Loading...
1// SPDX-License-Identifier: GPL-2.0-only
2/*
3 *
4 * Copyright (C) Hans Alblas PE1AYX <hans@esrac.ele.tue.nl>
5 * Copyright (C) 2004, 05 Ralf Baechle DL5RB <ralf@linux-mips.org>
6 * Copyright (C) 2004, 05 Thomas Osterried DL9SAU <thomas@x-berg.in-berlin.de>
7 */
8#include <linux/module.h>
9#include <linux/bitops.h>
10#include <linux/uaccess.h>
11#include <linux/crc16.h>
12#include <linux/string.h>
13#include <linux/mm.h>
14#include <linux/interrupt.h>
15#include <linux/in.h>
16#include <linux/inet.h>
17#include <linux/slab.h>
18#include <linux/tty.h>
19#include <linux/errno.h>
20#include <linux/netdevice.h>
21#include <linux/major.h>
22#include <linux/init.h>
23#include <linux/rtnetlink.h>
24#include <linux/etherdevice.h>
25#include <linux/skbuff.h>
26#include <linux/if_arp.h>
27#include <linux/jiffies.h>
28#include <linux/refcount.h>
29
30#include <net/ax25.h>
31
32#define AX_MTU 236
33
34/* SLIP/KISS protocol characters. */
35#define END 0300 /* indicates end of frame */
36#define ESC 0333 /* indicates byte stuffing */
37#define ESC_END 0334 /* ESC ESC_END means END 'data' */
38#define ESC_ESC 0335 /* ESC ESC_ESC means ESC 'data' */
39
40struct mkiss {
41 struct tty_struct *tty; /* ptr to TTY structure */
42 struct net_device *dev; /* easy for intr handling */
43
44 /* These are pointers to the malloc()ed frame buffers. */
45 spinlock_t buflock;/* lock for rbuf and xbuf */
46 unsigned char *rbuff; /* receiver buffer */
47 int rcount; /* received chars counter */
48 unsigned char *xbuff; /* transmitter buffer */
49 unsigned char *xhead; /* pointer to next byte to XMIT */
50 int xleft; /* bytes left in XMIT queue */
51
52 /* Detailed SLIP statistics. */
53 int mtu; /* Our mtu (to spot changes!) */
54 int buffsize; /* Max buffers sizes */
55
56 unsigned long flags; /* Flag values/ mode etc */
57 /* long req'd: used by set_bit --RR */
58#define AXF_INUSE 0 /* Channel in use */
59#define AXF_ESCAPE 1 /* ESC received */
60#define AXF_ERROR 2 /* Parity, etc. error */
61#define AXF_KEEPTEST 3 /* Keepalive test flag */
62#define AXF_OUTWAIT 4 /* is outpacket was flag */
63
64 int mode;
65 int crcmode; /* MW: for FlexNet, SMACK etc. */
66 int crcauto; /* CRC auto mode */
67
68#define CRC_MODE_NONE 0
69#define CRC_MODE_FLEX 1
70#define CRC_MODE_SMACK 2
71#define CRC_MODE_FLEX_TEST 3
72#define CRC_MODE_SMACK_TEST 4
73
74 refcount_t refcnt;
75 struct completion dead;
76};
77
78/*---------------------------------------------------------------------------*/
79
80static const unsigned short crc_flex_table[] = {
81 0x0f87, 0x1e0e, 0x2c95, 0x3d1c, 0x49a3, 0x582a, 0x6ab1, 0x7b38,
82 0x83cf, 0x9246, 0xa0dd, 0xb154, 0xc5eb, 0xd462, 0xe6f9, 0xf770,
83 0x1f06, 0x0e8f, 0x3c14, 0x2d9d, 0x5922, 0x48ab, 0x7a30, 0x6bb9,
84 0x934e, 0x82c7, 0xb05c, 0xa1d5, 0xd56a, 0xc4e3, 0xf678, 0xe7f1,
85 0x2e85, 0x3f0c, 0x0d97, 0x1c1e, 0x68a1, 0x7928, 0x4bb3, 0x5a3a,
86 0xa2cd, 0xb344, 0x81df, 0x9056, 0xe4e9, 0xf560, 0xc7fb, 0xd672,
87 0x3e04, 0x2f8d, 0x1d16, 0x0c9f, 0x7820, 0x69a9, 0x5b32, 0x4abb,
88 0xb24c, 0xa3c5, 0x915e, 0x80d7, 0xf468, 0xe5e1, 0xd77a, 0xc6f3,
89 0x4d83, 0x5c0a, 0x6e91, 0x7f18, 0x0ba7, 0x1a2e, 0x28b5, 0x393c,
90 0xc1cb, 0xd042, 0xe2d9, 0xf350, 0x87ef, 0x9666, 0xa4fd, 0xb574,
91 0x5d02, 0x4c8b, 0x7e10, 0x6f99, 0x1b26, 0x0aaf, 0x3834, 0x29bd,
92 0xd14a, 0xc0c3, 0xf258, 0xe3d1, 0x976e, 0x86e7, 0xb47c, 0xa5f5,
93 0x6c81, 0x7d08, 0x4f93, 0x5e1a, 0x2aa5, 0x3b2c, 0x09b7, 0x183e,
94 0xe0c9, 0xf140, 0xc3db, 0xd252, 0xa6ed, 0xb764, 0x85ff, 0x9476,
95 0x7c00, 0x6d89, 0x5f12, 0x4e9b, 0x3a24, 0x2bad, 0x1936, 0x08bf,
96 0xf048, 0xe1c1, 0xd35a, 0xc2d3, 0xb66c, 0xa7e5, 0x957e, 0x84f7,
97 0x8b8f, 0x9a06, 0xa89d, 0xb914, 0xcdab, 0xdc22, 0xeeb9, 0xff30,
98 0x07c7, 0x164e, 0x24d5, 0x355c, 0x41e3, 0x506a, 0x62f1, 0x7378,
99 0x9b0e, 0x8a87, 0xb81c, 0xa995, 0xdd2a, 0xcca3, 0xfe38, 0xefb1,
100 0x1746, 0x06cf, 0x3454, 0x25dd, 0x5162, 0x40eb, 0x7270, 0x63f9,
101 0xaa8d, 0xbb04, 0x899f, 0x9816, 0xeca9, 0xfd20, 0xcfbb, 0xde32,
102 0x26c5, 0x374c, 0x05d7, 0x145e, 0x60e1, 0x7168, 0x43f3, 0x527a,
103 0xba0c, 0xab85, 0x991e, 0x8897, 0xfc28, 0xeda1, 0xdf3a, 0xceb3,
104 0x3644, 0x27cd, 0x1556, 0x04df, 0x7060, 0x61e9, 0x5372, 0x42fb,
105 0xc98b, 0xd802, 0xea99, 0xfb10, 0x8faf, 0x9e26, 0xacbd, 0xbd34,
106 0x45c3, 0x544a, 0x66d1, 0x7758, 0x03e7, 0x126e, 0x20f5, 0x317c,
107 0xd90a, 0xc883, 0xfa18, 0xeb91, 0x9f2e, 0x8ea7, 0xbc3c, 0xadb5,
108 0x5542, 0x44cb, 0x7650, 0x67d9, 0x1366, 0x02ef, 0x3074, 0x21fd,
109 0xe889, 0xf900, 0xcb9b, 0xda12, 0xaead, 0xbf24, 0x8dbf, 0x9c36,
110 0x64c1, 0x7548, 0x47d3, 0x565a, 0x22e5, 0x336c, 0x01f7, 0x107e,
111 0xf808, 0xe981, 0xdb1a, 0xca93, 0xbe2c, 0xafa5, 0x9d3e, 0x8cb7,
112 0x7440, 0x65c9, 0x5752, 0x46db, 0x3264, 0x23ed, 0x1176, 0x00ff
113};
114
115static unsigned short calc_crc_flex(unsigned char *cp, int size)
116{
117 unsigned short crc = 0xffff;
118
119 while (size--)
120 crc = (crc << 8) ^ crc_flex_table[((crc >> 8) ^ *cp++) & 0xff];
121
122 return crc;
123}
124
125static int check_crc_flex(unsigned char *cp, int size)
126{
127 unsigned short crc = 0xffff;
128
129 if (size < 3)
130 return -1;
131
132 while (size--)
133 crc = (crc << 8) ^ crc_flex_table[((crc >> 8) ^ *cp++) & 0xff];
134
135 if ((crc & 0xffff) != 0x7070)
136 return -1;
137
138 return 0;
139}
140
141static int check_crc_16(unsigned char *cp, int size)
142{
143 unsigned short crc = 0x0000;
144
145 if (size < 3)
146 return -1;
147
148 crc = crc16(0, cp, size);
149
150 if (crc != 0x0000)
151 return -1;
152
153 return 0;
154}
155
156/*
157 * Standard encapsulation
158 */
159
160static int kiss_esc(unsigned char *s, unsigned char *d, int len)
161{
162 unsigned char *ptr = d;
163 unsigned char c;
164
165 /*
166 * Send an initial END character to flush out any data that may have
167 * accumulated in the receiver due to line noise.
