ks959-sir.c

Go to the documentation of this file.

/*****************************************************************************
*
* Filename:      ks959-sir.c
* Version:       0.1.2
* Description:   Irda KingSun KS-959 USB Dongle
* Status:        Experimental
* Author:        Alex Villacís Lasso <[email protected]>
*         with help from Domen Puncer <[email protected]>
*
*    Based on stir4200, mcs7780, kingsun-sir drivers.
*
*    This program is free software; you can redistribute it and/or modify
*    it under the terms of the GNU General Public License as published by
*    the Free Software Foundation; either version 2 of the License.
*
*    This program is distributed in the hope that it will be useful,
*    but WITHOUT ANY WARRANTY; without even the implied warranty of
*    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
*    GNU General Public License for more details.
*
*    You should have received a copy of the GNU General Public License
*    along with this program; if not, write to the Free Software
*    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*
*****************************************************************************/

/*
 * Following is my most current (2007-07-17) understanding of how the Kingsun
 * KS-959 dongle is supposed to work. This information was deduced by
 * reverse-engineering and examining the USB traffic captured with USBSnoopy
 * from the WinXP driver. Feel free to update here as more of the dongle is
 * known.
 *
 * My most sincere thanks must go to Domen Puncer <[email protected]> for
 * invaluable help in cracking the obfuscation and padding required for this
 * dongle.
 *
 * General: This dongle exposes one interface with one interrupt IN endpoint.
 * However, the interrupt endpoint is NOT used at all for this dongle. Instead,
 * this dongle uses control transfers for everything, including sending and
 * receiving the IrDA frame data. Apparently the interrupt endpoint is just a
 * dummy to ensure the dongle has a valid interface to present to the PC.And I
 * thought the DonShine dongle was weird... In addition, this dongle uses
 * obfuscation (?!?!), applied at the USB level, to hide the traffic, both sent
 * and received, from the dongle. I call it obfuscation because the XOR keying
 * and padding required to produce an USB traffic acceptable for the dongle can
 * not be explained by any other technical requirement.
 *
 * Transmission: To transmit an IrDA frame, the driver must prepare a control
 * URB with the following as a setup packet:
 *    bRequestType    USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE
 *    bRequest        0x09
 *    wValue          <length of valid data before padding, little endian>
 *    wIndex          0x0000
 *    wLength         <length of padded data>
 * The payload packet must be manually wrapped and escaped (as in stir4200.c),
 * then padded and obfuscated before being sent. Both padding and obfuscation
 * are implemented in the procedure obfuscate_tx_buffer(). Suffice to say, the
 * designer/programmer of the dongle used his name as a source for the
 * obfuscation. WTF?!
 * Apparently the dongle cannot handle payloads larger than 256 bytes. The
 * driver has to perform fragmentation in order to send anything larger than
 * this limit.
 *
 * Reception: To receive data, the driver must poll the dongle regularly (like
 * kingsun-sir.c) with control URBs and the following as a setup packet:
 *    bRequestType    USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE
 *    bRequest        0x01
 *    wValue          0x0200
 *    wIndex          0x0000
 *    wLength         0x0800 (size of available buffer)
 * If there is data to be read, it will be returned as the response payload.
 * This data is (apparently) not padded, but it is obfuscated. To de-obfuscate
 * it, the driver must XOR every byte, in sequence, with a value that starts at
 * 1 and is incremented with each byte processed, and then with 0x55. The value
 * incremented with each byte processed overflows as an unsigned char. The
 * resulting bytes form a wrapped SIR frame that is unwrapped and unescaped
 * as in stir4200.c The incremented value is NOT reset with each frame, but is
 * kept across the entire session with the dongle. Also, the dongle inserts an
 * extra garbage byte with value 0x95 (after decoding) every 0xff bytes, which
 * must be skipped.
 *
 * Speed change: To change the speed of the dongle, the driver prepares a
 * control URB with the following as a setup packet:
 *    bRequestType    USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE
 *    bRequest        0x09
 *    wValue          0x0200
 *    wIndex          0x0001
 *    wLength         0x0008 (length of the payload)
 * The payload is a 8-byte record, apparently identical to the one used in
 * drivers/usb/serial/cypress_m8.c to change speed:
 *     __u32 baudSpeed;
 *    unsigned int dataBits : 2;    // 0 - 5 bits 3 - 8 bits
 *    unsigned int : 1;
 *    unsigned int stopBits : 1;
 *    unsigned int parityEnable : 1;
 *    unsigned int parityType : 1;
 *    unsigned int : 1;
 *    unsigned int reset : 1;
 *    unsigned char reserved[3];    // set to 0
 *
 * For now only SIR speeds have been observed with this dongle. Therefore,
 * nothing is known on what changes (if any) must be done to frame wrapping /
 * unwrapping for higher than SIR speeds. This driver assumes no change is
 * necessary and announces support for all the way to 57600 bps. Although the
 * package announces support for up to 4MBps, tests with a Sony Ericcson K300
 * phone show corruption when receiving large frames at 115200 bps, the highest
 * speed announced by the phone. However, transmission at 115200 bps is OK. Go
 * figure. Since I don't know whether the phone or the dongle is at fault, max
 * announced speed is 57600 bps until someone produces a device that can run
 * at higher speeds with this dongle.
 */

