diff options
-rw-r--r-- | include/net/ieee80211_radiotap.h | 9 | ||||
-rw-r--r-- | net/mac80211/Makefile | 1 | ||||
-rw-r--r-- | net/mac80211/ieee80211.c | 1373 | ||||
-rw-r--r-- | net/mac80211/ieee80211_i.h | 22 | ||||
-rw-r--r-- | net/mac80211/rx.c | 1360 |
5 files changed, 1400 insertions, 1365 deletions
diff --git a/include/net/ieee80211_radiotap.h b/include/net/ieee80211_radiotap.h index a0c2b41a24d7..22e047758ba1 100644 --- a/include/net/ieee80211_radiotap.h +++ b/include/net/ieee80211_radiotap.h | |||
@@ -255,4 +255,13 @@ enum ieee80211_radiotap_type { | |||
255 | (((x) == 14) ? 2484 : ((x) * 5) + 2407) : \ | 255 | (((x) == 14) ? 2484 : ((x) * 5) + 2407) : \ |
256 | ((x) + 1000) * 5) | 256 | ((x) + 1000) * 5) |
257 | 257 | ||
258 | /* helpers */ | ||
259 | static inline int ieee80211_get_radiotap_len(unsigned char *data) | ||
260 | { | ||
261 | struct ieee80211_radiotap_header *hdr = | ||
262 | (struct ieee80211_radiotap_header *)data; | ||
263 | |||
264 | return le16_to_cpu(hdr->it_len); | ||
265 | } | ||
266 | |||
258 | #endif /* IEEE80211_RADIOTAP_H */ | 267 | #endif /* IEEE80211_RADIOTAP_H */ |
diff --git a/net/mac80211/Makefile b/net/mac80211/Makefile index a9c2d0787d4a..b5853991324b 100644 --- a/net/mac80211/Makefile +++ b/net/mac80211/Makefile | |||
@@ -18,4 +18,5 @@ mac80211-objs := \ | |||
18 | aes_ccm.o \ | 18 | aes_ccm.o \ |
19 | wme.o \ | 19 | wme.o \ |
20 | ieee80211_cfg.o \ | 20 | ieee80211_cfg.o \ |
21 | rx.o \ | ||
21 | $(mac80211-objs-y) | 22 | $(mac80211-objs-y) |
diff --git a/net/mac80211/ieee80211.c b/net/mac80211/ieee80211.c index ff2172ffd861..c0094209bed9 100644 --- a/net/mac80211/ieee80211.c +++ b/net/mac80211/ieee80211.c | |||
@@ -45,11 +45,11 @@ void *mac80211_wiphy_privid = &mac80211_wiphy_privid; | |||
45 | 45 | ||
46 | /* See IEEE 802.1H for LLC/SNAP encapsulation/decapsulation */ | 46 | /* See IEEE 802.1H for LLC/SNAP encapsulation/decapsulation */ |
47 | /* Ethernet-II snap header (RFC1042 for most EtherTypes) */ | 47 | /* Ethernet-II snap header (RFC1042 for most EtherTypes) */ |
48 | static const unsigned char rfc1042_header[] = | 48 | const unsigned char rfc1042_header[] = |
49 | { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 }; | 49 | { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 }; |
50 | 50 | ||
51 | /* Bridge-Tunnel header (for EtherTypes ETH_P_AARP and ETH_P_IPX) */ | 51 | /* Bridge-Tunnel header (for EtherTypes ETH_P_AARP and ETH_P_IPX) */ |
52 | static const unsigned char bridge_tunnel_header[] = | 52 | const unsigned char bridge_tunnel_header[] = |
53 | { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0xf8 }; | 53 | { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0xf8 }; |
54 | 54 | ||
55 | /* No encapsulation header if EtherType < 0x600 (=length) */ | 55 | /* No encapsulation header if EtherType < 0x600 (=length) */ |
@@ -222,9 +222,9 @@ void ieee80211_prepare_rates(struct ieee80211_local *local, | |||
222 | } | 222 | } |
223 | 223 | ||
224 | 224 | ||
225 | static void ieee80211_key_threshold_notify(struct net_device *dev, | 225 | void ieee80211_key_threshold_notify(struct net_device *dev, |
226 | struct ieee80211_key *key, | 226 | struct ieee80211_key *key, |
227 | struct sta_info *sta) | 227 | struct sta_info *sta) |
228 | { | 228 | { |
229 | struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); | 229 | struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); |
230 | struct sk_buff *skb; | 230 | struct sk_buff *skb; |
@@ -258,7 +258,7 @@ static void ieee80211_key_threshold_notify(struct net_device *dev, | |||
258 | } | 258 | } |
259 | 259 | ||
260 | 260 | ||
261 | static u8 * ieee80211_get_bssid(struct ieee80211_hdr *hdr, size_t len) | 261 | u8 *ieee80211_get_bssid(struct ieee80211_hdr *hdr, size_t len) |
262 | { | 262 | { |
263 | u16 fc; | 263 | u16 fc; |
264 | 264 | ||
@@ -345,13 +345,6 @@ int ieee80211_get_hdrlen_from_skb(const struct sk_buff *skb) | |||
345 | } | 345 | } |
346 | EXPORT_SYMBOL(ieee80211_get_hdrlen_from_skb); | 346 | EXPORT_SYMBOL(ieee80211_get_hdrlen_from_skb); |
347 | 347 | ||
348 | static int ieee80211_get_radiotap_len(struct sk_buff *skb) | ||
349 | { | ||
350 | struct ieee80211_radiotap_header *hdr = | ||
351 | (struct ieee80211_radiotap_header *) skb->data; | ||
352 | |||
353 | return le16_to_cpu(hdr->it_len); | ||
354 | } | ||
355 | 348 | ||
356 | #ifdef CONFIG_MAC80211_LOWTX_FRAME_DUMP | 349 | #ifdef CONFIG_MAC80211_LOWTX_FRAME_DUMP |
357 | static void ieee80211_dump_frame(const char *ifname, const char *title, | 350 | static void ieee80211_dump_frame(const char *ifname, const char *title, |
@@ -392,7 +385,7 @@ static inline void ieee80211_dump_frame(const char *ifname, const char *title, | |||
392 | #endif /* CONFIG_MAC80211_LOWTX_FRAME_DUMP */ | 385 | #endif /* CONFIG_MAC80211_LOWTX_FRAME_DUMP */ |
393 | 386 | ||
394 | 387 | ||
395 | static int ieee80211_is_eapol(const struct sk_buff *skb) | 388 | int ieee80211_is_eapol(const struct sk_buff *skb) |
396 | { | 389 | { |
397 | const struct ieee80211_hdr *hdr; | 390 | const struct ieee80211_hdr *hdr; |
398 | u16 fc; | 391 | u16 fc; |
@@ -2762,188 +2755,7 @@ static int header_parse_80211(struct sk_buff *skb, unsigned char *haddr) | |||
2762 | return ETH_ALEN; | 2755 | return ETH_ALEN; |
2763 | } | 2756 | } |
2764 | 2757 | ||
2765 | static inline int ieee80211_bssid_match(const u8 *raddr, const u8 *addr) | 2758 | struct ieee80211_rate * |
2766 | { | ||
2767 | return compare_ether_addr(raddr, addr) == 0 || | ||
2768 | is_broadcast_ether_addr(raddr); | ||
2769 | } | ||
2770 | |||
2771 | |||
2772 | static ieee80211_txrx_result | ||
2773 | ieee80211_rx_h_data(struct ieee80211_txrx_data *rx) | ||
2774 | { | ||
2775 | struct net_device *dev = rx->dev; | ||
2776 | struct ieee80211_local *local = rx->local; | ||
2777 | struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data; | ||
2778 | u16 fc, hdrlen, ethertype; | ||
2779 | u8 *payload; | ||
2780 | u8 dst[ETH_ALEN]; | ||
2781 | u8 src[ETH_ALEN]; | ||
2782 | struct sk_buff *skb = rx->skb, *skb2; | ||
2783 | struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); | ||
2784 | |||
2785 | fc = rx->fc; | ||
2786 | if (unlikely((fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA)) | ||
2787 | return TXRX_CONTINUE; | ||
2788 | |||
2789 | if (unlikely(!WLAN_FC_DATA_PRESENT(fc))) | ||
2790 | return TXRX_DROP; | ||
2791 | |||
2792 | hdrlen = ieee80211_get_hdrlen(fc); | ||
2793 | |||
2794 | /* convert IEEE 802.11 header + possible LLC headers into Ethernet | ||
2795 | * header | ||
2796 | * IEEE 802.11 address fields: | ||
2797 | * ToDS FromDS Addr1 Addr2 Addr3 Addr4 | ||
2798 | * 0 0 DA SA BSSID n/a | ||
2799 | * 0 1 DA BSSID SA n/a | ||
2800 | * 1 0 BSSID SA DA n/a | ||
2801 | * 1 1 RA TA DA SA | ||
2802 | */ | ||
2803 | |||
2804 | switch (fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) { | ||
2805 | case IEEE80211_FCTL_TODS: | ||
2806 | /* BSSID SA DA */ | ||
2807 | memcpy(dst, hdr->addr3, ETH_ALEN); | ||
2808 | memcpy(src, hdr->addr2, ETH_ALEN); | ||
2809 | |||
2810 | if (unlikely(sdata->type != IEEE80211_IF_TYPE_AP && | ||
2811 | sdata->type != IEEE80211_IF_TYPE_VLAN)) { | ||
2812 | printk(KERN_DEBUG "%s: dropped ToDS frame (BSSID=" | ||
2813 | MAC_FMT " SA=" MAC_FMT " DA=" MAC_FMT ")\n", | ||
2814 | dev->name, MAC_ARG(hdr->addr1), | ||
2815 | MAC_ARG(hdr->addr2), MAC_ARG(hdr->addr3)); | ||
2816 | return TXRX_DROP; | ||
2817 | } | ||
2818 | break; | ||
2819 | case (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS): | ||
2820 | /* RA TA DA SA */ | ||
2821 | memcpy(dst, hdr->addr3, ETH_ALEN); | ||
2822 | memcpy(src, hdr->addr4, ETH_ALEN); | ||
2823 | |||
2824 | if (unlikely(sdata->type != IEEE80211_IF_TYPE_WDS)) { | ||
2825 | printk(KERN_DEBUG "%s: dropped FromDS&ToDS frame (RA=" | ||
2826 | MAC_FMT " TA=" MAC_FMT " DA=" MAC_FMT " SA=" | ||
2827 | MAC_FMT ")\n", | ||
2828 | rx->dev->name, MAC_ARG(hdr->addr1), | ||
2829 | MAC_ARG(hdr->addr2), MAC_ARG(hdr->addr3), | ||
2830 | MAC_ARG(hdr->addr4)); | ||
2831 | return TXRX_DROP; | ||
2832 | } | ||
2833 | break; | ||
2834 | case IEEE80211_FCTL_FROMDS: | ||
2835 | /* DA BSSID SA */ | ||
2836 | memcpy(dst, hdr->addr1, ETH_ALEN); | ||
2837 | memcpy(src, hdr->addr3, ETH_ALEN); | ||
2838 | |||
2839 | if (sdata->type != IEEE80211_IF_TYPE_STA) { | ||
2840 | return TXRX_DROP; | ||
2841 | } | ||
2842 | break; | ||
2843 | case 0: | ||
2844 | /* DA SA BSSID */ | ||
2845 | memcpy(dst, hdr->addr1, ETH_ALEN); | ||
2846 | memcpy(src, hdr->addr2, ETH_ALEN); | ||
2847 | |||
2848 | if (sdata->type != IEEE80211_IF_TYPE_IBSS) { | ||
2849 | if (net_ratelimit()) { | ||
2850 | printk(KERN_DEBUG "%s: dropped IBSS frame (DA=" | ||
2851 | MAC_FMT " SA=" MAC_FMT " BSSID=" MAC_FMT | ||
2852 | ")\n", | ||
2853 | dev->name, MAC_ARG(hdr->addr1), | ||
2854 | MAC_ARG(hdr->addr2), | ||
2855 | MAC_ARG(hdr->addr3)); | ||
2856 | } | ||
2857 | return TXRX_DROP; | ||
2858 | } | ||
2859 | break; | ||
2860 | } | ||
2861 | |||
2862 | payload = skb->data + hdrlen; | ||
2863 | |||
2864 | if (unlikely(skb->len - hdrlen < 8)) { | ||
2865 | if (net_ratelimit()) { | ||
2866 | printk(KERN_DEBUG "%s: RX too short data frame " | ||
2867 | "payload\n", dev->name); | ||
2868 | } | ||
2869 | return TXRX_DROP; | ||
2870 | } | ||
2871 | |||
2872 | ethertype = (payload[6] << 8) | payload[7]; | ||
2873 | |||
2874 | if (likely((compare_ether_addr(payload, rfc1042_header) == 0 && | ||
2875 | ethertype != ETH_P_AARP && ethertype != ETH_P_IPX) || | ||
2876 | compare_ether_addr(payload, bridge_tunnel_header) == 0)) { | ||
2877 | /* remove RFC1042 or Bridge-Tunnel encapsulation and | ||
2878 | * replace EtherType */ | ||
2879 | skb_pull(skb, hdrlen + 6); | ||
2880 | memcpy(skb_push(skb, ETH_ALEN), src, ETH_ALEN); | ||
2881 | memcpy(skb_push(skb, ETH_ALEN), dst, ETH_ALEN); | ||
2882 | } else { | ||
2883 | struct ethhdr *ehdr; | ||
2884 | __be16 len; | ||
2885 | skb_pull(skb, hdrlen); | ||
2886 | len = htons(skb->len); | ||
2887 | ehdr = (struct ethhdr *) skb_push(skb, sizeof(struct ethhdr)); | ||
2888 | memcpy(ehdr->h_dest, dst, ETH_ALEN); | ||
2889 | memcpy(ehdr->h_source, src, ETH_ALEN); | ||
2890 | ehdr->h_proto = len; | ||
2891 | } | ||
2892 | skb->dev = dev; | ||
2893 | |||
2894 | skb2 = NULL; | ||
2895 | |||
2896 | sdata->stats.rx_packets++; | ||
2897 | sdata->stats.rx_bytes += skb->len; | ||
2898 | |||
2899 | if (local->bridge_packets && (sdata->type == IEEE80211_IF_TYPE_AP | ||
2900 | || sdata->type == IEEE80211_IF_TYPE_VLAN) && rx->u.rx.ra_match) { | ||
2901 | if (is_multicast_ether_addr(skb->data)) { | ||
2902 | /* send multicast frames both to higher layers in | ||
2903 | * local net stack and back to the wireless media */ | ||
2904 | skb2 = skb_copy(skb, GFP_ATOMIC); | ||
2905 | if (!skb2) | ||
2906 | printk(KERN_DEBUG "%s: failed to clone " | ||
2907 | "multicast frame\n", dev->name); | ||
2908 | } else { | ||
2909 | struct sta_info *dsta; | ||
2910 | dsta = sta_info_get(local, skb->data); | ||
2911 | if (dsta && !dsta->dev) { | ||
2912 | printk(KERN_DEBUG "Station with null dev " | ||
2913 | "structure!\n"); | ||
2914 | } else if (dsta && dsta->dev == dev) { | ||
2915 | /* Destination station is associated to this | ||
2916 | * AP, so send the frame directly to it and | ||
2917 | * do not pass the frame to local net stack. | ||
2918 | */ | ||
2919 | skb2 = skb; | ||
2920 | skb = NULL; | ||
2921 | } | ||
2922 | if (dsta) | ||
2923 | sta_info_put(dsta); | ||
2924 | } | ||
2925 | } | ||
2926 | |||
2927 | if (skb) { | ||
2928 | /* deliver to local stack */ | ||
2929 | skb->protocol = eth_type_trans(skb, dev); | ||
2930 | memset(skb->cb, 0, sizeof(skb->cb)); | ||
2931 | netif_rx(skb); | ||
2932 | } | ||
2933 | |||
2934 | if (skb2) { | ||
2935 | /* send to wireless media */ | ||
2936 | skb2->protocol = __constant_htons(ETH_P_802_3); | ||
2937 | skb_set_network_header(skb2, 0); | ||
2938 | skb_set_mac_header(skb2, 0); | ||
2939 | dev_queue_xmit(skb2); | ||
2940 | } | ||
2941 | |||
2942 | return TXRX_QUEUED; | ||
2943 | } | ||
2944 | |||
2945 | |||
2946 | static struct ieee80211_rate * | ||
2947 | ieee80211_get_rate(struct ieee80211_local *local, int phymode, int hw_rate) | 2759 | ieee80211_get_rate(struct ieee80211_local *local, int phymode, int hw_rate) |
2948 | { | 2760 | { |
2949 | struct ieee80211_hw_mode *mode; | 2761 | struct ieee80211_hw_mode *mode; |
@@ -3071,69 +2883,6 @@ ieee80211_rx_mgmt(struct ieee80211_local *local, struct sk_buff *skb, | |||
3071 | netif_rx(skb); | 2883 | netif_rx(skb); |
3072 | } | 2884 | } |
3073 | 2885 | ||
3074 | static void | ||
3075 | ieee80211_rx_monitor(struct net_device *dev, struct sk_buff *skb, | ||
3076 | struct ieee80211_rx_status *status) | ||
3077 | { | ||
3078 | struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); | ||
3079 | struct ieee80211_sub_if_data *sdata; | ||
3080 | struct ieee80211_rate *rate; | ||
3081 | struct ieee80211_rtap_hdr { | ||
3082 | struct ieee80211_radiotap_header hdr; | ||
3083 | u8 flags; | ||
3084 | u8 rate; | ||
3085 | __le16 chan_freq; | ||
3086 | __le16 chan_flags; | ||
3087 | u8 antsignal; | ||
3088 | } __attribute__ ((packed)) *rthdr; | ||
3089 | |||
3090 | skb->dev = dev; | ||
3091 | |||
3092 | sdata = IEEE80211_DEV_TO_SUB_IF(dev); | ||
3093 | |||
3094 | if (status->flag & RX_FLAG_RADIOTAP) | ||
3095 | goto out; | ||
3096 | |||
3097 | if (skb_headroom(skb) < sizeof(*rthdr)) { | ||
3098 | I802_DEBUG_INC(local->rx_expand_skb_head); | ||
3099 | if (pskb_expand_head(skb, sizeof(*rthdr), 0, GFP_ATOMIC)) { | ||
3100 | dev_kfree_skb(skb); | ||
3101 | return; | ||
3102 | } | ||
3103 | } | ||
3104 | |||
3105 | rthdr = (struct ieee80211_rtap_hdr *) skb_push(skb, sizeof(*rthdr)); | ||
3106 | memset(rthdr, 0, sizeof(*rthdr)); | ||
3107 | rthdr->hdr.it_len = cpu_to_le16(sizeof(*rthdr)); | ||
3108 | rthdr->hdr.it_present = | ||
3109 | cpu_to_le32((1 << IEEE80211_RADIOTAP_FLAGS) | | ||
3110 | (1 << IEEE80211_RADIOTAP_RATE) | | ||
3111 | (1 << IEEE80211_RADIOTAP_CHANNEL) | | ||
3112 | (1 << IEEE80211_RADIOTAP_DB_ANTSIGNAL)); | ||
3113 | rthdr->flags = local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS ? | ||
3114 | IEEE80211_RADIOTAP_F_FCS : 0; | ||
3115 | rate = ieee80211_get_rate(local, status->phymode, status->rate); | ||
3116 | if (rate) | ||
3117 | rthdr->rate = rate->rate / 5; | ||
3118 | rthdr->chan_freq = cpu_to_le16(status->freq); | ||
3119 | rthdr->chan_flags = | ||
3120 | status->phymode == MODE_IEEE80211A ? | ||
