1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * 6pack.c This module implements the 6pack protocol for kernel-based
4 * devices like TTY. It interfaces between a raw TTY and the
5 * kernel's AX.25 protocol layers.
6 *
7 * Authors: Andreas Könsgen <ajk@comnets.uni-bremen.de>
8 * Ralf Baechle DL5RB <ralf@linux-mips.org>
9 *
10 * Quite a lot of stuff "stolen" by Joerg Reuter from slip.c, written by
11 *
12 * Laurence Culhane, <loz@holmes.demon.co.uk>
13 * Fred N. van Kempen, <waltje@uwalt.nl.mugnet.org>
14 */
15
16 #include <linux/module.h>
17 #include <linux/uaccess.h>
18 #include <linux/bitops.h>
19 #include <linux/string.h>
20 #include <linux/mm.h>
21 #include <linux/interrupt.h>
22 #include <linux/in.h>
23 #include <linux/tty.h>
24 #include <linux/errno.h>
25 #include <linux/netdevice.h>
26 #include <linux/timer.h>
27 #include <linux/slab.h>
28 #include <net/ax25.h>
29 #include <linux/etherdevice.h>
30 #include <linux/skbuff.h>
31 #include <linux/rtnetlink.h>
32 #include <linux/spinlock.h>
33 #include <linux/if_arp.h>
34 #include <linux/init.h>
35 #include <linux/ip.h>
36 #include <linux/tcp.h>
37 #include <linux/semaphore.h>
38 #include <linux/refcount.h>
39
40 #define SIXPACK_VERSION "Revision: 0.3.0"
41
42 /* sixpack priority commands */
43 #define SIXP_SEOF 0x40 /* start and end of a 6pack frame */
44 #define SIXP_TX_URUN 0x48 /* transmit overrun */
45 #define SIXP_RX_ORUN 0x50 /* receive overrun */
46 #define SIXP_RX_BUF_OVL 0x58 /* receive buffer overflow */
47
48 #define SIXP_CHKSUM 0xFF /* valid checksum of a 6pack frame */
49
50 /* masks to get certain bits out of the status bytes sent by the TNC */
51
52 #define SIXP_CMD_MASK 0xC0
53 #define SIXP_CHN_MASK 0x07
54 #define SIXP_PRIO_CMD_MASK 0x80
55 #define SIXP_STD_CMD_MASK 0x40
56 #define SIXP_PRIO_DATA_MASK 0x38
57 #define SIXP_TX_MASK 0x20
58 #define SIXP_RX_MASK 0x10
59 #define SIXP_RX_DCD_MASK 0x18
60 #define SIXP_LEDS_ON 0x78
61 #define SIXP_LEDS_OFF 0x60
62 #define SIXP_CON 0x08
63 #define SIXP_STA 0x10
64
65 #define SIXP_FOUND_TNC 0xe9
66 #define SIXP_CON_ON 0x68
67 #define SIXP_DCD_MASK 0x08
68 #define SIXP_DAMA_OFF 0
69
70 /* default level 2 parameters */
71 #define SIXP_TXDELAY 25 /* 250 ms */
72 #define SIXP_PERSIST 50 /* in 256ths */
73 #define SIXP_SLOTTIME 10 /* 100 ms */
74 #define SIXP_INIT_RESYNC_TIMEOUT (3*HZ/2) /* in 1 s */
75 #define SIXP_RESYNC_TIMEOUT 5*HZ /* in 1 s */
76
77 /* 6pack configuration. */
78 #define SIXP_NRUNIT 31 /* MAX number of 6pack channels */
79 #define SIXP_MTU 256 /* Default MTU */
80
81 enum sixpack_flags {
82 SIXPF_ERROR, /* Parity, etc. error */
83 };
84
85 struct sixpack {
86 /* Various fields. */
87 struct tty_struct *tty; /* ptr to TTY structure */
88 struct net_device *dev; /* easy for intr handling */
89
90 /* These are pointers to the malloc()ed frame buffers. */
91 unsigned char *rbuff; /* receiver buffer */
92 int rcount; /* received chars counter */
93 unsigned char *xbuff; /* transmitter buffer */
94 unsigned char *xhead; /* next byte to XMIT */
95 int xleft; /* bytes left in XMIT queue */
96
97 unsigned char raw_buf[4];
98 unsigned char cooked_buf[400];
99
100 unsigned int rx_count;
101 unsigned int rx_count_cooked;
102 spinlock_t rxlock;
103
104 int mtu; /* Our mtu (to spot changes!) */
105 int buffsize; /* Max buffers sizes */
106
107 unsigned long flags; /* Flag values/ mode etc */
108 unsigned char mode; /* 6pack mode */
109
110 /* 6pack stuff */
111 unsigned char tx_delay;
112 unsigned char persistence;
113 unsigned char slottime;
114 unsigned char duplex;
115 unsigned char led_state;
116 unsigned char status;
117 unsigned char status1;
118 unsigned char status2;
119 unsigned char tx_enable;
120 unsigned char tnc_state;
121
122 struct timer_list tx_t;
123 struct timer_list resync_t;
124 refcount_t refcnt;
125 struct completion dead;
126 spinlock_t lock;
127 };
128
129 #define AX25_6PACK_HEADER_LEN 0
130
131 static void sixpack_decode(struct sixpack *, const unsigned char[], int);
132 static int encode_sixpack(unsigned char *, unsigned char *, int, unsigned char);
133
134 /*
135 * Perform the persistence/slottime algorithm for CSMA access. If the
136 * persistence check was successful, write the data to the serial driver.
