1 /*
2 * This program is free software; you can distribute it and/or modify it
3 * under the terms of the GNU General Public License (Version 2) as
4 * published by the Free Software Foundation.
5 *
6 * This program is distributed in the hope it will be useful, but WITHOUT
7 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
8 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
9 * for more details.
10 *
11 * You should have received a copy of the GNU General Public License along
12 * with this program; if not, write to the Free Software Foundation, Inc.,
13 * 59 Temple Place - Suite 330, Boston MA 02111-1307, USA.
14 *
15 * Copyright (C) Hans Alblas PE1AYX <hans@esrac.ele.tue.nl>
16 * Copyright (C) 2004, 05 Ralf Baechle DL5RB <ralf@linux-mips.org>
17 * Copyright (C) 2004, 05 Thomas Osterried DL9SAU <thomas@x-berg.in-berlin.de>
18 */
19 #include <linux/module.h>
20 #include <linux/bitops.h>
21 #include <asm/uaccess.h>
22 #include <linux/crc16.h>
23 #include <linux/string.h>
24 #include <linux/mm.h>
25 #include <linux/interrupt.h>
26 #include <linux/in.h>
27 #include <linux/inet.h>
28 #include <linux/slab.h>
29 #include <linux/tty.h>
30 #include <linux/errno.h>
31 #include <linux/netdevice.h>
32 #include <linux/major.h>
33 #include <linux/init.h>
34 #include <linux/rtnetlink.h>
35 #include <linux/etherdevice.h>
36 #include <linux/skbuff.h>
37 #include <linux/if_arp.h>
38 #include <linux/jiffies.h>
39 #include <linux/compat.h>
40
41 #include <net/ax25.h>
42
43 #define AX_MTU 236
44
45 /* SLIP/KISS protocol characters. */
46 #define END 0300 /* indicates end of frame */
47 #define ESC 0333 /* indicates byte stuffing */
48 #define ESC_END 0334 /* ESC ESC_END means END 'data' */
49 #define ESC_ESC 0335 /* ESC ESC_ESC means ESC 'data' */
50
51 struct mkiss {
52 struct tty_struct *tty; /* ptr to TTY structure */
53 struct net_device *dev; /* easy for intr handling */
54
55 /* These are pointers to the malloc()ed frame buffers. */
56 spinlock_t buflock;/* lock for rbuf and xbuf */
57 unsigned char *rbuff; /* receiver buffer */
58 int rcount; /* received chars counter */
59 unsigned char *xbuff; /* transmitter buffer */
60 unsigned char *xhead; /* pointer to next byte to XMIT */
61 int xleft; /* bytes left in XMIT queue */
62
63 /* Detailed SLIP statistics. */
64 int mtu; /* Our mtu (to spot changes!) */
65 int buffsize; /* Max buffers sizes */
66
67 unsigned long flags; /* Flag values/ mode etc */
68 /* long req'd: used by set_bit --RR */
69 #define AXF_INUSE 0 /* Channel in use */
70 #define AXF_ESCAPE 1 /* ESC received */
71 #define AXF_ERROR 2 /* Parity, etc. error */
72 #define AXF_KEEPTEST 3 /* Keepalive test flag */
73 #define AXF_OUTWAIT 4 /* is outpacket was flag */
74
75 int mode;
76 int crcmode; /* MW: for FlexNet, SMACK etc. */
77 int crcauto; /* CRC auto mode */
78
79 #define CRC_MODE_NONE 0
80 #define CRC_MODE_FLEX 1
81 #define CRC_MODE_SMACK 2
82 #define CRC_MODE_FLEX_TEST 3
83 #define CRC_MODE_SMACK_TEST 4
84
85 atomic_t refcnt;
86 struct semaphore dead_sem;
87 };
88
89 /*---------------------------------------------------------------------------*/
90
91 static const unsigned short crc_flex_table[] = {
92 0x0f87, 0x1e0e, 0x2c95, 0x3d1c, 0x49a3, 0x582a, 0x6ab1, 0x7b38,
93 0x83cf, 0x9246, 0xa0dd, 0xb154, 0xc5eb, 0xd462, 0xe6f9, 0xf770,
