aboutsummaryrefslogtreecommitdiffstats
path: root/net/mac80211/ieee80211.c
diff options
context:
space:
mode:
Diffstat (limited to 'net/mac80211/ieee80211.c')
-rw-r--r--net/mac80211/ieee80211.c1373
1 files changed, 8 insertions, 1365 deletions
diff --git a/net/mac80211/ieee80211.c b/net/mac80211/ieee80211.c
index ff2172ffd861..c0094209bed9 100644
--- a/net/mac80211/ieee80211.c
+++ b/net/mac80211/ieee80211.c
@@ -45,11 +45,11 @@ void *mac80211_wiphy_privid = &mac80211_wiphy_privid;
45 45
46/* See IEEE 802.1H for LLC/SNAP encapsulation/decapsulation */ 46/* See IEEE 802.1H for LLC/SNAP encapsulation/decapsulation */
47/* Ethernet-II snap header (RFC1042 for most EtherTypes) */ 47/* Ethernet-II snap header (RFC1042 for most EtherTypes) */
48static const unsigned char rfc1042_header[] = 48const unsigned char rfc1042_header[] =
49 { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 }; 49 { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 };
50 50
51/* Bridge-Tunnel header (for EtherTypes ETH_P_AARP and ETH_P_IPX) */ 51/* Bridge-Tunnel header (for EtherTypes ETH_P_AARP and ETH_P_IPX) */
52static const unsigned char bridge_tunnel_header[] = 52const unsigned char bridge_tunnel_header[] =
53 { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0xf8 }; 53 { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0xf8 };
54 54
55/* No encapsulation header if EtherType < 0x600 (=length) */ 55/* No encapsulation header if EtherType < 0x600 (=length) */
@@ -222,9 +222,9 @@ void ieee80211_prepare_rates(struct ieee80211_local *local,
222} 222}
223 223
224 224
225static void ieee80211_key_threshold_notify(struct net_device *dev, 225void ieee80211_key_threshold_notify(struct net_device *dev,
226 struct ieee80211_key *key, 226 struct ieee80211_key *key,
227 struct sta_info *sta) 227 struct sta_info *sta)
228{ 228{
229 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 229 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
230 struct sk_buff *skb; 230 struct sk_buff *skb;
@@ -258,7 +258,7 @@ static void ieee80211_key_threshold_notify(struct net_device *dev,
258} 258}
259 259
260 260
261static u8 * ieee80211_get_bssid(struct ieee80211_hdr *hdr, size_t len) 261u8 *ieee80211_get_bssid(struct ieee80211_hdr *hdr, size_t len)
262{ 262{
263 u16 fc; 263 u16 fc;
264 264
@@ -345,13 +345,6 @@ int ieee80211_get_hdrlen_from_skb(const struct sk_buff *skb)
345} 345}
346EXPORT_SYMBOL(ieee80211_get_hdrlen_from_skb); 346EXPORT_SYMBOL(ieee80211_get_hdrlen_from_skb);
347 347
348static int ieee80211_get_radiotap_len(struct sk_buff *skb)
349{
350 struct ieee80211_radiotap_header *hdr =
351 (struct ieee80211_radiotap_header *) skb->data;
352
353 return le16_to_cpu(hdr->it_len);
354}
355 348
356#ifdef CONFIG_MAC80211_LOWTX_FRAME_DUMP 349#ifdef CONFIG_MAC80211_LOWTX_FRAME_DUMP
357static void ieee80211_dump_frame(const char *ifname, const char *title, 350static void ieee80211_dump_frame(const char *ifname, const char *title,
@@ -392,7 +385,7 @@ static inline void ieee80211_dump_frame(const char *ifname, const char *title,
392#endif /* CONFIG_MAC80211_LOWTX_FRAME_DUMP */ 385#endif /* CONFIG_MAC80211_LOWTX_FRAME_DUMP */
393 386
394 387
395static int ieee80211_is_eapol(const struct sk_buff *skb) 388int ieee80211_is_eapol(const struct sk_buff *skb)
396{ 389{
397 const struct ieee80211_hdr *hdr; 390 const struct ieee80211_hdr *hdr;
398 u16 fc; 391 u16 fc;
@@ -2762,188 +2755,7 @@ static int header_parse_80211(struct sk_buff *skb, unsigned char *haddr)
2762 return ETH_ALEN; 2755 return ETH_ALEN;
2763} 2756}
2764 2757
2765static inline int ieee80211_bssid_match(const u8 *raddr, const u8 *addr) 2758struct ieee80211_rate *
2766{
2767 return compare_ether_addr(raddr, addr) == 0 ||
2768 is_broadcast_ether_addr(raddr);
2769}
2770
2771
2772static ieee80211_txrx_result
2773ieee80211_rx_h_data(struct ieee80211_txrx_data *rx)
2774{
2775 struct net_device *dev = rx->dev;
2776 struct ieee80211_local *local = rx->local;
2777 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
2778 u16 fc, hdrlen, ethertype;
2779 u8 *payload;
2780 u8 dst[ETH_ALEN];
2781 u8 src[ETH_ALEN];
2782 struct sk_buff *skb = rx->skb, *skb2;
2783 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2784
2785 fc = rx->fc;
2786 if (unlikely((fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA))
2787 return TXRX_CONTINUE;
2788
2789 if (unlikely(!WLAN_FC_DATA_PRESENT(fc)))
2790 return TXRX_DROP;
2791
2792 hdrlen = ieee80211_get_hdrlen(fc);
2793
2794 /* convert IEEE 802.11 header + possible LLC headers into Ethernet
2795 * header
2796 * IEEE 802.11 address fields:
2797 * ToDS FromDS Addr1 Addr2 Addr3 Addr4
2798 * 0 0 DA SA BSSID n/a
2799 * 0 1 DA BSSID SA n/a
2800 * 1 0 BSSID SA DA n/a
2801 * 1 1 RA TA DA SA
2802 */
2803
2804 switch (fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) {
2805 case IEEE80211_FCTL_TODS:
2806 /* BSSID SA DA */
2807 memcpy(dst, hdr->addr3, ETH_ALEN);
2808 memcpy(src, hdr->addr2, ETH_ALEN);
2809
2810 if (unlikely(sdata->type != IEEE80211_IF_TYPE_AP &&
2811 sdata->type != IEEE80211_IF_TYPE_VLAN)) {
2812 printk(KERN_DEBUG "%s: dropped ToDS frame (BSSID="
2813 MAC_FMT " SA=" MAC_FMT " DA=" MAC_FMT ")\n",
2814 dev->name, MAC_ARG(hdr->addr1),
2815 MAC_ARG(hdr->addr2), MAC_ARG(hdr->addr3));
2816 return TXRX_DROP;
2817 }
2818 break;
2819 case (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS):
2820 /* RA TA DA SA */
2821 memcpy(dst, hdr->addr3, ETH_ALEN);
2822 memcpy(src, hdr->addr4, ETH_ALEN);
2823
2824 if (unlikely(sdata->type != IEEE80211_IF_TYPE_WDS)) {
