xref: /openbmc/linux/drivers/net/hamradio/mkiss.c (revision 643d1f7f) 
1 /*
2  *  This program is free software; you can distribute it and/or modify it
3  *  under the terms of the GNU General Public License (Version 2) as
4  *  published by the Free Software Foundation.
5  *
6  *  This program is distributed in the hope it will be useful, but WITHOUT
7  *  ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
8  *  FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
9  *  for more details.
10  *
11  *  You should have received a copy of the GNU General Public License along
12  *  with this program; if not, write to the Free Software Foundation, Inc.,
13  *  59 Temple Place - Suite 330, Boston MA 02111-1307, USA.
14  *
15  * Copyright (C) Hans Alblas PE1AYX <hans@esrac.ele.tue.nl>
16  * Copyright (C) 2004, 05 Ralf Baechle DL5RB <ralf@linux-mips.org>
17  * Copyright (C) 2004, 05 Thomas Osterried DL9SAU <thomas@x-berg.in-berlin.de>
18  */
19 #include <linux/module.h>
20 #include <asm/system.h>
21 #include <linux/bitops.h>
22 #include <asm/uaccess.h>
23 #include <linux/crc16.h>
24 #include <linux/string.h>
25 #include <linux/mm.h>
26 #include <linux/interrupt.h>
27 #include <linux/in.h>
28 #include <linux/inet.h>
29 #include <linux/tty.h>
30 #include <linux/errno.h>
31 #include <linux/netdevice.h>
32 #include <linux/major.h>
33 #include <linux/init.h>
34 #include <linux/rtnetlink.h>
35 #include <linux/etherdevice.h>
36 #include <linux/skbuff.h>
37 #include <linux/if_arp.h>
38 #include <linux/jiffies.h>
39 
40 #include <net/ax25.h>
41 
42 #define AX_MTU		236
43 
44 /* SLIP/KISS protocol characters. */
45 #define END             0300		/* indicates end of frame	*/
46 #define ESC             0333		/* indicates byte stuffing	*/
47 #define ESC_END         0334		/* ESC ESC_END means END 'data'	*/
48 #define ESC_ESC         0335		/* ESC ESC_ESC means ESC 'data'	*/
49 
50 struct mkiss {
51 	struct tty_struct	*tty;	/* ptr to TTY structure		*/
52 	struct net_device	*dev;	/* easy for intr handling	*/
53 
54 	/* These are pointers to the malloc()ed frame buffers. */
55 	spinlock_t		buflock;/* lock for rbuf and xbuf */
56 	unsigned char		*rbuff;	/* receiver buffer		*/
57 	int			rcount;	/* received chars counter       */
58 	unsigned char		*xbuff;	/* transmitter buffer		*/
59 	unsigned char		*xhead;	/* pointer to next byte to XMIT */
60 	int			xleft;	/* bytes left in XMIT queue     */
61 
62 	struct net_device_stats	stats;
63 
64 	/* Detailed SLIP statistics. */
65 	int		mtu;		/* Our mtu (to spot changes!)   */
66 	int		buffsize;	/* Max buffers sizes            */
67 
68 	unsigned long	flags;		/* Flag values/ mode etc	*/
69 					/* long req'd: used by set_bit --RR */
70 #define AXF_INUSE	0		/* Channel in use               */
71 #define AXF_ESCAPE	1               /* ESC received                 */
72 #define AXF_ERROR	2               /* Parity, etc. error           */
73 #define AXF_KEEPTEST	3		/* Keepalive test flag		*/
74 #define AXF_OUTWAIT	4		/* is outpacket was flag	*/
75 
76 	int		mode;
77         int		crcmode;	/* MW: for FlexNet, SMACK etc.  */
78 	int		crcauto;	/* CRC auto mode */
79 
80 #define CRC_MODE_NONE		0
81 #define CRC_MODE_FLEX		1
82 #define CRC_MODE_SMACK		2
83 #define CRC_MODE_FLEX_TEST	3
84 #define CRC_MODE_SMACK_TEST	4
85 
86 	atomic_t		refcnt;
87 	struct semaphore	dead_sem;
88 };
89 
90 /*---------------------------------------------------------------------------*/
