1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 *
4 * Copyright (C) Hans Alblas PE1AYX <hans@esrac.ele.tue.nl>
5 * Copyright (C) 2004, 05 Ralf Baechle DL5RB <ralf@linux-mips.org>
6 * Copyright (C) 2004, 05 Thomas Osterried DL9SAU <thomas@x-berg.in-berlin.de>
7 */
8 #include <linux/module.h>
9 #include <linux/bitops.h>
10 #include <linux/uaccess.h>
11 #include <linux/crc16.h>
12 #include <linux/string.h>
13 #include <linux/mm.h>
14 #include <linux/interrupt.h>
15 #include <linux/in.h>
16 #include <linux/inet.h>
17 #include <linux/slab.h>
18 #include <linux/tty.h>
19 #include <linux/errno.h>
20 #include <linux/netdevice.h>
21 #include <linux/major.h>
22 #include <linux/init.h>
23 #include <linux/rtnetlink.h>
24 #include <linux/etherdevice.h>
25 #include <linux/skbuff.h>
26 #include <linux/if_arp.h>
27 #include <linux/jiffies.h>
28 #include <linux/refcount.h>
29
30 #include <net/ax25.h>
31
32 #define AX_MTU 236
33
34 /* some arch define END as assembly function ending, just undef it */
35 #undef END
36 /* SLIP/KISS protocol characters. */
37 #define END 0300 /* indicates end of frame */
38 #define ESC 0333 /* indicates byte stuffing */
39 #define ESC_END 0334 /* ESC ESC_END means END 'data' */
40 #define ESC_ESC 0335 /* ESC ESC_ESC means ESC 'data' */
41
42 struct mkiss {
43 struct tty_struct *tty; /* ptr to TTY structure */
44 struct net_device *dev; /* easy for intr handling */
45
46 /* These are pointers to the malloc()ed frame buffers. */
47 spinlock_t buflock;/* lock for rbuf and xbuf */
48 unsigned char *rbuff; /* receiver buffer */
49 int rcount; /* received chars counter */
50 unsigned char *xbuff; /* transmitter buffer */
51 unsigned char *xhead; /* pointer to next byte to XMIT */
52 int xleft; /* bytes left in XMIT queue */
53
54 /* Detailed SLIP statistics. */
55 int mtu; /* Our mtu (to spot changes!) */
56 int buffsize; /* Max buffers sizes */
57
58 unsigned long flags; /* Flag values/ mode etc */
59 /* long req'd: used by set_bit --RR */
60 #define AXF_INUSE 0 /* Channel in use */
61 #define AXF_ESCAPE 1 /* ESC received */
62 #define AXF_ERROR 2 /* Parity, etc. error */
63 #define AXF_KEEPTEST 3 /* Keepalive test flag */
64 #define AXF_OUTWAIT 4 /* is outpacket was flag */
65
66 int mode;
67 int crcmode; /* MW: for FlexNet, SMACK etc. */
68 int crcauto; /* CRC auto mode */
69
70 #define CRC_MODE_NONE 0
71 #define CRC_MODE_FLEX 1
72 #define CRC_MODE_SMACK 2
73 #define CRC_MODE_FLEX_TEST 3
74 #define CRC_MODE_SMACK_TEST 4
75
76 refcount_t refcnt;
77 struct completion dead;
78 };
79
80 /*---------------------------------------------------------------------------*/
81
82 static const unsigned short crc_flex_table[] = {
83 0x0f87, 0x1e0e, 0x2c95, 0x3d1c, 0x49a3, 0x582a, 0x6ab1, 0x7b38,
84 0x83cf, 0x9246, 0xa0dd, 0xb154, 0xc5eb, 0xd462, 0xe6f9, 0xf770,
85 0x1f06, 0x0e8f, 0x3c14, 0x2d9d, 0x5922, 0x48ab, 0x7a30, 0x6bb9,
86 0x934e, 0x82c7, 0xb05c, 0xa1d5, 0xd56a, 0xc4e3, 0xf678, 0xe7f1,
87 0x2e85, 0x3f0c, 0x0d97, 0x1c1e, 0x68a1, 0x7928, 0x4bb3, 0x5a3a,
88 0xa2cd, 0xb344, 0x81df, 0x9056, 0xe4e9, 0xf560, 0xc7fb, 0xd672,
