1*4882a593Smuzhiyun // SPDX-License-Identifier: GPL-2.0-or-later
2*4882a593Smuzhiyun /*
3*4882a593Smuzhiyun *
4*4882a593Smuzhiyun * Copyright (C) Alan Cox GW4PTS (alan@lxorguk.ukuu.org.uk)
5*4882a593Smuzhiyun * Copyright (C) Jonathan Naylor G4KLX (g4klx@g4klx.demon.co.uk)
6*4882a593Smuzhiyun * Copyright (C) Joerg Reuter DL1BKE (jreuter@yaina.de)
7*4882a593Smuzhiyun * Copyright (C) Frederic Rible F1OAT (frible@teaser.fr)
8*4882a593Smuzhiyun */
9*4882a593Smuzhiyun #include <linux/errno.h>
10*4882a593Smuzhiyun #include <linux/types.h>
11*4882a593Smuzhiyun #include <linux/socket.h>
12*4882a593Smuzhiyun #include <linux/in.h>
13*4882a593Smuzhiyun #include <linux/kernel.h>
14*4882a593Smuzhiyun #include <linux/timer.h>
15*4882a593Smuzhiyun #include <linux/string.h>
16*4882a593Smuzhiyun #include <linux/sockios.h>
17*4882a593Smuzhiyun #include <linux/net.h>
18*4882a593Smuzhiyun #include <linux/slab.h>
19*4882a593Smuzhiyun #include <net/ax25.h>
20*4882a593Smuzhiyun #include <linux/inet.h>
21*4882a593Smuzhiyun #include <linux/netdevice.h>
22*4882a593Smuzhiyun #include <linux/skbuff.h>
23*4882a593Smuzhiyun #include <net/sock.h>
24*4882a593Smuzhiyun #include <net/tcp_states.h>
25*4882a593Smuzhiyun #include <linux/uaccess.h>
26*4882a593Smuzhiyun #include <linux/fcntl.h>
27*4882a593Smuzhiyun #include <linux/mm.h>
28*4882a593Smuzhiyun #include <linux/interrupt.h>
29*4882a593Smuzhiyun
30*4882a593Smuzhiyun /*
31*4882a593Smuzhiyun * This routine purges all the queues of frames.
32*4882a593Smuzhiyun */
ax25_clear_queues(ax25_cb * ax25)33*4882a593Smuzhiyun void ax25_clear_queues(ax25_cb *ax25)
34*4882a593Smuzhiyun {
35*4882a593Smuzhiyun skb_queue_purge(&ax25->write_queue);
36*4882a593Smuzhiyun skb_queue_purge(&ax25->ack_queue);
37*4882a593Smuzhiyun skb_queue_purge(&ax25->reseq_queue);
38*4882a593Smuzhiyun skb_queue_purge(&ax25->frag_queue);
39*4882a593Smuzhiyun }
40*4882a593Smuzhiyun
41*4882a593Smuzhiyun /*
42*4882a593Smuzhiyun * This routine purges the input queue of those frames that have been
43*4882a593Smuzhiyun * acknowledged. This replaces the boxes labelled "V(a) <- N(r)" on the
44*4882a593Smuzhiyun * SDL diagram.
45*4882a593Smuzhiyun */
ax25_frames_acked(ax25_cb * ax25,unsigned short nr)46*4882a593Smuzhiyun void ax25_frames_acked(ax25_cb *ax25, unsigned short nr)
47*4882a593Smuzhiyun {
48*4882a593Smuzhiyun struct sk_buff *skb;
49*4882a593Smuzhiyun
50*4882a593Smuzhiyun /*
51*4882a593Smuzhiyun * Remove all the ack-ed frames from the ack queue.
