Commit | Line | Data |
---|---|---|
64e04910 DB |
1 | /* |
2 | * Host Side support for RNDIS Networking Links | |
3 | * Copyright (C) 2005 by David Brownell | |
4 | * | |
5 | * This program is free software; you can redistribute it and/or modify | |
6 | * it under the terms of the GNU General Public License as published by | |
7 | * the Free Software Foundation; either version 2 of the License, or | |
8 | * (at your option) any later version. | |
9 | * | |
10 | * This program is distributed in the hope that it will be useful, | |
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
13 | * GNU General Public License for more details. | |
14 | * | |
15 | * You should have received a copy of the GNU General Public License | |
16 | * along with this program; if not, write to the Free Software | |
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA | |
18 | */ | |
19 | ||
20 | // #define DEBUG // error path messages, extra info | |
21 | // #define VERBOSE // more; success messages | |
22 | ||
64e04910 | 23 | #include <linux/module.h> |
64e04910 DB |
24 | #include <linux/init.h> |
25 | #include <linux/netdevice.h> | |
26 | #include <linux/etherdevice.h> | |
27 | #include <linux/ethtool.h> | |
28 | #include <linux/workqueue.h> | |
29 | #include <linux/mii.h> | |
30 | #include <linux/usb.h> | |
a8c28f23 | 31 | #include <linux/usb/cdc.h> |
64e04910 DB |
32 | |
33 | #include "usbnet.h" | |
34 | ||
35 | ||
36 | /* | |
37 | * RNDIS is NDIS remoted over USB. It's a MSFT variant of CDC ACM ... of | |
38 | * course ACM was intended for modems, not Ethernet links! USB's standard | |
39 | * for Ethernet links is "CDC Ethernet", which is significantly simpler. | |
51400f1d DB |
40 | * |
41 | * NOTE that Microsoft's "RNDIS 1.0" specification is incomplete. Issues | |
42 | * include: | |
43 | * - Power management in particular relies on information that's scattered | |
44 | * through other documentation, and which is incomplete or incorrect even | |
45 | * there. | |
46 | * - There are various undocumented protocol requirements, such as the | |
47 | * need to send unused garbage in control-OUT messages. | |
48 | * - In some cases, MS-Windows will emit undocumented requests; this | |
49 | * matters more to peripheral implementations than host ones. | |
50 | * | |
ad55d71a OAVR |
51 | * Moreover there's a no-open-specs variant of RNDIS called "ActiveSync". |
52 | * | |
51400f1d DB |
53 | * For these reasons and others, ** USE OF RNDIS IS STRONGLY DISCOURAGED ** in |
54 | * favor of such non-proprietary alternatives as CDC Ethernet or the newer (and | |
55 | * currently rare) "Ethernet Emulation Model" (EEM). | |
64e04910 DB |
56 | */ |
57 | ||
58 | /* | |
59 | * CONTROL uses CDC "encapsulated commands" with funky notifications. | |
60 | * - control-out: SEND_ENCAPSULATED | |
61 | * - interrupt-in: RESPONSE_AVAILABLE | |
62 | * - control-in: GET_ENCAPSULATED | |
63 | * | |
64 | * We'll try to ignore the RESPONSE_AVAILABLE notifications. | |
ad55d71a OAVR |
65 | * |
66 | * REVISIT some RNDIS implementations seem to have curious issues still | |
67 | * to be resolved. | |
64e04910 DB |
68 | */ |
69 | struct rndis_msg_hdr { | |
70 | __le32 msg_type; /* RNDIS_MSG_* */ | |
71 | __le32 msg_len; | |
72 | // followed by data that varies between messages | |
