root/net/decnet/dn_nsp_in.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. dn_log_martian
  2. dn_ack
  3. dn_process_ack
  4. dn_check_idf
  5. dn_find_listener
  6. dn_nsp_conn_init
  7. dn_nsp_conn_conf
  8. dn_nsp_conn_ack
  9. dn_nsp_disc_init
  10. dn_nsp_disc_conf
  11. dn_nsp_linkservice
  12. dn_queue_skb
  13. dn_nsp_otherdata
  14. dn_nsp_data
  15. dn_returned_conn_init
  16. dn_nsp_no_socket
  17. dn_nsp_rx_packet
  18. dn_nsp_rx
  19. dn_nsp_backlog_rcv
   1 // SPDX-License-Identifier: GPL-2.0-or-later
   2 /*
   3  * DECnet       An implementation of the DECnet protocol suite for the LINUX
   4  *              operating system.  DECnet is implemented using the  BSD Socket
   5  *              interface as the means of communication with the user level.
   6  *
   7  *              DECnet Network Services Protocol (Input)
   8  *
   9  * Author:      Eduardo Marcelo Serrat <emserrat@geocities.com>
  10  *
  11  * Changes:
  12  *
  13  *    Steve Whitehouse:  Split into dn_nsp_in.c and dn_nsp_out.c from
  14  *                       original dn_nsp.c.
  15  *    Steve Whitehouse:  Updated to work with my new routing architecture.
  16  *    Steve Whitehouse:  Add changes from Eduardo Serrat's patches.
  17  *    Steve Whitehouse:  Put all ack handling code in a common routine.
  18  *    Steve Whitehouse:  Put other common bits into dn_nsp_rx()
  19  *    Steve Whitehouse:  More checks on skb->len to catch bogus packets
  20  *                       Fixed various race conditions and possible nasties.
  21  *    Steve Whitehouse:  Now handles returned conninit frames.
  22  *     David S. Miller:  New socket locking
  23  *    Steve Whitehouse:  Fixed lockup when socket filtering was enabled.
  24  *         Paul Koning:  Fix to push CC sockets into RUN when acks are
  25  *                       received.
  26  *    Steve Whitehouse:
  27  *   Patrick Caulfield:  Checking conninits for correctness & sending of error
  28  *                       responses.
  29  *    Steve Whitehouse:  Added backlog congestion level return codes.
  30  *   Patrick Caulfield:
  31  *    Steve Whitehouse:  Added flow control support (outbound)
  32  *    Steve Whitehouse:  Prepare for nonlinear skbs
  33  */
  34 
  35 /******************************************************************************
  36     (c) 1995-1998 E.M. Serrat           emserrat@geocities.com
  37 
  38 *******************************************************************************/
  39 
  40 #include <linux/errno.h>
  41 #include <linux/types.h>
  42 #include <linux/socket.h>
  43 #include <linux/in.h>
  44 #include <linux/kernel.h>
  45 #include <linux/timer.h>
  46 #include <linux/string.h>
  47 #include <linux/sockios.h>
  48 #include <linux/net.h>
  49 #include <linux/netdevice.h>
  50 #include <linux/inet.h>
  51 #include <linux/route.h>
  52 #include <linux/slab.h>
  53 #include <net/sock.h>
  54 #include <net/tcp_states.h>
  55 #include <linux/fcntl.h>
  56 #include <linux/mm.h>
  57 #include <linux/termios.h>
  58 #include <linux/interrupt.h>
  59 #include <linux/proc_fs.h>
  60 #include <linux/stat.h>
  61 #include <linux/init.h>
  62 #include <linux/poll.h>
  63 #include <linux/netfilter_decnet.h>
  64 #include <net/neighbour.h>
  65 #include <net/dst.h>
  66 #include <net/dn.h>
  67 #include <net/dn_nsp.h>
  68 #include <net/dn_dev.h>
  69 #include <net/dn_route.h>
  70 
  71 extern int decnet_log_martians;
  72 
  73 static void dn_log_martian(struct sk_buff *skb, const char *msg)
  74 {
  75         if (decnet_log_martians) {
  76                 char *devname = skb->dev ? skb->dev->name : "???";
  77                 struct dn_skb_cb *cb = DN_SKB_CB(skb);
  78                 net_info_ratelimited("DECnet: Martian packet (%s) dev=%s src=0x%04hx dst=0x%04hx srcport=0x%04hx dstport=0x%04hx\n",
  79                                      msg, devname,
  80                                      le16_to_cpu(cb->src),
  81                                      le16_to_cpu(cb->dst),
  82                                      le16_to_cpu(cb->src_port),
  83                                      le16_to_cpu(cb->dst_port));
  84         }
  85 }
  86 
  87 /*
  88  * For this function we've flipped the cross-subchannel bit
  89  * if the message is an otherdata or linkservice message. Thus
  90  * we can use it to work out what to update.
