1 /* 2 * This program is free software; you can distribute it and/or modify it 3 * under the terms of the GNU General Public License (Version 2) as 4 * published by the Free Software Foundation. 5 * 6 * This program is distributed in the hope it will be useful, but WITHOUT 7 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 8 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 9 * for more details. 10 * 11 * You should have received a copy of the GNU General Public License along 12 * with this program; if not, see <http://www.gnu.org/licenses/>. 13 * 14 * Copyright (C) Hans Alblas PE1AYX <hans@esrac.ele.tue.nl> 15 * Copyright (C) 2004, 05 Ralf Baechle DL5RB <ralf@linux-mips.org> 16 * Copyright (C) 2004, 05 Thomas Osterried DL9SAU <thomas@x-berg.in-berlin.de> 17 */ 18 #include <linux/module.h> 19 #include <linux/bitops.h> 20 #include <linux/uaccess.h> 21 #include <linux/crc16.h> 22 #include <linux/string.h> 23 #include <linux/mm.h> 24 #include <linux/interrupt.h> 25 #include <linux/in.h> 26 #include <linux/inet.h> 27 #include <linux/slab.h> 28 #include <linux/tty.h> 29 #include <linux/errno.h> 30 #include <linux/netdevice.h> 31 #include <linux/major.h> 32 #include <linux/init.h> 33 #include <linux/rtnetlink.h> 34 #include <linux/etherdevice.h> 35 #include <linux/skbuff.h> 36 #include <linux/if_arp.h> 37 #include <linux/jiffies.h> 38 #include <linux/compat.h> 39 40 #include <net/ax25.h> 41 42 #define AX_MTU 236 43 44 /* SLIP/KISS protocol characters. */ 45 #define END 0300 /* indicates end of frame */ 46 #define ESC 0333 /* indicates byte stuffing */ 47 #define ESC_END 0334 /* ESC ESC_END means END 'data' */ 48 #define ESC_ESC 0335 /* ESC ESC_ESC means ESC 'data' */ 49 50 struct mkiss { 51 struct tty_struct *tty; /* ptr to TTY structure */ 52 struct net_device *dev; /* easy for intr handling */ 53 54 /* These are pointers to the malloc()ed frame buffers. */ 55 spinlock_t buflock;/* lock for rbuf and xbuf */ 56 unsigned char *rbuff; /* receiver buffer */ 57 int rcount; /* received chars counter */ 58 unsigned char *xbuff; /* transmitter buffer */ 59 unsigned char *xhead; /* pointer to next byte to XMIT */ 60 int xleft; /* bytes left in XMIT queue */ 61 62 /* Detailed SLIP statistics. */ 63 int mtu; /* Our mtu (to spot changes!) */ 64 int buffsize; /* Max buffers sizes */ 65 66 unsigned long flags; /* Flag values/ mode etc */ 67 /* long req'd: used by set_bit --RR */ 68 #define AXF_INUSE 0 /* Channel in use */ 69 #define AXF_ESCAPE 1 /* ESC received */ 70 #define AXF_ERROR 2 /* Parity, etc. error */ 71 #define AXF_KEEPTEST 3 /* Keepalive test flag */ 72 #define AXF_OUTWAIT 4 /* is outpacket was flag */ 73 74 int mode; 75 int crcmode; /* MW: for FlexNet, SMACK etc. */ 76 int crcauto; /* CRC auto mode */ 77 78 #define CRC_MODE_NONE 0 79 #define CRC_MODE_FLEX 1 80 #define CRC_MODE_SMACK 2 81 #define CRC_MODE_FLEX_TEST 3 82 #define CRC_MODE_SMACK_TEST 4 83 84 atomic_t refcnt; 85 struct semaphore dead_sem; 86 }; 87 88 /*---------------------------------------------------------------------------*/ 89 90 static const unsigned short crc_flex_table[] = { 91 0x0f87, 0x1e0e, 0x2c95, 0x3d1c, 0x49a3, 0x582a, 0x6ab1, 0x7b38, 92 0x83cf, 0x9246, 0xa0dd, 0xb154, 0xc5eb, 0xd462, 0xe6f9, 0xf770, 93 0x1f06, 0x0e8f, 0x3c14, 0x2d9d, 0x5922, 0x48ab, 0x7a30, 