1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 *
4 * Copyright (C) Hans Alblas PE1AYX <hans@esrac.ele.tue.nl>
5 * Copyright (C) 2004, 05 Ralf Baechle DL5RB <ralf@linux-mips.org>
6 * Copyright (C) 2004, 05 Thomas Osterried DL9SAU <thomas@x-berg.in-berlin.de>
7 */
8 #include <linux/module.h>
9 #include <linux/bitops.h>
10 #include <linux/uaccess.h>
11 #include <linux/crc16.h>
12 #include <linux/string.h>
13 #include <linux/mm.h>
14 #include <linux/interrupt.h>
15 #include <linux/in.h>
16 #include <linux/inet.h>
17 #include <linux/slab.h>
18 #include <linux/tty.h>
19 #include <linux/errno.h>
20 #include <linux/netdevice.h>
21 #include <linux/major.h>
22 #include <linux/init.h>
23 #include <linux/rtnetlink.h>
24 #include <linux/etherdevice.h>
25 #include <linux/skbuff.h>
26 #include <linux/if_arp.h>
27 #include <linux/jiffies.h>
28 #include <linux/refcount.h>
29
30 #include <net/ax25.h>
31
32 #define AX_MTU 236
33
34 /* SLIP/KISS protocol characters. */
35 #define END 0300 /* indicates end of frame */
36 #define ESC 0333 /* indicates byte stuffing */
37 #define ESC_END 0334 /* ESC ESC_END means END 'data' */
38 #define ESC_ESC 0335 /* ESC ESC_ESC means ESC 'data' */
39
40 struct mkiss {
41 struct tty_struct *tty; /* ptr to TTY structure */
42 struct net_device *dev; /* easy for intr handling */
43
44 /* These are pointers to the malloc()ed frame buffers. */
45 spinlock_t buflock;/* lock for rbuf and xbuf */
46 unsigned char *rbuff; /* receiver buffer */
47 int rcount; /* received chars counter */
48 unsigned char *xbuff; /* transmitter buffer */
49 unsigned char *xhead; /* pointer to next byte to XMIT */
50 int xleft; /* bytes left in XMIT queue */
51
52 /* Detailed SLIP statistics. */
53 int mtu; /* Our mtu (to spot changes!) */
54 int buffsize; /* Max buffers sizes */
55
56 unsigned long flags; /* Flag values/ mode etc */
57 /* long req'd: used by set_bit --RR */
58 #define AXF_INUSE 0 /* Channel in use */
59 #define AXF_ESCAPE 1 /* ESC received */
60 #define AXF_ERROR 2 /* Parity, etc. error */
61 #define AXF_KEEPTEST 3 /* Keepalive test flag */
62 #define AXF_OUTWAIT 4 /* is outpacket was flag */
63
64 int mode;
65 int crcmode; /* MW: for FlexNet, SMACK etc. */
66 int crcauto; /* CRC auto mode */
67
68 #define CRC_MODE_NONE 0
69 #define CRC_MODE_FLEX 1
70 #define CRC_MODE_SMACK 2
71 #define CRC_MODE_FLEX_TEST 3
72 #define CRC_MODE_SMACK_TEST 4
73
74 refcount_t refcnt;
75 struct completion dead;
76 };
77
78 /*---------------------------------------------------------------------------*/
79
80 static const unsigned short crc_flex_table[] = {
81 0x0f87, 0x1e0e, 0x2c95, 0x3d1c, 0x49a3, 0x582a, 0x6ab1, 0x7b38,
82 0x83cf, 0x9246, 0xa0dd, 0xb154, 0xc5eb, 0xd462, 0xe6f9, 0xf770,
83 0x1f06, 0x0e8f, 0x3c14, 0x2d9d, 0x5922, 0x48ab, 0x7a30, 0x6bb9,
84 0x934e, 0x82c7, 0xb05c, 0xa1d5, 0xd56a, 0xc4e3, 0xf678, 0xe7f1,
85 0x2e85, 0x3f0c, 0x0d97, 0x1c1e, 0x68a1, 0x7928, 0x4bb3, 0x5a3a,
86 0xa2cd, 0xb344, 0x81df, 0x9056, 0xe4e9, 0xf560, 0xc7fb, 0xd672,
