1// SPDX-License-Identifier: GPL-2.0-or-later 2/* 3 * 4 * Copyright (C) Alan Cox GW4PTS (alan@lxorguk.ukuu.org.uk) 5 * Copyright (C) Jonathan Naylor G4KLX (g4klx@g4klx.demon.co.uk) 6 * Copyright (C) Darryl Miles G7LED (dlm@g7led.demon.co.uk) 7 * Copyright (C) Steven Whitehouse GW7RRM (stevew@acm.org) 8 * Copyright (C) Joerg Reuter DL1BKE (jreuter@yaina.de) 9 * Copyright (C) Hans-Joachim Hetscher DD8NE (dd8ne@bnv-bamberg.de) 10 * Copyright (C) Hans Alblas PE1AYX (hans@esrac.ele.tue.nl) 11 * Copyright (C) Frederic Rible F1OAT (frible@teaser.fr) 12 */ 13#include <linux/capability.h> 14#include <linux/module.h> 15#include <linux/errno.h> 16#include <linux/types.h> 17#include <linux/socket.h> 18#include <linux/in.h> 19#include <linux/kernel.h> 20#include <linux/sched/signal.h> 21#include <linux/timer.h> 22#include <linux/string.h> 23#include <linux/sockios.h> 24#include <linux/net.h> 25#include <linux/slab.h> 26#include <net/ax25.h> 27#include <linux/inet.h> 28#include <linux/netdevice.h> 29#include <linux/if_arp.h> 30#include <linux/skbuff.h> 31#include <net/sock.h> 32#include <linux/uaccess.h> 33#include <linux/fcntl.h> 34#include <linux/termios.h> /* For TIOCINQ/OUTQ */ 35#include <linux/mm.h> 36#include <linux/interrupt.h> 37#include <linux/notifier.h> 38#include <linux/proc_fs.h> 39#include <linux/stat.h> 40#include <linux/sysctl.h> 41#include <linux/init.h> 42#include <linux/spinlock.h> 43#include <net/net_namespace.h> 44#include <net/tcp_states.h> 45#include <net/ip.h> 46#include <net/arp.h> 47 48 49 50HLIST_HEAD(ax25_list); 51DEFINE_SPINLOCK(ax25_list_lock); 52 53static const struct proto_ops ax25_proto_ops; 54 55static void ax25_free_sock(struct sock *sk) 56{ 57 ax25_cb_put(sk_to_ax25(sk)); 58} 59 60/* 61 * Socket removal during an interrupt is now safe. 62 */ 63static void ax25_cb_del(ax25_cb *ax25) 64{ 65 spin_lock_bh(&ax25_list_lock); 66 if (!hlist_unhashed(&ax25->ax25_node)) { 67 hlist_del_init(&ax25->ax25_node); 68 ax25_cb_put(ax25); 69 } 70 spin_unlock_bh(&ax25_list_lock); 71} 72 73/* 74 * Kill all bound sockets on a dropped device. 75 */ 76static void ax25_kill_by_device(struct net_device *dev) 77{ 78 ax25_dev *ax25_dev; 79 ax25_cb *s; 80 struct sock *sk; 81 82 if ((ax25_dev = ax25_dev_ax25dev(dev)) == NULL) 83 return; 84 ax25_dev->device_up = false; 85 86 spin_lock_bh(&ax25_list_lock); 87again: 88 ax25_for_each(s, &ax25_list) { 89 if (s->ax25_dev == ax25_dev) { 90 sk = s->sk; 91 if (!sk) { 92 spin_unlock_bh(&ax25_list_lock); 93 ax25_disconnect(s, ENETUNREACH); 94 s->ax25_dev = NULL; 95 ax25_cb_del(s); 96 spin_lock_bh(&ax25_list_lock); 97 goto again; 98 } 99 sock_hold(sk); 100 spin_unlock_bh(&ax25_list_lock); 101 lock_sock(sk); 102 ax25_disconnect(s, ENETUNREACH); 103 s->ax25_dev = NULL; 104 if (sk->sk_socket) { 105 netdev_put(ax25_dev->dev, 106 &s->dev_tracker); 107 ax25_dev_put(ax25_dev); 108 } 109 ax25_cb_del(s); 110 release_sock(sk); 111 spin_lock_bh(&ax25_list_lock); 112 sock_put(sk); 113 /* The entry could have been deleted from the 114 * list meanwhile and thus the next pointer is 115 * no longer valid. Play it safe and restart 116 * the scan. Forward progress is ensured 117 * because we set s->ax25_dev to NULL and we 118 * are never passed a NULL 'dev' argument. 119 */ 120 goto again; 121 } 122 } 123 spin_unlock_bh(&ax25_list_lock); 124} 125 126/* 127 * Handle device status changes. 128 */ 129static int ax25_device_event(struct notifier_block *this, unsigned long event, 130 void *ptr) 131{ 132 struct net_device *dev = netdev_notifier_info_to_dev(ptr); 133 134 if (!net_eq(dev_net(dev), &init_net)) 135 return NOTIFY_DONE; 136 137 /* Reject non AX.25 devices */ 138 if (dev->type != ARPHRD_AX25) 139 return NOTIFY_DONE; 140 141 switch (event) { 142 case NETDEV_UP: 143 ax25_dev_device_up(dev); 144 break; 145 case NETDEV_DOWN: 146 ax25_kill_by_device(dev); 147 ax25_rt_device_down(dev); 148 ax25_dev_device_down(dev); 149 break; 150 default: 151 break; 152 } 153 154 return NOTIFY_DONE; 155} 156 157/* 158 * Add a socket to the bound sockets list. 159 */ 160void ax25_cb_add(ax25_cb *ax25) 161{ 162 spin_lock_bh(&ax25_list_lock); 163 ax25_cb_hold(ax25); 164 hlist_add_head(&ax25->ax25_node, &ax25_list); 165 spin_unlock_bh(&ax25_list_lock); 166} 167 168/* 169 * Find a socket that wants to accept the SABM we have just 170 * received. 171 */ 172struct sock *ax25_find_listener(ax25_address *addr, int digi, 173 struct net_device *dev, int type) 174{ 175 ax25_cb *s; 176 177 spin_lock(&ax25_list_lock); 178 ax25_for_each(s, &ax25_list) { 179 if ((s->iamdigi && !digi) || (!s->iamdigi && digi)) 180 continue; 181 if (s->sk && !ax25cmp(&s->source_addr, addr) && 182 s->sk->sk_type == type && s->sk->sk_state == TCP_LISTEN) { 183 /* If device is null we match any device */ 184 if (s->ax25_dev == NULL || s->ax25_dev->dev == dev) { 185 sock_hold(s->sk); 186 spin_unlock(&ax25_list_lock); 187 return s->sk; 188 } 189 } 190 } 191 spin_unlock(&ax25_list_lock); 192 193 return NULL; 194} 195 196/* 197 * Find an AX.25 socket given both ends. 198 */ 199struct sock *ax25_get_socket(ax25_address *my_addr, ax25_address *dest_addr, 200 int type) 201{ 202 struct sock *sk = NULL; 203 ax25_cb *s; 204 205 spin_lock(&ax25_list_lock); 206 ax25_for_each(s, &ax25_list) { 207 if (s->sk && !ax25cmp(&s->source_addr, my_addr) && 208 !ax25cmp(&s->dest_addr, dest_addr) && 209 s->sk->sk_type == type) { 210 sk = s->sk; 211 sock_hold(sk); 212 break; 213 } 214 } 215 216 spin_unlock(&ax25_list_lock); 217 218 return sk; 219} 220 221/* 222 * Find an AX.25 control block given both ends. It will only pick up 223 * floating AX.25 control blocks or non Raw socket bound control blocks. 224 */ 225ax25_cb *ax25_find_cb(const ax25_address *src_addr, ax25_address *dest_addr, 226 ax25_digi *digi, struct net_device *dev) 227{ 228 ax25_cb *s; 229 230 spin_lock_bh(&ax25_list_lock); 231 ax25_for_each(s, &ax25_list) { 232 if (s->sk && s->sk->sk_type != SOCK_SEQPACKET) 233 continue; 234 if (s->ax25_dev == NULL) 235 continue; 236 if (ax25cmp(&s->source_addr, src_addr) == 0 && ax25cmp(&s->dest_addr, dest_addr) == 0 && s->ax25_dev->dev == dev) { 237 if (digi != NULL && digi->ndigi != 0) { 238 if (s->digipeat == NULL) 239 continue; 240 if (ax25digicmp(s->digipeat, digi) != 0) 241 continue; 242 } else { 243 if (s->digipeat != NULL && s->digipeat->ndigi != 0) 244 continue; 245 } 246 ax25_cb_hold(s); 247 spin_unlock_bh(&ax25_list_lock); 248 249 return s; 250 } 251 } 252 spin_unlock_bh(&ax25_list_lock); 253 254 return NULL; 255} 256 257EXPORT_SYMBOL(ax25_find_cb); 258 259void ax25_send_to_raw(ax25_address *addr, struct sk_buff *skb, int proto) 260{ 261 ax25_cb *s; 262 struct sk_buff *copy; 263 264 spin_lock(&ax25_list_lock); 265 ax25_for_each(s, &ax25_list) { 266 if (s->sk != NULL && ax25cmp(&s->source_addr, addr) == 0 && 267 s->sk->sk_type == SOCK_RAW && 268 s->sk->sk_protocol == proto && 269 s->ax25_dev->dev == skb->dev && 270 atomic_read(&s->sk->sk_rmem_alloc) <= s->sk->sk_rcvbuf) { 271 if ((copy = skb_clone(skb, GFP_ATOMIC)) == NULL) 272 continue; 273 if (sock_queue_rcv_skb(s->sk, copy) != 0) 274 kfree_skb(copy); 275 } 276 } 277 spin_unlock(&ax25_list_lock); 278} 279 280/* 281 * Deferred destroy. 