Gitiles
Code Review Sign In
192.168.1.100 / R306 / e9c802e48ec32db8da81b4ddcaec2fee0090fbe0 / . / ap / os / linux / linux-3.4.x / net / ax25 / af_ax25.c
blob: 68e180f286f4f9244212f20dbfc71f98d879c704 [file] [log] [blame]
yuezonghe824eb0c2024-06-27 02:32:26 -0700[diff] [blame]1/*
2 * This program is free software; you can redistribute it and/or modify
3 * it under the terms of the GNU General Public License as published by
4 * the Free Software Foundation; either version 2 of the License, or
5 * (at your option) any later version.
6 *
7 * Copyright (C) Alan Cox GW4PTS (alan@lxorguk.ukuu.org.uk)
8 * Copyright (C) Jonathan Naylor G4KLX (g4klx@g4klx.demon.co.uk)
9 * Copyright (C) Darryl Miles G7LED (dlm@g7led.demon.co.uk)
10 * Copyright (C) Steven Whitehouse GW7RRM (stevew@acm.org)
11 * Copyright (C) Joerg Reuter DL1BKE (jreuter@yaina.de)
12 * Copyright (C) Hans-Joachim Hetscher DD8NE (dd8ne@bnv-bamberg.de)
13 * Copyright (C) Hans Alblas PE1AYX (hans@esrac.ele.tue.nl)
14 * Copyright (C) Frederic Rible F1OAT (frible@teaser.fr)
15 */
16#include <linux/capability.h>
17#include <linux/module.h>
18#include <linux/errno.h>
19#include <linux/types.h>
20#include <linux/socket.h>
21#include <linux/in.h>
22#include <linux/kernel.h>
23#include <linux/sched.h>
24#include <linux/timer.h>
25#include <linux/string.h>
26#include <linux/sockios.h>
27#include <linux/net.h>
28#include <linux/slab.h>
29#include <net/ax25.h>
30#include <linux/inet.h>
31#include <linux/netdevice.h>
32#include <linux/if_arp.h>
33#include <linux/skbuff.h>
34#include <net/sock.h>
35#include <asm/uaccess.h>
36#include <linux/fcntl.h>
37#include <linux/termios.h> /* For TIOCINQ/OUTQ */
38#include <linux/mm.h>
39#include <linux/interrupt.h>
40#include <linux/notifier.h>
41#include <linux/proc_fs.h>
42#include <linux/stat.h>
43#include <linux/netfilter.h>
44#include <linux/sysctl.h>
45#include <linux/init.h>
46#include <linux/spinlock.h>
47#include <net/net_namespace.h>
48#include <net/tcp_states.h>
49#include <net/ip.h>
50#include <net/arp.h>
51
52
53
54HLIST_HEAD(ax25_list);
55DEFINE_SPINLOCK(ax25_list_lock);
56
57static const struct proto_ops ax25_proto_ops;
58
59static void ax25_free_sock(struct sock *sk)
60{
61 ax25_cb_put(ax25_sk(sk));
62}
63
64/*
65 * Socket removal during an interrupt is now safe.
66 */
67static void ax25_cb_del(ax25_cb *ax25)
68{
69 if (!hlist_unhashed(&ax25->ax25_node)) {
70 spin_lock_bh(&ax25_list_lock);
71 hlist_del_init(&ax25->ax25_node);
72 spin_unlock_bh(&ax25_list_lock);
73 ax25_cb_put(ax25);
74 }
75}
76
77/*
78 * Kill all bound sockets on a dropped device.
79 */
80static void ax25_kill_by_device(struct net_device *dev)
81{
82 ax25_dev *ax25_dev;
83 ax25_cb *s;
84 struct hlist_node *node;
85
86 if ((ax25_dev = ax25_dev_ax25dev(dev)) == NULL)
87 return;
88
89 spin_lock_bh(&ax25_list_lock);
90again:
91 ax25_for_each(s, node, &ax25_list) {
92 if (s->ax25_dev == ax25_dev) {
93 s->ax25_dev = NULL;
94 spin_unlock_bh(&ax25_list_lock);
95 ax25_disconnect(s, ENETUNREACH);
96 spin_lock_bh(&ax25_list_lock);
97
98 /* The entry could have been deleted from the
99 * list meanwhile and thus the next pointer is
100 * no longer valid. Play it safe and restart
101 * the scan. Forward progress is ensured
102 * because we set s->ax25_dev to NULL and we
103 * are never passed a NULL 'dev' argument.
104 */
105 goto again;
106 }
107 }
108 spin_unlock_bh(&ax25_list_lock);
109}
110
111/*
112 * Handle device status changes.
113 */
114static int ax25_device_event(struct notifier_block *this, unsigned long event,
115 void *ptr)
116{
117 struct net_device *dev = (struct net_device *)ptr;
118
119 if (!net_eq(dev_net(dev), &init_net))
120 return NOTIFY_DONE;
121
122 /* Reject non AX.25 devices */
123 if (dev->type != ARPHRD_AX25)
124 return NOTIFY_DONE;
125
126 switch (event) {
127 case NETDEV_UP:
128 ax25_dev_device_up(dev);
129 break;
130 case NETDEV_DOWN:
131 ax25_kill_by_device(dev);
132 ax25_rt_device_down(dev);
133 ax25_dev_device_down(dev);
134 break;
135 default:
136 break;
137 }
138
139 return NOTIFY_DONE;
140}
141
142/*
143 * Add a socket to the bound sockets list.
144 */
145void ax25_cb_add(ax25_cb *ax25)
146{
147 spin_lock_bh(&ax25_list_lock);
148 ax25_cb_hold(ax25);
149 hlist_add_head(&ax25->ax25_node, &ax25_list);
150 spin_unlock_bh(&ax25_list_lock);
151}
152
153/*
154 * Find a socket that wants to accept the SABM we have just
155 * received.
156 */
157struct sock *ax25_find_listener(ax25_address *addr, int digi,
158 struct net_device *dev, int type)
159{
160 ax25_cb *s;
161 struct hlist_node *node;
162
163 spin_lock(&ax25_list_lock);
164 ax25_for_each(s, node, &ax25_list) {
165 if ((s->iamdigi && !digi) || (!s->iamdigi && digi))
166 continue;
167 if (s->sk && !ax25cmp(&s->source_addr, addr) &&
168 s->sk->sk_type == type && s->sk->sk_state == TCP_LISTEN) {
169 /* If device is null we match any device */
170 if (s->ax25_dev == NULL || s->ax25_dev->dev == dev) {
171 sock_hold(s->sk);
172 spin_unlock(&ax25_list_lock);
173 return s->sk;
174 }
175 }
176 }
177 spin_unlock(&ax25_list_lock);
178
179 return NULL;
180}
181
182/*
183 * Find an AX.25 socket given both ends.
184 */
185struct sock *ax25_get_socket(ax25_address *my_addr, ax25_address *dest_addr,
186 int type)
187{
188 struct sock *sk = NULL;
189 ax25_cb *s;
190 struct hlist_node *node;
191
192 spin_lock(&ax25_list_lock);
193 ax25_for_each(s, node, &ax25_list) {
194 if (s->sk && !ax25cmp(&s->source_addr, my_addr) &&
195 !ax25cmp(&s->dest_addr, dest_addr) &&
196 s->sk->sk_type == type) {
197 sk = s->sk;
198 sock_hold(sk);
199 break;
200 }
201 }
202
203 spin_unlock(&ax25_list_lock);
204
205 return sk;
206}
207
208/*
209 * Find an AX.25 control block given both ends. It will only pick up
210 * floating AX.25 control blocks or non Raw socket bound control blocks.
211 */
212ax25_cb *ax25_find_cb(ax25_address *src_addr, ax25_address *dest_addr,
213 ax25_digi *digi, struct net_device *dev)
214{
215 ax25_cb *s;
216 struct hlist_node *node;
217
218 spin_lock_bh(&ax25_list_lock);
219 ax25_for_each(s, node, &ax25_list) {
220 if (s->sk && s->sk->sk_type != SOCK_SEQPACKET)
221 continue;
222 if (s->ax25_dev == NULL)
223 continue;
224 if (ax25cmp(&s->source_addr, src_addr) == 0 && ax25cmp(&s->dest_addr, dest_addr) == 0 && s->ax25_dev->dev == dev) {
225 if (digi != NULL && digi->ndigi != 0) {
226 if (s->digipeat == NULL)
227 continue;
228 if (ax25digicmp(s->digipeat, digi) != 0)
229 continue;
230 } else {
231 if (s->digipeat != NULL && s->digipeat->ndigi != 0)
232 continue;
233 }
234 ax25_cb_hold(s);
235 spin_unlock_bh(&ax25_list_lock);
236
237 return s;
238 }
239 }
240 spin_unlock_bh(&ax25_list_lock);
241
242 return NULL;
243}
244
245EXPORT_SYMBOL(ax25_find_cb);
246
247void ax25_send_to_raw(ax25_address *addr, struct sk_buff *skb, int proto)
248{
249 ax25_cb *s;
250 struct sk_buff *copy;
251 struct hlist_node *node;
252
253 spin_lock(&ax25_list_lock);
254 ax25_for_each(s, node, &ax25_list) {
255 if (s->sk != NULL && ax25cmp(&s->source_addr, addr) == 0 &&
256 s->sk->sk_type == SOCK_RAW &&
257 s->sk->sk_protocol == proto &&
258 s->ax25_dev->dev == skb->dev &&
259 atomic_read(&s->sk->sk_rmem_alloc) <= s->sk->sk_rcvbuf) {
260 if ((copy = skb_clone(skb, GFP_ATOMIC)) == NULL)
261 continue;
262 if (sock_queue_rcv_skb(s->sk, copy) != 0)
263 kfree_skb(copy);
264 }
265 }
266 spin_unlock(&ax25_list_lock);
267}
268
269/*
270 * Deferred destroy.
