Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 52865dfd520ddd3d1176947106759ff944f0f8af / . / net / mac80211 / rx.c
blob: f255579dc5647920b269644134086a33556d1b6e [file] [log] [blame]
Johannes Berg571ecf62007-07-27 15:43:22 +0200[diff] [blame]1/*
2 * Copyright 2002-2005, Instant802 Networks, Inc.
3 * Copyright 2005-2006, Devicescape Software, Inc.
4 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
5 * Copyright 2007 Johannes Berg <johannes@sipsolutions.net>
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as
9 * published by the Free Software Foundation.
10 */
11
12#include <linux/kernel.h>
13#include <linux/skbuff.h>
14#include <linux/netdevice.h>
15#include <linux/etherdevice.h>
16#include <net/iw_handler.h>
17#include <net/mac80211.h>
18#include <net/ieee80211_radiotap.h>
19
20#include "ieee80211_i.h"
21#include "ieee80211_led.h"
22#include "ieee80211_common.h"
23#include "wep.h"
24#include "wpa.h"
25#include "tkip.h"
26#include "wme.h"
27
28/* pre-rx handlers
29 *
30 * these don't have dev/sdata fields in the rx data
Johannes Berg52865dfd2007-07-27 15:43:22 +0200[diff] [blame^]31 * The sta value should also not be used because it may
32 * be NULL even though a STA (in IBSS mode) will be added.
Johannes Berg571ecf62007-07-27 15:43:22 +0200[diff] [blame]33 */
34
35static ieee80211_txrx_result
Johannes Berg6e0d1142007-07-27 15:43:22 +0200[diff] [blame]36ieee80211_rx_h_parse_qos(struct ieee80211_txrx_data *rx)
37{
38 u8 *data = rx->skb->data;
39 int tid;
40
41 /* does the frame have a qos control field? */
42 if (WLAN_FC_IS_QOS_DATA(rx->fc)) {
43 u8 *qc = data + ieee80211_get_hdrlen(rx->fc) - QOS_CONTROL_LEN;
44 /* frame has qos control */
45 tid = qc[0] & QOS_CONTROL_TID_MASK;
46 } else {
47 if (unlikely((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_MGMT)) {
48 /* Separate TID for management frames */
49 tid = NUM_RX_DATA_QUEUES - 1;
50 } else {
51 /* no qos control present */
52 tid = 0; /* 802.1d - Best Effort */
53 }
54 }
Johannes Berg52865dfd2007-07-27 15:43:22 +0200[diff] [blame^]55
Johannes Berg6e0d1142007-07-27 15:43:22 +0200[diff] [blame]56 I802_DEBUG_INC(rx->local->wme_rx_queue[tid]);
Johannes Berg52865dfd2007-07-27 15:43:22 +0200[diff] [blame^]57 /* only a debug counter, sta might not be assigned properly yet */
58 if (rx->sta)
Johannes Berg6e0d1142007-07-27 15:43:22 +0200[diff] [blame]59 I802_DEBUG_INC(rx->sta->wme_rx_queue[tid]);
Johannes Berg6e0d1142007-07-27 15:43:22 +0200[diff] [blame]60
61 rx->u.rx.queue = tid;
62 /* Set skb->priority to 1d tag if highest order bit of TID is not set.
63 * For now, set skb->priority to 0 for other cases. */
64 rx->skb->priority = (tid > 7) ? 0 : tid;
65
66 return TXRX_CONTINUE;
67}
68
69static ieee80211_txrx_result
Johannes Berg571ecf62007-07-27 15:43:22 +0200[diff] [blame]70ieee80211_rx_h_load_stats(struct ieee80211_txrx_data *rx)
71{
72 struct ieee80211_local *local = rx->local;
73 struct sk_buff *skb = rx->skb;
74 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
75 u32 load = 0, hdrtime;
76 struct ieee80211_rate *rate;
77 struct ieee80211_hw_mode *mode = local->hw.conf.mode;
78 int i;
79
80 /* Estimate total channel use caused by this frame */
81
82 if (unlikely(mode->num_rates < 0))
83 return TXRX_CONTINUE;
84
85 rate = &mode->rates[0];
86 for (i = 0; i < mode->num_rates; i++) {
87 if (mode->rates[i].val == rx->u.rx.status->rate) {
88 rate = &mode->rates[i];
89 break;
90 }
91 }
92
93 /* 1 bit at 1 Mbit/s takes 1 usec; in channel_use values,
94 * 1 usec = 1/8 * (1080 / 10) = 13.5 */
95
96 if (mode->mode == MODE_IEEE80211A ||
97 mode->mode == MODE_ATHEROS_TURBO ||
98 mode->mode == MODE_ATHEROS_TURBOG ||
99 (mode->mode == MODE_IEEE80211G &&
100 rate->flags & IEEE80211_RATE_ERP))
101 hdrtime = CHAN_UTIL_HDR_SHORT;
102 else
103 hdrtime = CHAN_UTIL_HDR_LONG;
104
105 load = hdrtime;
106 if (!is_multicast_ether_addr(hdr->addr1))
107 load += hdrtime;
108
109 load += skb->len * rate->rate_inv;
110
111 /* Divide channel_use by 8 to avoid wrapping around the counter */
112 load >>= CHAN_UTIL_SHIFT;
113 local->channel_use_raw += load;
Johannes Berg571ecf62007-07-27 15:43:22 +0200[diff] [blame]114 rx->u.rx.load = load;
115
116 return TXRX_CONTINUE;
117}
118
119ieee80211_rx_handler ieee80211_rx_pre_handlers[] =
120{
121 ieee80211_rx_h_parse_qos,
122 ieee80211_rx_h_load_stats,
123 NULL
124};
125
126/* rx handlers */
127
128static ieee80211_txrx_result
129ieee80211_rx_h_if_stats(struct ieee80211_txrx_data *rx)
130{
Johannes Berg52865dfd2007-07-27 15:43:22 +0200[diff] [blame^]131 if (rx->sta)
132 rx->sta->channel_use_raw += rx->u.rx.load;
Johannes Berg571ecf62007-07-27 15:43:22 +0200[diff] [blame]133 rx->sdata->channel_use_raw += rx->u.rx.load;
134 return TXRX_CONTINUE;
135}
136
137static void
138ieee80211_rx_monitor(struct net_device *dev, struct sk_buff *skb,
139 struct ieee80211_rx_status *status)
140{
141 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
142 struct ieee80211_sub_if_data *sdata;
143 struct ieee80211_rate *rate;
144 struct ieee80211_rtap_hdr {
145 struct ieee80211_radiotap_header hdr;
146 u8 flags;
147 u8 rate;
148 __le16 chan_freq;
149 __le16 chan_flags;
150 u8 antsignal;
151 } __attribute__ ((packed)) *rthdr;
152
153 skb->dev = dev;
154
155 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
156
157 if (status->flag & RX_FLAG_RADIOTAP)
158 goto out;
159
160 if (skb_headroom(skb) < sizeof(*rthdr)) {
161 I802_DEBUG_INC(local->rx_expand_skb_head);
162 if (pskb_expand_head(skb, sizeof(*rthdr), 0, GFP_ATOMIC)) {
163 dev_kfree_skb(skb);
164 return;
165 }
166 }
167
168 rthdr = (struct ieee80211_rtap_hdr *) skb_push(skb, sizeof(*rthdr));
169 memset(rthdr, 0, sizeof(*rthdr));
170 rthdr->hdr.it_len = cpu_to_le16(sizeof(*rthdr));
171 rthdr->hdr.it_present =
172 cpu_to_le32((1 << IEEE80211_RADIOTAP_FLAGS) |
173 (1 << IEEE80211_RADIOTAP_RATE) |
174 (1 << IEEE80211_RADIOTAP_CHANNEL) |
175 (1 << IEEE80211_RADIOTAP_DB_ANTSIGNAL));
176 rthdr->flags = local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS ?