#include <linux/module.h>
#include <linux/moduleparam.h>
#include <linux/kernel.h>
#include <linux/types.h>
#include <linux/errno.h>
#include <linux/init.h>
#include <linux/slab.h>
#include <linux/usb.h>
#include <linux/device.h>
#include <linux/crc32.h>

#include <asm/unaligned.h>
#include <asm/byteorder.h>
#include <asm/uaccess.h>

#include <net/irda/irda.h>
#include <net/irda/wrapper.h>
#include <net/irda/crc.h>

#define KS959_VENDOR_ID 0x07d0
#define KS959_PRODUCT_ID 0x4959

/* These are the currently known USB ids */
static struct usb_device_id dongles[] = {
    /* KingSun Co,Ltd  IrDA/USB Bridge */
    {USB_DEVICE(KS959_VENDOR_ID, KS959_PRODUCT_ID)},
    {}
};

MODULE_DEVICE_TABLE(usb, dongles);

#define KINGSUN_MTT 0x07
#define KINGSUN_REQ_RECV 0x01
#define KINGSUN_REQ_SEND 0x09

#define KINGSUN_RCV_FIFO_SIZE    2048   /* Max length we can receive */
#define KINGSUN_SND_FIFO_SIZE    2048   /* Max packet we can send */
#define KINGSUN_SND_PACKET_SIZE    256  /* Max packet dongle can handle */

struct ks959_speedparams {
    __le32 baudrate;    /* baud rate, little endian */
    __u8 flags;
    __u8 reserved[3];
} __packed;

#define KS_DATA_5_BITS 0x00
#define KS_DATA_6_BITS 0x01
#define KS_DATA_7_BITS 0x02
#define KS_DATA_8_BITS 0x03

#define KS_STOP_BITS_1 0x00
#define KS_STOP_BITS_2 0x08

#define KS_PAR_DISABLE    0x00
#define KS_PAR_EVEN    0x10
#define KS_PAR_ODD    0x30
#define KS_RESET    0x80

struct ks959_cb {
    struct usb_device *usbdev;  /* init: probe_irda */
    struct net_device *netdev;  /* network layer */
    struct irlap_cb *irlap; /* The link layer we are binded to */

    struct qos_info qos;

    struct usb_ctrlrequest *tx_setuprequest;
    struct urb *tx_urb;
    __u8 *tx_buf_clear;
    unsigned int tx_buf_clear_used;
    unsigned int tx_buf_clear_sent;
    __u8 *tx_buf_xored;

    struct usb_ctrlrequest *rx_setuprequest;
    struct urb *rx_urb;
    __u8 *rx_buf;
    __u8 rx_variable_xormask;
    iobuff_t rx_unwrap_buff;
    struct timeval rx_time;

    struct usb_ctrlrequest *speed_setuprequest;
    struct urb *speed_urb;
    struct ks959_speedparams speedparams;
    unsigned int new_speed;

    spinlock_t lock;
    int receiving;
};