73 | __le32 request_id; | |
74 | __le32 status; | |
75 | // ... and more | |
76 | } __attribute__ ((packed)); | |
77 | ||
ad55d71a OAVR |
78 | /* MS-Windows uses this strange size, but RNDIS spec says 1024 minimum */ |
79 | #define CONTROL_BUFFER_SIZE 1025 | |
80 | ||
81 | /* RNDIS defines an (absurdly huge) 10 second control timeout, | |
82 | * but ActiveSync seems to use a more usual 5 second timeout | |
83 | * (which matches the USB 2.0 spec). | |
84 | */ | |
85 | #define RNDIS_CONTROL_TIMEOUT_MS (5 * 1000) | |
64e04910 DB |
86 | |
87 | ||
88 | #define ccpu2 __constant_cpu_to_le32 | |
89 | ||
90 | #define RNDIS_MSG_COMPLETION ccpu2(0x80000000) | |
91 | ||
92 | /* codes for "msg_type" field of rndis messages; | |
93 | * only the data channel uses packet messages (maybe batched); | |
94 | * everything else goes on the control channel. | |
95 | */ | |
96 | #define RNDIS_MSG_PACKET ccpu2(0x00000001) /* 1-N packets */ | |
97 | #define RNDIS_MSG_INIT ccpu2(0x00000002) | |
51400f1d | 98 | #define RNDIS_MSG_INIT_C (RNDIS_MSG_INIT|RNDIS_MSG_COMPLETION) |
64e04910 DB |
99 | #define RNDIS_MSG_HALT ccpu2(0x00000003) |
100 | #define RNDIS_MSG_QUERY ccpu2(0x00000004) | |
51400f1d | 101 | #define RNDIS_MSG_QUERY_C (RNDIS_MSG_QUERY|RNDIS_MSG_COMPLETION) |
64e04910 | 102 | #define RNDIS_MSG_SET ccpu2(0x00000005) |
51400f1d | 103 | #define RNDIS_MSG_SET_C (RNDIS_MSG_SET|RNDIS_MSG_COMPLETION) |
64e04910 | 104 | #define RNDIS_MSG_RESET ccpu2(0x00000006) |
51400f1d | 105 | #define RNDIS_MSG_RESET_C (RNDIS_MSG_RESET|RNDIS_MSG_COMPLETION) |
64e04910 DB |
106 | #define RNDIS_MSG_INDICATE ccpu2(0x00000007) |
107 | #define RNDIS_MSG_KEEPALIVE ccpu2(0x00000008) | |
51400f1d | 108 | #define RNDIS_MSG_KEEPALIVE_C (RNDIS_MSG_KEEPALIVE|RNDIS_MSG_COMPLETION) |
64e04910 DB |
109 | |
110 | /* codes for "status" field of completion messages */ | |
111 | #define RNDIS_STATUS_SUCCESS ccpu2(0x00000000) | |
112 | #define RNDIS_STATUS_FAILURE ccpu2(0xc0000001) | |
113 | #define RNDIS_STATUS_INVALID_DATA ccpu2(0xc0010015) | |
114 | #define RNDIS_STATUS_NOT_SUPPORTED ccpu2(0xc00000bb) | |
115 | #define RNDIS_STATUS_MEDIA_CONNECT ccpu2(0x4001000b) | |
116 | #define RNDIS_STATUS_MEDIA_DISCONNECT ccpu2(0x4001000c) | |
117 | ||
118 | ||
119 | struct rndis_data_hdr { | |
120 | __le32 msg_type; /* RNDIS_MSG_PACKET */ | |
121 | __le32 msg_len; // rndis_data_hdr + data_len + pad | |
122 | __le32 data_offset; // 36 -- right after header | |
123 | __le32 data_len; // ... real packet size | |
124 | ||
125 | __le32 oob_data_offset; // zero | |
126 | __le32 oob_data_len; // zero | |
127 | __le32 num_oob; // zero | |
128 | __le32 packet_data_offset; // zero | |
129 | ||
130 | __le32 packet_data_len; // zero | |
131 | __le32 vc_handle; // zero | |
132 | __le32 reserved; // zero | |
133 | } __attribute__ ((packed)); | |
134 | ||
135 | struct rndis_init { /* OUT */ | |
136 | // header and: | |
137 | __le32 msg_type; /* RNDIS_MSG_INIT */ | |
138 | __le32 msg_len; // 24 | |
139 | __le32 request_id; | |
140 | __le32 major_version; // of rndis (1.0) | |
141 | __le32 minor_version; | |
142 | __le32 max_transfer_size; | |
143 | } __attribute__ ((packed)); | |
144 | ||
145 | struct rndis_init_c { /* IN */ | |
146 | // header and: | |
147 | __le32 msg_type; /* RNDIS_MSG_INIT_C */ | |
