[PATCH] cfg80211: Radiotap parser

Generic code to walk through the fields in a radiotap header, accounting for nasties like extended "field present" bitfields and alignment rules Signed-off-by: Andy Green <andy@warmcat.com> Signed-off-by: Jiri Benc <jbenc@suse.cz> Signed-off-by: John W. Linville <linville@tuxdriver.com>
author: Andy Green <andy@warmcat.com> 2007-07-10 13:29:38 -0400
committer: John W. Linville <linville@tuxdriver.com> 2007-07-12 16:07:24 -0400
commit: 179f831bc33104d14deb54a52b7a8b43433f8ccc (patch)
tree: 8834c628a493fbd4aff1e09dc77b334154c6a050 /net/wireless
parent: 08d1f2155cd5b21bb3848f46d9747afb1ccd249d (diff)
2 files changed, 258 insertions, 1 deletions
diff --git a/net/wireless/Makefile b/net/wireless/Makefile
index 3a96ae60271c..092116e390b6 100644
--- a/net/wireless/Makefile
+++ b/net/wireless/Makefile
@@ -1,4 +1,4 @@
 obj-$(CONFIG_WIRELESS_EXT) += wext.o
 obj-$(CONFIG_CFG80211) += cfg80211.o
-cfg80211-y += core.o sysfs.o
+cfg80211-y += core.o sysfs.o radiotap.o
diff --git a/net/wireless/radiotap.c b/net/wireless/radiotap.c
new file mode 100644
index 000000000000..68c11d099917
--- /dev/null
+++ b/net/wireless/radiotap.c
@@ -0,0 +1,257 @@
+/*
+ * Radiotap parser
+ *
+ * Copyright 2007               Andy Green <andy@warmcat.com>
+ */
+#include <net/cfg80211.h>
+#include <net/ieee80211_radiotap.h>
+#include <asm/unaligned.h>
+/* function prototypes and related defs are in include/net/cfg80211.h */
+/**
+ * ieee80211_radiotap_iterator_init - radiotap parser iterator initialization
+ * @iterator: radiotap_iterator to initialize
+ * @radiotap_header: radiotap header to parse
+ * @max_length: total length we can parse into (eg, whole packet length)
+ *
+ * Returns: 0 or a negative error code if there is a problem.
+ *
+ * This function initializes an opaque iterator struct which can then
+ * be passed to ieee80211_radiotap_iterator_next() to visit every radiotap
+ * argument which is present in the header.  It knows about extended
+ * present headers and handles them.
+ *
+ * How to use:
+ * call __ieee80211_radiotap_iterator_init() to init a semi-opaque iterator
+ * struct ieee80211_radiotap_iterator (no need to init the struct beforehand)
+ * checking for a good 0 return code.  Then loop calling
+ * __ieee80211_radiotap_iterator_next()... it returns either 0,
+ * -ENOENT if there are no more args to parse, or -EINVAL if there is a problem.
+ * The iterator's @this_arg member points to the start of the argument
+ * associated with the current argument index that is present, which can be
+ * found in the iterator's @this_arg_index member.  This arg index corresponds
+ * to the IEEE80211_RADIOTAP_... defines.
+ *
+ * Radiotap header length:
+ * You can find the CPU-endian total radiotap header length in
+ * iterator->max_length after executing ieee80211_radiotap_iterator_init()
+ * successfully.
+ *
+ * Alignment Gotcha:
+ * You must take care when dereferencing iterator.this_arg
+ * for multibyte types... the pointer is not aligned.  Use
+ * get_unaligned((type *)iterator.this_arg) to dereference
+ * iterator.this_arg for type "type" safely on all arches.
