1/*
2 * This program is free software; you can redistribute it and/or modify
3 * it under the terms of the GNU General Public License as published by
4 * the Free Software Foundation; either version 2 of the License, or
5 * (at your option) any later version.
6 *
7 * Copyright (C) Alan Cox GW4PTS (alan@lxorguk.ukuu.org.uk)
8 * Copyright (C) Jonathan Naylor G4KLX (g4klx@g4klx.demon.co.uk)
9 * Copyright (C) Joerg Reuter DL1BKE (jreuter@yaina.de)
10 * Copyright (C) Frederic Rible F1OAT (frible@teaser.fr)
11 */
12#include <linux/errno.h>
13#include <linux/types.h>
14#include <linux/socket.h>
15#include <linux/in.h>
16#include <linux/kernel.h>
17#include <linux/timer.h>
18#include <linux/string.h>
19#include <linux/sockios.h>
20#include <linux/net.h>
21#include <linux/slab.h>
22#include <net/ax25.h>
23#include <linux/inet.h>
24#include <linux/netdevice.h>
25#include <linux/skbuff.h>
26#include <net/sock.h>
27#include <net/tcp_states.h>
28#include <asm/uaccess.h>
29#include <linux/fcntl.h>
30#include <linux/mm.h>
31#include <linux/interrupt.h>
32
33/*
34 *	This routine purges all the queues of frames.
35 */
36void ax25_clear_queues(ax25_cb *ax25)
37{
38	skb_queue_purge(&ax25->write_queue);
39	skb_queue_purge(&ax25->ack_queue);
40	skb_queue_purge(&ax25->reseq_queue);
41	skb_queue_purge(&ax25->frag_queue);
42}
43
44/*
45 * This routine purges the input queue of those frames that have been
46 * acknowledged. This replaces the boxes labelled "V(a) <- N(r)" on the
47 * SDL diagram.
48 */
49void ax25_frames_acked(ax25_cb *ax25, unsigned short nr)
50{
51	struct sk_buff *skb;
52
53	/*
54	 * Remove all the ack-ed frames from the ack queue.
55	 */
56	if (ax25->va != nr) {
57		while (skb_peek(&ax25->ack_queue) != NULL && ax25->va != nr) {
58			skb = skb_dequeue(&ax25->ack_queue);
59			kfree_skb(skb);
60			ax25->va = (ax25->va + 1) % ax25->modulus;
61		}
62	}
63}
64
65void ax25_requeue_frames(ax25_cb *ax25)
66{
67	struct sk_buff *skb;
68
69	/*
70	 * Requeue all the un-ack-ed frames on the output queue to be picked
71	 * up by ax25_kick called from the timer. This arrangement handles the
72	 * possibility of an empty output queue.
73	 */
74	while ((skb = skb_dequeue_tail(&ax25->ack_queue)) != NULL)
75		skb_queue_head(&ax25->write_queue, skb);
76}
77
78/*
79 *	Validate that the value of nr is between va and vs. Return true or
80 *	false for testing.
81 */
82int ax25_validate_nr(ax25_cb *ax25, unsigned short nr)
83{
84	unsigned short vc = ax25->va;
85
86	while (vc != ax25->vs) {
87		if (nr == vc) return 1;
88		vc = (vc + 1) % ax25->modulus;
89	}
90
91	if (nr == ax25->vs) return 1;
92
93	return 0;
94}
95
96/*
97 *	This routine is the centralised routine for parsing the control
98 *	information for the different frame formats.
99 */
100int ax25_decode(ax25_cb *ax25, struct sk_buff *skb, int *ns, int *nr, int *pf)
101{
102	unsigned char *frame;
103	int frametype = AX25_ILLEGAL;
104
105	frame = skb->data;
106	*ns = *nr = *pf = 0;
107
108	if (ax25->modulus == AX25_MODULUS) {
109		if ((frame[0] & AX25_S) == 0) {
110			frametype = AX25_I;			/* I frame - carries NR/NS/PF */
111			*ns = (frame[0] >> 1) & 0x07;
112			*nr = (frame[0] >> 5) & 0x07;
113			*pf = frame[0] & AX25_PF;
114		} else if ((frame[0] & AX25_U) == 1) { 	/* S frame - take out PF/NR */
115			frametype = frame[0] & 0x0F;
116			*nr = (frame[0] >> 5) & 0x07;
117			*pf = frame[0] & AX25_PF;
118		} else if ((frame[0] & AX25_U) == 3) { 	/* U frame - take out PF */
119			frametype = frame[0] & ~AX25_PF;
120			*pf = frame[0] & AX25_PF;
121		}
122		skb_pull(skb, 1);
123	} else {
124		if ((frame[0] & AX25_S) == 0) {
125			frametype = AX25_I;			/* I frame - carries NR/NS/PF */
126			*ns = (frame[0] >> 1) & 0x7F;
127			*nr = (frame[1] >> 1) & 0x7F;
128			*pf = frame[1] & AX25_EPF;
129			skb_pull(skb, 2);
130		} else if ((frame[0] & AX25_U) == 1) { 	/* S frame - take out PF/NR */
131			frametype = frame[0] & 0x0F;
132			*nr = (frame[1] >> 1) & 0x7F;
133			*pf = frame[1] & AX25_EPF;
134			skb_pull(skb, 2);
135		} else if ((frame[0] & AX25_U) == 3) { 	/* U frame - take out PF */
136			frametype = frame[0] & ~AX25_PF;
137			*pf = frame[0] & AX25_PF;
138			skb_pull(skb, 1);
139		}
140	}
141
142	return frametype;
143}
144
145/*
146 *	This routine is called when the HDLC layer internally  generates a
147 *	command or  response  for  the remote machine ( eg. RR, UA etc. ).