148 | __le32 msg_len; | |
149 | __le32 request_id; | |
150 | __le32 status; | |
151 | __le32 major_version; // of rndis (1.0) | |
152 | __le32 minor_version; | |
153 | __le32 device_flags; | |
154 | __le32 medium; // zero == 802.3 | |
155 | __le32 max_packets_per_message; | |
156 | __le32 max_transfer_size; | |
157 | __le32 packet_alignment; // max 7; (1<<n) bytes | |
158 | __le32 af_list_offset; // zero | |
159 | __le32 af_list_size; // zero | |
160 | } __attribute__ ((packed)); | |
161 | ||
162 | struct rndis_halt { /* OUT (no reply) */ | |
163 | // header and: | |
164 | __le32 msg_type; /* RNDIS_MSG_HALT */ | |
165 | __le32 msg_len; | |
166 | __le32 request_id; | |
167 | } __attribute__ ((packed)); | |
168 | ||
169 | struct rndis_query { /* OUT */ | |
170 | // header and: | |
171 | __le32 msg_type; /* RNDIS_MSG_QUERY */ | |
172 | __le32 msg_len; | |
173 | __le32 request_id; | |
174 | __le32 oid; | |
175 | __le32 len; | |
176 | __le32 offset; | |
177 | /*?*/ __le32 handle; // zero | |
178 | } __attribute__ ((packed)); | |
179 | ||
180 | struct rndis_query_c { /* IN */ | |
181 | // header and: | |
182 | __le32 msg_type; /* RNDIS_MSG_QUERY_C */ | |
183 | __le32 msg_len; | |
184 | __le32 request_id; | |
185 | __le32 status; | |
186 | __le32 len; | |
187 | __le32 offset; | |
188 | } __attribute__ ((packed)); | |
189 | ||
190 | struct rndis_set { /* OUT */ | |
191 | // header and: | |
192 | __le32 msg_type; /* RNDIS_MSG_SET */ | |
193 | __le32 msg_len; | |
194 | __le32 request_id; | |
195 | __le32 oid; | |
196 | __le32 len; | |
197 | __le32 offset; | |
198 | /*?*/ __le32 handle; // zero | |
199 | } __attribute__ ((packed)); | |
200 | ||
201 | struct rndis_set_c { /* IN */ | |
202 | // header and: | |
203 | __le32 msg_type; /* RNDIS_MSG_SET_C */ | |
204 | __le32 msg_len; | |
205 | __le32 request_id; | |
206 | __le32 status; | |
207 | } __attribute__ ((packed)); | |
208 | ||
209 | struct rndis_reset { /* IN */ | |
210 | // header and: | |
211 | __le32 msg_type; /* RNDIS_MSG_RESET */ | |
212 | __le32 msg_len; | |
213 | __le32 reserved; | |
214 | } __attribute__ ((packed)); | |
215 | ||
216 | struct rndis_reset_c { /* OUT */ | |
217 | // header and: | |
218 | __le32 msg_type; /* RNDIS_MSG_RESET_C */ | |
219 | __le32 msg_len; | |
220 | __le32 status; | |
221 | __le32 addressing_lost; | |
222 | } __attribute__ ((packed)); | |
223 | ||
224 | struct rndis_indicate { /* IN (unrequested) */ | |
225 | // header and: | |
226 | __le32 msg_type; /* RNDIS_MSG_INDICATE */ | |
227 | __le32 msg_len; | |
228 | __le32 status; | |
229 | __le32 length; | |
230 | __le32 offset; | |
231 | /**/ __le32 diag_status; | |
232 | __le32 error_offset; | |
233 | /**/ __le32 message; | |
234 | } __attribute__ ((packed)); | |
235 | ||
236 | struct rndis_keepalive { /* OUT (optionally IN) */ | |
237 | // header and: | |
238 | __le32 msg_type; /* RNDIS_MSG_KEEPALIVE */ | |
239 | __le32 msg_len; | |
240 | __le32 request_id; | |
241 | } __attribute__ ((packed)); | |
242 | ||
243 | struct rndis_keepalive_c { /* IN (optionally OUT) */ | |
244 | // header and: | |
245 | __le32 msg_type; /* RNDIS_MSG_KEEPALIVE_C */ | |
246 | __le32 msg_len; | |
247 | __le32 request_id; | |
248 | __le32 status; | |
249 | } __attribute__ ((packed)); | |
