1 /* 2 * This program is free software; you can distribute it and/or modify it 3 * under the terms of the GNU General Public License (Version 2) as 4 * published by the Free Software Foundation. 5 * 6 * This program is distributed in the hope it will be useful, but WITHOUT 7 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 8 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 9 * for more details. 10 * 11 * You should have received a copy of the GNU General Public License along 12 * with this program; if not, write to the Free Software Foundation, Inc., 13 * 59 Temple Place - Suite 330, Boston MA 02111-1307, USA. 14 * 15 * Copyright (C) Hans Alblas PE1AYX <hans@esrac.ele.tue.nl> 16 * Copyright (C) 2004, 05 Ralf Baechle DL5RB <ralf@linux-mips.org> 17 * Copyright (C) 2004, 05 Thomas Osterried DL9SAU <thomas@x-berg.in-berlin.de> 18 */ 19 #include <linux/module.h> 20 #include <linux/bitops.h> 21 #include <asm/uaccess.h> 22 #include <linux/crc16.h> 23 #include <linux/string.h> 24 #include <linux/mm.h> 25 #include <linux/interrupt.h> 26 #include <linux/in.h> 27 #include <linux/inet.h> 28 #include <linux/slab.h> 29 #include <linux/tty.h> 30 #include <linux/errno.h> 31 #include <linux/netdevice.h> 32 #include <linux/major.h> 33 #include <linux/init.h> 34 #include <linux/rtnetlink.h> 35 #include <linux/etherdevice.h> 36 #include <linux/skbuff.h> 37 #include <linux/if_arp.h> 38 #include <linux/jiffies.h> 39 #include <linux/compat.h> 40 41 #include <net/ax25.h> 42 43 #define AX_MTU 236 44 45 /* SLIP/KISS protocol characters. */ 46 #define END 0300 /* indicates end of frame */ 47 #define ESC 0333 /* indicates byte stuffing */ 48 #define ESC_END 0334 /* ESC ESC_END means END 'data' */ 49 #define ESC_ESC 0335 /* ESC ESC_ESC means ESC 'data' */ 50 51 struct mkiss { 52 struct tty_struct *tty; /* ptr to TTY structure */ 53 struct net_device *dev; /* easy for intr handling */ 54 55 /* These are pointers to the malloc()ed frame buffers. */ 56 spinlock_t buflock;/* lock for rbuf and xbuf */ 57 unsigned char *rbuff; /* receiver buffer */ 58 int rcount; /* received chars counter */ 59 unsigned char *xbuff; /* transmitter buffer */ 60 unsigned char *xhead; /* pointer to next byte to XMIT */ 61 int xleft; /* bytes left in XMIT queue */ 62 63 /* Detailed SLIP statistics. */ 64 int mtu; /* Our mtu (to spot changes!) */ 65 int buffsize; /* Max buffers sizes */ 66 67 unsigned long flags; /* Flag values/ mode etc */ 68 /* long req'd: used by set_bit --RR */ 69 #define AXF_INUSE 0 /* Channel in use */ 70 #define AXF_ESCAPE 1 /* ESC received */ 71 #define AXF_ERROR 2 /* Parity, etc. error */ 72 #define AXF_KEEPTEST 3 /* Keepalive test flag */ 73 #define AXF_OUTWAIT 4 /* is outpacket was flag */ 74 75 int mode; 76 int crcmode; /* MW: for FlexNet, SMACK etc. */ 77 int crcauto; /* CRC auto mode */ 78 79 #define CRC_MODE_NONE 0 80 #define CRC_MODE_FLEX 1 81 #define CRC_MODE_SMACK 2 82 #define CRC_MODE_FLEX_TEST 3 83 #define CRC_MODE_SMACK_TEST 4 84 85 atomic_t refcnt; 86 struct semaphore dead_sem; 87 }; 88 89 /*---------------------------------------------------------------------------*/ 90 91 static const unsigned short crc_flex_table[] = { 92 0x0f87, 0x1e0e, 0x2c95, 0x3d1c, 0x49a3, 0x582a, 0x6ab1, 0x7b38, 93 0x83cf, 0x9246, 0xa0dd, 0xb154, 0xc5eb, 0xd462, 0xe6f9, 0xf770, 94 0x1f06, 0x0e8f, 0x3c14, 0x2d9d, 0x5922, 0x48ab, 0x7a30, 0x6bb9, 95 0x934e, 