1 /* 2 * This program is free software; you can distribute it and/or modify it 3 * under the terms of the GNU General Public License (Version 2) as 4 * published by the Free Software Foundation. 5 * 6 * This program is distributed in the hope it will be useful, but WITHOUT 7 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 8 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 9 * for more details. 10 * 11 * You should have received a copy of the GNU General Public License along 12 * with this program; if not, see <http://www.gnu.org/licenses/>. 13 * 14 * Copyright (C) Hans Alblas PE1AYX <hans@esrac.ele.tue.nl> 15 * Copyright (C) 2004, 05 Ralf Baechle DL5RB <ralf@linux-mips.org> 16 * Copyright (C) 2004, 05 Thomas Osterried DL9SAU <thomas@x-berg.in-berlin.de> 17 */ 18 #include <linux/module.h> 19 #include <linux/bitops.h> 20 #include <linux/uaccess.h> 21 #include <linux/crc16.h> 22 #include <linux/string.h> 23 #include <linux/mm.h> 24 #include <linux/interrupt.h> 25 #include <linux/in.h> 26 #include <linux/inet.h> 27 #include <linux/slab.h> 28 #include <linux/tty.h> 29 #include <linux/errno.h> 30 #include <linux/netdevice.h> 31 #include <linux/major.h> 32 #include <linux/init.h> 33 #include <linux/rtnetlink.h> 34 #include <linux/etherdevice.h> 35 #include <linux/skbuff.h> 36 #include <linux/if_arp.h> 37 #include <linux/jiffies.h> 38 #include <linux/compat.h> 39 40 #include <net/ax25.h> 41 42 #define AX_MTU 236 43 44 /* SLIP/KISS protocol characters. */ 45 #define END 0300 /* indicates end of frame */ 46 #define ESC 0333 /* indicates byte stuffing */ 47 #define ESC_END 0334 /* ESC ESC_END means END 'data' */ 48 #define ESC_ESC 0335 /* ESC ESC_ESC means ESC 'data' */ 49 50 struct mkiss { 51 struct tty_struct *tty; /* ptr to TTY structure */ 52 struct net_device *dev; /* easy for intr handling */ 53 54 /* These are pointers to the malloc()ed frame buffers. */ 55 spinlock_t buflock;/* lock for rbuf and xbuf */ 56 unsigned char *rbuff; /* receiver buffer */ 57 int rcount; /* received chars counter */ 58 unsigned char *xbuff; /* transmitter buffer */ 59 unsigned char *xhead; /* pointer to next byte to XMIT */ 60 int xleft; /* bytes left in XMIT queue */ 61 62 /* Detailed SLIP statistics. */ 63 int mtu; /* Our mtu (to spot changes!) */ 64 int buffsize; /* Max buffers sizes */ 65 66 unsigned long flags; /* Flag values/ mode etc */ 67 /* long req'd: used by set_bit --RR */ 68 #define AXF_INUSE 0 /* Channel in use */ 69 #define AXF_ESCAPE 1 /* ESC received */ 70 #define AXF_ERROR 2 /* Parity, etc. error */ 71 #define AXF_KEEPTEST 3 /* Keepalive test flag */ 72 #define AXF_OUTWAIT 4 /* is outpacket was flag */ 73 74 int mode; 75 int crcmode; /* MW: for FlexNet, SMACK etc. */ 76 int crcauto; /* CRC auto mode */ 77 78 #define CRC_MODE_NONE 0 79 #define CRC_MODE_FLEX 1 80 #define CRC_MODE_SMACK 2 81 #define CRC_MODE_FLEX_TEST 3 82 #define CRC_MODE_SMACK_TEST 4 83 84 atomic_t refcnt; 85 struct semaphore dead_sem; 86 }; 87 88 /*---------------------------------------------------------------------------*/ 89 90 static const unsigned short crc_flex_table[] = { 91 0x0f87, 0x1e0e, 0x2c95, 0x3d1c, 0x49a3, 0x582a, 0x6ab1, 0x7b38, 92 0x83cf, 0x9246, 0xa0dd, 0xb154, 0xc5eb, 0xd462, 0xe6f9, 0xf770, 93 0x1f06, 0x0e8f, 0x3c14, 0x2d9d, 0x5922, 0x48ab, 0x7a30, 0x6bb9, 