xref: /openbmc/linux/drivers/net/hamradio/mkiss.c (revision 6c870213d6f3a25981c10728f46294a3bed1703f)
1 /*
2  *  This program is free software; you can distribute it and/or modify it
3  *  under the terms of the GNU General Public License (Version 2) as
4  *  published by the Free Software Foundation.
5  *
6  *  This program is distributed in the hope it will be useful, but WITHOUT
7  *  ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
8  *  FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
9  *  for more details.
10  *
11  *  You should have received a copy of the GNU General Public License along
12  *  with this program; if not, see <http://www.gnu.org/licenses/>.
13  *
14  * Copyright (C) Hans Alblas PE1AYX <hans@esrac.ele.tue.nl>
15  * Copyright (C) 2004, 05 Ralf Baechle DL5RB <ralf@linux-mips.org>
16  * Copyright (C) 2004, 05 Thomas Osterried DL9SAU <thomas@x-berg.in-berlin.de>
17  */
18 #include <linux/module.h>
19 #include <linux/bitops.h>
20 #include <asm/uaccess.h>
21 #include <linux/crc16.h>
22 #include <linux/string.h>
23 #include <linux/mm.h>
24 #include <linux/interrupt.h>
25 #include <linux/in.h>
26 #include <linux/inet.h>
27 #include <linux/slab.h>
28 #include <linux/tty.h>
29 #include <linux/errno.h>
30 #include <linux/netdevice.h>
31 #include <linux/major.h>
32 #include <linux/init.h>
33 #include <linux/rtnetlink.h>
34 #include <linux/etherdevice.h>
35 #include <linux/skbuff.h>
36 #include <linux/if_arp.h>
37 #include <linux/jiffies.h>
38 #include <linux/compat.h>
39 
40 #include <net/ax25.h>
41 
42 #define AX_MTU		236
43 
44 /* SLIP/KISS protocol characters. */
45 #define END             0300		/* indicates end of frame	*/
46 #define ESC             0333		/* indicates byte stuffing	*/
47 #define ESC_END         0334		/* ESC ESC_END means END 'data'	*/
48 #define ESC_ESC         0335		/* ESC ESC_ESC means ESC 'data'	*/
49 
50 struct mkiss {
51 	struct tty_struct	*tty;	/* ptr to TTY structure		*/
52 	struct net_device	*dev;	/* easy for intr handling	*/
53 
54 	/* These are pointers to the malloc()ed frame buffers. */
55 	spinlock_t		buflock;/* lock for rbuf and xbuf */
56 	unsigned char		*rbuff;	/* receiver buffer		*/
57 	int			rcount;	/* received chars counter       */
58 	unsigned char		*xbuff;	/* transmitter buffer		*/
59 	unsigned char		*xhead;	/* pointer to next byte to XMIT */
60 	int			xleft;	/* bytes left in XMIT queue     */
61 
62 	/* Detailed SLIP statistics. */
63 	int		mtu;		/* Our mtu (to spot changes!)   */
64 	int		buffsize;	/* Max buffers sizes            */
65 
66 	unsigned long	flags;		/* Flag values/ mode etc	*/
67 					/* long req'd: used by set_bit --RR */
68 #define AXF_INUSE	0		/* Channel in use               */
69 #define AXF_ESCAPE	1               /* ESC received                 */
70 #define AXF_ERROR	2               /* Parity, etc. error           */
71 #define AXF_KEEPTEST	3		/* Keepalive test flag		*/
72 #define AXF_OUTWAIT	4		/* is outpacket was flag	*/
73 
74 	int		mode;
75         int		crcmode;	/* MW: for FlexNet, SMACK etc.  */
76 	int		crcauto;	/* CRC auto mode */
77 
78 #define CRC_MODE_NONE		0
79 #define CRC_MODE_FLEX		1
80 #define CRC_MODE_SMACK		2
81 #define CRC_MODE_FLEX_TEST	3
82 #define CRC_MODE_SMACK_TEST	4
83 
84 	atomic_t		refcnt;
85 	struct semaphore	dead_sem;
86 };
87 
88 /*---------------------------------------------------------------------------*/
89 
