Loading...
1/*
2 * Host Side support for RNDIS Networking Links
3 * Copyright (C) 2005 by David Brownell
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 */
19#include <linux/module.h>
20#include <linux/init.h>
21#include <linux/netdevice.h>
22#include <linux/etherdevice.h>
23#include <linux/ethtool.h>
24#include <linux/workqueue.h>
25#include <linux/slab.h>
26#include <linux/mii.h>
27#include <linux/usb.h>
28#include <linux/usb/cdc.h>
29#include <linux/usb/usbnet.h>
30#include <linux/usb/rndis_host.h>
31
32
33/*
34 * RNDIS is NDIS remoted over USB. It's a MSFT variant of CDC ACM ... of
35 * course ACM was intended for modems, not Ethernet links! USB's standard
36 * for Ethernet links is "CDC Ethernet", which is significantly simpler.
37 *
38 * NOTE that Microsoft's "RNDIS 1.0" specification is incomplete. Issues
39 * include:
40 * - Power management in particular relies on information that's scattered
41 * through other documentation, and which is incomplete or incorrect even
42 * there.
43 * - There are various undocumented protocol requirements, such as the
44 * need to send unused garbage in control-OUT messages.
45 * - In some cases, MS-Windows will emit undocumented requests; this
46 * matters more to peripheral implementations than host ones.
47 *
48 * Moreover there's a no-open-specs variant of RNDIS called "ActiveSync".
49 *
50 * For these reasons and others, ** USE OF RNDIS IS STRONGLY DISCOURAGED ** in
51 * favor of such non-proprietary alternatives as CDC Ethernet or the newer (and
52 * currently rare) "Ethernet Emulation Model" (EEM).
53 */
54
55/*
56 * RNDIS notifications from device: command completion; "reverse"
57 * keepalives; etc
58 */
59void rndis_status(struct usbnet *dev, struct urb *urb)
60{
61 netdev_dbg(dev->net, "rndis status urb, len %d stat %d\n",
62 urb->actual_length, urb->status);
63 // FIXME for keepalives, respond immediately (asynchronously)
64 // if not an RNDIS status, do like cdc_status(dev,urb) does
65}
66EXPORT_SYMBOL_GPL(rndis_status);
67
68/*
69 * RNDIS indicate messages.
70 */
71static void rndis_msg_indicate(struct usbnet *dev, struct rndis_indicate *msg,
72 int buflen)
73{
74 struct cdc_state *info = (void *)&dev->data;
75 struct device *udev = &info->control->dev;
76
77 if (dev->driver_info->indication) {
78 dev->driver_info->indication(dev, msg, buflen);
79 } else {
80 switch (msg->status) {
81 case RNDIS_STATUS_MEDIA_CONNECT:
82 dev_info(udev, "rndis media connect\n");
83 break;
84 case RNDIS_STATUS_MEDIA_DISCONNECT:
85 dev_info(udev, "rndis media disconnect\n");
86 break;
87 default:
88 dev_info(udev, "rndis indication: 0x%08x\n",
89 le32_to_cpu(msg->status));
90 }
91 }
92}
93
94/*
95 * RPC done RNDIS-style. Caller guarantees:
96 * - message is properly byteswapped
97 * - there's no other request pending
98 * - buf can hold up to 1KB response (required by RNDIS spec)
99 * On return, the first few entries are already byteswapped.
100 *
101 * Call context is likely probe(), before interface name is known,
102 * which is why we won't try to use it in the diagnostics.
103 */
104int rndis_command(struct usbnet *dev, struct rndis_msg_hdr *buf, int buflen)
105{
106 struct cdc_state *info = (void *) &dev->data;
107 struct usb_cdc_notification notification;
108 int master_ifnum;
109 int retval;
110 int partial;
111 unsigned count;
112 __le32 rsp;
113 u32 xid = 0, msg_len, request_id;
114
115 /* REVISIT when this gets called from contexts other than probe() or
116 * disconnect(): either serialize, or dispatch responses on xid
117 */
118
119 /* Issue the request; xid is unique, don't bother byteswapping it */
120 if (likely(buf->msg_type != RNDIS_MSG_HALT &&
121 buf->msg_type != RNDIS_MSG_RESET)) {
122 xid = dev->xid++;
123 if (!xid)
124 xid = dev->xid++;
125 buf->request_id = (__force __le32) xid;
126 }
127 master_ifnum = info->control->cur_altsetting->desc.bInterfaceNumber;
128 retval = usb_control_msg(dev->udev,
129 usb_sndctrlpipe(dev->udev, 0),
130 USB_CDC_SEND_ENCAPSULATED_COMMAND,
131 USB_TYPE_CLASS | USB_RECIP_INTERFACE,
132 0, master_ifnum,
133 buf, le32_to_cpu(buf->msg_len),
134 RNDIS_CONTROL_TIMEOUT_MS);
135 if (unlikely(retval < 0 || xid == 0))
136 return retval;
137
138 /* Some devices don't respond on the control channel until
139 * polled on the status channel, so do that first. */
140 if (dev->driver_info->data & RNDIS_DRIVER_DATA_POLL_STATUS) {
141 retval = usb_interrupt_msg(
142 dev->udev,
143 usb_rcvintpipe(dev->udev,
144 dev->status->desc.bEndpointAddress),
145 ¬ification, sizeof(notification), &partial,
146 RNDIS_CONTROL_TIMEOUT_MS);
147 if (unlikely(retval < 0))
148 return retval;
149 }
150
151 /* Poll the control channel; the request probably completed immediately */
152 rsp = buf->msg_type | RNDIS_MSG_COMPLETION;
153 for (count = 0; count < 10; count++) {
154 memset(buf, 0, CONTROL_BUFFER_SIZE);
155 retval = usb_control_msg(dev->udev,
156 usb_rcvctrlpipe(dev->udev, 0),
157 USB_CDC_GET_ENCAPSULATED_RESPONSE,
158 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
159 0, master_ifnum,
160 buf, buflen,
161 RNDIS_CONTROL_TIMEOUT_MS);
162 if (likely(retval >= 8)) {
163 msg_len = le32_to_cpu(buf->msg_len);
164 request_id = (__force u32) buf->request_id;
165 if (likely(buf->msg_type == rsp)) {
166 if (likely(request_id == xid)) {
167 if (unlikely(rsp == RNDIS_MSG_RESET_C))
168 return 0;
169 if (likely(RNDIS_STATUS_SUCCESS
170 == buf->status))
171 return 0;
172 dev_dbg(&info->control->dev,
173 "rndis reply status %08x\n",
174 le32_to_cpu(buf->status));
175 return -EL3RST;
176 }
177 dev_dbg(&info->control->dev,
178 "rndis reply id %d expected %d\n",
179 request_id, xid);
180 /* then likely retry */
181 } else switch (buf->msg_type) {
182 case RNDIS_MSG_INDICATE: /* fault/event */
183 rndis_msg_indicate(dev, (void *)buf, buflen);
184
185 break;
186 case RNDIS_MSG_KEEPALIVE: { /* ping */
187 struct rndis_keepalive_c *msg = (void *)buf;
188
189 msg->msg_type = RNDIS_MSG_KEEPALIVE_C;
190 msg->msg_len = cpu_to_le32(sizeof *msg);
191 msg->status = RNDIS_STATUS_SUCCESS;
192 retval = usb_control_msg(dev->udev,
193 usb_sndctrlpipe(dev->udev, 0),
194 USB_CDC_SEND_ENCAPSULATED_COMMAND,
195 USB_TYPE_CLASS | USB_RECIP_INTERFACE,
196 0, master_ifnum,
197 msg, sizeof *msg,
198 RNDIS_CONTROL_TIMEOUT_MS);
199 if (unlikely(retval < 0))
200 dev_dbg(&info->control->dev,
201 "rndis keepalive err %d\n",
202 retval);
203 }
204 break;
205 default:
206 dev_dbg(&info->control->dev,
207 "unexpected rndis msg %08x len %d\n",
208 le32_to_cpu(buf->msg_type), msg_len);
209 }
210 } else {
211 /* device probably issued a protocol stall; ignore */
212 dev_dbg(&info->control->dev,
213 "rndis response error, code %d\n", retval);
214 }
215 msleep(20);
216 }
217 dev_dbg(&info->control->dev, "rndis response timeout\n");
218 return -ETIMEDOUT;
219}
220EXPORT_SYMBOL_GPL(rndis_command);
221
222/*
223 * rndis_query:
224 *
225 * Performs a query for @oid along with 0 or more bytes of payload as
226 * specified by @in_len. If @reply_len is not set to -1 then the reply
227 * length is checked against this value, resulting in an error if it
228 * doesn't match.