94 0x934e, 0x82c7, 0xb05c, 0xa1d5, 0xd56a, 0xc4e3, 0xf678, 0xe7f1, 95 0x2e85, 0x3f0c, 0x0d97, 0x1c1e, 0x68a1, 0x7928, 0x4bb3, 0x5a3a, 96 0xa2cd, 0xb344, 0x81df, 0x9056, 0xe4e9, 0xf560, 0xc7fb, 0xd672, 97 0x3e04, 0x2f8d, 0x1d16, 0x0c9f, 0x7820, 0x69a9, 0x5b32, 0x4abb, 98 0xb24c, 0xa3c5, 0x915e, 0x80d7, 0xf468, 0xe5e1, 0xd77a, 0xc6f3, 99 0x4d83, 0x5c0a, 0x6e91, 0x7f18, 0x0ba7, 0x1a2e, 0x28b5, 0x393c, 100 0xc1cb, 0xd042, 0xe2d9, 0xf350, 0x87ef, 0x9666, 0xa4fd, 0xb574, 101 0x5d02, 0x4c8b, 0x7e10, 0x6f99, 0x1b26, 0x0aaf, 0x3834, 0x29bd, 102 0xd14a, 0xc0c3, 0xf258, 0xe3d1, 0x976e, 0x86e7, 0xb47c, 0xa5f5, 103 0x6c81, 0x7d08, 0x4f93, 0x5e1a, 0x2aa5, 0x3b2c, 0x09b7, 0x183e, 104 0xe0c9, 0xf140, 0xc3db, 0xd252, 0xa6ed, 0xb764, 0x85ff, 0x9476, 105 0x7c00, 0x6d89, 0x5f12, 0x4e9b, 0x3a24, 0x2bad, 0x1936, 0x08bf, 106 0xf048, 0xe1c1, 0xd35a, 0xc2d3, 0xb66c, 0xa7e5, 0x957e, 0x84f7, 107 0x8b8f, 0x9a06, 0xa89d, 0xb914, 0xcdab, 0xdc22, 0xeeb9, 0xff30, 108 0x07c7, 0x164e, 0x24d5, 0x355c, 0x41e3, 0x506a, 0x62f1, 0x7378, 109 0x9b0e, 0x8a87, 0xb81c, 0xa995, 0xdd2a, 0xcca3, 0xfe38, 0xefb1, 110 0x1746, 0x06cf, 0x3454, 0x25dd, 0x5162, 0x40eb, 0x7270, 0x63f9, 111 0xaa8d, 0xbb04, 0x899f, 0x9816, 0xeca9, 0xfd20, 0xcfbb, 0xde32, 112 0x26c5, 0x374c, 0x05d7, 0x145e, 0x60e1, 0x7168, 0x43f3, 0x527a, 113 0xba0c, 0xab85, 0x991e, 0x8897, 0xfc28, 0xeda1, 0xdf3a, 0xceb3, 114 0x3644, 0x27cd, 0x1556, 0x04df, 0x7060, 0x61e9, 0x5372, 0x42fb, 115 0xc98b, 0xd802, 0xea99, 0xfb10, 0x8faf, 0x9e26, 0xacbd, 0xbd34, 116 0x45c3, 0x544a, 0x66d1, 0x7758, 0x03e7, 0x126e, 0x20f5, 0x317c, 117 0xd90a, 0xc883, 0xfa18, 0xeb91, 0x9f2e, 0x8ea7, 0xbc3c, 0xadb5, 118 0x5542, 0x44cb, 0x7650, 0x67d9, 0x1366, 0x02ef, 0x3074, 0x21fd, 119 0xe889, 0xf900, 0xcb9b, 0xda12, 0xaead, 0xbf24, 0x8dbf, 0x9c36, 120 0x64c1, 0x7548, 0x47d3, 0x565a, 0x22e5, 0x336c, 0x01f7, 0x107e, 121 0xf808, 0xe981, 0xdb1a, 0xca93, 0xbe2c, 0xafa5, 0x9d3e, 0x8cb7, 122 0x7440, 0x65c9, 0x5752, 0x46db, 0x3264, 0x23ed, 0x1176, 0x00ff 123 }; 124 125 static unsigned short calc_crc_flex(unsigned char *cp, int size) 126 { 127 unsigned short crc = 0xffff; 128 129 while (size--) 130 crc = (crc << 8) ^ crc_flex_table[((crc >> 8) ^ *cp++) & 0xff]; 131 132 return crc; 133 } 134 135 static int check_crc_flex(unsigned char *cp, int size) 136 { 137 unsigned short crc = 0xffff; 138 139 if (size < 3) 140 return -1; 141 142 while (size--) 143 crc = (crc << 8) ^ crc_flex_table[((crc >> 8) ^ *cp++) & 0xff]; 144 145 if ((crc & 0xffff) != 0x7070) 146 return -1; 147 148 return 0; 149 } 150 151 static int check_crc_16(unsigned char *cp, int size) 152 { 153 unsigned short crc = 0x0000; 154 155 if (size < 3) 156 return -1; 157 158 crc = crc16(0, cp, size); 159 160 if (crc != 0x0000) 161 return -1; 162 163 return 0; 164 } 165 166 /* 167 * Standard encapsulation 168 */ 169 170 static int kiss_esc(unsigned char *s, unsigned char *d, int len) 171 { 172 unsigned char *ptr = d; 173 unsigned char c; 174 175 /* 176 * Send an initial END character to flush out any data that may have 177 * accumulated in the receiver due to line noise. 