• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * 6pack.c	This module implements the 6pack protocol for kernel-based
3  *		devices like TTY. It interfaces between a raw TTY and the
4  *		kernel's AX.25 protocol layers.
5  *
6  * Authors:	Andreas Könsgen <ajk@comnets.uni-bremen.de>
7  *              Ralf Baechle DL5RB <ralf@linux-mips.org>
8  *
9  * Quite a lot of stuff "stolen" by Joerg Reuter from slip.c, written by
10  *
11  *		Laurence Culhane, <loz@holmes.demon.co.uk>
12  *		Fred N. van Kempen, <waltje@uwalt.nl.mugnet.org>
13  */
14 
15 #include <linux/module.h>
16 #include <asm/uaccess.h>
17 #include <linux/bitops.h>
18 #include <linux/string.h>
19 #include <linux/mm.h>
20 #include <linux/interrupt.h>
21 #include <linux/in.h>
22 #include <linux/tty.h>
23 #include <linux/errno.h>
24 #include <linux/netdevice.h>
25 #include <linux/timer.h>
26 #include <linux/slab.h>
27 #include <net/ax25.h>
28 #include <linux/etherdevice.h>
29 #include <linux/skbuff.h>
30 #include <linux/rtnetlink.h>
31 #include <linux/spinlock.h>
32 #include <linux/if_arp.h>
33 #include <linux/init.h>
34 #include <linux/ip.h>
35 #include <linux/tcp.h>
36 #include <linux/semaphore.h>
37 #include <linux/compat.h>
38 #include <linux/atomic.h>
39 
40 #define SIXPACK_VERSION    "Revision: 0.3.0"
41 
42 /* sixpack priority commands */
43 #define SIXP_SEOF		0x40	/* start and end of a 6pack frame */
44 #define SIXP_TX_URUN		0x48	/* transmit overrun */
45 #define SIXP_RX_ORUN		0x50	/* receive overrun */
46 #define SIXP_RX_BUF_OVL		0x58	/* receive buffer overflow */
47 
48 #define SIXP_CHKSUM		0xFF	/* valid checksum of a 6pack frame */
49 
50 /* masks to get certain bits out of the status bytes sent by the TNC */
51 
52 #define SIXP_CMD_MASK		0xC0
53 #define SIXP_CHN_MASK		0x07
54 #define SIXP_PRIO_CMD_MASK	0x80
55 #define SIXP_STD_CMD_MASK	0x40
56 #define SIXP_PRIO_DATA_MASK	0x38
57 #define SIXP_TX_MASK		0x20
58 #define SIXP_RX_MASK		0x10
59 #define SIXP_RX_DCD_MASK	0x18
60 #define SIXP_LEDS_ON		0x78
61 #define SIXP_LEDS_OFF		0x60
62 #define SIXP_CON		0x08
63 #define SIXP_STA		0x10
64 
65 #define SIXP_FOUND_TNC		0xe9
66 #define SIXP_CON_ON		0x68
67 #define SIXP_DCD_MASK		0x08
68 #define SIXP_DAMA_OFF		0
69 
70 /* default level 2 parameters */
71 #define SIXP_TXDELAY			(HZ/4)	/* in 1 s */
72 #define SIXP_PERSIST			50	/* in 256ths */
73 #define SIXP_SLOTTIME			(HZ/10)	/* in 1 s */
74 #define SIXP_INIT_RESYNC_TIMEOUT	(3*HZ/2) /* in 1 s */
75 #define SIXP_RESYNC_TIMEOUT		5*HZ	/* in 1 s */
76 
77 /* 6pack configuration. */
78 #define SIXP_NRUNIT			31      /* MAX number of 6pack channels */
79 #define SIXP_MTU			256	/* Default MTU */
80 
81 enum sixpack_flags {
82 	SIXPF_ERROR,	/* Parity, etc. error	*/
83 };
84 
85 struct sixpack {
86 	/* Various fields. */
87 	struct tty_struct	*tty;		/* ptr to TTY structure	*/
88 	struct net_device	*dev;		/* easy for intr handling  */
89 
90 	/* These are pointers to the malloc()ed frame buffers. */
91 	unsigned char		*rbuff;		/* receiver buffer	*/
92 	int			rcount;         /* received chars counter  */
93 	unsigned char		*xbuff;		/* transmitter buffer	*/
94 	unsigned char		*xhead;         /* next byte to XMIT */
95 	int			xleft;          /* bytes left in XMIT queue  */
96 
97 	unsigned char		raw_buf[4];
98 	unsigned char		cooked_buf[400];
99 
100 	unsigned int		rx_count;
101 	unsigned int		rx_count_cooked;
102 
103 	int			mtu;		/* Our mtu (to spot changes!) */
104 	int			buffsize;       /* Max buffers sizes */
105 
106 	unsigned long		flags;		/* Flag values/ mode etc */
107 	unsigned char		mode;		/* 6pack mode */
108 
109 	/* 6pack stuff */
110 	unsigned char		tx_delay;
111 	unsigned char		persistence;
112 	unsigned char		slottime;
113 	unsigned char		duplex;
114 	unsigned char		led_state;
115 	unsigned char		status;
116 	unsigned char		status1;
117 	unsigned char		status2;
118 	unsigned char		tx_enable;
119 	unsigned char		tnc_state;
120 
121 	struct timer_list	tx_t;
122 	struct timer_list	resync_t;
123 	atomic_t		refcnt;
124 	struct semaphore	dead_sem;
125 	spinlock_t		lock;
126 };
127 
128 #define AX25_6PACK_HEADER_LEN 0
129 
130 static void sixpack_decode(struct sixpack *, unsigned char[], int);
131 static int encode_sixpack(unsigned char *, unsigned char *, int, unsigned char);
132 
133 /*
134  * Perform the persistence/slottime algorithm for CSMA access. If the
135  * persistence check was successful, write the data to the serial driver.