+ *
+ * Example code:
+ * See Documentation/networking/radiotap-headers.txt
+ */
+int ieee80211_radiotap_iterator_init(
+    struct ieee80211_radiotap_iterator *iterator,
+    struct ieee80211_radiotap_header *radiotap_header,
+    int max_length)
+{
+        /* Linux only supports version 0 radiotap format */
+        if (radiotap_header->it_version)
+                return -EINVAL;
+        /* sanity check for allowed length and radiotap length field */
+        if (max_length < le16_to_cpu(get_unaligned(&radiotap_header->it_len)))
+                return -EINVAL;
+        iterator->rtheader = radiotap_header;
+        iterator->max_length = le16_to_cpu(get_unaligned(
+                                                &radiotap_header->it_len));
+        iterator->arg_index = 0;
+        iterator->bitmap_shifter = le32_to_cpu(get_unaligned(
+                                                &radiotap_header->it_present));
+        iterator->arg = (u8 *)radiotap_header + sizeof(*radiotap_header);
+        iterator->this_arg = NULL;
+        /* find payload start allowing for extended bitmap(s) */
+        if (unlikely(iterator->bitmap_shifter & (1<<IEEE80211_RADIOTAP_EXT))) {
+                while (le32_to_cpu(get_unaligned((__le32 *)iterator->arg)) &
+                                   (1<<IEEE80211_RADIOTAP_EXT)) {
+                        iterator->arg += sizeof(u32);
+                        /*
+                         * check for insanity where the present bitmaps
+                         * keep claiming to extend up to or even beyond the
+                         * stated radiotap header length
+                         */
+                        if (((ulong)iterator->arg -
+                             (ulong)iterator->rtheader) > iterator->max_length)
+                                return -EINVAL;
+                }
+                iterator->arg += sizeof(u32);
+                /*
+                 * no need to check again for blowing past stated radiotap
+                 * header length, because ieee80211_radiotap_iterator_next
+                 * checks it before it is dereferenced
+                 */
+        }
+        /* we are all initialized happily */
+        return 0;
+}
+EXPORT_SYMBOL(ieee80211_radiotap_iterator_init);
+/**
+ * ieee80211_radiotap_iterator_next - return next radiotap parser iterator arg
+ * @iterator: radiotap_iterator to move to next arg (if any)
+ *
+ * Returns: 0 if there is an argument to handle,
+ * -ENOENT if there are no more args or -EINVAL
+ * if there is something else wrong.
+ *
+ * This function provides the next radiotap arg index (IEEE80211_RADIOTAP_*)
+ * in @this_arg_index and sets @this_arg to point to the
+ * payload for the field.  It takes care of alignment handling and extended
+ * present fields.  @this_arg can be changed by the caller (eg,
+ * incremented to move inside a compound argument like
+ * IEEE80211_RADIOTAP_CHANNEL).  The args pointed to are in
+ * little-endian format whatever the endianess of your CPU.
+ *
+ * Alignment Gotcha:
+ * You must take care when dereferencing iterator.this_arg
+ * for multibyte types... the pointer is not aligned.  Use
+ * get_unaligned((type *)iterator.this_arg) to dereference
+ * iterator.this_arg for type "type" safely on all arches.
+ */
+int ieee80211_radiotap_iterator_next(
+    struct ieee80211_radiotap_iterator *iterator)
+{
+        /*
+         * small length lookup table for all radiotap types we heard of
+         * starting from b0 in the bitmap, so we can walk the payload
+         * area of the radiotap header
+         *
+         * There is a requirement to pad args, so that args
+         * of a given length must begin at a boundary of that length
+         * -- but note that compound args are allowed (eg, 2 x u16
+         * for IEEE80211_RADIOTAP_CHANNEL) so total arg length is not
+         * a reliable indicator of alignment requirement.
