[SCTP]: Fix NULL dereference of asoc.
[linux-2.6] / net / rose / rose_route.c
1 /*
2  * This program is free software; you can redistribute it and/or modify
3  * it under the terms of the GNU General Public License as published by
4  * the Free Software Foundation; either version 2 of the License, or
5  * (at your option) any later version.
6  *
7  * Copyright (C) Jonathan Naylor G4KLX (g4klx@g4klx.demon.co.uk)
8  * Copyright (C) Terry Dawson VK2KTJ (terry@animats.net)
9  */
10 #include <linux/errno.h>
11 #include <linux/types.h>
12 #include <linux/socket.h>
13 #include <linux/in.h>
14 #include <linux/kernel.h>
15 #include <linux/timer.h>
16 #include <linux/string.h>
17 #include <linux/sockios.h>
18 #include <linux/net.h>
19 #include <net/ax25.h>
20 #include <linux/inet.h>
21 #include <linux/netdevice.h>
22 #include <net/arp.h>
23 #include <linux/if_arp.h>
24 #include <linux/skbuff.h>
25 #include <net/sock.h>
26 #include <net/tcp_states.h>
27 #include <asm/system.h>
28 #include <asm/uaccess.h>
29 #include <linux/fcntl.h>
30 #include <linux/termios.h>      /* For TIOCINQ/OUTQ */
31 #include <linux/mm.h>
32 #include <linux/interrupt.h>
33 #include <linux/notifier.h>
34 #include <linux/netfilter.h>
35 #include <linux/init.h>
36 #include <net/rose.h>
37 #include <linux/seq_file.h>
38
39 static unsigned int rose_neigh_no = 1;
40
41 static struct rose_node  *rose_node_list;
42 static DEFINE_SPINLOCK(rose_node_list_lock);
43 static struct rose_neigh *rose_neigh_list;
44 static DEFINE_SPINLOCK(rose_neigh_list_lock);
45 static struct rose_route *rose_route_list;
46 static DEFINE_SPINLOCK(rose_route_list_lock);
47
48 struct rose_neigh *rose_loopback_neigh;
49
50 /*
51  *      Add a new route to a node, and in the process add the node and the
52  *      neighbour if it is new.
53  */
54 static int __must_check rose_add_node(struct rose_route_struct *rose_route,
55         struct net_device *dev)
56 {
57         struct rose_node  *rose_node, *rose_tmpn, *rose_tmpp;
58         struct rose_neigh *rose_neigh;
59         int i, res = 0;
60
61         spin_lock_bh(&rose_node_list_lock);
62         spin_lock_bh(&rose_neigh_list_lock);
63
64         rose_node = rose_node_list;
65         while (rose_node != NULL) {
66                 if ((rose_node->mask == rose_route->mask) &&
67                     (rosecmpm(&rose_route->address, &rose_node->address,
68                               rose_route->mask) == 0))
69                         break;
70                 rose_node = rose_node->next;
71         }
72
73         if (rose_node != NULL && rose_node->loopback) {
74                 res = -EINVAL;
75                 goto out;
76         }
77
78         rose_neigh = rose_neigh_list;
79         while (rose_neigh != NULL) {
80                 if (ax25cmp(&rose_route->neighbour, &rose_neigh->callsign) == 0
81                     && rose_neigh->dev == dev)
82                         break;
83                 rose_neigh = rose_neigh->next;
84         }
85
86         if (rose_neigh == NULL) {
87                 rose_neigh = kmalloc(sizeof(*rose_neigh), GFP_ATOMIC);
88                 if (rose_neigh == NULL) {
89                         res = -ENOMEM;
90                         goto out;
91                 }
92
93                 rose_neigh->callsign  = rose_route->neighbour;
94                 rose_neigh->digipeat  = NULL;
95                 rose_neigh->ax25      = NULL;
96                 rose_neigh->dev       = dev;
97                 rose_neigh->count     = 0;
98                 rose_neigh->use       = 0;
99                 rose_neigh->dce_mode  = 0;
100                 rose_neigh->loopback  = 0;
101                 rose_neigh->number    = rose_neigh_no++;
102                 rose_neigh->restarted = 0;
103
104                 skb_queue_head_init(&rose_neigh->queue);
105
106                 init_timer(&rose_neigh->ftimer);
107                 init_timer(&rose_neigh->t0timer);
108
109                 if (rose_route->ndigis != 0) {
110                         if ((rose_neigh->digipeat = kmalloc(sizeof(ax25_digi), GFP_KERNEL)) == NULL) {
111                                 kfree(rose_neigh);
112                                 res = -ENOMEM;
113                                 goto out;
114                         }
115
116                         rose_neigh->digipeat->ndigi      = rose_route->ndigis;
117                         rose_neigh->digipeat->lastrepeat = -1;
118
119                         for (i = 0; i < rose_route->ndigis; i++) {
120                                 rose_neigh->digipeat->calls[i]    =
121                                         rose_route->digipeaters[i];
122                                 rose_neigh->digipeat->repeated[i] = 0;
123                         }
124                 }
125
126                 rose_neigh->next = rose_neigh_list;
127                 rose_neigh_list  = rose_neigh;
128         }
129
130         /*
131          * This is a new node to be inserted into the list. Find where it needs
132          * to be inserted into the list, and insert it. We want to be sure
133          * to order the list in descending order of mask size to ensure that
134          * later when we are searching this list the first match will be the
135          * best match.
