1 /* 2 * This program is free software; you can distribute it and/or modify it 3 * under the terms of the GNU General Public License (Version 2) as 4 * published by the Free Software Foundation. 5 * 6 * This program is distributed in the hope it will be useful, but WITHOUT 7 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 8 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 9 * for more details. 10 * 11 * You should have received a copy of the GNU General Public License along 12 * with this program; if not, see <http://www.gnu.org/licenses/>. 13 * 14 * Copyright (C) Hans Alblas PE1AYX <hans@esrac.ele.tue.nl> 15 * Copyright (C) 2004, 05 Ralf Baechle DL5RB <ralf@linux-mips.org> 16 * Copyright (C) 2004, 05 Thomas Osterried DL9SAU <thomas@x-berg.in-berlin.de> 17 */ 18 #include <linux/module.h> 19 #include <linux/bitops.h> 20 #include <linux/uaccess.h> 21 #include <linux/crc16.h> 22 #include <linux/string.h> 23 #include <linux/mm.h> 24 #include <linux/interrupt.h> 25 #include <linux/in.h> 26 #include <linux/inet.h> 27 #include <linux/slab.h> 28 #include <linux/tty.h> 29 #include <linux/errno.h> 30 #include <linux/netdevice.h> 31 #include <linux/major.h> 32 #include <linux/init.h> 33 #include <linux/rtnetlink.h> 34 #include <linux/etherdevice.h> 35 #include <linux/skbuff.h> 36 #include <linux/if_arp.h> 37 #include <linux/jiffies.h> 38 39 #include <net/ax25.h> 40 41 #define AX_MTU 236 42 43 /* SLIP/KISS protocol characters. */ 44 #define END 0300 /* indicates end of frame */ 45 #define ESC 0333 /* indicates byte stuffing */ 46 #define ESC_END 0334 /* ESC ESC_END means END 'data' */ 47 #define ESC_ESC 0335 /* ESC ESC_ESC means ESC 'data' */ 48 49 struct mkiss { 50 struct tty_struct *tty; /* ptr to TTY structure */ 51 struct net_device *dev; /* easy for intr handling */ 52 53 /* These are pointers to the malloc()ed frame buffers. */ 54 spinlock_t buflock;/* lock for rbuf and xbuf */ 55 unsigned char *rbuff; /* receiver buffer */ 56 int rcount; /* received chars counter */ 57 unsigned char *xbuff; /* transmitter buffer */ 58 unsigned char *xhead; /* pointer to next byte to XMIT */ 59 int xleft; /* bytes left in XMIT queue */ 60 61 /* Detailed SLIP statistics. */ 62 int mtu; /* Our mtu (to spot changes!) */ 63 int buffsize; /* Max buffers sizes */ 64 65 unsigned long flags; /* Flag values/ mode etc */ 66 /* long req'd: used by set_bit --RR */ 67 #define AXF_INUSE 0 /* Channel in use */ 68 #define AXF_ESCAPE 1 /* ESC received */ 69 #define AXF_ERROR 2 /* Parity, etc. error */ 70 #define AXF_KEEPTEST 3 /* Keepalive test flag */ 71 #define AXF_OUTWAIT 4 /* is outpacket was flag */ 72 73 int mode; 74 int crcmode; /* MW: for FlexNet, SMACK etc. */ 75 int crcauto; /* CRC auto mode */ 76 77 #define CRC_MODE_NONE 0 78 #define CRC_MODE_FLEX 1 79 #define CRC_MODE_SMACK 2 80 #define CRC_MODE_FLEX_TEST 3 81 #define CRC_MODE_SMACK_TEST 4 82 83 atomic_t refcnt; 84 struct completion dead; 85 }; 86 87 /*---------------------------------------------------------------------------*/ 88 89 static const unsigned short crc_flex_table[] = { 90 0x0f87, 0x1e0e, 0x2c95, 0x3d1c, 0x49a3, 0x582a, 0x6ab1, 0x7b38, 91 0x83cf, 0x9246, 0xa0dd, 0xb154, 0xc5eb, 0xd462, 0xe6f9, 0xf770, 92 0x1f06, 0x0e8f, 0x3c14, 0x2d9d, 