90 static const unsigned short crc_flex_table[] = {
91 	0x0f87, 0x1e0e, 0x2c95, 0x3d1c, 0x49a3, 0x582a, 0x6ab1, 0x7b38,
92 	0x83cf, 0x9246, 0xa0dd, 0xb154, 0xc5eb, 0xd462, 0xe6f9, 0xf770,
93 	0x1f06, 0x0e8f, 0x3c14, 0x2d9d, 0x5922, 0x48ab, 0x7a30, 0x6bb9,
94 	0x934e, 0x82c7, 0xb05c, 0xa1d5, 0xd56a, 0xc4e3, 0xf678, 0xe7f1,
95 	0x2e85, 0x3f0c, 0x0d97, 0x1c1e, 0x68a1, 0x7928, 0x4bb3, 0x5a3a,
96 	0xa2cd, 0xb344, 0x81df, 0x9056, 0xe4e9, 0xf560, 0xc7fb, 0xd672,
97 	0x3e04, 0x2f8d, 0x1d16, 0x0c9f, 0x7820, 0x69a9, 0x5b32, 0x4abb,
98 	0xb24c, 0xa3c5, 0x915e, 0x80d7, 0xf468, 0xe5e1, 0xd77a, 0xc6f3,
99 	0x4d83, 0x5c0a, 0x6e91, 0x7f18, 0x0ba7, 0x1a2e, 0x28b5, 0x393c,
100 	0xc1cb, 0xd042, 0xe2d9, 0xf350, 0x87ef, 0x9666, 0xa4fd, 0xb574,
101 	0x5d02, 0x4c8b, 0x7e10, 0x6f99, 0x1b26, 0x0aaf, 0x3834, 0x29bd,
102 	0xd14a, 0xc0c3, 0xf258, 0xe3d1, 0x976e, 0x86e7, 0xb47c, 0xa5f5,
103 	0x6c81, 0x7d08, 0x4f93, 0x5e1a, 0x2aa5, 0x3b2c, 0x09b7, 0x183e,
104 	0xe0c9, 0xf140, 0xc3db, 0xd252, 0xa6ed, 0xb764, 0x85ff, 0x9476,
105 	0x7c00, 0x6d89, 0x5f12, 0x4e9b, 0x3a24, 0x2bad, 0x1936, 0x08bf,
106 	0xf048, 0xe1c1, 0xd35a, 0xc2d3, 0xb66c, 0xa7e5, 0x957e, 0x84f7,
107 	0x8b8f, 0x9a06, 0xa89d, 0xb914, 0xcdab, 0xdc22, 0xeeb9, 0xff30,
108 	0x07c7, 0x164e, 0x24d5, 0x355c, 0x41e3, 0x506a, 0x62f1, 0x7378,
109 	0x9b0e, 0x8a87, 0xb81c, 0xa995, 0xdd2a, 0xcca3, 0xfe38, 0xefb1,
110 	0x1746, 0x06cf, 0x3454, 0x25dd, 0x5162, 0x40eb, 0x7270, 0x63f9,
111 	0xaa8d, 0xbb04, 0x899f, 0x9816, 0xeca9, 0xfd20, 0xcfbb, 0xde32,
112 	0x26c5, 0x374c, 0x05d7, 0x145e, 0x60e1, 0x7168, 0x43f3, 0x527a,
113 	0xba0c, 0xab85, 0x991e, 0x8897, 0xfc28, 0xeda1, 0xdf3a, 0xceb3,
114 	0x3644, 0x27cd, 0x1556, 0x04df, 0x7060, 0x61e9, 0x5372, 0x42fb,
115 	0xc98b, 0xd802, 0xea99, 0xfb10, 0x8faf, 0x9e26, 0xacbd, 0xbd34,
116 	0x45c3, 0x544a, 0x66d1, 0x7758, 0x03e7, 0x126e, 0x20f5, 0x317c,
117 	0xd90a, 0xc883, 0xfa18, 0xeb91, 0x9f2e, 0x8ea7, 0xbc3c, 0xadb5,
118 	0x5542, 0x44cb, 0x7650, 0x67d9, 0x1366, 0x02ef, 0x3074, 0x21fd,
119 	0xe889, 0xf900, 0xcb9b, 0xda12, 0xaead, 0xbf24, 0x8dbf, 0x9c36,
120 	0x64c1, 0x7548, 0x47d3, 0x565a, 0x22e5, 0x336c, 0x01f7, 0x107e,
121 	0xf808, 0xe981, 0xdb1a, 0xca93, 0xbe2c, 0xafa5, 0x9d3e, 0x8cb7,
122 	0x7440, 0x65c9, 0x5752, 0x46db, 0x3264, 0x23ed, 0x1176, 0x00ff
123 };
124 
125 static unsigned short calc_crc_flex(unsigned char *cp, int size)
126 {
127 	unsigned short crc = 0xffff;
128 
129 	while (size--)
130 		crc = (crc << 8) ^ crc_flex_table[((crc >> 8) ^ *cp++) & 0xff];
131 
132 	return crc;
133 }
134 
135 static int check_crc_flex(unsigned char *cp, int size)
136 {
137 	unsigned short crc = 0xffff;
138 
139 	if (size < 3)
140 		return -1;
141 
142 	while (size--)
143 		crc = (crc << 8) ^ crc_flex_table[((crc >> 8) ^ *cp++) & 0xff];
144 
145 	if ((crc & 0xffff) != 0x7070)
146 		return -1;
147 
148 	return 0;
149 }
150 
151 static int check_crc_16(unsigned char *cp, int size)
152 {
153 	unsigned short crc = 0x0000;
154 
155 	if (size < 3)
156 		return -1;
157 
158 	crc = crc16(0, cp, size);
159 
160 	if (crc != 0x0000)
161 		return -1;
162 
163 	return 0;
164 }
165 
166 /*
167  * Standard encapsulation
168  */
169 
170 static int kiss_esc(unsigned char *s, unsigned char *d, int len)
171 {
172 	unsigned char *ptr = d;
173 	unsigned char c;
174 
175 	/*
176 	 * Send an initial END character to flush out any data that may have
177 	 * accumulated in the receiver due to line noise.
