1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 *	X.25 Packet Layer release 002
4 *
5 *	This is ALPHA test software. This code may break your machine,
6 *	randomly fail to work with new releases, misbehave and/or generally
7 *	screw up. It might even work.
8 *
9 *	This code REQUIRES 2.1.15 or higher
10 *
11 *	History
12 *	X.25 001	Split from x25_subr.c
13 *	mar/20/00	Daniela Squassoni Disabling/enabling of facilities
14 *					  negotiation.
15 *	apr/14/05	Shaun Pereira - Allow fast select with no restriction
16 *					on response.
17 */
18
19#define pr_fmt(fmt) "X25: " fmt
20
21#include <linux/kernel.h>
22#include <linux/string.h>
23#include <linux/skbuff.h>
24#include <net/sock.h>
25#include <net/x25.h>
26
27/**
28 * x25_parse_facilities - Parse facilities from skb into the facilities structs
29 *
30 * @skb: sk_buff to parse
31 * @facilities: Regular facilities, updated as facilities are found
32 * @dte_facs: ITU DTE facilities, updated as DTE facilities are found
33 * @vc_fac_mask: mask is updated with all facilities found
34 *
35 * Return codes:
36 *  -1 - Parsing error, caller should drop call and clean up
37 *   0 - Parse OK, this skb has no facilities
38 *  >0 - Parse OK, returns the length of the facilities header
39 *
40 */
41int x25_parse_facilities(struct sk_buff *skb, struct x25_facilities *facilities,
42		struct x25_dte_facilities *dte_facs, unsigned long *vc_fac_mask)
43{
44	unsigned char *p;
45	unsigned int len;
46
47	*vc_fac_mask = 0;
48
49	/*
50	 * The kernel knows which facilities were set on an incoming call but
51	 * currently this information is not available to userspace.  Here we
52	 * give userspace who read incoming call facilities 0 length to indicate
53	 * it wasn't set.
54	 */
55	dte_facs->calling_len = 0;
56	dte_facs->called_len = 0;
57	memset(dte_facs->called_ae, '\0', sizeof(dte_facs->called_ae));
58	memset(dte_facs->calling_ae, '\0', sizeof(dte_facs->calling_ae));
59
60	if (!pskb_may_pull(skb, 1))
61		return 0;
62
63	len = skb->data[0];
64
65	if (!pskb_may_pull(skb, 1 + len))
66		return -1;
67
68	p = skb->data + 1;
69
70	while (len > 0) {
71		switch (*p & X25_FAC_CLASS_MASK) {
72		case X25_FAC_CLASS_A:
73			if (len < 2)
74				return -1;
75			switch (*p) {
76			case X25_FAC_REVERSE:
77				if((p[1] & 0x81) == 0x81) {
78					facilities->reverse = p[1] & 0x81;
79					*vc_fac_mask |= X25_MASK_REVERSE;
80					break;
81				}
82
83				if((p[1] & 0x01) == 0x01) {
84					facilities->reverse = p[1] & 0x01;
85					*vc_fac_mask |= X25_MASK_REVERSE;
86					break;
87				}
88
89				if((p[1] & 0x80) == 0x80) {
90					facilities->reverse = p[1] & 0x80;
91					*vc_fac_mask |= X25_MASK_REVERSE;
92					break;
93				}
94
95				if(p[1] == 0x00) {
96					facilities->reverse
97						= X25_DEFAULT_REVERSE;
98					*vc_fac_mask |= X25_MASK_REVERSE;
99					break;
100				}
101				fallthrough;
102			case X25_FAC_THROUGHPUT:
103				facilities->throughput = p[1];
104				*vc_fac_mask |= X25_MASK_THROUGHPUT;
105				break;
106			case X25_MARKER:
107				break;
108			default:
109				pr_debug("unknown facility "
110				       "%02X, value %02X\n",
111				       p[0], p[1]);
112				break;
113			}
114			p   += 2;
115			len -= 2;
116			break;
117		case X25_FAC_CLASS_B:
118			if (len < 3)
119				return -1;
120			switch (*p) {
121			case X25_FAC_PACKET_SIZE:
122				facilities->pacsize_in  = p[1];
123				facilities->pacsize_out = p[2];
124				*vc_fac_mask |= X25_MASK_PACKET_SIZE;
