search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
thinkpad-acpi: support the second fan on the X61
[linux-2.6/linux-acpi-2.6/ibm-acpi-2.6.git] / net / mac80211 / rx.c
blob75837ca1dbd38047b1cee683f42db0dcb84e83fd
1 /*
2 * Copyright 2002-2005, Instant802 Networks, Inc.
3 * Copyright 2005-2006, Devicescape Software, Inc.
4 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
5 * Copyright 2007 Johannes Berg <johannes@sipsolutions.net>
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as
9 * published by the Free Software Foundation.
10 */
11
12 #include <linux/jiffies.h>
13 #include <linux/kernel.h>
14 #include <linux/skbuff.h>
15 #include <linux/netdevice.h>
16 #include <linux/etherdevice.h>
17 #include <linux/rcupdate.h>
18 #include <net/mac80211.h>
19 #include <net/ieee80211_radiotap.h>
20
21 #include "ieee80211_i.h"
22 #include "led.h"
23 #include "mesh.h"
24 #include "wep.h"
25 #include "wpa.h"
26 #include "tkip.h"
27 #include "wme.h"
28
29 static u8 ieee80211_sta_manage_reorder_buf(struct ieee80211_hw *hw,
30 struct tid_ampdu_rx *tid_agg_rx,
31 struct sk_buff *skb,
32 struct ieee80211_rx_status *status,
33 u16 mpdu_seq_num,
34 int bar_req);
35 /*
36 * monitor mode reception
37 *
38 * This function cleans up the SKB, i.e. it removes all the stuff
39 * only useful for monitoring.
40 */
41 static struct sk_buff *remove_monitor_info(struct ieee80211_local *local,
42 struct sk_buff *skb,
43 int rtap_len)
44 {
45 skb_pull(skb, rtap_len);
46
47 if (local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS) {
48 if (likely(skb->len > FCS_LEN))
49 skb_trim(skb, skb->len - FCS_LEN);
50 else {
51 /* driver bug */
52 WARN_ON(1);
53 dev_kfree_skb(skb);
54 skb = NULL;
55 }
56 }
57
58 return skb;
59 }
60
61 static inline int should_drop_frame(struct ieee80211_rx_status *status,
62 struct sk_buff *skb,
63 int present_fcs_len,
64 int radiotap_len)
65 {
66 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
67
68 if (status->flag & (RX_FLAG_FAILED_FCS_CRC | RX_FLAG_FAILED_PLCP_CRC))
69 return 1;
70 if (unlikely(skb->len < 16 + present_fcs_len + radiotap_len))
71 return 1;
72 if (ieee80211_is_ctl(hdr->frame_control) &&
73 !ieee80211_is_pspoll(hdr->frame_control) &&
74 !ieee80211_is_back_req(hdr->frame_control))
75 return 1;
76 return 0;
77 }
78
79 static int
80 ieee80211_rx_radiotap_len(struct ieee80211_local *local,
81 struct ieee80211_rx_status *status)
82 {
83 int len;
84
85 /* always present fields */
86 len = sizeof(struct ieee80211_radiotap_header) + 9;
87
88 if (status->flag & RX_FLAG_TSFT)
89 len += 8;
90 if (local->hw.flags & IEEE80211_HW_SIGNAL_DB ||
91 local->hw.flags & IEEE80211_HW_SIGNAL_DBM)
92 len += 1;
93 if (local->hw.flags & IEEE80211_HW_NOISE_DBM)
94 len += 1;
95
96 if (len & 1) /* padding for RX_FLAGS if necessary */
97 len++;
98
99 /* make sure radiotap starts at a naturally aligned address */
100 if (len % 8)
101 len = roundup(len, 8);
102
103 return len;
104 }
105
106 /**
107 * ieee80211_add_rx_radiotap_header - add radiotap header
108 *
109 * add a radiotap header containing all the fields which the hardware provided.
110 */
111 static void
112 ieee80211_add_rx_radiotap_header(struct ieee80211_local *local,
113 struct sk_buff *skb,
114 struct ieee80211_rx_status *status,
115 struct ieee80211_rate *rate,
116 int rtap_len)
117 {
118 struct ieee80211_radiotap_header *rthdr;
119 unsigned char *pos;
120
121 rthdr = (struct ieee80211_radiotap_header *)skb_push(skb, rtap_len);
122 memset(rthdr, 0, rtap_len);
123
124 /* radiotap header, set always present flags */
125 rthdr->it_present =
126 cpu_to_le32((1 << IEEE80211_RADIOTAP_FLAGS) |
127 (1 << IEEE80211_RADIOTAP_CHANNEL) |
128 (1 << IEEE80211_RADIOTAP_ANTENNA) |
129 (1 << IEEE80211_RADIOTAP_RX_FLAGS));
130 rthdr->it_len = cpu_to_le16(rtap_len);
131
132 pos = (unsigned char *)(rthdr+1);
133
134 /* the order of the following fields is important */
135
136 /* IEEE80211_RADIOTAP_TSFT */
137 if (status->flag & RX_FLAG_TSFT) {
138 *(__le64 *)pos = cpu_to_le64(status->mactime);
139 rthdr->it_present |=
140 cpu_to_le32(1 << IEEE80211_RADIOTAP_TSFT);
141 pos += 8;
142 }
143
144 /* IEEE80211_RADIOTAP_FLAGS */
145 if (local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS)
146 *pos |= IEEE80211_RADIOTAP_F_FCS;
147 if (status->flag & RX_FLAG_SHORTPRE)
148 *pos |= IEEE80211_RADIOTAP_F_SHORTPRE;
149 pos++;
150
151 /* IEEE80211_RADIOTAP_RATE */
152 if (status->flag & RX_FLAG_HT) {
153 /*
154 * TODO: add following information into radiotap header once
155 * suitable fields are defined for it:
156 * - MCS index (status->rate_idx)
157 * - HT40 (status->flag & RX_FLAG_40MHZ)
158 * - short-GI (status->flag & RX_FLAG_SHORT_GI)
159 */
160 *pos = 0;
161 } else {
162 rthdr->it_present |= (1 << IEEE80211_RADIOTAP_RATE);
163 *pos = rate->bitrate / 5;
164 }
165 pos++;
166
167 /* IEEE80211_RADIOTAP_CHANNEL */
168 *(__le16 *)pos = cpu_to_le16(status->freq);
169 pos += 2;
170 if (status->band == IEEE80211_BAND_5GHZ)
171 *(__le16 *)pos = cpu_to_le16(IEEE80211_CHAN_OFDM |
172 IEEE80211_CHAN_5GHZ);
173 else if (rate->flags & IEEE80211_RATE_ERP_G)
174 *(__le16 *)pos = cpu_to_le16(IEEE80211_CHAN_OFDM |
175 IEEE80211_CHAN_2GHZ);
176 else
177 *(__le16 *)pos = cpu_to_le16(IEEE80211_CHAN_CCK |
178 IEEE80211_CHAN_2GHZ);
179 pos += 2;
180
181 /* IEEE80211_RADIOTAP_DBM_ANTSIGNAL */
182 if (local->hw.flags & IEEE80211_HW_SIGNAL_DBM) {
183 *pos = status->signal;
184 rthdr->it_present |=
185 cpu_to_le32(1 << IEEE80211_RADIOTAP_DBM_ANTSIGNAL);
186 pos++;
187 }
188
189 /* IEEE80211_RADIOTAP_DBM_ANTNOISE */
190 if (local->hw.flags & IEEE80211_HW_NOISE_DBM) {
191 *pos = status->noise;
192 rthdr->it_present |=
193 cpu_to_le32(1 << IEEE80211_RADIOTAP_DBM_ANTNOISE);
194 pos++;
195 }
196
197 /* IEEE80211_RADIOTAP_LOCK_QUALITY is missing */
198
199 /* IEEE80211_RADIOTAP_ANTENNA */
200 *pos = status->antenna;
201 pos++;
202
203 /* IEEE80211_RADIOTAP_DB_ANTSIGNAL */
204 if (local->hw.flags & IEEE80211_HW_SIGNAL_DB) {
205 *pos = status->signal;
206 rthdr->it_present |=
207 cpu_to_le32(1 << IEEE80211_RADIOTAP_DB_ANTSIGNAL);
208 pos++;
209 }
210
211 /* IEEE80211_RADIOTAP_DB_ANTNOISE is not used */
212
213 /* IEEE80211_RADIOTAP_RX_FLAGS */
214 /* ensure 2 byte alignment for the 2 byte field as required */
215 if ((pos - (unsigned char *)rthdr) & 1)
216 pos++;
217 /* FIXME: when radiotap gets a 'bad PLCP' flag use it here */
218 if (status->flag & (RX_FLAG_FAILED_FCS_CRC | RX_FLAG_FAILED_PLCP_CRC))
219 *(__le16 *)pos |= cpu_to_le16(IEEE80211_RADIOTAP_F_RX_BADFCS);
220 pos += 2;
221 }
222
223 /*
224 * This function copies a received frame to all monitor interfaces and
225 * returns a cleaned-up SKB that no longer includes the FCS nor the
226 * radiotap header the driver might have added.
227 */
228 static struct sk_buff *
229 ieee80211_rx_monitor(struct ieee80211_local *local, struct sk_buff *origskb,
230 struct ieee80211_rx_status *status,
231 struct ieee80211_rate *rate)
232 {
233 struct ieee80211_sub_if_data *sdata;
234 int needed_headroom = 0;
235 struct sk_buff *skb, *skb2;
236 struct net_device *prev_dev = NULL;
237 int present_fcs_len = 0;
238 int rtap_len = 0;
239
240 /*
241 * First, we may need to make a copy of the skb because
242 * (1) we need to modify it for radiotap (if not present), and
243 * (2) the other RX handlers will modify the skb we got.
244 *
245 * We don't need to, of course, if we aren't going to return
246 * the SKB because it has a bad FCS/PLCP checksum.
247 */
248 if (status->flag & RX_FLAG_RADIOTAP)
249 rtap_len = ieee80211_get_radiotap_len(origskb->data);
250 else
251 /* room for the radiotap header based on driver features */
252 needed_headroom = ieee80211_rx_radiotap_len(local, status);
253
254 if (local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS)
255 present_fcs_len = FCS_LEN;
256
257 if (!local->monitors) {
258 if (should_drop_frame(status, origskb, present_fcs_len,
259 rtap_len)) {
260 dev_kfree_skb(origskb);
261 return NULL;
262 }
263
264 return remove_monitor_info(local, origskb, rtap_len);
265 }
266
267 if (should_drop_frame(status, origskb, present_fcs_len, rtap_len)) {
268 /* only need to expand headroom if necessary */
269 skb = origskb;
270 origskb = NULL;
271
272 /*
273 * This shouldn't trigger often because most devices have an
274 * RX header they pull before we get here, and that should
275 * be big enough for our radiotap information. We should
276 * probably export the length to drivers so that we can have
277 * them allocate enough headroom to start with.
278 */
279 if (skb_headroom(skb) < needed_headroom &&
280 pskb_expand_head(skb, needed_headroom, 0, GFP_ATOMIC)) {
281 dev_kfree_skb(skb);
282 return NULL;
283 }
284 } else {
285 /*
286 * Need to make a copy and possibly remove radiotap header
287 * and FCS from the original.