136          */
137         if (rose_node == NULL) {
138                 rose_tmpn = rose_node_list;
139                 rose_tmpp = NULL;
140
141                 while (rose_tmpn != NULL) {
142                         if (rose_tmpn->mask > rose_route->mask) {
143                                 rose_tmpp = rose_tmpn;
144                                 rose_tmpn = rose_tmpn->next;
145                         } else {
146                                 break;
147                         }
148                 }
149
150                 /* create new node */
151                 rose_node = kmalloc(sizeof(*rose_node), GFP_ATOMIC);
152                 if (rose_node == NULL) {
153                         res = -ENOMEM;
154                         goto out;
155                 }
156
157                 rose_node->address      = rose_route->address;
158                 rose_node->mask         = rose_route->mask;
159                 rose_node->count        = 1;
160                 rose_node->loopback     = 0;
161                 rose_node->neighbour[0] = rose_neigh;
162
163                 if (rose_tmpn == NULL) {
164                         if (rose_tmpp == NULL) {        /* Empty list */
165                                 rose_node_list  = rose_node;
166                                 rose_node->next = NULL;
167                         } else {
168                                 rose_tmpp->next = rose_node;
169                                 rose_node->next = NULL;
170                         }
171                 } else {
172                         if (rose_tmpp == NULL) {        /* 1st node */
173                                 rose_node->next = rose_node_list;
174                                 rose_node_list  = rose_node;
175                         } else {
176                                 rose_tmpp->next = rose_node;
177                                 rose_node->next = rose_tmpn;
178                         }
179                 }
180                 rose_neigh->count++;
181
182                 goto out;
183         }
184
185         /* We have space, slot it in */
186         if (rose_node->count < 3) {
187                 rose_node->neighbour[rose_node->count] = rose_neigh;
188                 rose_node->count++;
189                 rose_neigh->count++;
190         }
191
192 out:
193         spin_unlock_bh(&rose_neigh_list_lock);
194         spin_unlock_bh(&rose_node_list_lock);
195
196         return res;
197 }
198
199 /*
200  * Caller is holding rose_node_list_lock.
201  */
202 static void rose_remove_node(struct rose_node *rose_node)
203 {
204         struct rose_node *s;
205
206         if ((s = rose_node_list) == rose_node) {
207                 rose_node_list = rose_node->next;
208                 kfree(rose_node);
209                 return;
210         }
211
212         while (s != NULL && s->next != NULL) {
213                 if (s->next == rose_node) {
214                         s->next = rose_node->next;
215                         kfree(rose_node);
216                         return;
217                 }
218
219                 s = s->next;
220         }
221 }
222
223 /*
224  * Caller is holding rose_neigh_list_lock.
225  */
226 static void rose_remove_neigh(struct rose_neigh *rose_neigh)
227 {
228         struct rose_neigh *s;
229
230         rose_stop_ftimer(rose_neigh);
231         rose_stop_t0timer(rose_neigh);
232
233         skb_queue_purge(&rose_neigh->queue);
234
235         if ((s = rose_neigh_list) == rose_neigh) {
236                 rose_neigh_list = rose_neigh->next;
237                 kfree(rose_neigh->digipeat);
238                 kfree(rose_neigh);
239                 return;
240         }
241
242         while (s != NULL && s->next != NULL) {
243                 if (s->next == rose_neigh) {
244                         s->next = rose_neigh->next;
245                         kfree(rose_neigh->digipeat);
246                         kfree(rose_neigh);
247                         return;
248                 }
249
250                 s = s->next;
251         }
252 }
253
254 /*
255  * Caller is holding rose_route_list_lock.
256  */
257 static void rose_remove_route(struct rose_route *rose_route)
258 {
259         struct rose_route *s;
260
261         if (rose_route->neigh1 != NULL)
262                 rose_route->neigh1->use--;
263
264         if (rose_route->neigh2 != NULL)
265                 rose_route->neigh2->use--;
266
267         if ((s = rose_route_list) == rose_route) {
268                 rose_route_list = rose_route->next;
269                 kfree(rose_route);
270                 return;
271         }
272
273         while (s != NULL && s->next != NULL) {
274                 if (s->next == rose_route) {
275                         s->next = rose_route->next;
276                         kfree(rose_route);
277                         return;
278                 }
279
280                 s = s->next;
281         }
282 }
283
284 /*
285  *      "Delete" a node. Strictly speaking remove a route to a node. The node
286  *      is only deleted if no routes are left to it.
287  */
288 static int rose_del_node(struct rose_route_struct *rose_route,
289         struct net_device *dev)
290 {
291         struct rose_node  *rose_node;
292         struct rose_neigh *rose_neigh;
293         int i, err = 0;
294
295         spin_lock_bh(&rose_node_list_lock);
296         spin_lock_bh(&rose_neigh_list_lock);
297
298         rose_node = rose_node_list;
299         while (rose_node != NULL) {
300                 if ((rose_node->mask == rose_route->mask) &&
301                     (rosecmpm(&rose_route->address, &rose_node->address,
302                               rose_route->mask) == 0))
303                         break;
304                 rose_node = rose_node->next;
305         }
306
307         if (rose_node == NULL || rose_node->loopback) {
308                 err = -EINVAL;
309                 goto out;
310         }
311
312         rose_neigh = rose_neigh_list;
313         while (rose_neigh != NULL) {
314                 if (ax25cmp(&rose_route->neighbour, &rose_neigh->callsign) == 0
315                     && rose_neigh->dev == dev)
316                         break;
317                 rose_neigh = rose_neigh->next;
318         }
319
320         if (rose_neigh == NULL) {
321                 err = -EINVAL;
322                 goto out;
323         }
324
325         for (i = 0; i < rose_node->count; i++) {
326                 if (rose_node->neighbour[i] == rose_neigh) {
327                         rose_neigh->count--;
328
329                         if (rose_neigh->count == 0 && rose_neigh->use == 0)
330                                 rose_remove_neigh(rose_neigh);
331
332                         rose_node->count--;
333
334                         if (rose_node->count == 0) {
335                                 rose_remove_node(rose_node);
336                         } else {
337                                 switch (i) {
338                                 case 0:
339                                         rose_node->neighbour[0] =
340                                                 rose_node->neighbour[1];
341                                 case 1:
342                                         rose_node->neighbour[1] =
343                                                 rose_node->neighbour[2];
344                                 case 2:
345                                         break;
346                                 }
347                         }
348                         goto out;
349                 }
350         }
351         err = -EINVAL;
352
353 out:
354         spin_unlock_bh(&rose_neigh_list_lock);
355         spin_unlock_bh(&rose_node_list_lock);
356
357         return err;
358 }
359
360 /*
361  *      Add the loopback neighbour.