87 0x3e04, 0x2f8d, 0x1d16, 0x0c9f, 0x7820, 0x69a9, 0x5b32, 0x4abb,
88 0xb24c, 0xa3c5, 0x915e, 0x80d7, 0xf468, 0xe5e1, 0xd77a, 0xc6f3,
89 0x4d83, 0x5c0a, 0x6e91, 0x7f18, 0x0ba7, 0x1a2e, 0x28b5, 0x393c,
90 0xc1cb, 0xd042, 0xe2d9, 0xf350, 0x87ef, 0x9666, 0xa4fd, 0xb574,
91 0x5d02, 0x4c8b, 0x7e10, 0x6f99, 0x1b26, 0x0aaf, 0x3834, 0x29bd,
92 0xd14a, 0xc0c3, 0xf258, 0xe3d1, 0x976e, 0x86e7, 0xb47c, 0xa5f5,
93 0x6c81, 0x7d08, 0x4f93, 0x5e1a, 0x2aa5, 0x3b2c, 0x09b7, 0x183e,
94 0xe0c9, 0xf140, 0xc3db, 0xd252, 0xa6ed, 0xb764, 0x85ff, 0x9476,
95 0x7c00, 0x6d89, 0x5f12, 0x4e9b, 0x3a24, 0x2bad, 0x1936, 0x08bf,
96 0xf048, 0xe1c1, 0xd35a, 0xc2d3, 0xb66c, 0xa7e5, 0x957e, 0x84f7,
97 0x8b8f, 0x9a06, 0xa89d, 0xb914, 0xcdab, 0xdc22, 0xeeb9, 0xff30,
98 0x07c7, 0x164e, 0x24d5, 0x355c, 0x41e3, 0x506a, 0x62f1, 0x7378,
99 0x9b0e, 0x8a87, 0xb81c, 0xa995, 0xdd2a, 0xcca3, 0xfe38, 0xefb1,
100 0x1746, 0x06cf, 0x3454, 0x25dd, 0x5162, 0x40eb, 0x7270, 0x63f9,
101 0xaa8d, 0xbb04, 0x899f, 0x9816, 0xeca9, 0xfd20, 0xcfbb, 0xde32,
102 0x26c5, 0x374c, 0x05d7, 0x145e, 0x60e1, 0x7168, 0x43f3, 0x527a,
103 0xba0c, 0xab85, 0x991e, 0x8897, 0xfc28, 0xeda1, 0xdf3a, 0xceb3,
104 0x3644, 0x27cd, 0x1556, 0x04df, 0x7060, 0x61e9, 0x5372, 0x42fb,
105 0xc98b, 0xd802, 0xea99, 0xfb10, 0x8faf, 0x9e26, 0xacbd, 0xbd34,
106 0x45c3, 0x544a, 0x66d1, 0x7758, 0x03e7, 0x126e, 0x20f5, 0x317c,
107 0xd90a, 0xc883, 0xfa18, 0xeb91, 0x9f2e, 0x8ea7, 0xbc3c, 0xadb5,
108 0x5542, 0x44cb, 0x7650, 0x67d9, 0x1366, 0x02ef, 0x3074, 0x21fd,
109 0xe889, 0xf900, 0xcb9b, 0xda12, 0xaead, 0xbf24, 0x8dbf, 0x9c36,
110 0x64c1, 0x7548, 0x47d3, 0x565a, 0x22e5, 0x336c, 0x01f7, 0x107e,
111 0xf808, 0xe981, 0xdb1a, 0xca93, 0xbe2c, 0xafa5, 0x9d3e, 0x8cb7,
112 0x7440, 0x65c9, 0x5752, 0x46db, 0x3264, 0x23ed, 0x1176, 0x00ff
113 };
114
calc_crc_flex(unsigned char * cp,int size)115 static unsigned short calc_crc_flex(unsigned char *cp, int size)
116 {
117 unsigned short crc = 0xffff;
118
119 while (size--)
120 crc = (crc << 8) ^ crc_flex_table[((crc >> 8) ^ *cp++) & 0xff];
121
122 return crc;
123 }
124
check_crc_flex(unsigned char * cp,int size)125 static int check_crc_flex(unsigned char *cp, int size)
126 {
127 unsigned short crc = 0xffff;
128
129 if (size < 3)
130 return -1;
131
132 while (size--)
133 crc = (crc << 8) ^ crc_flex_table[((crc >> 8) ^ *cp++) & 0xff];
134
135 if ((crc & 0xffff) != 0x7070)
136 return -1;
137
138 return 0;
139 }
140
check_crc_16(unsigned char * cp,int size)141 static int check_crc_16(unsigned char *cp, int size)
142 {
143 unsigned short crc = 0x0000;
144
145 if (size < 3)
146 return -1;
147
148 crc = crc16(0, cp, size);
149
150 if (crc != 0x0000)
151 return -1;
152
153 return 0;
154 }
155
156 /*
157 * Standard encapsulation
158 */
159
kiss_esc(unsigned char * s,unsigned char * d,int len)160 static int kiss_esc(unsigned char *s, unsigned char *d, int len)
161 {
162 unsigned char *ptr = d;
163 unsigned char c;
164
165 /*
166 * Send an initial END character to flush out any data that may have
167 * accumulated in the receiver due to line noise.