282 */ 283void ax25_destroy_socket(ax25_cb *); 284 285/* 286 * Handler for deferred kills. 287 */ 288static void ax25_destroy_timer(struct timer_list *t) 289{ 290 ax25_cb *ax25 = from_timer(ax25, t, dtimer); 291 struct sock *sk; 292 293 sk=ax25->sk; 294 295 bh_lock_sock(sk); 296 sock_hold(sk); 297 ax25_destroy_socket(ax25); 298 bh_unlock_sock(sk); 299 sock_put(sk); 300} 301 302/* 303 * This is called from user mode and the timers. Thus it protects itself 304 * against interrupt users but doesn't worry about being called during 305 * work. Once it is removed from the queue no interrupt or bottom half 306 * will touch it and we are (fairly 8-) ) safe. 307 */ 308void ax25_destroy_socket(ax25_cb *ax25) 309{ 310 struct sk_buff *skb; 311 312 ax25_cb_del(ax25); 313 314 ax25_stop_heartbeat(ax25); 315 ax25_stop_t1timer(ax25); 316 ax25_stop_t2timer(ax25); 317 ax25_stop_t3timer(ax25); 318 ax25_stop_idletimer(ax25); 319 320 ax25_clear_queues(ax25); /* Flush the queues */ 321 322 if (ax25->sk != NULL) { 323 while ((skb = skb_dequeue(&ax25->sk->sk_receive_queue)) != NULL) { 324 if (skb->sk != ax25->sk) { 325 /* A pending connection */ 326 ax25_cb *sax25 = sk_to_ax25(skb->sk); 327 328 /* Queue the unaccepted socket for death */ 329 sock_orphan(skb->sk); 330 331 /* 9A4GL: hack to release unaccepted sockets */ 332 skb->sk->sk_state = TCP_LISTEN; 333 334 ax25_start_heartbeat(sax25); 335 sax25->state = AX25_STATE_0; 336 } 337 338 kfree_skb(skb); 339 } 340 skb_queue_purge(&ax25->sk->sk_write_queue); 341 } 342 343 if (ax25->sk != NULL) { 344 if (sk_has_allocations(ax25->sk)) { 345 /* Defer: outstanding buffers */ 346 timer_setup(&ax25->dtimer, ax25_destroy_timer, 0); 347 ax25->dtimer.expires = jiffies + 2 * HZ; 348 add_timer(&ax25->dtimer); 349 } else { 350 struct sock *sk=ax25->sk; 351 ax25->sk=NULL; 352 sock_put(sk); 353 } 354 } else { 355 ax25_cb_put(ax25); 356 } 357} 358 359/* 360 * dl1bke 960311: set parameters for existing AX.25 connections, 361 * includes a KILL command to abort any connection. 362 * VERY useful for debugging ;-) 363 */ 364static int ax25_ctl_ioctl(const unsigned int cmd, void __user *arg) 365{ 366 struct ax25_ctl_struct ax25_ctl; 367 ax25_digi digi; 368 ax25_dev *ax25_dev; 369 ax25_cb *ax25; 370 unsigned int k; 371 int ret = 0; 372 373 if (copy_from_user(&ax25_ctl, arg, sizeof(ax25_ctl))) 374 return -EFAULT; 375 376 if (ax25_ctl.digi_count > AX25_MAX_DIGIS) 377 return -EINVAL; 378 379 if (ax25_ctl.arg > ULONG_MAX / HZ && ax25_ctl.cmd != AX25_KILL) 380 return -EINVAL; 381 382 ax25_dev = ax25_addr_ax25dev(&ax25_ctl.port_addr); 383 if (!ax25_dev) 384 return -ENODEV; 385 386 digi.ndigi = ax25_ctl.digi_count; 387 for (k = 0; k < digi.ndigi; k++) 388 digi.calls[k] = ax25_ctl.digi_addr[k]; 389 390 ax25 = ax25_find_cb(&ax25_ctl.source_addr, &ax25_ctl.dest_addr, &digi, ax25_dev->dev); 391 if (!ax25) { 392 ax25_dev_put(ax25_dev); 393 return -ENOTCONN; 394 } 395 396 switch (ax25_ctl.cmd) { 397 case AX25_KILL: 398 ax25_send_control(ax25, AX25_DISC, AX25_POLLON, AX25_COMMAND); 399#ifdef CONFIG_AX25_DAMA_SLAVE 400 if (ax25_dev->dama.slave && ax25->ax25_dev->values[AX25_VALUES_PROTOCOL] == AX25_PROTO_DAMA_SLAVE) 401 ax25_dama_off(ax25); 402#endif 403 ax25_disconnect(ax25, ENETRESET); 404 break; 405 406 case AX25_WINDOW: 407 if (ax25->modulus == AX25_MODULUS) { 408 if (ax25_ctl.arg < 1 || ax25_ctl.arg > 7) 409 goto einval_put; 410 } else { 411 if (ax25_ctl.arg < 1 || ax25_ctl.arg > 63) 412 goto einval_put; 413 } 414 ax25->window = ax25_ctl.arg; 415 break; 416 417 case AX25_T1: 418 if (ax25_ctl.arg < 1 || ax25_ctl.arg > ULONG_MAX / HZ) 419 goto einval_put; 420 ax25->rtt = (ax25_ctl.arg * HZ) / 2; 421 ax25->t1 = ax25_ctl.arg * HZ; 422 break; 423 424 case AX25_T2: 425 if (ax25_ctl.arg < 1 || ax25_ctl.arg > ULONG_MAX / HZ) 426 goto einval_put; 427 ax25->t2 = ax25_ctl.arg * HZ; 428 break; 429 430 case AX25_N2: 431 if (ax25_ctl.arg < 1 || ax25_ctl.arg > 31) 432 goto einval_put; 433 ax25->n2count = 0; 434 ax25->n2 = ax25_ctl.arg; 435 break; 436 437 case AX25_T3: 438 if (ax25_ctl.arg > ULONG_MAX / HZ) 439 goto einval_put; 440 ax25->t3 = ax25_ctl.arg * HZ; 441 break; 442 443 case AX25_IDLE: 444 if (ax25_ctl.arg > ULONG_MAX / (60 * HZ)) 445 goto einval_put; 446 447 ax25->idle = ax25_ctl.arg * 60 * HZ; 448 break; 449 450 case AX25_PACLEN: 451 if (ax25_ctl.arg < 16 || ax25_ctl.arg > 65535) 452 goto einval_put; 453 ax25->paclen = ax25_ctl.arg; 454 break; 455 456 default: 457 goto einval_put; 458 } 459 460out_put: 461 ax25_dev_put(ax25_dev); 462 ax25_cb_put(ax25); 463 return ret; 464 465einval_put: 466 ret = -EINVAL; 467 goto out_put; 468} 469 470static void ax25_fillin_cb_from_dev(ax25_cb *ax25, ax25_dev *ax25_dev) 471{ 472 ax25->rtt = msecs_to_jiffies(ax25_dev->values[AX25_VALUES_T1]) / 2; 473 ax25->t1 = msecs_to_jiffies(ax25_dev->values[AX25_VALUES_T1]); 474 ax25->t2 = msecs_to_jiffies(ax25_dev->values[AX25_VALUES_T2]); 475 ax25->t3 = msecs_to_jiffies(ax25_dev->values[AX25_VALUES_T3]); 476 ax25->n2 = ax25_dev->values[AX25_VALUES_N2]; 477 ax25->paclen = ax25_dev->values[AX25_VALUES_PACLEN]; 478 ax25->idle = msecs_to_jiffies(ax25_dev->values[AX25_VALUES_IDLE]); 479 ax25->backoff = ax25_dev->values[AX25_VALUES_BACKOFF]; 480 481 if (ax25_dev->values[AX25_VALUES_AXDEFMODE]) { 482 ax25->modulus = AX25_EMODULUS; 483 ax25->window = ax25_dev->values[AX25_VALUES_EWINDOW]; 484 } else { 485 ax25->modulus = AX25_MODULUS; 486 ax25->window = ax25_dev->values[AX25_VALUES_WINDOW]; 487 } 488} 489 490/* 491 * Fill in a created AX.25 created control block with the default 492 * values for a particular device. 