1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  *	X.25 Packet Layer release 002
4  *
5  *	This is ALPHA test software. This code may break your machine,
6  *	randomly fail to work with new releases, misbehave and/or generally
7  *	screw up. It might even work.
8  *
9  *	This code REQUIRES 2.1.15 or higher
10  *
11  *	History
12  *	X.25 001	Split from x25_subr.c
13  *	mar/20/00	Daniela Squassoni Disabling/enabling of facilities
14  *					  negotiation.
15  *	apr/14/05	Shaun Pereira - Allow fast select with no restriction
16  *					on response.
17  */
18 
19 #define pr_fmt(fmt) "X25: " fmt
20 
21 #include <linux/kernel.h>
22 #include <linux/string.h>
23 #include <linux/skbuff.h>
24 #include <net/sock.h>
25 #include <net/x25.h>
26 
27 /**
28  * x25_parse_facilities - Parse facilities from skb into the facilities structs
29  *
30  * @skb: sk_buff to parse
31  * @facilities: Regular facilities, updated as facilities are found
32  * @dte_facs: ITU DTE facilities, updated as DTE facilities are found
33  * @vc_fac_mask: mask is updated with all facilities found
34  *
35  * Return codes:
36  *  -1 - Parsing error, caller should drop call and clean up
37  *   0 - Parse OK, this skb has no facilities
38  *  >0 - Parse OK, returns the length of the facilities header
39  *
40  */
x25_parse_facilities(struct sk_buff * skb,struct x25_facilities * facilities,struct x25_dte_facilities * dte_facs,unsigned long * vc_fac_mask)41 int x25_parse_facilities(struct sk_buff *skb, struct x25_facilities *facilities,
42 		struct x25_dte_facilities *dte_facs, unsigned long *vc_fac_mask)
43 {
44 	unsigned char *p;
45 	unsigned int len;
46 
47 	*vc_fac_mask = 0;
48 
49 	/*
50 	 * The kernel knows which facilities were set on an incoming call but
51 	 * currently this information is not available to userspace.  Here we
52 	 * give userspace who read incoming call facilities 0 length to indicate
53 	 * it wasn't set.
54 	 */
55 	dte_facs->calling_len = 0;
56 	dte_facs->called_len = 0;
57 	memset(dte_facs->called_ae, '\0', sizeof(dte_facs->called_ae));
58 	memset(dte_facs->calling_ae, '\0', sizeof(dte_facs->calling_ae));
59 
60 	if (!pskb_may_pull(skb, 1))
61 		return 0;
62 
63 	len = skb->data[0];
64 
65 	if (!pskb_may_pull(skb, 1 + len))
66 		return -1;
67 
68 	p = skb->data + 1;
69 
70 	while (len > 0) {
71 		switch (*p & X25_FAC_CLASS_MASK) {
72 		case X25_FAC_CLASS_A:
73 			if (len < 2)
74 				return -1;
75 			switch (*p) {
76 			case X25_FAC_REVERSE:
77 				if((p[1] & 0x81) == 0x81) {
78 					facilities->reverse = p[1] & 0x81;
79 					*vc_fac_mask |= X25_MASK_REVERSE;
80 					break;
81 				}
82 
83 				if((p[1] & 0x01) == 0x01) {
84 					facilities->reverse = p[1] & 0x01;
85 					*vc_fac_mask |= X25_MASK_REVERSE;
86 					break;
87 				}
88 
89 				if((p[1] & 0x80) == 0x80) {
90 					facilities->reverse = p[1] & 0x80;
91 					*vc_fac_mask |= X25_MASK_REVERSE;
92 					break;
93 				}
94 
95 				if(p[1] == 0x00) {
96 					facilities->reverse
97 						= X25_DEFAULT_REVERSE;
98 					*vc_fac_mask |= X25_MASK_REVERSE;
99 					break;
100 				}
101 				fallthrough;
102 			case X25_FAC_THROUGHPUT:
103 				facilities->throughput = p[1];
104 				*vc_fac_mask |= X25_MASK_THROUGHPUT;
105 				break;
106 			case X25_MARKER:
107 				break;
108 			default:
109 				pr_debug("unknown facility "
110 				       "%02X, value %02X\n",
111 				       p[0], p[1]);
112 				break;
113 			}
114 			p   += 2;
115 			len -= 2;
116 			break;
117 		case X25_FAC_CLASS_B:
118 			if (len < 3)
119 				return -1;
120 			switch (*p) {
121 			case X25_FAC_PACKET_SIZE:
122 				facilities->pacsize_in  = p[1];
123 				facilities->pacsize_out = p[2];
124 				*vc_fac_mask |= X25_MASK_PACKET_SIZE;