177 IEEE80211_RADIOTAP_F_FCS : 0;
178 rate = ieee80211_get_rate(local, status->phymode, status->rate);
179 if (rate)
180 rthdr->rate = rate->rate / 5;
181 rthdr->chan_freq = cpu_to_le16(status->freq);
182 rthdr->chan_flags =
183 status->phymode == MODE_IEEE80211A ?
184 cpu_to_le16(IEEE80211_CHAN_OFDM | IEEE80211_CHAN_5GHZ) :
185 cpu_to_le16(IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ);
186 rthdr->antsignal = status->ssi;
187
188 out:
189 sdata->stats.rx_packets++;
190 sdata->stats.rx_bytes += skb->len;
191
192 skb_set_mac_header(skb, 0);
193 skb->ip_summed = CHECKSUM_UNNECESSARY;
194 skb->pkt_type = PACKET_OTHERHOST;
195 skb->protocol = htons(ETH_P_802_2);
196 memset(skb->cb, 0, sizeof(skb->cb));
197 netif_rx(skb);
198}
199
200static ieee80211_txrx_result
201ieee80211_rx_h_monitor(struct ieee80211_txrx_data *rx)
202{
203 if (rx->sdata->type == IEEE80211_IF_TYPE_MNTR) {
204 ieee80211_rx_monitor(rx->dev, rx->skb, rx->u.rx.status);
205 return TXRX_QUEUED;
206 }
207
208 if (rx->u.rx.status->flag & RX_FLAG_RADIOTAP)
209 skb_pull(rx->skb, ieee80211_get_radiotap_len(rx->skb->data));
210
211 return TXRX_CONTINUE;
212}
213
214static ieee80211_txrx_result
215ieee80211_rx_h_passive_scan(struct ieee80211_txrx_data *rx)
216{
217 struct ieee80211_local *local = rx->local;
218 struct sk_buff *skb = rx->skb;
219
220 if (unlikely(local->sta_scanning != 0)) {
221 ieee80211_sta_rx_scan(rx->dev, skb, rx->u.rx.status);
222 return TXRX_QUEUED;
223 }
224
225 if (unlikely(rx->u.rx.in_scan)) {
226 /* scanning finished during invoking of handlers */
227 I802_DEBUG_INC(local->rx_handlers_drop_passive_scan);
228 return TXRX_DROP;
229 }
230
231 return TXRX_CONTINUE;
232}
233
234static ieee80211_txrx_result
235ieee80211_rx_h_check(struct ieee80211_txrx_data *rx)
236{
237 struct ieee80211_hdr *hdr;
Johannes Berg571ecf62007-07-27 15:43:22 +0200[diff] [blame]238 hdr = (struct ieee80211_hdr *) rx->skb->data;
239
240 /* Drop duplicate 802.11 retransmissions (IEEE 802.11 Chap. 9.2.9) */
241 if (rx->sta && !is_multicast_ether_addr(hdr->addr1)) {
242 if (unlikely(rx->fc & IEEE80211_FCTL_RETRY &&
243 rx->sta->last_seq_ctrl[rx->u.rx.queue] ==
244 hdr->seq_ctrl)) {
245 if (rx->u.rx.ra_match) {
246 rx->local->dot11FrameDuplicateCount++;
247 rx->sta->num_duplicates++;
248 }
249 return TXRX_DROP;
250 } else
251 rx->sta->last_seq_ctrl[rx->u.rx.queue] = hdr->seq_ctrl;
252 }
253
254 if ((rx->local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS) &&
255 rx->skb->len > FCS_LEN)
256 skb_trim(rx->skb, rx->skb->len - FCS_LEN);
257
258 if (unlikely(rx->skb->len < 16)) {
259 I802_DEBUG_INC(rx->local->rx_handlers_drop_short);
260 return TXRX_DROP;
261 }
262
263 if (!rx->u.rx.ra_match)
264 rx->skb->pkt_type = PACKET_OTHERHOST;
265 else if (compare_ether_addr(rx->dev->dev_addr, hdr->addr1) == 0)
266 rx->skb->pkt_type = PACKET_HOST;
267 else if (is_multicast_ether_addr(hdr->addr1)) {
268 if (is_broadcast_ether_addr(hdr->addr1))
269 rx->skb->pkt_type = PACKET_BROADCAST;
270 else
271 rx->skb->pkt_type = PACKET_MULTICAST;
272 } else
273 rx->skb->pkt_type = PACKET_OTHERHOST;
274
275 /* Drop disallowed frame classes based on STA auth/assoc state;
276 * IEEE 802.11, Chap 5.5.
277 *
278 * 80211.o does filtering only based on association state, i.e., it
279 * drops Class 3 frames from not associated stations. hostapd sends
280 * deauth/disassoc frames when needed. In addition, hostapd is
281 * responsible for filtering on both auth and assoc states.
