Some linux-net folk might be interested in this too.
Any followups to Linux-USB-devel, please.
---------- Forwarded Message ----------
Subject: [patch 2.6.13-rc4-git] usbnet learns RNDIS too
Date: Thursday 28 July 2005 9:12 pm
From: David Brownell <david-b@xxxxxxxxxxx>
To: linux-usb-devel@xxxxxxxxxxxxxxxxxxxxx
It's not just Linux-USB gadgets that talk RNDIS; some
other devices do it too, and there's no reason Linux-USB
hosts shouldn't talk to them either.
Here's a just-started-limping version of that support,
suitable for testing. It'd be good to try this on a
big-endian host (like PPC) and talking to as many
different RNDIS devices as you have. (In particular,
to see if that response un-batching code works right.)
- Dave
-------------------------------------------------------
This adds host-side RNDIS support to the "usbnet" driver, so Linux can talk
to various devices (often based on WinCE) that otherwise only Windows could
talk to.
LIGHTLY TESTED ... on a little-endian host, talking to a peripheral running
the Linux-USB RNDIS "gadget" stack.
--- g26.orig/drivers/usb/net/Kconfig 2005-06-04 15:16:04.000000000 -0700
+++ g26/drivers/usb/net/Kconfig 2005-07-28 14:59:37.000000000 -0700
@@ -260,6 +260,15 @@
IEEE 802 "local assignment" bit is set in the address, a "usbX"
name is used instead.
+config USB_RNDIS
+ boolean "RNDIS devices (DEVELOPMENT)"
+ depends on USB_USBNET && EXPERIMENTAL
+ default y
+ help
+ Choose this option to support "Remote NDIS" usb networking links,
+ as encouraged by Microsoft (instead of CDC Ethernet!) for use in
+ portable devices (cell phones, PDAs), cable modems, and so on.
+
comment "USB Network Adapters"
depends on USB_USBNET
--- g26.orig/drivers/usb/net/usbnet.c 2005-07-28 14:59:35.000000000 -0700
+++ g26/drivers/usb/net/usbnet.c 2005-07-28 19:50:27.000000000 -0700
@@ -41,6 +41,7 @@
* - Linux "gadgets", perhaps using PXA-2xx or Net2280 controllers
* - Devices using EPSON's sample USB firmware
* - CDC-Ethernet class devices, such as many cable modems
+ * - And for fans of proprietary protocols, there's Microsoft's RNDIS.
*
* + Adapters to networks such as Ethernet.
* - AX8817X based USB 2.0 products
@@ -111,6 +112,7 @@
* 03-nov-2004 Trivial patch for KC2190 (KC-190) chip. (Jonathan McDowell)
*
* 01-feb-2005 AX88772 support (Phil Chang & Dave Hollis)
+ * 28-jul-2005 RNDIS support, for WinCE (and other) peripherals that need it
*-------------------------------------------------------------------------*/
// #define DEBUG // error path messages, extra info
@@ -194,7 +196,7 @@
struct net_device_stats stats;
int msg_enable;
unsigned long data [5];
-
+ u32 mtu, last_xid;
struct mii_if_info mii;
// various kinds of pending driver work
@@ -1300,6 +1302,12 @@
#include <linux/usb_cdc.h>
+/* CDC and RNDIS support the same host-chosen packet filters for IN transfers */
+#define DEFAULT_FILTER (USB_CDC_PACKET_TYPE_BROADCAST \
+ |USB_CDC_PACKET_TYPE_ALL_MULTICAST \
+ |USB_CDC_PACKET_TYPE_PROMISCUOUS \
+ |USB_CDC_PACKET_TYPE_DIRECTED)
+
struct cdc_state {
struct usb_cdc_header_desc *header;
struct usb_cdc_union_desc *u;
@@ -2597,6 +2605,539 @@
#endif /* CONFIG_USB_KC2190 */
�
+#ifdef CONFIG_USB_RNDIS
+#define HAVE_HARDWARE
+
+/*-------------------------------------------------------------------------
+ *
+ * RNDIS is NDIS remoted over USB. It's a MSFT variant of CDC ACM ... of
+ * course ACM was intended for modems, not Ethernet links! USB's standard
+ * for Ethernet links is "CDC Ethernet", which is significantly simpler.