52*4882a593Smuzhiyun */
53*4882a593Smuzhiyun if (ax25->va != nr) {
54*4882a593Smuzhiyun while (skb_peek(&ax25->ack_queue) != NULL && ax25->va != nr) {
55*4882a593Smuzhiyun skb = skb_dequeue(&ax25->ack_queue);
56*4882a593Smuzhiyun kfree_skb(skb);
57*4882a593Smuzhiyun ax25->va = (ax25->va + 1) % ax25->modulus;
58*4882a593Smuzhiyun }
59*4882a593Smuzhiyun }
60*4882a593Smuzhiyun }
61*4882a593Smuzhiyun
ax25_requeue_frames(ax25_cb * ax25)62*4882a593Smuzhiyun void ax25_requeue_frames(ax25_cb *ax25)
63*4882a593Smuzhiyun {
64*4882a593Smuzhiyun struct sk_buff *skb;
65*4882a593Smuzhiyun
66*4882a593Smuzhiyun /*
67*4882a593Smuzhiyun * Requeue all the un-ack-ed frames on the output queue to be picked
68*4882a593Smuzhiyun * up by ax25_kick called from the timer. This arrangement handles the
69*4882a593Smuzhiyun * possibility of an empty output queue.
70*4882a593Smuzhiyun */
71*4882a593Smuzhiyun while ((skb = skb_dequeue_tail(&ax25->ack_queue)) != NULL)
72*4882a593Smuzhiyun skb_queue_head(&ax25->write_queue, skb);
73*4882a593Smuzhiyun }
74*4882a593Smuzhiyun
75*4882a593Smuzhiyun /*
76*4882a593Smuzhiyun * Validate that the value of nr is between va and vs. Return true or
77*4882a593Smuzhiyun * false for testing.
78*4882a593Smuzhiyun */
ax25_validate_nr(ax25_cb * ax25,unsigned short nr)79*4882a593Smuzhiyun int ax25_validate_nr(ax25_cb *ax25, unsigned short nr)
80*4882a593Smuzhiyun {
81*4882a593Smuzhiyun unsigned short vc = ax25->va;
82*4882a593Smuzhiyun
83*4882a593Smuzhiyun while (vc != ax25->vs) {
84*4882a593Smuzhiyun if (nr == vc) return 1;
85*4882a593Smuzhiyun vc = (vc + 1) % ax25->modulus;
86*4882a593Smuzhiyun }
87*4882a593Smuzhiyun
88*4882a593Smuzhiyun if (nr == ax25->vs) return 1;
89*4882a593Smuzhiyun
90*4882a593Smuzhiyun return 0;
91*4882a593Smuzhiyun }
92*4882a593Smuzhiyun
93*4882a593Smuzhiyun /*
94*4882a593Smuzhiyun * This routine is the centralised routine for parsing the control
95*4882a593Smuzhiyun * information for the different frame formats.
96*4882a593Smuzhiyun */
ax25_decode(ax25_cb * ax25,struct sk_buff * skb,int * ns,int * nr,int * pf)97*4882a593Smuzhiyun int ax25_decode(ax25_cb *ax25, struct sk_buff *skb, int *ns, int *nr, int *pf)
98*4882a593Smuzhiyun {
99*4882a593Smuzhiyun unsigned char *frame;
100*4882a593Smuzhiyun int frametype = AX25_ILLEGAL;
101*4882a593Smuzhiyun
102*4882a593Smuzhiyun frame = skb->data;
103*4882a593Smuzhiyun *ns = *nr = *pf = 0;
104*4882a593Smuzhiyun
105*4882a593Smuzhiyun if (ax25->modulus == AX25_MODULUS) {
106*4882a593Smuzhiyun if ((frame[0] & AX25_S) == 0) {
107*4882a593Smuzhiyun frametype = AX25_I; /* I frame - carries NR/NS/PF */
108*4882a593Smuzhiyun *ns = (frame[0] >> 1) & 0x07;
109*4882a593Smuzhiyun *nr = (frame[0] >> 5) & 0x07;
110*4882a593Smuzhiyun *pf = frame[0] & AX25_PF;
111*4882a593Smuzhiyun } else if ((frame[0] & AX25_U) == 1) { /* S frame - take out PF/NR */
112*4882a593Smuzhiyun frametype = frame[0] & 0x0F;
113*4882a593Smuzhiyun *nr = (frame[0] >> 5) & 0x07;
114*4882a593Smuzhiyun *pf = frame[0] & AX25_PF;
115*4882a593Smuzhiyun } else if ((frame[0] & AX25_U) == 3) { /* U frame - take out PF */
116*4882a593Smuzhiyun frametype = frame[0] & ~AX25_PF;
117*4882a593Smuzhiyun *pf = frame[0] & AX25_PF;
