Loading...
1/*
2 * ipheth.c - Apple iPhone USB Ethernet driver
3 *
4 * Copyright (c) 2009 Diego Giagio <diego@giagio.com>
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of GIAGIO.COM nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * Alternatively, provided that this notice is retained in full, this
20 * software may be distributed under the terms of the GNU General
21 * Public License ("GPL") version 2, in which case the provisions of the
22 * GPL apply INSTEAD OF those given above.
23 *
24 * The provided data structures and external interfaces from this code
25 * are not restricted to be used by modules with a GPL compatible license.
26 *
27 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
28 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
29 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
30 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
31 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
32 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
33 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
34 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
35 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
36 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
37 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
38 * DAMAGE.
39 *
40 *
41 * Attention: iPhone device must be paired, otherwise it won't respond to our
42 * driver. For more info: http://giagio.com/wiki/moin.cgi/iPhoneEthernetDriver
43 *
44 */
45
46#include <linux/kernel.h>
47#include <linux/errno.h>
48#include <linux/init.h>
49#include <linux/slab.h>
50#include <linux/module.h>
51#include <linux/netdevice.h>
52#include <linux/etherdevice.h>
53#include <linux/ethtool.h>
54#include <linux/usb.h>
55#include <linux/workqueue.h>
56
57#define USB_VENDOR_APPLE 0x05ac
58#define USB_PRODUCT_IPHONE 0x1290
59#define USB_PRODUCT_IPHONE_3G 0x1292
60#define USB_PRODUCT_IPHONE_3GS 0x1294
61#define USB_PRODUCT_IPHONE_4 0x1297
62#define USB_PRODUCT_IPHONE_4_VZW 0x129c
63
64#define IPHETH_USBINTF_CLASS 255
65#define IPHETH_USBINTF_SUBCLASS 253
66#define IPHETH_USBINTF_PROTO 1
67
68#define IPHETH_BUF_SIZE 1516
69#define IPHETH_IP_ALIGN 2 /* padding at front of URB */
70#define IPHETH_TX_TIMEOUT (5 * HZ)
71
72#define IPHETH_INTFNUM 2
73#define IPHETH_ALT_INTFNUM 1
74
75#define IPHETH_CTRL_ENDP 0x00
76#define IPHETH_CTRL_BUF_SIZE 0x40
77#define IPHETH_CTRL_TIMEOUT (5 * HZ)
78
79#define IPHETH_CMD_GET_MACADDR 0x00
80#define IPHETH_CMD_CARRIER_CHECK 0x45
81
82#define IPHETH_CARRIER_CHECK_TIMEOUT round_jiffies_relative(1 * HZ)
83#define IPHETH_CARRIER_ON 0x04
84
85static struct usb_device_id ipheth_table[] = {
86 { USB_DEVICE_AND_INTERFACE_INFO(
87 USB_VENDOR_APPLE, USB_PRODUCT_IPHONE,
88 IPHETH_USBINTF_CLASS, IPHETH_USBINTF_SUBCLASS,
89 IPHETH_USBINTF_PROTO) },
90 { USB_DEVICE_AND_INTERFACE_INFO(
91 USB_VENDOR_APPLE, USB_PRODUCT_IPHONE_3G,
92 IPHETH_USBINTF_CLASS, IPHETH_USBINTF_SUBCLASS,
93 IPHETH_USBINTF_PROTO) },
94 { USB_DEVICE_AND_INTERFACE_INFO(
95 USB_VENDOR_APPLE, USB_PRODUCT_IPHONE_3GS,
96 IPHETH_USBINTF_CLASS, IPHETH_USBINTF_SUBCLASS,
97 IPHETH_USBINTF_PROTO) },
98 { USB_DEVICE_AND_INTERFACE_INFO(
99 USB_VENDOR_APPLE, USB_PRODUCT_IPHONE_4,
100 IPHETH_USBINTF_CLASS, IPHETH_USBINTF_SUBCLASS,
101 IPHETH_USBINTF_PROTO) },
102 { USB_DEVICE_AND_INTERFACE_INFO(
103 USB_VENDOR_APPLE, USB_PRODUCT_IPHONE_4_VZW,
104 IPHETH_USBINTF_CLASS, IPHETH_USBINTF_SUBCLASS,
105 IPHETH_USBINTF_PROTO) },
106 { }
107};
108MODULE_DEVICE_TABLE(usb, ipheth_table);
109
110struct ipheth_device {
111 struct usb_device *udev;
112 struct usb_interface *intf;
113 struct net_device *net;
114 struct sk_buff *tx_skb;
115 struct urb *tx_urb;
116 struct urb *rx_urb;
117 unsigned char *tx_buf;
118 unsigned char *rx_buf;
119 unsigned char *ctrl_buf;
120 u8 bulk_in;
121 u8 bulk_out;
122 struct delayed_work carrier_work;
123};
124
125static int ipheth_rx_submit(struct ipheth_device *dev, gfp_t mem_flags);
126
127static int ipheth_alloc_urbs(struct ipheth_device *iphone)
128{
129 struct urb *tx_urb = NULL;
130 struct urb *rx_urb = NULL;
131 u8 *tx_buf = NULL;
132 u8 *rx_buf = NULL;
133
134 tx_urb = usb_alloc_urb(0, GFP_KERNEL);
135 if (tx_urb == NULL)
136 goto error_nomem;
137
138 rx_urb = usb_alloc_urb(0, GFP_KERNEL);
139 if (rx_urb == NULL)
140 goto free_tx_urb;
141
142 tx_buf = usb_alloc_coherent(iphone->udev, IPHETH_BUF_SIZE,
143 GFP_KERNEL, &tx_urb->transfer_dma);