178 	 */
179 
180 	*ptr++ = END;
181 
182 	while (len-- > 0) {
183 		switch (c = *s++) {
184 		case END:
185 			*ptr++ = ESC;
186 			*ptr++ = ESC_END;
187 			break;
188 		case ESC:
189 			*ptr++ = ESC;
190 			*ptr++ = ESC_ESC;
191 			break;
192 		default:
193 			*ptr++ = c;
194 			break;
195 		}
196 	}
197 
198 	*ptr++ = END;
199 
200 	return ptr - d;
201 }
202 
203 /*
204  * MW:
205  * OK its ugly, but tell me a better solution without copying the
206  * packet to a temporary buffer :-)
207  */
208 static int kiss_esc_crc(unsigned char *s, unsigned char *d, unsigned short crc,
209 	int len)
210 {
211 	unsigned char *ptr = d;
212 	unsigned char c=0;
213 
214 	*ptr++ = END;
215 	while (len > 0) {
216 		if (len > 2)
217 			c = *s++;
218 		else if (len > 1)
219 			c = crc >> 8;
220 		else if (len > 0)
221 			c = crc & 0xff;
222 
223 		len--;
224 
225 		switch (c) {
226 		case END:
227 			*ptr++ = ESC;
228 			*ptr++ = ESC_END;
229 			break;
230 		case ESC:
231 			*ptr++ = ESC;
232 			*ptr++ = ESC_ESC;
233 			break;
234 		default:
235 			*ptr++ = c;
236 			break;
237 		}
238 	}
239 	*ptr++ = END;
240 
241 	return ptr - d;
242 }
243 
244 /* Send one completely decapsulated AX.25 packet to the AX.25 layer. */
245 static void ax_bump(struct mkiss *ax)
246 {
247 	struct sk_buff *skb;
248 	int count;
249 
250 	spin_lock_bh(&ax->buflock);
251 	if (ax->rbuff[0] > 0x0f) {
252 		if (ax->rbuff[0] & 0x80) {
253 			if (check_crc_16(ax->rbuff, ax->rcount) < 0) {
254 				ax->dev->stats.rx_errors++;
255 				spin_unlock_bh(&ax->buflock);
256 
257 				return;
258 			}
259 			if (ax->crcmode != CRC_MODE_SMACK && ax->crcauto) {
260 				printk(KERN_INFO
261 				       "mkiss: %s: Switching to crc-smack\n",
262 				       ax->dev->name);
263 				ax->crcmode = CRC_MODE_SMACK;
264 			}
265 			ax->rcount -= 2;
266 			*ax->rbuff &= ~0x80;
267 		} else if (ax->rbuff[0] & 0x20)  {
268 			if (check_crc_flex(ax->rbuff, ax->rcount) < 0) {
269 				ax->dev->stats.rx_errors++;
270 				spin_unlock_bh(&ax->buflock);
271 				return;
272 			}
273 			if (ax->crcmode != CRC_MODE_FLEX && ax->crcauto) {
274 				printk(KERN_INFO
275 				       "mkiss: %s: Switching to crc-flexnet\n",
276 				       ax->dev->name);
277 				ax->crcmode = CRC_MODE_FLEX;
278 			}
279 			ax->rcount -= 2;
280 
281 			/*
282 			 * dl9sau bugfix: the trailling two bytes flexnet crc
283 			 * will not be passed to the kernel. thus we have to
284 			 * correct the kissparm signature, because it indicates
285 			 * a crc but there's none
286 			 */
287 			*ax->rbuff &= ~0x20;
288 		}
289  	}
290 
291 	count = ax->rcount;
292 
293 	if ((skb = dev_alloc_skb(count)) == NULL) {
294 		printk(KERN_ERR "mkiss: %s: memory squeeze, dropping packet.\n",
295 		       ax->dev->name);
296 		ax->dev->stats.rx_dropped++;
297 		spin_unlock_bh(&ax->buflock);
298 		return;
299 	}
300 
301 	memcpy(skb_put(skb,count), ax->rbuff, count);
302 	skb->protocol = ax25_type_trans(skb, ax->dev);
303 	netif_rx(skb);
304 	ax->dev->stats.rx_packets++;
305 	ax->dev->stats.rx_bytes += count;
306 	spin_unlock_bh(&ax->buflock);
307 }
308 
309 static void kiss_unesc(struct mkiss *ax, unsigned char s)
310 {
311 	switch (s) {
312 	case END:
313 		/* drop keeptest bit = VSV */
314 		if (test_bit(AXF_KEEPTEST, &ax->flags))
315 			clear_bit(AXF_KEEPTEST, &ax->flags);
316 
317 		if (!test_and_clear_bit(AXF_ERROR, &ax->flags) && (ax->rcount > 2))
318 			ax_bump(ax);
319 
320 		clear_bit(AXF_ESCAPE, &ax->flags);