2825 printk(KERN_DEBUG "%s: dropped FromDS&ToDS frame (RA="
2826 MAC_FMT " TA=" MAC_FMT " DA=" MAC_FMT " SA="
2827 MAC_FMT ")\n",
2828 rx->dev->name, MAC_ARG(hdr->addr1),
2829 MAC_ARG(hdr->addr2), MAC_ARG(hdr->addr3),
2830 MAC_ARG(hdr->addr4));
2831 return TXRX_DROP;
2832 }
2833 break;
2834 case IEEE80211_FCTL_FROMDS:
2835 /* DA BSSID SA */
2836 memcpy(dst, hdr->addr1, ETH_ALEN);
2837 memcpy(src, hdr->addr3, ETH_ALEN);
2838
2839 if (sdata->type != IEEE80211_IF_TYPE_STA) {
2840 return TXRX_DROP;
2841 }
2842 break;
2843 case 0:
2844 /* DA SA BSSID */
2845 memcpy(dst, hdr->addr1, ETH_ALEN);
2846 memcpy(src, hdr->addr2, ETH_ALEN);
2847
2848 if (sdata->type != IEEE80211_IF_TYPE_IBSS) {
2849 if (net_ratelimit()) {
2850 printk(KERN_DEBUG "%s: dropped IBSS frame (DA="
2851 MAC_FMT " SA=" MAC_FMT " BSSID=" MAC_FMT
2852 ")\n",
2853 dev->name, MAC_ARG(hdr->addr1),
2854 MAC_ARG(hdr->addr2),
2855 MAC_ARG(hdr->addr3));
2856 }
2857 return TXRX_DROP;
2858 }
2859 break;
2860 }
2861
2862 payload = skb->data + hdrlen;
2863
2864 if (unlikely(skb->len - hdrlen < 8)) {
2865 if (net_ratelimit()) {
2866 printk(KERN_DEBUG "%s: RX too short data frame "
2867 "payload\n", dev->name);
2868 }
2869 return TXRX_DROP;
2870 }
2871
2872 ethertype = (payload[6] << 8) | payload[7];
2873
2874 if (likely((compare_ether_addr(payload, rfc1042_header) == 0 &&
2875 ethertype != ETH_P_AARP && ethertype != ETH_P_IPX) ||
2876 compare_ether_addr(payload, bridge_tunnel_header) == 0)) {
2877 /* remove RFC1042 or Bridge-Tunnel encapsulation and
2878 * replace EtherType */
2879 skb_pull(skb, hdrlen + 6);
2880 memcpy(skb_push(skb, ETH_ALEN), src, ETH_ALEN);
2881 memcpy(skb_push(skb, ETH_ALEN), dst, ETH_ALEN);
2882 } else {
2883 struct ethhdr *ehdr;
2884 __be16 len;
2885 skb_pull(skb, hdrlen);
2886 len = htons(skb->len);
2887 ehdr = (struct ethhdr *) skb_push(skb, sizeof(struct ethhdr));
2888 memcpy(ehdr->h_dest, dst, ETH_ALEN);
2889 memcpy(ehdr->h_source, src, ETH_ALEN);
2890 ehdr->h_proto = len;
2891 }
2892 skb->dev = dev;
2893
2894 skb2 = NULL;
2895
2896 sdata->stats.rx_packets++;
2897 sdata->stats.rx_bytes += skb->len;
2898
2899 if (local->bridge_packets && (sdata->type == IEEE80211_IF_TYPE_AP
2900 || sdata->type == IEEE80211_IF_TYPE_VLAN) && rx->u.rx.ra_match) {
2901 if (is_multicast_ether_addr(skb->data)) {
2902 /* send multicast frames both to higher layers in
2903 * local net stack and back to the wireless media */
2904 skb2 = skb_copy(skb, GFP_ATOMIC);
2905 if (!skb2)
2906 printk(KERN_DEBUG "%s: failed to clone "
2907 "multicast frame\n", dev->name);
2908 } else {
2909 struct sta_info *dsta;
2910 dsta = sta_info_get(local, skb->data);
2911 if (dsta && !dsta->dev) {
2912 printk(KERN_DEBUG "Station with null dev "
2913 "structure!\n");
2914 } else if (dsta && dsta->dev == dev) {
2915 /* Destination station is associated to this
2916 * AP, so send the frame directly to it and
2917 * do not pass the frame to local net stack.
2918 */
2919 skb2 = skb;
2920 skb = NULL;
2921 }
2922 if (dsta)
2923 sta_info_put(dsta);
2924 }
2925 }
2926
2927 if (skb) {
2928 /* deliver to local stack */
2929 skb->protocol = eth_type_trans(skb, dev);
2930 memset(skb->cb, 0, sizeof(skb->cb));
2931 netif_rx(skb);
2932 }
2933
2934 if (skb2) {
2935 /* send to wireless media */
2936 skb2->protocol = __constant_htons(ETH_P_802_3);
2937 skb_set_network_header(skb2, 0);
2938 skb_set_mac_header(skb2, 0);
2939 dev_queue_xmit(skb2);
2940 }
2941
2942 return TXRX_QUEUED;
2943}
2944
2945
2946static struct ieee80211_rate *
2947ieee80211_get_rate(struct ieee80211_local *local, int phymode, int hw_rate) 2759ieee80211_get_rate(struct ieee80211_local *local, int phymode, int hw_rate)
2948{ 2760{
2949 struct ieee80211_hw_mode *mode; 2761 struct ieee80211_hw_mode *mode;
@@ -3071,69 +2883,6 @@ ieee80211_rx_mgmt(struct ieee80211_local *local, struct sk_buff *skb,
3071 netif_rx(skb); 2883 netif_rx(skb);
3072} 2884}
3073 2885
3074static void
3075ieee80211_rx_monitor(struct net_device *dev, struct sk_buff *skb,
3076 struct ieee80211_rx_status *status)
3077{
3078 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
3079 struct ieee80211_sub_if_data *sdata;
3080 struct ieee80211_rate *rate;
3081 struct ieee80211_rtap_hdr {
3082 struct ieee80211_radiotap_header hdr;
3083 u8 flags;
3084 u8 rate;
3085 __le16 chan_freq;
3086 __le16 chan_flags;
3087 u8 antsignal;
3088 } __attribute__ ((packed)) *rthdr;
3089
3090 skb->dev = dev;
3091
3092 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3093
3094 if (status->flag & RX_FLAG_RADIOTAP)
3095 goto out;
3096
3097 if (skb_headroom(skb) < sizeof(*rthdr)) {
3098 I802_DEBUG_INC(local->rx_expand_skb_head);
3099 if (pskb_expand_head(skb, sizeof(*rthdr), 0, GFP_ATOMIC)) {
3100 dev_kfree_skb(skb);
3101 return;
3102 }
3103 }
3104
3105 rthdr = (struct ieee80211_rtap_hdr *) skb_push(skb, sizeof(*rthdr));
3106 memset(rthdr, 0, sizeof(*rthdr));
3107 rthdr->hdr.it_len = cpu_to_le16(sizeof(*rthdr));
3108 rthdr->hdr.it_present =
3109 cpu_to_le32((1 << IEEE80211_RADIOTAP_FLAGS) |
3110 (1 << IEEE80211_RADIOTAP_RATE) |
3111 (1 << IEEE80211_RADIOTAP_CHANNEL) |
3112 (1 << IEEE80211_RADIOTAP_DB_ANTSIGNAL));
3113 rthdr->flags = local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS ?
3114 IEEE80211_RADIOTAP_F_FCS : 0;
3115 rate = ieee80211_get_rate(local, status->phymode, status->rate);
3116 if (rate)
3117 rthdr->rate = rate->rate / 5;
3118 rthdr->chan_freq = cpu_to_le16(status->freq);
3119 rthdr->chan_flags =
3120 status->phymode == MODE_IEEE80211A ?
