xref: /linux/drivers/net/hamradio/mkiss.c (revision 3932b9ca55b0be314a36d3e84faff3e823c081f5)
1 /*
2  *  This program is free software; you can distribute it and/or modify it
3  *  under the terms of the GNU General Public License (Version 2) as
4  *  published by the Free Software Foundation.
5  *
6  *  This program is distributed in the hope it will be useful, but WITHOUT
7  *  ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
8  *  FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
9  *  for more details.
10  *
11  *  You should have received a copy of the GNU General Public License along
12  *  with this program; if not, see <http://www.gnu.org/licenses/>.
13  *
14  * Copyright (C) Hans Alblas PE1AYX <hans@esrac.ele.tue.nl>
15  * Copyright (C) 2004, 05 Ralf Baechle DL5RB <ralf@linux-mips.org>
16  * Copyright (C) 2004, 05 Thomas Osterried DL9SAU <thomas@x-berg.in-berlin.de>
17  */
18 #include <linux/module.h>
19 #include <linux/bitops.h>
20 #include <asm/uaccess.h>
21 #include <linux/crc16.h>
22 #include <linux/string.h>
23 #include <linux/mm.h>
24 #include <linux/interrupt.h>
25 #include <linux/in.h>
26 #include <linux/inet.h>
27 #include <linux/slab.h>
28 #include <linux/tty.h>
29 #include <linux/errno.h>
30 #include <linux/netdevice.h>
31 #include <linux/major.h>
32 #include <linux/init.h>
33 #include <linux/rtnetlink.h>
34 #include <linux/etherdevice.h>
35 #include <linux/skbuff.h>
36 #include <linux/if_arp.h>
37 #include <linux/jiffies.h>
38 #include <linux/compat.h>
39 
40 #include <net/ax25.h>
41 
42 #define AX_MTU		236
43 
44 /* SLIP/KISS protocol characters. */
45 #define END             0300		/* indicates end of frame	*/
46 #define ESC             0333		/* indicates byte stuffing	*/
47 #define ESC_END         0334		/* ESC ESC_END means END 'data'	*/
48 #define ESC_ESC         0335		/* ESC ESC_ESC means ESC 'data'	*/
49 
50 struct mkiss {
51 	struct tty_struct	*tty;	/* ptr to TTY structure		*/
52 	struct net_device	*dev;	/* easy for intr handling	*/
53 
54 	/* These are pointers to the malloc()ed frame buffers. */
55 	spinlock_t		buflock;/* lock for rbuf and xbuf */
56 	unsigned char		*rbuff;	/* receiver buffer		*/
57 	int			rcount;	/* received chars counter       */
58 	unsigned char		*xbuff;	/* transmitter buffer		*/
59 	unsigned char		*xhead;	/* pointer to next byte to XMIT */
60 	int			xleft;	/* bytes left in XMIT queue     */
61 
62 	/* Detailed SLIP statistics. */
63 	int		mtu;		/* Our mtu (to spot changes!)   */
64 	int		buffsize;	/* Max buffers sizes            */
65 
66 	unsigned long	flags;		/* Flag values/ mode etc	*/
67 					/* long req'd: used by set_bit --RR */
68 #define AXF_INUSE	0		/* Channel in use               */
69 #define AXF_ESCAPE	1               /* ESC received                 */
70 #define AXF_ERROR	2               /* Parity, etc. error           */
71 #define AXF_KEEPTEST	3		/* Keepalive test flag		*/
72 #define AXF_OUTWAIT	4		/* is outpacket was flag	*/
73 
74 	int		mode;
75         int		crcmode;	/* MW: for FlexNet, SMACK etc.  */
76 	int		crcauto;	/* CRC auto mode */
77 
78 #define CRC_MODE_NONE		0
79 #define CRC_MODE_FLEX		1
80 #define CRC_MODE_SMACK		2
81 #define CRC_MODE_FLEX_TEST	3
82 #define CRC_MODE_SMACK_TEST	4
83 
84 	atomic_t		refcnt;
85 	struct semaphore	dead_sem;
86 };
87 
88 /*---------------------------------------------------------------------------*/
89 