250 | ||
251 | /* NOTE: about 30 OIDs are "mandatory" for peripherals to support ... and | |
252 | * there are gobs more that may optionally be supported. We'll avoid as much | |
253 | * of that mess as possible. | |
254 | */ | |
255 | #define OID_802_3_PERMANENT_ADDRESS ccpu2(0x01010101) | |
256 | #define OID_GEN_CURRENT_PACKET_FILTER ccpu2(0x0001010e) | |
257 | ||
258 | /* | |
259 | * RNDIS notifications from device: command completion; "reverse" | |
260 | * keepalives; etc | |
261 | */ | |
262 | static void rndis_status(struct usbnet *dev, struct urb *urb) | |
263 | { | |
264 | devdbg(dev, "rndis status urb, len %d stat %d", | |
265 | urb->actual_length, urb->status); | |
266 | // FIXME for keepalives, respond immediately (asynchronously) | |
267 | // if not an RNDIS status, do like cdc_status(dev,urb) does | |
268 | } | |
269 | ||
270 | /* | |
271 | * RPC done RNDIS-style. Caller guarantees: | |
272 | * - message is properly byteswapped | |
273 | * - there's no other request pending | |
274 | * - buf can hold up to 1KB response (required by RNDIS spec) | |
275 | * On return, the first few entries are already byteswapped. | |
276 | * | |
277 | * Call context is likely probe(), before interface name is known, | |
278 | * which is why we won't try to use it in the diagnostics. | |
279 | */ | |
280 | static int rndis_command(struct usbnet *dev, struct rndis_msg_hdr *buf) | |
281 | { | |
282 | struct cdc_state *info = (void *) &dev->data; | |
ad55d71a | 283 | int master_ifnum; |
64e04910 DB |
284 | int retval; |
285 | unsigned count; | |
286 | __le32 rsp; | |
287 | u32 xid = 0, msg_len, request_id; | |
288 | ||
289 | /* REVISIT when this gets called from contexts other than probe() or | |
290 | * disconnect(): either serialize, or dispatch responses on xid | |
291 | */ | |
292 | ||
ad55d71a | 293 | /* Issue the request; xid is unique, don't bother byteswapping it */ |
64e04910 DB |
294 | if (likely(buf->msg_type != RNDIS_MSG_HALT |
295 | && buf->msg_type != RNDIS_MSG_RESET)) { | |
296 | xid = dev->xid++; | |
297 | if (!xid) | |
298 | xid = dev->xid++; | |
299 | buf->request_id = (__force __le32) xid; | |
300 | } | |
ad55d71a | 301 | master_ifnum = info->control->cur_altsetting->desc.bInterfaceNumber; |
64e04910 DB |
302 | retval = usb_control_msg(dev->udev, |
303 | usb_sndctrlpipe(dev->udev, 0), | |
304 | USB_CDC_SEND_ENCAPSULATED_COMMAND, | |
305 | USB_TYPE_CLASS | USB_RECIP_INTERFACE, | |
ad55d71a | 306 | 0, master_ifnum, |
64e04910 DB |
307 | buf, le32_to_cpu(buf->msg_len), |
308 | RNDIS_CONTROL_TIMEOUT_MS); | |
309 | if (unlikely(retval < 0 || xid == 0)) | |
310 | return retval; | |
311 | ||
312 | // FIXME Seems like some devices discard responses when | |
313 | // we time out and cancel our "get response" requests... | |
314 | // so, this is fragile. Probably need to poll for status. | |
315 | ||
316 | /* ignore status endpoint, just poll the control channel; | |
317 | * the request probably completed immediately | |
318 | */ | |
319 | rsp = buf->msg_type | RNDIS_MSG_COMPLETION; | |
320 | for (count = 0; count < 10; count++) { | |
ad55d71a | 321 | memset(buf, 0, CONTROL_BUFFER_SIZE); |
64e04910 DB |
322 | retval = usb_control_msg(dev->udev, |
323 | usb_rcvctrlpipe(dev->udev, 0), | |
324 | USB_CDC_GET_ENCAPSULATED_RESPONSE, | |
