1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * 4 * Copyright (C) Jonathan Naylor G4KLX (g4klx@g4klx.demon.co.uk) 5 * Copyright (C) Joerg Reuter DL1BKE (jreuter@yaina.de) 6 */ 7 #include <linux/errno.h> 8 #include <linux/types.h> 9 #include <linux/socket.h> 10 #include <linux/in.h> 11 #include <linux/kernel.h> 12 #include <linux/timer.h> 13 #include <linux/string.h> 14 #include <linux/sockios.h> 15 #include <linux/net.h> 16 #include <net/ax25.h> 17 #include <linux/inet.h> 18 #include <linux/netdevice.h> 19 #include <linux/skbuff.h> 20 #include <net/sock.h> 21 #include <net/tcp_states.h> 22 #include <linux/uaccess.h> 23 #include <linux/fcntl.h> 24 #include <linux/mm.h> 25 #include <linux/interrupt.h> 26 27 /* 28 * State machine for state 1, Awaiting Connection State. 29 * The handling of the timer(s) is in file ax25_ds_timer.c. 30 * Handling of state 0 and connection release is in ax25.c. 31 */ ax25_ds_state1_machine(ax25_cb * ax25,struct sk_buff * skb,int frametype,int pf,int type)32 static int ax25_ds_state1_machine(ax25_cb *ax25, struct sk_buff *skb, int frametype, int pf, int type) 33 { 34 switch (frametype) { 35 case AX25_SABM: 36 ax25->modulus = AX25_MODULUS; 37 ax25->window = ax25->ax25_dev->values[AX25_VALUES_WINDOW]; 38 ax25_send_control(ax25, AX25_UA, pf, AX25_RESPONSE); 39 break; 40 41 case AX25_SABME: 42 ax25->modulus = AX25_EMODULUS; 43 ax25->window = ax25->ax25_dev->values[AX25_VALUES_EWINDOW]; 44 ax25_send_control(ax25, AX25_UA, pf, AX25_RESPONSE); 45 break; 46 47 case AX25_DISC: 48 ax25_send_control(ax25, AX25_DM, pf, AX25_RESPONSE); 49 break; 50 51 case AX25_UA: 52 ax25_calculate_rtt(ax25); 53 ax25_stop_t1timer(ax25); 54 ax25_start_t3timer(ax25); 55 ax25_start_idletimer(ax25); 56 ax25->vs = 0; 57 ax25->va = 0; 58 ax25->vr = 0; 59 ax25->state = AX25_STATE_3; 60 ax25->n2count = 0; 61 if (ax25->sk != NULL) { 62 bh_lock_sock(ax25->sk); 63 ax25->sk->sk_state = TCP_ESTABLISHED; 64 /* 65 * For WAIT_SABM connections we will produce an accept 66 * ready socket here 67 */ 68 if (!sock_flag(ax25->sk, SOCK_DEAD)) 69 ax25->sk->sk_state_change(ax25->sk); 70 bh_unlock_sock(ax25->sk); 71 } 72 ax25_dama_on(ax25); 73 74 /* according to DK4EG's spec we are required to 75 * send a RR RESPONSE FINAL NR=0. 76 */ 77 78 ax25_std_enquiry_response(ax25); 79 break; 80 81 case AX25_DM: 82 if (pf) 83 ax25_disconnect(ax25, ECONNREFUSED); 84 break; 85 86 default: 87 if (pf) 88 ax25_send_control(ax25, AX25_SABM, AX25_POLLON, AX25_COMMAND); 89 break; 90 } 91 92 return 0; 93 } 94 95 /* 96 * State machine for state 2, Awaiting Release State. 97 * The handling of the timer(s) is in file ax25_ds_timer.c 98 * Handling of state 0 and connection release is in ax25.c. 99 */ ax25_ds_state2_machine(ax25_cb * ax25,struct sk_buff * skb,int frametype,int pf,int type)100 static int ax25_ds_state2_machine(ax25_cb *ax25, struct sk_buff *skb, int frametype, int pf, int type) 101 { 102 switch (frametype) { 103 case AX25_SABM: 104 case AX25_SABME: 105 ax25_send_control(ax25, AX25_DISC, AX25_POLLON, AX25_COMMAND); 106 ax25_dama_off(ax25); 107 break; 108 109 case AX25_DISC: 110 ax25_send_control(ax25, AX25_UA, pf, AX25_RESPONSE); 111 ax25_dama_off(ax25); 112 ax25_disconnect(ax25, 0); 113 break; 114 115 case AX25_DM: 116 case AX25_UA: 117 if (pf) { 118 ax25_dama_off(ax25); 119 ax25_disconnect(ax25, 0); 120 } 121 break; 122 123 case AX25_I: 124 case AX25_REJ: 125 case AX25_RNR: 126 case AX25_RR: 127 if (pf) { 128 ax25_send_control(ax25, AX25_DISC, AX25_POLLON, AX25_COMMAND); 129 ax25_dama_off(ax25); 130 } 131 break; 132 133 default: 134 break; 135 } 136 137 return 0; 138 } 139 140 /* 141 * State machine for state 3, Connected State. 