94 0x1f06, 0x0e8f, 0x3c14, 0x2d9d, 0x5922, 0x48ab, 0x7a30, 0x6bb9,
95 0x934e, 0x82c7, 0xb05c, 0xa1d5, 0xd56a, 0xc4e3, 0xf678, 0xe7f1,
96 0x2e85, 0x3f0c, 0x0d97, 0x1c1e, 0x68a1, 0x7928, 0x4bb3, 0x5a3a,
97 0xa2cd, 0xb344, 0x81df, 0x9056, 0xe4e9, 0xf560, 0xc7fb, 0xd672,
98 0x3e04, 0x2f8d, 0x1d16, 0x0c9f, 0x7820, 0x69a9, 0x5b32, 0x4abb,
99 0xb24c, 0xa3c5, 0x915e, 0x80d7, 0xf468, 0xe5e1, 0xd77a, 0xc6f3,
100 0x4d83, 0x5c0a, 0x6e91, 0x7f18, 0x0ba7, 0x1a2e, 0x28b5, 0x393c,
101 0xc1cb, 0xd042, 0xe2d9, 0xf350, 0x87ef, 0x9666, 0xa4fd, 0xb574,
102 0x5d02, 0x4c8b, 0x7e10, 0x6f99, 0x1b26, 0x0aaf, 0x3834, 0x29bd,
103 0xd14a, 0xc0c3, 0xf258, 0xe3d1, 0x976e, 0x86e7, 0xb47c, 0xa5f5,
104 0x6c81, 0x7d08, 0x4f93, 0x5e1a, 0x2aa5, 0x3b2c, 0x09b7, 0x183e,
105 0xe0c9, 0xf140, 0xc3db, 0xd252, 0xa6ed, 0xb764, 0x85ff, 0x9476,
106 0x7c00, 0x6d89, 0x5f12, 0x4e9b, 0x3a24, 0x2bad, 0x1936, 0x08bf,
107 0xf048, 0xe1c1, 0xd35a, 0xc2d3, 0xb66c, 0xa7e5, 0x957e, 0x84f7,
108 0x8b8f, 0x9a06, 0xa89d, 0xb914, 0xcdab, 0xdc22, 0xeeb9, 0xff30,
109 0x07c7, 0x164e, 0x24d5, 0x355c, 0x41e3, 0x506a, 0x62f1, 0x7378,
110 0x9b0e, 0x8a87, 0xb81c, 0xa995, 0xdd2a, 0xcca3, 0xfe38, 0xefb1,
111 0x1746, 0x06cf, 0x3454, 0x25dd, 0x5162, 0x40eb, 0x7270, 0x63f9,
112 0xaa8d, 0xbb04, 0x899f, 0x9816, 0xeca9, 0xfd20, 0xcfbb, 0xde32,
113 0x26c5, 0x374c, 0x05d7, 0x145e, 0x60e1, 0x7168, 0x43f3, 0x527a,
114 0xba0c, 0xab85, 0x991e, 0x8897, 0xfc28, 0xeda1, 0xdf3a, 0xceb3,
115 0x3644, 0x27cd, 0x1556, 0x04df, 0x7060, 0x61e9, 0x5372, 0x42fb,
116 0xc98b, 0xd802, 0xea99, 0xfb10, 0x8faf, 0x9e26, 0xacbd, 0xbd34,
117 0x45c3, 0x544a, 0x66d1, 0x7758, 0x03e7, 0x126e, 0x20f5, 0x317c,
118 0xd90a, 0xc883, 0xfa18, 0xeb91, 0x9f2e, 0x8ea7, 0xbc3c, 0xadb5,
119 0x5542, 0x44cb, 0x7650, 0x67d9, 0x1366, 0x02ef, 0x3074, 0x21fd,
120 0xe889, 0xf900, 0xcb9b, 0xda12, 0xaead, 0xbf24, 0x8dbf, 0x9c36,
121 0x64c1, 0x7548, 0x47d3, 0x565a, 0x22e5, 0x336c, 0x01f7, 0x107e,
122 0xf808, 0xe981, 0xdb1a, 0xca93, 0xbe2c, 0xafa5, 0x9d3e, 0x8cb7,
123 0x7440, 0x65c9, 0x5752, 0x46db, 0x3264, 0x23ed, 0x1176, 0x00ff
124 };
125
calc_crc_flex(unsigned char * cp,int size)126 static unsigned short calc_crc_flex(unsigned char *cp, int size)
127 {
128 unsigned short crc = 0xffff;
129
130 while (size--)
131 crc = (crc << 8) ^ crc_flex_table[((crc >> 8) ^ *cp++) & 0xff];
132
133 return crc;
134 }
135
check_crc_flex(unsigned char * cp,int size)136 static int check_crc_flex(unsigned char *cp, int size)
137 {
138 unsigned short crc = 0xffff;
139
140 if (size < 3)
141 return -1;
142
143 while (size--)
144 crc = (crc << 8) ^ crc_flex_table[((crc >> 8) ^ *cp++) & 0xff];
145
146 if ((crc & 0xffff) != 0x7070)
147 return -1;
148
149 return 0;
150 }
151
check_crc_16(unsigned char * cp,int size)152 static int check_crc_16(unsigned char *cp, int size)
153 {
154 unsigned short crc = 0x0000;
155
156 if (size < 3)
157 return -1;
158
159 crc = crc16(0, cp, size);
160
161 if (crc != 0x0000)
162 return -1;
163
164 return 0;
165 }
166
167 /*
168 * Standard encapsulation
169 */
170
kiss_esc(unsigned char * s,unsigned char * d,int len)171 static int kiss_esc(unsigned char *s, unsigned char *d, int len)
172 {
173 unsigned char *ptr = d;
174 unsigned char c;
175
176 /*
177 * Send an initial END character to flush out any data that may have
178 * accumulated in the receiver due to line noise.
