diff options
author | Andy Green <andy@warmcat.com> | 2007-07-10 13:29:38 -0400 |
---|---|---|
committer | John W. Linville <linville@tuxdriver.com> | 2007-07-12 16:07:24 -0400 |
commit | 179f831bc33104d14deb54a52b7a8b43433f8ccc (patch) | |
tree | 8834c628a493fbd4aff1e09dc77b334154c6a050 /net | |
parent | 08d1f2155cd5b21bb3848f46d9747afb1ccd249d (diff) |
[PATCH] cfg80211: Radiotap parser
Generic code to walk through the fields in a radiotap header, accounting
for nasties like extended "field present" bitfields and alignment rules
Signed-off-by: Andy Green <andy@warmcat.com>
Signed-off-by: Jiri Benc <jbenc@suse.cz>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'net')
-rw-r--r-- | net/wireless/Makefile | 2 | ||||
-rw-r--r-- | net/wireless/radiotap.c | 257 |
2 files changed, 258 insertions, 1 deletions
diff --git a/net/wireless/Makefile b/net/wireless/Makefile index 3a96ae60271c..092116e390b6 100644 --- a/net/wireless/Makefile +++ b/net/wireless/Makefile | |||
@@ -1,4 +1,4 @@ | |||
1 | obj-$(CONFIG_WIRELESS_EXT) += wext.o | 1 | obj-$(CONFIG_WIRELESS_EXT) += wext.o |
2 | obj-$(CONFIG_CFG80211) += cfg80211.o | 2 | obj-$(CONFIG_CFG80211) += cfg80211.o |
3 | 3 | ||
4 | cfg80211-y += core.o sysfs.o | 4 | cfg80211-y += core.o sysfs.o radiotap.o |
diff --git a/net/wireless/radiotap.c b/net/wireless/radiotap.c new file mode 100644 index 000000000000..68c11d099917 --- /dev/null +++ b/net/wireless/radiotap.c | |||
@@ -0,0 +1,257 @@ | |||
1 | /* | ||
2 | * Radiotap parser | ||
3 | * | ||
4 | * Copyright 2007 Andy Green <andy@warmcat.com> | ||
5 | */ | ||
6 | |||
7 | #include <net/cfg80211.h> | ||
8 | #include <net/ieee80211_radiotap.h> | ||
9 | #include <asm/unaligned.h> | ||
10 | |||
11 | /* function prototypes and related defs are in include/net/cfg80211.h */ | ||
12 | |||
13 | /** | ||
14 | * ieee80211_radiotap_iterator_init - radiotap parser iterator initialization | ||
15 | * @iterator: radiotap_iterator to initialize | ||
16 | * @radiotap_header: radiotap header to parse | ||
17 | * @max_length: total length we can parse into (eg, whole packet length) | ||
18 | * | ||
19 | * Returns: 0 or a negative error code if there is a problem. | ||
20 | * | ||
21 | * This function initializes an opaque iterator struct which can then | ||
22 | * be passed to ieee80211_radiotap_iterator_next() to visit every radiotap | ||
23 | * argument which is present in the header. It knows about extended | ||
24 | * present headers and handles them. | ||
25 | * | ||
26 | * How to use: | ||
27 | * call __ieee80211_radiotap_iterator_init() to init a semi-opaque iterator | ||
28 | * struct ieee80211_radiotap_iterator (no need to init the struct beforehand) | ||
29 | * checking for a good 0 return code. Then loop calling | ||
30 | * __ieee80211_radiotap_iterator_next()... it returns either 0, | ||
31 | * -ENOENT if there are no more args to parse, or -EINVAL if there is a problem. | ||
32 | * The iterator's @this_arg member points to the start of the argument | ||
33 | * associated with the current argument index that is present, which can be | ||
34 | * found in the iterator's @this_arg_index member. This arg index corresponds | ||
35 | * to the IEEE80211_RADIOTAP_... defines. | ||
36 | * | ||
37 | * Radiotap header length: | ||
38 | * You can find the CPU-endian total radiotap header length in | ||
39 | * iterator->max_length after executing ieee80211_radiotap_iterator_init() | ||
40 | * successfully. | ||
41 | * | ||
42 | * Alignment Gotcha: | ||
43 | * You must take care when dereferencing iterator.this_arg | ||
44 | * for multibyte types... the pointer is not aligned. Use | ||
45 | * get_unaligned((type *)iterator.this_arg) to dereference | ||
46 | * iterator.this_arg for type "type" safely on all arches. | ||
47 | * | ||
48 | * Example code: | ||
49 | * See Documentation/networking/radiotap-headers.txt | ||
50 | */ | ||
51 | |||
52 | int ieee80211_radiotap_iterator_init( | ||
53 | struct ieee80211_radiotap_iterator *iterator, | ||
54 | struct ieee80211_radiotap_header *radiotap_header, | ||
55 | int max_length) | ||