229 *
230 * NOTE: Adding a payload exactly or greater than the size of the expected
231 * response payload is an evident requirement MSFT added for ActiveSync.
232 *
233 * The only exception is for OIDs that return a variably sized response,
234 * in which case no payload should be added. This undocumented (and
235 * nonsensical!) issue was found by sniffing protocol requests from the
236 * ActiveSync 4.1 Windows driver.
237 */
238static int rndis_query(struct usbnet *dev, struct usb_interface *intf,
239 void *buf, __le32 oid, u32 in_len,
240 void **reply, int *reply_len)
241{
242 int retval;
243 union {
244 void *buf;
245 struct rndis_msg_hdr *header;
246 struct rndis_query *get;
247 struct rndis_query_c *get_c;
248 } u;
249 u32 off, len;
250
251 u.buf = buf;
252
253 memset(u.get, 0, sizeof *u.get + in_len);
254 u.get->msg_type = RNDIS_MSG_QUERY;
255 u.get->msg_len = cpu_to_le32(sizeof *u.get + in_len);
256 u.get->oid = oid;
257 u.get->len = cpu_to_le32(in_len);
258 u.get->offset = cpu_to_le32(20);
259
260 retval = rndis_command(dev, u.header, CONTROL_BUFFER_SIZE);
261 if (unlikely(retval < 0)) {
262 dev_err(&intf->dev, "RNDIS_MSG_QUERY(0x%08x) failed, %d\n",
263 oid, retval);
264 return retval;
265 }
266
267 off = le32_to_cpu(u.get_c->offset);
268 len = le32_to_cpu(u.get_c->len);
269 if (unlikely((8 + off + len) > CONTROL_BUFFER_SIZE))
270 goto response_error;
271
272 if (*reply_len != -1 && len != *reply_len)
273 goto response_error;
274
275 *reply = (unsigned char *) &u.get_c->request_id + off;
276 *reply_len = len;
277
278 return retval;
279
280response_error:
281 dev_err(&intf->dev, "RNDIS_MSG_QUERY(0x%08x) "
282 "invalid response - off %d len %d\n",
283 oid, off, len);
284 return -EDOM;
285}
286
287/* same as usbnet_netdev_ops but MTU change not allowed */
288static const struct net_device_ops rndis_netdev_ops = {
289 .ndo_open = usbnet_open,
290 .ndo_stop = usbnet_stop,
291 .ndo_start_xmit = usbnet_start_xmit,
292 .ndo_tx_timeout = usbnet_tx_timeout,
293 .ndo_set_mac_address = eth_mac_addr,
294 .ndo_validate_addr = eth_validate_addr,
295};
296
297int
298generic_rndis_bind(struct usbnet *dev, struct usb_interface *intf, int flags)
299{
300 int retval;
301 struct net_device *net = dev->net;
302 struct cdc_state *info = (void *) &dev->data;
303 union {
304 void *buf;
305 struct rndis_msg_hdr *header;
306 struct rndis_init *init;
307 struct rndis_init_c *init_c;
308 struct rndis_query *get;
309 struct rndis_query_c *get_c;
310 struct rndis_set *set;
311 struct rndis_set_c *set_c;
312 struct rndis_halt *halt;
313 } u;
314 u32 tmp;
315 __le32 phym_unspec, *phym;
316 int reply_len;
317 unsigned char *bp;
318
319 /* we can't rely on i/o from stack working, or stack allocation */
320 u.buf = kmalloc(CONTROL_BUFFER_SIZE, GFP_KERNEL);
321 if (!u.buf)
322 return -ENOMEM;
323 retval = usbnet_generic_cdc_bind(dev, intf);
324 if (retval < 0)
325 goto fail;
326
327 u.init->msg_type = RNDIS_MSG_INIT;
328 u.init->msg_len = cpu_to_le32(sizeof *u.init);
329 u.init->major_version = cpu_to_le32(1);
330 u.init->minor_version = cpu_to_le32(0);
331
332 /* max transfer (in spec) is 0x4000 at full speed, but for
333 * TX we'll stick to one Ethernet packet plus RNDIS framing.
334 * For RX we handle drivers that zero-pad to end-of-packet.
335 * Don't let userspace change these settings.
336 *
337 * NOTE: there still seems to be wierdness here, as if we need
338 * to do some more things to make sure WinCE targets accept this.
339 * They default to jumbograms of 8KB or 16KB, which is absurd
340 * for such low data rates and which is also more than Linux
341 * can usually expect to allocate for SKB data...
