ipv6: netfilter: ip6_tables: fix infoleak to userspace
[linux-2.6/linux-acpi-2.6/ibm-acpi-2.6.git] / net / llc / llc_sap.c
blob94e7fca75b851762623a5e536abfc233810f8920
1 /*
2 * llc_sap.c - driver routines for SAP component.
4 * Copyright (c) 1997 by Procom Technology, Inc.
5 * 2001-2003 by Arnaldo Carvalho de Melo <acme@conectiva.com.br>
7 * This program can be redistributed or modified under the terms of the
8 * GNU General Public License as published by the Free Software Foundation.
9 * This program is distributed without any warranty or implied warranty
10 * of merchantability or fitness for a particular purpose.
12 * See the GNU General Public License for more details.
15 #include <net/llc.h>
16 #include <net/llc_if.h>
17 #include <net/llc_conn.h>
18 #include <net/llc_pdu.h>
19 #include <net/llc_sap.h>
20 #include <net/llc_s_ac.h>
21 #include <net/llc_s_ev.h>
22 #include <net/llc_s_st.h>
23 #include <net/sock.h>
24 #include <net/tcp_states.h>
25 #include <linux/llc.h>
26 #include <linux/slab.h>
28 static int llc_mac_header_len(unsigned short devtype)
30 switch (devtype) {
31 case ARPHRD_ETHER:
32 case ARPHRD_LOOPBACK:
33 return sizeof(struct ethhdr);
34 #if defined(CONFIG_TR) || defined(CONFIG_TR_MODULE)
35 case ARPHRD_IEEE802_TR:
36 return sizeof(struct trh_hdr);
37 #endif
39 return 0;
42 /**
43 * llc_alloc_frame - allocates sk_buff for frame
44 * @dev: network device this skb will be sent over
45 * @type: pdu type to allocate
46 * @data_size: data size to allocate
48 * Allocates an sk_buff for frame and initializes sk_buff fields.
49 * Returns allocated skb or %NULL when out of memory.
51 struct sk_buff *llc_alloc_frame(struct sock *sk, struct net_device *dev,
52 u8 type, u32 data_size)
54 int hlen = type == LLC_PDU_TYPE_U ? 3 : 4;
55 struct sk_buff *skb;
57 hlen += llc_mac_header_len(dev->type);
58 skb = alloc_skb(hlen + data_size, GFP_ATOMIC);
60 if (skb) {
61 skb_reset_mac_header(skb);
62 skb_reserve(skb, hlen);
63 skb_reset_network_header(skb);
64 skb_reset_transport_header(skb);
65 skb->protocol = htons(ETH_P_802_2);
66 skb->dev = dev;
67 if (sk != NULL)
68 skb_set_owner_w(skb, sk);
70 return skb;
73 void llc_save_primitive(struct sock *sk, struct sk_buff* skb, u8 prim)
75 struct sockaddr_llc *addr;
77 /* save primitive for use by the user. */
78 addr = llc_ui_skb_cb(skb);
80 memset(addr, 0, sizeof(*addr));
81 addr->sllc_family = sk->sk_family;
82 addr->sllc_arphrd = skb->dev->type;
83 addr->sllc_test = prim == LLC_TEST_PRIM;
84 addr->sllc_xid = prim == LLC_XID_PRIM;
85 addr->sllc_ua = prim == LLC_DATAUNIT_PRIM;
86 llc_pdu_decode_sa(skb, addr->sllc_mac);
87 llc_pdu_decode_ssap(skb, &addr->sllc_sap);
90 /**
91 * llc_sap_rtn_pdu - Informs upper layer on rx of an UI, XID or TEST pdu.
