aboutsummaryrefslogtreecommitdiffstats
path: root/net/mac80211/rx.c
diff options
context:
space:
mode:
authorJohannes Berg <johannes@sipsolutions.net>2007-07-27 09:43:22 -0400
committerDavid S. Miller <davem@sunset.davemloft.net>2007-10-10 19:47:29 -0400
commit571ecf676d66735f59be6b950360e4074f02f47d (patch)
tree727292ad7a7412841ec8c326f15f759dc7683f63 /net/mac80211/rx.c
parentbbf25010f1a6b761914430f5fca081ec8c7accd1 (diff)
[MAC80211]: split RX handlers into own file
Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: Jiri Benc <jbenc@suse.cz> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'net/mac80211/rx.c')
-rw-r--r--net/mac80211/rx.c1360
1 files changed, 1360 insertions, 0 deletions
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
new file mode 100644
index 000000000000..8c0d14c5628f
--- /dev/null
+++ b/net/mac80211/rx.c
@@ -0,0 +1,1360 @@
1/*
2 * Copyright 2002-2005, Instant802 Networks, Inc.
3 * Copyright 2005-2006, Devicescape Software, Inc.
4 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
5 * Copyright 2007 Johannes Berg <johannes@sipsolutions.net>
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as
9 * published by the Free Software Foundation.
10 */
11
12#include <linux/kernel.h>
13#include <linux/skbuff.h>
14#include <linux/netdevice.h>
15#include <linux/etherdevice.h>
16#include <net/iw_handler.h>
17#include <net/mac80211.h>
18#include <net/ieee80211_radiotap.h>
19
20#include "ieee80211_i.h"
21#include "ieee80211_led.h"
22#include "ieee80211_common.h"
23#include "wep.h"
24#include "wpa.h"
25#include "tkip.h"
26#include "wme.h"
27
28/* pre-rx handlers
29 *
30 * these don't have dev/sdata fields in the rx data
31 */
32
33static ieee80211_txrx_result
34ieee80211_rx_h_load_stats(struct ieee80211_txrx_data *rx)
35{
36 struct ieee80211_local *local = rx->local;
37 struct sk_buff *skb = rx->skb;
38 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
39 u32 load = 0, hdrtime;
40 struct ieee80211_rate *rate;
41 struct ieee80211_hw_mode *mode = local->hw.conf.mode;
42 int i;
43
44 /* Estimate total channel use caused by this frame */
45
46 if (unlikely(mode->num_rates < 0))
47 return TXRX_CONTINUE;
48
49 rate = &mode->rates[0];
50 for (i = 0; i < mode->num_rates; i++) {
51 if (mode->rates[i].val == rx->u.rx.status->rate) {
52 rate = &mode->rates[i];
53 break;
54 }
55 }
56
57 /* 1 bit at 1 Mbit/s takes 1 usec; in channel_use values,
58 * 1 usec = 1/8 * (1080 / 10) = 13.5 */
59
60 if (mode->mode == MODE_IEEE80211A ||
61 mode->mode == MODE_ATHEROS_TURBO ||
62 mode->mode == MODE_ATHEROS_TURBOG ||
63 (mode->mode == MODE_IEEE80211G &&
64 rate->flags & IEEE80211_RATE_ERP))
65 hdrtime = CHAN_UTIL_HDR_SHORT;
66 else
67 hdrtime = CHAN_UTIL_HDR_LONG;
68
69 load = hdrtime;
70 if (!is_multicast_ether_addr(hdr->addr1))
71 load += hdrtime;
72
73 load += skb->len * rate->rate_inv;
74
75 /* Divide channel_use by 8 to avoid wrapping around the counter */
76 load >>= CHAN_UTIL_SHIFT;
77 local->channel_use_raw += load;
78 if (rx->sta)
79 rx->sta->channel_use_raw += load;
80 rx->u.rx.load = load;
81
82 return TXRX_CONTINUE;
83}
84
85ieee80211_rx_handler ieee80211_rx_pre_handlers[] =
86{
87 ieee80211_rx_h_parse_qos,
88 ieee80211_rx_h_load_stats,
89 NULL
90};
91
92/* rx handlers */
93
94static ieee80211_txrx_result
95ieee80211_rx_h_if_stats(struct ieee80211_txrx_data *rx)
96{
97 rx->sdata->channel_use_raw += rx->u.rx.load;
98 return TXRX_CONTINUE;
99}
100
101static void
102ieee80211_rx_monitor(struct net_device *dev, struct sk_buff *skb,
103 struct ieee80211_rx_status *status)
104{
105 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
106 struct ieee80211_sub_if_data *sdata;
107 struct ieee80211_rate *rate;
108 struct ieee80211_rtap_hdr {
109 struct ieee80211_radiotap_header hdr;
110 u8 flags;
111 u8 rate;
112 __le16 chan_freq;
113 __le16 chan_flags;
114 u8 antsignal;
115 } __attribute__ ((packed)) *rthdr;
116
117 skb->dev = dev;
118
119 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
120
121 if (status->flag & RX_FLAG_RADIOTAP)
122 goto out;
123
124 if (skb_headroom(skb) < sizeof(*rthdr)) {
125 I802_DEBUG_INC(local->rx_expand_skb_head);
126 if (pskb_expand_head(skb, sizeof(*rthdr), 0, GFP_ATOMIC)) {
127 dev_kfree_skb(skb);
128 return;
129 }
130 }
131
132 rthdr = (struct ieee80211_rtap_hdr *) skb_push(skb, sizeof(*rthdr));
133 memset(rthdr, 0, sizeof(*rthdr));
134 rthdr->hdr.it_len = cpu_to_le16(sizeof(*rthdr));
135 rthdr->hdr.it_present =
136 cpu_to_le32((1 << IEEE80211_RADIOTAP_FLAGS) |
137 (1 << IEEE80211_RADIOTAP_RATE) |
138 (1 << IEEE80211_RADIOTAP_CHANNEL) |
139 (1 << IEEE80211_RADIOTAP_DB_ANTSIGNAL));
140 rthdr->flags = local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS ?
141 IEEE80211_RADIOTAP_F_FCS : 0;
142 rate = ieee80211_get_rate(local, status->phymode, status->rate);
143 if (rate)
144 rthdr->rate = rate->rate / 5;
145 rthdr->chan_freq = cpu_to_le16(status->freq);
146 rthdr->chan_flags =
147 status->phymode == MODE_IEEE80211A ?
