aboutsummaryrefslogtreecommitdiffstats
path: root/net/mac80211/rx.c
diff options
context:
space:
mode:
Diffstat (limited to 'net/mac80211/rx.c')
-rw-r--r--net/mac80211/rx.c423
1 files changed, 340 insertions, 83 deletions
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 7175ae80c36a..64ebe664effc 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -86,8 +86,7 @@ ieee80211_rx_radiotap_len(struct ieee80211_local *local,
86 86
87 if (status->flag & RX_FLAG_TSFT) 87 if (status->flag & RX_FLAG_TSFT)
88 len += 8; 88 len += 8;
89 if (local->hw.flags & IEEE80211_HW_SIGNAL_DB || 89 if (local->hw.flags & IEEE80211_HW_SIGNAL_DBM)
90 local->hw.flags & IEEE80211_HW_SIGNAL_DBM)
91 len += 1; 90 len += 1;
92 if (local->hw.flags & IEEE80211_HW_NOISE_DBM) 91 if (local->hw.flags & IEEE80211_HW_NOISE_DBM)
93 len += 1; 92 len += 1;
@@ -102,7 +101,7 @@ ieee80211_rx_radiotap_len(struct ieee80211_local *local,
102 return len; 101 return len;
103} 102}
104 103
105/** 104/*
106 * ieee80211_add_rx_radiotap_header - add radiotap header 105 * ieee80211_add_rx_radiotap_header - add radiotap header
107 * 106 *
108 * add a radiotap header containing all the fields which the hardware provided. 107 * add a radiotap header containing all the fields which the hardware provided.
@@ -143,6 +142,8 @@ ieee80211_add_rx_radiotap_header(struct ieee80211_local *local,
143 /* IEEE80211_RADIOTAP_FLAGS */ 142 /* IEEE80211_RADIOTAP_FLAGS */
144 if (local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS) 143 if (local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS)
145 *pos |= IEEE80211_RADIOTAP_F_FCS; 144 *pos |= IEEE80211_RADIOTAP_F_FCS;
145 if (status->flag & (RX_FLAG_FAILED_FCS_CRC | RX_FLAG_FAILED_PLCP_CRC))
146 *pos |= IEEE80211_RADIOTAP_F_BADFCS;
146 if (status->flag & RX_FLAG_SHORTPRE) 147 if (status->flag & RX_FLAG_SHORTPRE)
147 *pos |= IEEE80211_RADIOTAP_F_SHORTPRE; 148 *pos |= IEEE80211_RADIOTAP_F_SHORTPRE;
148 pos++; 149 pos++;
@@ -158,7 +159,7 @@ ieee80211_add_rx_radiotap_header(struct ieee80211_local *local,
158 */ 159 */
159 *pos = 0; 160 *pos = 0;
160 } else { 161 } else {
161 rthdr->it_present |= (1 << IEEE80211_RADIOTAP_RATE); 162 rthdr->it_present |= cpu_to_le32(1 << IEEE80211_RADIOTAP_RATE);
162 *pos = rate->bitrate / 5; 163 *pos = rate->bitrate / 5;
163 } 164 }
164 pos++; 165 pos++;
@@ -199,23 +200,14 @@ ieee80211_add_rx_radiotap_header(struct ieee80211_local *local,
199 *pos = status->antenna; 200 *pos = status->antenna;
200 pos++; 201 pos++;
201 202
202 /* IEEE80211_RADIOTAP_DB_ANTSIGNAL */
203 if (local->hw.flags & IEEE80211_HW_SIGNAL_DB) {
204 *pos = status->signal;
205 rthdr->it_present |=
206 cpu_to_le32(1 << IEEE80211_RADIOTAP_DB_ANTSIGNAL);
207 pos++;
208 }
209
210 /* IEEE80211_RADIOTAP_DB_ANTNOISE is not used */ 203 /* IEEE80211_RADIOTAP_DB_ANTNOISE is not used */
211 204
212 /* IEEE80211_RADIOTAP_RX_FLAGS */ 205 /* IEEE80211_RADIOTAP_RX_FLAGS */
213 /* ensure 2 byte alignment for the 2 byte field as required */ 206 /* ensure 2 byte alignment for the 2 byte field as required */
214 if ((pos - (unsigned char *)rthdr) & 1) 207 if ((pos - (unsigned char *)rthdr) & 1)
215 pos++; 208 pos++;
216 /* FIXME: when radiotap gets a 'bad PLCP' flag use it here */ 209 if (status->flag & RX_FLAG_FAILED_PLCP_CRC)
217 if (status->flag & (RX_FLAG_FAILED_FCS_CRC | RX_FLAG_FAILED_PLCP_CRC)) 210 *(__le16 *)pos |= cpu_to_le16(IEEE80211_RADIOTAP_F_RX_BADPLCP);
218 *(__le16 *)pos |= cpu_to_le16(IEEE80211_RADIOTAP_F_RX_BADFCS);
219 pos += 2; 211 pos += 2;
220} 212}
221 213
@@ -371,39 +363,50 @@ static void ieee80211_parse_qos(struct ieee80211_rx_data *rx)
371 rx->skb->priority = (tid > 7) ? 0 : tid; 363 rx->skb->priority = (tid > 7) ? 0 : tid;
372} 364}
373 365
374static void ieee80211_verify_ip_alignment(struct ieee80211_rx_data *rx) 366/**
367 * DOC: Packet alignment
368 *
369 * Drivers always need to pass packets that are aligned to two-byte boundaries
370 * to the stack.
