZ) {
595 res = -EINVAL;
596 break;
597 }
598 ax25->t3 = opt * HZ;
599 break;
600
601 case AX25_IDLE:
602 if (opt > ULONG_MAX / (60 * HZ)) {
603 res = -EINVAL;
604 break;
605 }
606 ax25->idle = opt * 60 * HZ;
607 break;
608
609 case AX25_BACKOFF:
610 if (opt > 2) {
611 res = -EINVAL;
612 break;
613 }
614 ax25->backoff = opt;
615 break;
616
617 case AX25_EXTSEQ:
618 ax25->modulus = opt ? AX25_EMODULUS : AX25_MODULUS;
619 break;
620
621 case AX25_PIDINCL:
622 ax25->pidincl = opt ? 1 : 0;
623 break;
624
625 case AX25_IAMDIGI:
626 ax25->iamdigi = opt ? 1 : 0;
627 break;
628
629 case AX25_PACLEN:
630 if (opt < 16 || opt > 65535) {
631 res = -EINVAL;
632 break;
633 }
634 ax25->paclen = opt;
635 break;
636
637 case SO_BINDTODEVICE:
638 if (optlen > IFNAMSIZ - 1)
639 optlen = IFNAMSIZ - 1;
640
641 memset(devname, 0, sizeof(devname));
642
643 if (copy_from_sockptr(devname, optval, optlen)) {
644 res = -EFAULT;
645 break;
646 }
647
648 if (sk->sk_type == SOCK_SEQPACKET &&
649 (sock->state != SS_UNCONNECTED ||
650 sk->sk_state == TCP_LISTEN)) {
651 res = -EADDRNOTAVAIL;
652 break;
653 }
654
655 rtnl_lock();
656 dev = __dev_get_by_name(&init_net, devname);
657 if (!dev) {
658 rtnl_unlock();
659 res = -ENODEV;
660 break;
661 }
662
663 ax25->ax25_dev = ax25_dev_ax25dev(dev);
664 if (!ax25->ax25_dev) {
665 rtnl_unlock();
666 res = -ENODEV;
667 break;
668 }
669 ax25_fillin_cb(ax25, ax25->ax25_dev);
670 rtnl_unlock();
671 break;
672
673 default:
674 res = -ENOPROTOOPT;
675 }
676 release_sock(sk);
677
678 return res;
679 }
680
ax25_getsockopt(struct socket * sock,int level,int optname,char __user * optval,int __user * optlen)681 static int ax25_getsockopt(struct socket *sock, int level, int optname,
682 char __user *optval, int __user *optlen)
683 {
684 struct sock *sk = sock->sk;
685 ax25_cb *ax25;
686 struct ax25_dev *ax25_dev;
687 char devname[IFNAMSIZ];
688 void *valptr;
689 int val = 0;
690 int maxlen, length;
691
692 if (level != SOL_AX25)
693 return -ENOPROTOOPT;
694
695 if (get_user(maxlen, optlen))
696 return -EFAULT;
697
698 if (maxlen < 1)
699 return -EFAULT;
700
701 valptr = (void *) &val;
702 length = min_t(unsigned int, maxlen, sizeof(int));
703
704 lock_sock(sk);
705 ax25 = sk_to_ax25(sk);
706
707 switch (optname) {
708 case AX25_WINDOW:
709 val = ax25->window;
710 break;
711
712 case AX25_T1:
713 val = ax25->t1 / HZ;
714 break;
715
716 case AX25_T2:
717 val = ax25->t2 / HZ;
718 break;
719
720 case AX25_N2:
721 val = ax25->n2;
722 break;
723
724 case AX25_T3:
725 val = ax25->t3 / HZ;
726 break;
727
728 case AX25_IDLE:
729 val = ax25->idle / (60 * HZ);
730 break;
731
732 case AX25_BACKOFF:
733 val = ax25->backoff;
734 break;
735
736 case AX25_EXTSEQ:
737 val = (ax25->modulus == AX25_EMODULUS);
738 break;
739
740 case AX25_PIDINCL:
741 val = ax25->pidincl;
742 break;
743
744 case AX25_IAMDIGI:
745 val = ax25->iamdigi;
746 break;
747
748 case AX25_PACLEN:
749 val = ax25->paclen;
750 break;
751
752 case SO_BINDTODEVICE:
753 ax25_dev = ax25->ax25_dev;
754
755 if (ax25_dev != NULL && ax25_dev->dev != NULL) {
756 strlcpy(devname, ax25_dev->dev->name, sizeof(devname));
757 length = strlen(devname) + 1;
758 } else {
759 *devname = '\0';
760 length = 1;
761 }
762
763 valptr = (void *) devname;
764 break;
765
766 default:
767 release_sock(sk);
768 return -ENOPROTOOPT;
769 }
770 release_sock(sk);
771
772 if (put_user(length, optlen))
773 return -EFAULT;
774
775 return copy_to_user(optval, valptr, length) ? -EFAULT : 0;
776 }
777
ax25_listen(struct socket * sock,int backlog)778 static int ax25_listen(struct socket *sock, int backlog)
779 {
780 struct sock *sk = sock->sk;
781 int res = 0;
782
783 lock_sock(sk);
784 if (sk->sk_type == SOCK_SEQPACKET && sk->sk_state != TCP_LISTEN) {
785 sk->sk_max_ack_backlog = backlog;
786 sk->sk_state = TCP_LISTEN;
787 goto out;
788 }
789 res = -EOPNOTSUPP;
790
791 out:
792 release_sock(sk);
793
794 return res;
795 }
796
797 /*
798 * XXX: when creating ax25_sock we should update the .obj_size setting
799 * below.