282 */
283 if (unlikely(((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA ||
284 ((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_CTL &&
285 (rx->fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_PSPOLL)) &&
286 rx->sdata->type != IEEE80211_IF_TYPE_IBSS &&
287 (!rx->sta || !(rx->sta->flags & WLAN_STA_ASSOC)))) {
288 if ((!(rx->fc & IEEE80211_FCTL_FROMDS) &&
289 !(rx->fc & IEEE80211_FCTL_TODS) &&
290 (rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA)
291 || !rx->u.rx.ra_match) {
292 /* Drop IBSS frames and frames for other hosts
293 * silently. */
294 return TXRX_DROP;
295 }
296
297 if (!rx->local->apdev)
298 return TXRX_DROP;
299
300 ieee80211_rx_mgmt(rx->local, rx->skb, rx->u.rx.status,
301 ieee80211_msg_sta_not_assoc);
302 return TXRX_QUEUED;
303 }
304
Johannes Berg570bd532007-07-27 15:43:22 +0200[diff] [blame]305 return TXRX_CONTINUE;
306}
307
308
309static ieee80211_txrx_result
310ieee80211_rx_h_load_key(struct ieee80211_txrx_data *rx)
311{
312 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
313 int always_sta_key;
314
Johannes Berg571ecf62007-07-27 15:43:22 +0200[diff] [blame]315 if (rx->sdata->type == IEEE80211_IF_TYPE_STA)
316 always_sta_key = 0;
317 else
318 always_sta_key = 1;
319
320 if (rx->sta && rx->sta->key && always_sta_key) {
321 rx->key = rx->sta->key;
322 } else {
323 if (rx->sta && rx->sta->key)
324 rx->key = rx->sta->key;
325 else
326 rx->key = rx->sdata->default_key;
327
328 if ((rx->local->hw.flags & IEEE80211_HW_WEP_INCLUDE_IV) &&
329 rx->fc & IEEE80211_FCTL_PROTECTED) {
330 int keyidx = ieee80211_wep_get_keyidx(rx->skb);
331
332 if (keyidx >= 0 && keyidx < NUM_DEFAULT_KEYS &&
333 (!rx->sta || !rx->sta->key || keyidx > 0))
334 rx->key = rx->sdata->keys[keyidx];
335
336 if (!rx->key) {
337 if (!rx->u.rx.ra_match)
338 return TXRX_DROP;
339 printk(KERN_DEBUG "%s: RX WEP frame with "
340 "unknown keyidx %d (A1=" MAC_FMT " A2="
341 MAC_FMT " A3=" MAC_FMT ")\n",
342 rx->dev->name, keyidx,
343 MAC_ARG(hdr->addr1),
344 MAC_ARG(hdr->addr2),
345 MAC_ARG(hdr->addr3));
346 if (!rx->local->apdev)
347 return TXRX_DROP;
348 ieee80211_rx_mgmt(
349 rx->local, rx->skb, rx->u.rx.status,
350 ieee80211_msg_wep_frame_unknown_key);
351 return TXRX_QUEUED;
352 }
353 }
354 }
355
356 if (rx->fc & IEEE80211_FCTL_PROTECTED && rx->key && rx->u.rx.ra_match) {
357 rx->key->tx_rx_count++;
358 if (unlikely(rx->local->key_tx_rx_threshold &&
359 rx->key->tx_rx_count >
360 rx->local->key_tx_rx_threshold)) {
361 ieee80211_key_threshold_notify(rx->dev, rx->key,
362 rx->sta);
363 }
364 }
365
366 return TXRX_CONTINUE;
367}
368
369static void ap_sta_ps_start(struct net_device *dev, struct sta_info *sta)
370{
371 struct ieee80211_sub_if_data *sdata;
372 sdata = IEEE80211_DEV_TO_SUB_IF(sta->dev);
373
374 if (sdata->bss)
375 atomic_inc(&sdata->bss->num_sta_ps);
376 sta->flags |= WLAN_STA_PS;
377 sta->pspoll = 0;
378#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
379 printk(KERN_DEBUG "%s: STA " MAC_FMT " aid %d enters power "
380 "save mode\n", dev->name, MAC_ARG(sta->addr), sta->aid);
381#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
382}
383
384static int ap_sta_ps_end(struct net_device *dev, struct sta_info *sta)
385{
386 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
387 struct sk_buff *skb;
388 int sent = 0;
389 struct ieee80211_sub_if_data *sdata;
390 struct ieee80211_tx_packet_data *pkt_data;
391
392 sdata = IEEE80211_DEV_TO_SUB_IF(sta->dev);
393 if (sdata->bss)
394 atomic_dec(&sdata->bss->num_sta_ps);
395 sta->flags &= ~(WLAN_STA_PS | WLAN_STA_TIM);
396 sta->pspoll = 0;
397 if (!skb_queue_empty(&sta->ps_tx_buf)) {
398 if (local->ops->set_tim)
399 local->ops->set_tim(local_to_hw(local), sta->aid, 0);
400 if (sdata->bss)
401 bss_tim_clear(local, sdata->bss, sta->aid);
402 }
403#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
404 printk(KERN_DEBUG "%s: STA " MAC_FMT " aid %d exits power "
405 "save mode\n", dev->name, MAC_ARG(sta->addr), sta->aid);
406#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
407 /* Send all buffered frames to the station */
408 while ((skb = skb_dequeue(&sta->tx_filtered)) != NULL) {
409 pkt_data = (struct ieee80211_tx_packet_data *) skb->cb;
410 sent++;
411 pkt_data->requeue = 1;
412 dev_queue_xmit(skb);
413 }
414 while ((skb = skb_dequeue(&sta->ps_tx_buf)) != NULL) {
415 pkt_data = (struct ieee80211_tx_packet_data *) skb->cb;
416 local->total_ps_buffered--;
417 sent++;
418#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
419 printk(KERN_DEBUG "%s: STA " MAC_FMT " aid %d send PS frame "
420 "since STA not sleeping anymore\n", dev->name,
421 MAC_ARG(sta->addr), sta->aid);
422#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
423 pkt_data->requeue = 1;
424 dev_queue_xmit(skb);
425 }
426
427 return sent;
428}
429
430static ieee80211_txrx_result
431ieee80211_rx_h_sta_process(struct ieee80211_txrx_data *rx)
432{
433 struct sta_info *sta = rx->sta;
434 struct net_device *dev = rx->dev;
435 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
436
437 if (!sta)
438 return TXRX_CONTINUE;
439
440 /* Update last_rx only for IBSS packets which are for the current
441 * BSSID to avoid keeping the current IBSS network alive in cases where
442 * other STAs are using different BSSID. */
443 if (rx->sdata->type == IEEE80211_IF_TYPE_IBSS) {
444 u8 *bssid = ieee80211_get_bssid(hdr, rx->skb->len);
445 if (compare_ether_addr(bssid, rx->sdata->u.sta.bssid) == 0)
446 sta->last_rx = jiffies;
447 } else
448 if (!is_multicast_ether_addr(hdr->addr1) ||
449 rx->sdata->type == IEEE80211_IF_TYPE_STA) {
450 /* Update last_rx only for unicast frames in order to prevent
451 * the Probe Request frames (the only broadcast frames from a
452 * STA in infrastructure mode) from keeping a connection alive.