148 *	Only supervisory or unnumbered frames are processed.
149 */
150void ax25_send_control(ax25_cb *ax25, int frametype, int poll_bit, int type)
151{
152	struct sk_buff *skb;
153	unsigned char  *dptr;
154
155	if ((skb = alloc_skb(ax25->ax25_dev->dev->hard_header_len + 2, GFP_ATOMIC)) == NULL)
156		return;
157
158	skb_reserve(skb, ax25->ax25_dev->dev->hard_header_len);
159
160	skb_reset_network_header(skb);
161
162	/* Assume a response - address structure for DTE */
163	if (ax25->modulus == AX25_MODULUS) {
164		dptr = skb_put(skb, 1);
165		*dptr = frametype;
166		*dptr |= (poll_bit) ? AX25_PF : 0;
167		if ((frametype & AX25_U) == AX25_S)		/* S frames carry NR */
168			*dptr |= (ax25->vr << 5);
169	} else {
170		if ((frametype & AX25_U) == AX25_U) {
171			dptr = skb_put(skb, 1);
172			*dptr = frametype;
173			*dptr |= (poll_bit) ? AX25_PF : 0;
174		} else {
175			dptr = skb_put(skb, 2);
176			dptr[0] = frametype;
177			dptr[1] = (ax25->vr << 1);
178			dptr[1] |= (poll_bit) ? AX25_EPF : 0;
179		}
180	}
181
182	ax25_transmit_buffer(ax25, skb, type);
183}
184
185/*
186 *	Send a 'DM' to an unknown connection attempt, or an invalid caller.
187 *
188 *	Note: src here is the sender, thus it's the target of the DM
189 */
190void ax25_return_dm(struct net_device *dev, ax25_address *src, ax25_address *dest, ax25_digi *digi)
191{
192	struct sk_buff *skb;
193	char *dptr;
194	ax25_digi retdigi;
195
196	if (dev == NULL)
197		return;
198
199	if ((skb = alloc_skb(dev->hard_header_len + 1, GFP_ATOMIC)) == NULL)
200		return;	/* Next SABM will get DM'd */
201
202	skb_reserve(skb, dev->hard_header_len);
203	skb_reset_network_header(skb);
204
205	ax25_digi_invert(digi, &retdigi);
206
207	dptr = skb_put(skb, 1);
208
209	*dptr = AX25_DM | AX25_PF;
210
211	/*
212	 *	Do the address ourselves
213	 */
214	dptr  = skb_push(skb, ax25_addr_size(digi));
215	dptr += ax25_addr_build(dptr, dest, src, &retdigi, AX25_RESPONSE, AX25_MODULUS);
216
217	ax25_queue_xmit(skb, dev);
218}
219
220/*
221 *	Exponential backoff for AX.25
222 */
223void ax25_calculate_t1(ax25_cb *ax25)
224{
225	int n, t = 2;
226
227	switch (ax25->backoff) {
228	case 0:
229		break;
230
231	case 1:
232		t += 2 * ax25->n2count;
233		break;
234
235	case 2:
236		for (n = 0; n < ax25->n2count; n++)
237			t *= 2;
238		if (t > 8) t = 8;
239		break;
240	}
241
242	ax25->t1 = t * ax25->rtt;
243}
244
245/*
246 *	Calculate the Round Trip Time
247 */
248void ax25_calculate_rtt(ax25_cb *ax25)
249{
250	if (ax25->backoff == 0)
251		return;
252
253	if (ax25_t1timer_running(ax25) && ax25->n2count == 0)
254		ax25->rtt = (9 * ax25->rtt + ax25->t1 - ax25_display_timer(&ax25->t1timer)) / 10;
255
256	if (ax25->rtt < AX25_T1CLAMPLO)
257		ax25->rtt = AX25_T1CLAMPLO;
258
259	if (ax25->rtt > AX25_T1CLAMPHI)
260		ax25->rtt = AX25_T1CLAMPHI;
261}
262
263void ax25_disconnect(ax25_cb *ax25, int reason)
264{
265	ax25_clear_queues(ax25);
266
267	ax25_stop_t1timer(ax25);
268	ax25_stop_t2timer(ax25);
269	ax25_stop_t3timer(ax25);
270	ax25_stop_idletimer(ax25);
271
272	ax25->state = AX25_STATE_0;
273
274	ax25_link_failed(ax25, reason);
275
276	if (ax25->sk != NULL) {
277		local_bh_disable();
278		bh_lock_sock(ax25->sk);
279		ax25->sk->sk_state     = TCP_CLOSE;
280		ax25->sk->sk_err       = reason;
281		ax25->sk->sk_shutdown |= SEND_SHUTDOWN;
282		if (!sock_flag(ax25->sk, SOCK_DEAD)) {
283			ax25->sk->sk_state_change(ax25->sk);
284			sock_set_flag(ax25->sk, SOCK_DEAD);
285		}
286		bh_unlock_sock(ax25->sk);
287		local_bh_enable();
288	}
289}
290