3121 cpu_to_le16(IEEE80211_CHAN_OFDM | IEEE80211_CHAN_5GHZ) :
3122 cpu_to_le16(IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ);
3123 rthdr->antsignal = status->ssi;
3124
3125 out:
3126 sdata->stats.rx_packets++;
3127 sdata->stats.rx_bytes += skb->len;
3128
3129 skb_set_mac_header(skb, 0);
3130 skb->ip_summed = CHECKSUM_UNNECESSARY;
3131 skb->pkt_type = PACKET_OTHERHOST;
3132 skb->protocol = htons(ETH_P_802_2);
3133 memset(skb->cb, 0, sizeof(skb->cb));
3134 netif_rx(skb);
3135}
3136
3137int ieee80211_radar_status(struct ieee80211_hw *hw, int channel, 2886int ieee80211_radar_status(struct ieee80211_hw *hw, int channel,
3138 int radar, int radar_type) 2887 int radar, int radar_type)
3139{ 2888{
@@ -3163,1000 +2912,6 @@ int ieee80211_radar_status(struct ieee80211_hw *hw, int channel,
3163EXPORT_SYMBOL(ieee80211_radar_status); 2912EXPORT_SYMBOL(ieee80211_radar_status);
3164 2913
3165 2914
3166static void ap_sta_ps_start(struct net_device *dev, struct sta_info *sta)
3167{
3168 struct ieee80211_sub_if_data *sdata;
3169 sdata = IEEE80211_DEV_TO_SUB_IF(sta->dev);
3170
3171 if (sdata->bss)
3172 atomic_inc(&sdata->bss->num_sta_ps);
3173 sta->flags |= WLAN_STA_PS;
3174 sta->pspoll = 0;
3175#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
3176 printk(KERN_DEBUG "%s: STA " MAC_FMT " aid %d enters power "
3177 "save mode\n", dev->name, MAC_ARG(sta->addr), sta->aid);
3178#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
3179}
3180
3181
3182static int ap_sta_ps_end(struct net_device *dev, struct sta_info *sta)
3183{
3184 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
3185 struct sk_buff *skb;
3186 int sent = 0;
3187 struct ieee80211_sub_if_data *sdata;
3188 struct ieee80211_tx_packet_data *pkt_data;
3189
3190 sdata = IEEE80211_DEV_TO_SUB_IF(sta->dev);
3191 if (sdata->bss)
3192 atomic_dec(&sdata->bss->num_sta_ps);
3193 sta->flags &= ~(WLAN_STA_PS | WLAN_STA_TIM);
3194 sta->pspoll = 0;
3195 if (!skb_queue_empty(&sta->ps_tx_buf)) {
3196 if (local->ops->set_tim)
3197 local->ops->set_tim(local_to_hw(local), sta->aid, 0);
3198 if (sdata->bss)
3199 bss_tim_clear(local, sdata->bss, sta->aid);
3200 }
3201#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
3202 printk(KERN_DEBUG "%s: STA " MAC_FMT " aid %d exits power "
3203 "save mode\n", dev->name, MAC_ARG(sta->addr), sta->aid);
3204#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
3205 /* Send all buffered frames to the station */
3206 while ((skb = skb_dequeue(&sta->tx_filtered)) != NULL) {
3207 pkt_data = (struct ieee80211_tx_packet_data *) skb->cb;
3208 sent++;
3209 pkt_data->requeue = 1;
3210 dev_queue_xmit(skb);
3211 }
3212 while ((skb = skb_dequeue(&sta->ps_tx_buf)) != NULL) {
3213 pkt_data = (struct ieee80211_tx_packet_data *) skb->cb;
3214 local->total_ps_buffered--;
3215 sent++;
3216#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
3217 printk(KERN_DEBUG "%s: STA " MAC_FMT " aid %d send PS frame "
3218 "since STA not sleeping anymore\n", dev->name,
3219 MAC_ARG(sta->addr), sta->aid);
3220#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
3221 pkt_data->requeue = 1;
3222 dev_queue_xmit(skb);
3223 }
3224
3225 return sent;
3226}
3227
3228
3229static ieee80211_txrx_result
3230ieee80211_rx_h_ps_poll(struct ieee80211_txrx_data *rx)
3231{
3232 struct sk_buff *skb;
3233 int no_pending_pkts;
3234
3235 if (likely(!rx->sta ||
3236 (rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_CTL ||
3237 (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_PSPOLL ||
3238 !rx->u.rx.ra_match))
3239 return TXRX_CONTINUE;
3240
3241 skb = skb_dequeue(&rx->sta->tx_filtered);
3242 if (!skb) {
3243 skb = skb_dequeue(&rx->sta->ps_tx_buf);
3244 if (skb)
3245 rx->local->total_ps_buffered--;
3246 }
3247 no_pending_pkts = skb_queue_empty(&rx->sta->tx_filtered) &&
3248 skb_queue_empty(&rx->sta->ps_tx_buf);
3249
3250 if (skb) {
3251 struct ieee80211_hdr *hdr =
3252 (struct ieee80211_hdr *) skb->data;
3253
3254 /* tell TX path to send one frame even though the STA may
3255 * still remain is PS mode after this frame exchange */
3256 rx->sta->pspoll = 1;
3257
3258#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
3259 printk(KERN_DEBUG "STA " MAC_FMT " aid %d: PS Poll (entries "
3260 "after %d)\n",
3261 MAC_ARG(rx->sta->addr), rx->sta->aid,
3262 skb_queue_len(&rx->sta->ps_tx_buf));
3263#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
3264
3265 /* Use MoreData flag to indicate whether there are more
3266 * buffered frames for this STA */
3267 if (no_pending_pkts) {
3268 hdr->frame_control &= cpu_to_le16(~IEEE80211_FCTL_MOREDATA);
3269 rx->sta->flags &= ~WLAN_STA_TIM;
3270 } else
3271 hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_MOREDATA);
3272
3273 dev_queue_xmit(skb);
3274
3275 if (no_pending_pkts) {
3276 if (rx->local->ops->set_tim)
3277 rx->local->ops->set_tim(local_to_hw(rx->local),
3278 rx->sta->aid, 0);
3279 if (rx->sdata->bss)
3280 bss_tim_clear(rx->local, rx->sdata->bss, rx->sta->aid);
3281 }
3282#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
3283 } else if (!rx->u.rx.sent_ps_buffered) {
3284 printk(KERN_DEBUG "%s: STA " MAC_FMT " sent PS Poll even "
3285 "though there is no buffered frames for it\n",
3286 rx->dev->name, MAC_ARG(rx->sta->addr));
3287#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
3288
3289 }
3290
3291 /* Free PS Poll skb here instead of returning TXRX_DROP that would
3292 * count as an dropped frame. */
3293 dev_kfree_skb(rx->skb);
3294
3295 return TXRX_QUEUED;
3296}
3297
3298
3299static inline struct ieee80211_fragment_entry *
3300ieee80211_reassemble_add(struct ieee80211_sub_if_data *sdata,
3301 unsigned int frag, unsigned int seq, int rx_queue,
3302 struct sk_buff **skb)
3303{
3304 struct ieee80211_fragment_entry *entry;
3305 int idx;
3306
3307 idx = sdata->fragment_next;
3308 entry = &sdata->fragments[sdata->fragment_next++];
3309 if (sdata->fragment_next >= IEEE80211_FRAGMENT_MAX)
3310 sdata->fragment_next = 0;
3311
3312 if (!skb_queue_empty(&entry->skb_list)) {
3313#ifdef CONFIG_MAC80211_DEBUG
3314 struct ieee80211_hdr *hdr =
3315 (struct ieee80211_hdr *) entry->skb_list.next->data;
3316 printk(KERN_DEBUG "%s: RX reassembly removed oldest "
3317 "fragment entry (idx=%d age=%lu seq=%d last_frag=%d "
3318 "addr1=" MAC_FMT " addr2=" MAC_FMT "\n",
3319 sdata->dev->name, idx,
3320 jiffies - entry->first_frag_time, entry->seq,
3321 entry->last_frag, MAC_ARG(hdr->addr1),
3322 MAC_ARG(hdr->addr2));
3323#endif /* CONFIG_MAC80211_DEBUG */
3324 __skb_queue_purge(&entry->skb_list);
3325 }
3326
3327 __skb_queue_tail(&entry->skb_list, *skb); /* no need for locking */
3328 *skb = NULL;
3329 entry->first_frag_time = jiffies;
3330 entry->seq = seq;
3331 entry->rx_queue = rx_queue;
3332 entry->last_frag = frag;
3333 entry->ccmp = 0;
3334 entry->extra_len = 0;
3335
3336 return entry;
3337}
3338
3339
3340static inline struct ieee80211_fragment_entry *
3341ieee80211_reassemble_find(struct ieee80211_sub_if_data *sdata,
3342 u16 fc, unsigned int frag, unsigned int seq,
3343 int rx_queue, struct ieee80211_hdr *hdr)
3344{
3345 struct ieee80211_fragment_entry *entry;
3346 int i, idx;
3347
3348 idx = sdata->fragment_next;
3349 for (i = 0; i < IEEE80211_FRAGMENT_MAX; i++) {
3350 struct ieee80211_hdr *f_hdr;
3351 u16 f_fc;
3352
3353 idx--;
3354 if (idx < 0)
3355 idx = IEEE80211_FRAGMENT_MAX - 1;
3356
3357 entry = &sdata->fragments[idx];
3358 if (skb_queue_empty(&entry->skb_list) || entry->seq != seq ||
3359 entry->rx_queue != rx_queue ||
3360 entry->last_frag + 1 != frag)
3361 continue;
3362
3363 f_hdr = (struct ieee80211_hdr *) entry->skb_list.next->data;
3364 f_fc = le16_to_cpu(f_hdr->frame_control);
3365
3366 if ((fc & IEEE80211_FCTL_FTYPE) != (f_fc & IEEE80211_FCTL_FTYPE) ||
3367 compare_ether_addr(hdr->addr1, f_hdr->addr1) != 0 ||
3368 compare_ether_addr(hdr->addr2, f_hdr->addr2) != 0)
3369 continue;
3370
3371 if (entry->first_frag_time + 2 * HZ < jiffies) {
3372 __skb_queue_purge(&entry->skb_list);
3373 continue;
3374 }
3375 return entry;
3376 }
3377
3378 return NULL;
3379}
3380
3381
3382static ieee80211_txrx_result
3383ieee80211_rx_h_defragment(struct ieee80211_txrx_data *rx)
3384{
3385 struct ieee80211_hdr *hdr;
3386 u16 sc;
3387 unsigned int frag, seq;
3388 struct ieee80211_fragment_entry *entry;
3389 struct sk_buff *skb;
3390
3391 hdr = (struct ieee80211_hdr *) rx->skb->data;
3392 sc = le16_to_cpu(hdr->seq_ctrl);
3393 frag = sc & IEEE80211_SCTL_FRAG;
3394
3395 if (likely((!(rx->fc & IEEE80211_FCTL_MOREFRAGS) && frag == 0) ||
3396 (rx->skb)->len < 24 ||
3397 is_multicast_ether_addr(hdr->addr1))) {
3398 /* not fragmented */
3399 goto out;
3400 }
3401 I802_DEBUG_INC(rx->local->rx_handlers_fragments);
3402
3403 seq = (sc & IEEE80211_SCTL_SEQ) >> 4;
3404
3405 if (frag == 0) {
3406 /* This is the first fragment of a new frame. */
3407 entry = ieee80211_reassemble_add(rx->sdata, frag, seq,
3408 rx->u.rx.queue, &(rx->skb));
3409 if (rx->key && rx->key->alg == ALG_CCMP &&
3410 (rx->fc & IEEE80211_FCTL_PROTECTED)) {
3411 /* Store CCMP PN so that we can verify that the next
3412 * fragment has a sequential PN value. */
3413 entry->ccmp = 1;
3414 memcpy(entry->last_pn,
3415 rx->key->u.ccmp.rx_pn[rx->u.rx.queue],
3416 CCMP_PN_LEN);
3417 }
3418 return TXRX_QUEUED;
3419 }
3420
3421 /* This is a fragment for a frame that should already be pending in
3422 * fragment cache. Add this fragment to the end of the pending entry.