453 */
454 sta->last_rx = jiffies;
455 }
456
457 if (!rx->u.rx.ra_match)
458 return TXRX_CONTINUE;
459
460 sta->rx_fragments++;
461 sta->rx_bytes += rx->skb->len;
462 sta->last_rssi = (sta->last_rssi * 15 +
463 rx->u.rx.status->ssi) / 16;
464 sta->last_signal = (sta->last_signal * 15 +
465 rx->u.rx.status->signal) / 16;
466 sta->last_noise = (sta->last_noise * 15 +
467 rx->u.rx.status->noise) / 16;
468
469 if (!(rx->fc & IEEE80211_FCTL_MOREFRAGS)) {
470 /* Change STA power saving mode only in the end of a frame
471 * exchange sequence */
472 if ((sta->flags & WLAN_STA_PS) && !(rx->fc & IEEE80211_FCTL_PM))
473 rx->u.rx.sent_ps_buffered += ap_sta_ps_end(dev, sta);
474 else if (!(sta->flags & WLAN_STA_PS) &&
475 (rx->fc & IEEE80211_FCTL_PM))
476 ap_sta_ps_start(dev, sta);
477 }
478
479 /* Drop data::nullfunc frames silently, since they are used only to
480 * control station power saving mode. */
481 if ((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA &&
482 (rx->fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_NULLFUNC) {
483 I802_DEBUG_INC(rx->local->rx_handlers_drop_nullfunc);
484 /* Update counter and free packet here to avoid counting this
485 * as a dropped packed. */
486 sta->rx_packets++;
487 dev_kfree_skb(rx->skb);
488 return TXRX_QUEUED;
489 }
490
491 return TXRX_CONTINUE;
492} /* ieee80211_rx_h_sta_process */
493
494static ieee80211_txrx_result
495ieee80211_rx_h_wep_weak_iv_detection(struct ieee80211_txrx_data *rx)
496{
497 if (!rx->sta || !(rx->fc & IEEE80211_FCTL_PROTECTED) ||
498 (rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA ||
499 !rx->key || rx->key->alg != ALG_WEP || !rx->u.rx.ra_match)
500 return TXRX_CONTINUE;
501
502 /* Check for weak IVs, if hwaccel did not remove IV from the frame */
503 if ((rx->local->hw.flags & IEEE80211_HW_WEP_INCLUDE_IV) ||
504 rx->key->force_sw_encrypt) {
505 u8 *iv = ieee80211_wep_is_weak_iv(rx->skb, rx->key);
506 if (iv) {
507 rx->sta->wep_weak_iv_count++;
508 }
509 }
510
511 return TXRX_CONTINUE;
512}
513
514static ieee80211_txrx_result
515ieee80211_rx_h_wep_decrypt(struct ieee80211_txrx_data *rx)
516{
517 /* If the device handles decryption totally, skip this test */
518 if (rx->local->hw.flags & IEEE80211_HW_DEVICE_HIDES_WEP)
519 return TXRX_CONTINUE;
520
521 if ((rx->key && rx->key->alg != ALG_WEP) ||
522 !(rx->fc & IEEE80211_FCTL_PROTECTED) ||
523 ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA &&
524 ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT ||
525 (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_AUTH)))
526 return TXRX_CONTINUE;
527
528 if (!rx->key) {
529 printk(KERN_DEBUG "%s: RX WEP frame, but no key set\n",
530 rx->dev->name);
531 return TXRX_DROP;
532 }
533
534 if (!(rx->u.rx.status->flag & RX_FLAG_DECRYPTED) ||
535 rx->key->force_sw_encrypt) {
536 if (ieee80211_wep_decrypt(rx->local, rx->skb, rx->key)) {
537 printk(KERN_DEBUG "%s: RX WEP frame, decrypt "
538 "failed\n", rx->dev->name);
539 return TXRX_DROP;
540 }
541 } else if (rx->local->hw.flags & IEEE80211_HW_WEP_INCLUDE_IV) {
542 ieee80211_wep_remove_iv(rx->local, rx->skb, rx->key);
543 /* remove ICV */
544 skb_trim(rx->skb, rx->skb->len - 4);
545 }
546
547 return TXRX_CONTINUE;
548}
549
550static inline struct ieee80211_fragment_entry *
551ieee80211_reassemble_add(struct ieee80211_sub_if_data *sdata,
552 unsigned int frag, unsigned int seq, int rx_queue,
553 struct sk_buff **skb)
554{
555 struct ieee80211_fragment_entry *entry;
556 int idx;
557
558 idx = sdata->fragment_next;
559 entry = &sdata->fragments[sdata->fragment_next++];
560 if (sdata->fragment_next >= IEEE80211_FRAGMENT_MAX)
561 sdata->fragment_next = 0;
562
563 if (!skb_queue_empty(&entry->skb_list)) {
564#ifdef CONFIG_MAC80211_DEBUG
565 struct ieee80211_hdr *hdr =
566 (struct ieee80211_hdr *) entry->skb_list.next->data;
567 printk(KERN_DEBUG "%s: RX reassembly removed oldest "
568 "fragment entry (idx=%d age=%lu seq=%d last_frag=%d "
569 "addr1=" MAC_FMT " addr2=" MAC_FMT "\n",
570 sdata->dev->name, idx,
571 jiffies - entry->first_frag_time, entry->seq,
572 entry->last_frag, MAC_ARG(hdr->addr1),
573 MAC_ARG(hdr->addr2));
574#endif /* CONFIG_MAC80211_DEBUG */
575 __skb_queue_purge(&entry->skb_list);
576 }
577
578 __skb_queue_tail(&entry->skb_list, *skb); /* no need for locking */
579 *skb = NULL;
580 entry->first_frag_time = jiffies;
581 entry->seq = seq;
582 entry->rx_queue = rx_queue;
583 entry->last_frag = frag;
584 entry->ccmp = 0;
585 entry->extra_len = 0;
586
587 return entry;
588}
589
590static inline struct ieee80211_fragment_entry *
591ieee80211_reassemble_find(struct ieee80211_sub_if_data *sdata,
592 u16 fc, unsigned int frag, unsigned int seq,
593 int rx_queue, struct ieee80211_hdr *hdr)
594{
595 struct ieee80211_fragment_entry *entry;
596 int i, idx;
597
598 idx = sdata->fragment_next;
599 for (i = 0; i < IEEE80211_FRAGMENT_MAX; i++) {
600 struct ieee80211_hdr *f_hdr;
601 u16 f_fc;
602
603 idx--;
604 if (idx < 0)
605 idx = IEEE80211_FRAGMENT_MAX - 1;
606
607 entry = &sdata->fragments[idx];
608 if (skb_queue_empty(&entry->skb_list) || entry->seq != seq ||
609 entry->rx_queue != rx_queue ||
610 entry->last_frag + 1 != frag)
611 continue;
612
613 f_hdr = (struct ieee80211_hdr *) entry->skb_list.next->data;
614 f_fc = le16_to_cpu(f_hdr->frame_control);
615
616 if ((fc & IEEE80211_FCTL_FTYPE) != (f_fc & IEEE80211_FCTL_FTYPE) ||
617 compare_ether_addr(hdr->addr1, f_hdr->addr1) != 0 ||
618 compare_ether_addr(hdr->addr2, f_hdr->addr2) != 0)
619 continue;
620
621 if (entry->first_frag_time + 2 * HZ < jiffies) {
622 __skb_queue_purge(&entry->skb_list);
623 continue;
624 }
625 return entry;
626 }
627
628 return NULL;
629}
630
631static ieee80211_txrx_result
632ieee80211_rx_h_defragment(struct ieee80211_txrx_data *rx)
633{
634 struct ieee80211_hdr *hdr;
635 u16 sc;
636 unsigned int frag, seq;
637 struct ieee80211_fragment_entry *entry;
638 struct sk_buff *skb;
639
640 hdr = (struct ieee80211_hdr *) rx->skb->data;
641 sc = le16_to_cpu(hdr->seq_ctrl);
642 frag = sc & IEEE80211_SCTL_FRAG;
643
644 if (likely((!(rx->fc & IEEE80211_FCTL_MOREFRAGS) && frag == 0) ||
645 (rx->skb)->len < 24 ||
646 is_multicast_ether_addr(hdr->addr1))) {
647 /* not fragmented */
648 goto out;
649 }
650 I802_DEBUG_INC(rx->local->rx_handlers_fragments);
651
652 seq = (sc & IEEE80211_SCTL_SEQ) >> 4;
653
654 if (frag == 0) {
655 /* This is the first fragment of a new frame. */
656 entry = ieee80211_reassemble_add(rx->sdata, frag, seq,
657 rx->u.rx.queue, &(rx->skb));
658 if (rx->key && rx->key->alg == ALG_CCMP &&
659 (rx->fc & IEEE80211_FCTL_PROTECTED)) {
660 /* Store CCMP PN so that we can verify that the next
661 * fragment has a sequential PN value. */
662 entry->ccmp = 1;
663 memcpy(entry->last_pn,
664 rx->key->u.ccmp.rx_pn[rx->u.rx.queue],
665 CCMP_PN_LEN);
666 }
667 return TXRX_QUEUED;
668 }
669
670 /* This is a fragment for a frame that should already be pending in
671 * fragment cache. Add this fragment to the end of the pending entry.