325 | USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE, | |
ad55d71a OAVR |
326 | 0, master_ifnum, |
327 | buf, CONTROL_BUFFER_SIZE, | |
64e04910 DB |
328 | RNDIS_CONTROL_TIMEOUT_MS); |
329 | if (likely(retval >= 8)) { | |
330 | msg_len = le32_to_cpu(buf->msg_len); | |
331 | request_id = (__force u32) buf->request_id; | |
332 | if (likely(buf->msg_type == rsp)) { | |
333 | if (likely(request_id == xid)) { | |
334 | if (unlikely(rsp == RNDIS_MSG_RESET_C)) | |
335 | return 0; | |
336 | if (likely(RNDIS_STATUS_SUCCESS | |
337 | == buf->status)) | |
338 | return 0; | |
339 | dev_dbg(&info->control->dev, | |
340 | "rndis reply status %08x\n", | |
341 | le32_to_cpu(buf->status)); | |
342 | return -EL3RST; | |
343 | } | |
344 | dev_dbg(&info->control->dev, | |
345 | "rndis reply id %d expected %d\n", | |
346 | request_id, xid); | |
347 | /* then likely retry */ | |
348 | } else switch (buf->msg_type) { | |
349 | case RNDIS_MSG_INDICATE: { /* fault */ | |
350 | // struct rndis_indicate *msg = (void *)buf; | |
351 | dev_info(&info->control->dev, | |
352 | "rndis fault indication\n"); | |
353 | } | |
354 | break; | |
355 | case RNDIS_MSG_KEEPALIVE: { /* ping */ | |
356 | struct rndis_keepalive_c *msg = (void *)buf; | |
357 | ||
358 | msg->msg_type = RNDIS_MSG_KEEPALIVE_C; | |
359 | msg->msg_len = ccpu2(sizeof *msg); | |
360 | msg->status = RNDIS_STATUS_SUCCESS; | |
361 | retval = usb_control_msg(dev->udev, | |
362 | usb_sndctrlpipe(dev->udev, 0), | |
363 | USB_CDC_SEND_ENCAPSULATED_COMMAND, | |
364 | USB_TYPE_CLASS | USB_RECIP_INTERFACE, | |
ad55d71a | 365 | 0, master_ifnum, |
64e04910 DB |
366 | msg, sizeof *msg, |
367 | RNDIS_CONTROL_TIMEOUT_MS); | |
368 | if (unlikely(retval < 0)) | |
369 | dev_dbg(&info->control->dev, | |
370 | "rndis keepalive err %d\n", | |
371 | retval); | |
372 | } | |
373 | break; | |
374 | default: | |
375 | dev_dbg(&info->control->dev, | |
376 | "unexpected rndis msg %08x len %d\n", | |
377 | le32_to_cpu(buf->msg_type), msg_len); | |
378 | } | |
379 | } else { | |
380 | /* device probably issued a protocol stall; ignore */ | |
381 | dev_dbg(&info->control->dev, | |
382 | "rndis response error, code %d\n", retval); | |
383 | } | |
384 | msleep(2); | |
385 | } | |
386 | dev_dbg(&info->control->dev, "rndis response timeout\n"); | |
387 | return -ETIMEDOUT; | |
388 | } | |
389 | ||
390 | static int rndis_bind(struct usbnet *dev, struct usb_interface *intf) | |
391 | { | |
392 | int retval; | |
393 | struct net_device *net = dev->net; | |
deb31f17 | 394 | struct cdc_state *info = (void *) &dev->data; |
64e04910 DB |
395 | union { |
396 | void *buf; | |
397 | struct rndis_msg_hdr *header; | |
398 | struct rndis_init *init; | |
399 | struct rndis_init_c *init_c; | |
400 | struct rndis_query *get; | |
401 | struct rndis_query_c *get_c; | |
402 | struct rndis_set *set; | |
403 | struct rndis_set_c *set_c; | |
404 | } u; | |
405 | u32 tmp; | |
406 | ||
407 | /* we can't rely on i/o from stack working, or stack allocation */ | |
ad55d71a | 408 | u.buf = kmalloc(CONTROL_BUFFER_SIZE, GFP_KERNEL); |
64e04910 DB |
409 | if (!u.buf) |
410 | return -ENOMEM; | |
411 | retval = usbnet_generic_cdc_bind(dev, intf); | |
412 | if (retval < 0) | |
deb31f17 | 413 | goto fail; |
64e04910 | 414 | |
