aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/net/ieee80211_radiotap.h9
-rw-r--r--net/mac80211/Makefile1
-rw-r--r--net/mac80211/ieee80211.c1373
-rw-r--r--net/mac80211/ieee80211_i.h22
-rw-r--r--net/mac80211/rx.c1360
5 files changed, 1400 insertions, 1365 deletions
diff --git a/include/net/ieee80211_radiotap.h b/include/net/ieee80211_radiotap.h
index a0c2b41a24d7..22e047758ba1 100644
--- a/include/net/ieee80211_radiotap.h
+++ b/include/net/ieee80211_radiotap.h
@@ -255,4 +255,13 @@ enum ieee80211_radiotap_type {
255 (((x) == 14) ? 2484 : ((x) * 5) + 2407) : \ 255 (((x) == 14) ? 2484 : ((x) * 5) + 2407) : \
256 ((x) + 1000) * 5) 256 ((x) + 1000) * 5)
257 257
258/* helpers */
259static inline int ieee80211_get_radiotap_len(unsigned char *data)
260{
261 struct ieee80211_radiotap_header *hdr =
262 (struct ieee80211_radiotap_header *)data;
263
264 return le16_to_cpu(hdr->it_len);
265}
266
258#endif /* IEEE80211_RADIOTAP_H */ 267#endif /* IEEE80211_RADIOTAP_H */
diff --git a/net/mac80211/Makefile b/net/mac80211/Makefile
index a9c2d0787d4a..b5853991324b 100644
--- a/net/mac80211/Makefile
+++ b/net/mac80211/Makefile
@@ -18,4 +18,5 @@ mac80211-objs := \
18 aes_ccm.o \ 18 aes_ccm.o \
19 wme.o \ 19 wme.o \
20 ieee80211_cfg.o \ 20 ieee80211_cfg.o \
21 rx.o \
21 $(mac80211-objs-y) 22 $(mac80211-objs-y)
diff --git a/net/mac80211/ieee80211.c b/net/mac80211/ieee80211.c
index ff2172ffd861..c0094209bed9 100644
--- a/net/mac80211/ieee80211.c
+++ b/net/mac80211/ieee80211.c
@@ -45,11 +45,11 @@ void *mac80211_wiphy_privid = &mac80211_wiphy_privid;
45 45
46/* See IEEE 802.1H for LLC/SNAP encapsulation/decapsulation */ 46/* See IEEE 802.1H for LLC/SNAP encapsulation/decapsulation */
47/* Ethernet-II snap header (RFC1042 for most EtherTypes) */ 47/* Ethernet-II snap header (RFC1042 for most EtherTypes) */
48static const unsigned char rfc1042_header[] = 48const unsigned char rfc1042_header[] =
49 { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 }; 49 { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 };
50 50
51/* Bridge-Tunnel header (for EtherTypes ETH_P_AARP and ETH_P_IPX) */ 51/* Bridge-Tunnel header (for EtherTypes ETH_P_AARP and ETH_P_IPX) */
52static const unsigned char bridge_tunnel_header[] = 52const unsigned char bridge_tunnel_header[] =
53 { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0xf8 }; 53 { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0xf8 };
54 54
55/* No encapsulation header if EtherType < 0x600 (=length) */ 55/* No encapsulation header if EtherType < 0x600 (=length) */
@@ -222,9 +222,9 @@ void ieee80211_prepare_rates(struct ieee80211_local *local,
222} 222}
223 223
224 224
225static void ieee80211_key_threshold_notify(struct net_device *dev, 225void ieee80211_key_threshold_notify(struct net_device *dev,
226 struct ieee80211_key *key, 226 struct ieee80211_key *key,
227 struct sta_info *sta) 227 struct sta_info *sta)
228{ 228{
229 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 229 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
230 struct sk_buff *skb; 230 struct sk_buff *skb;
@@ -258,7 +258,7 @@ static void ieee80211_key_threshold_notify(struct net_device *dev,
258} 258}
259 259
260 260
261static u8 * ieee80211_get_bssid(struct ieee80211_hdr *hdr, size_t len) 261u8 *ieee80211_get_bssid(struct ieee80211_hdr *hdr, size_t len)
262{ 262{
263 u16 fc; 263 u16 fc;
264 264
@@ -345,13 +345,6 @@ int ieee80211_get_hdrlen_from_skb(const struct sk_buff *skb)
345} 345}
346EXPORT_SYMBOL(ieee80211_get_hdrlen_from_skb); 346EXPORT_SYMBOL(ieee80211_get_hdrlen_from_skb);
347 347
348static int ieee80211_get_radiotap_len(struct sk_buff *skb)
349{
350 struct ieee80211_radiotap_header *hdr =
351 (struct ieee80211_radiotap_header *) skb->data;
352
353 return le16_to_cpu(hdr->it_len);
354}
355 348
356#ifdef CONFIG_MAC80211_LOWTX_FRAME_DUMP 349#ifdef CONFIG_MAC80211_LOWTX_FRAME_DUMP
357static void ieee80211_dump_frame(const char *ifname, const char *title, 350static void ieee80211_dump_frame(const char *ifname, const char *title,
@@ -392,7 +385,7 @@ static inline void ieee80211_dump_frame(const char *ifname, const char *title,
392#endif /* CONFIG_MAC80211_LOWTX_FRAME_DUMP */ 385#endif /* CONFIG_MAC80211_LOWTX_FRAME_DUMP */
393 386
394 387
395static int ieee80211_is_eapol(const struct sk_buff *skb) 388int ieee80211_is_eapol(const struct sk_buff *skb)
396{ 389{
397 const struct ieee80211_hdr *hdr; 390 const struct ieee80211_hdr *hdr;
398 u16 fc; 391 u16 fc;
@@ -2762,188 +2755,7 @@ static int header_parse_80211(struct sk_buff *skb, unsigned char *haddr)
2762 return ETH_ALEN; 2755 return ETH_ALEN;
2763} 2756}
2764 2757
2765static inline int ieee80211_bssid_match(const u8 *raddr, const u8 *addr) 2758struct ieee80211_rate *
2766{
2767 return compare_ether_addr(raddr, addr) == 0 ||
2768 is_broadcast_ether_addr(raddr);
2769}
2770
2771
2772static ieee80211_txrx_result
2773ieee80211_rx_h_data(struct ieee80211_txrx_data *rx)
2774{
2775 struct net_device *dev = rx->dev;
2776 struct ieee80211_local *local = rx->local;
2777 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
2778 u16 fc, hdrlen, ethertype;
2779 u8 *payload;
2780 u8 dst[ETH_ALEN];
2781 u8 src[ETH_ALEN];
2782 struct sk_buff *skb = rx->skb, *skb2;
2783 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2784
2785 fc = rx->fc;
2786 if (unlikely((fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA))
2787 return TXRX_CONTINUE;
2788
2789 if (unlikely(!WLAN_FC_DATA_PRESENT(fc)))
2790 return TXRX_DROP;
2791
2792 hdrlen = ieee80211_get_hdrlen(fc);
2793
2794 /* convert IEEE 802.11 header + possible LLC headers into Ethernet
2795 * header
2796 * IEEE 802.11 address fields:
2797 * ToDS FromDS Addr1 Addr2 Addr3 Addr4
2798 * 0 0 DA SA BSSID n/a
2799 * 0 1 DA BSSID SA n/a
2800 * 1 0 BSSID SA DA n/a
2801 * 1 1 RA TA DA SA
2802 */
2803
2804 switch (fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) {
2805 case IEEE80211_FCTL_TODS:
2806 /* BSSID SA DA */
2807 memcpy(dst, hdr->addr3, ETH_ALEN);
2808 memcpy(src, hdr->addr2, ETH_ALEN);
2809
2810 if (unlikely(sdata->type != IEEE80211_IF_TYPE_AP &&
2811 sdata->type != IEEE80211_IF_TYPE_VLAN)) {
2812 printk(KERN_DEBUG "%s: dropped ToDS frame (BSSID="
2813 MAC_FMT " SA=" MAC_FMT " DA=" MAC_FMT ")\n",
2814 dev->name, MAC_ARG(hdr->addr1),
2815 MAC_ARG(hdr->addr2), MAC_ARG(hdr->addr3));
2816 return TXRX_DROP;
2817 }
2818 break;
2819 case (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS):
2820 /* RA TA DA SA */
2821 memcpy(dst, hdr->addr3, ETH_ALEN);
2822 memcpy(src, hdr->addr4, ETH_ALEN);
2823
2824 if (unlikely(sdata->type != IEEE80211_IF_TYPE_WDS)) {
2825 printk(KERN_DEBUG "%s: dropped FromDS&ToDS frame (RA="
2826 MAC_FMT " TA=" MAC_FMT " DA=" MAC_FMT " SA="
2827 MAC_FMT ")\n",
2828 rx->dev->name, MAC_ARG(hdr->addr1),
2829 MAC_ARG(hdr->addr2), MAC_ARG(hdr->addr3),
2830 MAC_ARG(hdr->addr4));
2831 return TXRX_DROP;
2832 }
2833 break;
2834 case IEEE80211_FCTL_FROMDS:
2835 /* DA BSSID SA */
2836 memcpy(dst, hdr->addr1, ETH_ALEN);
2837 memcpy(src, hdr->addr3, ETH_ALEN);
2838
2839 if (sdata->type != IEEE80211_IF_TYPE_STA) {
2840 return TXRX_DROP;
2841 }
2842 break;
2843 case 0:
2844 /* DA SA BSSID */
2845 memcpy(dst, hdr->addr1, ETH_ALEN);
2846 memcpy(src, hdr->addr2, ETH_ALEN);
2847
2848 if (sdata->type != IEEE80211_IF_TYPE_IBSS) {
2849 if (net_ratelimit()) {
2850 printk(KERN_DEBUG "%s: dropped IBSS frame (DA="
2851 MAC_FMT " SA=" MAC_FMT " BSSID=" MAC_FMT
2852 ")\n",
2853 dev->name, MAC_ARG(hdr->addr1),
2854 MAC_ARG(hdr->addr2),
2855 MAC_ARG(hdr->addr3));
2856 }
2857 return TXRX_DROP;
2858 }
2859 break;
2860 }
2861
2862 payload = skb->data + hdrlen;
2863
2864 if (unlikely(skb->len - hdrlen < 8)) {
2865 if (net_ratelimit()) {
2866 printk(KERN_DEBUG "%s: RX too short data frame "
2867 "payload\n", dev->name);
2868 }
2869 return TXRX_DROP;
2870 }
2871
2872 ethertype = (payload[6] << 8) | payload[7];
2873
2874 if (likely((compare_ether_addr(payload, rfc1042_header) == 0 &&
2875 ethertype != ETH_P_AARP && ethertype != ETH_P_IPX) ||
2876 compare_ether_addr(payload, bridge_tunnel_header) == 0)) {
2877 /* remove RFC1042 or Bridge-Tunnel encapsulation and
2878 * replace EtherType */
2879 skb_pull(skb, hdrlen + 6);
2880 memcpy(skb_push(skb, ETH_ALEN), src, ETH_ALEN);
2881 memcpy(skb_push(skb, ETH_ALEN), dst, ETH_ALEN);
2882 } else {
2883 struct ethhdr *ehdr;
2884 __be16 len;
2885 skb_pull(skb, hdrlen);
2886 len = htons(skb->len);
2887 ehdr = (struct ethhdr *) skb_push(skb, sizeof(struct ethhdr));
2888 memcpy(ehdr->h_dest, dst, ETH_ALEN);
2889 memcpy(ehdr->h_source, src, ETH_ALEN);
2890 ehdr->h_proto = len;
2891 }
2892 skb->dev = dev;
2893
2894 skb2 = NULL;
2895
2896 sdata->stats.rx_packets++;
2897 sdata->stats.rx_bytes += skb->len;
2898
2899 if (local->bridge_packets && (sdata->type == IEEE80211_IF_TYPE_AP
2900 || sdata->type == IEEE80211_IF_TYPE_VLAN) && rx->u.rx.ra_match) {
2901 if (is_multicast_ether_addr(skb->data)) {
2902 /* send multicast frames both to higher layers in
2903 * local net stack and back to the wireless media */
2904 skb2 = skb_copy(skb, GFP_ATOMIC);
2905 if (!skb2)
2906 printk(KERN_DEBUG "%s: failed to clone "
2907 "multicast frame\n", dev->name);
2908 } else {
2909 struct sta_info *dsta;
2910 dsta = sta_info_get(local, skb->data);
2911 if (dsta && !dsta->dev) {
2912 printk(KERN_DEBUG "Station with null dev "
2913 "structure!\n");
2914 } else if (dsta && dsta->dev == dev) {
2915 /* Destination station is associated to this
2916 * AP, so send the frame directly to it and
2917 * do not pass the frame to local net stack.
2918 */
2919 skb2 = skb;
2920 skb = NULL;
2921 }
2922 if (dsta)
2923 sta_info_put(dsta);
2924 }
2925 }
2926
2927 if (skb) {
2928 /* deliver to local stack */
2929 skb->protocol = eth_type_trans(skb, dev);
2930 memset(skb->cb, 0, sizeof(skb->cb));
2931 netif_rx(skb);
2932 }
2933
2934 if (skb2) {
2935 /* send to wireless media */
2936 skb2->protocol = __constant_htons(ETH_P_802_3);
2937 skb_set_network_header(skb2, 0);
2938 skb_set_mac_header(skb2, 0);
2939 dev_queue_xmit(skb2);
2940 }
2941
2942 return TXRX_QUEUED;
2943}
2944
2945
2946static struct ieee80211_rate *
2947ieee80211_get_rate(struct ieee80211_local *local, int phymode, int hw_rate) 2759ieee80211_get_rate(struct ieee80211_local *local, int phymode, int hw_rate)
2948{ 2760{
2949 struct ieee80211_hw_mode *mode; 2761 struct ieee80211_hw_mode *mode;
@@ -3071,69 +2883,6 @@ ieee80211_rx_mgmt(struct ieee80211_local *local, struct sk_buff *skb,
3071 netif_rx(skb); 2883 netif_rx(skb);
3072} 2884}
3073 2885
3074static void
3075ieee80211_rx_monitor(struct net_device *dev, struct sk_buff *skb,
3076 struct ieee80211_rx_status *status)
3077{
3078 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
3079 struct ieee80211_sub_if_data *sdata;
3080 struct ieee80211_rate *rate;
3081 struct ieee80211_rtap_hdr {
3082 struct ieee80211_radiotap_header hdr;
3083 u8 flags;
3084 u8 rate;
3085 __le16 chan_freq;
3086 __le16 chan_flags;
3087 u8 antsignal;
3088 } __attribute__ ((packed)) *rthdr;
3089
3090 skb->dev = dev;
3091
3092 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3093
3094 if (status->flag & RX_FLAG_RADIOTAP)
3095 goto out;
3096
3097 if (skb_headroom(skb) < sizeof(*rthdr)) {
3098 I802_DEBUG_INC(local->rx_expand_skb_head);
3099 if (pskb_expand_head(skb, sizeof(*rthdr), 0, GFP_ATOMIC)) {
3100 dev_kfree_skb(skb);
3101 return;
3102 }
3103 }
3104
3105 rthdr = (struct ieee80211_rtap_hdr *) skb_push(skb, sizeof(*rthdr));
3106 memset(rthdr, 0, sizeof(*rthdr));
3107 rthdr->hdr.it_len = cpu_to_le16(sizeof(*rthdr));
3108 rthdr->hdr.it_present =
3109 cpu_to_le32((1 << IEEE80211_RADIOTAP_FLAGS) |
3110 (1 << IEEE80211_RADIOTAP_RATE) |
3111 (1 << IEEE80211_RADIOTAP_CHANNEL) |
3112 (1 << IEEE80211_RADIOTAP_DB_ANTSIGNAL));
3113 rthdr->flags = local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS ?
