aboutsummaryrefslogtreecommitdiffstats
path: root/net/mac80211/rx.c
diff options
context:
space:
mode:
Diffstat (limited to 'net/mac80211/rx.c')
-rw-r--r--net/mac80211/rx.c991
1 files changed, 496 insertions, 495 deletions
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 7170bf4565a8..f237df408378 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -27,11 +27,6 @@
27#include "tkip.h" 27#include "tkip.h"
28#include "wme.h" 28#include "wme.h"
29 29
30static u8 ieee80211_sta_manage_reorder_buf(struct ieee80211_hw *hw,
31 struct tid_ampdu_rx *tid_agg_rx,
32 struct sk_buff *skb,
33 u16 mpdu_seq_num,
34 int bar_req);
35/* 30/*
36 * monitor mode reception 31 * monitor mode reception
37 * 32 *
@@ -39,11 +34,8 @@ static u8 ieee80211_sta_manage_reorder_buf(struct ieee80211_hw *hw,
39 * only useful for monitoring. 34 * only useful for monitoring.
40 */ 35 */
41static struct sk_buff *remove_monitor_info(struct ieee80211_local *local, 36static struct sk_buff *remove_monitor_info(struct ieee80211_local *local,
42 struct sk_buff *skb, 37 struct sk_buff *skb)
43 int rtap_len)
44{ 38{
45 skb_pull(skb, rtap_len);
46
47 if (local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS) { 39 if (local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS) {
48 if (likely(skb->len > FCS_LEN)) 40 if (likely(skb->len > FCS_LEN))
49 skb_trim(skb, skb->len - FCS_LEN); 41 skb_trim(skb, skb->len - FCS_LEN);
@@ -59,15 +51,14 @@ static struct sk_buff *remove_monitor_info(struct ieee80211_local *local,
59} 51}
60 52
61static inline int should_drop_frame(struct sk_buff *skb, 53static inline int should_drop_frame(struct sk_buff *skb,
62 int present_fcs_len, 54 int present_fcs_len)
63 int radiotap_len)
64{ 55{
65 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); 56 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
66 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; 57 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
67 58
68 if (status->flag & (RX_FLAG_FAILED_FCS_CRC | RX_FLAG_FAILED_PLCP_CRC)) 59 if (status->flag & (RX_FLAG_FAILED_FCS_CRC | RX_FLAG_FAILED_PLCP_CRC))
69 return 1; 60 return 1;
70 if (unlikely(skb->len < 16 + present_fcs_len + radiotap_len)) 61 if (unlikely(skb->len < 16 + present_fcs_len))
71 return 1; 62 return 1;
72 if (ieee80211_is_ctl(hdr->frame_control) && 63 if (ieee80211_is_ctl(hdr->frame_control) &&
73 !ieee80211_is_pspoll(hdr->frame_control) && 64 !ieee80211_is_pspoll(hdr->frame_control) &&
@@ -95,10 +86,6 @@ ieee80211_rx_radiotap_len(struct ieee80211_local *local,
95 if (len & 1) /* padding for RX_FLAGS if necessary */ 86 if (len & 1) /* padding for RX_FLAGS if necessary */
96 len++; 87 len++;
97 88
98 /* make sure radiotap starts at a naturally aligned address */
99 if (len % 8)
100 len = roundup(len, 8);
101
102 return len; 89 return len;
103} 90}
104 91
@@ -116,6 +103,7 @@ ieee80211_add_rx_radiotap_header(struct ieee80211_local *local,
116 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); 103 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
117 struct ieee80211_radiotap_header *rthdr; 104 struct ieee80211_radiotap_header *rthdr;
118 unsigned char *pos; 105 unsigned char *pos;
106 u16 rx_flags = 0;
119 107
120 rthdr = (struct ieee80211_radiotap_header *)skb_push(skb, rtap_len); 108 rthdr = (struct ieee80211_radiotap_header *)skb_push(skb, rtap_len);
121 memset(rthdr, 0, rtap_len); 109 memset(rthdr, 0, rtap_len);
@@ -134,7 +122,7 @@ ieee80211_add_rx_radiotap_header(struct ieee80211_local *local,
134 122
135 /* IEEE80211_RADIOTAP_TSFT */ 123 /* IEEE80211_RADIOTAP_TSFT */
136 if (status->flag & RX_FLAG_TSFT) { 124 if (status->flag & RX_FLAG_TSFT) {
137 *(__le64 *)pos = cpu_to_le64(status->mactime); 125 put_unaligned_le64(status->mactime, pos);
138 rthdr->it_present |= 126 rthdr->it_present |=
139 cpu_to_le32(1 << IEEE80211_RADIOTAP_TSFT); 127 cpu_to_le32(1 << IEEE80211_RADIOTAP_TSFT);
140 pos += 8; 128 pos += 8;
@@ -166,17 +154,20 @@ ieee80211_add_rx_radiotap_header(struct ieee80211_local *local,
166 pos++; 154 pos++;
167 155
168 /* IEEE80211_RADIOTAP_CHANNEL */ 156 /* IEEE80211_RADIOTAP_CHANNEL */
169 *(__le16 *)pos = cpu_to_le16(status->freq); 157 put_unaligned_le16(status->freq, pos);
170 pos += 2; 158 pos += 2;
171 if (status->band == IEEE80211_BAND_5GHZ) 159 if (status->band == IEEE80211_BAND_5GHZ)
172 *(__le16 *)pos = cpu_to_le16(IEEE80211_CHAN_OFDM | 160 put_unaligned_le16(IEEE80211_CHAN_OFDM | IEEE80211_CHAN_5GHZ,
173 IEEE80211_CHAN_5GHZ); 161 pos);
162 else if (status->flag & RX_FLAG_HT)
163 put_unaligned_le16(IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ,
164 pos);
174 else if (rate->flags & IEEE80211_RATE_ERP_G) 165 else if (rate->flags & IEEE80211_RATE_ERP_G)
175 *(__le16 *)pos = cpu_to_le16(IEEE80211_CHAN_OFDM | 166 put_unaligned_le16(IEEE80211_CHAN_OFDM | IEEE80211_CHAN_2GHZ,
176 IEEE80211_CHAN_2GHZ); 167 pos);
177 else 168 else
178 *(__le16 *)pos = cpu_to_le16(IEEE80211_CHAN_CCK | 169 put_unaligned_le16(IEEE80211_CHAN_CCK | IEEE80211_CHAN_2GHZ,
179 IEEE80211_CHAN_2GHZ); 170 pos);
180 pos += 2; 171 pos += 2;
181 172
182 /* IEEE80211_RADIOTAP_DBM_ANTSIGNAL */ 173 /* IEEE80211_RADIOTAP_DBM_ANTSIGNAL */
@@ -205,10 +196,11 @@ ieee80211_add_rx_radiotap_header(struct ieee80211_local *local,
205 196
206 /* IEEE80211_RADIOTAP_RX_FLAGS */ 197 /* IEEE80211_RADIOTAP_RX_FLAGS */
207 /* ensure 2 byte alignment for the 2 byte field as required */ 198 /* ensure 2 byte alignment for the 2 byte field as required */
208 if ((pos - (unsigned char *)rthdr) & 1) 199 if ((pos - (u8 *)rthdr) & 1)
209 pos++; 200 pos++;
210 if (status->flag & RX_FLAG_FAILED_PLCP_CRC) 201 if (status->flag & RX_FLAG_FAILED_PLCP_CRC)
211 *(__le16 *)pos |= cpu_to_le16(IEEE80211_RADIOTAP_F_RX_BADPLCP); 202 rx_flags |= IEEE80211_RADIOTAP_F_RX_BADPLCP;
203 put_unaligned_le16(rx_flags, pos);
212 pos += 2; 204 pos += 2;
213} 205}
214 206
@@ -227,7 +219,6 @@ ieee80211_rx_monitor(struct ieee80211_local *local, struct sk_buff *origskb,
227 struct sk_buff *skb, *skb2; 219 struct sk_buff *skb, *skb2;
228 struct net_device *prev_dev = NULL; 220 struct net_device *prev_dev = NULL;
229 int present_fcs_len = 0; 221 int present_fcs_len = 0;
230 int rtap_len = 0;
231 222
232 /* 223 /*
233 * First, we may need to make a copy of the skb because 224 * First, we may need to make a copy of the skb because
@@ -237,25 +228,23 @@ ieee80211_rx_monitor(struct ieee80211_local *local, struct sk_buff *origskb,
237 * We don't need to, of course, if we aren't going to return 228 * We don't need to, of course, if we aren't going to return
238 * the SKB because it has a bad FCS/PLCP checksum. 229 * the SKB because it has a bad FCS/PLCP checksum.