89 0x3e04, 0x2f8d, 0x1d16, 0x0c9f, 0x7820, 0x69a9, 0x5b32, 0x4abb,
90 0xb24c, 0xa3c5, 0x915e, 0x80d7, 0xf468, 0xe5e1, 0xd77a, 0xc6f3,
91 0x4d83, 0x5c0a, 0x6e91, 0x7f18, 0x0ba7, 0x1a2e, 0x28b5, 0x393c,
92 0xc1cb, 0xd042, 0xe2d9, 0xf350, 0x87ef, 0x9666, 0xa4fd, 0xb574,
93 0x5d02, 0x4c8b, 0x7e10, 0x6f99, 0x1b26, 0x0aaf, 0x3834, 0x29bd,
94 0xd14a, 0xc0c3, 0xf258, 0xe3d1, 0x976e, 0x86e7, 0xb47c, 0xa5f5,
95 0x6c81, 0x7d08, 0x4f93, 0x5e1a, 0x2aa5, 0x3b2c, 0x09b7, 0x183e,
96 0xe0c9, 0xf140, 0xc3db, 0xd252, 0xa6ed, 0xb764, 0x85ff, 0x9476,
97 0x7c00, 0x6d89, 0x5f12, 0x4e9b, 0x3a24, 0x2bad, 0x1936, 0x08bf,
98 0xf048, 0xe1c1, 0xd35a, 0xc2d3, 0xb66c, 0xa7e5, 0x957e, 0x84f7,
99 0x8b8f, 0x9a06, 0xa89d, 0xb914, 0xcdab, 0xdc22, 0xeeb9, 0xff30,
100 0x07c7, 0x164e, 0x24d5, 0x355c, 0x41e3, 0x506a, 0x62f1, 0x7378,
101 0x9b0e, 0x8a87, 0xb81c, 0xa995, 0xdd2a, 0xcca3, 0xfe38, 0xefb1,
102 0x1746, 0x06cf, 0x3454, 0x25dd, 0x5162, 0x40eb, 0x7270, 0x63f9,
103 0xaa8d, 0xbb04, 0x899f, 0x9816, 0xeca9, 0xfd20, 0xcfbb, 0xde32,
104 0x26c5, 0x374c, 0x05d7, 0x145e, 0x60e1, 0x7168, 0x43f3, 0x527a,
105 0xba0c, 0xab85, 0x991e, 0x8897, 0xfc28, 0xeda1, 0xdf3a, 0xceb3,
106 0x3644, 0x27cd, 0x1556, 0x04df, 0x7060, 0x61e9, 0x5372, 0x42fb,
107 0xc98b, 0xd802, 0xea99, 0xfb10, 0x8faf, 0x9e26, 0xacbd, 0xbd34,
108 0x45c3, 0x544a, 0x66d1, 0x7758, 0x03e7, 0x126e, 0x20f5, 0x317c,
109 0xd90a, 0xc883, 0xfa18, 0xeb91, 0x9f2e, 0x8ea7, 0xbc3c, 0xadb5,
110 0x5542, 0x44cb, 0x7650, 0x67d9, 0x1366, 0x02ef, 0x3074, 0x21fd,
111 0xe889, 0xf900, 0xcb9b, 0xda12, 0xaead, 0xbf24, 0x8dbf, 0x9c36,
112 0x64c1, 0x7548, 0x47d3, 0x565a, 0x22e5, 0x336c, 0x01f7, 0x107e,
113 0xf808, 0xe981, 0xdb1a, 0xca93, 0xbe2c, 0xafa5, 0x9d3e, 0x8cb7,
114 0x7440, 0x65c9, 0x5752, 0x46db, 0x3264, 0x23ed, 0x1176, 0x00ff
115 };
116
calc_crc_flex(unsigned char * cp,int size)117 static unsigned short calc_crc_flex(unsigned char *cp, int size)
118 {
119 unsigned short crc = 0xffff;
120
121 while (size--)
122 crc = (crc << 8) ^ crc_flex_table[((crc >> 8) ^ *cp++) & 0xff];
123
124 return crc;
125 }
126
check_crc_flex(unsigned char * cp,int size)127 static int check_crc_flex(unsigned char *cp, int size)
128 {
129 unsigned short crc = 0xffff;
130
131 if (size < 3)
132 return -1;
133
134 while (size--)
135 crc = (crc << 8) ^ crc_flex_table[((crc >> 8) ^ *cp++) & 0xff];
136
137 if ((crc & 0xffff) != 0x7070)
138 return -1;
139
140 return 0;
141 }
142
check_crc_16(unsigned char * cp,int size)143 static int check_crc_16(unsigned char *cp, int size)
144 {
145 unsigned short crc = 0x0000;
146
147 if (size < 3)
148 return -1;
149
150 crc = crc16(0, cp, size);
151
152 if (crc != 0x0000)
153 return -1;
154
155 return 0;
156 }
157
158 /*
159 * Standard encapsulation
160 */
161
kiss_esc(unsigned char * s,unsigned char * d,int len)162 static int kiss_esc(unsigned char *s, unsigned char *d, int len)
163 {
164 unsigned char *ptr = d;
165 unsigned char c;
166
167 /*
168 * Send an initial END character to flush out any data that may have
169 * accumulated in the receiver due to line noise.