0x6bb9, 94 0x934e, 0x82c7, 0xb05c, 0xa1d5, 0xd56a, 0xc4e3, 0xf678, 0xe7f1, 95 0x2e85, 0x3f0c, 0x0d97, 0x1c1e, 0x68a1, 0x7928, 0x4bb3, 0x5a3a, 96 0xa2cd, 0xb344, 0x81df, 0x9056, 0xe4e9, 0xf560, 0xc7fb, 0xd672, 97 0x3e04, 0x2f8d, 0x1d16, 0x0c9f, 0x7820, 0x69a9, 0x5b32, 0x4abb, 98 0xb24c, 0xa3c5, 0x915e, 0x80d7, 0xf468, 0xe5e1, 0xd77a, 0xc6f3, 99 0x4d83, 0x5c0a, 0x6e91, 0x7f18, 0x0ba7, 0x1a2e, 0x28b5, 0x393c, 100 0xc1cb, 0xd042, 0xe2d9, 0xf350, 0x87ef, 0x9666, 0xa4fd, 0xb574, 101 0x5d02, 0x4c8b, 0x7e10, 0x6f99, 0x1b26, 0x0aaf, 0x3834, 0x29bd, 102 0xd14a, 0xc0c3, 0xf258, 0xe3d1, 0x976e, 0x86e7, 0xb47c, 0xa5f5, 103 0x6c81, 0x7d08, 0x4f93, 0x5e1a, 0x2aa5, 0x3b2c, 0x09b7, 0x183e, 104 0xe0c9, 0xf140, 0xc3db, 0xd252, 0xa6ed, 0xb764, 0x85ff, 0x9476, 105 0x7c00, 0x6d89, 0x5f12, 0x4e9b, 0x3a24, 0x2bad, 0x1936, 0x08bf, 106 0xf048, 0xe1c1, 0xd35a, 0xc2d3, 0xb66c, 0xa7e5, 0x957e, 0x84f7, 107 0x8b8f, 0x9a06, 0xa89d, 0xb914, 0xcdab, 0xdc22, 0xeeb9, 0xff30, 108 0x07c7, 0x164e, 0x24d5, 0x355c, 0x41e3, 0x506a, 0x62f1, 0x7378, 109 0x9b0e, 0x8a87, 0xb81c, 0xa995, 0xdd2a, 0xcca3, 0xfe38, 0xefb1, 110 0x1746, 0x06cf, 0x3454, 0x25dd, 0x5162, 0x40eb, 0x7270, 0x63f9, 111 0xaa8d, 0xbb04, 0x899f, 0x9816, 0xeca9, 0xfd20, 0xcfbb, 0xde32, 112 0x26c5, 0x374c, 0x05d7, 0x145e, 0x60e1, 0x7168, 0x43f3, 0x527a, 113 0xba0c, 0xab85, 0x991e, 0x8897, 0xfc28, 0xeda1, 0xdf3a, 0xceb3, 114 0x3644, 0x27cd, 0x1556, 0x04df, 0x7060, 0x61e9, 0x5372, 0x42fb, 115 0xc98b, 0xd802, 0xea99, 0xfb10, 0x8faf, 0x9e26, 0xacbd, 0xbd34, 116 0x45c3, 0x544a, 0x66d1, 0x7758, 0x03e7, 0x126e, 0x20f5, 0x317c, 117 0xd90a, 0xc883, 0xfa18, 0xeb91, 0x9f2e, 0x8ea7, 0xbc3c, 0xadb5, 118 0x5542, 0x44cb, 0x7650, 0x67d9, 0x1366, 0x02ef, 0x3074, 0x21fd, 119 0xe889, 0xf900, 0xcb9b, 0xda12, 0xaead, 0xbf24, 0x8dbf, 0x9c36, 120 0x64c1, 0x7548, 0x47d3, 0x565a, 0x22e5, 0x336c, 0x01f7, 0x107e, 121 0xf808, 0xe981, 0xdb1a, 0xca93, 0xbe2c, 0xafa5, 0x9d3e, 0x8cb7, 122 0x7440, 0x65c9, 0x5752, 0x46db, 0x3264, 0x23ed, 0x1176, 0x00ff 123 }; 124 125 static unsigned short calc_crc_flex(unsigned char *cp, int size) 126 { 127 unsigned short crc = 0xffff; 128 129 while (size--) 130 crc = (crc << 8) ^ crc_flex_table[((crc >> 8) ^ *cp++) & 0xff]; 131 132 return crc; 133 } 134 135 static int check_crc_flex(unsigned char *cp, int size) 136 { 137 unsigned short crc = 0xffff; 138 139 if (size < 3) 140 return -1; 141 142 while (size--) 143 crc = (crc << 8) ^ crc_flex_table[((crc >> 8) ^ *cp++) & 0xff]; 144 145 if ((crc & 0xffff) != 0x7070) 146 return -1; 147 148 return 0; 149 } 150 151 static int check_crc_16(unsigned char *cp, int size) 152 { 153 unsigned short crc = 0x0000; 154 155 if (size < 3) 156 return -1; 157 158 crc = crc16(0, cp, size); 159 160 if (crc != 0x0000) 161 return -1; 162 163 return 0; 164 } 165 166 /* 167 * Standard encapsulation 168 */ 169 170 static int kiss_esc(unsigned char *s, unsigned char *d, int len) 171 { 172 unsigned char *ptr = d; 173 unsigned char c; 174 175 /* 176 * Send an initial END character to flush out any data that may have 177 * accumulated in the receiver due to line noise. 