91 
92 static const unsigned short crc_flex_table[] = {
93 	0x0f87, 0x1e0e, 0x2c95, 0x3d1c, 0x49a3, 0x582a, 0x6ab1, 0x7b38,
94 	0x83cf, 0x9246, 0xa0dd, 0xb154, 0xc5eb, 0xd462, 0xe6f9, 0xf770,
95 	0x1f06, 0x0e8f, 0x3c14, 0x2d9d, 0x5922, 0x48ab, 0x7a30, 0x6bb9,
96 	0x934e, 0x82c7, 0xb05c, 0xa1d5, 0xd56a, 0xc4e3, 0xf678, 0xe7f1,
97 	0x2e85, 0x3f0c, 0x0d97, 0x1c1e, 0x68a1, 0x7928, 0x4bb3, 0x5a3a,
98 	0xa2cd, 0xb344, 0x81df, 0x9056, 0xe4e9, 0xf560, 0xc7fb, 0xd672,
99 	0x3e04, 0x2f8d, 0x1d16, 0x0c9f, 0x7820, 0x69a9, 0x5b32, 0x4abb,
100 	0xb24c, 0xa3c5, 0x915e, 0x80d7, 0xf468, 0xe5e1, 0xd77a, 0xc6f3,
101 	0x4d83, 0x5c0a, 0x6e91, 0x7f18, 0x0ba7, 0x1a2e, 0x28b5, 0x393c,
102 	0xc1cb, 0xd042, 0xe2d9, 0xf350, 0x87ef, 0x9666, 0xa4fd, 0xb574,
103 	0x5d02, 0x4c8b, 0x7e10, 0x6f99, 0x1b26, 0x0aaf, 0x3834, 0x29bd,
104 	0xd14a, 0xc0c3, 0xf258, 0xe3d1, 0x976e, 0x86e7, 0xb47c, 0xa5f5,
105 	0x6c81, 0x7d08, 0x4f93, 0x5e1a, 0x2aa5, 0x3b2c, 0x09b7, 0x183e,
106 	0xe0c9, 0xf140, 0xc3db, 0xd252, 0xa6ed, 0xb764, 0x85ff, 0x9476,
107 	0x7c00, 0x6d89, 0x5f12, 0x4e9b, 0x3a24, 0x2bad, 0x1936, 0x08bf,
108 	0xf048, 0xe1c1, 0xd35a, 0xc2d3, 0xb66c, 0xa7e5, 0x957e, 0x84f7,
109 	0x8b8f, 0x9a06, 0xa89d, 0xb914, 0xcdab, 0xdc22, 0xeeb9, 0xff30,
110 	0x07c7, 0x164e, 0x24d5, 0x355c, 0x41e3, 0x506a, 0x62f1, 0x7378,
111 	0x9b0e, 0x8a87, 0xb81c, 0xa995, 0xdd2a, 0xcca3, 0xfe38, 0xefb1,
112 	0x1746, 0x06cf, 0x3454, 0x25dd, 0x5162, 0x40eb, 0x7270, 0x63f9,
113 	0xaa8d, 0xbb04, 0x899f, 0x9816, 0xeca9, 0xfd20, 0xcfbb, 0xde32,
114 	0x26c5, 0x374c, 0x05d7, 0x145e, 0x60e1, 0x7168, 0x43f3, 0x527a,
115 	0xba0c, 0xab85, 0x991e, 0x8897, 0xfc28, 0xeda1, 0xdf3a, 0xceb3,
116 	0x3644, 0x27cd, 0x1556, 0x04df, 0x7060, 0x61e9, 0x5372, 0x42fb,
117 	0xc98b, 0xd802, 0xea99, 0xfb10, 0x8faf, 0x9e26, 0xacbd, 0xbd34,
118 	0x45c3, 0x544a, 0x66d1, 0x7758, 0x03e7, 0x126e, 0x20f5, 0x317c,
119 	0xd90a, 0xc883, 0xfa18, 0xeb91, 0x9f2e, 0x8ea7, 0xbc3c, 0xadb5,
120 	0x5542, 0x44cb, 0x7650, 0x67d9, 0x1366, 0x02ef, 0x3074, 0x21fd,
121 	0xe889, 0xf900, 0xcb9b, 0xda12, 0xaead, 0xbf24, 0x8dbf, 0x9c36,
122 	0x64c1, 0x7548, 0x47d3, 0x565a, 0x22e5, 0x336c, 0x01f7, 0x107e,
123 	0xf808, 0xe981, 0xdb1a, 0xca93, 0xbe2c, 0xafa5, 0x9d3e, 0x8cb7,
124 	0x7440, 0x65c9, 0x5752, 0x46db, 0x3264, 0x23ed, 0x1176, 0x00ff
125 };
126 
127 static unsigned short calc_crc_flex(unsigned char *cp, int size)
128 {
129 	unsigned short crc = 0xffff;
130 
131 	while (size--)
132 		crc = (crc << 8) ^ crc_flex_table[((crc >> 8) ^ *cp++) & 0xff];
133 
134 	return crc;
135 }
136 
137 static int check_crc_flex(unsigned char *cp, int size)
138 {
139 	unsigned short crc = 0xffff;
140 
141 	if (size < 3)
142 		return -1;
143 
144 	while (size--)
145 		crc = (crc << 8) ^ crc_flex_table[((crc >> 8) ^ *cp++) & 0xff];
146 
147 	if ((crc & 0xffff) != 0x7070)
148 		return -1;
149 
150 	return 0;
151 }
152 
153 static int check_crc_16(unsigned char *cp, int size)
154 {
155 	unsigned short crc = 0x0000;
156 
157 	if (size < 3)
158 		return -1;
159 
160 	crc = crc16(0, cp, size);
161 
162 	if (crc != 0x0000)
163 		return -1;
164 
165 	return 0;
166 }
167 
168 /*
169  * Standard encapsulation
170  */
171 
172 static int kiss_esc(unsigned char *s, unsigned char *d, int len)
173 {
174 	unsigned char *ptr = d;
175 	unsigned char c;
176 
177 	/*
178 	 * Send an initial END character to flush out any data that may have
179 	 * accumulated in the receiver due to line noise.
