Loading...
1/*
2 * This program is free software; you can distribute it and/or modify it
3 * under the terms of the GNU General Public License (Version 2) as
4 * published by the Free Software Foundation.
5 *
6 * This program is distributed in the hope it will be useful, but WITHOUT
7 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
8 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
9 * for more details.
10 *
11 * You should have received a copy of the GNU General Public License along
12 * with this program; if not, see <http://www.gnu.org/licenses/>.
13 *
14 * Copyright (C) Hans Alblas PE1AYX <hans@esrac.ele.tue.nl>
15 * Copyright (C) 2004, 05 Ralf Baechle DL5RB <ralf@linux-mips.org>
16 * Copyright (C) 2004, 05 Thomas Osterried DL9SAU <thomas@x-berg.in-berlin.de>
17 */
18#include <linux/module.h>
19#include <linux/bitops.h>
20#include <linux/uaccess.h>
21#include <linux/crc16.h>
22#include <linux/string.h>
23#include <linux/mm.h>
24#include <linux/interrupt.h>
25#include <linux/in.h>
26#include <linux/inet.h>
27#include <linux/slab.h>
28#include <linux/tty.h>
29#include <linux/errno.h>
30#include <linux/netdevice.h>
31#include <linux/major.h>
32#include <linux/init.h>
33#include <linux/rtnetlink.h>
34#include <linux/etherdevice.h>
35#include <linux/skbuff.h>
36#include <linux/if_arp.h>
37#include <linux/jiffies.h>
38#include <linux/compat.h>
39
40#include <net/ax25.h>
41
42#define AX_MTU 236
43
44/* SLIP/KISS protocol characters. */
45#define END 0300 /* indicates end of frame */
46#define ESC 0333 /* indicates byte stuffing */
47#define ESC_END 0334 /* ESC ESC_END means END 'data' */
48#define ESC_ESC 0335 /* ESC ESC_ESC means ESC 'data' */
49
50struct mkiss {
51 struct tty_struct *tty; /* ptr to TTY structure */
52 struct net_device *dev; /* easy for intr handling */
53
54 /* These are pointers to the malloc()ed frame buffers. */
55 spinlock_t buflock;/* lock for rbuf and xbuf */
56 unsigned char *rbuff; /* receiver buffer */
57 int rcount; /* received chars counter */
58 unsigned char *xbuff; /* transmitter buffer */
59 unsigned char *xhead; /* pointer to next byte to XMIT */
60 int xleft; /* bytes left in XMIT queue */
61
62 /* Detailed SLIP statistics. */
63 int mtu; /* Our mtu (to spot changes!) */
64 int buffsize; /* Max buffers sizes */
65
66 unsigned long flags; /* Flag values/ mode etc */
67 /* long req'd: used by set_bit --RR */
68#define AXF_INUSE 0 /* Channel in use */
69#define AXF_ESCAPE 1 /* ESC received */
70#define AXF_ERROR 2 /* Parity, etc. error */
71#define AXF_KEEPTEST 3 /* Keepalive test flag */
72#define AXF_OUTWAIT 4 /* is outpacket was flag */
73
74 int mode;
75 int crcmode; /* MW: for FlexNet, SMACK etc. */
76 int crcauto; /* CRC auto mode */
77
78#define CRC_MODE_NONE 0
79#define CRC_MODE_FLEX 1
80#define CRC_MODE_SMACK 2
81#define CRC_MODE_FLEX_TEST 3
82#define CRC_MODE_SMACK_TEST 4
83
84 atomic_t refcnt;
85 struct semaphore dead_sem;
86};
87
88/*---------------------------------------------------------------------------*/
89
90static const unsigned short crc_flex_table[] = {
91 0x0f87, 0x1e0e, 0x2c95, 0x3d1c, 0x49a3, 0x582a, 0x6ab1, 0x7b38,
92 0x83cf, 0x9246, 0xa0dd, 0xb154, 0xc5eb, 0xd462, 0xe6f9, 0xf770,
93 0x1f06, 0x0e8f, 0x3c14, 0x2d9d, 0x5922, 0x48ab, 0x7a30, 0x6bb9,
94 0x934e, 0x82c7, 0xb05c, 0xa1d5, 0xd56a, 0xc4e3, 0xf678, 0xe7f1,
95 0x2e85, 0x3f0c, 0x0d97, 0x1c1e, 0x68a1, 0x7928, 0x4bb3, 0x5a3a,
96 0xa2cd, 0xb344, 0x81df, 0x9056, 0xe4e9, 0xf560, 0xc7fb, 0xd672,
97 0x3e04, 0x2f8d, 0x1d16, 0x0c9f, 0x7820, 0x69a9, 0x5b32, 0x4abb,
98 0xb24c, 0xa3c5, 0x915e, 0x80d7, 0xf468, 0xe5e1, 0xd77a, 0xc6f3,
99 0x4d83, 0x5c0a, 0x6e91, 0x7f18, 0x0ba7, 0x1a2e, 0x28b5, 0x393c,
100 0xc1cb, 0xd042, 0xe2d9, 0xf350, 0x87ef, 0x9666, 0xa4fd, 0xb574,
101 0x5d02, 0x4c8b, 0x7e10, 0x6f99, 0x1b26, 0x0aaf, 0x3834, 0x29bd,
102 0xd14a, 0xc0c3, 0xf258, 0xe3d1, 0x976e, 0x86e7, 0xb47c, 0xa5f5,
103 0x6c81, 0x7d08, 0x4f93, 0x5e1a, 0x2aa5, 0x3b2c, 0x09b7, 0x183e,
104 0xe0c9, 0xf140, 0xc3db, 0xd252, 0xa6ed, 0xb764, 0x85ff, 0x9476,
105 0x7c00, 0x6d89, 0x5f12, 0x4e9b, 0x3a24, 0x2bad, 0x1936, 0x08bf,
106 0xf048, 0xe1c1, 0xd35a, 0xc2d3, 0xb66c, 0xa7e5, 0x957e, 0x84f7,
107 0x8b8f, 0x9a06, 0xa89d, 0xb914, 0xcdab, 0xdc22, 0xeeb9, 0xff30,
108 0x07c7, 0x164e, 0x24d5, 0x355c, 0x41e3, 0x506a, 0x62f1, 0x7378,
109 0x9b0e, 0x8a87, 0xb81c, 0xa995, 0xdd2a, 0xcca3, 0xfe38, 0xefb1,
110 0x1746, 0x06cf, 0x3454, 0x25dd, 0x5162, 0x40eb, 0x7270, 0x63f9,
111 0xaa8d, 0xbb04, 0x899f, 0x9816, 0xeca9, 0xfd20, 0xcfbb, 0xde32,
112 0x26c5, 0x374c, 0x05d7, 0x145e, 0x60e1, 0x7168, 0x43f3, 0x527a,
113 0xba0c, 0xab85, 0x991e, 0x8897, 0xfc28, 0xeda1, 0xdf3a, 0xceb3,
114 0x3644, 0x27cd, 0x1556, 0x04df, 0x7060, 0x61e9, 0x5372, 0x42fb,
115 0xc98b, 0xd802, 0xea99, 0xfb10, 0x8faf, 0x9e26, 0xacbd, 0xbd34,
116 0x45c3, 0x544a, 0x66d1, 0x7758, 0x03e7, 0x126e, 0x20f5, 0x317c,
117 0xd90a, 0xc883, 0xfa18, 0xeb91, 0x9f2e, 0x8ea7, 0xbc3c, 0xadb5,
118 0x5542, 0x44cb, 0x7650, 0x67d9, 0x1366, 0x02ef, 0x3074, 0x21fd,
119 0xe889, 0xf900, 0xcb9b, 0xda12, 0xaead, 0xbf24, 0x8dbf, 0x9c36,
120 0x64c1, 0x7548, 0x47d3, 0x565a, 0x22e5, 0x336c, 0x01f7, 0x107e,
121 0xf808, 0xe981, 0xdb1a, 0xca93, 0xbe2c, 0xafa5, 0x9d3e, 0x8cb7,
122 0x7440, 0x65c9, 0x5752, 0x46db, 0x3264, 0x23ed, 0x1176, 0x00ff
123};
124
125static unsigned short calc_crc_flex(unsigned char *cp, int size)
126{
127 unsigned short crc = 0xffff;
128
129 while (size--)
130 crc = (crc << 8) ^ crc_flex_table[((crc >> 8) ^ *cp++) & 0xff];
131
132 return crc;
133}
134
135static int check_crc_flex(unsigned char *cp, int size)
136{
137 unsigned short crc = 0xffff;
138
139 if (size < 3)
140 return -1;
141
142 while (size--)
143 crc = (crc << 8) ^ crc_flex_table[((crc >> 8) ^ *cp++) & 0xff];
144
145 if ((crc & 0xffff) != 0x7070)
146 return -1;
147
148 return 0;
149}
150
151static int check_crc_16(unsigned char *cp, int size)
152{
153 unsigned short crc = 0x0000;
154
155 if (size < 3)
156 return -1;
157
158 crc = crc16(0, cp, size);
159
160 if (crc != 0x0000)
161 return -1;
162
163 return 0;
164}
165
166/*
167 * Standard encapsulation
168 */
169
170static int kiss_esc(unsigned char *s, unsigned char *d, int len)
171{
172 unsigned char *ptr = d;
173 unsigned char c;
174
175 /*
176 * Send an initial END character to flush out any data that may have
177 * accumulated in the receiver due to line noise.