144 if (tx_buf == NULL)
145 goto free_rx_urb;
146
147 rx_buf = usb_alloc_coherent(iphone->udev, IPHETH_BUF_SIZE,
148 GFP_KERNEL, &rx_urb->transfer_dma);
149 if (rx_buf == NULL)
150 goto free_tx_buf;
151
152
153 iphone->tx_urb = tx_urb;
154 iphone->rx_urb = rx_urb;
155 iphone->tx_buf = tx_buf;
156 iphone->rx_buf = rx_buf;
157 return 0;
158
159free_tx_buf:
160 usb_free_coherent(iphone->udev, IPHETH_BUF_SIZE, tx_buf,
161 tx_urb->transfer_dma);
162free_rx_urb:
163 usb_free_urb(rx_urb);
164free_tx_urb:
165 usb_free_urb(tx_urb);
166error_nomem:
167 return -ENOMEM;
168}
169
170static void ipheth_free_urbs(struct ipheth_device *iphone)
171{
172 usb_free_coherent(iphone->udev, IPHETH_BUF_SIZE, iphone->rx_buf,
173 iphone->rx_urb->transfer_dma);
174 usb_free_coherent(iphone->udev, IPHETH_BUF_SIZE, iphone->tx_buf,
175 iphone->tx_urb->transfer_dma);
176 usb_free_urb(iphone->rx_urb);
177 usb_free_urb(iphone->tx_urb);
178}
179
180static void ipheth_kill_urbs(struct ipheth_device *dev)
181{
182 usb_kill_urb(dev->tx_urb);
183 usb_kill_urb(dev->rx_urb);
184}
185
186static void ipheth_rcvbulk_callback(struct urb *urb)
187{
188 struct ipheth_device *dev;
189 struct sk_buff *skb;
190 int status;
191 char *buf;
192 int len;
193
194 dev = urb->context;
195 if (dev == NULL)
196 return;
197
198 status = urb->status;
199 switch (status) {
200 case -ENOENT:
201 case -ECONNRESET:
202 case -ESHUTDOWN:
203 return;
204 case 0:
205 break;
206 default:
207 err("%s: urb status: %d", __func__, status);
208 return;
209 }
210
211 if (urb->actual_length <= IPHETH_IP_ALIGN) {
212 dev->net->stats.rx_length_errors++;
213 return;
214 }
215 len = urb->actual_length - IPHETH_IP_ALIGN;
216 buf = urb->transfer_buffer + IPHETH_IP_ALIGN;
217
218 skb = dev_alloc_skb(len);
219 if (!skb) {
220 err("%s: dev_alloc_skb: -ENOMEM", __func__);
221 dev->net->stats.rx_dropped++;
222 return;
223 }
224
225 memcpy(skb_put(skb, len), buf, len);
226 skb->dev = dev->net;
227 skb->protocol = eth_type_trans(skb, dev->net);
228
229 dev->net->stats.rx_packets++;
230 dev->net->stats.rx_bytes += len;
231
232 netif_rx(skb);
233 ipheth_rx_submit(dev, GFP_ATOMIC);
234}
235
236static void ipheth_sndbulk_callback(struct urb *urb)
237{
238 struct ipheth_device *dev;
239 int status = urb->status;
240
241 dev = urb->context;
242 if (dev == NULL)
243 return;
244
245 if (status != 0 &&
246 status != -ENOENT &&
247 status != -ECONNRESET &&
248 status != -ESHUTDOWN)
249 err("%s: urb status: %d", __func__, status);
250
251 dev_kfree_skb_irq(dev->tx_skb);
252 netif_wake_queue(dev->net);
253}
254
255static int ipheth_carrier_set(struct ipheth_device *dev)
256{
257 struct usb_device *udev = dev->udev;
258 int retval;
259
260 retval = usb_control_msg(udev,
261 usb_rcvctrlpipe(udev, IPHETH_CTRL_ENDP),
262 IPHETH_CMD_CARRIER_CHECK, /* request */
263 0xc0, /* request type */
264 0x00, /* value */
265 0x02, /* index */
266 dev->ctrl_buf, IPHETH_CTRL_BUF_SIZE,
267 IPHETH_CTRL_TIMEOUT);
268 if (retval < 0) {
269 err("%s: usb_control_msg: %d", __func__, retval);
270 return retval;
271 }
272
273 if (dev->ctrl_buf[0] == IPHETH_CARRIER_ON)
274 netif_carrier_on(dev->net);
275 else
276 netif_carrier_off(dev->net);
277
278 return 0;
279}
280
281static void ipheth_carrier_check_work(struct work_struct *work)
282{
283 struct ipheth_device *dev = container_of(work, struct ipheth_device,
284 carrier_work.work);
285
286 ipheth_carrier_set(dev);
287 schedule_delayed_work(&dev->carrier_work, IPHETH_CARRIER_CHECK_TIMEOUT);
288}
289
290static int ipheth_get_macaddr(struct ipheth_device *dev)
291{
292 struct usb_device *udev = dev->udev;
293 struct net_device *net = dev->net;
294 int retval;
295
296 retval = usb_control_msg(udev,
297 usb_rcvctrlpipe(udev, IPHETH_CTRL_ENDP),
298 IPHETH_CMD_GET_MACADDR, /* request */
299 0xc0, /* request type */
300 0x00, /* value */
301 0x02, /* index */
302 dev->ctrl_buf,
303 IPHETH_CTRL_BUF_SIZE,
304 IPHETH_CTRL_TIMEOUT);
305 if (retval < 0) {
306 err("%s: usb_control_msg: %d", __func__, retval);
307 } else if (retval < ETH_ALEN) {
308 err("%s: usb_control_msg: short packet: %d bytes",
309 __func__, retval);
310 retval = -EINVAL;
311 } else {
312 memcpy(net->dev_addr, dev->ctrl_buf, ETH_ALEN);
313 retval = 0;
314 }
315
316 return retval;
317}
318
319static int ipheth_rx_submit(struct ipheth_device *dev, gfp_t mem_flags)
320{
321 struct usb_device *udev = dev->udev;
322 int retval;