271 */
272void ax25_destroy_socket(ax25_cb *);
273
274/*
275 * Handler for deferred kills.
276 */
277static void ax25_destroy_timer(unsigned long data)
278{
279 ax25_cb *ax25=(ax25_cb *)data;
280 struct sock *sk;
281
282 sk=ax25->sk;
283
284 bh_lock_sock(sk);
285 sock_hold(sk);
286 ax25_destroy_socket(ax25);
287 bh_unlock_sock(sk);
288 sock_put(sk);
289}
290
291/*
292 * This is called from user mode and the timers. Thus it protects itself
293 * against interrupt users but doesn't worry about being called during
294 * work. Once it is removed from the queue no interrupt or bottom half
295 * will touch it and we are (fairly 8-) ) safe.
296 */
297void ax25_destroy_socket(ax25_cb *ax25)
298{
299 struct sk_buff *skb;
300
301 ax25_cb_del(ax25);
302
303 ax25_stop_heartbeat(ax25);
304 ax25_stop_t1timer(ax25);
305 ax25_stop_t2timer(ax25);
306 ax25_stop_t3timer(ax25);
307 ax25_stop_idletimer(ax25);
308
309 ax25_clear_queues(ax25); /* Flush the queues */
310
311 if (ax25->sk != NULL) {
312 while ((skb = skb_dequeue(&ax25->sk->sk_receive_queue)) != NULL) {
313 if (skb->sk != ax25->sk) {
314 /* A pending connection */
315 ax25_cb *sax25 = ax25_sk(skb->sk);
316
317 /* Queue the unaccepted socket for death */
318 sock_orphan(skb->sk);
319
320 /* 9A4GL: hack to release unaccepted sockets */
321 skb->sk->sk_state = TCP_LISTEN;
322
323 ax25_start_heartbeat(sax25);
324 sax25->state = AX25_STATE_0;
325 }
326
327 kfree_skb(skb);
328 }
329 skb_queue_purge(&ax25->sk->sk_write_queue);
330 }
331
332 if (ax25->sk != NULL) {
333 if (sk_has_allocations(ax25->sk)) {
334 /* Defer: outstanding buffers */
335 setup_timer(&ax25->dtimer, ax25_destroy_timer,
336 (unsigned long)ax25);
337 ax25->dtimer.expires = jiffies + 2 * HZ;
338 add_timer(&ax25->dtimer);
339 } else {
340 struct sock *sk=ax25->sk;
341 ax25->sk=NULL;
342 sock_put(sk);
343 }
344 } else {
345 ax25_cb_put(ax25);
346 }
347}
348
349/*
350 * dl1bke 960311: set parameters for existing AX.25 connections,
351 * includes a KILL command to abort any connection.
352 * VERY useful for debugging ;-)
353 */
354static int ax25_ctl_ioctl(const unsigned int cmd, void __user *arg)
355{
356 struct ax25_ctl_struct ax25_ctl;
357 ax25_digi digi;
358 ax25_dev *ax25_dev;
359 ax25_cb *ax25;
360 unsigned int k;
361 int ret = 0;
362
363 if (copy_from_user(&ax25_ctl, arg, sizeof(ax25_ctl)))
364 return -EFAULT;
365
366 if ((ax25_dev = ax25_addr_ax25dev(&ax25_ctl.port_addr)) == NULL)
367 return -ENODEV;
368
369 if (ax25_ctl.digi_count > AX25_MAX_DIGIS)
370 return -EINVAL;
371
372 if (ax25_ctl.arg > ULONG_MAX / HZ && ax25_ctl.cmd != AX25_KILL)
373 return -EINVAL;
374
375 digi.ndigi = ax25_ctl.digi_count;
376 for (k = 0; k < digi.ndigi; k++)
377 digi.calls[k] = ax25_ctl.digi_addr[k];
378
379 if ((ax25 = ax25_find_cb(&ax25_ctl.source_addr, &ax25_ctl.dest_addr, &digi, ax25_dev->dev)) == NULL)
380 return -ENOTCONN;
381
382 switch (ax25_ctl.cmd) {
383 case AX25_KILL:
384 ax25_send_control(ax25, AX25_DISC, AX25_POLLON, AX25_COMMAND);
385#ifdef CONFIG_AX25_DAMA_SLAVE
386 if (ax25_dev->dama.slave && ax25->ax25_dev->values[AX25_VALUES_PROTOCOL] == AX25_PROTO_DAMA_SLAVE)
387 ax25_dama_off(ax25);
388#endif
389 ax25_disconnect(ax25, ENETRESET);
390 break;
391
392 case AX25_WINDOW:
393 if (ax25->modulus == AX25_MODULUS) {
394 if (ax25_ctl.arg < 1 || ax25_ctl.arg > 7)
395 goto einval_put;
396 } else {
397 if (ax25_ctl.arg < 1 || ax25_ctl.arg > 63)
398 goto einval_put;
399 }
400 ax25->window = ax25_ctl.arg;
401 break;
402
403 case AX25_T1:
404 if (ax25_ctl.arg < 1 || ax25_ctl.arg > ULONG_MAX / HZ)
405 goto einval_put;
406 ax25->rtt = (ax25_ctl.arg * HZ) / 2;
407 ax25->t1 = ax25_ctl.arg * HZ;
408 break;
409
410 case AX25_T2:
411 if (ax25_ctl.arg < 1 || ax25_ctl.arg > ULONG_MAX / HZ)
412 goto einval_put;
413 ax25->t2 = ax25_ctl.arg * HZ;
414 break;
415
416 case AX25_N2:
417 if (ax25_ctl.arg < 1 || ax25_ctl.arg > 31)
418 goto einval_put;
419 ax25->n2count = 0;
420 ax25->n2 = ax25_ctl.arg;
421 break;
422
423 case AX25_T3:
424 if (ax25_ctl.arg > ULONG_MAX / HZ)
425 goto einval_put;
426 ax25->t3 = ax25_ctl.arg * HZ;
427 break;
428
429 case AX25_IDLE:
430 if (ax25_ctl.arg > ULONG_MAX / (60 * HZ))
431 goto einval_put;
432
433 ax25->idle = ax25_ctl.arg * 60 * HZ;
434 break;
435
436 case AX25_PACLEN:
437 if (ax25_ctl.arg < 16 || ax25_ctl.arg > 65535)
438 goto einval_put;
439 ax25->paclen = ax25_ctl.arg;
440 break;
441
442 default:
443 goto einval_put;
444 }
445
446out_put:
447 ax25_cb_put(ax25);
448 return ret;
449
450einval_put:
451 ret = -EINVAL;
452 goto out_put;
453}
454
455static void ax25_fillin_cb_from_dev(ax25_cb *ax25, ax25_dev *ax25_dev)
456{
457 ax25->rtt = msecs_to_jiffies(ax25_dev->values[AX25_VALUES_T1]) / 2;
458 ax25->t1 = msecs_to_jiffies(ax25_dev->values[AX25_VALUES_T1]);
459 ax25->t2 = msecs_to_jiffies(ax25_dev->values[AX25_VALUES_T2]);
460 ax25->t3 = msecs_to_jiffies(ax25_dev->values[AX25_VALUES_T3]);
461 ax25->n2 = ax25_dev->values[AX25_VALUES_N2];
462 ax25->paclen = ax25_dev->values[AX25_VALUES_PACLEN];
463 ax25->idle = msecs_to_jiffies(ax25_dev->values[AX25_VALUES_IDLE]);
464 ax25->backoff = ax25_dev->values[AX25_VALUES_BACKOFF];
465
466 if (ax25_dev->values[AX25_VALUES_AXDEFMODE]) {
467 ax25->modulus = AX25_EMODULUS;
468 ax25->window = ax25_dev->values[AX25_VALUES_EWINDOW];
469 } else {
470 ax25->modulus = AX25_MODULUS;
471 ax25->window = ax25_dev->values[AX25_VALUES_WINDOW];
472 }
473}
474
475/*
476 * Fill in a created AX.25 created control block with the default
477 * values for a particular device.