288 */
289 skb = skb_copy_expand(origskb, needed_headroom, 0, GFP_ATOMIC);
290
291 origskb = remove_monitor_info(local, origskb, rtap_len);
292
293 if (!skb)
294 return origskb;
295 }
296
297 /* if necessary, prepend radiotap information */
298 if (!(status->flag & RX_FLAG_RADIOTAP))
299 ieee80211_add_rx_radiotap_header(local, skb, status, rate,
300 needed_headroom);
301
302 skb_reset_mac_header(skb);
303 skb->ip_summed = CHECKSUM_UNNECESSARY;
304 skb->pkt_type = PACKET_OTHERHOST;
305 skb->protocol = htons(ETH_P_802_2);
306
307 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
308 if (!netif_running(sdata->dev))
309 continue;
310
311 if (sdata->vif.type != NL80211_IFTYPE_MONITOR)
312 continue;
313
314 if (sdata->u.mntr_flags & MONITOR_FLAG_COOK_FRAMES)
315 continue;
316
317 if (prev_dev) {
318 skb2 = skb_clone(skb, GFP_ATOMIC);
319 if (skb2) {
320 skb2->dev = prev_dev;
321 netif_rx(skb2);
322 }
323 }
324
325 prev_dev = sdata->dev;
326 sdata->dev->stats.rx_packets++;
327 sdata->dev->stats.rx_bytes += skb->len;
328 }
329
330 if (prev_dev) {
331 skb->dev = prev_dev;
332 netif_rx(skb);
333 } else
334 dev_kfree_skb(skb);
335
336 return origskb;
337 }
338
339
340 static void ieee80211_parse_qos(struct ieee80211_rx_data *rx)
341 {
342 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
343 int tid;
344
345 /* does the frame have a qos control field? */
346 if (ieee80211_is_data_qos(hdr->frame_control)) {
347 u8 *qc = ieee80211_get_qos_ctl(hdr);
348 /* frame has qos control */
349 tid = *qc & IEEE80211_QOS_CTL_TID_MASK;
350 if (*qc & IEEE80211_QOS_CONTROL_A_MSDU_PRESENT)
351 rx->flags |= IEEE80211_RX_AMSDU;
352 else
353 rx->flags &= ~IEEE80211_RX_AMSDU;
354 } else {
355 /*
356 * IEEE 802.11-2007, 7.1.3.4.1 ("Sequence Number field"):
357 *
358 * Sequence numbers for management frames, QoS data
359 * frames with a broadcast/multicast address in the
360 * Address 1 field, and all non-QoS data frames sent
361 * by QoS STAs are assigned using an additional single
362 * modulo-4096 counter, [...]
363 *
364 * We also use that counter for non-QoS STAs.
365 */
366 tid = NUM_RX_DATA_QUEUES - 1;
367 }
368
369 rx->queue = tid;
370 /* Set skb->priority to 1d tag if highest order bit of TID is not set.
371 * For now, set skb->priority to 0 for other cases. */
372 rx->skb->priority = (tid > 7) ? 0 : tid;
373 }
374
375 static void ieee80211_verify_ip_alignment(struct ieee80211_rx_data *rx)
376 {
377 #ifdef CONFIG_MAC80211_DEBUG_PACKET_ALIGNMENT
378 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
379 int hdrlen;
380
381 if (!ieee80211_is_data_present(hdr->frame_control))
382 return;
383
384 /*
385 * Drivers are required to align the payload data in a way that
386 * guarantees that the contained IP header is aligned to a four-
387 * byte boundary. In the case of regular frames, this simply means
388 * aligning the payload to a four-byte boundary (because either
389 * the IP header is directly contained, or IV/RFC1042 headers that
390 * have a length divisible by four are in front of it.
391 *
392 * With A-MSDU frames, however, the payload data address must
393 * yield two modulo four because there are 14-byte 802.3 headers
394 * within the A-MSDU frames that push the IP header further back
395 * to a multiple of four again. Thankfully, the specs were sane
396 * enough this time around to require padding each A-MSDU subframe
397 * to a length that is a multiple of four.
398 *
399 * Padding like atheros hardware adds which is inbetween the 802.11
400 * header and the payload is not supported, the driver is required
401 * to move the 802.11 header further back in that case.
402 */
403 hdrlen = ieee80211_hdrlen(hdr->frame_control);
404 if (rx->flags & IEEE80211_RX_AMSDU)
405 hdrlen += ETH_HLEN;
406 WARN_ON_ONCE(((unsigned long)(rx->skb->data + hdrlen)) & 3);
407 #endif
408 }
409
410
411 /* rx handlers */
412
413 static ieee80211_rx_result debug_noinline
414 ieee80211_rx_h_passive_scan(struct ieee80211_rx_data *rx)
415 {
416 struct ieee80211_local *local = rx->local;
417 struct sk_buff *skb = rx->skb;
418
419 if (unlikely(local->hw_scanning))
420 return ieee80211_scan_rx(rx->sdata, skb, rx->status);
421
422 if (unlikely(local->sw_scanning)) {
423 /* drop all the other packets during a software scan anyway */
424 if (ieee80211_scan_rx(rx->sdata, skb, rx->status)
425 != RX_QUEUED)
426 dev_kfree_skb(skb);
427 return RX_QUEUED;
428 }
429
430 if (unlikely(rx->flags & IEEE80211_RX_IN_SCAN)) {
431 /* scanning finished during invoking of handlers */
432 I802_DEBUG_INC(local->rx_handlers_drop_passive_scan);
433 return RX_DROP_UNUSABLE;
434 }
435
436 return RX_CONTINUE;
437 }
438
439 static ieee80211_rx_result
440 ieee80211_rx_mesh_check(struct ieee80211_rx_data *rx)
441 {
442 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
443 unsigned int hdrlen = ieee80211_hdrlen(hdr->frame_control);
444
445 if (ieee80211_is_data(hdr->frame_control)) {
446 if (!ieee80211_has_a4(hdr->frame_control))
447 return RX_DROP_MONITOR;
448 if (memcmp(hdr->addr4, rx->dev->dev_addr, ETH_ALEN) == 0)
449 return RX_DROP_MONITOR;
450 }
451
452 /* If there is not an established peer link and this is not a peer link
453 * establisment frame, beacon or probe, drop the frame.
454 */
455
456 if (!rx->sta || sta_plink_state(rx->sta) != PLINK_ESTAB) {
457 struct ieee80211_mgmt *mgmt;
458
459 if (!ieee80211_is_mgmt(hdr->frame_control))
460 return RX_DROP_MONITOR;
461
462 if (ieee80211_is_action(hdr->frame_control)) {
463 mgmt = (struct ieee80211_mgmt *)hdr;
464 if (mgmt->u.action.category != PLINK_CATEGORY)
465 return RX_DROP_MONITOR;
466 return RX_CONTINUE;
467 }
468
469 if (ieee80211_is_probe_req(hdr->frame_control) ||
470 ieee80211_is_probe_resp(hdr->frame_control) ||
471 ieee80211_is_beacon(hdr->frame_control))
472 return RX_CONTINUE;
473
474 return RX_DROP_MONITOR;
475
476 }
477
478 #define msh_h_get(h, l) ((struct ieee80211s_hdr *) ((u8 *)h + l))
479
480 if (ieee80211_is_data(hdr->frame_control) &&
481 is_multicast_ether_addr(hdr->addr1) &&
482 mesh_rmc_check(hdr->addr4, msh_h_get(hdr, hdrlen), rx->sdata))
483 return RX_DROP_MONITOR;
484 #undef msh_h_get
485
486 return RX_CONTINUE;
487 }
488
489
490 static ieee80211_rx_result debug_noinline
491 ieee80211_rx_h_check(struct ieee80211_rx_data *rx)
492 {
493 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
494
495 /* Drop duplicate 802.11 retransmissions (IEEE 802.11 Chap. 9.2.9) */
496 if (rx->sta && !is_multicast_ether_addr(hdr->addr1)) {
497 if (unlikely(ieee80211_has_retry(hdr->frame_control) &&
498 rx->sta->last_seq_ctrl[rx->queue] ==
499 hdr->seq_ctrl)) {
500 if (rx->flags & IEEE80211_RX_RA_MATCH) {
501 rx->local->dot11FrameDuplicateCount++;
502 rx->sta->num_duplicates++;
503 }
504 return RX_DROP_MONITOR;
505 } else
506 rx->sta->last_seq_ctrl[rx->queue] = hdr->seq_ctrl;
507 }
508
509 if (unlikely(rx->skb->len < 16)) {
510 I802_DEBUG_INC(rx->local->rx_handlers_drop_short);
511 return RX_DROP_MONITOR;
512 }
513
514 /* Drop disallowed frame classes based on STA auth/assoc state;
515 * IEEE 802.11, Chap 5.5.
516 *
517 * mac80211 filters only based on association state, i.e. it drops
518 * Class 3 frames from not associated stations. hostapd sends
519 * deauth/disassoc frames when needed. In addition, hostapd is
520 * responsible for filtering on both auth and assoc states.
521 */
522
523 if (ieee80211_vif_is_mesh(&rx->sdata->vif))
524 return ieee80211_rx_mesh_check(rx);
525
526 if (unlikely((ieee80211_is_data(hdr->frame_control) ||
527 ieee80211_is_pspoll(hdr->frame_control)) &&
528 rx->sdata->vif.type != NL80211_IFTYPE_ADHOC &&
529 (!rx->sta || !test_sta_flags(rx->sta, WLAN_STA_ASSOC)))) {
530 if ((!ieee80211_has_fromds(hdr->frame_control) &&
531 !ieee80211_has_tods(hdr->frame_control) &&
532 ieee80211_is_data(hdr->frame_control)) ||
533 !(rx->flags & IEEE80211_RX_RA_MATCH)) {
534 /* Drop IBSS frames and frames for other hosts
535 * silently. */
536 return RX_DROP_MONITOR;
537 }
538
539 return RX_DROP_MONITOR;
540 }
541
542 return RX_CONTINUE;
543 }
544
545
546 static ieee80211_rx_result debug_noinline
547 ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
548 {
549 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
550 int keyidx;
551 int hdrlen;
552 ieee80211_rx_result result = RX_DROP_UNUSABLE;
553 struct ieee80211_key *stakey = NULL;
554
555 /*
556 * Key selection 101
557 *
558 * There are three types of keys:
559 * - GTK (group keys)
560 * - PTK (pairwise keys)
561 * - STK (station-to-station pairwise keys)
562 *
563 * When selecting a key, we have to distinguish between multicast
564 * (including broadcast) and unicast frames, the latter can only
565 * use PTKs and STKs while the former always use GTKs. Unless, of
566 * course, actual WEP keys ("pre-RSNA") are used, then unicast
567 * frames can also use key indizes like GTKs. Hence, if we don't
568 * have a PTK/STK we check the key index for a WEP key.
569 *
570 * Note that in a regular BSS, multicast frames are sent by the
571 * AP only, associated stations unicast the frame to the AP first
572 * which then multicasts it on their behalf.
573 *
574 * There is also a slight problem in IBSS mode: GTKs are negotiated
575 * with each station, that is something we don't currently handle.
576 * The spec seems to expect that one negotiates the same key with
577 * every station but there's no such requirement; VLANs could be
578 * possible.
579 */
580
581 if (!ieee80211_has_protected(hdr->frame_control))
582 return RX_CONTINUE;
583
584 /*
585 * No point in finding a key and decrypting if the frame is neither
586 * addressed to us nor a multicast frame.
587 */
588 if (!(rx->flags & IEEE80211_RX_RA_MATCH))
589 return RX_CONTINUE;
590
591 if (rx->sta)
592 stakey = rcu_dereference(rx->sta->key);
593
594 if (!is_multicast_ether_addr(hdr->addr1) && stakey) {
595 rx->key = stakey;
596 } else {
597 /*
598 * The device doesn't give us the IV so we won't be
599 * able to look up the key. That's ok though, we
600 * don't need to decrypt the frame, we just won't
601 * be able to keep statistics accurate.
