diff options
Diffstat (limited to 'net/mac80211/rx.c')
| -rw-r--r-- | net/mac80211/rx.c | 1101 |
1 files changed, 692 insertions, 409 deletions
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c index 28624282c5f3..7fa8c6be7bf0 100644 --- a/net/mac80211/rx.c +++ b/net/mac80211/rx.c | |||
| @@ -77,7 +77,7 @@ ieee80211_rx_radiotap_len(struct ieee80211_local *local, | |||
| 77 | /* always present fields */ | 77 | /* always present fields */ |
| 78 | len = sizeof(struct ieee80211_radiotap_header) + 9; | 78 | len = sizeof(struct ieee80211_radiotap_header) + 9; |
| 79 | 79 | ||
| 80 | if (status->flag & RX_FLAG_TSFT) | 80 | if (status->flag & RX_FLAG_MACTIME_MPDU) |
| 81 | len += 8; | 81 | len += 8; |
| 82 | if (local->hw.flags & IEEE80211_HW_SIGNAL_DBM) | 82 | if (local->hw.flags & IEEE80211_HW_SIGNAL_DBM) |
| 83 | len += 1; | 83 | len += 1; |
| @@ -85,6 +85,9 @@ ieee80211_rx_radiotap_len(struct ieee80211_local *local, | |||
| 85 | if (len & 1) /* padding for RX_FLAGS if necessary */ | 85 | if (len & 1) /* padding for RX_FLAGS if necessary */ |
| 86 | len++; | 86 | len++; |
| 87 | 87 | ||
| 88 | if (status->flag & RX_FLAG_HT) /* HT info */ | ||
| 89 | len += 3; | ||
| 90 | |||
| 88 | return len; | 91 | return len; |
| 89 | } | 92 | } |
| 90 | 93 | ||
| @@ -120,7 +123,7 @@ ieee80211_add_rx_radiotap_header(struct ieee80211_local *local, | |||
| 120 | /* the order of the following fields is important */ | 123 | /* the order of the following fields is important */ |
| 121 | 124 | ||
| 122 | /* IEEE80211_RADIOTAP_TSFT */ | 125 | /* IEEE80211_RADIOTAP_TSFT */ |
| 123 | if (status->flag & RX_FLAG_TSFT) { | 126 | if (status->flag & RX_FLAG_MACTIME_MPDU) { |
| 124 | put_unaligned_le64(status->mactime, pos); | 127 | put_unaligned_le64(status->mactime, pos); |
| 125 | rthdr->it_present |= | 128 | rthdr->it_present |= |
| 126 | cpu_to_le32(1 << IEEE80211_RADIOTAP_TSFT); | 129 | cpu_to_le32(1 << IEEE80211_RADIOTAP_TSFT); |
| @@ -139,11 +142,9 @@ ieee80211_add_rx_radiotap_header(struct ieee80211_local *local, | |||
| 139 | /* IEEE80211_RADIOTAP_RATE */ | 142 | /* IEEE80211_RADIOTAP_RATE */ |
| 140 | if (status->flag & RX_FLAG_HT) { | 143 | if (status->flag & RX_FLAG_HT) { |
| 141 | /* | 144 | /* |
| 142 | * TODO: add following information into radiotap header once | 145 | * MCS information is a separate field in radiotap, |
| 143 | * suitable fields are defined for it: | 146 | * added below. The byte here is needed as padding |
| 144 | * - MCS index (status->rate_idx) | 147 | * for the channel though, so initialise it to 0. |
| 145 | * - HT40 (status->flag & RX_FLAG_40MHZ) | ||
| 146 | * - short-GI (status->flag & RX_FLAG_SHORT_GI) | ||
| 147 | */ | 148 | */ |
| 148 | *pos = 0; | 149 | *pos = 0; |
| 149 | } else { | 150 | } else { |
| @@ -193,6 +194,20 @@ ieee80211_add_rx_radiotap_header(struct ieee80211_local *local, | |||
| 193 | rx_flags |= IEEE80211_RADIOTAP_F_RX_BADPLCP; | 194 | rx_flags |= IEEE80211_RADIOTAP_F_RX_BADPLCP; |
| 194 | put_unaligned_le16(rx_flags, pos); | 195 | put_unaligned_le16(rx_flags, pos); |
| 195 | pos += 2; | 196 | pos += 2; |
| 197 | |||
| 198 | if (status->flag & RX_FLAG_HT) { | ||
| 199 | rthdr->it_present |= cpu_to_le32(1 << IEEE80211_RADIOTAP_MCS); | ||
| 200 | *pos++ = IEEE80211_RADIOTAP_MCS_HAVE_MCS | | ||
| 201 | IEEE80211_RADIOTAP_MCS_HAVE_GI | | ||
| 202 | IEEE80211_RADIOTAP_MCS_HAVE_BW; | ||
| 203 | *pos = 0; | ||
| 204 | if (status->flag & RX_FLAG_SHORT_GI) | ||
| 205 | *pos |= IEEE80211_RADIOTAP_MCS_SGI; | ||
| 206 | if (status->flag & RX_FLAG_40MHZ) | ||
| 207 | *pos |= IEEE80211_RADIOTAP_MCS_BW_40; | ||
| 208 | pos++; | ||
| 209 | *pos++ = status->rate_idx; | ||
| 210 | } | ||
| 196 | } | 211 | } |
| 197 | 212 | ||
| 198 | /* | 213 | /* |
| @@ -315,6 +330,7 @@ ieee80211_rx_monitor(struct ieee80211_local *local, struct sk_buff *origskb, | |||
| 315 | static void ieee80211_parse_qos(struct ieee80211_rx_data *rx) | 330 | static void ieee80211_parse_qos(struct ieee80211_rx_data *rx) |
| 316 | { | 331 | { |
| 317 | struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data; | 332 | struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data; |
| 333 | struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb); | ||
| 318 | int tid; | 334 | int tid; |
| 319 | 335 | ||
| 320 | /* does the frame have a qos control field? */ | 336 | /* does the frame have a qos control field? */ |
| @@ -323,9 +339,7 @@ static void ieee80211_parse_qos(struct ieee80211_rx_data *rx) | |||
| 323 | /* frame has qos control */ | 339 | /* frame has qos control */ |
| 324 | tid = *qc & IEEE80211_QOS_CTL_TID_MASK; | 340 | tid = *qc & IEEE80211_QOS_CTL_TID_MASK; |
| 325 | if (*qc & IEEE80211_QOS_CONTROL_A_MSDU_PRESENT) | 341 | if (*qc & IEEE80211_QOS_CONTROL_A_MSDU_PRESENT) |
| 326 | rx->flags |= IEEE80211_RX_AMSDU; | 342 | status->rx_flags |= IEEE80211_RX_AMSDU; |
| 327 | else | ||
| 328 | rx->flags &= ~IEEE80211_RX_AMSDU; | ||
| 329 | } else { | 343 | } else { |
| 330 | /* | 344 | /* |
| 331 | * IEEE 802.11-2007, 7.1.3.4.1 ("Sequence Number field"): | 345 | * IEEE 802.11-2007, 7.1.3.4.1 ("Sequence Number field"): |
| @@ -368,7 +382,7 @@ static void ieee80211_parse_qos(struct ieee80211_rx_data *rx) | |||
| 368 | * specs were sane enough this time around to require padding each A-MSDU | 382 | * specs were sane enough this time around to require padding each A-MSDU |
| 369 | * subframe to a length that is a multiple of four. | 383 | * subframe to a length that is a multiple of four. |
| 370 | * | 384 | * |
| 371 | * Padding like Atheros hardware adds which is inbetween the 802.11 header and | 385 | * Padding like Atheros hardware adds which is between the 802.11 header and |
| 372 | * the payload is not supported, the driver is required to move the 802.11 | 386 | * the payload is not supported, the driver is required to move the 802.11 |
| 373 | * header to be directly in front of the payload in that case. | 387 | * header to be directly in front of the payload in that case. |
| 374 | */ | 388 | */ |
| @@ -387,26 +401,21 @@ static ieee80211_rx_result debug_noinline | |||
| 387 | ieee80211_rx_h_passive_scan(struct ieee80211_rx_data *rx) | 401 | ieee80211_rx_h_passive_scan(struct ieee80211_rx_data *rx) |
| 388 | { | 402 | { |
| 389 | struct ieee80211_local *local = rx->local; | 403 | struct ieee80211_local *local = rx->local; |
| 404 | struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb); | ||
| 390 | struct sk_buff *skb = rx->skb; | 405 | struct sk_buff *skb = rx->skb; |
| 391 | 406 | ||
| 392 | if (unlikely(test_bit(SCAN_HW_SCANNING, &local->scanning))) | 407 | if (likely(!(status->rx_flags & IEEE80211_RX_IN_SCAN) && |
| 393 | return ieee80211_scan_rx(rx->sdata, skb); | 408 | !local->sched_scanning)) |
| 394 | 409 | return RX_CONTINUE; | |
| 395 | if (unlikely(test_bit(SCAN_SW_SCANNING, &local->scanning) && | ||
| 396 | (rx->flags & IEEE80211_RX_IN_SCAN))) { | ||
| 397 | /* drop all the other packets during a software scan anyway */ | ||
| 398 | if (ieee80211_scan_rx(rx->sdata, skb) != RX_QUEUED) | ||
| 399 | dev_kfree_skb(skb); | ||
| 400 | return RX_QUEUED; | ||
| 401 | } | ||
| 402 | 410 | ||
| 403 | if (unlikely(rx->flags & IEEE80211_RX_IN_SCAN)) { | 411 | if (test_bit(SCAN_HW_SCANNING, &local->scanning) || |
| 404 | /* scanning finished during invoking of handlers */ | 412 | test_bit(SCAN_SW_SCANNING, &local->scanning) || |
| 405 | I802_DEBUG_INC(local->rx_handlers_drop_passive_scan); | 413 | local->sched_scanning) |
| 406 | return RX_DROP_UNUSABLE; | 414 | return ieee80211_scan_rx(rx->sdata, skb); |
| 407 | } | ||
| 408 | 415 | ||
| 409 | return RX_CONTINUE; | 416 | /* scanning finished during invoking of handlers */ |
| 417 | I802_DEBUG_INC(local->rx_handlers_drop_passive_scan); | ||
| 418 | return RX_DROP_UNUSABLE; | ||
| 410 | } | 419 | } |
| 411 | 420 | ||
| 412 | 421 | ||
| @@ -481,22 +490,26 @@ ieee80211_rx_mesh_check(struct ieee80211_rx_data *rx) | |||
| 481 | * establisment frame, beacon or probe, drop the frame. | 490 | * establisment frame, beacon or probe, drop the frame. |
| 482 | */ | 491 | */ |
| 483 | 492 | ||
| 484 | if (!rx->sta || sta_plink_state(rx->sta) != PLINK_ESTAB) { | 493 | if (!rx->sta || sta_plink_state(rx->sta) != NL80211_PLINK_ESTAB) { |
| 485 | struct ieee80211_mgmt *mgmt; | 494 | struct ieee80211_mgmt *mgmt; |
| 486 | 495 | ||
| 487 | if (!ieee80211_is_mgmt(hdr->frame_control)) | 496 | if (!ieee80211_is_mgmt(hdr->frame_control)) |
| 488 | return RX_DROP_MONITOR; | 497 | return RX_DROP_MONITOR; |
| 489 | 498 | ||
| 490 | if (ieee80211_is_action(hdr->frame_control)) { | 499 | if (ieee80211_is_action(hdr->frame_control)) { |
| 500 | u8 category; | ||
| 491 | mgmt = (struct ieee80211_mgmt *)hdr; | 501 | mgmt = (struct ieee80211_mgmt *)hdr; |
| 492 | if (mgmt->u.action.category != WLAN_CATEGORY_MESH_PLINK) | 502 | category = mgmt->u.action.category; |
| 503 | if (category != WLAN_CATEGORY_MESH_ACTION && | ||
| 504 | category != WLAN_CATEGORY_SELF_PROTECTED) | ||
| 493 | return RX_DROP_MONITOR; | 505 | return RX_DROP_MONITOR; |
| 494 | return RX_CONTINUE; | 506 | return RX_CONTINUE; |
| 495 | } | 507 | } |
| 496 | 508 | ||
| 497 | if (ieee80211_is_probe_req(hdr->frame_control) || | 509 | if (ieee80211_is_probe_req(hdr->frame_control) || |
| 498 | ieee80211_is_probe_resp(hdr->frame_control) || | 510 | ieee80211_is_probe_resp(hdr->frame_control) || |
| 499 | ieee80211_is_beacon(hdr->frame_control)) | 511 | ieee80211_is_beacon(hdr->frame_control) || |
| 512 | ieee80211_is_auth(hdr->frame_control)) | ||
| 500 | return RX_CONTINUE; | 513 | return RX_CONTINUE; |
| 501 | 514 | ||
| 502 | return RX_DROP_MONITOR; | 515 | return RX_DROP_MONITOR; |
| @@ -535,26 +548,23 @@ static inline u16 seq_sub(u16 sq1, u16 sq2) | |||
| 535 | 548 | ||
| 536 | static void ieee80211_release_reorder_frame(struct ieee80211_hw *hw, | 549 | static void ieee80211_release_reorder_frame(struct ieee80211_hw *hw, |
| 537 | struct tid_ampdu_rx *tid_agg_rx, | 550 | struct tid_ampdu_rx *tid_agg_rx, |
| 538 | int index, | 551 | int index) |
| 539 | struct sk_buff_head *frames) | ||
| 540 | { | 552 | { |
| 541 | struct ieee80211_supported_band *sband; | 553 | struct ieee80211_local *local = hw_to_local(hw); |
| 542 | struct ieee80211_rate *rate = NULL; | ||
| 543 | struct sk_buff *skb = tid_agg_rx->reorder_buf[index]; | 554 | struct sk_buff *skb = tid_agg_rx->reorder_buf[index]; |
| 544 | struct ieee80211_rx_status *status; | 555 | struct ieee80211_rx_status *status; |
| 545 | 556 | ||
| 557 | lockdep_assert_held(&tid_agg_rx->reorder_lock); | ||
| 558 | |||
| 546 | if (!skb) | 559 | if (!skb) |
| 547 | goto no_frame; | 560 | goto no_frame; |
| 548 | 561 | ||
| 549 | status = IEEE80211_SKB_RXCB(skb); | 562 | /* release the frame from the reorder ring buffer */ |
| 550 | |||
| 551 | /* release the reordered frames to stack */ | ||
| 552 | sband = hw->wiphy->bands[status->band]; | ||
| 553 | if (!(status->flag & RX_FLAG_HT)) | ||
| 554 | rate = &sband->bitrates[status->rate_idx]; | ||
| 555 | tid_agg_rx->stored_mpdu_num--; | 563 | tid_agg_rx->stored_mpdu_num--; |
| 556 | tid_agg_rx->reorder_buf[index] = NULL; | 564 | tid_agg_rx->reorder_buf[index] = NULL; |
| 557 | __skb_queue_tail(frames, skb); | 565 | status = IEEE80211_SKB_RXCB(skb); |
| 566 | status->rx_flags |= IEEE80211_RX_DEFERRED_RELEASE; | ||
| 567 | skb_queue_tail(&local->rx_skb_queue, skb); | ||
| 558 | 568 | ||
| 559 | no_frame: | 569 | no_frame: |
| 560 | tid_agg_rx->head_seq_num = seq_inc(tid_agg_rx->head_seq_num); | 570 | tid_agg_rx->head_seq_num = seq_inc(tid_agg_rx->head_seq_num); |
| @@ -562,15 +572,16 @@ no_frame: | |||
| 562 | 572 | ||
| 563 | static void ieee80211_release_reorder_frames(struct ieee80211_hw *hw, | 573 | static void ieee80211_release_reorder_frames(struct ieee80211_hw *hw, |
| 564 | struct tid_ampdu_rx *tid_agg_rx, | 574 | struct tid_ampdu_rx *tid_agg_rx, |
| 565 | u16 head_seq_num, | 575 | u16 head_seq_num) |
| 566 | struct sk_buff_head *frames) | ||
| 567 | { | 576 | { |
| 568 | int index; | 577 | int index; |
| 569 | 578 | ||
| 579 | lockdep_assert_held(&tid_agg_rx->reorder_lock); | ||