3114 IEEE80211_RADIOTAP_F_FCS : 0;
3115 rate = ieee80211_get_rate(local, status->phymode, status->rate);
3116 if (rate)
3117 rthdr->rate = rate->rate / 5;
3118 rthdr->chan_freq = cpu_to_le16(status->freq);
3119 rthdr->chan_flags =
3120 status->phymode == MODE_IEEE80211A ?
3121 cpu_to_le16(IEEE80211_CHAN_OFDM | IEEE80211_CHAN_5GHZ) :
3122 cpu_to_le16(IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ);
3123 rthdr->antsignal = status->ssi;
3124
3125 out:
3126 sdata->stats.rx_packets++;
3127 sdata->stats.rx_bytes += skb->len;
3128
3129 skb_set_mac_header(skb, 0);
3130 skb->ip_summed = CHECKSUM_UNNECESSARY;
3131 skb->pkt_type = PACKET_OTHERHOST;
3132 skb->protocol = htons(ETH_P_802_2);
3133 memset(skb->cb, 0, sizeof(skb->cb));
3134 netif_rx(skb);
3135}
3136
3137int ieee80211_radar_status(struct ieee80211_hw *hw, int channel, 2886int ieee80211_radar_status(struct ieee80211_hw *hw, int channel,
3138 int radar, int radar_type) 2887 int radar, int radar_type)
3139{ 2888{
@@ -3163,1000 +2912,6 @@ int ieee80211_radar_status(struct ieee80211_hw *hw, int channel,
3163EXPORT_SYMBOL(ieee80211_radar_status); 2912EXPORT_SYMBOL(ieee80211_radar_status);
3164 2913
3165 2914
3166static void ap_sta_ps_start(struct net_device *dev, struct sta_info *sta)
3167{
3168 struct ieee80211_sub_if_data *sdata;
3169 sdata = IEEE80211_DEV_TO_SUB_IF(sta->dev);
3170
3171 if (sdata->bss)
3172 atomic_inc(&sdata->bss->num_sta_ps);
3173 sta->flags |= WLAN_STA_PS;
3174 sta->pspoll = 0;
3175#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
3176 printk(KERN_DEBUG "%s: STA " MAC_FMT " aid %d enters power "
3177 "save mode\n", dev->name, MAC_ARG(sta->addr), sta->aid);
3178#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
3179}
3180
3181
3182static int ap_sta_ps_end(struct net_device *dev, struct sta_info *sta)
3183{
3184 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
3185 struct sk_buff *skb;
3186 int sent = 0;
3187 struct ieee80211_sub_if_data *sdata;
3188 struct ieee80211_tx_packet_data *pkt_data;
3189
3190 sdata = IEEE80211_DEV_TO_SUB_IF(sta->dev);
3191 if (sdata->bss)
3192 atomic_dec(&sdata->bss->num_sta_ps);
3193 sta->flags &= ~(WLAN_STA_PS | WLAN_STA_TIM);
3194 sta->pspoll = 0;
3195 if (!skb_queue_empty(&sta->ps_tx_buf)) {
3196 if (local->ops->set_tim)
3197 local->ops->set_tim(local_to_hw(local), sta->aid, 0);
3198 if (sdata->bss)
3199 bss_tim_clear(local, sdata->bss, sta->aid);
3200 }
3201#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
3202 printk(KERN_DEBUG "%s: STA " MAC_FMT " aid %d exits power "
3203 "save mode\n", dev->name, MAC_ARG(sta->addr), sta->aid);
3204#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
3205 /* Send all buffered frames to the station */
3206 while ((skb = skb_dequeue(&sta->tx_filtered)) != NULL) {
3207 pkt_data = (struct ieee80211_tx_packet_data *) skb->cb;
3208 sent++;
3209 pkt_data->requeue = 1;
3210 dev_queue_xmit(skb);
3211 }
3212 while ((skb = skb_dequeue(&sta->ps_tx_buf)) != NULL) {
3213 pkt_data = (struct ieee80211_tx_packet_data *) skb->cb;
3214 local->total_ps_buffered--;
3215 sent++;
3216#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
3217 printk(KERN_DEBUG "%s: STA " MAC_FMT " aid %d send PS frame "
3218 "since STA not sleeping anymore\n", dev->name,
3219 MAC_ARG(sta->addr), sta->aid);
3220#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
3221 pkt_data->requeue = 1;
3222 dev_queue_xmit(skb);
3223 }
3224
3225 return sent;
3226}
3227
3228
3229static ieee80211_txrx_result
3230ieee80211_rx_h_ps_poll(struct ieee80211_txrx_data *rx)
3231{
3232 struct sk_buff *skb;
3233 int no_pending_pkts;
3234
3235 if (likely(!rx->sta ||
3236 (rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_CTL ||
3237 (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_PSPOLL ||
3238 !rx->u.rx.ra_match))
3239 return TXRX_CONTINUE;
3240
3241 skb = skb_dequeue(&rx->sta->tx_filtered);
3242 if (!skb) {
3243 skb = skb_dequeue(&rx->sta->ps_tx_buf);
3244 if (skb)
3245 rx->local->total_ps_buffered--;
3246 }
3247 no_pending_pkts = skb_queue_empty(&rx->sta->tx_filtered) &&
3248 skb_queue_empty(&rx->sta->ps_tx_buf);
3249
3250 if (skb) {
3251 struct ieee80211_hdr *hdr =
3252 (struct ieee80211_hdr *) skb->data;
3253
3254 /* tell TX path to send one frame even though the STA may
3255 * still remain is PS mode after this frame exchange */
3256 rx->sta->pspoll = 1;
3257
3258#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
3259 printk(KERN_DEBUG "STA " MAC_FMT " aid %d: PS Poll (entries "
3260 "after %d)\n",
3261 MAC_ARG(rx->sta->addr), rx->sta->aid,
3262 skb_queue_len(&rx->sta->ps_tx_buf));
3263#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
3264
3265 /* Use MoreData flag to indicate whether there are more
3266 * buffered frames for this STA */
3267 if (no_pending_pkts) {
3268 hdr->frame_control &= cpu_to_le16(~IEEE80211_FCTL_MOREDATA);
3269 rx->sta->flags &= ~WLAN_STA_TIM;
3270 } else
3271 hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_MOREDATA);
3272
3273 dev_queue_xmit(skb);
3274
3275 if (no_pending_pkts) {
3276 if (rx->local->ops->set_tim)
3277 rx->local->ops->set_tim(local_to_hw(rx->local),
3278 rx->sta->aid, 0);
3279 if (rx->sdata->bss)
3280 bss_tim_clear(rx->local, rx->sdata->bss, rx->sta->aid);
3281 }
3282#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
3283 } else if (!rx->u.rx.sent_ps_buffered) {
3284 printk(KERN_DEBUG "%s: STA " MAC_FMT " sent PS Poll even "
3285 "though there is no buffered frames for it\n",
3286 rx->dev->name, MAC_ARG(rx->sta->addr));
3287#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
3288
3289 }
3290
3291 /* Free PS Poll skb here instead of returning TXRX_DROP that would
3292 * count as an dropped frame. */
3293 dev_kfree_skb(rx->skb);
3294
3295 return TXRX_QUEUED;
3296}
3297
3298
3299static inline struct ieee80211_fragment_entry *
3300ieee80211_reassemble_add(struct ieee80211_sub_if_data *sdata,
3301 unsigned int frag, unsigned int seq, int rx_queue,
3302 struct sk_buff **skb)
3303{
3304 struct ieee80211_fragment_entry *entry;
3305 int idx;
3306
3307 idx = sdata->fragment_next;
3308 entry = &sdata->fragments[sdata->fragment_next++];
3309 if (sdata->fragment_next >= IEEE80211_FRAGMENT_MAX)
3310 sdata->fragment_next = 0;
3311
3312 if (!skb_queue_empty(&entry->skb_list)) {
3313#ifdef CONFIG_MAC80211_DEBUG
3314 struct ieee80211_hdr *hdr =
3315 (struct ieee80211_hdr *) entry->skb_list.next->data;
3316 printk(KERN_DEBUG "%s: RX reassembly removed oldest "
3317 "fragment entry (idx=%d age=%lu seq=%d last_frag=%d "
3318 "addr1=" MAC_FMT " addr2=" MAC_FMT "\n",
3319 sdata->dev->name, idx,
3320 jiffies - entry->first_frag_time, entry->seq,
3321 entry->last_frag, MAC_ARG(hdr->addr1),
3322 MAC_ARG(hdr->addr2));
3323#endif /* CONFIG_MAC80211_DEBUG */
3324 __skb_queue_purge(&entry->skb_list);
3325 }
3326
3327 __skb_queue_tail(&entry->skb_list, *skb); /* no need for locking */
3328 *skb = NULL;
3329 entry->first_frag_time = jiffies;
3330 entry->seq = seq;
3331 entry->rx_queue = rx_queue;
3332 entry->last_frag = frag;
3333 entry->ccmp = 0;
3334 entry->extra_len = 0;
3335
3336 return entry;
3337}
3338
3339
3340static inline struct ieee80211_fragment_entry *
3341ieee80211_reassemble_find(struct ieee80211_sub_if_data *sdata,
3342 u16 fc, unsigned int frag, unsigned int seq,
3343 int rx_queue, struct ieee80211_hdr *hdr)
3344{
3345 struct ieee80211_fragment_entry *entry;
3346 int i, idx;
3347
3348 idx = sdata->fragment_next;
3349 for (i = 0; i < IEEE80211_FRAGMENT_MAX; i++) {
3350 struct ieee80211_hdr *f_hdr;
3351 u16 f_fc;
3352
3353 idx--;
3354 if (idx < 0)
3355 idx = IEEE80211_FRAGMENT_MAX - 1;
3356
3357 entry = &sdata->fragments[idx];
3358 if (skb_queue_empty(&entry->skb_list) || entry->seq != seq ||
3359 entry->rx_queue != rx_queue ||
3360 entry->last_frag + 1 != frag)
3361 continue;
3362
3363 f_hdr = (struct ieee80211_hdr *) entry->skb_list.next->data;
3364 f_fc = le16_to_cpu(f_hdr->frame_control);
3365
3366 if ((fc & IEEE80211_FCTL_FTYPE) != (f_fc & IEEE80211_FCTL_FTYPE) ||
3367 compare_ether_addr(hdr->addr1, f_hdr->addr1) != 0 ||
3368 compare_ether_addr(hdr->addr2, f_hdr->addr2) != 0)
3369 continue;
3370
3371 if (entry->first_frag_time + 2 * HZ < jiffies) {
3372 __skb_queue_purge(&entry->skb_list);
3373 continue;
3374 }
3375 return entry;
3376 }
3377
3378 return NULL;
3379}
3380
3381
3382static ieee80211_txrx_result
3383ieee80211_rx_h_defragment(struct ieee80211_txrx_data *rx)
3384{
3385 struct ieee80211_hdr *hdr;
3386 u16 sc;
3387 unsigned int frag, seq;
3388 struct ieee80211_fragment_entry *entry;
3389 struct sk_buff *skb;
3390
3391 hdr = (struct ieee80211_hdr *) rx->skb->data;
3392 sc = le16_to_cpu(hdr->seq_ctrl);
3393 frag = sc & IEEE80211_SCTL_FRAG;
3394
3395 if (likely((!(rx->fc & IEEE80211_FCTL_MOREFRAGS) && frag == 0) ||
3396 (rx->skb)->len < 24 ||
3397 is_multicast_ether_addr(hdr->addr1))) {
3398 /* not fragmented */
3399 goto out;
3400 }
3401 I802_DEBUG_INC(rx->local->rx_handlers_fragments);
3402
3403 seq = (sc & IEEE80211_SCTL_SEQ) >> 4;
3404
3405 if (frag == 0) {
3406 /* This is the first fragment of a new frame. */
3407 entry = ieee80211_reassemble_add(rx->sdata, frag, seq,
3408 rx->u.rx.queue, &(rx->skb));
3409 if (rx->key && rx->key->alg == ALG_CCMP &&
3410 (rx->fc & IEEE80211_FCTL_PROTECTED)) {
3411 /* Store CCMP PN so that we can verify that the next
3412 * fragment has a sequential PN value. */
3413 entry->ccmp = 1;
3414 memcpy(entry->last_pn,
3415 rx->key->u.ccmp.rx_pn[rx->u.rx.queue],
3416 CCMP_PN_LEN);
3417 }
3418 return TXRX_QUEUED;
3419 }
3420
3421 /* This is a fragment for a frame that should already be pending in
3422 * fragment cache. Add this fragment to the end of the pending entry.
3423 */
3424 entry = ieee80211_reassemble_find(rx->sdata, rx->fc, frag, seq,
3425 rx->u.rx.queue, hdr);
3426 if (!entry) {
3427 I802_DEBUG_INC(rx->local->rx_handlers_drop_defrag);
3428 return TXRX_DROP;
3429 }
3430
3431 /* Verify that MPDUs within one MSDU have sequential PN values.