148 cpu_to_le16(IEEE80211_CHAN_OFDM | IEEE80211_CHAN_5GHZ) :
149 cpu_to_le16(IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ);
150 rthdr->antsignal = status->ssi;
151
152 out:
153 sdata->stats.rx_packets++;
154 sdata->stats.rx_bytes += skb->len;
155
156 skb_set_mac_header(skb, 0);
157 skb->ip_summed = CHECKSUM_UNNECESSARY;
158 skb->pkt_type = PACKET_OTHERHOST;
159 skb->protocol = htons(ETH_P_802_2);
160 memset(skb->cb, 0, sizeof(skb->cb));
161 netif_rx(skb);
162}
163
164static ieee80211_txrx_result
165ieee80211_rx_h_monitor(struct ieee80211_txrx_data *rx)
166{
167 if (rx->sdata->type == IEEE80211_IF_TYPE_MNTR) {
168 ieee80211_rx_monitor(rx->dev, rx->skb, rx->u.rx.status);
169 return TXRX_QUEUED;
170 }
171
172 if (rx->u.rx.status->flag & RX_FLAG_RADIOTAP)
173 skb_pull(rx->skb, ieee80211_get_radiotap_len(rx->skb->data));
174
175 return TXRX_CONTINUE;
176}
177
178static ieee80211_txrx_result
179ieee80211_rx_h_passive_scan(struct ieee80211_txrx_data *rx)
180{
181 struct ieee80211_local *local = rx->local;
182 struct sk_buff *skb = rx->skb;
183
184 if (unlikely(local->sta_scanning != 0)) {
185 ieee80211_sta_rx_scan(rx->dev, skb, rx->u.rx.status);
186 return TXRX_QUEUED;
187 }
188
189 if (unlikely(rx->u.rx.in_scan)) {
190 /* scanning finished during invoking of handlers */
191 I802_DEBUG_INC(local->rx_handlers_drop_passive_scan);
192 return TXRX_DROP;
193 }
194
195 return TXRX_CONTINUE;
196}
197
198static ieee80211_txrx_result
199ieee80211_rx_h_check(struct ieee80211_txrx_data *rx)
200{
201 struct ieee80211_hdr *hdr;
202 int always_sta_key;
203 hdr = (struct ieee80211_hdr *) rx->skb->data;
204
205 /* Drop duplicate 802.11 retransmissions (IEEE 802.11 Chap. 9.2.9) */
206 if (rx->sta && !is_multicast_ether_addr(hdr->addr1)) {
207 if (unlikely(rx->fc & IEEE80211_FCTL_RETRY &&
208 rx->sta->last_seq_ctrl[rx->u.rx.queue] ==
209 hdr->seq_ctrl)) {
210 if (rx->u.rx.ra_match) {
211 rx->local->dot11FrameDuplicateCount++;
212 rx->sta->num_duplicates++;
213 }
214 return TXRX_DROP;
215 } else
216 rx->sta->last_seq_ctrl[rx->u.rx.queue] = hdr->seq_ctrl;
217 }
218
219 if ((rx->local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS) &&
220 rx->skb->len > FCS_LEN)
221 skb_trim(rx->skb, rx->skb->len - FCS_LEN);
222
223 if (unlikely(rx->skb->len < 16)) {
224 I802_DEBUG_INC(rx->local->rx_handlers_drop_short);
225 return TXRX_DROP;
226 }
227
228 if (!rx->u.rx.ra_match)
229 rx->skb->pkt_type = PACKET_OTHERHOST;
230 else if (compare_ether_addr(rx->dev->dev_addr, hdr->addr1) == 0)
231 rx->skb->pkt_type = PACKET_HOST;
232 else if (is_multicast_ether_addr(hdr->addr1)) {
233 if (is_broadcast_ether_addr(hdr->addr1))
234 rx->skb->pkt_type = PACKET_BROADCAST;
235 else
236 rx->skb->pkt_type = PACKET_MULTICAST;
237 } else
238 rx->skb->pkt_type = PACKET_OTHERHOST;
239
240 /* Drop disallowed frame classes based on STA auth/assoc state;
241 * IEEE 802.11, Chap 5.5.
242 *
243 * 80211.o does filtering only based on association state, i.e., it
244 * drops Class 3 frames from not associated stations. hostapd sends
245 * deauth/disassoc frames when needed. In addition, hostapd is
246 * responsible for filtering on both auth and assoc states.
247 */
248 if (unlikely(((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA ||
249 ((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_CTL &&
250 (rx->fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_PSPOLL)) &&
251 rx->sdata->type != IEEE80211_IF_TYPE_IBSS &&
252 (!rx->sta || !(rx->sta->flags & WLAN_STA_ASSOC)))) {
253 if ((!(rx->fc & IEEE80211_FCTL_FROMDS) &&
254 !(rx->fc & IEEE80211_FCTL_TODS) &&
255 (rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA)
256 || !rx->u.rx.ra_match) {
257 /* Drop IBSS frames and frames for other hosts
258 * silently. */
259 return TXRX_DROP;
260 }
261
262 if (!rx->local->apdev)
263 return TXRX_DROP;
264
265 ieee80211_rx_mgmt(rx->local, rx->skb, rx->u.rx.status,
266 ieee80211_msg_sta_not_assoc);
267 return TXRX_QUEUED;
268 }
269
270 if (rx->sdata->type == IEEE80211_IF_TYPE_STA)
271 always_sta_key = 0;
272 else
273 always_sta_key = 1;
274
275 if (rx->sta && rx->sta->key && always_sta_key) {
276 rx->key = rx->sta->key;
277 } else {
278 if (rx->sta && rx->sta->key)
279 rx->key = rx->sta->key;
280 else
281 rx->key = rx->sdata->default_key;
282
283 if ((rx->local->hw.flags & IEEE80211_HW_WEP_INCLUDE_IV) &&
284 rx->fc & IEEE80211_FCTL_PROTECTED) {
285 int keyidx = ieee80211_wep_get_keyidx(rx->skb);
286
287 if (keyidx >= 0 && keyidx < NUM_DEFAULT_KEYS &&
288 (!rx->sta || !rx->sta->key || keyidx > 0))
289 rx->key = rx->sdata->keys[keyidx];
290
291 if (!rx->key) {
292 if (!rx->u.rx.ra_match)
293 return TXRX_DROP;
294 printk(KERN_DEBUG "%s: RX WEP frame with "
295 "unknown keyidx %d (A1=" MAC_FMT " A2="
296 MAC_FMT " A3=" MAC_FMT ")\n",
297 rx->dev->name, keyidx,
298 MAC_ARG(hdr->addr1),
299 MAC_ARG(hdr->addr2),
300 MAC_ARG(hdr->addr3));
301 if (!rx->local->apdev)
302 return TXRX_DROP;
303 ieee80211_rx_mgmt(
304 rx->local, rx->skb, rx->u.rx.status,
305 ieee80211_msg_wep_frame_unknown_key);
306 return TXRX_QUEUED;
307 }
308 }
309 }
310
311 if (rx->fc & IEEE80211_FCTL_PROTECTED && rx->key && rx->u.rx.ra_match) {
312 rx->key->tx_rx_count++;
313 if (unlikely(rx->local->key_tx_rx_threshold &&
314 rx->key->tx_rx_count >
