mac80211: validate TIM IE length
[linux-2.6] / net / decnet / dn_neigh.c
1 /*
2  * DECnet       An implementation of the DECnet protocol suite for the LINUX
3  *              operating system.  DECnet is implemented using the  BSD Socket
4  *              interface as the means of communication with the user level.
5  *
6  *              DECnet Neighbour Functions (Adjacency Database and
7  *                                                        On-Ethernet Cache)
8  *
9  * Author:      Steve Whitehouse <SteveW@ACM.org>
10  *
11  *
12  * Changes:
13  *     Steve Whitehouse     : Fixed router listing routine
14  *     Steve Whitehouse     : Added error_report functions
15  *     Steve Whitehouse     : Added default router detection
16  *     Steve Whitehouse     : Hop counts in outgoing messages
17  *     Steve Whitehouse     : Fixed src/dst in outgoing messages so
18  *                            forwarding now stands a good chance of
19  *                            working.
20  *     Steve Whitehouse     : Fixed neighbour states (for now anyway).
21  *     Steve Whitehouse     : Made error_report functions dummies. This
22  *                            is not the right place to return skbs.
23  *     Steve Whitehouse     : Convert to seq_file
24  *
25  */
26
27 #include <linux/net.h>
28 #include <linux/module.h>
29 #include <linux/socket.h>
30 #include <linux/if_arp.h>
31 #include <linux/if_ether.h>
32 #include <linux/init.h>
33 #include <linux/proc_fs.h>
34 #include <linux/string.h>
35 #include <linux/netfilter_decnet.h>
36 #include <linux/spinlock.h>
37 #include <linux/seq_file.h>
38 #include <linux/rcupdate.h>
39 #include <linux/jhash.h>
40 #include <asm/atomic.h>
41 #include <net/net_namespace.h>
42 #include <net/neighbour.h>
43 #include <net/dst.h>
44 #include <net/flow.h>
45 #include <net/dn.h>
46 #include <net/dn_dev.h>
47 #include <net/dn_neigh.h>
48 #include <net/dn_route.h>
49
50 static u32 dn_neigh_hash(const void *pkey, const struct net_device *dev);
51 static int dn_neigh_construct(struct neighbour *);
52 static void dn_long_error_report(struct neighbour *, struct sk_buff *);
53 static void dn_short_error_report(struct neighbour *, struct sk_buff *);
54 static int dn_long_output(struct sk_buff *);
55 static int dn_short_output(struct sk_buff *);
56 static int dn_phase3_output(struct sk_buff *);
57
58
59 /*
60  * For talking to broadcast devices: Ethernet & PPP
61  */
62 static struct neigh_ops dn_long_ops = {
63         .family =               AF_DECnet,
64         .error_report =         dn_long_error_report,
65         .output =               dn_long_output,
66         .connected_output =     dn_long_output,
67         .hh_output =            dev_queue_xmit,
68         .queue_xmit =           dev_queue_xmit,
69 };
70
71 /*
72  * For talking to pointopoint and multidrop devices: DDCMP and X.25
73  */
74 static struct neigh_ops dn_short_ops = {
75         .family =               AF_DECnet,
76         .error_report =         dn_short_error_report,
77         .output =               dn_short_output,
78         .connected_output =     dn_short_output,
79         .hh_output =            dev_queue_xmit,
80         .queue_xmit =           dev_queue_xmit,
81 };
82
83 /*
84  * For talking to DECnet phase III nodes
85  */
86 static struct neigh_ops dn_phase3_ops = {
87         .family =               AF_DECnet,
88         .error_report =         dn_short_error_report, /* Can use short version here */
89         .output =               dn_phase3_output,
90         .connected_output =     dn_phase3_output,
91         .hh_output =            dev_queue_xmit,
92         .queue_xmit =           dev_queue_xmit
93 };
94
95 struct neigh_table dn_neigh_table = {
96         .family =                       PF_DECnet,