  91  */
  92 static void dn_ack(struct sock *sk, struct sk_buff *skb, unsigned short ack)
  93 {
  94         struct dn_scp *scp = DN_SK(sk);
  95         unsigned short type = ((ack >> 12) & 0x0003);
  96         int wakeup = 0;
  97 
  98         switch (type) {
  99         case 0: /* ACK - Data */
 100                 if (dn_after(ack, scp->ackrcv_dat)) {
 101                         scp->ackrcv_dat = ack & 0x0fff;
 102                         wakeup |= dn_nsp_check_xmit_queue(sk, skb,
 103                                                           &scp->data_xmit_queue,
 104                                                           ack);
 105                 }
 106                 break;
 107         case 1: /* NAK - Data */
 108                 break;
 109         case 2: /* ACK - OtherData */
 110                 if (dn_after(ack, scp->ackrcv_oth)) {
 111                         scp->ackrcv_oth = ack & 0x0fff;
 112                         wakeup |= dn_nsp_check_xmit_queue(sk, skb,
 113                                                           &scp->other_xmit_queue,
 114                                                           ack);
 115                 }
 116                 break;
 117         case 3: /* NAK - OtherData */
 118                 break;
 119         }
 120 
 121         if (wakeup && !sock_flag(sk, SOCK_DEAD))
 122                 sk->sk_state_change(sk);
 123 }
 124 
 125 /*
 126  * This function is a universal ack processor.
 127  */
 128 static int dn_process_ack(struct sock *sk, struct sk_buff *skb, int oth)
 129 {
 130         __le16 *ptr = (__le16 *)skb->data;
 131         int len = 0;
 132         unsigned short ack;
 133 
 134         if (skb->len < 2)
 135                 return len;
 136 
 137         if ((ack = le16_to_cpu(*ptr)) & 0x8000) {
 138                 skb_pull(skb, 2);
 139                 ptr++;
 140                 len += 2;
 141                 if ((ack & 0x4000) == 0) {
 142                         if (oth)
 143                                 ack ^= 0x2000;
 144                         dn_ack(sk, skb, ack);
 145                 }
 146         }
 147 
 148         if (skb->len < 2)
 149                 return len;
 150 
 151         if ((ack = le16_to_cpu(*ptr)) & 0x8000) {
 152                 skb_pull(skb, 2);
 153                 len += 2;
 154                 if ((ack & 0x4000) == 0) {
 155                         if (oth)
 156                                 ack ^= 0x2000;
 157                         dn_ack(sk, skb, ack);
 158                 }
 159         }
 160 
 161         return len;
 162 }
 163 
 164 
 165 /**
 166  * dn_check_idf - Check an image data field format is correct.
 167  * @pptr: Pointer to pointer to image data
 168  * @len: Pointer to length of image data
 169  * @max: The maximum allowed length of the data in the image data field
 170  * @follow_on: Check that this many bytes exist beyond the end of the image data
 171  *
 172  * Returns: 0 if ok, -1 on error
 173  */
 174 static inline int dn_check_idf(unsigned char **pptr, int *len, unsigned char max, unsigned char follow_on)
 175 {
 176         unsigned char *ptr = *pptr;
 177         unsigned char flen = *ptr++;
 178 
 179         (*len)--;
 180         if (flen > max)
 181                 return -1;
 182         if ((flen + follow_on) > *len)
 183                 return -1;
 184 
 185         *len -= flen;
 186         *pptr = ptr + flen;
 187         return 0;
 188 }
 189 
 190 /*
 191  * Table of reason codes to pass back to node which sent us a badly
 192  * formed message, plus text messages for the log. A zero entry in
 193  * the reason field means "don't reply" otherwise a disc init is sent with
 194  * the specified reason code.