0x5922, 0x48ab, 0x7a30, 0x6bb9, 93 0x934e, 0x82c7, 0xb05c, 0xa1d5, 0xd56a, 0xc4e3, 0xf678, 0xe7f1, 94 0x2e85, 0x3f0c, 0x0d97, 0x1c1e, 0x68a1, 0x7928, 0x4bb3, 0x5a3a, 95 0xa2cd, 0xb344, 0x81df, 0x9056, 0xe4e9, 0xf560, 0xc7fb, 0xd672, 96 0x3e04, 0x2f8d, 0x1d16, 0x0c9f, 0x7820, 0x69a9, 0x5b32, 0x4abb, 97 0xb24c, 0xa3c5, 0x915e, 0x80d7, 0xf468, 0xe5e1, 0xd77a, 0xc6f3, 98 0x4d83, 0x5c0a, 0x6e91, 0x7f18, 0x0ba7, 0x1a2e, 0x28b5, 0x393c, 99 0xc1cb, 0xd042, 0xe2d9, 0xf350, 0x87ef, 0x9666, 0xa4fd, 0xb574, 100 0x5d02, 0x4c8b, 0x7e10, 0x6f99, 0x1b26, 0x0aaf, 0x3834, 0x29bd, 101 0xd14a, 0xc0c3, 0xf258, 0xe3d1, 0x976e, 0x86e7, 0xb47c, 0xa5f5, 102 0x6c81, 0x7d08, 0x4f93, 0x5e1a, 0x2aa5, 0x3b2c, 0x09b7, 0x183e, 103 0xe0c9, 0xf140, 0xc3db, 0xd252, 0xa6ed, 0xb764, 0x85ff, 0x9476, 104 0x7c00, 0x6d89, 0x5f12, 0x4e9b, 0x3a24, 0x2bad, 0x1936, 0x08bf, 105 0xf048, 0xe1c1, 0xd35a, 0xc2d3, 0xb66c, 0xa7e5, 0x957e, 0x84f7, 106 0x8b8f, 0x9a06, 0xa89d, 0xb914, 0xcdab, 0xdc22, 0xeeb9, 0xff30, 107 0x07c7, 0x164e, 0x24d5, 0x355c, 0x41e3, 0x506a, 0x62f1, 0x7378, 108 0x9b0e, 0x8a87, 0xb81c, 0xa995, 0xdd2a, 0xcca3, 0xfe38, 0xefb1, 109 0x1746, 0x06cf, 0x3454, 0x25dd, 0x5162, 0x40eb, 0x7270, 0x63f9, 110 0xaa8d, 0xbb04, 0x899f, 0x9816, 0xeca9, 0xfd20, 0xcfbb, 0xde32, 111 0x26c5, 0x374c, 0x05d7, 0x145e, 0x60e1, 0x7168, 0x43f3, 0x527a, 112 0xba0c, 0xab85, 0x991e, 0x8897, 0xfc28, 0xeda1, 0xdf3a, 0xceb3, 113 0x3644, 0x27cd, 0x1556, 0x04df, 0x7060, 0x61e9, 0x5372, 0x42fb, 114 0xc98b, 0xd802, 0xea99, 0xfb10, 0x8faf, 0x9e26, 0xacbd, 0xbd34, 115 0x45c3, 0x544a, 0x66d1, 0x7758, 0x03e7, 0x126e, 0x20f5, 0x317c, 116 0xd90a, 0xc883, 0xfa18, 0xeb91, 0x9f2e, 0x8ea7, 0xbc3c, 0xadb5, 117 0x5542, 0x44cb, 0x7650, 0x67d9, 0x1366, 0x02ef, 0x3074, 0x21fd, 118 0xe889, 0xf900, 0xcb9b, 0xda12, 0xaead, 0xbf24, 0x8dbf, 0x9c36, 119 0x64c1, 0x7548, 0x47d3, 0x565a, 0x22e5, 0x336c, 0x01f7, 0x107e, 120 0xf808, 0xe981, 0xdb1a, 0xca93, 0xbe2c, 0xafa5, 0x9d3e, 0x8cb7, 121 0x7440, 0x65c9, 0x5752, 0x46db, 0x3264, 0x23ed, 0x1176, 0x00ff 122 }; 123 124 static unsigned short calc_crc_flex(unsigned char *cp, int size) 125 { 126 unsigned short crc = 0xffff; 127 128 while (size--) 129 crc = (crc << 8) ^ crc_flex_table[((crc >> 8) ^ *cp++) & 0xff]; 130 131 return crc; 132 } 133 134 static int check_crc_flex(unsigned char *cp, int size) 135 { 136 unsigned short crc = 0xffff; 137 138 if (size < 3) 139 return -1; 140 141 while (size--) 142 crc = (crc << 8) ^ crc_flex_table[((crc >> 8) ^ *cp++) & 0xff]; 143 144 if ((crc & 0xffff) != 0x7070) 145 return -1; 146 147 return 0; 148 } 149 150 static int check_crc_16(unsigned char *cp, int size) 151 { 152 unsigned short crc = 0x0000; 153 154 if (size < 3) 155 return -1; 156 157 crc = crc16(0, cp, size); 158 159 if (crc != 0x0000) 160 return -1; 161 162 return 0; 163 } 164 165 /* 166 * Standard encapsulation 167 */ 168 169 static int kiss_esc(unsigned char *s, unsigned char *d, int len) 170 { 171 unsigned char *ptr = d; 172 unsigned char c; 173 174 /* 175 * Send an initial END character to flush out any data that may have 176 * accumulated in the receiver due to line noise. 