/* Procedure to perform the obfuscation/padding expected by the dongle
 *
 * buf_cleartext    (IN) Cleartext version of the IrDA frame to transmit
 * len_cleartext    (IN) Length of the cleartext version of IrDA frame
 * buf_xoredtext    (OUT) Obfuscated version of frame built by proc
 * len_maxbuf        (OUT) Maximum space available at buf_xoredtext
 *
 * (return)         length of obfuscated frame with padding
 *
 * If not enough space (as indicated by len_maxbuf vs. required padding),
 * zero is returned
 *
 * The value of lookup_string is actually a required portion of the algorithm.
 * Seems the designer of the dongle wanted to state who exactly is responsible
 * for implementing obfuscation. Send your best (or other) wishes to him ]:-)
 */
static unsigned int obfuscate_tx_buffer(const __u8 * buf_cleartext,
                    unsigned int len_cleartext,
                    __u8 * buf_xoredtext,
                    unsigned int len_maxbuf)
{
    unsigned int len_xoredtext;

    /* Calculate required length with padding, check for necessary space */
    len_xoredtext = ((len_cleartext + 7) & ~0x7) + 0x10;
    if (len_xoredtext <= len_maxbuf) {
        static const __u8 lookup_string[] = "wangshuofei19710";
        __u8 xor_mask;

        /* Unlike the WinXP driver, we *do* clear out the padding */
        memset(buf_xoredtext, 0, len_xoredtext);

        xor_mask = lookup_string[(len_cleartext & 0x0f) ^ 0x06] ^ 0x55;

        while (len_cleartext-- > 0) {
            *buf_xoredtext++ = *buf_cleartext++ ^ xor_mask;
        }
    } else {
        len_xoredtext = 0;
    }
    return len_xoredtext;
}

/* Callback transmission routine */
static void ks959_speed_irq(struct urb *urb)
{
    /* unlink, shutdown, unplug, other nasties */
    if (urb->status != 0) {
        dev_err(&urb->dev->dev,
            "ks959_speed_irq: urb asynchronously failed - %d\n",
            urb->status);
    }
}

/* Send a control request to change speed of the dongle */
static int ks959_change_speed(struct ks959_cb *kingsun, unsigned speed)
{
    static unsigned int supported_speeds[] = { 2400, 9600, 19200, 38400,
        57600, 115200, 576000, 1152000, 4000000, 0
    };
    int err;
    unsigned int i;

    if (kingsun->speed_setuprequest == NULL || kingsun->speed_urb == NULL)
        return -ENOMEM;

    /* Check that requested speed is among the supported ones */
    for (i = 0; supported_speeds[i] && supported_speeds[i] != speed; i++) ;
    if (supported_speeds[i] == 0)
        return -EOPNOTSUPP;

    memset(&(kingsun->speedparams), 0, sizeof(struct ks959_speedparams));
    kingsun->speedparams.baudrate = cpu_to_le32(speed);
    kingsun->speedparams.flags = KS_DATA_8_BITS;

    /* speed_setuprequest pre-filled in ks959_probe */
    usb_fill_control_urb(kingsun->speed_urb, kingsun->usbdev,
                 usb_sndctrlpipe(kingsun->usbdev, 0),
                 (unsigned char *)kingsun->speed_setuprequest,
                 &(kingsun->speedparams),
                 sizeof(struct ks959_speedparams), ks959_speed_irq,
                 kingsun);
    kingsun->speed_urb->status = 0;
    err = usb_submit_urb(kingsun->speed_urb, GFP_ATOMIC);

    return err;
}

/* Submit one fragment of an IrDA frame to the dongle */
static void ks959_send_irq(struct urb *urb);
static int ks959_submit_tx_fragment(struct ks959_cb *kingsun)
{
    unsigned int padlen;
    unsigned int wraplen;
    int ret;

    /* Check whether current plaintext can produce a padded buffer that fits
       within the range handled by the dongle */
    wraplen = (KINGSUN_SND_PACKET_SIZE & ~0x7) - 0x10;
    if (wraplen > kingsun->tx_buf_clear_used)
        wraplen = kingsun->tx_buf_clear_used;

    /* Perform dongle obfuscation. Also remove the portion of the frame that
       was just obfuscated and will now be sent to the dongle. */
    padlen = obfuscate_tx_buffer(kingsun->tx_buf_clear, wraplen,
                     kingsun->tx_buf_xored,
                     KINGSUN_SND_PACKET_SIZE);

    /* Calculate how much data can be transmitted in this urb */
    kingsun->tx_setuprequest->wValue = cpu_to_le16(wraplen);
    kingsun->tx_setuprequest->wLength = cpu_to_le16(padlen);
    /* Rest of the fields were filled in ks959_probe */
    usb_fill_control_urb(kingsun->tx_urb, kingsun->usbdev,
                 usb_sndctrlpipe(kingsun->usbdev, 0),
                 (unsigned char *)kingsun->tx_setuprequest,
                 kingsun->tx_buf_xored, padlen,
                 ks959_send_irq, kingsun);
    kingsun->tx_urb->status = 0;
    ret = usb_submit_urb(kingsun->tx_urb, GFP_ATOMIC);