168 */
169
170 *ptr++ = END;
171
172 while (len-- > 0) {
173 switch (c = *s++) {
174 case END:
175 *ptr++ = ESC;
176 *ptr++ = ESC_END;
177 break;
178 case ESC:
179 *ptr++ = ESC;
180 *ptr++ = ESC_ESC;
181 break;
182 default:
183 *ptr++ = c;
184 break;
185 }
186 }
187
188 *ptr++ = END;
189
190 return ptr - d;
191}
192
193/*
194 * MW:
195 * OK its ugly, but tell me a better solution without copying the
196 * packet to a temporary buffer :-)
197 */
198static int kiss_esc_crc(unsigned char *s, unsigned char *d, unsigned short crc,
199 int len)
200{
201 unsigned char *ptr = d;
202 unsigned char c=0;
203
204 *ptr++ = END;
205 while (len > 0) {
206 if (len > 2)
207 c = *s++;
208 else if (len > 1)
209 c = crc >> 8;
210 else
211 c = crc & 0xff;
212
213 len--;
214
215 switch (c) {
216 case END:
217 *ptr++ = ESC;
218 *ptr++ = ESC_END;
219 break;
220 case ESC:
221 *ptr++ = ESC;
222 *ptr++ = ESC_ESC;
223 break;
224 default:
225 *ptr++ = c;
226 break;
227 }
228 }
229 *ptr++ = END;
230
231 return ptr - d;
232}
233
234/* Send one completely decapsulated AX.25 packet to the AX.25 layer. */
235static void ax_bump(struct mkiss *ax)
236{
237 struct sk_buff *skb;
238 int count;
239
240 spin_lock_bh(&ax->buflock);
241 if (ax->rbuff[0] > 0x0f) {
242 if (ax->rbuff[0] & 0x80) {
243 if (check_crc_16(ax->rbuff, ax->rcount) < 0) {
244 ax->dev->stats.rx_errors++;
245 spin_unlock_bh(&ax->buflock);
246
247 return;
248 }
249 if (ax->crcmode != CRC_MODE_SMACK && ax->crcauto) {
250 printk(KERN_INFO
251 "mkiss: %s: Switching to crc-smack\n",
252 ax->dev->name);
253 ax->crcmode = CRC_MODE_SMACK;
254 }
255 ax->rcount -= 2;
256 *ax->rbuff &= ~0x80;
257 } else if (ax->rbuff[0] & 0x20) {
258 if (check_crc_flex(ax->rbuff, ax->rcount) < 0) {
259 ax->dev->stats.rx_errors++;
260 spin_unlock_bh(&ax->buflock);
261 return;
262 }
263 if (ax->crcmode != CRC_MODE_FLEX && ax->crcauto) {
264 printk(KERN_INFO
265 "mkiss: %s: Switching to crc-flexnet\n",
266 ax->dev->name);
267 ax->crcmode = CRC_MODE_FLEX;
268 }
269 ax->rcount -= 2;
270
271 /*
272 * dl9sau bugfix: the trailling two bytes flexnet crc
273 * will not be passed to the kernel. thus we have to
274 * correct the kissparm signature, because it indicates
275 * a crc but there's none
276 */
277 *ax->rbuff &= ~0x20;
278 }
279 }
280
281 count = ax->rcount;
282
283 if ((skb = dev_alloc_skb(count)) == NULL) {
284 printk(KERN_ERR "mkiss: %s: memory squeeze, dropping packet.\n",
285 ax->dev->name);
286 ax->dev->stats.rx_dropped++;
287 spin_unlock_bh(&ax->buflock);
288 return;
289 }
290
291 skb_put_data(skb, ax->rbuff, count);
292 skb->protocol = ax25_type_trans(skb, ax->dev);
293 netif_rx(skb);
294 ax->dev->stats.rx_packets++;
295 ax->dev->stats.rx_bytes += count;
296 spin_unlock_bh(&ax->buflock);
297}
298
299static void kiss_unesc(struct mkiss *ax, unsigned char s)
300{
301 switch (s) {
302 case END:
303 /* drop keeptest bit = VSV */
304 if (test_bit(AXF_KEEPTEST, &ax->flags))
305 clear_bit(AXF_KEEPTEST, &ax->flags);
306
307 if (!test_and_clear_bit(AXF_ERROR, &ax->flags) && (ax->rcount > 2))
308 ax_bump(ax);
309
310 clear_bit(AXF_ESCAPE, &ax->flags);
311 ax->rcount = 0;
312 return;
313
314 case ESC:
315 set_bit(AXF_ESCAPE, &ax->flags);
316 return;
317 case ESC_ESC:
318 if (test_and_clear_bit(AXF_ESCAPE, &ax->flags))
319 s = ESC;
320 break;
321 case ESC_END:
322 if (test_and_clear_bit(AXF_ESCAPE, &ax->flags))
323 s = END;
324 break;
325 }
326
327 spin_lock_bh(&ax->buflock);
328 if (!test_bit(AXF_ERROR, &ax->flags)) {
329 if (ax->rcount < ax->buffsize) {
330 ax->rbuff[ax->rcount++] = s;
331 spin_unlock_bh(&ax->buflock);
332 return;
333 }
334
335 ax->dev->stats.rx_over_errors++;
336 set_bit(AXF_ERROR, &ax->flags);
337 }
338 spin_unlock_bh(&ax->buflock);
339}
340
341static int ax_set_mac_address(struct net_device *dev, void *addr)
342{
343 struct sockaddr_ax25 *sa = addr;
344
345 netif_tx_lock_bh(dev);
346 netif_addr_lock(dev);
347 memcpy(dev->dev_addr, &sa->sax25_call, AX25_ADDR_LEN);
348 netif_addr_unlock(dev);
349 netif_tx_unlock_bh(dev);
350
351 return 0;
352}
353
354/*---------------------------------------------------------------------------*/
355
356static void ax_changedmtu(struct mkiss *ax)
357{
358 struct net_device *dev = ax->dev;
359 unsigned char *xbuff, *rbuff, *oxbuff, *orbuff;
360 int len;
361
362 len = dev->mtu * 2;
363
364 /*
365 * allow for arrival of larger UDP packets, even if we say not to
366 * also fixes a bug in which SunOS sends 512-byte packets even with
367 * an MSS of 128
368 */
369 if (len < 576 * 2)
370 len = 576 * 2;
371
372 xbuff = kmalloc(len + 4, GFP_ATOMIC);
373 rbuff = kmalloc(len + 4, GFP_ATOMIC);
374
375 if (xbuff == NULL || rbuff == NULL) {
376 printk(KERN_ERR "mkiss: %s: unable to grow ax25 buffers, "
377 "MTU change cancelled.\n",
378 ax->dev->name);
379 dev->mtu = ax->mtu;
380 kfree(xbuff);
381 kfree(rbuff);
382 return;
383 }
384
385 spin_lock_bh(&ax->buflock);
386
387 oxbuff = ax->xbuff;
388 ax->xbuff = xbuff;
389 orbuff = ax->rbuff;
390 ax->rbuff = rbuff;
391
392 if (ax->xleft) {
393 if (ax->xleft <= len) {
394 memcpy(ax->xbuff, ax->xhead, ax->xleft);
395 } else {
396 ax->xleft = 0;
397 dev->stats.tx_dropped++;
398 }
399 }
400
401 ax->xhead = ax->xbuff;
402
403 if (ax->rcount) {
404 if (ax->rcount <= len) {
405 memcpy(ax->rbuff, orbuff, ax->rcount);
406 } else {
407 ax->rcount = 0;
408 dev->stats.rx_over_errors++;
409 set_bit(AXF_ERROR, &ax->flags);
410 }
411 }
412
413 ax->mtu = dev->mtu + 73;
414 ax->buffsize = len;
415
416 spin_unlock_bh(&ax->buflock);
417
418 kfree(oxbuff);
419 kfree(orbuff);
420}
421
422/* Encapsulate one AX.25 packet and stuff into a TTY queue. */
423static void ax_encaps(struct net_device *dev, unsigned char *icp, int len)
424{
425 struct mkiss *ax = netdev_priv(dev);
426 unsigned char *p;
427 int actual, count;
428
429 if (ax->mtu != ax->dev->mtu + 73) /* Someone has been ifconfigging */
430 ax_changedmtu(ax);
431
432 if (len > ax->mtu) { /* Sigh, shouldn't occur BUT ... */
433 printk(KERN_ERR "mkiss: %s: truncating oversized transmit packet!\n", ax->dev->name);
434 dev->stats.tx_dropped++;
435 netif_start_queue(dev);
436 return;
437 }
438
439 p = icp;
440
441 spin_lock_bh(&ax->buflock);
442 if ((*p & 0x0f) != 0) {
443 /* Configuration Command (kissparms(1).