+ *
+ *-------------------------------------------------------------------------*/
+
+/* limit 16K for full speed */
+#define RNDIS_MAX_TRANSFER (2048 - 64) /* most of a 2K slab */
+
+/*
+ * CONTROL uses CDC "encapsulated commands" with funky notifications.
+ * - control-out: SEND_ENCAPSULATED
+ * - interrupt-in: RESPONSE_AVAILABLE
+ * - control-in: GET_ENCAPSULATED
+ *
+ * We'll try to ignore the RESPONSE_AVAILABLE notifications.
+ */
+struct rndis_msg_hdr {
+ __le32 msg_type; /* RNDIS_MSG_* */
+ __le32 msg_len;
+ // followed by data that varies between messages
+ __le32 request_id;
+ __le32 status;
+ // ... and more
+} __attribute__ ((packed));
+
+#define ccpu2 __constant_cpu_to_le32
+
+#define RNDIS_MSG_COMPLETION ccpu2(0x80000000)
+
+/* codes for "msg_type" field of rndis control messages */
+#define RNDIS_MSG_INIT ccpu2(0x00000002)
+#define RNDIS_MSG_INIT_C (RNDIS_MSG_INIT|RNDIS_MSG_COMPLETION)
+#define RNDIS_MSG_HALT ccpu2(0x00000003)
+#define RNDIS_MSG_QUERY ccpu2(0x00000004)
+#define RNDIS_MSG_QUERY_C (RNDIS_MSG_QUERY|RNDIS_MSG_COMPLETION)
+#define RNDIS_MSG_SET ccpu2(0x00000005)
+#define RNDIS_MSG_SET_C (RNDIS_MSG_SET|RNDIS_MSG_COMPLETION)
+#define RNDIS_MSG_RESET ccpu2(0x00000006)
+#define RNDIS_MSG_RESET_C (RNDIS_MSG_RESET|RNDIS_MSG_COMPLETION)
+#define RNDIS_MSG_INDICATE ccpu2(0x00000007)
+#define RNDIS_MSG_KEEPALIVE ccpu2(0x00000008)
+#define RNDIS_MSG_KEEPALIVE_C (RNDIS_MSG_KEEPALIVE|RNDIS_MSG_COMPLETION)
+
+/* codes for "status" field of completion messages */
+#define RNDIS_STATUS_SUCCESS ccpu2(0x00000000)
+#define RNDIS_STATUS_FAILURE ccpu2(0xc0000001)
+#define RNDIS_STATUS_INVALID_DATA ccpu2(0xc0010015)
+#define RNDIS_STATUS_NOT_SUPPORTED ccpu2(0xc00000bb)
+#define RNDIS_STATUS_MEDIA_CONNECT ccpu2(0x4001000b)
+#define RNDIS_STATUS_MEDIA_DISCONNECT ccpu2(0x4001000c)
+
+struct rndis_init { /* OUT */
+ // header and:
+ __le32 msg_type; /* RNDIS_MSG_INIT */
+ __le32 msg_len; // 24
+ __le32 request_id;
+ __le32 major_version; // of rndis (1.0)
+ __le32 minor_version;
+ __le32 max_transfer_size;
+} __attribute__ ((packed));
+
+struct rndis_init_c { /* IN */
+ // header and:
+ __le32 msg_type; /* RNDIS_MSG_INIT_C */
+ __le32 msg_len;
+ __le32 request_id;
+ __le32 status;
+ __le32 major_version; // of rndis (1.0)
+ __le32 minor_version;
+ __le32 device_flags;
+ __le32 medium; // zero == 802.3
+ __le32 max_packets_per_message;
+ __le32 max_transfer_size;
+ __le32 packet_alignment; // max 7; (1<<n) bytes
+ __le32 af_list_offset; // zero
+ __le32 af_list_size; // zero
+} __attribute__ ((packed));
+
+struct rndis_halt { /* OUT (no reply) */
+ // header and:
+ __le32 msg_type; /* RNDIS_MSG_HALT */
+ __le32 msg_len;
+ __le32 request_id;
+} __attribute__ ((packed));
+
+struct rndis_query { /* OUT */
+ // header and:
+ __le32 msg_type; /* RNDIS_MSG_QUERY */
+ __le32 msg_len;
+ __le32 request_id;
+ __le32 oid;
+ __le32 len;
+ __le32 offset;
+/*?*/ __le32 handle; // zero
+} __attribute__ ((packed));
+
+struct rndis_query_c { /* IN */
+ // header and:
+ __le32 msg_type; /* RNDIS_MSG_QUERY_C */
+ __le32 msg_len;
+ __le32 request_id;
+ __le32 status;
+ __le32 len;
+ __le32 offset;
+} __attribute__ ((packed));
+
+struct rndis_set { /* OUT */
+ // header and:
+ __le32 msg_type; /* RNDIS_MSG_SET */
+ __le32 msg_len;
+ __le32 request_id;
+ __le32 oid;
+ __le32 len;
+ __le32 offset;
+/*?*/ __le32 handle; // zero
+} __attribute__ ((packed));
+
+struct rndis_set_c { /* IN */
+ // header and:
+ __le32 msg_type; /* RNDIS_MSG_SET_C */
+ __le32 msg_len;
+ __le32 request_id;
+ __le32 status;
+} __attribute__ ((packed));
+
+struct rndis_reset { /* IN */
+ // header and:
+ __le32 msg_type; /* RNDIS_MSG_RESET */
+ __le32 msg_len;
+ __le32 reserved;
+} __attribute__ ((packed));
+
+struct rndis_reset_c { /* OUT */
+ // header and:
+ __le32 msg_type; /* RNDIS_MSG_RESET_C */
+ __le32 msg_len;
+ __le32 status;
+ __le32 addressing_lost;
+} __attribute__ ((packed));
+
+struct rndis_indicate { /* IN (unrequested) */
+ // header and:
+ __le32 msg_type; /* RNDIS_MSG_INDICATE */
+ __le32 msg_len;
+ __le32 status;
+ __le32 length;
+ __le32 offset;
+/**/ __le32 diag_status;
+ __le32 error_offset;
+/**/ __le32 message;
+} __attribute__ ((packed));
+
+struct rndis_keepalive { /* OUT (optionally IN) */
+ // header and:
+ __le32 msg_type; /* RNDIS_MSG_KEEPALIVE */
+ __le32 msg_len;
+ __le32 request_id;
+} __attribute__ ((packed));
+
+struct rndis_keepalive_c { /* IN (optionally OUT) */
+ // header and:
+ __le32 msg_type; /* RNDIS_MSG_KEEPALIVE_C */
+ __le32 msg_len;
+ __le32 request_id;
+ __le32 status;
+} __attribute__ ((packed));
+
+/* NOTE: about 30 OIDs are "mandatory" for peripherals to support ... and
+ * there are gobs more that may optionally be supported. We'll avoid as much
+ * of that mess as possible.
+ */
+#define OID_802_3_PERMANENT_ADDRESS ccpu2(0x01010101)
+#define OID_GEN_CURRENT_PACKET_FILTER ccpu2(0x0001010e)
+
+/*
+ * RNDIS notifications from device: command completion; "reverse"
+ * keepalives; etc
+ */
+static void rndis_status(struct usbnet *dev, struct urb *urb)
+{
+ devdbg(dev, "rndis status urb, len %d stat %d\n",
+ urb->actual_length, urb->status);
+ // FIXME for keepalives, respond immediately
+}
+
+/*
+ * RPC done RNDIS-style. Caller guarantees:
+ * - message is properly byteswapped
+ * - there's no other request pending
+ * - buf can hold up to 1KB response (required by RNDIS spec)
+ * On return, the first few entries are already byteswapped.
+ *
+ * Call context is likely probe(), before interface name is known,
+ * which is why we won't try to use it in the diagnostics.