323
324 usb_fill_bulk_urb(dev->rx_urb, udev,
325 usb_rcvbulkpipe(udev, dev->bulk_in),
326 dev->rx_buf, IPHETH_BUF_SIZE,
327 ipheth_rcvbulk_callback,
328 dev);
329 dev->rx_urb->transfer_flags |= URB_NO_TRANSFER_DMA_MAP;
330
331 retval = usb_submit_urb(dev->rx_urb, mem_flags);
332 if (retval)
333 err("%s: usb_submit_urb: %d", __func__, retval);
334 return retval;
335}
336
337static int ipheth_open(struct net_device *net)
338{
339 struct ipheth_device *dev = netdev_priv(net);
340 struct usb_device *udev = dev->udev;
341 int retval = 0;
342
343 usb_set_interface(udev, IPHETH_INTFNUM, IPHETH_ALT_INTFNUM);
344
345 retval = ipheth_carrier_set(dev);
346 if (retval)
347 return retval;
348
349 retval = ipheth_rx_submit(dev, GFP_KERNEL);
350 if (retval)
351 return retval;
352
353 schedule_delayed_work(&dev->carrier_work, IPHETH_CARRIER_CHECK_TIMEOUT);
354 netif_start_queue(net);
355 return retval;
356}
357
358static int ipheth_close(struct net_device *net)
359{
360 struct ipheth_device *dev = netdev_priv(net);
361
362 cancel_delayed_work_sync(&dev->carrier_work);
363 netif_stop_queue(net);
364 return 0;
365}
366
367static int ipheth_tx(struct sk_buff *skb, struct net_device *net)
368{
369 struct ipheth_device *dev = netdev_priv(net);
370 struct usb_device *udev = dev->udev;
371 int retval;
372
373 /* Paranoid */
374 if (skb->len > IPHETH_BUF_SIZE) {
375 WARN(1, "%s: skb too large: %d bytes\n", __func__, skb->len);
376 dev->net->stats.tx_dropped++;
377 dev_kfree_skb_irq(skb);
378 return NETDEV_TX_OK;
379 }
380
381 memcpy(dev->tx_buf, skb->data, skb->len);
382 if (skb->len < IPHETH_BUF_SIZE)
383 memset(dev->tx_buf + skb->len, 0, IPHETH_BUF_SIZE - skb->len);
384
385 usb_fill_bulk_urb(dev->tx_urb, udev,
386 usb_sndbulkpipe(udev, dev->bulk_out),
387 dev->tx_buf, IPHETH_BUF_SIZE,
388 ipheth_sndbulk_callback,
389 dev);
390 dev->tx_urb->transfer_flags |= URB_NO_TRANSFER_DMA_MAP;
391
392 retval = usb_submit_urb(dev->tx_urb, GFP_ATOMIC);
393 if (retval) {
394 err("%s: usb_submit_urb: %d", __func__, retval);
395 dev->net->stats.tx_errors++;
396 dev_kfree_skb_irq(skb);
397 } else {
398 dev->tx_skb = skb;
399
400 dev->net->stats.tx_packets++;
401 dev->net->stats.tx_bytes += skb->len;
402 netif_stop_queue(net);
403 }
404
405 return NETDEV_TX_OK;
406}
407
408static void ipheth_tx_timeout(struct net_device *net)
409{
410 struct ipheth_device *dev = netdev_priv(net);
411
412 err("%s: TX timeout", __func__);
413 dev->net->stats.tx_errors++;
414 usb_unlink_urb(dev->tx_urb);
415}
416
417static u32 ipheth_ethtool_op_get_link(struct net_device *net)
418{
419 struct ipheth_device *dev = netdev_priv(net);
420 return netif_carrier_ok(dev->net);
421}
422
423static struct ethtool_ops ops = {
424 .get_link = ipheth_ethtool_op_get_link
425};
426
427static const struct net_device_ops ipheth_netdev_ops = {
428 .ndo_open = ipheth_open,
429 .ndo_stop = ipheth_close,
430 .ndo_start_xmit = ipheth_tx,
431 .ndo_tx_timeout = ipheth_tx_timeout,
432};
433
434static int ipheth_probe(struct usb_interface *intf,
435 const struct usb_device_id *id)
436{
437 struct usb_device *udev = interface_to_usbdev(intf);
438 struct usb_host_interface *hintf;
439 struct usb_endpoint_descriptor *endp;
440 struct ipheth_device *dev;
441 struct net_device *netdev;
442 int i;
443 int retval;
444
445 netdev = alloc_etherdev(sizeof(struct ipheth_device));
446 if (!netdev)
447 return -ENOMEM;
448
449 netdev->netdev_ops = &ipheth_netdev_ops;
450 netdev->watchdog_timeo = IPHETH_TX_TIMEOUT;
451 strcpy(netdev->name, "eth%d");
452
453 dev = netdev_priv(netdev);
454 dev->udev = udev;
455 dev->net = netdev;
456 dev->intf = intf;
457
458 /* Set up endpoints */
459 hintf = usb_altnum_to_altsetting(intf, IPHETH_ALT_INTFNUM);
460 if (hintf == NULL) {
461 retval = -ENODEV;
462 err("Unable to find alternate settings interface");
463 goto err_endpoints;
464 }
465
466 for (i = 0; i < hintf->desc.bNumEndpoints; i++) {
467 endp = &hintf->endpoint[i].desc;
468 if (usb_endpoint_is_bulk_in(endp))
469 dev->bulk_in = endp->bEndpointAddress;
470 else if (usb_endpoint_is_bulk_out(endp))
471 dev->bulk_out = endp->bEndpointAddress;
472 }
473 if (!(dev->bulk_in && dev->bulk_out)) {
474 retval = -ENODEV;
475 err("Unable to find endpoints");
476 goto err_endpoints;
477 }
478
479 dev->ctrl_buf = kmalloc(IPHETH_CTRL_BUF_SIZE, GFP_KERNEL);
480 if (dev->ctrl_buf == NULL) {
481 retval = -ENOMEM;
482 goto err_alloc_ctrl_buf;