178 */ 179 180 *ptr++ = END; 181 182 while (len-- > 0) { 183 switch (c = *s++) { 184 case END: 185 *ptr++ = ESC; 186 *ptr++ = ESC_END; 187 break; 188 case ESC: 189 *ptr++ = ESC; 190 *ptr++ = ESC_ESC; 191 break; 192 default: 193 *ptr++ = c; 194 break; 195 } 196 } 197 198 *ptr++ = END; 199 200 return ptr - d; 201 } 202 203 /* 204 * MW: 205 * OK its ugly, but tell me a better solution without copying the 206 * packet to a temporary buffer :-) 207 */ 208 static int kiss_esc_crc(unsigned char *s, unsigned char *d, unsigned short crc, 209 int len) 210 { 211 unsigned char *ptr = d; 212 unsigned char c=0; 213 214 *ptr++ = END; 215 while (len > 0) { 216 if (len > 2) 217 c = *s++; 218 else if (len > 1) 219 c = crc >> 8; 220 else if (len > 0) 221 c = crc & 0xff; 222 223 len--; 224 225 switch (c) { 226 case END: 227 *ptr++ = ESC; 228 *ptr++ = ESC_END; 229 break; 230 case ESC: 231 *ptr++ = ESC; 232 *ptr++ = ESC_ESC; 233 break; 234 default: 235 *ptr++ = c; 236 break; 237 } 238 } 239 *ptr++ = END; 240 241 return ptr - d; 242 } 243 244 /* Send one completely decapsulated AX.25 packet to the AX.25 layer. */ 245 static void ax_bump(struct mkiss *ax) 246 { 247 struct sk_buff *skb; 248 int count; 249 250 spin_lock_bh(&ax->buflock); 251 if (ax->rbuff[0] > 0x0f) { 252 if (ax->rbuff[0] & 0x80) { 253 if (check_crc_16(ax->rbuff, ax->rcount) < 0) { 254 ax->dev->stats.rx_errors++; 255 spin_unlock_bh(&ax->buflock); 256 257 return; 258 } 259 if (ax->crcmode != CRC_MODE_SMACK && ax->crcauto) { 260 printk(KERN_INFO 261 "mkiss: %s: Switching to crc-smack\n", 262 ax->dev->name); 263 ax->crcmode = CRC_MODE_SMACK; 264 } 265 ax->rcount -= 2; 266 *ax->rbuff &= ~0x80; 267 } else if (ax->rbuff[0] & 0x20) { 268 if (check_crc_flex(ax->rbuff, ax->rcount) < 0) { 269 ax->dev->stats.rx_errors++; 270 spin_unlock_bh(&ax->buflock); 271 return; 272 } 273 if (ax->crcmode != CRC_MODE_FLEX && ax->crcauto) { 274 printk(KERN_INFO 275 "mkiss: %s: Switching to crc-flexnet\n", 276 ax->dev->name); 277 ax->crcmode = CRC_MODE_FLEX; 278 } 279 ax->rcount -= 2; 280 281 /* 282 * dl9sau bugfix: the trailling two bytes flexnet crc 283 * will not be passed to the kernel. thus we have to 284 * correct the kissparm signature, because it indicates 285 * a crc but there's none 286 */ 287 *ax->rbuff &= ~0x20; 288 } 289 } 290 291 count = ax->rcount; 292 293 if ((skb = dev_alloc_skb(count)) == NULL) { 294 printk(KERN_ERR "mkiss: %s: memory squeeze, dropping packet.\n", 295 ax->dev->name); 296 ax->dev->stats.rx_dropped++; 297 spin_unlock_bh(&ax->buflock); 298 return; 299 } 300 301 skb_put_data(skb, ax->rbuff, count); 302 skb->protocol = ax25_type_trans(skb, ax->dev); 303 netif_rx(skb); 304 ax->dev->stats.rx_packets++; 305 ax->dev->stats.rx_bytes += count; 306 spin_unlock_bh(&ax->buflock); 307 } 308 309 static void kiss_unesc(struct mkiss *ax, unsigned char s) 310 { 311 switch (s) { 312 case END: 313 /* drop keeptest bit = VSV */ 314 if (test_bit(AXF_KEEPTEST, &ax->flags)) 315 clear_bit(AXF_KEEPTEST, &ax->flags); 316 317 if (!test_and_clear_bit(AXF_ERROR, &ax->flags) && (ax->rcount > 2)) 318 ax_bump(ax); 319 320 clear_bit(AXF_ESCAPE, &ax->flags); 321 ax->rcount = 0; 322 return; 323 324 case ESC: 325 set_bit(AXF_ESCAPE, &ax->flags); 326 return; 327 case ESC_ESC: 328 if (test_and_clear_bit(AXF_ESCAPE, &ax->flags)) 329 s = ESC; 330 break; 331 case ESC_END: 332 if (test_and_clear_bit(AXF_ESCAPE, &ax->flags)) 333 s = END; 334 break; 335 } 336 337 spin_lock_bh(&ax->buflock); 338 if (!test_bit(AXF_ERROR, &ax->flags)) { 339 if (ax->rcount < ax->buffsize) { 340 