371 *
372 * Additionally, should, if possible, align the payload data in a way that
373 * guarantees that the contained IP header is aligned to a four-byte
374 * boundary. In the case of regular frames, this simply means aligning the
375 * payload to a four-byte boundary (because either the IP header is directly
376 * contained, or IV/RFC1042 headers that have a length divisible by four are
377 * in front of it).
378 *
379 * With A-MSDU frames, however, the payload data address must yield two modulo
380 * four because there are 14-byte 802.3 headers within the A-MSDU frames that
381 * push the IP header further back to a multiple of four again. Thankfully, the
382 * specs were sane enough this time around to require padding each A-MSDU
383 * subframe to a length that is a multiple of four.
384 *
385 * Padding like Atheros hardware adds which is inbetween the 802.11 header and
386 * the payload is not supported, the driver is required to move the 802.11
387 * header to be directly in front of the payload in that case.
388 */
389static void ieee80211_verify_alignment(struct ieee80211_rx_data *rx)
375{ 390{
376#ifdef CONFIG_MAC80211_DEBUG_PACKET_ALIGNMENT
377 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data; 391 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
378 int hdrlen; 392 int hdrlen;
379 393
394#ifndef CONFIG_MAC80211_DEBUG_PACKET_ALIGNMENT
395 return;
396#endif
397
398 if (WARN_ONCE((unsigned long)rx->skb->data & 1,
399 "unaligned packet at 0x%p\n", rx->skb->data))
400 return;
401
380 if (!ieee80211_is_data_present(hdr->frame_control)) 402 if (!ieee80211_is_data_present(hdr->frame_control))
381 return; 403 return;
382 404
383 /*
384 * Drivers are required to align the payload data in a way that
385 * guarantees that the contained IP header is aligned to a four-
386 * byte boundary. In the case of regular frames, this simply means
387 * aligning the payload to a four-byte boundary (because either
388 * the IP header is directly contained, or IV/RFC1042 headers that
389 * have a length divisible by four are in front of it.
390 *
391 * With A-MSDU frames, however, the payload data address must
392 * yield two modulo four because there are 14-byte 802.3 headers
393 * within the A-MSDU frames that push the IP header further back
394 * to a multiple of four again. Thankfully, the specs were sane
395 * enough this time around to require padding each A-MSDU subframe
396 * to a length that is a multiple of four.
397 *
398 * Padding like atheros hardware adds which is inbetween the 802.11
399 * header and the payload is not supported, the driver is required
400 * to move the 802.11 header further back in that case.
401 */
402 hdrlen = ieee80211_hdrlen(hdr->frame_control); 405 hdrlen = ieee80211_hdrlen(hdr->frame_control);
403 if (rx->flags & IEEE80211_RX_AMSDU) 406 if (rx->flags & IEEE80211_RX_AMSDU)
404 hdrlen += ETH_HLEN; 407 hdrlen += ETH_HLEN;
405 WARN_ON_ONCE(((unsigned long)(rx->skb->data + hdrlen)) & 3); 408 WARN_ONCE(((unsigned long)(rx->skb->data + hdrlen)) & 3,
406#endif 409 "unaligned IP payload at 0x%p\n", rx->skb->data + hdrlen);
407} 410}
408 411
409 412
@@ -435,6 +438,52 @@ ieee80211_rx_h_passive_scan(struct ieee80211_rx_data *rx)
435 return RX_CONTINUE; 438 return RX_CONTINUE;
436} 439}
437 440
441
442static int ieee80211_is_unicast_robust_mgmt_frame(struct sk_buff *skb)
443{
444 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
445
446 if (skb->len < 24 || is_multicast_ether_addr(hdr->addr1))
447 return 0;
448
449 return ieee80211_is_robust_mgmt_frame(hdr);
450}
451
452
453static int ieee80211_is_multicast_robust_mgmt_frame(struct sk_buff *skb)
454{
455 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
456
457 if (skb->len < 24 || !is_multicast_ether_addr(hdr->addr1))
458 return 0;
459
460 return ieee80211_is_robust_mgmt_frame(hdr);
461}
462
463
464/* Get the BIP key index from MMIE; return -1 if this is not a BIP frame */
465static int ieee80211_get_mmie_keyidx(struct sk_buff *skb)
466{
467 struct ieee80211_mgmt *hdr = (struct ieee80211_mgmt *) skb->data;
468 struct ieee80211_mmie *mmie;
469
470 if (skb->len < 24 + sizeof(*mmie) ||
471 !is_multicast_ether_addr(hdr->da))
472 return -1;
473
474 if (!ieee80211_is_robust_mgmt_frame((struct ieee80211_hdr *) hdr))
475 return -1; /* not a robust management frame */
476
477 mmie = (struct ieee80211_mmie *)
478 (skb->data + skb->len - sizeof(*mmie));
479 if (mmie->element_id != WLAN_EID_MMIE ||
480 mmie->length != sizeof(*mmie) - 2)
481 return -1;
482
483 return le16_to_cpu(mmie->key_id);
484}
485
486
438static ieee80211_rx_result 487static ieee80211_rx_result
439ieee80211_rx_mesh_check(struct ieee80211_rx_data *rx) 488ieee80211_rx_mesh_check(struct ieee80211_rx_data *rx)
440{ 489{
@@ -550,21 +599,23 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
550 int hdrlen; 599 int hdrlen;
551 ieee80211_rx_result result = RX_DROP_UNUSABLE; 600 ieee80211_rx_result result = RX_DROP_UNUSABLE;
552 struct ieee80211_key *stakey = NULL; 601 struct ieee80211_key *stakey = NULL;
602 int mmie_keyidx = -1;
553 603
554 /* 604 /*
555 * Key selection 101 605 * Key selection 101
556 * 606 *
557 * There are three types of keys: 607 * There are four types of keys:
558 * - GTK (group keys) 608 * - GTK (group keys)
609 * - IGTK (group keys for management frames)
559 * - PTK (pairwise keys) 610 * - PTK (pairwise keys)
560 * - STK (station-to-station pairwise keys) 611 * - STK (station-to-station pairwise keys)
561 * 612 *
562 * When selecting a key, we have to distinguish between multicast 613 * When selecting a key, we have to distinguish between multicast
563 * (including broadcast) and unicast frames, the latter can only 614 * (including broadcast) and unicast frames, the latter can only
564 * use PTKs and STKs while the former always use GTKs. Unless, of 615 * use PTKs and STKs while the former always use GTKs and IGTKs.
