]>
Commit | Line | Data |
---|---|---|
64e04910 DB |
1 | /* |
2 | * Host Side support for RNDIS Networking Links | |
3 | * Copyright (C) 2005 by David Brownell | |
4 | * | |
5 | * This program is free software; you can redistribute it and/or modify | |
6 | * it under the terms of the GNU General Public License as published by | |
7 | * the Free Software Foundation; either version 2 of the License, or | |
8 | * (at your option) any later version. | |
9 | * | |
10 | * This program is distributed in the hope that it will be useful, | |
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
13 | * GNU General Public License for more details. | |
14 | * | |
15 | * You should have received a copy of the GNU General Public License | |
16 | * along with this program; if not, write to the Free Software | |
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA | |
18 | */ | |
19 | ||
20 | // #define DEBUG // error path messages, extra info | |
21 | // #define VERBOSE // more; success messages | |
22 | ||
64e04910 | 23 | #include <linux/module.h> |
64e04910 DB |
24 | #include <linux/init.h> |
25 | #include <linux/netdevice.h> | |
26 | #include <linux/etherdevice.h> | |
27 | #include <linux/ethtool.h> | |
28 | #include <linux/workqueue.h> | |
29 | #include <linux/mii.h> | |
30 | #include <linux/usb.h> | |
a8c28f23 | 31 | #include <linux/usb/cdc.h> |
64e04910 DB |
32 | |
33 | #include "usbnet.h" | |
34 | ||
35 | ||
36 | /* | |
37 | * RNDIS is NDIS remoted over USB. It's a MSFT variant of CDC ACM ... of | |
38 | * course ACM was intended for modems, not Ethernet links! USB's standard | |
39 | * for Ethernet links is "CDC Ethernet", which is significantly simpler. | |
51400f1d DB |
40 | * |
41 | * NOTE that Microsoft's "RNDIS 1.0" specification is incomplete. Issues | |
42 | * include: | |
43 | * - Power management in particular relies on information that's scattered | |
44 | * through other documentation, and which is incomplete or incorrect even | |
45 | * there. | |
46 | * - There are various undocumented protocol requirements, such as the | |
47 | * need to send unused garbage in control-OUT messages. | |
48 | * - In some cases, MS-Windows will emit undocumented requests; this | |
49 | * matters more to peripheral implementations than host ones. | |
50 | * | |
ad55d71a OAVR |
51 | * Moreover there's a no-open-specs variant of RNDIS called "ActiveSync". |
52 | * | |
51400f1d DB |
53 | * For these reasons and others, ** USE OF RNDIS IS STRONGLY DISCOURAGED ** in |
54 | * favor of such non-proprietary alternatives as CDC Ethernet or the newer (and | |
55 | * currently rare) "Ethernet Emulation Model" (EEM). | |
64e04910 DB |
56 | */ |
57 | ||
58 | /* | |
59 | * CONTROL uses CDC "encapsulated commands" with funky notifications. | |
60 | * - control-out: SEND_ENCAPSULATED | |
61 | * - interrupt-in: RESPONSE_AVAILABLE | |
62 | * - control-in: GET_ENCAPSULATED | |
63 | * | |
64 | * We'll try to ignore the RESPONSE_AVAILABLE notifications. | |
ad55d71a OAVR |
65 | * |
66 | * REVISIT some RNDIS implementations seem to have curious issues still | |
67 | * to be resolved. | |
64e04910 DB |
68 | */ |
69 | struct rndis_msg_hdr { | |
70 | __le32 msg_type; /* RNDIS_MSG_* */ | |
71 | __le32 msg_len; | |
72 | // followed by data that varies between messages | |
73 | __le32 request_id; | |
74 | __le32 status; | |
75 | // ... and more | |
76 | } __attribute__ ((packed)); | |
77 | ||
ad55d71a OAVR |
78 | /* MS-Windows uses this strange size, but RNDIS spec says 1024 minimum */ |
79 | #define CONTROL_BUFFER_SIZE 1025 | |
80 | ||
81 | /* RNDIS defines an (absurdly huge) 10 second control timeout, | |
82 | * but ActiveSync seems to use a more usual 5 second timeout | |
83 | * (which matches the USB 2.0 spec). | |
84 | */ | |