125 				break;
126 			case X25_FAC_WINDOW_SIZE:
127 				facilities->winsize_in  = p[1];
128 				facilities->winsize_out = p[2];
129 				*vc_fac_mask |= X25_MASK_WINDOW_SIZE;
130 				break;
131 			default:
132 				pr_debug("unknown facility "
133 				       "%02X, values %02X, %02X\n",
134 				       p[0], p[1], p[2]);
135 				break;
136 			}
137 			p   += 3;
138 			len -= 3;
139 			break;
140 		case X25_FAC_CLASS_C:
141 			if (len < 4)
142 				return -1;
143 			pr_debug("unknown facility %02X, "
144 			       "values %02X, %02X, %02X\n",
145 			       p[0], p[1], p[2], p[3]);
146 			p   += 4;
147 			len -= 4;
148 			break;
149 		case X25_FAC_CLASS_D:
150 			if (len < p[1] + 2)
151 				return -1;
152 			switch (*p) {
153 			case X25_FAC_CALLING_AE:
154 				if (p[1] > X25_MAX_DTE_FACIL_LEN || p[1] <= 1)
155 					return -1;
156 				if (p[2] > X25_MAX_AE_LEN)
157 					return -1;
158 				dte_facs->calling_len = p[2];
159 				memcpy(dte_facs->calling_ae, &p[3], p[1] - 1);
160 				*vc_fac_mask |= X25_MASK_CALLING_AE;
161 				break;
162 			case X25_FAC_CALLED_AE:
163 				if (p[1] > X25_MAX_DTE_FACIL_LEN || p[1] <= 1)
164 					return -1;
165 				if (p[2] > X25_MAX_AE_LEN)
166 					return -1;
167 				dte_facs->called_len = p[2];
168 				memcpy(dte_facs->called_ae, &p[3], p[1] - 1);
169 				*vc_fac_mask |= X25_MASK_CALLED_AE;
170 				break;
171 			default:
172 				pr_debug("unknown facility %02X,"
173 					"length %d\n", p[0], p[1]);
174 				break;
175 			}
176 			len -= p[1] + 2;
177 			p += p[1] + 2;
178 			break;
179 		}
180 	}
181 
182 	return p - skb->data;
183 }
184 
185 /*
186  *	Create a set of facilities.
187  */
x25_create_facilities(unsigned char * buffer,struct x25_facilities * facilities,struct x25_dte_facilities * dte_facs,unsigned long facil_mask)188 int x25_create_facilities(unsigned char *buffer,
189 		struct x25_facilities *facilities,
190 		struct x25_dte_facilities *dte_facs, unsigned long facil_mask)
191 {
192 	unsigned char *p = buffer + 1;
193 	int len;
194 
195 	if (!facil_mask) {
196 		/*
197 		 * Length of the facilities field in call_req or
198 		 * call_accept packets
199 		 */
200 		buffer[0] = 0;
201 		len = 1; /* 1 byte for the length field */
202 		return len;
203 	}
204 
205 	if (facilities->reverse && (facil_mask & X25_MASK_REVERSE)) {
206 		*p++ = X25_FAC_REVERSE;
207 		*p++ = facilities->reverse;
208 	}
209 
210 	if (facilities->throughput && (facil_mask & X25_MASK_THROUGHPUT)) {
211 		*p++ = X25_FAC_THROUGHPUT;
212 		*p++ = facilities->throughput;
213 	}
214 
215 	if ((facilities->pacsize_in || facilities->pacsize_out) &&
216 	    (facil_mask & X25_MASK_PACKET_SIZE)) {
217 		*p++ = X25_FAC_PACKET_SIZE;
218 		*p++ = facilities->pacsize_in ? : facilities->pacsize_out;
219 		*p++ = facilities->pacsize_out ? : facilities->pacsize_in;
220 	}
221 
222 	if ((facilities->winsize_in || facilities->winsize_out) &&
223 	    (facil_mask & X25_MASK_WINDOW_SIZE)) {
224 		*p++ = X25_FAC_WINDOW_SIZE;
225 		*p++ = facilities->winsize_in ? : facilities->winsize_out;
226 		*p++ = facilities->winsize_out ? : facilities->winsize_in;
227 	}
228 
229 	if (facil_mask & (X25_MASK_CALLING_AE|X25_MASK_CALLED_AE)) {
230 		*p++ = X25_MARKER;
231 		*p++ = X25_DTE_SERVICES;
232 	}
233 
234 	if (dte_facs->calling_len && (facil_mask & X25_MASK_CALLING_AE)) {
235 		unsigned int bytecount = (dte_facs->calling_len + 1) >> 1;
236 		*p++ = X25_FAC_CALLING_AE;
237 		*p++ = 1 + bytecount;
238 		*p++ = dte_facs->calling_len;
239 		memcpy(p, dte_facs->calling_ae, bytecount);
240 		p += bytecount;
241 	}
242 
243 	if (dte_facs->called_len && (facil_mask & X25_MASK_CALLED_AE)) {
244 		unsigned int bytecount = (dte_facs->called_len % 2) ?