142 * The handling of the timer(s) is in file ax25_timer.c 143 * Handling of state 0 and connection release is in ax25.c. 144 */ ax25_ds_state3_machine(ax25_cb * ax25,struct sk_buff * skb,int frametype,int ns,int nr,int pf,int type)145 static int ax25_ds_state3_machine(ax25_cb *ax25, struct sk_buff *skb, int frametype, int ns, int nr, int pf, int type) 146 { 147 int queued = 0; 148 149 switch (frametype) { 150 case AX25_SABM: 151 case AX25_SABME: 152 if (frametype == AX25_SABM) { 153 ax25->modulus = AX25_MODULUS; 154 ax25->window = ax25->ax25_dev->values[AX25_VALUES_WINDOW]; 155 } else { 156 ax25->modulus = AX25_EMODULUS; 157 ax25->window = ax25->ax25_dev->values[AX25_VALUES_EWINDOW]; 158 } 159 ax25_send_control(ax25, AX25_UA, pf, AX25_RESPONSE); 160 ax25_stop_t1timer(ax25); 161 ax25_start_t3timer(ax25); 162 ax25_start_idletimer(ax25); 163 ax25->condition = 0x00; 164 ax25->vs = 0; 165 ax25->va = 0; 166 ax25->vr = 0; 167 ax25_requeue_frames(ax25); 168 ax25_dama_on(ax25); 169 break; 170 171 case AX25_DISC: 172 ax25_send_control(ax25, AX25_UA, pf, AX25_RESPONSE); 173 ax25_dama_off(ax25); 174 ax25_disconnect(ax25, 0); 175 break; 176 177 case AX25_DM: 178 ax25_dama_off(ax25); 179 ax25_disconnect(ax25, ECONNRESET); 180 break; 181 182 case AX25_RR: 183 case AX25_RNR: 184 if (frametype == AX25_RR) 185 ax25->condition &= ~AX25_COND_PEER_RX_BUSY; 186 else 187 ax25->condition |= AX25_COND_PEER_RX_BUSY; 188 189 if (ax25_validate_nr(ax25, nr)) { 190 if (ax25_check_iframes_acked(ax25, nr)) 191 ax25->n2count=0; 192 if (type == AX25_COMMAND && pf) 193 ax25_ds_enquiry_response(ax25); 194 } else { 195 ax25_ds_nr_error_recovery(ax25); 196 ax25->state = AX25_STATE_1; 197 } 198 break; 199 200 case AX25_REJ: 201 ax25->condition &= ~AX25_COND_PEER_RX_BUSY; 202 203 if (ax25_validate_nr(ax25, nr)) { 204 if (ax25->va != nr) 205 ax25->n2count=0; 206 207 ax25_frames_acked(ax25, nr); 208 ax25_calculate_rtt(ax25); 209 ax25_stop_t1timer(ax25); 210 ax25_start_t3timer(ax25); 211 ax25_requeue_frames(ax25); 212 213 if (type == AX25_COMMAND && pf) 214 ax25_ds_enquiry_response(ax25); 215 } else { 216 ax25_ds_nr_error_recovery(ax25); 217 ax25->state = AX25_STATE_1; 218 } 219 break; 220 221 case AX25_I: 222 if (!ax25_validate_nr(ax25, nr)) { 223 ax25_ds_nr_error_recovery(ax25); 224 ax25->state = AX25_STATE_1; 225 break; 226 } 227 if (ax25->condition & AX25_COND_PEER_RX_BUSY) { 228 ax25_frames_acked(ax25, nr); 229 ax25->n2count = 0; 230 } else { 231 if (ax25_check_iframes_acked(ax25, nr)) 232 ax25->n2count = 0; 233 } 234 if (ax25->condition & AX25_COND_OWN_RX_BUSY) { 235 if (pf) ax25_ds_enquiry_response(ax25); 236 break; 237 } 238 if (ns == ax25->vr) { 239 ax25->vr = (ax25->vr + 1) % ax25->modulus; 240 queued = ax25_rx_iframe(ax25, skb); 241 if (ax25->condition & AX25_COND_OWN_RX_BUSY) 242 ax25->vr = ns; /* ax25->vr - 1 */ 243 ax25->condition &= ~AX25_COND_REJECT; 244 if (pf) { 245 ax25_ds_enquiry_response(ax25); 246 } else { 247 if (!(ax25->condition & AX25_COND_ACK_PENDING)) { 248 ax25->condition |= AX25_COND_ACK_PENDING; 249 ax25_start_t2timer(ax25); 250 } 251 } 252 } else { 253 if (ax25->condition & AX25_COND_REJECT) { 254 if (pf) ax25_ds_enquiry_response(ax25); 255 } else { 256 ax25->condition |= AX25_COND_REJECT; 257 ax25_ds_enquiry_response(ax25); 258 ax25->condition &= ~AX25_COND_ACK_PENDING; 259 } 260 } 261 break; 262 263 case AX25_FRMR: 264 case AX25_ILLEGAL: 265 ax25_ds_establish_data_link(ax25); 266 ax25->state = AX25_STATE_1; 267 break; 268 269 default: 270 break; 271 } 272 273 return queued; 274 } 275 276 /* 277 * Higher level upcall for a LAPB frame 278 */ ax25_ds_frame_in(ax25_cb * ax25,struct sk_buff * skb,int type)279 int ax25_ds_frame_in(ax25_cb *ax25, struct sk_buff *skb, int type) 280 { 281 int queued = 0, frametype, ns, nr, pf; 282 283 frametype = ax25_decode(ax25, skb, &ns, &nr, &pf); 284 285 switch (ax25->state) { 286 case AX25_STATE_1: 287 queued = ax25_ds_state1_machine(ax25, skb, frametype, pf, type); 288 break; 289 case AX25_STATE_2: 290 queued = ax25_ds_state2_machine(ax25, skb, frametype, pf, type); 291 break; 292 case AX25_STATE_3: 293 queued = ax25_ds_state3_machine(ax25, skb, frametype, ns, nr, pf, type); 294 break; 295 } 296 297 return queued; 298 } 299