• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  *  This program is free software; you can distribute it and/or modify it
3  *  under the terms of the GNU General Public License (Version 2) as
4  *  published by the Free Software Foundation.
5  *
6  *  This program is distributed in the hope it will be useful, but WITHOUT
7  *  ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
8  *  FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
9  *  for more details.
10  *
11  *  You should have received a copy of the GNU General Public License along
12  *  with this program; if not, write to the Free Software Foundation, Inc.,
13  *  59 Temple Place - Suite 330, Boston MA 02111-1307, USA.
14  *
15  * Copyright (C) Hans Alblas PE1AYX <hans@esrac.ele.tue.nl>
16  * Copyright (C) 2004, 05 Ralf Baechle DL5RB <ralf@linux-mips.org>
17  * Copyright (C) 2004, 05 Thomas Osterried DL9SAU <thomas@x-berg.in-berlin.de>
18  */
19 #include <linux/module.h>
20 #include <linux/bitops.h>
21 #include <asm/uaccess.h>
22 #include <linux/crc16.h>
23 #include <linux/string.h>
24 #include <linux/mm.h>
25 #include <linux/interrupt.h>
26 #include <linux/in.h>
27 #include <linux/inet.h>
28 #include <linux/slab.h>
29 #include <linux/tty.h>
30 #include <linux/errno.h>
31 #include <linux/netdevice.h>
32 #include <linux/major.h>
33 #include <linux/init.h>
34 #include <linux/rtnetlink.h>
35 #include <linux/etherdevice.h>
36 #include <linux/skbuff.h>
37 #include <linux/if_arp.h>
38 #include <linux/jiffies.h>
39 #include <linux/compat.h>
40 
41 #include <net/ax25.h>
42 
43 #define AX_MTU		236
44 
45 /* SLIP/KISS protocol characters. */
46 #define END             0300		/* indicates end of frame	*/
47 #define ESC             0333		/* indicates byte stuffing	*/
48 #define ESC_END         0334		/* ESC ESC_END means END 'data'	*/
49 #define ESC_ESC         0335		/* ESC ESC_ESC means ESC 'data'	*/
50 
51 struct mkiss {
52 	struct tty_struct	*tty;	/* ptr to TTY structure		*/
53 	struct net_device	*dev;	/* easy for intr handling	*/
54 
55 	/* These are pointers to the malloc()ed frame buffers. */
56 	spinlock_t		buflock;/* lock for rbuf and xbuf */
57 	unsigned char		*rbuff;	/* receiver buffer		*/
58 	int			rcount;	/* received chars counter       */
59 	unsigned char		*xbuff;	/* transmitter buffer		*/
60 	unsigned char		*xhead;	/* pointer to next byte to XMIT */
61 	int			xleft;	/* bytes left in XMIT queue     */
62 
63 	/* Detailed SLIP statistics. */
64 	int		mtu;		/* Our mtu (to spot changes!)   */
65 	int		buffsize;	/* Max buffers sizes            */
66 
67 	unsigned long	flags;		/* Flag values/ mode etc	*/
68 					/* long req'd: used by set_bit --RR */
69 #define AXF_INUSE	0		/* Channel in use               */
70 #define AXF_ESCAPE	1               /* ESC received                 */
71 #define AXF_ERROR	2               /* Parity, etc. error           */
72 #define AXF_KEEPTEST	3		/* Keepalive test flag		*/
73 #define AXF_OUTWAIT	4		/* is outpacket was flag	*/
74 
75 	int		mode;
76         int		crcmode;	/* MW: for FlexNet, SMACK etc.  */
77 	int		crcauto;	/* CRC auto mode */
78 
79 #define CRC_MODE_NONE		0
80 #define CRC_MODE_FLEX		1
81 #define CRC_MODE_SMACK		2
82 #define CRC_MODE_FLEX_TEST	3
83 #define CRC_MODE_SMACK_TEST	4
84 
85 	atomic_t		refcnt;
86 	struct semaphore	dead_sem;
87 };
88 
89 /*---------------------------------------------------------------------------*/
90 
91 static const unsigned short crc_flex_table[] = {