602 * Except for key threshold notifications, should
603 * we somehow allow the driver to tell us which key
604 * the hardware used if this flag is set?
605 */
606 if ((rx->status->flag & RX_FLAG_DECRYPTED) &&
607 (rx->status->flag & RX_FLAG_IV_STRIPPED))
608 return RX_CONTINUE;
609
610 hdrlen = ieee80211_hdrlen(hdr->frame_control);
611
612 if (rx->skb->len < 8 + hdrlen)
613 return RX_DROP_UNUSABLE; /* TODO: count this? */
614
615 /*
616 * no need to call ieee80211_wep_get_keyidx,
617 * it verifies a bunch of things we've done already
618 */
619 keyidx = rx->skb->data[hdrlen + 3] >> 6;
620
621 rx->key = rcu_dereference(rx->sdata->keys[keyidx]);
622
623 /*
624 * RSNA-protected unicast frames should always be sent with
625 * pairwise or station-to-station keys, but for WEP we allow
626 * using a key index as well.
627 */
628 if (rx->key && rx->key->conf.alg != ALG_WEP &&
629 !is_multicast_ether_addr(hdr->addr1))
630 rx->key = NULL;
631 }
632
633 if (rx->key) {
634 rx->key->tx_rx_count++;
635 /* TODO: add threshold stuff again */
636 } else {
637 return RX_DROP_MONITOR;
638 }
639
640 /* Check for weak IVs if possible */
641 if (rx->sta && rx->key->conf.alg == ALG_WEP &&
642 ieee80211_is_data(hdr->frame_control) &&
643 (!(rx->status->flag & RX_FLAG_IV_STRIPPED) ||
644 !(rx->status->flag & RX_FLAG_DECRYPTED)) &&
645 ieee80211_wep_is_weak_iv(rx->skb, rx->key))
646 rx->sta->wep_weak_iv_count++;
647
648 switch (rx->key->conf.alg) {
649 case ALG_WEP:
650 result = ieee80211_crypto_wep_decrypt(rx);
651 break;
652 case ALG_TKIP:
653 result = ieee80211_crypto_tkip_decrypt(rx);
654 break;
655 case ALG_CCMP:
656 result = ieee80211_crypto_ccmp_decrypt(rx);
657 break;
658 }
659
660 /* either the frame has been decrypted or will be dropped */
661 rx->status->flag |= RX_FLAG_DECRYPTED;
662
663 return result;
664 }
665
666 static void ap_sta_ps_start(struct sta_info *sta)
667 {
668 struct ieee80211_sub_if_data *sdata = sta->sdata;
669 struct ieee80211_local *local = sdata->local;
670
671 atomic_inc(&sdata->bss->num_sta_ps);
672 set_and_clear_sta_flags(sta, WLAN_STA_PS, WLAN_STA_PSPOLL);
673 if (local->ops->sta_notify)
674 local->ops->sta_notify(local_to_hw(local), &sdata->vif,
675 STA_NOTIFY_SLEEP, &sta->sta);
676 #ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
677 printk(KERN_DEBUG "%s: STA %pM aid %d enters power save mode\n",
678 sdata->dev->name, sta->sta.addr, sta->sta.aid);
679 #endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
680 }
681
682 static int ap_sta_ps_end(struct sta_info *sta)
683 {
684 struct ieee80211_sub_if_data *sdata = sta->sdata;
685 struct ieee80211_local *local = sdata->local;
686 struct sk_buff *skb;
687 int sent = 0;
688
689 atomic_dec(&sdata->bss->num_sta_ps);
690
691 clear_sta_flags(sta, WLAN_STA_PS | WLAN_STA_PSPOLL);
692 if (local->ops->sta_notify)
693 local->ops->sta_notify(local_to_hw(local), &sdata->vif,
694 STA_NOTIFY_AWAKE, &sta->sta);
695
696 if (!skb_queue_empty(&sta->ps_tx_buf))
697 sta_info_clear_tim_bit(sta);
698
699 #ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
700 printk(KERN_DEBUG "%s: STA %pM aid %d exits power save mode\n",
701 sdata->dev->name, sta->sta.addr, sta->sta.aid);
702 #endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
703
704 /* Send all buffered frames to the station */
705 while ((skb = skb_dequeue(&sta->tx_filtered)) != NULL) {
706 sent++;
707 skb->requeue = 1;
708 dev_queue_xmit(skb);
709 }
710 while ((skb = skb_dequeue(&sta->ps_tx_buf)) != NULL) {
711 local->total_ps_buffered--;
712 sent++;
713 #ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
714 printk(KERN_DEBUG "%s: STA %pM aid %d send PS frame "
715 "since STA not sleeping anymore\n", sdata->dev->name,
716 sta->sta.addr, sta->sta.aid);
717 #endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
718 skb->requeue = 1;
719 dev_queue_xmit(skb);
720 }
721
722 return sent;
723 }
724
725 static ieee80211_rx_result debug_noinline
726 ieee80211_rx_h_sta_process(struct ieee80211_rx_data *rx)
727 {
728 struct sta_info *sta = rx->sta;
729 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
730
731 if (!sta)
732 return RX_CONTINUE;
733
734 /* Update last_rx only for IBSS packets which are for the current
735 * BSSID to avoid keeping the current IBSS network alive in cases where
736 * other STAs are using different BSSID. */
737 if (rx->sdata->vif.type == NL80211_IFTYPE_ADHOC) {
738 u8 *bssid = ieee80211_get_bssid(hdr, rx->skb->len,
739 NL80211_IFTYPE_ADHOC);
740 if (compare_ether_addr(bssid, rx->sdata->u.sta.bssid) == 0)
741 sta->last_rx = jiffies;
742 } else
743 if (!is_multicast_ether_addr(hdr->addr1) ||
744 rx->sdata->vif.type == NL80211_IFTYPE_STATION) {
745 /* Update last_rx only for unicast frames in order to prevent
746 * the Probe Request frames (the only broadcast frames from a
747 * STA in infrastructure mode) from keeping a connection alive.
748 * Mesh beacons will update last_rx when if they are found to
749 * match the current local configuration when processed.
750 */
751 sta->last_rx = jiffies;
752 }
753
754 if (!(rx->flags & IEEE80211_RX_RA_MATCH))
755 return RX_CONTINUE;
756
757 sta->rx_fragments++;
758 sta->rx_bytes += rx->skb->len;
759 sta->last_signal = rx->status->signal;
760 sta->last_qual = rx->status->qual;
761 sta->last_noise = rx->status->noise;
762
763 /*
764 * Change STA power saving mode only at the end of a frame
765 * exchange sequence.
766 */
767 if (!ieee80211_has_morefrags(hdr->frame_control) &&
768 (rx->sdata->vif.type == NL80211_IFTYPE_AP ||
769 rx->sdata->vif.type == NL80211_IFTYPE_AP_VLAN)) {
770 if (test_sta_flags(sta, WLAN_STA_PS)) {
771 /*
772 * Ignore doze->wake transitions that are
773 * indicated by non-data frames, the standard
774 * is unclear here, but for example going to
775 * PS mode and then scanning would cause a
776 * doze->wake transition for the probe request,
777 * and that is clearly undesirable.
778 */
779 if (ieee80211_is_data(hdr->frame_control) &&
780 !ieee80211_has_pm(hdr->frame_control))
781 rx->sent_ps_buffered += ap_sta_ps_end(sta);
782 } else {
783 if (ieee80211_has_pm(hdr->frame_control))
784 ap_sta_ps_start(sta);
785 }
786 }
787
788 /* Drop data::nullfunc frames silently, since they are used only to
789 * control station power saving mode. */
790 if (ieee80211_is_nullfunc(hdr->frame_control)) {
791 I802_DEBUG_INC(rx->local->rx_handlers_drop_nullfunc);
792 /* Update counter and free packet here to avoid counting this
793 * as a dropped packed. */
794 sta->rx_packets++;
795 dev_kfree_skb(rx->skb);
796 return RX_QUEUED;
797 }
798
799 return RX_CONTINUE;
800 } /* ieee80211_rx_h_sta_process */
801
802 static inline struct ieee80211_fragment_entry *
803 ieee80211_reassemble_add(struct ieee80211_sub_if_data *sdata,
804 unsigned int frag, unsigned int seq, int rx_queue,
805 struct sk_buff **skb)
806 {
807 struct ieee80211_fragment_entry *entry;
808 int idx;
809
810 idx = sdata->fragment_next;
811 entry = &sdata->fragments[sdata->fragment_next++];
812 if (sdata->fragment_next >= IEEE80211_FRAGMENT_MAX)
813 sdata->fragment_next = 0;
814
815 if (!skb_queue_empty(&entry->skb_list)) {
816 #ifdef CONFIG_MAC80211_VERBOSE_DEBUG
817 struct ieee80211_hdr *hdr =
818 (struct ieee80211_hdr *) entry->skb_list.next->data;
819 printk(KERN_DEBUG "%s: RX reassembly removed oldest "
820 "fragment entry (idx=%d age=%lu seq=%d last_frag=%d "
821 "addr1=%pM addr2=%pM\n",
822 sdata->dev->name, idx,
823 jiffies - entry->first_frag_time, entry->seq,
824 entry->last_frag, hdr->addr1, hdr->addr2);
825 #endif
826 __skb_queue_purge(&entry->skb_list);
827 }
828
829 __skb_queue_tail(&entry->skb_list, *skb); /* no need for locking */
830 *skb = NULL;
831 entry->first_frag_time = jiffies;
832 entry->seq = seq;
833 entry->rx_queue = rx_queue;
834 entry->last_frag = frag;
835 entry->ccmp = 0;
836 entry->extra_len = 0;
837
838 return entry;
839 }
840
841 static inline struct ieee80211_fragment_entry *
842 ieee80211_reassemble_find(struct ieee80211_sub_if_data *sdata,
843 unsigned int frag, unsigned int seq,
844 int rx_queue, struct ieee80211_hdr *hdr)
845 {
846 struct ieee80211_fragment_entry *entry;
847 int i, idx;
848
849 idx = sdata->fragment_next;
850 for (i = 0; i < IEEE80211_FRAGMENT_MAX; i++) {
851 struct ieee80211_hdr *f_hdr;
852
853 idx--;
854 if (idx < 0)
855 idx = IEEE80211_FRAGMENT_MAX - 1;
856
857 entry = &sdata->fragments[idx];
858 if (skb_queue_empty(&entry->skb_list) || entry->seq != seq ||
859 entry->rx_queue != rx_queue ||
860 entry->last_frag + 1 != frag)
861 continue;
862
863 f_hdr = (struct ieee80211_hdr *)entry->skb_list.next->data;
864
865 /*
866 * Check ftype and addresses are equal, else check next fragment
867 */
868 if (((hdr->frame_control ^ f_hdr->frame_control) &
869 cpu_to_le16(IEEE80211_FCTL_FTYPE)) ||
870 compare_ether_addr(hdr->addr1, f_hdr->addr1) != 0 ||
871 compare_ether_addr(hdr->addr2, f_hdr->addr2) != 0)
872 continue;
873
874 if (time_after(jiffies, entry->first_frag_time + 2 * HZ)) {
875 __skb_queue_purge(&entry->skb_list);
876 continue;
877 }
878 return entry;
879 }
880
881 return NULL;
882 }
883
884 static ieee80211_rx_result debug_noinline
885 ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx)
886 {
887 struct ieee80211_hdr *hdr;
888 u16 sc;
889 __le16 fc;
890 unsigned int frag, seq;
891 struct ieee80211_fragment_entry *entry;
892 struct sk_buff *skb;
893
894 hdr = (struct ieee80211_hdr *)rx->skb->data;
895 fc = hdr->frame_control;
896 sc = le16_to_cpu(hdr->seq_ctrl);
897 frag = sc & IEEE80211_SCTL_FRAG;
898
899 if (likely((!ieee80211_has_morefrags(fc) && frag == 0) ||
900 (rx->skb)->len < 24 ||
901 is_multicast_ether_addr(hdr->addr1))) {
902 /* not fragmented */
903 goto out;
904 }
905 I802_DEBUG_INC(rx->local->rx_handlers_fragments);
906
907 seq = (sc & IEEE80211_SCTL_SEQ) >> 4;
908
909 if (frag == 0) {
910 /* This is the first fragment of a new frame. */
911 entry = ieee80211_reassemble_add(rx->sdata, frag, seq,
912 rx->queue, &(rx->skb));
913 if (rx->key && rx->key->conf.alg == ALG_CCMP &&
914 ieee80211_has_protected(fc)) {
915 /* Store CCMP PN so that we can verify that the next
916 * fragment has a sequential PN value. */
917 entry->ccmp = 1;
918 memcpy(entry->last_pn,
919 rx->key->u.ccmp.rx_pn[rx->queue],
920 CCMP_PN_LEN);
921 }
922 return RX_QUEUED;
923 }
924
925 /* This is a fragment for a frame that should already be pending in
926 * fragment cache. Add this fragment to the end of the pending entry.