3121 | cpu_to_le16(IEEE80211_CHAN_OFDM | IEEE80211_CHAN_5GHZ) : | ||
3122 | cpu_to_le16(IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ); | ||
3123 | rthdr->antsignal = status->ssi; | ||
3124 | |||
3125 | out: | ||
3126 | sdata->stats.rx_packets++; | ||
3127 | sdata->stats.rx_bytes += skb->len; | ||
3128 | |||
3129 | skb_set_mac_header(skb, 0); | ||
3130 | skb->ip_summed = CHECKSUM_UNNECESSARY; | ||
3131 | skb->pkt_type = PACKET_OTHERHOST; | ||
3132 | skb->protocol = htons(ETH_P_802_2); | ||
3133 | memset(skb->cb, 0, sizeof(skb->cb)); | ||
3134 | netif_rx(skb); | ||
3135 | } | ||
3136 | |||
3137 | int ieee80211_radar_status(struct ieee80211_hw *hw, int channel, | 2886 | int ieee80211_radar_status(struct ieee80211_hw *hw, int channel, |
3138 | int radar, int radar_type) | 2887 | int radar, int radar_type) |
3139 | { | 2888 | { |
@@ -3163,1000 +2912,6 @@ int ieee80211_radar_status(struct ieee80211_hw *hw, int channel, | |||
3163 | EXPORT_SYMBOL(ieee80211_radar_status); | 2912 | EXPORT_SYMBOL(ieee80211_radar_status); |
3164 | 2913 | ||
3165 | 2914 | ||
3166 | static void ap_sta_ps_start(struct net_device *dev, struct sta_info *sta) | ||
3167 | { | ||
3168 | struct ieee80211_sub_if_data *sdata; | ||
3169 | sdata = IEEE80211_DEV_TO_SUB_IF(sta->dev); | ||
3170 | |||
3171 | if (sdata->bss) | ||
3172 | atomic_inc(&sdata->bss->num_sta_ps); | ||
3173 | sta->flags |= WLAN_STA_PS; | ||
3174 | sta->pspoll = 0; | ||
3175 | #ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG | ||
3176 | printk(KERN_DEBUG "%s: STA " MAC_FMT " aid %d enters power " | ||
3177 | "save mode\n", dev->name, MAC_ARG(sta->addr), sta->aid); | ||
3178 | #endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */ | ||
3179 | } | ||
3180 | |||
3181 | |||
3182 | static int ap_sta_ps_end(struct net_device *dev, struct sta_info *sta) | ||
3183 | { | ||
3184 | struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); | ||
3185 | struct sk_buff *skb; | ||
3186 | int sent = 0; | ||
3187 | struct ieee80211_sub_if_data *sdata; | ||
3188 | struct ieee80211_tx_packet_data *pkt_data; | ||
3189 | |||
3190 | sdata = IEEE80211_DEV_TO_SUB_IF(sta->dev); | ||
3191 | if (sdata->bss) | ||
3192 | atomic_dec(&sdata->bss->num_sta_ps); | ||
3193 | sta->flags &= ~(WLAN_STA_PS | WLAN_STA_TIM); | ||
3194 | sta->pspoll = 0; | ||
3195 | if (!skb_queue_empty(&sta->ps_tx_buf)) { | ||
3196 | if (local->ops->set_tim) | ||
3197 | local->ops->set_tim(local_to_hw(local), sta->aid, 0); | ||
3198 | if (sdata->bss) | ||
3199 | bss_tim_clear(local, sdata->bss, sta->aid); | ||
3200 | } | ||
3201 | #ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG | ||
3202 | printk(KERN_DEBUG "%s: STA " MAC_FMT " aid %d exits power " | ||
3203 | "save mode\n", dev->name, MAC_ARG(sta->addr), sta->aid); | ||
3204 | #endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */ | ||
3205 | /* Send all buffered frames to the station */ | ||
3206 | while ((skb = skb_dequeue(&sta->tx_filtered)) != NULL) { | ||
3207 | pkt_data = (struct ieee80211_tx_packet_data *) skb->cb; | ||
3208 | sent++; | ||
3209 | pkt_data->requeue = 1; | ||
3210 | dev_queue_xmit(skb); | ||
3211 | } | ||
3212 | while ((skb = skb_dequeue(&sta->ps_tx_buf)) != NULL) { | ||
3213 | pkt_data = (struct ieee80211_tx_packet_data *) skb->cb; | ||
3214 | local->total_ps_buffered--; | ||
3215 | sent++; | ||
3216 | #ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG | ||
3217 | printk(KERN_DEBUG "%s: STA " MAC_FMT " aid %d send PS frame " | ||
3218 | "since STA not sleeping anymore\n", dev->name, | ||
3219 | MAC_ARG(sta->addr), sta->aid); | ||
3220 | #endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */ | ||
3221 | pkt_data->requeue = 1; | ||
3222 | dev_queue_xmit(skb); | ||
3223 | } | ||
3224 | |||
3225 | return sent; | ||
3226 | } | ||
3227 | |||
3228 | |||
3229 | static ieee80211_txrx_result | ||
3230 | ieee80211_rx_h_ps_poll(struct ieee80211_txrx_data *rx) | ||
3231 | { | ||
3232 | struct sk_buff *skb; | ||
3233 | int no_pending_pkts; | ||
3234 | |||
3235 | if (likely(!rx->sta || | ||
3236 | (rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_CTL || | ||
3237 | (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_PSPOLL || | ||
3238 | !rx->u.rx.ra_match)) | ||
3239 | return TXRX_CONTINUE; | ||
3240 | |||
3241 | skb = skb_dequeue(&rx->sta->tx_filtered); | ||
3242 | if (!skb) { | ||
3243 | skb = skb_dequeue(&rx->sta->ps_tx_buf); | ||
3244 | if (skb) | ||
3245 | rx->local->total_ps_buffered--; | ||
3246 | } | ||
3247 | no_pending_pkts = skb_queue_empty(&rx->sta->tx_filtered) && | ||
3248 | skb_queue_empty(&rx->sta->ps_tx_buf); | ||
3249 | |||
3250 | if (skb) { | ||
3251 | struct ieee80211_hdr *hdr = | ||
3252 | (struct ieee80211_hdr *) skb->data; | ||
3253 | |||
3254 | /* tell TX path to send one frame even though the STA may | ||
3255 | * still remain is PS mode after this frame exchange */ | ||
3256 | rx->sta->pspoll = 1; | ||
3257 | |||
3258 | #ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG | ||
3259 | printk(KERN_DEBUG "STA " MAC_FMT " aid %d: PS Poll (entries " | ||
3260 | "after %d)\n", | ||
3261 | MAC_ARG(rx->sta->addr), rx->sta->aid, | ||
3262 | skb_queue_len(&rx->sta->ps_tx_buf)); | ||
3263 | #endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */ | ||
3264 | |||
3265 | /* Use MoreData flag to indicate whether there are more | ||
3266 | * buffered frames for this STA */ | ||
3267 | if (no_pending_pkts) { | ||
3268 | hdr->frame_control &= cpu_to_le16(~IEEE80211_FCTL_MOREDATA); | ||
3269 | rx->sta->flags &= ~WLAN_STA_TIM; | ||
3270 | } else | ||
3271 | hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_MOREDATA); | ||
3272 | |||
3273 | dev_queue_xmit(skb); | ||
3274 | |||
3275 | if (no_pending_pkts) { | ||
3276 | if (rx->local->ops->set_tim) | ||
3277 | rx->local->ops->set_tim(local_to_hw(rx->local), | ||
3278 | rx->sta->aid, 0); | ||
3279 | if (rx->sdata->bss) | ||
3280 | bss_tim_clear(rx->local, rx->sdata->bss, rx->sta->aid); | ||
3281 | } | ||
3282 | #ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG | ||
3283 | } else if (!rx->u.rx.sent_ps_buffered) { | ||
3284 | printk(KERN_DEBUG "%s: STA " MAC_FMT " sent PS Poll even " | ||
3285 | "though there is no buffered frames for it\n", | ||
3286 | rx->dev->name, MAC_ARG(rx->sta->addr)); | ||
3287 | #endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */ | ||
3288 | |||
3289 | } | ||
3290 | |||
3291 | /* Free PS Poll skb here instead of returning TXRX_DROP that would | ||
3292 | * count as an dropped frame. */ | ||
3293 | dev_kfree_skb(rx->skb); | ||
3294 | |||
3295 | return TXRX_QUEUED; | ||
3296 | } | ||
3297 | |||
3298 | |||
3299 | static inline struct ieee80211_fragment_entry * | ||
3300 | ieee80211_reassemble_add(struct ieee80211_sub_if_data *sdata, | ||
3301 | unsigned int frag, unsigned int seq, int rx_queue, | ||
3302 | struct sk_buff **skb) | ||
3303 | { | ||
3304 | struct ieee80211_fragment_entry *entry; | ||
3305 | int idx; | ||
3306 | |||
3307 | idx = sdata->fragment_next; | ||
3308 | entry = &sdata->fragments[sdata->fragment_next++]; | ||
3309 | if (sdata->fragment_next >= IEEE80211_FRAGMENT_MAX) | ||
3310 | sdata->fragment_next = 0; | ||
3311 | |||
3312 | if (!skb_queue_empty(&entry->skb_list)) { | ||
3313 | #ifdef CONFIG_MAC80211_DEBUG | ||
3314 | struct ieee80211_hdr *hdr = | ||
3315 | (struct ieee80211_hdr *) entry->skb_list.next->data; | ||
3316 | printk(KERN_DEBUG "%s: RX reassembly removed oldest " | ||
3317 | "fragment entry (idx=%d age=%lu seq=%d last_frag=%d " | ||
3318 | "addr1=" MAC_FMT " addr2=" MAC_FMT "\n", | ||
3319 | sdata->dev->name, idx, | ||
3320 | jiffies - entry->first_frag_time, entry->seq, | ||
3321 | entry->last_frag, MAC_ARG(hdr->addr1), | ||
3322 | MAC_ARG(hdr->addr2)); | ||
3323 | #endif /* CONFIG_MAC80211_DEBUG */ | ||
3324 | __skb_queue_purge(&entry->skb_list); | ||
3325 | } | ||
3326 | |||
3327 | __skb_queue_tail(&entry->skb_list, *skb); /* no need for locking */ | ||
3328 | *skb = NULL; | ||
3329 | entry->first_frag_time = jiffies; | ||
3330 | entry->seq = seq; | ||
3331 | entry->rx_queue = rx_queue; | ||
3332 | entry->last_frag = frag; | ||
3333 | entry->ccmp = 0; | ||
3334 | entry->extra_len = 0; | ||
3335 | |||
3336 | return entry; | ||
3337 | } | ||
3338 | |||
3339 | |||
3340 | static inline struct ieee80211_fragment_entry * | ||
3341 | ieee80211_reassemble_find(struct ieee80211_sub_if_data *sdata, | ||
3342 | u16 fc, unsigned int frag, unsigned int seq, | ||
3343 | int rx_queue, struct ieee80211_hdr *hdr) | ||
3344 | { | ||
3345 | struct ieee80211_fragment_entry *entry; | ||
3346 | int i, idx; | ||
3347 | |||
3348 | idx = sdata->fragment_next; | ||
3349 | for (i = 0; i < IEEE80211_FRAGMENT_MAX; i++) { | ||
3350 | struct ieee80211_hdr *f_hdr; | ||
3351 | u16 f_fc; | ||
3352 | |||
3353 | idx--; | ||
3354 | if (idx < 0) | ||
3355 | idx = IEEE80211_FRAGMENT_MAX - 1; | ||
3356 | |||
3357 | entry = &sdata->fragments[idx]; | ||
3358 | if (skb_queue_empty(&entry->skb_list) || entry->seq != seq || | ||
3359 | entry->rx_queue != rx_queue || | ||
3360 | entry->last_frag + 1 != frag) | ||
3361 | continue; | ||
3362 | |||
3363 | f_hdr = (struct ieee80211_hdr *) entry->skb_list.next->data; | ||
3364 | f_fc = le16_to_cpu(f_hdr->frame_control); | ||
3365 | |||
3366 | if ((fc & IEEE80211_FCTL_FTYPE) != (f_fc & IEEE80211_FCTL_FTYPE) || | ||
3367 | compare_ether_addr(hdr->addr1, f_hdr->addr1) != 0 || | ||
3368 | compare_ether_addr(hdr->addr2, f_hdr->addr2) != 0) | ||
3369 | continue; | ||
3370 | |||
3371 | if (entry->first_frag_time + 2 * HZ < jiffies) { | ||
3372 | __skb_queue_purge(&entry->skb_list); | ||
3373 | continue; | ||
3374 | } | ||
3375 | return entry; | ||
3376 | } | ||
3377 | |||
3378 | return NULL; | ||
3379 | } | ||
3380 | |||
3381 | |||
3382 | static ieee80211_txrx_result | ||
3383 | ieee80211_rx_h_defragment(struct ieee80211_txrx_data *rx) | ||
3384 | { | ||
3385 | struct ieee80211_hdr *hdr; | ||
3386 | u16 sc; | ||
3387 | unsigned int frag, seq; | ||
3388 | struct ieee80211_fragment_entry *entry; | ||
3389 | struct sk_buff *skb; | ||
3390 | |||
3391 | hdr = (struct ieee80211_hdr *) rx->skb->data; | ||
3392 | sc = le16_to_cpu(hdr->seq_ctrl); | ||
3393 | frag = sc & IEEE80211_SCTL_FRAG; | ||
3394 | |||
3395 | if (likely((!(rx->fc & IEEE80211_FCTL_MOREFRAGS) && frag == 0) || | ||
3396 | (rx->skb)->len < 24 || | ||
3397 | is_multicast_ether_addr(hdr->addr1))) { | ||
3398 | /* not fragmented */ | ||
3399 | goto out; | ||
3400 | } | ||
3401 | I802_DEBUG_INC(rx->local->rx_handlers_fragments); | ||
3402 | |||
3403 | seq = (sc & IEEE80211_SCTL_SEQ) >> 4; | ||
3404 | |||
3405 | if (frag == 0) { | ||
3406 | /* This is the first fragment of a new frame. */ | ||
3407 | entry = ieee80211_reassemble_add(rx->sdata, frag, seq, | ||
3408 | rx->u.rx.queue, &(rx->skb)); | ||
3409 | if (rx->key && rx->key->alg == ALG_CCMP && | ||
3410 | (rx->fc & IEEE80211_FCTL_PROTECTED)) { | ||
3411 | /* Store CCMP PN so that we can verify that the next | ||
3412 | * fragment has a sequential PN value. */ | ||
3413 | entry->ccmp = 1; | ||
3414 | memcpy(entry->last_pn, | ||
3415 | rx->key->u.ccmp.rx_pn[rx->u.rx.queue], | ||
3416 | CCMP_PN_LEN); | ||
3417 | } | ||
3418 | return TXRX_QUEUED; | ||
3419 | } | ||
3420 | |||
3421 | /* This is a fragment for a frame that should already be pending in | ||
3422 | * fragment cache. Add this fragment to the end of the pending entry. | ||
3423 | */ | ||
3424 | entry = ieee80211_reassemble_find(rx->sdata, rx->fc, frag, seq, | ||
3425 | rx->u.rx.queue, hdr); | ||
3426 | if (!entry) { | ||
3427 | I802_DEBUG_INC(rx->local->rx_handlers_drop_defrag); | ||
3428 | return TXRX_DROP; | ||
3429 | } | ||
3430 | |||
3431 | /* Verify that MPDUs within one MSDU have sequential PN values. | ||
3432 | * (IEEE 802.11i, 8.3.3.4.5) */ | ||
3433 | if (entry->ccmp) { | ||
3434 | int i; | ||
3435 | u8 pn[CCMP_PN_LEN], *rpn; | ||
3436 | if (!rx->key || rx->key->alg != ALG_CCMP) | ||
3437 | return TXRX_DROP; | ||
3438 | memcpy(pn, entry->last_pn, CCMP_PN_LEN); | ||
3439 | for (i = CCMP_PN_LEN - 1; i >= 0; i--) { | ||
3440 | pn[i]++; | ||
3441 | if (pn[i]) | ||
3442 | break; | ||
3443 | } | ||
3444 | rpn = rx->key->u.ccmp.rx_pn[rx->u.rx.queue]; | ||
3445 | if (memcmp(pn, rpn, CCMP_PN_LEN) != 0) { | ||
3446 | printk(KERN_DEBUG "%s: defrag: CCMP PN not sequential" | ||
3447 | " A2=" MAC_FMT " PN=%02x%02x%02x%02x%02x%02x " | ||
3448 | "(expected %02x%02x%02x%02x%02x%02x)\n", | ||
3449 | rx->dev->name, MAC_ARG(hdr->addr2), | ||
3450 | rpn[0], rpn[1], rpn[2], rpn[3], rpn[4], rpn[5], | ||
3451 | pn[0], pn[1], pn[2], pn[3], pn[4], pn[5]); | ||
3452 | return TXRX_DROP; | ||
3453 | } | ||
3454 | memcpy(entry->last_pn, pn, CCMP_PN_LEN); | ||
3455 | } | ||
3456 | |||
3457 | skb_pull(rx->skb, ieee80211_get_hdrlen(rx->fc)); | ||
3458 | __skb_queue_tail(&entry->skb_list, rx->skb); | ||
3459 | entry->last_frag = frag; | ||
3460 | entry->extra_len += rx->skb->len; | ||
3461 | if (rx->fc & IEEE80211_FCTL_MOREFRAGS) { | ||
3462 | rx->skb = NULL; | ||
3463 | return TXRX_QUEUED; | ||
3464 | } | ||
3465 | |||
3466 | rx->skb = __skb_dequeue(&entry->skb_list); | ||
3467 | if (skb_tailroom(rx->skb) < entry->extra_len) { | ||
3468 | I802_DEBUG_INC(rx->local->rx_expand_skb_head2); | ||
3469 | if (unlikely(pskb_expand_head(rx->skb, 0, entry->extra_len, | ||
3470 | GFP_ATOMIC))) { | ||
3471 | I802_DEBUG_INC(rx->local->rx_handlers_drop_defrag); | ||
3472 | __skb_queue_purge(&entry->skb_list); | ||
3473 | return TXRX_DROP; | ||
3474 | } | ||
3475 | } | ||
3476 | while ((skb = __skb_dequeue(&entry->skb_list))) { | ||
3477 | memcpy(skb_put(rx->skb, skb->len), skb->data, skb->len); | ||
3478 | dev_kfree_skb(skb); | ||
3479 | } | ||
3480 | |||
3481 | /* Complete frame has been reassembled - process it now */ | ||
3482 | rx->fragmented = 1; | ||
3483 | |||
3484 | out: | ||
3485 | if (rx->sta) | ||
3486 | rx->sta->rx_packets++; | ||
3487 | if (is_multicast_ether_addr(hdr->addr1)) | ||
3488 | rx->local->dot11MulticastReceivedFrameCount++; | ||
3489 | else | ||
3490 | ieee80211_led_rx(rx->local); | ||
3491 | return TXRX_CONTINUE; | ||
3492 | } | ||
3493 | |||
3494 | |||
3495 | static ieee80211_txrx_result | ||
3496 | ieee80211_rx_h_monitor(struct ieee80211_txrx_data *rx) | ||
3497 | { | ||
3498 | if (rx->sdata->type == IEEE80211_IF_TYPE_MNTR) { | ||
3499 | ieee80211_rx_monitor(rx->dev, rx->skb, rx->u.rx.status); | ||
3500 | return TXRX_QUEUED; | ||
3501 | } | ||