ax->rbuff[ax->rcount++] = s; 341 spin_unlock_bh(&ax->buflock); 342 return; 343 } 344 345 ax->dev->stats.rx_over_errors++; 346 set_bit(AXF_ERROR, &ax->flags); 347 } 348 spin_unlock_bh(&ax->buflock); 349 } 350 351 static int ax_set_mac_address(struct net_device *dev, void *addr) 352 { 353 struct sockaddr_ax25 *sa = addr; 354 355 netif_tx_lock_bh(dev); 356 netif_addr_lock(dev); 357 memcpy(dev->dev_addr, &sa->sax25_call, AX25_ADDR_LEN); 358 netif_addr_unlock(dev); 359 netif_tx_unlock_bh(dev); 360 361 return 0; 362 } 363 364 /*---------------------------------------------------------------------------*/ 365 366 static void ax_changedmtu(struct mkiss *ax) 367 { 368 struct net_device *dev = ax->dev; 369 unsigned char *xbuff, *rbuff, *oxbuff, *orbuff; 370 int len; 371 372 len = dev->mtu * 2; 373 374 /* 375 * allow for arrival of larger UDP packets, even if we say not to 376 * also fixes a bug in which SunOS sends 512-byte packets even with 377 * an MSS of 128 378 */ 379 if (len < 576 * 2) 380 len = 576 * 2; 381 382 xbuff = kmalloc(len + 4, GFP_ATOMIC); 383 rbuff = kmalloc(len + 4, GFP_ATOMIC); 384 385 if (xbuff == NULL || rbuff == NULL) { 386 printk(KERN_ERR "mkiss: %s: unable to grow ax25 buffers, " 387 "MTU change cancelled.\n", 388 ax->dev->name); 389 dev->mtu = ax->mtu; 390 kfree(xbuff); 391 kfree(rbuff); 392 return; 393 } 394 395 spin_lock_bh(&ax->buflock); 396 397 oxbuff = ax->xbuff; 398 ax->xbuff = xbuff; 399 orbuff = ax->rbuff; 400 ax->rbuff = rbuff; 401 402 if (ax->xleft) { 403 if (ax->xleft <= len) { 404 memcpy(ax->xbuff, ax->xhead, ax->xleft); 405 } else { 406 ax->xleft = 0; 407 dev->stats.tx_dropped++; 408 } 409 } 410 411 ax->xhead = ax->xbuff; 412 413 if (ax->rcount) { 414 if (ax->rcount <= len) { 415 memcpy(ax->rbuff, orbuff, ax->rcount); 416 } else { 417 ax->rcount = 0; 418 dev->stats.rx_over_errors++; 419 set_bit(AXF_ERROR, &ax->flags); 420 } 421 } 422 423 ax->mtu = dev->mtu + 73; 424 ax->buffsize = len; 425 426 spin_unlock_bh(&ax->buflock); 427 428 kfree(oxbuff); 429 kfree(orbuff); 430 } 431 432 /* Encapsulate one AX.25 packet and stuff into a TTY queue. */ 433 static void ax_encaps(struct net_device *dev, unsigned char *icp, int len) 434 { 435 struct mkiss *ax = netdev_priv(dev); 436 unsigned char *p; 437 int actual, count; 438 439 if (ax->mtu != ax->dev->mtu + 73) /* Someone has been ifconfigging */ 440 ax_changedmtu(ax); 441 442 if (len > ax->mtu) { /* Sigh, shouldn't occur BUT ... */ 443 len = ax->mtu; 444 printk(KERN_ERR "mkiss: %s: truncating oversized transmit packet!\n", ax->dev->name); 445 dev->stats.tx_dropped++; 446 netif_start_queue(dev); 447 return; 448 } 449 450 p = icp; 451 452 spin_lock_bh(&ax->buflock); 453 if ((*p & 0x0f) != 0) { 454 /* Configuration Command (kissparms(1). 455 * Protocol spec says: never append CRC. 456 * This fixes a very old bug in the linux 457 * kiss driver. -- dl9sau */ 458 switch (*p & 0xff) { 459 case 0x85: 460 /* command from userspace especially for us, 461 * not for delivery to the tnc */ 462 if (len > 1) { 463 int cmd = (p[1] & 0xff); 464 switch(cmd) { 465 case 3: 466 ax->crcmode = CRC_MODE_SMACK; 467 break; 468 case 2: 469 ax->crcmode = CRC_MODE_FLEX; 470 break; 471 case 1: 472 ax->crcmode = CRC_MODE_NONE; 473 break; 474 case 0: 475 default: 476 ax->crcmode = CRC_MODE_SMACK_TEST; 477 cmd = 0; 478 } 479 ax->crcauto = (cmd ? 