 195  */
 196 static struct {
 197         unsigned short reason;
 198         const char *text;
 199 } ci_err_table[] = {
 200  { 0,             "CI: Truncated message" },
 201  { NSP_REASON_ID, "CI: Destination username error" },
 202  { NSP_REASON_ID, "CI: Destination username type" },
 203  { NSP_REASON_US, "CI: Source username error" },
 204  { 0,             "CI: Truncated at menuver" },
 205  { 0,             "CI: Truncated before access or user data" },
 206  { NSP_REASON_IO, "CI: Access data format error" },
 207  { NSP_REASON_IO, "CI: User data format error" }
 208 };
 209 
 210 /*
 211  * This function uses a slightly different lookup method
 212  * to find its sockets, since it searches on object name/number
 213  * rather than port numbers. Various tests are done to ensure that
 214  * the incoming data is in the correct format before it is queued to
 215  * a socket.
 216  */
 217 static struct sock *dn_find_listener(struct sk_buff *skb, unsigned short *reason)
 218 {
 219         struct dn_skb_cb *cb = DN_SKB_CB(skb);
 220         struct nsp_conn_init_msg *msg = (struct nsp_conn_init_msg *)skb->data;
 221         struct sockaddr_dn dstaddr;
 222         struct sockaddr_dn srcaddr;
 223         unsigned char type = 0;
 224         int dstlen;
 225         int srclen;
 226         unsigned char *ptr;
 227         int len;
 228         int err = 0;
 229         unsigned char menuver;
 230 
 231         memset(&dstaddr, 0, sizeof(struct sockaddr_dn));
 232         memset(&srcaddr, 0, sizeof(struct sockaddr_dn));
 233 
 234         /*
 235          * 1. Decode & remove message header
 236          */
 237         cb->src_port = msg->srcaddr;
 238         cb->dst_port = msg->dstaddr;
 239         cb->services = msg->services;
 240         cb->info     = msg->info;
 241         cb->segsize  = le16_to_cpu(msg->segsize);
 242 
 243         if (!pskb_may_pull(skb, sizeof(*msg)))
 244                 goto err_out;
 245 
 246         skb_pull(skb, sizeof(*msg));
 247 
 248         len = skb->len;
 249         ptr = skb->data;
 250 
 251         /*
 252          * 2. Check destination end username format
 253          */
 254         dstlen = dn_username2sockaddr(ptr, len, &dstaddr, &type);
 255         err++;
 256         if (dstlen < 0)
 257                 goto err_out;
 258 
 259         err++;
 260         if (type > 1)
 261                 goto err_out;
 262 
 263         len -= dstlen;
 264         ptr += dstlen;
 265 
 266         /*
 267          * 3. Check source end username format
 268          */
 269         srclen = dn_username2sockaddr(ptr, len, &srcaddr, &type);
 270         err++;
 271         if (srclen < 0)
 272                 goto err_out;
 273 
 274         len -= srclen;
 275         ptr += srclen;
 276         err++;
 277         if (len < 1)
 278                 goto err_out;
 279 
 280         menuver = *ptr;
 281         ptr++;
 282         len--;
 283 
 284         /*
 285          * 4. Check that optional data actually exists if menuver says it does
 286          */
 287         err++;
 288         if ((menuver & (DN_MENUVER_ACC | DN_MENUVER_USR)) && (len < 1))
 289                 goto err_out;
 290 
 291         /*
 292          * 5. Check optional access data format
 293          */
 294         err++;
 295         if (menuver & DN_MENUVER_ACC) {
 296                 if (dn_check_idf(&ptr, &len, 39, 1))
 297                         goto err_out;
 298                 if (dn_check_idf(&ptr, &len, 39, 1))
 299                         goto err_out;
 300                 if (dn_check_idf(&ptr, &len, 39, (menuver & DN_MENUVER_USR) ? 1 : 0))
 301                         goto err_out;
 302         }
 303 
 304         /*
 305          * 6. Check optional user data format
 306          */
 307         err++;
 308         if (menuver & DN_MENUVER_USR) {
 309                 if (dn_check_idf(&ptr, &len, 16, 0))
 310                         goto err_out;
 311         }
 312 
 313         /*
 314          * 7. Look up socket based on destination end username
 315          */
 316         return dn_sklist_find_listener(&dstaddr);
 317 err_out:
 318         dn_log_martian(skb, ci_err_table[err].text);
 319         *reason = ci_err_table[err].reason;
 320         return NULL;
 321 }
 322 
 323 
 324 static void dn_nsp_conn_init(struct sock *sk, struct sk_buff *skb)