92 	0x0f87, 0x1e0e, 0x2c95, 0x3d1c, 0x49a3, 0x582a, 0x6ab1, 0x7b38,
93 	0x83cf, 0x9246, 0xa0dd, 0xb154, 0xc5eb, 0xd462, 0xe6f9, 0xf770,
94 	0x1f06, 0x0e8f, 0x3c14, 0x2d9d, 0x5922, 0x48ab, 0x7a30, 0x6bb9,
95 	0x934e, 0x82c7, 0xb05c, 0xa1d5, 0xd56a, 0xc4e3, 0xf678, 0xe7f1,
96 	0x2e85, 0x3f0c, 0x0d97, 0x1c1e, 0x68a1, 0x7928, 0x4bb3, 0x5a3a,
97 	0xa2cd, 0xb344, 0x81df, 0x9056, 0xe4e9, 0xf560, 0xc7fb, 0xd672,
98 	0x3e04, 0x2f8d, 0x1d16, 0x0c9f, 0x7820, 0x69a9, 0x5b32, 0x4abb,
99 	0xb24c, 0xa3c5, 0x915e, 0x80d7, 0xf468, 0xe5e1, 0xd77a, 0xc6f3,
100 	0x4d83, 0x5c0a, 0x6e91, 0x7f18, 0x0ba7, 0x1a2e, 0x28b5, 0x393c,
101 	0xc1cb, 0xd042, 0xe2d9, 0xf350, 0x87ef, 0x9666, 0xa4fd, 0xb574,
102 	0x5d02, 0x4c8b, 0x7e10, 0x6f99, 0x1b26, 0x0aaf, 0x3834, 0x29bd,
103 	0xd14a, 0xc0c3, 0xf258, 0xe3d1, 0x976e, 0x86e7, 0xb47c, 0xa5f5,
104 	0x6c81, 0x7d08, 0x4f93, 0x5e1a, 0x2aa5, 0x3b2c, 0x09b7, 0x183e,
105 	0xe0c9, 0xf140, 0xc3db, 0xd252, 0xa6ed, 0xb764, 0x85ff, 0x9476,
106 	0x7c00, 0x6d89, 0x5f12, 0x4e9b, 0x3a24, 0x2bad, 0x1936, 0x08bf,
107 	0xf048, 0xe1c1, 0xd35a, 0xc2d3, 0xb66c, 0xa7e5, 0x957e, 0x84f7,
108 	0x8b8f, 0x9a06, 0xa89d, 0xb914, 0xcdab, 0xdc22, 0xeeb9, 0xff30,
109 	0x07c7, 0x164e, 0x24d5, 0x355c, 0x41e3, 0x506a, 0x62f1, 0x7378,
110 	0x9b0e, 0x8a87, 0xb81c, 0xa995, 0xdd2a, 0xcca3, 0xfe38, 0xefb1,
111 	0x1746, 0x06cf, 0x3454, 0x25dd, 0x5162, 0x40eb, 0x7270, 0x63f9,
112 	0xaa8d, 0xbb04, 0x899f, 0x9816, 0xeca9, 0xfd20, 0xcfbb, 0xde32,
113 	0x26c5, 0x374c, 0x05d7, 0x145e, 0x60e1, 0x7168, 0x43f3, 0x527a,
114 	0xba0c, 0xab85, 0x991e, 0x8897, 0xfc28, 0xeda1, 0xdf3a, 0xceb3,
115 	0x3644, 0x27cd, 0x1556, 0x04df, 0x7060, 0x61e9, 0x5372, 0x42fb,
116 	0xc98b, 0xd802, 0xea99, 0xfb10, 0x8faf, 0x9e26, 0xacbd, 0xbd34,
117 	0x45c3, 0x544a, 0x66d1, 0x7758, 0x03e7, 0x126e, 0x20f5, 0x317c,
118 	0xd90a, 0xc883, 0xfa18, 0xeb91, 0x9f2e, 0x8ea7, 0xbc3c, 0xadb5,
119 	0x5542, 0x44cb, 0x7650, 0x67d9, 0x1366, 0x02ef, 0x3074, 0x21fd,
120 	0xe889, 0xf900, 0xcb9b, 0xda12, 0xaead, 0xbf24, 0x8dbf, 0x9c36,
121 	0x64c1, 0x7548, 0x47d3, 0x565a, 0x22e5, 0x336c, 0x01f7, 0x107e,
122 	0xf808, 0xe981, 0xdb1a, 0xca93, 0xbe2c, 0xafa5, 0x9d3e, 0x8cb7,
123 	0x7440, 0x65c9, 0x5752, 0x46db, 0x3264, 0x23ed, 0x1176, 0x00ff
124 };
125 
calc_crc_flex(unsigned char * cp,int size)126 static unsigned short calc_crc_flex(unsigned char *cp, int size)
127 {
128 	unsigned short crc = 0xffff;
129 
130 	while (size--)
131 		crc = (crc << 8) ^ crc_flex_table[((crc >> 8) ^ *cp++) & 0xff];
132 
133 	return crc;
134 }
135 
check_crc_flex(unsigned char * cp,int size)136 static int check_crc_flex(unsigned char *cp, int size)
137 {
138 	unsigned short crc = 0xffff;
139 
140 	if (size < 3)
141 		return -1;
142 
143 	while (size--)
144 		crc = (crc << 8) ^ crc_flex_table[((crc >> 8) ^ *cp++) & 0xff];
145 
146 	if ((crc & 0xffff) != 0x7070)
147 		return -1;
148 
149 	return 0;
150 }
151 
check_crc_16(unsigned char * cp,int size)152 static int check_crc_16(unsigned char *cp, int size)
153 {
154 	unsigned short crc = 0x0000;
155 
156 	if (size < 3)
157 		return -1;
158 
159 	crc = crc16(0, cp, size);
160 
161 	if (crc != 0x0000)
162 		return -1;
163 
164 	return 0;
165 }
166 
167 /*
168  * Standard encapsulation
169  */
170 
kiss_esc(unsigned char * s,unsigned char * d,int len)171 static int kiss_esc(unsigned char *s, unsigned char *d, int len)
172 {
173 	unsigned char *ptr = d;
174 	unsigned char c;
175 
176 	/*
177 	 * Send an initial END character to flush out any data that may have
178 	 * accumulated in the receiver due to line noise.