180 	 */
181 
182 	*ptr++ = END;
183 
184 	while (len-- > 0) {
185 		switch (c = *s++) {
186 		case END:
187 			*ptr++ = ESC;
188 			*ptr++ = ESC_END;
189 			break;
190 		case ESC:
191 			*ptr++ = ESC;
192 			*ptr++ = ESC_ESC;
193 			break;
194 		default:
195 			*ptr++ = c;
196 			break;
197 		}
198 	}
199 
200 	*ptr++ = END;
201 
202 	return ptr - d;
203 }
204 
205 /*
206  * MW:
207  * OK its ugly, but tell me a better solution without copying the
208  * packet to a temporary buffer :-)
209  */
210 static int kiss_esc_crc(unsigned char *s, unsigned char *d, unsigned short crc,
211 	int len)
212 {
213 	unsigned char *ptr = d;
214 	unsigned char c=0;
215 
216 	*ptr++ = END;
217 	while (len > 0) {
218 		if (len > 2)
219 			c = *s++;
220 		else if (len > 1)
221 			c = crc >> 8;
222 		else if (len > 0)
223 			c = crc & 0xff;
224 
225 		len--;
226 
227 		switch (c) {
228 		case END:
229 			*ptr++ = ESC;
230 			*ptr++ = ESC_END;
231 			break;
232 		case ESC:
233 			*ptr++ = ESC;
234 			*ptr++ = ESC_ESC;
235 			break;
236 		default:
237 			*ptr++ = c;
238 			break;
239 		}
240 	}
241 	*ptr++ = END;
242 
243 	return ptr - d;
244 }
245 
246 /* Send one completely decapsulated AX.25 packet to the AX.25 layer. */
247 static void ax_bump(struct mkiss *ax)
248 {
249 	struct sk_buff *skb;
250 	int count;
251 
252 	spin_lock_bh(&ax->buflock);
253 	if (ax->rbuff[0] > 0x0f) {
254 		if (ax->rbuff[0] & 0x80) {
255 			if (check_crc_16(ax->rbuff, ax->rcount) < 0) {
256 				ax->stats.rx_errors++;
257 				spin_unlock_bh(&ax->buflock);
258 
259 				return;
260 			}
261 			if (ax->crcmode != CRC_MODE_SMACK && ax->crcauto) {
262 				printk(KERN_INFO
263 				       "mkiss: %s: Switchting to crc-smack\n",
264 				       ax->dev->name);
265 				ax->crcmode = CRC_MODE_SMACK;
266 			}
267 			ax->rcount -= 2;
268 			*ax->rbuff &= ~0x80;
269 		} else if (ax->rbuff[0] & 0x20)  {
270 			if (check_crc_flex(ax->rbuff, ax->rcount) < 0) {
271 				ax->stats.rx_errors++;
272 				spin_unlock_bh(&ax->buflock);
273 				return;
274 			}
275 			if (ax->crcmode != CRC_MODE_FLEX && ax->crcauto) {
276 				printk(KERN_INFO
277 				       "mkiss: %s: Switchting to crc-flexnet\n",
278 				       ax->dev->name);
279 				ax->crcmode = CRC_MODE_FLEX;
280 			}
281 			ax->rcount -= 2;
282 
283 			/*
284 			 * dl9sau bugfix: the trailling two bytes flexnet crc
285 			 * will not be passed to the kernel. thus we have to
286 			 * correct the kissparm signature, because it indicates
287 			 * a crc but there's none
288 			 */
289 			*ax->rbuff &= ~0x20;
290 		}
291  	}
292 	spin_unlock_bh(&ax->buflock);
293 
294 	count = ax->rcount;
295 
296 	if ((skb = dev_alloc_skb(count)) == NULL) {
297 		printk(KERN_ERR "mkiss: %s: memory squeeze, dropping packet.\n",
298 		       ax->dev->name);
299 		ax->stats.rx_dropped++;
300 		return;
301 	}
302 
303 	spin_lock_bh(&ax->buflock);
304 	memcpy(skb_put(skb,count), ax->rbuff, count);
305 	spin_unlock_bh(&ax->buflock);
306 	skb->protocol = ax25_type_trans(skb, ax->dev);
307 	netif_rx(skb);
308 	ax->dev->last_rx = jiffies;
309 	ax->stats.rx_packets++;
310 	ax->stats.rx_bytes += count;
311 }
312 
313 static void kiss_unesc(struct mkiss *ax, unsigned char s)
314 {
315 	switch (s) {
316 	case END:
317 		/* drop keeptest bit = VSV */
318 		if (test_bit(AXF_KEEPTEST, &ax->flags))
319 			clear_bit(AXF_KEEPTEST, &ax->flags);
320 
321 		if (!test_and_clear_bit(AXF_ERROR, &ax->flags) && (ax->rcount > 2))