170 */
171
172 *ptr++ = END;
173
174 while (len-- > 0) {
175 switch (c = *s++) {
176 case END:
177 *ptr++ = ESC;
178 *ptr++ = ESC_END;
179 break;
180 case ESC:
181 *ptr++ = ESC;
182 *ptr++ = ESC_ESC;
183 break;
184 default:
185 *ptr++ = c;
186 break;
187 }
188 }
189
190 *ptr++ = END;
191
192 return ptr - d;
193 }
194
195 /*
196 * MW:
197 * OK its ugly, but tell me a better solution without copying the
198 * packet to a temporary buffer :-)
199 */
kiss_esc_crc(unsigned char * s,unsigned char * d,unsigned short crc,int len)200 static int kiss_esc_crc(unsigned char *s, unsigned char *d, unsigned short crc,
201 int len)
202 {
203 unsigned char *ptr = d;
204 unsigned char c=0;
205
206 *ptr++ = END;
207 while (len > 0) {
208 if (len > 2)
209 c = *s++;
210 else if (len > 1)
211 c = crc >> 8;
212 else
213 c = crc & 0xff;
214
215 len--;
216
217 switch (c) {
218 case END:
219 *ptr++ = ESC;
220 *ptr++ = ESC_END;
221 break;
222 case ESC:
223 *ptr++ = ESC;
224 *ptr++ = ESC_ESC;
225 break;
226 default:
227 *ptr++ = c;
228 break;
229 }
230 }
231 *ptr++ = END;
232
233 return ptr - d;
234 }
235
236 /* Send one completely decapsulated AX.25 packet to the AX.25 layer. */
ax_bump(struct mkiss * ax)237 static void ax_bump(struct mkiss *ax)
238 {
239 struct sk_buff *skb;
240 int count;
241
242 spin_lock_bh(&ax->buflock);
243 if (ax->rbuff[0] > 0x0f) {
244 if (ax->rbuff[0] & 0x80) {
245 if (check_crc_16(ax->rbuff, ax->rcount) < 0) {
246 ax->dev->stats.rx_errors++;
247 spin_unlock_bh(&ax->buflock);
248
249 return;
250 }
251 if (ax->crcmode != CRC_MODE_SMACK && ax->crcauto) {
252 printk(KERN_INFO
253 "mkiss: %s: Switching to crc-smack\n",
254 ax->dev->name);
255 ax->crcmode = CRC_MODE_SMACK;
256 }
257 ax->rcount -= 2;
258 *ax->rbuff &= ~0x80;
259 } else if (ax->rbuff[0] & 0x20) {
260 if (check_crc_flex(ax->rbuff, ax->rcount) < 0) {
261 ax->dev->stats.rx_errors++;
262 spin_unlock_bh(&ax->buflock);
263 return;
264 }
265 if (ax->crcmode != CRC_MODE_FLEX && ax->crcauto) {
266 printk(KERN_INFO
267 "mkiss: %s: Switching to crc-flexnet\n",
268 ax->dev->name);
269 ax->crcmode = CRC_MODE_FLEX;
270 }
271 ax->rcount -= 2;
272
273 /*
274 * dl9sau bugfix: the trailling two bytes flexnet crc
275 * will not be passed to the kernel. thus we have to
276 * correct the kissparm signature, because it indicates
277 * a crc but there's none
278 */
279 *ax->rbuff &= ~0x20;
280 }
281 }
282
283 count = ax->rcount;
284
285 if ((skb = dev_alloc_skb(count)) == NULL) {
286 printk(KERN_ERR "mkiss: %s: memory squeeze, dropping packet.\n",
287 ax->dev->name);
288 ax->dev->stats.rx_dropped++;
289 spin_unlock_bh(&ax->buflock);
290 return;
291 }
292
293 skb_put_data(skb, ax->rbuff, count);
294 skb->protocol = ax25_type_trans(skb, ax->dev);
295 netif_rx(skb);
296 ax->dev->stats.rx_packets++;
297 ax->dev->stats.rx_bytes += count;
298 spin_unlock_bh(&ax->buflock);
299 }
300
kiss_unesc(struct mkiss * ax,unsigned char s)301 static void kiss_unesc(struct mkiss *ax, unsigned char s)
302 {
303 switch (s) {
304 case END:
305 /* drop keeptest bit = VSV */
306 if (test_bit(AXF_KEEPTEST, &ax->flags))
307 clear_bit(AXF_KEEPTEST, &ax->flags);
308
309 if (!test_and_clear_bit(AXF_ERROR, &ax->flags) && (ax->rcount > 2))
310 ax_bump(ax);
311
312 clear_bit(AXF_ESCAPE, &ax->flags);
313 ax->rcount = 0;