56 | { | ||
57 | /* Linux only supports version 0 radiotap format */ | ||
58 | if (radiotap_header->it_version) | ||
59 | return -EINVAL; | ||
60 | |||
61 | /* sanity check for allowed length and radiotap length field */ | ||
62 | if (max_length < le16_to_cpu(get_unaligned(&radiotap_header->it_len))) | ||
63 | return -EINVAL; | ||
64 | |||
65 | iterator->rtheader = radiotap_header; | ||
66 | iterator->max_length = le16_to_cpu(get_unaligned( | ||
67 | &radiotap_header->it_len)); | ||
68 | iterator->arg_index = 0; | ||
69 | iterator->bitmap_shifter = le32_to_cpu(get_unaligned( | ||
70 | &radiotap_header->it_present)); | ||
71 | iterator->arg = (u8 *)radiotap_header + sizeof(*radiotap_header); | ||
72 | iterator->this_arg = NULL; | ||
73 | |||
74 | /* find payload start allowing for extended bitmap(s) */ | ||
75 | |||
76 | if (unlikely(iterator->bitmap_shifter & (1<<IEEE80211_RADIOTAP_EXT))) { | ||
77 | while (le32_to_cpu(get_unaligned((__le32 *)iterator->arg)) & | ||
78 | (1<<IEEE80211_RADIOTAP_EXT)) { | ||
79 | iterator->arg += sizeof(u32); | ||
80 | |||
81 | /* | ||
82 | * check for insanity where the present bitmaps | ||
83 | * keep claiming to extend up to or even beyond the | ||
84 | * stated radiotap header length | ||
85 | */ | ||
86 | |||
87 | if (((ulong)iterator->arg - | ||
88 | (ulong)iterator->rtheader) > iterator->max_length) | ||
89 | return -EINVAL; | ||
90 | } | ||
91 | |||
92 | iterator->arg += sizeof(u32); | ||
93 | |||
94 | /* | ||
95 | * no need to check again for blowing past stated radiotap | ||
96 | * header length, because ieee80211_radiotap_iterator_next | ||
97 | * checks it before it is dereferenced | ||
98 | */ | ||
99 | } | ||
100 | |||
101 | /* we are all initialized happily */ | ||
102 | |||
103 | return 0; | ||
104 | } | ||
105 | EXPORT_SYMBOL(ieee80211_radiotap_iterator_init); | ||
106 | |||
107 | |||
108 | /** | ||
109 | * ieee80211_radiotap_iterator_next - return next radiotap parser iterator arg | ||
110 | * @iterator: radiotap_iterator to move to next arg (if any) | ||
111 | * | ||
112 | * Returns: 0 if there is an argument to handle, | ||
113 | * -ENOENT if there are no more args or -EINVAL | ||
114 | * if there is something else wrong. | ||
115 | * | ||
116 | * This function provides the next radiotap arg index (IEEE80211_RADIOTAP_*) | ||
117 | * in @this_arg_index and sets @this_arg to point to the | ||
118 | * payload for the field. It takes care of alignment handling and extended | ||
119 | * present fields. @this_arg can be changed by the caller (eg, | ||
120 | * incremented to move inside a compound argument like | ||
121 | * IEEE80211_RADIOTAP_CHANNEL). The args pointed to are in | ||
122 | * little-endian format whatever the endianess of your CPU. | ||
123 | * | ||
124 | * Alignment Gotcha: | ||
125 | * You must take care when dereferencing iterator.this_arg | ||
126 | * for multibyte types... the pointer is not aligned. Use | ||
127 | * get_unaligned((type *)iterator.this_arg) to dereference | ||
128 | * iterator.this_arg for type "type" safely on all arches. | ||
129 | */ | ||
130 | |||
131 | int ieee80211_radiotap_iterator_next( | ||
132 | struct ieee80211_radiotap_iterator *iterator) | ||
133 | { | ||
134 | |||
135 | /* | ||
136 | * small length lookup table for all radiotap types we heard of | ||
137 | * starting from b0 in the bitmap, so we can walk the payload | ||
138 | * area of the radiotap header | ||
139 | * | ||
140 | * There is a requirement to pad args, so that args | ||
141 | * of a given length must begin at a boundary of that length | ||
142 | * -- but note that compound args are allowed (eg, 2 x u16 | ||
143 | * for IEEE80211_RADIOTAP_CHANNEL) so total arg length is not | ||
144 | * a reliable indicator of alignment requirement. | ||
145 | * | ||
146 | * upper nybble: content alignment for arg | ||
147 | * lower nybble: content length for arg | ||
148 | */ | ||
149 | |||
150 | static const u8 rt_sizes[] = { | ||
151 | [IEEE80211_RADIOTAP_TSFT] = 0x88, | ||
152 | [IEEE80211_RADIOTAP_FLAGS] = 0x11, | ||