125				break;
126			case X25_FAC_WINDOW_SIZE:
127				facilities->winsize_in  = p[1];
128				facilities->winsize_out = p[2];
129				*vc_fac_mask |= X25_MASK_WINDOW_SIZE;
130				break;
131			default:
132				pr_debug("unknown facility "
133				       "%02X, values %02X, %02X\n",
134				       p[0], p[1], p[2]);
135				break;
136			}
137			p   += 3;
138			len -= 3;
139			break;
140		case X25_FAC_CLASS_C:
141			if (len < 4)
142				return -1;
143			pr_debug("unknown facility %02X, "
144			       "values %02X, %02X, %02X\n",
145			       p[0], p[1], p[2], p[3]);
146			p   += 4;
147			len -= 4;
148			break;
149		case X25_FAC_CLASS_D:
150			if (len < p[1] + 2)
151				return -1;
152			switch (*p) {
153			case X25_FAC_CALLING_AE:
154				if (p[1] > X25_MAX_DTE_FACIL_LEN || p[1] <= 1)
155					return -1;
156				if (p[2] > X25_MAX_AE_LEN)
157					return -1;
158				dte_facs->calling_len = p[2];
159				memcpy(dte_facs->calling_ae, &p[3], p[1] - 1);
160				*vc_fac_mask |= X25_MASK_CALLING_AE;
161				break;
162			case X25_FAC_CALLED_AE:
163				if (p[1] > X25_MAX_DTE_FACIL_LEN || p[1] <= 1)
164					return -1;
165				if (p[2] > X25_MAX_AE_LEN)
166					return -1;
167				dte_facs->called_len = p[2];
168				memcpy(dte_facs->called_ae, &p[3], p[1] - 1);
169				*vc_fac_mask |= X25_MASK_CALLED_AE;
170				break;
171			default:
172				pr_debug("unknown facility %02X,"
173					"length %d\n", p[0], p[1]);
174				break;
175			}
176			len -= p[1] + 2;
177			p += p[1] + 2;
178			break;
179		}
180	}
181
182	return p - skb->data;
183}
184
185/*
186 *	Create a set of facilities.
187 */
188int x25_create_facilities(unsigned char *buffer,
189		struct x25_facilities *facilities,
190		struct x25_dte_facilities *dte_facs, unsigned long facil_mask)
191{
192	unsigned char *p = buffer + 1;
193	int len;
194
195	if (!facil_mask) {
196		/*
197		 * Length of the facilities field in call_req or
198		 * call_accept packets
199		 */
200		buffer[0] = 0;
201		len = 1; /* 1 byte for the length field */
202		return len;
203	}
204
205	if (facilities->reverse && (facil_mask & X25_MASK_REVERSE)) {
206		*p++ = X25_FAC_REVERSE;
207		*p++ = facilities->reverse;
208	}
209
210	if (facilities->throughput && (facil_mask & X25_MASK_THROUGHPUT)) {
211		*p++ = X25_FAC_THROUGHPUT;
212		*p++ = facilities->throughput;
213	}
214
215	if ((facilities->pacsize_in || facilities->pacsize_out) &&
216	    (facil_mask & X25_MASK_PACKET_SIZE)) {
217		*p++ = X25_FAC_PACKET_SIZE;
218		*p++ = facilities->pacsize_in ? : facilities->pacsize_out;
219		*p++ = facilities->pacsize_out ? : facilities->pacsize_in;
220	}
221
222	if ((facilities->winsize_in || facilities->winsize_out) &&
223	    (facil_mask & X25_MASK_WINDOW_SIZE)) {
224		*p++ = X25_FAC_WINDOW_SIZE;
225		*p++ = facilities->winsize_in ? : facilities->winsize_out;
226		*p++ = facilities->winsize_out ? : facilities->winsize_in;
227	}
228
229	if (facil_mask & (X25_MASK_CALLING_AE|X25_MASK_CALLED_AE)) {
230		*p++ = X25_MARKER;
231		*p++ = X25_DTE_SERVICES;
232	}
233
234	if (dte_facs->calling_len && (facil_mask & X25_MASK_CALLING_AE)) {
235		unsigned int bytecount = (dte_facs->calling_len + 1) >> 1;
236		*p++ = X25_FAC_CALLING_AE;
237		*p++ = 1 + bytecount;
238		*p++ = dte_facs->calling_len;
239		memcpy(p, dte_facs->calling_ae, bytecount);
240		p += bytecount;
241	}
242
243	if (dte_facs->called_len && (facil_mask & X25_MASK_CALLED_AE)) {
244		unsigned int bytecount = (dte_facs->called_len % 2) ?
