sctp: fix random memory dereference with SCTP_HMAC_IDENT option.
[linux-2.6.git] / net / rose / rose_route.c
1 /*
2  * This program is free software; you can redistribute it and/or modify
3  * it under the terms of the GNU General Public License as published by
4  * the Free Software Foundation; either version 2 of the License, or
5  * (at your option) any later version.
6  *
7  * Copyright (C) Jonathan Naylor G4KLX (g4klx@g4klx.demon.co.uk)
8  * Copyright (C) Terry Dawson VK2KTJ (terry@animats.net)
9  */
10 #include <linux/errno.h>
11 #include <linux/types.h>
12 #include <linux/socket.h>
13 #include <linux/in.h>
14 #include <linux/kernel.h>
15 #include <linux/timer.h>
16 #include <linux/string.h>
17 #include <linux/sockios.h>
18 #include <linux/net.h>
19 #include <net/ax25.h>
20 #include <linux/inet.h>
21 #include <linux/netdevice.h>
22 #include <net/arp.h>
23 #include <linux/if_arp.h>
24 #include <linux/skbuff.h>
25 #include <net/sock.h>
26 #include <net/tcp_states.h>
27 #include <asm/system.h>
28 #include <asm/uaccess.h>
29 #include <linux/fcntl.h>
30 #include <linux/termios.h>      /* For TIOCINQ/OUTQ */
31 #include <linux/mm.h>
32 #include <linux/interrupt.h>
33 #include <linux/notifier.h>
34 #include <linux/netfilter.h>
35 #include <linux/init.h>
36 #include <net/rose.h>
37 #include <linux/seq_file.h>
38
39 static unsigned int rose_neigh_no = 1;
40
41 static struct rose_node  *rose_node_list;
42 static DEFINE_SPINLOCK(rose_node_list_lock);
43 static struct rose_neigh *rose_neigh_list;
44 static DEFINE_SPINLOCK(rose_neigh_list_lock);
45 static struct rose_route *rose_route_list;
46 static DEFINE_SPINLOCK(rose_route_list_lock);
47
48 struct rose_neigh *rose_loopback_neigh;
49
50 /*
51  *      Add a new route to a node, and in the process add the node and the
52  *      neighbour if it is new.
53  */
54 static int __must_check rose_add_node(struct rose_route_struct *rose_route,
55         struct net_device *dev)
56 {
57         struct rose_node  *rose_node, *rose_tmpn, *rose_tmpp;
58         struct rose_neigh *rose_neigh;
59         int i, res = 0;
60
61         spin_lock_bh(&rose_node_list_lock);
62         spin_lock_bh(&rose_neigh_list_lock);
63
64         rose_node = rose_node_list;
65         while (rose_node != NULL) {
66                 if ((rose_node->mask == rose_route->mask) &&
67                     (rosecmpm(&rose_route->address, &rose_node->address,
68                               rose_route->mask) == 0))
69                         break;
70                 rose_node = rose_node->next;
71         }
72
73         if (rose_node != NULL && rose_node->loopback) {
74                 res = -EINVAL;
75                 goto out;
76         }
77
78         rose_neigh = rose_neigh_list;
79         while (rose_neigh != NULL) {
80                 if (ax25cmp(&rose_route->neighbour, &rose_neigh->callsign) == 0
81                     && rose_neigh->dev == dev)
82                         break;
83                 rose_neigh = rose_neigh->next;
84         }
85
86         if (rose_neigh == NULL) {
87                 rose_neigh = kmalloc(sizeof(*rose_neigh), GFP_ATOMIC);
88                 if (rose_neigh == NULL) {
89                         res = -ENOMEM;
90                         goto out;
91                 }
92
93                 rose_neigh->callsign  = rose_route->neighbour;
94                 rose_neigh->digipeat  = NULL;
95                 rose_neigh->ax25      = NULL;
96                 rose_neigh->dev       = dev;
97                 rose_neigh->count     = 0;
98                 rose_neigh->use       = 0;
99                 rose_neigh->dce_mode  = 0;
100                 rose_neigh->loopback  = 0;
101                 rose_neigh->number    = rose_neigh_no++;
102                 rose_neigh->restarted = 0;
103
104                 skb_queue_head_init(&rose_neigh->queue);
105
106                 init_timer(&rose_neigh->ftimer);
107                 init_timer(&rose_neigh->t0timer);
108
109                 if (rose_route->ndigis != 0) {
110                         if ((rose_neigh->digipeat = kmalloc(sizeof(ax25_digi), GFP_KERNEL)) == NULL) {
111                                 kfree(rose_neigh);
112                                 res = -ENOMEM;
113                                 goto out;
114                         }
115
116                         rose_neigh->digipeat->ndigi      = rose_route->ndigis;
117                         rose_neigh->digipeat->lastrepeat = -1;
118
119                         for (i = 0; i < rose_route->ndigis; i++) {
120                                 rose_neigh->digipeat->calls[i]    =
121                                         rose_route->digipeaters[i];
122                                 rose_neigh->digipeat->repeated[i] = 0;
123                         }
124                 }
125
126                 rose_neigh->next = rose_neigh_list;
127                 rose_neigh_list  = rose_neigh;
128         }
129
130         /*
131          * This is a new node to be inserted into the list. Find where it needs
132          * to be inserted into the list, and insert it. We want to be sure
133          * to order the list in descending order of mask size to ensure that
134          * later when we are searching this list the first match will be the
135          * best match.