178 */ 179 180 *ptr++ = END; 181 182 while (len-- > 0) { 183 switch (c = *s++) { 184 case END: 185 *ptr++ = ESC; 186 *ptr++ = ESC_END; 187 break; 188 case ESC: 189 *ptr++ = ESC; 190 *ptr++ = ESC_ESC; 191 break; 192 default: 193 *ptr++ = c; 194 break; 195 } 196 } 197 198 *ptr++ = END; 199 200 return ptr - d; 201 } 202 203 /* 204 * MW: 205 * OK its ugly, but tell me a better solution without copying the 206 * packet to a temporary buffer :-) 207 */ 208 static int kiss_esc_crc(unsigned char *s, unsigned char *d, unsigned short crc, 209 int len) 210 { 211 unsigned char *ptr = d; 212 unsigned char c=0; 213 214 *ptr++ = END; 215 while (len > 0) { 216 if (len > 2) 217 c = *s++; 218 else if (len > 1) 219 c = crc >> 8; 220 else 221 c = crc & 0xff; 222 223 len--; 224 225 switch (c) { 226 case END: 227 *ptr++ = ESC; 228 *ptr++ = ESC_END; 229 break; 230 case ESC: 231 *ptr++ = ESC; 232 *ptr++ = ESC_ESC; 233 break; 234 default: 235 *ptr++ = c; 236 break; 237 } 238 } 239 *ptr++ = END; 240 241 return ptr - d; 242 } 243 244 /* Send one completely decapsulated AX.25 packet to the AX.25 layer. */ 245 static void ax_bump(struct mkiss *ax) 246 { 247 struct sk_buff *skb; 248 int count; 249 250 spin_lock_bh(&ax->buflock); 251 if (ax->rbuff[0] > 0x0f) { 252 if (ax->rbuff[0] & 0x80) { 253 if (check_crc_16(ax->rbuff, ax->rcount) < 0) { 254 ax->dev->stats.rx_errors++; 255 spin_unlock_bh(&ax->buflock); 256 257 return; 258 } 259 if (ax->crcmode != CRC_MODE_SMACK && ax->crcauto) { 260 printk(KERN_INFO 261 "mkiss: %s: Switching to crc-smack\n", 262 ax->dev->name); 263 ax->crcmode = CRC_MODE_SMACK; 264 } 265 ax->rcount -= 2; 266 *ax->rbuff &= ~0x80; 267 } else if (ax->rbuff[0] & 0x20) { 268 if (check_crc_flex(ax->rbuff, ax->rcount) < 0) { 269 ax->dev->stats.rx_errors++; 270 spin_unlock_bh(&ax->buflock); 271 return; 272 } 273 if (ax->crcmode != CRC_MODE_FLEX && ax->crcauto) { 274 printk(KERN_INFO 275 "mkiss: %s: Switching to crc-flexnet\n", 276 ax->dev->name); 277 ax->crcmode = CRC_MODE_FLEX; 278 } 279 ax->rcount -= 2; 280 281 /* 282 * dl9sau bugfix: the trailling two bytes flexnet crc 283 * will not be passed to the kernel. thus we have to 284 * correct the kissparm signature, because it indicates 285 * a crc but there's none 286 */ 287 *ax->rbuff &= ~0x20; 288 } 289 } 290 291 count = ax->rcount; 292 293 if ((skb = dev_alloc_skb(count)) == NULL) { 294 printk(KERN_ERR "mkiss: %s: memory squeeze, dropping packet.\n", 295 ax->dev->name); 296 ax->dev->stats.rx_dropped++; 297 spin_unlock_bh(&ax->buflock); 298 return; 299 } 300 301 skb_put_data(skb, ax->rbuff, count); 302 skb->protocol = ax25_type_trans(skb, ax->dev); 303 netif_rx(skb); 304 ax->dev->stats.rx_packets++; 305 ax->dev->stats.rx_bytes += count; 306 spin_unlock_bh(&ax->buflock); 307 } 308 309 static void kiss_unesc(struct mkiss *ax, unsigned char s) 310 { 311 switch (s) { 312 case END: 313 /* drop keeptest bit = VSV */ 314 if (test_bit(AXF_KEEPTEST, &ax->flags)) 315 clear_bit(AXF_KEEPTEST, &ax->flags); 316 317 if (!test_and_clear_bit(AXF_ERROR, &ax->flags) && (ax->rcount > 2)) 318 ax_bump(ax); 319 320 clear_bit(AXF_ESCAPE, &ax->flags); 321 ax->rcount = 0; 322 return; 323 324 case ESC: 325 set_bit(AXF_ESCAPE, &ax->flags); 326 return; 327 case ESC_ESC: 328 if (test_and_clear_bit(AXF_ESCAPE, &ax->flags)) 329 s = ESC; 330 break; 331 case ESC_END: 332 if (test_and_clear_bit(AXF_ESCAPE, &ax->flags)) 333 s = END; 334 break; 335 } 336 337 spin_lock_bh(&ax->buflock); 338 if (!test_bit(AXF_ERROR, &ax->flags)) { 339 if (ax->rcount < ax->buffsize) { 340 