493 */ 494void ax25_fillin_cb(ax25_cb *ax25, ax25_dev *ax25_dev) 495{ 496 ax25->ax25_dev = ax25_dev; 497 498 if (ax25->ax25_dev != NULL) { 499 ax25_fillin_cb_from_dev(ax25, ax25_dev); 500 return; 501 } 502 503 /* 504 * No device, use kernel / AX.25 spec default values 505 */ 506 ax25->rtt = msecs_to_jiffies(AX25_DEF_T1) / 2; 507 ax25->t1 = msecs_to_jiffies(AX25_DEF_T1); 508 ax25->t2 = msecs_to_jiffies(AX25_DEF_T2); 509 ax25->t3 = msecs_to_jiffies(AX25_DEF_T3); 510 ax25->n2 = AX25_DEF_N2; 511 ax25->paclen = AX25_DEF_PACLEN; 512 ax25->idle = msecs_to_jiffies(AX25_DEF_IDLE); 513 ax25->backoff = AX25_DEF_BACKOFF; 514 515 if (AX25_DEF_AXDEFMODE) { 516 ax25->modulus = AX25_EMODULUS; 517 ax25->window = AX25_DEF_EWINDOW; 518 } else { 519 ax25->modulus = AX25_MODULUS; 520 ax25->window = AX25_DEF_WINDOW; 521 } 522} 523 524/* 525 * Create an empty AX.25 control block. 526 */ 527ax25_cb *ax25_create_cb(void) 528{ 529 ax25_cb *ax25; 530 531 if ((ax25 = kzalloc(sizeof(*ax25), GFP_ATOMIC)) == NULL) 532 return NULL; 533 534 refcount_set(&ax25->refcount, 1); 535 536 skb_queue_head_init(&ax25->write_queue); 537 skb_queue_head_init(&ax25->frag_queue); 538 skb_queue_head_init(&ax25->ack_queue); 539 skb_queue_head_init(&ax25->reseq_queue); 540 541 ax25_setup_timers(ax25); 542 543 ax25_fillin_cb(ax25, NULL); 544 545 ax25->state = AX25_STATE_0; 546 547 return ax25; 548} 549 550/* 551 * Handling for system calls applied via the various interfaces to an 552 * AX25 socket object 553 */ 554 555static int ax25_setsockopt(struct socket *sock, int level, int optname, 556 sockptr_t optval, unsigned int optlen) 557{ 558 struct sock *sk = sock->sk; 559 ax25_cb *ax25; 560 struct net_device *dev; 561 char devname[IFNAMSIZ]; 562 unsigned int opt; 563 int res = 0; 564 565 if (level != SOL_AX25) 566 return -ENOPROTOOPT; 567 568 if (optlen < sizeof(unsigned int)) 569 return -EINVAL; 570 571 if (copy_from_sockptr(&opt, optval, sizeof(unsigned int))) 572 return -EFAULT; 573 574 lock_sock(sk); 575 ax25 = sk_to_ax25(sk); 576 577 switch (optname) { 578 case AX25_WINDOW: 579 if (ax25->modulus == AX25_MODULUS) { 580 if (opt < 1 || opt > 7) { 581 res = -EINVAL; 582 break; 583 } 584 } else { 585 if (opt < 1 || opt > 63) { 586 res = -EINVAL; 587 break; 588 } 589 } 590 ax25->window = opt; 591 break; 592 593 case AX25_T1: 594 if (opt < 1 || opt > UINT_MAX / HZ) { 595 res = -EINVAL; 596 break; 597 } 598 ax25->rtt = (opt * HZ) >> 1; 599 ax25->t1 = opt * HZ; 600 break; 601 602 case AX25_T2: 603 if (opt < 1 || opt > UINT_MAX / HZ) { 604 res = -EINVAL; 605 break; 606 } 607 ax25->t2 = opt * HZ; 608 break; 609 610 case AX25_N2: 611 if (opt < 1 || opt > 31) { 612 res = -EINVAL; 613 break; 614 } 615 ax25->n2 = opt; 616 break; 617 618 case AX25_T3: 619 if (opt < 1 || opt > UINT_MAX / HZ) { 620 res = -EINVAL; 621 break; 622 } 623 ax25->t3 = opt * HZ; 624 break; 625 626 case AX25_IDLE: 627 if (opt > UINT_MAX / (60 * HZ)) { 628 res = -EINVAL; 629 break; 630 } 631 ax25->idle = opt * 60 * HZ; 632 break; 633 634 case AX25_BACKOFF: 635 if (opt > 2) { 636 res = -EINVAL; 637 break; 638 } 639 ax25->backoff = opt; 640 break; 641 642 case AX25_EXTSEQ: 643 ax25->modulus = opt ? AX25_EMODULUS : AX25_MODULUS; 644 break; 645 646 case AX25_PIDINCL: 647 ax25->pidincl = opt ? 1 : 0; 648 break; 649 650 case AX25_IAMDIGI: 651 ax25->iamdigi = opt ? 1 : 0; 652 break; 653 654 case AX25_PACLEN: 655 if (opt < 16 || opt > 65535) { 656 res = -EINVAL; 657 break; 658 } 659 ax25->paclen = opt; 660 break; 661 662 case SO_BINDTODEVICE: 663 if (optlen > IFNAMSIZ - 1) 664 optlen = IFNAMSIZ - 1; 665 666 memset(devname, 0, sizeof(devname)); 667 668 if (copy_from_sockptr(devname, optval, optlen)) { 669 res = -EFAULT; 670 break; 671 } 672 673 if (sk->sk_type == SOCK_SEQPACKET && 674 (sock->state != SS_UNCONNECTED || 675 sk->sk_state == TCP_LISTEN)) { 676 res = -EADDRNOTAVAIL; 677 break; 678 } 679 680 rtnl_lock(); 681 dev = __dev_get_by_name(&init_net, devname); 682 if (!dev) { 683 rtnl_unlock(); 684 res = -ENODEV; 685 break; 686 } 687 688 ax25->ax25_dev = ax25_dev_ax25dev(dev); 689 if (!ax25->ax25_dev) { 690 rtnl_unlock(); 691 res = -ENODEV; 692 break; 693 } 694 ax25_fillin_cb(ax25, ax25->ax25_dev); 695 rtnl_unlock(); 696 break; 697 698 default: 699 res = -ENOPROTOOPT; 700 } 701 release_sock(sk); 702 703 return res; 704} 705 706static int ax25_getsockopt(struct socket *sock, int level, int optname, 707 char __user *optval, int __user *optlen) 708{ 709 struct sock *sk = sock->sk; 710 ax25_cb *ax25; 711 struct ax25_dev *ax25_dev; 712 char devname[IFNAMSIZ]; 713 void *valptr; 714 int val = 0; 715 int maxlen, length; 716 717 if (level != SOL_AX25) 718 return -ENOPROTOOPT; 719 720 if (get_user(maxlen, optlen)) 721 return -EFAULT; 722 723 if (maxlen < 1) 724 return -EFAULT; 725 726 valptr = &val; 727 length = min_t(unsigned int, maxlen, sizeof(int)); 728 729 lock_sock(sk); 730 ax25 = sk_to_ax25(sk); 731 732 switch (optname) { 733 case AX25_WINDOW: 734 val = ax25->window; 735 break; 736 737 case AX25_T1: 738 val = ax25->t1 / HZ; 739 break; 740 741 case AX25_T2: 742 val = ax25->t2 / HZ; 743 break; 744 745 case AX25_N2: 746 val = ax25->n2; 747 break; 748 749 case AX25_T3: 750 val = ax25->t3 / HZ; 751 break; 752 753 case AX25_IDLE: 754 val = ax25->idle / (60 * HZ); 755 break; 756 757 case AX25_BACKOFF: 758 val = ax25->backoff; 759 break; 760 761 case AX25_EXTSEQ: 762 val = (ax25->modulus == AX25_EMODULUS); 763 break; 764 765 case AX25_PIDINCL: 766 val = ax25->pidincl; 767 break; 768 769 case AX25_IAMDIGI: 770 val = ax25->iamdigi; 771 break; 772 773 case AX25_PACLEN: 774 val = ax25->paclen; 775 break; 776 777 case SO_BINDTODEVICE: 778 ax25_dev = ax25->ax25_dev; 779 780 if (ax25_dev != NULL && ax25_dev->dev != NULL) { 781 strscpy(devname, ax25_dev->dev->name, sizeof(devname)); 782 length = strlen(devname) + 1; 783 } else { 784 *devname = '\0'; 785 length = 1; 786 } 787 788 valptr = devname; 789 break; 790 791 default: 792 release_sock(sk); 793 return -ENOPROTOOPT; 794 } 795 release_sock(sk); 796 797 if (put_user(length, optlen)) 798 return -EFAULT; 799 800 return copy_to_user(optval, valptr, length) ? -EFAULT : 0; 801} 802 803static int ax25_listen(struct socket *sock, int backlog) 804{ 805 struct sock *sk = sock->sk; 806 int res = 0; 807 808 lock_sock(sk); 809 if (sk->sk_type == SOCK_SEQPACKET && sk->sk_state != TCP_LISTEN) { 810 sk->sk_max_ack_backlog = backlog; 811 sk->sk_state = TCP_LISTEN; 812 goto out; 813 } 814 res = -EOPNOTSUPP; 815 816out: 817 release_sock(sk); 818 819 return res; 820} 821 822/* 823 * XXX: when creating ax25_sock we should update the .obj_size setting 824 * below. 