3423 */
3424 entry = ieee80211_reassemble_find(rx->sdata, rx->fc, frag, seq,
3425 rx->u.rx.queue, hdr);
3426 if (!entry) {
3427 I802_DEBUG_INC(rx->local->rx_handlers_drop_defrag);
3428 return TXRX_DROP;
3429 }
3430
3431 /* Verify that MPDUs within one MSDU have sequential PN values.
3432 * (IEEE 802.11i, 8.3.3.4.5) */
3433 if (entry->ccmp) {
3434 int i;
3435 u8 pn[CCMP_PN_LEN], *rpn;
3436 if (!rx->key || rx->key->alg != ALG_CCMP)
3437 return TXRX_DROP;
3438 memcpy(pn, entry->last_pn, CCMP_PN_LEN);
3439 for (i = CCMP_PN_LEN - 1; i >= 0; i--) {
3440 pn[i]++;
3441 if (pn[i])
3442 break;
3443 }
3444 rpn = rx->key->u.ccmp.rx_pn[rx->u.rx.queue];
3445 if (memcmp(pn, rpn, CCMP_PN_LEN) != 0) {
3446 printk(KERN_DEBUG "%s: defrag: CCMP PN not sequential"
3447 " A2=" MAC_FMT " PN=%02x%02x%02x%02x%02x%02x "
3448 "(expected %02x%02x%02x%02x%02x%02x)\n",
3449 rx->dev->name, MAC_ARG(hdr->addr2),
3450 rpn[0], rpn[1], rpn[2], rpn[3], rpn[4], rpn[5],
3451 pn[0], pn[1], pn[2], pn[3], pn[4], pn[5]);
3452 return TXRX_DROP;
3453 }
3454 memcpy(entry->last_pn, pn, CCMP_PN_LEN);
3455 }
3456
3457 skb_pull(rx->skb, ieee80211_get_hdrlen(rx->fc));
3458 __skb_queue_tail(&entry->skb_list, rx->skb);
3459 entry->last_frag = frag;
3460 entry->extra_len += rx->skb->len;
3461 if (rx->fc & IEEE80211_FCTL_MOREFRAGS) {
3462 rx->skb = NULL;
3463 return TXRX_QUEUED;
3464 }
3465
3466 rx->skb = __skb_dequeue(&entry->skb_list);
3467 if (skb_tailroom(rx->skb) < entry->extra_len) {
3468 I802_DEBUG_INC(rx->local->rx_expand_skb_head2);
3469 if (unlikely(pskb_expand_head(rx->skb, 0, entry->extra_len,
3470 GFP_ATOMIC))) {
3471 I802_DEBUG_INC(rx->local->rx_handlers_drop_defrag);
3472 __skb_queue_purge(&entry->skb_list);
3473 return TXRX_DROP;
3474 }
3475 }
3476 while ((skb = __skb_dequeue(&entry->skb_list))) {
3477 memcpy(skb_put(rx->skb, skb->len), skb->data, skb->len);
3478 dev_kfree_skb(skb);
3479 }
3480
3481 /* Complete frame has been reassembled - process it now */
3482 rx->fragmented = 1;
3483
3484 out:
3485 if (rx->sta)
3486 rx->sta->rx_packets++;
3487 if (is_multicast_ether_addr(hdr->addr1))
3488 rx->local->dot11MulticastReceivedFrameCount++;
3489 else
3490 ieee80211_led_rx(rx->local);
3491 return TXRX_CONTINUE;
3492}
3493
3494
3495static ieee80211_txrx_result
3496ieee80211_rx_h_monitor(struct ieee80211_txrx_data *rx)
3497{
3498 if (rx->sdata->type == IEEE80211_IF_TYPE_MNTR) {
3499 ieee80211_rx_monitor(rx->dev, rx->skb, rx->u.rx.status);
3500 return TXRX_QUEUED;
3501 }
3502
3503 if (rx->u.rx.status->flag & RX_FLAG_RADIOTAP)
3504 skb_pull(rx->skb, ieee80211_get_radiotap_len(rx->skb));
3505
3506 return TXRX_CONTINUE;
3507}
3508
3509
3510static ieee80211_txrx_result
3511ieee80211_rx_h_check(struct ieee80211_txrx_data *rx)
3512{
3513 struct ieee80211_hdr *hdr;
3514 int always_sta_key;
3515 hdr = (struct ieee80211_hdr *) rx->skb->data;
3516
3517 /* Drop duplicate 802.11 retransmissions (IEEE 802.11 Chap. 9.2.9) */
3518 if (rx->sta && !is_multicast_ether_addr(hdr->addr1)) {
3519 if (unlikely(rx->fc & IEEE80211_FCTL_RETRY &&
3520 rx->sta->last_seq_ctrl[rx->u.rx.queue] ==
3521 hdr->seq_ctrl)) {
3522 if (rx->u.rx.ra_match) {
3523 rx->local->dot11FrameDuplicateCount++;
3524 rx->sta->num_duplicates++;
3525 }
3526 return TXRX_DROP;
3527 } else
3528 rx->sta->last_seq_ctrl[rx->u.rx.queue] = hdr->seq_ctrl;
3529 }
3530
3531 if ((rx->local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS) &&
3532 rx->skb->len > FCS_LEN)
3533 skb_trim(rx->skb, rx->skb->len - FCS_LEN);
3534
3535 if (unlikely(rx->skb->len < 16)) {
3536 I802_DEBUG_INC(rx->local->rx_handlers_drop_short);
3537 return TXRX_DROP;
3538 }
3539
3540 if (!rx->u.rx.ra_match)
3541 rx->skb->pkt_type = PACKET_OTHERHOST;
3542 else if (compare_ether_addr(rx->dev->dev_addr, hdr->addr1) == 0)
3543 rx->skb->pkt_type = PACKET_HOST;
3544 else if (is_multicast_ether_addr(hdr->addr1)) {
3545 if (is_broadcast_ether_addr(hdr->addr1))
3546 rx->skb->pkt_type = PACKET_BROADCAST;
3547 else
3548 rx->skb->pkt_type = PACKET_MULTICAST;
3549 } else
3550 rx->skb->pkt_type = PACKET_OTHERHOST;
3551
3552 /* Drop disallowed frame classes based on STA auth/assoc state;
3553 * IEEE 802.11, Chap 5.5.