168 */
169
170 *ptr++ = END;
171
172 while (len-- > 0) {
173 switch (c = *s++) {
174 case END:
175 *ptr++ = ESC;
176 *ptr++ = ESC_END;
177 break;
178 case ESC:
179 *ptr++ = ESC;
180 *ptr++ = ESC_ESC;
181 break;
182 default:
183 *ptr++ = c;
184 break;
185 }
186 }
187
188 *ptr++ = END;
189
190 return ptr - d;
191 }
192
193 /*
194 * MW:
195 * OK its ugly, but tell me a better solution without copying the
196 * packet to a temporary buffer :-)
197 */
kiss_esc_crc(unsigned char * s,unsigned char * d,unsigned short crc,int len)198 static int kiss_esc_crc(unsigned char *s, unsigned char *d, unsigned short crc,
199 int len)
200 {
201 unsigned char *ptr = d;
202 unsigned char c=0;
203
204 *ptr++ = END;
205 while (len > 0) {
206 if (len > 2)
207 c = *s++;
208 else if (len > 1)
209 c = crc >> 8;
210 else
211 c = crc & 0xff;
212
213 len--;
214
215 switch (c) {
216 case END:
217 *ptr++ = ESC;
218 *ptr++ = ESC_END;
219 break;
220 case ESC:
221 *ptr++ = ESC;
222 *ptr++ = ESC_ESC;
223 break;
224 default:
225 *ptr++ = c;
226 break;
227 }
228 }
229 *ptr++ = END;
230
231 return ptr - d;
232 }
233
234 /* Send one completely decapsulated AX.25 packet to the AX.25 layer. */
ax_bump(struct mkiss * ax)235 static void ax_bump(struct mkiss *ax)
236 {
237 struct sk_buff *skb;
238 int count;
239
240 spin_lock_bh(&ax->buflock);
241 if (ax->rbuff[0] > 0x0f) {
242 if (ax->rbuff[0] & 0x80) {
243 if (check_crc_16(ax->rbuff, ax->rcount) < 0) {
244 ax->dev->stats.rx_errors++;
245 spin_unlock_bh(&ax->buflock);
246
247 return;
248 }
249 if (ax->crcmode != CRC_MODE_SMACK && ax->crcauto) {
250 printk(KERN_INFO
251 "mkiss: %s: Switching to crc-smack\n",
252 ax->dev->name);
253 ax->crcmode = CRC_MODE_SMACK;
254 }
255 ax->rcount -= 2;
256 *ax->rbuff &= ~0x80;
257 } else if (ax->rbuff[0] & 0x20) {
258 if (check_crc_flex(ax->rbuff, ax->rcount) < 0) {
259 ax->dev->stats.rx_errors++;
260 spin_unlock_bh(&ax->buflock);
261 return;
262 }
263 if (ax->crcmode != CRC_MODE_FLEX && ax->crcauto) {
264 printk(KERN_INFO
265 "mkiss: %s: Switching to crc-flexnet\n",
266 ax->dev->name);
267 ax->crcmode = CRC_MODE_FLEX;
268 }
269 ax->rcount -= 2;
270
271 /*
272 * dl9sau bugfix: the trailling two bytes flexnet crc
273 * will not be passed to the kernel. thus we have to
274 * correct the kissparm signature, because it indicates
275 * a crc but there's none
276 */
277 *ax->rbuff &= ~0x20;
278 }
279 }
280
281 count = ax->rcount;
282
283 if ((skb = dev_alloc_skb(count)) == NULL) {
284 printk(KERN_ERR "mkiss: %s: memory squeeze, dropping packet.\n",
285 ax->dev->name);
286 ax->dev->stats.rx_dropped++;
287 spin_unlock_bh(&ax->buflock);
288 return;
289 }
290
291 skb_put_data(skb, ax->rbuff, count);
292 skb->protocol = ax25_type_trans(skb, ax->dev);
293 netif_rx(skb);
294 ax->dev->stats.rx_packets++;
295 ax->dev->stats.rx_bytes += count;
296 spin_unlock_bh(&ax->buflock);
297 }
298
kiss_unesc(struct mkiss * ax,unsigned char s)299 static void kiss_unesc(struct mkiss *ax, unsigned char s)
300 {
301 switch (s) {
302 case END:
303 /* drop keeptest bit = VSV */
304 if (test_bit(AXF_KEEPTEST, &ax->flags))
305 clear_bit(AXF_KEEPTEST, &ax->flags);
306
307 if (!test_and_clear_bit(AXF_ERROR, &ax->flags) && (ax->rcount > 2))
308 ax_bump(ax);
309
310 clear_bit(AXF_ESCAPE, &ax->flags);
311 ax->rcount = 0;