    /* Remember how much data was sent, in order to update at callback */
    kingsun->tx_buf_clear_sent = (ret == 0) ? wraplen : 0;
    return ret;
}

/* Callback transmission routine */
static void ks959_send_irq(struct urb *urb)
{
    struct ks959_cb *kingsun = urb->context;
    struct net_device *netdev = kingsun->netdev;
    int ret = 0;

    /* in process of stopping, just drop data */
    if (!netif_running(kingsun->netdev)) {
        dev_err(&kingsun->usbdev->dev,
            "ks959_send_irq: Network not running!\n");
        return;
    }

    /* unlink, shutdown, unplug, other nasties */
    if (urb->status != 0) {
        dev_err(&kingsun->usbdev->dev,
            "ks959_send_irq: urb asynchronously failed - %d\n",
            urb->status);
        return;
    }

    if (kingsun->tx_buf_clear_used > 0) {
        /* Update data remaining to be sent */
        if (kingsun->tx_buf_clear_sent < kingsun->tx_buf_clear_used) {
            memmove(kingsun->tx_buf_clear,
                kingsun->tx_buf_clear +
                kingsun->tx_buf_clear_sent,
                kingsun->tx_buf_clear_used -
                kingsun->tx_buf_clear_sent);
        }
        kingsun->tx_buf_clear_used -= kingsun->tx_buf_clear_sent;
        kingsun->tx_buf_clear_sent = 0;

        if (kingsun->tx_buf_clear_used > 0) {
            /* There is more data to be sent */
            if ((ret = ks959_submit_tx_fragment(kingsun)) != 0) {
                dev_err(&kingsun->usbdev->dev,
                    "ks959_send_irq: failed tx_urb submit: %d\n",
                    ret);
                switch (ret) {
                case -ENODEV:
                case -EPIPE:
                    break;
                default:
                    netdev->stats.tx_errors++;
                    netif_start_queue(netdev);
                }
            }
        } else {
            /* All data sent, send next speed && wake network queue */
            if (kingsun->new_speed != -1 &&
                cpu_to_le32(kingsun->new_speed) !=
                kingsun->speedparams.baudrate)
                ks959_change_speed(kingsun, kingsun->new_speed);

            netif_wake_queue(netdev);
        }
    }
}

/*
 * Called from net/core when new frame is available.
 */
static netdev_tx_t ks959_hard_xmit(struct sk_buff *skb,
                     struct net_device *netdev)
{
    struct ks959_cb *kingsun;
    unsigned int wraplen;
    int ret = 0;

    netif_stop_queue(netdev);

    /* the IRDA wrapping routines don't deal with non linear skb */
    SKB_LINEAR_ASSERT(skb);

    kingsun = netdev_priv(netdev);

    spin_lock(&kingsun->lock);
    kingsun->new_speed = irda_get_next_speed(skb);

    /* Append data to the end of whatever data remains to be transmitted */
    wraplen =
        async_wrap_skb(skb, kingsun->tx_buf_clear, KINGSUN_SND_FIFO_SIZE);
    kingsun->tx_buf_clear_used = wraplen;

    if ((ret = ks959_submit_tx_fragment(kingsun)) != 0) {
        dev_err(&kingsun->usbdev->dev,
            "ks959_hard_xmit: failed tx_urb submit: %d\n", ret);
        switch (ret) {
        case -ENODEV:
        case -EPIPE:
            break;
        default:
            netdev->stats.tx_errors++;
            netif_start_queue(netdev);
        }
    } else {
        netdev->stats.tx_packets++;
        netdev->stats.tx_bytes += skb->len;

    }

    dev_kfree_skb(skb);
    spin_unlock(&kingsun->lock);

    return NETDEV_TX_OK;
}

/* Receive callback function */
static void ks959_rcv_irq(struct urb *urb)
{
    struct ks959_cb *kingsun = urb->context;
    int ret;

    /* in process of stopping, just drop data */
    if (!netif_running(kingsun->netdev)) {
        kingsun->receiving = 0;
        return;
    }