137 * Note that in case of DAMA operation, the data is not sent here.
138 */
139
sp_xmit_on_air(struct timer_list * t)140 static void sp_xmit_on_air(struct timer_list *t)
141 {
142 struct sixpack *sp = from_timer(sp, t, tx_t);
143 int actual, when = sp->slottime;
144 static unsigned char random;
145
146 random = random * 17 + 41;
147
148 if (((sp->status1 & SIXP_DCD_MASK) == 0) && (random < sp->persistence)) {
149 sp->led_state = 0x70;
150 sp->tty->ops->write(sp->tty, &sp->led_state, 1);
151 sp->tx_enable = 1;
152 actual = sp->tty->ops->write(sp->tty, sp->xbuff, sp->status2);
153 sp->xleft -= actual;
154 sp->xhead += actual;
155 sp->led_state = 0x60;
156 sp->tty->ops->write(sp->tty, &sp->led_state, 1);
157 sp->status2 = 0;
158 } else
159 mod_timer(&sp->tx_t, jiffies + ((when + 1) * HZ) / 100);
160 }
161
162 /* ----> 6pack timer interrupt handler and friends. <---- */
163
164 /* Encapsulate one AX.25 frame and stuff into a TTY queue. */
sp_encaps(struct sixpack * sp,unsigned char * icp,int len)165 static void sp_encaps(struct sixpack *sp, unsigned char *icp, int len)
166 {
167 unsigned char *msg, *p = icp;
168 int actual, count;
169
170 if (len > sp->mtu) { /* sp->mtu = AX25_MTU = max. PACLEN = 256 */
171 msg = "oversized transmit packet!";
172 goto out_drop;
173 }
174
175 if (p[0] > 5) {
176 msg = "invalid KISS command";
177 goto out_drop;
178 }
179
180 if ((p[0] != 0) && (len > 2)) {
181 msg = "KISS control packet too long";
182 goto out_drop;
183 }
184
185 if ((p[0] == 0) && (len < 15)) {
186 msg = "bad AX.25 packet to transmit";
187 goto out_drop;
188 }
189
190 count = encode_sixpack(p, sp->xbuff, len, sp->tx_delay);
191 set_bit(TTY_DO_WRITE_WAKEUP, &sp->tty->flags);
192
193 switch (p[0]) {
194 case 1: sp->tx_delay = p[1];
195 return;
196 case 2: sp->persistence = p[1];
197 return;
198 case 3: sp->slottime = p[1];
199 return;
200 case 4: /* ignored */
201 return;
202 case 5: sp->duplex = p[1];
203 return;
204 }
205
206 if (p[0] != 0)
207 return;
208
209 /*
210 * In case of fullduplex or DAMA operation, we don't take care about the
211 * state of the DCD or of any timers, as the determination of the
212 * correct time to send is the job of the AX.25 layer. We send
213 * immediately after data has arrived.