312 return;
313
314 case ESC:
315 set_bit(AXF_ESCAPE, &ax->flags);
316 return;
317 case ESC_ESC:
318 if (test_and_clear_bit(AXF_ESCAPE, &ax->flags))
319 s = ESC;
320 break;
321 case ESC_END:
322 if (test_and_clear_bit(AXF_ESCAPE, &ax->flags))
323 s = END;
324 break;
325 }
326
327 spin_lock_bh(&ax->buflock);
328 if (!test_bit(AXF_ERROR, &ax->flags)) {
329 if (ax->rcount < ax->buffsize) {
330 ax->rbuff[ax->rcount++] = s;
331 spin_unlock_bh(&ax->buflock);
332 return;
333 }
334
335 ax->dev->stats.rx_over_errors++;
336 set_bit(AXF_ERROR, &ax->flags);
337 }
338 spin_unlock_bh(&ax->buflock);
339 }
340
ax_set_mac_address(struct net_device * dev,void * addr)341 static int ax_set_mac_address(struct net_device *dev, void *addr)
342 {
343 struct sockaddr_ax25 *sa = addr;
344
345 netif_tx_lock_bh(dev);
346 netif_addr_lock(dev);
347 memcpy(dev->dev_addr, &sa->sax25_call, AX25_ADDR_LEN);
348 netif_addr_unlock(dev);
349 netif_tx_unlock_bh(dev);
350
351 return 0;
352 }
353
354 /*---------------------------------------------------------------------------*/
355
ax_changedmtu(struct mkiss * ax)356 static void ax_changedmtu(struct mkiss *ax)
357 {
358 struct net_device *dev = ax->dev;
359 unsigned char *xbuff, *rbuff, *oxbuff, *orbuff;
360 int len;
361
362 len = dev->mtu * 2;
363
364 /*
365 * allow for arrival of larger UDP packets, even if we say not to
366 * also fixes a bug in which SunOS sends 512-byte packets even with
367 * an MSS of 128
368 */
369 if (len < 576 * 2)
370 len = 576 * 2;
371
372 xbuff = kmalloc(len + 4, GFP_ATOMIC);
373 rbuff = kmalloc(len + 4, GFP_ATOMIC);
374
375 if (xbuff == NULL || rbuff == NULL) {
376 printk(KERN_ERR "mkiss: %s: unable to grow ax25 buffers, "
377 "MTU change cancelled.\n",
378 ax->dev->name);
379 dev->mtu = ax->mtu;
380 kfree(xbuff);
381 kfree(rbuff);
382 return;
383 }
384
385 spin_lock_bh(&ax->buflock);
386
387 oxbuff = ax->xbuff;
388 ax->xbuff = xbuff;
389 orbuff = ax->rbuff;
390 ax->rbuff = rbuff;
391
392 if (ax->xleft) {
393 if (ax->xleft <= len) {
394 memcpy(ax->xbuff, ax->xhead, ax->xleft);
395 } else {
396 ax->xleft = 0;
397 dev->stats.tx_dropped++;
398 }
399 }
400
401 ax->xhead = ax->xbuff;
402
403 if (ax->rcount) {
404 if (ax->rcount <= len) {
405 memcpy(ax->rbuff, orbuff, ax->rcount);
406 } else {
407 ax->rcount = 0;
408 dev->stats.rx_over_errors++;
409 set_bit(AXF_ERROR, &ax->flags);
410 }
411 }
412
413 ax->mtu = dev->mtu + 73;
414 ax->buffsize = len;
415
416 spin_unlock_bh(&ax->buflock);
417
418 kfree(oxbuff);
419 kfree(orbuff);
420 }
421
422 /* Encapsulate one AX.25 packet and stuff into a TTY queue. */
ax_encaps(struct net_device * dev,unsigned char * icp,int len)423 static void ax_encaps(struct net_device *dev, unsigned char *icp, int len)
424 {
425 struct mkiss *ax = netdev_priv(dev);
426 unsigned char *p;
427 int actual, count;
428
429 if (ax->mtu != ax->dev->mtu + 73) /* Someone has been ifconfigging */
430 ax_changedmtu(ax);
431
432 if (len > ax->mtu) { /* Sigh, shouldn't occur BUT ... */
433 printk(KERN_ERR "mkiss: %s: truncating oversized transmit packet!\n", ax->dev->name);
434 dev->stats.tx_dropped++;
435 netif_start_queue(dev);
436 return;
437 }
438
439 p = icp;
440
441 spin_lock_bh(&ax->buflock);
442 if ((*p & 0x0f) != 0) {
443 /* Configuration Command (kissparms(1).