ax->rbuff[ax->rcount++] = s; 341 spin_unlock_bh(&ax->buflock); 342 return; 343 } 344 345 ax->dev->stats.rx_over_errors++; 346 set_bit(AXF_ERROR, &ax->flags); 347 } 348 spin_unlock_bh(&ax->buflock); 349 } 350 351 static int ax_set_mac_address(struct net_device *dev, void *addr) 352 { 353 struct sockaddr_ax25 *sa = addr; 354 355 netif_tx_lock_bh(dev); 356 netif_addr_lock(dev); 357 memcpy(dev->dev_addr, &sa->sax25_call, AX25_ADDR_LEN); 358 netif_addr_unlock(dev); 359 netif_tx_unlock_bh(dev); 360 361 return 0; 362 } 363 364 /*---------------------------------------------------------------------------*/ 365 366 static void ax_changedmtu(struct mkiss *ax) 367 { 368 struct net_device *dev = ax->dev; 369 unsigned char *xbuff, *rbuff, *oxbuff, *orbuff; 370 int len; 371 372 len = dev->mtu * 2; 373 374 /* 375 * allow for arrival of larger UDP packets, even if we say not to 376 * also fixes a bug in which SunOS sends 512-byte packets even with 377 * an MSS of 128 378 */ 379 if (len < 576 * 2) 380 len = 576 * 2; 381 382 xbuff = kmalloc(len + 4, GFP_ATOMIC); 383 rbuff = kmalloc(len + 4, GFP_ATOMIC); 384 385 if (xbuff == NULL || rbuff == NULL) { 386 printk(KERN_ERR "mkiss: %s: unable to grow ax25 buffers, " 387 "MTU change cancelled.\n", 388 ax->dev->name); 389 dev->mtu = ax->mtu; 390 kfree(xbuff); 391 kfree(rbuff); 392 return; 393 } 394 395 spin_lock_bh(&ax->buflock); 396 397 oxbuff = ax->xbuff; 398 ax->xbuff = xbuff; 399 orbuff = ax->rbuff; 400 ax->rbuff = rbuff; 401 402 if (ax->xleft) { 403 if (ax->xleft <= len) { 404 memcpy(ax->xbuff, ax->xhead, ax->xleft); 405 } else { 406 ax->xleft = 0; 407 dev->stats.tx_dropped++; 408 } 409 } 410 411 ax->xhead = ax->xbuff; 412 413 if (ax->rcount) { 414 if (ax->rcount <= len) { 415 memcpy(ax->rbuff, orbuff, ax->rcount); 416 } else { 417 ax->rcount = 0; 418 dev->stats.rx_over_errors++; 419 set_bit(AXF_ERROR, &ax->flags); 420 } 421 } 422 423 ax->mtu = dev->mtu + 73; 424 ax->buffsize = len; 425 426 spin_unlock_bh(&ax->buflock); 427 428 kfree(oxbuff); 429 kfree(orbuff); 430 } 431 432 /* Encapsulate one AX.25 packet and stuff into a TTY queue. */ 433 static void ax_encaps(struct net_device *dev, unsigned char *icp, int len) 434 { 435 struct mkiss *ax = netdev_priv(dev); 436 unsigned char *p; 437 int actual, count; 438 439 if (ax->mtu != ax->dev->mtu + 73) /* Someone has been ifconfigging */ 440 ax_changedmtu(ax); 441 442 if (len > ax->mtu) { /* Sigh, shouldn't occur BUT ... */ 443 printk(KERN_ERR "mkiss: %s: truncating oversized transmit packet!\n", ax->dev->name); 444 dev->stats.tx_dropped++; 445 netif_start_queue(dev); 446 return; 447 } 448 449 p = icp; 450 451 spin_lock_bh(&ax->buflock); 452 if ((*p & 0x0f) != 0) { 453 /* Configuration Command (kissparms(1). 454 * Protocol spec says: never append CRC. 455 * This fixes a very old bug in the linux 456 * kiss driver. -- dl9sau */ 457 switch (*p & 0xff) { 458 case 0x85: 459 /* command from userspace especially for us, 460 * not for delivery to the tnc */ 461 if (len > 1) { 462 int cmd = (p[1] & 0xff); 463 switch(cmd) { 464 case 3: 465 ax->crcmode = CRC_MODE_SMACK; 466 break; 467 case 2: 468 ax->crcmode = CRC_MODE_FLEX; 469 break; 470 case 1: 471 ax->crcmode = CRC_MODE_NONE; 472 break; 473 case 0: 474 default: 475 ax->crcmode = CRC_MODE_SMACK_TEST; 476 cmd = 0; 477 } 478 ax->crcauto = (cmd ? 