64e04910 DB |
415 | u.init->msg_type = RNDIS_MSG_INIT; |
416 | u.init->msg_len = ccpu2(sizeof *u.init); | |
417 | u.init->major_version = ccpu2(1); | |
418 | u.init->minor_version = ccpu2(0); | |
64e04910 | 419 | |
ad55d71a OAVR |
420 | /* max transfer (in spec) is 0x4000 at full speed, but for |
421 | * TX we'll stick to one Ethernet packet plus RNDIS framing. | |
422 | * For RX we handle drivers that zero-pad to end-of-packet. | |
423 | * Don't let userspace change these settings. | |
424 | */ | |
425 | net->hard_header_len += sizeof (struct rndis_data_hdr); | |
426 | dev->hard_mtu = net->mtu + net->hard_header_len; | |
427 | ||
428 | dev->rx_urb_size = dev->hard_mtu + (dev->maxpacket + 1); | |
429 | dev->rx_urb_size &= ~(dev->maxpacket - 1); | |
430 | u.init->max_transfer_size = cpu_to_le32(dev->rx_urb_size); | |
431 | ||
432 | net->change_mtu = NULL; | |
64e04910 DB |
433 | retval = rndis_command(dev, u.header); |
434 | if (unlikely(retval < 0)) { | |
435 | /* it might not even be an RNDIS device!! */ | |
436 | dev_err(&intf->dev, "RNDIS init failed, %d\n", retval); | |
ad55d71a OAVR |
437 | goto fail_and_release; |
438 | } | |
439 | tmp = le32_to_cpu(u.init_c->max_transfer_size); | |
440 | if (tmp < dev->hard_mtu) { | |
441 | dev_err(&intf->dev, | |
442 | "dev can't take %u byte packets (max %u)\n", | |
443 | dev->hard_mtu, tmp); | |
deb31f17 | 444 | goto fail_and_release; |
64e04910 | 445 | } |
ad55d71a | 446 | |
64e04910 | 447 | /* REVISIT: peripheral "alignment" request is ignored ... */ |
ad55d71a OAVR |
448 | dev_dbg(&intf->dev, |
449 | "hard mtu %u (%u from dev), rx buflen %Zu, align %d\n", | |
450 | dev->hard_mtu, tmp, dev->rx_urb_size, | |
64e04910 DB |
451 | 1 << le32_to_cpu(u.init_c->packet_alignment)); |
452 | ||
ad55d71a OAVR |
453 | /* Get designated host ethernet address. |
454 | * | |
455 | * Adding a payload exactly the same size as the expected response | |
456 | * payload is an evident requirement MSFT added for ActiveSync. | |
457 | * This undocumented (and nonsensical) issue was found by sniffing | |
458 | * protocol requests from the ActiveSync 4.1 Windows driver. | |
459 | */ | |
460 | memset(u.get, 0, sizeof *u.get + 48); | |
64e04910 | 461 | u.get->msg_type = RNDIS_MSG_QUERY; |
ad55d71a | 462 | u.get->msg_len = ccpu2(sizeof *u.get + 48); |
64e04910 | 463 | u.get->oid = OID_802_3_PERMANENT_ADDRESS; |
ad55d71a OAVR |
464 | u.get->len = ccpu2(48); |
465 | u.get->offset = ccpu2(20); | |
64e04910 DB |
466 | |
467 | retval = rndis_command(dev, u.header); | |
468 | if (unlikely(retval < 0)) { | |
469 | dev_err(&intf->dev, "rndis get ethaddr, %d\n", retval); | |
deb31f17 | 470 | goto fail_and_release; |
64e04910 DB |
471 | } |
472 | tmp = le32_to_cpu(u.get_c->offset); | |
ad55d71a | 473 | if (unlikely((tmp + 8) > (CONTROL_BUFFER_SIZE - ETH_ALEN) |
64e04910 DB |
474 | || u.get_c->len != ccpu2(ETH_ALEN))) { |
475 | dev_err(&intf->dev, "rndis ethaddr off %d len %d ?\n", | |
476 | tmp, le32_to_cpu(u.get_c->len)); | |
477 | retval = -EDOM; | |
deb31f17 | 478 | goto fail_and_release; |
64e04910 DB |
479 | } |
480 | memcpy(net->dev_addr, tmp + (char *)&u.get_c->request_id, ETH_ALEN); | |
481 | ||
482 | /* set a nonzero filter to enable data transfers */ | |
483 | memset(u.set, 0, sizeof *u.set); | |