+         *
+         * upper nybble: content alignment for arg
+         * lower nybble: content length for arg
+         */
+        static const u8 rt_sizes[] = {
+                [IEEE80211_RADIOTAP_TSFT] = 0x88,
+                [IEEE80211_RADIOTAP_FLAGS] = 0x11,
+                [IEEE80211_RADIOTAP_RATE] = 0x11,
+                [IEEE80211_RADIOTAP_CHANNEL] = 0x24,
+                [IEEE80211_RADIOTAP_FHSS] = 0x22,
+                [IEEE80211_RADIOTAP_DBM_ANTSIGNAL] = 0x11,
+                [IEEE80211_RADIOTAP_DBM_ANTNOISE] = 0x11,
+                [IEEE80211_RADIOTAP_LOCK_QUALITY] = 0x22,
+                [IEEE80211_RADIOTAP_TX_ATTENUATION] = 0x22,
+                [IEEE80211_RADIOTAP_DB_TX_ATTENUATION] = 0x22,
+                [IEEE80211_RADIOTAP_DBM_TX_POWER] = 0x11,
+                [IEEE80211_RADIOTAP_ANTENNA] = 0x11,
+                [IEEE80211_RADIOTAP_DB_ANTSIGNAL] = 0x11,
+                [IEEE80211_RADIOTAP_DB_ANTNOISE] = 0x11
+                /*
+                 * add more here as they are defined in
+                 * include/net/ieee80211_radiotap.h
+                 */
+        };
+        /*
+         * for every radiotap entry we can at
+         * least skip (by knowing the length)...
+         */
+        while (iterator->arg_index < sizeof(rt_sizes)) {
+                int hit = 0;
+                int pad;
+                if (!(iterator->bitmap_shifter & 1))
+                        goto next_entry; /* arg not present */
+                /*
+                 * arg is present, account for alignment padding
+                 *  8-bit args can be at any alignment
+                 * 16-bit args must start on 16-bit boundary
+                 * 32-bit args must start on 32-bit boundary
+                 * 64-bit args must start on 64-bit boundary
+                 *
+                 * note that total arg size can differ from alignment of
+                 * elements inside arg, so we use upper nybble of length
+                 * table to base alignment on
+                 *
+                 * also note: these alignments are ** relative to the
+                 * start of the radiotap header **.  There is no guarantee
+                 * that the radiotap header itself is aligned on any
+                 * kind of boundary.
+                 *
+                 * the above is why get_unaligned() is used to dereference
+                 * multibyte elements from the radiotap area
+                 */
+                pad = (((ulong)iterator->arg) -
+                        ((ulong)iterator->rtheader)) &
+                        ((rt_sizes[iterator->arg_index] >> 4) - 1);
+                if (pad)
+                        iterator->arg +=
+                                (rt_sizes[iterator->arg_index] >> 4) - pad;
+                /*
+                 * this is what we will return to user, but we need to
+                 * move on first so next call has something fresh to test
+                 */
+                iterator->this_arg_index = iterator->arg_index;
+                iterator->this_arg = iterator->arg;
+                hit = 1;
+                /* internally move on the size of this arg */
+                iterator->arg += rt_sizes[iterator->arg_index] & 0x0f;
+                /*
+                 * check for insanity where we are given a bitmap that
+                 * claims to have more arg content than the length of the
+                 * radiotap section.  We will normally end up equalling this
+                 * max_length on the last arg, never exceeding it.
+                 */
+                if (((ulong)iterator->arg - (ulong)iterator->rtheader) >
+                    iterator->max_length)
+                        return -EINVAL;
+        next_entry:
+                iterator->arg_index++;
+                if (unlikely((iterator->arg_index & 31) == 0)) {
+                        /* completed current u32 bitmap */