0 : 1); 479 printk(KERN_INFO "mkiss: %s: crc mode set to %d\n", 480 ax->dev->name, cmd); 481 } 482 spin_unlock_bh(&ax->buflock); 483 netif_start_queue(dev); 484 485 return; 486 default: 487 count = kiss_esc(p, ax->xbuff, len); 488 } 489 } else { 490 unsigned short crc; 491 switch (ax->crcmode) { 492 case CRC_MODE_SMACK_TEST: 493 ax->crcmode = CRC_MODE_FLEX_TEST; 494 printk(KERN_INFO "mkiss: %s: Trying crc-smack\n", ax->dev->name); 495 // fall through 496 case CRC_MODE_SMACK: 497 *p |= 0x80; 498 crc = swab16(crc16(0, p, len)); 499 count = kiss_esc_crc(p, ax->xbuff, crc, len+2); 500 break; 501 case CRC_MODE_FLEX_TEST: 502 ax->crcmode = CRC_MODE_NONE; 503 printk(KERN_INFO "mkiss: %s: Trying crc-flexnet\n", ax->dev->name); 504 // fall through 505 case CRC_MODE_FLEX: 506 *p |= 0x20; 507 crc = calc_crc_flex(p, len); 508 count = kiss_esc_crc(p, ax->xbuff, crc, len+2); 509 break; 510 511 default: 512 count = kiss_esc(p, ax->xbuff, len); 513 } 514 } 515 spin_unlock_bh(&ax->buflock); 516 517 set_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags); 518 actual = ax->tty->ops->write(ax->tty, ax->xbuff, count); 519 dev->stats.tx_packets++; 520 dev->stats.tx_bytes += actual; 521 522 netif_trans_update(ax->dev); 523 ax->xleft = count - actual; 524 ax->xhead = ax->xbuff + actual; 525 } 526 527 /* Encapsulate an AX.25 packet and kick it into a TTY queue. */ 528 static netdev_tx_t ax_xmit(struct sk_buff *skb, struct net_device *dev) 529 { 530 struct mkiss *ax = netdev_priv(dev); 531 532 if (skb->protocol == htons(ETH_P_IP)) 533 return ax25_ip_xmit(skb); 534 535 if (!netif_running(dev)) { 536 printk(KERN_ERR "mkiss: %s: xmit call when iface is down\n", dev->name); 537 return NETDEV_TX_BUSY; 538 } 539 540 if (netif_queue_stopped(dev)) { 541 /* 542 * May be we must check transmitter timeout here ? 543 * 14 Oct 1994 Dmitry Gorodchanin. 544 */ 545 if (time_before(jiffies, dev_trans_start(dev) + 20 * HZ)) { 546 /* 20 sec timeout not reached */ 547 return NETDEV_TX_BUSY; 548 } 549 550 printk(KERN_ERR "mkiss: %s: transmit timed out, %s?\n", dev->name, 551 (tty_chars_in_buffer(ax->tty) || ax->xleft) ? 552 "bad line quality" : "driver error"); 553 554 ax->xleft = 0; 555 clear_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags); 556 netif_start_queue(dev); 557 } 558 559 /* We were not busy, so we are now... :-) */ 560 netif_stop_queue(dev); 561 ax_encaps(dev, skb->data, skb->len); 562 kfree_skb(skb); 563 564 return NETDEV_TX_OK; 565 } 566 567 static int ax_open_dev(struct net_device *dev) 568 { 569 struct mkiss *ax = netdev_priv(dev); 570 571 if (ax->tty == NULL) 572 return -ENODEV; 573 574 return 0; 575 } 576 577 /* Open the low-level part of the AX25 channel. Easy! */ 578 static int ax_open(struct net_device *dev) 579 { 580 struct mkiss *ax = netdev_priv(dev); 581 unsigned long len; 582 583 if (ax->tty == NULL) 584 return -ENODEV; 585 586 /* 587 * Allocate the frame buffers: 588 * 589 * rbuff Receive buffer. 590 * xbuff Transmit buffer. 