projects / openwrt.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
upgrade hostapd to 0.5.7 (patch from #1133)
[openwrt.git] / package / d80211 / src / ieee80211.c
1 /*
2 * Copyright 2002-2005, Instant802 Networks, Inc.
3 * Copyright 2005-2006, Devicescape Software, Inc.
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 */
9
10 #include <net/d80211.h>
11 #include <linux/module.h>
12 #include <linux/init.h>
13 #include <linux/netdevice.h>
14 #include <linux/types.h>
15 #include <linux/slab.h>
16 #include <linux/skbuff.h>
17 #include <linux/etherdevice.h>
18 #include <linux/if_arp.h>
19 #include <linux/wireless.h>
20 #include <linux/rtnetlink.h>
21 #include <net/iw_handler.h>
22 #include <linux/compiler.h>
23 #include <linux/bitmap.h>
24
25 #include <net/d80211_common.h>
26 #include <net/d80211_mgmt.h>
27 #include "ieee80211_i.h"
28 #include "ieee80211_rate.h"
29 #include "wep.h"
30 #include "wpa.h"
31 #include "tkip.h"
32 #include "wme.h"
33 #include "aes_ccm.h"
34 #include "ieee80211_led.h"
35
36 /* See IEEE 802.1H for LLC/SNAP encapsulation/decapsulation */
37 /* Ethernet-II snap header (RFC1042 for most EtherTypes) */
38 static unsigned char rfc1042_header[] =
39 { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 };
40 /* Bridge-Tunnel header (for EtherTypes ETH_P_AARP and ETH_P_IPX) */
41 static unsigned char bridge_tunnel_header[] =
42 { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0xf8 };
43 /* No encapsulation header if EtherType < 0x600 (=length) */
44
45 static unsigned char eapol_header[] =
46 { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00, 0x88, 0x8e };
47
48
49 static u8 * ieee80211_get_bssid(struct ieee80211_hdr *hdr, size_t len);
50
51 static int ieee80211_mgmt_start_xmit(struct sk_buff *skb,
52 struct net_device *dev);
53
54 struct ieee80211_key_conf *
55 ieee80211_key_data2conf(struct ieee80211_local *local,
56 struct ieee80211_key *data)
57 {
58 struct ieee80211_key_conf *conf;
59
60 conf = kmalloc(sizeof(*conf) + data->keylen, GFP_ATOMIC);
61 if (!conf)
62 return NULL;
63
64 conf->hw_key_idx = data->hw_key_idx;
65 conf->alg = data->alg;
66 conf->keylen = data->keylen;
67 conf->flags = 0;
68 if (data->force_sw_encrypt)
69 conf->flags |= IEEE80211_KEY_FORCE_SW_ENCRYPT;
70 conf->keyidx = data->keyidx;
71 if (data->default_tx_key)
72 conf->flags |= IEEE80211_KEY_DEFAULT_TX_KEY;
73 if (local->default_wep_only)
74 conf->flags |= IEEE80211_KEY_DEFAULT_WEP_ONLY;
75 memcpy(conf->key, data->key, data->keylen);
76
77 return conf;
78 }
79
80 struct ieee80211_key *ieee80211_key_alloc(struct ieee80211_sub_if_data *sdata,
81 int idx, size_t key_len, gfp_t flags)
82 {
83 struct ieee80211_key *key;
84 int res;
85
86 key = kzalloc(sizeof(struct ieee80211_key) + key_len, flags);
87 if (!key)
88 return NULL;
89 if (sdata)
90 res = kobject_set_name(&key->kobj, "%d", idx);
91 else
92 res = kobject_set_name(&key->kobj, "key");
93 if (res) {
94 kfree(key);
95 return NULL;
96 }
97 ieee80211_key_sysfs_set_kset(key, sdata ? &sdata->key_kset : NULL);
98 kobject_init(&key->kobj);
99 return key;
100 }
101
102 void ieee80211_key_free(struct ieee80211_key *key)
103 {
104 if (key)
105 kobject_put(&key->kobj);
106 }
107
108 void ieee80211_key_release(struct kobject *kobj)
109 {
110 struct ieee80211_key *key;
111
112 key = container_of(kobj, struct ieee80211_key, kobj);
113 if (key->alg == ALG_CCMP)
114 ieee80211_aes_key_free(key->u.ccmp.tfm);
115 kfree(key);
116 }
117
118 static int rate_list_match(int *rate_list, int rate)
119 {
120 int i;
121
122 if (!rate_list)
123 return 0;
124
125 for (i = 0; rate_list[i] >= 0; i++)
126 if (rate_list[i] == rate)
127 return 1;
128
129 return 0;
130 }
131
132
133 void ieee80211_prepare_rates(struct ieee80211_local *local)
134 {
135 int i;
136
137 for (i = 0; i < local->num_curr_rates; i++) {
138 struct ieee80211_rate *rate = &local->curr_rates[i];
139
140 rate->flags &= ~(IEEE80211_RATE_SUPPORTED |
141 IEEE80211_RATE_BASIC);
142
143 if (local->supp_rates[local->hw.conf.phymode]) {
144 if (!rate_list_match(local->supp_rates
145 [local->hw.conf.phymode],
146 rate->rate))
147 continue;
148 }
149
150 rate->flags |= IEEE80211_RATE_SUPPORTED;
151
152 /* Use configured basic rate set if it is available. If not,
153 * use defaults that are sane for most cases. */
154 if (local->basic_rates[local->hw.conf.phymode]) {
155 if (rate_list_match(local->basic_rates
156 [local->hw.conf.phymode],
157 rate->rate))
158 rate->flags |= IEEE80211_RATE_BASIC;
159 } else switch (local->hw.conf.phymode) {
160 case MODE_IEEE80211A:
161 if (rate->rate == 60 || rate->rate == 120 ||
162 rate->rate == 240)
163 rate->flags |= IEEE80211_RATE_BASIC;
164 break;
165 case MODE_IEEE80211B:
166 if (rate->rate == 10 || rate->rate == 20)
167 rate->flags |= IEEE80211_RATE_BASIC;
168 break;
169 case MODE_ATHEROS_TURBO:
170 if (rate->rate == 120 || rate->rate == 240 ||
171 rate->rate == 480)
172 rate->flags |= IEEE80211_RATE_BASIC;
173 break;
174 case MODE_IEEE80211G:
175 if (rate->rate == 10 || rate->rate == 20 ||
176 rate->rate == 55 || rate->rate == 110)
177 rate->flags |= IEEE80211_RATE_BASIC;
178 break;
179 }
180
181 /* Set ERP and MANDATORY flags based on phymode */
182 switch (local->hw.conf.phymode) {
183 case MODE_IEEE80211A:
184 if (rate->rate == 60 || rate->rate == 120 ||
185 rate->rate == 240)
186 rate->flags |= IEEE80211_RATE_MANDATORY;
187 break;
188 case MODE_IEEE80211B:
189 if (rate->rate == 10)
190 rate->flags |= IEEE80211_RATE_MANDATORY;
191 break;
192 case MODE_ATHEROS_TURBO:
193 break;
194 case MODE_IEEE80211G:
195 if (rate->rate == 10 || rate->rate == 20 ||
196 rate->rate == 55 || rate->rate == 110 ||
197 rate->rate == 60 || rate->rate == 120 ||
198 rate->rate == 240)
199 rate->flags |= IEEE80211_RATE_MANDATORY;
200 if (rate->rate != 10 && rate->rate != 20 &&
201 rate->rate != 55 && rate->rate != 110)
202 rate->flags |= IEEE80211_RATE_ERP;
203 break;
204 }
205 }
206 }
207
208
209 static void ieee80211_key_threshold_notify(struct net_device *dev,
210 struct ieee80211_key *key,
211 struct sta_info *sta)
212 {
213 struct ieee80211_local *local = dev->ieee80211_ptr;
214 struct sk_buff *skb;
215 struct ieee80211_msg_key_notification *msg;
216
217 /* if no one will get it anyway, don't even allocate it.
218 * unlikely because this is only relevant for APs
219 * where the device must be open... */
220 if (unlikely(!local->apdev))
221 return;
222
223 skb = dev_alloc_skb(sizeof(struct ieee80211_frame_info) +
224 sizeof(struct ieee80211_msg_key_notification));
225 if (!skb)
226 return;
227
228 skb_reserve(skb, sizeof(struct ieee80211_frame_info));
229 msg = (struct ieee80211_msg_key_notification *)
230 skb_put(skb, sizeof(struct ieee80211_msg_key_notification));
231 msg->tx_rx_count = key->tx_rx_count;
232 memcpy(msg->ifname, dev->name, IFNAMSIZ);
233 if (sta)
234 memcpy(msg->addr, sta->addr, ETH_ALEN);
235 else
236 memset(msg->addr, 0xff, ETH_ALEN);
237
238 key->tx_rx_count = 0;
239
240 ieee80211_rx_mgmt(local, skb, NULL,
241 ieee80211_msg_key_threshold_notification);
242 }
243
244
245 int ieee80211_get_hdrlen(u16 fc)
246 {
247 int hdrlen = 24;
248
249 switch (fc & IEEE80211_FCTL_FTYPE) {
250 case IEEE80211_FTYPE_DATA:
251 if ((fc & IEEE80211_FCTL_FROMDS) && (fc & IEEE80211_FCTL_TODS))
252 hdrlen = 30; /* Addr4 */
253 if (fc & IEEE80211_STYPE_QOS_DATA)
254 hdrlen += 2; /* QoS Control Field */
255 break;
256 case IEEE80211_FTYPE_CTL:
257 switch (fc & IEEE80211_FCTL_STYPE) {
258 case IEEE80211_STYPE_CTS:
259 case IEEE80211_STYPE_ACK:
260 hdrlen = 10;
261 break;
262 default:
263 hdrlen = 16;
264 break;
265 }
266 break;
267 }
268
269 return hdrlen;
270 }
271 EXPORT_SYMBOL(ieee80211_get_hdrlen);
272
273 int ieee80211_get_hdrlen_from_skb(struct sk_buff *skb)
274 {
275 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
276 int hdrlen;
277
278 if (unlikely(skb->len < 10))
279 return 0;
280 hdrlen = ieee80211_get_hdrlen(le16_to_cpu(hdr->frame_control));
281 if (unlikely(hdrlen > skb->len))
282 return 0;
283 return hdrlen;
284 }
285 EXPORT_SYMBOL(ieee80211_get_hdrlen_from_skb);
286
287 #ifdef CONFIG_D80211_LOWTX_FRAME_DUMP
288 static void ieee80211_dump_frame(const char *ifname, const char *title,
289 struct sk_buff *skb)
290 {
291 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
292 u16 fc;
293 int hdrlen;
294
295 printk(KERN_DEBUG "%s: %s (len=%d)", ifname, title, skb->len);
296 if (skb->len < 4) {
297 printk("\n");
298 return;
299 }
300
301 fc = le16_to_cpu(hdr->frame_control);
302 hdrlen = ieee80211_get_hdrlen(fc);
303 if (hdrlen > skb->len)
304 hdrlen = skb->len;
305 if (hdrlen >= 4)
306 printk(" FC=0x%04x DUR=0x%04x",
307 fc, le16_to_cpu(hdr->duration_id));
308 if (hdrlen >= 10)
309 printk(" A1=" MAC_FMT, MAC_ARG(hdr->addr1));
310 if (hdrlen >= 16)
311 printk(" A2=" MAC_FMT, MAC_ARG(hdr->addr2));
312 if (hdrlen >= 24)
313 printk(" A3=" MAC_FMT, MAC_ARG(hdr->addr3));
314 if (hdrlen >= 30)
315 printk(" A4=" MAC_FMT, MAC_ARG(hdr->addr4));
316 printk("\n");
317 }
318 #else /* CONFIG_D80211_LOWTX_FRAME_DUMP */
319 static inline void ieee80211_dump_frame(const char *ifname, const char *title,
320 struct sk_buff *skb)
321 {
322 }
323 #endif /* CONFIG_D80211_LOWTX_FRAME_DUMP */
324
325
326 static int ieee80211_is_eapol(struct sk_buff *skb)
327 {
328 struct ieee80211_hdr *hdr;
329 u16 fc;
330 int hdrlen;
331
332 if (unlikely(skb->len < 10))
333 return 0;
334
335 hdr = (struct ieee80211_hdr *) skb->data;
336 fc = le16_to_cpu(hdr->frame_control);
337
338 if (unlikely(!WLAN_FC_DATA_PRESENT(fc)))
339 return 0;
340
341 hdrlen = ieee80211_get_hdrlen(fc);
342
343 if (unlikely(skb->len >= hdrlen + sizeof(eapol_header) &&
344 memcmp(skb->data + hdrlen, eapol_header,
345 sizeof(eapol_header)) == 0))
346 return 1;
347
348 return 0;
349 }
350
351
352 static ieee80211_txrx_result
353 ieee80211_tx_h_rate_ctrl(struct ieee80211_txrx_data *tx)
354 {
355 struct rate_control_extra extra;
356
357 memset(&extra, 0, sizeof(extra));
358 extra.mgmt_data = tx->sdata &&
359 tx->sdata->type == IEEE80211_IF_TYPE_MGMT;
360 extra.ethertype = tx->ethertype;
361 extra.startidx = 0;
362 extra.endidx = tx->local->num_curr_rates;
363
364 tx->u.tx.rate = rate_control_get_rate(tx->local, tx->dev, tx->skb,
365 &extra);
366 if (unlikely(extra.probe != NULL)) {
367 tx->u.tx.control->flags |= IEEE80211_TXCTL_RATE_CTRL_PROBE;
368 tx->u.tx.probe_last_frag = 1;
369 tx->u.tx.control->alt_retry_rate = tx->u.tx.rate->val;
370 tx->u.tx.rate = extra.probe;
371 } else {
372 tx->u.tx.control->alt_retry_rate = -1;
373 }
374 if (!tx->u.tx.rate)
375 return TXRX_DROP;
376 if (tx->local->hw.conf.phymode == MODE_IEEE80211G &&
377 tx->local->cts_protect_erp_frames && tx->fragmented &&
378 extra.nonerp) {
379 tx->u.tx.last_frag_rate = tx->u.tx.rate;
380 tx->u.tx.last_frag_rateidx = extra.rateidx;
381 tx->u.tx.probe_last_frag = extra.probe ? 1 : 0;
382
383 tx->u.tx.rate = extra.nonerp;
384 tx->u.tx.control->rateidx = extra.nonerp_idx;
385 tx->u.tx.control->flags &= ~IEEE80211_TXCTL_RATE_CTRL_PROBE;
386 } else {
387 tx->u.tx.last_frag_rate = tx->u.tx.rate;
388 tx->u.tx.last_frag_rateidx = extra.rateidx;
389 tx->u.tx.control->rateidx = extra.rateidx;
390 }
391 tx->u.tx.control->tx_rate = tx->u.tx.rate->val;
392 if ((tx->u.tx.rate->flags & IEEE80211_RATE_PREAMBLE2) &&
393 tx->local->short_preamble &&
394 (!tx->sta || (tx->sta->flags & WLAN_STA_SHORT_PREAMBLE))) {
395 tx->u.tx.short_preamble = 1;
396 tx->u.tx.control->tx_rate = tx->u.tx.rate->val2;
397 }
398
399 return TXRX_CONTINUE;
400 }
401
402
403 static ieee80211_txrx_result
404 ieee80211_tx_h_select_key(struct ieee80211_txrx_data *tx)
405 {
406 if (tx->sta)
407 tx->u.tx.control->key_idx = tx->sta->key_idx_compression;
408 else
409 tx->u.tx.control->key_idx = HW_KEY_IDX_INVALID;
410
411 if (unlikely(tx->u.tx.control->flags & IEEE80211_TXCTL_DO_NOT_ENCRYPT))
412 tx->key = NULL;
413 else if (tx->sta && tx->sta->key)
414 tx->key = tx->sta->key;
415 else if (tx->sdata->default_key)
416 tx->key = tx->sdata->default_key;
417 else if (tx->sdata->drop_unencrypted &&
418 !(tx->sdata->eapol && ieee80211_is_eapol(tx->skb))) {
419 I802_DEBUG_INC(tx->local->tx_handlers_drop_unencrypted);
420 return TXRX_DROP;
421 } else
422 tx->key = NULL;
423
424 if (tx->key) {
425 tx->key->tx_rx_count++;
426 if (unlikely(tx->local->key_tx_rx_threshold &&
427 tx->key->tx_rx_count >
428 tx->local->key_tx_rx_threshold)) {
429 ieee80211_key_threshold_notify(tx->dev, tx->key,
430 tx->sta);
431 }
432 }
433
434 return TXRX_CONTINUE;
435 }
436
437
438 static ieee80211_txrx_result
439 ieee80211_tx_h_fragment(struct ieee80211_txrx_data *tx)
440 {
441 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) tx->skb->data;
442 size_t hdrlen, per_fragm, num_fragm, payload_len, left;
443 struct sk_buff **frags, *first, *frag;
444 int i;
445 u8 *pos;
446 int frag_threshold = tx->local->fragmentation_threshold;
447
448 if (!tx->fragmented)
449 return TXRX_CONTINUE;
450
451 first = tx->skb;
452
453 hdrlen = ieee80211_get_hdrlen(tx->fc);
454 payload_len = first->len - hdrlen;
455 per_fragm = frag_threshold - hdrlen - FCS_LEN;
456 num_fragm = (payload_len + per_fragm - 1) / per_fragm;
457
458 frags = kzalloc(num_fragm * sizeof(struct sk_buff *), GFP_ATOMIC);
459 if (!frags)
460 goto fail;
461
462 hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_MOREFRAGS);
463 pos = first->data + hdrlen + per_fragm;
464 left = payload_len - per_fragm;
465 for (i = 0; i < num_fragm - 1; i++) {
466 struct ieee80211_hdr *fhdr;
467 size_t copylen;
468
469 if (left <= 0)
470 goto fail;
471
472 /* reserve enough extra head and tail room for possible
473 * encryption */
474 #define IEEE80211_ENCRYPT_HEADROOM 8
475 #define IEEE80211_ENCRYPT_TAILROOM 12
476 frag = frags[i] =
477 dev_alloc_skb(frag_threshold +
478 IEEE80211_ENCRYPT_HEADROOM +
479 IEEE80211_ENCRYPT_TAILROOM);
480 if (!frag)
481 goto fail;
482 /* Make sure that all fragments use the same priority so
483 * that they end up using the same TX queue */
484 frag->priority = first->priority;
485 skb_reserve(frag, IEEE80211_ENCRYPT_HEADROOM);
486 fhdr = (struct ieee80211_hdr *) skb_put(frag, hdrlen);
487 memcpy(fhdr, first->data, hdrlen);
488 if (i == num_fragm - 2)
489 fhdr->frame_control &= cpu_to_le16(~IEEE80211_FCTL_MOREFRAGS);
490 fhdr->seq_ctrl = cpu_to_le16(i + 1);
491 copylen = left > per_fragm ? per_fragm : left;
492 memcpy(skb_put(frag, copylen), pos, copylen);
493
494 pos += copylen;
495 left -= copylen;
496 }
497 skb_trim(first, hdrlen + per_fragm);
498
499 tx->u.tx.num_extra_frag = num_fragm - 1;
500 tx->u.tx.extra_frag = frags;
501
502 return TXRX_CONTINUE;
503
504 fail:
505 printk(KERN_DEBUG "%s: failed to fragment frame\n", tx->dev->name);
506 if (frags) {
507 for (i = 0; i < num_fragm - 1; i++)
508 if (frags[i])
509 dev_kfree_skb(frags[i]);
510 kfree(frags);
511 }
512 I802_DEBUG_INC(tx->local->tx_handlers_drop_fragment);
513 return TXRX_DROP;
514 }
515
516
517 static int wep_encrypt_skb(struct ieee80211_txrx_data *tx, struct sk_buff *skb)
518 {
519 if (tx->key->force_sw_encrypt) {
520 if (ieee80211_wep_encrypt(tx->local, skb, tx->key))
521 return -1;
522 } else {
523 tx->u.tx.control->key_idx = tx->key->hw_key_idx;
524 if (tx->local->hw.flags & IEEE80211_HW_WEP_INCLUDE_IV) {
525 if (ieee80211_wep_add_iv(tx->local, skb, tx->key) ==
526 NULL)
527 return -1;
528 }
529 }
530 return 0;
531 }
532
533
534 void ieee80211_tx_set_iswep(struct ieee80211_txrx_data *tx)
535 {
536 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) tx->skb->data;
537
538 hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
539 if (tx->u.tx.extra_frag) {
540 struct ieee80211_hdr *fhdr;
541 int i;
542 for (i = 0; i < tx->u.tx.num_extra_frag; i++) {
543 fhdr = (struct ieee80211_hdr *)
544 tx->u.tx.extra_frag[i]->data;
545 fhdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
546 }
547 }
548 }
549
550
551 static ieee80211_txrx_result
552 ieee80211_tx_h_wep_encrypt(struct ieee80211_txrx_data *tx)
553 {
554 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) tx->skb->data;
555 u16 fc;
556
557 fc = le16_to_cpu(hdr->frame_control);
558
559 if (!tx->key || tx->key->alg != ALG_WEP ||
560 ((fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA &&
561 ((fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT ||
562 (fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_AUTH)))
563 return TXRX_CONTINUE;
564
565 tx->u.tx.control->iv_len = WEP_IV_LEN;
566 tx->u.tx.control->icv_len = WEP_ICV_LEN;
567 ieee80211_tx_set_iswep(tx);
568
569 if (wep_encrypt_skb(tx, tx->skb) < 0) {
570 I802_DEBUG_INC(tx->local->tx_handlers_drop_wep);
571 return TXRX_DROP;
572 }
573
574 if (tx->u.tx.extra_frag) {
575 int i;
576 for (i = 0; i < tx->u.tx.num_extra_frag; i++) {
577 if (wep_encrypt_skb(tx, tx->u.tx.extra_frag[i]) < 0) {
578 I802_DEBUG_INC(tx->local->
579 tx_handlers_drop_wep);
580 return TXRX_DROP;
581 }
582 }
583 }
584
585 return TXRX_CONTINUE;
586 }
587
588
589 static inline int ceiling_div(int dividend, int divisor)
590 {
591 return ((dividend + divisor - 1) / divisor);
592 }
593
594
595 static int ieee80211_frame_duration(struct ieee80211_local *local, size_t len,
596 int rate, int erp, int short_preamble)
597 {
598 int dur;
599
600 /* calculate duration (in microseconds, rounded up to next higher
601 * integer if it includes a fractional microsecond) to send frame of
602 * len bytes (does not include FCS) at the given rate. Duration will
603 * also include SIFS.
604 *
605 * rate is in 100 kbps, so divident is multiplied by 10 in the
606 * ceiling_div() operations.
607 */
608
609 if (local->hw.conf.phymode == MODE_IEEE80211A || erp ||
610 local->hw.conf.phymode == MODE_ATHEROS_TURBO) {
611 /*
612 * OFDM:
613 *
614 * N_DBPS = DATARATE x 4
615 * N_SYM = Ceiling((16+8xLENGTH+6) / N_DBPS)
616 * (16 = SIGNAL time, 6 = tail bits)
617 * TXTIME = T_PREAMBLE + T_SIGNAL + T_SYM x N_SYM + Signal Ext
618 *
619 * T_SYM = 4 usec
620 * 802.11a - 17.5.2: aSIFSTime = 16 usec
621 * 802.11g - 19.8.4: aSIFSTime = 10 usec +
622 * signal ext = 6 usec
623 */
624 /* FIX: Atheros Turbo may have different (shorter) duration? */
625 dur = 16; /* SIFS + signal ext */
626 dur += 16; /* 17.3.2.3: T_PREAMBLE = 16 usec */
627 dur += 4; /* 17.3.2.3: T_SIGNAL = 4 usec */
628 dur += 4 * ceiling_div((16 + 8 * (len + 4) + 6) * 10,
629 4 * rate); /* T_SYM x N_SYM */
630 } else {
631 /*
632 * 802.11b or 802.11g with 802.11b compatibility:
633 * 18.3.4: TXTIME = PreambleLength + PLCPHeaderTime +
634 * Ceiling(((LENGTH+PBCC)x8)/DATARATE). PBCC=0.