3554 *
3555 * 80211.o does filtering only based on association state, i.e., it
3556 * drops Class 3 frames from not associated stations. hostapd sends
3557 * deauth/disassoc frames when needed. In addition, hostapd is
3558 * responsible for filtering on both auth and assoc states.
3559 */
3560 if (unlikely(((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA ||
3561 ((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_CTL &&
3562 (rx->fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_PSPOLL)) &&
3563 rx->sdata->type != IEEE80211_IF_TYPE_IBSS &&
3564 (!rx->sta || !(rx->sta->flags & WLAN_STA_ASSOC)))) {
3565 if ((!(rx->fc & IEEE80211_FCTL_FROMDS) &&
3566 !(rx->fc & IEEE80211_FCTL_TODS) &&
3567 (rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA)
3568 || !rx->u.rx.ra_match) {
3569 /* Drop IBSS frames and frames for other hosts
3570 * silently. */
3571 return TXRX_DROP;
3572 }
3573
3574 if (!rx->local->apdev)
3575 return TXRX_DROP;
3576
3577 ieee80211_rx_mgmt(rx->local, rx->skb, rx->u.rx.status,
3578 ieee80211_msg_sta_not_assoc);
3579 return TXRX_QUEUED;
3580 }
3581
3582 if (rx->sdata->type == IEEE80211_IF_TYPE_STA)
3583 always_sta_key = 0;
3584 else
3585 always_sta_key = 1;
3586
3587 if (rx->sta && rx->sta->key && always_sta_key) {
3588 rx->key = rx->sta->key;
3589 } else {
3590 if (rx->sta && rx->sta->key)
3591 rx->key = rx->sta->key;
3592 else
3593 rx->key = rx->sdata->default_key;
3594
3595 if ((rx->local->hw.flags & IEEE80211_HW_WEP_INCLUDE_IV) &&
3596 rx->fc & IEEE80211_FCTL_PROTECTED) {
3597 int keyidx = ieee80211_wep_get_keyidx(rx->skb);
3598
3599 if (keyidx >= 0 && keyidx < NUM_DEFAULT_KEYS &&
3600 (!rx->sta || !rx->sta->key || keyidx > 0))
3601 rx->key = rx->sdata->keys[keyidx];
3602
3603 if (!rx->key) {
3604 if (!rx->u.rx.ra_match)
3605 return TXRX_DROP;
3606 printk(KERN_DEBUG "%s: RX WEP frame with "
3607 "unknown keyidx %d (A1=" MAC_FMT " A2="
3608 MAC_FMT " A3=" MAC_FMT ")\n",
3609 rx->dev->name, keyidx,
3610 MAC_ARG(hdr->addr1),
3611 MAC_ARG(hdr->addr2),
3612 MAC_ARG(hdr->addr3));
3613 if (!rx->local->apdev)
3614 return TXRX_DROP;
3615 ieee80211_rx_mgmt(
3616 rx->local, rx->skb, rx->u.rx.status,
3617 ieee80211_msg_wep_frame_unknown_key);
3618 return TXRX_QUEUED;
3619 }
3620 }
3621 }
3622
3623 if (rx->fc & IEEE80211_FCTL_PROTECTED && rx->key && rx->u.rx.ra_match) {
3624 rx->key->tx_rx_count++;
3625 if (unlikely(rx->local->key_tx_rx_threshold &&
3626 rx->key->tx_rx_count >
3627 rx->local->key_tx_rx_threshold)) {
3628 ieee80211_key_threshold_notify(rx->dev, rx->key,
3629 rx->sta);
3630 }
3631 }
3632
3633 return TXRX_CONTINUE;
3634}
3635
3636
3637static ieee80211_txrx_result
3638ieee80211_rx_h_sta_process(struct ieee80211_txrx_data *rx)
3639{
3640 struct sta_info *sta = rx->sta;
3641 struct net_device *dev = rx->dev;
3642 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
3643
3644 if (!sta)
3645 return TXRX_CONTINUE;
3646
3647 /* Update last_rx only for IBSS packets which are for the current
3648 * BSSID to avoid keeping the current IBSS network alive in cases where
3649 * other STAs are using different BSSID. */
3650 if (rx->sdata->type == IEEE80211_IF_TYPE_IBSS) {
3651 u8 *bssid = ieee80211_get_bssid(hdr, rx->skb->len);
3652 if (compare_ether_addr(bssid, rx->sdata->u.sta.bssid) == 0)
3653 sta->last_rx = jiffies;
3654 } else
3655 if (!is_multicast_ether_addr(hdr->addr1) ||
3656 rx->sdata->type == IEEE80211_IF_TYPE_STA) {
3657 /* Update last_rx only for unicast frames in order to prevent
3658 * the Probe Request frames (the only broadcast frames from a
3659 * STA in infrastructure mode) from keeping a connection alive.
3660 */
3661 sta->last_rx = jiffies;
3662 }
3663
3664 if (!rx->u.rx.ra_match)
3665 return TXRX_CONTINUE;
3666
3667 sta->rx_fragments++;
3668 sta->rx_bytes += rx->skb->len;
3669 sta->last_rssi = (sta->last_rssi * 15 +
3670 rx->u.rx.status->ssi) / 16;
3671 sta->last_signal = (sta->last_signal * 15 +
3672 rx->u.rx.status->signal) / 16;
3673 sta->last_noise = (sta->last_noise * 15 +
3674 rx->u.rx.status->noise) / 16;
3675
3676 if (!(rx->fc & IEEE80211_FCTL_MOREFRAGS)) {
3677 /* Change STA power saving mode only in the end of a frame
3678 * exchange sequence */
3679 if ((sta->flags & WLAN_STA_PS) && !(rx->fc & IEEE80211_FCTL_PM))
3680 rx->u.rx.sent_ps_buffered += ap_sta_ps_end(dev, sta);
3681 else if (!(sta->flags & WLAN_STA_PS) &&
3682 (rx->fc & IEEE80211_FCTL_PM))
3683 ap_sta_ps_start(dev, sta);
3684 }
3685
3686 /* Drop data::nullfunc frames silently, since they are used only to
3687 * control station power saving mode. */
3688 if ((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA &&
3689 (rx->fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_NULLFUNC) {
3690 I802_DEBUG_INC(rx->local->rx_handlers_drop_nullfunc);
3691 /* Update counter and free packet here to avoid counting this
3692 * as a dropped packed. */
3693 sta->rx_packets++;
3694 dev_kfree_skb(rx->skb);
3695 return TXRX_QUEUED;
3696 }
3697
3698 return TXRX_CONTINUE;
3699} /* ieee80211_rx_h_sta_process */
3700
3701
3702static ieee80211_txrx_result
3703ieee80211_rx_h_wep_weak_iv_detection(struct ieee80211_txrx_data *rx)
3704{
3705 if (!rx->sta || !(rx->fc & IEEE80211_FCTL_PROTECTED) ||
3706 (rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA ||
3707 !rx->key || rx->key->alg != ALG_WEP || !rx->u.rx.ra_match)
3708 return TXRX_CONTINUE;
3709
3710 /* Check for weak IVs, if hwaccel did not remove IV from the frame */
3711 if ((rx->local->hw.flags & IEEE80211_HW_WEP_INCLUDE_IV) ||
3712 rx->key->force_sw_encrypt) {
3713 u8 *iv = ieee80211_wep_is_weak_iv(rx->skb, rx->key);
3714 if (iv) {
3715 rx->sta->wep_weak_iv_count++;
3716 }
3717 }
3718
3719 return TXRX_CONTINUE;
3720}
3721
3722
3723static ieee80211_txrx_result
3724ieee80211_rx_h_wep_decrypt(struct ieee80211_txrx_data *rx)
3725{
3726 /* If the device handles decryption totally, skip this test */
3727 if (rx->local->hw.flags & IEEE80211_HW_DEVICE_HIDES_WEP)
3728 return TXRX_CONTINUE;
3729
3730 if ((rx->key && rx->key->alg != ALG_WEP) ||