177 */ 178 179 *ptr++ = END; 180 181 while (len-- > 0) { 182 switch (c = *s++) { 183 case END: 184 *ptr++ = ESC; 185 *ptr++ = ESC_END; 186 break; 187 case ESC: 188 *ptr++ = ESC; 189 *ptr++ = ESC_ESC; 190 break; 191 default: 192 *ptr++ = c; 193 break; 194 } 195 } 196 197 *ptr++ = END; 198 199 return ptr - d; 200 } 201 202 /* 203 * MW: 204 * OK its ugly, but tell me a better solution without copying the 205 * packet to a temporary buffer :-) 206 */ 207 static int kiss_esc_crc(unsigned char *s, unsigned char *d, unsigned short crc, 208 int len) 209 { 210 unsigned char *ptr = d; 211 unsigned char c=0; 212 213 *ptr++ = END; 214 while (len > 0) { 215 if (len > 2) 216 c = *s++; 217 else if (len > 1) 218 c = crc >> 8; 219 else 220 c = crc & 0xff; 221 222 len--; 223 224 switch (c) { 225 case END: 226 *ptr++ = ESC; 227 *ptr++ = ESC_END; 228 break; 229 case ESC: 230 *ptr++ = ESC; 231 *ptr++ = ESC_ESC; 232 break; 233 default: 234 *ptr++ = c; 235 break; 236 } 237 } 238 *ptr++ = END; 239 240 return ptr - d; 241 } 242 243 /* Send one completely decapsulated AX.25 packet to the AX.25 layer. */ 244 static void ax_bump(struct mkiss *ax) 245 { 246 struct sk_buff *skb; 247 int count; 248 249 spin_lock_bh(&ax->buflock); 250 if (ax->rbuff[0] > 0x0f) { 251 if (ax->rbuff[0] & 0x80) { 252 if (check_crc_16(ax->rbuff, ax->rcount) < 0) { 253 ax->dev->stats.rx_errors++; 254 spin_unlock_bh(&ax->buflock); 255 256 return; 257 } 258 if (ax->crcmode != CRC_MODE_SMACK && ax->crcauto) { 259 printk(KERN_INFO 260 "mkiss: %s: Switching to crc-smack\n", 261 ax->dev->name); 262 ax->crcmode = CRC_MODE_SMACK; 263 } 264 ax->rcount -= 2; 265 *ax->rbuff &= ~0x80; 266 } else if (ax->rbuff[0] & 0x20) { 267 if (check_crc_flex(ax->rbuff, ax->rcount) < 0) { 268 ax->dev->stats.rx_errors++; 269 spin_unlock_bh(&ax->buflock); 270 return; 271 } 272 if (ax->crcmode != CRC_MODE_FLEX && ax->crcauto) { 273 printk(KERN_INFO 274 "mkiss: %s: Switching to crc-flexnet\n", 275 ax->dev->name); 276 ax->crcmode = CRC_MODE_FLEX; 277 } 278 ax->rcount -= 2; 279 280 /* 281 * dl9sau bugfix: the trailling two bytes flexnet crc 282 * will not be passed to the kernel. thus we have to 283 * correct the kissparm signature, because it indicates 284 * a crc but there's none 285 */ 286 *ax->rbuff &= ~0x20; 287 } 288 } 289 290 count = ax->rcount; 291 292 if ((skb = dev_alloc_skb(count)) == NULL) { 293 printk(KERN_ERR "mkiss: %s: memory squeeze, dropping packet.\n", 294 ax->dev->name); 295 ax->dev->stats.rx_dropped++; 296 spin_unlock_bh(&ax->buflock); 297 return; 298 } 299 300 skb_put_data(skb, ax->rbuff, count); 301 skb->protocol = ax25_type_trans(skb, ax->dev); 302 netif_rx(skb); 303 ax->dev->stats.rx_packets++; 304 ax->dev->stats.rx_bytes += count; 305 spin_unlock_bh(&ax->buflock); 306 } 307 308 static void kiss_unesc(struct mkiss *ax, unsigned char s) 309 { 310 switch (s) { 311 case END: 312 /* drop keeptest bit = VSV */ 313 if (test_bit(AXF_KEEPTEST, &ax->flags)) 314 clear_bit(AXF_KEEPTEST, &ax->flags); 315 316 if (!test_and_clear_bit(AXF_ERROR, &ax->flags) && (ax->rcount > 2)) 317 ax_bump(ax); 318 319 clear_bit(AXF_ESCAPE, &ax->flags); 320 ax->rcount = 0; 321 return; 322 323 case ESC: 324 set_bit(AXF_ESCAPE, &ax->flags); 325 return; 326 case ESC_ESC: 327 if (test_and_clear_bit(AXF_ESCAPE, &ax->flags)) 328 s = ESC; 329 break; 330 case ESC_END: 331 if (test_and_clear_bit(AXF_ESCAPE, &ax->flags)) 332 