Avoid beyond bounds copy while caching ACL
[zen-stable.git] / net / x25 / x25_dev.c
blobf0ce862d1f46309b5482e7594be438e6744e2566
1 /*
2 * X.25 Packet Layer release 002
4 * This is ALPHA test software. This code may break your machine, randomly fail to work with new
5 * releases, misbehave and/or generally screw up. It might even work.
7 * This code REQUIRES 2.1.15 or higher
9 * This module:
10 * This module is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version
13 * 2 of the License, or (at your option) any later version.
15 * History
16 * X.25 001 Jonathan Naylor Started coding.
17 * 2000-09-04 Henner Eisen Prevent freeing a dangling skb.
20 #include <linux/kernel.h>
21 #include <linux/netdevice.h>
22 #include <linux/skbuff.h>
23 #include <linux/slab.h>
24 #include <net/sock.h>
25 #include <linux/if_arp.h>
26 #include <net/x25.h>
27 #include <net/x25device.h>
29 static int x25_receive_data(struct sk_buff *skb, struct x25_neigh *nb)
31 struct sock *sk;
32 unsigned short frametype;
33 unsigned int lci;
35 if (!pskb_may_pull(skb, X25_STD_MIN_LEN))
36 return 0;
38 frametype = skb->data[2];
39 lci = ((skb->data[0] << 8) & 0xF00) + ((skb->data[1] << 0) & 0x0FF);
42 * LCI of zero is always for us, and its always a link control
43 * frame.
45 if (lci == 0) {
46 x25_link_control(skb, nb, frametype);
47 return 0;
51 * Find an existing socket.
53 if ((sk = x25_find_socket(lci, nb)) != NULL) {
54 int queued = 1;
56 skb_reset_transport_header(skb);
57 bh_lock_sock(sk);
58 if (!sock_owned_by_user(sk)) {
59 queued = x25_process_rx_frame(sk, skb);
60 } else {
61 queued = !sk_add_backlog(sk, skb);
63 bh_unlock_sock(sk);
64 sock_put(sk);
65 return queued;
69 * Is is a Call Request ? if so process it.
71 if (frametype == X25_CALL_REQUEST)
72 return x25_rx_call_request(skb, nb, lci);
75 * Its not a Call Request, nor is it a control frame.
76 * Can we forward it?
79 if (x25_forward_data(lci, nb, skb)) {
80 if (frametype == X25_CLEAR_CONFIRMATION) {
81 x25_clear_forward_by_lci(lci);
83 kfree_skb(skb);
84 return 1;
88 x25_transmit_clear_request(nb, lci, 0x0D);
91 if (frametype != X25_CLEAR_CONFIRMATION)
92 printk(KERN_DEBUG "x25_receive_data(): unknown frame type %2x\n",frametype);
94 return 0;
97 int x25_lapb_receive_frame(struct sk_buff *skb, struct net_device *dev,
98 struct packet_type *ptype, struct net_device *orig_dev)
100 struct sk_buff *nskb;
101 struct x25_neigh *nb;
103 if (!net_eq(dev_net(dev), &init_net))
104 goto drop;
106 nskb = skb_copy(skb, GFP_ATOMIC);
107 if (!nskb)
108 goto drop;
109 kfree_skb(skb);
110 skb = nskb;
113 * Packet received from unrecognised device, throw it away.
115 nb = x25_get_neigh(dev);
116 if (!nb) {
117 printk(KERN_DEBUG "X.25: unknown neighbour - %s\n", dev->name);
118 goto drop;
121 if (!pskb_may_pull(skb, 1))
122 return 0;
124 switch (skb->data[0]) {
126 case X25_IFACE_DATA:
127 skb_pull(skb, 1);
128 if (x25_receive_data(skb, nb)) {
129 x25_neigh_put(nb);
130 goto out;
132 break;
134 case X25_IFACE_CONNECT:
135 x25_link_established(nb);
136 break;
138 case X25_IFACE_DISCONNECT:
139 x25_link_terminated(nb);
140 break;
142 x25_neigh_put(nb);
143 drop:
144 kfree_skb(skb);
145 out:
146 return 0;
149 void x25_establish_link(struct x25_neigh *nb)
151 struct sk_buff *skb;
152 unsigned char *ptr;
154 switch (nb->dev->type) {
155 case ARPHRD_X25:
156 if ((skb = alloc_skb(1, GFP_ATOMIC)) == NULL) {
157 printk(KERN_ERR "x25_dev: out of memory\n");
158 return;
160 ptr = skb_put(skb, 1);
161 *ptr = X25_IFACE_CONNECT;
162 break;
164 #if IS_ENABLED(CONFIG_LLC)
165 case ARPHRD_ETHER:
166 return;
167 #endif
168 default:
169 return;
172 skb->protocol = htons(ETH_P_X25);
173 skb->dev = nb->dev;
175 dev_queue_xmit(skb);
178 void x25_terminate_link(struct x25_neigh *nb)
180 struct sk_buff *skb;
181 unsigned char *ptr;
183 #if IS_ENABLED(CONFIG_LLC)
184 if (nb->dev->type == ARPHRD_ETHER)
185 return;
186 #endif
187 if (nb->dev->type != ARPHRD_X25)
188 return;
190 skb = alloc_skb(1, GFP_ATOMIC);
191 if (!skb) {
192 printk(KERN_ERR "x25_dev: out of memory\n");
193 return;
196 ptr = skb_put(skb, 1);
197 *ptr = X25_IFACE_DISCONNECT;
199 skb->protocol = htons(ETH_P_X25);
200 skb->dev = nb->dev;
201 dev_queue_xmit(skb);
204 void x25_send_frame(struct sk_buff *skb, struct x25_neigh *nb)
206 unsigned char *dptr;
208 skb_reset_network_header(skb);
210 switch (nb->dev->type) {
211 case ARPHRD_X25:
212 dptr = skb_push(skb, 1);
213 *dptr = X25_IFACE_DATA;
214 break;
216 #if IS_ENABLED(CONFIG_LLC)
217 case ARPHRD_ETHER:
218 kfree_skb(skb);
219 return;
220 #endif
221 default:
222 kfree_skb(skb);
223 return;
226 skb->protocol = htons(ETH_P_X25);
227 skb->dev = nb->dev;
229 dev_queue_xmit(skb);