1/* 2 * Copyright 2002-2005, Instant802 Networks, Inc. 3 * Copyright 2005-2006, Devicescape Software, Inc. 4 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 5 * 6 * This program is free software; you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License version 2 as 8 * published by the Free Software Foundation. 9 */ 10 11#include <net/mac80211.h> 12#include <net/ieee80211_radiotap.h> 13#include <linux/module.h> 14#include <linux/init.h> 15#include <linux/netdevice.h> 16#include <linux/types.h> 17#include <linux/slab.h> 18#include <linux/skbuff.h> 19#include <linux/etherdevice.h> 20#include <linux/if_arp.h> 21#include <linux/wireless.h> 22#include <linux/rtnetlink.h> 23#include <net/iw_handler.h> 24#include <linux/compiler.h> 25#include <linux/bitmap.h> 26#include <net/cfg80211.h> 27 28#include "ieee80211_common.h" 29#include "ieee80211_i.h" 30#include "ieee80211_rate.h" 31#include "wep.h" 32#include "wpa.h" 33#include "tkip.h" 34#include "wme.h" 35#include "aes_ccm.h" 36#include "ieee80211_led.h" 37#include "ieee80211_cfg.h" 38#include "debugfs.h" 39#include "debugfs_netdev.h" 40#include "debugfs_key.h" 41 42/* privid for wiphys to determine whether they belong to us or not */ 43void *mac80211_wiphy_privid = &mac80211_wiphy_privid; 44 45/* See IEEE 802.1H for LLC/SNAP encapsulation/decapsulation */ 46/* Ethernet-II snap header (RFC1042 for most EtherTypes) */ 47static const unsigned char rfc1042_header[] = 48 { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 }; 49 50/* Bridge-Tunnel header (for EtherTypes ETH_P_AARP and ETH_P_IPX) */ 51static const unsigned char bridge_tunnel_header[] = 52 { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0xf8 }; 53 54/* No encapsulation header if EtherType < 0x600 (=length) */ 55static const unsigned char eapol_header[] = 56 { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00, 0x88, 0x8e }; 57 58 59static inline void ieee80211_include_sequence(struct ieee80211_sub_if_data *sdata, 60 struct ieee80211_hdr *hdr) 61{ 62 /* Set the sequence number for this frame. */ 63 hdr->seq_ctrl = cpu_to_le16(sdata->sequence); 64 65 /* Increase the sequence number. */ 66 sdata->sequence = (sdata->sequence + 0x10) & IEEE80211_SCTL_SEQ; 67} 68 69struct ieee80211_key_conf * 70ieee80211_key_data2conf(struct ieee80211_local *local, 71 const struct ieee80211_key *data) 72{ 73 struct ieee80211_key_conf *conf; 74 75 conf = kmalloc(sizeof(*conf) + data->keylen, GFP_ATOMIC); 76 if (!conf) 77 return NULL; 78 79 conf->hw_key_idx = data->hw_key_idx; 80 conf->alg = data->alg; 81 conf->keylen = data->keylen; 82 conf->flags = 0; 83 if (data->force_sw_encrypt) 84 conf->flags |= IEEE80211_KEY_FORCE_SW_ENCRYPT; 85 conf->keyidx = data->keyidx; 86 if (data->default_tx_key) 87 conf->flags |= IEEE80211_KEY_DEFAULT_TX_KEY; 88 if (local->default_wep_only) 89 conf->flags |= IEEE80211_KEY_DEFAULT_WEP_ONLY; 90 memcpy(conf->key, data->key, data->keylen); 91 92 return conf; 93} 94 95struct ieee80211_key *ieee80211_key_alloc(struct ieee80211_sub_if_data *sdata, 96 int idx, size_t key_len, gfp_t flags) 97{ 98 struct ieee80211_key *key; 99 100 key = kzalloc(sizeof(struct ieee80211_key) + key_len, flags); 101 if (!key) 102 return NULL; 103 kref_init(&key->kref); 104 return key; 105} 106 107static void ieee80211_key_release(struct kref *kref) 108{ 109 struct ieee80211_key *key; 110 111 key = container_of(kref, struct ieee80211_key, kref); 112 if (key->alg == ALG_CCMP) 113 ieee80211_aes_key_free(key->u.ccmp.tfm); 114 ieee80211_debugfs_key_remove(key); 115 kfree(key); 116} 117 118void ieee80211_key_free(struct ieee80211_key *key) 119{ 120 if (key) 121 kref_put(&key->kref, ieee80211_key_release); 122} 123 124static int rate_list_match(const int *rate_list, int rate) 125{ 126 int i; 127 128 if (!rate_list) 129 return 0; 130 131 for (i = 0; rate_list[i] >= 0; i++) 132 if (rate_list[i] == rate) 133 return 1; 134 135 return 0; 136} 137 138 139void ieee80211_prepare_rates(struct ieee80211_local *local, 140 struct ieee80211_hw_mode *mode) 141{ 142 int i; 143 144 for (i = 0; i < mode->num_rates; i++) { 145 struct ieee80211_rate *rate = &mode->rates[i]; 146 147 rate->flags &= ~(IEEE80211_RATE_SUPPORTED | 148 IEEE80211_RATE_BASIC); 149 150 if (local->supp_rates[mode->mode]) { 151 if (!rate_list_match(local->supp_rates[mode->mode], 152 rate->rate)) 153 continue; 154 } 155 156 rate->flags |= IEEE80211_RATE_SUPPORTED; 157 158 /* Use configured basic rate set if it is available. If not, 159 * use defaults that are sane for most cases. */ 160 if (local->basic_rates[mode->mode]) { 161 if (rate_list_match(local->basic_rates[mode->mode], 162 rate->rate)) 163 rate->flags |= IEEE80211_RATE_BASIC; 164 } else switch (mode->mode) { 165 case MODE_IEEE80211A: 166 if (rate->rate == 60 || rate->rate == 120 || 167 rate->rate == 240) 168 rate->flags |= IEEE80211_RATE_BASIC; 169 break; 170 case MODE_IEEE80211B: 171 if (rate->rate == 10 || rate->rate == 20) 172 rate->flags |= IEEE80211_RATE_BASIC; 173 break; 174 case MODE_ATHEROS_TURBO: 175 if (rate->rate == 120 || rate->rate == 240 || 176 rate->rate == 480) 177 rate->flags |= IEEE80211_RATE_BASIC; 178 break; 179 case MODE_IEEE80211G: 180 if (rate->rate == 10 || rate->rate == 20 || 181 rate->rate == 55 || rate->rate == 110) 182 rate->flags |= IEEE80211_RATE_BASIC; 183 break; 184 } 185 186 /* Set ERP and MANDATORY flags based on phymode */ 187 switch (mode->mode) { 188 case MODE_IEEE80211A: 189 if (rate->rate == 60 || rate->rate == 120 || 190 rate->rate == 240) 191 rate->flags |= IEEE80211_RATE_MANDATORY; 192 break; 193 case MODE_IEEE80211B: 194 if (rate->rate == 10) 195 rate->flags |= IEEE80211_RATE_MANDATORY; 196 break; 197 case MODE_ATHEROS_TURBO: 198 break; 199 case MODE_IEEE80211G: 200 if (rate->rate == 10 || rate->rate == 20 || 201 rate->rate == 55 || rate->rate == 110 || 202 rate->rate == 60 || rate->rate == 120 || 203 rate->rate == 240) 204 rate->flags |= IEEE80211_RATE_MANDATORY; 205 break; 206 } 207 if (ieee80211_is_erp_rate(mode->mode, rate->rate)) 208 rate->flags |= IEEE80211_RATE_ERP; 209 } 210} 211 212 213static void ieee80211_key_threshold_notify(struct net_device *dev, 214 struct ieee80211_key *key, 215 struct sta_info *sta) 216{ 217 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 218 struct sk_buff *skb; 219 struct ieee80211_msg_key_notification *msg; 220 221 /* if no one will get it anyway, don't even allocate it. 222 * unlikely because this is only relevant for APs 223 * where the device must be open... */ 224 if (unlikely(!local->apdev)) 225 return; 226 227 skb = dev_alloc_skb(sizeof(struct ieee80211_frame_info) + 228 sizeof(struct ieee80211_msg_key_notification)); 229 if (!skb) 230 return; 231 232 skb_reserve(skb, sizeof(struct ieee80211_frame_info)); 233 msg = (struct ieee80211_msg_key_notification *) 234 skb_put(skb, sizeof(struct ieee80211_msg_key_notification)); 235 msg->tx_rx_count = key->tx_rx_count; 236 memcpy(msg->ifname, dev->name, IFNAMSIZ); 237 if (sta) 238 memcpy(msg->addr, sta->addr, ETH_ALEN); 239 else 240 memset(msg->addr, 0xff, ETH_ALEN); 241 242 key->tx_rx_count = 0; 243 244 ieee80211_rx_mgmt(local, skb, NULL, 245 ieee80211_msg_key_threshold_notification); 246} 247 248 249static u8 * ieee80211_get_bssid(struct ieee80211_hdr *hdr, size_t len) 250{ 251 u16 fc; 252 253 if (len < 24) 254 return NULL; 255 256 fc = le16_to_cpu(hdr->frame_control); 257 258 switch (fc & IEEE80211_FCTL_FTYPE) { 259 case IEEE80211_FTYPE_DATA: 260 switch (fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) { 261 case IEEE80211_FCTL_TODS: 262 return hdr->addr1; 263 case (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS): 264 return NULL; 265 case IEEE80211_FCTL_FROMDS: 266 return hdr->addr2; 267 case 0: 268 return hdr->addr3; 269 } 270 break; 271 case IEEE80211_FTYPE_MGMT: 272 return hdr->addr3; 273 case IEEE80211_FTYPE_CTL: 274 if ((fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_PSPOLL) 275 return hdr->addr1; 276 else 277 return NULL; 278 } 279 280 return NULL; 281} 282 283int ieee80211_get_hdrlen(u16 fc) 284{ 285 int hdrlen = 24; 286 287 switch (fc & IEEE80211_FCTL_FTYPE) { 288 case IEEE80211_FTYPE_DATA: 289 if ((fc & IEEE80211_FCTL_FROMDS) && (fc & IEEE80211_FCTL_TODS)) 290 hdrlen = 30; /* Addr4 */ 291 /* 292 * The QoS Control field is two bytes and its presence is 293 * indicated by the IEEE80211_STYPE_QOS_DATA bit. Add 2 to 294 * hdrlen if that bit is set. 295 * This works by masking out the bit and shifting it to 296 * bit position 1 so the result has the value 0 or 2. 297 */ 298 hdrlen += (fc & IEEE80211_STYPE_QOS_DATA) 299 >> (ilog2(IEEE80211_STYPE_QOS_DATA)-1); 300 break; 301 case IEEE80211_FTYPE_CTL: 302 /* 303 * ACK and CTS are 10 bytes, all others 16. To see how 304 * to get this condition consider 305 * subtype mask: 0b0000000011110000 (0x00F0) 306 * ACK subtype: 0b0000000011010000 (0x00D0) 307 * CTS subtype: 0b0000000011000000 (0x00C0) 308 * bits that matter: ^^^ (0x00E0) 309 * value of those: 0b0000000011000000 (0x00C0) 310 */ 311 if ((fc & 0xE0) == 0xC0) 312 hdrlen = 10; 313 else 314 hdrlen = 16; 315 break; 316 } 317 318 return hdrlen; 319} 320EXPORT_SYMBOL(ieee80211_get_hdrlen); 321 322int ieee80211_get_hdrlen_from_skb(const struct sk_buff *skb) 323{ 324 const struct ieee80211_hdr *hdr = (const struct ieee80211_hdr *) skb->data; 325 int hdrlen; 326 327 if (unlikely(skb->len < 10)) 328 return 0; 329 hdrlen = ieee80211_get_hdrlen(le16_to_cpu(hdr->frame_control)); 330 if (unlikely(hdrlen > skb->len)) 331 return 0; 332 return hdrlen; 333} 334EXPORT_SYMBOL(ieee80211_get_hdrlen_from_skb); 335 336static int ieee80211_get_radiotap_len(struct sk_buff *skb) 337{ 338 struct ieee80211_radiotap_header *hdr = 339 (struct ieee80211_radiotap_header *) skb->data; 340 341 return le16_to_cpu(hdr->it_len); 342} 343 344#ifdef CONFIG_MAC80211_LOWTX_FRAME_DUMP 345static void ieee80211_dump_frame(const char *ifname, const char *title, 346 const struct sk_buff *skb) 347{ 348 const struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 349 u16 fc; 350 int hdrlen; 351 352 printk(KERN_DEBUG "%s: %s (len=%d)", ifname, title, skb->len); 353 if (skb->len < 4) { 354 printk("\n"); 355 return; 356 } 357 358 fc = le16_to_cpu(hdr->frame_control); 359 hdrlen = ieee80211_get_hdrlen(fc); 360 if (hdrlen > skb->len) 361 hdrlen = skb->len; 362 if (hdrlen >= 4) 363 printk(" FC=0x%04x DUR=0x%04x", 364 fc, le16_to_cpu(hdr->duration_id)); 365 if (hdrlen >= 10) 366 printk(" A1=" MAC_FMT, MAC_ARG(hdr->addr1)); 367 if (hdrlen >= 16) 368 printk(" A2=" MAC_FMT, MAC_ARG(hdr->addr2)); 369 if (hdrlen >= 24) 370 printk(" A3=" MAC_FMT, MAC_ARG(hdr->addr3)); 371 if (hdrlen >= 30) 372 printk(" A4=" MAC_FMT, MAC_ARG(hdr->addr4)); 373 printk("\n"); 374} 375#else /* CONFIG_MAC80211_LOWTX_FRAME_DUMP */ 376static inline void ieee80211_dump_frame(const char *ifname, const char *title, 377 struct sk_buff *skb) 378{ 379} 380#endif /* CONFIG_MAC80211_LOWTX_FRAME_DUMP */ 381 382 383static int ieee80211_is_eapol(const struct sk_buff *skb) 384{ 385 const struct ieee80211_hdr *hdr; 386 u16 fc; 387 int hdrlen; 388 389 if (unlikely(skb->len < 10)) 390 return 0; 391 392 hdr = (const struct ieee80211_hdr *) skb->data; 393 fc = le16_to_cpu(hdr->frame_control); 394 395 if (unlikely(!WLAN_FC_DATA_PRESENT(fc))) 396 return 0; 397 398 hdrlen = ieee80211_get_hdrlen(fc); 399 400 if (unlikely(skb->len >= hdrlen + sizeof(eapol_header) && 401 memcmp(skb->data + hdrlen, eapol_header, 402 sizeof(eapol_header)) == 0)) 403 return 1; 404 405 return 0; 406} 407 408 409static ieee80211_txrx_result 410ieee80211_tx_h_rate_ctrl(struct ieee80211_txrx_data *tx) 411{ 412 struct rate_control_extra extra; 413 414 memset(&extra, 0, sizeof(extra)); 415 extra.mode = tx->u.tx.mode; 416 extra.mgmt_data = tx->sdata && 417 tx->sdata->type == IEEE80211_IF_TYPE_MGMT; 418 extra.ethertype = tx->ethertype; 419 420 tx->u.tx.rate = rate_control_get_rate(tx->local, tx->dev, tx->skb, 421 &extra); 422 if (unlikely(extra.probe != NULL)) { 423 tx->u.tx.control->flags |= IEEE80211_TXCTL_RATE_CTRL_PROBE; 424 tx->u.tx.probe_last_frag = 1; 425 tx->u.tx.control->alt_retry_rate = tx->u.tx.rate->val; 426 tx->u.tx.rate = extra.probe; 427 } else { 428 tx->u.tx.control->alt_retry_rate = -1; 429 } 430 if (!tx->u.tx.rate) 431 return TXRX_DROP; 432 if (tx->u.tx.mode->mode == MODE_IEEE80211G && 433 tx->local->cts_protect_erp_frames && tx->fragmented && 434 extra.nonerp) { 435 tx->u.tx.last_frag_rate = tx->u.tx.rate; 436 tx->u.tx.probe_last_frag = extra.probe ? 1 : 0; 437 438 tx->u.tx.rate = extra.nonerp; 439 tx->u.tx.control->rate = extra.nonerp; 440 tx->u.tx.control->flags &= ~IEEE80211_TXCTL_RATE_CTRL_PROBE; 441 } else { 442 tx->u.tx.last_frag_rate = tx->u.tx.rate; 443 tx->u.tx.control->rate = tx->u.tx.rate; 444 } 445 tx->u.tx.control->tx_rate = tx->u.tx.rate->val; 446 if ((tx->u.tx.rate->flags & IEEE80211_RATE_PREAMBLE2) && 447 tx->local->short_preamble && 448 (!tx->sta || (tx->sta->flags & WLAN_STA_SHORT_PREAMBLE))) { 449 tx->u.tx.short_preamble = 1; 450 tx->u.tx.control->tx_rate = tx->u.tx.rate->val2; 451 } 452 453 return TXRX_CONTINUE; 454} 455 456 457static ieee80211_txrx_result 458ieee80211_tx_h_select_key(struct ieee80211_txrx_data *tx) 459{ 460 if (tx->sta) 461 tx->u.tx.control->key_idx = tx->sta->key_idx_compression; 462 else 463 tx->u.tx.control->key_idx = HW_KEY_IDX_INVALID; 464 465 if (unlikely(tx->u.tx.control->flags & IEEE80211_TXCTL_DO_NOT_ENCRYPT)) 466 tx->key = NULL; 467 else if (tx->sta && tx->sta->key) 468 tx->key = tx->sta->key; 469 else if (tx->sdata->default_key) 470 tx->key = tx->sdata->default_key; 471 else if (tx->sdata->drop_unencrypted && 472 !(tx->sdata->eapol && ieee80211_is_eapol(tx->skb))) { 473 I802_DEBUG_INC(tx->local->tx_handlers_drop_unencrypted); 474 return TXRX_DROP; 475 } else 476 tx->key = NULL; 477 478 if (tx->key) { 479 tx->key->tx_rx_count++; 480 if (unlikely(tx->local->key_tx_rx_threshold && 481 tx->key->tx_rx_count > 482 tx->local->key_tx_rx_threshold)) { 483 ieee80211_key_threshold_notify(tx->dev, tx->key, 484 tx->sta); 485 } 486 } 487 488 return TXRX_CONTINUE; 489} 490 491 492static ieee80211_txrx_result 493ieee80211_tx_h_fragment(struct ieee80211_txrx_data *tx) 494{ 495 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) tx->skb->data; 496 size_t hdrlen, per_fragm, num_fragm, payload_len, left; 497 struct sk_buff **frags, *first, *frag; 498 int i; 499 u16 seq; 500 u8 *pos; 501 int frag_threshold = tx->local->fragmentation_threshold; 502 503 if (!tx->fragmented) 504 return TXRX_CONTINUE; 505 506 first = tx->skb; 507 508 hdrlen = ieee80211_get_hdrlen(tx->fc); 509 payload_len = first->len - hdrlen; 510 per_fragm = frag_threshold - hdrlen - FCS_LEN; 511 num_fragm = (payload_len + per_fragm - 1) / per_fragm; 512 513 frags = kzalloc(num_fragm * sizeof(struct sk_buff *), GFP_ATOMIC); 514 if (!frags) 515 goto fail; 516 517 hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_MOREFRAGS); 518 seq = le16_to_cpu(hdr->seq_ctrl) & IEEE80211_SCTL_SEQ; 519 pos = first->data + hdrlen + per_fragm; 520 left = payload_len - per_fragm; 521 for (i = 0; i < num_fragm - 1; i++) { 522 struct ieee80211_hdr *fhdr; 523 size_t copylen; 524 525 if (left <= 0) 526 goto fail; 527 528 /* reserve enough extra head and tail room for possible 529 * encryption */ 530 frag = frags[i] = 531 dev_alloc_skb(tx->local->hw.extra_tx_headroom + 532 frag_threshold + 533 IEEE80211_ENCRYPT_HEADROOM + 534 IEEE80211_ENCRYPT_TAILROOM); 535 if (!frag) 536 goto fail; 537 /* Make sure that all fragments use the same priority so 538 * that they end up using the same TX queue */ 539 frag->priority = first->priority; 540 skb_reserve(frag, tx->local->hw.extra_tx_headroom + 541 IEEE80211_ENCRYPT_HEADROOM); 542 fhdr = (struct ieee80211_hdr *) skb_put(frag, hdrlen); 543 memcpy(fhdr, first->data, hdrlen); 544 if (i == num_fragm - 2) 545 fhdr->frame_control &= cpu_to_le16(~IEEE80211_FCTL_MOREFRAGS); 546 fhdr->seq_ctrl = cpu_to_le16(seq | ((i + 1) & IEEE80211_SCTL_FRAG)); 547 copylen = left > per_fragm ? per_fragm : left; 548 memcpy(skb_put(frag, copylen), pos, copylen); 549 550 pos += copylen; 551 left -= copylen; 552 } 553 skb_trim(first, hdrlen + per_fragm); 554 555 tx->u.tx.num_extra_frag = num_fragm - 1; 556 tx->u.tx.extra_frag = frags; 557 558 return TXRX_CONTINUE; 559 560 fail: 561 printk(KERN_DEBUG "%s: failed to fragment frame\n", tx->dev->name); 562 if (frags) { 563 for (i = 0; i < num_fragm - 1; i++) 564 if (frags[i]) 565 dev_kfree_skb(frags[i]); 566 kfree(frags); 567 } 568 I802_DEBUG_INC(tx->local->tx_handlers_drop_fragment); 569 return TXRX_DROP; 570} 571 572 573static int wep_encrypt_skb(struct ieee80211_txrx_data *tx, struct sk_buff *skb) 574{ 575 if (tx->key->force_sw_encrypt) { 576 if (ieee80211_wep_encrypt(tx->local, skb, tx->key)) 577 return -1; 578 } else { 579 tx->u.tx.control->key_idx = tx->key->hw_key_idx; 580 if (tx->local->hw.flags & IEEE80211_HW_WEP_INCLUDE_IV) { 581 if (ieee80211_wep_add_iv(tx->local, skb, tx->key) == 582 NULL) 583 return -1; 584 } 585 } 586 return 0; 587} 588 589 590void ieee80211_tx_set_iswep(struct ieee80211_txrx_data *tx) 591{ 592 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) tx->skb->data; 593 594 hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_PROTECTED); 595 if (tx->u.tx.extra_frag) { 596 struct ieee80211_hdr *fhdr; 597 int i; 598 for (i = 0; i < tx->u.tx.num_extra_frag; i++) { 599 fhdr = (struct ieee80211_hdr *) 600 tx->u.tx.extra_frag[i]->data; 601 fhdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_PROTECTED); 602 } 603 } 604} 605 606 607static ieee80211_txrx_result 608ieee80211_tx_h_wep_encrypt(struct ieee80211_txrx_data *tx) 609{ 610 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) tx->skb->data; 611 u16 fc; 612 613 fc = le16_to_cpu(hdr->frame_control); 614 615 if (!tx->key || tx->key->alg != ALG_WEP || 616 ((fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA && 617 ((fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT || 618 (fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_AUTH))) 619 return TXRX_CONTINUE; 620 621 tx->u.tx.control->iv_len = WEP_IV_LEN; 622 tx->u.tx.control->icv_len = WEP_ICV_LEN; 623 ieee80211_tx_set_iswep(tx); 624 625 if (wep_encrypt_skb(tx, tx->skb) < 0) { 626 I802_DEBUG_INC(tx->local->tx_handlers_drop_wep); 627 return TXRX_DROP; 628 } 629 630 if (tx->u.tx.extra_frag) { 631 int i; 632 for (i = 0; i < tx->u.tx.num_extra_frag; i++) { 633 if (wep_encrypt_skb(tx, tx->u.tx.extra_frag[i]) < 0) { 634 I802_DEBUG_INC(tx->local-> 635 tx_handlers_drop_wep); 636 return TXRX_DROP; 637 } 638 } 639 } 640 641 return TXRX_CONTINUE; 642} 643 644 645static int ieee80211_frame_duration(struct ieee80211_local *local, size_t len, 646 int rate, int erp, int short_preamble) 647{ 648 int dur; 649 650 /* calculate duration (in microseconds, rounded up to next higher 651 * integer if it includes a fractional microsecond) to send frame of 652 * len bytes (does not include FCS) at the given rate. Duration will 653 * also include SIFS. 654 * 655 * rate is in 100 kbps, so divident is multiplied by 10 in the 656 * DIV_ROUND_UP() operations. 