3432 * (IEEE 802.11i, 8.3.3.4.5) */
3433 if (entry->ccmp) {
3434 int i;
3435 u8 pn[CCMP_PN_LEN], *rpn;
3436 if (!rx->key || rx->key->alg != ALG_CCMP)
3437 return TXRX_DROP;
3438 memcpy(pn, entry->last_pn, CCMP_PN_LEN);
3439 for (i = CCMP_PN_LEN - 1; i >= 0; i--) {
3440 pn[i]++;
3441 if (pn[i])
3442 break;
3443 }
3444 rpn = rx->key->u.ccmp.rx_pn[rx->u.rx.queue];
3445 if (memcmp(pn, rpn, CCMP_PN_LEN) != 0) {
3446 printk(KERN_DEBUG "%s: defrag: CCMP PN not sequential"
3447 " A2=" MAC_FMT " PN=%02x%02x%02x%02x%02x%02x "
3448 "(expected %02x%02x%02x%02x%02x%02x)\n",
3449 rx->dev->name, MAC_ARG(hdr->addr2),
3450 rpn[0], rpn[1], rpn[2], rpn[3], rpn[4], rpn[5],
3451 pn[0], pn[1], pn[2], pn[3], pn[4], pn[5]);
3452 return TXRX_DROP;
3453 }
3454 memcpy(entry->last_pn, pn, CCMP_PN_LEN);
3455 }
3456
3457 skb_pull(rx->skb, ieee80211_get_hdrlen(rx->fc));
3458 __skb_queue_tail(&entry->skb_list, rx->skb);
3459 entry->last_frag = frag;
3460 entry->extra_len += rx->skb->len;
3461 if (rx->fc & IEEE80211_FCTL_MOREFRAGS) {
3462 rx->skb = NULL;
3463 return TXRX_QUEUED;
3464 }
3465
3466 rx->skb = __skb_dequeue(&entry->skb_list);
3467 if (skb_tailroom(rx->skb) < entry->extra_len) {
3468 I802_DEBUG_INC(rx->local->rx_expand_skb_head2);
3469 if (unlikely(pskb_expand_head(rx->skb, 0, entry->extra_len,
3470 GFP_ATOMIC))) {
3471 I802_DEBUG_INC(rx->local->rx_handlers_drop_defrag);
3472 __skb_queue_purge(&entry->skb_list);
3473 return TXRX_DROP;
3474 }
3475 }
3476 while ((skb = __skb_dequeue(&entry->skb_list))) {
3477 memcpy(skb_put(rx->skb, skb->len), skb->data, skb->len);
3478 dev_kfree_skb(skb);
3479 }
3480
3481 /* Complete frame has been reassembled - process it now */
3482 rx->fragmented = 1;
3483
3484 out:
3485 if (rx->sta)
3486 rx->sta->rx_packets++;
3487 if (is_multicast_ether_addr(hdr->addr1))
3488 rx->local->dot11MulticastReceivedFrameCount++;
3489 else
3490 ieee80211_led_rx(rx->local);
3491 return TXRX_CONTINUE;
3492}
3493
3494
3495static ieee80211_txrx_result
3496ieee80211_rx_h_monitor(struct ieee80211_txrx_data *rx)
3497{
3498 if (rx->sdata->type == IEEE80211_IF_TYPE_MNTR) {
3499 ieee80211_rx_monitor(rx->dev, rx->skb, rx->u.rx.status);
3500 return TXRX_QUEUED;
3501 }
3502
3503 if (rx->u.rx.status->flag & RX_FLAG_RADIOTAP)
3504 skb_pull(rx->skb, ieee80211_get_radiotap_len(rx->skb));
3505
3506 return TXRX_CONTINUE;
3507}
3508
3509
3510static ieee80211_txrx_result
3511ieee80211_rx_h_check(struct ieee80211_txrx_data *rx)
3512{
3513 struct ieee80211_hdr *hdr;
3514 int always_sta_key;
3515 hdr = (struct ieee80211_hdr *) rx->skb->data;
3516
3517 /* Drop duplicate 802.11 retransmissions (IEEE 802.11 Chap. 9.2.9) */
3518 if (rx->sta && !is_multicast_ether_addr(hdr->addr1)) {
3519 if (unlikely(rx->fc & IEEE80211_FCTL_RETRY &&
3520 rx->sta->last_seq_ctrl[rx->u.rx.queue] ==
3521 hdr->seq_ctrl)) {
3522 if (rx->u.rx.ra_match) {
3523 rx->local->dot11FrameDuplicateCount++;
3524 rx->sta->num_duplicates++;
3525 }
3526 return TXRX_DROP;
3527 } else
3528 rx->sta->last_seq_ctrl[rx->u.rx.queue] = hdr->seq_ctrl;
3529 }
3530
3531 if ((rx->local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS) &&
3532 rx->skb->len > FCS_LEN)
3533 skb_trim(rx->skb, rx->skb->len - FCS_LEN);
3534
3535 if (unlikely(rx->skb->len < 16)) {
3536 I802_DEBUG_INC(rx->local->rx_handlers_drop_short);
3537 return TXRX_DROP;
3538 }
3539
3540 if (!rx->u.rx.ra_match)
3541 rx->skb->pkt_type = PACKET_OTHERHOST;
3542 else if (compare_ether_addr(rx->dev->dev_addr, hdr->addr1) == 0)
3543 rx->skb->pkt_type = PACKET_HOST;
3544 else if (is_multicast_ether_addr(hdr->addr1)) {
3545 if (is_broadcast_ether_addr(hdr->addr1))
3546 rx->skb->pkt_type = PACKET_BROADCAST;
3547 else
3548 rx->skb->pkt_type = PACKET_MULTICAST;
3549 } else
3550 rx->skb->pkt_type = PACKET_OTHERHOST;
3551
3552 /* Drop disallowed frame classes based on STA auth/assoc state;
3553 * IEEE 802.11, Chap 5.5.
3554 *
3555 * 80211.o does filtering only based on association state, i.e., it
3556 * drops Class 3 frames from not associated stations. hostapd sends
3557 * deauth/disassoc frames when needed. In addition, hostapd is
3558 * responsible for filtering on both auth and assoc states.
3559 */
3560 if (unlikely(((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA ||
3561 ((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_CTL &&
3562 (rx->fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_PSPOLL)) &&
3563 rx->sdata->type != IEEE80211_IF_TYPE_IBSS &&
3564 (!rx->sta || !(rx->sta->flags & WLAN_STA_ASSOC)))) {
3565 if ((!(rx->fc & IEEE80211_FCTL_FROMDS) &&
3566 !(rx->fc & IEEE80211_FCTL_TODS) &&
3567 (rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA)
3568 || !rx->u.rx.ra_match) {
3569 /* Drop IBSS frames and frames for other hosts
3570 * silently. */
3571 return TXRX_DROP;
3572 }
3573
3574 if (!rx->local->apdev)
3575 return TXRX_DROP;
3576
3577 ieee80211_rx_mgmt(rx->local, rx->skb, rx->u.rx.status,
3578 ieee80211_msg_sta_not_assoc);
3579 return TXRX_QUEUED;
3580 }
3581
3582 if (rx->sdata->type == IEEE80211_IF_TYPE_STA)
3583 always_sta_key = 0;
3584 else
3585 always_sta_key = 1;
3586
3587 if (rx->sta && rx->sta->key && always_sta_key) {
3588 rx->key = rx->sta->key;
3589 } else {
3590 if (rx->sta && rx->sta->key)
3591 rx->key = rx->sta->key;
3592 else
3593 rx->key = rx->sdata->default_key;
3594
3595 if ((rx->local->hw.flags & IEEE80211_HW_WEP_INCLUDE_IV) &&
3596 rx->fc & IEEE80211_FCTL_PROTECTED) {
3597 int keyidx = ieee80211_wep_get_keyidx(rx->skb);
3598
3599 if (keyidx >= 0 && keyidx < NUM_DEFAULT_KEYS &&
3600 (!rx->sta || !rx->sta->key || keyidx > 0))
3601 rx->key = rx->sdata->keys[keyidx];
3602
3603 if (!rx->key) {
3604 if (!rx->u.rx.ra_match)
3605 return TXRX_DROP;
3606 printk(KERN_DEBUG "%s: RX WEP frame with "
3607 "unknown keyidx %d (A1=" MAC_FMT " A2="
3608 MAC_FMT " A3=" MAC_FMT ")\n",
3609 rx->dev->name, keyidx,
3610 MAC_ARG(hdr->addr1),
3611 MAC_ARG(hdr->addr2),
3612 MAC_ARG(hdr->addr3));
3613 if (!rx->local->apdev)
3614 return TXRX_DROP;
3615 ieee80211_rx_mgmt(
3616 rx->local, rx->skb, rx->u.rx.status,
3617 ieee80211_msg_wep_frame_unknown_key);
3618 return TXRX_QUEUED;
3619 }
3620 }
3621 }
3622
3623 if (rx->fc & IEEE80211_FCTL_PROTECTED && rx->key && rx->u.rx.ra_match) {
3624 rx->key->tx_rx_count++;
3625 if (unlikely(rx->local->key_tx_rx_threshold &&
3626 rx->key->tx_rx_count >
3627 rx->local->key_tx_rx_threshold)) {
3628 ieee80211_key_threshold_notify(rx->dev, rx->key,
3629 rx->sta);
3630 }
3631 }
3632
3633 return TXRX_CONTINUE;
3634}
3635
3636
3637static ieee80211_txrx_result
3638ieee80211_rx_h_sta_process(struct ieee80211_txrx_data *rx)
3639{
3640 struct sta_info *sta = rx->sta;
3641 struct net_device *dev = rx->dev;
3642 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
3643
3644 if (!sta)
3645 return TXRX_CONTINUE;
3646
3647 /* Update last_rx only for IBSS packets which are for the current
3648 * BSSID to avoid keeping the current IBSS network alive in cases where
3649 * other STAs are using different BSSID. */
3650 if (rx->sdata->type == IEEE80211_IF_TYPE_IBSS) {
3651 u8 *bssid = ieee80211_get_bssid(hdr, rx->skb->len);
3652 if (compare_ether_addr(bssid, rx->sdata->u.sta.bssid) == 0)
3653 sta->last_rx = jiffies;
3654 } else
3655 if (!is_multicast_ether_addr(hdr->addr1) ||
3656 rx->sdata->type == IEEE80211_IF_TYPE_STA) {
3657 /* Update last_rx only for unicast frames in order to prevent
3658 * the Probe Request frames (the only broadcast frames from a
3659 * STA in infrastructure mode) from keeping a connection alive.
3660 */
3661 sta->last_rx = jiffies;
3662 }
3663
3664 if (!rx->u.rx.ra_match)
3665 return TXRX_CONTINUE;
3666
3667 sta->rx_fragments++;
3668 sta->rx_bytes += rx->skb->len;
3669 sta->last_rssi = (sta->last_rssi * 15 +
3670 rx->u.rx.status->ssi) / 16;
3671 sta->last_signal = (sta->last_signal * 15 +
3672 rx->u.rx.status->signal) / 16;
3673 sta->last_noise = (sta->last_noise * 15 +
3674 rx->u.rx.status->noise) / 16;
3675
3676 if (!(rx->fc & IEEE80211_FCTL_MOREFRAGS)) {
3677 /* Change STA power saving mode only in the end of a frame
3678 * exchange sequence */
3679 if ((sta->flags & WLAN_STA_PS) && !(rx->fc & IEEE80211_FCTL_PM))
3680 rx->u.rx.sent_ps_buffered += ap_sta_ps_end(dev, sta);
3681 else if (!(sta->flags & WLAN_STA_PS) &&
3682 (rx->fc & IEEE80211_FCTL_PM))
3683 ap_sta_ps_start(dev, sta);
3684 }
3685
3686 /* Drop data::nullfunc frames silently, since they are used only to
3687 * control station power saving mode. */
3688 if ((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA &&
3689 (rx->fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_NULLFUNC) {
3690 I802_DEBUG_INC(rx->local->rx_handlers_drop_nullfunc);
3691 /* Update counter and free packet here to avoid counting this
3692 * as a dropped packed. */
3693 sta->rx_packets++;
3694 dev_kfree_skb(rx->skb);
3695 return TXRX_QUEUED;
3696 }
3697
3698 return TXRX_CONTINUE;
3699} /* ieee80211_rx_h_sta_process */
3700
3701
3702static ieee80211_txrx_result
3703ieee80211_rx_h_wep_weak_iv_detection(struct ieee80211_txrx_data *rx)
3704{
3705 if (!rx->sta || !(rx->fc & IEEE80211_FCTL_PROTECTED) ||
3706 (rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA ||
3707 !rx->key || rx->key->alg != ALG_WEP || !rx->u.rx.ra_match)
3708 return TXRX_CONTINUE;
3709
3710 /* Check for weak IVs, if hwaccel did not remove IV from the frame */
3711 if ((rx->local->hw.flags & IEEE80211_HW_WEP_INCLUDE_IV) ||
3712 rx->key->force_sw_encrypt) {
3713 u8 *iv = ieee80211_wep_is_weak_iv(rx->skb, rx->key);
3714 if (iv) {
3715 rx->sta->wep_weak_iv_count++;
3716 }
3717 }
3718
3719 return TXRX_CONTINUE;
3720}
3721
3722
3723static ieee80211_txrx_result
3724ieee80211_rx_h_wep_decrypt(struct ieee80211_txrx_data *rx)
3725{
3726 /* If the device handles decryption totally, skip this test */
3727 if (rx->local->hw.flags & IEEE80211_HW_DEVICE_HIDES_WEP)
3728 return TXRX_CONTINUE;
3729
3730 if ((rx->key && rx->key->alg != ALG_WEP) ||
3731 !(rx->fc & IEEE80211_FCTL_PROTECTED) ||
3732 ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA &&
3733 ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT ||
3734 (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_AUTH)))
3735 return TXRX_CONTINUE;
3736
3737 if (!rx->key) {
3738 printk(KERN_DEBUG "%s: RX WEP frame, but no key set\n",
3739 rx->dev->name);
3740 return TXRX_DROP;
3741 }
3742
3743 if (!(rx->u.rx.status->flag & RX_FLAG_DECRYPTED) ||
3744 rx->key->force_sw_encrypt) {
3745 if (ieee80211_wep_decrypt(rx->local, rx->skb, rx->key)) {
3746 printk(KERN_DEBUG "%s: RX WEP frame, decrypt "
3747 "failed\n", rx->dev->name);
3748 return TXRX_DROP;
3749 }
3750 } else if (rx->local->hw.flags & IEEE80211_HW_WEP_INCLUDE_IV) {
3751 ieee80211_wep_remove_iv(rx->local, rx->skb, rx->key);
3752 /* remove ICV */
3753 skb_trim(rx->skb, rx->skb->len - 4);
3754 }
3755
3756 return TXRX_CONTINUE;
3757}
3758
3759
3760static ieee80211_txrx_result
3761ieee80211_rx_h_802_1x_pae(struct ieee80211_txrx_data *rx)
3762{
3763 if (rx->sdata->eapol && ieee80211_is_eapol(rx->skb) &&
3764 rx->sdata->type != IEEE80211_IF_TYPE_STA && rx->u.rx.ra_match) {
3765 /* Pass both encrypted and unencrypted EAPOL frames to user
3766 * space for processing. */
3767 if (!rx->local->apdev)
3768 return TXRX_DROP;
3769 ieee80211_rx_mgmt(rx->local, rx->skb, rx->u.rx.status,
3770 ieee80211_msg_normal);
3771 return TXRX_QUEUED;
3772 }
3773
3774 if (unlikely(rx->sdata->ieee802_1x &&
3775 (rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA &&
3776 (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_NULLFUNC &&
3777 (!rx->sta || !(rx->sta->flags & WLAN_STA_AUTHORIZED)) &&
3778 !ieee80211_is_eapol(rx->skb))) {
3779#ifdef CONFIG_MAC80211_DEBUG
3780 struct ieee80211_hdr *hdr =
3781 (struct ieee80211_hdr *) rx->skb->data;
3782 printk(KERN_DEBUG "%s: dropped frame from " MAC_FMT
3783 " (unauthorized port)\n", rx->dev->name,
3784 MAC_ARG(hdr->addr2));
3785#endif /* CONFIG_MAC80211_DEBUG */
3786 return TXRX_DROP;
3787 }
3788
3789 return TXRX_CONTINUE;
3790}
3791
3792
3793static ieee80211_txrx_result
3794ieee80211_rx_h_drop_unencrypted(struct ieee80211_txrx_data *rx)
3795{
3796 /* If the device handles decryption totally, skip this test */
3797 if (rx->local->hw.flags & IEEE80211_HW_DEVICE_HIDES_WEP)
3798 return TXRX_CONTINUE;
3799
3800 /* Drop unencrypted frames if key is set. */
3801 if (unlikely(!(rx->fc & IEEE80211_FCTL_PROTECTED) &&
3802 (rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA &&
3803 (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_NULLFUNC &&
3804 (rx->key || rx->sdata->drop_unencrypted) &&
3805 (rx->sdata->eapol == 0 ||
3806 !ieee80211_is_eapol(rx->skb)))) {