153 | [IEEE80211_RADIOTAP_RATE] = 0x11, | ||
154 | [IEEE80211_RADIOTAP_CHANNEL] = 0x24, | ||
155 | [IEEE80211_RADIOTAP_FHSS] = 0x22, | ||
156 | [IEEE80211_RADIOTAP_DBM_ANTSIGNAL] = 0x11, | ||
157 | [IEEE80211_RADIOTAP_DBM_ANTNOISE] = 0x11, | ||
158 | [IEEE80211_RADIOTAP_LOCK_QUALITY] = 0x22, | ||
159 | [IEEE80211_RADIOTAP_TX_ATTENUATION] = 0x22, | ||
160 | [IEEE80211_RADIOTAP_DB_TX_ATTENUATION] = 0x22, | ||
161 | [IEEE80211_RADIOTAP_DBM_TX_POWER] = 0x11, | ||
162 | [IEEE80211_RADIOTAP_ANTENNA] = 0x11, | ||
163 | [IEEE80211_RADIOTAP_DB_ANTSIGNAL] = 0x11, | ||
164 | [IEEE80211_RADIOTAP_DB_ANTNOISE] = 0x11 | ||
165 | /* | ||
166 | * add more here as they are defined in | ||
167 | * include/net/ieee80211_radiotap.h | ||
168 | */ | ||
169 | }; | ||
170 | |||
171 | /* | ||
172 | * for every radiotap entry we can at | ||
173 | * least skip (by knowing the length)... | ||
174 | */ | ||
175 | |||
176 | while (iterator->arg_index < sizeof(rt_sizes)) { | ||
177 | int hit = 0; | ||
178 | int pad; | ||
179 | |||
180 | if (!(iterator->bitmap_shifter & 1)) | ||
181 | goto next_entry; /* arg not present */ | ||
182 | |||
183 | /* | ||
184 | * arg is present, account for alignment padding | ||
185 | * 8-bit args can be at any alignment | ||
186 | * 16-bit args must start on 16-bit boundary | ||
187 | * 32-bit args must start on 32-bit boundary | ||
188 | * 64-bit args must start on 64-bit boundary | ||
189 | * | ||
190 | * note that total arg size can differ from alignment of | ||
191 | * elements inside arg, so we use upper nybble of length | ||
192 | * table to base alignment on | ||
193 | * | ||
194 | * also note: these alignments are ** relative to the | ||
195 | * start of the radiotap header **. There is no guarantee | ||
196 | * that the radiotap header itself is aligned on any | ||
197 | * kind of boundary. | ||
198 | * | ||
199 | * the above is why get_unaligned() is used to dereference | ||
200 | * multibyte elements from the radiotap area | ||
201 | */ | ||
202 | |||
203 | pad = (((ulong)iterator->arg) - | ||
204 | ((ulong)iterator->rtheader)) & | ||
205 | ((rt_sizes[iterator->arg_index] >> 4) - 1); | ||
206 | |||
207 | if (pad) | ||
208 | iterator->arg += | ||
209 | (rt_sizes[iterator->arg_index] >> 4) - pad; | ||
210 | |||
211 | /* | ||
212 | * this is what we will return to user, but we need to | ||
213 | * move on first so next call has something fresh to test | ||
214 | */ | ||
215 | iterator->this_arg_index = iterator->arg_index; | ||
216 | iterator->this_arg = iterator->arg; | ||
217 | hit = 1; | ||
218 | |||
219 | /* internally move on the size of this arg */ | ||
220 | iterator->arg += rt_sizes[iterator->arg_index] & 0x0f; | ||
221 | |||
222 | /* | ||
223 | * check for insanity where we are given a bitmap that | ||
224 | * claims to have more arg content than the length of the | ||
225 | * radiotap section. We will normally end up equalling this | ||
226 | * max_length on the last arg, never exceeding it. | ||
227 | */ | ||
228 | |||
229 | if (((ulong)iterator->arg - (ulong)iterator->rtheader) > | ||
230 | iterator->max_length) | ||
231 | return -EINVAL; | ||
232 | |||
233 | next_entry: | ||
234 | iterator->arg_index++; | ||
235 | if (unlikely((iterator->arg_index & 31) == 0)) { | ||
236 | /* completed current u32 bitmap */ | ||
237 | if (iterator->bitmap_shifter & 1) { | ||
238 | /* b31 was set, there is more */ | ||
239 | /* move to next u32 bitmap */ | ||
240 | iterator->bitmap_shifter = le32_to_cpu( | ||
241 | get_unaligned(iterator->next_bitmap)); | ||
242 | iterator->next_bitmap++; | ||
243 | } else | ||
244 | /* no more bitmaps: end */ | ||
245 | iterator->arg_index = sizeof(rt_sizes); | ||
246 | } else /* just try the next bit */ | ||
247 | iterator->bitmap_shifter >>= 1; | ||
248 | |||
249 | /* if we found a valid arg earlier, return it now */ | ||
250 | if (hit) | ||
251 | return 0; | ||
252 | } | ||
253 | |||
254 | /* we don't know how to handle any more args, we're done */ | ||
255 | return -ENOENT; | ||
256 | } | ||
257 | EXPORT_SYMBOL(ieee80211_radiotap_iterator_next); | ||