444 * Protocol spec says: never append CRC.
445 * This fixes a very old bug in the linux
446 * kiss driver. -- dl9sau */
447 switch (*p & 0xff) {
448 case 0x85:
449 /* command from userspace especially for us,
450 * not for delivery to the tnc */
451 if (len > 1) {
452 int cmd = (p[1] & 0xff);
453 switch(cmd) {
454 case 3:
455 ax->crcmode = CRC_MODE_SMACK;
456 break;
457 case 2:
458 ax->crcmode = CRC_MODE_FLEX;
459 break;
460 case 1:
461 ax->crcmode = CRC_MODE_NONE;
462 break;
463 case 0:
464 default:
465 ax->crcmode = CRC_MODE_SMACK_TEST;
466 cmd = 0;
467 }
468 ax->crcauto = (cmd ? 0 : 1);
469 printk(KERN_INFO "mkiss: %s: crc mode set to %d\n",
470 ax->dev->name, cmd);
471 }
472 spin_unlock_bh(&ax->buflock);
473 netif_start_queue(dev);
474
475 return;
476 default:
477 count = kiss_esc(p, ax->xbuff, len);
478 }
479 } else {
480 unsigned short crc;
481 switch (ax->crcmode) {
482 case CRC_MODE_SMACK_TEST:
483 ax->crcmode = CRC_MODE_FLEX_TEST;
484 printk(KERN_INFO "mkiss: %s: Trying crc-smack\n", ax->dev->name);
485 fallthrough;
486 case CRC_MODE_SMACK:
487 *p |= 0x80;
488 crc = swab16(crc16(0, p, len));
489 count = kiss_esc_crc(p, ax->xbuff, crc, len+2);
490 break;
491 case CRC_MODE_FLEX_TEST:
492 ax->crcmode = CRC_MODE_NONE;
493 printk(KERN_INFO "mkiss: %s: Trying crc-flexnet\n", ax->dev->name);
494 fallthrough;
495 case CRC_MODE_FLEX:
496 *p |= 0x20;
497 crc = calc_crc_flex(p, len);
498 count = kiss_esc_crc(p, ax->xbuff, crc, len+2);
499 break;
500
501 default:
502 count = kiss_esc(p, ax->xbuff, len);
503 }
504 }
505 spin_unlock_bh(&ax->buflock);
506
507 set_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags);
508 actual = ax->tty->ops->write(ax->tty, ax->xbuff, count);
509 dev->stats.tx_packets++;
510 dev->stats.tx_bytes += actual;
511
512 netif_trans_update(ax->dev);
513 ax->xleft = count - actual;
514 ax->xhead = ax->xbuff + actual;
515}
516
517/* Encapsulate an AX.25 packet and kick it into a TTY queue. */
518static netdev_tx_t ax_xmit(struct sk_buff *skb, struct net_device *dev)
519{
520 struct mkiss *ax = netdev_priv(dev);
521
522 if (skb->protocol == htons(ETH_P_IP))
523 return ax25_ip_xmit(skb);
524
525 if (!netif_running(dev)) {
526 printk(KERN_ERR "mkiss: %s: xmit call when iface is down\n", dev->name);
527 return NETDEV_TX_BUSY;
528 }
529
530 if (netif_queue_stopped(dev)) {
531 /*
532 * May be we must check transmitter timeout here ?
533 * 14 Oct 1994 Dmitry Gorodchanin.
534 */
535 if (time_before(jiffies, dev_trans_start(dev) + 20 * HZ)) {
536 /* 20 sec timeout not reached */
537 return NETDEV_TX_BUSY;
538 }
539
540 printk(KERN_ERR "mkiss: %s: transmit timed out, %s?\n", dev->name,
541 (tty_chars_in_buffer(ax->tty) || ax->xleft) ?
542 "bad line quality" : "driver error");
543
544 ax->xleft = 0;
545 clear_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags);
546 netif_start_queue(dev);
547 }
548
549 /* We were not busy, so we are now... :-) */
550 netif_stop_queue(dev);
551 ax_encaps(dev, skb->data, skb->len);
552 kfree_skb(skb);
553
554 return NETDEV_TX_OK;
555}
556
557static int ax_open_dev(struct net_device *dev)
558{
559 struct mkiss *ax = netdev_priv(dev);
560
561 if (ax->tty == NULL)
562 return -ENODEV;
563
564 return 0;
565}
566
567/* Open the low-level part of the AX25 channel. Easy! */
568static int ax_open(struct net_device *dev)
569{
570 struct mkiss *ax = netdev_priv(dev);
571 unsigned long len;
572
573 if (ax->tty == NULL)
574 return -ENODEV;
575
576 /*
577 * Allocate the frame buffers:
578 *
579 * rbuff Receive buffer.
580 * xbuff Transmit buffer.
581 */
582 len = dev->mtu * 2;
583
584 /*
585 * allow for arrival of larger UDP packets, even if we say not to
586 * also fixes a bug in which SunOS sends 512-byte packets even with
587 * an MSS of 128
588 */
589 if (len < 576 * 2)
590 len = 576 * 2;
591
592 if ((ax->rbuff = kmalloc(len + 4, GFP_KERNEL)) == NULL)
593 goto norbuff;
594
595 if ((ax->xbuff = kmalloc(len + 4, GFP_KERNEL)) == NULL)
596 goto noxbuff;
597
598 ax->mtu = dev->mtu + 73;
599 ax->buffsize = len;
600 ax->rcount = 0;
601 ax->xleft = 0;
602
603 ax->flags &= (1 << AXF_INUSE); /* Clear ESCAPE & ERROR flags */
604
605 spin_lock_init(&ax->buflock);
606
607 return 0;
608
609noxbuff:
610 kfree(ax->rbuff);
611
612norbuff:
613 return -ENOMEM;
614}
615
616
617/* Close the low-level part of the AX25 channel. Easy! */
618static int ax_close(struct net_device *dev)
619{
620 struct mkiss *ax = netdev_priv(dev);
621
622 if (ax->tty)
623 clear_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags);
624
625 netif_stop_queue(dev);
626
627 return 0;
628}
629
630static const struct net_device_ops ax_netdev_ops = {
631 .ndo_open = ax_open_dev,
632 .ndo_stop = ax_close,
633 .ndo_start_xmit = ax_xmit,
634 .ndo_set_mac_address = ax_set_mac_address,
635};
636
637static void ax_setup(struct net_device *dev)
638{
639 /* Finish setting up the DEVICE info. */
640 dev->mtu = AX_MTU;
641 dev->hard_header_len = AX25_MAX_HEADER_LEN;
642 dev->addr_len = AX25_ADDR_LEN;
643 dev->type = ARPHRD_AX25;
644 dev->tx_queue_len = 10;
645 dev->header_ops = &ax25_header_ops;
646 dev->netdev_ops = &ax_netdev_ops;
647
648
649 memcpy(dev->broadcast, &ax25_bcast, AX25_ADDR_LEN);
650 memcpy(dev->dev_addr, &ax25_defaddr, AX25_ADDR_LEN);
651
652 dev->flags = IFF_BROADCAST | IFF_MULTICAST;
653}
654
655/*
656 * We have a potential race on dereferencing tty->disc_data, because the tty
657 * layer provides no locking at all - thus one cpu could be running
658 * sixpack_receive_buf while another calls sixpack_close, which zeroes
659 * tty->disc_data and frees the memory that sixpack_receive_buf is using. The
660 * best way to fix this is to use a rwlock in the tty struct, but for now we
661 * use a single global rwlock for all ttys in ppp line discipline.
