]> bbs.cooldavid.org Git - net-next-2.6.git/blame - drivers/net/usb/rndis_host.c
git://bbs.cooldavid.org / net-next-2.6.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
rndis_host: Fix rndis packet filter flags.
[net-next-2.6.git] / drivers / net / usb / rndis_host.c
CommitLineData
64e04910
DB		 1/*
2 * Host Side support for RNDIS Networking Links
3 * Copyright (C) 2005 by David Brownell
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 */
19
20// #define DEBUG // error path messages, extra info
21// #define VERBOSE // more; success messages
22
64e04910 23#include <linux/module.h>
64e04910
DB		 24#include <linux/init.h>
25#include <linux/netdevice.h>
26#include <linux/etherdevice.h>
27#include <linux/ethtool.h>
28#include <linux/workqueue.h>
29#include <linux/mii.h>
30#include <linux/usb.h>
a8c28f23 31#include <linux/usb/cdc.h>
64e04910
DB		 32
33#include "usbnet.h"
34
35
36/*
37 * RNDIS is NDIS remoted over USB. It's a MSFT variant of CDC ACM ... of
38 * course ACM was intended for modems, not Ethernet links! USB's standard
39 * for Ethernet links is "CDC Ethernet", which is significantly simpler.
51400f1d
DB		 40 *
41 * NOTE that Microsoft's "RNDIS 1.0" specification is incomplete. Issues
42 * include:
43 * - Power management in particular relies on information that's scattered
44 * through other documentation, and which is incomplete or incorrect even
45 * there.
46 * - There are various undocumented protocol requirements, such as the
47 * need to send unused garbage in control-OUT messages.
48 * - In some cases, MS-Windows will emit undocumented requests; this
49 * matters more to peripheral implementations than host ones.
50 *
ad55d71a
OAVR		 51 * Moreover there's a no-open-specs variant of RNDIS called "ActiveSync".
52 *
51400f1d
DB		 53 * For these reasons and others, ** USE OF RNDIS IS STRONGLY DISCOURAGED ** in
54 * favor of such non-proprietary alternatives as CDC Ethernet or the newer (and
55 * currently rare) "Ethernet Emulation Model" (EEM).
64e04910
DB		 56 */
57
58/*
59 * CONTROL uses CDC "encapsulated commands" with funky notifications.
60 * - control-out: SEND_ENCAPSULATED
61 * - interrupt-in: RESPONSE_AVAILABLE
62 * - control-in: GET_ENCAPSULATED
63 *
64 * We'll try to ignore the RESPONSE_AVAILABLE notifications.
ad55d71a
OAVR		 65 *
66 * REVISIT some RNDIS implementations seem to have curious issues still
67 * to be resolved.
64e04910
DB		 68 */
69struct rndis_msg_hdr {
70 __le32 msg_type; /* RNDIS_MSG_* */
71 __le32 msg_len;
72 // followed by data that varies between messages
73 __le32 request_id;
74 __le32 status;
75 // ... and more
76} __attribute__ ((packed));
77
ad55d71a
OAVR		 78/* MS-Windows uses this strange size, but RNDIS spec says 1024 minimum */
79#define CONTROL_BUFFER_SIZE 1025
80
81/* RNDIS defines an (absurdly huge) 10 second control timeout,
82 * but ActiveSync seems to use a more usual 5 second timeout
83 * (which matches the USB 2.0 spec).
84 */
85#define RNDIS_CONTROL_TIMEOUT_MS (5 * 1000)
64e04910
DB		 86
87
88#define ccpu2 __constant_cpu_to_le32
89
90#define RNDIS_MSG_COMPLETION ccpu2(0x80000000)
91
92/* codes for "msg_type" field of rndis messages;
93 * only the data channel uses packet messages (maybe batched);
94 * everything else goes on the control channel.
