1*4882a593Smuzhiyun // SPDX-License-Identifier: GPL-2.0-or-later
2*4882a593Smuzhiyun /*
3*4882a593Smuzhiyun * X.25 Packet Layer release 002
4*4882a593Smuzhiyun *
5*4882a593Smuzhiyun * This is ALPHA test software. This code may break your machine,
6*4882a593Smuzhiyun * randomly fail to work with new releases, misbehave and/or generally
7*4882a593Smuzhiyun * screw up. It might even work.
8*4882a593Smuzhiyun *
9*4882a593Smuzhiyun * This code REQUIRES 2.1.15 or higher
10*4882a593Smuzhiyun *
11*4882a593Smuzhiyun * History
12*4882a593Smuzhiyun * X.25 001 Split from x25_subr.c
13*4882a593Smuzhiyun * mar/20/00 Daniela Squassoni Disabling/enabling of facilities
14*4882a593Smuzhiyun * negotiation.
15*4882a593Smuzhiyun * apr/14/05 Shaun Pereira - Allow fast select with no restriction
16*4882a593Smuzhiyun * on response.
17*4882a593Smuzhiyun */
18*4882a593Smuzhiyun
19*4882a593Smuzhiyun #define pr_fmt(fmt) "X25: " fmt
20*4882a593Smuzhiyun
21*4882a593Smuzhiyun #include <linux/kernel.h>
22*4882a593Smuzhiyun #include <linux/string.h>
23*4882a593Smuzhiyun #include <linux/skbuff.h>
24*4882a593Smuzhiyun #include <net/sock.h>
25*4882a593Smuzhiyun #include <net/x25.h>
26*4882a593Smuzhiyun
27*4882a593Smuzhiyun /**
28*4882a593Smuzhiyun * x25_parse_facilities - Parse facilities from skb into the facilities structs
29*4882a593Smuzhiyun *
30*4882a593Smuzhiyun * @skb: sk_buff to parse
31*4882a593Smuzhiyun * @facilities: Regular facilities, updated as facilities are found
32*4882a593Smuzhiyun * @dte_facs: ITU DTE facilities, updated as DTE facilities are found
33*4882a593Smuzhiyun * @vc_fac_mask: mask is updated with all facilities found
34*4882a593Smuzhiyun *
35*4882a593Smuzhiyun * Return codes:
36*4882a593Smuzhiyun * -1 - Parsing error, caller should drop call and clean up
37*4882a593Smuzhiyun * 0 - Parse OK, this skb has no facilities
38*4882a593Smuzhiyun * >0 - Parse OK, returns the length of the facilities header
39*4882a593Smuzhiyun *
40*4882a593Smuzhiyun */
x25_parse_facilities(struct sk_buff * skb,struct x25_facilities * facilities,struct x25_dte_facilities * dte_facs,unsigned long * vc_fac_mask)41*4882a593Smuzhiyun int x25_parse_facilities(struct sk_buff *skb, struct x25_facilities *facilities,
42*4882a593Smuzhiyun struct x25_dte_facilities *dte_facs, unsigned long *vc_fac_mask)
43*4882a593Smuzhiyun {
44*4882a593Smuzhiyun unsigned char *p;
45*4882a593Smuzhiyun unsigned int len;
46*4882a593Smuzhiyun
47*4882a593Smuzhiyun *vc_fac_mask = 0;
48*4882a593Smuzhiyun
49*4882a593Smuzhiyun /*
50*4882a593Smuzhiyun * The kernel knows which facilities were set on an incoming call but
51*4882a593Smuzhiyun * currently this information is not available to userspace. Here we
52*4882a593Smuzhiyun * give userspace who read incoming call facilities 0 length to indicate
53*4882a593Smuzhiyun * it wasn't set.