565 * course, actual WEP keys ("pre-RSNA") are used, then unicast 616 * Unless, of course, actual WEP keys ("pre-RSNA") are used, then
566 * frames can also use key indizes like GTKs. Hence, if we don't 617 * unicast frames can also use key indices like GTKs. Hence, if we
567 * have a PTK/STK we check the key index for a WEP key. 618 * don't have a PTK/STK we check the key index for a WEP key.
568 * 619 *
569 * Note that in a regular BSS, multicast frames are sent by the 620 * Note that in a regular BSS, multicast frames are sent by the
570 * AP only, associated stations unicast the frame to the AP first 621 * AP only, associated stations unicast the frame to the AP first
@@ -577,8 +628,14 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
577 * possible. 628 * possible.
578 */ 629 */
579 630
580 if (!ieee80211_has_protected(hdr->frame_control)) 631 if (!ieee80211_has_protected(hdr->frame_control)) {
581 return RX_CONTINUE; 632 if (!ieee80211_is_mgmt(hdr->frame_control) ||
633 rx->sta == NULL || !test_sta_flags(rx->sta, WLAN_STA_MFP))
634 return RX_CONTINUE;
635 mmie_keyidx = ieee80211_get_mmie_keyidx(rx->skb);
636 if (mmie_keyidx < 0)
637 return RX_CONTINUE;
638 }
582 639
583 /* 640 /*
584 * No point in finding a key and decrypting if the frame is neither 641 * No point in finding a key and decrypting if the frame is neither
@@ -592,6 +649,16 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
592 649
593 if (!is_multicast_ether_addr(hdr->addr1) && stakey) { 650 if (!is_multicast_ether_addr(hdr->addr1) && stakey) {
594 rx->key = stakey; 651 rx->key = stakey;
652 } else if (mmie_keyidx >= 0) {
653 /* Broadcast/multicast robust management frame / BIP */
654 if ((rx->status->flag & RX_FLAG_DECRYPTED) &&
655 (rx->status->flag & RX_FLAG_IV_STRIPPED))
656 return RX_CONTINUE;
657
658 if (mmie_keyidx < NUM_DEFAULT_KEYS ||
659 mmie_keyidx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS)
660 return RX_DROP_MONITOR; /* unexpected BIP keyidx */
661 rx->key = rcu_dereference(rx->sdata->keys[mmie_keyidx]);
595 } else { 662 } else {
596 /* 663 /*
597 * The device doesn't give us the IV so we won't be 664 * The device doesn't give us the IV so we won't be
@@ -654,6 +721,9 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
654 case ALG_CCMP: 721 case ALG_CCMP:
655 result = ieee80211_crypto_ccmp_decrypt(rx); 722 result = ieee80211_crypto_ccmp_decrypt(rx);
656 break; 723 break;
724 case ALG_AES_CMAC:
725 result = ieee80211_crypto_aes_cmac_decrypt(rx);
726 break;
657 } 727 }
658 728
659 /* either the frame has been decrypted or will be dropped */ 729 /* either the frame has been decrypted or will be dropped */
@@ -662,6 +732,39 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
662 return result; 732 return result;
663} 733}
664 734
735static ieee80211_rx_result debug_noinline
736ieee80211_rx_h_check_more_data(struct ieee80211_rx_data *rx)
737{
738 struct ieee80211_local *local;
739 struct ieee80211_hdr *hdr;
740 struct sk_buff *skb;
741
742 local = rx->local;
743 skb = rx->skb;
744 hdr = (struct ieee80211_hdr *) skb->data;
745
746 if (!local->pspolling)
747 return RX_CONTINUE;
748
749 if (!ieee80211_has_fromds(hdr->frame_control))
750 /* this is not from AP */
751 return RX_CONTINUE;
752
753 if (!ieee80211_is_data(hdr->frame_control))
754 return RX_CONTINUE;
755
756 if (!ieee80211_has_moredata(hdr->frame_control)) {
757 /* AP has no more frames buffered for us */
758 local->pspolling = false;
759 return RX_CONTINUE;
760 }
761
762 /* more data bit is set, let's request a new frame from the AP */
763 ieee80211_send_pspoll(local, rx->sdata);
764
765 return RX_CONTINUE;
766}
767
665static void ap_sta_ps_start(struct sta_info *sta) 768static void ap_sta_ps_start(struct sta_info *sta)
666{ 769{
667 struct ieee80211_sub_if_data *sdata = sta->sdata; 770 struct ieee80211_sub_if_data *sdata = sta->sdata;
@@ -736,7 +839,7 @@ ieee80211_rx_h_sta_process(struct ieee80211_rx_data *rx)
736 if (rx->sdata->vif.type == NL80211_IFTYPE_ADHOC) { 839 if (rx->sdata->vif.type == NL80211_IFTYPE_ADHOC) {
737 u8 *bssid = ieee80211_get_bssid(hdr, rx->skb->len, 840 u8 *bssid = ieee80211_get_bssid(hdr, rx->skb->len,
738 NL80211_IFTYPE_ADHOC); 841 NL80211_IFTYPE_ADHOC);
739 if (compare_ether_addr(bssid, rx->sdata->u.sta.bssid) == 0) 842 if (compare_ether_addr(bssid, rx->sdata->u.ibss.bssid) == 0)
740 sta->last_rx = jiffies; 843 sta->last_rx = jiffies;
741 } else 844 } else
742 if (!is_multicast_ether_addr(hdr->addr1) || 845 if (!is_multicast_ether_addr(hdr->addr1) ||
@@ -747,12 +850,19 @@ ieee80211_rx_h_sta_process(struct ieee80211_rx_data *rx)
747 * Mesh beacons will update last_rx when if they are found to 850 * Mesh beacons will update last_rx when if they are found to
748 * match the current local configuration when processed. 851 * match the current local configuration when processed.