95 */
96#define RNDIS_MSG_PACKET ccpu2(0x00000001) /* 1-N packets */
97#define RNDIS_MSG_INIT ccpu2(0x00000002)
51400f1d 98#define RNDIS_MSG_INIT_C (RNDIS_MSG_INIT|RNDIS_MSG_COMPLETION)
64e04910
DB		 99#define RNDIS_MSG_HALT ccpu2(0x00000003)
100#define RNDIS_MSG_QUERY ccpu2(0x00000004)
51400f1d 101#define RNDIS_MSG_QUERY_C (RNDIS_MSG_QUERY|RNDIS_MSG_COMPLETION)
64e04910 102#define RNDIS_MSG_SET ccpu2(0x00000005)
51400f1d 103#define RNDIS_MSG_SET_C (RNDIS_MSG_SET|RNDIS_MSG_COMPLETION)
64e04910 104#define RNDIS_MSG_RESET ccpu2(0x00000006)
51400f1d 105#define RNDIS_MSG_RESET_C (RNDIS_MSG_RESET|RNDIS_MSG_COMPLETION)
64e04910
DB		 106#define RNDIS_MSG_INDICATE ccpu2(0x00000007)
107#define RNDIS_MSG_KEEPALIVE ccpu2(0x00000008)
51400f1d 108#define RNDIS_MSG_KEEPALIVE_C (RNDIS_MSG_KEEPALIVE|RNDIS_MSG_COMPLETION)
64e04910
DB		 109
110/* codes for "status" field of completion messages */
111#define RNDIS_STATUS_SUCCESS ccpu2(0x00000000)
112#define RNDIS_STATUS_FAILURE ccpu2(0xc0000001)
113#define RNDIS_STATUS_INVALID_DATA ccpu2(0xc0010015)
114#define RNDIS_STATUS_NOT_SUPPORTED ccpu2(0xc00000bb)
115#define RNDIS_STATUS_MEDIA_CONNECT ccpu2(0x4001000b)
116#define RNDIS_STATUS_MEDIA_DISCONNECT ccpu2(0x4001000c)
117
118
119struct rndis_data_hdr {
120 __le32 msg_type; /* RNDIS_MSG_PACKET */
121 __le32 msg_len; // rndis_data_hdr + data_len + pad
122 __le32 data_offset; // 36 -- right after header
123 __le32 data_len; // ... real packet size
124
125 __le32 oob_data_offset; // zero
126 __le32 oob_data_len; // zero
127 __le32 num_oob; // zero
128 __le32 packet_data_offset; // zero
129
130 __le32 packet_data_len; // zero
131 __le32 vc_handle; // zero
132 __le32 reserved; // zero
133} __attribute__ ((packed));
134
135struct rndis_init { /* OUT */
136 // header and:
137 __le32 msg_type; /* RNDIS_MSG_INIT */
138 __le32 msg_len; // 24
139 __le32 request_id;
140 __le32 major_version; // of rndis (1.0)
141 __le32 minor_version;
142 __le32 max_transfer_size;
143} __attribute__ ((packed));
144
145struct rndis_init_c { /* IN */
146 // header and:
147 __le32 msg_type; /* RNDIS_MSG_INIT_C */
148 __le32 msg_len;
149 __le32 request_id;
150 __le32 status;
151 __le32 major_version; // of rndis (1.0)
152 __le32 minor_version;
153 __le32 device_flags;
154 __le32 medium; // zero == 802.3
155 __le32 max_packets_per_message;
156 __le32 max_transfer_size;
157 __le32 packet_alignment; // max 7; (1<<n) bytes
158 __le32 af_list_offset; // zero
159 __le32 af_list_size; // zero
160} __attribute__ ((packed));
161
162struct rndis_halt { /* OUT (no reply) */
163 // header and:
164 __le32 msg_type; /* RNDIS_MSG_HALT */
165 __le32 msg_len;
166 __le32 request_id;
167} __attribute__ ((packed));
168
169struct rndis_query { /* OUT */
170 // header and:
171 __le32 msg_type; /* RNDIS_MSG_QUERY */
172 __le32 msg_len;
173 __le32 request_id;
174 __le32 oid;
175 __le32 len;
176 __le32 offset;
177/*?*/ __le32 handle; // zero
178} __attribute__ ((packed));
179
180struct rndis_query_c { /* IN */
181 // header and:
182 __le32 msg_type; /* RNDIS_MSG_QUERY_C */
183 __le32 msg_len;
184 __le32 request_id;
185 __le32 status;
186 __le32 len;
187 __le32 offset;
188} __attribute__ ((packed));
189
190struct rndis_set { /* OUT */
191 // header and:
192 __le32 msg_type; /* RNDIS_MSG_SET */
193 __le32 msg_len;
194 __le32 request_id;
195 __le32 oid;
196 __le32 len;
197 __le32 offset;
198/*?*/ __le32 handle; // zero