| 580 | |||
| 570 | while (seq_less(tid_agg_rx->head_seq_num, head_seq_num)) { | 581 | while (seq_less(tid_agg_rx->head_seq_num, head_seq_num)) { |
| 571 | index = seq_sub(tid_agg_rx->head_seq_num, tid_agg_rx->ssn) % | 582 | index = seq_sub(tid_agg_rx->head_seq_num, tid_agg_rx->ssn) % |
| 572 | tid_agg_rx->buf_size; | 583 | tid_agg_rx->buf_size; |
| 573 | ieee80211_release_reorder_frame(hw, tid_agg_rx, index, frames); | 584 | ieee80211_release_reorder_frame(hw, tid_agg_rx, index); |
| 574 | } | 585 | } |
| 575 | } | 586 | } |
| 576 | 587 | ||
| @@ -580,9 +591,79 @@ static void ieee80211_release_reorder_frames(struct ieee80211_hw *hw, | |||
| 580 | * frames that have not yet been received are assumed to be lost and the skb | 591 | * frames that have not yet been received are assumed to be lost and the skb |
| 581 | * can be released for processing. This may also release other skb's from the | 592 | * can be released for processing. This may also release other skb's from the |
| 582 | * reorder buffer if there are no additional gaps between the frames. | 593 | * reorder buffer if there are no additional gaps between the frames. |
| 594 | * | ||
| 595 | * Callers must hold tid_agg_rx->reorder_lock. | ||
| 583 | */ | 596 | */ |
| 584 | #define HT_RX_REORDER_BUF_TIMEOUT (HZ / 10) | 597 | #define HT_RX_REORDER_BUF_TIMEOUT (HZ / 10) |
| 585 | 598 | ||
| 599 | static void ieee80211_sta_reorder_release(struct ieee80211_hw *hw, | ||
| 600 | struct tid_ampdu_rx *tid_agg_rx) | ||
| 601 | { | ||
| 602 | int index, j; | ||
| 603 | |||
| 604 | lockdep_assert_held(&tid_agg_rx->reorder_lock); | ||
| 605 | |||
| 606 | /* release the buffer until next missing frame */ | ||
| 607 | index = seq_sub(tid_agg_rx->head_seq_num, tid_agg_rx->ssn) % | ||
| 608 | tid_agg_rx->buf_size; | ||
| 609 | if (!tid_agg_rx->reorder_buf[index] && | ||
| 610 | tid_agg_rx->stored_mpdu_num > 1) { | ||
| 611 | /* | ||
| 612 | * No buffers ready to be released, but check whether any | ||
| 613 | * frames in the reorder buffer have timed out. | ||
| 614 | */ | ||
| 615 | int skipped = 1; | ||
| 616 | for (j = (index + 1) % tid_agg_rx->buf_size; j != index; | ||
| 617 | j = (j + 1) % tid_agg_rx->buf_size) { | ||
| 618 | if (!tid_agg_rx->reorder_buf[j]) { | ||
| 619 | skipped++; | ||
| 620 | continue; | ||
| 621 | } | ||
| 622 | if (skipped && | ||
| 623 | !time_after(jiffies, tid_agg_rx->reorder_time[j] + | ||
| 624 | HT_RX_REORDER_BUF_TIMEOUT)) | ||
| 625 | goto set_release_timer; | ||
| 626 | |||
| 627 | #ifdef CONFIG_MAC80211_HT_DEBUG | ||
| 628 | if (net_ratelimit()) | ||
| 629 | wiphy_debug(hw->wiphy, | ||
| 630 | "release an RX reorder frame due to timeout on earlier frames\n"); | ||
| 631 | #endif | ||
| 632 | ieee80211_release_reorder_frame(hw, tid_agg_rx, j); | ||
| 633 | |||
| 634 | /* | ||
| 635 | * Increment the head seq# also for the skipped slots. | ||
| 636 | */ | ||
| 637 | tid_agg_rx->head_seq_num = | ||
| 638 | (tid_agg_rx->head_seq_num + skipped) & SEQ_MASK; | ||
| 639 | skipped = 0; | ||
| 640 | } | ||
| 641 | } else while (tid_agg_rx->reorder_buf[index]) { | ||
| 642 | ieee80211_release_reorder_frame(hw, tid_agg_rx, index); | ||
| 643 | index = seq_sub(tid_agg_rx->head_seq_num, tid_agg_rx->ssn) % | ||
| 644 | tid_agg_rx->buf_size; | ||
| 645 | } | ||
| 646 | |||
| 647 | if (tid_agg_rx->stored_mpdu_num) { | ||
| 648 | j = index = seq_sub(tid_agg_rx->head_seq_num, | ||
| 649 | tid_agg_rx->ssn) % tid_agg_rx->buf_size; | ||
| 650 | |||
| 651 | for (; j != (index - 1) % tid_agg_rx->buf_size; | ||
| 652 | j = (j + 1) % tid_agg_rx->buf_size) { | ||
| 653 | if (tid_agg_rx->reorder_buf[j]) | ||
| 654 | break; | ||
| 655 | } | ||
| 656 | |||
| 657 | set_release_timer: | ||
| 658 | |||
| 659 | mod_timer(&tid_agg_rx->reorder_timer, | ||
| 660 | tid_agg_rx->reorder_time[j] + 1 + | ||
| 661 | HT_RX_REORDER_BUF_TIMEOUT); | ||
| 662 | } else { | ||
| 663 | del_timer(&tid_agg_rx->reorder_timer); | ||
| 664 | } | ||
| 665 | } | ||
| 666 | |||
| 586 | /* | 667 | /* |
| 587 | * As this function belongs to the RX path it must be under | 668 | * As this function belongs to the RX path it must be under |
| 588 | * rcu_read_lock protection. It returns false if the frame | 669 | * rcu_read_lock protection. It returns false if the frame |
| @@ -590,14 +671,16 @@ static void ieee80211_release_reorder_frames(struct ieee80211_hw *hw, | |||
| 590 | */ | 671 | */ |
| 591 | static bool ieee80211_sta_manage_reorder_buf(struct ieee80211_hw *hw, | 672 | static bool ieee80211_sta_manage_reorder_buf(struct ieee80211_hw *hw, |
| 592 | struct tid_ampdu_rx *tid_agg_rx, | 673 | struct tid_ampdu_rx *tid_agg_rx, |
| 593 | struct sk_buff *skb, | 674 | struct sk_buff *skb) |
| 594 | struct sk_buff_head *frames) | ||
| 595 | { | 675 | { |
| 596 | struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; | 676 | struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; |
| 597 | u16 sc = le16_to_cpu(hdr->seq_ctrl); | 677 | u16 sc = le16_to_cpu(hdr->seq_ctrl); |
| 598 | u16 mpdu_seq_num = (sc & IEEE80211_SCTL_SEQ) >> 4; | 678 | u16 mpdu_seq_num = (sc & IEEE80211_SCTL_SEQ) >> 4; |
| 599 | u16 head_seq_num, buf_size; | 679 | u16 head_seq_num, buf_size; |
| 600 | int index; | 680 | int index; |
| 681 | bool ret = true; | ||
| 682 | |||
| 683 | spin_lock(&tid_agg_rx->reorder_lock); | ||
| 601 | 684 | ||
| 602 | buf_size = tid_agg_rx->buf_size; | 685 | buf_size = tid_agg_rx->buf_size; |
| 603 | head_seq_num = tid_agg_rx->head_seq_num; | 686 | head_seq_num = tid_agg_rx->head_seq_num; |
| @@ -605,7 +688,7 @@ static bool ieee80211_sta_manage_reorder_buf(struct ieee80211_hw *hw, | |||
| 605 | /* frame with out of date sequence number */ | 688 | /* frame with out of date sequence number */ |
| 606 | if (seq_less(mpdu_seq_num, head_seq_num)) { | 689 | if (seq_less(mpdu_seq_num, head_seq_num)) { |
| 607 | dev_kfree_skb(skb); | 690 | dev_kfree_skb(skb); |
| 608 | return true; | 691 | goto out; |
| 609 | } | 692 | } |
| 610 | 693 | ||
| 611 | /* | 694 | /* |
| @@ -615,8 +698,7 @@ static bool ieee80211_sta_manage_reorder_buf(struct ieee80211_hw *hw, | |||
| 615 | if (!seq_less(mpdu_seq_num, head_seq_num + buf_size)) { | 698 | if (!seq_less(mpdu_seq_num, head_seq_num + buf_size)) { |
| 616 | head_seq_num = seq_inc(seq_sub(mpdu_seq_num, buf_size)); | 699 | head_seq_num = seq_inc(seq_sub(mpdu_seq_num, buf_size)); |
| 617 | /* release stored frames up to new head to stack */ | 700 | /* release stored frames up to new head to stack */ |
| 618 | ieee80211_release_reorder_frames(hw, tid_agg_rx, head_seq_num, | 701 | ieee80211_release_reorder_frames(hw, tid_agg_rx, head_seq_num); |
| 619 | frames); | ||
| 620 | } | 702 | } |
| 621 | 703 | ||
| 622 | /* Now the new frame is always in the range of the reordering buffer */ | 704 | /* Now the new frame is always in the range of the reordering buffer */ |
| @@ -626,76 +708,38 @@ static bool ieee80211_sta_manage_reorder_buf(struct ieee80211_hw *hw, | |||
| 626 | /* check if we already stored this frame */ | 708 | /* check if we already stored this frame */ |
| 627 | if (tid_agg_rx->reorder_buf[index]) { | 709 | if (tid_agg_rx->reorder_buf[index]) { |
| 628 | dev_kfree_skb(skb); | 710 | dev_kfree_skb(skb); |
| 629 | return true; | 711 | goto out; |
| 630 | } | 712 | } |
| 631 | 713 | ||
| 632 | /* | 714 | /* |
| 633 | * If the current MPDU is in the right order and nothing else | 715 | * If the current MPDU is in the right order and nothing else |
| 634 | * is stored we can process it directly, no need to buffer it. | 716 | * is stored we can process it directly, no need to buffer it. |
| 717 | * If it is first but there's something stored, we may be able | ||
| 718 | * to release frames after this one. | ||
| 635 | */ | 719 | */ |
| 636 | if (mpdu_seq_num == tid_agg_rx->head_seq_num && | 720 | if (mpdu_seq_num == tid_agg_rx->head_seq_num && |
| 637 | tid_agg_rx->stored_mpdu_num == 0) { | 721 | tid_agg_rx->stored_mpdu_num == 0) { |
| 638 | tid_agg_rx->head_seq_num = seq_inc(tid_agg_rx->head_seq_num); | 722 | tid_agg_rx->head_seq_num = seq_inc(tid_agg_rx->head_seq_num); |
| 639 | return false; | 723 | ret = false; |
| 724 | goto out; | ||
| 640 | } | 725 | } |
| 641 | 726 | ||
| 642 | /* put the frame in the reordering buffer */ | 727 | /* put the frame in the reordering buffer */ |
| 643 | tid_agg_rx->reorder_buf[index] = skb; | 728 | tid_agg_rx->reorder_buf[index] = skb; |
| 644 | tid_agg_rx->reorder_time[index] = jiffies; | 729 | tid_agg_rx->reorder_time[index] = jiffies; |
| 645 | tid_agg_rx->stored_mpdu_num++; | 730 | tid_agg_rx->stored_mpdu_num++; |
| 646 | /* release the buffer until next missing frame */ | 731 | ieee80211_sta_reorder_release(hw, tid_agg_rx); |
| 647 | index = seq_sub(tid_agg_rx->head_seq_num, tid_agg_rx->ssn) % | ||
| 648 | tid_agg_rx->buf_size; | ||
| 649 | if (!tid_agg_rx->reorder_buf[index] && | ||
| 650 | tid_agg_rx->stored_mpdu_num > 1) { | ||
| 651 | /* | ||
| 652 | * No buffers ready to be released, but check whether any | ||
| 653 | * frames in the reorder buffer have timed out. | ||
| 654 | */ | ||
| 655 | int j; | ||
| 656 | int skipped = 1; | ||
| 657 | for (j = (index + 1) % tid_agg_rx->buf_size; j != index; | ||
| 658 | j = (j + 1) % tid_agg_rx->buf_size) { | ||
| 659 | if (!tid_agg_rx->reorder_buf[j]) { | ||
| 660 | skipped++; | ||
| 661 | continue; | ||
| 662 | } | ||
| 663 | if (!time_after(jiffies, tid_agg_rx->reorder_time[j] + | ||
| 664 | HT_RX_REORDER_BUF_TIMEOUT)) | ||
| 665 | break; | ||
| 666 | |||
| 667 | #ifdef CONFIG_MAC80211_HT_DEBUG | ||
| 668 | if (net_ratelimit()) | ||
| 669 | printk(KERN_DEBUG "%s: release an RX reorder " | ||
| 670 | "frame due to timeout on earlier " | ||
| 671 | "frames\n", | ||
| 672 | wiphy_name(hw->wiphy)); | ||
| 673 | #endif | ||
| 674 | ieee80211_release_reorder_frame(hw, tid_agg_rx, | ||
| 675 | j, frames); | ||
| 676 | |||
| 677 | /* | ||
| 678 | * Increment the head seq# also for the skipped slots. | ||
| 679 | */ | ||
| 680 | tid_agg_rx->head_seq_num = | ||
| 681 | (tid_agg_rx->head_seq_num + skipped) & SEQ_MASK; | ||
| 682 | skipped = 0; | ||
| 683 | } | ||
| 684 | } else while (tid_agg_rx->reorder_buf[index]) { | ||
| 685 | ieee80211_release_reorder_frame(hw, tid_agg_rx, index, frames); | ||
| 686 | index = seq_sub(tid_agg_rx->head_seq_num, tid_agg_rx->ssn) % | ||
| 687 | tid_agg_rx->buf_size; | ||
| 688 | } | ||
| 689 | 732 | ||
| 690 | return true; | 733 | out: |
| 734 | spin_unlock(&tid_agg_rx->reorder_lock); | ||
| 735 | return ret; | ||
| 691 | } | 736 | } |
| 692 | 737 | ||
| 693 | /* | 738 | /* |
| 694 | * Reorder MPDUs from A-MPDUs, keeping them on a buffer. Returns | 739 | * Reorder MPDUs from A-MPDUs, keeping them on a buffer. Returns |
| 695 | * true if the MPDU was buffered, false if it should be processed. | 740 | * true if the MPDU was buffered, false if it should be processed. |
| 696 | */ | 741 | */ |
| 697 | static void ieee80211_rx_reorder_ampdu(struct ieee80211_rx_data *rx, | 742 | static void ieee80211_rx_reorder_ampdu(struct ieee80211_rx_data *rx) |
| 698 | struct sk_buff_head *frames) | ||
| 699 | { | 743 | { |
| 700 | struct sk_buff *skb = rx->skb; | 744 | struct sk_buff *skb = rx->skb; |
| 701 | struct ieee80211_local *local = rx->local; | 745 | struct ieee80211_local *local = rx->local; |
| @@ -750,28 +794,29 @@ static void ieee80211_rx_reorder_ampdu(struct ieee80211_rx_data *rx, | |||
| 750 | * sure that we cannot get to it any more before doing | 794 | * sure that we cannot get to it any more before doing |
| 751 | * anything with it. | 795 | * anything with it. |
| 752 | */ | 796 | */ |
| 753 | if (ieee80211_sta_manage_reorder_buf(hw, tid_agg_rx, skb, frames)) | 797 | if (ieee80211_sta_manage_reorder_buf(hw, tid_agg_rx, skb)) |
| 754 | return; | 798 | return; |
| 755 | 799 | ||
| 756 | dont_reorder: | 800 | dont_reorder: |
| 757 | __skb_queue_tail(frames, skb); | 801 | skb_queue_tail(&local->rx_skb_queue, skb); |
| 758 | } | 802 | } |
| 759 | 803 | ||
| 760 | static ieee80211_rx_result debug_noinline | 804 | static ieee80211_rx_result debug_noinline |