749 */ 852 */
750 sta->last_rx = jiffies; 853 if (rx->sdata->vif.type == NL80211_IFTYPE_STATION &&
854 ieee80211_is_beacon(hdr->frame_control)) {
855 rx->sdata->u.mgd.last_beacon = jiffies;
856 } else
857 sta->last_rx = jiffies;
751 } 858 }
752 859
753 if (!(rx->flags & IEEE80211_RX_RA_MATCH)) 860 if (!(rx->flags & IEEE80211_RX_RA_MATCH))
754 return RX_CONTINUE; 861 return RX_CONTINUE;
755 862
863 if (rx->sdata->vif.type == NL80211_IFTYPE_STATION)
864 ieee80211_sta_rx_notify(rx->sdata, hdr);
865
756 sta->rx_fragments++; 866 sta->rx_fragments++;
757 sta->rx_bytes += rx->skb->len; 867 sta->rx_bytes += rx->skb->len;
758 sta->last_signal = rx->status->signal; 868 sta->last_signal = rx->status->signal;
@@ -1101,6 +1211,15 @@ ieee80211_drop_unencrypted(struct ieee80211_rx_data *rx, __le16 fc)
1101 /* Drop unencrypted frames if key is set. */ 1211 /* Drop unencrypted frames if key is set. */
1102 if (unlikely(!ieee80211_has_protected(fc) && 1212 if (unlikely(!ieee80211_has_protected(fc) &&
1103 !ieee80211_is_nullfunc(fc) && 1213 !ieee80211_is_nullfunc(fc) &&
1214 (!ieee80211_is_mgmt(fc) ||
1215 (ieee80211_is_unicast_robust_mgmt_frame(rx->skb) &&
1216 rx->sta && test_sta_flags(rx->sta, WLAN_STA_MFP))) &&
1217 (rx->key || rx->sdata->drop_unencrypted)))
1218 return -EACCES;
1219 /* BIP does not use Protected field, so need to check MMIE */
1220 if (unlikely(rx->sta && test_sta_flags(rx->sta, WLAN_STA_MFP) &&
1221 ieee80211_is_multicast_robust_mgmt_frame(rx->skb) &&
1222 ieee80211_get_mmie_keyidx(rx->skb) < 0 &&
1104 (rx->key || rx->sdata->drop_unencrypted))) 1223 (rx->key || rx->sdata->drop_unencrypted)))
1105 return -EACCES; 1224 return -EACCES;
1106 1225
@@ -1138,12 +1257,12 @@ ieee80211_data_to_8023(struct ieee80211_rx_data *rx)
1138 1257
1139 switch (hdr->frame_control & 1258 switch (hdr->frame_control &
1140 cpu_to_le16(IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) { 1259 cpu_to_le16(IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) {
1141 case __constant_cpu_to_le16(IEEE80211_FCTL_TODS): 1260 case cpu_to_le16(IEEE80211_FCTL_TODS):
1142 if (unlikely(sdata->vif.type != NL80211_IFTYPE_AP && 1261 if (unlikely(sdata->vif.type != NL80211_IFTYPE_AP &&
1143 sdata->vif.type != NL80211_IFTYPE_AP_VLAN)) 1262 sdata->vif.type != NL80211_IFTYPE_AP_VLAN))
1144 return -1; 1263 return -1;
1145 break; 1264 break;
1146 case __constant_cpu_to_le16(IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS): 1265 case cpu_to_le16(IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS):
1147 if (unlikely(sdata->vif.type != NL80211_IFTYPE_WDS && 1266 if (unlikely(sdata->vif.type != NL80211_IFTYPE_WDS &&
1148 sdata->vif.type != NL80211_IFTYPE_MESH_POINT)) 1267 sdata->vif.type != NL80211_IFTYPE_MESH_POINT))
1149 return -1; 1268 return -1;
@@ -1157,13 +1276,13 @@ ieee80211_data_to_8023(struct ieee80211_rx_data *rx)
1157 } 1276 }
1158 } 1277 }
1159 break; 1278 break;
1160 case __constant_cpu_to_le16(IEEE80211_FCTL_FROMDS): 1279 case cpu_to_le16(IEEE80211_FCTL_FROMDS):
1161 if (sdata->vif.type != NL80211_IFTYPE_STATION || 1280 if (sdata->vif.type != NL80211_IFTYPE_STATION ||
1162 (is_multicast_ether_addr(dst) && 1281 (is_multicast_ether_addr(dst) &&
1163 !compare_ether_addr(src, dev->dev_addr))) 1282 !compare_ether_addr(src, dev->dev_addr)))
1164 return -1; 1283 return -1;
1165 break; 1284 break;
1166 case __constant_cpu_to_le16(0): 1285 case cpu_to_le16(0):
1167 if (sdata->vif.type != NL80211_IFTYPE_ADHOC) 1286 if (sdata->vif.type != NL80211_IFTYPE_ADHOC)
1168 return -1; 1287 return -1;
1169 break; 1288 break;
@@ -1267,10 +1386,37 @@ ieee80211_deliver_skb(struct ieee80211_rx_data *rx)
1267 } 1386 }
1268 1387
1269 if (skb) { 1388 if (skb) {
1270 /* deliver to local stack */ 1389 int align __maybe_unused;
1271 skb->protocol = eth_type_trans(skb, dev); 1390
1272 memset(skb->cb, 0, sizeof(skb->cb)); 1391#if defined(CONFIG_MAC80211_DEBUG_PACKET_ALIGNMENT) || !defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS)
1273 netif_rx(skb); 1392 /*
1393 * 'align' will only take the values 0 or 2 here
1394 * since all frames are required to be aligned
1395 * to 2-byte boundaries when being passed to
1396 * mac80211. That also explains the __skb_push()
1397 * below.