321 		ax->rcount = 0;
322 		return;
323 
324 	case ESC:
325 		set_bit(AXF_ESCAPE, &ax->flags);
326 		return;
327 	case ESC_ESC:
328 		if (test_and_clear_bit(AXF_ESCAPE, &ax->flags))
329 			s = ESC;
330 		break;
331 	case ESC_END:
332 		if (test_and_clear_bit(AXF_ESCAPE, &ax->flags))
333 			s = END;
334 		break;
335 	}
336 
337 	spin_lock_bh(&ax->buflock);
338 	if (!test_bit(AXF_ERROR, &ax->flags)) {
339 		if (ax->rcount < ax->buffsize) {
340 			ax->rbuff[ax->rcount++] = s;
341 			spin_unlock_bh(&ax->buflock);
342 			return;
343 		}
344 
345 		ax->dev->stats.rx_over_errors++;
346 		set_bit(AXF_ERROR, &ax->flags);
347 	}
348 	spin_unlock_bh(&ax->buflock);
349 }
350 
351 static int ax_set_mac_address(struct net_device *dev, void *addr)
352 {
353 	struct sockaddr_ax25 *sa = addr;
354 
355 	netif_tx_lock_bh(dev);
356 	netif_addr_lock(dev);
357 	memcpy(dev->dev_addr, &sa->sax25_call, AX25_ADDR_LEN);
358 	netif_addr_unlock(dev);
359 	netif_tx_unlock_bh(dev);
360 
361 	return 0;
362 }
363 
364 /*---------------------------------------------------------------------------*/
365 
366 static void ax_changedmtu(struct mkiss *ax)
367 {
368 	struct net_device *dev = ax->dev;
369 	unsigned char *xbuff, *rbuff, *oxbuff, *orbuff;
370 	int len;
371 
372 	len = dev->mtu * 2;
373 
374 	/*
375 	 * allow for arrival of larger UDP packets, even if we say not to
376 	 * also fixes a bug in which SunOS sends 512-byte packets even with
377 	 * an MSS of 128
378 	 */
379 	if (len < 576 * 2)
380 		len = 576 * 2;
381 
382 	xbuff = kmalloc(len + 4, GFP_ATOMIC);
383 	rbuff = kmalloc(len + 4, GFP_ATOMIC);
384 
385 	if (xbuff == NULL || rbuff == NULL)  {
386 		printk(KERN_ERR "mkiss: %s: unable to grow ax25 buffers, "
387 		       "MTU change cancelled.\n",
388 		       ax->dev->name);
389 		dev->mtu = ax->mtu;
390 		kfree(xbuff);
391 		kfree(rbuff);
392 		return;
393 	}
394 
395 	spin_lock_bh(&ax->buflock);
396 
397 	oxbuff    = ax->xbuff;
398 	ax->xbuff = xbuff;
399 	orbuff    = ax->rbuff;
400 	ax->rbuff = rbuff;
401 
402 	if (ax->xleft) {
403 		if (ax->xleft <= len) {
404 			memcpy(ax->xbuff, ax->xhead, ax->xleft);
405 		} else  {
406 			ax->xleft = 0;
407 			dev->stats.tx_dropped++;
408 		}
409 	}
410 
411 	ax->xhead = ax->xbuff;
412 
413 	if (ax->rcount) {
414 		if (ax->rcount <= len) {
415 			memcpy(ax->rbuff, orbuff, ax->rcount);
416 		} else  {
417 			ax->rcount = 0;
418 			dev->stats.rx_over_errors++;
419 			set_bit(AXF_ERROR, &ax->flags);
420 		}
421 	}
422 
423 	ax->mtu      = dev->mtu + 73;
424 	ax->buffsize = len;
425 
426 	spin_unlock_bh(&ax->buflock);
427 
428 	kfree(oxbuff);
429 	kfree(orbuff);
430 }
431 
432 /* Encapsulate one AX.25 packet and stuff into a TTY queue. */
433 static void ax_encaps(struct net_device *dev, unsigned char *icp, int len)
434 {
435 	struct mkiss *ax = netdev_priv(dev);
436 	unsigned char *p;
437 	int actual, count;
438 
439 	if (ax->mtu != ax->dev->mtu + 73)	/* Someone has been ifconfigging */
440 		ax_changedmtu(ax);
441 
442 	if (len > ax->mtu) {		/* Sigh, shouldn't occur BUT ... */
443 		len = ax->mtu;
444 		printk(KERN_ERR "mkiss: %s: truncating oversized transmit packet!\n", ax->dev->name);
445 		dev->stats.tx_dropped++;
446 		netif_start_queue(dev);
447 		return;
448 	}
449 
450 	p = icp;
451 
452 	spin_lock_bh(&ax->buflock);
453 	if ((*p & 0x0f) != 0) {
454 		/* Configuration Command (kissparms(1).
455 		 * Protocol spec says: never append CRC.