444 * Protocol spec says: never append CRC.
445 * This fixes a very old bug in the linux
446 * kiss driver. -- dl9sau */
447 switch (*p & 0xff) {
448 case 0x85:
449 /* command from userspace especially for us,
450 * not for delivery to the tnc */
451 if (len > 1) {
452 int cmd = (p[1] & 0xff);
453 switch(cmd) {
454 case 3:
455 ax->crcmode = CRC_MODE_SMACK;
456 break;
457 case 2:
458 ax->crcmode = CRC_MODE_FLEX;
459 break;
460 case 1:
461 ax->crcmode = CRC_MODE_NONE;
462 break;
463 case 0:
464 default:
465 ax->crcmode = CRC_MODE_SMACK_TEST;
466 cmd = 0;
467 }
468 ax->crcauto = (cmd ? 0 : 1);
469 printk(KERN_INFO "mkiss: %s: crc mode set to %d\n",
470 ax->dev->name, cmd);
471 }
472 spin_unlock_bh(&ax->buflock);
473 netif_start_queue(dev);
474
475 return;
476 default:
477 count = kiss_esc(p, ax->xbuff, len);
478 }
479 } else {
480 unsigned short crc;
481 switch (ax->crcmode) {
482 case CRC_MODE_SMACK_TEST:
483 ax->crcmode = CRC_MODE_FLEX_TEST;
484 printk(KERN_INFO "mkiss: %s: Trying crc-smack\n", ax->dev->name);
485 fallthrough;
486 case CRC_MODE_SMACK:
487 *p |= 0x80;
488 crc = swab16(crc16(0, p, len));
489 count = kiss_esc_crc(p, ax->xbuff, crc, len+2);
490 break;
491 case CRC_MODE_FLEX_TEST:
492 ax->crcmode = CRC_MODE_NONE;
493 printk(KERN_INFO "mkiss: %s: Trying crc-flexnet\n", ax->dev->name);
494 fallthrough;
495 case CRC_MODE_FLEX:
496 *p |= 0x20;
497 crc = calc_crc_flex(p, len);
498 count = kiss_esc_crc(p, ax->xbuff, crc, len+2);
499 break;
500
501 default:
502 count = kiss_esc(p, ax->xbuff, len);
503 }
504 }
505 spin_unlock_bh(&ax->buflock);
506
507 set_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags);
508 actual = ax->tty->ops->write(ax->tty, ax->xbuff, count);
509 dev->stats.tx_packets++;
510 dev->stats.tx_bytes += actual;
511
512 netif_trans_update(ax->dev);
513 ax->xleft = count - actual;
514 ax->xhead = ax->xbuff + actual;
515 }
516
517 /* Encapsulate an AX.25 packet and kick it into a TTY queue. */
ax_xmit(struct sk_buff * skb,struct net_device * dev)518 static netdev_tx_t ax_xmit(struct sk_buff *skb, struct net_device *dev)
519 {
520 struct mkiss *ax = netdev_priv(dev);
521
522 if (skb->protocol == htons(ETH_P_IP))
523 return ax25_ip_xmit(skb);
524
525 if (!netif_running(dev)) {
526 printk(KERN_ERR "mkiss: %s: xmit call when iface is down\n", dev->name);
527 return NETDEV_TX_BUSY;
528 }
529
530 if (netif_queue_stopped(dev)) {
531 /*
532 * May be we must check transmitter timeout here ?
533 * 14 Oct 1994 Dmitry Gorodchanin.
534 */
535 if (time_before(jiffies, dev_trans_start(dev) + 20 * HZ)) {
536 /* 20 sec timeout not reached */
537 return NETDEV_TX_BUSY;
538 }
539
540 printk(KERN_ERR "mkiss: %s: transmit timed out, %s?\n", dev->name,
541 (tty_chars_in_buffer(ax->tty) || ax->xleft) ?