s = END; 333 break; 334 } 335 336 spin_lock_bh(&ax->buflock); 337 if (!test_bit(AXF_ERROR, &ax->flags)) { 338 if (ax->rcount < ax->buffsize) { 339 ax->rbuff[ax->rcount++] = s; 340 spin_unlock_bh(&ax->buflock); 341 return; 342 } 343 344 ax->dev->stats.rx_over_errors++; 345 set_bit(AXF_ERROR, &ax->flags); 346 } 347 spin_unlock_bh(&ax->buflock); 348 } 349 350 static int ax_set_mac_address(struct net_device *dev, void *addr) 351 { 352 struct sockaddr_ax25 *sa = addr; 353 354 netif_tx_lock_bh(dev); 355 netif_addr_lock(dev); 356 memcpy(dev->dev_addr, &sa->sax25_call, AX25_ADDR_LEN); 357 netif_addr_unlock(dev); 358 netif_tx_unlock_bh(dev); 359 360 return 0; 361 } 362 363 /*---------------------------------------------------------------------------*/ 364 365 static void ax_changedmtu(struct mkiss *ax) 366 { 367 struct net_device *dev = ax->dev; 368 unsigned char *xbuff, *rbuff, *oxbuff, *orbuff; 369 int len; 370 371 len = dev->mtu * 2; 372 373 /* 374 * allow for arrival of larger UDP packets, even if we say not to 375 * also fixes a bug in which SunOS sends 512-byte packets even with 376 * an MSS of 128 377 */ 378 if (len < 576 * 2) 379 len = 576 * 2; 380 381 xbuff = kmalloc(len + 4, GFP_ATOMIC); 382 rbuff = kmalloc(len + 4, GFP_ATOMIC); 383 384 if (xbuff == NULL || rbuff == NULL) { 385 printk(KERN_ERR "mkiss: %s: unable to grow ax25 buffers, " 386 "MTU change cancelled.\n", 387 ax->dev->name); 388 dev->mtu = ax->mtu; 389 kfree(xbuff); 390 kfree(rbuff); 391 return; 392 } 393 394 spin_lock_bh(&ax->buflock); 395 396 oxbuff = ax->xbuff; 397 ax->xbuff = xbuff; 398 orbuff = ax->rbuff; 399 ax->rbuff = rbuff; 400 401 if (ax->xleft) { 402 if (ax->xleft <= len) { 403 memcpy(ax->xbuff, ax->xhead, ax->xleft); 404 } else { 405 ax->xleft = 0; 406 dev->stats.tx_dropped++; 407 } 408 } 409 410 ax->xhead = ax->xbuff; 411 412 if (ax->rcount) { 413 if (ax->rcount <= len) { 414 memcpy(ax->rbuff, orbuff, ax->rcount); 415 } else { 416 ax->rcount = 0; 417 dev->stats.rx_over_errors++; 418 set_bit(AXF_ERROR, &ax->flags); 419 } 420 } 421 422 ax->mtu = dev->mtu + 73; 423 ax->buffsize = len; 424 425 spin_unlock_bh(&ax->buflock); 426 427 kfree(oxbuff); 428 kfree(orbuff); 429 } 430 431 /* Encapsulate one AX.25 packet and stuff into a TTY queue. */ 432 static void ax_encaps(struct net_device *dev, unsigned char *icp, int len) 433 { 434 struct mkiss *ax = netdev_priv(dev); 435 unsigned char *p; 436 int actual, count; 437 438 if (ax->mtu != ax->dev->mtu + 73) /* Someone has been ifconfigging */ 439 ax_changedmtu(ax); 440 441 if (len > ax->mtu) { /* Sigh, shouldn't occur BUT ... */ 442 printk(KERN_ERR "mkiss: %s: truncating oversized transmit packet!\n", ax->dev->name); 443 dev->stats.tx_dropped++; 444 netif_start_queue(dev); 445 return; 446 } 447 448 p = icp; 449 450 spin_lock_bh(&ax->buflock); 451 if ((*p & 0x0f) != 0) { 452 /* Configuration Command (kissparms(1). 453 * Protocol spec says: never append CRC. 454 * This fixes a very old bug in the linux 455 * kiss driver. -- dl9sau */ 456 switch (*p & 0xff) { 457 case 0x85: 458 /* command from userspace especially for us, 459 * not for delivery to the tnc */ 460 if (len > 1) { 461 int cmd = (p[1] & 0xff); 462 switch(cmd) { 463 case 3: 464 ax->crcmode = CRC_MODE_SMACK; 465 break; 466 case 2: 467 ax->crcmode = CRC_MODE_FLEX; 468 break; 469 case 1: 470 ax->crcmode = CRC_MODE_NONE; 471 break; 472 case 0: 473 default: 474 ax->crcmode = CRC_MODE_SMACK_TEST; 475 cmd = 0; 476 } 477 ax->crcauto = (cmd ? 