/* devcc device.
 */

/* The necessary header files */

/* Standard in kernel modules */
#include <linux/kernel.h>   /* We're doing kernel work */
#include <linux/module.h>   /* Specifically, a module */

#include <linux/malloc.h>

/* For character devices */
#include <linux/fs.h>       /* The character device 
                             * definitions are here */
#include <linux/tcp.h>

#include <asm/uaccess.h>  /* for copy_to_user */

#include <devcc.h>		     
#include <util.h>

#define SUCCESS 0

#ifndef FALSE
#define FALSE 0
#endif

#ifndef TRUE
#define TRUE 1
#endif

/* Device Declarations **************************** */

/* The name for our device, as it will appear 
 * in /proc/devices */
#define DEVICE_NAME "covert_channel_dev"

/* The major number for our device.  120-127 are reserved for
 * " LOCAL/EXPERIMENTAL USE."  That sounds about right */
#define DEVICE_MAJOR_NUMBER 125

/* Is the device open right now? Used to prevent 
 * concurent access into the same device */
static int Device_Open = 0;

static devcc_state Device_State;

static void
devcc_reset()
{
  int i;
  Device_State.opts.target_ip = 0;
  Device_State.opts.key = NULL;
  Device_State.opts.keylen = 0;
  Device_State.opts.min_bit_transmit_count = 0;

  for (i=0;i<DevCCBufSize;i++) {
    Device_State.buffer[i] = 0;
  }

  for (i=0;i<DevCCBufSize*8;i++) {
    Device_State.bit_transmit_count[i] = 0;
  }
  
  Device_State.data_valid=0;
  Device_State.transmit_complete=0;
  Device_State.opts_ready=0;
}

static void
devcc_destroy_key()
{
  if (Device_State.opts.key != NULL) {
    /* over write the key with 0's */
    memset(Device_State.opts.key,0,sizeof(uint8_t)*Device_State.opts.keylen);
    kfree(Device_State.opts.key);
  }
}

#define GET_BIT(bitfield,bit) ((bitfield[bit/8] >> (bit%8)) & 0x01)

#define SET_BIT(bitfield,val,bit) \
  bitfield[bit/8] = bitfield[bit/8] & ((!(1 << (bit%8))) | (val << (bit%8)))


static int
devcc_rewrite_timestamp(uint32_t *ts, /* Note the pointer */
			uint32_t tsreply, /*Note the lack of pointer */
			struct tcphdr *hdr)
{
  int index;
  int key_bit, pt_bit, ct_bit;
  int retval;

  retval = 0;

  index = get_index(hdr->source,
		    hdr->dest,
		    hdr->seq,
		    Device_State.opts.key,
		    Device_State.opts.keylen);

  key_bit = get_key_bit(hdr->source,
		      hdr->dest,
		      hdr->seq,
		      hdr->ack_seq,
		      hdr->window,
		      hdr->check,
		      *ts & 0xfffffffe,
		      tsreply,
		      Device_State.opts.key,
		      Device_State.opts.keylen);
  
  pt_bit = GET_BIT(Device_State.buffer,index);

  ct_bit = pt_bit ^ key_bit;

  if (ct_bit != (*ts & 0x01)) {
    (*ts)++;
    if ((*ts & 0x01) == 0) {
      return devcc_rewrite_timestamp(ts,tsreply,hdr)+1;
    }
    retval = 1;
  }

  Device_State.bit_transmit_count[index]++;
  if (Device_State.bit_transmit_count[index] == 
      Device_State.opts.min_bit_transmit_count) {
    int i, done;
    done = 1;

    for (i=0;i<DevCCBufSize*8;i++) {
      if (Device_State.bit_transmit_count[index] < 
	  Device_State.opts.min_bit_transmit_count) {
	done = 0;
	break;
      }
    }
    
    Device_State.transmit_complete = done;
  }

  return retval;

}

/* This function is called whenever a process 
 * attempts to open the device file */
static int
devcc_open(struct inode *inode, 
			struct file *file)
{
#ifdef DEBUG
  printk ("echodev_open(%p,%p)\n", inode, file);
#endif

  /* This is how you get the minor device number in 
   * case you have more than one physical device using 
   * the driver. */
  printk("Device: %d.%d\n", 
	 inode->i_rdev >> 8, inode->i_rdev & 0xFF);

  /* We don't want to talk to two processes at the 
   * same time */
  /* XXX This might not be safe on SMP. */
  /* Lookup spinlock() in the linux device drivers book for an SMP
     /* solution. */
  if (Device_Open)
    return -EBUSY;
  Device_Open++;