136          */
137         if (rose_node == NULL) {
138                 rose_tmpn = rose_node_list;
139                 rose_tmpp = NULL;
140
141                 while (rose_tmpn != NULL) {
142                         if (rose_tmpn->mask > rose_route->mask) {
143                                 rose_tmpp = rose_tmpn;
144                                 rose_tmpn = rose_tmpn->next;
145                         } else {
146                                 break;
147                         }
148                 }
149
150                 /* create new node */
151                 rose_node = kmalloc(sizeof(*rose_node), GFP_ATOMIC);
152                 if (rose_node == NULL) {
153                         res = -ENOMEM;
154                         goto out;
155                 }
156
157                 rose_node->address      = rose_route->address;
158                 rose_node->mask         = rose_route->mask;
159                 rose_node->count        = 1;
160                 rose_node->loopback     = 0;
161                 rose_node->neighbour[0] = rose_neigh;
162
163                 if (rose_tmpn == NULL) {
164                         if (rose_tmpp == NULL) {        /* Empty list */
165                                 rose_node_list  = rose_node;
166                                 rose_node->next = NULL;
167                         } else {
168                                 rose_tmpp->next = rose_node;
169                                 rose_node->next = NULL;
170                         }
171                 } else {
172                         if (rose_tmpp == NULL) {        /* 1st node */
173                                 rose_node->next = rose_node_list;
174                                 rose_node_list  = rose_node;
175                         } else {
176                                 rose_tmpp->next = rose_node;
177                                 rose_node->next = rose_tmpn;
178                         }
179                 }
180                 rose_neigh->count++;
181
182                 goto out;
183         }
184
185         /* We have space, slot it in */
186         if (rose_node->count < 3) {
187                 rose_node->neighbour[rose_node->count] = rose_neigh;
188                 rose_node->count++;
189                 rose_neigh->count++;
190         }
191
192 out:
193         spin_unlock_bh(&rose_neigh_list_lock);
194         spin_unlock_bh(&rose_node_list_lock);
195
196         return res;
197 }
198
199 /*
200  * Caller is holding rose_node_list_lock.
201  */
202 static void rose_remove_node(struct rose_node *rose_node)
203 {
204         struct rose_node *s;
205
206         if ((s = rose_node_list) == rose_node) {
207                 rose_node_list = rose_node->next;
208                 kfree(rose_node);
209                 return;
210         }
211
212         while (s != NULL && s->next != NULL) {
213                 if (s->next == rose_node) {
214                         s->next = rose_node->next;
215                         kfree(rose_node);
216                         return;
217                 }
218
219                 s = s->next;
220         }
221 }
222
223 /*
224  * Caller is holding rose_neigh_list_lock.
225  */
226 static void rose_remove_neigh(struct rose_neigh *rose_neigh)
227 {
228         struct rose_neigh *s;
229
230         rose_stop_ftimer(rose_neigh);
231         rose_stop_t0timer(rose_neigh);
232
233         skb_queue_purge(&rose_neigh->queue);
234
235         if ((s = rose_neigh_list) == rose_neigh) {
236                 rose_neigh_list = rose_neigh->next;
237                 kfree(rose_neigh->digipeat);
238                 kfree(rose_neigh);
239                 return;
240         }
241
242         while (s != NULL && s->next != NULL) {
243                 if (s->next == rose_neigh) {
244                         s->next = rose_neigh->next;
245                         kfree(rose_neigh->digipeat);
246                         kfree(rose_neigh);
247                         return;
248                 }
249
250                 s = s->next;
251         }
252 }
253
254 /*
255  * Caller is holding rose_route_list_lock.
256  */
257 static void rose_remove_route(struct rose_route *rose_route)
258 {
259         struct rose_route *s;
260
261         if (rose_route->neigh1 != NULL)
262                 rose_route->neigh1->use--;
263
264         if (rose_route->neigh2 != NULL)
265                 rose_route->neigh2->use--;
266
267         if ((s = rose_route_list) == rose_route) {
268                 rose_route_list = rose_route->next;
269                 kfree(rose_route);
270                 return;
271         }
272
273         while (s != NULL && s->next != NULL) {
274                 if (s->next == rose_route) {
275                         s->next = rose_route->next;
276                         kfree(rose_route);
277                         return;
278                 }
279
280                 s = s->next;
281         }
282 }
283
284 /*
285  *      "Delete" a node. Strictly speaking remove a route to a node. The node
286  *      is only deleted if no routes are left to it.
287  */
288 static int rose_del_node(struct rose_route_struct *rose_route,
289         struct net_device *dev)
290 {
291         struct rose_node  *rose_node;
292         struct rose_neigh *rose_neigh;
293         int i, err = 0;
294
295         spin_lock_bh(&rose_node_list_lock);
296         spin_lock_bh(&rose_neigh_list_lock);
297
298         rose_node = rose_node_list;
299         while (rose_node != NULL) {
300                 if ((rose_node->mask == rose_route->mask) &&
301                     (rosecmpm(&rose_route->address, &rose_node->address,
302                               rose_route->mask) == 0))
303                         break;
304                 rose_node = rose_node->next;
305         }
306
307         if (rose_node == NULL || rose_node->loopback) {
308                 err = -EINVAL;
309                 goto out;
310         }
311
312         rose_neigh = rose_neigh_list;
313         while (rose_neigh != NULL) {
314                 if (ax25cmp(&rose_route->neighbour, &rose_neigh->callsign) == 0
315                     && rose_neigh->dev == dev)
316                         break;
317                 rose_neigh = rose_neigh->next;
318         }
319
320         if (rose_neigh == NULL) {
321                 err = -EINVAL;
322                 goto out;
323         }
324
325         for (i = 0; i < rose_node->count; i++) {
326                 if (rose_node->neighbour[i] == rose_neigh) {
327                         rose_neigh->count--;
328
329                         if (rose_neigh->count == 0 && rose_neigh->use == 0)
330                                 rose_remove_neigh(rose_neigh);
331
332                         rose_node->count--;
333
334                         if (rose_node->count == 0) {
335                                 rose_remove_node(rose_node);
336                         } else {
337                                 switch (i) {
338                                 case 0:
339                                         rose_node->neighbour[0] =
340                                                 rose_node->neighbour[1];
341                                 case 1:
342                                         rose_node->neighbour[1] =
343                                                 rose_node->neighbour[2];
344                                 case 2:
345                                         break;
346                                 }
347                         }
348                         goto out;
349                 }
350         }
351         err = -EINVAL;
352
353 out:
354         spin_unlock_bh(&rose_neigh_list_lock);
355         spin_unlock_bh(&rose_node_list_lock);
356
357         return err;
358 }
359
360 /*
361  *      Add the loopback neighbour.