    /* unlink, shutdown, unplug, other nasties */
    if (urb->status != 0) {
        dev_err(&kingsun->usbdev->dev,
            "kingsun_rcv_irq: urb asynchronously failed - %d\n",
            urb->status);
        kingsun->receiving = 0;
        return;
    }

    if (urb->actual_length > 0) {
        __u8 *bytes = urb->transfer_buffer;
        unsigned int i;

        for (i = 0; i < urb->actual_length; i++) {
            /* De-obfuscation implemented here: variable portion of
               xormask is incremented, and then used with the encoded
               byte for the XOR. The result of the operation is used
               to unwrap the SIR frame. */
            kingsun->rx_variable_xormask++;
            bytes[i] =
                bytes[i] ^ kingsun->rx_variable_xormask ^ 0x55u;

            /* rx_variable_xormask doubles as an index counter so we
               can skip the byte at 0xff (wrapped around to 0).
             */
            if (kingsun->rx_variable_xormask != 0) {
                async_unwrap_char(kingsun->netdev,
                          &kingsun->netdev->stats,
                          &kingsun->rx_unwrap_buff,
                          bytes[i]);
            }
        }
        do_gettimeofday(&kingsun->rx_time);
        kingsun->receiving =
            (kingsun->rx_unwrap_buff.state != OUTSIDE_FRAME) ? 1 : 0;
    }

    /* This urb has already been filled in kingsun_net_open. Setup
       packet must be re-filled, but it is assumed that urb keeps the
       pointer to the initial setup packet, as well as the payload buffer.
       Setup packet is already pre-filled at ks959_probe.
     */
    urb->status = 0;
    ret = usb_submit_urb(urb, GFP_ATOMIC);
}

/*
 * Function kingsun_net_open (dev)
 *
 *    Network device is taken up. Usually this is done by "ifconfig irda0 up"
 */
static int ks959_net_open(struct net_device *netdev)
{
    struct ks959_cb *kingsun = netdev_priv(netdev);
    int err = -ENOMEM;
    char hwname[16];

    /* At this point, urbs are NULL, and skb is NULL (see kingsun_probe) */
    kingsun->receiving = 0;

    /* Initialize for SIR to copy data directly into skb.  */
    kingsun->rx_unwrap_buff.in_frame = FALSE;
    kingsun->rx_unwrap_buff.state = OUTSIDE_FRAME;
    kingsun->rx_unwrap_buff.truesize = IRDA_SKB_MAX_MTU;
    kingsun->rx_unwrap_buff.skb = dev_alloc_skb(IRDA_SKB_MAX_MTU);
    if (!kingsun->rx_unwrap_buff.skb)
        goto free_mem;

    skb_reserve(kingsun->rx_unwrap_buff.skb, 1);
    kingsun->rx_unwrap_buff.head = kingsun->rx_unwrap_buff.skb->data;
    do_gettimeofday(&kingsun->rx_time);

    kingsun->rx_urb = usb_alloc_urb(0, GFP_KERNEL);
    if (!kingsun->rx_urb)
        goto free_mem;

    kingsun->tx_urb = usb_alloc_urb(0, GFP_KERNEL);
    if (!kingsun->tx_urb)
        goto free_mem;

    kingsun->speed_urb = usb_alloc_urb(0, GFP_KERNEL);
    if (!kingsun->speed_urb)
        goto free_mem;

    /* Initialize speed for dongle */
    kingsun->new_speed = 9600;
    err = ks959_change_speed(kingsun, 9600);
    if (err < 0)
        goto free_mem;

    /*
     * Now that everything should be initialized properly,
     * Open new IrLAP layer instance to take care of us...
     */
    sprintf(hwname, "usb#%d", kingsun->usbdev->devnum);
    kingsun->irlap = irlap_open(netdev, &kingsun->qos, hwname);
    if (!kingsun->irlap) {
        err = -ENOMEM;
        dev_err(&kingsun->usbdev->dev, "irlap_open failed\n");
        goto free_mem;
    }

