1// SPDX-License-Identifier: GPL-2.0-only
  2/*
  3 *
  4 * Copyright (C) Hans Alblas PE1AYX <hans@esrac.ele.tue.nl>
  5 * Copyright (C) 2004, 05 Ralf Baechle DL5RB <ralf@linux-mips.org>
  6 * Copyright (C) 2004, 05 Thomas Osterried DL9SAU <thomas@x-berg.in-berlin.de>
  7 */
  8#include <linux/module.h>
  9#include <linux/bitops.h>
 10#include <linux/uaccess.h>
 11#include <linux/crc16.h>
 12#include <linux/string.h>
 13#include <linux/mm.h>
 14#include <linux/interrupt.h>
 15#include <linux/in.h>
 16#include <linux/inet.h>
 17#include <linux/slab.h>
 18#include <linux/tty.h>
 19#include <linux/errno.h>
 20#include <linux/netdevice.h>
 21#include <linux/major.h>
 22#include <linux/init.h>
 23#include <linux/rtnetlink.h>
 24#include <linux/etherdevice.h>
 25#include <linux/skbuff.h>
 26#include <linux/if_arp.h>
 27#include <linux/jiffies.h>
 28#include <linux/refcount.h>
 29
 30#include <net/ax25.h>
 31
 32#define AX_MTU		236
 33
 34/* SLIP/KISS protocol characters. */
 35#define END             0300		/* indicates end of frame	*/
 36#define ESC             0333		/* indicates byte stuffing	*/
 37#define ESC_END         0334		/* ESC ESC_END means END 'data'	*/
 38#define ESC_ESC         0335		/* ESC ESC_ESC means ESC 'data'	*/
 39
 40struct mkiss {
 41	struct tty_struct	*tty;	/* ptr to TTY structure		*/
 42	struct net_device	*dev;	/* easy for intr handling	*/
 43
 44	/* These are pointers to the malloc()ed frame buffers. */
 45	spinlock_t		buflock;/* lock for rbuf and xbuf */
 46	unsigned char		*rbuff;	/* receiver buffer		*/
 47	int			rcount;	/* received chars counter       */
 48	unsigned char		*xbuff;	/* transmitter buffer		*/
 49	unsigned char		*xhead;	/* pointer to next byte to XMIT */
 50	int			xleft;	/* bytes left in XMIT queue     */
 51
 52	/* Detailed SLIP statistics. */
 53	int		mtu;		/* Our mtu (to spot changes!)   */
 54	int		buffsize;	/* Max buffers sizes            */
 55
 56	unsigned long	flags;		/* Flag values/ mode etc	*/
 57					/* long req'd: used by set_bit --RR */
 58#define AXF_INUSE	0		/* Channel in use               */
 59#define AXF_ESCAPE	1               /* ESC received                 */
 60#define AXF_ERROR	2               /* Parity, etc. error           */
 61#define AXF_KEEPTEST	3		/* Keepalive test flag		*/
 62#define AXF_OUTWAIT	4		/* is outpacket was flag	*/
 63
 64	int		mode;
 65        int		crcmode;	/* MW: for FlexNet, SMACK etc.  */
 66	int		crcauto;	/* CRC auto mode */
 67
 68#define CRC_MODE_NONE		0
 69#define CRC_MODE_FLEX		1
 70#define CRC_MODE_SMACK		2
 71#define CRC_MODE_FLEX_TEST	3
 72#define CRC_MODE_SMACK_TEST	4
 73
 74	refcount_t		refcnt;
 75	struct completion	dead;
 76};
 77
 78/*---------------------------------------------------------------------------*/
 79
 80static const unsigned short crc_flex_table[] = {
 81	0x0f87, 0x1e0e, 0x2c95, 0x3d1c, 0x49a3, 0x582a, 0x6ab1, 0x7b38,
 82	0x83cf, 0x9246, 0xa0dd, 0xb154, 0xc5eb, 0xd462, 0xe6f9, 0xf770,
 83	0x1f06, 0x0e8f, 0x3c14, 0x2d9d, 0x5922, 0x48ab, 0x7a30, 0x6bb9,