3807 printk(KERN_DEBUG "%s: RX non-WEP frame, but expected "
3808 "encryption\n", rx->dev->name);
3809 return TXRX_DROP;
3810 }
3811 return TXRX_CONTINUE;
3812}
3813
3814
3815static ieee80211_txrx_result
3816ieee80211_rx_h_mgmt(struct ieee80211_txrx_data *rx)
3817{
3818 struct ieee80211_sub_if_data *sdata;
3819
3820 if (!rx->u.rx.ra_match)
3821 return TXRX_DROP;
3822
3823 sdata = IEEE80211_DEV_TO_SUB_IF(rx->dev);
3824 if ((sdata->type == IEEE80211_IF_TYPE_STA ||
3825 sdata->type == IEEE80211_IF_TYPE_IBSS) &&
3826 !rx->local->user_space_mlme) {
3827 ieee80211_sta_rx_mgmt(rx->dev, rx->skb, rx->u.rx.status);
3828 } else {
3829 /* Management frames are sent to hostapd for processing */
3830 if (!rx->local->apdev)
3831 return TXRX_DROP;
3832 ieee80211_rx_mgmt(rx->local, rx->skb, rx->u.rx.status,
3833 ieee80211_msg_normal);
3834 }
3835 return TXRX_QUEUED;
3836}
3837
3838
3839static ieee80211_txrx_result
3840ieee80211_rx_h_passive_scan(struct ieee80211_txrx_data *rx)
3841{
3842 struct ieee80211_local *local = rx->local;
3843 struct sk_buff *skb = rx->skb;
3844
3845 if (unlikely(local->sta_scanning != 0)) {
3846 ieee80211_sta_rx_scan(rx->dev, skb, rx->u.rx.status);
3847 return TXRX_QUEUED;
3848 }
3849
3850 if (unlikely(rx->u.rx.in_scan)) {
3851 /* scanning finished during invoking of handlers */
3852 I802_DEBUG_INC(local->rx_handlers_drop_passive_scan);
3853 return TXRX_DROP;
3854 }
3855
3856 return TXRX_CONTINUE;
3857}
3858
3859
3860static void ieee80211_rx_michael_mic_report(struct net_device *dev,
3861 struct ieee80211_hdr *hdr,
3862 struct sta_info *sta,
3863 struct ieee80211_txrx_data *rx)
3864{
3865 int keyidx, hdrlen;
3866
3867 hdrlen = ieee80211_get_hdrlen_from_skb(rx->skb);
3868 if (rx->skb->len >= hdrlen + 4)
3869 keyidx = rx->skb->data[hdrlen + 3] >> 6;
3870 else
3871 keyidx = -1;
3872
3873 /* TODO: verify that this is not triggered by fragmented
3874 * frames (hw does not verify MIC for them). */
3875 printk(KERN_DEBUG "%s: TKIP hwaccel reported Michael MIC "
3876 "failure from " MAC_FMT " to " MAC_FMT " keyidx=%d\n",
3877 dev->name, MAC_ARG(hdr->addr2), MAC_ARG(hdr->addr1), keyidx);
3878
3879 if (!sta) {
3880 /* Some hardware versions seem to generate incorrect
3881 * Michael MIC reports; ignore them to avoid triggering
3882 * countermeasures. */
3883 printk(KERN_DEBUG "%s: ignored spurious Michael MIC "
3884 "error for unknown address " MAC_FMT "\n",
3885 dev->name, MAC_ARG(hdr->addr2));
3886 goto ignore;
3887 }
3888
3889 if (!(rx->fc & IEEE80211_FCTL_PROTECTED)) {
3890 printk(KERN_DEBUG "%s: ignored spurious Michael MIC "
3891 "error for a frame with no ISWEP flag (src "
3892 MAC_FMT ")\n", dev->name, MAC_ARG(hdr->addr2));
3893 goto ignore;
3894 }
3895
3896 if ((rx->local->hw.flags & IEEE80211_HW_WEP_INCLUDE_IV) &&
3897 rx->sdata->type == IEEE80211_IF_TYPE_AP) {
3898 keyidx = ieee80211_wep_get_keyidx(rx->skb);
3899 /* AP with Pairwise keys support should never receive Michael
3900 * MIC errors for non-zero keyidx because these are reserved
3901 * for group keys and only the AP is sending real multicast
3902 * frames in BSS. */
3903 if (keyidx) {
3904 printk(KERN_DEBUG "%s: ignored Michael MIC error for "
3905 "a frame with non-zero keyidx (%d) (src " MAC_FMT
3906 ")\n", dev->name, keyidx, MAC_ARG(hdr->addr2));
3907 goto ignore;
3908 }
3909 }
3910
3911 if ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA &&
3912 ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT ||
3913 (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_AUTH)) {
3914 printk(KERN_DEBUG "%s: ignored spurious Michael MIC "
3915 "error for a frame that cannot be encrypted "
3916 "(fc=0x%04x) (src " MAC_FMT ")\n",
3917 dev->name, rx->fc, MAC_ARG(hdr->addr2));
3918 goto ignore;
3919 }
3920
3921 do {
3922 union iwreq_data wrqu;
3923 char *buf = kmalloc(128, GFP_ATOMIC);
3924 if (!buf)
3925 break;
3926
3927 /* TODO: needed parameters: count, key type, TSC */
3928 sprintf(buf, "MLME-MICHAELMICFAILURE.indication("
3929 "keyid=%d %scast addr=" MAC_FMT ")",
3930 keyidx, hdr->addr1[0] & 0x01 ? "broad" : "uni",
3931 MAC_ARG(hdr->addr2));
3932 memset(&wrqu, 0, sizeof(wrqu));
3933 wrqu.data.length = strlen(buf);
3934 wireless_send_event(rx->dev, IWEVCUSTOM, &wrqu, buf);
3935 kfree(buf);
3936 } while (0);
3937
3938 /* TODO: consider verifying the MIC error report with software
3939 * implementation if we get too many spurious reports from the
3940 * hardware. */
3941 if (!rx->local->apdev)
3942 goto ignore;
3943 ieee80211_rx_mgmt(rx->local, rx->skb, rx->u.rx.status,
3944 ieee80211_msg_michael_mic_failure);
3945 return;
3946
3947 ignore:
3948 dev_kfree_skb(rx->skb);
3949 rx->skb = NULL;
3950}
3951
3952static inline ieee80211_txrx_result __ieee80211_invoke_rx_handlers(
3953 struct ieee80211_local *local,
3954 ieee80211_rx_handler *handlers,
3955 struct ieee80211_txrx_data *rx,
3956 struct sta_info *sta)
3957{
3958 ieee80211_rx_handler *handler;
3959 ieee80211_txrx_result res = TXRX_DROP;
3960
3961 for (handler = handlers; *handler != NULL; handler++) {
3962 res = (*handler)(rx);
3963 if (res != TXRX_CONTINUE) {
3964 if (res == TXRX_DROP) {
3965 I802_DEBUG_INC(local->rx_handlers_drop);
3966 if (sta)
3967 sta->rx_dropped++;
3968 }
3969 if (res == TXRX_QUEUED)
3970 I802_DEBUG_INC(local->rx_handlers_queued);
3971 break;
3972 }
3973 }
3974
3975 if (res == TXRX_DROP) {
3976 dev_kfree_skb(rx->skb);
3977 }
3978 return res;
3979}
3980
3981static inline void ieee80211_invoke_rx_handlers(struct ieee80211_local *local,
3982 ieee80211_rx_handler *handlers,
3983 struct ieee80211_txrx_data *rx,
3984 struct sta_info *sta)
3985{
3986 if (__ieee80211_invoke_rx_handlers(local, handlers, rx, sta) ==
3987 TXRX_CONTINUE)
3988 dev_kfree_skb(rx->skb);
3989}
3990
3991/*
3992 * This is the receive path handler. It is called by a low level driver when an
3993 * 802.11 MPDU is received from the hardware.
3994 */
3995void __ieee80211_rx(struct ieee80211_hw *hw, struct sk_buff *skb,
3996 struct ieee80211_rx_status *status)
3997{
3998 struct ieee80211_local *local = hw_to_local(hw);
3999 struct ieee80211_sub_if_data *sdata;
4000 struct sta_info *sta;
4001 struct ieee80211_hdr *hdr;
4002 struct ieee80211_txrx_data rx;
4003 u16 type;
4004 int multicast;
4005 int radiotap_len = 0;
4006
4007 if (status->flag & RX_FLAG_RADIOTAP) {
4008 radiotap_len = ieee80211_get_radiotap_len(skb);
4009 skb_pull(skb, radiotap_len);
4010 }
4011
4012 hdr = (struct ieee80211_hdr *) skb->data;
4013 memset(&rx, 0, sizeof(rx));
4014 rx.skb = skb;
4015 rx.local = local;
4016
4017 rx.u.rx.status = status;
4018 rx.fc = skb->len >= 2 ? le16_to_cpu(hdr->frame_control) : 0;
4019 type = rx.fc & IEEE80211_FCTL_FTYPE;
4020 if (type == IEEE80211_FTYPE_DATA || type == IEEE80211_FTYPE_MGMT)
4021 local->dot11ReceivedFragmentCount++;
4022 multicast = is_multicast_ether_addr(hdr->addr1);
4023
4024 if (skb->len >= 16)
4025 sta = rx.sta = sta_info_get(local, hdr->addr2);
4026 else
4027 sta = rx.sta = NULL;
4028
4029 if (sta) {
4030 rx.dev = sta->dev;
4031 rx.sdata = IEEE80211_DEV_TO_SUB_IF(rx.dev);
4032 }
4033
4034 if ((status->flag & RX_FLAG_MMIC_ERROR)) {
4035 ieee80211_rx_michael_mic_report(local->mdev, hdr, sta, &rx);
4036 goto end;
4037 }
4038
4039 if (unlikely(local->sta_scanning))
4040 rx.u.rx.in_scan = 1;
4041
4042 if (__ieee80211_invoke_rx_handlers(local, local->rx_pre_handlers, &rx,
4043 sta) != TXRX_CONTINUE)
4044 goto end;
4045 skb = rx.skb;
4046
4047 skb_push(skb, radiotap_len);
4048 if (sta && !sta->assoc_ap && !(sta->flags & WLAN_STA_WDS) &&
4049 !local->iff_promiscs && !multicast) {
4050 rx.u.rx.ra_match = 1;
4051 ieee80211_invoke_rx_handlers(local, local->rx_handlers, &rx,
4052 sta);
4053 } else {
4054 struct ieee80211_sub_if_data *prev = NULL;
4055 struct sk_buff *skb_new;
4056 u8 *bssid = ieee80211_get_bssid(hdr, skb->len - radiotap_len);
4057
4058 read_lock(&local->sub_if_lock);
4059 list_for_each_entry(sdata, &local->sub_if_list, list) {
4060 rx.u.rx.ra_match = 1;
4061 switch (sdata->type) {
4062 case IEEE80211_IF_TYPE_STA:
4063 if (!bssid)
4064 continue;
4065 if (!ieee80211_bssid_match(bssid,
4066 sdata->u.sta.bssid)) {
4067 if (!rx.u.rx.in_scan)
4068 continue;
4069 rx.u.rx.ra_match = 0;
4070 } else if (!multicast &&
4071 compare_ether_addr(sdata->dev->dev_addr,
4072 hdr->addr1) != 0) {
4073 if (!sdata->promisc)
4074 continue;
4075 rx.u.rx.ra_match = 0;
4076 }
4077 break;
4078 case IEEE80211_IF_TYPE_IBSS:
4079 if (!bssid)
4080 continue;
4081 if (!ieee80211_bssid_match(bssid,
4082 sdata->u.sta.bssid)) {
4083 if (!rx.u.rx.in_scan)
4084 continue;
4085 rx.u.rx.ra_match = 0;
4086 } else if (!multicast &&
4087 compare_ether_addr(sdata->dev->dev_addr,
4088 hdr->addr1) != 0) {
4089 if (!sdata->promisc)
4090 continue;
4091 rx.u.rx.ra_match = 0;
4092 } else if (!sta)
4093 sta = rx.sta =
4094 ieee80211_ibss_add_sta(sdata->dev,
4095 skb, bssid,
4096 hdr->addr2);
4097 break;
4098 case IEEE80211_IF_TYPE_AP:
4099 if (!bssid) {
4100 if (compare_ether_addr(sdata->dev->dev_addr,
4101 hdr->addr1) != 0)
4102 continue;
4103 } else if (!ieee80211_bssid_match(bssid,
4104 sdata->dev->dev_addr)) {
4105 if (!rx.u.rx.in_scan)
4106 continue;
4107 rx.u.rx.ra_match = 0;
4108 }
4109 if (sdata->dev == local->mdev &&
4110 !rx.u.rx.in_scan)
4111 /* do not receive anything via
4112 * master device when not scanning */
4113 continue;
4114 break;
4115 case IEEE80211_IF_TYPE_WDS:
4116 if (bssid ||
4117 (rx.fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA)
4118 continue;
4119 if (compare_ether_addr(sdata->u.wds.remote_addr,
4120 hdr->addr2) != 0)
4121 continue;
4122 break;
4123 }
4124
4125 if (prev) {
4126 skb_new = skb_copy(skb, GFP_ATOMIC);
4127 if (!skb_new) {
4128 if (net_ratelimit())
4129 printk(KERN_DEBUG "%s: failed to copy "
4130 "multicast frame for %s",
4131 local->mdev->name, prev->dev->name);
4132 continue;
4133 }
4134 rx.skb = skb_new;
4135 rx.dev = prev->dev;
4136 rx.sdata = prev;
4137 ieee80211_invoke_rx_handlers(local,
4138 local->rx_handlers,
4139 &rx, sta);
4140 }
4141 prev = sdata;
4142 }
4143 if (prev) {
4144 rx.skb = skb;
4145 rx.dev = prev->dev;
4146 rx.sdata = prev;
4147 ieee80211_invoke_rx_handlers(local, local->rx_handlers,
4148 &rx, sta);
4149 } else
4150 dev_kfree_skb(skb);
4151 read_unlock(&local->sub_if_lock);
4152 }
4153
4154 end:
4155 if (sta)
4156 sta_info_put(sta);
4157}
4158EXPORT_SYMBOL(__ieee80211_rx);
4159
4160static ieee80211_txrx_result 2915static ieee80211_txrx_result
4161ieee80211_tx_h_load_stats(struct ieee80211_txrx_data *tx) 2916ieee80211_tx_h_load_stats(struct ieee80211_txrx_data *tx)
4162{ 2917{
@@ -4215,65 +2970,6 @@ ieee80211_tx_h_load_stats(struct ieee80211_txrx_data *tx)
4215} 2970}
4216 2971
4217 2972
4218static ieee80211_txrx_result
4219ieee80211_rx_h_load_stats(struct ieee80211_txrx_data *rx)
4220{
4221 struct ieee80211_local *local = rx->local;
4222 struct sk_buff *skb = rx->skb;
4223 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
4224 u32 load = 0, hdrtime;
4225 struct ieee80211_rate *rate;
4226 struct ieee80211_hw_mode *mode = local->hw.conf.mode;
4227 int i;
4228
4229 /* Estimate total channel use caused by this frame */
4230
4231 if (unlikely(mode->num_rates < 0))
4232 return TXRX_CONTINUE;
4233
4234 rate = &mode->rates[0];
4235 for (i = 0; i < mode->num_rates; i++) {
4236 if (mode->rates[i].val == rx->u.rx.status->rate) {
4237 rate = &mode->rates[i];
4238 break;
4239 }
4240 }
4241
4242 /* 1 bit at 1 Mbit/s takes 1 usec; in channel_use values,
4243 * 1 usec = 1/8 * (1080 / 10) = 13.5 */
4244
4245 if (mode->mode == MODE_IEEE80211A ||
4246 mode->mode == MODE_ATHEROS_TURBO ||
4247 mode->mode == MODE_ATHEROS_TURBOG ||
4248 (mode->mode == MODE_IEEE80211G &&
4249 rate->flags & IEEE80211_RATE_ERP))
4250 hdrtime = CHAN_UTIL_HDR_SHORT;
4251 else
4252 hdrtime = CHAN_UTIL_HDR_LONG;
4253
4254 load = hdrtime;
4255 if (!is_multicast_ether_addr(hdr->addr1))
4256 load += hdrtime;
4257
4258 load += skb->len * rate->rate_inv;
4259
4260 /* Divide channel_use by 8 to avoid wrapping around the counter */
4261 load >>= CHAN_UTIL_SHIFT;
4262 local->channel_use_raw += load;
4263 if (rx->sta)
4264 rx->sta->channel_use_raw += load;
4265 rx->u.rx.load = load;
4266
4267 return TXRX_CONTINUE;
4268}
4269
4270static ieee80211_txrx_result
4271ieee80211_rx_h_if_stats(struct ieee80211_txrx_data *rx)
4272{
4273 rx->sdata->channel_use_raw += rx->u.rx.load;
4274 return TXRX_CONTINUE;
4275}
4276
4277static void ieee80211_stat_refresh(unsigned long data) 2973static void ieee80211_stat_refresh(unsigned long data)
4278{ 2974{
4279 struct ieee80211_local *local = (struct ieee80211_local *) data; 2975 struct ieee80211_local *local = (struct ieee80211_local *) data;