483 }
484
485 retval = ipheth_get_macaddr(dev);
486 if (retval)
487 goto err_get_macaddr;
488
489 INIT_DELAYED_WORK(&dev->carrier_work, ipheth_carrier_check_work);
490
491 retval = ipheth_alloc_urbs(dev);
492 if (retval) {
493 err("error allocating urbs: %d", retval);
494 goto err_alloc_urbs;
495 }
496
497 usb_set_intfdata(intf, dev);
498
499 SET_NETDEV_DEV(netdev, &intf->dev);
500 SET_ETHTOOL_OPS(netdev, &ops);
501
502 retval = register_netdev(netdev);
503 if (retval) {
504 err("error registering netdev: %d", retval);
505 retval = -EIO;
506 goto err_register_netdev;
507 }
508
509 dev_info(&intf->dev, "Apple iPhone USB Ethernet device attached\n");
510 return 0;
511
512err_register_netdev:
513 ipheth_free_urbs(dev);
514err_alloc_urbs:
515err_get_macaddr:
516err_alloc_ctrl_buf:
517 kfree(dev->ctrl_buf);
518err_endpoints:
519 free_netdev(netdev);
520 return retval;
521}
522
523static void ipheth_disconnect(struct usb_interface *intf)
524{
525 struct ipheth_device *dev;
526
527 dev = usb_get_intfdata(intf);
528 if (dev != NULL) {
529 unregister_netdev(dev->net);
530 ipheth_kill_urbs(dev);
531 ipheth_free_urbs(dev);
532 kfree(dev->ctrl_buf);
533 free_netdev(dev->net);
534 }
535 usb_set_intfdata(intf, NULL);
536 dev_info(&intf->dev, "Apple iPhone USB Ethernet now disconnected\n");
537}
538
539static struct usb_driver ipheth_driver = {
540 .name = "ipheth",
541 .probe = ipheth_probe,
542 .disconnect = ipheth_disconnect,
543 .id_table = ipheth_table,
544};
545
546static int __init ipheth_init(void)
547{
548 int retval;
549
550 retval = usb_register(&ipheth_driver);
551 if (retval) {
552 err("usb_register failed: %d", retval);
553 return retval;
554 }
555 return 0;
556}
557
558static void __exit ipheth_exit(void)
559{
560 usb_deregister(&ipheth_driver);
561}
562
563module_init(ipheth_init);
564module_exit(ipheth_exit);
565
566MODULE_AUTHOR("Diego Giagio <diego@giagio.com>");
567MODULE_DESCRIPTION("Apple iPhone USB Ethernet driver");
568MODULE_LICENSE("Dual BSD/GPL");
1/*
2 * ipheth.c - Apple iPhone USB Ethernet driver
3 *
4 * Copyright (c) 2009 Diego Giagio <diego@giagio.com>
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of GIAGIO.COM nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * Alternatively, provided that this notice is retained in full, this
20 * software may be distributed under the terms of the GNU General
21 * Public License ("GPL") version 2, in which case the provisions of the
22 * GPL apply INSTEAD OF those given above.
23 *
24 * The provided data structures and external interfaces from this code
25 * are not restricted to be used by modules with a GPL compatible license.
26 *
27 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
28 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
29 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
30 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
31 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
32 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
33 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
34 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
35 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
36 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
37 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
38 * DAMAGE.
39 *
40 *
41 * Attention: iPhone device must be paired, otherwise it won't respond to our
42 * driver. For more info: http://giagio.com/wiki/moin.cgi/iPhoneEthernetDriver
43 *
44 */
45
46#include <linux/kernel.h>
47#include <linux/errno.h>
48#include <linux/slab.h>
49#include <linux/module.h>
50#include <linux/netdevice.h>
51#include <linux/etherdevice.h>
52#include <linux/ethtool.h>
53#include <linux/usb.h>
54#include <linux/workqueue.h>
55#include <linux/usb/cdc.h>
56
57#define USB_VENDOR_APPLE 0x05ac
58
59#define IPHETH_USBINTF_CLASS 255
60#define IPHETH_USBINTF_SUBCLASS 253
61#define IPHETH_USBINTF_PROTO 1
62
63#define IPHETH_IP_ALIGN 2 /* padding at front of URB */
64/* On iOS devices, NCM headers in RX have a fixed size regardless of DPE count:
65 * - NTH16 (NCMH): 12 bytes, as per CDC NCM 1.0 spec
66 * - NDP16 (NCM0): 96 bytes, of which
67 * - NDP16 fixed header: 8 bytes
68 * - maximum of 22 DPEs (21 datagrams + trailer), 4 bytes each
69 */
70#define IPHETH_NDP16_MAX_DPE 22
71#define IPHETH_NDP16_HEADER_SIZE (sizeof(struct usb_cdc_ncm_ndp16) + \
72 IPHETH_NDP16_MAX_DPE * \