136  * Note that in case of DAMA operation, the data is not sent here.
137  */
138 
sp_xmit_on_air(unsigned long channel)139 static void sp_xmit_on_air(unsigned long channel)
140 {
141 	struct sixpack *sp = (struct sixpack *) channel;
142 	int actual, when = sp->slottime;
143 	static unsigned char random;
144 
145 	random = random * 17 + 41;
146 
147 	if (((sp->status1 & SIXP_DCD_MASK) == 0) && (random < sp->persistence)) {
148 		sp->led_state = 0x70;
149 		sp->tty->ops->write(sp->tty, &sp->led_state, 1);
150 		sp->tx_enable = 1;
151 		actual = sp->tty->ops->write(sp->tty, sp->xbuff, sp->status2);
152 		sp->xleft -= actual;
153 		sp->xhead += actual;
154 		sp->led_state = 0x60;
155 		sp->tty->ops->write(sp->tty, &sp->led_state, 1);
156 		sp->status2 = 0;
157 	} else
158 		mod_timer(&sp->tx_t, jiffies + ((when + 1) * HZ) / 100);
159 }
160 
161 /* ----> 6pack timer interrupt handler and friends. <---- */
162 
163 /* Encapsulate one AX.25 frame and stuff into a TTY queue. */
sp_encaps(struct sixpack * sp,unsigned char * icp,int len)164 static void sp_encaps(struct sixpack *sp, unsigned char *icp, int len)
165 {
166 	unsigned char *msg, *p = icp;
167 	int actual, count;
168 
169 	if (len > sp->mtu) {	/* sp->mtu = AX25_MTU = max. PACLEN = 256 */
170 		msg = "oversized transmit packet!";
171 		goto out_drop;
172 	}
173 
174 	if (len > sp->mtu) {	/* sp->mtu = AX25_MTU = max. PACLEN = 256 */
175 		msg = "oversized transmit packet!";
176 		goto out_drop;
177 	}
178 
179 	if (p[0] > 5) {
180 		msg = "invalid KISS command";
181 		goto out_drop;
182 	}
183 
184 	if ((p[0] != 0) && (len > 2)) {
185 		msg = "KISS control packet too long";
186 		goto out_drop;
187 	}
188 
189 	if ((p[0] == 0) && (len < 15)) {
190 		msg = "bad AX.25 packet to transmit";
191 		goto out_drop;
192 	}
193 
194 	count = encode_sixpack(p, sp->xbuff, len, sp->tx_delay);
195 	set_bit(TTY_DO_WRITE_WAKEUP, &sp->tty->flags);
196 
197 	switch (p[0]) {
198 	case 1:	sp->tx_delay = p[1];
199 		return;
200 	case 2:	sp->persistence = p[1];
201 		return;
202 	case 3:	sp->slottime = p[1];
203 		return;
204 	case 4:	/* ignored */
205 		return;
206 	case 5:	sp->duplex = p[1];
207 		return;
208 	}
209 
210 	if (p[0] != 0)
211 		return;
212 
213 	/*
214 	 * In case of fullduplex or DAMA operation, we don't take care about the
215 	 * state of the DCD or of any timers, as the determination of the
216 	 * correct time to send is the job of the AX.25 layer. We send
217 	 * immediately after data has arrived.