 84	0x934e, 0x82c7, 0xb05c, 0xa1d5, 0xd56a, 0xc4e3, 0xf678, 0xe7f1,
 85	0x2e85, 0x3f0c, 0x0d97, 0x1c1e, 0x68a1, 0x7928, 0x4bb3, 0x5a3a,
 86	0xa2cd, 0xb344, 0x81df, 0x9056, 0xe4e9, 0xf560, 0xc7fb, 0xd672,
 87	0x3e04, 0x2f8d, 0x1d16, 0x0c9f, 0x7820, 0x69a9, 0x5b32, 0x4abb,
 88	0xb24c, 0xa3c5, 0x915e, 0x80d7, 0xf468, 0xe5e1, 0xd77a, 0xc6f3,
 89	0x4d83, 0x5c0a, 0x6e91, 0x7f18, 0x0ba7, 0x1a2e, 0x28b5, 0x393c,
 90	0xc1cb, 0xd042, 0xe2d9, 0xf350, 0x87ef, 0x9666, 0xa4fd, 0xb574,
 91	0x5d02, 0x4c8b, 0x7e10, 0x6f99, 0x1b26, 0x0aaf, 0x3834, 0x29bd,
 92	0xd14a, 0xc0c3, 0xf258, 0xe3d1, 0x976e, 0x86e7, 0xb47c, 0xa5f5,
 93	0x6c81, 0x7d08, 0x4f93, 0x5e1a, 0x2aa5, 0x3b2c, 0x09b7, 0x183e,
 94	0xe0c9, 0xf140, 0xc3db, 0xd252, 0xa6ed, 0xb764, 0x85ff, 0x9476,
 95	0x7c00, 0x6d89, 0x5f12, 0x4e9b, 0x3a24, 0x2bad, 0x1936, 0x08bf,
 96	0xf048, 0xe1c1, 0xd35a, 0xc2d3, 0xb66c, 0xa7e5, 0x957e, 0x84f7,
 97	0x8b8f, 0x9a06, 0xa89d, 0xb914, 0xcdab, 0xdc22, 0xeeb9, 0xff30,
 98	0x07c7, 0x164e, 0x24d5, 0x355c, 0x41e3, 0x506a, 0x62f1, 0x7378,
 99	0x9b0e, 0x8a87, 0xb81c, 0xa995, 0xdd2a, 0xcca3, 0xfe38, 0xefb1,
100	0x1746, 0x06cf, 0x3454, 0x25dd, 0x5162, 0x40eb, 0x7270, 0x63f9,
101	0xaa8d, 0xbb04, 0x899f, 0x9816, 0xeca9, 0xfd20, 0xcfbb, 0xde32,
102	0x26c5, 0x374c, 0x05d7, 0x145e, 0x60e1, 0x7168, 0x43f3, 0x527a,
103	0xba0c, 0xab85, 0x991e, 0x8897, 0xfc28, 0xeda1, 0xdf3a, 0xceb3,
104	0x3644, 0x27cd, 0x1556, 0x04df, 0x7060, 0x61e9, 0x5372, 0x42fb,
105	0xc98b, 0xd802, 0xea99, 0xfb10, 0x8faf, 0x9e26, 0xacbd, 0xbd34,
106	0x45c3, 0x544a, 0x66d1, 0x7758, 0x03e7, 0x126e, 0x20f5, 0x317c,
107	0xd90a, 0xc883, 0xfa18, 0xeb91, 0x9f2e, 0x8ea7, 0xbc3c, 0xadb5,
108	0x5542, 0x44cb, 0x7650, 0x67d9, 0x1366, 0x02ef, 0x3074, 0x21fd,
109	0xe889, 0xf900, 0xcb9b, 0xda12, 0xaead, 0xbf24, 0x8dbf, 0x9c36,
110	0x64c1, 0x7548, 0x47d3, 0x565a, 0x22e5, 0x336c, 0x01f7, 0x107e,
111	0xf808, 0xe981, 0xdb1a, 0xca93, 0xbe2c, 0xafa5, 0x9d3e, 0x8cb7,
112	0x7440, 0x65c9, 0x5752, 0x46db, 0x3264, 0x23ed, 0x1176, 0x00ff
113};
114
115static unsigned short calc_crc_flex(unsigned char *cp, int size)
116{
117	unsigned short crc = 0xffff;
118
119	while (size--)
120		crc = (crc << 8) ^ crc_flex_table[((crc >> 8) ^ *cp++) & 0xff];
121
122	return crc;
123}
124
125static int check_crc_flex(unsigned char *cp, int size)
126{
127	unsigned short crc = 0xffff;
128
129	if (size < 3)
130		return -1;
131
132	while (size--)
133		crc = (crc << 8) ^ crc_flex_table[((crc >> 8) ^ *cp++) & 0xff];
134
135	if ((crc & 0xffff) != 0x7070)
136		return -1;
137
138	return 0;
139}
140
141static int check_crc_16(unsigned char *cp, int size)
142{
143	unsigned short crc = 0x0000;
144
145	if (size < 3)
146		return -1;
147
148	crc = crc16(0, cp, size);
149
150	if (crc != 0x0000)
151		return -1;
152
153	return 0;
154}
155
156/*
157 * Standard encapsulation
158 */
159
160static int kiss_esc(unsigned char *s, unsigned char *d, int len)
161{
162	unsigned char *ptr = d;
163	unsigned char c;
164
165	/*
166	 * Send an initial END character to flush out any data that may have
167	 * accumulated in the receiver due to line noise.