800 */
801 static struct proto ax25_proto = {
802 .name = "AX25",
803 .owner = THIS_MODULE,
804 .obj_size = sizeof(struct ax25_sock),
805 };
806
ax25_create(struct net * net,struct socket * sock,int protocol,int kern)807 static int ax25_create(struct net *net, struct socket *sock, int protocol,
808 int kern)
809 {
810 struct sock *sk;
811 ax25_cb *ax25;
812
813 if (protocol < 0 || protocol > U8_MAX)
814 return -EINVAL;
815
816 if (!net_eq(net, &init_net))
817 return -EAFNOSUPPORT;
818
819 switch (sock->type) {
820 case SOCK_DGRAM:
821 if (protocol == 0 || protocol == PF_AX25)
822 protocol = AX25_P_TEXT;
823 break;
824
825 case SOCK_SEQPACKET:
826 switch (protocol) {
827 case 0:
828 case PF_AX25: /* For CLX */
829 protocol = AX25_P_TEXT;
830 break;
831 case AX25_P_SEGMENT:
832 #ifdef CONFIG_INET
833 case AX25_P_ARP:
834 case AX25_P_IP:
835 #endif
836 #ifdef CONFIG_NETROM
837 case AX25_P_NETROM:
838 #endif
839 #ifdef CONFIG_ROSE
840 case AX25_P_ROSE:
841 #endif
842 return -ESOCKTNOSUPPORT;
843 #ifdef CONFIG_NETROM_MODULE
844 case AX25_P_NETROM:
845 if (ax25_protocol_is_registered(AX25_P_NETROM))
846 return -ESOCKTNOSUPPORT;
847 break;
848 #endif
849 #ifdef CONFIG_ROSE_MODULE
850 case AX25_P_ROSE:
851 if (ax25_protocol_is_registered(AX25_P_ROSE))
852 return -ESOCKTNOSUPPORT;
853 break;
854 #endif
855 default:
856 break;
857 }
858 break;
859
860 case SOCK_RAW:
861 if (!capable(CAP_NET_RAW))
862 return -EPERM;
863 break;
864 default:
865 return -ESOCKTNOSUPPORT;
866 }
867
868 sk = sk_alloc(net, PF_AX25, GFP_ATOMIC, &ax25_proto, kern);
869 if (sk == NULL)
870 return -ENOMEM;
871
872 ax25 = ax25_sk(sk)->cb = ax25_create_cb();
873 if (!ax25) {
874 sk_free(sk);
875 return -ENOMEM;
876 }
877
878 sock_init_data(sock, sk);
879
880 sk->sk_destruct = ax25_free_sock;
881 sock->ops = &ax25_proto_ops;
882 sk->sk_protocol = protocol;
883
884 ax25->sk = sk;
885
886 return 0;
887 }
888
ax25_make_new(struct sock * osk,struct ax25_dev * ax25_dev)889 struct sock *ax25_make_new(struct sock *osk, struct ax25_dev *ax25_dev)
890 {
891 struct sock *sk;
892 ax25_cb *ax25, *oax25;
893
894 sk = sk_alloc(sock_net(osk), PF_AX25, GFP_ATOMIC, osk->sk_prot, 0);
895 if (sk == NULL)
896 return NULL;
897
898 if ((ax25 = ax25_create_cb()) == NULL) {
899 sk_free(sk);
900 return NULL;
901 }
902
903 switch (osk->sk_type) {
904 case SOCK_DGRAM:
905 break;
906 case SOCK_SEQPACKET:
907 break;
908 default:
909 sk_free(sk);
910 ax25_cb_put(ax25);
911 return NULL;
912 }
913
914 sock_init_data(NULL, sk);
915
916 sk->sk_type = osk->sk_type;
917 sk->sk_priority = osk->sk_priority;
918 sk->sk_protocol = osk->sk_protocol;
919 sk->sk_rcvbuf = osk->sk_rcvbuf;
920 sk->sk_sndbuf = osk->sk_sndbuf;
921 sk->sk_state = TCP_ESTABLISHED;
922 sock_copy_flags(sk, osk);
923
924 oax25 = sk_to_ax25(osk);
925
926 ax25->modulus = oax25->modulus;
927 ax25->backoff = oax25->backoff;
928 ax25->pidincl = oax25->pidincl;
929 ax25->iamdigi = oax25->iamdigi;
930 ax25->rtt = oax25->rtt;
931 ax25->t1 = oax25->t1;
932 ax25->t2 = oax25->t2;
933 ax25->t3 = oax25->t3;
934 ax25->n2 = oax25->n2;
935 ax25->idle = oax25->idle;
936 ax25->paclen = oax25->paclen;
937 ax25->window = oax25->window;
938
939 ax25->ax25_dev = ax25_dev;
940 ax25->source_addr = oax25->source_addr;
941
942 if (oax25->digipeat != NULL) {
943 ax25->digipeat = kmemdup(oax25->digipeat, sizeof(ax25_digi),
944 GFP_ATOMIC);
945 if (ax25->digipeat == NULL) {
946 sk_free(sk);
947 ax25_cb_put(ax25);
948 return NULL;
949 }
950 }
951
952 ax25_sk(sk)->cb = ax25;
953 sk->sk_destruct = ax25_free_sock;
954 ax25->sk = sk;
955
956 return sk;
957 }
958
ax25_release(struct socket * sock)959 static int ax25_release(struct socket *sock)
960 {
961 struct sock *sk = sock->sk;
962 ax25_cb *ax25;
963
964 if (sk == NULL)
965 return 0;
966
967 sock_hold(sk);
968 sock_orphan(sk);
969 lock_sock(sk);
970 ax25 = sk_to_ax25(sk);
971
972 if (sk->sk_type == SOCK_SEQPACKET) {
973 switch (ax25->state) {
974 case AX25_STATE_0:
975 release_sock(sk);
976 ax25_disconnect(ax25, 0);
977 lock_sock(sk);
978 ax25_destroy_socket(ax25);
979 break;
980
981 case AX25_STATE_1:
982 case AX25_STATE_2:
983 ax25_send_control(ax25, AX25_DISC, AX25_POLLON, AX25_COMMAND);
984 release_sock(sk);
985 ax25_disconnect(ax25, 0);
986 lock_sock(sk);
987 if (!sock_flag(ax25->sk, SOCK_DESTROY))
988 ax25_destroy_socket(ax25);
989 break;
990
991 case AX25_STATE_3:
992 case AX25_STATE_4:
993 ax25_clear_queues(ax25);
994 ax25->n2count = 0;
995
996 switch (ax25->ax25_dev->values[AX25_VALUES_PROTOCOL]) {
997 case AX25_PROTO_STD_SIMPLEX:
998 case AX25_PROTO_STD_DUPLEX:
999 ax25_send_control(ax25,
1000 AX25_DISC,
1001 AX25_POLLON,
1002 AX25_COMMAND);
1003 ax25_stop_t2timer(ax25);
1004 ax25_stop_t3timer(ax25);
1005 ax25_stop_idletimer(ax25);
1006 break;
1007 #ifdef CONFIG_AX25_DAMA_SLAVE
1008 case AX25_PROTO_DAMA_SLAVE:
1009 ax25_stop_t3timer(ax25);
1010 ax25_stop_idletimer(ax25);
1011 break;
1012 #endif
1013 }
1014 ax25_calculate_t1(ax25);
1015 ax25_start_t1timer(ax25);
1016 ax25->state = AX25_STATE_2;
1017 sk->sk_state = TCP_CLOSE;
1018 sk->sk_shutdown |= SEND_SHUTDOWN;
1019 sk->sk_state_change(sk);
1020 sock_set_flag(sk, SOCK_DESTROY);
1021 break;
1022
1023 default:
1024 break;
1025 }
1026 } else {
1027 sk->sk_state = TCP_CLOSE;
1028 sk->sk_shutdown |= SEND_SHUTDOWN;
1029 sk->sk_state_change(sk);
1030 ax25_destroy_socket(ax25);
1031 }
1032
1033 sock->sk = NULL;
1034 release_sock(sk);
1035 sock_put(sk);
1036
1037 return 0;
1038 }
1039
1040 /*
1041 * We support a funny extension here so you can (as root) give any callsign
1042 * digipeated via a local address as source. This hack is obsolete now
1043 * that we've implemented support for SO_BINDTODEVICE. It is however small
1044 * and trivially backward compatible.