315 rx->local->key_tx_rx_threshold)) {
316 ieee80211_key_threshold_notify(rx->dev, rx->key,
317 rx->sta);
318 }
319 }
320
321 return TXRX_CONTINUE;
322}
323
324static void ap_sta_ps_start(struct net_device *dev, struct sta_info *sta)
325{
326 struct ieee80211_sub_if_data *sdata;
327 sdata = IEEE80211_DEV_TO_SUB_IF(sta->dev);
328
329 if (sdata->bss)
330 atomic_inc(&sdata->bss->num_sta_ps);
331 sta->flags |= WLAN_STA_PS;
332 sta->pspoll = 0;
333#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
334 printk(KERN_DEBUG "%s: STA " MAC_FMT " aid %d enters power "
335 "save mode\n", dev->name, MAC_ARG(sta->addr), sta->aid);
336#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
337}
338
339static int ap_sta_ps_end(struct net_device *dev, struct sta_info *sta)
340{
341 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
342 struct sk_buff *skb;
343 int sent = 0;
344 struct ieee80211_sub_if_data *sdata;
345 struct ieee80211_tx_packet_data *pkt_data;
346
347 sdata = IEEE80211_DEV_TO_SUB_IF(sta->dev);
348 if (sdata->bss)
349 atomic_dec(&sdata->bss->num_sta_ps);
350 sta->flags &= ~(WLAN_STA_PS | WLAN_STA_TIM);
351 sta->pspoll = 0;
352 if (!skb_queue_empty(&sta->ps_tx_buf)) {
353 if (local->ops->set_tim)
354 local->ops->set_tim(local_to_hw(local), sta->aid, 0);
355 if (sdata->bss)
356 bss_tim_clear(local, sdata->bss, sta->aid);
357 }
358#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
359 printk(KERN_DEBUG "%s: STA " MAC_FMT " aid %d exits power "
360 "save mode\n", dev->name, MAC_ARG(sta->addr), sta->aid);
361#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
362 /* Send all buffered frames to the station */
363 while ((skb = skb_dequeue(&sta->tx_filtered)) != NULL) {
364 pkt_data = (struct ieee80211_tx_packet_data *) skb->cb;
365 sent++;
366 pkt_data->requeue = 1;
367 dev_queue_xmit(skb);
368 }
369 while ((skb = skb_dequeue(&sta->ps_tx_buf)) != NULL) {
370 pkt_data = (struct ieee80211_tx_packet_data *) skb->cb;
371 local->total_ps_buffered--;
372 sent++;
373#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
374 printk(KERN_DEBUG "%s: STA " MAC_FMT " aid %d send PS frame "
375 "since STA not sleeping anymore\n", dev->name,
376 MAC_ARG(sta->addr), sta->aid);
377#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
378 pkt_data->requeue = 1;
379 dev_queue_xmit(skb);
380 }
381
382 return sent;
383}
384
385static ieee80211_txrx_result
386ieee80211_rx_h_sta_process(struct ieee80211_txrx_data *rx)
387{
388 struct sta_info *sta = rx->sta;
389 struct net_device *dev = rx->dev;
390 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
391
392 if (!sta)
393 return TXRX_CONTINUE;
394
395 /* Update last_rx only for IBSS packets which are for the current
396 * BSSID to avoid keeping the current IBSS network alive in cases where
397 * other STAs are using different BSSID. */
398 if (rx->sdata->type == IEEE80211_IF_TYPE_IBSS) {
399 u8 *bssid = ieee80211_get_bssid(hdr, rx->skb->len);
400 if (compare_ether_addr(bssid, rx->sdata->u.sta.bssid) == 0)
401 sta->last_rx = jiffies;
402 } else
403 if (!is_multicast_ether_addr(hdr->addr1) ||
404 rx->sdata->type == IEEE80211_IF_TYPE_STA) {
405 /* Update last_rx only for unicast frames in order to prevent
406 * the Probe Request frames (the only broadcast frames from a
407 * STA in infrastructure mode) from keeping a connection alive.
408 */
409 sta->last_rx = jiffies;
410 }
411
412 if (!rx->u.rx.ra_match)
413 return TXRX_CONTINUE;
414
415 sta->rx_fragments++;
416 sta->rx_bytes += rx->skb->len;
417 sta->last_rssi = (sta->last_rssi * 15 +
418 rx->u.rx.status->ssi) / 16;
419 sta->last_signal = (sta->last_signal * 15 +
420 rx->u.rx.status->signal) / 16;
421 sta->last_noise = (sta->last_noise * 15 +
422 rx->u.rx.status->noise) / 16;
423
424 if (!(rx->fc & IEEE80211_FCTL_MOREFRAGS)) {
425 /* Change STA power saving mode only in the end of a frame
426 * exchange sequence */
427 if ((sta->flags & WLAN_STA_PS) && !(rx->fc & IEEE80211_FCTL_PM))
428 rx->u.rx.sent_ps_buffered += ap_sta_ps_end(dev, sta);
429 else if (!(sta->flags & WLAN_STA_PS) &&
430 (rx->fc & IEEE80211_FCTL_PM))
431 ap_sta_ps_start(dev, sta);
432 }
433
434 /* Drop data::nullfunc frames silently, since they are used only to
435 * control station power saving mode. */
436 if ((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA &&
437 (rx->fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_NULLFUNC) {
438 I802_DEBUG_INC(rx->local->rx_handlers_drop_nullfunc);
439 /* Update counter and free packet here to avoid counting this
440 * as a dropped packed. */
441 sta->rx_packets++;
442 dev_kfree_skb(rx->skb);
443 return TXRX_QUEUED;
444 }
445
446 return TXRX_CONTINUE;
447} /* ieee80211_rx_h_sta_process */
448
449static ieee80211_txrx_result
450ieee80211_rx_h_wep_weak_iv_detection(struct ieee80211_txrx_data *rx)
451{
452 if (!rx->sta || !(rx->fc & IEEE80211_FCTL_PROTECTED) ||
453 (rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA ||
454 !rx->key || rx->key->alg != ALG_WEP || !rx->u.rx.ra_match)
455 return TXRX_CONTINUE;
456
457 /* Check for weak IVs, if hwaccel did not remove IV from the frame */
458 if ((rx->local->hw.flags & IEEE80211_HW_WEP_INCLUDE_IV) ||
459 rx->key->force_sw_encrypt) {
460 u8 *iv = ieee80211_wep_is_weak_iv(rx->skb, rx->key);
461 if (iv) {
462 rx->sta->wep_weak_iv_count++;
463 }