218 	 */
219 	if (sp->duplex == 1) {
220 		sp->led_state = 0x70;
221 		sp->tty->ops->write(sp->tty, &sp->led_state, 1);
222 		sp->tx_enable = 1;
223 		actual = sp->tty->ops->write(sp->tty, sp->xbuff, count);
224 		sp->xleft = count - actual;
225 		sp->xhead = sp->xbuff + actual;
226 		sp->led_state = 0x60;
227 		sp->tty->ops->write(sp->tty, &sp->led_state, 1);
228 	} else {
229 		sp->xleft = count;
230 		sp->xhead = sp->xbuff;
231 		sp->status2 = count;
232 		sp_xmit_on_air((unsigned long)sp);
233 	}
234 
235 	return;
236 
237 out_drop:
238 	sp->dev->stats.tx_dropped++;
239 	netif_start_queue(sp->dev);
240 	if (net_ratelimit())
241 		printk(KERN_DEBUG "%s: %s - dropped.\n", sp->dev->name, msg);
242 }
243 
244 /* Encapsulate an IP datagram and kick it into a TTY queue. */
245 
sp_xmit(struct sk_buff * skb,struct net_device * dev)246 static netdev_tx_t sp_xmit(struct sk_buff *skb, struct net_device *dev)
247 {
248 	struct sixpack *sp = netdev_priv(dev);
249 
250 	spin_lock_bh(&sp->lock);
251 	/* We were not busy, so we are now... :-) */
252 	netif_stop_queue(dev);
253 	dev->stats.tx_bytes += skb->len;
254 	sp_encaps(sp, skb->data, skb->len);
255 	spin_unlock_bh(&sp->lock);
256 
257 	dev_kfree_skb(skb);
258 
259 	return NETDEV_TX_OK;
260 }
261 
sp_open_dev(struct net_device * dev)262 static int sp_open_dev(struct net_device *dev)
263 {
264 	struct sixpack *sp = netdev_priv(dev);
265 
266 	if (sp->tty == NULL)
267 		return -ENODEV;
268 	return 0;
269 }
270 
271 /* Close the low-level part of the 6pack channel. */
sp_close(struct net_device * dev)272 static int sp_close(struct net_device *dev)
273 {
274 	struct sixpack *sp = netdev_priv(dev);
275 
276 	spin_lock_bh(&sp->lock);
277 	if (sp->tty) {
278 		/* TTY discipline is running. */
279 		clear_bit(TTY_DO_WRITE_WAKEUP, &sp->tty->flags);
280 	}
281 	netif_stop_queue(dev);
282 	spin_unlock_bh(&sp->lock);
283 
284 	return 0;
285 }
286 
287 /* Return the frame type ID */
sp_header(struct sk_buff * skb,struct net_device * dev,unsigned short type,const void * daddr,const void * saddr,unsigned len)288 static int sp_header(struct sk_buff *skb, struct net_device *dev,
289 		     unsigned short type, const void *daddr,
290 		     const void *saddr, unsigned len)
291 {
292 #ifdef CONFIG_INET
293 	if (type != ETH_P_AX25)
294 		return ax25_hard_header(skb, dev, type, daddr, saddr, len);
295 #endif
296 	return 0;
297 }
298 
sp_set_mac_address(struct net_device * dev,void * addr)299 static int sp_set_mac_address(struct net_device *dev, void *addr)
300 {
301 	struct sockaddr_ax25 *sa = addr;
302 
303 	netif_tx_lock_bh(dev);
304 	netif_addr_lock(dev);
305 	memcpy(dev->dev_addr, &sa->sax25_call, AX25_ADDR_LEN);
306 	netif_addr_unlock(dev);
307 	netif_tx_unlock_bh(dev);
308 
309 	return 0;
310 }
311 
sp_rebuild_header(struct sk_buff * skb)312 static int sp_rebuild_header(struct sk_buff *skb)
313 {
314 #ifdef CONFIG_INET
315 	return ax25_rebuild_header(skb);
316 #else
317 	return 0;
318 #endif
319 }
320 
321 static const struct header_ops sp_header_ops = {
322 	.create		= sp_header,
323 	.rebuild	= sp_rebuild_header,
324 };
325 
326 static const struct net_device_ops sp_netdev_ops = {
327 	.ndo_open		= sp_open_dev,
328 	.ndo_stop		= sp_close,
329 	.ndo_start_xmit		= sp_xmit,
330 	.ndo_set_mac_address    = sp_set_mac_address,
331 };
332 
sp_setup(struct net_device * dev)333 static void sp_setup(struct net_device *dev)
334 {
335 	/* Finish setting up the DEVICE info. */
336 	dev->netdev_ops		= &sp_netdev_ops;
337 	dev->destructor		= free_netdev;
338 	dev->mtu		= SIXP_MTU;
339 	dev->hard_header_len	= AX25_MAX_HEADER_LEN;
340 	dev->header_ops 	= &sp_header_ops;
341 
342 	dev->addr_len		= AX25_ADDR_LEN;
343 	dev->type		= ARPHRD_AX25;
344 	dev->tx_queue_len	= 10;
345 
346 	/* Only activated in AX.25 mode */
347 	memcpy(dev->broadcast, &ax25_bcast, AX25_ADDR_LEN);
348 	memcpy(dev->dev_addr, &ax25_defaddr, AX25_ADDR_LEN);
349 
350 	dev->flags		= 0;
351 }
352 
353 /* Send one completely decapsulated IP datagram to the IP layer. */
354 
355 /*
356  * This is the routine that sends the received data to the kernel AX.25.
357  * 'cmd' is the KISS command. For AX.25 data, it is zero.