92 * @sap: pointer to SAP
93 * @skb: received pdu
95 void llc_sap_rtn_pdu(struct llc_sap *sap, struct sk_buff *skb)
97 struct llc_sap_state_ev *ev = llc_sap_ev(skb);
98 struct llc_pdu_un *pdu = llc_pdu_un_hdr(skb);
100 switch (LLC_U_PDU_RSP(pdu)) {
101 case LLC_1_PDU_CMD_TEST:
102 ev->prim = LLC_TEST_PRIM; break;
103 case LLC_1_PDU_CMD_XID:
104 ev->prim = LLC_XID_PRIM; break;
105 case LLC_1_PDU_CMD_UI:
106 ev->prim = LLC_DATAUNIT_PRIM; break;
108 ev->ind_cfm_flag = LLC_IND;
112 * llc_find_sap_trans - finds transition for event
113 * @sap: pointer to SAP
114 * @skb: happened event
116 * This function finds transition that matches with happened event.
117 * Returns the pointer to found transition on success or %NULL for
118 * failure.
120 static struct llc_sap_state_trans *llc_find_sap_trans(struct llc_sap *sap,
121 struct sk_buff* skb)
123 int i = 0;
124 struct llc_sap_state_trans *rc = NULL;
125 struct llc_sap_state_trans **next_trans;
126 struct llc_sap_state *curr_state = &llc_sap_state_table[sap->state - 1];
128 * Search thru events for this state until list exhausted or until
129 * its obvious the event is not valid for the current state
131 for (next_trans = curr_state->transitions; next_trans[i]->ev; i++)
132 if (!next_trans[i]->ev(sap, skb)) {
133 rc = next_trans[i]; /* got event match; return it */
134 break;
136 return rc;
140 * llc_exec_sap_trans_actions - execute actions related to event
141 * @sap: pointer to SAP
142 * @trans: pointer to transition that it's actions must be performed
143 * @skb: happened event.
145 * This function executes actions that is related to happened event.
146 * Returns 0 for success and 1 for failure of at least one action.
148 static int llc_exec_sap_trans_actions(struct llc_sap *sap,
149 struct llc_sap_state_trans *trans,
150 struct sk_buff *skb)
152 int rc = 0;
153 llc_sap_action_t *next_action = trans->ev_actions;
155 for (; next_action && *next_action; next_action++)
156 if ((*next_action)(sap, skb))
157 rc = 1;
158 return rc;
162 * llc_sap_next_state - finds transition, execs actions & change SAP state
163 * @sap: pointer to SAP
164 * @skb: happened event
166 * This function finds transition that matches with happened event, then
167 * executes related actions and finally changes state of SAP. It returns
168 * 0 on success and 1 for failure.
170 static int llc_sap_next_state(struct llc_sap *sap, struct sk_buff *skb)
172 int rc = 1;
173 struct llc_sap_state_trans *trans;
175 if (sap->state > LLC_NR_SAP_STATES)
176 goto out;
177 trans = llc_find_sap_trans(sap, skb);
178 if (!trans)
179 goto out;
181 * Got the state to which we next transition; perform the actions
182 * associated with this transition before actually transitioning to the
183 * next state
185 rc = llc_exec_sap_trans_actions(sap, trans, skb);
186 if (rc)
187 goto out;
189 * Transition SAP to next state if all actions execute successfully
191 sap->state = trans->next_state;
192 out:
193 return rc;
197 * llc_sap_state_process - sends event to SAP state machine
198 * @sap: sap to use
199 * @skb: pointer to occurred event
201 * After executing actions of the event, upper layer will be indicated
202 * if needed(on receiving an UI frame). sk can be null for the
203 * datalink_proto case.
205 static void llc_sap_state_process(struct llc_sap *sap, struct sk_buff *skb)
207 struct llc_sap_state_ev *ev = llc_sap_ev(skb);
210 * We have to hold the skb, because llc_sap_next_state
211 * will kfree it in the sending path and we need to
212 * look at the skb->cb, where we encode llc_sap_state_ev.