168	 */
169
170	*ptr++ = END;
171
172	while (len-- > 0) {
173		switch (c = *s++) {
174		case END:
175			*ptr++ = ESC;
176			*ptr++ = ESC_END;
177			break;
178		case ESC:
179			*ptr++ = ESC;
180			*ptr++ = ESC_ESC;
181			break;
182		default:
183			*ptr++ = c;
184			break;
185		}
186	}
187
188	*ptr++ = END;
189
190	return ptr - d;
191}
192
193/*
194 * MW:
195 * OK its ugly, but tell me a better solution without copying the
196 * packet to a temporary buffer :-)
197 */
198static int kiss_esc_crc(unsigned char *s, unsigned char *d, unsigned short crc,
199	int len)
200{
201	unsigned char *ptr = d;
202	unsigned char c=0;
203
204	*ptr++ = END;
205	while (len > 0) {
206		if (len > 2)
207			c = *s++;
208		else if (len > 1)
209			c = crc >> 8;
210		else
211			c = crc & 0xff;
212
213		len--;
214
215		switch (c) {
216		case END:
217			*ptr++ = ESC;
218			*ptr++ = ESC_END;
219			break;
220		case ESC:
221			*ptr++ = ESC;
222			*ptr++ = ESC_ESC;
223			break;
224		default:
225			*ptr++ = c;
226			break;
227		}
228	}
229	*ptr++ = END;
230
231	return ptr - d;
232}
233
234/* Send one completely decapsulated AX.25 packet to the AX.25 layer. */
235static void ax_bump(struct mkiss *ax)
236{
237	struct sk_buff *skb;
238	int count;
239
240	spin_lock_bh(&ax->buflock);
241	if (ax->rbuff[0] > 0x0f) {
242		if (ax->rbuff[0] & 0x80) {
243			if (check_crc_16(ax->rbuff, ax->rcount) < 0) {
244				ax->dev->stats.rx_errors++;
245				spin_unlock_bh(&ax->buflock);
246
247				return;
248			}
249			if (ax->crcmode != CRC_MODE_SMACK && ax->crcauto) {
250				printk(KERN_INFO
251				       "mkiss: %s: Switching to crc-smack\n",
252				       ax->dev->name);
253				ax->crcmode = CRC_MODE_SMACK;
254			}
255			ax->rcount -= 2;
256			*ax->rbuff &= ~0x80;
257		} else if (ax->rbuff[0] & 0x20)  {
258			if (check_crc_flex(ax->rbuff, ax->rcount) < 0) {
259				ax->dev->stats.rx_errors++;
260				spin_unlock_bh(&ax->buflock);
261				return;
262			}
263			if (ax->crcmode != CRC_MODE_FLEX && ax->crcauto) {
264				printk(KERN_INFO
265				       "mkiss: %s: Switching to crc-flexnet\n",
266				       ax->dev->name);
267				ax->crcmode = CRC_MODE_FLEX;
268			}
269			ax->rcount -= 2;
270
271			/*
272			 * dl9sau bugfix: the trailling two bytes flexnet crc
273			 * will not be passed to the kernel. thus we have to
274			 * correct the kissparm signature, because it indicates
275			 * a crc but there's none
276			 */
277			*ax->rbuff &= ~0x20;
278		}
279	}
280
281	count = ax->rcount;
282
283	if ((skb = dev_alloc_skb(count)) == NULL) {
284		printk(KERN_ERR "mkiss: %s: memory squeeze, dropping packet.\n",
285		       ax->dev->name);
286		ax->dev->stats.rx_dropped++;
287		spin_unlock_bh(&ax->buflock);
288		return;
289	}
290
291	skb_put_data(skb, ax->rbuff, count);
292	skb->protocol = ax25_type_trans(skb, ax->dev);
293	netif_rx(skb);
294	ax->dev->stats.rx_packets++;
295	ax->dev->stats.rx_bytes += count;
296	spin_unlock_bh(&ax->buflock);
297}
298
299static void kiss_unesc(struct mkiss *ax, unsigned char s)
300{
301	switch (s) {
302	case END:
303		/* drop keeptest bit = VSV */
304		if (test_bit(AXF_KEEPTEST, &ax->flags))
305			clear_bit(AXF_KEEPTEST, &ax->flags);
306
307		if (!test_and_clear_bit(AXF_ERROR, &ax->flags) && (ax->rcount > 2))
308			ax_bump(ax);
309