97         .entry_size =                   sizeof(struct dn_neigh),
98         .key_len =                      sizeof(__le16),
99         .hash =                         dn_neigh_hash,
100         .constructor =                  dn_neigh_construct,
101         .id =                           "dn_neigh_cache",
102         .parms ={
103                 .tbl =                  &dn_neigh_table,
104                 .base_reachable_time =  30 * HZ,
105                 .retrans_time = 1 * HZ,
106                 .gc_staletime = 60 * HZ,
107                 .reachable_time =               30 * HZ,
108                 .delay_probe_time =     5 * HZ,
109                 .queue_len =            3,
110                 .ucast_probes = 0,
111                 .app_probes =           0,
112                 .mcast_probes = 0,
113                 .anycast_delay =        0,
114                 .proxy_delay =          0,
115                 .proxy_qlen =           0,
116                 .locktime =             1 * HZ,
117         },
118         .gc_interval =                  30 * HZ,
119         .gc_thresh1 =                   128,
120         .gc_thresh2 =                   512,
121         .gc_thresh3 =                   1024,
122 };
123
124 static u32 dn_neigh_hash(const void *pkey, const struct net_device *dev)
125 {
126         return jhash_2words(*(__u16 *)pkey, 0, dn_neigh_table.hash_rnd);
127 }
128
129 static int dn_neigh_construct(struct neighbour *neigh)
130 {
131         struct net_device *dev = neigh->dev;
132         struct dn_neigh *dn = (struct dn_neigh *)neigh;
133         struct dn_dev *dn_db;
134         struct neigh_parms *parms;
135
136         rcu_read_lock();
137         dn_db = rcu_dereference(dev->dn_ptr);
138         if (dn_db == NULL) {
139                 rcu_read_unlock();
140                 return -EINVAL;
141         }
142
143         parms = dn_db->neigh_parms;
144         if (!parms) {
145                 rcu_read_unlock();
146                 return -EINVAL;
147         }
148
149         __neigh_parms_put(neigh->parms);
150         neigh->parms = neigh_parms_clone(parms);
151
152         if (dn_db->use_long)
153                 neigh->ops = &dn_long_ops;
154         else
155                 neigh->ops = &dn_short_ops;
156         rcu_read_unlock();
157
158         if (dn->flags & DN_NDFLAG_P3)
159                 neigh->ops = &dn_phase3_ops;
160
161         neigh->nud_state = NUD_NOARP;
162         neigh->output = neigh->ops->connected_output;
163
164         if ((dev->type == ARPHRD_IPGRE) || (dev->flags & IFF_POINTOPOINT))
165                 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
166         else if ((dev->type == ARPHRD_ETHER) || (dev->type == ARPHRD_LOOPBACK))
167                 dn_dn2eth(neigh->ha, dn->addr);
168         else {
169                 if (net_ratelimit())
170                         printk(KERN_DEBUG "Trying to create neigh for hw %d\n",  dev->type);
171                 return -EINVAL;
172         }
173
174         /*
175          * Make an estimate of the remote block size by assuming that its
176          * two less then the device mtu, which it true for ethernet (and
177          * other things which support long format headers) since there is
178          * an extra length field (of 16 bits) which isn't part of the
179          * ethernet headers and which the DECnet specs won't admit is part
180          * of the DECnet routing headers either.
181          *
182          * If we over estimate here its no big deal, the NSP negotiations
183          * will prevent us from sending packets which are too large for the
184          * remote node to handle. In any case this figure is normally updated
185          * by a hello message in most cases.