657 */ 658 659 if (local->hw.conf.phymode == MODE_IEEE80211A || erp || 660 local->hw.conf.phymode == MODE_ATHEROS_TURBO) { 661 /* 662 * OFDM: 663 * 664 * N_DBPS = DATARATE x 4 665 * N_SYM = Ceiling((16+8xLENGTH+6) / N_DBPS) 666 * (16 = SIGNAL time, 6 = tail bits) 667 * TXTIME = T_PREAMBLE + T_SIGNAL + T_SYM x N_SYM + Signal Ext 668 * 669 * T_SYM = 4 usec 670 * 802.11a - 17.5.2: aSIFSTime = 16 usec 671 * 802.11g - 19.8.4: aSIFSTime = 10 usec + 672 * signal ext = 6 usec 673 */ 674 /* FIX: Atheros Turbo may have different (shorter) duration? */ 675 dur = 16; /* SIFS + signal ext */ 676 dur += 16; /* 17.3.2.3: T_PREAMBLE = 16 usec */ 677 dur += 4; /* 17.3.2.3: T_SIGNAL = 4 usec */ 678 dur += 4 * DIV_ROUND_UP((16 + 8 * (len + 4) + 6) * 10, 679 4 * rate); /* T_SYM x N_SYM */ 680 } else { 681 /* 682 * 802.11b or 802.11g with 802.11b compatibility: 683 * 18.3.4: TXTIME = PreambleLength + PLCPHeaderTime + 684 * Ceiling(((LENGTH+PBCC)x8)/DATARATE). PBCC=0. 685 * 686 * 802.11 (DS): 15.3.3, 802.11b: 18.3.4 687 * aSIFSTime = 10 usec 688 * aPreambleLength = 144 usec or 72 usec with short preamble 689 * aPLCPHeaderLength = 48 usec or 24 usec with short preamble 690 */ 691 dur = 10; /* aSIFSTime = 10 usec */ 692 dur += short_preamble ? (72 + 24) : (144 + 48); 693 694 dur += DIV_ROUND_UP(8 * (len + 4) * 10, rate); 695 } 696 697 return dur; 698} 699 700 701/* Exported duration function for driver use */ 702__le16 ieee80211_generic_frame_duration(struct ieee80211_hw *hw, 703 size_t frame_len, int rate) 704{ 705 struct ieee80211_local *local = hw_to_local(hw); 706 u16 dur; 707 int erp; 708 709 erp = ieee80211_is_erp_rate(hw->conf.phymode, rate); 710 dur = ieee80211_frame_duration(local, frame_len, rate, 711 erp, local->short_preamble); 712 713 return cpu_to_le16(dur); 714} 715EXPORT_SYMBOL(ieee80211_generic_frame_duration); 716 717 718static u16 ieee80211_duration(struct ieee80211_txrx_data *tx, int group_addr, 719 int next_frag_len) 720{ 721 int rate, mrate, erp, dur, i; 722 struct ieee80211_rate *txrate = tx->u.tx.rate; 723 struct ieee80211_local *local = tx->local; 724 struct ieee80211_hw_mode *mode = tx->u.tx.mode; 725 726 erp = txrate->flags & IEEE80211_RATE_ERP; 727 728 /* 729 * data and mgmt (except PS Poll): 730 * - during CFP: 32768 731 * - during contention period: 732 * if addr1 is group address: 0 733 * if more fragments = 0 and addr1 is individual address: time to 734 * transmit one ACK plus SIFS 735 * if more fragments = 1 and addr1 is individual address: time to 736 * transmit next fragment plus 2 x ACK plus 3 x SIFS 737 * 738 * IEEE 802.11, 9.6: 739 * - control response frame (CTS or ACK) shall be transmitted using the 740 * same rate as the immediately previous frame in the frame exchange 741 * sequence, if this rate belongs to the PHY mandatory rates, or else 742 * at the highest possible rate belonging to the PHY rates in the 743 * BSSBasicRateSet 744 */ 745 746 if ((tx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_CTL) { 747 /* TODO: These control frames are not currently sent by 748 * 80211.o, but should they be implemented, this function 749 * needs to be updated to support duration field calculation. 750 * 751 * RTS: time needed to transmit pending data/mgmt frame plus 752 * one CTS frame plus one ACK frame plus 3 x SIFS 753 * CTS: duration of immediately previous RTS minus time 754 * required to transmit CTS and its SIFS 755 * ACK: 0 if immediately previous directed data/mgmt had 756 * more=0, with more=1 duration in ACK frame is duration 757 * from previous frame minus time needed to transmit ACK 758 * and its SIFS 759 * PS Poll: BIT(15) | BIT(14) | aid 760 */ 761 return 0; 762 } 763 764 /* data/mgmt */ 765 if (0 /* FIX: data/mgmt during CFP */) 766 return 32768; 767 768 if (group_addr) /* Group address as the destination - no ACK */ 769 return 0; 770 771 /* Individual destination address: 772 * IEEE 802.11, Ch. 9.6 (after IEEE 802.11g changes) 773 * CTS and ACK frames shall be transmitted using the highest rate in 774 * basic rate set that is less than or equal to the rate of the 775 * immediately previous frame and that is using the same modulation 776 * (CCK or OFDM). If no basic rate set matches with these requirements, 777 * the highest mandatory rate of the PHY that is less than or equal to 778 * the rate of the previous frame is used. 779 * Mandatory rates for IEEE 802.11g PHY: 1, 2, 5.5, 11, 6, 12, 24 Mbps 780 */ 781 rate = -1; 782 mrate = 10; /* use 1 Mbps if everything fails */ 783 for (i = 0; i < mode->num_rates; i++) { 784 struct ieee80211_rate *r = &mode->rates[i]; 785 if (r->rate > txrate->rate) 786 break; 787 788 if (IEEE80211_RATE_MODULATION(txrate->flags) != 789 IEEE80211_RATE_MODULATION(r->flags)) 790 continue; 791 792 if (r->flags & IEEE80211_RATE_BASIC) 793 rate = r->rate; 794 else if (r->flags & IEEE80211_RATE_MANDATORY) 795 mrate = r->rate; 796 } 797 if (rate == -1) { 798 /* No matching basic rate found; use highest suitable mandatory 799 * PHY rate */ 800 rate = mrate; 801 } 802 803 /* Time needed to transmit ACK 804 * (10 bytes + 4-byte FCS = 112 bits) plus SIFS; rounded up 805 * to closest integer */ 806 807 dur = ieee80211_frame_duration(local, 10, rate, erp, 808 local->short_preamble); 809 810 if (next_frag_len) { 811 /* Frame is fragmented: duration increases with time needed to 812 * transmit next fragment plus ACK and 2 x SIFS. */ 813 dur *= 2; /* ACK + SIFS */ 814 /* next fragment */ 815 dur += ieee80211_frame_duration(local, next_frag_len, 816 txrate->rate, erp, 817 local->short_preamble); 818 } 819 820 return dur; 821} 822 823 824static ieee80211_txrx_result 825ieee80211_tx_h_misc(struct ieee80211_txrx_data *tx) 826{ 827 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) tx->skb->data; 828 u16 dur; 829 struct ieee80211_tx_control *control = tx->u.tx.control; 830 struct ieee80211_hw_mode *mode = tx->u.tx.mode; 831 832 if (!is_multicast_ether_addr(hdr->addr1)) { 833 if (tx->skb->len + FCS_LEN > tx->local->rts_threshold && 834 tx->local->rts_threshold < IEEE80211_MAX_RTS_THRESHOLD) { 835 control->flags |= IEEE80211_TXCTL_USE_RTS_CTS; 836 control->retry_limit = 837 tx->local->long_retry_limit; 838 } else { 839 control->retry_limit = 840 tx->local->short_retry_limit; 841 } 842 } else { 843 control->retry_limit = 1; 844 } 845 846 if (tx->fragmented) { 847 /* Do not use multiple retry rates when sending fragmented 848 * frames. 849 * TODO: The last fragment could still use multiple retry 850 * rates. */ 851 control->alt_retry_rate = -1; 852 } 853 854 /* Use CTS protection for unicast frames sent using extended rates if 855 * there are associated non-ERP stations and RTS/CTS is not configured 856 * for the frame. */ 857 if (mode->mode == MODE_IEEE80211G && 858 (tx->u.tx.rate->flags & IEEE80211_RATE_ERP) && 859 tx->u.tx.unicast && 860 tx->local->cts_protect_erp_frames && 861 !(control->flags & IEEE80211_TXCTL_USE_RTS_CTS)) 862 control->flags |= IEEE80211_TXCTL_USE_CTS_PROTECT; 863 864 /* Setup duration field for the first fragment of the frame. Duration 865 * for remaining fragments will be updated when they are being sent 866 * to low-level driver in ieee80211_tx(). */ 867 dur = ieee80211_duration(tx, is_multicast_ether_addr(hdr->addr1), 868 tx->fragmented ? tx->u.tx.extra_frag[0]->len : 869 0); 870 hdr->duration_id = cpu_to_le16(dur); 871 872 if ((control->flags & IEEE80211_TXCTL_USE_RTS_CTS) || 873 (control->flags & IEEE80211_TXCTL_USE_CTS_PROTECT)) { 874 struct ieee80211_rate *rate; 875 876 /* Do not use multiple retry rates when using RTS/CTS */ 877 control->alt_retry_rate = -1; 878 879 /* Use min(data rate, max base rate) as CTS/RTS rate */ 880 rate = tx->u.tx.rate; 881 while (rate > mode->rates && 882 !(rate->flags & IEEE80211_RATE_BASIC)) 883 rate--; 884 885 control->rts_cts_rate = rate->val; 886 control->rts_rate = rate; 887 } 888 889 if (tx->sta) { 890 tx->sta->tx_packets++; 891 tx->sta->tx_fragments++; 892 tx->sta->tx_bytes += tx->skb->len; 893 if (tx->u.tx.extra_frag) { 894 int i; 895 tx->sta->tx_fragments += tx->u.tx.num_extra_frag; 896 for (i = 0; i < tx->u.tx.num_extra_frag; i++) { 897 tx->sta->tx_bytes += 898 tx->u.tx.extra_frag[i]->len; 899 } 900 } 901 } 902 903 return TXRX_CONTINUE; 904} 905 906 907static ieee80211_txrx_result 908ieee80211_tx_h_check_assoc(struct ieee80211_txrx_data *tx) 909{ 910#ifdef CONFIG_MAC80211_VERBOSE_DEBUG 911 struct sk_buff *skb = tx->skb; 912 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 913#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */ 914 u32 sta_flags; 915 916 if (unlikely(tx->local->sta_scanning != 0) && 917 ((tx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT || 918 (tx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_PROBE_REQ)) 919 return TXRX_DROP; 920 921 if (tx->u.tx.ps_buffered) 922 return TXRX_CONTINUE; 923 924 sta_flags = tx->sta ? tx->sta->flags : 0; 925 926 if (likely(tx->u.tx.unicast)) { 927 if (unlikely(!(sta_flags & WLAN_STA_ASSOC) && 928 tx->sdata->type != IEEE80211_IF_TYPE_IBSS && 929 (tx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA)) { 930#ifdef CONFIG_MAC80211_VERBOSE_DEBUG 931 printk(KERN_DEBUG "%s: dropped data frame to not " 932 "associated station " MAC_FMT "\n", 933 tx->dev->name, MAC_ARG(hdr->addr1)); 934#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */ 935 I802_DEBUG_INC(tx->local->tx_handlers_drop_not_assoc); 936 return TXRX_DROP; 937 } 938 } else { 939 if (unlikely((tx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA && 940 tx->local->num_sta == 0 && 941 !tx->local->allow_broadcast_always && 942 tx->sdata->type != IEEE80211_IF_TYPE_IBSS)) { 943 /* 944 * No associated STAs - no need to send multicast 945 * frames. 946 */ 947 return TXRX_DROP; 948 } 949 return TXRX_CONTINUE; 950 } 951 952 if (unlikely(!tx->u.tx.mgmt_interface && tx->sdata->ieee802_1x && 953 !(sta_flags & WLAN_STA_AUTHORIZED))) { 954#ifdef CONFIG_MAC80211_VERBOSE_DEBUG 955 printk(KERN_DEBUG "%s: dropped frame to " MAC_FMT 956 " (unauthorized port)\n", tx->dev->name, 957 MAC_ARG(hdr->addr1)); 958#endif 959 I802_DEBUG_INC(tx->local->tx_handlers_drop_unauth_port); 960 return TXRX_DROP; 961 } 962 963 return TXRX_CONTINUE; 964} 965 966static ieee80211_txrx_result 967ieee80211_tx_h_sequence(struct ieee80211_txrx_data *tx) 968{ 969 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data; 970 971 if (ieee80211_get_hdrlen(le16_to_cpu(hdr->frame_control)) >= 24) 972 ieee80211_include_sequence(tx->sdata, hdr); 973 974 return TXRX_CONTINUE; 975} 976 977/* This function is called whenever the AP is about to exceed the maximum limit 978 * of buffered frames for power saving STAs. This situation should not really 979 * happen often during normal operation, so dropping the oldest buffered packet 980 * from each queue should be OK to make some room for new frames. */ 981static void purge_old_ps_buffers(struct ieee80211_local *local) 982{ 983 int total = 0, purged = 0; 984 struct sk_buff *skb; 985 struct ieee80211_sub_if_data *sdata; 986 struct sta_info *sta; 987 988 read_lock(&local->sub_if_lock); 989 list_for_each_entry(sdata, &local->sub_if_list, list) { 990 struct ieee80211_if_ap *ap; 991 if (sdata->dev == local->mdev || 992 sdata->type != IEEE80211_IF_TYPE_AP) 993 continue; 994 ap = &sdata->u.ap; 995 skb = skb_dequeue(&ap->ps_bc_buf); 996 if (skb) { 997 purged++; 998 dev_kfree_skb(skb); 999 } 1000 total += skb_queue_len(&ap->ps_bc_buf); 1001 } 1002 read_unlock(&local->sub_if_lock); 1003 1004 spin_lock_bh(&local->sta_lock); 1005 list_for_each_entry(sta, &local->sta_list, list) { 1006 skb = skb_dequeue(&sta->ps_tx_buf); 1007 if (skb) { 1008 purged++; 1009 dev_kfree_skb(skb); 1010 } 1011 total += skb_queue_len(&sta->ps_tx_buf); 1012 } 1013 spin_unlock_bh(&local->sta_lock); 1014 1015 local->total_ps_buffered = total; 1016 printk(KERN_DEBUG "%s: PS buffers full - purged %d frames\n", 1017 local->mdev->name, purged); 1018} 1019 1020 1021static inline ieee80211_txrx_result 1022ieee80211_tx_h_multicast_ps_buf(struct ieee80211_txrx_data *tx) 1023{ 1024 /* broadcast/multicast frame */ 1025 /* If any of the associated stations is in power save mode, 1026 * the frame is buffered to be sent after DTIM beacon frame */ 1027 if ((tx->local->hw.flags & IEEE80211_HW_HOST_BROADCAST_PS_BUFFERING) && 1028 tx->sdata->type != IEEE80211_IF_TYPE_WDS && 1029 tx->sdata->bss && atomic_read(&tx->sdata->bss->num_sta_ps) && 1030 !(tx->fc & IEEE80211_FCTL_ORDER)) { 1031 if (tx->local->total_ps_buffered >= TOTAL_MAX_TX_BUFFER) 1032 purge_old_ps_buffers(tx->local); 1033 if (skb_queue_len(&tx->sdata->bss->ps_bc_buf) >= 1034 AP_MAX_BC_BUFFER) { 1035 if (net_ratelimit()) { 1036 printk(KERN_DEBUG "%s: BC TX buffer full - " 1037 "dropping the oldest frame\n", 1038 tx->dev->name); 1039 } 1040 dev_kfree_skb(skb_dequeue(&tx->sdata->bss->ps_bc_buf)); 1041 } else 1042 tx->local->total_ps_buffered++; 1043 skb_queue_tail(&tx->sdata->bss->ps_bc_buf, tx->skb); 1044 return TXRX_QUEUED; 1045 } 1046 1047 return TXRX_CONTINUE; 1048} 1049 1050 1051static inline ieee80211_txrx_result 1052ieee80211_tx_h_unicast_ps_buf(struct ieee80211_txrx_data *tx) 1053{ 1054 struct sta_info *sta = tx->sta; 1055 1056 if (unlikely(!sta || 1057 ((tx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_MGMT && 1058 (tx->fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_PROBE_RESP))) 1059 return TXRX_CONTINUE; 1060 1061 if (unlikely((sta->flags & WLAN_STA_PS) && !sta->pspoll)) { 1062 struct ieee80211_tx_packet_data *pkt_data; 1063#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG 1064 printk(KERN_DEBUG "STA " MAC_FMT " aid %d: PS buffer (entries " 1065 "before %d)\n", 1066 MAC_ARG(sta->addr), sta->aid, 1067 skb_queue_len(&sta->ps_tx_buf)); 1068#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */ 1069 sta->flags |= WLAN_STA_TIM; 1070 if (tx->local->total_ps_buffered >= TOTAL_MAX_TX_BUFFER) 1071 purge_old_ps_buffers(tx->local); 1072 if (skb_queue_len(&sta->ps_tx_buf) >= STA_MAX_TX_BUFFER) { 1073 struct sk_buff *old = skb_dequeue(&sta->ps_tx_buf); 1074 if (net_ratelimit()) { 1075 printk(KERN_DEBUG "%s: STA " MAC_FMT " TX " 1076 "buffer full - dropping oldest frame\n", 1077 tx->dev->name, MAC_ARG(sta->addr)); 1078 } 1079 dev_kfree_skb(old); 1080 } else 1081 tx->local->total_ps_buffered++; 1082 /* Queue frame to be sent after STA sends an PS Poll frame */ 1083 if (skb_queue_empty(&sta->ps_tx_buf)) { 1084 if (tx->local->ops->set_tim) 1085 tx->local->ops->set_tim(local_to_hw(tx->local), 1086 sta->aid, 1); 1087 if (tx->sdata->bss) 1088 bss_tim_set(tx->local, tx->sdata->bss, sta->aid); 1089 } 1090 pkt_data = (struct ieee80211_tx_packet_data *)tx->skb->cb; 1091 pkt_data->jiffies = jiffies; 1092 skb_queue_tail(&sta->ps_tx_buf, tx->skb); 1093 return TXRX_QUEUED; 1094 } 1095#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG 1096 else if (unlikely(sta->flags & WLAN_STA_PS)) { 1097 printk(KERN_DEBUG "%s: STA " MAC_FMT " in PS mode, but pspoll " 1098 "set -> send frame\n", tx->dev->name, 1099 MAC_ARG(sta->addr)); 1100 } 1101#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */ 1102 sta->pspoll = 0; 1103 1104 return TXRX_CONTINUE; 1105} 1106 1107 1108static ieee80211_txrx_result 1109ieee80211_tx_h_ps_buf(struct ieee80211_txrx_data *tx) 1110{ 1111 if (unlikely(tx->u.tx.ps_buffered)) 1112 return TXRX_CONTINUE; 1113 1114 if (tx->u.tx.unicast) 1115 return ieee80211_tx_h_unicast_ps_buf(tx); 1116 else 1117 return ieee80211_tx_h_multicast_ps_buf(tx); 1118} 1119 1120 1121static void inline 1122__ieee80211_tx_prepare(struct ieee80211_txrx_data *tx, 1123 struct sk_buff *skb, 1124 struct net_device *dev, 1125 struct ieee80211_tx_control *control) 1126{ 1127 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 1128 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 1129 int hdrlen; 1130 1131 memset(tx, 0, sizeof(*tx)); 1132 tx->skb = skb; 1133 tx->dev = dev; /* use original interface */ 1134 tx->local = local; 1135 tx->sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1136 tx->sta = sta_info_get(local, hdr->addr1); 1137 tx->fc = le16_to_cpu(hdr->frame_control); 1138 control->power_level = local->hw.conf.power_level; 1139 tx->u.tx.control = control; 1140 tx->u.tx.unicast = !is_multicast_ether_addr(hdr->addr1); 1141 if (is_multicast_ether_addr(hdr->addr1)) 1142 control->flags |= IEEE80211_TXCTL_NO_ACK; 1143 else 1144 control->flags &= ~IEEE80211_TXCTL_NO_ACK; 1145 tx->fragmented = local->fragmentation_threshold < 1146 IEEE80211_MAX_FRAG_THRESHOLD && tx->u.tx.unicast && 1147 skb->len + FCS_LEN > local->fragmentation_threshold && 1148 (!local->ops->set_frag_threshold); 1149 if (!tx->sta) 1150 control->flags |= IEEE80211_TXCTL_CLEAR_DST_MASK; 1151 else if (tx->sta->clear_dst_mask) { 1152 control->flags |= IEEE80211_TXCTL_CLEAR_DST_MASK; 1153 tx->sta->clear_dst_mask = 0; 1154 } 1155 control->antenna_sel_tx = local->hw.conf.antenna_sel_tx; 1156 if (local->sta_antenna_sel != STA_ANTENNA_SEL_AUTO && tx->sta) 1157 control->antenna_sel_tx = tx->sta->antenna_sel_tx; 1158 hdrlen = ieee80211_get_hdrlen(tx->fc); 1159 if (skb->len > hdrlen + sizeof(rfc1042_header) + 2) { 1160 u8 *pos = &skb->data[hdrlen + sizeof(rfc1042_header)]; 1161 tx->ethertype = (pos[0] << 8) | pos[1]; 1162 } 1163 control->flags |= IEEE80211_TXCTL_FIRST_FRAGMENT; 1164 1165} 1166 1167static int inline is_ieee80211_device(struct net_device *dev, 1168 struct net_device *master) 1169{ 1170 return (wdev_priv(dev->ieee80211_ptr) == 1171 wdev_priv(master->ieee80211_ptr)); 1172} 1173 1174/* Device in tx->dev has a reference added; use dev_put(tx->dev) when 1175 * finished with it. */ 1176static int inline ieee80211_tx_prepare(struct ieee80211_txrx_data *tx, 1177 struct sk_buff *skb, 1178 struct net_device *mdev, 1179 struct ieee80211_tx_control *control) 1180{ 1181 struct ieee80211_tx_packet_data *pkt_data; 1182 struct net_device *dev; 1183 1184 pkt_data = (struct ieee80211_tx_packet_data *)skb->cb; 1185 dev = dev_get_by_index(pkt_data->ifindex); 1186 if (unlikely(dev && !is_ieee80211_device(dev, mdev))) { 1187 dev_put(dev); 1188 dev = NULL; 1189 } 1190 if (unlikely(!dev)) 1191 return -ENODEV; 1192 __ieee80211_tx_prepare(tx, skb, dev, control); 1193 return 0; 1194} 1195 1196static inline int __ieee80211_queue_stopped(const struct ieee80211_local *local, 1197 int queue) 1198{ 1199 return test_bit(IEEE80211_LINK_STATE_XOFF, &local->state[queue]); 1200} 1201 1202static inline int __ieee80211_queue_pending(const struct ieee80211_local *local, 1203 int queue) 1204{ 1205 return test_bit(IEEE80211_LINK_STATE_PENDING, &local->state[queue]); 1206} 1207 1208#define IEEE80211_TX_OK 0 1209#define IEEE80211_TX_AGAIN 1 1210#define IEEE80211_TX_FRAG_AGAIN 2 1211 1212static int __ieee80211_tx(struct ieee80211_local *local, struct sk_buff *skb, 1213 struct ieee80211_txrx_data *tx) 1214{ 1215 struct ieee80211_tx_control *control = tx->u.tx.control; 1216 int ret, i; 1217 1218 if (!ieee80211_qdisc_installed(local->mdev) && 1219 __ieee80211_queue_stopped(local, 0)) { 1220 netif_stop_queue(local->mdev); 1221 return IEEE80211_TX_AGAIN; 1222 } 1223 if (skb) { 1224 ieee80211_dump_frame(local->mdev->name, "TX to low-level driver", skb); 1225 ret = local->ops->tx(local_to_hw(local), skb, control); 1226 if (ret) 1227 return IEEE80211_TX_AGAIN; 1228 local->mdev->trans_start = jiffies; 1229 ieee80211_led_tx(local, 1); 1230 } 1231 if (tx->u.tx.extra_frag) { 1232 control->flags &= ~(IEEE80211_TXCTL_USE_RTS_CTS | 1233 IEEE80211_TXCTL_USE_CTS_PROTECT | 1234 IEEE80211_TXCTL_CLEAR_DST_MASK | 1235 IEEE80211_TXCTL_FIRST_FRAGMENT); 1236 for (i = 0; i < tx->u.tx.num_extra_frag; i++) { 1237 if (!tx->u.tx.extra_frag[i]) 1238 continue; 1239 if (__ieee80211_queue_stopped(local, control->queue)) 1240 return IEEE80211_TX_FRAG_AGAIN; 1241 if (i == tx->u.tx.num_extra_frag) { 1242 control->tx_rate = tx->u.tx.last_frag_hwrate; 1243 control->rate = tx->u.tx.last_frag_rate; 1244 if (tx->u.tx.probe_last_frag) 1245 control->flags |= 1246 IEEE80211_TXCTL_RATE_CTRL_PROBE; 1247 else 1248 control->flags &= 1249 ~IEEE80211_TXCTL_RATE_CTRL_PROBE; 1250 } 1251 1252 ieee80211_dump_frame(local->mdev->name, 1253 "TX to low-level driver", 1254 tx->u.tx.extra_frag[i]); 1255 ret = local->ops->tx(local_to_hw(local), 1256 tx->u.tx.extra_frag[i], 1257 control); 1258 if (ret) 1259 return IEEE80211_TX_FRAG_AGAIN; 1260 local->mdev->trans_start = jiffies; 1261 ieee80211_led_tx(local, 1); 1262 tx->u.tx.extra_frag[i] = NULL; 1263 } 1264 kfree(tx->u.tx.extra_frag); 1265 tx->u.tx.extra_frag = NULL; 1266 } 1267 return IEEE80211_TX_OK; 1268} 1269 1270static int ieee80211_tx(struct net_device *dev, struct sk_buff *skb, 1271 struct ieee80211_tx_control *control, int mgmt) 1272{ 1273 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 1274 struct sta_info *sta; 1275 ieee80211_tx_handler *handler; 1276 struct ieee80211_txrx_data tx; 1277 ieee80211_txrx_result res = TXRX_DROP; 1278 int ret, i; 1279 1280 WARN_ON(__ieee80211_queue_pending(local, control->queue)); 1281 1282 if (unlikely(skb->len < 10)) { 1283 dev_kfree_skb(skb); 1284 return 0; 1285 } 1286 1287 __ieee80211_tx_prepare(&tx, skb, dev, control); 1288 sta = tx.sta; 1289 tx.u.tx.mgmt_interface = mgmt; 1290 tx.u.tx.mode = local->hw.conf.mode; 1291 1292 for (handler = local->tx_handlers; *handler != NULL; handler++) { 1293 res = (*handler)(&tx); 1294 if (res != TXRX_CONTINUE) 1295 break; 1296 } 1297 1298 skb = tx.skb; /* handlers are allowed to change skb */ 1299 1300 if (sta) 1301 sta_info_put(sta); 1302 1303 if (unlikely(res == TXRX_DROP)) { 1304 I802_DEBUG_INC(local->tx_handlers_drop); 1305 goto drop; 1306 } 1307 1308 if (unlikely(res == TXRX_QUEUED)) { 1309 I802_DEBUG_INC(local->tx_handlers_queued); 1310 return 0; 1311 } 1312 1313 if (tx.u.tx.extra_frag) { 1314 for (i = 0; i < tx.u.tx.num_extra_frag; i++) { 1315 int next_len, dur; 1316 struct ieee80211_hdr *hdr = 1317 (struct ieee80211_hdr *) 1318 tx.u.tx.extra_frag[i]->data; 1319 1320 if (i + 1 < tx.u.tx.num_extra_frag) { 1321 next_len = tx.u.tx.extra_frag[i + 1]->len; 1322 } else { 1323 next_len = 0; 1324 tx.u.tx.rate = tx.u.tx.last_frag_rate; 1325 tx.u.tx.last_frag_hwrate = tx.u.tx.rate->val; 1326 } 1327 dur = ieee80211_duration(&tx, 0, next_len); 1328 hdr->duration_id = cpu_to_le16(dur); 1329 } 1330 } 1331 1332retry: 1333 ret = __ieee80211_tx(local, skb, &tx); 1334 if (ret) { 1335 struct ieee80211_tx_stored_packet *store = 1336 &local->pending_packet[control->queue]; 1337 1338 if (ret == IEEE80211_TX_FRAG_AGAIN) 1339 skb = NULL; 1340 set_bit(IEEE80211_LINK_STATE_PENDING, 1341 &local->state[control->queue]); 1342 smp_mb(); 1343 /* When the driver gets out of buffers during sending of 1344 * fragments and calls ieee80211_stop_queue, there is 1345 * a small window between IEEE80211_LINK_STATE_XOFF and 1346 * IEEE80211_LINK_STATE_PENDING flags are set. If a buffer 1347 * gets available in that window (i.e. driver calls 1348 * ieee80211_wake_queue), we would end up with ieee80211_tx 1349 * called with IEEE80211_LINK_STATE_PENDING. Prevent this by 1350 * continuing transmitting here when that situation is 1351 * possible to have happened. */ 1352 if (!__ieee80211_queue_stopped(local, control->queue)) { 1353 clear_bit(IEEE80211_LINK_STATE_PENDING, 1354 &local->state[control->queue]); 1355 goto retry; 1356 } 1357 memcpy(&store->control, control, 1358 sizeof(struct ieee80211_tx_control)); 1359 store->skb = skb; 1360 store->extra_frag = tx.u.tx.extra_frag; 1361 store->num_extra_frag = tx.u.tx.num_extra_frag; 1362 store->last_frag_hwrate = tx.u.tx.last_frag_hwrate; 1363 store->last_frag_rate = tx.u.tx.last_frag_rate; 1364 store->last_frag_rate_ctrl_probe = tx.u.tx.probe_last_frag; 1365 } 1366 return 0; 1367 1368 drop: 1369 if (skb) 1370 dev_kfree_skb(skb); 1371 for (i = 0; i < tx.u.tx.num_extra_frag; i++) 1372 if (tx.u.tx.extra_frag[i]) 1373 dev_kfree_skb(tx.u.tx.extra_frag[i]); 1374 kfree(tx.u.tx.extra_frag); 1375 return 0; 1376} 1377 1378static void ieee80211_tx_pending(unsigned long data) 1379{ 1380 struct ieee80211_local *local = (struct ieee80211_local *)data; 1381 struct net_device *dev = local->mdev; 1382 struct ieee80211_tx_stored_packet *store; 1383 struct ieee80211_txrx_data tx; 1384 int i, ret, reschedule = 0; 1385 1386 netif_tx_lock_bh(dev); 1387 for (i = 0; i < local->hw.queues; i++) { 1388 if (__ieee80211_queue_stopped(local, i)) 1389 continue; 1390 if (!__ieee80211_queue_pending(local, i)) { 1391 reschedule = 1; 1392 continue; 1393 } 1394 store = &local->pending_packet[i]; 1395 tx.u.tx.control = &store->control; 1396 tx.u.tx.extra_frag = store->extra_frag; 1397 tx.u.tx.num_extra_frag = store->num_extra_frag; 1398 tx.u.tx.last_frag_hwrate = store->last_frag_hwrate; 1399 tx.u.tx.last_frag_rate = store->last_frag_rate; 1400 tx.u.tx.probe_last_frag = store->last_frag_rate_ctrl_probe; 1401 ret = __ieee80211_tx(local, store->skb, &tx); 1402 if (ret) { 1403 if (ret == IEEE80211_TX_FRAG_AGAIN) 1404 store->skb = NULL; 1405 } else { 1406 clear_bit(IEEE80211_LINK_STATE_PENDING, 1407 &local->state[i]); 1408 reschedule = 1; 1409 } 1410 } 1411 netif_tx_unlock_bh(dev); 1412 if (reschedule) { 1413 if (!ieee80211_qdisc_installed(dev)) { 1414 if (!__ieee80211_queue_stopped(local, 0)) 1415 netif_wake_queue(dev); 1416 } else 1417 netif_schedule(dev); 1418 } 1419} 1420 1421static void ieee80211_clear_tx_pending(struct ieee80211_local *local) 1422{ 1423 int i, j; 1424 struct ieee80211_tx_stored_packet *store; 1425 1426 for (i = 0; i < local->hw.queues; i++) { 1427 if (!__ieee80211_queue_pending(local, i)) 1428 continue; 1429 store = &local->pending_packet[i]; 1430 kfree_skb(store->skb); 1431 for (j = 0; j < store->num_extra_frag; j++) 1432 kfree_skb(store->extra_frag[j]); 1433 kfree(store->extra_frag); 1434 clear_bit(IEEE80211_LINK_STATE_PENDING, &local->state[i]); 1435 } 1436} 1437 1438static int ieee80211_master_start_xmit(struct sk_buff *skb, 1439 struct net_device *dev) 1440{ 1441 struct ieee80211_tx_control control; 1442 struct ieee80211_tx_packet_data *pkt_data; 1443 struct net_device *odev = NULL; 1444 struct ieee80211_sub_if_data *osdata; 1445 int headroom; 1446 int ret; 1447 1448 /* 1449 * copy control out of the skb so other people can use skb->cb 1450 */ 1451 pkt_data = (struct ieee80211_tx_packet_data *)skb->cb; 1452 memset(&control, 0, sizeof(struct ieee80211_tx_control)); 1453 1454 if (pkt_data->ifindex) 1455 odev = dev_get_by_index(pkt_data->ifindex); 1456 if (unlikely(odev && !is_ieee80211_device(odev, dev))) { 1457 dev_put(odev); 1458 odev = NULL; 1459 } 1460 if (unlikely(!odev)) { 1461#ifdef CONFIG_MAC80211_VERBOSE_DEBUG 1462 printk(KERN_DEBUG "%s: Discarded packet with nonexistent " 1463 "originating device\n", dev->name); 1464#endif 1465 dev_kfree_skb(skb); 1466 return 0; 1467 } 1468 osdata = IEEE80211_DEV_TO_SUB_IF(odev); 1469 1470 headroom = osdata->local->hw.extra_tx_headroom + 1471 IEEE80211_ENCRYPT_HEADROOM; 1472 if (skb_headroom(skb) < headroom) { 1473 if (pskb_expand_head(skb, headroom, 0, GFP_ATOMIC)) { 1474 dev_kfree_skb(skb); 1475 return 0; 1476 } 1477 } 1478 1479 control.ifindex = odev->ifindex; 1480 control.type = osdata->type; 1481 if (pkt_data->req_tx_status) 1482 control.flags |= IEEE80211_TXCTL_REQ_TX_STATUS; 1483 if (pkt_data->do_not_encrypt) 1484 control.flags |= IEEE80211_TXCTL_DO_NOT_ENCRYPT; 1485 if (pkt_data->requeue) 1486 control.flags |= IEEE80211_TXCTL_REQUEUE; 1487 control.queue = pkt_data->queue; 1488 1489 ret = ieee80211_tx(odev, skb, &control, 1490 control.type == IEEE80211_IF_TYPE_MGMT); 1491 dev_put(odev); 1492 1493 return ret; 1494} 1495 1496 1497/** 1498 * ieee80211_subif_start_xmit - netif start_xmit function for Ethernet-type 1499 * subinterfaces (wlan#, WDS, and VLAN interfaces) 1500 * @skb: packet to be sent 1501 * @dev: incoming interface 1502 * 1503 * Returns: 0 on success (and frees skb in this case) or 1 on failure (skb will 1504 * not be freed, and caller is responsible for either retrying later or freeing 1505 * skb). 1506 * 1507 * This function takes in an Ethernet header and encapsulates it with suitable 1508 * IEEE 802.11 header based on which interface the packet is coming in. The 1509 * encapsulated packet will then be passed to master interface, wlan#.11, for 1510 * transmission (through low-level driver). 1511 */ 1512static int ieee80211_subif_start_xmit(struct sk_buff *skb, 1513 struct net_device *dev) 1514{ 1515 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 1516 struct ieee80211_tx_packet_data *pkt_data; 1517 struct ieee80211_sub_if_data *sdata; 1518 int ret = 1, head_need; 1519 u16 ethertype, hdrlen, fc; 1520 struct ieee80211_hdr hdr; 1521 const u8 *encaps_data; 1522 int encaps_len, skip_header_bytes; 1523 int nh_pos, h_pos, no_encrypt = 0; 1524 struct sta_info *sta; 1525 1526 sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1527 if (unlikely(skb->len < ETH_HLEN)) { 1528 printk(KERN_DEBUG "%s: short skb (len=%d)\n", 1529 dev->name, skb->len); 1530 ret = 0; 1531 goto fail; 1532 } 1533 1534 nh_pos = skb_network_header(skb) - skb->data; 1535 h_pos = skb_transport_header(skb) - skb->data; 1536 1537 /* convert Ethernet header to proper 802.11 header (based on 1538 * operation mode) */ 1539 ethertype = (skb->data[12] << 8) | skb->data[13]; 1540 /* TODO: handling for 802.1x authorized/unauthorized port */ 1541 fc = IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA; 1542 1543 if (likely(sdata->type == IEEE80211_IF_TYPE_AP || 1544 sdata->type == IEEE80211_IF_TYPE_VLAN)) { 1545 fc |= IEEE80211_FCTL_FROMDS; 1546 /* DA BSSID SA */ 1547 memcpy(hdr.addr1, skb->data, ETH_ALEN); 1548 memcpy(hdr.addr2, dev->dev_addr, ETH_ALEN); 1549 memcpy(hdr.addr3, skb->data + ETH_ALEN, ETH_ALEN); 1550 hdrlen = 24; 1551 } else if (sdata->type == IEEE80211_IF_TYPE_WDS) { 1552 fc |= IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS; 1553 /* RA TA DA SA */ 1554 memcpy(hdr.addr1, sdata->u.wds.remote_addr, ETH_ALEN); 1555 memcpy(hdr.addr2, dev->dev_addr, ETH_ALEN); 1556 memcpy(hdr.addr3, skb->data, ETH_ALEN); 1557 memcpy(hdr.addr4, skb->data + ETH_ALEN, ETH_ALEN); 1558 hdrlen = 30; 1559 } else if (sdata->type == IEEE80211_IF_TYPE_STA) { 1560 fc |= IEEE80211_FCTL_TODS; 1561 /* BSSID SA DA */ 1562 memcpy(hdr.addr1, sdata->u.sta.bssid, ETH_ALEN); 1563 memcpy(hdr.addr2, skb->data + ETH_ALEN, ETH_ALEN); 1564 memcpy(hdr.addr3, skb->data, ETH_ALEN); 1565 hdrlen = 24; 1566 } else if (sdata->type == IEEE80211_IF_TYPE_IBSS) { 1567 /* DA SA BSSID */ 1568 memcpy(hdr.addr1, skb->data, ETH_ALEN); 1569 memcpy(hdr.addr2, skb->data + ETH_ALEN, ETH_ALEN); 1570 memcpy(hdr.addr3, sdata->u.sta.bssid, ETH_ALEN); 1571 hdrlen = 24; 1572 } else { 1573 ret = 0; 1574 goto fail; 1575 } 1576 1577 /* receiver is QoS enabled, use a QoS type frame */ 1578 sta = sta_info_get(local, hdr.addr1); 1579 if (sta) { 1580 if (sta->flags & WLAN_STA_WME) { 1581 fc |= IEEE80211_STYPE_QOS_DATA; 1582 hdrlen += 2; 1583 } 1584 sta_info_put(sta); 1585 } 1586 1587 hdr.frame_control = cpu_to_le16(fc); 1588 hdr.duration_id = 0; 1589 hdr.seq_ctrl = 0; 1590 1591 skip_header_bytes = ETH_HLEN; 1592 if (ethertype == ETH_P_AARP || ethertype == ETH_P_IPX) { 1593 encaps_data = bridge_tunnel_header; 1594 encaps_len = sizeof(bridge_tunnel_header); 1595 skip_header_bytes -= 2; 1596 } else if (ethertype >= 0x600) { 1597 encaps_data = rfc1042_header; 1598 encaps_len = sizeof(rfc1042_header); 1599 skip_header_bytes -= 2; 1600 } else { 1601 encaps_data = NULL; 1602 encaps_len = 0; 1603 } 1604 1605 skb_pull(skb, skip_header_bytes); 1606 nh_pos -= skip_header_bytes; 1607 h_pos -= skip_header_bytes; 1608 1609 /* TODO: implement support for fragments so that there is no need to 1610 * reallocate and copy payload; it might be enough to support one 1611 * extra fragment that would be copied in the beginning of the frame 1612 * data.. anyway, it would be nice to include this into skb structure 1613 * somehow 1614 * 1615 * There are few options for this: 1616 * use skb->cb as an extra space for 802.11 header 1617 * allocate new buffer if not enough headroom 1618 * make sure that there is enough headroom in every skb by increasing 1619 * build in headroom in __dev_alloc_skb() (linux/skbuff.h) and 1620 * alloc_skb() (net/core/skbuff.c) 1621 */ 1622 head_need = hdrlen + encaps_len + local->hw.extra_tx_headroom; 1623 head_need -= skb_headroom(skb); 1624 1625 /* We are going to modify skb data, so make a copy of it if happens to 1626 * be cloned. This could happen, e.g., with Linux bridge code passing 1627 * us broadcast frames. */ 1628 1629 if (head_need > 0 || skb_cloned(skb)) { 1630 1631 if (skb_cloned(skb)) 1632 I802_DEBUG_INC(local->tx_expand_skb_head_cloned); 1633 else 1634 I802_DEBUG_INC(local->tx_expand_skb_head); 1635 /* Since we have to reallocate the buffer, make sure that there 1636 * is enough room for possible WEP IV/ICV and TKIP (8 bytes 1637 * before payload and 12 after). */ 1638 if (pskb_expand_head(skb, (head_need > 0 ? head_need + 8 : 8), 1639 12, GFP_ATOMIC)) { 1640 printk(KERN_DEBUG "%s: failed to reallocate TX buffer" 1641 "\n", dev->name); 1642 goto fail; 1643 } 1644 } 1645 1646 if (encaps_data) { 1647 memcpy(skb_push(skb, encaps_len), encaps_data, encaps_len); 1648 nh_pos += encaps_len; 1649 h_pos += encaps_len; 1650 } 1651 memcpy(skb_push(skb, hdrlen), &hdr, hdrlen); 1652 nh_pos += hdrlen; 1653 h_pos += hdrlen; 1654 1655 pkt_data = (struct ieee80211_tx_packet_data *)skb->cb; 1656 memset(pkt_data, 0, sizeof(struct ieee80211_tx_packet_data)); 1657 pkt_data->ifindex = sdata->dev->ifindex; 1658 pkt_data->mgmt_iface = (sdata->type == IEEE80211_IF_TYPE_MGMT); 1659 pkt_data->do_not_encrypt = no_encrypt; 1660 1661 skb->dev = local->mdev; 1662 sdata->stats.tx_packets++; 1663 sdata->stats.tx_bytes += skb->len; 1664 1665 /* Update skb pointers to various headers since this modified frame 1666 * is going to go through Linux networking code that may potentially 1667 * need things like pointer to IP header. */ 1668 skb_set_mac_header(skb, 0); 1669 skb_set_network_header(skb, nh_pos); 1670 skb_set_transport_header(skb, h_pos); 1671 1672 dev->trans_start = jiffies; 1673 dev_queue_xmit(skb); 1674 1675 return 0; 1676 1677 fail: 1678 if (!ret) 1679 dev_kfree_skb(skb); 1680 1681 return ret; 1682} 1683 1684 1685/* 1686 * This is the transmit routine for the 802.11 type interfaces 1687 * called by upper layers of the linux networking 1688 * stack when it has a frame to transmit 1689 */ 1690static int 1691ieee80211_mgmt_start_xmit(struct sk_buff *skb, struct net_device *dev) 1692{ 1693 struct ieee80211_sub_if_data *sdata; 1694 struct ieee80211_tx_packet_data *pkt_data; 1695 struct ieee80211_hdr *hdr; 1696 u16 fc; 1697 1698 sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1699 1700 if (skb->len < 10) { 1701 dev_kfree_skb(skb); 1702 return 0; 1703 } 1704 1705 if (skb_headroom(skb) < sdata->local->hw.extra_tx_headroom) { 1706 if (pskb_expand_head(skb, 1707 sdata->local->hw.extra_tx_headroom, 0, GFP_ATOMIC)) { 1708 dev_kfree_skb(skb); 1709 return 0; 1710 } 1711 } 1712 1713 hdr = (struct ieee80211_hdr *) skb->data; 1714 fc = le16_to_cpu(hdr->frame_control); 1715 1716 pkt_data = (struct ieee80211_tx_packet_data *) skb->cb; 1717 memset(pkt_data, 0, sizeof(struct ieee80211_tx_packet_data)); 1718 pkt_data->ifindex = sdata->dev->ifindex; 1719 pkt_data->mgmt_iface = (sdata->type == IEEE80211_IF_TYPE_MGMT); 1720 1721 skb->priority = 20; /* use hardcoded priority for mgmt TX queue */ 1722 skb->dev = sdata->local->mdev; 1723 1724 /* 1725 * We're using the protocol field of the the frame control header 1726 * to request TX callback for hostapd. BIT(1) is checked. 1727 */ 1728 if ((fc & BIT(1)) == BIT(1)) { 1729 pkt_data->req_tx_status = 1; 1730 fc &= ~BIT(1); 1731 hdr->frame_control = cpu_to_le16(fc); 1732 } 1733 1734 pkt_data->do_not_encrypt = !(fc & IEEE80211_FCTL_PROTECTED); 1735 1736 sdata->stats.tx_packets++; 1737 sdata->stats.tx_bytes += skb->len; 1738 1739 dev_queue_xmit(skb); 1740 1741 return 0; 1742} 1743 1744 1745static void ieee80211_beacon_add_tim(struct ieee80211_local *local, 1746 struct ieee80211_if_ap *bss, 1747 struct sk_buff *skb) 1748{ 1749 u8 *pos, *tim; 1750 int aid0 = 0; 1751 int i, have_bits = 0, n1, n2; 1752 1753 /* Generate bitmap for TIM only if there are any STAs in power save 1754 * mode. */ 1755 spin_lock_bh(&local->sta_lock); 1756 if (atomic_read(&bss->num_sta_ps) > 0) 1757 /* in the hope that this is faster than 1758 * checking byte-for-byte */ 1759 have_bits = !bitmap_empty((unsigned long*)bss->tim, 1760 IEEE80211_MAX_AID+1); 1761 1762 if (bss->dtim_count == 0) 1763 bss->dtim_count = bss->dtim_period - 1; 1764 else 1765 bss->dtim_count--; 1766 1767 tim = pos = (u8 *) skb_put(skb, 6); 1768 *pos++ = WLAN_EID_TIM; 1769 *pos++ = 4; 1770 *pos++ = bss->dtim_count; 1771 *pos++ = bss->dtim_period; 1772 1773 if (bss->dtim_count == 0 && !skb_queue_empty(&bss->ps_bc_buf)) 1774 aid0 = 1; 1775 1776 if (have_bits) { 1777 /* Find largest even number N1 so that bits numbered 1 through 1778 * (N1 x 8) - 1 in the bitmap are 0 and number N2 so that bits 1779 * (N2 + 1) x 8 through 2007 are 0. */ 1780 n1 = 0; 1781 for (i = 0; i < IEEE80211_MAX_TIM_LEN; i++) { 1782 if (bss->tim[i]) { 1783 n1 = i & 0xfe; 1784 break; 1785 } 1786 } 1787 n2 = n1; 1788 for (i = IEEE80211_MAX_TIM_LEN - 1; i >= n1; i--) { 1789 if (bss->tim[i]) { 1790 n2 = i; 1791 break; 1792 } 1793 } 1794 1795 /* Bitmap control */ 1796 *pos++ = n1 | aid0; 1797 /* Part Virt Bitmap */ 1798 memcpy(pos, bss->tim + n1, n2 - n1 + 1); 1799 1800 tim[1] = n2 - n1 + 4; 1801 skb_put(skb, n2 - n1); 1802 } else { 1803 *pos++ = aid0; /* Bitmap control */ 1804 *pos++ = 0; /* Part Virt Bitmap */ 1805 } 1806 spin_unlock_bh(&local->sta_lock); 1807} 1808 1809 1810struct sk_buff * ieee80211_beacon_get(struct ieee80211_hw *hw, int if_id, 1811 struct ieee80211_tx_control *control) 1812{ 1813 struct ieee80211_local *local = hw_to_local(hw); 1814 struct sk_buff *skb; 1815 struct net_device *bdev; 1816 struct ieee80211_sub_if_data *sdata = NULL; 1817 struct ieee80211_if_ap *ap = NULL; 1818 struct ieee80211_rate *rate; 1819 struct rate_control_extra extra; 1820 u8 *b_head, *b_tail; 1821 int bh_len, bt_len; 1822 1823 bdev = dev_get_by_index(if_id); 1824 if (bdev) { 1825 sdata = IEEE80211_DEV_TO_SUB_IF(bdev); 1826 ap = &sdata->u.ap; 1827 dev_put(bdev); 1828 } 1829 1830 if (!ap || sdata->type != IEEE80211_IF_TYPE_AP || 1831 !ap->beacon_head) { 1832#ifdef CONFIG_MAC80211_VERBOSE_DEBUG 1833 if (net_ratelimit()) 1834 printk(KERN_DEBUG "no beacon data avail for idx=%d " 1835 "(%s)\n", if_id, bdev ? bdev->name : "N/A"); 1836#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */ 1837 return NULL; 1838 } 1839 1840 /* Assume we are generating the normal beacon locally */ 1841 b_head = ap->beacon_head; 1842 b_tail = ap->beacon_tail; 1843 bh_len = ap->beacon_head_len; 1844 bt_len = ap->beacon_tail_len; 1845 1846 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 1847 bh_len + bt_len + 256 /* maximum TIM len */); 1848 if (!skb) 1849 return NULL; 1850 1851 skb_reserve(skb, local->hw.extra_tx_headroom); 1852 memcpy(skb_put(skb, bh_len), b_head, bh_len); 1853 1854 ieee80211_include_sequence(sdata, (struct ieee80211_hdr *)skb->data); 1855 1856 ieee80211_beacon_add_tim(local, ap, skb); 1857 1858 if (b_tail) { 1859 memcpy(skb_put(skb, bt_len), b_tail, bt_len); 1860 } 1861 1862 if (control) { 1863 memset(&extra, 0, sizeof(extra)); 1864 extra.mode = local->oper_hw_mode; 1865 1866 rate = rate_control_get_rate(local, local->mdev, skb, &extra); 1867 if (!rate) { 1868 if (net_ratelimit()) { 1869 printk(KERN_DEBUG "%s: ieee80211_beacon_get: no rate " 1870 "found\n", local->mdev->name); 1871 } 1872 dev_kfree_skb(skb); 1873 return NULL; 1874 } 1875 1876 control->tx_rate = (local->short_preamble && 1877 (rate->flags & IEEE80211_RATE_PREAMBLE2)) ? 