@@ -4311,24 +3007,6 @@ static void ieee80211_stat_refresh(unsigned long data)
4311} 3007}
4312 3008
4313 3009
4314/* This is a version of the rx handler that can be called from hard irq
4315 * context. Post the skb on the queue and schedule the tasklet */
4316void ieee80211_rx_irqsafe(struct ieee80211_hw *hw, struct sk_buff *skb,
4317 struct ieee80211_rx_status *status)
4318{
4319 struct ieee80211_local *local = hw_to_local(hw);
4320
4321 BUILD_BUG_ON(sizeof(struct ieee80211_rx_status) > sizeof(skb->cb));
4322
4323 skb->dev = local->mdev;
4324 /* copy status into skb->cb for use by tasklet */
4325 memcpy(skb->cb, status, sizeof(*status));
4326 skb->pkt_type = IEEE80211_RX_MSG;
4327 skb_queue_tail(&local->skb_queue, skb);
4328 tasklet_schedule(&local->tasklet);
4329}
4330EXPORT_SYMBOL(ieee80211_rx_irqsafe);
4331
4332void ieee80211_tx_status_irqsafe(struct ieee80211_hw *hw, 3010void ieee80211_tx_status_irqsafe(struct ieee80211_hw *hw,
4333 struct sk_buff *skb, 3011 struct sk_buff *skb,
4334 struct ieee80211_tx_status *status) 3012 struct ieee80211_tx_status *status)
@@ -4690,41 +3368,6 @@ EXPORT_SYMBOL(ieee80211_tx_status);
4690/* TODO: implement register/unregister functions for adding TX/RX handlers 3368/* TODO: implement register/unregister functions for adding TX/RX handlers
4691 * into ordered list */ 3369 * into ordered list */
4692 3370
4693/* rx_pre handlers don't have dev and sdata fields available in
4694 * ieee80211_txrx_data */
4695static ieee80211_rx_handler ieee80211_rx_pre_handlers[] =
4696{
4697 ieee80211_rx_h_parse_qos,
4698 ieee80211_rx_h_load_stats,
4699 NULL
4700};
4701
4702static ieee80211_rx_handler ieee80211_rx_handlers[] =
4703{
4704 ieee80211_rx_h_if_stats,
4705 ieee80211_rx_h_monitor,
4706 ieee80211_rx_h_passive_scan,
4707 ieee80211_rx_h_check,
4708 ieee80211_rx_h_sta_process,
4709 ieee80211_rx_h_ccmp_decrypt,
4710 ieee80211_rx_h_tkip_decrypt,
4711 ieee80211_rx_h_wep_weak_iv_detection,
4712 ieee80211_rx_h_wep_decrypt,
4713 ieee80211_rx_h_defragment,
4714 ieee80211_rx_h_ps_poll,
4715 ieee80211_rx_h_michael_mic_verify,
4716 /* this must be after decryption - so header is counted in MPDU mic
4717 * must be before pae and data, so QOS_DATA format frames
4718 * are not passed to user space by these functions
4719 */
4720 ieee80211_rx_h_remove_qos_control,
4721 ieee80211_rx_h_802_1x_pae,
4722 ieee80211_rx_h_drop_unencrypted,
4723 ieee80211_rx_h_data,
4724 ieee80211_rx_h_mgmt,
4725 NULL
4726};
4727
4728static ieee80211_tx_handler ieee80211_tx_handlers[] = 3371static ieee80211_tx_handler ieee80211_tx_handlers[] =
4729{ 3372{
4730 ieee80211_tx_h_check_assoc, 3373 ieee80211_tx_h_check_assoc,
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index 6f7bae7ef9c0..35e2ce52faeb 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -21,6 +21,7 @@
21#include <linux/workqueue.h> 21#include <linux/workqueue.h>
22#include <linux/types.h> 22#include <linux/types.h>
23#include <linux/spinlock.h> 23#include <linux/spinlock.h>
24#include <linux/etherdevice.h>
24#include <net/wireless.h> 25#include <net/wireless.h>
25#include "ieee80211_key.h" 26#include "ieee80211_key.h"
26#include "sta_info.h" 27#include "sta_info.h"
@@ -707,6 +708,13 @@ static inline int ieee80211_is_erp_rate(int phymode, int rate)
707 return 0; 708 return 0;
708} 709}
709 710
711static inline int ieee80211_bssid_match(const u8 *raddr, const u8 *addr)
712{
713 return compare_ether_addr(raddr, addr) == 0 ||
714 is_broadcast_ether_addr(raddr);
715}
716
717
710/* ieee80211.c */ 718/* ieee80211.c */
711int ieee80211_hw_config(struct ieee80211_local *local); 719int ieee80211_hw_config(struct ieee80211_local *local);
712int ieee80211_if_config(struct net_device *dev); 720int ieee80211_if_config(struct net_device *dev);
@@ -730,6 +738,16 @@ void ieee80211_if_mgmt_setup(struct net_device *dev);
730int ieee80211_init_rate_ctrl_alg(struct ieee80211_local *local, 738int ieee80211_init_rate_ctrl_alg(struct ieee80211_local *local,
731 const char *name); 739 const char *name);
732struct net_device_stats *ieee80211_dev_stats(struct net_device *dev); 740struct net_device_stats *ieee80211_dev_stats(struct net_device *dev);
741struct ieee80211_rate *ieee80211_get_rate(struct ieee80211_local *local,
742 int phymode, int hwrate);
743void ieee80211_key_threshold_notify(struct net_device *dev,
744 struct ieee80211_key *key,
745 struct sta_info *sta);
746u8 *ieee80211_get_bssid(struct ieee80211_hdr *hdr, size_t len);
747int ieee80211_is_eapol(const struct sk_buff *skb);
748
749extern const unsigned char rfc1042_header[];
750extern const unsigned char bridge_tunnel_header[];
733 751
734/* ieee80211_ioctl.c */ 752/* ieee80211_ioctl.c */
735extern const struct iw_handler_def ieee80211_iw_handler_def; 753extern const struct iw_handler_def ieee80211_iw_handler_def;
@@ -801,6 +819,10 @@ void ieee80211_if_del_mgmt(struct ieee80211_local *local);
801void ieee80211_regdomain_init(void); 819void ieee80211_regdomain_init(void);
802void ieee80211_set_default_regdomain(struct ieee80211_hw_mode *mode); 820void ieee80211_set_default_regdomain(struct ieee80211_hw_mode *mode);
803 821
822/* rx handling */
823extern ieee80211_rx_handler ieee80211_rx_pre_handlers[];
824extern ieee80211_rx_handler ieee80211_rx_handlers[];
825
804/* for wiphy privid */ 826/* for wiphy privid */
805extern void *mac80211_wiphy_privid; 827extern void *mac80211_wiphy_privid;
806 828
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
new file mode 100644
index 000000000000..8c0d14c5628f
--- /dev/null
+++ b/net/mac80211/rx.c
@@ -0,0 +1,1360 @@
1/*
2 * Copyright 2002-2005, Instant802 Networks, Inc.
3 * Copyright 2005-2006, Devicescape Software, Inc.
4 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
5 * Copyright 2007 Johannes Berg <johannes@sipsolutions.net>
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as
9 * published by the Free Software Foundation.
10 */
11
12#include <linux/kernel.h>
13#include <linux/skbuff.h>
14#include <linux/netdevice.h>
15#include <linux/etherdevice.h>
16#include <net/iw_handler.h>
17#include <net/mac80211.h>
18#include <net/ieee80211_radiotap.h>
19
20#include "ieee80211_i.h"
21#include "ieee80211_led.h"
22#include "ieee80211_common.h"
23#include "wep.h"
24#include "wpa.h"
25#include "tkip.h"
26#include "wme.h"
27
28/* pre-rx handlers
29 *
30 * these don't have dev/sdata fields in the rx data
31 */
32
33static ieee80211_txrx_result
34ieee80211_rx_h_load_stats(struct ieee80211_txrx_data *rx)
35{
36 struct ieee80211_local *local = rx->local;
37 struct sk_buff *skb = rx->skb;
38 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
39 u32 load = 0, hdrtime;
40 struct ieee80211_rate *rate;
41 struct ieee80211_hw_mode *mode = local->hw.conf.mode;
42 int i;
43
44 /* Estimate total channel use caused by this frame */
45
46 if (unlikely(mode->num_rates < 0))
47 return TXRX_CONTINUE;
48
49 rate = &mode->rates[0];
50 for (i = 0; i < mode->num_rates; i++) {
51 if (mode->rates[i].val == rx->u.rx.status->rate) {
52 rate = &mode->rates[i];
53 break;
54 }
55 }
56
57 /* 1 bit at 1 Mbit/s takes 1 usec; in channel_use values,
58 * 1 usec = 1/8 * (1080 / 10) = 13.5 */
59
60 if (mode->mode == MODE_IEEE80211A ||
61 mode->mode == MODE_ATHEROS_TURBO ||
62 mode->mode == MODE_ATHEROS_TURBOG ||
63 (mode->mode == MODE_IEEE80211G &&
64 rate->flags & IEEE80211_RATE_ERP))
65 hdrtime = CHAN_UTIL_HDR_SHORT;
66 else
67 hdrtime = CHAN_UTIL_HDR_LONG;
68
69 load = hdrtime;
70 if (!is_multicast_ether_addr(hdr->addr1))
71 load += hdrtime;
72
73 load += skb->len * rate->rate_inv;
74
75 /* Divide channel_use by 8 to avoid wrapping around the counter */
76 load >>= CHAN_UTIL_SHIFT;
77 local->channel_use_raw += load;
78 if (rx->sta)
79 rx->sta->channel_use_raw += load;
80 rx->u.rx.load = load;
81
82 return TXRX_CONTINUE;
83}
84
85ieee80211_rx_handler ieee80211_rx_pre_handlers[] =
86{
87 ieee80211_rx_h_parse_qos,
88 ieee80211_rx_h_load_stats,
89 NULL
90};
91
92/* rx handlers */
93
94static ieee80211_txrx_result
95ieee80211_rx_h_if_stats(struct ieee80211_txrx_data *rx)
96{
97 rx->sdata->channel_use_raw += rx->u.rx.load;
98 return TXRX_CONTINUE;
99}
100
101static void
102ieee80211_rx_monitor(struct net_device *dev, struct sk_buff *skb,
103 struct ieee80211_rx_status *status)
104{
105 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
106 struct ieee80211_sub_if_data *sdata;
107 struct ieee80211_rate *rate;
108 struct ieee80211_rtap_hdr {
109 struct ieee80211_radiotap_header hdr;
110 u8 flags;
111 u8 rate;
112 __le16 chan_freq;
113 __le16 chan_flags;
114 u8 antsignal;
115 } __attribute__ ((packed)) *rthdr;
116
117 skb->dev = dev;
118
119 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
120
121 if (status->flag & RX_FLAG_RADIOTAP)
122 goto out;
123
124 if (skb_headroom(skb) < sizeof(*rthdr)) {
125 I802_DEBUG_INC(local->rx_expand_skb_head);
126 if (pskb_expand_head(skb, sizeof(*rthdr), 0, GFP_ATOMIC)) {
127 dev_kfree_skb(skb);
128 return;
129 }
130 }
131
132 rthdr = (struct ieee80211_rtap_hdr *) skb_push(skb, sizeof(*rthdr));
133 memset(rthdr, 0, sizeof(*rthdr));
134 rthdr->hdr.it_len = cpu_to_le16(sizeof(*rthdr));
135 rthdr->hdr.it_present =
136 cpu_to_le32((1 << IEEE80211_RADIOTAP_FLAGS) |
137 (1 << IEEE80211_RADIOTAP_RATE) |
138 (1 << IEEE80211_RADIOTAP_CHANNEL) |
139 (1 << IEEE80211_RADIOTAP_DB_ANTSIGNAL));
140 rthdr->flags = local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS ?
141 IEEE80211_RADIOTAP_F_FCS : 0;
142 rate = ieee80211_get_rate(local, status->phymode, status->rate);
143 if (rate)
144 rthdr->rate = rate->rate / 5;
145 rthdr->chan_freq = cpu_to_le16(status->freq);
146 rthdr->chan_flags =
147 status->phymode == MODE_IEEE80211A ?
148 cpu_to_le16(IEEE80211_CHAN_OFDM | IEEE80211_CHAN_5GHZ) :
149 cpu_to_le16(IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ);
150 rthdr->antsignal = status->ssi;
151
152 out:
153 sdata->stats.rx_packets++;
154 sdata->stats.rx_bytes += skb->len;
155
156 skb_set_mac_header(skb, 0);
157 skb->ip_summed = CHECKSUM_UNNECESSARY;
158 skb->pkt_type = PACKET_OTHERHOST;
159 skb->protocol = htons(ETH_P_802_2);
160 memset(skb->cb, 0, sizeof(skb->cb));
161 netif_rx(skb);
162}
163
164static ieee80211_txrx_result
165ieee80211_rx_h_monitor(struct ieee80211_txrx_data *rx)
166{
167 if (rx->sdata->type == IEEE80211_IF_TYPE_MNTR) {
168 ieee80211_rx_monitor(rx->dev, rx->skb, rx->u.rx.status);
169 return TXRX_QUEUED;
170 }
171
172 if (rx->u.rx.status->flag & RX_FLAG_RADIOTAP)
173 skb_pull(rx->skb, ieee80211_get_radiotap_len(rx->skb->data));
174
175 return TXRX_CONTINUE;
176}
177
178static ieee80211_txrx_result
179ieee80211_rx_h_passive_scan(struct ieee80211_txrx_data *rx)
180{
181 struct ieee80211_local *local = rx->local;
182 struct sk_buff *skb = rx->skb;
183
184 if (unlikely(local->sta_scanning != 0)) {
185 ieee80211_sta_rx_scan(rx->dev, skb, rx->u.rx.status);
186 return TXRX_QUEUED;
187 }
188
189 if (unlikely(rx->u.rx.in_scan)) {
190 /* scanning finished during invoking of handlers */
191 I802_DEBUG_INC(local->rx_handlers_drop_passive_scan);
192 return TXRX_DROP;
193 }
194
195 return TXRX_CONTINUE;
196}
197
198static ieee80211_txrx_result
199ieee80211_rx_h_check(struct ieee80211_txrx_data *rx)
200{
201 struct ieee80211_hdr *hdr;
202 int always_sta_key;
203 hdr = (struct ieee80211_hdr *) rx->skb->data;
204
205 /* Drop duplicate 802.11 retransmissions (IEEE 802.11 Chap. 9.2.9) */
206 if (rx->sta && !is_multicast_ether_addr(hdr->addr1)) {
207 if (unlikely(rx->fc & IEEE80211_FCTL_RETRY &&
208 rx->sta->last_seq_ctrl[rx->u.rx.queue] ==
209 hdr->seq_ctrl)) {
210 if (rx->u.rx.ra_match) {
211 rx->local->dot11FrameDuplicateCount++;
212 rx->sta->num_duplicates++;
213 }
214 return TXRX_DROP;
215 } else
216 rx->sta->last_seq_ctrl[rx->u.rx.queue] = hdr->seq_ctrl;
217 }
218
219 if ((rx->local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS) &&
220 rx->skb->len > FCS_LEN)
221 skb_trim(rx->skb, rx->skb->len - FCS_LEN);
222
223 if (unlikely(rx->skb->len < 16)) {
224 I802_DEBUG_INC(rx->local->rx_handlers_drop_short);
225 return TXRX_DROP;
226 }
227
228 if (!rx->u.rx.ra_match)
229 rx->skb->pkt_type = PACKET_OTHERHOST;
230 else if (compare_ether_addr(rx->dev->dev_addr, hdr->addr1) == 0)
231 rx->skb->pkt_type = PACKET_HOST;
232 else if (is_multicast_ether_addr(hdr->addr1)) {
233 if (is_broadcast_ether_addr(hdr->addr1))
234 rx->skb->pkt_type = PACKET_BROADCAST;
235 else
236 rx->skb->pkt_type = PACKET_MULTICAST;
237 } else
238 rx->skb->pkt_type = PACKET_OTHERHOST;
239
240 /* Drop disallowed frame classes based on STA auth/assoc state;
241 * IEEE 802.11, Chap 5.5.