199} __attribute__ ((packed));
200
201struct rndis_set_c { /* IN */
202 // header and:
203 __le32 msg_type; /* RNDIS_MSG_SET_C */
204 __le32 msg_len;
205 __le32 request_id;
206 __le32 status;
207} __attribute__ ((packed));
208
209struct rndis_reset { /* IN */
210 // header and:
211 __le32 msg_type; /* RNDIS_MSG_RESET */
212 __le32 msg_len;
213 __le32 reserved;
214} __attribute__ ((packed));
215
216struct rndis_reset_c { /* OUT */
217 // header and:
218 __le32 msg_type; /* RNDIS_MSG_RESET_C */
219 __le32 msg_len;
220 __le32 status;
221 __le32 addressing_lost;
222} __attribute__ ((packed));
223
224struct rndis_indicate { /* IN (unrequested) */
225 // header and:
226 __le32 msg_type; /* RNDIS_MSG_INDICATE */
227 __le32 msg_len;
228 __le32 status;
229 __le32 length;
230 __le32 offset;
231/**/ __le32 diag_status;
232 __le32 error_offset;
233/**/ __le32 message;
234} __attribute__ ((packed));
235
236struct rndis_keepalive { /* OUT (optionally IN) */
237 // header and:
238 __le32 msg_type; /* RNDIS_MSG_KEEPALIVE */
239 __le32 msg_len;
240 __le32 request_id;
241} __attribute__ ((packed));
242
243struct rndis_keepalive_c { /* IN (optionally OUT) */
244 // header and:
245 __le32 msg_type; /* RNDIS_MSG_KEEPALIVE_C */
246 __le32 msg_len;
247 __le32 request_id;
248 __le32 status;
249} __attribute__ ((packed));
250
251/* NOTE: about 30 OIDs are "mandatory" for peripherals to support ... and
252 * there are gobs more that may optionally be supported. We'll avoid as much
253 * of that mess as possible.
254 */
255#define OID_802_3_PERMANENT_ADDRESS ccpu2(0x01010101)
ddda0862 256#define OID_GEN_MAXIMUM_FRAME_SIZE ccpu2(0x00010106)
64e04910
DB		 257#define OID_GEN_CURRENT_PACKET_FILTER ccpu2(0x0001010e)
258
a842edac
JK		 259/* packet filter bits used by OID_GEN_CURRENT_PACKET_FILTER */
260#define RNDIS_PACKET_TYPE_DIRECTED ccpu2(0x00000001)
261#define RNDIS_PACKET_TYPE_MULTICAST ccpu2(0x00000002)
262#define RNDIS_PACKET_TYPE_ALL_MULTICAST ccpu2(0x00000004)
263#define RNDIS_PACKET_TYPE_BROADCAST ccpu2(0x00000008)
264#define RNDIS_PACKET_TYPE_SOURCE_ROUTING ccpu2(0x00000010)
265#define RNDIS_PACKET_TYPE_PROMISCUOUS ccpu2(0x00000020)
266#define RNDIS_PACKET_TYPE_SMT ccpu2(0x00000040)
267#define RNDIS_PACKET_TYPE_ALL_LOCAL ccpu2(0x00000080)
268#define RNDIS_PACKET_TYPE_GROUP ccpu2(0x00001000)
269#define RNDIS_PACKET_TYPE_ALL_FUNCTIONAL ccpu2(0x00002000)
270#define RNDIS_PACKET_TYPE_FUNCTIONAL ccpu2(0x00004000)
271#define RNDIS_PACKET_TYPE_MAC_FRAME ccpu2(0x00008000)
272
273/* default filter used with RNDIS devices */
274#define RNDIS_DEFAULT_FILTER ( \
275 RNDIS_PACKET_TYPE_DIRECTED | \
276 RNDIS_PACKET_TYPE_BROADCAST | \
277 RNDIS_PACKET_TYPE_ALL_MULTICAST | \
278 RNDIS_PACKET_TYPE_PROMISCUOUS)
279
64e04910
DB		 280/*
281 * RNDIS notifications from device: command completion; "reverse"
282 * keepalives; etc
283 */
284static void rndis_status(struct usbnet *dev, struct urb *urb)
285{
286 devdbg(dev, "rndis status urb, len %d stat %d",
287 urb->actual_length, urb->status);
288 // FIXME for keepalives, respond immediately (asynchronously)
289 // if not an RNDIS status, do like cdc_status(dev,urb) does
290}
291
292/*
293 * RPC done RNDIS-style. Caller guarantees:
294 * - message is properly byteswapped
295 * - there's no other request pending
296 * - buf can hold up to 1KB response (required by RNDIS spec)
297 * On return, the first few entries are already byteswapped.