+ */
+static int rndis_command(struct usbnet *dev, struct rndis_msg_hdr *buf)
+{
+ struct cdc_state *info = (void *) &dev->data;
+ int retval;
+ unsigned count;
+ __le32 xid = 0, rsp;
+ u32 msg_len, request_id;
+
+ /* Issue the request, assigning an xid when needed */
+ if (likely(buf->msg_type != RNDIS_MSG_HALT
+ && buf->msg_type != RNDIS_MSG_RESET)) {
+ xid = dev->last_xid++;
+ if (!xid)
+ xid = dev->last_xid++;
+ buf->request_id = xid;
+ }
+ retval = usb_control_msg(dev->udev,
+ usb_sndctrlpipe(dev->udev, 0),
+ USB_CDC_SEND_ENCAPSULATED_COMMAND,
+ USB_TYPE_CLASS | USB_RECIP_INTERFACE,
+ 0, info->u->bMasterInterface0,
+ buf, le32_to_cpu(buf->msg_len),
+ CONTROL_TIMEOUT_MS);
+ if (unlikely(retval < 0 || xid == 0))
+ return retval;
+
+ /* ignore status endpoint, just poll the control channel;
+ * the request probably completed immediately
+ */
+ rsp = buf->msg_type | RNDIS_MSG_COMPLETION;
+ for (count = 0; count < 10; count++) {
+ memset(buf, 0, 1024);
+ retval = usb_control_msg(dev->udev,
+ usb_rcvctrlpipe(dev->udev, 0),
+ USB_CDC_GET_ENCAPSULATED_RESPONSE,
+ USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
+ 0, info->u->bMasterInterface0,
+ buf, 1024,
+ CONTROL_TIMEOUT_MS);
+ if (likely(retval >= 8)) {
+ msg_len = cpu_to_le32p(&buf->msg_len);
+ request_id = cpu_to_le32p(&buf->request_id);
+ if (likely(buf->msg_type == rsp)) {
+ if (likely(request_id == xid)) {
+ if (unlikely(rsp == RNDIS_MSG_RESET_C))
+ return 0;
+ if (likely(RNDIS_STATUS_SUCCESS
+ == buf->status))
+ return 0;
+ dev_dbg(&info->control->dev,
+ "rndis reply status %08x\n",
+ le32_to_cpu(buf->status));
+ return -EL3RST;
+ }
+ dev_dbg(&info->control->dev,
+ "rndis reply id %d expected %d\n",
+ request_id, xid);
+ /* then likely retry */
+ } else switch (buf->msg_type) {
+ case RNDIS_MSG_INDICATE: { /* fault */
+ // struct rndis_indicate *msg = (void *)buf;
+ dev_info(&info->control->dev,
+ "rndis fault indication\n");
+ }
+ break;
+ case RNDIS_MSG_KEEPALIVE: { /* ping */
+ struct rndis_keepalive_c *msg = (void *)buf;
+
+ msg->msg_type = RNDIS_MSG_KEEPALIVE_C;
+ msg->msg_len = ccpu2(sizeof *msg);
+ msg->status = RNDIS_STATUS_SUCCESS;
+ retval = usb_control_msg(dev->udev,
+ usb_sndctrlpipe(dev->udev, 0),
+ USB_CDC_SEND_ENCAPSULATED_COMMAND,
+ USB_TYPE_CLASS | USB_RECIP_INTERFACE,
+ 0, info->u->bMasterInterface0,
+ msg, sizeof *msg,
+ CONTROL_TIMEOUT_MS);
+ if (unlikely(retval < 0))
+ dev_dbg(&info->control->dev,
+ "rndis keepalive err %d\n",
+ retval);
+ }
+ break;
+ default:
+ dev_dbg(&info->control->dev,
+ "unexpected rndis msg %08x len %d\n",
+ le32_to_cpu(buf->msg_type), msg_len);
+ }
+ } else
+ dev_dbg(&info->control->dev,
+ "rndis response error, code %d\n", retval);
+ msleep(2);
+ }
+ dev_dbg(&info->control->dev, "rndis response timeout\n");
+ return -ETIMEDOUT;
+}
+
+static int rndis_bind(struct usbnet *dev, struct usb_interface *intf)
+{
+ int retval;
+ struct cdc_state *info = (void *) &dev->data;
+ union {
+ void *buf;
+ struct rndis_msg_hdr *header;
+ struct rndis_init *init;
+ struct rndis_init_c *init_c;
