Avoid reading past buffer when calling GETACL
[zen-stable.git] / drivers / net / arcnet / rfc1201.c
blobb71431aae0846ee8cb69101974f341246265fe59
1 /*
2 * Linux ARCnet driver - RFC1201 (standard) packet encapsulation
3 *
4 * Written 1994-1999 by Avery Pennarun.
5 * Derived from skeleton.c by Donald Becker.
7 * Special thanks to Contemporary Controls, Inc. (www.ccontrols.com)
8 * for sponsoring the further development of this driver.
10 * **********************
12 * The original copyright of skeleton.c was as follows:
14 * skeleton.c Written 1993 by Donald Becker.
15 * Copyright 1993 United States Government as represented by the
16 * Director, National Security Agency. This software may only be used
17 * and distributed according to the terms of the GNU General Public License as
18 * modified by SRC, incorporated herein by reference.
20 * **********************
22 * For more details, see drivers/net/arcnet.c
24 * **********************
26 #include <linux/gfp.h>
27 #include <linux/module.h>
28 #include <linux/init.h>
29 #include <linux/if_arp.h>
30 #include <linux/netdevice.h>
31 #include <linux/skbuff.h>
32 #include <linux/arcdevice.h>
34 MODULE_LICENSE("GPL");
35 #define VERSION "arcnet: RFC1201 \"standard\" (`a') encapsulation support loaded.\n"
38 static __be16 type_trans(struct sk_buff *skb, struct net_device *dev);
39 static void rx(struct net_device *dev, int bufnum,
40 struct archdr *pkthdr, int length);
41 static int build_header(struct sk_buff *skb, struct net_device *dev,
42 unsigned short type, uint8_t daddr);
43 static int prepare_tx(struct net_device *dev, struct archdr *pkt, int length,
44 int bufnum);
45 static int continue_tx(struct net_device *dev, int bufnum);
47 static struct ArcProto rfc1201_proto =
49 .suffix = 'a',
50 .mtu = 1500, /* could be more, but some receivers can't handle it... */
51 .is_ip = 1, /* This is for sending IP and ARP packages */
52 .rx = rx,
53 .build_header = build_header,
54 .prepare_tx = prepare_tx,
55 .continue_tx = continue_tx,
56 .ack_tx = NULL
60 static int __init arcnet_rfc1201_init(void)
62 printk(VERSION);
64 arc_proto_map[ARC_P_IP]
65 = arc_proto_map[ARC_P_IPV6]
66 = arc_proto_map[ARC_P_ARP]
67 = arc_proto_map[ARC_P_RARP]
68 = arc_proto_map[ARC_P_IPX]
69 = arc_proto_map[ARC_P_NOVELL_EC]
70 = &rfc1201_proto;
72 /* if someone else already owns the broadcast, we won't take it */
73 if (arc_bcast_proto == arc_proto_default)
74 arc_bcast_proto = &rfc1201_proto;
76 return 0;
79 static void __exit arcnet_rfc1201_exit(void)
81 arcnet_unregister_proto(&rfc1201_proto);
84 module_init(arcnet_rfc1201_init);
85 module_exit(arcnet_rfc1201_exit);
88 * Determine a packet's protocol ID.
90 * With ARCnet we have to convert everything to Ethernet-style stuff.