464 }
465
466 return TXRX_CONTINUE;
467}
468
469static ieee80211_txrx_result
470ieee80211_rx_h_wep_decrypt(struct ieee80211_txrx_data *rx)
471{
472 /* If the device handles decryption totally, skip this test */
473 if (rx->local->hw.flags & IEEE80211_HW_DEVICE_HIDES_WEP)
474 return TXRX_CONTINUE;
475
476 if ((rx->key && rx->key->alg != ALG_WEP) ||
477 !(rx->fc & IEEE80211_FCTL_PROTECTED) ||
478 ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA &&
479 ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT ||
480 (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_AUTH)))
481 return TXRX_CONTINUE;
482
483 if (!rx->key) {
484 printk(KERN_DEBUG "%s: RX WEP frame, but no key set\n",
485 rx->dev->name);
486 return TXRX_DROP;
487 }
488
489 if (!(rx->u.rx.status->flag & RX_FLAG_DECRYPTED) ||
490 rx->key->force_sw_encrypt) {
491 if (ieee80211_wep_decrypt(rx->local, rx->skb, rx->key)) {
492 printk(KERN_DEBUG "%s: RX WEP frame, decrypt "
493 "failed\n", rx->dev->name);
494 return TXRX_DROP;
495 }
496 } else if (rx->local->hw.flags & IEEE80211_HW_WEP_INCLUDE_IV) {
497 ieee80211_wep_remove_iv(rx->local, rx->skb, rx->key);
498 /* remove ICV */
499 skb_trim(rx->skb, rx->skb->len - 4);
500 }
501
502 return TXRX_CONTINUE;
503}
504
505static inline struct ieee80211_fragment_entry *
506ieee80211_reassemble_add(struct ieee80211_sub_if_data *sdata,
507 unsigned int frag, unsigned int seq, int rx_queue,
508 struct sk_buff **skb)
509{
510 struct ieee80211_fragment_entry *entry;
511 int idx;
512
513 idx = sdata->fragment_next;
514 entry = &sdata->fragments[sdata->fragment_next++];
515 if (sdata->fragment_next >= IEEE80211_FRAGMENT_MAX)
516 sdata->fragment_next = 0;
517
518 if (!skb_queue_empty(&entry->skb_list)) {
519#ifdef CONFIG_MAC80211_DEBUG
520 struct ieee80211_hdr *hdr =
521 (struct ieee80211_hdr *) entry->skb_list.next->data;
522 printk(KERN_DEBUG "%s: RX reassembly removed oldest "
523 "fragment entry (idx=%d age=%lu seq=%d last_frag=%d "
524 "addr1=" MAC_FMT " addr2=" MAC_FMT "\n",
525 sdata->dev->name, idx,
526 jiffies - entry->first_frag_time, entry->seq,
527 entry->last_frag, MAC_ARG(hdr->addr1),
528 MAC_ARG(hdr->addr2));
529#endif /* CONFIG_MAC80211_DEBUG */
530 __skb_queue_purge(&entry->skb_list);
531 }
532
533 __skb_queue_tail(&entry->skb_list, *skb); /* no need for locking */
534 *skb = NULL;
535 entry->first_frag_time = jiffies;
536 entry->seq = seq;
537 entry->rx_queue = rx_queue;
538 entry->last_frag = frag;
539 entry->ccmp = 0;
540 entry->extra_len = 0;
541
542 return entry;
543}
544
545static inline struct ieee80211_fragment_entry *
546ieee80211_reassemble_find(struct ieee80211_sub_if_data *sdata,
547 u16 fc, unsigned int frag, unsigned int seq,
548 int rx_queue, struct ieee80211_hdr *hdr)
549{
550 struct ieee80211_fragment_entry *entry;
551 int i, idx;
552
553 idx = sdata->fragment_next;
554 for (i = 0; i < IEEE80211_FRAGMENT_MAX; i++) {
555 struct ieee80211_hdr *f_hdr;
556 u16 f_fc;
557
558 idx--;
559 if (idx < 0)
560 idx = IEEE80211_FRAGMENT_MAX - 1;
561
562 entry = &sdata->fragments[idx];
563 if (skb_queue_empty(&entry->skb_list) || entry->seq != seq ||
564 entry->rx_queue != rx_queue ||
565 entry->last_frag + 1 != frag)
566 continue;
567
568 f_hdr = (struct ieee80211_hdr *) entry->skb_list.next->data;
569 f_fc = le16_to_cpu(f_hdr->frame_control);
570
571 if ((fc & IEEE80211_FCTL_FTYPE) != (f_fc & IEEE80211_FCTL_FTYPE) ||
572 compare_ether_addr(hdr->addr1, f_hdr->addr1) != 0 ||
573 compare_ether_addr(hdr->addr2, f_hdr->addr2) != 0)
574 continue;
575
576 if (entry->first_frag_time + 2 * HZ < jiffies) {
577 __skb_queue_purge(&entry->skb_list);
578 continue;
579 }
580 return entry;
581 }
582
583 return NULL;
584}
585
586static ieee80211_txrx_result
587ieee80211_rx_h_defragment(struct ieee80211_txrx_data *rx)
588{
589 struct ieee80211_hdr *hdr;
590 u16 sc;
591 unsigned int frag, seq;
592 struct ieee80211_fragment_entry *entry;
593 struct sk_buff *skb;
594
595 hdr = (struct ieee80211_hdr *) rx->skb->data;
596 sc = le16_to_cpu(hdr->seq_ctrl);
597 frag = sc & IEEE80211_SCTL_FRAG;
598
599 if (likely((!(rx->fc & IEEE80211_FCTL_MOREFRAGS) && frag == 0) ||
600 (rx->skb)->len < 24 ||
601 is_multicast_ether_addr(hdr->addr1))) {
602 /* not fragmented */
603 goto out;
604 }
605 I802_DEBUG_INC(rx->local->rx_handlers_fragments);
606
607 seq = (sc & IEEE80211_SCTL_SEQ) >> 4;
608
609 if (frag == 0) {
610 /* This is the first fragment of a new frame. */
611 entry = ieee80211_reassemble_add(rx->sdata, frag, seq,
612 rx->u.rx.queue, &(rx->skb));
613 if (rx->key && rx->key->alg == ALG_CCMP &&
614 (rx->fc & IEEE80211_FCTL_PROTECTED)) {
615 /* Store CCMP PN so that we can verify that the next
616 * fragment has a sequential PN value. */
617 entry->ccmp = 1;
618 memcpy(entry->last_pn,
619 rx->key->u.ccmp.rx_pn[rx->u.rx.queue],
620 CCMP_PN_LEN);
621 }
622 return TXRX_QUEUED;
623 }
624
625 /* This is a fragment for a frame that should already be pending in
626 * fragment cache. Add this fragment to the end of the pending entry.
627 */
628 entry = ieee80211_reassemble_find(rx->sdata, rx->fc, frag, seq,
629 rx->u.rx.queue, hdr);
630 if (!entry) {
631 I802_DEBUG_INC(rx->local->rx_handlers_drop_defrag);
632 return TXRX_DROP;
633 }
634
635 /* Verify that MPDUs within one MSDU have sequential PN values.