90 static const unsigned short crc_flex_table[] = {
91 	0x0f87, 0x1e0e, 0x2c95, 0x3d1c, 0x49a3, 0x582a, 0x6ab1, 0x7b38,
92 	0x83cf, 0x9246, 0xa0dd, 0xb154, 0xc5eb, 0xd462, 0xe6f9, 0xf770,
93 	0x1f06, 0x0e8f, 0x3c14, 0x2d9d, 0x5922, 0x48ab, 0x7a30, 0x6bb9,
94 	0x934e, 0x82c7, 0xb05c, 0xa1d5, 0xd56a, 0xc4e3, 0xf678, 0xe7f1,
95 	0x2e85, 0x3f0c, 0x0d97, 0x1c1e, 0x68a1, 0x7928, 0x4bb3, 0x5a3a,
96 	0xa2cd, 0xb344, 0x81df, 0x9056, 0xe4e9, 0xf560, 0xc7fb, 0xd672,
97 	0x3e04, 0x2f8d, 0x1d16, 0x0c9f, 0x7820, 0x69a9, 0x5b32, 0x4abb,
98 	0xb24c, 0xa3c5, 0x915e, 0x80d7, 0xf468, 0xe5e1, 0xd77a, 0xc6f3,
99 	0x4d83, 0x5c0a, 0x6e91, 0x7f18, 0x0ba7, 0x1a2e, 0x28b5, 0x393c,
100 	0xc1cb, 0xd042, 0xe2d9, 0xf350, 0x87ef, 0x9666, 0xa4fd, 0xb574,
101 	0x5d02, 0x4c8b, 0x7e10, 0x6f99, 0x1b26, 0x0aaf, 0x3834, 0x29bd,
102 	0xd14a, 0xc0c3, 0xf258, 0xe3d1, 0x976e, 0x86e7, 0xb47c, 0xa5f5,
103 	0x6c81, 0x7d08, 0x4f93, 0x5e1a, 0x2aa5, 0x3b2c, 0x09b7, 0x183e,
104 	0xe0c9, 0xf140, 0xc3db, 0xd252, 0xa6ed, 0xb764, 0x85ff, 0x9476,
105 	0x7c00, 0x6d89, 0x5f12, 0x4e9b, 0x3a24, 0x2bad, 0x1936, 0x08bf,
106 	0xf048, 0xe1c1, 0xd35a, 0xc2d3, 0xb66c, 0xa7e5, 0x957e, 0x84f7,
107 	0x8b8f, 0x9a06, 0xa89d, 0xb914, 0xcdab, 0xdc22, 0xeeb9, 0xff30,
108 	0x07c7, 0x164e, 0x24d5, 0x355c, 0x41e3, 0x506a, 0x62f1, 0x7378,
109 	0x9b0e, 0x8a87, 0xb81c, 0xa995, 0xdd2a, 0xcca3, 0xfe38, 0xefb1,
110 	0x1746, 0x06cf, 0x3454, 0x25dd, 0x5162, 0x40eb, 0x7270, 0x63f9,
111 	0xaa8d, 0xbb04, 0x899f, 0x9816, 0xeca9, 0xfd20, 0xcfbb, 0xde32,
112 	0x26c5, 0x374c, 0x05d7, 0x145e, 0x60e1, 0x7168, 0x43f3, 0x527a,
113 	0xba0c, 0xab85, 0x991e, 0x8897, 0xfc28, 0xeda1, 0xdf3a, 0xceb3,
114 	0x3644, 0x27cd, 0x1556, 0x04df, 0x7060, 0x61e9, 0x5372, 0x42fb,
115 	0xc98b, 0xd802, 0xea99, 0xfb10, 0x8faf, 0x9e26, 0xacbd, 0xbd34,
116 	0x45c3, 0x544a, 0x66d1, 0x7758, 0x03e7, 0x126e, 0x20f5, 0x317c,
117 	0xd90a, 0xc883, 0xfa18, 0xeb91, 0x9f2e, 0x8ea7, 0xbc3c, 0xadb5,
118 	0x5542, 0x44cb, 0x7650, 0x67d9, 0x1366, 0x02ef, 0x3074, 0x21fd,
119 	0xe889, 0xf900, 0xcb9b, 0xda12, 0xaead, 0xbf24, 0x8dbf, 0x9c36,
120 	0x64c1, 0x7548, 0x47d3, 0x565a, 0x22e5, 0x336c, 0x01f7, 0x107e,
121 	0xf808, 0xe981, 0xdb1a, 0xca93, 0xbe2c, 0xafa5, 0x9d3e, 0x8cb7,
122 	0x7440, 0x65c9, 0x5752, 0x46db, 0x3264, 0x23ed, 0x1176, 0x00ff
123 };
124 
125 static unsigned short calc_crc_flex(unsigned char *cp, int size)
126 {
127 	unsigned short crc = 0xffff;
128 
129 	while (size--)
130 		crc = (crc << 8) ^ crc_flex_table[((crc >> 8) ^ *cp++) & 0xff];
131 
132 	return crc;
133 }
134 
135 static int check_crc_flex(unsigned char *cp, int size)
136 {
137 	unsigned short crc = 0xffff;
138 
139 	if (size < 3)
140 		return -1;
141 
142 	while (size--)
143 		crc = (crc << 8) ^ crc_flex_table[((crc >> 8) ^ *cp++) & 0xff];
144 
145 	if ((crc & 0xffff) != 0x7070)
146 		return -1;
147 
148 	return 0;
149 }
150 
151 static int check_crc_16(unsigned char *cp, int size)
152 {
153 	unsigned short crc = 0x0000;
154 
155 	if (size < 3)
156 		return -1;
157 
158 	crc = crc16(0, cp, size);
159 
160 	if (crc != 0x0000)
161 		return -1;
162 
163 	return 0;
164 }
165 
166 /*
167  * Standard encapsulation
168  */
169 
170 static int kiss_esc(unsigned char *s, unsigned char *d, int len)
171 {
172 	unsigned char *ptr = d;
173 	unsigned char c;
174 
175 	/*
176 	 * Send an initial END character to flush out any data that may have
177 	 * accumulated in the receiver due to line noise.