3502 | |||
3503 | if (rx->u.rx.status->flag & RX_FLAG_RADIOTAP) | ||
3504 | skb_pull(rx->skb, ieee80211_get_radiotap_len(rx->skb)); | ||
3505 | |||
3506 | return TXRX_CONTINUE; | ||
3507 | } | ||
3508 | |||
3509 | |||
3510 | static ieee80211_txrx_result | ||
3511 | ieee80211_rx_h_check(struct ieee80211_txrx_data *rx) | ||
3512 | { | ||
3513 | struct ieee80211_hdr *hdr; | ||
3514 | int always_sta_key; | ||
3515 | hdr = (struct ieee80211_hdr *) rx->skb->data; | ||
3516 | |||
3517 | /* Drop duplicate 802.11 retransmissions (IEEE 802.11 Chap. 9.2.9) */ | ||
3518 | if (rx->sta && !is_multicast_ether_addr(hdr->addr1)) { | ||
3519 | if (unlikely(rx->fc & IEEE80211_FCTL_RETRY && | ||
3520 | rx->sta->last_seq_ctrl[rx->u.rx.queue] == | ||
3521 | hdr->seq_ctrl)) { | ||
3522 | if (rx->u.rx.ra_match) { | ||
3523 | rx->local->dot11FrameDuplicateCount++; | ||
3524 | rx->sta->num_duplicates++; | ||
3525 | } | ||
3526 | return TXRX_DROP; | ||
3527 | } else | ||
3528 | rx->sta->last_seq_ctrl[rx->u.rx.queue] = hdr->seq_ctrl; | ||
3529 | } | ||
3530 | |||
3531 | if ((rx->local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS) && | ||
3532 | rx->skb->len > FCS_LEN) | ||
3533 | skb_trim(rx->skb, rx->skb->len - FCS_LEN); | ||
3534 | |||
3535 | if (unlikely(rx->skb->len < 16)) { | ||
3536 | I802_DEBUG_INC(rx->local->rx_handlers_drop_short); | ||
3537 | return TXRX_DROP; | ||
3538 | } | ||
3539 | |||
3540 | if (!rx->u.rx.ra_match) | ||
3541 | rx->skb->pkt_type = PACKET_OTHERHOST; | ||
3542 | else if (compare_ether_addr(rx->dev->dev_addr, hdr->addr1) == 0) | ||
3543 | rx->skb->pkt_type = PACKET_HOST; | ||
3544 | else if (is_multicast_ether_addr(hdr->addr1)) { | ||
3545 | if (is_broadcast_ether_addr(hdr->addr1)) | ||
3546 | rx->skb->pkt_type = PACKET_BROADCAST; | ||
3547 | else | ||
3548 | rx->skb->pkt_type = PACKET_MULTICAST; | ||
3549 | } else | ||
3550 | rx->skb->pkt_type = PACKET_OTHERHOST; | ||
3551 | |||
3552 | /* Drop disallowed frame classes based on STA auth/assoc state; | ||
3553 | * IEEE 802.11, Chap 5.5. | ||
3554 | * | ||
3555 | * 80211.o does filtering only based on association state, i.e., it | ||
3556 | * drops Class 3 frames from not associated stations. hostapd sends | ||
3557 | * deauth/disassoc frames when needed. In addition, hostapd is | ||
3558 | * responsible for filtering on both auth and assoc states. | ||
3559 | */ | ||
3560 | if (unlikely(((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA || | ||
3561 | ((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_CTL && | ||
3562 | (rx->fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_PSPOLL)) && | ||
3563 | rx->sdata->type != IEEE80211_IF_TYPE_IBSS && | ||
3564 | (!rx->sta || !(rx->sta->flags & WLAN_STA_ASSOC)))) { | ||
3565 | if ((!(rx->fc & IEEE80211_FCTL_FROMDS) && | ||
3566 | !(rx->fc & IEEE80211_FCTL_TODS) && | ||
3567 | (rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA) | ||
3568 | || !rx->u.rx.ra_match) { | ||
3569 | /* Drop IBSS frames and frames for other hosts | ||
3570 | * silently. */ | ||
3571 | return TXRX_DROP; | ||
3572 | } | ||
3573 | |||
3574 | if (!rx->local->apdev) | ||
3575 | return TXRX_DROP; | ||
3576 | |||
3577 | ieee80211_rx_mgmt(rx->local, rx->skb, rx->u.rx.status, | ||
3578 | ieee80211_msg_sta_not_assoc); | ||
3579 | return TXRX_QUEUED; | ||
3580 | } | ||
3581 | |||
3582 | if (rx->sdata->type == IEEE80211_IF_TYPE_STA) | ||
3583 | always_sta_key = 0; | ||
3584 | else | ||
3585 | always_sta_key = 1; | ||
3586 | |||
3587 | if (rx->sta && rx->sta->key && always_sta_key) { | ||
3588 | rx->key = rx->sta->key; | ||
3589 | } else { | ||
3590 | if (rx->sta && rx->sta->key) | ||
3591 | rx->key = rx->sta->key; | ||
3592 | else | ||
3593 | rx->key = rx->sdata->default_key; | ||
3594 | |||
3595 | if ((rx->local->hw.flags & IEEE80211_HW_WEP_INCLUDE_IV) && | ||
3596 | rx->fc & IEEE80211_FCTL_PROTECTED) { | ||
3597 | int keyidx = ieee80211_wep_get_keyidx(rx->skb); | ||
3598 | |||
3599 | if (keyidx >= 0 && keyidx < NUM_DEFAULT_KEYS && | ||
3600 | (!rx->sta || !rx->sta->key || keyidx > 0)) | ||
3601 | rx->key = rx->sdata->keys[keyidx]; | ||
3602 | |||
3603 | if (!rx->key) { | ||
3604 | if (!rx->u.rx.ra_match) | ||
3605 | return TXRX_DROP; | ||
3606 | printk(KERN_DEBUG "%s: RX WEP frame with " | ||
3607 | "unknown keyidx %d (A1=" MAC_FMT " A2=" | ||
3608 | MAC_FMT " A3=" MAC_FMT ")\n", | ||
3609 | rx->dev->name, keyidx, | ||
3610 | MAC_ARG(hdr->addr1), | ||
3611 | MAC_ARG(hdr->addr2), | ||
3612 | MAC_ARG(hdr->addr3)); | ||
3613 | if (!rx->local->apdev) | ||
3614 | return TXRX_DROP; | ||
3615 | ieee80211_rx_mgmt( | ||
3616 | rx->local, rx->skb, rx->u.rx.status, | ||
3617 | ieee80211_msg_wep_frame_unknown_key); | ||
3618 | return TXRX_QUEUED; | ||
3619 | } | ||
3620 | } | ||
3621 | } | ||
3622 | |||
3623 | if (rx->fc & IEEE80211_FCTL_PROTECTED && rx->key && rx->u.rx.ra_match) { | ||
3624 | rx->key->tx_rx_count++; | ||
3625 | if (unlikely(rx->local->key_tx_rx_threshold && | ||
3626 | rx->key->tx_rx_count > | ||
3627 | rx->local->key_tx_rx_threshold)) { | ||
3628 | ieee80211_key_threshold_notify(rx->dev, rx->key, | ||
3629 | rx->sta); | ||
3630 | } | ||
3631 | } | ||
3632 | |||
3633 | return TXRX_CONTINUE; | ||
3634 | } | ||
3635 | |||
3636 | |||
3637 | static ieee80211_txrx_result | ||
3638 | ieee80211_rx_h_sta_process(struct ieee80211_txrx_data *rx) | ||
3639 | { | ||
3640 | struct sta_info *sta = rx->sta; | ||
3641 | struct net_device *dev = rx->dev; | ||
3642 | struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data; | ||
3643 | |||
3644 | if (!sta) | ||
3645 | return TXRX_CONTINUE; | ||
3646 | |||
3647 | /* Update last_rx only for IBSS packets which are for the current | ||
3648 | * BSSID to avoid keeping the current IBSS network alive in cases where | ||
3649 | * other STAs are using different BSSID. */ | ||
3650 | if (rx->sdata->type == IEEE80211_IF_TYPE_IBSS) { | ||
3651 | u8 *bssid = ieee80211_get_bssid(hdr, rx->skb->len); | ||
3652 | if (compare_ether_addr(bssid, rx->sdata->u.sta.bssid) == 0) | ||
3653 | sta->last_rx = jiffies; | ||
3654 | } else | ||
3655 | if (!is_multicast_ether_addr(hdr->addr1) || | ||
3656 | rx->sdata->type == IEEE80211_IF_TYPE_STA) { | ||
3657 | /* Update last_rx only for unicast frames in order to prevent | ||
3658 | * the Probe Request frames (the only broadcast frames from a | ||
3659 | * STA in infrastructure mode) from keeping a connection alive. | ||
3660 | */ | ||
3661 | sta->last_rx = jiffies; | ||
3662 | } | ||
3663 | |||
3664 | if (!rx->u.rx.ra_match) | ||
3665 | return TXRX_CONTINUE; | ||
3666 | |||
3667 | sta->rx_fragments++; | ||
3668 | sta->rx_bytes += rx->skb->len; | ||
3669 | sta->last_rssi = (sta->last_rssi * 15 + | ||
3670 | rx->u.rx.status->ssi) / 16; | ||
3671 | sta->last_signal = (sta->last_signal * 15 + | ||
3672 | rx->u.rx.status->signal) / 16; | ||
3673 | sta->last_noise = (sta->last_noise * 15 + | ||
3674 | rx->u.rx.status->noise) / 16; | ||
3675 | |||
3676 | if (!(rx->fc & IEEE80211_FCTL_MOREFRAGS)) { | ||
3677 | /* Change STA power saving mode only in the end of a frame | ||
3678 | * exchange sequence */ | ||
3679 | if ((sta->flags & WLAN_STA_PS) && !(rx->fc & IEEE80211_FCTL_PM)) | ||
3680 | rx->u.rx.sent_ps_buffered += ap_sta_ps_end(dev, sta); | ||
3681 | else if (!(sta->flags & WLAN_STA_PS) && | ||
3682 | (rx->fc & IEEE80211_FCTL_PM)) | ||
3683 | ap_sta_ps_start(dev, sta); | ||
3684 | } | ||
3685 | |||
3686 | /* Drop data::nullfunc frames silently, since they are used only to | ||
3687 | * control station power saving mode. */ | ||
3688 | if ((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA && | ||
3689 | (rx->fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_NULLFUNC) { | ||
3690 | I802_DEBUG_INC(rx->local->rx_handlers_drop_nullfunc); | ||
3691 | /* Update counter and free packet here to avoid counting this | ||
3692 | * as a dropped packed. */ | ||
3693 | sta->rx_packets++; | ||
3694 | dev_kfree_skb(rx->skb); | ||
3695 | return TXRX_QUEUED; | ||
3696 | } | ||
3697 | |||
3698 | return TXRX_CONTINUE; | ||
3699 | } /* ieee80211_rx_h_sta_process */ | ||
3700 | |||
3701 | |||
3702 | static ieee80211_txrx_result | ||
3703 | ieee80211_rx_h_wep_weak_iv_detection(struct ieee80211_txrx_data *rx) | ||
3704 | { | ||
3705 | if (!rx->sta || !(rx->fc & IEEE80211_FCTL_PROTECTED) || | ||
3706 | (rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA || | ||
3707 | !rx->key || rx->key->alg != ALG_WEP || !rx->u.rx.ra_match) | ||
3708 | return TXRX_CONTINUE; | ||
3709 | |||
3710 | /* Check for weak IVs, if hwaccel did not remove IV from the frame */ | ||
3711 | if ((rx->local->hw.flags & IEEE80211_HW_WEP_INCLUDE_IV) || | ||
3712 | rx->key->force_sw_encrypt) { | ||
3713 | u8 *iv = ieee80211_wep_is_weak_iv(rx->skb, rx->key); | ||
3714 | if (iv) { | ||
3715 | rx->sta->wep_weak_iv_count++; | ||
3716 | } | ||
3717 | } | ||
3718 | |||
3719 | return TXRX_CONTINUE; | ||
3720 | } | ||
3721 | |||
3722 | |||
3723 | static ieee80211_txrx_result | ||
3724 | ieee80211_rx_h_wep_decrypt(struct ieee80211_txrx_data *rx) | ||
3725 | { | ||
3726 | /* If the device handles decryption totally, skip this test */ | ||
3727 | if (rx->local->hw.flags & IEEE80211_HW_DEVICE_HIDES_WEP) | ||
3728 | return TXRX_CONTINUE; | ||
3729 | |||
3730 | if ((rx->key && rx->key->alg != ALG_WEP) || | ||
3731 | !(rx->fc & IEEE80211_FCTL_PROTECTED) || | ||
3732 | ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA && | ||
3733 | ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT || | ||
3734 | (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_AUTH))) | ||
3735 | return TXRX_CONTINUE; | ||
3736 | |||
3737 | if (!rx->key) { | ||
3738 | printk(KERN_DEBUG "%s: RX WEP frame, but no key set\n", | ||
3739 | rx->dev->name); | ||
3740 | return TXRX_DROP; | ||
3741 | } | ||
3742 | |||
3743 | if (!(rx->u.rx.status->flag & RX_FLAG_DECRYPTED) || | ||
3744 | rx->key->force_sw_encrypt) { | ||
3745 | if (ieee80211_wep_decrypt(rx->local, rx->skb, rx->key)) { | ||
3746 | printk(KERN_DEBUG "%s: RX WEP frame, decrypt " | ||
3747 | "failed\n", rx->dev->name); | ||
3748 | return TXRX_DROP; | ||
3749 | } | ||
3750 | } else if (rx->local->hw.flags & IEEE80211_HW_WEP_INCLUDE_IV) { | ||
3751 | ieee80211_wep_remove_iv(rx->local, rx->skb, rx->key); | ||
3752 | /* remove ICV */ | ||
3753 | skb_trim(rx->skb, rx->skb->len - 4); | ||
3754 | } | ||
3755 | |||
3756 | return TXRX_CONTINUE; | ||
3757 | } | ||
3758 | |||
3759 | |||
3760 | static ieee80211_txrx_result | ||
3761 | ieee80211_rx_h_802_1x_pae(struct ieee80211_txrx_data *rx) | ||
3762 | { | ||
3763 | if (rx->sdata->eapol && ieee80211_is_eapol(rx->skb) && | ||
3764 | rx->sdata->type != IEEE80211_IF_TYPE_STA && rx->u.rx.ra_match) { | ||
3765 | /* Pass both encrypted and unencrypted EAPOL frames to user | ||
3766 | * space for processing. */ | ||
3767 | if (!rx->local->apdev) | ||
3768 | return TXRX_DROP; | ||
3769 | ieee80211_rx_mgmt(rx->local, rx->skb, rx->u.rx.status, | ||
3770 | ieee80211_msg_normal); | ||
3771 | return TXRX_QUEUED; | ||
3772 | } | ||
3773 | |||
3774 | if (unlikely(rx->sdata->ieee802_1x && | ||
3775 | (rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA && | ||
3776 | (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_NULLFUNC && | ||
3777 | (!rx->sta || !(rx->sta->flags & WLAN_STA_AUTHORIZED)) && | ||
3778 | !ieee80211_is_eapol(rx->skb))) { | ||
3779 | #ifdef CONFIG_MAC80211_DEBUG | ||
3780 | struct ieee80211_hdr *hdr = | ||
3781 | (struct ieee80211_hdr *) rx->skb->data; | ||
3782 | printk(KERN_DEBUG "%s: dropped frame from " MAC_FMT | ||
3783 | " (unauthorized port)\n", rx->dev->name, | ||
3784 | MAC_ARG(hdr->addr2)); | ||
3785 | #endif /* CONFIG_MAC80211_DEBUG */ | ||
3786 | return TXRX_DROP; | ||
3787 | } | ||
3788 | |||
3789 | return TXRX_CONTINUE; | ||
3790 | } | ||
3791 | |||
3792 | |||
3793 | static ieee80211_txrx_result | ||
3794 | ieee80211_rx_h_drop_unencrypted(struct ieee80211_txrx_data *rx) | ||
3795 | { | ||
3796 | /* If the device handles decryption totally, skip this test */ | ||
3797 | if (rx->local->hw.flags & IEEE80211_HW_DEVICE_HIDES_WEP) | ||
3798 | return TXRX_CONTINUE; | ||
3799 | |||
3800 | /* Drop unencrypted frames if key is set. */ | ||
3801 | if (unlikely(!(rx->fc & IEEE80211_FCTL_PROTECTED) && | ||
3802 | (rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA && | ||
3803 | (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_NULLFUNC && | ||
3804 | (rx->key || rx->sdata->drop_unencrypted) && | ||
3805 | (rx->sdata->eapol == 0 || | ||
3806 | !ieee80211_is_eapol(rx->skb)))) { | ||
3807 | printk(KERN_DEBUG "%s: RX non-WEP frame, but expected " | ||
3808 | "encryption\n", rx->dev->name); | ||
3809 | return TXRX_DROP; | ||
3810 | } | ||
3811 | return TXRX_CONTINUE; | ||
3812 | } | ||
3813 | |||
3814 | |||
3815 | static ieee80211_txrx_result | ||
3816 | ieee80211_rx_h_mgmt(struct ieee80211_txrx_data *rx) | ||
3817 | { | ||
3818 | struct ieee80211_sub_if_data *sdata; | ||
3819 | |||
3820 | if (!rx->u.rx.ra_match) | ||
3821 | return TXRX_DROP; | ||
3822 | |||
3823 | sdata = IEEE80211_DEV_TO_SUB_IF(rx->dev); | ||
3824 | if ((sdata->type == IEEE80211_IF_TYPE_STA || | ||
3825 | sdata->type == IEEE80211_IF_TYPE_IBSS) && | ||
3826 | !rx->local->user_space_mlme) { | ||
3827 | ieee80211_sta_rx_mgmt(rx->dev, rx->skb, rx->u.rx.status); | ||
3828 | } else { | ||
3829 | /* Management frames are sent to hostapd for processing */ | ||
3830 | if (!rx->local->apdev) | ||
3831 | return TXRX_DROP; | ||
3832 | ieee80211_rx_mgmt(rx->local, rx->skb, rx->u.rx.status, | ||
3833 | ieee80211_msg_normal); | ||
3834 | } | ||
3835 | return TXRX_QUEUED; | ||
3836 | } | ||
3837 | |||
3838 | |||
3839 | static ieee80211_txrx_result | ||
3840 | ieee80211_rx_h_passive_scan(struct ieee80211_txrx_data *rx) | ||
3841 | { | ||
3842 | struct ieee80211_local *local = rx->local; | ||
3843 | struct sk_buff *skb = rx->skb; | ||
3844 | |||
3845 | if (unlikely(local->sta_scanning != 0)) { | ||
3846 | ieee80211_sta_rx_scan(rx->dev, skb, rx->u.rx.status); | ||
3847 | return TXRX_QUEUED; | ||
3848 | } | ||
3849 | |||
3850 | if (unlikely(rx->u.rx.in_scan)) { | ||
3851 | /* scanning finished during invoking of handlers */ | ||
3852 | I802_DEBUG_INC(local->rx_handlers_drop_passive_scan); | ||
3853 | return TXRX_DROP; | ||
3854 | } | ||
3855 | |||
3856 | return TXRX_CONTINUE; | ||
3857 | } | ||
3858 | |||
3859 | |||
3860 | static void ieee80211_rx_michael_mic_report(struct net_device *dev, | ||