245		dte_facs->called_len / 2 + 1 :
246		dte_facs->called_len / 2;
247		*p++ = X25_FAC_CALLED_AE;
248		*p++ = 1 + bytecount;
249		*p++ = dte_facs->called_len;
250		memcpy(p, dte_facs->called_ae, bytecount);
251		p+=bytecount;
252	}
253
254	len       = p - buffer;
255	buffer[0] = len - 1;
256
257	return len;
258}
259
260/*
261 *	Try to reach a compromise on a set of facilities.
262 *
263 *	The only real problem is with reverse charging.
264 */
265int x25_negotiate_facilities(struct sk_buff *skb, struct sock *sk,
266		struct x25_facilities *new, struct x25_dte_facilities *dte)
267{
268	struct x25_sock *x25 = x25_sk(sk);
269	struct x25_facilities *ours = &x25->facilities;
270	struct x25_facilities theirs;
271	int len;
272
273	memset(&theirs, 0, sizeof(theirs));
274	memcpy(new, ours, sizeof(*new));
275	memset(dte, 0, sizeof(*dte));
276
277	len = x25_parse_facilities(skb, &theirs, dte, &x25->vc_facil_mask);
278	if (len < 0)
279		return len;
280
281	/*
282	 *	They want reverse charging, we won't accept it.
283	 */
284	if ((theirs.reverse & 0x01 ) && (ours->reverse & 0x01)) {
285		SOCK_DEBUG(sk, "X.25: rejecting reverse charging request\n");
286		return -1;
287	}
288
289	new->reverse = theirs.reverse;
290
291	if (theirs.throughput) {
292		int theirs_in =  theirs.throughput & 0x0f;
293		int theirs_out = theirs.throughput & 0xf0;
294		int ours_in  = ours->throughput & 0x0f;
295		int ours_out = ours->throughput & 0xf0;
296		if (!ours_in || theirs_in < ours_in) {
297			SOCK_DEBUG(sk, "X.25: inbound throughput negotiated\n");
298			new->throughput = (new->throughput & 0xf0) | theirs_in;
299		}
300		if (!ours_out || theirs_out < ours_out) {
301			SOCK_DEBUG(sk,
302				"X.25: outbound throughput negotiated\n");
303			new->throughput = (new->throughput & 0x0f) | theirs_out;
304		}
305	}
306
307	if (theirs.pacsize_in && theirs.pacsize_out) {
308		if (theirs.pacsize_in < ours->pacsize_in) {
309			SOCK_DEBUG(sk, "X.25: packet size inwards negotiated down\n");
310			new->pacsize_in = theirs.pacsize_in;
311		}
312		if (theirs.pacsize_out < ours->pacsize_out) {
313			SOCK_DEBUG(sk, "X.25: packet size outwards negotiated down\n");
314			new->pacsize_out = theirs.pacsize_out;
315		}
316	}
317
318	if (theirs.winsize_in && theirs.winsize_out) {
319		if (theirs.winsize_in < ours->winsize_in) {
320			SOCK_DEBUG(sk, "X.25: window size inwards negotiated down\n");
321			new->winsize_in = theirs.winsize_in;
322		}
323		if (theirs.winsize_out < ours->winsize_out) {
324			SOCK_DEBUG(sk, "X.25: window size outwards negotiated down\n");
325			new->winsize_out = theirs.winsize_out;
326		}
327	}
328
329	return len;
330}
331
332/*
333 *	Limit values of certain facilities according to the capability of the
334 *      currently attached x25 link.
335 */
336void x25_limit_facilities(struct x25_facilities *facilities,
337			  struct x25_neigh *nb)
338{
339
340	if (!nb->extended) {
341		if (facilities->winsize_in  > 7) {
342			pr_debug("incoming winsize limited to 7\n");
343			facilities->winsize_in = 7;
344		}
345		if (facilities->winsize_out > 7) {
346			facilities->winsize_out = 7;
347			pr_debug("outgoing winsize limited to 7\n");
348		}
349	}
350}
351