178 	 */
179 
180 	*ptr++ = END;
181 
182 	while (len-- > 0) {
183 		switch (c = *s++) {
184 		case END:
185 			*ptr++ = ESC;
186 			*ptr++ = ESC_END;
187 			break;
188 		case ESC:
189 			*ptr++ = ESC;
190 			*ptr++ = ESC_ESC;
191 			break;
192 		default:
193 			*ptr++ = c;
194 			break;
195 		}
196 	}
197 
198 	*ptr++ = END;
199 
200 	return ptr - d;
201 }
202 
203 /*
204  * MW:
205  * OK its ugly, but tell me a better solution without copying the
206  * packet to a temporary buffer :-)
207  */
208 static int kiss_esc_crc(unsigned char *s, unsigned char *d, unsigned short crc,
209 	int len)
210 {
211 	unsigned char *ptr = d;
212 	unsigned char c=0;
213 
214 	*ptr++ = END;
215 	while (len > 0) {
216 		if (len > 2)
217 			c = *s++;
218 		else if (len > 1)
219 			c = crc >> 8;
220 		else if (len > 0)
221 			c = crc & 0xff;
222 
223 		len--;
224 
225 		switch (c) {
226 		case END:
227 			*ptr++ = ESC;
228 			*ptr++ = ESC_END;
229 			break;
230 		case ESC:
231 			*ptr++ = ESC;
232 			*ptr++ = ESC_ESC;
233 			break;
234 		default:
235 			*ptr++ = c;
236 			break;
237 		}
238 	}
239 	*ptr++ = END;
240 
241 	return ptr - d;
242 }
243 
244 /* Send one completely decapsulated AX.25 packet to the AX.25 layer. */
245 static void ax_bump(struct mkiss *ax)
246 {
247 	struct sk_buff *skb;
248 	int count;
249 
250 	spin_lock_bh(&ax->buflock);
251 	if (ax->rbuff[0] > 0x0f) {
252 		if (ax->rbuff[0] & 0x80) {
253 			if (check_crc_16(ax->rbuff, ax->rcount) < 0) {
254 				ax->dev->stats.rx_errors++;
255 				spin_unlock_bh(&ax->buflock);
256 
257 				return;
258 			}
259 			if (ax->crcmode != CRC_MODE_SMACK && ax->crcauto) {
260 				printk(KERN_INFO
261 				       "mkiss: %s: Switching to crc-smack\n",
262 				       ax->dev->name);
263 				ax->crcmode = CRC_MODE_SMACK;
264 			}
265 			ax->rcount -= 2;
266 			*ax->rbuff &= ~0x80;
267 		} else if (ax->rbuff[0] & 0x20)  {
268 			if (check_crc_flex(ax->rbuff, ax->rcount) < 0) {
269 				ax->dev->stats.rx_errors++;
270 				spin_unlock_bh(&ax->buflock);
271 				return;
272 			}
273 			if (ax->crcmode != CRC_MODE_FLEX && ax->crcauto) {
274 				printk(KERN_INFO
275 				       "mkiss: %s: Switching to crc-flexnet\n",
276 				       ax->dev->name);
277 				ax->crcmode = CRC_MODE_FLEX;
278 			}
279 			ax->rcount -= 2;
280 
281 			/*
282 			 * dl9sau bugfix: the trailling two bytes flexnet crc
283 			 * will not be passed to the kernel. thus we have to
284 			 * correct the kissparm signature, because it indicates
285 			 * a crc but there's none
286 			 */
287 			*ax->rbuff &= ~0x20;
288 		}
289  	}
290 
291 	count = ax->rcount;
292 
293 	if ((skb = dev_alloc_skb(count)) == NULL) {
294 		printk(KERN_ERR "mkiss: %s: memory squeeze, dropping packet.\n",
295 		       ax->dev->name);
296 		ax->dev->stats.rx_dropped++;
297 		spin_unlock_bh(&ax->buflock);
298 		return;
299 	}
300 
301 	memcpy(skb_put(skb,count), ax->rbuff, count);
302 	skb->protocol = ax25_type_trans(skb, ax->dev);
303 	netif_rx(skb);
304 	ax->dev->stats.rx_packets++;
305 	ax->dev->stats.rx_bytes += count;
306 	spin_unlock_bh(&ax->buflock);
307 }
308 
309 static void kiss_unesc(struct mkiss *ax, unsigned char s)
310 {
311 	switch (s) {
312 	case END:
313 		/* drop keeptest bit = VSV */
314 		if (test_bit(AXF_KEEPTEST, &ax->flags))
315 			clear_bit(AXF_KEEPTEST, &ax->flags);
316 
317 		if (!test_and_clear_bit(AXF_ERROR, &ax->flags) && (ax->rcount > 2))
318 			ax_bump(ax);
319 
320 		clear_bit(AXF_ESCAPE, &ax->flags);