478 */
479void ax25_fillin_cb(ax25_cb *ax25, ax25_dev *ax25_dev)
480{
481 ax25->ax25_dev = ax25_dev;
482
483 if (ax25->ax25_dev != NULL) {
484 ax25_fillin_cb_from_dev(ax25, ax25_dev);
485 return;
486 }
487
488 /*
489 * No device, use kernel / AX.25 spec default values
490 */
491 ax25->rtt = msecs_to_jiffies(AX25_DEF_T1) / 2;
492 ax25->t1 = msecs_to_jiffies(AX25_DEF_T1);
493 ax25->t2 = msecs_to_jiffies(AX25_DEF_T2);
494 ax25->t3 = msecs_to_jiffies(AX25_DEF_T3);
495 ax25->n2 = AX25_DEF_N2;
496 ax25->paclen = AX25_DEF_PACLEN;
497 ax25->idle = msecs_to_jiffies(AX25_DEF_IDLE);
498 ax25->backoff = AX25_DEF_BACKOFF;
499
500 if (AX25_DEF_AXDEFMODE) {
501 ax25->modulus = AX25_EMODULUS;
502 ax25->window = AX25_DEF_EWINDOW;
503 } else {
504 ax25->modulus = AX25_MODULUS;
505 ax25->window = AX25_DEF_WINDOW;
506 }
507}
508
509/*
510 * Create an empty AX.25 control block.
511 */
512ax25_cb *ax25_create_cb(void)
513{
514 ax25_cb *ax25;
515
516 if ((ax25 = kzalloc(sizeof(*ax25), GFP_ATOMIC)) == NULL)
517 return NULL;
518
519 atomic_set(&ax25->refcount, 1);
520
521 skb_queue_head_init(&ax25->write_queue);
522 skb_queue_head_init(&ax25->frag_queue);
523 skb_queue_head_init(&ax25->ack_queue);
524 skb_queue_head_init(&ax25->reseq_queue);
525
526 ax25_setup_timers(ax25);
527
528 ax25_fillin_cb(ax25, NULL);
529
530 ax25->state = AX25_STATE_0;
531
532 return ax25;
533}
534
535/*
536 * Handling for system calls applied via the various interfaces to an
537 * AX25 socket object
538 */
539
540static int ax25_setsockopt(struct socket *sock, int level, int optname,
541 char __user *optval, unsigned int optlen)
542{
543 struct sock *sk = sock->sk;
544 ax25_cb *ax25;
545 struct net_device *dev;
546 char devname[IFNAMSIZ];
547 unsigned long opt;
548 int res = 0;
549
550 if (level != SOL_AX25)
551 return -ENOPROTOOPT;
552
553 if (optlen < sizeof(unsigned int))
554 return -EINVAL;
555
556 if (get_user(opt, (unsigned int __user *)optval))
557 return -EFAULT;
558
559 lock_sock(sk);
560 ax25 = ax25_sk(sk);
561
562 switch (optname) {
563 case AX25_WINDOW:
564 if (ax25->modulus == AX25_MODULUS) {
565 if (opt < 1 || opt > 7) {
566 res = -EINVAL;
567 break;
568 }
569 } else {
570 if (opt < 1 || opt > 63) {
571 res = -EINVAL;
572 break;
573 }
574 }
575 ax25->window = opt;
576 break;
577
578 case AX25_T1:
579 if (opt < 1 || opt > ULONG_MAX / HZ) {
580 res = -EINVAL;
581 break;
582 }
583 ax25->rtt = (opt * HZ) >> 1;
584 ax25->t1 = opt * HZ;
585 break;
586
587 case AX25_T2:
588 if (opt < 1 || opt > ULONG_MAX / HZ) {
589 res = -EINVAL;
590 break;
591 }
592 ax25->t2 = opt * HZ;
593 break;
594
595 case AX25_N2:
596 if (opt < 1 || opt > 31) {
597 res = -EINVAL;
598 break;
599 }
600 ax25->n2 = opt;
601 break;
602
603 case AX25_T3:
604 if (opt < 1 || opt > ULONG_MAX / HZ) {
605 res = -EINVAL;
606 break;
607 }
608 ax25->t3 = opt * HZ;
609 break;
610
611 case AX25_IDLE:
612 if (opt > ULONG_MAX / (60 * HZ)) {
613 res = -EINVAL;
614 break;
615 }
616 ax25->idle = opt * 60 * HZ;
617 break;
618
619 case AX25_BACKOFF:
620 if (opt > 2) {
621 res = -EINVAL;
622 break;
623 }
624 ax25->backoff = opt;
625 break;
626
627 case AX25_EXTSEQ:
628 ax25->modulus = opt ? AX25_EMODULUS : AX25_MODULUS;
629 break;
630
631 case AX25_PIDINCL:
632 ax25->pidincl = opt ? 1 : 0;
633 break;
634
635 case AX25_IAMDIGI:
636 ax25->iamdigi = opt ? 1 : 0;
637 break;
638
639 case AX25_PACLEN:
640 if (opt < 16 || opt > 65535) {
641 res = -EINVAL;
642 break;
643 }
644 ax25->paclen = opt;
645 break;
646
647 case SO_BINDTODEVICE:
648 if (optlen > IFNAMSIZ)
649 optlen = IFNAMSIZ;
650
651 if (copy_from_user(devname, optval, optlen)) {
652 res = -EFAULT;
653 break;
654 }
655
656 if (sk->sk_type == SOCK_SEQPACKET &&
657 (sock->state != SS_UNCONNECTED ||
658 sk->sk_state == TCP_LISTEN)) {
659 res = -EADDRNOTAVAIL;
660 break;
661 }
662
663 dev = dev_get_by_name(&init_net, devname);
664 if (!dev) {
665 res = -ENODEV;
666 break;
667 }
668
669 ax25->ax25_dev = ax25_dev_ax25dev(dev);
670 ax25_fillin_cb(ax25, ax25->ax25_dev);
671 dev_put(dev);
672 break;
673
674 default:
675 res = -ENOPROTOOPT;
676 }
677 release_sock(sk);
678
679 return res;
680}
681
682static int ax25_getsockopt(struct socket *sock, int level, int optname,
683 char __user *optval, int __user *optlen)
684{
685 struct sock *sk = sock->sk;
686 ax25_cb *ax25;
687 struct ax25_dev *ax25_dev;
688 char devname[IFNAMSIZ];
689 void *valptr;
690 int val = 0;
691 int maxlen, length;
692
693 if (level != SOL_AX25)
694 return -ENOPROTOOPT;
695
696 if (get_user(maxlen, optlen))
697 return -EFAULT;
698
699 if (maxlen < 1)
700 return -EFAULT;
701
702 valptr = (void *) &val;
703 length = min_t(unsigned int, maxlen, sizeof(int));
704
705 lock_sock(sk);
706 ax25 = ax25_sk(sk);
707
708 switch (optname) {
709 case AX25_WINDOW:
710 val = ax25->window;
711 break;
712
713 case AX25_T1:
714 val = ax25->t1 / HZ;
715 break;
716
717 case AX25_T2:
718 val = ax25->t2 / HZ;
719 break;
720
721 case AX25_N2:
722 val = ax25->n2;
723 break;
724
725 case AX25_T3:
726 val = ax25->t3 / HZ;
727 break;
728
729 case AX25_IDLE:
730 val = ax25->idle / (60 * HZ);
731 break;
732
733 case AX25_BACKOFF:
734 val = ax25->backoff;
735 break;
736
737 case AX25_EXTSEQ:
738 val = (ax25->modulus == AX25_EMODULUS);
739 break;
740
741 case AX25_PIDINCL:
742 val = ax25->pidincl;
743 break;
744
745 case AX25_IAMDIGI:
746 val = ax25->iamdigi;
747 break;
748
749 case AX25_PACLEN:
750 val = ax25->paclen;
751 break;
752
753 case SO_BINDTODEVICE:
754 ax25_dev = ax25->ax25_dev;
755
756 if (ax25_dev != NULL && ax25_dev->dev != NULL) {
757 strlcpy(devname, ax25_dev->dev->name, sizeof(devname));
758 length = strlen(devname) + 1;
759 } else {
760 *devname = '\0';
761 length = 1;
762 }
763
764 valptr = (void *) devname;
765 break;
766
767 default:
768 release_sock(sk);
769 return -ENOPROTOOPT;
770 }
771 release_sock(sk);
772
773 if (put_user(length, optlen))
774 return -EFAULT;
775
776 return copy_to_user(optval, valptr, length) ? -EFAULT : 0;
777}
778
779static int ax25_listen(struct socket *sock, int backlog)
780{
781 struct sock *sk = sock->sk;
782 int res = 0;
783
784 lock_sock(sk);
785 if (sk->sk_type == SOCK_SEQPACKET && sk->sk_state != TCP_LISTEN) {
786 sk->sk_max_ack_backlog = backlog;
787 sk->sk_state = TCP_LISTEN;
788 goto out;
789 }
790 res = -EOPNOTSUPP;
791
792out:
793 release_sock(sk);
794
795 return res;
796}
797
798/*
799 * XXX: when creating ax25_sock we should update the .obj_size setting
800 * below.