635 *
636 * 802.11 (DS): 15.3.3, 802.11b: 18.3.4
637 * aSIFSTime = 10 usec
638 * aPreambleLength = 144 usec or 72 usec with short preamble
639 * aPLCPHeaderLength = 48 usec or 24 usec with short preamble
640 */
641 dur = 10; /* aSIFSTime = 10 usec */
642 dur += short_preamble ? (72 + 24) : (144 + 48);
643
644 dur += ceiling_div(8 * (len + 4) * 10, rate);
645 }
646
647 return dur;
648 }
649
650
651 static u16 ieee80211_duration(struct ieee80211_txrx_data *tx, int group_addr,
652 int next_frag_len)
653 {
654 int rate, mrate, erp, dur, i;
655 struct ieee80211_rate *txrate = tx->u.tx.rate;
656 struct ieee80211_local *local = tx->local;
657
658 erp = txrate->flags & IEEE80211_RATE_ERP;
659
660 /*
661 * data and mgmt (except PS Poll):
662 * - during CFP: 32768
663 * - during contention period:
664 * if addr1 is group address: 0
665 * if more fragments = 0 and addr1 is individual address: time to
666 * transmit one ACK plus SIFS
667 * if more fragments = 1 and addr1 is individual address: time to
668 * transmit next fragment plus 2 x ACK plus 3 x SIFS
669 *
670 * IEEE 802.11, 9.6:
671 * - control response frame (CTS or ACK) shall be transmitted using the
672 * same rate as the immediately previous frame in the frame exchange
673 * sequence, if this rate belongs to the PHY mandatory rates, or else
674 * at the highest possible rate belonging to the PHY rates in the
675 * BSSBasicRateSet
676 */
677
678 if ((tx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_CTL) {
679 /* TODO: These control frames are not currently sent by
680 * 80211.o, but should they be implemented, this function
681 * needs to be updated to support duration field calculation.
682 *
683 * RTS: time needed to transmit pending data/mgmt frame plus
684 * one CTS frame plus one ACK frame plus 3 x SIFS
685 * CTS: duration of immediately previous RTS minus time
686 * required to transmit CTS and its SIFS
687 * ACK: 0 if immediately previous directed data/mgmt had
688 * more=0, with more=1 duration in ACK frame is duration
689 * from previous frame minus time needed to transmit ACK
690 * and its SIFS
691 * PS Poll: BIT(15) | BIT(14) | aid
692 */
693 return 0;
694 }
695
696 /* data/mgmt */
697 if (0 /* FIX: data/mgmt during CFP */)
698 return 32768;
699
700 if (group_addr) /* Group address as the destination - no ACK */
701 return 0;
702
703 /* Individual destination address:
704 * IEEE 802.11, Ch. 9.6 (after IEEE 802.11g changes)
705 * CTS and ACK frames shall be transmitted using the highest rate in
706 * basic rate set that is less than or equal to the rate of the
707 * immediately previous frame and that is using the same modulation
708 * (CCK or OFDM). If no basic rate set matches with these requirements,
709 * the highest mandatory rate of the PHY that is less than or equal to
710 * the rate of the previous frame is used.
711 * Mandatory rates for IEEE 802.11g PHY: 1, 2, 5.5, 11, 6, 12, 24 Mbps
712 */
713 rate = -1;
714 mrate = 10; /* use 1 Mbps if everything fails */
715 for (i = 0; i < local->num_curr_rates; i++) {
716 struct ieee80211_rate *r = &local->curr_rates[i];
717 if (r->rate > txrate->rate)
718 break;
719
720 if (IEEE80211_RATE_MODULATION(txrate->flags) !=
721 IEEE80211_RATE_MODULATION(r->flags))
722 continue;
723
724 if (r->flags & IEEE80211_RATE_BASIC)
725 rate = r->rate;
726 else if (r->flags & IEEE80211_RATE_MANDATORY)
727 mrate = r->rate;
728 }
729 if (rate == -1) {
730 /* No matching basic rate found; use highest suitable mandatory
731 * PHY rate */
732 rate = mrate;
733 }
734
735 /* Time needed to transmit ACK
736 * (10 bytes + 4-byte FCS = 112 bits) plus SIFS; rounded up
737 * to closest integer */
738
739 dur = ieee80211_frame_duration(local, 10, rate, erp,
740 local->short_preamble);
741
742 if (next_frag_len) {
743 /* Frame is fragmented: duration increases with time needed to
744 * transmit next fragment plus ACK and 2 x SIFS. */
745 dur *= 2; /* ACK + SIFS */
746 /* next fragment */
747 dur += ieee80211_frame_duration(local, next_frag_len,
748 txrate->rate, erp,
749 local->short_preamble);
750 }
751
752 return dur;
753 }
754
755
756 static ieee80211_txrx_result
757 ieee80211_tx_h_misc(struct ieee80211_txrx_data *tx)
758 {
759 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) tx->skb->data;
760 u16 dur;
761 struct ieee80211_tx_control *control = tx->u.tx.control;
762
763 if (!is_multicast_ether_addr(hdr->addr1)) {
764 if (tx->skb->len + FCS_LEN > tx->local->rts_threshold &&
765 tx->local->rts_threshold < IEEE80211_MAX_RTS_THRESHOLD) {
766 control->flags |= IEEE80211_TXCTL_USE_RTS_CTS;
767 control->retry_limit =
768 tx->local->long_retry_limit;
769 } else {
770 control->retry_limit =
771 tx->local->short_retry_limit;
772 }
773 } else {
774 control->retry_limit = 1;
775 }
776
777 if (tx->fragmented) {
778 /* Do not use multiple retry rates when sending fragmented
779 * frames.
780 * TODO: The last fragment could still use multiple retry
781 * rates. */
782 control->alt_retry_rate = -1;
783 }
784
785 /* Use CTS protection for unicast frames sent using extended rates if
786 * there are associated non-ERP stations and RTS/CTS is not configured
787 * for the frame. */
788 if (tx->local->hw.conf.phymode == MODE_IEEE80211G &&
789 (tx->u.tx.rate->flags & IEEE80211_RATE_ERP) &&
790 tx->u.tx.unicast &&
791 tx->local->cts_protect_erp_frames &&
792 !(control->flags & IEEE80211_TXCTL_USE_RTS_CTS))
793 control->flags |= IEEE80211_TXCTL_USE_CTS_PROTECT;
794
795 /* Setup duration field for the first fragment of the frame. Duration
796 * for remaining fragments will be updated when they are being sent
797 * to low-level driver in ieee80211_tx(). */
798 dur = ieee80211_duration(tx, is_multicast_ether_addr(hdr->addr1),
799 tx->fragmented ? tx->u.tx.extra_frag[0]->len :
800 0);
801 hdr->duration_id = cpu_to_le16(dur);
802
803 if ((control->flags & IEEE80211_TXCTL_USE_RTS_CTS) ||
804 (control->flags & IEEE80211_TXCTL_USE_CTS_PROTECT)) {
805 struct ieee80211_rate *rate;
806 int erp = tx->u.tx.rate->flags & IEEE80211_RATE_ERP;
807
808 /* Do not use multiple retry rates when using RTS/CTS */
809 control->alt_retry_rate = -1;
810
811 /* Use min(data rate, max base rate) as CTS/RTS rate */
812 rate = tx->u.tx.rate;
813 while (rate > tx->local->curr_rates &&
814 !(rate->flags & IEEE80211_RATE_BASIC))
815 rate--;
816
817 if (control->flags & IEEE80211_TXCTL_USE_RTS_CTS)
818 dur += ieee80211_frame_duration(tx->local, 10,
819 rate->rate, erp,
820 tx->local->
821 short_preamble);
822 dur += ieee80211_frame_duration(tx->local, tx->skb->len,
823 tx->u.tx.rate->rate, erp,
824 tx->u.tx.short_preamble);
825 control->rts_cts_duration = dur;
826 control->rts_cts_rate = rate->val;
827 }
828
829 if (tx->sta) {
830 tx->sta->tx_packets++;
831 tx->sta->tx_fragments++;
832 tx->sta->tx_bytes += tx->skb->len;
833 if (tx->u.tx.extra_frag) {
834 int i;
835 tx->sta->tx_fragments += tx->u.tx.num_extra_frag;
836 for (i = 0; i < tx->u.tx.num_extra_frag; i++) {
837 tx->sta->tx_bytes +=
838 tx->u.tx.extra_frag[i]->len;
839 }
840 }
841 }
842 tx->local->scan.txrx_count++;
843
844 return TXRX_CONTINUE;
845 }
846
847
848 static ieee80211_txrx_result
849 ieee80211_tx_h_check_assoc(struct ieee80211_txrx_data *tx)
850 {
851 #ifdef CONFIG_D80211_VERBOSE_DEBUG
852 struct sk_buff *skb = tx->skb;
853 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
854 #endif /* CONFIG_D80211_VERBOSE_DEBUG */
855 u32 sta_flags;
856
857 if (unlikely(tx->local->sta_scanning != 0) &&
858 ((tx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT ||
859 (tx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_PROBE_REQ))
860 return TXRX_DROP;
861
862 if (tx->u.tx.ps_buffered)
863 return TXRX_CONTINUE;
864
865 sta_flags = tx->sta ? tx->sta->flags : 0;
866
867 if (likely(tx->u.tx.unicast)) {
868 if (unlikely(!(sta_flags & WLAN_STA_ASSOC) &&
869 tx->sdata->type != IEEE80211_IF_TYPE_IBSS &&
870 (tx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA)) {
871 #ifdef CONFIG_D80211_VERBOSE_DEBUG
872 printk(KERN_DEBUG "%s: dropped data frame to not "
873 "associated station " MAC_FMT "\n",
874 tx->dev->name, MAC_ARG(hdr->addr1));
875 #endif /* CONFIG_D80211_VERBOSE_DEBUG */
876 I802_DEBUG_INC(tx->local->tx_handlers_drop_not_assoc);
877 return TXRX_DROP;
878 }
879 } else {
880 if (unlikely((tx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA &&
881 tx->local->num_sta == 0 &&
882 !tx->local->allow_broadcast_always &&
883 tx->sdata->type != IEEE80211_IF_TYPE_IBSS)) {
884 /*
885 * No associated STAs - no need to send multicast
886 * frames.
887 */
888 return TXRX_DROP;
889 }
890 return TXRX_CONTINUE;
891 }
892
893 if (unlikely(!tx->u.tx.mgmt_interface && tx->sdata->ieee802_1x &&
894 !(sta_flags & WLAN_STA_AUTHORIZED))) {
895 #ifdef CONFIG_D80211_DEBUG
896 struct ieee80211_hdr *hdr =
897 (struct ieee80211_hdr *) tx->skb->data;
898 printk(KERN_DEBUG "%s: dropped frame to " MAC_FMT
899 " (unauthorized port)\n", tx->dev->name,
900 MAC_ARG(hdr->addr1));
901 #endif
902 I802_DEBUG_INC(tx->local->tx_handlers_drop_unauth_port);
903 return TXRX_DROP;
904 }
905
906 return TXRX_CONTINUE;
907 }
908
909
910 /* This function is called whenever the AP is about to exceed the maximum limit
911 * of buffered frames for power saving STAs. This situation should not really
912 * happen often during normal operation, so dropping the oldest buffered packet
913 * from each queue should be OK to make some room for new frames. */
914 static void purge_old_ps_buffers(struct ieee80211_local *local)
915 {
916 int total = 0, purged = 0;
917 struct sk_buff *skb;
918 struct ieee80211_sub_if_data *sdata;
919 struct sta_info *sta;
920
921 spin_lock_bh(&local->sub_if_lock);
922 list_for_each_entry(sdata, &local->sub_if_list, list) {
923 struct ieee80211_if_ap *ap;
924 if (sdata->dev == local->mdev ||
925 sdata->type != IEEE80211_IF_TYPE_AP)
926 continue;
927 ap = &sdata->u.ap;
928 skb = skb_dequeue(&ap->ps_bc_buf);
929 if (skb) {
930 purged++;
931 dev_kfree_skb(skb);
932 }
933 total += skb_queue_len(&ap->ps_bc_buf);
934 }
935 spin_unlock_bh(&local->sub_if_lock);
936
937 spin_lock_bh(&local->sta_lock);
938 list_for_each_entry(sta, &local->sta_list, list) {
939 skb = skb_dequeue(&sta->ps_tx_buf);
940 if (skb) {
941 purged++;
942 dev_kfree_skb(skb);
943 }
944 total += skb_queue_len(&sta->ps_tx_buf);
945 }
946 spin_unlock_bh(&local->sta_lock);
947
948 local->total_ps_buffered = total;
949 printk(KERN_DEBUG "%s: PS buffers full - purged %d frames\n",
950 local->mdev->name, purged);
951 }
952
953
954 static inline ieee80211_txrx_result
955 ieee80211_tx_h_multicast_ps_buf(struct ieee80211_txrx_data *tx)
956 {
957 /* broadcast/multicast frame */
958 /* If any of the associated stations is in power save mode,
959 * the frame is buffered to be sent after DTIM beacon frame */
960 if ((tx->local->hw.flags & IEEE80211_HW_HOST_BROADCAST_PS_BUFFERING) &&
961 tx->sdata->type != IEEE80211_IF_TYPE_WDS &&
962 tx->sdata->bss && atomic_read(&tx->sdata->bss->num_sta_ps) &&
963 !(tx->fc & IEEE80211_FCTL_ORDER)) {
964 if (tx->local->total_ps_buffered >= TOTAL_MAX_TX_BUFFER)
965 purge_old_ps_buffers(tx->local);
966 if (skb_queue_len(&tx->sdata->bss->ps_bc_buf) >=
967 AP_MAX_BC_BUFFER) {
968 if (net_ratelimit()) {
969 printk(KERN_DEBUG "%s: BC TX buffer full - "
970 "dropping the oldest frame\n",
971 tx->dev->name);
972 }
973 dev_kfree_skb(skb_dequeue(&tx->sdata->bss->ps_bc_buf));
974 } else
975 tx->local->total_ps_buffered++;
976 skb_queue_tail(&tx->sdata->bss->ps_bc_buf, tx->skb);
977 return TXRX_QUEUED;
978 }
979
980 return TXRX_CONTINUE;
981 }
982
983
984 static inline ieee80211_txrx_result
985 ieee80211_tx_h_unicast_ps_buf(struct ieee80211_txrx_data *tx)
986 {
987 struct sta_info *sta = tx->sta;
988
989 if (unlikely(!sta ||
990 ((tx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_MGMT &&
991 (tx->fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_PROBE_RESP)))
992 return TXRX_CONTINUE;
993
994 if (unlikely((sta->flags & WLAN_STA_PS) && !sta->pspoll)) {
995 struct ieee80211_tx_packet_data *pkt_data;
996 #ifdef CONFIG_D80211_VERBOSE_PS_DEBUG
997 printk(KERN_DEBUG "STA " MAC_FMT " aid %d: PS buffer (entries "
998 "before %d)\n",
999 MAC_ARG(sta->addr), sta->aid,
1000 skb_queue_len(&sta->ps_tx_buf));
1001 #endif /* CONFIG_D80211_VERBOSE_PS_DEBUG */
1002 sta->flags |= WLAN_STA_TIM;
1003 if (tx->local->total_ps_buffered >= TOTAL_MAX_TX_BUFFER)
1004 purge_old_ps_buffers(tx->local);
1005 if (skb_queue_len(&sta->ps_tx_buf) >= STA_MAX_TX_BUFFER) {
1006 struct sk_buff *old = skb_dequeue(&sta->ps_tx_buf);
1007 if (net_ratelimit()) {
1008 printk(KERN_DEBUG "%s: STA " MAC_FMT " TX "
1009 "buffer full - dropping oldest frame\n",
1010 tx->dev->name, MAC_ARG(sta->addr));
1011 }
1012 dev_kfree_skb(old);
1013 } else
1014 tx->local->total_ps_buffered++;
1015 /* Queue frame to be sent after STA sends an PS Poll frame */
1016 if (skb_queue_empty(&sta->ps_tx_buf)) {
1017 if (tx->local->ops->set_tim)
1018 tx->local->ops->set_tim(local_to_hw(tx->local),
1019 sta->aid, 1);
1020 if (tx->sdata->bss)
1021 bss_tim_set(tx->local, tx->sdata->bss, sta->aid);
1022 }
1023 pkt_data = (struct ieee80211_tx_packet_data *)tx->skb->cb;
1024 pkt_data->jiffies = jiffies;
1025 skb_queue_tail(&sta->ps_tx_buf, tx->skb);
1026 return TXRX_QUEUED;
1027 }
1028 #ifdef CONFIG_D80211_VERBOSE_PS_DEBUG
1029 else if (unlikely(sta->flags & WLAN_STA_PS)) {
1030 printk(KERN_DEBUG "%s: STA " MAC_FMT " in PS mode, but pspoll "
1031 "set -> send frame\n", tx->dev->name,
1032 MAC_ARG(sta->addr));
1033 }
1034 #endif /* CONFIG_D80211_VERBOSE_PS_DEBUG */
1035 sta->pspoll = 0;
1036
1037 return TXRX_CONTINUE;
1038 }
1039
1040
1041 static ieee80211_txrx_result
1042 ieee80211_tx_h_ps_buf(struct ieee80211_txrx_data *tx)
1043 {
1044 if (unlikely(tx->u.tx.ps_buffered))
1045 return TXRX_CONTINUE;
1046
1047 if (tx->u.tx.unicast)
1048 return ieee80211_tx_h_unicast_ps_buf(tx);
1049 else
1050 return ieee80211_tx_h_multicast_ps_buf(tx);
1051 }
1052
1053
1054 static void inline
1055 __ieee80211_tx_prepare(struct ieee80211_txrx_data *tx,
1056 struct sk_buff *skb,
1057 struct net_device *dev,
1058 struct ieee80211_tx_control *control)
1059 {
1060 struct ieee80211_local *local = dev->ieee80211_ptr;
1061 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
1062 int hdrlen;
1063
1064 memset(tx, 0, sizeof(*tx));
1065 tx->skb = skb;
1066 tx->dev = dev; /* use original interface */
1067 tx->local = local;
1068 tx->sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1069 tx->sta = sta_info_get(local, hdr->addr1);
1070 tx->fc = le16_to_cpu(hdr->frame_control);
1071 control->power_level = local->hw.conf.power_level;
1072 tx->u.tx.control = control;
1073 tx->u.tx.unicast = !is_multicast_ether_addr(hdr->addr1);
1074 if (is_multicast_ether_addr(hdr->addr1))
1075 control->flags |= IEEE80211_TXCTL_NO_ACK;
1076 else
1077 control->flags &= ~IEEE80211_TXCTL_NO_ACK;
1078 tx->fragmented = local->fragmentation_threshold <
1079 IEEE80211_MAX_FRAG_THRESHOLD && tx->u.tx.unicast &&
1080 skb->len + FCS_LEN > local->fragmentation_threshold &&
1081 (!local->ops->set_frag_threshold);
1082 if (!tx->sta)
1083 control->flags |= IEEE80211_TXCTL_CLEAR_DST_MASK;
1084 else if (tx->sta->clear_dst_mask) {
1085 control->flags |= IEEE80211_TXCTL_CLEAR_DST_MASK;
1086 tx->sta->clear_dst_mask = 0;
1087 }
1088 control->antenna_sel = local->hw.conf.antenna_sel;
1089 if (local->sta_antenna_sel != STA_ANTENNA_SEL_AUTO && tx->sta)
1090 control->antenna_sel = tx->sta->antenna_sel;
1091 hdrlen = ieee80211_get_hdrlen(tx->fc);
1092 if (skb->len > hdrlen + sizeof(rfc1042_header) + 2) {
1093 u8 *pos = &skb->data[hdrlen + sizeof(rfc1042_header)];
1094 tx->ethertype = (pos[0] << 8) | pos[1];
1095 }
1096 control->flags |= IEEE80211_TXCTL_FIRST_FRAGMENT;
1097
1098 }
1099
1100 static int inline is_ieee80211_device(struct net_device *dev,
1101 struct net_device *master)
1102 {
1103 return (dev->ieee80211_ptr == master->ieee80211_ptr);
1104 }
1105
1106 /* Device in tx->dev has a reference added; use dev_put(tx->dev) when
1107 * finished with it. */
1108 static void inline ieee80211_tx_prepare(struct ieee80211_txrx_data *tx,
1109 struct sk_buff *skb,
1110 struct net_device *mdev,
1111 struct ieee80211_tx_control *control)
1112 {
1113 struct ieee80211_tx_packet_data *pkt_data;
1114 struct net_device *dev;
1115
1116 pkt_data = (struct ieee80211_tx_packet_data *)skb->cb;
1117 dev = dev_get_by_index(pkt_data->ifindex);
1118 if (unlikely(dev && !is_ieee80211_device(dev, mdev))) {
1119 dev_put(dev);
1120 dev = NULL;
1121 }
1122 if (unlikely(!dev)) {
1123 printk(KERN_WARNING "%s: NULL ifindex in pkt_data\n",
1124 mdev->name);
1125 dev = mdev;
1126 dev_hold(dev);
1127 }
1128 __ieee80211_tx_prepare(tx, skb, dev, control);
1129 }
1130
1131 static inline int __ieee80211_queue_stopped(struct ieee80211_local *local,
1132 int queue)
1133 {
1134 return test_bit(IEEE80211_LINK_STATE_XOFF, &local->state[queue]);
1135 }
1136
1137 static inline int __ieee80211_queue_pending(struct ieee80211_local *local,
1138 int queue)
1139 {
1140 return test_bit(IEEE80211_LINK_STATE_PENDING, &local->state[queue]);
1141 }
1142
1143 #define IEEE80211_TX_OK 0
1144 #define IEEE80211_TX_AGAIN 1
1145 #define IEEE80211_TX_FRAG_AGAIN 2
1146
1147 static int __ieee80211_tx(struct ieee80211_local *local, struct sk_buff *skb,
1148 struct ieee80211_txrx_data *tx)
1149 {
1150 struct ieee80211_tx_control *control = tx->u.tx.control;
1151 int ret, i;
1152
1153 if (skb) {
1154 ieee80211_dump_frame(local->mdev->name, "TX to low-level driver", skb);
1155 ret = local->ops->tx(local_to_hw(local), skb, control);
1156 if (ret)
1157 return IEEE80211_TX_AGAIN;
1158 ieee80211_led_tx(local, 1);
1159 }
1160 if (tx->u.tx.extra_frag) {
1161 control->flags &= ~(IEEE80211_TXCTL_USE_RTS_CTS |
1162 IEEE80211_TXCTL_USE_CTS_PROTECT |
1163 IEEE80211_TXCTL_CLEAR_DST_MASK |
1164 IEEE80211_TXCTL_FIRST_FRAGMENT);
1165 for (i = 0; i < tx->u.tx.num_extra_frag; i++) {
1166 if (!tx->u.tx.extra_frag[i])
1167 continue;
1168 if (__ieee80211_queue_stopped(local, control->queue))
1169 return IEEE80211_TX_FRAG_AGAIN;
1170 if (i == tx->u.tx.num_extra_frag) {
1171 control->tx_rate = tx->u.tx.last_frag_hwrate;
1172 control->rateidx = tx->u.tx.last_frag_rateidx;
1173 if (tx->u.tx.probe_last_frag)
1174 control->flags |=
1175 IEEE80211_TXCTL_RATE_CTRL_PROBE;
1176 else
1177 control->flags &=
1178 ~IEEE80211_TXCTL_RATE_CTRL_PROBE;
1179 }
1180
1181 ieee80211_dump_frame(local->mdev->name,
1182 "TX to low-level driver", skb);
1183 ret = local->ops->tx(local_to_hw(local),
1184 tx->u.tx.extra_frag[i],
1185 control);
1186 if (ret)
1187 return IEEE80211_TX_FRAG_AGAIN;
1188 ieee80211_led_tx(local, 1);
1189 tx->u.tx.extra_frag[i] = NULL;
1190 }
1191 kfree(tx->u.tx.extra_frag);
1192 tx->u.tx.extra_frag = NULL;
1193 }
1194 return IEEE80211_TX_OK;
1195 }
1196