179 */
180
181 *ptr++ = END;
182
183 while (len-- > 0) {
184 switch (c = *s++) {
185 case END:
186 *ptr++ = ESC;
187 *ptr++ = ESC_END;
188 break;
189 case ESC:
190 *ptr++ = ESC;
191 *ptr++ = ESC_ESC;
192 break;
193 default:
194 *ptr++ = c;
195 break;
196 }
197 }
198
199 *ptr++ = END;
200
201 return ptr - d;
202 }
203
204 /*
205 * MW:
206 * OK its ugly, but tell me a better solution without copying the
207 * packet to a temporary buffer :-)
208 */
kiss_esc_crc(unsigned char * s,unsigned char * d,unsigned short crc,int len)209 static int kiss_esc_crc(unsigned char *s, unsigned char *d, unsigned short crc,
210 int len)
211 {
212 unsigned char *ptr = d;
213 unsigned char c=0;
214
215 *ptr++ = END;
216 while (len > 0) {
217 if (len > 2)
218 c = *s++;
219 else if (len > 1)
220 c = crc >> 8;
221 else if (len > 0)
222 c = crc & 0xff;
223
224 len--;
225
226 switch (c) {
227 case END:
228 *ptr++ = ESC;
229 *ptr++ = ESC_END;
230 break;
231 case ESC:
232 *ptr++ = ESC;
233 *ptr++ = ESC_ESC;
234 break;
235 default:
236 *ptr++ = c;
237 break;
238 }
239 }
240 *ptr++ = END;
241
242 return ptr - d;
243 }
244
245 /* Send one completely decapsulated AX.25 packet to the AX.25 layer. */
ax_bump(struct mkiss * ax)246 static void ax_bump(struct mkiss *ax)
247 {
248 struct sk_buff *skb;
249 int count;
250
251 spin_lock_bh(&ax->buflock);
252 if (ax->rbuff[0] > 0x0f) {
253 if (ax->rbuff[0] & 0x80) {
254 if (check_crc_16(ax->rbuff, ax->rcount) < 0) {
255 ax->dev->stats.rx_errors++;
256 spin_unlock_bh(&ax->buflock);
257
258 return;
259 }
260 if (ax->crcmode != CRC_MODE_SMACK && ax->crcauto) {
261 printk(KERN_INFO
262 "mkiss: %s: Switching to crc-smack\n",
263 ax->dev->name);
264 ax->crcmode = CRC_MODE_SMACK;
265 }
266 ax->rcount -= 2;
267 *ax->rbuff &= ~0x80;
268 } else if (ax->rbuff[0] & 0x20) {
269 if (check_crc_flex(ax->rbuff, ax->rcount) < 0) {
270 ax->dev->stats.rx_errors++;
271 spin_unlock_bh(&ax->buflock);
272 return;
273 }
274 if (ax->crcmode != CRC_MODE_FLEX && ax->crcauto) {
275 printk(KERN_INFO
276 "mkiss: %s: Switching to crc-flexnet\n",
277 ax->dev->name);
278 ax->crcmode = CRC_MODE_FLEX;
279 }
280 ax->rcount -= 2;
281
282 /*
283 * dl9sau bugfix: the trailling two bytes flexnet crc
284 * will not be passed to the kernel. thus we have to
285 * correct the kissparm signature, because it indicates
286 * a crc but there's none
287 */
288 *ax->rbuff &= ~0x20;
289 }
290 }
291
292 count = ax->rcount;
293
294 if ((skb = dev_alloc_skb(count)) == NULL) {
295 printk(KERN_ERR "mkiss: %s: memory squeeze, dropping packet.\n",
296 ax->dev->name);
297 ax->dev->stats.rx_dropped++;
298 spin_unlock_bh(&ax->buflock);
299 return;
300 }
301
302 memcpy(skb_put(skb,count), ax->rbuff, count);
303 skb->protocol = ax25_type_trans(skb, ax->dev);
304 netif_rx(skb);
305 ax->dev->stats.rx_packets++;
306 ax->dev->stats.rx_bytes += count;
307 spin_unlock_bh(&ax->buflock);
308 }
309
kiss_unesc(struct mkiss * ax,unsigned char s)310 static void kiss_unesc(struct mkiss *ax, unsigned char s)
311 {
312 switch (s) {
313 case END:
314 /* drop keeptest bit = VSV */
315 if (test_bit(AXF_KEEPTEST, &ax->flags))
316 clear_bit(AXF_KEEPTEST, &ax->flags);
317
318 if (!test_and_clear_bit(AXF_ERROR, &ax->flags) && (ax->rcount > 2))
319 ax_bump(ax);
320
321 clear_bit(AXF_ESCAPE, &ax->flags);
322 ax->rcount = 0;
323 return;
324