672 */
673 entry = ieee80211_reassemble_find(rx->sdata, rx->fc, frag, seq,
674 rx->u.rx.queue, hdr);
675 if (!entry) {
676 I802_DEBUG_INC(rx->local->rx_handlers_drop_defrag);
677 return TXRX_DROP;
678 }
679
680 /* Verify that MPDUs within one MSDU have sequential PN values.
681 * (IEEE 802.11i, 8.3.3.4.5) */
682 if (entry->ccmp) {
683 int i;
684 u8 pn[CCMP_PN_LEN], *rpn;
685 if (!rx->key || rx->key->alg != ALG_CCMP)
686 return TXRX_DROP;
687 memcpy(pn, entry->last_pn, CCMP_PN_LEN);
688 for (i = CCMP_PN_LEN - 1; i >= 0; i--) {
689 pn[i]++;
690 if (pn[i])
691 break;
692 }
693 rpn = rx->key->u.ccmp.rx_pn[rx->u.rx.queue];
694 if (memcmp(pn, rpn, CCMP_PN_LEN) != 0) {
695 printk(KERN_DEBUG "%s: defrag: CCMP PN not sequential"
696 " A2=" MAC_FMT " PN=%02x%02x%02x%02x%02x%02x "
697 "(expected %02x%02x%02x%02x%02x%02x)\n",
698 rx->dev->name, MAC_ARG(hdr->addr2),
699 rpn[0], rpn[1], rpn[2], rpn[3], rpn[4], rpn[5],
700 pn[0], pn[1], pn[2], pn[3], pn[4], pn[5]);
701 return TXRX_DROP;
702 }
703 memcpy(entry->last_pn, pn, CCMP_PN_LEN);
704 }
705
706 skb_pull(rx->skb, ieee80211_get_hdrlen(rx->fc));
707 __skb_queue_tail(&entry->skb_list, rx->skb);
708 entry->last_frag = frag;
709 entry->extra_len += rx->skb->len;
710 if (rx->fc & IEEE80211_FCTL_MOREFRAGS) {
711 rx->skb = NULL;
712 return TXRX_QUEUED;
713 }
714
715 rx->skb = __skb_dequeue(&entry->skb_list);
716 if (skb_tailroom(rx->skb) < entry->extra_len) {
717 I802_DEBUG_INC(rx->local->rx_expand_skb_head2);
718 if (unlikely(pskb_expand_head(rx->skb, 0, entry->extra_len,
719 GFP_ATOMIC))) {
720 I802_DEBUG_INC(rx->local->rx_handlers_drop_defrag);
721 __skb_queue_purge(&entry->skb_list);
722 return TXRX_DROP;
723 }
724 }
725 while ((skb = __skb_dequeue(&entry->skb_list))) {
726 memcpy(skb_put(rx->skb, skb->len), skb->data, skb->len);
727 dev_kfree_skb(skb);
728 }
729
730 /* Complete frame has been reassembled - process it now */
731 rx->fragmented = 1;
732
733 out:
734 if (rx->sta)
735 rx->sta->rx_packets++;
736 if (is_multicast_ether_addr(hdr->addr1))
737 rx->local->dot11MulticastReceivedFrameCount++;
738 else
739 ieee80211_led_rx(rx->local);
740 return TXRX_CONTINUE;
741}
742
743static ieee80211_txrx_result
744ieee80211_rx_h_ps_poll(struct ieee80211_txrx_data *rx)
745{
746 struct sk_buff *skb;
747 int no_pending_pkts;
748
749 if (likely(!rx->sta ||
750 (rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_CTL ||
751 (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_PSPOLL ||
752 !rx->u.rx.ra_match))
753 return TXRX_CONTINUE;
754
755 skb = skb_dequeue(&rx->sta->tx_filtered);
756 if (!skb) {
757 skb = skb_dequeue(&rx->sta->ps_tx_buf);
758 if (skb)
759 rx->local->total_ps_buffered--;
760 }
761 no_pending_pkts = skb_queue_empty(&rx->sta->tx_filtered) &&
762 skb_queue_empty(&rx->sta->ps_tx_buf);
763
764 if (skb) {
765 struct ieee80211_hdr *hdr =
766 (struct ieee80211_hdr *) skb->data;
767
768 /* tell TX path to send one frame even though the STA may
769 * still remain is PS mode after this frame exchange */
770 rx->sta->pspoll = 1;
771
772#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
773 printk(KERN_DEBUG "STA " MAC_FMT " aid %d: PS Poll (entries "
774 "after %d)\n",
775 MAC_ARG(rx->sta->addr), rx->sta->aid,
776 skb_queue_len(&rx->sta->ps_tx_buf));
777#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
778
779 /* Use MoreData flag to indicate whether there are more
780 * buffered frames for this STA */
781 if (no_pending_pkts) {
782 hdr->frame_control &= cpu_to_le16(~IEEE80211_FCTL_MOREDATA);
783 rx->sta->flags &= ~WLAN_STA_TIM;
784 } else
785 hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_MOREDATA);
786
787 dev_queue_xmit(skb);
788
789 if (no_pending_pkts) {
790 if (rx->local->ops->set_tim)
791 rx->local->ops->set_tim(local_to_hw(rx->local),
792 rx->sta->aid, 0);
793 if (rx->sdata->bss)
794 bss_tim_clear(rx->local, rx->sdata->bss, rx->sta->aid);
795 }
796#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
797 } else if (!rx->u.rx.sent_ps_buffered) {
798 printk(KERN_DEBUG "%s: STA " MAC_FMT " sent PS Poll even "
799 "though there is no buffered frames for it\n",
800 rx->dev->name, MAC_ARG(rx->sta->addr));
801#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
802
803 }
804
805 /* Free PS Poll skb here instead of returning TXRX_DROP that would
806 * count as an dropped frame. */
807 dev_kfree_skb(rx->skb);
808
809 return TXRX_QUEUED;
810}
811
812static ieee80211_txrx_result
Johannes Berg6e0d1142007-07-27 15:43:22 +0200[diff] [blame]813ieee80211_rx_h_remove_qos_control(struct ieee80211_txrx_data *rx)
814{
815 u16 fc = rx->fc;
816 u8 *data = rx->skb->data;
817 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) data;
818
819 if (!WLAN_FC_IS_QOS_DATA(fc))