1878 rate->val2 : rate->val; 1879 control->antenna_sel_tx = local->hw.conf.antenna_sel_tx; 1880 control->power_level = local->hw.conf.power_level; 1881 control->flags |= IEEE80211_TXCTL_NO_ACK; 1882 control->retry_limit = 1; 1883 control->flags |= IEEE80211_TXCTL_CLEAR_DST_MASK; 1884 } 1885 1886 ap->num_beacons++; 1887 return skb; 1888} 1889EXPORT_SYMBOL(ieee80211_beacon_get); 1890 1891__le16 ieee80211_rts_duration(struct ieee80211_hw *hw, 1892 size_t frame_len, 1893 const struct ieee80211_tx_control *frame_txctl) 1894{ 1895 struct ieee80211_local *local = hw_to_local(hw); 1896 struct ieee80211_rate *rate; 1897 int short_preamble = local->short_preamble; 1898 int erp; 1899 u16 dur; 1900 1901 rate = frame_txctl->rts_rate; 1902 erp = !!(rate->flags & IEEE80211_RATE_ERP); 1903 1904 /* CTS duration */ 1905 dur = ieee80211_frame_duration(local, 10, rate->rate, 1906 erp, short_preamble); 1907 /* Data frame duration */ 1908 dur += ieee80211_frame_duration(local, frame_len, rate->rate, 1909 erp, short_preamble); 1910 /* ACK duration */ 1911 dur += ieee80211_frame_duration(local, 10, rate->rate, 1912 erp, short_preamble); 1913 1914 return cpu_to_le16(dur); 1915} 1916EXPORT_SYMBOL(ieee80211_rts_duration); 1917 1918 1919__le16 ieee80211_ctstoself_duration(struct ieee80211_hw *hw, 1920 size_t frame_len, 1921 const struct ieee80211_tx_control *frame_txctl) 1922{ 1923 struct ieee80211_local *local = hw_to_local(hw); 1924 struct ieee80211_rate *rate; 1925 int short_preamble = local->short_preamble; 1926 int erp; 1927 u16 dur; 1928 1929 rate = frame_txctl->rts_rate; 1930 erp = !!(rate->flags & IEEE80211_RATE_ERP); 1931 1932 /* Data frame duration */ 1933 dur = ieee80211_frame_duration(local, frame_len, rate->rate, 1934 erp, short_preamble); 1935 if (!(frame_txctl->flags & IEEE80211_TXCTL_NO_ACK)) { 1936 /* ACK duration */ 1937 dur += ieee80211_frame_duration(local, 10, rate->rate, 1938 erp, short_preamble); 1939 } 1940 1941 return cpu_to_le16(dur); 1942} 1943EXPORT_SYMBOL(ieee80211_ctstoself_duration); 1944 1945void ieee80211_rts_get(struct ieee80211_hw *hw, 1946 const void *frame, size_t frame_len, 1947 const struct ieee80211_tx_control *frame_txctl, 1948 struct ieee80211_rts *rts) 1949{ 1950 const struct ieee80211_hdr *hdr = frame; 1951 u16 fctl; 1952 1953 fctl = IEEE80211_FTYPE_CTL | IEEE80211_STYPE_RTS; 1954 rts->frame_control = cpu_to_le16(fctl); 1955 rts->duration = ieee80211_rts_duration(hw, frame_len, frame_txctl); 1956 memcpy(rts->ra, hdr->addr1, sizeof(rts->ra)); 1957 memcpy(rts->ta, hdr->addr2, sizeof(rts->ta)); 1958} 1959EXPORT_SYMBOL(ieee80211_rts_get); 1960 1961void ieee80211_ctstoself_get(struct ieee80211_hw *hw, 1962 const void *frame, size_t frame_len, 1963 const struct ieee80211_tx_control *frame_txctl, 1964 struct ieee80211_cts *cts) 1965{ 1966 const struct ieee80211_hdr *hdr = frame; 1967 u16 fctl; 1968 1969 fctl = IEEE80211_FTYPE_CTL | IEEE80211_STYPE_CTS; 1970 cts->frame_control = cpu_to_le16(fctl); 1971 cts->duration = ieee80211_ctstoself_duration(hw, frame_len, frame_txctl); 1972 memcpy(cts->ra, hdr->addr1, sizeof(cts->ra)); 1973} 1974EXPORT_SYMBOL(ieee80211_ctstoself_get); 1975 1976struct sk_buff * 1977ieee80211_get_buffered_bc(struct ieee80211_hw *hw, int if_id, 1978 struct ieee80211_tx_control *control) 1979{ 1980 struct ieee80211_local *local = hw_to_local(hw); 1981 struct sk_buff *skb; 1982 struct sta_info *sta; 1983 ieee80211_tx_handler *handler; 1984 struct ieee80211_txrx_data tx; 1985 ieee80211_txrx_result res = TXRX_DROP; 1986 struct net_device *bdev; 1987 struct ieee80211_sub_if_data *sdata; 1988 struct ieee80211_if_ap *bss = NULL; 1989 1990 bdev = dev_get_by_index(if_id); 1991 if (bdev) { 1992 sdata = IEEE80211_DEV_TO_SUB_IF(bdev); 1993 bss = &sdata->u.ap; 1994 dev_put(bdev); 1995 } 1996 if (!bss || sdata->type != IEEE80211_IF_TYPE_AP || !bss->beacon_head) 1997 return NULL; 1998 1999 if (bss->dtim_count != 0) 2000 return NULL; /* send buffered bc/mc only after DTIM beacon */ 2001 memset(control, 0, sizeof(*control)); 2002 while (1) { 2003 skb = skb_dequeue(&bss->ps_bc_buf); 2004 if (!skb) 2005 return NULL; 2006 local->total_ps_buffered--; 2007 2008 if (!skb_queue_empty(&bss->ps_bc_buf) && skb->len >= 2) { 2009 struct ieee80211_hdr *hdr = 2010 (struct ieee80211_hdr *) skb->data; 2011 /* more buffered multicast/broadcast frames ==> set 2012 * MoreData flag in IEEE 802.11 header to inform PS 2013 * STAs */ 2014 hdr->frame_control |= 2015 cpu_to_le16(IEEE80211_FCTL_MOREDATA); 2016 } 2017 2018 if (ieee80211_tx_prepare(&tx, skb, local->mdev, control) == 0) 2019 break; 2020 dev_kfree_skb_any(skb); 2021 } 2022 sta = tx.sta; 2023 tx.u.tx.ps_buffered = 1; 2024 2025 for (handler = local->tx_handlers; *handler != NULL; handler++) { 2026 res = (*handler)(&tx); 2027 if (res == TXRX_DROP || res == TXRX_QUEUED) 2028 break; 2029 } 2030 dev_put(tx.dev); 2031 skb = tx.skb; /* handlers are allowed to change skb */ 2032 2033 if (res == TXRX_DROP) { 2034 I802_DEBUG_INC(local->tx_handlers_drop); 2035 dev_kfree_skb(skb); 2036 skb = NULL; 2037 } else if (res == TXRX_QUEUED) { 2038 I802_DEBUG_INC(local->tx_handlers_queued); 2039 skb = NULL; 2040 } 2041 2042 if (sta) 2043 sta_info_put(sta); 2044 2045 return skb; 2046} 2047EXPORT_SYMBOL(ieee80211_get_buffered_bc); 2048 2049static int __ieee80211_if_config(struct net_device *dev, 2050 struct sk_buff *beacon, 2051 struct ieee80211_tx_control *control) 2052{ 2053 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 2054 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 2055 struct ieee80211_if_conf conf; 2056 static u8 scan_bssid[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 2057 2058 if (!local->ops->config_interface || !netif_running(dev)) 2059 return 0; 2060 2061 memset(&conf, 0, sizeof(conf)); 2062 conf.type = sdata->type; 2063 if (sdata->type == IEEE80211_IF_TYPE_STA || 2064 sdata->type == IEEE80211_IF_TYPE_IBSS) { 2065 if (local->sta_scanning && 2066 local->scan_dev == dev) 2067 conf.bssid = scan_bssid; 2068 else 2069 conf.bssid = sdata->u.sta.bssid; 2070 conf.ssid = sdata->u.sta.ssid; 2071 conf.ssid_len = sdata->u.sta.ssid_len; 2072 conf.generic_elem = sdata->u.sta.extra_ie; 2073 conf.generic_elem_len = sdata->u.sta.extra_ie_len; 2074 } else if (sdata->type == IEEE80211_IF_TYPE_AP) { 2075 conf.ssid = sdata->u.ap.ssid; 2076 conf.ssid_len = sdata->u.ap.ssid_len; 2077 conf.generic_elem = sdata->u.ap.generic_elem; 2078 conf.generic_elem_len = sdata->u.ap.generic_elem_len; 2079 conf.beacon = beacon; 2080 conf.beacon_control = control; 2081 } 2082 return local->ops->config_interface(local_to_hw(local), 2083 dev->ifindex, &conf); 2084} 2085 2086int ieee80211_if_config(struct net_device *dev) 2087{ 2088 return __ieee80211_if_config(dev, NULL, NULL); 2089} 2090 2091int ieee80211_if_config_beacon(struct net_device *dev) 2092{ 2093 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 2094 struct ieee80211_tx_control control; 2095 struct sk_buff *skb; 2096 2097 if (!(local->hw.flags & IEEE80211_HW_HOST_GEN_BEACON_TEMPLATE)) 2098 return 0; 2099 skb = ieee80211_beacon_get(local_to_hw(local), dev->ifindex, &control); 2100 if (!skb) 2101 return -ENOMEM; 2102 return __ieee80211_if_config(dev, skb, &control); 2103} 2104 2105int ieee80211_hw_config(struct ieee80211_local *local) 2106{ 2107 struct ieee80211_hw_mode *mode; 2108 struct ieee80211_channel *chan; 2109 int ret = 0; 2110 2111 if (local->sta_scanning) { 2112 chan = local->scan_channel; 2113 mode = local->scan_hw_mode; 2114 } else { 2115 chan = local->oper_channel; 2116 mode = local->oper_hw_mode; 2117 } 2118 2119 local->hw.conf.channel = chan->chan; 2120 local->hw.conf.channel_val = chan->val; 2121 local->hw.conf.power_level = chan->power_level; 2122 local->hw.conf.freq = chan->freq; 2123 local->hw.conf.phymode = mode->mode; 2124 local->hw.conf.antenna_max = chan->antenna_max; 2125 local->hw.conf.chan = chan; 2126 local->hw.conf.mode = mode; 2127 2128#ifdef CONFIG_MAC80211_VERBOSE_DEBUG 2129 printk(KERN_DEBUG "HW CONFIG: channel=%d freq=%d " 2130 "phymode=%d\n", local->hw.conf.channel, local->hw.conf.freq, 2131 local->hw.conf.phymode); 2132#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */ 2133 2134 if (local->ops->config) 2135 ret = local->ops->config(local_to_hw(local), &local->hw.conf); 2136 2137 return ret; 2138} 2139 2140 2141static int ieee80211_change_mtu(struct net_device *dev, int new_mtu) 2142{ 2143 /* FIX: what would be proper limits for MTU? 2144 * This interface uses 802.3 frames. */ 2145 if (new_mtu < 256 || new_mtu > IEEE80211_MAX_DATA_LEN - 24 - 6) { 2146 printk(KERN_WARNING "%s: invalid MTU %d\n", 2147 dev->name, new_mtu); 2148 return -EINVAL; 2149 } 2150 2151#ifdef CONFIG_MAC80211_VERBOSE_DEBUG 2152 printk(KERN_DEBUG "%s: setting MTU %d\n", dev->name, new_mtu); 2153#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */ 2154 dev->mtu = new_mtu; 2155 return 0; 2156} 2157 2158 2159static int ieee80211_change_mtu_apdev(struct net_device *dev, int new_mtu) 2160{ 2161 /* FIX: what would be proper limits for MTU? 2162 * This interface uses 802.11 frames. */ 2163 if (new_mtu < 256 || new_mtu > IEEE80211_MAX_DATA_LEN) { 2164 printk(KERN_WARNING "%s: invalid MTU %d\n", 2165 dev->name, new_mtu); 2166 return -EINVAL; 2167 } 2168 2169#ifdef CONFIG_MAC80211_VERBOSE_DEBUG 2170 printk(KERN_DEBUG "%s: setting MTU %d\n", dev->name, new_mtu); 2171#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */ 2172 dev->mtu = new_mtu; 2173 return 0; 2174} 2175 2176enum netif_tx_lock_class { 2177 TX_LOCK_NORMAL, 2178 TX_LOCK_MASTER, 2179}; 2180 2181static inline void netif_tx_lock_nested(struct net_device *dev, int subclass) 2182{ 2183 spin_lock_nested(&dev->_xmit_lock, subclass); 2184 dev->xmit_lock_owner = smp_processor_id(); 2185} 2186 2187static void ieee80211_set_multicast_list(struct net_device *dev) 2188{ 2189 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 2190 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 2191 unsigned short flags; 2192 2193 netif_tx_lock_nested(local->mdev, TX_LOCK_MASTER); 2194 if (((dev->flags & IFF_ALLMULTI) != 0) ^ (sdata->allmulti != 0)) { 2195 if (sdata->allmulti) { 2196 sdata->allmulti = 0; 2197 local->iff_allmultis--; 2198 } else { 2199 sdata->allmulti = 1; 2200 local->iff_allmultis++; 2201 } 2202 } 2203 if (((dev->flags & IFF_PROMISC) != 0) ^ (sdata->promisc != 0)) { 2204 if (sdata->promisc) { 2205 sdata->promisc = 0; 2206 local->iff_promiscs--; 2207 } else { 2208 sdata->promisc = 1; 2209 local->iff_promiscs++; 2210 } 2211 } 2212 if (dev->mc_count != sdata->mc_count) { 2213 local->mc_count = local->mc_count - sdata->mc_count + 2214 dev->mc_count; 2215 sdata->mc_count = dev->mc_count; 2216 } 2217 if (local->ops->set_multicast_list) { 2218 flags = local->mdev->flags; 2219 if (local->iff_allmultis) 2220 flags |= IFF_ALLMULTI; 2221 if (local->iff_promiscs) 2222 flags |= IFF_PROMISC; 2223 read_lock(&local->sub_if_lock); 2224 local->ops->set_multicast_list(local_to_hw(local), flags, 2225 local->mc_count); 2226 read_unlock(&local->sub_if_lock); 2227 } 2228 netif_tx_unlock(local->mdev); 2229} 2230 2231struct dev_mc_list *ieee80211_get_mc_list_item(struct ieee80211_hw *hw, 2232 struct dev_mc_list *prev, 2233 void **ptr) 2234{ 2235 struct ieee80211_local *local = hw_to_local(hw); 2236 struct ieee80211_sub_if_data *sdata = *ptr; 2237 struct dev_mc_list *mc; 2238 2239 if (!prev) { 2240 WARN_ON(sdata); 2241 sdata = NULL; 2242 } 2243 if (!prev || !prev->next) { 2244 if (sdata) 2245 sdata = list_entry(sdata->list.next, 2246 struct ieee80211_sub_if_data, list); 2247 else 2248 sdata = list_entry(local->sub_if_list.next, 2249 struct ieee80211_sub_if_data, list); 2250 if (&sdata->list != &local->sub_if_list) 2251 mc = sdata->dev->mc_list; 2252 else 2253 mc = NULL; 2254 } else 2255 mc = prev->next; 2256 2257 *ptr = sdata; 2258 return mc; 2259} 2260EXPORT_SYMBOL(ieee80211_get_mc_list_item); 2261 2262static struct net_device_stats *ieee80211_get_stats(struct net_device *dev) 2263{ 2264 struct ieee80211_sub_if_data *sdata; 2265 sdata = IEEE80211_DEV_TO_SUB_IF(dev); 2266 return &(sdata->stats); 2267} 2268 2269static void ieee80211_if_shutdown(struct net_device *dev) 2270{ 2271 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 2272 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 2273 2274 ASSERT_RTNL(); 2275 switch (sdata->type) { 2276 case IEEE80211_IF_TYPE_STA: 2277 case IEEE80211_IF_TYPE_IBSS: 2278 sdata->u.sta.state = IEEE80211_DISABLED; 2279 del_timer_sync(&sdata->u.sta.timer); 2280 skb_queue_purge(&sdata->u.sta.skb_queue); 2281 if (!local->ops->hw_scan && 2282 local->scan_dev == sdata->dev) { 2283 local->sta_scanning = 0; 2284 cancel_delayed_work(&local->scan_work); 2285 } 2286 flush_workqueue(local->hw.workqueue); 2287 break; 2288 } 2289} 2290 2291static inline int identical_mac_addr_allowed(int type1, int type2) 2292{ 2293 return (type1 == IEEE80211_IF_TYPE_MNTR || 2294 type2 == IEEE80211_IF_TYPE_MNTR || 2295 (type1 == IEEE80211_IF_TYPE_AP && 2296 type2 == IEEE80211_IF_TYPE_WDS) || 2297 (type1 == IEEE80211_IF_TYPE_WDS && 2298 (type2 == IEEE80211_IF_TYPE_WDS || 2299 type2 == IEEE80211_IF_TYPE_AP)) || 2300 (type1 == IEEE80211_IF_TYPE_AP && 2301 type2 == IEEE80211_IF_TYPE_VLAN) || 2302 (type1 == IEEE80211_IF_TYPE_VLAN && 2303 (type2 == IEEE80211_IF_TYPE_AP || 2304 type2 == IEEE80211_IF_TYPE_VLAN))); 2305} 2306 2307static int ieee80211_master_open(struct net_device *dev) 2308{ 2309 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 2310 struct ieee80211_sub_if_data *sdata; 2311 int res = -EOPNOTSUPP; 2312 2313 read_lock(&local->sub_if_lock); 2314 list_for_each_entry(sdata, &local->sub_if_list, list) { 2315 if (sdata->dev != dev && netif_running(sdata->dev)) { 2316 res = 0; 2317 break; 2318 } 2319 } 2320 read_unlock(&local->sub_if_lock); 2321 return res; 2322} 2323 2324static int ieee80211_master_stop(struct net_device *dev) 2325{ 2326 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 2327 struct ieee80211_sub_if_data *sdata; 2328 2329 read_lock(&local->sub_if_lock); 2330 list_for_each_entry(sdata, &local->sub_if_list, list) 2331 if (sdata->dev != dev && netif_running(sdata->dev)) 2332 dev_close(sdata->dev); 2333 read_unlock(&local->sub_if_lock); 2334 2335 return 0; 2336} 2337 2338static int ieee80211_mgmt_open(struct net_device *dev) 2339{ 2340 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 2341 2342 if (!netif_running(local->mdev)) 2343 return -EOPNOTSUPP; 2344 return 0; 2345} 2346 2347static int ieee80211_mgmt_stop(struct net_device *dev) 2348{ 2349 return 0; 2350} 2351 2352/* Check if running monitor interfaces should go to a "soft monitor" mode 2353 * and switch them if necessary. */ 2354static inline void ieee80211_start_soft_monitor(struct ieee80211_local *local) 2355{ 2356 struct ieee80211_if_init_conf conf; 2357 2358 if (local->open_count && local->open_count == local->monitors && 2359 !(local->hw.flags & IEEE80211_HW_MONITOR_DURING_OPER) && 2360 local->ops->remove_interface) { 2361 conf.if_id = -1; 2362 conf.type = IEEE80211_IF_TYPE_MNTR; 2363 conf.mac_addr = NULL; 2364 local->ops->remove_interface(local_to_hw(local), &conf); 2365 } 2366} 2367 2368/* Check if running monitor interfaces should go to a "hard monitor" mode 2369 * and switch them if necessary. */ 2370static void ieee80211_start_hard_monitor(struct ieee80211_local *local) 2371{ 2372 struct ieee80211_if_init_conf conf; 2373 2374 if (local->open_count && local->open_count == local->monitors && 2375 !(local->hw.flags & IEEE80211_HW_MONITOR_DURING_OPER) && 2376 local->ops->add_interface) { 2377 conf.if_id = -1; 2378 conf.type = IEEE80211_IF_TYPE_MNTR; 2379 conf.mac_addr = NULL; 2380 local->ops->add_interface(local_to_hw(local), &conf); 2381 } 2382} 2383 2384static int ieee80211_open(struct net_device *dev) 2385{ 2386 struct ieee80211_sub_if_data *sdata, *nsdata; 2387 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 2388 struct ieee80211_if_init_conf conf; 2389 int res; 2390 2391 sdata = IEEE80211_DEV_TO_SUB_IF(dev); 2392 read_lock(&local->sub_if_lock); 2393 list_for_each_entry(nsdata, &local->sub_if_list, list) { 2394 struct net_device *ndev = nsdata->dev; 2395 2396 if (ndev != dev && ndev != local->mdev && netif_running(ndev) && 2397 compare_ether_addr(dev->dev_addr, ndev->dev_addr) == 0 && 2398 !identical_mac_addr_allowed(sdata->type, nsdata->type)) { 2399 read_unlock(&local->sub_if_lock); 2400 return -ENOTUNIQ; 2401 } 2402 } 2403 read_unlock(&local->sub_if_lock); 2404 2405 if (sdata->type == IEEE80211_IF_TYPE_WDS && 2406 is_zero_ether_addr(sdata->u.wds.remote_addr)) 2407 return -ENOLINK; 2408 2409 if (sdata->type == IEEE80211_IF_TYPE_MNTR && local->open_count && 2410 !(local->hw.flags & IEEE80211_HW_MONITOR_DURING_OPER)) { 2411 /* run the interface in a "soft monitor" mode */ 2412 local->monitors++; 2413 local->open_count++; 2414 local->hw.conf.flags |= IEEE80211_CONF_RADIOTAP; 2415 return 0; 2416 } 2417 ieee80211_start_soft_monitor(local); 2418 2419 if (local->ops->add_interface) { 2420 conf.if_id = dev->ifindex; 2421 conf.type = sdata->type; 2422 conf.mac_addr = dev->dev_addr; 2423 res = local->ops->add_interface(local_to_hw(local), &conf); 2424 if (res) { 2425 if (sdata->type == IEEE80211_IF_TYPE_MNTR) 2426 ieee80211_start_hard_monitor(local); 2427 return res; 2428 } 2429 } else { 2430 if (sdata->type != IEEE80211_IF_TYPE_STA) 2431 return -EOPNOTSUPP; 2432 if (local->open_count > 0) 2433 return -ENOBUFS; 2434 } 2435 2436 if (local->open_count == 0) { 2437 res = 0; 2438 tasklet_enable(&local->tx_pending_tasklet); 2439 tasklet_enable(&local->tasklet); 2440 if (local->ops->open) 2441 res = local->ops->open(local_to_hw(local)); 2442 if (res == 0) { 2443 res = dev_open(local->mdev); 2444 if (res) { 2445 if (local->ops->stop) 2446 local->ops->stop(local_to_hw(local)); 2447 } else { 2448 res = ieee80211_hw_config(local); 2449 if (res && local->ops->stop) 2450 local->ops->stop(local_to_hw(local)); 2451 else if (!res && local->apdev) 2452 dev_open(local->apdev); 2453 } 2454 } 2455 if (res) { 2456 if (local->ops->remove_interface) 2457 local->ops->remove_interface(local_to_hw(local), 2458 &conf); 2459 return res; 2460 } 2461 } 2462 local->open_count++; 2463 2464 if (sdata->type == IEEE80211_IF_TYPE_MNTR) { 2465 local->monitors++; 2466 local->hw.conf.flags |= IEEE80211_CONF_RADIOTAP; 2467 } else 2468 ieee80211_if_config(dev); 2469 2470 if (sdata->type == IEEE80211_IF_TYPE_STA && 2471 !local->user_space_mlme) 2472 netif_carrier_off(dev); 2473 else 2474 netif_carrier_on(dev); 2475 2476 netif_start_queue(dev); 2477 return 0; 2478} 2479 2480 2481static int ieee80211_stop(struct net_device *dev) 2482{ 2483 struct ieee80211_sub_if_data *sdata; 2484 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 2485 2486 sdata = IEEE80211_DEV_TO_SUB_IF(dev); 2487 2488 if (sdata->type == IEEE80211_IF_TYPE_MNTR && 2489 local->open_count > 1 && 2490 !