54*4882a593Smuzhiyun */
55*4882a593Smuzhiyun dte_facs->calling_len = 0;
56*4882a593Smuzhiyun dte_facs->called_len = 0;
57*4882a593Smuzhiyun memset(dte_facs->called_ae, '\0', sizeof(dte_facs->called_ae));
58*4882a593Smuzhiyun memset(dte_facs->calling_ae, '\0', sizeof(dte_facs->calling_ae));
59*4882a593Smuzhiyun
60*4882a593Smuzhiyun if (!pskb_may_pull(skb, 1))
61*4882a593Smuzhiyun return 0;
62*4882a593Smuzhiyun
63*4882a593Smuzhiyun len = skb->data[0];
64*4882a593Smuzhiyun
65*4882a593Smuzhiyun if (!pskb_may_pull(skb, 1 + len))
66*4882a593Smuzhiyun return -1;
67*4882a593Smuzhiyun
68*4882a593Smuzhiyun p = skb->data + 1;
69*4882a593Smuzhiyun
70*4882a593Smuzhiyun while (len > 0) {
71*4882a593Smuzhiyun switch (*p & X25_FAC_CLASS_MASK) {
72*4882a593Smuzhiyun case X25_FAC_CLASS_A:
73*4882a593Smuzhiyun if (len < 2)
74*4882a593Smuzhiyun return -1;
75*4882a593Smuzhiyun switch (*p) {
76*4882a593Smuzhiyun case X25_FAC_REVERSE:
77*4882a593Smuzhiyun if((p[1] & 0x81) == 0x81) {
78*4882a593Smuzhiyun facilities->reverse = p[1] & 0x81;
79*4882a593Smuzhiyun *vc_fac_mask |= X25_MASK_REVERSE;
80*4882a593Smuzhiyun break;
81*4882a593Smuzhiyun }
82*4882a593Smuzhiyun
83*4882a593Smuzhiyun if((p[1] & 0x01) == 0x01) {
84*4882a593Smuzhiyun facilities->reverse = p[1] & 0x01;
85*4882a593Smuzhiyun *vc_fac_mask |= X25_MASK_REVERSE;
86*4882a593Smuzhiyun break;
87*4882a593Smuzhiyun }
88*4882a593Smuzhiyun
89*4882a593Smuzhiyun if((p[1] & 0x80) == 0x80) {
90*4882a593Smuzhiyun facilities->reverse = p[1] & 0x80;
91*4882a593Smuzhiyun *vc_fac_mask |= X25_MASK_REVERSE;
92*4882a593Smuzhiyun break;
93*4882a593Smuzhiyun }
94*4882a593Smuzhiyun
95*4882a593Smuzhiyun if(p[1] == 0x00) {
96*4882a593Smuzhiyun facilities->reverse
97*4882a593Smuzhiyun = X25_DEFAULT_REVERSE;
98*4882a593Smuzhiyun *vc_fac_mask |= X25_MASK_REVERSE;
99*4882a593Smuzhiyun break;
100*4882a593Smuzhiyun }
101*4882a593Smuzhiyun fallthrough;
102*4882a593Smuzhiyun case X25_FAC_THROUGHPUT:
103*4882a593Smuzhiyun facilities->throughput = p[1];
104*4882a593Smuzhiyun *vc_fac_mask |= X25_MASK_THROUGHPUT;
105*4882a593Smuzhiyun break;
106*4882a593Smuzhiyun case X25_MARKER:
107*4882a593Smuzhiyun break;
108*4882a593Smuzhiyun default:
109*4882a593Smuzhiyun pr_debug("unknown facility "
110*4882a593Smuzhiyun "%02X, value %02X\n",
111*4882a593Smuzhiyun p[0], p[1]);
112*4882a593Smuzhiyun break;
113*4882a593Smuzhiyun }
114*4882a593Smuzhiyun p += 2;
115*4882a593Smuzhiyun len -= 2;
116*4882a593Smuzhiyun break;
117*4882a593Smuzhiyun case X25_FAC_CLASS_B:
118*4882a593Smuzhiyun if (len < 3)
119*4882a593Smuzhiyun return -1;
120*4882a593Smuzhiyun switch (*p) {
121*4882a593Smuzhiyun case X25_FAC_PACKET_SIZE:
122*4882a593Smuzhiyun facilities->pacsize_in = p[1];
123*4882a593Smuzhiyun facilities->pacsize_out = p[2];
124*4882a593Smuzhiyun *vc_fac_mask |= X25_MASK_PACKET_SIZE;
125*4882a593Smuzhiyun break;
126*4882a593Smuzhiyun case X25_FAC_WINDOW_SIZE:
127*4882a593Smuzhiyun facilities->winsize_in = p[1];
128*4882a593Smuzhiyun facilities->winsize_out = p[2];
129*4882a593Smuzhiyun *vc_fac_mask |= X25_MASK_WINDOW_SIZE;
130*4882a593Smuzhiyun break;
131*4882a593Smuzhiyun default:
132*4882a593Smuzhiyun pr_debug("unknown facility "
133*4882a593Smuzhiyun "%02X, values %02X, %02X\n",
134*4882a593Smuzhiyun p[0], p[1], p[2]);
135*4882a593Smuzhiyun break;
136*4882a593Smuzhiyun }
137*4882a593Smuzhiyun p += 3;
138*4882a593Smuzhiyun len -= 3;
139*4882a593Smuzhiyun break;
140*4882a593Smuzhiyun case X25_FAC_CLASS_C:
141*4882a593Smuzhiyun if (len < 4)
142*4882a593Smuzhiyun return -1;
143*4882a593Smuzhiyun pr_debug("unknown facility %02X, "
144*4882a593Smuzhiyun "values %02X, %02X, %02X\n",
145*4882a593Smuzhiyun p[0], p[1], p[2], p[3]);
146*4882a593Smuzhiyun p += 4;
147*4882a593Smuzhiyun len -= 4;
148*4882a593Smuzhiyun break;
149*4882a593Smuzhiyun case X25_FAC_CLASS_D:
150*4882a593Smuzhiyun if (len < p[1] + 2)
151*4882a593Smuzhiyun return -1;
152*4882a593Smuzhiyun switch (*p) {
153*4882a593Smuzhiyun case X25_FAC_CALLING_AE:
154*4882a593Smuzhiyun if (p[1] > X25_MAX_DTE_FACIL_LEN || p[1] <= 1)
155*4882a593Smuzhiyun return -1;
156*4882a593Smuzhiyun if (p[2] > X25_MAX_AE_LEN)
157*4882a593Smuzhiyun return -1;
158*4882a593Smuzhiyun dte_facs->calling_len = p[2];
159*4882a593Smuzhiyun memcpy(dte_facs->calling_ae, &p[3], p[1] - 1);
160*4882a593Smuzhiyun *vc_fac_mask |= X25_MASK_CALLING_AE;
161*4882a593Smuzhiyun break;
162*4882a593Smuzhiyun case X25_FAC_CALLED_AE:
163*4882a593Smuzhiyun if (p[1] > X25_MAX_DTE_FACIL_LEN || p[1] <= 1)
164*4882a593Smuzhiyun return -1;
165*4882a593Smuzhiyun if (p[2] > X25_MAX_AE_LEN)
166*4882a593Smuzhiyun return -1;
167*4882a593Smuzhiyun dte_facs->called_len = p[2];
168*4882a593Smuzhiyun memcpy(dte_facs->called_ae, &p[3], p[1] - 1);
169*4882a593Smuzhiyun *vc_fac_mask |= X25_MASK_CALLED_AE;
170*4882a593Smuzhiyun break;
171*4882a593Smuzhiyun default:
172*4882a593Smuzhiyun pr_debug("unknown facility %02X,"
173*4882a593Smuzhiyun "length %d\n", p[0], p[1]);
174*4882a593Smuzhiyun break;
175*4882a593Smuzhiyun }
176*4882a593Smuzhiyun len -= p[1] + 2;
177*4882a593Smuzhiyun p += p[1] + 2;
178*4882a593Smuzhiyun break;
179*4882a593Smuzhiyun }
180*4882a593Smuzhiyun }
181*4882a593Smuzhiyun
182*4882a593Smuzhiyun return p - skb->data;
183*4882a593Smuzhiyun }
184*4882a593Smuzhiyun
185*4882a593Smuzhiyun /*
186*4882a593Smuzhiyun * Create a set of facilities.