456 		 * This fixes a very old bug in the linux
457 		 * kiss driver. -- dl9sau */
458 		switch (*p & 0xff) {
459 		case 0x85:
460 			/* command from userspace especially for us,
461 			 * not for delivery to the tnc */
462 			if (len > 1) {
463 				int cmd = (p[1] & 0xff);
464 				switch(cmd) {
465 				case 3:
466 				  ax->crcmode = CRC_MODE_SMACK;
467 				  break;
468 				case 2:
469 				  ax->crcmode = CRC_MODE_FLEX;
470 				  break;
471 				case 1:
472 				  ax->crcmode = CRC_MODE_NONE;
473 				  break;
474 				case 0:
475 				default:
476 				  ax->crcmode = CRC_MODE_SMACK_TEST;
477 				  cmd = 0;
478 				}
479 				ax->crcauto = (cmd ? 0 : 1);
480 				printk(KERN_INFO "mkiss: %s: crc mode %s %d\n", ax->dev->name, (len) ? "set to" : "is", cmd);
481 			}
482 			spin_unlock_bh(&ax->buflock);
483 			netif_start_queue(dev);
484 
485 			return;
486 		default:
487 			count = kiss_esc(p, ax->xbuff, len);
488 		}
489 	} else {
490 		unsigned short crc;
491 		switch (ax->crcmode) {
492 		case CRC_MODE_SMACK_TEST:
493 			ax->crcmode  = CRC_MODE_FLEX_TEST;
494 			printk(KERN_INFO "mkiss: %s: Trying crc-smack\n", ax->dev->name);
495 			// fall through
496 		case CRC_MODE_SMACK:
497 			*p |= 0x80;
498 			crc = swab16(crc16(0, p, len));
499 			count = kiss_esc_crc(p, ax->xbuff, crc, len+2);
500 			break;
501 		case CRC_MODE_FLEX_TEST:
502 			ax->crcmode = CRC_MODE_NONE;
503 			printk(KERN_INFO "mkiss: %s: Trying crc-flexnet\n", ax->dev->name);
504 			// fall through
505 		case CRC_MODE_FLEX:
506 			*p |= 0x20;
507 			crc = calc_crc_flex(p, len);
508 			count = kiss_esc_crc(p, ax->xbuff, crc, len+2);
509 			break;
510 
511 		default:
512 			count = kiss_esc(p, ax->xbuff, len);
513 		}
514   	}
515 	spin_unlock_bh(&ax->buflock);
516 
517 	set_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags);
518 	actual = ax->tty->ops->write(ax->tty, ax->xbuff, count);
519 	dev->stats.tx_packets++;
520 	dev->stats.tx_bytes += actual;
521 
522 	ax->dev->trans_start = jiffies;
523 	ax->xleft = count - actual;
524 	ax->xhead = ax->xbuff + actual;
525 }
526 
527 /* Encapsulate an AX.25 packet and kick it into a TTY queue. */
528 static netdev_tx_t ax_xmit(struct sk_buff *skb, struct net_device *dev)
529 {
530 	struct mkiss *ax = netdev_priv(dev);
531 
532 	if (!netif_running(dev))  {
533 		printk(KERN_ERR "mkiss: %s: xmit call when iface is down\n", dev->name);
534 		return NETDEV_TX_BUSY;
535 	}
536 
537 	if (netif_queue_stopped(dev)) {
538 		/*
539 		 * May be we must check transmitter timeout here ?
540 		 *      14 Oct 1994 Dmitry Gorodchanin.
541 		 */
542 		if (time_before(jiffies, dev->trans_start + 20 * HZ)) {
543 			/* 20 sec timeout not reached */
544 			return NETDEV_TX_BUSY;
545 		}
546 
547 		printk(KERN_ERR "mkiss: %s: transmit timed out, %s?\n", dev->name,
548 		       (tty_chars_in_buffer(ax->tty) || ax->xleft) ?
549 		       "bad line quality" : "driver error");
550 
551 		ax->xleft = 0;
552 		clear_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags);
553 		netif_start_queue(dev);
554 	}
555 
556 	/* We were not busy, so we are now... :-) */
557 	if (skb != NULL) {
558 		netif_stop_queue(dev);
559 		ax_encaps(dev, skb->data, skb->len);
560 		kfree_skb(skb);
561 	}
562 
563 	return NETDEV_TX_OK;
564 }
565 
566 static int ax_open_dev(struct net_device *dev)
567 {
568 	struct mkiss *ax = netdev_priv(dev);
569 
570 	if (ax->tty == NULL)
571 		return -ENODEV;
572 
573 	return 0;
574 }
575 
576 #if defined(CONFIG_AX25) || defined(CONFIG_AX25_MODULE)
577 
578 /* Return the frame type ID */
579 static int ax_header(struct sk_buff *skb, struct net_device *dev,
580 		     unsigned short type, const void *daddr,
581 		     const void *saddr, unsigned len)
582 {
583 #ifdef CONFIG_INET
584 	if (type != ETH_P_AX25)
585 		return ax25_hard_header(skb, dev, type, daddr, saddr, len);
586 #endif
587 	return 0;
588 }
589 
590 
591 static int ax_rebuild_header(struct sk_buff *skb)
592 {
593 #ifdef CONFIG_INET
594 	return ax25_rebuild_header(skb);
595 #else
596 	return 0;
597 #endif
598 }
599 
600 #endif	/* CONFIG_{AX25,AX25_MODULE} */
601 
602 /* Open the low-level part of the AX25 channel. Easy! */
603 static int ax_open(struct net_device *dev)
604 {
605 	struct mkiss *ax = netdev_priv(dev);
606 	unsigned long len;
607 
608 	if (ax->tty == NULL)
609 		return -ENODEV;
610 
611 	/*
612 	 * Allocate the frame buffers:
613 	 *
614 	 * rbuff	Receive buffer.