239 */ 230 */
240 if (status->flag & RX_FLAG_RADIOTAP) 231
241 rtap_len = ieee80211_get_radiotap_len(origskb->data); 232 /* room for the radiotap header based on driver features */
242 else 233 needed_headroom = ieee80211_rx_radiotap_len(local, status);
243 /* room for the radiotap header based on driver features */
244 needed_headroom = ieee80211_rx_radiotap_len(local, status);
245 234
246 if (local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS) 235 if (local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS)
247 present_fcs_len = FCS_LEN; 236 present_fcs_len = FCS_LEN;
248 237
249 if (!local->monitors) { 238 if (!local->monitors) {
250 if (should_drop_frame(origskb, present_fcs_len, rtap_len)) { 239 if (should_drop_frame(origskb, present_fcs_len)) {
251 dev_kfree_skb(origskb); 240 dev_kfree_skb(origskb);
252 return NULL; 241 return NULL;
253 } 242 }
254 243
255 return remove_monitor_info(local, origskb, rtap_len); 244 return remove_monitor_info(local, origskb);
256 } 245 }
257 246
258 if (should_drop_frame(origskb, present_fcs_len, rtap_len)) { 247 if (should_drop_frame(origskb, present_fcs_len)) {
259 /* only need to expand headroom if necessary */ 248 /* only need to expand headroom if necessary */
260 skb = origskb; 249 skb = origskb;
261 origskb = NULL; 250 origskb = NULL;
@@ -279,16 +268,14 @@ ieee80211_rx_monitor(struct ieee80211_local *local, struct sk_buff *origskb,
279 */ 268 */
280 skb = skb_copy_expand(origskb, needed_headroom, 0, GFP_ATOMIC); 269 skb = skb_copy_expand(origskb, needed_headroom, 0, GFP_ATOMIC);
281 270
282 origskb = remove_monitor_info(local, origskb, rtap_len); 271 origskb = remove_monitor_info(local, origskb);
283 272
284 if (!skb) 273 if (!skb)
285 return origskb; 274 return origskb;
286 } 275 }
287 276
288 /* if necessary, prepend radiotap information */ 277 /* prepend radiotap information */
289 if (!(status->flag & RX_FLAG_RADIOTAP)) 278 ieee80211_add_rx_radiotap_header(local, skb, rate, needed_headroom);
290 ieee80211_add_rx_radiotap_header(local, skb, rate,
291 needed_headroom);
292 279
293 skb_reset_mac_header(skb); 280 skb_reset_mac_header(skb);
294 skb->ip_summed = CHECKSUM_UNNECESSARY; 281 skb->ip_summed = CHECKSUM_UNNECESSARY;
@@ -489,7 +476,7 @@ ieee80211_rx_mesh_check(struct ieee80211_rx_data *rx)
489{ 476{
490 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data; 477 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
491 unsigned int hdrlen = ieee80211_hdrlen(hdr->frame_control); 478 unsigned int hdrlen = ieee80211_hdrlen(hdr->frame_control);
492 char *dev_addr = rx->dev->dev_addr; 479 char *dev_addr = rx->sdata->dev->dev_addr;
493 480
494 if (ieee80211_is_data(hdr->frame_control)) { 481 if (ieee80211_is_data(hdr->frame_control)) {
495 if (is_multicast_ether_addr(hdr->addr1)) { 482 if (is_multicast_ether_addr(hdr->addr1)) {
@@ -518,7 +505,7 @@ ieee80211_rx_mesh_check(struct ieee80211_rx_data *rx)
518 505
519 if (ieee80211_is_action(hdr->frame_control)) { 506 if (ieee80211_is_action(hdr->frame_control)) {
520 mgmt = (struct ieee80211_mgmt *)hdr; 507 mgmt = (struct ieee80211_mgmt *)hdr;
521 if (mgmt->u.action.category != PLINK_CATEGORY) 508 if (mgmt->u.action.category != MESH_PLINK_CATEGORY)
522 return RX_DROP_MONITOR; 509 return RX_DROP_MONITOR;
523 return RX_CONTINUE; 510 return RX_CONTINUE;
524 } 511 }
@@ -543,6 +530,242 @@ ieee80211_rx_mesh_check(struct ieee80211_rx_data *rx)
543 return RX_CONTINUE; 530 return RX_CONTINUE;
544} 531}
545 532
533#define SEQ_MODULO 0x1000
534#define SEQ_MASK 0xfff
535
536static inline int seq_less(u16 sq1, u16 sq2)
537{
538 return ((sq1 - sq2) & SEQ_MASK) > (SEQ_MODULO >> 1);
539}
540
541static inline u16 seq_inc(u16 sq)
542{
543 return (sq + 1) & SEQ_MASK;
544}
545
546static inline u16 seq_sub(u16 sq1, u16 sq2)
547{
548 return (sq1 - sq2) & SEQ_MASK;
549}
550
551
552static void ieee80211_release_reorder_frame(struct ieee80211_hw *hw,
553 struct tid_ampdu_rx *tid_agg_rx,
554 int index,
555 struct sk_buff_head *frames)
556{
557 struct ieee80211_supported_band *sband;
558 struct ieee80211_rate *rate = NULL;
559 struct sk_buff *skb = tid_agg_rx->reorder_buf[index];
560 struct ieee80211_rx_status *status;
561
562 if (!skb)
563 goto no_frame;
564
565 status = IEEE80211_SKB_RXCB(skb);
566
567 /* release the reordered frames to stack */
568 sband = hw->wiphy->bands[status->band];
569 if (!(status->flag & RX_FLAG_HT))
570 rate = &sband->bitrates[status->rate_idx];
571 tid_agg_rx->stored_mpdu_num--;
572 tid_agg_rx->reorder_buf[index] = NULL;
573 __skb_queue_tail(frames, skb);
574
575no_frame:
576 tid_agg_rx->head_seq_num = seq_inc(tid_agg_rx->head_seq_num);
577}
578
579static void ieee80211_release_reorder_frames(struct ieee80211_hw *hw,
580 struct tid_ampdu_rx *tid_agg_rx,
581 u16 head_seq_num,
582 struct sk_buff_head *frames)
583{
584 int index;
585
586 while (seq_less(tid_agg_rx->head_seq_num, head_seq_num)) {
587 index = seq_sub(tid_agg_rx->head_seq_num, tid_agg_rx->ssn) %
588 tid_agg_rx->buf_size;
589 ieee80211_release_reorder_frame(hw, tid_agg_rx, index, frames);
590 }
591}
592
593/*
594 * Timeout (in jiffies) for skb's that are waiting in the RX reorder buffer. If
595 * the skb was added to the buffer longer than this time ago, the earlier
596 * frames that have not yet been received are assumed to be lost and the skb
597 * can be released for processing. This may also release other skb's from the
598 * reorder buffer if there are no additional gaps between the frames.
599 */
600#define HT_RX_REORDER_BUF_TIMEOUT (HZ / 10)
601
602/*
603 * As this function belongs to the RX path it must be under
604 * rcu_read_lock protection. It returns false if the frame
605 * can be processed immediately, true if it was consumed.
606 */
607static bool ieee80211_sta_manage_reorder_buf(struct ieee80211_hw *hw,
608 struct tid_ampdu_rx *tid_agg_rx,
609 struct sk_buff *skb,
610 struct sk_buff_head *frames)
611{
612 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
613 u16 sc = le16_to_cpu(hdr->seq_ctrl);
614 u16 mpdu_seq_num = (sc & IEEE80211_SCTL_SEQ) >> 4;
615 u16 head_seq_num, buf_size;
616 int index;
617
618 buf_size = tid_agg_rx->buf_size;
619 head_seq_num = tid_agg_rx->head_seq_num;
620
621 /* frame with out of date sequence number */
622 if (seq_less(mpdu_seq_num, head_seq_num)) {
623 dev_kfree_skb(skb);
624 return true;
625 }
626
627 /*
628 * If frame the sequence number exceeds our buffering window
629 * size release some previous frames to make room for this one.
630 */
631 if (!seq_less(mpdu_seq_num, head_seq_num + buf_size)) {
632 head_seq_num = seq_inc(seq_sub(mpdu_seq_num, buf_size));
633 /* release stored frames up to new head to stack */
634 ieee80211_release_reorder_frames(hw, tid_agg_rx, head_seq_num,
635 frames);
636 }
637
638 /* Now the new frame is always in the range of the reordering buffer */
639
640 index = seq_sub(mpdu_seq_num, tid_agg_rx->ssn) % tid_agg_rx->buf_size;
641
642 /* check if we already stored this frame */
643 if (tid_agg_rx->reorder_buf[index]) {
644 dev_kfree_skb(skb);
645 return true;
646 }
647
648 /*
649 * If the current MPDU is in the right order and nothing else
650 * is stored we can process it directly, no need to buffer it.
651 */
652 if (mpdu_seq_num == tid_agg_rx->head_seq_num &&
653 tid_agg_rx->stored_mpdu_num == 0) {
654 tid_agg_rx->head_seq_num = seq_inc(tid_agg_rx->head_seq_num);
655 return false;
656 }
657
658 /* put the frame in the reordering buffer */
659 tid_agg_rx->reorder_buf[index] = skb;
660 tid_agg_rx->reorder_time[index] = jiffies;
661 tid_agg_rx->stored_mpdu_num++;
662 /* release the buffer until next missing frame */
663 index = seq_sub(tid_agg_rx->head_seq_num, tid_agg_rx->ssn) %
664 tid_agg_rx->buf_size;
665 if (!tid_agg_rx->reorder_buf[index] &&
666 tid_agg_rx->stored_mpdu_num > 1) {
667 /*
668 * No buffers ready to be released, but check whether any
669 * frames in the reorder buffer have timed out.
670 */
671 int j;
672 int skipped = 1;
673 for (j = (index + 1) % tid_agg_rx->buf_size; j != index;
674 j = (j + 1) % tid_agg_rx->buf_size) {
675 if (!tid_agg_rx->reorder_buf[j]) {
676 skipped++;
677 continue;
678 }
679 if (!time_after(jiffies, tid_agg_rx->reorder_time[j] +
680 HT_RX_REORDER_BUF_TIMEOUT))
681 break;
682
683#ifdef CONFIG_MAC80211_HT_DEBUG
684 if (net_ratelimit())
685 printk(KERN_DEBUG "%s: release an RX reorder "
686 "frame due to timeout on earlier "
687 "frames\n",
688 wiphy_name(hw->wiphy));
689#endif
690 ieee80211_release_reorder_frame(hw, tid_agg_rx,
691 j, frames);
692
693 /*
694 * Increment the head seq# also for the skipped slots.
695 */
696 tid_agg_rx->head_seq_num =
697 (tid_agg_rx->head_seq_num + skipped) & SEQ_MASK;
698 skipped = 0;
699 }
700 } else while (tid_agg_rx->reorder_buf[index]) {
701 ieee80211_release_reorder_frame(hw, tid_agg_rx, index, frames);
702 index = seq_sub(tid_agg_rx->head_seq_num, tid_agg_rx->ssn) %
703 tid_agg_rx->buf_size;
704 }
705
706 return true;
707}
708
709/*
710 * Reorder MPDUs from A-MPDUs, keeping them on a buffer. Returns
711 * true if the MPDU was buffered, false if it should be processed.
712 */
713static void ieee80211_rx_reorder_ampdu(struct ieee80211_rx_data *rx,
714 struct sk_buff_head *frames)
715{
716 struct sk_buff *skb = rx->skb;
717 struct ieee80211_local *local = rx->local;
718 struct ieee80211_hw *hw = &local->hw;
719 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
720 struct sta_info *sta = rx->sta;
721 struct tid_ampdu_rx *tid_agg_rx;
722 u16 sc;
723 int tid;
724
725 if (!ieee80211_is_data_qos(hdr->frame_control))
726 goto dont_reorder;
727
728 /*
729 * filter the QoS data rx stream according to
730 * STA/TID and check if this STA/TID is on aggregation
731 */
732
733 if (!sta)
734 goto dont_reorder;
735
736 tid = *ieee80211_get_qos_ctl(hdr) & IEEE80211_QOS_CTL_TID_MASK;
737
738 if (sta->ampdu_mlme.tid_state_rx[tid] != HT_AGG_STATE_OPERATIONAL)
739 goto dont_reorder;
740
741 tid_agg_rx = sta->ampdu_mlme.tid_rx[tid];
742
743 /* qos null data frames are excluded */
744 if (unlikely(hdr->frame_control & cpu_to_le16(IEEE80211_STYPE_NULLFUNC)))
745 goto dont_reorder;
746
747 /* new, potentially un-ordered, ampdu frame - process it */
748
749 /* reset session timer */
750 if (tid_agg_rx->timeout)
751 mod_timer(&tid_agg_rx->session_timer,
752 TU_TO_EXP_TIME(tid_agg_rx->timeout));
753
754 /* if this mpdu is fragmented - terminate rx aggregation session */
755 sc = le16_to_cpu(hdr->seq_ctrl);
756 if (sc & IEEE80211_SCTL_FRAG) {
757 ieee80211_sta_stop_rx_ba_session(sta->sdata, sta->sta.addr,
758 tid, 0, WLAN_REASON_QSTA_REQUIRE_SETUP);
759 dev_kfree_skb(skb);
760 return;
761 }
762
763 if (ieee80211_sta_manage_reorder_buf(hw, tid_agg_rx, skb, frames))
764 return;
765
766 dont_reorder:
767 __skb_queue_tail(frames, skb);
768}
546 769
547static ieee80211_rx_result debug_noinline 770static ieee80211_rx_result debug_noinline
548ieee80211_rx_h_check(struct ieee80211_rx_data *rx) 771ieee80211_rx_h_check(struct ieee80211_rx_data *rx)
@@ -603,7 +826,9 @@ ieee80211_rx_h_check(struct ieee80211_rx_data *rx)
603static ieee80211_rx_result debug_noinline 826static ieee80211_rx_result debug_noinline
604ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx) 827ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
605{ 828{
606 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data; 829 struct sk_buff *skb = rx->skb;
830 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
831 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
607 int keyidx; 832 int keyidx;
608 int hdrlen; 833 int hdrlen;
609 ieee80211_rx_result result = RX_DROP_UNUSABLE; 834 ieee80211_rx_result result = RX_DROP_UNUSABLE;
@@ -644,6 +869,9 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
644 if (!(rx->flags & IEEE80211_RX_RA_MATCH)) 869 if (!(rx->flags & IEEE80211_RX_RA_MATCH))
645 return RX_CONTINUE; 870 return RX_CONTINUE;
646 871
872 /* start without a key */
873 rx->key = NULL;
874
647 if (rx->sta) 875 if (rx->sta)
648 stakey = rcu_dereference(rx->sta->key); 876 stakey = rcu_dereference(rx->sta->key);
649 877
@@ -657,8 +885,8 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
657 return RX_CONTINUE; 885 return RX_CONTINUE;
658 } else if (mmie_keyidx >= 0) { 886 } else if (mmie_keyidx >= 0) {
659 /* Broadcast/multicast robust management frame / BIP */ 887 /* Broadcast/multicast robust management frame / BIP */
660 if ((rx->status->flag & RX_FLAG_DECRYPTED) && 888 if ((status->flag & RX_FLAG_DECRYPTED) &&
661 (rx->status->flag & RX_FLAG_IV_STRIPPED)) 889 (status->flag & RX_FLAG_IV_STRIPPED))
662 return RX_CONTINUE; 890 return RX_CONTINUE;
663 891
664 if (mmie_keyidx < NUM_DEFAULT_KEYS || 892 if (mmie_keyidx < NUM_DEFAULT_KEYS ||
@@ -690,8 +918,8 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
690 * we somehow allow the driver to tell us which key 918 * we somehow allow the driver to tell us which key
691 * the hardware used if this flag is set? 919 * the hardware used if this flag is set?