85 | #define RNDIS_CONTROL_TIMEOUT_MS (5 * 1000) | |
64e04910 DB |
86 | |
87 | ||
88 | #define ccpu2 __constant_cpu_to_le32 | |
89 | ||
90 | #define RNDIS_MSG_COMPLETION ccpu2(0x80000000) | |
91 | ||
92 | /* codes for "msg_type" field of rndis messages; | |
93 | * only the data channel uses packet messages (maybe batched); | |
94 | * everything else goes on the control channel. | |
95 | */ | |
96 | #define RNDIS_MSG_PACKET ccpu2(0x00000001) /* 1-N packets */ | |
97 | #define RNDIS_MSG_INIT ccpu2(0x00000002) | |
51400f1d | 98 | #define RNDIS_MSG_INIT_C (RNDIS_MSG_INIT|RNDIS_MSG_COMPLETION) |
64e04910 DB |
99 | #define RNDIS_MSG_HALT ccpu2(0x00000003) |
100 | #define RNDIS_MSG_QUERY ccpu2(0x00000004) | |
51400f1d | 101 | #define RNDIS_MSG_QUERY_C (RNDIS_MSG_QUERY|RNDIS_MSG_COMPLETION) |
64e04910 | 102 | #define RNDIS_MSG_SET ccpu2(0x00000005) |
51400f1d | 103 | #define RNDIS_MSG_SET_C (RNDIS_MSG_SET|RNDIS_MSG_COMPLETION) |
64e04910 | 104 | #define RNDIS_MSG_RESET ccpu2(0x00000006) |
51400f1d | 105 | #define RNDIS_MSG_RESET_C (RNDIS_MSG_RESET|RNDIS_MSG_COMPLETION) |
64e04910 DB |
106 | #define RNDIS_MSG_INDICATE ccpu2(0x00000007) |
107 | #define RNDIS_MSG_KEEPALIVE ccpu2(0x00000008) | |
51400f1d | 108 | #define RNDIS_MSG_KEEPALIVE_C (RNDIS_MSG_KEEPALIVE|RNDIS_MSG_COMPLETION) |
64e04910 DB |
109 | |
110 | /* codes for "status" field of completion messages */ | |
111 | #define RNDIS_STATUS_SUCCESS ccpu2(0x00000000) | |
112 | #define RNDIS_STATUS_FAILURE ccpu2(0xc0000001) | |
113 | #define RNDIS_STATUS_INVALID_DATA ccpu2(0xc0010015) | |
114 | #define RNDIS_STATUS_NOT_SUPPORTED ccpu2(0xc00000bb) | |
115 | #define RNDIS_STATUS_MEDIA_CONNECT ccpu2(0x4001000b) | |
116 | #define RNDIS_STATUS_MEDIA_DISCONNECT ccpu2(0x4001000c) | |
117 | ||
118 | ||
119 | struct rndis_data_hdr { | |
120 | __le32 msg_type; /* RNDIS_MSG_PACKET */ | |
121 | __le32 msg_len; // rndis_data_hdr + data_len + pad | |
122 | __le32 data_offset; // 36 -- right after header | |
123 | __le32 data_len; // ... real packet size | |
124 | ||
125 | __le32 oob_data_offset; // zero | |
126 | __le32 oob_data_len; // zero | |
127 | __le32 num_oob; // zero | |
128 | __le32 packet_data_offset; // zero | |
129 | ||
130 | __le32 packet_data_len; // zero | |
131 | __le32 vc_handle; // zero | |
132 | __le32 reserved; // zero | |
133 | } __attribute__ ((packed)); | |
134 | ||
135 | struct rndis_init { /* OUT */ | |
136 | // header and: | |
137 | __le32 msg_type; /* RNDIS_MSG_INIT */ | |
138 | __le32 msg_len; // 24 | |
139 | __le32 request_id; | |
140 | __le32 major_version; // of rndis (1.0) | |
141 | __le32 minor_version; | |
142 | __le32 max_transfer_size; | |
143 | } __attribute__ ((packed)); | |
144 | ||
145 | struct rndis_init_c { /* IN */ | |
146 | // header and: | |
147 | __le32 msg_type; /* RNDIS_MSG_INIT_C */ | |
148 | __le32 msg_len; | |
149 | __le32 request_id; | |
150 | __le32 status; | |
151 | __le32 major_version; // of rndis (1.0) | |
152 | __le32 minor_version; | |
153 | __le32 device_flags; | |
154 | __le32 medium; // zero == 802.3 | |
155 | __le32 max_packets_per_message; | |
156 | __le32 max_transfer_size; | |
157 | __le32 packet_alignment; // max 7; (1<<n) bytes | |
158 | __le32 af_list_offset; // zero | |
159 | __le32 af_list_size; // zero | |
160 | } __attribute__ ((packed)); | |
161 | ||
162 | struct rndis_halt { /* OUT (no reply) */ | |
163 | // header and: | |
164 | __le32 msg_type; /* RNDIS_MSG_HALT */ | |
165 | __le32 msg_len; | |
166 | __le32 request_id; | |
167 | } __attribute__ ((packed)); | |
168 | ||
169 | struct rndis_query { /* OUT */ | |
170 | // header and: | |
171 | __le32 msg_type; /* RNDIS_MSG_QUERY */ | |
172 | __le32 msg_len; | |
173 | __le32 request_id; | |
174 | __le32 oid; | |
175 | __le32 len; | |
176 | __le32 offset; | |