214 skb_get(skb);
215 ev->ind_cfm_flag = 0;
216 llc_sap_next_state(sap, skb);
217 if (ev->ind_cfm_flag == LLC_IND) {
218 if (skb->sk->sk_state == TCP_LISTEN)
219 kfree_skb(skb);
220 else {
221 llc_save_primitive(skb->sk, skb, ev->prim);
223 /* queue skb to the user. */
224 if (sock_queue_rcv_skb(skb->sk, skb))
225 kfree_skb(skb);
228 kfree_skb(skb);
232 * llc_build_and_send_test_pkt - TEST interface for upper layers.
233 * @sap: sap to use
234 * @skb: packet to send
235 * @dmac: destination mac address
236 * @dsap: destination sap
238 * This function is called when upper layer wants to send a TEST pdu.
239 * Returns 0 for success, 1 otherwise.
241 void llc_build_and_send_test_pkt(struct llc_sap *sap,
242 struct sk_buff *skb, u8 *dmac, u8 dsap)
244 struct llc_sap_state_ev *ev = llc_sap_ev(skb);
246 ev->saddr.lsap = sap->laddr.lsap;
247 ev->daddr.lsap = dsap;
248 memcpy(ev->saddr.mac, skb->dev->dev_addr, IFHWADDRLEN);
249 memcpy(ev->daddr.mac, dmac, IFHWADDRLEN);
251 ev->type = LLC_SAP_EV_TYPE_PRIM;
252 ev->prim = LLC_TEST_PRIM;
253 ev->prim_type = LLC_PRIM_TYPE_REQ;
254 llc_sap_state_process(sap, skb);
258 * llc_build_and_send_xid_pkt - XID interface for upper layers
259 * @sap: sap to use
260 * @skb: packet to send
261 * @dmac: destination mac address
262 * @dsap: destination sap
264 * This function is called when upper layer wants to send a XID pdu.
265 * Returns 0 for success, 1 otherwise.
267 void llc_build_and_send_xid_pkt(struct llc_sap *sap, struct sk_buff *skb,
268 u8 *dmac, u8 dsap)
270 struct llc_sap_state_ev *ev = llc_sap_ev(skb);
272 ev->saddr.lsap = sap->laddr.lsap;
273 ev->daddr.lsap = dsap;
274 memcpy(ev->saddr.mac, skb->dev->dev_addr, IFHWADDRLEN);
275 memcpy(ev->daddr.mac, dmac, IFHWADDRLEN);
277 ev->type = LLC_SAP_EV_TYPE_PRIM;
278 ev->prim = LLC_XID_PRIM;
279 ev->prim_type = LLC_PRIM_TYPE_REQ;
280 llc_sap_state_process(sap, skb);
284 * llc_sap_rcv - sends received pdus to the sap state machine
285 * @sap: current sap component structure.
286 * @skb: received frame.
288 * Sends received pdus to the sap state machine.
290 static void llc_sap_rcv(struct llc_sap *sap, struct sk_buff *skb,
291 struct sock *sk)
293 struct llc_sap_state_ev *ev = llc_sap_ev(skb);
295 ev->type = LLC_SAP_EV_TYPE_PDU;
296 ev->reason = 0;
297 skb->sk = sk;
298 llc_sap_state_process(sap, skb);
301 static inline bool llc_dgram_match(const struct llc_sap *sap,
302 const struct llc_addr *laddr,
303 const struct sock *sk)
305 struct llc_sock *llc = llc_sk(sk);
307 return sk->sk_type == SOCK_DGRAM &&
308 llc->laddr.lsap == laddr->lsap &&
309 llc_mac_match(llc->laddr.mac, laddr->mac);
313 * llc_lookup_dgram - Finds dgram socket for the local sap/mac
314 * @sap: SAP
315 * @laddr: address of local LLC (MAC + SAP)
317 * Search socket list of the SAP and finds connection using the local
318 * mac, and local sap. Returns pointer for socket found, %NULL otherwise.