692 */ 920 */
693 if ((rx->status->flag & RX_FLAG_DECRYPTED) && 921 if ((status->flag & RX_FLAG_DECRYPTED) &&
694 (rx->status->flag & RX_FLAG_IV_STRIPPED)) 922 (status->flag & RX_FLAG_IV_STRIPPED))
695 return RX_CONTINUE; 923 return RX_CONTINUE;
696 924
697 hdrlen = ieee80211_hdrlen(hdr->frame_control); 925 hdrlen = ieee80211_hdrlen(hdr->frame_control);
@@ -727,8 +955,8 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
727 /* Check for weak IVs if possible */ 955 /* Check for weak IVs if possible */
728 if (rx->sta && rx->key->conf.alg == ALG_WEP && 956 if (rx->sta && rx->key->conf.alg == ALG_WEP &&
729 ieee80211_is_data(hdr->frame_control) && 957 ieee80211_is_data(hdr->frame_control) &&
730 (!(rx->status->flag & RX_FLAG_IV_STRIPPED) || 958 (!(status->flag & RX_FLAG_IV_STRIPPED) ||
731 !(rx->status->flag & RX_FLAG_DECRYPTED)) && 959 !(status->flag & RX_FLAG_DECRYPTED)) &&
732 ieee80211_wep_is_weak_iv(rx->skb, rx->key)) 960 ieee80211_wep_is_weak_iv(rx->skb, rx->key))
733 rx->sta->wep_weak_iv_count++; 961 rx->sta->wep_weak_iv_count++;
734 962
@@ -748,7 +976,7 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
748 } 976 }
749 977
750 /* either the frame has been decrypted or will be dropped */ 978 /* either the frame has been decrypted or will be dropped */
751 rx->status->flag |= RX_FLAG_DECRYPTED; 979 status->flag |= RX_FLAG_DECRYPTED;
752 980
753 return result; 981 return result;
754} 982}
@@ -792,7 +1020,7 @@ static void ap_sta_ps_start(struct sta_info *sta)
792 struct ieee80211_local *local = sdata->local; 1020 struct ieee80211_local *local = sdata->local;
793 1021
794 atomic_inc(&sdata->bss->num_sta_ps); 1022 atomic_inc(&sdata->bss->num_sta_ps);
795 set_sta_flags(sta, WLAN_STA_PS); 1023 set_sta_flags(sta, WLAN_STA_PS_STA);
796 drv_sta_notify(local, &sdata->vif, STA_NOTIFY_SLEEP, &sta->sta); 1024 drv_sta_notify(local, &sdata->vif, STA_NOTIFY_SLEEP, &sta->sta);
797#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG 1025#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
798 printk(KERN_DEBUG "%s: STA %pM aid %d enters power save mode\n", 1026 printk(KERN_DEBUG "%s: STA %pM aid %d enters power save mode\n",
@@ -800,45 +1028,37 @@ static void ap_sta_ps_start(struct sta_info *sta)
800#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */ 1028#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
801} 1029}
802 1030
803static int ap_sta_ps_end(struct sta_info *sta) 1031static void ap_sta_ps_end(struct sta_info *sta)
804{ 1032{
805 struct ieee80211_sub_if_data *sdata = sta->sdata; 1033 struct ieee80211_sub_if_data *sdata = sta->sdata;
806 struct ieee80211_local *local = sdata->local;
807 int sent, buffered;
808 1034
809 atomic_dec(&sdata->bss->num_sta_ps); 1035 atomic_dec(&sdata->bss->num_sta_ps);
810 1036
811 clear_sta_flags(sta, WLAN_STA_PS); 1037 clear_sta_flags(sta, WLAN_STA_PS_STA);
812 drv_sta_notify(local, &sdata->vif, STA_NOTIFY_AWAKE, &sta->sta);
813
814 if (!skb_queue_empty(&sta->ps_tx_buf))
815 sta_info_clear_tim_bit(sta);
816 1038
817#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG 1039#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
818 printk(KERN_DEBUG "%s: STA %pM aid %d exits power save mode\n", 1040 printk(KERN_DEBUG "%s: STA %pM aid %d exits power save mode\n",
819 sdata->dev->name, sta->sta.addr, sta->sta.aid); 1041 sdata->dev->name, sta->sta.addr, sta->sta.aid);
820#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */ 1042#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
821 1043
822 /* Send all buffered frames to the station */ 1044 if (test_sta_flags(sta, WLAN_STA_PS_DRIVER)) {
823 sent = ieee80211_add_pending_skbs(local, &sta->tx_filtered);
824 buffered = ieee80211_add_pending_skbs(local, &sta->ps_tx_buf);
825 sent += buffered;
826 local->total_ps_buffered -= buffered;
827
828#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG 1045#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
829 printk(KERN_DEBUG "%s: STA %pM aid %d sending %d filtered/%d PS frames " 1046 printk(KERN_DEBUG "%s: STA %pM aid %d driver-ps-blocked\n",
830 "since STA not sleeping anymore\n", sdata->dev->name, 1047 sdata->dev->name, sta->sta.addr, sta->sta.aid);
831 sta->sta.addr, sta->sta.aid, sent - buffered, buffered);
832#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */ 1048#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
1049 return;
1050 }
833 1051
834 return sent; 1052 ieee80211_sta_ps_deliver_wakeup(sta);
835} 1053}
836 1054
837static ieee80211_rx_result debug_noinline 1055static ieee80211_rx_result debug_noinline
838ieee80211_rx_h_sta_process(struct ieee80211_rx_data *rx) 1056ieee80211_rx_h_sta_process(struct ieee80211_rx_data *rx)
839{ 1057{
840 struct sta_info *sta = rx->sta; 1058 struct sta_info *sta = rx->sta;
841 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data; 1059 struct sk_buff *skb = rx->skb;
1060 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
1061 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
842 1062
843 if (!sta) 1063 if (!sta)
844 return RX_CONTINUE; 1064 return RX_CONTINUE;
@@ -869,9 +1089,8 @@ ieee80211_rx_h_sta_process(struct ieee80211_rx_data *rx)
869 1089
870 sta->rx_fragments++; 1090 sta->rx_fragments++;
871 sta->rx_bytes += rx->skb->len; 1091 sta->rx_bytes += rx->skb->len;
872 sta->last_signal = rx->status->signal; 1092 sta->last_signal = status->signal;
873 sta->last_qual = rx->status->qual; 1093 sta->last_noise = status->noise;
874 sta->last_noise = rx->status->noise;
875 1094
876 /* 1095 /*
877 * Change STA power saving mode only at the end of a frame 1096 * Change STA power saving mode only at the end of a frame
@@ -880,7 +1099,7 @@ ieee80211_rx_h_sta_process(struct ieee80211_rx_data *rx)
880 if (!ieee80211_has_morefrags(hdr->frame_control) && 1099 if (!ieee80211_has_morefrags(hdr->frame_control) &&
881 (rx->sdata->vif.type == NL80211_IFTYPE_AP || 1100 (rx->sdata->vif.type == NL80211_IFTYPE_AP ||
882 rx->sdata->vif.type == NL80211_IFTYPE_AP_VLAN)) { 1101 rx->sdata->vif.type == NL80211_IFTYPE_AP_VLAN)) {
883 if (test_sta_flags(sta, WLAN_STA_PS)) { 1102 if (test_sta_flags(sta, WLAN_STA_PS_STA)) {
884 /* 1103 /*
885 * Ignore doze->wake transitions that are 1104 * Ignore doze->wake transitions that are
886 * indicated by non-data frames, the standard 1105 * indicated by non-data frames, the standard
@@ -891,19 +1110,24 @@ ieee80211_rx_h_sta_process(struct ieee80211_rx_data *rx)
891 */ 1110 */
892 if (ieee80211_is_data(hdr->frame_control) && 1111 if (ieee80211_is_data(hdr->frame_control) &&
893 !ieee80211_has_pm(hdr->frame_control)) 1112 !ieee80211_has_pm(hdr->frame_control))
894 rx->sent_ps_buffered += ap_sta_ps_end(sta); 1113 ap_sta_ps_end(sta);
895 } else { 1114 } else {
896 if (ieee80211_has_pm(hdr->frame_control)) 1115 if (ieee80211_has_pm(hdr->frame_control))
897 ap_sta_ps_start(sta); 1116 ap_sta_ps_start(sta);
898 } 1117 }
899 } 1118 }
900 1119
901 /* Drop data::nullfunc frames silently, since they are used only to 1120 /*
902 * control station power saving mode. */ 1121 * Drop (qos-)data::nullfunc frames silently, since they
903 if (ieee80211_is_nullfunc(hdr->frame_control)) { 1122 * are used only to control station power saving mode.
1123 */
1124 if (ieee80211_is_nullfunc(hdr->frame_control) ||
1125 ieee80211_is_qos_nullfunc(hdr->frame_control)) {
904 I802_DEBUG_INC(rx->local->rx_handlers_drop_nullfunc); 1126 I802_DEBUG_INC(rx->local->rx_handlers_drop_nullfunc);
905 /* Update counter and free packet here to avoid counting this 1127 /*
906 * as a dropped packed. */ 1128 * Update counter and free packet here to avoid
1129 * counting this as a dropped packed.