| 761 | ieee80211_rx_h_check(struct ieee80211_rx_data *rx) | 805 | ieee80211_rx_h_check(struct ieee80211_rx_data *rx) |
| 762 | { | 806 | { |
| 763 | struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data; | 807 | struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data; |
| 808 | struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb); | ||
| 764 | 809 | ||
| 765 | /* Drop duplicate 802.11 retransmissions (IEEE 802.11 Chap. 9.2.9) */ | 810 | /* Drop duplicate 802.11 retransmissions (IEEE 802.11 Chap. 9.2.9) */ |
| 766 | if (rx->sta && !is_multicast_ether_addr(hdr->addr1)) { | 811 | if (rx->sta && !is_multicast_ether_addr(hdr->addr1)) { |
| 767 | if (unlikely(ieee80211_has_retry(hdr->frame_control) && | 812 | if (unlikely(ieee80211_has_retry(hdr->frame_control) && |
| 768 | rx->sta->last_seq_ctrl[rx->queue] == | 813 | rx->sta->last_seq_ctrl[rx->queue] == |
| 769 | hdr->seq_ctrl)) { | 814 | hdr->seq_ctrl)) { |
| 770 | if (rx->flags & IEEE80211_RX_RA_MATCH) { | 815 | if (status->rx_flags & IEEE80211_RX_RA_MATCH) { |
| 771 | rx->local->dot11FrameDuplicateCount++; | 816 | rx->local->dot11FrameDuplicateCount++; |
| 772 | rx->sta->num_duplicates++; | 817 | rx->sta->num_duplicates++; |
| 773 | } | 818 | } |
| 774 | return RX_DROP_MONITOR; | 819 | return RX_DROP_UNUSABLE; |
| 775 | } else | 820 | } else |
| 776 | rx->sta->last_seq_ctrl[rx->queue] = hdr->seq_ctrl; | 821 | rx->sta->last_seq_ctrl[rx->queue] = hdr->seq_ctrl; |
| 777 | } | 822 | } |
| @@ -796,18 +841,9 @@ ieee80211_rx_h_check(struct ieee80211_rx_data *rx) | |||
| 796 | if (unlikely((ieee80211_is_data(hdr->frame_control) || | 841 | if (unlikely((ieee80211_is_data(hdr->frame_control) || |
| 797 | ieee80211_is_pspoll(hdr->frame_control)) && | 842 | ieee80211_is_pspoll(hdr->frame_control)) && |
| 798 | rx->sdata->vif.type != NL80211_IFTYPE_ADHOC && | 843 | rx->sdata->vif.type != NL80211_IFTYPE_ADHOC && |
| 799 | (!rx->sta || !test_sta_flags(rx->sta, WLAN_STA_ASSOC)))) { | 844 | rx->sdata->vif.type != NL80211_IFTYPE_WDS && |
| 800 | if ((!ieee80211_has_fromds(hdr->frame_control) && | 845 | (!rx->sta || !test_sta_flags(rx->sta, WLAN_STA_ASSOC)))) |
| 801 | !ieee80211_has_tods(hdr->frame_control) && | ||
| 802 | ieee80211_is_data(hdr->frame_control)) || | ||
| 803 | !(rx->flags & IEEE80211_RX_RA_MATCH)) { | ||
| 804 | /* Drop IBSS frames and frames for other hosts | ||
| 805 | * silently. */ | ||
| 806 | return RX_DROP_MONITOR; | ||
| 807 | } | ||
| 808 | |||
| 809 | return RX_DROP_MONITOR; | 846 | return RX_DROP_MONITOR; |
| 810 | } | ||
| 811 | 847 | ||
| 812 | return RX_CONTINUE; | 848 | return RX_CONTINUE; |
| 813 | } | 849 | } |
| @@ -822,7 +858,7 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx) | |||
| 822 | int keyidx; | 858 | int keyidx; |
| 823 | int hdrlen; | 859 | int hdrlen; |
| 824 | ieee80211_rx_result result = RX_DROP_UNUSABLE; | 860 | ieee80211_rx_result result = RX_DROP_UNUSABLE; |
| 825 | struct ieee80211_key *stakey = NULL; | 861 | struct ieee80211_key *sta_ptk = NULL; |
| 826 | int mmie_keyidx = -1; | 862 | int mmie_keyidx = -1; |
| 827 | __le16 fc; | 863 | __le16 fc; |
| 828 | 864 | ||
| @@ -857,22 +893,25 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx) | |||
| 857 | * No point in finding a key and decrypting if the frame is neither | 893 | * No point in finding a key and decrypting if the frame is neither |
| 858 | * addressed to us nor a multicast frame. | 894 | * addressed to us nor a multicast frame. |
| 859 | */ | 895 | */ |
| 860 | if (!(rx->flags & IEEE80211_RX_RA_MATCH)) | 896 | if (!(status->rx_flags & IEEE80211_RX_RA_MATCH)) |
| 861 | return RX_CONTINUE; | 897 | return RX_CONTINUE; |
| 862 | 898 | ||
| 863 | /* start without a key */ | 899 | /* start without a key */ |
| 864 | rx->key = NULL; | 900 | rx->key = NULL; |
| 865 | 901 | ||
| 866 | if (rx->sta) | 902 | if (rx->sta) |
| 867 | stakey = rcu_dereference(rx->sta->key); | 903 | sta_ptk = rcu_dereference(rx->sta->ptk); |
| 868 | 904 | ||
| 869 | fc = hdr->frame_control; | 905 | fc = hdr->frame_control; |
| 870 | 906 | ||
| 871 | if (!ieee80211_has_protected(fc)) | 907 | if (!ieee80211_has_protected(fc)) |
| 872 | mmie_keyidx = ieee80211_get_mmie_keyidx(rx->skb); | 908 | mmie_keyidx = ieee80211_get_mmie_keyidx(rx->skb); |
| 873 | 909 | ||
| 874 | if (!is_multicast_ether_addr(hdr->addr1) && stakey) { | 910 | if (!is_multicast_ether_addr(hdr->addr1) && sta_ptk) { |
| 875 | rx->key = stakey; | 911 | rx->key = sta_ptk; |
| 912 | if ((status->flag & RX_FLAG_DECRYPTED) && | ||
| 913 | (status->flag & RX_FLAG_IV_STRIPPED)) | ||
| 914 | return RX_CONTINUE; | ||
| 876 | /* Skip decryption if the frame is not protected. */ | 915 | /* Skip decryption if the frame is not protected. */ |
| 877 | if (!ieee80211_has_protected(fc)) | 916 | if (!ieee80211_has_protected(fc)) |
| 878 | return RX_CONTINUE; | 917 | return RX_CONTINUE; |
| @@ -885,7 +924,10 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx) | |||
| 885 | if (mmie_keyidx < NUM_DEFAULT_KEYS || | 924 | if (mmie_keyidx < NUM_DEFAULT_KEYS || |
| 886 | mmie_keyidx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS) | 925 | mmie_keyidx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS) |
| 887 | return RX_DROP_MONITOR; /* unexpected BIP keyidx */ | 926 | return RX_DROP_MONITOR; /* unexpected BIP keyidx */ |
| 888 | rx->key = rcu_dereference(rx->sdata->keys[mmie_keyidx]); | 927 | if (rx->sta) |
| 928 | rx->key = rcu_dereference(rx->sta->gtk[mmie_keyidx]); | ||
| 929 | if (!rx->key) | ||
| 930 | rx->key = rcu_dereference(rx->sdata->keys[mmie_keyidx]); | ||
| 889 | } else if (!ieee80211_has_protected(fc)) { | 931 | } else if (!ieee80211_has_protected(fc)) { |
| 890 | /* | 932 | /* |
| 891 | * The frame was not protected, so skip decryption. However, we | 933 | * The frame was not protected, so skip decryption. However, we |
| @@ -894,12 +936,31 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx) | |||
| 894 | * have been expected. | 936 | * have been expected. |
| 895 | */ | 937 | */ |
| 896 | struct ieee80211_key *key = NULL; | 938 | struct ieee80211_key *key = NULL; |
| 939 | struct ieee80211_sub_if_data *sdata = rx->sdata; | ||
| 940 | int i; | ||
| 941 | |||
| 897 | if (ieee80211_is_mgmt(fc) && | 942 | if (ieee80211_is_mgmt(fc) && |
| 898 | is_multicast_ether_addr(hdr->addr1) && | 943 | is_multicast_ether_addr(hdr->addr1) && |
| 899 | (key = rcu_dereference(rx->sdata->default_mgmt_key))) | 944 | (key = rcu_dereference(rx->sdata->default_mgmt_key))) |
| 900 | rx->key = key; | 945 | rx->key = key; |
| 901 | else if ((key = rcu_dereference(rx->sdata->default_key))) | 946 | else { |
| 902 | rx->key = key; | 947 | if (rx->sta) { |
| 948 | for (i = 0; i < NUM_DEFAULT_KEYS; i++) { | ||
| 949 | key = rcu_dereference(rx->sta->gtk[i]); | ||
| 950 | if (key) | ||
| 951 | break; | ||
| 952 | } | ||
| 953 | } | ||
| 954 | if (!key) { | ||
| 955 | for (i = 0; i < NUM_DEFAULT_KEYS; i++) { | ||
| 956 | key = rcu_dereference(sdata->keys[i]); | ||
| 957 | if (key) | ||
| 958 | break; | ||
| 959 | } | ||
| 960 | } | ||
| 961 | if (key) | ||
| 962 | rx->key = key; | ||
| 963 | } | ||
| 903 | return RX_CONTINUE; | 964 | return RX_CONTINUE; |
| 904 | } else { | 965 | } else { |
| 905 | u8 keyid; | 966 | u8 keyid; |
| @@ -928,16 +989,25 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx) | |||
| 928 | skb_copy_bits(rx->skb, hdrlen + 3, &keyid, 1); | 989 | skb_copy_bits(rx->skb, hdrlen + 3, &keyid, 1); |
| 929 | keyidx = keyid >> 6; | 990 | keyidx = keyid >> 6; |
| 930 | 991 | ||
| 931 | rx->key = rcu_dereference(rx->sdata->keys[keyidx]); | 992 | /* check per-station GTK first, if multicast packet */ |
| 993 | if (is_multicast_ether_addr(hdr->addr1) && rx->sta) | ||
| 994 | rx->key = rcu_dereference(rx->sta->gtk[keyidx]); | ||
| 932 | 995 | ||
| 933 | /* | 996 | /* if not found, try default key */ |
| 934 | * RSNA-protected unicast frames should always be sent with | 997 | if (!rx->key) { |
| 935 | * pairwise or station-to-station keys, but for WEP we allow | 998 | rx->key = rcu_dereference(rx->sdata->keys[keyidx]); |
| 936 | * using a key index as well. | 999 | |
| 937 | */ | 1000 | /* |
| 938 | if (rx->key && rx->key->conf.alg != ALG_WEP && | 1001 | * RSNA-protected unicast frames should always be |
| 939 | !is_multicast_ether_addr(hdr->addr1)) | 1002 | * sent with pairwise or station-to-station keys, |
| 940 | rx->key = NULL; | 1003 | * but for WEP we allow using a key index as well. |
| 1004 | */ | ||
| 1005 | if (rx->key && | ||
| 1006 | rx->key->conf.cipher != WLAN_CIPHER_SUITE_WEP40 && | ||
| 1007 | rx->key->conf.cipher != WLAN_CIPHER_SUITE_WEP104 && | ||
| 1008 | !is_multicast_ether_addr(hdr->addr1)) | ||
| 1009 | rx->key = NULL; | ||
| 1010 | } | ||
| 941 | } | 1011 | } |
| 942 | 1012 | ||
| 943 | if (rx->key) { | 1013 | if (rx->key) { |
| @@ -951,8 +1021,9 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx) | |||
| 951 | return RX_DROP_UNUSABLE; | 1021 | return RX_DROP_UNUSABLE; |
| 952 | /* the hdr variable is invalid now! */ | 1022 | /* the hdr variable is invalid now! */ |
| 953 | 1023 | ||
| 954 | switch (rx->key->conf.alg) { | 1024 | switch (rx->key->conf.cipher) { |
| 955 | case ALG_WEP: | 1025 | case WLAN_CIPHER_SUITE_WEP40: |
| 1026 | case WLAN_CIPHER_SUITE_WEP104: | ||
| 956 | /* Check for weak IVs if possible */ | 1027 | /* Check for weak IVs if possible */ |
| 957 | if (rx->sta && ieee80211_is_data(fc) && | 1028 | if (rx->sta && ieee80211_is_data(fc) && |
| 958 | (!(status->flag & RX_FLAG_IV_STRIPPED) || | 1029 | (!(status->flag & RX_FLAG_IV_STRIPPED) || |
| @@ -962,15 +1033,21 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx) | |||
| 962 | 1033 | ||
| 963 | result = ieee80211_crypto_wep_decrypt(rx); | 1034 | result = ieee80211_crypto_wep_decrypt(rx); |
| 964 | break; | 1035 | break; |
| 965 | case ALG_TKIP: | 1036 | case WLAN_CIPHER_SUITE_TKIP: |
| 966 | result = ieee80211_crypto_tkip_decrypt(rx); | 1037 | result = ieee80211_crypto_tkip_decrypt(rx); |
| 967 | break; | 1038 | break; |
| 968 | case ALG_CCMP: | 1039 | case WLAN_CIPHER_SUITE_CCMP: |
| 969 | result = ieee80211_crypto_ccmp_decrypt(rx); | 1040 | result = ieee80211_crypto_ccmp_decrypt(rx); |
| 970 | break; | 1041 | break; |
| 971 | case ALG_AES_CMAC: | 1042 | case WLAN_CIPHER_SUITE_AES_CMAC: |
| 972 | result = ieee80211_crypto_aes_cmac_decrypt(rx); | 1043 | result = ieee80211_crypto_aes_cmac_decrypt(rx); |
| 973 | break; | 1044 | break; |
| 1045 | default: | ||
| 1046 | /* | ||
| 1047 | * We can reach here only with HW-only algorithms | ||
| 1048 | * but why didn't it decrypt the frame?! | ||
| 1049 | */ | ||
| 1050 | return RX_DROP_UNUSABLE; | ||
| 974 | } | 1051 | } |
| 975 | 1052 | ||
| 976 | /* either the frame has been decrypted or will be dropped */ | 1053 | /* either the frame has been decrypted or will be dropped */ |
| @@ -1019,7 +1096,8 @@ static void ap_sta_ps_start(struct sta_info *sta) | |||
| 1019 | 1096 | ||
| 1020 | atomic_inc(&sdata->bss->num_sta_ps); | 1097 | atomic_inc(&sdata->bss->num_sta_ps); |
| 1021 | set_sta_flags(sta, WLAN_STA_PS_STA); | 1098 | set_sta_flags(sta, WLAN_STA_PS_STA); |
| 1022 | drv_sta_notify(local, sdata, STA_NOTIFY_SLEEP, &sta->sta); | 1099 | if (!(local->hw.flags & IEEE80211_HW_AP_LINK_PS)) |
| 1100 | drv_sta_notify(local, sdata, STA_NOTIFY_SLEEP, &sta->sta); | ||
| 1023 | #ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG | 1101 | #ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG |
| 1024 | printk(KERN_DEBUG "%s: STA %pM aid %d enters power save mode\n", | 1102 | printk(KERN_DEBUG "%s: STA %pM aid %d enters power save mode\n", |
| 1025 | sdata->name, sta->sta.addr, sta->sta.aid); | 1103 | sdata->name, sta->sta.addr, sta->sta.aid); |
| @@ -1032,8 +1110,6 @@ static void ap_sta_ps_end(struct sta_info *sta) | |||
| 1032 | 1110 | ||
| 1033 | atomic_dec(&sdata->bss->num_sta_ps); | 1111 | atomic_dec(&sdata->bss->num_sta_ps); |
| 1034 | 1112 | ||
| 1035 | clear_sta_flags(sta, WLAN_STA_PS_STA); | ||
| 1036 | |||
| 1037 | #ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG | 1113 | #ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG |
| 1038 | printk(KERN_DEBUG "%s: STA %pM aid %d exits power save mode\n", | 1114 | printk(KERN_DEBUG "%s: STA %pM aid %d exits power save mode\n", |
| 1039 | sdata->name, sta->sta.addr, sta->sta.aid); | 1115 | sdata->name, sta->sta.addr, sta->sta.aid); |
| @@ -1050,6 +1126,27 @@ static void ap_sta_ps_end(struct sta_info *sta) | |||
| 1050 | ieee80211_sta_ps_deliver_wakeup(sta); | 1126 | ieee80211_sta_ps_deliver_wakeup(sta); |
| 1051 | } | 1127 | } |
| 1052 | 1128 | ||
| 1129 | int ieee80211_sta_ps_transition(struct ieee80211_sta *sta, bool start) | ||
| 1130 | { | ||
| 1131 | struct sta_info *sta_inf = container_of(sta, struct sta_info, sta); | ||
| 1132 | bool in_ps; | ||
| 1133 | |||
| 1134 | WARN_ON(!(sta_inf->local->hw.flags & IEEE80211_HW_AP_LINK_PS)); | ||
| 1135 | |||
| 1136 | /* Don't let the same PS state be set twice */ | ||
| 1137 | in_ps = test_sta_flags(sta_inf, WLAN_STA_PS_STA); | ||
| 1138 | if ((start && in_ps) || (!start && !in_ps)) | ||
| 1139 | return -EINVAL; | ||
| 1140 | |||
| 1141 | if (start) | ||
| 1142 | ap_sta_ps_start(sta_inf); | ||
| 1143 | else | ||
| 1144 | ap_sta_ps_end(sta_inf); | ||
| 1145 | |||
| 1146 | return 0; | ||
| 1147 | } | ||
| 1148 | EXPORT_SYMBOL(ieee80211_sta_ps_transition); | ||
| 1149 | |||
| 1053 | static ieee80211_rx_result debug_noinline | 1150 | static ieee80211_rx_result debug_noinline |
| 1054 | ieee80211_rx_h_sta_process(struct ieee80211_rx_data *rx) | 1151 | ieee80211_rx_h_sta_process(struct ieee80211_rx_data *rx) |
| 1055 | { | 1152 | { |
| @@ -1069,17 +1166,26 @@ ieee80211_rx_h_sta_process(struct ieee80211_rx_data *rx) | |||
| 1069 | if (rx->sdata->vif.type == NL80211_IFTYPE_ADHOC) { | 1166 | if (rx->sdata->vif.type == NL80211_IFTYPE_ADHOC) { |
| 1070 | u8 *bssid = ieee80211_get_bssid(hdr, rx->skb->len, | 1167 | u8 *bssid = ieee80211_get_bssid(hdr, rx->skb->len, |
| 1071 | NL80211_IFTYPE_ADHOC); | 1168 | NL80211_IFTYPE_ADHOC); |
| 1072 | if (compare_ether_addr(bssid, rx->sdata->u.ibss.bssid) == 0) | 1169 | if (compare_ether_addr(bssid, rx->sdata->u.ibss.bssid) == 0) { |
| 1073 | sta->last_rx = jiffies; | 1170 | sta->last_rx = jiffies; |
| 1171 | if (ieee80211_is_data(hdr->frame_control)) { | ||
| 1172 | sta->last_rx_rate_idx = status->rate_idx; | ||
| 1173 | sta->last_rx_rate_flag = status->flag; | ||
| 1174 | } | ||
| 1175 | } | ||
| 1074 | } else if (!is_multicast_ether_addr(hdr->addr1)) { | 1176 | } else if (!is_multicast_ether_addr(hdr->addr1)) { |
| 1075 | /* | 1177 | /* |
| 1076 | * Mesh beacons will update last_rx when if they are found to | 1178 | * Mesh beacons will update last_rx when if they are found to |
| 1077 | * match the current local configuration when processed. | 1179 | * match the current local configuration when processed. |
| 1078 | */ | 1180 | */ |
| 1079 | sta->last_rx = jiffies; | 1181 | sta->last_rx = jiffies; |
| 1182 | if (ieee80211_is_data(hdr->frame_control)) { | ||
| 1183 | sta->last_rx_rate_idx = status->rate_idx; | ||
| 1184 | sta->last_rx_rate_flag = status->flag; | ||
| 1185 | } | ||
| 1080 | } | 1186 | } |
| 1081 | 1187 | ||
| 1082 | if (!(rx->flags & IEEE80211_RX_RA_MATCH)) | 1188 | if (!(status->rx_flags & IEEE80211_RX_RA_MATCH)) |
| 1083 | return RX_CONTINUE; | 1189 | return RX_CONTINUE; |
| 1084 | 1190 | ||
| 1085 | if (rx->sdata->vif.type == NL80211_IFTYPE_STATION) | 1191 | if (rx->sdata->vif.type == NL80211_IFTYPE_STATION) |
| @@ -1088,12 +1194,15 @@ ieee80211_rx_h_sta_process(struct ieee80211_rx_data *rx) | |||
| 1088 | sta->rx_fragments++; | 1194 | sta->rx_fragments++; |
| 1089 | sta->rx_bytes += rx->skb->len; | 1195 | sta->rx_bytes += rx->skb->len; |
| 1090 | sta->last_signal = status->signal; | 1196 | sta->last_signal = status->signal; |
| 1197 | ewma_add(&sta->avg_signal, -status->signal); | ||
| 1091 | 1198 | ||
| 1092 | /* | 1199 | /* |
| 1093 | * Change STA power saving mode only at the end of a frame | 1200 | * Change STA power saving mode only at the end of a frame |
| 1094 | * exchange sequence. | 1201 | * exchange sequence. |
| 1095 | */ | 1202 | */ |
| 1096 | if (!ieee80211_has_morefrags(hdr->frame_control) && | 1203 | if (!(sta->local->hw.flags & IEEE80211_HW_AP_LINK_PS) && |
| 1204 | !ieee80211_has_morefrags(hdr->frame_control) && | ||
| 1205 | !(status->rx_flags & IEEE80211_RX_DEFERRED_RELEASE) && | ||
| 1097 | (rx->sdata->vif.type == NL80211_IFTYPE_AP || | 1206 | (rx->sdata->vif.type == NL80211_IFTYPE_AP || |
| 1098 | rx->sdata->vif.type == NL80211_IFTYPE_AP_VLAN)) { | 1207 | rx->sdata->vif.type == NL80211_IFTYPE_AP_VLAN)) { |
| 1099 | if (test_sta_flags(sta, WLAN_STA_PS_STA)) { | 1208 | if (test_sta_flags(sta, WLAN_STA_PS_STA)) { |
| @@ -1236,6 +1345,7 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx) | |||
| 1236 | unsigned int frag, seq; | 1345 | unsigned int frag, seq; |
| 1237 | struct ieee80211_fragment_entry *entry; | 1346 | struct ieee80211_fragment_entry *entry; |
| 1238 | struct sk_buff *skb; | 1347 | struct sk_buff *skb; |
| 1348 | struct ieee80211_rx_status *status; | ||
| 1239 | 1349 | ||
| 1240 | hdr = (struct ieee80211_hdr *)rx->skb->data; | 1350 | hdr = (struct ieee80211_hdr *)rx->skb->data; |
| 1241 | fc = hdr->frame_control; | 1351 | fc = hdr->frame_control; |
| @@ -1265,7 +1375,7 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx) | |||
| 1265 | /* This is the first fragment of a new frame. */ | 1375 | /* This is the first fragment of a new frame. */ |
| 1266 | entry = ieee80211_reassemble_add(rx->sdata, frag, seq, | 1376 | entry = ieee80211_reassemble_add(rx->sdata, frag, seq, |
| 1267 | rx->queue, &(rx->skb)); | 1377 | rx->queue, &(rx->skb)); |
| 1268 | if (rx->key && rx->key->conf.alg == ALG_CCMP && | 1378 | if (rx->key && rx->key->conf.cipher == WLAN_CIPHER_SUITE_CCMP && |
| 1269 | ieee80211_has_protected(fc)) { | 1379 | ieee80211_has_protected(fc)) { |
| 1270 | int queue = ieee80211_is_mgmt(fc) ? | 1380 | int queue = ieee80211_is_mgmt(fc) ? |
| 1271 | NUM_RX_DATA_QUEUES : rx->queue; | 1381 | NUM_RX_DATA_QUEUES : rx->queue; |
| @@ -1294,7 +1404,7 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx) | |||
| 1294 | int i; | 1404 | int i; |
| 1295 | u8 pn[CCMP_PN_LEN], *rpn; | 1405 | u8 pn[CCMP_PN_LEN], *rpn; |
| 1296 | int queue; | 1406 | int queue; |
| 1297 | if (!rx->key || rx->key->conf.alg != ALG_CCMP) | 1407 | if (!rx->key || rx->key->conf.cipher != WLAN_CIPHER_SUITE_CCMP) |
| 1298 | return RX_DROP_UNUSABLE; | 1408 | return RX_DROP_UNUSABLE; |
| 1299 | memcpy(pn, entry->last_pn, CCMP_PN_LEN); | 1409 | memcpy(pn, entry->last_pn, CCMP_PN_LEN); |
| 1300 | for (i = CCMP_PN_LEN - 1; i >= 0; i--) { | 1410 | for (i = CCMP_PN_LEN - 1; i >= 0; i--) { |
| @@ -1335,7 +1445,8 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx) | |||
| 1335 | } | 1445 | } |
| 1336 | 1446 | ||
| 1337 | /* Complete frame has been reassembled - process it now */ | 1447 | /* Complete frame has been reassembled - process it now */ |
| 1338 | rx->flags |= IEEE80211_RX_FRAGMENTED; | 1448 | status = IEEE80211_SKB_RXCB(rx->skb); |
| 1449 | status->rx_flags |= IEEE80211_RX_FRAGMENTED; | ||
| 1339 | 1450 | ||
| 1340 | out: | 1451 | out: |
| 1341 | if (rx->sta) | 1452 | if (rx->sta) |
| @@ -1352,9 +1463,10 @@ ieee80211_rx_h_ps_poll(struct ieee80211_rx_data *rx) | |||
| 1352 | { | 1463 | { |
| 1353 | struct ieee80211_sub_if_data *sdata = rx->sdata; | 1464 | struct ieee80211_sub_if_data *sdata = rx->sdata; |
| 1354 | __le16 fc = ((struct ieee80211_hdr *)rx->skb->data)->frame_control; | 1465 | __le16 fc = ((struct ieee80211_hdr *)rx->skb->data)->frame_control; |
| 1466 | struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb); | ||
| 1355 | 1467 | ||
| 1356 | if (likely(!rx->sta || !ieee80211_is_pspoll(fc) || | 1468 | if (likely(!rx->sta || !ieee80211_is_pspoll(fc) || |
| 1357 | !(rx->flags & IEEE80211_RX_RA_MATCH))) | 1469 | !(status->rx_flags & IEEE80211_RX_RA_MATCH))) |
| 1358 | return RX_CONTINUE; | 1470 | return RX_CONTINUE; |
| 1359 | 1471 | ||
| 1360 | if ((sdata->vif.type != NL80211_IFTYPE_AP) && | 1472 | if ((sdata->vif.type != NL80211_IFTYPE_AP) && |
| @@ -1442,12 +1554,30 @@ ieee80211_drop_unencrypted_mgmt(struct ieee80211_rx_data *rx) | |||
| 1442 | if (rx->sta && test_sta_flags(rx->sta, WLAN_STA_MFP)) { | 1554 | if (rx->sta && test_sta_flags(rx->sta, WLAN_STA_MFP)) { |
| 1443 | if (unlikely(!ieee80211_has_protected(fc) && | 1555 | if (unlikely(!ieee80211_has_protected(fc) && |
| 1444 | ieee80211_is_unicast_robust_mgmt_frame(rx->skb) && | 1556 | ieee80211_is_unicast_robust_mgmt_frame(rx->skb) && |
| 1445 | rx->key)) | 1557 | rx->key)) { |
| 1558 | if (ieee80211_is_deauth(fc)) | ||
| 1559 | cfg80211_send_unprot_deauth(rx->sdata->dev, | ||
| 1560 | rx->skb->data, | ||
| 1561 | rx->skb->len); | ||
| 1562 | else if (ieee80211_is_disassoc(fc)) | ||
| 1563 | cfg80211_send_unprot_disassoc(rx->sdata->dev, | ||
| 1564 | rx->skb->data, | ||
| 1565 | rx->skb->len); | ||
| 1446 | return -EACCES; | 1566 | return -EACCES; |
| 1567 | } | ||
| 1447 | /* BIP does not use Protected field, so need to check MMIE */ | 1568 | /* BIP does not use Protected field, so need to check MMIE */ |
| 1448 | if (unlikely(ieee80211_is_multicast_robust_mgmt_frame(rx->skb) && | 1569 | if (unlikely(ieee80211_is_multicast_robust_mgmt_frame(rx->skb) && |
| 1449 | ieee80211_get_mmie_keyidx(rx->skb) < 0)) | 1570 | ieee80211_get_mmie_keyidx(rx->skb) < 0)) { |
| 1571 | if (ieee80211_is_deauth(fc)) | ||
| 1572 | cfg80211_send_unprot_deauth(rx->sdata->dev, | ||
| 1573 | rx->skb->data, | ||
| 1574 | rx->skb->len); | ||
| 1575 | else if (ieee80211_is_disassoc(fc)) | ||
| 1576 | cfg80211_send_unprot_disassoc(rx->sdata->dev, | ||
| 1577 | rx->skb->data, | ||
| 1578 | rx->skb->len); | ||
| 1450 | return -EACCES; | 1579 | return -EACCES; |
| 1580 | } | ||
| 1451 | /* | 1581 | /* |
| 1452 | * When using MFP, Action frames are not allowed prior to | 1582 | * When using MFP, Action frames are not allowed prior to |
| 1453 | * having configured keys. | 1583 | * having configured keys. |
| @@ -1462,21 +1592,43 @@ ieee80211_drop_unencrypted_mgmt(struct ieee80211_rx_data *rx) | |||
| 1462 | } | 1592 | } |
| 1463 | 1593 | ||
| 1464 | static int | 1594 | static int |
| 1465 | __ieee80211_data_to_8023(struct ieee80211_rx_data *rx) | 1595 | __ieee80211_data_to_8023(struct ieee80211_rx_data *rx, bool *port_control) |
| 1466 | { | 1596 | { |
| 1467 | struct ieee80211_sub_if_data *sdata = rx->sdata; | 1597 | struct ieee80211_sub_if_data *sdata = rx->sdata; |
| 1468 | struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data; | 1598 | struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data; |
| 1599 | bool check_port_control = false; | ||
| 1600 | struct ethhdr *ehdr; | ||
| 1601 | int ret; | ||
| 1469 | 1602 | ||
| 1603 | *port_control = false; | ||
| 1470 | if (ieee80211_has_a4(hdr->frame_control) && | 1604 | if (ieee80211_has_a4(hdr->frame_control) && |
| 1471 | sdata->vif.type == NL80211_IFTYPE_AP_VLAN && !sdata->u.vlan.sta) | 1605 | sdata->vif.type == NL80211_IFTYPE_AP_VLAN && !sdata->u.vlan.sta) |
| 1472 | return -1; | 1606 | return -1; |
| 1473 | 1607 | ||
| 1608 | if (sdata->vif.type == NL80211_IFTYPE_STATION && | ||
| 1609 | !!sdata->u.mgd.use_4addr != !!ieee80211_has_a4(hdr->frame_control)) { | ||
| 1610 | |||
| 1611 | if (!sdata->u.mgd.use_4addr) | ||
| 1612 | return -1; | ||
| 1613 | else | ||
| 1614 | check_port_control = true; | ||
| 1615 | } | ||
| 1616 | |||
| 1474 | if (is_multicast_ether_addr(hdr->addr1) && | 1617 | if (is_multicast_ether_addr(hdr->addr1) && |
| 1475 | ((sdata->vif.type == NL80211_IFTYPE_AP_VLAN && sdata->u.vlan.sta) || | 1618 | sdata->vif.type == NL80211_IFTYPE_AP_VLAN && sdata->u.vlan.sta) |
| 1476 | (sdata->vif.type == NL80211_IFTYPE_STATION && sdata->u.mgd.use_4addr))) | 1619 | return -1; |
| 1620 | |||
| 1621 | ret = ieee80211_data_to_8023(rx->skb, sdata->vif.addr, sdata->vif.type); | ||
| 1622 | if (ret < 0) | ||
| 1623 | return ret; | ||
| 1624 | |||
| 1625 | ehdr = (struct ethhdr *) rx->skb->data; | ||
| 1626 | if (ehdr->h_proto == rx->sdata->control_port_protocol) | ||
| 1627 | *port_control = true; | ||
| 1628 | else if (check_port_control) | ||
| 1477 | return -1; | 1629 | return -1; |