825 */ 826static struct proto ax25_proto = { 827 .name = "AX25", 828 .owner = THIS_MODULE, 829 .obj_size = sizeof(struct ax25_sock), 830}; 831 832static int ax25_create(struct net *net, struct socket *sock, int protocol, 833 int kern) 834{ 835 struct sock *sk; 836 ax25_cb *ax25; 837 838 if (protocol < 0 || protocol > U8_MAX) 839 return -EINVAL; 840 841 if (!net_eq(net, &init_net)) 842 return -EAFNOSUPPORT; 843 844 switch (sock->type) { 845 case SOCK_DGRAM: 846 if (protocol == 0 || protocol == PF_AX25) 847 protocol = AX25_P_TEXT; 848 break; 849 850 case SOCK_SEQPACKET: 851 switch (protocol) { 852 case 0: 853 case PF_AX25: /* For CLX */ 854 protocol = AX25_P_TEXT; 855 break; 856 case AX25_P_SEGMENT: 857#ifdef CONFIG_INET 858 case AX25_P_ARP: 859 case AX25_P_IP: 860#endif 861#ifdef CONFIG_NETROM 862 case AX25_P_NETROM: 863#endif 864#ifdef CONFIG_ROSE 865 case AX25_P_ROSE: 866#endif 867 return -ESOCKTNOSUPPORT; 868#ifdef CONFIG_NETROM_MODULE 869 case AX25_P_NETROM: 870 if (ax25_protocol_is_registered(AX25_P_NETROM)) 871 return -ESOCKTNOSUPPORT; 872 break; 873#endif 874#ifdef CONFIG_ROSE_MODULE 875 case AX25_P_ROSE: 876 if (ax25_protocol_is_registered(AX25_P_ROSE)) 877 return -ESOCKTNOSUPPORT; 878 break; 879#endif 880 default: 881 break; 882 } 883 break; 884 885 case SOCK_RAW: 886 if (!capable(CAP_NET_RAW)) 887 return -EPERM; 888 break; 889 default: 890 return -ESOCKTNOSUPPORT; 891 } 892 893 sk = sk_alloc(net, PF_AX25, GFP_ATOMIC, &ax25_proto, kern); 894 if (sk == NULL) 895 return -ENOMEM; 896 897 ax25 = ax25_sk(sk)->cb = ax25_create_cb(); 898 if (!ax25) { 899 sk_free(sk); 900 return -ENOMEM; 901 } 902 903 sock_init_data(sock, sk); 904 905 sk->sk_destruct = ax25_free_sock; 906 sock->ops = &ax25_proto_ops; 907 sk->sk_protocol = protocol; 908 909 ax25->sk = sk; 910 911 return 0; 912} 913 914struct sock *ax25_make_new(struct sock *osk, struct ax25_dev *ax25_dev) 915{ 916 struct sock *sk; 917 ax25_cb *ax25, *oax25; 918 919 sk = sk_alloc(sock_net(osk), PF_AX25, GFP_ATOMIC, osk->sk_prot, 0); 920 if (sk == NULL) 921 return NULL; 922 923 if ((ax25 = ax25_create_cb()) == NULL) { 924 sk_free(sk); 925 return NULL; 926 } 927 928 switch (osk->sk_type) { 929 case SOCK_DGRAM: 930 break; 931 case SOCK_SEQPACKET: 932 break; 933 default: 934 sk_free(sk); 935 ax25_cb_put(ax25); 936 return NULL; 937 } 938 939 sock_init_data(NULL, sk); 940 941 sk->sk_type = osk->sk_type; 942 sk->sk_priority = READ_ONCE(osk->sk_priority); 943 sk->sk_protocol = osk->sk_protocol; 944 sk->sk_rcvbuf = osk->sk_rcvbuf; 945 sk->sk_sndbuf = osk->sk_sndbuf; 946 sk->sk_state = TCP_ESTABLISHED; 947 sock_copy_flags(sk, osk); 948 949 oax25 = sk_to_ax25(osk); 950 951 ax25->modulus = oax25->modulus; 952 ax25->backoff = oax25->backoff; 953 ax25->pidincl = oax25->pidincl; 954 ax25->iamdigi = oax25->iamdigi; 955 ax25->rtt = oax25->rtt; 956 ax25->t1 = oax25->t1; 957 ax25->t2 = oax25->t2; 958 ax25->t3 = oax25->t3; 959 ax25->n2 = oax25->n2; 960 ax25->idle = oax25->idle; 961 ax25->paclen = oax25->paclen; 962 ax25->window = oax25->window; 963 964 ax25->ax25_dev = ax25_dev; 965 ax25->source_addr = oax25->source_addr; 966 967 if (oax25->digipeat != NULL) { 968 ax25->digipeat = kmemdup(oax25->digipeat, sizeof(ax25_digi), 969 GFP_ATOMIC); 970 if (ax25->digipeat == NULL) { 971 sk_free(sk); 972 ax25_cb_put(ax25); 973 return NULL; 974 } 975 } 976 977 ax25_sk(sk)->cb = ax25; 978 sk->sk_destruct = ax25_free_sock; 979 ax25->sk = sk; 980 981 return sk; 982} 983 984static int ax25_release(struct socket *sock) 985{ 986 struct sock *sk = sock->sk; 987 ax25_cb *ax25; 988 ax25_dev *ax25_dev; 989 990 if (sk == NULL) 991 return 0; 992 993 sock_hold(sk); 994 lock_sock(sk); 995 sock_orphan(sk); 996 ax25 = sk_to_ax25(sk); 997 ax25_dev = ax25->ax25_dev; 998 999 if (sk->sk_type == SOCK_SEQPACKET) { 1000 switch (ax25->state) { 1001 case AX25_STATE_0: 1002 if (!sock_flag(ax25->sk, SOCK_DEAD)) { 1003 release_sock(sk); 1004 ax25_disconnect(ax25, 0); 1005 lock_sock(sk); 1006 } 1007 ax25_destroy_socket(ax25); 1008 break; 1009 1010 case AX25_STATE_1: 1011 case AX25_STATE_2: 1012 ax25_send_control(ax25, AX25_DISC, AX25_POLLON, AX25_COMMAND); 1013 release_sock(sk); 1014 ax25_disconnect(ax25, 0); 1015 lock_sock(sk); 1016 if (!sock_flag(ax25->sk, SOCK_DESTROY)) 1017 ax25_destroy_socket(ax25); 1018 break; 1019 1020 case AX25_STATE_3: 1021 case AX25_STATE_4: 1022 ax25_clear_queues(ax25); 1023 ax25->n2count = 0; 1024 1025 switch (ax25->ax25_dev->values[AX25_VALUES_PROTOCOL]) { 1026 case AX25_PROTO_STD_SIMPLEX: 1027 case AX25_PROTO_STD_DUPLEX: 1028 ax25_send_control(ax25, 1029 AX25_DISC, 1030 AX25_POLLON, 1031 AX25_COMMAND); 1032 ax25_stop_t2timer(ax25); 1033 ax25_stop_t3timer(ax25); 1034 ax25_stop_idletimer(ax25); 1035 break; 1036#ifdef CONFIG_AX25_DAMA_SLAVE 1037 case AX25_PROTO_DAMA_SLAVE: 1038 ax25_stop_t3timer(ax25); 1039 ax25_stop_idletimer(ax25); 1040 break; 1041#endif 1042 } 1043 ax25_calculate_t1(ax25); 1044 ax25_start_t1timer(ax25); 1045 ax25->state = AX25_STATE_2; 1046 sk->sk_state = TCP_CLOSE; 1047 sk->sk_shutdown |= SEND_SHUTDOWN; 1048 sk->sk_state_change(sk); 1049 sock_set_flag(sk, SOCK_DESTROY); 1050 break; 1051 1052 default: 1053 break; 1054 } 1055 } else { 1056 sk->sk_state = TCP_CLOSE; 1057 sk->sk_shutdown |= SEND_SHUTDOWN; 1058 sk->sk_state_change(sk); 1059 ax25_destroy_socket(ax25); 1060 } 1061 if (ax25_dev) { 1062 if (!ax25_dev->device_up) { 1063 del_timer_sync(&ax25->timer); 1064 del_timer_sync(&ax25->t1timer); 1065 del_timer_sync(&ax25->t2timer); 1066 del_timer_sync(&ax25->t3timer); 1067 del_timer_sync(&ax25->idletimer); 1068 } 1069 netdev_put(ax25_dev->dev, &ax25->dev_tracker); 1070 ax25_dev_put(ax25_dev); 1071 } 1072 1073 sock->sk = NULL; 1074 release_sock(sk); 1075 sock_put(sk); 1076 1077 return 0; 1078} 1079 1080/* 1081 * We support a funny extension here so you can (as root) give any callsign 1082 * digipeated via a local address as source. This hack is obsolete now 1083 * that we've implemented support for SO_BINDTODEVICE. It is however small 1084 * and trivially backward compatible. 1085 */ 1086static int ax25_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) 1087{ 1088 struct sock *sk = sock->sk; 1089 struct full_sockaddr_ax25 *addr = (struct full_sockaddr_ax25 *)uaddr; 1090 ax25_dev *ax25_dev = NULL; 1091 ax25_uid_assoc *user; 1092 ax25_address call; 1093 ax25_cb *ax25; 1094 int err = 0; 1095 1096 if (addr_len != sizeof(struct sockaddr_ax25) && 1097 addr_len != sizeof(struct full_sockaddr_ax25)) 1098 /* support for old structure may go away some time 1099 * ax25_bind(): uses old (6 digipeater) socket structure. 