73 sizeof(struct usb_cdc_ncm_dpe16))
74#define IPHETH_NCM_HEADER_SIZE (sizeof(struct usb_cdc_ncm_nth16) + \
75 IPHETH_NDP16_HEADER_SIZE)
76#define IPHETH_TX_BUF_SIZE ETH_FRAME_LEN
77#define IPHETH_RX_BUF_SIZE_LEGACY (IPHETH_IP_ALIGN + ETH_FRAME_LEN)
78#define IPHETH_RX_BUF_SIZE_NCM 65536
79
80#define IPHETH_TX_TIMEOUT (5 * HZ)
81
82#define IPHETH_INTFNUM 2
83#define IPHETH_ALT_INTFNUM 1
84
85#define IPHETH_CTRL_ENDP 0x00
86#define IPHETH_CTRL_BUF_SIZE 0x40
87#define IPHETH_CTRL_TIMEOUT (5 * HZ)
88
89#define IPHETH_CMD_GET_MACADDR 0x00
90#define IPHETH_CMD_ENABLE_NCM 0x04
91#define IPHETH_CMD_CARRIER_CHECK 0x45
92
93#define IPHETH_CARRIER_CHECK_TIMEOUT round_jiffies_relative(1 * HZ)
94#define IPHETH_CARRIER_ON 0x04
95
96static const struct usb_device_id ipheth_table[] = {
97 { USB_VENDOR_AND_INTERFACE_INFO(USB_VENDOR_APPLE, IPHETH_USBINTF_CLASS,
98 IPHETH_USBINTF_SUBCLASS,
99 IPHETH_USBINTF_PROTO) },
100 { }
101};
102MODULE_DEVICE_TABLE(usb, ipheth_table);
103
104struct ipheth_device {
105 struct usb_device *udev;
106 struct usb_interface *intf;
107 struct net_device *net;
108 struct urb *tx_urb;
109 struct urb *rx_urb;
110 unsigned char *tx_buf;
111 unsigned char *rx_buf;
112 unsigned char *ctrl_buf;
113 u8 bulk_in;
114 u8 bulk_out;
115 struct delayed_work carrier_work;
116 bool confirmed_pairing;
117 int (*rcvbulk_callback)(struct urb *urb);
118 size_t rx_buf_len;
119};
120
121static int ipheth_rx_submit(struct ipheth_device *dev, gfp_t mem_flags);
122
123static int ipheth_alloc_urbs(struct ipheth_device *iphone)
124{
125 struct urb *tx_urb = NULL;
126 struct urb *rx_urb = NULL;
127 u8 *tx_buf = NULL;
128 u8 *rx_buf = NULL;
129
130 tx_urb = usb_alloc_urb(0, GFP_KERNEL);
131 if (tx_urb == NULL)
132 goto error_nomem;
133
134 rx_urb = usb_alloc_urb(0, GFP_KERNEL);
135 if (rx_urb == NULL)
136 goto free_tx_urb;
137
138 tx_buf = usb_alloc_coherent(iphone->udev, IPHETH_TX_BUF_SIZE,
139 GFP_KERNEL, &tx_urb->transfer_dma);
140 if (tx_buf == NULL)
141 goto free_rx_urb;
142
143 rx_buf = usb_alloc_coherent(iphone->udev, iphone->rx_buf_len,
144 GFP_KERNEL, &rx_urb->transfer_dma);
145 if (rx_buf == NULL)
146 goto free_tx_buf;
147
148
149 iphone->tx_urb = tx_urb;
150 iphone->rx_urb = rx_urb;
151 iphone->tx_buf = tx_buf;
152 iphone->rx_buf = rx_buf;
153 return 0;
154
155free_tx_buf:
156 usb_free_coherent(iphone->udev, IPHETH_TX_BUF_SIZE, tx_buf,
157 tx_urb->transfer_dma);
158free_rx_urb:
159 usb_free_urb(rx_urb);
160free_tx_urb:
161 usb_free_urb(tx_urb);
162error_nomem:
163 return -ENOMEM;
164}
165
166static void ipheth_free_urbs(struct ipheth_device *iphone)
167{
168 usb_free_coherent(iphone->udev, iphone->rx_buf_len, iphone->rx_buf,
169 iphone->rx_urb->transfer_dma);
170 usb_free_coherent(iphone->udev, IPHETH_TX_BUF_SIZE, iphone->tx_buf,
171 iphone->tx_urb->transfer_dma);
172 usb_free_urb(iphone->rx_urb);
173 usb_free_urb(iphone->tx_urb);
174}
175
176static void ipheth_kill_urbs(struct ipheth_device *dev)
177{
178 usb_kill_urb(dev->tx_urb);
179 usb_kill_urb(dev->rx_urb);
180}
181
182static int ipheth_consume_skb(char *buf, int len, struct ipheth_device *dev)
183{
184 struct sk_buff *skb;
185
186 skb = dev_alloc_skb(len);
187 if (!skb) {
188 dev->net->stats.rx_dropped++;
189 return -ENOMEM;
190 }
191
192 skb_put_data(skb, buf, len);
193 skb->dev = dev->net;
194 skb->protocol = eth_type_trans(skb, dev->net);
195
196 dev->net->stats.rx_packets++;
197 dev->net->stats.rx_bytes += len;
198 netif_rx(skb);
199
200 return 0;
201}
202
203static int ipheth_rcvbulk_callback_legacy(struct urb *urb)
204{
205 struct ipheth_device *dev;
206 char *buf;
207 int len;
208
209 dev = urb->context;
210
211 if (urb->actual_length <= IPHETH_IP_ALIGN) {
212 dev->net->stats.rx_length_errors++;
213 return -EINVAL;
214 }
215 len = urb->actual_length - IPHETH_IP_ALIGN;
216 buf = urb->transfer_buffer + IPHETH_IP_ALIGN;
217
218 return ipheth_consume_skb(buf, len, dev);
219}
220
221/* In "NCM mode", the iOS device encapsulates RX (phone->computer) traffic
222 * in NCM Transfer Blocks (similarly to CDC NCM). However, unlike reverse
223 * tethering (handled by the `cdc_ncm` driver), regular tethering is not
224 * compliant with the CDC NCM spec, as the device is missing the necessary
225 * descriptors, and TX (computer->phone) traffic is not encapsulated
226 * at all. Thus `ipheth` implements a very limited subset of the spec with
227 * the sole purpose of parsing RX URBs.