+ struct rndis_query *get;
+ struct rndis_query_c *get_c;
+ struct rndis_set *set;
+ struct rndis_set_c *set_c;
+ } u;
+ u32 tmp;
+
+ u.buf = kmalloc(1024, GFP_KERNEL);
+ if (!u.buf)
+ return -ENOMEM;
+ retval = generic_cdc_bind(dev, intf);
+ if (retval < 0)
+ goto done;
+
+ /* initialize */
+ u.init->msg_type = RNDIS_MSG_INIT;
+ u.init->msg_len = ccpu2(sizeof *u.init);
+ u.init->major_version = ccpu2(1);
+ u.init->minor_version = ccpu2(0);
+ u.init->max_transfer_size = ccpu2(RNDIS_MAX_TRANSFER);
+ retval = rndis_command(dev, u.header);
+ if (unlikely(retval < 0)) {
+ /* it might not even be an RNDIS device!! */
+ dev_err(&intf->dev, "RNDIS init failed, %d\n", retval);
+fail:
+ usb_driver_release_interface(&usbnet_driver, info->data);
+ goto done;
+ }
+
+ dev->mtu = le32_to_cpu(u.init_c->max_transfer_size);
+ dev_dbg(&intf->dev, "dev mtu %u\n", dev->mtu);
+
+ /* FIXME should likely do something with mtu, device_flags, ... */
+
+ /* get designated host ethernet address */
+ u.get->msg_type = RNDIS_MSG_QUERY;
+ u.get->msg_len = ccpu2(sizeof *u.get);
+ u.get->oid = OID_802_3_PERMANENT_ADDRESS;
+ u.get->len = cpu_to_le32(1024);
+ u.get->offset = 0;
+ retval = rndis_command(dev, u.header);
+ if (unlikely(retval < 0)) {
+ dev_err(&intf->dev, "rndis get ethaddr, %d\n", retval);
+ goto fail;
+ }
+ tmp = cpu_to_le32p(&u.get_c->offset);
+ if (unlikely((tmp + 8) > (1024 - ETH_ALEN)
+ || u.get_c->len != ccpu2(ETH_ALEN))) {
+ dev_err(&intf->dev, "rndis ethaddr off %d len %d ?\n",
+ tmp, cpu_to_le32(u.get_c->len));
+ retval = -EDOM;
+ goto fail;
+ }
+ memcpy(dev->net->dev_addr,
+ tmp + (char *)&u.get_c->request_id,
+ ETH_ALEN);
+
+ dev_dbg(&intf->dev, "%02x:%02x:%02x:%02x:%02x:%02x\n",
+ dev->net->dev_addr [0], dev->net->dev_addr [1],
+ dev->net->dev_addr [2], dev->net->dev_addr [3],
+ dev->net->dev_addr [4], dev->net->dev_addr [5]);
+
+ /* set a nonzero filter to enable data transfers */
+ u.set->msg_type = RNDIS_MSG_SET;
+ u.set->msg_len = ccpu2(sizeof *u.set) + 4;
+ u.set->oid = OID_GEN_CURRENT_PACKET_FILTER;
+ u.set->len = 4;
+ u.set->offset = (sizeof *u.set) - 8;
+ *(__le32 *)(u.buf + sizeof *u.set) = ccpu2(DEFAULT_FILTER);
+
+ retval = rndis_command(dev, u.header);
+ if (unlikely(retval < 0)) {
+ dev_err(&intf->dev, "rndis set packet filter, %d\n", retval);
+ goto fail;
+ }
+
+ retval = 0;
+done:
+ kfree(u.buf);
+ return retval;
+}
+
+static void rndis_unbind(struct usbnet *dev, struct usb_interface *intf)
+{
+ struct rndis_halt *halt;
+
+ /* try to clear any rndis state/activity */
+ halt = kmalloc(sizeof *halt, SLAB_KERNEL);
+ if (halt) {
+ halt->msg_type = RNDIS_MSG_HALT;
+ halt->msg_len = ccpu2(sizeof *halt);
+ (void) rndis_command(dev, (void *)halt);
+ kfree(halt);
+ }
+
+ return cdc_unbind(dev, intf);
+}
+
+/*
+ * DATA -- host must not write zlps
+ */
+#define RNDIS_PACKET_MESSAGE ccpu2(1)
+
+struct rndis_data_hdr {
+ __le32 msg_type; /* RNDIS_PACKET_MESSAGE */
+ __le32 msg_len; // rndis_data_hdr + data_len + pad
+ __le32 data_offset; // 36 -- right after header
+ __le32 data_len; // ... real packet size