636 * (IEEE 802.11i, 8.3.3.4.5) */
637 if (entry->ccmp) {
638 int i;
639 u8 pn[CCMP_PN_LEN], *rpn;
640 if (!rx->key || rx->key->alg != ALG_CCMP)
641 return TXRX_DROP;
642 memcpy(pn, entry->last_pn, CCMP_PN_LEN);
643 for (i = CCMP_PN_LEN - 1; i >= 0; i--) {
644 pn[i]++;
645 if (pn[i])
646 break;
647 }
648 rpn = rx->key->u.ccmp.rx_pn[rx->u.rx.queue];
649 if (memcmp(pn, rpn, CCMP_PN_LEN) != 0) {
650 printk(KERN_DEBUG "%s: defrag: CCMP PN not sequential"
651 " A2=" MAC_FMT " PN=%02x%02x%02x%02x%02x%02x "
652 "(expected %02x%02x%02x%02x%02x%02x)\n",
653 rx->dev->name, MAC_ARG(hdr->addr2),
654 rpn[0], rpn[1], rpn[2], rpn[3], rpn[4], rpn[5],
655 pn[0], pn[1], pn[2], pn[3], pn[4], pn[5]);
656 return TXRX_DROP;
657 }
658 memcpy(entry->last_pn, pn, CCMP_PN_LEN);
659 }
660
661 skb_pull(rx->skb, ieee80211_get_hdrlen(rx->fc));
662 __skb_queue_tail(&entry->skb_list, rx->skb);
663 entry->last_frag = frag;
664 entry->extra_len += rx->skb->len;
665 if (rx->fc & IEEE80211_FCTL_MOREFRAGS) {
666 rx->skb = NULL;
667 return TXRX_QUEUED;
668 }
669
670 rx->skb = __skb_dequeue(&entry->skb_list);
671 if (skb_tailroom(rx->skb) < entry->extra_len) {
672 I802_DEBUG_INC(rx->local->rx_expand_skb_head2);
673 if (unlikely(pskb_expand_head(rx->skb, 0, entry->extra_len,
674 GFP_ATOMIC))) {
675 I802_DEBUG_INC(rx->local->rx_handlers_drop_defrag);
676 __skb_queue_purge(&entry->skb_list);
677 return TXRX_DROP;
678 }
679 }
680 while ((skb = __skb_dequeue(&entry->skb_list))) {
681 memcpy(skb_put(rx->skb, skb->len), skb->data, skb->len);
682 dev_kfree_skb(skb);
683 }
684
685 /* Complete frame has been reassembled - process it now */
686 rx->fragmented = 1;
687
688 out:
689 if (rx->sta)
690 rx->sta->rx_packets++;
691 if (is_multicast_ether_addr(hdr->addr1))
692 rx->local->dot11MulticastReceivedFrameCount++;
693 else
694 ieee80211_led_rx(rx->local);
695 return TXRX_CONTINUE;
696}
697
698static ieee80211_txrx_result
699ieee80211_rx_h_ps_poll(struct ieee80211_txrx_data *rx)
700{
701 struct sk_buff *skb;
702 int no_pending_pkts;
703
704 if (likely(!rx->sta ||
705 (rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_CTL ||
706 (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_PSPOLL ||
707 !rx->u.rx.ra_match))
708 return TXRX_CONTINUE;
709
710 skb = skb_dequeue(&rx->sta->tx_filtered);
711 if (!skb) {
712 skb = skb_dequeue(&rx->sta->ps_tx_buf);
713 if (skb)
714 rx->local->total_ps_buffered--;
715 }
716 no_pending_pkts = skb_queue_empty(&rx->sta->tx_filtered) &&
717 skb_queue_empty(&rx->sta->ps_tx_buf);
718
719 if (skb) {
720 struct ieee80211_hdr *hdr =
721 (struct ieee80211_hdr *) skb->data;
722
723 /* tell TX path to send one frame even though the STA may
724 * still remain is PS mode after this frame exchange */
725 rx->sta->pspoll = 1;
726
727#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
728 printk(KERN_DEBUG "STA " MAC_FMT " aid %d: PS Poll (entries "
729 "after %d)\n",
730 MAC_ARG(rx->sta->addr), rx->sta->aid,
731 skb_queue_len(&rx->sta->ps_tx_buf));
732#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
733
734 /* Use MoreData flag to indicate whether there are more
735 * buffered frames for this STA */
736 if (no_pending_pkts) {
737 hdr->frame_control &= cpu_to_le16(~IEEE80211_FCTL_MOREDATA);
738 rx->sta->flags &= ~WLAN_STA_TIM;
739 } else
740 hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_MOREDATA);
741
742 dev_queue_xmit(skb);
743
744 if (no_pending_pkts) {
745 if (rx->local->ops->set_tim)
746 rx->local->ops->set_tim(local_to_hw(rx->local),
747 rx->sta->aid, 0);
748 if (rx->sdata->bss)
749 bss_tim_clear(rx->local, rx->sdata->bss, rx->sta->aid);
750 }
751#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
752 } else if (!rx->u.rx.sent_ps_buffered) {
753 printk(KERN_DEBUG "%s: STA " MAC_FMT " sent PS Poll even "
754 "though there is no buffered frames for it\n",
755 rx->dev->name, MAC_ARG(rx->sta->addr));
756#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
757
758 }
759
760 /* Free PS Poll skb here instead of returning TXRX_DROP that would
761 * count as an dropped frame. */
762 dev_kfree_skb(rx->skb);
763
764 return TXRX_QUEUED;
765}
766
767static ieee80211_txrx_result
768ieee80211_rx_h_802_1x_pae(struct ieee80211_txrx_data *rx)
769{
770 if (rx->sdata->eapol && ieee80211_is_eapol(rx->skb) &&
771 rx->sdata->type != IEEE80211_IF_TYPE_STA && rx->u.rx.ra_match) {
772 /* Pass both encrypted and unencrypted EAPOL frames to user
773 * space for processing. */
774 if (!rx->local->apdev)
775 return TXRX_DROP;
776 ieee80211_rx_mgmt(rx->local, rx->skb, rx->u.rx.status,
777 ieee80211_msg_normal);
778 return TXRX_QUEUED;
779 }
780
781 if (unlikely(rx->sdata->ieee802_1x &&
782 (rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA &&
783 (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_NULLFUNC &&
784 (!rx->sta || !(rx->sta->flags & WLAN_STA_AUTHORIZED)) &&
785 !ieee80211_is_eapol(rx->skb))) {
786#ifdef CONFIG_MAC80211_DEBUG
787 struct ieee80211_hdr *hdr =
788 (struct ieee80211_hdr *) rx->skb->data;
789 printk(KERN_DEBUG "%s: dropped frame from " MAC_FMT
790 " (unauthorized port)\n", rx->dev->name,
791 MAC_ARG(hdr->addr2));
792#endif /* CONFIG_MAC80211_DEBUG */
793 return TXRX_DROP;
794 }
795
796 return TXRX_CONTINUE;
797}
798
799static ieee80211_txrx_result