242 *
243 * 80211.o does filtering only based on association state, i.e., it
244 * drops Class 3 frames from not associated stations. hostapd sends
245 * deauth/disassoc frames when needed. In addition, hostapd is
246 * responsible for filtering on both auth and assoc states.
247 */
248 if (unlikely(((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA ||
249 ((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_CTL &&
250 (rx->fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_PSPOLL)) &&
251 rx->sdata->type != IEEE80211_IF_TYPE_IBSS &&
252 (!rx->sta || !(rx->sta->flags & WLAN_STA_ASSOC)))) {
253 if ((!(rx->fc & IEEE80211_FCTL_FROMDS) &&
254 !(rx->fc & IEEE80211_FCTL_TODS) &&
255 (rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA)
256 || !rx->u.rx.ra_match) {
257 /* Drop IBSS frames and frames for other hosts
258 * silently. */
259 return TXRX_DROP;
260 }
261
262 if (!rx->local->apdev)
263 return TXRX_DROP;
264
265 ieee80211_rx_mgmt(rx->local, rx->skb, rx->u.rx.status,
266 ieee80211_msg_sta_not_assoc);
267 return TXRX_QUEUED;
268 }
269
270 if (rx->sdata->type == IEEE80211_IF_TYPE_STA)
271 always_sta_key = 0;
272 else
273 always_sta_key = 1;
274
275 if (rx->sta && rx->sta->key && always_sta_key) {
276 rx->key = rx->sta->key;
277 } else {
278 if (rx->sta && rx->sta->key)
279 rx->key = rx->sta->key;
280 else
281 rx->key = rx->sdata->default_key;
282
283 if ((rx->local->hw.flags & IEEE80211_HW_WEP_INCLUDE_IV) &&
284 rx->fc & IEEE80211_FCTL_PROTECTED) {
285 int keyidx = ieee80211_wep_get_keyidx(rx->skb);
286
287 if (keyidx >= 0 && keyidx < NUM_DEFAULT_KEYS &&
288 (!rx->sta || !rx->sta->key || keyidx > 0))
289 rx->key = rx->sdata->keys[keyidx];
290
291 if (!rx->key) {
292 if (!rx->u.rx.ra_match)
293 return TXRX_DROP;
294 printk(KERN_DEBUG "%s: RX WEP frame with "
295 "unknown keyidx %d (A1=" MAC_FMT " A2="
296 MAC_FMT " A3=" MAC_FMT ")\n",
297 rx->dev->name, keyidx,
298 MAC_ARG(hdr->addr1),
299 MAC_ARG(hdr->addr2),
300 MAC_ARG(hdr->addr3));
301 if (!rx->local->apdev)
302 return TXRX_DROP;
303 ieee80211_rx_mgmt(
304 rx->local, rx->skb, rx->u.rx.status,
305 ieee80211_msg_wep_frame_unknown_key);
306 return TXRX_QUEUED;
307 }
308 }
309 }
310
311 if (rx->fc & IEEE80211_FCTL_PROTECTED && rx->key && rx->u.rx.ra_match) {
312 rx->key->tx_rx_count++;
313 if (unlikely(rx->local->key_tx_rx_threshold &&
314 rx->key->tx_rx_count >
315 rx->local->key_tx_rx_threshold)) {
316 ieee80211_key_threshold_notify(rx->dev, rx->key,
317 rx->sta);
318 }
319 }
320
321 return TXRX_CONTINUE;
322}
323
324static void ap_sta_ps_start(struct net_device *dev, struct sta_info *sta)
325{
326 struct ieee80211_sub_if_data *sdata;
327 sdata = IEEE80211_DEV_TO_SUB_IF(sta->dev);
328
329 if (sdata->bss)
330 atomic_inc(&sdata->bss->num_sta_ps);
331 sta->flags |= WLAN_STA_PS;
332 sta->pspoll = 0;
333#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
334 printk(KERN_DEBUG "%s: STA " MAC_FMT " aid %d enters power "
335 "save mode\n", dev->name, MAC_ARG(sta->addr), sta->aid);
336#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
337}
338
339static int ap_sta_ps_end(struct net_device *dev, struct sta_info *sta)
340{
341 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
342 struct sk_buff *skb;
343 int sent = 0;
344 struct ieee80211_sub_if_data *sdata;
345 struct ieee80211_tx_packet_data *pkt_data;
346
347 sdata = IEEE80211_DEV_TO_SUB_IF(sta->dev);
348 if (sdata->bss)
349 atomic_dec(&sdata->bss->num_sta_ps);
350 sta->flags &= ~(WLAN_STA_PS | WLAN_STA_TIM);
351 sta->pspoll = 0;
352 if (!skb_queue_empty(&sta->ps_tx_buf)) {
353 if (local->ops->set_tim)
354 local->ops->set_tim(local_to_hw(local), sta->aid, 0);
355 if (sdata->bss)
356 bss_tim_clear(local, sdata->bss, sta->aid);
357 }
358#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
359 printk(KERN_DEBUG "%s: STA " MAC_FMT " aid %d exits power "
360 "save mode\n", dev->name, MAC_ARG(sta->addr), sta->aid);
361#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
362 /* Send all buffered frames to the station */
363 while ((skb = skb_dequeue(&sta->tx_filtered)) != NULL) {
364 pkt_data = (struct ieee80211_tx_packet_data *) skb->cb;
365 sent++;
366 pkt_data->requeue = 1;
367 dev_queue_xmit(skb);
368 }
369 while ((skb = skb_dequeue(&sta->ps_tx_buf)) != NULL) {
370 pkt_data = (struct ieee80211_tx_packet_data *) skb->cb;
371 local->total_ps_buffered--;
372 sent++;
373#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
374 printk(KERN_DEBUG "%s: STA " MAC_FMT " aid %d send PS frame "
375 "since STA not sleeping anymore\n", dev->name,
376 MAC_ARG(sta->addr), sta->aid);
377#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
378 pkt_data->requeue = 1;
379 dev_queue_xmit(skb);
380 }
381
382 return sent;
383}
384
385static ieee80211_txrx_result
386ieee80211_rx_h_sta_process(struct ieee80211_txrx_data *rx)
387{
388 struct sta_info *sta = rx->sta;
389 struct net_device *dev = rx->dev;
390 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
391
392 if (!sta)
393 return TXRX_CONTINUE;
394
395 /* Update last_rx only for IBSS packets which are for the current
396 * BSSID to avoid keeping the current IBSS network alive in cases where
397 * other STAs are using different BSSID. */
398 if (rx->sdata->type == IEEE80211_IF_TYPE_IBSS) {
399 u8 *bssid = ieee80211_get_bssid(hdr, rx->skb->len);
400 if (compare_ether_addr(bssid, rx->sdata->u.sta.bssid) == 0)
401 sta->last_rx = jiffies;
402 } else
403 if (!is_multicast_ether_addr(hdr->addr1) ||
404 rx->sdata->type == IEEE80211_IF_TYPE_STA) {
405 /* Update last_rx only for unicast frames in order to prevent
406 * the Probe Request frames (the only broadcast frames from a
407 * STA in infrastructure mode) from keeping a connection alive.
408 */
409 sta->last_rx = jiffies;
410 }
411
412 if (!rx->u.rx.ra_match)
413 return TXRX_CONTINUE;
414
415 sta->rx_fragments++;
416 sta->rx_bytes += rx->skb->len;
417 sta->last_rssi = (sta->last_rssi * 15 +
418 rx->u.rx.status->ssi) / 16;
419 sta->last_signal = (sta->last_signal * 15 +
420 rx->u.rx.status->signal) / 16;
421 sta->last_noise = (sta->last_noise * 15 +
422 rx->u.rx.status->noise) / 16;
423
424 if (!(rx->fc & IEEE80211_FCTL_MOREFRAGS)) {
425 /* Change STA power saving mode only in the end of a frame
426 * exchange sequence */
427 if ((sta->flags & WLAN_STA_PS) && !(rx->fc & IEEE80211_FCTL_PM))
428 rx->u.rx.sent_ps_buffered += ap_sta_ps_end(dev, sta);
429 else if (!(sta->flags & WLAN_STA_PS) &&
430 (rx->fc & IEEE80211_FCTL_PM))
431 ap_sta_ps_start(dev, sta);
432 }
433
434 /* Drop data::nullfunc frames silently, since they are used only to
435 * control station power saving mode. */
436 if ((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA &&
437 (rx->fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_NULLFUNC) {
438 I802_DEBUG_INC(rx->local->rx_handlers_drop_nullfunc);
439 /* Update counter and free packet here to avoid counting this
440 * as a dropped packed. */
441 sta->rx_packets++;
442 dev_kfree_skb(rx->skb);
443 return TXRX_QUEUED;
444 }
445
446 return TXRX_CONTINUE;
447} /* ieee80211_rx_h_sta_process */
448
449static ieee80211_txrx_result
450ieee80211_rx_h_wep_weak_iv_detection(struct ieee80211_txrx_data *rx)
451{
452 if (!rx->sta || !(rx->fc & IEEE80211_FCTL_PROTECTED) ||
453 (rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA ||
454 !rx->key || rx->key->alg != ALG_WEP || !rx->u.rx.ra_match)
455 return TXRX_CONTINUE;
456
457 /* Check for weak IVs, if hwaccel did not remove IV from the frame */
458 if ((rx->local->hw.flags & IEEE80211_HW_WEP_INCLUDE_IV) ||
459 rx->key->force_sw_encrypt) {
460 u8 *iv = ieee80211_wep_is_weak_iv(rx->skb, rx->key);
461 if (iv) {
462 rx->sta->wep_weak_iv_count++;
463 }
464 }
465
466 return TXRX_CONTINUE;
467}
468
469static ieee80211_txrx_result
470ieee80211_rx_h_wep_decrypt(struct ieee80211_txrx_data *rx)
471{
472 /* If the device handles decryption totally, skip this test */
473 if (rx->local->hw.flags & IEEE80211_HW_DEVICE_HIDES_WEP)
474 return TXRX_CONTINUE;
475
476 if ((rx->key && rx->key->alg != ALG_WEP) ||
477 !(rx->fc & IEEE80211_FCTL_PROTECTED) ||
478 ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA &&
479 ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT ||
480 (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_AUTH)))
481 return TXRX_CONTINUE;
482
483 if (!rx->key) {
484 printk(KERN_DEBUG "%s: RX WEP frame, but no key set\n",
485 rx->dev->name);
486 return TXRX_DROP;
487 }
488
489 if (!(rx->u.rx.status->flag & RX_FLAG_DECRYPTED) ||
490 rx->key->force_sw_encrypt) {
491 if (ieee80211_wep_decrypt(rx->local, rx->skb, rx->key)) {
492 printk(KERN_DEBUG "%s: RX WEP frame, decrypt "
493 "failed\n", rx->dev->name);
494 return TXRX_DROP;
495 }
496 } else if (rx->local->hw.flags & IEEE80211_HW_WEP_INCLUDE_IV) {
497 ieee80211_wep_remove_iv(rx->local, rx->skb, rx->key);
498 /* remove ICV */
499 skb_trim(rx->skb, rx->skb->len - 4);
500 }
501
502 return TXRX_CONTINUE;
503}
504
505static inline struct ieee80211_fragment_entry *
506ieee80211_reassemble_add(struct ieee80211_sub_if_data *sdata,
507 unsigned int frag, unsigned int seq, int rx_queue,
508 struct sk_buff **skb)
509{
510 struct ieee80211_fragment_entry *entry;
511 int idx;
512
513 idx = sdata->fragment_next;
514 entry = &sdata->fragments[sdata->fragment_next++];
515 if (sdata->fragment_next >= IEEE80211_FRAGMENT_MAX)
516 sdata->fragment_next = 0;
517
518 if (!skb_queue_empty(&entry->skb_list)) {
519#ifdef CONFIG_MAC80211_DEBUG
520 struct ieee80211_hdr *hdr =
521 (struct ieee80211_hdr *) entry->skb_list.next->data;
522 printk(KERN_DEBUG "%s: RX reassembly removed oldest "
523 "fragment entry (idx=%d age=%lu seq=%d last_frag=%d "
524 "addr1=" MAC_FMT " addr2=" MAC_FMT "\n",
525 sdata->dev->name, idx,
526 jiffies - entry->first_frag_time, entry->seq,
527 entry->last_frag, MAC_ARG(hdr->addr1),
528 MAC_ARG(hdr->addr2));
529#endif /* CONFIG_MAC80211_DEBUG */
530 __skb_queue_purge(&entry->skb_list);
531 }
532
533 __skb_queue_tail(&entry->skb_list, *skb); /* no need for locking */
534 *skb = NULL;
535 entry->first_frag_time = jiffies;
536 entry->seq = seq;
537 entry->rx_queue = rx_queue;
538 entry->last_frag = frag;
539 entry->ccmp = 0;
540 entry->extra_len = 0;
541
542 return entry;
543}
544
545static inline struct ieee80211_fragment_entry *
546ieee80211_reassemble_find(struct ieee80211_sub_if_data *sdata,
547 u16 fc, unsigned int frag, unsigned int seq,
548 int rx_queue, struct ieee80211_hdr *hdr)
549{
550 struct ieee80211_fragment_entry *entry;
551 int i, idx;
552
553 idx = sdata->fragment_next;
554 for (i = 0; i < IEEE80211_FRAGMENT_MAX; i++) {
555 struct ieee80211_hdr *f_hdr;
556 u16 f_fc;
557
558 idx--;
559 if (idx < 0)
560 idx = IEEE80211_FRAGMENT_MAX - 1;
561
562 entry = &sdata->fragments[idx];
563 if (skb_queue_empty(&entry->skb_list) || entry->seq != seq ||
564 entry->rx_queue != rx_queue ||
565 entry->last_frag + 1 != frag)
566 continue;
567
568 f_hdr = (struct ieee80211_hdr *) entry->skb_list.next->data;
569 f_fc = le16_to_cpu(f_hdr->frame_control);
570
571 if ((fc & IEEE80211_FCTL_FTYPE) != (f_fc & IEEE80211_FCTL_FTYPE) ||
572 compare_ether_addr(hdr->addr1, f_hdr->addr1) != 0 ||
573 compare_ether_addr(hdr->addr2, f_hdr->addr2) != 0)
574 continue;
575
576 if (entry->first_frag_time + 2 * HZ < jiffies) {
577 __skb_queue_purge(&entry->skb_list);
578 continue;
579 }
580 return entry;
581 }
582
583 return NULL;
584}
585
586static ieee80211_txrx_result
587ieee80211_rx_h_defragment(struct ieee80211_txrx_data *rx)
588{
589 struct ieee80211_hdr *hdr;
590 u16 sc;
591 unsigned int frag, seq;
592 struct ieee80211_fragment_entry *entry;
593 struct sk_buff *skb;
594
595 hdr = (struct ieee80211_hdr *) rx->skb->data;
596 sc = le16_to_cpu(hdr->seq_ctrl);
597 frag = sc & IEEE80211_SCTL_FRAG;
598
599 if (likely((!(rx->fc & IEEE80211_FCTL_MOREFRAGS) && frag == 0) ||
600 (rx->skb)->len < 24 ||
601 is_multicast_ether_addr(hdr->addr1))) {
602 /* not fragmented */
603 goto out;
604 }
605 I802_DEBUG_INC(rx->local->rx_handlers_fragments);
606
607 seq = (sc & IEEE80211_SCTL_SEQ) >> 4;
608
609 if (frag == 0) {
610 /* This is the first fragment of a new frame. */
611 entry = ieee80211_reassemble_add(rx->sdata, frag, seq,
612 rx->u.rx.queue, &(rx->skb));
613 if (rx->key && rx->key->alg == ALG_CCMP &&
614 (rx->fc & IEEE80211_FCTL_PROTECTED)) {
615 /* Store CCMP PN so that we can verify that the next
616 * fragment has a sequential PN value. */
617 entry->ccmp = 1;
618 memcpy(entry->last_pn,
619 rx->key->u.ccmp.rx_pn[rx->u.rx.queue],
620 CCMP_PN_LEN);
621 }
622 return TXRX_QUEUED;
623 }
624
625 /* This is a fragment for a frame that should already be pending in
626 * fragment cache. Add this fragment to the end of the pending entry.
