Linux主机USB RNDIS网卡驱动实现不完整导致的一例问题

某通信模块设备,通过USB提供RDNIS和ECM网卡功能。在实际应用中发现,USB RNDIS网卡模式下,当使用AT指令以不同的CID拨号的时候,在Windows主机上能正常拨号成功,但在Linux主机上却会发生拨号失败的情况。作为对比,在同样的测试环境和测试方法下,USB ECM网卡则没有这种异常。

 

测试流程概括如下:

- 设备侧已经配置为USB RNDIS模式

- 主机侧通过AT指令以CID1拨号成功

- 测试网络功能,主机和设备侧可以ping通

- 主机侧通过AT指令断开CID1拨号

- 主机侧通过AT指令以CID2拨号失败,主机和设备侧不能ping通

 

以上是问题背景。

 

USB ECM是USB-IF定义的CDC类规范下的一个子类规范,全称Ethernet Networking Control Model;RNDIS是微软为即插即用的以太网设备制定的一种规范。实现这两种协议的USB设备,通过USB线接入主机后,会在主机侧和设备侧各生成一张网卡。两侧的网卡处在同一个网段,进行网络通信,数据承载通路是USB。下图是从微软官网摘抄的RNDIS框架图:

 

https://docs.microsoft.com/en-us/windows-hardware/drivers/network/overview-of-remote-ndis--rndis-

 

 

 

 

经调查,Linux主机上RNDIS拨号测试失败,主要原因在于:当第一次拨号成功后,断开拨号时,Linux主机上的USB网卡IP地址并没有消失,后续以不同CID拨号后,Linux也没有发起DHCP请求包,DHCP过程失败,IP地址未更新。此时,如果将USB拔插一下就可恢复正常。

通过AT指令通知设备端断开拨号时,设备侧会有down USB网卡的动作,down USB网卡的过程中,设备侧RNDIS会上报rndis disconnect消息来通知主机侧。主机侧可以根据这个消息做相应处理。

 

在Ubuntu主机和Windows主机上测试断开拨号操作时,在设备端抓取的kernel log片段如下。可以看到,无论是在Windows主机上还是Ubuntu主机上,设备端确实在断开拨号时上报了rndis disconnect消息。

Ubuntu主机环境,设备端log:
root@udx710-module:~# 
[  324.516525] c0 configfs-gadget gadget: rndis_close
[  324.521239] c0 rndis_set_param_medium: 0 0
[  324.525296] c0 rndis_signal_disconnect
[  324.529023] c0 rndis_indicate_status_msg: status 1073807372
​
Windows主机环境,设备端log:
root@udx710-module:~#  
[  191.340507] c1 configfs-gadget gadget: rndis_close
[  191.345223] c1 rndis_set_param_medium: 0 0
[  191.349285] c1 rndis_signal_disconnect
[  191.353008] c1 rndis_indicate_status_msg: status 1073807372
[  191.364621] c1 configfs-gadget gadget: rndis reqa1.01 v0000 i0000 l4096

 

设备端动作

设备端关键代码如下:

rndis_close -> rndis_signal_disconnect -> rndis_indicate_status_msg

drivers/usb/gadget/function/rndis.c
​
int rndis_signal_disconnect(struct rndis_params *params)
{
  params->media_state = RNDIS_MEDIA_STATE_DISCONNECTED;
  return rndis_indicate_status_msg(params, RNDIS_STATUS_MEDIA_DISCONNECT);
}
​
/*
 * Device to Host Comunication
 */
static int rndis_indicate_status_msg(struct rndis_params *params, u32 status)
{
  rndis_indicate_status_msg_type *resp;
  rndis_resp_t *r;
​
  if (params->state == RNDIS_UNINITIALIZED)
    return -ENOTSUPP;
​
  r = rndis_add_response(params, sizeof(rndis_indicate_status_msg_type));
  if (!r)
    return -ENOMEM;
  resp = (rndis_indicate_status_msg_type *)r->buf;
​
  resp->MessageType = cpu_to_le32(RNDIS_MSG_INDICATE);
  resp->MessageLength = cpu_to_le32(20);
  resp->Status = cpu_to_le32(status);
  resp->StatusBufferLength = cpu_to_le32(0);
  resp->StatusBufferOffset = cpu_to_le32(0);
​
  params->resp_avail(params->v);
  return 0;
}
​
drivers/usb/gadget/function/f_rndis.c
​
static void rndis_response_available(void *_rndis)
{
  struct f_rndis      *rndis = _rndis;
  struct usb_request    *req = rndis->notify_req;
  struct usb_composite_dev  *cdev = rndis->port.func.config->cdev;
  __le32        *data = req->buf;
  int        status;
​
  if (atomic_inc_return(&rndis->notify_count) != 1)
    return;
​
  /* Send RNDIS RESPONSE_AVAILABLE notification; a
   * USB_CDC_NOTIFY_RESPONSE_AVAILABLE "should" work too
   *
   * This is the only notification defined by RNDIS.
   */
  data[0] = cpu_to_le32(1);
  data[1] = cpu_to_le32(0);
​
  status = usb_ep_queue(rndis->notify, req, GFP_ATOMIC);
  if (status) {
    atomic_dec(&rndis->notify_count);
    DBG(cdev, "notify/0 --> %d\n", status);
  }
}

  

rndis_indicate_status_msg 会做两件事:

1)把RNDIS_MSG_INDICATE message放入response queue,message中带了status(RNDIS_STATUS_MEDIA_DISCONNECT)。

2)调用 resp_avail 发 RESPONSE_AVAILABLE notification(最终调用到rndis_response_available @ f_rndis.c),通过interrupt IN端点发出去,这个数据中没有包含rndis连接状态信息,只是单纯的上报RESPONSE_AVAILABLE (0x00000001)。

 

主机端动作

1)按微软的RNDIS规范,Host收到RESPONSE_AVAILABLE后,接下来需要往control端点发 GET_ENCAPSULATED_RESPONSE request 才能读取设备端的 response,得到rndis连接状态。

Upon receiving the RESPONSE_AVAILABLE notification, the host reads the control message from the Control endpoint using a GET_ENCAPSULATED_RESPONSE transfer, defined in the following table.