342 */
343 net->hard_header_len += sizeof (struct rndis_data_hdr);
344 dev->hard_mtu = net->mtu + net->hard_header_len;
345
346 dev->maxpacket = usb_maxpacket(dev->udev, dev->out, 1);
347 if (dev->maxpacket == 0) {
348 netif_dbg(dev, probe, dev->net,
349 "dev->maxpacket can't be 0\n");
350 retval = -EINVAL;
351 goto fail_and_release;
352 }
353
354 dev->rx_urb_size = dev->hard_mtu + (dev->maxpacket + 1);
355 dev->rx_urb_size &= ~(dev->maxpacket - 1);
356 u.init->max_transfer_size = cpu_to_le32(dev->rx_urb_size);
357
358 net->netdev_ops = &rndis_netdev_ops;
359
360 retval = rndis_command(dev, u.header, CONTROL_BUFFER_SIZE);
361 if (unlikely(retval < 0)) {
362 /* it might not even be an RNDIS device!! */
363 dev_err(&intf->dev, "RNDIS init failed, %d\n", retval);
364 goto fail_and_release;
365 }
366 tmp = le32_to_cpu(u.init_c->max_transfer_size);
367 if (tmp < dev->hard_mtu) {
368 if (tmp <= net->hard_header_len) {
369 dev_err(&intf->dev,
370 "dev can't take %u byte packets (max %u)\n",
371 dev->hard_mtu, tmp);
372 retval = -EINVAL;
373 goto halt_fail_and_release;
374 }
375 dev_warn(&intf->dev,
376 "dev can't take %u byte packets (max %u), "
377 "adjusting MTU to %u\n",
378 dev->hard_mtu, tmp, tmp - net->hard_header_len);
379 dev->hard_mtu = tmp;
380 net->mtu = dev->hard_mtu - net->hard_header_len;
381 }
382
383 /* REVISIT: peripheral "alignment" request is ignored ... */
384 dev_dbg(&intf->dev,
385 "hard mtu %u (%u from dev), rx buflen %Zu, align %d\n",
386 dev->hard_mtu, tmp, dev->rx_urb_size,
387 1 << le32_to_cpu(u.init_c->packet_alignment));
388
389 /* module has some device initialization code needs to be done right
390 * after RNDIS_INIT */
391 if (dev->driver_info->early_init &&
392 dev->driver_info->early_init(dev) != 0)
393 goto halt_fail_and_release;
394
395 /* Check physical medium */
396 phym = NULL;
397 reply_len = sizeof *phym;
398 retval = rndis_query(dev, intf, u.buf, OID_GEN_PHYSICAL_MEDIUM,
399 0, (void **) &phym, &reply_len);
400 if (retval != 0 || !phym) {
401 /* OID is optional so don't fail here. */
402 phym_unspec = RNDIS_PHYSICAL_MEDIUM_UNSPECIFIED;
403 phym = &phym_unspec;
404 }
405 if ((flags & FLAG_RNDIS_PHYM_WIRELESS) &&
406 *phym != RNDIS_PHYSICAL_MEDIUM_WIRELESS_LAN) {
407 netif_dbg(dev, probe, dev->net,
408 "driver requires wireless physical medium, but device is not\n");
409 retval = -ENODEV;
410 goto halt_fail_and_release;
411 }
412 if ((flags & FLAG_RNDIS_PHYM_NOT_WIRELESS) &&
413 *phym == RNDIS_PHYSICAL_MEDIUM_WIRELESS_LAN) {
414 netif_dbg(dev, probe, dev->net,
415 "driver requires non-wireless physical medium, but device is wireless.\n");
416 retval = -ENODEV;
417 goto halt_fail_and_release;
418 }
419
420 /* Get designated host ethernet address */
421 reply_len = ETH_ALEN;
422 retval = rndis_query(dev, intf, u.buf, OID_802_3_PERMANENT_ADDRESS,
423 48, (void **) &bp, &reply_len);
424 if (unlikely(retval< 0)) {
425 dev_err(&intf->dev, "rndis get ethaddr, %d\n", retval);
426 goto halt_fail_and_release;
427 }
428 memcpy(net->dev_addr, bp, ETH_ALEN);
429 memcpy(net->perm_addr, bp, ETH_ALEN);
430
431 /* set a nonzero filter to enable data transfers */
432 memset(u.set, 0, sizeof *u.set);
433 u.set->msg_type = RNDIS_MSG_SET;
434 u.set->msg_len = cpu_to_le32(4 + sizeof *u.set);
435 u.set->oid = OID_GEN_CURRENT_PACKET_FILTER;
436 u.set->len = cpu_to_le32(4);
437 u.set->offset = cpu_to_le32((sizeof *u.set) - 8);
438 *(__le32 *)(u.buf + sizeof *u.set) = RNDIS_DEFAULT_FILTER;
439
440 retval = rndis_command(dev, u.header, CONTROL_BUFFER_SIZE);
441 if (unlikely(retval < 0)) {
442 dev_err(&intf->dev, "rndis set packet filter, %d\n", retval);
443 goto halt_fail_and_release;
444 }
445
446 retval = 0;
447
448 kfree(u.buf);
449 return retval;
450
451halt_fail_and_release:
452 memset(u.halt, 0, sizeof *u.halt);
453 u.halt->msg_type = RNDIS_MSG_HALT;
454 u.halt->msg_len = cpu_to_le32(sizeof *u.halt);
455 (void) rndis_command(dev, (void *)u.halt, CONTROL_BUFFER_SIZE);
456fail_and_release:
457 usb_set_intfdata(info->data, NULL);
458 usb_driver_release_interface(driver_of(intf), info->data);
459 info->data = NULL;
460fail:
461 kfree(u.buf);
462 return retval;
463}
464EXPORT_SYMBOL_GPL(generic_rndis_bind);
465
466static int rndis_bind(struct usbnet *dev, struct usb_interface *intf)
467{
468 return generic_rndis_bind(dev, intf, FLAG_RNDIS_PHYM_NOT_WIRELESS);
469}
470
471void rndis_unbind(struct usbnet *dev, struct usb_interface *intf)
472{
473 struct rndis_halt *halt;
474
475 /* try to clear any rndis state/activity (no i/o from stack!) */
476 halt = kzalloc(CONTROL_BUFFER_SIZE, GFP_KERNEL);
477 if (halt) {
478 halt->msg_type = RNDIS_MSG_HALT;
479 halt->msg_len = cpu_to_le32(sizeof *halt);
480 (void) rndis_command(dev, (void *)halt, CONTROL_BUFFER_SIZE);
481 kfree(halt);
482 }
483
484 usbnet_cdc_unbind(dev, intf);
485}
486EXPORT_SYMBOL_GPL(rndis_unbind);
487
488/*
489 * DATA -- host must not write zlps
490 */
491int rndis_rx_fixup(struct usbnet *dev, struct sk_buff *skb)
492{
493 /* peripheral may have batched packets to us... */