1100 */ 1101 if ((addr_len < sizeof(struct sockaddr_ax25) + sizeof(ax25_address) * 6) || 1102 (addr_len > sizeof(struct full_sockaddr_ax25))) 1103 return -EINVAL; 1104 1105 if (addr->fsa_ax25.sax25_family != AF_AX25) 1106 return -EINVAL; 1107 1108 user = ax25_findbyuid(current_euid()); 1109 if (user) { 1110 call = user->call; 1111 ax25_uid_put(user); 1112 } else { 1113 if (ax25_uid_policy && !capable(CAP_NET_ADMIN)) 1114 return -EACCES; 1115 1116 call = addr->fsa_ax25.sax25_call; 1117 } 1118 1119 lock_sock(sk); 1120 1121 ax25 = sk_to_ax25(sk); 1122 if (!sock_flag(sk, SOCK_ZAPPED)) { 1123 err = -EINVAL; 1124 goto out; 1125 } 1126 1127 ax25->source_addr = call; 1128 1129 /* 1130 * User already set interface with SO_BINDTODEVICE 1131 */ 1132 if (ax25->ax25_dev != NULL) 1133 goto done; 1134 1135 if (addr_len > sizeof(struct sockaddr_ax25) && addr->fsa_ax25.sax25_ndigis == 1) { 1136 if (ax25cmp(&addr->fsa_digipeater[0], &null_ax25_address) != 0 && 1137 (ax25_dev = ax25_addr_ax25dev(&addr->fsa_digipeater[0])) == NULL) { 1138 err = -EADDRNOTAVAIL; 1139 goto out; 1140 } 1141 } else { 1142 if ((ax25_dev = ax25_addr_ax25dev(&addr->fsa_ax25.sax25_call)) == NULL) { 1143 err = -EADDRNOTAVAIL; 1144 goto out; 1145 } 1146 } 1147 1148 if (ax25_dev) { 1149 ax25_fillin_cb(ax25, ax25_dev); 1150 netdev_hold(ax25_dev->dev, &ax25->dev_tracker, GFP_ATOMIC); 1151 } 1152 1153done: 1154 ax25_cb_add(ax25); 1155 sock_reset_flag(sk, SOCK_ZAPPED); 1156 1157out: 1158 release_sock(sk); 1159 1160 return err; 1161} 1162 1163/* 1164 * FIXME: nonblock behaviour looks like it may have a bug. 1165 */ 1166static int __must_check ax25_connect(struct socket *sock, 1167 struct sockaddr *uaddr, int addr_len, int flags) 1168{ 1169 struct sock *sk = sock->sk; 1170 ax25_cb *ax25 = sk_to_ax25(sk), *ax25t; 1171 struct full_sockaddr_ax25 *fsa = (struct full_sockaddr_ax25 *)uaddr; 1172 ax25_digi *digi = NULL; 1173 int ct = 0, err = 0; 1174 1175 /* 1176 * some sanity checks. code further down depends on this 1177 */ 1178 1179 if (addr_len == sizeof(struct sockaddr_ax25)) 1180 /* support for this will go away in early 2.5.x 1181 * ax25_connect(): uses obsolete socket structure 1182 */ 1183 ; 1184 else if (addr_len != sizeof(struct full_sockaddr_ax25)) 1185 /* support for old structure may go away some time 1186 * ax25_connect(): uses old (6 digipeater) socket structure. 1187 */ 1188 if ((addr_len < sizeof(struct sockaddr_ax25) + sizeof(ax25_address) * 6) || 1189 (addr_len > sizeof(struct full_sockaddr_ax25))) 1190 return -EINVAL; 1191 1192 1193 if (fsa->fsa_ax25.sax25_family != AF_AX25) 1194 return -EINVAL; 1195 1196 lock_sock(sk); 1197 1198 /* deal with restarts */ 1199 if (sock->state == SS_CONNECTING) { 1200 switch (sk->sk_state) { 1201 case TCP_SYN_SENT: /* still trying */ 1202 err = -EINPROGRESS; 1203 goto out_release; 1204 1205 case TCP_ESTABLISHED: /* connection established */ 1206 sock->state = SS_CONNECTED; 1207 goto out_release; 1208 1209 case TCP_CLOSE: /* connection refused */ 1210 sock->state = SS_UNCONNECTED; 1211 err = -ECONNREFUSED; 1212 goto out_release; 1213 } 1214 } 1215 1216 if (sk->sk_state == TCP_ESTABLISHED && sk->sk_type == SOCK_SEQPACKET) { 1217 err = -EISCONN; /* No reconnect on a seqpacket socket */ 1218 goto out_release; 1219 } 1220 1221 sk->sk_state = TCP_CLOSE; 1222 sock->state = SS_UNCONNECTED; 1223 1224 kfree(ax25->digipeat); 1225 ax25->digipeat = NULL; 1226 1227 /* 1228 * Handle digi-peaters to be used. 1229 */ 1230 if (addr_len > sizeof(struct sockaddr_ax25) && 1231 fsa->fsa_ax25.sax25_ndigis != 0) { 1232 /* Valid number of digipeaters ? */ 1233 if (fsa->fsa_ax25.sax25_ndigis < 1 || 1234 fsa->fsa_ax25.sax25_ndigis > AX25_MAX_DIGIS || 1235 addr_len < sizeof(struct sockaddr_ax25) + 1236 sizeof(ax25_address) * fsa->fsa_ax25.sax25_ndigis) { 1237 err = -EINVAL; 1238 goto out_release; 1239 } 1240 1241 if ((digi = kmalloc(sizeof(ax25_digi), GFP_KERNEL)) == NULL) { 1242 err = -ENOBUFS; 1243 goto out_release; 1244 } 1245 1246 digi->ndigi = fsa->fsa_ax25.sax25_ndigis; 1247 digi->lastrepeat = -1; 1248 1249 while (ct < fsa->fsa_ax25.sax25_ndigis) { 1250 if ((fsa->fsa_digipeater[ct].ax25_call[6] & 1251 AX25_HBIT) && ax25->iamdigi) { 1252 digi->repeated[ct] = 1; 1253 digi->lastrepeat = ct; 1254 } else { 1255 digi->repeated[ct] = 0; 1256 } 1257 digi->calls[ct] = fsa->fsa_digipeater[ct]; 1258 ct++; 1259 } 1260 } 1261 1262 /* 1263 * Must bind first - autobinding in this may or may not work. If 1264 * the socket is already bound, check to see if the device has 1265 * been filled in, error if it hasn't. 1266 */ 1267 if (sock_flag(sk, SOCK_ZAPPED)) { 1268 /* check if we can remove this feature. It is broken. */ 1269 printk(KERN_WARNING "ax25_connect(): %s uses autobind, please contact jreuter@yaina.de\n", 1270 current->comm); 1271 if ((err = ax25_rt_autobind(ax25, &fsa->fsa_ax25.sax25_call)) < 0) { 1272 kfree(digi); 1273 goto out_release; 1274 } 1275 1276 ax25_fillin_cb(ax25, ax25->ax25_dev); 1277 ax25_cb_add(ax25); 1278 } else { 1279 if (ax25->ax25_dev == NULL) { 1280 kfree(digi); 1281 err = -EHOSTUNREACH; 1282 goto out_release; 1283 } 1284 } 1285 1286 if (sk->sk_type == SOCK_SEQPACKET && 1287 (ax25t=ax25_find_cb(&ax25->source_addr, &fsa->fsa_ax25.sax25_call, digi, 1288 ax25->ax25_dev->dev))) { 1289 kfree(digi); 1290 err = -EADDRINUSE; /* Already such a connection */ 1291 ax25_cb_put(ax25t); 1292 goto out_release; 1293 } 1294 1295 ax25->dest_addr = fsa->fsa_ax25.sax25_call; 1296 ax25->digipeat = digi; 1297 1298 /* First the easy one */ 1299 if (sk->sk_type != SOCK_SEQPACKET) { 1300 sock->state = SS_CONNECTED; 1301 sk->sk_state = TCP_ESTABLISHED; 1302 goto out_release; 1303 } 1304 1305 /* Move to connecting socket, ax.25 lapb WAIT_UA.. */ 1306 sock->state = SS_CONNECTING; 1307 sk->sk_state = TCP_SYN_SENT; 1308 1309 switch (ax25->ax25_dev->values[AX25_VALUES_PROTOCOL]) { 1310 case AX25_PROTO_STD_SIMPLEX: 1311 case AX25_PROTO_STD_DUPLEX: 1312 ax25_std_establish_data_link(ax25); 1313 break; 1314 1315#ifdef CONFIG_AX25_DAMA_SLAVE 1316 case AX25_PROTO_DAMA_SLAVE: 1317 ax25->modulus = AX25_MODULUS; 1318 ax25->window = ax25->ax25_dev->values[AX25_VALUES_WINDOW]; 1319 if (ax25->ax25_dev->dama.slave) 1320 ax25_ds_establish_data_link(ax25); 1321 else 1322 ax25_std_establish_data_link(ax25); 1323 break; 1324#endif 1325 } 1326 1327 ax25->state = AX25_STATE_1; 1328 1329 ax25_start_heartbeat(ax25); 1330 1331 /* Now the