179 	 */
180 
181 	*ptr++ = END;
182 
183 	while (len-- > 0) {
184 		switch (c = *s++) {
185 		case END:
186 			*ptr++ = ESC;
187 			*ptr++ = ESC_END;
188 			break;
189 		case ESC:
190 			*ptr++ = ESC;
191 			*ptr++ = ESC_ESC;
192 			break;
193 		default:
194 			*ptr++ = c;
195 			break;
196 		}
197 	}
198 
199 	*ptr++ = END;
200 
201 	return ptr - d;
202 }
203 
204 /*
205  * MW:
206  * OK its ugly, but tell me a better solution without copying the
207  * packet to a temporary buffer :-)
208  */
kiss_esc_crc(unsigned char * s,unsigned char * d,unsigned short crc,int len)209 static int kiss_esc_crc(unsigned char *s, unsigned char *d, unsigned short crc,
210 	int len)
211 {
212 	unsigned char *ptr = d;
213 	unsigned char c=0;
214 
215 	*ptr++ = END;
216 	while (len > 0) {
217 		if (len > 2)
218 			c = *s++;
219 		else if (len > 1)
220 			c = crc >> 8;
221 		else if (len > 0)
222 			c = crc & 0xff;
223 
224 		len--;
225 
226 		switch (c) {
227 		case END:
228 			*ptr++ = ESC;
229 			*ptr++ = ESC_END;
230 			break;
231 		case ESC:
232 			*ptr++ = ESC;
233 			*ptr++ = ESC_ESC;
234 			break;
235 		default:
236 			*ptr++ = c;
237 			break;
238 		}
239 	}
240 	*ptr++ = END;
241 
242 	return ptr - d;
243 }
244 
245 /* Send one completely decapsulated AX.25 packet to the AX.25 layer. */
ax_bump(struct mkiss * ax)246 static void ax_bump(struct mkiss *ax)
247 {
248 	struct sk_buff *skb;
249 	int count;
250 
251 	spin_lock_bh(&ax->buflock);
252 	if (ax->rbuff[0] > 0x0f) {
253 		if (ax->rbuff[0] & 0x80) {
254 			if (check_crc_16(ax->rbuff, ax->rcount) < 0) {
255 				ax->dev->stats.rx_errors++;
256 				spin_unlock_bh(&ax->buflock);
257 
258 				return;
259 			}
260 			if (ax->crcmode != CRC_MODE_SMACK && ax->crcauto) {
261 				printk(KERN_INFO
262 				       "mkiss: %s: Switching to crc-smack\n",
263 				       ax->dev->name);
264 				ax->crcmode = CRC_MODE_SMACK;
265 			}
266 			ax->rcount -= 2;
267 			*ax->rbuff &= ~0x80;
268 		} else if (ax->rbuff[0] & 0x20)  {
269 			if (check_crc_flex(ax->rbuff, ax->rcount) < 0) {
270 				ax->dev->stats.rx_errors++;
271 				spin_unlock_bh(&ax->buflock);
272 				return;
273 			}
274 			if (ax->crcmode != CRC_MODE_FLEX && ax->crcauto) {
275 				printk(KERN_INFO
276 				       "mkiss: %s: Switching to crc-flexnet\n",
277 				       ax->dev->name);
278 				ax->crcmode = CRC_MODE_FLEX;
279 			}
280 			ax->rcount -= 2;
281 
282 			/*
283 			 * dl9sau bugfix: the trailling two bytes flexnet crc
284 			 * will not be passed to the kernel. thus we have to
285 			 * correct the kissparm signature, because it indicates
286 			 * a crc but there's none
287 			 */
288 			*ax->rbuff &= ~0x20;
289 		}
290  	}
291 
292 	count = ax->rcount;
293 
294 	if ((skb = dev_alloc_skb(count)) == NULL) {
295 		printk(KERN_ERR "mkiss: %s: memory squeeze, dropping packet.\n",
296 		       ax->dev->name);
297 		ax->dev->stats.rx_dropped++;
298 		spin_unlock_bh(&ax->buflock);
299 		return;
300 	}
301 
302 	memcpy(skb_put(skb,count), ax->rbuff, count);
303 	skb->protocol = ax25_type_trans(skb, ax->dev);
304 	netif_rx(skb);
305 	ax->dev->stats.rx_packets++;
306 	ax->dev->stats.rx_bytes += count;
307 	spin_unlock_bh(&ax->buflock);
308 }
309 
kiss_unesc(struct mkiss * ax,unsigned char s)310 static void kiss_unesc(struct mkiss *ax, unsigned char s)
311 {
312 	switch (s) {
313 	case END:
314 		/* drop keeptest bit = VSV */
315 		if (test_bit(AXF_KEEPTEST, &ax->flags))
316 			clear_bit(AXF_KEEPTEST, &ax->flags);
317 
318 		if (!test_and_clear_bit(AXF_ERROR, &ax->flags) && (ax->rcount > 2))
319 			ax_bump(ax);
320 
321 		clear_bit(AXF_ESCAPE, &ax->flags);