494 while (likely(skb->len)) {
495 struct rndis_data_hdr *hdr = (void *)skb->data;
496 struct sk_buff *skb2;
497 u32 msg_len, data_offset, data_len;
498
499 msg_len = le32_to_cpu(hdr->msg_len);
500 data_offset = le32_to_cpu(hdr->data_offset);
501 data_len = le32_to_cpu(hdr->data_len);
502
503 /* don't choke if we see oob, per-packet data, etc */
504 if (unlikely(hdr->msg_type != RNDIS_MSG_PACKET ||
505 skb->len < msg_len ||
506 (data_offset + data_len + 8) > msg_len)) {
507 dev->net->stats.rx_frame_errors++;
508 netdev_dbg(dev->net, "bad rndis message %d/%d/%d/%d, len %d\n",
509 le32_to_cpu(hdr->msg_type),
510 msg_len, data_offset, data_len, skb->len);
511 return 0;
512 }
513 skb_pull(skb, 8 + data_offset);
514
515 /* at most one packet left? */
516 if (likely((data_len - skb->len) <= sizeof *hdr)) {
517 skb_trim(skb, data_len);
518 break;
519 }
520
521 /* try to return all the packets in the batch */
522 skb2 = skb_clone(skb, GFP_ATOMIC);
523 if (unlikely(!skb2))
524 break;
525 skb_pull(skb, msg_len - sizeof *hdr);
526 skb_trim(skb2, data_len);
527 usbnet_skb_return(dev, skb2);
528 }
529
530 /* caller will usbnet_skb_return the remaining packet */
531 return 1;
532}
533EXPORT_SYMBOL_GPL(rndis_rx_fixup);
534
535struct sk_buff *
536rndis_tx_fixup(struct usbnet *dev, struct sk_buff *skb, gfp_t flags)
537{
538 struct rndis_data_hdr *hdr;
539 struct sk_buff *skb2;
540 unsigned len = skb->len;
541
542 if (likely(!skb_cloned(skb))) {
543 int room = skb_headroom(skb);
544
545 /* enough head room as-is? */
546 if (unlikely((sizeof *hdr) <= room))
547 goto fill;
548
549 /* enough room, but needs to be readjusted? */
550 room += skb_tailroom(skb);
551 if (likely((sizeof *hdr) <= room)) {
552 skb->data = memmove(skb->head + sizeof *hdr,
553 skb->data, len);
554 skb_set_tail_pointer(skb, len);
555 goto fill;
556 }
557 }
558
559 /* create a new skb, with the correct size (and tailpad) */
560 skb2 = skb_copy_expand(skb, sizeof *hdr, 1, flags);
561 dev_kfree_skb_any(skb);
562 if (unlikely(!skb2))
563 return skb2;
564 skb = skb2;
565
566 /* fill out the RNDIS header. we won't bother trying to batch
567 * packets; Linux minimizes wasted bandwidth through tx queues.
568 */
569fill:
570 hdr = (void *) __skb_push(skb, sizeof *hdr);
571 memset(hdr, 0, sizeof *hdr);
572 hdr->msg_type = RNDIS_MSG_PACKET;
573 hdr->msg_len = cpu_to_le32(skb->len);
574 hdr->data_offset = cpu_to_le32(sizeof(*hdr) - 8);
575 hdr->data_len = cpu_to_le32(len);
576
577 /* FIXME make the last packet always be short ... */
578 return skb;
579}
580EXPORT_SYMBOL_GPL(rndis_tx_fixup);
581
582
583static const struct driver_info rndis_info = {
584 .description = "RNDIS device",
585 .flags = FLAG_ETHER | FLAG_POINTTOPOINT | FLAG_FRAMING_RN | FLAG_NO_SETINT,
586 .bind = rndis_bind,
587 .unbind = rndis_unbind,
588 .status = rndis_status,
589 .rx_fixup = rndis_rx_fixup,
590 .tx_fixup = rndis_tx_fixup,
591};
592
593static const struct driver_info rndis_poll_status_info = {
594 .description = "RNDIS device (poll status before control)",
595 .flags = FLAG_ETHER | FLAG_POINTTOPOINT | FLAG_FRAMING_RN | FLAG_NO_SETINT,
596 .data = RNDIS_DRIVER_DATA_POLL_STATUS,
597 .bind = rndis_bind,
598 .unbind = rndis_unbind,
599 .status = rndis_status,
600 .rx_fixup = rndis_rx_fixup,
601 .tx_fixup = rndis_tx_fixup,
602};
603
604/*-------------------------------------------------------------------------*/
605
606static const struct usb_device_id products [] = {
607{
608 /* 2Wire HomePortal 1000SW */
609 USB_DEVICE_AND_INTERFACE_INFO(0x1630, 0x0042,
610 USB_CLASS_COMM, 2 /* ACM */, 0x0ff),
611 .driver_info = (unsigned long) &rndis_poll_status_info,
612}, {
613 /* RNDIS is MSFT's un-official variant of CDC ACM */
614 USB_INTERFACE_INFO(USB_CLASS_COMM, 2 /* ACM */, 0x0ff),
615 .driver_info = (unsigned long) &rndis_info,
616}, {
617 /* "ActiveSync" is an undocumented variant of RNDIS, used in WM5 */
618 USB_INTERFACE_INFO(USB_CLASS_MISC, 1, 1),
619 .driver_info = (unsigned long) &rndis_poll_status_info,
620}, {
621 /* RNDIS for tethering */
622 USB_INTERFACE_INFO(USB_CLASS_WIRELESS_CONTROLLER, 1, 3),
623 .driver_info = (unsigned long) &rndis_info,
624},
625 { }, // END
626};
627MODULE_DEVICE_TABLE(usb, products);
628
629static struct usb_driver rndis_driver = {
630 .name = "rndis_host",
631 .id_table = products,
632 .probe = usbnet_probe,
633 .disconnect = usbnet_disconnect,
634 .suspend = usbnet_suspend,
635 .resume = usbnet_resume,
636};
637
638static int __init rndis_init(void)
639{
640 return usb_register(&rndis_driver);
641}
642module_init(rndis_init);
643
644static void __exit rndis_exit(void)
645{
646 usb_deregister(&rndis_driver);
647}
648module_exit(rndis_exit);
649
650MODULE_AUTHOR("David Brownell");
651MODULE_DESCRIPTION("USB Host side RNDIS driver");
652MODULE_LICENSE("GPL");
1/*
2 * Host Side support for RNDIS Networking Links
3 * Copyright (C) 2005 by David Brownell
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, see <http://www.gnu.org/licenses/>.