    /* Start reception. Setup request already pre-filled in ks959_probe */
    usb_fill_control_urb(kingsun->rx_urb, kingsun->usbdev,
                 usb_rcvctrlpipe(kingsun->usbdev, 0),
                 (unsigned char *)kingsun->rx_setuprequest,
                 kingsun->rx_buf, KINGSUN_RCV_FIFO_SIZE,
                 ks959_rcv_irq, kingsun);
    kingsun->rx_urb->status = 0;
    err = usb_submit_urb(kingsun->rx_urb, GFP_KERNEL);
    if (err) {
        dev_err(&kingsun->usbdev->dev,
            "first urb-submit failed: %d\n", err);
        goto close_irlap;
    }

    netif_start_queue(netdev);

    /* Situation at this point:
       - all work buffers allocated
       - urbs allocated and ready to fill
       - max rx packet known (in max_rx)
       - unwrap state machine initialized, in state outside of any frame
       - receive request in progress
       - IrLAP layer started, about to hand over packets to send
     */

    return 0;

      close_irlap:
    irlap_close(kingsun->irlap);
      free_mem:
    usb_free_urb(kingsun->speed_urb);
    kingsun->speed_urb = NULL;
    usb_free_urb(kingsun->tx_urb);
    kingsun->tx_urb = NULL;
    usb_free_urb(kingsun->rx_urb);
    kingsun->rx_urb = NULL;
    if (kingsun->rx_unwrap_buff.skb) {
        kfree_skb(kingsun->rx_unwrap_buff.skb);
        kingsun->rx_unwrap_buff.skb = NULL;
        kingsun->rx_unwrap_buff.head = NULL;
    }
    return err;
}

/*
 * Function kingsun_net_close (kingsun)
 *
 *    Network device is taken down. Usually this is done by
 *    "ifconfig irda0 down"
 */
static int ks959_net_close(struct net_device *netdev)
{
    struct ks959_cb *kingsun = netdev_priv(netdev);

    /* Stop transmit processing */
    netif_stop_queue(netdev);

    /* Mop up receive && transmit urb's */
    usb_kill_urb(kingsun->tx_urb);
    usb_free_urb(kingsun->tx_urb);
    kingsun->tx_urb = NULL;

    usb_kill_urb(kingsun->speed_urb);
    usb_free_urb(kingsun->speed_urb);
    kingsun->speed_urb = NULL;

    usb_kill_urb(kingsun->rx_urb);
    usb_free_urb(kingsun->rx_urb);
    kingsun->rx_urb = NULL;

    kfree_skb(kingsun->rx_unwrap_buff.skb);
    kingsun->rx_unwrap_buff.skb = NULL;
    kingsun->rx_unwrap_buff.head = NULL;
    kingsun->rx_unwrap_buff.in_frame = FALSE;
    kingsun->rx_unwrap_buff.state = OUTSIDE_FRAME;
    kingsun->receiving = 0;

    /* Stop and remove instance of IrLAP */
    if (kingsun->irlap)
        irlap_close(kingsun->irlap);

    kingsun->irlap = NULL;

    return 0;
}

/*
 * IOCTLs : Extra out-of-band network commands...
 */
static int ks959_net_ioctl(struct net_device *netdev, struct ifreq *rq, int cmd)
{
    struct if_irda_req *irq = (struct if_irda_req *)rq;
    struct ks959_cb *kingsun = netdev_priv(netdev);
    int ret = 0;

    switch (cmd) {
    case SIOCSBANDWIDTH:    /* Set bandwidth */
        if (!capable(CAP_NET_ADMIN))
            return -EPERM;

        /* Check if the device is still there */
        if (netif_device_present(kingsun->netdev))
            return ks959_change_speed(kingsun, irq->ifr_baudrate);
        break;

    case SIOCSMEDIABUSY:    /* Set media busy */
        if (!capable(CAP_NET_ADMIN))
            return -EPERM;

        /* Check if the IrDA stack is still there */
        if (netif_running(kingsun->netdev))
            irda_device_set_media_busy(kingsun->netdev, TRUE);
        break;

    case SIOCGRECEIVING:
        /* Only approximately true */
        irq->ifr_receiving = kingsun->receiving;
        break;

    default:
        ret = -EOPNOTSUPP;
    }

    return ret;
}

static const struct net_device_ops ks959_ops = {
    .ndo_start_xmit = ks959_hard_xmit,
    .ndo_open   = ks959_net_open,
    .ndo_stop   = ks959_net_close,
    .ndo_do_ioctl   = ks959_net_ioctl,
};
/*
 * This routine is called by the USB subsystem for each new device
 * in the system. We need to check if the device is ours, and in
 * this case start handling it.
 */
static int ks959_probe(struct usb_interface *intf,
               const struct usb_device_id *id)
{
    struct usb_device *dev = interface_to_usbdev(intf);
    struct ks959_cb *kingsun = NULL;
    struct net_device *net = NULL;
    int ret = -ENOMEM;