+                        if (iterator->bitmap_shifter & 1) {
+                                /* b31 was set, there is more */
+                                /* move to next u32 bitmap */
+                                iterator->bitmap_shifter = le32_to_cpu(
+                                        get_unaligned(iterator->next_bitmap));
+                                iterator->next_bitmap++;
+                        } else
+                                /* no more bitmaps: end */
+                                iterator->arg_index = sizeof(rt_sizes);
+                } else /* just try the next bit */
+                        iterator->bitmap_shifter >>= 1;
+                /* if we found a valid arg earlier, return it now */
+                if (hit)
+                        return 0;
+        }
+        /* we don't know how to handle any more args, we're done */
+        return -ENOENT;
+}
+EXPORT_SYMBOL(ieee80211_radiotap_iterator_next);
author	Andy Green <andy@warmcat.com>	2007-07-10 13:29:38 -0400
committer	John W. Linville <linville@tuxdriver.com>	2007-07-12 16:07:24 -0400
commit	179f831bc33104d14deb54a52b7a8b43433f8ccc (patch)
tree	8834c628a493fbd4aff1e09dc77b334154c6a050 /net/wireless
parent	08d1f2155cd5b21bb3848f46d9747afb1ccd249d (diff)

diff --git a/net/wireless/Makefile b/net/wireless/Makefile index 3a96ae60271c..092116e390b6 100644 --- a/net/wireless/Makefile +++ b/net/wireless/Makefile
@@ -1,4 +1,4 @@
1	obj-$(CONFIG_WIRELESS_EXT) += wext.o	1	obj-$(CONFIG_WIRELESS_EXT) += wext.o
2	obj-$(CONFIG_CFG80211) += cfg80211.o	2	obj-$(CONFIG_CFG80211) += cfg80211.o
3		3
4	cfg80211-y += core.o sysfs.o	4	cfg80211-y += core.o sysfs.o radiotap.o


diff --git a/net/wireless/radiotap.c b/net/wireless/radiotap.c new file mode 100644 index 000000000000..68c11d099917 --- /dev/null +++ b/net/wireless/radiotap.c
@@ -0,0 +1,257 @@
		1	/*
		2	* Radiotap parser
		3	*
		4	* Copyright 2007 Andy Green <andy@warmcat.com>
		5	*/
		6
		7	#include <net/cfg80211.h>
		8	#include <net/ieee80211_radiotap.h>
		9	#include <asm/unaligned.h>
		10
		11	/* function prototypes and related defs are in include/net/cfg80211.h */
		12
		13	/**
		14	* ieee80211_radiotap_iterator_init - radiotap parser iterator initialization
		15	* @iterator: radiotap_iterator to initialize
		16	* @radiotap_header: radiotap header to parse
		17	* @max_length: total length we can parse into (eg, whole packet length)
		18	*
		19	* Returns: 0 or a negative error code if there is a problem.
		20	*
		21	* This function initializes an opaque iterator struct which can then
		22	* be passed to ieee80211_radiotap_iterator_next() to visit every radiotap
		23	* argument which is present in the header. It knows about extended
		24	* present headers and handles them.
		25	*
		26	* How to use:
		27	* call __ieee80211_radiotap_iterator_init() to init a semi-opaque iterator
		28	* struct ieee80211_radiotap_iterator (no need to init the struct beforehand)
		29	* checking for a good 0 return code. Then loop calling
		30	* __ieee80211_radiotap_iterator_next()... it returns either 0,
		31	* -ENOENT if there are no more args to parse, or -EINVAL if there is a problem.
		32	* The iterator's @this_arg member points to the start of the argument
		33	* associated with the current argument index that is present, which can be
		34	* found in the iterator's @this_arg_index member. This arg index corresponds
		35	* to the IEEE80211_RADIOTAP_... defines.
		36	*
		37	* Radiotap header length:
		38	* You can find the CPU-endian total radiotap header length in
		39	* iterator->max_length after executing ieee80211_radiotap_iterator_init()
		40	* successfully.
		41	*
		42	* Alignment Gotcha:
		43	* You must take care when dereferencing iterator.this_arg
		44	* for multibyte types... the pointer is not aligned. Use
		45	* get_unaligned((type *)iterator.this_arg) to dereference
		46	* iterator.this_arg for type "type" safely on all arches.