1398 */
1399 align = (unsigned long)skb->data & 4;
1400 if (align) {
1401 if (WARN_ON(skb_headroom(skb) < 3)) {
1402 dev_kfree_skb(skb);
1403 skb = NULL;
1404 } else {
1405 u8 *data = skb->data;
1406 size_t len = skb->len;
1407 u8 *new = __skb_push(skb, align);
1408 memmove(new, data, len);
1409 __skb_trim(skb, len);
1410 }
1411 }
1412#endif
1413
1414 if (skb) {
1415 /* deliver to local stack */
1416 skb->protocol = eth_type_trans(skb, dev);
1417 memset(skb->cb, 0, sizeof(skb->cb));
1418 netif_rx(skb);
1419 }
1274 } 1420 }
1275 1421
1276 if (xmit_skb) { 1422 if (xmit_skb) {
@@ -1339,14 +1485,20 @@ ieee80211_rx_h_amsdu(struct ieee80211_rx_data *rx)
1339 if (remaining <= subframe_len + padding) 1485 if (remaining <= subframe_len + padding)
1340 frame = skb; 1486 frame = skb;
1341 else { 1487 else {
1342 frame = dev_alloc_skb(local->hw.extra_tx_headroom + 1488 /*
1343 subframe_len); 1489 * Allocate and reserve two bytes more for payload
1490 * alignment since sizeof(struct ethhdr) is 14.
1491 */
1492 frame = dev_alloc_skb(
1493 ALIGN(local->hw.extra_tx_headroom, 4) +
1494 subframe_len + 2);
1344 1495
1345 if (frame == NULL) 1496 if (frame == NULL)
1346 return RX_DROP_UNUSABLE; 1497 return RX_DROP_UNUSABLE;
1347 1498
1348 skb_reserve(frame, local->hw.extra_tx_headroom + 1499 skb_reserve(frame,
1349 sizeof(struct ethhdr)); 1500 ALIGN(local->hw.extra_tx_headroom, 4) +
1501 sizeof(struct ethhdr) + 2);
1350 memcpy(skb_put(frame, ntohs(len)), skb->data, 1502 memcpy(skb_put(frame, ntohs(len)), skb->data,
1351 ntohs(len)); 1503 ntohs(len));
1352 1504
@@ -1529,11 +1681,9 @@ ieee80211_rx_h_ctrl(struct ieee80211_rx_data *rx)
1529 start_seq_num = le16_to_cpu(bar->start_seq_num) >> 4; 1681 start_seq_num = le16_to_cpu(bar->start_seq_num) >> 4;
1530 1682
1531 /* reset session timer */ 1683 /* reset session timer */
1532 if (tid_agg_rx->timeout) { 1684 if (tid_agg_rx->timeout)
1533 unsigned long expires = 1685 mod_timer(&tid_agg_rx->session_timer,
1534 jiffies + (tid_agg_rx->timeout / 1000) * HZ; 1686 TU_TO_EXP_TIME(tid_agg_rx->timeout));
1535 mod_timer(&tid_agg_rx->session_timer, expires);
1536 }
1537 1687
1538 /* manage reordering buffer according to requested */ 1688 /* manage reordering buffer according to requested */
1539 /* sequence number */ 1689 /* sequence number */
@@ -1547,12 +1697,64 @@ ieee80211_rx_h_ctrl(struct ieee80211_rx_data *rx)
1547 return RX_CONTINUE; 1697 return RX_CONTINUE;
1548} 1698}
1549 1699
1700static void ieee80211_process_sa_query_req(struct ieee80211_sub_if_data *sdata,
1701 struct ieee80211_mgmt *mgmt,
1702 size_t len)
1703{
1704 struct ieee80211_local *local = sdata->local;
1705 struct sk_buff *skb;
1706 struct ieee80211_mgmt *resp;
1707
1708 if (compare_ether_addr(mgmt->da, sdata->dev->dev_addr) != 0) {
1709 /* Not to own unicast address */
1710 return;
1711 }
1712
1713 if (compare_ether_addr(mgmt->sa, sdata->u.mgd.bssid) != 0 ||
1714 compare_ether_addr(mgmt->bssid, sdata->u.mgd.bssid) != 0) {
1715 /* Not from the current AP. */
1716 return;
1717 }
1718
1719 if (sdata->u.mgd.state == IEEE80211_STA_MLME_ASSOCIATE) {
1720 /* Association in progress; ignore SA Query */
1721 return;
1722 }
1723
1724 if (len < 24 + 1 + sizeof(resp->u.action.u.sa_query)) {
1725 /* Too short SA Query request frame */
1726 return;
1727 }
1728
1729 skb = dev_alloc_skb(sizeof(*resp) + local->hw.extra_tx_headroom);
1730 if (skb == NULL)
1731 return;
1732
1733 skb_reserve(skb, local->hw.extra_tx_headroom);
1734 resp = (struct ieee80211_mgmt *) skb_put(skb, 24);
1735 memset(resp, 0, 24);
1736 memcpy(resp->da, mgmt->sa, ETH_ALEN);
1737 memcpy(resp->sa, sdata->dev->dev_addr, ETH_ALEN);
1738 memcpy(resp->bssid, sdata->u.mgd.bssid, ETH_ALEN);