178 */
179
180 *ptr++ = END;
181
182 while (len-- > 0) {
183 switch (c = *s++) {
184 case END:
185 *ptr++ = ESC;
186 *ptr++ = ESC_END;
187 break;
188 case ESC:
189 *ptr++ = ESC;
190 *ptr++ = ESC_ESC;
191 break;
192 default:
193 *ptr++ = c;
194 break;
195 }
196 }
197
198 *ptr++ = END;
199
200 return ptr - d;
201}
202
203/*
204 * MW:
205 * OK its ugly, but tell me a better solution without copying the
206 * packet to a temporary buffer :-)
207 */
208static int kiss_esc_crc(unsigned char *s, unsigned char *d, unsigned short crc,
209 int len)
210{
211 unsigned char *ptr = d;
212 unsigned char c=0;
213
214 *ptr++ = END;
215 while (len > 0) {
216 if (len > 2)
217 c = *s++;
218 else if (len > 1)
219 c = crc >> 8;
220 else if (len > 0)
221 c = crc & 0xff;
222
223 len--;
224
225 switch (c) {
226 case END:
227 *ptr++ = ESC;
228 *ptr++ = ESC_END;
229 break;
230 case ESC:
231 *ptr++ = ESC;
232 *ptr++ = ESC_ESC;
233 break;
234 default:
235 *ptr++ = c;
236 break;
237 }
238 }
239 *ptr++ = END;
240
241 return ptr - d;
242}
243
244/* Send one completely decapsulated AX.25 packet to the AX.25 layer. */
245static void ax_bump(struct mkiss *ax)
246{
247 struct sk_buff *skb;
248 int count;
249
250 spin_lock_bh(&ax->buflock);
251 if (ax->rbuff[0] > 0x0f) {
252 if (ax->rbuff[0] & 0x80) {
253 if (check_crc_16(ax->rbuff, ax->rcount) < 0) {
254 ax->dev->stats.rx_errors++;
255 spin_unlock_bh(&ax->buflock);
256
257 return;
258 }
259 if (ax->crcmode != CRC_MODE_SMACK && ax->crcauto) {
260 printk(KERN_INFO
261 "mkiss: %s: Switching to crc-smack\n",
262 ax->dev->name);
263 ax->crcmode = CRC_MODE_SMACK;
264 }
265 ax->rcount -= 2;
266 *ax->rbuff &= ~0x80;
267 } else if (ax->rbuff[0] & 0x20) {
268 if (check_crc_flex(ax->rbuff, ax->rcount) < 0) {
269 ax->dev->stats.rx_errors++;
270 spin_unlock_bh(&ax->buflock);
271 return;
272 }
273 if (ax->crcmode != CRC_MODE_FLEX && ax->crcauto) {
274 printk(KERN_INFO
275 "mkiss: %s: Switching to crc-flexnet\n",
276 ax->dev->name);
277 ax->crcmode = CRC_MODE_FLEX;
278 }
279 ax->rcount -= 2;
280
281 /*
282 * dl9sau bugfix: the trailling two bytes flexnet crc
283 * will not be passed to the kernel. thus we have to
284 * correct the kissparm signature, because it indicates
285 * a crc but there's none
286 */
287 *ax->rbuff &= ~0x20;
288 }
289 }
290
291 count = ax->rcount;
292
293 if ((skb = dev_alloc_skb(count)) == NULL) {
294 printk(KERN_ERR "mkiss: %s: memory squeeze, dropping packet.\n",
295 ax->dev->name);
296 ax->dev->stats.rx_dropped++;
297 spin_unlock_bh(&ax->buflock);
298 return;
299 }
300
301 skb_put_data(skb, ax->rbuff, count);
302 skb->protocol = ax25_type_trans(skb, ax->dev);
303 netif_rx(skb);
304 ax->dev->stats.rx_packets++;
305 ax->dev->stats.rx_bytes += count;
306 spin_unlock_bh(&ax->buflock);
307}
308
309static void kiss_unesc(struct mkiss *ax, unsigned char s)
310{
311 switch (s) {
312 case END:
313 /* drop keeptest bit = VSV */
314 if (test_bit(AXF_KEEPTEST, &ax->flags))
315 clear_bit(AXF_KEEPTEST, &ax->flags);
316
317 if (!test_and_clear_bit(AXF_ERROR, &ax->flags) && (ax->rcount > 2))
318 ax_bump(ax);
319
320 clear_bit(AXF_ESCAPE, &ax->flags);
321 ax->rcount = 0;
322 return;
323
324 case ESC:
325 set_bit(AXF_ESCAPE, &ax->flags);
326 return;
327 case ESC_ESC:
328 if (test_and_clear_bit(AXF_ESCAPE, &ax->flags))
329 s = ESC;
330 break;
331 case ESC_END:
332 if (test_and_clear_bit(AXF_ESCAPE, &ax->flags))
333 s = END;
334 break;
335 }
336
337 spin_lock_bh(&ax->buflock);
338 if (!test_bit(AXF_ERROR, &ax->flags)) {
339 if (ax->rcount < ax->buffsize) {
340 ax->rbuff[ax->rcount++] = s;
341 spin_unlock_bh(&ax->buflock);
342 return;
343 }
344
345 ax->dev->stats.rx_over_errors++;
346 set_bit(AXF_ERROR, &ax->flags);
347 }
348 spin_unlock_bh(&ax->buflock);
349}
350
351static int ax_set_mac_address(struct net_device *dev, void *addr)
352{
353 struct sockaddr_ax25 *sa = addr;
354
355 netif_tx_lock_bh(dev);
356 netif_addr_lock(dev);
357 memcpy(dev->dev_addr, &sa->sax25_call, AX25_ADDR_LEN);
358 netif_addr_unlock(dev);
359 netif_tx_unlock_bh(dev);
360
361 return 0;
362}
363
364/*---------------------------------------------------------------------------*/
365
366static void ax_changedmtu(struct mkiss *ax)
367{
368 struct net_device *dev = ax->dev;
369 unsigned char *xbuff, *rbuff, *oxbuff, *orbuff;
370 int len;
371
372 len = dev->mtu * 2;
373
374 /*
375 * allow for arrival of larger UDP packets, even if we say not to
376 * also fixes a bug in which SunOS sends 512-byte packets even with
377 * an MSS of 128
378 */
379 if (len < 576 * 2)
380 len = 576 * 2;
381
382 xbuff = kmalloc(len + 4, GFP_ATOMIC);
383 rbuff = kmalloc(len + 4, GFP_ATOMIC);
384
385 if (xbuff == NULL || rbuff == NULL) {
386 printk(KERN_ERR "mkiss: %s: unable to grow ax25 buffers, "
387 "MTU change cancelled.\n",
388 ax->dev->name);
389 dev->mtu = ax->mtu;
390 kfree(xbuff);
391 kfree(rbuff);
392 return;
393 }
394
395 spin_lock_bh(&ax->buflock);
396
397 oxbuff = ax->xbuff;
398 ax->xbuff = xbuff;
399 orbuff = ax->rbuff;
400 ax->rbuff = rbuff;
401
402 if (ax->xleft) {
403 if (ax->xleft <= len) {
404 memcpy(ax->xbuff, ax->xhead, ax->xleft);
405 } else {
406 ax->xleft = 0;
407 dev->stats.tx_dropped++;
408 }
409 }
410
411 ax->xhead = ax->xbuff;
412
413 if (ax->rcount) {
414 if (ax->rcount <= len) {
415 memcpy(ax->rbuff, orbuff, ax->rcount);
416 } else {
417 ax->rcount = 0;
418 dev->stats.rx_over_errors++;
419 set_bit(AXF_ERROR, &ax->flags);
420 }
421 }
422
423 ax->mtu = dev->mtu + 73;
424 ax->buffsize = len;
425
426 spin_unlock_bh(&ax->buflock);
427
428 kfree(oxbuff);
429 kfree(orbuff);
430}
431
432/* Encapsulate one AX.25 packet and stuff into a TTY queue. */
433static void ax_encaps(struct net_device *dev, unsigned char *icp, int len)
434{
435 struct mkiss *ax = netdev_priv(dev);
436 unsigned char *p;
437 int actual, count;
438
439 if (ax->mtu != ax->dev->mtu + 73) /* Someone has been ifconfigging */
440 ax_changedmtu(ax);
441
442 if (len > ax->mtu) { /* Sigh, shouldn't occur BUT ... */
443 printk(KERN_ERR "mkiss: %s: truncating oversized transmit packet!\n", ax->dev->name);
444 dev->stats.tx_dropped++;
445 netif_start_queue(dev);
446 return;
447 }
448
449 p = icp;
450
451 spin_lock_bh(&ax->buflock);
452 if ((*p & 0x0f) != 0) {
453 /* Configuration Command (kissparms(1).