820 return TXRX_CONTINUE;
821
822 /* remove the qos control field, update frame type and meta-data */
823 memmove(data + 2, data, ieee80211_get_hdrlen(fc) - 2);
824 hdr = (struct ieee80211_hdr *) skb_pull(rx->skb, 2);
825 /* change frame type to non QOS */
826 rx->fc = fc &= ~IEEE80211_STYPE_QOS_DATA;
827 hdr->frame_control = cpu_to_le16(fc);
828
829 return TXRX_CONTINUE;
830}
831
832static ieee80211_txrx_result
Johannes Berg571ecf62007-07-27 15:43:22 +0200[diff] [blame]833ieee80211_rx_h_802_1x_pae(struct ieee80211_txrx_data *rx)
834{
835 if (rx->sdata->eapol && ieee80211_is_eapol(rx->skb) &&
836 rx->sdata->type != IEEE80211_IF_TYPE_STA && rx->u.rx.ra_match) {
837 /* Pass both encrypted and unencrypted EAPOL frames to user
838 * space for processing. */
839 if (!rx->local->apdev)
840 return TXRX_DROP;
841 ieee80211_rx_mgmt(rx->local, rx->skb, rx->u.rx.status,
842 ieee80211_msg_normal);
843 return TXRX_QUEUED;
844 }
845
846 if (unlikely(rx->sdata->ieee802_1x &&
847 (rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA &&
848 (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_NULLFUNC &&
849 (!rx->sta || !(rx->sta->flags & WLAN_STA_AUTHORIZED)) &&
850 !ieee80211_is_eapol(rx->skb))) {
851#ifdef CONFIG_MAC80211_DEBUG
852 struct ieee80211_hdr *hdr =
853 (struct ieee80211_hdr *) rx->skb->data;
854 printk(KERN_DEBUG "%s: dropped frame from " MAC_FMT
855 " (unauthorized port)\n", rx->dev->name,
856 MAC_ARG(hdr->addr2));
857#endif /* CONFIG_MAC80211_DEBUG */
858 return TXRX_DROP;
859 }
860
861 return TXRX_CONTINUE;
862}
863
864static ieee80211_txrx_result
865ieee80211_rx_h_drop_unencrypted(struct ieee80211_txrx_data *rx)
866{
867 /* If the device handles decryption totally, skip this test */
868 if (rx->local->hw.flags & IEEE80211_HW_DEVICE_HIDES_WEP)
869 return TXRX_CONTINUE;
870
871 /* Drop unencrypted frames if key is set. */
872 if (unlikely(!(rx->fc & IEEE80211_FCTL_PROTECTED) &&
873 (rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA &&
874 (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_NULLFUNC &&
875 (rx->key || rx->sdata->drop_unencrypted) &&
876 (rx->sdata->eapol == 0 ||
877 !ieee80211_is_eapol(rx->skb)))) {
878 printk(KERN_DEBUG "%s: RX non-WEP frame, but expected "
879 "encryption\n", rx->dev->name);
880 return TXRX_DROP;
881 }
882 return TXRX_CONTINUE;
883}
884
885static ieee80211_txrx_result
886ieee80211_rx_h_data(struct ieee80211_txrx_data *rx)
887{
888 struct net_device *dev = rx->dev;
889 struct ieee80211_local *local = rx->local;
890 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
891 u16 fc, hdrlen, ethertype;
892 u8 *payload;
893 u8 dst[ETH_ALEN];
894 u8 src[ETH_ALEN];
895 struct sk_buff *skb = rx->skb, *skb2;
896 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
897
898 fc = rx->fc;
899 if (unlikely((fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA))
900 return TXRX_CONTINUE;
901
902 if (unlikely(!WLAN_FC_DATA_PRESENT(fc)))
903 return TXRX_DROP;
904
905 hdrlen = ieee80211_get_hdrlen(fc);
906
907 /* convert IEEE 802.11 header + possible LLC headers into Ethernet
908 * header
909 * IEEE 802.11 address fields:
910 * ToDS FromDS Addr1 Addr2 Addr3 Addr4
911 * 0 0 DA SA BSSID n/a
912 * 0 1 DA BSSID SA n/a
913 * 1 0 BSSID SA DA n/a
914 * 1 1 RA TA DA SA
915 */
916
917 switch (fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) {
918 case IEEE80211_FCTL_TODS:
919 /* BSSID SA DA */
920 memcpy(dst, hdr->addr3, ETH_ALEN);
921 memcpy(src, hdr->addr2, ETH_ALEN);
922
923 if (unlikely(sdata->type != IEEE80211_IF_TYPE_AP &&
924 sdata->type != IEEE80211_IF_TYPE_VLAN)) {
925 printk(KERN_DEBUG "%s: dropped ToDS frame (BSSID="
926 MAC_FMT " SA=" MAC_FMT " DA=" MAC_FMT ")\n",
927 dev->name, MAC_ARG(hdr->addr1),
928 MAC_ARG(hdr->addr2), MAC_ARG(hdr->addr3));
929 return TXRX_DROP;
930 }
931 break;
932 case (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS):
933 /* RA TA DA SA */
934 memcpy(dst, hdr->addr3, ETH_ALEN);
935 memcpy(src, hdr->addr4, ETH_ALEN);
936
937 if (unlikely(sdata->type != IEEE80211_IF_TYPE_WDS)) {
938 printk(KERN_DEBUG "%s: dropped FromDS&ToDS frame (RA="
939 MAC_FMT " TA=" MAC_FMT " DA=" MAC_FMT " SA="
940 MAC_FMT ")\n",
941 rx->dev->name, MAC_ARG(hdr->addr1),
942 MAC_ARG(hdr->addr2), MAC_ARG(hdr->addr3),
943 MAC_ARG(hdr->addr4));
944 return TXRX_DROP;
945 }
946 break;
947 case IEEE80211_FCTL_FROMDS:
948 /* DA BSSID SA */
949 memcpy(dst, hdr->addr1, ETH_ALEN);
950 memcpy(src, hdr->addr3, ETH_ALEN);
951
952 if (sdata->type != IEEE80211_IF_TYPE_STA) {
953 return TXRX_DROP;
954 }
955 break;
956 case 0:
957 /* DA SA BSSID */
958 memcpy(dst, hdr->addr1, ETH_ALEN);
959 memcpy(src, hdr->addr2, ETH_ALEN);
960
961 if (sdata->type != IEEE80211_IF_TYPE_IBSS) {
962 if (net_ratelimit()) {