0 : 1); 478 printk(KERN_INFO "mkiss: %s: crc mode set to %d\n", 479 ax->dev->name, cmd); 480 } 481 spin_unlock_bh(&ax->buflock); 482 netif_start_queue(dev); 483 484 return; 485 default: 486 count = kiss_esc(p, ax->xbuff, len); 487 } 488 } else { 489 unsigned short crc; 490 switch (ax->crcmode) { 491 case CRC_MODE_SMACK_TEST: 492 ax->crcmode = CRC_MODE_FLEX_TEST; 493 printk(KERN_INFO "mkiss: %s: Trying crc-smack\n", ax->dev->name); 494 // fall through 495 case CRC_MODE_SMACK: 496 *p |= 0x80; 497 crc = swab16(crc16(0, p, len)); 498 count = kiss_esc_crc(p, ax->xbuff, crc, len+2); 499 break; 500 case CRC_MODE_FLEX_TEST: 501 ax->crcmode = CRC_MODE_NONE; 502 printk(KERN_INFO "mkiss: %s: Trying crc-flexnet\n", ax->dev->name); 503 // fall through 504 case CRC_MODE_FLEX: 505 *p |= 0x20; 506 crc = calc_crc_flex(p, len); 507 count = kiss_esc_crc(p, ax->xbuff, crc, len+2); 508 break; 509 510 default: 511 count = kiss_esc(p, ax->xbuff, len); 512 } 513 } 514 spin_unlock_bh(&ax->buflock); 515 516 set_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags); 517 actual = ax->tty->ops->write(ax->tty, ax->xbuff, count); 518 dev->stats.tx_packets++; 519 dev->stats.tx_bytes += actual; 520 521 netif_trans_update(ax->dev); 522 ax->xleft = count - actual; 523 ax->xhead = ax->xbuff + actual; 524 } 525 526 /* Encapsulate an AX.25 packet and kick it into a TTY queue. */ 527 static netdev_tx_t ax_xmit(struct sk_buff *skb, struct net_device *dev) 528 { 529 struct mkiss *ax = netdev_priv(dev); 530 531 if (skb->protocol == htons(ETH_P_IP)) 532 return ax25_ip_xmit(skb); 533 534 if (!netif_running(dev)) { 535 printk(KERN_ERR "mkiss: %s: xmit call when iface is down\n", dev->name); 536 return NETDEV_TX_BUSY; 537 } 538 539 if (netif_queue_stopped(dev)) { 540 /* 541 * May be we must check transmitter timeout here ? 542 * 14 Oct 1994 Dmitry Gorodchanin. 543 */ 544 if (time_before(jiffies, dev_trans_start(dev) + 20 * HZ)) { 545 /* 20 sec timeout not reached */ 546 return NETDEV_TX_BUSY; 547 } 548 549 printk(KERN_ERR "mkiss: %s: transmit timed out, %s?\n", dev->name, 550 (tty_chars_in_buffer(ax->tty) || ax->xleft) ? 551 "bad line quality" : "driver error"); 552 553 ax->xleft = 0; 554 clear_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags); 555 netif_start_queue(dev); 556 } 557 558 /* We were not busy, so we are now... :-) */ 559 netif_stop_queue(dev); 560 ax_encaps(dev, skb->data, skb->len); 561 kfree_skb(skb); 562 563 return NETDEV_TX_OK; 564 } 565 566 static int ax_open_dev(struct net_device *dev) 567 { 568 struct mkiss *ax = netdev_priv(dev); 569 570 if (ax->tty == NULL) 571 return -ENODEV; 572 573 return 0; 574 } 575 576 /* Open the low-level part of the AX25 channel. Easy! */ 577 static int ax_open(struct net_device *dev) 578 { 579 struct mkiss *ax = netdev_priv(dev); 580 unsigned long len; 581 582 if (ax->tty == NULL) 583 return -ENODEV; 584 585 /* 586 * Allocate the frame buffers: 587 * 588 * rbuff Receive buffer. 589 * xbuff Transmit buffer. 