454 * Protocol spec says: never append CRC.
455 * This fixes a very old bug in the linux
456 * kiss driver. -- dl9sau */
457 switch (*p & 0xff) {
458 case 0x85:
459 /* command from userspace especially for us,
460 * not for delivery to the tnc */
461 if (len > 1) {
462 int cmd = (p[1] & 0xff);
463 switch(cmd) {
464 case 3:
465 ax->crcmode = CRC_MODE_SMACK;
466 break;
467 case 2:
468 ax->crcmode = CRC_MODE_FLEX;
469 break;
470 case 1:
471 ax->crcmode = CRC_MODE_NONE;
472 break;
473 case 0:
474 default:
475 ax->crcmode = CRC_MODE_SMACK_TEST;
476 cmd = 0;
477 }
478 ax->crcauto = (cmd ? 0 : 1);
479 printk(KERN_INFO "mkiss: %s: crc mode set to %d\n",
480 ax->dev->name, cmd);
481 }
482 spin_unlock_bh(&ax->buflock);
483 netif_start_queue(dev);
484
485 return;
486 default:
487 count = kiss_esc(p, ax->xbuff, len);
488 }
489 } else {
490 unsigned short crc;
491 switch (ax->crcmode) {
492 case CRC_MODE_SMACK_TEST:
493 ax->crcmode = CRC_MODE_FLEX_TEST;
494 printk(KERN_INFO "mkiss: %s: Trying crc-smack\n", ax->dev->name);
495 // fall through
496 case CRC_MODE_SMACK:
497 *p |= 0x80;
498 crc = swab16(crc16(0, p, len));
499 count = kiss_esc_crc(p, ax->xbuff, crc, len+2);
500 break;
501 case CRC_MODE_FLEX_TEST:
502 ax->crcmode = CRC_MODE_NONE;
503 printk(KERN_INFO "mkiss: %s: Trying crc-flexnet\n", ax->dev->name);
504 // fall through
505 case CRC_MODE_FLEX:
506 *p |= 0x20;
507 crc = calc_crc_flex(p, len);
508 count = kiss_esc_crc(p, ax->xbuff, crc, len+2);
509 break;
510
511 default:
512 count = kiss_esc(p, ax->xbuff, len);
513 }
514 }
515 spin_unlock_bh(&ax->buflock);
516
517 set_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags);
518 actual = ax->tty->ops->write(ax->tty, ax->xbuff, count);
519 dev->stats.tx_packets++;
520 dev->stats.tx_bytes += actual;
521
522 netif_trans_update(ax->dev);
523 ax->xleft = count - actual;
524 ax->xhead = ax->xbuff + actual;
525}
526
527/* Encapsulate an AX.25 packet and kick it into a TTY queue. */
528static netdev_tx_t ax_xmit(struct sk_buff *skb, struct net_device *dev)
529{
530 struct mkiss *ax = netdev_priv(dev);
531
532 if (skb->protocol == htons(ETH_P_IP))
533 return ax25_ip_xmit(skb);
534
535 if (!netif_running(dev)) {
536 printk(KERN_ERR "mkiss: %s: xmit call when iface is down\n", dev->name);
537 return NETDEV_TX_BUSY;
538 }
539
540 if (netif_queue_stopped(dev)) {
541 /*
542 * May be we must check transmitter timeout here ?
543 * 14 Oct 1994 Dmitry Gorodchanin.
544 */
545 if (time_before(jiffies, dev_trans_start(dev) + 20 * HZ)) {
546 /* 20 sec timeout not reached */
547 return NETDEV_TX_BUSY;
548 }
549
550 printk(KERN_ERR "mkiss: %s: transmit timed out, %s?\n", dev->name,
551 (tty_chars_in_buffer(ax->tty) || ax->xleft) ?
552 "bad line quality" : "driver error");
553
554 ax->xleft = 0;
555 clear_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags);
556 netif_start_queue(dev);
557 }
558
559 /* We were not busy, so we are now... :-) */
560 netif_stop_queue(dev);
561 ax_encaps(dev, skb->data, skb->len);
562 kfree_skb(skb);
563
564 return NETDEV_TX_OK;
565}
566
567static int ax_open_dev(struct net_device *dev)
568{
569 struct mkiss *ax = netdev_priv(dev);
570
571 if (ax->tty == NULL)
572 return -ENODEV;
573
574 return 0;
575}
576
577/* Open the low-level part of the AX25 channel. Easy! */
578static int ax_open(struct net_device *dev)
579{
580 struct mkiss *ax = netdev_priv(dev);
581 unsigned long len;
582
583 if (ax->tty == NULL)
584 return -ENODEV;
585
586 /*
587 * Allocate the frame buffers:
588 *
589 * rbuff Receive buffer.
590 * xbuff Transmit buffer.
591 */
592 len = dev->mtu * 2;
593
594 /*
595 * allow for arrival of larger UDP packets, even if we say not to
596 * also fixes a bug in which SunOS sends 512-byte packets even with
597 * an MSS of 128
598 */
599 if (len < 576 * 2)
600 len = 576 * 2;
601
602 if ((ax->rbuff = kmalloc(len + 4, GFP_KERNEL)) == NULL)
603 goto norbuff;
604
605 if ((ax->xbuff = kmalloc(len + 4, GFP_KERNEL)) == NULL)
606 goto noxbuff;
607
608 ax->mtu = dev->mtu + 73;
609 ax->buffsize = len;
610 ax->rcount = 0;
611 ax->xleft = 0;
612
613 ax->flags &= (1 << AXF_INUSE); /* Clear ESCAPE & ERROR flags */
614
615 spin_lock_init(&ax->buflock);
616
617 return 0;
618
619noxbuff:
620 kfree(ax->rbuff);
621
622norbuff:
623 return -ENOMEM;
624}
625
626
627/* Close the low-level part of the AX25 channel. Easy! */
628static int ax_close(struct net_device *dev)
629{
630 struct mkiss *ax = netdev_priv(dev);
631
632 if (ax->tty)
633 clear_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags);
634
635 netif_stop_queue(dev);
636
637 return 0;
638}
639
640static const struct net_device_ops ax_netdev_ops = {
641 .ndo_open = ax_open_dev,
642 .ndo_stop = ax_close,
643 .ndo_start_xmit = ax_xmit,
644 .ndo_set_mac_address = ax_set_mac_address,
645};
646
647static void ax_setup(struct net_device *dev)
648{
649 /* Finish setting up the DEVICE info. */
650 dev->mtu = AX_MTU;
651 dev->hard_header_len = AX25_MAX_HEADER_LEN;
652 dev->addr_len = AX25_ADDR_LEN;
653 dev->type = ARPHRD_AX25;
654 dev->tx_queue_len = 10;
655 dev->header_ops = &ax25_header_ops;
656 dev->netdev_ops = &ax_netdev_ops;
657
658
659 memcpy(dev->broadcast, &ax25_bcast, AX25_ADDR_LEN);
660 memcpy(dev->dev_addr, &ax25_defaddr, AX25_ADDR_LEN);
661
662 dev->flags = IFF_BROADCAST | IFF_MULTICAST;
663}
664
665/*
666 * We have a potential race on dereferencing tty->disc_data, because the tty
667 * layer provides no locking at all - thus one cpu could be running
668 * sixpack_receive_buf while another calls sixpack_close, which zeroes
669 * tty->disc_data and frees the memory that sixpack_receive_buf is using. The
670 * best way to fix this is to use a rwlock in the tty struct, but for now we
671 * use a single global rwlock for all ttys in ppp line discipline.