310		clear_bit(AXF_ESCAPE, &ax->flags);
311		ax->rcount = 0;
312		return;
313
314	case ESC:
315		set_bit(AXF_ESCAPE, &ax->flags);
316		return;
317	case ESC_ESC:
318		if (test_and_clear_bit(AXF_ESCAPE, &ax->flags))
319			s = ESC;
320		break;
321	case ESC_END:
322		if (test_and_clear_bit(AXF_ESCAPE, &ax->flags))
323			s = END;
324		break;
325	}
326
327	spin_lock_bh(&ax->buflock);
328	if (!test_bit(AXF_ERROR, &ax->flags)) {
329		if (ax->rcount < ax->buffsize) {
330			ax->rbuff[ax->rcount++] = s;
331			spin_unlock_bh(&ax->buflock);
332			return;
333		}
334
335		ax->dev->stats.rx_over_errors++;
336		set_bit(AXF_ERROR, &ax->flags);
337	}
338	spin_unlock_bh(&ax->buflock);
339}
340
341static int ax_set_mac_address(struct net_device *dev, void *addr)
342{
343	struct sockaddr_ax25 *sa = addr;
344
345	netif_tx_lock_bh(dev);
346	netif_addr_lock(dev);
347	memcpy(dev->dev_addr, &sa->sax25_call, AX25_ADDR_LEN);
348	netif_addr_unlock(dev);
349	netif_tx_unlock_bh(dev);
350
351	return 0;
352}
353
354/*---------------------------------------------------------------------------*/
355
356static void ax_changedmtu(struct mkiss *ax)
357{
358	struct net_device *dev = ax->dev;
359	unsigned char *xbuff, *rbuff, *oxbuff, *orbuff;
360	int len;
361
362	len = dev->mtu * 2;
363
364	/*
365	 * allow for arrival of larger UDP packets, even if we say not to
366	 * also fixes a bug in which SunOS sends 512-byte packets even with
367	 * an MSS of 128
368	 */
369	if (len < 576 * 2)
370		len = 576 * 2;
371
372	xbuff = kmalloc(len + 4, GFP_ATOMIC);
373	rbuff = kmalloc(len + 4, GFP_ATOMIC);
374
375	if (xbuff == NULL || rbuff == NULL)  {
376		printk(KERN_ERR "mkiss: %s: unable to grow ax25 buffers, "
377		       "MTU change cancelled.\n",
378		       ax->dev->name);
379		dev->mtu = ax->mtu;
380		kfree(xbuff);
381		kfree(rbuff);
382		return;
383	}
384
385	spin_lock_bh(&ax->buflock);
386
387	oxbuff    = ax->xbuff;
388	ax->xbuff = xbuff;
389	orbuff    = ax->rbuff;
390	ax->rbuff = rbuff;
391
392	if (ax->xleft) {
393		if (ax->xleft <= len) {
394			memcpy(ax->xbuff, ax->xhead, ax->xleft);
395		} else  {
396			ax->xleft = 0;
397			dev->stats.tx_dropped++;
398		}
399	}
400
401	ax->xhead = ax->xbuff;
402
403	if (ax->rcount) {
404		if (ax->rcount <= len) {
405			memcpy(ax->rbuff, orbuff, ax->rcount);
406		} else  {
407			ax->rcount = 0;
408			dev->stats.rx_over_errors++;
409			set_bit(AXF_ERROR, &ax->flags);
410		}
411	}
412
413	ax->mtu      = dev->mtu + 73;
414	ax->buffsize = len;
415
416	spin_unlock_bh(&ax->buflock);
417
418	kfree(oxbuff);
419	kfree(orbuff);
420}
421
422/* Encapsulate one AX.25 packet and stuff into a TTY queue. */
423static void ax_encaps(struct net_device *dev, unsigned char *icp, int len)
424{
425	struct mkiss *ax = netdev_priv(dev);
426	unsigned char *p;
427	int actual, count;
428
429	if (ax->mtu != ax->dev->mtu + 73)	/* Someone has been ifconfigging */
430		ax_changedmtu(ax);
431
432	if (len > ax->mtu) {		/* Sigh, shouldn't occur BUT ... */
433		printk(KERN_ERR "mkiss: %s: truncating oversized transmit packet!\n", ax->dev->name);
434		dev->stats.tx_dropped++;
435		netif_start_queue(dev);
436		return;
437	}
438
439	p = icp;
440
441	spin_lock_bh(&ax->buflock);
442	if ((*p & 0x0f) != 0) {
443		/* Configuration Command (kissparms(1).