298 *
299 * Call context is likely probe(), before interface name is known,
300 * which is why we won't try to use it in the diagnostics.
301 */
302static int rndis_command(struct usbnet *dev, struct rndis_msg_hdr *buf)
303{
304 struct cdc_state *info = (void *) &dev->data;
ad55d71a 305 int master_ifnum;
64e04910
DB		 306 int retval;
307 unsigned count;
308 __le32 rsp;
309 u32 xid = 0, msg_len, request_id;
310
311 /* REVISIT when this gets called from contexts other than probe() or
312 * disconnect(): either serialize, or dispatch responses on xid
313 */
314
ad55d71a 315 /* Issue the request; xid is unique, don't bother byteswapping it */
64e04910
DB		 316 if (likely(buf->msg_type != RNDIS_MSG_HALT
317 && buf->msg_type != RNDIS_MSG_RESET)) {
318 xid = dev->xid++;
319 if (!xid)
320 xid = dev->xid++;
321 buf->request_id = (__force __le32) xid;
322 }
ad55d71a 323 master_ifnum = info->control->cur_altsetting->desc.bInterfaceNumber;
64e04910
DB		 324 retval = usb_control_msg(dev->udev,
325 usb_sndctrlpipe(dev->udev, 0),
326 USB_CDC_SEND_ENCAPSULATED_COMMAND,
327 USB_TYPE_CLASS | USB_RECIP_INTERFACE,
ad55d71a 328 0, master_ifnum,
64e04910
DB		 329 buf, le32_to_cpu(buf->msg_len),
330 RNDIS_CONTROL_TIMEOUT_MS);
331 if (unlikely(retval < 0 || xid == 0))
332 return retval;
333
334 // FIXME Seems like some devices discard responses when
335 // we time out and cancel our "get response" requests...
336 // so, this is fragile. Probably need to poll for status.
337
338 /* ignore status endpoint, just poll the control channel;
339 * the request probably completed immediately
340 */
341 rsp = buf->msg_type | RNDIS_MSG_COMPLETION;
342 for (count = 0; count < 10; count++) {
ad55d71a 343 memset(buf, 0, CONTROL_BUFFER_SIZE);
64e04910
DB		 344 retval = usb_control_msg(dev->udev,
345 usb_rcvctrlpipe(dev->udev, 0),
346 USB_CDC_GET_ENCAPSULATED_RESPONSE,
347 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
ad55d71a
OAVR		 348 0, master_ifnum,
349 buf, CONTROL_BUFFER_SIZE,
64e04910
DB		 350 RNDIS_CONTROL_TIMEOUT_MS);
351 if (likely(retval >= 8)) {
352 msg_len = le32_to_cpu(buf->msg_len);
353 request_id = (__force u32) buf->request_id;
354 if (likely(buf->msg_type == rsp)) {
355 if (likely(request_id == xid)) {
356 if (unlikely(rsp == RNDIS_MSG_RESET_C))
357 return 0;
358 if (likely(RNDIS_STATUS_SUCCESS
359 == buf->status))
360 return 0;
361 dev_dbg(&info->control->dev,
362 "rndis reply status %08x\n",
363 le32_to_cpu(buf->status));
364 return -EL3RST;
365 }
366 dev_dbg(&info->control->dev,
367 "rndis reply id %d expected %d\n",
368 request_id, xid);
369 /* then likely retry */
370 } else switch (buf->msg_type) {
371 case RNDIS_MSG_INDICATE: { /* fault */
372 // struct rndis_indicate *msg = (void *)buf;
373 dev_info(&info->control->dev,
ddda0862 374 "rndis fault indication\n");
64e04910
DB		 375 }
376 break;
377 case RNDIS_MSG_KEEPALIVE: { /* ping */
378 struct rndis_keepalive_c *msg = (void *)buf;
379
380 msg->msg_type = RNDIS_MSG_KEEPALIVE_C;
381 msg->msg_len = ccpu2(sizeof *msg);
382 msg->status = RNDIS_STATUS_SUCCESS;