118*4882a593Smuzhiyun }
119*4882a593Smuzhiyun skb_pull(skb, 1);
120*4882a593Smuzhiyun } else {
121*4882a593Smuzhiyun if ((frame[0] & AX25_S) == 0) {
122*4882a593Smuzhiyun frametype = AX25_I; /* I frame - carries NR/NS/PF */
123*4882a593Smuzhiyun *ns = (frame[0] >> 1) & 0x7F;
124*4882a593Smuzhiyun *nr = (frame[1] >> 1) & 0x7F;
125*4882a593Smuzhiyun *pf = frame[1] & AX25_EPF;
126*4882a593Smuzhiyun skb_pull(skb, 2);
127*4882a593Smuzhiyun } else if ((frame[0] & AX25_U) == 1) { /* S frame - take out PF/NR */
128*4882a593Smuzhiyun frametype = frame[0] & 0x0F;
129*4882a593Smuzhiyun *nr = (frame[1] >> 1) & 0x7F;
130*4882a593Smuzhiyun *pf = frame[1] & AX25_EPF;
131*4882a593Smuzhiyun skb_pull(skb, 2);
132*4882a593Smuzhiyun } else if ((frame[0] & AX25_U) == 3) { /* U frame - take out PF */
133*4882a593Smuzhiyun frametype = frame[0] & ~AX25_PF;
134*4882a593Smuzhiyun *pf = frame[0] & AX25_PF;
135*4882a593Smuzhiyun skb_pull(skb, 1);
136*4882a593Smuzhiyun }
137*4882a593Smuzhiyun }
138*4882a593Smuzhiyun
139*4882a593Smuzhiyun return frametype;
140*4882a593Smuzhiyun }
141*4882a593Smuzhiyun
142*4882a593Smuzhiyun /*
143*4882a593Smuzhiyun * This routine is called when the HDLC layer internally generates a
144*4882a593Smuzhiyun * command or response for the remote machine ( eg. RR, UA etc. ).
145*4882a593Smuzhiyun * Only supervisory or unnumbered frames are processed.
146*4882a593Smuzhiyun */
ax25_send_control(ax25_cb * ax25,int frametype,int poll_bit,int type)147*4882a593Smuzhiyun void ax25_send_control(ax25_cb *ax25, int frametype, int poll_bit, int type)
148*4882a593Smuzhiyun {
149*4882a593Smuzhiyun struct sk_buff *skb;
150*4882a593Smuzhiyun unsigned char *dptr;
151*4882a593Smuzhiyun
152*4882a593Smuzhiyun if ((skb = alloc_skb(ax25->ax25_dev->dev->hard_header_len + 2, GFP_ATOMIC)) == NULL)
153*4882a593Smuzhiyun return;
154*4882a593Smuzhiyun
155*4882a593Smuzhiyun skb_reserve(skb, ax25->ax25_dev->dev->hard_header_len);
156*4882a593Smuzhiyun
157*4882a593Smuzhiyun skb_reset_network_header(skb);
158*4882a593Smuzhiyun
159*4882a593Smuzhiyun /* Assume a response - address structure for DTE */
160*4882a593Smuzhiyun if (ax25->modulus == AX25_MODULUS) {
161*4882a593Smuzhiyun dptr = skb_put(skb, 1);
162*4882a593Smuzhiyun *dptr = frametype;
163*4882a593Smuzhiyun *dptr |= (poll_bit) ? AX25_PF : 0;
164*4882a593Smuzhiyun if ((frametype & AX25_U) == AX25_S) /* S frames carry NR */
165*4882a593Smuzhiyun *dptr |= (ax25->vr << 5);
166*4882a593Smuzhiyun } else {
167*4882a593Smuzhiyun if ((frametype & AX25_U) == AX25_U) {
168*4882a593Smuzhiyun dptr = skb_put(skb, 1);
169*4882a593Smuzhiyun *dptr = frametype;
170*4882a593Smuzhiyun *dptr |= (poll_bit) ? AX25_PF : 0;
171*4882a593Smuzhiyun } else {
172*4882a593Smuzhiyun dptr = skb_put(skb, 2);
173*4882a593Smuzhiyun dptr[0] = frametype;
174*4882a593Smuzhiyun dptr[1] = (ax25->vr << 1);
175*4882a593Smuzhiyun dptr[1] |= (poll_bit) ? AX25_EPF : 0;
176*4882a593Smuzhiyun }
177*4882a593Smuzhiyun }
178*4882a593Smuzhiyun
179*4882a593Smuzhiyun ax25_transmit_buffer(ax25, skb, type);
180*4882a593Smuzhiyun }
181*4882a593Smuzhiyun
182*4882a593Smuzhiyun /*
183*4882a593Smuzhiyun * Send a 'DM' to an unknown connection attempt, or an invalid caller.