314 return;
315
316 case ESC:
317 set_bit(AXF_ESCAPE, &ax->flags);
318 return;
319 case ESC_ESC:
320 if (test_and_clear_bit(AXF_ESCAPE, &ax->flags))
321 s = ESC;
322 break;
323 case ESC_END:
324 if (test_and_clear_bit(AXF_ESCAPE, &ax->flags))
325 s = END;
326 break;
327 }
328
329 spin_lock_bh(&ax->buflock);
330 if (!test_bit(AXF_ERROR, &ax->flags)) {
331 if (ax->rcount < ax->buffsize) {
332 ax->rbuff[ax->rcount++] = s;
333 spin_unlock_bh(&ax->buflock);
334 return;
335 }
336
337 ax->dev->stats.rx_over_errors++;
338 set_bit(AXF_ERROR, &ax->flags);
339 }
340 spin_unlock_bh(&ax->buflock);
341 }
342
ax_set_mac_address(struct net_device * dev,void * addr)343 static int ax_set_mac_address(struct net_device *dev, void *addr)
344 {
345 struct sockaddr_ax25 *sa = addr;
346
347 netif_tx_lock_bh(dev);
348 netif_addr_lock(dev);
349 __dev_addr_set(dev, &sa->sax25_call, AX25_ADDR_LEN);
350 netif_addr_unlock(dev);
351 netif_tx_unlock_bh(dev);
352
353 return 0;
354 }
355
356 /*---------------------------------------------------------------------------*/
357
ax_changedmtu(struct mkiss * ax)358 static void ax_changedmtu(struct mkiss *ax)
359 {
360 struct net_device *dev = ax->dev;
361 unsigned char *xbuff, *rbuff, *oxbuff, *orbuff;
362 int len;
363
364 len = dev->mtu * 2;
365
366 /*
367 * allow for arrival of larger UDP packets, even if we say not to
368 * also fixes a bug in which SunOS sends 512-byte packets even with
369 * an MSS of 128
370 */
371 if (len < 576 * 2)
372 len = 576 * 2;
373
374 xbuff = kmalloc(len + 4, GFP_ATOMIC);
375 rbuff = kmalloc(len + 4, GFP_ATOMIC);
376
377 if (xbuff == NULL || rbuff == NULL) {
378 printk(KERN_ERR "mkiss: %s: unable to grow ax25 buffers, "
379 "MTU change cancelled.\n",
380 ax->dev->name);
381 dev->mtu = ax->mtu;
382 kfree(xbuff);
383 kfree(rbuff);
384 return;
385 }
386
387 spin_lock_bh(&ax->buflock);
388
389 oxbuff = ax->xbuff;
390 ax->xbuff = xbuff;
391 orbuff = ax->rbuff;
392 ax->rbuff = rbuff;
393
394 if (ax->xleft) {
395 if (ax->xleft <= len) {
396 memcpy(ax->xbuff, ax->xhead, ax->xleft);
397 } else {
398 ax->xleft = 0;
399 dev->stats.tx_dropped++;
400 }
401 }
402
403 ax->xhead = ax->xbuff;
404
405 if (ax->rcount) {
406 if (ax->rcount <= len) {
407 memcpy(ax->rbuff, orbuff, ax->rcount);
408 } else {
409 ax->rcount = 0;
410 dev->stats.rx_over_errors++;
411 set_bit(AXF_ERROR, &ax->flags);
412 }
413 }
414
415 ax->mtu = dev->mtu + 73;
416 ax->buffsize = len;
417
418 spin_unlock_bh(&ax->buflock);
419
420 kfree(oxbuff);
421 kfree(orbuff);
422 }
423
424 /* Encapsulate one AX.25 packet and stuff into a TTY queue. */
ax_encaps(struct net_device * dev,unsigned char * icp,int len)425 static void ax_encaps(struct net_device *dev, unsigned char *icp, int len)
426 {
427 struct mkiss *ax = netdev_priv(dev);
428 unsigned char *p;
429 int actual, count;
430
431 if (ax->mtu != ax->dev->mtu + 73) /* Someone has been ifconfigging */
432 ax_changedmtu(ax);
433
434 if (len > ax->mtu) { /* Sigh, shouldn't occur BUT ... */
435 printk(KERN_ERR "mkiss: %s: truncating oversized transmit packet!\n", ax->dev->name);
436 dev->stats.tx_dropped++;
437 netif_start_queue(dev);
438 return;
439 }
440
441 p = icp;
442
443 spin_lock_bh(&ax->buflock);
444 if ((*p & 0x0f) != 0) {
445 /* Configuration Command (kissparms(1).