187*4882a593Smuzhiyun */
x25_create_facilities(unsigned char * buffer,struct x25_facilities * facilities,struct x25_dte_facilities * dte_facs,unsigned long facil_mask)188*4882a593Smuzhiyun int x25_create_facilities(unsigned char *buffer,
189*4882a593Smuzhiyun struct x25_facilities *facilities,
190*4882a593Smuzhiyun struct x25_dte_facilities *dte_facs, unsigned long facil_mask)
191*4882a593Smuzhiyun {
192*4882a593Smuzhiyun unsigned char *p = buffer + 1;
193*4882a593Smuzhiyun int len;
194*4882a593Smuzhiyun
195*4882a593Smuzhiyun if (!facil_mask) {
196*4882a593Smuzhiyun /*
197*4882a593Smuzhiyun * Length of the facilities field in call_req or
198*4882a593Smuzhiyun * call_accept packets
199*4882a593Smuzhiyun */
200*4882a593Smuzhiyun buffer[0] = 0;
201*4882a593Smuzhiyun len = 1; /* 1 byte for the length field */
202*4882a593Smuzhiyun return len;
203*4882a593Smuzhiyun }
204*4882a593Smuzhiyun
205*4882a593Smuzhiyun if (facilities->reverse && (facil_mask & X25_MASK_REVERSE)) {
206*4882a593Smuzhiyun *p++ = X25_FAC_REVERSE;
207*4882a593Smuzhiyun *p++ = facilities->reverse;
208*4882a593Smuzhiyun }
209*4882a593Smuzhiyun
210*4882a593Smuzhiyun if (facilities->throughput && (facil_mask & X25_MASK_THROUGHPUT)) {
211*4882a593Smuzhiyun *p++ = X25_FAC_THROUGHPUT;
212*4882a593Smuzhiyun *p++ = facilities->throughput;
213*4882a593Smuzhiyun }
214*4882a593Smuzhiyun
215*4882a593Smuzhiyun if ((facilities->pacsize_in || facilities->pacsize_out) &&
216*4882a593Smuzhiyun (facil_mask & X25_MASK_PACKET_SIZE)) {
217*4882a593Smuzhiyun *p++ = X25_FAC_PACKET_SIZE;
218*4882a593Smuzhiyun *p++ = facilities->pacsize_in ? : facilities->pacsize_out;
219*4882a593Smuzhiyun *p++ = facilities->pacsize_out ? : facilities->pacsize_in;
220*4882a593Smuzhiyun }
221*4882a593Smuzhiyun
222*4882a593Smuzhiyun if ((facilities->winsize_in || facilities->winsize_out) &&
223*4882a593Smuzhiyun (facil_mask & X25_MASK_WINDOW_SIZE)) {
224*4882a593Smuzhiyun *p++ = X25_FAC_WINDOW_SIZE;
225*4882a593Smuzhiyun *p++ = facilities->winsize_in ? : facilities->winsize_out;
226*4882a593Smuzhiyun *p++ = facilities->winsize_out ? : facilities->winsize_in;
227*4882a593Smuzhiyun }
228*4882a593Smuzhiyun
229*4882a593Smuzhiyun if (facil_mask & (X25_MASK_CALLING_AE|X25_MASK_CALLED_AE)) {
230*4882a593Smuzhiyun *p++ = X25_MARKER;
231*4882a593Smuzhiyun *p++ = X25_DTE_SERVICES;
232*4882a593Smuzhiyun }
233*4882a593Smuzhiyun
234*4882a593Smuzhiyun if (dte_facs->calling_len && (facil_mask & X25_MASK_CALLING_AE)) {
235*4882a593Smuzhiyun unsigned int bytecount = (dte_facs->calling_len + 1) >> 1;
236*4882a593Smuzhiyun *p++ = X25_FAC_CALLING_AE;
237*4882a593Smuzhiyun *p++ = 1 + bytecount;
238*4882a593Smuzhiyun *p++ = dte_facs->calling_len;
239*4882a593Smuzhiyun memcpy(p, dte_facs->calling_ae, bytecount);
240*4882a593Smuzhiyun p += bytecount;
241*4882a593Smuzhiyun }
242*4882a593Smuzhiyun
243*4882a593Smuzhiyun if (dte_facs->called_len && (facil_mask & X25_MASK_CALLED_AE)) {
244*4882a593Smuzhiyun unsigned int bytecount = (dte_facs->called_len % 2) ?