 325 {
 326         if (sk_acceptq_is_full(sk)) {
 327                 kfree_skb(skb);
 328                 return;
 329         }
 330 
 331         sk->sk_ack_backlog++;
 332         skb_queue_tail(&sk->sk_receive_queue, skb);
 333         sk->sk_state_change(sk);
 334 }
 335 
 336 static void dn_nsp_conn_conf(struct sock *sk, struct sk_buff *skb)
 337 {
 338         struct dn_skb_cb *cb = DN_SKB_CB(skb);
 339         struct dn_scp *scp = DN_SK(sk);
 340         unsigned char *ptr;
 341 
 342         if (skb->len < 4)
 343                 goto out;
 344 
 345         ptr = skb->data;
 346         cb->services = *ptr++;
 347         cb->info = *ptr++;
 348         cb->segsize = le16_to_cpu(*(__le16 *)ptr);
 349 
 350         if ((scp->state == DN_CI) || (scp->state == DN_CD)) {
 351                 scp->persist = 0;
 352                 scp->addrrem = cb->src_port;
 353                 sk->sk_state = TCP_ESTABLISHED;
 354                 scp->state = DN_RUN;
 355                 scp->services_rem = cb->services;
 356                 scp->info_rem = cb->info;
 357                 scp->segsize_rem = cb->segsize;
 358 
 359                 if ((scp->services_rem & NSP_FC_MASK) == NSP_FC_NONE)
 360                         scp->max_window = decnet_no_fc_max_cwnd;
 361 
 362                 if (skb->len > 0) {
 363                         u16 dlen = *skb->data;
 364                         if ((dlen <= 16) && (dlen <= skb->len)) {
 365                                 scp->conndata_in.opt_optl = cpu_to_le16(dlen);
 366                                 skb_copy_from_linear_data_offset(skb, 1,
 367                                               scp->conndata_in.opt_data, dlen);
 368                         }
 369                 }
 370                 dn_nsp_send_link(sk, DN_NOCHANGE, 0);
 371                 if (!sock_flag(sk, SOCK_DEAD))
 372                         sk->sk_state_change(sk);
 373         }
 374 
 375 out:
 376         kfree_skb(skb);
 377 }
 378 
 379 static void dn_nsp_conn_ack(struct sock *sk, struct sk_buff *skb)
 380 {
 381         struct dn_scp *scp = DN_SK(sk);
 382 
 383         if (scp->state == DN_CI) {
 384                 scp->state = DN_CD;
 385                 scp->persist = 0;
 386         }
 387 
 388         kfree_skb(skb);
 389 }
 390 
 391 static void dn_nsp_disc_init(struct sock *sk, struct sk_buff *skb)
 392 {
 393         struct dn_scp *scp = DN_SK(sk);
 394         struct dn_skb_cb *cb = DN_SKB_CB(skb);
 395         unsigned short reason;
 396 
 397         if (skb->len < 2)
 398                 goto out;
 399 
 400         reason = le16_to_cpu(*(__le16 *)skb->data);
 401         skb_pull(skb, 2);
 402 
 403         scp->discdata_in.opt_status = cpu_to_le16(reason);
 404         scp->discdata_in.opt_optl   = 0;
 405         memset(scp->discdata_in.opt_data, 0, 16);
 406 
 407         if (skb->len > 0) {
 408                 u16 dlen = *skb->data;
 409                 if ((dlen <= 16) && (dlen <= skb->len)) {
 410                         scp->discdata_in.opt_optl = cpu_to_le16(dlen);
 411                         skb_copy_from_linear_data_offset(skb, 1, scp->discdata_in.opt_data, dlen);
 412                 }
 413         }
 414 
 415         scp->addrrem = cb->src_port;
 416         sk->sk_state = TCP_CLOSE;
 417 
 418         switch (scp->state) {
 419         case DN_CI:
 420         case DN_CD:
 421                 scp->state = DN_RJ;
 422                 sk->sk_err = ECONNREFUSED;
 423                 break;
 424         case DN_RUN:
 425                 sk->sk_shutdown |= SHUTDOWN_MASK;
 426                 scp->state = DN_DN;
 427                 break;
 428         case DN_DI:
 429                 scp->state = DN_DIC;
 430                 break;
 431         }
 432 
 433         if (!sock_flag(sk, SOCK_DEAD)) {
 434                 if (sk->sk_socket->state != SS_UNCONNECTED)
 435                         sk->sk_socket->state = SS_DISCONNECTING;
 436                 sk->sk_state_change(sk);
 437         }
 438 
 439         /*
 440          * It appears that its possible for remote machines to send disc
 441          * init messages with no port identifier if we are in the CI and
 442          * possibly also the CD state. Obviously we shouldn't reply with
 443          * a message if we don't know what the end point is.