358  */
359 
sp_bump(struct sixpack * sp,char cmd)360 static void sp_bump(struct sixpack *sp, char cmd)
361 {
362 	struct sk_buff *skb;
363 	int count;
364 	unsigned char *ptr;
365 
366 	count = sp->rcount + 1;
367 
368 	sp->dev->stats.rx_bytes += count;
369 
370 	if ((skb = dev_alloc_skb(count)) == NULL)
371 		goto out_mem;
372 
373 	ptr = skb_put(skb, count);
374 	*ptr++ = cmd;	/* KISS command */
375 
376 	memcpy(ptr, sp->cooked_buf + 1, count);
377 	skb->protocol = ax25_type_trans(skb, sp->dev);
378 	netif_rx(skb);
379 	sp->dev->stats.rx_packets++;
380 
381 	return;
382 
383 out_mem:
384 	sp->dev->stats.rx_dropped++;
385 }
386 
387 
388 /* ----------------------------------------------------------------------- */
389 
390 /*
391  * We have a potential race on dereferencing tty->disc_data, because the tty
392  * layer provides no locking at all - thus one cpu could be running
393  * sixpack_receive_buf while another calls sixpack_close, which zeroes
394  * tty->disc_data and frees the memory that sixpack_receive_buf is using.  The
395  * best way to fix this is to use a rwlock in the tty struct, but for now we
396  * use a single global rwlock for all ttys in ppp line discipline.
397  */
398 static DEFINE_RWLOCK(disc_data_lock);
399 
sp_get(struct tty_struct * tty)400 static struct sixpack *sp_get(struct tty_struct *tty)
401 {
402 	struct sixpack *sp;
403 
404 	read_lock(&disc_data_lock);
405 	sp = tty->disc_data;
406 	if (sp)
407 		atomic_inc(&sp->refcnt);
408 	read_unlock(&disc_data_lock);
409 
410 	return sp;
411 }
412 
sp_put(struct sixpack * sp)413 static void sp_put(struct sixpack *sp)
414 {
415 	if (atomic_dec_and_test(&sp->refcnt))
416 		up(&sp->dead_sem);
417 }
418 
419 /*
420  * Called by the TTY driver when there's room for more data.  If we have
421  * more packets to send, we send them here.
422  */
sixpack_write_wakeup(struct tty_struct * tty)423 static void sixpack_write_wakeup(struct tty_struct *tty)
424 {
425 	struct sixpack *sp = sp_get(tty);
426 	int actual;
427 
428 	if (!sp)
429 		return;
430 	if (sp->xleft <= 0)  {
431 		/* Now serial buffer is almost free & we can start
432 		 * transmission of another packet */
433 		sp->dev->stats.tx_packets++;
434 		clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
435 		sp->tx_enable = 0;
436 		netif_wake_queue(sp->dev);
437 		goto out;
438 	}
439 
440 	if (sp->tx_enable) {
441 		actual = tty->ops->write(tty, sp->xhead, sp->xleft);
442 		sp->xleft -= actual;
443 		sp->xhead += actual;
444 	}
445 
446 out:
447 	sp_put(sp);
448 }
449 
450 /* ----------------------------------------------------------------------- */
451 
452 /*
453  * Handle the 'receiver data ready' interrupt.
454  * This function is called by the 'tty_io' module in the kernel when
455  * a block of 6pack data has been received, which can now be decapsulated
456  * and sent on to some IP layer for further processing.
457  */
sixpack_receive_buf(struct tty_struct * tty,const unsigned char * cp,char * fp,int count)458 static void sixpack_receive_buf(struct tty_struct *tty,
459 	const unsigned char *cp, char *fp, int count)
460 {
461 	struct sixpack *sp;
462 	unsigned char buf[512];
463 	int count1;
464 
465 	if (!count)
466 		return;
467 
468 	sp = sp_get(tty);
469 	if (!sp)
470 		return;
471 
472 	memcpy(buf, cp, count < sizeof(buf) ? count : sizeof(buf));
473 
474 	/* Read the characters out of the buffer */
475 
476 	count1 = count;
477 	while (count) {
478 		count--;
479 		if (fp && *fp++) {
480 			if (!test_and_set_bit(SIXPF_ERROR, &sp->flags))
481 				sp->dev->stats.rx_errors++;
482 			continue;
483 		}
484 	}
485 	sixpack_decode(sp, buf, count1);
486 
487 	sp_put(sp);
488 	tty_unthrottle(tty);
489 }
490 
491 /*
492  * Try to resync the TNC. Called by the resync timer defined in
493  * decode_prio_command
494  */
495 
496 #define TNC_UNINITIALIZED	0
497 #define TNC_UNSYNC_STARTUP	1
498 #define TNC_UNSYNCED		2
499 #define TNC_IN_SYNC		3
500 
__tnc_set_sync_state(struct sixpack * sp,int new_tnc_state)501 static void __tnc_set_sync_state(struct sixpack *sp, int new_tnc_state)
502 {
503 	char *msg;
504 
505 	switch (new_tnc_state) {
506 	default:			/* gcc oh piece-o-crap ... */
507 	case TNC_UNSYNC_STARTUP:
508 		msg = "Synchronizing with TNC";
509 		break;
510 	case TNC_UNSYNCED:
511 		msg = "Lost synchronization with TNC\n";