444		 * Protocol spec says: never append CRC.
445		 * This fixes a very old bug in the linux
446		 * kiss driver. -- dl9sau */
447		switch (*p & 0xff) {
448		case 0x85:
449			/* command from userspace especially for us,
450			 * not for delivery to the tnc */
451			if (len > 1) {
452				int cmd = (p[1] & 0xff);
453				switch(cmd) {
454				case 3:
455				  ax->crcmode = CRC_MODE_SMACK;
456				  break;
457				case 2:
458				  ax->crcmode = CRC_MODE_FLEX;
459				  break;
460				case 1:
461				  ax->crcmode = CRC_MODE_NONE;
462				  break;
463				case 0:
464				default:
465				  ax->crcmode = CRC_MODE_SMACK_TEST;
466				  cmd = 0;
467				}
468				ax->crcauto = (cmd ? 0 : 1);
469				printk(KERN_INFO "mkiss: %s: crc mode set to %d\n",
470				       ax->dev->name, cmd);
471			}
472			spin_unlock_bh(&ax->buflock);
473			netif_start_queue(dev);
474
475			return;
476		default:
477			count = kiss_esc(p, ax->xbuff, len);
478		}
479	} else {
480		unsigned short crc;
481		switch (ax->crcmode) {
482		case CRC_MODE_SMACK_TEST:
483			ax->crcmode  = CRC_MODE_FLEX_TEST;
484			printk(KERN_INFO "mkiss: %s: Trying crc-smack\n", ax->dev->name);
485			fallthrough;
486		case CRC_MODE_SMACK:
487			*p |= 0x80;
488			crc = swab16(crc16(0, p, len));
489			count = kiss_esc_crc(p, ax->xbuff, crc, len+2);
490			break;
491		case CRC_MODE_FLEX_TEST:
492			ax->crcmode = CRC_MODE_NONE;
493			printk(KERN_INFO "mkiss: %s: Trying crc-flexnet\n", ax->dev->name);
494			fallthrough;
495		case CRC_MODE_FLEX:
496			*p |= 0x20;
497			crc = calc_crc_flex(p, len);
498			count = kiss_esc_crc(p, ax->xbuff, crc, len+2);
499			break;
500
501		default:
502			count = kiss_esc(p, ax->xbuff, len);
503		}
504	}
505	spin_unlock_bh(&ax->buflock);
506
507	set_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags);
508	actual = ax->tty->ops->write(ax->tty, ax->xbuff, count);
509	dev->stats.tx_packets++;
510	dev->stats.tx_bytes += actual;
511
512	netif_trans_update(ax->dev);
513	ax->xleft = count - actual;
514	ax->xhead = ax->xbuff + actual;
515}
516
517/* Encapsulate an AX.25 packet and kick it into a TTY queue. */
518static netdev_tx_t ax_xmit(struct sk_buff *skb, struct net_device *dev)
519{
520	struct mkiss *ax = netdev_priv(dev);
521
522	if (skb->protocol == htons(ETH_P_IP))
523		return ax25_ip_xmit(skb);
524
525	if (!netif_running(dev))  {
526		printk(KERN_ERR "mkiss: %s: xmit call when iface is down\n", dev->name);
527		return NETDEV_TX_BUSY;
528	}
529
530	if (netif_queue_stopped(dev)) {
531		/*
532		 * May be we must check transmitter timeout here ?
533		 *      14 Oct 1994 Dmitry Gorodchanin.
534		 */
535		if (time_before(jiffies, dev_trans_start(dev) + 20 * HZ)) {
536			/* 20 sec timeout not reached */
537			return NETDEV_TX_BUSY;
538		}
539
540		printk(KERN_ERR "mkiss: %s: transmit timed out, %s?\n", dev->name,
541		       (tty_chars_in_buffer(ax->tty) || ax->xleft) ?