362  */
363 void rose_add_loopback_neigh(void)
364 {
365         struct rose_neigh *sn;
366
367         rose_loopback_neigh = kmalloc(sizeof(struct rose_neigh), GFP_KERNEL);
368         if (!rose_loopback_neigh)
369                 return;
370         sn = rose_loopback_neigh;
371
372         sn->callsign  = null_ax25_address;
373         sn->digipeat  = NULL;
374         sn->ax25      = NULL;
375         sn->dev       = NULL;
376         sn->count     = 0;
377         sn->use       = 0;
378         sn->dce_mode  = 1;
379         sn->loopback  = 1;
380         sn->number    = rose_neigh_no++;
381         sn->restarted = 1;
382
383         skb_queue_head_init(&sn->queue);
384
385         init_timer(&sn->ftimer);
386         init_timer(&sn->t0timer);
387
388         spin_lock_bh(&rose_neigh_list_lock);
389         sn->next = rose_neigh_list;
390         rose_neigh_list           = sn;
391         spin_unlock_bh(&rose_neigh_list_lock);
392 }
393
394 /*
395  *      Add a loopback node.
396  */
397 int rose_add_loopback_node(rose_address *address)
398 {
399         struct rose_node *rose_node;
400         int err = 0;
401
402         spin_lock_bh(&rose_node_list_lock);
403
404         rose_node = rose_node_list;
405         while (rose_node != NULL) {
406                 if ((rose_node->mask == 10) &&
407                      (rosecmpm(address, &rose_node->address, 10) == 0) &&
408                      rose_node->loopback)
409                         break;
410                 rose_node = rose_node->next;
411         }
412
413         if (rose_node != NULL)
414                 goto out;
415
416         if ((rose_node = kmalloc(sizeof(*rose_node), GFP_ATOMIC)) == NULL) {
417                 err = -ENOMEM;
418                 goto out;
419         }
420
421         rose_node->address      = *address;
422         rose_node->mask         = 10;
423         rose_node->count        = 1;
424         rose_node->loopback     = 1;
425         rose_node->neighbour[0] = rose_loopback_neigh;
426
427         /* Insert at the head of list. Address is always mask=10 */
428         rose_node->next = rose_node_list;
429         rose_node_list  = rose_node;
430
431         rose_loopback_neigh->count++;
432
433 out:
434         spin_unlock_bh(&rose_node_list_lock);
435
436         return err;
437 }
438
439 /*
440  *      Delete a loopback node.
441  */
442 void rose_del_loopback_node(rose_address *address)
443 {
444         struct rose_node *rose_node;
445
446         spin_lock_bh(&rose_node_list_lock);
447
448         rose_node = rose_node_list;
449         while (rose_node != NULL) {
450                 if ((rose_node->mask == 10) &&
451                     (rosecmpm(address, &rose_node->address, 10) == 0) &&
452                     rose_node->loopback)
453                         break;
454                 rose_node = rose_node->next;
455         }
456
457         if (rose_node == NULL)
458                 goto out;
459
460         rose_remove_node(rose_node);
461
462         rose_loopback_neigh->count--;
463
464 out:
465         spin_unlock_bh(&rose_node_list_lock);
466 }
467
468 /*
469  *      A device has been removed. Remove its routes and neighbours.
470  */
471 void rose_rt_device_down(struct net_device *dev)
472 {
473         struct rose_neigh *s, *rose_neigh;
474         struct rose_node  *t, *rose_node;
475         int i;
476
477         spin_lock_bh(&rose_node_list_lock);
478         spin_lock_bh(&rose_neigh_list_lock);
479         rose_neigh = rose_neigh_list;
480         while (rose_neigh != NULL) {
481                 s          = rose_neigh;
482                 rose_neigh = rose_neigh->next;
483
484                 if (s->dev != dev)
485                         continue;
486
487                 rose_node = rose_node_list;
488
489                 while (rose_node != NULL) {
490                         t         = rose_node;
491                         rose_node = rose_node->next;
492
493                         for (i = 0; i < t->count; i++) {
494                                 if (t->neighbour[i] != s)
495                                         continue;
496
497                                 t->count--;
498
499                                 switch (i) {
500                                 case 0:
501                                         t->neighbour[0] = t->neighbour[1];
502                                 case 1:
503                                         t->neighbour[1] = t->neighbour[2];
504                                 case 2:
505                                         break;
506                                 }
507                         }
508
509                         if (t->count <= 0)
510                                 rose_remove_node(t);
511                 }
512
513                 rose_remove_neigh(s);
514         }
515         spin_unlock_bh(&rose_neigh_list_lock);
516         spin_unlock_bh(&rose_node_list_lock);
517 }
518
519 #if 0 /* Currently unused */
520 /*
521  *      A device has been removed. Remove its links.
522  */
523 void rose_route_device_down(struct net_device *dev)
524 {
525         struct rose_route *s, *rose_route;
526
527         spin_lock_bh(&rose_route_list_lock);
528         rose_route = rose_route_list;
529         while (rose_route != NULL) {
530                 s          = rose_route;
531                 rose_route = rose_route->next;
532
533                 if (s->neigh1->dev == dev || s->neigh2->dev == dev)
534                         rose_remove_route(s);
535         }
536         spin_unlock_bh(&rose_route_list_lock);
537 }
538 #endif
539
540 /*
541  *      Clear all nodes and neighbours out, except for neighbours with
542  *      active connections going through them.
543  *  Do not clear loopback neighbour and nodes.