3861 | struct ieee80211_hdr *hdr, | ||
3862 | struct sta_info *sta, | ||
3863 | struct ieee80211_txrx_data *rx) | ||
3864 | { | ||
3865 | int keyidx, hdrlen; | ||
3866 | |||
3867 | hdrlen = ieee80211_get_hdrlen_from_skb(rx->skb); | ||
3868 | if (rx->skb->len >= hdrlen + 4) | ||
3869 | keyidx = rx->skb->data[hdrlen + 3] >> 6; | ||
3870 | else | ||
3871 | keyidx = -1; | ||
3872 | |||
3873 | /* TODO: verify that this is not triggered by fragmented | ||
3874 | * frames (hw does not verify MIC for them). */ | ||
3875 | printk(KERN_DEBUG "%s: TKIP hwaccel reported Michael MIC " | ||
3876 | "failure from " MAC_FMT " to " MAC_FMT " keyidx=%d\n", | ||
3877 | dev->name, MAC_ARG(hdr->addr2), MAC_ARG(hdr->addr1), keyidx); | ||
3878 | |||
3879 | if (!sta) { | ||
3880 | /* Some hardware versions seem to generate incorrect | ||
3881 | * Michael MIC reports; ignore them to avoid triggering | ||
3882 | * countermeasures. */ | ||
3883 | printk(KERN_DEBUG "%s: ignored spurious Michael MIC " | ||
3884 | "error for unknown address " MAC_FMT "\n", | ||
3885 | dev->name, MAC_ARG(hdr->addr2)); | ||
3886 | goto ignore; | ||
3887 | } | ||
3888 | |||
3889 | if (!(rx->fc & IEEE80211_FCTL_PROTECTED)) { | ||
3890 | printk(KERN_DEBUG "%s: ignored spurious Michael MIC " | ||
3891 | "error for a frame with no ISWEP flag (src " | ||
3892 | MAC_FMT ")\n", dev->name, MAC_ARG(hdr->addr2)); | ||
3893 | goto ignore; | ||
3894 | } | ||
3895 | |||
3896 | if ((rx->local->hw.flags & IEEE80211_HW_WEP_INCLUDE_IV) && | ||
3897 | rx->sdata->type == IEEE80211_IF_TYPE_AP) { | ||
3898 | keyidx = ieee80211_wep_get_keyidx(rx->skb); | ||
3899 | /* AP with Pairwise keys support should never receive Michael | ||
3900 | * MIC errors for non-zero keyidx because these are reserved | ||
3901 | * for group keys and only the AP is sending real multicast | ||
3902 | * frames in BSS. */ | ||
3903 | if (keyidx) { | ||
3904 | printk(KERN_DEBUG "%s: ignored Michael MIC error for " | ||
3905 | "a frame with non-zero keyidx (%d) (src " MAC_FMT | ||
3906 | ")\n", dev->name, keyidx, MAC_ARG(hdr->addr2)); | ||
3907 | goto ignore; | ||
3908 | } | ||
3909 | } | ||
3910 | |||
3911 | if ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA && | ||
3912 | ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT || | ||
3913 | (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_AUTH)) { | ||
3914 | printk(KERN_DEBUG "%s: ignored spurious Michael MIC " | ||
3915 | "error for a frame that cannot be encrypted " | ||
3916 | "(fc=0x%04x) (src " MAC_FMT ")\n", | ||
3917 | dev->name, rx->fc, MAC_ARG(hdr->addr2)); | ||
3918 | goto ignore; | ||
3919 | } | ||
3920 | |||
3921 | do { | ||
3922 | union iwreq_data wrqu; | ||
3923 | char *buf = kmalloc(128, GFP_ATOMIC); | ||
3924 | if (!buf) | ||
3925 | break; | ||
3926 | |||
3927 | /* TODO: needed parameters: count, key type, TSC */ | ||
3928 | sprintf(buf, "MLME-MICHAELMICFAILURE.indication(" | ||
3929 | "keyid=%d %scast addr=" MAC_FMT ")", | ||
3930 | keyidx, hdr->addr1[0] & 0x01 ? "broad" : "uni", | ||
3931 | MAC_ARG(hdr->addr2)); | ||
3932 | memset(&wrqu, 0, sizeof(wrqu)); | ||
3933 | wrqu.data.length = strlen(buf); | ||
3934 | wireless_send_event(rx->dev, IWEVCUSTOM, &wrqu, buf); | ||
3935 | kfree(buf); | ||
3936 | } while (0); | ||
3937 | |||
3938 | /* TODO: consider verifying the MIC error report with software | ||
3939 | * implementation if we get too many spurious reports from the | ||
3940 | * hardware. */ | ||
3941 | if (!rx->local->apdev) | ||
3942 | goto ignore; | ||
3943 | ieee80211_rx_mgmt(rx->local, rx->skb, rx->u.rx.status, | ||
3944 | ieee80211_msg_michael_mic_failure); | ||
3945 | return; | ||
3946 | |||
3947 | ignore: | ||
3948 | dev_kfree_skb(rx->skb); | ||
3949 | rx->skb = NULL; | ||
3950 | } | ||
3951 | |||
3952 | static inline ieee80211_txrx_result __ieee80211_invoke_rx_handlers( | ||
3953 | struct ieee80211_local *local, | ||
3954 | ieee80211_rx_handler *handlers, | ||
3955 | struct ieee80211_txrx_data *rx, | ||
3956 | struct sta_info *sta) | ||
3957 | { | ||
3958 | ieee80211_rx_handler *handler; | ||
3959 | ieee80211_txrx_result res = TXRX_DROP; | ||
3960 | |||
3961 | for (handler = handlers; *handler != NULL; handler++) { | ||
3962 | res = (*handler)(rx); | ||
3963 | if (res != TXRX_CONTINUE) { | ||
3964 | if (res == TXRX_DROP) { | ||
3965 | I802_DEBUG_INC(local->rx_handlers_drop); | ||
3966 | if (sta) | ||
3967 | sta->rx_dropped++; | ||
3968 | } | ||
3969 | if (res == TXRX_QUEUED) | ||
3970 | I802_DEBUG_INC(local->rx_handlers_queued); | ||
3971 | break; | ||
3972 | } | ||
3973 | } | ||
3974 | |||
3975 | if (res == TXRX_DROP) { | ||
3976 | dev_kfree_skb(rx->skb); | ||
3977 | } | ||
3978 | return res; | ||
3979 | } | ||
3980 | |||
3981 | static inline void ieee80211_invoke_rx_handlers(struct ieee80211_local *local, | ||
3982 | ieee80211_rx_handler *handlers, | ||
3983 | struct ieee80211_txrx_data *rx, | ||
3984 | struct sta_info *sta) | ||
3985 | { | ||
3986 | if (__ieee80211_invoke_rx_handlers(local, handlers, rx, sta) == | ||
3987 | TXRX_CONTINUE) | ||
3988 | dev_kfree_skb(rx->skb); | ||
3989 | } | ||
3990 | |||
3991 | /* | ||
3992 | * This is the receive path handler. It is called by a low level driver when an | ||
3993 | * 802.11 MPDU is received from the hardware. | ||
3994 | */ | ||
3995 | void __ieee80211_rx(struct ieee80211_hw *hw, struct sk_buff *skb, | ||
3996 | struct ieee80211_rx_status *status) | ||
3997 | { | ||
3998 | struct ieee80211_local *local = hw_to_local(hw); | ||
3999 | struct ieee80211_sub_if_data *sdata; | ||
4000 | struct sta_info *sta; | ||
4001 | struct ieee80211_hdr *hdr; | ||
4002 | struct ieee80211_txrx_data rx; | ||
4003 | u16 type; | ||
4004 | int multicast; | ||
4005 | int radiotap_len = 0; | ||
4006 | |||
4007 | if (status->flag & RX_FLAG_RADIOTAP) { | ||
4008 | radiotap_len = ieee80211_get_radiotap_len(skb); | ||
4009 | skb_pull(skb, radiotap_len); | ||
4010 | } | ||
4011 | |||
4012 | hdr = (struct ieee80211_hdr *) skb->data; | ||
4013 | memset(&rx, 0, sizeof(rx)); | ||
4014 | rx.skb = skb; | ||
4015 | rx.local = local; | ||
4016 | |||
4017 | rx.u.rx.status = status; | ||
4018 | rx.fc = skb->len >= 2 ? le16_to_cpu(hdr->frame_control) : 0; | ||
4019 | type = rx.fc & IEEE80211_FCTL_FTYPE; | ||
4020 | if (type == IEEE80211_FTYPE_DATA || type == IEEE80211_FTYPE_MGMT) | ||
4021 | local->dot11ReceivedFragmentCount++; | ||
4022 | multicast = is_multicast_ether_addr(hdr->addr1); | ||
4023 | |||
4024 | if (skb->len >= 16) | ||
4025 | sta = rx.sta = sta_info_get(local, hdr->addr2); | ||
4026 | else | ||
4027 | sta = rx.sta = NULL; | ||
4028 | |||
4029 | if (sta) { | ||
4030 | rx.dev = sta->dev; | ||
4031 | rx.sdata = IEEE80211_DEV_TO_SUB_IF(rx.dev); | ||
4032 | } | ||
4033 | |||
4034 | if ((status->flag & RX_FLAG_MMIC_ERROR)) { | ||
4035 | ieee80211_rx_michael_mic_report(local->mdev, hdr, sta, &rx); | ||
4036 | goto end; | ||
4037 | } | ||
4038 | |||
4039 | if (unlikely(local->sta_scanning)) | ||
4040 | rx.u.rx.in_scan = 1; | ||
4041 | |||
4042 | if (__ieee80211_invoke_rx_handlers(local, local->rx_pre_handlers, &rx, | ||
4043 | sta) != TXRX_CONTINUE) | ||
4044 | goto end; | ||
4045 | skb = rx.skb; | ||
4046 | |||
4047 | skb_push(skb, radiotap_len); | ||
4048 | if (sta && !sta->assoc_ap && !(sta->flags & WLAN_STA_WDS) && | ||
4049 | !local->iff_promiscs && !multicast) { | ||
4050 | rx.u.rx.ra_match = 1; | ||
4051 | ieee80211_invoke_rx_handlers(local, local->rx_handlers, &rx, | ||
4052 | sta); | ||
4053 | } else { | ||
4054 | struct ieee80211_sub_if_data *prev = NULL; | ||
4055 | struct sk_buff *skb_new; | ||
4056 | u8 *bssid = ieee80211_get_bssid(hdr, skb->len - radiotap_len); | ||
4057 | |||
4058 | read_lock(&local->sub_if_lock); | ||
4059 | list_for_each_entry(sdata, &local->sub_if_list, list) { | ||
4060 | rx.u.rx.ra_match = 1; | ||
4061 | switch (sdata->type) { | ||
4062 | case IEEE80211_IF_TYPE_STA: | ||
4063 | if (!bssid) | ||
4064 | continue; | ||
4065 | if (!ieee80211_bssid_match(bssid, | ||
4066 | sdata->u.sta.bssid)) { | ||
4067 | if (!rx.u.rx.in_scan) | ||
4068 | continue; | ||
4069 | rx.u.rx.ra_match = 0; | ||
4070 | } else if (!multicast && | ||
4071 | compare_ether_addr(sdata->dev->dev_addr, | ||
4072 | hdr->addr1) != 0) { | ||
4073 | if (!sdata->promisc) | ||
4074 | continue; | ||
4075 | rx.u.rx.ra_match = 0; | ||
4076 | } | ||
4077 | break; | ||
4078 | case IEEE80211_IF_TYPE_IBSS: | ||
4079 | if (!bssid) | ||
4080 | continue; | ||
4081 | if (!ieee80211_bssid_match(bssid, | ||
4082 | sdata->u.sta.bssid)) { | ||
4083 | if (!rx.u.rx.in_scan) | ||
4084 | continue; | ||
4085 | rx.u.rx.ra_match = 0; | ||
4086 | } else if (!multicast && | ||
4087 | compare_ether_addr(sdata->dev->dev_addr, | ||
4088 | hdr->addr1) != 0) { | ||
4089 | if (!sdata->promisc) | ||
4090 | continue; | ||
4091 | rx.u.rx.ra_match = 0; | ||
4092 | } else if (!sta) | ||
4093 | sta = rx.sta = | ||
4094 | ieee80211_ibss_add_sta(sdata->dev, | ||
4095 | skb, bssid, | ||
4096 | hdr->addr2); | ||
4097 | break; | ||
4098 | case IEEE80211_IF_TYPE_AP: | ||
4099 | if (!bssid) { | ||
4100 | if (compare_ether_addr(sdata->dev->dev_addr, | ||
4101 | hdr->addr1) != 0) | ||
4102 | continue; | ||
4103 | } else if (!ieee80211_bssid_match(bssid, | ||
4104 | sdata->dev->dev_addr)) { | ||
4105 | if (!rx.u.rx.in_scan) | ||
4106 | continue; | ||
4107 | rx.u.rx.ra_match = 0; | ||
4108 | } | ||
4109 | if (sdata->dev == local->mdev && | ||
4110 | !rx.u.rx.in_scan) | ||
4111 | /* do not receive anything via | ||
4112 | * master device when not scanning */ | ||
4113 | continue; | ||
4114 | break; | ||
4115 | case IEEE80211_IF_TYPE_WDS: | ||
4116 | if (bssid || | ||
4117 | (rx.fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA) | ||
4118 | continue; | ||
4119 | if (compare_ether_addr(sdata->u.wds.remote_addr, | ||
4120 | hdr->addr2) != 0) | ||
4121 | continue; | ||
4122 | break; | ||
4123 | } | ||
4124 | |||
4125 | if (prev) { | ||
4126 | skb_new = skb_copy(skb, GFP_ATOMIC); | ||
4127 | if (!skb_new) { | ||
4128 | if (net_ratelimit()) | ||
4129 | printk(KERN_DEBUG "%s: failed to copy " | ||
4130 | "multicast frame for %s", | ||
4131 | local->mdev->name, prev->dev->name); | ||
4132 | continue; | ||
4133 | } | ||
4134 | rx.skb = skb_new; | ||
4135 | rx.dev = prev->dev; | ||
4136 | rx.sdata = prev; | ||
4137 | ieee80211_invoke_rx_handlers(local, | ||
4138 | local->rx_handlers, | ||
4139 | &rx, sta); | ||
4140 | } | ||
4141 | prev = sdata; | ||
4142 | } | ||
4143 | if (prev) { | ||
4144 | rx.skb = skb; | ||
4145 | rx.dev = prev->dev; | ||
4146 | rx.sdata = prev; | ||
4147 | ieee80211_invoke_rx_handlers(local, local->rx_handlers, | ||
4148 | &rx, sta); | ||
4149 | } else | ||
4150 | dev_kfree_skb(skb); | ||
4151 | read_unlock(&local->sub_if_lock); | ||
4152 | } | ||
4153 | |||
4154 | end: | ||
4155 | if (sta) | ||
4156 | sta_info_put(sta); | ||
4157 | } | ||
4158 | EXPORT_SYMBOL(__ieee80211_rx); | ||
4159 | |||
4160 | static ieee80211_txrx_result | 2915 | static ieee80211_txrx_result |
4161 | ieee80211_tx_h_load_stats(struct ieee80211_txrx_data *tx) | 2916 | ieee80211_tx_h_load_stats(struct ieee80211_txrx_data *tx) |
4162 | { | 2917 | { |
@@ -4215,65 +2970,6 @@ ieee80211_tx_h_load_stats(struct ieee80211_txrx_data *tx) | |||
4215 | } | 2970 | } |
4216 | 2971 | ||
4217 | 2972 | ||
4218 | static ieee80211_txrx_result | ||
4219 | ieee80211_rx_h_load_stats(struct ieee80211_txrx_data *rx) | ||
4220 | { | ||
4221 | struct ieee80211_local *local = rx->local; | ||
4222 | struct sk_buff *skb = rx->skb; | ||
4223 | struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; | ||
4224 | u32 load = 0, hdrtime; | ||
4225 | struct ieee80211_rate *rate; | ||
4226 | struct ieee80211_hw_mode *mode = local->hw.conf.mode; | ||
4227 | int i; | ||
4228 | |||
4229 | /* Estimate total channel use caused by this frame */ | ||
4230 | |||
4231 | if (unlikely(mode->num_rates < 0)) | ||
4232 | return TXRX_CONTINUE; | ||
4233 | |||
4234 | rate = &mode->rates[0]; | ||
4235 | for (i = 0; i < mode->num_rates; i++) { | ||
4236 | if (mode->rates[i].val == rx->u.rx.status->rate) { | ||
4237 | rate = &mode->rates[i]; | ||
4238 | break; | ||
4239 | } | ||
4240 | } | ||
4241 | |||
4242 | /* 1 bit at 1 Mbit/s takes 1 usec; in channel_use values, | ||
4243 | * 1 usec = 1/8 * (1080 / 10) = 13.5 */ | ||
4244 | |||
4245 | if (mode->mode == MODE_IEEE80211A || | ||
4246 | mode->mode == MODE_ATHEROS_TURBO || | ||
4247 | mode->mode == MODE_ATHEROS_TURBOG || | ||
4248 | (mode->mode == MODE_IEEE80211G && | ||
4249 | rate->flags & IEEE80211_RATE_ERP)) | ||
4250 | hdrtime = CHAN_UTIL_HDR_SHORT; | ||
4251 | else | ||
4252 | hdrtime = CHAN_UTIL_HDR_LONG; | ||
4253 | |||
4254 | load = hdrtime; | ||
4255 | if (!is_multicast_ether_addr(hdr->addr1)) | ||
4256 | load += hdrtime; | ||
4257 | |||
4258 | load += skb->len * rate->rate_inv; | ||
4259 | |||
4260 | /* Divide channel_use by 8 to avoid wrapping around the counter */ | ||
4261 | load >>= CHAN_UTIL_SHIFT; | ||
4262 | local->channel_use_raw += load; | ||
4263 | if (rx->sta) | ||
4264 | rx->sta->channel_use_raw += load; | ||
4265 | rx->u.rx.load = load; | ||
4266 | |||
4267 | return TXRX_CONTINUE; | ||
4268 | } | ||
4269 | |||
4270 | static ieee80211_txrx_result | ||
4271 | ieee80211_rx_h_if_stats(struct ieee80211_txrx_data *rx) | ||
4272 | { | ||
4273 | rx->sdata->channel_use_raw += rx->u.rx.load; | ||
4274 | return TXRX_CONTINUE; | ||
4275 | } | ||
4276 | |||
4277 | static void ieee80211_stat_refresh(unsigned long data) | 2973 | static void ieee80211_stat_refresh(unsigned long data) |
4278 | { | 2974 | { |
4279 | struct ieee80211_local *local = (struct ieee80211_local *) data; | 2975 | struct ieee80211_local *local = (struct ieee80211_local *) data; |
@@ -4311,24 +3007,6 @@ static void ieee80211_stat_refresh(unsigned long data) | |||
4311 | } | 3007 | } |
4312 | 3008 | ||
4313 | 3009 | ||
4314 | /* This is a version of the rx handler that can be called from hard irq | ||
4315 | * context. Post the skb on the queue and schedule the tasklet */ | ||
4316 | void ieee80211_rx_irqsafe(struct ieee80211_hw *hw, struct sk_buff *skb, | ||
4317 | struct ieee80211_rx_status *status) | ||
4318 | { | ||
4319 | struct ieee80211_local *local = hw_to_local(hw); | ||
4320 | |||
4321 | BUILD_BUG_ON(sizeof(struct ieee80211_rx_status) > sizeof(skb->cb)); | ||
4322 | |||
4323 | skb->dev = local->mdev; | ||
4324 | /* copy status into skb->cb for use by tasklet */ | ||