245*4882a593Smuzhiyun dte_facs->called_len / 2 + 1 :
246*4882a593Smuzhiyun dte_facs->called_len / 2;
247*4882a593Smuzhiyun *p++ = X25_FAC_CALLED_AE;
248*4882a593Smuzhiyun *p++ = 1 + bytecount;
249*4882a593Smuzhiyun *p++ = dte_facs->called_len;
250*4882a593Smuzhiyun memcpy(p, dte_facs->called_ae, bytecount);
251*4882a593Smuzhiyun p+=bytecount;
252*4882a593Smuzhiyun }
253*4882a593Smuzhiyun
254*4882a593Smuzhiyun len = p - buffer;
255*4882a593Smuzhiyun buffer[0] = len - 1;
256*4882a593Smuzhiyun
257*4882a593Smuzhiyun return len;
258*4882a593Smuzhiyun }
259*4882a593Smuzhiyun
260*4882a593Smuzhiyun /*
261*4882a593Smuzhiyun * Try to reach a compromise on a set of facilities.
262*4882a593Smuzhiyun *
263*4882a593Smuzhiyun * The only real problem is with reverse charging.
264*4882a593Smuzhiyun */
x25_negotiate_facilities(struct sk_buff * skb,struct sock * sk,struct x25_facilities * new,struct x25_dte_facilities * dte)265*4882a593Smuzhiyun int x25_negotiate_facilities(struct sk_buff *skb, struct sock *sk,
266*4882a593Smuzhiyun struct x25_facilities *new, struct x25_dte_facilities *dte)
267*4882a593Smuzhiyun {
268*4882a593Smuzhiyun struct x25_sock *x25 = x25_sk(sk);
269*4882a593Smuzhiyun struct x25_facilities *ours = &x25->facilities;
270*4882a593Smuzhiyun struct x25_facilities theirs;
271*4882a593Smuzhiyun int len;
272*4882a593Smuzhiyun
273*4882a593Smuzhiyun memset(&theirs, 0, sizeof(theirs));
274*4882a593Smuzhiyun memcpy(new, ours, sizeof(*new));
275*4882a593Smuzhiyun memset(dte, 0, sizeof(*dte));
276*4882a593Smuzhiyun
277*4882a593Smuzhiyun len = x25_parse_facilities(skb, &theirs, dte, &x25->vc_facil_mask);
278*4882a593Smuzhiyun if (len < 0)
279*4882a593Smuzhiyun return len;
280*4882a593Smuzhiyun
281*4882a593Smuzhiyun /*
282*4882a593Smuzhiyun * They want reverse charging, we won't accept it.