672 */
673static DEFINE_RWLOCK(disc_data_lock);
674
675static struct mkiss *mkiss_get(struct tty_struct *tty)
676{
677 struct mkiss *ax;
678
679 read_lock(&disc_data_lock);
680 ax = tty->disc_data;
681 if (ax)
682 atomic_inc(&ax->refcnt);
683 read_unlock(&disc_data_lock);
684
685 return ax;
686}
687
688static void mkiss_put(struct mkiss *ax)
689{
690 if (atomic_dec_and_test(&ax->refcnt))
691 up(&ax->dead_sem);
692}
693
694static int crc_force = 0; /* Can be overridden with insmod */
695
696static int mkiss_open(struct tty_struct *tty)
697{
698 struct net_device *dev;
699 struct mkiss *ax;
700 int err;
701
702 if (!capable(CAP_NET_ADMIN))
703 return -EPERM;
704 if (tty->ops->write == NULL)
705 return -EOPNOTSUPP;
706
707 dev = alloc_netdev(sizeof(struct mkiss), "ax%d", NET_NAME_UNKNOWN,
708 ax_setup);
709 if (!dev) {
710 err = -ENOMEM;
711 goto out;
712 }
713
714 ax = netdev_priv(dev);
715 ax->dev = dev;
716
717 spin_lock_init(&ax->buflock);
718 atomic_set(&ax->refcnt, 1);
719 sema_init(&ax->dead_sem, 0);
720
721 ax->tty = tty;
722 tty->disc_data = ax;
723 tty->receive_room = 65535;
724
725 tty_driver_flush_buffer(tty);
726
727 /* Restore default settings */
728 dev->type = ARPHRD_AX25;
729
730 /* Perform the low-level AX25 initialization. */
731 err = ax_open(ax->dev);
732 if (err)
733 goto out_free_netdev;
734
735 err = register_netdev(dev);
736 if (err)
737 goto out_free_buffers;
738
739 /* after register_netdev() - because else printk smashes the kernel */
740 switch (crc_force) {
741 case 3:
742 ax->crcmode = CRC_MODE_SMACK;
743 printk(KERN_INFO "mkiss: %s: crc mode smack forced.\n",
744 ax->dev->name);
745 break;
746 case 2:
747 ax->crcmode = CRC_MODE_FLEX;
748 printk(KERN_INFO "mkiss: %s: crc mode flexnet forced.\n",
749 ax->dev->name);
750 break;
751 case 1:
752 ax->crcmode = CRC_MODE_NONE;
753 printk(KERN_INFO "mkiss: %s: crc mode disabled.\n",
754 ax->dev->name);
755 break;
756 case 0:
757 /* fall through */
758 default:
759 crc_force = 0;
760 printk(KERN_INFO "mkiss: %s: crc mode is auto.\n",
761 ax->dev->name);
762 ax->crcmode = CRC_MODE_SMACK_TEST;
763 }
764 ax->crcauto = (crc_force ? 0 : 1);
765
766 netif_start_queue(dev);
767
768 /* Done. We have linked the TTY line to a channel. */
769 return 0;
770
771out_free_buffers:
772 kfree(ax->rbuff);
773 kfree(ax->xbuff);
774
775out_free_netdev:
776 free_netdev(dev);
777
778out:
779 return err;
780}
781
782static void mkiss_close(struct tty_struct *tty)
783{
784 struct mkiss *ax;
785
786 write_lock_bh(&disc_data_lock);
787 ax = tty->disc_data;
788 tty->disc_data = NULL;
789 write_unlock_bh(&disc_data_lock);
790
791 if (!ax)
792 return;
793
794 /*
795 * We have now ensured that nobody can start using ap from now on, but
796 * we have to wait for all existing users to finish.
797 */
798 if (!atomic_dec_and_test(&ax->refcnt))
799 down(&ax->dead_sem);
800 /*
801 * Halt the transmit queue so that a new transmit cannot scribble
802 * on our buffers
803 */
804 netif_stop_queue(ax->dev);
805
806 /* Free all AX25 frame buffers. */
807 kfree(ax->rbuff);
808 kfree(ax->xbuff);
809
810 ax->tty = NULL;
811
812 unregister_netdev(ax->dev);
813}
814
815/* Perform I/O control on an active ax25 channel. */
816static int mkiss_ioctl(struct tty_struct *tty, struct file *file,
817 unsigned int cmd, unsigned long arg)
818{
819 struct mkiss *ax = mkiss_get(tty);
820 struct net_device *dev;
821 unsigned int tmp, err;
822
823 /* First make sure we're connected. */
824 if (ax == NULL)
825 return -ENXIO;
826 dev = ax->dev;
827
828 switch (cmd) {
829 case SIOCGIFNAME:
830 err = copy_to_user((void __user *) arg, ax->dev->name,
831 strlen(ax->dev->name) + 1) ? -EFAULT : 0;
832 break;
833
834 case SIOCGIFENCAP:
835 err = put_user(4, (int __user *) arg);
836 break;
837
838 case SIOCSIFENCAP:
839 if (get_user(tmp, (int __user *) arg)) {
840 err = -EFAULT;
841 break;
842 }
843
844 ax->mode = tmp;
845 dev->addr_len = AX25_ADDR_LEN;
846 dev->hard_header_len = AX25_KISS_HEADER_LEN +
847 AX25_MAX_HEADER_LEN + 3;
848 dev->type = ARPHRD_AX25;
849
850 err = 0;
851 break;
852
853 case SIOCSIFHWADDR: {
854 char addr[AX25_ADDR_LEN];
855
856 if (copy_from_user(&addr,
857 (void __user *) arg, AX25_ADDR_LEN)) {
858 err = -EFAULT;
859 break;
860 }
861
862 netif_tx_lock_bh(dev);
863 memcpy(dev->dev_addr, addr, AX25_ADDR_LEN);
864 netif_tx_unlock_bh(dev);
865
866 err = 0;
867 break;
868 }
869 default:
870 err = -ENOIOCTLCMD;
871 }
872
873 mkiss_put(ax);
874
875 return err;
876}
877
878#ifdef CONFIG_COMPAT
879static long mkiss_compat_ioctl(struct tty_struct *tty, struct file *file,
880 unsigned int cmd, unsigned long arg)
881{
882 switch (cmd) {
883 case SIOCGIFNAME:
884 case SIOCGIFENCAP:
885 case SIOCSIFENCAP:
886 case SIOCSIFHWADDR:
887 return mkiss_ioctl(tty, file, cmd,
888 (unsigned long)compat_ptr(arg));
889 }
890
891 return -ENOIOCTLCMD;
892}
893#endif
894
895/*
896 * Handle the 'receiver data ready' interrupt.
897 * This function is called by the 'tty_io' module in the kernel when
898 * a block of data has been received, which can now be decapsulated
899 * and sent on to the AX.25 layer for further processing.
900 */
901static void mkiss_receive_buf(struct tty_struct *tty, const unsigned char *cp,
902 char *fp, int count)
903{
904 struct mkiss *ax = mkiss_get(tty);
905
906 if (!ax)
907 return;
908
909 /*
910 * Argh! mtu change time! - costs us the packet part received
911 * at the change
912 */
913 if (ax->mtu != ax->dev->mtu + 73)
914 ax_changedmtu(ax);
915
916 /* Read the characters out of the buffer */
917 while (count--) {
918 if (fp != NULL && *fp++) {
919 if (!test_and_set_bit(AXF_ERROR, &ax->flags))
920 ax->dev->stats.rx_errors++;
921 cp++;
922 continue;
923 }
924
925 kiss_unesc(ax, *cp++);
926 }
927
928 mkiss_put(ax);
929 tty_unthrottle(tty);
930}
931
932/*
933 * Called by the driver when there's room for more data. If we have
934 * more packets to send, we send them here.
935 */
936static void mkiss_write_wakeup(struct tty_struct *tty)
937{
938 struct mkiss *ax = mkiss_get(tty);
939 int actual;
940
941 if (!ax)
942 return;
943
944 if (ax->xleft <= 0) {
945 /* Now serial buffer is almost free & we can start
946 * transmission of another packet
947 */
948 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
949
950 netif_wake_queue(ax->dev);
951 goto out;
952 }
953
954 actual = tty->ops->write(tty, ax->xhead, ax->xleft);
955 ax->xleft -= actual;
956 ax->xhead += actual;
957
958out:
959 mkiss_put(ax);
960}
961
962static struct tty_ldisc_ops ax_ldisc = {
963 .owner = THIS_MODULE,
964 .magic = TTY_LDISC_MAGIC,
965 .name = "mkiss",
966 .open = mkiss_open,
967 .close = mkiss_close,
968 .ioctl = mkiss_ioctl,
969#ifdef CONFIG_COMPAT
970 .compat_ioctl = mkiss_compat_ioctl,
971#endif
972 .receive_buf = mkiss_receive_buf,
973 .write_wakeup = mkiss_write_wakeup
974};
975
976static const char banner[] __initconst = KERN_INFO \
977 "mkiss: AX.25 Multikiss, Hans Albas PE1AYX\n";
978static const char msg_regfail[] __initconst = KERN_ERR \
979 "mkiss: can't register line discipline (err = %d)\n";
980
981static int __init mkiss_init_driver(void)
982{
983 int status;
984
985 printk(banner);
986
987 status = tty_register_ldisc(N_AX25, &ax_ldisc);
988 if (status != 0)
989 printk(msg_regfail, status);
990
991 return status;
992}
993
994static const char msg_unregfail[] = KERN_ERR \
995 "mkiss: can't unregister line discipline (err = %d)\n";
996
997static void __exit mkiss_exit_driver(void)
998{
999 int ret;
1000
1001 if ((ret = tty_unregister_ldisc(N_AX25)))
1002 printk(msg_unregfail, ret);
1003}
1004
1005MODULE_AUTHOR("Ralf Baechle DL5RB <ralf@linux-mips.org>");
1006MODULE_DESCRIPTION("KISS driver for AX.25 over TTYs");
1007module_param(crc_force, int, 0);
1008MODULE_PARM_DESC(crc_force, "crc [0 = auto | 1 = none | 2 = flexnet | 3 = smack]");
1009MODULE_LICENSE("GPL");
1010MODULE_ALIAS_LDISC(N_AX25);
1011
1012module_init(mkiss_init_driver);
1013module_exit(mkiss_exit_driver);
1/*
2 * This program is free software; you can distribute it and/or modify it
3 * under the terms of the GNU General Public License (Version 2) as
4 * published by the Free Software Foundation.
5 *
6 * This program is distributed in the hope it will be useful, but WITHOUT
7 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
8 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
9 * for more details.