322 			ax_bump(ax);
323 
324 		clear_bit(AXF_ESCAPE, &ax->flags);
325 		ax->rcount = 0;
326 		return;
327 
328 	case ESC:
329 		set_bit(AXF_ESCAPE, &ax->flags);
330 		return;
331 	case ESC_ESC:
332 		if (test_and_clear_bit(AXF_ESCAPE, &ax->flags))
333 			s = ESC;
334 		break;
335 	case ESC_END:
336 		if (test_and_clear_bit(AXF_ESCAPE, &ax->flags))
337 			s = END;
338 		break;
339 	}
340 
341 	spin_lock_bh(&ax->buflock);
342 	if (!test_bit(AXF_ERROR, &ax->flags)) {
343 		if (ax->rcount < ax->buffsize) {
344 			ax->rbuff[ax->rcount++] = s;
345 			spin_unlock_bh(&ax->buflock);
346 			return;
347 		}
348 
349 		ax->stats.rx_over_errors++;
350 		set_bit(AXF_ERROR, &ax->flags);
351 	}
352 	spin_unlock_bh(&ax->buflock);
353 }
354 
355 static int ax_set_mac_address(struct net_device *dev, void *addr)
356 {
357 	struct sockaddr_ax25 *sa = addr;
358 
359 	netif_tx_lock_bh(dev);
360 	memcpy(dev->dev_addr, &sa->sax25_call, AX25_ADDR_LEN);
361 	netif_tx_unlock_bh(dev);
362 
363 	return 0;
364 }
365 
366 /*---------------------------------------------------------------------------*/
367 
368 static void ax_changedmtu(struct mkiss *ax)
369 {
370 	struct net_device *dev = ax->dev;
371 	unsigned char *xbuff, *rbuff, *oxbuff, *orbuff;
372 	int len;
373 
374 	len = dev->mtu * 2;
375 
376 	/*
377 	 * allow for arrival of larger UDP packets, even if we say not to
378 	 * also fixes a bug in which SunOS sends 512-byte packets even with
379 	 * an MSS of 128
380 	 */
381 	if (len < 576 * 2)
382 		len = 576 * 2;
383 
384 	xbuff = kmalloc(len + 4, GFP_ATOMIC);
385 	rbuff = kmalloc(len + 4, GFP_ATOMIC);
386 
387 	if (xbuff == NULL || rbuff == NULL)  {
388 		printk(KERN_ERR "mkiss: %s: unable to grow ax25 buffers, "
389 		       "MTU change cancelled.\n",
390 		       ax->dev->name);
391 		dev->mtu = ax->mtu;
392 		kfree(xbuff);
393 		kfree(rbuff);
394 		return;
395 	}
396 
397 	spin_lock_bh(&ax->buflock);
398 
399 	oxbuff    = ax->xbuff;
400 	ax->xbuff = xbuff;
401 	orbuff    = ax->rbuff;
402 	ax->rbuff = rbuff;
403 
404 	if (ax->xleft) {
405 		if (ax->xleft <= len) {
406 			memcpy(ax->xbuff, ax->xhead, ax->xleft);
407 		} else  {
408 			ax->xleft = 0;
409 			ax->stats.tx_dropped++;
410 		}
411 	}
412 
413 	ax->xhead = ax->xbuff;
414 
415 	if (ax->rcount) {
416 		if (ax->rcount <= len) {
417 			memcpy(ax->rbuff, orbuff, ax->rcount);
418 		} else  {
419 			ax->rcount = 0;
420 			ax->stats.rx_over_errors++;
421 			set_bit(AXF_ERROR, &ax->flags);
422 		}
423 	}
424 
425 	ax->mtu      = dev->mtu + 73;
426 	ax->buffsize = len;
427 
428 	spin_unlock_bh(&ax->buflock);
429 
430 	kfree(oxbuff);
431 	kfree(orbuff);
432 }
433 
434 /* Encapsulate one AX.25 packet and stuff into a TTY queue. */
435 static void ax_encaps(struct net_device *dev, unsigned char *icp, int len)
436 {
437 	struct mkiss *ax = netdev_priv(dev);
438 	unsigned char *p;
439 	int actual, count;
440 
441 	if (ax->mtu != ax->dev->mtu + 73)	/* Someone has been ifconfigging */
442 		ax_changedmtu(ax);
443 
444 	if (len > ax->mtu) {		/* Sigh, shouldn't occur BUT ... */
445 		len = ax->mtu;
446 		printk(KERN_ERR "mkiss: %s: truncating oversized transmit packet!\n", ax->dev->name);
447 		ax->stats.tx_dropped++;
448 		netif_start_queue(dev);
449 		return;
450 	}
451 
452 	p = icp;
453 
454 	spin_lock_bh(&ax->buflock);
455 	if ((*p & 0x0f) != 0) {
456 		/* Configuration Command (kissparms(1).