1197 static int ieee80211_tx(struct net_device *dev, struct sk_buff *skb,
1198 struct ieee80211_tx_control *control, int mgmt)
1199 {
1200 struct ieee80211_local *local = dev->ieee80211_ptr;
1201 struct sta_info *sta;
1202 ieee80211_tx_handler *handler;
1203 struct ieee80211_txrx_data tx;
1204 ieee80211_txrx_result res = TXRX_DROP;
1205 int ret, i;
1206
1207 WARN_ON(__ieee80211_queue_pending(local, control->queue));
1208
1209 if (unlikely(skb->len < 10)) {
1210 dev_kfree_skb(skb);
1211 return 0;
1212 }
1213
1214 __ieee80211_tx_prepare(&tx, skb, dev, control);
1215 sta = tx.sta;
1216 tx.u.tx.mgmt_interface = mgmt;
1217
1218 for (handler = local->tx_handlers; *handler != NULL; handler++) {
1219 res = (*handler)(&tx);
1220 if (res != TXRX_CONTINUE)
1221 break;
1222 }
1223
1224 skb = tx.skb; /* handlers are allowed to change skb */
1225
1226 if (sta)
1227 sta_info_put(sta);
1228
1229 if (unlikely(res == TXRX_DROP)) {
1230 I802_DEBUG_INC(local->tx_handlers_drop);
1231 goto drop;
1232 }
1233
1234 if (unlikely(res == TXRX_QUEUED)) {
1235 I802_DEBUG_INC(local->tx_handlers_queued);
1236 return 0;
1237 }
1238
1239 if (tx.u.tx.extra_frag) {
1240 for (i = 0; i < tx.u.tx.num_extra_frag; i++) {
1241 int next_len, dur;
1242 struct ieee80211_hdr *hdr =
1243 (struct ieee80211_hdr *)
1244 tx.u.tx.extra_frag[i]->data;
1245
1246 if (i + 1 < tx.u.tx.num_extra_frag) {
1247 next_len = tx.u.tx.extra_frag[i + 1]->len;
1248 } else {
1249 next_len = 0;
1250 tx.u.tx.rate = tx.u.tx.last_frag_rate;
1251 tx.u.tx.last_frag_hwrate = tx.u.tx.rate->val;
1252 }
1253 dur = ieee80211_duration(&tx, 0, next_len);
1254 hdr->duration_id = cpu_to_le16(dur);
1255 }
1256 }
1257
1258 retry:
1259 ret = __ieee80211_tx(local, skb, &tx);
1260 if (ret) {
1261 struct ieee80211_tx_stored_packet *store =
1262 &local->pending_packet[control->queue];
1263
1264 if (ret == IEEE80211_TX_FRAG_AGAIN)
1265 skb = NULL;
1266 set_bit(IEEE80211_LINK_STATE_PENDING,
1267 &local->state[control->queue]);
1268 smp_mb();
1269 /* When the driver gets out of buffers during sending of
1270 * fragments and calls ieee80211_stop_queue, there is
1271 * a small window between IEEE80211_LINK_STATE_XOFF and
1272 * IEEE80211_LINK_STATE_PENDING flags are set. If a buffer
1273 * gets available in that window (i.e. driver calls
1274 * ieee80211_wake_queue), we would end up with ieee80211_tx
1275 * called with IEEE80211_LINK_STATE_PENDING. Prevent this by
1276 * continuing transmitting here when that situation is
1277 * possible to have happened. */
1278 if (!__ieee80211_queue_stopped(local, control->queue)) {
1279 clear_bit(IEEE80211_LINK_STATE_PENDING,
1280 &local->state[control->queue]);
1281 goto retry;
1282 }
1283 memcpy(&store->control, control,
1284 sizeof(struct ieee80211_tx_control));
1285 store->skb = skb;
1286 store->extra_frag = tx.u.tx.extra_frag;
1287 store->num_extra_frag = tx.u.tx.num_extra_frag;
1288 store->last_frag_hwrate = tx.u.tx.last_frag_hwrate;
1289 store->last_frag_rateidx = tx.u.tx.last_frag_rateidx;
1290 store->last_frag_rate_ctrl_probe = tx.u.tx.probe_last_frag;
1291 }
1292 return 0;
1293
1294 drop:
1295 if (skb)
1296 dev_kfree_skb(skb);
1297 for (i = 0; i < tx.u.tx.num_extra_frag; i++)
1298 if (tx.u.tx.extra_frag[i])
1299 dev_kfree_skb(tx.u.tx.extra_frag[i]);
1300 kfree(tx.u.tx.extra_frag);
1301 return 0;
1302 }
1303
1304 static void ieee80211_tx_pending(unsigned long data)
1305 {
1306 struct ieee80211_local *local = (struct ieee80211_local *)data;
1307 struct net_device *dev = local->mdev;
1308 struct ieee80211_tx_stored_packet *store;
1309 struct ieee80211_txrx_data tx;
1310 int i, ret, reschedule = 0;
1311
1312 netif_tx_lock_bh(dev);
1313 for (i = 0; i < local->hw.queues; i++) {
1314 if (__ieee80211_queue_stopped(local, i))
1315 continue;
1316 if (!__ieee80211_queue_pending(local, i)) {
1317 reschedule = 1;
1318 continue;
1319 }
1320 store = &local->pending_packet[i];
1321 tx.u.tx.control = &store->control;
1322 tx.u.tx.extra_frag = store->extra_frag;
1323 tx.u.tx.num_extra_frag = store->num_extra_frag;
1324 tx.u.tx.last_frag_hwrate = store->last_frag_hwrate;
1325 tx.u.tx.last_frag_rateidx = store->last_frag_rateidx;
1326 tx.u.tx.probe_last_frag = store->last_frag_rate_ctrl_probe;
1327 ret = __ieee80211_tx(local, store->skb, &tx);
1328 if (ret) {
1329 if (ret == IEEE80211_TX_FRAG_AGAIN)
1330 store->skb = NULL;
1331 } else {
1332 clear_bit(IEEE80211_LINK_STATE_PENDING,
1333 &local->state[i]);
1334 reschedule = 1;
1335 }
1336 }
1337 netif_tx_unlock_bh(dev);
1338 if (reschedule)
1339 netif_schedule(dev);
1340 }
1341
1342 static void ieee80211_clear_tx_pending(struct ieee80211_local *local)
1343 {
1344 int i, j;
1345 struct ieee80211_tx_stored_packet *store;
1346
1347 for (i = 0; i < local->hw.queues; i++) {
1348 if (!__ieee80211_queue_pending(local, i))
1349 continue;
1350 store = &local->pending_packet[i];
1351 kfree_skb(store->skb);
1352 for (j = 0; j < store->num_extra_frag; j++)
1353 kfree_skb(store->extra_frag[j]);
1354 kfree(store->extra_frag);
1355 clear_bit(IEEE80211_LINK_STATE_PENDING, &local->state[i]);
1356 }
1357 }
1358
1359 static int ieee80211_master_start_xmit(struct sk_buff *skb,
1360 struct net_device *dev)
1361 {
1362 struct ieee80211_tx_control control;
1363 struct ieee80211_tx_packet_data *pkt_data;
1364 struct net_device *odev = NULL;
1365 struct ieee80211_sub_if_data *sdata, *osdata;
1366 int ret;
1367
1368 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1369
1370 /*
1371 * copy control out of the skb so other people can use skb->cb
1372 */
1373 pkt_data = (struct ieee80211_tx_packet_data *)skb->cb;
1374 memset(&control, 0, sizeof(struct ieee80211_tx_control));
1375
1376 if (pkt_data->ifindex)
1377 odev = dev_get_by_index(pkt_data->ifindex);
1378 if (unlikely(odev && !is_ieee80211_device(odev, dev))) {
1379 dev_put(odev);
1380 odev = NULL;
1381 }
1382 if (unlikely(!odev)) {
1383 #ifdef CONFIG_D80211_VERBOSE_DEBUG
1384 printk(KERN_DEBUG "%s: Discarded packet with nonexistent "
1385 "originating device\n", dev->name);
1386 #endif
1387 dev_kfree_skb(skb);
1388 return 0;
1389 }
1390 osdata = IEEE80211_DEV_TO_SUB_IF(odev);
1391
1392 control.ifindex = odev->ifindex;
1393 control.type = osdata->type;
1394 if (pkt_data->req_tx_status)
1395 control.flags |= IEEE80211_TXCTL_REQ_TX_STATUS;
1396 if (pkt_data->do_not_encrypt)
1397 control.flags |= IEEE80211_TXCTL_DO_NOT_ENCRYPT;
1398 control.pkt_type =
1399 pkt_data->pkt_probe_resp ? PKT_PROBE_RESP : PKT_NORMAL;
1400 if (pkt_data->requeue)
1401 control.flags |= IEEE80211_TXCTL_REQUEUE;
1402 control.queue = pkt_data->queue;
1403
1404 ret = ieee80211_tx(odev, skb, &control,
1405 control.type == IEEE80211_IF_TYPE_MGMT);
1406 dev_put(odev);
1407
1408 return ret;
1409 }
1410
1411
1412 /**
1413 * ieee80211_subif_start_xmit - netif start_xmit function for Ethernet-type
1414 * subinterfaces (wlan#, WDS, and VLAN interfaces)
1415 * @skb: packet to be sent
1416 * @dev: incoming interface
1417 *
1418 * Returns: 0 on success (and frees skb in this case) or 1 on failure (skb will
1419 * not be freed, and caller is responsible for either retrying later or freeing
1420 * skb).
1421 *
1422 * This function takes in an Ethernet header and encapsulates it with suitable
1423 * IEEE 802.11 header based on which interface the packet is coming in. The
1424 * encapsulated packet will then be passed to master interface, wlan#.11, for
1425 * transmission (through low-level driver).
1426 */
1427 static int ieee80211_subif_start_xmit(struct sk_buff *skb,
1428 struct net_device *dev)
1429 {
1430 struct ieee80211_local *local = dev->ieee80211_ptr;
1431 struct ieee80211_tx_packet_data *pkt_data;
1432 struct ieee80211_sub_if_data *sdata;
1433 int ret = 1, head_need;
1434 u16 ethertype, hdrlen, fc;
1435 struct ieee80211_hdr hdr;
1436 u8 *encaps_data;
1437 int encaps_len, skip_header_bytes;
1438 int nh_pos, h_pos, no_encrypt = 0;
1439 struct sta_info *sta;
1440
1441 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1442 if (unlikely(skb->len < ETH_HLEN)) {
1443 printk(KERN_DEBUG "%s: short skb (len=%d)\n",
1444 dev->name, skb->len);
1445 ret = 0;
1446 goto fail;
1447 }
1448
1449 nh_pos = skb->nh.raw - skb->data;
1450 h_pos = skb->h.raw - skb->data;
1451
1452 /* convert Ethernet header to proper 802.11 header (based on
1453 * operation mode) */
1454 ethertype = (skb->data[12] << 8) | skb->data[13];
1455 /* TODO: handling for 802.1x authorized/unauthorized port */
1456 fc = IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA;
1457
1458 if (likely(sdata->type == IEEE80211_IF_TYPE_AP ||
1459 sdata->type == IEEE80211_IF_TYPE_VLAN)) {
1460 fc |= IEEE80211_FCTL_FROMDS;
1461 /* DA BSSID SA */
1462 memcpy(hdr.addr1, skb->data, ETH_ALEN);
1463 memcpy(hdr.addr2, dev->dev_addr, ETH_ALEN);
1464 memcpy(hdr.addr3, skb->data + ETH_ALEN, ETH_ALEN);
1465 hdrlen = 24;
1466 } else if (sdata->type == IEEE80211_IF_TYPE_WDS) {
1467 fc |= IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS;
1468 /* RA TA DA SA */
1469 memcpy(hdr.addr1, sdata->u.wds.remote_addr, ETH_ALEN);
1470 memcpy(hdr.addr2, dev->dev_addr, ETH_ALEN);
1471 memcpy(hdr.addr3, skb->data, ETH_ALEN);
1472 memcpy(hdr.addr4, skb->data + ETH_ALEN, ETH_ALEN);
1473 hdrlen = 30;
1474 } else if (sdata->type == IEEE80211_IF_TYPE_STA) {
1475 fc |= IEEE80211_FCTL_TODS;
1476 /* BSSID SA DA */
1477 memcpy(hdr.addr1, sdata->u.sta.bssid, ETH_ALEN);
1478 memcpy(hdr.addr2, skb->data + ETH_ALEN, ETH_ALEN);
1479 memcpy(hdr.addr3, skb->data, ETH_ALEN);
1480 hdrlen = 24;
1481 } else if (sdata->type == IEEE80211_IF_TYPE_IBSS) {
1482 /* DA SA BSSID */
1483 memcpy(hdr.addr1, skb->data, ETH_ALEN);
1484 memcpy(hdr.addr2, skb->data + ETH_ALEN, ETH_ALEN);
1485 memcpy(hdr.addr3, sdata->u.sta.bssid, ETH_ALEN);
1486 hdrlen = 24;
1487 } else {
1488 ret = 0;
1489 goto fail;
1490 }
1491
1492 /* receiver is QoS enabled, use a QoS type frame */
1493 sta = sta_info_get(local, hdr.addr1);
1494 if (sta) {
1495 if (sta->flags & WLAN_STA_WME) {
1496 fc |= IEEE80211_STYPE_QOS_DATA;
1497 hdrlen += 2;
1498 }
1499 sta_info_put(sta);
1500 }
1501
1502 hdr.frame_control = cpu_to_le16(fc);
1503 hdr.duration_id = 0;
1504 hdr.seq_ctrl = 0;
1505
1506 skip_header_bytes = ETH_HLEN;
1507 if (ethertype == ETH_P_AARP || ethertype == ETH_P_IPX) {
1508 encaps_data = bridge_tunnel_header;
1509 encaps_len = sizeof(bridge_tunnel_header);
1510 skip_header_bytes -= 2;
1511 } else if (ethertype >= 0x600) {
1512 encaps_data = rfc1042_header;
1513 encaps_len = sizeof(rfc1042_header);
1514 skip_header_bytes -= 2;
1515 } else {
1516 encaps_data = NULL;
1517 encaps_len = 0;
1518 }
1519
1520 skb_pull(skb, skip_header_bytes);
1521 nh_pos -= skip_header_bytes;
1522 h_pos -= skip_header_bytes;
1523
1524 /* TODO: implement support for fragments so that there is no need to
1525 * reallocate and copy payload; it might be enough to support one
1526 * extra fragment that would be copied in the beginning of the frame
1527 * data.. anyway, it would be nice to include this into skb structure
1528 * somehow
1529 *
1530 * There are few options for this:
1531 * use skb->cb as an extra space for 802.11 header
1532 * allocate new buffer if not enough headroom
1533 * make sure that there is enough headroom in every skb by increasing
1534 * build in headroom in __dev_alloc_skb() (linux/skbuff.h) and
1535 * alloc_skb() (net/core/skbuff.c)
1536 */
1537 head_need = hdrlen + encaps_len + local->hw.extra_tx_headroom;
1538 head_need -= skb_headroom(skb);
1539
1540 /* We are going to modify skb data, so make a copy of it if happens to
1541 * be cloned. This could happen, e.g., with Linux bridge code passing
1542 * us broadcast frames. */
1543
1544 if (head_need > 0 || skb_cloned(skb)) {
1545 #if 0
1546 printk(KERN_DEBUG "%s: need to reallocate buffer for %d bytes "
1547 "of headroom\n", dev->name, head_need);
1548 #endif
1549
1550 if (skb_cloned(skb))
1551 I802_DEBUG_INC(local->tx_expand_skb_head_cloned);
1552 else
1553 I802_DEBUG_INC(local->tx_expand_skb_head);
1554 /* Since we have to reallocate the buffer, make sure that there
1555 * is enough room for possible WEP IV/ICV and TKIP (8 bytes
1556 * before payload and 12 after). */
1557 if (pskb_expand_head(skb, (head_need > 0 ? head_need + 8 : 8),
1558 12, GFP_ATOMIC)) {
1559 printk(KERN_DEBUG "%s: failed to reallocate TX buffer"
1560 "\n", dev->name);
1561 goto fail;
1562 }
1563 }
1564
1565 if (encaps_data) {
1566 memcpy(skb_push(skb, encaps_len), encaps_data, encaps_len);
1567 nh_pos += encaps_len;
1568 h_pos += encaps_len;
1569 }
1570 memcpy(skb_push(skb, hdrlen), &hdr, hdrlen);
1571 nh_pos += hdrlen;
1572 h_pos += hdrlen;
1573
1574 pkt_data = (struct ieee80211_tx_packet_data *)skb->cb;
1575 memset(pkt_data, 0, sizeof(struct ieee80211_tx_packet_data));
1576 pkt_data->ifindex = sdata->dev->ifindex;
1577 pkt_data->mgmt_iface = (sdata->type == IEEE80211_IF_TYPE_MGMT);
1578 pkt_data->do_not_encrypt = no_encrypt;
1579
1580 skb->dev = local->mdev;
1581 sdata->stats.tx_packets++;
1582 sdata->stats.tx_bytes += skb->len;
1583
1584 /* Update skb pointers to various headers since this modified frame
1585 * is going to go through Linux networking code that may potentially
1586 * need things like pointer to IP header. */
1587 skb->mac.raw = skb->data;
1588 skb->nh.raw = skb->data + nh_pos;
1589 skb->h.raw = skb->data + h_pos;
1590
1591 dev_queue_xmit(skb);
1592
1593 return 0;
1594
1595 fail:
1596 if (!ret)
1597 dev_kfree_skb(skb);
1598
1599 return ret;
1600 }
1601
1602
1603 /*
1604 * This is the transmit routine for the 802.11 type interfaces
1605 * called by upper layers of the linux networking
1606 * stack when it has a frame to transmit
1607 */
1608 static int
1609 ieee80211_mgmt_start_xmit(struct sk_buff *skb, struct net_device *dev)
1610 {
1611 struct ieee80211_sub_if_data *sdata;
1612 struct ieee80211_tx_packet_data *pkt_data;
1613 struct ieee80211_hdr *hdr;
1614 u16 fc;
1615
1616 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1617
1618 if (skb->len < 10) {
1619 dev_kfree_skb(skb);
1620 return 0;
1621 }
1622
1623 hdr = (struct ieee80211_hdr *) skb->data;
1624 fc = le16_to_cpu(hdr->frame_control);
1625
1626 pkt_data = (struct ieee80211_tx_packet_data *) skb->cb;
1627 memset(pkt_data, 0, sizeof(struct ieee80211_tx_packet_data));
1628 pkt_data->ifindex = sdata->dev->ifindex;
1629 pkt_data->mgmt_iface = (sdata->type == IEEE80211_IF_TYPE_MGMT);
1630
1631 if ((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_MGMT &&
1632 (fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_PROBE_RESP)
1633 pkt_data->pkt_probe_resp = 1;
1634
1635 skb->priority = 20; /* use hardcoded priority for mgmt TX queue */
1636 skb->dev = sdata->local->mdev;
1637
1638 /*
1639 * We're using the protocol field of the the frame control header
1640 * to request TX callback for hostapd. BIT(1) is checked.
1641 */
1642 if ((fc & BIT(1)) == BIT(1)) {
1643 pkt_data->req_tx_status = 1;
1644 fc &= ~BIT(1);
1645 hdr->frame_control = cpu_to_le16(fc);
1646 }
1647
1648 pkt_data->do_not_encrypt = !(fc & IEEE80211_FCTL_PROTECTED);
1649
1650 sdata->stats.tx_packets++;
1651 sdata->stats.tx_bytes += skb->len;
1652
1653 dev_queue_xmit(skb);
1654
1655 return 0;
1656 }
1657
1658
1659 static void ieee80211_beacon_add_tim(struct ieee80211_local *local,
1660 struct ieee80211_if_ap *bss,
1661 struct sk_buff *skb)
1662 {
1663 u8 *pos, *tim;
1664 int aid0 = 0;
1665 int i, have_bits = 0, n1, n2;
1666
1667 /* Generate bitmap for TIM only if there are any STAs in power save
1668 * mode. */
1669 spin_lock_bh(&local->sta_lock);
1670 if (atomic_read(&bss->num_sta_ps) > 0)
1671 /* in the hope that this is faster than
1672 * checking byte-for-byte */
1673 have_bits = !bitmap_empty((unsigned long*)bss->tim,
1674 IEEE80211_MAX_AID+1);
1675
1676 if (bss->dtim_count == 0)
1677 bss->dtim_count = bss->dtim_period - 1;
1678 else
1679 bss->dtim_count--;
1680
1681 tim = pos = (u8 *) skb_put(skb, 6);
1682 *pos++ = WLAN_EID_TIM;
1683 *pos++ = 4;
1684 *pos++ = bss->dtim_count;
1685 *pos++ = bss->dtim_period;
1686
1687 if (bss->dtim_count == 0 && !skb_queue_empty(&bss->ps_bc_buf))
1688 aid0 = 1;
1689
1690 if (have_bits) {
1691 /* Find largest even number N1 so that bits numbered 1 through
1692 * (N1 x 8) - 1 in the bitmap are 0 and number N2 so that bits
1693 * (N2 + 1) x 8 through 2007 are 0. */
1694 n1 = 0;
1695 for (i = 0; i < IEEE80211_MAX_TIM_LEN; i++) {
1696 if (bss->tim[i]) {
1697 n1 = i & 0xfe;
1698 break;
1699 }
1700 }
1701 n2 = n1;
1702 for (i = IEEE80211_MAX_TIM_LEN - 1; i >= n1; i--) {
1703 if (bss->tim[i]) {
1704 n2 = i;
1705 break;
1706 }
1707 }
1708
1709 /* Bitmap control */
1710 *pos++ = n1 | aid0;
1711 /* Part Virt Bitmap */
1712 memcpy(pos, bss->tim + n1, n2 - n1 + 1);
1713
1714 tim[1] = n2 - n1 + 4;
1715 skb_put(skb, n2 - n1);
1716 } else {
1717 *pos++ = aid0; /* Bitmap control */
1718 *pos++ = 0; /* Part Virt Bitmap */
1719 }
1720 spin_unlock_bh(&local->sta_lock);
1721 }
1722
1723
1724 struct sk_buff * ieee80211_beacon_get(struct ieee80211_hw *hw, int if_id,
1725 struct ieee80211_tx_control *control)
1726 {
1727 struct ieee80211_local *local = hw_to_local(hw);
1728 struct sk_buff *skb;
1729 struct net_device *bdev;
1730 struct ieee80211_sub_if_data *sdata = NULL;
1731 struct ieee80211_if_ap *ap = NULL;
1732 struct ieee80211_rate *rate;
1733 struct rate_control_extra extra;
1734 u8 *b_head, *b_tail;
1735 int bh_len, bt_len;
1736
1737 bdev = dev_get_by_index(if_id);
1738 if (bdev) {
1739 sdata = IEEE80211_DEV_TO_SUB_IF(bdev);
1740 ap = &sdata->u.ap;
1741 dev_put(bdev);
1742 }
1743
1744 if (!ap || sdata->type != IEEE80211_IF_TYPE_AP ||
1745 !ap->beacon_head) {
1746 #ifdef CONFIG_D80211_VERBOSE_DEBUG
1747 if (net_ratelimit())
1748 printk(KERN_DEBUG "no beacon data avail for idx=%d "
1749 "(%s)\n", if_id, bdev ? bdev->name : "N/A");
1750 #endif /* CONFIG_D80211_VERBOSE_DEBUG */
1751 return NULL;
1752 }
1753
1754 /* Assume we are generating the normal beacon locally */
1755 b_head = ap->beacon_head;
1756 b_tail = ap->beacon_tail;
1757 bh_len = ap->beacon_head_len;
1758 bt_len = ap->beacon_tail_len;
1759
1760 skb = dev_alloc_skb(bh_len + bt_len + 256 /* maximum TIM len */);
1761 if (!skb)
1762 return NULL;
1763
1764 memcpy(skb_put(skb, bh_len), b_head, bh_len);
1765
1766 ieee80211_beacon_add_tim(local, ap, skb);
1767
1768 if (b_tail) {
1769 memcpy(skb_put(skb, bt_len), b_tail, bt_len);
1770 }
1771
1772 if (control) {
1773 memset(&extra, 0, sizeof(extra));
1774 extra.endidx = local->num_curr_rates;
1775
1776 rate = rate_control_get_rate(local, local->mdev, skb, &extra);
1777 if (!rate) {
1778 if (net_ratelimit()) {
1779 printk(KERN_DEBUG "%s: ieee80211_beacon_get: no rate "
1780 "found\n", local->mdev->name);
1781 }
1782 dev_kfree_skb(skb);
1783 return NULL;
1784 }
1785
1786 control->tx_rate = (local->short_preamble &&
1787 (rate->flags & IEEE80211_RATE_PREAMBLE2)) ?