325 case ESC:
326 set_bit(AXF_ESCAPE, &ax->flags);
327 return;
328 case ESC_ESC:
329 if (test_and_clear_bit(AXF_ESCAPE, &ax->flags))
330 s = ESC;
331 break;
332 case ESC_END:
333 if (test_and_clear_bit(AXF_ESCAPE, &ax->flags))
334 s = END;
335 break;
336 }
337
338 spin_lock_bh(&ax->buflock);
339 if (!test_bit(AXF_ERROR, &ax->flags)) {
340 if (ax->rcount < ax->buffsize) {
341 ax->rbuff[ax->rcount++] = s;
342 spin_unlock_bh(&ax->buflock);
343 return;
344 }
345
346 ax->dev->stats.rx_over_errors++;
347 set_bit(AXF_ERROR, &ax->flags);
348 }
349 spin_unlock_bh(&ax->buflock);
350 }
351
ax_set_mac_address(struct net_device * dev,void * addr)352 static int ax_set_mac_address(struct net_device *dev, void *addr)
353 {
354 struct sockaddr_ax25 *sa = addr;
355
356 netif_tx_lock_bh(dev);
357 netif_addr_lock(dev);
358 memcpy(dev->dev_addr, &sa->sax25_call, AX25_ADDR_LEN);
359 netif_addr_unlock(dev);
360 netif_tx_unlock_bh(dev);
361
362 return 0;
363 }
364
365 /*---------------------------------------------------------------------------*/
366
ax_changedmtu(struct mkiss * ax)367 static void ax_changedmtu(struct mkiss *ax)
368 {
369 struct net_device *dev = ax->dev;
370 unsigned char *xbuff, *rbuff, *oxbuff, *orbuff;
371 int len;
372
373 len = dev->mtu * 2;
374
375 /*
376 * allow for arrival of larger UDP packets, even if we say not to
377 * also fixes a bug in which SunOS sends 512-byte packets even with
378 * an MSS of 128
379 */
380 if (len < 576 * 2)
381 len = 576 * 2;
382
383 xbuff = kmalloc(len + 4, GFP_ATOMIC);
384 rbuff = kmalloc(len + 4, GFP_ATOMIC);
385
386 if (xbuff == NULL || rbuff == NULL) {
387 printk(KERN_ERR "mkiss: %s: unable to grow ax25 buffers, "
388 "MTU change cancelled.\n",
389 ax->dev->name);
390 dev->mtu = ax->mtu;
391 kfree(xbuff);
392 kfree(rbuff);
393 return;
394 }
395
396 spin_lock_bh(&ax->buflock);
397
398 oxbuff = ax->xbuff;
399 ax->xbuff = xbuff;
400 orbuff = ax->rbuff;
401 ax->rbuff = rbuff;
402
403 if (ax->xleft) {
404 if (ax->xleft <= len) {
405 memcpy(ax->xbuff, ax->xhead, ax->xleft);
406 } else {
407 ax->xleft = 0;
408 dev->stats.tx_dropped++;
409 }
410 }
411
412 ax->xhead = ax->xbuff;
413
414 if (ax->rcount) {
415 if (ax->rcount <= len) {
416 memcpy(ax->rbuff, orbuff, ax->rcount);
417 } else {
418 ax->rcount = 0;
419 dev->stats.rx_over_errors++;
420 set_bit(AXF_ERROR, &ax->flags);
421 }
422 }
423
424 ax->mtu = dev->mtu + 73;
425 ax->buffsize = len;
426
427 spin_unlock_bh(&ax->buflock);
428
429 kfree(oxbuff);
430 kfree(orbuff);
431 }
432
433 /* Encapsulate one AX.25 packet and stuff into a TTY queue. */
ax_encaps(struct net_device * dev,unsigned char * icp,int len)434 static void ax_encaps(struct net_device *dev, unsigned char *icp, int len)
435 {
436 struct mkiss *ax = netdev_priv(dev);
437 unsigned char *p;
438 int actual, count;
439
440 if (ax->mtu != ax->dev->mtu + 73) /* Someone has been ifconfigging */
441 ax_changedmtu(ax);
442
443 if (len > ax->mtu) { /* Sigh, shouldn't occur BUT ... */
444 len = ax->mtu;
445 printk(KERN_ERR "mkiss: %s: truncating oversized transmit packet!\n", ax->dev->name);
446 dev->stats.tx_dropped++;
447 netif_start_queue(dev);
448 return;
449 }
450
451 p = icp;
452
453 spin_lock_bh(&ax->buflock);
454 if ((*p & 0x0f) != 0) {
455 /* Configuration Command (kissparms(1).
456 * Protocol spec says: never append CRC.