590 */ 591 len = dev->mtu * 2; 592 593 /* 594 * allow for arrival of larger UDP packets, even if we say not to 595 * also fixes a bug in which SunOS sends 512-byte packets even with 596 * an MSS of 128 597 */ 598 if (len < 576 * 2) 599 len = 576 * 2; 600 601 if ((ax->rbuff = kmalloc(len + 4, GFP_KERNEL)) == NULL) 602 goto norbuff; 603 604 if ((ax->xbuff = kmalloc(len + 4, GFP_KERNEL)) == NULL) 605 goto noxbuff; 606 607 ax->mtu = dev->mtu + 73; 608 ax->buffsize = len; 609 ax->rcount = 0; 610 ax->xleft = 0; 611 612 ax->flags &= (1 << AXF_INUSE); /* Clear ESCAPE & ERROR flags */ 613 614 spin_lock_init(&ax->buflock); 615 616 return 0; 617 618 noxbuff: 619 kfree(ax->rbuff); 620 621 norbuff: 622 return -ENOMEM; 623 } 624 625 626 /* Close the low-level part of the AX25 channel. Easy! */ 627 static int ax_close(struct net_device *dev) 628 { 629 struct mkiss *ax = netdev_priv(dev); 630 631 if (ax->tty) 632 clear_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags); 633 634 netif_stop_queue(dev); 635 636 return 0; 637 } 638 639 static const struct net_device_ops ax_netdev_ops = { 640 .ndo_open = ax_open_dev, 641 .ndo_stop = ax_close, 642 .ndo_start_xmit = ax_xmit, 643 .ndo_set_mac_address = ax_set_mac_address, 644 }; 645 646 static void ax_setup(struct net_device *dev) 647 { 648 /* Finish setting up the DEVICE info. */ 649 dev->mtu = AX_MTU; 650 dev->hard_header_len = AX25_MAX_HEADER_LEN; 651 dev->addr_len = AX25_ADDR_LEN; 652 dev->type = ARPHRD_AX25; 653 dev->tx_queue_len = 10; 654 dev->header_ops = &ax25_header_ops; 655 dev->netdev_ops = &ax_netdev_ops; 656 657 658 memcpy(dev->broadcast, &ax25_bcast, AX25_ADDR_LEN); 659 memcpy(dev->dev_addr, &ax25_defaddr, AX25_ADDR_LEN); 660 661 dev->flags = IFF_BROADCAST | IFF_MULTICAST; 662 } 663 664 /* 665 * We have a potential race on dereferencing tty->disc_data, because the tty 666 * layer provides no locking at all - thus one cpu could be running 667 * sixpack_receive_buf while another calls sixpack_close, which zeroes 668 * tty->disc_data and frees the memory that sixpack_receive_buf is using. The 669 * best way to fix this is to use a rwlock in the tty struct, but for now we 670 * use a single global rwlock for all ttys in ppp line discipline. 671 */ 672 static DEFINE_RWLOCK(disc_data_lock); 673 674 static struct mkiss *mkiss_get(struct tty_struct *tty) 675 { 676 struct mkiss *ax; 677 678 read_lock(&disc_data_lock); 679 ax = tty->disc_data; 680 if (ax) 681 atomic_inc(&ax->refcnt); 682 read_unlock(&disc_data_lock); 683 684 return ax; 685 } 686 687 static void mkiss_put(struct mkiss *ax) 688 { 689 if (atomic_dec_and_test(&ax->refcnt)) 690 complete(&ax->dead); 691 } 692 693 static int crc_force = 0; /* Can be overridden with insmod */ 694 695 static int mkiss_open(struct tty_struct *tty) 696 { 697 struct net_device *dev; 698 struct mkiss *ax; 699 int err; 700 701 if (!capable(CAP_NET_ADMIN)) 702 return -EPERM; 703 if (tty->ops->write == NULL) 704 return -EOPNOTSUPP; 705 706 dev = alloc_netdev(sizeof(struct mkiss), "ax%d", NET_NAME_UNKNOWN, 707 ax_setup); 708 if (!dev) { 709 err = -ENOMEM; 710 goto out; 711 } 712 713 ax = netdev_priv(dev); 714 ax->dev = dev; 715 716 spin_lock_init(&ax->buflock); 717 atomic_set(&ax->refcnt, 1); 718 init_completion(&ax->dead); 719 720 ax->tty = tty; 721 tty->disc_data = ax; 722 tty->receive_room = 65535; 723 724 tty_driver_flush_buffer(tty); 725 726 /* Restore default settings */ 727 dev->type = ARPHRD_AX25; 728 729 /* Perform the low-level AX25 initialization. */ 730 err = ax_open(ax->dev); 731 if (err) 732 goto out_free_netdev; 733 734 err = register_netdev(dev); 735 if (err) 736 goto out_free_buffers; 737 738 /* after register_netdev() - because else printk smashes the kernel */ 739 switch (crc_force) { 740 case 3: 741 ax->crcmode = CRC_MODE_SMACK; 742 printk(KERN_INFO "mkiss: %s: crc mode smack forced.\n", 743 ax->dev->name); 744 break; 745 case 2: 746 ax->crcmode = CRC_MODE_FLEX; 747 printk(KERN_INFO "mkiss: %s: crc mode flexnet forced.\n", 748 ax->dev->name); 749 break; 750 case 1: 751 ax->crcmode = CRC_MODE_NONE; 752 printk(KERN_INFO "mkiss: %s: crc mode disabled.\n", 753 ax->dev->name); 754 break; 755 case 0: 756 /* fall through */ 757 default: 758 crc_force = 0; 759 printk(KERN_INFO "mkiss: %s: crc mode is auto.\n", 760 ax->dev->name); 761 ax->crcmode = CRC_MODE_SMACK_TEST; 762 } 763 ax->crcauto = (crc_force ? 0 : 1); 764 765 netif_start_queue(dev); 766 767 /* Done. We have linked the TTY line to a channel. */ 768 return 0; 769 770 out_free_buffers: 771 kfree(ax->rbuff); 772 kfree(ax->xbuff); 773 774 out_free_netdev: 775 free_netdev(dev); 776 777 out: 778 return err; 779 } 780 781 static void mkiss_close(struct tty_struct *tty) 782 { 783 struct mkiss *ax; 784 785 write_lock_bh(&disc_data_lock); 786 ax = tty->disc_data; 787 tty->disc_data = NULL; 788 write_unlock_bh(&disc_data_lock); 789 790 if (!ax) 791 return; 792 793 /* 794 * We have now ensured that nobody can start using ap from now on, but 795 * we have to wait for all existing users to finish. 796 */ 797 if (!atomic_dec_and_test(&ax->refcnt)) 798 wait_for_completion(&ax->dead); 799 /* 800 * Halt the transmit queue so that a new transmit cannot scribble 801 * on our buffers 802 */ 803 netif_stop_queue(ax->dev); 804 805 /* Free all AX25 frame buffers. */ 806 kfree(ax->rbuff); 807 kfree(ax->xbuff); 808 809 ax->tty = NULL; 810 811 unregister_netdev(ax->dev); 812 } 813 814 /* Perform I/O control on an active ax25 channel. */ 815 static int mkiss_ioctl(struct tty_struct *tty, struct file *file, 816 unsigned int cmd, unsigned long arg) 817 { 818 struct mkiss *ax = mkiss_get(tty); 819 struct net_device *dev; 820 unsigned int tmp, err; 821 822 /* First make sure we're connected. */ 823 if (ax == NULL) 824 return -ENXIO; 825 dev = ax->dev; 826 827 switch (cmd) { 828 case SIOCGIFNAME: 829 err = copy_to_user((void __user *) arg, ax->dev->name, 830 strlen(ax->dev->name) + 1) ? -EFAULT : 0; 831 break; 832 833 case SIOCGIFENCAP: 834 err = put_user(4, (int __user *) arg); 835 break; 836 837 case SIOCSIFENCAP: 838 if (get_user(tmp, (int __user *) arg)) { 839 err = -EFAULT; 840 break; 841 } 842 843 ax->mode = tmp; 844 dev->addr_len = AX25_ADDR_LEN; 845 dev->hard_header_len = AX25_KISS_HEADER_LEN + 846 AX25_MAX_HEADER_LEN + 3; 847 dev->type = ARPHRD_AX25; 848 849 err = 0; 850 break; 851 852 case SIOCSIFHWADDR: { 853 char addr[AX25_ADDR_LEN]; 854 855 if (copy_from_user(&addr, 856 (void __user *) arg, AX25_ADDR_LEN)) { 857 err = -EFAULT; 858 break; 859 } 860 861 netif_tx_lock_bh(dev); 862 memcpy(dev->dev_addr, addr, AX25_ADDR_LEN); 863 netif_tx_unlock_bh(dev); 864 865 err = 0; 866 break; 867 } 868 default: 869 err = -ENOIOCTLCMD; 870 } 871 872 mkiss_put(ax); 873 874 return err; 875 } 876 877 /* 878 * Handle the 'receiver data ready' interrupt. 