542 "bad line quality" : "driver error");
543
544 ax->xleft = 0;
545 clear_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags);
546 netif_start_queue(dev);
547 }
548
549 /* We were not busy, so we are now... :-) */
550 netif_stop_queue(dev);
551 ax_encaps(dev, skb->data, skb->len);
552 kfree_skb(skb);
553
554 return NETDEV_TX_OK;
555 }
556
ax_open_dev(struct net_device * dev)557 static int ax_open_dev(struct net_device *dev)
558 {
559 struct mkiss *ax = netdev_priv(dev);
560
561 if (ax->tty == NULL)
562 return -ENODEV;
563
564 return 0;
565 }
566
567 /* Open the low-level part of the AX25 channel. Easy! */
ax_open(struct net_device * dev)568 static int ax_open(struct net_device *dev)
569 {
570 struct mkiss *ax = netdev_priv(dev);
571 unsigned long len;
572
573 if (ax->tty == NULL)
574 return -ENODEV;
575
576 /*
577 * Allocate the frame buffers:
578 *
579 * rbuff Receive buffer.
580 * xbuff Transmit buffer.
581 */
582 len = dev->mtu * 2;
583
584 /*
585 * allow for arrival of larger UDP packets, even if we say not to
586 * also fixes a bug in which SunOS sends 512-byte packets even with
587 * an MSS of 128
588 */
589 if (len < 576 * 2)
590 len = 576 * 2;
591
592 if ((ax->rbuff = kmalloc(len + 4, GFP_KERNEL)) == NULL)
593 goto norbuff;
594
595 if ((ax->xbuff = kmalloc(len + 4, GFP_KERNEL)) == NULL)
596 goto noxbuff;
597
598 ax->mtu = dev->mtu + 73;
599 ax->buffsize = len;
600 ax->rcount = 0;
601 ax->xleft = 0;
602
603 ax->flags &= (1 << AXF_INUSE); /* Clear ESCAPE & ERROR flags */
604
605 spin_lock_init(&ax->buflock);
606
607 return 0;
608
609 noxbuff:
610 kfree(ax->rbuff);
611
612 norbuff:
613 return -ENOMEM;
614 }
615
616
617 /* Close the low-level part of the AX25 channel. Easy! */
ax_close(struct net_device * dev)618 static int ax_close(struct net_device *dev)
619 {
620 struct mkiss *ax = netdev_priv(dev);
621
622 if (ax->tty)
623 clear_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags);
624
625 netif_stop_queue(dev);
626
627 return 0;
628 }
629
630 static const struct net_device_ops ax_netdev_ops = {
631 .ndo_open = ax_open_dev,
632 .ndo_stop = ax_close,
633 .ndo_start_xmit = ax_xmit,
634 .ndo_set_mac_address = ax_set_mac_address,
635 };
636
ax_setup(struct net_device * dev)637 static void ax_setup(struct net_device *dev)
638 {
639 /* Finish setting up the DEVICE info. */
640 dev->mtu = AX_MTU;
641 dev->hard_header_len = AX25_MAX_HEADER_LEN;
642 dev->addr_len = AX25_ADDR_LEN;
643 dev->type = ARPHRD_AX25;
644 dev->tx_queue_len = 10;
645 dev->header_ops = &ax25_header_ops;
646 dev->netdev_ops = &ax_netdev_ops;
647
648
649 memcpy(dev->broadcast, &ax25_bcast, AX25_ADDR_LEN);
650 memcpy(dev->dev_addr, &ax25_defaddr, AX25_ADDR_LEN);
651
652 dev->flags = IFF_BROADCAST | IFF_MULTICAST;
653 }
654
655 /*
656 * We have a potential race on dereferencing tty->disc_data, because the tty
657 * layer provides no locking at all - thus one cpu could be running
658 * sixpack_receive_buf while another calls sixpack_close, which zeroes
659 * tty->disc_data and frees the memory that sixpack_receive_buf is using. The
660 * best way to fix this is to use a rwlock in the tty struct, but for now we
661 * use a single global rwlock for all ttys in ppp line discipline.