542		       "bad line quality" : "driver error");
543
544		ax->xleft = 0;
545		clear_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags);
546		netif_start_queue(dev);
547	}
548
549	/* We were not busy, so we are now... :-) */
550	netif_stop_queue(dev);
551	ax_encaps(dev, skb->data, skb->len);
552	kfree_skb(skb);
553
554	return NETDEV_TX_OK;
555}
556
557static int ax_open_dev(struct net_device *dev)
558{
559	struct mkiss *ax = netdev_priv(dev);
560
561	if (ax->tty == NULL)
562		return -ENODEV;
563
564	return 0;
565}
566
567/* Open the low-level part of the AX25 channel. Easy! */
568static int ax_open(struct net_device *dev)
569{
570	struct mkiss *ax = netdev_priv(dev);
571	unsigned long len;
572
573	if (ax->tty == NULL)
574		return -ENODEV;
575
576	/*
577	 * Allocate the frame buffers:
578	 *
579	 * rbuff	Receive buffer.
580	 * xbuff	Transmit buffer.
581	 */
582	len = dev->mtu * 2;
583
584	/*
585	 * allow for arrival of larger UDP packets, even if we say not to
586	 * also fixes a bug in which SunOS sends 512-byte packets even with
587	 * an MSS of 128
588	 */
589	if (len < 576 * 2)
590		len = 576 * 2;
591
592	if ((ax->rbuff = kmalloc(len + 4, GFP_KERNEL)) == NULL)
593		goto norbuff;
594
595	if ((ax->xbuff = kmalloc(len + 4, GFP_KERNEL)) == NULL)
596		goto noxbuff;
597
598	ax->mtu	     = dev->mtu + 73;
599	ax->buffsize = len;
600	ax->rcount   = 0;
601	ax->xleft    = 0;
602
603	ax->flags   &= (1 << AXF_INUSE);      /* Clear ESCAPE & ERROR flags */
604
605	spin_lock_init(&ax->buflock);
606
607	return 0;
608
609noxbuff:
610	kfree(ax->rbuff);
611
612norbuff:
613	return -ENOMEM;
614}
615
616
617/* Close the low-level part of the AX25 channel. Easy! */
618static int ax_close(struct net_device *dev)
619{
620	struct mkiss *ax = netdev_priv(dev);
621
622	if (ax->tty)
623		clear_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags);
624
625	netif_stop_queue(dev);
626
627	return 0;
628}
629
630static const struct net_device_ops ax_netdev_ops = {
631	.ndo_open            = ax_open_dev,
632	.ndo_stop            = ax_close,
633	.ndo_start_xmit	     = ax_xmit,
634	.ndo_set_mac_address = ax_set_mac_address,
635};
636
637static void ax_setup(struct net_device *dev)
638{
639	/* Finish setting up the DEVICE info. */
640	dev->mtu             = AX_MTU;
641	dev->hard_header_len = AX25_MAX_HEADER_LEN;
642	dev->addr_len        = AX25_ADDR_LEN;
643	dev->type            = ARPHRD_AX25;
644	dev->tx_queue_len    = 10;
645	dev->header_ops      = &ax25_header_ops;
646	dev->netdev_ops	     = &ax_netdev_ops;
647
648
649	memcpy(dev->broadcast, &ax25_bcast, AX25_ADDR_LEN);
650	memcpy(dev->dev_addr,  &ax25_defaddr,  AX25_ADDR_LEN);
651
652	dev->flags      = IFF_BROADCAST | IFF_MULTICAST;
653}
654
655/*
656 * We have a potential race on dereferencing tty->disc_data, because the tty
657 * layer provides no locking at all - thus one cpu could be running
658 * sixpack_receive_buf while another calls sixpack_close, which zeroes
659 * tty->disc_data and frees the memory that sixpack_receive_buf is using.  The
660 * best way to fix this is to use a rwlock in the tty struct, but for now we
661 * use a single global rwlock for all ttys in ppp line discipline.