484 | u.set->msg_type = RNDIS_MSG_SET; | |
485 | u.set->msg_len = ccpu2(4 + sizeof *u.set); | |
486 | u.set->oid = OID_GEN_CURRENT_PACKET_FILTER; | |
487 | u.set->len = ccpu2(4); | |
488 | u.set->offset = ccpu2((sizeof *u.set) - 8); | |
489 | *(__le32 *)(u.buf + sizeof *u.set) = ccpu2(DEFAULT_FILTER); | |
490 | ||
491 | retval = rndis_command(dev, u.header); | |
492 | if (unlikely(retval < 0)) { | |
493 | dev_err(&intf->dev, "rndis set packet filter, %d\n", retval); | |
deb31f17 | 494 | goto fail_and_release; |
64e04910 DB |
495 | } |
496 | ||
497 | retval = 0; | |
deb31f17 DG |
498 | |
499 | kfree(u.buf); | |
500 | return retval; | |
501 | ||
502 | fail_and_release: | |
503 | usb_set_intfdata(info->data, NULL); | |
504 | usb_driver_release_interface(driver_of(intf), info->data); | |
505 | fail: | |
64e04910 DB |
506 | kfree(u.buf); |
507 | return retval; | |
508 | } | |
509 | ||
510 | static void rndis_unbind(struct usbnet *dev, struct usb_interface *intf) | |
511 | { | |
512 | struct rndis_halt *halt; | |
513 | ||
514 | /* try to clear any rndis state/activity (no i/o from stack!) */ | |
cd861280 | 515 | halt = kzalloc(sizeof *halt, GFP_KERNEL); |
64e04910 DB |
516 | if (halt) { |
517 | halt->msg_type = RNDIS_MSG_HALT; | |
518 | halt->msg_len = ccpu2(sizeof *halt); | |
519 | (void) rndis_command(dev, (void *)halt); | |
520 | kfree(halt); | |
521 | } | |
522 | ||
523 | return usbnet_cdc_unbind(dev, intf); | |
524 | } | |
525 | ||
526 | /* | |
527 | * DATA -- host must not write zlps | |
528 | */ | |
529 | static int rndis_rx_fixup(struct usbnet *dev, struct sk_buff *skb) | |
530 | { | |
531 | /* peripheral may have batched packets to us... */ | |
532 | while (likely(skb->len)) { | |
533 | struct rndis_data_hdr *hdr = (void *)skb->data; | |
534 | struct sk_buff *skb2; | |
535 | u32 msg_len, data_offset, data_len; | |
536 | ||
537 | msg_len = le32_to_cpu(hdr->msg_len); | |
538 | data_offset = le32_to_cpu(hdr->data_offset); | |
539 | data_len = le32_to_cpu(hdr->data_len); | |
540 | ||
541 | /* don't choke if we see oob, per-packet data, etc */ | |
542 | if (unlikely(hdr->msg_type != RNDIS_MSG_PACKET | |
543 | || skb->len < msg_len | |
544 | || (data_offset + data_len + 8) > msg_len)) { | |
545 | dev->stats.rx_frame_errors++; | |
546 | devdbg(dev, "bad rndis message %d/%d/%d/%d, len %d", | |
547 | le32_to_cpu(hdr->msg_type), | |
548 | msg_len, data_offset, data_len, skb->len); | |
549 | return 0; | |
550 | } | |
551 | skb_pull(skb, 8 + data_offset); | |
552 | ||
553 | /* at most one packet left? */ | |
554 | if (likely((data_len - skb->len) <= sizeof *hdr)) { | |
555 | skb_trim(skb, data_len); | |
556 | break; | |
557 | } | |
558 | ||
559 | /* try to return all the packets in the batch */ | |
560 | skb2 = skb_clone(skb, GFP_ATOMIC); | |
561 | if (unlikely(!skb2)) | |
562 | break; | |
563 | skb_pull(skb, msg_len - sizeof *hdr); | |
564 | skb_trim(skb2, data_len); | |
565 | usbnet_skb_return(dev, skb2); | |
566 | } | |
567 | ||
568 | /* caller will usbnet_skb_return the remaining packet */ | |
569 | return 1; | |
570 | } | |
571 | ||
572 | static struct sk_buff * | |
55016f10 | 573 | rndis_tx_fixup(struct usbnet *dev, struct sk_buff *skb, gfp_t flags) |
64e04910 DB |
574 | { |
575 | struct rndis_data_hdr *hdr; | |