177 | /*?*/ __le32 handle; // zero | |
178 | } __attribute__ ((packed)); | |
179 | ||
180 | struct rndis_query_c { /* IN */ | |
181 | // header and: | |
182 | __le32 msg_type; /* RNDIS_MSG_QUERY_C */ | |
183 | __le32 msg_len; | |
184 | __le32 request_id; | |
185 | __le32 status; | |
186 | __le32 len; | |
187 | __le32 offset; | |
188 | } __attribute__ ((packed)); | |
189 | ||
190 | struct rndis_set { /* OUT */ | |
191 | // header and: | |
192 | __le32 msg_type; /* RNDIS_MSG_SET */ | |
193 | __le32 msg_len; | |
194 | __le32 request_id; | |
195 | __le32 oid; | |
196 | __le32 len; | |
197 | __le32 offset; | |
198 | /*?*/ __le32 handle; // zero | |
199 | } __attribute__ ((packed)); | |
200 | ||
201 | struct rndis_set_c { /* IN */ | |
202 | // header and: | |
203 | __le32 msg_type; /* RNDIS_MSG_SET_C */ | |
204 | __le32 msg_len; | |
205 | __le32 request_id; | |
206 | __le32 status; | |
207 | } __attribute__ ((packed)); | |
208 | ||
209 | struct rndis_reset { /* IN */ | |
210 | // header and: | |
211 | __le32 msg_type; /* RNDIS_MSG_RESET */ | |
212 | __le32 msg_len; | |
213 | __le32 reserved; | |
214 | } __attribute__ ((packed)); | |
215 | ||
216 | struct rndis_reset_c { /* OUT */ | |
217 | // header and: | |
218 | __le32 msg_type; /* RNDIS_MSG_RESET_C */ | |
219 | __le32 msg_len; | |
220 | __le32 status; | |
221 | __le32 addressing_lost; | |
222 | } __attribute__ ((packed)); | |
223 | ||
224 | struct rndis_indicate { /* IN (unrequested) */ | |
225 | // header and: | |
226 | __le32 msg_type; /* RNDIS_MSG_INDICATE */ | |
227 | __le32 msg_len; | |
228 | __le32 status; | |
229 | __le32 length; | |
230 | __le32 offset; | |
231 | /**/ __le32 diag_status; | |
232 | __le32 error_offset; | |
233 | /**/ __le32 message; | |
234 | } __attribute__ ((packed)); | |
235 | ||
236 | struct rndis_keepalive { /* OUT (optionally IN) */ | |
237 | // header and: | |
238 | __le32 msg_type; /* RNDIS_MSG_KEEPALIVE */ | |
239 | __le32 msg_len; | |
240 | __le32 request_id; | |
241 | } __attribute__ ((packed)); | |
242 | ||
243 | struct rndis_keepalive_c { /* IN (optionally OUT) */ | |
244 | // header and: | |
245 | __le32 msg_type; /* RNDIS_MSG_KEEPALIVE_C */ | |
246 | __le32 msg_len; | |
247 | __le32 request_id; | |
248 | __le32 status; | |
249 | } __attribute__ ((packed)); | |
250 | ||
251 | /* NOTE: about 30 OIDs are "mandatory" for peripherals to support ... and | |
252 | * there are gobs more that may optionally be supported. We'll avoid as much | |
253 | * of that mess as possible. | |
254 | */ | |
255 | #define OID_802_3_PERMANENT_ADDRESS ccpu2(0x01010101) | |
ddda0862 | 256 | #define OID_GEN_MAXIMUM_FRAME_SIZE ccpu2(0x00010106) |
64e04910 DB |
257 | #define OID_GEN_CURRENT_PACKET_FILTER ccpu2(0x0001010e) |
258 | ||
a842edac JK |
259 | /* packet filter bits used by OID_GEN_CURRENT_PACKET_FILTER */ |
260 | #define RNDIS_PACKET_TYPE_DIRECTED ccpu2(0x00000001) | |
261 | #define RNDIS_PACKET_TYPE_MULTICAST ccpu2(0x00000002) | |
262 | #define RNDIS_PACKET_TYPE_ALL_MULTICAST ccpu2(0x00000004) | |
263 | #define RNDIS_PACKET_TYPE_BROADCAST ccpu2(0x00000008) | |
264 | #define RNDIS_PACKET_TYPE_SOURCE_ROUTING ccpu2(0x00000010) | |
265 | #define RNDIS_PACKET_TYPE_PROMISCUOUS ccpu2(0x00000020) | |
266 | #define RNDIS_PACKET_TYPE_SMT ccpu2(0x00000040) | |
267 | #define RNDIS_PACKET_TYPE_ALL_LOCAL ccpu2(0x00000080) | |
268 | #define RNDIS_PACKET_TYPE_GROUP ccpu2(0x00001000) | |
269 | #define RNDIS_PACKET_TYPE_ALL_FUNCTIONAL ccpu2(0x00002000) | |
270 | #define RNDIS_PACKET_TYPE_FUNCTIONAL ccpu2(0x00004000) | |
271 | #define RNDIS_PACKET_TYPE_MAC_FRAME ccpu2(0x00008000) | |
272 | ||
273 | /* default filter used with RNDIS devices */ | |
274 | #define RNDIS_DEFAULT_FILTER ( \ | |
275 | RNDIS_PACKET_TYPE_DIRECTED | \ | |
276 | RNDIS_PACKET_TYPE_BROADCAST | \ | |