362  */
363 void rose_add_loopback_neigh(void)
364 {
365         struct rose_neigh *sn;
366
367         rose_loopback_neigh = kmalloc(sizeof(struct rose_neigh), GFP_KERNEL);
368         if (!rose_loopback_neigh)
369                 return;
370         sn = rose_loopback_neigh;
371
372         sn->callsign  = null_ax25_address;
373         sn->digipeat  = NULL;
374         sn->ax25      = NULL;
375         sn->dev       = NULL;
376         sn->count     = 0;
377         sn->use       = 0;
378         sn->dce_mode  = 1;
379         sn->loopback  = 1;
380         sn->number    = rose_neigh_no++;
381         sn->restarted = 1;
382
383         skb_queue_head_init(&sn->queue);
384
385         init_timer(&sn->ftimer);
386         init_timer(&sn->t0timer);
387
388         spin_lock_bh(&rose_neigh_list_lock);
389         sn->next = rose_neigh_list;
390         rose_neigh_list           = sn;
391         spin_unlock_bh(&rose_neigh_list_lock);
392 }
393
394 /*
395  *      Add a loopback node.
396  */
397 int rose_add_loopback_node(rose_address *address)
398 {
399         struct rose_node *rose_node;
400         int err = 0;
401
402         spin_lock_bh(&rose_node_list_lock);
403
404         rose_node = rose_node_list;
405         while (rose_node != NULL) {
406                 if ((rose_node->mask == 10) &&
407                      (rosecmpm(address, &rose_node->address, 10) == 0) &&
408                      rose_node->loopback)
409                         break;
410                 rose_node = rose_node->next;
411         }
412
413         if (rose_node != NULL)
414                 goto out;
415
416         if ((rose_node = kmalloc(sizeof(*rose_node), GFP_ATOMIC)) == NULL) {
417                 err = -ENOMEM;
418                 goto out;
419         }
420
421         rose_node->address      = *address;
422         rose_node->mask         = 10;
423         rose_node->count        = 1;
424         rose_node->loopback     = 1;
425         rose_node->neighbour[0] = rose_loopback_neigh;
426
427         /* Insert at the head of list. Address is always mask=10 */
428         rose_node->next = rose_node_list;
429         rose_node_list  = rose_node;
430
431         rose_loopback_neigh->count++;
432
433 out:
434         spin_unlock_bh(&rose_node_list_lock);
435
436         return err;
437 }
438
439 /*
440  *      Delete a loopback node.
441  */
442 void rose_del_loopback_node(rose_address *address)
443 {
444         struct rose_node *rose_node;
445
446         spin_lock_bh(&rose_node_list_lock);
447
448         rose_node = rose_node_list;
449         while (rose_node != NULL) {
450                 if ((rose_node->mask == 10) &&
451                     (rosecmpm(address, &rose_node->address, 10) == 0) &&
452                     rose_node->loopback)
453                         break;
454                 rose_node = rose_node->next;
455         }
456
457         if (rose_node == NULL)
458                 goto out;
459
460         rose_remove_node(rose_node);
461
462         rose_loopback_neigh->count--;
463
464 out:
465         spin_unlock_bh(&rose_node_list_lock);
466 }
467
468 /*
469  *      A device has been removed. Remove its routes and neighbours.
470  */
471 void rose_rt_device_down(struct net_device *dev)
472 {
473         struct rose_neigh *s, *rose_neigh;
474         struct rose_node  *t, *rose_node;
475         int i;
476
477         spin_lock_bh(&rose_node_list_lock);
478         spin_lock_bh(&rose_neigh_list_lock);
479         rose_neigh = rose_neigh_list;
480         while (rose_neigh != NULL) {
481                 s          = rose_neigh;
482                 rose_neigh = rose_neigh->next;
483
484                 if (s->dev != dev)
485                         continue;
486
487                 rose_node = rose_node_list;
488
489                 while (rose_node != NULL) {
490                         t         = rose_node;
491                         rose_node = rose_node->next;
492
493                         for (i = 0; i < t->count; i++) {
494                                 if (t->neighbour[i] != s)
495                                         continue;
496
497                                 t->count--;
498
499                                 switch (i) {
500                                 case 0:
501                                         t->neighbour[0] = t->neighbour[1];
502                                 case 1:
503                                         t->neighbour[1] = t->neighbour[2];
504                                 case 2:
505                                         break;
506                                 }
507                         }
508
509                         if (t->count <= 0)
510                                 rose_remove_node(t);
511                 }
512
513                 rose_remove_neigh(s);
514         }
515         spin_unlock_bh(&rose_neigh_list_lock);
516         spin_unlock_bh(&rose_node_list_lock);
517 }
518
519 #if 0 /* Currently unused */
520 /*
521  *      A device has been removed. Remove its links.
522  */
523 void rose_route_device_down(struct net_device *dev)
524 {
525         struct rose_route *s, *rose_route;
526
527         spin_lock_bh(&rose_route_list_lock);
528         rose_route = rose_route_list;
529         while (rose_route != NULL) {
530                 s          = rose_route;
531                 rose_route = rose_route->next;
532
533                 if (s->neigh1->dev == dev || s->neigh2->dev == dev)
534                         rose_remove_route(s);
535         }
536         spin_unlock_bh(&rose_route_list_lock);
537 }
538 #endif
539
540 /*
541  *      Clear all nodes and neighbours out, except for neighbours with
542  *      active connections going through them.
543  *  Do not clear loopback neighbour and nodes.