228 */
229static int ipheth_rcvbulk_callback_ncm(struct urb *urb)
230{
231 struct usb_cdc_ncm_nth16 *ncmh;
232 struct usb_cdc_ncm_ndp16 *ncm0;
233 struct usb_cdc_ncm_dpe16 *dpe;
234 struct ipheth_device *dev;
235 u16 dg_idx, dg_len;
236 int retval = -EINVAL;
237 char *buf;
238
239 dev = urb->context;
240
241 if (urb->actual_length < IPHETH_NCM_HEADER_SIZE) {
242 dev->net->stats.rx_length_errors++;
243 return retval;
244 }
245
246 ncmh = urb->transfer_buffer;
247 if (ncmh->dwSignature != cpu_to_le32(USB_CDC_NCM_NTH16_SIGN) ||
248 /* On iOS, NDP16 directly follows NTH16 */
249 ncmh->wNdpIndex != cpu_to_le16(sizeof(struct usb_cdc_ncm_nth16)))
250 goto rx_error;
251
252 ncm0 = urb->transfer_buffer + sizeof(struct usb_cdc_ncm_nth16);
253 if (ncm0->dwSignature != cpu_to_le32(USB_CDC_NCM_NDP16_NOCRC_SIGN))
254 goto rx_error;
255
256 dpe = ncm0->dpe16;
257 for (int dpe_i = 0; dpe_i < IPHETH_NDP16_MAX_DPE; ++dpe_i, ++dpe) {
258 dg_idx = le16_to_cpu(dpe->wDatagramIndex);
259 dg_len = le16_to_cpu(dpe->wDatagramLength);
260
261 /* Null DPE must be present after last datagram pointer entry
262 * (3.3.1 USB CDC NCM spec v1.0)
263 */
264 if (dg_idx == 0 && dg_len == 0)
265 return 0;
266
267 if (dg_idx < IPHETH_NCM_HEADER_SIZE ||
268 dg_idx >= urb->actual_length ||
269 dg_len > urb->actual_length - dg_idx) {
270 dev->net->stats.rx_length_errors++;
271 return retval;
272 }
273
274 buf = urb->transfer_buffer + dg_idx;
275
276 retval = ipheth_consume_skb(buf, dg_len, dev);
277 if (retval != 0)
278 return retval;
279 }
280
281rx_error:
282 dev->net->stats.rx_errors++;
283 return retval;
284}
285
286static void ipheth_rcvbulk_callback(struct urb *urb)
287{
288 struct ipheth_device *dev;
289 int retval, status;
290
291 dev = urb->context;
292 if (dev == NULL)
293 return;
294
295 status = urb->status;
296 switch (status) {
297 case -ENOENT:
298 case -ECONNRESET:
299 case -ESHUTDOWN:
300 case -EPROTO:
301 return;
302 case 0:
303 break;
304 default:
305 dev_err(&dev->intf->dev, "%s: urb status: %d\n",
306 __func__, status);
307 return;
308 }
309
310 /* iPhone may periodically send URBs with no payload
311 * on the "bulk in" endpoint. It is safe to ignore them.
312 */
313 if (urb->actual_length == 0)
314 goto rx_submit;
315
316 /* RX URBs starting with 0x00 0x01 do not encapsulate Ethernet frames,
317 * but rather are control frames. Their purpose is not documented, and
318 * they don't affect driver functionality, okay to drop them.
319 * There is usually just one 4-byte control frame as the very first
320 * URB received from the bulk IN endpoint.
321 */
322 if (unlikely
323 (urb->actual_length == 4 &&
324 ((char *)urb->transfer_buffer)[0] == 0 &&
325 ((char *)urb->transfer_buffer)[1] == 1))
326 goto rx_submit;
327
328 retval = dev->rcvbulk_callback(urb);
329 if (retval != 0) {
330 dev_err(&dev->intf->dev, "%s: callback retval: %d\n",
331 __func__, retval);
332 }
333
334rx_submit:
335 dev->confirmed_pairing = true;
336 ipheth_rx_submit(dev, GFP_ATOMIC);
337}
338
339static void ipheth_sndbulk_callback(struct urb *urb)
340{
341 struct ipheth_device *dev;
342 int status = urb->status;
343
344 dev = urb->context;
345 if (dev == NULL)
346 return;
347
348 if (status != 0 &&
349 status != -ENOENT &&
350 status != -ECONNRESET &&
351 status != -ESHUTDOWN)
352 dev_err(&dev->intf->dev, "%s: urb status: %d\n",
353 __func__, status);
354
355 if (status == 0)
356 netif_wake_queue(dev->net);
357 else
358 // on URB error, trigger immediate poll
359 schedule_delayed_work(&dev->carrier_work, 0);
360}
361
362static int ipheth_carrier_set(struct ipheth_device *dev)
363{
364 struct usb_device *udev;
365 int retval;
366
367 if (!dev->confirmed_pairing)
368 return 0;
369
370 udev = dev->udev;
371 retval = usb_control_msg(udev,
372 usb_rcvctrlpipe(udev, IPHETH_CTRL_ENDP),
373 IPHETH_CMD_CARRIER_CHECK, /* request */
374 0xc0, /* request type */
375 0x00, /* value */
376 0x02, /* index */
377 dev->ctrl_buf, IPHETH_CTRL_BUF_SIZE,
378 IPHETH_CTRL_TIMEOUT);
379 if (retval <= 0) {
380 dev_err(&dev->intf->dev, "%s: usb_control_msg: %d\n",
381 __func__, retval);
382 return retval;
383 }
384
385 if ((retval == 1 && dev->ctrl_buf[0] == IPHETH_CARRIER_ON) ||
386 (retval >= 2 && dev->ctrl_buf[1] == IPHETH_CARRIER_ON)) {
387 netif_carrier_on(dev->net);