3731 !(rx->fc & IEEE80211_FCTL_PROTECTED) ||
3732 ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA &&
3733 ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT ||
3734 (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_AUTH)))
3735 return TXRX_CONTINUE;
3736
3737 if (!rx->key) {
3738 printk(KERN_DEBUG "%s: RX WEP frame, but no key set\n",
3739 rx->dev->name);
3740 return TXRX_DROP;
3741 }
3742
3743 if (!(rx->u.rx.status->flag & RX_FLAG_DECRYPTED) ||
3744 rx->key->force_sw_encrypt) {
3745 if (ieee80211_wep_decrypt(rx->local, rx->skb, rx->key)) {
3746 printk(KERN_DEBUG "%s: RX WEP frame, decrypt "
3747 "failed\n", rx->dev->name);
3748 return TXRX_DROP;
3749 }
3750 } else if (rx->local->hw.flags & IEEE80211_HW_WEP_INCLUDE_IV) {
3751 ieee80211_wep_remove_iv(rx->local, rx->skb, rx->key);
3752 /* remove ICV */
3753 skb_trim(rx->skb, rx->skb->len - 4);
3754 }
3755
3756 return TXRX_CONTINUE;
3757}
3758
3759
3760static ieee80211_txrx_result
3761ieee80211_rx_h_802_1x_pae(struct ieee80211_txrx_data *rx)
3762{
3763 if (rx->sdata->eapol && ieee80211_is_eapol(rx->skb) &&
3764 rx->sdata->type != IEEE80211_IF_TYPE_STA && rx->u.rx.ra_match) {
3765 /* Pass both encrypted and unencrypted EAPOL frames to user
3766 * space for processing. */
3767 if (!rx->local->apdev)
3768 return TXRX_DROP;
3769 ieee80211_rx_mgmt(rx->local, rx->skb, rx->u.rx.status,
3770 ieee80211_msg_normal);
3771 return TXRX_QUEUED;
3772 }
3773
3774 if (unlikely(rx->sdata->ieee802_1x &&
3775 (rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA &&
3776 (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_NULLFUNC &&
3777 (!rx->sta || !(rx->sta->flags & WLAN_STA_AUTHORIZED)) &&
3778 !ieee80211_is_eapol(rx->skb))) {
3779#ifdef CONFIG_MAC80211_DEBUG
3780 struct ieee80211_hdr *hdr =
3781 (struct ieee80211_hdr *) rx->skb->data;
3782 printk(KERN_DEBUG "%s: dropped frame from " MAC_FMT
3783 " (unauthorized port)\n", rx->dev->name,
3784 MAC_ARG(hdr->addr2));
3785#endif /* CONFIG_MAC80211_DEBUG */
3786 return TXRX_DROP;
3787 }
3788
3789 return TXRX_CONTINUE;
3790}
3791
3792
3793static ieee80211_txrx_result
3794ieee80211_rx_h_drop_unencrypted(struct ieee80211_txrx_data *rx)
3795{
3796 /* If the device handles decryption totally, skip this test */
3797 if (rx->local->hw.flags & IEEE80211_HW_DEVICE_HIDES_WEP)
3798 return TXRX_CONTINUE;
3799
3800 /* Drop unencrypted frames if key is set. */
3801 if (unlikely(!(rx->fc & IEEE80211_FCTL_PROTECTED) &&
3802 (rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA &&
3803 (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_NULLFUNC &&
3804 (rx->key || rx->sdata->drop_unencrypted) &&
3805 (rx->sdata->eapol == 0 ||
3806 !ieee80211_is_eapol(rx->skb)))) {
3807 printk(KERN_DEBUG "%s: RX non-WEP frame, but expected "
3808 "encryption\n", rx->dev->name);
3809 return TXRX_DROP;
3810 }
3811 return TXRX_CONTINUE;
3812}
3813
3814
3815static ieee80211_txrx_result
3816ieee80211_rx_h_mgmt(struct ieee80211_txrx_data *rx)
3817{
3818 struct ieee80211_sub_if_data *sdata;
3819
3820 if (!rx->u.rx.ra_match)
3821 return TXRX_DROP;
3822
3823 sdata = IEEE80211_DEV_TO_SUB_IF(rx->dev);
3824 if ((sdata->type == IEEE80211_IF_TYPE_STA ||
3825 sdata->type == IEEE80211_IF_TYPE_IBSS) &&
3826 !rx->local->user_space_mlme) {
3827 ieee80211_sta_rx_mgmt(rx->dev, rx->skb, rx->u.rx.status);
3828 } else {
3829 /* Management frames are sent to hostapd for processing */
3830 if (!rx->local->apdev)
3831 return TXRX_DROP;
3832 ieee80211_rx_mgmt(rx->local, rx->skb, rx->u.rx.status,
3833 ieee80211_msg_normal);
3834 }
3835 return TXRX_QUEUED;
3836}
3837
3838
3839static ieee80211_txrx_result
3840ieee80211_rx_h_passive_scan(struct ieee80211_txrx_data *rx)
3841{
3842 struct ieee80211_local *local = rx->local;
3843 struct sk_buff *skb = rx->skb;
3844
3845 if (unlikely(local->sta_scanning != 0)) {
3846 ieee80211_sta_rx_scan(rx->dev, skb, rx->u.rx.status);
3847 return TXRX_QUEUED;
3848 }
3849
3850 if (unlikely(rx->u.rx.in_scan)) {
3851 /* scanning finished during invoking of handlers */
3852 I802_DEBUG_INC(local->rx_handlers_drop_passive_scan);
3853 return TXRX_DROP;
3854 }
3855
3856 return TXRX_CONTINUE;
3857}
3858
3859
3860static void ieee80211_rx_michael_mic_report(struct net_device *dev,
3861 struct ieee80211_hdr *hdr,
3862 struct sta_info *sta,
3863 struct ieee80211_txrx_data *rx)
3864{
3865 int keyidx, hdrlen;
3866
3867 hdrlen = ieee80211_get_hdrlen_from_skb(rx->skb);
3868 if (rx->skb->len >= hdrlen + 4)
3869 keyidx = rx->skb->data[hdrlen + 3] >> 6;
3870 else
3871 keyidx = -1;
3872
3873 /* TODO: verify that this is not triggered by fragmented
3874 * frames (hw does not verify MIC for them). */
3875 printk(KERN_DEBUG "%s: TKIP hwaccel reported Michael MIC "
3876 "failure from " MAC_FMT " to " MAC_FMT " keyidx=%d\n",
3877 dev->name, MAC_ARG(hdr->addr2), MAC_ARG(hdr->addr1), keyidx);
3878
3879 if (!sta) {
3880 /* Some hardware versions seem to generate incorrect
3881 * Michael MIC reports; ignore them to avoid triggering
3882 * countermeasures. */
3883 printk(KERN_DEBUG "%s: ignored spurious Michael MIC "
3884 "error for unknown address " MAC_FMT "\n",
3885 dev->name, MAC_ARG(hdr->addr2));
3886 goto ignore;
3887 }
3888
3889 if (!(rx->fc & IEEE80211_FCTL_PROTECTED)) {
3890 printk(KERN_DEBUG "%s: ignored spurious Michael MIC "
3891 "error for a frame with no ISWEP flag (src "
3892 MAC_FMT ")\n", dev->name, MAC_ARG(hdr->addr2));
3893 goto ignore;
3894 }
3895
3896 if ((rx->local->hw.flags & IEEE80211_HW_WEP_INCLUDE_IV) &&
3897 rx->sdata->type == IEEE80211_IF_TYPE_AP) {
3898 keyidx = ieee80211_wep_get_keyidx(rx->skb);
3899 /* AP with Pairwise keys support should never receive Michael
3900 * MIC errors for non-zero keyidx because these are reserved
3901 * for group keys and only the AP is sending real multicast
3902 * frames in BSS. */
3903 if (keyidx) {
3904 printk(KERN_DEBUG "%s: ignored Michael MIC error for "
3905 "a frame with non-zero keyidx (%d) (src " MAC_FMT
3906 ")\n", dev->name, keyidx, MAC_ARG(hdr->addr2));
