FreeCalypso > hg > fc-magnetite
view src/g23m-fad/ip/ip_kerf.c @ 516:1ed9de6c90bd
src/g23m-gsm/sms/sms_for.c: bogus malloc removed
The new error handling code that was not present in TCS211 blob version
contains a malloc call that is bogus for 3 reasons:
1) The memory allocation in question is not needed in the first place;
2) libc malloc is used instead of one of the firmware's proper ways;
3) The memory allocation is made inside a function and then never freed,
i.e., a memory leak.
This bug was caught in gcc-built FreeCalypso fw projects (Citrine
and Selenite) because our gcc environment does not allow any use of
libc malloc (any reference to malloc produces a link failure),
but this code from TCS3.2 is wrong even for Magnetite: if this code
path is executed repeatedly over a long time, the many small allocations
made by this malloc call without a subsequent free will eventually
exhaust the malloc heap provided by the TMS470 environment, malloc will
start returning NULL, and the bogus code will treat it as an error.
Because the memory allocation in question is not needed at all,
the fix entails simply removing it.
author | Mychaela Falconia <falcon@freecalypso.org> |
---|---|
date | Sun, 22 Jul 2018 06:04:49 +0000 |
parents | 90eb61ecd093 |
children |
line wrap: on
line source
/* +---------------------------------------------------------------------------- | Project : | Modul : +---------------------------------------------------------------------------- | Copyright 2002 Texas Instruments Berlin, AG | All rights reserved. | | This file is confidential and a trade secret of Texas | Instruments Berlin, AG | The receipt of or possession of this file does not convey | any rights to reproduce or disclose its contents or to | manufacture, use, or sell anything it may describe, in | whole, or in part, without the specific written consent of | Texas Instruments Berlin, AG. +---------------------------------------------------------------------------- | Purpose : This Modul defines the functions for processing | of incomming primitives for the component | Internet Protocol of the mobile station +---------------------------------------------------------------------------- */ #define ENTITY_IP /*==== INCLUDES ===================================================*/ #include <string.h> #include "typedefs.h" #include "pconst.cdg" #include "vsi.h" #include "macdef.h" /* Get PFREE_DESC2 */ #include "pconst.cdg" #include "custom.h" #include "gsm.h" #include "cnf_ip.h" #include "mon_ip.h" #include "prim.h" #include "pei.h" #include "tok.h" #include "ccdapi.h" #include "dti.h" #include "ip.h" #include "ip_udp.h" /* +--------------------------------------------------------------------+ | PROJECT : WAP MODULE : ip_kerf.c | | STATE : code ROUTINE : ip_packet_validator | +--------------------------------------------------------------------+ PURPOSE : Checks for IP packet validity */ BOOL ip_packet_validator (T_desc_list2 * desc_list) { TRACE_FUNCTION ("ip_packet_validator()"); if (desc_list == NULL) { TRACE_ERROR ("desc_list == NULL in IP validator."); return FALSE; } { /* Loop once through all the list */ register T_desc2 * desc = (T_desc2 *) desc_list->first; register unsigned length = 0; while (desc != NULL) { /* Check consistency of descs */ if (desc->size < desc->offset + desc->len) { TRACE_ERROR ( "Packet dropped: " "desc->size < desc->offset + desc->len in IP validator." ); return FALSE; /* This is a mistake. Must be DTI1. */ /* desc->offset = 0; */ /* desc->size = desc->len; */ } /* Make sure that all offsets are 0 */ if (desc->offset != 0) { memmove (desc->buffer, desc->buffer + desc->offset, desc->len); desc->offset = 0; } /* Calculate the sum of lengths */ length += desc->len; desc = (T_desc2 *) desc->next; } /* Check desc_list->list_len */ if (desc_list->list_len != length) { TRACE_ERROR ( "Packet dropped: " "desc_list->list_len != length in IP validator." ); return FALSE; /* This is a mistake. But we could live with it. */ /* desc_list->list_len = (USHORT) length; */ } /* Need at least LEN_IP_HEADER_B bytes for one header */ if (length < LEN_IP_HEADER_B) { TRACE_ERROR ( "Packet dropped: " "length < LEN_IP_HEADER_B in IP validator." ); return FALSE; } /* Have enough bytes, but they may be distributed */ desc = (T_desc2 *) desc_list->first; if (desc->len < LEN_IP_HEADER_B) { /* Collect all bytes in one desc */ T_desc2 * bigdesc = M_ALLOC (offsetof (T_desc2, buffer) + length); if (bigdesc == NULL) { TRACE_ERROR ("Not enough memory in IP validator."); return FALSE; } bigdesc->next = 0; bigdesc->offset = 0; bigdesc->len = (USHORT) length; bigdesc->size = (USHORT) length; /* Loop again through all the list */ length = 0; while (desc != NULL) { T_desc2 * removable = desc; memcpy (bigdesc->buffer + length, desc->buffer, desc->len); length += desc->len; desc = (T_desc2 *) desc->next; MFREE (removable); } desc_list->first = (ULONG) bigdesc; desc = bigdesc; } /* Need at least GET_IP_HEADER_LEN_B() bytes for the IP header */ if (length < (unsigned) GET_IP_HEADER_LEN_B (desc->buffer)) { TRACE_ERROR ( "Packet dropped: " "length < GET_IP_HEADER_LEN_B() in IP validator." ); return FALSE; } /* Survived */ return TRUE; } } /* +--------------------------------------------------------------------+ | PROJECT : GSM-FaD (8444) MODULE : IP_KERF | | STATE : code ROUTINE : free_primitive_data_ind | +--------------------------------------------------------------------+ * * Set a DTI_DATA_IND primitive free and the pointer to NULL */ void free_primitive_data_ind (T_DTI2_DATA_IND ** dti_data_ind) { TRACE_FUNCTION ("free_primitive_data_ind()"); if (dti_data_ind != NULL && *dti_data_ind != NULL) { PFREE_DESC2 (* dti_data_ind); *dti_data_ind = NULL; } } /* +--------------------------------------------------------------------+ | PROJECT : GSM-FaD (8444) MODULE : IP_KERF | | STATE : code ROUTINE : free_primitive_data_req | +--------------------------------------------------------------------+ * * Set a DTI_DATA_REQ primitive free and the pointer to NULL */ void free_primitive_data_req (T_DTI2_DATA_REQ ** dti_data_req) { TRACE_FUNCTION ("free_primitive_data_req()"); if (dti_data_req != NULL && *dti_data_req != NULL) { PFREE_DESC2 (* dti_data_req); *dti_data_req = NULL; } } /* +--------------------------------------------------------------------+ | PROJECT : WAP MODULE : IP | | STATE : code ROUTINE : set_desc_len | +--------------------------------------------------------------------+ * * Set the new desc length and fix desc_list length */ void set_desc_len (T_desc_list2 * desc_list, T_desc2 * desc, USHORT len_desc) { TRACE_FUNCTION ("set_desc_len()"); desc_list->list_len = (USHORT) (desc_list->list_len + len_desc - desc->len); desc->len = len_desc; } /* +--------------------------------------------------------------------+ | PROJECT : WAP MODULE : IP | | STATE : code ROUTINE : del_rest_descs | +--------------------------------------------------------------------+ * * Free the next desc(s) from desc. Fix the list_len in desc_list */ void del_rest_descs (T_desc_list2 * desc_list, T_desc2 * desc) { BOOL go = TRUE; T_desc2 * p_desc_last, * p_desc_start; TRACE_FUNCTION ("del_rest_descs()"); if (desc->next > 0) { p_desc_start = desc; desc = (T_desc2 *) desc->next; do { p_desc_last = desc; if (desc->next > 0) desc = (T_desc2 *) desc->next; else go = FALSE; desc_list->list_len = (USHORT) (desc_list->list_len - p_desc_last->len); MFREE (p_desc_last); } while (go); desc = p_desc_start; desc->next = 0; } } /* +--------------------------------------------------------------------+ | PROJECT : GSM-FaD (8444) MODULE : IP_KERF | | STATE : code ROUTINE : del_descs | +--------------------------------------------------------------------+ * * Free the desc(s) */ void del_descs (T_desc2 * desc) { BOOL go = TRUE; T_desc2 * p_desc_last; TRACE_FUNCTION ("del_descs()"); do { p_desc_last = desc; if (desc->next > 0) desc = (T_desc2 *) desc->next; else go = FALSE; MFREE (p_desc_last); } while (go); } /** filter_out_in_desc * * cuts length bytes out of a T_desc2::buffer, starting at 'start'. * * @param desc Pointer to a T_desc2 * @param start Start of the block to be cut out * @param length Length of the block to be cut out * * @return TRUE if parameters are valid, FALSE if parameters are invalid */ static BOOL filter_out_in_desc ( T_desc2 * desc, USHORT start, USHORT length ) { TRACE_FUNCTION ("filter_out_in_desc()"); if (desc != NULL && start + length <= desc->len) { memmove ( desc->buffer + start, desc->buffer + start + length, desc->len - start - length ); desc->len = (USHORT) (desc->len - length); return TRUE; } else { TRACE_ERROR ("Parameters are invalid in filter_out_in_desc()."); return FALSE; } } /** truncate_descs * * truncates a T_desc_list2 to no more than new_length bytes. * * @param desc_list Pointer to a T_desc_list2 * @param new_length Maximal new length of that T_desc_list2 */ void truncate_descs (T_desc_list2 * desc_list, USHORT new_length) { TRACE_FUNCTION ("truncate_descs()"); if (desc_list != NULL) { T_desc2 ** pp_desc = (T_desc2 **) & desc_list->first; desc_list->list_len = 0; /* Will be recalculated, anyway */ /* First a loop over all T_descs which will remain. */ while (*pp_desc != NULL && new_length != 0) { if (new_length < (*pp_desc)->len) (*pp_desc)->len = new_length; new_length = (USHORT) (new_length - (*pp_desc)->len); desc_list->list_len = /* Recalculation */ (USHORT) (desc_list->list_len + (*pp_desc)->len); pp_desc = (T_desc2 **) & (*pp_desc)->next; } /* Second a loop over all T_descs which have to be deleted, if any. */ while (*pp_desc != NULL) { T_desc2 * p_desc_removable = *pp_desc; *pp_desc = (T_desc2 *) p_desc_removable->next; MFREE (p_desc_removable); } /* This way, new_length==0 at function call results in * desc_list->first==NULL at function return. */ /* Third a loop over all T_descs which have to be created, if any. * (If it were Prokrustes, not truncation, * we would have to allocate new T_descs here.) * while (new_length != 0) { ... } */ } else { TRACE_ERROR ("truncate_descs() called without T_desc_list2."); TRACE_ASSERT (0); } } /* +--------------------------------------------------------------------+ | PROJECT : GSM-FaD (8444) MODULE : IP_KERF | | STATE : code ROUTINE : insert_sort_descs | +--------------------------------------------------------------------+ * * Insert a new descriptor sorted by fragment offset. * The less value at first. Filter out descs with same offset. */ static void insert_sort_desc (T_desc_list2 * desc_list, T_desc2 * p_new_desc) { if (desc_list != NULL && p_new_desc != NULL) { T_desc2 * desc; T_desc2 * p_desc_last; UBYTE * ip_header; USHORT offset, new_offset; offset = 0xffff; ip_header = p_new_desc->buffer; new_offset = (USHORT) GET_IP_FRAG_OFFSET (ip_header);/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */ desc = (T_desc2 *) desc_list->first; p_desc_last = NULL; while (desc NEQ NULL) { ip_header = desc->buffer; offset = (USHORT) GET_IP_FRAG_OFFSET (ip_header);/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */ if (new_offset <= offset) break; p_desc_last = desc; desc = (T_desc2 *) desc->next; } if (new_offset EQ offset) { /* Two descriptors with the same offset * Throw away the new one */ MFREE (p_new_desc); } else { /* Insert descriptor after p_desc_last */ if (p_desc_last EQ NULL) { p_new_desc->next = desc_list->first; desc_list->first = (ULONG) p_new_desc; } else { p_new_desc->next = p_desc_last->next; p_desc_last->next = (ULONG) p_new_desc; } /* Add the length of the new descriptor */ desc_list->list_len = (USHORT) (desc_list->list_len + p_new_desc->len); } } } /* +--------------------------------------------------------------------+ | PROJECT : GSM-FaD (8444) MODULE : IP_KERF | | STATE : code ROUTINE : reassemble_fragments | +--------------------------------------------------------------------+ * * Reassemble fragments coming in downlink */ void reassemble_fragments ( T_DTI2_DATA_IND ** dti_data_ind, T_LOLA * p_dl, UBYTE * ip_header, BOOL first_segment, /* BOOL middle_segment, */ BOOL last_segment /*,*/ /* USHORT fragm_offset */ ) { USHORT fragm_id, header_len_b, offset; UBYTE fragm_prot; ULONG server_source_addr; BOOL found_source_addr = FALSE; TRACE_FUNCTION ("reassemble_fragments()"); fragm_id = (USHORT) GET_IP_IDENT (ip_header); fragm_prot = GET_IP_PROT (ip_header); server_source_addr = GET_IP_SOURCE_ADDR (ip_header); /* Check source address from server */ p_dl->pos_server = 0; do { if (p_dl->ip_source_addr_segment[p_dl->pos_server] NEQ server_source_addr) p_dl->pos_server++; else found_source_addr = TRUE; } while (! found_source_addr && p_dl->pos_server < MAX_SEGM_SERVER); /* Select the server - by only one server p_dl->pos_server = 0 */ if (p_dl->pos_server EQ MAX_SEGM_SERVER) p_dl->pos_server = 0; p_dl->ip_source_addr_segment[p_dl->pos_server] = server_source_addr; /* Check if it is the first or the last segment */ if (first_segment) p_dl->got_first_segment[p_dl->pos_server] = TRUE; if (last_segment) p_dl->got_last_segment[p_dl->pos_server] = TRUE; /* Is it the first of any segment type? */ if (p_dl->state_reassembly[p_dl->pos_server] EQ NO_SEGMENTS) { p_dl->data_ind_reassembly[p_dl->pos_server] = *dti_data_ind; p_dl->state_reassembly[p_dl->pos_server] = READ_SEGMENT; p_dl->id_reassemble[p_dl->pos_server] = fragm_id; p_dl->prot_reassemble[p_dl->pos_server] = fragm_prot; /* Start reassembly timer */ /* Implementation problem: the timer index must be * layer * MAX_SEGM_SERVER + p_dl->pos_server. The * layer variable is not forwarded to the function. * It works, because layer is ever set to 0 in the moment. */ vsi_t_start (VSI_CALLER p_dl->pos_server, TIME_REASSEMBLY); p_dl->timer_reass_running[p_dl->pos_server] = TRUE; } /* Check the fragment ID and protocol. If not the same - free resources */ else if ( (p_dl->id_reassemble[p_dl->pos_server] NEQ fragm_id) OR (p_dl->prot_reassemble[p_dl->pos_server] NEQ fragm_prot) ) { if (p_dl->timer_reass_running[p_dl->pos_server]) { /* Implementation problem: the timer index must be * layer * MAX_SEGM_SERVER + p_dl->pos_server. The * layer variable is not forwarded to the function. * It works, because layer is ever set to 0 in the moment. */ csf_stop_timer (p_dl->pos_server); p_dl->timer_reass_running[p_dl->pos_server] = FALSE; } p_dl->drop_packet = TRUE; p_dl->state_reassembly[p_dl->pos_server] = NO_SEGMENTS; free_primitive_data_ind (p_dl->data_ind_reassembly + p_dl->pos_server); /* Note: We could generate an ICMP packet */ return; } else /* Got correct segments before */ { /* Note: The whole datagram must be in the same descriptor */ /* Note: The timeout value should be changed to MAX (TTL, TIME_REASSEMBLY) */ BOOL all_fragments_received = FALSE; T_desc_list2 * desc_list = & p_dl->data_ind_reassembly[p_dl->pos_server]->desc_list2; T_desc2 * desc = (T_desc2 *) p_dl->dti_data_ind->desc_list2.first; if (desc == NULL || (T_desc2 *) desc_list->first == NULL) { TRACE_ERROR ("Pointer is NULL."); return; } /* Insert the descriptor in the right position, according to the offset */ insert_sort_desc (desc_list, desc); /* Check if got all fragments */ if ( p_dl->got_first_segment[p_dl->pos_server] AND p_dl->got_last_segment[p_dl->pos_server] ) { BOOL go = TRUE; USHORT data_len, next_offset; UBYTE * ip_packet; desc = (T_desc2 *) desc_list->first; ip_packet = desc->buffer; header_len_b = (USHORT) GET_IP_HEADER_LEN_B (ip_packet); data_len = (USHORT) (desc->len - header_len_b); next_offset = 0; do { if ((T_desc2 *) desc->next != NULL) { desc = (T_desc2 *) desc->next; ip_packet = desc->buffer; next_offset = (USHORT) GET_IP_FRAG_OFFSET_B (ip_packet);/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */ header_len_b = (USHORT) GET_IP_HEADER_LEN_B (ip_packet); if ((T_desc2 *) desc->next != NULL) data_len = (USHORT) (data_len + desc->len - header_len_b); } else go = FALSE; } while (go); if (data_len >= next_offset) all_fragments_received = TRUE; } /* Reassemble the fragments */ if (all_fragments_received) { BOOL go = TRUE; USHORT len_fragments, header_len_b_first; T_desc2 * p_desc_first, * p_desc_last; UBYTE * ip_packet; p_dl->state_reassembly[p_dl->pos_server] = NO_SEGMENTS; if ( desc_list == NULL || (T_desc2 *) desc_list->first == NULL || (T_desc2 *) ((T_desc2*)desc_list->first)->next == NULL ) { TRACE_ERROR ("Pointer is NULL."); return; } /* Fix the first desc */ p_desc_first = (T_desc2 *) desc_list->first; ip_packet = p_desc_first->buffer; header_len_b_first = (USHORT) GET_IP_HEADER_LEN_B (ip_packet); /* Start from next desc */ desc = (T_desc2 *) p_desc_first->next; ip_packet = desc->buffer; offset = (USHORT) GET_IP_FRAG_OFFSET_B (ip_packet);/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */ p_desc_first->len = (USHORT) (offset + header_len_b_first); len_fragments = offset; do { if (desc->next NEQ 0) { p_desc_last = desc; desc = (T_desc2 *) desc->next; /* Get the fragment offset */ ip_packet = desc->buffer; header_len_b = (USHORT) GET_IP_HEADER_LEN_B (ip_packet); offset = (USHORT) GET_IP_FRAG_OFFSET_B (ip_packet);/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */ /* Filter out IP header */ ip_packet = p_desc_last->buffer; header_len_b = (USHORT) GET_IP_HEADER_LEN_B (ip_packet); filter_out_in_desc (p_desc_last, 0, header_len_b); len_fragments = (USHORT) (len_fragments + p_desc_last->len); } else { go = FALSE; /* Filter out last IP header */ ip_packet = desc->buffer; header_len_b = (USHORT) GET_IP_HEADER_LEN_B (ip_packet); filter_out_in_desc (desc, 0, header_len_b); len_fragments = (USHORT) (len_fragments + desc->len); } } while (go); /* Build the IP datagram */ /* Implementation problem: the timer index must be * layer * MAX_SEGM_SERVER + p_dl->pos_server. The * layer variable is not forwarded to the function. * It works, because layer is ever set to 0 in the moment. */ csf_stop_timer (p_dl->pos_server); p_dl->timer_reass_running[p_dl->pos_server] = FALSE; /* PFREE (dti_data_ind); */ /* Is being freed elsewhere. Would anyway have false level of indirection. */ p_dl->data_ind_reassembly[p_dl->pos_server]->desc_list2.list_len = (USHORT) (len_fragments + header_len_b_first); *dti_data_ind = p_dl->data_ind_reassembly[p_dl->pos_server]; p_desc_first = (T_desc2 *) (*dti_data_ind)->desc_list2.first; ip_packet = p_desc_first->buffer; { ULONG dest_addr; UBYTE ttl; dest_addr = GET_IP_DEST_ADDR (ip_packet);/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */ ttl = GET_IP_TTL (ip_packet);/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */ build_ip_header ( ip_packet, fragm_id, (UBYTE) (header_len_b_first >> 2), NORMAL_SERVICE, ttl, p_dl->ip_source_addr_segment[p_dl->pos_server], dest_addr, (UBYTE) (len_fragments + header_len_b_first), NO_OFFSET_FRAG, FLAG_NOT_SET, FLAG_NOT_SET, fragm_prot ); } p_dl->data_ind_reassembly[p_dl->pos_server] = NULL; } /* else */ /* PFREE (dti_data_ind); */ /* Is being freed elsewhere. Would anyway have false level of indirection. */ } } /* +--------------------------------------------------------------------+ | PROJECT : WAP MODULE : IP | | STATE : code ROUTINE : put_desc_first_pos | +--------------------------------------------------------------------+ * * Put desc on the first position of a desc_list. * Set the new list_len in desc_list. */ void put_desc_first_pos (T_desc_list2 * desc_list, T_desc2 * p_desc_new) { ULONG help; T_desc2 * p_desc_help; TRACE_FUNCTION ("put_desc_first_pos()"); p_desc_help = (T_desc2 *) desc_list->first; if (p_desc_help NEQ p_desc_new) { help = desc_list->first; desc_list->first = (ULONG) p_desc_new; p_desc_new->next = help; desc_list->list_len = (USHORT) (desc_list->list_len + p_desc_new->len); } } /* +--------------------------------------------------------------------+ | PROJECT : GSM-FaD (8444) MODULE : IP_KER | | STATE : code ROUTINE : copy_from_descs_to_desc | +--------------------------------------------------------------------+ * * Copy data from one or more descs into desc_new. Possible to use offset. */ void copy_from_descs_to_desc ( T_desc2 ** desc, T_desc2 * desc_new, USHORT copy_len, USHORT offset_desc, USHORT offset_desc_new, USHORT * pos_copy, USHORT * total_len_copy ) { BOOL go = TRUE; *pos_copy = offset_desc; *total_len_copy = 0; do { while ( (*pos_copy < (*desc)->len) AND (offset_desc_new < desc_new->len) AND (*total_len_copy < copy_len) ) { desc_new->buffer[offset_desc_new] = (*desc)->buffer[*pos_copy]; offset_desc_new ++; (*pos_copy)++; (*total_len_copy)++; } if ( (*total_len_copy >= copy_len) OR (offset_desc_new >= desc_new->len) ) { go = FALSE; } else { if (*pos_copy >= (*desc)->len) { if ((*desc)->next > 0) { *desc = (T_desc2 *) (*desc)->next; *pos_copy = 0; } else { go = FALSE; } } } } while (go); } /* +--------------------------------------------------------------------+ | PROJECT : WAP MODULE : IP | | STATE : code ROUTINE : make_new_desc | +--------------------------------------------------------------------+ * * Malloc a new desc. Init buffer 0 if buff_init_0 = TRUE */ BOOL make_new_desc ( T_desc2 ** p_desc_new, USHORT malloc_len, BOOL buff_init_0 ) { TRACE_FUNCTION ("make_new_desc()"); MALLOC (*p_desc_new, offsetof (T_desc2, buffer) + malloc_len); /* The target compiler issues a warning * "pointer type conversion may violate alignment constraints" * here and everywhere where MALLOC is being used. */ if (*p_desc_new EQ 0) return FALSE; if (buff_init_0) { USHORT i; for (i = 0; i < malloc_len; i++) (*p_desc_new)->buffer[i] = 0; } (*p_desc_new)->next = 0; (*p_desc_new)->offset = 0; (*p_desc_new)->len = malloc_len; (*p_desc_new)->size = malloc_len; return TRUE; } #if 0 /* +--------------------------------------------------------------------+ | PROJECT : GSM-FaD (8444) MODULE : IP_KERF | | STATE : code ROUTINE : sort_descs_id_up | +--------------------------------------------------------------------+ * * Sort the descs with fragment offset. The less value at * first. Filter out descs with same offset. */ USHORT sort_descs_id_up ( T_desc_list * desc_list, ULONG sort_array[2][MAX_SEGMENTS] ) { T_desc * desc; USHORT i, n_descs, code; BOOL go = TRUE; ULONG addr, wert; UBYTE * ip_header; TRACE_FUNCTION ("sort_descs_id_up()"); desc = (T_desc *) desc_list->first; n_descs = 0; code = GO_ON_SEGMENTING; if (desc->next > 0) { /* Write desc address and search-value into sort_array */ desc = (T_desc *) desc_list->first; i = 0; ip_header = desc->buffer; sort_array[1][i] = GET_IP_FRAG_OFFSET (ip_header); sort_array[0][i++] = desc_list->first; do { if (desc->next > 0 AND i < MAX_SEGMENTS) { desc = (T_desc *) desc->next; sort_array[0][i] = (ULONG) desc; ip_header = desc->buffer; sort_array[1][i++] = GET_IP_FRAG_OFFSET (ip_header); } else go = FALSE; } while (go); /* Sort the array if not overflow */ if (i < MAX_SEGMENTS) { n_descs = i; for (i = 0; i < n_descs - 1; i++) { USHORT min, j; min = i; for (j = i + 1; j < n_descs; j++) if (sort_array[1][j] < sort_array[1][min]) min = j; addr = sort_array[0][i]; wert = sort_array[1][i]; sort_array[0][i] = sort_array[0][min]; sort_array[1][i] = sort_array[1][min]; sort_array[0][min] = addr; sort_array[1][min] = wert; } /* Filter out descs with same fragment offset */ { ULONG v1; USHORT j, k, len; len = n_descs - 1; i = 0; while (i < len) { v1 = sort_array[1][i]; j = i + 1; if (v1 EQ sort_array[1][j]) { k = j; n_descs--; while (k <= len) { sort_array[0][k] = sort_array[0][k + 1]; sort_array[1][k] = sort_array[1][k + 1]; k++; } len--; } if (sort_array[1][i] NEQ sort_array[1][i + 1]) i++; } } /* Put the descs together and correct the desc_list->list_len */ desc_list->first = sort_array[0][0]; desc = (T_desc *) sort_array[0][0]; desc_list->list_len = 0; desc_list->list_len = desc->len; for (i = 1; i < n_descs; i++) { desc->next = sort_array[0][i]; desc = (T_desc *) desc->next; desc_list->list_len = desc_list->list_len + desc->len; } desc->next = 0; } else code = NO_SPACE_SEGMENTING; desc = (T_desc *) desc_list->first; } return code; } #endif /* +--------------------------------------------------------------------+ | PROJECT : GSM-FaD (8444) MODULE : IP_KERF | | STATE : code ROUTINE : build_ip_header | +--------------------------------------------------------------------+ * * Build IP header */ void build_ip_header ( UBYTE * ip_header_new, USHORT identity, UBYTE header_len, UBYTE type_of_service, UBYTE ttl, ULONG src_addr, ULONG dest_addr, USHORT total_len, USHORT fragm_offset, UBYTE df_flag, UBYTE mf_flag, UBYTE prot ) { USHORT chk_sum; TRACE_FUNCTION ("build_ip_header()"); SET_IP_VERSION (ip_header_new, IP_VERSION); /*lint -e{415, 416} (Warning -- access/creation of out-of-bounds pointer) */ { SET_IP_HEADER_LEN (ip_header_new, header_len); SET_IP_TYPE_OF_SERVICE (ip_header_new, type_of_service); SET_IP_TOTAL_LEN (ip_header_new, total_len); SET_IP_IDENT (ip_header_new, identity); SET_IP_OFF_FLAG (ip_header_new, FLAG_NOT_SET); SET_IP_DF_FLAG (ip_header_new, df_flag); SET_IP_MF_FLAG (ip_header_new, mf_flag); SET_IP_FRAG_OFFSET (ip_header_new, fragm_offset); SET_IP_PROT (ip_header_new, prot); SET_IP_TTL (ip_header_new, ttl); SET_IP_SOURCE_ADDR (ip_header_new, src_addr); SET_IP_DEST_ADDR (ip_header_new, dest_addr); RESET_IP_CHECKSUM (ip_header_new); chk_sum = inet_checksum (ip_header_new, (USHORT) (header_len * 4)); SET_IP_CHECKSUM (ip_header_new, chk_sum); } } /* +--------------------------------------------------------------------+ | PROJECT : GSM-FaD (8444) MODULE : IP_KERF | | STATE : code ROUTINE : build_icmp_packet | +--------------------------------------------------------------------+ * * Build IP icmp packet without payload */ void build_icmp_packet ( USHORT header_len_b, UBYTE typ, UBYTE code, UBYTE ttl, UBYTE * ip_header, USHORT identity, ULONG dest_addr, ULONG src_addr, T_desc_list2 * desc_list ) { USHORT chk_sum; UBYTE header_len_b_bak; TRACE_FUNCTION ("build_icmp_packet()"); header_len_b_bak = (UBYTE) (header_len_b >> 2); /* Build ICMP header */ SET_ICMP_TYPE (ip_header, typ, header_len_b); SET_ICMP_CODE (ip_header, code, header_len_b); RESET_ICMP_CHK_SUM (ip_header, header_len_b); chk_sum = desc_checksum (desc_list, header_len_b, 0); SET_ICMP_CHK_SUM (ip_header, chk_sum, header_len_b); /* Build IP header */ build_ip_header ( ip_header, identity, header_len_b_bak, NORMAL_SERVICE, ttl, src_addr, dest_addr, desc_list->list_len, NO_OFFSET_FRAG, FLAG_NOT_SET, FLAG_NOT_SET, ICMP_PROT ); } /* +-------------------------------------------------------------------+ | PROJECT : WAP MODULE : IP | | STATE : code ROUTINE : build_icmp_with_payload | +-------------------------------------------------------------------+ * * Build a ICMP packet with payload of 64 bits */ void build_icmp_with_payload ( T_DTI2_DATA_REQ * data_req, USHORT identity, UBYTE ttl, ULONG src_addr, UBYTE icmp_type, UBYTE icmp_code ) { T_desc2 * desc_new, * desc; T_desc_list2 * desc_list; USHORT malloc_len, header_len_b, chk_sum; UBYTE * ip_header; ULONG dest_addr; #define LEN_ICMP_HEADER_PAYLOAD 8 #define LEN_PAYLOAD 8 TRACE_FUNCTION ("build_icmp_with_payload()"); desc_list = & data_req->desc_list2; desc = (T_desc2 *) desc_list->first; ip_header = desc->buffer; dest_addr = GET_IP_SOURCE_ADDR (ip_header);/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */ header_len_b = (USHORT) GET_IP_HEADER_LEN_B (ip_header); /* Up to 8 bytes payload of the old datagram */ { USHORT help = (USHORT) (LEN_PAYLOAD + header_len_b); if (help < desc->len) set_desc_len (desc_list, desc, help); } /* Throw away the rest descs if there are any */ del_rest_descs (desc_list, desc); /* Make a new desc for the ICMP packet header */ malloc_len = LEN_ICMP_HEADER_PAYLOAD + LEN_IP_HEADER_B; make_new_desc (& desc_new, malloc_len, TRUE); /* Put the desc at the first place of the descs */ put_desc_first_pos (desc_list, desc_new); /* Build the ICMP packet and the IP header */ ip_header = desc_new->buffer; header_len_b = LEN_IP_HEADER_B; SET_ICMP_TYPE (ip_header, icmp_type, header_len_b);/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */ SET_ICMP_CODE (ip_header, icmp_code, header_len_b);/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */ RESET_ICMP_CHK_SUM (ip_header, header_len_b);/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */ chk_sum = desc_checksum (desc_list, header_len_b, 0); SET_ICMP_CHK_SUM (ip_header, chk_sum, header_len_b);/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */ build_ip_header ( ip_header, identity, MIN_HEADER_LEN, NORMAL_SERVICE, ttl, src_addr, dest_addr, desc_list->list_len, NO_OFFSET_FRAG, FLAG_NOT_SET, FLAG_NOT_SET, ICMP_PROT ); } /* +--------------------------------------------------------------------+ | PROJECT : WAP MODULE : IP_KERF | | STATE : code ROUTINE : init_ip | +--------------------------------------------------------------------+ * * Init the global parameter */ void init_ip (void) { T_HILA * p_ul = & ip_data->hila; T_LOLA * p_dl = & ip_data->lola; T_KER * p_ker = & ip_data->ker; USHORT j; INIT_STATE (HILA, DOWN); INIT_STATE (LOLA, DOWN); INIT_STATE (KER, DEACTIVATED); p_ul->dti_data_req = NULL; p_ul->drop_packet = FALSE; p_ul->ttl = STANDARD_TTL; p_ul->header_len = MIN_HEADER_LEN; p_ul->state_segment = NO_SEGMENTS; p_ul->segment_offset = 0; p_ul->segment_prot = NO_PROT_ID; p_ul->first_desc_segment = NULL; p_ul->identity = IDENTITY_0; p_dl->drop_packet = FALSE; p_dl->dti_data_ind= NULL; p_dl->pos_server = 0; for (j = 0; j < MAX_SEGM_SERVER; j++) { p_dl->state_reassembly[j] = NO_SEGMENTS; p_dl->got_first_segment[j] = FALSE; p_dl->got_last_segment[j] = FALSE; p_dl->ip_source_addr_segment[j] = NO_ADDR; p_dl->data_ind_reassembly[j] = NULL; p_dl->id_reassemble[j] = NO_ID_REASSBL; p_dl->prot_reassemble[j] = NO_PROT_REASSBL; } p_ker->peer_addr = NO_ADDR; p_ker->netmask = INIT_NETMASK; p_ker->source_addr = NO_ADDR; p_ker->dst_addr = NO_ADDR; #ifdef _SIMULATION_ p_ker->source_addr = TEST_SRC_ADDR; p_ker->dst_addr = TEST_DEST_ADDR; #endif p_ker->entity_name_hl[0] = 0; p_ker->entity_name_ll[0] = 0; p_ker->link_id_ll = IPA_LINK_ID_DEFAULT; p_ker->link_id_hl = IPA_LINK_ID_DEFAULT; p_ker->mtu = NO_MTU; p_ker->icmp_dti_data_req = NULL; p_ker->send_icmp = FALSE; } /* +--------------------------------------------------------------------+ | PROJECT : GSM-FaD (8444) MODULE : IP_KERF | | STATE : code ROUTINE : config_down_ll | +--------------------------------------------------------------------+ * * Config down a lower layer entity */ void config_down_ll (void) { T_HILA * p_ul = & ip_data->hila; T_LOLA * p_dl = & ip_data->lola; T_KER * p_ker = & ip_data->ker; USHORT j; TRACE_FUNCTION ("config_down_ll()"); free_primitive_data_ind (& p_dl->dti_data_ind); free_primitive_data_req (& p_ker->icmp_dti_data_req); for (j = 0; j < MAX_SEGM_SERVER; j++) { /* free_primitive_data_ind (p_dl->data_ind_reassembly + j); */ /* Has already been freed five lines above, */ /* because p_dl->dti_data_ind == p_dl->data_ind_reassembly. */ /* Please think anew when MAX_SEGM_SERVER becomes != 1. */ csf_stop_timer (j); p_dl->timer_reass_running[j] = FALSE; p_dl->state_reassembly[j] = NO_SEGMENTS; p_dl->got_first_segment[j] = FALSE; p_dl->got_last_segment[j] = FALSE; p_dl->ip_source_addr_segment[j] = NO_ADDR; p_dl->data_ind_reassembly[j] = NULL; p_dl->id_reassemble[j] = NO_ID_REASSBL; p_dl->prot_reassemble[j] = NO_PROT_REASSBL; } /* Keep STATE_WAIT are stored even if config down * send READY_IND and set HILA STATE to IDLE if */ switch (GET_STATE (HILA)) { case WAIT: /* Keep state */ break; case SEND: /* Send ready indication */ dti_start ( ip_hDTI, IP_DTI_DEF_INSTANCE, IP_DTI_HL_INTERFACE, IP_DTI_DEF_CHANNEL ); default: SET_STATE (HILA, IDLE); break; } SET_STATE (HILA, IDLE) p_ul->drop_packet = FALSE; p_ul->state_segment = NO_SEGMENTS; p_ul->header_len = MIN_HEADER_LEN; p_ul->ttl = STANDARD_TTL; p_ul->segment_prot = NO_PROT_ID; p_ul->segment_offset = 0; p_ul->first_desc_segment = NULL; /* Be sure that STATE_WAIT are stored even if config down */ if (GET_STATE (LOLA) NEQ WAIT) SET_STATE (LOLA, IDLE) p_dl->drop_packet = FALSE; p_dl->pos_server = 0; p_ker->peer_addr = NO_ADDR; p_ker->netmask = INIT_NETMASK; p_ker->source_addr = NO_ADDR; p_ker->dst_addr = NO_ADDR; p_ker->entity_name_ll[0] = 0; p_ker->mtu = NO_MTU; p_ker->send_icmp = FALSE; } /* +--------------------------------------------------------------------+ | PROJECT : GSM-FaD (8444) MODULE : IP_KERF | | Sp_TATE : code ROUTINE : terminate_ip | +--------------------------------------------------------------------+ * * Handle global parameter by terminate */ void terminate_ip (void) { TRACE_FUNCTION ("terminate_ip()"); /* Shutdown lower entity interface */ config_down_ll (); /* Parameter for higher layer entity */ ip_data->ker.entity_name_hl[0] = 0; } /* +--------------------------------------------------------------------+ | PROJECT : GSM-FaD (8444) MODULE : IP_KERF | | STATE : code ROUTINE : ip_addr_int_to_byte | +--------------------------------------------------------------------+ * * Build the IP address in ULONG to 4 bytes */ void ip_addr_int_to_byte (UBYTE * b_values, ULONG ul_value) { TRACE_FUNCTION ("int_to_byte()"); b_values[3] = (UBYTE) (ul_value); b_values[2] = (UBYTE) (ul_value>>8); b_values[1] = (UBYTE) (ul_value>>16); b_values[0] = (UBYTE) (ul_value>>24); } /* +--------------------------------------------------------------------+ | PROJECT : GSM-FaD (8444) MODULE : IP_KERF | | STATE : code ROUTINE : chk_packet_len | +--------------------------------------------------------------------+ * * Check the IP packet length */ UBYTE chk_packet_len (UBYTE * ip_header, T_desc_list2 * desc_list) { USHORT total_len, chk_len, mtu_len; TRACE_FUNCTION ("chk_packet_len()"); /* This is the calculated length */ total_len = desc_list->list_len; /* This is the length indicated in the IP header */ chk_len = (USHORT) GET_IP_TOTAL_LEN (ip_header); /* This is the max defined packet length */ mtu_len = ip_data->ker.mtu; if ( (chk_len < MIN_HEADER_LEN) OR (chk_len > total_len) OR (total_len < MIN_HEADER_LEN) OR (chk_len > mtu_len) ) return ERR_PACKET_LEN; else if (chk_len < total_len) return CHANGE_PACKET_LEN; else return NO_ERROR; } /* +--------------------------------------------------------------------+ | PROJECT : GSM-FaD (8444) MODULE : IP_KERF | | STATE : code ROUTINE : build_ip_packet | +--------------------------------------------------------------------+ * * Build the datagram or packets before sending */ void build_ip_packet (BOOL uplink, UBYTE select) { UBYTE * ip_header; USHORT total_len; ULONG dest_addr, src_addr; T_desc_list2 * desc_list; T_desc2 * desc; T_HILA * p_ul = & ip_data->hila; T_LOLA * p_dl = & ip_data->lola; T_KER * p_ker = & ip_data->ker; T_DTI2_DATA_REQ * data_req; T_DTI2_DATA_IND * data_ind; TRACE_FUNCTION ("build_ip_packet()"); src_addr = p_ker->source_addr; /* Build uplink packets */ if (uplink) { data_req = p_ul->dti_data_req; switch (select) { /* Build "standard" IP packet */ case B_NORMAL_PACKET: desc_list = & p_ul->dti_data_req->desc_list2; total_len = desc_list->list_len; desc = (T_desc2 *) desc_list->first; ip_header = desc->buffer; dest_addr = GET_IP_DEST_ADDR (ip_header);/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */ build_ip_header ( ip_header, p_ul->identity, (UBYTE) p_ul->header_len, NORMAL_SERVICE, p_ul->ttl, src_addr, dest_addr, total_len, NO_OFFSET_FRAG, FLAG_NOT_SET, FLAG_NOT_SET, UDP_PROT ); #ifndef _SIMULATION_ p_ul->identity++; #endif break; /* Build IP header for ICMP messages. Note only ICMP from higher layer. */ case B_ICMP_PACKET: desc_list = & p_ul->dti_data_req->desc_list2; total_len = desc_list->list_len; desc = (T_desc2 *) desc_list->first; ip_header = desc->buffer; dest_addr = GET_IP_DEST_ADDR (ip_header);/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */ build_ip_header ( ip_header, p_ul->identity, (UBYTE) p_ul->header_len, NORMAL_SERVICE, p_ul->ttl, src_addr, dest_addr, total_len, NO_OFFSET_FRAG, FLAG_NOT_SET, FLAG_NOT_SET, ICMP_PROT ); #ifndef _SIMULATION_ p_ul->identity++; #endif break; /* Build fragments. The first fragment use the original header from HL. */ case B_SEGMENT: { /* Check if it is the first fragment */ if (p_ul->state_segment EQ NO_SEGMENTS) { T_desc2 * desc_new; USHORT pos_copy, total_len_copy, malloc_len, header_len_b; desc_list = & p_ul->dti_data_req->desc_list2; total_len = desc_list->list_len; desc = (T_desc2 *) desc_list->first; ip_header = desc->buffer; dest_addr = GET_IP_DEST_ADDR (ip_header);/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */ src_addr = p_ker->source_addr; p_ul->header_len = (USHORT) GET_IP_HEADER_LEN (ip_header); header_len_b = (USHORT) GET_IP_HEADER_LEN_B (ip_header); p_ul->state_segment = SEND_SEGMENT; p_ul->sended_segment_len = p_ker->mtu; p_ul->list_len_segment = total_len; p_ul->segment_prot = GET_IP_PROT (ip_header);/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */ p_ul->first_desc_segment = desc; dest_addr = GET_IP_DEST_ADDR (ip_header);/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */ /* Make a new desc for the fragment */ malloc_len = p_ker->mtu; make_new_desc (& desc_new, malloc_len, FALSE); data_req->desc_list2.first = (ULONG) desc_new; data_req->desc_list2.list_len = malloc_len; desc_new->next = 0; /* Build the first fragment */ copy_from_descs_to_desc ( & desc, desc_new, malloc_len, 0, 0, & pos_copy, & total_len_copy ); if (total_len_copy NEQ malloc_len) { /* Corrupted packet -> drop it */ p_ul->drop_packet = TRUE; /* Clean up and free the descs */ del_descs (p_ul->first_desc_segment); p_ul->segment_offset = 0; p_ul->next_segment_desc = 0; p_ul->last_segment_pos = 0; p_ul->sended_segment_len = 0; p_ul->state_segment = NO_SEGMENTS; } else { p_ul->segment_id = p_ul->identity; p_ul->segment_offset = 0; build_ip_header ( desc_new->buffer, p_ul->segment_id, (UBYTE) p_ul->header_len, NORMAL_SERVICE, p_ul->ttl, src_addr, dest_addr, malloc_len, (USHORT) (p_ul->segment_offset >> 3), FLAG_NOT_SET, FLAG_SET, p_ul->segment_prot ); #ifndef _SIMULATION_ p_ul->identity++; #endif /* For the next fragment */ p_ul->segment_offset = (USHORT) (malloc_len - header_len_b); p_ul->next_segment_desc = (ULONG) desc; p_ul->last_segment_pos = pos_copy; } } /* Middle fragment */ else if (p_ul->sended_segment_len + p_ker->mtu < p_ul->list_len_segment + LEN_IP_HEADER_B) { T_desc2 * desc_new; USHORT pos_copy, total_len_copy, malloc_len; /* Make a new primitive for the fragment */ PALLOC (dti_data_req, DTI2_DATA_REQ); p_ul->dti_data_req = dti_data_req; /* Malloc the fragment desc */ malloc_len = p_ker->mtu; make_new_desc (& desc_new, malloc_len, FALSE); dti_data_req->desc_list2.first = (ULONG) desc_new; dti_data_req->desc_list2.list_len = malloc_len; desc_new->next = 0; /* Copy the data into the fragment desc */ desc = (T_desc2 *) p_ul->next_segment_desc; copy_from_descs_to_desc ( & desc, desc_new, (USHORT) (malloc_len - LEN_IP_HEADER_B), p_ul->last_segment_pos, LEN_IP_HEADER_B, & pos_copy, & total_len_copy ); if (total_len_copy NEQ malloc_len - LEN_IP_HEADER_B) { /* Corrupted packet -> drop it */ p_ul->drop_packet = TRUE; /* Clean up and free the descs */ del_descs (p_ul->first_desc_segment); p_ul->segment_offset = 0; p_ul->next_segment_desc = 0; p_ul->last_segment_pos = 0; p_ul->sended_segment_len = 0; p_ul->state_segment = NO_SEGMENTS; } else { /* Build the IP fragment */ UBYTE * ip_header_first = p_ul->first_desc_segment->buffer; dest_addr = GET_IP_DEST_ADDR (ip_header_first);/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */ build_ip_header ( desc_new->buffer, p_ul->segment_id, MIN_HEADER_LEN, NORMAL_SERVICE, p_ul->ttl, src_addr, dest_addr, malloc_len, (USHORT) (p_ul->segment_offset >> 3), FLAG_NOT_SET, FLAG_SET, p_ul->segment_prot ); /* For the next fragment */ p_ul->segment_offset = (USHORT) (p_ul->segment_offset + malloc_len - LEN_IP_HEADER_B); p_ul->next_segment_desc = (ULONG) desc; p_ul->last_segment_pos = pos_copy; p_ul->sended_segment_len = (USHORT) (p_ul->sended_segment_len + malloc_len - LEN_IP_HEADER_B); } } else /* Last fragment */ { T_desc2 * desc_new; USHORT pos_copy, total_len_copy, malloc_len; /* Make a new primitive for the fragment */ PALLOC (dti_data_req, DTI2_DATA_REQ); p_ul->dti_data_req = dti_data_req; /* Calculate the correct len for fragment desc and malloc */ malloc_len = (USHORT) (LEN_IP_HEADER_B + p_ul->list_len_segment - p_ul->sended_segment_len); make_new_desc (& desc_new, malloc_len, FALSE); dti_data_req->desc_list2.first = (ULONG) desc_new; dti_data_req->desc_list2.list_len = malloc_len; desc_new->next = 0; /* Copy the data into the fragment desc */ desc = (T_desc2 *) p_ul->next_segment_desc; copy_from_descs_to_desc ( & desc, desc_new, (USHORT) (malloc_len - LEN_IP_HEADER_B), p_ul->last_segment_pos, LEN_IP_HEADER_B, & pos_copy, & total_len_copy ); if (total_len_copy NEQ malloc_len - LEN_IP_HEADER_B) { /* Corrupted packet -> drop it */ p_ul->drop_packet = TRUE; /* Clean up and free the descs */ del_descs (p_ul->first_desc_segment); p_ul->segment_offset = 0; p_ul->next_segment_desc = 0; p_ul->last_segment_pos = 0; p_ul->sended_segment_len = 0; p_ul->state_segment = NO_SEGMENTS; } else { /* Build the fragment header */ UBYTE * ip_header_first = p_ul->first_desc_segment->buffer; dest_addr = GET_IP_DEST_ADDR (ip_header_first);/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */ build_ip_header ( desc_new->buffer, p_ul->segment_id, MIN_HEADER_LEN, NORMAL_SERVICE, p_ul->ttl, src_addr, dest_addr, malloc_len, (USHORT) (p_ul->segment_offset >> 3), FLAG_NOT_SET, FLAG_NOT_SET, p_ul->segment_prot ); /* Clean up and free the descs */ del_descs (p_ul->first_desc_segment); p_ul->segment_offset = 0; p_ul->next_segment_desc = 0; p_ul->last_segment_pos = 0; p_ul->sended_segment_len = 0; p_ul->state_segment = NO_SEGMENTS; } } } break; default: break; } } else { data_ind = p_dl->dti_data_ind; /* Compute DL packets */ switch (select) { /* Ping request */ case B_ICMP_ECHO_REPLY: { USHORT header_len_b; PPASS (data_ind, data_request, DTI2_DATA_REQ); desc_list = & data_request->desc_list2; desc = (T_desc2 *) desc_list->first; ip_header = desc->buffer; header_len_b = (USHORT) GET_IP_HEADER_LEN_B (ip_header); dest_addr = GET_IP_SOURCE_ADDR (ip_header);/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */ build_icmp_packet ( (UBYTE) header_len_b, ICMP_TYP_ECHO_REPLY, ICMP_CODE_ECHO_REPLY, p_ul->ttl, ip_header, p_ul->identity, dest_addr, src_addr, desc_list ); #ifndef _SIMULATION_ p_ul->identity++; #endif p_ker->icmp_dti_data_req = data_request; } break; case B_ICMP_REASSEMBLE_TIMEOUT: { /* Datagram for ICMP - reassembly - message */ data_ind = p_dl->data_ind_reassembly[p_dl->pos_server]; { PPASS (data_ind, data_request, DTI2_DATA_REQ); build_icmp_with_payload ( data_request, p_ul->identity, p_ul->ttl, p_ker->source_addr, ICMP_TYP_TIME_EXCEDED, ICMP_CODE_FRAGM_TIME_EXC ); #ifndef _SIMULATION_ p_ul->identity++; #endif p_ker->icmp_dti_data_req = data_request; } } break; case B_ICMP_NO_FORWARD: { /* No destination address - build ICMP frame */ PPASS (data_ind, data_request, DTI2_DATA_REQ); build_icmp_with_payload ( data_request, p_ul->identity, p_ul->ttl, p_ker->source_addr, ICMP_TYP_DEST_URECHBL, ICMP_CODE_NO_HOST ); #ifndef _SIMULATION_ p_ul->identity++; #endif p_ker->icmp_dti_data_req = data_request; } break; default: break; } } } /* +--------------------------------------------------------------------+ | PROJECT : GSM-FaD (8444) MODULE : IP_KERF | | STATE : code ROUTINE : check_ip_address | +--------------------------------------------------------------------+ * * Check the IP address */ void check_ip_address ( BOOL * addr_type_dest, BOOL * addr_type_src, ULONG dest_addr, ULONG src_addr ) { UBYTE i; UBYTE b_dest_addr[4], b_src_addr[4], first_nibbl_dest, first_nibbl_src; #define BCAST 0xFF #define LOOP_BACK 0x7F #define DEFAULT_ROUTE 0 #define CLASS_A 0x0 #define CLASS_B 0x2 #define CLASS_C 0x6 #define MULTICAST 0xE #define CLASS_E 0xF #define M_CAST_FF 0xFFFFFFFF TRACE_FUNCTION ("check_ip_address()"); ip_addr_int_to_byte (b_dest_addr, dest_addr); ip_addr_int_to_byte (b_src_addr, src_addr); first_nibbl_dest = (UBYTE) (b_dest_addr[0] >> 4); first_nibbl_src = (UBYTE) (b_src_addr[0] >> 4); for (i=0; i < MAX_ADDR_TYPES; i++) { addr_type_dest[i] = FALSE; addr_type_src[i] = FALSE; } /* Check if broadcast address */ if (dest_addr EQ M_CAST_FF) addr_type_dest[BCAST_ADDR_255] = TRUE; if (src_addr EQ M_CAST_FF) addr_type_src[BCAST_ADDR_255] = TRUE; /* Correct destination address? */ if (dest_addr NEQ src_addr) { addr_type_dest[NO_DEST_ADDR] = TRUE; addr_type_src[NO_DEST_ADDR] = TRUE; } /* Loop-back address? */ if (b_dest_addr[0] EQ LOOP_BACK) addr_type_dest[LOOP_BACK_ADDR] = TRUE; if (b_src_addr[0] EQ LOOP_BACK) addr_type_src[LOOP_BACK_ADDR] = TRUE; /* Check kind of class */ if ((first_nibbl_src >> 3) EQ CLASS_A) addr_type_src[CLASS_A_ADDR] = TRUE; if ((first_nibbl_dest >> 3) EQ CLASS_A) addr_type_dest[CLASS_A_ADDR] = TRUE; if ((first_nibbl_src >> 2) EQ CLASS_B) addr_type_src[CLASS_B_ADDR] = TRUE; if ((first_nibbl_dest >> 2) EQ CLASS_B) addr_type_dest[CLASS_B_ADDR] = TRUE; if ((first_nibbl_src >> 1) EQ CLASS_C) addr_type_src[CLASS_C_ADDR] = TRUE; if ((first_nibbl_dest >> 1) EQ CLASS_C) addr_type_dest[CLASS_C_ADDR] = TRUE; if (first_nibbl_src EQ CLASS_E AND dest_addr NEQ M_CAST_FF) addr_type_src[CLASS_E_ADDR] = TRUE; if (first_nibbl_dest EQ CLASS_E AND src_addr NEQ M_CAST_FF) addr_type_dest[CLASS_E_ADDR] = TRUE; /* Multicast or class D */ if (first_nibbl_dest EQ MULTICAST) addr_type_dest[MCAST_ADDR] = TRUE; if (first_nibbl_src EQ MULTICAST) addr_type_src[MCAST_ADDR] = TRUE; /* Default route */ if (dest_addr EQ DEFAULT_ROUTE) addr_type_dest[DEFAULT_R_ADDR] = TRUE; if (src_addr EQ DEFAULT_ROUTE) addr_type_src[DEFAULT_R_ADDR] = TRUE; /* Bad address? */ if ( addr_type_src[BCAST_ADDR_255] OR addr_type_src[LOOP_BACK_ADDR] OR addr_type_src[DEFAULT_R_ADDR] ) { addr_type_src[BAD_UL_SRC_ADDR] = TRUE; addr_type_src[BAD_DL_SRC_ADDR] = TRUE; } if ( addr_type_dest[BCAST_ADDR_255] OR addr_type_dest[LOOP_BACK_ADDR] OR addr_type_dest[DEFAULT_R_ADDR] ) { addr_type_dest[BAD_UL_DEST_ADDR] = TRUE; addr_type_dest[BAD_DL_DEST_ADDR] = TRUE; } } /* Internet