322 		ax->rcount = 0;
323 		return;
324 
325 	case ESC:
326 		set_bit(AXF_ESCAPE, &ax->flags);
327 		return;
328 	case ESC_ESC:
329 		if (test_and_clear_bit(AXF_ESCAPE, &ax->flags))
330 			s = ESC;
331 		break;
332 	case ESC_END:
333 		if (test_and_clear_bit(AXF_ESCAPE, &ax->flags))
334 			s = END;
335 		break;
336 	}
337 
338 	spin_lock_bh(&ax->buflock);
339 	if (!test_bit(AXF_ERROR, &ax->flags)) {
340 		if (ax->rcount < ax->buffsize) {
341 			ax->rbuff[ax->rcount++] = s;
342 			spin_unlock_bh(&ax->buflock);
343 			return;
344 		}
345 
346 		ax->dev->stats.rx_over_errors++;
347 		set_bit(AXF_ERROR, &ax->flags);
348 	}
349 	spin_unlock_bh(&ax->buflock);
350 }
351 
ax_set_mac_address(struct net_device * dev,void * addr)352 static int ax_set_mac_address(struct net_device *dev, void *addr)
353 {
354 	struct sockaddr_ax25 *sa = addr;
355 
356 	netif_tx_lock_bh(dev);
357 	netif_addr_lock(dev);
358 	memcpy(dev->dev_addr, &sa->sax25_call, AX25_ADDR_LEN);
359 	netif_addr_unlock(dev);
360 	netif_tx_unlock_bh(dev);
361 
362 	return 0;
363 }
364 
365 /*---------------------------------------------------------------------------*/
366 
ax_changedmtu(struct mkiss * ax)367 static void ax_changedmtu(struct mkiss *ax)
368 {
369 	struct net_device *dev = ax->dev;
370 	unsigned char *xbuff, *rbuff, *oxbuff, *orbuff;
371 	int len;
372 
373 	len = dev->mtu * 2;
374 
375 	/*
376 	 * allow for arrival of larger UDP packets, even if we say not to
377 	 * also fixes a bug in which SunOS sends 512-byte packets even with
378 	 * an MSS of 128
379 	 */
380 	if (len < 576 * 2)
381 		len = 576 * 2;
382 
383 	xbuff = kmalloc(len + 4, GFP_ATOMIC);
384 	rbuff = kmalloc(len + 4, GFP_ATOMIC);
385 
386 	if (xbuff == NULL || rbuff == NULL)  {
387 		printk(KERN_ERR "mkiss: %s: unable to grow ax25 buffers, "
388 		       "MTU change cancelled.\n",
389 		       ax->dev->name);
390 		dev->mtu = ax->mtu;
391 		kfree(xbuff);
392 		kfree(rbuff);
393 		return;
394 	}
395 
396 	spin_lock_bh(&ax->buflock);
397 
398 	oxbuff    = ax->xbuff;
399 	ax->xbuff = xbuff;
400 	orbuff    = ax->rbuff;
401 	ax->rbuff = rbuff;
402 
403 	if (ax->xleft) {
404 		if (ax->xleft <= len) {
405 			memcpy(ax->xbuff, ax->xhead, ax->xleft);
406 		} else  {
407 			ax->xleft = 0;
408 			dev->stats.tx_dropped++;
409 		}
410 	}
411 
412 	ax->xhead = ax->xbuff;
413 
414 	if (ax->rcount) {
415 		if (ax->rcount <= len) {
416 			memcpy(ax->rbuff, orbuff, ax->rcount);
417 		} else  {
418 			ax->rcount = 0;
419 			dev->stats.rx_over_errors++;
420 			set_bit(AXF_ERROR, &ax->flags);
421 		}
422 	}
423 
424 	ax->mtu      = dev->mtu + 73;
425 	ax->buffsize = len;
426 
427 	spin_unlock_bh(&ax->buflock);
428 
429 	kfree(oxbuff);
430 	kfree(orbuff);
431 }
432 
433 /* Encapsulate one AX.25 packet and stuff into a TTY queue. */
ax_encaps(struct net_device * dev,unsigned char * icp,int len)434 static void ax_encaps(struct net_device *dev, unsigned char *icp, int len)
435 {
436 	struct mkiss *ax = netdev_priv(dev);
437 	unsigned char *p;
438 	int actual, count;
439 
440 	if (ax->mtu != ax->dev->mtu + 73)	/* Someone has been ifconfigging */
441 		ax_changedmtu(ax);
442 
443 	if (len > ax->mtu) {		/* Sigh, shouldn't occur BUT ... */
444 		len = ax->mtu;
445 		printk(KERN_ERR "mkiss: %s: truncating oversized transmit packet!\n", ax->dev->name);
446 		dev->stats.tx_dropped++;
447 		netif_start_queue(dev);
448 		return;
449 	}
450 
451 	p = icp;
452 
453 	spin_lock_bh(&ax->buflock);
454 	if ((*p & 0x0f) != 0) {
455 		/* Configuration Command (kissparms(1).
456 		 * Protocol spec says: never append CRC.