927 */
928 entry = ieee80211_reassemble_find(rx->sdata, frag, seq, rx->queue, hdr);
929 if (!entry) {
930 I802_DEBUG_INC(rx->local->rx_handlers_drop_defrag);
931 return RX_DROP_MONITOR;
932 }
933
934 /* Verify that MPDUs within one MSDU have sequential PN values.
935 * (IEEE 802.11i, 8.3.3.4.5) */
936 if (entry->ccmp) {
937 int i;
938 u8 pn[CCMP_PN_LEN], *rpn;
939 if (!rx->key || rx->key->conf.alg != ALG_CCMP)
940 return RX_DROP_UNUSABLE;
941 memcpy(pn, entry->last_pn, CCMP_PN_LEN);
942 for (i = CCMP_PN_LEN - 1; i >= 0; i--) {
943 pn[i]++;
944 if (pn[i])
945 break;
946 }
947 rpn = rx->key->u.ccmp.rx_pn[rx->queue];
948 if (memcmp(pn, rpn, CCMP_PN_LEN))
949 return RX_DROP_UNUSABLE;
950 memcpy(entry->last_pn, pn, CCMP_PN_LEN);
951 }
952
953 skb_pull(rx->skb, ieee80211_hdrlen(fc));
954 __skb_queue_tail(&entry->skb_list, rx->skb);
955 entry->last_frag = frag;
956 entry->extra_len += rx->skb->len;
957 if (ieee80211_has_morefrags(fc)) {
958 rx->skb = NULL;
959 return RX_QUEUED;
960 }
961
962 rx->skb = __skb_dequeue(&entry->skb_list);
963 if (skb_tailroom(rx->skb) < entry->extra_len) {
964 I802_DEBUG_INC(rx->local->rx_expand_skb_head2);
965 if (unlikely(pskb_expand_head(rx->skb, 0, entry->extra_len,
966 GFP_ATOMIC))) {
967 I802_DEBUG_INC(rx->local->rx_handlers_drop_defrag);
968 __skb_queue_purge(&entry->skb_list);
969 return RX_DROP_UNUSABLE;
970 }
971 }
972 while ((skb = __skb_dequeue(&entry->skb_list))) {
973 memcpy(skb_put(rx->skb, skb->len), skb->data, skb->len);
974 dev_kfree_skb(skb);
975 }
976
977 /* Complete frame has been reassembled - process it now */
978 rx->flags |= IEEE80211_RX_FRAGMENTED;
979
980 out:
981 if (rx->sta)
982 rx->sta->rx_packets++;
983 if (is_multicast_ether_addr(hdr->addr1))
984 rx->local->dot11MulticastReceivedFrameCount++;
985 else
986 ieee80211_led_rx(rx->local);
987 return RX_CONTINUE;
988 }
989
990 static ieee80211_rx_result debug_noinline
991 ieee80211_rx_h_ps_poll(struct ieee80211_rx_data *rx)
992 {
993 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(rx->dev);
994 struct sk_buff *skb;
995 int no_pending_pkts;
996 __le16 fc = ((struct ieee80211_hdr *)rx->skb->data)->frame_control;
997
998 if (likely(!rx->sta || !ieee80211_is_pspoll(fc) ||
999 !(rx->flags & IEEE80211_RX_RA_MATCH)))
1000 return RX_CONTINUE;
1001
1002 if ((sdata->vif.type != NL80211_IFTYPE_AP) &&
1003 (sdata->vif.type != NL80211_IFTYPE_AP_VLAN))
1004 return RX_DROP_UNUSABLE;
1005
1006 skb = skb_dequeue(&rx->sta->tx_filtered);
1007 if (!skb) {
1008 skb = skb_dequeue(&rx->sta->ps_tx_buf);
1009 if (skb)
1010 rx->local->total_ps_buffered--;
1011 }
1012 no_pending_pkts = skb_queue_empty(&rx->sta->tx_filtered) &&
1013 skb_queue_empty(&rx->sta->ps_tx_buf);
1014
1015 if (skb) {
1016 struct ieee80211_hdr *hdr =
1017 (struct ieee80211_hdr *) skb->data;
1018
1019 /*
1020 * Tell TX path to send one frame even though the STA may
1021 * still remain is PS mode after this frame exchange.
1022 */
1023 set_sta_flags(rx->sta, WLAN_STA_PSPOLL);
1024
1025 #ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
1026 printk(KERN_DEBUG "STA %pM aid %d: PS Poll (entries after %d)\n",
1027 rx->sta->sta.addr, rx->sta->sta.aid,
1028 skb_queue_len(&rx->sta->ps_tx_buf));
1029 #endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
1030
1031 /* Use MoreData flag to indicate whether there are more
1032 * buffered frames for this STA */
1033 if (no_pending_pkts)
1034 hdr->frame_control &= cpu_to_le16(~IEEE80211_FCTL_MOREDATA);
1035 else
1036 hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_MOREDATA);
1037
1038 dev_queue_xmit(skb);
1039
1040 if (no_pending_pkts)
1041 sta_info_clear_tim_bit(rx->sta);
1042 #ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
1043 } else if (!rx->sent_ps_buffered) {
1044 /*
1045 * FIXME: This can be the result of a race condition between
1046 * us expiring a frame and the station polling for it.
1047 * Should we send it a null-func frame indicating we
1048 * have nothing buffered for it?
1049 */
1050 printk(KERN_DEBUG "%s: STA %pM sent PS Poll even "
1051 "though there are no buffered frames for it\n",
1052 rx->dev->name, rx->sta->sta.addr);
1053 #endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
1054 }
1055
1056 /* Free PS Poll skb here instead of returning RX_DROP that would
1057 * count as an dropped frame. */
1058 dev_kfree_skb(rx->skb);
1059
1060 return RX_QUEUED;
1061 }
1062
1063 static ieee80211_rx_result debug_noinline
1064 ieee80211_rx_h_remove_qos_control(struct ieee80211_rx_data *rx)
1065 {
1066 u8 *data = rx->skb->data;
1067 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)data;
1068
1069 if (!ieee80211_is_data_qos(hdr->frame_control))
1070 return RX_CONTINUE;
1071
1072 /* remove the qos control field, update frame type and meta-data */
1073 memmove(data + IEEE80211_QOS_CTL_LEN, data,
1074 ieee80211_hdrlen(hdr->frame_control) - IEEE80211_QOS_CTL_LEN);
1075 hdr = (struct ieee80211_hdr *)skb_pull(rx->skb, IEEE80211_QOS_CTL_LEN);
1076 /* change frame type to non QOS */
1077 hdr->frame_control &= ~cpu_to_le16(IEEE80211_STYPE_QOS_DATA);
1078
1079 return RX_CONTINUE;
1080 }
1081
1082 static int
1083 ieee80211_802_1x_port_control(struct ieee80211_rx_data *rx)
1084 {
1085 if (unlikely(!rx->sta ||
1086 !test_sta_flags(rx->sta, WLAN_STA_AUTHORIZED)))
1087 return -EACCES;
1088
1089 return 0;
1090 }
1091
1092 static int
1093 ieee80211_drop_unencrypted(struct ieee80211_rx_data *rx, __le16 fc)
1094 {
1095 /*
1096 * Pass through unencrypted frames if the hardware has
1097 * decrypted them already.
1098 */
1099 if (rx->status->flag & RX_FLAG_DECRYPTED)
1100 return 0;
1101
1102 /* Drop unencrypted frames if key is set. */
1103 if (unlikely(!ieee80211_has_protected(fc) &&
1104 !ieee80211_is_nullfunc(fc) &&
1105 (rx->key || rx->sdata->drop_unencrypted)))
1106 return -EACCES;
1107
1108 return 0;
1109 }
1110
1111 static int
1112 ieee80211_data_to_8023(struct ieee80211_rx_data *rx)
1113 {
1114 struct net_device *dev = rx->dev;
1115 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
1116 u16 hdrlen, ethertype;
1117 u8 *payload;
1118 u8 dst[ETH_ALEN];
1119 u8 src[ETH_ALEN] __aligned(2);
1120 struct sk_buff *skb = rx->skb;
1121 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1122
1123 if (unlikely(!ieee80211_is_data_present(hdr->frame_control)))
1124 return -1;
1125
1126 hdrlen = ieee80211_hdrlen(hdr->frame_control);
1127
1128 /* convert IEEE 802.11 header + possible LLC headers into Ethernet
1129 * header
1130 * IEEE 802.11 address fields:
1131 * ToDS FromDS Addr1 Addr2 Addr3 Addr4
1132 * 0 0 DA SA BSSID n/a
1133 * 0 1 DA BSSID SA n/a
1134 * 1 0 BSSID SA DA n/a
1135 * 1 1 RA TA DA SA
1136 */
1137 memcpy(dst, ieee80211_get_DA(hdr), ETH_ALEN);
1138 memcpy(src, ieee80211_get_SA(hdr), ETH_ALEN);
1139
1140 switch (hdr->frame_control &
1141 cpu_to_le16(IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) {
1142 case __constant_cpu_to_le16(IEEE80211_FCTL_TODS):
1143 if (unlikely(sdata->vif.type != NL80211_IFTYPE_AP &&
1144 sdata->vif.type != NL80211_IFTYPE_AP_VLAN))
1145 return -1;
1146 break;
1147 case __constant_cpu_to_le16(IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS):
1148 if (unlikely(sdata->vif.type != NL80211_IFTYPE_WDS &&
1149 sdata->vif.type != NL80211_IFTYPE_MESH_POINT))
1150 return -1;
1151 if (ieee80211_vif_is_mesh(&sdata->vif)) {
1152 struct ieee80211s_hdr *meshdr = (struct ieee80211s_hdr *)
1153 (skb->data + hdrlen);
1154 hdrlen += ieee80211_get_mesh_hdrlen(meshdr);
1155 if (meshdr->flags & MESH_FLAGS_AE_A5_A6) {
1156 memcpy(dst, meshdr->eaddr1, ETH_ALEN);
1157 memcpy(src, meshdr->eaddr2, ETH_ALEN);
1158 }
1159 }
1160 break;
1161 case __constant_cpu_to_le16(IEEE80211_FCTL_FROMDS):
1162 if (sdata->vif.type != NL80211_IFTYPE_STATION ||
1163 (is_multicast_ether_addr(dst) &&
1164 !compare_ether_addr(src, dev->dev_addr)))
1165 return -1;
1166 break;
1167 case __constant_cpu_to_le16(0):
1168 if (sdata->vif.type != NL80211_IFTYPE_ADHOC)
1169 return -1;
1170 break;
1171 }
1172
1173 if (unlikely(skb->len - hdrlen < 8))
1174 return -1;
1175
1176 payload = skb->data + hdrlen;
1177 ethertype = (payload[6] << 8) | payload[7];
1178
1179 if (likely((compare_ether_addr(payload, rfc1042_header) == 0 &&
1180 ethertype != ETH_P_AARP && ethertype != ETH_P_IPX) ||
1181 compare_ether_addr(payload, bridge_tunnel_header) == 0)) {
1182 /* remove RFC1042 or Bridge-Tunnel encapsulation and
1183 * replace EtherType */
1184 skb_pull(skb, hdrlen + 6);
1185 memcpy(skb_push(skb, ETH_ALEN), src, ETH_ALEN);
1186 memcpy(skb_push(skb, ETH_ALEN), dst, ETH_ALEN);
1187 } else {
1188 struct ethhdr *ehdr;
1189 __be16 len;
1190
1191 skb_pull(skb, hdrlen);
1192 len = htons(skb->len);
1193 ehdr = (struct ethhdr *) skb_push(skb, sizeof(struct ethhdr));
1194 memcpy(ehdr->h_dest, dst, ETH_ALEN);
1195 memcpy(ehdr->h_source, src, ETH_ALEN);
1196 ehdr->h_proto = len;
1197 }
1198 return 0;
1199 }
1200
1201 /*
1202 * requires that rx->skb is a frame with ethernet header
1203 */
1204 static bool ieee80211_frame_allowed(struct ieee80211_rx_data *rx, __le16 fc)
1205 {
1206 static const u8 pae_group_addr[ETH_ALEN] __aligned(2)
1207 = { 0x01, 0x80, 0xC2, 0x00, 0x00, 0x03 };
1208 struct ethhdr *ehdr = (struct ethhdr *) rx->skb->data;
1209
1210 /*
1211 * Allow EAPOL frames to us/the PAE group address regardless
1212 * of whether the frame was encrypted or not.