0 : 1); 480 printk(KERN_INFO "mkiss: %s: crc mode set to %d\n", 481 ax->dev->name, cmd); 482 } 483 spin_unlock_bh(&ax->buflock); 484 netif_start_queue(dev); 485 486 return; 487 default: 488 count = kiss_esc(p, ax->xbuff, len); 489 } 490 } else { 491 unsigned short crc; 492 switch (ax->crcmode) { 493 case CRC_MODE_SMACK_TEST: 494 ax->crcmode = CRC_MODE_FLEX_TEST; 495 printk(KERN_INFO "mkiss: %s: Trying crc-smack\n", ax->dev->name); 496 // fall through 497 case CRC_MODE_SMACK: 498 *p |= 0x80; 499 crc = swab16(crc16(0, p, len)); 500 count = kiss_esc_crc(p, ax->xbuff, crc, len+2); 501 break; 502 case CRC_MODE_FLEX_TEST: 503 ax->crcmode = CRC_MODE_NONE; 504 printk(KERN_INFO "mkiss: %s: Trying crc-flexnet\n", ax->dev->name); 505 // fall through 506 case CRC_MODE_FLEX: 507 *p |= 0x20; 508 crc = calc_crc_flex(p, len); 509 count = kiss_esc_crc(p, ax->xbuff, crc, len+2); 510 break; 511 512 default: 513 count = kiss_esc(p, ax->xbuff, len); 514 } 515 } 516 spin_unlock_bh(&ax->buflock); 517 518 set_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags); 519 actual = ax->tty->ops->write(ax->tty, ax->xbuff, count); 520 dev->stats.tx_packets++; 521 dev->stats.tx_bytes += actual; 522 523 netif_trans_update(ax->dev); 524 ax->xleft = count - actual; 525 ax->xhead = ax->xbuff + actual; 526 } 527 528 /* Encapsulate an AX.25 packet and kick it into a TTY queue. */ 529 static netdev_tx_t ax_xmit(struct sk_buff *skb, struct net_device *dev) 530 { 531 struct mkiss *ax = netdev_priv(dev); 532 533 if (skb->protocol == htons(ETH_P_IP)) 534 return ax25_ip_xmit(skb); 535 536 if (!netif_running(dev)) { 537 printk(KERN_ERR "mkiss: %s: xmit call when iface is down\n", dev->name); 538 return NETDEV_TX_BUSY; 539 } 540 541 if (netif_queue_stopped(dev)) { 542 /* 543 * May be we must check transmitter timeout here ? 544 * 14 Oct 1994 Dmitry Gorodchanin. 545 */ 546 if (time_before(jiffies, dev_trans_start(dev) + 20 * HZ)) { 547 /* 20 sec timeout not reached */ 548 return NETDEV_TX_BUSY; 549 } 550 551 printk(KERN_ERR "mkiss: %s: transmit timed out, %s?\n", dev->name, 552 (tty_chars_in_buffer(ax->tty) || ax->xleft) ? 553 "bad line quality" : "driver error"); 554 555 ax->xleft = 0; 556 clear_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags); 557 netif_start_queue(dev); 558 } 559 560 /* We were not busy, so we are now... :-) */ 561 netif_stop_queue(dev); 562 ax_encaps(dev, skb->data, skb->len); 563 kfree_skb(skb); 564 565 return NETDEV_TX_OK; 566 } 567 568 static int ax_open_dev(struct net_device *dev) 569 { 570 struct mkiss *ax = netdev_priv(dev); 571 572 if (ax->tty == NULL) 573 return -ENODEV; 574 575 return 0; 576 } 577 578 /* Open the low-level part of the AX25 channel. Easy! */ 579 static int ax_open(struct net_device *dev) 580 { 581 struct mkiss *ax = netdev_priv(dev); 582 unsigned long len; 583 584 if (ax->tty == NULL) 585 return -ENODEV; 586 587 /* 588 * Allocate the frame buffers: 589 * 590 * rbuff Receive buffer. 591 * xbuff Transmit buffer. 