10 *
11 * You should have received a copy of the GNU General Public License along
12 * with this program; if not, see <http://www.gnu.org/licenses/>.
13 *
14 * Copyright (C) Hans Alblas PE1AYX <hans@esrac.ele.tue.nl>
15 * Copyright (C) 2004, 05 Ralf Baechle DL5RB <ralf@linux-mips.org>
16 * Copyright (C) 2004, 05 Thomas Osterried DL9SAU <thomas@x-berg.in-berlin.de>
17 */
18#include <linux/module.h>
19#include <linux/bitops.h>
20#include <asm/uaccess.h>
21#include <linux/crc16.h>
22#include <linux/string.h>
23#include <linux/mm.h>
24#include <linux/interrupt.h>
25#include <linux/in.h>
26#include <linux/inet.h>
27#include <linux/slab.h>
28#include <linux/tty.h>
29#include <linux/errno.h>
30#include <linux/netdevice.h>
31#include <linux/major.h>
32#include <linux/init.h>
33#include <linux/rtnetlink.h>
34#include <linux/etherdevice.h>
35#include <linux/skbuff.h>
36#include <linux/if_arp.h>
37#include <linux/jiffies.h>
38#include <linux/compat.h>
39
40#include <net/ax25.h>
41
42#define AX_MTU 236
43
44/* SLIP/KISS protocol characters. */
45#define END 0300 /* indicates end of frame */
46#define ESC 0333 /* indicates byte stuffing */
47#define ESC_END 0334 /* ESC ESC_END means END 'data' */
48#define ESC_ESC 0335 /* ESC ESC_ESC means ESC 'data' */
49
50struct mkiss {
51 struct tty_struct *tty; /* ptr to TTY structure */
52 struct net_device *dev; /* easy for intr handling */
53
54 /* These are pointers to the malloc()ed frame buffers. */
55 spinlock_t buflock;/* lock for rbuf and xbuf */
56 unsigned char *rbuff; /* receiver buffer */
57 int rcount; /* received chars counter */
58 unsigned char *xbuff; /* transmitter buffer */
59 unsigned char *xhead; /* pointer to next byte to XMIT */
60 int xleft; /* bytes left in XMIT queue */
61
62 /* Detailed SLIP statistics. */
63 int mtu; /* Our mtu (to spot changes!) */
64 int buffsize; /* Max buffers sizes */
65
66 unsigned long flags; /* Flag values/ mode etc */
67 /* long req'd: used by set_bit --RR */
68#define AXF_INUSE 0 /* Channel in use */
69#define AXF_ESCAPE 1 /* ESC received */
70#define AXF_ERROR 2 /* Parity, etc. error */
71#define AXF_KEEPTEST 3 /* Keepalive test flag */
72#define AXF_OUTWAIT 4 /* is outpacket was flag */
73
74 int mode;
75 int crcmode; /* MW: for FlexNet, SMACK etc. */
76 int crcauto; /* CRC auto mode */
77
78#define CRC_MODE_NONE 0
79#define CRC_MODE_FLEX 1
80#define CRC_MODE_SMACK 2
81#define CRC_MODE_FLEX_TEST 3
82#define CRC_MODE_SMACK_TEST 4
83
84 atomic_t refcnt;
85 struct semaphore dead_sem;
86};
87
88/*---------------------------------------------------------------------------*/
89
90static const unsigned short crc_flex_table[] = {
91 0x0f87, 0x1e0e, 0x2c95, 0x3d1c, 0x49a3, 0x582a, 0x6ab1, 0x7b38,
92 0x83cf, 0x9246, 0xa0dd, 0xb154, 0xc5eb, 0xd462, 0xe6f9, 0xf770,
93 0x1f06, 0x0e8f, 0x3c14, 0x2d9d, 0x5922, 0x48ab, 0x7a30, 0x6bb9,
94 0x934e, 0x82c7, 0xb05c, 0xa1d5, 0xd56a, 0xc4e3, 0xf678, 0xe7f1,
95 0x2e85, 0x3f0c, 0x0d97, 0x1c1e, 0x68a1, 0x7928, 0x4bb3, 0x5a3a,
96 0xa2cd, 0xb344, 0x81df, 0x9056, 0xe4e9, 0xf560, 0xc7fb, 0xd672,
97 0x3e04, 0x2f8d, 0x1d16, 0x0c9f, 0x7820, 0x69a9, 0x5b32, 0x4abb,
98 0xb24c, 0xa3c5, 0x915e, 0x80d7, 0xf468, 0xe5e1, 0xd77a, 0xc6f3,
99 0x4d83, 0x5c0a, 0x6e91, 0x7f18, 0x0ba7, 0x1a2e, 0x28b5, 0x393c,
100 0xc1cb, 0xd042, 0xe2d9, 0xf350, 0x87ef, 0x9666, 0xa4fd, 0xb574,
101 0x5d02, 0x4c8b, 0x7e10, 0x6f99, 0x1b26, 0x0aaf, 0x3834, 0x29bd,
102 0xd14a, 0xc0c3, 0xf258, 0xe3d1, 0x976e, 0x86e7, 0xb47c, 0xa5f5,
103 0x6c81, 0x7d08, 0x4f93, 0x5e1a, 0x2aa5, 0x3b2c, 0x09b7, 0x183e,
104 0xe0c9, 0xf140, 0xc3db, 0xd252, 0xa6ed, 0xb764, 0x85ff, 0x9476,
105 0x7c00, 0x6d89, 0x5f12, 0x4e9b, 0x3a24, 0x2bad, 0x1936, 0x08bf,
106 0xf048, 0xe1c1, 0xd35a, 0xc2d3, 0xb66c, 0xa7e5, 0x957e, 0x84f7,
107 0x8b8f, 0x9a06, 0xa89d, 0xb914, 0xcdab, 0xdc22, 0xeeb9, 0xff30,
108 0x07c7, 0x164e, 0x24d5, 0x355c, 0x41e3, 0x506a, 0x62f1, 0x7378,
109 0x9b0e, 0x8a87, 0xb81c, 0xa995, 0xdd2a, 0xcca3, 0xfe38, 0xefb1,
110 0x1746, 0x06cf, 0x3454, 0x25dd, 0x5162, 0x40eb, 0x7270, 0x63f9,
111 0xaa8d, 0xbb04, 0x899f, 0x9816, 0xeca9, 0xfd20, 0xcfbb, 0xde32,
112 0x26c5, 0x374c, 0x05d7, 0x145e, 0x60e1, 0x7168, 0x43f3, 0x527a,
113 0xba0c, 0xab85, 0x991e, 0x8897, 0xfc28, 0xeda1, 0xdf3a, 0xceb3,
114 0x3644, 0x27cd, 0x1556, 0x04df, 0x7060, 0x61e9, 0x5372, 0x42fb,
115 0xc98b, 0xd802, 0xea99, 0xfb10, 0x8faf, 0x9e26, 0xacbd, 0xbd34,
116 0x45c3, 0x544a, 0x66d1, 0x7758, 0x03e7, 0x126e, 0x20f5, 0x317c,
117 0xd90a, 0xc883, 0xfa18, 0xeb91, 0x9f2e, 0x8ea7, 0xbc3c, 0xadb5,
118 0x5542, 0x44cb, 0x7650, 0x67d9, 0x1366, 0x02ef, 0x3074, 0x21fd,
119 0xe889, 0xf900, 0xcb9b, 0xda12, 0xaead, 0xbf24, 0x8dbf, 0x9c36,
120 0x64c1, 0x7548, 0x47d3, 0x565a, 0x22e5, 0x336c, 0x01f7, 0x107e,
121 0xf808, 0xe981, 0xdb1a, 0xca93, 0xbe2c, 0xafa5, 0x9d3e, 0x8cb7,
122 0x7440, 0x65c9, 0x5752, 0x46db, 0x3264, 0x23ed, 0x1176, 0x00ff
123};
124
125static unsigned short calc_crc_flex(unsigned char *cp, int size)
126{
127 unsigned short crc = 0xffff;
128
129 while (size--)
130 crc = (crc << 8) ^ crc_flex_table[((crc >> 8) ^ *cp++) & 0xff];
131
132 return crc;
133}
134
135static int check_crc_flex(unsigned char *cp, int size)
136{
137 unsigned short crc = 0xffff;
138
139 if (size < 3)
140 return -1;
141
142 while (size--)
143 crc = (crc << 8) ^ crc_flex_table[((crc >> 8) ^ *cp++) & 0xff];
144
145 if ((crc & 0xffff) != 0x7070)
146 return -1;
147
148 return 0;
149}
150
151static int check_crc_16(unsigned char *cp, int size)
152{
153 unsigned short crc = 0x0000;
154
155 if (size < 3)
156 return -1;
157
158 crc = crc16(0, cp, size);
159
160 if (crc != 0x0000)
161 return -1;
162
163 return 0;
164}
165
166/*
167 * Standard encapsulation
168 */
169
170static int kiss_esc(unsigned char *s, unsigned char *d, int len)
171{
172 unsigned char *ptr = d;
173 unsigned char c;
174
175 /*
176 * Send an initial END character to flush out any data that may have
177 * accumulated in the receiver due to line noise.