544  */
545 static int rose_clear_routes(void)
546 {
547         struct rose_neigh *s, *rose_neigh;
548         struct rose_node  *t, *rose_node;
549
550         spin_lock_bh(&rose_node_list_lock);
551         spin_lock_bh(&rose_neigh_list_lock);
552
553         rose_neigh = rose_neigh_list;
554         rose_node  = rose_node_list;
555
556         while (rose_node != NULL) {
557                 t         = rose_node;
558                 rose_node = rose_node->next;
559                 if (!t->loopback)
560                         rose_remove_node(t);
561         }
562
563         while (rose_neigh != NULL) {
564                 s          = rose_neigh;
565                 rose_neigh = rose_neigh->next;
566
567                 if (s->use == 0 && !s->loopback) {
568                         s->count = 0;
569                         rose_remove_neigh(s);
570                 }
571         }
572
573         spin_unlock_bh(&rose_neigh_list_lock);
574         spin_unlock_bh(&rose_node_list_lock);
575
576         return 0;
577 }
578
579 /*
580  *      Check that the device given is a valid AX.25 interface that is "up".
581  */
582 static struct net_device *rose_ax25_dev_get(char *devname)
583 {
584         struct net_device *dev;
585
586         if ((dev = dev_get_by_name(&init_net, devname)) == NULL)
587                 return NULL;
588
589         if ((dev->flags & IFF_UP) && dev->type == ARPHRD_AX25)
590                 return dev;
591
592         dev_put(dev);
593         return NULL;
594 }
595
596 /*
597  *      Find the first active ROSE device, usually "rose0".
598  */
599 struct net_device *rose_dev_first(void)
600 {
601         struct net_device *dev, *first = NULL;
602
603         read_lock(&dev_base_lock);
604         for_each_netdev(&init_net, dev) {
605                 if ((dev->flags & IFF_UP) && dev->type == ARPHRD_ROSE)
606                         if (first == NULL || strncmp(dev->name, first->name, 3) < 0)
607                                 first = dev;
608         }
609         read_unlock(&dev_base_lock);
610
611         return first;
612 }
613
614 /*
615  *      Find the ROSE device for the given address.
616  */
617 struct net_device *rose_dev_get(rose_address *addr)
618 {
619         struct net_device *dev;
620
621         read_lock(&dev_base_lock);
622         for_each_netdev(&init_net, dev) {
623                 if ((dev->flags & IFF_UP) && dev->type == ARPHRD_ROSE && rosecmp(addr, (rose_address *)dev->dev_addr) == 0) {
624                         dev_hold(dev);
625                         goto out;
626                 }
627         }
628         dev = NULL;
629 out:
630         read_unlock(&dev_base_lock);
631         return dev;
632 }
633
634 static int rose_dev_exists(rose_address *addr)
635 {
636         struct net_device *dev;
637
638         read_lock(&dev_base_lock);
639         for_each_netdev(&init_net, dev) {
640                 if ((dev->flags & IFF_UP) && dev->type == ARPHRD_ROSE && rosecmp(addr, (rose_address *)dev->dev_addr) == 0)
641                         goto out;
642         }
643         dev = NULL;
644 out:
645         read_unlock(&dev_base_lock);
646         return dev != NULL;
647 }
648
649
650
651
652 struct rose_route *rose_route_free_lci(unsigned int lci, struct rose_neigh *neigh)
653 {
654         struct rose_route *rose_route;
655
656         for (rose_route = rose_route_list; rose_route != NULL; rose_route = rose_route->next)
657                 if ((rose_route->neigh1 == neigh && rose_route->lci1 == lci) ||
658                     (rose_route->neigh2 == neigh && rose_route->lci2 == lci))
659                         return rose_route;
660
661         return NULL;
662 }
663
664 /*
665  *      Find a neighbour given a ROSE address.
666  */
667 struct rose_neigh *rose_get_neigh(rose_address *addr, unsigned char *cause,
668         unsigned char *diagnostic)
669 {
670         struct rose_neigh *res = NULL;
671         struct rose_node *node;
672         int failed = 0;
673         int i;
674
675         spin_lock_bh(&rose_node_list_lock);
676         for (node = rose_node_list; node != NULL; node = node->next) {
677                 if (rosecmpm(addr, &node->address, node->mask) == 0) {
678                         for (i = 0; i < node->count; i++) {
679                                 if (!rose_ftimer_running(node->neighbour[i])) {
680                                         res = node->neighbour[i];
681                                         goto out;
682                                 } else
683                                         failed = 1;
684                         }
685                         break;
686                 }
687         }
688
689         if (failed) {
690                 *cause      = ROSE_OUT_OF_ORDER;
691                 *diagnostic = 0;
692         } else {
693                 *cause      = ROSE_NOT_OBTAINABLE;
694                 *diagnostic = 0;
695         }
696
697 out:
698         spin_unlock_bh(&rose_node_list_lock);
699
700         return res;
701 }
702
703 /*
704  *      Handle the ioctls that control the routing functions.
