Avoid reading past buffer when calling GETACL
[zen-stable.git] / net / llc / llc_input.c
blobe32cab44ea959d8f49781d46580b4204afb7e3cb
1 /*
2 * llc_input.c - Minimal input path for LLC
4 * Copyright (c) 1997 by Procom Technology, Inc.
5 * 2001-2003 by Arnaldo Carvalho de Melo <acme@conectiva.com.br>
7 * This program can be redistributed or modified under the terms of the
8 * GNU General Public License as published by the Free Software Foundation.
9 * This program is distributed without any warranty or implied warranty
10 * of merchantability or fitness for a particular purpose.
12 * See the GNU General Public License for more details.
14 #include <linux/netdevice.h>
15 #include <linux/slab.h>
16 #include <linux/export.h>
17 #include <net/net_namespace.h>
18 #include <net/llc.h>
19 #include <net/llc_pdu.h>
20 #include <net/llc_sap.h>
22 #if 0
23 #define dprintk(args...) printk(KERN_DEBUG args)
24 #else
25 #define dprintk(args...)
26 #endif
29 * Packet handler for the station, registerable because in the minimal
30 * LLC core that is taking shape only the very minimal subset of LLC that
31 * is needed for things like IPX, Appletalk, etc will stay, with all the
32 * rest in the llc1 and llc2 modules.
34 static void (*llc_station_handler)(struct sk_buff *skb);
37 * Packet handlers for LLC_DEST_SAP and LLC_DEST_CONN.
39 static void (*llc_type_handlers[2])(struct llc_sap *sap,
40 struct sk_buff *skb);
42 void llc_add_pack(int type, void (*handler)(struct llc_sap *sap,
43 struct sk_buff *skb))
45 if (type == LLC_DEST_SAP || type == LLC_DEST_CONN)
46 llc_type_handlers[type - 1] = handler;
49 void llc_remove_pack(int type)
51 if (type == LLC_DEST_SAP || type == LLC_DEST_CONN)
52 llc_type_handlers[type - 1] = NULL;
55 void llc_set_station_handler(void (*handler)(struct sk_buff *skb))
57 llc_station_handler = handler;
60 /**
61 * llc_pdu_type - returns which LLC component must handle for PDU
62 * @skb: input skb
64 * This function returns which LLC component must handle this PDU.
66 static __inline__ int llc_pdu_type(struct sk_buff *skb)
68 int type = LLC_DEST_CONN; /* I-PDU or S-PDU type */
69 struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb);
71 if ((pdu->ctrl_1 & LLC_PDU_TYPE_MASK) != LLC_PDU_TYPE_U)
72 goto out;
73 switch (LLC_U_PDU_CMD(pdu)) {
74 case LLC_1_PDU_CMD_XID:
75 case LLC_1_PDU_CMD_UI:
76 case LLC_1_PDU_CMD_TEST:
77 type = LLC_DEST_SAP;
78 break;
79 case LLC_2_PDU_CMD_SABME:
80 case LLC_2_PDU_CMD_DISC:
81 case LLC_2_PDU_RSP_UA:
82 case LLC_2_PDU_RSP_DM:
83 case LLC_2_PDU_RSP_FRMR:
84 break;
85 default:
86 type = LLC_DEST_INVALID;
87 break;
89 out:
90 return type;
93 /**
94 * llc_fixup_skb - initializes skb pointers
95 * @skb: This argument points to incoming skb
97 * Initializes internal skb pointer to start of network layer by deriving
98 * length of LLC header; finds length of LLC control field in LLC header
99 * by looking at the two lowest-order bits of the first control field
100 * byte; field is either 3 or 4 bytes long.
102 static inline int llc_fixup_skb(struct sk_buff *skb)
104 u8 llc_len = 2;
105 struct llc_pdu_un *pdu;
107 if (unlikely(!pskb_may_pull(skb, sizeof(*pdu))))
108 return 0;
110 pdu = (struct llc_pdu_un *)skb->data;
111 if ((pdu->ctrl_1 & LLC_PDU_TYPE_MASK) == LLC_PDU_TYPE_U)
112 llc_len = 1;
113 llc_len += 2;
115 if (unlikely(!pskb_may_pull(skb, llc_len)))
116 return 0;
118 skb->transport_header += llc_len;
119 skb_pull(skb, llc_len);
120 if (skb->protocol == htons(ETH_P_802_2)) {
121 __be16 pdulen = eth_hdr(skb)->h_proto;
122 s32 data_size = ntohs(pdulen) - llc_len;
124 if (data_size < 0 ||
125 !pskb_may_pull(skb, data_size))
126 return 0;
127 if (unlikely(pskb_trim_rcsum(skb, data_size)))
128 return 0;
130 return 1;
134 * llc_rcv - 802.2 entry point from net lower layers
135 * @skb: received pdu
136 * @dev: device that receive pdu
137 * @pt: packet type
139 * When the system receives a 802.2 frame this function is called. It
140 * checks SAP and connection of received pdu and passes frame to
141 * llc_{station,sap,conn}_rcv for sending to proper state machine. If
142 * the frame is related to a busy connection (a connection is sending
143 * data now), it queues this frame in the connection's backlog.
145 int llc_rcv(struct sk_buff *skb, struct net_device *dev,
146 struct packet_type *pt, struct net_device *orig_dev)
148 struct llc_sap *sap;
149 struct llc_pdu_sn *pdu;
150 int dest;
151 int (*rcv)(struct sk_buff *, struct net_device *,
152 struct packet_type *, struct net_device *);
154 if (!net_eq(dev_net(dev), &init_net))
155 goto drop;
158 * When the interface is in promisc. mode, drop all the crap that it
159 * receives, do not try to analyse it.
161 if (unlikely(skb->pkt_type == PACKET_OTHERHOST)) {
162 dprintk("%s: PACKET_OTHERHOST\n", __func__);
163 goto drop;
165 skb = skb_share_check(skb, GFP_ATOMIC);
166 if (unlikely(!skb))
167 goto out;
168 if (unlikely(!llc_fixup_skb(skb)))
169 goto drop;
170 pdu = llc_pdu_sn_hdr(skb);
171 if (unlikely(!pdu->dsap)) /* NULL DSAP, refer to station */
172 goto handle_station;
173 sap = llc_sap_find(pdu->dsap);
174 if (unlikely(!sap)) {/* unknown SAP */
175 dprintk("%s: llc_sap_find(%02X) failed!\n", __func__,
176 pdu->dsap);
177 goto drop;
180 * First the upper layer protocols that don't need the full
181 * LLC functionality
183 rcv = rcu_dereference(sap->rcv_func);
184 dest = llc_pdu_type(skb);
185 if (unlikely(!dest || !llc_type_handlers[dest - 1])) {
186 if (rcv)
187 rcv(skb, dev, pt, orig_dev);
188 else
189 kfree_skb(skb);
190 } else {
191 if (rcv) {
192 struct sk_buff *cskb = skb_clone(skb, GFP_ATOMIC);
193 if (cskb)
194 rcv(cskb, dev, pt, orig_dev);
196 llc_type_handlers[dest - 1](sap, skb);
198 llc_sap_put(sap);
199 out:
200 return 0;
201 drop:
202 kfree_skb(skb);
203 goto out;
204 handle_station:
205 if (!llc_station_handler)
206 goto drop;
207 llc_station_handler(skb);
208 goto out;
211 EXPORT_SYMBOL(llc_add_pack);
212 EXPORT_SYMBOL(llc_remove_pack);
213 EXPORT_SYMBOL(llc_set_station_handler);