1130 */
907 sta->rx_packets++; 1131 sta->rx_packets++;
908 dev_kfree_skb(rx->skb); 1132 dev_kfree_skb(rx->skb);
909 return RX_QUEUED; 1133 return RX_QUEUED;
@@ -1103,9 +1327,7 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx)
1103static ieee80211_rx_result debug_noinline 1327static ieee80211_rx_result debug_noinline
1104ieee80211_rx_h_ps_poll(struct ieee80211_rx_data *rx) 1328ieee80211_rx_h_ps_poll(struct ieee80211_rx_data *rx)
1105{ 1329{
1106 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(rx->dev); 1330 struct ieee80211_sub_if_data *sdata = rx->sdata;
1107 struct sk_buff *skb;
1108 int no_pending_pkts;
1109 __le16 fc = ((struct ieee80211_hdr *)rx->skb->data)->frame_control; 1331 __le16 fc = ((struct ieee80211_hdr *)rx->skb->data)->frame_control;
1110 1332
1111 if (likely(!rx->sta || !ieee80211_is_pspoll(fc) || 1333 if (likely(!rx->sta || !ieee80211_is_pspoll(fc) ||
@@ -1116,56 +1338,10 @@ ieee80211_rx_h_ps_poll(struct ieee80211_rx_data *rx)
1116 (sdata->vif.type != NL80211_IFTYPE_AP_VLAN)) 1338 (sdata->vif.type != NL80211_IFTYPE_AP_VLAN))
1117 return RX_DROP_UNUSABLE; 1339 return RX_DROP_UNUSABLE;
1118 1340
1119 skb = skb_dequeue(&rx->sta->tx_filtered); 1341 if (!test_sta_flags(rx->sta, WLAN_STA_PS_DRIVER))
1120 if (!skb) { 1342 ieee80211_sta_ps_deliver_poll_response(rx->sta);
1121 skb = skb_dequeue(&rx->sta->ps_tx_buf); 1343 else
1122 if (skb) 1344 set_sta_flags(rx->sta, WLAN_STA_PSPOLL);
1123 rx->local->total_ps_buffered--;
1124 }
1125 no_pending_pkts = skb_queue_empty(&rx->sta->tx_filtered) &&
1126 skb_queue_empty(&rx->sta->ps_tx_buf);
1127
1128 if (skb) {
1129 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1130 struct ieee80211_hdr *hdr =
1131 (struct ieee80211_hdr *) skb->data;
1132
1133 /*
1134 * Tell TX path to send this frame even though the STA may
1135 * still remain is PS mode after this frame exchange.
1136 */
1137 info->flags |= IEEE80211_TX_CTL_PSPOLL_RESPONSE;
1138
1139#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
1140 printk(KERN_DEBUG "STA %pM aid %d: PS Poll (entries after %d)\n",
1141 rx->sta->sta.addr, rx->sta->sta.aid,
1142 skb_queue_len(&rx->sta->ps_tx_buf));
1143#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
1144
1145 /* Use MoreData flag to indicate whether there are more
1146 * buffered frames for this STA */
1147 if (no_pending_pkts)
1148 hdr->frame_control &= cpu_to_le16(~IEEE80211_FCTL_MOREDATA);
1149 else
1150 hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_MOREDATA);
1151
1152 ieee80211_add_pending_skb(rx->local, skb);
1153
1154 if (no_pending_pkts)
1155 sta_info_clear_tim_bit(rx->sta);
1156#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
1157 } else if (!rx->sent_ps_buffered) {
1158 /*
1159 * FIXME: This can be the result of a race condition between
1160 * us expiring a frame and the station polling for it.
1161 * Should we send it a null-func frame indicating we
1162 * have nothing buffered for it?
1163 */
1164 printk(KERN_DEBUG "%s: STA %pM sent PS Poll even "
1165 "though there are no buffered frames for it\n",
1166 rx->dev->name, rx->sta->sta.addr);
1167#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
1168 }
1169 1345
1170 /* Free PS Poll skb here instead of returning RX_DROP that would 1346 /* Free PS Poll skb here instead of returning RX_DROP that would
1171 * count as an dropped frame. */ 1347 * count as an dropped frame. */
@@ -1206,11 +1382,14 @@ ieee80211_802_1x_port_control(struct ieee80211_rx_data *rx)
1206static int 1382static int
1207ieee80211_drop_unencrypted(struct ieee80211_rx_data *rx, __le16 fc) 1383ieee80211_drop_unencrypted(struct ieee80211_rx_data *rx, __le16 fc)
1208{ 1384{
1385 struct sk_buff *skb = rx->skb;
1386 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
1387
1209 /* 1388 /*
1210 * Pass through unencrypted frames if the hardware has 1389 * Pass through unencrypted frames if the hardware has
1211 * decrypted them already. 1390 * decrypted them already.
1212 */ 1391 */
1213 if (rx->status->flag & RX_FLAG_DECRYPTED) 1392 if (status->flag & RX_FLAG_DECRYPTED)
1214 return 0; 1393 return 0;
1215 1394
1216 /* Drop unencrypted frames if key is set. */ 1395 /* Drop unencrypted frames if key is set. */
@@ -1224,8 +1403,8 @@ ieee80211_drop_unencrypted(struct ieee80211_rx_data *rx, __le16 fc)
1224 rx->key)) 1403 rx->key))
1225 return -EACCES; 1404 return -EACCES;
1226 /* BIP does not use Protected field, so need to check MMIE */ 1405 /* BIP does not use Protected field, so need to check MMIE */
1227 if (unlikely(ieee80211_is_multicast_robust_mgmt_frame(rx->skb) 1406 if (unlikely(ieee80211_is_multicast_robust_mgmt_frame(rx->skb) &&
1228 && ieee80211_get_mmie_keyidx(rx->skb) < 0 && 1407 ieee80211_get_mmie_keyidx(rx->skb) < 0 &&
1229 rx->key)) 1408 rx->key))
1230 return -EACCES; 1409 return -EACCES;
1231 /* 1410 /*
@@ -1244,8 +1423,18 @@ ieee80211_drop_unencrypted(struct ieee80211_rx_data *rx, __le16 fc)
1244static int 1423static int
1245__ieee80211_data_to_8023(struct ieee80211_rx_data *rx) 1424__ieee80211_data_to_8023(struct ieee80211_rx_data *rx)
1246{ 1425{
1247 struct net_device *dev = rx->dev; 1426 struct ieee80211_sub_if_data *sdata = rx->sdata;
1248 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1427 struct net_device *dev = sdata->dev;
1428 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
1429
1430 if (ieee80211_has_a4(hdr->frame_control) &&
1431 sdata->vif.type == NL80211_IFTYPE_AP_VLAN && !sdata->u.vlan.sta)
1432 return -1;
1433
1434 if (is_multicast_ether_addr(hdr->addr1) &&
1435 ((sdata->vif.type == NL80211_IFTYPE_AP_VLAN && sdata->u.vlan.sta) ||
1436 (sdata->vif.type == NL80211_IFTYPE_STATION && sdata->u.mgd.use_4addr)))
1437 return -1;
1249 1438
1250 return ieee80211_data_to_8023(rx->skb, dev->dev_addr, sdata->vif.type); 1439 return ieee80211_data_to_8023(rx->skb, dev->dev_addr, sdata->vif.type);
1251} 1440}
@@ -1264,7 +1453,7 @@ static bool ieee80211_frame_allowed(struct ieee80211_rx_data *rx, __le16 fc)
1264 * of whether the frame was encrypted or not. 1453 * of whether the frame was encrypted or not.
1265 */ 1454 */
1266 if (ehdr->h_proto == htons(ETH_P_PAE) && 1455 if (ehdr->h_proto == htons(ETH_P_PAE) &&
1267 (compare_ether_addr(ehdr->h_dest, rx->dev->dev_addr) == 0 || 1456 (compare_ether_addr(ehdr->h_dest, rx->sdata->dev->dev_addr) == 0 ||
1268 compare_ether_addr(ehdr->h_dest, pae_group_addr) == 0)) 1457 compare_ether_addr(ehdr->h_dest, pae_group_addr) == 0))
1269 return true; 1458 return true;
1270 1459
@@ -1281,10 +1470,10 @@ static bool ieee80211_frame_allowed(struct ieee80211_rx_data *rx, __le16 fc)
1281static void 1470static void
1282ieee80211_deliver_skb(struct ieee80211_rx_data *rx) 1471ieee80211_deliver_skb(struct ieee80211_rx_data *rx)
1283{ 1472{
1284 struct net_device *dev = rx->dev; 1473 struct ieee80211_sub_if_data *sdata = rx->sdata;
1474 struct net_device *dev = sdata->dev;
1285 struct ieee80211_local *local = rx->local; 1475 struct ieee80211_local *local = rx->local;
1286 struct sk_buff *skb, *xmit_skb; 1476 struct sk_buff *skb, *xmit_skb;
1287 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1288 struct ethhdr *ehdr = (struct ethhdr *) rx->skb->data; 1477 struct ethhdr *ehdr = (struct ethhdr *) rx->skb->data;
1289 struct sta_info *dsta; 1478 struct sta_info *dsta;
1290 1479
@@ -1294,7 +1483,8 @@ ieee80211_deliver_skb(struct ieee80211_rx_data *rx)
1294 if ((sdata->vif.type == NL80211_IFTYPE_AP || 1483 if ((sdata->vif.type == NL80211_IFTYPE_AP ||
1295 sdata->vif.type == NL80211_IFTYPE_AP_VLAN) && 1484 sdata->vif.type == NL80211_IFTYPE_AP_VLAN) &&
1296 !(sdata->flags & IEEE80211_SDATA_DONT_BRIDGE_PACKETS) && 1485 !(sdata->flags & IEEE80211_SDATA_DONT_BRIDGE_PACKETS) &&
1297 (rx->flags & IEEE80211_RX_RA_MATCH)) { 1486 (rx->flags & IEEE80211_RX_RA_MATCH) &&
1487 (sdata->vif.type != NL80211_IFTYPE_AP_VLAN || !sdata->u.vlan.sta)) {
1298 if (is_multicast_ether_addr(ehdr->h_dest)) { 1488 if (is_multicast_ether_addr(ehdr->h_dest)) {
1299 /* 1489 /*
1300 * send multicast frames both to higher layers in 1490 * send multicast frames both to higher layers in
@@ -1337,10 +1527,10 @@ ieee80211_deliver_skb(struct ieee80211_rx_data *rx)
1337 skb = NULL; 1527 skb = NULL;
1338 } else { 1528 } else {
1339 u8 *data = skb->data; 1529 u8 *data = skb->data;
1340 size_t len = skb->len; 1530 size_t len = skb_headlen(skb);
1341 u8 *new = __skb_push(skb, align); 1531 skb->data -= align;
1342 memmove(new, data, len); 1532 memmove(skb->data, data, len);
1343 __skb_trim(skb, len); 1533 skb_set_tail_pointer(skb, len);
1344 } 1534 }
1345 } 1535 }
1346#endif 1536#endif
@@ -1365,7 +1555,7 @@ ieee80211_deliver_skb(struct ieee80211_rx_data *rx)
1365static ieee80211_rx_result debug_noinline 1555static ieee80211_rx_result debug_noinline
1366ieee80211_rx_h_amsdu(struct ieee80211_rx_data *rx) 1556ieee80211_rx_h_amsdu(struct ieee80211_rx_data *rx)
1367{ 1557{
1368 struct net_device *dev = rx->dev; 1558 struct net_device *dev = rx->sdata->dev;
1369 struct ieee80211_local *local = rx->local; 1559 struct ieee80211_local *local = rx->local;
1370 u16 ethertype; 1560 u16 ethertype;
1371 u8 *payload; 1561 u8 *payload;
@@ -1490,12 +1680,11 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx)
1490 unsigned int hdrlen; 1680 unsigned int hdrlen;
1491 struct sk_buff *skb = rx->skb, *fwd_skb; 1681 struct sk_buff *skb = rx->skb, *fwd_skb;
1492 struct ieee80211_local *local = rx->local; 1682 struct ieee80211_local *local = rx->local;