1045 */
ax25_bind(struct socket * sock,struct sockaddr * uaddr,int addr_len)1046 static int ax25_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
1047 {
1048 struct sock *sk = sock->sk;
1049 struct full_sockaddr_ax25 *addr = (struct full_sockaddr_ax25 *)uaddr;
1050 ax25_dev *ax25_dev = NULL;
1051 ax25_uid_assoc *user;
1052 ax25_address call;
1053 ax25_cb *ax25;
1054 int err = 0;
1055
1056 if (addr_len != sizeof(struct sockaddr_ax25) &&
1057 addr_len != sizeof(struct full_sockaddr_ax25))
1058 /* support for old structure may go away some time
1059 * ax25_bind(): uses old (6 digipeater) socket structure.
1060 */
1061 if ((addr_len < sizeof(struct sockaddr_ax25) + sizeof(ax25_address) * 6) ||
1062 (addr_len > sizeof(struct full_sockaddr_ax25)))
1063 return -EINVAL;
1064
1065 if (addr->fsa_ax25.sax25_family != AF_AX25)
1066 return -EINVAL;
1067
1068 user = ax25_findbyuid(current_euid());
1069 if (user) {
1070 call = user->call;
1071 ax25_uid_put(user);
1072 } else {
1073 if (ax25_uid_policy && !capable(CAP_NET_ADMIN))
1074 return -EACCES;
1075
1076 call = addr->fsa_ax25.sax25_call;
1077 }
1078
1079 lock_sock(sk);
1080
1081 ax25 = sk_to_ax25(sk);
1082 if (!sock_flag(sk, SOCK_ZAPPED)) {
1083 err = -EINVAL;
1084 goto out;
1085 }
1086
1087 ax25->source_addr = call;
1088
1089 /*
1090 * User already set interface with SO_BINDTODEVICE
1091 */
1092 if (ax25->ax25_dev != NULL)
1093 goto done;
1094
1095 if (addr_len > sizeof(struct sockaddr_ax25) && addr->fsa_ax25.sax25_ndigis == 1) {
1096 if (ax25cmp(&addr->fsa_digipeater[0], &null_ax25_address) != 0 &&
1097 (ax25_dev = ax25_addr_ax25dev(&addr->fsa_digipeater[0])) == NULL) {
1098 err = -EADDRNOTAVAIL;
1099 goto out;
1100 }
1101 } else {
1102 if ((ax25_dev = ax25_addr_ax25dev(&addr->fsa_ax25.sax25_call)) == NULL) {
1103 err = -EADDRNOTAVAIL;
1104 goto out;
1105 }
1106 }
1107
1108 if (ax25_dev != NULL)
1109 ax25_fillin_cb(ax25, ax25_dev);
1110
1111 done:
1112 ax25_cb_add(ax25);
1113 sock_reset_flag(sk, SOCK_ZAPPED);
1114
1115 out:
1116 release_sock(sk);
1117
1118 return err;
1119 }
1120
1121 /*
1122 * FIXME: nonblock behaviour looks like it may have a bug.
1123 */
ax25_connect(struct socket * sock,struct sockaddr * uaddr,int addr_len,int flags)1124 static int __must_check ax25_connect(struct socket *sock,
1125 struct sockaddr *uaddr, int addr_len, int flags)
1126 {
1127 struct sock *sk = sock->sk;
1128 ax25_cb *ax25 = sk_to_ax25(sk), *ax25t;
1129 struct full_sockaddr_ax25 *fsa = (struct full_sockaddr_ax25 *)uaddr;
1130 ax25_digi *digi = NULL;
1131 int ct = 0, err = 0;
1132
1133 /*
1134 * some sanity checks. code further down depends on this
1135 */
1136
1137 if (addr_len == sizeof(struct sockaddr_ax25))
1138 /* support for this will go away in early 2.5.x
1139 * ax25_connect(): uses obsolete socket structure
1140 */
1141 ;
1142 else if (addr_len != sizeof(struct full_sockaddr_ax25))
1143 /* support for old structure may go away some time
1144 * ax25_connect(): uses old (6 digipeater) socket structure.
1145 */
1146 if ((addr_len < sizeof(struct sockaddr_ax25) + sizeof(ax25_address) * 6) ||
1147 (addr_len > sizeof(struct full_sockaddr_ax25)))
1148 return -EINVAL;
1149
1150
1151 if (fsa->fsa_ax25.sax25_family != AF_AX25)
1152 return -EINVAL;
1153
1154 lock_sock(sk);
1155
1156 /* deal with restarts */
1157 if (sock->state == SS_CONNECTING) {
1158 switch (sk->sk_state) {
1159 case TCP_SYN_SENT: /* still trying */
1160 err = -EINPROGRESS;
1161 goto out_release;
1162
1163 case TCP_ESTABLISHED: /* connection established */
1164 sock->state = SS_CONNECTED;
1165 goto out_release;
1166
1167 case TCP_CLOSE: /* connection refused */
1168 sock->state = SS_UNCONNECTED;
1169 err = -ECONNREFUSED;
1170 goto out_release;
1171 }
1172 }
1173
1174 if (sk->sk_state == TCP_ESTABLISHED && sk->sk_type == SOCK_SEQPACKET) {
1175 err = -EISCONN; /* No reconnect on a seqpacket socket */
1176 goto out_release;
1177 }
1178
1179 sk->sk_state = TCP_CLOSE;
1180 sock->state = SS_UNCONNECTED;
1181
1182 kfree(ax25->digipeat);
1183 ax25->digipeat = NULL;
1184
1185 /*
1186 * Handle digi-peaters to be used.