662 */
663static DEFINE_RWLOCK(disc_data_lock);
664
665static struct mkiss *mkiss_get(struct tty_struct *tty)
666{
667 struct mkiss *ax;
668
669 read_lock(&disc_data_lock);
670 ax = tty->disc_data;
671 if (ax)
672 refcount_inc(&ax->refcnt);
673 read_unlock(&disc_data_lock);
674
675 return ax;
676}
677
678static void mkiss_put(struct mkiss *ax)
679{
680 if (refcount_dec_and_test(&ax->refcnt))
681 complete(&ax->dead);
682}
683
684static int crc_force = 0; /* Can be overridden with insmod */
685
686static int mkiss_open(struct tty_struct *tty)
687{
688 struct net_device *dev;
689 struct mkiss *ax;
690 int err;
691
692 if (!capable(CAP_NET_ADMIN))
693 return -EPERM;
694 if (tty->ops->write == NULL)
695 return -EOPNOTSUPP;
696
697 dev = alloc_netdev(sizeof(struct mkiss), "ax%d", NET_NAME_UNKNOWN,
698 ax_setup);
699 if (!dev) {
700 err = -ENOMEM;
701 goto out;
702 }
703
704 ax = netdev_priv(dev);
705 ax->dev = dev;
706
707 spin_lock_init(&ax->buflock);
708 refcount_set(&ax->refcnt, 1);
709 init_completion(&ax->dead);
710
711 ax->tty = tty;
712 tty->disc_data = ax;
713 tty->receive_room = 65535;
714
715 tty_driver_flush_buffer(tty);
716
717 /* Restore default settings */
718 dev->type = ARPHRD_AX25;
719
720 /* Perform the low-level AX25 initialization. */
721 err = ax_open(ax->dev);
722 if (err)
723 goto out_free_netdev;
724
725 err = register_netdev(dev);
726 if (err)
727 goto out_free_buffers;
728
729 /* after register_netdev() - because else printk smashes the kernel */
730 switch (crc_force) {
731 case 3:
732 ax->crcmode = CRC_MODE_SMACK;
733 printk(KERN_INFO "mkiss: %s: crc mode smack forced.\n",
734 ax->dev->name);
735 break;
736 case 2:
737 ax->crcmode = CRC_MODE_FLEX;
738 printk(KERN_INFO "mkiss: %s: crc mode flexnet forced.\n",
739 ax->dev->name);
740 break;
741 case 1:
742 ax->crcmode = CRC_MODE_NONE;
743 printk(KERN_INFO "mkiss: %s: crc mode disabled.\n",
744 ax->dev->name);
745 break;
746 case 0:
747 default:
748 crc_force = 0;
749 printk(KERN_INFO "mkiss: %s: crc mode is auto.\n",
750 ax->dev->name);
751 ax->crcmode = CRC_MODE_SMACK_TEST;
752 }
753 ax->crcauto = (crc_force ? 0 : 1);
754
755 netif_start_queue(dev);
756
757 /* Done. We have linked the TTY line to a channel. */
758 return 0;
759
760out_free_buffers:
761 kfree(ax->rbuff);
762 kfree(ax->xbuff);
763
764out_free_netdev:
765 free_netdev(dev);
766
767out:
768 return err;
769}
770
771static void mkiss_close(struct tty_struct *tty)
772{
773 struct mkiss *ax;
774
775 write_lock_irq(&disc_data_lock);
776 ax = tty->disc_data;
777 tty->disc_data = NULL;
778 write_unlock_irq(&disc_data_lock);
779
780 if (!ax)
781 return;
782
783 /*
784 * We have now ensured that nobody can start using ap from now on, but
785 * we have to wait for all existing users to finish.
786 */
787 if (!refcount_dec_and_test(&ax->refcnt))
788 wait_for_completion(&ax->dead);
789 /*
790 * Halt the transmit queue so that a new transmit cannot scribble
791 * on our buffers
792 */
793 netif_stop_queue(ax->dev);
794
795 /* Free all AX25 frame buffers. */
796 kfree(ax->rbuff);
797 kfree(ax->xbuff);
798
799 ax->tty = NULL;
800
801 unregister_netdev(ax->dev);
802 free_netdev(ax->dev);
803}
804
805/* Perform I/O control on an active ax25 channel. */
806static int mkiss_ioctl(struct tty_struct *tty, struct file *file,
807 unsigned int cmd, unsigned long arg)
808{
809 struct mkiss *ax = mkiss_get(tty);
810 struct net_device *dev;
811 unsigned int tmp, err;
812
813 /* First make sure we're connected. */
814 if (ax == NULL)
815 return -ENXIO;
816 dev = ax->dev;
817
818 switch (cmd) {
819 case SIOCGIFNAME:
820 err = copy_to_user((void __user *) arg, ax->dev->name,
821 strlen(ax->dev->name) + 1) ? -EFAULT : 0;
822 break;
823
824 case SIOCGIFENCAP:
825 err = put_user(4, (int __user *) arg);
826 break;
827
828 case SIOCSIFENCAP:
829 if (get_user(tmp, (int __user *) arg)) {
830 err = -EFAULT;
831 break;
832 }
833
834 ax->mode = tmp;
835 dev->addr_len = AX25_ADDR_LEN;
836 dev->hard_header_len = AX25_KISS_HEADER_LEN +
837 AX25_MAX_HEADER_LEN + 3;
838 dev->type = ARPHRD_AX25;
839
840 err = 0;
841 break;
842
843 case SIOCSIFHWADDR: {
844 char addr[AX25_ADDR_LEN];
845
846 if (copy_from_user(&addr,
847 (void __user *) arg, AX25_ADDR_LEN)) {
848 err = -EFAULT;
849 break;
850 }
851
852 netif_tx_lock_bh(dev);
853 memcpy(dev->dev_addr, addr, AX25_ADDR_LEN);
854 netif_tx_unlock_bh(dev);
855
856 err = 0;
857 break;
858 }
859 default:
860 err = -ENOIOCTLCMD;
861 }
862
863 mkiss_put(ax);
864
865 return err;
866}
867
868/*
869 * Handle the 'receiver data ready' interrupt.
870 * This function is called by the 'tty_io' module in the kernel when
871 * a block of data has been received, which can now be decapsulated
872 * and sent on to the AX.25 layer for further processing.
873 */
874static void mkiss_receive_buf(struct tty_struct *tty, const unsigned char *cp,
875 const char *fp, int count)
876{
877 struct mkiss *ax = mkiss_get(tty);
878
879 if (!ax)
880 return;
881
882 /*
883 * Argh! mtu change time! - costs us the packet part received
884 * at the change
885 */
886 if (ax->mtu != ax->dev->mtu + 73)
887 ax_changedmtu(ax);
888
889 /* Read the characters out of the buffer */
890 while (count--) {
891 if (fp != NULL && *fp++) {
892 if (!test_and_set_bit(AXF_ERROR, &ax->flags))
893 ax->dev->stats.rx_errors++;
894 cp++;
895 continue;
896 }
897
898 kiss_unesc(ax, *cp++);
899 }
900
901 mkiss_put(ax);
902 tty_unthrottle(tty);
903}
904
905/*
906 * Called by the driver when there's room for more data. If we have
907 * more packets to send, we send them here.
908 */
909static void mkiss_write_wakeup(struct tty_struct *tty)
910{
911 struct mkiss *ax = mkiss_get(tty);
912 int actual;
913
914 if (!ax)
915 return;
916
917 if (ax->xleft <= 0) {
918 /* Now serial buffer is almost free & we can start
919 * transmission of another packet
920 */
921 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
922
923 netif_wake_queue(ax->dev);
924 goto out;
925 }
926
927 actual = tty->ops->write(tty, ax->xhead, ax->xleft);
928 ax->xleft -= actual;
929 ax->xhead += actual;
930
931out:
932 mkiss_put(ax);
933}
934
935static struct tty_ldisc_ops ax_ldisc = {
936 .owner = THIS_MODULE,
937 .num = N_AX25,
938 .name = "mkiss",
939 .open = mkiss_open,
940 .close = mkiss_close,
941 .ioctl = mkiss_ioctl,
942 .receive_buf = mkiss_receive_buf,
943 .write_wakeup = mkiss_write_wakeup
944};
945
946static const char banner[] __initconst = KERN_INFO \
947 "mkiss: AX.25 Multikiss, Hans Albas PE1AYX\n";
948static const char msg_regfail[] __initconst = KERN_ERR \
949 "mkiss: can't register line discipline (err = %d)\n";
950
951static int __init mkiss_init_driver(void)
952{
953 int status;
954
955 printk(banner);
956
957 status = tty_register_ldisc(&ax_ldisc);
958 if (status != 0)
959 printk(msg_regfail, status);
960
961 return status;
962}
963
964static void __exit mkiss_exit_driver(void)
965{
966 tty_unregister_ldisc(&ax_ldisc);
967}
968
969MODULE_AUTHOR("Ralf Baechle DL5RB <ralf@linux-mips.org>");
970MODULE_DESCRIPTION("KISS driver for AX.25 over TTYs");
971module_param(crc_force, int, 0);
972MODULE_PARM_DESC(crc_force, "crc [0 = auto | 1 = none | 2 = flexnet | 3 = smack]");
973MODULE_LICENSE("GPL");
974MODULE_ALIAS_LDISC(N_AX25);
975
976module_init(mkiss_init_driver);
977module_exit(mkiss_exit_driver);
1/*
2 * This program is free software; you can distribute it and/or modify it
3 * under the terms of the GNU General Public License (Version 2) as
4 * published by the Free Software Foundation.
5 *
6 * This program is distributed in the hope it will be useful, but WITHOUT
7 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
8 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
9 * for more details.
10 *
11 * You should have received a copy of the GNU General Public License along
12 * with this program; if not, see <http://www.gnu.org/licenses/>.