801 */
802static struct proto ax25_proto = {
803 .name = "AX25",
804 .owner = THIS_MODULE,
805 .obj_size = sizeof(struct sock),
806};
807
808static int ax25_create(struct net *net, struct socket *sock, int protocol,
809 int kern)
810{
811 struct sock *sk;
812 ax25_cb *ax25;
813
814 /*CVE-2015-8543*/
815 if (protocol < 0 || protocol > SK_PROTOCOL_MAX)
816 return -EINVAL;
817
818 if (!net_eq(net, &init_net))
819 return -EAFNOSUPPORT;
820
821 switch (sock->type) {
822 case SOCK_DGRAM:
823 if (protocol == 0 || protocol == PF_AX25)
824 protocol = AX25_P_TEXT;
825 break;
826
827 case SOCK_SEQPACKET:
828 switch (protocol) {
829 case 0:
830 case PF_AX25: /* For CLX */
831 protocol = AX25_P_TEXT;
832 break;
833 case AX25_P_SEGMENT:
834#ifdef CONFIG_INET
835 case AX25_P_ARP:
836 case AX25_P_IP:
837#endif
838#ifdef CONFIG_NETROM
839 case AX25_P_NETROM:
840#endif
841#ifdef CONFIG_ROSE
842 case AX25_P_ROSE:
843#endif
844 return -ESOCKTNOSUPPORT;
845#ifdef CONFIG_NETROM_MODULE
846 case AX25_P_NETROM:
847 if (ax25_protocol_is_registered(AX25_P_NETROM))
848 return -ESOCKTNOSUPPORT;
849#endif
850#ifdef CONFIG_ROSE_MODULE
851 case AX25_P_ROSE:
852 if (ax25_protocol_is_registered(AX25_P_ROSE))
853 return -ESOCKTNOSUPPORT;
854#endif
855 default:
856 break;
857 }
858 break;
859
860 case SOCK_RAW:
861 break;
862 default:
863 return -ESOCKTNOSUPPORT;
864 }
865
866 sk = sk_alloc(net, PF_AX25, GFP_ATOMIC, &ax25_proto);
867 if (sk == NULL)
868 return -ENOMEM;
869
870 ax25 = sk->sk_protinfo = ax25_create_cb();
871 if (!ax25) {
872 sk_free(sk);
873 return -ENOMEM;
874 }
875
876 sock_init_data(sock, sk);
877
878 sk->sk_destruct = ax25_free_sock;
879 sock->ops = &ax25_proto_ops;
880 sk->sk_protocol = protocol;
881
882 ax25->sk = sk;
883
884 return 0;
885}
886
887struct sock *ax25_make_new(struct sock *osk, struct ax25_dev *ax25_dev)
888{
889 struct sock *sk;
890 ax25_cb *ax25, *oax25;
891
892 sk = sk_alloc(sock_net(osk), PF_AX25, GFP_ATOMIC, osk->sk_prot);
893 if (sk == NULL)
894 return NULL;
895
896 if ((ax25 = ax25_create_cb()) == NULL) {
897 sk_free(sk);
898 return NULL;
899 }
900
901 switch (osk->sk_type) {
902 case SOCK_DGRAM:
903 break;
904 case SOCK_SEQPACKET:
905 break;
906 default:
907 sk_free(sk);
908 ax25_cb_put(ax25);
909 return NULL;
910 }
911
912 sock_init_data(NULL, sk);
913
914 sk->sk_type = osk->sk_type;
915 sk->sk_priority = osk->sk_priority;
916 sk->sk_protocol = osk->sk_protocol;
917 sk->sk_rcvbuf = osk->sk_rcvbuf;
918 sk->sk_sndbuf = osk->sk_sndbuf;
919 sk->sk_state = TCP_ESTABLISHED;
920 sock_copy_flags(sk, osk);
921
922 oax25 = ax25_sk(osk);
923
924 ax25->modulus = oax25->modulus;
925 ax25->backoff = oax25->backoff;
926 ax25->pidincl = oax25->pidincl;
927 ax25->iamdigi = oax25->iamdigi;
928 ax25->rtt = oax25->rtt;
929 ax25->t1 = oax25->t1;
930 ax25->t2 = oax25->t2;
931 ax25->t3 = oax25->t3;
932 ax25->n2 = oax25->n2;
933 ax25->idle = oax25->idle;
934 ax25->paclen = oax25->paclen;
935 ax25->window = oax25->window;
936
937 ax25->ax25_dev = ax25_dev;
938 ax25->source_addr = oax25->source_addr;
939
940 if (oax25->digipeat != NULL) {
941 ax25->digipeat = kmemdup(oax25->digipeat, sizeof(ax25_digi),
942 GFP_ATOMIC);
943 if (ax25->digipeat == NULL) {
944 sk_free(sk);
945 ax25_cb_put(ax25);
946 return NULL;
947 }
948 }
949
950 sk->sk_protinfo = ax25;
951 sk->sk_destruct = ax25_free_sock;
952 ax25->sk = sk;
953
954 return sk;
955}
956
957static int ax25_release(struct socket *sock)
958{
959 struct sock *sk = sock->sk;
960 ax25_cb *ax25;
961
962 if (sk == NULL)
963 return 0;
964
965 sock_hold(sk);
966 sock_orphan(sk);
967 lock_sock(sk);
968 ax25 = ax25_sk(sk);
969
970 if (sk->sk_type == SOCK_SEQPACKET) {
971 switch (ax25->state) {
972 case AX25_STATE_0:
973 release_sock(sk);
974 ax25_disconnect(ax25, 0);
975 lock_sock(sk);
976 ax25_destroy_socket(ax25);
977 break;
978
979 case AX25_STATE_1:
980 case AX25_STATE_2:
981 ax25_send_control(ax25, AX25_DISC, AX25_POLLON, AX25_COMMAND);
982 release_sock(sk);
983 ax25_disconnect(ax25, 0);
984 lock_sock(sk);
985 ax25_destroy_socket(ax25);
986 break;
987
988 case AX25_STATE_3:
989 case AX25_STATE_4:
990 ax25_clear_queues(ax25);
991 ax25->n2count = 0;
992
993 switch (ax25->ax25_dev->values[AX25_VALUES_PROTOCOL]) {
994 case AX25_PROTO_STD_SIMPLEX:
995 case AX25_PROTO_STD_DUPLEX:
996 ax25_send_control(ax25,
997 AX25_DISC,
998 AX25_POLLON,
999 AX25_COMMAND);
1000 ax25_stop_t2timer(ax25);
1001 ax25_stop_t3timer(ax25);
1002 ax25_stop_idletimer(ax25);
1003 break;
1004#ifdef CONFIG_AX25_DAMA_SLAVE
1005 case AX25_PROTO_DAMA_SLAVE:
1006 ax25_stop_t3timer(ax25);
1007 ax25_stop_idletimer(ax25);
1008 break;
1009#endif
1010 }
1011 ax25_calculate_t1(ax25);
1012 ax25_start_t1timer(ax25);
1013 ax25->state = AX25_STATE_2;
1014 sk->sk_state = TCP_CLOSE;
1015 sk->sk_shutdown |= SEND_SHUTDOWN;
1016 sk->sk_state_change(sk);
1017 sock_set_flag(sk, SOCK_DESTROY);
1018 break;
1019
1020 default:
1021 break;
1022 }
1023 } else {
1024 sk->sk_state = TCP_CLOSE;
1025 sk->sk_shutdown |= SEND_SHUTDOWN;
1026 sk->sk_state_change(sk);
1027 ax25_destroy_socket(ax25);
1028 }
1029
1030 sock->sk = NULL;
1031 release_sock(sk);
1032 sock_put(sk);
1033
1034 return 0;
1035}
1036
1037/*
1038 * We support a funny extension here so you can (as root) give any callsign
1039 * digipeated via a local address as source. This hack is obsolete now
1040 * that we've implemented support for SO_BINDTODEVICE. It is however small
1041 * and trivially backward compatible.
1042 */
1043static int ax25_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
1044{
1045 struct sock *sk = sock->sk;
1046 struct full_sockaddr_ax25 *addr = (struct full_sockaddr_ax25 *)uaddr;
1047 ax25_dev *ax25_dev = NULL;
1048 ax25_uid_assoc *user;
1049 ax25_address call;
1050 ax25_cb *ax25;
1051 int err = 0;
1052
1053 if (addr_len != sizeof(struct sockaddr_ax25) &&
1054 addr_len != sizeof(struct full_sockaddr_ax25))
1055 /* support for old structure may go away some time
1056 * ax25_bind(): uses old (6 digipeater) socket structure.