4325 | memcpy(skb->cb, status, sizeof(*status)); | ||
4326 | skb->pkt_type = IEEE80211_RX_MSG; | ||
4327 | skb_queue_tail(&local->skb_queue, skb); | ||
4328 | tasklet_schedule(&local->tasklet); | ||
4329 | } | ||
4330 | EXPORT_SYMBOL(ieee80211_rx_irqsafe); | ||
4331 | |||
4332 | void ieee80211_tx_status_irqsafe(struct ieee80211_hw *hw, | 3010 | void ieee80211_tx_status_irqsafe(struct ieee80211_hw *hw, |
4333 | struct sk_buff *skb, | 3011 | struct sk_buff *skb, |
4334 | struct ieee80211_tx_status *status) | 3012 | struct ieee80211_tx_status *status) |
@@ -4690,41 +3368,6 @@ EXPORT_SYMBOL(ieee80211_tx_status); | |||
4690 | /* TODO: implement register/unregister functions for adding TX/RX handlers | 3368 | /* TODO: implement register/unregister functions for adding TX/RX handlers |
4691 | * into ordered list */ | 3369 | * into ordered list */ |
4692 | 3370 | ||
4693 | /* rx_pre handlers don't have dev and sdata fields available in | ||
4694 | * ieee80211_txrx_data */ | ||
4695 | static ieee80211_rx_handler ieee80211_rx_pre_handlers[] = | ||
4696 | { | ||
4697 | ieee80211_rx_h_parse_qos, | ||
4698 | ieee80211_rx_h_load_stats, | ||
4699 | NULL | ||
4700 | }; | ||
4701 | |||
4702 | static ieee80211_rx_handler ieee80211_rx_handlers[] = | ||
4703 | { | ||
4704 | ieee80211_rx_h_if_stats, | ||
4705 | ieee80211_rx_h_monitor, | ||
4706 | ieee80211_rx_h_passive_scan, | ||
4707 | ieee80211_rx_h_check, | ||
4708 | ieee80211_rx_h_sta_process, | ||
4709 | ieee80211_rx_h_ccmp_decrypt, | ||
4710 | ieee80211_rx_h_tkip_decrypt, | ||
4711 | ieee80211_rx_h_wep_weak_iv_detection, | ||
4712 | ieee80211_rx_h_wep_decrypt, | ||
4713 | ieee80211_rx_h_defragment, | ||
4714 | ieee80211_rx_h_ps_poll, | ||
4715 | ieee80211_rx_h_michael_mic_verify, | ||
4716 | /* this must be after decryption - so header is counted in MPDU mic | ||
4717 | * must be before pae and data, so QOS_DATA format frames | ||
4718 | * are not passed to user space by these functions | ||
4719 | */ | ||
4720 | ieee80211_rx_h_remove_qos_control, | ||
4721 | ieee80211_rx_h_802_1x_pae, | ||
4722 | ieee80211_rx_h_drop_unencrypted, | ||
4723 | ieee80211_rx_h_data, | ||
4724 | ieee80211_rx_h_mgmt, | ||
4725 | NULL | ||
4726 | }; | ||
4727 | |||
4728 | static ieee80211_tx_handler ieee80211_tx_handlers[] = | 3371 | static ieee80211_tx_handler ieee80211_tx_handlers[] = |
4729 | { | 3372 | { |
4730 | ieee80211_tx_h_check_assoc, | 3373 | ieee80211_tx_h_check_assoc, |
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h index 6f7bae7ef9c0..35e2ce52faeb 100644 --- a/net/mac80211/ieee80211_i.h +++ b/net/mac80211/ieee80211_i.h | |||
@@ -21,6 +21,7 @@ | |||
21 | #include <linux/workqueue.h> | 21 | #include <linux/workqueue.h> |
22 | #include <linux/types.h> | 22 | #include <linux/types.h> |
23 | #include <linux/spinlock.h> | 23 | #include <linux/spinlock.h> |
24 | #include <linux/etherdevice.h> | ||
24 | #include <net/wireless.h> | 25 | #include <net/wireless.h> |
25 | #include "ieee80211_key.h" | 26 | #include "ieee80211_key.h" |
26 | #include "sta_info.h" | 27 | #include "sta_info.h" |
@@ -707,6 +708,13 @@ static inline int ieee80211_is_erp_rate(int phymode, int rate) | |||
707 | return 0; | 708 | return 0; |
708 | } | 709 | } |
709 | 710 | ||
711 | static inline int ieee80211_bssid_match(const u8 *raddr, const u8 *addr) | ||
712 | { | ||
713 | return compare_ether_addr(raddr, addr) == 0 || | ||
714 | is_broadcast_ether_addr(raddr); | ||
715 | } | ||
716 | |||
717 | |||
710 | /* ieee80211.c */ | 718 | /* ieee80211.c */ |
711 | int ieee80211_hw_config(struct ieee80211_local *local); | 719 | int ieee80211_hw_config(struct ieee80211_local *local); |
712 | int ieee80211_if_config(struct net_device *dev); | 720 | int ieee80211_if_config(struct net_device *dev); |
@@ -730,6 +738,16 @@ void ieee80211_if_mgmt_setup(struct net_device *dev); | |||
730 | int ieee80211_init_rate_ctrl_alg(struct ieee80211_local *local, | 738 | int ieee80211_init_rate_ctrl_alg(struct ieee80211_local *local, |
731 | const char *name); | 739 | const char *name); |
732 | struct net_device_stats *ieee80211_dev_stats(struct net_device *dev); | 740 | struct net_device_stats *ieee80211_dev_stats(struct net_device *dev); |
741 | struct ieee80211_rate *ieee80211_get_rate(struct ieee80211_local *local, | ||
742 | int phymode, int hwrate); | ||
743 | void ieee80211_key_threshold_notify(struct net_device *dev, | ||
744 | struct ieee80211_key *key, | ||
745 | struct sta_info *sta); | ||
746 | u8 *ieee80211_get_bssid(struct ieee80211_hdr *hdr, size_t len); | ||
747 | int ieee80211_is_eapol(const struct sk_buff *skb); | ||
748 | |||
749 | extern const unsigned char rfc1042_header[]; | ||
750 | extern const unsigned char bridge_tunnel_header[]; | ||
733 | 751 | ||
734 | /* ieee80211_ioctl.c */ | 752 | /* ieee80211_ioctl.c */ |
735 | extern const struct iw_handler_def ieee80211_iw_handler_def; | 753 | extern const struct iw_handler_def ieee80211_iw_handler_def; |
@@ -801,6 +819,10 @@ void ieee80211_if_del_mgmt(struct ieee80211_local *local); | |||
801 | void ieee80211_regdomain_init(void); | 819 | void ieee80211_regdomain_init(void); |
802 | void ieee80211_set_default_regdomain(struct ieee80211_hw_mode *mode); | 820 | void ieee80211_set_default_regdomain(struct ieee80211_hw_mode *mode); |
803 | 821 | ||
822 | /* rx handling */ | ||
823 | extern ieee80211_rx_handler ieee80211_rx_pre_handlers[]; | ||
824 | extern ieee80211_rx_handler ieee80211_rx_handlers[]; | ||
825 | |||
804 | /* for wiphy privid */ | 826 | /* for wiphy privid */ |
805 | extern void *mac80211_wiphy_privid; | 827 | extern void *mac80211_wiphy_privid; |
806 | 828 | ||
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c new file mode 100644 index 000000000000..8c0d14c5628f --- /dev/null +++ b/net/mac80211/rx.c | |||
@@ -0,0 +1,1360 @@ | |||
1 | /* | ||
2 | * Copyright 2002-2005, Instant802 Networks, Inc. | ||
3 | * Copyright 2005-2006, Devicescape Software, Inc. | ||
4 | * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> | ||
5 | * Copyright 2007 Johannes Berg <johannes@sipsolutions.net> | ||
6 | * | ||
7 | * This program is free software; you can redistribute it and/or modify | ||
8 | * it under the terms of the GNU General Public License version 2 as | ||
9 | * published by the Free Software Foundation. | ||
10 | */ | ||
11 | |||
12 | #include <linux/kernel.h> | ||
13 | #include <linux/skbuff.h> | ||
14 | #include <linux/netdevice.h> | ||
15 | #include <linux/etherdevice.h> | ||
16 | #include <net/iw_handler.h> | ||
17 | #include <net/mac80211.h> | ||
18 | #include <net/ieee80211_radiotap.h> | ||
19 | |||
20 | #include "ieee80211_i.h" | ||
21 | #include "ieee80211_led.h" | ||
22 | #include "ieee80211_common.h" | ||
23 | #include "wep.h" | ||
24 | #include "wpa.h" | ||
25 | #include "tkip.h" | ||
26 | #include "wme.h" | ||
27 | |||
28 | /* pre-rx handlers | ||
29 | * | ||
30 | * these don't have dev/sdata fields in the rx data | ||
31 | */ | ||
32 | |||
33 | static ieee80211_txrx_result | ||
34 | ieee80211_rx_h_load_stats(struct ieee80211_txrx_data *rx) | ||
35 | { | ||
36 | struct ieee80211_local *local = rx->local; | ||
37 | struct sk_buff *skb = rx->skb; | ||
38 | struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; | ||
39 | u32 load = 0, hdrtime; | ||
40 | struct ieee80211_rate *rate; | ||
41 | struct ieee80211_hw_mode *mode = local->hw.conf.mode; | ||
42 | int i; | ||
43 | |||
44 | /* Estimate total channel use caused by this frame */ | ||
45 | |||
46 | if (unlikely(mode->num_rates < 0)) | ||
47 | return TXRX_CONTINUE; | ||
48 | |||
49 | rate = &mode->rates[0]; | ||
50 | for (i = 0; i < mode->num_rates; i++) { | ||
51 | if (mode->rates[i].val == rx->u.rx.status->rate) { | ||
52 | rate = &mode->rates[i]; | ||
53 | break; | ||
54 | } | ||
55 | } | ||
56 | |||
57 | /* 1 bit at 1 Mbit/s takes 1 usec; in channel_use values, | ||
58 | * 1 usec = 1/8 * (1080 / 10) = 13.5 */ | ||
59 | |||
60 | if (mode->mode == MODE_IEEE80211A || | ||
61 | mode->mode == MODE_ATHEROS_TURBO || | ||
62 | mode->mode == MODE_ATHEROS_TURBOG || | ||
63 | (mode->mode == MODE_IEEE80211G && | ||
64 | rate->flags & IEEE80211_RATE_ERP)) | ||
65 | hdrtime = CHAN_UTIL_HDR_SHORT; | ||
66 | else | ||
67 | hdrtime = CHAN_UTIL_HDR_LONG; | ||
68 | |||
69 | load = hdrtime; | ||
70 | if (!is_multicast_ether_addr(hdr->addr1)) | ||
71 | load += hdrtime; | ||
72 | |||
73 | load += skb->len * rate->rate_inv; | ||
74 | |||
75 | /* Divide channel_use by 8 to avoid wrapping around the counter */ | ||
76 | load >>= CHAN_UTIL_SHIFT; | ||
77 | local->channel_use_raw += load; | ||
78 | if (rx->sta) | ||
79 | rx->sta->channel_use_raw += load; | ||
80 | rx->u.rx.load = load; | ||
81 | |||
82 | return TXRX_CONTINUE; | ||
83 | } | ||
84 | |||
85 | ieee80211_rx_handler ieee80211_rx_pre_handlers[] = | ||
86 | { | ||
87 | ieee80211_rx_h_parse_qos, | ||
88 | ieee80211_rx_h_load_stats, | ||
89 | NULL | ||
90 | }; | ||
91 | |||
92 | /* rx handlers */ | ||
93 | |||
94 | static ieee80211_txrx_result | ||
95 | ieee80211_rx_h_if_stats(struct ieee80211_txrx_data *rx) | ||
96 | { | ||
97 | rx->sdata->channel_use_raw += rx->u.rx.load; | ||
98 | return TXRX_CONTINUE; | ||
99 | } | ||
100 | |||
101 | static void | ||
102 | ieee80211_rx_monitor(struct net_device *dev, struct sk_buff *skb, | ||
103 | struct ieee80211_rx_status *status) | ||
104 | { | ||
105 | struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); | ||
106 | struct ieee80211_sub_if_data *sdata; | ||
107 | struct ieee80211_rate *rate; | ||
108 | struct ieee80211_rtap_hdr { | ||
109 | struct ieee80211_radiotap_header hdr; | ||
110 | u8 flags; | ||
111 | u8 rate; | ||
112 | __le16 chan_freq; | ||
113 | __le16 chan_flags; | ||
114 | u8 antsignal; | ||
115 | } __attribute__ ((packed)) *rthdr; | ||
116 | |||
117 | skb->dev = dev; | ||
118 | |||
119 | sdata = IEEE80211_DEV_TO_SUB_IF(dev); | ||
120 | |||
121 | if (status->flag & RX_FLAG_RADIOTAP) | ||
122 | goto out; | ||
123 | |||
124 | if (skb_headroom(skb) < sizeof(*rthdr)) { | ||
125 | I802_DEBUG_INC(local->rx_expand_skb_head); | ||
126 | if (pskb_expand_head(skb, sizeof(*rthdr), 0, GFP_ATOMIC)) { | ||
127 | dev_kfree_skb(skb); | ||
128 | return; | ||
129 | } | ||
130 | } | ||
131 | |||
132 | rthdr = (struct ieee80211_rtap_hdr *) skb_push(skb, sizeof(*rthdr)); | ||
133 | memset(rthdr, 0, sizeof(*rthdr)); | ||
134 | rthdr->hdr.it_len = cpu_to_le16(sizeof(*rthdr)); | ||
135 | rthdr->hdr.it_present = | ||
136 | cpu_to_le32((1 << IEEE80211_RADIOTAP_FLAGS) | | ||
137 | (1 << IEEE80211_RADIOTAP_RATE) | | ||
138 | (1 << IEEE80211_RADIOTAP_CHANNEL) | | ||
139 | (1 << IEEE80211_RADIOTAP_DB_ANTSIGNAL)); | ||
140 | rthdr->flags = local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS ? | ||
141 | IEEE80211_RADIOTAP_F_FCS : 0; | ||
142 | rate = ieee80211_get_rate(local, status->phymode, status->rate); | ||
143 | if (rate) | ||
144 | rthdr->rate = rate->rate / 5; | ||
145 | rthdr->chan_freq = cpu_to_le16(status->freq); | ||
146 | rthdr->chan_flags = | ||
147 | status->phymode == MODE_IEEE80211A ? | ||
148 | cpu_to_le16(IEEE80211_CHAN_OFDM | IEEE80211_CHAN_5GHZ) : | ||
149 | cpu_to_le16(IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ); | ||
150 | rthdr->antsignal = status->ssi; | ||
151 | |||
152 | out: | ||
153 | sdata->stats.rx_packets++; | ||
154 | sdata->stats.rx_bytes += skb->len; | ||
155 | |||
156 | skb_set_mac_header(skb, 0); | ||
157 | skb->ip_summed = CHECKSUM_UNNECESSARY; | ||
158 | skb->pkt_type = PACKET_OTHERHOST; | ||
159 | skb->protocol = htons(ETH_P_802_2); | ||
160 | memset(skb->cb, 0, sizeof(skb->cb)); | ||
161 | netif_rx(skb); | ||
162 | } | ||
163 | |||
164 | static ieee80211_txrx_result | ||
165 | ieee80211_rx_h_monitor(struct ieee80211_txrx_data *rx) | ||
166 | { | ||
167 | if (rx->sdata->type == IEEE80211_IF_TYPE_MNTR) { | ||
168 | ieee80211_rx_monitor(rx->dev, rx->skb, rx->u.rx.status); | ||
169 | return TXRX_QUEUED; | ||
170 | } | ||
171 | |||
172 | if (rx->u.rx.status->flag & RX_FLAG_RADIOTAP) | ||
173 | skb_pull(rx->skb, ieee80211_get_radiotap_len(rx->skb->data)); | ||
174 | |||
175 | return TXRX_CONTINUE; | ||
176 | } | ||
177 | |||
178 | static ieee80211_txrx_result | ||
179 | ieee80211_rx_h_passive_scan(struct ieee80211_txrx_data *rx) | ||
180 | { | ||
181 | struct ieee80211_local *local = rx->local; | ||
182 | struct sk_buff *skb = rx->skb; | ||
183 | |||
184 | if (unlikely(local->sta_scanning != 0)) { | ||
185 | ieee80211_sta_rx_scan(rx->dev, skb, rx->u.rx.status); | ||
186 | return TXRX_QUEUED; | ||
187 | } | ||
188 | |||
189 | if (unlikely(rx->u.rx.in_scan)) { | ||
190 | /* scanning finished during invoking of handlers */ | ||
191 | I802_DEBUG_INC(local->rx_handlers_drop_passive_scan); | ||
192 | return TXRX_DROP; | ||
193 | } | ||
194 | |||
195 | return TXRX_CONTINUE; | ||
196 | } | ||
197 | |||
198 | static ieee80211_txrx_result | ||
199 | ieee80211_rx_h_check(struct ieee80211_txrx_data *rx) | ||
200 | { | ||
201 | struct ieee80211_hdr *hdr; | ||
202 | int always_sta_key; | ||
203 | hdr = (struct ieee80211_hdr *) rx->skb->data; | ||
204 | |||
205 | /* Drop duplicate 802.11 retransmissions (IEEE 802.11 Chap. 9.2.9) */ | ||
206 | if (rx->sta && !is_multicast_ether_addr(hdr->addr1)) { | ||
207 | if (unlikely(rx->fc & IEEE80211_FCTL_RETRY && | ||
208 | rx->sta->last_seq_ctrl[rx->u.rx.queue] == | ||
209 | hdr->seq_ctrl)) { | ||
210 | if (rx->u.rx.ra_match) { | ||
211 | rx->local->dot11FrameDuplicateCount++; | ||
212 | rx->sta->num_duplicates++; | ||
213 | } | ||
214 | return TXRX_DROP; | ||
215 | } else | ||
216 | rx->sta->last_seq_ctrl[rx->u.rx.queue] = hdr->seq_ctrl; | ||
217 | } | ||
218 | |||
219 | if ((rx->local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS) && | ||
220 | rx->skb->len > FCS_LEN) | ||
221 | skb_trim(rx->skb, rx->skb->len - FCS_LEN); | ||
222 | |||
223 | if (unlikely(rx->skb->len < 16)) { | ||
224 | I802_DEBUG_INC(rx->local->rx_handlers_drop_short); | ||
225 | return TXRX_DROP; | ||
226 | } | ||
227 | |||
228 | if (!rx->u.rx.ra_match) | ||
229 | rx->skb->pkt_type = PACKET_OTHERHOST; | ||
230 | else if (compare_ether_addr(rx->dev->dev_addr, hdr->addr1) == 0) | ||
231 | rx->skb->pkt_type = PACKET_HOST; | ||
232 | else if (is_multicast_ether_addr(hdr->addr1)) { | ||
233 | if (is_broadcast_ether_addr(hdr->addr1)) | ||
234 | rx->skb->pkt_type = PACKET_BROADCAST; | ||
235 | else | ||
236 | rx->skb->pkt_type = PACKET_MULTICAST; | ||
237 | } else | ||