446 * Protocol spec says: never append CRC.
447 * This fixes a very old bug in the linux
448 * kiss driver. -- dl9sau */
449 switch (*p & 0xff) {
450 case 0x85:
451 /* command from userspace especially for us,
452 * not for delivery to the tnc */
453 if (len > 1) {
454 int cmd = (p[1] & 0xff);
455 switch(cmd) {
456 case 3:
457 ax->crcmode = CRC_MODE_SMACK;
458 break;
459 case 2:
460 ax->crcmode = CRC_MODE_FLEX;
461 break;
462 case 1:
463 ax->crcmode = CRC_MODE_NONE;
464 break;
465 case 0:
466 default:
467 ax->crcmode = CRC_MODE_SMACK_TEST;
468 cmd = 0;
469 }
470 ax->crcauto = (cmd ? 0 : 1);
471 printk(KERN_INFO "mkiss: %s: crc mode set to %d\n",
472 ax->dev->name, cmd);
473 }
474 spin_unlock_bh(&ax->buflock);
475 netif_start_queue(dev);
476
477 return;
478 default:
479 count = kiss_esc(p, ax->xbuff, len);
480 }
481 } else {
482 unsigned short crc;
483 switch (ax->crcmode) {
484 case CRC_MODE_SMACK_TEST:
485 ax->crcmode = CRC_MODE_FLEX_TEST;
486 printk(KERN_INFO "mkiss: %s: Trying crc-smack\n", ax->dev->name);
487 fallthrough;
488 case CRC_MODE_SMACK:
489 *p |= 0x80;
490 crc = swab16(crc16(0, p, len));
491 count = kiss_esc_crc(p, ax->xbuff, crc, len+2);
492 break;
493 case CRC_MODE_FLEX_TEST:
494 ax->crcmode = CRC_MODE_NONE;
495 printk(KERN_INFO "mkiss: %s: Trying crc-flexnet\n", ax->dev->name);
496 fallthrough;
497 case CRC_MODE_FLEX:
498 *p |= 0x20;
499 crc = calc_crc_flex(p, len);
500 count = kiss_esc_crc(p, ax->xbuff, crc, len+2);
501 break;
502
503 default:
504 count = kiss_esc(p, ax->xbuff, len);
505 }
506 }
507 spin_unlock_bh(&ax->buflock);
508
509 set_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags);
510 actual = ax->tty->ops->write(ax->tty, ax->xbuff, count);
511 dev->stats.tx_packets++;
512 dev->stats.tx_bytes += actual;
513
514 netif_trans_update(ax->dev);
515 ax->xleft = count - actual;
516 ax->xhead = ax->xbuff + actual;
517 }
518
519 /* Encapsulate an AX.25 packet and kick it into a TTY queue. */
ax_xmit(struct sk_buff * skb,struct net_device * dev)520 static netdev_tx_t ax_xmit(struct sk_buff *skb, struct net_device *dev)
521 {
522 struct mkiss *ax = netdev_priv(dev);
523
524 if (skb->protocol == htons(ETH_P_IP))
525 return ax25_ip_xmit(skb);
526
527 if (!netif_running(dev)) {
528 printk(KERN_ERR "mkiss: %s: xmit call when iface is down\n", dev->name);
529 return NETDEV_TX_BUSY;
530 }
531
532 if (netif_queue_stopped(dev)) {
533 /*
534 * May be we must check transmitter timeout here ?
535 * 14 Oct 1994 Dmitry Gorodchanin.
536 */
537 if (time_before(jiffies, dev_trans_start(dev) + 20 * HZ)) {
538 /* 20 sec timeout not reached */
539 return NETDEV_TX_BUSY;
540 }
541
542 printk(KERN_ERR "mkiss: %s: transmit timed out, %s?\n", dev->name,
543 (tty_chars_in_buffer(ax->tty) || ax->xleft) ?