 444          */
 445         if (scp->addrrem) {
 446                 dn_nsp_send_disc(sk, NSP_DISCCONF, NSP_REASON_DC, GFP_ATOMIC);
 447         }
 448         scp->persist_fxn = dn_destroy_timer;
 449         scp->persist = dn_nsp_persist(sk);
 450 
 451 out:
 452         kfree_skb(skb);
 453 }
 454 
 455 /*
 456  * disc_conf messages are also called no_resources or no_link
 457  * messages depending upon the "reason" field.
 458  */
 459 static void dn_nsp_disc_conf(struct sock *sk, struct sk_buff *skb)
 460 {
 461         struct dn_scp *scp = DN_SK(sk);
 462         unsigned short reason;
 463 
 464         if (skb->len != 2)
 465                 goto out;
 466 
 467         reason = le16_to_cpu(*(__le16 *)skb->data);
 468 
 469         sk->sk_state = TCP_CLOSE;
 470 
 471         switch (scp->state) {
 472         case DN_CI:
 473                 scp->state = DN_NR;
 474                 break;
 475         case DN_DR:
 476                 if (reason == NSP_REASON_DC)
 477                         scp->state = DN_DRC;
 478                 if (reason == NSP_REASON_NL)
 479                         scp->state = DN_CN;
 480                 break;
 481         case DN_DI:
 482                 scp->state = DN_DIC;
 483                 break;
 484         case DN_RUN:
 485                 sk->sk_shutdown |= SHUTDOWN_MASK;
 486                 /* fall through */
 487         case DN_CC:
 488                 scp->state = DN_CN;
 489         }
 490 
 491         if (!sock_flag(sk, SOCK_DEAD)) {
 492                 if (sk->sk_socket->state != SS_UNCONNECTED)
 493                         sk->sk_socket->state = SS_DISCONNECTING;
 494                 sk->sk_state_change(sk);
 495         }
 496 
 497         scp->persist_fxn = dn_destroy_timer;
 498         scp->persist = dn_nsp_persist(sk);
 499 
 500 out:
 501         kfree_skb(skb);
 502 }
 503 
 504 static void dn_nsp_linkservice(struct sock *sk, struct sk_buff *skb)
 505 {
 506         struct dn_scp *scp = DN_SK(sk);
 507         unsigned short segnum;
 508         unsigned char lsflags;
 509         signed char fcval;
 510         int wake_up = 0;
 511         char *ptr = skb->data;
 512         unsigned char fctype = scp->services_rem & NSP_FC_MASK;
 513 
 514         if (skb->len != 4)
 515                 goto out;
 516 
 517         segnum = le16_to_cpu(*(__le16 *)ptr);
 518         ptr += 2;
 519         lsflags = *(unsigned char *)ptr++;
 520         fcval = *ptr;
 521 
 522         /*
 523          * Here we ignore erronous packets which should really
 524          * should cause a connection abort. It is not critical
 525          * for now though.
 526          */
 527         if (lsflags & 0xf8)
 528                 goto out;
 529 
 530         if (seq_next(scp->numoth_rcv, segnum)) {
 531                 seq_add(&scp->numoth_rcv, 1);
 532                 switch(lsflags & 0x04) { /* FCVAL INT */
 533                 case 0x00: /* Normal Request */
 534                         switch(lsflags & 0x03) { /* FCVAL MOD */
 535                         case 0x00: /* Request count */
 536                                 if (fcval < 0) {
 537                                         unsigned char p_fcval = -fcval;
 538                                         if ((scp->flowrem_dat > p_fcval) &&
 539                                             (fctype == NSP_FC_SCMC)) {
 540                                                 scp->flowrem_dat -= p_fcval;
 541                                         }
 542                                 } else if (fcval > 0) {
 543                                         scp->flowrem_dat += fcval;
 544                                         wake_up = 1;
 545                                 }
 546                                 break;
 547                         case 0x01: /* Stop outgoing data */
 548                                 scp->flowrem_sw = DN_DONTSEND;
 549                                 break;
 550                         case 0x02: /* Ok to start again */
 551                                 scp->flowrem_sw = DN_SEND;
 552                                 dn_nsp_output(sk);
 553                                 wake_up = 1;
 554                         }
 555                         break;
 556                 case 0x04: /* Interrupt Request */
 557                         if (fcval > 0) {
 558                                 scp->flowrem_oth += fcval;
 559                                 wake_up = 1;
 560                         }
 561                         break;
 562                 }
 563                 if (wake_up && !sock_flag(sk, SOCK_DEAD))
 564                         sk->sk_state_change(sk);
 565         }
 566 
 567         dn_nsp_send_oth_ack(sk);
 568 
 569 out:
 570         kfree_skb(skb);
 571 }
 572 
 573 /*
 574  * Copy of sock_queue_rcv_skb (from sock.h) without
 575  * bh_lock_sock() (its already held when this is called) which
 576  * also allows data and other data to be queued to a socket.