238 | rx->skb->pkt_type = PACKET_OTHERHOST; | ||
239 | |||
240 | /* Drop disallowed frame classes based on STA auth/assoc state; | ||
241 | * IEEE 802.11, Chap 5.5. | ||
242 | * | ||
243 | * 80211.o does filtering only based on association state, i.e., it | ||
244 | * drops Class 3 frames from not associated stations. hostapd sends | ||
245 | * deauth/disassoc frames when needed. In addition, hostapd is | ||
246 | * responsible for filtering on both auth and assoc states. | ||
247 | */ | ||
248 | if (unlikely(((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA || | ||
249 | ((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_CTL && | ||
250 | (rx->fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_PSPOLL)) && | ||
251 | rx->sdata->type != IEEE80211_IF_TYPE_IBSS && | ||
252 | (!rx->sta || !(rx->sta->flags & WLAN_STA_ASSOC)))) { | ||
253 | if ((!(rx->fc & IEEE80211_FCTL_FROMDS) && | ||
254 | !(rx->fc & IEEE80211_FCTL_TODS) && | ||
255 | (rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA) | ||
256 | || !rx->u.rx.ra_match) { | ||
257 | /* Drop IBSS frames and frames for other hosts | ||
258 | * silently. */ | ||
259 | return TXRX_DROP; | ||
260 | } | ||
261 | |||
262 | if (!rx->local->apdev) | ||
263 | return TXRX_DROP; | ||
264 | |||
265 | ieee80211_rx_mgmt(rx->local, rx->skb, rx->u.rx.status, | ||
266 | ieee80211_msg_sta_not_assoc); | ||
267 | return TXRX_QUEUED; | ||
268 | } | ||
269 | |||
270 | if (rx->sdata->type == IEEE80211_IF_TYPE_STA) | ||
271 | always_sta_key = 0; | ||
272 | else | ||
273 | always_sta_key = 1; | ||
274 | |||
275 | if (rx->sta && rx->sta->key && always_sta_key) { | ||
276 | rx->key = rx->sta->key; | ||
277 | } else { | ||
278 | if (rx->sta && rx->sta->key) | ||
279 | rx->key = rx->sta->key; | ||
280 | else | ||
281 | rx->key = rx->sdata->default_key; | ||
282 | |||
283 | if ((rx->local->hw.flags & IEEE80211_HW_WEP_INCLUDE_IV) && | ||
284 | rx->fc & IEEE80211_FCTL_PROTECTED) { | ||
285 | int keyidx = ieee80211_wep_get_keyidx(rx->skb); | ||
286 | |||
287 | if (keyidx >= 0 && keyidx < NUM_DEFAULT_KEYS && | ||
288 | (!rx->sta || !rx->sta->key || keyidx > 0)) | ||
289 | rx->key = rx->sdata->keys[keyidx]; | ||
290 | |||
291 | if (!rx->key) { | ||
292 | if (!rx->u.rx.ra_match) | ||
293 | return TXRX_DROP; | ||
294 | printk(KERN_DEBUG "%s: RX WEP frame with " | ||
295 | "unknown keyidx %d (A1=" MAC_FMT " A2=" | ||
296 | MAC_FMT " A3=" MAC_FMT ")\n", | ||
297 | rx->dev->name, keyidx, | ||
298 | MAC_ARG(hdr->addr1), | ||
299 | MAC_ARG(hdr->addr2), | ||
300 | MAC_ARG(hdr->addr3)); | ||
301 | if (!rx->local->apdev) | ||
302 | return TXRX_DROP; | ||
303 | ieee80211_rx_mgmt( | ||
304 | rx->local, rx->skb, rx->u.rx.status, | ||
305 | ieee80211_msg_wep_frame_unknown_key); | ||
306 | return TXRX_QUEUED; | ||
307 | } | ||
308 | } | ||
309 | } | ||
310 | |||
311 | if (rx->fc & IEEE80211_FCTL_PROTECTED && rx->key && rx->u.rx.ra_match) { | ||
312 | rx->key->tx_rx_count++; | ||
313 | if (unlikely(rx->local->key_tx_rx_threshold && | ||
314 | rx->key->tx_rx_count > | ||
315 | rx->local->key_tx_rx_threshold)) { | ||
316 | ieee80211_key_threshold_notify(rx->dev, rx->key, | ||
317 | rx->sta); | ||
318 | } | ||
319 | } | ||
320 | |||
321 | return TXRX_CONTINUE; | ||
322 | } | ||
323 | |||
324 | static void ap_sta_ps_start(struct net_device *dev, struct sta_info *sta) | ||
325 | { | ||
326 | struct ieee80211_sub_if_data *sdata; | ||
327 | sdata = IEEE80211_DEV_TO_SUB_IF(sta->dev); | ||
328 | |||
329 | if (sdata->bss) | ||
330 | atomic_inc(&sdata->bss->num_sta_ps); | ||
331 | sta->flags |= WLAN_STA_PS; | ||
332 | sta->pspoll = 0; | ||
333 | #ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG | ||
334 | printk(KERN_DEBUG "%s: STA " MAC_FMT " aid %d enters power " | ||
335 | "save mode\n", dev->name, MAC_ARG(sta->addr), sta->aid); | ||
336 | #endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */ | ||
337 | } | ||
338 | |||
339 | static int ap_sta_ps_end(struct net_device *dev, struct sta_info *sta) | ||
340 | { | ||
341 | struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); | ||
342 | struct sk_buff *skb; | ||
343 | int sent = 0; | ||
344 | struct ieee80211_sub_if_data *sdata; | ||
345 | struct ieee80211_tx_packet_data *pkt_data; | ||
346 | |||
347 | sdata = IEEE80211_DEV_TO_SUB_IF(sta->dev); | ||
348 | if (sdata->bss) | ||
349 | atomic_dec(&sdata->bss->num_sta_ps); | ||
350 | sta->flags &= ~(WLAN_STA_PS | WLAN_STA_TIM); | ||
351 | sta->pspoll = 0; | ||
352 | if (!skb_queue_empty(&sta->ps_tx_buf)) { | ||
353 | if (local->ops->set_tim) | ||
354 | local->ops->set_tim(local_to_hw(local), sta->aid, 0); | ||
355 | if (sdata->bss) | ||
356 | bss_tim_clear(local, sdata->bss, sta->aid); | ||
357 | } | ||
358 | #ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG | ||
359 | printk(KERN_DEBUG "%s: STA " MAC_FMT " aid %d exits power " | ||
360 | "save mode\n", dev->name, MAC_ARG(sta->addr), sta->aid); | ||
361 | #endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */ | ||
362 | /* Send all buffered frames to the station */ | ||
363 | while ((skb = skb_dequeue(&sta->tx_filtered)) != NULL) { | ||
364 | pkt_data = (struct ieee80211_tx_packet_data *) skb->cb; | ||
365 | sent++; | ||
366 | pkt_data->requeue = 1; | ||
367 | dev_queue_xmit(skb); | ||
368 | } | ||
369 | while ((skb = skb_dequeue(&sta->ps_tx_buf)) != NULL) { | ||
370 | pkt_data = (struct ieee80211_tx_packet_data *) skb->cb; | ||
371 | local->total_ps_buffered--; | ||
372 | sent++; | ||
373 | #ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG | ||
374 | printk(KERN_DEBUG "%s: STA " MAC_FMT " aid %d send PS frame " | ||
375 | "since STA not sleeping anymore\n", dev->name, | ||
376 | MAC_ARG(sta->addr), sta->aid); | ||
377 | #endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */ | ||
378 | pkt_data->requeue = 1; | ||
379 | dev_queue_xmit(skb); | ||
380 | } | ||
381 | |||
382 | return sent; | ||
383 | } | ||
384 | |||
385 | static ieee80211_txrx_result | ||
386 | ieee80211_rx_h_sta_process(struct ieee80211_txrx_data *rx) | ||
387 | { | ||
388 | struct sta_info *sta = rx->sta; | ||
389 | struct net_device *dev = rx->dev; | ||
390 | struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data; | ||
391 | |||
392 | if (!sta) | ||
393 | return TXRX_CONTINUE; | ||
394 | |||
395 | /* Update last_rx only for IBSS packets which are for the current | ||
396 | * BSSID to avoid keeping the current IBSS network alive in cases where | ||
397 | * other STAs are using different BSSID. */ | ||
398 | if (rx->sdata->type == IEEE80211_IF_TYPE_IBSS) { | ||
399 | u8 *bssid = ieee80211_get_bssid(hdr, rx->skb->len); | ||
400 | if (compare_ether_addr(bssid, rx->sdata->u.sta.bssid) == 0) | ||
401 | sta->last_rx = jiffies; | ||
402 | } else | ||
403 | if (!is_multicast_ether_addr(hdr->addr1) || | ||
404 | rx->sdata->type == IEEE80211_IF_TYPE_STA) { | ||
405 | /* Update last_rx only for unicast frames in order to prevent | ||
406 | * the Probe Request frames (the only broadcast frames from a | ||
407 | * STA in infrastructure mode) from keeping a connection alive. | ||
408 | */ | ||
409 | sta->last_rx = jiffies; | ||
410 | } | ||
411 | |||
412 | if (!rx->u.rx.ra_match) | ||
413 | return TXRX_CONTINUE; | ||
414 | |||
415 | sta->rx_fragments++; | ||
416 | sta->rx_bytes += rx->skb->len; | ||
417 | sta->last_rssi = (sta->last_rssi * 15 + | ||
418 | rx->u.rx.status->ssi) / 16; | ||
419 | sta->last_signal = (sta->last_signal * 15 + | ||
420 | rx->u.rx.status->signal) / 16; | ||
421 | sta->last_noise = (sta->last_noise * 15 + | ||
422 | rx->u.rx.status->noise) / 16; | ||
423 | |||
424 | if (!(rx->fc & IEEE80211_FCTL_MOREFRAGS)) { | ||
425 | /* Change STA power saving mode only in the end of a frame | ||
426 | * exchange sequence */ | ||
427 | if ((sta->flags & WLAN_STA_PS) && !(rx->fc & IEEE80211_FCTL_PM)) | ||
428 | rx->u.rx.sent_ps_buffered += ap_sta_ps_end(dev, sta); | ||
429 | else if (!(sta->flags & WLAN_STA_PS) && | ||
430 | (rx->fc & IEEE80211_FCTL_PM)) | ||
431 | ap_sta_ps_start(dev, sta); | ||
432 | } | ||
433 | |||
434 | /* Drop data::nullfunc frames silently, since they are used only to | ||
435 | * control station power saving mode. */ | ||
436 | if ((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA && | ||
437 | (rx->fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_NULLFUNC) { | ||
438 | I802_DEBUG_INC(rx->local->rx_handlers_drop_nullfunc); | ||
439 | /* Update counter and free packet here to avoid counting this | ||
440 | * as a dropped packed. */ | ||
441 | sta->rx_packets++; | ||
442 | dev_kfree_skb(rx->skb); | ||
443 | return TXRX_QUEUED; | ||
444 | } | ||
445 | |||
446 | return TXRX_CONTINUE; | ||
447 | } /* ieee80211_rx_h_sta_process */ | ||
448 | |||
449 | static ieee80211_txrx_result | ||
450 | ieee80211_rx_h_wep_weak_iv_detection(struct ieee80211_txrx_data *rx) | ||
451 | { | ||
452 | if (!rx->sta || !(rx->fc & IEEE80211_FCTL_PROTECTED) || | ||
453 | (rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA || | ||
454 | !rx->key || rx->key->alg != ALG_WEP || !rx->u.rx.ra_match) | ||
455 | return TXRX_CONTINUE; | ||
456 | |||
457 | /* Check for weak IVs, if hwaccel did not remove IV from the frame */ | ||
458 | if ((rx->local->hw.flags & IEEE80211_HW_WEP_INCLUDE_IV) || | ||
459 | rx->key->force_sw_encrypt) { | ||
460 | u8 *iv = ieee80211_wep_is_weak_iv(rx->skb, rx->key); | ||
461 | if (iv) { | ||
462 | rx->sta->wep_weak_iv_count++; | ||
463 | } | ||
464 | } | ||
465 | |||
466 | return TXRX_CONTINUE; | ||
467 | } | ||
468 | |||
469 | static ieee80211_txrx_result | ||
470 | ieee80211_rx_h_wep_decrypt(struct ieee80211_txrx_data *rx) | ||
471 | { | ||
472 | /* If the device handles decryption totally, skip this test */ | ||
473 | if (rx->local->hw.flags & IEEE80211_HW_DEVICE_HIDES_WEP) | ||
474 | return TXRX_CONTINUE; | ||
475 | |||
476 | if ((rx->key && rx->key->alg != ALG_WEP) || | ||
477 | !(rx->fc & IEEE80211_FCTL_PROTECTED) || | ||
478 | ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA && | ||
479 | ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT || | ||
480 | (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_AUTH))) | ||
481 | return TXRX_CONTINUE; | ||
482 | |||
483 | if (!rx->key) { | ||
484 | printk(KERN_DEBUG "%s: RX WEP frame, but no key set\n", | ||
485 | rx->dev->name); | ||
486 | return TXRX_DROP; | ||
487 | } | ||
488 | |||
489 | if (!(rx->u.rx.status->flag & RX_FLAG_DECRYPTED) || | ||
490 | rx->key->force_sw_encrypt) { | ||
491 | if (ieee80211_wep_decrypt(rx->local, rx->skb, rx->key)) { | ||
492 | printk(KERN_DEBUG "%s: RX WEP frame, decrypt " | ||
493 | "failed\n", rx->dev->name); | ||
494 | return TXRX_DROP; | ||
495 | } | ||
496 | } else if (rx->local->hw.flags & IEEE80211_HW_WEP_INCLUDE_IV) { | ||
497 | ieee80211_wep_remove_iv(rx->local, rx->skb, rx->key); | ||
498 | /* remove ICV */ | ||
499 | skb_trim(rx->skb, rx->skb->len - 4); | ||
500 | } | ||
501 | |||
502 | return TXRX_CONTINUE; | ||
503 | } | ||
504 | |||
505 | static inline struct ieee80211_fragment_entry * | ||
506 | ieee80211_reassemble_add(struct ieee80211_sub_if_data *sdata, | ||
507 | unsigned int frag, unsigned int seq, int rx_queue, | ||
508 | struct sk_buff **skb) | ||
509 | { | ||
510 | struct ieee80211_fragment_entry *entry; | ||
511 | int idx; | ||
512 | |||
513 | idx = sdata->fragment_next; | ||
514 | entry = &sdata->fragments[sdata->fragment_next++]; | ||
515 | if (sdata->fragment_next >= IEEE80211_FRAGMENT_MAX) | ||
516 | sdata->fragment_next = 0; | ||
517 | |||
518 | if (!skb_queue_empty(&entry->skb_list)) { | ||
519 | #ifdef CONFIG_MAC80211_DEBUG | ||
520 | struct ieee80211_hdr *hdr = | ||
521 | (struct ieee80211_hdr *) entry->skb_list.next->data; | ||
522 | printk(KERN_DEBUG "%s: RX reassembly removed oldest " | ||
523 | "fragment entry (idx=%d age=%lu seq=%d last_frag=%d " | ||
524 | "addr1=" MAC_FMT " addr2=" MAC_FMT "\n", | ||
525 | sdata->dev->name, idx, | ||
526 | jiffies - entry->first_frag_time, entry->seq, | ||
527 | entry->last_frag, MAC_ARG(hdr->addr1), | ||
528 | MAC_ARG(hdr->addr2)); | ||
529 | #endif /* CONFIG_MAC80211_DEBUG */ | ||
530 | __skb_queue_purge(&entry->skb_list); | ||
531 | } | ||
532 | |||
533 | __skb_queue_tail(&entry->skb_list, *skb); /* no need for locking */ | ||
534 | *skb = NULL; | ||
535 | entry->first_frag_time = jiffies; | ||
536 | entry->seq = seq; | ||
537 | entry->rx_queue = rx_queue; | ||
538 | entry->last_frag = frag; | ||
539 | entry->ccmp = 0; | ||
540 | entry->extra_len = 0; | ||
541 | |||
542 | return entry; | ||
543 | } | ||
544 | |||
545 | static inline struct ieee80211_fragment_entry * | ||
546 | ieee80211_reassemble_find(struct ieee80211_sub_if_data *sdata, | ||
547 | u16 fc, unsigned int frag, unsigned int seq, | ||
548 | int rx_queue, struct ieee80211_hdr *hdr) | ||
549 | { | ||
550 | struct ieee80211_fragment_entry *entry; | ||
551 | int i, idx; | ||
552 | |||
553 | idx = sdata->fragment_next; | ||
554 | for (i = 0; i < IEEE80211_FRAGMENT_MAX; i++) { | ||
555 | struct ieee80211_hdr *f_hdr; | ||
556 | u16 f_fc; | ||
557 | |||
558 | idx--; | ||
559 | if (idx < 0) | ||
560 | idx = IEEE80211_FRAGMENT_MAX - 1; | ||
561 | |||
562 | entry = &sdata->fragments[idx]; | ||
563 | if (skb_queue_empty(&entry->skb_list) || entry->seq != seq || | ||
564 | entry->rx_queue != rx_queue || | ||
565 | entry->last_frag + 1 != frag) | ||
566 | continue; | ||
567 | |||
568 | f_hdr = (struct ieee80211_hdr *) entry->skb_list.next->data; | ||
569 | f_fc = le16_to_cpu(f_hdr->frame_control); | ||
570 | |||
571 | if ((fc & IEEE80211_FCTL_FTYPE) != (f_fc & IEEE80211_FCTL_FTYPE) || | ||
572 | compare_ether_addr(hdr->addr1, f_hdr->addr1) != 0 || | ||
573 | compare_ether_addr(hdr->addr2, f_hdr->addr2) != 0) | ||
574 | continue; | ||
575 | |||
576 | if (entry->first_frag_time + 2 * HZ < jiffies) { | ||
577 | __skb_queue_purge(&entry->skb_list); | ||
578 | continue; | ||
579 | } | ||
580 | return entry; | ||
581 | } | ||
582 | |||
583 | return NULL; | ||
584 | } | ||
585 | |||
586 | static ieee80211_txrx_result | ||
587 | ieee80211_rx_h_defragment(struct ieee80211_txrx_data *rx) | ||
588 | { | ||
589 | struct ieee80211_hdr *hdr; | ||
590 | u16 sc; | ||
591 | unsigned int frag, seq; | ||
592 | struct ieee80211_fragment_entry *entry; | ||
593 | struct sk_buff *skb; | ||
594 | |||
595 | hdr = (struct ieee80211_hdr *) rx->skb->data; | ||
596 | sc = le16_to_cpu(hdr->seq_ctrl); | ||