615 	 * xbuff	Transmit buffer.
616 	 */
617 	len = dev->mtu * 2;
618 
619 	/*
620 	 * allow for arrival of larger UDP packets, even if we say not to
621 	 * also fixes a bug in which SunOS sends 512-byte packets even with
622 	 * an MSS of 128
623 	 */
624 	if (len < 576 * 2)
625 		len = 576 * 2;
626 
627 	if ((ax->rbuff = kmalloc(len + 4, GFP_KERNEL)) == NULL)
628 		goto norbuff;
629 
630 	if ((ax->xbuff = kmalloc(len + 4, GFP_KERNEL)) == NULL)
631 		goto noxbuff;
632 
633 	ax->mtu	     = dev->mtu + 73;
634 	ax->buffsize = len;
635 	ax->rcount   = 0;
636 	ax->xleft    = 0;
637 
638 	ax->flags   &= (1 << AXF_INUSE);      /* Clear ESCAPE & ERROR flags */
639 
640 	spin_lock_init(&ax->buflock);
641 
642 	return 0;
643 
644 noxbuff:
645 	kfree(ax->rbuff);
646 
647 norbuff:
648 	return -ENOMEM;
649 }
650 
651 
652 /* Close the low-level part of the AX25 channel. Easy! */
653 static int ax_close(struct net_device *dev)
654 {
655 	struct mkiss *ax = netdev_priv(dev);
656 
657 	if (ax->tty)
658 		clear_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags);
659 
660 	netif_stop_queue(dev);
661 
662 	return 0;
663 }
664 
665 static const struct header_ops ax_header_ops = {
666 	.create    = ax_header,
667 	.rebuild   = ax_rebuild_header,
668 };
669 
670 static const struct net_device_ops ax_netdev_ops = {
671 	.ndo_open            = ax_open_dev,
672 	.ndo_stop            = ax_close,
673 	.ndo_start_xmit	     = ax_xmit,
674 	.ndo_set_mac_address = ax_set_mac_address,
675 };
676 
677 static void ax_setup(struct net_device *dev)
678 {
679 	/* Finish setting up the DEVICE info. */
680 	dev->mtu             = AX_MTU;
681 	dev->hard_header_len = 0;
682 	dev->addr_len        = 0;
683 	dev->type            = ARPHRD_AX25;
684 	dev->tx_queue_len    = 10;
685 	dev->header_ops      = &ax_header_ops;
686 	dev->netdev_ops	     = &ax_netdev_ops;
687 
688 
689 	memcpy(dev->broadcast, &ax25_bcast, AX25_ADDR_LEN);
690 	memcpy(dev->dev_addr,  &ax25_defaddr,  AX25_ADDR_LEN);
691 
692 	dev->flags      = IFF_BROADCAST | IFF_MULTICAST;
693 }
694 
695 /*
696  * We have a potential race on dereferencing tty->disc_data, because the tty
697  * layer provides no locking at all - thus one cpu could be running
698  * sixpack_receive_buf while another calls sixpack_close, which zeroes
699  * tty->disc_data and frees the memory that sixpack_receive_buf is using.  The
700  * best way to fix this is to use a rwlock in the tty struct, but for now we
701  * use a single global rwlock for all ttys in ppp line discipline.