544 "bad line quality" : "driver error");
545
546 ax->xleft = 0;
547 clear_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags);
548 netif_start_queue(dev);
549 }
550
551 /* We were not busy, so we are now... :-) */
552 netif_stop_queue(dev);
553 ax_encaps(dev, skb->data, skb->len);
554 kfree_skb(skb);
555
556 return NETDEV_TX_OK;
557 }
558
ax_open_dev(struct net_device * dev)559 static int ax_open_dev(struct net_device *dev)
560 {
561 struct mkiss *ax = netdev_priv(dev);
562
563 if (ax->tty == NULL)
564 return -ENODEV;
565
566 return 0;
567 }
568
569 /* Open the low-level part of the AX25 channel. Easy! */
ax_open(struct net_device * dev)570 static int ax_open(struct net_device *dev)
571 {
572 struct mkiss *ax = netdev_priv(dev);
573 unsigned long len;
574
575 if (ax->tty == NULL)
576 return -ENODEV;
577
578 /*
579 * Allocate the frame buffers:
580 *
581 * rbuff Receive buffer.
582 * xbuff Transmit buffer.
583 */
584 len = dev->mtu * 2;
585
586 /*
587 * allow for arrival of larger UDP packets, even if we say not to
588 * also fixes a bug in which SunOS sends 512-byte packets even with
589 * an MSS of 128
590 */
591 if (len < 576 * 2)
592 len = 576 * 2;
593
594 if ((ax->rbuff = kmalloc(len + 4, GFP_KERNEL)) == NULL)
595 goto norbuff;
596
597 if ((ax->xbuff = kmalloc(len + 4, GFP_KERNEL)) == NULL)
598 goto noxbuff;
599
600 ax->mtu = dev->mtu + 73;
601 ax->buffsize = len;
602 ax->rcount = 0;
603 ax->xleft = 0;
604
605 ax->flags &= (1 << AXF_INUSE); /* Clear ESCAPE & ERROR flags */
606
607 spin_lock_init(&ax->buflock);
608
609 return 0;
610
611 noxbuff:
612 kfree(ax->rbuff);
613
614 norbuff:
615 return -ENOMEM;
616 }
617
618
619 /* Close the low-level part of the AX25 channel. Easy! */
ax_close(struct net_device * dev)620 static int ax_close(struct net_device *dev)
621 {
622 struct mkiss *ax = netdev_priv(dev);
623
624 if (ax->tty)
625 clear_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags);
626
627 netif_stop_queue(dev);
628
629 return 0;
630 }
631
632 static const struct net_device_ops ax_netdev_ops = {
633 .ndo_open = ax_open_dev,
634 .ndo_stop = ax_close,
635 .ndo_start_xmit = ax_xmit,
636 .ndo_set_mac_address = ax_set_mac_address,
637 };
638
ax_setup(struct net_device * dev)639 static void ax_setup(struct net_device *dev)
640 {
641 /* Finish setting up the DEVICE info. */
642 dev->mtu = AX_MTU;
643 dev->hard_header_len = AX25_MAX_HEADER_LEN;
644 dev->addr_len = AX25_ADDR_LEN;
645 dev->type = ARPHRD_AX25;
646 dev->tx_queue_len = 10;
647 dev->header_ops = &ax25_header_ops;
648 dev->netdev_ops = &ax_netdev_ops;
649
650
651 memcpy(dev->broadcast, &ax25_bcast, AX25_ADDR_LEN);
652 dev_addr_set(dev, (u8 *)&ax25_defaddr);
653
654 dev->flags = IFF_BROADCAST | IFF_MULTICAST;
655 }
656
657 /*
658 * We have a potential race on dereferencing tty->disc_data, because the tty
659 * layer provides no locking at all - thus one cpu could be running
660 * sixpack_receive_buf while another calls sixpack_close, which zeroes
661 * tty->disc_data and frees the memory that sixpack_receive_buf is using. The
662 * best way to fix this is to use a rwlock in the tty struct, but for now we
663 * use a single global rwlock for all ttys in ppp line discipline.