92 static __be16 type_trans(struct sk_buff *skb, struct net_device *dev)
94 struct archdr *pkt = (struct archdr *) skb->data;
95 struct arc_rfc1201 *soft = &pkt->soft.rfc1201;
96 int hdr_size = ARC_HDR_SIZE + RFC1201_HDR_SIZE;
98 /* Pull off the arcnet header. */
99 skb_reset_mac_header(skb);
100 skb_pull(skb, hdr_size);
102 if (pkt->hard.dest == 0)
103 skb->pkt_type = PACKET_BROADCAST;
104 else if (dev->flags & IFF_PROMISC) {
105 /* if we're not sending to ourselves :) */
106 if (pkt->hard.dest != dev->dev_addr[0])
107 skb->pkt_type = PACKET_OTHERHOST;
109 /* now return the protocol number */
110 switch (soft->proto) {
111 case ARC_P_IP:
112 return htons(ETH_P_IP);
113 case ARC_P_IPV6:
114 return htons(ETH_P_IPV6);
115 case ARC_P_ARP:
116 return htons(ETH_P_ARP);
117 case ARC_P_RARP:
118 return htons(ETH_P_RARP);
120 case ARC_P_IPX:
121 case ARC_P_NOVELL_EC:
122 return htons(ETH_P_802_3);
123 default:
124 dev->stats.rx_errors++;
125 dev->stats.rx_crc_errors++;
126 return 0;
129 return htons(ETH_P_IP);
133 /* packet receiver */
134 static void rx(struct net_device *dev, int bufnum,
135 struct archdr *pkthdr, int length)
137 struct arcnet_local *lp = netdev_priv(dev);
138 struct sk_buff *skb;
139 struct archdr *pkt = pkthdr;
140 struct arc_rfc1201 *soft = &pkthdr->soft.rfc1201;
141 int saddr = pkt->hard.source, ofs;
142 struct Incoming *in = &lp->rfc1201.incoming[saddr];
144 BUGMSG(D_DURING, "it's an RFC1201 packet (length=%d)\n", length);
146 if (length >= MinTU)
147 ofs = 512 - length;
148 else
149 ofs = 256 - length;
151 if (soft->split_flag == 0xFF) { /* Exception Packet */
152 if (length >= 4 + RFC1201_HDR_SIZE)
153 BUGMSG(D_DURING, "compensating for exception packet\n");
154 else {
155 BUGMSG(D_EXTRA, "short RFC1201 exception packet from %02Xh",
156 saddr);
157 return;
160 /* skip over 4-byte junkola */
161 length -= 4;
162 ofs += 4;
163 lp->hw.copy_from_card(dev, bufnum, 512 - length,
164 soft, sizeof(pkt->soft));
166 if (!soft->split_flag) { /* not split */
167 BUGMSG(D_RX, "incoming is not split (splitflag=%d)\n",
168 soft->split_flag);
170 if (in->skb) { /* already assembling one! */
171 BUGMSG(D_EXTRA, "aborting assembly (seq=%d) for unsplit packet (splitflag=%d, seq=%d)\n",
172 in->sequence, soft->split_flag, soft->sequence);
173 lp->rfc1201.aborted_seq = soft->sequence;
174 dev_kfree_skb_irq(in->skb);
175 dev->stats.rx_errors++;
176 dev->stats.rx_missed_errors++;
177 in->skb = NULL;
179 in->sequence = soft->sequence;
181 skb = alloc_skb(length + ARC_HDR_SIZE, GFP_ATOMIC);
182 if (skb == NULL) {
183 BUGMSG(D_NORMAL, "Memory squeeze, dropping packet.\n");
184 dev->stats.rx_dropped++;
185 return;
187 skb_put(skb, length + ARC_HDR_SIZE);
188 skb->dev = dev;
190 pkt = (struct archdr *) skb->data;
191 soft = &pkt->soft.rfc1201;
193 /* up to sizeof(pkt->soft) has already been copied from the card */
194 memcpy(pkt, pkthdr, sizeof(struct archdr));
195 if (length > sizeof(pkt->soft))
196 lp->hw.copy_from_card(dev, bufnum, ofs + sizeof(pkt->soft),
197 pkt->soft.raw + sizeof(pkt->soft),
198 length - sizeof(pkt->soft));
201 * ARP packets have problems when sent from some DOS systems: the
202 * source address is always 0! So we take the hardware source addr
203 * (which is impossible to fumble) and insert it ourselves.
205 if (soft->proto == ARC_P_ARP) {
206 struct arphdr *arp = (struct arphdr *) soft->payload;
208 /* make sure addresses are the right length */
209 if (arp->ar_hln == 1 && arp->ar_pln == 4) {
210 uint8_t *cptr = (uint8_t *) arp + sizeof(struct arphdr);
212 if (!*cptr) { /* is saddr = 00? */
213 BUGMSG(D_EXTRA,
214 "ARP source address was 00h, set to %02Xh.\n",
215 saddr);
216 dev->stats.rx_crc_errors++;
217 *cptr = saddr;
218 } else {
219 BUGMSG(D_DURING, "ARP source address (%Xh) is fine.\n",
220 *cptr);
222 } else {
223 BUGMSG(D_NORMAL, "funny-shaped ARP packet. (%Xh, %Xh)\n",
224 arp->ar_hln, arp->ar_pln);
225 dev->stats.rx_errors++;
226 dev->stats.rx_crc_errors++;
229 BUGLVL(D_SKB) arcnet_dump_skb(dev, skb, "rx");
231 skb->protocol = type_trans(skb, dev);
232 netif_rx(skb);
233 } else { /* split packet */
235 * NOTE: MSDOS ARP packet correction should only need to apply to
236 * unsplit packets, since ARP packets are so short.