512 		break;
513 	case TNC_IN_SYNC:
514 		msg = "Found TNC";
515 		break;
516 	}
517 
518 	sp->tnc_state = new_tnc_state;
519 	printk(KERN_INFO "%s: %s\n", sp->dev->name, msg);
520 }
521 
tnc_set_sync_state(struct sixpack * sp,int new_tnc_state)522 static inline void tnc_set_sync_state(struct sixpack *sp, int new_tnc_state)
523 {
524 	int old_tnc_state = sp->tnc_state;
525 
526 	if (old_tnc_state != new_tnc_state)
527 		__tnc_set_sync_state(sp, new_tnc_state);
528 }
529 
resync_tnc(unsigned long channel)530 static void resync_tnc(unsigned long channel)
531 {
532 	struct sixpack *sp = (struct sixpack *) channel;
533 	static char resync_cmd = 0xe8;
534 
535 	/* clear any data that might have been received */
536 
537 	sp->rx_count = 0;
538 	sp->rx_count_cooked = 0;
539 
540 	/* reset state machine */
541 
542 	sp->status = 1;
543 	sp->status1 = 1;
544 	sp->status2 = 0;
545 
546 	/* resync the TNC */
547 
548 	sp->led_state = 0x60;
549 	sp->tty->ops->write(sp->tty, &sp->led_state, 1);
550 	sp->tty->ops->write(sp->tty, &resync_cmd, 1);
551 
552 
553 	/* Start resync timer again -- the TNC might be still absent */
554 
555 	del_timer(&sp->resync_t);
556 	sp->resync_t.data	= (unsigned long) sp;
557 	sp->resync_t.function	= resync_tnc;
558 	sp->resync_t.expires	= jiffies + SIXP_RESYNC_TIMEOUT;
559 	add_timer(&sp->resync_t);
560 }
561 
tnc_init(struct sixpack * sp)562 static inline int tnc_init(struct sixpack *sp)
563 {
564 	unsigned char inbyte = 0xe8;
565 
566 	tnc_set_sync_state(sp, TNC_UNSYNC_STARTUP);
567 
568 	sp->tty->ops->write(sp->tty, &inbyte, 1);
569 
570 	del_timer(&sp->resync_t);
571 	sp->resync_t.data = (unsigned long) sp;
572 	sp->resync_t.function = resync_tnc;
573 	sp->resync_t.expires = jiffies + SIXP_RESYNC_TIMEOUT;
574 	add_timer(&sp->resync_t);
575 
576 	return 0;
577 }
578 
579 /*
580  * Open the high-level part of the 6pack channel.
581  * This function is called by the TTY module when the
582  * 6pack line discipline is called for.  Because we are
583  * sure the tty line exists, we only have to link it to
584  * a free 6pcack channel...
585  */
sixpack_open(struct tty_struct * tty)586 static int sixpack_open(struct tty_struct *tty)
587 {
588 	char *rbuff = NULL, *xbuff = NULL;
589 	struct net_device *dev;
590 	struct sixpack *sp;
591 	unsigned long len;
592 	int err = 0;
593 
594 	if (!capable(CAP_NET_ADMIN))
595 		return -EPERM;
596 	if (tty->ops->write == NULL)
597 		return -EOPNOTSUPP;
598 
599 	dev = alloc_netdev(sizeof(struct sixpack), "sp%d", NET_NAME_UNKNOWN,
600 			   sp_setup);
601 	if (!dev) {
602 		err = -ENOMEM;
603 		goto out;
604 	}
605 
606 	sp = netdev_priv(dev);
607 	sp->dev = dev;
608 
609 	spin_lock_init(&sp->lock);
610 	atomic_set(&sp->refcnt, 1);
611 	sema_init(&sp->dead_sem, 0);
612 
613 	/* !!! length of the buffers. MTU is IP MTU, not PACLEN!  */
614 
615 	len = dev->mtu * 2;
616 
617 	rbuff = kmalloc(len + 4, GFP_KERNEL);
618 	xbuff = kmalloc(len + 4, GFP_KERNEL);
619 
620 	if (rbuff == NULL || xbuff == NULL) {
621 		err = -ENOBUFS;
622 		goto out_free;
623 	}
624 
625 	spin_lock_bh(&sp->lock);
626 
627 	sp->tty = tty;
628 
629 	sp->rbuff	= rbuff;
630 	sp->xbuff	= xbuff;
631 
632 	sp->mtu		= AX25_MTU + 73;
633 	sp->buffsize	= len;
634 	sp->rcount	= 0;
635 	sp->rx_count	= 0;
636 	sp->rx_count_cooked = 0;
637 	sp->xleft	= 0;
638 
639 	sp->flags	= 0;		/* Clear ESCAPE & ERROR flags */
640 
641 	sp->duplex	= 0;
642 	sp->tx_delay    = SIXP_TXDELAY;
643 	sp->persistence = SIXP_PERSIST;
644 	sp->slottime    = SIXP_SLOTTIME;
645 	sp->led_state   = 0x60;
646 	sp->status      = 1;
647 	sp->status1     = 1;
648 	sp->status2     = 0;
649 	sp->tx_enable   = 0;
650 
651 	netif_start_queue(dev);
652 
653 	init_timer(&sp->tx_t);
654 	sp->tx_t.function = sp_xmit_on_air;
655 	sp->tx_t.data = (unsigned long) sp;
656 
657 	init_timer(&sp->resync_t);
658 
659 	spin_unlock_bh(&sp->lock);
660 
661 	/* Done.  We have linked the TTY line to a channel. */
662 	tty->disc_data = sp;
663 	tty->receive_room = 65536;
664 
665 	/* Now we're ready to register. */
666 	err = register_netdev(dev);
667 	if (err)
668 		goto out_free;
669 
670 	tnc_init(sp);
671 
672 	return 0;
673 
674 out_free:
675 	kfree(xbuff);
676 	kfree(rbuff);
677 
678 	if (dev)
679 		free_netdev(dev);
680 
681 out:
682 	return err;
683 }
684 
685 
686 /*
687  * Close down a 6pack channel.