321 		ax->rcount = 0;
322 		return;
323 
324 	case ESC:
325 		set_bit(AXF_ESCAPE, &ax->flags);
326 		return;
327 	case ESC_ESC:
328 		if (test_and_clear_bit(AXF_ESCAPE, &ax->flags))
329 			s = ESC;
330 		break;
331 	case ESC_END:
332 		if (test_and_clear_bit(AXF_ESCAPE, &ax->flags))
333 			s = END;
334 		break;
335 	}
336 
337 	spin_lock_bh(&ax->buflock);
338 	if (!test_bit(AXF_ERROR, &ax->flags)) {
339 		if (ax->rcount < ax->buffsize) {
340 			ax->rbuff[ax->rcount++] = s;
341 			spin_unlock_bh(&ax->buflock);
342 			return;
343 		}
344 
345 		ax->dev->stats.rx_over_errors++;
346 		set_bit(AXF_ERROR, &ax->flags);
347 	}
348 	spin_unlock_bh(&ax->buflock);
349 }
350 
351 static int ax_set_mac_address(struct net_device *dev, void *addr)
352 {
353 	struct sockaddr_ax25 *sa = addr;
354 
355 	netif_tx_lock_bh(dev);
356 	netif_addr_lock(dev);
357 	memcpy(dev->dev_addr, &sa->sax25_call, AX25_ADDR_LEN);
358 	netif_addr_unlock(dev);
359 	netif_tx_unlock_bh(dev);
360 
361 	return 0;
362 }
363 
364 /*---------------------------------------------------------------------------*/
365 
366 static void ax_changedmtu(struct mkiss *ax)
367 {
368 	struct net_device *dev = ax->dev;
369 	unsigned char *xbuff, *rbuff, *oxbuff, *orbuff;
370 	int len;
371 
372 	len = dev->mtu * 2;
373 
374 	/*
375 	 * allow for arrival of larger UDP packets, even if we say not to
376 	 * also fixes a bug in which SunOS sends 512-byte packets even with
377 	 * an MSS of 128
378 	 */
379 	if (len < 576 * 2)
380 		len = 576 * 2;
381 
382 	xbuff = kmalloc(len + 4, GFP_ATOMIC);
383 	rbuff = kmalloc(len + 4, GFP_ATOMIC);
384 
385 	if (xbuff == NULL || rbuff == NULL)  {
386 		printk(KERN_ERR "mkiss: %s: unable to grow ax25 buffers, "
387 		       "MTU change cancelled.\n",
388 		       ax->dev->name);
389 		dev->mtu = ax->mtu;
390 		kfree(xbuff);
391 		kfree(rbuff);
392 		return;
393 	}
394 
395 	spin_lock_bh(&ax->buflock);
396 
397 	oxbuff    = ax->xbuff;
398 	ax->xbuff = xbuff;
399 	orbuff    = ax->rbuff;
400 	ax->rbuff = rbuff;
401 
402 	if (ax->xleft) {
403 		if (ax->xleft <= len) {
404 			memcpy(ax->xbuff, ax->xhead, ax->xleft);
405 		} else  {
406 			ax->xleft = 0;
407 			dev->stats.tx_dropped++;
408 		}
409 	}
410 
411 	ax->xhead = ax->xbuff;
412 
413 	if (ax->rcount) {
414 		if (ax->rcount <= len) {
415 			memcpy(ax->rbuff, orbuff, ax->rcount);
416 		} else  {
417 			ax->rcount = 0;
418 			dev->stats.rx_over_errors++;
419 			set_bit(AXF_ERROR, &ax->flags);
420 		}
421 	}
422 
423 	ax->mtu      = dev->mtu + 73;
424 	ax->buffsize = len;
425 
426 	spin_unlock_bh(&ax->buflock);
427 
428 	kfree(oxbuff);
429 	kfree(orbuff);
430 }
431 
432 /* Encapsulate one AX.25 packet and stuff into a TTY queue. */
433 static void ax_encaps(struct net_device *dev, unsigned char *icp, int len)
434 {
435 	struct mkiss *ax = netdev_priv(dev);
436 	unsigned char *p;
437 	int actual, count;
438 
439 	if (ax->mtu != ax->dev->mtu + 73)	/* Someone has been ifconfigging */
440 		ax_changedmtu(ax);
441 
442 	if (len > ax->mtu) {		/* Sigh, shouldn't occur BUT ... */
443 		len = ax->mtu;
444 		printk(KERN_ERR "mkiss: %s: truncating oversized transmit packet!\n", ax->dev->name);
445 		dev->stats.tx_dropped++;
446 		netif_start_queue(dev);
447 		return;
448 	}
449 
450 	p = icp;
451 
452 	spin_lock_bh(&ax->buflock);
453 	if ((*p & 0x0f) != 0) {
454 		/* Configuration Command (kissparms(1).
455 		 * Protocol spec says: never append CRC.