loop */ 1332 if (sk->sk_state != TCP_ESTABLISHED && (flags & O_NONBLOCK)) { 1333 err = -EINPROGRESS; 1334 goto out_release; 1335 } 1336 1337 if (sk->sk_state == TCP_SYN_SENT) { 1338 DEFINE_WAIT(wait); 1339 1340 for (;;) { 1341 prepare_to_wait(sk_sleep(sk), &wait, 1342 TASK_INTERRUPTIBLE); 1343 if (sk->sk_state != TCP_SYN_SENT) 1344 break; 1345 if (!signal_pending(current)) { 1346 release_sock(sk); 1347 schedule(); 1348 lock_sock(sk); 1349 continue; 1350 } 1351 err = -ERESTARTSYS; 1352 break; 1353 } 1354 finish_wait(sk_sleep(sk), &wait); 1355 1356 if (err) 1357 goto out_release; 1358 } 1359 1360 if (sk->sk_state != TCP_ESTABLISHED) { 1361 /* Not in ABM, not in WAIT_UA -> failed */ 1362 sock->state = SS_UNCONNECTED; 1363 err = sock_error(sk); /* Always set at this point */ 1364 goto out_release; 1365 } 1366 1367 sock->state = SS_CONNECTED; 1368 1369 err = 0; 1370out_release: 1371 release_sock(sk); 1372 1373 return err; 1374} 1375 1376static int ax25_accept(struct socket *sock, struct socket *newsock, int flags, 1377 bool kern) 1378{ 1379 struct sk_buff *skb; 1380 struct sock *newsk; 1381 DEFINE_WAIT(wait); 1382 struct sock *sk; 1383 int err = 0; 1384 1385 if (sock->state != SS_UNCONNECTED) 1386 return -EINVAL; 1387 1388 if ((sk = sock->sk) == NULL) 1389 return -EINVAL; 1390 1391 lock_sock(sk); 1392 if (sk->sk_type != SOCK_SEQPACKET) { 1393 err = -EOPNOTSUPP; 1394 goto out; 1395 } 1396 1397 if (sk->sk_state != TCP_LISTEN) { 1398 err = -EINVAL; 1399 goto out; 1400 } 1401 1402 /* 1403 * The read queue this time is holding sockets ready to use 1404 * hooked into the SABM we saved 1405 */ 1406 for (;;) { 1407 prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE); 1408 skb = skb_dequeue(&sk->sk_receive_queue); 1409 if (skb) 1410 break; 1411 1412 if (flags & O_NONBLOCK) { 1413 err = -EWOULDBLOCK; 1414 break; 1415 } 1416 if (!signal_pending(current)) { 1417 release_sock(sk); 1418 schedule(); 1419 lock_sock(sk); 1420 continue; 1421 } 1422 err = -ERESTARTSYS; 1423 break; 1424 } 1425 finish_wait(sk_sleep(sk), &wait); 1426 1427 if (err) 1428 goto out; 1429 1430 newsk = skb->sk; 1431 sock_graft(newsk, newsock); 1432 1433 /* Now attach up the new socket */ 1434 kfree_skb(skb); 1435 sk_acceptq_removed(sk); 1436 newsock->state = SS_CONNECTED; 1437 1438out: 1439 release_sock(sk); 1440 1441 return err; 1442} 1443 1444static int ax25_getname(struct socket *sock, struct sockaddr *uaddr, 1445 int peer) 1446{ 1447 struct full_sockaddr_ax25 *fsa = (struct full_sockaddr_ax25 *)uaddr; 1448 struct sock *sk = sock->sk; 1449 unsigned char ndigi, i; 1450 ax25_cb *ax25; 1451 int err = 0; 1452 1453 memset(fsa, 0, sizeof(*fsa)); 1454 lock_sock(sk); 1455 ax25 = sk_to_ax25(sk); 1456 1457 if (peer != 0) { 1458 if (sk->sk_state != TCP_ESTABLISHED) { 1459 err = -ENOTCONN; 1460 goto out; 1461 } 1462 1463 fsa->fsa_ax25.sax25_family = AF_AX25; 1464 fsa->fsa_ax25.sax25_call = ax25->dest_addr; 1465 1466 if (ax25->digipeat != NULL) { 1467 ndigi = ax25->digipeat->ndigi; 1468 fsa->fsa_ax25.sax25_ndigis = ndigi; 1469 for (i = 0; i < ndigi; i++) 1470 fsa->fsa_digipeater[i] = 1471 ax25->digipeat->calls[i]; 1472 } 1473 } else { 1474 fsa->fsa_ax25.sax25_family = AF_AX25; 1475 fsa->fsa_ax25.sax25_call = ax25->source_addr; 1476 fsa->fsa_ax25.sax25_ndigis = 1; 1477 if (ax25->ax25_dev != NULL) { 1478 memcpy(&fsa->fsa_digipeater[0], 1479 ax25->ax25_dev->dev->dev_addr, AX25_ADDR_LEN); 1480 } else { 1481 fsa->fsa_digipeater[0] = null_ax25_address; 1482 } 1483 } 1484 err = sizeof (struct full_sockaddr_ax25); 1485 1486out: 1487 release_sock(sk); 1488 1489 return err; 1490} 1491 1492static int ax25_sendmsg(struct socket *sock, struct msghdr *msg, size_t len) 1493{ 1494 DECLARE_SOCKADDR(struct sockaddr_ax25 *, usax, msg->msg_name); 1495 struct sock *sk = sock->sk; 1496 struct sockaddr_ax25 sax; 1497 struct sk_buff *skb; 1498 ax25_digi dtmp, *dp; 1499 ax25_cb *ax25; 1500 size_t size; 1501 int lv, err, addr_len = msg->msg_namelen; 1502 1503 if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_EOR|MSG_CMSG_COMPAT)) 1504 return -EINVAL; 1505 1506 lock_sock(sk); 1507 ax25 = sk_to_ax25(sk); 1508 1509 if (sock_flag(sk, SOCK_ZAPPED)) { 1510 err = -EADDRNOTAVAIL; 1511 goto out; 1512 } 1513 1514 if (sk->sk_shutdown & SEND_SHUTDOWN) { 1515 send_sig(SIGPIPE, current, 0); 1516 err = -EPIPE; 1517 goto out; 1518 } 1519 1520 if (ax25->ax25_dev == NULL) { 1521 err = -ENETUNREACH; 1522 goto out; 1523 } 1524 1525 if (len > ax25->ax25_dev->dev->mtu) { 1526 err = -EMSGSIZE; 1527 goto out; 1528 } 1529 1530 if (usax != NULL) { 1531 if (usax->sax25_family != AF_AX25) { 1532 err = -EINVAL; 1533 goto out; 1534 } 1535 1536 if (addr_len == sizeof(struct sockaddr_ax25)) 1537 /* ax25_sendmsg(): uses obsolete socket structure */ 1538 ; 1539 else if (addr_len != sizeof(struct full_sockaddr_ax25)) 1540 /* support for old structure may go away some time 1541 * ax25_sendmsg(): uses old (6 digipeater) 1542 * socket structure. 1543 */ 1544 if ((addr_len < sizeof(struct sockaddr_ax25) + sizeof(ax25_address) * 6) || 1545 (addr_len > sizeof(struct full_sockaddr_ax25))) { 1546 err = -EINVAL; 1547 goto out; 1548 } 1549 1550 1551 if (addr_len > sizeof(struct sockaddr_ax25) && usax->sax25_ndigis != 0) { 1552 int ct = 0; 1553 struct full_sockaddr_ax25 *fsa = (struct full_sockaddr_ax25 *)usax; 1554 1555 /* Valid number of digipeaters ? */ 1556 if (usax->sax25_ndigis < 1 || 1557 usax->sax25_ndigis > AX25_MAX_DIGIS || 1558 addr_len < sizeof(struct sockaddr_ax25) + 1559 sizeof(ax25_address) * usax->sax25_ndigis) { 1560 err = -EINVAL; 1561 goto out; 1562 } 1563 1564 dtmp.ndigi = usax->sax25_ndigis; 1565 1566 while (ct < usax->sax25_ndigis) { 1567 dtmp.repeated[ct] = 0; 1568 dtmp.calls[ct] = fsa->fsa_digipeater[ct]; 1569 ct++; 1570 } 1571 1572 dtmp.lastrepeat = 0; 1573 } 1574 1575 sax = *usax; 1576 if (sk->sk_type == SOCK_SEQPACKET && 1577 ax25cmp(&ax25->dest_addr, &sax.sax25_call)) { 1578 err = -EISCONN; 1579 goto out; 1580 } 1581 if (usax->sax25_ndigis == 0) 1582 dp = NULL; 1583 else 1584 dp = &dtmp; 1585 } else { 1586 /* 1587 * FIXME: 1003.1g - if the socket is like this because 1588 * it has become closed (not started closed) and is VC 1589 * we ought to SIGPIPE, EPIPE 1590 */ 1591 if (sk->sk_state != TCP_ESTABLISHED) { 1592 err = -ENOTCONN; 1593 goto out; 1594 } 1595 sax.sax25_family = AF_AX25; 1596 sax.sax25_call = ax25->dest_addr; 1597 dp = ax25->digipeat; 1598 } 1599 1600 /* Build a packet */ 1601 /* Assume the worst case */ 1602 size = len + ax25->ax25_dev->dev->hard_header_len; 1603 1604 skb = sock_alloc_send_skb(sk, size, msg->msg_flags&MSG_DONTWAIT, &err); 1605 if (skb == NULL) 1606 goto out; 1607 1608 skb_reserve(skb, size - len); 1609 1610 /* User data follows immediately after the AX.25 data */ 1611 if (memcpy_from_msg(skb_put(skb, len), msg, len)) { 1612 err = -EFAULT; 1613 kfree_skb(skb); 1614 goto out; 1615 } 1616 1617 skb_reset_network_header(skb); 1618 1619 /* Add the PID if one is not supplied by the user in the skb */ 1620 if (!ax25->pidincl) 1621 *(u8 *)skb_push(skb, 1) = sk->sk_protocol; 1622 1623 if (sk->sk_type == SOCK_SEQPACKET) { 1624 /* Connected mode sockets go via the LAPB machine */ 1625 if (sk->sk_state != TCP_ESTABLISHED) { 1626 kfree_skb(skb); 1627 err = -ENOTCONN; 1628 goto out; 1629 } 1630 1631 /* Shove it onto the queue and kick */ 1632 ax25_output(ax25, ax25->paclen, skb); 1633 1634 err = len; 1635 goto out; 1636 } 1637 1638 skb_push(skb, 1 + ax25_addr_size(dp)); 1639 1640 /* Building AX.25 Header */ 1641 1642 /* Build an AX.25 header */ 1643 lv = ax25_addr_build(skb->data, &ax25->source_addr, &sax.sax25_call, 1644 dp, AX25_COMMAND, AX25_MODULUS); 1645 1646 skb_set_transport_header(skb, lv); 1647 1648 *skb_transport_header(skb) = AX25_UI; 1649 1650 /* Datagram frames go straight out of the door as UI */ 1651 ax25_queue_xmit(skb, ax25->ax25_dev->dev); 1652 1653 err = len; 1654 1655out: 1656 release_sock(sk); 1657 1658 return err; 1659} 1660 1661static int ax25_recvmsg(struct socket *sock, struct msghdr *msg, size_t size, 1662 int flags) 1663{ 1664 struct sock *sk = sock->sk; 1665 struct sk_buff *skb, *last; 1666 struct sk_buff_head *sk_queue; 1667 int copied; 1668 int err = 0; 1669 int off = 0; 1670 long timeo; 1671 1672 lock_sock(sk); 1673 /* 1674 * This works for seqpacket too. The receiver has ordered the 1675 * queue for us! We do one quick check first though 1676 */ 1677 if (sk->sk_type == SOCK_SEQPACKET && sk->sk_state != TCP_ESTABLISHED) { 1678 err = -ENOTCONN; 1679 goto out; 1680 } 1681 1682 /* We need support for non-blocking reads. */ 1683 sk_queue = &sk->sk_receive_queue; 1684 skb = __skb_try_recv_datagram(sk, sk_queue, flags, &off, &err, &last); 1685 /* If no packet is available, release_sock(sk) and try again. */ 1686 if (!skb) { 1687 if (err != -EAGAIN) 1688 goto out; 1689 release_sock(sk); 1690 timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); 1691 while (timeo && !__skb_wait_for_more_packets(sk, sk_queue, &err, 1692 &timeo, last)) { 1693 skb = __skb_try_recv_datagram(sk, sk_queue, flags, &off, 1694 &err, &last); 1695 if (skb) 1696 break; 1697 1698 if (err != -EAGAIN) 1699 goto done; 1700 } 1701 if (!skb) 1702 goto done; 1703 lock_sock(sk); 1704 } 1705 1706 if (!sk_to_ax25(sk)->pidincl) 1707 skb_pull(skb, 1); /* Remove PID */ 1708 1709 skb_reset_transport_header(skb); 1710 copied = skb->len; 1711 1712 if (copied > size) { 1713 copied = size; 1714 msg->msg_flags |= MSG_TRUNC; 1715 } 1716 1717 skb_copy_datagram_msg(skb, 0, msg, copied); 1718 1719 if (msg->msg_name) { 1720 ax25_digi digi; 1721 ax25_address src; 1722 const unsigned char *mac = skb_mac_header(skb); 1723 DECLARE_SOCKADDR(struct sockaddr_ax25 *, sax, msg->msg_name); 1724 1725 memset(sax, 0, sizeof(struct full_sockaddr_ax25)); 1726 ax25_addr_parse(mac + 1, skb->data - mac - 1, &src, NULL, 1727 &digi, NULL, NULL); 1728 sax->sax25_family = AF_AX25; 1729 /* We set this correctly, even though we may not let the 1730 application know the digi calls further down (because it 1731 did NOT ask to know them). This could get political... **/ 1732 sax->sax25_ndigis = digi.ndigi; 1733 sax->sax25_call = src; 1734 1735 if (sax->sax25_ndigis != 0) { 1736 int ct; 1737 struct full_sockaddr_ax25 *fsa = (struct full_sockaddr_ax25 *)sax; 1738 1739 for (ct = 0; ct < digi.ndigi; ct++) 1740 fsa->fsa_digipeater[ct] = digi.calls[ct]; 1741 } 1742 msg->msg_namelen = sizeof(struct full_sockaddr_ax25); 1743 } 1744 1745 skb_free_datagram(sk, skb); 1746 err = copied; 1747 1748out: 1749 release_sock(sk); 1750 1751done: 1752 return err; 1753} 1754 1755static int ax25_shutdown(struct socket *sk, int how) 1756{ 1757 /* FIXME - generate DM and RNR states */ 1758 return -EOPNOTSUPP; 1759} 1760 1761static int ax25_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) 1762{ 1763 struct sock *sk = sock->sk; 1764 void __user *argp = (void __user *)arg; 1765 int res = 0; 1766 1767 lock_sock(sk); 1768 switch (cmd) { 1769 case TIOCOUTQ: { 1770 long amount; 1771 1772 amount = sk->sk_sndbuf - sk_wmem_alloc_get(sk); 1773 if (amount < 0) 1774 amount = 0; 1775 res = put_user(amount, (int __user *)argp); 1776 break; 1777 } 1778 1779 case TIOCINQ: { 1780 struct sk_buff *skb; 1781 long amount = 0L; 1782 /* These two are safe on a single CPU system as only user tasks fiddle here */ 1783 if ((skb = skb_peek(&sk->sk_receive_queue)) != NULL) 1784 amount = skb->len; 1785 res = put_user(amount, (int __user *) argp); 1786 break; 1787 } 1788 1789 case SIOCAX25ADDUID: /* Add a uid to the uid/call map table */ 1790 case SIOCAX25DELUID: /* Delete a uid from the uid/call map table */ 1791 case SIOCAX25GETUID: { 1792 struct sockaddr_ax25 sax25; 1793 if (copy_from_user(&sax25, argp, sizeof(sax25))) { 1794 res = -EFAULT; 1795 break; 1796 } 1797 res = ax25_uid_ioctl(cmd, &sax25); 1798 break; 1799 } 1800 1801 case SIOCAX25NOUID: { /* Set the default policy (default/bar) */ 1802 long amount; 1803 if (!capable(CAP_NET_ADMIN)) { 1804 res = -EPERM; 1805 break; 1806 } 1807 if (get_user(amount, (long __user *)argp)) { 1808 res = -EFAULT; 1809 break; 1810 } 1811 if (amount < 0 || amount > AX25_NOUID_BLOCK) { 1812 res = -EINVAL; 1813 break; 1814 } 1815 ax25_uid_policy = amount; 1816 res = 0; 1817 break; 1818 } 1819 1820 case SIOCADDRT: 1821 case SIOCDELRT: 1822 case SIOCAX25OPTRT: 1823 if (!capable(CAP_NET_ADMIN)) { 1824 res = -EPERM; 1825 break; 1826 } 1827 res = ax25_rt_ioctl(cmd, argp); 1828 break; 1829 1830 case SIOCAX25CTLCON: 1831 if (!capable(CAP_NET_ADMIN)) { 1832 res = -EPERM; 1833 break; 1834 } 1835 res = ax25_ctl_ioctl(cmd, argp); 1836 break; 1837 1838 case SIOCAX25GETINFO: 1839 case SIOCAX25GETINFOOLD: { 1840 ax25_cb *ax25 = sk_to_ax25(sk); 1841 struct ax25_info_struct ax25_info; 1842 1843 ax25_info.t1 = ax25->t1 / HZ; 1844 ax25_info.t2 = ax25->t2 / HZ; 1845 ax25_info.t3 = ax25->t3 / HZ; 1846 ax25_info.idle = ax25->idle / (60 * HZ); 1847 ax25_info.n2 = ax25->n2; 1848 ax25_info.t1timer = ax25_display_timer(&ax25->t1timer) / HZ; 