 577  */
 578 static __inline__ int dn_queue_skb(struct sock *sk, struct sk_buff *skb, int sig, struct sk_buff_head *queue)
 579 {
 580         int err;
 581 
 582         /* Cast skb->rcvbuf to unsigned... It's pointless, but reduces
 583            number of warnings when compiling with -W --ANK
 584          */
 585         if (atomic_read(&sk->sk_rmem_alloc) + skb->truesize >=
 586             (unsigned int)sk->sk_rcvbuf) {
 587                 err = -ENOMEM;
 588                 goto out;
 589         }
 590 
 591         err = sk_filter(sk, skb);
 592         if (err)
 593                 goto out;
 594 
 595         skb_set_owner_r(skb, sk);
 596         skb_queue_tail(queue, skb);
 597 
 598         if (!sock_flag(sk, SOCK_DEAD))
 599                 sk->sk_data_ready(sk);
 600 out:
 601         return err;
 602 }
 603 
 604 static void dn_nsp_otherdata(struct sock *sk, struct sk_buff *skb)
 605 {
 606         struct dn_scp *scp = DN_SK(sk);
 607         unsigned short segnum;
 608         struct dn_skb_cb *cb = DN_SKB_CB(skb);
 609         int queued = 0;
 610 
 611         if (skb->len < 2)
 612                 goto out;
 613 
 614         cb->segnum = segnum = le16_to_cpu(*(__le16 *)skb->data);
 615         skb_pull(skb, 2);
 616 
 617         if (seq_next(scp->numoth_rcv, segnum)) {
 618 
 619                 if (dn_queue_skb(sk, skb, SIGURG, &scp->other_receive_queue) == 0) {
 620                         seq_add(&scp->numoth_rcv, 1);
 621                         scp->other_report = 0;
 622                         queued = 1;
 623                 }
 624         }
 625 
 626         dn_nsp_send_oth_ack(sk);
 627 out:
 628         if (!queued)
 629                 kfree_skb(skb);
 630 }
 631 
 632 static void dn_nsp_data(struct sock *sk, struct sk_buff *skb)
 633 {
 634         int queued = 0;
 635         unsigned short segnum;
 636         struct dn_skb_cb *cb = DN_SKB_CB(skb);
 637         struct dn_scp *scp = DN_SK(sk);
 638 
 639         if (skb->len < 2)
 640                 goto out;
 641 
 642         cb->segnum = segnum = le16_to_cpu(*(__le16 *)skb->data);
 643         skb_pull(skb, 2);
 644 
 645         if (seq_next(scp->numdat_rcv, segnum)) {
 646                 if (dn_queue_skb(sk, skb, SIGIO, &sk->sk_receive_queue) == 0) {
 647                         seq_add(&scp->numdat_rcv, 1);
 648                         queued = 1;
 649                 }
 650 
 651                 if ((scp->flowloc_sw == DN_SEND) && dn_congested(sk)) {
 652                         scp->flowloc_sw = DN_DONTSEND;
 653                         dn_nsp_send_link(sk, DN_DONTSEND, 0);
 654                 }
 655         }
 656 
 657         dn_nsp_send_data_ack(sk);
 658 out:
 659         if (!queued)
 660                 kfree_skb(skb);
 661 }
 662 
 663 /*
 664  * If one of our conninit messages is returned, this function
 665  * deals with it. It puts the socket into the NO_COMMUNICATION
 666  * state.