662 */
663static DEFINE_RWLOCK(disc_data_lock);
664
665static struct mkiss *mkiss_get(struct tty_struct *tty)
666{
667	struct mkiss *ax;
668
669	read_lock(&disc_data_lock);
670	ax = tty->disc_data;
671	if (ax)
672		refcount_inc(&ax->refcnt);
673	read_unlock(&disc_data_lock);
674
675	return ax;
676}
677
678static void mkiss_put(struct mkiss *ax)
679{
680	if (refcount_dec_and_test(&ax->refcnt))
681		complete(&ax->dead);
682}
683
684static int crc_force = 0;	/* Can be overridden with insmod */
685
686static int mkiss_open(struct tty_struct *tty)
687{
688	struct net_device *dev;
689	struct mkiss *ax;
690	int err;
691
692	if (!capable(CAP_NET_ADMIN))
693		return -EPERM;
694	if (tty->ops->write == NULL)
695		return -EOPNOTSUPP;
696
697	dev = alloc_netdev(sizeof(struct mkiss), "ax%d", NET_NAME_UNKNOWN,
698			   ax_setup);
699	if (!dev) {
700		err = -ENOMEM;
701		goto out;
702	}
703
704	ax = netdev_priv(dev);
705	ax->dev = dev;
706
707	spin_lock_init(&ax->buflock);
708	refcount_set(&ax->refcnt, 1);
709	init_completion(&ax->dead);
710
711	ax->tty = tty;
712	tty->disc_data = ax;
713	tty->receive_room = 65535;
714
715	tty_driver_flush_buffer(tty);
716
717	/* Restore default settings */
718	dev->type = ARPHRD_AX25;
719
720	/* Perform the low-level AX25 initialization. */
721	err = ax_open(ax->dev);
722	if (err)
723		goto out_free_netdev;
724
725	err = register_netdev(dev);
726	if (err)
727		goto out_free_buffers;
728
729	/* after register_netdev() - because else printk smashes the kernel */
730	switch (crc_force) {
731	case 3:
732		ax->crcmode  = CRC_MODE_SMACK;
733		printk(KERN_INFO "mkiss: %s: crc mode smack forced.\n",
734		       ax->dev->name);
735		break;
736	case 2:
737		ax->crcmode  = CRC_MODE_FLEX;
738		printk(KERN_INFO "mkiss: %s: crc mode flexnet forced.\n",
739		       ax->dev->name);
740		break;
741	case 1:
742		ax->crcmode  = CRC_MODE_NONE;
743		printk(KERN_INFO "mkiss: %s: crc mode disabled.\n",
744		       ax->dev->name);
745		break;
746	case 0:
 
747	default:
748		crc_force = 0;
749		printk(KERN_INFO "mkiss: %s: crc mode is auto.\n",
750		       ax->dev->name);
751		ax->crcmode  = CRC_MODE_SMACK_TEST;
752	}
753	ax->crcauto = (crc_force ? 0 : 1);
754
755	netif_start_queue(dev);
756
757	/* Done.  We have linked the TTY line to a channel. */
758	return 0;
759
760out_free_buffers:
761	kfree(ax->rbuff);
762	kfree(ax->xbuff);
763
764out_free_netdev:
765	free_netdev(dev);
766
767out:
768	return err;
769}
770
771static void mkiss_close(struct tty_struct *tty)
772{
773	struct mkiss *ax;
774
775	write_lock_irq(&disc_data_lock);
776	ax = tty->disc_data;
777	tty->disc_data = NULL;
778	write_unlock_irq(&disc_data_lock);
779
780	if (!ax)
781		return;
782
783	/*
784	 * We have now ensured that nobody can start using ap from now on, but
785	 * we have to wait for all existing users to finish.
786	 */
787	if (!refcount_dec_and_test(&ax->refcnt))
788		wait_for_completion(&ax->dead);
789	/*
790	 * Halt the transmit queue so that a new transmit cannot scribble
791	 * on our buffers
792	 */
793	netif_stop_queue(ax->dev);
794
795	/* Free all AX25 frame buffers. */
796	kfree(ax->rbuff);
797	kfree(ax->xbuff);
798
799	ax->tty = NULL;
800
801	unregister_netdev(ax->dev);
802	free_netdev(ax->dev);
803}
804
805/* Perform I/O control on an active ax25 channel. */
806static int mkiss_ioctl(struct tty_struct *tty, struct file *file,
807	unsigned int cmd, unsigned long arg)
808{
809	struct mkiss *ax = mkiss_get(tty);
810	struct net_device *dev;
811	unsigned int tmp, err;
812
813	/* First make sure we're connected. */
814	if (ax == NULL)
815		return -ENXIO;
816	dev = ax->dev;
817
818	switch (cmd) {
819	case SIOCGIFNAME:
820		err = copy_to_user((void __user *) arg, ax->dev->name,
821		                   strlen(ax->dev->name) + 1) ? -EFAULT : 0;
822		break;
823
824	case SIOCGIFENCAP:
825		err = put_user(4, (int __user *) arg);
826		break;
827
828	case SIOCSIFENCAP:
829		if (get_user(tmp, (int __user *) arg)) {
830			err = -EFAULT;
831			break;
832		}
833
834		ax->mode = tmp;
835		dev->addr_len        = AX25_ADDR_LEN;
836		dev->hard_header_len = AX25_KISS_HEADER_LEN +
837		                       AX25_MAX_HEADER_LEN + 3;
838		dev->type            = ARPHRD_AX25;
839
840		err = 0;
841		break;
842
843	case SIOCSIFHWADDR: {
844		char addr[AX25_ADDR_LEN];
845
846		if (copy_from_user(&addr,
847		                   (void __user *) arg, AX25_ADDR_LEN)) {
848			err = -EFAULT;
849			break;
850		}
851
852		netif_tx_lock_bh(dev);
853		memcpy(dev->dev_addr, addr, AX25_ADDR_LEN);
854		netif_tx_unlock_bh(dev);
855
856		err = 0;
857		break;
858	}
859	default:
860		err = -ENOIOCTLCMD;
861	}
862
863	mkiss_put(ax);
864
865	return err;
866}
867
868/*
869 * Handle the 'receiver data ready' interrupt.