702  */
703 static DEFINE_RWLOCK(disc_data_lock);
704 
705 static struct mkiss *mkiss_get(struct tty_struct *tty)
706 {
707 	struct mkiss *ax;
708 
709 	read_lock(&disc_data_lock);
710 	ax = tty->disc_data;
711 	if (ax)
712 		atomic_inc(&ax->refcnt);
713 	read_unlock(&disc_data_lock);
714 
715 	return ax;
716 }
717 
718 static void mkiss_put(struct mkiss *ax)
719 {
720 	if (atomic_dec_and_test(&ax->refcnt))
721 		up(&ax->dead_sem);
722 }
723 
724 static int crc_force = 0;	/* Can be overridden with insmod */
725 
726 static int mkiss_open(struct tty_struct *tty)
727 {
728 	struct net_device *dev;
729 	struct mkiss *ax;
730 	int err;
731 
732 	if (!capable(CAP_NET_ADMIN))
733 		return -EPERM;
734 	if (tty->ops->write == NULL)
735 		return -EOPNOTSUPP;
736 
737 	dev = alloc_netdev(sizeof(struct mkiss), "ax%d", ax_setup);
738 	if (!dev) {
739 		err = -ENOMEM;
740 		goto out;
741 	}
742 
743 	ax = netdev_priv(dev);
744 	ax->dev = dev;
745 
746 	spin_lock_init(&ax->buflock);
747 	atomic_set(&ax->refcnt, 1);
748 	sema_init(&ax->dead_sem, 0);
749 
750 	ax->tty = tty;
751 	tty->disc_data = ax;
752 	tty->receive_room = 65535;
753 
754 	tty_driver_flush_buffer(tty);
755 
756 	/* Restore default settings */
757 	dev->type = ARPHRD_AX25;
758 
759 	/* Perform the low-level AX25 initialization. */
760 	if ((err = ax_open(ax->dev))) {
761 		goto out_free_netdev;
762 	}
763 
764 	if (register_netdev(dev))
765 		goto out_free_buffers;
766 
767 	/* after register_netdev() - because else printk smashes the kernel */
768 	switch (crc_force) {
769 	case 3:
770 		ax->crcmode  = CRC_MODE_SMACK;
771 		printk(KERN_INFO "mkiss: %s: crc mode smack forced.\n",
772 		       ax->dev->name);
773 		break;
774 	case 2:
775 		ax->crcmode  = CRC_MODE_FLEX;
776 		printk(KERN_INFO "mkiss: %s: crc mode flexnet forced.\n",
777 		       ax->dev->name);
778 		break;
779 	case 1:
780 		ax->crcmode  = CRC_MODE_NONE;
781 		printk(KERN_INFO "mkiss: %s: crc mode disabled.\n",
782 		       ax->dev->name);
783 		break;
784 	case 0:
785 		/* fall through */
786 	default:
787 		crc_force = 0;
788 		printk(KERN_INFO "mkiss: %s: crc mode is auto.\n",
789 		       ax->dev->name);
790 		ax->crcmode  = CRC_MODE_SMACK_TEST;
791 	}
792 	ax->crcauto = (crc_force ? 0 : 1);
793 
794 	netif_start_queue(dev);
795 
796 	/* Done.  We have linked the TTY line to a channel. */
797 	return 0;
798 
799 out_free_buffers:
800 	kfree(ax->rbuff);
801 	kfree(ax->xbuff);
802 
803 out_free_netdev:
804 	free_netdev(dev);
805 
806 out:
807 	return err;
808 }
809 
810 static void mkiss_close(struct tty_struct *tty)
811 {
812 	struct mkiss *ax;
813 
814 	write_lock_bh(&disc_data_lock);
815 	ax = tty->disc_data;
816 	tty->disc_data = NULL;
817 	write_unlock_bh(&disc_data_lock);
818 
819 	if (!ax)
820 		return;
821 
822 	/*
823 	 * We have now ensured that nobody can start using ap from now on, but
824 	 * we have to wait for all existing users to finish.
825 	 */
826 	if (!atomic_dec_and_test(&ax->refcnt))
827 		down(&ax->dead_sem);
828 
829 	unregister_netdev(ax->dev);
830 
831 	/* Free all AX25 frame buffers. */
832 	kfree(ax->rbuff);
833 	kfree(ax->xbuff);
834 
835 	ax->tty = NULL;
836 }
837 
838 /* Perform I/O control on an active ax25 channel. */
839 static int mkiss_ioctl(struct tty_struct *tty, struct file *file,
840 	unsigned int cmd, unsigned long arg)
841 {
842 	struct mkiss *ax = mkiss_get(tty);
843 	struct net_device *dev;
844 	unsigned int tmp, err;
845 
846 	/* First make sure we're connected. */
847 	if (ax == NULL)
848 		return -ENXIO;
849 	dev = ax->dev;
850 
851 	switch (cmd) {
852  	case SIOCGIFNAME:
853 		err = copy_to_user((void __user *) arg, ax->dev->name,
854 		                   strlen(ax->dev->name) + 1) ? -EFAULT : 0;
855 		break;
856 
857 	case SIOCGIFENCAP:
858 		err = put_user(4, (int __user *) arg);
859 		break;
860 
861 	case SIOCSIFENCAP:
862 		if (get_user(tmp, (int __user *) arg)) {
863 			err = -EFAULT;
864 			break;
865 		}
866 
867 		ax->mode = tmp;
868 		dev->addr_len        = AX25_ADDR_LEN;
869 		dev->hard_header_len = AX25_KISS_HEADER_LEN +
870 		                       AX25_MAX_HEADER_LEN + 3;
871 		dev->type            = ARPHRD_AX25;
872 
873 		err = 0;
874 		break;
875 
876 	case SIOCSIFHWADDR: {
877 		char addr[AX25_ADDR_LEN];
878 
879 		if (copy_from_user(&addr,
880 		                   (void __user *) arg, AX25_ADDR_LEN)) {
881 			err = -EFAULT;
882 			break;
883 		}
884 
885 		netif_tx_lock_bh(dev);
886 		memcpy(dev->dev_addr, addr, AX25_ADDR_LEN);
887 		netif_tx_unlock_bh(dev);
888 
889 		err = 0;
890 		break;
891 	}
892 	default:
893 		err = -ENOIOCTLCMD;
894 	}
895 
896 	mkiss_put(ax);
897 
898 	return err;
899 }
900 
901 #ifdef CONFIG_COMPAT
902 static long mkiss_compat_ioctl(struct tty_struct *tty, struct file *file,
903 	unsigned int cmd, unsigned long arg)
904 {
905 	switch (cmd) {
906 	case SIOCGIFNAME:
907 	case SIOCGIFENCAP:
908 	case SIOCSIFENCAP:
909 	case SIOCSIFHWADDR:
910 		return mkiss_ioctl(tty, file, cmd,
911 				   (unsigned long)compat_ptr(arg));
912 	}
913 
914 	return -ENOIOCTLCMD;
915 }
916 #endif
917 
918 /*
919  * Handle the 'receiver data ready' interrupt.