214 */
215 if (sp->duplex == 1) {
216 sp->led_state = 0x70;
217 sp->tty->ops->write(sp->tty, &sp->led_state, 1);
218 sp->tx_enable = 1;
219 actual = sp->tty->ops->write(sp->tty, sp->xbuff, count);
220 sp->xleft = count - actual;
221 sp->xhead = sp->xbuff + actual;
222 sp->led_state = 0x60;
223 sp->tty->ops->write(sp->tty, &sp->led_state, 1);
224 } else {
225 sp->xleft = count;
226 sp->xhead = sp->xbuff;
227 sp->status2 = count;
228 sp_xmit_on_air(&sp->tx_t);
229 }
230
231 return;
232
233 out_drop:
234 sp->dev->stats.tx_dropped++;
235 netif_start_queue(sp->dev);
236 if (net_ratelimit())
237 printk(KERN_DEBUG "%s: %s - dropped.\n", sp->dev->name, msg);
238 }
239
240 /* Encapsulate an IP datagram and kick it into a TTY queue. */
241
sp_xmit(struct sk_buff * skb,struct net_device * dev)242 static netdev_tx_t sp_xmit(struct sk_buff *skb, struct net_device *dev)
243 {
244 struct sixpack *sp = netdev_priv(dev);
245
246 if (skb->protocol == htons(ETH_P_IP))
247 return ax25_ip_xmit(skb);
248
249 spin_lock_bh(&sp->lock);
250 /* We were not busy, so we are now... :-) */
251 netif_stop_queue(dev);
252 dev->stats.tx_bytes += skb->len;
253 sp_encaps(sp, skb->data, skb->len);
254 spin_unlock_bh(&sp->lock);
255
256 dev_kfree_skb(skb);
257
258 return NETDEV_TX_OK;
259 }
260
sp_open_dev(struct net_device * dev)261 static int sp_open_dev(struct net_device *dev)
262 {
263 struct sixpack *sp = netdev_priv(dev);
264
265 if (sp->tty == NULL)
266 return -ENODEV;
267 return 0;
268 }
269
270 /* Close the low-level part of the 6pack channel. */
sp_close(struct net_device * dev)271 static int sp_close(struct net_device *dev)
272 {
273 struct sixpack *sp = netdev_priv(dev);
274
275 spin_lock_bh(&sp->lock);
276 if (sp->tty) {
277 /* TTY discipline is running. */
278 clear_bit(TTY_DO_WRITE_WAKEUP, &sp->tty->flags);
279 }
280 netif_stop_queue(dev);
281 spin_unlock_bh(&sp->lock);
282
283 return 0;
284 }
285
sp_set_mac_address(struct net_device * dev,void * addr)286 static int sp_set_mac_address(struct net_device *dev, void *addr)
287 {
288 struct sockaddr_ax25 *sa = addr;
289
290 netif_tx_lock_bh(dev);
291 netif_addr_lock(dev);
292 __dev_addr_set(dev, &sa->sax25_call, AX25_ADDR_LEN);
293 netif_addr_unlock(dev);
294 netif_tx_unlock_bh(dev);
295
296 return 0;
297 }
298
299 static const struct net_device_ops sp_netdev_ops = {
300 .ndo_open = sp_open_dev,
301 .ndo_stop = sp_close,
302 .ndo_start_xmit = sp_xmit,
303 .ndo_set_mac_address = sp_set_mac_address,
304 };
305
sp_setup(struct net_device * dev)306 static void sp_setup(struct net_device *dev)
307 {
308 /* Finish setting up the DEVICE info. */
309 dev->netdev_ops = &sp_netdev_ops;
310 dev->mtu = SIXP_MTU;
311 dev->hard_header_len = AX25_MAX_HEADER_LEN;
312 dev->header_ops = &ax25_header_ops;
313
314 dev->addr_len = AX25_ADDR_LEN;
315 dev->type = ARPHRD_AX25;
316 dev->tx_queue_len = 10;
317
318 /* Only activated in AX.25 mode */
319 memcpy(dev->broadcast, &ax25_bcast, AX25_ADDR_LEN);
320 dev_addr_set(dev, (u8 *)&ax25_defaddr);
321
322 dev->flags = 0;
323 }
324
325 /* Send one completely decapsulated IP datagram to the IP layer. */
326
327 /*
328 * This is the routine that sends the received data to the kernel AX.25.
329 * 'cmd' is the KISS command. For AX.25 data, it is zero.
330 */
331
sp_bump(struct sixpack * sp,char cmd)332 static void sp_bump(struct sixpack *sp, char cmd)
333 {
334 struct sk_buff *skb;
335 int count;
336 unsigned char *ptr;
337
338 count = sp->rcount + 1;
339
340 sp->dev->stats.rx_bytes += count;
341
342 if ((skb = dev_alloc_skb(count + 1)) == NULL)
343 goto out_mem;
344
345 ptr = skb_put(skb, count + 1);
346 *ptr++ = cmd; /* KISS command */
347
348 memcpy(ptr, sp->cooked_buf + 1, count);
349 skb->protocol = ax25_type_trans(skb, sp->dev);
350 netif_rx(skb);
351 sp->dev->stats.rx_packets++;
352
353 return;
354
355 out_mem:
356 sp->dev->stats.rx_dropped++;
357 }
358
359
360 /* ----------------------------------------------------------------------- */
361
362 /*
363 * We have a potential race on dereferencing tty->disc_data, because the tty
364 * layer provides no locking at all - thus one cpu could be running
365 * sixpack_receive_buf while another calls sixpack_close, which zeroes
366 * tty->disc_data and frees the memory that sixpack_receive_buf is using. The
367 * best way to fix this is to use a rwlock in the tty struct, but for now we
368 * use a single global rwlock for all ttys in ppp line discipline.