383 retval = usb_control_msg(dev->udev,
384 usb_sndctrlpipe(dev->udev, 0),
385 USB_CDC_SEND_ENCAPSULATED_COMMAND,
386 USB_TYPE_CLASS | USB_RECIP_INTERFACE,
ad55d71a 387 0, master_ifnum,
64e04910
DB		 388 msg, sizeof *msg,
389 RNDIS_CONTROL_TIMEOUT_MS);
390 if (unlikely(retval < 0))
391 dev_dbg(&info->control->dev,
392 "rndis keepalive err %d\n",
393 retval);
394 }
395 break;
396 default:
397 dev_dbg(&info->control->dev,
398 "unexpected rndis msg %08x len %d\n",
399 le32_to_cpu(buf->msg_type), msg_len);
400 }
401 } else {
402 /* device probably issued a protocol stall; ignore */
403 dev_dbg(&info->control->dev,
404 "rndis response error, code %d\n", retval);
405 }
406 msleep(2);
407 }
408 dev_dbg(&info->control->dev, "rndis response timeout\n");
409 return -ETIMEDOUT;
410}
411
ddda0862
DB		 412/*
413 * rndis_query:
414 *
415 * Performs a query for @oid along with 0 or more bytes of payload as
416 * specified by @in_len. If @reply_len is not set to -1 then the reply
417 * length is checked against this value, resulting in an error if it
418 * doesn't match.
419 *
420 * NOTE: Adding a payload exactly or greater than the size of the expected
421 * response payload is an evident requirement MSFT added for ActiveSync.
422 *
423 * The only exception is for OIDs that return a variably sized response,
424 * in which case no payload should be added. This undocumented (and
425 * nonsensical!) issue was found by sniffing protocol requests from the
426 * ActiveSync 4.1 Windows driver.
427 */
428static int rndis_query(struct usbnet *dev, struct usb_interface *intf,
429 void *buf, u32 oid, u32 in_len,
430 void **reply, int *reply_len)
431{
432 int retval;
433 union {
434 void *buf;
435 struct rndis_msg_hdr *header;
436 struct rndis_query *get;
437 struct rndis_query_c *get_c;
438 } u;
439 u32 off, len;
440
441 u.buf = buf;
442
443 memset(u.get, 0, sizeof *u.get + in_len);
444 u.get->msg_type = RNDIS_MSG_QUERY;
445 u.get->msg_len = cpu_to_le32(sizeof *u.get + in_len);
446 u.get->oid = oid;
447 u.get->len = cpu_to_le32(in_len);
448 u.get->offset = ccpu2(20);
449
450 retval = rndis_command(dev, u.header);
451 if (unlikely(retval < 0)) {
452 dev_err(&intf->dev, "RNDIS_MSG_QUERY(0x%08x) failed, %d\n",
453 oid, retval);
454 return retval;
455 }
456
457 off = le32_to_cpu(u.get_c->offset);
458 len = le32_to_cpu(u.get_c->len);
459 if (unlikely((8 + off + len) > CONTROL_BUFFER_SIZE))
460 goto response_error;
461
462 if (*reply_len != -1 && len != *reply_len)
463 goto response_error;
464
465 *reply = (unsigned char *) &u.get_c->request_id + off;
466 *reply_len = len;
467
468 return retval;
469
470response_error:
471 dev_err(&intf->dev, "RNDIS_MSG_QUERY(0x%08x) "
472 "invalid response - off %d len %d\n",
473 oid, off, len);
474 return -EDOM;
475}
476
64e04910
DB		 477static int rndis_bind(struct usbnet *dev, struct usb_interface *intf)
478{
479 int retval;
480 struct net_device *net = dev->net;
deb31f17 481 struct cdc_state *info = (void *) &dev->data;
64e04910
DB		 482 union {
483 void *buf;
484 struct rndis_msg_hdr *header;
485 struct rndis_init *init;