178 */
179
180 *ptr++ = END;
181
182 while (len-- > 0) {
183 switch (c = *s++) {
184 case END:
185 *ptr++ = ESC;
186 *ptr++ = ESC_END;
187 break;
188 case ESC:
189 *ptr++ = ESC;
190 *ptr++ = ESC_ESC;
191 break;
192 default:
193 *ptr++ = c;
194 break;
195 }
196 }
197
198 *ptr++ = END;
199
200 return ptr - d;
201}
202
203/*
204 * MW:
205 * OK its ugly, but tell me a better solution without copying the
206 * packet to a temporary buffer :-)
207 */
208static int kiss_esc_crc(unsigned char *s, unsigned char *d, unsigned short crc,
209 int len)
210{
211 unsigned char *ptr = d;
212 unsigned char c=0;
213
214 *ptr++ = END;
215 while (len > 0) {
216 if (len > 2)
217 c = *s++;
218 else if (len > 1)
219 c = crc >> 8;
220 else if (len > 0)
221 c = crc & 0xff;
222
223 len--;
224
225 switch (c) {
226 case END:
227 *ptr++ = ESC;
228 *ptr++ = ESC_END;
229 break;
230 case ESC:
231 *ptr++ = ESC;
232 *ptr++ = ESC_ESC;
233 break;
234 default:
235 *ptr++ = c;
236 break;
237 }
238 }
239 *ptr++ = END;
240
241 return ptr - d;
242}
243
244/* Send one completely decapsulated AX.25 packet to the AX.25 layer. */
245static void ax_bump(struct mkiss *ax)
246{
247 struct sk_buff *skb;
248 int count;
249
250 spin_lock_bh(&ax->buflock);
251 if (ax->rbuff[0] > 0x0f) {
252 if (ax->rbuff[0] & 0x80) {
253 if (check_crc_16(ax->rbuff, ax->rcount) < 0) {
254 ax->dev->stats.rx_errors++;
255 spin_unlock_bh(&ax->buflock);
256
257 return;
258 }
259 if (ax->crcmode != CRC_MODE_SMACK && ax->crcauto) {
260 printk(KERN_INFO
261 "mkiss: %s: Switching to crc-smack\n",
262 ax->dev->name);
263 ax->crcmode = CRC_MODE_SMACK;
264 }
265 ax->rcount -= 2;
266 *ax->rbuff &= ~0x80;
267 } else if (ax->rbuff[0] & 0x20) {
268 if (check_crc_flex(ax->rbuff, ax->rcount) < 0) {
269 ax->dev->stats.rx_errors++;
270 spin_unlock_bh(&ax->buflock);
271 return;
272 }
273 if (ax->crcmode != CRC_MODE_FLEX && ax->crcauto) {
274 printk(KERN_INFO
275 "mkiss: %s: Switching to crc-flexnet\n",
276 ax->dev->name);
277 ax->crcmode = CRC_MODE_FLEX;
278 }
279 ax->rcount -= 2;
280
281 /*
282 * dl9sau bugfix: the trailling two bytes flexnet crc
283 * will not be passed to the kernel. thus we have to
284 * correct the kissparm signature, because it indicates
285 * a crc but there's none
286 */
287 *ax->rbuff &= ~0x20;
288 }
289 }
290
291 count = ax->rcount;
292
293 if ((skb = dev_alloc_skb(count)) == NULL) {
294 printk(KERN_ERR "mkiss: %s: memory squeeze, dropping packet.\n",
295 ax->dev->name);
296 ax->dev->stats.rx_dropped++;
297 spin_unlock_bh(&ax->buflock);
298 return;
299 }
300
301 memcpy(skb_put(skb,count), ax->rbuff, count);
302 skb->protocol = ax25_type_trans(skb, ax->dev);
303 netif_rx(skb);
304 ax->dev->stats.rx_packets++;
305 ax->dev->stats.rx_bytes += count;
306 spin_unlock_bh(&ax->buflock);
307}
308
309static void kiss_unesc(struct mkiss *ax, unsigned char s)
310{
311 switch (s) {
312 case END:
313 /* drop keeptest bit = VSV */
314 if (test_bit(AXF_KEEPTEST, &ax->flags))
315 clear_bit(AXF_KEEPTEST, &ax->flags);
316
317 if (!test_and_clear_bit(AXF_ERROR, &ax->flags) && (ax->rcount > 2))
318 ax_bump(ax);
319
320 clear_bit(AXF_ESCAPE, &ax->flags);
321 ax->rcount = 0;
322 return;
323
324 case ESC:
325 set_bit(AXF_ESCAPE, &ax->flags);
326 return;
327 case ESC_ESC:
328 if (test_and_clear_bit(AXF_ESCAPE, &ax->flags))
329 s = ESC;
330 break;
331 case ESC_END:
332 if (test_and_clear_bit(AXF_ESCAPE, &ax->flags))
333 s = END;
334 break;
335 }
336
337 spin_lock_bh(&ax->buflock);
338 if (!test_bit(AXF_ERROR, &ax->flags)) {
339 if (ax->rcount < ax->buffsize) {
340 ax->rbuff[ax->rcount++] = s;
341 spin_unlock_bh(&ax->buflock);
342 return;
343 }
344
345 ax->dev->stats.rx_over_errors++;
346 set_bit(AXF_ERROR, &ax->flags);
347 }
348 spin_unlock_bh(&ax->buflock);
349}
350
351static int ax_set_mac_address(struct net_device *dev, void *addr)
352{
353 struct sockaddr_ax25 *sa = addr;
354
355 netif_tx_lock_bh(dev);
356 netif_addr_lock(dev);
357 memcpy(dev->dev_addr, &sa->sax25_call, AX25_ADDR_LEN);
358 netif_addr_unlock(dev);
359 netif_tx_unlock_bh(dev);
360
361 return 0;
362}
363
364/*---------------------------------------------------------------------------*/
365
366static void ax_changedmtu(struct mkiss *ax)
367{
368 struct net_device *dev = ax->dev;
369 unsigned char *xbuff, *rbuff, *oxbuff, *orbuff;
370 int len;
371
372 len = dev->mtu * 2;
373
374 /*
375 * allow for arrival of larger UDP packets, even if we say not to
376 * also fixes a bug in which SunOS sends 512-byte packets even with
377 * an MSS of 128
378 */
379 if (len < 576 * 2)
380 len = 576 * 2;
381
382 xbuff = kmalloc(len + 4, GFP_ATOMIC);
383 rbuff = kmalloc(len + 4, GFP_ATOMIC);
384
385 if (xbuff == NULL || rbuff == NULL) {
386 printk(KERN_ERR "mkiss: %s: unable to grow ax25 buffers, "
387 "MTU change cancelled.\n",
388 ax->dev->name);
389 dev->mtu = ax->mtu;
390 kfree(xbuff);
391 kfree(rbuff);
392 return;
393 }
394
395 spin_lock_bh(&ax->buflock);
396
397 oxbuff = ax->xbuff;
398 ax->xbuff = xbuff;
399 orbuff = ax->rbuff;
400 ax->rbuff = rbuff;
401
402 if (ax->xleft) {
403 if (ax->xleft <= len) {
404 memcpy(ax->xbuff, ax->xhead, ax->xleft);
405 } else {
406 ax->xleft = 0;
407 dev->stats.tx_dropped++;
408 }
409 }
410
411 ax->xhead = ax->xbuff;
412
413 if (ax->rcount) {
414 if (ax->rcount <= len) {
415 memcpy(ax->rbuff, orbuff, ax->rcount);
416 } else {
417 ax->rcount = 0;
418 dev->stats.rx_over_errors++;
419 set_bit(AXF_ERROR, &ax->flags);
420 }
421 }
422
423 ax->mtu = dev->mtu + 73;
424 ax->buffsize = len;
425
426 spin_unlock_bh(&ax->buflock);
427
428 kfree(oxbuff);
429 kfree(orbuff);
430}
431
432/* Encapsulate one AX.25 packet and stuff into a TTY queue. */
433static void ax_encaps(struct net_device *dev, unsigned char *icp, int len)
434{
435 struct mkiss *ax = netdev_priv(dev);
436 unsigned char *p;
437 int actual, count;
438
439 if (ax->mtu != ax->dev->mtu + 73) /* Someone has been ifconfigging */
440 ax_changedmtu(ax);
441
442 if (len > ax->mtu) { /* Sigh, shouldn't occur BUT ... */
443 len = ax->mtu;
444 printk(KERN_ERR "mkiss: %s: truncating oversized transmit packet!\n", ax->dev->name);
445 dev->stats.tx_dropped++;
446 netif_start_queue(dev);
447 return;
448 }
449
450 p = icp;
451
452 spin_lock_bh(&ax->buflock);
453 if ((*p & 0x0f) != 0) {
454 /* Configuration Command (kissparms(1).
455 * Protocol spec says: never append CRC.