544  */
545 static int rose_clear_routes(void)
546 {
547         struct rose_neigh *s, *rose_neigh;
548         struct rose_node  *t, *rose_node;
549
550         spin_lock_bh(&rose_node_list_lock);
551         spin_lock_bh(&rose_neigh_list_lock);
552
553         rose_neigh = rose_neigh_list;
554         rose_node  = rose_node_list;
555
556         while (rose_node != NULL) {
557                 t         = rose_node;
558                 rose_node = rose_node->next;
559                 if (!t->loopback)
560                         rose_remove_node(t);
561         }
562
563         while (rose_neigh != NULL) {
564                 s          = rose_neigh;
565                 rose_neigh = rose_neigh->next;
566
567                 if (s->use == 0 && !s->loopback) {
568                         s->count = 0;
569                         rose_remove_neigh(s);
570                 }
571         }
572
573         spin_unlock_bh(&rose_neigh_list_lock);
574         spin_unlock_bh(&rose_node_list_lock);
575
576         return 0;
577 }
578
579 /*
580  *      Check that the device given is a valid AX.25 interface that is "up".
581  */
582 static struct net_device *rose_ax25_dev_get(char *devname)
583 {
584         struct net_device *dev;
585
586         if ((dev = dev_get_by_name(&init_net, devname)) == NULL)
587                 return NULL;
588
589         if ((dev->flags & IFF_UP) && dev->type == ARPHRD_AX25)
590                 return dev;
591
592         dev_put(dev);
593         return NULL;
594 }
595
596 /*
597  *      Find the first active ROSE device, usually "rose0".
598  */
599 struct net_device *rose_dev_first(void)
600 {
601         struct net_device *dev, *first = NULL;
602
603         read_lock(&dev_base_lock);
604         for_each_netdev(&init_net, dev) {
605                 if ((dev->flags & IFF_UP) && dev->type == ARPHRD_ROSE)
606                         if (first == NULL || strncmp(dev->name, first->name, 3) < 0)
607                                 first = dev;
608         }
609         read_unlock(&dev_base_lock);
610
611         return first;
612 }
613
614 /*
615  *      Find the ROSE device for the given address.
616  */
617 struct net_device *rose_dev_get(rose_address *addr)
618 {
619         struct net_device *dev;
620
621         read_lock(&dev_base_lock);
622         for_each_netdev(&init_net, dev) {
623                 if ((dev->flags & IFF_UP) && dev->type == ARPHRD_ROSE && rosecmp(addr, (rose_address *)dev->dev_addr) == 0) {
624                         dev_hold(dev);
625                         goto out;
626                 }
627         }
628         dev = NULL;
629 out:
630         read_unlock(&dev_base_lock);
631         return dev;
632 }
633
634 static int rose_dev_exists(rose_address *addr)
635 {
636         struct net_device *dev;
637
638         read_lock(&dev_base_lock);
639         for_each_netdev(&init_net, dev) {
640                 if ((dev->flags & IFF_UP) && dev->type == ARPHRD_ROSE && rosecmp(addr, (rose_address *)dev->dev_addr) == 0)
641                         goto out;
642         }
643         dev = NULL;
644 out:
645         read_unlock(&dev_base_lock);
646         return dev != NULL;
647 }
648
649
650
651
652 struct rose_route *rose_route_free_lci(unsigned int lci, struct rose_neigh *neigh)
653 {
654         struct rose_route *rose_route;
655
656         for (rose_route = rose_route_list; rose_route != NULL; rose_route = rose_route->next)
657                 if ((rose_route->neigh1 == neigh && rose_route->lci1 == lci) ||
658                     (rose_route->neigh2 == neigh && rose_route->lci2 == lci))
659                         return rose_route;
660
661         return NULL;
662 }
663
664 /*
665  *      Find a neighbour or a route given a ROSE address.
666  */
667 struct rose_neigh *rose_get_neigh(rose_address *addr, unsigned char *cause,
668         unsigned char *diagnostic, int new)
669 {
670         struct rose_neigh *res = NULL;
671         struct rose_node *node;
672         int failed = 0;
673         int i;
674
675         if (!new) spin_lock_bh(&rose_node_list_lock);
676         for (node = rose_node_list; node != NULL; node = node->next) {
677                 if (rosecmpm(addr, &node->address, node->mask) == 0) {
678                         for (i = 0; i < node->count; i++) {
679                                 if (new) {
680                                         if (node->neighbour[i]->restarted) {
681                                                 res = node->neighbour[i];
682                                                 goto out;
683                                         }
684                                 }
685                                 else {
686                                         if (!rose_ftimer_running(node->neighbour[i])) {
687                                                 res = node->neighbour[i];
688                                                 goto out;
689                                         } else
690                                                 failed = 1;
691                                 }
692                         }
693                 }
694         }
695
696         if (failed) {
697                 *cause      = ROSE_OUT_OF_ORDER;
698                 *diagnostic = 0;
699         } else {
700                 *cause      = ROSE_NOT_OBTAINABLE;
701                 *diagnostic = 0;
702         }
703
704 out:
705         if (!new) spin_unlock_bh(&rose_node_list_lock);
706
707         return res;
708 }
709
710 /*
711  *      Handle the ioctls that control the routing functions.