277 | RNDIS_PACKET_TYPE_ALL_MULTICAST | \ | |
278 | RNDIS_PACKET_TYPE_PROMISCUOUS) | |
279 | ||
64e04910 DB |
280 | /* |
281 | * RNDIS notifications from device: command completion; "reverse" | |
282 | * keepalives; etc | |
283 | */ | |
284 | static void rndis_status(struct usbnet *dev, struct urb *urb) | |
285 | { | |
286 | devdbg(dev, "rndis status urb, len %d stat %d", | |
287 | urb->actual_length, urb->status); | |
288 | // FIXME for keepalives, respond immediately (asynchronously) | |
289 | // if not an RNDIS status, do like cdc_status(dev,urb) does | |
290 | } | |
291 | ||
292 | /* | |
293 | * RPC done RNDIS-style. Caller guarantees: | |
294 | * - message is properly byteswapped | |
295 | * - there's no other request pending | |
296 | * - buf can hold up to 1KB response (required by RNDIS spec) | |
297 | * On return, the first few entries are already byteswapped. | |
298 | * | |
299 | * Call context is likely probe(), before interface name is known, | |
300 | * which is why we won't try to use it in the diagnostics. | |
301 | */ | |
302 | static int rndis_command(struct usbnet *dev, struct rndis_msg_hdr *buf) | |
303 | { | |
304 | struct cdc_state *info = (void *) &dev->data; | |
ad55d71a | 305 | int master_ifnum; |
64e04910 DB |
306 | int retval; |
307 | unsigned count; | |
308 | __le32 rsp; | |
309 | u32 xid = 0, msg_len, request_id; | |
310 | ||
311 | /* REVISIT when this gets called from contexts other than probe() or | |
312 | * disconnect(): either serialize, or dispatch responses on xid | |
313 | */ | |
314 | ||
ad55d71a | 315 | /* Issue the request; xid is unique, don't bother byteswapping it */ |
64e04910 DB |
316 | if (likely(buf->msg_type != RNDIS_MSG_HALT |
317 | && buf->msg_type != RNDIS_MSG_RESET)) { | |
318 | xid = dev->xid++; | |
319 | if (!xid) | |
320 | xid = dev->xid++; | |
321 | buf->request_id = (__force __le32) xid; | |
322 | } | |
ad55d71a | 323 | master_ifnum = info->control->cur_altsetting->desc.bInterfaceNumber; |
64e04910 DB |
324 | retval = usb_control_msg(dev->udev, |
325 | usb_sndctrlpipe(dev->udev, 0), | |
326 | USB_CDC_SEND_ENCAPSULATED_COMMAND, | |
327 | USB_TYPE_CLASS | USB_RECIP_INTERFACE, | |
ad55d71a | 328 | 0, master_ifnum, |
64e04910 DB |
329 | buf, le32_to_cpu(buf->msg_len), |
330 | RNDIS_CONTROL_TIMEOUT_MS); | |
331 | if (unlikely(retval < 0 || xid == 0)) | |
332 | return retval; | |
333 | ||
334 | // FIXME Seems like some devices discard responses when | |
335 | // we time out and cancel our "get response" requests... | |
336 | // so, this is fragile. Probably need to poll for status. | |
337 | ||
338 | /* ignore status endpoint, just poll the control channel; | |
339 | * the request probably completed immediately | |
340 | */ | |
341 | rsp = buf->msg_type | RNDIS_MSG_COMPLETION; | |
342 | for (count = 0; count < 10; count++) { | |
ad55d71a | 343 | memset(buf, 0, CONTROL_BUFFER_SIZE); |
64e04910 DB |
344 | retval = usb_control_msg(dev->udev, |
345 | usb_rcvctrlpipe(dev->udev, 0), | |
346 | USB_CDC_GET_ENCAPSULATED_RESPONSE, | |
347 | USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE, | |
ad55d71a OAVR |
348 | 0, master_ifnum, |
349 | buf, CONTROL_BUFFER_SIZE, | |
64e04910 DB |
350 | RNDIS_CONTROL_TIMEOUT_MS); |
351 | if (likely(retval >= 8)) { | |
352 | msg_len = le32_to_cpu(buf->msg_len); | |
353 | request_id = (__force u32) buf->request_id; | |
354 | if (likely(buf->msg_type == rsp)) { | |
355 | if (likely(request_id == xid)) { | |
356 | if (unlikely(rsp == RNDIS_MSG_RESET_C)) | |
357 | return 0; | |
358 | if (likely(RNDIS_STATUS_SUCCESS | |
359 | == buf->status)) | |
360 | return 0; | |
361 | dev_dbg(&info->control->dev, | |
362 | "rndis reply status %08x\n", | |
363 | le32_to_cpu(buf->status)); | |
364 | return -EL3RST; | |
365 | } | |