13 *
14 * Copyright (C) Hans Alblas PE1AYX <hans@esrac.ele.tue.nl>
15 * Copyright (C) 2004, 05 Ralf Baechle DL5RB <ralf@linux-mips.org>
16 * Copyright (C) 2004, 05 Thomas Osterried DL9SAU <thomas@x-berg.in-berlin.de>
17 */
18#include <linux/module.h>
19#include <linux/bitops.h>
20#include <asm/uaccess.h>
21#include <linux/crc16.h>
22#include <linux/string.h>
23#include <linux/mm.h>
24#include <linux/interrupt.h>
25#include <linux/in.h>
26#include <linux/inet.h>
27#include <linux/slab.h>
28#include <linux/tty.h>
29#include <linux/errno.h>
30#include <linux/netdevice.h>
31#include <linux/major.h>
32#include <linux/init.h>
33#include <linux/rtnetlink.h>
34#include <linux/etherdevice.h>
35#include <linux/skbuff.h>
36#include <linux/if_arp.h>
37#include <linux/jiffies.h>
38#include <linux/compat.h>
39
40#include <net/ax25.h>
41
42#define AX_MTU 236
43
44/* SLIP/KISS protocol characters. */
45#define END 0300 /* indicates end of frame */
46#define ESC 0333 /* indicates byte stuffing */
47#define ESC_END 0334 /* ESC ESC_END means END 'data' */
48#define ESC_ESC 0335 /* ESC ESC_ESC means ESC 'data' */
49
50struct mkiss {
51 struct tty_struct *tty; /* ptr to TTY structure */
52 struct net_device *dev; /* easy for intr handling */
53
54 /* These are pointers to the malloc()ed frame buffers. */
55 spinlock_t buflock;/* lock for rbuf and xbuf */
56 unsigned char *rbuff; /* receiver buffer */
57 int rcount; /* received chars counter */
58 unsigned char *xbuff; /* transmitter buffer */
59 unsigned char *xhead; /* pointer to next byte to XMIT */
60 int xleft; /* bytes left in XMIT queue */
61
62 /* Detailed SLIP statistics. */
63 int mtu; /* Our mtu (to spot changes!) */
64 int buffsize; /* Max buffers sizes */
65
66 unsigned long flags; /* Flag values/ mode etc */
67 /* long req'd: used by set_bit --RR */
68#define AXF_INUSE 0 /* Channel in use */
69#define AXF_ESCAPE 1 /* ESC received */
70#define AXF_ERROR 2 /* Parity, etc. error */
71#define AXF_KEEPTEST 3 /* Keepalive test flag */
72#define AXF_OUTWAIT 4 /* is outpacket was flag */
73
74 int mode;
75 int crcmode; /* MW: for FlexNet, SMACK etc. */
76 int crcauto; /* CRC auto mode */
77
78#define CRC_MODE_NONE 0
79#define CRC_MODE_FLEX 1
80#define CRC_MODE_SMACK 2
81#define CRC_MODE_FLEX_TEST 3
82#define CRC_MODE_SMACK_TEST 4
83
84 atomic_t refcnt;
85 struct semaphore dead_sem;
86};
87
88/*---------------------------------------------------------------------------*/
89
90static const unsigned short crc_flex_table[] = {
91 0x0f87, 0x1e0e, 0x2c95, 0x3d1c, 0x49a3, 0x582a, 0x6ab1, 0x7b38,
92 0x83cf, 0x9246, 0xa0dd, 0xb154, 0xc5eb, 0xd462, 0xe6f9, 0xf770,
93 0x1f06, 0x0e8f, 0x3c14, 0x2d9d, 0x5922, 0x48ab, 0x7a30, 0x6bb9,
94 0x934e, 0x82c7, 0xb05c, 0xa1d5, 0xd56a, 0xc4e3, 0xf678, 0xe7f1,
95 0x2e85, 0x3f0c, 0x0d97, 0x1c1e, 0x68a1, 0x7928, 0x4bb3, 0x5a3a,
96 0xa2cd, 0xb344, 0x81df, 0x9056, 0xe4e9, 0xf560, 0xc7fb, 0xd672,
97 0x3e04, 0x2f8d, 0x1d16, 0x0c9f, 0x7820, 0x69a9, 0x5b32, 0x4abb,
98 0xb24c, 0xa3c5, 0x915e, 0x80d7, 0xf468, 0xe5e1, 0xd77a, 0xc6f3,
99 0x4d83, 0x5c0a, 0x6e91, 0x7f18, 0x0ba7, 0x1a2e, 0x28b5, 0x393c,
100 0xc1cb, 0xd042, 0xe2d9, 0xf350, 0x87ef, 0x9666, 0xa4fd, 0xb574,
101 0x5d02, 0x4c8b, 0x7e10, 0x6f99, 0x1b26, 0x0aaf, 0x3834, 0x29bd,
102 0xd14a, 0xc0c3, 0xf258, 0xe3d1, 0x976e, 0x86e7, 0xb47c, 0xa5f5,
103 0x6c81, 0x7d08, 0x4f93, 0x5e1a, 0x2aa5, 0x3b2c, 0x09b7, 0x183e,
104 0xe0c9, 0xf140, 0xc3db, 0xd252, 0xa6ed, 0xb764, 0x85ff, 0x9476,
105 0x7c00, 0x6d89, 0x5f12, 0x4e9b, 0x3a24, 0x2bad, 0x1936, 0x08bf,
106 0xf048, 0xe1c1, 0xd35a, 0xc2d3, 0xb66c, 0xa7e5, 0x957e, 0x84f7,
107 0x8b8f, 0x9a06, 0xa89d, 0xb914, 0xcdab, 0xdc22, 0xeeb9, 0xff30,
108 0x07c7, 0x164e, 0x24d5, 0x355c, 0x41e3, 0x506a, 0x62f1, 0x7378,
109 0x9b0e, 0x8a87, 0xb81c, 0xa995, 0xdd2a, 0xcca3, 0xfe38, 0xefb1,
110 0x1746, 0x06cf, 0x3454, 0x25dd, 0x5162, 0x40eb, 0x7270, 0x63f9,
111 0xaa8d, 0xbb04, 0x899f, 0x9816, 0xeca9, 0xfd20, 0xcfbb, 0xde32,
112 0x26c5, 0x374c, 0x05d7, 0x145e, 0x60e1, 0x7168, 0x43f3, 0x527a,
113 0xba0c, 0xab85, 0x991e, 0x8897, 0xfc28, 0xeda1, 0xdf3a, 0xceb3,
114 0x3644, 0x27cd, 0x1556, 0x04df, 0x7060, 0x61e9, 0x5372, 0x42fb,
115 0xc98b, 0xd802, 0xea99, 0xfb10, 0x8faf, 0x9e26, 0xacbd, 0xbd34,
116 0x45c3, 0x544a, 0x66d1, 0x7758, 0x03e7, 0x126e, 0x20f5, 0x317c,
117 0xd90a, 0xc883, 0xfa18, 0xeb91, 0x9f2e, 0x8ea7, 0xbc3c, 0xadb5,
118 0x5542, 0x44cb, 0x7650, 0x67d9, 0x1366, 0x02ef, 0x3074, 0x21fd,
119 0xe889, 0xf900, 0xcb9b, 0xda12, 0xaead, 0xbf24, 0x8dbf, 0x9c36,
120 0x64c1, 0x7548, 0x47d3, 0x565a, 0x22e5, 0x336c, 0x01f7, 0x107e,
121 0xf808, 0xe981, 0xdb1a, 0xca93, 0xbe2c, 0xafa5, 0x9d3e, 0x8cb7,
122 0x7440, 0x65c9, 0x5752, 0x46db, 0x3264, 0x23ed, 0x1176, 0x00ff
123};
124
125static unsigned short calc_crc_flex(unsigned char *cp, int size)
126{
127 unsigned short crc = 0xffff;
128
129 while (size--)
130 crc = (crc << 8) ^ crc_flex_table[((crc >> 8) ^ *cp++) & 0xff];
131
132 return crc;
133}
134
135static int check_crc_flex(unsigned char *cp, int size)
136{
137 unsigned short crc = 0xffff;
138
139 if (size < 3)
140 return -1;
141
142 while (size--)
143 crc = (crc << 8) ^ crc_flex_table[((crc >> 8) ^ *cp++) & 0xff];
144
145 if ((crc & 0xffff) != 0x7070)
146 return -1;
147
148 return 0;
149}
150
151static int check_crc_16(unsigned char *cp, int size)
152{
153 unsigned short crc = 0x0000;
154
155 if (size < 3)
156 return -1;
157
158 crc = crc16(0, cp, size);
159
160 if (crc != 0x0000)
161 return -1;
162
163 return 0;
164}
165
166/*
167 * Standard encapsulation
168 */
169
170static int kiss_esc(unsigned char *s, unsigned char *d, int len)
171{
172 unsigned char *ptr = d;
173 unsigned char c;
174
175 /*
176 * Send an initial END character to flush out any data that may have
177 * accumulated in the receiver due to line noise.