456 		 * This fixes a very old bug in the linux
457 		 * kiss driver. -- dl9sau */
458 		switch (*p & 0xff) {
459 		case 0x85:
460 			/* command from userspace especially for us,
461 			 * not for delivery to the tnc */
462 			if (len > 1) {
463 				int cmd = (p[1] & 0xff);
464 				switch(cmd) {
465 				case 3:
466 				  ax->crcmode = CRC_MODE_SMACK;
467 				  break;
468 				case 2:
469 				  ax->crcmode = CRC_MODE_FLEX;
470 				  break;
471 				case 1:
472 				  ax->crcmode = CRC_MODE_NONE;
473 				  break;
474 				case 0:
475 				default:
476 				  ax->crcmode = CRC_MODE_SMACK_TEST;
477 				  cmd = 0;
478 				}
479 				ax->crcauto = (cmd ? 0 : 1);
480 				printk(KERN_INFO "mkiss: %s: crc mode %s %d\n", ax->dev->name, (len) ? "set to" : "is", cmd);
481 			}
482 			spin_unlock_bh(&ax->buflock);
483 			netif_start_queue(dev);
484 
485 			return;
486 		default:
487 			count = kiss_esc(p, ax->xbuff, len);
488 		}
489 	} else {
490 		unsigned short crc;
491 		switch (ax->crcmode) {
492 		case CRC_MODE_SMACK_TEST:
493 			ax->crcmode  = CRC_MODE_FLEX_TEST;
494 			printk(KERN_INFO "mkiss: %s: Trying crc-smack\n", ax->dev->name);
495 			// fall through
496 		case CRC_MODE_SMACK:
497 			*p |= 0x80;
498 			crc = swab16(crc16(0, p, len));
499 			count = kiss_esc_crc(p, ax->xbuff, crc, len+2);
500 			break;
501 		case CRC_MODE_FLEX_TEST:
502 			ax->crcmode = CRC_MODE_NONE;
503 			printk(KERN_INFO "mkiss: %s: Trying crc-flexnet\n", ax->dev->name);
504 			// fall through
505 		case CRC_MODE_FLEX:
506 			*p |= 0x20;
507 			crc = calc_crc_flex(p, len);
508 			count = kiss_esc_crc(p, ax->xbuff, crc, len+2);
509 			break;
510 
511 		default:
512 			count = kiss_esc(p, ax->xbuff, len);
513 		}
514   	}
515 	spin_unlock_bh(&ax->buflock);
516 
517 	set_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags);
518 	actual = ax->tty->ops->write(ax->tty, ax->xbuff, count);
519 	dev->stats.tx_packets++;
520 	dev->stats.tx_bytes += actual;
521 
522 	ax->dev->trans_start = jiffies;
523 	ax->xleft = count - actual;
524 	ax->xhead = ax->xbuff + actual;
525 }
526 
527 /* Encapsulate an AX.25 packet and kick it into a TTY queue. */
528 static netdev_tx_t ax_xmit(struct sk_buff *skb, struct net_device *dev)
529 {
530 	struct mkiss *ax = netdev_priv(dev);
531 
532 	if (!netif_running(dev))  {
533 		printk(KERN_ERR "mkiss: %s: xmit call when iface is down\n", dev->name);
534 		return NETDEV_TX_BUSY;
535 	}
536 
537 	if (netif_queue_stopped(dev)) {
538 		/*
539 		 * May be we must check transmitter timeout here ?
540 		 *      14 Oct 1994 Dmitry Gorodchanin.
541 		 */
542 		if (time_before(jiffies, dev->trans_start + 20 * HZ)) {
543 			/* 20 sec timeout not reached */
544 			return NETDEV_TX_BUSY;
545 		}
546 
547 		printk(KERN_ERR "mkiss: %s: transmit timed out, %s?\n", dev->name,
548 		       (tty_chars_in_buffer(ax->tty) || ax->xleft) ?
549 		       "bad line quality" : "driver error");
550 
551 		ax->xleft = 0;
552 		clear_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags);
553 		netif_start_queue(dev);
554 	}
555 
556 	/* We were not busy, so we are now... :-) */
557 	if (skb != NULL) {
558 		netif_stop_queue(dev);
559 		ax_encaps(dev, skb->data, skb->len);
560 		kfree_skb(skb);
561 	}
562 
563 	return NETDEV_TX_OK;
564 }
565 
566 static int ax_open_dev(struct net_device *dev)
567 {
568 	struct mkiss *ax = netdev_priv(dev);
569 
570 	if (ax->tty == NULL)
571 		return -ENODEV;
572 
573 	return 0;
574 }
575 
576 #if defined(CONFIG_AX25) || defined(CONFIG_AX25_MODULE)
577 
578 /* Return the frame type ID */
579 static int ax_header(struct sk_buff *skb, struct net_device *dev,
580 		     unsigned short type, const void *daddr,
581 		     const void *saddr, unsigned len)
582 {
583 #ifdef CONFIG_INET
584 	if (type != ETH_P_AX25)
585 		return ax25_hard_header(skb, dev, type, daddr, saddr, len);
586 #endif
587 	return 0;
588 }
589 
590 
591 static int ax_rebuild_header(struct sk_buff *skb)
592 {
593 #ifdef CONFIG_INET
594 	return ax25_rebuild_header(skb);
595 #else
596 	return 0;
597 #endif
598 }
599 
600 #endif	/* CONFIG_{AX25,AX25_MODULE} */
601 
602 /* Open the low-level part of the AX25 channel. Easy! */
603 static int ax_open(struct net_device *dev)
604 {
605 	struct mkiss *ax = netdev_priv(dev);
606 	unsigned long len;
607 
608 	if (ax->tty == NULL)
609 		return -ENODEV;
610 
611 	/*
612 	 * Allocate the frame buffers:
613 	 *
614 	 * rbuff	Receive buffer.