369 */
370 static DEFINE_RWLOCK(disc_data_lock);
371
sp_get(struct tty_struct * tty)372 static struct sixpack *sp_get(struct tty_struct *tty)
373 {
374 struct sixpack *sp;
375
376 read_lock(&disc_data_lock);
377 sp = tty->disc_data;
378 if (sp)
379 refcount_inc(&sp->refcnt);
380 read_unlock(&disc_data_lock);
381
382 return sp;
383 }
384
sp_put(struct sixpack * sp)385 static void sp_put(struct sixpack *sp)
386 {
387 if (refcount_dec_and_test(&sp->refcnt))
388 complete(&sp->dead);
389 }
390
391 /*
392 * Called by the TTY driver when there's room for more data. If we have
393 * more packets to send, we send them here.
394 */
sixpack_write_wakeup(struct tty_struct * tty)395 static void sixpack_write_wakeup(struct tty_struct *tty)
396 {
397 struct sixpack *sp = sp_get(tty);
398 int actual;
399
400 if (!sp)
401 return;
402 if (sp->xleft <= 0) {
403 /* Now serial buffer is almost free & we can start
404 * transmission of another packet */
405 sp->dev->stats.tx_packets++;
406 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
407 sp->tx_enable = 0;
408 netif_wake_queue(sp->dev);
409 goto out;
410 }
411
412 if (sp->tx_enable) {
413 actual = tty->ops->write(tty, sp->xhead, sp->xleft);
414 sp->xleft -= actual;
415 sp->xhead += actual;
416 }
417
418 out:
419 sp_put(sp);
420 }
421
422 /* ----------------------------------------------------------------------- */
423
424 /*
425 * Handle the 'receiver data ready' interrupt.
426 * This function is called by the tty module in the kernel when
427 * a block of 6pack data has been received, which can now be decapsulated
428 * and sent on to some IP layer for further processing.
429 */
sixpack_receive_buf(struct tty_struct * tty,const unsigned char * cp,const char * fp,int count)430 static void sixpack_receive_buf(struct tty_struct *tty,
431 const unsigned char *cp, const char *fp, int count)
432 {
433 struct sixpack *sp;
434 int count1;
435
436 if (!count)
437 return;
438
439 sp = sp_get(tty);
440 if (!sp)
441 return;
442
443 /* Read the characters out of the buffer */
444 count1 = count;
445 while (count) {
446 count--;
447 if (fp && *fp++) {
448 if (!test_and_set_bit(SIXPF_ERROR, &sp->flags))
449 sp->dev->stats.rx_errors++;
450 continue;
451 }
452 }
453 sixpack_decode(sp, cp, count1);
454
455 sp_put(sp);
456 tty_unthrottle(tty);
457 }
458
459 /*
460 * Try to resync the TNC. Called by the resync timer defined in
461 * decode_prio_command
462 */
463
464 #define TNC_UNINITIALIZED 0
465 #define TNC_UNSYNC_STARTUP 1
466 #define TNC_UNSYNCED 2
467 #define TNC_IN_SYNC 3
468
__tnc_set_sync_state(struct sixpack * sp,int new_tnc_state)469 static void __tnc_set_sync_state(struct sixpack *sp, int new_tnc_state)
470 {
471 char *msg;
472
473 switch (new_tnc_state) {
474 default: /* gcc oh piece-o-crap ... */
475 case TNC_UNSYNC_STARTUP:
476 msg = "Synchronizing with TNC";
477 break;
478 case TNC_UNSYNCED:
479 msg = "Lost synchronization with TNC\n";
480 break;
481 case TNC_IN_SYNC:
482 msg = "Found TNC";
483 break;
484 }
485
486 sp->tnc_state = new_tnc_state;
487 printk(KERN_INFO "%s: %s\n", sp->dev->name, msg);
488 }
489
tnc_set_sync_state(struct sixpack * sp,int new_tnc_state)490 static inline void tnc_set_sync_state(struct sixpack *sp, int new_tnc_state)
491 {
492 int old_tnc_state = sp->tnc_state;
493
494 if (old_tnc_state != new_tnc_state)
495 __tnc_set_sync_state(sp, new_tnc_state);
496 }