1213 */
1214 if (ehdr->h_proto == htons(ETH_P_PAE) &&
1215 (compare_ether_addr(ehdr->h_dest, rx->dev->dev_addr) == 0 ||
1216 compare_ether_addr(ehdr->h_dest, pae_group_addr) == 0))
1217 return true;
1218
1219 if (ieee80211_802_1x_port_control(rx) ||
1220 ieee80211_drop_unencrypted(rx, fc))
1221 return false;
1222
1223 return true;
1224 }
1225
1226 /*
1227 * requires that rx->skb is a frame with ethernet header
1228 */
1229 static void
1230 ieee80211_deliver_skb(struct ieee80211_rx_data *rx)
1231 {
1232 struct net_device *dev = rx->dev;
1233 struct ieee80211_local *local = rx->local;
1234 struct sk_buff *skb, *xmit_skb;
1235 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1236 struct ethhdr *ehdr = (struct ethhdr *) rx->skb->data;
1237 struct sta_info *dsta;
1238
1239 skb = rx->skb;
1240 xmit_skb = NULL;
1241
1242 if ((sdata->vif.type == NL80211_IFTYPE_AP ||
1243 sdata->vif.type == NL80211_IFTYPE_AP_VLAN) &&
1244 !(sdata->flags & IEEE80211_SDATA_DONT_BRIDGE_PACKETS) &&
1245 (rx->flags & IEEE80211_RX_RA_MATCH)) {
1246 if (is_multicast_ether_addr(ehdr->h_dest)) {
1247 /*
1248 * send multicast frames both to higher layers in
1249 * local net stack and back to the wireless medium
1250 */
1251 xmit_skb = skb_copy(skb, GFP_ATOMIC);
1252 if (!xmit_skb && net_ratelimit())
1253 printk(KERN_DEBUG "%s: failed to clone "
1254 "multicast frame\n", dev->name);
1255 } else {
1256 dsta = sta_info_get(local, skb->data);
1257 if (dsta && dsta->sdata->dev == dev) {
1258 /*
1259 * The destination station is associated to
1260 * this AP (in this VLAN), so send the frame
1261 * directly to it and do not pass it to local
1262 * net stack.
1263 */
1264 xmit_skb = skb;
1265 skb = NULL;
1266 }
1267 }
1268 }
1269
1270 if (skb) {
1271 /* deliver to local stack */
1272 skb->protocol = eth_type_trans(skb, dev);
1273 memset(skb->cb, 0, sizeof(skb->cb));
1274 netif_rx(skb);
1275 }
1276
1277 if (xmit_skb) {
1278 /* send to wireless media */
1279 xmit_skb->protocol = htons(ETH_P_802_3);
1280 skb_reset_network_header(xmit_skb);
1281 skb_reset_mac_header(xmit_skb);
1282 dev_queue_xmit(xmit_skb);
1283 }
1284 }
1285
1286 static ieee80211_rx_result debug_noinline
1287 ieee80211_rx_h_amsdu(struct ieee80211_rx_data *rx)
1288 {
1289 struct net_device *dev = rx->dev;
1290 struct ieee80211_local *local = rx->local;
1291 u16 ethertype;
1292 u8 *payload;
1293 struct sk_buff *skb = rx->skb, *frame = NULL;
1294 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
1295 __le16 fc = hdr->frame_control;
1296 const struct ethhdr *eth;
1297 int remaining, err;
1298 u8 dst[ETH_ALEN];
1299 u8 src[ETH_ALEN];
1300
1301 if (unlikely(!ieee80211_is_data(fc)))
1302 return RX_CONTINUE;
1303
1304 if (unlikely(!ieee80211_is_data_present(fc)))
1305 return RX_DROP_MONITOR;
1306
1307 if (!(rx->flags & IEEE80211_RX_AMSDU))
1308 return RX_CONTINUE;
1309
1310 err = ieee80211_data_to_8023(rx);
1311 if (unlikely(err))
1312 return RX_DROP_UNUSABLE;
1313
1314 skb->dev = dev;
1315
1316 dev->stats.rx_packets++;
1317 dev->stats.rx_bytes += skb->len;
1318
1319 /* skip the wrapping header */
1320 eth = (struct ethhdr *) skb_pull(skb, sizeof(struct ethhdr));
1321 if (!eth)
1322 return RX_DROP_UNUSABLE;
1323
1324 while (skb != frame) {
1325 u8 padding;
1326 __be16 len = eth->h_proto;
1327 unsigned int subframe_len = sizeof(struct ethhdr) + ntohs(len);
1328
1329 remaining = skb->len;
1330 memcpy(dst, eth->h_dest, ETH_ALEN);
1331 memcpy(src, eth->h_source, ETH_ALEN);
1332
1333 padding = ((4 - subframe_len) & 0x3);
1334 /* the last MSDU has no padding */
1335 if (subframe_len > remaining)
1336 return RX_DROP_UNUSABLE;
1337
1338 skb_pull(skb, sizeof(struct ethhdr));
1339 /* if last subframe reuse skb */
1340 if (remaining <= subframe_len + padding)
1341 frame = skb;
1342 else {
1343 frame = dev_alloc_skb(local->hw.extra_tx_headroom +
1344 subframe_len);
1345
1346 if (frame == NULL)
1347 return RX_DROP_UNUSABLE;
1348
1349 skb_reserve(frame, local->hw.extra_tx_headroom +
1350 sizeof(struct ethhdr));
1351 memcpy(skb_put(frame, ntohs(len)), skb->data,
1352 ntohs(len));
1353
1354 eth = (struct ethhdr *) skb_pull(skb, ntohs(len) +
1355 padding);
1356 if (!eth) {
1357 dev_kfree_skb(frame);
1358 return RX_DROP_UNUSABLE;
1359 }
1360 }
1361
1362 skb_reset_network_header(frame);
1363 frame->dev = dev;
1364 frame->priority = skb->priority;
1365 rx->skb = frame;
1366
1367 payload = frame->data;
1368 ethertype = (payload[6] << 8) | payload[7];
1369
1370 if (likely((compare_ether_addr(payload, rfc1042_header) == 0 &&
1371 ethertype != ETH_P_AARP && ethertype != ETH_P_IPX) ||
1372 compare_ether_addr(payload,
1373 bridge_tunnel_header) == 0)) {
1374 /* remove RFC1042 or Bridge-Tunnel
1375 * encapsulation and replace EtherType */
1376 skb_pull(frame, 6);
1377 memcpy(skb_push(frame, ETH_ALEN), src, ETH_ALEN);
1378 memcpy(skb_push(frame, ETH_ALEN), dst, ETH_ALEN);
1379 } else {
1380 memcpy(skb_push(frame, sizeof(__be16)),
1381 &len, sizeof(__be16));
1382 memcpy(skb_push(frame, ETH_ALEN), src, ETH_ALEN);
1383 memcpy(skb_push(frame, ETH_ALEN), dst, ETH_ALEN);
1384 }
1385
1386 if (!ieee80211_frame_allowed(rx, fc)) {
1387 if (skb == frame) /* last frame */
1388 return RX_DROP_UNUSABLE;
1389 dev_kfree_skb(frame);
1390 continue;
1391 }
1392
1393 ieee80211_deliver_skb(rx);
1394 }
1395
1396 return RX_QUEUED;
1397 }
1398
1399 #ifdef CONFIG_MAC80211_MESH
1400 static ieee80211_rx_result
1401 ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx)
1402 {
1403 struct ieee80211_hdr *hdr;
1404 struct ieee80211s_hdr *mesh_hdr;
1405 unsigned int hdrlen;
1406 struct sk_buff *skb = rx->skb, *fwd_skb;
1407
1408 hdr = (struct ieee80211_hdr *) skb->data;
1409 hdrlen = ieee80211_hdrlen(hdr->frame_control);
1410 mesh_hdr = (struct ieee80211s_hdr *) (skb->data + hdrlen);
1411
1412 if (!ieee80211_is_data(hdr->frame_control))
1413 return RX_CONTINUE;
1414
1415 if (!mesh_hdr->ttl)
1416 /* illegal frame */
1417 return RX_DROP_MONITOR;
1418
1419 if (mesh_hdr->flags & MESH_FLAGS_AE_A5_A6){
1420 struct ieee80211_sub_if_data *sdata;
1421 struct mesh_path *mppath;
1422
1423 sdata = IEEE80211_DEV_TO_SUB_IF(rx->dev);
1424 rcu_read_lock();
1425 mppath = mpp_path_lookup(mesh_hdr->eaddr2, sdata);
1426 if (!mppath) {
1427 mpp_path_add(mesh_hdr->eaddr2, hdr->addr4, sdata);
1428 } else {
1429 spin_lock_bh(&mppath->state_lock);
1430 mppath->exp_time = jiffies;
1431 if (compare_ether_addr(mppath->mpp, hdr->addr4) != 0)
1432 memcpy(mppath->mpp, hdr->addr4, ETH_ALEN);
1433 spin_unlock_bh(&mppath->state_lock);
1434 }
1435 rcu_read_unlock();
1436 }
1437
1438 if (compare_ether_addr(rx->dev->dev_addr, hdr->addr3) == 0)
1439 return RX_CONTINUE;
1440
1441 mesh_hdr->ttl--;
1442
1443 if (rx->flags & IEEE80211_RX_RA_MATCH) {
1444 if (!mesh_hdr->ttl)