457 		 * This fixes a very old bug in the linux
458 		 * kiss driver. -- dl9sau */
459 		switch (*p & 0xff) {
460 		case 0x85:
461 			/* command from userspace especially for us,
462 			 * not for delivery to the tnc */
463 			if (len > 1) {
464 				int cmd = (p[1] & 0xff);
465 				switch(cmd) {
466 				case 3:
467 				  ax->crcmode = CRC_MODE_SMACK;
468 				  break;
469 				case 2:
470 				  ax->crcmode = CRC_MODE_FLEX;
471 				  break;
472 				case 1:
473 				  ax->crcmode = CRC_MODE_NONE;
474 				  break;
475 				case 0:
476 				default:
477 				  ax->crcmode = CRC_MODE_SMACK_TEST;
478 				  cmd = 0;
479 				}
480 				ax->crcauto = (cmd ? 0 : 1);
481 				printk(KERN_INFO "mkiss: %s: crc mode %s %d\n", ax->dev->name, (len) ? "set to" : "is", cmd);
482 			}
483 			spin_unlock_bh(&ax->buflock);
484 			netif_start_queue(dev);
485 
486 			return;
487 		default:
488 			count = kiss_esc(p, ax->xbuff, len);
489 		}
490 	} else {
491 		unsigned short crc;
492 		switch (ax->crcmode) {
493 		case CRC_MODE_SMACK_TEST:
494 			ax->crcmode  = CRC_MODE_FLEX_TEST;
495 			printk(KERN_INFO "mkiss: %s: Trying crc-smack\n", ax->dev->name);
496 			// fall through
497 		case CRC_MODE_SMACK:
498 			*p |= 0x80;
499 			crc = swab16(crc16(0, p, len));
500 			count = kiss_esc_crc(p, ax->xbuff, crc, len+2);
501 			break;
502 		case CRC_MODE_FLEX_TEST:
503 			ax->crcmode = CRC_MODE_NONE;
504 			printk(KERN_INFO "mkiss: %s: Trying crc-flexnet\n", ax->dev->name);
505 			// fall through
506 		case CRC_MODE_FLEX:
507 			*p |= 0x20;
508 			crc = calc_crc_flex(p, len);
509 			count = kiss_esc_crc(p, ax->xbuff, crc, len+2);
510 			break;
511 
512 		default:
513 			count = kiss_esc(p, ax->xbuff, len);
514 		}
515   	}
516 	spin_unlock_bh(&ax->buflock);
517 
518 	set_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags);
519 	actual = ax->tty->ops->write(ax->tty, ax->xbuff, count);
520 	dev->stats.tx_packets++;
521 	dev->stats.tx_bytes += actual;
522 
523 	ax->dev->trans_start = jiffies;
524 	ax->xleft = count - actual;
525 	ax->xhead = ax->xbuff + actual;
526 }
527 
528 /* Encapsulate an AX.25 packet and kick it into a TTY queue. */
ax_xmit(struct sk_buff * skb,struct net_device * dev)529 static netdev_tx_t ax_xmit(struct sk_buff *skb, struct net_device *dev)
530 {
531 	struct mkiss *ax = netdev_priv(dev);
532 
533 	if (!netif_running(dev))  {
534 		printk(KERN_ERR "mkiss: %s: xmit call when iface is down\n", dev->name);
535 		return NETDEV_TX_BUSY;
536 	}
537 
538 	if (netif_queue_stopped(dev)) {
539 		/*
540 		 * May be we must check transmitter timeout here ?
541 		 *      14 Oct 1994 Dmitry Gorodchanin.
542 		 */
543 		if (time_before(jiffies, dev->trans_start + 20 * HZ)) {
544 			/* 20 sec timeout not reached */
545 			return NETDEV_TX_BUSY;
546 		}
547 
548 		printk(KERN_ERR "mkiss: %s: transmit timed out, %s?\n", dev->name,
549 		       (tty_chars_in_buffer(ax->tty) || ax->xleft) ?
550 		       "bad line quality" : "driver error");
551 
552 		ax->xleft = 0;
553 		clear_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags);
554 		netif_start_queue(dev);
555 	}
556 
557 	/* We were not busy, so we are now... :-) */
558 	if (skb != NULL) {
559 		netif_stop_queue(dev);
560 		ax_encaps(dev, skb->data, skb->len);
561 		kfree_skb(skb);
562 	}
563 
564 	return NETDEV_TX_OK;
565 }
566 
ax_open_dev(struct net_device * dev)567 static int ax_open_dev(struct net_device *dev)
568 {
569 	struct mkiss *ax = netdev_priv(dev);
570 
571 	if (ax->tty == NULL)
572 		return -ENODEV;
573 
574 	return 0;
575 }
576 
577 #if defined(CONFIG_AX25) || defined(CONFIG_AX25_MODULE)
578 
579 /* Return the frame type ID */
ax_header(struct sk_buff * skb,struct net_device * dev,unsigned short type,const void * daddr,const void * saddr,unsigned len)580 static int ax_header(struct sk_buff *skb, struct net_device *dev,
581 		     unsigned short type, const void *daddr,
582 		     const void *saddr, unsigned len)
583 {
584 #ifdef CONFIG_INET
585 	if (type != ETH_P_AX25)
586 		return ax25_hard_header(skb, dev, type, daddr, saddr, len);
587 #endif
588 	return 0;
589 }
590 
591 
ax_rebuild_header(struct sk_buff * skb)592 static int ax_rebuild_header(struct sk_buff *skb)
593 {
594 #ifdef CONFIG_INET
595 	return ax25_rebuild_header(skb);
596 #else
597 	return 0;
598 #endif
599 }
600 
601 #endif	/* CONFIG_{AX25,AX25_MODULE} */
602 
603 /* Open the low-level part of the AX25 channel. Easy! */
ax_open(struct net_device * dev)604 static int ax_open(struct net_device *dev)
605 {
606 	struct mkiss *ax = netdev_priv(dev);
607 	unsigned long len;
608 
609 	if (ax->tty == NULL)
610 		return -ENODEV;
611 
612 	/*
613 	 * Allocate the frame buffers:
614 	 *
615 	 * rbuff	Receive buffer.