592 */ 593 len = dev->mtu * 2; 594 595 /* 596 * allow for arrival of larger UDP packets, even if we say not to 597 * also fixes a bug in which SunOS sends 512-byte packets even with 598 * an MSS of 128 599 */ 600 if (len < 576 * 2) 601 len = 576 * 2; 602 603 if ((ax->rbuff = kmalloc(len + 4, GFP_KERNEL)) == NULL) 604 goto norbuff; 605 606 if ((ax->xbuff = kmalloc(len + 4, GFP_KERNEL)) == NULL) 607 goto noxbuff; 608 609 ax->mtu = dev->mtu + 73; 610 ax->buffsize = len; 611 ax->rcount = 0; 612 ax->xleft = 0; 613 614 ax->flags &= (1 << AXF_INUSE); /* Clear ESCAPE & ERROR flags */ 615 616 spin_lock_init(&ax->buflock); 617 618 return 0; 619 620 noxbuff: 621 kfree(ax->rbuff); 622 623 norbuff: 624 return -ENOMEM; 625 } 626 627 628 /* Close the low-level part of the AX25 channel. Easy! */ 629 static int ax_close(struct net_device *dev) 630 { 631 struct mkiss *ax = netdev_priv(dev); 632 633 if (ax->tty) 634 clear_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags); 635 636 netif_stop_queue(dev); 637 638 return 0; 639 } 640 641 static const struct net_device_ops ax_netdev_ops = { 642 .ndo_open = ax_open_dev, 643 .ndo_stop = ax_close, 644 .ndo_start_xmit = ax_xmit, 645 .ndo_set_mac_address = ax_set_mac_address, 646 }; 647 648 static void ax_setup(struct net_device *dev) 649 { 650 /* Finish setting up the DEVICE info. */ 651 dev->mtu = AX_MTU; 652 dev->hard_header_len = AX25_MAX_HEADER_LEN; 653 dev->addr_len = AX25_ADDR_LEN; 654 dev->type = ARPHRD_AX25; 655 dev->tx_queue_len = 10; 656 dev->header_ops = &ax25_header_ops; 657 dev->netdev_ops = &ax_netdev_ops; 658 659 660 memcpy(dev->broadcast, &ax25_bcast, AX25_ADDR_LEN); 661 memcpy(dev->dev_addr, &ax25_defaddr, AX25_ADDR_LEN); 662 663 dev->flags = IFF_BROADCAST | IFF_MULTICAST; 664 } 665 666 /* 667 * We have a potential race on dereferencing tty->disc_data, because the tty 668 * layer provides no locking at all - thus one cpu could be running 669 * sixpack_receive_buf while another calls sixpack_close, which zeroes 670 * tty->disc_data and frees the memory that sixpack_receive_buf is using. The 671 * best way to fix this is to use a rwlock in the tty struct, but for now we 672 * use a single global rwlock for all ttys in ppp line discipline. 673 */ 674 static DEFINE_RWLOCK(disc_data_lock); 675 676 static struct mkiss *mkiss_get(struct tty_struct *tty) 677 { 678 struct mkiss *ax; 679 680 read_lock(&disc_data_lock); 681 ax = tty->disc_data; 682 if (ax) 683 atomic_inc(&ax->refcnt); 684 read_unlock(&disc_data_lock); 685 686 return ax; 687 } 688 689 static void mkiss_put(struct mkiss *ax) 690 { 691 if (atomic_dec_and_test(&ax->refcnt)) 692 up(&ax->dead_sem); 693 } 694 695 static int crc_force = 0; /* Can be overridden with insmod */ 696 697 static int mkiss_open(struct tty_struct *tty) 698 { 699 struct net_device *dev; 700 struct mkiss *ax; 701 int err; 702 703 if (!capable(CAP_NET_ADMIN)) 704 return -EPERM; 705 if (tty->ops->write == NULL) 706 return -EOPNOTSUPP; 707 708 dev = alloc_netdev(sizeof(struct mkiss), "ax%d", NET_NAME_UNKNOWN, 709 ax_setup); 710 if (!dev) { 711 err = -ENOMEM; 712 goto out; 713 } 714 715 ax = netdev_priv(dev); 716 ax->dev = dev; 717 718 spin_lock_init(&ax->buflock); 719 atomic_set(&ax->refcnt, 1); 720 sema_init(&ax->dead_sem, 0); 721 722 ax->tty = tty; 723 tty->disc_data = ax; 724 tty->receive_room = 65535; 725 726 tty_driver_flush_buffer(tty); 727 728 /* Restore default settings */ 729 dev->type = ARPHRD_AX25; 730 731 /* Perform the low-level AX25 initialization. */ 732 err = ax_open(ax->dev); 733 if (err) 734 goto out_free_netdev; 735 736 err = register_netdev(dev); 737 if (err) 738 goto out_free_buffers; 739 740 /* after register_netdev() - because else printk smashes the kernel */ 741 switch (crc_force) { 742 case 3: 743 ax->crcmode = CRC_MODE_SMACK; 744 printk(KERN_INFO "mkiss: %s: crc mode smack forced.