497
resync_tnc(struct timer_list * t)498 static void resync_tnc(struct timer_list *t)
499 {
500 struct sixpack *sp = from_timer(sp, t, resync_t);
501 static char resync_cmd = 0xe8;
502
503 /* clear any data that might have been received */
504
505 sp->rx_count = 0;
506 sp->rx_count_cooked = 0;
507
508 /* reset state machine */
509
510 sp->status = 1;
511 sp->status1 = 1;
512 sp->status2 = 0;
513
514 /* resync the TNC */
515
516 sp->led_state = 0x60;
517 sp->tty->ops->write(sp->tty, &sp->led_state, 1);
518 sp->tty->ops->write(sp->tty, &resync_cmd, 1);
519
520
521 /* Start resync timer again -- the TNC might be still absent */
522 mod_timer(&sp->resync_t, jiffies + SIXP_RESYNC_TIMEOUT);
523 }
524
tnc_init(struct sixpack * sp)525 static inline int tnc_init(struct sixpack *sp)
526 {
527 unsigned char inbyte = 0xe8;
528
529 tnc_set_sync_state(sp, TNC_UNSYNC_STARTUP);
530
531 sp->tty->ops->write(sp->tty, &inbyte, 1);
532
533 mod_timer(&sp->resync_t, jiffies + SIXP_RESYNC_TIMEOUT);
534
535 return 0;
536 }
537
538 /*
539 * Open the high-level part of the 6pack channel.
540 * This function is called by the TTY module when the
541 * 6pack line discipline is called for. Because we are
542 * sure the tty line exists, we only have to link it to
543 * a free 6pcack channel...
544 */
sixpack_open(struct tty_struct * tty)545 static int sixpack_open(struct tty_struct *tty)
546 {
547 char *rbuff = NULL, *xbuff = NULL;
548 struct net_device *dev;
549 struct sixpack *sp;
550 unsigned long len;
551 int err = 0;
552
553 if (!capable(CAP_NET_ADMIN))
554 return -EPERM;
555 if (tty->ops->write == NULL)
556 return -EOPNOTSUPP;
557
558 dev = alloc_netdev(sizeof(struct sixpack), "sp%d", NET_NAME_UNKNOWN,
559 sp_setup);
560 if (!dev) {
561 err = -ENOMEM;
562 goto out;
563 }
564
565 sp = netdev_priv(dev);
566 sp->dev = dev;
567
568 spin_lock_init(&sp->lock);
569 spin_lock_init(&sp->rxlock);
570 refcount_set(&sp->refcnt, 1);
571 init_completion(&sp->dead);
572
573 /* !!! length of the buffers. MTU is IP MTU, not PACLEN! */
574
575 len = dev->mtu * 2;
576
577 rbuff = kmalloc(len + 4, GFP_KERNEL);
578 xbuff = kmalloc(len + 4, GFP_KERNEL);
579
580 if (rbuff == NULL || xbuff == NULL) {
581 err = -ENOBUFS;
582 goto out_free;
583 }
584
585 spin_lock_bh(&sp->lock);
586
587 sp->tty = tty;
588
589 sp->rbuff = rbuff;
590 sp->xbuff = xbuff;
591
592 sp->mtu = AX25_MTU + 73;
593 sp->buffsize = len;
594 sp->rcount = 0;
595 sp->rx_count = 0;
596 sp->rx_count_cooked = 0;
597 sp->xleft = 0;
598
599 sp->flags = 0; /* Clear ESCAPE & ERROR flags */
600
601 sp->duplex = 0;
602 sp->tx_delay = SIXP_TXDELAY;
603 sp->persistence = SIXP_PERSIST;
604 sp->slottime = SIXP_SLOTTIME;
605 sp->led_state = 0x60;
606 sp->status = 1;
607 sp->status1 = 1;
608 sp->status2 = 0;
609 sp->tx_enable = 0;
610
611 netif_start_queue(dev);
612
613 timer_setup(&sp->tx_t, sp_xmit_on_air, 0);
614
615 timer_setup(&sp->resync_t, resync_tnc, 0);
616
617 spin_unlock_bh(&sp->lock);
618
619 /* Done. We have linked the TTY line to a channel. */
620 tty->disc_data = sp;
621 tty->receive_room = 65536;
622
623 /* Now we're ready to register. */
624 err = register_netdev(dev);
625 if (err)
626 goto out_free;
627
628 tnc_init(sp);
629
630 return 0;
631
632 out_free:
633 kfree(xbuff);
634 kfree(rbuff);
635
636 free_netdev(dev);
637
638 out:
639 return err;
640 }
641
642
643 /*
644 * Close down a 6pack channel.