597 | frag = sc & IEEE80211_SCTL_FRAG; | ||
598 | |||
599 | if (likely((!(rx->fc & IEEE80211_FCTL_MOREFRAGS) && frag == 0) || | ||
600 | (rx->skb)->len < 24 || | ||
601 | is_multicast_ether_addr(hdr->addr1))) { | ||
602 | /* not fragmented */ | ||
603 | goto out; | ||
604 | } | ||
605 | I802_DEBUG_INC(rx->local->rx_handlers_fragments); | ||
606 | |||
607 | seq = (sc & IEEE80211_SCTL_SEQ) >> 4; | ||
608 | |||
609 | if (frag == 0) { | ||
610 | /* This is the first fragment of a new frame. */ | ||
611 | entry = ieee80211_reassemble_add(rx->sdata, frag, seq, | ||
612 | rx->u.rx.queue, &(rx->skb)); | ||
613 | if (rx->key && rx->key->alg == ALG_CCMP && | ||
614 | (rx->fc & IEEE80211_FCTL_PROTECTED)) { | ||
615 | /* Store CCMP PN so that we can verify that the next | ||
616 | * fragment has a sequential PN value. */ | ||
617 | entry->ccmp = 1; | ||
618 | memcpy(entry->last_pn, | ||
619 | rx->key->u.ccmp.rx_pn[rx->u.rx.queue], | ||
620 | CCMP_PN_LEN); | ||
621 | } | ||
622 | return TXRX_QUEUED; | ||
623 | } | ||
624 | |||
625 | /* This is a fragment for a frame that should already be pending in | ||
626 | * fragment cache. Add this fragment to the end of the pending entry. | ||
627 | */ | ||
628 | entry = ieee80211_reassemble_find(rx->sdata, rx->fc, frag, seq, | ||
629 | rx->u.rx.queue, hdr); | ||
630 | if (!entry) { | ||
631 | I802_DEBUG_INC(rx->local->rx_handlers_drop_defrag); | ||
632 | return TXRX_DROP; | ||
633 | } | ||
634 | |||
635 | /* Verify that MPDUs within one MSDU have sequential PN values. | ||
636 | * (IEEE 802.11i, 8.3.3.4.5) */ | ||
637 | if (entry->ccmp) { | ||
638 | int i; | ||
639 | u8 pn[CCMP_PN_LEN], *rpn; | ||
640 | if (!rx->key || rx->key->alg != ALG_CCMP) | ||
641 | return TXRX_DROP; | ||
642 | memcpy(pn, entry->last_pn, CCMP_PN_LEN); | ||
643 | for (i = CCMP_PN_LEN - 1; i >= 0; i--) { | ||
644 | pn[i]++; | ||
645 | if (pn[i]) | ||
646 | break; | ||
647 | } | ||
648 | rpn = rx->key->u.ccmp.rx_pn[rx->u.rx.queue]; | ||
649 | if (memcmp(pn, rpn, CCMP_PN_LEN) != 0) { | ||
650 | printk(KERN_DEBUG "%s: defrag: CCMP PN not sequential" | ||
651 | " A2=" MAC_FMT " PN=%02x%02x%02x%02x%02x%02x " | ||
652 | "(expected %02x%02x%02x%02x%02x%02x)\n", | ||
653 | rx->dev->name, MAC_ARG(hdr->addr2), | ||
654 | rpn[0], rpn[1], rpn[2], rpn[3], rpn[4], rpn[5], | ||
655 | pn[0], pn[1], pn[2], pn[3], pn[4], pn[5]); | ||
656 | return TXRX_DROP; | ||
657 | } | ||
658 | memcpy(entry->last_pn, pn, CCMP_PN_LEN); | ||
659 | } | ||
660 | |||
661 | skb_pull(rx->skb, ieee80211_get_hdrlen(rx->fc)); | ||
662 | __skb_queue_tail(&entry->skb_list, rx->skb); | ||
663 | entry->last_frag = frag; | ||
664 | entry->extra_len += rx->skb->len; | ||
665 | if (rx->fc & IEEE80211_FCTL_MOREFRAGS) { | ||
666 | rx->skb = NULL; | ||
667 | return TXRX_QUEUED; | ||
668 | } | ||
669 | |||
670 | rx->skb = __skb_dequeue(&entry->skb_list); | ||
671 | if (skb_tailroom(rx->skb) < entry->extra_len) { | ||
672 | I802_DEBUG_INC(rx->local->rx_expand_skb_head2); | ||
673 | if (unlikely(pskb_expand_head(rx->skb, 0, entry->extra_len, | ||
674 | GFP_ATOMIC))) { | ||
675 | I802_DEBUG_INC(rx->local->rx_handlers_drop_defrag); | ||
676 | __skb_queue_purge(&entry->skb_list); | ||
677 | return TXRX_DROP; | ||
678 | } | ||
679 | } | ||
680 | while ((skb = __skb_dequeue(&entry->skb_list))) { | ||
681 | memcpy(skb_put(rx->skb, skb->len), skb->data, skb->len); | ||
682 | dev_kfree_skb(skb); | ||
683 | } | ||
684 | |||
685 | /* Complete frame has been reassembled - process it now */ | ||
686 | rx->fragmented = 1; | ||
687 | |||
688 | out: | ||
689 | if (rx->sta) | ||
690 | rx->sta->rx_packets++; | ||
691 | if (is_multicast_ether_addr(hdr->addr1)) | ||
692 | rx->local->dot11MulticastReceivedFrameCount++; | ||
693 | else | ||
694 | ieee80211_led_rx(rx->local); | ||
695 | return TXRX_CONTINUE; | ||
696 | } | ||
697 | |||
698 | static ieee80211_txrx_result | ||
699 | ieee80211_rx_h_ps_poll(struct ieee80211_txrx_data *rx) | ||
700 | { | ||
701 | struct sk_buff *skb; | ||
702 | int no_pending_pkts; | ||
703 | |||
704 | if (likely(!rx->sta || | ||
705 | (rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_CTL || | ||
706 | (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_PSPOLL || | ||
707 | !rx->u.rx.ra_match)) | ||
708 | return TXRX_CONTINUE; | ||
709 | |||
710 | skb = skb_dequeue(&rx->sta->tx_filtered); | ||
711 | if (!skb) { | ||
712 | skb = skb_dequeue(&rx->sta->ps_tx_buf); | ||
713 | if (skb) | ||
714 | rx->local->total_ps_buffered--; | ||
715 | } | ||
716 | no_pending_pkts = skb_queue_empty(&rx->sta->tx_filtered) && | ||
717 | skb_queue_empty(&rx->sta->ps_tx_buf); | ||
718 | |||
719 | if (skb) { | ||
720 | struct ieee80211_hdr *hdr = | ||
721 | (struct ieee80211_hdr *) skb->data; | ||
722 | |||
723 | /* tell TX path to send one frame even though the STA may | ||
724 | * still remain is PS mode after this frame exchange */ | ||
725 | rx->sta->pspoll = 1; | ||
726 | |||
727 | #ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG | ||
728 | printk(KERN_DEBUG "STA " MAC_FMT " aid %d: PS Poll (entries " | ||
729 | "after %d)\n", | ||
730 | MAC_ARG(rx->sta->addr), rx->sta->aid, | ||
731 | skb_queue_len(&rx->sta->ps_tx_buf)); | ||
732 | #endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */ | ||
733 | |||
734 | /* Use MoreData flag to indicate whether there are more | ||
735 | * buffered frames for this STA */ | ||
736 | if (no_pending_pkts) { | ||
737 | hdr->frame_control &= cpu_to_le16(~IEEE80211_FCTL_MOREDATA); | ||
738 | rx->sta->flags &= ~WLAN_STA_TIM; | ||
739 | } else | ||
740 | hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_MOREDATA); | ||
741 | |||
742 | dev_queue_xmit(skb); | ||
743 | |||
744 | if (no_pending_pkts) { | ||
745 | if (rx->local->ops->set_tim) | ||
746 | rx->local->ops->set_tim(local_to_hw(rx->local), | ||
747 | rx->sta->aid, 0); | ||
748 | if (rx->sdata->bss) | ||
749 | bss_tim_clear(rx->local, rx->sdata->bss, rx->sta->aid); | ||
750 | } | ||
751 | #ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG | ||
752 | } else if (!rx->u.rx.sent_ps_buffered) { | ||
753 | printk(KERN_DEBUG "%s: STA " MAC_FMT " sent PS Poll even " | ||
754 | "though there is no buffered frames for it\n", | ||
755 | rx->dev->name, MAC_ARG(rx->sta->addr)); | ||
756 | #endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */ | ||
757 | |||
758 | } | ||
759 | |||
760 | /* Free PS Poll skb here instead of returning TXRX_DROP that would | ||
761 | * count as an dropped frame. */ | ||
762 | dev_kfree_skb(rx->skb); | ||
763 | |||
764 | return TXRX_QUEUED; | ||
765 | } | ||
766 | |||
767 | static ieee80211_txrx_result | ||
768 | ieee80211_rx_h_802_1x_pae(struct ieee80211_txrx_data *rx) | ||
769 | { | ||
770 | if (rx->sdata->eapol && ieee80211_is_eapol(rx->skb) && | ||
771 | rx->sdata->type != IEEE80211_IF_TYPE_STA && rx->u.rx.ra_match) { | ||
772 | /* Pass both encrypted and unencrypted EAPOL frames to user | ||
773 | * space for processing. */ | ||
774 | if (!rx->local->apdev) | ||
775 | return TXRX_DROP; | ||
776 | ieee80211_rx_mgmt(rx->local, rx->skb, rx->u.rx.status, | ||
777 | ieee80211_msg_normal); | ||
778 | return TXRX_QUEUED; | ||
779 | } | ||
780 | |||
781 | if (unlikely(rx->sdata->ieee802_1x && | ||
782 | (rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA && | ||
783 | (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_NULLFUNC && | ||
784 | (!rx->sta || !(rx->sta->flags & WLAN_STA_AUTHORIZED)) && | ||
785 | !ieee80211_is_eapol(rx->skb))) { | ||
786 | #ifdef CONFIG_MAC80211_DEBUG | ||
787 | struct ieee80211_hdr *hdr = | ||
788 | (struct ieee80211_hdr *) rx->skb->data; | ||
789 | printk(KERN_DEBUG "%s: dropped frame from " MAC_FMT | ||
790 | " (unauthorized port)\n", rx->dev->name, | ||
791 | MAC_ARG(hdr->addr2)); | ||
792 | #endif /* CONFIG_MAC80211_DEBUG */ | ||
793 | return TXRX_DROP; | ||
794 | } | ||
795 | |||
796 | return TXRX_CONTINUE; | ||
797 | } | ||
798 | |||
799 | static ieee80211_txrx_result | ||
800 | ieee80211_rx_h_drop_unencrypted(struct ieee80211_txrx_data *rx) | ||
801 | { | ||
802 | /* If the device handles decryption totally, skip this test */ | ||
803 | if (rx->local->hw.flags & IEEE80211_HW_DEVICE_HIDES_WEP) | ||
804 | return TXRX_CONTINUE; | ||
805 | |||
806 | /* Drop unencrypted frames if key is set. */ | ||
807 | if (unlikely(!(rx->fc & IEEE80211_FCTL_PROTECTED) && | ||
808 | (rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA && | ||
809 | (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_NULLFUNC && | ||
810 | (rx->key || rx->sdata->drop_unencrypted) && | ||
811 | (rx->sdata->eapol == 0 || | ||
812 | !ieee80211_is_eapol(rx->skb)))) { | ||
813 | printk(KERN_DEBUG "%s: RX non-WEP frame, but expected " | ||
814 | "encryption\n", rx->dev->name); | ||
815 | return TXRX_DROP; | ||
816 | } | ||
817 | return TXRX_CONTINUE; | ||
818 | } | ||
819 | |||
820 | static ieee80211_txrx_result | ||
821 | ieee80211_rx_h_data(struct ieee80211_txrx_data *rx) | ||
822 | { | ||
823 | struct net_device *dev = rx->dev; | ||
824 | struct ieee80211_local *local = rx->local; | ||
825 | struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data; | ||
826 | u16 fc, hdrlen, ethertype; | ||
827 | u8 *payload; | ||
828 | u8 dst[ETH_ALEN]; | ||
829 | u8 src[ETH_ALEN]; | ||
830 | struct sk_buff *skb = rx->skb, *skb2; | ||
831 | struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); | ||
832 | |||
833 | fc = rx->fc; | ||
834 | if (unlikely((fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA)) | ||
835 | return TXRX_CONTINUE; | ||
836 | |||
837 | if (unlikely(!WLAN_FC_DATA_PRESENT(fc))) | ||
838 | return TXRX_DROP; | ||
839 | |||
840 | hdrlen = ieee80211_get_hdrlen(fc); | ||
841 | |||
842 | /* convert IEEE 802.11 header + possible LLC headers into Ethernet | ||
843 | * header | ||
844 | * IEEE 802.11 address fields: | ||
845 | * ToDS FromDS Addr1 Addr2 Addr3 Addr4 | ||
846 | * 0 0 DA SA BSSID n/a | ||
847 | * 0 1 DA BSSID SA n/a | ||
848 | * 1 0 BSSID SA DA n/a | ||
849 | * 1 1 RA TA DA SA | ||
850 | */ | ||
851 | |||
852 | switch (fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) { | ||
853 | case IEEE80211_FCTL_TODS: | ||
854 | /* BSSID SA DA */ | ||
855 | memcpy(dst, hdr->addr3, ETH_ALEN); | ||
856 | memcpy(src, hdr->addr2, ETH_ALEN); | ||
857 | |||
858 | if (unlikely(sdata->type != IEEE80211_IF_TYPE_AP && | ||
859 | sdata->type != IEEE80211_IF_TYPE_VLAN)) { | ||
860 | printk(KERN_DEBUG "%s: dropped ToDS frame (BSSID=" | ||
861 | MAC_FMT " SA=" MAC_FMT " DA=" MAC_FMT ")\n", | ||
862 | dev->name, MAC_ARG(hdr->addr1), | ||
863 | MAC_ARG(hdr->addr2), MAC_ARG(hdr->addr3)); | ||
864 | return TXRX_DROP; | ||
865 | } | ||
866 | break; | ||
867 | case (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS): | ||
868 | /* RA TA DA SA */ | ||
869 | memcpy(dst, hdr->addr3, ETH_ALEN); | ||
870 | memcpy(src, hdr->addr4, ETH_ALEN); | ||
871 | |||
872 | if (unlikely(sdata->type != IEEE80211_IF_TYPE_WDS)) { | ||
873 | printk(KERN_DEBUG "%s: dropped FromDS&ToDS frame (RA=" | ||
874 | MAC_FMT " TA=" MAC_FMT " DA=" MAC_FMT " SA=" | ||
875 | MAC_FMT ")\n", | ||
876 | rx->dev->name, MAC_ARG(hdr->addr1), | ||
877 | MAC_ARG(hdr->addr2), MAC_ARG(hdr->addr3), | ||
878 | MAC_ARG(hdr->addr4)); | ||
879 | return TXRX_DROP; | ||
880 | } | ||
881 | break; | ||
882 | case IEEE80211_FCTL_FROMDS: | ||
883 | /* DA BSSID SA */ | ||
884 | memcpy(dst, hdr->addr1, ETH_ALEN); | ||
885 | memcpy(src, hdr->addr3, ETH_ALEN); | ||
886 | |||
887 | if (sdata->type != IEEE80211_IF_TYPE_STA) { | ||
888 | return TXRX_DROP; | ||
889 | } | ||
890 | break; | ||
891 | case 0: | ||
892 | /* DA SA BSSID */ | ||
893 | memcpy(dst, hdr->addr1, ETH_ALEN); | ||
894 | memcpy(src, hdr->addr2, ETH_ALEN); | ||
895 | |||
896 | if (sdata->type != IEEE80211_IF_TYPE_IBSS) { | ||
897 | if (net_ratelimit()) { | ||
898 | printk(KERN_DEBUG "%s: dropped IBSS frame (DA=" | ||
899 | MAC_FMT " SA=" MAC_FMT " BSSID=" MAC_FMT | ||
900 | ")\n", | ||
901 | dev->name, MAC_ARG(hdr->addr1), | ||
902 | MAC_ARG(hdr->addr2), | ||
903 | MAC_ARG(hdr->addr3)); | ||
904 | } | ||
905 | return TXRX_DROP; | ||
906 | } | ||
907 | break; | ||
908 | } | ||
909 | |||
910 | payload = skb->data + hdrlen; | ||
911 | |||
912 | if (unlikely(skb->len - hdrlen < 8)) { | ||
913 | if (net_ratelimit()) { | ||
914 | printk(KERN_DEBUG "%s: RX too short data frame " | ||
915 | "payload\n", dev->name); | ||
916 | } | ||
917 | return TXRX_DROP; | ||
918 | } | ||
919 | |||
920 | ethertype = (payload[6] << 8) | payload[7]; | ||
921 | |||
922 | if (likely((compare_ether_addr(payload, rfc1042_header) == 0 && | ||
923 | ethertype != ETH_P_AARP && ethertype != ETH_P_IPX) || | ||
924 | compare_ether_addr(payload, bridge_tunnel_header) == 0)) { | ||
925 | /* remove RFC1042 or Bridge-Tunnel encapsulation and | ||
926 | * replace EtherType */ | ||
927 | skb_pull(skb, hdrlen + 6); | ||
928 | memcpy(skb_push(skb, ETH_ALEN), src, ETH_ALEN); | ||
929 | memcpy(skb_push(skb, ETH_ALEN), dst, ETH_ALEN); | ||
930 | } else { | ||
931 | struct ethhdr *ehdr; | ||
932 | __be16 len; | ||
933 | skb_pull(skb, hdrlen); | ||
934 | len = htons(skb->len); | ||
935 | ehdr = (struct ethhdr *) skb_push(skb, sizeof(struct ethhdr)); | ||
936 | memcpy(ehdr->h_dest, dst, ETH_ALEN); | ||
937 | memcpy(ehdr->h_source, src, ETH_ALEN); | ||
938 | ehdr->h_proto = len; | ||
939 | } | ||
940 | skb->dev = dev; | ||
941 | |||
942 | skb2 = NULL; | ||
943 | |||
944 | sdata->stats.rx_packets++; | ||
945 | sdata->stats.rx_bytes += skb->len; | ||
946 | |||
947 | if (local->bridge_packets && (sdata->type == IEEE80211_IF_TYPE_AP | ||
948 | || sdata->type == IEEE80211_IF_TYPE_VLAN) && rx->u.rx.ra_match) { | ||
949 | if (is_multicast_ether_addr(skb->data)) { | ||
950 | /* send multicast frames both to higher layers in | ||
951 | * local net stack and back to the wireless media */ | ||
952 | skb2 = skb_copy(skb, GFP_ATOMIC); | ||
953 | if (!skb2) | ||
954 | printk(KERN_DEBUG "%s: failed to clone " | ||
955 | "multicast frame\n", dev->name); | ||
956 | } else { | ||
957 | struct sta_info *dsta; | ||
958 | dsta = sta_info_get(local, skb->data); | ||
959 | if (dsta && !dsta->dev) { | ||
960 | printk(KERN_DEBUG "Station with null dev " | ||
961 | "structure!\n"); | ||
962 | } else if (dsta && dsta->dev == dev) { | ||
963 | /* Destination station is associated to this | ||
964 | * AP, so send the frame directly to it and | ||
965 | * do not pass the frame to local net stack. | ||
966 | */ | ||