457 		 * Protocol spec says: never append CRC.
458 		 * This fixes a very old bug in the linux
459 		 * kiss driver. -- dl9sau */
460 		switch (*p & 0xff) {
461 		case 0x85:
462 			/* command from userspace especially for us,
463 			 * not for delivery to the tnc */
464 			if (len > 1) {
465 				int cmd = (p[1] & 0xff);
466 				switch(cmd) {
467 				case 3:
468 				  ax->crcmode = CRC_MODE_SMACK;
469 				  break;
470 				case 2:
471 				  ax->crcmode = CRC_MODE_FLEX;
472 				  break;
473 				case 1:
474 				  ax->crcmode = CRC_MODE_NONE;
475 				  break;
476 				case 0:
477 				default:
478 				  ax->crcmode = CRC_MODE_SMACK_TEST;
479 				  cmd = 0;
480 				}
481 				ax->crcauto = (cmd ? 0 : 1);
482 				printk(KERN_INFO "mkiss: %s: crc mode %s %d\n", ax->dev->name, (len) ? "set to" : "is", cmd);
483 			}
484 			spin_unlock_bh(&ax->buflock);
485 			netif_start_queue(dev);
486 
487 			return;
488 		default:
489 			count = kiss_esc(p, (unsigned char *)ax->xbuff, len);
490 		}
491 	} else {
492 		unsigned short crc;
493 		switch (ax->crcmode) {
494 		case CRC_MODE_SMACK_TEST:
495 			ax->crcmode  = CRC_MODE_FLEX_TEST;
496 			printk(KERN_INFO "mkiss: %s: Trying crc-smack\n", ax->dev->name);
497 			// fall through
498 		case CRC_MODE_SMACK:
499 			*p |= 0x80;
500 			crc = swab16(crc16(0, p, len));
501 			count = kiss_esc_crc(p, (unsigned char *)ax->xbuff, crc, len+2);
502 			break;
503 		case CRC_MODE_FLEX_TEST:
504 			ax->crcmode = CRC_MODE_NONE;
505 			printk(KERN_INFO "mkiss: %s: Trying crc-flexnet\n", ax->dev->name);
506 			// fall through
507 		case CRC_MODE_FLEX:
508 			*p |= 0x20;
509 			crc = calc_crc_flex(p, len);
510 			count = kiss_esc_crc(p, (unsigned char *)ax->xbuff, crc, len+2);
511 			break;
512 
513 		default:
514 			count = kiss_esc(p, (unsigned char *)ax->xbuff, len);
515 		}
516   	}
517 	spin_unlock_bh(&ax->buflock);
518 
519 	set_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags);
520 	actual = ax->tty->driver->write(ax->tty, ax->xbuff, count);
521 	ax->stats.tx_packets++;
522 	ax->stats.tx_bytes += actual;
523 
524 	ax->dev->trans_start = jiffies;
525 	ax->xleft = count - actual;
526 	ax->xhead = ax->xbuff + actual;
527 }
528 
529 /* Encapsulate an AX.25 packet and kick it into a TTY queue. */
530 static int ax_xmit(struct sk_buff *skb, struct net_device *dev)
531 {
532 	struct mkiss *ax = netdev_priv(dev);
533 
534 	if (!netif_running(dev))  {
535 		printk(KERN_ERR "mkiss: %s: xmit call when iface is down\n", dev->name);
536 		return 1;
537 	}
538 
539 	if (netif_queue_stopped(dev)) {
540 		/*
541 		 * May be we must check transmitter timeout here ?
542 		 *      14 Oct 1994 Dmitry Gorodchanin.
543 		 */
544 		if (time_before(jiffies, dev->trans_start + 20 * HZ)) {
545 			/* 20 sec timeout not reached */
546 			return 1;
547 		}
548 
549 		printk(KERN_ERR "mkiss: %s: transmit timed out, %s?\n", dev->name,
550 		       (ax->tty->driver->chars_in_buffer(ax->tty) || ax->xleft) ?