1788 rate->val2 : rate->val;
1789 control->antenna_sel = local->hw.conf.antenna_sel;
1790 control->power_level = local->hw.conf.power_level;
1791 control->flags |= IEEE80211_TXCTL_NO_ACK;
1792 control->retry_limit = 1;
1793 control->rts_cts_duration = 0;
1794 control->flags |= IEEE80211_TXCTL_CLEAR_DST_MASK;
1795 }
1796
1797 ap->num_beacons++;
1798 return skb;
1799 }
1800 EXPORT_SYMBOL(ieee80211_beacon_get);
1801
1802 struct sk_buff *
1803 ieee80211_get_buffered_bc(struct ieee80211_hw *hw, int if_id,
1804 struct ieee80211_tx_control *control)
1805 {
1806 struct ieee80211_local *local = hw_to_local(hw);
1807 struct sk_buff *skb;
1808 struct sta_info *sta;
1809 ieee80211_tx_handler *handler;
1810 struct ieee80211_txrx_data tx;
1811 ieee80211_txrx_result res = TXRX_DROP;
1812 struct net_device *bdev;
1813 struct ieee80211_sub_if_data *sdata;
1814 struct ieee80211_if_ap *bss = NULL;
1815
1816 bdev = dev_get_by_index(if_id);
1817 if (bdev) {
1818 sdata = IEEE80211_DEV_TO_SUB_IF(bdev);
1819 bss = &sdata->u.ap;
1820 dev_put(bdev);
1821 }
1822 if (!bss || sdata->type != IEEE80211_IF_TYPE_AP || !bss->beacon_head)
1823 return NULL;
1824
1825 if (bss->dtim_count != 0)
1826 return NULL; /* send buffered bc/mc only after DTIM beacon */
1827 skb = skb_dequeue(&bss->ps_bc_buf);
1828 memset(control, 0, sizeof(*control));
1829 if (!skb)
1830 return NULL;
1831 local->total_ps_buffered--;
1832
1833 if (!skb_queue_empty(&bss->ps_bc_buf) && skb->len >= 2) {
1834 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
1835 /* more buffered multicast/broadcast frames ==> set MoreData
1836 * flag in IEEE 802.11 header to inform PS STAs */
1837 hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_MOREDATA);
1838 }
1839
1840 ieee80211_tx_prepare(&tx, skb, local->mdev, control);
1841 sta = tx.sta;
1842 tx.u.tx.ps_buffered = 1;
1843
1844 for (handler = local->tx_handlers; *handler != NULL; handler++) {
1845 res = (*handler)(&tx);
1846 if (res == TXRX_DROP || res == TXRX_QUEUED)
1847 break;
1848 }
1849 dev_put(tx.dev);
1850 skb = tx.skb; /* handlers are allowed to change skb */
1851
1852 if (res == TXRX_DROP) {
1853 I802_DEBUG_INC(local->tx_handlers_drop);
1854 dev_kfree_skb(skb);
1855 skb = NULL;
1856 } else if (res == TXRX_QUEUED) {
1857 I802_DEBUG_INC(local->tx_handlers_queued);
1858 skb = NULL;
1859 }
1860
1861 if (sta)
1862 sta_info_put(sta);
1863
1864 return skb;
1865 }
1866 EXPORT_SYMBOL(ieee80211_get_buffered_bc);
1867
1868 static int __ieee80211_if_config(struct net_device *dev,
1869 struct sk_buff *beacon)
1870 {
1871 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1872 struct ieee80211_local *local = dev->ieee80211_ptr;
1873 struct ieee80211_if_conf conf;
1874
1875 if (!local->ops->config_interface || !netif_running(dev))
1876 return 0;
1877
1878 memset(&conf, 0, sizeof(conf));
1879 conf.type = sdata->type;
1880 if (sdata->type == IEEE80211_IF_TYPE_STA ||
1881 sdata->type == IEEE80211_IF_TYPE_IBSS) {
1882 conf.bssid = sdata->u.sta.bssid;
1883 conf.ssid = sdata->u.sta.ssid;
1884 conf.ssid_len = sdata->u.sta.ssid_len;
1885 conf.generic_elem = sdata->u.sta.extra_ie;
1886 conf.generic_elem_len = sdata->u.sta.extra_ie_len;
1887 } else if (sdata->type == IEEE80211_IF_TYPE_AP) {
1888 conf.ssid = sdata->u.ap.ssid;
1889 conf.ssid_len = sdata->u.ap.ssid_len;
1890 conf.generic_elem = sdata->u.ap.generic_elem;
1891 conf.generic_elem_len = sdata->u.ap.generic_elem_len;
1892 conf.beacon = beacon;
1893 }
1894 return local->ops->config_interface(local_to_hw(local),
1895 dev->ifindex, &conf);
1896 }
1897
1898 int ieee80211_if_config(struct net_device *dev)
1899 {
1900 return __ieee80211_if_config(dev, NULL);
1901 }
1902
1903 int ieee80211_if_config_beacon(struct net_device *dev)
1904 {
1905 struct ieee80211_local *local = dev->ieee80211_ptr;
1906 struct sk_buff *skb;
1907
1908 if (!(local->hw.flags & IEEE80211_HW_HOST_GEN_BEACON_TEMPLATE))
1909 return 0;
1910 skb = ieee80211_beacon_get(local_to_hw(local), dev->ifindex, NULL);
1911 if (!skb)
1912 return -ENOMEM;
1913 return __ieee80211_if_config(dev, skb);
1914 }
1915
1916 int ieee80211_hw_config(struct ieee80211_local *local)
1917 {
1918 int i, ret = 0;
1919
1920 #ifdef CONFIG_D80211_VERBOSE_DEBUG
1921 printk(KERN_DEBUG "HW CONFIG: channel=%d freq=%d "
1922 "phymode=%d\n", local->hw.conf.channel, local->hw.conf.freq,
1923 local->hw.conf.phymode);
1924 #endif /* CONFIG_D80211_VERBOSE_DEBUG */
1925
1926 if (local->ops->config)
1927 ret = local->ops->config(local_to_hw(local), &local->hw.conf);
1928
1929 for (i = 0; i < local->hw.num_modes; i++) {
1930 struct ieee80211_hw_modes *mode = &local->hw.modes[i];
1931 if (mode->mode == local->hw.conf.phymode) {
1932 if (local->curr_rates != mode->rates) {
1933 rate_control_clear(local);
1934 }
1935 local->curr_rates = mode->rates;
1936 local->num_curr_rates = mode->num_rates;
1937 ieee80211_prepare_rates(local);
1938 break;
1939 }
1940 }
1941
1942 return ret;
1943 }
1944
1945
1946 static int ieee80211_change_mtu(struct net_device *dev, int new_mtu)
1947 {
1948 /* FIX: what would be proper limits for MTU?
1949 * This interface uses 802.3 frames. */
1950 if (new_mtu < 256 || new_mtu > IEEE80211_DATA_LEN - 24 - 6) {
1951 printk(KERN_WARNING "%s: invalid MTU %d\n",
1952 dev->name, new_mtu);
1953 return -EINVAL;
1954 }
1955
1956 #ifdef CONFIG_D80211_VERBOSE_DEBUG
1957 printk(KERN_DEBUG "%s: setting MTU %d\n", dev->name, new_mtu);
1958 #endif /* CONFIG_D80211_VERBOSE_DEBUG */
1959 dev->mtu = new_mtu;
1960 return 0;
1961 }
1962
1963
1964 static int ieee80211_change_mtu_apdev(struct net_device *dev, int new_mtu)
1965 {
1966 /* FIX: what would be proper limits for MTU?
1967 * This interface uses 802.11 frames. */
1968 if (new_mtu < 256 || new_mtu > IEEE80211_DATA_LEN) {
1969 printk(KERN_WARNING "%s: invalid MTU %d\n",
1970 dev->name, new_mtu);
1971 return -EINVAL;
1972 }
1973
1974 #ifdef CONFIG_D80211_VERBOSE_DEBUG
1975 printk(KERN_DEBUG "%s: setting MTU %d\n", dev->name, new_mtu);
1976 #endif /* CONFIG_D80211_VERBOSE_DEBUG */
1977 dev->mtu = new_mtu;
1978 return 0;
1979 }
1980
1981
1982 static void ieee80211_tx_timeout(struct net_device *dev)
1983 {
1984 struct ieee80211_local *local = dev->ieee80211_ptr;
1985
1986 printk(KERN_WARNING "%s: resetting interface.\n", dev->name);
1987
1988 if (local->ops->reset(local_to_hw(local)))
1989 printk(KERN_ERR "%s: failed to reset interface.\n", dev->name);
1990 else
1991 netif_wake_queue(dev);
1992 }
1993
1994
1995 static int ieee80211_set_mac_address(struct net_device *dev, void *addr)
1996 {
1997 struct sockaddr *a = addr;
1998
1999 if (netif_running(dev))
2000 return -EBUSY;
2001
2002 memcpy(dev->dev_addr, a->sa_data, ETH_ALEN);
2003 return 0;
2004 }
2005
2006 static void ieee80211_set_multicast_list(struct net_device *dev)
2007 {
2008 struct ieee80211_local *local = dev->ieee80211_ptr;
2009 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2010 unsigned short flags;
2011
2012 if (((dev->flags & IFF_ALLMULTI) != 0) ^ (sdata->allmulti != 0)) {
2013 if (sdata->allmulti) {
2014 sdata->allmulti = 0;
2015 local->iff_allmultis--;
2016 } else {
2017 sdata->allmulti = 1;
2018 local->iff_allmultis++;
2019 }
2020 }
2021 if (((dev->flags & IFF_PROMISC) != 0) ^ (sdata->promisc != 0)) {
2022 if (sdata->promisc) {
2023 sdata->promisc = 0;
2024 local->iff_promiscs--;
2025 } else {
2026 sdata->promisc = 1;
2027 local->iff_promiscs++;
2028 }
2029 }
2030 if (dev->mc_count != sdata->mc_count) {
2031 local->mc_count = local->mc_count - sdata->mc_count +
2032 dev->mc_count;
2033 sdata->mc_count = dev->mc_count;
2034 }
2035 if (local->ops->set_multicast_list) {
2036 flags = local->mdev->flags;
2037 if (local->iff_allmultis)
2038 flags |= IFF_ALLMULTI;
2039 if (local->iff_promiscs)
2040 flags |= IFF_PROMISC;
2041 local->ops->set_multicast_list(local_to_hw(local), flags,
2042 local->mc_count);
2043 }
2044 }
2045
2046 struct dev_mc_list *ieee80211_get_mc_list_item(struct ieee80211_hw *hw,
2047 struct dev_mc_list *prev,
2048 void **ptr)
2049 {
2050 struct ieee80211_local *local = hw_to_local(hw);
2051 struct ieee80211_sub_if_data *sdata = *ptr;
2052 struct dev_mc_list *mc;
2053
2054 if (!prev) {
2055 WARN_ON(sdata);
2056 sdata = NULL;
2057 }
2058 if (!prev || !prev->next) {
2059 if (sdata)
2060 sdata = list_entry(sdata->list.next,
2061 struct ieee80211_sub_if_data, list);
2062 else
2063 sdata = list_entry(local->sub_if_list.next,
2064 struct ieee80211_sub_if_data, list);
2065 if (&sdata->list != &local->sub_if_list)
2066 mc = sdata->dev->mc_list;
2067 else
2068 mc = NULL;
2069 } else
2070 mc = prev->next;
2071
2072 *ptr = sdata;
2073 return mc;
2074 }
2075 EXPORT_SYMBOL(ieee80211_get_mc_list_item);
2076
2077 static struct net_device_stats *ieee80211_get_stats(struct net_device *dev)
2078 {
2079 struct ieee80211_sub_if_data *sdata;
2080 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2081 return &(sdata->stats);
2082 }
2083
2084 void ieee80211_if_shutdown(struct net_device *dev)
2085 {
2086 struct ieee80211_local *local = dev->ieee80211_ptr;
2087 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2088
2089 ASSERT_RTNL();
2090 switch (sdata->type) {
2091 case IEEE80211_IF_TYPE_STA:
2092 case IEEE80211_IF_TYPE_IBSS:
2093 sdata->u.sta.state = IEEE80211_DISABLED;
2094 cancel_delayed_work(&sdata->u.sta.work);
2095 if (local->scan_work.data == sdata->dev) {
2096 local->sta_scanning = 0;
2097 cancel_delayed_work(&local->scan_work);
2098 flush_scheduled_work();
2099 /* see comment in ieee80211_unregister_hw to
2100 * understand why this works */
2101 local->scan_work.data = NULL;
2102 } else
2103 flush_scheduled_work();
2104 break;
2105 }
2106 }
2107
2108 static inline int identical_mac_addr_allowed(int type1, int type2)
2109 {
2110 return (type1 == IEEE80211_IF_TYPE_MNTR ||
2111 type2 == IEEE80211_IF_TYPE_MNTR ||
2112 (type1 == IEEE80211_IF_TYPE_AP &&
2113 type2 == IEEE80211_IF_TYPE_WDS) ||
2114 (type1 == IEEE80211_IF_TYPE_WDS &&
2115 (type2 == IEEE80211_IF_TYPE_WDS ||
2116 type2 == IEEE80211_IF_TYPE_AP)) ||
2117 (type1 == IEEE80211_IF_TYPE_AP &&
2118 type2 == IEEE80211_IF_TYPE_VLAN) ||
2119 (type1 == IEEE80211_IF_TYPE_VLAN &&
2120 (type2 == IEEE80211_IF_TYPE_AP ||
2121 type2 == IEEE80211_IF_TYPE_VLAN)));
2122 }
2123
2124 static int ieee80211_master_open(struct net_device *dev)
2125 {
2126 struct ieee80211_local *local = dev->ieee80211_ptr;
2127 struct ieee80211_sub_if_data *sdata;
2128 int res = -EOPNOTSUPP;
2129
2130 list_for_each_entry(sdata, &local->sub_if_list, list) {
2131 if (sdata->dev != dev && netif_running(sdata->dev)) {
2132 res = 0;
2133 tasklet_enable(&local->tx_pending_tasklet);
2134 break;
2135 }
2136 }
2137 return res;
2138 }
2139
2140 static int ieee80211_master_stop(struct net_device *dev)
2141 {
2142 struct ieee80211_local *local = dev->ieee80211_ptr;
2143 struct ieee80211_sub_if_data *sdata;
2144
2145 tasklet_disable(&local->tx_pending_tasklet);
2146 list_for_each_entry(sdata, &local->sub_if_list, list) {
2147 if (sdata->dev != dev && netif_running(sdata->dev))
2148 return -EOPNOTSUPP;
2149 }
2150 return 0;
2151 }
2152
2153 static int ieee80211_mgmt_open(struct net_device *dev)
2154 {
2155 struct ieee80211_local *local = dev->ieee80211_ptr;
2156
2157 if (!netif_running(local->mdev))
2158 return -EOPNOTSUPP;
2159 return 0;
2160 }
2161
2162 static int ieee80211_mgmt_stop(struct net_device *dev)
2163 {
2164 return 0;
2165 }
2166
2167 /* Check if running monitor interfaces should go to a "soft monitor" mode
2168 * and switch them if necessary. */
2169 static inline void ieee80211_start_soft_monitor(struct ieee80211_local *local)
2170 {
2171 struct ieee80211_if_init_conf conf;
2172
2173 if (local->open_count && local->open_count == local->monitors &&
2174 !(local->hw.flags & IEEE80211_HW_MONITOR_DURING_OPER) &&
2175 local->ops->remove_interface) {
2176 conf.if_id = -1;
2177 conf.type = IEEE80211_IF_TYPE_MNTR;
2178 conf.mac_addr = NULL;
2179 local->ops->remove_interface(local_to_hw(local), &conf);
2180 }
2181 }
2182
2183 /* Check if running monitor interfaces should go to a "hard monitor" mode
2184 * and switch them if necessary. */
2185 static void ieee80211_start_hard_monitor(struct ieee80211_local *local)
2186 {
2187 struct ieee80211_if_init_conf conf;
2188
2189 if (local->open_count && local->open_count == local->monitors &&
2190 !(local->hw.flags & IEEE80211_HW_MONITOR_DURING_OPER) &&
2191 local->ops->add_interface) {
2192 conf.if_id = -1;
2193 conf.type = IEEE80211_IF_TYPE_MNTR;
2194 conf.mac_addr = NULL;
2195 local->ops->add_interface(local_to_hw(local), &conf);
2196 }
2197 }
2198
2199 static int ieee80211_open(struct net_device *dev)
2200 {
2201 struct ieee80211_sub_if_data *sdata, *nsdata;
2202 struct ieee80211_local *local = dev->ieee80211_ptr;
2203 struct ieee80211_if_init_conf conf;
2204 int res;
2205
2206 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2207 list_for_each_entry(nsdata, &local->sub_if_list, list) {
2208 struct net_device *ndev = nsdata->dev;
2209
2210 if (ndev != dev && ndev != local->mdev &&
2211 netif_running(ndev) &&
2212 memcmp(dev->dev_addr, ndev->dev_addr, ETH_ALEN) == 0 &&
2213 !identical_mac_addr_allowed(sdata->type, nsdata->type)) {
2214 return -ENOTUNIQ;
2215 }
2216 }
2217 if (sdata->type == IEEE80211_IF_TYPE_WDS &&
2218 memcmp(sdata->u.wds.remote_addr, "\0\0\0\0\0\0", ETH_ALEN) == 0)
2219 return -ENOLINK;
2220
2221 if (sdata->type == IEEE80211_IF_TYPE_MNTR && local->open_count &&
2222 !(local->hw.flags & IEEE80211_HW_MONITOR_DURING_OPER)) {
2223 /* run the interface in a "soft monitor" mode */
2224 local->monitors++;
2225 local->open_count++;
2226 return 0;
2227 }
2228 ieee80211_start_soft_monitor(local);
2229
2230 if (local->ops->add_interface) {
2231 conf.if_id = dev->ifindex;
2232 conf.type = sdata->type;
2233 conf.mac_addr = dev->dev_addr;
2234 res = local->ops->add_interface(local_to_hw(local), &conf);
2235 if (res) {
2236 if (sdata->type == IEEE80211_IF_TYPE_MNTR)
2237 ieee80211_start_hard_monitor(local);
2238 return res;
2239 }
2240 } else {
2241 if (sdata->type != IEEE80211_IF_TYPE_STA)
2242 return -EOPNOTSUPP;
2243 if (local->open_count > 0)
2244 return -ENOBUFS;
2245 }
2246
2247 if (local->open_count == 0) {
2248 res = 0;
2249 if (local->ops->open)
2250 res = local->ops->open(local_to_hw(local));
2251 if (res == 0) {
2252 res = dev_open(local->mdev);
2253 if (res) {
2254 if (local->ops->stop)
2255 local->ops->stop(local_to_hw(local));
2256 } else if (local->apdev)
2257 dev_open(local->apdev);
2258 }
2259 if (res) {
2260 if (local->ops->remove_interface)
2261 local->ops->remove_interface(local_to_hw(local),
2262 &conf);
2263 return res;
2264 }
2265 ieee80211_init_scan(local);
2266 }
2267 local->open_count++;
2268
2269 if (sdata->type == IEEE80211_IF_TYPE_MNTR)
2270 local->monitors++;
2271 else
2272 ieee80211_if_config(dev);
2273
2274 netif_start_queue(dev);
2275 return 0;
2276 }
2277
2278
2279 static int ieee80211_stop(struct net_device *dev)
2280 {
2281 struct ieee80211_sub_if_data *sdata;
2282 struct ieee80211_local *local = dev->ieee80211_ptr;
2283
2284 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2285
2286 if (sdata->type == IEEE80211_IF_TYPE_MNTR &&
2287 local->open_count > 1 &&
2288 !(local->hw.flags & IEEE80211_HW_MONITOR_DURING_OPER)) {
2289 /* remove "soft monitor" interface */
2290 local->open_count--;
2291 local->monitors--;
2292 return 0;
2293 }
2294
2295 netif_stop_queue(dev);
2296
2297 if (sdata->type == IEEE80211_IF_TYPE_MNTR)
2298 local->monitors--;
2299
2300 local->open_count--;
2301 if (local->open_count == 0) {
2302 ieee80211_stop_scan(local);
2303 dev_close(local->mdev);
2304 if (local->apdev)
2305 dev_close(local->apdev);
2306 if (local->ops->stop)
2307 local->ops->stop(local_to_hw(local));
2308 }
2309 if (local->ops->remove_interface) {
2310 struct ieee80211_if_init_conf conf;
2311
2312 conf.if_id = dev->ifindex;
2313 conf.type = sdata->type;
2314 conf.mac_addr = dev->dev_addr;
2315 local->ops->remove_interface(local_to_hw(local), &conf);
2316 }
2317 ieee80211_if_shutdown(dev);
2318
2319 ieee80211_start_hard_monitor(local);
2320
2321 return 0;
2322 }
2323
2324
2325 static int header_parse_80211(struct sk_buff *skb, unsigned char *haddr)
2326 {
2327 memcpy(haddr, skb->mac.raw + 10, ETH_ALEN); /* addr2 */
2328 return ETH_ALEN;
2329 }
2330
2331 static inline int ieee80211_bssid_match(u8 *raddr, u8 *addr)
2332 {
2333 return memcmp(raddr, addr, ETH_ALEN) == 0 ||
2334 is_broadcast_ether_addr(raddr);
2335 }
2336
2337
2338 static ieee80211_txrx_result
2339 ieee80211_rx_h_data(struct ieee80211_txrx_data *rx)
2340 {
2341 struct net_device *dev = rx->dev;
2342 struct ieee80211_local *local = rx->local;
2343 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
2344 u16 fc, hdrlen, ethertype;
2345 u8 *payload;
2346 u8 dst[ETH_ALEN];
2347 u8 src[ETH_ALEN];
2348 struct sk_buff *skb = rx->skb, *skb2;
2349 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2350
2351 fc = rx->fc;
2352 if (unlikely((fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA))
2353 return TXRX_CONTINUE;
2354
2355 if (unlikely(!WLAN_FC_DATA_PRESENT(fc)))
2356 return TXRX_DROP;
2357
2358 hdrlen = ieee80211_get_hdrlen(fc);
2359
2360 /* convert IEEE 802.11 header + possible LLC headers into Ethernet
2361 * header
2362 * IEEE 802.11 address fields:
2363 * ToDS FromDS Addr1 Addr2 Addr3 Addr4
2364 * 0 0 DA SA BSSID n/a
2365 * 0 1 DA BSSID SA n/a
2366 * 1 0 BSSID SA DA n/a
2367 * 1 1 RA TA DA SA
2368 */
2369
2370 switch (fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) {
2371 case IEEE80211_FCTL_TODS:
2372 /* BSSID SA DA */
2373 memcpy(dst, hdr->addr3, ETH_ALEN);
2374 memcpy(src, hdr->addr2, ETH_ALEN);
2375
2376 if (unlikely(sdata->type != IEEE80211_IF_TYPE_AP &&
2377 sdata->type != IEEE80211_IF_TYPE_VLAN)) {
2378 printk(KERN_DEBUG "%s: dropped ToDS frame (BSSID="
2379 MAC_FMT " SA=" MAC_FMT " DA=" MAC_FMT ")\n",
2380 dev->name, MAC_ARG(hdr->addr1),
2381 MAC_ARG(hdr->addr2), MAC_ARG(hdr->addr3));
2382 return TXRX_DROP;
2383 }
2384 break;
2385 case (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS):
2386 /* RA TA DA SA */
2387 memcpy(dst, hdr->addr3, ETH_ALEN);
2388 memcpy(src, hdr->addr4, ETH_ALEN);
2389
2390 if (unlikely(sdata->type != IEEE80211_IF_TYPE_WDS)) {
2391 printk(KERN_DEBUG "%s: dropped FromDS&ToDS frame (RA="
2392 MAC_FMT " TA=" MAC_FMT " DA=" MAC_FMT " SA="
2393 MAC_FMT ")\n",
2394 rx->dev->name, MAC_ARG(hdr->addr1),
2395 MAC_ARG(hdr->addr2), MAC_ARG(hdr->addr3),
2396 MAC_ARG(hdr->addr4));
2397 return TXRX_DROP;
2398 }
2399 break;
2400 case IEEE80211_FCTL_FROMDS:
2401 /* DA BSSID SA */
2402 memcpy(dst, hdr->addr1, ETH_ALEN);
2403 memcpy(src, hdr->addr3, ETH_ALEN);
2404
2405 if (sdata->type != IEEE80211_IF_TYPE_STA) {
2406 return TXRX_DROP;
2407 }
2408 break;
2409 case 0:
2410 /* DA SA BSSID */
2411 memcpy(dst, hdr->addr1, ETH_ALEN);
2412 memcpy(src, hdr->addr2, ETH_ALEN);
2413
2414 if (sdata->type != IEEE80211_IF_TYPE_IBSS) {
2415 if (net_ratelimit()) {
2416 printk(KERN_DEBUG "%s: dropped IBSS frame (DA="
2417 MAC_FMT " SA=" MAC_FMT " BSSID=" MAC_FMT
2418 ")\n",
2419 dev->name, MAC_ARG(hdr->addr1),
2420 MAC_ARG(hdr->addr2),
2421 MAC_ARG(hdr->addr3));
2422 }
2423 return TXRX_DROP;
2424 }
2425 break;
2426 }
2427
2428 payload = skb->data + hdrlen;
2429
2430 if (unlikely(skb->len - hdrlen < 8)) {
2431 if (net_ratelimit()) {
2432 printk(KERN_DEBUG "%s: RX too short data frame "
2433 "payload\n", dev->name);
2434 }
2435 return TXRX_DROP;
2436 }
2437
2438 ethertype = (payload[6] << 8) | payload[7];
2439
2440 if (likely((memcmp(payload, rfc1042_header, 6) == 0 &&
2441 ethertype != ETH_P_AARP && ethertype != ETH_P_IPX) ||
2442 memcmp(payload, bridge_tunnel_header, 6) == 0)) {
2443 /* remove RFC1042 or Bridge-Tunnel encapsulation and
2444 * replace EtherType */
2445 skb_pull(skb, hdrlen + 6);
2446 memcpy(skb_push(skb, ETH_ALEN), src, ETH_ALEN);
2447 memcpy(skb_push(skb, ETH_ALEN), dst, ETH_ALEN);
2448 } else {
2449 struct ethhdr *ehdr;
2450 __be16 len;
2451 skb_pull(skb, hdrlen);
2452 len = htons(skb->len);
2453 ehdr = (struct ethhdr *) skb_push(skb, sizeof(struct ethhdr));
2454 memcpy(ehdr->h_dest, dst, ETH_ALEN);
2455 memcpy(ehdr->h_source, src, ETH_ALEN);
2456 ehdr->h_proto = len;
2457 }
2458 skb->dev = dev;
2459
2460 skb2 = NULL;
2461
2462 sdata->stats.rx_packets++;
2463 sdata->stats.rx_bytes += skb->len;
2464
2465 if (local->bridge_packets && (sdata->type == IEEE80211_IF_TYPE_AP
2466 || sdata->type == IEEE80211_IF_TYPE_VLAN) && rx->u.rx.ra_match) {
2467 if (is_multicast_ether_addr(skb->data)) {
2468 /* send multicast frames both to higher layers in
2469 * local net stack and back to the wireless media */
2470 skb2 = skb_copy(skb, GFP_ATOMIC);
2471 if (!skb2)
2472 printk(KERN_DEBUG "%s: failed to clone "
2473 "multicast frame\n", dev->name);
2474 } else {
2475 struct sta_info *dsta;
2476 dsta = sta_info_get(local, skb->data);
2477 if (dsta && !dsta->dev) {
2478 printk(KERN_DEBUG "Station with null dev "
2479 "structure!\n");
2480 } else if (dsta && dsta->dev == dev) {
2481 /* Destination station is associated to this
2482 * AP, so send the frame directly to it and
2483 * do not pass the frame to local net stack.