486 struct rndis_init_c *init_c;
487 struct rndis_query *get;
488 struct rndis_query_c *get_c;
489 struct rndis_set *set;
490 struct rndis_set_c *set_c;
9ff55874 491 struct rndis_halt *halt;
64e04910
DB		 492 } u;
493 u32 tmp;
ddda0862
DB		 494 int reply_len;
495 unsigned char *bp;
64e04910
DB		 496
497 /* we can't rely on i/o from stack working, or stack allocation */
ad55d71a 498 u.buf = kmalloc(CONTROL_BUFFER_SIZE, GFP_KERNEL);
64e04910
DB		 499 if (!u.buf)
500 return -ENOMEM;
501 retval = usbnet_generic_cdc_bind(dev, intf);
502 if (retval < 0)
deb31f17 503 goto fail;
64e04910 504
64e04910
DB		 505 u.init->msg_type = RNDIS_MSG_INIT;
506 u.init->msg_len = ccpu2(sizeof *u.init);
507 u.init->major_version = ccpu2(1);
508 u.init->minor_version = ccpu2(0);
64e04910 509
ad55d71a
OAVR		 510 /* max transfer (in spec) is 0x4000 at full speed, but for
511 * TX we'll stick to one Ethernet packet plus RNDIS framing.
512 * For RX we handle drivers that zero-pad to end-of-packet.
513 * Don't let userspace change these settings.
ddda0862
DB		 514 *
515 * NOTE: there still seems to be wierdness here, as if we need
516 * to do some more things to make sure WinCE targets accept this.
517 * They default to jumbograms of 8KB or 16KB, which is absurd
518 * for such low data rates and which is also more than Linux
519 * can usually expect to allocate for SKB data...
ad55d71a
OAVR		 520 */
521 net->hard_header_len += sizeof (struct rndis_data_hdr);
522 dev->hard_mtu = net->mtu + net->hard_header_len;
523
524 dev->rx_urb_size = dev->hard_mtu + (dev->maxpacket + 1);
525 dev->rx_urb_size &= ~(dev->maxpacket - 1);
526 u.init->max_transfer_size = cpu_to_le32(dev->rx_urb_size);
527
528 net->change_mtu = NULL;
64e04910
DB		 529 retval = rndis_command(dev, u.header);
530 if (unlikely(retval < 0)) {
531 /* it might not even be an RNDIS device!! */
532 dev_err(&intf->dev, "RNDIS init failed, %d\n", retval);
ddda0862 533 goto fail_and_release;
ad55d71a
OAVR		 534 }
535 tmp = le32_to_cpu(u.init_c->max_transfer_size);
536 if (tmp < dev->hard_mtu) {
500d2c2f
TS		 537 if (tmp <= net->hard_header_len) {
538 dev_err(&intf->dev,
539 "dev can't take %u byte packets (max %u)\n",
540 dev->hard_mtu, tmp);
541 retval = -EINVAL;
9ff55874 542 goto halt_fail_and_release;
500d2c2f
TS		 543 }
544 dev->hard_mtu = tmp;
545 net->mtu = dev->hard_mtu - net->hard_header_len;
546 dev_warn(&intf->dev,
547 "dev can't take %u byte packets (max %u), "
548 "adjusting MTU to %u\n",
549 dev->hard_mtu, tmp, net->mtu);
64e04910 550 }
ad55d71a 551
64e04910 552 /* REVISIT: peripheral "alignment" request is ignored ... */
ad55d71a
OAVR		 553 dev_dbg(&intf->dev,
554 "hard mtu %u (%u from dev), rx buflen %Zu, align %d\n",
555 dev->hard_mtu, tmp, dev->rx_urb_size,
64e04910
DB		 556 1 << le32_to_cpu(u.init_c->packet_alignment));
557
ddda0862
DB		 558 /* Get designated host ethernet address */
559 reply_len = ETH_ALEN;
560 retval = rndis_query(dev, intf, u.buf, OID_802_3_PERMANENT_ADDRESS,
561 48, (void **) &bp, &reply_len);
562 if (unlikely(retval< 0)) {