388 if (dev->tx_urb->status != -EINPROGRESS)
389 netif_wake_queue(dev->net);
390 } else {
391 netif_carrier_off(dev->net);
392 netif_stop_queue(dev->net);
393 }
394 return 0;
395}
396
397static void ipheth_carrier_check_work(struct work_struct *work)
398{
399 struct ipheth_device *dev = container_of(work, struct ipheth_device,
400 carrier_work.work);
401
402 ipheth_carrier_set(dev);
403 schedule_delayed_work(&dev->carrier_work, IPHETH_CARRIER_CHECK_TIMEOUT);
404}
405
406static int ipheth_get_macaddr(struct ipheth_device *dev)
407{
408 struct usb_device *udev = dev->udev;
409 struct net_device *net = dev->net;
410 int retval;
411
412 retval = usb_control_msg(udev,
413 usb_rcvctrlpipe(udev, IPHETH_CTRL_ENDP),
414 IPHETH_CMD_GET_MACADDR, /* request */
415 0xc0, /* request type */
416 0x00, /* value */
417 0x02, /* index */
418 dev->ctrl_buf,
419 IPHETH_CTRL_BUF_SIZE,
420 IPHETH_CTRL_TIMEOUT);
421 if (retval < 0) {
422 dev_err(&dev->intf->dev, "%s: usb_control_msg: %d\n",
423 __func__, retval);
424 } else if (retval < ETH_ALEN) {
425 dev_err(&dev->intf->dev,
426 "%s: usb_control_msg: short packet: %d bytes\n",
427 __func__, retval);
428 retval = -EINVAL;
429 } else {
430 eth_hw_addr_set(net, dev->ctrl_buf);
431 retval = 0;
432 }
433
434 return retval;
435}
436
437static int ipheth_enable_ncm(struct ipheth_device *dev)
438{
439 struct usb_device *udev = dev->udev;
440 int retval;
441
442 retval = usb_control_msg(udev,
443 usb_sndctrlpipe(udev, IPHETH_CTRL_ENDP),
444 IPHETH_CMD_ENABLE_NCM, /* request */
445 0x41, /* request type */
446 0x00, /* value */
447 0x02, /* index */
448 NULL,
449 0,
450 IPHETH_CTRL_TIMEOUT);
451
452 dev_info(&dev->intf->dev, "%s: usb_control_msg: %d\n",
453 __func__, retval);
454
455 return retval;
456}
457
458static int ipheth_rx_submit(struct ipheth_device *dev, gfp_t mem_flags)
459{
460 struct usb_device *udev = dev->udev;
461 int retval;
462
463 usb_fill_bulk_urb(dev->rx_urb, udev,
464 usb_rcvbulkpipe(udev, dev->bulk_in),
465 dev->rx_buf, dev->rx_buf_len,
466 ipheth_rcvbulk_callback,
467 dev);
468 dev->rx_urb->transfer_flags |= URB_NO_TRANSFER_DMA_MAP;
469
470 retval = usb_submit_urb(dev->rx_urb, mem_flags);
471 if (retval)
472 dev_err(&dev->intf->dev, "%s: usb_submit_urb: %d\n",
473 __func__, retval);
474 return retval;
475}
476
477static int ipheth_open(struct net_device *net)
478{
479 struct ipheth_device *dev = netdev_priv(net);
480 struct usb_device *udev = dev->udev;
481 int retval = 0;
482
483 usb_set_interface(udev, IPHETH_INTFNUM, IPHETH_ALT_INTFNUM);
484
485 retval = ipheth_carrier_set(dev);
486 if (retval)
487 return retval;
488
489 retval = ipheth_rx_submit(dev, GFP_KERNEL);
490 if (retval)
491 return retval;
492
493 schedule_delayed_work(&dev->carrier_work, IPHETH_CARRIER_CHECK_TIMEOUT);
494 return retval;
495}
496
497static int ipheth_close(struct net_device *net)
498{
499 struct ipheth_device *dev = netdev_priv(net);
500
501 netif_stop_queue(net);
502 cancel_delayed_work_sync(&dev->carrier_work);
503 return 0;
504}
505
506static netdev_tx_t ipheth_tx(struct sk_buff *skb, struct net_device *net)
507{
508 struct ipheth_device *dev = netdev_priv(net);
509 struct usb_device *udev = dev->udev;
510 int retval;
511
512 /* Paranoid */
513 if (skb->len > IPHETH_TX_BUF_SIZE) {
514 WARN(1, "%s: skb too large: %d bytes\n", __func__, skb->len);
515 dev->net->stats.tx_dropped++;
516 dev_kfree_skb_any(skb);
517 return NETDEV_TX_OK;
518 }
519
520 memcpy(dev->tx_buf, skb->data, skb->len);
521
522 usb_fill_bulk_urb(dev->tx_urb, udev,
523 usb_sndbulkpipe(udev, dev->bulk_out),
524 dev->tx_buf, skb->len,
525 ipheth_sndbulk_callback,
526 dev);
527 dev->tx_urb->transfer_flags |= URB_NO_TRANSFER_DMA_MAP;
528
529 netif_stop_queue(net);
530 retval = usb_submit_urb(dev->tx_urb, GFP_ATOMIC);
531 if (retval) {
532 dev_err(&dev->intf->dev, "%s: usb_submit_urb: %d\n",
533 __func__, retval);
534 dev->net->stats.tx_errors++;
535 dev_kfree_skb_any(skb);
536 netif_wake_queue(net);
537 } else {
538 dev->net->stats.tx_packets++;
539 dev->net->stats.tx_bytes += skb->len;
540 dev_consume_skb_any(skb);
541 }
542
543 return NETDEV_TX_OK;
544}
545
546static void ipheth_tx_timeout(struct net_device *net, unsigned int txqueue)
547{
548 struct ipheth_device *dev = netdev_priv(net);
549