591 */ 592 len = dev->mtu * 2; 593 594 /* 595 * allow for arrival of larger UDP packets, even if we say not to 596 * also fixes a bug in which SunOS sends 512-byte packets even with 597 * an MSS of 128 598 */ 599 if (len < 576 * 2) 600 len = 576 * 2; 601 602 if ((ax->rbuff = kmalloc(len + 4, GFP_KERNEL)) == NULL) 603 goto norbuff; 604 605 if ((ax->xbuff = kmalloc(len + 4, GFP_KERNEL)) == NULL) 606 goto noxbuff; 607 608 ax->mtu = dev->mtu + 73; 609 ax->buffsize = len; 610 ax->rcount = 0; 611 ax->xleft = 0; 612 613 ax->flags &= (1 << AXF_INUSE); /* Clear ESCAPE & ERROR flags */ 614 615 spin_lock_init(&ax->buflock); 616 617 return 0; 618 619 noxbuff: 620 kfree(ax->rbuff); 621 622 norbuff: 623 return -ENOMEM; 624 } 625 626 627 /* Close the low-level part of the AX25 channel. Easy! */ 628 static int ax_close(struct net_device *dev) 629 { 630 struct mkiss *ax = netdev_priv(dev); 631 632 if (ax->tty) 633 clear_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags); 634 635 netif_stop_queue(dev); 636 637 return 0; 638 } 639 640 static const struct net_device_ops ax_netdev_ops = { 641 .ndo_open = ax_open_dev, 642 .ndo_stop = ax_close, 643 .ndo_start_xmit = ax_xmit, 644 .ndo_set_mac_address = ax_set_mac_address, 645 }; 646 647 static void ax_setup(struct net_device *dev) 648 { 649 /* Finish setting up the DEVICE info. */ 650 dev->mtu = AX_MTU; 651 dev->hard_header_len = AX25_MAX_HEADER_LEN; 652 dev->addr_len = AX25_ADDR_LEN; 653 dev->type = ARPHRD_AX25; 654 dev->tx_queue_len = 10; 655 dev->header_ops = &ax25_header_ops; 656 dev->netdev_ops = &ax_netdev_ops; 657 658 659 memcpy(dev->broadcast, &ax25_bcast, AX25_ADDR_LEN); 660 memcpy(dev->dev_addr, &ax25_defaddr, AX25_ADDR_LEN); 661 662 dev->flags = IFF_BROADCAST | IFF_MULTICAST; 663 } 664 665 /* 666 * We have a potential race on dereferencing tty->disc_data, because the tty 667 * layer provides no locking at all - thus one cpu could be running 668 * sixpack_receive_buf while another calls sixpack_close, which zeroes 669 * tty->disc_data and frees the memory that sixpack_receive_buf is using. The 670 * best way to fix this is to use a rwlock in the tty struct, but for now we 671 * use a single global rwlock for all ttys in ppp line discipline. 672 */ 673 static DEFINE_RWLOCK(disc_data_lock); 674 675 static struct mkiss *mkiss_get(struct tty_struct *tty) 676 { 677 struct mkiss *ax; 678 679 read_lock(&disc_data_lock); 680 ax = tty->disc_data; 681 if (ax) 682 atomic_inc(&ax->refcnt); 683 read_unlock(&disc_data_lock); 684 685 return ax; 686 } 687 688 static void mkiss_put(struct mkiss *ax) 689 { 690 if (atomic_dec_and_test(&ax->refcnt)) 691 up(&ax->dead_sem); 692 } 693 694 static int crc_force = 0; /* Can be overridden with insmod */ 695 696 static int mkiss_open(struct tty_struct *tty) 697 { 698 struct net_device *dev; 699 struct mkiss *ax; 700 int err; 701 702 if (!capable(CAP_NET_ADMIN)) 703 return -EPERM; 704 if (tty->ops->write == NULL) 705 return -EOPNOTSUPP; 706 707 dev = alloc_netdev(sizeof(struct mkiss), "ax%d", NET_NAME_UNKNOWN, 708 ax_setup); 709 if (!dev) { 710 err = -ENOMEM; 711 goto out; 712 } 713 714 ax = netdev_priv(dev); 715 ax->dev = dev; 716 717 spin_lock_init(&ax->buflock); 718 atomic_set(&ax->refcnt, 1); 719 sema_init(&ax->dead_sem, 0); 720 721 ax->tty = tty; 722 tty->disc_data = ax; 723 tty->receive_room = 65535; 724 725 tty_driver_flush_buffer(tty); 726 727 /* Restore default settings */ 728 dev->type = ARPHRD_AX25; 729 730 /* Perform the low-level AX25 initialization. */ 731 err = ax_open(ax->dev); 732 if (err) 733 goto out_free_netdev; 734 735 err = register_netdev(dev); 736 if (err) 737 goto out_free_buffers; 738 739 /* after register_netdev() - because else printk smashes the kernel */ 740 switch (crc_force) { 741 case 3: 742 ax->crcmode = CRC_MODE_SMACK; 743 printk(KERN_INFO "mkiss: %s: crc mode smack forced.