645 * This means flushing out any pending queues, and then restoring the
646 * TTY line discipline to what it was before it got hooked to 6pack
647 * (which usually is TTY again).
648 */
sixpack_close(struct tty_struct * tty)649 static void sixpack_close(struct tty_struct *tty)
650 {
651 struct sixpack *sp;
652
653 write_lock_irq(&disc_data_lock);
654 sp = tty->disc_data;
655 tty->disc_data = NULL;
656 write_unlock_irq(&disc_data_lock);
657 if (!sp)
658 return;
659
660 /*
661 * We have now ensured that nobody can start using ap from now on, but
662 * we have to wait for all existing users to finish.
663 */
664 if (!refcount_dec_and_test(&sp->refcnt))
665 wait_for_completion(&sp->dead);
666
667 /* We must stop the queue to avoid potentially scribbling
668 * on the free buffers. The sp->dead completion is not sufficient
669 * to protect us from sp->xbuff access.
670 */
671 netif_stop_queue(sp->dev);
672
673 unregister_netdev(sp->dev);
674
675 del_timer_sync(&sp->tx_t);
676 del_timer_sync(&sp->resync_t);
677
678 /* Free all 6pack frame buffers after unreg. */
679 kfree(sp->rbuff);
680 kfree(sp->xbuff);
681
682 free_netdev(sp->dev);
683 }
684
685 /* Perform I/O control on an active 6pack channel. */
sixpack_ioctl(struct tty_struct * tty,unsigned int cmd,unsigned long arg)686 static int sixpack_ioctl(struct tty_struct *tty, unsigned int cmd,
687 unsigned long arg)
688 {
689 struct sixpack *sp = sp_get(tty);
690 struct net_device *dev;
691 unsigned int tmp, err;
692
693 if (!sp)
694 return -ENXIO;
695 dev = sp->dev;
696
697 switch(cmd) {
698 case SIOCGIFNAME:
699 err = copy_to_user((void __user *) arg, dev->name,
700 strlen(dev->name) + 1) ? -EFAULT : 0;
701 break;
702
703 case SIOCGIFENCAP:
704 err = put_user(0, (int __user *) arg);
705 break;
706
707 case SIOCSIFENCAP:
708 if (get_user(tmp, (int __user *) arg)) {
709 err = -EFAULT;
710 break;
711 }
712
713 sp->mode = tmp;
714 dev->addr_len = AX25_ADDR_LEN;
715 dev->hard_header_len = AX25_KISS_HEADER_LEN +
716 AX25_MAX_HEADER_LEN + 3;
717 dev->type = ARPHRD_AX25;
718
719 err = 0;
720 break;
721
722 case SIOCSIFHWADDR: {
723 char addr[AX25_ADDR_LEN];
724
725 if (copy_from_user(&addr,
726 (void __user *)arg, AX25_ADDR_LEN)) {
727 err = -EFAULT;
728 break;
729 }
730
731 netif_tx_lock_bh(dev);
732 __dev_addr_set(dev, &addr, AX25_ADDR_LEN);
733 netif_tx_unlock_bh(dev);
734 err = 0;
735 break;
736 }
737 default:
738 err = tty_mode_ioctl(tty, cmd, arg);
739 }
740
741 sp_put(sp);
742
743 return err;
744 }
745
746 static struct tty_ldisc_ops sp_ldisc = {
747 .owner = THIS_MODULE,
748 .num = N_6PACK,
749 .name = "6pack",
750 .open = sixpack_open,
751 .close = sixpack_close,
752 .ioctl = sixpack_ioctl,
753 .receive_buf = sixpack_receive_buf,
754 .write_wakeup = sixpack_write_wakeup,
755 };
756
757 /* Initialize 6pack control device -- register 6pack line discipline */
758
759 static const char msg_banner[] __initconst = KERN_INFO \
760 "AX.25: 6pack driver, " SIXPACK_VERSION "\n";
761 static const char msg_regfail[] __initconst = KERN_ERR \
762 "6pack: can't register line discipline (err = %d)\n";
763
sixpack_init_driver(void)764 static int __init sixpack_init_driver(void)
765 {
766 int status;
767
768 printk(msg_banner);
769
770 /* Register the provided line protocol discipline */