664 */
665 static DEFINE_RWLOCK(disc_data_lock);
666
mkiss_get(struct tty_struct * tty)667 static struct mkiss *mkiss_get(struct tty_struct *tty)
668 {
669 struct mkiss *ax;
670
671 read_lock(&disc_data_lock);
672 ax = tty->disc_data;
673 if (ax)
674 refcount_inc(&ax->refcnt);
675 read_unlock(&disc_data_lock);
676
677 return ax;
678 }
679
mkiss_put(struct mkiss * ax)680 static void mkiss_put(struct mkiss *ax)
681 {
682 if (refcount_dec_and_test(&ax->refcnt))
683 complete(&ax->dead);
684 }
685
686 static int crc_force = 0; /* Can be overridden with insmod */
687
mkiss_open(struct tty_struct * tty)688 static int mkiss_open(struct tty_struct *tty)
689 {
690 struct net_device *dev;
691 struct mkiss *ax;
692 int err;
693
694 if (!capable(CAP_NET_ADMIN))
695 return -EPERM;
696 if (tty->ops->write == NULL)
697 return -EOPNOTSUPP;
698
699 dev = alloc_netdev(sizeof(struct mkiss), "ax%d", NET_NAME_UNKNOWN,
700 ax_setup);
701 if (!dev) {
702 err = -ENOMEM;
703 goto out;
704 }
705
706 ax = netdev_priv(dev);
707 ax->dev = dev;
708
709 spin_lock_init(&ax->buflock);
710 refcount_set(&ax->refcnt, 1);
711 init_completion(&ax->dead);
712
713 ax->tty = tty;
714 tty->disc_data = ax;
715 tty->receive_room = 65535;
716
717 tty_driver_flush_buffer(tty);
718
719 /* Restore default settings */
720 dev->type = ARPHRD_AX25;
721
722 /* Perform the low-level AX25 initialization. */
723 err = ax_open(ax->dev);
724 if (err)
725 goto out_free_netdev;
726
727 err = register_netdev(dev);
728 if (err)
729 goto out_free_buffers;
730
731 /* after register_netdev() - because else printk smashes the kernel */
732 switch (crc_force) {
733 case 3:
734 ax->crcmode = CRC_MODE_SMACK;
735 printk(KERN_INFO "mkiss: %s: crc mode smack forced.\n",
736 ax->dev->name);
737 break;
738 case 2:
739 ax->crcmode = CRC_MODE_FLEX;
740 printk(KERN_INFO "mkiss: %s: crc mode flexnet forced.\n",
741 ax->dev->name);
742 break;
743 case 1:
744 ax->crcmode = CRC_MODE_NONE;
745 printk(KERN_INFO "mkiss: %s: crc mode disabled.\n",
746 ax->dev->name);
747 break;
748 case 0:
749 default:
750 crc_force = 0;
751 printk(KERN_INFO "mkiss: %s: crc mode is auto.\n",
752 ax->dev->name);
753 ax->crcmode = CRC_MODE_SMACK_TEST;
754 }
755 ax->crcauto = (crc_force ? 0 : 1);
756
757 netif_start_queue(dev);
758
759 /* Done. We have linked the TTY line to a channel. */
760 return 0;
761
762 out_free_buffers:
763 kfree(ax->rbuff);
764 kfree(ax->xbuff);
765
766 out_free_netdev:
767 free_netdev(dev);
768
769 out:
770 return err;
771 }
772
mkiss_close(struct tty_struct * tty)773 static void mkiss_close(struct tty_struct *tty)
774 {
775 struct mkiss *ax;
776
777 write_lock_irq(&disc_data_lock);
778 ax = tty->disc_data;
779 tty->disc_data = NULL;
780 write_unlock_irq(&disc_data_lock);
781
782 if (!ax)
783 return;
784
785 /*
786 * We have now ensured that nobody can start using ap from now on, but
787 * we have to wait for all existing users to finish.
788 */
789 if (!refcount_dec_and_test(&ax->refcnt))
790 wait_for_completion(&ax->dead);
791 /*
792 * Halt the transmit queue so that a new transmit cannot scribble
793 * on our buffers
794 */
795 netif_stop_queue(ax->dev);
796
797 unregister_netdev(ax->dev);
798
799 /* Free all AX25 frame buffers after unreg. */
800 kfree(ax->rbuff);
801 kfree(ax->xbuff);
802
803 ax->tty = NULL;
804
805 free_netdev(ax->dev);
806 }
807
808 /* Perform I/O control on an active ax25 channel. */
mkiss_ioctl(struct tty_struct * tty,unsigned int cmd,unsigned long arg)809 static int mkiss_ioctl(struct tty_struct *tty, unsigned int cmd,
810 unsigned long arg)
811 {
812 struct mkiss *ax = mkiss_get(tty);
813 struct net_device *dev;
814 unsigned int tmp, err;
815
816 /* First make sure we're connected. */
817 if (ax == NULL)
818 return -ENXIO;
819 dev = ax->dev;
820
821 switch (cmd) {
822 case SIOCGIFNAME:
823 err = copy_to_user((void __user *) arg, ax->dev->name,
824 strlen(ax->dev->name) + 1) ? -EFAULT : 0;
825 break;
826
827 case SIOCGIFENCAP:
828 err = put_user(4, (int __user *) arg);
829 break;
830
831 case SIOCSIFENCAP:
832 if (get_user(tmp, (int __user *) arg)) {
833 err = -EFAULT;
834 break;
835 }
836
837 ax->mode = tmp;
838 dev->addr_len = AX25_ADDR_LEN;
839 dev->hard_header_len = AX25_KISS_HEADER_LEN +
840 AX25_MAX_HEADER_LEN + 3;
841 dev->type = ARPHRD_AX25;
842
843 err = 0;
844 break;
845
846 case SIOCSIFHWADDR: {
847 char addr[AX25_ADDR_LEN];
848
849 if (copy_from_user(&addr,
850 (void __user *) arg, AX25_ADDR_LEN)) {
851 err = -EFAULT;
852 break;
853 }
854
855 netif_tx_lock_bh(dev);
856 __dev_addr_set(dev, addr, AX25_ADDR_LEN);
857 netif_tx_unlock_bh(dev);
858
859 err = 0;
860 break;
861 }
862 default:
863 err = -ENOIOCTLCMD;
864 }
865
866 mkiss_put(ax);
867
868 return err;
869 }
870
871 /*
872 * Handle the 'receiver data ready' interrupt.