0x82c7, 0xb05c, 0xa1d5, 0xd56a, 0xc4e3, 0xf678, 0xe7f1, 96 0x2e85, 0x3f0c, 0x0d97, 0x1c1e, 0x68a1, 0x7928, 0x4bb3, 0x5a3a, 97 0xa2cd, 0xb344, 0x81df, 0x9056, 0xe4e9, 0xf560, 0xc7fb, 0xd672, 98 0x3e04, 0x2f8d, 0x1d16, 0x0c9f, 0x7820, 0x69a9, 0x5b32, 0x4abb, 99 0xb24c, 0xa3c5, 0x915e, 0x80d7, 0xf468, 0xe5e1, 0xd77a, 0xc6f3, 100 0x4d83, 0x5c0a, 0x6e91, 0x7f18, 0x0ba7, 0x1a2e, 0x28b5, 0x393c, 101 0xc1cb, 0xd042, 0xe2d9, 0xf350, 0x87ef, 0x9666, 0xa4fd, 0xb574, 102 0x5d02, 0x4c8b, 0x7e10, 0x6f99, 0x1b26, 0x0aaf, 0x3834, 0x29bd, 103 0xd14a, 0xc0c3, 0xf258, 0xe3d1, 0x976e, 0x86e7, 0xb47c, 0xa5f5, 104 0x6c81, 0x7d08, 0x4f93, 0x5e1a, 0x2aa5, 0x3b2c, 0x09b7, 0x183e, 105 0xe0c9, 0xf140, 0xc3db, 0xd252, 0xa6ed, 0xb764, 0x85ff, 0x9476, 106 0x7c00, 0x6d89, 0x5f12, 0x4e9b, 0x3a24, 0x2bad, 0x1936, 0x08bf, 107 0xf048, 0xe1c1, 0xd35a, 0xc2d3, 0xb66c, 0xa7e5, 0x957e, 0x84f7, 108 0x8b8f, 0x9a06, 0xa89d, 0xb914, 0xcdab, 0xdc22, 0xeeb9, 0xff30, 109 0x07c7, 0x164e, 0x24d5, 0x355c, 0x41e3, 0x506a, 0x62f1, 0x7378, 110 0x9b0e, 0x8a87, 0xb81c, 0xa995, 0xdd2a, 0xcca3, 0xfe38, 0xefb1, 111 0x1746, 0x06cf, 0x3454, 0x25dd, 0x5162, 0x40eb, 0x7270, 0x63f9, 112 0xaa8d, 0xbb04, 0x899f, 0x9816, 0xeca9, 0xfd20, 0xcfbb, 0xde32, 113 0x26c5, 0x374c, 0x05d7, 0x145e, 0x60e1, 0x7168, 0x43f3, 0x527a, 114 0xba0c, 0xab85, 0x991e, 0x8897, 0xfc28, 0xeda1, 0xdf3a, 0xceb3, 115 0x3644, 0x27cd, 0x1556, 0x04df, 0x7060, 0x61e9, 0x5372, 0x42fb, 116 0xc98b, 0xd802, 0xea99, 0xfb10, 0x8faf, 0x9e26, 0xacbd, 0xbd34, 117 0x45c3, 0x544a, 0x66d1, 0x7758, 0x03e7, 0x126e, 0x20f5, 0x317c, 118 0xd90a, 0xc883, 0xfa18, 0xeb91, 0x9f2e, 0x8ea7, 0xbc3c, 0xadb5, 119 0x5542, 0x44cb, 0x7650, 0x67d9, 0x1366, 0x02ef, 0x3074, 0x21fd, 120 0xe889, 0xf900, 0xcb9b, 0xda12, 0xaead, 0xbf24, 0x8dbf, 0x9c36, 121 0x64c1, 0x7548, 0x47d3, 0x565a, 0x22e5, 0x336c, 0x01f7, 0x107e, 122 0xf808, 0xe981, 0xdb1a, 0xca93, 0xbe2c, 0xafa5, 0x9d3e, 0x8cb7, 123 0x7440, 0x65c9, 0x5752, 0x46db, 0x3264, 0x23ed, 0x1176, 0x00ff 124 }; 125 126 static unsigned short calc_crc_flex(unsigned char *cp, int size) 127 { 128 unsigned short crc = 0xffff; 129 130 while (size--) 131 crc = (crc << 8) ^ crc_flex_table[((crc >> 8) ^ *cp++) & 0xff]; 132 133 return crc; 134 } 135 136 static int check_crc_flex(unsigned char *cp, int size) 137 { 138 unsigned short crc = 0xffff; 139 140 if (size < 3) 141 return -1; 142 143 while (size--) 144 crc = (crc << 8) ^ crc_flex_table[((crc >> 8) ^ *cp++) & 0xff]; 145 146 if ((crc & 0xffff) != 0x7070) 147 return -1; 148 149 return 0; 150 } 151 152 static int check_crc_16(unsigned char *cp, int size) 153 { 154 unsigned short crc = 0x0000; 155 156 if (size < 3) 157 return -1; 158 159 crc = crc16(0, cp, size); 160 161 if (crc != 0x0000) 162 return -1; 163 164 return 0; 165 } 166 167 /* 168 * Standard encapsulation 169 */ 170 171 static int kiss_esc(unsigned char *s, unsigned char *d, int len) 172 { 173 unsigned char *ptr = d; 174 unsigned char c; 175 176 /* 177 * Send an initial END character to flush out any data that may have 178 * accumulated in the receiver due to line noise. 