| 1478 | 1630 | ||
| 1479 | return ieee80211_data_to_8023(rx->skb, sdata->vif.addr, sdata->vif.type); | 1631 | return 0; |
| 1480 | } | 1632 | } |
| 1481 | 1633 | ||
| 1482 | /* | 1634 | /* |
| @@ -1492,7 +1644,7 @@ static bool ieee80211_frame_allowed(struct ieee80211_rx_data *rx, __le16 fc) | |||
| 1492 | * Allow EAPOL frames to us/the PAE group address regardless | 1644 | * Allow EAPOL frames to us/the PAE group address regardless |
| 1493 | * of whether the frame was encrypted or not. | 1645 | * of whether the frame was encrypted or not. |
| 1494 | */ | 1646 | */ |
| 1495 | if (ehdr->h_proto == htons(ETH_P_PAE) && | 1647 | if (ehdr->h_proto == rx->sdata->control_port_protocol && |
| 1496 | (compare_ether_addr(ehdr->h_dest, rx->sdata->vif.addr) == 0 || | 1648 | (compare_ether_addr(ehdr->h_dest, rx->sdata->vif.addr) == 0 || |
| 1497 | compare_ether_addr(ehdr->h_dest, pae_group_addr) == 0)) | 1649 | compare_ether_addr(ehdr->h_dest, pae_group_addr) == 0)) |
| 1498 | return true; | 1650 | return true; |
| @@ -1515,6 +1667,7 @@ ieee80211_deliver_skb(struct ieee80211_rx_data *rx) | |||
| 1515 | struct sk_buff *skb, *xmit_skb; | 1667 | struct sk_buff *skb, *xmit_skb; |
| 1516 | struct ethhdr *ehdr = (struct ethhdr *) rx->skb->data; | 1668 | struct ethhdr *ehdr = (struct ethhdr *) rx->skb->data; |
| 1517 | struct sta_info *dsta; | 1669 | struct sta_info *dsta; |
| 1670 | struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb); | ||
| 1518 | 1671 | ||
| 1519 | skb = rx->skb; | 1672 | skb = rx->skb; |
| 1520 | xmit_skb = NULL; | 1673 | xmit_skb = NULL; |
| @@ -1522,7 +1675,7 @@ ieee80211_deliver_skb(struct ieee80211_rx_data *rx) | |||
| 1522 | if ((sdata->vif.type == NL80211_IFTYPE_AP || | 1675 | if ((sdata->vif.type == NL80211_IFTYPE_AP || |
| 1523 | sdata->vif.type == NL80211_IFTYPE_AP_VLAN) && | 1676 | sdata->vif.type == NL80211_IFTYPE_AP_VLAN) && |
| 1524 | !(sdata->flags & IEEE80211_SDATA_DONT_BRIDGE_PACKETS) && | 1677 | !(sdata->flags & IEEE80211_SDATA_DONT_BRIDGE_PACKETS) && |
| 1525 | (rx->flags & IEEE80211_RX_RA_MATCH) && | 1678 | (status->rx_flags & IEEE80211_RX_RA_MATCH) && |
| 1526 | (sdata->vif.type != NL80211_IFTYPE_AP_VLAN || !sdata->u.vlan.sta)) { | 1679 | (sdata->vif.type != NL80211_IFTYPE_AP_VLAN || !sdata->u.vlan.sta)) { |
| 1527 | if (is_multicast_ether_addr(ehdr->h_dest)) { | 1680 | if (is_multicast_ether_addr(ehdr->h_dest)) { |
| 1528 | /* | 1681 | /* |
| @@ -1599,6 +1752,7 @@ ieee80211_rx_h_amsdu(struct ieee80211_rx_data *rx) | |||
| 1599 | struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; | 1752 | struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; |
| 1600 | __le16 fc = hdr->frame_control; | 1753 | __le16 fc = hdr->frame_control; |
| 1601 | struct sk_buff_head frame_list; | 1754 | struct sk_buff_head frame_list; |
| 1755 | struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb); | ||
| 1602 | 1756 | ||
| 1603 | if (unlikely(!ieee80211_is_data(fc))) | 1757 | if (unlikely(!ieee80211_is_data(fc))) |
| 1604 | return RX_CONTINUE; | 1758 | return RX_CONTINUE; |
| @@ -1606,7 +1760,7 @@ ieee80211_rx_h_amsdu(struct ieee80211_rx_data *rx) | |||
| 1606 | if (unlikely(!ieee80211_is_data_present(fc))) | 1760 | if (unlikely(!ieee80211_is_data_present(fc))) |
| 1607 | return RX_DROP_MONITOR; | 1761 | return RX_DROP_MONITOR; |
| 1608 | 1762 | ||
| 1609 | if (!(rx->flags & IEEE80211_RX_AMSDU)) | 1763 | if (!(status->rx_flags & IEEE80211_RX_AMSDU)) |
| 1610 | return RX_CONTINUE; | 1764 | return RX_CONTINUE; |
| 1611 | 1765 | ||
| 1612 | if (ieee80211_has_a4(hdr->frame_control) && | 1766 | if (ieee80211_has_a4(hdr->frame_control) && |
| @@ -1629,7 +1783,7 @@ ieee80211_rx_h_amsdu(struct ieee80211_rx_data *rx) | |||
| 1629 | 1783 | ||
| 1630 | ieee80211_amsdu_to_8023s(skb, &frame_list, dev->dev_addr, | 1784 | ieee80211_amsdu_to_8023s(skb, &frame_list, dev->dev_addr, |
| 1631 | rx->sdata->vif.type, | 1785 | rx->sdata->vif.type, |
| 1632 | rx->local->hw.extra_tx_headroom); | 1786 | rx->local->hw.extra_tx_headroom, true); |
| 1633 | 1787 | ||
| 1634 | while (!skb_queue_empty(&frame_list)) { | 1788 | while (!skb_queue_empty(&frame_list)) { |
| 1635 | rx->skb = __skb_dequeue(&frame_list); | 1789 | rx->skb = __skb_dequeue(&frame_list); |
| @@ -1657,6 +1811,7 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx) | |||
| 1657 | struct sk_buff *skb = rx->skb, *fwd_skb; | 1811 | struct sk_buff *skb = rx->skb, *fwd_skb; |
| 1658 | struct ieee80211_local *local = rx->local; | 1812 | struct ieee80211_local *local = rx->local; |
| 1659 | struct ieee80211_sub_if_data *sdata = rx->sdata; | 1813 | struct ieee80211_sub_if_data *sdata = rx->sdata; |
| 1814 | struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); | ||
| 1660 | 1815 | ||
| 1661 | hdr = (struct ieee80211_hdr *) skb->data; | 1816 | hdr = (struct ieee80211_hdr *) skb->data; |
| 1662 | hdrlen = ieee80211_hdrlen(hdr->frame_control); | 1817 | hdrlen = ieee80211_hdrlen(hdr->frame_control); |
| @@ -1702,7 +1857,7 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx) | |||
| 1702 | 1857 | ||
| 1703 | mesh_hdr->ttl--; | 1858 | mesh_hdr->ttl--; |
| 1704 | 1859 | ||
| 1705 | if (rx->flags & IEEE80211_RX_RA_MATCH) { | 1860 | if (status->rx_flags & IEEE80211_RX_RA_MATCH) { |
| 1706 | if (!mesh_hdr->ttl) | 1861 | if (!mesh_hdr->ttl) |
| 1707 | IEEE80211_IFSTA_MESH_CTR_INC(&rx->sdata->u.mesh, | 1862 | IEEE80211_IFSTA_MESH_CTR_INC(&rx->sdata->u.mesh, |
| 1708 | dropped_frames_ttl); | 1863 | dropped_frames_ttl); |
| @@ -1715,6 +1870,8 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx) | |||
| 1715 | if (!fwd_skb && net_ratelimit()) | 1870 | if (!fwd_skb && net_ratelimit()) |
| 1716 | printk(KERN_DEBUG "%s: failed to clone mesh frame\n", | 1871 | printk(KERN_DEBUG "%s: failed to clone mesh frame\n", |
| 1717 | sdata->name); | 1872 | sdata->name); |
| 1873 | if (!fwd_skb) | ||
| 1874 | goto out; | ||
| 1718 | 1875 | ||
| 1719 | fwd_hdr = (struct ieee80211_hdr *) fwd_skb->data; | 1876 | fwd_hdr = (struct ieee80211_hdr *) fwd_skb->data; |
| 1720 | memcpy(fwd_hdr->addr2, sdata->vif.addr, ETH_ALEN); | 1877 | memcpy(fwd_hdr->addr2, sdata->vif.addr, ETH_ALEN); |
| @@ -1752,6 +1909,7 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx) | |||
| 1752 | } | 1909 | } |
| 1753 | } | 1910 | } |
| 1754 | 1911 | ||
| 1912 | out: | ||
| 1755 | if (is_multicast_ether_addr(hdr->addr1) || | 1913 | if (is_multicast_ether_addr(hdr->addr1) || |
| 1756 | sdata->dev->flags & IFF_PROMISC) | 1914 | sdata->dev->flags & IFF_PROMISC) |
| 1757 | return RX_CONTINUE; | 1915 | return RX_CONTINUE; |
| @@ -1768,6 +1926,7 @@ ieee80211_rx_h_data(struct ieee80211_rx_data *rx) | |||
| 1768 | struct net_device *dev = sdata->dev; | 1926 | struct net_device *dev = sdata->dev; |
| 1769 | struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data; | 1927 | struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data; |
| 1770 | __le16 fc = hdr->frame_control; | 1928 | __le16 fc = hdr->frame_control; |
| 1929 | bool port_control; | ||
| 1771 | int err; | 1930 | int err; |
| 1772 | 1931 | ||
| 1773 | if (unlikely(!ieee80211_is_data(hdr->frame_control))) | 1932 | if (unlikely(!ieee80211_is_data(hdr->frame_control))) |
| @@ -1784,21 +1943,31 @@ ieee80211_rx_h_data(struct ieee80211_rx_data *rx) | |||
| 1784 | sdata->vif.type == NL80211_IFTYPE_AP) | 1943 | sdata->vif.type == NL80211_IFTYPE_AP) |
| 1785 | return RX_DROP_MONITOR; | 1944 | return RX_DROP_MONITOR; |
| 1786 | 1945 | ||
| 1787 | err = __ieee80211_data_to_8023(rx); | 1946 | err = __ieee80211_data_to_8023(rx, &port_control); |
| 1788 | if (unlikely(err)) | 1947 | if (unlikely(err)) |
| 1789 | return RX_DROP_UNUSABLE; | 1948 | return RX_DROP_UNUSABLE; |
| 1790 | 1949 | ||
| 1791 | if (!ieee80211_frame_allowed(rx, fc)) | 1950 | if (!ieee80211_frame_allowed(rx, fc)) |
| 1792 | return RX_DROP_MONITOR; | 1951 | return RX_DROP_MONITOR; |
| 1793 | 1952 | ||
| 1953 | if (rx->sdata->vif.type == NL80211_IFTYPE_AP_VLAN && | ||
| 1954 | unlikely(port_control) && sdata->bss) { | ||
| 1955 | sdata = container_of(sdata->bss, struct ieee80211_sub_if_data, | ||
| 1956 | u.ap); | ||
| 1957 | dev = sdata->dev; | ||
| 1958 | rx->sdata = sdata; | ||
| 1959 | } | ||
| 1960 | |||
| 1794 | rx->skb->dev = dev; | 1961 | rx->skb->dev = dev; |
| 1795 | 1962 | ||
| 1796 | dev->stats.rx_packets++; | 1963 | dev->stats.rx_packets++; |
| 1797 | dev->stats.rx_bytes += rx->skb->len; | 1964 | dev->stats.rx_bytes += rx->skb->len; |
| 1798 | 1965 | ||
| 1799 | if (ieee80211_is_data(hdr->frame_control) && | 1966 | if (local->ps_sdata && local->hw.conf.dynamic_ps_timeout > 0 && |
| 1800 | !is_multicast_ether_addr(hdr->addr1) && | 1967 | !is_multicast_ether_addr( |
| 1801 | local->hw.conf.dynamic_ps_timeout > 0 && local->ps_sdata) { | 1968 | ((struct ethhdr *)rx->skb->data)->h_dest) && |
| 1969 | (!local->scanning && | ||
| 1970 | !test_bit(SDATA_STATE_OFFCHANNEL, &sdata->state))) { | ||
| 1802 | mod_timer(&local->dynamic_ps_timer, jiffies + | 1971 | mod_timer(&local->dynamic_ps_timer, jiffies + |
| 1803 | msecs_to_jiffies(local->hw.conf.dynamic_ps_timeout)); | 1972 | msecs_to_jiffies(local->hw.conf.dynamic_ps_timeout)); |
| 1804 | } | 1973 | } |
| @@ -1809,7 +1978,7 @@ ieee80211_rx_h_data(struct ieee80211_rx_data *rx) | |||
| 1809 | } | 1978 | } |
| 1810 | 1979 | ||
| 1811 | static ieee80211_rx_result debug_noinline | 1980 | static ieee80211_rx_result debug_noinline |
| 1812 | ieee80211_rx_h_ctrl(struct ieee80211_rx_data *rx, struct sk_buff_head *frames) | 1981 | ieee80211_rx_h_ctrl(struct ieee80211_rx_data *rx) |
| 1813 | { | 1982 | { |
| 1814 | struct ieee80211_local *local = rx->local; | 1983 | struct ieee80211_local *local = rx->local; |
| 1815 | struct ieee80211_hw *hw = &local->hw; | 1984 | struct ieee80211_hw *hw = &local->hw; |
| @@ -1847,9 +2016,11 @@ ieee80211_rx_h_ctrl(struct ieee80211_rx_data *rx, struct sk_buff_head *frames) | |||
| 1847 | mod_timer(&tid_agg_rx->session_timer, | 2016 | mod_timer(&tid_agg_rx->session_timer, |
| 1848 | TU_TO_EXP_TIME(tid_agg_rx->timeout)); | 2017 | TU_TO_EXP_TIME(tid_agg_rx->timeout)); |
| 1849 | 2018 | ||
| 2019 | spin_lock(&tid_agg_rx->reorder_lock); | ||
| 1850 | /* release stored frames up to start of BAR */ | 2020 | /* release stored frames up to start of BAR */ |
| 1851 | ieee80211_release_reorder_frames(hw, tid_agg_rx, start_seq_num, | 2021 | ieee80211_release_reorder_frames(hw, tid_agg_rx, start_seq_num); |
| 1852 | frames); | 2022 | spin_unlock(&tid_agg_rx->reorder_lock); |
| 2023 | |||
| 1853 | kfree_skb(skb); | 2024 | kfree_skb(skb); |
| 1854 | return RX_QUEUED; | 2025 | return RX_QUEUED; |
| 1855 | } | 2026 | } |
| @@ -1909,13 +2080,38 @@ static void ieee80211_process_sa_query_req(struct ieee80211_sub_if_data *sdata, | |||
| 1909 | } | 2080 | } |
| 1910 | 2081 | ||
| 1911 | static ieee80211_rx_result debug_noinline | 2082 | static ieee80211_rx_result debug_noinline |
| 2083 | ieee80211_rx_h_mgmt_check(struct ieee80211_rx_data *rx) | ||
| 2084 | { | ||
| 2085 | struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) rx->skb->data; | ||
| 2086 | struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb); | ||
| 2087 | |||
| 2088 | /* | ||
| 2089 | * From here on, look only at management frames. | ||
| 2090 | * Data and control frames are already handled, | ||
| 2091 | * and unknown (reserved) frames are useless. | ||
| 2092 | */ | ||
| 2093 | if (rx->skb->len < 24) | ||
| 2094 | return RX_DROP_MONITOR; | ||
| 2095 | |||
| 2096 | if (!ieee80211_is_mgmt(mgmt->frame_control)) | ||
| 2097 | return RX_DROP_MONITOR; | ||
| 2098 | |||
| 2099 | if (!(status->rx_flags & IEEE80211_RX_RA_MATCH)) | ||
| 2100 | return RX_DROP_MONITOR; | ||
| 2101 | |||
| 2102 | if (ieee80211_drop_unencrypted_mgmt(rx)) | ||
| 2103 | return RX_DROP_UNUSABLE; | ||
| 2104 | |||
| 2105 | return RX_CONTINUE; | ||
| 2106 | } | ||
| 2107 | |||
| 2108 | static ieee80211_rx_result debug_noinline | ||
| 1912 | ieee80211_rx_h_action(struct ieee80211_rx_data *rx) | 2109 | ieee80211_rx_h_action(struct ieee80211_rx_data *rx) |
| 1913 | { | 2110 | { |