186          */
187         dn->blksize = dev->mtu - 2;
188
189         return 0;
190 }
191
192 static void dn_long_error_report(struct neighbour *neigh, struct sk_buff *skb)
193 {
194         printk(KERN_DEBUG "dn_long_error_report: called\n");
195         kfree_skb(skb);
196 }
197
198
199 static void dn_short_error_report(struct neighbour *neigh, struct sk_buff *skb)
200 {
201         printk(KERN_DEBUG "dn_short_error_report: called\n");
202         kfree_skb(skb);
203 }
204
205 static int dn_neigh_output_packet(struct sk_buff *skb)
206 {
207         struct dst_entry *dst = skb->dst;
208         struct dn_route *rt = (struct dn_route *)dst;
209         struct neighbour *neigh = dst->neighbour;
210         struct net_device *dev = neigh->dev;
211         char mac_addr[ETH_ALEN];
212
213         dn_dn2eth(mac_addr, rt->rt_local_src);
214         if (dev_hard_header(skb, dev, ntohs(skb->protocol), neigh->ha,
215                             mac_addr, skb->len) >= 0)
216                 return neigh->ops->queue_xmit(skb);
217
218         if (net_ratelimit())
219                 printk(KERN_DEBUG "dn_neigh_output_packet: oops, can't send packet\n");
220
221         kfree_skb(skb);
222         return -EINVAL;
223 }
224
225 static int dn_long_output(struct sk_buff *skb)
226 {
227         struct dst_entry *dst = skb->dst;
228         struct neighbour *neigh = dst->neighbour;
229         struct net_device *dev = neigh->dev;
230         int headroom = dev->hard_header_len + sizeof(struct dn_long_packet) + 3;
231         unsigned char *data;
232         struct dn_long_packet *lp;
233         struct dn_skb_cb *cb = DN_SKB_CB(skb);
234
235
236         if (skb_headroom(skb) < headroom) {
237                 struct sk_buff *skb2 = skb_realloc_headroom(skb, headroom);
238                 if (skb2 == NULL) {
239                         if (net_ratelimit())
240                                 printk(KERN_CRIT "dn_long_output: no memory\n");
241                         kfree_skb(skb);
242                         return -ENOBUFS;
243                 }
244                 kfree_skb(skb);
245                 skb = skb2;
246                 if (net_ratelimit())
247                         printk(KERN_INFO "dn_long_output: Increasing headroom\n");
248         }
249
250         data = skb_push(skb, sizeof(struct dn_long_packet) + 3);
251         lp = (struct dn_long_packet *)(data+3);
252
253         *((__le16 *)data) = cpu_to_le16(skb->len - 2);
254         *(data + 2) = 1 | DN_RT_F_PF; /* Padding */
255
256         lp->msgflg   = DN_RT_PKT_LONG|(cb->rt_flags&(DN_RT_F_IE|DN_RT_F_RQR|DN_RT_F_RTS));
257         lp->d_area   = lp->d_subarea = 0;
258         dn_dn2eth(lp->d_id, cb->dst);
259         lp->s_area   = lp->s_subarea = 0;
260         dn_dn2eth(lp->s_id, cb->src);
261         lp->nl2      = 0;
262         lp->visit_ct = cb->hops & 0x3f;
263         lp->s_class  = 0;
264         lp->pt       = 0;
265
266         skb_reset_network_header(skb);
267
268         return NF_HOOK(PF_DECnet, NF_DN_POST_ROUTING, skb, NULL, neigh->dev, dn_neigh_output_packet);
269 }
270
271 static int dn_short_output(struct sk_buff *skb)
272 {
273         struct dst_entry *dst = skb->dst;
274         struct neighbour *neigh = dst->neighbour;
275         struct net_device *dev = neigh->dev;
276         int headroom = dev->hard_header_len + sizeof(struct dn_short_packet) + 2;
277         struct dn_short_packet *sp;
278         unsigned char *data;
279         struct dn_skb_cb *cb = DN_SKB_CB(skb);
280
281
282         if (skb_headroom(skb) < headroom) {
283                 struct sk_buff *skb2 = skb_realloc_headroom(skb, headroom);
284                 if (skb2 == NULL) {
285                         if (net_ratelimit())
286                                 printk(KERN_CRIT "dn_short_output: no memory\n");
287                         kfree_skb(skb);
288                         return -ENOBUFS;
289                 }
290                 kfree_skb(skb);
291                 skb = skb2;
292                 if (net_ratelimit())
293                         printk(KERN_INFO "dn_short_output: Increasing headroom\n");
294         }
295
296         data = skb_push(skb, sizeof(struct dn_short_packet) + 2);
297         *((__le16 *)data) = cpu_to_le16(skb->len - 2);
298         sp = (struct dn_short_packet *)(data+2);
299
300         sp->msgflg     = DN_RT_PKT_SHORT|(cb->rt_flags&(DN_RT_F_RQR|DN_RT_F_RTS));
301         sp->dstnode    = cb->dst;
302         sp->srcnode    = cb->src;
303         sp->forward    = cb->hops & 0x3f;
304
305         skb_reset_network_header(skb);
306
307         return NF_HOOK(PF_DECnet, NF_DN_POST_ROUTING, skb, NULL, neigh->dev, dn_neigh_output_packet);
308 }
309
310 /*
311  * Phase 3 output is the same is short output, execpt that
312  * it clears the area bits before transmission.