712  */
713 int rose_rt_ioctl(unsigned int cmd, void __user *arg)
714 {
715         struct rose_route_struct rose_route;
716         struct net_device *dev;
717         int err;
718
719         switch (cmd) {
720         case SIOCADDRT:
721                 if (copy_from_user(&rose_route, arg, sizeof(struct rose_route_struct)))
722                         return -EFAULT;
723                 if ((dev = rose_ax25_dev_get(rose_route.device)) == NULL)
724                         return -EINVAL;
725                 if (rose_dev_exists(&rose_route.address)) { /* Can't add routes to ourself */
726                         dev_put(dev);
727                         return -EINVAL;
728                 }
729                 if (rose_route.mask > 10) /* Mask can't be more than 10 digits */
730                         return -EINVAL;
731                 if (rose_route.ndigis > AX25_MAX_DIGIS)
732                         return -EINVAL;
733                 err = rose_add_node(&rose_route, dev);
734                 dev_put(dev);
735                 return err;
736
737         case SIOCDELRT:
738                 if (copy_from_user(&rose_route, arg, sizeof(struct rose_route_struct)))
739                         return -EFAULT;
740                 if ((dev = rose_ax25_dev_get(rose_route.device)) == NULL)
741                         return -EINVAL;
742                 err = rose_del_node(&rose_route, dev);
743                 dev_put(dev);
744                 return err;
745
746         case SIOCRSCLRRT:
747                 return rose_clear_routes();
748
749         default:
750                 return -EINVAL;
751         }
752
753         return 0;
754 }
755
756 static void rose_del_route_by_neigh(struct rose_neigh *rose_neigh)
757 {
758         struct rose_route *rose_route, *s;
759
760         rose_neigh->restarted = 0;
761
762         rose_stop_t0timer(rose_neigh);
763         rose_start_ftimer(rose_neigh);
764
765         skb_queue_purge(&rose_neigh->queue);
766
767         spin_lock_bh(&rose_route_list_lock);
768
769         rose_route = rose_route_list;
770
771         while (rose_route != NULL) {
772                 if ((rose_route->neigh1 == rose_neigh && rose_route->neigh2 == rose_neigh) ||
773                     (rose_route->neigh1 == rose_neigh && rose_route->neigh2 == NULL)       ||
774                     (rose_route->neigh2 == rose_neigh && rose_route->neigh1 == NULL)) {
775                         s = rose_route->next;
776                         rose_remove_route(rose_route);
777                         rose_route = s;
778                         continue;
779                 }
780
781                 if (rose_route->neigh1 == rose_neigh) {
782                         rose_route->neigh1->use--;
783                         rose_route->neigh1 = NULL;
784                         rose_transmit_clear_request(rose_route->neigh2, rose_route->lci2, ROSE_OUT_OF_ORDER, 0);
785                 }
786
787                 if (rose_route->neigh2 == rose_neigh) {
788                         rose_route->neigh2->use--;
789                         rose_route->neigh2 = NULL;
790                         rose_transmit_clear_request(rose_route->neigh1, rose_route->lci1, ROSE_OUT_OF_ORDER, 0);
791                 }
792
793                 rose_route = rose_route->next;
794         }
795         spin_unlock_bh(&rose_route_list_lock);
796 }
797
798 /*
799  *      A level 2 link has timed out, therefore it appears to be a poor link,
800  *      then don't use that neighbour until it is reset. Blow away all through
801  *      routes and connections using this route.
802  */
803 void rose_link_failed(ax25_cb *ax25, int reason)
804 {
805         struct rose_neigh *rose_neigh;
806
807         spin_lock_bh(&rose_neigh_list_lock);
808         rose_neigh = rose_neigh_list;
809         while (rose_neigh != NULL) {
810                 if (rose_neigh->ax25 == ax25)
811                         break;
812                 rose_neigh = rose_neigh->next;
813         }
814
815         if (rose_neigh != NULL) {
816                 rose_neigh->ax25 = NULL;
817
818                 rose_del_route_by_neigh(rose_neigh);
819                 rose_kill_by_neigh(rose_neigh);
820         }
821         spin_unlock_bh(&rose_neigh_list_lock);
822 }
823
824 /*
825  *      A device has been "downed" remove its link status. Blow away all
826  *      through routes and connections that use this device.
827  */
828 void rose_link_device_down(struct net_device *dev)
829 {
830         struct rose_neigh *rose_neigh;
831
832         for (rose_neigh = rose_neigh_list; rose_neigh != NULL; rose_neigh = rose_neigh->next) {
833                 if (rose_neigh->dev == dev) {
834                         rose_del_route_by_neigh(rose_neigh);
835                         rose_kill_by_neigh(rose_neigh);
836                 }
837         }
838 }
839
840 /*
841  *      Route a frame to an appropriate AX.25 connection.
842  */
843 int rose_route_frame(struct sk_buff *skb, ax25_cb *ax25)
844 {
845         struct rose_neigh *rose_neigh, *new_neigh;
846         struct rose_route *rose_route;
847         struct rose_facilities_struct facilities;
848         rose_address *src_addr, *dest_addr;
849         struct sock *sk;
850         unsigned short frametype;
851         unsigned int lci, new_lci;
852         unsigned char cause, diagnostic;
853         struct net_device *dev;
854         int len, res = 0;
855         char buf[11];
856
857 #if 0
858         if (call_in_firewall(PF_ROSE, skb->dev, skb->data, NULL, &skb) != FW_ACCEPT)
859                 return res;
860 #endif
861
862         frametype = skb->data[2];
863         lci = ((skb->data[0] << 8) & 0xF00) + ((skb->data[1] << 0) & 0x0FF);
864         src_addr  = (rose_address *)(skb->data + 9);
865         dest_addr = (rose_address *)(skb->data + 4);
866
867         spin_lock_bh(&rose_neigh_list_lock);
868         spin_lock_bh(&rose_route_list_lock);
869
870         rose_neigh = rose_neigh_list;
871         while (rose_neigh != NULL) {
872                 if (ax25cmp(&ax25->dest_addr, &rose_neigh->callsign) == 0 &&
873                     ax25->ax25_dev->dev == rose_neigh->dev)
874                         break;
875                 rose_neigh = rose_neigh->next;
876         }
877
878         if (rose_neigh == NULL) {
879                 printk("rose_route : unknown neighbour or device %s\n",
880                        ax2asc(buf, &ax25->dest_addr));
881                 goto out;
882         }
883
884         /*
885          *      Obviously the link is working, halt the ftimer.
886          */
887         rose_stop_ftimer(rose_neigh);
888
889         /*
890          *      LCI of zero is always for us, and its always a restart
891          *      frame.