662 */
663 static DEFINE_RWLOCK(disc_data_lock);
664
mkiss_get(struct tty_struct * tty)665 static struct mkiss *mkiss_get(struct tty_struct *tty)
666 {
667 struct mkiss *ax;
668
669 read_lock(&disc_data_lock);
670 ax = tty->disc_data;
671 if (ax)
672 refcount_inc(&ax->refcnt);
673 read_unlock(&disc_data_lock);
674
675 return ax;
676 }
677
mkiss_put(struct mkiss * ax)678 static void mkiss_put(struct mkiss *ax)
679 {
680 if (refcount_dec_and_test(&ax->refcnt))
681 complete(&ax->dead);
682 }
683
684 static int crc_force = 0; /* Can be overridden with insmod */
685
mkiss_open(struct tty_struct * tty)686 static int mkiss_open(struct tty_struct *tty)
687 {
688 struct net_device *dev;
689 struct mkiss *ax;
690 int err;
691
692 if (!capable(CAP_NET_ADMIN))
693 return -EPERM;
694 if (tty->ops->write == NULL)
695 return -EOPNOTSUPP;
696
697 dev = alloc_netdev(sizeof(struct mkiss), "ax%d", NET_NAME_UNKNOWN,
698 ax_setup);
699 if (!dev) {
700 err = -ENOMEM;
701 goto out;
702 }
703
704 ax = netdev_priv(dev);
705 ax->dev = dev;
706
707 spin_lock_init(&ax->buflock);
708 refcount_set(&ax->refcnt, 1);
709 init_completion(&ax->dead);
710
711 ax->tty = tty;
712 tty->disc_data = ax;
713 tty->receive_room = 65535;
714
715 tty_driver_flush_buffer(tty);
716
717 /* Restore default settings */
718 dev->type = ARPHRD_AX25;
719
720 /* Perform the low-level AX25 initialization. */
721 err = ax_open(ax->dev);
722 if (err)
723 goto out_free_netdev;
724
725 err = register_netdev(dev);
726 if (err)
727 goto out_free_buffers;
728
729 /* after register_netdev() - because else printk smashes the kernel */
730 switch (crc_force) {
731 case 3:
732 ax->crcmode = CRC_MODE_SMACK;
733 printk(KERN_INFO "mkiss: %s: crc mode smack forced.\n",
734 ax->dev->name);
735 break;
736 case 2:
737 ax->crcmode = CRC_MODE_FLEX;
738 printk(KERN_INFO "mkiss: %s: crc mode flexnet forced.\n",
739 ax->dev->name);
740 break;
741 case 1:
742 ax->crcmode = CRC_MODE_NONE;
743 printk(KERN_INFO "mkiss: %s: crc mode disabled.\n",
744 ax->dev->name);
745 break;
746 case 0:
747 default:
748 crc_force = 0;
749 printk(KERN_INFO "mkiss: %s: crc mode is auto.\n",
750 ax->dev->name);
751 ax->crcmode = CRC_MODE_SMACK_TEST;
752 }
753 ax->crcauto = (crc_force ? 0 : 1);
754
755 netif_start_queue(dev);
756
757 /* Done. We have linked the TTY line to a channel. */
758 return 0;
759
760 out_free_buffers:
761 kfree(ax->rbuff);
762 kfree(ax->xbuff);
763
764 out_free_netdev:
765 free_netdev(dev);
766
767 out:
768 return err;
769 }
770
mkiss_close(struct tty_struct * tty)771 static void mkiss_close(struct tty_struct *tty)
772 {
773 struct mkiss *ax;
774
775 write_lock_irq(&disc_data_lock);
776 ax = tty->disc_data;
777 tty->disc_data = NULL;
778 write_unlock_irq(&disc_data_lock);
779
780 if (!ax)
781 return;
782
783 /*
784 * We have now ensured that nobody can start using ap from now on, but
785 * we have to wait for all existing users to finish.
786 */
787 if (!refcount_dec_and_test(&ax->refcnt))
788 wait_for_completion(&ax->dead);
789 /*
790 * Halt the transmit queue so that a new transmit cannot scribble
791 * on our buffers
792 */
793 netif_stop_queue(ax->dev);
794
795 /* Free all AX25 frame buffers. */
796 kfree(ax->rbuff);
797 kfree(ax->xbuff);
798
799 ax->tty = NULL;
800
801 unregister_netdev(ax->dev);
802 }
803
804 /* Perform I/O control on an active ax25 channel. */
mkiss_ioctl(struct tty_struct * tty,struct file * file,unsigned int cmd,unsigned long arg)805 static int mkiss_ioctl(struct tty_struct *tty, struct file *file,
806 unsigned int cmd, unsigned long arg)
807 {
808 struct mkiss *ax = mkiss_get(tty);
809 struct net_device *dev;
810 unsigned int tmp, err;
811
812 /* First make sure we're connected. */
813 if (ax == NULL)
814 return -ENXIO;
815 dev = ax->dev;
816
817 switch (cmd) {
818 case SIOCGIFNAME:
819 err = copy_to_user((void __user *) arg, ax->dev->name,
820 strlen(ax->dev->name) + 1) ? -EFAULT : 0;
821 break;
822
823 case SIOCGIFENCAP:
824 err = put_user(4, (int __user *) arg);
825 break;
826
827 case SIOCSIFENCAP:
828 if (get_user(tmp, (int __user *) arg)) {
829 err = -EFAULT;
830 break;
831 }
832
833 ax->mode = tmp;
834 dev->addr_len = AX25_ADDR_LEN;
835 dev->hard_header_len = AX25_KISS_HEADER_LEN +
836 AX25_MAX_HEADER_LEN + 3;
837 dev->type = ARPHRD_AX25;
838
839 err = 0;
840 break;
841
842 case SIOCSIFHWADDR: {
843 char addr[AX25_ADDR_LEN];
844
845 if (copy_from_user(&addr,
846 (void __user *) arg, AX25_ADDR_LEN)) {
847 err = -EFAULT;
848 break;
849 }
850
851 netif_tx_lock_bh(dev);
852 memcpy(dev->dev_addr, addr, AX25_ADDR_LEN);
853 netif_tx_unlock_bh(dev);
854
855 err = 0;
856 break;
857 }
858 default:
859 err = -ENOIOCTLCMD;
860 }
861
862 mkiss_put(ax);
863
864 return err;
865 }
866
867 /*
868 * Handle the 'receiver data ready' interrupt.