615 	 * xbuff	Transmit buffer.
616 	 */
617 	len = dev->mtu * 2;
618 
619 	/*
620 	 * allow for arrival of larger UDP packets, even if we say not to
621 	 * also fixes a bug in which SunOS sends 512-byte packets even with
622 	 * an MSS of 128
623 	 */
624 	if (len < 576 * 2)
625 		len = 576 * 2;
626 
627 	if ((ax->rbuff = kmalloc(len + 4, GFP_KERNEL)) == NULL)
628 		goto norbuff;
629 
630 	if ((ax->xbuff = kmalloc(len + 4, GFP_KERNEL)) == NULL)
631 		goto noxbuff;
632 
633 	ax->mtu	     = dev->mtu + 73;
634 	ax->buffsize = len;
635 	ax->rcount   = 0;
636 	ax->xleft    = 0;
637 
638 	ax->flags   &= (1 << AXF_INUSE);      /* Clear ESCAPE & ERROR flags */
639 
640 	spin_lock_init(&ax->buflock);
641 
642 	return 0;
643 
644 noxbuff:
645 	kfree(ax->rbuff);
646 
647 norbuff:
648 	return -ENOMEM;
649 }
650 
651 
652 /* Close the low-level part of the AX25 channel. Easy! */
653 static int ax_close(struct net_device *dev)
654 {
655 	struct mkiss *ax = netdev_priv(dev);
656 
657 	if (ax->tty)
658 		clear_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags);
659 
660 	netif_stop_queue(dev);
661 
662 	return 0;
663 }
664 
665 static const struct header_ops ax_header_ops = {
666 	.create    = ax_header,
667 	.rebuild   = ax_rebuild_header,
668 };
669 
670 static const struct net_device_ops ax_netdev_ops = {
671 	.ndo_open            = ax_open_dev,
672 	.ndo_stop            = ax_close,
673 	.ndo_start_xmit	     = ax_xmit,
674 	.ndo_set_mac_address = ax_set_mac_address,
675 };
676 
677 static void ax_setup(struct net_device *dev)
678 {
679 	/* Finish setting up the DEVICE info. */
680 	dev->mtu             = AX_MTU;
681 	dev->hard_header_len = 0;
682 	dev->addr_len        = 0;
683 	dev->type            = ARPHRD_AX25;
684 	dev->tx_queue_len    = 10;
685 	dev->header_ops      = &ax_header_ops;
686 	dev->netdev_ops	     = &ax_netdev_ops;
687 
688 
689 	memcpy(dev->broadcast, &ax25_bcast, AX25_ADDR_LEN);
690 	memcpy(dev->dev_addr,  &ax25_defaddr,  AX25_ADDR_LEN);
691 
692 	dev->flags      = IFF_BROADCAST | IFF_MULTICAST;
693 }
694 
695 /*
696  * We have a potential race on dereferencing tty->disc_data, because the tty
697  * layer provides no locking at all - thus one cpu could be running
698  * sixpack_receive_buf while another calls sixpack_close, which zeroes
699  * tty->disc_data and frees the memory that sixpack_receive_buf is using.  The
700  * best way to fix this is to use a rwlock in the tty struct, but for now we
701  * use a single global rwlock for all ttys in ppp line discipline.