705  */
706 int rose_rt_ioctl(unsigned int cmd, void __user *arg)
707 {
708         struct rose_route_struct rose_route;
709         struct net_device *dev;
710         int err;
711
712         switch (cmd) {
713         case SIOCADDRT:
714                 if (copy_from_user(&rose_route, arg, sizeof(struct rose_route_struct)))
715                         return -EFAULT;
716                 if ((dev = rose_ax25_dev_get(rose_route.device)) == NULL)
717                         return -EINVAL;
718                 if (rose_dev_exists(&rose_route.address)) { /* Can't add routes to ourself */
719                         dev_put(dev);
720                         return -EINVAL;
721                 }
722                 if (rose_route.mask > 10) /* Mask can't be more than 10 digits */
723                         return -EINVAL;
724                 if (rose_route.ndigis > AX25_MAX_DIGIS)
725                         return -EINVAL;
726                 err = rose_add_node(&rose_route, dev);
727                 dev_put(dev);
728                 return err;
729
730         case SIOCDELRT:
731                 if (copy_from_user(&rose_route, arg, sizeof(struct rose_route_struct)))
732                         return -EFAULT;
733                 if ((dev = rose_ax25_dev_get(rose_route.device)) == NULL)
734                         return -EINVAL;
735                 err = rose_del_node(&rose_route, dev);
736                 dev_put(dev);
737                 return err;
738
739         case SIOCRSCLRRT:
740                 return rose_clear_routes();
741
742         default:
743                 return -EINVAL;
744         }
745
746         return 0;
747 }
748
749 static void rose_del_route_by_neigh(struct rose_neigh *rose_neigh)
750 {
751         struct rose_route *rose_route, *s;
752
753         rose_neigh->restarted = 0;
754
755         rose_stop_t0timer(rose_neigh);
756         rose_start_ftimer(rose_neigh);
757
758         skb_queue_purge(&rose_neigh->queue);
759
760         spin_lock_bh(&rose_route_list_lock);
761
762         rose_route = rose_route_list;
763
764         while (rose_route != NULL) {
765                 if ((rose_route->neigh1 == rose_neigh && rose_route->neigh2 == rose_neigh) ||
766                     (rose_route->neigh1 == rose_neigh && rose_route->neigh2 == NULL)       ||
767                     (rose_route->neigh2 == rose_neigh && rose_route->neigh1 == NULL)) {
768                         s = rose_route->next;
769                         rose_remove_route(rose_route);
770                         rose_route = s;
771                         continue;
772                 }
773
774                 if (rose_route->neigh1 == rose_neigh) {
775                         rose_route->neigh1->use--;
776                         rose_route->neigh1 = NULL;
777                         rose_transmit_clear_request(rose_route->neigh2, rose_route->lci2, ROSE_OUT_OF_ORDER, 0);
778                 }
779
780                 if (rose_route->neigh2 == rose_neigh) {
781                         rose_route->neigh2->use--;
782                         rose_route->neigh2 = NULL;
783                         rose_transmit_clear_request(rose_route->neigh1, rose_route->lci1, ROSE_OUT_OF_ORDER, 0);
784                 }
785
786                 rose_route = rose_route->next;
787         }
788         spin_unlock_bh(&rose_route_list_lock);
789 }
790
791 /*
792  *      A level 2 link has timed out, therefore it appears to be a poor link,
793  *      then don't use that neighbour until it is reset. Blow away all through
794  *      routes and connections using this route.
795  */
796 void rose_link_failed(ax25_cb *ax25, int reason)
797 {
798         struct rose_neigh *rose_neigh;
799
800         spin_lock_bh(&rose_neigh_list_lock);
801         rose_neigh = rose_neigh_list;
802         while (rose_neigh != NULL) {
803                 if (rose_neigh->ax25 == ax25)
804                         break;
805                 rose_neigh = rose_neigh->next;
806         }
807
808         if (rose_neigh != NULL) {
809                 rose_neigh->ax25 = NULL;
810
811                 rose_del_route_by_neigh(rose_neigh);
812                 rose_kill_by_neigh(rose_neigh);
813         }
814         spin_unlock_bh(&rose_neigh_list_lock);
815 }
816
817 /*
818  *      A device has been "downed" remove its link status. Blow away all
819  *      through routes and connections that use this device.
820  */
821 void rose_link_device_down(struct net_device *dev)
822 {
823         struct rose_neigh *rose_neigh;
824
825         for (rose_neigh = rose_neigh_list; rose_neigh != NULL; rose_neigh = rose_neigh->next) {
826                 if (rose_neigh->dev == dev) {
827                         rose_del_route_by_neigh(rose_neigh);
828                         rose_kill_by_neigh(rose_neigh);
829                 }
830         }
831 }
832
833 /*
834  *      Route a frame to an appropriate AX.25 connection.
835  */
836 int rose_route_frame(struct sk_buff *skb, ax25_cb *ax25)
837 {
838         struct rose_neigh *rose_neigh, *new_neigh;
839         struct rose_route *rose_route;
840         struct rose_facilities_struct facilities;
841         rose_address *src_addr, *dest_addr;
842         struct sock *sk;
843         unsigned short frametype;
844         unsigned int lci, new_lci;
845         unsigned char cause, diagnostic;
846         struct net_device *dev;
847         int len, res = 0;
848         char buf[11];
849
850 #if 0
851         if (call_in_firewall(PF_ROSE, skb->dev, skb->data, NULL, &skb) != FW_ACCEPT)
852                 return res;
853 #endif
854
855         frametype = skb->data[2];
856         lci = ((skb->data[0] << 8) & 0xF00) + ((skb->data[1] << 0) & 0x0FF);
857         src_addr  = (rose_address *)(skb->data + 9);
858         dest_addr = (rose_address *)(skb->data + 4);
859
860         spin_lock_bh(&rose_neigh_list_lock);
861         spin_lock_bh(&rose_route_list_lock);
862
863         rose_neigh = rose_neigh_list;
864         while (rose_neigh != NULL) {
865                 if (ax25cmp(&ax25->dest_addr, &rose_neigh->callsign) == 0 &&
866                     ax25->ax25_dev->dev == rose_neigh->dev)
867                         break;
868                 rose_neigh = rose_neigh->next;
869         }
870
871         if (rose_neigh == NULL) {
872                 printk("rose_route : unknown neighbour or device %s\n",
873                        ax2asc(buf, &ax25->dest_addr));
874                 goto out;
875         }
876
877         /*
878          *      Obviously the link is working, halt the ftimer.
879          */
880         rose_stop_ftimer(rose_neigh);
881
882         /*
883          *      LCI of zero is always for us, and its always a restart
884          *      frame.
885          */
886         if (lci == 0) {
887                 rose_link_rx_restart(skb, rose_neigh, frametype);
888                 goto out;
889         }
890
891         /*
892          *      Find an existing socket.