920  * This function is called by the 'tty_io' module in the kernel when
921  * a block of data has been received, which can now be decapsulated
922  * and sent on to the AX.25 layer for further processing.
923  */
924 static void mkiss_receive_buf(struct tty_struct *tty, const unsigned char *cp,
925 	char *fp, int count)
926 {
927 	struct mkiss *ax = mkiss_get(tty);
928 
929 	if (!ax)
930 		return;
931 
932 	/*
933 	 * Argh! mtu change time! - costs us the packet part received
934 	 * at the change
935 	 */
936 	if (ax->mtu != ax->dev->mtu + 73)
937 		ax_changedmtu(ax);
938 
939 	/* Read the characters out of the buffer */
940 	while (count--) {
941 		if (fp != NULL && *fp++) {
942 			if (!test_and_set_bit(AXF_ERROR, &ax->flags))
943 				ax->dev->stats.rx_errors++;
944 			cp++;
945 			continue;
946 		}
947 
948 		kiss_unesc(ax, *cp++);
949 	}
950 
951 	mkiss_put(ax);
952 	tty_unthrottle(tty);
953 }
954 
955 /*
956  * Called by the driver when there's room for more data.  If we have
957  * more packets to send, we send them here.
958  */
959 static void mkiss_write_wakeup(struct tty_struct *tty)
960 {
961 	struct mkiss *ax = mkiss_get(tty);
962 	int actual;
963 
964 	if (!ax)
965 		return;
966 
967 	if (ax->xleft <= 0)  {
968 		/* Now serial buffer is almost free & we can start
969 		 * transmission of another packet
970 		 */
971 		clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
972 
973 		netif_wake_queue(ax->dev);
974 		goto out;
975 	}
976 
977 	actual = tty->ops->write(tty, ax->xhead, ax->xleft);
978 	ax->xleft -= actual;
979 	ax->xhead += actual;
980 
981 out:
982 	mkiss_put(ax);
983 }
984 
985 static struct tty_ldisc_ops ax_ldisc = {
986 	.owner		= THIS_MODULE,
987 	.magic		= TTY_LDISC_MAGIC,
988 	.name		= "mkiss",
989 	.open		= mkiss_open,
990 	.close		= mkiss_close,
991 	.ioctl		= mkiss_ioctl,
992 #ifdef CONFIG_COMPAT
993 	.compat_ioctl	= mkiss_compat_ioctl,
994 #endif
995 	.receive_buf	= mkiss_receive_buf,
996 	.write_wakeup	= mkiss_write_wakeup
997 };
998 
999 static const char banner[] __initconst = KERN_INFO \
1000 	"mkiss: AX.25 Multikiss, Hans Albas PE1AYX\n";
1001 static const char msg_regfail[] __initconst = KERN_ERR \
1002 	"mkiss: can't register line discipline (err = %d)\n";
1003 
1004 static int __init mkiss_init_driver(void)
1005 {
1006 	int status;
1007 
1008 	printk(banner);
1009 
1010 	status = tty_register_ldisc(N_AX25, &ax_ldisc);
1011 	if (status != 0)
1012 		printk(msg_regfail, status);
1013 
1014 	return status;
1015 }
1016 
1017 static const char msg_unregfail[] = KERN_ERR \
1018 	"mkiss: can't unregister line discipline (err = %d)\n";
1019 
1020 static void __exit mkiss_exit_driver(void)
1021 {
1022 	int ret;
1023 
1024 	if ((ret = tty_unregister_ldisc(N_AX25)))
1025 		printk(msg_unregfail, ret);
1026 }
1027 
1028 MODULE_AUTHOR("Ralf Baechle DL5RB <ralf@linux-mips.org>");
1029 MODULE_DESCRIPTION("KISS driver for AX.25 over TTYs");
1030 module_param(crc_force, int, 0);
1031 MODULE_PARM_DESC(crc_force, "crc [0 = auto | 1 = none | 2 = flexnet | 3 = smack]");
1032 MODULE_LICENSE("GPL");
1033 MODULE_ALIAS_LDISC(N_AX25);
1034 
1035 module_init(mkiss_init_driver);
1036 module_exit(mkiss_exit_driver);
1037