457 * This fixes a very old bug in the linux
458 * kiss driver. -- dl9sau */
459 switch (*p & 0xff) {
460 case 0x85:
461 /* command from userspace especially for us,
462 * not for delivery to the tnc */
463 if (len > 1) {
464 int cmd = (p[1] & 0xff);
465 switch(cmd) {
466 case 3:
467 ax->crcmode = CRC_MODE_SMACK;
468 break;
469 case 2:
470 ax->crcmode = CRC_MODE_FLEX;
471 break;
472 case 1:
473 ax->crcmode = CRC_MODE_NONE;
474 break;
475 case 0:
476 default:
477 ax->crcmode = CRC_MODE_SMACK_TEST;
478 cmd = 0;
479 }
480 ax->crcauto = (cmd ? 0 : 1);
481 printk(KERN_INFO "mkiss: %s: crc mode %s %d\n", ax->dev->name, (len) ? "set to" : "is", cmd);
482 }
483 spin_unlock_bh(&ax->buflock);
484 netif_start_queue(dev);
485
486 return;
487 default:
488 count = kiss_esc(p, ax->xbuff, len);
489 }
490 } else {
491 unsigned short crc;
492 switch (ax->crcmode) {
493 case CRC_MODE_SMACK_TEST:
494 ax->crcmode = CRC_MODE_FLEX_TEST;
495 printk(KERN_INFO "mkiss: %s: Trying crc-smack\n", ax->dev->name);
496 // fall through
497 case CRC_MODE_SMACK:
498 *p |= 0x80;
499 crc = swab16(crc16(0, p, len));
500 count = kiss_esc_crc(p, ax->xbuff, crc, len+2);
501 break;
502 case CRC_MODE_FLEX_TEST:
503 ax->crcmode = CRC_MODE_NONE;
504 printk(KERN_INFO "mkiss: %s: Trying crc-flexnet\n", ax->dev->name);
505 // fall through
506 case CRC_MODE_FLEX:
507 *p |= 0x20;
508 crc = calc_crc_flex(p, len);
509 count = kiss_esc_crc(p, ax->xbuff, crc, len+2);
510 break;
511
512 default:
513 count = kiss_esc(p, ax->xbuff, len);
514 }
515 }
516 spin_unlock_bh(&ax->buflock);
517
518 set_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags);
519 actual = ax->tty->ops->write(ax->tty, ax->xbuff, count);
520 dev->stats.tx_packets++;
521 dev->stats.tx_bytes += actual;
522
523 ax->dev->trans_start = jiffies;
524 ax->xleft = count - actual;
525 ax->xhead = ax->xbuff + actual;
526 }
527
528 /* Encapsulate an AX.25 packet and kick it into a TTY queue. */
ax_xmit(struct sk_buff * skb,struct net_device * dev)529 static netdev_tx_t ax_xmit(struct sk_buff *skb, struct net_device *dev)
530 {
531 struct mkiss *ax = netdev_priv(dev);
532
533 if (!netif_running(dev)) {
534 printk(KERN_ERR "mkiss: %s: xmit call when iface is down\n", dev->name);
535 return NETDEV_TX_BUSY;
536 }
537
538 if (netif_queue_stopped(dev)) {
539 /*
540 * May be we must check transmitter timeout here ?
541 * 14 Oct 1994 Dmitry Gorodchanin.
542 */
543 if (time_before(jiffies, dev->trans_start + 20 * HZ)) {
544 /* 20 sec timeout not reached */
545 return NETDEV_TX_BUSY;
546 }
547
548 printk(KERN_ERR "mkiss: %s: transmit timed out, %s?\n", dev->name,
549 (tty_chars_in_buffer(ax->tty) || ax->xleft) ?
550 "bad line quality" : "driver error");
551
552 ax->xleft = 0;
553 clear_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags);
554 netif_start_queue(dev);
555 }
556
557 /* We were not busy, so we are now... :-) */
558 if (skb != NULL) {
559 netif_stop_queue(dev);
560 ax_encaps(dev, skb->data, skb->len);
561 kfree_skb(skb);
562 }
563
564 return NETDEV_TX_OK;
565 }
566
ax_open_dev(struct net_device * dev)567 static int ax_open_dev(struct net_device *dev)
568 {
569 struct mkiss *ax = netdev_priv(dev);
570
571 if (ax->tty == NULL)
572 return -ENODEV;
573
574 return 0;
575 }
576
577 #if defined(CONFIG_AX25) || defined(CONFIG_AX25_MODULE)
578
579 /* Return the frame type ID */
ax_header(struct sk_buff * skb,struct net_device * dev,unsigned short type,const void * daddr,const void * saddr,unsigned len)580 static int ax_header(struct sk_buff *skb, struct net_device *dev,
581 unsigned short type, const void *daddr,
582 const void *saddr, unsigned len)
583 {
584 #ifdef CONFIG_INET
585 if (type != ETH_P_AX25)
586 return ax25_hard_header(skb, dev, type, daddr, saddr, len);
587 #endif
588 return 0;
589 }
590
591
ax_rebuild_header(struct sk_buff * skb)592 static int ax_rebuild_header(struct sk_buff *skb)
593 {
594 #ifdef CONFIG_INET
595 return ax25_rebuild_header(skb);
596 #else
597 return 0;
598 #endif
599 }
600
601 #endif /* CONFIG_{AX25,AX25_MODULE} */
602
603 /* Open the low-level part of the AX25 channel. Easy! */
ax_open(struct net_device * dev)604 static int ax_open(struct net_device *dev)
605 {
606 struct mkiss *ax = netdev_priv(dev);
607 unsigned long len;
608
609 if (ax->tty == NULL)
610 return -ENODEV;
611
612 /*
613 * Allocate the frame buffers:
614 *
615 * rbuff Receive buffer.