17 */
18#include <linux/module.h>
19#include <linux/netdevice.h>
20#include <linux/etherdevice.h>
21#include <linux/ethtool.h>
22#include <linux/workqueue.h>
23#include <linux/slab.h>
24#include <linux/mii.h>
25#include <linux/usb.h>
26#include <linux/usb/cdc.h>
27#include <linux/usb/usbnet.h>
28#include <linux/usb/rndis_host.h>
29
30
31/*
32 * RNDIS is NDIS remoted over USB. It's a MSFT variant of CDC ACM ... of
33 * course ACM was intended for modems, not Ethernet links! USB's standard
34 * for Ethernet links is "CDC Ethernet", which is significantly simpler.
35 *
36 * NOTE that Microsoft's "RNDIS 1.0" specification is incomplete. Issues
37 * include:
38 * - Power management in particular relies on information that's scattered
39 * through other documentation, and which is incomplete or incorrect even
40 * there.
41 * - There are various undocumented protocol requirements, such as the
42 * need to send unused garbage in control-OUT messages.
43 * - In some cases, MS-Windows will emit undocumented requests; this
44 * matters more to peripheral implementations than host ones.
45 *
46 * Moreover there's a no-open-specs variant of RNDIS called "ActiveSync".
47 *
48 * For these reasons and others, ** USE OF RNDIS IS STRONGLY DISCOURAGED ** in
49 * favor of such non-proprietary alternatives as CDC Ethernet or the newer (and
50 * currently rare) "Ethernet Emulation Model" (EEM).
51 */
52
53/*
54 * RNDIS notifications from device: command completion; "reverse"
55 * keepalives; etc
56 */
57void rndis_status(struct usbnet *dev, struct urb *urb)
58{
59 netdev_dbg(dev->net, "rndis status urb, len %d stat %d\n",
60 urb->actual_length, urb->status);
61 // FIXME for keepalives, respond immediately (asynchronously)
62 // if not an RNDIS status, do like cdc_status(dev,urb) does
63}
64EXPORT_SYMBOL_GPL(rndis_status);
65
66/*
67 * RNDIS indicate messages.
68 */
69static void rndis_msg_indicate(struct usbnet *dev, struct rndis_indicate *msg,
70 int buflen)
71{
72 struct cdc_state *info = (void *)&dev->data;
73 struct device *udev = &info->control->dev;
74
75 if (dev->driver_info->indication) {
76 dev->driver_info->indication(dev, msg, buflen);
77 } else {
78 u32 status = le32_to_cpu(msg->status);
79
80 switch (status) {
81 case RNDIS_STATUS_MEDIA_CONNECT:
82 dev_info(udev, "rndis media connect\n");
83 break;
84 case RNDIS_STATUS_MEDIA_DISCONNECT:
85 dev_info(udev, "rndis media disconnect\n");
86 break;
87 default:
88 dev_info(udev, "rndis indication: 0x%08x\n", status);
89 }
90 }
91}
92
93/*
94 * RPC done RNDIS-style. Caller guarantees:
95 * - message is properly byteswapped
96 * - there's no other request pending
97 * - buf can hold up to 1KB response (required by RNDIS spec)
98 * On return, the first few entries are already byteswapped.
99 *
100 * Call context is likely probe(), before interface name is known,
101 * which is why we won't try to use it in the diagnostics.
102 */
103int rndis_command(struct usbnet *dev, struct rndis_msg_hdr *buf, int buflen)
104{
105 struct cdc_state *info = (void *) &dev->data;
106 struct usb_cdc_notification notification;
107 int master_ifnum;
108 int retval;
109 int partial;
110 unsigned count;
111 u32 xid = 0, msg_len, request_id, msg_type, rsp,
112 status;
113
114 /* REVISIT when this gets called from contexts other than probe() or
115 * disconnect(): either serialize, or dispatch responses on xid
116 */
117
118 msg_type = le32_to_cpu(buf->msg_type);
119
120 /* Issue the request; xid is unique, don't bother byteswapping it */
121 if (likely(msg_type != RNDIS_MSG_HALT && msg_type != RNDIS_MSG_RESET)) {
122 xid = dev->xid++;
123 if (!xid)
124 xid = dev->xid++;
125 buf->request_id = (__force __le32) xid;
126 }
127 master_ifnum = info->control->cur_altsetting->desc.bInterfaceNumber;
128 retval = usb_control_msg(dev->udev,
129 usb_sndctrlpipe(dev->udev, 0),
130 USB_CDC_SEND_ENCAPSULATED_COMMAND,
131 USB_TYPE_CLASS | USB_RECIP_INTERFACE,
132 0, master_ifnum,
133 buf, le32_to_cpu(buf->msg_len),
134 RNDIS_CONTROL_TIMEOUT_MS);
135 if (unlikely(retval < 0 || xid == 0))
136 return retval;
137
138 /* Some devices don't respond on the control channel until
139 * polled on the status channel, so do that first. */
140 if (dev->driver_info->data & RNDIS_DRIVER_DATA_POLL_STATUS) {
141 retval = usb_interrupt_msg(
142 dev->udev,
143 usb_rcvintpipe(dev->udev,
144 dev->status->desc.bEndpointAddress),
145 ¬ification, sizeof(notification), &partial,
146 RNDIS_CONTROL_TIMEOUT_MS);
147 if (unlikely(retval < 0))
148 return retval;
149 }
150
151 /* Poll the control channel; the request probably completed immediately */
152 rsp = le32_to_cpu(buf->msg_type) | RNDIS_MSG_COMPLETION;
153 for (count = 0; count < 10; count++) {
154 memset(buf, 0, CONTROL_BUFFER_SIZE);
155 retval = usb_control_msg(dev->udev,
156 usb_rcvctrlpipe(dev->udev, 0),
157 USB_CDC_GET_ENCAPSULATED_RESPONSE,
158 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
159 0, master_ifnum,
160 buf, buflen,
161 RNDIS_CONTROL_TIMEOUT_MS);
162 if (likely(retval >= 8)) {
163 msg_type = le32_to_cpu(buf->msg_type);
164 msg_len = le32_to_cpu(buf->msg_len);
165 status = le32_to_cpu(buf->status);
166 request_id = (__force u32) buf->request_id;
167 if (likely(msg_type == rsp)) {
168 if (likely(request_id == xid)) {
169 if (unlikely(rsp == RNDIS_MSG_RESET_C))
170 return 0;
171 if (likely(RNDIS_STATUS_SUCCESS ==
172 status))
173 return 0;
174 dev_dbg(&info->control->dev,
175 "rndis reply status %08x\n",
176 status);
177 return -EL3RST;
178 }
179 dev_dbg(&info->control->dev,
180 "rndis reply id %d expected %d\n",
181 request_id, xid);
182 /* then likely retry */
183 } else switch (msg_type) {
184 case RNDIS_MSG_INDICATE: /* fault/event */
185 rndis_msg_indicate(dev, (void *)buf, buflen);
186 break;
187 case RNDIS_MSG_KEEPALIVE: { /* ping */
188 struct rndis_keepalive_c *msg = (void *)buf;
189
190 msg->msg_type = cpu_to_le32(RNDIS_MSG_KEEPALIVE_C);
191 msg->msg_len = cpu_to_le32(sizeof *msg);
192 msg->status = cpu_to_le32(RNDIS_STATUS_SUCCESS);
193 retval = usb_control_msg(dev->udev,
194 usb_sndctrlpipe(dev->udev, 0),
195 USB_CDC_SEND_ENCAPSULATED_COMMAND,
196 USB_TYPE_CLASS | USB_RECIP_INTERFACE,
197 0, master_ifnum,
198 msg, sizeof *msg,
199 RNDIS_CONTROL_TIMEOUT_MS);
200 if (unlikely(retval < 0))
201 dev_dbg(&info->control->dev,
202 "rndis keepalive err %d\n",
203 retval);
204 }
205 break;
206 default:
207 dev_dbg(&info->control->dev,
208 "unexpected rndis msg %08x len %d\n",
209 le32_to_cpu(buf->msg_type), msg_len);
210 }
211 } else {
212 /* device probably issued a protocol stall; ignore */
213 dev_dbg(&info->control->dev,
214 "rndis response error, code %d\n", retval);
215 }
216 msleep(20);
217 }
218 dev_dbg(&info->control->dev, "rndis response timeout\n");
219 return -ETIMEDOUT;
220}
221EXPORT_SYMBOL_GPL(rndis_command);
222
223/*
224 * rndis_query:
225 *
226 * Performs a query for @oid along with 0 or more bytes of payload as
227 * specified by @in_len. If @reply_len is not set to -1 then the reply
228 * length is checked against this value, resulting in an error if it
229 * doesn't match.