1187 */
1188 if (addr_len > sizeof(struct sockaddr_ax25) &&
1189 fsa->fsa_ax25.sax25_ndigis != 0) {
1190 /* Valid number of digipeaters ? */
1191 if (fsa->fsa_ax25.sax25_ndigis < 1 ||
1192 fsa->fsa_ax25.sax25_ndigis > AX25_MAX_DIGIS ||
1193 addr_len < sizeof(struct sockaddr_ax25) +
1194 sizeof(ax25_address) * fsa->fsa_ax25.sax25_ndigis) {
1195 err = -EINVAL;
1196 goto out_release;
1197 }
1198
1199 if ((digi = kmalloc(sizeof(ax25_digi), GFP_KERNEL)) == NULL) {
1200 err = -ENOBUFS;
1201 goto out_release;
1202 }
1203
1204 digi->ndigi = fsa->fsa_ax25.sax25_ndigis;
1205 digi->lastrepeat = -1;
1206
1207 while (ct < fsa->fsa_ax25.sax25_ndigis) {
1208 if ((fsa->fsa_digipeater[ct].ax25_call[6] &
1209 AX25_HBIT) && ax25->iamdigi) {
1210 digi->repeated[ct] = 1;
1211 digi->lastrepeat = ct;
1212 } else {
1213 digi->repeated[ct] = 0;
1214 }
1215 digi->calls[ct] = fsa->fsa_digipeater[ct];
1216 ct++;
1217 }
1218 }
1219
1220 /*
1221 * Must bind first - autobinding in this may or may not work. If
1222 * the socket is already bound, check to see if the device has
1223 * been filled in, error if it hasn't.
1224 */
1225 if (sock_flag(sk, SOCK_ZAPPED)) {
1226 /* check if we can remove this feature. It is broken. */
1227 printk(KERN_WARNING "ax25_connect(): %s uses autobind, please contact jreuter@yaina.de\n",
1228 current->comm);
1229 if ((err = ax25_rt_autobind(ax25, &fsa->fsa_ax25.sax25_call)) < 0) {
1230 kfree(digi);
1231 goto out_release;
1232 }
1233
1234 ax25_fillin_cb(ax25, ax25->ax25_dev);
1235 ax25_cb_add(ax25);
1236 } else {
1237 if (ax25->ax25_dev == NULL) {
1238 kfree(digi);
1239 err = -EHOSTUNREACH;
1240 goto out_release;
1241 }
1242 }
1243
1244 if (sk->sk_type == SOCK_SEQPACKET &&
1245 (ax25t=ax25_find_cb(&ax25->source_addr, &fsa->fsa_ax25.sax25_call, digi,
1246 ax25->ax25_dev->dev))) {
1247 kfree(digi);
1248 err = -EADDRINUSE; /* Already such a connection */
1249 ax25_cb_put(ax25t);
1250 goto out_release;
1251 }
1252
1253 ax25->dest_addr = fsa->fsa_ax25.sax25_call;
1254 ax25->digipeat = digi;
1255
1256 /* First the easy one */
1257 if (sk->sk_type != SOCK_SEQPACKET) {
1258 sock->state = SS_CONNECTED;
1259 sk->sk_state = TCP_ESTABLISHED;
1260 goto out_release;
1261 }
1262
1263 /* Move to connecting socket, ax.25 lapb WAIT_UA.. */
1264 sock->state = SS_CONNECTING;
1265 sk->sk_state = TCP_SYN_SENT;
1266
1267 switch (ax25->ax25_dev->values[AX25_VALUES_PROTOCOL]) {
1268 case AX25_PROTO_STD_SIMPLEX:
1269 case AX25_PROTO_STD_DUPLEX:
1270 ax25_std_establish_data_link(ax25);
1271 break;
1272
1273 #ifdef CONFIG_AX25_DAMA_SLAVE
1274 case AX25_PROTO_DAMA_SLAVE:
1275 ax25->modulus = AX25_MODULUS;
1276 ax25->window = ax25->ax25_dev->values[AX25_VALUES_WINDOW];
1277 if (ax25->ax25_dev->dama.slave)
1278 ax25_ds_establish_data_link(ax25);
1279 else
1280 ax25_std_establish_data_link(ax25);
1281 break;
1282 #endif
1283 }
1284
1285 ax25->state = AX25_STATE_1;
1286
1287 ax25_start_heartbeat(ax25);
1288
1289 /* Now the loop */
1290 if (sk->sk_state != TCP_ESTABLISHED && (flags & O_NONBLOCK)) {
1291 err = -EINPROGRESS;
1292 goto out_release;
1293 }
1294
1295 if (sk->sk_state == TCP_SYN_SENT) {
1296 DEFINE_WAIT(wait);
1297
1298 for (;;) {
1299 prepare_to_wait(sk_sleep(sk), &wait,
1300 TASK_INTERRUPTIBLE);
1301 if (sk->sk_state != TCP_SYN_SENT)
1302 break;
1303 if (!signal_pending(current)) {
1304 release_sock(sk);
1305 schedule();
1306 lock_sock(sk);
1307 continue;
1308 }
1309 err = -ERESTARTSYS;
1310 break;
1311 }
1312 finish_wait(sk_sleep(sk), &wait);
1313
1314 if (err)
1315 goto out_release;
1316 }
1317
1318 if (sk->sk_state != TCP_ESTABLISHED) {
1319 /* Not in ABM, not in WAIT_UA -> failed */
1320 sock->state = SS_UNCONNECTED;
1321 err = sock_error(sk); /* Always set at this point */
1322 goto out_release;
1323 }
1324
1325 sock->state = SS_CONNECTED;
1326
1327 err = 0;
1328 out_release:
1329 release_sock(sk);
1330
1331 return err;
1332 }
1333
ax25_accept(struct socket * sock,struct socket * newsock,int flags,bool kern)1334 static int ax25_accept(struct socket *sock, struct socket *newsock, int flags,