616 * xbuff Transmit buffer.
617 */
618 len = dev->mtu * 2;
619
620 /*
621 * allow for arrival of larger UDP packets, even if we say not to
622 * also fixes a bug in which SunOS sends 512-byte packets even with
623 * an MSS of 128
624 */
625 if (len < 576 * 2)
626 len = 576 * 2;
627
628 if ((ax->rbuff = kmalloc(len + 4, GFP_KERNEL)) == NULL)
629 goto norbuff;
630
631 if ((ax->xbuff = kmalloc(len + 4, GFP_KERNEL)) == NULL)
632 goto noxbuff;
633
634 ax->mtu = dev->mtu + 73;
635 ax->buffsize = len;
636 ax->rcount = 0;
637 ax->xleft = 0;
638
639 ax->flags &= (1 << AXF_INUSE); /* Clear ESCAPE & ERROR flags */
640
641 spin_lock_init(&ax->buflock);
642
643 return 0;
644
645 noxbuff:
646 kfree(ax->rbuff);
647
648 norbuff:
649 return -ENOMEM;
650 }
651
652
653 /* Close the low-level part of the AX25 channel. Easy! */
ax_close(struct net_device * dev)654 static int ax_close(struct net_device *dev)
655 {
656 struct mkiss *ax = netdev_priv(dev);
657
658 if (ax->tty)
659 clear_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags);
660
661 netif_stop_queue(dev);
662
663 return 0;
664 }
665
666 static const struct header_ops ax_header_ops = {
667 .create = ax_header,
668 .rebuild = ax_rebuild_header,
669 };
670
671 static const struct net_device_ops ax_netdev_ops = {
672 .ndo_open = ax_open_dev,
673 .ndo_stop = ax_close,
674 .ndo_start_xmit = ax_xmit,
675 .ndo_set_mac_address = ax_set_mac_address,
676 };
677
ax_setup(struct net_device * dev)678 static void ax_setup(struct net_device *dev)
679 {
680 /* Finish setting up the DEVICE info. */
681 dev->mtu = AX_MTU;
682 dev->hard_header_len = 0;
683 dev->addr_len = 0;
684 dev->type = ARPHRD_AX25;
685 dev->tx_queue_len = 10;
686 dev->header_ops = &ax_header_ops;
687 dev->netdev_ops = &ax_netdev_ops;
688
689
690 memcpy(dev->broadcast, &ax25_bcast, AX25_ADDR_LEN);
691 memcpy(dev->dev_addr, &ax25_defaddr, AX25_ADDR_LEN);
692
693 dev->flags = IFF_BROADCAST | IFF_MULTICAST;
694 }
695
696 /*
697 * We have a potential race on dereferencing tty->disc_data, because the tty
698 * layer provides no locking at all - thus one cpu could be running
699 * sixpack_receive_buf while another calls sixpack_close, which zeroes
700 * tty->disc_data and frees the memory that sixpack_receive_buf is using. The
701 * best way to fix this is to use a rwlock in the tty struct, but for now we
702 * use a single global rwlock for all ttys in ppp line discipline.