178 */
179
180 *ptr++ = END;
181
182 while (len-- > 0) {
183 switch (c = *s++) {
184 case END:
185 *ptr++ = ESC;
186 *ptr++ = ESC_END;
187 break;
188 case ESC:
189 *ptr++ = ESC;
190 *ptr++ = ESC_ESC;
191 break;
192 default:
193 *ptr++ = c;
194 break;
195 }
196 }
197
198 *ptr++ = END;
199
200 return ptr - d;
201}
202
203/*
204 * MW:
205 * OK its ugly, but tell me a better solution without copying the
206 * packet to a temporary buffer :-)
207 */
208static int kiss_esc_crc(unsigned char *s, unsigned char *d, unsigned short crc,
209 int len)
210{
211 unsigned char *ptr = d;
212 unsigned char c=0;
213
214 *ptr++ = END;
215 while (len > 0) {
216 if (len > 2)
217 c = *s++;
218 else if (len > 1)
219 c = crc >> 8;
220 else if (len > 0)
221 c = crc & 0xff;
222
223 len--;
224
225 switch (c) {
226 case END:
227 *ptr++ = ESC;
228 *ptr++ = ESC_END;
229 break;
230 case ESC:
231 *ptr++ = ESC;
232 *ptr++ = ESC_ESC;
233 break;
234 default:
235 *ptr++ = c;
236 break;
237 }
238 }
239 *ptr++ = END;
240
241 return ptr - d;
242}
243
244/* Send one completely decapsulated AX.25 packet to the AX.25 layer. */
245static void ax_bump(struct mkiss *ax)
246{
247 struct sk_buff *skb;
248 int count;
249
250 spin_lock_bh(&ax->buflock);
251 if (ax->rbuff[0] > 0x0f) {
252 if (ax->rbuff[0] & 0x80) {
253 if (check_crc_16(ax->rbuff, ax->rcount) < 0) {
254 ax->dev->stats.rx_errors++;
255 spin_unlock_bh(&ax->buflock);
256
257 return;
258 }
259 if (ax->crcmode != CRC_MODE_SMACK && ax->crcauto) {
260 printk(KERN_INFO
261 "mkiss: %s: Switching to crc-smack\n",
262 ax->dev->name);
263 ax->crcmode = CRC_MODE_SMACK;
264 }
265 ax->rcount -= 2;
266 *ax->rbuff &= ~0x80;
267 } else if (ax->rbuff[0] & 0x20) {
268 if (check_crc_flex(ax->rbuff, ax->rcount) < 0) {
269 ax->dev->stats.rx_errors++;
270 spin_unlock_bh(&ax->buflock);
271 return;
272 }
273 if (ax->crcmode != CRC_MODE_FLEX && ax->crcauto) {
274 printk(KERN_INFO
275 "mkiss: %s: Switching to crc-flexnet\n",
276 ax->dev->name);
277 ax->crcmode = CRC_MODE_FLEX;
278 }
279 ax->rcount -= 2;
280
281 /*
282 * dl9sau bugfix: the trailling two bytes flexnet crc
283 * will not be passed to the kernel. thus we have to
284 * correct the kissparm signature, because it indicates
285 * a crc but there's none
286 */
287 *ax->rbuff &= ~0x20;
288 }
289 }
290
291 count = ax->rcount;
292
293 if ((skb = dev_alloc_skb(count)) == NULL) {
294 printk(KERN_ERR "mkiss: %s: memory squeeze, dropping packet.\n",
295 ax->dev->name);
296 ax->dev->stats.rx_dropped++;
297 spin_unlock_bh(&ax->buflock);
298 return;
299 }
300
301 memcpy(skb_put(skb,count), ax->rbuff, count);
302 skb->protocol = ax25_type_trans(skb, ax->dev);
303 netif_rx(skb);
304 ax->dev->stats.rx_packets++;
305 ax->dev->stats.rx_bytes += count;
306 spin_unlock_bh(&ax->buflock);
307}
308
309static void kiss_unesc(struct mkiss *ax, unsigned char s)
310{
311 switch (s) {
312 case END:
313 /* drop keeptest bit = VSV */
314 if (test_bit(AXF_KEEPTEST, &ax->flags))
315 clear_bit(AXF_KEEPTEST, &ax->flags);
316
317 if (!test_and_clear_bit(AXF_ERROR, &ax->flags) && (ax->rcount > 2))
318 ax_bump(ax);
319
320 clear_bit(AXF_ESCAPE, &ax->flags);
321 ax->rcount = 0;
322 return;
323
324 case ESC:
325 set_bit(AXF_ESCAPE, &ax->flags);
326 return;
327 case ESC_ESC:
328 if (test_and_clear_bit(AXF_ESCAPE, &ax->flags))
329 s = ESC;
330 break;
331 case ESC_END:
332 if (test_and_clear_bit(AXF_ESCAPE, &ax->flags))
333 s = END;
334 break;
335 }
336
337 spin_lock_bh(&ax->buflock);
338 if (!test_bit(AXF_ERROR, &ax->flags)) {
339 if (ax->rcount < ax->buffsize) {
340 ax->rbuff[ax->rcount++] = s;
341 spin_unlock_bh(&ax->buflock);
342 return;
343 }
344
345 ax->dev->stats.rx_over_errors++;
346 set_bit(AXF_ERROR, &ax->flags);
347 }
348 spin_unlock_bh(&ax->buflock);
349}
350
351static int ax_set_mac_address(struct net_device *dev, void *addr)
352{
353 struct sockaddr_ax25 *sa = addr;
354
355 netif_tx_lock_bh(dev);
356 netif_addr_lock(dev);
357 memcpy(dev->dev_addr, &sa->sax25_call, AX25_ADDR_LEN);
358 netif_addr_unlock(dev);
359 netif_tx_unlock_bh(dev);
360
361 return 0;
362}
363
364/*---------------------------------------------------------------------------*/
365
366static void ax_changedmtu(struct mkiss *ax)
367{
368 struct net_device *dev = ax->dev;
369 unsigned char *xbuff, *rbuff, *oxbuff, *orbuff;
370 int len;
371
372 len = dev->mtu * 2;
373
374 /*
375 * allow for arrival of larger UDP packets, even if we say not to
376 * also fixes a bug in which SunOS sends 512-byte packets even with
377 * an MSS of 128
378 */
379 if (len < 576 * 2)
380 len = 576 * 2;
381
382 xbuff = kmalloc(len + 4, GFP_ATOMIC);
383 rbuff = kmalloc(len + 4, GFP_ATOMIC);
384
385 if (xbuff == NULL || rbuff == NULL) {
386 printk(KERN_ERR "mkiss: %s: unable to grow ax25 buffers, "
387 "MTU change cancelled.\n",
388 ax->dev->name);
389 dev->mtu = ax->mtu;
390 kfree(xbuff);
391 kfree(rbuff);
392 return;
393 }
394
395 spin_lock_bh(&ax->buflock);
396
397 oxbuff = ax->xbuff;
398 ax->xbuff = xbuff;
399 orbuff = ax->rbuff;
400 ax->rbuff = rbuff;
401
402 if (ax->xleft) {
403 if (ax->xleft <= len) {
404 memcpy(ax->xbuff, ax->xhead, ax->xleft);
405 } else {
406 ax->xleft = 0;
407 dev->stats.tx_dropped++;
408 }
409 }
410
411 ax->xhead = ax->xbuff;
412
413 if (ax->rcount) {
414 if (ax->rcount <= len) {
415 memcpy(ax->rbuff, orbuff, ax->rcount);
416 } else {
417 ax->rcount = 0;
418 dev->stats.rx_over_errors++;
419 set_bit(AXF_ERROR, &ax->flags);
420 }
421 }
422
423 ax->mtu = dev->mtu + 73;
424 ax->buffsize = len;
425
426 spin_unlock_bh(&ax->buflock);
427
428 kfree(oxbuff);
429 kfree(orbuff);
430}
431
432/* Encapsulate one AX.25 packet and stuff into a TTY queue. */
433static void ax_encaps(struct net_device *dev, unsigned char *icp, int len)
434{
435 struct mkiss *ax = netdev_priv(dev);
436 unsigned char *p;
437 int actual, count;
438
439 if (ax->mtu != ax->dev->mtu + 73) /* Someone has been ifconfigging */
440 ax_changedmtu(ax);
441
442 if (len > ax->mtu) { /* Sigh, shouldn't occur BUT ... */
443 len = ax->mtu;
444 printk(KERN_ERR "mkiss: %s: truncating oversized transmit packet!\n", ax->dev->name);
445 dev->stats.tx_dropped++;
446 netif_start_queue(dev);
447 return;
448 }
449
450 p = icp;
451
452 spin_lock_bh(&ax->buflock);
453 if ((*p & 0x0f) != 0) {
454 /* Configuration Command (kissparms(1).
455 * Protocol spec says: never append CRC.