1057 */
1058 if ((addr_len < sizeof(struct sockaddr_ax25) + sizeof(ax25_address) * 6) ||
1059 (addr_len > sizeof(struct full_sockaddr_ax25)))
1060 return -EINVAL;
1061
1062 if (addr->fsa_ax25.sax25_family != AF_AX25)
1063 return -EINVAL;
1064
1065 user = ax25_findbyuid(current_euid());
1066 if (user) {
1067 call = user->call;
1068 ax25_uid_put(user);
1069 } else {
1070 if (ax25_uid_policy && !capable(CAP_NET_ADMIN))
1071 return -EACCES;
1072
1073 call = addr->fsa_ax25.sax25_call;
1074 }
1075
1076 lock_sock(sk);
1077
1078 ax25 = ax25_sk(sk);
1079 if (!sock_flag(sk, SOCK_ZAPPED)) {
1080 err = -EINVAL;
1081 goto out;
1082 }
1083
1084 ax25->source_addr = call;
1085
1086 /*
1087 * User already set interface with SO_BINDTODEVICE
1088 */
1089 if (ax25->ax25_dev != NULL)
1090 goto done;
1091
1092 if (addr_len > sizeof(struct sockaddr_ax25) && addr->fsa_ax25.sax25_ndigis == 1) {
1093 if (ax25cmp(&addr->fsa_digipeater[0], &null_ax25_address) != 0 &&
1094 (ax25_dev = ax25_addr_ax25dev(&addr->fsa_digipeater[0])) == NULL) {
1095 err = -EADDRNOTAVAIL;
1096 goto out;
1097 }
1098 } else {
1099 if ((ax25_dev = ax25_addr_ax25dev(&addr->fsa_ax25.sax25_call)) == NULL) {
1100 err = -EADDRNOTAVAIL;
1101 goto out;
1102 }
1103 }
1104
1105 if (ax25_dev != NULL)
1106 ax25_fillin_cb(ax25, ax25_dev);
1107
1108done:
1109 ax25_cb_add(ax25);
1110 sock_reset_flag(sk, SOCK_ZAPPED);
1111
1112out:
1113 release_sock(sk);
1114
1115 return err;
1116}
1117
1118/*
1119 * FIXME: nonblock behaviour looks like it may have a bug.
1120 */
1121static int __must_check ax25_connect(struct socket *sock,
1122 struct sockaddr *uaddr, int addr_len, int flags)
1123{
1124 struct sock *sk = sock->sk;
1125 ax25_cb *ax25 = ax25_sk(sk), *ax25t;
1126 struct full_sockaddr_ax25 *fsa = (struct full_sockaddr_ax25 *)uaddr;
1127 ax25_digi *digi = NULL;
1128 int ct = 0, err = 0;
1129
1130 /*
1131 * some sanity checks. code further down depends on this
1132 */
1133
1134 if (addr_len == sizeof(struct sockaddr_ax25))
1135 /* support for this will go away in early 2.5.x
1136 * ax25_connect(): uses obsolete socket structure
1137 */
1138 ;
1139 else if (addr_len != sizeof(struct full_sockaddr_ax25))
1140 /* support for old structure may go away some time
1141 * ax25_connect(): uses old (6 digipeater) socket structure.
1142 */
1143 if ((addr_len < sizeof(struct sockaddr_ax25) + sizeof(ax25_address) * 6) ||
1144 (addr_len > sizeof(struct full_sockaddr_ax25)))
1145 return -EINVAL;
1146
1147
1148 if (fsa->fsa_ax25.sax25_family != AF_AX25)
1149 return -EINVAL;
1150
1151 lock_sock(sk);
1152
1153 /* deal with restarts */
1154 if (sock->state == SS_CONNECTING) {
1155 switch (sk->sk_state) {
1156 case TCP_SYN_SENT: /* still trying */
1157 err = -EINPROGRESS;
1158 goto out_release;
1159
1160 case TCP_ESTABLISHED: /* connection established */
1161 sock->state = SS_CONNECTED;
1162 goto out_release;
1163
1164 case TCP_CLOSE: /* connection refused */
1165 sock->state = SS_UNCONNECTED;
1166 err = -ECONNREFUSED;
1167 goto out_release;
1168 }
1169 }
1170
1171 if (sk->sk_state == TCP_ESTABLISHED && sk->sk_type == SOCK_SEQPACKET) {
1172 err = -EISCONN; /* No reconnect on a seqpacket socket */
1173 goto out_release;
1174 }
1175
1176 sk->sk_state = TCP_CLOSE;
1177 sock->state = SS_UNCONNECTED;
1178
1179 kfree(ax25->digipeat);
1180 ax25->digipeat = NULL;
1181
1182 /*
1183 * Handle digi-peaters to be used.
1184 */
1185 if (addr_len > sizeof(struct sockaddr_ax25) &&
1186 fsa->fsa_ax25.sax25_ndigis != 0) {
1187 /* Valid number of digipeaters ? */
1188 if (fsa->fsa_ax25.sax25_ndigis < 1 || fsa->fsa_ax25.sax25_ndigis > AX25_MAX_DIGIS) {
1189 err = -EINVAL;
1190 goto out_release;
1191 }
1192
1193 if ((digi = kmalloc(sizeof(ax25_digi), GFP_KERNEL)) == NULL) {
1194 err = -ENOBUFS;
1195 goto out_release;
1196 }
1197
1198 digi->ndigi = fsa->fsa_ax25.sax25_ndigis;
1199 digi->lastrepeat = -1;
1200
1201 while (ct < fsa->fsa_ax25.sax25_ndigis) {
1202 if ((fsa->fsa_digipeater[ct].ax25_call[6] &
1203 AX25_HBIT) && ax25->iamdigi) {
1204 digi->repeated[ct] = 1;
1205 digi->lastrepeat = ct;
1206 } else {
1207 digi->repeated[ct] = 0;
1208 }
1209 digi->calls[ct] = fsa->fsa_digipeater[ct];
1210 ct++;
1211 }
1212 }
1213
1214 /*
1215 * Must bind first - autobinding in this may or may not work. If
1216 * the socket is already bound, check to see if the device has
1217 * been filled in, error if it hasn't.
1218 */
1219 if (sock_flag(sk, SOCK_ZAPPED)) {
1220 /* check if we can remove this feature. It is broken. */
1221 printk(KERN_WARNING "ax25_connect(): %s uses autobind, please contact jreuter@yaina.de\n",
1222 current->comm);
1223 if ((err = ax25_rt_autobind(ax25, &fsa->fsa_ax25.sax25_call)) < 0) {
1224 kfree(digi);
1225 goto out_release;
1226 }
1227
1228 ax25_fillin_cb(ax25, ax25->ax25_dev);
1229 ax25_cb_add(ax25);
1230 } else {
1231 if (ax25->ax25_dev == NULL) {
1232 kfree(digi);
1233 err = -EHOSTUNREACH;
1234 goto out_release;
1235 }
1236 }
1237
1238 if (sk->sk_type == SOCK_SEQPACKET &&
1239 (ax25t=ax25_find_cb(&ax25->source_addr, &fsa->fsa_ax25.sax25_call, digi,
1240 ax25->ax25_dev->dev))) {
1241 kfree(digi);
1242 err = -EADDRINUSE; /* Already such a connection */
1243 ax25_cb_put(ax25t);
1244 goto out_release;
1245 }
1246
1247 ax25->dest_addr = fsa->fsa_ax25.sax25_call;
1248 ax25->digipeat = digi;
1249
1250 /* First the easy one */
1251 if (sk->sk_type != SOCK_SEQPACKET) {
1252 sock->state = SS_CONNECTED;
1253 sk->sk_state = TCP_ESTABLISHED;
1254 goto out_release;
1255 }
1256
1257 /* Move to connecting socket, ax.25 lapb WAIT_UA.. */
1258 sock->state = SS_CONNECTING;
1259 sk->sk_state = TCP_SYN_SENT;