688  * This means flushing out any pending queues, and then restoring the
689  * TTY line discipline to what it was before it got hooked to 6pack
690  * (which usually is TTY again).
691  */
sixpack_close(struct tty_struct * tty)692 static void sixpack_close(struct tty_struct *tty)
693 {
694 	struct sixpack *sp;
695 
696 	write_lock_bh(&disc_data_lock);
697 	sp = tty->disc_data;
698 	tty->disc_data = NULL;
699 	write_unlock_bh(&disc_data_lock);
700 	if (!sp)
701 		return;
702 
703 	/*
704 	 * We have now ensured that nobody can start using ap from now on, but
705 	 * we have to wait for all existing users to finish.
706 	 */
707 	if (!atomic_dec_and_test(&sp->refcnt))
708 		down(&sp->dead_sem);
709 
710 	unregister_netdev(sp->dev);
711 
712 	del_timer(&sp->tx_t);
713 	del_timer(&sp->resync_t);
714 
715 	/* Free all 6pack frame buffers. */
716 	kfree(sp->rbuff);
717 	kfree(sp->xbuff);
718 }
719 
720 /* Perform I/O control on an active 6pack channel. */
sixpack_ioctl(struct tty_struct * tty,struct file * file,unsigned int cmd,unsigned long arg)721 static int sixpack_ioctl(struct tty_struct *tty, struct file *file,
722 	unsigned int cmd, unsigned long arg)
723 {
724 	struct sixpack *sp = sp_get(tty);
725 	struct net_device *dev;
726 	unsigned int tmp, err;
727 
728 	if (!sp)
729 		return -ENXIO;
730 	dev = sp->dev;
731 
732 	switch(cmd) {
733 	case SIOCGIFNAME:
734 		err = copy_to_user((void __user *) arg, dev->name,
735 		                   strlen(dev->name) + 1) ? -EFAULT : 0;
736 		break;
737 
738 	case SIOCGIFENCAP:
739 		err = put_user(0, (int __user *) arg);
740 		break;
741 
742 	case SIOCSIFENCAP:
743 		if (get_user(tmp, (int __user *) arg)) {
744 			err = -EFAULT;
745 			break;
746 		}
747 
748 		sp->mode = tmp;
749 		dev->addr_len        = AX25_ADDR_LEN;
750 		dev->hard_header_len = AX25_KISS_HEADER_LEN +
751 		                       AX25_MAX_HEADER_LEN + 3;
752 		dev->type            = ARPHRD_AX25;
753 
754 		err = 0;
755 		break;
756 
757 	 case SIOCSIFHWADDR: {
758 		char addr[AX25_ADDR_LEN];
759 
760 		if (copy_from_user(&addr,
761 		                   (void __user *) arg, AX25_ADDR_LEN)) {
762 				err = -EFAULT;
763 				break;
764 			}
765 
766 			netif_tx_lock_bh(dev);
767 			memcpy(dev->dev_addr, &addr, AX25_ADDR_LEN);
768 			netif_tx_unlock_bh(dev);
769 
770 			err = 0;
771 			break;
772 		}
773 
774 	default:
775 		err = tty_mode_ioctl(tty, file, cmd, arg);
776 	}
777 
778 	sp_put(sp);
779 
780 	return err;
781 }
782 
783 #ifdef CONFIG_COMPAT
sixpack_compat_ioctl(struct tty_struct * tty,struct file * file,unsigned int cmd,unsigned long arg)784 static long sixpack_compat_ioctl(struct tty_struct * tty, struct file * file,
785 				unsigned int cmd, unsigned long arg)
786 {
787 	switch (cmd) {
788 	case SIOCGIFNAME:
789 	case SIOCGIFENCAP:
790 	case SIOCSIFENCAP:
791 	case SIOCSIFHWADDR:
792 		return sixpack_ioctl(tty, file, cmd,
793 				(unsigned long)compat_ptr(arg));
794 	}
795 
796 	return -ENOIOCTLCMD;
797 }
798 #endif
799 
800 static struct tty_ldisc_ops sp_ldisc = {
801 	.owner		= THIS_MODULE,
802 	.magic		= TTY_LDISC_MAGIC,
803 	.name		= "6pack",
804 	.open		= sixpack_open,
805 	.close		= sixpack_close,
806 	.ioctl		= sixpack_ioctl,
807 #ifdef CONFIG_COMPAT
808 	.compat_ioctl	= sixpack_compat_ioctl,
809 #endif
810 	.receive_buf	= sixpack_receive_buf,
811 	.write_wakeup	= sixpack_write_wakeup,
812 };
813 
814 /* Initialize 6pack control device -- register 6pack line discipline */
815 
816 static const char msg_banner[]  __initconst = KERN_INFO \
817 	"AX.25: 6pack driver, " SIXPACK_VERSION "\n";
818 static const char msg_regfail[] __initconst = KERN_ERR  \
819 	"6pack: can't register line discipline (err = %d)\n";