2484 */
2485 skb2 = skb;
2486 skb = NULL;
2487 }
2488 if (dsta)
2489 sta_info_put(dsta);
2490 }
2491 }
2492
2493 if (skb) {
2494 /* deliver to local stack */
2495 skb->protocol = eth_type_trans(skb, dev);
2496 memset(skb->cb, 0, sizeof(skb->cb));
2497 netif_rx(skb);
2498 }
2499
2500 if (skb2) {
2501 /* send to wireless media */
2502 skb2->protocol = __constant_htons(ETH_P_802_3);
2503 skb2->mac.raw = skb2->nh.raw = skb2->data;
2504 dev_queue_xmit(skb2);
2505 }
2506
2507 return TXRX_QUEUED;
2508 }
2509
2510
2511 static struct ieee80211_rate *
2512 ieee80211_get_rate(struct ieee80211_local *local, int phymode, int hw_rate)
2513 {
2514 int m, r;
2515
2516 for (m = 0; m < local->hw.num_modes; m++) {
2517 struct ieee80211_hw_modes *mode = &local->hw.modes[m];
2518 if (mode->mode != phymode)
2519 continue;
2520 for (r = 0; r < mode->num_rates; r++) {
2521 struct ieee80211_rate *rate = &mode->rates[r];
2522 if (rate->val == hw_rate ||
2523 (rate->flags & IEEE80211_RATE_PREAMBLE2 &&
2524 rate->val2 == hw_rate))
2525 return rate;
2526 }
2527 }
2528
2529 return NULL;
2530 }
2531
2532 void
2533 ieee80211_fill_frame_info(struct ieee80211_local *local,
2534 struct ieee80211_frame_info *fi,
2535 struct ieee80211_rx_status *status)
2536 {
2537 if (status) {
2538 struct timespec ts;
2539 struct ieee80211_rate *rate;
2540
2541 jiffies_to_timespec(status->hosttime, &ts);
2542 fi->hosttime = cpu_to_be64((u64) ts.tv_sec * 1000000 +
2543 ts.tv_nsec / 1000);
2544 fi->mactime = cpu_to_be64(status->mactime);
2545 switch (status->phymode) {
2546 case MODE_IEEE80211A:
2547 fi->phytype = htonl(ieee80211_phytype_ofdm_dot11_a);
2548 break;
2549 case MODE_IEEE80211B:
2550 fi->phytype = htonl(ieee80211_phytype_dsss_dot11_b);
2551 break;
2552 case MODE_IEEE80211G:
2553 fi->phytype = htonl(ieee80211_phytype_pbcc_dot11_g);
2554 break;
2555 case MODE_ATHEROS_TURBO:
2556 fi->phytype =
2557 htonl(ieee80211_phytype_dsss_dot11_turbo);
2558 break;
2559 default:
2560 fi->phytype = 0xAAAAAAAA;
2561 break;
2562 }
2563 fi->channel = htonl(status->channel);
2564 rate = ieee80211_get_rate(local, status->phymode,
2565 status->rate);
2566 if (rate) {
2567 fi->datarate = htonl(rate->rate);
2568 if (rate->flags & IEEE80211_RATE_PREAMBLE2) {
2569 if (status->rate == rate->val)
2570 fi->preamble = htonl(2); /* long */
2571 else if (status->rate == rate->val2)
2572 fi->preamble = htonl(1); /* short */
2573 } else
2574 fi->preamble = htonl(0);
2575 } else {
2576 fi->datarate = htonl(0);
2577 fi->preamble = htonl(0);
2578 }
2579
2580 fi->antenna = htonl(status->antenna);
2581 fi->priority = 0xffffffff; /* no clue */
2582 fi->ssi_type = htonl(ieee80211_ssi_raw);
2583 fi->ssi_signal = htonl(status->ssi);
2584 fi->ssi_noise = 0x00000000;
2585 fi->encoding = 0;
2586 } else {
2587 /* clear everything because we really don't know.
2588 * the msg_type field isn't present on monitor frames
2589 * so we don't know whether it will be present or not,
2590 * but it's ok to not clear it since it'll be assigned
2591 * anyway */
2592 memset(fi, 0, sizeof(*fi) - sizeof(fi->msg_type));
2593
2594 fi->ssi_type = htonl(ieee80211_ssi_none);
2595 }
2596 fi->version = htonl(IEEE80211_FI_VERSION);
2597 fi->length = cpu_to_be32(sizeof(*fi) - sizeof(fi->msg_type));
2598 }
2599
2600 /* this routine is actually not just for this, but also
2601 * for pushing fake 'management' frames into userspace.
2602 * it shall be replaced by a netlink-based system. */
2603 void
2604 ieee80211_rx_mgmt(struct ieee80211_local *local, struct sk_buff *skb,
2605 struct ieee80211_rx_status *status, u32 msg_type)
2606 {
2607 struct ieee80211_frame_info *fi;
2608 const size_t hlen = sizeof(struct ieee80211_frame_info);
2609 struct ieee80211_sub_if_data *sdata;
2610
2611 skb->dev = local->apdev;
2612
2613 sdata = IEEE80211_DEV_TO_SUB_IF(local->apdev);
2614
2615 if (skb_headroom(skb) < hlen) {
2616 I802_DEBUG_INC(local->rx_expand_skb_head);
2617 if (pskb_expand_head(skb, hlen, 0, GFP_ATOMIC)) {
2618 dev_kfree_skb(skb);
2619 return;
2620 }
2621 }
2622
2623 fi = (struct ieee80211_frame_info *) skb_push(skb, hlen);
2624
2625 ieee80211_fill_frame_info(local, fi, status);
2626 fi->msg_type = htonl(msg_type);
2627
2628 sdata->stats.rx_packets++;
2629 sdata->stats.rx_bytes += skb->len;
2630
2631 skb->mac.raw = skb->data;
2632 skb->ip_summed = CHECKSUM_UNNECESSARY;
2633 skb->pkt_type = PACKET_OTHERHOST;
2634 skb->protocol = htons(ETH_P_802_2);
2635 memset(skb->cb, 0, sizeof(skb->cb));
2636 netif_rx(skb);
2637 }
2638
2639 void
2640 ieee80211_rx_monitor(struct net_device *dev, struct sk_buff *skb,
2641 struct ieee80211_rx_status *status)
2642 {
2643 struct ieee80211_local *local = dev->ieee80211_ptr;
2644 struct ieee80211_frame_info *fi;
2645 struct ieee80211_sub_if_data *sdata;
2646 const size_t hlen = sizeof(struct ieee80211_frame_info)
2647 - sizeof(fi->msg_type);
2648
2649 skb->dev = dev;
2650
2651 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2652
2653 if (skb_headroom(skb) < hlen) {
2654 I802_DEBUG_INC(local->rx_expand_skb_head);
2655 if (pskb_expand_head(skb, hlen, 0, GFP_ATOMIC)) {
2656 dev_kfree_skb(skb);
2657 return;
2658 }
2659 }
2660
2661 fi = (struct ieee80211_frame_info *) skb_push(skb, hlen);
2662
2663 ieee80211_fill_frame_info(local, fi, status);
2664 sdata->stats.rx_packets++;
2665 sdata->stats.rx_bytes += skb->len;
2666
2667 skb->mac.raw = skb->data;
2668 skb->ip_summed = CHECKSUM_UNNECESSARY;
2669 skb->pkt_type = PACKET_OTHERHOST;
2670 skb->protocol = htons(ETH_P_802_2);
2671 memset(skb->cb, 0, sizeof(skb->cb));
2672 netif_rx(skb);
2673 }
2674
2675 int ieee80211_radar_status(struct ieee80211_hw *hw, int channel,
2676 int radar, int radar_type)
2677 {
2678 struct sk_buff *skb;
2679 struct ieee80211_radar_info *msg;
2680 struct ieee80211_local *local = hw_to_local(hw);
2681
2682 if (!local->apdev)
2683 return 0;
2684
2685 skb = dev_alloc_skb(sizeof(struct ieee80211_frame_info) +
2686 sizeof(struct ieee80211_radar_info));
2687
2688 if (!skb)
2689 return -ENOMEM;
2690 skb_reserve(skb, sizeof(struct ieee80211_frame_info));
2691
2692 msg = (struct ieee80211_radar_info *)
2693 skb_put(skb, sizeof(struct ieee80211_radar_info));
2694 msg->channel = channel;
2695 msg->radar = radar;
2696 msg->radar_type = radar_type;
2697
2698 ieee80211_rx_mgmt(local, skb, NULL, ieee80211_msg_radar);
2699 return 0;
2700 }
2701 EXPORT_SYMBOL(ieee80211_radar_status);
2702
2703 int ieee80211_set_aid_for_sta(struct ieee80211_hw *hw, u8 *peer_address,
2704 u16 aid)
2705 {
2706 struct sk_buff *skb;
2707 struct ieee80211_msg_set_aid_for_sta *msg;
2708 struct ieee80211_local *local = hw_to_local(hw);
2709
2710 /* unlikely because if this event only happens for APs,
2711 * which require an open ap device. */
2712 if (unlikely(!local->apdev))
2713 return 0;
2714
2715 skb = dev_alloc_skb(sizeof(struct ieee80211_frame_info) +
2716 sizeof(struct ieee80211_msg_set_aid_for_sta));
2717
2718 if (!skb)
2719 return -ENOMEM;
2720 skb_reserve(skb, sizeof(struct ieee80211_frame_info));
2721
2722 msg = (struct ieee80211_msg_set_aid_for_sta *)
2723 skb_put(skb, sizeof(struct ieee80211_msg_set_aid_for_sta));
2724 memcpy(msg->sta_address, peer_address, ETH_ALEN);
2725 msg->aid = aid;
2726
2727 ieee80211_rx_mgmt(local, skb, NULL, ieee80211_msg_set_aid_for_sta);
2728 return 0;
2729 }
2730 EXPORT_SYMBOL(ieee80211_set_aid_for_sta);
2731
2732 static void ap_sta_ps_start(struct net_device *dev, struct sta_info *sta)
2733 {
2734 struct ieee80211_sub_if_data *sdata;
2735 sdata = IEEE80211_DEV_TO_SUB_IF(sta->dev);
2736
2737 if (sdata->bss)
2738 atomic_inc(&sdata->bss->num_sta_ps);
2739 sta->flags |= WLAN_STA_PS;
2740 sta->pspoll = 0;
2741 #ifdef CONFIG_D80211_VERBOSE_PS_DEBUG
2742 printk(KERN_DEBUG "%s: STA " MAC_FMT " aid %d enters power "
2743 "save mode\n", dev->name, MAC_ARG(sta->addr), sta->aid);
2744 #endif /* CONFIG_D80211_VERBOSE_PS_DEBUG */
2745 }
2746
2747
2748 static int ap_sta_ps_end(struct net_device *dev, struct sta_info *sta)
2749 {
2750 struct ieee80211_local *local = dev->ieee80211_ptr;
2751 struct sk_buff *skb;
2752 int sent = 0;
2753 struct ieee80211_sub_if_data *sdata;
2754 struct ieee80211_tx_packet_data *pkt_data;
2755
2756 sdata = IEEE80211_DEV_TO_SUB_IF(sta->dev);
2757 if (sdata->bss)
2758 atomic_dec(&sdata->bss->num_sta_ps);
2759 sta->flags &= ~(WLAN_STA_PS | WLAN_STA_TIM);
2760 sta->pspoll = 0;
2761 if (!skb_queue_empty(&sta->ps_tx_buf)) {
2762 if (local->ops->set_tim)
2763 local->ops->set_tim(local_to_hw(local), sta->aid, 0);
2764 if (sdata->bss)
2765 bss_tim_clear(local, sdata->bss, sta->aid);
2766 }
2767 #ifdef CONFIG_D80211_VERBOSE_PS_DEBUG
2768 printk(KERN_DEBUG "%s: STA " MAC_FMT " aid %d exits power "
2769 "save mode\n", dev->name, MAC_ARG(sta->addr), sta->aid);
2770 #endif /* CONFIG_D80211_VERBOSE_PS_DEBUG */
2771 /* Send all buffered frames to the station */
2772 while ((skb = skb_dequeue(&sta->tx_filtered)) != NULL) {
2773 pkt_data = (struct ieee80211_tx_packet_data *) skb->cb;
2774 sent++;
2775 pkt_data->requeue = 1;
2776 dev_queue_xmit(skb);
2777 }
2778 while ((skb = skb_dequeue(&sta->ps_tx_buf)) != NULL) {
2779 pkt_data = (struct ieee80211_tx_packet_data *) skb->cb;
2780 local->total_ps_buffered--;
2781 sent++;
2782 #ifdef CONFIG_D80211_VERBOSE_PS_DEBUG
2783 printk(KERN_DEBUG "%s: STA " MAC_FMT " aid %d send PS frame "
2784 "since STA not sleeping anymore\n", dev->name,
2785 MAC_ARG(sta->addr), sta->aid);
2786 #endif /* CONFIG_D80211_VERBOSE_PS_DEBUG */
2787 pkt_data->requeue = 1;
2788 dev_queue_xmit(skb);
2789 }
2790
2791 return sent;
2792 }
2793
2794
2795 static ieee80211_txrx_result
2796 ieee80211_rx_h_ps_poll(struct ieee80211_txrx_data *rx)
2797 {
2798 struct sk_buff *skb;
2799 int no_pending_pkts;
2800
2801 if (likely(!rx->sta ||
2802 (rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_CTL ||
2803 (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_PSPOLL ||
2804 !rx->u.rx.ra_match))
2805 return TXRX_CONTINUE;
2806
2807 skb = skb_dequeue(&rx->sta->tx_filtered);
2808 if (!skb) {
2809 skb = skb_dequeue(&rx->sta->ps_tx_buf);
2810 if (skb)
2811 rx->local->total_ps_buffered--;
2812 }
2813 no_pending_pkts = skb_queue_empty(&rx->sta->tx_filtered) &&
2814 skb_queue_empty(&rx->sta->ps_tx_buf);
2815
2816 if (skb) {
2817 struct ieee80211_hdr *hdr =
2818 (struct ieee80211_hdr *) skb->data;
2819
2820 /* tell TX path to send one frame even though the STA may
2821 * still remain is PS mode after this frame exchange */
2822 rx->sta->pspoll = 1;
2823
2824 #ifdef CONFIG_D80211_VERBOSE_PS_DEBUG
2825 printk(KERN_DEBUG "STA " MAC_FMT " aid %d: PS Poll (entries "
2826 "after %d)\n",
2827 MAC_ARG(rx->sta->addr), rx->sta->aid,
2828 skb_queue_len(&rx->sta->ps_tx_buf));
2829 #endif /* CONFIG_D80211_VERBOSE_PS_DEBUG */
2830
2831 /* Use MoreData flag to indicate whether there are more
2832 * buffered frames for this STA */
2833 if (no_pending_pkts) {
2834 hdr->frame_control &= cpu_to_le16(~IEEE80211_FCTL_MOREDATA);
2835 rx->sta->flags &= ~WLAN_STA_TIM;
2836 } else
2837 hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_MOREDATA);
2838
2839 dev_queue_xmit(skb);
2840
2841 if (no_pending_pkts) {
2842 if (rx->local->ops->set_tim)
2843 rx->local->ops->set_tim(local_to_hw(rx->local),
2844 rx->sta->aid, 0);
2845 if (rx->sdata->bss)
2846 bss_tim_clear(rx->local, rx->sdata->bss, rx->sta->aid);
2847 }
2848 #ifdef CONFIG_D80211_VERBOSE_PS_DEBUG
2849 } else if (!rx->u.rx.sent_ps_buffered) {
2850 printk(KERN_DEBUG "%s: STA " MAC_FMT " sent PS Poll even "
2851 "though there is no buffered frames for it\n",
2852 rx->dev->name, MAC_ARG(rx->sta->addr));
2853 #endif /* CONFIG_D80211_VERBOSE_PS_DEBUG */
2854
2855 }
2856
2857 /* Free PS Poll skb here instead of returning TXRX_DROP that would
2858 * count as an dropped frame. */
2859 dev_kfree_skb(rx->skb);
2860
2861 return TXRX_QUEUED;
2862 }
2863
2864
2865 static inline struct ieee80211_fragment_entry *
2866 ieee80211_reassemble_add(struct ieee80211_sub_if_data *sdata,
2867 unsigned int frag, unsigned int seq, int rx_queue,
2868 struct sk_buff **skb)
2869 {
2870 struct ieee80211_fragment_entry *entry;
2871 int idx;
2872
2873 idx = sdata->fragment_next;
2874 entry = &sdata->fragments[sdata->fragment_next++];
2875 if (sdata->fragment_next >= IEEE80211_FRAGMENT_MAX)
2876 sdata->fragment_next = 0;
2877
2878 if (!skb_queue_empty(&entry->skb_list)) {
2879 #ifdef CONFIG_D80211_DEBUG
2880 struct ieee80211_hdr *hdr =
2881 (struct ieee80211_hdr *) entry->skb_list.next->data;
2882 printk(KERN_DEBUG "%s: RX reassembly removed oldest "
2883 "fragment entry (idx=%d age=%lu seq=%d last_frag=%d "
2884 "addr1=" MAC_FMT " addr2=" MAC_FMT "\n",
2885 sdata->dev->name, idx,
2886 jiffies - entry->first_frag_time, entry->seq,
2887 entry->last_frag, MAC_ARG(hdr->addr1),
2888 MAC_ARG(hdr->addr2));
2889 #endif /* CONFIG_D80211_DEBUG */
2890 __skb_queue_purge(&entry->skb_list);
2891 }
2892
2893 __skb_queue_tail(&entry->skb_list, *skb); /* no need for locking */
2894 *skb = NULL;
2895 entry->first_frag_time = jiffies;
2896 entry->seq = seq;
2897 entry->rx_queue = rx_queue;
2898 entry->last_frag = frag;
2899 entry->ccmp = 0;
2900 entry->extra_len = 0;
2901
2902 return entry;
2903 }
2904
2905
2906 static inline struct ieee80211_fragment_entry *
2907 ieee80211_reassemble_find(struct ieee80211_sub_if_data *sdata,
2908 u16 fc, unsigned int frag, unsigned int seq,
2909 int rx_queue, struct ieee80211_hdr *hdr)
2910 {
2911 struct ieee80211_fragment_entry *entry;
2912 int i, idx;
2913
2914 idx = sdata->fragment_next;
2915 for (i = 0; i < IEEE80211_FRAGMENT_MAX; i++) {
2916 struct ieee80211_hdr *f_hdr;
2917 u16 f_fc;
2918
2919 idx--;
2920 if (idx < 0)
2921 idx = IEEE80211_FRAGMENT_MAX - 1;
2922
2923 entry = &sdata->fragments[idx];
2924 if (skb_queue_empty(&entry->skb_list) || entry->seq != seq ||
2925 entry->rx_queue != rx_queue ||
2926 entry->last_frag + 1 != frag)
2927 continue;
2928
2929 f_hdr = (struct ieee80211_hdr *) entry->skb_list.next->data;
2930 f_fc = le16_to_cpu(f_hdr->frame_control);
2931
2932 if ((fc & IEEE80211_FCTL_FTYPE) != (f_fc & IEEE80211_FCTL_FTYPE) ||
2933 memcmp(hdr->addr1, f_hdr->addr1, ETH_ALEN) != 0 ||
2934 memcmp(hdr->addr2, f_hdr->addr2, ETH_ALEN) != 0)
2935 continue;
2936
2937 if (entry->first_frag_time + 2 * HZ < jiffies) {
2938 __skb_queue_purge(&entry->skb_list);
2939 continue;
2940 }
2941 return entry;
2942 }
2943
2944 return NULL;
2945 }
2946
2947
2948 static ieee80211_txrx_result
2949 ieee80211_rx_h_defragment(struct ieee80211_txrx_data *rx)
2950 {
2951 struct ieee80211_hdr *hdr;
2952 u16 sc;
2953 unsigned int frag, seq;
2954 struct ieee80211_fragment_entry *entry;
2955 struct sk_buff *skb;
2956
2957 hdr = (struct ieee80211_hdr *) rx->skb->data;
2958 sc = le16_to_cpu(hdr->seq_ctrl);
2959 frag = sc & IEEE80211_SCTL_FRAG;
2960
2961 if (likely((!(rx->fc & IEEE80211_FCTL_MOREFRAGS) && frag == 0) ||
2962 (rx->skb)->len < 24 ||
2963 is_multicast_ether_addr(hdr->addr1))) {
2964 /* not fragmented */
2965 goto out;
2966 }
2967 I802_DEBUG_INC(rx->local->rx_handlers_fragments);
2968
2969 seq = (sc & IEEE80211_SCTL_SEQ) >> 4;
2970
2971 if (frag == 0) {
2972 /* This is the first fragment of a new frame. */
2973 entry = ieee80211_reassemble_add(rx->sdata, frag, seq,
2974 rx->u.rx.queue, &(rx->skb));
2975 if (rx->key && rx->key->alg == ALG_CCMP &&
2976 (rx->fc & IEEE80211_FCTL_PROTECTED)) {
2977 /* Store CCMP PN so that we can verify that the next
2978 * fragment has a sequential PN value. */
2979 entry->ccmp = 1;
2980 memcpy(entry->last_pn,
2981 rx->key->u.ccmp.rx_pn[rx->u.rx.queue],
2982 CCMP_PN_LEN);
2983 }
2984 return TXRX_QUEUED;
2985 }
2986
2987 /* This is a fragment for a frame that should already be pending in
2988 * fragment cache. Add this fragment to the end of the pending entry.
2989 */
2990 entry = ieee80211_reassemble_find(rx->sdata, rx->fc, frag, seq,
2991 rx->u.rx.queue, hdr);
2992 if (!entry) {
2993 I802_DEBUG_INC(rx->local->rx_handlers_drop_defrag);
2994 return TXRX_DROP;
2995 }
2996
2997 /* Verify that MPDUs within one MSDU have sequential PN values.