576 | struct sk_buff *skb2; | |
577 | unsigned len = skb->len; | |
578 | ||
579 | if (likely(!skb_cloned(skb))) { | |
580 | int room = skb_headroom(skb); | |
581 | ||
582 | /* enough head room as-is? */ | |
583 | if (unlikely((sizeof *hdr) <= room)) | |
584 | goto fill; | |
585 | ||
586 | /* enough room, but needs to be readjusted? */ | |
587 | room += skb_tailroom(skb); | |
588 | if (likely((sizeof *hdr) <= room)) { | |
589 | skb->data = memmove(skb->head + sizeof *hdr, | |
590 | skb->data, len); | |
591 | skb->tail = skb->data + len; | |
592 | goto fill; | |
593 | } | |
594 | } | |
595 | ||
596 | /* create a new skb, with the correct size (and tailpad) */ | |
597 | skb2 = skb_copy_expand(skb, sizeof *hdr, 1, flags); | |
598 | dev_kfree_skb_any(skb); | |
599 | if (unlikely(!skb2)) | |
600 | return skb2; | |
601 | skb = skb2; | |
602 | ||
603 | /* fill out the RNDIS header. we won't bother trying to batch | |
604 | * packets; Linux minimizes wasted bandwidth through tx queues. | |
605 | */ | |
606 | fill: | |
607 | hdr = (void *) __skb_push(skb, sizeof *hdr); | |
608 | memset(hdr, 0, sizeof *hdr); | |
609 | hdr->msg_type = RNDIS_MSG_PACKET; | |
610 | hdr->msg_len = cpu_to_le32(skb->len); | |
611 | hdr->data_offset = ccpu2(sizeof(*hdr) - 8); | |
612 | hdr->data_len = cpu_to_le32(len); | |
613 | ||
614 | /* FIXME make the last packet always be short ... */ | |
615 | return skb; | |
616 | } | |
617 | ||
618 | ||
619 | static const struct driver_info rndis_info = { | |
620 | .description = "RNDIS device", | |
621 | .flags = FLAG_ETHER | FLAG_FRAMING_RN, | |
622 | .bind = rndis_bind, | |
623 | .unbind = rndis_unbind, | |
624 | .status = rndis_status, | |
625 | .rx_fixup = rndis_rx_fixup, | |
626 | .tx_fixup = rndis_tx_fixup, | |
627 | }; | |
628 | ||
629 | #undef ccpu2 | |
630 | ||
631 | ||
632 | /*-------------------------------------------------------------------------*/ | |
633 | ||
634 | static const struct usb_device_id products [] = { | |
635 | { | |
636 | /* RNDIS is MSFT's un-official variant of CDC ACM */ | |
637 | USB_INTERFACE_INFO(USB_CLASS_COMM, 2 /* ACM */, 0x0ff), | |
638 | .driver_info = (unsigned long) &rndis_info, | |
ad55d71a OAVR |
639 | }, { |
640 | /* "ActiveSync" is an undocumented variant of RNDIS, used in WM5 */ | |
641 | USB_INTERFACE_INFO(USB_CLASS_MISC, 1, 1), | |
642 | .driver_info = (unsigned long) &rndis_info, | |
64e04910 DB |
643 | }, |
644 | { }, // END | |
645 | }; | |
646 | MODULE_DEVICE_TABLE(usb, products); | |
647 | ||
648 | static struct usb_driver rndis_driver = { | |
64e04910 DB |
649 | .name = "rndis_host", |
650 | .id_table = products, | |
651 | .probe = usbnet_probe, | |
652 | .disconnect = usbnet_disconnect, | |
653 | .suspend = usbnet_suspend, | |
654 | .resume = usbnet_resume, | |
655 | }; | |
656 | ||
657 | static int __init rndis_init(void) | |
658 | { | |
51400f1d | 659 | return usb_register(&rndis_driver); |
64e04910 DB |
660 | } |
661 | module_init(rndis_init); | |
662 | ||
663 | static void __exit rndis_exit(void) | |
664 | { | |
51400f1d | 665 | usb_deregister(&rndis_driver); |
64e04910 DB |
666 | } |
667 | module_exit(rndis_exit); | |
668 | ||
669 | MODULE_AUTHOR("David Brownell"); | |
670 | MODULE_DESCRIPTION("USB Host side RNDIS driver"); | |
671 | MODULE_LICENSE("GPL"); |