1335 bool kern)
1336 {
1337 struct sk_buff *skb;
1338 struct sock *newsk;
1339 DEFINE_WAIT(wait);
1340 struct sock *sk;
1341 int err = 0;
1342
1343 if (sock->state != SS_UNCONNECTED)
1344 return -EINVAL;
1345
1346 if ((sk = sock->sk) == NULL)
1347 return -EINVAL;
1348
1349 lock_sock(sk);
1350 if (sk->sk_type != SOCK_SEQPACKET) {
1351 err = -EOPNOTSUPP;
1352 goto out;
1353 }
1354
1355 if (sk->sk_state != TCP_LISTEN) {
1356 err = -EINVAL;
1357 goto out;
1358 }
1359
1360 /*
1361 * The read queue this time is holding sockets ready to use
1362 * hooked into the SABM we saved
1363 */
1364 for (;;) {
1365 prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE);
1366 skb = skb_dequeue(&sk->sk_receive_queue);
1367 if (skb)
1368 break;
1369
1370 if (flags & O_NONBLOCK) {
1371 err = -EWOULDBLOCK;
1372 break;
1373 }
1374 if (!signal_pending(current)) {
1375 release_sock(sk);
1376 schedule();
1377 lock_sock(sk);
1378 continue;
1379 }
1380 err = -ERESTARTSYS;
1381 break;
1382 }
1383 finish_wait(sk_sleep(sk), &wait);
1384
1385 if (err)
1386 goto out;
1387
1388 newsk = skb->sk;
1389 sock_graft(newsk, newsock);
1390
1391 /* Now attach up the new socket */
1392 kfree_skb(skb);
1393 sk_acceptq_removed(sk);
1394 newsock->state = SS_CONNECTED;
1395
1396 out:
1397 release_sock(sk);
1398
1399 return err;
1400 }
1401
ax25_getname(struct socket * sock,struct sockaddr * uaddr,int peer)1402 static int ax25_getname(struct socket *sock, struct sockaddr *uaddr,
1403 int peer)
1404 {
1405 struct full_sockaddr_ax25 *fsa = (struct full_sockaddr_ax25 *)uaddr;
1406 struct sock *sk = sock->sk;
1407 unsigned char ndigi, i;
1408 ax25_cb *ax25;
1409 int err = 0;
1410
1411 memset(fsa, 0, sizeof(*fsa));
1412 lock_sock(sk);
1413 ax25 = sk_to_ax25(sk);
1414
1415 if (peer != 0) {
1416 if (sk->sk_state != TCP_ESTABLISHED) {
1417 err = -ENOTCONN;
1418 goto out;
1419 }
1420
1421 fsa->fsa_ax25.sax25_family = AF_AX25;
1422 fsa->fsa_ax25.sax25_call = ax25->dest_addr;
1423
1424 if (ax25->digipeat != NULL) {
1425 ndigi = ax25->digipeat->ndigi;
1426 fsa->fsa_ax25.sax25_ndigis = ndigi;
1427 for (i = 0; i < ndigi; i++)
1428 fsa->fsa_digipeater[i] =
1429 ax25->digipeat->calls[i];
1430 }
1431 } else {
1432 fsa->fsa_ax25.sax25_family = AF_AX25;
1433 fsa->fsa_ax25.sax25_call = ax25->source_addr;
1434 fsa->fsa_ax25.sax25_ndigis = 1;
1435 if (ax25->ax25_dev != NULL) {
1436 memcpy(&fsa->fsa_digipeater[0],
1437 ax25->ax25_dev->dev->dev_addr, AX25_ADDR_LEN);
1438 } else {
1439 fsa->fsa_digipeater[0] = null_ax25_address;
1440 }
1441 }
1442 err = sizeof (struct full_sockaddr_ax25);
1443
1444 out:
1445 release_sock(sk);
1446
1447 return err;
1448 }
1449
ax25_sendmsg(struct socket * sock,struct msghdr * msg,size_t len)1450 static int ax25_sendmsg(struct socket *sock, struct msghdr *msg, size_t len)
1451 {
1452 DECLARE_SOCKADDR(struct sockaddr_ax25 *, usax, msg->msg_name);
1453 struct sock *sk = sock->sk;
1454 struct sockaddr_ax25 sax;
1455 struct sk_buff *skb;
1456 ax25_digi dtmp, *dp;
1457 ax25_cb *ax25;
1458 size_t size;
1459 int lv, err, addr_len = msg->msg_namelen;
1460
1461 if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_EOR|MSG_CMSG_COMPAT))
1462 return -EINVAL;
1463
1464 lock_sock(sk);
1465 ax25 = sk_to_ax25(sk);
1466
1467 if (sock_flag(sk, SOCK_ZAPPED)) {
1468 err = -EADDRNOTAVAIL;
1469 goto out;
1470 }
1471
1472 if (sk->sk_shutdown & SEND_SHUTDOWN) {
1473 send_sig(SIGPIPE, current, 0);
1474 err = -EPIPE;
1475 goto out;
1476 }
1477
1478 if (ax25->ax25_dev == NULL) {
1479 err = -ENETUNREACH;
1480 goto out;
1481 }
1482
1483 if (len > ax25->ax25_dev->dev->mtu) {
1484 err = -EMSGSIZE;
1485 goto out;
1486 }
1487
1488 if (usax != NULL) {
1489 if (usax->sax25_family != AF_AX25) {
1490 err = -EINVAL;
1491 goto out;
1492 }
1493
1494 if (addr_len == sizeof(struct sockaddr_ax25))
1495 /* ax25_sendmsg(): uses obsolete socket structure */
1496 ;
1497 else if (addr_len != sizeof(struct full_sockaddr_ax25))
1498 /* support for old structure may go away some time
1499 * ax25_sendmsg(): uses old (6 digipeater)
1500 * socket structure.