BmRequestTypebRequestwValuewIndex  
0xA1 0x01 0x0000      
https://docs.microsoft.com/en-us/windows-hardware/drivers/network/control-channel-characteristics

 

2)再看rndis host驱动:

rndis_status @ rndis_host.c 函数没有做实际动作。

drivers/net/usb/rndis_host.c
void rndis_status(struct usbnet *dev, struct urb *urb)
{
  netdev_dbg(dev->net, "rndis status urb, len %d stat %d\n",
       urb->actual_length, urb->status);
  // FIXME for keepalives, respond immediately (asynchronously)
  // if not an RNDIS status, do like cdc_status(dev,urb) does
}
​
static const struct driver_info  rndis_info = {
  .description =  "RNDIS device",
  .flags =  FLAG_ETHER | FLAG_POINTTOPOINT | FLAG_FRAMING_RN | FLAG_NO_SETINT,
  .bind =    rndis_bind,
  .unbind =  rndis_unbind,
  .status =  rndis_status,
  .rx_fixup =  rndis_rx_fixup,
  .tx_fixup =  rndis_tx_fixup,
};

  

也就是说,Linux主机RNDIS驱动没有严格按照RNDIS协议流程去读取RNDIS_STATUS_MEDIA_DISCONNECT消息,导致它无法获知设备端RNDIS网卡断开的状态,进而无法正确作出网络状态改变的相关处理。

 

而且作者也在代码注释中表明了态度:强烈建议不要使用RNDIS,而应使用CDC以太网(ECM,NCM,EEM等)这类非专有(non-proprietary)的替代方案。USB CDC规范是USB-IF制定的,RNDIS是微软制定的。

/*
 * RNDIS is NDIS remoted over USB.  It's a MSFT variant of CDC ACM ... of
 * course ACM was intended for modems, not Ethernet links!  USB's standard
 * for Ethernet links is "CDC Ethernet", which is significantly simpler.
 *
 * NOTE that Microsoft's "RNDIS 1.0" specification is incomplete.  Issues
 * include:
 *    - Power management in particular relies on information that's scattered
 *  through other documentation, and which is incomplete or incorrect even
 *  there.
 *    - There are various undocumented protocol requirements, such as the
 *  need to send unused garbage in control-OUT messages.
 *    - In some cases, MS-Windows will emit undocumented requests; this
 *  matters more to peripheral implementations than host ones.
 *
 * Moreover there's a no-open-specs variant of RNDIS called "ActiveSync".
 *
 * For these reasons and others, ** USE OF RNDIS IS STRONGLY DISCOURAGED ** in
 * favor of such non-proprietary alternatives as CDC Ethernet or the newer (and
 * currently rare) "Ethernet Emulation Model" (EEM).
 */

  

最后顺便看看为什么ECM没有问题。

 

ECM设备侧,ecm_close -> ecm_notify -> ecm_do_notify -> 通过interrupt IN端点发出去,这个数据中直接带了ecm连接状态,无需Host专门再发另外的request读取这个状态。

static void ecm_do_notify(struct f_ecm *ecm)
{
  struct usb_request    *req = ecm->notify_req;
  struct usb_cdc_notification  *event;
...
  event = req->buf;
  switch (ecm->notify_state) {
 ...
  case ECM_NOTIFY_CONNECT:
    event->bNotificationType = USB_CDC_NOTIFY_NETWORK_CONNECTION;
    if (ecm->is_open)
      event->wValue = cpu_to_le16(1);
    else
      event->wValue = cpu_to_le16(0);
    event->wLength = 0;
    req->length = sizeof *event;
​
    DBG(cdev, "notify connect %s\n",
        ecm->is_open ? "true" : "false");
    ecm->notify_state = ECM_NOTIFY_SPEED;
    break;
...
}

  

ECM主机侧,usbnet_cdc_status @ cdc_ether.c 函数中有处理ecm connection消息并调用usbnet_link_change。

void usbnet_cdc_status(struct usbnet *dev, struct urb *urb)
{
  struct usb_cdc_notification  *event;
...
  event = urb->transfer_buffer;
  switch (event->bNotificationType) {
  case USB_CDC_NOTIFY_NETWORK_CONNECTION:
    netif_dbg(dev, timer, dev->net, "CDC: carrier %s\n",
        event->wValue ? "on" : "off");
    usbnet_link_change(dev, !!event->wValue, 0);
    break;
...
  }
}
​
static const struct driver_info  cdc_info = {
  .description =  "CDC Ethernet Device",
  .flags =  FLAG_ETHER | FLAG_POINTTOPOINT,
  .bind =    usbnet_cdc_bind,
  .unbind =  usbnet_cdc_unbind,
  .status =  usbnet_cdc_status,
  .set_rx_mode =  usbnet_cdc_update_filter,
  .manage_power =  usbnet_manage_power,
};

 

版权所有,转载请注明出处。

文章会同步到“大鱼嵌入式”,欢迎关注,一起交流。

posted @ 2021-05-22 10:32  bigfish99  阅读(4013)  评论(0编辑  收藏  举报