456 * This fixes a very old bug in the linux
457 * kiss driver. -- dl9sau */
458 switch (*p & 0xff) {
459 case 0x85:
460 /* command from userspace especially for us,
461 * not for delivery to the tnc */
462 if (len > 1) {
463 int cmd = (p[1] & 0xff);
464 switch(cmd) {
465 case 3:
466 ax->crcmode = CRC_MODE_SMACK;
467 break;
468 case 2:
469 ax->crcmode = CRC_MODE_FLEX;
470 break;
471 case 1:
472 ax->crcmode = CRC_MODE_NONE;
473 break;
474 case 0:
475 default:
476 ax->crcmode = CRC_MODE_SMACK_TEST;
477 cmd = 0;
478 }
479 ax->crcauto = (cmd ? 0 : 1);
480 printk(KERN_INFO "mkiss: %s: crc mode %s %d\n", ax->dev->name, (len) ? "set to" : "is", cmd);
481 }
482 spin_unlock_bh(&ax->buflock);
483 netif_start_queue(dev);
484
485 return;
486 default:
487 count = kiss_esc(p, ax->xbuff, len);
488 }
489 } else {
490 unsigned short crc;
491 switch (ax->crcmode) {
492 case CRC_MODE_SMACK_TEST:
493 ax->crcmode = CRC_MODE_FLEX_TEST;
494 printk(KERN_INFO "mkiss: %s: Trying crc-smack\n", ax->dev->name);
495 // fall through
496 case CRC_MODE_SMACK:
497 *p |= 0x80;
498 crc = swab16(crc16(0, p, len));
499 count = kiss_esc_crc(p, ax->xbuff, crc, len+2);
500 break;
501 case CRC_MODE_FLEX_TEST:
502 ax->crcmode = CRC_MODE_NONE;
503 printk(KERN_INFO "mkiss: %s: Trying crc-flexnet\n", ax->dev->name);
504 // fall through
505 case CRC_MODE_FLEX:
506 *p |= 0x20;
507 crc = calc_crc_flex(p, len);
508 count = kiss_esc_crc(p, ax->xbuff, crc, len+2);
509 break;
510
511 default:
512 count = kiss_esc(p, ax->xbuff, len);
513 }
514 }
515 spin_unlock_bh(&ax->buflock);
516
517 set_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags);
518 actual = ax->tty->ops->write(ax->tty, ax->xbuff, count);
519 dev->stats.tx_packets++;
520 dev->stats.tx_bytes += actual;
521
522 ax->dev->trans_start = jiffies;
523 ax->xleft = count - actual;
524 ax->xhead = ax->xbuff + actual;
525}
526
527/* Encapsulate an AX.25 packet and kick it into a TTY queue. */
528static netdev_tx_t ax_xmit(struct sk_buff *skb, struct net_device *dev)
529{
530 struct mkiss *ax = netdev_priv(dev);
531
532 if (skb->protocol == htons(ETH_P_IP))
533 return ax25_ip_xmit(skb);
534
535 if (!netif_running(dev)) {
536 printk(KERN_ERR "mkiss: %s: xmit call when iface is down\n", dev->name);
537 return NETDEV_TX_BUSY;
538 }
539
540 if (netif_queue_stopped(dev)) {
541 /*
542 * May be we must check transmitter timeout here ?
543 * 14 Oct 1994 Dmitry Gorodchanin.
544 */
545 if (time_before(jiffies, dev->trans_start + 20 * HZ)) {
546 /* 20 sec timeout not reached */
547 return NETDEV_TX_BUSY;
548 }
549
550 printk(KERN_ERR "mkiss: %s: transmit timed out, %s?\n", dev->name,
551 (tty_chars_in_buffer(ax->tty) || ax->xleft) ?
552 "bad line quality" : "driver error");
553
554 ax->xleft = 0;
555 clear_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags);
556 netif_start_queue(dev);
557 }
558
559 /* We were not busy, so we are now... :-) */
560 netif_stop_queue(dev);
561 ax_encaps(dev, skb->data, skb->len);
562 kfree_skb(skb);
563
564 return NETDEV_TX_OK;
565}
566
567static int ax_open_dev(struct net_device *dev)
568{
569 struct mkiss *ax = netdev_priv(dev);
570
571 if (ax->tty == NULL)
572 return -ENODEV;
573
574 return 0;
575}
576
577/* Open the low-level part of the AX25 channel. Easy! */
578static int ax_open(struct net_device *dev)
579{
580 struct mkiss *ax = netdev_priv(dev);
581 unsigned long len;
582
583 if (ax->tty == NULL)
584 return -ENODEV;
585
586 /*
587 * Allocate the frame buffers:
588 *
589 * rbuff Receive buffer.
590 * xbuff Transmit buffer.
591 */
592 len = dev->mtu * 2;
593
594 /*
595 * allow for arrival of larger UDP packets, even if we say not to
596 * also fixes a bug in which SunOS sends 512-byte packets even with
597 * an MSS of 128
598 */
599 if (len < 576 * 2)
600 len = 576 * 2;
601
602 if ((ax->rbuff = kmalloc(len + 4, GFP_KERNEL)) == NULL)
603 goto norbuff;
604
605 if ((ax->xbuff = kmalloc(len + 4, GFP_KERNEL)) == NULL)
606 goto noxbuff;
607
608 ax->mtu = dev->mtu + 73;
609 ax->buffsize = len;
610 ax->rcount = 0;
611 ax->xleft = 0;
612
613 ax->flags &= (1 << AXF_INUSE); /* Clear ESCAPE & ERROR flags */
614
615 spin_lock_init(&ax->buflock);
616
617 return 0;
618
619noxbuff:
620 kfree(ax->rbuff);
621
622norbuff:
623 return -ENOMEM;
624}
625
626
627/* Close the low-level part of the AX25 channel. Easy! */
628static int ax_close(struct net_device *dev)
629{
630 struct mkiss *ax = netdev_priv(dev);
631
632 if (ax->tty)
633 clear_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags);
634
635 netif_stop_queue(dev);
636
637 return 0;
638}
639
640static const struct net_device_ops ax_netdev_ops = {
641 .ndo_open = ax_open_dev,
642 .ndo_stop = ax_close,
643 .ndo_start_xmit = ax_xmit,
644 .ndo_set_mac_address = ax_set_mac_address,
645};
646
647static void ax_setup(struct net_device *dev)
648{
649 /* Finish setting up the DEVICE info. */
650 dev->mtu = AX_MTU;
651 dev->hard_header_len = 0;
652 dev->addr_len = 0;
653 dev->type = ARPHRD_AX25;
654 dev->tx_queue_len = 10;
655 dev->header_ops = &ax25_header_ops;
656 dev->netdev_ops = &ax_netdev_ops;
657
658
659 memcpy(dev->broadcast, &ax25_bcast, AX25_ADDR_LEN);
660 memcpy(dev->dev_addr, &ax25_defaddr, AX25_ADDR_LEN);
661
662 dev->flags = IFF_BROADCAST | IFF_MULTICAST;
663}
664
665/*
666 * We have a potential race on dereferencing tty->disc_data, because the tty
667 * layer provides no locking at all - thus one cpu could be running
668 * sixpack_receive_buf while another calls sixpack_close, which zeroes
669 * tty->disc_data and frees the memory that sixpack_receive_buf is using. The
670 * best way to fix this is to use a rwlock in the tty struct, but for now we
671 * use a single global rwlock for all ttys in ppp line discipline.