800ieee80211_rx_h_drop_unencrypted(struct ieee80211_txrx_data *rx)
801{
802 /* If the device handles decryption totally, skip this test */
803 if (rx->local->hw.flags & IEEE80211_HW_DEVICE_HIDES_WEP)
804 return TXRX_CONTINUE;
805
806 /* Drop unencrypted frames if key is set. */
807 if (unlikely(!(rx->fc & IEEE80211_FCTL_PROTECTED) &&
808 (rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA &&
809 (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_NULLFUNC &&
810 (rx->key || rx->sdata->drop_unencrypted) &&
811 (rx->sdata->eapol == 0 ||
812 !ieee80211_is_eapol(rx->skb)))) {
813 printk(KERN_DEBUG "%s: RX non-WEP frame, but expected "
814 "encryption\n", rx->dev->name);
815 return TXRX_DROP;
816 }
817 return TXRX_CONTINUE;
818}
819
820static ieee80211_txrx_result
821ieee80211_rx_h_data(struct ieee80211_txrx_data *rx)
822{
823 struct net_device *dev = rx->dev;
824 struct ieee80211_local *local = rx->local;
825 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
826 u16 fc, hdrlen, ethertype;
827 u8 *payload;
828 u8 dst[ETH_ALEN];
829 u8 src[ETH_ALEN];
830 struct sk_buff *skb = rx->skb, *skb2;
831 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
832
833 fc = rx->fc;
834 if (unlikely((fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA))
835 return TXRX_CONTINUE;
836
837 if (unlikely(!WLAN_FC_DATA_PRESENT(fc)))
838 return TXRX_DROP;
839
840 hdrlen = ieee80211_get_hdrlen(fc);
841
842 /* convert IEEE 802.11 header + possible LLC headers into Ethernet
843 * header
844 * IEEE 802.11 address fields:
845 * ToDS FromDS Addr1 Addr2 Addr3 Addr4
846 * 0 0 DA SA BSSID n/a
847 * 0 1 DA BSSID SA n/a
848 * 1 0 BSSID SA DA n/a
849 * 1 1 RA TA DA SA
850 */
851
852 switch (fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) {
853 case IEEE80211_FCTL_TODS:
854 /* BSSID SA DA */
855 memcpy(dst, hdr->addr3, ETH_ALEN);
856 memcpy(src, hdr->addr2, ETH_ALEN);
857
858 if (unlikely(sdata->type != IEEE80211_IF_TYPE_AP &&
859 sdata->type != IEEE80211_IF_TYPE_VLAN)) {
860 printk(KERN_DEBUG "%s: dropped ToDS frame (BSSID="
861 MAC_FMT " SA=" MAC_FMT " DA=" MAC_FMT ")\n",
862 dev->name, MAC_ARG(hdr->addr1),
863 MAC_ARG(hdr->addr2), MAC_ARG(hdr->addr3));
864 return TXRX_DROP;
865 }
866 break;
867 case (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS):
868 /* RA TA DA SA */
869 memcpy(dst, hdr->addr3, ETH_ALEN);
870 memcpy(src, hdr->addr4, ETH_ALEN);
871
872 if (unlikely(sdata->type != IEEE80211_IF_TYPE_WDS)) {
873 printk(KERN_DEBUG "%s: dropped FromDS&ToDS frame (RA="
874 MAC_FMT " TA=" MAC_FMT " DA=" MAC_FMT " SA="
875 MAC_FMT ")\n",
876 rx->dev->name, MAC_ARG(hdr->addr1),
877 MAC_ARG(hdr->addr2), MAC_ARG(hdr->addr3),
878 MAC_ARG(hdr->addr4));
879 return TXRX_DROP;
880 }
881 break;
882 case IEEE80211_FCTL_FROMDS:
883 /* DA BSSID SA */
884 memcpy(dst, hdr->addr1, ETH_ALEN);
885 memcpy(src, hdr->addr3, ETH_ALEN);
886
887 if (sdata->type != IEEE80211_IF_TYPE_STA) {
888 return TXRX_DROP;
889 }
890 break;
891 case 0:
892 /* DA SA BSSID */
893 memcpy(dst, hdr->addr1, ETH_ALEN);
894 memcpy(src, hdr->addr2, ETH_ALEN);
895
896 if (sdata->type != IEEE80211_IF_TYPE_IBSS) {
897 if (net_ratelimit()) {
898 printk(KERN_DEBUG "%s: dropped IBSS frame (DA="
899 MAC_FMT " SA=" MAC_FMT " BSSID=" MAC_FMT
900 ")\n",
901 dev->name, MAC_ARG(hdr->addr1),
902 MAC_ARG(hdr->addr2),
903 MAC_ARG(hdr->addr3));
904 }
905 return TXRX_DROP;
906 }
907 break;
908 }
909
910 payload = skb->data + hdrlen;
911
912 if (unlikely(skb->len - hdrlen < 8)) {
913 if (net_ratelimit()) {
914 printk(KERN_DEBUG "%s: RX too short data frame "
915 "payload\n", dev->name);
916 }
917 return TXRX_DROP;
918 }
919
920 ethertype = (payload[6] << 8) | payload[7];
921
922 if (likely((compare_ether_addr(payload, rfc1042_header) == 0 &&
923 ethertype != ETH_P_AARP && ethertype != ETH_P_IPX) ||
924 compare_ether_addr(payload, bridge_tunnel_header) == 0)) {
925 /* remove RFC1042 or Bridge-Tunnel encapsulation and
926 * replace EtherType */
927 skb_pull(skb, hdrlen + 6);
928 memcpy(skb_push(skb, ETH_ALEN), src, ETH_ALEN);
929 memcpy(skb_push(skb, ETH_ALEN), dst, ETH_ALEN);
930 } else {
931 struct ethhdr *ehdr;
932 __be16 len;
933 skb_pull(skb, hdrlen);
934 len = htons(skb->len);
935 ehdr = (struct ethhdr *) skb_push(skb, sizeof(struct ethhdr));
936 memcpy(ehdr->h_dest, dst, ETH_ALEN);
937 memcpy(ehdr->h_source, src, ETH_ALEN);
938 ehdr->h_proto = len;
939 }
940 skb->dev = dev;
941
942 skb2 = NULL;
943
944 sdata->stats.rx_packets++;
945 sdata->stats.rx_bytes += skb->len;
946
947 if (local->bridge_packets && (sdata->type == IEEE80211_IF_TYPE_AP
948 || sdata->type == IEEE80211_IF_TYPE_VLAN) && rx->u.rx.ra_match) {
949 if (is_multicast_ether_addr(skb->data)) {
950 /* send multicast frames both to higher layers in
951 * local net stack and back to the wireless media */
952 skb2 = skb_copy(skb, GFP_ATOMIC);
953 if (!skb2)
954 printk(KERN_DEBUG "%s: failed to clone "
955 "multicast frame\n", dev->name);
956 } else {
957 struct sta_info *dsta;
958 dsta = sta_info_get(local, skb->data);
959 if (dsta && !dsta->dev) {
960 printk(KERN_DEBUG "Station with null dev "
961 "structure!\n");
962 } else if (dsta && dsta->dev == dev) {
963 /* Destination station is associated to this
964 * AP, so send the frame directly to it and
965 * do not pass the frame to local net stack.