893          */
894         if ((sk = rose_find_socket(lci, rose_neigh)) != NULL) {
895                 if (frametype == ROSE_CALL_REQUEST) {
896                         struct rose_sock *rose = rose_sk(sk);
897
898                         /* Remove an existing unused socket */
899                         rose_clear_queues(sk);
900                         rose->cause      = ROSE_NETWORK_CONGESTION;
901                         rose->diagnostic = 0;
902                         rose->neighbour->use--;
903                         rose->neighbour  = NULL;
904                         rose->lci        = 0;
905                         rose->state      = ROSE_STATE_0;
906                         sk->sk_state     = TCP_CLOSE;
907                         sk->sk_err       = 0;
908                         sk->sk_shutdown  |= SEND_SHUTDOWN;
909                         if (!sock_flag(sk, SOCK_DEAD)) {
910                                 sk->sk_state_change(sk);
911                                 sock_set_flag(sk, SOCK_DEAD);
912                         }
913                 }
914                 else {
915                         skb_reset_transport_header(skb);
916                         res = rose_process_rx_frame(sk, skb);
917                         goto out;
918                 }
919         }
920
921         /*
922          *      Is is a Call Request and is it for us ?
923          */
924         if (frametype == ROSE_CALL_REQUEST)
925                 if ((dev = rose_dev_get(dest_addr)) != NULL) {
926                         res = rose_rx_call_request(skb, dev, rose_neigh, lci);
927                         dev_put(dev);
928                         goto out;
929                 }
930
931         if (!sysctl_rose_routing_control) {
932                 rose_transmit_clear_request(rose_neigh, lci, ROSE_NOT_OBTAINABLE, 0);
933                 goto out;
934         }
935
936         /*
937          *      Route it to the next in line if we have an entry for it.
938          */
939         rose_route = rose_route_list;
940         while (rose_route != NULL) {
941                 if (rose_route->lci1 == lci &&
942                     rose_route->neigh1 == rose_neigh) {
943                         if (frametype == ROSE_CALL_REQUEST) {
944                                 /* F6FBB - Remove an existing unused route */
945                                 rose_remove_route(rose_route);
946                                 break;
947                         } else if (rose_route->neigh2 != NULL) {
948                                 skb->data[0] &= 0xF0;
949                                 skb->data[0] |= (rose_route->lci2 >> 8) & 0x0F;
950                                 skb->data[1]  = (rose_route->lci2 >> 0) & 0xFF;
951                                 rose_transmit_link(skb, rose_route->neigh2);
952                                 if (frametype == ROSE_CLEAR_CONFIRMATION)
953                                         rose_remove_route(rose_route);
954                                 res = 1;
955                                 goto out;
956                         } else {
957                                 if (frametype == ROSE_CLEAR_CONFIRMATION)
958                                         rose_remove_route(rose_route);
959                                 goto out;
960                         }
961                 }
962                 if (rose_route->lci2 == lci &&
963                     rose_route->neigh2 == rose_neigh) {
964                         if (frametype == ROSE_CALL_REQUEST) {
965                                 /* F6FBB - Remove an existing unused route */
966                                 rose_remove_route(rose_route);
967                                 break;
968                         } else if (rose_route->neigh1 != NULL) {
969                                 skb->data[0] &= 0xF0;
970                                 skb->data[0] |= (rose_route->lci1 >> 8) & 0x0F;
971                                 skb->data[1]  = (rose_route->lci1 >> 0) & 0xFF;
972                                 rose_transmit_link(skb, rose_route->neigh1);
973                                 if (frametype == ROSE_CLEAR_CONFIRMATION)
974                                         rose_remove_route(rose_route);
975                                 res = 1;
976                                 goto out;
977                         } else {
978                                 if (frametype == ROSE_CLEAR_CONFIRMATION)
979                                         rose_remove_route(rose_route);
980                                 goto out;
981                         }
982                 }
983                 rose_route = rose_route->next;
984         }
985
986         /*
987          *      We know that:
988          *      1. The frame isn't for us,
989          *      2. It isn't "owned" by any existing route.
990          */
991         if (frametype != ROSE_CALL_REQUEST) {   /* XXX */
992                 res = 0;
993                 goto out;
994         }
995
996         len  = (((skb->data[3] >> 4) & 0x0F) + 1) >> 1;
997         len += (((skb->data[3] >> 0) & 0x0F) + 1) >> 1;
998
999         memset(&facilities, 0x00, sizeof(struct rose_facilities_struct));
1000
1001         if (!rose_parse_facilities(skb->data + len + 4, &facilities)) {
1002                 rose_transmit_clear_request(rose_neigh, lci, ROSE_INVALID_FACILITY, 76);
1003                 goto out;
1004         }
1005
1006         /*
1007          *      Check for routing loops.