313  */
314 static int dn_phase3_output(struct sk_buff *skb)
315 {
316         struct dst_entry *dst = skb->dst;
317         struct neighbour *neigh = dst->neighbour;
318         struct net_device *dev = neigh->dev;
319         int headroom = dev->hard_header_len + sizeof(struct dn_short_packet) + 2;
320         struct dn_short_packet *sp;
321         unsigned char *data;
322         struct dn_skb_cb *cb = DN_SKB_CB(skb);
323
324         if (skb_headroom(skb) < headroom) {
325                 struct sk_buff *skb2 = skb_realloc_headroom(skb, headroom);
326                 if (skb2 == NULL) {
327                         if (net_ratelimit())
328                                 printk(KERN_CRIT "dn_phase3_output: no memory\n");
329                         kfree_skb(skb);
330                         return -ENOBUFS;
331                 }
332                 kfree_skb(skb);
333                 skb = skb2;
334                 if (net_ratelimit())
335                         printk(KERN_INFO "dn_phase3_output: Increasing headroom\n");
336         }
337
338         data = skb_push(skb, sizeof(struct dn_short_packet) + 2);
339         *((__le16 *)data) = cpu_to_le16(skb->len - 2);
340         sp = (struct dn_short_packet *)(data + 2);
341
342         sp->msgflg   = DN_RT_PKT_SHORT|(cb->rt_flags&(DN_RT_F_RQR|DN_RT_F_RTS));
343         sp->dstnode  = cb->dst & cpu_to_le16(0x03ff);
344         sp->srcnode  = cb->src & cpu_to_le16(0x03ff);
345         sp->forward  = cb->hops & 0x3f;
346
347         skb_reset_network_header(skb);
348
349         return NF_HOOK(PF_DECnet, NF_DN_POST_ROUTING, skb, NULL, neigh->dev, dn_neigh_output_packet);
350 }
351
352 /*
353  * Unfortunately, the neighbour code uses the device in its hash
354  * function, so we don't get any advantage from it. This function
355  * basically does a neigh_lookup(), but without comparing the device
356  * field. This is required for the On-Ethernet cache
357  */
358
359 /*
360  * Pointopoint link receives a hello message
361  */
362 void dn_neigh_pointopoint_hello(struct sk_buff *skb)
363 {
364         kfree_skb(skb);
365 }
366
367 /*
368  * Ethernet router hello message received
369  */
370 int dn_neigh_router_hello(struct sk_buff *skb)
371 {
372         struct rtnode_hello_message *msg = (struct rtnode_hello_message *)skb->data;
373
374         struct neighbour *neigh;
375         struct dn_neigh *dn;
376         struct dn_dev *dn_db;
377         __le16 src;
378
379         src = dn_eth2dn(msg->id);
380
381         neigh = __neigh_lookup(&dn_neigh_table, &src, skb->dev, 1);
382
383         dn = (struct dn_neigh *)neigh;
384
385         if (neigh) {
386                 write_lock(&neigh->lock);
387
388                 neigh->used = jiffies;
389                 dn_db = (struct dn_dev *)neigh->dev->dn_ptr;
390
391                 if (!(neigh->nud_state & NUD_PERMANENT)) {
392                         neigh->updated = jiffies;
393
394                         if (neigh->dev->type == ARPHRD_ETHER)
395                                 memcpy(neigh->ha, &eth_hdr(skb)->h_source, ETH_ALEN);
396
397                         dn->blksize  = le16_to_cpu(msg->blksize);
398                         dn->priority = msg->priority;
399
400                         dn->flags &= ~DN_NDFLAG_P3;
401
402                         switch(msg->iinfo & DN_RT_INFO_TYPE) {