966 */
967 skb2 = skb;
968 skb = NULL;
969 }
970 if (dsta)
971 sta_info_put(dsta);
972 }
973 }
974
975 if (skb) {
976 /* deliver to local stack */
977 skb->protocol = eth_type_trans(skb, dev);
978 memset(skb->cb, 0, sizeof(skb->cb));
979 netif_rx(skb);
980 }
981
982 if (skb2) {
983 /* send to wireless media */
984 skb2->protocol = __constant_htons(ETH_P_802_3);
985 skb_set_network_header(skb2, 0);
986 skb_set_mac_header(skb2, 0);
987 dev_queue_xmit(skb2);
988 }
989
990 return TXRX_QUEUED;
991}
992
993static ieee80211_txrx_result
994ieee80211_rx_h_mgmt(struct ieee80211_txrx_data *rx)
995{
996 struct ieee80211_sub_if_data *sdata;
997
998 if (!rx->u.rx.ra_match)
999 return TXRX_DROP;
1000
1001 sdata = IEEE80211_DEV_TO_SUB_IF(rx->dev);
1002 if ((sdata->type == IEEE80211_IF_TYPE_STA ||
1003 sdata->type == IEEE80211_IF_TYPE_IBSS) &&
1004 !rx->local->user_space_mlme) {
1005 ieee80211_sta_rx_mgmt(rx->dev, rx->skb, rx->u.rx.status);
1006 } else {
1007 /* Management frames are sent to hostapd for processing */
1008 if (!rx->local->apdev)
1009 return TXRX_DROP;
1010 ieee80211_rx_mgmt(rx->local, rx->skb, rx->u.rx.status,
1011 ieee80211_msg_normal);
1012 }
1013 return TXRX_QUEUED;
1014}
1015
1016static inline ieee80211_txrx_result __ieee80211_invoke_rx_handlers(
1017 struct ieee80211_local *local,
1018 ieee80211_rx_handler *handlers,
1019 struct ieee80211_txrx_data *rx,
1020 struct sta_info *sta)
1021{
1022 ieee80211_rx_handler *handler;
1023 ieee80211_txrx_result res = TXRX_DROP;
1024
1025 for (handler = handlers; *handler != NULL; handler++) {
1026 res = (*handler)(rx);
1027 if (res != TXRX_CONTINUE) {
1028 if (res == TXRX_DROP) {
1029 I802_DEBUG_INC(local->rx_handlers_drop);
1030 if (sta)
1031 sta->rx_dropped++;
1032 }
1033 if (res == TXRX_QUEUED)
1034 I802_DEBUG_INC(local->rx_handlers_queued);
1035 break;
1036 }
1037 }
1038
1039 if (res == TXRX_DROP) {
1040 dev_kfree_skb(rx->skb);
1041 }
1042 return res;
1043}
1044
1045static inline void ieee80211_invoke_rx_handlers(struct ieee80211_local *local,
1046 ieee80211_rx_handler *handlers,
1047 struct ieee80211_txrx_data *rx,
1048 struct sta_info *sta)
1049{
1050 if (__ieee80211_invoke_rx_handlers(local, handlers, rx, sta) ==
1051 TXRX_CONTINUE)
1052 dev_kfree_skb(rx->skb);
1053}
1054
1055static void ieee80211_rx_michael_mic_report(struct net_device *dev,
1056 struct ieee80211_hdr *hdr,
1057 struct sta_info *sta,
1058 struct ieee80211_txrx_data *rx)
1059{
1060 int keyidx, hdrlen;
1061
1062 hdrlen = ieee80211_get_hdrlen_from_skb(rx->skb);
1063 if (rx->skb->len >= hdrlen + 4)
1064 keyidx = rx->skb->data[hdrlen + 3] >> 6;
1065 else
1066 keyidx = -1;
1067
1068 /* TODO: verify that this is not triggered by fragmented
1069 * frames (hw does not verify MIC for them). */
1070 printk(KERN_DEBUG "%s: TKIP hwaccel reported Michael MIC "
1071 "failure from " MAC_FMT " to " MAC_FMT " keyidx=%d\n",
1072 dev->name, MAC_ARG(hdr->addr2), MAC_ARG(hdr->addr1), keyidx);
1073
1074 if (!sta) {
1075 /* Some hardware versions seem to generate incorrect
1076 * Michael MIC reports; ignore them to avoid triggering
1077 * countermeasures. */
1078 printk(KERN_DEBUG "%s: ignored spurious Michael MIC "
1079 "error for unknown address " MAC_FMT "\n",
1080 dev->name, MAC_ARG(hdr->addr2));
1081 goto ignore;
1082 }
1083
1084 if (!(rx->fc & IEEE80211_FCTL_PROTECTED)) {
1085 printk(KERN_DEBUG "%s: ignored spurious Michael MIC "
1086 "error for a frame with no ISWEP flag (src "
1087 MAC_FMT ")\n", dev->name, MAC_ARG(hdr->addr2));
1088 goto ignore;
1089 }
1090
1091 if ((rx->local->hw.flags & IEEE80211_HW_WEP_INCLUDE_IV) &&
1092 rx->sdata->type == IEEE80211_IF_TYPE_AP) {
1093 keyidx = ieee80211_wep_get_keyidx(rx->skb);
1094 /* AP with Pairwise keys support should never receive Michael
1095 * MIC errors for non-zero keyidx because these are reserved
1096 * for group keys and only the AP is sending real multicast
1097 * frames in BSS. */
1098 if (keyidx) {
1099 printk(KERN_DEBUG "%s: ignored Michael MIC error for "
1100 "a frame with non-zero keyidx (%d) (src " MAC_FMT
1101 ")\n", dev->name, keyidx, MAC_ARG(hdr->addr2));
1102 goto ignore;
1103 }
1104 }
1105
1106 if ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA &&
1107 ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT ||
1108 (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_AUTH)) {
1109 printk(KERN_DEBUG "%s: ignored spurious Michael MIC "
1110 "error for a frame that cannot be encrypted "
1111 "(fc=0x%04x) (src " MAC_FMT ")\n",
1112 dev->name, rx->fc, MAC_ARG(hdr->addr2));
1113 goto ignore;
1114 }
1115
1116 do {
1117 union iwreq_data wrqu;
1118 char *buf = kmalloc(128, GFP_ATOMIC);
1119 if (!buf)
1120 break;
1121
1122 /* TODO: needed parameters: count, key type, TSC */
1123 sprintf(buf, "MLME-MICHAELMICFAILURE.indication("
1124 "keyid=%d %scast addr=" MAC_FMT ")",
1125 keyidx, hdr->addr1[0] & 0x01 ? "broad" : "uni",
1126 MAC_ARG(hdr->addr2));
1127 memset(&wrqu, 0, sizeof(wrqu));
1128 wrqu.data.length = strlen(buf);
1129 wireless_send_event(rx->dev, IWEVCUSTOM, &wrqu, buf);
1130 kfree(buf);
1131 } while (0);
1132
1133 /* TODO: consider verifying the MIC error report with software
1134 * implementation if we get too many spurious reports from the
1135 * hardware. */
1136 if (!rx->local->apdev)
1137 goto ignore;
1138 ieee80211_rx_mgmt(rx->local, rx->skb, rx->u.rx.status,
1139 ieee80211_msg_michael_mic_failure);
1140 return;
1141
1142 ignore:
1143 dev_kfree_skb(rx->skb);
1144 rx->skb = NULL;
1145}
1146
1147ieee80211_rx_handler ieee80211_rx_handlers[] =
1148{
1149 ieee80211_rx_h_if_stats,
1150 ieee80211_rx_h_monitor,
1151 ieee80211_rx_h_passive_scan,
1152 ieee80211_rx_h_check,
1153 ieee80211_rx_h_sta_process,
1154 ieee80211_rx_h_ccmp_decrypt,
1155 ieee80211_rx_h_tkip_decrypt,
1156 ieee80211_rx_h_wep_weak_iv_detection,
1157 ieee80211_rx_h_wep_decrypt,
1158 ieee80211_rx_h_defragment,
1159 ieee80211_rx_h_ps_poll,
1160 ieee80211_rx_h_michael_mic_verify,
1161 /* this must be after decryption - so header is counted in MPDU mic
1162 * must be before pae and data, so QOS_DATA format frames
1163 * are not passed to user space by these functions
1164 */
1165 ieee80211_rx_h_remove_qos_control,
1166 ieee80211_rx_h_802_1x_pae,
1167 ieee80211_rx_h_drop_unencrypted,
1168 ieee80211_rx_h_data,
1169 ieee80211_rx_h_mgmt,
1170 NULL
1171};
1172
1173/* main receive path */
1174
1175/*
1176 * This is the receive path handler. It is called by a low level driver when an
1177 * 802.11 MPDU is received from the hardware.