967 | skb2 = skb; | ||
968 | skb = NULL; | ||
969 | } | ||
970 | if (dsta) | ||
971 | sta_info_put(dsta); | ||
972 | } | ||
973 | } | ||
974 | |||
975 | if (skb) { | ||
976 | /* deliver to local stack */ | ||
977 | skb->protocol = eth_type_trans(skb, dev); | ||
978 | memset(skb->cb, 0, sizeof(skb->cb)); | ||
979 | netif_rx(skb); | ||
980 | } | ||
981 | |||
982 | if (skb2) { | ||
983 | /* send to wireless media */ | ||
984 | skb2->protocol = __constant_htons(ETH_P_802_3); | ||
985 | skb_set_network_header(skb2, 0); | ||
986 | skb_set_mac_header(skb2, 0); | ||
987 | dev_queue_xmit(skb2); | ||
988 | } | ||
989 | |||
990 | return TXRX_QUEUED; | ||
991 | } | ||
992 | |||
993 | static ieee80211_txrx_result | ||
994 | ieee80211_rx_h_mgmt(struct ieee80211_txrx_data *rx) | ||
995 | { | ||
996 | struct ieee80211_sub_if_data *sdata; | ||
997 | |||
998 | if (!rx->u.rx.ra_match) | ||
999 | return TXRX_DROP; | ||
1000 | |||
1001 | sdata = IEEE80211_DEV_TO_SUB_IF(rx->dev); | ||
1002 | if ((sdata->type == IEEE80211_IF_TYPE_STA || | ||
1003 | sdata->type == IEEE80211_IF_TYPE_IBSS) && | ||
1004 | !rx->local->user_space_mlme) { | ||
1005 | ieee80211_sta_rx_mgmt(rx->dev, rx->skb, rx->u.rx.status); | ||
1006 | } else { | ||
1007 | /* Management frames are sent to hostapd for processing */ | ||
1008 | if (!rx->local->apdev) | ||
1009 | return TXRX_DROP; | ||
1010 | ieee80211_rx_mgmt(rx->local, rx->skb, rx->u.rx.status, | ||
1011 | ieee80211_msg_normal); | ||
1012 | } | ||
1013 | return TXRX_QUEUED; | ||
1014 | } | ||
1015 | |||
1016 | static inline ieee80211_txrx_result __ieee80211_invoke_rx_handlers( | ||
1017 | struct ieee80211_local *local, | ||
1018 | ieee80211_rx_handler *handlers, | ||
1019 | struct ieee80211_txrx_data *rx, | ||
1020 | struct sta_info *sta) | ||
1021 | { | ||
1022 | ieee80211_rx_handler *handler; | ||
1023 | ieee80211_txrx_result res = TXRX_DROP; | ||
1024 | |||
1025 | for (handler = handlers; *handler != NULL; handler++) { | ||
1026 | res = (*handler)(rx); | ||
1027 | if (res != TXRX_CONTINUE) { | ||
1028 | if (res == TXRX_DROP) { | ||
1029 | I802_DEBUG_INC(local->rx_handlers_drop); | ||
1030 | if (sta) | ||
1031 | sta->rx_dropped++; | ||
1032 | } | ||
1033 | if (res == TXRX_QUEUED) | ||
1034 | I802_DEBUG_INC(local->rx_handlers_queued); | ||
1035 | break; | ||
1036 | } | ||
1037 | } | ||
1038 | |||
1039 | if (res == TXRX_DROP) { | ||
1040 | dev_kfree_skb(rx->skb); | ||
1041 | } | ||
1042 | return res; | ||
1043 | } | ||
1044 | |||
1045 | static inline void ieee80211_invoke_rx_handlers(struct ieee80211_local *local, | ||
1046 | ieee80211_rx_handler *handlers, | ||
1047 | struct ieee80211_txrx_data *rx, | ||
1048 | struct sta_info *sta) | ||
1049 | { | ||
1050 | if (__ieee80211_invoke_rx_handlers(local, handlers, rx, sta) == | ||
1051 | TXRX_CONTINUE) | ||
1052 | dev_kfree_skb(rx->skb); | ||
1053 | } | ||
1054 | |||
1055 | static void ieee80211_rx_michael_mic_report(struct net_device *dev, | ||
1056 | struct ieee80211_hdr *hdr, | ||
1057 | struct sta_info *sta, | ||
1058 | struct ieee80211_txrx_data *rx) | ||
1059 | { | ||
1060 | int keyidx, hdrlen; | ||
1061 | |||
1062 | hdrlen = ieee80211_get_hdrlen_from_skb(rx->skb); | ||
1063 | if (rx->skb->len >= hdrlen + 4) | ||
1064 | keyidx = rx->skb->data[hdrlen + 3] >> 6; | ||
1065 | else | ||
1066 | keyidx = -1; | ||
1067 | |||
1068 | /* TODO: verify that this is not triggered by fragmented | ||
1069 | * frames (hw does not verify MIC for them). */ | ||
1070 | printk(KERN_DEBUG "%s: TKIP hwaccel reported Michael MIC " | ||
1071 | "failure from " MAC_FMT " to " MAC_FMT " keyidx=%d\n", | ||
1072 | dev->name, MAC_ARG(hdr->addr2), MAC_ARG(hdr->addr1), keyidx); | ||
1073 | |||
1074 | if (!sta) { | ||
1075 | /* Some hardware versions seem to generate incorrect | ||
1076 | * Michael MIC reports; ignore them to avoid triggering | ||
1077 | * countermeasures. */ | ||
1078 | printk(KERN_DEBUG "%s: ignored spurious Michael MIC " | ||
1079 | "error for unknown address " MAC_FMT "\n", | ||
1080 | dev->name, MAC_ARG(hdr->addr2)); | ||
1081 | goto ignore; | ||
1082 | } | ||
1083 | |||
1084 | if (!(rx->fc & IEEE80211_FCTL_PROTECTED)) { | ||
1085 | printk(KERN_DEBUG "%s: ignored spurious Michael MIC " | ||
1086 | "error for a frame with no ISWEP flag (src " | ||
1087 | MAC_FMT ")\n", dev->name, MAC_ARG(hdr->addr2)); | ||
1088 | goto ignore; | ||
1089 | } | ||
1090 | |||
1091 | if ((rx->local->hw.flags & IEEE80211_HW_WEP_INCLUDE_IV) && | ||
1092 | rx->sdata->type == IEEE80211_IF_TYPE_AP) { | ||
1093 | keyidx = ieee80211_wep_get_keyidx(rx->skb); | ||
1094 | /* AP with Pairwise keys support should never receive Michael | ||
1095 | * MIC errors for non-zero keyidx because these are reserved | ||
1096 | * for group keys and only the AP is sending real multicast | ||
1097 | * frames in BSS. */ | ||
1098 | if (keyidx) { | ||
1099 | printk(KERN_DEBUG "%s: ignored Michael MIC error for " | ||
1100 | "a frame with non-zero keyidx (%d) (src " MAC_FMT | ||
1101 | ")\n", dev->name, keyidx, MAC_ARG(hdr->addr2)); | ||
1102 | goto ignore; | ||
1103 | } | ||
1104 | } | ||
1105 | |||
1106 | if ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA && | ||
1107 | ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT || | ||
1108 | (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_AUTH)) { | ||
1109 | printk(KERN_DEBUG "%s: ignored spurious Michael MIC " | ||
1110 | "error for a frame that cannot be encrypted " | ||
1111 | "(fc=0x%04x) (src " MAC_FMT ")\n", | ||
1112 | dev->name, rx->fc, MAC_ARG(hdr->addr2)); | ||
1113 | goto ignore; | ||
1114 | } | ||
1115 | |||
1116 | do { | ||
1117 | union iwreq_data wrqu; | ||
1118 | char *buf = kmalloc(128, GFP_ATOMIC); | ||
1119 | if (!buf) | ||
1120 | break; | ||
1121 | |||
1122 | /* TODO: needed parameters: count, key type, TSC */ | ||
1123 | sprintf(buf, "MLME-MICHAELMICFAILURE.indication(" | ||
1124 | "keyid=%d %scast addr=" MAC_FMT ")", | ||
1125 | keyidx, hdr->addr1[0] & 0x01 ? "broad" : "uni", | ||
1126 | MAC_ARG(hdr->addr2)); | ||
1127 | memset(&wrqu, 0, sizeof(wrqu)); | ||
1128 | wrqu.data.length = strlen(buf); | ||
1129 | wireless_send_event(rx->dev, IWEVCUSTOM, &wrqu, buf); | ||
1130 | kfree(buf); | ||
1131 | } while (0); | ||
1132 | |||
1133 | /* TODO: consider verifying the MIC error report with software | ||
1134 | * implementation if we get too many spurious reports from the | ||
1135 | * hardware. */ | ||
1136 | if (!rx->local->apdev) | ||
1137 | goto ignore; | ||
1138 | ieee80211_rx_mgmt(rx->local, rx->skb, rx->u.rx.status, | ||
1139 | ieee80211_msg_michael_mic_failure); | ||
1140 | return; | ||
1141 | |||
1142 | ignore: | ||
1143 | dev_kfree_skb(rx->skb); | ||
1144 | rx->skb = NULL; | ||
1145 | } | ||
1146 | |||
1147 | ieee80211_rx_handler ieee80211_rx_handlers[] = | ||
1148 | { | ||
1149 | ieee80211_rx_h_if_stats, | ||
1150 | ieee80211_rx_h_monitor, | ||
1151 | ieee80211_rx_h_passive_scan, | ||
1152 | ieee80211_rx_h_check, | ||
1153 | ieee80211_rx_h_sta_process, | ||
1154 | ieee80211_rx_h_ccmp_decrypt, | ||
1155 | ieee80211_rx_h_tkip_decrypt, | ||
1156 | ieee80211_rx_h_wep_weak_iv_detection, | ||
1157 | ieee80211_rx_h_wep_decrypt, | ||
1158 | ieee80211_rx_h_defragment, | ||
1159 | ieee80211_rx_h_ps_poll, | ||
1160 | ieee80211_rx_h_michael_mic_verify, | ||
1161 | /* this must be after decryption - so header is counted in MPDU mic | ||
1162 | * must be before pae and data, so QOS_DATA format frames | ||
1163 | * are not passed to user space by these functions | ||
1164 | */ | ||
1165 | ieee80211_rx_h_remove_qos_control, | ||
1166 | ieee80211_rx_h_802_1x_pae, | ||
1167 | ieee80211_rx_h_drop_unencrypted, | ||
1168 | ieee80211_rx_h_data, | ||
1169 | ieee80211_rx_h_mgmt, | ||
1170 | NULL | ||
1171 | }; | ||
1172 | |||
1173 | /* main receive path */ | ||
1174 | |||
1175 | /* | ||
1176 | * This is the receive path handler. It is called by a low level driver when an | ||
1177 | * 802.11 MPDU is received from the hardware. | ||
1178 | */ | ||
1179 | void __ieee80211_rx(struct ieee80211_hw *hw, struct sk_buff *skb, | ||
1180 | struct ieee80211_rx_status *status) | ||
1181 | { | ||
1182 | struct ieee80211_local *local = hw_to_local(hw); | ||
1183 | struct ieee80211_sub_if_data *sdata; | ||
1184 | struct sta_info *sta; | ||
1185 | struct ieee80211_hdr *hdr; | ||
1186 | struct ieee80211_txrx_data rx; | ||
1187 | u16 type; | ||
1188 | int multicast; | ||
1189 | int radiotap_len = 0; | ||
1190 | |||
1191 | if (status->flag & RX_FLAG_RADIOTAP) { | ||
1192 | radiotap_len = ieee80211_get_radiotap_len(skb->data); | ||
1193 | skb_pull(skb, radiotap_len); | ||
1194 | } | ||
1195 | |||
1196 | hdr = (struct ieee80211_hdr *) skb->data; | ||
1197 | memset(&rx, 0, sizeof(rx)); | ||
1198 | rx.skb = skb; | ||
1199 | rx.local = local; | ||
1200 | |||
1201 | rx.u.rx.status = status; | ||
1202 | rx.fc = skb->len >= 2 ? le16_to_cpu(hdr->frame_control) : 0; | ||
1203 | type = rx.fc & IEEE80211_FCTL_FTYPE; | ||
1204 | if (type == IEEE80211_FTYPE_DATA || type == IEEE80211_FTYPE_MGMT) | ||
1205 | local->dot11ReceivedFragmentCount++; | ||
1206 | multicast = is_multicast_ether_addr(hdr->addr1); | ||
1207 | |||
1208 | if (skb->len >= 16) | ||
1209 | sta = rx.sta = sta_info_get(local, hdr->addr2); | ||
1210 | else | ||
1211 | sta = rx.sta = NULL; | ||
1212 | |||
1213 | if (sta) { | ||
1214 | rx.dev = sta->dev; | ||
1215 | rx.sdata = IEEE80211_DEV_TO_SUB_IF(rx.dev); | ||
1216 | } | ||
1217 | |||
1218 | if ((status->flag & RX_FLAG_MMIC_ERROR)) { | ||
1219 | ieee80211_rx_michael_mic_report(local->mdev, hdr, sta, &rx); | ||
1220 | goto end; | ||
1221 | } | ||
1222 | |||
1223 | if (unlikely(local->sta_scanning)) | ||
1224 | rx.u.rx.in_scan = 1; | ||
1225 | |||
1226 | if (__ieee80211_invoke_rx_handlers(local, local->rx_pre_handlers, &rx, | ||
1227 | sta) != TXRX_CONTINUE) | ||
1228 | goto end; | ||
1229 | skb = rx.skb; | ||
1230 | |||
1231 | skb_push(skb, radiotap_len); | ||
1232 | if (sta && !sta->assoc_ap && !(sta->flags & WLAN_STA_WDS) && | ||
1233 | !local->iff_promiscs && !multicast) { | ||
1234 | rx.u.rx.ra_match = 1; | ||
1235 | ieee80211_invoke_rx_handlers(local, local->rx_handlers, &rx, | ||
1236 | sta); | ||
1237 | } else { | ||
1238 | struct ieee80211_sub_if_data *prev = NULL; | ||
1239 | struct sk_buff *skb_new; | ||
1240 | u8 *bssid = ieee80211_get_bssid(hdr, skb->len - radiotap_len); | ||
1241 | |||
1242 | read_lock(&local->sub_if_lock); | ||
1243 | list_for_each_entry(sdata, &local->sub_if_list, list) { | ||
1244 | rx.u.rx.ra_match = 1; | ||
1245 | switch (sdata->type) { | ||
1246 | case IEEE80211_IF_TYPE_STA: | ||
1247 | if (!bssid) | ||
1248 | continue; | ||
1249 | if (!ieee80211_bssid_match(bssid, | ||
1250 | sdata->u.sta.bssid)) { | ||
1251 | if (!rx.u.rx.in_scan) | ||
1252 | continue; | ||
1253 | rx.u.rx.ra_match = 0; | ||
1254 | } else if (!multicast && | ||
1255 | compare_ether_addr(sdata->dev->dev_addr, | ||
1256 | hdr->addr1) != 0) { | ||
1257 | if (!sdata->promisc) | ||
1258 | continue; | ||
1259 | rx.u.rx.ra_match = 0; | ||
1260 | } | ||
1261 | break; | ||
1262 | case IEEE80211_IF_TYPE_IBSS: | ||
1263 | if (!bssid) | ||
1264 | continue; | ||
1265 | if (!ieee80211_bssid_match(bssid, | ||
1266 | sdata->u.sta.bssid)) { | ||
1267 | if (!rx.u.rx.in_scan) | ||
1268 | continue; | ||
1269 | rx.u.rx.ra_match = 0; | ||
1270 | } else if (!multicast && | ||
1271 | compare_ether_addr(sdata->dev->dev_addr, | ||
1272 | hdr->addr1) != 0) { | ||
1273 | if (!sdata->promisc) | ||
1274 | continue; | ||
1275 | rx.u.rx.ra_match = 0; | ||
1276 | } else if (!sta) | ||
1277 | sta = rx.sta = | ||
1278 | ieee80211_ibss_add_sta(sdata->dev, | ||
1279 | skb, bssid, | ||
1280 | hdr->addr2); | ||
1281 | break; | ||
1282 | case IEEE80211_IF_TYPE_AP: | ||
1283 | if (!bssid) { | ||
1284 | if (compare_ether_addr(sdata->dev->dev_addr, | ||
1285 | hdr->addr1) != 0) | ||
1286 | continue; | ||
1287 | } else if (!ieee80211_bssid_match(bssid, | ||
1288 | sdata->dev->dev_addr)) { | ||
1289 | if (!rx.u.rx.in_scan) | ||
1290 | continue; | ||
1291 | rx.u.rx.ra_match = 0; | ||
1292 | } | ||
1293 | if (sdata->dev == local->mdev && | ||
1294 | !rx.u.rx.in_scan) | ||
1295 | /* do not receive anything via | ||
1296 | * master device when not scanning */ | ||
1297 | continue; | ||
1298 | break; | ||
1299 | case IEEE80211_IF_TYPE_WDS: | ||
1300 | if (bssid || | ||
1301 | (rx.fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA) | ||
1302 | continue; | ||
1303 | if (compare_ether_addr(sdata->u.wds.remote_addr, | ||
1304 | hdr->addr2) != 0) | ||
1305 | continue; | ||
1306 | break; | ||
1307 | } | ||
1308 | |||
1309 | if (prev) { | ||
1310 | skb_new = skb_copy(skb, GFP_ATOMIC); | ||
1311 | if (!skb_new) { | ||
1312 | if (net_ratelimit()) | ||
1313 | printk(KERN_DEBUG "%s: failed to copy " | ||
1314 | "multicast frame for %s", | ||
1315 | local->mdev->name, prev->dev->name); | ||
1316 | continue; | ||
1317 | } | ||
1318 | rx.skb = skb_new; | ||
1319 | rx.dev = prev->dev; | ||
1320 | rx.sdata = prev; | ||
1321 | ieee80211_invoke_rx_handlers(local, | ||
1322 | local->rx_handlers, | ||
1323 | &rx, sta); | ||
1324 | } | ||
1325 | prev = sdata; | ||
1326 | } | ||
1327 | if (prev) { | ||
1328 | rx.skb = skb; | ||
1329 | rx.dev = prev->dev; | ||
1330 | rx.sdata = prev; | ||
1331 | ieee80211_invoke_rx_handlers(local, local->rx_handlers, | ||
1332 | &rx, sta); | ||
1333 | } else | ||
1334 | dev_kfree_skb(skb); | ||
1335 | read_unlock(&local->sub_if_lock); | ||
1336 | } | ||
1337 | |||
1338 | end: | ||
1339 | if (sta) | ||
1340 | sta_info_put(sta); | ||
1341 | } | ||
1342 | EXPORT_SYMBOL(__ieee80211_rx); | ||
1343 | |||
1344 | /* This is a version of the rx handler that can be called from hard irq | ||
1345 | * context. Post the skb on the queue and schedule the tasklet */ | ||
1346 | void ieee80211_rx_irqsafe(struct ieee80211_hw *hw, struct sk_buff *skb, | ||
1347 | struct ieee80211_rx_status *status) | ||
1348 | { | ||
1349 | struct ieee80211_local *local = hw_to_local(hw); | ||
1350 | |||
1351 | BUILD_BUG_ON(sizeof(struct ieee80211_rx_status) > sizeof(skb->cb)); | ||
1352 | |||
1353 | skb->dev = local->mdev; | ||
1354 | /* copy status into skb->cb for use by tasklet */ | ||
1355 | memcpy(skb->cb, status, sizeof(*status)); | ||
1356 | skb->pkt_type = IEEE80211_RX_MSG; | ||
1357 | skb_queue_tail(&local->skb_queue, skb); | ||
1358 | tasklet_schedule(&local->tasklet); | ||
1359 | } | ||
1360 | EXPORT_SYMBOL(ieee80211_rx_irqsafe); | ||