879 * This function is called by the 'tty_io' module in the kernel when 880 * a block of data has been received, which can now be decapsulated 881 * and sent on to the AX.25 layer for further processing. 882 */ 883 static void mkiss_receive_buf(struct tty_struct *tty, const unsigned char *cp, 884 char *fp, int count) 885 { 886 struct mkiss *ax = mkiss_get(tty); 887 888 if (!ax) 889 return; 890 891 /* 892 * Argh! mtu change time! - costs us the packet part received 893 * at the change 894 */ 895 if (ax->mtu != ax->dev->mtu + 73) 896 ax_changedmtu(ax); 897 898 /* Read the characters out of the buffer */ 899 while (count--) { 900 if (fp != NULL && *fp++) { 901 if (!test_and_set_bit(AXF_ERROR, &ax->flags)) 902 ax->dev->stats.rx_errors++; 903 cp++; 904 continue; 905 } 906 907 kiss_unesc(ax, *cp++); 908 } 909 910 mkiss_put(ax); 911 tty_unthrottle(tty); 912 } 913 914 /* 915 * Called by the driver when there's room for more data. If we have 916 * more packets to send, we send them here. 917 */ 918 static void mkiss_write_wakeup(struct tty_struct *tty) 919 { 920 struct mkiss *ax = mkiss_get(tty); 921 int actual; 922 923 if (!ax) 924 return; 925 926 if (ax->xleft <= 0) { 927 /* Now serial buffer is almost free & we can start 928 * transmission of another packet 929 */ 930 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags); 931 932 netif_wake_queue(ax->dev); 933 goto out; 934 } 935 936 actual = tty->ops->write(tty, ax->xhead, ax->xleft); 937 ax->xleft -= actual; 938 ax->xhead += actual; 939 940 out: 941 mkiss_put(ax); 942 } 943 944 static struct tty_ldisc_ops ax_ldisc = { 945 .owner = THIS_MODULE, 946 .magic = TTY_LDISC_MAGIC, 947 .name = "mkiss", 948 .open = mkiss_open, 949 .close = mkiss_close, 950 .ioctl = mkiss_ioctl, 951 .receive_buf = mkiss_receive_buf, 952 .write_wakeup = mkiss_write_wakeup 953 }; 954 955 static const char banner[] __initconst = KERN_INFO \ 956 "mkiss: AX.25 Multikiss, Hans Albas PE1AYX\n"; 957 static const char msg_regfail[] __initconst = KERN_ERR \ 958 "mkiss: can't register line discipline (err = %d)\n"; 959 960 static int __init mkiss_init_driver(void) 961 { 962 int status; 963 964 printk(banner); 965 966 status = tty_register_ldisc(N_AX25, &ax_ldisc); 967 if (status != 0) 968 printk(msg_regfail, status); 969 970 return status; 971 } 972 973 static const char msg_unregfail[] = KERN_ERR \ 974 "mkiss: can't unregister line discipline (err = %d)\n"; 975 976 static void __exit mkiss_exit_driver(void) 977 { 978 int ret; 979 980 if ((ret = tty_unregister_ldisc(N_AX25))) 981 printk(msg_unregfail, ret); 982 } 983 984 MODULE_AUTHOR("Ralf Baechle DL5RB <ralf@linux-mips.org>"); 985 MODULE_DESCRIPTION("KISS driver for AX.25 over TTYs"); 986 module_param(crc_force, int, 0); 987 MODULE_PARM_DESC(crc_force, "crc [0 = auto | 1 = none | 2 = flexnet | 3 = smack]"); 988 MODULE_LICENSE("GPL"); 989 MODULE_ALIAS_LDISC(N_AX25); 990 991 module_init(mkiss_init_driver); 992 module_exit(mkiss_exit_driver); 993