245 		dte_facs->called_len / 2 + 1 :
246 		dte_facs->called_len / 2;
247 		*p++ = X25_FAC_CALLED_AE;
248 		*p++ = 1 + bytecount;
249 		*p++ = dte_facs->called_len;
250 		memcpy(p, dte_facs->called_ae, bytecount);
251 		p+=bytecount;
252 	}
253 
254 	len       = p - buffer;
255 	buffer[0] = len - 1;
256 
257 	return len;
258 }
259 
260 /*
261  *	Try to reach a compromise on a set of facilities.
262  *
263  *	The only real problem is with reverse charging.
264  */
x25_negotiate_facilities(struct sk_buff * skb,struct sock * sk,struct x25_facilities * new,struct x25_dte_facilities * dte)265 int x25_negotiate_facilities(struct sk_buff *skb, struct sock *sk,
266 		struct x25_facilities *new, struct x25_dte_facilities *dte)
267 {
268 	struct x25_sock *x25 = x25_sk(sk);
269 	struct x25_facilities *ours = &x25->facilities;
270 	struct x25_facilities theirs;
271 	int len;
272 
273 	memset(&theirs, 0, sizeof(theirs));
274 	memcpy(new, ours, sizeof(*new));
275 	memset(dte, 0, sizeof(*dte));
276 
277 	len = x25_parse_facilities(skb, &theirs, dte, &x25->vc_facil_mask);
278 	if (len < 0)
279 		return len;
280 
281 	/*
282 	 *	They want reverse charging, we won't accept it.
283 	 */
284 	if ((theirs.reverse & 0x01 ) && (ours->reverse & 0x01)) {
285 		net_dbg_ratelimited("X.25: rejecting reverse charging request\n");
286 		return -1;
287 	}
288 
289 	new->reverse = theirs.reverse;
290 
291 	if (theirs.throughput) {
292 		int theirs_in =  theirs.throughput & 0x0f;
293 		int theirs_out = theirs.throughput & 0xf0;
294 		int ours_in  = ours->throughput & 0x0f;
295 		int ours_out = ours->throughput & 0xf0;
296 		if (!ours_in || theirs_in < ours_in) {
297 			net_dbg_ratelimited("X.25: inbound throughput negotiated\n");
298 			new->throughput = (new->throughput & 0xf0) | theirs_in;
299 		}
300 		if (!ours_out || theirs_out < ours_out) {
301 			net_dbg_ratelimited(
302 				"X.25: outbound throughput negotiated\n");
303 			new->throughput = (new->throughput & 0x0f) | theirs_out;
304 		}
305 	}
306 
307 	if (theirs.pacsize_in && theirs.pacsize_out) {
308 		if (theirs.pacsize_in < ours->pacsize_in) {
309 			net_dbg_ratelimited("X.25: packet size inwards negotiated down\n");
310 			new->pacsize_in = theirs.pacsize_in;
311 		}
312 		if (theirs.pacsize_out < ours->pacsize_out) {
313 			net_dbg_ratelimited("X.25: packet size outwards negotiated down\n");
314 			new->pacsize_out = theirs.pacsize_out;
315 		}
316 	}
317 
318 	if (theirs.winsize_in && theirs.winsize_out) {
319 		if (theirs.winsize_in < ours->winsize_in) {
320 			net_dbg_ratelimited("X.25: window size inwards negotiated down\n");
321 			new->winsize_in = theirs.winsize_in;
322 		}
323 		if (theirs.winsize_out < ours->winsize_out) {
324 			net_dbg_ratelimited("X.25: window size outwards negotiated down\n");
325 			new->winsize_out = theirs.winsize_out;
326 		}
327 	}
328 
329 	return len;
330 }
331 
332 /*
333  *	Limit values of certain facilities according to the capability of the
334  *      currently attached x25 link.
335  */
x25_limit_facilities(struct x25_facilities * facilities,struct x25_neigh * nb)336 void x25_limit_facilities(struct x25_facilities *facilities,
337 			  struct x25_neigh *nb)
338 {
339 
340 	if (!nb->extended) {
341 		if (facilities->winsize_in  > 7) {
342 			pr_debug("incoming winsize limited to 7\n");
343 			facilities->winsize_in = 7;
344 		}
345 		if (facilities->winsize_out > 7) {
346 			facilities->winsize_out = 7;
347 			pr_debug("outgoing winsize limited to 7\n");
348 		}
349 	}
350 }
351