366 | dev_dbg(&info->control->dev, | |
367 | "rndis reply id %d expected %d\n", | |
368 | request_id, xid); | |
369 | /* then likely retry */ | |
370 | } else switch (buf->msg_type) { | |
371 | case RNDIS_MSG_INDICATE: { /* fault */ | |
372 | // struct rndis_indicate *msg = (void *)buf; | |
373 | dev_info(&info->control->dev, | |
ddda0862 | 374 | "rndis fault indication\n"); |
64e04910 DB |
375 | } |
376 | break; | |
377 | case RNDIS_MSG_KEEPALIVE: { /* ping */ | |
378 | struct rndis_keepalive_c *msg = (void *)buf; | |
379 | ||
380 | msg->msg_type = RNDIS_MSG_KEEPALIVE_C; | |
381 | msg->msg_len = ccpu2(sizeof *msg); | |
382 | msg->status = RNDIS_STATUS_SUCCESS; | |
383 | retval = usb_control_msg(dev->udev, | |
384 | usb_sndctrlpipe(dev->udev, 0), | |
385 | USB_CDC_SEND_ENCAPSULATED_COMMAND, | |
386 | USB_TYPE_CLASS | USB_RECIP_INTERFACE, | |
ad55d71a | 387 | 0, master_ifnum, |
64e04910 DB |
388 | msg, sizeof *msg, |
389 | RNDIS_CONTROL_TIMEOUT_MS); | |
390 | if (unlikely(retval < 0)) | |
391 | dev_dbg(&info->control->dev, | |
392 | "rndis keepalive err %d\n", | |
393 | retval); | |
394 | } | |
395 | break; | |
396 | default: | |
397 | dev_dbg(&info->control->dev, | |
398 | "unexpected rndis msg %08x len %d\n", | |
399 | le32_to_cpu(buf->msg_type), msg_len); | |
400 | } | |
401 | } else { | |
402 | /* device probably issued a protocol stall; ignore */ | |
403 | dev_dbg(&info->control->dev, | |
404 | "rndis response error, code %d\n", retval); | |
405 | } | |
406 | msleep(2); | |
407 | } | |
408 | dev_dbg(&info->control->dev, "rndis response timeout\n"); | |
409 | return -ETIMEDOUT; | |
410 | } | |
411 | ||
ddda0862 DB |
412 | /* |
413 | * rndis_query: | |
414 | * | |
415 | * Performs a query for @oid along with 0 or more bytes of payload as | |
416 | * specified by @in_len. If @reply_len is not set to -1 then the reply | |
417 | * length is checked against this value, resulting in an error if it | |
418 | * doesn't match. | |
419 | * | |
420 | * NOTE: Adding a payload exactly or greater than the size of the expected | |
421 | * response payload is an evident requirement MSFT added for ActiveSync. | |
422 | * | |
423 | * The only exception is for OIDs that return a variably sized response, | |
424 | * in which case no payload should be added. This undocumented (and | |
425 | * nonsensical!) issue was found by sniffing protocol requests from the | |
426 | * ActiveSync 4.1 Windows driver. | |
427 | */ | |
428 | static int rndis_query(struct usbnet *dev, struct usb_interface *intf, | |
429 | void *buf, u32 oid, u32 in_len, | |
430 | void **reply, int *reply_len) | |
431 | { | |
432 | int retval; | |
433 | union { | |
434 | void *buf; | |
435 | struct rndis_msg_hdr *header; | |
436 | struct rndis_query *get; | |
437 | struct rndis_query_c *get_c; | |
438 | } u; | |
439 | u32 off, len; | |
440 | ||
441 | u.buf = buf; | |
442 | ||
443 | memset(u.get, 0, sizeof *u.get + in_len); | |
444 | u.get->msg_type = RNDIS_MSG_QUERY; | |
445 | u.get->msg_len = cpu_to_le32(sizeof *u.get + in_len); | |
446 | u.get->oid = oid; | |
447 | u.get->len = cpu_to_le32(in_len); | |
448 | u.get->offset = ccpu2(20); | |
449 | ||
450 | retval = rndis_command(dev, u.header); | |
451 | if (unlikely(retval < 0)) { | |
452 | dev_err(&intf->dev, "RNDIS_MSG_QUERY(0x%08x) failed, %d\n", | |
453 | oid, retval); | |
454 | return retval; | |
455 | } | |
456 | ||
457 | off = le32_to_cpu(u.get_c->offset); | |
458 | len = le32_to_cpu(u.get_c->len); | |
459 | if (unlikely((8 + off + len) > CONTROL_BUFFER_SIZE)) | |
460 | goto response_error; | |
461 | ||
462 | if (*reply_len != -1 && len != *reply_len) | |
463 | goto response_error; | |
464 | ||
465 | *reply = (unsigned char *) &u.get_c->request_id + off; | |
466 | *reply_len = len; | |
467 | ||
468 | return retval; | |