		47	*
		48	* Example code:
		49	* See Documentation/networking/radiotap-headers.txt
		50	*/
		51
		52	int ieee80211_radiotap_iterator_init(
		53	struct ieee80211_radiotap_iterator *iterator,
		54	struct ieee80211_radiotap_header *radiotap_header,
		55	int max_length)
		56	{
		57	/* Linux only supports version 0 radiotap format */
		58	if (radiotap_header->it_version)
		59	return -EINVAL;
		60
		61	/* sanity check for allowed length and radiotap length field */
		62	if (max_length < le16_to_cpu(get_unaligned(&radiotap_header->it_len)))
		63	return -EINVAL;
		64
		65	iterator->rtheader = radiotap_header;
		66	iterator->max_length = le16_to_cpu(get_unaligned(
		67	&radiotap_header->it_len));
		68	iterator->arg_index = 0;
		69	iterator->bitmap_shifter = le32_to_cpu(get_unaligned(
		70	&radiotap_header->it_present));
		71	iterator->arg = (u8 )radiotap_header + sizeof(radiotap_header);
		72	iterator->this_arg = NULL;
		73
		74	/* find payload start allowing for extended bitmap(s) */
		75
		76	if (unlikely(iterator->bitmap_shifter & (1<<IEEE80211_RADIOTAP_EXT))) {
		77	while (le32_to_cpu(get_unaligned((__le32 *)iterator->arg)) &
		78	(1<<IEEE80211_RADIOTAP_EXT)) {
		79	iterator->arg += sizeof(u32);
		80
		81	/*
		82	* check for insanity where the present bitmaps
		83	* keep claiming to extend up to or even beyond the
		84	* stated radiotap header length
		85	*/
		86
		87	if (((ulong)iterator->arg -
		88	(ulong)iterator->rtheader) > iterator->max_length)
		89	return -EINVAL;
		90	}
		91
		92	iterator->arg += sizeof(u32);
		93
		94	/*
		95	* no need to check again for blowing past stated radiotap
		96	* header length, because ieee80211_radiotap_iterator_next
		97	* checks it before it is dereferenced
		98	*/
		99	}
		100
		101	/* we are all initialized happily */
		102
		103	return 0;
		104	}
		105	EXPORT_SYMBOL(ieee80211_radiotap_iterator_init);
		106
		107
		108	/**
		109	* ieee80211_radiotap_iterator_next - return next radiotap parser iterator arg
		110	* @iterator: radiotap_iterator to move to next arg (if any)
		111	*
		112	* Returns: 0 if there is an argument to handle,
		113	* -ENOENT if there are no more args or -EINVAL
		114	* if there is something else wrong.
		115	*
		116	* This function provides the next radiotap arg index (IEEE80211_RADIOTAP_*)
		117	* in @this_arg_index and sets @this_arg to point to the
		118	* payload for the field. It takes care of alignment handling and extended
		119	* present fields. @this_arg can be changed by the caller (eg,
		120	* incremented to move inside a compound argument like
		121	* IEEE80211_RADIOTAP_CHANNEL). The args pointed to are in
		122	* little-endian format whatever the endianess of your CPU.
		123	*
		124	* Alignment Gotcha:
		125	* You must take care when dereferencing iterator.this_arg
		126	* for multibyte types... the pointer is not aligned. Use
		127	* get_unaligned((type *)iterator.this_arg) to dereference
		128	* iterator.this_arg for type "type" safely on all arches.
		129	*/
		130
		131	int ieee80211_radiotap_iterator_next(
		132	struct ieee80211_radiotap_iterator *iterator)
		133	{
		134
		135	/*
		136	* small length lookup table for all radiotap types we heard of
		137	* starting from b0 in the bitmap, so we can walk the payload
		138	* area of the radiotap header
		139	*
		140	* There is a requirement to pad args, so that args
		141	* of a given length must begin at a boundary of that length
		142	* -- but note that compound args are allowed (eg, 2 x u16
		143	* for IEEE80211_RADIOTAP_CHANNEL) so total arg length is not
		144	* a reliable indicator of alignment requirement.