551 		       "bad line quality" : "driver error");
552 
553 		ax->xleft = 0;
554 		clear_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags);
555 		netif_start_queue(dev);
556 	}
557 
558 	/* We were not busy, so we are now... :-) */
559 	if (skb != NULL) {
560 		netif_stop_queue(dev);
561 		ax_encaps(dev, skb->data, skb->len);
562 		kfree_skb(skb);
563 	}
564 
565 	return 0;
566 }
567 
568 static int ax_open_dev(struct net_device *dev)
569 {
570 	struct mkiss *ax = netdev_priv(dev);
571 
572 	if (ax->tty == NULL)
573 		return -ENODEV;
574 
575 	return 0;
576 }
577 
578 #if defined(CONFIG_AX25) || defined(CONFIG_AX25_MODULE)
579 
580 /* Return the frame type ID */
581 static int ax_header(struct sk_buff *skb, struct net_device *dev,
582 		     unsigned short type, const void *daddr,
583 		     const void *saddr, unsigned len)
584 {
585 #ifdef CONFIG_INET
586 	if (type != ETH_P_AX25)
587 		return ax25_hard_header(skb, dev, type, daddr, saddr, len);
588 #endif
589 	return 0;
590 }
591 
592 
593 static int ax_rebuild_header(struct sk_buff *skb)
594 {
595 #ifdef CONFIG_INET
596 	return ax25_rebuild_header(skb);
597 #else
598 	return 0;
599 #endif
600 }
601 
602 #endif	/* CONFIG_{AX25,AX25_MODULE} */
603 
604 /* Open the low-level part of the AX25 channel. Easy! */
605 static int ax_open(struct net_device *dev)
606 {
607 	struct mkiss *ax = netdev_priv(dev);
608 	unsigned long len;
609 
610 	if (ax->tty == NULL)
611 		return -ENODEV;
612 
613 	/*
614 	 * Allocate the frame buffers:
615 	 *
616 	 * rbuff	Receive buffer.
617 	 * xbuff	Transmit buffer.
618 	 */
619 	len = dev->mtu * 2;
620 
621 	/*
622 	 * allow for arrival of larger UDP packets, even if we say not to
623 	 * also fixes a bug in which SunOS sends 512-byte packets even with
624 	 * an MSS of 128
625 	 */
626 	if (len < 576 * 2)
627 		len = 576 * 2;
628 
629 	if ((ax->rbuff = kmalloc(len + 4, GFP_KERNEL)) == NULL)
630 		goto norbuff;
631 
632 	if ((ax->xbuff = kmalloc(len + 4, GFP_KERNEL)) == NULL)
633 		goto noxbuff;
634 
635 	ax->mtu	     = dev->mtu + 73;
636 	ax->buffsize = len;
637 	ax->rcount   = 0;
638 	ax->xleft    = 0;
639 
640 	ax->flags   &= (1 << AXF_INUSE);      /* Clear ESCAPE & ERROR flags */
641 
642 	spin_lock_init(&ax->buflock);
643 
644 	return 0;
645 
646 noxbuff:
647 	kfree(ax->rbuff);
648 
649 norbuff:
650 	return -ENOMEM;
651 }
652 
653 
654 /* Close the low-level part of the AX25 channel. Easy! */
655 static int ax_close(struct net_device *dev)
656 {
657 	struct mkiss *ax = netdev_priv(dev);
658 
659 	if (ax->tty)
660 		clear_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags);
661 
662 	netif_stop_queue(dev);
663 
664 	return 0;
665 }
666 
667 static struct net_device_stats *ax_get_stats(struct net_device *dev)
668 {
669 	struct mkiss *ax = netdev_priv(dev);
670 
671 	return &ax->stats;
672 }
673 
674 static const struct header_ops ax_header_ops = {
675 	.create    = ax_header,
676 	.rebuild   = ax_rebuild_header,
677 };
678 
679 static void ax_setup(struct net_device *dev)
680 {
681 	/* Finish setting up the DEVICE info. */
682 	dev->mtu             = AX_MTU;
683 	dev->hard_start_xmit = ax_xmit;
684 	dev->open            = ax_open_dev;
685 	dev->stop            = ax_close;
686 	dev->get_stats	     = ax_get_stats;
687 	dev->set_mac_address = ax_set_mac_address;
688 	dev->hard_header_len = 0;
689 	dev->addr_len        = 0;
690 	dev->type            = ARPHRD_AX25;
691 	dev->tx_queue_len    = 10;
692 	dev->header_ops      = &ax_header_ops;
693 
694 
695 	memcpy(dev->broadcast, &ax25_bcast, AX25_ADDR_LEN);
696 	memcpy(dev->dev_addr,  &ax25_defaddr,  AX25_ADDR_LEN);
697 
698 	dev->flags      = IFF_BROADCAST | IFF_MULTICAST;
699 }
700 
701 /*
702  * We have a potential race on dereferencing tty->disc_data, because the tty
703  * layer provides no locking at all - thus one cpu could be running
704  * sixpack_receive_buf while another calls sixpack_close, which zeroes
705  * tty->disc_data and frees the memory that sixpack_receive_buf is using.  The
706  * best way to fix this is to use a rwlock in the tty struct, but for now we
707  * use a single global rwlock for all ttys in ppp line discipline.