892          */
893         if (lci == 0) {
894                 rose_link_rx_restart(skb, rose_neigh, frametype);
895                 goto out;
896         }
897
898         /*
899          *      Find an existing socket.
900          */
901         if ((sk = rose_find_socket(lci, rose_neigh)) != NULL) {
902                 if (frametype == ROSE_CALL_REQUEST) {
903                         struct rose_sock *rose = rose_sk(sk);
904
905                         /* Remove an existing unused socket */
906                         rose_clear_queues(sk);
907                         rose->cause      = ROSE_NETWORK_CONGESTION;
908                         rose->diagnostic = 0;
909                         rose->neighbour->use--;
910                         rose->neighbour  = NULL;
911                         rose->lci        = 0;
912                         rose->state      = ROSE_STATE_0;
913                         sk->sk_state     = TCP_CLOSE;
914                         sk->sk_err       = 0;
915                         sk->sk_shutdown  |= SEND_SHUTDOWN;
916                         if (!sock_flag(sk, SOCK_DEAD)) {
917                                 sk->sk_state_change(sk);
918                                 sock_set_flag(sk, SOCK_DEAD);
919                         }
920                 }
921                 else {
922                         skb_reset_transport_header(skb);
923                         res = rose_process_rx_frame(sk, skb);
924                         goto out;
925                 }
926         }
927
928         /*
929          *      Is is a Call Request and is it for us ?
930          */
931         if (frametype == ROSE_CALL_REQUEST)
932                 if ((dev = rose_dev_get(dest_addr)) != NULL) {
933                         res = rose_rx_call_request(skb, dev, rose_neigh, lci);
934                         dev_put(dev);
935                         goto out;
936                 }
937
938         if (!sysctl_rose_routing_control) {
939                 rose_transmit_clear_request(rose_neigh, lci, ROSE_NOT_OBTAINABLE, 0);
940                 goto out;
941         }
942
943         /*
944          *      Route it to the next in line if we have an entry for it.
945          */
946         rose_route = rose_route_list;
947         while (rose_route != NULL) {
948                 if (rose_route->lci1 == lci &&
949                     rose_route->neigh1 == rose_neigh) {
950                         if (frametype == ROSE_CALL_REQUEST) {
951                                 /* F6FBB - Remove an existing unused route */
952                                 rose_remove_route(rose_route);
953                                 break;
954                         } else if (rose_route->neigh2 != NULL) {
955                                 skb->data[0] &= 0xF0;
956                                 skb->data[0] |= (rose_route->lci2 >> 8) & 0x0F;
957                                 skb->data[1]  = (rose_route->lci2 >> 0) & 0xFF;
958                                 rose_transmit_link(skb, rose_route->neigh2);
959                                 if (frametype == ROSE_CLEAR_CONFIRMATION)
960                                         rose_remove_route(rose_route);
961                                 res = 1;
962                                 goto out;
963                         } else {
964                                 if (frametype == ROSE_CLEAR_CONFIRMATION)
965                                         rose_remove_route(rose_route);
966                                 goto out;
967                         }
968                 }
969                 if (rose_route->lci2 == lci &&
970                     rose_route->neigh2 == rose_neigh) {
971                         if (frametype == ROSE_CALL_REQUEST) {
972                                 /* F6FBB - Remove an existing unused route */
973                                 rose_remove_route(rose_route);
974                                 break;
975                         } else if (rose_route->neigh1 != NULL) {
976                                 skb->data[0] &= 0xF0;
977                                 skb->data[0] |= (rose_route->lci1 >> 8) & 0x0F;
978                                 skb->data[1]  = (rose_route->lci1 >> 0) & 0xFF;
979                                 rose_transmit_link(skb, rose_route->neigh1);
980                                 if (frametype == ROSE_CLEAR_CONFIRMATION)
981                                         rose_remove_route(rose_route);
982                                 res = 1;
983                                 goto out;
984                         } else {
985                                 if (frametype == ROSE_CLEAR_CONFIRMATION)
986                                         rose_remove_route(rose_route);
987                                 goto out;
988                         }
989                 }
990                 rose_route = rose_route->next;
991         }
992
993         /*
994          *      We know that:
995          *      1. The frame isn't for us,
996          *      2. It isn't "owned" by any existing route.
997          */
998         if (frametype != ROSE_CALL_REQUEST) {   /* XXX */
999                 res = 0;
1000                 goto out;
1001         }
1002
1003         len  = (((skb->data[3] >> 4) & 0x0F) + 1) >> 1;
1004         len += (((skb->data[3] >> 0) & 0x0F) + 1) >> 1;
1005
1006         memset(&facilities, 0x00, sizeof(struct rose_facilities_struct));
1007
1008         if (!rose_parse_facilities(skb->data + len + 4, &facilities)) {
1009                 rose_transmit_clear_request(rose_neigh, lci, ROSE_INVALID_FACILITY, 76);
1010                 goto out;
1011         }
1012
1013         /*
1014          *      Check for routing loops.