(local->hw.flags & IEEE80211_HW_MONITOR_DURING_OPER)) { 2491 /* remove "soft monitor" interface */ 2492 local->open_count--; 2493 local->monitors--; 2494 if (!local->monitors) 2495 local->hw.conf.flags &= ~IEEE80211_CONF_RADIOTAP; 2496 return 0; 2497 } 2498 2499 netif_stop_queue(dev); 2500 ieee80211_if_shutdown(dev); 2501 2502 if (sdata->type == IEEE80211_IF_TYPE_MNTR) { 2503 local->monitors--; 2504 if (!local->monitors) 2505 local->hw.conf.flags &= ~IEEE80211_CONF_RADIOTAP; 2506 } 2507 2508 local->open_count--; 2509 if (local->open_count == 0) { 2510 if (netif_running(local->mdev)) 2511 dev_close(local->mdev); 2512 if (local->apdev) 2513 dev_close(local->apdev); 2514 if (local->ops->stop) 2515 local->ops->stop(local_to_hw(local)); 2516 tasklet_disable(&local->tx_pending_tasklet); 2517 tasklet_disable(&local->tasklet); 2518 } 2519 if (local->ops->remove_interface) { 2520 struct ieee80211_if_init_conf conf; 2521 2522 conf.if_id = dev->ifindex; 2523 conf.type = sdata->type; 2524 conf.mac_addr = dev->dev_addr; 2525 local->ops->remove_interface(local_to_hw(local), &conf); 2526 } 2527 2528 ieee80211_start_hard_monitor(local); 2529 2530 return 0; 2531} 2532 2533 2534static int header_parse_80211(struct sk_buff *skb, unsigned char *haddr) 2535{ 2536 memcpy(haddr, skb_mac_header(skb) + 10, ETH_ALEN); /* addr2 */ 2537 return ETH_ALEN; 2538} 2539 2540static inline int ieee80211_bssid_match(const u8 *raddr, const u8 *addr) 2541{ 2542 return compare_ether_addr(raddr, addr) == 0 || 2543 is_broadcast_ether_addr(raddr); 2544} 2545 2546 2547static ieee80211_txrx_result 2548ieee80211_rx_h_data(struct ieee80211_txrx_data *rx) 2549{ 2550 struct net_device *dev = rx->dev; 2551 struct ieee80211_local *local = rx->local; 2552 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data; 2553 u16 fc, hdrlen, ethertype; 2554 u8 *payload; 2555 u8 dst[ETH_ALEN]; 2556 u8 src[ETH_ALEN]; 2557 struct sk_buff *skb = rx->skb, *skb2; 2558 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 2559 2560 fc = rx->fc; 2561 if (unlikely((fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA)) 2562 return TXRX_CONTINUE; 2563 2564 if (unlikely(!WLAN_FC_DATA_PRESENT(fc))) 2565 return TXRX_DROP; 2566 2567 hdrlen = ieee80211_get_hdrlen(fc); 2568 2569 /* convert IEEE 802.11 header + possible LLC headers into Ethernet 2570 * header 2571 * IEEE 802.11 address fields: 2572 * ToDS FromDS Addr1 Addr2 Addr3 Addr4 2573 * 0 0 DA SA BSSID n/a 2574 * 0 1 DA BSSID SA n/a 2575 * 1 0 BSSID SA DA n/a 2576 * 1 1 RA TA DA SA 2577 */ 2578 2579 switch (fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) { 2580 case IEEE80211_FCTL_TODS: 2581 /* BSSID SA DA */ 2582 memcpy(dst, hdr->addr3, ETH_ALEN); 2583 memcpy(src, hdr->addr2, ETH_ALEN); 2584 2585 if (unlikely(sdata->type != IEEE80211_IF_TYPE_AP && 2586 sdata->type != IEEE80211_IF_TYPE_VLAN)) { 2587 printk(KERN_DEBUG "%s: dropped ToDS frame (BSSID=" 2588 MAC_FMT " SA=" MAC_FMT " DA=" MAC_FMT ")\n", 2589 dev->name, MAC_ARG(hdr->addr1), 2590 MAC_ARG(hdr->addr2), MAC_ARG(hdr->addr3)); 2591 return TXRX_DROP; 2592 } 2593 break; 2594 case (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS): 2595 /* RA TA DA SA */ 2596 memcpy(dst, hdr->addr3, ETH_ALEN); 2597 memcpy(src, hdr->addr4, ETH_ALEN); 2598 2599 if (unlikely(sdata->type != IEEE80211_IF_TYPE_WDS)) { 2600 printk(KERN_DEBUG "%s: dropped FromDS&ToDS frame (RA=" 2601 MAC_FMT " TA=" MAC_FMT " DA=" MAC_FMT " SA=" 2602 MAC_FMT ")\n", 2603 rx->dev->name, MAC_ARG(hdr->addr1), 2604 MAC_ARG(hdr->addr2), MAC_ARG(hdr->addr3), 2605 MAC_ARG(hdr->addr4)); 2606 return TXRX_DROP; 2607 } 2608 break; 2609 case IEEE80211_FCTL_FROMDS: 2610 /* DA BSSID SA */ 2611 memcpy(dst, hdr->addr1, ETH_ALEN); 2612 memcpy(src, hdr->addr3, ETH_ALEN); 2613 2614 if (sdata->type != IEEE80211_IF_TYPE_STA) { 2615 return TXRX_DROP; 2616 } 2617 break; 2618 case 0: 2619 /* DA SA BSSID */ 2620 memcpy(dst, hdr->addr1, ETH_ALEN); 2621 memcpy(src, hdr->addr2, ETH_ALEN); 2622 2623 if (sdata->type != IEEE80211_IF_TYPE_IBSS) { 2624 if (net_ratelimit()) { 2625 printk(KERN_DEBUG "%s: dropped IBSS frame (DA=" 2626 MAC_FMT " SA=" MAC_FMT " BSSID=" MAC_FMT 2627 ")\n", 2628 dev->name, MAC_ARG(hdr->addr1), 2629 MAC_ARG(hdr->addr2), 2630 MAC_ARG(hdr->addr3)); 2631 } 2632 return TXRX_DROP; 2633 } 2634 break; 2635 } 2636 2637 payload = skb->data + hdrlen; 2638 2639 if (unlikely(skb->len - hdrlen < 8)) { 2640 if (net_ratelimit()) { 2641 printk(KERN_DEBUG "%s: RX too short data frame " 2642 "payload\n", dev->name); 2643 } 2644 return TXRX_DROP; 2645 } 2646 2647 ethertype = (payload[6] << 8) | payload[7]; 2648 2649 if (likely((compare_ether_addr(payload, rfc1042_header) == 0 && 2650 ethertype != ETH_P_AARP && ethertype != ETH_P_IPX) || 2651 compare_ether_addr(payload, bridge_tunnel_header) == 0)) { 2652 /* remove RFC1042 or Bridge-Tunnel encapsulation and 2653 * replace EtherType */ 2654 skb_pull(skb, hdrlen + 6); 2655 memcpy(skb_push(skb, ETH_ALEN), src, ETH_ALEN); 2656 memcpy(skb_push(skb, ETH_ALEN), dst, ETH_ALEN); 2657 } else { 2658 struct ethhdr *ehdr; 2659 __be16 len; 2660 skb_pull(skb, hdrlen); 2661 len = htons(skb->len); 2662 ehdr = (struct ethhdr *) skb_push(skb, sizeof(struct ethhdr)); 2663 memcpy(ehdr->h_dest, dst, ETH_ALEN); 2664 memcpy(ehdr->h_source, src, ETH_ALEN); 2665 ehdr->h_proto = len; 2666 } 2667 skb->dev = dev; 2668 2669 skb2 = NULL; 2670 2671 sdata->stats.rx_packets++; 2672 sdata->stats.rx_bytes += skb->len; 2673 2674 if (local->bridge_packets && (sdata->type == IEEE80211_IF_TYPE_AP 2675 || sdata->type == IEEE80211_IF_TYPE_VLAN) && rx->u.rx.ra_match) { 2676 if (is_multicast_ether_addr(skb->data)) { 2677 /* send multicast frames both to higher layers in 2678 * local net stack and back to the wireless media */ 2679 skb2 = skb_copy(skb, GFP_ATOMIC); 2680 if (!skb2) 2681 printk(KERN_DEBUG "%s: failed to clone " 2682 "multicast frame\n", dev->name); 2683 } else { 2684 struct sta_info *dsta; 2685 dsta = sta_info_get(local, skb->data); 2686 if (dsta && !dsta->dev) { 2687 printk(KERN_DEBUG "Station with null dev " 2688 "structure!\n"); 2689 } else if (dsta && dsta->dev == dev) { 2690 /* Destination station is associated to this 2691 * AP, so send the frame directly to it and 2692 * do not pass the frame to local net stack. 2693 */ 2694 skb2 = skb; 2695 skb = NULL; 2696 } 2697 if (dsta) 2698 sta_info_put(dsta); 2699 } 2700 } 2701 2702 if (skb) { 2703 /* deliver to local stack */ 2704 skb->protocol = eth_type_trans(skb, dev); 2705 memset(skb->cb, 0, sizeof(skb->cb)); 2706 netif_rx(skb); 2707 } 2708 2709 if (skb2) { 2710 /* send to wireless media */ 2711 skb2->protocol = __constant_htons(ETH_P_802_3); 2712 skb_set_network_header(skb2, 0); 2713 skb_set_mac_header(skb2, 0); 2714 dev_queue_xmit(skb2); 2715 } 2716 2717 return TXRX_QUEUED; 2718} 2719 2720 2721static struct ieee80211_rate * 2722ieee80211_get_rate(struct ieee80211_local *local, int phymode, int hw_rate) 2723{ 2724 struct ieee80211_hw_mode *mode; 2725 int r; 2726 2727 list_for_each_entry(mode, &local->modes_list, list) { 2728 if (mode->mode != phymode) 2729 continue; 2730 for (r = 0; r < mode->num_rates; r++) { 2731 struct ieee80211_rate *rate = &mode->rates[r]; 2732 if (rate->val == hw_rate || 2733 (rate->flags & IEEE80211_RATE_PREAMBLE2 && 2734 rate->val2 == hw_rate)) 2735 return rate; 2736 } 2737 } 2738 2739 return NULL; 2740} 2741 2742static void 2743ieee80211_fill_frame_info(struct ieee80211_local *local, 2744 struct ieee80211_frame_info *fi, 2745 struct ieee80211_rx_status *status) 2746{ 2747 if (status) { 2748 struct timespec ts; 2749 struct ieee80211_rate *rate; 2750 2751 jiffies_to_timespec(jiffies, &ts); 2752 fi->hosttime = cpu_to_be64((u64) ts.tv_sec * 1000000 + 2753 ts.tv_nsec / 1000); 2754 fi->mactime = cpu_to_be64(status->mactime); 2755 switch (status->phymode) { 2756 case MODE_IEEE80211A: 2757 fi->phytype = htonl(ieee80211_phytype_ofdm_dot11_a); 2758 break; 2759 case MODE_IEEE80211B: 2760 fi->phytype = htonl(ieee80211_phytype_dsss_dot11_b); 2761 break; 2762 case MODE_IEEE80211G: 2763 fi->phytype = htonl(ieee80211_phytype_pbcc_dot11_g); 2764 break; 2765 case MODE_ATHEROS_TURBO: 2766 fi->phytype = 2767 htonl(ieee80211_phytype_dsss_dot11_turbo); 2768 break; 2769 default: 2770 fi->phytype = htonl(0xAAAAAAAA); 2771 break; 2772 } 2773 fi->channel = htonl(status->channel); 2774 rate = ieee80211_get_rate(local, status->phymode, 2775 status->rate); 2776 if (rate) { 2777 fi->datarate = htonl(rate->rate); 2778 if (rate->flags & IEEE80211_RATE_PREAMBLE2) { 2779 if (status->rate == rate->val) 2780 fi->preamble = htonl(2); /* long */ 2781 else if (status->rate == rate->val2) 2782 fi->preamble = htonl(1); /* short */ 2783 } else 2784 fi->preamble = htonl(0); 2785 } else { 2786 fi->datarate = htonl(0); 2787 fi->preamble = htonl(0); 2788 } 2789 2790 fi->antenna = htonl(status->antenna); 2791 fi->priority = htonl(0xffffffff); /* no clue */ 2792 fi->ssi_type = htonl(ieee80211_ssi_raw); 2793 fi->ssi_signal = htonl(status->ssi); 2794 fi->ssi_noise = 0x00000000; 2795 fi->encoding = 0; 2796 } else { 2797 /* clear everything because we really don't know. 2798 * the msg_type field isn't present on monitor frames 2799 * so we don't know whether it will be present or not, 2800 * but it's ok to not clear it since it'll be assigned 2801 * anyway */ 2802 memset(fi, 0, sizeof(*fi) - sizeof(fi->msg_type)); 2803 2804 fi->ssi_type = htonl(ieee80211_ssi_none); 2805 } 2806 fi->version = htonl(IEEE80211_FI_VERSION); 2807 fi->length = cpu_to_be32(sizeof(*fi) - sizeof(fi->msg_type)); 2808} 2809 2810/* this routine is actually not just for this, but also 2811 * for pushing fake 'management' frames into userspace. 2812 * it shall be replaced by a netlink-based system. */ 2813void 2814ieee80211_rx_mgmt(struct ieee80211_local *local, struct sk_buff *skb, 2815 struct ieee80211_rx_status *status, u32 msg_type) 2816{ 2817 struct ieee80211_frame_info *fi; 2818 const size_t hlen = sizeof(struct ieee80211_frame_info); 2819 struct ieee80211_sub_if_data *sdata; 2820 2821 skb->dev = local->apdev; 2822 2823 sdata = IEEE80211_DEV_TO_SUB_IF(local->apdev); 2824 2825 if (skb_headroom(skb) < hlen) { 2826 I802_DEBUG_INC(local->rx_expand_skb_head); 2827 if (pskb_expand_head(skb, hlen, 0, GFP_ATOMIC)) { 2828 dev_kfree_skb(skb); 2829 return; 2830 } 2831 } 2832 2833 fi = (struct ieee80211_frame_info *) skb_push(skb, hlen); 2834 2835 ieee80211_fill_frame_info(local, fi, status); 2836 fi->msg_type = htonl(msg_type); 2837 2838 sdata->stats.rx_packets++; 2839 sdata->stats.rx_bytes += skb->len; 2840 2841 skb_set_mac_header(skb, 0); 2842 skb->ip_summed = CHECKSUM_UNNECESSARY; 2843 skb->pkt_type = PACKET_OTHERHOST; 2844 skb->protocol = htons(ETH_P_802_2); 2845 memset(skb->cb, 0, sizeof(skb->cb)); 2846 netif_rx(skb); 2847} 2848 2849static void 2850ieee80211_rx_monitor(struct net_device *dev, struct sk_buff *skb, 2851 struct ieee80211_rx_status *status) 2852{ 2853 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 2854 struct ieee80211_sub_if_data *sdata; 2855 struct ieee80211_rate *rate; 2856 struct ieee80211_rtap_hdr { 2857 struct ieee80211_radiotap_header hdr; 2858 u8 flags; 2859 u8 rate; 2860 __le16 chan_freq; 2861 __le16 chan_flags; 2862 u8 antsignal; 2863 } __attribute__ ((packed)) *rthdr; 2864 2865 skb->dev = dev; 2866 2867 sdata = IEEE80211_DEV_TO_SUB_IF(dev); 2868 2869 if (status->flag & RX_FLAG_RADIOTAP) 2870 goto out; 2871 2872 if (skb_headroom(skb) < sizeof(*rthdr)) { 2873 I802_DEBUG_INC(local->rx_expand_skb_head); 2874 if (pskb_expand_head(skb, sizeof(*rthdr), 0, GFP_ATOMIC)) { 2875 dev_kfree_skb(skb); 2876 return; 2877 } 2878 } 2879 2880 rthdr = (struct ieee80211_rtap_hdr *) skb_push(skb, sizeof(*rthdr)); 2881 memset(rthdr, 0, sizeof(*rthdr)); 2882 rthdr->hdr.it_len = cpu_to_le16(sizeof(*rthdr)); 2883 rthdr->hdr.it_present = 2884 cpu_to_le32((1 << IEEE80211_RADIOTAP_FLAGS) | 2885 (1 << IEEE80211_RADIOTAP_RATE) | 2886 (1 << IEEE80211_RADIOTAP_CHANNEL) | 2887 (1 << IEEE80211_RADIOTAP_DB_ANTSIGNAL)); 2888 rthdr->flags = local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS ? 2889 IEEE80211_RADIOTAP_F_FCS : 0; 2890 rate = ieee80211_get_rate(local, status->phymode, status->rate); 2891 if (rate) 2892 rthdr->rate = rate->rate / 5; 2893 rthdr->chan_freq = cpu_to_le16(status->freq); 2894 rthdr->chan_flags = 2895 status->phymode == MODE_IEEE80211A ? 2896 cpu_to_le16(IEEE80211_CHAN_OFDM | IEEE80211_CHAN_5GHZ) : 2897 cpu_to_le16(IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ); 2898 rthdr->antsignal = status->ssi; 2899 2900 out: 2901 sdata->stats.rx_packets++; 2902 sdata->stats.rx_bytes += skb->len; 2903 2904 skb_set_mac_header(skb, 0); 2905 skb->ip_summed = CHECKSUM_UNNECESSARY; 2906 skb->pkt_type = PACKET_OTHERHOST; 2907 skb->protocol = htons(ETH_P_802_2); 2908 memset(skb->cb, 0, sizeof(skb->cb)); 2909 netif_rx(skb); 2910} 2911 2912int ieee80211_radar_status(struct ieee80211_hw *hw, int channel, 2913 int radar, int radar_type) 2914{ 2915 struct sk_buff *skb; 2916 struct ieee80211_radar_info *msg; 2917 struct ieee80211_local *local = hw_to_local(hw); 2918 2919 if (!local->apdev) 2920 return 0; 2921 2922 skb = dev_alloc_skb(sizeof(struct ieee80211_frame_info) + 2923 sizeof(struct ieee80211_radar_info)); 2924 2925 if (!skb) 2926 return -ENOMEM; 2927 skb_reserve(skb, sizeof(struct ieee80211_frame_info)); 2928 2929 msg = (struct ieee80211_radar_info *) 2930 skb_put(skb, sizeof(struct ieee80211_radar_info)); 2931 msg->channel = channel; 2932 msg->radar = radar; 2933 msg->radar_type = radar_type; 2934 2935 ieee80211_rx_mgmt(local, skb, NULL, ieee80211_msg_radar); 2936 return 0; 2937} 2938EXPORT_SYMBOL(ieee80211_radar_status); 2939 2940int ieee80211_set_aid_for_sta(struct ieee80211_hw *hw, u8 *peer_address, 2941 u16 aid) 2942{ 2943 struct sk_buff *skb; 2944 struct ieee80211_msg_set_aid_for_sta *msg; 2945 struct ieee80211_local *local = hw_to_local(hw); 2946 2947 /* unlikely because if this event only happens for APs, 2948 * which require an open ap device. */ 2949 if (unlikely(!local->apdev)) 2950 return 0; 2951 2952 skb = dev_alloc_skb(sizeof(struct ieee80211_frame_info) + 2953 sizeof(struct ieee80211_msg_set_aid_for_sta)); 2954 2955 if (!skb) 2956 return -ENOMEM; 2957 skb_reserve(skb, sizeof(struct ieee80211_frame_info)); 2958 2959 msg = (struct ieee80211_msg_set_aid_for_sta *) 2960 skb_put(skb, sizeof(struct ieee80211_msg_set_aid_for_sta)); 2961 memcpy(msg->sta_address, peer_address, ETH_ALEN); 2962 msg->aid = aid; 2963 2964 ieee80211_rx_mgmt(local, skb, NULL, ieee80211_msg_set_aid_for_sta); 2965 return 0; 2966} 2967EXPORT_SYMBOL(ieee80211_set_aid_for_sta); 2968 2969static void ap_sta_ps_start(struct net_device *dev, struct sta_info *sta) 2970{ 2971 struct ieee80211_sub_if_data *sdata; 2972 sdata = IEEE80211_DEV_TO_SUB_IF(sta->dev); 2973 2974 if (sdata->bss) 2975 atomic_inc(&sdata->bss->num_sta_ps); 2976 sta->flags |= WLAN_STA_PS; 2977 sta->pspoll = 0; 2978#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG 2979 printk(KERN_DEBUG "%s: STA " MAC_FMT " aid %d enters power " 2980 "save mode\n", dev->name, MAC_ARG(sta->addr), sta->aid); 2981#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */ 2982} 2983 2984 2985static int ap_sta_ps_end(struct net_device *dev, struct sta_info *sta) 2986{ 2987 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 2988 struct sk_buff *skb; 2989 int sent = 0; 2990 struct ieee80211_sub_if_data *sdata; 2991 struct ieee80211_tx_packet_data *pkt_data; 2992 2993 sdata = IEEE80211_DEV_TO_SUB_IF(sta->dev); 2994 if (sdata->bss) 2995 atomic_dec(&sdata->bss->num_sta_ps); 2996 sta->flags &= ~(WLAN_STA_PS | WLAN_STA_TIM); 2997 sta->pspoll = 0; 2998 if (!skb_queue_empty(&sta->ps_tx_buf)) { 2999 if (local->ops->set_tim) 3000 local->ops->set_tim(local_to_hw(local), sta->aid, 0); 3001 if (sdata->bss) 3002 bss_tim_clear(local, sdata->bss, sta->aid); 3003 } 3004#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG 3005 printk(KERN_DEBUG "%s: STA " MAC_FMT " aid %d exits power " 3006 "save mode\n", dev->name, MAC_ARG(sta->addr), sta->aid); 3007#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */ 3008 /* Send all buffered frames to the station */ 3009 while ((skb = skb_dequeue(&sta->tx_filtered)) != NULL) { 3010 pkt_data = (struct ieee80211_tx_packet_data *) skb->cb; 3011 sent++; 3012 pkt_data->requeue = 1; 3013 dev_queue_xmit(skb); 3014 } 3015 while ((skb = skb_dequeue(&sta->ps_tx_buf)) != NULL) { 3016 pkt_data = (struct ieee80211_tx_packet_data *) skb->cb; 3017 local->total_ps_buffered--; 3018 sent++; 3019#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG 3020 printk(KERN_DEBUG "%s: STA " MAC_FMT " aid %d send PS frame " 3021 "since STA not sleeping anymore\n", dev->name, 3022 MAC_ARG(sta->addr), sta->aid); 3023#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */ 3024 pkt_data->requeue = 1; 3025 dev_queue_xmit(skb); 3026 } 3027 3028 return sent; 3029} 3030 3031 3032static ieee80211_txrx_result 3033ieee80211_rx_h_ps_poll(struct ieee80211_txrx_data *rx) 3034{ 3035 struct sk_buff *skb; 3036 int no_pending_pkts; 3037 3038 if (likely(!rx->sta || 3039 (rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_CTL || 3040 (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_PSPOLL || 3041 !rx->u.rx.ra_match)) 3042 return TXRX_CONTINUE; 3043 3044 skb = skb_dequeue(&rx->sta->tx_filtered); 3045 if (!skb) { 3046 skb = skb_dequeue(&rx->sta->ps_tx_buf); 3047 if (skb) 3048 rx->local->total_ps_buffered--; 3049 } 3050 no_pending_pkts = skb_queue_empty(&rx->sta->tx_filtered) && 3051 skb_queue_empty(&rx->sta->ps_tx_buf); 3052 3053 if (skb) { 3054 struct ieee80211_hdr *hdr = 3055 (struct ieee80211_hdr *) skb->data; 3056 3057 /* tell TX path to send one frame even though the STA may 3058 * still remain is PS mode after this frame exchange */ 3059 rx->sta->pspoll = 1; 3060 3061#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG 3062 printk(KERN_DEBUG "STA " MAC_FMT " aid %d: PS Poll (entries " 3063 "after %d)\n", 3064 MAC_ARG(rx->sta->addr), rx->sta->aid, 3065 skb_queue_len(&rx->sta->ps_tx_buf)); 3066#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */ 3067 3068 /* Use MoreData flag to indicate whether there are more 3069 * buffered frames for this STA */ 3070 if (no_pending_pkts) { 3071 hdr->frame_control &= cpu_to_le16(~IEEE80211_FCTL_MOREDATA); 3072 rx->sta->flags &= ~WLAN_STA_TIM; 3073 } else 3074 hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_MOREDATA); 3075 3076 dev_queue_xmit(skb); 3077 3078 if (no_pending_pkts) { 3079 if (rx->local->ops->set_tim) 3080 rx->local->ops->set_tim(local_to_hw(rx->local), 3081 rx->sta->aid, 0); 3082 if (rx->sdata->bss) 3083 bss_tim_clear(rx->local, rx->sdata->bss, rx->sta->aid); 3084 } 3085#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG 3086 } else if (!rx->u.rx.sent_ps_buffered) { 3087 printk(KERN_DEBUG "%s: STA " MAC_FMT " sent PS Poll even " 3088 "though there is no buffered frames for it\n", 3089 rx->dev->name, MAC_ARG(rx->sta->addr)); 3090#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */ 3091 3092 } 3093 3094 /* Free PS Poll skb here instead of returning TXRX_DROP that would 3095 * count as an dropped frame. */ 3096 dev_kfree_skb(rx->skb); 3097 3098 return TXRX_QUEUED; 3099} 3100 3101 3102static inline struct ieee80211_fragment_entry * 3103ieee80211_reassemble_add(struct ieee80211_sub_if_data *sdata, 3104 unsigned int frag, unsigned int seq, int rx_queue, 3105 struct sk_buff **skb) 3106{ 3107 struct ieee80211_fragment_entry *entry; 3108 int idx; 3109 3110 idx = sdata->fragment_next; 3111 entry = &sdata->fragments[sdata->fragment_next++]; 3112 if (sdata->fragment_next >= IEEE80211_FRAGMENT_MAX) 3113 sdata->fragment_next = 0; 3114 3115 if (!skb_queue_empty(&entry->skb_list)) { 3116#ifdef CONFIG_MAC80211_DEBUG 3117 struct ieee80211_hdr *hdr = 3118 (struct ieee80211_hdr *) entry->skb_list.next->data; 3119 printk(KERN_DEBUG "%s: RX reassembly removed oldest " 3120 "fragment entry (idx=%d age=%lu seq=%d last_frag=%d " 3121 "addr1=" MAC_FMT " addr2=" MAC_FMT "\n", 3122 sdata->dev->name, idx, 3123 jiffies - entry->first_frag_time, entry->seq, 3124 entry->last_frag, MAC_ARG(hdr->addr1), 3125 MAC_ARG(hdr->addr2)); 3126#endif /* CONFIG_MAC80211_DEBUG */ 3127 __skb_queue_purge(&entry->skb_list); 3128 } 3129 3130 __skb_queue_tail(&entry->skb_list, *skb); /* no need for locking */ 3131 *skb = NULL; 3132 entry->first_frag_time = jiffies; 3133 entry->seq = seq; 3134 entry->rx_queue = rx_queue; 3135 entry->last_frag = frag; 3136 entry->ccmp = 0; 3137 entry->extra_len = 0; 3138 3139 return entry; 3140} 3141 3142 3143static inline struct ieee80211_fragment_entry * 3144ieee80211_reassemble_find(struct ieee80211_sub_if_data *sdata, 3145 u16 fc, unsigned int frag, unsigned int seq, 3146 int rx_queue, struct ieee80211_hdr *hdr) 3147{ 3148 struct ieee80211_fragment_entry *entry; 3149 int i, idx; 3150 3151 idx = sdata->fragment_next; 3152 for (i = 0; i < IEEE80211_FRAGMENT_MAX; i++) { 3153 struct ieee80211_hdr *f_hdr; 3154 u16 f_fc; 3155 3156 idx--; 3157 if (idx < 0) 3158 idx = IEEE80211_FRAGMENT_MAX - 1; 3159 3160 entry = &sdata->fragments[idx]; 3161 if (skb_queue_empty(&entry->skb_list) || entry->seq != seq || 3162 entry->rx_queue != rx_queue || 3163 entry->last_frag + 1 != frag) 3164 continue; 3165 3166 f_hdr = (struct ieee80211_hdr *) entry->skb_list.next->data; 3167 f_fc = le16_to_cpu(f_hdr->frame_control); 3168 3169 if ((fc & IEEE80211_FCTL_FTYPE) != (f_fc & IEEE80211_FCTL_FTYPE) || 3170 compare_ether_addr(hdr->addr1, f_hdr->addr1) != 0 || 3171 compare_ether_addr(hdr->addr2, f_hdr->addr2) != 0) 3172 continue; 3173 3174 if (entry->first_frag_time + 2 * HZ < jiffies) { 3175 __skb_queue_purge(&entry->skb_list); 3176 continue; 3177 } 3178 return entry; 3179 } 3180 3181 return NULL; 3182} 3183 3184 3185static ieee80211_txrx_result 3186ieee80211_rx_h_defragment(struct ieee80211_txrx_data *rx) 3187{ 3188 struct ieee80211_hdr *hdr; 3189 u16 sc; 3190 unsigned int frag, seq; 3191 struct ieee80211_fragment_entry *entry; 3192 struct sk_buff *skb; 3193 3194 hdr = (struct ieee80211_hdr *) rx->skb->data; 3195 sc = le16_to_cpu(hdr->seq_ctrl); 3196 frag = sc & IEEE80211_SCTL_FRAG; 3197 3198 if (likely((!