1501 */
1502 if ((addr_len < sizeof(struct sockaddr_ax25) + sizeof(ax25_address) * 6) ||
1503 (addr_len > sizeof(struct full_sockaddr_ax25))) {
1504 err = -EINVAL;
1505 goto out;
1506 }
1507
1508
1509 if (addr_len > sizeof(struct sockaddr_ax25) && usax->sax25_ndigis != 0) {
1510 int ct = 0;
1511 struct full_sockaddr_ax25 *fsa = (struct full_sockaddr_ax25 *)usax;
1512
1513 /* Valid number of digipeaters ? */
1514 if (usax->sax25_ndigis < 1 ||
1515 usax->sax25_ndigis > AX25_MAX_DIGIS ||
1516 addr_len < sizeof(struct sockaddr_ax25) +
1517 sizeof(ax25_address) * usax->sax25_ndigis) {
1518 err = -EINVAL;
1519 goto out;
1520 }
1521
1522 dtmp.ndigi = usax->sax25_ndigis;
1523
1524 while (ct < usax->sax25_ndigis) {
1525 dtmp.repeated[ct] = 0;
1526 dtmp.calls[ct] = fsa->fsa_digipeater[ct];
1527 ct++;
1528 }
1529
1530 dtmp.lastrepeat = 0;
1531 }
1532
1533 sax = *usax;
1534 if (sk->sk_type == SOCK_SEQPACKET &&
1535 ax25cmp(&ax25->dest_addr, &sax.sax25_call)) {
1536 err = -EISCONN;
1537 goto out;
1538 }
1539 if (usax->sax25_ndigis == 0)
1540 dp = NULL;
1541 else
1542 dp = &dtmp;
1543 } else {
1544 /*
1545 * FIXME: 1003.1g - if the socket is like this because
1546 * it has become closed (not started closed) and is VC
1547 * we ought to SIGPIPE, EPIPE
1548 */
1549 if (sk->sk_state != TCP_ESTABLISHED) {
1550 err = -ENOTCONN;
1551 goto out;
1552 }
1553 sax.sax25_family = AF_AX25;
1554 sax.sax25_call = ax25->dest_addr;
1555 dp = ax25->digipeat;
1556 }
1557
1558 /* Build a packet */
1559 /* Assume the worst case */
1560 size = len + ax25->ax25_dev->dev->hard_header_len;
1561
1562 skb = sock_alloc_send_skb(sk, size, msg->msg_flags&MSG_DONTWAIT, &err);
1563 if (skb == NULL)
1564 goto out;
1565
1566 skb_reserve(skb, size - len);
1567
1568 /* User data follows immediately after the AX.25 data */
1569 if (memcpy_from_msg(skb_put(skb, len), msg, len)) {
1570 err = -EFAULT;
1571 kfree_skb(skb);
1572 goto out;
1573 }
1574
1575 skb_reset_network_header(skb);
1576
1577 /* Add the PID if one is not supplied by the user in the skb */
1578 if (!ax25->pidincl)
1579 *(u8 *)skb_push(skb, 1) = sk->sk_protocol;
1580
1581 if (sk->sk_type == SOCK_SEQPACKET) {
1582 /* Connected mode sockets go via the LAPB machine */
1583 if (sk->sk_state != TCP_ESTABLISHED) {
1584 kfree_skb(skb);
1585 err = -ENOTCONN;
1586 goto out;
1587 }
1588
1589 /* Shove it onto the queue and kick */
1590 ax25_output(ax25, ax25->paclen, skb);
1591
1592 err = len;
1593 goto out;
1594 }
1595
1596 skb_push(skb, 1 + ax25_addr_size(dp));
1597
1598 /* Building AX.25 Header */
1599
1600 /* Build an AX.25 header */
1601 lv = ax25_addr_build(skb->data, &ax25->source_addr, &sax.sax25_call,
1602 dp, AX25_COMMAND, AX25_MODULUS);
1603
1604 skb_set_transport_header(skb, lv);
1605
1606 *skb_transport_header(skb) = AX25_UI;
1607
1608 /* Datagram frames go straight out of the door as UI */
1609 ax25_queue_xmit(skb, ax25->ax25_dev->dev);
1610
1611 err = len;
1612
1613 out:
1614 release_sock(sk);
1615
1616 return err;
1617 }
1618
ax25_recvmsg(struct socket * sock,struct msghdr * msg,size_t size,int flags)1619 static int ax25_recvmsg(struct socket *sock, struct msghdr *msg, size_t size,
1620 int flags)
1621 {
1622 struct sock *sk = sock->sk;
1623 struct sk_buff *skb;
1624 int copied;
1625 int err = 0;
1626
1627 lock_sock(sk);
1628 /*
1629 * This works for seqpacket too. The receiver has ordered the
1630 * queue for us! We do one quick check first though
1631 */
1632 if (sk->sk_type == SOCK_SEQPACKET && sk->sk_state != TCP_ESTABLISHED) {
1633 err = -ENOTCONN;
1634 goto out;
1635 }
1636
1637 /* Now we can treat all alike */
1638 skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT,
1639 flags & MSG_DONTWAIT, &err);
1640 if (skb == NULL)
1641 goto out;
1642
1643 if (!sk_to_ax25(sk)->pidincl)
1644 skb_pull(skb, 1); /* Remove PID */
1645
1646 skb_reset_transport_header(skb);
1647 copied = skb->len;
1648
1649 if (copied > size) {
1650 copied = size;
1651 msg->msg_flags |= MSG_TRUNC;
1652 }
1653
1654 skb_copy_datagram_msg(skb, 0, msg, copied);
1655
1656 if (msg->msg_name) {
1657 ax25_digi digi;
1658 ax25_address src;
1659 const unsigned char *mac = skb_mac_header(skb);
1660 DECLARE_SOCKADDR(struct sockaddr_ax25 *, sax, msg->msg_name);
1661
1662 memset(sax, 0, sizeof(struct full_sockaddr_ax25));
1663 ax25_addr_parse(mac + 1, skb->data - mac - 1, &src, NULL,
1664 &digi, NULL, NULL);
1665 sax->sax25_family = AF_AX25;
1666 /* We set this correctly, even though we may not let the
1667 application know the digi calls further down (because it
1668 did NOT ask to know them). This could get political... **/
1669 sax->sax25_ndigis = digi.ndigi;
1670 sax->sax25_call = src;
1671
1672 if (sax->sax25_ndigis != 0) {
1673 int ct;
1674 struct full_sockaddr_ax25 *fsa = (struct full_sockaddr_ax25 *)sax;