771 status = tty_register_ldisc(&sp_ldisc);
772 if (status)
773 printk(msg_regfail, status);
774
775 return status;
776 }
777
sixpack_exit_driver(void)778 static void __exit sixpack_exit_driver(void)
779 {
780 tty_unregister_ldisc(&sp_ldisc);
781 }
782
783 /* encode an AX.25 packet into 6pack */
784
encode_sixpack(unsigned char * tx_buf,unsigned char * tx_buf_raw,int length,unsigned char tx_delay)785 static int encode_sixpack(unsigned char *tx_buf, unsigned char *tx_buf_raw,
786 int length, unsigned char tx_delay)
787 {
788 int count = 0;
789 unsigned char checksum = 0, buf[400];
790 int raw_count = 0;
791
792 tx_buf_raw[raw_count++] = SIXP_PRIO_CMD_MASK | SIXP_TX_MASK;
793 tx_buf_raw[raw_count++] = SIXP_SEOF;
794
795 buf[0] = tx_delay;
796 for (count = 1; count < length; count++)
797 buf[count] = tx_buf[count];
798
799 for (count = 0; count < length; count++)
800 checksum += buf[count];
801 buf[length] = (unsigned char) 0xff - checksum;
802
803 for (count = 0; count <= length; count++) {
804 if ((count % 3) == 0) {
805 tx_buf_raw[raw_count++] = (buf[count] & 0x3f);
806 tx_buf_raw[raw_count] = ((buf[count] >> 2) & 0x30);
807 } else if ((count % 3) == 1) {
808 tx_buf_raw[raw_count++] |= (buf[count] & 0x0f);
809 tx_buf_raw[raw_count] = ((buf[count] >> 2) & 0x3c);
810 } else {
811 tx_buf_raw[raw_count++] |= (buf[count] & 0x03);
812 tx_buf_raw[raw_count++] = (buf[count] >> 2);
813 }
814 }
815 if ((length % 3) != 2)
816 raw_count++;
817 tx_buf_raw[raw_count++] = SIXP_SEOF;
818 return raw_count;
819 }
820
821 /* decode 4 sixpack-encoded bytes into 3 data bytes */
822
decode_data(struct sixpack * sp,unsigned char inbyte)823 static void decode_data(struct sixpack *sp, unsigned char inbyte)
824 {
825 unsigned char *buf;
826
827 if (sp->rx_count != 3) {
828 sp->raw_buf[sp->rx_count++] = inbyte;
829
830 return;
831 }
832
833 if (sp->rx_count_cooked + 2 >= sizeof(sp->cooked_buf)) {
834 pr_err("6pack: cooked buffer overrun, data loss\n");
835 sp->rx_count = 0;
836 return;
837 }
838
839 buf = sp->raw_buf;
840 sp->cooked_buf[sp->rx_count_cooked++] =
841 buf[0] | ((buf[1] << 2) & 0xc0);
842 sp->cooked_buf[sp->rx_count_cooked++] =
843 (buf[1] & 0x0f) | ((buf[2] << 2) & 0xf0);
844 sp->cooked_buf[sp->rx_count_cooked++] =
845 (buf[2] & 0x03) | (inbyte << 2);
846 sp->rx_count = 0;
847 }
848
849 /* identify and execute a 6pack priority command byte */
850
decode_prio_command(struct sixpack * sp,unsigned char cmd)851 static void decode_prio_command(struct sixpack *sp, unsigned char cmd)
852 {
853 int actual;
854
855 if ((cmd & SIXP_PRIO_DATA_MASK) != 0) { /* idle ? */
856
857 /* RX and DCD flags can only be set in the same prio command,
858 if the DCD flag has been set without the RX flag in the previous
859 prio command. If DCD has not been set before, something in the
860 transmission has gone wrong. In this case, RX and DCD are
861 cleared in order to prevent the decode_data routine from
862 reading further data that might be corrupt. */
863
864 if (((sp->status & SIXP_DCD_MASK) == 0) &&
865 ((cmd & SIXP_RX_DCD_MASK) == SIXP_RX_DCD_MASK)) {
866 if (sp->status != 1)
867 printk(KERN_DEBUG "6pack: protocol violation\n");
868 else
869 sp->status = 0;
870 cmd &= ~SIXP_RX_DCD_MASK;
871 }
872 sp->status = cmd & SIXP_PRIO_DATA_MASK;
873 } else { /* output watchdog char if idle */