963 printk(KERN_DEBUG "%s: dropped IBSS frame (DA="
964 MAC_FMT " SA=" MAC_FMT " BSSID=" MAC_FMT
965 ")\n",
966 dev->name, MAC_ARG(hdr->addr1),
967 MAC_ARG(hdr->addr2),
968 MAC_ARG(hdr->addr3));
969 }
970 return TXRX_DROP;
971 }
972 break;
973 }
974
975 payload = skb->data + hdrlen;
976
977 if (unlikely(skb->len - hdrlen < 8)) {
978 if (net_ratelimit()) {
979 printk(KERN_DEBUG "%s: RX too short data frame "
980 "payload\n", dev->name);
981 }
982 return TXRX_DROP;
983 }
984
985 ethertype = (payload[6] << 8) | payload[7];
986
987 if (likely((compare_ether_addr(payload, rfc1042_header) == 0 &&
988 ethertype != ETH_P_AARP && ethertype != ETH_P_IPX) ||
989 compare_ether_addr(payload, bridge_tunnel_header) == 0)) {
990 /* remove RFC1042 or Bridge-Tunnel encapsulation and
991 * replace EtherType */
992 skb_pull(skb, hdrlen + 6);
993 memcpy(skb_push(skb, ETH_ALEN), src, ETH_ALEN);
994 memcpy(skb_push(skb, ETH_ALEN), dst, ETH_ALEN);
995 } else {
996 struct ethhdr *ehdr;
997 __be16 len;
998 skb_pull(skb, hdrlen);
999 len = htons(skb->len);
1000 ehdr = (struct ethhdr *) skb_push(skb, sizeof(struct ethhdr));
1001 memcpy(ehdr->h_dest, dst, ETH_ALEN);
1002 memcpy(ehdr->h_source, src, ETH_ALEN);
1003 ehdr->h_proto = len;
1004 }
1005 skb->dev = dev;
1006
1007 skb2 = NULL;
1008
1009 sdata->stats.rx_packets++;
1010 sdata->stats.rx_bytes += skb->len;
1011
1012 if (local->bridge_packets && (sdata->type == IEEE80211_IF_TYPE_AP
1013 || sdata->type == IEEE80211_IF_TYPE_VLAN) && rx->u.rx.ra_match) {
1014 if (is_multicast_ether_addr(skb->data)) {
1015 /* send multicast frames both to higher layers in
1016 * local net stack and back to the wireless media */
1017 skb2 = skb_copy(skb, GFP_ATOMIC);
1018 if (!skb2)
1019 printk(KERN_DEBUG "%s: failed to clone "
1020 "multicast frame\n", dev->name);
1021 } else {
1022 struct sta_info *dsta;
1023 dsta = sta_info_get(local, skb->data);
1024 if (dsta && !dsta->dev) {
1025 printk(KERN_DEBUG "Station with null dev "
1026 "structure!\n");
1027 } else if (dsta && dsta->dev == dev) {
1028 /* Destination station is associated to this
1029 * AP, so send the frame directly to it and
1030 * do not pass the frame to local net stack.
1031 */
1032 skb2 = skb;
1033 skb = NULL;
1034 }
1035 if (dsta)
1036 sta_info_put(dsta);
1037 }
1038 }
1039
1040 if (skb) {
1041 /* deliver to local stack */
1042 skb->protocol = eth_type_trans(skb, dev);
1043 memset(skb->cb, 0, sizeof(skb->cb));
1044 netif_rx(skb);
1045 }
1046
1047 if (skb2) {
1048 /* send to wireless media */
1049 skb2->protocol = __constant_htons(ETH_P_802_3);
1050 skb_set_network_header(skb2, 0);
1051 skb_set_mac_header(skb2, 0);
1052 dev_queue_xmit(skb2);
1053 }
1054
1055 return TXRX_QUEUED;
1056}
1057
1058static ieee80211_txrx_result
1059ieee80211_rx_h_mgmt(struct ieee80211_txrx_data *rx)
1060{
1061 struct ieee80211_sub_if_data *sdata;
1062
1063 if (!rx->u.rx.ra_match)
1064 return TXRX_DROP;
1065
1066 sdata = IEEE80211_DEV_TO_SUB_IF(rx->dev);
1067 if ((sdata->type == IEEE80211_IF_TYPE_STA ||
1068 sdata->type == IEEE80211_IF_TYPE_IBSS) &&
1069 !rx->local->user_space_mlme) {
1070 ieee80211_sta_rx_mgmt(rx->dev, rx->skb, rx->u.rx.status);
1071 } else {
1072 /* Management frames are sent to hostapd for processing */
1073 if (!rx->local->apdev)
1074 return TXRX_DROP;
1075 ieee80211_rx_mgmt(rx->local, rx->skb, rx->u.rx.status,
1076 ieee80211_msg_normal);
1077 }
1078 return TXRX_QUEUED;
1079}
1080
1081static inline ieee80211_txrx_result __ieee80211_invoke_rx_handlers(
1082 struct ieee80211_local *local,
1083 ieee80211_rx_handler *handlers,
1084 struct ieee80211_txrx_data *rx,
1085 struct sta_info *sta)
1086{
1087 ieee80211_rx_handler *handler;
1088 ieee80211_txrx_result res = TXRX_DROP;
1089
1090 for (handler = handlers; *handler != NULL; handler++) {
1091 res = (*handler)(rx);
Johannes Berg8e6f00322007-07-27 15:43:22 +0200[diff] [blame]1092
1093 switch (res) {
1094 case TXRX_CONTINUE:
1095 continue;
1096 case TXRX_DROP:
1097 I802_DEBUG_INC(local->rx_handlers_drop);
1098 if (sta)
1099 sta->rx_dropped++;
1100 break;
1101 case TXRX_QUEUED:
1102 I802_DEBUG_INC(local->rx_handlers_queued);
Johannes Berg571ecf62007-07-27 15:43:22 +0200[diff] [blame]1103 break;
1104 }
Johannes Berg8e6f00322007-07-27 15:43:22 +0200[diff] [blame]1105 break;
Johannes Berg571ecf62007-07-27 15:43:22 +0200[diff] [blame]1106 }
1107
Johannes Berg8e6f00322007-07-27 15:43:22 +0200[diff] [blame]1108 if (res == TXRX_DROP)
Johannes Berg571ecf62007-07-27 15:43:22 +0200[diff] [blame]1109 dev_kfree_skb(rx->skb);
Johannes Berg571ecf62007-07-27 15:43:22 +0200[diff] [blame]1110 return res;
1111}
1112
1113static inline void ieee80211_invoke_rx_handlers(struct ieee80211_local *local,
1114 ieee80211_rx_handler *handlers,