1739 resp->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
1740 IEEE80211_STYPE_ACTION);
1741 skb_put(skb, 1 + sizeof(resp->u.action.u.sa_query));
1742 resp->u.action.category = WLAN_CATEGORY_SA_QUERY;
1743 resp->u.action.u.sa_query.action = WLAN_ACTION_SA_QUERY_RESPONSE;
1744 memcpy(resp->u.action.u.sa_query.trans_id,
1745 mgmt->u.action.u.sa_query.trans_id,
1746 WLAN_SA_QUERY_TR_ID_LEN);
1747
1748 ieee80211_tx_skb(sdata, skb, 1);
1749}
1750
1550static ieee80211_rx_result debug_noinline 1751static ieee80211_rx_result debug_noinline
1551ieee80211_rx_h_action(struct ieee80211_rx_data *rx) 1752ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
1552{ 1753{
1553 struct ieee80211_local *local = rx->local; 1754 struct ieee80211_local *local = rx->local;
1554 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(rx->dev); 1755 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(rx->dev);
1555 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) rx->skb->data; 1756 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) rx->skb->data;
1757 struct ieee80211_bss *bss;
1556 int len = rx->skb->len; 1758 int len = rx->skb->len;
1557 1759
1558 if (!ieee80211_is_action(mgmt->frame_control)) 1760 if (!ieee80211_is_action(mgmt->frame_control))
@@ -1564,12 +1766,26 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
1564 if (!(rx->flags & IEEE80211_RX_RA_MATCH)) 1766 if (!(rx->flags & IEEE80211_RX_RA_MATCH))
1565 return RX_DROP_MONITOR; 1767 return RX_DROP_MONITOR;
1566 1768
1769 if (ieee80211_drop_unencrypted(rx, mgmt->frame_control))
1770 return RX_DROP_MONITOR;
1771
1567 /* all categories we currently handle have action_code */ 1772 /* all categories we currently handle have action_code */
1568 if (len < IEEE80211_MIN_ACTION_SIZE + 1) 1773 if (len < IEEE80211_MIN_ACTION_SIZE + 1)
1569 return RX_DROP_MONITOR; 1774 return RX_DROP_MONITOR;
1570 1775
1571 switch (mgmt->u.action.category) { 1776 switch (mgmt->u.action.category) {
1572 case WLAN_CATEGORY_BACK: 1777 case WLAN_CATEGORY_BACK:
1778 /*
1779 * The aggregation code is not prepared to handle
1780 * anything but STA/AP due to the BSSID handling;
1781 * IBSS could work in the code but isn't supported
1782 * by drivers or the standard.
1783 */
1784 if (sdata->vif.type != NL80211_IFTYPE_STATION &&
1785 sdata->vif.type != NL80211_IFTYPE_AP_VLAN &&
1786 sdata->vif.type != NL80211_IFTYPE_AP)
1787 return RX_DROP_MONITOR;
1788
1573 switch (mgmt->u.action.u.addba_req.action_code) { 1789 switch (mgmt->u.action.u.addba_req.action_code) {
1574 case WLAN_ACTION_ADDBA_REQ: 1790 case WLAN_ACTION_ADDBA_REQ:
1575 if (len < (IEEE80211_MIN_ACTION_SIZE + 1791 if (len < (IEEE80211_MIN_ACTION_SIZE +
@@ -1594,6 +1810,10 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
1594 case WLAN_CATEGORY_SPECTRUM_MGMT: 1810 case WLAN_CATEGORY_SPECTRUM_MGMT:
1595 if (local->hw.conf.channel->band != IEEE80211_BAND_5GHZ) 1811 if (local->hw.conf.channel->band != IEEE80211_BAND_5GHZ)
1596 return RX_DROP_MONITOR; 1812 return RX_DROP_MONITOR;
1813
1814 if (sdata->vif.type != NL80211_IFTYPE_STATION)
1815 return RX_DROP_MONITOR;
1816
1597 switch (mgmt->u.action.u.measurement.action_code) { 1817 switch (mgmt->u.action.u.measurement.action_code) {
1598 case WLAN_ACTION_SPCT_MSR_REQ: 1818 case WLAN_ACTION_SPCT_MSR_REQ:
1599 if (len < (IEEE80211_MIN_ACTION_SIZE + 1819 if (len < (IEEE80211_MIN_ACTION_SIZE +
@@ -1601,6 +1821,43 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
1601 return RX_DROP_MONITOR; 1821 return RX_DROP_MONITOR;
1602 ieee80211_process_measurement_req(sdata, mgmt, len); 1822 ieee80211_process_measurement_req(sdata, mgmt, len);
1603 break; 1823 break;
1824 case WLAN_ACTION_SPCT_CHL_SWITCH:
1825 if (len < (IEEE80211_MIN_ACTION_SIZE +