820 
sixpack_init_driver(void)821 static int __init sixpack_init_driver(void)
822 {
823 	int status;
824 
825 	printk(msg_banner);
826 
827 	/* Register the provided line protocol discipline */
828 	if ((status = tty_register_ldisc(N_6PACK, &sp_ldisc)) != 0)
829 		printk(msg_regfail, status);
830 
831 	return status;
832 }
833 
834 static const char msg_unregfail[] = KERN_ERR \
835 	"6pack: can't unregister line discipline (err = %d)\n";
836 
sixpack_exit_driver(void)837 static void __exit sixpack_exit_driver(void)
838 {
839 	int ret;
840 
841 	if ((ret = tty_unregister_ldisc(N_6PACK)))
842 		printk(msg_unregfail, ret);
843 }
844 
845 /* encode an AX.25 packet into 6pack */
846 
encode_sixpack(unsigned char * tx_buf,unsigned char * tx_buf_raw,int length,unsigned char tx_delay)847 static int encode_sixpack(unsigned char *tx_buf, unsigned char *tx_buf_raw,
848 	int length, unsigned char tx_delay)
849 {
850 	int count = 0;
851 	unsigned char checksum = 0, buf[400];
852 	int raw_count = 0;
853 
854 	tx_buf_raw[raw_count++] = SIXP_PRIO_CMD_MASK | SIXP_TX_MASK;
855 	tx_buf_raw[raw_count++] = SIXP_SEOF;
856 
857 	buf[0] = tx_delay;
858 	for (count = 1; count < length; count++)
859 		buf[count] = tx_buf[count];
860 
861 	for (count = 0; count < length; count++)
862 		checksum += buf[count];
863 	buf[length] = (unsigned char) 0xff - checksum;
864 
865 	for (count = 0; count <= length; count++) {
866 		if ((count % 3) == 0) {
867 			tx_buf_raw[raw_count++] = (buf[count] & 0x3f);
868 			tx_buf_raw[raw_count] = ((buf[count] >> 2) & 0x30);
869 		} else if ((count % 3) == 1) {
870 			tx_buf_raw[raw_count++] |= (buf[count] & 0x0f);
871 			tx_buf_raw[raw_count] =	((buf[count] >> 2) & 0x3c);
872 		} else {
873 			tx_buf_raw[raw_count++] |= (buf[count] & 0x03);
874 			tx_buf_raw[raw_count++] = (buf[count] >> 2);
875 		}
876 	}
877 	if ((length % 3) != 2)
878 		raw_count++;
879 	tx_buf_raw[raw_count++] = SIXP_SEOF;
880 	return raw_count;
881 }
882 
883 /* decode 4 sixpack-encoded bytes into 3 data bytes */
884 
decode_data(struct sixpack * sp,unsigned char inbyte)885 static void decode_data(struct sixpack *sp, unsigned char inbyte)
886 {
887 	unsigned char *buf;
888 
889 	if (sp->rx_count != 3) {
890 		sp->raw_buf[sp->rx_count++] = inbyte;
891 
892 		return;
893 	}
894 
895 	buf = sp->raw_buf;
896 	sp->cooked_buf[sp->rx_count_cooked++] =
897 		buf[0] | ((buf[1] << 2) & 0xc0);
898 	sp->cooked_buf[sp->rx_count_cooked++] =
899 		(buf[1] & 0x0f) | ((buf[2] << 2) & 0xf0);
900 	sp->cooked_buf[sp->rx_count_cooked++] =
901 		(buf[2] & 0x03) | (inbyte << 2);
902 	sp->rx_count = 0;
903 }
904 
905 /* identify and execute a 6pack priority command byte */
906 
decode_prio_command(struct sixpack * sp,unsigned char cmd)907 static void decode_prio_command(struct sixpack *sp, unsigned char cmd)
908 {
909 	unsigned char channel;
910 	int actual;
911 
912 	channel = cmd & SIXP_CHN_MASK;
913 	if ((cmd & SIXP_PRIO_DATA_MASK) != 0) {     /* idle ? */
914 
915 	/* RX and DCD flags can only be set in the same prio command,
916 	   if the DCD flag has been set without the RX flag in the previous
917 	   prio command. If DCD has not been set before, something in the
918 	   transmission has gone wrong. In this case, RX and DCD are
919 	   cleared in order to prevent the decode_data routine from
920 	   reading further data that might be corrupt. */
921 
922 		if (((sp->status & SIXP_DCD_MASK) == 0) &&
923 			((cmd & SIXP_RX_DCD_MASK) == SIXP_RX_DCD_MASK)) {
924 				if (sp->status != 1)
925 					printk(KERN_DEBUG "6pack: protocol violation\n");
926 				else
927 					sp->status = 0;
928 				cmd &= ~SIXP_RX_DCD_MASK;
929 		}