469 | ||
470 | response_error: | |
471 | dev_err(&intf->dev, "RNDIS_MSG_QUERY(0x%08x) " | |
472 | "invalid response - off %d len %d\n", | |
473 | oid, off, len); | |
474 | return -EDOM; | |
475 | } | |
476 | ||
64e04910 DB |
477 | static int rndis_bind(struct usbnet *dev, struct usb_interface *intf) |
478 | { | |
479 | int retval; | |
480 | struct net_device *net = dev->net; | |
deb31f17 | 481 | struct cdc_state *info = (void *) &dev->data; |
64e04910 DB |
482 | union { |
483 | void *buf; | |
484 | struct rndis_msg_hdr *header; | |
485 | struct rndis_init *init; | |
486 | struct rndis_init_c *init_c; | |
487 | struct rndis_query *get; | |
488 | struct rndis_query_c *get_c; | |
489 | struct rndis_set *set; | |
490 | struct rndis_set_c *set_c; | |
9ff55874 | 491 | struct rndis_halt *halt; |
64e04910 DB |
492 | } u; |
493 | u32 tmp; | |
ddda0862 DB |
494 | int reply_len; |
495 | unsigned char *bp; | |
64e04910 DB |
496 | |
497 | /* we can't rely on i/o from stack working, or stack allocation */ | |
ad55d71a | 498 | u.buf = kmalloc(CONTROL_BUFFER_SIZE, GFP_KERNEL); |
64e04910 DB |
499 | if (!u.buf) |
500 | return -ENOMEM; | |
501 | retval = usbnet_generic_cdc_bind(dev, intf); | |
502 | if (retval < 0) | |
deb31f17 | 503 | goto fail; |
64e04910 | 504 | |
64e04910 DB |
505 | u.init->msg_type = RNDIS_MSG_INIT; |
506 | u.init->msg_len = ccpu2(sizeof *u.init); | |
507 | u.init->major_version = ccpu2(1); | |
508 | u.init->minor_version = ccpu2(0); | |
64e04910 | 509 | |
ad55d71a OAVR |
510 | /* max transfer (in spec) is 0x4000 at full speed, but for |
511 | * TX we'll stick to one Ethernet packet plus RNDIS framing. | |
512 | * For RX we handle drivers that zero-pad to end-of-packet. | |
513 | * Don't let userspace change these settings. | |
ddda0862 DB |
514 | * |
515 | * NOTE: there still seems to be wierdness here, as if we need | |
516 | * to do some more things to make sure WinCE targets accept this. | |
517 | * They default to jumbograms of 8KB or 16KB, which is absurd | |
518 | * for such low data rates and which is also more than Linux | |
519 | * can usually expect to allocate for SKB data... | |
ad55d71a OAVR |
520 | */ |
521 | net->hard_header_len += sizeof (struct rndis_data_hdr); | |
522 | dev->hard_mtu = net->mtu + net->hard_header_len; | |
523 | ||
524 | dev->rx_urb_size = dev->hard_mtu + (dev->maxpacket + 1); | |
525 | dev->rx_urb_size &= ~(dev->maxpacket - 1); | |
526 | u.init->max_transfer_size = cpu_to_le32(dev->rx_urb_size); | |
527 | ||
528 | net->change_mtu = NULL; | |
64e04910 DB |
529 | retval = rndis_command(dev, u.header); |
530 | if (unlikely(retval < 0)) { | |
531 | /* it might not even be an RNDIS device!! */ | |
532 | dev_err(&intf->dev, "RNDIS init failed, %d\n", retval); | |
ddda0862 | 533 | goto fail_and_release; |
ad55d71a OAVR |
534 | } |
535 | tmp = le32_to_cpu(u.init_c->max_transfer_size); | |
536 | if (tmp < dev->hard_mtu) { | |
500d2c2f TS |
537 | if (tmp <= net->hard_header_len) { |
538 | dev_err(&intf->dev, | |
539 | "dev can't take %u byte packets (max %u)\n", | |
540 | dev->hard_mtu, tmp); | |
541 | retval = -EINVAL; | |
9ff55874 | 542 | goto halt_fail_and_release; |
500d2c2f TS |
543 | } |
544 | dev->hard_mtu = tmp; | |
545 | net->mtu = dev->hard_mtu - net->hard_header_len; | |
546 | dev_warn(&intf->dev, | |
547 | "dev can't take %u byte packets (max %u), " | |
548 | "adjusting MTU to %u\n", | |
549 | dev->hard_mtu, tmp, net->mtu); | |
64e04910 | 550 | } |
ad55d71a | 551 | |
64e04910 | 552 | /* REVISIT: peripheral "alignment" request is ignored ... */ |
ad55d71a OAVR |
553 | dev_dbg(&intf->dev, |
554 | "hard mtu %u (%u from dev), rx buflen %Zu, align %d\n", | |
555 | dev->hard_mtu, tmp, dev->rx_urb_size, | |
64e04910 DB |
556 | 1 << le32_to_cpu(u.init_c->packet_alignment)); |