64e04910 563 dev_err(&intf->dev, "rndis get ethaddr, %d\n", retval);
9ff55874 564 goto halt_fail_and_release;
64e04910 565 }
ddda0862 566 memcpy(net->dev_addr, bp, ETH_ALEN);
64e04910
DB		 567
568 /* set a nonzero filter to enable data transfers */
569 memset(u.set, 0, sizeof *u.set);
570 u.set->msg_type = RNDIS_MSG_SET;
571 u.set->msg_len = ccpu2(4 + sizeof *u.set);
572 u.set->oid = OID_GEN_CURRENT_PACKET_FILTER;
573 u.set->len = ccpu2(4);
574 u.set->offset = ccpu2((sizeof *u.set) - 8);
a842edac 575 *(__le32 *)(u.buf + sizeof *u.set) = RNDIS_DEFAULT_FILTER;
64e04910
DB		 576
577 retval = rndis_command(dev, u.header);
578 if (unlikely(retval < 0)) {
579 dev_err(&intf->dev, "rndis set packet filter, %d\n", retval);
9ff55874 580 goto halt_fail_and_release;
64e04910
DB		 581 }
582
583 retval = 0;
deb31f17
DG		 584
585 kfree(u.buf);
586 return retval;
587
9ff55874
JK		 588halt_fail_and_release:
589 memset(u.halt, 0, sizeof *u.halt);
590 u.halt->msg_type = RNDIS_MSG_HALT;
591 u.halt->msg_len = ccpu2(sizeof *u.halt);
592 (void) rndis_command(dev, (void *)u.halt);
deb31f17
DG		 593fail_and_release:
594 usb_set_intfdata(info->data, NULL);
595 usb_driver_release_interface(driver_of(intf), info->data);
ddda0862 596 info->data = NULL;
deb31f17 597fail:
64e04910
DB		 598 kfree(u.buf);
599 return retval;
600}
601
602static void rndis_unbind(struct usbnet *dev, struct usb_interface *intf)
603{
604 struct rndis_halt *halt;
605
606 /* try to clear any rndis state/activity (no i/o from stack!) */
04c3c01a 607 halt = kzalloc(CONTROL_BUFFER_SIZE, GFP_KERNEL);
64e04910
DB		 608 if (halt) {
609 halt->msg_type = RNDIS_MSG_HALT;
610 halt->msg_len = ccpu2(sizeof *halt);
611 (void) rndis_command(dev, (void *)halt);
612 kfree(halt);
613 }
614
2bfa2e1f 615 usbnet_cdc_unbind(dev, intf);
64e04910
DB		 616}
617
618/*
619 * DATA -- host must not write zlps
620 */
621static int rndis_rx_fixup(struct usbnet *dev, struct sk_buff *skb)
622{
623 /* peripheral may have batched packets to us... */
624 while (likely(skb->len)) {
625 struct rndis_data_hdr *hdr = (void *)skb->data;
626 struct sk_buff *skb2;
627 u32 msg_len, data_offset, data_len;
628
629 msg_len = le32_to_cpu(hdr->msg_len);
630 data_offset = le32_to_cpu(hdr->data_offset);
631 data_len = le32_to_cpu(hdr->data_len);
632
633 /* don't choke if we see oob, per-packet data, etc */
634 if (unlikely(hdr->msg_type != RNDIS_MSG_PACKET
635 || skb->len < msg_len
636 || (data_offset + data_len + 8) > msg_len)) {
637 dev->stats.rx_frame_errors++;
638 devdbg(dev, "bad rndis message %d/%d/%d/%d, len %d",
639 le32_to_cpu(hdr->msg_type),
640 msg_len, data_offset, data_len, skb->len);
641 return 0;
642 }
643 skb_pull(skb, 8 + data_offset);
644
645 /* at most one packet left? */
646 if (likely((data_len - skb->len) <= sizeof *hdr)) {
647 skb_trim(skb, data_len);
648 break;
649 }
650
651 /* try to return all the packets in the batch */
652 skb2 = skb_clone(skb, GFP_ATOMIC);
653 if (unlikely(!skb2))
654 break;
655 skb_pull(skb, msg_len - sizeof *hdr);
656 skb_trim(skb2, data_len);
657 usbnet_skb_return(dev, skb2);