 667  */
 668 static void dn_returned_conn_init(struct sock *sk, struct sk_buff *skb)
 669 {
 670         struct dn_scp *scp = DN_SK(sk);
 671 
 672         if (scp->state == DN_CI) {
 673                 scp->state = DN_NC;
 674                 sk->sk_state = TCP_CLOSE;
 675                 if (!sock_flag(sk, SOCK_DEAD))
 676                         sk->sk_state_change(sk);
 677         }
 678 
 679         kfree_skb(skb);
 680 }
 681 
 682 static int dn_nsp_no_socket(struct sk_buff *skb, unsigned short reason)
 683 {
 684         struct dn_skb_cb *cb = DN_SKB_CB(skb);
 685         int ret = NET_RX_DROP;
 686 
 687         /* Must not reply to returned packets */
 688         if (cb->rt_flags & DN_RT_F_RTS)
 689                 goto out;
 690 
 691         if ((reason != NSP_REASON_OK) && ((cb->nsp_flags & 0x0c) == 0x08)) {
 692                 switch (cb->nsp_flags & 0x70) {
 693                 case 0x10:
 694                 case 0x60: /* (Retransmitted) Connect Init */
 695                         dn_nsp_return_disc(skb, NSP_DISCINIT, reason);
 696                         ret = NET_RX_SUCCESS;
 697                         break;
 698                 case 0x20: /* Connect Confirm */
 699                         dn_nsp_return_disc(skb, NSP_DISCCONF, reason);
 700                         ret = NET_RX_SUCCESS;
 701                         break;
 702                 }
 703         }
 704 
 705 out:
 706         kfree_skb(skb);
 707         return ret;
 708 }
 709 
 710 static int dn_nsp_rx_packet(struct net *net, struct sock *sk2,
 711                             struct sk_buff *skb)
 712 {
 713         struct dn_skb_cb *cb = DN_SKB_CB(skb);
 714         struct sock *sk = NULL;
 715         unsigned char *ptr = (unsigned char *)skb->data;
 716         unsigned short reason = NSP_REASON_NL;
 717 
 718         if (!pskb_may_pull(skb, 2))
 719                 goto free_out;
 720 
 721         skb_reset_transport_header(skb);
 722         cb->nsp_flags = *ptr++;
 723 
 724         if (decnet_debug_level & 2)
 725                 printk(KERN_DEBUG "dn_nsp_rx: Message type 0x%02x\n", (int)cb->nsp_flags);
 726 
 727         if (cb->nsp_flags & 0x83)
 728                 goto free_out;
 729 
 730         /*
 731          * Filter out conninits and useless packet types
 732          */
 733         if ((cb->nsp_flags & 0x0c) == 0x08) {
 734                 switch (cb->nsp_flags & 0x70) {
 735                 case 0x00: /* NOP */
 736                 case 0x70: /* Reserved */
 737                 case 0x50: /* Reserved, Phase II node init */
 738                         goto free_out;
 739                 case 0x10:
 740                 case 0x60:
 741                         if (unlikely(cb->rt_flags & DN_RT_F_RTS))
 742                                 goto free_out;
 743                         sk = dn_find_listener(skb, &reason);
 744                         goto got_it;
 745                 }
 746         }
 747 
 748         if (!pskb_may_pull(skb, 3))
 749                 goto free_out;
 750 
 751         /*
 752          * Grab the destination address.
 753          */
 754         cb->dst_port = *(__le16 *)ptr;
 755         cb->src_port = 0;
 756         ptr += 2;
 757 
 758         /*
 759          * If not a connack, grab the source address too.
 760          */
 761         if (pskb_may_pull(skb, 5)) {
 762                 cb->src_port = *(__le16 *)ptr;
 763                 ptr += 2;
 764                 skb_pull(skb, 5);
 765         }
 766 
 767         /*
 768          * Returned packets...
 769          * Swap src & dst and look up in the normal way.
 770          */
 771         if (unlikely(cb->rt_flags & DN_RT_F_RTS)) {
 772                 swap(cb->dst_port, cb->src_port);
 773                 swap(cb->dst, cb->src);
 774         }
 775 
 776         /*
 777          * Find the socket to which this skb is destined.
 778          */
 779         sk = dn_find_by_skb(skb);
 780 got_it:
 781         if (sk != NULL) {
 782                 struct dn_scp *scp = DN_SK(sk);
 783 
 784                 /* Reset backoff */
 785                 scp->nsp_rxtshift = 0;
 786 
 787                 /*
 788                  * We linearize everything except data segments here.