320 static struct sock *llc_lookup_dgram(struct llc_sap *sap,
321 const struct llc_addr *laddr)
323 struct sock *rc;
324 struct hlist_nulls_node *node;
325 int slot = llc_sk_laddr_hashfn(sap, laddr);
326 struct hlist_nulls_head *laddr_hb = &sap->sk_laddr_hash[slot];
328 rcu_read_lock_bh();
329 again:
330 sk_nulls_for_each_rcu(rc, node, laddr_hb) {
331 if (llc_dgram_match(sap, laddr, rc)) {
332 /* Extra checks required by SLAB_DESTROY_BY_RCU */
333 if (unlikely(!atomic_inc_not_zero(&rc->sk_refcnt)))
334 goto again;
335 if (unlikely(llc_sk(rc)->sap != sap ||
336 !llc_dgram_match(sap, laddr, rc))) {
337 sock_put(rc);
338 continue;
340 goto found;
343 rc = NULL;
345 * if the nulls value we got at the end of this lookup is
346 * not the expected one, we must restart lookup.
347 * We probably met an item that was moved to another chain.
349 if (unlikely(get_nulls_value(node) != slot))
350 goto again;
351 found:
352 rcu_read_unlock_bh();
353 return rc;
356 static inline bool llc_mcast_match(const struct llc_sap *sap,
357 const struct llc_addr *laddr,
358 const struct sk_buff *skb,
359 const struct sock *sk)
361 struct llc_sock *llc = llc_sk(sk);
363 return sk->sk_type == SOCK_DGRAM &&
364 llc->laddr.lsap == laddr->lsap &&
365 llc->dev == skb->dev;
368 static void llc_do_mcast(struct llc_sap *sap, struct sk_buff *skb,
369 struct sock **stack, int count)
371 struct sk_buff *skb1;
372 int i;
374 for (i = 0; i < count; i++) {
375 skb1 = skb_clone(skb, GFP_ATOMIC);
376 if (!skb1) {
377 sock_put(stack[i]);
378 continue;
381 llc_sap_rcv(sap, skb1, stack[i]);
382 sock_put(stack[i]);
387 * llc_sap_mcast - Deliver multicast PDU's to all matching datagram sockets.
388 * @sap: SAP
389 * @laddr: address of local LLC (MAC + SAP)
391 * Search socket list of the SAP and finds connections with same sap.
392 * Deliver clone to each.
394 static void llc_sap_mcast(struct llc_sap *sap,
395 const struct llc_addr *laddr,
396 struct sk_buff *skb)
398 int i = 0, count = 256 / sizeof(struct sock *);
399 struct sock *sk, *stack[count];
400 struct hlist_node *node;
401 struct llc_sock *llc;
402 struct hlist_head *dev_hb = llc_sk_dev_hash(sap, skb->dev->ifindex);
404 spin_lock_bh(&sap->sk_lock);
405 hlist_for_each_entry(llc, node, dev_hb, dev_hash_node) {
407 sk = &llc->sk;
409 if (!llc_mcast_match(sap, laddr, skb, sk))
410 continue;
412 sock_hold(sk);
413 if (i < count)
414 stack[i++] = sk;
415 else {
416 llc_do_mcast(sap, skb, stack, i);
417 i = 0;
420 spin_unlock_bh(&sap->sk_lock);
422 llc_do_mcast(sap, skb, stack, i);
426 void llc_sap_handler(struct llc_sap *sap, struct sk_buff *skb)
428 struct llc_addr laddr;
430 llc_pdu_decode_da(skb, laddr.mac);
431 llc_pdu_decode_dsap(skb, &laddr.lsap);
433 if (llc_mac_multicast(laddr.mac)) {
434 llc_sap_mcast(sap, &laddr, skb);
435 kfree_skb(skb);
436 } else {
437 struct sock *sk = llc_lookup_dgram(sap, &laddr);
438 if (sk) {
439 llc_sap_rcv(sap, skb, sk);
440 sock_put(sk);
441 } else
442 kfree_skb(skb);