1826 sizeof(mgmt->u.action.u.chan_switch)))
1827 return RX_DROP_MONITOR;
1828
1829 if (memcmp(mgmt->bssid, sdata->u.mgd.bssid, ETH_ALEN))
1830 return RX_DROP_MONITOR;
1831
1832 bss = ieee80211_rx_bss_get(local, sdata->u.mgd.bssid,
1833 local->hw.conf.channel->center_freq,
1834 sdata->u.mgd.ssid,
1835 sdata->u.mgd.ssid_len);
1836 if (!bss)
1837 return RX_DROP_MONITOR;
1838
1839 ieee80211_process_chanswitch(sdata,
1840 &mgmt->u.action.u.chan_switch.sw_elem, bss);
1841 ieee80211_rx_bss_put(local, bss);
1842 break;
1843 }
1844 break;
1845 case WLAN_CATEGORY_SA_QUERY:
1846 if (len < (IEEE80211_MIN_ACTION_SIZE +
1847 sizeof(mgmt->u.action.u.sa_query)))
1848 return RX_DROP_MONITOR;
1849 switch (mgmt->u.action.u.sa_query.action) {
1850 case WLAN_ACTION_SA_QUERY_REQUEST:
1851 if (sdata->vif.type != NL80211_IFTYPE_STATION)
1852 return RX_DROP_MONITOR;
1853 ieee80211_process_sa_query_req(sdata, mgmt, len);
1854 break;
1855 case WLAN_ACTION_SA_QUERY_RESPONSE:
1856 /*
1857 * SA Query response is currently only used in AP mode
1858 * and it is processed in user space.
1859 */
1860 return RX_CONTINUE;
1604 } 1861 }
1605 break; 1862 break;
1606 default: 1863 default:
@@ -1616,22 +1873,24 @@ static ieee80211_rx_result debug_noinline
1616ieee80211_rx_h_mgmt(struct ieee80211_rx_data *rx) 1873ieee80211_rx_h_mgmt(struct ieee80211_rx_data *rx)
1617{ 1874{
1618 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(rx->dev); 1875 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(rx->dev);
1876 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) rx->skb->data;
1619 1877
1620 if (!(rx->flags & IEEE80211_RX_RA_MATCH)) 1878 if (!(rx->flags & IEEE80211_RX_RA_MATCH))
1621 return RX_DROP_MONITOR; 1879 return RX_DROP_MONITOR;
1622 1880
1881 if (ieee80211_drop_unencrypted(rx, mgmt->frame_control))
1882 return RX_DROP_MONITOR;
1883
1623 if (ieee80211_vif_is_mesh(&sdata->vif)) 1884 if (ieee80211_vif_is_mesh(&sdata->vif))
1624 return ieee80211_mesh_rx_mgmt(sdata, rx->skb, rx->status); 1885 return ieee80211_mesh_rx_mgmt(sdata, rx->skb, rx->status);
1625 1886
1626 if (sdata->vif.type != NL80211_IFTYPE_STATION && 1887 if (sdata->vif.type == NL80211_IFTYPE_ADHOC)
1627 sdata->vif.type != NL80211_IFTYPE_ADHOC) 1888 return ieee80211_ibss_rx_mgmt(sdata, rx->skb, rx->status);
1628 return RX_DROP_MONITOR;
1629 1889
1630 if (sdata->flags & IEEE80211_SDATA_USERSPACE_MLME) 1890 if (sdata->vif.type == NL80211_IFTYPE_STATION)
1631 return RX_DROP_MONITOR; 1891 return ieee80211_sta_rx_mgmt(sdata, rx->skb, rx->status);
1632 1892
1633 ieee80211_sta_rx_mgmt(sdata, rx->skb, rx->status); 1893 return RX_DROP_MONITOR;
1634 return RX_QUEUED;
1635} 1894}
1636 1895
1637static void ieee80211_rx_michael_mic_report(struct net_device *dev, 1896static void ieee80211_rx_michael_mic_report(struct net_device *dev,
@@ -1780,6 +2039,7 @@ static void ieee80211_invoke_rx_handlers(struct ieee80211_sub_if_data *sdata,
1780 CALL_RXH(ieee80211_rx_h_passive_scan) 2039 CALL_RXH(ieee80211_rx_h_passive_scan)
1781 CALL_RXH(ieee80211_rx_h_check) 2040 CALL_RXH(ieee80211_rx_h_check)
1782 CALL_RXH(ieee80211_rx_h_decrypt) 2041 CALL_RXH(ieee80211_rx_h_decrypt)
2042 CALL_RXH(ieee80211_rx_h_check_more_data)
1783 CALL_RXH(ieee80211_rx_h_sta_process) 2043 CALL_RXH(ieee80211_rx_h_sta_process)
1784 CALL_RXH(ieee80211_rx_h_defragment) 2044 CALL_RXH(ieee80211_rx_h_defragment)
1785 CALL_RXH(ieee80211_rx_h_ps_poll) 2045 CALL_RXH(ieee80211_rx_h_ps_poll)
@@ -1823,16 +2083,17 @@ static void ieee80211_invoke_rx_handlers(struct ieee80211_sub_if_data *sdata,
1823/* main receive path */ 2083/* main receive path */
1824 2084
1825static int prepare_for_handlers(struct ieee80211_sub_if_data *sdata, 2085static int prepare_for_handlers(struct ieee80211_sub_if_data *sdata,