1493 struct ieee80211_sub_if_data *sdata; 1683 struct ieee80211_sub_if_data *sdata = rx->sdata;
1494 1684
1495 hdr = (struct ieee80211_hdr *) skb->data; 1685 hdr = (struct ieee80211_hdr *) skb->data;
1496 hdrlen = ieee80211_hdrlen(hdr->frame_control); 1686 hdrlen = ieee80211_hdrlen(hdr->frame_control);
1497 mesh_hdr = (struct ieee80211s_hdr *) (skb->data + hdrlen); 1687 mesh_hdr = (struct ieee80211s_hdr *) (skb->data + hdrlen);
1498 sdata = IEEE80211_DEV_TO_SUB_IF(rx->dev);
1499 1688
1500 if (!ieee80211_is_data(hdr->frame_control)) 1689 if (!ieee80211_is_data(hdr->frame_control))
1501 return RX_CONTINUE; 1690 return RX_CONTINUE;
@@ -1504,19 +1693,28 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx)
1504 /* illegal frame */ 1693 /* illegal frame */
1505 return RX_DROP_MONITOR; 1694 return RX_DROP_MONITOR;
1506 1695
1507 if (!is_multicast_ether_addr(hdr->addr1) && 1696 if (mesh_hdr->flags & MESH_FLAGS_AE) {
1508 (mesh_hdr->flags & MESH_FLAGS_AE_A5_A6)) {
1509 struct mesh_path *mppath; 1697 struct mesh_path *mppath;
1698 char *proxied_addr;
1699 char *mpp_addr;
1700
1701 if (is_multicast_ether_addr(hdr->addr1)) {
1702 mpp_addr = hdr->addr3;
1703 proxied_addr = mesh_hdr->eaddr1;
1704 } else {
1705 mpp_addr = hdr->addr4;
1706 proxied_addr = mesh_hdr->eaddr2;
1707 }
1510 1708
1511 rcu_read_lock(); 1709 rcu_read_lock();
1512 mppath = mpp_path_lookup(mesh_hdr->eaddr2, sdata); 1710 mppath = mpp_path_lookup(proxied_addr, sdata);
1513 if (!mppath) { 1711 if (!mppath) {
1514 mpp_path_add(mesh_hdr->eaddr2, hdr->addr4, sdata); 1712 mpp_path_add(proxied_addr, mpp_addr, sdata);
1515 } else { 1713 } else {
1516 spin_lock_bh(&mppath->state_lock); 1714 spin_lock_bh(&mppath->state_lock);
1517 mppath->exp_time = jiffies; 1715 mppath->exp_time = jiffies;
1518 if (compare_ether_addr(mppath->mpp, hdr->addr4) != 0) 1716 if (compare_ether_addr(mppath->mpp, mpp_addr) != 0)
1519 memcpy(mppath->mpp, hdr->addr4, ETH_ALEN); 1717 memcpy(mppath->mpp, mpp_addr, ETH_ALEN);
1520 spin_unlock_bh(&mppath->state_lock); 1718 spin_unlock_bh(&mppath->state_lock);
1521 } 1719 }
1522 rcu_read_unlock(); 1720 rcu_read_unlock();
@@ -1524,7 +1722,7 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx)
1524 1722
1525 /* Frame has reached destination. Don't forward */ 1723 /* Frame has reached destination. Don't forward */
1526 if (!is_multicast_ether_addr(hdr->addr1) && 1724 if (!is_multicast_ether_addr(hdr->addr1) &&
1527 compare_ether_addr(rx->dev->dev_addr, hdr->addr3) == 0) 1725 compare_ether_addr(sdata->dev->dev_addr, hdr->addr3) == 0)
1528 return RX_CONTINUE; 1726 return RX_CONTINUE;
1529 1727
1530 mesh_hdr->ttl--; 1728 mesh_hdr->ttl--;
@@ -1541,10 +1739,10 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx)
1541 1739
1542 if (!fwd_skb && net_ratelimit()) 1740 if (!fwd_skb && net_ratelimit())
1543 printk(KERN_DEBUG "%s: failed to clone mesh frame\n", 1741 printk(KERN_DEBUG "%s: failed to clone mesh frame\n",
1544 rx->dev->name); 1742 sdata->dev->name);
1545 1743
1546 fwd_hdr = (struct ieee80211_hdr *) fwd_skb->data; 1744 fwd_hdr = (struct ieee80211_hdr *) fwd_skb->data;
1547 memcpy(fwd_hdr->addr2, rx->dev->dev_addr, ETH_ALEN); 1745 memcpy(fwd_hdr->addr2, sdata->dev->dev_addr, ETH_ALEN);
1548 info = IEEE80211_SKB_CB(fwd_skb); 1746 info = IEEE80211_SKB_CB(fwd_skb);
1549 memset(info, 0, sizeof(*info)); 1747 memset(info, 0, sizeof(*info));
1550 info->flags |= IEEE80211_TX_INTFL_NEED_TXPROCESSING; 1748 info->flags |= IEEE80211_TX_INTFL_NEED_TXPROCESSING;
@@ -1578,7 +1776,7 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx)
1578 } 1776 }
1579 1777
1580 if (is_multicast_ether_addr(hdr->addr1) || 1778 if (is_multicast_ether_addr(hdr->addr1) ||
1581 rx->dev->flags & IFF_PROMISC) 1779 sdata->dev->flags & IFF_PROMISC)
1582 return RX_CONTINUE; 1780 return RX_CONTINUE;
1583 else 1781 else
1584 return RX_DROP_MONITOR; 1782 return RX_DROP_MONITOR;
@@ -1588,7 +1786,8 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx)
1588static ieee80211_rx_result debug_noinline 1786static ieee80211_rx_result debug_noinline
1589ieee80211_rx_h_data(struct ieee80211_rx_data *rx) 1787ieee80211_rx_h_data(struct ieee80211_rx_data *rx)
1590{ 1788{
1591 struct net_device *dev = rx->dev; 1789 struct ieee80211_sub_if_data *sdata = rx->sdata;
1790 struct net_device *dev = sdata->dev;
1592 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data; 1791 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
1593 __le16 fc = hdr->frame_control; 1792 __le16 fc = hdr->frame_control;
1594 int err; 1793 int err;
@@ -1599,6 +1798,14 @@ ieee80211_rx_h_data(struct ieee80211_rx_data *rx)
1599 if (unlikely(!ieee80211_is_data_present(hdr->frame_control))) 1798 if (unlikely(!ieee80211_is_data_present(hdr->frame_control)))
1600 return RX_DROP_MONITOR; 1799 return RX_DROP_MONITOR;
1601 1800
1801 /*
1802 * Allow the cooked monitor interface of an AP to see 4-addr frames so
1803 * that a 4-addr station can be detected and moved into a separate VLAN
1804 */
1805 if (ieee80211_has_a4(hdr->frame_control) &&
1806 sdata->vif.type == NL80211_IFTYPE_AP)
1807 return RX_DROP_MONITOR;
1808
1602 err = __ieee80211_data_to_8023(rx); 1809 err = __ieee80211_data_to_8023(rx);
1603 if (unlikely(err)) 1810 if (unlikely(err))
1604 return RX_DROP_UNUSABLE; 1811 return RX_DROP_UNUSABLE;
@@ -1617,7 +1824,7 @@ ieee80211_rx_h_data(struct ieee80211_rx_data *rx)
1617} 1824}
1618 1825
1619static ieee80211_rx_result debug_noinline 1826static ieee80211_rx_result debug_noinline
1620ieee80211_rx_h_ctrl(struct ieee80211_rx_data *rx) 1827ieee80211_rx_h_ctrl(struct ieee80211_rx_data *rx, struct sk_buff_head *frames)
1621{ 1828{
1622 struct ieee80211_local *local = rx->local; 1829 struct ieee80211_local *local = rx->local;
1623 struct ieee80211_hw *hw = &local->hw; 1830 struct ieee80211_hw *hw = &local->hw;
@@ -1632,11 +1839,11 @@ ieee80211_rx_h_ctrl(struct ieee80211_rx_data *rx)
1632 1839
1633 if (ieee80211_is_back_req(bar->frame_control)) { 1840 if (ieee80211_is_back_req(bar->frame_control)) {
1634 if (!rx->sta) 1841 if (!rx->sta)
1635 return RX_CONTINUE; 1842 return RX_DROP_MONITOR;
1636 tid = le16_to_cpu(bar->control) >> 12; 1843 tid = le16_to_cpu(bar->control) >> 12;
1637 if (rx->sta->ampdu_mlme.tid_state_rx[tid] 1844 if (rx->sta->ampdu_mlme.tid_state_rx[tid]
1638 != HT_AGG_STATE_OPERATIONAL) 1845 != HT_AGG_STATE_OPERATIONAL)
1639 return RX_CONTINUE; 1846 return RX_DROP_MONITOR;
1640 tid_agg_rx = rx->sta->ampdu_mlme.tid_rx[tid]; 1847 tid_agg_rx = rx->sta->ampdu_mlme.tid_rx[tid];
1641 1848
1642 start_seq_num = le16_to_cpu(bar->start_seq_num) >> 4; 1849 start_seq_num = le16_to_cpu(bar->start_seq_num) >> 4;
@@ -1646,13 +1853,11 @@ ieee80211_rx_h_ctrl(struct ieee80211_rx_data *rx)
1646 mod_timer(&tid_agg_rx->session_timer, 1853 mod_timer(&tid_agg_rx->session_timer,
1647 TU_TO_EXP_TIME(tid_agg_rx->timeout)); 1854 TU_TO_EXP_TIME(tid_agg_rx->timeout));
1648 1855
1649 /* manage reordering buffer according to requested */ 1856 /* release stored frames up to start of BAR */
1650 /* sequence number */ 1857 ieee80211_release_reorder_frames(hw, tid_agg_rx, start_seq_num,
1651 rcu_read_lock(); 1858 frames);
1652 ieee80211_sta_manage_reorder_buf(hw, tid_agg_rx, NULL, 1859 kfree_skb(skb);
1653 start_seq_num, 1); 1860 return RX_QUEUED;
1654 rcu_read_unlock();
1655 return RX_DROP_UNUSABLE;
1656 } 1861 }
1657 1862
1658 return RX_CONTINUE; 1863 return RX_CONTINUE;
@@ -1701,14 +1906,14 @@ static void ieee80211_process_sa_query_req(struct ieee80211_sub_if_data *sdata,
1701 mgmt->u.action.u.sa_query.trans_id, 1906 mgmt->u.action.u.sa_query.trans_id,
1702 WLAN_SA_QUERY_TR_ID_LEN); 1907 WLAN_SA_QUERY_TR_ID_LEN);
1703 1908
1704 ieee80211_tx_skb(sdata, skb, 1); 1909 ieee80211_tx_skb(sdata, skb);
1705} 1910}
1706 1911
1707static ieee80211_rx_result debug_noinline 1912static ieee80211_rx_result debug_noinline
1708ieee80211_rx_h_action(struct ieee80211_rx_data *rx) 1913ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
1709{ 1914{
1710 struct ieee80211_local *local = rx->local; 1915 struct ieee80211_local *local = rx->local;
1711 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(rx->dev); 1916 struct ieee80211_sub_if_data *sdata = rx->sdata;
1712 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) rx->skb->data; 1917 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) rx->skb->data;
1713 int len = rx->skb->len; 1918 int len = rx->skb->len;
1714 1919
@@ -1820,7 +2025,7 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
1820static ieee80211_rx_result debug_noinline 2025static ieee80211_rx_result debug_noinline
1821ieee80211_rx_h_mgmt(struct ieee80211_rx_data *rx) 2026ieee80211_rx_h_mgmt(struct ieee80211_rx_data *rx)
1822{ 2027{
1823 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(rx->dev); 2028 struct ieee80211_sub_if_data *sdata = rx->sdata;
1824 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) rx->skb->data; 2029 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) rx->skb->data;
1825 2030
1826 if (!(rx->flags & IEEE80211_RX_RA_MATCH)) 2031 if (!(rx->flags & IEEE80211_RX_RA_MATCH))
@@ -1858,11 +2063,11 @@ static void ieee80211_rx_michael_mic_report(struct ieee80211_hdr *hdr,
1858 * Some hardware seem to generate incorrect Michael MIC 2063 * Some hardware seem to generate incorrect Michael MIC
1859 * reports; ignore them to avoid triggering countermeasures. 2064 * reports; ignore them to avoid triggering countermeasures.