\n", 745 ax->dev->name); 746 break; 747 case 2: 748 ax->crcmode = CRC_MODE_FLEX; 749 printk(KERN_INFO "mkiss: %s: crc mode flexnet forced.\n", 750 ax->dev->name); 751 break; 752 case 1: 753 ax->crcmode = CRC_MODE_NONE; 754 printk(KERN_INFO "mkiss: %s: crc mode disabled.\n", 755 ax->dev->name); 756 break; 757 case 0: 758 /* fall through */ 759 default: 760 crc_force = 0; 761 printk(KERN_INFO "mkiss: %s: crc mode is auto.\n", 762 ax->dev->name); 763 ax->crcmode = CRC_MODE_SMACK_TEST; 764 } 765 ax->crcauto = (crc_force ? 0 : 1); 766 767 netif_start_queue(dev); 768 769 /* Done. We have linked the TTY line to a channel. */ 770 return 0; 771 772 out_free_buffers: 773 kfree(ax->rbuff); 774 kfree(ax->xbuff); 775 776 out_free_netdev: 777 free_netdev(dev); 778 779 out: 780 return err; 781 } 782 783 static void mkiss_close(struct tty_struct *tty) 784 { 785 struct mkiss *ax; 786 787 write_lock_bh(&disc_data_lock); 788 ax = tty->disc_data; 789 tty->disc_data = NULL; 790 write_unlock_bh(&disc_data_lock); 791 792 if (!ax) 793 return; 794 795 /* 796 * We have now ensured that nobody can start using ap from now on, but 797 * we have to wait for all existing users to finish. 798 */ 799 if (!atomic_dec_and_test(&ax->refcnt)) 800 down(&ax->dead_sem); 801 /* 802 * Halt the transmit queue so that a new transmit cannot scribble 803 * on our buffers 804 */ 805 netif_stop_queue(ax->dev); 806 807 /* Free all AX25 frame buffers. */ 808 kfree(ax->rbuff); 809 kfree(ax->xbuff); 810 811 ax->tty = NULL; 812 813 unregister_netdev(ax->dev); 814 } 815 816 /* Perform I/O control on an active ax25 channel. */ 817 static int mkiss_ioctl(struct tty_struct *tty, struct file *file, 818 unsigned int cmd, unsigned long arg) 819 { 820 struct mkiss *ax = mkiss_get(tty); 821 struct net_device *dev; 822 unsigned int tmp, err; 823 824 /* First make sure we're connected. */ 825 if (ax == NULL) 826 return -ENXIO; 827 dev = ax->dev; 828 829 switch (cmd) { 830 case SIOCGIFNAME: 831 err = copy_to_user((void __user *) arg, ax->dev->name, 832 strlen(ax->dev->name) + 1) ? -EFAULT : 0; 833 break; 834 835 case SIOCGIFENCAP: 836 err = put_user(4, (int __user *) arg); 837 break; 838 839 case SIOCSIFENCAP: 840 if (get_user(tmp, (int __user *) arg)) { 841 err = -EFAULT; 842 break; 843 } 844 845 ax->mode = tmp; 846 dev->addr_len = AX25_ADDR_LEN; 847 dev->hard_header_len = AX25_KISS_HEADER_LEN + 848 AX25_MAX_HEADER_LEN + 3; 849 dev->type = ARPHRD_AX25; 850 851 err = 0; 852 break; 853 854 case SIOCSIFHWADDR: { 855 char addr[AX25_ADDR_LEN]; 856 857 if (copy_from_user(&addr, 858 (void __user *) arg, AX25_ADDR_LEN)) { 859 err = -EFAULT; 860 break; 861 } 862 863 netif_tx_lock_bh(dev); 864 memcpy(dev->dev_addr, addr, AX25_ADDR_LEN); 865 netif_tx_unlock_bh(dev); 866 867 err = 0; 868 break; 869 } 870 default: 871 err = -ENOIOCTLCMD; 872 } 873 874 mkiss_put(ax); 875 876 return err; 877 } 878 879 #ifdef CONFIG_COMPAT 880 static long mkiss_compat_ioctl(struct tty_struct *tty, struct file *file, 881 unsigned int cmd, unsigned long arg) 882 { 883 switch (cmd) { 884 case SIOCGIFNAME: 885 case SIOCGIFENCAP: 886 case SIOCSIFENCAP: 887 case SIOCSIFHWADDR: 888 return mkiss_ioctl(tty, file, cmd, 889 (unsigned long)compat_ptr(arg)); 890 } 891 892 return -ENOIOCTLCMD; 893 } 894 #endif 895 896 /* 897 * Handle the 'receiver data ready' interrupt. 