1260
1261 switch (ax25->ax25_dev->values[AX25_VALUES_PROTOCOL]) {
1262 case AX25_PROTO_STD_SIMPLEX:
1263 case AX25_PROTO_STD_DUPLEX:
1264 ax25_std_establish_data_link(ax25);
1265 break;
1266
1267#ifdef CONFIG_AX25_DAMA_SLAVE
1268 case AX25_PROTO_DAMA_SLAVE:
1269 ax25->modulus = AX25_MODULUS;
1270 ax25->window = ax25->ax25_dev->values[AX25_VALUES_WINDOW];
1271 if (ax25->ax25_dev->dama.slave)
1272 ax25_ds_establish_data_link(ax25);
1273 else
1274 ax25_std_establish_data_link(ax25);
1275 break;
1276#endif
1277 }
1278
1279 ax25->state = AX25_STATE_1;
1280
1281 ax25_start_heartbeat(ax25);
1282
1283 /* Now the loop */
1284 if (sk->sk_state != TCP_ESTABLISHED && (flags & O_NONBLOCK)) {
1285 err = -EINPROGRESS;
1286 goto out_release;
1287 }
1288
1289 if (sk->sk_state == TCP_SYN_SENT) {
1290 DEFINE_WAIT(wait);
1291
1292 for (;;) {
1293 prepare_to_wait(sk_sleep(sk), &wait,
1294 TASK_INTERRUPTIBLE);
1295 if (sk->sk_state != TCP_SYN_SENT)
1296 break;
1297 if (!signal_pending(current)) {
1298 release_sock(sk);
1299 schedule();
1300 lock_sock(sk);
1301 continue;
1302 }
1303 err = -ERESTARTSYS;
1304 break;
1305 }
1306 finish_wait(sk_sleep(sk), &wait);
1307
1308 if (err)
1309 goto out_release;
1310 }
1311
1312 if (sk->sk_state != TCP_ESTABLISHED) {
1313 /* Not in ABM, not in WAIT_UA -> failed */
1314 sock->state = SS_UNCONNECTED;
1315 err = sock_error(sk); /* Always set at this point */
1316 goto out_release;
1317 }
1318
1319 sock->state = SS_CONNECTED;
1320
1321 err = 0;
1322out_release:
1323 release_sock(sk);
1324
1325 return err;
1326}
1327
1328static int ax25_accept(struct socket *sock, struct socket *newsock, int flags)
1329{
1330 struct sk_buff *skb;
1331 struct sock *newsk;
1332 DEFINE_WAIT(wait);
1333 struct sock *sk;
1334 int err = 0;
1335
1336 if (sock->state != SS_UNCONNECTED)
1337 return -EINVAL;
1338
1339 if ((sk = sock->sk) == NULL)
1340 return -EINVAL;
1341
1342 lock_sock(sk);
1343 if (sk->sk_type != SOCK_SEQPACKET) {
1344 err = -EOPNOTSUPP;
1345 goto out;
1346 }
1347
1348 if (sk->sk_state != TCP_LISTEN) {
1349 err = -EINVAL;
1350 goto out;
1351 }
1352
1353 /*
1354 * The read queue this time is holding sockets ready to use
1355 * hooked into the SABM we saved
1356 */
1357 for (;;) {
1358 prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE);
1359 skb = skb_dequeue(&sk->sk_receive_queue);
1360 if (skb)
1361 break;
1362
1363 if (flags & O_NONBLOCK) {
1364 err = -EWOULDBLOCK;
1365 break;
1366 }
1367 if (!signal_pending(current)) {
1368 release_sock(sk);
1369 schedule();
1370 lock_sock(sk);
1371 continue;
1372 }
1373 err = -ERESTARTSYS;
1374 break;
1375 }
1376 finish_wait(sk_sleep(sk), &wait);
1377
1378 if (err)
1379 goto out;
1380
1381 newsk = skb->sk;
1382 sock_graft(newsk, newsock);
1383
1384 /* Now attach up the new socket */
1385 kfree_skb(skb);
1386 sk->sk_ack_backlog--;
1387 newsock->state = SS_CONNECTED;
1388
1389out:
1390 release_sock(sk);
1391
1392 return err;
1393}
1394
1395static int ax25_getname(struct socket *sock, struct sockaddr *uaddr,
1396 int *uaddr_len, int peer)
1397{
1398 struct full_sockaddr_ax25 *fsa = (struct full_sockaddr_ax25 *)uaddr;
1399 struct sock *sk = sock->sk;
1400 unsigned char ndigi, i;
1401 ax25_cb *ax25;
1402 int err = 0;
1403
1404 memset(fsa, 0, sizeof(*fsa));
1405 lock_sock(sk);
1406 ax25 = ax25_sk(sk);
1407
1408 if (peer != 0) {
1409 if (sk->sk_state != TCP_ESTABLISHED) {
1410 err = -ENOTCONN;
1411 goto out;
1412 }
1413
1414 fsa->fsa_ax25.sax25_family = AF_AX25;
1415 fsa->fsa_ax25.sax25_call = ax25->dest_addr;
1416
1417 if (ax25->digipeat != NULL) {
1418 ndigi = ax25->digipeat->ndigi;
1419 fsa->fsa_ax25.sax25_ndigis = ndigi;
1420 for (i = 0; i < ndigi; i++)
1421 fsa->fsa_digipeater[i] =
1422 ax25->digipeat->calls[i];
1423 }
1424 } else {
1425 fsa->fsa_ax25.sax25_family = AF_AX25;
1426 fsa->fsa_ax25.sax25_call = ax25->source_addr;
1427 fsa->fsa_ax25.sax25_ndigis = 1;
1428 if (ax25->ax25_dev != NULL) {
1429 memcpy(&fsa->fsa_digipeater[0],
1430 ax25->ax25_dev->dev->dev_addr, AX25_ADDR_LEN);
1431 } else {
1432 fsa->fsa_digipeater[0] = null_ax25_address;
1433 }
1434 }
1435 *uaddr_len = sizeof (struct full_sockaddr_ax25);
1436
1437out:
1438 release_sock(sk);
1439
1440 return err;
1441}
1442
1443static int ax25_sendmsg(struct kiocb *iocb, struct socket *sock,
1444 struct msghdr *msg, size_t len)
1445{
1446 struct sockaddr_ax25 *usax = (struct sockaddr_ax25 *)msg->msg_name;
1447 struct sock *sk = sock->sk;
1448 struct sockaddr_ax25 sax;
1449 struct sk_buff *skb;
1450 ax25_digi dtmp, *dp;
1451 ax25_cb *ax25;
1452 size_t size;
1453 int lv, err, addr_len = msg->msg_namelen;
1454
1455 if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_EOR|MSG_CMSG_COMPAT))
1456 return -EINVAL;
1457
1458 lock_sock(sk);
1459 ax25 = ax25_sk(sk);
1460
1461 if (sock_flag(sk, SOCK_ZAPPED)) {
1462 err = -EADDRNOTAVAIL;
1463 goto out;
1464 }
1465
1466 if (sk->sk_shutdown & SEND_SHUTDOWN) {
1467 send_sig(SIGPIPE, current, 0);
1468 err = -EPIPE;
1469 goto out;
1470 }
1471
1472 if (ax25->ax25_dev == NULL) {
1473 err = -ENETUNREACH;
1474 goto out;
1475 }
1476
1477 if (len > ax25->ax25_dev->dev->mtu) {
1478 err = -EMSGSIZE;
1479 goto out;
1480 }
1481
1482 if (usax != NULL) {
1483 if (usax->sax25_family != AF_AX25) {
1484 err = -EINVAL;
1485 goto out;
1486 }
1487
1488 if (addr_len == sizeof(struct sockaddr_ax25))
1489 /* ax25_sendmsg(): uses obsolete socket structure */
1490 ;
1491 else if (addr_len != sizeof(struct full_sockaddr_ax25))
1492 /* support for old structure may go away some time
1493 * ax25_sendmsg(): uses old (6 digipeater)
1494 * socket structure.