616 	 * xbuff	Transmit buffer.
617 	 */
618 	len = dev->mtu * 2;
619 
620 	/*
621 	 * allow for arrival of larger UDP packets, even if we say not to
622 	 * also fixes a bug in which SunOS sends 512-byte packets even with
623 	 * an MSS of 128
624 	 */
625 	if (len < 576 * 2)
626 		len = 576 * 2;
627 
628 	if ((ax->rbuff = kmalloc(len + 4, GFP_KERNEL)) == NULL)
629 		goto norbuff;
630 
631 	if ((ax->xbuff = kmalloc(len + 4, GFP_KERNEL)) == NULL)
632 		goto noxbuff;
633 
634 	ax->mtu	     = dev->mtu + 73;
635 	ax->buffsize = len;
636 	ax->rcount   = 0;
637 	ax->xleft    = 0;
638 
639 	ax->flags   &= (1 << AXF_INUSE);      /* Clear ESCAPE & ERROR flags */
640 
641 	spin_lock_init(&ax->buflock);
642 
643 	return 0;
644 
645 noxbuff:
646 	kfree(ax->rbuff);
647 
648 norbuff:
649 	return -ENOMEM;
650 }
651 
652 
653 /* Close the low-level part of the AX25 channel. Easy! */
ax_close(struct net_device * dev)654 static int ax_close(struct net_device *dev)
655 {
656 	struct mkiss *ax = netdev_priv(dev);
657 
658 	if (ax->tty)
659 		clear_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags);
660 
661 	netif_stop_queue(dev);
662 
663 	return 0;
664 }
665 
666 static const struct header_ops ax_header_ops = {
667 	.create    = ax_header,
668 	.rebuild   = ax_rebuild_header,
669 };
670 
671 static const struct net_device_ops ax_netdev_ops = {
672 	.ndo_open            = ax_open_dev,
673 	.ndo_stop            = ax_close,
674 	.ndo_start_xmit	     = ax_xmit,
675 	.ndo_set_mac_address = ax_set_mac_address,
676 };
677 
ax_setup(struct net_device * dev)678 static void ax_setup(struct net_device *dev)
679 {
680 	/* Finish setting up the DEVICE info. */
681 	dev->mtu             = AX_MTU;
682 	dev->hard_header_len = 0;
683 	dev->addr_len        = 0;
684 	dev->type            = ARPHRD_AX25;
685 	dev->tx_queue_len    = 10;
686 	dev->header_ops      = &ax_header_ops;
687 	dev->netdev_ops	     = &ax_netdev_ops;
688 
689 
690 	memcpy(dev->broadcast, &ax25_bcast, AX25_ADDR_LEN);
691 	memcpy(dev->dev_addr,  &ax25_defaddr,  AX25_ADDR_LEN);
692 
693 	dev->flags      = IFF_BROADCAST | IFF_MULTICAST;
694 }
695 
696 /*
697  * We have a potential race on dereferencing tty->disc_data, because the tty
698  * layer provides no locking at all - thus one cpu could be running
699  * sixpack_receive_buf while another calls sixpack_close, which zeroes
700  * tty->disc_data and frees the memory that sixpack_receive_buf is using.  The
701  * best way to fix this is to use a rwlock in the tty struct, but for now we
702  * use a single global rwlock for all ttys in ppp line discipline.