930 		sp->status = cmd & SIXP_PRIO_DATA_MASK;
931 	} else { /* output watchdog char if idle */
932 		if ((sp->status2 != 0) && (sp->duplex == 1)) {
933 			sp->led_state = 0x70;
934 			sp->tty->ops->write(sp->tty, &sp->led_state, 1);
935 			sp->tx_enable = 1;
936 			actual = sp->tty->ops->write(sp->tty, sp->xbuff, sp->status2);
937 			sp->xleft -= actual;
938 			sp->xhead += actual;
939 			sp->led_state = 0x60;
940 			sp->status2 = 0;
941 
942 		}
943 	}
944 
945 	/* needed to trigger the TNC watchdog */
946 	sp->tty->ops->write(sp->tty, &sp->led_state, 1);
947 
948         /* if the state byte has been received, the TNC is present,
949            so the resync timer can be reset. */
950 
951 	if (sp->tnc_state == TNC_IN_SYNC) {
952 		del_timer(&sp->resync_t);
953 		sp->resync_t.data	= (unsigned long) sp;
954 		sp->resync_t.function	= resync_tnc;
955 		sp->resync_t.expires	= jiffies + SIXP_INIT_RESYNC_TIMEOUT;
956 		add_timer(&sp->resync_t);
957 	}
958 
959 	sp->status1 = cmd & SIXP_PRIO_DATA_MASK;
960 }
961 
962 /* identify and execute a standard 6pack command byte */
963 
decode_std_command(struct sixpack * sp,unsigned char cmd)964 static void decode_std_command(struct sixpack *sp, unsigned char cmd)
965 {
966 	unsigned char checksum = 0, rest = 0, channel;
967 	short i;
968 
969 	channel = cmd & SIXP_CHN_MASK;
970 	switch (cmd & SIXP_CMD_MASK) {     /* normal command */
971 	case SIXP_SEOF:
972 		if ((sp->rx_count == 0) && (sp->rx_count_cooked == 0)) {
973 			if ((sp->status & SIXP_RX_DCD_MASK) ==
974 				SIXP_RX_DCD_MASK) {
975 				sp->led_state = 0x68;
976 				sp->tty->ops->write(sp->tty, &sp->led_state, 1);
977 			}
978 		} else {
979 			sp->led_state = 0x60;
980 			/* fill trailing bytes with zeroes */
981 			sp->tty->ops->write(sp->tty, &sp->led_state, 1);
982 			rest = sp->rx_count;
983 			if (rest != 0)
984 				 for (i = rest; i <= 3; i++)
985 					decode_data(sp, 0);
986 			if (rest == 2)
987 				sp->rx_count_cooked -= 2;
988 			else if (rest == 3)
989 				sp->rx_count_cooked -= 1;
990 			for (i = 0; i < sp->rx_count_cooked; i++)
991 				checksum += sp->cooked_buf[i];
992 			if (checksum != SIXP_CHKSUM) {
993 				printk(KERN_DEBUG "6pack: bad checksum %2.2x\n", checksum);
994 			} else {
995 				sp->rcount = sp->rx_count_cooked-2;
996 				sp_bump(sp, 0);
997 			}
998 			sp->rx_count_cooked = 0;
999 		}
1000 		break;
1001 	case SIXP_TX_URUN: printk(KERN_DEBUG "6pack: TX underrun\n");
1002 		break;
1003 	case SIXP_RX_ORUN: printk(KERN_DEBUG "6pack: RX overrun\n");
1004 		break;
1005 	case SIXP_RX_BUF_OVL:
1006 		printk(KERN_DEBUG "6pack: RX buffer overflow\n");
1007 	}
1008 }
1009 
1010 /* decode a 6pack packet */
1011 
1012 static void
sixpack_decode(struct sixpack * sp,unsigned char * pre_rbuff,int count)1013 sixpack_decode(struct sixpack *sp, unsigned char *pre_rbuff, int count)
1014 {
1015 	unsigned char inbyte;
1016 	int count1;
1017 
1018 	for (count1 = 0; count1 < count; count1++) {
1019 		inbyte = pre_rbuff[count1];
1020 		if (inbyte == SIXP_FOUND_TNC) {
1021 			tnc_set_sync_state(sp, TNC_IN_SYNC);
1022 			del_timer(&sp->resync_t);
1023 		}
1024 		if ((inbyte & SIXP_PRIO_CMD_MASK) != 0)
1025 			decode_prio_command(sp, inbyte);
1026 		else if ((inbyte & SIXP_STD_CMD_MASK) != 0)
1027 			decode_std_command(sp, inbyte);
1028 		else if ((sp->status & SIXP_RX_DCD_MASK) == SIXP_RX_DCD_MASK)
1029 			decode_data(sp, inbyte);
1030 	}
1031 }
1032 
1033 MODULE_AUTHOR("Ralf Baechle DO1GRB <ralf@linux-mips.org>");
1034 MODULE_DESCRIPTION("6pack driver for AX.25");
1035 MODULE_LICENSE("GPL");
1036 MODULE_ALIAS_LDISC(N_6PACK);
1037 
1038 module_init(sixpack_init_driver);
1039 module_exit(sixpack_exit_driver);
1040