658 }
659
660 /* caller will usbnet_skb_return the remaining packet */
661 return 1;
662}
663
664static struct sk_buff *
55016f10 665rndis_tx_fixup(struct usbnet *dev, struct sk_buff *skb, gfp_t flags)
64e04910
DB		 666{
667 struct rndis_data_hdr *hdr;
668 struct sk_buff *skb2;
669 unsigned len = skb->len;
670
671 if (likely(!skb_cloned(skb))) {
672 int room = skb_headroom(skb);
673
674 /* enough head room as-is? */
675 if (unlikely((sizeof *hdr) <= room))
676 goto fill;
677
678 /* enough room, but needs to be readjusted? */
679 room += skb_tailroom(skb);
680 if (likely((sizeof *hdr) <= room)) {
681 skb->data = memmove(skb->head + sizeof *hdr,
682 skb->data, len);
27a884dc 683 skb_set_tail_pointer(skb, len);
64e04910
DB		 684 goto fill;
685 }
686 }
687
688 /* create a new skb, with the correct size (and tailpad) */
689 skb2 = skb_copy_expand(skb, sizeof *hdr, 1, flags);
690 dev_kfree_skb_any(skb);
691 if (unlikely(!skb2))
692 return skb2;
693 skb = skb2;
694
695 /* fill out the RNDIS header. we won't bother trying to batch
696 * packets; Linux minimizes wasted bandwidth through tx queues.
697 */
698fill:
699 hdr = (void *) __skb_push(skb, sizeof *hdr);
700 memset(hdr, 0, sizeof *hdr);
701 hdr->msg_type = RNDIS_MSG_PACKET;
702 hdr->msg_len = cpu_to_le32(skb->len);
703 hdr->data_offset = ccpu2(sizeof(*hdr) - 8);
704 hdr->data_len = cpu_to_le32(len);
705
706 /* FIXME make the last packet always be short ... */
707 return skb;
708}
709
710
711static const struct driver_info rndis_info = {
712 .description = "RNDIS device",
ddda0862 713 .flags = FLAG_ETHER | FLAG_FRAMING_RN | FLAG_NO_SETINT,
64e04910
DB		 714 .bind = rndis_bind,
715 .unbind = rndis_unbind,
716 .status = rndis_status,
717 .rx_fixup = rndis_rx_fixup,
718 .tx_fixup = rndis_tx_fixup,
719};
720
721#undef ccpu2
722
723
724/*-------------------------------------------------------------------------*/
725
726static const struct usb_device_id products [] = {
727{
728 /* RNDIS is MSFT's un-official variant of CDC ACM */
729 USB_INTERFACE_INFO(USB_CLASS_COMM, 2 /* ACM */, 0x0ff),
730 .driver_info = (unsigned long) &rndis_info,
ad55d71a
OAVR		 731}, {
732 /* "ActiveSync" is an undocumented variant of RNDIS, used in WM5 */
733 USB_INTERFACE_INFO(USB_CLASS_MISC, 1, 1),
734 .driver_info = (unsigned long) &rndis_info,
64e04910
DB		 735},
736 { }, // END
737};
738MODULE_DEVICE_TABLE(usb, products);
739
740static struct usb_driver rndis_driver = {
64e04910
DB		 741 .name = "rndis_host",
742 .id_table = products,
743 .probe = usbnet_probe,
744 .disconnect = usbnet_disconnect,
745 .suspend = usbnet_suspend,
746 .resume = usbnet_resume,
747};
748
749static int __init rndis_init(void)
750{
51400f1d 751 return usb_register(&rndis_driver);
64e04910
DB		 752}
753module_init(rndis_init);
754
755static void __exit rndis_exit(void)
756{
51400f1d 757 usb_deregister(&rndis_driver);
64e04910
DB		 758}
759module_exit(rndis_exit);
760
761MODULE_AUTHOR("David Brownell");
762MODULE_DESCRIPTION("USB Host side RNDIS driver");
763MODULE_LICENSE("GPL");
Clone of davem's net-next-2.6 tree