703  */
704 static DEFINE_RWLOCK(disc_data_lock);
705 
mkiss_get(struct tty_struct * tty)706 static struct mkiss *mkiss_get(struct tty_struct *tty)
707 {
708 	struct mkiss *ax;
709 
710 	read_lock(&disc_data_lock);
711 	ax = tty->disc_data;
712 	if (ax)
713 		atomic_inc(&ax->refcnt);
714 	read_unlock(&disc_data_lock);
715 
716 	return ax;
717 }
718 
mkiss_put(struct mkiss * ax)719 static void mkiss_put(struct mkiss *ax)
720 {
721 	if (atomic_dec_and_test(&ax->refcnt))
722 		up(&ax->dead_sem);
723 }
724 
725 static int crc_force = 0;	/* Can be overridden with insmod */
726 
mkiss_open(struct tty_struct * tty)727 static int mkiss_open(struct tty_struct *tty)
728 {
729 	struct net_device *dev;
730 	struct mkiss *ax;
731 	int err;
732 
733 	if (!capable(CAP_NET_ADMIN))
734 		return -EPERM;
735 	if (tty->ops->write == NULL)
736 		return -EOPNOTSUPP;
737 
738 	dev = alloc_netdev(sizeof(struct mkiss), "ax%d", ax_setup);
739 	if (!dev) {
740 		err = -ENOMEM;
741 		goto out;
742 	}
743 
744 	ax = netdev_priv(dev);
745 	ax->dev = dev;
746 
747 	spin_lock_init(&ax->buflock);
748 	atomic_set(&ax->refcnt, 1);
749 	sema_init(&ax->dead_sem, 0);
750 
751 	ax->tty = tty;
752 	tty->disc_data = ax;
753 	tty->receive_room = 65535;
754 
755 	tty_driver_flush_buffer(tty);
756 
757 	/* Restore default settings */
758 	dev->type = ARPHRD_AX25;
759 
760 	/* Perform the low-level AX25 initialization. */
761 	if ((err = ax_open(ax->dev))) {
762 		goto out_free_netdev;
763 	}
764 
765 	if (register_netdev(dev))
766 		goto out_free_buffers;
767 
768 	/* after register_netdev() - because else printk smashes the kernel */
769 	switch (crc_force) {
770 	case 3:
771 		ax->crcmode  = CRC_MODE_SMACK;
772 		printk(KERN_INFO "mkiss: %s: crc mode smack forced.\n",
773 		       ax->dev->name);
774 		break;
775 	case 2:
776 		ax->crcmode  = CRC_MODE_FLEX;
777 		printk(KERN_INFO "mkiss: %s: crc mode flexnet forced.\n",
778 		       ax->dev->name);
779 		break;
780 	case 1:
781 		ax->crcmode  = CRC_MODE_NONE;
782 		printk(KERN_INFO "mkiss: %s: crc mode disabled.\n",
783 		       ax->dev->name);
784 		break;
785 	case 0:
786 		/* fall through */
787 	default:
788 		crc_force = 0;
789 		printk(KERN_INFO "mkiss: %s: crc mode is auto.\n",
790 		       ax->dev->name);
791 		ax->crcmode  = CRC_MODE_SMACK_TEST;
792 	}
793 	ax->crcauto = (crc_force ? 0 : 1);
794 
795 	netif_start_queue(dev);
796 
797 	/* Done.  We have linked the TTY line to a channel. */
798 	return 0;
799 
800 out_free_buffers:
801 	kfree(ax->rbuff);
802 	kfree(ax->xbuff);
803 
804 out_free_netdev:
805 	free_netdev(dev);
806 
807 out:
808 	return err;
809 }
810 
mkiss_close(struct tty_struct * tty)811 static void mkiss_close(struct tty_struct *tty)
812 {
813 	struct mkiss *ax;
814 
815 	write_lock_bh(&disc_data_lock);
816 	ax = tty->disc_data;
817 	tty->disc_data = NULL;
818 	write_unlock_bh(&disc_data_lock);
819 
820 	if (!ax)
821 		return;
822 
823 	/*
824 	 * We have now ensured that nobody can start using ap from now on, but
825 	 * we have to wait for all existing users to finish.
826 	 */
827 	if (!atomic_dec_and_test(&ax->refcnt))
828 		down(&ax->dead_sem);
829 
830 	unregister_netdev(ax->dev);
831 
832 	/* Free all AX25 frame buffers. */
833 	kfree(ax->rbuff);
834 	kfree(ax->xbuff);
835 
836 	ax->tty = NULL;
837 }
838 
839 /* Perform I/O control on an active ax25 channel. */
mkiss_ioctl(struct tty_struct * tty,struct file * file,unsigned int cmd,unsigned long arg)840 static int mkiss_ioctl(struct tty_struct *tty, struct file *file,
841 	unsigned int cmd, unsigned long arg)
842 {
843 	struct mkiss *ax = mkiss_get(tty);
844 	struct net_device *dev;
845 	unsigned int tmp, err;
846 
847 	/* First make sure we're connected. */
848 	if (ax == NULL)
849 		return -ENXIO;
850 	dev = ax->dev;
851 
852 	switch (cmd) {
853  	case SIOCGIFNAME:
854 		err = copy_to_user((void __user *) arg, ax->dev->name,
855 		                   strlen(ax->dev->name) + 1) ? -EFAULT : 0;
856 		break;
857 
858 	case SIOCGIFENCAP:
859 		err = put_user(4, (int __user *) arg);
860 		break;
861 
862 	case SIOCSIFENCAP:
863 		if (get_user(tmp, (int __user *) arg)) {
864 			err = -EFAULT;
865 			break;
866 		}
867 
868 		ax->mode = tmp;
869 		dev->addr_len        = AX25_ADDR_LEN;
870 		dev->hard_header_len = AX25_KISS_HEADER_LEN +
871 		                       AX25_MAX_HEADER_LEN + 3;
872 		dev->type            = ARPHRD_AX25;
873 
874 		err = 0;
875 		break;
876 
877 	case SIOCSIFHWADDR: {
878 		char addr[AX25_ADDR_LEN];
879 
880 		if (copy_from_user(&addr,
881 		                   (void __user *) arg, AX25_ADDR_LEN)) {
882 			err = -EFAULT;
883 			break;
884 		}
885 
886 		netif_tx_lock_bh(dev);
887 		memcpy(dev->dev_addr, addr, AX25_ADDR_LEN);
888 		netif_tx_unlock_bh(dev);
889 
890 		err = 0;
891 		break;
892 	}
893 	default:
894 		err = -ENOIOCTLCMD;
895 	}
896 
897 	mkiss_put(ax);
898 
899 	return err;
900 }
901 
902 #ifdef CONFIG_COMPAT
mkiss_compat_ioctl(struct tty_struct * tty,struct file * file,unsigned int cmd,unsigned long arg)903 static long mkiss_compat_ioctl(struct tty_struct *tty, struct file *file,
904 	unsigned int cmd, unsigned long arg)
905 {
906 	switch (cmd) {
907 	case SIOCGIFNAME:
908 	case SIOCGIFENCAP:
909 	case SIOCSIFENCAP:
910 	case SIOCSIFHWADDR:
911 		return mkiss_ioctl(tty, file, cmd,
912 				   (unsigned long)compat_ptr(arg));
913 	}
914 
915 	return -ENOIOCTLCMD;
916 }
917 #endif
918 
919 /*
920  * Handle the 'receiver data ready' interrupt.