179 */ 180 181 *ptr++ = END; 182 183 while (len-- > 0) { 184 switch (c = *s++) { 185 case END: 186 *ptr++ = ESC; 187 *ptr++ = ESC_END; 188 break; 189 case ESC: 190 *ptr++ = ESC; 191 *ptr++ = ESC_ESC; 192 break; 193 default: 194 *ptr++ = c; 195 break; 196 } 197 } 198 199 *ptr++ = END; 200 201 return ptr - d; 202 } 203 204 /* 205 * MW: 206 * OK its ugly, but tell me a better solution without copying the 207 * packet to a temporary buffer :-) 208 */ 209 static int kiss_esc_crc(unsigned char *s, unsigned char *d, unsigned short crc, 210 int len) 211 { 212 unsigned char *ptr = d; 213 unsigned char c=0; 214 215 *ptr++ = END; 216 while (len > 0) { 217 if (len > 2) 218 c = *s++; 219 else if (len > 1) 220 c = crc >> 8; 221 else if (len > 0) 222 c = crc & 0xff; 223 224 len--; 225 226 switch (c) { 227 case END: 228 *ptr++ = ESC; 229 *ptr++ = ESC_END; 230 break; 231 case ESC: 232 *ptr++ = ESC; 233 *ptr++ = ESC_ESC; 234 break; 235 default: 236 *ptr++ = c; 237 break; 238 } 239 } 240 *ptr++ = END; 241 242 return ptr - d; 243 } 244 245 /* Send one completely decapsulated AX.25 packet to the AX.25 layer. */ 246 static void ax_bump(struct mkiss *ax) 247 { 248 struct sk_buff *skb; 249 int count; 250 251 spin_lock_bh(&ax->buflock); 252 if (ax->rbuff[0] > 0x0f) { 253 if (ax->rbuff[0] & 0x80) { 254 if (check_crc_16(ax->rbuff, ax->rcount) < 0) { 255 ax->dev->stats.rx_errors++; 256 spin_unlock_bh(&ax->buflock); 257 258 return; 259 } 260 if (ax->crcmode != CRC_MODE_SMACK && ax->crcauto) { 261 printk(KERN_INFO 262 "mkiss: %s: Switching to crc-smack\n", 263 ax->dev->name); 264 ax->crcmode = CRC_MODE_SMACK; 265 } 266 ax->rcount -= 2; 267 *ax->rbuff &= ~0x80; 268 } else if (ax->rbuff[0] & 0x20) { 269 if (check_crc_flex(ax->rbuff, ax->rcount) < 0) { 270 ax->dev->stats.rx_errors++; 271 spin_unlock_bh(&ax->buflock); 272 return; 273 } 274 if (ax->crcmode != CRC_MODE_FLEX && ax->crcauto) { 275 printk(KERN_INFO 276 "mkiss: %s: Switching to crc-flexnet\n", 277 ax->dev->name); 278 ax->crcmode = CRC_MODE_FLEX; 279 } 280 ax->rcount -= 2; 281 282 /* 283 * dl9sau bugfix: the trailling two bytes flexnet crc 284 * will not be passed to the kernel. thus we have to 285 * correct the kissparm signature, because it indicates 286 * a crc but there's none 287 */ 288 *ax->rbuff &= ~0x20; 289 } 290 } 291 292 count = ax->rcount; 293 294 if ((skb = dev_alloc_skb(count)) == NULL) { 295 printk(KERN_ERR "mkiss: %s: memory squeeze, dropping packet.\n", 296 ax->dev->name); 297 ax->dev->stats.rx_dropped++; 298 spin_unlock_bh(&ax->buflock); 299 return; 300 } 301 302 memcpy(skb_put(skb,count), ax->rbuff, count); 303 skb->protocol = ax25_type_trans(skb, ax->dev); 304 netif_rx(skb); 305 ax->dev->stats.rx_packets++; 306 ax->dev->stats.rx_bytes += count; 307 spin_unlock_bh(&ax->buflock); 308 } 309 310 static void kiss_unesc(struct mkiss *ax, unsigned char s) 311 { 312 switch (s) { 313 case END: 314 /* drop keeptest bit = VSV */ 315 if (test_bit(AXF_KEEPTEST, &ax->flags)) 316 clear_bit(AXF_KEEPTEST, &ax->flags); 317 318 if (!test_and_clear_bit(AXF_ERROR, &ax->flags) && (ax->rcount > 2)) 319 ax_bump(ax); 320 321 clear_bit(AXF_ESCAPE, &ax->flags); 322 ax->rcount = 0; 323 return; 324 325 case ESC: 326 set_bit(AXF_ESCAPE, &ax->flags); 327 return; 328 case ESC_ESC: 329 if (test_and_clear_bit(AXF_ESCAPE, &ax->flags)) 330 s = ESC; 331 break; 332 case ESC_END: 333 if (test_and_clear_bit(AXF_ESCAPE, &ax->flags)) 334 s = END; 335 break; 336 } 337 338 spin_lock_bh(&ax->buflock); 339 if (!test_bit(AXF_ERROR, &ax->flags)) { 340 if (ax->rcount < ax->buffsize) { 341 ax->rbuff[ax->rcount++] = s; 342 spin_unlock_bh(&ax->buflock); 343 return; 344 } 345 346 ax->dev->stats.rx_over_errors++; 347 set_bit(AXF_ERROR, &ax->flags); 348 } 349 spin_unlock_bh(&ax->buflock); 350 } 351 352 static int ax_set_mac_address(struct net_device *dev, void *addr) 353 { 354 struct sockaddr_ax25 *sa = addr; 355 356 netif_tx_lock_bh(dev); 357 netif_addr_lock(dev); 358 memcpy(dev->dev_addr, &sa->sax25_call, AX25_ADDR_LEN); 359 netif_addr_unlock(dev); 360 netif_tx_unlock_bh(dev); 361 362 return 0; 363 } 364 365 /*---------------------------------------------------------------------------*/ 366 367 static void ax_changedmtu(struct mkiss *ax) 368 { 369 struct net_device *dev = ax->dev; 370 unsigned char *xbuff, *rbuff, *oxbuff, *orbuff; 371 int len; 372 373 len = dev->mtu * 2; 374 375 /* 376 * allow for arrival of larger UDP packets, even if we say not to 377 * also fixes a bug in which SunOS sends 512-byte packets even with 378 * an MSS of 128 379 */ 380 if (len < 576 * 2) 381 len = 576 * 2; 382 383 xbuff = kmalloc(len + 4, GFP_ATOMIC); 384 rbuff = kmalloc(len + 4, GFP_ATOMIC); 385 386 if (xbuff == NULL || rbuff == NULL) { 387 printk(KERN_ERR "mkiss: %s: unable to grow ax25 buffers, " 388 "MTU change cancelled.\n", 389 ax->dev->name); 390 dev->mtu = ax->mtu; 391 kfree(xbuff); 392 kfree(rbuff); 393 return; 394 } 395 396 spin_lock_bh(&ax->buflock); 397 398 oxbuff = ax->xbuff; 399 ax->xbuff = xbuff; 400 orbuff = ax->rbuff; 401 ax->rbuff = rbuff; 402 403 if (ax->xleft) { 404 if (ax->xleft <= len) { 405 memcpy(ax->xbuff, ax->xhead, ax->xleft); 406 } else { 407 ax->xleft = 0; 408 dev->stats.tx_dropped++; 409 } 410 } 411 412 ax->xhead = ax->xbuff; 413 414 if (ax->rcount) { 415 if (ax->rcount <= len) { 416 memcpy(ax->rbuff, orbuff, ax->rcount); 417 } else { 418 ax->rcount = 0; 419 dev->stats.rx_over_errors++; 420 set_bit(AXF_ERROR, &ax->flags); 421 } 422 } 423 424 ax->mtu = dev->mtu + 73; 425 ax->buffsize = len; 426 427 spin_unlock_bh(&ax->buflock); 428 429 kfree(oxbuff); 430 kfree(orbuff); 431 } 432 433 /* Encapsulate one AX.25 packet and stuff into a TTY queue. */ 434 static void ax_encaps(struct net_device *dev, unsigned char *icp, int len) 435 { 436 struct mkiss *ax = netdev_priv(dev); 437 unsigned char *p; 438 int actual, count; 439 440 if (ax->mtu != ax->dev->mtu + 73) /* Someone has been ifconfigging */ 441 ax_changedmtu(ax); 442 443 if (len > ax->mtu) { /* Sigh, shouldn't occur BUT ... */ 444 len = ax->mtu; 445 printk(KERN_ERR "mkiss: %s: truncating oversized transmit packet!\n", ax->dev->name); 446 dev->stats.tx_dropped++; 447 netif_start_queue(dev); 448 return; 449 } 450 451 p = icp; 452 453 spin_lock_bh(&ax->buflock); 454 if ((*p & 0x0f) != 0) { 455 /* Configuration Command (kissparms(1). 456 * Protocol spec says: never append CRC. 457 * This fixes a very old bug in the linux 458 * kiss driver. -- dl9sau */ 459 switch (*p & 0xff) { 460 case 0x85: 461 /* command from userspace especially for us, 462 * not for delivery to the tnc */ 463 if (len > 1) { 464 int cmd = (p[1] & 0xff); 465 switch(cmd) { 466 case 3: 467 ax->crcmode = CRC_MODE_SMACK; 468 break; 469 case 2: 470 ax->crcmode = CRC_MODE_FLEX; 471 break; 472 case 1: 473 ax->crcmode = CRC_MODE_NONE; 474 break; 475 case 0: 476 default: 477 ax->crcmode = CRC_MODE_SMACK_TEST; 478 cmd = 0; 479 } 480 ax->crcauto = (cmd ? 