1015          */
1016         rose_route = rose_route_list;
1017         while (rose_route != NULL) {
1018                 if (rose_route->rand == facilities.rand &&
1019                     rosecmp(src_addr, &rose_route->src_addr) == 0 &&
1020                     ax25cmp(&facilities.dest_call, &rose_route->src_call) == 0 &&
1021                     ax25cmp(&facilities.source_call, &rose_route->dest_call) == 0) {
1022                         rose_transmit_clear_request(rose_neigh, lci, ROSE_NOT_OBTAINABLE, 120);
1023                         goto out;
1024                 }
1025                 rose_route = rose_route->next;
1026         }
1027
1028         if ((new_neigh = rose_get_neigh(dest_addr, &cause, &diagnostic, 1)) == NULL) {
1029                 rose_transmit_clear_request(rose_neigh, lci, cause, diagnostic);
1030                 goto out;
1031         }
1032
1033         if ((new_lci = rose_new_lci(new_neigh)) == 0) {
1034                 rose_transmit_clear_request(rose_neigh, lci, ROSE_NETWORK_CONGESTION, 71);
1035                 goto out;
1036         }
1037
1038         if ((rose_route = kmalloc(sizeof(*rose_route), GFP_ATOMIC)) == NULL) {
1039                 rose_transmit_clear_request(rose_neigh, lci, ROSE_NETWORK_CONGESTION, 120);
1040                 goto out;
1041         }
1042
1043         rose_route->lci1      = lci;
1044         rose_route->src_addr  = *src_addr;
1045         rose_route->dest_addr = *dest_addr;
1046         rose_route->src_call  = facilities.dest_call;
1047         rose_route->dest_call = facilities.source_call;
1048         rose_route->rand      = facilities.rand;
1049         rose_route->neigh1    = rose_neigh;
1050         rose_route->lci2      = new_lci;
1051         rose_route->neigh2    = new_neigh;
1052
1053         rose_route->neigh1->use++;
1054         rose_route->neigh2->use++;
1055
1056         rose_route->next = rose_route_list;
1057         rose_route_list  = rose_route;
1058
1059         skb->data[0] &= 0xF0;
1060         skb->data[0] |= (rose_route->lci2 >> 8) & 0x0F;
1061         skb->data[1]  = (rose_route->lci2 >> 0) & 0xFF;
1062
1063         rose_transmit_link(skb, rose_route->neigh2);
1064         res = 1;
1065
1066 out:
1067         spin_unlock_bh(&rose_route_list_lock);
1068         spin_unlock_bh(&rose_neigh_list_lock);
1069
1070         return res;
1071 }
1072
1073 #ifdef CONFIG_PROC_FS
1074
1075 static void *rose_node_start(struct seq_file *seq, loff_t *pos)
1076         __acquires(rose_node_list_lock)
1077 {
1078         struct rose_node *rose_node;
1079         int i = 1;
1080
1081         spin_lock_bh(&rose_node_list_lock);
1082         if (*pos == 0)
1083                 return SEQ_START_TOKEN;
1084
1085         for (rose_node = rose_node_list; rose_node && i < *pos;
1086              rose_node = rose_node->next, ++i);
1087
1088         return (i == *pos) ? rose_node : NULL;
1089 }
1090
1091 static void *rose_node_next(struct seq_file *seq, void *v, loff_t *pos)
1092 {
1093         ++*pos;
1094
1095         return (v == SEQ_START_TOKEN) ? rose_node_list
1096                 : ((struct rose_node *)v)->next;
1097 }
1098
1099 static void rose_node_stop(struct seq_file *seq, void *v)
1100         __releases(rose_node_list_lock)
1101 {
1102         spin_unlock_bh(&rose_node_list_lock);
1103 }
1104
1105 static int rose_node_show(struct seq_file *seq, void *v)
1106 {
1107         int i;
1108
1109         if (v == SEQ_START_TOKEN)
1110                 seq_puts(seq, "address    mask n neigh neigh neigh\n");
1111         else {
1112                 const struct rose_node *rose_node = v;
1113                 /* if (rose_node->loopback) {
1114                         seq_printf(seq, "%-10s %04d 1 loopback\n",
1115                                 rose2asc(&rose_node->address),
1116                                 rose_node->mask);
1117                 } else { */
1118                         seq_printf(seq, "%-10s %04d %d",
1119                                 rose2asc(&rose_node->address),
1120                                 rose_node->mask,
1121                                 rose_node->count);
1122
1123                         for (i = 0; i < rose_node->count; i++)
1124                                 seq_printf(seq, " %05d",
1125                                         rose_node->neighbour[i]->number);
1126
1127                         seq_puts(seq, "\n");
1128                 /* } */
1129         }
1130         return 0;
1131 }
1132
1133 static const struct seq_operations rose_node_seqops = {
1134         .start = rose_node_start,
1135         .next = rose_node_next,
1136         .stop = rose_node_stop,
1137         .show = rose_node_show,
1138 };
1139
1140 static int rose_nodes_open(struct inode *inode, struct file *file)
1141 {
1142         return seq_open(file, &rose_node_seqops);
1143 }
1144
1145 const struct file_operations rose_nodes_fops = {
1146         .owner = THIS_MODULE,
1147         .open = rose_nodes_open,
1148         .read = seq_read,
1149         .llseek = seq_lseek,
1150         .release = seq_release,
1151 };
1152
1153 static void *rose_neigh_start(struct seq_file *seq, loff_t *pos)
1154         __acquires(rose_neigh_list_lock)
1155 {
1156         struct rose_neigh *rose_neigh;
1157         int i = 1;
1158
1159         spin_lock_bh(&rose_neigh_list_lock);
1160         if (*pos == 0)
1161                 return SEQ_START_TOKEN;
1162
1163         for (rose_neigh = rose_neigh_list; rose_neigh && i < *pos;
1164              rose_neigh = rose_neigh->next, ++i);
1165
1166         return (i == *pos) ? rose_neigh : NULL;
1167 }
1168
1169 static void *rose_neigh_next(struct seq_file *seq, void *v, loff_t *pos)
1170 {
1171         ++*pos;
1172
1173         return (v == SEQ_START_TOKEN) ? rose_neigh_list
1174                 : ((struct rose_neigh *)v)->next;
1175 }
1176
1177 static void rose_neigh_stop(struct seq_file *seq, void *v)
1178         __releases(rose_neigh_list_lock)
1179 {
1180         spin_unlock_bh(&rose_neigh_list_lock);
1181 }
1182
1183 static int rose_neigh_show(struct seq_file *seq, void *v)
1184 {
1185         char buf[11];
1186         int i;
1187