672 */
673static DEFINE_RWLOCK(disc_data_lock);
674
675static struct mkiss *mkiss_get(struct tty_struct *tty)
676{
677 struct mkiss *ax;
678
679 read_lock(&disc_data_lock);
680 ax = tty->disc_data;
681 if (ax)
682 atomic_inc(&ax->refcnt);
683 read_unlock(&disc_data_lock);
684
685 return ax;
686}
687
688static void mkiss_put(struct mkiss *ax)
689{
690 if (atomic_dec_and_test(&ax->refcnt))
691 up(&ax->dead_sem);
692}
693
694static int crc_force = 0; /* Can be overridden with insmod */
695
696static int mkiss_open(struct tty_struct *tty)
697{
698 struct net_device *dev;
699 struct mkiss *ax;
700 int err;
701
702 if (!capable(CAP_NET_ADMIN))
703 return -EPERM;
704 if (tty->ops->write == NULL)
705 return -EOPNOTSUPP;
706
707 dev = alloc_netdev(sizeof(struct mkiss), "ax%d", NET_NAME_UNKNOWN,
708 ax_setup);
709 if (!dev) {
710 err = -ENOMEM;
711 goto out;
712 }
713
714 ax = netdev_priv(dev);
715 ax->dev = dev;
716
717 spin_lock_init(&ax->buflock);
718 atomic_set(&ax->refcnt, 1);
719 sema_init(&ax->dead_sem, 0);
720
721 ax->tty = tty;
722 tty->disc_data = ax;
723 tty->receive_room = 65535;
724
725 tty_driver_flush_buffer(tty);
726
727 /* Restore default settings */
728 dev->type = ARPHRD_AX25;
729
730 /* Perform the low-level AX25 initialization. */
731 err = ax_open(ax->dev);
732 if (err)
733 goto out_free_netdev;
734
735 err = register_netdev(dev);
736 if (err)
737 goto out_free_buffers;
738
739 /* after register_netdev() - because else printk smashes the kernel */
740 switch (crc_force) {
741 case 3:
742 ax->crcmode = CRC_MODE_SMACK;
743 printk(KERN_INFO "mkiss: %s: crc mode smack forced.\n",
744 ax->dev->name);
745 break;
746 case 2:
747 ax->crcmode = CRC_MODE_FLEX;
748 printk(KERN_INFO "mkiss: %s: crc mode flexnet forced.\n",
749 ax->dev->name);
750 break;
751 case 1:
752 ax->crcmode = CRC_MODE_NONE;
753 printk(KERN_INFO "mkiss: %s: crc mode disabled.\n",
754 ax->dev->name);
755 break;
756 case 0:
757 /* fall through */
758 default:
759 crc_force = 0;
760 printk(KERN_INFO "mkiss: %s: crc mode is auto.\n",
761 ax->dev->name);
762 ax->crcmode = CRC_MODE_SMACK_TEST;
763 }
764 ax->crcauto = (crc_force ? 0 : 1);
765
766 netif_start_queue(dev);
767
768 /* Done. We have linked the TTY line to a channel. */
769 return 0;
770
771out_free_buffers:
772 kfree(ax->rbuff);
773 kfree(ax->xbuff);
774
775out_free_netdev:
776 free_netdev(dev);
777
778out:
779 return err;
780}
781
782static void mkiss_close(struct tty_struct *tty)
783{
784 struct mkiss *ax;
785
786 write_lock_bh(&disc_data_lock);
787 ax = tty->disc_data;
788 tty->disc_data = NULL;
789 write_unlock_bh(&disc_data_lock);
790
791 if (!ax)
792 return;
793
794 /*
795 * We have now ensured that nobody can start using ap from now on, but
796 * we have to wait for all existing users to finish.
797 */
798 if (!atomic_dec_and_test(&ax->refcnt))
799 down(&ax->dead_sem);
800 /*
801 * Halt the transmit queue so that a new transmit cannot scribble
802 * on our buffers
803 */
804 netif_stop_queue(ax->dev);
805
806 /* Free all AX25 frame buffers. */
807 kfree(ax->rbuff);
808 kfree(ax->xbuff);
809
810 ax->tty = NULL;
811
812 unregister_netdev(ax->dev);
813}
814
815/* Perform I/O control on an active ax25 channel. */
816static int mkiss_ioctl(struct tty_struct *tty, struct file *file,
817 unsigned int cmd, unsigned long arg)
818{
819 struct mkiss *ax = mkiss_get(tty);
820 struct net_device *dev;
821 unsigned int tmp, err;
822
823 /* First make sure we're connected. */
824 if (ax == NULL)
825 return -ENXIO;
826 dev = ax->dev;
827
828 switch (cmd) {
829 case SIOCGIFNAME:
830 err = copy_to_user((void __user *) arg, ax->dev->name,
831 strlen(ax->dev->name) + 1) ? -EFAULT : 0;
832 break;
833
834 case SIOCGIFENCAP:
835 err = put_user(4, (int __user *) arg);
836 break;
837
838 case SIOCSIFENCAP:
839 if (get_user(tmp, (int __user *) arg)) {
840 err = -EFAULT;
841 break;
842 }
843
844 ax->mode = tmp;
845 dev->addr_len = AX25_ADDR_LEN;
846 dev->hard_header_len = AX25_KISS_HEADER_LEN +
847 AX25_MAX_HEADER_LEN + 3;
848 dev->type = ARPHRD_AX25;
849
850 err = 0;
851 break;
852
853 case SIOCSIFHWADDR: {
854 char addr[AX25_ADDR_LEN];
855
856 if (copy_from_user(&addr,
857 (void __user *) arg, AX25_ADDR_LEN)) {
858 err = -EFAULT;
859 break;
860 }
861
862 netif_tx_lock_bh(dev);
863 memcpy(dev->dev_addr, addr, AX25_ADDR_LEN);
864 netif_tx_unlock_bh(dev);
865
866 err = 0;
867 break;
868 }
869 default:
870 err = -ENOIOCTLCMD;
871 }
872
873 mkiss_put(ax);
874
875 return err;
876}
877
878#ifdef CONFIG_COMPAT
879static long mkiss_compat_ioctl(struct tty_struct *tty, struct file *file,
880 unsigned int cmd, unsigned long arg)
881{
882 switch (cmd) {
883 case SIOCGIFNAME:
884 case SIOCGIFENCAP:
885 case SIOCSIFENCAP:
886 case SIOCSIFHWADDR:
887 return mkiss_ioctl(tty, file, cmd,
888 (unsigned long)compat_ptr(arg));
889 }
890
891 return -ENOIOCTLCMD;
892}
893#endif
894
895/*
896 * Handle the 'receiver data ready' interrupt.
897 * This function is called by the 'tty_io' module in the kernel when
898 * a block of data has been received, which can now be decapsulated
899 * and sent on to the AX.25 layer for further processing.
900 */
901static void mkiss_receive_buf(struct tty_struct *tty, const unsigned char *cp,
902 char *fp, int count)
903{
904 struct mkiss *ax = mkiss_get(tty);
905
906 if (!ax)
907 return;
908
909 /*
910 * Argh! mtu change time! - costs us the packet part received
911 * at the change
912 */
913 if (ax->mtu != ax->dev->mtu + 73)
914 ax_changedmtu(ax);
915
916 /* Read the characters out of the buffer */
917 while (count--) {
918 if (fp != NULL && *fp++) {
919 if (!test_and_set_bit(AXF_ERROR, &ax->flags))
920 ax->dev->stats.rx_errors++;
921 cp++;
922 continue;
923 }
924
925 kiss_unesc(ax, *cp++);
926 }
927
928 mkiss_put(ax);
929 tty_unthrottle(tty);
930}
931
932/*
933 * Called by the driver when there's room for more data. If we have
934 * more packets to send, we send them here.
935 */
936static void mkiss_write_wakeup(struct tty_struct *tty)
937{
938 struct mkiss *ax = mkiss_get(tty);
939 int actual;
940
941 if (!ax)
942 return;
943
944 if (ax->xleft <= 0) {
945 /* Now serial buffer is almost free & we can start
946 * transmission of another packet
947 */
948 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
949
950 netif_wake_queue(ax->dev);
951 goto out;
952 }
953
954 actual = tty->ops->write(tty, ax->xhead, ax->xleft);
955 ax->xleft -= actual;
956 ax->xhead += actual;
957
958out:
959 mkiss_put(ax);
960}
961
962static struct tty_ldisc_ops ax_ldisc = {
963 .owner = THIS_MODULE,
964 .magic = TTY_LDISC_MAGIC,
965 .name = "mkiss",
966 .open = mkiss_open,
967 .close = mkiss_close,
968 .ioctl = mkiss_ioctl,
969#ifdef CONFIG_COMPAT
970 .compat_ioctl = mkiss_compat_ioctl,
971#endif
972 .receive_buf = mkiss_receive_buf,
973 .write_wakeup = mkiss_write_wakeup
974};
975
976static const char banner[] __initconst = KERN_INFO \
977 "mkiss: AX.25 Multikiss, Hans Albas PE1AYX\n";
978static const char msg_regfail[] __initconst = KERN_ERR \
979 "mkiss: can't register line discipline (err = %d)\n";
980
981static int __init mkiss_init_driver(void)
982{
983 int status;
984
985 printk(banner);
986
987 status = tty_register_ldisc(N_AX25, &ax_ldisc);
988 if (status != 0)
989 printk(msg_regfail, status);
990
991 return status;
992}
993
994static const char msg_unregfail[] = KERN_ERR \
995 "mkiss: can't unregister line discipline (err = %d)\n";
996
997static void __exit mkiss_exit_driver(void)
998{
999 int ret;
1000
1001 if ((ret = tty_unregister_ldisc(N_AX25)))
1002 printk(msg_unregfail, ret);
1003}
1004
1005MODULE_AUTHOR("Ralf Baechle DL5RB <ralf@linux-mips.org>");
1006MODULE_DESCRIPTION("KISS driver for AX.25 over TTYs");
1007module_param(crc_force, int, 0);
1008MODULE_PARM_DESC(crc_force, "crc [0 = auto | 1 = none | 2 = flexnet | 3 = smack]");
1009MODULE_LICENSE("GPL");
1010MODULE_ALIAS_LDISC(N_AX25);
1011
1012module_init(mkiss_init_driver);
1013module_exit(mkiss_exit_driver);