703 */
704 static DEFINE_RWLOCK(disc_data_lock);
705
mkiss_get(struct tty_struct * tty)706 static struct mkiss *mkiss_get(struct tty_struct *tty)
707 {
708 struct mkiss *ax;
709
710 read_lock(&disc_data_lock);
711 ax = tty->disc_data;
712 if (ax)
713 atomic_inc(&ax->refcnt);
714 read_unlock(&disc_data_lock);
715
716 return ax;
717 }
718
mkiss_put(struct mkiss * ax)719 static void mkiss_put(struct mkiss *ax)
720 {
721 if (atomic_dec_and_test(&ax->refcnt))
722 up(&ax->dead_sem);
723 }
724
725 static int crc_force = 0; /* Can be overridden with insmod */
726
mkiss_open(struct tty_struct * tty)727 static int mkiss_open(struct tty_struct *tty)
728 {
729 struct net_device *dev;
730 struct mkiss *ax;
731 int err;
732
733 if (!capable(CAP_NET_ADMIN))
734 return -EPERM;
735 if (tty->ops->write == NULL)
736 return -EOPNOTSUPP;
737
738 dev = alloc_netdev(sizeof(struct mkiss), "ax%d", ax_setup);
739 if (!dev) {
740 err = -ENOMEM;
741 goto out;
742 }
743
744 ax = netdev_priv(dev);
745 ax->dev = dev;
746
747 spin_lock_init(&ax->buflock);
748 atomic_set(&ax->refcnt, 1);
749 sema_init(&ax->dead_sem, 0);
750
751 ax->tty = tty;
752 tty->disc_data = ax;
753 tty->receive_room = 65535;
754
755 tty_driver_flush_buffer(tty);
756
757 /* Restore default settings */
758 dev->type = ARPHRD_AX25;
759
760 /* Perform the low-level AX25 initialization. */
761 if ((err = ax_open(ax->dev))) {
762 goto out_free_netdev;
763 }
764
765 if (register_netdev(dev))
766 goto out_free_buffers;
767
768 /* after register_netdev() - because else printk smashes the kernel */
769 switch (crc_force) {
770 case 3:
771 ax->crcmode = CRC_MODE_SMACK;
772 printk(KERN_INFO "mkiss: %s: crc mode smack forced.\n",
773 ax->dev->name);
774 break;
775 case 2:
776 ax->crcmode = CRC_MODE_FLEX;
777 printk(KERN_INFO "mkiss: %s: crc mode flexnet forced.\n",
778 ax->dev->name);
779 break;
780 case 1:
781 ax->crcmode = CRC_MODE_NONE;
782 printk(KERN_INFO "mkiss: %s: crc mode disabled.\n",
783 ax->dev->name);
784 break;
785 case 0:
786 /* fall through */
787 default:
788 crc_force = 0;
789 printk(KERN_INFO "mkiss: %s: crc mode is auto.\n",
790 ax->dev->name);
791 ax->crcmode = CRC_MODE_SMACK_TEST;
792 }
793 ax->crcauto = (crc_force ? 0 : 1);
794
795 netif_start_queue(dev);
796
797 /* Done. We have linked the TTY line to a channel. */
798 return 0;
799
800 out_free_buffers:
801 kfree(ax->rbuff);
802 kfree(ax->xbuff);
803
804 out_free_netdev:
805 free_netdev(dev);
806
807 out:
808 return err;
809 }
810
mkiss_close(struct tty_struct * tty)811 static void mkiss_close(struct tty_struct *tty)
812 {
813 struct mkiss *ax;
814
815 write_lock_bh(&disc_data_lock);
816 ax = tty->disc_data;
817 tty->disc_data = NULL;
818 write_unlock_bh(&disc_data_lock);
819
820 if (!ax)
821 return;
822
823 /*
824 * We have now ensured that nobody can start using ap from now on, but
825 * we have to wait for all existing users to finish.
826 */
827 if (!atomic_dec_and_test(&ax->refcnt))
828 down(&ax->dead_sem);
829
830 unregister_netdev(ax->dev);
831
832 /* Free all AX25 frame buffers. */
833 kfree(ax->rbuff);
834 kfree(ax->xbuff);
835
836 ax->tty = NULL;
837 }
838
839 /* Perform I/O control on an active ax25 channel. */
mkiss_ioctl(struct tty_struct * tty,struct file * file,unsigned int cmd,unsigned long arg)840 static int mkiss_ioctl(struct tty_struct *tty, struct file *file,
841 unsigned int cmd, unsigned long arg)
842 {
843 struct mkiss *ax = mkiss_get(tty);
844 struct net_device *dev;
845 unsigned int tmp, err;
846
847 /* First make sure we're connected. */
848 if (ax == NULL)
849 return -ENXIO;
850 dev = ax->dev;
851
852 switch (cmd) {
853 case SIOCGIFNAME:
854 err = copy_to_user((void __user *) arg, ax->dev->name,
855 strlen(ax->dev->name) + 1) ? -EFAULT : 0;
856 break;
857
858 case SIOCGIFENCAP:
859 err = put_user(4, (int __user *) arg);
860 break;
861
862 case SIOCSIFENCAP:
863 if (get_user(tmp, (int __user *) arg)) {
864 err = -EFAULT;
865 break;
866 }
867
868 ax->mode = tmp;
869 dev->addr_len = AX25_ADDR_LEN;
870 dev->hard_header_len = AX25_KISS_HEADER_LEN +
871 AX25_MAX_HEADER_LEN + 3;
872 dev->type = ARPHRD_AX25;
873
874 err = 0;
875 break;
876
877 case SIOCSIFHWADDR: {
878 char addr[AX25_ADDR_LEN];
879
880 if (copy_from_user(&addr,
881 (void __user *) arg, AX25_ADDR_LEN)) {
882 err = -EFAULT;
883 break;
884 }
885
886 netif_tx_lock_bh(dev);
887 memcpy(dev->dev_addr, addr, AX25_ADDR_LEN);
888 netif_tx_unlock_bh(dev);
889
890 err = 0;
891 break;
892 }
893 default:
894 err = -ENOIOCTLCMD;
895 }
896
897 mkiss_put(ax);
898
899 return err;
900 }
901
902 #ifdef CONFIG_COMPAT
mkiss_compat_ioctl(struct tty_struct * tty,struct file * file,unsigned int cmd,unsigned long arg)903 static long mkiss_compat_ioctl(struct tty_struct *tty, struct file *file,
904 unsigned int cmd, unsigned long arg)
905 {
906 switch (cmd) {
907 case SIOCGIFNAME:
908 case SIOCGIFENCAP:
909 case SIOCSIFENCAP:
910 case SIOCSIFHWADDR:
911 return mkiss_ioctl(tty, file, cmd,
912 (unsigned long)compat_ptr(arg));
913 }
914
915 return -ENOIOCTLCMD;
916 }
917 #endif
918
919 /*
920 * Handle the 'receiver data ready' interrupt.