230 *
231 * NOTE: Adding a payload exactly or greater than the size of the expected
232 * response payload is an evident requirement MSFT added for ActiveSync.
233 *
234 * The only exception is for OIDs that return a variably sized response,
235 * in which case no payload should be added. This undocumented (and
236 * nonsensical!) issue was found by sniffing protocol requests from the
237 * ActiveSync 4.1 Windows driver.
238 */
239static int rndis_query(struct usbnet *dev, struct usb_interface *intf,
240 void *buf, u32 oid, u32 in_len,
241 void **reply, int *reply_len)
242{
243 int retval;
244 union {
245 void *buf;
246 struct rndis_msg_hdr *header;
247 struct rndis_query *get;
248 struct rndis_query_c *get_c;
249 } u;
250 u32 off, len;
251
252 u.buf = buf;
253
254 memset(u.get, 0, sizeof *u.get + in_len);
255 u.get->msg_type = cpu_to_le32(RNDIS_MSG_QUERY);
256 u.get->msg_len = cpu_to_le32(sizeof *u.get + in_len);
257 u.get->oid = cpu_to_le32(oid);
258 u.get->len = cpu_to_le32(in_len);
259 u.get->offset = cpu_to_le32(20);
260
261 retval = rndis_command(dev, u.header, CONTROL_BUFFER_SIZE);
262 if (unlikely(retval < 0)) {
263 dev_err(&intf->dev, "RNDIS_MSG_QUERY(0x%08x) failed, %d\n",
264 oid, retval);
265 return retval;
266 }
267
268 off = le32_to_cpu(u.get_c->offset);
269 len = le32_to_cpu(u.get_c->len);
270 if (unlikely((8 + off + len) > CONTROL_BUFFER_SIZE))
271 goto response_error;
272
273 if (*reply_len != -1 && len != *reply_len)
274 goto response_error;
275
276 *reply = (unsigned char *) &u.get_c->request_id + off;
277 *reply_len = len;
278
279 return retval;
280
281response_error:
282 dev_err(&intf->dev, "RNDIS_MSG_QUERY(0x%08x) "
283 "invalid response - off %d len %d\n",
284 oid, off, len);
285 return -EDOM;
286}
287
288/* same as usbnet_netdev_ops but MTU change not allowed */
289static const struct net_device_ops rndis_netdev_ops = {
290 .ndo_open = usbnet_open,
291 .ndo_stop = usbnet_stop,
292 .ndo_start_xmit = usbnet_start_xmit,
293 .ndo_tx_timeout = usbnet_tx_timeout,
294 .ndo_get_stats64 = usbnet_get_stats64,
295 .ndo_set_mac_address = eth_mac_addr,
296 .ndo_validate_addr = eth_validate_addr,
297};
298
299int
300generic_rndis_bind(struct usbnet *dev, struct usb_interface *intf, int flags)
301{
302 int retval;
303 struct net_device *net = dev->net;
304 struct cdc_state *info = (void *) &dev->data;
305 union {
306 void *buf;
307 struct rndis_msg_hdr *header;
308 struct rndis_init *init;
309 struct rndis_init_c *init_c;
310 struct rndis_query *get;
311 struct rndis_query_c *get_c;
312 struct rndis_set *set;
313 struct rndis_set_c *set_c;
314 struct rndis_halt *halt;
315 } u;
316 u32 tmp;
317 __le32 phym_unspec, *phym;
318 int reply_len;
319 unsigned char *bp;
320
321 /* we can't rely on i/o from stack working, or stack allocation */
322 u.buf = kmalloc(CONTROL_BUFFER_SIZE, GFP_KERNEL);
323 if (!u.buf)
324 return -ENOMEM;
325 retval = usbnet_generic_cdc_bind(dev, intf);
326 if (retval < 0)
327 goto fail;
328
329 u.init->msg_type = cpu_to_le32(RNDIS_MSG_INIT);
330 u.init->msg_len = cpu_to_le32(sizeof *u.init);
331 u.init->major_version = cpu_to_le32(1);
332 u.init->minor_version = cpu_to_le32(0);
333
334 /* max transfer (in spec) is 0x4000 at full speed, but for
335 * TX we'll stick to one Ethernet packet plus RNDIS framing.
336 * For RX we handle drivers that zero-pad to end-of-packet.
337 * Don't let userspace change these settings.
338 *
339 * NOTE: there still seems to be wierdness here, as if we need
340 * to do some more things to make sure WinCE targets accept this.
341 * They default to jumbograms of 8KB or 16KB, which is absurd
342 * for such low data rates and which is also more than Linux
343 * can usually expect to allocate for SKB data...