702  */
703 static DEFINE_RWLOCK(disc_data_lock);
704 
705 static struct mkiss *mkiss_get(struct tty_struct *tty)
706 {
707 	struct mkiss *ax;
708 
709 	read_lock(&disc_data_lock);
710 	ax = tty->disc_data;
711 	if (ax)
712 		atomic_inc(&ax->refcnt);
713 	read_unlock(&disc_data_lock);
714 
715 	return ax;
716 }
717 
718 static void mkiss_put(struct mkiss *ax)
719 {
720 	if (atomic_dec_and_test(&ax->refcnt))
721 		up(&ax->dead_sem);
722 }
723 
724 static int crc_force = 0;	/* Can be overridden with insmod */
725 
726 static int mkiss_open(struct tty_struct *tty)
727 {
728 	struct net_device *dev;
729 	struct mkiss *ax;
730 	int err;
731 
732 	if (!capable(CAP_NET_ADMIN))
733 		return -EPERM;
734 	if (tty->ops->write == NULL)
735 		return -EOPNOTSUPP;
736 
737 	dev = alloc_netdev(sizeof(struct mkiss), "ax%d", NET_NAME_UNKNOWN,
738 			   ax_setup);
739 	if (!dev) {
740 		err = -ENOMEM;
741 		goto out;
742 	}
743 
744 	ax = netdev_priv(dev);
745 	ax->dev = dev;
746 
747 	spin_lock_init(&ax->buflock);
748 	atomic_set(&ax->refcnt, 1);
749 	sema_init(&ax->dead_sem, 0);
750 
751 	ax->tty = tty;
752 	tty->disc_data = ax;
753 	tty->receive_room = 65535;
754 
755 	tty_driver_flush_buffer(tty);
756 
757 	/* Restore default settings */
758 	dev->type = ARPHRD_AX25;
759 
760 	/* Perform the low-level AX25 initialization. */
761 	if ((err = ax_open(ax->dev))) {
762 		goto out_free_netdev;
763 	}
764 
765 	if (register_netdev(dev))
766 		goto out_free_buffers;
767 
768 	/* after register_netdev() - because else printk smashes the kernel */
769 	switch (crc_force) {
770 	case 3:
771 		ax->crcmode  = CRC_MODE_SMACK;
772 		printk(KERN_INFO "mkiss: %s: crc mode smack forced.\n",
773 		       ax->dev->name);
774 		break;
775 	case 2:
776 		ax->crcmode  = CRC_MODE_FLEX;
777 		printk(KERN_INFO "mkiss: %s: crc mode flexnet forced.\n",
778 		       ax->dev->name);
779 		break;
780 	case 1:
781 		ax->crcmode  = CRC_MODE_NONE;
782 		printk(KERN_INFO "mkiss: %s: crc mode disabled.\n",
783 		       ax->dev->name);
784 		break;
785 	case 0:
786 		/* fall through */
787 	default:
788 		crc_force = 0;
789 		printk(KERN_INFO "mkiss: %s: crc mode is auto.\n",
790 		       ax->dev->name);
791 		ax->crcmode  = CRC_MODE_SMACK_TEST;
792 	}
793 	ax->crcauto = (crc_force ? 0 : 1);
794 
795 	netif_start_queue(dev);
796 
797 	/* Done.  We have linked the TTY line to a channel. */
798 	return 0;
799 
800 out_free_buffers:
801 	kfree(ax->rbuff);
802 	kfree(ax->xbuff);
803 
804 out_free_netdev:
805 	free_netdev(dev);
806 
807 out:
808 	return err;
809 }
810 
811 static void mkiss_close(struct tty_struct *tty)
812 {
813 	struct mkiss *ax;
814 
815 	write_lock_bh(&disc_data_lock);
816 	ax = tty->disc_data;
817 	tty->disc_data = NULL;
818 	write_unlock_bh(&disc_data_lock);
819 
820 	if (!ax)
821 		return;
822 
823 	/*
824 	 * We have now ensured that nobody can start using ap from now on, but
825 	 * we have to wait for all existing users to finish.
826 	 */
827 	if (!atomic_dec_and_test(&ax->refcnt))
828 		down(&ax->dead_sem);
829 
830 	unregister_netdev(ax->dev);
831 
832 	/* Free all AX25 frame buffers. */
833 	kfree(ax->rbuff);
834 	kfree(ax->xbuff);
835 
836 	ax->tty = NULL;
837 }
838 
839 /* Perform I/O control on an active ax25 channel. */
840 static int mkiss_ioctl(struct tty_struct *tty, struct file *file,
841 	unsigned int cmd, unsigned long arg)
842 {
843 	struct mkiss *ax = mkiss_get(tty);
844 	struct net_device *dev;
845 	unsigned int tmp, err;
846 
847 	/* First make sure we're connected. */
848 	if (ax == NULL)
849 		return -ENXIO;
850 	dev = ax->dev;
851 
852 	switch (cmd) {
853  	case SIOCGIFNAME:
854 		err = copy_to_user((void __user *) arg, ax->dev->name,
855 		                   strlen(ax->dev->name) + 1) ? -EFAULT : 0;
856 		break;
857 
858 	case SIOCGIFENCAP:
859 		err = put_user(4, (int __user *) arg);
860 		break;
861 
862 	case SIOCSIFENCAP:
863 		if (get_user(tmp, (int __user *) arg)) {
864 			err = -EFAULT;
865 			break;
866 		}
867 
868 		ax->mode = tmp;
869 		dev->addr_len        = AX25_ADDR_LEN;
870 		dev->hard_header_len = AX25_KISS_HEADER_LEN +
871 		                       AX25_MAX_HEADER_LEN + 3;
872 		dev->type            = ARPHRD_AX25;
873 
874 		err = 0;
875 		break;
876 
877 	case SIOCSIFHWADDR: {
878 		char addr[AX25_ADDR_LEN];
879 
880 		if (copy_from_user(&addr,
881 		                   (void __user *) arg, AX25_ADDR_LEN)) {
882 			err = -EFAULT;
883 			break;
884 		}
885 
886 		netif_tx_lock_bh(dev);
887 		memcpy(dev->dev_addr, addr, AX25_ADDR_LEN);
888 		netif_tx_unlock_bh(dev);
889 
890 		err = 0;
891 		break;
892 	}
893 	default:
894 		err = -ENOIOCTLCMD;
895 	}
896 
897 	mkiss_put(ax);
898 
899 	return err;
900 }
901 
902 #ifdef CONFIG_COMPAT
903 static long mkiss_compat_ioctl(struct tty_struct *tty, struct file *file,
904 	unsigned int cmd, unsigned long arg)
905 {
906 	switch (cmd) {
907 	case SIOCGIFNAME:
908 	case SIOCGIFENCAP:
909 	case SIOCSIFENCAP:
910 	case SIOCSIFHWADDR:
911 		return mkiss_ioctl(tty, file, cmd,
912 				   (unsigned long)compat_ptr(arg));
913 	}
914 
915 	return -ENOIOCTLCMD;
916 }
917 #endif
918 
919 /*
920  * Handle the 'receiver data ready' interrupt.