1495 */
1496 if ((addr_len < sizeof(struct sockaddr_ax25) + sizeof(ax25_address) * 6) ||
1497 (addr_len > sizeof(struct full_sockaddr_ax25))) {
1498 err = -EINVAL;
1499 goto out;
1500 }
1501
1502
1503 if (addr_len > sizeof(struct sockaddr_ax25) && usax->sax25_ndigis != 0) {
1504 int ct = 0;
1505 struct full_sockaddr_ax25 *fsa = (struct full_sockaddr_ax25 *)usax;
1506
1507 /* Valid number of digipeaters ? */
1508 if (usax->sax25_ndigis < 1 || usax->sax25_ndigis > AX25_MAX_DIGIS) {
1509 err = -EINVAL;
1510 goto out;
1511 }
1512
1513 dtmp.ndigi = usax->sax25_ndigis;
1514
1515 while (ct < usax->sax25_ndigis) {
1516 dtmp.repeated[ct] = 0;
1517 dtmp.calls[ct] = fsa->fsa_digipeater[ct];
1518 ct++;
1519 }
1520
1521 dtmp.lastrepeat = 0;
1522 }
1523
1524 sax = *usax;
1525 if (sk->sk_type == SOCK_SEQPACKET &&
1526 ax25cmp(&ax25->dest_addr, &sax.sax25_call)) {
1527 err = -EISCONN;
1528 goto out;
1529 }
1530 if (usax->sax25_ndigis == 0)
1531 dp = NULL;
1532 else
1533 dp = &dtmp;
1534 } else {
1535 /*
1536 * FIXME: 1003.1g - if the socket is like this because
1537 * it has become closed (not started closed) and is VC
1538 * we ought to SIGPIPE, EPIPE
1539 */
1540 if (sk->sk_state != TCP_ESTABLISHED) {
1541 err = -ENOTCONN;
1542 goto out;
1543 }
1544 sax.sax25_family = AF_AX25;
1545 sax.sax25_call = ax25->dest_addr;
1546 dp = ax25->digipeat;
1547 }
1548
1549 /* Build a packet */
1550 /* Assume the worst case */
1551 size = len + ax25->ax25_dev->dev->hard_header_len;
1552
1553 skb = sock_alloc_send_skb(sk, size, msg->msg_flags&MSG_DONTWAIT, &err);
1554 if (skb == NULL)
1555 goto out;
1556
1557 skb_reserve(skb, size - len);
1558
1559 /* User data follows immediately after the AX.25 data */
1560 if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) {
1561 err = -EFAULT;
1562 kfree_skb(skb);
1563 goto out;
1564 }
1565
1566 skb_reset_network_header(skb);
1567
1568 /* Add the PID if one is not supplied by the user in the skb */
1569 if (!ax25->pidincl)
1570 *skb_push(skb, 1) = sk->sk_protocol;
1571
1572 if (sk->sk_type == SOCK_SEQPACKET) {
1573 /* Connected mode sockets go via the LAPB machine */
1574 if (sk->sk_state != TCP_ESTABLISHED) {
1575 kfree_skb(skb);
1576 err = -ENOTCONN;
1577 goto out;
1578 }
1579
1580 /* Shove it onto the queue and kick */
1581 ax25_output(ax25, ax25->paclen, skb);
1582
1583 err = len;
1584 goto out;
1585 }
1586
1587 skb_push(skb, 1 + ax25_addr_size(dp));
1588
1589 /* Building AX.25 Header */
1590
1591 /* Build an AX.25 header */
1592 lv = ax25_addr_build(skb->data, &ax25->source_addr, &sax.sax25_call,
1593 dp, AX25_COMMAND, AX25_MODULUS);
1594
1595 skb_set_transport_header(skb, lv);
1596
1597 *skb_transport_header(skb) = AX25_UI;
1598
1599 /* Datagram frames go straight out of the door as UI */
1600 ax25_queue_xmit(skb, ax25->ax25_dev->dev);
1601
1602 err = len;
1603
1604out:
1605 release_sock(sk);
1606
1607 return err;
1608}
1609
1610static int ax25_recvmsg(struct kiocb *iocb, struct socket *sock,
1611 struct msghdr *msg, size_t size, int flags)
1612{
1613 struct sock *sk = sock->sk;
1614 struct sk_buff *skb;
1615 int copied;
1616 int err = 0;
1617
1618 lock_sock(sk);
1619 /*
1620 * This works for seqpacket too. The receiver has ordered the
1621 * queue for us! We do one quick check first though
1622 */
1623 if (sk->sk_type == SOCK_SEQPACKET && sk->sk_state != TCP_ESTABLISHED) {
1624 err = -ENOTCONN;
1625 goto out;
1626 }
1627
1628 /* Now we can treat all alike */
1629 skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT,
1630 flags & MSG_DONTWAIT, &err);
1631 if (skb == NULL)
1632 goto out;
1633
1634 if (!ax25_sk(sk)->pidincl)
1635 skb_pull(skb, 1); /* Remove PID */
1636
1637 skb_reset_transport_header(skb);
1638 copied = skb->len;
1639
1640 if (copied > size) {
1641 copied = size;
1642 msg->msg_flags |= MSG_TRUNC;
1643 }
1644
1645 skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
1646
1647 if (msg->msg_name) {
1648 ax25_digi digi;
1649 ax25_address src;
1650 const unsigned char *mac = skb_mac_header(skb);
1651 struct sockaddr_ax25 *sax = msg->msg_name;
1652
1653 memset(sax, 0, sizeof(struct full_sockaddr_ax25));
1654 ax25_addr_parse(mac + 1, skb->data - mac - 1, &src, NULL,
1655 &digi, NULL, NULL);
1656 sax->sax25_family = AF_AX25;
1657 /* We set this correctly, even though we may not let the
1658 application know the digi calls further down (because it
1659 did NOT ask to know them). This could get political... **/
1660 sax->sax25_ndigis = digi.ndigi;
1661 sax->sax25_call = src;
1662
1663 if (sax->sax25_ndigis != 0) {
1664 int ct;
1665 struct full_sockaddr_ax25 *fsa = (struct full_sockaddr_ax25 *)sax;
1666
1667 for (ct = 0; ct < digi.ndigi; ct++)
1668 fsa->fsa_digipeater[ct] = digi.calls[ct];
1669 }
1670 msg->msg_namelen = sizeof(struct full_sockaddr_ax25);
1671 }
1672
1673 skb_free_datagram(sk, skb);
1674 err = copied;
1675
1676out:
1677 release_sock(sk);
1678
1679 return err;
1680}
1681
1682static int ax25_shutdown(struct socket *sk, int how)
1683{
1684 /* FIXME - generate DM and RNR states */
1685 return -EOPNOTSUPP;
1686}
1687
1688static int ax25_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
1689{
1690 struct sock *sk = sock->sk;
1691 void __user *argp = (void __user *)arg;
1692 int res = 0;
1693
1694 lock_sock(sk);
1695 switch (cmd) {
1696 case TIOCOUTQ: {
1697 long amount;
1698
1699 amount = sk->sk_sndbuf - sk_wmem_alloc_get(sk);
1700 if (amount < 0)
1701 amount = 0;
1702 res = put_user(amount, (int __user *)argp);
1703 break;
1704 }
1705
1706 case TIOCINQ: {
1707 struct sk_buff *skb;
1708 long amount = 0L;
1709 /* These two are safe on a single CPU system as only user tasks fiddle here */
1710 if ((skb = skb_peek(&sk->sk_receive_queue)) != NULL)
1711 amount = skb->len;
1712 res = put_user(amount, (int __user *) argp);
1713 break;
1714 }
1715
1716 case SIOCGSTAMP:
1717 res = sock_get_timestamp(sk, argp);
1718 break;
1719
1720 case SIOCGSTAMPNS:
1721 res = sock_get_timestampns(sk, argp);
1722 break;
1723
1724 case SIOCAX25ADDUID: /* Add a uid to the uid/call map table */
1725 case SIOCAX25DELUID: /* Delete a uid from the uid/call map table */
1726 case SIOCAX25GETUID: {
1727 struct sockaddr_ax25 sax25;
1728 if (copy_from_user(&sax25, argp, sizeof(sax25))) {
1729 res = -EFAULT;
1730 break;
1731 }
1732 res = ax25_uid_ioctl(cmd, &sax25);
1733 break;
1734 }
1735
1736 case SIOCAX25NOUID: { /* Set the default policy (default/bar) */
1737 long amount;
1738 if (!capable(CAP_NET_ADMIN)) {
1739 res = -EPERM;
1740 break;
1741 }
1742 if (get_user(amount, (long __user *)argp)) {
1743 res = -EFAULT;
1744 break;
1745 }
1746 if (amount > AX25_NOUID_BLOCK) {
1747 res = -EINVAL;
1748 break;
1749 }
1750 ax25_uid_policy = amount;
1751 res = 0;
1752 break;
1753 }
1754
1755 case SIOCADDRT:
1756 case SIOCDELRT:
1757 case SIOCAX25OPTRT:
1758 if (!capable(CAP_NET_ADMIN)) {
1759 res = -EPERM;
1760 break;
1761 }
1762 res = ax25_rt_ioctl(cmd, argp);
1763 break;
1764
1765 case SIOCAX25CTLCON:
1766 if (!capable(CAP_NET_ADMIN)) {
1767 res = -EPERM;
1768 break;
1769 }
1770 res = ax25_ctl_ioctl(cmd, argp);
1771 break;
1772
1773 case SIOCAX25GETINFO:
1774 case SIOCAX25GETINFOOLD: {