1849 ax25_info.t2timer = ax25_display_timer(&ax25->t2timer) / HZ; 1850 ax25_info.t3timer = ax25_display_timer(&ax25->t3timer) / HZ; 1851 ax25_info.idletimer = ax25_display_timer(&ax25->idletimer) / (60 * HZ); 1852 ax25_info.n2count = ax25->n2count; 1853 ax25_info.state = ax25->state; 1854 ax25_info.rcv_q = sk_rmem_alloc_get(sk); 1855 ax25_info.snd_q = sk_wmem_alloc_get(sk); 1856 ax25_info.vs = ax25->vs; 1857 ax25_info.vr = ax25->vr; 1858 ax25_info.va = ax25->va; 1859 ax25_info.vs_max = ax25->vs; /* reserved */ 1860 ax25_info.paclen = ax25->paclen; 1861 ax25_info.window = ax25->window; 1862 1863 /* old structure? */ 1864 if (cmd == SIOCAX25GETINFOOLD) { 1865 static int warned = 0; 1866 if (!warned) { 1867 printk(KERN_INFO "%s uses old SIOCAX25GETINFO\n", 1868 current->comm); 1869 warned=1; 1870 } 1871 1872 if (copy_to_user(argp, &ax25_info, sizeof(struct ax25_info_struct_deprecated))) { 1873 res = -EFAULT; 1874 break; 1875 } 1876 } else { 1877 if (copy_to_user(argp, &ax25_info, sizeof(struct ax25_info_struct))) { 1878 res = -EINVAL; 1879 break; 1880 } 1881 } 1882 res = 0; 1883 break; 1884 } 1885 1886 case SIOCAX25ADDFWD: 1887 case SIOCAX25DELFWD: { 1888 struct ax25_fwd_struct ax25_fwd; 1889 if (!capable(CAP_NET_ADMIN)) { 1890 res = -EPERM; 1891 break; 1892 } 1893 if (copy_from_user(&ax25_fwd, argp, sizeof(ax25_fwd))) { 1894 res = -EFAULT; 1895 break; 1896 } 1897 res = ax25_fwd_ioctl(cmd, &ax25_fwd); 1898 break; 1899 } 1900 1901 case SIOCGIFADDR: 1902 case SIOCSIFADDR: 1903 case SIOCGIFDSTADDR: 1904 case SIOCSIFDSTADDR: 1905 case SIOCGIFBRDADDR: 1906 case SIOCSIFBRDADDR: 1907 case SIOCGIFNETMASK: 1908 case SIOCSIFNETMASK: 1909 case SIOCGIFMETRIC: 1910 case SIOCSIFMETRIC: 1911 res = -EINVAL; 1912 break; 1913 1914 default: 1915 res = -ENOIOCTLCMD; 1916 break; 1917 } 1918 release_sock(sk); 1919 1920 return res; 1921} 1922 1923#ifdef CONFIG_PROC_FS 1924 1925static void *ax25_info_start(struct seq_file *seq, loff_t *pos) 1926 __acquires(ax25_list_lock) 1927{ 1928 spin_lock_bh(&ax25_list_lock); 1929 return seq_hlist_start(&ax25_list, *pos); 1930} 1931 1932static void *ax25_info_next(struct seq_file *seq, void *v, loff_t *pos) 1933{ 1934 return seq_hlist_next(v, &ax25_list, pos); 1935} 1936 1937static void ax25_info_stop(struct seq_file *seq, void *v) 1938 __releases(ax25_list_lock) 1939{ 1940 spin_unlock_bh(&ax25_list_lock); 1941} 1942 1943static int ax25_info_show(struct seq_file *seq, void *v) 1944{ 1945 ax25_cb *ax25 = hlist_entry(v, struct ax25_cb, ax25_node); 1946 char buf[11]; 1947 int k; 1948 1949 1950 /* 1951 * New format: 1952 * magic dev src_addr dest_addr,digi1,digi2,.. st vs vr va t1 t1 t2 t2 t3 t3 idle idle n2 n2 rtt window paclen Snd-Q Rcv-Q inode 1953 */ 1954 1955 seq_printf(seq, "%p %s %s%s ", 1956 ax25, 1957 ax25->ax25_dev == NULL? "???" : ax25->ax25_dev->dev->name, 1958 ax2asc(buf, &ax25->source_addr), 1959 ax25->iamdigi? "*":""); 1960 seq_printf(seq, "%s", ax2asc(buf, &ax25->dest_addr)); 1961 1962 for (k=0; (ax25->digipeat != NULL) && (k < ax25->digipeat->ndigi); k++) { 1963 seq_printf(seq, ",%s%s", 1964 ax2asc(buf, &ax25->digipeat->calls[k]), 1965 ax25->digipeat->repeated[k]? "*":""); 1966 } 1967 1968 seq_printf(seq, " %d %d %d %d %lu %lu %lu %lu %lu %lu %lu %lu %d %d %lu %d %d", 1969 ax25->state, 1970 ax25->vs, ax25->vr, ax25->va, 1971 ax25_display_timer(&ax25->t1timer) / HZ, ax25->t1 / HZ, 1972 ax25_display_timer(&ax25->t2timer) / HZ, ax25->t2 / HZ, 1973 ax25_display_timer(&ax25->t3timer) / HZ, ax25->t3 / HZ, 1974 ax25_display_timer(&ax25->idletimer) / (60 * HZ), 1975 ax25->idle / (60 * HZ), 1976 ax25->n2count, ax25->n2, 1977 ax25->rtt / HZ, 1978 ax25->window, 1979 ax25->paclen); 1980 1981 if (ax25->sk != NULL) { 1982 seq_printf(seq, " %d %d %lu\n", 1983 sk_wmem_alloc_get(ax25->sk), 1984 sk_rmem_alloc_get(ax25->sk), 1985 sock_i_ino(ax25->sk)); 1986 } else { 1987 seq_puts(seq, " * * *\n"); 1988 } 1989 return 0; 1990} 1991 1992static const struct seq_operations ax25_info_seqops = { 1993 .start = ax25_info_start, 1994 .next = ax25_info_next, 1995 .stop = ax25_info_stop, 1996 .show = ax25_info_show, 1997}; 1998#endif 1999 2000static const struct net_proto_family ax25_family_ops = { 2001 .family = PF_AX25, 2002 .create = ax25_create, 2003 .owner = THIS_MODULE, 2004}; 2005 2006static const struct proto_ops ax25_proto_ops = { 2007 .family = PF_AX25, 2008 .owner = THIS_MODULE, 2009 .release = ax25_release, 2010 .bind = ax25_bind, 2011 .connect = ax25_connect, 2012 .socketpair = sock_no_socketpair, 2013 .accept = ax25_accept, 2014 .getname = ax25_getname, 2015 .poll = datagram_poll, 2016 .ioctl = ax25_ioctl, 2017 .gettstamp = sock_gettstamp, 2018 .listen = ax25_listen, 2019 .shutdown = ax25_shutdown, 2020 .setsockopt = ax25_setsockopt, 2021 .getsockopt = ax25_getsockopt, 2022 .sendmsg = ax25_sendmsg, 2023 .recvmsg = ax25_recvmsg, 2024 .mmap = sock_no_mmap, 2025}; 2026 2027/* 2028 * Called by socket.c on kernel start up 2029 */ 2030static struct packet_type ax25_packet_type __read_mostly = { 2031 .type = cpu_to_be16(ETH_P_AX25), 2032 .func = ax25_kiss_rcv, 2033}; 2034 2035static struct notifier_block ax25_dev_notifier = { 2036 .notifier_call = ax25_device_event, 2037}; 2038 2039static int __init ax25_init(void) 2040{ 2041 int rc = proto_register(&ax25_proto, 0); 2042 2043 if (rc != 0) 2044 goto out; 2045 2046 sock_register(&ax25_family_ops); 2047 dev_add_pack(&ax25_packet_type); 2048 register_netdevice_notifier(&ax25_dev_notifier); 2049 2050 proc_create_seq("ax25_route", 0444, init_net.proc_net, &ax25_rt_seqops); 2051 proc_create_seq("ax25", 0444, init_net.proc_net, &ax25_info_seqops); 2052 proc_create_seq("ax25_calls", 0444, init_net.proc_net, 2053 &ax25_uid_seqops); 2054out: 2055 return rc; 2056} 2057module_init(ax25_init); 2058 2059 2060MODULE_AUTHOR("Jonathan Naylor G4KLX <g4klx@g4klx.demon.co.uk>"); 2061MODULE_DESCRIPTION("The amateur radio AX.25 link layer protocol"); 2062MODULE_LICENSE("GPL"); 2063MODULE_ALIAS_NETPROTO(PF_AX25); 2064 2065static void __exit ax25_exit(void) 2066{ 2067 remove_proc_entry("ax25_route", init_net.proc_net); 2068 remove_proc_entry("ax25", init_net.proc_net); 2069 remove_proc_entry("ax25_calls", init_net.proc_net); 2070 2071 unregister_netdevice_notifier(&ax25_dev_notifier); 2072 2073 dev_remove_pack(&ax25_packet_type); 2074 2075 sock_unregister(PF_AX25); 2076 proto_unregister(&ax25_proto); 2077 2078 ax25_rt_free(); 2079 ax25_uid_free(); 2080 ax25_dev_free(); 2081} 2082module_exit(ax25_exit); 2083