921  * This function is called by the 'tty_io' module in the kernel when
922  * a block of data has been received, which can now be decapsulated
923  * and sent on to the AX.25 layer for further processing.
924  */
925 static void mkiss_receive_buf(struct tty_struct *tty, const unsigned char *cp,
926 	char *fp, int count)
927 {
928 	struct mkiss *ax = mkiss_get(tty);
929 
930 	if (!ax)
931 		return;
932 
933 	/*
934 	 * Argh! mtu change time! - costs us the packet part received
935 	 * at the change
936 	 */
937 	if (ax->mtu != ax->dev->mtu + 73)
938 		ax_changedmtu(ax);
939 
940 	/* Read the characters out of the buffer */
941 	while (count--) {
942 		if (fp != NULL && *fp++) {
943 			if (!test_and_set_bit(AXF_ERROR, &ax->flags))
944 				ax->dev->stats.rx_errors++;
945 			cp++;
946 			continue;
947 		}
948 
949 		kiss_unesc(ax, *cp++);
950 	}
951 
952 	mkiss_put(ax);
953 	tty_unthrottle(tty);
954 }
955 
956 /*
957  * Called by the driver when there's room for more data.  If we have
958  * more packets to send, we send them here.
959  */
960 static void mkiss_write_wakeup(struct tty_struct *tty)
961 {
962 	struct mkiss *ax = mkiss_get(tty);
963 	int actual;
964 
965 	if (!ax)
966 		return;
967 
968 	if (ax->xleft <= 0)  {
969 		/* Now serial buffer is almost free & we can start
970 		 * transmission of another packet
971 		 */
972 		clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
973 
974 		netif_wake_queue(ax->dev);
975 		goto out;
976 	}
977 
978 	actual = tty->ops->write(tty, ax->xhead, ax->xleft);
979 	ax->xleft -= actual;
980 	ax->xhead += actual;
981 
982 out:
983 	mkiss_put(ax);
984 }
985 
986 static struct tty_ldisc_ops ax_ldisc = {
987 	.owner		= THIS_MODULE,
988 	.magic		= TTY_LDISC_MAGIC,
989 	.name		= "mkiss",
990 	.open		= mkiss_open,
991 	.close		= mkiss_close,
992 	.ioctl		= mkiss_ioctl,
993 #ifdef CONFIG_COMPAT
994 	.compat_ioctl	= mkiss_compat_ioctl,
995 #endif
996 	.receive_buf	= mkiss_receive_buf,
997 	.write_wakeup	= mkiss_write_wakeup
998 };
999 
1000 static const char banner[] __initconst = KERN_INFO \
1001 	"mkiss: AX.25 Multikiss, Hans Albas PE1AYX\n";
1002 static const char msg_regfail[] __initconst = KERN_ERR \
1003 	"mkiss: can't register line discipline (err = %d)\n";
1004 
1005 static int __init mkiss_init_driver(void)
1006 {
1007 	int status;
1008 
1009 	printk(banner);
1010 
1011 	status = tty_register_ldisc(N_AX25, &ax_ldisc);
1012 	if (status != 0)
1013 		printk(msg_regfail, status);
1014 
1015 	return status;
1016 }
1017 
1018 static const char msg_unregfail[] = KERN_ERR \
1019 	"mkiss: can't unregister line discipline (err = %d)\n";
1020 
1021 static void __exit mkiss_exit_driver(void)
1022 {
1023 	int ret;
1024 
1025 	if ((ret = tty_unregister_ldisc(N_AX25)))
1026 		printk(msg_unregfail, ret);
1027 }
1028 
1029 MODULE_AUTHOR("Ralf Baechle DL5RB <ralf@linux-mips.org>");
1030 MODULE_DESCRIPTION("KISS driver for AX.25 over TTYs");
1031 module_param(crc_force, int, 0);
1032 MODULE_PARM_DESC(crc_force, "crc [0 = auto | 1 = none | 2 = flexnet | 3 = smack]");
1033 MODULE_LICENSE("GPL");
1034 MODULE_ALIAS_LDISC(N_AX25);
1035 
1036 module_init(mkiss_init_driver);
1037 module_exit(mkiss_exit_driver);
1038