(rx->fc & IEEE80211_FCTL_MOREFRAGS) && frag == 0) || 3199 (rx->skb)->len < 24 || 3200 is_multicast_ether_addr(hdr->addr1))) { 3201 /* not fragmented */ 3202 goto out; 3203 } 3204 I802_DEBUG_INC(rx->local->rx_handlers_fragments); 3205 3206 seq = (sc & IEEE80211_SCTL_SEQ) >> 4; 3207 3208 if (frag == 0) { 3209 /* This is the first fragment of a new frame. */ 3210 entry = ieee80211_reassemble_add(rx->sdata, frag, seq, 3211 rx->u.rx.queue, &(rx->skb)); 3212 if (rx->key && rx->key->alg == ALG_CCMP && 3213 (rx->fc & IEEE80211_FCTL_PROTECTED)) { 3214 /* Store CCMP PN so that we can verify that the next 3215 * fragment has a sequential PN value. */ 3216 entry->ccmp = 1; 3217 memcpy(entry->last_pn, 3218 rx->key->u.ccmp.rx_pn[rx->u.rx.queue], 3219 CCMP_PN_LEN); 3220 } 3221 return TXRX_QUEUED; 3222 } 3223 3224 /* This is a fragment for a frame that should already be pending in 3225 * fragment cache. Add this fragment to the end of the pending entry. 3226 */ 3227 entry = ieee80211_reassemble_find(rx->sdata, rx->fc, frag, seq, 3228 rx->u.rx.queue, hdr); 3229 if (!entry) { 3230 I802_DEBUG_INC(rx->local->rx_handlers_drop_defrag); 3231 return TXRX_DROP; 3232 } 3233 3234 /* Verify that MPDUs within one MSDU have sequential PN values. 3235 * (IEEE 802.11i, 8.3.3.4.5) */ 3236 if (entry->ccmp) { 3237 int i; 3238 u8 pn[CCMP_PN_LEN], *rpn; 3239 if (!rx->key || rx->key->alg != ALG_CCMP) 3240 return TXRX_DROP; 3241 memcpy(pn, entry->last_pn, CCMP_PN_LEN); 3242 for (i = CCMP_PN_LEN - 1; i >= 0; i--) { 3243 pn[i]++; 3244 if (pn[i]) 3245 break; 3246 } 3247 rpn = rx->key->u.ccmp.rx_pn[rx->u.rx.queue]; 3248 if (memcmp(pn, rpn, CCMP_PN_LEN) != 0) { 3249 printk(KERN_DEBUG "%s: defrag: CCMP PN not sequential" 3250 " A2=" MAC_FMT " PN=%02x%02x%02x%02x%02x%02x " 3251 "(expected %02x%02x%02x%02x%02x%02x)\n", 3252 rx->dev->name, MAC_ARG(hdr->addr2), 3253 rpn[0], rpn[1], rpn[2], rpn[3], rpn[4], rpn[5], 3254 pn[0], pn[1], pn[2], pn[3], pn[4], pn[5]); 3255 return TXRX_DROP; 3256 } 3257 memcpy(entry->last_pn, pn, CCMP_PN_LEN); 3258 } 3259 3260 skb_pull(rx->skb, ieee80211_get_hdrlen(rx->fc)); 3261 __skb_queue_tail(&entry->skb_list, rx->skb); 3262 entry->last_frag = frag; 3263 entry->extra_len += rx->skb->len; 3264 if (rx->fc & IEEE80211_FCTL_MOREFRAGS) { 3265 rx->skb = NULL; 3266 return TXRX_QUEUED; 3267 } 3268 3269 rx->skb = __skb_dequeue(&entry->skb_list); 3270 if (skb_tailroom(rx->skb) < entry->extra_len) { 3271 I802_DEBUG_INC(rx->local->rx_expand_skb_head2); 3272 if (unlikely(pskb_expand_head(rx->skb, 0, entry->extra_len, 3273 GFP_ATOMIC))) { 3274 I802_DEBUG_INC(rx->local->rx_handlers_drop_defrag); 3275 __skb_queue_purge(&entry->skb_list); 3276 return TXRX_DROP; 3277 } 3278 } 3279 while ((skb = __skb_dequeue(&entry->skb_list))) { 3280 memcpy(skb_put(rx->skb, skb->len), skb->data, skb->len); 3281 dev_kfree_skb(skb); 3282 } 3283 3284 /* Complete frame has been reassembled - process it now */ 3285 rx->fragmented = 1; 3286 3287 out: 3288 if (rx->sta) 3289 rx->sta->rx_packets++; 3290 if (is_multicast_ether_addr(hdr->addr1)) 3291 rx->local->dot11MulticastReceivedFrameCount++; 3292 else 3293 ieee80211_led_rx(rx->local); 3294 return TXRX_CONTINUE; 3295} 3296 3297 3298static ieee80211_txrx_result 3299ieee80211_rx_h_monitor(struct ieee80211_txrx_data *rx) 3300{ 3301 if (rx->sdata->type == IEEE80211_IF_TYPE_MNTR) { 3302 ieee80211_rx_monitor(rx->dev, rx->skb, rx->u.rx.status); 3303 return TXRX_QUEUED; 3304 } 3305 3306 if (rx->u.rx.status->flag & RX_FLAG_RADIOTAP) 3307 skb_pull(rx->skb, ieee80211_get_radiotap_len(rx->skb)); 3308 3309 return TXRX_CONTINUE; 3310} 3311 3312 3313static ieee80211_txrx_result 3314ieee80211_rx_h_check(struct ieee80211_txrx_data *rx) 3315{ 3316 struct ieee80211_hdr *hdr; 3317 int always_sta_key; 3318 hdr = (struct ieee80211_hdr *) rx->skb->data; 3319 3320 /* Drop duplicate 802.11 retransmissions (IEEE 802.11 Chap. 9.2.9) */ 3321 if (rx->sta && !is_multicast_ether_addr(hdr->addr1)) { 3322 if (unlikely(rx->fc & IEEE80211_FCTL_RETRY && 3323 rx->sta->last_seq_ctrl[rx->u.rx.queue] == 3324 hdr->seq_ctrl)) { 3325 if (rx->u.rx.ra_match) { 3326 rx->local->dot11FrameDuplicateCount++; 3327 rx->sta->num_duplicates++; 3328 } 3329 return TXRX_DROP; 3330 } else 3331 rx->sta->last_seq_ctrl[rx->u.rx.queue] = hdr->seq_ctrl; 3332 } 3333 3334 if ((rx->local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS) && 3335 rx->skb->len > FCS_LEN) 3336 skb_trim(rx->skb, rx->skb->len - FCS_LEN); 3337 3338 if (unlikely(rx->skb->len < 16)) { 3339 I802_DEBUG_INC(rx->local->rx_handlers_drop_short); 3340 return TXRX_DROP; 3341 } 3342 3343 if (!rx->u.rx.ra_match) 3344 rx->skb->pkt_type = PACKET_OTHERHOST; 3345 else if (compare_ether_addr(rx->dev->dev_addr, hdr->addr1) == 0) 3346 rx->skb->pkt_type = PACKET_HOST; 3347 else if (is_multicast_ether_addr(hdr->addr1)) { 3348 if (is_broadcast_ether_addr(hdr->addr1)) 3349 rx->skb->pkt_type = PACKET_BROADCAST; 3350 else 3351 rx->skb->pkt_type = PACKET_MULTICAST; 3352 } else 3353 rx->skb->pkt_type = PACKET_OTHERHOST; 3354 3355 /* Drop disallowed frame classes based on STA auth/assoc state; 3356 * IEEE 802.11, Chap 5.5. 3357 * 3358 * 80211.o does filtering only based on association state, i.e., it 3359 * drops Class 3 frames from not associated stations. hostapd sends 3360 * deauth/disassoc frames when needed. In addition, hostapd is 3361 * responsible for filtering on both auth and assoc states. 3362 */ 3363 if (unlikely(((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA || 3364 ((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_CTL && 3365 (rx->fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_PSPOLL)) && 3366 rx->sdata->type != IEEE80211_IF_TYPE_IBSS && 3367 (!rx->sta || !(rx->sta->flags & WLAN_STA_ASSOC)))) { 3368 if ((!(rx->fc & IEEE80211_FCTL_FROMDS) && 3369 !(rx->fc & IEEE80211_FCTL_TODS) && 3370 (rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA) 3371 || !rx->u.rx.ra_match) { 3372 /* Drop IBSS frames and frames for other hosts 3373 * silently. */ 3374 return TXRX_DROP; 3375 } 3376 3377 if (!rx->local->apdev) 3378 return TXRX_DROP; 3379 3380 ieee80211_rx_mgmt(rx->local, rx->skb, rx->u.rx.status, 3381 ieee80211_msg_sta_not_assoc); 3382 return TXRX_QUEUED; 3383 } 3384 3385 if (rx->sdata->type == IEEE80211_IF_TYPE_STA) 3386 always_sta_key = 0; 3387 else 3388 always_sta_key = 1; 3389 3390 if (rx->sta && rx->sta->key && always_sta_key) { 3391 rx->key = rx->sta->key; 3392 } else { 3393 if (rx->sta && rx->sta->key) 3394 rx->key = rx->sta->key; 3395 else 3396 rx->key = rx->sdata->default_key; 3397 3398 if ((rx->local->hw.flags & IEEE80211_HW_WEP_INCLUDE_IV) && 3399 rx->fc & IEEE80211_FCTL_PROTECTED) { 3400 int keyidx = ieee80211_wep_get_keyidx(rx->skb); 3401 3402 if (keyidx >= 0 && keyidx < NUM_DEFAULT_KEYS && 3403 (!rx->sta || !rx->sta->key || keyidx > 0)) 3404 rx->key = rx->sdata->keys[keyidx]; 3405 3406 if (!rx->key) { 3407 if (!rx->u.rx.ra_match) 3408 return TXRX_DROP; 3409 printk(KERN_DEBUG "%s: RX WEP frame with " 3410 "unknown keyidx %d (A1=" MAC_FMT " A2=" 3411 MAC_FMT " A3=" MAC_FMT ")\n", 3412 rx->dev->name, keyidx, 3413 MAC_ARG(hdr->addr1), 3414 MAC_ARG(hdr->addr2), 3415 MAC_ARG(hdr->addr3)); 3416 if (!rx->local->apdev) 3417 return TXRX_DROP; 3418 ieee80211_rx_mgmt( 3419 rx->local, rx->skb, rx->u.rx.status, 3420 ieee80211_msg_wep_frame_unknown_key); 3421 return TXRX_QUEUED; 3422 } 3423 } 3424 } 3425 3426 if (rx->fc & IEEE80211_FCTL_PROTECTED && rx->key && rx->u.rx.ra_match) { 3427 rx->key->tx_rx_count++; 3428 if (unlikely(rx->local->key_tx_rx_threshold && 3429 rx->key->tx_rx_count > 3430 rx->local->key_tx_rx_threshold)) { 3431 ieee80211_key_threshold_notify(rx->dev, rx->key, 3432 rx->sta); 3433 } 3434 } 3435 3436 return TXRX_CONTINUE; 3437} 3438 3439 3440static ieee80211_txrx_result 3441ieee80211_rx_h_sta_process(struct ieee80211_txrx_data *rx) 3442{ 3443 struct sta_info *sta = rx->sta; 3444 struct net_device *dev = rx->dev; 3445 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data; 3446 3447 if (!sta) 3448 return TXRX_CONTINUE; 3449 3450 /* Update last_rx only for IBSS packets which are for the current 3451 * BSSID to avoid keeping the current IBSS network alive in cases where 3452 * other STAs are using different BSSID. */ 3453 if (rx->sdata->type == IEEE80211_IF_TYPE_IBSS) { 3454 u8 *bssid = ieee80211_get_bssid(hdr, rx->skb->len); 3455 if (compare_ether_addr(bssid, rx->sdata->u.sta.bssid) == 0) 3456 sta->last_rx = jiffies; 3457 } else 3458 if (!is_multicast_ether_addr(hdr->addr1) || 3459 rx->sdata->type == IEEE80211_IF_TYPE_STA) { 3460 /* Update last_rx only for unicast frames in order to prevent 3461 * the Probe Request frames (the only broadcast frames from a 3462 * STA in infrastructure mode) from keeping a connection alive. 3463 */ 3464 sta->last_rx = jiffies; 3465 } 3466 3467 if (!rx->u.rx.ra_match) 3468 return TXRX_CONTINUE; 3469 3470 sta->rx_fragments++; 3471 sta->rx_bytes += rx->skb->len; 3472 sta->last_rssi = (sta->last_rssi * 15 + 3473 rx->u.rx.status->ssi) / 16; 3474 sta->last_signal = (sta->last_signal * 15 + 3475 rx->u.rx.status->signal) / 16; 3476 sta->last_noise = (sta->last_noise * 15 + 3477 rx->u.rx.status->noise) / 16; 3478 3479 if (!(rx->fc & IEEE80211_FCTL_MOREFRAGS)) { 3480 /* Change STA power saving mode only in the end of a frame 3481 * exchange sequence */ 3482 if ((sta->flags & WLAN_STA_PS) && !(rx->fc & IEEE80211_FCTL_PM)) 3483 rx->u.rx.sent_ps_buffered += ap_sta_ps_end(dev, sta); 3484 else if (!(sta->flags & WLAN_STA_PS) && 3485 (rx->fc & IEEE80211_FCTL_PM)) 3486 ap_sta_ps_start(dev, sta); 3487 } 3488 3489 /* Drop data::nullfunc frames silently, since they are used only to 3490 * control station power saving mode. */ 3491 if ((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA && 3492 (rx->fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_NULLFUNC) { 3493 I802_DEBUG_INC(rx->local->rx_handlers_drop_nullfunc); 3494 /* Update counter and free packet here to avoid counting this 3495 * as a dropped packed. */ 3496 sta->rx_packets++; 3497 dev_kfree_skb(rx->skb); 3498 return TXRX_QUEUED; 3499 } 3500 3501 return TXRX_CONTINUE; 3502} /* ieee80211_rx_h_sta_process */ 3503 3504 3505static ieee80211_txrx_result 3506ieee80211_rx_h_wep_weak_iv_detection(struct ieee80211_txrx_data *rx) 3507{ 3508 if (!rx->sta || !(rx->fc & IEEE80211_FCTL_PROTECTED) || 3509 (rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA || 3510 !rx->key || rx->key->alg != ALG_WEP || !rx->u.rx.ra_match) 3511 return TXRX_CONTINUE; 3512 3513 /* Check for weak IVs, if hwaccel did not remove IV from the frame */ 3514 if ((rx->local->hw.flags & IEEE80211_HW_WEP_INCLUDE_IV) || 3515 rx->key->force_sw_encrypt) { 3516 u8 *iv = ieee80211_wep_is_weak_iv(rx->skb, rx->key); 3517 if (iv) { 3518 rx->sta->wep_weak_iv_count++; 3519 } 3520 } 3521 3522 return TXRX_CONTINUE; 3523} 3524 3525 3526static ieee80211_txrx_result 3527ieee80211_rx_h_wep_decrypt(struct ieee80211_txrx_data *rx) 3528{ 3529 /* If the device handles decryption totally, skip this test */ 3530 if (rx->local->hw.flags & IEEE80211_HW_DEVICE_HIDES_WEP) 3531 return TXRX_CONTINUE; 3532 3533 if ((rx->key && rx->key->alg != ALG_WEP) || 3534 !(rx->fc & IEEE80211_FCTL_PROTECTED) || 3535 ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA && 3536 ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT || 3537 (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_AUTH))) 3538 return TXRX_CONTINUE; 3539 3540 if (!rx->key) { 3541 printk(KERN_DEBUG "%s: RX WEP frame, but no key set\n", 3542 rx->dev->name); 3543 return TXRX_DROP; 3544 } 3545 3546 if (!(rx->u.rx.status->flag & RX_FLAG_DECRYPTED) || 3547 rx->key->force_sw_encrypt) { 3548 if (ieee80211_wep_decrypt(rx->local, rx->skb, rx->key)) { 3549 printk(KERN_DEBUG "%s: RX WEP frame, decrypt " 3550 "failed\n", rx->dev->name); 3551 return TXRX_DROP; 3552 } 3553 } else if (rx->local->hw.flags & IEEE80211_HW_WEP_INCLUDE_IV) { 3554 ieee80211_wep_remove_iv(rx->local, rx->skb, rx->key); 3555 /* remove ICV */ 3556 skb_trim(rx->skb, rx->skb->len - 4); 3557 } 3558 3559 return TXRX_CONTINUE; 3560} 3561 3562 3563static ieee80211_txrx_result 3564ieee80211_rx_h_802_1x_pae(struct ieee80211_txrx_data *rx) 3565{ 3566 if (rx->sdata->eapol && ieee80211_is_eapol(rx->skb) && 3567 rx->sdata->type != IEEE80211_IF_TYPE_STA && rx->u.rx.ra_match) { 3568 /* Pass both encrypted and unencrypted EAPOL frames to user 3569 * space for processing. */ 3570 if (!rx->local->apdev) 3571 return TXRX_DROP; 3572 ieee80211_rx_mgmt(rx->local, rx->skb, rx->u.rx.status, 3573 ieee80211_msg_normal); 3574 return TXRX_QUEUED; 3575 } 3576 3577 if (unlikely(rx->sdata->ieee802_1x && 3578 (rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA && 3579 (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_NULLFUNC && 3580 (!rx->sta || !(rx->sta->flags & WLAN_STA_AUTHORIZED)) && 3581 !ieee80211_is_eapol(rx->skb))) { 3582#ifdef CONFIG_MAC80211_DEBUG 3583 struct ieee80211_hdr *hdr = 3584 (struct ieee80211_hdr *) rx->skb->data; 3585 printk(KERN_DEBUG "%s: dropped frame from " MAC_FMT 3586 " (unauthorized port)\n", rx->dev->name, 3587 MAC_ARG(hdr->addr2)); 3588#endif /* CONFIG_MAC80211_DEBUG */ 3589 return TXRX_DROP; 3590 } 3591 3592 return TXRX_CONTINUE; 3593} 3594 3595 3596static ieee80211_txrx_result 3597ieee80211_rx_h_drop_unencrypted(struct ieee80211_txrx_data *rx) 3598{ 3599 /* If the device handles decryption totally, skip this test */ 3600 if (rx->local->hw.flags & IEEE80211_HW_DEVICE_HIDES_WEP) 3601 return TXRX_CONTINUE; 3602 3603 /* Drop unencrypted frames if key is set. */ 3604 if (unlikely(!(rx->fc & IEEE80211_FCTL_PROTECTED) && 3605 (rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA && 3606 (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_NULLFUNC && 3607 (rx->key || rx->sdata->drop_unencrypted) && 3608 (rx->sdata->eapol == 0 || 3609 !ieee80211_is_eapol(rx->skb)))) { 3610 printk(KERN_DEBUG "%s: RX non-WEP frame, but expected " 3611 "encryption\n", rx->dev->name); 3612 return TXRX_DROP; 3613 } 3614 return TXRX_CONTINUE; 3615} 3616 3617 3618static ieee80211_txrx_result 3619ieee80211_rx_h_mgmt(struct ieee80211_txrx_data *rx) 3620{ 3621 struct ieee80211_sub_if_data *sdata; 3622 3623 if (!rx->u.rx.ra_match) 3624 return TXRX_DROP; 3625 3626 sdata = IEEE80211_DEV_TO_SUB_IF(rx->dev); 3627 if ((sdata->type == IEEE80211_IF_TYPE_STA || 3628 sdata->type == IEEE80211_IF_TYPE_IBSS) && 3629 !rx->local->user_space_mlme) { 3630 ieee80211_sta_rx_mgmt(rx->dev, rx->skb, rx->u.rx.status); 3631 } else { 3632 /* Management frames are sent to hostapd for processing */ 3633 if (!rx->local->apdev) 3634 return TXRX_DROP; 3635 ieee80211_rx_mgmt(rx->local, rx->skb, rx->u.rx.status, 3636 ieee80211_msg_normal); 3637 } 3638 return TXRX_QUEUED; 3639} 3640 3641 3642static ieee80211_txrx_result 3643ieee80211_rx_h_passive_scan(struct ieee80211_txrx_data *rx) 3644{ 3645 struct ieee80211_local *local = rx->local; 3646 struct sk_buff *skb = rx->skb; 3647 3648 if (unlikely(local->sta_scanning != 0)) { 3649 ieee80211_sta_rx_scan(rx->dev, skb, rx->u.rx.status); 3650 return TXRX_QUEUED; 3651 } 3652 3653 if (unlikely(rx->u.rx.in_scan)) { 3654 /* scanning finished during invoking of handlers */ 3655 I802_DEBUG_INC(local->rx_handlers_drop_passive_scan); 3656 return TXRX_DROP; 3657 } 3658 3659 return TXRX_CONTINUE; 3660} 3661 3662 3663static void ieee80211_rx_michael_mic_report(struct net_device *dev, 3664 struct ieee80211_hdr *hdr, 3665 struct sta_info *sta, 3666 struct ieee80211_txrx_data *rx) 3667{ 3668 int keyidx, hdrlen; 3669 3670 hdrlen = ieee80211_get_hdrlen_from_skb(rx->skb); 3671 if (rx->skb->len >= hdrlen + 4) 3672 keyidx = rx->skb->data[hdrlen + 3] >> 6; 3673 else 3674 keyidx = -1; 3675 3676 /* TODO: verify that this is not triggered by fragmented 3677 * frames (hw does not verify MIC for them). */ 3678 printk(KERN_DEBUG "%s: TKIP hwaccel reported Michael MIC " 3679 "failure from " MAC_FMT " to " MAC_FMT " keyidx=%d\n", 3680 dev->name, MAC_ARG(hdr->addr2), MAC_ARG(hdr->addr1), keyidx); 3681 3682 if (!sta) { 3683 /* Some hardware versions seem to generate incorrect 3684 * Michael MIC reports; ignore them to avoid triggering 3685 * countermeasures. */ 3686 printk(KERN_DEBUG "%s: ignored spurious Michael MIC " 3687 "error for unknown address " MAC_FMT "\n", 3688 dev->name, MAC_ARG(hdr->addr2)); 3689 goto ignore; 3690 } 3691 3692 if (!