344 */
345 net->hard_header_len += sizeof (struct rndis_data_hdr);
346 dev->hard_mtu = net->mtu + net->hard_header_len;
347
348 dev->maxpacket = usb_maxpacket(dev->udev, dev->out, 1);
349 if (dev->maxpacket == 0) {
350 netif_dbg(dev, probe, dev->net,
351 "dev->maxpacket can't be 0\n");
352 retval = -EINVAL;
353 goto fail_and_release;
354 }
355
356 dev->rx_urb_size = dev->hard_mtu + (dev->maxpacket + 1);
357 dev->rx_urb_size &= ~(dev->maxpacket - 1);
358 u.init->max_transfer_size = cpu_to_le32(dev->rx_urb_size);
359
360 net->netdev_ops = &rndis_netdev_ops;
361
362 retval = rndis_command(dev, u.header, CONTROL_BUFFER_SIZE);
363 if (unlikely(retval < 0)) {
364 /* it might not even be an RNDIS device!! */
365 dev_err(&intf->dev, "RNDIS init failed, %d\n", retval);
366 goto fail_and_release;
367 }
368 tmp = le32_to_cpu(u.init_c->max_transfer_size);
369 if (tmp < dev->hard_mtu) {
370 if (tmp <= net->hard_header_len) {
371 dev_err(&intf->dev,
372 "dev can't take %u byte packets (max %u)\n",
373 dev->hard_mtu, tmp);
374 retval = -EINVAL;
375 goto halt_fail_and_release;
376 }
377 dev_warn(&intf->dev,
378 "dev can't take %u byte packets (max %u), "
379 "adjusting MTU to %u\n",
380 dev->hard_mtu, tmp, tmp - net->hard_header_len);
381 dev->hard_mtu = tmp;
382 net->mtu = dev->hard_mtu - net->hard_header_len;
383 }
384
385 /* REVISIT: peripheral "alignment" request is ignored ... */
386 dev_dbg(&intf->dev,
387 "hard mtu %u (%u from dev), rx buflen %zu, align %d\n",
388 dev->hard_mtu, tmp, dev->rx_urb_size,
389 1 << le32_to_cpu(u.init_c->packet_alignment));
390
391 /* module has some device initialization code needs to be done right
392 * after RNDIS_INIT */
393 if (dev->driver_info->early_init &&
394 dev->driver_info->early_init(dev) != 0)
395 goto halt_fail_and_release;
396
397 /* Check physical medium */
398 phym = NULL;
399 reply_len = sizeof *phym;
400 retval = rndis_query(dev, intf, u.buf,
401 RNDIS_OID_GEN_PHYSICAL_MEDIUM,
402 0, (void **) &phym, &reply_len);
403 if (retval != 0 || !phym) {
404 /* OID is optional so don't fail here. */
405 phym_unspec = cpu_to_le32(RNDIS_PHYSICAL_MEDIUM_UNSPECIFIED);
406 phym = &phym_unspec;
407 }
408 if ((flags & FLAG_RNDIS_PHYM_WIRELESS) &&
409 le32_to_cpup(phym) != RNDIS_PHYSICAL_MEDIUM_WIRELESS_LAN) {
410 netif_dbg(dev, probe, dev->net,
411 "driver requires wireless physical medium, but device is not\n");
412 retval = -ENODEV;
413 goto halt_fail_and_release;
414 }
415 if ((flags & FLAG_RNDIS_PHYM_NOT_WIRELESS) &&
416 le32_to_cpup(phym) == RNDIS_PHYSICAL_MEDIUM_WIRELESS_LAN) {
417 netif_dbg(dev, probe, dev->net,
418 "driver requires non-wireless physical medium, but device is wireless.\n");
419 retval = -ENODEV;
420 goto halt_fail_and_release;
421 }
422
423 /* Get designated host ethernet address */
424 reply_len = ETH_ALEN;
425 retval = rndis_query(dev, intf, u.buf,
426 RNDIS_OID_802_3_PERMANENT_ADDRESS,
427 48, (void **) &bp, &reply_len);
428 if (unlikely(retval< 0)) {
429 dev_err(&intf->dev, "rndis get ethaddr, %d\n", retval);
430 goto halt_fail_and_release;
431 }
432
433 if (bp[0] & 0x02)
434 eth_hw_addr_random(net);
435 else
436 ether_addr_copy(net->dev_addr, bp);
437
438 /* set a nonzero filter to enable data transfers */
439 memset(u.set, 0, sizeof *u.set);
440 u.set->msg_type = cpu_to_le32(RNDIS_MSG_SET);
441 u.set->msg_len = cpu_to_le32(4 + sizeof *u.set);
442 u.set->oid = cpu_to_le32(RNDIS_OID_GEN_CURRENT_PACKET_FILTER);
443 u.set->len = cpu_to_le32(4);
444 u.set->offset = cpu_to_le32((sizeof *u.set) - 8);
445 *(__le32 *)(u.buf + sizeof *u.set) = cpu_to_le32(RNDIS_DEFAULT_FILTER);
446
447 retval = rndis_command(dev, u.header, CONTROL_BUFFER_SIZE);
448 if (unlikely(retval < 0)) {
449 dev_err(&intf->dev, "rndis set packet filter, %d\n", retval);
450 goto halt_fail_and_release;
451 }
452
453 retval = 0;
454
455 kfree(u.buf);
456 return retval;
457
458halt_fail_and_release:
459 memset(u.halt, 0, sizeof *u.halt);
460 u.halt->msg_type = cpu_to_le32(RNDIS_MSG_HALT);
461 u.halt->msg_len = cpu_to_le32(sizeof *u.halt);
462 (void) rndis_command(dev, (void *)u.halt, CONTROL_BUFFER_SIZE);
463fail_and_release:
464 usb_set_intfdata(info->data, NULL);
465 usb_driver_release_interface(driver_of(intf), info->data);
466 info->data = NULL;
467fail:
468 kfree(u.buf);
469 return retval;
470}
471EXPORT_SYMBOL_GPL(generic_rndis_bind);
472
473static int rndis_bind(struct usbnet *dev, struct usb_interface *intf)
474{
475 return generic_rndis_bind(dev, intf, FLAG_RNDIS_PHYM_NOT_WIRELESS);
476}
477
478void rndis_unbind(struct usbnet *dev, struct usb_interface *intf)
479{
480 struct rndis_halt *halt;
481
482 /* try to clear any rndis state/activity (no i/o from stack!) */
483 halt = kzalloc(CONTROL_BUFFER_SIZE, GFP_KERNEL);
484 if (halt) {
485 halt->msg_type = cpu_to_le32(RNDIS_MSG_HALT);
486 halt->msg_len = cpu_to_le32(sizeof *halt);
487 (void) rndis_command(dev, (void *)halt, CONTROL_BUFFER_SIZE);
488 kfree(halt);
489 }
490
491 usbnet_cdc_unbind(dev, intf);
492}
493EXPORT_SYMBOL_GPL(rndis_unbind);
494
495/*
496 * DATA -- host must not write zlps
497 */