921 * This function is called by the 'tty_io' module in the kernel when
922 * a block of data has been received, which can now be decapsulated
923 * and sent on to the AX.25 layer for further processing.
924 */
mkiss_receive_buf(struct tty_struct * tty,const unsigned char * cp,char * fp,int count)925 static void mkiss_receive_buf(struct tty_struct *tty, const unsigned char *cp,
926 char *fp, int count)
927 {
928 struct mkiss *ax = mkiss_get(tty);
929
930 if (!ax)
931 return;
932
933 /*
934 * Argh! mtu change time! - costs us the packet part received
935 * at the change
936 */
937 if (ax->mtu != ax->dev->mtu + 73)
938 ax_changedmtu(ax);
939
940 /* Read the characters out of the buffer */
941 while (count--) {
942 if (fp != NULL && *fp++) {
943 if (!test_and_set_bit(AXF_ERROR, &ax->flags))
944 ax->dev->stats.rx_errors++;
945 cp++;
946 continue;
947 }
948
949 kiss_unesc(ax, *cp++);
950 }
951
952 mkiss_put(ax);
953 tty_unthrottle(tty);
954 }
955
956 /*
957 * Called by the driver when there's room for more data. If we have
958 * more packets to send, we send them here.
959 */
mkiss_write_wakeup(struct tty_struct * tty)960 static void mkiss_write_wakeup(struct tty_struct *tty)
961 {
962 struct mkiss *ax = mkiss_get(tty);
963 int actual;
964
965 if (!ax)
966 return;
967
968 if (ax->xleft <= 0) {
969 /* Now serial buffer is almost free & we can start
970 * transmission of another packet
971 */
972 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
973
974 netif_wake_queue(ax->dev);
975 goto out;
976 }
977
978 actual = tty->ops->write(tty, ax->xhead, ax->xleft);
979 ax->xleft -= actual;
980 ax->xhead += actual;
981
982 out:
983 mkiss_put(ax);
984 }
985
986 static struct tty_ldisc_ops ax_ldisc = {
987 .owner = THIS_MODULE,
988 .magic = TTY_LDISC_MAGIC,
989 .name = "mkiss",
990 .open = mkiss_open,
991 .close = mkiss_close,
992 .ioctl = mkiss_ioctl,
993 #ifdef CONFIG_COMPAT
994 .compat_ioctl = mkiss_compat_ioctl,
995 #endif
996 .receive_buf = mkiss_receive_buf,
997 .write_wakeup = mkiss_write_wakeup
998 };
999
1000 static const char banner[] __initconst = KERN_INFO \
1001 "mkiss: AX.25 Multikiss, Hans Albas PE1AYX\n";
1002 static const char msg_regfail[] __initconst = KERN_ERR \
1003 "mkiss: can't register line discipline (err = %d)\n";
1004
mkiss_init_driver(void)1005 static int __init mkiss_init_driver(void)
1006 {
1007 int status;
1008
1009 printk(banner);
1010
1011 status = tty_register_ldisc(N_AX25, &ax_ldisc);
1012 if (status != 0)
1013 printk(msg_regfail, status);
1014
1015 return status;
1016 }
1017
1018 static const char msg_unregfail[] = KERN_ERR \
1019 "mkiss: can't unregister line discipline (err = %d)\n";
1020
mkiss_exit_driver(void)1021 static void __exit mkiss_exit_driver(void)
1022 {
1023 int ret;
1024
1025 if ((ret = tty_unregister_ldisc(N_AX25)))
1026 printk(msg_unregfail, ret);
1027 }
1028
1029 MODULE_AUTHOR("Ralf Baechle DL5RB <ralf@linux-mips.org>");
1030 MODULE_DESCRIPTION("KISS driver for AX.25 over TTYs");
1031 module_param(crc_force, int, 0);
1032 MODULE_PARM_DESC(crc_force, "crc [0 = auto | 1 = none | 2 = flexnet | 3 = smack]");
1033 MODULE_LICENSE("GPL");
1034 MODULE_ALIAS_LDISC(N_AX25);
1035
1036 module_init(mkiss_init_driver);
1037 module_exit(mkiss_exit_driver);
1038