1826 u8 *bssid, struct ieee80211_rx_data *rx, 2086 struct ieee80211_rx_data *rx,
1827 struct ieee80211_hdr *hdr) 2087 struct ieee80211_hdr *hdr)
1828{ 2088{
2089 u8 *bssid = ieee80211_get_bssid(hdr, rx->skb->len, sdata->vif.type);
1829 int multicast = is_multicast_ether_addr(hdr->addr1); 2090 int multicast = is_multicast_ether_addr(hdr->addr1);
1830 2091
1831 switch (sdata->vif.type) { 2092 switch (sdata->vif.type) {
1832 case NL80211_IFTYPE_STATION: 2093 case NL80211_IFTYPE_STATION:
1833 if (!bssid) 2094 if (!bssid)
1834 return 0; 2095 return 0;
1835 if (!ieee80211_bssid_match(bssid, sdata->u.sta.bssid)) { 2096 if (!ieee80211_bssid_match(bssid, sdata->u.mgd.bssid)) {
1836 if (!(rx->flags & IEEE80211_RX_IN_SCAN)) 2097 if (!(rx->flags & IEEE80211_RX_IN_SCAN))
1837 return 0; 2098 return 0;
1838 rx->flags &= ~IEEE80211_RX_RA_MATCH; 2099 rx->flags &= ~IEEE80211_RX_RA_MATCH;
@@ -1850,7 +2111,7 @@ static int prepare_for_handlers(struct ieee80211_sub_if_data *sdata,
1850 if (ieee80211_is_beacon(hdr->frame_control)) { 2111 if (ieee80211_is_beacon(hdr->frame_control)) {
1851 return 1; 2112 return 1;
1852 } 2113 }
1853 else if (!ieee80211_bssid_match(bssid, sdata->u.sta.bssid)) { 2114 else if (!ieee80211_bssid_match(bssid, sdata->u.ibss.bssid)) {
1854 if (!(rx->flags & IEEE80211_RX_IN_SCAN)) 2115 if (!(rx->flags & IEEE80211_RX_IN_SCAN))
1855 return 0; 2116 return 0;
1856 rx->flags &= ~IEEE80211_RX_RA_MATCH; 2117 rx->flags &= ~IEEE80211_RX_RA_MATCH;
@@ -1928,7 +2189,6 @@ static void __ieee80211_rx_handle_packet(struct ieee80211_hw *hw,
1928 int prepares; 2189 int prepares;
1929 struct ieee80211_sub_if_data *prev = NULL; 2190 struct ieee80211_sub_if_data *prev = NULL;
1930 struct sk_buff *skb_new; 2191 struct sk_buff *skb_new;
1931 u8 *bssid;
1932 2192
1933 hdr = (struct ieee80211_hdr *)skb->data; 2193 hdr = (struct ieee80211_hdr *)skb->data;
1934 memset(&rx, 0, sizeof(rx)); 2194 memset(&rx, 0, sizeof(rx));
@@ -1956,7 +2216,7 @@ static void __ieee80211_rx_handle_packet(struct ieee80211_hw *hw,
1956 rx.flags |= IEEE80211_RX_IN_SCAN; 2216 rx.flags |= IEEE80211_RX_IN_SCAN;
1957 2217
1958 ieee80211_parse_qos(&rx); 2218 ieee80211_parse_qos(&rx);
1959 ieee80211_verify_ip_alignment(&rx); 2219 ieee80211_verify_alignment(&rx);
1960 2220
1961 skb = rx.skb; 2221 skb = rx.skb;
1962 2222
@@ -1967,9 +2227,8 @@ static void __ieee80211_rx_handle_packet(struct ieee80211_hw *hw,
1967 if (sdata->vif.type == NL80211_IFTYPE_MONITOR) 2227 if (sdata->vif.type == NL80211_IFTYPE_MONITOR)
1968 continue; 2228 continue;
1969 2229
1970 bssid = ieee80211_get_bssid(hdr, skb->len, sdata->vif.type);
1971 rx.flags |= IEEE80211_RX_RA_MATCH; 2230 rx.flags |= IEEE80211_RX_RA_MATCH;
1972 prepares = prepare_for_handlers(sdata, bssid, &rx, hdr); 2231 prepares = prepare_for_handlers(sdata, &rx, hdr);
1973 2232
1974 if (!prepares) 2233 if (!prepares)
1975 continue; 2234 continue;
@@ -2174,11 +2433,9 @@ static u8 ieee80211_rx_reorder_ampdu(struct ieee80211_local *local,
2174 /* new un-ordered ampdu frame - process it */ 2433 /* new un-ordered ampdu frame - process it */
2175 2434
2176 /* reset session timer */ 2435 /* reset session timer */
2177 if (tid_agg_rx->timeout) { 2436 if (tid_agg_rx->timeout)
2178 unsigned long expires = 2437 mod_timer(&tid_agg_rx->session_timer,
2179 jiffies + (tid_agg_rx->timeout / 1000) * HZ; 2438 TU_TO_EXP_TIME(tid_agg_rx->timeout));
2180 mod_timer(&tid_agg_rx->session_timer, expires);
2181 }
2182 2439
2183 /* if this mpdu is fragmented - terminate rx aggregation session */ 2440 /* if this mpdu is fragmented - terminate rx aggregation session */
2184 sc = le16_to_cpu(hdr->seq_ctrl); 2441 sc = le16_to_cpu(hdr->seq_ctrl);
generated by cgit v1.2.2 (git 2.25.0) at 2024-12-29 07:15:44 -0500