1178 */
1179void __ieee80211_rx(struct ieee80211_hw *hw, struct sk_buff *skb,
1180 struct ieee80211_rx_status *status)
1181{
1182 struct ieee80211_local *local = hw_to_local(hw);
1183 struct ieee80211_sub_if_data *sdata;
1184 struct sta_info *sta;
1185 struct ieee80211_hdr *hdr;
1186 struct ieee80211_txrx_data rx;
1187 u16 type;
1188 int multicast;
1189 int radiotap_len = 0;
1190
1191 if (status->flag & RX_FLAG_RADIOTAP) {
1192 radiotap_len = ieee80211_get_radiotap_len(skb->data);
1193 skb_pull(skb, radiotap_len);
1194 }
1195
1196 hdr = (struct ieee80211_hdr *) skb->data;
1197 memset(&rx, 0, sizeof(rx));
1198 rx.skb = skb;
1199 rx.local = local;
1200
1201 rx.u.rx.status = status;
1202 rx.fc = skb->len >= 2 ? le16_to_cpu(hdr->frame_control) : 0;
1203 type = rx.fc & IEEE80211_FCTL_FTYPE;
1204 if (type == IEEE80211_FTYPE_DATA || type == IEEE80211_FTYPE_MGMT)
1205 local->dot11ReceivedFragmentCount++;
1206 multicast = is_multicast_ether_addr(hdr->addr1);
1207
1208 if (skb->len >= 16)
1209 sta = rx.sta = sta_info_get(local, hdr->addr2);
1210 else
1211 sta = rx.sta = NULL;
1212
1213 if (sta) {
1214 rx.dev = sta->dev;
1215 rx.sdata = IEEE80211_DEV_TO_SUB_IF(rx.dev);
1216 }
1217
1218 if ((status->flag & RX_FLAG_MMIC_ERROR)) {
1219 ieee80211_rx_michael_mic_report(local->mdev, hdr, sta, &rx);
1220 goto end;
1221 }
1222
1223 if (unlikely(local->sta_scanning))
1224 rx.u.rx.in_scan = 1;
1225
1226 if (__ieee80211_invoke_rx_handlers(local, local->rx_pre_handlers, &rx,
1227 sta) != TXRX_CONTINUE)
1228 goto end;
1229 skb = rx.skb;
1230
1231 skb_push(skb, radiotap_len);
1232 if (sta && !sta->assoc_ap && !(sta->flags & WLAN_STA_WDS) &&
1233 !local->iff_promiscs && !multicast) {
1234 rx.u.rx.ra_match = 1;
1235 ieee80211_invoke_rx_handlers(local, local->rx_handlers, &rx,
1236 sta);
1237 } else {
1238 struct ieee80211_sub_if_data *prev = NULL;
1239 struct sk_buff *skb_new;
1240 u8 *bssid = ieee80211_get_bssid(hdr, skb->len - radiotap_len);
1241
1242 read_lock(&local->sub_if_lock);
1243 list_for_each_entry(sdata, &local->sub_if_list, list) {
1244 rx.u.rx.ra_match = 1;
1245 switch (sdata->type) {
1246 case IEEE80211_IF_TYPE_STA:
1247 if (!bssid)
1248 continue;
1249 if (!ieee80211_bssid_match(bssid,
1250 sdata->u.sta.bssid)) {
1251 if (!rx.u.rx.in_scan)
1252 continue;
1253 rx.u.rx.ra_match = 0;
1254 } else if (!multicast &&
1255 compare_ether_addr(sdata->dev->dev_addr,
1256 hdr->addr1) != 0) {
1257 if (!sdata->promisc)
1258 continue;
1259 rx.u.rx.ra_match = 0;
1260 }
1261 break;
1262 case IEEE80211_IF_TYPE_IBSS:
1263 if (!bssid)
1264 continue;
1265 if (!ieee80211_bssid_match(bssid,
1266 sdata->u.sta.bssid)) {
1267 if (!rx.u.rx.in_scan)
1268 continue;
1269 rx.u.rx.ra_match = 0;
1270 } else if (!multicast &&
1271 compare_ether_addr(sdata->dev->dev_addr,
1272 hdr->addr1) != 0) {
1273 if (!sdata->promisc)
1274 continue;
1275 rx.u.rx.ra_match = 0;
1276 } else if (!sta)
1277 sta = rx.sta =
1278 ieee80211_ibss_add_sta(sdata->dev,
1279 skb, bssid,
1280 hdr->addr2);
1281 break;
1282 case IEEE80211_IF_TYPE_AP:
1283 if (!bssid) {
1284 if (compare_ether_addr(sdata->dev->dev_addr,
1285 hdr->addr1) != 0)
1286 continue;
1287 } else if (!ieee80211_bssid_match(bssid,
1288 sdata->dev->dev_addr)) {
1289 if (!rx.u.rx.in_scan)
1290 continue;
1291 rx.u.rx.ra_match = 0;
1292 }
1293 if (sdata->dev == local->mdev &&
1294 !rx.u.rx.in_scan)
1295 /* do not receive anything via
1296 * master device when not scanning */
1297 continue;
1298 break;
1299 case IEEE80211_IF_TYPE_WDS:
1300 if (bssid ||
1301 (rx.fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA)
1302 continue;
1303 if (compare_ether_addr(sdata->u.wds.remote_addr,
1304 hdr->addr2) != 0)
1305 continue;
1306 break;
1307 }
1308
1309 if (prev) {
1310 skb_new = skb_copy(skb, GFP_ATOMIC);
1311 if (!skb_new) {
1312 if (net_ratelimit())
1313 printk(KERN_DEBUG "%s: failed to copy "
1314 "multicast frame for %s",
1315 local->mdev->name, prev->dev->name);
1316 continue;
1317 }
1318 rx.skb = skb_new;
1319 rx.dev = prev->dev;
1320 rx.sdata = prev;
1321 ieee80211_invoke_rx_handlers(local,
1322 local->rx_handlers,
1323 &rx, sta);
1324 }
1325 prev = sdata;
1326 }
1327 if (prev) {
1328 rx.skb = skb;
1329 rx.dev = prev->dev;
1330 rx.sdata = prev;
1331 ieee80211_invoke_rx_handlers(local, local->rx_handlers,
1332 &rx, sta);
1333 } else
1334 dev_kfree_skb(skb);
1335 read_unlock(&local->sub_if_lock);
1336 }
1337
1338 end:
1339 if (sta)
1340 sta_info_put(sta);
1341}
1342EXPORT_SYMBOL(__ieee80211_rx);
1343
1344/* This is a version of the rx handler that can be called from hard irq
1345 * context. Post the skb on the queue and schedule the tasklet */
1346void ieee80211_rx_irqsafe(struct ieee80211_hw *hw, struct sk_buff *skb,
1347 struct ieee80211_rx_status *status)
1348{
1349 struct ieee80211_local *local = hw_to_local(hw);
1350
1351 BUILD_BUG_ON(sizeof(struct ieee80211_rx_status) > sizeof(skb->cb));
1352
1353 skb->dev = local->mdev;
1354 /* copy status into skb->cb for use by tasklet */
1355 memcpy(skb->cb, status, sizeof(*status));
1356 skb->pkt_type = IEEE80211_RX_MSG;
1357 skb_queue_tail(&local->skb_queue, skb);
1358 tasklet_schedule(&local->tasklet);
1359}
1360EXPORT_SYMBOL(ieee80211_rx_irqsafe);
generated by cgit v1.2.2 (git 2.25.0) at 2024-12-03 22:49:29 -0500