403                                 case DN_RT_INFO_L1RT:
404                                         dn->flags &=~DN_NDFLAG_R2;
405                                         dn->flags |= DN_NDFLAG_R1;
406                                         break;
407                                 case DN_RT_INFO_L2RT:
408                                         dn->flags |= DN_NDFLAG_R2;
409                         }
410                 }
411
412                 /* Only use routers in our area */
413                 if ((le16_to_cpu(src)>>10) == (le16_to_cpu((decnet_address))>>10)) {
414                         if (!dn_db->router) {
415                                 dn_db->router = neigh_clone(neigh);
416                         } else {
417                                 if (msg->priority > ((struct dn_neigh *)dn_db->router)->priority)
418                                         neigh_release(xchg(&dn_db->router, neigh_clone(neigh)));
419                         }
420                 }
421                 write_unlock(&neigh->lock);
422                 neigh_release(neigh);
423         }
424
425         kfree_skb(skb);
426         return 0;
427 }
428
429 /*
430  * Endnode hello message received
431  */
432 int dn_neigh_endnode_hello(struct sk_buff *skb)
433 {
434         struct endnode_hello_message *msg = (struct endnode_hello_message *)skb->data;
435         struct neighbour *neigh;
436         struct dn_neigh *dn;
437         __le16 src;
438
439         src = dn_eth2dn(msg->id);
440
441         neigh = __neigh_lookup(&dn_neigh_table, &src, skb->dev, 1);
442
443         dn = (struct dn_neigh *)neigh;
444
445         if (neigh) {
446                 write_lock(&neigh->lock);
447
448                 neigh->used = jiffies;
449
450                 if (!(neigh->nud_state & NUD_PERMANENT)) {
451                         neigh->updated = jiffies;
452
453                         if (neigh->dev->type == ARPHRD_ETHER)
454                                 memcpy(neigh->ha, &eth_hdr(skb)->h_source, ETH_ALEN);
455                         dn->flags   &= ~(DN_NDFLAG_R1 | DN_NDFLAG_R2);
456                         dn->blksize  = le16_to_cpu(msg->blksize);
457                         dn->priority = 0;
458                 }
459
460                 write_unlock(&neigh->lock);
461                 neigh_release(neigh);
462         }
463
464         kfree_skb(skb);
465         return 0;
466 }
467
468 static char *dn_find_slot(char *base, int max, int priority)
469 {
470         int i;
471         unsigned char *min = NULL;
472
473         base += 6; /* skip first id */
474
475         for(i = 0; i < max; i++) {
476                 if (!min || (*base < *min))
477                         min = base;
478                 base += 7; /* find next priority */
479         }
480
481         if (!min)
482                 return NULL;
483
484         return (*min < priority) ? (min - 6) : NULL;
485 }
486
487 struct elist_cb_state {
488         struct net_device *dev;
489         unsigned char *ptr;
490         unsigned char *rs;
491         int t, n;
492 };
493
494 static void neigh_elist_cb(struct neighbour *neigh, void *_info)
495 {
496         struct elist_cb_state *s = _info;
497         struct dn_neigh *dn;
498
499         if (neigh->dev != s->dev)
500                 return;
501
502         dn = (struct dn_neigh *) neigh;