238 * My interpretation of the RFC1201 document is that if a packet is
239 * received out of order, the entire assembly process should be
240 * aborted.
242 * The RFC also mentions "it is possible for successfully received
243 * packets to be retransmitted." As of 0.40 all previously received
244 * packets are allowed, not just the most recent one.
246 * We allow multiple assembly processes, one for each ARCnet card
247 * possible on the network. Seems rather like a waste of memory,
248 * but there's no other way to be reliable.
251 BUGMSG(D_RX, "packet is split (splitflag=%d, seq=%d)\n",
252 soft->split_flag, in->sequence);
254 if (in->skb && in->sequence != soft->sequence) {
255 BUGMSG(D_EXTRA, "wrong seq number (saddr=%d, expected=%d, seq=%d, splitflag=%d)\n",
256 saddr, in->sequence, soft->sequence,
257 soft->split_flag);
258 dev_kfree_skb_irq(in->skb);
259 in->skb = NULL;
260 dev->stats.rx_errors++;
261 dev->stats.rx_missed_errors++;
262 in->lastpacket = in->numpackets = 0;
264 if (soft->split_flag & 1) { /* first packet in split */
265 BUGMSG(D_RX, "brand new splitpacket (splitflag=%d)\n",
266 soft->split_flag);
267 if (in->skb) { /* already assembling one! */
268 BUGMSG(D_EXTRA, "aborting previous (seq=%d) assembly "
269 "(splitflag=%d, seq=%d)\n",
270 in->sequence, soft->split_flag,
271 soft->sequence);
272 dev->stats.rx_errors++;
273 dev->stats.rx_missed_errors++;
274 dev_kfree_skb_irq(in->skb);
276 in->sequence = soft->sequence;
277 in->numpackets = ((unsigned) soft->split_flag >> 1) + 2;
278 in->lastpacket = 1;
280 if (in->numpackets > 16) {
281 BUGMSG(D_EXTRA, "incoming packet more than 16 segments; dropping. (splitflag=%d)\n",
282 soft->split_flag);
283 lp->rfc1201.aborted_seq = soft->sequence;
284 dev->stats.rx_errors++;
285 dev->stats.rx_length_errors++;
286 return;
288 in->skb = skb = alloc_skb(508 * in->numpackets + ARC_HDR_SIZE,
289 GFP_ATOMIC);
290 if (skb == NULL) {
291 BUGMSG(D_NORMAL, "(split) memory squeeze, dropping packet.\n");
292 lp->rfc1201.aborted_seq = soft->sequence;
293 dev->stats.rx_dropped++;
294 return;
296 skb->dev = dev;
297 pkt = (struct archdr *) skb->data;
298 soft = &pkt->soft.rfc1201;
300 memcpy(pkt, pkthdr, ARC_HDR_SIZE + RFC1201_HDR_SIZE);
301 skb_put(skb, ARC_HDR_SIZE + RFC1201_HDR_SIZE);
303 soft->split_flag = 0; /* end result won't be split */
304 } else { /* not first packet */
305 int packetnum = ((unsigned) soft->split_flag >> 1) + 1;
308 * if we're not assembling, there's no point trying to
309 * continue.