456 * This fixes a very old bug in the linux
457 * kiss driver. -- dl9sau */
458 switch (*p & 0xff) {
459 case 0x85:
460 /* command from userspace especially for us,
461 * not for delivery to the tnc */
462 if (len > 1) {
463 int cmd = (p[1] & 0xff);
464 switch(cmd) {
465 case 3:
466 ax->crcmode = CRC_MODE_SMACK;
467 break;
468 case 2:
469 ax->crcmode = CRC_MODE_FLEX;
470 break;
471 case 1:
472 ax->crcmode = CRC_MODE_NONE;
473 break;
474 case 0:
475 default:
476 ax->crcmode = CRC_MODE_SMACK_TEST;
477 cmd = 0;
478 }
479 ax->crcauto = (cmd ? 0 : 1);
480 printk(KERN_INFO "mkiss: %s: crc mode %s %d\n", ax->dev->name, (len) ? "set to" : "is", cmd);
481 }
482 spin_unlock_bh(&ax->buflock);
483 netif_start_queue(dev);
484
485 return;
486 default:
487 count = kiss_esc(p, ax->xbuff, len);
488 }
489 } else {
490 unsigned short crc;
491 switch (ax->crcmode) {
492 case CRC_MODE_SMACK_TEST:
493 ax->crcmode = CRC_MODE_FLEX_TEST;
494 printk(KERN_INFO "mkiss: %s: Trying crc-smack\n", ax->dev->name);
495 // fall through
496 case CRC_MODE_SMACK:
497 *p |= 0x80;
498 crc = swab16(crc16(0, p, len));
499 count = kiss_esc_crc(p, ax->xbuff, crc, len+2);
500 break;
501 case CRC_MODE_FLEX_TEST:
502 ax->crcmode = CRC_MODE_NONE;
503 printk(KERN_INFO "mkiss: %s: Trying crc-flexnet\n", ax->dev->name);
504 // fall through
505 case CRC_MODE_FLEX:
506 *p |= 0x20;
507 crc = calc_crc_flex(p, len);
508 count = kiss_esc_crc(p, ax->xbuff, crc, len+2);
509 break;
510
511 default:
512 count = kiss_esc(p, ax->xbuff, len);
513 }
514 }
515 spin_unlock_bh(&ax->buflock);
516
517 set_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags);
518 actual = ax->tty->ops->write(ax->tty, ax->xbuff, count);
519 dev->stats.tx_packets++;
520 dev->stats.tx_bytes += actual;
521
522 ax->dev->trans_start = jiffies;
523 ax->xleft = count - actual;
524 ax->xhead = ax->xbuff + actual;
525}
526
527/* Encapsulate an AX.25 packet and kick it into a TTY queue. */
528static netdev_tx_t ax_xmit(struct sk_buff *skb, struct net_device *dev)
529{
530 struct mkiss *ax = netdev_priv(dev);
531
532 if (!netif_running(dev)) {
533 printk(KERN_ERR "mkiss: %s: xmit call when iface is down\n", dev->name);
534 return NETDEV_TX_BUSY;
535 }
536
537 if (netif_queue_stopped(dev)) {
538 /*
539 * May be we must check transmitter timeout here ?
540 * 14 Oct 1994 Dmitry Gorodchanin.
541 */
542 if (time_before(jiffies, dev->trans_start + 20 * HZ)) {
543 /* 20 sec timeout not reached */
544 return NETDEV_TX_BUSY;
545 }
546
547 printk(KERN_ERR "mkiss: %s: transmit timed out, %s?\n", dev->name,
548 (tty_chars_in_buffer(ax->tty) || ax->xleft) ?
549 "bad line quality" : "driver error");
550
551 ax->xleft = 0;
552 clear_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags);
553 netif_start_queue(dev);
554 }
555
556 /* We were not busy, so we are now... :-) */
557 if (skb != NULL) {
558 netif_stop_queue(dev);
559 ax_encaps(dev, skb->data, skb->len);
560 kfree_skb(skb);
561 }
562
563 return NETDEV_TX_OK;
564}
565
566static int ax_open_dev(struct net_device *dev)
567{
568 struct mkiss *ax = netdev_priv(dev);
569
570 if (ax->tty == NULL)
571 return -ENODEV;
572
573 return 0;
574}
575
576#if defined(CONFIG_AX25) || defined(CONFIG_AX25_MODULE)
577
578/* Return the frame type ID */
579static int ax_header(struct sk_buff *skb, struct net_device *dev,
580 unsigned short type, const void *daddr,
581 const void *saddr, unsigned len)
582{
583#ifdef CONFIG_INET
584 if (type != ETH_P_AX25)
585 return ax25_hard_header(skb, dev, type, daddr, saddr, len);
586#endif
587 return 0;
588}
589
590
591static int ax_rebuild_header(struct sk_buff *skb)
592{
593#ifdef CONFIG_INET
594 return ax25_rebuild_header(skb);
595#else
596 return 0;
597#endif
598}
599
600#endif /* CONFIG_{AX25,AX25_MODULE} */
601
602/* Open the low-level part of the AX25 channel. Easy! */
603static int ax_open(struct net_device *dev)
604{
605 struct mkiss *ax = netdev_priv(dev);
606 unsigned long len;
607
608 if (ax->tty == NULL)
609 return -ENODEV;
610
611 /*
612 * Allocate the frame buffers:
613 *
614 * rbuff Receive buffer.
615 * xbuff Transmit buffer.
616 */
617 len = dev->mtu * 2;
618
619 /*
620 * allow for arrival of larger UDP packets, even if we say not to
621 * also fixes a bug in which SunOS sends 512-byte packets even with
622 * an MSS of 128
623 */
624 if (len < 576 * 2)
625 len = 576 * 2;
626
627 if ((ax->rbuff = kmalloc(len + 4, GFP_KERNEL)) == NULL)
628 goto norbuff;
629
630 if ((ax->xbuff = kmalloc(len + 4, GFP_KERNEL)) == NULL)
631 goto noxbuff;
632
633 ax->mtu = dev->mtu + 73;
634 ax->buffsize = len;
635 ax->rcount = 0;
636 ax->xleft = 0;
637
638 ax->flags &= (1 << AXF_INUSE); /* Clear ESCAPE & ERROR flags */
639
640 spin_lock_init(&ax->buflock);
641
642 return 0;
643
644noxbuff:
645 kfree(ax->rbuff);
646
647norbuff:
648 return -ENOMEM;
649}
650
651
652/* Close the low-level part of the AX25 channel. Easy! */
653static int ax_close(struct net_device *dev)
654{
655 struct mkiss *ax = netdev_priv(dev);
656
657 if (ax->tty)
658 clear_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags);
659
660 netif_stop_queue(dev);
661
662 return 0;
663}
664
665static const struct header_ops ax_header_ops = {
666 .create = ax_header,
667 .rebuild = ax_rebuild_header,
668};
669
670static const struct net_device_ops ax_netdev_ops = {
671 .ndo_open = ax_open_dev,
672 .ndo_stop = ax_close,
673 .ndo_start_xmit = ax_xmit,
674 .ndo_set_mac_address = ax_set_mac_address,
675};
676
677static void ax_setup(struct net_device *dev)
678{
679 /* Finish setting up the DEVICE info. */
680 dev->mtu = AX_MTU;
681 dev->hard_header_len = 0;
682 dev->addr_len = 0;
683 dev->type = ARPHRD_AX25;
684 dev->tx_queue_len = 10;
685 dev->header_ops = &ax_header_ops;
686 dev->netdev_ops = &ax_netdev_ops;
687
688
689 memcpy(dev->broadcast, &ax25_bcast, AX25_ADDR_LEN);
690 memcpy(dev->dev_addr, &ax25_defaddr, AX25_ADDR_LEN);
691
692 dev->flags = IFF_BROADCAST | IFF_MULTICAST;
693}
694
695/*
696 * We have a potential race on dereferencing tty->disc_data, because the tty
697 * layer provides no locking at all - thus one cpu could be running
698 * sixpack_receive_buf while another calls sixpack_close, which zeroes
699 * tty->disc_data and frees the memory that sixpack_receive_buf is using. The
700 * best way to fix this is to use a rwlock in the tty struct, but for now we
701 * use a single global rwlock for all ttys in ppp line discipline.