1445 IEEE80211_IFSTA_MESH_CTR_INC(&rx->sdata->u.mesh,
1446 dropped_frames_ttl);
1447 else {
1448 struct ieee80211_hdr *fwd_hdr;
1449 fwd_skb = skb_copy(skb, GFP_ATOMIC);
1450
1451 if (!fwd_skb && net_ratelimit())
1452 printk(KERN_DEBUG "%s: failed to clone mesh frame\n",
1453 rx->dev->name);
1454
1455 fwd_hdr = (struct ieee80211_hdr *) fwd_skb->data;
1456 /*
1457 * Save TA to addr1 to send TA a path error if a
1458 * suitable next hop is not found
1459 */
1460 memcpy(fwd_hdr->addr1, fwd_hdr->addr2, ETH_ALEN);
1461 memcpy(fwd_hdr->addr2, rx->dev->dev_addr, ETH_ALEN);
1462 fwd_skb->dev = rx->local->mdev;
1463 fwd_skb->iif = rx->dev->ifindex;
1464 dev_queue_xmit(fwd_skb);
1465 }
1466 }
1467
1468 if (is_multicast_ether_addr(hdr->addr3) ||
1469 rx->dev->flags & IFF_PROMISC)
1470 return RX_CONTINUE;
1471 else
1472 return RX_DROP_MONITOR;
1473 }
1474 #endif
1475
1476 static ieee80211_rx_result debug_noinline
1477 ieee80211_rx_h_data(struct ieee80211_rx_data *rx)
1478 {
1479 struct net_device *dev = rx->dev;
1480 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
1481 __le16 fc = hdr->frame_control;
1482 int err;
1483
1484 if (unlikely(!ieee80211_is_data(hdr->frame_control)))
1485 return RX_CONTINUE;
1486
1487 if (unlikely(!ieee80211_is_data_present(hdr->frame_control)))
1488 return RX_DROP_MONITOR;
1489
1490 err = ieee80211_data_to_8023(rx);
1491 if (unlikely(err))
1492 return RX_DROP_UNUSABLE;
1493
1494 if (!ieee80211_frame_allowed(rx, fc))
1495 return RX_DROP_MONITOR;
1496
1497 rx->skb->dev = dev;
1498
1499 dev->stats.rx_packets++;
1500 dev->stats.rx_bytes += rx->skb->len;
1501
1502 ieee80211_deliver_skb(rx);
1503
1504 return RX_QUEUED;
1505 }
1506
1507 static ieee80211_rx_result debug_noinline
1508 ieee80211_rx_h_ctrl(struct ieee80211_rx_data *rx)
1509 {
1510 struct ieee80211_local *local = rx->local;
1511 struct ieee80211_hw *hw = &local->hw;
1512 struct sk_buff *skb = rx->skb;
1513 struct ieee80211_bar *bar = (struct ieee80211_bar *)skb->data;
1514 struct tid_ampdu_rx *tid_agg_rx;
1515 u16 start_seq_num;
1516 u16 tid;
1517
1518 if (likely(!ieee80211_is_ctl(bar->frame_control)))
1519 return RX_CONTINUE;
1520
1521 if (ieee80211_is_back_req(bar->frame_control)) {
1522 if (!rx->sta)
1523 return RX_CONTINUE;
1524 tid = le16_to_cpu(bar->control) >> 12;
1525 if (rx->sta->ampdu_mlme.tid_state_rx[tid]
1526 != HT_AGG_STATE_OPERATIONAL)
1527 return RX_CONTINUE;
1528 tid_agg_rx = rx->sta->ampdu_mlme.tid_rx[tid];
1529
1530 start_seq_num = le16_to_cpu(bar->start_seq_num) >> 4;
1531
1532 /* reset session timer */
1533 if (tid_agg_rx->timeout) {
1534 unsigned long expires =
1535 jiffies + (tid_agg_rx->timeout / 1000) * HZ;
1536 mod_timer(&tid_agg_rx->session_timer, expires);
1537 }
1538
1539 /* manage reordering buffer according to requested */
1540 /* sequence number */
1541 rcu_read_lock();
1542 ieee80211_sta_manage_reorder_buf(hw, tid_agg_rx, NULL, NULL,
1543 start_seq_num, 1);
1544 rcu_read_unlock();
1545 return RX_DROP_UNUSABLE;
1546 }
1547
1548 return RX_CONTINUE;
1549 }
1550
1551 static ieee80211_rx_result debug_noinline
1552 ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
1553 {
1554 struct ieee80211_local *local = rx->local;
1555 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(rx->dev);
1556 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) rx->skb->data;
1557 int len = rx->skb->len;
1558
1559 if (!ieee80211_is_action(mgmt->frame_control))
1560 return RX_CONTINUE;
1561
1562 if (!rx->sta)
1563 return RX_DROP_MONITOR;
1564
1565 if (!(rx->flags & IEEE80211_RX_RA_MATCH))
1566 return RX_DROP_MONITOR;
1567
1568 /* all categories we currently handle have action_code */
1569 if (len < IEEE80211_MIN_ACTION_SIZE + 1)
1570 return RX_DROP_MONITOR;
1571
1572 switch (mgmt->u.action.category) {
1573 case WLAN_CATEGORY_BACK:
1574 switch (mgmt->u.action.u.addba_req.action_code) {
1575 case WLAN_ACTION_ADDBA_REQ:
1576 if (len < (IEEE80211_MIN_ACTION_SIZE +
1577 sizeof(mgmt->u.action.u.addba_req)))
1578 return RX_DROP_MONITOR;
1579 ieee80211_process_addba_request(local, rx->sta, mgmt, len);
1580 break;
1581 case WLAN_ACTION_ADDBA_RESP:
1582 if (len < (IEEE80211_MIN_ACTION_SIZE +
1583 sizeof(mgmt->u.action.u.addba_resp)))
1584 return RX_DROP_MONITOR;
1585 ieee80211_process_addba_resp(local, rx->sta, mgmt, len);
1586 break;
1587 case WLAN_ACTION_DELBA:
1588 if (len < (IEEE80211_MIN_ACTION_SIZE +
1589 sizeof(mgmt->u.action.u.delba)))
1590 return RX_DROP_MONITOR;
1591 ieee80211_process_delba(sdata, rx->sta, mgmt, len);
1592 break;
1593 }
1594 break;
1595 case WLAN_CATEGORY_SPECTRUM_MGMT:
1596 if (local->hw.conf.channel->band != IEEE80211_BAND_5GHZ)
1597 return RX_DROP_MONITOR;
1598 switch (mgmt->u.action.u.measurement.action_code) {
1599 case WLAN_ACTION_SPCT_MSR_REQ:
1600 if (len < (IEEE80211_MIN_ACTION_SIZE +
1601 sizeof(mgmt->u.action.u.measurement)))
1602 return RX_DROP_MONITOR;
1603 ieee80211_process_measurement_req(sdata, mgmt, len);
1604 break;
1605 }
1606 break;
1607 default:
1608 return RX_CONTINUE;
1609 }
1610
1611 rx->sta->rx_packets++;
1612 dev_kfree_skb(rx->skb);
1613 return RX_QUEUED;
1614 }
1615
1616 static ieee80211_rx_result debug_noinline
1617 ieee80211_rx_h_mgmt(struct ieee80211_rx_data *rx)
1618 {
1619 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(rx->dev);
1620
1621 if (!(rx->flags & IEEE80211_RX_RA_MATCH))
1622 return RX_DROP_MONITOR;
1623
1624 if (ieee80211_vif_is_mesh(&sdata->vif))
1625 return ieee80211_mesh_rx_mgmt(sdata, rx->skb, rx->status);
1626
1627 if (sdata->vif.type != NL80211_IFTYPE_STATION &&
1628 sdata->vif.type != NL80211_IFTYPE_ADHOC)
1629 return RX_DROP_MONITOR;
1630
1631 if (sdata->flags & IEEE80211_SDATA_USERSPACE_MLME)
1632 return RX_DROP_MONITOR;
1633
1634 ieee80211_sta_rx_mgmt(sdata, rx->skb, rx->status);
1635 return RX_QUEUED;
1636 }
1637
1638 static void ieee80211_rx_michael_mic_report(struct net_device *dev,
1639 struct ieee80211_hdr *hdr,
1640 struct ieee80211_rx_data *rx)
1641 {
1642 int keyidx;
1643 unsigned int hdrlen;
1644
1645 hdrlen = ieee80211_hdrlen(hdr->frame_control);
1646 if (rx->skb->len >= hdrlen + 4)
1647 keyidx = rx->skb->data[hdrlen + 3] >> 6;
1648 else
1649 keyidx = -1;
1650
1651 if (!rx->sta) {
1652 /*
1653 * Some hardware seem to generate incorrect Michael MIC
1654 * reports; ignore them to avoid triggering countermeasures.
1655 */
1656 goto ignore;
1657 }
1658
1659 if (!ieee80211_has_protected(hdr->frame_control))
1660 goto ignore;
1661
1662 if (rx->sdata->vif.type == NL80211_IFTYPE_AP && keyidx) {
1663 /*
1664 * APs with pairwise keys should never receive Michael MIC
1665 * errors for non-zero keyidx because these are reserved for
1666 * group keys and only the AP is sending real multicast
1667 * frames in the BSS.