627 */
628 entry = ieee80211_reassemble_find(rx->sdata, rx->fc, frag, seq,
629 rx->u.rx.queue, hdr);
630 if (!entry) {
631 I802_DEBUG_INC(rx->local->rx_handlers_drop_defrag);
632 return TXRX_DROP;
633 }
634
635 /* Verify that MPDUs within one MSDU have sequential PN values.
636 * (IEEE 802.11i, 8.3.3.4.5) */
637 if (entry->ccmp) {
638 int i;
639 u8 pn[CCMP_PN_LEN], *rpn;
640 if (!rx->key || rx->key->alg != ALG_CCMP)
641 return TXRX_DROP;
642 memcpy(pn, entry->last_pn, CCMP_PN_LEN);
643 for (i = CCMP_PN_LEN - 1; i >= 0; i--) {
644 pn[i]++;
645 if (pn[i])
646 break;
647 }
648 rpn = rx->key->u.ccmp.rx_pn[rx->u.rx.queue];
649 if (memcmp(pn, rpn, CCMP_PN_LEN) != 0) {
650 printk(KERN_DEBUG "%s: defrag: CCMP PN not sequential"
651 " A2=" MAC_FMT " PN=%02x%02x%02x%02x%02x%02x "
652 "(expected %02x%02x%02x%02x%02x%02x)\n",
653 rx->dev->name, MAC_ARG(hdr->addr2),
654 rpn[0], rpn[1], rpn[2], rpn[3], rpn[4], rpn[5],
655 pn[0], pn[1], pn[2], pn[3], pn[4], pn[5]);
656 return TXRX_DROP;
657 }
658 memcpy(entry->last_pn, pn, CCMP_PN_LEN);
659 }
660
661 skb_pull(rx->skb, ieee80211_get_hdrlen(rx->fc));
662 __skb_queue_tail(&entry->skb_list, rx->skb);
663 entry->last_frag = frag;
664 entry->extra_len += rx->skb->len;
665 if (rx->fc & IEEE80211_FCTL_MOREFRAGS) {
666 rx->skb = NULL;
667 return TXRX_QUEUED;
668 }
669
670 rx->skb = __skb_dequeue(&entry->skb_list);
671 if (skb_tailroom(rx->skb) < entry->extra_len) {
672 I802_DEBUG_INC(rx->local->rx_expand_skb_head2);
673 if (unlikely(pskb_expand_head(rx->skb, 0, entry->extra_len,
674 GFP_ATOMIC))) {
675 I802_DEBUG_INC(rx->local->rx_handlers_drop_defrag);
676 __skb_queue_purge(&entry->skb_list);
677 return TXRX_DROP;
678 }
679 }
680 while ((skb = __skb_dequeue(&entry->skb_list))) {
681 memcpy(skb_put(rx->skb, skb->len), skb->data, skb->len);
682 dev_kfree_skb(skb);
683 }
684
685 /* Complete frame has been reassembled - process it now */
686 rx->fragmented = 1;
687
688 out:
689 if (rx->sta)
690 rx->sta->rx_packets++;
691 if (is_multicast_ether_addr(hdr->addr1))
692 rx->local->dot11MulticastReceivedFrameCount++;
693 else
694 ieee80211_led_rx(rx->local);
695 return TXRX_CONTINUE;
696}
697
698static ieee80211_txrx_result
699ieee80211_rx_h_ps_poll(struct ieee80211_txrx_data *rx)
700{
701 struct sk_buff *skb;
702 int no_pending_pkts;
703
704 if (likely(!rx->sta ||
705 (rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_CTL ||
706 (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_PSPOLL ||
707 !rx->u.rx.ra_match))
708 return TXRX_CONTINUE;
709
710 skb = skb_dequeue(&rx->sta->tx_filtered);
711 if (!skb) {
712 skb = skb_dequeue(&rx->sta->ps_tx_buf);
713 if (skb)
714 rx->local->total_ps_buffered--;
715 }
716 no_pending_pkts = skb_queue_empty(&rx->sta->tx_filtered) &&
717 skb_queue_empty(&rx->sta->ps_tx_buf);
718
719 if (skb) {
720 struct ieee80211_hdr *hdr =
721 (struct ieee80211_hdr *) skb->data;
722
723 /* tell TX path to send one frame even though the STA may
724 * still remain is PS mode after this frame exchange */
725 rx->sta->pspoll = 1;
726
727#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
728 printk(KERN_DEBUG "STA " MAC_FMT " aid %d: PS Poll (entries "
729 "after %d)\n",
730 MAC_ARG(rx->sta->addr), rx->sta->aid,
731 skb_queue_len(&rx->sta->ps_tx_buf));
732#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
733
734 /* Use MoreData flag to indicate whether there are more
735 * buffered frames for this STA */
736 if (no_pending_pkts) {
737 hdr->frame_control &= cpu_to_le16(~IEEE80211_FCTL_MOREDATA);
738 rx->sta->flags &= ~WLAN_STA_TIM;
739 } else
740 hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_MOREDATA);
741
742 dev_queue_xmit(skb);
743
744 if (no_pending_pkts) {
745 if (rx->local->ops->set_tim)
746 rx->local->ops->set_tim(local_to_hw(rx->local),
747 rx->sta->aid, 0);
748 if (rx->sdata->bss)
749 bss_tim_clear(rx->local, rx->sdata->bss, rx->sta->aid);
750 }
751#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
752 } else if (!rx->u.rx.sent_ps_buffered) {
753 printk(KERN_DEBUG "%s: STA " MAC_FMT " sent PS Poll even "
754 "though there is no buffered frames for it\n",
755 rx->dev->name, MAC_ARG(rx->sta->addr));
756#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
757
758 }
759
760 /* Free PS Poll skb here instead of returning TXRX_DROP that would
761 * count as an dropped frame. */
762 dev_kfree_skb(rx->skb);
763
764 return TXRX_QUEUED;
765}
766
767static ieee80211_txrx_result
768ieee80211_rx_h_802_1x_pae(struct ieee80211_txrx_data *rx)
769{
770 if (rx->sdata->eapol && ieee80211_is_eapol(rx->skb) &&
771 rx->sdata->type != IEEE80211_IF_TYPE_STA && rx->u.rx.ra_match) {
772 /* Pass both encrypted and unencrypted EAPOL frames to user
773 * space for processing. */
774 if (!rx->local->apdev)
775 return TXRX_DROP;
776 ieee80211_rx_mgmt(rx->local, rx->skb, rx->u.rx.status,
777 ieee80211_msg_normal);
778 return TXRX_QUEUED;
779 }
780
781 if (unlikely(rx->sdata->ieee802_1x &&
782 (rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA &&
783 (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_NULLFUNC &&
784 (!rx->sta || !(rx->sta->flags & WLAN_STA_AUTHORIZED)) &&
785 !ieee80211_is_eapol(rx->skb))) {
786#ifdef CONFIG_MAC80211_DEBUG
787 struct ieee80211_hdr *hdr =
788 (struct ieee80211_hdr *) rx->skb->data;
789 printk(KERN_DEBUG "%s: dropped frame from " MAC_FMT
790 " (unauthorized port)\n", rx->dev->name,
791 MAC_ARG(hdr->addr2));
792#endif /* CONFIG_MAC80211_DEBUG */
793 return TXRX_DROP;
794 }
795
796 return TXRX_CONTINUE;
797}
798
799static ieee80211_txrx_result
800ieee80211_rx_h_drop_unencrypted(struct ieee80211_txrx_data *rx)
801{
802 /* If the device handles decryption totally, skip this test */
803 if (rx->local->hw.flags & IEEE80211_HW_DEVICE_HIDES_WEP)
804 return TXRX_CONTINUE;
805
806 /* Drop unencrypted frames if key is set. */
807 if (unlikely(!(rx->fc & IEEE80211_FCTL_PROTECTED) &&
808 (rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA &&
809 (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_NULLFUNC &&
810 (rx->key || rx->sdata->drop_unencrypted) &&
811 (rx->sdata->eapol == 0 ||
812 !ieee80211_is_eapol(rx->skb)))) {
813 printk(KERN_DEBUG "%s: RX non-WEP frame, but expected "
814 "encryption\n", rx->dev->name);
815 return TXRX_DROP;
816 }
817 return TXRX_CONTINUE;
818}
819
820static ieee80211_txrx_result
821ieee80211_rx_h_data(struct ieee80211_txrx_data *rx)
822{
823 struct net_device *dev = rx->dev;
824 struct ieee80211_local *local = rx->local;
825 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
826 u16 fc, hdrlen, ethertype;
827 u8 *payload;
828 u8 dst[ETH_ALEN];
829 u8 src[ETH_ALEN];
830 struct sk_buff *skb = rx->skb, *skb2;
831 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
832
833 fc = rx->fc;
834 if (unlikely((fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA))
835 return TXRX_CONTINUE;
836
837 if (unlikely(!WLAN_FC_DATA_PRESENT(fc)))
838 return TXRX_DROP;
839
840 hdrlen = ieee80211_get_hdrlen(fc);
841
842 /* convert IEEE 802.11 header + possible LLC headers into Ethernet
843 * header
844 * IEEE 802.11 address fields:
845 * ToDS FromDS Addr1 Addr2 Addr3 Addr4
846 * 0 0 DA SA BSSID n/a
847 * 0 1 DA BSSID SA n/a
848 * 1 0 BSSID SA DA n/a
849 * 1 1 RA TA DA SA
850 */
851
852 switch (fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) {
853 case IEEE80211_FCTL_TODS:
854 /* BSSID SA DA */
855 memcpy(dst, hdr->addr3, ETH_ALEN);
856 memcpy(src, hdr->addr2, ETH_ALEN);
857
858 if (unlikely(sdata->type != IEEE80211_IF_TYPE_AP &&
859 sdata->type != IEEE80211_IF_TYPE_VLAN)) {
860 printk(KERN_DEBUG "%s: dropped ToDS frame (BSSID="
861 MAC_FMT " SA=" MAC_FMT " DA=" MAC_FMT ")\n",
862 dev->name, MAC_ARG(hdr->addr1),
863 MAC_ARG(hdr->addr2), MAC_ARG(hdr->addr3));
864 return TXRX_DROP;
865 }
866 break;
867 case (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS):
868 /* RA TA DA SA */
869 memcpy(dst, hdr->addr3, ETH_ALEN);
870 memcpy(src, hdr->addr4, ETH_ALEN);
871
872 if (unlikely(sdata->type != IEEE80211_IF_TYPE_WDS)) {
873 printk(KERN_DEBUG "%s: dropped FromDS&ToDS frame (RA="
874 MAC_FMT " TA=" MAC_FMT " DA=" MAC_FMT " SA="
875 MAC_FMT ")\n",
876 rx->dev->name, MAC_ARG(hdr->addr1),
877 MAC_ARG(hdr->addr2), MAC_ARG(hdr->addr3),
878 MAC_ARG(hdr->addr4));
879 return TXRX_DROP;
880 }
881 break;
882 case IEEE80211_FCTL_FROMDS:
883 /* DA BSSID SA */
884 memcpy(dst, hdr->addr1, ETH_ALEN);
885 memcpy(src, hdr->addr3, ETH_ALEN);
886
887 if (sdata->type != IEEE80211_IF_TYPE_STA) {
888 return TXRX_DROP;
889 }
890 break;
891 case 0:
892 /* DA SA BSSID */
893 memcpy(dst, hdr->addr1, ETH_ALEN);
894 memcpy(src, hdr->addr2, ETH_ALEN);
895
896 if (sdata->type != IEEE80211_IF_TYPE_IBSS) {
897 if (net_ratelimit()) {
898 printk(KERN_DEBUG "%s: dropped IBSS frame (DA="
899 MAC_FMT " SA=" MAC_FMT " BSSID=" MAC_FMT
900 ")\n",
901 dev->name, MAC_ARG(hdr->addr1),
902 MAC_ARG(hdr->addr2),
903 MAC_ARG(hdr->addr3));
904 }
905 return TXRX_DROP;
906 }
907 break;
908 }
909
910 payload = skb->data + hdrlen;
911
912 if (unlikely(skb->len - hdrlen < 8)) {
913 if (net_ratelimit()) {
914 printk(KERN_DEBUG "%s: RX too short data frame "
915 "payload\n", dev->name);
916 }
917 return TXRX_DROP;
918 }
919
920 ethertype = (payload[6] << 8) | payload[7];
921
922 if (likely((compare_ether_addr(payload, rfc1042_header) == 0 &&
923 ethertype != ETH_P_AARP && ethertype != ETH_P_IPX) ||
924 compare_ether_addr(payload, bridge_tunnel_header) == 0)) {
925 /* remove RFC1042 or Bridge-Tunnel encapsulation and
926 * replace EtherType */
927 skb_pull(skb, hdrlen + 6);
928 memcpy(skb_push(skb, ETH_ALEN), src, ETH_ALEN);
929 memcpy(skb_push(skb, ETH_ALEN), dst, ETH_ALEN);
930 } else {
931 struct ethhdr *ehdr;
932 __be16 len;
933 skb_pull(skb, hdrlen);
934 len = htons(skb->len);
935 ehdr = (struct ethhdr *) skb_push(skb, sizeof(struct ethhdr));
936 memcpy(ehdr->h_dest, dst, ETH_ALEN);
937 memcpy(ehdr->h_source, src, ETH_ALEN);
938 ehdr->h_proto = len;
939 }
940 skb->dev = dev;
941
942 skb2 = NULL;
943
944 sdata->stats.rx_packets++;
945 sdata->stats.rx_bytes += skb->len;
946
947 if (local->bridge_packets && (sdata->type == IEEE80211_IF_TYPE_AP
948 || sdata->type == IEEE80211_IF_TYPE_VLAN) && rx->u.rx.ra_match) {
949 if (is_multicast_ether_addr(skb->data)) {
950 /* send multicast frames both to higher layers in
951 * local net stack and back to the wireless media */
952 skb2 = skb_copy(skb, GFP_ATOMIC);
953 if (!skb2)
954 printk(KERN_DEBUG "%s: failed to clone "
955 "multicast frame\n", dev->name);
956 } else {
957 struct sta_info *dsta;
958 dsta = sta_info_get(local, skb->data);
959 if (dsta && !dsta->dev) {
960 printk(KERN_DEBUG "Station with null dev "
961 "structure!\n");
962 } else if (dsta && dsta->dev == dev) {
963 /* Destination station is associated to this
964 * AP, so send the frame directly to it and
965 * do not pass the frame to local net stack.