0 : 1); 481 printk(KERN_INFO "mkiss: %s: crc mode %s %d\n", ax->dev->name, (len) ? "set to" : "is", cmd); 482 } 483 spin_unlock_bh(&ax->buflock); 484 netif_start_queue(dev); 485 486 return; 487 default: 488 count = kiss_esc(p, ax->xbuff, len); 489 } 490 } else { 491 unsigned short crc; 492 switch (ax->crcmode) { 493 case CRC_MODE_SMACK_TEST: 494 ax->crcmode = CRC_MODE_FLEX_TEST; 495 printk(KERN_INFO "mkiss: %s: Trying crc-smack\n", ax->dev->name); 496 // fall through 497 case CRC_MODE_SMACK: 498 *p |= 0x80; 499 crc = swab16(crc16(0, p, len)); 500 count = kiss_esc_crc(p, ax->xbuff, crc, len+2); 501 break; 502 case CRC_MODE_FLEX_TEST: 503 ax->crcmode = CRC_MODE_NONE; 504 printk(KERN_INFO "mkiss: %s: Trying crc-flexnet\n", ax->dev->name); 505 // fall through 506 case CRC_MODE_FLEX: 507 *p |= 0x20; 508 crc = calc_crc_flex(p, len); 509 count = kiss_esc_crc(p, ax->xbuff, crc, len+2); 510 break; 511 512 default: 513 count = kiss_esc(p, ax->xbuff, len); 514 } 515 } 516 spin_unlock_bh(&ax->buflock); 517 518 set_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags); 519 actual = ax->tty->ops->write(ax->tty, ax->xbuff, count); 520 dev->stats.tx_packets++; 521 dev->stats.tx_bytes += actual; 522 523 ax->dev->trans_start = jiffies; 524 ax->xleft = count - actual; 525 ax->xhead = ax->xbuff + actual; 526 } 527 528 /* Encapsulate an AX.25 packet and kick it into a TTY queue. */ 529 static netdev_tx_t ax_xmit(struct sk_buff *skb, struct net_device *dev) 530 { 531 struct mkiss *ax = netdev_priv(dev); 532 533 if (!netif_running(dev)) { 534 printk(KERN_ERR "mkiss: %s: xmit call when iface is down\n", dev->name); 535 return NETDEV_TX_BUSY; 536 } 537 538 if (netif_queue_stopped(dev)) { 539 /* 540 * May be we must check transmitter timeout here ? 541 * 14 Oct 1994 Dmitry Gorodchanin. 542 */ 543 if (time_before(jiffies, dev->trans_start + 20 * HZ)) { 544 /* 20 sec timeout not reached */ 545 return NETDEV_TX_BUSY; 546 } 547 548 printk(KERN_ERR "mkiss: %s: transmit timed out, %s?\n", dev->name, 549 (tty_chars_in_buffer(ax->tty) || ax->xleft) ? 550 "bad line quality" : "driver error"); 551 552 ax->xleft = 0; 553 clear_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags); 554 netif_start_queue(dev); 555 } 556 557 /* We were not busy, so we are now... :-) */ 558 if (skb != NULL) { 559 netif_stop_queue(dev); 560 ax_encaps(dev, skb->data, skb->len); 561 kfree_skb(skb); 562 } 563 564 return NETDEV_TX_OK; 565 } 566 567 static int ax_open_dev(struct net_device *dev) 568 { 569 struct mkiss *ax = netdev_priv(dev); 570 571 if (ax->tty == NULL) 572 return -ENODEV; 573 574 return 0; 575 } 576 577 #if defined(CONFIG_AX25) || defined(CONFIG_AX25_MODULE) 578 579 /* Return the frame type ID */ 580 static int ax_header(struct sk_buff *skb, struct net_device *dev, 581 unsigned short type, const void *daddr, 582 const void *saddr, unsigned len) 583 { 584 #ifdef CONFIG_INET 585 if (type != ETH_P_AX25) 586 return ax25_hard_header(skb, dev, type, daddr, saddr, len); 587 #endif 588 return 0; 589 } 590 591 592 static int ax_rebuild_header(struct sk_buff *skb) 593 { 594 #ifdef CONFIG_INET 595 return ax25_rebuild_header(skb); 596 #else 597 return 0; 598 #endif 599 } 600 601 #endif /* CONFIG_{AX25,AX25_MODULE} */ 602 603 /* Open the low-level part of the AX25 channel. Easy! */ 604 static int ax_open(struct net_device *dev) 605 { 606 struct mkiss *ax = netdev_priv(dev); 607 unsigned long len; 608 609 if (ax->tty == NULL) 610 return -ENODEV; 611 612 /* 613 * Allocate the frame buffers: 614 * 615 * rbuff Receive buffer. 616 * xbuff Transmit buffer. 