		145	*
		146	* upper nybble: content alignment for arg
		147	* lower nybble: content length for arg
		148	*/
		149
		150	static const u8 rt_sizes[] = {
		151	[IEEE80211_RADIOTAP_TSFT] = 0x88,
		152	[IEEE80211_RADIOTAP_FLAGS] = 0x11,
		153	[IEEE80211_RADIOTAP_RATE] = 0x11,
		154	[IEEE80211_RADIOTAP_CHANNEL] = 0x24,
		155	[IEEE80211_RADIOTAP_FHSS] = 0x22,
		156	[IEEE80211_RADIOTAP_DBM_ANTSIGNAL] = 0x11,
		157	[IEEE80211_RADIOTAP_DBM_ANTNOISE] = 0x11,
		158	[IEEE80211_RADIOTAP_LOCK_QUALITY] = 0x22,
		159	[IEEE80211_RADIOTAP_TX_ATTENUATION] = 0x22,
		160	[IEEE80211_RADIOTAP_DB_TX_ATTENUATION] = 0x22,
		161	[IEEE80211_RADIOTAP_DBM_TX_POWER] = 0x11,
		162	[IEEE80211_RADIOTAP_ANTENNA] = 0x11,
		163	[IEEE80211_RADIOTAP_DB_ANTSIGNAL] = 0x11,
		164	[IEEE80211_RADIOTAP_DB_ANTNOISE] = 0x11
		165	/*
		166	* add more here as they are defined in
		167	* include/net/ieee80211_radiotap.h
		168	*/
		169	};
		170
		171	/*
		172	* for every radiotap entry we can at
		173	* least skip (by knowing the length)...
		174	*/
		175
		176	while (iterator->arg_index < sizeof(rt_sizes)) {
		177	int hit = 0;
		178	int pad;
		179
		180	if (!(iterator->bitmap_shifter & 1))
		181	goto next_entry; /* arg not present */
		182
		183	/*
		184	* arg is present, account for alignment padding
		185	* 8-bit args can be at any alignment
		186	* 16-bit args must start on 16-bit boundary
		187	* 32-bit args must start on 32-bit boundary
		188	* 64-bit args must start on 64-bit boundary
		189	*
		190	* note that total arg size can differ from alignment of
		191	* elements inside arg, so we use upper nybble of length
		192	* table to base alignment on
		193	*
		194	* also note: these alignments are ** relative to the
		195	* start of the radiotap header **. There is no guarantee
		196	* that the radiotap header itself is aligned on any
		197	* kind of boundary.
		198	*
		199	* the above is why get_unaligned() is used to dereference
		200	* multibyte elements from the radiotap area
		201	*/
		202
		203	pad = (((ulong)iterator->arg) -
		204	((ulong)iterator->rtheader)) &
		205	((rt_sizes[iterator->arg_index] >> 4) - 1);
		206
		207	if (pad)
		208	iterator->arg +=
		209	(rt_sizes[iterator->arg_index] >> 4) - pad;
		210
		211	/*
		212	* this is what we will return to user, but we need to
		213	* move on first so next call has something fresh to test
		214	*/
		215	iterator->this_arg_index = iterator->arg_index;
		216	iterator->this_arg = iterator->arg;
		217	hit = 1;
		218
		219	/* internally move on the size of this arg */
		220	iterator->arg += rt_sizes[iterator->arg_index] & 0x0f;
		221
		222	/*
		223	* check for insanity where we are given a bitmap that
		224	* claims to have more arg content than the length of the
		225	* radiotap section. We will normally end up equalling this
		226	* max_length on the last arg, never exceeding it.
		227	*/
		228
		229	if (((ulong)iterator->arg - (ulong)iterator->rtheader) >
		230	iterator->max_length)
		231	return -EINVAL;
		232
		233	next_entry:
		234	iterator->arg_index++;
		235	if (unlikely((iterator->arg_index & 31) == 0)) {
		236	/* completed current u32 bitmap */
		237	if (iterator->bitmap_shifter & 1) {
		238	/* b31 was set, there is more */
		239	/* move to next u32 bitmap */
		240	iterator->bitmap_shifter = le32_to_cpu(
		241	get_unaligned(iterator->next_bitmap));
		242	iterator->next_bitmap++;
		243	} else
		244	/* no more bitmaps: end */
		245	iterator->arg_index = sizeof(rt_sizes);
		246	} else /* just try the next bit */
		247	iterator->bitmap_shifter >>= 1;
		248
		249	/* if we found a valid arg earlier, return it now */
		250	if (hit)
		251	return 0;
		252	}
		253
		254	/* we don't know how to handle any more args, we're done */
		255	return -ENOENT;
		256	}
		257	EXPORT_SYMBOL(ieee80211_radiotap_iterator_next);