311 if (!in->skb) {
312 if (lp->rfc1201.aborted_seq != soft->sequence) {
313 BUGMSG(D_EXTRA, "can't continue split without starting "
314 "first! (splitflag=%d, seq=%d, aborted=%d)\n",
315 soft->split_flag, soft->sequence,
316 lp->rfc1201.aborted_seq);
317 dev->stats.rx_errors++;
318 dev->stats.rx_missed_errors++;
320 return;
322 in->lastpacket++;
323 if (packetnum != in->lastpacket) { /* not the right flag! */
324 /* harmless duplicate? ignore. */
325 if (packetnum <= in->lastpacket - 1) {
326 BUGMSG(D_EXTRA, "duplicate splitpacket ignored! (splitflag=%d)\n",
327 soft->split_flag);
328 dev->stats.rx_errors++;
329 dev->stats.rx_frame_errors++;
330 return;
332 /* "bad" duplicate, kill reassembly */
333 BUGMSG(D_EXTRA, "out-of-order splitpacket, reassembly "
334 "(seq=%d) aborted (splitflag=%d, seq=%d)\n",
335 in->sequence, soft->split_flag, soft->sequence);
336 lp->rfc1201.aborted_seq = soft->sequence;
337 dev_kfree_skb_irq(in->skb);
338 in->skb = NULL;
339 dev->stats.rx_errors++;
340 dev->stats.rx_missed_errors++;
341 in->lastpacket = in->numpackets = 0;
342 return;
344 pkt = (struct archdr *) in->skb->data;
345 soft = &pkt->soft.rfc1201;
348 skb = in->skb;
350 lp->hw.copy_from_card(dev, bufnum, ofs + RFC1201_HDR_SIZE,
351 skb->data + skb->len,
352 length - RFC1201_HDR_SIZE);
353 skb_put(skb, length - RFC1201_HDR_SIZE);
355 /* are we done? */
356 if (in->lastpacket == in->numpackets) {
357 in->skb = NULL;
358 in->lastpacket = in->numpackets = 0;
360 BUGMSG(D_SKB_SIZE, "skb: received %d bytes from %02X (unsplit)\n",
361 skb->len, pkt->hard.source);
362 BUGMSG(D_SKB_SIZE, "skb: received %d bytes from %02X (split)\n",
363 skb->len, pkt->hard.source);
364 BUGLVL(D_SKB) arcnet_dump_skb(dev, skb, "rx");
366 skb->protocol = type_trans(skb, dev);
367 netif_rx(skb);
373 /* Create the ARCnet hard/soft headers for RFC1201. */
374 static int build_header(struct sk_buff *skb, struct net_device *dev,
375 unsigned short type, uint8_t daddr)
377 struct arcnet_local *lp = netdev_priv(dev);
378 int hdr_size = ARC_HDR_SIZE + RFC1201_HDR_SIZE;
379 struct archdr *pkt = (struct archdr *) skb_push(skb, hdr_size);
380 struct arc_rfc1201 *soft = &pkt->soft.rfc1201;
382 /* set the protocol ID according to RFC1201 */
383 switch (type) {
384 case ETH_P_IP:
385 soft->proto = ARC_P_IP;
386 break;
387 case ETH_P_IPV6:
388 soft->proto = ARC_P_IPV6;
389 break;
390 case ETH_P_ARP:
391 soft->proto = ARC_P_ARP;
392 break;
393 case ETH_P_RARP:
394 soft->proto = ARC_P_RARP;
395 break;
396 case ETH_P_IPX:
397 case ETH_P_802_3:
398 case ETH_P_802_2:
399 soft->proto = ARC_P_IPX;
400 break;
401 case ETH_P_ATALK:
402 soft->proto = ARC_P_ATALK;
403 break;
404 default:
405 BUGMSG(D_NORMAL, "RFC1201: I don't understand protocol %d (%Xh)\n",
406 type, type);
407 dev->stats.tx_errors++;
408 dev->stats.tx_aborted_errors++;
409 return 0;
413 * Set the source hardware address.