1860 */ 2065 */
1861 goto ignore; 2066 return;
1862 } 2067 }
1863 2068
1864 if (!ieee80211_has_protected(hdr->frame_control)) 2069 if (!ieee80211_has_protected(hdr->frame_control))
1865 goto ignore; 2070 return;
1866 2071
1867 if (rx->sdata->vif.type == NL80211_IFTYPE_AP && keyidx) { 2072 if (rx->sdata->vif.type == NL80211_IFTYPE_AP && keyidx) {
1868 /* 2073 /*
@@ -1871,37 +2076,35 @@ static void ieee80211_rx_michael_mic_report(struct ieee80211_hdr *hdr,
1871 * group keys and only the AP is sending real multicast 2076 * group keys and only the AP is sending real multicast
1872 * frames in the BSS. 2077 * frames in the BSS.
1873 */ 2078 */
1874 goto ignore; 2079 return;
1875 } 2080 }
1876 2081
1877 if (!ieee80211_is_data(hdr->frame_control) && 2082 if (!ieee80211_is_data(hdr->frame_control) &&
1878 !ieee80211_is_auth(hdr->frame_control)) 2083 !ieee80211_is_auth(hdr->frame_control))
1879 goto ignore; 2084 return;
1880 2085
1881 mac80211_ev_michael_mic_failure(rx->sdata, keyidx, hdr, NULL, 2086 mac80211_ev_michael_mic_failure(rx->sdata, keyidx, hdr, NULL,
1882 GFP_ATOMIC); 2087 GFP_ATOMIC);
1883 ignore:
1884 dev_kfree_skb(rx->skb);
1885 rx->skb = NULL;
1886} 2088}
1887 2089
1888/* TODO: use IEEE80211_RX_FRAGMENTED */ 2090/* TODO: use IEEE80211_RX_FRAGMENTED */
1889static void ieee80211_rx_cooked_monitor(struct ieee80211_rx_data *rx) 2091static void ieee80211_rx_cooked_monitor(struct ieee80211_rx_data *rx,
2092 struct ieee80211_rate *rate)
1890{ 2093{
1891 struct ieee80211_sub_if_data *sdata; 2094 struct ieee80211_sub_if_data *sdata;
1892 struct ieee80211_local *local = rx->local; 2095 struct ieee80211_local *local = rx->local;
1893 struct ieee80211_rtap_hdr { 2096 struct ieee80211_rtap_hdr {
1894 struct ieee80211_radiotap_header hdr; 2097 struct ieee80211_radiotap_header hdr;
1895 u8 flags; 2098 u8 flags;
1896 u8 rate; 2099 u8 rate_or_pad;
1897 __le16 chan_freq; 2100 __le16 chan_freq;
1898 __le16 chan_flags; 2101 __le16 chan_flags;
1899 } __attribute__ ((packed)) *rthdr; 2102 } __attribute__ ((packed)) *rthdr;
1900 struct sk_buff *skb = rx->skb, *skb2; 2103 struct sk_buff *skb = rx->skb, *skb2;
1901 struct net_device *prev_dev = NULL; 2104 struct net_device *prev_dev = NULL;
1902 struct ieee80211_rx_status *status = rx->status; 2105 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
1903 2106
1904 if (rx->flags & IEEE80211_RX_CMNTR_REPORTED) 2107 if (status->flag & RX_FLAG_INTERNAL_CMTR)
1905 goto out_free_skb; 2108 goto out_free_skb;
1906 2109
1907 if (skb_headroom(skb) < sizeof(*rthdr) && 2110 if (skb_headroom(skb) < sizeof(*rthdr) &&
@@ -1913,10 +2116,13 @@ static void ieee80211_rx_cooked_monitor(struct ieee80211_rx_data *rx)
1913 rthdr->hdr.it_len = cpu_to_le16(sizeof(*rthdr)); 2116 rthdr->hdr.it_len = cpu_to_le16(sizeof(*rthdr));
1914 rthdr->hdr.it_present = 2117 rthdr->hdr.it_present =
1915 cpu_to_le32((1 << IEEE80211_RADIOTAP_FLAGS) | 2118 cpu_to_le32((1 << IEEE80211_RADIOTAP_FLAGS) |
1916 (1 << IEEE80211_RADIOTAP_RATE) |
1917 (1 << IEEE80211_RADIOTAP_CHANNEL)); 2119 (1 << IEEE80211_RADIOTAP_CHANNEL));
1918 2120
1919 rthdr->rate = rx->rate->bitrate / 5; 2121 if (rate) {
2122 rthdr->rate_or_pad = rate->bitrate / 5;
2123 rthdr->hdr.it_present |=
2124 cpu_to_le32(1 << IEEE80211_RADIOTAP_RATE);
2125 }
1920 rthdr->chan_freq = cpu_to_le16(status->freq); 2126 rthdr->chan_freq = cpu_to_le16(status->freq);
1921 2127
1922 if (status->band == IEEE80211_BAND_5GHZ) 2128 if (status->band == IEEE80211_BAND_5GHZ)
@@ -1959,7 +2165,7 @@ static void ieee80211_rx_cooked_monitor(struct ieee80211_rx_data *rx)
1959 } else 2165 } else
1960 goto out_free_skb; 2166 goto out_free_skb;
1961 2167
1962 rx->flags |= IEEE80211_RX_CMNTR_REPORTED; 2168 status->flag |= RX_FLAG_INTERNAL_CMTR;
1963 return; 2169 return;
1964 2170
1965 out_free_skb: 2171 out_free_skb:
@@ -1969,62 +2175,87 @@ static void ieee80211_rx_cooked_monitor(struct ieee80211_rx_data *rx)
1969 2175
1970static void ieee80211_invoke_rx_handlers(struct ieee80211_sub_if_data *sdata, 2176static void ieee80211_invoke_rx_handlers(struct ieee80211_sub_if_data *sdata,
1971 struct ieee80211_rx_data *rx, 2177 struct ieee80211_rx_data *rx,
1972 struct sk_buff *skb) 2178 struct sk_buff *skb,
2179 struct ieee80211_rate *rate)
1973{ 2180{
2181 struct sk_buff_head reorder_release;
1974 ieee80211_rx_result res = RX_DROP_MONITOR; 2182 ieee80211_rx_result res = RX_DROP_MONITOR;
1975 2183
2184 __skb_queue_head_init(&reorder_release);
2185
1976 rx->skb = skb; 2186 rx->skb = skb;
1977 rx->sdata = sdata; 2187 rx->sdata = sdata;
1978 rx->dev = sdata->dev;
1979 2188
1980#define CALL_RXH(rxh) \ 2189#define CALL_RXH(rxh) \
1981 do { \ 2190 do { \
1982 res = rxh(rx); \ 2191 res = rxh(rx); \
1983 if (res != RX_CONTINUE) \ 2192 if (res != RX_CONTINUE) \
1984 goto rxh_done; \ 2193 goto rxh_next; \
1985 } while (0); 2194 } while (0);
1986 2195
2196 /*
2197 * NB: the rxh_next label works even if we jump
2198 * to it from here because then the list will
2199 * be empty, which is a trivial check
2200 */
1987 CALL_RXH(ieee80211_rx_h_passive_scan) 2201 CALL_RXH(ieee80211_rx_h_passive_scan)
1988 CALL_RXH(ieee80211_rx_h_check) 2202 CALL_RXH(ieee80211_rx_h_check)
1989 CALL_RXH(ieee80211_rx_h_decrypt) 2203
1990 CALL_RXH(ieee80211_rx_h_check_more_data) 2204 ieee80211_rx_reorder_ampdu(rx, &reorder_release);
1991 CALL_RXH(ieee80211_rx_h_sta_process) 2205
1992 CALL_RXH(ieee80211_rx_h_defragment) 2206 while ((skb = __skb_dequeue(&reorder_release))) {
1993 CALL_RXH(ieee80211_rx_h_ps_poll) 2207 /*
1994 CALL_RXH(ieee80211_rx_h_michael_mic_verify) 2208 * all the other fields are valid across frames
1995 /* must be after MMIC verify so header is counted in MPDU mic */ 2209 * that belong to an aMPDU since they are on the
1996 CALL_RXH(ieee80211_rx_h_remove_qos_control) 2210 * same TID from the same station
1997 CALL_RXH(ieee80211_rx_h_amsdu) 2211 */
2212 rx->skb = skb;
2213
2214 CALL_RXH(ieee80211_rx_h_decrypt)
2215 CALL_RXH(ieee80211_rx_h_check_more_data)
2216 CALL_RXH(ieee80211_rx_h_sta_process)
2217 CALL_RXH(ieee80211_rx_h_defragment)
2218 CALL_RXH(ieee80211_rx_h_ps_poll)
2219 CALL_RXH(ieee80211_rx_h_michael_mic_verify)
2220 /* must be after MMIC verify so header is counted in MPDU mic */
2221 CALL_RXH(ieee80211_rx_h_remove_qos_control)
2222 CALL_RXH(ieee80211_rx_h_amsdu)
1998#ifdef CONFIG_MAC80211_MESH 2223#ifdef CONFIG_MAC80211_MESH
1999 if (ieee80211_vif_is_mesh(&sdata->vif)) 2224 if (ieee80211_vif_is_mesh(&sdata->vif))
2000 CALL_RXH(ieee80211_rx_h_mesh_fwding); 2225 CALL_RXH(ieee80211_rx_h_mesh_fwding);
2001#endif 2226#endif
2002 CALL_RXH(ieee80211_rx_h_data) 2227 CALL_RXH(ieee80211_rx_h_data)
2003 CALL_RXH(ieee80211_rx_h_ctrl) 2228
2004 CALL_RXH(ieee80211_rx_h_action) 2229 /* special treatment -- needs the queue */
2005 CALL_RXH(ieee80211_rx_h_mgmt) 2230 res = ieee80211_rx_h_ctrl(rx, &reorder_release);
2231 if (res != RX_CONTINUE)
2232 goto rxh_next;
2233
2234 CALL_RXH(ieee80211_rx_h_action)
2235 CALL_RXH(ieee80211_rx_h_mgmt)
2006 2236
2007#undef CALL_RXH 2237#undef CALL_RXH
2008 2238
2009 rxh_done: 2239 rxh_next:
2010 switch (res) { 2240 switch (res) {
2011 case RX_DROP_MONITOR: 2241 case RX_DROP_MONITOR:
2012 I802_DEBUG_INC(sdata->local->rx_handlers_drop); 2242 I802_DEBUG_INC(sdata->local->rx_handlers_drop);
2013 if (rx->sta) 2243 if (rx->sta)
2014 rx->sta->rx_dropped++; 2244 rx->sta->rx_dropped++;
2015 /* fall through */ 2245 /* fall through */
2016 case RX_CONTINUE: 2246 case RX_CONTINUE:
2017 ieee80211_rx_cooked_monitor(rx); 2247 ieee80211_rx_cooked_monitor(rx, rate);
2018 break; 2248 break;
2019 case RX_DROP_UNUSABLE: 2249 case RX_DROP_UNUSABLE:
2020 I802_DEBUG_INC(sdata->local->rx_handlers_drop); 2250 I802_DEBUG_INC(sdata->local->rx_handlers_drop);