617 */ 618 len = dev->mtu * 2; 619 620 /* 621 * allow for arrival of larger UDP packets, even if we say not to 622 * also fixes a bug in which SunOS sends 512-byte packets even with 623 * an MSS of 128 624 */ 625 if (len < 576 * 2) 626 len = 576 * 2; 627 628 if ((ax->rbuff = kmalloc(len + 4, GFP_KERNEL)) == NULL) 629 goto norbuff; 630 631 if ((ax->xbuff = kmalloc(len + 4, GFP_KERNEL)) == NULL) 632 goto noxbuff; 633 634 ax->mtu = dev->mtu + 73; 635 ax->buffsize = len; 636 ax->rcount = 0; 637 ax->xleft = 0; 638 639 ax->flags &= (1 << AXF_INUSE); /* Clear ESCAPE & ERROR flags */ 640 641 spin_lock_init(&ax->buflock); 642 643 return 0; 644 645 noxbuff: 646 kfree(ax->rbuff); 647 648 norbuff: 649 return -ENOMEM; 650 } 651 652 653 /* Close the low-level part of the AX25 channel. Easy! */ 654 static int ax_close(struct net_device *dev) 655 { 656 struct mkiss *ax = netdev_priv(dev); 657 658 if (ax->tty) 659 clear_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags); 660 661 netif_stop_queue(dev); 662 663 return 0; 664 } 665 666 static const struct header_ops ax_header_ops = { 667 .create = ax_header, 668 .rebuild = ax_rebuild_header, 669 }; 670 671 static const struct net_device_ops ax_netdev_ops = { 672 .ndo_open = ax_open_dev, 673 .ndo_stop = ax_close, 674 .ndo_start_xmit = ax_xmit, 675 .ndo_set_mac_address = ax_set_mac_address, 676 }; 677 678 static void ax_setup(struct net_device *dev) 679 { 680 /* Finish setting up the DEVICE info. */ 681 dev->mtu = AX_MTU; 682 dev->hard_header_len = 0; 683 dev->addr_len = 0; 684 dev->type = ARPHRD_AX25; 685 dev->tx_queue_len = 10; 686 dev->header_ops = &ax_header_ops; 687 dev->netdev_ops = &ax_netdev_ops; 688 689 690 memcpy(dev->broadcast, &ax25_bcast, AX25_ADDR_LEN); 691 memcpy(dev->dev_addr, &ax25_defaddr, AX25_ADDR_LEN); 692 693 dev->flags = IFF_BROADCAST | IFF_MULTICAST; 694 } 695 696 /* 697 * We have a potential race on dereferencing tty->disc_data, because the tty 698 * layer provides no locking at all - thus one cpu could be running 699 * sixpack_receive_buf while another calls sixpack_close, which zeroes 700 * tty->disc_data and frees the memory that sixpack_receive_buf is using. The 701 * best way to fix this is to use a rwlock in the tty struct, but for now we 702 * use a single global rwlock for all ttys in ppp line discipline. 703 */ 704 static DEFINE_RWLOCK(disc_data_lock); 705 706 static struct mkiss *mkiss_get(struct tty_struct *tty) 707 { 708 struct mkiss *ax; 709 710 read_lock(&disc_data_lock); 711 ax = tty->disc_data; 712 if (ax) 713 atomic_inc(&ax->refcnt); 714 read_unlock(&disc_data_lock); 715 716 return ax; 717 } 718 719 static void mkiss_put(struct mkiss *ax) 720 { 721 if (atomic_dec_and_test(&ax->refcnt)) 722 up(&ax->dead_sem); 723 } 724 725 static int crc_force = 0; /* Can be overridden with insmod */ 726 727 static int mkiss_open(struct tty_struct *tty) 728 { 729 struct net_device *dev; 730 struct mkiss *ax; 731 int err; 732 733 if (!capable(CAP_NET_ADMIN)) 734 return -EPERM; 735 if (tty->ops->write == NULL) 736 return -EOPNOTSUPP; 737 738 dev = alloc_netdev(sizeof(struct mkiss), "ax%d", ax_setup); 739 if (!dev) { 740 err = -ENOMEM; 741 goto out; 742 } 743 744 ax = netdev_priv(dev); 745 ax->dev = dev; 746 747 spin_lock_init(&ax->buflock); 748 atomic_set(&ax->refcnt, 1); 749 sema_init(&ax->dead_sem, 0); 750 751 ax->tty = tty; 752 tty->disc_data = ax; 753 tty->receive_room = 65535; 754 755 tty_driver_flush_buffer(tty); 756 757 /* Restore default settings */ 758 dev->type = ARPHRD_AX25; 759 760 /* Perform the low-level AX25 initialization. */ 761 if ((err = ax_open(ax->dev))) { 762 goto out_free_netdev; 763 } 764 765 if (register_netdev(dev)) 766 goto out_free_buffers; 767 768 /* after register_netdev() - because else printk smashes the kernel */ 769 switch (crc_force) { 770 case 3: 771 ax->crcmode = CRC_MODE_SMACK; 772 printk(KERN_INFO "mkiss: %s: crc mode smack forced.