1775 ax25_cb *ax25 = ax25_sk(sk);
1776 struct ax25_info_struct ax25_info;
1777
1778 ax25_info.t1 = ax25->t1 / HZ;
1779 ax25_info.t2 = ax25->t2 / HZ;
1780 ax25_info.t3 = ax25->t3 / HZ;
1781 ax25_info.idle = ax25->idle / (60 * HZ);
1782 ax25_info.n2 = ax25->n2;
1783 ax25_info.t1timer = ax25_display_timer(&ax25->t1timer) / HZ;
1784 ax25_info.t2timer = ax25_display_timer(&ax25->t2timer) / HZ;
1785 ax25_info.t3timer = ax25_display_timer(&ax25->t3timer) / HZ;
1786 ax25_info.idletimer = ax25_display_timer(&ax25->idletimer) / (60 * HZ);
1787 ax25_info.n2count = ax25->n2count;
1788 ax25_info.state = ax25->state;
1789 ax25_info.rcv_q = sk_rmem_alloc_get(sk);
1790 ax25_info.snd_q = sk_wmem_alloc_get(sk);
1791 ax25_info.vs = ax25->vs;
1792 ax25_info.vr = ax25->vr;
1793 ax25_info.va = ax25->va;
1794 ax25_info.vs_max = ax25->vs; /* reserved */
1795 ax25_info.paclen = ax25->paclen;
1796 ax25_info.window = ax25->window;
1797
1798 /* old structure? */
1799 if (cmd == SIOCAX25GETINFOOLD) {
1800 static int warned = 0;
1801 if (!warned) {
1802 printk(KERN_INFO "%s uses old SIOCAX25GETINFO\n",
1803 current->comm);
1804 warned=1;
1805 }
1806
1807 if (copy_to_user(argp, &ax25_info, sizeof(struct ax25_info_struct_deprecated))) {
1808 res = -EFAULT;
1809 break;
1810 }
1811 } else {
1812 if (copy_to_user(argp, &ax25_info, sizeof(struct ax25_info_struct))) {
1813 res = -EINVAL;
1814 break;
1815 }
1816 }
1817 res = 0;
1818 break;
1819 }
1820
1821 case SIOCAX25ADDFWD:
1822 case SIOCAX25DELFWD: {
1823 struct ax25_fwd_struct ax25_fwd;
1824 if (!capable(CAP_NET_ADMIN)) {
1825 res = -EPERM;
1826 break;
1827 }
1828 if (copy_from_user(&ax25_fwd, argp, sizeof(ax25_fwd))) {
1829 res = -EFAULT;
1830 break;
1831 }
1832 res = ax25_fwd_ioctl(cmd, &ax25_fwd);
1833 break;
1834 }
1835
1836 case SIOCGIFADDR:
1837 case SIOCSIFADDR:
1838 case SIOCGIFDSTADDR:
1839 case SIOCSIFDSTADDR:
1840 case SIOCGIFBRDADDR:
1841 case SIOCSIFBRDADDR:
1842 case SIOCGIFNETMASK:
1843 case SIOCSIFNETMASK:
1844 case SIOCGIFMETRIC:
1845 case SIOCSIFMETRIC:
1846 res = -EINVAL;
1847 break;
1848
1849 default:
1850 res = -ENOIOCTLCMD;
1851 break;
1852 }
1853 release_sock(sk);
1854
1855 return res;
1856}
1857
1858#ifdef CONFIG_PROC_FS
1859
1860static void *ax25_info_start(struct seq_file *seq, loff_t *pos)
1861 __acquires(ax25_list_lock)
1862{
1863 spin_lock_bh(&ax25_list_lock);
1864 return seq_hlist_start(&ax25_list, *pos);
1865}
1866
1867static void *ax25_info_next(struct seq_file *seq, void *v, loff_t *pos)
1868{
1869 return seq_hlist_next(v, &ax25_list, pos);
1870}
1871
1872static void ax25_info_stop(struct seq_file *seq, void *v)
1873 __releases(ax25_list_lock)
1874{
1875 spin_unlock_bh(&ax25_list_lock);
1876}
1877
1878static int ax25_info_show(struct seq_file *seq, void *v)
1879{
1880 ax25_cb *ax25 = hlist_entry(v, struct ax25_cb, ax25_node);
1881 char buf[11];
1882 int k;
1883
1884
1885 /*
1886 * New format:
1887 * magic dev src_addr dest_addr,digi1,digi2,.. st vs vr va t1 t1 t2 t2 t3 t3 idle idle n2 n2 rtt window paclen Snd-Q Rcv-Q inode
1888 */
1889
1890 seq_printf(seq, "%8.8lx %s %s%s ",
1891 (long) ax25,
1892 ax25->ax25_dev == NULL? "???" : ax25->ax25_dev->dev->name,
1893 ax2asc(buf, &ax25->source_addr),
1894 ax25->iamdigi? "*":"");
1895 seq_printf(seq, "%s", ax2asc(buf, &ax25->dest_addr));
1896
1897 for (k=0; (ax25->digipeat != NULL) && (k < ax25->digipeat->ndigi); k++) {
1898 seq_printf(seq, ",%s%s",
1899 ax2asc(buf, &ax25->digipeat->calls[k]),
1900 ax25->digipeat->repeated[k]? "*":"");
1901 }
1902
1903 seq_printf(seq, " %d %d %d %d %lu %lu %lu %lu %lu %lu %lu %lu %d %d %lu %d %d",
1904 ax25->state,
1905 ax25->vs, ax25->vr, ax25->va,
1906 ax25_display_timer(&ax25->t1timer) / HZ, ax25->t1 / HZ,
1907 ax25_display_timer(&ax25->t2timer) / HZ, ax25->t2 / HZ,
1908 ax25_display_timer(&ax25->t3timer) / HZ, ax25->t3 / HZ,
1909 ax25_display_timer(&ax25->idletimer) / (60 * HZ),
1910 ax25->idle / (60 * HZ),
1911 ax25->n2count, ax25->n2,
1912 ax25->rtt / HZ,
1913 ax25->window,
1914 ax25->paclen);
1915
1916 if (ax25->sk != NULL) {
1917 seq_printf(seq, " %d %d %lu\n",
1918 sk_wmem_alloc_get(ax25->sk),
1919 sk_rmem_alloc_get(ax25->sk),
1920 sock_i_ino(ax25->sk));
1921 } else {
1922 seq_puts(seq, " * * *\n");
1923 }
1924 return 0;
1925}
1926
1927static const struct seq_operations ax25_info_seqops = {
1928 .start = ax25_info_start,
1929 .next = ax25_info_next,
1930 .stop = ax25_info_stop,
1931 .show = ax25_info_show,
1932};
1933
1934static int ax25_info_open(struct inode *inode, struct file *file)
1935{
1936 return seq_open(file, &ax25_info_seqops);
1937}
1938
1939static const struct file_operations ax25_info_fops = {
1940 .owner = THIS_MODULE,
1941 .open = ax25_info_open,
1942 .read = seq_read,
1943 .llseek = seq_lseek,
1944 .release = seq_release,
1945};
1946
1947#endif
1948
1949static const struct net_proto_family ax25_family_ops = {
1950 .family = PF_AX25,
1951 .create = ax25_create,
1952 .owner = THIS_MODULE,
1953};
1954
1955static const struct proto_ops ax25_proto_ops = {
1956 .family = PF_AX25,
1957 .owner = THIS_MODULE,
1958 .release = ax25_release,
1959 .bind = ax25_bind,
1960 .connect = ax25_connect,
1961 .socketpair = sock_no_socketpair,
1962 .accept = ax25_accept,
1963 .getname = ax25_getname,
1964 .poll = datagram_poll,
1965 .ioctl = ax25_ioctl,
1966 .listen = ax25_listen,
1967 .shutdown = ax25_shutdown,
1968 .setsockopt = ax25_setsockopt,
1969 .getsockopt = ax25_getsockopt,
1970 .sendmsg = ax25_sendmsg,
1971 .recvmsg = ax25_recvmsg,
1972 .mmap = sock_no_mmap,
1973 .sendpage = sock_no_sendpage,
1974};
1975
1976/*
1977 * Called by socket.c on kernel start up
1978 */
1979static struct packet_type ax25_packet_type __read_mostly = {
1980 .type = cpu_to_be16(ETH_P_AX25),
1981 .func = ax25_kiss_rcv,
1982};
1983
1984static struct notifier_block ax25_dev_notifier = {
1985 .notifier_call =ax25_device_event,
1986};
1987
1988static int __init ax25_init(void)
1989{
1990 int rc = proto_register(&ax25_proto, 0);
1991
1992 if (rc != 0)
1993 goto out;
1994
1995 sock_register(&ax25_family_ops);
1996 dev_add_pack(&ax25_packet_type);
1997 register_netdevice_notifier(&ax25_dev_notifier);
1998 ax25_register_sysctl();
1999
2000 proc_net_fops_create(&init_net, "ax25_route", S_IRUGO, &ax25_route_fops);
2001 proc_net_fops_create(&init_net, "ax25", S_IRUGO, &ax25_info_fops);
2002 proc_net_fops_create(&init_net, "ax25_calls", S_IRUGO, &ax25_uid_fops);
2003out:
2004 return rc;
2005}
2006module_init(ax25_init);
2007
2008
2009MODULE_AUTHOR("Jonathan Naylor G4KLX <g4klx@g4klx.demon.co.uk>");
2010MODULE_DESCRIPTION("The amateur radio AX.25 link layer protocol");
2011MODULE_LICENSE("GPL");
2012MODULE_ALIAS_NETPROTO(PF_AX25);
2013
2014static void __exit ax25_exit(void)
2015{
2016 proc_net_remove(&init_net, "ax25_route");
2017 proc_net_remove(&init_net, "ax25");
2018 proc_net_remove(&init_net, "ax25_calls");
2019
2020 unregister_netdevice_notifier(&ax25_dev_notifier);
2021 ax25_unregister_sysctl();
2022
2023 dev_remove_pack(&ax25_packet_type);
2024
2025 sock_unregister(PF_AX25);
2026 proto_unregister(&ax25_proto);
2027
2028 ax25_rt_free();
2029 ax25_uid_free();
2030 ax25_dev_free();
2031}
2032module_exit(ax25_exit);