503         if (!(dn->flags & (DN_NDFLAG_R1|DN_NDFLAG_R2)))
504                 return;
505
506         if (s->t == s->n)
507                 s->rs = dn_find_slot(s->ptr, s->n, dn->priority);
508         else
509                 s->t++;
510         if (s->rs == NULL)
511                 return;
512
513         dn_dn2eth(s->rs, dn->addr);
514         s->rs += 6;
515         *(s->rs) = neigh->nud_state & NUD_CONNECTED ? 0x80 : 0x0;
516         *(s->rs) |= dn->priority;
517         s->rs++;
518 }
519
520 int dn_neigh_elist(struct net_device *dev, unsigned char *ptr, int n)
521 {
522         struct elist_cb_state state;
523
524         state.dev = dev;
525         state.t = 0;
526         state.n = n;
527         state.ptr = ptr;
528         state.rs = ptr;
529
530         neigh_for_each(&dn_neigh_table, neigh_elist_cb, &state);
531
532         return state.t;
533 }
534
535
536 #ifdef CONFIG_PROC_FS
537
538 static inline void dn_neigh_format_entry(struct seq_file *seq,
539                                          struct neighbour *n)
540 {
541         struct dn_neigh *dn = (struct dn_neigh *) n;
542         char buf[DN_ASCBUF_LEN];
543
544         read_lock(&n->lock);
545         seq_printf(seq, "%-7s %s%s%s   %02x    %02d  %07ld %-8s\n",
546                    dn_addr2asc(le16_to_cpu(dn->addr), buf),
547                    (dn->flags&DN_NDFLAG_R1) ? "1" : "-",
548                    (dn->flags&DN_NDFLAG_R2) ? "2" : "-",
549                    (dn->flags&DN_NDFLAG_P3) ? "3" : "-",
550                    dn->n.nud_state,
551                    atomic_read(&dn->n.refcnt),
552                    dn->blksize,
553                    (dn->n.dev) ? dn->n.dev->name : "?");
554         read_unlock(&n->lock);
555 }
556
557 static int dn_neigh_seq_show(struct seq_file *seq, void *v)
558 {
559         if (v == SEQ_START_TOKEN) {
560                 seq_puts(seq, "Addr    Flags State Use Blksize Dev\n");
561         } else {
562                 dn_neigh_format_entry(seq, v);
563         }
564
565         return 0;
566 }
567
568 static void *dn_neigh_seq_start(struct seq_file *seq, loff_t *pos)
569 {
570         return neigh_seq_start(seq, pos, &dn_neigh_table,
571                                NEIGH_SEQ_NEIGH_ONLY);
572 }
573
574 static const struct seq_operations dn_neigh_seq_ops = {
575         .start = dn_neigh_seq_start,
576         .next  = neigh_seq_next,
577         .stop  = neigh_seq_stop,
578         .show  = dn_neigh_seq_show,
579 };
580
581 static int dn_neigh_seq_open(struct inode *inode, struct file *file)
582 {
583         return seq_open_net(inode, file, &dn_neigh_seq_ops,
584                             sizeof(struct neigh_seq_state));
585 }
586
587 static const struct file_operations dn_neigh_seq_fops = {
588         .owner          = THIS_MODULE,
589         .open           = dn_neigh_seq_open,
590         .read           = seq_read,
591         .llseek         = seq_lseek,
592         .release        = seq_release_net,
593 };
594
595 #endif
596
597 void __init dn_neigh_init(void)
598 {
599         neigh_table_init(&dn_neigh_table);
600         proc_net_fops_create(&init_net, "decnet_neigh", S_IRUGO, &dn_neigh_seq_fops);
601 }
602
603 void __exit dn_neigh_cleanup(void)
604 {
605         proc_net_remove(&init_net, "decnet_neigh");
606         neigh_table_clear(&dn_neigh_table);
607 }