    /* Allocate network device container. */
    net = alloc_irdadev(sizeof(*kingsun));
    if (!net)
        goto err_out1;

    SET_NETDEV_DEV(net, &intf->dev);
    kingsun = netdev_priv(net);
    kingsun->netdev = net;
    kingsun->usbdev = dev;
    kingsun->irlap = NULL;
    kingsun->tx_setuprequest = NULL;
    kingsun->tx_urb = NULL;
    kingsun->tx_buf_clear = NULL;
    kingsun->tx_buf_xored = NULL;
    kingsun->tx_buf_clear_used = 0;
    kingsun->tx_buf_clear_sent = 0;

    kingsun->rx_setuprequest = NULL;
    kingsun->rx_urb = NULL;
    kingsun->rx_buf = NULL;
    kingsun->rx_variable_xormask = 0;
    kingsun->rx_unwrap_buff.in_frame = FALSE;
    kingsun->rx_unwrap_buff.state = OUTSIDE_FRAME;
    kingsun->rx_unwrap_buff.skb = NULL;
    kingsun->receiving = 0;
    spin_lock_init(&kingsun->lock);

    kingsun->speed_setuprequest = NULL;
    kingsun->speed_urb = NULL;
    kingsun->speedparams.baudrate = 0;

    /* Allocate input buffer */
    kingsun->rx_buf = kmalloc(KINGSUN_RCV_FIFO_SIZE, GFP_KERNEL);
    if (!kingsun->rx_buf)
        goto free_mem;

    /* Allocate input setup packet */
    kingsun->rx_setuprequest =
        kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL);
    if (!kingsun->rx_setuprequest)
        goto free_mem;
    kingsun->rx_setuprequest->bRequestType =
        USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE;
    kingsun->rx_setuprequest->bRequest = KINGSUN_REQ_RECV;
    kingsun->rx_setuprequest->wValue = cpu_to_le16(0x0200);
    kingsun->rx_setuprequest->wIndex = 0;
    kingsun->rx_setuprequest->wLength = cpu_to_le16(KINGSUN_RCV_FIFO_SIZE);

    /* Allocate output buffer */
    kingsun->tx_buf_clear = kmalloc(KINGSUN_SND_FIFO_SIZE, GFP_KERNEL);
    if (!kingsun->tx_buf_clear)
        goto free_mem;
    kingsun->tx_buf_xored = kmalloc(KINGSUN_SND_PACKET_SIZE, GFP_KERNEL);
    if (!kingsun->tx_buf_xored)
        goto free_mem;

    /* Allocate and initialize output setup packet */
    kingsun->tx_setuprequest =
        kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL);
    if (!kingsun->tx_setuprequest)
        goto free_mem;
    kingsun->tx_setuprequest->bRequestType =
        USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE;
    kingsun->tx_setuprequest->bRequest = KINGSUN_REQ_SEND;
    kingsun->tx_setuprequest->wValue = 0;
    kingsun->tx_setuprequest->wIndex = 0;
    kingsun->tx_setuprequest->wLength = 0;

    /* Allocate and initialize speed setup packet */
    kingsun->speed_setuprequest =
        kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL);
    if (!kingsun->speed_setuprequest)
        goto free_mem;
    kingsun->speed_setuprequest->bRequestType =
        USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE;
    kingsun->speed_setuprequest->bRequest = KINGSUN_REQ_SEND;
    kingsun->speed_setuprequest->wValue = cpu_to_le16(0x0200);
    kingsun->speed_setuprequest->wIndex = cpu_to_le16(0x0001);
    kingsun->speed_setuprequest->wLength =
        cpu_to_le16(sizeof(struct ks959_speedparams));

    printk(KERN_INFO "KingSun KS-959 IRDA/USB found at address %d, "
           "Vendor: %x, Product: %x\n",
           dev->devnum, le16_to_cpu(dev->descriptor.idVendor),
           le16_to_cpu(dev->descriptor.idProduct));

    /* Initialize QoS for this device */
    irda_init_max_qos_capabilies(&kingsun->qos);