557 | ||
ddda0862 DB |
558 | /* Get designated host ethernet address */ |
559 | reply_len = ETH_ALEN; | |
560 | retval = rndis_query(dev, intf, u.buf, OID_802_3_PERMANENT_ADDRESS, | |
561 | 48, (void **) &bp, &reply_len); | |
562 | if (unlikely(retval< 0)) { | |
64e04910 | 563 | dev_err(&intf->dev, "rndis get ethaddr, %d\n", retval); |
9ff55874 | 564 | goto halt_fail_and_release; |
64e04910 | 565 | } |
ddda0862 | 566 | memcpy(net->dev_addr, bp, ETH_ALEN); |
64e04910 DB |
567 | |
568 | /* set a nonzero filter to enable data transfers */ | |
569 | memset(u.set, 0, sizeof *u.set); | |
570 | u.set->msg_type = RNDIS_MSG_SET; | |
571 | u.set->msg_len = ccpu2(4 + sizeof *u.set); | |
572 | u.set->oid = OID_GEN_CURRENT_PACKET_FILTER; | |
573 | u.set->len = ccpu2(4); | |
574 | u.set->offset = ccpu2((sizeof *u.set) - 8); | |
a842edac | 575 | *(__le32 *)(u.buf + sizeof *u.set) = RNDIS_DEFAULT_FILTER; |
64e04910 DB |
576 | |
577 | retval = rndis_command(dev, u.header); | |
578 | if (unlikely(retval < 0)) { | |
579 | dev_err(&intf->dev, "rndis set packet filter, %d\n", retval); | |
9ff55874 | 580 | goto halt_fail_and_release; |
64e04910 DB |
581 | } |
582 | ||
583 | retval = 0; | |
deb31f17 DG |
584 | |
585 | kfree(u.buf); | |
586 | return retval; | |
587 | ||
9ff55874 JK |
588 | halt_fail_and_release: |
589 | memset(u.halt, 0, sizeof *u.halt); | |
590 | u.halt->msg_type = RNDIS_MSG_HALT; | |
591 | u.halt->msg_len = ccpu2(sizeof *u.halt); | |
592 | (void) rndis_command(dev, (void *)u.halt); | |
deb31f17 DG |
593 | fail_and_release: |
594 | usb_set_intfdata(info->data, NULL); | |
595 | usb_driver_release_interface(driver_of(intf), info->data); | |
ddda0862 | 596 | info->data = NULL; |
deb31f17 | 597 | fail: |
64e04910 DB |
598 | kfree(u.buf); |
599 | return retval; | |
600 | } | |
601 | ||
602 | static void rndis_unbind(struct usbnet *dev, struct usb_interface *intf) | |
603 | { | |
604 | struct rndis_halt *halt; | |
605 | ||
606 | /* try to clear any rndis state/activity (no i/o from stack!) */ | |
04c3c01a | 607 | halt = kzalloc(CONTROL_BUFFER_SIZE, GFP_KERNEL); |
64e04910 DB |
608 | if (halt) { |
609 | halt->msg_type = RNDIS_MSG_HALT; | |
610 | halt->msg_len = ccpu2(sizeof *halt); | |
611 | (void) rndis_command(dev, (void *)halt); | |
612 | kfree(halt); | |
613 | } | |
614 | ||
2bfa2e1f | 615 | usbnet_cdc_unbind(dev, intf); |
64e04910 DB |
616 | } |
617 | ||
618 | /* | |
619 | * DATA -- host must not write zlps | |
620 | */ | |
621 | static int rndis_rx_fixup(struct usbnet *dev, struct sk_buff *skb) | |
622 | { | |
623 | /* peripheral may have batched packets to us... */ | |
624 | while (likely(skb->len)) { | |
625 | struct rndis_data_hdr *hdr = (void *)skb->data; | |
626 | struct sk_buff *skb2; | |
627 | u32 msg_len, data_offset, data_len; | |
628 | ||
629 | msg_len = le32_to_cpu(hdr->msg_len); | |
630 | data_offset = le32_to_cpu(hdr->data_offset); | |
631 | data_len = le32_to_cpu(hdr->data_len); | |
632 | ||
633 | /* don't choke if we see oob, per-packet data, etc */ | |
634 | if (unlikely(hdr->msg_type != RNDIS_MSG_PACKET | |
635 | || skb->len < msg_len | |
636 | || (data_offset + data_len + 8) > msg_len)) { | |
637 | dev->stats.rx_frame_errors++; | |
638 | devdbg(dev, "bad rndis message %d/%d/%d/%d, len %d", | |
639 | le32_to_cpu(hdr->msg_type), | |
640 | msg_len, data_offset, data_len, skb->len); | |
641 | return 0; | |
642 | } | |
643 | skb_pull(skb, 8 + data_offset); | |
644 | ||
645 | /* at most one packet left? */ | |
646 | if (likely((data_len - skb->len) <= sizeof *hdr)) { | |
647 | skb_trim(skb, data_len); | |
648 | break; | |
649 | } | |
650 | ||
651 | /* try to return all the packets in the batch */ | |
652 | skb2 = skb_clone(skb, GFP_ATOMIC); | |
653 | if (unlikely(!skb2)) | |
654 | break; | |