2998 * (IEEE 802.11i, 8.3.3.4.5) */
2999 if (entry->ccmp) {
3000 int i;
3001 u8 pn[CCMP_PN_LEN], *rpn;
3002 if (!rx->key || rx->key->alg != ALG_CCMP)
3003 return TXRX_DROP;
3004 memcpy(pn, entry->last_pn, CCMP_PN_LEN);
3005 for (i = CCMP_PN_LEN - 1; i >= 0; i--) {
3006 pn[i]++;
3007 if (pn[i])
3008 break;
3009 }
3010 rpn = rx->key->u.ccmp.rx_pn[rx->u.rx.queue];
3011 if (memcmp(pn, rpn, CCMP_PN_LEN) != 0) {
3012 printk(KERN_DEBUG "%s: defrag: CCMP PN not sequential"
3013 " A2=" MAC_FMT " PN=%02x%02x%02x%02x%02x%02x "
3014 "(expected %02x%02x%02x%02x%02x%02x)\n",
3015 rx->dev->name, MAC_ARG(hdr->addr2),
3016 rpn[0], rpn[1], rpn[2], rpn[3], rpn[4], rpn[5],
3017 pn[0], pn[1], pn[2], pn[3], pn[4], pn[5]);
3018 return TXRX_DROP;
3019 }
3020 memcpy(entry->last_pn, pn, CCMP_PN_LEN);
3021 }
3022
3023 skb_pull(rx->skb, ieee80211_get_hdrlen(rx->fc));
3024 __skb_queue_tail(&entry->skb_list, rx->skb);
3025 entry->last_frag = frag;
3026 entry->extra_len += rx->skb->len;
3027 if (rx->fc & IEEE80211_FCTL_MOREFRAGS) {
3028 rx->skb = NULL;
3029 return TXRX_QUEUED;
3030 }
3031
3032 rx->skb = __skb_dequeue(&entry->skb_list);
3033 if (skb_tailroom(rx->skb) < entry->extra_len) {
3034 I802_DEBUG_INC(rx->local->rx_expand_skb_head2);
3035 if (unlikely(pskb_expand_head(rx->skb, 0, entry->extra_len,
3036 GFP_ATOMIC))) {
3037 I802_DEBUG_INC(rx->local->rx_handlers_drop_defrag);
3038 __skb_queue_purge(&entry->skb_list);
3039 return TXRX_DROP;
3040 }
3041 }
3042 while ((skb = __skb_dequeue(&entry->skb_list)))
3043 memcpy(skb_put(rx->skb, skb->len), skb->data, skb->len);
3044
3045 /* Complete frame has been reassembled - process it now */
3046 rx->fragmented = 1;
3047
3048 out:
3049 if (rx->sta)
3050 rx->sta->rx_packets++;
3051 if (is_multicast_ether_addr(hdr->addr1))
3052 rx->local->dot11MulticastReceivedFrameCount++;
3053 else
3054 ieee80211_led_rx(rx->local);
3055 return TXRX_CONTINUE;
3056 }
3057
3058
3059 static ieee80211_txrx_result
3060 ieee80211_rx_h_monitor(struct ieee80211_txrx_data *rx)
3061 {
3062 if (rx->sdata->type == IEEE80211_IF_TYPE_MNTR) {
3063 ieee80211_rx_monitor(rx->dev, rx->skb, rx->u.rx.status);
3064 return TXRX_QUEUED;
3065 }
3066
3067 return TXRX_CONTINUE;
3068 }
3069
3070
3071 static ieee80211_txrx_result
3072 ieee80211_rx_h_check(struct ieee80211_txrx_data *rx)
3073 {
3074 struct ieee80211_hdr *hdr;
3075 int always_sta_key;
3076 hdr = (struct ieee80211_hdr *) rx->skb->data;
3077
3078 /* Drop duplicate 802.11 retransmissions (IEEE 802.11 Chap. 9.2.9) */
3079 if (rx->sta && !is_multicast_ether_addr(hdr->addr1)) {
3080 if (unlikely(rx->fc & IEEE80211_FCTL_RETRY &&
3081 rx->sta->last_seq_ctrl[rx->u.rx.queue] ==
3082 hdr->seq_ctrl)) {
3083 if (rx->u.rx.ra_match) {
3084 rx->local->dot11FrameDuplicateCount++;
3085 rx->sta->num_duplicates++;
3086 }
3087 return TXRX_DROP;
3088 } else
3089 rx->sta->last_seq_ctrl[rx->u.rx.queue] = hdr->seq_ctrl;
3090 }
3091
3092 if ((rx->local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS) &&
3093 rx->skb->len > FCS_LEN)
3094 skb_trim(rx->skb, rx->skb->len - FCS_LEN);
3095
3096 if (unlikely(rx->skb->len < 16)) {
3097 I802_DEBUG_INC(rx->local->rx_handlers_drop_short);
3098 return TXRX_DROP;
3099 }
3100
3101 if (!rx->u.rx.ra_match)
3102 rx->skb->pkt_type = PACKET_OTHERHOST;
3103 else if (memcmp(rx->dev->dev_addr, hdr->addr1, ETH_ALEN) == 0)
3104 rx->skb->pkt_type = PACKET_HOST;
3105 else if (is_multicast_ether_addr(hdr->addr1)) {
3106 if (is_broadcast_ether_addr(hdr->addr1))
3107 rx->skb->pkt_type = PACKET_BROADCAST;
3108 else
3109 rx->skb->pkt_type = PACKET_MULTICAST;
3110 } else
3111 rx->skb->pkt_type = PACKET_OTHERHOST;
3112
3113 /* Drop disallowed frame classes based on STA auth/assoc state;
3114 * IEEE 802.11, Chap 5.5.
3115 *
3116 * 80211.o does filtering only based on association state, i.e., it
3117 * drops Class 3 frames from not associated stations. hostapd sends
3118 * deauth/disassoc frames when needed. In addition, hostapd is
3119 * responsible for filtering on both auth and assoc states.
3120 */
3121 if (unlikely(((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA ||
3122 ((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_CTL &&
3123 (rx->fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_PSPOLL)) &&
3124 rx->sdata->type != IEEE80211_IF_TYPE_IBSS &&
3125 (!rx->sta || !(rx->sta->flags & WLAN_STA_ASSOC)))) {
3126 if ((!(rx->fc & IEEE80211_FCTL_FROMDS) &&
3127 !(rx->fc & IEEE80211_FCTL_TODS) &&
3128 (rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA)
3129 || !rx->u.rx.ra_match) {
3130 /* Drop IBSS frames and frames for other hosts
3131 * silently. */
3132 return TXRX_DROP;
3133 }
3134
3135 if (!rx->local->apdev)
3136 return TXRX_DROP;
3137
3138 ieee80211_rx_mgmt(rx->local, rx->skb, rx->u.rx.status,
3139 ieee80211_msg_sta_not_assoc);
3140 return TXRX_QUEUED;
3141 }
3142
3143 if (rx->sdata->type == IEEE80211_IF_TYPE_STA)
3144 always_sta_key = 0;
3145 else
3146 always_sta_key = 1;
3147
3148 if (rx->sta && rx->sta->key && always_sta_key) {
3149 rx->key = rx->sta->key;
3150 } else {
3151 if (rx->sta && rx->sta->key)
3152 rx->key = rx->sta->key;
3153 else
3154 rx->key = rx->sdata->default_key;
3155
3156 if ((rx->local->hw.flags & IEEE80211_HW_WEP_INCLUDE_IV) &&
3157 rx->fc & IEEE80211_FCTL_PROTECTED) {
3158 int keyidx = ieee80211_wep_get_keyidx(rx->skb);
3159
3160 if (keyidx >= 0 && keyidx < NUM_DEFAULT_KEYS &&
3161 (!rx->sta || !rx->sta->key || keyidx > 0))
3162 rx->key = rx->sdata->keys[keyidx];
3163
3164 if (!rx->key) {
3165 if (!rx->u.rx.ra_match)
3166 return TXRX_DROP;
3167 printk(KERN_DEBUG "%s: RX WEP frame with "
3168 "unknown keyidx %d (A1=" MAC_FMT " A2="
3169 MAC_FMT " A3=" MAC_FMT ")\n",
3170 rx->dev->name, keyidx,
3171 MAC_ARG(hdr->addr1),
3172 MAC_ARG(hdr->addr2),
3173 MAC_ARG(hdr->addr3));
3174 if (!rx->local->apdev)
3175 return TXRX_DROP;
3176 ieee80211_rx_mgmt(
3177 rx->local, rx->skb, rx->u.rx.status,
3178 ieee80211_msg_wep_frame_unknown_key);
3179 return TXRX_QUEUED;
3180 }
3181 }
3182 }
3183
3184 if (rx->fc & IEEE80211_FCTL_PROTECTED && rx->key && rx->u.rx.ra_match) {
3185 rx->key->tx_rx_count++;
3186 if (unlikely(rx->local->key_tx_rx_threshold &&
3187 rx->key->tx_rx_count >
3188 rx->local->key_tx_rx_threshold)) {
3189 ieee80211_key_threshold_notify(rx->dev, rx->key,
3190 rx->sta);
3191 }
3192 }
3193
3194 return TXRX_CONTINUE;
3195 }
3196
3197
3198 static ieee80211_txrx_result
3199 ieee80211_rx_h_sta_process(struct ieee80211_txrx_data *rx)
3200 {
3201 struct sta_info *sta = rx->sta;
3202 struct net_device *dev = rx->dev;
3203 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
3204
3205 if (!sta)
3206 return TXRX_CONTINUE;
3207
3208 /* Update last_rx only for IBSS packets which are for the current
3209 * BSSID to avoid keeping the current IBSS network alive in cases where
3210 * other STAs are using different BSSID. */
3211 if (rx->sdata->type == IEEE80211_IF_TYPE_IBSS) {
3212 u8 *bssid = ieee80211_get_bssid(hdr, rx->skb->len);
3213 if (memcmp(bssid, rx->sdata->u.sta.bssid, ETH_ALEN) == 0)
3214 sta->last_rx = jiffies;
3215 } else
3216 if (!is_multicast_ether_addr(hdr->addr1) ||
3217 rx->sdata->type == IEEE80211_IF_TYPE_STA) {
3218 /* Update last_rx only for unicast frames in order to prevent
3219 * the Probe Request frames (the only broadcast frames from a
3220 * STA in infrastructure mode) from keeping a connection alive.
3221 */
3222 sta->last_rx = jiffies;
3223 }
3224
3225 if (!rx->u.rx.ra_match)
3226 return TXRX_CONTINUE;
3227
3228 sta->rx_fragments++;
3229 sta->rx_bytes += rx->skb->len;
3230 sta->last_rssi = rx->u.rx.status->ssi;
3231 sta->last_signal = rx->u.rx.status->signal;
3232 sta->last_noise = rx->u.rx.status->noise;
3233
3234 if (!(rx->fc & IEEE80211_FCTL_MOREFRAGS)) {
3235 /* Change STA power saving mode only in the end of a frame
3236 * exchange sequence */
3237 if ((sta->flags & WLAN_STA_PS) && !(rx->fc & IEEE80211_FCTL_PM))
3238 rx->u.rx.sent_ps_buffered += ap_sta_ps_end(dev, sta);
3239 else if (!(sta->flags & WLAN_STA_PS) &&
3240 (rx->fc & IEEE80211_FCTL_PM))
3241 ap_sta_ps_start(dev, sta);
3242 }
3243
3244 /* Drop data::nullfunc frames silently, since they are used only to
3245 * control station power saving mode. */
3246 if ((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA &&
3247 (rx->fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_NULLFUNC) {
3248 I802_DEBUG_INC(rx->local->rx_handlers_drop_nullfunc);
3249 /* Update counter and free packet here to avoid counting this
3250 * as a dropped packed. */
3251 sta->rx_packets++;
3252 dev_kfree_skb(rx->skb);
3253 return TXRX_QUEUED;
3254 }
3255
3256 return TXRX_CONTINUE;
3257 }
3258
3259
3260 static ieee80211_txrx_result
3261 ieee80211_rx_h_wep_weak_iv_detection(struct ieee80211_txrx_data *rx)
3262 {
3263 if (!rx->sta || !(rx->fc & IEEE80211_FCTL_PROTECTED) ||
3264 (rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA ||
3265 !rx->key || rx->key->alg != ALG_WEP || !rx->u.rx.ra_match)
3266 return TXRX_CONTINUE;
3267
3268 /* Check for weak IVs, if hwaccel did not remove IV from the frame */
3269 if ((rx->local->hw.flags & IEEE80211_HW_WEP_INCLUDE_IV) ||
3270 rx->key->force_sw_encrypt) {
3271 u8 *iv = ieee80211_wep_is_weak_iv(rx->skb, rx->key);
3272 if (iv) {
3273 rx->sta->wep_weak_iv_count++;
3274 }
3275 }
3276
3277 return TXRX_CONTINUE;
3278 }
3279
3280
3281 static ieee80211_txrx_result
3282 ieee80211_rx_h_wep_decrypt(struct ieee80211_txrx_data *rx)
3283 {
3284 /* If the device handles decryption totally, skip this test */
3285 if (rx->local->hw.flags & IEEE80211_HW_DEVICE_HIDES_WEP)
3286 return TXRX_CONTINUE;
3287
3288 if ((rx->key && rx->key->alg != ALG_WEP) ||
3289 !(rx->fc & IEEE80211_FCTL_PROTECTED) ||
3290 ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA &&
3291 ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT ||
3292 (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_AUTH)))
3293 return TXRX_CONTINUE;
3294
3295 if (!rx->key) {
3296 printk(KERN_DEBUG "%s: RX WEP frame, but no key set\n",
3297 rx->dev->name);
3298 return TXRX_DROP;
3299 }
3300
3301 if (!(rx->u.rx.status->flag & RX_FLAG_DECRYPTED) ||
3302 rx->key->force_sw_encrypt) {
3303 if (ieee80211_wep_decrypt(rx->local, rx->skb, rx->key)) {
3304 printk(KERN_DEBUG "%s: RX WEP frame, decrypt "
3305 "failed\n", rx->dev->name);
3306 return TXRX_DROP;
3307 }
3308 } else if (rx->local->hw.flags & IEEE80211_HW_WEP_INCLUDE_IV) {
3309 ieee80211_wep_remove_iv(rx->local, rx->skb, rx->key);
3310 /* remove ICV */
3311 skb_trim(rx->skb, rx->skb->len - 4);
3312 }
3313
3314 return TXRX_CONTINUE;
3315 }
3316
3317
3318 static ieee80211_txrx_result
3319 ieee80211_rx_h_802_1x_pae(struct ieee80211_txrx_data *rx)
3320 {
3321 if (rx->sdata->eapol && ieee80211_is_eapol(rx->skb) &&
3322 rx->sdata->type != IEEE80211_IF_TYPE_STA && rx->u.rx.ra_match) {
3323 /* Pass both encrypted and unencrypted EAPOL frames to user
3324 * space for processing. */
3325 if (!rx->local->apdev)
3326 return TXRX_DROP;
3327 ieee80211_rx_mgmt(rx->local, rx->skb, rx->u.rx.status,
3328 ieee80211_msg_normal);
3329 return TXRX_QUEUED;
3330 }
3331
3332 if (unlikely(rx->sdata->ieee802_1x &&
3333 (rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA &&
3334 (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_NULLFUNC &&
3335 (!rx->sta || !(rx->sta->flags & WLAN_STA_AUTHORIZED)) &&
3336 !ieee80211_is_eapol(rx->skb))) {
3337 #ifdef CONFIG_D80211_DEBUG
3338 struct ieee80211_hdr *hdr =
3339 (struct ieee80211_hdr *) rx->skb->data;
3340 printk(KERN_DEBUG "%s: dropped frame from " MAC_FMT
3341 " (unauthorized port)\n", rx->dev->name,
3342 MAC_ARG(hdr->addr2));
3343 #endif /* CONFIG_D80211_DEBUG */
3344 return TXRX_DROP;
3345 }
3346
3347 return TXRX_CONTINUE;
3348 }
3349
3350
3351 static ieee80211_txrx_result
3352 ieee80211_rx_h_drop_unencrypted(struct ieee80211_txrx_data *rx)
3353 {
3354 /* If the device handles decryption totally, skip this test */
3355 if (rx->local->hw.flags & IEEE80211_HW_DEVICE_HIDES_WEP)
3356 return TXRX_CONTINUE;
3357
3358 /* Drop unencrypted frames if key is set. */
3359 if (unlikely(!(rx->fc & IEEE80211_FCTL_PROTECTED) &&
3360 (rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA &&
3361 (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_NULLFUNC &&
3362 (rx->key || rx->sdata->drop_unencrypted) &&
3363 (rx->sdata->eapol == 0 ||
3364 !ieee80211_is_eapol(rx->skb)))) {
3365 printk(KERN_DEBUG "%s: RX non-WEP frame, but expected "
3366 "encryption\n", rx->dev->name);
3367 return TXRX_DROP;
3368 }
3369 return TXRX_CONTINUE;
3370 }
3371
3372
3373 static ieee80211_txrx_result
3374 ieee80211_rx_h_mgmt(struct ieee80211_txrx_data *rx)
3375 {
3376 struct ieee80211_sub_if_data *sdata;
3377
3378 if (!rx->u.rx.ra_match)
3379 return TXRX_DROP;
3380
3381 sdata = IEEE80211_DEV_TO_SUB_IF(rx->dev);
3382 if ((sdata->type == IEEE80211_IF_TYPE_STA ||
3383 sdata->type == IEEE80211_IF_TYPE_IBSS) &&
3384 !rx->local->user_space_mlme) {
3385 ieee80211_sta_rx_mgmt(rx->dev, rx->skb, rx->u.rx.status);
3386 } else {
3387 /* Management frames are sent to hostapd for processing */
3388 if (!rx->local->apdev)
3389 return TXRX_DROP;
3390 ieee80211_rx_mgmt(rx->local, rx->skb, rx->u.rx.status,
3391 ieee80211_msg_normal);
3392 }
3393 return TXRX_QUEUED;
3394 }
3395
3396
3397 static ieee80211_txrx_result
3398 ieee80211_rx_h_passive_scan(struct ieee80211_txrx_data *rx)
3399 {
3400 struct ieee80211_local *local = rx->local;
3401 struct sk_buff *skb = rx->skb;
3402
3403 if (unlikely(local->sta_scanning != 0)) {
3404 ieee80211_sta_rx_scan(rx->dev, skb, rx->u.rx.status);
3405 return TXRX_QUEUED;
3406 }
3407
3408 if ((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA)
3409 local->scan.txrx_count++;
3410 if (unlikely(local->scan.in_scan != 0 &&
3411 rx->u.rx.status->freq == local->scan.freq)) {
3412 struct ieee80211_hdr *hdr;
3413 u16 fc;
3414
3415 local->scan.rx_packets++;
3416
3417 hdr = (struct ieee80211_hdr *) skb->data;
3418 fc = le16_to_cpu(hdr->frame_control);
3419
3420 if ((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_MGMT &&
3421 (fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_BEACON &&
3422 rx->dev == local->mdev) {
3423 local->scan.rx_beacon++;
3424 /* Need to trim FCS here because it is normally
3425 * removed only after this passive scan handler. */
3426 if ((rx->local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS) &&
3427 rx->skb->len > FCS_LEN)
3428 skb_trim(rx->skb, rx->skb->len - FCS_LEN);
3429
3430 if (!rx->local->apdev)
3431 return TXRX_DROP;
3432 ieee80211_rx_mgmt(rx->local, rx->skb,
3433 rx->u.rx.status,
3434 ieee80211_msg_passive_scan);
3435 return TXRX_QUEUED;
3436 } else {
3437 I802_DEBUG_INC(local->rx_handlers_drop_passive_scan);
3438 return TXRX_DROP;
3439 }
3440 }
3441
3442 if (unlikely(rx->u.rx.in_scan)) {
3443 /* scanning finished during invoking of handlers */
3444 I802_DEBUG_INC(local->rx_handlers_drop_passive_scan);
3445 return TXRX_DROP;
3446 }
3447
3448 return TXRX_CONTINUE;
3449 }
3450
3451
3452 static u8 * ieee80211_get_bssid(struct ieee80211_hdr *hdr, size_t len)
3453 {
3454 u16 fc;
3455
3456 if (len < 24)
3457 return NULL;
3458
3459 fc = le16_to_cpu(hdr->frame_control);
3460
3461 switch (fc & IEEE80211_FCTL_FTYPE) {
3462 case IEEE80211_FTYPE_DATA:
3463 switch (fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) {
3464 case IEEE80211_FCTL_TODS:
3465 return hdr->addr1;
3466 case (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS):
3467 return NULL;
3468 case IEEE80211_FCTL_FROMDS:
3469 return hdr->addr2;
3470 case 0:
3471 return hdr->addr3;
3472 }
3473 break;
3474 case IEEE80211_FTYPE_MGMT:
3475 return hdr->addr3;
3476 case IEEE80211_FTYPE_CTL:
3477 if ((fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_PSPOLL)
3478 return hdr->addr1;
3479 else
3480 return NULL;
3481 }
3482
3483 return NULL;
3484 }
3485
3486 static void ieee80211_rx_michael_mic_report(struct net_device *dev,
3487 struct ieee80211_hdr *hdr,
3488 struct sta_info *sta,
3489 struct ieee80211_txrx_data *rx)
3490 {
3491 int keyidx, hdrlen;
3492
3493 hdrlen = ieee80211_get_hdrlen_from_skb(rx->skb);
3494 if (rx->skb->len >= hdrlen + 4)
3495 keyidx = rx->skb->data[hdrlen + 3] >> 6;
3496 else
3497 keyidx = -1;
3498
3499 /* TODO: verify that this is not triggered by fragmented
3500 * frames (hw does not verify MIC for them). */
3501 printk(KERN_DEBUG "%s: TKIP hwaccel reported Michael MIC "
3502 "failure from " MAC_FMT " to " MAC_FMT " keyidx=%d\n",
3503 dev->name, MAC_ARG(hdr->addr2), MAC_ARG(hdr->addr1), keyidx);
3504
3505 if (!sta) {
3506 /* Some hardware versions seem to generate incorrect
3507 * Michael MIC reports; ignore them to avoid triggering
3508 * countermeasures. */
3509 printk(KERN_DEBUG "%s: ignored spurious Michael MIC "
3510 "error for unknown address " MAC_FMT "\n",
3511 dev->name, MAC_ARG(hdr->addr2));
3512 goto ignore;
3513 }
3514
3515 if (!(rx->fc & IEEE80211_FCTL_PROTECTED)) {
3516 printk(KERN_DEBUG "%s: ignored spurious Michael MIC "
3517 "error for a frame with no ISWEP flag (src "
3518 MAC_FMT ")\n", dev->name, MAC_ARG(hdr->addr2));
3519 goto ignore;
3520 }
3521
3522 if ((rx->local->hw.flags & IEEE80211_HW_WEP_INCLUDE_IV) &&
3523 rx->sdata->type == IEEE80211_IF_TYPE_AP) {
3524 int keyidx = ieee80211_wep_get_keyidx(rx->skb);
3525 /* AP with Pairwise keys support should never receive Michael
3526 * MIC errors for non-zero keyidx because these are reserved
3527 * for group keys and only the AP is sending real multicast
3528 * frames in BSS. */
3529 if (keyidx) {
3530 printk(KERN_DEBUG "%s: ignored Michael MIC error for "
3531 "a frame with non-zero keyidx (%d) (src " MAC_FMT
3532 ")\n", dev->name, keyidx, MAC_ARG(hdr->addr2));
3533 goto ignore;
3534 }
3535 }
3536
3537 if ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA &&
3538 ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT ||
3539 (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_AUTH)) {
3540 printk(KERN_DEBUG "%s: ignored spurious Michael MIC "
3541 "error for a frame that cannot be encrypted "
3542 "(fc=0x%04x) (src " MAC_FMT ")\n",
3543 dev->name, rx->fc, MAC_ARG(hdr->addr2));
3544 goto ignore;
3545 }
3546
3547 do {
3548 union iwreq_data wrqu;
3549 char *buf = kmalloc(128, GFP_ATOMIC);
3550 if (!buf)
3551 break;
3552
3553 /* TODO: needed parameters: count, key type, TSC */
3554 sprintf(buf, "MLME-MICHAELMICFAILURE.indication("
3555 "keyid=%d %scast addr=" MAC_FMT ")",
3556 keyidx, hdr->addr1[0] & 0x01 ? "broad" : "uni",
3557 MAC_ARG(hdr->addr2));
3558 memset(&wrqu, 0, sizeof(wrqu));
3559 wrqu.data.length = strlen(buf);
3560 wireless_send_event(rx->dev, IWEVCUSTOM, &wrqu, buf);
3561 kfree(buf);
3562 } while (0);
3563
3564 /* TODO: consider verifying the MIC error report with software
3565 * implementation if we get too many spurious reports from the
3566 * hardware. */
3567 if (!rx->local->apdev)
3568 goto ignore;
3569 ieee80211_rx_mgmt(rx->local, rx->skb, rx->u.rx.status,
3570 ieee80211_msg_michael_mic_failure);
3571 return;
3572
3573 ignore:
3574 dev_kfree_skb(rx->skb);
3575 rx->skb = NULL;
3576 }
3577
3578 static inline ieee80211_txrx_result __ieee80211_invoke_rx_handlers(
3579 struct ieee80211_local *local,
3580 ieee80211_rx_handler *handlers,
3581 struct ieee80211_txrx_data *rx,
3582 struct sta_info *sta)
3583 {
3584 ieee80211_rx_handler *handler;
3585 ieee80211_txrx_result res = TXRX_DROP;
3586
3587 for (handler = handlers; *handler != NULL; handler++) {
3588 res = (*handler)(rx);
3589 if (res != TXRX_CONTINUE) {
3590 if (res == TXRX_DROP) {
3591 I802_DEBUG_INC(local->rx_handlers_drop);
3592 if (sta)
3593 sta->rx_dropped++;
3594 }
3595 if (res == TXRX_QUEUED)
3596 I802_DEBUG_INC(local->rx_handlers_queued);
3597 break;
3598 }
3599 }
3600
3601 if (res == TXRX_DROP) {
3602 dev_kfree_skb(rx->skb);
3603 }
3604 return res;
3605 }
3606
3607 static inline void ieee80211_invoke_rx_handlers(struct ieee80211_local *local,
3608 ieee80211_rx_handler *handlers,
3609 struct ieee80211_txrx_data *rx,
3610 struct sta_info *sta)
3611 {
3612 if (__ieee80211_invoke_rx_handlers(local, handlers, rx, sta) ==
3613 TXRX_CONTINUE)
3614 dev_kfree_skb(rx->skb);
3615 }
3616
3617 /*
3618 * This is the receive path handler. It is called by a low level driver when an
3619 * 802.11 MPDU is received from the hardware.