966 */
967 skb2 = skb;
968 skb = NULL;
969 }
970 if (dsta)
971 sta_info_put(dsta);
972 }
973 }
974
975 if (skb) {
976 /* deliver to local stack */
977 skb->protocol = eth_type_trans(skb, dev);
978 memset(skb->cb, 0, sizeof(skb->cb));
979 netif_rx(skb);
980 }
981
982 if (skb2) {
983 /* send to wireless media */
984 skb2->protocol = __constant_htons(ETH_P_802_3);
985 skb_set_network_header(skb2, 0);
986 skb_set_mac_header(skb2, 0);
987 dev_queue_xmit(skb2);
988 }
989
990 return TXRX_QUEUED;
991}
992
993static ieee80211_txrx_result
994ieee80211_rx_h_mgmt(struct ieee80211_txrx_data *rx)
995{
996 struct ieee80211_sub_if_data *sdata;
997
998 if (!rx->u.rx.ra_match)
999 return TXRX_DROP;
1000
1001 sdata = IEEE80211_DEV_TO_SUB_IF(rx->dev);
1002 if ((sdata->type == IEEE80211_IF_TYPE_STA ||
1003 sdata->type == IEEE80211_IF_TYPE_IBSS) &&
1004 !rx->local->user_space_mlme) {
1005 ieee80211_sta_rx_mgmt(rx->dev, rx->skb, rx->u.rx.status);
1006 } else {
1007 /* Management frames are sent to hostapd for processing */
1008 if (!rx->local->apdev)
1009 return TXRX_DROP;
1010 ieee80211_rx_mgmt(rx->local, rx->skb, rx->u.rx.status,
1011 ieee80211_msg_normal);
1012 }
1013 return TXRX_QUEUED;
1014}
1015
1016static inline ieee80211_txrx_result __ieee80211_invoke_rx_handlers(
1017 struct ieee80211_local *local,
1018 ieee80211_rx_handler *handlers,
1019 struct ieee80211_txrx_data *rx,
1020 struct sta_info *sta)
1021{
1022 ieee80211_rx_handler *handler;
1023 ieee80211_txrx_result res = TXRX_DROP;
1024
1025 for (handler = handlers; *handler != NULL; handler++) {
1026 res = (*handler)(rx);
1027 if (res != TXRX_CONTINUE) {
1028 if (res == TXRX_DROP) {
1029 I802_DEBUG_INC(local->rx_handlers_drop);
1030 if (sta)
1031 sta->rx_dropped++;
1032 }
1033 if (res == TXRX_QUEUED)
1034 I802_DEBUG_INC(local->rx_handlers_queued);
1035 break;
1036 }
1037 }
1038
1039 if (res == TXRX_DROP) {
1040 dev_kfree_skb(rx->skb);
1041 }
1042 return res;
1043}
1044
1045static inline void ieee80211_invoke_rx_handlers(struct ieee80211_local *local,
1046 ieee80211_rx_handler *handlers,
1047 struct ieee80211_txrx_data *rx,
1048 struct sta_info *sta)
1049{
1050 if (__ieee80211_invoke_rx_handlers(local, handlers, rx, sta) ==
1051 TXRX_CONTINUE)
1052 dev_kfree_skb(rx->skb);
1053}
1054
1055static void ieee80211_rx_michael_mic_report(struct net_device *dev,
1056 struct ieee80211_hdr *hdr,
1057 struct sta_info *sta,
1058 struct ieee80211_txrx_data *rx)
1059{
1060 int keyidx, hdrlen;
1061
1062 hdrlen = ieee80211_get_hdrlen_from_skb(rx->skb);
1063 if (rx->skb->len >= hdrlen + 4)
1064 keyidx = rx->skb->data[hdrlen + 3] >> 6;
1065 else
1066 keyidx = -1;
1067
1068 /* TODO: verify that this is not triggered by fragmented
1069 * frames (hw does not verify MIC for them). */
1070 printk(KERN_DEBUG "%s: TKIP hwaccel reported Michael MIC "
1071 "failure from " MAC_FMT " to " MAC_FMT " keyidx=%d\n",
1072 dev->name, MAC_ARG(hdr->addr2), MAC_ARG(hdr->addr1), keyidx);
1073
1074 if (!sta) {
1075 /* Some hardware versions seem to generate incorrect
1076 * Michael MIC reports; ignore them to avoid triggering
1077 * countermeasures. */
1078 printk(KERN_DEBUG "%s: ignored spurious Michael MIC "
1079 "error for unknown address " MAC_FMT "\n",
1080 dev->name, MAC_ARG(hdr->addr2));
1081 goto ignore;
1082 }
1083
1084 if (!(rx->fc & IEEE80211_FCTL_PROTECTED)) {
1085 printk(KERN_DEBUG "%s: ignored spurious Michael MIC "
1086 "error for a frame with no ISWEP flag (src "
1087 MAC_FMT ")\n", dev->name, MAC_ARG(hdr->addr2));
1088 goto ignore;
1089 }
1090
1091 if ((rx->local->hw.flags & IEEE80211_HW_WEP_INCLUDE_IV) &&
1092 rx->sdata->type == IEEE80211_IF_TYPE_AP) {
1093 keyidx = ieee80211_wep_get_keyidx(rx->skb);
1094 /* AP with Pairwise keys support should never receive Michael
1095 * MIC errors for non-zero keyidx because these are reserved
1096 * for group keys and only the AP is sending real multicast
1097 * frames in BSS. */
1098 if (keyidx) {
1099 printk(KERN_DEBUG "%s: ignored Michael MIC error for "
1100 "a frame with non-zero keyidx (%d) (src " MAC_FMT
1101 ")\n", dev->name, keyidx, MAC_ARG(hdr->addr2));
1102 goto ignore;
1103 }
1104 }
1105
1106 if ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA &&
1107 ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT ||
1108 (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_AUTH)) {
1109 printk(KERN_DEBUG "%s: ignored spurious Michael MIC "
1110 "error for a frame that cannot be encrypted "
1111 "(fc=0x%04x) (src " MAC_FMT ")\n",
1112 dev->name, rx->fc, MAC_ARG(hdr->addr2));
1113 goto ignore;
1114 }
1115
1116 do {
1117 union iwreq_data wrqu;
1118 char *buf = kmalloc(128, GFP_ATOMIC);
1119 if (!buf)
1120 break;
1121
1122 /* TODO: needed parameters: count, key type, TSC */
1123 sprintf(buf, "MLME-MICHAELMICFAILURE.indication("
1124 "keyid=%d %scast addr=" MAC_FMT ")",
1125 keyidx, hdr->addr1[0] & 0x01 ? "broad" : "uni",
1126 MAC_ARG(hdr->addr2));
1127 memset(&wrqu, 0, sizeof(wrqu));
1128 wrqu.data.length = strlen(buf);
1129 wireless_send_event(rx->dev, IWEVCUSTOM, &wrqu, buf);
1130 kfree(buf);
1131 } while (0);
1132
1133 /* TODO: consider verifying the MIC error report with software
1134 * implementation if we get too many spurious reports from the
1135 * hardware. */
1136 if (!rx->local->apdev)
1137 goto ignore;
1138 ieee80211_rx_mgmt(rx->local, rx->skb, rx->u.rx.status,
1139 ieee80211_msg_michael_mic_failure);
1140 return;
1141
1142 ignore:
1143 dev_kfree_skb(rx->skb);
1144 rx->skb = NULL;
1145}
1146
1147ieee80211_rx_handler ieee80211_rx_handlers[] =
1148{
1149 ieee80211_rx_h_if_stats,
1150 ieee80211_rx_h_monitor,
1151 ieee80211_rx_h_passive_scan,
1152 ieee80211_rx_h_check,
1153 ieee80211_rx_h_sta_process,
1154 ieee80211_rx_h_ccmp_decrypt,
1155 ieee80211_rx_h_tkip_decrypt,
1156 ieee80211_rx_h_wep_weak_iv_detection,
1157 ieee80211_rx_h_wep_decrypt,
1158 ieee80211_rx_h_defragment,
1159 ieee80211_rx_h_ps_poll,
1160 ieee80211_rx_h_michael_mic_verify,
1161 /* this must be after decryption - so header is counted in MPDU mic
1162 * must be before pae and data, so QOS_DATA format frames
1163 * are not passed to user space by these functions
1164 */
1165 ieee80211_rx_h_remove_qos_control,
1166 ieee80211_rx_h_802_1x_pae,
1167 ieee80211_rx_h_drop_unencrypted,
1168 ieee80211_rx_h_data,
1169 ieee80211_rx_h_mgmt,
1170 NULL
1171};
1172
1173/* main receive path */
1174
1175/*
1176 * This is the receive path handler. It is called by a low level driver when an
1177 * 802.11 MPDU is received from the hardware.
1178 */
1179void __ieee80211_rx(struct ieee80211_hw *hw, struct sk_buff *skb,
1180 struct ieee80211_rx_status *status)
1181{
1182 struct ieee80211_local *local = hw_to_local(hw);
1183 struct ieee80211_sub_if_data *sdata;
1184 struct sta_info *sta;
1185 struct ieee80211_hdr *hdr;
1186 struct ieee80211_txrx_data rx;
1187 u16 type;
1188 int multicast;
1189 int radiotap_len = 0;
1190
1191 if (status->flag & RX_FLAG_RADIOTAP) {
1192 radiotap_len = ieee80211_get_radiotap_len(skb->data);
1193 skb_pull(skb, radiotap_len);
1194 }
1195
1196 hdr = (struct ieee80211_hdr *) skb->data;
1197 memset(&rx, 0, sizeof(rx));
1198 rx.skb = skb;
1199 rx.local = local;
1200
1201 rx.u.rx.status = status;
1202 rx.fc = skb->len >= 2 ? le16_to_cpu(hdr->frame_control) : 0;
1203 type = rx.fc & IEEE80211_FCTL_FTYPE;
1204 if (type == IEEE80211_FTYPE_DATA || type == IEEE80211_FTYPE_MGMT)
1205 local->dot11ReceivedFragmentCount++;
1206 multicast = is_multicast_ether_addr(hdr->addr1);
1207
1208 if (skb->len >= 16)
1209 sta = rx.sta = sta_info_get(local, hdr->addr2);
1210 else
1211 sta = rx.sta = NULL;
1212
1213 if (sta) {
1214 rx.dev = sta->dev;
1215 rx.sdata = IEEE80211_DEV_TO_SUB_IF(rx.dev);
1216 }
1217
1218 if ((status->flag & RX_FLAG_MMIC_ERROR)) {
1219 ieee80211_rx_michael_mic_report(local->mdev, hdr, sta, &rx);
1220 goto end;
1221 }
1222
1223 if (unlikely(local->sta_scanning))
1224 rx.u.rx.in_scan = 1;
1225
1226 if (__ieee80211_invoke_rx_handlers(local, local->rx_pre_handlers, &rx,
1227 sta) != TXRX_CONTINUE)
1228 goto end;
1229 skb = rx.skb;
1230
1231 skb_push(skb, radiotap_len);
1232 if (sta && !sta->assoc_ap && !(sta->flags & WLAN_STA_WDS) &&
1233 !local->iff_promiscs && !multicast) {
1234 rx.u.rx.ra_match = 1;
1235 ieee80211_invoke_rx_handlers(local, local->rx_handlers, &rx,
1236 sta);
1237 } else {
1238 struct ieee80211_sub_if_data *prev = NULL;
1239 struct sk_buff *skb_new;
1240 u8 *bssid = ieee80211_get_bssid(hdr, skb->len - radiotap_len);
1241
1242 read_lock(&local->sub_if_lock);
1243 list_for_each_entry(sdata, &local->sub_if_list, list) {
1244 rx.u.rx.ra_match = 1;
1245 switch (sdata->type) {
1246 case IEEE80211_IF_TYPE_STA:
1247 if (!bssid)
1248 continue;
1249 if (!ieee80211_bssid_match(bssid,
1250 sdata->u.sta.bssid)) {
1251 if (!rx.u.rx.in_scan)
1252 continue;
1253 rx.u.rx.ra_match = 0;
1254 } else if (!multicast &&
1255 compare_ether_addr(sdata->dev->dev_addr,
1256 hdr->addr1) != 0) {
1257 if (!sdata->promisc)
1258 continue;
1259 rx.u.rx.ra_match = 0;
1260 }
1261 break;
1262 case IEEE80211_IF_TYPE_IBSS:
1263 if (!bssid)
1264 continue;
1265 if (!ieee80211_bssid_match(bssid,
1266 sdata->u.sta.bssid)) {
1267 if (!rx.u.rx.in_scan)
1268 continue;
1269 rx.u.rx.ra_match = 0;
1270 } else if (!multicast &&
1271 compare_ether_addr(sdata->dev->dev_addr,
1272 hdr->addr1) != 0) {
1273 if (!sdata->promisc)
1274 continue;
1275 rx.u.rx.ra_match = 0;
1276 } else if (!sta)
1277 sta = rx.sta =
1278 ieee80211_ibss_add_sta(sdata->dev,
1279 skb, bssid,
1280 hdr->addr2);
1281 break;
1282 case IEEE80211_IF_TYPE_AP:
1283 if (!bssid) {
1284 if (compare_ether_addr(sdata->dev->dev_addr,
1285 hdr->addr1) != 0)
1286 continue;
1287 } else if (!ieee80211_bssid_match(bssid,
1288 sdata->dev->dev_addr)) {
1289 if (!rx.u.rx.in_scan)
1290 continue;
1291 rx.u.rx.ra_match = 0;
1292 }
1293 if (sdata->dev == local->mdev &&
1294 !rx.u.rx.in_scan)
1295 /* do not receive anything via
1296 * master device when not scanning */
1297 continue;
1298 break;
1299 case IEEE80211_IF_TYPE_WDS:
1300 if (bssid ||
1301 (rx.fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA)
1302 continue;
1303 if (compare_ether_addr(sdata->u.wds.remote_addr,
1304 hdr->addr2) != 0)
1305 continue;
1306 break;
1307 }
1308
1309 if (prev) {
1310 skb_new = skb_copy(skb, GFP_ATOMIC);
1311 if (!skb_new) {
1312 if (net_ratelimit())
1313 printk(KERN_DEBUG "%s: failed to copy "
1314 "multicast frame for %s",
1315 local->mdev->name, prev->dev->name);
1316 continue;
1317 }
1318 rx.skb = skb_new;
1319 rx.dev = prev->dev;
1320 rx.sdata = prev;
1321 ieee80211_invoke_rx_handlers(local,
1322 local->rx_handlers,
1323 &rx, sta);
1324 }
1325 prev = sdata;
1326 }
1327 if (prev) {
1328 rx.skb = skb;
1329 rx.dev = prev->dev;
1330 rx.sdata = prev;
1331 ieee80211_invoke_rx_handlers(local, local->rx_handlers,
1332 &rx, sta);
1333 } else
1334 dev_kfree_skb(skb);
1335 read_unlock(&local->sub_if_lock);
1336 }
1337
1338 end:
1339 if (sta)
1340 sta_info_put(sta);
1341}
1342EXPORT_SYMBOL(__ieee80211_rx);
1343
1344/* This is a version of the rx handler that can be called from hard irq
1345 * context. Post the skb on the queue and schedule the tasklet */
1346void ieee80211_rx_irqsafe(struct ieee80211_hw *hw, struct sk_buff *skb,
1347 struct ieee80211_rx_status *status)
1348{
1349 struct ieee80211_local *local = hw_to_local(hw);
1350
1351 BUILD_BUG_ON(sizeof(struct ieee80211_rx_status) > sizeof(skb->cb));
1352
1353 skb->dev = local->mdev;
1354 /* copy status into skb->cb for use by tasklet */
1355 memcpy(skb->cb, status, sizeof(*status));
1356 skb->pkt_type = IEEE80211_RX_MSG;
1357 skb_queue_tail(&local->skb_queue, skb);
1358 tasklet_schedule(&local->tasklet);
1359}
1360EXPORT_SYMBOL(ieee80211_rx_irqsafe);