3907 goto ignore;
3908 }
3909 }
3910
3911 if ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA &&
3912 ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT ||
3913 (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_AUTH)) {
3914 printk(KERN_DEBUG "%s: ignored spurious Michael MIC "
3915 "error for a frame that cannot be encrypted "
3916 "(fc=0x%04x) (src " MAC_FMT ")\n",
3917 dev->name, rx->fc, MAC_ARG(hdr->addr2));
3918 goto ignore;
3919 }
3920
3921 do {
3922 union iwreq_data wrqu;
3923 char *buf = kmalloc(128, GFP_ATOMIC);
3924 if (!buf)
3925 break;
3926
3927 /* TODO: needed parameters: count, key type, TSC */
3928 sprintf(buf, "MLME-MICHAELMICFAILURE.indication("
3929 "keyid=%d %scast addr=" MAC_FMT ")",
3930 keyidx, hdr->addr1[0] & 0x01 ? "broad" : "uni",
3931 MAC_ARG(hdr->addr2));
3932 memset(&wrqu, 0, sizeof(wrqu));
3933 wrqu.data.length = strlen(buf);
3934 wireless_send_event(rx->dev, IWEVCUSTOM, &wrqu, buf);
3935 kfree(buf);
3936 } while (0);
3937
3938 /* TODO: consider verifying the MIC error report with software
3939 * implementation if we get too many spurious reports from the
3940 * hardware. */
3941 if (!rx->local->apdev)
3942 goto ignore;
3943 ieee80211_rx_mgmt(rx->local, rx->skb, rx->u.rx.status,
3944 ieee80211_msg_michael_mic_failure);
3945 return;
3946
3947 ignore:
3948 dev_kfree_skb(rx->skb);
3949 rx->skb = NULL;
3950}
3951
3952static inline ieee80211_txrx_result __ieee80211_invoke_rx_handlers(
3953 struct ieee80211_local *local,
3954 ieee80211_rx_handler *handlers,
3955 struct ieee80211_txrx_data *rx,
3956 struct sta_info *sta)
3957{
3958 ieee80211_rx_handler *handler;
3959 ieee80211_txrx_result res = TXRX_DROP;
3960
3961 for (handler = handlers; *handler != NULL; handler++) {
3962 res = (*handler)(rx);
3963 if (res != TXRX_CONTINUE) {
3964 if (res == TXRX_DROP) {
3965 I802_DEBUG_INC(local->rx_handlers_drop);
3966 if (sta)
3967 sta->rx_dropped++;
3968 }
3969 if (res == TXRX_QUEUED)
3970 I802_DEBUG_INC(local->rx_handlers_queued);
3971 break;
3972 }
3973 }
3974
3975 if (res == TXRX_DROP) {
3976 dev_kfree_skb(rx->skb);
3977 }
3978 return res;
3979}
3980
3981static inline void ieee80211_invoke_rx_handlers(struct ieee80211_local *local,
3982 ieee80211_rx_handler *handlers,
3983 struct ieee80211_txrx_data *rx,
3984 struct sta_info *sta)
3985{
3986 if (__ieee80211_invoke_rx_handlers(local, handlers, rx, sta) ==
3987 TXRX_CONTINUE)
3988 dev_kfree_skb(rx->skb);
3989}
3990
3991/*
3992 * This is the receive path handler. It is called by a low level driver when an
3993 * 802.11 MPDU is received from the hardware.
3994 */
3995void __ieee80211_rx(struct ieee80211_hw *hw, struct sk_buff *skb,
3996 struct ieee80211_rx_status *status)
3997{
3998 struct ieee80211_local *local = hw_to_local(hw);
3999 struct ieee80211_sub_if_data *sdata;
4000 struct sta_info *sta;
4001 struct ieee80211_hdr *hdr;
4002 struct ieee80211_txrx_data rx;
4003 u16 type;
4004 int multicast;
4005 int radiotap_len = 0;
4006
4007 if (status->flag & RX_FLAG_RADIOTAP) {
4008 radiotap_len = ieee80211_get_radiotap_len(skb);
4009 skb_pull(skb, radiotap_len);
4010 }
4011
4012 hdr = (struct ieee80211_hdr *) skb->data;
4013 memset(&rx, 0, sizeof(rx));
4014 rx.skb = skb;
4015 rx.local = local;
4016
4017 rx.u.rx.status = status;
4018 rx.fc = skb->len >= 2 ? le16_to_cpu(hdr->frame_control) : 0;
4019 type = rx.fc & IEEE80211_FCTL_FTYPE;
4020 if (type == IEEE80211_FTYPE_DATA || type == IEEE80211_FTYPE_MGMT)
4021 local->dot11ReceivedFragmentCount++;
4022 multicast = is_multicast_ether_addr(hdr->addr1);
4023
4024 if (skb->len >= 16)
4025 sta = rx.sta = sta_info_get(local, hdr->addr2);
4026 else
4027 sta = rx.sta = NULL;
4028
4029 if (sta) {
4030 rx.dev = sta->dev;
4031 rx.sdata = IEEE80211_DEV_TO_SUB_IF(rx.dev);
4032 }
4033
4034 if ((status->flag & RX_FLAG_MMIC_ERROR)) {
4035 ieee80211_rx_michael_mic_report(local->mdev, hdr, sta, &rx);
4036 goto end;
4037 }
4038
4039 if (unlikely(local->sta_scanning))
4040 rx.u.rx.in_scan = 1;
4041
4042 if (__ieee80211_invoke_rx_handlers(local, local->rx_pre_handlers, &rx,
4043 sta) != TXRX_CONTINUE)
4044 goto end;
4045 skb = rx.skb;
4046
4047 skb_push(skb, radiotap_len);
4048 if (sta && !sta->assoc_ap && !(sta->flags & WLAN_STA_WDS) &&
4049 !local->iff_promiscs && !multicast) {
4050 rx.u.rx.ra_match = 1;
4051 ieee80211_invoke_rx_handlers(local, local->rx_handlers, &rx,
4052 sta);
4053 } else {
4054 struct ieee80211_sub_if_data *prev = NULL;
4055 struct sk_buff *skb_new;
4056 u8 *bssid = ieee80211_get_bssid(hdr, skb->len - radiotap_len);
4057
4058 read_lock(&local->sub_if_lock);
4059 list_for_each_entry(sdata, &local->sub_if_list, list) {
4060 rx.u.rx.ra_match = 1;
4061 switch (sdata->type) {
4062 case IEEE80211_IF_TYPE_STA:
4063 if (!bssid)
4064 continue;
4065 if (!ieee80211_bssid_match(bssid,
4066 sdata->u.sta.bssid)) {
4067 if (!rx.u.rx.in_scan)
4068 continue;
4069 rx.u.rx.ra_match = 0;
4070 } else if (!multicast &&
4071 compare_ether_addr(sdata->dev->dev_addr,
4072 hdr->addr1) != 0) {
4073 if (!sdata->promisc)
4074 continue;
4075 rx.u.rx.ra_match = 0;
4076 }
4077 break;
4078 case IEEE80211_IF_TYPE_IBSS:
4079 if (!bssid)
4080 continue;
4081 if (!ieee80211_bssid_match(bssid,
4082 sdata->u.sta.bssid)) {
4083 if (!rx.u.rx.in_scan)
4084 continue;
4085 rx.u.rx.ra_match = 0;
4086 } else if (!multicast &&
4087 compare_ether_addr(sdata->dev->dev_addr,
4088 hdr->addr1) != 0) {
4089 if (!sdata->promisc)
4090 continue;
4091 rx.u.rx.ra_match = 0;
4092 } else if (!sta)
4093 sta = rx.sta =
4094 ieee80211_ibss_add_sta(sdata->dev,
4095 skb, bssid,
4096 hdr->addr2);
4097 break;
4098 case IEEE80211_IF_TYPE_AP:
4099 if (!bssid) {
4100 if (compare_ether_addr(sdata->dev->dev_addr,
4101 hdr->addr1) != 0)
4102 continue;
4103 } else if (!ieee80211_bssid_match(bssid,
4104 sdata->dev->dev_addr)) {
4105 if (!rx.u.rx.in_scan)
4106 continue;
4107 rx.u.rx.ra_match = 0;
4108 }
4109 if (sdata->dev == local->mdev &&
4110 !rx.u.rx.in_scan)
4111 /* do not receive anything via
4112 * master device when not scanning */