184*4882a593Smuzhiyun *
185*4882a593Smuzhiyun * Note: src here is the sender, thus it's the target of the DM
186*4882a593Smuzhiyun */
ax25_return_dm(struct net_device * dev,ax25_address * src,ax25_address * dest,ax25_digi * digi)187*4882a593Smuzhiyun void ax25_return_dm(struct net_device *dev, ax25_address *src, ax25_address *dest, ax25_digi *digi)
188*4882a593Smuzhiyun {
189*4882a593Smuzhiyun struct sk_buff *skb;
190*4882a593Smuzhiyun char *dptr;
191*4882a593Smuzhiyun ax25_digi retdigi;
192*4882a593Smuzhiyun
193*4882a593Smuzhiyun if (dev == NULL)
194*4882a593Smuzhiyun return;
195*4882a593Smuzhiyun
196*4882a593Smuzhiyun if ((skb = alloc_skb(dev->hard_header_len + 1, GFP_ATOMIC)) == NULL)
197*4882a593Smuzhiyun return; /* Next SABM will get DM'd */
198*4882a593Smuzhiyun
199*4882a593Smuzhiyun skb_reserve(skb, dev->hard_header_len);
200*4882a593Smuzhiyun skb_reset_network_header(skb);
201*4882a593Smuzhiyun
202*4882a593Smuzhiyun ax25_digi_invert(digi, &retdigi);
203*4882a593Smuzhiyun
204*4882a593Smuzhiyun dptr = skb_put(skb, 1);
205*4882a593Smuzhiyun
206*4882a593Smuzhiyun *dptr = AX25_DM | AX25_PF;
207*4882a593Smuzhiyun
208*4882a593Smuzhiyun /*
209*4882a593Smuzhiyun * Do the address ourselves
210*4882a593Smuzhiyun */
211*4882a593Smuzhiyun dptr = skb_push(skb, ax25_addr_size(digi));
212*4882a593Smuzhiyun dptr += ax25_addr_build(dptr, dest, src, &retdigi, AX25_RESPONSE, AX25_MODULUS);
213*4882a593Smuzhiyun
214*4882a593Smuzhiyun ax25_queue_xmit(skb, dev);
215*4882a593Smuzhiyun }
216*4882a593Smuzhiyun
217*4882a593Smuzhiyun /*
218*4882a593Smuzhiyun * Exponential backoff for AX.25
219*4882a593Smuzhiyun */
ax25_calculate_t1(ax25_cb * ax25)220*4882a593Smuzhiyun void ax25_calculate_t1(ax25_cb *ax25)
221*4882a593Smuzhiyun {
222*4882a593Smuzhiyun int n, t = 2;
223*4882a593Smuzhiyun
224*4882a593Smuzhiyun switch (ax25->backoff) {
225*4882a593Smuzhiyun case 0:
226*4882a593Smuzhiyun break;
227*4882a593Smuzhiyun
228*4882a593Smuzhiyun case 1:
229*4882a593Smuzhiyun t += 2 * ax25->n2count;
230*4882a593Smuzhiyun break;
231*4882a593Smuzhiyun
232*4882a593Smuzhiyun case 2:
233*4882a593Smuzhiyun for (n = 0; n < ax25->n2count; n++)
234*4882a593Smuzhiyun t *= 2;
235*4882a593Smuzhiyun if (t > 8) t = 8;
236*4882a593Smuzhiyun break;
237*4882a593Smuzhiyun }
238*4882a593Smuzhiyun
239*4882a593Smuzhiyun ax25->t1 = t * ax25->rtt;
240*4882a593Smuzhiyun }
241*4882a593Smuzhiyun
242*4882a593Smuzhiyun /*
243*4882a593Smuzhiyun * Calculate the Round Trip Time