+
+ __le32 oob_data_offset; // zero
+ __le32 oob_data_len; // zero
+ __le32 num_oob; // zero
+ __le32 packet_data_offset; // zero
+
+ __le32 packet_data_len; // zero
+ __le32 vc_handle; // zero
+ __le32 reserved; // zero
+} __attribute__ ((packed));
+
+static int rndis_rx_fixup(struct usbnet *dev, struct sk_buff *skb)
+{
+ /* peripheral may have batched packets to us... */
+ while (likely(skb->len)) {
+ struct rndis_data_hdr *hdr = (void *)skb->data;
+ struct sk_buff *skb2;
+ u32 msg_len, data_offset, data_len;
+
+ msg_len = le32_to_cpup(&hdr->msg_len);
+ data_offset = le32_to_cpup(&hdr->data_offset);
+ data_len = le32_to_cpup(&hdr->data_len);
+
+ /* don't choke if we see oob, per-packet data, etc */
+ if (unlikely(hdr->msg_type != RNDIS_PACKET_MESSAGE
+ || skb->len < msg_len
+ || (data_offset + data_len + 8) > msg_len)) {
+ dev->stats.rx_frame_errors++;
+ devdbg(dev, "bad rndis message %d/%d/%d/%d, len %d\n",
+ le32_to_cpup(&hdr->msg_type),
+ msg_len, data_offset, data_len, skb->len);
+ return 0;
+ }
+ skb_pull(skb, 8 + data_offset);
+
+ /* at most one packet left? */
+ if (likely((data_len - skb->len) <= sizeof *hdr)) {
+ skb_trim(skb, data_len);
+ break;
+ }
+
+ /* try to return all the packets in the batch */
+ skb2 = skb_clone(skb, GFP_ATOMIC);
+ if (unlikely(!skb2))
+ break;
+ skb_pull(skb, msg_len - sizeof *hdr);
+ skb_trim(skb2, data_len);
+ skb_return(dev, skb2);
+ }
+
+ /* caller will skb_return the remaining packet */
+ return 1;
+}
+
+static struct sk_buff *
+rndis_tx_fixup(struct usbnet *dev, struct sk_buff *skb, unsigned flags)
+{
+ struct rndis_data_hdr *hdr;
+ struct sk_buff *skb2;
+ unsigned len = skb->len;
+
+ if (likely(!skb_cloned(skb))) {
+ int room = skb_headroom(skb);
+
+ /* enough head room as-is? */
+ if (unlikely((sizeof *hdr) <= room))
+ goto fill;
+
+ /* enough room, but needs to be readjusted? */
+ room += skb_tailroom(skb);
+ if (likely((sizeof *hdr) <= room)) {
+ skb->data = memmove(skb->head + sizeof *hdr,
+ skb->data, len);
+ skb->tail = skb->data + len;
+ goto fill;
+ }
+ }
+
+ /* create a new skb, with the correct size (and tailpad) */
+ skb2 = skb_copy_expand(skb, sizeof *hdr, 1, flags);
+ dev_kfree_skb_any(skb);
+ if (unlikely(!skb2))
+ return skb2;
+ skb = skb2;
+
+ /* fill out the RNDIS header. we won't bother trying to batch
+ * packets; Linux minimizes wasted bandwidth through tx queues.
+ */
+fill:
+ hdr = (void *) __skb_push(skb, sizeof *hdr);
+ memset(hdr, 0, sizeof *hdr);
+ hdr->msg_type = RNDIS_PACKET_MESSAGE;
+ hdr->msg_len = cpu_to_le32(skb->len);
+ hdr->data_offset = ccpu2(sizeof *hdr - 8);
+ hdr->data_len = cpu_to_le32(len);
+
+ /* FIXME make the last packet always be short ... */
+ return skb;
+}
+
+
+static const struct driver_info rndis_info = {
+ .description = "RNDIS device",
+ .flags = FLAG_FRAMING_RN,
+ .bind = rndis_bind,
+ .unbind = rndis_unbind,
+ .status = rndis_status,
+ .rx_fixup = rndis_rx_fixup,
+ .tx_fixup = rndis_tx_fixup,
+};
+
+#undef ccpu2
+
+#endif /* CONFIG_USB_RNDIS */
+
+
+�
#ifdef CONFIG_USB_ARMLINUX
#define HAVE_HARDWARE