1668 */
1669 goto ignore;
1670 }
1671
1672 if (!ieee80211_is_data(hdr->frame_control) &&
1673 !ieee80211_is_auth(hdr->frame_control))
1674 goto ignore;
1675
1676 mac80211_ev_michael_mic_failure(rx->sdata, keyidx, hdr);
1677 ignore:
1678 dev_kfree_skb(rx->skb);
1679 rx->skb = NULL;
1680 }
1681
1682 /* TODO: use IEEE80211_RX_FRAGMENTED */
1683 static void ieee80211_rx_cooked_monitor(struct ieee80211_rx_data *rx)
1684 {
1685 struct ieee80211_sub_if_data *sdata;
1686 struct ieee80211_local *local = rx->local;
1687 struct ieee80211_rtap_hdr {
1688 struct ieee80211_radiotap_header hdr;
1689 u8 flags;
1690 u8 rate;
1691 __le16 chan_freq;
1692 __le16 chan_flags;
1693 } __attribute__ ((packed)) *rthdr;
1694 struct sk_buff *skb = rx->skb, *skb2;
1695 struct net_device *prev_dev = NULL;
1696 struct ieee80211_rx_status *status = rx->status;
1697
1698 if (rx->flags & IEEE80211_RX_CMNTR_REPORTED)
1699 goto out_free_skb;
1700
1701 if (skb_headroom(skb) < sizeof(*rthdr) &&
1702 pskb_expand_head(skb, sizeof(*rthdr), 0, GFP_ATOMIC))
1703 goto out_free_skb;
1704
1705 rthdr = (void *)skb_push(skb, sizeof(*rthdr));
1706 memset(rthdr, 0, sizeof(*rthdr));
1707 rthdr->hdr.it_len = cpu_to_le16(sizeof(*rthdr));
1708 rthdr->hdr.it_present =
1709 cpu_to_le32((1 << IEEE80211_RADIOTAP_FLAGS) |
1710 (1 << IEEE80211_RADIOTAP_RATE) |
1711 (1 << IEEE80211_RADIOTAP_CHANNEL));
1712
1713 rthdr->rate = rx->rate->bitrate / 5;
1714 rthdr->chan_freq = cpu_to_le16(status->freq);
1715
1716 if (status->band == IEEE80211_BAND_5GHZ)
1717 rthdr->chan_flags = cpu_to_le16(IEEE80211_CHAN_OFDM |
1718 IEEE80211_CHAN_5GHZ);
1719 else
1720 rthdr->chan_flags = cpu_to_le16(IEEE80211_CHAN_DYN |
1721 IEEE80211_CHAN_2GHZ);
1722
1723 skb_set_mac_header(skb, 0);
1724 skb->ip_summed = CHECKSUM_UNNECESSARY;
1725 skb->pkt_type = PACKET_OTHERHOST;
1726 skb->protocol = htons(ETH_P_802_2);
1727
1728 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
1729 if (!netif_running(sdata->dev))
1730 continue;
1731
1732 if (sdata->vif.type != NL80211_IFTYPE_MONITOR ||
1733 !(sdata->u.mntr_flags & MONITOR_FLAG_COOK_FRAMES))
1734 continue;
1735
1736 if (prev_dev) {
1737 skb2 = skb_clone(skb, GFP_ATOMIC);
1738 if (skb2) {
1739 skb2->dev = prev_dev;
1740 netif_rx(skb2);
1741 }
1742 }
1743
1744 prev_dev = sdata->dev;
1745 sdata->dev->stats.rx_packets++;
1746 sdata->dev->stats.rx_bytes += skb->len;
1747 }
1748
1749 if (prev_dev) {
1750 skb->dev = prev_dev;
1751 netif_rx(skb);
1752 skb = NULL;
1753 } else
1754 goto out_free_skb;
1755
1756 rx->flags |= IEEE80211_RX_CMNTR_REPORTED;
1757 return;
1758
1759 out_free_skb:
1760 dev_kfree_skb(skb);
1761 }
1762
1763
1764 static void ieee80211_invoke_rx_handlers(struct ieee80211_sub_if_data *sdata,
1765 struct ieee80211_rx_data *rx,
1766 struct sk_buff *skb)
1767 {
1768 ieee80211_rx_result res = RX_DROP_MONITOR;
1769
1770 rx->skb = skb;
1771 rx->sdata = sdata;
1772 rx->dev = sdata->dev;
1773
1774 #define CALL_RXH(rxh) \
1775 do { \
1776 res = rxh(rx); \
1777 if (res != RX_CONTINUE) \
1778 goto rxh_done; \
1779 } while (0);
1780
1781 CALL_RXH(ieee80211_rx_h_passive_scan)
1782 CALL_RXH(ieee80211_rx_h_check)
1783 CALL_RXH(ieee80211_rx_h_decrypt)
1784 CALL_RXH(ieee80211_rx_h_sta_process)
1785 CALL_RXH(ieee80211_rx_h_defragment)
1786 CALL_RXH(ieee80211_rx_h_ps_poll)
1787 CALL_RXH(ieee80211_rx_h_michael_mic_verify)
1788 /* must be after MMIC verify so header is counted in MPDU mic */
1789 CALL_RXH(ieee80211_rx_h_remove_qos_control)
1790 CALL_RXH(ieee80211_rx_h_amsdu)
1791 #ifdef CONFIG_MAC80211_MESH
1792 if (ieee80211_vif_is_mesh(&sdata->vif))
1793 CALL_RXH(ieee80211_rx_h_mesh_fwding);
1794 #endif
1795 CALL_RXH(ieee80211_rx_h_data)
1796 CALL_RXH(ieee80211_rx_h_ctrl)
1797 CALL_RXH(ieee80211_rx_h_action)
1798 CALL_RXH(ieee80211_rx_h_mgmt)
1799
1800 #undef CALL_RXH
1801
1802 rxh_done:
1803 switch (res) {
1804 case RX_DROP_MONITOR:
1805 I802_DEBUG_INC(sdata->local->rx_handlers_drop);
1806 if (rx->sta)
1807 rx->sta->rx_dropped++;
1808 /* fall through */
1809 case RX_CONTINUE:
1810 ieee80211_rx_cooked_monitor(rx);
1811 break;
1812 case RX_DROP_UNUSABLE:
1813 I802_DEBUG_INC(sdata->local->rx_handlers_drop);
1814 if (rx->sta)
1815 rx->sta->rx_dropped++;
1816 dev_kfree_skb(rx->skb);
1817 break;
1818 case RX_QUEUED:
1819 I802_DEBUG_INC(sdata->local->rx_handlers_queued);
1820 break;
1821 }
1822 }
1823
1824 /* main receive path */
1825
1826 static int prepare_for_handlers(struct ieee80211_sub_if_data *sdata,
1827 u8 *bssid, struct ieee80211_rx_data *rx,
1828 struct ieee80211_hdr *hdr)
1829 {
1830 int multicast = is_multicast_ether_addr(hdr->addr1);
1831
1832 switch (sdata->vif.type) {
1833 case NL80211_IFTYPE_STATION:
1834 if (!bssid)
1835 return 0;
1836 if (!ieee80211_bssid_match(bssid, sdata->u.sta.bssid)) {
1837 if (!(rx->flags & IEEE80211_RX_IN_SCAN))
1838 return 0;
1839 rx->flags &= ~IEEE80211_RX_RA_MATCH;
1840 } else if (!multicast &&
1841 compare_ether_addr(sdata->dev->dev_addr,
1842 hdr->addr1) != 0) {
1843 if (!(sdata->dev->flags & IFF_PROMISC))
1844 return 0;
1845 rx->flags &= ~IEEE80211_RX_RA_MATCH;
1846 }
1847 break;
1848 case NL80211_IFTYPE_ADHOC:
1849 if (!bssid)
1850 return 0;
1851 if (ieee80211_is_beacon(hdr->frame_control)) {
1852 return 1;
1853 }
1854 else if (!ieee80211_bssid_match(bssid, sdata->u.sta.bssid)) {
1855 if (!(rx->flags & IEEE80211_RX_IN_SCAN))
1856 return 0;
1857 rx->flags &= ~IEEE80211_RX_RA_MATCH;
1858 } else if (!multicast &&
1859 compare_ether_addr(sdata->dev->dev_addr,
1860 hdr->addr1) != 0) {
1861 if (!(sdata->dev->flags & IFF_PROMISC))
1862 return 0;
1863 rx->flags &= ~IEEE80211_RX_RA_MATCH;
1864 } else if (!rx->sta) {
1865 int rate_idx;
1866 if (rx->status->flag & RX_FLAG_HT)
1867 rate_idx = 0; /* TODO: HT rates */
1868 else
1869 rate_idx = rx->status->rate_idx;
1870 rx->sta = ieee80211_ibss_add_sta(sdata, bssid, hdr->addr2,
1871 BIT(rate_idx));
1872 }
1873 break;
1874 case NL80211_IFTYPE_MESH_POINT:
1875 if (!multicast &&
1876 compare_ether_addr(sdata->dev->dev_addr,
1877 hdr->addr1) != 0) {
1878 if (!(sdata->dev->flags & IFF_PROMISC))
1879 return 0;
1880
1881 rx->flags &= ~IEEE80211_RX_RA_MATCH;
1882 }
1883 break;
1884 case NL80211_IFTYPE_AP_VLAN:
1885 case NL80211_IFTYPE_AP:
1886 if (!bssid) {
1887 if (compare_ether_addr(sdata->dev->dev_addr,
1888 hdr->addr1))
1889 return 0;
1890 } else if (!ieee80211_bssid_match(bssid,
1891 sdata->dev->dev_addr)) {
1892 if (!(rx->flags & IEEE80211_RX_IN_SCAN))
1893 return 0;
1894 rx->flags &= ~IEEE80211_RX_RA_MATCH;
1895 }
1896 break;
1897 case NL80211_IFTYPE_WDS:
1898 if (bssid || !ieee80211_is_data(hdr->frame_control))
1899 return 0;
1900 if (compare_ether_addr(sdata->u.wds.remote_addr, hdr->addr2))
1901 return 0;
1902 break;
1903 case NL80211_IFTYPE_MONITOR:
1904 /* take everything */
1905 break;
1906 case NL80211_IFTYPE_UNSPECIFIED:
1907 case __NL80211_IFTYPE_AFTER_LAST:
1908 /* should never get here */
1909 WARN_ON(1);
1910 break;
1911 }
1912
1913 return 1;
1914 }
1915
1916 /*
1917 * This is the actual Rx frames handler. as it blongs to Rx path it must
1918 * be called with rcu_read_lock protection.
1919 */
1920 static void __ieee80211_rx_handle_packet(struct ieee80211_hw *hw,
1921 struct sk_buff *skb,
1922 struct ieee80211_rx_status *status,
1923 struct ieee80211_rate *rate)
1924 {
1925 struct ieee80211_local *local = hw_to_local(hw);
1926 struct ieee80211_sub_if_data *sdata;
1927 struct ieee80211_hdr *hdr;
1928 struct ieee80211_rx_data rx;
1929 int prepares;
1930 struct ieee80211_sub_if_data *prev = NULL;
1931 struct sk_buff *skb_new;
1932 u8 *bssid;
1933
1934 hdr = (struct ieee80211_hdr *)skb->data;
1935 memset(&rx, 0, sizeof(rx));
1936 rx.skb = skb;
1937 rx.local = local;
1938
1939 rx.status = status;
1940 rx.rate = rate;
1941
1942 if (ieee80211_is_data(hdr->frame_control) || ieee80211_is_mgmt(hdr->frame_control))
1943 local->dot11ReceivedFragmentCount++;
1944
1945 rx.sta = sta_info_get(local, hdr->addr2);
1946 if (rx.sta) {
1947 rx.sdata = rx.sta->sdata;
1948 rx.dev = rx.sta->sdata->dev;
1949 }
1950
1951 if ((status->flag & RX_FLAG_MMIC_ERROR)) {
1952 ieee80211_rx_michael_mic_report(local->mdev, hdr, &rx);
1953 return;
1954 }
1955
1956 if (unlikely(local->sw_scanning || local->hw_scanning))
1957 rx.flags |= IEEE80211_RX_IN_SCAN;
1958
1959 ieee80211_parse_qos(&rx);
1960 ieee80211_verify_ip_alignment(&rx);
1961
1962 skb = rx.skb;
1963
1964 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
1965 if (!netif_running(sdata->dev))
1966 continue;
1967
1968 if (sdata->vif.type == NL80211_IFTYPE_MONITOR)
1969 continue;
1970
1971 bssid = ieee80211_get_bssid(hdr, skb->len, sdata->vif.type);
1972 rx.flags |= IEEE80211_RX_RA_MATCH;
1973 prepares = prepare_for_handlers(sdata, bssid, &rx, hdr);
1974
1975 if (!prepares)
1976 continue;
1977
1978 /*
1979 * frame is destined for this interface, but if it's not
1980 * also for the previous one we handle that after the
1981 * loop to avoid copying the SKB once too much
1982 */
1983
1984 if (!prev) {
1985 prev = sdata;
1986 continue;
1987 }
1988
1989 /*
1990 * frame was destined for the previous interface
1991 * so invoke RX handlers for it
1992 */
1993
1994 skb_new = skb_copy(skb, GFP_ATOMIC);
1995 if (!skb_new) {
1996 if (net_ratelimit())
1997 printk(KERN_DEBUG "%s: failed to copy "
1998 "multicast frame for %s\n",
1999 wiphy_name(local->hw.wiphy),
2000 prev->dev->name);
2001 continue;
2002 }
2003 ieee80211_invoke_rx_handlers(prev, &rx, skb_new);
2004 prev = sdata;
2005 }
2006 if (prev)
2007 ieee80211_invoke_rx_handlers(prev, &rx, skb);
2008 else
2009 dev_kfree_skb(skb);
2010 }
2011
2012 #define SEQ_MODULO 0x1000
2013 #define SEQ_MASK 0xfff
2014
2015 static inline int seq_less(u16 sq1, u16 sq2)
2016 {
2017 return ((sq1 - sq2) & SEQ_MASK) > (SEQ_MODULO >> 1);
2018 }
2019
2020 static inline u16 seq_inc(u16 sq)
2021 {
2022 return (sq + 1) & SEQ_MASK;
2023 }
2024
2025 static inline u16 seq_sub(u16 sq1, u16 sq2)
2026 {
2027 return (sq1 - sq2) & SEQ_MASK;
2028 }
2029
2030
2031 /*
2032 * As it function blongs to Rx path it must be called with
2033 * the proper rcu_read_lock protection for its flow.