1188         if (v == SEQ_START_TOKEN)
1189                 seq_puts(seq,
1190                          "addr  callsign  dev  count use mode restart  t0  tf digipeaters\n");
1191         else {
1192                 struct rose_neigh *rose_neigh = v;
1193
1194                 /* if (!rose_neigh->loopback) { */
1195                 seq_printf(seq, "%05d %-9s %-4s   %3d %3d  %3s     %3s %3lu %3lu",
1196                            rose_neigh->number,
1197                            (rose_neigh->loopback) ? "RSLOOP-0" : ax2asc(buf, &rose_neigh->callsign),
1198                            rose_neigh->dev ? rose_neigh->dev->name : "???",
1199                            rose_neigh->count,
1200                            rose_neigh->use,
1201                            (rose_neigh->dce_mode) ? "DCE" : "DTE",
1202                            (rose_neigh->restarted) ? "yes" : "no",
1203                            ax25_display_timer(&rose_neigh->t0timer) / HZ,
1204                            ax25_display_timer(&rose_neigh->ftimer)  / HZ);
1205
1206                 if (rose_neigh->digipeat != NULL) {
1207                         for (i = 0; i < rose_neigh->digipeat->ndigi; i++)
1208                                 seq_printf(seq, " %s", ax2asc(buf, &rose_neigh->digipeat->calls[i]));
1209                 }
1210
1211                 seq_puts(seq, "\n");
1212         }
1213         return 0;
1214 }
1215
1216
1217 static const struct seq_operations rose_neigh_seqops = {
1218         .start = rose_neigh_start,
1219         .next = rose_neigh_next,
1220         .stop = rose_neigh_stop,
1221         .show = rose_neigh_show,
1222 };
1223
1224 static int rose_neigh_open(struct inode *inode, struct file *file)
1225 {
1226         return seq_open(file, &rose_neigh_seqops);
1227 }
1228
1229 const struct file_operations rose_neigh_fops = {
1230         .owner = THIS_MODULE,
1231         .open = rose_neigh_open,
1232         .read = seq_read,
1233         .llseek = seq_lseek,
1234         .release = seq_release,
1235 };
1236
1237
1238 static void *rose_route_start(struct seq_file *seq, loff_t *pos)
1239         __acquires(rose_route_list_lock)
1240 {
1241         struct rose_route *rose_route;
1242         int i = 1;
1243
1244         spin_lock_bh(&rose_route_list_lock);
1245         if (*pos == 0)
1246                 return SEQ_START_TOKEN;
1247
1248         for (rose_route = rose_route_list; rose_route && i < *pos;
1249              rose_route = rose_route->next, ++i);
1250
1251         return (i == *pos) ? rose_route : NULL;
1252 }
1253
1254 static void *rose_route_next(struct seq_file *seq, void *v, loff_t *pos)
1255 {
1256         ++*pos;
1257
1258         return (v == SEQ_START_TOKEN) ? rose_route_list
1259                 : ((struct rose_route *)v)->next;
1260 }
1261
1262 static void rose_route_stop(struct seq_file *seq, void *v)
1263         __releases(rose_route_list_lock)
1264 {
1265         spin_unlock_bh(&rose_route_list_lock);
1266 }
1267
1268 static int rose_route_show(struct seq_file *seq, void *v)
1269 {
1270         char buf[11];
1271
1272         if (v == SEQ_START_TOKEN)
1273                 seq_puts(seq,
1274                          "lci  address     callsign   neigh  <-> lci  address     callsign   neigh\n");
1275         else {
1276                 struct rose_route *rose_route = v;
1277
1278                 if (rose_route->neigh1)
1279                         seq_printf(seq,
1280                                    "%3.3X  %-10s  %-9s  %05d      ",
1281                                    rose_route->lci1,
1282                                    rose2asc(&rose_route->src_addr),
1283                                    ax2asc(buf, &rose_route->src_call),
1284                                    rose_route->neigh1->number);
1285                 else
1286                         seq_puts(seq,
1287                                  "000  *           *          00000      ");
1288
1289                 if (rose_route->neigh2)
1290                         seq_printf(seq,
1291                                    "%3.3X  %-10s  %-9s  %05d\n",
1292                                 rose_route->lci2,
1293                                 rose2asc(&rose_route->dest_addr),
1294                                 ax2asc(buf, &rose_route->dest_call),
1295                                 rose_route->neigh2->number);
1296                  else
1297                          seq_puts(seq,
1298                                   "000  *           *          00000\n");
1299                 }
1300         return 0;
1301 }
1302
1303 static const struct seq_operations rose_route_seqops = {
1304         .start = rose_route_start,
1305         .next = rose_route_next,
1306         .stop = rose_route_stop,
1307         .show = rose_route_show,
1308 };
1309
1310 static int rose_route_open(struct inode *inode, struct file *file)
1311 {
1312         return seq_open(file, &rose_route_seqops);
1313 }
1314
1315 const struct file_operations rose_routes_fops = {
1316         .owner = THIS_MODULE,
1317         .open = rose_route_open,
1318         .read = seq_read,
1319         .llseek = seq_lseek,
1320         .release = seq_release,
1321 };
1322
1323 #endif /* CONFIG_PROC_FS */
1324
1325 /*
1326  *      Release all memory associated with ROSE routing structures.
1327  */
1328 void __exit rose_rt_free(void)
1329 {
1330         struct rose_neigh *s, *rose_neigh = rose_neigh_list;
1331         struct rose_node  *t, *rose_node  = rose_node_list;
1332         struct rose_route *u, *rose_route = rose_route_list;
1333
1334         while (rose_neigh != NULL) {
1335                 s          = rose_neigh;
1336                 rose_neigh = rose_neigh->next;
1337
1338                 rose_remove_neigh(s);
1339         }
1340
1341         while (rose_node != NULL) {
1342                 t         = rose_node;
1343                 rose_node = rose_node->next;
1344
1345                 rose_remove_node(t);
1346         }
1347
1348         while (rose_route != NULL) {
1349                 u          = rose_route;
1350                 rose_route = rose_route->next;
1351
1352                 rose_remove_route(u);
1353         }
1354 }