869 * This function is called by the 'tty_io' module in the kernel when
870 * a block of data has been received, which can now be decapsulated
871 * and sent on to the AX.25 layer for further processing.
872 */
mkiss_receive_buf(struct tty_struct * tty,const unsigned char * cp,char * fp,int count)873 static void mkiss_receive_buf(struct tty_struct *tty, const unsigned char *cp,
874 char *fp, int count)
875 {
876 struct mkiss *ax = mkiss_get(tty);
877
878 if (!ax)
879 return;
880
881 /*
882 * Argh! mtu change time! - costs us the packet part received
883 * at the change
884 */
885 if (ax->mtu != ax->dev->mtu + 73)
886 ax_changedmtu(ax);
887
888 /* Read the characters out of the buffer */
889 while (count--) {
890 if (fp != NULL && *fp++) {
891 if (!test_and_set_bit(AXF_ERROR, &ax->flags))
892 ax->dev->stats.rx_errors++;
893 cp++;
894 continue;
895 }
896
897 kiss_unesc(ax, *cp++);
898 }
899
900 mkiss_put(ax);
901 tty_unthrottle(tty);
902 }
903
904 /*
905 * Called by the driver when there's room for more data. If we have
906 * more packets to send, we send them here.
907 */
mkiss_write_wakeup(struct tty_struct * tty)908 static void mkiss_write_wakeup(struct tty_struct *tty)
909 {
910 struct mkiss *ax = mkiss_get(tty);
911 int actual;
912
913 if (!ax)
914 return;
915
916 if (ax->xleft <= 0) {
917 /* Now serial buffer is almost free & we can start
918 * transmission of another packet
919 */
920 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
921
922 netif_wake_queue(ax->dev);
923 goto out;
924 }
925
926 actual = tty->ops->write(tty, ax->xhead, ax->xleft);
927 ax->xleft -= actual;
928 ax->xhead += actual;
929
930 out:
931 mkiss_put(ax);
932 }
933
934 static struct tty_ldisc_ops ax_ldisc = {
935 .owner = THIS_MODULE,
936 .name = "mkiss",
937 .open = mkiss_open,
938 .close = mkiss_close,
939 .ioctl = mkiss_ioctl,
940 .receive_buf = mkiss_receive_buf,
941 .write_wakeup = mkiss_write_wakeup
942 };
943
944 static const char banner[] __initconst = KERN_INFO \
945 "mkiss: AX.25 Multikiss, Hans Albas PE1AYX\n";
946 static const char msg_regfail[] __initconst = KERN_ERR \
947 "mkiss: can't register line discipline (err = %d)\n";
948
mkiss_init_driver(void)949 static int __init mkiss_init_driver(void)
950 {
951 int status;
952
953 printk(banner);
954
955 status = tty_register_ldisc(N_AX25, &ax_ldisc);
956 if (status != 0)
957 printk(msg_regfail, status);
958
959 return status;
960 }
961
962 static const char msg_unregfail[] = KERN_ERR \
963 "mkiss: can't unregister line discipline (err = %d)\n";
964
mkiss_exit_driver(void)965 static void __exit mkiss_exit_driver(void)
966 {
967 int ret;
968
969 if ((ret = tty_unregister_ldisc(N_AX25)))
970 printk(msg_unregfail, ret);
971 }
972
973 MODULE_AUTHOR("Ralf Baechle DL5RB <ralf@linux-mips.org>");
974 MODULE_DESCRIPTION("KISS driver for AX.25 over TTYs");
975 module_param(crc_force, int, 0);
976 MODULE_PARM_DESC(crc_force, "crc [0 = auto | 1 = none | 2 = flexnet | 3 = smack]");
977 MODULE_LICENSE("GPL");
978 MODULE_ALIAS_LDISC(N_AX25);
979
980 module_init(mkiss_init_driver);
981 module_exit(mkiss_exit_driver);
982