550 dev_err(&dev->intf->dev, "%s: TX timeout\n", __func__);
551 dev->net->stats.tx_errors++;
552 usb_unlink_urb(dev->tx_urb);
553}
554
555static u32 ipheth_ethtool_op_get_link(struct net_device *net)
556{
557 struct ipheth_device *dev = netdev_priv(net);
558 return netif_carrier_ok(dev->net);
559}
560
561static const struct ethtool_ops ops = {
562 .get_link = ipheth_ethtool_op_get_link
563};
564
565static const struct net_device_ops ipheth_netdev_ops = {
566 .ndo_open = ipheth_open,
567 .ndo_stop = ipheth_close,
568 .ndo_start_xmit = ipheth_tx,
569 .ndo_tx_timeout = ipheth_tx_timeout,
570};
571
572static int ipheth_probe(struct usb_interface *intf,
573 const struct usb_device_id *id)
574{
575 struct usb_device *udev = interface_to_usbdev(intf);
576 struct usb_host_interface *hintf;
577 struct usb_endpoint_descriptor *endp;
578 struct ipheth_device *dev;
579 struct net_device *netdev;
580 int i;
581 int retval;
582
583 netdev = alloc_etherdev(sizeof(struct ipheth_device));
584 if (!netdev)
585 return -ENOMEM;
586
587 netdev->netdev_ops = &ipheth_netdev_ops;
588 netdev->watchdog_timeo = IPHETH_TX_TIMEOUT;
589 strscpy(netdev->name, "eth%d", sizeof(netdev->name));
590
591 dev = netdev_priv(netdev);
592 dev->udev = udev;
593 dev->net = netdev;
594 dev->intf = intf;
595 dev->confirmed_pairing = false;
596 dev->rx_buf_len = IPHETH_RX_BUF_SIZE_LEGACY;
597 dev->rcvbulk_callback = ipheth_rcvbulk_callback_legacy;
598 /* Set up endpoints */
599 hintf = usb_altnum_to_altsetting(intf, IPHETH_ALT_INTFNUM);
600 if (hintf == NULL) {
601 retval = -ENODEV;
602 dev_err(&intf->dev, "Unable to find alternate settings interface\n");
603 goto err_endpoints;
604 }
605
606 for (i = 0; i < hintf->desc.bNumEndpoints; i++) {
607 endp = &hintf->endpoint[i].desc;
608 if (usb_endpoint_is_bulk_in(endp))
609 dev->bulk_in = endp->bEndpointAddress;
610 else if (usb_endpoint_is_bulk_out(endp))
611 dev->bulk_out = endp->bEndpointAddress;
612 }
613 if (!(dev->bulk_in && dev->bulk_out)) {
614 retval = -ENODEV;
615 dev_err(&intf->dev, "Unable to find endpoints\n");
616 goto err_endpoints;
617 }
618
619 dev->ctrl_buf = kmalloc(IPHETH_CTRL_BUF_SIZE, GFP_KERNEL);
620 if (dev->ctrl_buf == NULL) {
621 retval = -ENOMEM;
622 goto err_alloc_ctrl_buf;
623 }
624
625 retval = ipheth_get_macaddr(dev);
626 if (retval)
627 goto err_get_macaddr;
628
629 retval = ipheth_enable_ncm(dev);
630 if (!retval) {
631 dev->rx_buf_len = IPHETH_RX_BUF_SIZE_NCM;
632 dev->rcvbulk_callback = ipheth_rcvbulk_callback_ncm;
633 }
634
635 INIT_DELAYED_WORK(&dev->carrier_work, ipheth_carrier_check_work);
636
637 retval = ipheth_alloc_urbs(dev);
638 if (retval) {
639 dev_err(&intf->dev, "error allocating urbs: %d\n", retval);
640 goto err_alloc_urbs;
641 }
642
643 usb_set_intfdata(intf, dev);
644
645 SET_NETDEV_DEV(netdev, &intf->dev);
646 netdev->ethtool_ops = &ops;
647
648 retval = register_netdev(netdev);
649 if (retval) {
650 dev_err(&intf->dev, "error registering netdev: %d\n", retval);
651 retval = -EIO;
652 goto err_register_netdev;
653 }
654 // carrier down and transmit queues stopped until packet from device
655 netif_carrier_off(netdev);
656 netif_tx_stop_all_queues(netdev);
657 dev_info(&intf->dev, "Apple iPhone USB Ethernet device attached\n");
658 return 0;
659
660err_register_netdev:
661 ipheth_free_urbs(dev);
662err_alloc_urbs:
663err_get_macaddr:
664 kfree(dev->ctrl_buf);
665err_alloc_ctrl_buf:
666err_endpoints:
667 free_netdev(netdev);
668 return retval;
669}
670
671static void ipheth_disconnect(struct usb_interface *intf)
672{
673 struct ipheth_device *dev;
674
675 dev = usb_get_intfdata(intf);
676 if (dev != NULL) {
677 unregister_netdev(dev->net);
678 ipheth_kill_urbs(dev);
679 ipheth_free_urbs(dev);
680 kfree(dev->ctrl_buf);
681 free_netdev(dev->net);
682 }
683 usb_set_intfdata(intf, NULL);
684 dev_info(&intf->dev, "Apple iPhone USB Ethernet now disconnected\n");
685}
686
687static struct usb_driver ipheth_driver = {
688 .name = "ipheth",
689 .probe = ipheth_probe,
690 .disconnect = ipheth_disconnect,
691 .id_table = ipheth_table,
692 .disable_hub_initiated_lpm = 1,
693};
694
695module_usb_driver(ipheth_driver);
696
697MODULE_AUTHOR("Diego Giagio <diego@giagio.com>");
698MODULE_DESCRIPTION("Apple iPhone USB Ethernet driver");
699MODULE_LICENSE("Dual BSD/GPL");