921  * This function is called by the 'tty_io' module in the kernel when
922  * a block of data has been received, which can now be decapsulated
923  * and sent on to the AX.25 layer for further processing.
924  */
mkiss_receive_buf(struct tty_struct * tty,const unsigned char * cp,char * fp,int count)925 static void mkiss_receive_buf(struct tty_struct *tty, const unsigned char *cp,
926 	char *fp, int count)
927 {
928 	struct mkiss *ax = mkiss_get(tty);
929 
930 	if (!ax)
931 		return;
932 
933 	/*
934 	 * Argh! mtu change time! - costs us the packet part received
935 	 * at the change
936 	 */
937 	if (ax->mtu != ax->dev->mtu + 73)
938 		ax_changedmtu(ax);
939 
940 	/* Read the characters out of the buffer */
941 	while (count--) {
942 		if (fp != NULL && *fp++) {
943 			if (!test_and_set_bit(AXF_ERROR, &ax->flags))
944 				ax->dev->stats.rx_errors++;
945 			cp++;
946 			continue;
947 		}
948 
949 		kiss_unesc(ax, *cp++);
950 	}
951 
952 	mkiss_put(ax);
953 	tty_unthrottle(tty);
954 }
955 
956 /*
957  * Called by the driver when there's room for more data.  If we have
958  * more packets to send, we send them here.
959  */
mkiss_write_wakeup(struct tty_struct * tty)960 static void mkiss_write_wakeup(struct tty_struct *tty)
961 {
962 	struct mkiss *ax = mkiss_get(tty);
963 	int actual;
964 
965 	if (!ax)
966 		return;
967 
968 	if (ax->xleft <= 0)  {
969 		/* Now serial buffer is almost free & we can start
970 		 * transmission of another packet
971 		 */
972 		clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
973 
974 		netif_wake_queue(ax->dev);
975 		goto out;
976 	}
977 
978 	actual = tty->ops->write(tty, ax->xhead, ax->xleft);
979 	ax->xleft -= actual;
980 	ax->xhead += actual;
981 
982 out:
983 	mkiss_put(ax);
984 }
985 
986 static struct tty_ldisc_ops ax_ldisc = {
987 	.owner		= THIS_MODULE,
988 	.magic		= TTY_LDISC_MAGIC,
989 	.name		= "mkiss",
990 	.open		= mkiss_open,
991 	.close		= mkiss_close,
992 	.ioctl		= mkiss_ioctl,
993 #ifdef CONFIG_COMPAT
994 	.compat_ioctl	= mkiss_compat_ioctl,
995 #endif
996 	.receive_buf	= mkiss_receive_buf,
997 	.write_wakeup	= mkiss_write_wakeup
998 };
999 
1000 static const char banner[] __initconst = KERN_INFO \
1001 	"mkiss: AX.25 Multikiss, Hans Albas PE1AYX\n";
1002 static const char msg_regfail[] __initconst = KERN_ERR \
1003 	"mkiss: can't register line discipline (err = %d)\n";
1004 
mkiss_init_driver(void)1005 static int __init mkiss_init_driver(void)
1006 {
1007 	int status;
1008 
1009 	printk(banner);
1010 
1011 	status = tty_register_ldisc(N_AX25, &ax_ldisc);
1012 	if (status != 0)
1013 		printk(msg_regfail, status);
1014 
1015 	return status;
1016 }
1017 
1018 static const char msg_unregfail[] = KERN_ERR \
1019 	"mkiss: can't unregister line discipline (err = %d)\n";
1020 
mkiss_exit_driver(void)1021 static void __exit mkiss_exit_driver(void)
1022 {
1023 	int ret;
1024 
1025 	if ((ret = tty_unregister_ldisc(N_AX25)))
1026 		printk(msg_unregfail, ret);
1027 }
1028 
1029 MODULE_AUTHOR("Ralf Baechle DL5RB <ralf@linux-mips.org>");
1030 MODULE_DESCRIPTION("KISS driver for AX.25 over TTYs");
1031 module_param(crc_force, int, 0);
1032 MODULE_PARM_DESC(crc_force, "crc [0 = auto | 1 = none | 2 = flexnet | 3 = smack]");
1033 MODULE_LICENSE("GPL");
1034 MODULE_ALIAS_LDISC(N_AX25);
1035 
1036 module_init(mkiss_init_driver);
1037 module_exit(mkiss_exit_driver);
1038