3620 */
3621 void __ieee80211_rx(struct ieee80211_hw *hw, struct sk_buff *skb,
3622 struct ieee80211_rx_status *status)
3623 {
3624 struct ieee80211_local *local = hw_to_local(hw);
3625 struct ieee80211_sub_if_data *sdata;
3626 struct sta_info *sta;
3627 struct ieee80211_hdr *hdr;
3628 struct ieee80211_txrx_data rx;
3629 u16 type;
3630 int multicast;
3631
3632 hdr = (struct ieee80211_hdr *) skb->data;
3633 memset(&rx, 0, sizeof(rx));
3634 rx.skb = skb;
3635 rx.local = local;
3636
3637 rx.u.rx.status = status;
3638 rx.fc = skb->len >= 2 ? le16_to_cpu(hdr->frame_control) : 0;
3639 type = rx.fc & IEEE80211_FCTL_FTYPE;
3640 if (type == IEEE80211_FTYPE_DATA || type == IEEE80211_FTYPE_MGMT)
3641 local->dot11ReceivedFragmentCount++;
3642 multicast = is_multicast_ether_addr(hdr->addr1);
3643
3644 if (skb->len >= 16)
3645 sta = rx.sta = sta_info_get(local, hdr->addr2);
3646 else
3647 sta = rx.sta = NULL;
3648
3649 if (sta) {
3650 rx.dev = sta->dev;
3651 rx.sdata = IEEE80211_DEV_TO_SUB_IF(rx.dev);
3652 }
3653
3654 if ((status->flag & RX_FLAG_MMIC_ERROR)) {
3655 ieee80211_rx_michael_mic_report(local->mdev, hdr, sta, &rx);
3656 goto end;
3657 }
3658
3659 if (unlikely(local->sta_scanning || local->scan.in_scan))
3660 rx.u.rx.in_scan = 1;
3661
3662 if (__ieee80211_invoke_rx_handlers(local, local->rx_pre_handlers, &rx,
3663 sta) != TXRX_CONTINUE)
3664 goto end;
3665 skb = rx.skb;
3666
3667 if (sta && !sta->assoc_ap && !(sta->flags & WLAN_STA_WDS) &&
3668 !local->iff_promiscs && !multicast) {
3669 rx.u.rx.ra_match = 1;
3670 ieee80211_invoke_rx_handlers(local, local->rx_handlers, &rx,
3671 sta);
3672 } else {
3673 struct ieee80211_sub_if_data *prev = NULL;
3674 struct sk_buff *skb_new;
3675 u8 *bssid = ieee80211_get_bssid(hdr, skb->len);
3676
3677 list_for_each_entry(sdata, &local->sub_if_list, list) {
3678 rx.u.rx.ra_match = 1;
3679 switch (sdata->type) {
3680 case IEEE80211_IF_TYPE_STA:
3681 if (!bssid)
3682 continue;
3683 if (!ieee80211_bssid_match(bssid,
3684 sdata->u.sta.bssid)) {
3685 if (!rx.u.rx.in_scan)
3686 continue;
3687 rx.u.rx.ra_match = 0;
3688 } else if (!multicast &&
3689 memcmp(sdata->dev->dev_addr,
3690 hdr->addr1, ETH_ALEN) != 0) {
3691 if (!sdata->promisc)
3692 continue;
3693 rx.u.rx.ra_match = 0;
3694 }
3695 break;
3696 case IEEE80211_IF_TYPE_IBSS:
3697 if (!bssid)
3698 continue;
3699 if (!ieee80211_bssid_match(bssid,
3700 sdata->u.sta.bssid)) {
3701 if (!rx.u.rx.in_scan)
3702 continue;
3703 rx.u.rx.ra_match = 0;
3704 } else if (!multicast &&
3705 memcmp(sdata->dev->dev_addr,
3706 hdr->addr1, ETH_ALEN) != 0) {
3707 if (!sdata->promisc)
3708 continue;
3709 rx.u.rx.ra_match = 0;
3710 } else if (!sta)
3711 sta = rx.sta =
3712 ieee80211_ibss_add_sta(local->mdev,
3713 skb, bssid,
3714 hdr->addr2);
3715 /* FIXME: call with sdata->dev */
3716 break;
3717 case IEEE80211_IF_TYPE_AP:
3718 if (!bssid) {
3719 if (memcmp(sdata->dev->dev_addr,
3720 hdr->addr1, ETH_ALEN) != 0)
3721 continue;
3722 } else if (!ieee80211_bssid_match(bssid,
3723 sdata->dev->dev_addr)) {
3724 if (!rx.u.rx.in_scan)
3725 continue;
3726 rx.u.rx.ra_match = 0;
3727 }
3728 if (sdata->dev == local->mdev &&
3729 !rx.u.rx.in_scan)
3730 /* do not receive anything via
3731 * master device when not scanning */
3732 continue;
3733 break;
3734 case IEEE80211_IF_TYPE_WDS:
3735 if (bssid ||
3736 (rx.fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA)
3737 continue;
3738 if (memcmp(sdata->u.wds.remote_addr,
3739 hdr->addr2, ETH_ALEN) != 0)
3740 continue;
3741 break;
3742 }
3743
3744 if (prev) {
3745 skb_new = skb_copy(skb, GFP_ATOMIC);
3746 if (!skb_new) {
3747 if (net_ratelimit())
3748 printk(KERN_DEBUG "%s: failed to copy "
3749 "multicast frame for %s",
3750 local->mdev->name, prev->dev->name);
3751 continue;
3752 }
3753 rx.skb = skb_new;
3754 rx.dev = prev->dev;
3755 rx.sdata = prev;
3756 ieee80211_invoke_rx_handlers(local,
3757 local->rx_handlers,
3758 &rx, sta);
3759 }
3760 prev = sdata;
3761 }
3762 if (prev) {
3763 rx.skb = skb;
3764 rx.dev = prev->dev;
3765 rx.sdata = prev;
3766 ieee80211_invoke_rx_handlers(local, local->rx_handlers,
3767 &rx, sta);
3768 } else
3769 dev_kfree_skb(skb);
3770 }
3771
3772 end:
3773 if (sta)
3774 sta_info_put(sta);
3775 }
3776 EXPORT_SYMBOL(__ieee80211_rx);
3777
3778 static ieee80211_txrx_result
3779 ieee80211_tx_h_load_stats(struct ieee80211_txrx_data *tx)
3780 {
3781 struct ieee80211_local *local = tx->local;
3782 struct sk_buff *skb = tx->skb;
3783 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
3784 u32 load = 0, hdrtime;
3785
3786 /* TODO: this could be part of tx_status handling, so that the number
3787 * of retries would be known; TX rate should in that case be stored
3788 * somewhere with the packet */
3789
3790 /* Estimate total channel use caused by this frame */
3791
3792 /* 1 bit at 1 Mbit/s takes 1 usec; in channel_use values,
3793 * 1 usec = 1/8 * (1080 / 10) = 13.5 */
3794
3795 if (local->hw.conf.phymode == MODE_IEEE80211A ||
3796 local->hw.conf.phymode == MODE_ATHEROS_TURBO ||
3797 local->hw.conf.phymode == MODE_ATHEROS_TURBOG ||
3798 (local->hw.conf.phymode == MODE_IEEE80211G &&
3799 tx->u.tx.rate->flags & IEEE80211_RATE_ERP))
3800 hdrtime = CHAN_UTIL_HDR_SHORT;
3801 else
3802 hdrtime = CHAN_UTIL_HDR_LONG;
3803
3804 load = hdrtime;
3805 if (!is_multicast_ether_addr(hdr->addr1))
3806 load += hdrtime;
3807
3808 if (tx->u.tx.control->flags & IEEE80211_TXCTL_USE_RTS_CTS)
3809 load += 2 * hdrtime;
3810 else if (tx->u.tx.control->flags & IEEE80211_TXCTL_USE_CTS_PROTECT)
3811 load += hdrtime;
3812
3813 load += skb->len * tx->u.tx.rate->rate_inv;
3814
3815 if (tx->u.tx.extra_frag) {
3816 int i;
3817 for (i = 0; i < tx->u.tx.num_extra_frag; i++) {
3818 load += 2 * hdrtime;
3819 load += tx->u.tx.extra_frag[i]->len *
3820 tx->u.tx.rate->rate;
3821 }
3822 }
3823
3824 /* Divide channel_use by 8 to avoid wrapping around the counter */
3825 load >>= CHAN_UTIL_SHIFT;
3826 local->channel_use_raw += load;
3827 if (tx->sta)
3828 tx->sta->channel_use_raw += load;
3829 tx->sdata->channel_use_raw += load;
3830
3831 return TXRX_CONTINUE;
3832 }
3833
3834
3835 static ieee80211_txrx_result
3836 ieee80211_rx_h_load_stats(struct ieee80211_txrx_data *rx)
3837 {
3838 struct ieee80211_local *local = rx->local;
3839 struct sk_buff *skb = rx->skb;
3840 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
3841 u32 load = 0, hdrtime;
3842 struct ieee80211_rate *rate;
3843 int i;
3844
3845 /* Estimate total channel use caused by this frame */
3846
3847 if (unlikely(local->num_curr_rates < 0))
3848 return TXRX_CONTINUE;
3849
3850 rate = &local->curr_rates[0];
3851 for (i = 0; i < local->num_curr_rates; i++) {
3852 if (local->curr_rates[i].val == rx->u.rx.status->rate) {
3853 rate = &local->curr_rates[i];
3854 break;
3855 }
3856 }
3857
3858 /* 1 bit at 1 Mbit/s takes 1 usec; in channel_use values,
3859 * 1 usec = 1/8 * (1080 / 10) = 13.5 */
3860
3861 if (local->hw.conf.phymode == MODE_IEEE80211A ||
3862 local->hw.conf.phymode == MODE_ATHEROS_TURBO ||
3863 local->hw.conf.phymode == MODE_ATHEROS_TURBOG ||
3864 (local->hw.conf.phymode == MODE_IEEE80211G &&
3865 rate->flags & IEEE80211_RATE_ERP))
3866 hdrtime = CHAN_UTIL_HDR_SHORT;
3867 else
3868 hdrtime = CHAN_UTIL_HDR_LONG;
3869
3870 load = hdrtime;
3871 if (!is_multicast_ether_addr(hdr->addr1))
3872 load += hdrtime;
3873
3874 load += skb->len * rate->rate_inv;
3875
3876 /* Divide channel_use by 8 to avoid wrapping around the counter */
3877 load >>= CHAN_UTIL_SHIFT;
3878 local->channel_use_raw += load;
3879 if (rx->sta)
3880 rx->sta->channel_use_raw += load;
3881 rx->u.rx.load = load;
3882
3883 return TXRX_CONTINUE;
3884 }
3885
3886 static ieee80211_txrx_result
3887 ieee80211_rx_h_if_stats(struct ieee80211_txrx_data *rx)
3888 {
3889 rx->sdata->channel_use_raw += rx->u.rx.load;
3890 return TXRX_CONTINUE;
3891 }
3892
3893 static void ieee80211_stat_refresh(unsigned long data)
3894 {
3895 struct ieee80211_local *local = (struct ieee80211_local *) data;
3896 struct sta_info *sta;
3897 struct ieee80211_sub_if_data *sdata;
3898
3899 if (!local->stat_time)
3900 return;
3901
3902 /* go through all stations */
3903 spin_lock_bh(&local->sta_lock);
3904 list_for_each_entry(sta, &local->sta_list, list) {
3905 sta->channel_use = (sta->channel_use_raw / local->stat_time) /
3906 CHAN_UTIL_PER_10MS;
3907 sta->channel_use_raw = 0;
3908 }
3909 spin_unlock_bh(&local->sta_lock);
3910
3911 /* go through all subinterfaces */
3912 list_for_each_entry(sdata, &local->sub_if_list, list) {
3913 sdata->channel_use = (sdata->channel_use_raw /
3914 local->stat_time) / CHAN_UTIL_PER_10MS;
3915 sdata->channel_use_raw = 0;
3916 }
3917
3918 /* hardware interface */
3919 local->channel_use = (local->channel_use_raw /
3920 local->stat_time) / CHAN_UTIL_PER_10MS;
3921 local->channel_use_raw = 0;
3922
3923 local->stat_timer.expires = jiffies + HZ * local->stat_time / 100;
3924 add_timer(&local->stat_timer);
3925 }
3926
3927
3928 /* This is a version of the rx handler that can be called from hard irq
3929 * context. Post the skb on the queue and schedule the tasklet */
3930 void ieee80211_rx_irqsafe(struct ieee80211_hw *hw, struct sk_buff *skb,
3931 struct ieee80211_rx_status *status)
3932 {
3933 struct ieee80211_rx_status *saved;
3934 struct ieee80211_local *local = hw_to_local(hw);
3935
3936 skb->dev = local->mdev;
3937 saved = kmalloc(sizeof(struct ieee80211_rx_status), GFP_ATOMIC);
3938 if (unlikely(!saved)) {
3939 if (net_ratelimit())
3940 printk(KERN_WARNING "%s: Not enough memory, "
3941 "dropping packet", skb->dev->name);
3942 /* should be dev_kfree_skb_irq, but due to this function being
3943 * named _irqsafe instead of just _irq we can't be sure that
3944 * people won't call it from non-irq contexts */
3945 dev_kfree_skb_any(skb);
3946 return;
3947 }
3948 memcpy(saved, status, sizeof(struct ieee80211_rx_status));
3949 /* copy pointer to saved status into skb->cb for use by tasklet */
3950 memcpy(skb->cb, &saved, sizeof(saved));
3951
3952 skb->pkt_type = ieee80211_rx_msg;
3953 skb_queue_tail(&local->skb_queue, skb);
3954 tasklet_schedule(&local->tasklet);
3955 }
3956 EXPORT_SYMBOL(ieee80211_rx_irqsafe);
3957
3958 void ieee80211_tx_status_irqsafe(struct ieee80211_hw *hw,
3959 struct sk_buff *skb,
3960 struct ieee80211_tx_status *status)
3961 {
3962 struct ieee80211_local *local = hw_to_local(hw);
3963 struct ieee80211_tx_status *saved;
3964 int tmp;
3965
3966 skb->dev = local->mdev;
3967 saved = kmalloc(sizeof(struct ieee80211_tx_status), GFP_ATOMIC);
3968 if (unlikely(!saved)) {
3969 if (net_ratelimit())
3970 printk(KERN_WARNING "%s: Not enough memory, "
3971 "dropping tx status", skb->dev->name);
3972 /* should be dev_kfree_skb_irq, but due to this function being
3973 * named _irqsafe instead of just _irq we can't be sure that
3974 * people won't call it from non-irq contexts */
3975 dev_kfree_skb_any(skb);
3976 return;
3977 }
3978 memcpy(saved, status, sizeof(struct ieee80211_tx_status));
3979 /* copy pointer to saved status into skb->cb for use by tasklet */
3980 memcpy(skb->cb, &saved, sizeof(saved));
3981
3982 skb->pkt_type = ieee80211_tx_status_msg;
3983 skb_queue_tail(status->control.flags & IEEE80211_TXCTL_REQ_TX_STATUS ?
3984 &local->skb_queue : &local->skb_queue_unreliable, skb);
3985 tmp = skb_queue_len(&local->skb_queue) +
3986 skb_queue_len(&local->skb_queue_unreliable);
3987 while (tmp > IEEE80211_IRQSAFE_QUEUE_LIMIT &&
3988 (skb = skb_dequeue(&local->skb_queue_unreliable))) {
3989 memcpy(&saved, skb->cb, sizeof(saved));
3990 kfree(saved);
3991 dev_kfree_skb_irq(skb);
3992 tmp--;
3993 I802_DEBUG_INC(local->tx_status_drop);
3994 }
3995 tasklet_schedule(&local->tasklet);
3996 }
3997 EXPORT_SYMBOL(ieee80211_tx_status_irqsafe);
3998
3999 static void ieee80211_tasklet_handler(unsigned long data)
4000 {
4001 struct ieee80211_local *local = (struct ieee80211_local *) data;
4002 struct sk_buff *skb;
4003 struct ieee80211_rx_status *rx_status;
4004 struct ieee80211_tx_status *tx_status;
4005
4006 while ((skb = skb_dequeue(&local->skb_queue)) ||
4007 (skb = skb_dequeue(&local->skb_queue_unreliable))) {
4008 switch (skb->pkt_type) {
4009 case ieee80211_rx_msg:
4010 /* get pointer to saved status out of skb->cb */
4011 memcpy(&rx_status, skb->cb, sizeof(rx_status));
4012 /* Clear skb->type in order to not confuse kernel
4013 * netstack. */
4014 skb->pkt_type = 0;
4015 __ieee80211_rx(local_to_hw(local), skb, rx_status);
4016 kfree(rx_status);
4017 break;
4018 case ieee80211_tx_status_msg:
4019 /* get pointer to saved status out of skb->cb */
4020 memcpy(&tx_status, skb->cb, sizeof(tx_status));
4021 skb->pkt_type = 0;
4022 ieee80211_tx_status(local_to_hw(local),
4023 skb, tx_status);
4024 kfree(tx_status);
4025 break;
4026 default: /* should never get here! */
4027 printk(KERN_ERR "%s: Unknown message type (%d)\n",
4028 local->mdev->name, skb->pkt_type);
4029 dev_kfree_skb(skb);
4030 break;
4031 }
4032 }
4033 }
4034
4035
4036 /* Remove added headers (e.g., QoS control), encryption header/MIC, etc. to
4037 * make a prepared TX frame (one that has been given to hw) to look like brand
4038 * new IEEE 802.11 frame that is ready to go through TX processing again.
4039 * Also, tx_packet_data in cb is restored from tx_control. */
4040 static void ieee80211_remove_tx_extra(struct ieee80211_local *local,
4041 struct ieee80211_key *key,
4042 struct sk_buff *skb,
4043 struct ieee80211_tx_control *control)
4044 {
4045 int hdrlen, iv_len, mic_len;
4046 struct ieee80211_tx_packet_data *pkt_data;
4047
4048 pkt_data = (struct ieee80211_tx_packet_data *)skb->cb;
4049 pkt_data->ifindex = control->ifindex;
4050 pkt_data->mgmt_iface = (control->type == IEEE80211_IF_TYPE_MGMT);
4051 pkt_data->req_tx_status = !!(control->flags & IEEE80211_TXCTL_REQ_TX_STATUS);
4052 pkt_data->do_not_encrypt = !!(control->flags & IEEE80211_TXCTL_DO_NOT_ENCRYPT);
4053 pkt_data->pkt_probe_resp = (control->pkt_type == PKT_PROBE_RESP);
4054 pkt_data->requeue = !!(control->flags & IEEE80211_TXCTL_REQUEUE);
4055 pkt_data->queue = control->queue;
4056
4057 hdrlen = ieee80211_get_hdrlen_from_skb(skb);
4058
4059 if (!key)
4060 goto no_key;
4061
4062 switch (key->alg) {
4063 case ALG_WEP:
4064 iv_len = WEP_IV_LEN;
4065 mic_len = WEP_ICV_LEN;
4066 break;
4067 case ALG_TKIP:
4068 iv_len = TKIP_IV_LEN;
4069 mic_len = TKIP_ICV_LEN;
4070 break;
4071 case ALG_CCMP:
4072 iv_len = CCMP_HDR_LEN;
4073 mic_len = CCMP_MIC_LEN;
4074 break;
4075 default:
4076 goto no_key;
4077 }
4078
4079 if (skb->len >= mic_len && key->force_sw_encrypt)
4080 skb_trim(skb, skb->len - mic_len);
4081 if (skb->len >= iv_len && skb->len > hdrlen) {
4082 memmove(skb->data + iv_len, skb->data, hdrlen);
4083 skb_pull(skb, iv_len);
4084 }
4085
4086 no_key:
4087 {
4088 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
4089 u16 fc = le16_to_cpu(hdr->frame_control);
4090 if ((fc & 0x8C) == 0x88) /* QoS Control Field */ {
4091 fc &= ~IEEE80211_STYPE_QOS_DATA;
4092 hdr->frame_control = cpu_to_le16(fc);
4093 memmove(skb->data + 2, skb->data, hdrlen - 2);
4094 skb_pull(skb, 2);
4095 }
4096 }
4097 }
4098
4099
4100 void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb,
4101 struct ieee80211_tx_status *status)
4102 {
4103 struct sk_buff *skb2;
4104 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
4105 struct ieee80211_local *local = hw_to_local(hw);
4106 u16 frag, type;
4107 u32 msg_type;
4108
4109 if (!status) {
4110 printk(KERN_ERR
4111 "%s: ieee80211_tx_status called with NULL status\n",
4112 local->mdev->name);
4113 dev_kfree_skb(skb);
4114 return;
4115 }
4116
4117 if (status->excessive_retries) {
4118 struct sta_info *sta;
4119 sta = sta_info_get(local, hdr->addr1);
4120 if (sta) {
4121 if (sta->flags & WLAN_STA_PS) {
4122 /* The STA is in power save mode, so assume
4123 * that this TX packet failed because of that.
4124 */
4125 status->excessive_retries = 0;
4126 status->flags |= IEEE80211_TX_STATUS_TX_FILTERED;
4127 }
4128 sta_info_put(sta);
4129 }
4130 }
4131
4132 if (status->flags & IEEE80211_TX_STATUS_TX_FILTERED) {
4133 struct sta_info *sta;
4134 sta = sta_info_get(local, hdr->addr1);
4135 if (sta) {
4136 sta->tx_filtered_count++;
4137
4138 /* Clear the TX filter mask for this STA when sending
4139 * the next packet. If the STA went to power save mode,
4140 * this will happen when it is waking up for the next
4141 * time. */
4142 sta->clear_dst_mask = 1;
4143
4144 /* TODO: Is the WLAN_STA_PS flag always set here or is
4145 * the race between RX and TX status causing some
4146 * packets to be filtered out before 80211.o gets an
4147 * update for PS status? This seems to be the case, so
4148 * no changes are likely to be needed. */
4149 if (sta->flags & WLAN_STA_PS &&
4150 skb_queue_len(&sta->tx_filtered) <
4151 STA_MAX_TX_BUFFER) {
4152 ieee80211_remove_tx_extra(local, sta->key,
4153 skb,
4154 &status->control);
4155 skb_queue_tail(&sta->tx_filtered, skb);
4156 } else if (!(sta->flags & WLAN_STA_PS) &&
4157 !(status->control.flags & IEEE80211_TXCTL_REQUEUE)) {
4158 /* Software retry the packet once */
4159 status->control.flags |= IEEE80211_TXCTL_REQUEUE;
4160 ieee80211_remove_tx_extra(local, sta->key,
4161 skb,
4162 &status->control);
4163 dev_queue_xmit(skb);
4164 } else {
4165 if (net_ratelimit()) {
4166 printk(KERN_DEBUG "%s: dropped TX "
4167 "filtered frame queue_len=%d "
4168 "PS=%d @%lu\n",
4169 local->mdev->name,
4170 skb_queue_len(
4171 &sta->tx_filtered),
4172 !!(sta->flags & WLAN_STA_PS),
4173 jiffies);
4174 }
4175 dev_kfree_skb(skb);
4176 }
4177 sta_info_put(sta);
4178 return;
4179 }
4180 } else {
4181 /* FIXME: STUPID to call this with both local and local->mdev */
4182 rate_control_tx_status(local, local->mdev, skb, status);
4183 }
4184
4185 ieee80211_led_tx(local, 0);
4186
4187 /* SNMP counters
4188 * Fragments are passed to low-level drivers as separate skbs, so these
4189 * are actually fragments, not frames. Update frame counters only for
4190 * the first fragment of the frame. */
4191
4192 frag = le16_to_cpu(hdr->seq_ctrl) & IEEE80211_SCTL_FRAG;
4193 type = le16_to_cpu(hdr->frame_control) & IEEE80211_FCTL_FTYPE;
4194
4195 if (status->flags & IEEE80211_TX_STATUS_ACK) {
4196 if (frag == 0) {
4197 local->dot11TransmittedFrameCount++;
4198 if (is_multicast_ether_addr(hdr->addr1))
4199 local->dot11MulticastTransmittedFrameCount++;
4200 if (status->retry_count > 0)
4201 local->dot11RetryCount++;
4202 if (status->retry_count > 1)
4203 local->dot11MultipleRetryCount++;
4204 }
4205
4206 /* This counter shall be incremented for an acknowledged MPDU
4207 * with an individual address in the address 1 field or an MPDU
4208 * with a multicast address in the address 1 field of type Data
4209 * or Management. */
4210 if (!is_multicast_ether_addr(hdr->addr1) ||
4211 type == IEEE80211_FTYPE_DATA ||
4212 type == IEEE80211_FTYPE_MGMT)
4213 local->dot11TransmittedFragmentCount++;
4214 } else {
4215 if (frag == 0)
4216 local->dot11FailedCount++;
4217 }
4218
4219 if (!(status->control.flags & IEEE80211_TXCTL_REQ_TX_STATUS)
4220 || unlikely(!local->apdev)) {
4221 dev_kfree_skb(skb);
4222 return;
4223 }
4224
4225 msg_type = (status->flags & IEEE80211_TX_STATUS_ACK) ?