\n", 773 ax->dev->name); 774 break; 775 case 2: 776 ax->crcmode = CRC_MODE_FLEX; 777 printk(KERN_INFO "mkiss: %s: crc mode flexnet forced.\n", 778 ax->dev->name); 779 break; 780 case 1: 781 ax->crcmode = CRC_MODE_NONE; 782 printk(KERN_INFO "mkiss: %s: crc mode disabled.\n", 783 ax->dev->name); 784 break; 785 case 0: 786 /* fall through */ 787 default: 788 crc_force = 0; 789 printk(KERN_INFO "mkiss: %s: crc mode is auto.\n", 790 ax->dev->name); 791 ax->crcmode = CRC_MODE_SMACK_TEST; 792 } 793 ax->crcauto = (crc_force ? 0 : 1); 794 795 netif_start_queue(dev); 796 797 /* Done. We have linked the TTY line to a channel. */ 798 return 0; 799 800 out_free_buffers: 801 kfree(ax->rbuff); 802 kfree(ax->xbuff); 803 804 out_free_netdev: 805 free_netdev(dev); 806 807 out: 808 return err; 809 } 810 811 static void mkiss_close(struct tty_struct *tty) 812 { 813 struct mkiss *ax; 814 815 write_lock_bh(&disc_data_lock); 816 ax = tty->disc_data; 817 tty->disc_data = NULL; 818 write_unlock_bh(&disc_data_lock); 819 820 if (!ax) 821 return; 822 823 /* 824 * We have now ensured that nobody can start using ap from now on, but 825 * we have to wait for all existing users to finish. 826 */ 827 if (!atomic_dec_and_test(&ax->refcnt)) 828 down(&ax->dead_sem); 829 830 unregister_netdev(ax->dev); 831 832 /* Free all AX25 frame buffers. */ 833 kfree(ax->rbuff); 834 kfree(ax->xbuff); 835 836 ax->tty = NULL; 837 } 838 839 /* Perform I/O control on an active ax25 channel. */ 840 static int mkiss_ioctl(struct tty_struct *tty, struct file *file, 841 unsigned int cmd, unsigned long arg) 842 { 843 struct mkiss *ax = mkiss_get(tty); 844 struct net_device *dev; 845 unsigned int tmp, err; 846 847 /* First make sure we're connected. */ 848 if (ax == NULL) 849 return -ENXIO; 850 dev = ax->dev; 851 852 switch (cmd) { 853 case SIOCGIFNAME: 854 err = copy_to_user((void __user *) arg, ax->dev->name, 855 strlen(ax->dev->name) + 1) ? -EFAULT : 0; 856 break; 857 858 case SIOCGIFENCAP: 859 err = put_user(4, (int __user *) arg); 860 break; 861 862 case SIOCSIFENCAP: 863 if (get_user(tmp, (int __user *) arg)) { 864 err = -EFAULT; 865 break; 866 } 867 868 ax->mode = tmp; 869 dev->addr_len = AX25_ADDR_LEN; 870 dev->hard_header_len = AX25_KISS_HEADER_LEN + 871 AX25_MAX_HEADER_LEN + 3; 872 dev->type = ARPHRD_AX25; 873 874 err = 0; 875 break; 876 877 case SIOCSIFHWADDR: { 878 char addr[AX25_ADDR_LEN]; 879 880 if (copy_from_user(&addr, 881 (void __user *) arg, AX25_ADDR_LEN)) { 882 err = -EFAULT; 883 break; 884 } 885 886 netif_tx_lock_bh(dev); 887 memcpy(dev->dev_addr, addr, AX25_ADDR_LEN); 888 netif_tx_unlock_bh(dev); 889 890 err = 0; 891 break; 892 } 893 default: 894 err = -ENOIOCTLCMD; 895 } 896 897 mkiss_put(ax); 898 899 return err; 900 } 901 902 #ifdef CONFIG_COMPAT 903 static long mkiss_compat_ioctl(struct tty_struct *tty, struct file *file, 904 unsigned int cmd, unsigned long arg) 905 { 906 switch (cmd) { 907 case SIOCGIFNAME: 908 case SIOCGIFENCAP: 909 case SIOCSIFENCAP: 910 case SIOCSIFHWADDR: 911 return mkiss_ioctl(tty, file, cmd, 912 (unsigned long)compat_ptr(arg)); 913 } 914 915 return -ENOIOCTLCMD; 916 } 917 #endif 918 919 /* 920 * Handle the 'receiver data ready' interrupt. 