702 */
703static DEFINE_RWLOCK(disc_data_lock);
704
705static struct mkiss *mkiss_get(struct tty_struct *tty)
706{
707 struct mkiss *ax;
708
709 read_lock(&disc_data_lock);
710 ax = tty->disc_data;
711 if (ax)
712 atomic_inc(&ax->refcnt);
713 read_unlock(&disc_data_lock);
714
715 return ax;
716}
717
718static void mkiss_put(struct mkiss *ax)
719{
720 if (atomic_dec_and_test(&ax->refcnt))
721 up(&ax->dead_sem);
722}
723
724static int crc_force = 0; /* Can be overridden with insmod */
725
726static int mkiss_open(struct tty_struct *tty)
727{
728 struct net_device *dev;
729 struct mkiss *ax;
730 int err;
731
732 if (!capable(CAP_NET_ADMIN))
733 return -EPERM;
734 if (tty->ops->write == NULL)
735 return -EOPNOTSUPP;
736
737 dev = alloc_netdev(sizeof(struct mkiss), "ax%d", ax_setup);
738 if (!dev) {
739 err = -ENOMEM;
740 goto out;
741 }
742
743 ax = netdev_priv(dev);
744 ax->dev = dev;
745
746 spin_lock_init(&ax->buflock);
747 atomic_set(&ax->refcnt, 1);
748 sema_init(&ax->dead_sem, 0);
749
750 ax->tty = tty;
751 tty->disc_data = ax;
752 tty->receive_room = 65535;
753
754 tty_driver_flush_buffer(tty);
755
756 /* Restore default settings */
757 dev->type = ARPHRD_AX25;
758
759 /* Perform the low-level AX25 initialization. */
760 if ((err = ax_open(ax->dev))) {
761 goto out_free_netdev;
762 }
763
764 if (register_netdev(dev))
765 goto out_free_buffers;
766
767 /* after register_netdev() - because else printk smashes the kernel */
768 switch (crc_force) {
769 case 3:
770 ax->crcmode = CRC_MODE_SMACK;
771 printk(KERN_INFO "mkiss: %s: crc mode smack forced.\n",
772 ax->dev->name);
773 break;
774 case 2:
775 ax->crcmode = CRC_MODE_FLEX;
776 printk(KERN_INFO "mkiss: %s: crc mode flexnet forced.\n",
777 ax->dev->name);
778 break;
779 case 1:
780 ax->crcmode = CRC_MODE_NONE;
781 printk(KERN_INFO "mkiss: %s: crc mode disabled.\n",
782 ax->dev->name);
783 break;
784 case 0:
785 /* fall through */
786 default:
787 crc_force = 0;
788 printk(KERN_INFO "mkiss: %s: crc mode is auto.\n",
789 ax->dev->name);
790 ax->crcmode = CRC_MODE_SMACK_TEST;
791 }
792 ax->crcauto = (crc_force ? 0 : 1);
793
794 netif_start_queue(dev);
795
796 /* Done. We have linked the TTY line to a channel. */
797 return 0;
798
799out_free_buffers:
800 kfree(ax->rbuff);
801 kfree(ax->xbuff);
802
803out_free_netdev:
804 free_netdev(dev);
805
806out:
807 return err;
808}
809
810static void mkiss_close(struct tty_struct *tty)
811{
812 struct mkiss *ax;
813
814 write_lock_bh(&disc_data_lock);
815 ax = tty->disc_data;
816 tty->disc_data = NULL;
817 write_unlock_bh(&disc_data_lock);
818
819 if (!ax)
820 return;
821
822 /*
823 * We have now ensured that nobody can start using ap from now on, but
824 * we have to wait for all existing users to finish.
825 */
826 if (!atomic_dec_and_test(&ax->refcnt))
827 down(&ax->dead_sem);
828
829 unregister_netdev(ax->dev);
830
831 /* Free all AX25 frame buffers. */
832 kfree(ax->rbuff);
833 kfree(ax->xbuff);
834
835 ax->tty = NULL;
836}
837
838/* Perform I/O control on an active ax25 channel. */
839static int mkiss_ioctl(struct tty_struct *tty, struct file *file,
840 unsigned int cmd, unsigned long arg)
841{
842 struct mkiss *ax = mkiss_get(tty);
843 struct net_device *dev;
844 unsigned int tmp, err;
845
846 /* First make sure we're connected. */
847 if (ax == NULL)
848 return -ENXIO;
849 dev = ax->dev;
850
851 switch (cmd) {
852 case SIOCGIFNAME:
853 err = copy_to_user((void __user *) arg, ax->dev->name,
854 strlen(ax->dev->name) + 1) ? -EFAULT : 0;
855 break;
856
857 case SIOCGIFENCAP:
858 err = put_user(4, (int __user *) arg);
859 break;
860
861 case SIOCSIFENCAP:
862 if (get_user(tmp, (int __user *) arg)) {
863 err = -EFAULT;
864 break;
865 }
866
867 ax->mode = tmp;
868 dev->addr_len = AX25_ADDR_LEN;
869 dev->hard_header_len = AX25_KISS_HEADER_LEN +
870 AX25_MAX_HEADER_LEN + 3;
871 dev->type = ARPHRD_AX25;
872
873 err = 0;
874 break;
875
876 case SIOCSIFHWADDR: {
877 char addr[AX25_ADDR_LEN];
878
879 if (copy_from_user(&addr,
880 (void __user *) arg, AX25_ADDR_LEN)) {
881 err = -EFAULT;
882 break;
883 }
884
885 netif_tx_lock_bh(dev);
886 memcpy(dev->dev_addr, addr, AX25_ADDR_LEN);
887 netif_tx_unlock_bh(dev);
888
889 err = 0;
890 break;
891 }
892 default:
893 err = -ENOIOCTLCMD;
894 }
895
896 mkiss_put(ax);
897
898 return err;
899}
900
901#ifdef CONFIG_COMPAT
902static long mkiss_compat_ioctl(struct tty_struct *tty, struct file *file,
903 unsigned int cmd, unsigned long arg)
904{
905 switch (cmd) {
906 case SIOCGIFNAME:
907 case SIOCGIFENCAP:
908 case SIOCSIFENCAP:
909 case SIOCSIFHWADDR:
910 return mkiss_ioctl(tty, file, cmd,
911 (unsigned long)compat_ptr(arg));
912 }
913
914 return -ENOIOCTLCMD;
915}
916#endif
917
918/*
919 * Handle the 'receiver data ready' interrupt.
920 * This function is called by the 'tty_io' module in the kernel when
921 * a block of data has been received, which can now be decapsulated
922 * and sent on to the AX.25 layer for further processing.
923 */
924static void mkiss_receive_buf(struct tty_struct *tty, const unsigned char *cp,
925 char *fp, int count)
926{
927 struct mkiss *ax = mkiss_get(tty);
928
929 if (!ax)
930 return;
931
932 /*
933 * Argh! mtu change time! - costs us the packet part received
934 * at the change
935 */
936 if (ax->mtu != ax->dev->mtu + 73)
937 ax_changedmtu(ax);
938
939 /* Read the characters out of the buffer */
940 while (count--) {
941 if (fp != NULL && *fp++) {
942 if (!test_and_set_bit(AXF_ERROR, &ax->flags))
943 ax->dev->stats.rx_errors++;
944 cp++;
945 continue;
946 }
947
948 kiss_unesc(ax, *cp++);
949 }
950
951 mkiss_put(ax);
952 tty_unthrottle(tty);
953}
954
955/*
956 * Called by the driver when there's room for more data. If we have
957 * more packets to send, we send them here.
958 */
959static void mkiss_write_wakeup(struct tty_struct *tty)
960{
961 struct mkiss *ax = mkiss_get(tty);
962 int actual;
963
964 if (!ax)
965 return;
966
967 if (ax->xleft <= 0) {
968 /* Now serial buffer is almost free & we can start
969 * transmission of another packet
970 */
971 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
972
973 netif_wake_queue(ax->dev);
974 goto out;
975 }
976
977 actual = tty->ops->write(tty, ax->xhead, ax->xleft);
978 ax->xleft -= actual;
979 ax->xhead += actual;
980
981out:
982 mkiss_put(ax);
983}
984
985static struct tty_ldisc_ops ax_ldisc = {
986 .owner = THIS_MODULE,
987 .magic = TTY_LDISC_MAGIC,
988 .name = "mkiss",
989 .open = mkiss_open,
990 .close = mkiss_close,
991 .ioctl = mkiss_ioctl,
992#ifdef CONFIG_COMPAT
993 .compat_ioctl = mkiss_compat_ioctl,
994#endif
995 .receive_buf = mkiss_receive_buf,
996 .write_wakeup = mkiss_write_wakeup
997};
998
999static const char banner[] __initconst = KERN_INFO \
1000 "mkiss: AX.25 Multikiss, Hans Albas PE1AYX\n";
1001static const char msg_regfail[] __initconst = KERN_ERR \
1002 "mkiss: can't register line discipline (err = %d)\n";
1003
1004static int __init mkiss_init_driver(void)
1005{
1006 int status;
1007
1008 printk(banner);
1009
1010 status = tty_register_ldisc(N_AX25, &ax_ldisc);
1011 if (status != 0)
1012 printk(msg_regfail, status);
1013
1014 return status;
1015}
1016
1017static const char msg_unregfail[] = KERN_ERR \
1018 "mkiss: can't unregister line discipline (err = %d)\n";
1019
1020static void __exit mkiss_exit_driver(void)
1021{
1022 int ret;
1023
1024 if ((ret = tty_unregister_ldisc(N_AX25)))
1025 printk(msg_unregfail, ret);
1026}
1027
1028MODULE_AUTHOR("Ralf Baechle DL5RB <ralf@linux-mips.org>");
1029MODULE_DESCRIPTION("KISS driver for AX.25 over TTYs");
1030module_param(crc_force, int, 0);
1031MODULE_PARM_DESC(crc_force, "crc [0 = auto | 1 = none | 2 = flexnet | 3 = smack]");
1032MODULE_LICENSE("GPL");
1033MODULE_ALIAS_LDISC(N_AX25);
1034
1035module_init(mkiss_init_driver);
1036module_exit(mkiss_exit_driver);