708  */
709 static DEFINE_RWLOCK(disc_data_lock);
710 
711 static struct mkiss *mkiss_get(struct tty_struct *tty)
712 {
713 	struct mkiss *ax;
714 
715 	read_lock(&disc_data_lock);
716 	ax = tty->disc_data;
717 	if (ax)
718 		atomic_inc(&ax->refcnt);
719 	read_unlock(&disc_data_lock);
720 
721 	return ax;
722 }
723 
724 static void mkiss_put(struct mkiss *ax)
725 {
726 	if (atomic_dec_and_test(&ax->refcnt))
727 		up(&ax->dead_sem);
728 }
729 
730 static int crc_force = 0;	/* Can be overridden with insmod */
731 
732 static int mkiss_open(struct tty_struct *tty)
733 {
734 	struct net_device *dev;
735 	struct mkiss *ax;
736 	int err;
737 
738 	if (!capable(CAP_NET_ADMIN))
739 		return -EPERM;
740 
741 	dev = alloc_netdev(sizeof(struct mkiss), "ax%d", ax_setup);
742 	if (!dev) {
743 		err = -ENOMEM;
744 		goto out;
745 	}
746 
747 	ax = netdev_priv(dev);
748 	ax->dev = dev;
749 
750 	spin_lock_init(&ax->buflock);
751 	atomic_set(&ax->refcnt, 1);
752 	init_MUTEX_LOCKED(&ax->dead_sem);
753 
754 	ax->tty = tty;
755 	tty->disc_data = ax;
756 	tty->receive_room = 65535;
757 
758 	if (tty->driver->flush_buffer)
759 		tty->driver->flush_buffer(tty);
760 
761 	/* Restore default settings */
762 	dev->type = ARPHRD_AX25;
763 
764 	/* Perform the low-level AX25 initialization. */
765 	if ((err = ax_open(ax->dev))) {
766 		goto out_free_netdev;
767 	}
768 
769 	if (register_netdev(dev))
770 		goto out_free_buffers;
771 
772 	/* after register_netdev() - because else printk smashes the kernel */
773 	switch (crc_force) {
774 	case 3:
775 		ax->crcmode  = CRC_MODE_SMACK;
776 		printk(KERN_INFO "mkiss: %s: crc mode smack forced.\n",
777 		       ax->dev->name);
778 		break;
779 	case 2:
780 		ax->crcmode  = CRC_MODE_FLEX;
781 		printk(KERN_INFO "mkiss: %s: crc mode flexnet forced.\n",
782 		       ax->dev->name);
783 		break;
784 	case 1:
785 		ax->crcmode  = CRC_MODE_NONE;
786 		printk(KERN_INFO "mkiss: %s: crc mode disabled.\n",
787 		       ax->dev->name);
788 		break;
789 	case 0:
790 		/* fall through */
791 	default:
792 		crc_force = 0;
793 		printk(KERN_INFO "mkiss: %s: crc mode is auto.\n",
794 		       ax->dev->name);
795 		ax->crcmode  = CRC_MODE_SMACK_TEST;
796 	}
797 	ax->crcauto = (crc_force ? 0 : 1);
798 
799 	netif_start_queue(dev);
800 
801 	/* Done.  We have linked the TTY line to a channel. */
802 	return 0;
803 
804 out_free_buffers:
805 	kfree(ax->rbuff);
806 	kfree(ax->xbuff);
807 
808 out_free_netdev:
809 	free_netdev(dev);
810 
811 out:
812 	return err;
813 }
814 
815 static void mkiss_close(struct tty_struct *tty)
816 {
817 	struct mkiss *ax;
818 
819 	write_lock(&disc_data_lock);
820 	ax = tty->disc_data;
821 	tty->disc_data = NULL;
822 	write_unlock(&disc_data_lock);
823 
824 	if (!ax)
825 		return;
826 
827 	/*
828 	 * We have now ensured that nobody can start using ap from now on, but
829 	 * we have to wait for all existing users to finish.
830 	 */
831 	if (!atomic_dec_and_test(&ax->refcnt))
832 		down(&ax->dead_sem);
833 
834 	unregister_netdev(ax->dev);
835 
836 	/* Free all AX25 frame buffers. */
837 	kfree(ax->rbuff);
838 	kfree(ax->xbuff);
839 
840 	ax->tty = NULL;
841 }
842 
843 /* Perform I/O control on an active ax25 channel. */
844 static int mkiss_ioctl(struct tty_struct *tty, struct file *file,
845 	unsigned int cmd, unsigned long arg)
846 {
847 	struct mkiss *ax = mkiss_get(tty);
848 	struct net_device *dev = ax->dev;
849 	unsigned int tmp, err;
850 
851 	/* First make sure we're connected. */
852 	if (ax == NULL)
853 		return -ENXIO;
854 
855 	switch (cmd) {
856  	case SIOCGIFNAME:
857 		err = copy_to_user((void __user *) arg, ax->dev->name,
858 		                   strlen(ax->dev->name) + 1) ? -EFAULT : 0;
859 		break;
860 
861 	case SIOCGIFENCAP:
862 		err = put_user(4, (int __user *) arg);
863 		break;
864 
865 	case SIOCSIFENCAP:
866 		if (get_user(tmp, (int __user *) arg)) {
867 			err = -EFAULT;
868 			break;
869 		}
870 
871 		ax->mode = tmp;
872 		dev->addr_len        = AX25_ADDR_LEN;
873 		dev->hard_header_len = AX25_KISS_HEADER_LEN +
874 		                       AX25_MAX_HEADER_LEN + 3;
875 		dev->type            = ARPHRD_AX25;
876 
877 		err = 0;
878 		break;
879 
880 	case SIOCSIFHWADDR: {
881 		char addr[AX25_ADDR_LEN];
882 
883 		if (copy_from_user(&addr,
884 		                   (void __user *) arg, AX25_ADDR_LEN)) {
885 			err = -EFAULT;
886 			break;
887 		}
888 
889 		netif_tx_lock_bh(dev);
890 		memcpy(dev->dev_addr, addr, AX25_ADDR_LEN);
891 		netif_tx_unlock_bh(dev);
892 
893 		err = 0;
894 		break;
895 	}
896 	default:
897 		err = -ENOIOCTLCMD;
898 	}
899 
900 	mkiss_put(ax);
901 
902 	return err;
903 }
904 
905 /*
906  * Handle the 'receiver data ready' interrupt.