4113 continue;
4114 break;
4115 case IEEE80211_IF_TYPE_WDS:
4116 if (bssid ||
4117 (rx.fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA)
4118 continue;
4119 if (compare_ether_addr(sdata->u.wds.remote_addr,
4120 hdr->addr2) != 0)
4121 continue;
4122 break;
4123 }
4124
4125 if (prev) {
4126 skb_new = skb_copy(skb, GFP_ATOMIC);
4127 if (!skb_new) {
4128 if (net_ratelimit())
4129 printk(KERN_DEBUG "%s: failed to copy "
4130 "multicast frame for %s",
4131 local->mdev->name, prev->dev->name);
4132 continue;
4133 }
4134 rx.skb = skb_new;
4135 rx.dev = prev->dev;
4136 rx.sdata = prev;
4137 ieee80211_invoke_rx_handlers(local,
4138 local->rx_handlers,
4139 &rx, sta);
4140 }
4141 prev = sdata;
4142 }
4143 if (prev) {
4144 rx.skb = skb;
4145 rx.dev = prev->dev;
4146 rx.sdata = prev;
4147 ieee80211_invoke_rx_handlers(local, local->rx_handlers,
4148 &rx, sta);
4149 } else
4150 dev_kfree_skb(skb);
4151 read_unlock(&local->sub_if_lock);
4152 }
4153
4154 end:
4155 if (sta)
4156 sta_info_put(sta);
4157}
4158EXPORT_SYMBOL(__ieee80211_rx);
4159
4160static ieee80211_txrx_result 2915static ieee80211_txrx_result
4161ieee80211_tx_h_load_stats(struct ieee80211_txrx_data *tx) 2916ieee80211_tx_h_load_stats(struct ieee80211_txrx_data *tx)
4162{ 2917{
@@ -4215,65 +2970,6 @@ ieee80211_tx_h_load_stats(struct ieee80211_txrx_data *tx)
4215} 2970}
4216 2971
4217 2972
4218static ieee80211_txrx_result
4219ieee80211_rx_h_load_stats(struct ieee80211_txrx_data *rx)
4220{
4221 struct ieee80211_local *local = rx->local;
4222 struct sk_buff *skb = rx->skb;
4223 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
4224 u32 load = 0, hdrtime;
4225 struct ieee80211_rate *rate;
4226 struct ieee80211_hw_mode *mode = local->hw.conf.mode;
4227 int i;
4228
4229 /* Estimate total channel use caused by this frame */
4230
4231 if (unlikely(mode->num_rates < 0))
4232 return TXRX_CONTINUE;
4233
4234 rate = &mode->rates[0];
4235 for (i = 0; i < mode->num_rates; i++) {
4236 if (mode->rates[i].val == rx->u.rx.status->rate) {
4237 rate = &mode->rates[i];
4238 break;
4239 }
4240 }
4241
4242 /* 1 bit at 1 Mbit/s takes 1 usec; in channel_use values,
4243 * 1 usec = 1/8 * (1080 / 10) = 13.5 */
4244
4245 if (mode->mode == MODE_IEEE80211A ||
4246 mode->mode == MODE_ATHEROS_TURBO ||
4247 mode->mode == MODE_ATHEROS_TURBOG ||
4248 (mode->mode == MODE_IEEE80211G &&
4249 rate->flags & IEEE80211_RATE_ERP))
4250 hdrtime = CHAN_UTIL_HDR_SHORT;
4251 else
4252 hdrtime = CHAN_UTIL_HDR_LONG;
4253
4254 load = hdrtime;
4255 if (!is_multicast_ether_addr(hdr->addr1))
4256 load += hdrtime;
4257
4258 load += skb->len * rate->rate_inv;
4259
4260 /* Divide channel_use by 8 to avoid wrapping around the counter */
4261 load >>= CHAN_UTIL_SHIFT;
4262 local->channel_use_raw += load;
4263 if (rx->sta)
4264 rx->sta->channel_use_raw += load;
4265 rx->u.rx.load = load;
4266
4267 return TXRX_CONTINUE;
4268}
4269
4270static ieee80211_txrx_result
4271ieee80211_rx_h_if_stats(struct ieee80211_txrx_data *rx)
4272{
4273 rx->sdata->channel_use_raw += rx->u.rx.load;
4274 return TXRX_CONTINUE;
4275}
4276
4277static void ieee80211_stat_refresh(unsigned long data) 2973static void ieee80211_stat_refresh(unsigned long data)
4278{ 2974{
4279 struct ieee80211_local *local = (struct ieee80211_local *) data; 2975 struct ieee80211_local *local = (struct ieee80211_local *) data;
@@ -4311,24 +3007,6 @@ static void ieee80211_stat_refresh(unsigned long data)
4311} 3007}
4312 3008
4313 3009
4314/* This is a version of the rx handler that can be called from hard irq
4315 * context. Post the skb on the queue and schedule the tasklet */
4316void ieee80211_rx_irqsafe(struct ieee80211_hw *hw, struct sk_buff *skb,
4317 struct ieee80211_rx_status *status)
4318{
4319 struct ieee80211_local *local = hw_to_local(hw);
4320
4321 BUILD_BUG_ON(sizeof(struct ieee80211_rx_status) > sizeof(skb->cb));
4322
4323 skb->dev = local->mdev;
4324 /* copy status into skb->cb for use by tasklet */
4325 memcpy(skb->cb, status, sizeof(*status));
4326 skb->pkt_type = IEEE80211_RX_MSG;
4327 skb_queue_tail(&local->skb_queue, skb);
4328 tasklet_schedule(&local->tasklet);
4329}
4330EXPORT_SYMBOL(ieee80211_rx_irqsafe);
4331
4332void ieee80211_tx_status_irqsafe(struct ieee80211_hw *hw, 3010void ieee80211_tx_status_irqsafe(struct ieee80211_hw *hw,
4333 struct sk_buff *skb, 3011 struct sk_buff *skb,
4334 struct ieee80211_tx_status *status) 3012 struct ieee80211_tx_status *status)
@@ -4690,41 +3368,6 @@ EXPORT_SYMBOL(ieee80211_tx_status);
4690/* TODO: implement register/unregister functions for adding TX/RX handlers 3368/* TODO: implement register/unregister functions for adding TX/RX handlers
4691 * into ordered list */ 3369 * into ordered list */
4692 3370
4693/* rx_pre handlers don't have dev and sdata fields available in
4694 * ieee80211_txrx_data */
4695static ieee80211_rx_handler ieee80211_rx_pre_handlers[] =
4696{
4697 ieee80211_rx_h_parse_qos,
4698 ieee80211_rx_h_load_stats,
4699 NULL
4700};
4701
4702static ieee80211_rx_handler ieee80211_rx_handlers[] =
4703{
4704 ieee80211_rx_h_if_stats,
4705 ieee80211_rx_h_monitor,
4706 ieee80211_rx_h_passive_scan,
4707 ieee80211_rx_h_check,
4708 ieee80211_rx_h_sta_process,
4709 ieee80211_rx_h_ccmp_decrypt,
4710 ieee80211_rx_h_tkip_decrypt,
4711 ieee80211_rx_h_wep_weak_iv_detection,
4712 ieee80211_rx_h_wep_decrypt,
4713 ieee80211_rx_h_defragment,
4714 ieee80211_rx_h_ps_poll,
4715 ieee80211_rx_h_michael_mic_verify,
4716 /* this must be after decryption - so header is counted in MPDU mic
4717 * must be before pae and data, so QOS_DATA format frames
4718 * are not passed to user space by these functions
4719 */
4720 ieee80211_rx_h_remove_qos_control,
4721 ieee80211_rx_h_802_1x_pae,
4722 ieee80211_rx_h_drop_unencrypted,
4723 ieee80211_rx_h_data,
4724 ieee80211_rx_h_mgmt,
4725 NULL
4726};
4727
4728static ieee80211_tx_handler ieee80211_tx_handlers[] = 3371static ieee80211_tx_handler ieee80211_tx_handlers[] =
4729{ 3372{
4730 ieee80211_tx_h_check_assoc, 3373 ieee80211_tx_h_check_assoc,