| 1914 | struct ieee80211_local *local = rx->local; | 2111 | struct ieee80211_local *local = rx->local; |
| 1915 | struct ieee80211_sub_if_data *sdata = rx->sdata; | 2112 | struct ieee80211_sub_if_data *sdata = rx->sdata; |
| 1916 | struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) rx->skb->data; | 2113 | struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) rx->skb->data; |
| 1917 | struct sk_buff *nskb; | 2114 | struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb); |
| 1918 | struct ieee80211_rx_status *status; | ||
| 1919 | int len = rx->skb->len; | 2115 | int len = rx->skb->len; |
| 1920 | 2116 | ||
| 1921 | if (!ieee80211_is_action(mgmt->frame_control)) | 2117 | if (!ieee80211_is_action(mgmt->frame_control)) |
| @@ -1928,10 +2124,7 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx) | |||
| 1928 | if (!rx->sta && mgmt->u.action.category != WLAN_CATEGORY_PUBLIC) | 2124 | if (!rx->sta && mgmt->u.action.category != WLAN_CATEGORY_PUBLIC) |
| 1929 | return RX_DROP_UNUSABLE; | 2125 | return RX_DROP_UNUSABLE; |
| 1930 | 2126 | ||
| 1931 | if (!(rx->flags & IEEE80211_RX_RA_MATCH)) | 2127 | if (!(status->rx_flags & IEEE80211_RX_RA_MATCH)) |
| 1932 | return RX_DROP_UNUSABLE; | ||
| 1933 | |||
| 1934 | if (ieee80211_drop_unencrypted_mgmt(rx)) | ||
| 1935 | return RX_DROP_UNUSABLE; | 2128 | return RX_DROP_UNUSABLE; |
| 1936 | 2129 | ||
| 1937 | switch (mgmt->u.action.category) { | 2130 | switch (mgmt->u.action.category) { |
| @@ -2017,24 +2210,46 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx) | |||
| 2017 | goto handled; | 2210 | goto handled; |
| 2018 | } | 2211 | } |
| 2019 | break; | 2212 | break; |
| 2020 | case WLAN_CATEGORY_MESH_PLINK: | 2213 | case WLAN_CATEGORY_MESH_ACTION: |
| 2021 | case WLAN_CATEGORY_MESH_PATH_SEL: | ||
| 2022 | if (!ieee80211_vif_is_mesh(&sdata->vif)) | 2214 | if (!ieee80211_vif_is_mesh(&sdata->vif)) |
| 2023 | break; | 2215 | break; |
| 2024 | goto queue; | 2216 | goto queue; |
| 2217 | case WLAN_CATEGORY_MESH_PATH_SEL: | ||
| 2218 | if (!mesh_path_sel_is_hwmp(sdata)) | ||
| 2219 | break; | ||
| 2220 | goto queue; | ||
| 2025 | } | 2221 | } |
| 2026 | 2222 | ||
| 2223 | return RX_CONTINUE; | ||
| 2224 | |||
| 2027 | invalid: | 2225 | invalid: |
| 2028 | /* | 2226 | status->rx_flags |= IEEE80211_RX_MALFORMED_ACTION_FRM; |
| 2029 | * For AP mode, hostapd is responsible for handling any action | 2227 | /* will return in the next handlers */ |
| 2030 | * frames that we didn't handle, including returning unknown | 2228 | return RX_CONTINUE; |
| 2031 | * ones. For all other modes we will return them to the sender, | 2229 | |
| 2032 | * setting the 0x80 bit in the action category, as required by | 2230 | handled: |
| 2033 | * 802.11-2007 7.3.1.11. | 2231 | if (rx->sta) |
| 2034 | */ | 2232 | rx->sta->rx_packets++; |
| 2035 | if (sdata->vif.type == NL80211_IFTYPE_AP || | 2233 | dev_kfree_skb(rx->skb); |
| 2036 | sdata->vif.type == NL80211_IFTYPE_AP_VLAN) | 2234 | return RX_QUEUED; |
| 2037 | return RX_DROP_MONITOR; | 2235 | |
| 2236 | queue: | ||
| 2237 | rx->skb->pkt_type = IEEE80211_SDATA_QUEUE_TYPE_FRAME; | ||
| 2238 | skb_queue_tail(&sdata->skb_queue, rx->skb); | ||
| 2239 | ieee80211_queue_work(&local->hw, &sdata->work); | ||
| 2240 | if (rx->sta) | ||
| 2241 | rx->sta->rx_packets++; | ||
| 2242 | return RX_QUEUED; | ||
| 2243 | } | ||
| 2244 | |||
| 2245 | static ieee80211_rx_result debug_noinline | ||
| 2246 | ieee80211_rx_h_userspace_mgmt(struct ieee80211_rx_data *rx) | ||
| 2247 | { | ||
| 2248 | struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb); | ||
| 2249 | |||
| 2250 | /* skip known-bad action frames and return them in the next handler */ | ||
| 2251 | if (status->rx_flags & IEEE80211_RX_MALFORMED_ACTION_FRM) | ||
| 2252 | return RX_CONTINUE; | ||
| 2038 | 2253 | ||
| 2039 | /* | 2254 | /* |
| 2040 | * Getting here means the kernel doesn't know how to handle | 2255 | * Getting here means the kernel doesn't know how to handle |
| @@ -2042,12 +2257,46 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx) | |||
| 2042 | * so userspace can register for those to know whether ones | 2257 | * so userspace can register for those to know whether ones |
| 2043 | * it transmitted were processed or returned. | 2258 | * it transmitted were processed or returned. |
| 2044 | */ | 2259 | */ |
| 2045 | status = IEEE80211_SKB_RXCB(rx->skb); | ||
| 2046 | 2260 | ||
| 2047 | if (cfg80211_rx_action(rx->sdata->dev, status->freq, | 2261 | if (cfg80211_rx_mgmt(rx->sdata->dev, status->freq, |
| 2048 | rx->skb->data, rx->skb->len, | 2262 | rx->skb->data, rx->skb->len, |
| 2049 | GFP_ATOMIC)) | 2263 | GFP_ATOMIC)) { |
| 2050 | goto handled; | 2264 | if (rx->sta) |
| 2265 | rx->sta->rx_packets++; | ||
| 2266 | dev_kfree_skb(rx->skb); | ||
| 2267 | return RX_QUEUED; | ||
| 2268 | } | ||
| 2269 | |||
| 2270 | |||
| 2271 | return RX_CONTINUE; | ||
| 2272 | } | ||
| 2273 | |||
| 2274 | static ieee80211_rx_result debug_noinline | ||
| 2275 | ieee80211_rx_h_action_return(struct ieee80211_rx_data *rx) | ||
| 2276 | { | ||
| 2277 | struct ieee80211_local *local = rx->local; | ||
| 2278 | struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) rx->skb->data; | ||
| 2279 | struct sk_buff *nskb; | ||
| 2280 | struct ieee80211_sub_if_data *sdata = rx->sdata; | ||
| 2281 | struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb); | ||
| 2282 | |||
| 2283 | if (!ieee80211_is_action(mgmt->frame_control)) | ||
| 2284 | return RX_CONTINUE; | ||
| 2285 | |||
| 2286 | /* | ||
| 2287 | * For AP mode, hostapd is responsible for handling any action | ||
| 2288 | * frames that we didn't handle, including returning unknown | ||
| 2289 | * ones. For all other modes we will return them to the sender, | ||
| 2290 | * setting the 0x80 bit in the action category, as required by | ||
| 2291 | * 802.11-2007 7.3.1.11. | ||
| 2292 | * Newer versions of hostapd shall also use the management frame | ||
| 2293 | * registration mechanisms, but older ones still use cooked | ||
| 2294 | * monitor interfaces so push all frames there. | ||
| 2295 | */ | ||
| 2296 | if (!(status->rx_flags & IEEE80211_RX_MALFORMED_ACTION_FRM) && | ||
| 2297 | (sdata->vif.type == NL80211_IFTYPE_AP || | ||
| 2298 | sdata->vif.type == NL80211_IFTYPE_AP_VLAN)) | ||
| 2299 | return RX_DROP_MONITOR; | ||
| 2051 | 2300 | ||
| 2052 | /* do not return rejected action frames */ | 2301 | /* do not return rejected action frames */ |
| 2053 | if (mgmt->u.action.category & 0x80) | 2302 | if (mgmt->u.action.category & 0x80) |
| @@ -2066,20 +2315,8 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx) | |||
| 2066 | 2315 | ||
| 2067 | ieee80211_tx_skb(rx->sdata, nskb); | 2316 | ieee80211_tx_skb(rx->sdata, nskb); |
| 2068 | } | 2317 | } |
| 2069 | |||
| 2070 | handled: | ||
| 2071 | if (rx->sta) | ||
| 2072 | rx->sta->rx_packets++; | ||
| 2073 | dev_kfree_skb(rx->skb); | 2318 | dev_kfree_skb(rx->skb); |
| 2074 | return RX_QUEUED; | 2319 | return RX_QUEUED; |
| 2075 | |||
| 2076 | queue: | ||
| 2077 | rx->skb->pkt_type = IEEE80211_SDATA_QUEUE_TYPE_FRAME; | ||
| 2078 | skb_queue_tail(&sdata->skb_queue, rx->skb); | ||
| 2079 | ieee80211_queue_work(&local->hw, &sdata->work); | ||
| 2080 | if (rx->sta) | ||
| 2081 | rx->sta->rx_packets++; | ||
| 2082 | return RX_QUEUED; | ||
| 2083 | } | 2320 | } |
| 2084 | 2321 | ||
| 2085 | static ieee80211_rx_result debug_noinline | 2322 | static ieee80211_rx_result debug_noinline |
| @@ -2090,15 +2327,6 @@ ieee80211_rx_h_mgmt(struct ieee80211_rx_data *rx) | |||
| 2090 | struct ieee80211_mgmt *mgmt = (void *)rx->skb->data; | 2327 | struct ieee80211_mgmt *mgmt = (void *)rx->skb->data; |
| 2091 | __le16 stype; | 2328 | __le16 stype; |
| 2092 | 2329 | ||
| 2093 | if (!(rx->flags & IEEE80211_RX_RA_MATCH)) | ||
| 2094 | return RX_DROP_MONITOR; | ||
| 2095 | |||
| 2096 | if (rx->skb->len < 24) | ||
| 2097 | return RX_DROP_MONITOR; | ||
| 2098 | |||
| 2099 | if (ieee80211_drop_unencrypted_mgmt(rx)) | ||
| 2100 | return RX_DROP_UNUSABLE; | ||
| 2101 | |||
| 2102 | rxs = ieee80211_work_rx_mgmt(rx->sdata, rx->skb); | 2330 | rxs = ieee80211_work_rx_mgmt(rx->sdata, rx->skb); |
| 2103 | if (rxs != RX_CONTINUE) | 2331 | if (rxs != RX_CONTINUE) |
| 2104 | return rxs; | 2332 | return rxs; |
| @@ -2117,6 +2345,10 @@ ieee80211_rx_h_mgmt(struct ieee80211_rx_data *rx) | |||
| 2117 | break; | 2345 | break; |
| 2118 | case cpu_to_le16(IEEE80211_STYPE_DEAUTH): | 2346 | case cpu_to_le16(IEEE80211_STYPE_DEAUTH): |
| 2119 | case cpu_to_le16(IEEE80211_STYPE_DISASSOC): | 2347 | case cpu_to_le16(IEEE80211_STYPE_DISASSOC): |
| 2348 | if (is_multicast_ether_addr(mgmt->da) && | ||
| 2349 | !is_broadcast_ether_addr(mgmt->da)) | ||
| 2350 | return RX_DROP_MONITOR; | ||
| 2351 | |||
| 2120 | /* process only for station */ | 2352 | /* process only for station */ |
| 2121 | if (sdata->vif.type != NL80211_IFTYPE_STATION) | 2353 | if (sdata->vif.type != NL80211_IFTYPE_STATION) |
| 2122 | return RX_DROP_MONITOR; | 2354 | return RX_DROP_MONITOR; |
| @@ -2141,47 +2373,6 @@ ieee80211_rx_h_mgmt(struct ieee80211_rx_data *rx) | |||
| 2141 | return RX_QUEUED; | 2373 | return RX_QUEUED; |
| 2142 | } | 2374 | } |
| 2143 | 2375 | ||
| 2144 | static void ieee80211_rx_michael_mic_report(struct ieee80211_hdr *hdr, | ||
| 2145 | struct ieee80211_rx_data *rx) | ||
| 2146 | { | ||
| 2147 | int keyidx; | ||
| 2148 | unsigned int hdrlen; | ||
| 2149 | |||
| 2150 | hdrlen = ieee80211_hdrlen(hdr->frame_control); | ||
| 2151 | if (rx->skb->len >= hdrlen + 4) | ||
| 2152 | keyidx = rx->skb->data[hdrlen + 3] >> 6; | ||
| 2153 | else | ||
| 2154 | keyidx = -1; | ||
| 2155 | |||
| 2156 | if (!rx->sta) { | ||
| 2157 | /* | ||
| 2158 | * Some hardware seem to generate incorrect Michael MIC | ||
| 2159 | * reports; ignore them to avoid triggering countermeasures. | ||
| 2160 | */ | ||
| 2161 | return; | ||
| 2162 | } | ||
| 2163 | |||
| 2164 | if (!ieee80211_has_protected(hdr->frame_control)) | ||
| 2165 | return; | ||
| 2166 | |||
| 2167 | if (rx->sdata->vif.type == NL80211_IFTYPE_AP && keyidx) { | ||
| 2168 | /* | ||
| 2169 | * APs with pairwise keys should never receive Michael MIC | ||
| 2170 | * errors for non-zero keyidx because these are reserved for | ||
| 2171 | * group keys and only the AP is sending real multicast | ||
| 2172 | * frames in the BSS. | ||
| 2173 | */ | ||
| 2174 | return; | ||
| 2175 | } | ||
| 2176 | |||
| 2177 | if (!ieee80211_is_data(hdr->frame_control) && | ||
| 2178 | !ieee80211_is_auth(hdr->frame_control)) | ||
| 2179 | return; | ||
| 2180 | |||
| 2181 | mac80211_ev_michael_mic_failure(rx->sdata, keyidx, hdr, NULL, | ||
| 2182 | GFP_ATOMIC); | ||
| 2183 | } | ||
| 2184 | |||
| 2185 | /* TODO: use IEEE80211_RX_FRAGMENTED */ | 2376 | /* TODO: use IEEE80211_RX_FRAGMENTED */ |
| 2186 | static void ieee80211_rx_cooked_monitor(struct ieee80211_rx_data *rx, | 2377 | static void ieee80211_rx_cooked_monitor(struct ieee80211_rx_data *rx, |
| 2187 | struct ieee80211_rate *rate) | 2378 | struct ieee80211_rate *rate) |
| @@ -2199,6 +2390,14 @@ static void ieee80211_rx_cooked_monitor(struct ieee80211_rx_data *rx, | |||
| 2199 | struct net_device *prev_dev = NULL; | 2390 | struct net_device *prev_dev = NULL; |
| 2200 | struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); | 2391 | struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); |
| 2201 | 2392 | ||
| 2393 | /* | ||
| 2394 | * If cooked monitor has been processed already, then | ||
| 2395 | * don't do it again. If not, set the flag. | ||
| 2396 | */ | ||
| 2397 | if (rx->flags & IEEE80211_RX_CMNTR) | ||
| 2398 | goto out_free_skb; | ||
| 2399 | rx->flags |= IEEE80211_RX_CMNTR; | ||
| 2400 | |||
| 2202 | if (skb_headroom(skb) < sizeof(*rthdr) && | 2401 | if (skb_headroom(skb) < sizeof(*rthdr) && |
| 2203 | pskb_expand_head(skb, sizeof(*rthdr), 0, GFP_ATOMIC)) | 2402 | pskb_expand_head(skb, sizeof(*rthdr), 0, GFP_ATOMIC)) |
| 2204 | goto out_free_skb; | 2403 | goto out_free_skb; |
| @@ -2253,29 +2452,52 @@ static void ieee80211_rx_cooked_monitor(struct ieee80211_rx_data *rx, | |||
| 2253 | if (prev_dev) { | 2452 | if (prev_dev) { |
| 2254 | skb->dev = prev_dev; | 2453 | skb->dev = prev_dev; |