1675
1676 for (ct = 0; ct < digi.ndigi; ct++)
1677 fsa->fsa_digipeater[ct] = digi.calls[ct];
1678 }
1679 msg->msg_namelen = sizeof(struct full_sockaddr_ax25);
1680 }
1681
1682 skb_free_datagram(sk, skb);
1683 err = copied;
1684
1685 out:
1686 release_sock(sk);
1687
1688 return err;
1689 }
1690
ax25_shutdown(struct socket * sk,int how)1691 static int ax25_shutdown(struct socket *sk, int how)
1692 {
1693 /* FIXME - generate DM and RNR states */
1694 return -EOPNOTSUPP;
1695 }
1696
ax25_ioctl(struct socket * sock,unsigned int cmd,unsigned long arg)1697 static int ax25_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
1698 {
1699 struct sock *sk = sock->sk;
1700 void __user *argp = (void __user *)arg;
1701 int res = 0;
1702
1703 lock_sock(sk);
1704 switch (cmd) {
1705 case TIOCOUTQ: {
1706 long amount;
1707
1708 amount = sk->sk_sndbuf - sk_wmem_alloc_get(sk);
1709 if (amount < 0)
1710 amount = 0;
1711 res = put_user(amount, (int __user *)argp);
1712 break;
1713 }
1714
1715 case TIOCINQ: {
1716 struct sk_buff *skb;
1717 long amount = 0L;
1718 /* These two are safe on a single CPU system as only user tasks fiddle here */
1719 if ((skb = skb_peek(&sk->sk_receive_queue)) != NULL)
1720 amount = skb->len;
1721 res = put_user(amount, (int __user *) argp);
1722 break;
1723 }
1724
1725 case SIOCAX25ADDUID: /* Add a uid to the uid/call map table */
1726 case SIOCAX25DELUID: /* Delete a uid from the uid/call map table */
1727 case SIOCAX25GETUID: {
1728 struct sockaddr_ax25 sax25;
1729 if (copy_from_user(&sax25, argp, sizeof(sax25))) {
1730 res = -EFAULT;
1731 break;
1732 }
1733 res = ax25_uid_ioctl(cmd, &sax25);
1734 break;
1735 }
1736
1737 case SIOCAX25NOUID: { /* Set the default policy (default/bar) */
1738 long amount;
1739 if (!capable(CAP_NET_ADMIN)) {
1740 res = -EPERM;
1741 break;
1742 }
1743 if (get_user(amount, (long __user *)argp)) {
1744 res = -EFAULT;
1745 break;
1746 }
1747 if (amount < 0 || amount > AX25_NOUID_BLOCK) {
1748 res = -EINVAL;
1749 break;
1750 }
1751 ax25_uid_policy = amount;
1752 res = 0;
1753 break;
1754 }
1755
1756 case SIOCADDRT:
1757 case SIOCDELRT:
1758 case SIOCAX25OPTRT:
1759 if (!capable(CAP_NET_ADMIN)) {
1760 res = -EPERM;
1761 break;
1762 }
1763 res = ax25_rt_ioctl(cmd, argp);
1764 break;
1765
1766 case SIOCAX25CTLCON:
1767 if (!capable(CAP_NET_ADMIN)) {
1768 res = -EPERM;
1769 break;
1770 }
1771 res = ax25_ctl_ioctl(cmd, argp);
1772 break;
1773
1774 case SIOCAX25GETINFO:
1775 case SIOCAX25GETINFOOLD: {
1776 ax25_cb *ax25 = sk_to_ax25(sk);
1777 struct ax25_info_struct ax25_info;
1778
1779 ax25_info.t1 = ax25->t1 / HZ;
1780 ax25_info.t2 = ax25->t2 / HZ;
1781 ax25_info.t3 = ax25->t3 / HZ;
1782 ax25_info.idle = ax25->idle / (60 * HZ);
1783 ax25_info.n2 = ax25->n2;
1784 ax25_info.t1timer = ax25_display_timer(&ax25->t1timer) / HZ;
1785 ax25_info.t2timer = ax25_display_timer(&ax25->t2timer) / HZ;
1786 ax25_info.t3timer = ax25_display_timer(&ax25->t3timer) / HZ;
1787 ax25_info.idletimer = ax25_display_timer(&ax25->idletimer) / (60 * HZ);
1788 ax25_info.n2count = ax25->n2count;
1789 ax25_info.state = ax25->state;
1790 ax25_info.rcv_q = sk_rmem_alloc_get(sk);
1791 ax25_info.snd_q = sk_wmem_alloc_get(sk);
1792 ax25_info.vs = ax25->vs;
1793 ax25_info.vr = ax25->vr;
1794 ax25_info.va = ax25->va;
1795 ax25_info.vs_max = ax25->vs; /* reserved */
1796 ax25_info.paclen = ax25->paclen;
1797 ax25_info.window = ax25->window;
1798
1799 /* old structure? */
1800 if (cmd == SIOCAX25GETINFOOLD) {
1801 static int warned = 0;
1802 if (!warned) {
1803 printk(KERN_INFO "%s uses old SIOCAX25GETINFO\n",
1804 current->comm);
1805 warned=1;
1806 }
1807
1808 if (copy_to_user(argp, &ax25_info, sizeof(struct ax25_info_struct_deprecated))) {
1809 res = -EFAULT;
1810 break;
1811 }
1812 } else {
1813 if (copy_to_user(argp, &ax25_info, sizeof(struct ax25_info_struct))) {
1814 res = -EINVAL;
1815 break;
1816 }
1817 }
1818 res = 0;
1819 break;
1820 }
1821
1822 case SIOCAX25ADDFWD:
1823 case SIOCAX25DELFWD: {
1824 struct ax25_fwd_struct ax25_fwd;
1825 if (!capable(CAP_NET_ADMIN)) {
1826 res = -EPERM;
1827 break;
1828 }
1829 if (copy_from_user(&ax25_fwd, argp, sizeof(ax25_fwd))) {
1830 res = -EFAULT;
1831 break;
1832 }
1833 res = ax25_fwd_ioctl(cmd, &ax25_fwd);
1834 break;
1835 }
1836
1837 case SIOCGIFADDR:
1838 case SIOCSIFADDR:
1839 case SIOCGIFDSTADDR:
1840 case SIOCSIFDSTADDR:
1841 case SIOCGIFBRDADDR:
1842 case SIOCSIFBRDADDR:
1843 case SIOCGIFNETMASK:
1844 case SIOCSIFNETMASK:
1845 case SIOCGIFMETRIC:
1846 case SIOCSIFMETRIC:
1847 res = -EINVAL;
1848 break;
1849
1850 default:
1851 res = -ENOIOCTLCMD;
1852 break;
1853 }
1854 release_sock(sk);
1855
1856 return res;
1857 }
1858
1859 #ifdef CONFIG_PROC_FS
1860
ax25_info_start(struct seq_file * seq,loff_t * pos)1861 static void *ax25_info_start(struct seq_file *seq, loff_t *pos)