checksum calculations as needed in IP and UDP. * See RFC 1071 for details. * * USHORT inet_checksum (UBYTE * block, USHORT len) * Computes the Internet checksum over a simple data block. * * USHORT desc_checksum ( * T_desc_list2 * dlist, * USHORT start_offset, * ULONG start_value * ) * Computes the Internet checksum over a DTI descriptor list, * beginning at start_offset and with start_value. */ #define LITTLE_ENDIAN /* Change this for big-endian mode. */ /** Computes the Internet checksum [RFC 1071] over a simple data block. * * @param block pointer to data block * @param len length of the block in octets * @return the checksum */ USHORT inet_checksum (UBYTE * block, USHORT len) { BOOL have_leftover = len % 2; /* If non-zero, there is a leftover * octet at the end of the (odd-sized) * data block. */ ULONG value; /* Value to add. (Since we know * nothing about the alignment of the * block, we can't read the USHORTs * directly from the block.) */ ULONG checksum = 0; /* Checksum accumulator. */ len >>= 1; /* Count words now, not octets. */ while (len--) { /* Because we must read the data bytewise, we cannot profit from * the independency of endianness of the original algorithm. * That means that we have to make two different cases for big * endian and little endian. */ #if defined LITTLE_ENDIAN /*lint -e{661} (Warning -- access of out-of-bounds pointer) */ value = block[1]<<8 | block[0]; #elif defined BIG_ENDIAN /*lint -e{662} (Warning -- creation of out-of-bounds pointer) */ value = block[0]<<8 | block[1]; #else #error "LITTLE_ENDIAN or BIG_ENDIAN must be defined." #endif checksum += value; /*lint -e{662} (Warning -- creation of out-of-bounds pointer) */ block +=2; } if (have_leftover) /*lint -e{661} (Warning -- access of out-of-bounds pointer) */ checksum += *block; /* Fold into 16 bits. */ while (checksum >> 16) checksum = (checksum & 0xffff) + (checksum >> 16); return (USHORT) ~checksum; } /** Computes a part of an Internet checksum over a data block. A * leftover octet from a previous partial calculation is taken into * account. If an octet is left over, it is returned as well as the * fact that there is a leftover octet. This function is intended to * be called only by desc_checksum() and partial_checksum(). * * @param block pointer to data block * @param len length of the block in octets * @param sum checksum value to begin with * @param have_leftover_ptr if non-zero, a leftover octet is in *leftover_ptr * @param leftover_ptr pointer to leftover octet; valid on input and * output iff *have_leftover_ptr * @return the part of the sum calculated */ static ULONG checksum_block_part ( UBYTE * block, USHORT len, ULONG sum, BOOL * have_leftover_ptr, UBYTE * leftover_ptr ) { /* This function is as complicated as it is for two reasons: * * (a) Each block may have an even or odd number of octets. Because * this checksum is 16-bit based, an octet may be left over from the * previous calculation and must be taken into account. Also in this * calculation an octet may be left over. This fact and the value of * the octet must be made known to the caller. * * (b) We must not make any assumptions about the alignment of the * block. Therefore, in order not to cause alignment problems, all * 16-bit values must be read bytewise. */ ULONG value; /* 16-bit value to be summed up */ TRACE_FUNCTION ("checksum_block_part()"); /* Previous calculation may have left over an octet. */ if (*have_leftover_ptr) { if (len == 0) return sum; /* See comment in inet_checksum() above for an explanation. */ #if defined LITTLE_ENDIAN value = (*block++ << 8) | *leftover_ptr; #elif defined BIG_ENDIAN value = (*leftover_ptr << 8) | *block++; #else #error "LITTLE_ENDIAN or BIG_ENDIAN must be defined." #endif len--; sum += value; } /* Main loop over word values. */ *have_leftover_ptr = len % 2; len >>= 1; while (len--) { /* See comment in inet_checksum() above for an explanation. */ #if defined LITTLE_ENDIAN value = block[1]<<8 | block[0]; #elif defined BIG_ENDIAN value = block[0]<<8 | block[1]; #else #error "LITTLE_ENDIAN or BIG_ENDIAN must be defined." #endif sum += value; block +=2; } /* Check for leftover octet. */ if (*have_leftover_ptr) *leftover_ptr = *block; return sum; } /** Compute a partial Internet checksum to be used as a astart_value * for desc_checksum. The block must have even length. * * @param block data block to compute the checksum over * @param len length of the block * @return the partial sum calculated */ ULONG partial_checksum (UBYTE * block, USHORT len) { BOOL dummy1 = 0; /* Needed to call checksum_block_part(). */ UBYTE dummy2 = 0; return checksum_block_part (block, len, 0, & dummy1, & dummy2); } /** Computes the Internet checksum over a DTI descriptor list. There * may be a value from a previous partial calculation that is added to * the sum as a start value. The function relies on the data length * being at least start_offset. * * @param dlist descriptor list containing the data * @param start_offset beginning position of interesting data * @param start_value value from previous partial checksum calculation * @return the checksum value */ USHORT desc_checksum ( T_desc_list2 * dlist, USHORT start_offset, ULONG start_value ) { ULONG checksum = start_value; /* The checksum to be calculated. */ T_desc2 * desc_p; /* Pointer to current descriptor. */ BOOL have_leftover = 0; /* True iff we have a leftover octet * from the previous partial sum. */ UBYTE leftover_octet = 0; /* An octet left over from the * previous partial sum. */ TRACE_FUNCTION ("desc_checksum()"); /* Calculating the sum of the first buffer, we have to take the * start offset into account. This includes finding the descriptor * the offset lies in. */ desc_p = (T_desc2 *) dlist->first; while (start_offset > desc_p->len) { start_offset = (USHORT) (start_offset - desc_p->len); desc_p = (T_desc2 *) desc_p->next; } checksum = checksum_block_part ( desc_p->buffer + start_offset, (USHORT) (desc_p->len - start_offset), checksum, & have_leftover, & leftover_octet ); /* Now loop over the other descriptors. */ for ( desc_p = (T_desc2 *) desc_p->next; desc_p != 0; desc_p = (T_desc2 *) desc_p->next ) { checksum = checksum_block_part ( desc_p->buffer, desc_p->len, checksum, & have_leftover, & leftover_octet ); } if (have_leftover) checksum += leftover_octet; /* Fold into 16 bits. */ while (checksum >> 16) checksum = (checksum & 0xffff) + (checksum >> 16); return (USHORT) ~checksum; } /*-------------------------------------------------------------------------*/