2021 if (rx->sta) 2251 if (rx->sta)
2022 rx->sta->rx_dropped++; 2252 rx->sta->rx_dropped++;
2023 dev_kfree_skb(rx->skb); 2253 dev_kfree_skb(rx->skb);
2024 break; 2254 break;
2025 case RX_QUEUED: 2255 case RX_QUEUED:
2026 I802_DEBUG_INC(sdata->local->rx_handlers_queued); 2256 I802_DEBUG_INC(sdata->local->rx_handlers_queued);
2027 break; 2257 break;
2258 }
2028 } 2259 }
2029} 2260}
2030 2261
@@ -2034,12 +2265,14 @@ static int prepare_for_handlers(struct ieee80211_sub_if_data *sdata,
2034 struct ieee80211_rx_data *rx, 2265 struct ieee80211_rx_data *rx,
2035 struct ieee80211_hdr *hdr) 2266 struct ieee80211_hdr *hdr)
2036{ 2267{
2037 u8 *bssid = ieee80211_get_bssid(hdr, rx->skb->len, sdata->vif.type); 2268 struct sk_buff *skb = rx->skb;
2269 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
2270 u8 *bssid = ieee80211_get_bssid(hdr, skb->len, sdata->vif.type);
2038 int multicast = is_multicast_ether_addr(hdr->addr1); 2271 int multicast = is_multicast_ether_addr(hdr->addr1);
2039 2272
2040 switch (sdata->vif.type) { 2273 switch (sdata->vif.type) {
2041 case NL80211_IFTYPE_STATION: 2274 case NL80211_IFTYPE_STATION:
2042 if (!bssid) 2275 if (!bssid && !sdata->u.mgd.use_4addr)
2043 return 0; 2276 return 0;
2044 if (!multicast && 2277 if (!multicast &&
2045 compare_ether_addr(sdata->dev->dev_addr, hdr->addr1) != 0) { 2278 compare_ether_addr(sdata->dev->dev_addr, hdr->addr1) != 0) {
@@ -2066,10 +2299,10 @@ static int prepare_for_handlers(struct ieee80211_sub_if_data *sdata,
2066 rx->flags &= ~IEEE80211_RX_RA_MATCH; 2299 rx->flags &= ~IEEE80211_RX_RA_MATCH;
2067 } else if (!rx->sta) { 2300 } else if (!rx->sta) {
2068 int rate_idx; 2301 int rate_idx;
2069 if (rx->status->flag & RX_FLAG_HT) 2302 if (status->flag & RX_FLAG_HT)
2070 rate_idx = 0; /* TODO: HT rates */ 2303 rate_idx = 0; /* TODO: HT rates */
2071 else 2304 else
2072 rate_idx = rx->status->rate_idx; 2305 rate_idx = status->rate_idx;
2073 rx->sta = ieee80211_ibss_add_sta(sdata, bssid, hdr->addr2, 2306 rx->sta = ieee80211_ibss_add_sta(sdata, bssid, hdr->addr2,
2074 BIT(rate_idx)); 2307 BIT(rate_idx));
2075 } 2308 }
@@ -2104,8 +2337,6 @@ static int prepare_for_handlers(struct ieee80211_sub_if_data *sdata,
2104 return 0; 2337 return 0;
2105 break; 2338 break;
2106 case NL80211_IFTYPE_MONITOR: 2339 case NL80211_IFTYPE_MONITOR:
2107 /* take everything */
2108 break;
2109 case NL80211_IFTYPE_UNSPECIFIED: 2340 case NL80211_IFTYPE_UNSPECIFIED:
2110 case __NL80211_IFTYPE_AFTER_LAST: 2341 case __NL80211_IFTYPE_AFTER_LAST:
2111 /* should never get here */ 2342 /* should never get here */
@@ -2138,23 +2369,9 @@ static void __ieee80211_rx_handle_packet(struct ieee80211_hw *hw,
2138 rx.skb = skb; 2369 rx.skb = skb;
2139 rx.local = local; 2370 rx.local = local;
2140 2371
2141 rx.status = status;
2142 rx.rate = rate;
2143
2144 if (ieee80211_is_data(hdr->frame_control) || ieee80211_is_mgmt(hdr->frame_control)) 2372 if (ieee80211_is_data(hdr->frame_control) || ieee80211_is_mgmt(hdr->frame_control))
2145 local->dot11ReceivedFragmentCount++; 2373 local->dot11ReceivedFragmentCount++;
2146 2374
2147 rx.sta = sta_info_get(local, hdr->addr2);
2148 if (rx.sta) {
2149 rx.sdata = rx.sta->sdata;
2150 rx.dev = rx.sta->sdata->dev;
2151 }
2152
2153 if ((status->flag & RX_FLAG_MMIC_ERROR)) {
2154 ieee80211_rx_michael_mic_report(hdr, &rx);
2155 return;
2156 }
2157
2158 if (unlikely(test_bit(SCAN_HW_SCANNING, &local->scanning) || 2375 if (unlikely(test_bit(SCAN_HW_SCANNING, &local->scanning) ||
2159 test_bit(SCAN_OFF_CHANNEL, &local->scanning))) 2376 test_bit(SCAN_OFF_CHANNEL, &local->scanning)))
2160 rx.flags |= IEEE80211_RX_IN_SCAN; 2377 rx.flags |= IEEE80211_RX_IN_SCAN;
@@ -2162,13 +2379,20 @@ static void __ieee80211_rx_handle_packet(struct ieee80211_hw *hw,
2162 ieee80211_parse_qos(&rx); 2379 ieee80211_parse_qos(&rx);
2163 ieee80211_verify_alignment(&rx); 2380 ieee80211_verify_alignment(&rx);
2164 2381
2165 skb = rx.skb; 2382 rx.sta = sta_info_get(local, hdr->addr2);
2383 if (rx.sta)
2384 rx.sdata = rx.sta->sdata;
2166 2385
2167 if (rx.sdata && ieee80211_is_data(hdr->frame_control)) { 2386 if (rx.sdata && ieee80211_is_data(hdr->frame_control)) {
2168 rx.flags |= IEEE80211_RX_RA_MATCH; 2387 rx.flags |= IEEE80211_RX_RA_MATCH;
2169 prepares = prepare_for_handlers(rx.sdata, &rx, hdr); 2388 prepares = prepare_for_handlers(rx.sdata, &rx, hdr);
2170 if (prepares) 2389 if (prepares) {
2171 prev = rx.sdata; 2390 if (status->flag & RX_FLAG_MMIC_ERROR) {
2391 if (rx.flags & IEEE80211_RX_RA_MATCH)
2392 ieee80211_rx_michael_mic_report(hdr, &rx);
2393 } else
2394 prev = rx.sdata;
2395 }
2172 } else list_for_each_entry_rcu(sdata, &local->interfaces, list) { 2396 } else list_for_each_entry_rcu(sdata, &local->interfaces, list) {
2173 if (!netif_running(sdata->dev)) 2397 if (!netif_running(sdata->dev))
2174 continue; 2398 continue;
@@ -2183,6 +2407,13 @@ static void __ieee80211_rx_handle_packet(struct ieee80211_hw *hw,
2183 if (!prepares) 2407 if (!prepares)
2184 continue; 2408 continue;
2185 2409
2410 if (status->flag & RX_FLAG_MMIC_ERROR) {
2411 rx.sdata = sdata;
2412 if (rx.flags & IEEE80211_RX_RA_MATCH)
2413 ieee80211_rx_michael_mic_report(hdr, &rx);
2414 continue;
2415 }
2416
2186 /* 2417 /*
2187 * frame is destined for this interface, but if it's not 2418 * frame is destined for this interface, but if it's not
2188 * also for the previous one we handle that after the 2419 * also for the previous one we handle that after the
@@ -2208,240 +2439,15 @@ static void __ieee80211_rx_handle_packet(struct ieee80211_hw *hw,
2208 prev->dev->name); 2439 prev->dev->name);
2209 continue; 2440 continue;
2210 } 2441 }
2211 ieee80211_invoke_rx_handlers(prev, &rx, skb_new); 2442 ieee80211_invoke_rx_handlers(prev, &rx, skb_new, rate);
2212 prev = sdata; 2443 prev = sdata;
2213 } 2444 }
2214 if (prev) 2445 if (prev)
2215 ieee80211_invoke_rx_handlers(prev, &rx, skb); 2446 ieee80211_invoke_rx_handlers(prev, &rx, skb, rate);
2216 else 2447 else
2217 dev_kfree_skb(skb); 2448 dev_kfree_skb(skb);
2218} 2449}
2219 2450
2220#define SEQ_MODULO 0x1000
2221#define SEQ_MASK 0xfff
2222
2223static inline int seq_less(u16 sq1, u16 sq2)
2224{
2225 return ((sq1 - sq2) & SEQ_MASK) > (SEQ_MODULO >> 1);
2226}
2227
2228static inline u16 seq_inc(u16 sq)
2229{
2230 return (sq + 1) & SEQ_MASK;
2231}
2232
2233static inline u16 seq_sub(u16 sq1, u16 sq2)
2234{
2235 return (sq1 - sq2) & SEQ_MASK;
2236}
2237
2238
2239static void ieee80211_release_reorder_frame(struct ieee80211_hw *hw,
2240 struct tid_ampdu_rx *tid_agg_rx,
2241 int index)
2242{
2243 struct ieee80211_supported_band *sband;
2244 struct ieee80211_rate *rate;
2245 struct sk_buff *skb = tid_agg_rx->reorder_buf[index];
2246 struct ieee80211_rx_status *status;
2247
2248 if (!skb)
2249 goto no_frame;
2250
2251 status = IEEE80211_SKB_RXCB(skb);
2252
2253 /* release the reordered frames to stack */
2254 sband = hw->wiphy->bands[status->band];
2255 if (status->flag & RX_FLAG_HT)
2256 rate = sband->bitrates; /* TODO: HT rates */
2257 else
2258 rate = &sband->bitrates[status->rate_idx];
2259 __ieee80211_rx_handle_packet(hw, skb, rate);
2260 tid_agg_rx->stored_mpdu_num--;
2261 tid_agg_rx->reorder_buf[index] = NULL;
2262
2263no_frame:
2264 tid_agg_rx->head_seq_num = seq_inc(tid_agg_rx->head_seq_num);
2265}
2266
2267
2268/*
2269 * Timeout (in jiffies) for skb's that are waiting in the RX reorder buffer. If
2270 * the skb was added to the buffer longer than this time ago, the earlier
2271 * frames that have not yet been received are assumed to be lost and the skb
2272 * can be released for processing. This may also release other skb's from the
2273 * reorder buffer if there are no additional gaps between the frames.