    /* Baud rates known to be supported. Please uncomment if devices (other
       than a SonyEriccson K300 phone) can be shown to support higher speed
       with this dongle.
     */
    kingsun->qos.baud_rate.bits =
        IR_2400 | IR_9600 | IR_19200 | IR_38400 | IR_57600;
    kingsun->qos.min_turn_time.bits &= KINGSUN_MTT;
    irda_qos_bits_to_value(&kingsun->qos);

    /* Override the network functions we need to use */
    net->netdev_ops = &ks959_ops;

    ret = register_netdev(net);
    if (ret != 0)
        goto free_mem;

    dev_info(&net->dev, "IrDA: Registered KingSun KS-959 device %s\n",
         net->name);

    usb_set_intfdata(intf, kingsun);

    /* Situation at this point:
       - all work buffers allocated
       - setup requests pre-filled
       - urbs not allocated, set to NULL
       - max rx packet known (is KINGSUN_FIFO_SIZE)
       - unwrap state machine (partially) initialized, but skb == NULL
     */

    return 0;

      free_mem:
    kfree(kingsun->speed_setuprequest);
    kfree(kingsun->tx_setuprequest);
    kfree(kingsun->tx_buf_xored);
    kfree(kingsun->tx_buf_clear);
    kfree(kingsun->rx_setuprequest);
    kfree(kingsun->rx_buf);
    free_netdev(net);
      err_out1:
    return ret;
}

/*
 * The current device is removed, the USB layer tell us to shut it down...
 */
static void ks959_disconnect(struct usb_interface *intf)
{
    struct ks959_cb *kingsun = usb_get_intfdata(intf);

    if (!kingsun)
        return;

    unregister_netdev(kingsun->netdev);

    /* Mop up receive && transmit urb's */
    if (kingsun->speed_urb != NULL) {
        usb_kill_urb(kingsun->speed_urb);
        usb_free_urb(kingsun->speed_urb);
        kingsun->speed_urb = NULL;
    }
    if (kingsun->tx_urb != NULL) {
        usb_kill_urb(kingsun->tx_urb);
        usb_free_urb(kingsun->tx_urb);
        kingsun->tx_urb = NULL;
    }
    if (kingsun->rx_urb != NULL) {
        usb_kill_urb(kingsun->rx_urb);
        usb_free_urb(kingsun->rx_urb);
        kingsun->rx_urb = NULL;
    }

    kfree(kingsun->speed_setuprequest);
    kfree(kingsun->tx_setuprequest);
    kfree(kingsun->tx_buf_xored);
    kfree(kingsun->tx_buf_clear);
    kfree(kingsun->rx_setuprequest);
    kfree(kingsun->rx_buf);
    free_netdev(kingsun->netdev);

    usb_set_intfdata(intf, NULL);
}

#ifdef CONFIG_PM
/* USB suspend, so power off the transmitter/receiver */
static int ks959_suspend(struct usb_interface *intf, pm_message_t message)
{
    struct ks959_cb *kingsun = usb_get_intfdata(intf);

    netif_device_detach(kingsun->netdev);
    if (kingsun->speed_urb != NULL)
        usb_kill_urb(kingsun->speed_urb);
    if (kingsun->tx_urb != NULL)
        usb_kill_urb(kingsun->tx_urb);
    if (kingsun->rx_urb != NULL)
        usb_kill_urb(kingsun->rx_urb);
    return 0;
}

/* Coming out of suspend, so reset hardware */
static int ks959_resume(struct usb_interface *intf)
{
    struct ks959_cb *kingsun = usb_get_intfdata(intf);

    if (kingsun->rx_urb != NULL) {
        /* Setup request already filled in ks959_probe */
        usb_submit_urb(kingsun->rx_urb, GFP_KERNEL);
    }
    netif_device_attach(kingsun->netdev);

    return 0;
}
#endif

/*
 * USB device callbacks
 */
static struct usb_driver irda_driver = {
    .name = "ks959-sir",
    .probe = ks959_probe,
    .disconnect = ks959_disconnect,
    .id_table = dongles,
#ifdef CONFIG_PM
    .suspend = ks959_suspend,
    .resume = ks959_resume,
#endif
};

module_usb_driver(irda_driver);

MODULE_AUTHOR("Alex Villacís Lasso <[email protected]>");
MODULE_DESCRIPTION("IrDA-USB Dongle Driver for KingSun KS-959");
MODULE_LICENSE("GPL");