1862 __acquires(ax25_list_lock)
1863 {
1864 spin_lock_bh(&ax25_list_lock);
1865 return seq_hlist_start(&ax25_list, *pos);
1866 }
1867
ax25_info_next(struct seq_file * seq,void * v,loff_t * pos)1868 static void *ax25_info_next(struct seq_file *seq, void *v, loff_t *pos)
1869 {
1870 return seq_hlist_next(v, &ax25_list, pos);
1871 }
1872
ax25_info_stop(struct seq_file * seq,void * v)1873 static void ax25_info_stop(struct seq_file *seq, void *v)
1874 __releases(ax25_list_lock)
1875 {
1876 spin_unlock_bh(&ax25_list_lock);
1877 }
1878
ax25_info_show(struct seq_file * seq,void * v)1879 static int ax25_info_show(struct seq_file *seq, void *v)
1880 {
1881 ax25_cb *ax25 = hlist_entry(v, struct ax25_cb, ax25_node);
1882 char buf[11];
1883 int k;
1884
1885
1886 /*
1887 * New format:
1888 * magic dev src_addr dest_addr,digi1,digi2,.. st vs vr va t1 t1 t2 t2 t3 t3 idle idle n2 n2 rtt window paclen Snd-Q Rcv-Q inode
1889 */
1890
1891 seq_printf(seq, "%p %s %s%s ",
1892 ax25,
1893 ax25->ax25_dev == NULL? "???" : ax25->ax25_dev->dev->name,
1894 ax2asc(buf, &ax25->source_addr),
1895 ax25->iamdigi? "*":"");
1896 seq_printf(seq, "%s", ax2asc(buf, &ax25->dest_addr));
1897
1898 for (k=0; (ax25->digipeat != NULL) && (k < ax25->digipeat->ndigi); k++) {
1899 seq_printf(seq, ",%s%s",
1900 ax2asc(buf, &ax25->digipeat->calls[k]),
1901 ax25->digipeat->repeated[k]? "*":"");
1902 }
1903
1904 seq_printf(seq, " %d %d %d %d %lu %lu %lu %lu %lu %lu %lu %lu %d %d %lu %d %d",
1905 ax25->state,
1906 ax25->vs, ax25->vr, ax25->va,
1907 ax25_display_timer(&ax25->t1timer) / HZ, ax25->t1 / HZ,
1908 ax25_display_timer(&ax25->t2timer) / HZ, ax25->t2 / HZ,
1909 ax25_display_timer(&ax25->t3timer) / HZ, ax25->t3 / HZ,
1910 ax25_display_timer(&ax25->idletimer) / (60 * HZ),
1911 ax25->idle / (60 * HZ),
1912 ax25->n2count, ax25->n2,
1913 ax25->rtt / HZ,
1914 ax25->window,
1915 ax25->paclen);
1916
1917 if (ax25->sk != NULL) {
1918 seq_printf(seq, " %d %d %lu\n",
1919 sk_wmem_alloc_get(ax25->sk),
1920 sk_rmem_alloc_get(ax25->sk),
1921 sock_i_ino(ax25->sk));
1922 } else {
1923 seq_puts(seq, " * * *\n");
1924 }
1925 return 0;
1926 }
1927
1928 static const struct seq_operations ax25_info_seqops = {
1929 .start = ax25_info_start,
1930 .next = ax25_info_next,
1931 .stop = ax25_info_stop,
1932 .show = ax25_info_show,
1933 };
1934 #endif
1935
1936 static const struct net_proto_family ax25_family_ops = {
1937 .family = PF_AX25,
1938 .create = ax25_create,
1939 .owner = THIS_MODULE,
1940 };
1941
1942 static const struct proto_ops ax25_proto_ops = {
1943 .family = PF_AX25,
1944 .owner = THIS_MODULE,
1945 .release = ax25_release,
1946 .bind = ax25_bind,
1947 .connect = ax25_connect,
1948 .socketpair = sock_no_socketpair,
1949 .accept = ax25_accept,
1950 .getname = ax25_getname,
1951 .poll = datagram_poll,
1952 .ioctl = ax25_ioctl,
1953 .gettstamp = sock_gettstamp,
1954 .listen = ax25_listen,
1955 .shutdown = ax25_shutdown,
1956 .setsockopt = ax25_setsockopt,
1957 .getsockopt = ax25_getsockopt,
1958 .sendmsg = ax25_sendmsg,
1959 .recvmsg = ax25_recvmsg,
1960 .mmap = sock_no_mmap,
1961 .sendpage = sock_no_sendpage,
1962 };
1963
1964 /*
1965 * Called by socket.c on kernel start up
1966 */
1967 static struct packet_type ax25_packet_type __read_mostly = {
1968 .type = cpu_to_be16(ETH_P_AX25),
1969 .func = ax25_kiss_rcv,
1970 };
1971
1972 static struct notifier_block ax25_dev_notifier = {
1973 .notifier_call = ax25_device_event,
1974 };
1975
ax25_init(void)1976 static int __init ax25_init(void)
1977 {
1978 int rc = proto_register(&ax25_proto, 0);
1979
1980 if (rc != 0)
1981 goto out;
1982
1983 sock_register(&ax25_family_ops);
1984 dev_add_pack(&ax25_packet_type);
1985 register_netdevice_notifier(&ax25_dev_notifier);
1986
1987 proc_create_seq("ax25_route", 0444, init_net.proc_net, &ax25_rt_seqops);
1988 proc_create_seq("ax25", 0444, init_net.proc_net, &ax25_info_seqops);
1989 proc_create_seq("ax25_calls", 0444, init_net.proc_net,
1990 &ax25_uid_seqops);
1991 out:
1992 return rc;
1993 }
1994 module_init(ax25_init);
1995
1996
1997 MODULE_AUTHOR("Jonathan Naylor G4KLX <g4klx@g4klx.demon.co.uk>");
1998 MODULE_DESCRIPTION("The amateur radio AX.25 link layer protocol");
1999 MODULE_LICENSE("GPL");
2000 MODULE_ALIAS_NETPROTO(PF_AX25);
2001
ax25_exit(void)2002 static void __exit ax25_exit(void)
2003 {
2004 remove_proc_entry("ax25_route", init_net.proc_net);
2005 remove_proc_entry("ax25", init_net.proc_net);
2006 remove_proc_entry("ax25_calls", init_net.proc_net);
2007
2008 unregister_netdevice_notifier(&ax25_dev_notifier);
2009
2010 dev_remove_pack(&ax25_packet_type);
2011
2012 sock_unregister(PF_AX25);
2013 proto_unregister(&ax25_proto);
2014
2015 ax25_rt_free();
2016 ax25_uid_free();
2017 ax25_dev_free();
2018 }
2019 module_exit(ax25_exit);
2020