1008          */
1009         rose_route = rose_route_list;
1010         while (rose_route != NULL) {
1011                 if (rose_route->rand == facilities.rand &&
1012                     rosecmp(src_addr, &rose_route->src_addr) == 0 &&
1013                     ax25cmp(&facilities.dest_call, &rose_route->src_call) == 0 &&
1014                     ax25cmp(&facilities.source_call, &rose_route->dest_call) == 0) {
1015                         rose_transmit_clear_request(rose_neigh, lci, ROSE_NOT_OBTAINABLE, 120);
1016                         goto out;
1017                 }
1018                 rose_route = rose_route->next;
1019         }
1020
1021         if ((new_neigh = rose_get_neigh(dest_addr, &cause, &diagnostic)) == NULL) {
1022                 rose_transmit_clear_request(rose_neigh, lci, cause, diagnostic);
1023                 goto out;
1024         }
1025
1026         if ((new_lci = rose_new_lci(new_neigh)) == 0) {
1027                 rose_transmit_clear_request(rose_neigh, lci, ROSE_NETWORK_CONGESTION, 71);
1028                 goto out;
1029         }
1030
1031         if ((rose_route = kmalloc(sizeof(*rose_route), GFP_ATOMIC)) == NULL) {
1032                 rose_transmit_clear_request(rose_neigh, lci, ROSE_NETWORK_CONGESTION, 120);
1033                 goto out;
1034         }
1035
1036         rose_route->lci1      = lci;
1037         rose_route->src_addr  = *src_addr;
1038         rose_route->dest_addr = *dest_addr;
1039         rose_route->src_call  = facilities.dest_call;
1040         rose_route->dest_call = facilities.source_call;
1041         rose_route->rand      = facilities.rand;
1042         rose_route->neigh1    = rose_neigh;
1043         rose_route->lci2      = new_lci;
1044         rose_route->neigh2    = new_neigh;
1045
1046         rose_route->neigh1->use++;
1047         rose_route->neigh2->use++;
1048
1049         rose_route->next = rose_route_list;
1050         rose_route_list  = rose_route;
1051
1052         skb->data[0] &= 0xF0;
1053         skb->data[0] |= (rose_route->lci2 >> 8) & 0x0F;
1054         skb->data[1]  = (rose_route->lci2 >> 0) & 0xFF;
1055
1056         rose_transmit_link(skb, rose_route->neigh2);
1057         res = 1;
1058
1059 out:
1060         spin_unlock_bh(&rose_route_list_lock);
1061         spin_unlock_bh(&rose_neigh_list_lock);
1062
1063         return res;
1064 }
1065
1066 #ifdef CONFIG_PROC_FS
1067
1068 static void *rose_node_start(struct seq_file *seq, loff_t *pos)
1069         __acquires(rose_node_list_lock)
1070 {
1071         struct rose_node *rose_node;
1072         int i = 1;
1073
1074         spin_lock_bh(&rose_node_list_lock);
1075         if (*pos == 0)
1076                 return SEQ_START_TOKEN;
1077
1078         for (rose_node = rose_node_list; rose_node && i < *pos;
1079              rose_node = rose_node->next, ++i);
1080
1081         return (i == *pos) ? rose_node : NULL;
1082 }
1083
1084 static void *rose_node_next(struct seq_file *seq, void *v, loff_t *pos)
1085 {
1086         ++*pos;
1087
1088         return (v == SEQ_START_TOKEN) ? rose_node_list
1089                 : ((struct rose_node *)v)->next;
1090 }
1091
1092 static void rose_node_stop(struct seq_file *seq, void *v)
1093         __releases(rose_node_list_lock)
1094 {
1095         spin_unlock_bh(&rose_node_list_lock);
1096 }
1097
1098 static int rose_node_show(struct seq_file *seq, void *v)
1099 {
1100         int i;
1101
1102         if (v == SEQ_START_TOKEN)
1103                 seq_puts(seq, "address    mask n neigh neigh neigh\n");
1104         else {
1105                 const struct rose_node *rose_node = v;
1106                 /* if (rose_node->loopback) {
1107                         seq_printf(seq, "%-10s %04d 1 loopback\n",
1108                                 rose2asc(&rose_node->address),
1109                                 rose_node->mask);
1110                 } else { */
1111                         seq_printf(seq, "%-10s %04d %d",
1112                                 rose2asc(&rose_node->address),
1113                                 rose_node->mask,
1114                                 rose_node->count);
1115
1116                         for (i = 0; i < rose_node->count; i++)
1117                                 seq_printf(seq, " %05d",
1118                                         rose_node->neighbour[i]->number);
1119
1120                         seq_puts(seq, "\n");
1121                 /* } */
1122         }
1123         return 0;
1124 }
1125
1126 static const struct seq_operations rose_node_seqops = {
1127         .start = rose_node_start,
1128         .next = rose_node_next,
1129         .stop = rose_node_stop,
1130         .show = rose_node_show,
1131 };
1132
1133 static int rose_nodes_open(struct inode *inode, struct file *file)
1134 {
1135         return seq_open(file, &rose_node_seqops);
1136 }
1137
1138 const struct file_operations rose_nodes_fops = {
1139         .owner = THIS_MODULE,
1140         .open = rose_nodes_open,
1141         .read = seq_read,
1142         .llseek = seq_lseek,
1143         .release = seq_release,
1144 };
1145
1146 static void *rose_neigh_start(struct seq_file *seq, loff_t *pos)
1147         __acquires(rose_neigh_list_lock)
1148 {
1149         struct rose_neigh *rose_neigh;
1150         int i = 1;
1151
1152         spin_lock_bh(&rose_neigh_list_lock);
1153         if (*pos == 0)
1154                 return SEQ_START_TOKEN;
1155
1156         for (rose_neigh = rose_neigh_list; rose_neigh && i < *pos;
1157              rose_neigh = rose_neigh->next, ++i);
1158
1159         return (i == *pos) ? rose_neigh : NULL;
1160 }
1161
1162 static void *rose_neigh_next(struct seq_file *seq, void *v, loff_t *pos)
1163 {
1164         ++*pos;
1165
1166         return (v == SEQ_START_TOKEN) ? rose_neigh_list
1167                 : ((struct rose_neigh *)v)->next;
1168 }
1169
1170 static void rose_neigh_stop(struct seq_file *seq, void *v)
1171         __releases(rose_neigh_list_lock)
1172 {
1173         spin_unlock_bh(&rose_neigh_list_lock);
1174 }
1175
1176 static int rose_neigh_show(struct seq_file *seq, void *v)
1177 {
1178         char buf[11];
1179         int i;
1180