870 * This function is called by the 'tty_io' module in the kernel when
871 * a block of data has been received, which can now be decapsulated
872 * and sent on to the AX.25 layer for further processing.
873 */
874static void mkiss_receive_buf(struct tty_struct *tty, const unsigned char *cp,
875	const char *fp, int count)
876{
877	struct mkiss *ax = mkiss_get(tty);
878
879	if (!ax)
880		return;
881
882	/*
883	 * Argh! mtu change time! - costs us the packet part received
884	 * at the change
885	 */
886	if (ax->mtu != ax->dev->mtu + 73)
887		ax_changedmtu(ax);
888
889	/* Read the characters out of the buffer */
890	while (count--) {
891		if (fp != NULL && *fp++) {
892			if (!test_and_set_bit(AXF_ERROR, &ax->flags))
893				ax->dev->stats.rx_errors++;
894			cp++;
895			continue;
896		}
897
898		kiss_unesc(ax, *cp++);
899	}
900
901	mkiss_put(ax);
902	tty_unthrottle(tty);
903}
904
905/*
906 * Called by the driver when there's room for more data.  If we have
907 * more packets to send, we send them here.
908 */
909static void mkiss_write_wakeup(struct tty_struct *tty)
910{
911	struct mkiss *ax = mkiss_get(tty);
912	int actual;
913
914	if (!ax)
915		return;
916
917	if (ax->xleft <= 0)  {
918		/* Now serial buffer is almost free & we can start
919		 * transmission of another packet
920		 */
921		clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
922
923		netif_wake_queue(ax->dev);
924		goto out;
925	}
926
927	actual = tty->ops->write(tty, ax->xhead, ax->xleft);
928	ax->xleft -= actual;
929	ax->xhead += actual;
930
931out:
932	mkiss_put(ax);
933}
934
935static struct tty_ldisc_ops ax_ldisc = {
936	.owner		= THIS_MODULE,
937	.num		= N_AX25,
938	.name		= "mkiss",
939	.open		= mkiss_open,
940	.close		= mkiss_close,
941	.ioctl		= mkiss_ioctl,
942	.receive_buf	= mkiss_receive_buf,
943	.write_wakeup	= mkiss_write_wakeup
944};
945
946static const char banner[] __initconst = KERN_INFO \
947	"mkiss: AX.25 Multikiss, Hans Albas PE1AYX\n";
948static const char msg_regfail[] __initconst = KERN_ERR \
949	"mkiss: can't register line discipline (err = %d)\n";
950
951static int __init mkiss_init_driver(void)
952{
953	int status;
954
955	printk(banner);
956
957	status = tty_register_ldisc(&ax_ldisc);
958	if (status != 0)
959		printk(msg_regfail, status);
960
961	return status;
962}
963
 
 
 
964static void __exit mkiss_exit_driver(void)
965{
966	tty_unregister_ldisc(&ax_ldisc);
 
 
 
967}
968
969MODULE_AUTHOR("Ralf Baechle DL5RB <ralf@linux-mips.org>");
970MODULE_DESCRIPTION("KISS driver for AX.25 over TTYs");
971module_param(crc_force, int, 0);
972MODULE_PARM_DESC(crc_force, "crc [0 = auto | 1 = none | 2 = flexnet | 3 = smack]");
973MODULE_LICENSE("GPL");
974MODULE_ALIAS_LDISC(N_AX25);
975
976module_init(mkiss_init_driver);
977module_exit(mkiss_exit_driver);