873 * This function is called by the 'tty_io' module in the kernel when
874 * a block of data has been received, which can now be decapsulated
875 * and sent on to the AX.25 layer for further processing.
876 */
mkiss_receive_buf(struct tty_struct * tty,const unsigned char * cp,const char * fp,int count)877 static void mkiss_receive_buf(struct tty_struct *tty, const unsigned char *cp,
878 const char *fp, int count)
879 {
880 struct mkiss *ax = mkiss_get(tty);
881
882 if (!ax)
883 return;
884
885 /*
886 * Argh! mtu change time! - costs us the packet part received
887 * at the change
888 */
889 if (ax->mtu != ax->dev->mtu + 73)
890 ax_changedmtu(ax);
891
892 /* Read the characters out of the buffer */
893 while (count--) {
894 if (fp != NULL && *fp++) {
895 if (!test_and_set_bit(AXF_ERROR, &ax->flags))
896 ax->dev->stats.rx_errors++;
897 cp++;
898 continue;
899 }
900
901 kiss_unesc(ax, *cp++);
902 }
903
904 mkiss_put(ax);
905 tty_unthrottle(tty);
906 }
907
908 /*
909 * Called by the driver when there's room for more data. If we have
910 * more packets to send, we send them here.
911 */
mkiss_write_wakeup(struct tty_struct * tty)912 static void mkiss_write_wakeup(struct tty_struct *tty)
913 {
914 struct mkiss *ax = mkiss_get(tty);
915 int actual;
916
917 if (!ax)
918 return;
919
920 if (ax->xleft <= 0) {
921 /* Now serial buffer is almost free & we can start
922 * transmission of another packet
923 */
924 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
925
926 netif_wake_queue(ax->dev);
927 goto out;
928 }
929
930 actual = tty->ops->write(tty, ax->xhead, ax->xleft);
931 ax->xleft -= actual;
932 ax->xhead += actual;
933
934 out:
935 mkiss_put(ax);
936 }
937
938 static struct tty_ldisc_ops ax_ldisc = {
939 .owner = THIS_MODULE,
940 .num = N_AX25,
941 .name = "mkiss",
942 .open = mkiss_open,
943 .close = mkiss_close,
944 .ioctl = mkiss_ioctl,
945 .receive_buf = mkiss_receive_buf,
946 .write_wakeup = mkiss_write_wakeup
947 };
948
949 static const char banner[] __initconst = KERN_INFO \
950 "mkiss: AX.25 Multikiss, Hans Albas PE1AYX\n";
951 static const char msg_regfail[] __initconst = KERN_ERR \
952 "mkiss: can't register line discipline (err = %d)\n";
953
mkiss_init_driver(void)954 static int __init mkiss_init_driver(void)
955 {
956 int status;
957
958 printk(banner);
959
960 status = tty_register_ldisc(&ax_ldisc);
961 if (status != 0)
962 printk(msg_regfail, status);
963
964 return status;
965 }
966
mkiss_exit_driver(void)967 static void __exit mkiss_exit_driver(void)
968 {
969 tty_unregister_ldisc(&ax_ldisc);
970 }
971
972 MODULE_AUTHOR("Ralf Baechle DL5RB <ralf@linux-mips.org>");
973 MODULE_DESCRIPTION("KISS driver for AX.25 over TTYs");
974 module_param(crc_force, int, 0);
975 MODULE_PARM_DESC(crc_force, "crc [0 = auto | 1 = none | 2 = flexnet | 3 = smack]");
976 MODULE_LICENSE("GPL");
977 MODULE_ALIAS_LDISC(N_AX25);
978
979 module_init(mkiss_init_driver);
980 module_exit(mkiss_exit_driver);
981