(rx->fc & IEEE80211_FCTL_PROTECTED)) { 3693 printk(KERN_DEBUG "%s: ignored spurious Michael MIC " 3694 "error for a frame with no ISWEP flag (src " 3695 MAC_FMT ")\n", dev->name, MAC_ARG(hdr->addr2)); 3696 goto ignore; 3697 } 3698 3699 if ((rx->local->hw.flags & IEEE80211_HW_WEP_INCLUDE_IV) && 3700 rx->sdata->type == IEEE80211_IF_TYPE_AP) { 3701 keyidx = ieee80211_wep_get_keyidx(rx->skb); 3702 /* AP with Pairwise keys support should never receive Michael 3703 * MIC errors for non-zero keyidx because these are reserved 3704 * for group keys and only the AP is sending real multicast 3705 * frames in BSS. */ 3706 if (keyidx) { 3707 printk(KERN_DEBUG "%s: ignored Michael MIC error for " 3708 "a frame with non-zero keyidx (%d) (src " MAC_FMT 3709 ")\n", dev->name, keyidx, MAC_ARG(hdr->addr2)); 3710 goto ignore; 3711 } 3712 } 3713 3714 if ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA && 3715 ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT || 3716 (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_AUTH)) { 3717 printk(KERN_DEBUG "%s: ignored spurious Michael MIC " 3718 "error for a frame that cannot be encrypted " 3719 "(fc=0x%04x) (src " MAC_FMT ")\n", 3720 dev->name, rx->fc, MAC_ARG(hdr->addr2)); 3721 goto ignore; 3722 } 3723 3724 do { 3725 union iwreq_data wrqu; 3726 char *buf = kmalloc(128, GFP_ATOMIC); 3727 if (!buf) 3728 break; 3729 3730 /* TODO: needed parameters: count, key type, TSC */ 3731 sprintf(buf, "MLME-MICHAELMICFAILURE.indication(" 3732 "keyid=%d %scast addr=" MAC_FMT ")", 3733 keyidx, hdr->addr1[0] & 0x01 ? "broad" : "uni", 3734 MAC_ARG(hdr->addr2)); 3735 memset(&wrqu, 0, sizeof(wrqu)); 3736 wrqu.data.length = strlen(buf); 3737 wireless_send_event(rx->dev, IWEVCUSTOM, &wrqu, buf); 3738 kfree(buf); 3739 } while (0); 3740 3741 /* TODO: consider verifying the MIC error report with software 3742 * implementation if we get too many spurious reports from the 3743 * hardware. */ 3744 if (!rx->local->apdev) 3745 goto ignore; 3746 ieee80211_rx_mgmt(rx->local, rx->skb, rx->u.rx.status, 3747 ieee80211_msg_michael_mic_failure); 3748 return; 3749 3750 ignore: 3751 dev_kfree_skb(rx->skb); 3752 rx->skb = NULL; 3753} 3754 3755static inline ieee80211_txrx_result __ieee80211_invoke_rx_handlers( 3756 struct ieee80211_local *local, 3757 ieee80211_rx_handler *handlers, 3758 struct ieee80211_txrx_data *rx, 3759 struct sta_info *sta) 3760{ 3761 ieee80211_rx_handler *handler; 3762 ieee80211_txrx_result res = TXRX_DROP; 3763 3764 for (handler = handlers; *handler != NULL; handler++) { 3765 res = (*handler)(rx); 3766 if (res != TXRX_CONTINUE) { 3767 if (res == TXRX_DROP) { 3768 I802_DEBUG_INC(local->rx_handlers_drop); 3769 if (sta) 3770 sta->rx_dropped++; 3771 } 3772 if (res == TXRX_QUEUED) 3773 I802_DEBUG_INC(local->rx_handlers_queued); 3774 break; 3775 } 3776 } 3777 3778 if (res == TXRX_DROP) { 3779 dev_kfree_skb(rx->skb); 3780 } 3781 return res; 3782} 3783 3784static inline void ieee80211_invoke_rx_handlers(struct ieee80211_local *local, 3785 ieee80211_rx_handler *handlers, 3786 struct ieee80211_txrx_data *rx, 3787 struct sta_info *sta) 3788{ 3789 if (__ieee80211_invoke_rx_handlers(local, handlers, rx, sta) == 3790 TXRX_CONTINUE) 3791 dev_kfree_skb(rx->skb); 3792} 3793 3794/* 3795 * This is the receive path handler. It is called by a low level driver when an 3796 * 802.11 MPDU is received from the hardware. 3797 */ 3798void __ieee80211_rx(struct ieee80211_hw *hw, struct sk_buff *skb, 3799 struct ieee80211_rx_status *status) 3800{ 3801 struct ieee80211_local *local = hw_to_local(hw); 3802 struct ieee80211_sub_if_data *sdata; 3803 struct sta_info *sta; 3804 struct ieee80211_hdr *hdr; 3805 struct ieee80211_txrx_data rx; 3806 u16 type; 3807 int multicast; 3808 int radiotap_len = 0; 3809 3810 if (status->flag & RX_FLAG_RADIOTAP) { 3811 radiotap_len = ieee80211_get_radiotap_len(skb); 3812 skb_pull(skb, radiotap_len); 3813 } 3814 3815 hdr = (struct ieee80211_hdr *) skb->data; 3816 memset(&rx, 0, sizeof(rx)); 3817 rx.skb = skb; 3818 rx.local = local; 3819 3820 rx.u.rx.status = status; 3821 rx.fc = skb->len >= 2 ? le16_to_cpu(hdr->frame_control) : 0; 3822 type = rx.fc & IEEE80211_FCTL_FTYPE; 3823 if (type == IEEE80211_FTYPE_DATA || type == IEEE80211_FTYPE_MGMT) 3824 local->dot11ReceivedFragmentCount++; 3825 multicast = is_multicast_ether_addr(hdr->addr1); 3826 3827 if (skb->len >= 16) 3828 sta = rx.sta = sta_info_get(local, hdr->addr2); 3829 else 3830 sta = rx.sta = NULL; 3831 3832 if (sta) { 3833 rx.dev = sta->dev; 3834 rx.sdata = IEEE80211_DEV_TO_SUB_IF(rx.dev); 3835 } 3836 3837 if ((status->flag & RX_FLAG_MMIC_ERROR)) { 3838 ieee80211_rx_michael_mic_report(local->mdev, hdr, sta, &rx); 3839 goto end; 3840 } 3841 3842 if (unlikely(local->sta_scanning)) 3843 rx.u.rx.in_scan = 1; 3844 3845 if (__ieee80211_invoke_rx_handlers(local, local->rx_pre_handlers, &rx, 3846 sta) != TXRX_CONTINUE) 3847 goto end; 3848 skb = rx.skb; 3849 3850 skb_push(skb, radiotap_len); 3851 if (sta && !sta->assoc_ap && !(sta->flags & WLAN_STA_WDS) && 3852 !local->iff_promiscs && !multicast) { 3853 rx.u.rx.ra_match = 1; 3854 ieee80211_invoke_rx_handlers(local, local->rx_handlers, &rx, 3855 sta); 3856 } else { 3857 struct ieee80211_sub_if_data *prev = NULL; 3858 struct sk_buff *skb_new; 3859 u8 *bssid = ieee80211_get_bssid(hdr, skb->len - radiotap_len); 3860 3861 read_lock(&local->sub_if_lock); 3862 list_for_each_entry(sdata, &local->sub_if_list, list) { 3863 rx.u.rx.ra_match = 1; 3864 switch (sdata->type) { 3865 case IEEE80211_IF_TYPE_STA: 3866 if (!bssid) 3867 continue; 3868 if (!ieee80211_bssid_match(bssid, 3869 sdata->u.sta.bssid)) { 3870 if (!rx.u.rx.in_scan) 3871 continue; 3872 rx.u.rx.ra_match = 0; 3873 } else if (!multicast && 3874 compare_ether_addr(sdata->dev->dev_addr, 3875 hdr->addr1) != 0) { 3876 if (!sdata->promisc) 3877 continue; 3878 rx.u.rx.ra_match = 0; 3879 } 3880 break; 3881 case IEEE80211_IF_TYPE_IBSS: 3882 if (!bssid) 3883 continue; 3884 if (!ieee80211_bssid_match(bssid, 3885 sdata->u.sta.bssid)) { 3886 if (!rx.u.rx.in_scan) 3887 continue; 3888 rx.u.rx.ra_match = 0; 3889 } else if (!multicast && 3890 compare_ether_addr(sdata->dev->dev_addr, 3891 hdr->addr1) != 0) { 3892 if (!sdata->promisc) 3893 continue; 3894 rx.u.rx.ra_match = 0; 3895 } else if (!sta) 3896 sta = rx.sta = 3897 ieee80211_ibss_add_sta(sdata->dev, 3898 skb, bssid, 3899 hdr->addr2); 3900 break; 3901 case IEEE80211_IF_TYPE_AP: 3902 if (!bssid) { 3903 if (compare_ether_addr(sdata->dev->dev_addr, 3904 hdr->addr1) != 0) 3905 continue; 3906 } else if (!ieee80211_bssid_match(bssid, 3907 sdata->dev->dev_addr)) { 3908 if (!rx.u.rx.in_scan) 3909 continue; 3910 rx.u.rx.ra_match = 0; 3911 } 3912 if (sdata->dev == local->mdev && 3913 !rx.u.rx.in_scan) 3914 /* do not receive anything via 3915 * master device when not scanning */ 3916 continue; 3917 break; 3918 case IEEE80211_IF_TYPE_WDS: 3919 if (bssid || 3920 (rx.fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA) 3921 continue; 3922 if (compare_ether_addr(sdata->u.wds.remote_addr, 3923 hdr->addr2) != 0) 3924 continue; 3925 break; 3926 } 3927 3928 if (prev) { 3929 skb_new = skb_copy(skb, GFP_ATOMIC); 3930 if (!skb_new) { 3931 if (net_ratelimit()) 3932 printk(KERN_DEBUG "%s: failed to copy " 3933 "multicast frame for %s", 3934 local->mdev->name, prev->dev->name); 3935 continue; 3936 } 3937 rx.skb = skb_new; 3938 rx.dev = prev->dev; 3939 rx.sdata = prev; 3940 ieee80211_invoke_rx_handlers(local, 3941 local->rx_handlers, 3942 &rx, sta); 3943 } 3944 prev = sdata; 3945 } 3946 if (prev) { 3947 rx.skb = skb; 3948 rx.dev = prev->dev; 3949 rx.sdata = prev; 3950 ieee80211_invoke_rx_handlers(local, local->rx_handlers, 3951 &rx, sta); 3952 } else 3953 dev_kfree_skb(skb); 3954 read_unlock(&local->sub_if_lock); 3955 } 3956 3957 end: 3958 if (sta) 3959 sta_info_put(sta); 3960} 3961EXPORT_SYMBOL(__ieee80211_rx); 3962 3963static ieee80211_txrx_result 3964ieee80211_tx_h_load_stats(struct ieee80211_txrx_data *tx) 3965{ 3966 struct ieee80211_local *local = tx->local; 3967 struct ieee80211_hw_mode *mode = tx->u.tx.mode; 3968 struct sk_buff *skb = tx->skb; 3969 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 3970 u32 load = 0, hdrtime; 3971 3972 /* TODO: this could be part of tx_status handling, so that the number 3973 * of retries would be known; TX rate should in that case be stored 3974 * somewhere with the packet */ 3975 3976 /* Estimate total channel use caused by this frame */ 3977 3978 /* 1 bit at 1 Mbit/s takes 1 usec; in channel_use values, 3979 * 1 usec = 1/8 * (1080 / 10) = 13.5 */ 3980 3981 if (mode->mode == MODE_IEEE80211A || 3982 mode->mode == MODE_ATHEROS_TURBO || 3983 mode->mode == MODE_ATHEROS_TURBOG || 3984 (mode->mode == MODE_IEEE80211G && 3985 tx->u.tx.rate->flags & IEEE80211_RATE_ERP)) 3986 hdrtime = CHAN_UTIL_HDR_SHORT; 3987 else 3988 hdrtime = CHAN_UTIL_HDR_LONG; 3989 3990 load = hdrtime; 3991 if (!is_multicast_ether_addr(hdr->addr1)) 3992 load += hdrtime; 3993 3994 if (tx->u.tx.control->flags & IEEE80211_TXCTL_USE_RTS_CTS) 3995 load += 2 * hdrtime; 3996 else if (tx->u.tx.control->flags & IEEE80211_TXCTL_USE_CTS_PROTECT) 3997 load += hdrtime; 3998 3999 load += skb->len * tx->u.tx.rate->rate_inv; 4000 4001 if (tx->u.tx.extra_frag) { 4002 int i; 4003 for (i = 0; i < tx->u.tx.num_extra_frag; i++) { 4004 load += 2 * hdrtime; 4005 load += tx->u.tx.extra_frag[i]->len * 4006 tx->u.tx.rate->rate; 4007 } 4008 } 4009 4010 /* Divide channel_use by 8 to avoid wrapping around the counter */ 4011 load >>= CHAN_UTIL_SHIFT; 4012 local->channel_use_raw += load; 4013 if (tx->sta) 4014 tx->sta->channel_use_raw += load; 4015 tx->sdata->channel_use_raw += load; 4016 4017 return TXRX_CONTINUE; 4018} 4019 4020 4021static ieee80211_txrx_result 4022ieee80211_rx_h_load_stats(struct ieee80211_txrx_data *rx) 4023{ 4024 struct ieee80211_local *local = rx->local; 4025 struct sk_buff *skb = rx->skb; 4026 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 4027 u32 load = 0, hdrtime; 4028 struct ieee80211_rate *rate; 4029 struct ieee80211_hw_mode *mode = local->hw.conf.mode; 4030 int i; 4031 4032 /* Estimate total channel use caused by this frame */ 4033 4034 if (unlikely(mode->num_rates < 0)) 4035 return TXRX_CONTINUE; 4036 4037 rate = &mode->rates[0]; 4038 for (i = 0; i < mode->num_rates; i++) { 4039 if (mode->rates[i].val == rx->u.rx.status->rate) { 4040 rate = &mode->rates[i]; 4041 break; 4042 } 4043 } 4044 4045 /* 1 bit at 1 Mbit/s takes 1 usec; in channel_use values, 4046 * 1 usec = 1/8 * (1080 / 10) = 13.5 */ 4047 4048 if (mode->mode == MODE_IEEE80211A || 4049 mode->mode == MODE_ATHEROS_TURBO || 4050 mode->mode == MODE_ATHEROS_TURBOG || 4051 (mode->mode == MODE_IEEE80211G && 4052 rate->flags & IEEE80211_RATE_ERP)) 4053 hdrtime = CHAN_UTIL_HDR_SHORT; 4054 else 4055 hdrtime = CHAN_UTIL_HDR_LONG; 4056 4057 load = hdrtime; 4058 if (!is_multicast_ether_addr(hdr->addr1)) 4059 load += hdrtime; 4060 4061 load += skb->len * rate->rate_inv; 4062 4063 /* Divide channel_use by 8 to avoid wrapping around the counter */ 4064 load >>= CHAN_UTIL_SHIFT; 4065 local->channel_use_raw += load; 4066 if (rx->sta) 4067 rx->sta->channel_use_raw += load; 4068 rx->u.rx.load = load; 4069 4070 return TXRX_CONTINUE; 4071} 4072 4073static ieee80211_txrx_result 4074ieee80211_rx_h_if_stats(struct ieee80211_txrx_data *rx) 4075{ 4076 rx->sdata->channel_use_raw += rx->u.rx.load; 4077 return TXRX_CONTINUE; 4078} 4079 4080static void ieee80211_stat_refresh(unsigned long data) 4081{ 4082 struct ieee80211_local *local = (struct ieee80211_local *) data; 4083 struct sta_info *sta; 4084 struct ieee80211_sub_if_data *sdata; 4085 4086 if (!local->stat_time) 4087 return; 4088 4089 /* go through all stations */ 4090 spin_lock_bh(&local->sta_lock); 4091 list_for_each_entry(sta, &local->sta_list, list) { 4092 sta->channel_use = (sta->channel_use_raw / local->stat_time) / 4093 CHAN_UTIL_PER_10MS; 4094 sta->channel_use_raw = 0; 4095 } 4096 spin_unlock_bh(&local->sta_lock); 4097 4098 /* go through all subinterfaces */ 4099 read_lock(&local->sub_if_lock); 4100 list_for_each_entry(sdata, &local->sub_if_list, list) { 4101 sdata->channel_use = (sdata->channel_use_raw / 4102 local->stat_time) / CHAN_UTIL_PER_10MS; 4103 sdata->channel_use_raw = 0; 4104 } 4105 read_unlock(&local->sub_if_lock); 4106 4107 /* hardware interface */ 4108 local->channel_use = (local->channel_use_raw / 4109 local->stat_time) / CHAN_UTIL_PER_10MS; 4110 local->channel_use_raw = 0; 4111 4112 local->stat_timer.expires = jiffies + HZ * local->stat_time / 100; 4113 add_timer(&local->stat_timer); 4114} 4115 4116 4117/* This is a version of the rx handler that can be called from hard irq 4118 * context. Post the skb on the queue and schedule the tasklet */ 4119void ieee80211_rx_irqsafe(struct ieee80211_hw *hw, struct sk_buff *skb, 4120 struct ieee80211_rx_status *status) 4121{ 4122 struct ieee80211_local *local = hw_to_local(hw); 4123 4124 BUILD_BUG_ON(sizeof(struct ieee80211_rx_status) > sizeof(skb->cb)); 4125 4126 skb->dev = local->mdev; 4127 /* copy status into skb->cb for use by tasklet */ 4128 memcpy(skb->cb, status, sizeof(*status)); 4129 skb->pkt_type = IEEE80211_RX_MSG; 4130 skb_queue_tail(&local->skb_queue, skb); 4131 tasklet_schedule(&local->tasklet); 4132} 4133EXPORT_SYMBOL(ieee80211_rx_irqsafe); 4134 4135void ieee80211_tx_status_irqsafe(struct ieee80211_hw *hw, 4136 struct sk_buff *skb, 4137 struct ieee80211_tx_status *status) 4138{ 4139 struct ieee80211_local *local = hw_to_local(hw); 4140 struct ieee80211_tx_status *saved; 4141 int tmp; 4142 4143 skb->dev = local->mdev; 4144 saved = kmalloc(sizeof(struct ieee80211_tx_status), GFP_ATOMIC); 4145 if (unlikely(!saved)) { 4146 if (net_ratelimit()) 4147 printk(KERN_WARNING "%s: Not enough memory, " 4148 "dropping tx status", skb->dev->name); 4149 /* should be dev_kfree_skb_irq, but due to this function being 4150 * named _irqsafe instead of just _irq we can't be sure that 4151 * people won't call it from non-irq contexts */ 4152 dev_kfree_skb_any(skb); 4153 return; 4154 } 4155 memcpy(saved, status, sizeof(struct ieee80211_tx_status)); 4156 /* copy pointer to saved status into skb->cb for use by tasklet */ 4157 memcpy(skb->cb, &saved, sizeof(saved)); 4158 4159 skb->pkt_type = IEEE80211_TX_STATUS_MSG; 4160 skb_queue_tail(status->control.flags & IEEE80211_TXCTL_REQ_TX_STATUS ? 4161 &local->skb_queue : &local->skb_queue_unreliable, skb); 4162 tmp = skb_queue_len(&local->skb_queue) + 4163 skb_queue_len(&local->skb_queue_unreliable); 4164 while (tmp > IEEE80211_IRQSAFE_QUEUE_LIMIT && 4165 (skb = skb_dequeue(&local->skb_queue_unreliable))) { 4166 memcpy(&saved, skb->cb, sizeof(saved)); 4167 kfree(saved); 4168 dev_kfree_skb_irq(skb); 4169 tmp--; 4170 I802_DEBUG_INC(local->tx_status_drop); 4171 } 4172 tasklet_schedule(&local->tasklet); 4173} 4174EXPORT_SYMBOL(ieee80211_tx_status_irqsafe); 4175 4176static void ieee80211_tasklet_handler(unsigned long data) 4177{ 4178 struct ieee80211_local *local = (struct ieee80211_local *) data; 4179 struct sk_buff *skb; 4180 struct ieee80211_rx_status rx_status; 4181 struct ieee80211_tx_status *tx_status; 4182 4183 while ((skb = skb_dequeue(&local->skb_queue)) || 4184 (skb = skb_dequeue(&local->skb_queue_unreliable))) { 4185 switch (skb->pkt_type) { 4186 case IEEE80211_RX_MSG: 4187 /* status is in skb->cb */ 4188 memcpy(&rx_status, skb->cb, sizeof(rx_status)); 4189 /* Clear skb->type in order to not confuse kernel 4190 * netstack. */ 4191 skb->pkt_type = 0; 4192 __ieee80211_rx(local_to_hw(local), skb, &rx_status); 4193 break; 4194 case IEEE80211_TX_STATUS_MSG: 4195 /* get pointer to saved status out of skb->cb */ 4196 memcpy(&tx_status, skb->cb, sizeof(tx_status)); 4197 skb->pkt_type = 0; 4198 ieee80211_tx_status(local_to_hw(local), 4199 skb, tx_status); 4200 kfree(tx_status); 4201 break; 4202 default: /* should never get here! */ 4203 printk(KERN_ERR "%s: Unknown message type (%d)\n", 4204 local->mdev->name, skb->pkt_type); 4205 dev_kfree_skb(skb); 4206 break; 4207 } 4208 } 4209} 4210 4211 4212/* Remove added headers (e.g., QoS control), encryption header/MIC, etc. to 4213 * make a prepared TX frame (one that has been given to hw) to look like brand 4214 * new IEEE 802.11 frame that is ready to go through TX processing again. 4215 * Also, tx_packet_data in cb is restored from tx_control. */ 4216static void ieee80211_remove_tx_extra(struct ieee80211_local *local, 4217 struct ieee80211_key *key, 4218 struct sk_buff *skb, 4219 struct ieee80211_tx_control *control) 4220{ 4221 int hdrlen, iv_len, mic_len; 4222 struct ieee80211_tx_packet_data *pkt_data; 4223 4224 pkt_data = (struct ieee80211_tx_packet_data *)skb->cb; 4225 pkt_data->ifindex = control->ifindex; 4226 pkt_data->mgmt_iface = (control->type == IEEE80211_IF_TYPE_MGMT); 4227 pkt_data->req_tx_status = !!(control->flags & IEEE80211_TXCTL_REQ_TX_STATUS); 4228 pkt_data->do_not_encrypt = !!(control->flags & IEEE80211_TXCTL_DO_NOT_ENCRYPT); 4229 pkt_data->requeue = !!(control->flags & IEEE80211_TXCTL_REQUEUE); 4230 pkt_data->queue = control->queue; 4231 4232 hdrlen = ieee80211_get_hdrlen_from_skb(skb); 4233 4234 if (!key) 4235 goto no_key; 4236 4237 switch (key->alg) { 4238 case ALG_WEP: 4239 iv_len = WEP_IV_LEN; 4240 mic_len = WEP_ICV_LEN; 4241 break; 4242 case ALG_TKIP: 4243 iv_len = TKIP_IV_LEN; 4244 mic_len = TKIP_ICV_LEN; 4245 break; 4246 case ALG_CCMP: 4247 iv_len = CCMP_HDR_LEN; 4248 mic_len = CCMP_MIC_LEN; 4249 break; 4250 default: 4251 goto no_key; 4252 } 4253 4254 if (skb->len >= mic_len && key->force_sw_encrypt) 4255 skb_trim(skb, skb->len - mic_len); 4256 if (skb->len >= iv_len && skb->len > hdrlen) { 4257 memmove(skb->data + iv_len, skb->data, hdrlen); 4258 skb_pull(skb, iv_len); 4259 } 4260 4261no_key: 4262 { 4263 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 4264 u16 fc = le16_to_cpu(hdr->frame_control); 4265 if ((fc & 0x8C) == 0x88) /* QoS Control Field */ { 4266 fc &= ~IEEE80211_STYPE_QOS_DATA; 4267 hdr->frame_control = cpu_to_le16(fc); 4268 memmove(skb->data + 2, skb->data, hdrlen - 2); 4269 skb_pull(skb, 2); 4270 } 4271 } 4272} 4273 4274 4275void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb, 4276 struct ieee80211_tx_status *status) 4277{ 4278 struct sk_buff *skb2; 4279 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 4280 struct ieee80211_local *local = hw_to_local(hw); 4281 u16 frag, type; 4282 u32 msg_type; 4283 4284 if (!status) { 4285 printk(KERN_ERR 4286 "%s: ieee80211_tx_status called with NULL status\n", 4287 local->mdev->name); 4288 dev_kfree_skb(skb); 4289 return; 4290 } 4291 4292 if (status->excessive_retries) { 4293 struct sta_info *sta; 4294 sta = sta_info_get(local, hdr->addr1); 4295 if (sta) { 4296 if (sta->flags & WLAN_STA_PS) { 4297 /* The STA is in power save mode, so assume 4298 * that this TX packet failed because of that. 4299 */ 4300 status->excessive_retries = 0; 4301 status->flags |= IEEE80211_TX_STATUS_TX_FILTERED; 4302 } 4303 sta_info_put(sta); 4304 } 4305 } 4306 4307 if (status->flags & IEEE80211_TX_STATUS_TX_FILTERED) { 4308 struct sta_info *sta; 4309 sta = sta_info_get(local, hdr->addr1); 4310 if (sta) { 4311 sta->tx_filtered_count++; 4312 4313 /* Clear the TX filter mask for this STA when sending 4314 * the next packet. If the STA went to power save mode, 4315 * this will happen when it is waking up for the next 4316 * time. */ 4317 sta->clear_dst_mask = 1; 4318 4319 /* TODO: Is the WLAN_STA_PS flag always set here or is 4320 * the race between RX and TX status causing some 4321 * packets to be filtered out before 80211.o gets an 4322 * update for PS status? This seems to be the case, so 4323 * no changes are likely to be needed. */ 4324 if (sta->flags & WLAN_STA_PS && 4325 skb_queue_len(&sta->tx_filtered) < 4326 STA_MAX_TX_BUFFER) { 4327 ieee80211_remove_tx_extra(local, sta->key, 4328 skb, 4329 &status->control); 4330 skb_queue_tail(&sta->tx_filtered, skb); 4331 } else if (!