 789                  */
 790                 if (cb->nsp_flags & ~0x60) {
 791                         if (unlikely(skb_linearize(skb)))
 792                                 goto free_out;
 793                 }
 794 
 795                 return sk_receive_skb(sk, skb, 0);
 796         }
 797 
 798         return dn_nsp_no_socket(skb, reason);
 799 
 800 free_out:
 801         kfree_skb(skb);
 802         return NET_RX_DROP;
 803 }
 804 
 805 int dn_nsp_rx(struct sk_buff *skb)
 806 {
 807         return NF_HOOK(NFPROTO_DECNET, NF_DN_LOCAL_IN,
 808                        &init_net, NULL, skb, skb->dev, NULL,
 809                        dn_nsp_rx_packet);
 810 }
 811 
 812 /*
 813  * This is the main receive routine for sockets. It is called
 814  * from the above when the socket is not busy, and also from
 815  * sock_release() when there is a backlog queued up.
 816  */
 817 int dn_nsp_backlog_rcv(struct sock *sk, struct sk_buff *skb)
 818 {
 819         struct dn_scp *scp = DN_SK(sk);
 820         struct dn_skb_cb *cb = DN_SKB_CB(skb);
 821 
 822         if (cb->rt_flags & DN_RT_F_RTS) {
 823                 if (cb->nsp_flags == 0x18 || cb->nsp_flags == 0x68)
 824                         dn_returned_conn_init(sk, skb);
 825                 else
 826                         kfree_skb(skb);
 827                 return NET_RX_SUCCESS;
 828         }
 829 
 830         /*
 831          * Control packet.
 832          */
 833         if ((cb->nsp_flags & 0x0c) == 0x08) {
 834                 switch (cb->nsp_flags & 0x70) {
 835                 case 0x10:
 836                 case 0x60:
 837                         dn_nsp_conn_init(sk, skb);
 838                         break;
 839                 case 0x20:
 840                         dn_nsp_conn_conf(sk, skb);
 841                         break;
 842                 case 0x30:
 843                         dn_nsp_disc_init(sk, skb);
 844                         break;
 845                 case 0x40:
 846                         dn_nsp_disc_conf(sk, skb);
 847                         break;
 848                 }
 849 
 850         } else if (cb->nsp_flags == 0x24) {
 851                 /*
 852                  * Special for connacks, 'cos they don't have
 853                  * ack data or ack otherdata info.
 854                  */
 855                 dn_nsp_conn_ack(sk, skb);
 856         } else {
 857                 int other = 1;
 858 
 859                 /* both data and ack frames can kick a CC socket into RUN */
 860                 if ((scp->state == DN_CC) && !sock_flag(sk, SOCK_DEAD)) {
 861                         scp->state = DN_RUN;
 862                         sk->sk_state = TCP_ESTABLISHED;
 863                         sk->sk_state_change(sk);
 864                 }
 865 
 866                 if ((cb->nsp_flags & 0x1c) == 0)
 867                         other = 0;
 868                 if (cb->nsp_flags == 0x04)
 869                         other = 0;
 870 
 871                 /*
 872                  * Read out ack data here, this applies equally
 873                  * to data, other data, link serivce and both
 874                  * ack data and ack otherdata.
 875                  */
 876                 dn_process_ack(sk, skb, other);
 877 
 878                 /*
 879                  * If we've some sort of data here then call a
 880                  * suitable routine for dealing with it, otherwise
 881                  * the packet is an ack and can be discarded.
 882                  */
 883                 if ((cb->nsp_flags & 0x0c) == 0) {
 884 
 885                         if (scp->state != DN_RUN)
 886                                 goto free_out;
 887 
 888                         switch (cb->nsp_flags) {
 889                         case 0x10: /* LS */
 890                                 dn_nsp_linkservice(sk, skb);
 891                                 break;
 892                         case 0x30: /* OD */
 893                                 dn_nsp_otherdata(sk, skb);
 894                                 break;
 895                         default:
 896                                 dn_nsp_data(sk, skb);
 897                         }
 898 
 899                 } else { /* Ack, chuck it out here */
 900 free_out:
 901                         kfree_skb(skb);
 902                 }
 903         }
 904 
 905         return NET_RX_SUCCESS;
 906 }
/* [<][>][^][v][top][bottom][index][help] */