415 * This is pretty pointless for most purposes, but it can help in
416 * debugging. ARCnet does not allow us to change the source address in
417 * the actual packet sent)
419 pkt->hard.source = *dev->dev_addr;
421 soft->sequence = htons(lp->rfc1201.sequence++);
422 soft->split_flag = 0; /* split packets are done elsewhere */
424 /* see linux/net/ethernet/eth.c to see where I got the following */
426 if (dev->flags & (IFF_LOOPBACK | IFF_NOARP)) {
428 * FIXME: fill in the last byte of the dest ipaddr here to better
429 * comply with RFC1051 in "noarp" mode. For now, always broadcasting
430 * will probably at least get packets sent out :)
432 pkt->hard.dest = 0;
433 return hdr_size;
435 /* otherwise, drop in the dest address */
436 pkt->hard.dest = daddr;
437 return hdr_size;
441 static void load_pkt(struct net_device *dev, struct arc_hardware *hard,
442 struct arc_rfc1201 *soft, int softlen, int bufnum)
444 struct arcnet_local *lp = netdev_priv(dev);
445 int ofs;
447 /* assume length <= XMTU: someone should have handled that by now. */
449 if (softlen > MinTU) {
450 hard->offset[0] = 0;
451 hard->offset[1] = ofs = 512 - softlen;
452 } else if (softlen > MTU) { /* exception packet - add an extra header */
453 struct arc_rfc1201 excsoft;
455 excsoft.proto = soft->proto;
456 excsoft.split_flag = 0xff;
457 excsoft.sequence = htons(0xffff);
459 hard->offset[0] = 0;
460 ofs = 512 - softlen;
461 hard->offset[1] = ofs - RFC1201_HDR_SIZE;
462 lp->hw.copy_to_card(dev, bufnum, ofs - RFC1201_HDR_SIZE,
463 &excsoft, RFC1201_HDR_SIZE);
464 } else
465 hard->offset[0] = ofs = 256 - softlen;
467 lp->hw.copy_to_card(dev, bufnum, 0, hard, ARC_HDR_SIZE);
468 lp->hw.copy_to_card(dev, bufnum, ofs, soft, softlen);
470 lp->lastload_dest = hard->dest;
474 static int prepare_tx(struct net_device *dev, struct archdr *pkt, int length,
475 int bufnum)
477 struct arcnet_local *lp = netdev_priv(dev);
478 const int maxsegsize = XMTU - RFC1201_HDR_SIZE;
479 struct Outgoing *out;
482 BUGMSG(D_DURING, "prepare_tx: txbufs=%d/%d/%d\n",
483 lp->next_tx, lp->cur_tx, bufnum);
485 length -= ARC_HDR_SIZE; /* hard header is not included in packet length */
486 pkt->soft.rfc1201.split_flag = 0;
488 /* need to do a split packet? */
489 if (length > XMTU) {
490 out = &lp->outgoing;
492 out->length = length - RFC1201_HDR_SIZE;
493 out->dataleft = lp->outgoing.length;
494 out->numsegs = (out->dataleft + maxsegsize - 1) / maxsegsize;
495 out->segnum = 0;
497 BUGMSG(D_DURING, "rfc1201 prep_tx: ready for %d-segment split "
498 "(%d bytes, seq=%d)\n", out->numsegs, out->length,
499 pkt->soft.rfc1201.sequence);
501 return 0; /* not done */
503 /* just load the packet into the buffers and send it off */
504 load_pkt(dev, &pkt->hard, &pkt->soft.rfc1201, length, bufnum);
506 return 1; /* done */
510 static int continue_tx(struct net_device *dev, int bufnum)
512 struct arcnet_local *lp = netdev_priv(dev);
513 struct Outgoing *out = &lp->outgoing;
514 struct arc_hardware *hard = &out->pkt->hard;
515 struct arc_rfc1201 *soft = &out->pkt->soft.rfc1201, *newsoft;
516 int maxsegsize = XMTU - RFC1201_HDR_SIZE;
517 int seglen;
519 BUGMSG(D_DURING,
520 "rfc1201 continue_tx: loading segment %d(+1) of %d (seq=%d)\n",
521 out->segnum, out->numsegs, soft->sequence);
523 /* the "new" soft header comes right before the data chunk */
524 newsoft = (struct arc_rfc1201 *)
525 (out->pkt->soft.raw + out->length - out->dataleft);
527 if (!out->segnum) /* first packet; newsoft == soft */
528 newsoft->split_flag = ((out->numsegs - 2) << 1) | 1;
529 else {
530 newsoft->split_flag = out->segnum << 1;
531 newsoft->proto = soft->proto;
532 newsoft->sequence = soft->sequence;
535 seglen = maxsegsize;
536 if (seglen > out->dataleft)
537 seglen = out->dataleft;
538 out->dataleft -= seglen;
540 load_pkt(dev, hard, newsoft, seglen + RFC1201_HDR_SIZE, bufnum);
542 out->segnum++;
543 if (out->segnum >= out->numsegs)
544 return 1;
545 else
546 return 0;