244*4882a593Smuzhiyun */
ax25_calculate_rtt(ax25_cb * ax25)245*4882a593Smuzhiyun void ax25_calculate_rtt(ax25_cb *ax25)
246*4882a593Smuzhiyun {
247*4882a593Smuzhiyun if (ax25->backoff == 0)
248*4882a593Smuzhiyun return;
249*4882a593Smuzhiyun
250*4882a593Smuzhiyun if (ax25_t1timer_running(ax25) && ax25->n2count == 0)
251*4882a593Smuzhiyun ax25->rtt = (9 * ax25->rtt + ax25->t1 - ax25_display_timer(&ax25->t1timer)) / 10;
252*4882a593Smuzhiyun
253*4882a593Smuzhiyun if (ax25->rtt < AX25_T1CLAMPLO)
254*4882a593Smuzhiyun ax25->rtt = AX25_T1CLAMPLO;
255*4882a593Smuzhiyun
256*4882a593Smuzhiyun if (ax25->rtt > AX25_T1CLAMPHI)
257*4882a593Smuzhiyun ax25->rtt = AX25_T1CLAMPHI;
258*4882a593Smuzhiyun }
259*4882a593Smuzhiyun
ax25_disconnect(ax25_cb * ax25,int reason)260*4882a593Smuzhiyun void ax25_disconnect(ax25_cb *ax25, int reason)
261*4882a593Smuzhiyun {
262*4882a593Smuzhiyun ax25_clear_queues(ax25);
263*4882a593Smuzhiyun
264*4882a593Smuzhiyun if (reason == ENETUNREACH) {
265*4882a593Smuzhiyun del_timer_sync(&ax25->timer);
266*4882a593Smuzhiyun del_timer_sync(&ax25->t1timer);
267*4882a593Smuzhiyun del_timer_sync(&ax25->t2timer);
268*4882a593Smuzhiyun del_timer_sync(&ax25->t3timer);
269*4882a593Smuzhiyun del_timer_sync(&ax25->idletimer);
270*4882a593Smuzhiyun } else {
271*4882a593Smuzhiyun if (!ax25->sk || !sock_flag(ax25->sk, SOCK_DESTROY))
272*4882a593Smuzhiyun ax25_stop_heartbeat(ax25);
273*4882a593Smuzhiyun ax25_stop_t1timer(ax25);
274*4882a593Smuzhiyun ax25_stop_t2timer(ax25);
275*4882a593Smuzhiyun ax25_stop_t3timer(ax25);
276*4882a593Smuzhiyun ax25_stop_idletimer(ax25);
277*4882a593Smuzhiyun }
278*4882a593Smuzhiyun
279*4882a593Smuzhiyun ax25->state = AX25_STATE_0;
280*4882a593Smuzhiyun
281*4882a593Smuzhiyun ax25_link_failed(ax25, reason);
282*4882a593Smuzhiyun
283*4882a593Smuzhiyun if (ax25->sk != NULL) {
284*4882a593Smuzhiyun local_bh_disable();
285*4882a593Smuzhiyun bh_lock_sock(ax25->sk);
286*4882a593Smuzhiyun ax25->sk->sk_state = TCP_CLOSE;
287*4882a593Smuzhiyun ax25->sk->sk_err = reason;
288*4882a593Smuzhiyun ax25->sk->sk_shutdown |= SEND_SHUTDOWN;
289*4882a593Smuzhiyun if (!sock_flag(ax25->sk, SOCK_DEAD)) {
290*4882a593Smuzhiyun ax25->sk->sk_state_change(ax25->sk);
291*4882a593Smuzhiyun sock_set_flag(ax25->sk, SOCK_DEAD);
292*4882a593Smuzhiyun }
293*4882a593Smuzhiyun bh_unlock_sock(ax25->sk);
294*4882a593Smuzhiyun local_bh_enable();
295*4882a593Smuzhiyun }
296*4882a593Smuzhiyun }
297