| 2255 | netif_receive_skb(skb); | 2454 | netif_receive_skb(skb); |
| 2256 | skb = NULL; | 2455 | return; |
| 2257 | } else | 2456 | } |
| 2258 | goto out_free_skb; | ||
| 2259 | |||
| 2260 | return; | ||
| 2261 | 2457 | ||
| 2262 | out_free_skb: | 2458 | out_free_skb: |
| 2263 | dev_kfree_skb(skb); | 2459 | dev_kfree_skb(skb); |
| 2264 | } | 2460 | } |
| 2265 | 2461 | ||
| 2462 | static void ieee80211_rx_handlers_result(struct ieee80211_rx_data *rx, | ||
| 2463 | ieee80211_rx_result res) | ||
| 2464 | { | ||
| 2465 | switch (res) { | ||
| 2466 | case RX_DROP_MONITOR: | ||
| 2467 | I802_DEBUG_INC(rx->sdata->local->rx_handlers_drop); | ||
| 2468 | if (rx->sta) | ||
| 2469 | rx->sta->rx_dropped++; | ||
| 2470 | /* fall through */ | ||
| 2471 | case RX_CONTINUE: { | ||
| 2472 | struct ieee80211_rate *rate = NULL; | ||
| 2473 | struct ieee80211_supported_band *sband; | ||
| 2474 | struct ieee80211_rx_status *status; | ||
| 2475 | |||
| 2476 | status = IEEE80211_SKB_RXCB((rx->skb)); | ||
| 2477 | |||
| 2478 | sband = rx->local->hw.wiphy->bands[status->band]; | ||
| 2479 | if (!(status->flag & RX_FLAG_HT)) | ||
| 2480 | rate = &sband->bitrates[status->rate_idx]; | ||
| 2481 | |||
| 2482 | ieee80211_rx_cooked_monitor(rx, rate); | ||
| 2483 | break; | ||
| 2484 | } | ||
| 2485 | case RX_DROP_UNUSABLE: | ||
| 2486 | I802_DEBUG_INC(rx->sdata->local->rx_handlers_drop); | ||
| 2487 | if (rx->sta) | ||
| 2488 | rx->sta->rx_dropped++; | ||
| 2489 | dev_kfree_skb(rx->skb); | ||
| 2490 | break; | ||
| 2491 | case RX_QUEUED: | ||
| 2492 | I802_DEBUG_INC(rx->sdata->local->rx_handlers_queued); | ||
| 2493 | break; | ||
| 2494 | } | ||
| 2495 | } | ||
| 2266 | 2496 | ||
| 2267 | static void ieee80211_invoke_rx_handlers(struct ieee80211_sub_if_data *sdata, | 2497 | static void ieee80211_rx_handlers(struct ieee80211_rx_data *rx) |
| 2268 | struct ieee80211_rx_data *rx, | ||
| 2269 | struct sk_buff *skb, | ||
| 2270 | struct ieee80211_rate *rate) | ||
| 2271 | { | 2498 | { |
| 2272 | struct sk_buff_head reorder_release; | ||
| 2273 | ieee80211_rx_result res = RX_DROP_MONITOR; | 2499 | ieee80211_rx_result res = RX_DROP_MONITOR; |
| 2274 | 2500 | struct sk_buff *skb; | |
| 2275 | __skb_queue_head_init(&reorder_release); | ||
| 2276 | |||
| 2277 | rx->skb = skb; | ||
| 2278 | rx->sdata = sdata; | ||
| 2279 | 2501 | ||
| 2280 | #define CALL_RXH(rxh) \ | 2502 | #define CALL_RXH(rxh) \ |
| 2281 | do { \ | 2503 | do { \ |
| @@ -2284,17 +2506,15 @@ static void ieee80211_invoke_rx_handlers(struct ieee80211_sub_if_data *sdata, | |||
| 2284 | goto rxh_next; \ | 2506 | goto rxh_next; \ |
| 2285 | } while (0); | 2507 | } while (0); |
| 2286 | 2508 | ||
| 2287 | /* | 2509 | spin_lock(&rx->local->rx_skb_queue.lock); |
| 2288 | * NB: the rxh_next label works even if we jump | 2510 | if (rx->local->running_rx_handler) |
| 2289 | * to it from here because then the list will | 2511 | goto unlock; |
| 2290 | * be empty, which is a trivial check | 2512 | |
| 2291 | */ | 2513 | rx->local->running_rx_handler = true; |
| 2292 | CALL_RXH(ieee80211_rx_h_passive_scan) | ||
| 2293 | CALL_RXH(ieee80211_rx_h_check) | ||
| 2294 | 2514 | ||
| 2295 | ieee80211_rx_reorder_ampdu(rx, &reorder_release); | 2515 | while ((skb = __skb_dequeue(&rx->local->rx_skb_queue))) { |
| 2516 | spin_unlock(&rx->local->rx_skb_queue.lock); | ||
| 2296 | 2517 | ||
| 2297 | while ((skb = __skb_dequeue(&reorder_release))) { | ||
| 2298 | /* | 2518 | /* |
| 2299 | * all the other fields are valid across frames | 2519 | * all the other fields are valid across frames |
| 2300 | * that belong to an aMPDU since they are on the | 2520 | * that belong to an aMPDU since they are on the |
| @@ -2312,50 +2532,86 @@ static void ieee80211_invoke_rx_handlers(struct ieee80211_sub_if_data *sdata, | |||
| 2312 | CALL_RXH(ieee80211_rx_h_remove_qos_control) | 2532 | CALL_RXH(ieee80211_rx_h_remove_qos_control) |
| 2313 | CALL_RXH(ieee80211_rx_h_amsdu) | 2533 | CALL_RXH(ieee80211_rx_h_amsdu) |
| 2314 | #ifdef CONFIG_MAC80211_MESH | 2534 | #ifdef CONFIG_MAC80211_MESH |
| 2315 | if (ieee80211_vif_is_mesh(&sdata->vif)) | 2535 | if (ieee80211_vif_is_mesh(&rx->sdata->vif)) |
| 2316 | CALL_RXH(ieee80211_rx_h_mesh_fwding); | 2536 | CALL_RXH(ieee80211_rx_h_mesh_fwding); |
| 2317 | #endif | 2537 | #endif |
| 2318 | CALL_RXH(ieee80211_rx_h_data) | 2538 | CALL_RXH(ieee80211_rx_h_data) |
| 2319 | 2539 | CALL_RXH(ieee80211_rx_h_ctrl); | |
| 2320 | /* special treatment -- needs the queue */ | 2540 | CALL_RXH(ieee80211_rx_h_mgmt_check) |
| 2321 | res = ieee80211_rx_h_ctrl(rx, &reorder_release); | ||
| 2322 | if (res != RX_CONTINUE) | ||
| 2323 | goto rxh_next; | ||
| 2324 | |||
| 2325 | CALL_RXH(ieee80211_rx_h_action) | 2541 | CALL_RXH(ieee80211_rx_h_action) |
| 2542 | CALL_RXH(ieee80211_rx_h_userspace_mgmt) | ||
| 2543 | CALL_RXH(ieee80211_rx_h_action_return) | ||
| 2326 | CALL_RXH(ieee80211_rx_h_mgmt) | 2544 | CALL_RXH(ieee80211_rx_h_mgmt) |
| 2327 | 2545 | ||
| 2546 | rxh_next: | ||
| 2547 | ieee80211_rx_handlers_result(rx, res); | ||
| 2548 | spin_lock(&rx->local->rx_skb_queue.lock); | ||
| 2328 | #undef CALL_RXH | 2549 | #undef CALL_RXH |
| 2550 | } | ||
| 2551 | |||
| 2552 | rx->local->running_rx_handler = false; | ||
| 2553 | |||
| 2554 | unlock: | ||
| 2555 | spin_unlock(&rx->local->rx_skb_queue.lock); | ||
| 2556 | } | ||
| 2557 | |||
| 2558 | static void ieee80211_invoke_rx_handlers(struct ieee80211_rx_data *rx) | ||
| 2559 | { | ||
| 2560 | ieee80211_rx_result res = RX_DROP_MONITOR; | ||
| 2561 | |||
| 2562 | #define CALL_RXH(rxh) \ | ||
| 2563 | do { \ | ||
| 2564 | res = rxh(rx); \ | ||
| 2565 | if (res != RX_CONTINUE) \ | ||
| 2566 | goto rxh_next; \ | ||
| 2567 | } while (0); | ||
| 2568 | |||
| 2569 | CALL_RXH(ieee80211_rx_h_passive_scan) | ||
| 2570 | CALL_RXH(ieee80211_rx_h_check) | ||
| 2571 | |||
| 2572 | ieee80211_rx_reorder_ampdu(rx); | ||
| 2573 | |||
| 2574 | ieee80211_rx_handlers(rx); | ||
| 2575 | return; | ||
| 2329 | 2576 | ||
| 2330 | rxh_next: | 2577 | rxh_next: |
| 2331 | switch (res) { | 2578 | ieee80211_rx_handlers_result(rx, res); |
| 2332 | case RX_DROP_MONITOR: | 2579 | |
| 2333 | I802_DEBUG_INC(sdata->local->rx_handlers_drop); | 2580 | #undef CALL_RXH |
| 2334 | if (rx->sta) | 2581 | } |
| 2335 | rx->sta->rx_dropped++; | 2582 | |
| 2336 | /* fall through */ | 2583 | /* |
| 2337 | case RX_CONTINUE: | 2584 | * This function makes calls into the RX path, therefore |
| 2338 | ieee80211_rx_cooked_monitor(rx, rate); | 2585 | * it has to be invoked under RCU read lock. |
| 2339 | break; | 2586 | */ |
| 2340 | case RX_DROP_UNUSABLE: | 2587 | void ieee80211_release_reorder_timeout(struct sta_info *sta, int tid) |
| 2341 | I802_DEBUG_INC(sdata->local->rx_handlers_drop); | 2588 | { |
| 2342 | if (rx->sta) | 2589 | struct ieee80211_rx_data rx = { |
| 2343 | rx->sta->rx_dropped++; | 2590 | .sta = sta, |
| 2344 | dev_kfree_skb(rx->skb); | 2591 | .sdata = sta->sdata, |
| 2345 | break; | 2592 | .local = sta->local, |
| 2346 | case RX_QUEUED: | 2593 | .queue = tid, |
| 2347 | I802_DEBUG_INC(sdata->local->rx_handlers_queued); | 2594 | .flags = 0, |
| 2348 | break; | 2595 | }; |
| 2349 | } | 2596 | struct tid_ampdu_rx *tid_agg_rx; |
| 2350 | } | 2597 | |
| 2598 | tid_agg_rx = rcu_dereference(sta->ampdu_mlme.tid_rx[tid]); | ||
| 2599 | if (!tid_agg_rx) | ||
| 2600 | return; | ||
| 2601 | |||
| 2602 | spin_lock(&tid_agg_rx->reorder_lock); | ||
| 2603 | ieee80211_sta_reorder_release(&sta->local->hw, tid_agg_rx); | ||
| 2604 | spin_unlock(&tid_agg_rx->reorder_lock); | ||
| 2605 | |||
| 2606 | ieee80211_rx_handlers(&rx); | ||
| 2351 | } | 2607 | } |
| 2352 | 2608 | ||
| 2353 | /* main receive path */ | 2609 | /* main receive path */ |
| 2354 | 2610 | ||
| 2355 | static int prepare_for_handlers(struct ieee80211_sub_if_data *sdata, | 2611 | static int prepare_for_handlers(struct ieee80211_rx_data *rx, |
| 2356 | struct ieee80211_rx_data *rx, | ||
| 2357 | struct ieee80211_hdr *hdr) | 2612 | struct ieee80211_hdr *hdr) |
| 2358 | { | 2613 | { |
| 2614 | struct ieee80211_sub_if_data *sdata = rx->sdata; | ||
| 2359 | struct sk_buff *skb = rx->skb; | 2615 | struct sk_buff *skb = rx->skb; |
| 2360 | struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); | 2616 | struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); |
| 2361 | u8 *bssid = ieee80211_get_bssid(hdr, skb->len, sdata->vif.type); | 2617 | u8 *bssid = ieee80211_get_bssid(hdr, skb->len, sdata->vif.type); |
| @@ -2367,9 +2623,10 @@ static int prepare_for_handlers(struct ieee80211_sub_if_data *sdata, | |||
| 2367 | return 0; | 2623 | return 0; |
| 2368 | if (!multicast && | 2624 | if (!multicast && |
| 2369 | compare_ether_addr(sdata->vif.addr, hdr->addr1) != 0) { | 2625 | compare_ether_addr(sdata->vif.addr, hdr->addr1) != 0) { |
| 2370 | if (!(sdata->dev->flags & IFF_PROMISC)) | 2626 | if (!(sdata->dev->flags & IFF_PROMISC) || |
| 2627 | sdata->u.mgd.use_4addr) | ||
| 2371 | return 0; | 2628 | return 0; |
| 2372 | rx->flags &= ~IEEE80211_RX_RA_MATCH; | 2629 | status->rx_flags &= ~IEEE80211_RX_RA_MATCH; |
| 2373 | } | 2630 | } |
| 2374 | break; | 2631 | break; |
| 2375 | case NL80211_IFTYPE_ADHOC: | 2632 | case NL80211_IFTYPE_ADHOC: |
| @@ -2379,15 +2636,15 @@ static int prepare_for_handlers(struct ieee80211_sub_if_data *sdata, | |||
| 2379 | return 1; | 2636 | return 1; |
| 2380 | } | 2637 | } |
| 2381 | else if (!ieee80211_bssid_match(bssid, sdata->u.ibss.bssid)) { | 2638 | else if (!ieee80211_bssid_match(bssid, sdata->u.ibss.bssid)) { |
| 2382 | if (!(rx->flags & IEEE80211_RX_IN_SCAN)) | 2639 | if (!(status->rx_flags & IEEE80211_RX_IN_SCAN)) |
| 2383 | return 0; | 2640 | return 0; |
| 2384 | rx->flags &= ~IEEE80211_RX_RA_MATCH; | 2641 | status->rx_flags &= ~IEEE80211_RX_RA_MATCH; |
| 2385 | } else if (!multicast && | 2642 | } else if (!multicast && |
| 2386 | compare_ether_addr(sdata->vif.addr, | 2643 | compare_ether_addr(sdata->vif.addr, |
| 2387 | hdr->addr1) != 0) { | 2644 | hdr->addr1) != 0) { |
| 2388 | if (!(sdata->dev->flags & IFF_PROMISC)) | 2645 | if (!(sdata->dev->flags & IFF_PROMISC)) |
| 2389 | return 0; | 2646 | return 0; |
| 2390 | rx->flags &= ~IEEE80211_RX_RA_MATCH; | 2647 | status->rx_flags &= ~IEEE80211_RX_RA_MATCH; |
| 2391 | } else if (!rx->sta) { | 2648 | } else if (!rx->sta) { |
| 2392 | int rate_idx; | 2649 | int rate_idx; |
| 2393 | if (status->flag & RX_FLAG_HT) | 2650 | if (status->flag & RX_FLAG_HT) |
| @@ -2405,7 +2662,7 @@ static int prepare_for_handlers(struct ieee80211_sub_if_data *sdata, | |||
| 2405 | if (!(sdata->dev->flags & IFF_PROMISC)) | 2662 | if (!(sdata->dev->flags & IFF_PROMISC)) |
| 2406 | return 0; | 2663 | return 0; |
| 2407 | 2664 | ||
| 2408 | rx->flags &= ~IEEE80211_RX_RA_MATCH; | 2665 | status->rx_flags &= ~IEEE80211_RX_RA_MATCH; |
| 2409 | } | 2666 | } |
| 2410 | break; | 2667 | break; |
| 2411 | case NL80211_IFTYPE_AP_VLAN: | 2668 | case NL80211_IFTYPE_AP_VLAN: |
| @@ -2416,9 +2673,10 @@ static int prepare_for_handlers(struct ieee80211_sub_if_data *sdata, | |||
| 2416 | return 0; | 2673 | return 0; |
| 2417 | } else if (!ieee80211_bssid_match(bssid, | 2674 | } else if (!ieee80211_bssid_match(bssid, |
| 2418 | sdata->vif.addr)) { | 2675 | sdata->vif.addr)) { |
| 2419 | if (!(rx->flags & IEEE80211_RX_IN_SCAN)) | 2676 | if (!(status->rx_flags & IEEE80211_RX_IN_SCAN) && |
| 2677 | !ieee80211_is_beacon(hdr->frame_control)) | ||
| 2420 | return 0; | 2678 | return 0; |
| 2421 | rx->flags &= ~IEEE80211_RX_RA_MATCH; | 2679 | status->rx_flags &= ~IEEE80211_RX_RA_MATCH; |
| 2422 | } | 2680 | } |
| 2423 | break; | 2681 | break; |
| 2424 | case NL80211_IFTYPE_WDS: | 2682 | case NL80211_IFTYPE_WDS: |
| @@ -2427,9 +2685,7 @@ static int prepare_for_handlers(struct ieee80211_sub_if_data *sdata, | |||
| 2427 | if (compare_ether_addr(sdata->u.wds.remote_addr, hdr->addr2)) | 2685 | if (compare_ether_addr(sdata->u.wds.remote_addr, hdr->addr2)) |
| 2428 | return 0; | 2686 | return 0; |
| 2429 | break; | 2687 | break; |
| 2430 | case NL80211_IFTYPE_MONITOR: | 2688 | default: |
| 2431 | case NL80211_IFTYPE_UNSPECIFIED: | ||
| 2432 | case __NL80211_IFTYPE_AFTER_LAST: | ||