655 | skb_pull(skb, msg_len - sizeof *hdr); | |
656 | skb_trim(skb2, data_len); | |
657 | usbnet_skb_return(dev, skb2); | |
658 | } | |
659 | ||
660 | /* caller will usbnet_skb_return the remaining packet */ | |
661 | return 1; | |
662 | } | |
663 | ||
664 | static struct sk_buff * | |
55016f10 | 665 | rndis_tx_fixup(struct usbnet *dev, struct sk_buff *skb, gfp_t flags) |
64e04910 DB |
666 | { |
667 | struct rndis_data_hdr *hdr; | |
668 | struct sk_buff *skb2; | |
669 | unsigned len = skb->len; | |
670 | ||
671 | if (likely(!skb_cloned(skb))) { | |
672 | int room = skb_headroom(skb); | |
673 | ||
674 | /* enough head room as-is? */ | |
675 | if (unlikely((sizeof *hdr) <= room)) | |
676 | goto fill; | |
677 | ||
678 | /* enough room, but needs to be readjusted? */ | |
679 | room += skb_tailroom(skb); | |
680 | if (likely((sizeof *hdr) <= room)) { | |
681 | skb->data = memmove(skb->head + sizeof *hdr, | |
682 | skb->data, len); | |
27a884dc | 683 | skb_set_tail_pointer(skb, len); |
64e04910 DB |
684 | goto fill; |
685 | } | |
686 | } | |
687 | ||
688 | /* create a new skb, with the correct size (and tailpad) */ | |
689 | skb2 = skb_copy_expand(skb, sizeof *hdr, 1, flags); | |
690 | dev_kfree_skb_any(skb); | |
691 | if (unlikely(!skb2)) | |
692 | return skb2; | |
693 | skb = skb2; | |
694 | ||
695 | /* fill out the RNDIS header. we won't bother trying to batch | |
696 | * packets; Linux minimizes wasted bandwidth through tx queues. | |
697 | */ | |
698 | fill: | |
699 | hdr = (void *) __skb_push(skb, sizeof *hdr); | |
700 | memset(hdr, 0, sizeof *hdr); | |
701 | hdr->msg_type = RNDIS_MSG_PACKET; | |
702 | hdr->msg_len = cpu_to_le32(skb->len); | |
703 | hdr->data_offset = ccpu2(sizeof(*hdr) - 8); | |
704 | hdr->data_len = cpu_to_le32(len); | |
705 | ||
706 | /* FIXME make the last packet always be short ... */ | |
707 | return skb; | |
708 | } | |
709 | ||
710 | ||
711 | static const struct driver_info rndis_info = { | |
712 | .description = "RNDIS device", | |
ddda0862 | 713 | .flags = FLAG_ETHER | FLAG_FRAMING_RN | FLAG_NO_SETINT, |
64e04910 DB |
714 | .bind = rndis_bind, |
715 | .unbind = rndis_unbind, | |
716 | .status = rndis_status, | |
717 | .rx_fixup = rndis_rx_fixup, | |
718 | .tx_fixup = rndis_tx_fixup, | |
719 | }; | |
720 | ||
721 | #undef ccpu2 | |
722 | ||
723 | ||
724 | /*-------------------------------------------------------------------------*/ | |
725 | ||
726 | static const struct usb_device_id products [] = { | |
727 | { | |
728 | /* RNDIS is MSFT's un-official variant of CDC ACM */ | |
729 | USB_INTERFACE_INFO(USB_CLASS_COMM, 2 /* ACM */, 0x0ff), | |
730 | .driver_info = (unsigned long) &rndis_info, | |
ad55d71a OAVR |
731 | }, { |
732 | /* "ActiveSync" is an undocumented variant of RNDIS, used in WM5 */ | |
733 | USB_INTERFACE_INFO(USB_CLASS_MISC, 1, 1), | |
734 | .driver_info = (unsigned long) &rndis_info, | |
64e04910 DB |
735 | }, |
736 | { }, // END | |
737 | }; | |
738 | MODULE_DEVICE_TABLE(usb, products); | |
739 | ||
740 | static struct usb_driver rndis_driver = { | |
64e04910 DB |
741 | .name = "rndis_host", |
742 | .id_table = products, | |
743 | .probe = usbnet_probe, | |
744 | .disconnect = usbnet_disconnect, | |
745 | .suspend = usbnet_suspend, | |
746 | .resume = usbnet_resume, | |
747 | }; | |
748 | ||
749 | static int __init rndis_init(void) | |
750 | { | |
51400f1d | 751 | return usb_register(&rndis_driver); |
64e04910 DB |
752 | } |
753 | module_init(rndis_init); | |
754 | ||
755 | static void __exit rndis_exit(void) | |
756 | { | |
51400f1d | 757 | usb_deregister(&rndis_driver); |
64e04910 DB |
758 | } |
759 | module_exit(rndis_exit); | |
760 | ||
761 | MODULE_AUTHOR("David Brownell"); | |
762 | MODULE_DESCRIPTION("USB Host side RNDIS driver"); | |
763 | MODULE_LICENSE("GPL"); |