\n", 744 ax->dev->name); 745 break; 746 case 2: 747 ax->crcmode = CRC_MODE_FLEX; 748 printk(KERN_INFO "mkiss: %s: crc mode flexnet forced.\n", 749 ax->dev->name); 750 break; 751 case 1: 752 ax->crcmode = CRC_MODE_NONE; 753 printk(KERN_INFO "mkiss: %s: crc mode disabled.\n", 754 ax->dev->name); 755 break; 756 case 0: 757 /* fall through */ 758 default: 759 crc_force = 0; 760 printk(KERN_INFO "mkiss: %s: crc mode is auto.\n", 761 ax->dev->name); 762 ax->crcmode = CRC_MODE_SMACK_TEST; 763 } 764 ax->crcauto = (crc_force ? 0 : 1); 765 766 netif_start_queue(dev); 767 768 /* Done. We have linked the TTY line to a channel. */ 769 return 0; 770 771 out_free_buffers: 772 kfree(ax->rbuff); 773 kfree(ax->xbuff); 774 775 out_free_netdev: 776 free_netdev(dev); 777 778 out: 779 return err; 780 } 781 782 static void mkiss_close(struct tty_struct *tty) 783 { 784 struct mkiss *ax; 785 786 write_lock_bh(&disc_data_lock); 787 ax = tty->disc_data; 788 tty->disc_data = NULL; 789 write_unlock_bh(&disc_data_lock); 790 791 if (!ax) 792 return; 793 794 /* 795 * We have now ensured that nobody can start using ap from now on, but 796 * we have to wait for all existing users to finish. 797 */ 798 if (!atomic_dec_and_test(&ax->refcnt)) 799 down(&ax->dead_sem); 800 /* 801 * Halt the transmit queue so that a new transmit cannot scribble 802 * on our buffers 803 */ 804 netif_stop_queue(ax->dev); 805 806 /* Free all AX25 frame buffers. */ 807 kfree(ax->rbuff); 808 kfree(ax->xbuff); 809 810 ax->tty = NULL; 811 812 unregister_netdev(ax->dev); 813 } 814 815 /* Perform I/O control on an active ax25 channel. */ 816 static int mkiss_ioctl(struct tty_struct *tty, struct file *file, 817 unsigned int cmd, unsigned long arg) 818 { 819 struct mkiss *ax = mkiss_get(tty); 820 struct net_device *dev; 821 unsigned int tmp, err; 822 823 /* First make sure we're connected. */ 824 if (ax == NULL) 825 return -ENXIO; 826 dev = ax->dev; 827 828 switch (cmd) { 829 case SIOCGIFNAME: 830 err = copy_to_user((void __user *) arg, ax->dev->name, 831 strlen(ax->dev->name) + 1) ? -EFAULT : 0; 832 break; 833 834 case SIOCGIFENCAP: 835 err = put_user(4, (int __user *) arg); 836 break; 837 838 case SIOCSIFENCAP: 839 if (get_user(tmp, (int __user *) arg)) { 840 err = -EFAULT; 841 break; 842 } 843 844 ax->mode = tmp; 845 dev->addr_len = AX25_ADDR_LEN; 846 dev->hard_header_len = AX25_KISS_HEADER_LEN + 847 AX25_MAX_HEADER_LEN + 3; 848 dev->type = ARPHRD_AX25; 849 850 err = 0; 851 break; 852 853 case SIOCSIFHWADDR: { 854 char addr[AX25_ADDR_LEN]; 855 856 if (copy_from_user(&addr, 857 (void __user *) arg, AX25_ADDR_LEN)) { 858 err = -EFAULT; 859 break; 860 } 861 862 netif_tx_lock_bh(dev); 863 memcpy(dev->dev_addr, addr, AX25_ADDR_LEN); 864 netif_tx_unlock_bh(dev); 865 866 err = 0; 867 break; 868 } 869 default: 870 err = -ENOIOCTLCMD; 871 } 872 873 mkiss_put(ax); 874 875 return err; 876 } 877 878 #ifdef CONFIG_COMPAT 879 static long mkiss_compat_ioctl(struct tty_struct *tty, struct file *file, 880 unsigned int cmd, unsigned long arg) 881 { 882 switch (cmd) { 883 case SIOCGIFNAME: 884 case SIOCGIFENCAP: 885 case SIOCSIFENCAP: 886 case SIOCSIFHWADDR: 887 return mkiss_ioctl(tty, file, cmd, 888 (unsigned long)compat_ptr(arg)); 889 } 890 891 return -ENOIOCTLCMD; 892 } 893 #endif 894 895 /* 896 * Handle the 'receiver data ready' interrupt. 