1181         if (v == SEQ_START_TOKEN)
1182                 seq_puts(seq,
1183                          "addr  callsign  dev  count use mode restart  t0  tf digipeaters\n");
1184         else {
1185                 struct rose_neigh *rose_neigh = v;
1186
1187                 /* if (!rose_neigh->loopback) { */
1188                 seq_printf(seq, "%05d %-9s %-4s   %3d %3d  %3s     %3s %3lu %3lu",
1189                            rose_neigh->number,
1190                            (rose_neigh->loopback) ? "RSLOOP-0" : ax2asc(buf, &rose_neigh->callsign),
1191                            rose_neigh->dev ? rose_neigh->dev->name : "???",
1192                            rose_neigh->count,
1193                            rose_neigh->use,
1194                            (rose_neigh->dce_mode) ? "DCE" : "DTE",
1195                            (rose_neigh->restarted) ? "yes" : "no",
1196                            ax25_display_timer(&rose_neigh->t0timer) / HZ,
1197                            ax25_display_timer(&rose_neigh->ftimer)  / HZ);
1198
1199                 if (rose_neigh->digipeat != NULL) {
1200                         for (i = 0; i < rose_neigh->digipeat->ndigi; i++)
1201                                 seq_printf(seq, " %s", ax2asc(buf, &rose_neigh->digipeat->calls[i]));
1202                 }
1203
1204                 seq_puts(seq, "\n");
1205         }
1206         return 0;
1207 }
1208
1209
1210 static const struct seq_operations rose_neigh_seqops = {
1211         .start = rose_neigh_start,
1212         .next = rose_neigh_next,
1213         .stop = rose_neigh_stop,
1214         .show = rose_neigh_show,
1215 };
1216
1217 static int rose_neigh_open(struct inode *inode, struct file *file)
1218 {
1219         return seq_open(file, &rose_neigh_seqops);
1220 }
1221
1222 const struct file_operations rose_neigh_fops = {
1223         .owner = THIS_MODULE,
1224         .open = rose_neigh_open,
1225         .read = seq_read,
1226         .llseek = seq_lseek,
1227         .release = seq_release,
1228 };
1229
1230
1231 static void *rose_route_start(struct seq_file *seq, loff_t *pos)
1232         __acquires(rose_route_list_lock)
1233 {
1234         struct rose_route *rose_route;
1235         int i = 1;
1236
1237         spin_lock_bh(&rose_route_list_lock);
1238         if (*pos == 0)
1239                 return SEQ_START_TOKEN;
1240
1241         for (rose_route = rose_route_list; rose_route && i < *pos;
1242              rose_route = rose_route->next, ++i);
1243
1244         return (i == *pos) ? rose_route : NULL;
1245 }
1246
1247 static void *rose_route_next(struct seq_file *seq, void *v, loff_t *pos)
1248 {
1249         ++*pos;
1250
1251         return (v == SEQ_START_TOKEN) ? rose_route_list
1252                 : ((struct rose_route *)v)->next;
1253 }
1254
1255 static void rose_route_stop(struct seq_file *seq, void *v)
1256         __releases(rose_route_list_lock)
1257 {
1258         spin_unlock_bh(&rose_route_list_lock);
1259 }
1260
1261 static int rose_route_show(struct seq_file *seq, void *v)
1262 {
1263         char buf[11];
1264
1265         if (v == SEQ_START_TOKEN)
1266                 seq_puts(seq,
1267                          "lci  address     callsign   neigh  <-> lci  address     callsign   neigh\n");
1268         else {
1269                 struct rose_route *rose_route = v;
1270
1271                 if (rose_route->neigh1)
1272                         seq_printf(seq,
1273                                    "%3.3X  %-10s  %-9s  %05d      ",
1274                                    rose_route->lci1,
1275                                    rose2asc(&rose_route->src_addr),
1276                                    ax2asc(buf, &rose_route->src_call),
1277                                    rose_route->neigh1->number);
1278                 else
1279                         seq_puts(seq,
1280                                  "000  *           *          00000      ");
1281
1282                 if (rose_route->neigh2)
1283                         seq_printf(seq,
1284                                    "%3.3X  %-10s  %-9s  %05d\n",
1285                                 rose_route->lci2,
1286                                 rose2asc(&rose_route->dest_addr),
1287                                 ax2asc(buf, &rose_route->dest_call),
1288                                 rose_route->neigh2->number);
1289                  else
1290                          seq_puts(seq,
1291                                   "000  *           *          00000\n");
1292                 }
1293         return 0;
1294 }
1295
1296 static const struct seq_operations rose_route_seqops = {
1297         .start = rose_route_start,
1298         .next = rose_route_next,
1299         .stop = rose_route_stop,
1300         .show = rose_route_show,
1301 };
1302
1303 static int rose_route_open(struct inode *inode, struct file *file)
1304 {
1305         return seq_open(file, &rose_route_seqops);
1306 }
1307
1308 const struct file_operations rose_routes_fops = {
1309         .owner = THIS_MODULE,
1310         .open = rose_route_open,
1311         .read = seq_read,
1312         .llseek = seq_lseek,
1313         .release = seq_release,
1314 };
1315
1316 #endif /* CONFIG_PROC_FS */
1317
1318 /*
1319  *      Release all memory associated with ROSE routing structures.
1320  */
1321 void __exit rose_rt_free(void)
1322 {
1323         struct rose_neigh *s, *rose_neigh = rose_neigh_list;
1324         struct rose_node  *t, *rose_node  = rose_node_list;
1325         struct rose_route *u, *rose_route = rose_route_list;
1326
1327         while (rose_neigh != NULL) {
1328                 s          = rose_neigh;
1329                 rose_neigh = rose_neigh->next;
1330
1331                 rose_remove_neigh(s);
1332         }
1333
1334         while (rose_node != NULL) {
1335                 t         = rose_node;
1336                 rose_node = rose_node->next;
1337
1338                 rose_remove_node(t);
1339         }
1340
1341         while (rose_route != NULL) {
1342                 u          = rose_route;
1343                 rose_route = rose_route->next;
1344
1345                 rose_remove_route(u);
1346         }
1347 }