| 2433 | /* should never get here */ | 2689 | /* should never get here */ |
| 2434 | WARN_ON(1); | 2690 | WARN_ON(1); |
| 2435 | break; | 2691 | break; |
| @@ -2439,12 +2695,50 @@ static int prepare_for_handlers(struct ieee80211_sub_if_data *sdata, | |||
| 2439 | } | 2695 | } |
| 2440 | 2696 | ||
| 2441 | /* | 2697 | /* |
| 2698 | * This function returns whether or not the SKB | ||
| 2699 | * was destined for RX processing or not, which, | ||
| 2700 | * if consume is true, is equivalent to whether | ||
| 2701 | * or not the skb was consumed. | ||
| 2702 | */ | ||
| 2703 | static bool ieee80211_prepare_and_rx_handle(struct ieee80211_rx_data *rx, | ||
| 2704 | struct sk_buff *skb, bool consume) | ||
| 2705 | { | ||
| 2706 | struct ieee80211_local *local = rx->local; | ||
| 2707 | struct ieee80211_sub_if_data *sdata = rx->sdata; | ||
| 2708 | struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); | ||
| 2709 | struct ieee80211_hdr *hdr = (void *)skb->data; | ||
| 2710 | int prepares; | ||
| 2711 | |||
| 2712 | rx->skb = skb; | ||
| 2713 | status->rx_flags |= IEEE80211_RX_RA_MATCH; | ||
| 2714 | prepares = prepare_for_handlers(rx, hdr); | ||
| 2715 | |||
| 2716 | if (!prepares) | ||
| 2717 | return false; | ||
| 2718 | |||
| 2719 | if (!consume) { | ||
| 2720 | skb = skb_copy(skb, GFP_ATOMIC); | ||
| 2721 | if (!skb) { | ||
| 2722 | if (net_ratelimit()) | ||
| 2723 | wiphy_debug(local->hw.wiphy, | ||
| 2724 | "failed to copy skb for %s\n", | ||
| 2725 | sdata->name); | ||
| 2726 | return true; | ||
| 2727 | } | ||
| 2728 | |||
| 2729 | rx->skb = skb; | ||
| 2730 | } | ||
| 2731 | |||
| 2732 | ieee80211_invoke_rx_handlers(rx); | ||
| 2733 | return true; | ||
| 2734 | } | ||
| 2735 | |||
| 2736 | /* | ||
| 2442 | * This is the actual Rx frames handler. as it blongs to Rx path it must | 2737 | * This is the actual Rx frames handler. as it blongs to Rx path it must |
| 2443 | * be called with rcu_read_lock protection. | 2738 | * be called with rcu_read_lock protection. |
| 2444 | */ | 2739 | */ |
| 2445 | static void __ieee80211_rx_handle_packet(struct ieee80211_hw *hw, | 2740 | static void __ieee80211_rx_handle_packet(struct ieee80211_hw *hw, |
| 2446 | struct sk_buff *skb, | 2741 | struct sk_buff *skb) |
| 2447 | struct ieee80211_rate *rate) | ||
| 2448 | { | 2742 | { |
| 2449 | struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); | 2743 | struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); |
| 2450 | struct ieee80211_local *local = hw_to_local(hw); | 2744 | struct ieee80211_local *local = hw_to_local(hw); |
| @@ -2452,11 +2746,8 @@ static void __ieee80211_rx_handle_packet(struct ieee80211_hw *hw, | |||
| 2452 | struct ieee80211_hdr *hdr; | 2746 | struct ieee80211_hdr *hdr; |
| 2453 | __le16 fc; | 2747 | __le16 fc; |
| 2454 | struct ieee80211_rx_data rx; | 2748 | struct ieee80211_rx_data rx; |
| 2455 | int prepares; | 2749 | struct ieee80211_sub_if_data *prev; |
| 2456 | struct ieee80211_sub_if_data *prev = NULL; | 2750 | struct sta_info *sta, *tmp, *prev_sta; |
| 2457 | struct sk_buff *skb_new; | ||
| 2458 | struct sta_info *sta, *tmp; | ||
| 2459 | bool found_sta = false; | ||
| 2460 | int err = 0; | 2751 | int err = 0; |
| 2461 | 2752 | ||
| 2462 | fc = ((struct ieee80211_hdr *)skb->data)->frame_control; | 2753 | fc = ((struct ieee80211_hdr *)skb->data)->frame_control; |
| @@ -2468,8 +2759,8 @@ static void __ieee80211_rx_handle_packet(struct ieee80211_hw *hw, | |||
| 2468 | local->dot11ReceivedFragmentCount++; | 2759 | local->dot11ReceivedFragmentCount++; |
| 2469 | 2760 | ||
| 2470 | if (unlikely(test_bit(SCAN_HW_SCANNING, &local->scanning) || | 2761 | if (unlikely(test_bit(SCAN_HW_SCANNING, &local->scanning) || |
| 2471 | test_bit(SCAN_OFF_CHANNEL, &local->scanning))) | 2762 | test_bit(SCAN_SW_SCANNING, &local->scanning))) |
| 2472 | rx.flags |= IEEE80211_RX_IN_SCAN; | 2763 | status->rx_flags |= IEEE80211_RX_IN_SCAN; |
| 2473 | 2764 | ||
| 2474 | if (ieee80211_is_mgmt(fc)) | 2765 | if (ieee80211_is_mgmt(fc)) |
| 2475 | err = skb_linearize(skb); | 2766 | err = skb_linearize(skb); |
| @@ -2486,91 +2777,69 @@ static void __ieee80211_rx_handle_packet(struct ieee80211_hw *hw, | |||
| 2486 | ieee80211_verify_alignment(&rx); | 2777 | ieee80211_verify_alignment(&rx); |
| 2487 | 2778 | ||
| 2488 | if (ieee80211_is_data(fc)) { | 2779 | if (ieee80211_is_data(fc)) { |
| 2780 | prev_sta = NULL; | ||
| 2781 | |||
| 2489 | for_each_sta_info(local, hdr->addr2, sta, tmp) { | 2782 | for_each_sta_info(local, hdr->addr2, sta, tmp) { |
| 2490 | rx.sta = sta; | 2783 | if (!prev_sta) { |
| 2491 | found_sta = true; | 2784 | prev_sta = sta; |
| 2492 | rx.sdata = sta->sdata; | ||
| 2493 | |||
| 2494 | rx.flags |= IEEE80211_RX_RA_MATCH; | ||
| 2495 | prepares = prepare_for_handlers(rx.sdata, &rx, hdr); | ||
| 2496 | if (prepares) { | ||
| 2497 | if (status->flag & RX_FLAG_MMIC_ERROR) { | ||
| 2498 | if (rx.flags & IEEE80211_RX_RA_MATCH) | ||
| 2499 | ieee80211_rx_michael_mic_report(hdr, &rx); | ||
| 2500 | } else | ||
| 2501 | prev = rx.sdata; | ||
| 2502 | } | ||
| 2503 | } | ||
| 2504 | } | ||
| 2505 | if (!found_sta) { | ||
| 2506 | list_for_each_entry_rcu(sdata, &local->interfaces, list) { | ||
| 2507 | if (!ieee80211_sdata_running(sdata)) | ||
| 2508 | continue; | 2785 | continue; |
| 2786 | } | ||
| 2509 | 2787 | ||
| 2510 | if (sdata->vif.type == NL80211_IFTYPE_MONITOR || | 2788 | rx.sta = prev_sta; |
| 2511 | sdata->vif.type == NL80211_IFTYPE_AP_VLAN) | 2789 | rx.sdata = prev_sta->sdata; |
| 2512 | continue; | 2790 | ieee80211_prepare_and_rx_handle(&rx, skb, false); |
| 2513 | 2791 | ||
| 2514 | /* | 2792 | prev_sta = sta; |
| 2515 | * frame is destined for this interface, but if it's | 2793 | } |
| 2516 | * not also for the previous one we handle that after | ||
| 2517 | * the loop to avoid copying the SKB once too much | ||
| 2518 | */ | ||
| 2519 | 2794 | ||
| 2520 | if (!prev) { | 2795 | if (prev_sta) { |
| 2521 | prev = sdata; | 2796 | rx.sta = prev_sta; |
| 2522 | continue; | 2797 | rx.sdata = prev_sta->sdata; |
| 2523 | } | ||
| 2524 | 2798 | ||
| 2525 | rx.sta = sta_info_get_bss(prev, hdr->addr2); | 2799 | if (ieee80211_prepare_and_rx_handle(&rx, skb, true)) |
| 2800 | return; | ||
| 2801 | goto out; | ||
| 2802 | } | ||
| 2803 | } | ||
| 2526 | 2804 | ||
| 2527 | rx.flags |= IEEE80211_RX_RA_MATCH; | 2805 | prev = NULL; |
| 2528 | prepares = prepare_for_handlers(prev, &rx, hdr); | ||
| 2529 | 2806 | ||
| 2530 | if (!prepares) | 2807 | list_for_each_entry_rcu(sdata, &local->interfaces, list) { |
| 2531 | goto next; | 2808 | if (!ieee80211_sdata_running(sdata)) |
| 2809 | continue; | ||
| 2532 | 2810 | ||
| 2533 | if (status->flag & RX_FLAG_MMIC_ERROR) { | 2811 | if (sdata->vif.type == NL80211_IFTYPE_MONITOR || |
| 2534 | rx.sdata = prev; | 2812 | sdata->vif.type == NL80211_IFTYPE_AP_VLAN) |
| 2535 | if (rx.flags & IEEE80211_RX_RA_MATCH) | 2813 | continue; |
| 2536 | ieee80211_rx_michael_mic_report(hdr, | ||
| 2537 | &rx); | ||
| 2538 | goto next; | ||
| 2539 | } | ||
| 2540 | 2814 | ||
| 2541 | /* | 2815 | /* |
| 2542 | * frame was destined for the previous interface | 2816 | * frame is destined for this interface, but if it's |
| 2543 | * so invoke RX handlers for it | 2817 | * not also for the previous one we handle that after |
| 2544 | */ | 2818 | * the loop to avoid copying the SKB once too much |
| 2819 | */ | ||
| 2545 | 2820 | ||
| 2546 | skb_new = skb_copy(skb, GFP_ATOMIC); | 2821 | if (!prev) { |
| 2547 | if (!skb_new) { | ||
| 2548 | if (net_ratelimit()) | ||
| 2549 | printk(KERN_DEBUG "%s: failed to copy " | ||
| 2550 | "multicast frame for %s\n", | ||
| 2551 | wiphy_name(local->hw.wiphy), | ||
| 2552 | prev->name); | ||
| 2553 | goto next; | ||
| 2554 | } | ||
| 2555 | ieee80211_invoke_rx_handlers(prev, &rx, skb_new, rate); | ||
| 2556 | next: | ||
| 2557 | prev = sdata; | 2822 | prev = sdata; |
| 2823 | continue; | ||
| 2558 | } | 2824 | } |
| 2559 | 2825 | ||
| 2560 | if (prev) { | 2826 | rx.sta = sta_info_get_bss(prev, hdr->addr2); |
| 2561 | rx.sta = sta_info_get_bss(prev, hdr->addr2); | 2827 | rx.sdata = prev; |
| 2828 | ieee80211_prepare_and_rx_handle(&rx, skb, false); | ||
| 2562 | 2829 | ||
| 2563 | rx.flags |= IEEE80211_RX_RA_MATCH; | 2830 | prev = sdata; |
| 2564 | prepares = prepare_for_handlers(prev, &rx, hdr); | 2831 | } |
| 2565 | 2832 | ||
| 2566 | if (!prepares) | 2833 | if (prev) { |
| 2567 | prev = NULL; | 2834 | rx.sta = sta_info_get_bss(prev, hdr->addr2); |
| 2568 | } | 2835 | rx.sdata = prev; |
| 2836 | |||
| 2837 | if (ieee80211_prepare_and_rx_handle(&rx, skb, true)) | ||
| 2838 | return; | ||
| 2569 | } | 2839 | } |
| 2570 | if (prev) | 2840 | |
| 2571 | ieee80211_invoke_rx_handlers(prev, &rx, skb, rate); | 2841 | out: |
| 2572 | else | 2842 | dev_kfree_skb(skb); |
| 2573 | dev_kfree_skb(skb); | ||
| 2574 | } | 2843 | } |
| 2575 | 2844 | ||
| 2576 | /* | 2845 | /* |
| @@ -2611,30 +2880,41 @@ void ieee80211_rx(struct ieee80211_hw *hw, struct sk_buff *skb) | |||
| 2611 | if (WARN_ON(!local->started)) | 2880 | if (WARN_ON(!local->started)) |
| 2612 | goto drop; | 2881 | goto drop; |
| 2613 | 2882 | ||
| 2614 | if (status->flag & RX_FLAG_HT) { | 2883 | if (likely(!(status->flag & RX_FLAG_FAILED_PLCP_CRC))) { |
| 2615 | /* | 2884 | /* |
| 2616 | * rate_idx is MCS index, which can be [0-76] as documented on: | 2885 | * Validate the rate, unless a PLCP error means that |
| 2617 | * | 2886 | * we probably can't have a valid rate here anyway. |
| 2618 | * http://wireless.kernel.org/en/developers/Documentation/ieee80211/802.11n | ||
| 2619 | * | ||
| 2620 | * Anything else would be some sort of driver or hardware error. | ||
| 2621 | * The driver should catch hardware errors. | ||
| 2622 | */ | 2887 | */ |
| 2623 | if (WARN((status->rate_idx < 0 || | 2888 | |
| 2624 | status->rate_idx > 76), | 2889 | if (status->flag & RX_FLAG_HT) { |
| 2625 | "Rate marked as an HT rate but passed " | 2890 | /* |
| 2626 | "status->rate_idx is not " | 2891 | * rate_idx is MCS index, which can be [0-76] |
| 2627 | "an MCS index [0-76]: %d (0x%02x)\n", | 2892 | * as documented on: |
| 2628 | status->rate_idx, | 2893 | * |
| 2629 | status->rate_idx)) | 2894 | * http://wireless.kernel.org/en/developers/Documentation/ieee80211/802.11n |
| 2630 | goto drop; | 2895 | * |
| 2631 | } else { | 2896 | * Anything else would be some sort of driver or |
| 2632 | if (WARN_ON(status->rate_idx < 0 || | 2897 | * hardware error. The driver should catch hardware |
| 2633 | status->rate_idx >= sband->n_bitrates)) | 2898 | * errors. |
| 2634 | goto drop; | 2899 | */ |
| 2635 | rate = &sband->bitrates[status->rate_idx]; | 2900 | if (WARN((status->rate_idx < 0 || |
| 2901 | status->rate_idx > 76), | ||
| 2902 | "Rate marked as an HT rate but passed " | ||
| 2903 | "status->rate_idx is not " | ||
| 2904 | "an MCS index [0-76]: %d (0x%02x)\n", | ||
| 2905 | status->rate_idx, | ||
| 2906 | status->rate_idx)) | ||
| 2907 | goto drop; | ||
| 2908 | } else { | ||
| 2909 | if (WARN_ON(status->rate_idx < 0 || | ||
| 2910 | status->rate_idx >= sband->n_bitrates)) | ||
| 2911 | goto drop; | ||
| 2912 | rate = &sband->bitrates[status->rate_idx]; | ||
| 2913 | } | ||
| 2636 | } | 2914 | } |
| 2637 | 2915 | ||
| 2916 | status->rx_flags = 0; | ||
| 2917 | |||
| 2638 | /* | 2918 | /* |
| 2639 | * key references and virtual interfaces are protected using RCU | 2919 | * key references and virtual interfaces are protected using RCU |
| 2640 | * and this requires that we are in a read-side RCU section during | 2920 | * and this requires that we are in a read-side RCU section during |
| @@ -2654,7 +2934,10 @@ void ieee80211_rx(struct ieee80211_hw *hw, struct sk_buff *skb) | |||
| 2654 | return; | 2934 | return; |
| 2655 | } | 2935 | } |
| 2656 | 2936 | ||
| 2657 | __ieee80211_rx_handle_packet(hw, skb, rate); | 2937 | ieee80211_tpt_led_trig_rx(local, |
| 2938 | ((struct ieee80211_hdr *)skb->data)->frame_control, | ||
| 2939 | skb->len); | ||
| 2940 | __ieee80211_rx_handle_packet(hw, skb); | ||
| 2658 | 2941 | ||
| 2659 | rcu_read_unlock(); | 2942 | rcu_read_unlock(); |
| 2660 | 2943 | ||