498int rndis_rx_fixup(struct usbnet *dev, struct sk_buff *skb)
499{
500 /* This check is no longer done by usbnet */
501 if (skb->len < dev->net->hard_header_len)
502 return 0;
503
504 /* peripheral may have batched packets to us... */
505 while (likely(skb->len)) {
506 struct rndis_data_hdr *hdr = (void *)skb->data;
507 struct sk_buff *skb2;
508 u32 msg_type, msg_len, data_offset, data_len;
509
510 msg_type = le32_to_cpu(hdr->msg_type);
511 msg_len = le32_to_cpu(hdr->msg_len);
512 data_offset = le32_to_cpu(hdr->data_offset);
513 data_len = le32_to_cpu(hdr->data_len);
514
515 /* don't choke if we see oob, per-packet data, etc */
516 if (unlikely(msg_type != RNDIS_MSG_PACKET || skb->len < msg_len
517 || (data_offset + data_len + 8) > msg_len)) {
518 dev->net->stats.rx_frame_errors++;
519 netdev_dbg(dev->net, "bad rndis message %d/%d/%d/%d, len %d\n",
520 le32_to_cpu(hdr->msg_type),
521 msg_len, data_offset, data_len, skb->len);
522 return 0;
523 }
524 skb_pull(skb, 8 + data_offset);
525
526 /* at most one packet left? */
527 if (likely((data_len - skb->len) <= sizeof *hdr)) {
528 skb_trim(skb, data_len);
529 break;
530 }
531
532 /* try to return all the packets in the batch */
533 skb2 = skb_clone(skb, GFP_ATOMIC);
534 if (unlikely(!skb2))
535 break;
536 skb_pull(skb, msg_len - sizeof *hdr);
537 skb_trim(skb2, data_len);
538 usbnet_skb_return(dev, skb2);
539 }
540
541 /* caller will usbnet_skb_return the remaining packet */
542 return 1;
543}
544EXPORT_SYMBOL_GPL(rndis_rx_fixup);
545
546struct sk_buff *
547rndis_tx_fixup(struct usbnet *dev, struct sk_buff *skb, gfp_t flags)
548{
549 struct rndis_data_hdr *hdr;
550 struct sk_buff *skb2;
551 unsigned len = skb->len;
552
553 if (likely(!skb_cloned(skb))) {
554 int room = skb_headroom(skb);
555
556 /* enough head room as-is? */
557 if (unlikely((sizeof *hdr) <= room))
558 goto fill;
559
560 /* enough room, but needs to be readjusted? */
561 room += skb_tailroom(skb);
562 if (likely((sizeof *hdr) <= room)) {
563 skb->data = memmove(skb->head + sizeof *hdr,
564 skb->data, len);
565 skb_set_tail_pointer(skb, len);
566 goto fill;
567 }
568 }
569
570 /* create a new skb, with the correct size (and tailpad) */
571 skb2 = skb_copy_expand(skb, sizeof *hdr, 1, flags);
572 dev_kfree_skb_any(skb);
573 if (unlikely(!skb2))
574 return skb2;
575 skb = skb2;
576
577 /* fill out the RNDIS header. we won't bother trying to batch
578 * packets; Linux minimizes wasted bandwidth through tx queues.
579 */
580fill:
581 hdr = __skb_push(skb, sizeof *hdr);
582 memset(hdr, 0, sizeof *hdr);
583 hdr->msg_type = cpu_to_le32(RNDIS_MSG_PACKET);
584 hdr->msg_len = cpu_to_le32(skb->len);
585 hdr->data_offset = cpu_to_le32(sizeof(*hdr) - 8);
586 hdr->data_len = cpu_to_le32(len);
587
588 /* FIXME make the last packet always be short ... */
589 return skb;
590}
591EXPORT_SYMBOL_GPL(rndis_tx_fixup);
592
593
594static const struct driver_info rndis_info = {
595 .description = "RNDIS device",
596 .flags = FLAG_ETHER | FLAG_POINTTOPOINT | FLAG_FRAMING_RN | FLAG_NO_SETINT,
597 .bind = rndis_bind,
598 .unbind = rndis_unbind,
599 .status = rndis_status,
600 .rx_fixup = rndis_rx_fixup,
601 .tx_fixup = rndis_tx_fixup,
602};
603
604static const struct driver_info rndis_poll_status_info = {
605 .description = "RNDIS device (poll status before control)",
606 .flags = FLAG_ETHER | FLAG_POINTTOPOINT | FLAG_FRAMING_RN | FLAG_NO_SETINT,
607 .data = RNDIS_DRIVER_DATA_POLL_STATUS,
608 .bind = rndis_bind,
609 .unbind = rndis_unbind,
610 .status = rndis_status,
611 .rx_fixup = rndis_rx_fixup,
612 .tx_fixup = rndis_tx_fixup,
613};
614
615/*-------------------------------------------------------------------------*/
616
617static const struct usb_device_id products [] = {
618{
619 /* 2Wire HomePortal 1000SW */
620 USB_DEVICE_AND_INTERFACE_INFO(0x1630, 0x0042,
621 USB_CLASS_COMM, 2 /* ACM */, 0x0ff),
622 .driver_info = (unsigned long) &rndis_poll_status_info,
623}, {
624 /* RNDIS is MSFT's un-official variant of CDC ACM */
625 USB_INTERFACE_INFO(USB_CLASS_COMM, 2 /* ACM */, 0x0ff),
626 .driver_info = (unsigned long) &rndis_info,
627}, {
628 /* "ActiveSync" is an undocumented variant of RNDIS, used in WM5 */
629 USB_INTERFACE_INFO(USB_CLASS_MISC, 1, 1),
630 .driver_info = (unsigned long) &rndis_poll_status_info,
631}, {
632 /* RNDIS for tethering */
633 USB_INTERFACE_INFO(USB_CLASS_WIRELESS_CONTROLLER, 1, 3),
634 .driver_info = (unsigned long) &rndis_info,
635}, {
636 /* Novatel Verizon USB730L */
637 USB_INTERFACE_INFO(USB_CLASS_MISC, 4, 1),
638 .driver_info = (unsigned long) &rndis_info,
639},
640 { }, // END
641};
642MODULE_DEVICE_TABLE(usb, products);
643
644static struct usb_driver rndis_driver = {
645 .name = "rndis_host",
646 .id_table = products,
647 .probe = usbnet_probe,
648 .disconnect = usbnet_disconnect,
649 .suspend = usbnet_suspend,
650 .resume = usbnet_resume,
651 .disable_hub_initiated_lpm = 1,
652};
653
654module_usb_driver(rndis_driver);
655
656MODULE_AUTHOR("David Brownell");
657MODULE_DESCRIPTION("USB Host side RNDIS driver");
658MODULE_LICENSE("GPL");