898 * This function is called by the 'tty_io' module in the kernel when 899 * a block of data has been received, which can now be decapsulated 900 * and sent on to the AX.25 layer for further processing. 901 */ 902 static void mkiss_receive_buf(struct tty_struct *tty, const unsigned char *cp, 903 char *fp, int count) 904 { 905 struct mkiss *ax = mkiss_get(tty); 906 907 if (!ax) 908 return; 909 910 /* 911 * Argh! mtu change time! - costs us the packet part received 912 * at the change 913 */ 914 if (ax->mtu != ax->dev->mtu + 73) 915 ax_changedmtu(ax); 916 917 /* Read the characters out of the buffer */ 918 while (count--) { 919 if (fp != NULL && *fp++) { 920 if (!test_and_set_bit(AXF_ERROR, &ax->flags)) 921 ax->dev->stats.rx_errors++; 922 cp++; 923 continue; 924 } 925 926 kiss_unesc(ax, *cp++); 927 } 928 929 mkiss_put(ax); 930 tty_unthrottle(tty); 931 } 932 933 /* 934 * Called by the driver when there's room for more data. If we have 935 * more packets to send, we send them here. 936 */ 937 static void mkiss_write_wakeup(struct tty_struct *tty) 938 { 939 struct mkiss *ax = mkiss_get(tty); 940 int actual; 941 942 if (!ax) 943 return; 944 945 if (ax->xleft <= 0) { 946 /* Now serial buffer is almost free & we can start 947 * transmission of another packet 948 */ 949 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags); 950 951 netif_wake_queue(ax->dev); 952 goto out; 953 } 954 955 actual = tty->ops->write(tty, ax->xhead, ax->xleft); 956 ax->xleft -= actual; 957 ax->xhead += actual; 958 959 out: 960 mkiss_put(ax); 961 } 962 963 static struct tty_ldisc_ops ax_ldisc = { 964 .owner = THIS_MODULE, 965 .magic = TTY_LDISC_MAGIC, 966 .name = "mkiss", 967 .open = mkiss_open, 968 .close = mkiss_close, 969 .ioctl = mkiss_ioctl, 970 #ifdef CONFIG_COMPAT 971 .compat_ioctl = mkiss_compat_ioctl, 972 #endif 973 .receive_buf = mkiss_receive_buf, 974 .write_wakeup = mkiss_write_wakeup 975 }; 976 977 static const char banner[] __initconst = KERN_INFO \ 978 "mkiss: AX.25 Multikiss, Hans Albas PE1AYX\n"; 979 static const char msg_regfail[] __initconst = KERN_ERR \ 980 "mkiss: can't register line discipline (err = %d)\n"; 981 982 static int __init mkiss_init_driver(void) 983 { 984 int status; 985 986 printk(banner); 987 988 status = tty_register_ldisc(N_AX25, &ax_ldisc); 989 if (status != 0) 990 printk(msg_regfail, status); 991 992 return status; 993 } 994 995 static const char msg_unregfail[] = KERN_ERR \ 996 "mkiss: can't unregister line discipline (err = %d)\n"; 997 998 static void __exit mkiss_exit_driver(void) 999 { 1000 int ret; 1001 1002 if ((ret = tty_unregister_ldisc(N_AX25))) 1003 printk(msg_unregfail, ret); 1004 } 1005 1006 MODULE_AUTHOR("Ralf Baechle DL5RB <ralf@linux-mips.org>"); 1007 MODULE_DESCRIPTION("KISS driver for AX.25 over TTYs"); 1008 module_param(crc_force, int, 0); 1009 MODULE_PARM_DESC(crc_force, "crc [0 = auto | 1 = none | 2 = flexnet | 3 = smack]"); 1010 MODULE_LICENSE("GPL"); 1011 MODULE_ALIAS_LDISC(N_AX25); 1012 1013 module_init(mkiss_init_driver); 1014 module_exit(mkiss_exit_driver); 1015