921 * This function is called by the 'tty_io' module in the kernel when 922 * a block of data has been received, which can now be decapsulated 923 * and sent on to the AX.25 layer for further processing. 924 */ 925 static void mkiss_receive_buf(struct tty_struct *tty, const unsigned char *cp, 926 char *fp, int count) 927 { 928 struct mkiss *ax = mkiss_get(tty); 929 930 if (!ax) 931 return; 932 933 /* 934 * Argh! mtu change time! - costs us the packet part received 935 * at the change 936 */ 937 if (ax->mtu != ax->dev->mtu + 73) 938 ax_changedmtu(ax); 939 940 /* Read the characters out of the buffer */ 941 while (count--) { 942 if (fp != NULL && *fp++) { 943 if (!test_and_set_bit(AXF_ERROR, &ax->flags)) 944 ax->dev->stats.rx_errors++; 945 cp++; 946 continue; 947 } 948 949 kiss_unesc(ax, *cp++); 950 } 951 952 mkiss_put(ax); 953 tty_unthrottle(tty); 954 } 955 956 /* 957 * Called by the driver when there's room for more data. If we have 958 * more packets to send, we send them here. 959 */ 960 static void mkiss_write_wakeup(struct tty_struct *tty) 961 { 962 struct mkiss *ax = mkiss_get(tty); 963 int actual; 964 965 if (!ax) 966 return; 967 968 if (ax->xleft <= 0) { 969 /* Now serial buffer is almost free & we can start 970 * transmission of another packet 971 */ 972 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags); 973 974 netif_wake_queue(ax->dev); 975 goto out; 976 } 977 978 actual = tty->ops->write(tty, ax->xhead, ax->xleft); 979 ax->xleft -= actual; 980 ax->xhead += actual; 981 982 out: 983 mkiss_put(ax); 984 } 985 986 static struct tty_ldisc_ops ax_ldisc = { 987 .owner = THIS_MODULE, 988 .magic = TTY_LDISC_MAGIC, 989 .name = "mkiss", 990 .open = mkiss_open, 991 .close = mkiss_close, 992 .ioctl = mkiss_ioctl, 993 #ifdef CONFIG_COMPAT 994 .compat_ioctl = mkiss_compat_ioctl, 995 #endif 996 .receive_buf = mkiss_receive_buf, 997 .write_wakeup = mkiss_write_wakeup 998 }; 999 1000 static const char banner[] __initconst = KERN_INFO \ 1001 "mkiss: AX.25 Multikiss, Hans Albas PE1AYX\n"; 1002 static const char msg_regfail[] __initconst = KERN_ERR \ 1003 "mkiss: can't register line discipline (err = %d)\n"; 1004 1005 static int __init mkiss_init_driver(void) 1006 { 1007 int status; 1008 1009 printk(banner); 1010 1011 status = tty_register_ldisc(N_AX25, &ax_ldisc); 1012 if (status != 0) 1013 printk(msg_regfail, status); 1014 1015 return status; 1016 } 1017 1018 static const char msg_unregfail[] = KERN_ERR \ 1019 "mkiss: can't unregister line discipline (err = %d)\n"; 1020 1021 static void __exit mkiss_exit_driver(void) 1022 { 1023 int ret; 1024 1025 if ((ret = tty_unregister_ldisc(N_AX25))) 1026 printk(msg_unregfail, ret); 1027 } 1028 1029 MODULE_AUTHOR("Ralf Baechle DL5RB <ralf@linux-mips.org>"); 1030 MODULE_DESCRIPTION("KISS driver for AX.25 over TTYs"); 1031 module_param(crc_force, int, 0); 1032 MODULE_PARM_DESC(crc_force, "crc [0 = auto | 1 = none | 2 = flexnet | 3 = smack]"); 1033 MODULE_LICENSE("GPL"); 1034 MODULE_ALIAS_LDISC(N_AX25); 1035 1036 module_init(mkiss_init_driver); 1037 module_exit(mkiss_exit_driver); 1038