4226 ieee80211_msg_tx_callback_ack : ieee80211_msg_tx_callback_fail;
4227
4228 /* skb was the original skb used for TX. Clone it and give the clone
4229 * to netif_rx(). Free original skb. */
4230 skb2 = skb_copy(skb, GFP_ATOMIC);
4231 if (!skb2) {
4232 dev_kfree_skb(skb);
4233 return;
4234 }
4235 dev_kfree_skb(skb);
4236 skb = skb2;
4237
4238 /* Send frame to hostapd */
4239 ieee80211_rx_mgmt(local, skb, NULL, msg_type);
4240 }
4241 EXPORT_SYMBOL(ieee80211_tx_status);
4242
4243 /* TODO: implement register/unregister functions for adding TX/RX handlers
4244 * into ordered list */
4245
4246 /* rx_pre handlers don't have dev and sdata fields available in
4247 * ieee80211_txrx_data */
4248 static ieee80211_rx_handler ieee80211_rx_pre_handlers[] =
4249 {
4250 ieee80211_rx_h_parse_qos,
4251 ieee80211_rx_h_load_stats,
4252 NULL
4253 };
4254
4255 static ieee80211_rx_handler ieee80211_rx_handlers[] =
4256 {
4257 ieee80211_rx_h_if_stats,
4258 ieee80211_rx_h_monitor,
4259 ieee80211_rx_h_passive_scan,
4260 ieee80211_rx_h_check,
4261 ieee80211_rx_h_sta_process,
4262 ieee80211_rx_h_ccmp_decrypt,
4263 ieee80211_rx_h_tkip_decrypt,
4264 ieee80211_rx_h_wep_weak_iv_detection,
4265 ieee80211_rx_h_wep_decrypt,
4266 ieee80211_rx_h_defragment,
4267 ieee80211_rx_h_ps_poll,
4268 ieee80211_rx_h_michael_mic_verify,
4269 /* this must be after decryption - so header is counted in MPDU mic
4270 * must be before pae and data, so QOS_DATA format frames
4271 * are not passed to user space by these functions
4272 */
4273 ieee80211_rx_h_remove_qos_control,
4274 ieee80211_rx_h_802_1x_pae,
4275 ieee80211_rx_h_drop_unencrypted,
4276 ieee80211_rx_h_data,
4277 ieee80211_rx_h_mgmt,
4278 NULL
4279 };
4280
4281 static ieee80211_tx_handler ieee80211_tx_handlers[] =
4282 {
4283 ieee80211_tx_h_check_assoc,
4284 ieee80211_tx_h_ps_buf,
4285 ieee80211_tx_h_select_key,
4286 ieee80211_tx_h_michael_mic_add,
4287 ieee80211_tx_h_fragment,
4288 ieee80211_tx_h_tkip_encrypt,
4289 ieee80211_tx_h_ccmp_encrypt,
4290 ieee80211_tx_h_wep_encrypt,
4291 ieee80211_tx_h_rate_ctrl,
4292 ieee80211_tx_h_misc,
4293 ieee80211_tx_h_load_stats,
4294 NULL
4295 };
4296
4297
4298 int ieee80211_if_update_wds(struct net_device *dev, u8 *remote_addr)
4299 {
4300 struct ieee80211_local *local = dev->ieee80211_ptr;
4301 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4302 struct sta_info *sta;
4303
4304 /* Remove STA entry for the old peer */
4305 sta = sta_info_get(local, sdata->u.wds.remote_addr);
4306 if (sta) {
4307 sta_info_put(sta);
4308 sta_info_free(sta, 0);
4309 } else {
4310 printk(KERN_DEBUG "%s: could not find STA entry for WDS link "
4311 "peer " MAC_FMT "\n",
4312 dev->name, MAC_ARG(sdata->u.wds.remote_addr));
4313 }
4314
4315 /* Update WDS link data */
4316 memcpy(&sdata->u.wds.remote_addr, remote_addr, ETH_ALEN);
4317
4318 return 0;
4319 }
4320
4321 /* Must not be called for mdev and apdev */
4322 void ieee80211_if_setup(struct net_device *dev)
4323 {
4324 ether_setup(dev);
4325 dev->hard_start_xmit = ieee80211_subif_start_xmit;
4326 dev->wireless_handlers =
4327 (struct iw_handler_def *) &ieee80211_iw_handler_def;
4328 dev->do_ioctl = ieee80211_ioctl;
4329 dev->set_mac_address = ieee80211_set_mac_address;
4330 dev->set_multicast_list = ieee80211_set_multicast_list;
4331 dev->change_mtu = ieee80211_change_mtu;
4332 dev->tx_timeout = ieee80211_tx_timeout;
4333 dev->get_stats = ieee80211_get_stats;
4334 dev->open = ieee80211_open;
4335 dev->stop = ieee80211_stop;
4336 dev->tx_queue_len = 0;
4337 dev->destructor = ieee80211_if_free;
4338 }
4339
4340 void ieee80211_if_mgmt_setup(struct net_device *dev)
4341 {
4342 ether_setup(dev);
4343 dev->hard_start_xmit = ieee80211_mgmt_start_xmit;
4344 dev->change_mtu = ieee80211_change_mtu_apdev;
4345 dev->get_stats = ieee80211_get_stats;
4346 dev->open = ieee80211_mgmt_open;
4347 dev->stop = ieee80211_mgmt_stop;
4348 dev->type = ARPHRD_IEEE80211_PRISM;
4349 dev->hard_header_parse = header_parse_80211;
4350 dev->tx_queue_len = 0;
4351 dev->destructor = ieee80211_if_free;
4352 }
4353
4354 static void ieee80211_precalc_modes(struct ieee80211_local *local)
4355 {
4356 struct ieee80211_hw_modes *mode;
4357 struct ieee80211_rate *rate;
4358 struct ieee80211_hw *hw = &local->hw;
4359 int m, r;
4360
4361 local->hw_modes = 0;
4362 for (m = 0; m < hw->num_modes; m++) {
4363 mode = &hw->modes[m];
4364 local->hw_modes |= 1 << mode->mode;
4365 for (r = 0; r < mode->num_rates; r++) {
4366 rate = &mode->rates[r];
4367 rate->rate_inv = CHAN_UTIL_RATE_LCM / rate->rate;
4368 }
4369 }
4370 }
4371
4372 int ieee80211_init_rate_ctrl_alg(struct ieee80211_local *local,
4373 const char *name)
4374 {
4375 struct rate_control_ref *ref, *old;
4376 int res;
4377
4378 ASSERT_RTNL();
4379 if (local->open_count || netif_running(local->mdev) ||
4380 (local->apdev && netif_running(local->apdev)))
4381 return -EBUSY;
4382
4383 ref = rate_control_alloc(name, local);
4384 if (!ref) {
4385 printk(KERN_WARNING "%s: Failed to select rate control "
4386 "algorithm\n", local->mdev->name);
4387 return -ENOENT;
4388 }
4389 res = rate_control_add_attrs(ref, &local->class_dev.kobj);
4390 if (res < 0) {
4391 printk(KERN_DEBUG "%s: Failed to register sysfs attributes "
4392 "for rate control\n", local->mdev->name);
4393 rate_control_put(ref);
4394 return res;
4395 }
4396
4397 old = local->rate_ctrl;
4398 local->rate_ctrl = ref;
4399 if (old) {
4400 rate_control_remove_attrs(ref, &local->class_dev.kobj);
4401 rate_control_put(old);
4402 sta_info_flush(local, NULL);
4403 }
4404
4405 printk(KERN_DEBUG "%s: Selected rate control "
4406 "algorithm '%s'\n", local->mdev->name,
4407 ref->ops->name);
4408
4409
4410 return 0;
4411 }
4412
4413 static void rate_control_deinitialize(struct ieee80211_local *local)
4414 {
4415 struct rate_control_ref *ref;
4416
4417 ref = local->rate_ctrl;
4418 local->rate_ctrl = NULL;
4419 rate_control_remove_attrs(ref, &local->class_dev.kobj);
4420 rate_control_put(ref);
4421 }
4422
4423 struct ieee80211_hw *ieee80211_alloc_hw(size_t priv_data_len,
4424 struct ieee80211_ops *ops)
4425 {
4426 struct net_device *mdev;
4427 struct ieee80211_local *local;
4428 struct ieee80211_sub_if_data *sdata;
4429 int priv_size;
4430
4431 local = ieee80211_dev_alloc(GFP_KERNEL);
4432 if (!local)
4433 return NULL;
4434
4435 local->ops = ops;
4436
4437 /* Ensure 32-byte alignment of our private data and hw private data.
4438 * Each net_device is followed by a sub_if_data which is used for
4439 * interface specific information.
4440 *
4441 * Sample memory map looks something like:
4442 *
4443 * 0000 *****************
4444 * * net_dev *
4445 * 0160 *****************
4446 * * sub_if *
4447 * 0b80 *****************
4448 * * hw_priv *
4449 * 1664 *****************
4450 */
4451 priv_size = ((sizeof(struct ieee80211_sub_if_data) +
4452 NETDEV_ALIGN_CONST) & ~NETDEV_ALIGN_CONST) +
4453 priv_data_len;
4454 mdev = alloc_netdev(priv_size, "wmaster%d", ether_setup);
4455 if (!mdev) {
4456 ieee80211_dev_free(local);
4457 return NULL;
4458 }
4459
4460 mdev->ieee80211_ptr = local;
4461 local->hw.priv = (char *)mdev->priv +
4462 ((sizeof(struct ieee80211_sub_if_data) +
4463 NETDEV_ALIGN_CONST) & ~NETDEV_ALIGN_CONST);
4464
4465 local->mdev = mdev;
4466 local->rx_pre_handlers = ieee80211_rx_pre_handlers;
4467 local->rx_handlers = ieee80211_rx_handlers;
4468 local->tx_handlers = ieee80211_tx_handlers;
4469
4470 local->bridge_packets = 1;
4471
4472 local->rts_threshold = IEEE80211_MAX_RTS_THRESHOLD;
4473 local->fragmentation_threshold = IEEE80211_MAX_FRAG_THRESHOLD;
4474 local->short_retry_limit = 7;
4475 local->long_retry_limit = 4;
4476 local->hw.conf.radio_enabled = 1;
4477 local->rate_ctrl_num_up = RATE_CONTROL_NUM_UP;
4478 local->rate_ctrl_num_down = RATE_CONTROL_NUM_DOWN;
4479
4480 local->scan.in_scan = 0;
4481 local->enabled_modes = (unsigned int) -1;
4482
4483 init_timer(&local->scan.timer); /* clear it out */
4484
4485 spin_lock_init(&local->sub_if_lock);
4486 INIT_LIST_HEAD(&local->sub_if_list);
4487
4488 spin_lock_init(&local->generic_lock);
4489 init_timer(&local->stat_timer);
4490 local->stat_timer.function = ieee80211_stat_refresh;
4491 local->stat_timer.data = (unsigned long) local;
4492 ieee80211_rx_bss_list_init(mdev);
4493
4494 sta_info_init(local);
4495
4496 mdev->hard_start_xmit = ieee80211_master_start_xmit;
4497 mdev->wireless_handlers =
4498 (struct iw_handler_def *) &ieee80211_iw_master_handler_def;
4499 mdev->do_ioctl = ieee80211_ioctl;
4500 mdev->change_mtu = ieee80211_change_mtu;
4501 mdev->tx_timeout = ieee80211_tx_timeout;
4502 mdev->get_stats = ieee80211_get_stats;
4503 mdev->open = ieee80211_master_open;
4504 mdev->stop = ieee80211_master_stop;
4505 mdev->type = ARPHRD_IEEE80211;
4506 mdev->hard_header_parse = header_parse_80211;
4507
4508 sdata = IEEE80211_DEV_TO_SUB_IF(mdev);
4509 sdata->type = IEEE80211_IF_TYPE_AP;
4510 sdata->dev = mdev;
4511 sdata->local = local;
4512 sdata->u.ap.force_unicast_rateidx = -1;
4513 sdata->u.ap.max_ratectrl_rateidx = -1;
4514 ieee80211_if_sdata_init(sdata);
4515 list_add_tail(&sdata->list, &local->sub_if_list);
4516
4517 tasklet_init(&local->tx_pending_tasklet, ieee80211_tx_pending,
4518 (unsigned long)local);
4519 tasklet_disable(&local->tx_pending_tasklet);
4520
4521 tasklet_init(&local->tasklet,
4522 ieee80211_tasklet_handler,
4523 (unsigned long) local);
4524 skb_queue_head_init(&local->skb_queue);
4525 skb_queue_head_init(&local->skb_queue_unreliable);
4526
4527 return local_to_hw(local);
4528 }
4529 EXPORT_SYMBOL(ieee80211_alloc_hw);
4530
4531 int ieee80211_register_hw(struct ieee80211_hw *hw)
4532 {
4533 struct ieee80211_local *local = hw_to_local(hw);
4534 struct net_device *sta_dev;
4535 int result;
4536
4537 result = ieee80211_dev_alloc_index(local);
4538 if (result < 0)
4539 return -1;
4540
4541 local->class_dev.dev = local->hw.dev;
4542
4543 result = ieee80211_dev_sysfs_add(local);
4544 if (result < 0)
4545 goto fail_sysfs;
4546
4547 local->hw.conf.beacon_int = 1000;
4548
4549 /* Don't care about the result */
4550 ieee80211_update_hw(local_to_hw(local));
4551
4552 result = sta_info_start(local);
4553 if (result < 0)
4554 goto fail_sta_info;
4555
4556 if (hw->flags & IEEE80211_HW_FRAGLIST)
4557 local->mdev->features |= NETIF_F_FRAGLIST;
4558 rtnl_lock();
4559 result = dev_alloc_name(local->mdev, local->mdev->name);
4560 if (result < 0) {
4561 rtnl_unlock();
4562 goto fail_dev;
4563 }
4564
4565 memcpy(local->mdev->dev_addr, local->hw.perm_addr, ETH_ALEN);
4566 SET_NETDEV_DEV(local->mdev, local->hw.dev);
4567
4568 result = register_netdevice(local->mdev);
4569 if (result < 0) {
4570 rtnl_unlock();
4571 goto fail_dev;
4572 }
4573 result = sysfs_create_link(&local->class_dev.kobj,
4574 &local->mdev->class_dev.kobj,
4575 "master");
4576 if (result < 0) {
4577 rtnl_unlock();
4578 goto fail_masterlink;
4579 }
4580 result = ieee80211_sysfs_add_netdevice(local->mdev);
4581 if (result < 0) {
4582 rtnl_unlock();
4583 goto fail_if_sysfs;
4584 }
4585
4586 result = ieee80211_init_rate_ctrl_alg(local, NULL);
4587 rtnl_unlock();
4588 if (result < 0) {
4589 printk(KERN_DEBUG "%s: Failed to initialize rate control "
4590 "algorithm\n", local->mdev->name);
4591 goto fail_rate;
4592 }
4593
4594 result = ieee80211_wep_init(local);
4595
4596 if (result < 0) {
4597 printk(KERN_DEBUG "%s: Failed to initialize wep\n",
4598 local->mdev->name);
4599 goto fail_wep;
4600 }
4601
4602 /* TODO: add rtnl locking around device creation and qdisc install */
4603 ieee80211_install_qdisc(local->mdev);
4604
4605 /* add one default STA interface */
4606 rtnl_lock();
4607 result = ieee80211_if_add(local->mdev, "wlan%d", 1, &sta_dev);
4608 if (result == 0)
4609 ieee80211_if_set_type(sta_dev, IEEE80211_IF_TYPE_STA);
4610
4611 local->reg_state = IEEE80211_DEV_REGISTERED;
4612 rtnl_unlock();
4613
4614 ieee80211_led_init(local);
4615
4616 return 0;
4617
4618 fail_wep:
4619 rate_control_deinitialize(local);
4620 fail_rate:
4621 ieee80211_sysfs_remove_netdevice(local->mdev);
4622 fail_if_sysfs:
4623 sysfs_remove_link(&local->class_dev.kobj, "master");
4624 fail_masterlink:
4625 unregister_netdev(local->mdev);
4626 fail_dev:
4627 sta_info_stop(local);
4628 fail_sta_info:
4629 ieee80211_dev_sysfs_del(local);
4630 fail_sysfs:
4631 ieee80211_dev_free_index(local);
4632 return result;
4633 }
4634 EXPORT_SYMBOL(ieee80211_register_hw);
4635
4636 int ieee80211_update_hw(struct ieee80211_hw *hw)
4637 {
4638 struct ieee80211_local *local = hw_to_local(hw);
4639
4640 /* Backwards compatibility for low-level drivers that do not set number
4641 * of TX queues. */
4642 if (hw->queues == 0)
4643 hw->queues = 1;
4644
4645 if (!hw->modes || !hw->modes->channels || !hw->modes->rates ||
4646 !hw->modes->num_channels || !hw->modes->num_rates)
4647 return -1;
4648
4649 ieee80211_precalc_modes(local);
4650 local->hw.conf.phymode = hw->modes[0].mode;
4651 local->curr_rates = hw->modes[0].rates;
4652 local->num_curr_rates = hw->modes[0].num_rates;
4653 ieee80211_prepare_rates(local);
4654
4655 local->hw.conf.freq = local->hw.modes[0].channels[0].freq;
4656 local->hw.conf.channel = local->hw.modes[0].channels[0].chan;
4657 local->hw.conf.channel_val = local->hw.modes[0].channels[0].val;
4658
4659 ieee80211_init_client(local->mdev);
4660 /* FIXME: Invoke config to allow driver to set the channel. */
4661
4662 return 0;
4663 }
4664 EXPORT_SYMBOL(ieee80211_update_hw);
4665
4666 void ieee80211_unregister_hw(struct ieee80211_hw *hw)
4667 {
4668 struct ieee80211_local *local = hw_to_local(hw);
4669 struct ieee80211_sub_if_data *sdata, *tmp;
4670 int i;
4671
4672 tasklet_disable(&local->tasklet);
4673 /* TODO: skb_queue should be empty here, no need to do anything? */
4674
4675 rtnl_lock();
4676 local->reg_state = IEEE80211_DEV_UNREGISTERED;
4677 if (local->apdev)
4678 ieee80211_if_del_mgmt(local);
4679
4680 sysfs_remove_link(&local->class_dev.kobj, "master");
4681
4682 list_for_each_entry_safe(sdata, tmp, &local->sub_if_list, list)
4683 __ieee80211_if_del(local, sdata);
4684
4685 rtnl_unlock();
4686
4687 if (local->stat_time)
4688 del_timer_sync(&local->stat_timer);
4689 if (local->scan_work.data) {
4690 local->sta_scanning = 0;
4691 cancel_delayed_work(&local->scan_work);
4692 flush_scheduled_work();
4693 /* The scan_work is guaranteed not to be called at this
4694 * point. It is not scheduled and not running now. It can be
4695 * scheduled again only by sta_work (stopped by now) or under
4696 * rtnl lock. */
4697 }
4698
4699 ieee80211_rx_bss_list_deinit(local->mdev);
4700 ieee80211_clear_tx_pending(local);
4701 sta_info_stop(local);
4702 rate_control_deinitialize(local);
4703 ieee80211_dev_sysfs_del(local);
4704
4705 for (i = 0; i < NUM_IEEE80211_MODES; i++) {
4706 kfree(local->supp_rates[i]);
4707 kfree(local->basic_rates[i]);
4708 }
4709
4710 if (skb_queue_len(&local->skb_queue)
4711 || skb_queue_len(&local->skb_queue_unreliable))
4712 printk(KERN_WARNING "%s: skb_queue not empty",
4713 local->mdev->name);
4714 skb_queue_purge(&local->skb_queue);
4715 skb_queue_purge(&local->skb_queue_unreliable);
4716
4717 ieee80211_dev_free_index(local);
4718 ieee80211_led_exit(local);
4719 }
4720 EXPORT_SYMBOL(ieee80211_unregister_hw);
4721
4722 void ieee80211_free_hw(struct ieee80211_hw *hw)
4723 {
4724 struct ieee80211_local *local = hw_to_local(hw);
4725
4726 ieee80211_if_free(local->mdev);
4727 ieee80211_wep_free(local);
4728 ieee80211_dev_free(local);
4729 }
4730 EXPORT_SYMBOL(ieee80211_free_hw);
4731
4732 void ieee80211_release_hw(struct ieee80211_local *local)
4733 {
4734 kfree(local);
4735 }
4736
4737 /* Perform netif operations on all configured interfaces */
4738 int ieee80211_netif_oper(struct ieee80211_hw *hw, Netif_Oper op)
4739 {
4740 struct ieee80211_local *local = hw_to_local(hw);
4741 struct net_device *dev = local->mdev;
4742
4743 switch (op) {
4744 case NETIF_ATTACH:
4745 netif_device_attach(dev);
4746 break;
4747 case NETIF_DETACH:
4748 netif_device_detach(dev);
4749 break;
4750 case NETIF_START:
4751 netif_start_queue(dev);
4752 break;
4753 case NETIF_STOP:
4754 break;
4755 case NETIF_WAKE:
4756 if (local->scan.in_scan == 0) {
4757 netif_wake_queue(dev);
4758 #if 1
4759 if (/* FIX: 802.11 qdisc in use */ 1)
4760 __netif_schedule(dev);
4761 #endif
4762 }
4763 break;
4764 case NETIF_IS_STOPPED:
4765 if (netif_queue_stopped(dev))
4766 return 1;
4767 break;
4768 case NETIF_UPDATE_TX_START:
4769 dev->trans_start = jiffies;
4770 break;
4771 }
4772
4773 return 0;
4774 }
4775 EXPORT_SYMBOL(ieee80211_netif_oper);
4776
4777 void ieee80211_wake_queue(struct ieee80211_hw *hw, int queue)
4778 {
4779 struct ieee80211_local *local = hw_to_local(hw);
4780
4781 if (test_and_clear_bit(IEEE80211_LINK_STATE_XOFF,
4782 &local->state[queue])) {
4783 if (test_bit(IEEE80211_LINK_STATE_PENDING,
4784 &local->state[queue]))
4785 tasklet_schedule(&local->tx_pending_tasklet);
4786 else
4787 __netif_schedule(local->mdev);
4788 }
4789 }
4790 EXPORT_SYMBOL(ieee80211_wake_queue);
4791
4792 void ieee80211_stop_queue(struct ieee80211_hw *hw, int queue)
4793 {
4794 struct ieee80211_local *local = hw_to_local(hw);
4795
4796 set_bit(IEEE80211_LINK_STATE_XOFF, &local->state[queue]);
4797 }
4798 EXPORT_SYMBOL(ieee80211_stop_queue);
4799
4800 void ieee80211_start_queues(struct ieee80211_hw *hw)
4801 {
4802 struct ieee80211_local *local = hw_to_local(hw);
4803 int i;
4804
4805 for (i = 0; i < local->hw.queues; i++)
4806 clear_bit(IEEE80211_LINK_STATE_XOFF, &local->state[i]);
4807 }
4808 EXPORT_SYMBOL(ieee80211_start_queues);
4809
4810 void ieee80211_stop_queues(struct ieee80211_hw *hw)
4811 {
4812 struct ieee80211_local *local = hw_to_local(hw);
4813 int i;
4814
4815 for (i = 0; i < local->hw.queues; i++)
4816 ieee80211_stop_queue(hw, i);
4817 }
4818 EXPORT_SYMBOL(ieee80211_stop_queues);
4819
4820 struct net_device_stats *ieee80211_dev_stats(struct net_device *dev)
4821 {
4822 struct ieee80211_sub_if_data *sdata;
4823 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4824 return &sdata->stats;
4825 }
4826
4827 static int __init ieee80211_init(void)
4828 {
4829 struct sk_buff *skb;
4830 int ret;
4831
4832 BUILD_BUG_ON(sizeof(struct ieee80211_tx_packet_data) > sizeof(skb->cb));
4833
4834 if ((ret = ieee80211_sysfs_init())) {
4835 printk(KERN_WARNING "ieee80211_init: sysfs initialization "
4836 "failed\n");
4837 return ret;
4838 }
4839
4840 {
4841 ret = ieee80211_wme_register();
4842 if (ret) {
4843 printk(KERN_DEBUG "ieee80211_init: failed to "
4844 "initialize WME (err=%d)\n", ret);
4845 ieee80211_sysfs_deinit();
4846 return ret;
4847 }
4848 }
4849
4850 return 0;
4851 }
4852
4853
4854 static void __exit ieee80211_exit(void)
4855 {
4856 ieee80211_wme_unregister();
4857 ieee80211_sysfs_deinit();
4858 }
4859
4860
4861 module_init(ieee80211_init);
4862 module_exit(ieee80211_exit);
4863
4864 MODULE_DESCRIPTION("IEEE 802.11 subsystem");
4865 MODULE_LICENSE("GPL");
Personal OpenWRT clone
This page took 0.253237 seconds and 5 git commands to generate.