874 if ((sp->status2 != 0) && (sp->duplex == 1)) {
875 sp->led_state = 0x70;
876 sp->tty->ops->write(sp->tty, &sp->led_state, 1);
877 sp->tx_enable = 1;
878 actual = sp->tty->ops->write(sp->tty, sp->xbuff, sp->status2);
879 sp->xleft -= actual;
880 sp->xhead += actual;
881 sp->led_state = 0x60;
882 sp->status2 = 0;
883
884 }
885 }
886
887 /* needed to trigger the TNC watchdog */
888 sp->tty->ops->write(sp->tty, &sp->led_state, 1);
889
890 /* if the state byte has been received, the TNC is present,
891 so the resync timer can be reset. */
892
893 if (sp->tnc_state == TNC_IN_SYNC)
894 mod_timer(&sp->resync_t, jiffies + SIXP_INIT_RESYNC_TIMEOUT);
895
896 sp->status1 = cmd & SIXP_PRIO_DATA_MASK;
897 }
898
899 /* identify and execute a standard 6pack command byte */
900
decode_std_command(struct sixpack * sp,unsigned char cmd)901 static void decode_std_command(struct sixpack *sp, unsigned char cmd)
902 {
903 unsigned char checksum = 0, rest = 0;
904 short i;
905
906 switch (cmd & SIXP_CMD_MASK) { /* normal command */
907 case SIXP_SEOF:
908 if ((sp->rx_count == 0) && (sp->rx_count_cooked == 0)) {
909 if ((sp->status & SIXP_RX_DCD_MASK) ==
910 SIXP_RX_DCD_MASK) {
911 sp->led_state = 0x68;
912 sp->tty->ops->write(sp->tty, &sp->led_state, 1);
913 }
914 } else {
915 sp->led_state = 0x60;
916 /* fill trailing bytes with zeroes */
917 sp->tty->ops->write(sp->tty, &sp->led_state, 1);
918 spin_lock_bh(&sp->rxlock);
919 rest = sp->rx_count;
920 if (rest != 0)
921 for (i = rest; i <= 3; i++)
922 decode_data(sp, 0);
923 if (rest == 2)
924 sp->rx_count_cooked -= 2;
925 else if (rest == 3)
926 sp->rx_count_cooked -= 1;
927 for (i = 0; i < sp->rx_count_cooked; i++)
928 checksum += sp->cooked_buf[i];
929 if (checksum != SIXP_CHKSUM) {
930 printk(KERN_DEBUG "6pack: bad checksum %2.2x\n", checksum);
931 } else {
932 sp->rcount = sp->rx_count_cooked-2;
933 sp_bump(sp, 0);
934 }
935 sp->rx_count_cooked = 0;
936 spin_unlock_bh(&sp->rxlock);
937 }
938 break;
939 case SIXP_TX_URUN: printk(KERN_DEBUG "6pack: TX underrun\n");
940 break;
941 case SIXP_RX_ORUN: printk(KERN_DEBUG "6pack: RX overrun\n");
942 break;
943 case SIXP_RX_BUF_OVL:
944 printk(KERN_DEBUG "6pack: RX buffer overflow\n");
945 }
946 }
947
948 /* decode a 6pack packet */
949
950 static void
sixpack_decode(struct sixpack * sp,const unsigned char * pre_rbuff,int count)951 sixpack_decode(struct sixpack *sp, const unsigned char *pre_rbuff, int count)
952 {
953 unsigned char inbyte;
954 int count1;
955
956 for (count1 = 0; count1 < count; count1++) {
957 inbyte = pre_rbuff[count1];
958 if (inbyte == SIXP_FOUND_TNC) {
959 tnc_set_sync_state(sp, TNC_IN_SYNC);
960 del_timer(&sp->resync_t);
961 }
962 if ((inbyte & SIXP_PRIO_CMD_MASK) != 0)
963 decode_prio_command(sp, inbyte);
964 else if ((inbyte & SIXP_STD_CMD_MASK) != 0)
965 decode_std_command(sp, inbyte);
966 else if ((sp->status & SIXP_RX_DCD_MASK) == SIXP_RX_DCD_MASK) {
967 spin_lock_bh(&sp->rxlock);
968 decode_data(sp, inbyte);
969 spin_unlock_bh(&sp->rxlock);
970 }
971 }
972 }
973
974 MODULE_AUTHOR("Ralf Baechle DO1GRB <ralf@linux-mips.org>");
975 MODULE_DESCRIPTION("6pack driver for AX.25");
976 MODULE_LICENSE("GPL");
977 MODULE_ALIAS_LDISC(N_6PACK);
978
979 module_init(sixpack_init_driver);
980 module_exit(sixpack_exit_driver);
981