283*4882a593Smuzhiyun */
284*4882a593Smuzhiyun if ((theirs.reverse & 0x01 ) && (ours->reverse & 0x01)) {
285*4882a593Smuzhiyun SOCK_DEBUG(sk, "X.25: rejecting reverse charging request\n");
286*4882a593Smuzhiyun return -1;
287*4882a593Smuzhiyun }
288*4882a593Smuzhiyun
289*4882a593Smuzhiyun new->reverse = theirs.reverse;
290*4882a593Smuzhiyun
291*4882a593Smuzhiyun if (theirs.throughput) {
292*4882a593Smuzhiyun int theirs_in = theirs.throughput & 0x0f;
293*4882a593Smuzhiyun int theirs_out = theirs.throughput & 0xf0;
294*4882a593Smuzhiyun int ours_in = ours->throughput & 0x0f;
295*4882a593Smuzhiyun int ours_out = ours->throughput & 0xf0;
296*4882a593Smuzhiyun if (!ours_in || theirs_in < ours_in) {
297*4882a593Smuzhiyun SOCK_DEBUG(sk, "X.25: inbound throughput negotiated\n");
298*4882a593Smuzhiyun new->throughput = (new->throughput & 0xf0) | theirs_in;
299*4882a593Smuzhiyun }
300*4882a593Smuzhiyun if (!ours_out || theirs_out < ours_out) {
301*4882a593Smuzhiyun SOCK_DEBUG(sk,
302*4882a593Smuzhiyun "X.25: outbound throughput negotiated\n");
303*4882a593Smuzhiyun new->throughput = (new->throughput & 0x0f) | theirs_out;
304*4882a593Smuzhiyun }
305*4882a593Smuzhiyun }
306*4882a593Smuzhiyun
307*4882a593Smuzhiyun if (theirs.pacsize_in && theirs.pacsize_out) {
308*4882a593Smuzhiyun if (theirs.pacsize_in < ours->pacsize_in) {
309*4882a593Smuzhiyun SOCK_DEBUG(sk, "X.25: packet size inwards negotiated down\n");
310*4882a593Smuzhiyun new->pacsize_in = theirs.pacsize_in;
311*4882a593Smuzhiyun }
312*4882a593Smuzhiyun if (theirs.pacsize_out < ours->pacsize_out) {
313*4882a593Smuzhiyun SOCK_DEBUG(sk, "X.25: packet size outwards negotiated down\n");
314*4882a593Smuzhiyun new->pacsize_out = theirs.pacsize_out;
315*4882a593Smuzhiyun }
316*4882a593Smuzhiyun }
317*4882a593Smuzhiyun
318*4882a593Smuzhiyun if (theirs.winsize_in && theirs.winsize_out) {
319*4882a593Smuzhiyun if (theirs.winsize_in < ours->winsize_in) {
320*4882a593Smuzhiyun SOCK_DEBUG(sk, "X.25: window size inwards negotiated down\n");
321*4882a593Smuzhiyun new->winsize_in = theirs.winsize_in;
322*4882a593Smuzhiyun }
323*4882a593Smuzhiyun if (theirs.winsize_out < ours->winsize_out) {
324*4882a593Smuzhiyun SOCK_DEBUG(sk, "X.25: window size outwards negotiated down\n");
325*4882a593Smuzhiyun new->winsize_out = theirs.winsize_out;
326*4882a593Smuzhiyun }
327*4882a593Smuzhiyun }
328*4882a593Smuzhiyun
329*4882a593Smuzhiyun return len;
330*4882a593Smuzhiyun }
331*4882a593Smuzhiyun
332*4882a593Smuzhiyun /*
333*4882a593Smuzhiyun * Limit values of certain facilities according to the capability of the
334*4882a593Smuzhiyun * currently attached x25 link.
335*4882a593Smuzhiyun */
x25_limit_facilities(struct x25_facilities * facilities,struct x25_neigh * nb)336*4882a593Smuzhiyun void x25_limit_facilities(struct x25_facilities *facilities,
337*4882a593Smuzhiyun struct x25_neigh *nb)
338*4882a593Smuzhiyun {
339*4882a593Smuzhiyun
340*4882a593Smuzhiyun if (!nb->extended) {
341*4882a593Smuzhiyun if (facilities->winsize_in > 7) {
342*4882a593Smuzhiyun pr_debug("incoming winsize limited to 7\n");
343*4882a593Smuzhiyun facilities->winsize_in = 7;
344*4882a593Smuzhiyun }
345*4882a593Smuzhiyun if (facilities->winsize_out > 7) {
346*4882a593Smuzhiyun facilities->winsize_out = 7;
347*4882a593Smuzhiyun pr_debug("outgoing winsize limited to 7\n");
348*4882a593Smuzhiyun }
349*4882a593Smuzhiyun }
350*4882a593Smuzhiyun }
351