(sta->flags & WLAN_STA_PS) && 4332 !(status->control.flags & IEEE80211_TXCTL_REQUEUE)) { 4333 /* Software retry the packet once */ 4334 status->control.flags |= IEEE80211_TXCTL_REQUEUE; 4335 ieee80211_remove_tx_extra(local, sta->key, 4336 skb, 4337 &status->control); 4338 dev_queue_xmit(skb); 4339 } else { 4340 if (net_ratelimit()) { 4341 printk(KERN_DEBUG "%s: dropped TX " 4342 "filtered frame queue_len=%d " 4343 "PS=%d @%lu\n", 4344 local->mdev->name, 4345 skb_queue_len( 4346 &sta->tx_filtered), 4347 !!(sta->flags & WLAN_STA_PS), 4348 jiffies); 4349 } 4350 dev_kfree_skb(skb); 4351 } 4352 sta_info_put(sta); 4353 return; 4354 } 4355 } else { 4356 rate_control_tx_status(local, local->mdev, skb, status); 4357 } 4358 4359 ieee80211_led_tx(local, 0); 4360 4361 /* SNMP counters 4362 * Fragments are passed to low-level drivers as separate skbs, so these 4363 * are actually fragments, not frames. Update frame counters only for 4364 * the first fragment of the frame. */ 4365 4366 frag = le16_to_cpu(hdr->seq_ctrl) & IEEE80211_SCTL_FRAG; 4367 type = le16_to_cpu(hdr->frame_control) & IEEE80211_FCTL_FTYPE; 4368 4369 if (status->flags & IEEE80211_TX_STATUS_ACK) { 4370 if (frag == 0) { 4371 local->dot11TransmittedFrameCount++; 4372 if (is_multicast_ether_addr(hdr->addr1)) 4373 local->dot11MulticastTransmittedFrameCount++; 4374 if (status->retry_count > 0) 4375 local->dot11RetryCount++; 4376 if (status->retry_count > 1) 4377 local->dot11MultipleRetryCount++; 4378 } 4379 4380 /* This counter shall be incremented for an acknowledged MPDU 4381 * with an individual address in the address 1 field or an MPDU 4382 * with a multicast address in the address 1 field of type Data 4383 * or Management. */ 4384 if (!is_multicast_ether_addr(hdr->addr1) || 4385 type == IEEE80211_FTYPE_DATA || 4386 type == IEEE80211_FTYPE_MGMT) 4387 local->dot11TransmittedFragmentCount++; 4388 } else { 4389 if (frag == 0) 4390 local->dot11FailedCount++; 4391 } 4392 4393 if (!(status->control.flags & IEEE80211_TXCTL_REQ_TX_STATUS) 4394 || unlikely(!local->apdev)) { 4395 dev_kfree_skb(skb); 4396 return; 4397 } 4398 4399 msg_type = (status->flags & IEEE80211_TX_STATUS_ACK) ? 4400 ieee80211_msg_tx_callback_ack : ieee80211_msg_tx_callback_fail; 4401 4402 /* skb was the original skb used for TX. Clone it and give the clone 4403 * to netif_rx(). Free original skb. */ 4404 skb2 = skb_copy(skb, GFP_ATOMIC); 4405 if (!skb2) { 4406 dev_kfree_skb(skb); 4407 return; 4408 } 4409 dev_kfree_skb(skb); 4410 skb = skb2; 4411 4412 /* Send frame to hostapd */ 4413 ieee80211_rx_mgmt(local, skb, NULL, msg_type); 4414} 4415EXPORT_SYMBOL(ieee80211_tx_status); 4416 4417/* TODO: implement register/unregister functions for adding TX/RX handlers 4418 * into ordered list */ 4419 4420/* rx_pre handlers don't have dev and sdata fields available in 4421 * ieee80211_txrx_data */ 4422static ieee80211_rx_handler ieee80211_rx_pre_handlers[] = 4423{ 4424 ieee80211_rx_h_parse_qos, 4425 ieee80211_rx_h_load_stats, 4426 NULL 4427}; 4428 4429static ieee80211_rx_handler ieee80211_rx_handlers[] = 4430{ 4431 ieee80211_rx_h_if_stats, 4432 ieee80211_rx_h_monitor, 4433 ieee80211_rx_h_passive_scan, 4434 ieee80211_rx_h_check, 4435 ieee80211_rx_h_sta_process, 4436 ieee80211_rx_h_ccmp_decrypt, 4437 ieee80211_rx_h_tkip_decrypt, 4438 ieee80211_rx_h_wep_weak_iv_detection, 4439 ieee80211_rx_h_wep_decrypt, 4440 ieee80211_rx_h_defragment, 4441 ieee80211_rx_h_ps_poll, 4442 ieee80211_rx_h_michael_mic_verify, 4443 /* this must be after decryption - so header is counted in MPDU mic 4444 * must be before pae and data, so QOS_DATA format frames 4445 * are not passed to user space by these functions 4446 */ 4447 ieee80211_rx_h_remove_qos_control, 4448 ieee80211_rx_h_802_1x_pae, 4449 ieee80211_rx_h_drop_unencrypted, 4450 ieee80211_rx_h_data, 4451 ieee80211_rx_h_mgmt, 4452 NULL 4453}; 4454 4455static ieee80211_tx_handler ieee80211_tx_handlers[] = 4456{ 4457 ieee80211_tx_h_check_assoc, 4458 ieee80211_tx_h_sequence, 4459 ieee80211_tx_h_ps_buf, 4460 ieee80211_tx_h_select_key, 4461 ieee80211_tx_h_michael_mic_add, 4462 ieee80211_tx_h_fragment, 4463 ieee80211_tx_h_tkip_encrypt, 4464 ieee80211_tx_h_ccmp_encrypt, 4465 ieee80211_tx_h_wep_encrypt, 4466 ieee80211_tx_h_rate_ctrl, 4467 ieee80211_tx_h_misc, 4468 ieee80211_tx_h_load_stats, 4469 NULL 4470}; 4471 4472 4473int ieee80211_if_update_wds(struct net_device *dev, u8 *remote_addr) 4474{ 4475 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 4476 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 4477 struct sta_info *sta; 4478 4479 if (compare_ether_addr(remote_addr, sdata->u.wds.remote_addr) == 0) 4480 return 0; 4481 4482 /* Create STA entry for the new peer */ 4483 sta = sta_info_add(local, dev, remote_addr, GFP_KERNEL); 4484 if (!sta) 4485 return -ENOMEM; 4486 sta_info_put(sta); 4487 4488 /* Remove STA entry for the old peer */ 4489 sta = sta_info_get(local, sdata->u.wds.remote_addr); 4490 if (sta) { 4491 sta_info_put(sta); 4492 sta_info_free(sta, 0); 4493 } else { 4494 printk(KERN_DEBUG "%s: could not find STA entry for WDS link " 4495 "peer " MAC_FMT "\n", 4496 dev->name, MAC_ARG(sdata->u.wds.remote_addr)); 4497 } 4498 4499 /* Update WDS link data */ 4500 memcpy(&sdata->u.wds.remote_addr, remote_addr, ETH_ALEN); 4501 4502 return 0; 4503} 4504 4505/* Must not be called for mdev and apdev */ 4506void ieee80211_if_setup(struct net_device *dev) 4507{ 4508 ether_setup(dev); 4509 dev->hard_start_xmit = ieee80211_subif_start_xmit; 4510 dev->wireless_handlers = &ieee80211_iw_handler_def; 4511 dev->set_multicast_list = ieee80211_set_multicast_list; 4512 dev->change_mtu = ieee80211_change_mtu; 4513 dev->get_stats = ieee80211_get_stats; 4514 dev->open = ieee80211_open; 4515 dev->stop = ieee80211_stop; 4516 dev->uninit = ieee80211_if_reinit; 4517 dev->destructor = ieee80211_if_free; 4518} 4519 4520void ieee80211_if_mgmt_setup(struct net_device *dev) 4521{ 4522 ether_setup(dev); 4523 dev->hard_start_xmit = ieee80211_mgmt_start_xmit; 4524 dev->change_mtu = ieee80211_change_mtu_apdev; 4525 dev->get_stats = ieee80211_get_stats; 4526 dev->open = ieee80211_mgmt_open; 4527 dev->stop = ieee80211_mgmt_stop; 4528 dev->type = ARPHRD_IEEE80211_PRISM; 4529 dev->hard_header_parse = header_parse_80211; 4530 dev->uninit = ieee80211_if_reinit; 4531 dev->destructor = ieee80211_if_free; 4532} 4533 4534int ieee80211_init_rate_ctrl_alg(struct ieee80211_local *local, 4535 const char *name) 4536{ 4537 struct rate_control_ref *ref, *old; 4538 4539 ASSERT_RTNL(); 4540 if (local->open_count || netif_running(local->mdev) || 4541 (local->apdev && netif_running(local->apdev))) 4542 return -EBUSY; 4543 4544 ref = rate_control_alloc(name, local); 4545 if (!ref) { 4546 printk(KERN_WARNING "%s: Failed to select rate control " 4547 "algorithm\n", local->mdev->name); 4548 return -ENOENT; 4549 } 4550 4551 old = local->rate_ctrl; 4552 local->rate_ctrl = ref; 4553 if (old) { 4554 rate_control_put(old); 4555 sta_info_flush(local, NULL); 4556 } 4557 4558 printk(KERN_DEBUG "%s: Selected rate control " 4559 "algorithm '%s'\n", local->mdev->name, 4560 ref->ops->name); 4561 4562 4563 return 0; 4564} 4565 4566static void rate_control_deinitialize(struct ieee80211_local *local) 4567{ 4568 struct rate_control_ref *ref; 4569 4570 ref = local->rate_ctrl; 4571 local->rate_ctrl = NULL; 4572 rate_control_put(ref); 4573} 4574 4575struct ieee80211_hw *ieee80211_alloc_hw(size_t priv_data_len, 4576 const struct ieee80211_ops *ops) 4577{ 4578 struct net_device *mdev; 4579 struct ieee80211_local *local; 4580 struct ieee80211_sub_if_data *sdata; 4581 int priv_size; 4582 struct wiphy *wiphy; 4583 4584 /* Ensure 32-byte alignment of our private data and hw private data. 4585 * We use the wiphy priv data for both our ieee80211_local and for 4586 * the driver's private data 4587 * 4588 * In memory it'll be like this: 4589 * 4590 * +-------------------------+ 4591 * | struct wiphy | 4592 * +-------------------------+ 4593 * | struct ieee80211_local | 4594 * +-------------------------+ 4595 * | driver's private data | 4596 * +-------------------------+ 4597 * 4598 */ 4599 priv_size = ((sizeof(struct ieee80211_local) + 4600 NETDEV_ALIGN_CONST) & ~NETDEV_ALIGN_CONST) + 4601 priv_data_len; 4602 4603 wiphy = wiphy_new(&mac80211_config_ops, priv_size); 4604 4605 if (!wiphy) 4606 return NULL; 4607 4608 wiphy->privid = mac80211_wiphy_privid; 4609 4610 local = wiphy_priv(wiphy); 4611 local->hw.wiphy = wiphy; 4612 4613 local->hw.priv = (char *)local + 4614 ((sizeof(struct ieee80211_local) + 4615 NETDEV_ALIGN_CONST) & ~NETDEV_ALIGN_CONST); 4616 4617 local->ops = ops; 4618 4619 /* for now, mdev needs sub_if_data :/ */ 4620 mdev = alloc_netdev(sizeof(struct ieee80211_sub_if_data), 4621 "wmaster%d", ether_setup); 4622 if (!mdev) { 4623 wiphy_free(wiphy); 4624 return NULL; 4625 } 4626 4627 sdata = IEEE80211_DEV_TO_SUB_IF(mdev); 4628 mdev->ieee80211_ptr = &sdata->wdev; 4629 sdata->wdev.wiphy = wiphy; 4630 4631 local->hw.queues = 1; /* default */ 4632 4633 local->mdev = mdev; 4634 local->rx_pre_handlers = ieee80211_rx_pre_handlers; 4635 local->rx_handlers = ieee80211_rx_handlers; 4636 local->tx_handlers = ieee80211_tx_handlers; 4637 4638 local->bridge_packets = 1; 4639 4640 local->rts_threshold = IEEE80211_MAX_RTS_THRESHOLD; 4641 local->fragmentation_threshold = IEEE80211_MAX_FRAG_THRESHOLD; 4642 local->short_retry_limit = 7; 4643 local->long_retry_limit = 4; 4644 local->hw.conf.radio_enabled = 1; 4645 local->rate_ctrl_num_up = RATE_CONTROL_NUM_UP; 4646 local->rate_ctrl_num_down = RATE_CONTROL_NUM_DOWN; 4647 4648 local->enabled_modes = (unsigned int) -1; 4649 4650 INIT_LIST_HEAD(&local->modes_list); 4651 4652 rwlock_init(&local->sub_if_lock); 4653 INIT_LIST_HEAD(&local->sub_if_list); 4654 4655 INIT_DELAYED_WORK(&local->scan_work, ieee80211_sta_scan_work); 4656 init_timer(&local->stat_timer); 4657 local->stat_timer.function = ieee80211_stat_refresh; 4658 local->stat_timer.data = (unsigned long) local; 4659 ieee80211_rx_bss_list_init(mdev); 4660 4661 sta_info_init(local); 4662 4663 mdev->hard_start_xmit = ieee80211_master_start_xmit; 4664 mdev->open = ieee80211_master_open; 4665 mdev->stop = ieee80211_master_stop; 4666 mdev->type = ARPHRD_IEEE80211; 4667 mdev->hard_header_parse = header_parse_80211; 4668 4669 sdata->type = IEEE80211_IF_TYPE_AP; 4670 sdata->dev = mdev; 4671 sdata->local = local; 4672 sdata->u.ap.force_unicast_rateidx = -1; 4673 sdata->u.ap.max_ratectrl_rateidx = -1; 4674 ieee80211_if_sdata_init(sdata); 4675 list_add_tail(&sdata->list, &local->sub_if_list); 4676 4677 tasklet_init(&local->tx_pending_tasklet, ieee80211_tx_pending, 4678 (unsigned long)local); 4679 tasklet_disable(&local->tx_pending_tasklet); 4680 4681 tasklet_init(&local->tasklet, 4682 ieee80211_tasklet_handler, 4683 (unsigned long) local); 4684 tasklet_disable(&local->tasklet); 4685 4686 skb_queue_head_init(&local->skb_queue); 4687 skb_queue_head_init(&local->skb_queue_unreliable); 4688 4689 return local_to_hw(local); 4690} 4691EXPORT_SYMBOL(ieee80211_alloc_hw); 4692 4693int ieee80211_register_hw(struct ieee80211_hw *hw) 4694{ 4695 struct ieee80211_local *local = hw_to_local(hw); 4696 const char *name; 4697 int result; 4698 4699 result = wiphy_register(local->hw.wiphy); 4700 if (result < 0) 4701 return result; 4702 4703 name = wiphy_dev(local->hw.wiphy)->driver->name; 4704 local->hw.workqueue = create_singlethread_workqueue(name); 4705 if (!local->hw.workqueue) { 4706 result = -ENOMEM; 4707 goto fail_workqueue; 4708 } 4709 4710 debugfs_hw_add(local); 4711 4712 local->hw.conf.beacon_int = 1000; 4713 4714 local->wstats_flags |= local->hw.max_rssi ? 4715 IW_QUAL_LEVEL_UPDATED : IW_QUAL_LEVEL_INVALID; 4716 local->wstats_flags |= local->hw.max_signal ? 4717 IW_QUAL_QUAL_UPDATED : IW_QUAL_QUAL_INVALID; 4718 local->wstats_flags |= local->hw.max_noise ? 4719 IW_QUAL_NOISE_UPDATED : IW_QUAL_NOISE_INVALID; 4720 if (local->hw.max_rssi < 0 || local->hw.max_noise < 0) 4721 local->wstats_flags |= IW_QUAL_DBM; 4722 4723 result = sta_info_start(local); 4724 if (result < 0) 4725 goto fail_sta_info; 4726 4727 rtnl_lock(); 4728 result = dev_alloc_name(local->mdev, local->mdev->name); 4729 if (result < 0) 4730 goto fail_dev; 4731 4732 memcpy(local->mdev->dev_addr, local->hw.wiphy->perm_addr, ETH_ALEN); 4733 SET_NETDEV_DEV(local->mdev, wiphy_dev(local->hw.wiphy)); 4734 4735 result = register_netdevice(local->mdev); 4736 if (result < 0) 4737 goto fail_dev; 4738 4739 ieee80211_debugfs_add_netdev(IEEE80211_DEV_TO_SUB_IF(local->mdev)); 4740 4741 result = ieee80211_init_rate_ctrl_alg(local, NULL); 4742 if (result < 0) { 4743 printk(KERN_DEBUG "%s: Failed to initialize rate control " 4744 "algorithm\n", local->mdev->name); 4745 goto fail_rate; 4746 } 4747 4748 result = ieee80211_wep_init(local); 4749 4750 if (result < 0) { 4751 printk(KERN_DEBUG "%s: Failed to initialize wep\n", 4752 local->mdev->name); 4753 goto fail_wep; 4754 } 4755 4756 ieee80211_install_qdisc(local->mdev); 4757 4758 /* add one default STA interface */ 4759 result = ieee80211_if_add(local->mdev, "wlan%d", NULL, 4760 IEEE80211_IF_TYPE_STA); 4761 if (result) 4762 printk(KERN_WARNING "%s: Failed to add default virtual iface\n", 4763 local->mdev->name); 4764 4765 local->reg_state = IEEE80211_DEV_REGISTERED; 4766 rtnl_unlock(); 4767 4768 ieee80211_led_init(local); 4769 4770 return 0; 4771 4772fail_wep: 4773 rate_control_deinitialize(local); 4774fail_rate: 4775 ieee80211_debugfs_remove_netdev(IEEE80211_DEV_TO_SUB_IF(local->mdev)); 4776 unregister_netdevice(local->mdev); 4777fail_dev: 4778 rtnl_unlock(); 4779 sta_info_stop(local); 4780fail_sta_info: 4781 debugfs_hw_del(local); 4782 destroy_workqueue(local->hw.workqueue); 4783fail_workqueue: 4784 wiphy_unregister(local->hw.wiphy); 4785 return result; 4786} 4787EXPORT_SYMBOL(ieee80211_register_hw); 4788 4789int ieee80211_register_hwmode(struct ieee80211_hw *hw, 4790 struct ieee80211_hw_mode *mode) 4791{ 4792 struct ieee80211_local *local = hw_to_local(hw); 4793 struct ieee80211_rate *rate; 4794 int i; 4795 4796 INIT_LIST_HEAD(&mode->list); 4797 list_add_tail(&mode->list, &local->modes_list); 4798 4799 local->hw_modes |= (1 << mode->mode); 4800 for (i = 0; i < mode->num_rates; i++) { 4801 rate = &(mode->rates[i]); 4802 rate->rate_inv = CHAN_UTIL_RATE_LCM / rate->rate; 4803 } 4804 ieee80211_prepare_rates(local, mode); 4805 4806 if (!local->oper_hw_mode) { 4807 /* Default to this mode */ 4808 local->hw.conf.phymode = mode->mode; 4809 local->oper_hw_mode = local->scan_hw_mode = mode; 4810 local->oper_channel = local->scan_channel = &mode->channels[0]; 4811 local->hw.conf.mode = local->oper_hw_mode; 4812 local->hw.conf.chan = local->oper_channel; 4813 } 4814 4815 if (!(hw->flags & IEEE80211_HW_DEFAULT_REG_DOMAIN_CONFIGURED)) 4816 ieee80211_init_client(local->mdev); 4817 4818 return 0; 4819} 4820EXPORT_SYMBOL(ieee80211_register_hwmode); 4821 4822void ieee80211_unregister_hw(struct ieee80211_hw *hw) 4823{ 4824 struct ieee80211_local *local = hw_to_local(hw); 4825 struct ieee80211_sub_if_data *sdata, *tmp; 4826 struct list_head tmp_list; 4827 int i; 4828 4829 tasklet_kill(&local->tx_pending_tasklet); 4830 tasklet_kill(&local->tasklet); 4831 4832 rtnl_lock(); 4833 4834 BUG_ON(local->reg_state != IEEE80211_DEV_REGISTERED); 4835 4836 local->reg_state = IEEE80211_DEV_UNREGISTERED; 4837 if (local->apdev) 4838 ieee80211_if_del_mgmt(local); 4839 4840 write_lock_bh(&local->sub_if_lock); 4841 list_replace_init(&local->sub_if_list, &tmp_list); 4842 write_unlock_bh(&local->sub_if_lock); 4843 4844 list_for_each_entry_safe(sdata, tmp, &tmp_list, list) 4845 __ieee80211_if_del(local, sdata); 4846 4847 rtnl_unlock(); 4848 4849 if (local->stat_time) 4850 del_timer_sync(&local->stat_timer); 4851 4852 ieee80211_rx_bss_list_deinit(local->mdev); 4853 ieee80211_clear_tx_pending(local); 4854 sta_info_stop(local); 4855 rate_control_deinitialize(local); 4856 debugfs_hw_del(local); 4857 4858 for (i = 0; i < NUM_IEEE80211_MODES; i++) { 4859 kfree(local->supp_rates[i]); 4860 kfree(local->basic_rates[i]); 4861 } 4862 4863 if (skb_queue_len(&local->skb_queue) 4864 || skb_queue_len(&local->skb_queue_unreliable)) 4865 printk(KERN_WARNING "%s: skb_queue not empty\n", 4866 local->mdev->name); 4867 skb_queue_purge(&local->skb_queue); 4868 skb_queue_purge(&local->skb_queue_unreliable); 4869 4870 destroy_workqueue(local->hw.workqueue); 4871 wiphy_unregister(local->hw.wiphy); 4872 ieee80211_wep_free(local); 4873 ieee80211_led_exit(local); 4874} 4875EXPORT_SYMBOL(ieee80211_unregister_hw); 4876 4877void ieee80211_free_hw(struct ieee80211_hw *hw) 4878{ 4879 struct ieee80211_local *local = hw_to_local(hw); 4880 4881 ieee80211_if_free(local->mdev); 4882 wiphy_free(local->hw.wiphy); 4883} 4884EXPORT_SYMBOL(ieee80211_free_hw); 4885 4886void ieee80211_wake_queue(struct ieee80211_hw *hw, int queue) 4887{ 4888 struct ieee80211_local *local = hw_to_local(hw); 4889 4890 if (test_and_clear_bit(IEEE80211_LINK_STATE_XOFF, 4891 &local->state[queue])) { 4892 if (test_bit(IEEE80211_LINK_STATE_PENDING, 4893 &local->state[queue])) 4894 tasklet_schedule(&local->tx_pending_tasklet); 4895 else 4896 if (!ieee80211_qdisc_installed(local->mdev)) { 4897 if (queue == 0) 4898 netif_wake_queue(local->mdev); 4899 } else 4900 __netif_schedule(local->mdev); 4901 } 4902} 4903EXPORT_SYMBOL(ieee80211_wake_queue); 4904 4905void ieee80211_stop_queue(struct ieee80211_hw *hw, int queue) 4906{ 4907 struct ieee80211_local *local = hw_to_local(hw); 4908 4909 if (!ieee80211_qdisc_installed(local->mdev) && queue == 0) 4910 netif_stop_queue(local->mdev); 4911 set_bit(IEEE80211_LINK_STATE_XOFF, &local->state[queue]); 4912} 4913EXPORT_SYMBOL(ieee80211_stop_queue); 4914 4915void ieee80211_start_queues(struct ieee80211_hw *hw) 4916{ 4917 struct ieee80211_local *local = hw_to_local(hw); 4918 int i; 4919 4920 for (i = 0; i < local->hw.queues; i++) 4921 clear_bit(IEEE80211_LINK_STATE_XOFF, &local->state[i]); 4922 if (!ieee80211_qdisc_installed(local->mdev)) 4923 netif_start_queue(local->mdev); 4924} 4925EXPORT_SYMBOL(ieee80211_start_queues); 4926 4927void ieee80211_stop_queues(struct ieee80211_hw *hw) 4928{ 4929 int i; 4930 4931 for (i = 0; i < hw->queues; i++) 4932 ieee80211_stop_queue(hw, i); 4933} 4934EXPORT_SYMBOL(ieee80211_stop_queues); 4935 4936void ieee80211_wake_queues(struct ieee80211_hw *hw) 4937{ 4938 int i; 4939 4940 for (i = 0; i < hw->queues; i++) 4941 ieee80211_wake_queue(hw, i); 4942} 4943EXPORT_SYMBOL(ieee80211_wake_queues); 4944 4945struct net_device_stats *ieee80211_dev_stats(struct net_device *dev) 4946{ 4947 struct ieee80211_sub_if_data *sdata; 4948 sdata = IEEE80211_DEV_TO_SUB_IF(dev); 4949 return &sdata->stats; 4950} 4951 4952static int __init ieee80211_init(void) 4953{ 4954 struct sk_buff *skb; 4955 int ret; 4956 4957 BUILD_BUG_ON(sizeof(struct ieee80211_tx_packet_data) > sizeof(skb->cb)); 4958 4959 ret = ieee80211_wme_register(); 4960 if (ret) { 4961 printk(KERN_DEBUG "ieee80211_init: failed to " 4962 "initialize WME (err=%d)\n", ret); 4963 return ret; 4964 } 4965 4966 ieee80211_debugfs_netdev_init(); 4967 4968 return 0; 4969} 4970 4971 4972static void __exit ieee80211_exit(void) 4973{ 4974 ieee80211_wme_unregister(); 4975 ieee80211_debugfs_netdev_exit(); 4976} 4977 4978 4979module_init(ieee80211_init); 4980module_exit(ieee80211_exit); 4981 4982MODULE_DESCRIPTION("IEEE 802.11 subsystem"); 4983MODULE_LICENSE("GPL"); 4984