  /* Make sure that the module isn't removed while 
   * the file is open by incrementing the usage count 
   * (the number of opened references to the module, if 
   * it's not zero rmmod will fail)
   */
  MOD_INC_USE_COUNT;

  devcc_reset();

  return SUCCESS;
}

/* This function is called when a process closes the 
 * device file.
 */
static int
devcc_release(struct inode *inode, 
			  struct file *file)
{
#ifdef DEBUG
  printk ("echodev_release(%p,%p)\n", inode, file);
#endif
 
  /* We're now ready for our next caller */
  Device_Open--;

  /* Decrement the usage count, otherwise once you 
   * opened the file you'll never get rid of the module.
   */
  MOD_DEC_USE_COUNT;

  devcc_destroy_key();

  return SUCCESS;
}


/* This function is called when somebody tries to write 
 * into our device file - unsupported in this example. */
static ssize_t
devcc_write(struct file *file,
	     const char *buffer,    /* The buffer */
	     size_t length,   /* The length of the buffer */
	     loff_t *offset)  /* Our offset in the file */
{
  size_t copy_length;
  int i;

  if (Device_State.opts_ready == 0) {
    return 0;
  }

  /* TODO: This is skeezy.  Should make this block or something.*/

  /* Zero the buffer */
  for(i=0;i<DevCCBufSize;i++) {
    Device_State.buffer[i] = 0;
  }

  /* only copy the first 32 bytes */
  copy_length = length>32 ? 32 : length;

  copy_from_user(Device_State.buffer, buffer, copy_length);

  /* Zero the buffer */
  for(i=0;i<DevCCBufSize*8;i++) {
    Device_State.bit_transmit_count[i] = 0;
  }

  Device_State.data_valid = TRUE;
  Device_State.transmit_complete = FALSE;

  /* Return the length that we actually took. */
  return copy_length;
}

static int
devcc_ioctl(struct inode *inode, struct file *file,
	      unsigned int cmd, unsigned long arg) {

  uint8_t *tmp;

  printk( "echodev_ioctl happened.\n");

  devcc_destroy_key();

  copy_from_user(&Device_State.opts,(devcc_opts *)arg,sizeof(devcc_opts));
  /* TODO:  Check for the kmalloc failing */
  tmp = (uint8_t *) kmalloc(sizeof(uint8_t), Device_State.opts.keylen);
  copy_from_user(tmp, Device_State.opts.key, Device_State.opts.keylen);
  Device_State.opts.key = tmp;

  Device_State.opts_ready = 1;
  return SUCCESS;
}

/* Module Declarations ***************************** */

/* This structure will hold the functions to be 
 * called when a process does something to the device 
 * we created. Since a pointer to this structure is 
 * kept in the devices table, it can't be local to
 * init_module. NULL is for unimplemented functions. */


struct file_operations Fops = {
  /* Anything not specified here will be NULL, and return EINVAL. */
  write:	devcc_write,
  ioctl:	devcc_ioctl,
  open:		devcc_open,
  release:	devcc_release  /* a.k.a. close */
};


/* Initialize the module - Register the character device */
int init_module()
{
  int err;

  /* Register the character device (atleast try) */
  err = register_chrdev(DEVICE_MAJOR_NUMBER, 
			DEVICE_NAME,
			&Fops);

  /* Negative values signify an error */
  if (err < 0) {
    printk ("%s device failed with %d\n",
	    "Sorry, registering the character",
	    err);
    return err;
  }

  printk ("%s The major device number is %d.\n",
          "Registeration is a success.",
          DEVICE_MAJOR_NUMBER);
  printk ("If you want to talk to the device driver,\n");
  printk ("you'll have to create a device file. \n");
  printk ("We suggest you use:\n");
  printk ("mknod <name> c %d <minor>\n", DEVICE_MAJOR_NUMBER);
  printk ("You can try different minor numbers %s",
          "and see what happens.\n");

  /* TODO: We need to register our timestamp rewriting function
     somehow */

  return 0;
}


/* Cleanup - unregister the appropriate file from /proc */
void cleanup_module()
{
  int ret;

  /* Unregister the device */
  ret = unregister_chrdev(DEVICE_MAJOR_NUMBER, DEVICE_NAME);
 
  /* If there's an error, report it */ 
  if (ret < 0)
    printk("Error in unregister_chrdev: %d\n", ret);
}