897 * This function is called by the 'tty_io' module in the kernel when 898 * a block of data has been received, which can now be decapsulated 899 * and sent on to the AX.25 layer for further processing. 900 */ 901 static void mkiss_receive_buf(struct tty_struct *tty, const unsigned char *cp, 902 char *fp, int count) 903 { 904 struct mkiss *ax = mkiss_get(tty); 905 906 if (!ax) 907 return; 908 909 /* 910 * Argh! mtu change time! - costs us the packet part received 911 * at the change 912 */ 913 if (ax->mtu != ax->dev->mtu + 73) 914 ax_changedmtu(ax); 915 916 /* Read the characters out of the buffer */ 917 while (count--) { 918 if (fp != NULL && *fp++) { 919 if (!test_and_set_bit(AXF_ERROR, &ax->flags)) 920 ax->dev->stats.rx_errors++; 921 cp++; 922 continue; 923 } 924 925 kiss_unesc(ax, *cp++); 926 } 927 928 mkiss_put(ax); 929 tty_unthrottle(tty); 930 } 931 932 /* 933 * Called by the driver when there's room for more data. If we have 934 * more packets to send, we send them here. 935 */ 936 static void mkiss_write_wakeup(struct tty_struct *tty) 937 { 938 struct mkiss *ax = mkiss_get(tty); 939 int actual; 940 941 if (!ax) 942 return; 943 944 if (ax->xleft <= 0) { 945 /* Now serial buffer is almost free & we can start 946 * transmission of another packet 947 */ 948 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags); 949 950 netif_wake_queue(ax->dev); 951 goto out; 952 } 953 954 actual = tty->ops->write(tty, ax->xhead, ax->xleft); 955 ax->xleft -= actual; 956 ax->xhead += actual; 957 958 out: 959 mkiss_put(ax); 960 } 961 962 static struct tty_ldisc_ops ax_ldisc = { 963 .owner = THIS_MODULE, 964 .magic = TTY_LDISC_MAGIC, 965 .name = "mkiss", 966 .open = mkiss_open, 967 .close = mkiss_close, 968 .ioctl = mkiss_ioctl, 969 #ifdef CONFIG_COMPAT 970 .compat_ioctl = mkiss_compat_ioctl, 971 #endif 972 .receive_buf = mkiss_receive_buf, 973 .write_wakeup = mkiss_write_wakeup 974 }; 975 976 static const char banner[] __initconst = KERN_INFO \ 977 "mkiss: AX.25 Multikiss, Hans Albas PE1AYX\n"; 978 static const char msg_regfail[] __initconst = KERN_ERR \ 979 "mkiss: can't register line discipline (err = %d)\n"; 980 981 static int __init mkiss_init_driver(void) 982 { 983 int status; 984 985 printk(banner); 986 987 status = tty_register_ldisc(N_AX25, &ax_ldisc); 988 if (status != 0) 989 printk(msg_regfail, status); 990 991 return status; 992 } 993 994 static const char msg_unregfail[] = KERN_ERR \ 995 "mkiss: can't unregister line discipline (err = %d)\n"; 996 997 static void __exit mkiss_exit_driver(void) 998 { 999 int ret; 1000 1001 if ((ret = tty_unregister_ldisc(N_AX25))) 1002 printk(msg_unregfail, ret); 1003 } 1004 1005 MODULE_AUTHOR("Ralf Baechle DL5RB <ralf@linux-mips.org>"); 1006 MODULE_DESCRIPTION("KISS driver for AX.25 over TTYs"); 1007 module_param(crc_force, int, 0); 1008 MODULE_PARM_DESC(crc_force, "crc [0 = auto | 1 = none | 2 = flexnet | 3 = smack]"); 1009 MODULE_LICENSE("GPL"); 1010 MODULE_ALIAS_LDISC(N_AX25); 1011 1012 module_init(mkiss_init_driver); 1013 module_exit(mkiss_exit_driver); 1014