907  * This function is called by the 'tty_io' module in the kernel when
908  * a block of data has been received, which can now be decapsulated
909  * and sent on to the AX.25 layer for further processing.
910  */
911 static void mkiss_receive_buf(struct tty_struct *tty, const unsigned char *cp,
912 	char *fp, int count)
913 {
914 	struct mkiss *ax = mkiss_get(tty);
915 
916 	if (!ax)
917 		return;
918 
919 	/*
920 	 * Argh! mtu change time! - costs us the packet part received
921 	 * at the change
922 	 */
923 	if (ax->mtu != ax->dev->mtu + 73)
924 		ax_changedmtu(ax);
925 
926 	/* Read the characters out of the buffer */
927 	while (count--) {
928 		if (fp != NULL && *fp++) {
929 			if (!test_and_set_bit(AXF_ERROR, &ax->flags))
930 				ax->stats.rx_errors++;
931 			cp++;
932 			continue;
933 		}
934 
935 		kiss_unesc(ax, *cp++);
936 	}
937 
938 	mkiss_put(ax);
939 	if (test_and_clear_bit(TTY_THROTTLED, &tty->flags)
940 	    && tty->driver->unthrottle)
941 		tty->driver->unthrottle(tty);
942 }
943 
944 /*
945  * Called by the driver when there's room for more data.  If we have
946  * more packets to send, we send them here.
947  */
948 static void mkiss_write_wakeup(struct tty_struct *tty)
949 {
950 	struct mkiss *ax = mkiss_get(tty);
951 	int actual;
952 
953 	if (!ax)
954 		return;
955 
956 	if (ax->xleft <= 0)  {
957 		/* Now serial buffer is almost free & we can start
958 		 * transmission of another packet
959 		 */
960 		clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
961 
962 		netif_wake_queue(ax->dev);
963 		goto out;
964 	}
965 
966 	actual = tty->driver->write(tty, ax->xhead, ax->xleft);
967 	ax->xleft -= actual;
968 	ax->xhead += actual;
969 
970 out:
971 	mkiss_put(ax);
972 }
973 
974 static struct tty_ldisc ax_ldisc = {
975 	.owner		= THIS_MODULE,
976 	.magic		= TTY_LDISC_MAGIC,
977 	.name		= "mkiss",
978 	.open		= mkiss_open,
979 	.close		= mkiss_close,
980 	.ioctl		= mkiss_ioctl,
981 	.receive_buf	= mkiss_receive_buf,
982 	.write_wakeup	= mkiss_write_wakeup
983 };
984 
985 static char banner[] __initdata = KERN_INFO \
986 	"mkiss: AX.25 Multikiss, Hans Albas PE1AYX\n";
987 static char msg_regfail[] __initdata = KERN_ERR \
988 	"mkiss: can't register line discipline (err = %d)\n";
989 
990 static int __init mkiss_init_driver(void)
991 {
992 	int status;
993 
994 	printk(banner);
995 
996 	if ((status = tty_register_ldisc(N_AX25, &ax_ldisc)) != 0)
997 		printk(msg_regfail);
998 
999 	return status;
1000 }
1001 
1002 static const char msg_unregfail[] __exitdata = KERN_ERR \
1003 	"mkiss: can't unregister line discipline (err = %d)\n";
1004 
1005 static void __exit mkiss_exit_driver(void)
1006 {
1007 	int ret;
1008 
1009 	if ((ret = tty_unregister_ldisc(N_AX25)))
1010 		printk(msg_unregfail, ret);
1011 }
1012 
1013 MODULE_AUTHOR("Ralf Baechle DL5RB <ralf@linux-mips.org>");
1014 MODULE_DESCRIPTION("KISS driver for AX.25 over TTYs");
1015 module_param(crc_force, int, 0);
1016 MODULE_PARM_DESC(crc_force, "crc [0 = auto | 1 = none | 2 = flexnet | 3 = smack]");
1017 MODULE_LICENSE("GPL");
1018 MODULE_ALIAS_LDISC(N_AX25);
1019 
1020 module_init(mkiss_init_driver);
1021 module_exit(mkiss_exit_driver);
1022