2034 */
2035 static u8 ieee80211_sta_manage_reorder_buf(struct ieee80211_hw *hw,
2036 struct tid_ampdu_rx *tid_agg_rx,
2037 struct sk_buff *skb,
2038 struct ieee80211_rx_status *rxstatus,
2039 u16 mpdu_seq_num,
2040 int bar_req)
2041 {
2042 struct ieee80211_local *local = hw_to_local(hw);
2043 struct ieee80211_rx_status status;
2044 u16 head_seq_num, buf_size;
2045 int index;
2046 struct ieee80211_supported_band *sband;
2047 struct ieee80211_rate *rate;
2048
2049 buf_size = tid_agg_rx->buf_size;
2050 head_seq_num = tid_agg_rx->head_seq_num;
2051
2052 /* frame with out of date sequence number */
2053 if (seq_less(mpdu_seq_num, head_seq_num)) {
2054 dev_kfree_skb(skb);
2055 return 1;
2056 }
2057
2058 /* if frame sequence number exceeds our buffering window size or
2059 * block Ack Request arrived - release stored frames */
2060 if ((!seq_less(mpdu_seq_num, head_seq_num + buf_size)) || (bar_req)) {
2061 /* new head to the ordering buffer */
2062 if (bar_req)
2063 head_seq_num = mpdu_seq_num;
2064 else
2065 head_seq_num =
2066 seq_inc(seq_sub(mpdu_seq_num, buf_size));
2067 /* release stored frames up to new head to stack */
2068 while (seq_less(tid_agg_rx->head_seq_num, head_seq_num)) {
2069 index = seq_sub(tid_agg_rx->head_seq_num,
2070 tid_agg_rx->ssn)
2071 % tid_agg_rx->buf_size;
2072
2073 if (tid_agg_rx->reorder_buf[index]) {
2074 /* release the reordered frames to stack */
2075 memcpy(&status,
2076 tid_agg_rx->reorder_buf[index]->cb,
2077 sizeof(status));
2078 sband = local->hw.wiphy->bands[status.band];
2079 if (status.flag & RX_FLAG_HT) {
2080 /* TODO: HT rates */
2081 rate = sband->bitrates;
2082 } else {
2083 rate = &sband->bitrates
2084 [status.rate_idx];
2085 }
2086 __ieee80211_rx_handle_packet(hw,
2087 tid_agg_rx->reorder_buf[index],
2088 &status, rate);
2089 tid_agg_rx->stored_mpdu_num--;
2090 tid_agg_rx->reorder_buf[index] = NULL;
2091 }
2092 tid_agg_rx->head_seq_num =
2093 seq_inc(tid_agg_rx->head_seq_num);
2094 }
2095 if (bar_req)
2096 return 1;
2097 }
2098
2099 /* now the new frame is always in the range of the reordering */
2100 /* buffer window */
2101 index = seq_sub(mpdu_seq_num, tid_agg_rx->ssn)
2102 % tid_agg_rx->buf_size;
2103 /* check if we already stored this frame */
2104 if (tid_agg_rx->reorder_buf[index]) {
2105 dev_kfree_skb(skb);
2106 return 1;
2107 }
2108
2109 /* if arrived mpdu is in the right order and nothing else stored */
2110 /* release it immediately */
2111 if (mpdu_seq_num == tid_agg_rx->head_seq_num &&
2112 tid_agg_rx->stored_mpdu_num == 0) {
2113 tid_agg_rx->head_seq_num =
2114 seq_inc(tid_agg_rx->head_seq_num);
2115 return 0;
2116 }
2117
2118 /* put the frame in the reordering buffer */
2119 tid_agg_rx->reorder_buf[index] = skb;
2120 memcpy(tid_agg_rx->reorder_buf[index]->cb, rxstatus,
2121 sizeof(*rxstatus));
2122 tid_agg_rx->stored_mpdu_num++;
2123 /* release the buffer until next missing frame */
2124 index = seq_sub(tid_agg_rx->head_seq_num, tid_agg_rx->ssn)
2125 % tid_agg_rx->buf_size;
2126 while (tid_agg_rx->reorder_buf[index]) {
2127 /* release the reordered frame back to stack */
2128 memcpy(&status, tid_agg_rx->reorder_buf[index]->cb,
2129 sizeof(status));
2130 sband = local->hw.wiphy->bands[status.band];
2131 if (status.flag & RX_FLAG_HT)
2132 rate = sband->bitrates; /* TODO: HT rates */
2133 else
2134 rate = &sband->bitrates[status.rate_idx];
2135 __ieee80211_rx_handle_packet(hw, tid_agg_rx->reorder_buf[index],
2136 &status, rate);
2137 tid_agg_rx->stored_mpdu_num--;
2138 tid_agg_rx->reorder_buf[index] = NULL;
2139 tid_agg_rx->head_seq_num = seq_inc(tid_agg_rx->head_seq_num);
2140 index = seq_sub(tid_agg_rx->head_seq_num,
2141 tid_agg_rx->ssn) % tid_agg_rx->buf_size;
2142 }
2143 return 1;
2144 }
2145
2146 static u8 ieee80211_rx_reorder_ampdu(struct ieee80211_local *local,
2147 struct sk_buff *skb,
2148 struct ieee80211_rx_status *status)
2149 {
2150 struct ieee80211_hw *hw = &local->hw;
2151 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
2152 struct sta_info *sta;
2153 struct tid_ampdu_rx *tid_agg_rx;
2154 u16 sc;
2155 u16 mpdu_seq_num;
2156 u8 ret = 0;
2157 int tid;
2158
2159 sta = sta_info_get(local, hdr->addr2);
2160 if (!sta)
2161 return ret;
2162
2163 /* filter the QoS data rx stream according to
2164 * STA/TID and check if this STA/TID is on aggregation */
2165 if (!ieee80211_is_data_qos(hdr->frame_control))
2166 goto end_reorder;
2167
2168 tid = *ieee80211_get_qos_ctl(hdr) & IEEE80211_QOS_CTL_TID_MASK;
2169
2170 if (sta->ampdu_mlme.tid_state_rx[tid] != HT_AGG_STATE_OPERATIONAL)
2171 goto end_reorder;
2172
2173 tid_agg_rx = sta->ampdu_mlme.tid_rx[tid];
2174
2175 /* qos null data frames are excluded */
2176 if (unlikely(hdr->frame_control & cpu_to_le16(IEEE80211_STYPE_NULLFUNC)))
2177 goto end_reorder;
2178
2179 /* new un-ordered ampdu frame - process it */
2180
2181 /* reset session timer */
2182 if (tid_agg_rx->timeout) {
2183 unsigned long expires =
2184 jiffies + (tid_agg_rx->timeout / 1000) * HZ;
2185 mod_timer(&tid_agg_rx->session_timer, expires);
2186 }
2187
2188 /* if this mpdu is fragmented - terminate rx aggregation session */
2189 sc = le16_to_cpu(hdr->seq_ctrl);
2190 if (sc & IEEE80211_SCTL_FRAG) {
2191 ieee80211_sta_stop_rx_ba_session(sta->sdata, sta->sta.addr,
2192 tid, 0, WLAN_REASON_QSTA_REQUIRE_SETUP);
2193 ret = 1;
2194 goto end_reorder;
2195 }
2196
2197 /* according to mpdu sequence number deal with reordering buffer */
2198 mpdu_seq_num = (sc & IEEE80211_SCTL_SEQ) >> 4;
2199 ret = ieee80211_sta_manage_reorder_buf(hw, tid_agg_rx, skb, status,
2200 mpdu_seq_num, 0);
2201 end_reorder:
2202 return ret;
2203 }
2204
2205 /*
2206 * This is the receive path handler. It is called by a low level driver when an
2207 * 802.11 MPDU is received from the hardware.
2208 */
2209 void __ieee80211_rx(struct ieee80211_hw *hw, struct sk_buff *skb,
2210 struct ieee80211_rx_status *status)
2211 {
2212 struct ieee80211_local *local = hw_to_local(hw);
2213 struct ieee80211_rate *rate = NULL;
2214 struct ieee80211_supported_band *sband;
2215
2216 if (status->band < 0 ||
2217 status->band >= IEEE80211_NUM_BANDS) {
2218 WARN_ON(1);
2219 return;
2220 }
2221
2222 sband = local->hw.wiphy->bands[status->band];
2223 if (!sband) {
2224 WARN_ON(1);
2225 return;
2226 }
2227
2228 if (status->flag & RX_FLAG_HT) {
2229 /* rate_idx is MCS index */
2230 if (WARN_ON(status->rate_idx < 0 ||
2231 status->rate_idx >= 76))
2232 return;
2233 /* HT rates are not in the table - use the highest legacy rate
2234 * for now since other parts of mac80211 may not yet be fully
2235 * MCS aware. */
2236 rate = &sband->bitrates[sband->n_bitrates - 1];
2237 } else {
2238 if (WARN_ON(status->rate_idx < 0 ||
2239 status->rate_idx >= sband->n_bitrates))
2240 return;
2241 rate = &sband->bitrates[status->rate_idx];
2242 }
2243
2244 /*
2245 * key references and virtual interfaces are protected using RCU
2246 * and this requires that we are in a read-side RCU section during
2247 * receive processing
2248 */
2249 rcu_read_lock();
2250
2251 /*
2252 * Frames with failed FCS/PLCP checksum are not returned,
2253 * all other frames are returned without radiotap header
2254 * if it was previously present.
2255 * Also, frames with less than 16 bytes are dropped.
2256 */
2257 skb = ieee80211_rx_monitor(local, skb, status, rate);
2258 if (!skb) {
2259 rcu_read_unlock();
2260 return;
2261 }
2262
2263 if (!ieee80211_rx_reorder_ampdu(local, skb, status))
2264 __ieee80211_rx_handle_packet(hw, skb, status, rate);
2265
2266 rcu_read_unlock();
2267 }
2268 EXPORT_SYMBOL(__ieee80211_rx);
2269
2270 /* This is a version of the rx handler that can be called from hard irq
2271 * context. Post the skb on the queue and schedule the tasklet */
2272 void ieee80211_rx_irqsafe(struct ieee80211_hw *hw, struct sk_buff *skb,
2273 struct ieee80211_rx_status *status)
2274 {
2275 struct ieee80211_local *local = hw_to_local(hw);
2276
2277 BUILD_BUG_ON(sizeof(struct ieee80211_rx_status) > sizeof(skb->cb));
2278
2279 skb->dev = local->mdev;
2280 /* copy status into skb->cb for use by tasklet */
2281 memcpy(skb->cb, status, sizeof(*status));
2282 skb->pkt_type = IEEE80211_RX_MSG;
2283 skb_queue_tail(&local->skb_queue, skb);
2284 tasklet_schedule(&local->tasklet);
2285 }
2286 EXPORT_SYMBOL(ieee80211_rx_irqsafe);
Linux 2.6 ibm-acpi/thinkpad-acpi driver git tree