2274 */
2275#define HT_RX_REORDER_BUF_TIMEOUT (HZ / 10)
2276
2277/*
2278 * As it function blongs to Rx path it must be called with
2279 * the proper rcu_read_lock protection for its flow.
2280 */
2281static u8 ieee80211_sta_manage_reorder_buf(struct ieee80211_hw *hw,
2282 struct tid_ampdu_rx *tid_agg_rx,
2283 struct sk_buff *skb,
2284 u16 mpdu_seq_num,
2285 int bar_req)
2286{
2287 u16 head_seq_num, buf_size;
2288 int index;
2289
2290 buf_size = tid_agg_rx->buf_size;
2291 head_seq_num = tid_agg_rx->head_seq_num;
2292
2293 /* frame with out of date sequence number */
2294 if (seq_less(mpdu_seq_num, head_seq_num)) {
2295 dev_kfree_skb(skb);
2296 return 1;
2297 }
2298
2299 /* if frame sequence number exceeds our buffering window size or
2300 * block Ack Request arrived - release stored frames */
2301 if ((!seq_less(mpdu_seq_num, head_seq_num + buf_size)) || (bar_req)) {
2302 /* new head to the ordering buffer */
2303 if (bar_req)
2304 head_seq_num = mpdu_seq_num;
2305 else
2306 head_seq_num =
2307 seq_inc(seq_sub(mpdu_seq_num, buf_size));
2308 /* release stored frames up to new head to stack */
2309 while (seq_less(tid_agg_rx->head_seq_num, head_seq_num)) {
2310 index = seq_sub(tid_agg_rx->head_seq_num,
2311 tid_agg_rx->ssn)
2312 % tid_agg_rx->buf_size;
2313 ieee80211_release_reorder_frame(hw, tid_agg_rx,
2314 index);
2315 }
2316 if (bar_req)
2317 return 1;
2318 }
2319
2320 /* now the new frame is always in the range of the reordering */
2321 /* buffer window */
2322 index = seq_sub(mpdu_seq_num, tid_agg_rx->ssn)
2323 % tid_agg_rx->buf_size;
2324 /* check if we already stored this frame */
2325 if (tid_agg_rx->reorder_buf[index]) {
2326 dev_kfree_skb(skb);
2327 return 1;
2328 }
2329
2330 /* if arrived mpdu is in the right order and nothing else stored */
2331 /* release it immediately */
2332 if (mpdu_seq_num == tid_agg_rx->head_seq_num &&
2333 tid_agg_rx->stored_mpdu_num == 0) {
2334 tid_agg_rx->head_seq_num =
2335 seq_inc(tid_agg_rx->head_seq_num);
2336 return 0;
2337 }
2338
2339 /* put the frame in the reordering buffer */
2340 tid_agg_rx->reorder_buf[index] = skb;
2341 tid_agg_rx->reorder_time[index] = jiffies;
2342 tid_agg_rx->stored_mpdu_num++;
2343 /* release the buffer until next missing frame */
2344 index = seq_sub(tid_agg_rx->head_seq_num, tid_agg_rx->ssn)
2345 % tid_agg_rx->buf_size;
2346 if (!tid_agg_rx->reorder_buf[index] &&
2347 tid_agg_rx->stored_mpdu_num > 1) {
2348 /*
2349 * No buffers ready to be released, but check whether any
2350 * frames in the reorder buffer have timed out.
2351 */
2352 int j;
2353 int skipped = 1;
2354 for (j = (index + 1) % tid_agg_rx->buf_size; j != index;
2355 j = (j + 1) % tid_agg_rx->buf_size) {
2356 if (tid_agg_rx->reorder_buf[j] == NULL) {
2357 skipped++;
2358 continue;
2359 }
2360 if (!time_after(jiffies, tid_agg_rx->reorder_time[j] +
2361 HZ / 10))
2362 break;
2363
2364#ifdef CONFIG_MAC80211_HT_DEBUG
2365 if (net_ratelimit())
2366 printk(KERN_DEBUG "%s: release an RX reorder "
2367 "frame due to timeout on earlier "
2368 "frames\n",
2369 wiphy_name(hw->wiphy));
2370#endif
2371 ieee80211_release_reorder_frame(hw, tid_agg_rx, j);
2372
2373 /*
2374 * Increment the head seq# also for the skipped slots.
2375 */
2376 tid_agg_rx->head_seq_num =
2377 (tid_agg_rx->head_seq_num + skipped) &
2378 SEQ_MASK;
2379 skipped = 0;
2380 }
2381 } else while (tid_agg_rx->reorder_buf[index]) {
2382 ieee80211_release_reorder_frame(hw, tid_agg_rx, index);
2383 index = seq_sub(tid_agg_rx->head_seq_num,
2384 tid_agg_rx->ssn) % tid_agg_rx->buf_size;
2385 }
2386 return 1;
2387}
2388
2389static u8 ieee80211_rx_reorder_ampdu(struct ieee80211_local *local,
2390 struct sk_buff *skb)
2391{
2392 struct ieee80211_hw *hw = &local->hw;
2393 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
2394 struct sta_info *sta;
2395 struct tid_ampdu_rx *tid_agg_rx;
2396 u16 sc;
2397 u16 mpdu_seq_num;
2398 u8 ret = 0;
2399 int tid;
2400
2401 sta = sta_info_get(local, hdr->addr2);
2402 if (!sta)
2403 return ret;
2404
2405 /* filter the QoS data rx stream according to
2406 * STA/TID and check if this STA/TID is on aggregation */
2407 if (!ieee80211_is_data_qos(hdr->frame_control))
2408 goto end_reorder;
2409
2410 tid = *ieee80211_get_qos_ctl(hdr) & IEEE80211_QOS_CTL_TID_MASK;
2411
2412 if (sta->ampdu_mlme.tid_state_rx[tid] != HT_AGG_STATE_OPERATIONAL)
2413 goto end_reorder;
2414
2415 tid_agg_rx = sta->ampdu_mlme.tid_rx[tid];
2416
2417 /* qos null data frames are excluded */
2418 if (unlikely(hdr->frame_control & cpu_to_le16(IEEE80211_STYPE_NULLFUNC)))
2419 goto end_reorder;
2420
2421 /* new un-ordered ampdu frame - process it */
2422
2423 /* reset session timer */
2424 if (tid_agg_rx->timeout)
2425 mod_timer(&tid_agg_rx->session_timer,
2426 TU_TO_EXP_TIME(tid_agg_rx->timeout));
2427
2428 /* if this mpdu is fragmented - terminate rx aggregation session */
2429 sc = le16_to_cpu(hdr->seq_ctrl);
2430 if (sc & IEEE80211_SCTL_FRAG) {
2431 ieee80211_sta_stop_rx_ba_session(sta->sdata, sta->sta.addr,
2432 tid, 0, WLAN_REASON_QSTA_REQUIRE_SETUP);
2433 ret = 1;
2434 goto end_reorder;
2435 }
2436
2437 /* according to mpdu sequence number deal with reordering buffer */
2438 mpdu_seq_num = (sc & IEEE80211_SCTL_SEQ) >> 4;
2439 ret = ieee80211_sta_manage_reorder_buf(hw, tid_agg_rx, skb,
2440 mpdu_seq_num, 0);
2441 end_reorder:
2442 return ret;
2443}
2444
2445/* 2451/*
2446 * This is the receive path handler. It is called by a low level driver when an 2452 * This is the receive path handler. It is called by a low level driver when an
2447 * 802.11 MPDU is received from the hardware. 2453 * 802.11 MPDU is received from the hardware.
@@ -2481,14 +2487,22 @@ void ieee80211_rx(struct ieee80211_hw *hw, struct sk_buff *skb)
2481 goto drop; 2487 goto drop;
2482 2488
2483 if (status->flag & RX_FLAG_HT) { 2489 if (status->flag & RX_FLAG_HT) {
2484 /* rate_idx is MCS index */ 2490 /*
2485 if (WARN_ON(status->rate_idx < 0 || 2491 * rate_idx is MCS index, which can be [0-76] as documented on:
2486 status->rate_idx >= 76)) 2492 *
2493 * http://wireless.kernel.org/en/developers/Documentation/ieee80211/802.11n
2494 *
2495 * Anything else would be some sort of driver or hardware error.
2496 * The driver should catch hardware errors.
2497 */
2498 if (WARN((status->rate_idx < 0 ||
2499 status->rate_idx > 76),
2500 "Rate marked as an HT rate but passed "
2501 "status->rate_idx is not "
2502 "an MCS index [0-76]: %d (0x%02x)\n",
2503 status->rate_idx,
2504 status->rate_idx))
2487 goto drop; 2505 goto drop;
2488 /* HT rates are not in the table - use the highest legacy rate
2489 * for now since other parts of mac80211 may not yet be fully
2490 * MCS aware. */
2491 rate = &sband->bitrates[sband->n_bitrates - 1];
2492 } else { 2506 } else {
2493 if (WARN_ON(status->rate_idx < 0 || 2507 if (WARN_ON(status->rate_idx < 0 ||
2494 status->rate_idx >= sband->n_bitrates)) 2508 status->rate_idx >= sband->n_bitrates))
@@ -2515,20 +2529,7 @@ void ieee80211_rx(struct ieee80211_hw *hw, struct sk_buff *skb)
2515 return; 2529 return;
2516 } 2530 }
2517 2531
2518 /* 2532 __ieee80211_rx_handle_packet(hw, skb, rate);
2519 * In theory, the block ack reordering should happen after duplicate
2520 * removal (ieee80211_rx_h_check(), which is an RX handler). As such,
2521 * the call to ieee80211_rx_reorder_ampdu() should really be moved to
2522 * happen as a new RX handler between ieee80211_rx_h_check and
2523 * ieee80211_rx_h_decrypt. This cleanup may eventually happen, but for
2524 * the time being, the call can be here since RX reorder buf processing
2525 * will implicitly skip duplicates. We could, in theory at least,
2526 * process frames that ieee80211_rx_h_passive_scan would drop (e.g.,
2527 * frames from other than operational channel), but that should not
2528 * happen in normal networks.
2529 */
2530 if (!ieee80211_rx_reorder_ampdu(local, skb))
2531 __ieee80211_rx_handle_packet(hw, skb, rate);
2532 2533
2533 rcu_read_unlock(); 2534 rcu_read_unlock();
2534 2535
generated by cgit v1.2.2 (git 2.25.0) at 2025-02-27 16:32:28 -0500