1115 struct ieee80211_txrx_data *rx,
1116 struct sta_info *sta)
1117{
1118 if (__ieee80211_invoke_rx_handlers(local, handlers, rx, sta) ==
1119 TXRX_CONTINUE)
1120 dev_kfree_skb(rx->skb);
1121}
1122
1123static void ieee80211_rx_michael_mic_report(struct net_device *dev,
1124 struct ieee80211_hdr *hdr,
1125 struct sta_info *sta,
1126 struct ieee80211_txrx_data *rx)
1127{
1128 int keyidx, hdrlen;
1129
1130 hdrlen = ieee80211_get_hdrlen_from_skb(rx->skb);
1131 if (rx->skb->len >= hdrlen + 4)
1132 keyidx = rx->skb->data[hdrlen + 3] >> 6;
1133 else
1134 keyidx = -1;
1135
1136 /* TODO: verify that this is not triggered by fragmented
1137 * frames (hw does not verify MIC for them). */
1138 printk(KERN_DEBUG "%s: TKIP hwaccel reported Michael MIC "
1139 "failure from " MAC_FMT " to " MAC_FMT " keyidx=%d\n",
1140 dev->name, MAC_ARG(hdr->addr2), MAC_ARG(hdr->addr1), keyidx);
1141
1142 if (!sta) {
1143 /* Some hardware versions seem to generate incorrect
1144 * Michael MIC reports; ignore them to avoid triggering
1145 * countermeasures. */
1146 printk(KERN_DEBUG "%s: ignored spurious Michael MIC "
1147 "error for unknown address " MAC_FMT "\n",
1148 dev->name, MAC_ARG(hdr->addr2));
1149 goto ignore;
1150 }
1151
1152 if (!(rx->fc & IEEE80211_FCTL_PROTECTED)) {
1153 printk(KERN_DEBUG "%s: ignored spurious Michael MIC "
1154 "error for a frame with no ISWEP flag (src "
1155 MAC_FMT ")\n", dev->name, MAC_ARG(hdr->addr2));
1156 goto ignore;
1157 }
1158
1159 if ((rx->local->hw.flags & IEEE80211_HW_WEP_INCLUDE_IV) &&
1160 rx->sdata->type == IEEE80211_IF_TYPE_AP) {
1161 keyidx = ieee80211_wep_get_keyidx(rx->skb);
1162 /* AP with Pairwise keys support should never receive Michael
1163 * MIC errors for non-zero keyidx because these are reserved
1164 * for group keys and only the AP is sending real multicast
1165 * frames in BSS. */
1166 if (keyidx) {
1167 printk(KERN_DEBUG "%s: ignored Michael MIC error for "
1168 "a frame with non-zero keyidx (%d) (src " MAC_FMT
1169 ")\n", dev->name, keyidx, MAC_ARG(hdr->addr2));
1170 goto ignore;
1171 }
1172 }
1173
1174 if ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA &&
1175 ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT ||
1176 (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_AUTH)) {
1177 printk(KERN_DEBUG "%s: ignored spurious Michael MIC "
1178 "error for a frame that cannot be encrypted "
1179 "(fc=0x%04x) (src " MAC_FMT ")\n",
1180 dev->name, rx->fc, MAC_ARG(hdr->addr2));
1181 goto ignore;
1182 }
1183
1184 do {
1185 union iwreq_data wrqu;
1186 char *buf = kmalloc(128, GFP_ATOMIC);
1187 if (!buf)
1188 break;
1189
1190 /* TODO: needed parameters: count, key type, TSC */
1191 sprintf(buf, "MLME-MICHAELMICFAILURE.indication("
1192 "keyid=%d %scast addr=" MAC_FMT ")",
1193 keyidx, hdr->addr1[0] & 0x01 ? "broad" : "uni",
1194 MAC_ARG(hdr->addr2));
1195 memset(&wrqu, 0, sizeof(wrqu));
1196 wrqu.data.length = strlen(buf);
1197 wireless_send_event(rx->dev, IWEVCUSTOM, &wrqu, buf);
1198 kfree(buf);
1199 } while (0);
1200
1201 /* TODO: consider verifying the MIC error report with software
1202 * implementation if we get too many spurious reports from the
1203 * hardware. */
1204 if (!rx->local->apdev)
1205 goto ignore;
1206 ieee80211_rx_mgmt(rx->local, rx->skb, rx->u.rx.status,
1207 ieee80211_msg_michael_mic_failure);
1208 return;
1209
1210 ignore:
1211 dev_kfree_skb(rx->skb);
1212 rx->skb = NULL;
1213}
1214
1215ieee80211_rx_handler ieee80211_rx_handlers[] =
1216{
1217 ieee80211_rx_h_if_stats,
1218 ieee80211_rx_h_monitor,
1219 ieee80211_rx_h_passive_scan,
1220 ieee80211_rx_h_check,
Johannes Berg570bd532007-07-27 15:43:22 +0200[diff] [blame]1221 ieee80211_rx_h_load_key,
Johannes Berg571ecf62007-07-27 15:43:22 +0200[diff] [blame]1222 ieee80211_rx_h_sta_process,
1223 ieee80211_rx_h_ccmp_decrypt,
1224 ieee80211_rx_h_tkip_decrypt,
1225 ieee80211_rx_h_wep_weak_iv_detection,
1226 ieee80211_rx_h_wep_decrypt,
1227 ieee80211_rx_h_defragment,
1228 ieee80211_rx_h_ps_poll,
1229 ieee80211_rx_h_michael_mic_verify,
1230 /* this must be after decryption - so header is counted in MPDU mic
1231 * must be before pae and data, so QOS_DATA format frames
1232 * are not passed to user space by these functions
1233 */
1234 ieee80211_rx_h_remove_qos_control,
1235 ieee80211_rx_h_802_1x_pae,
1236 ieee80211_rx_h_drop_unencrypted,
1237 ieee80211_rx_h_data,
1238 ieee80211_rx_h_mgmt,
1239 NULL
1240};
1241
1242/* main receive path */
1243
Johannes Berg23a24de2007-07-27 15:43:22 +0200[diff] [blame]1244static int prepare_for_handlers(struct ieee80211_sub_if_data *sdata,
1245 u8 *bssid, struct ieee80211_txrx_data *rx,
1246 struct ieee80211_hdr *hdr)
1247{
1248 int multicast = is_multicast_ether_addr(hdr->addr1);
1249
1250 switch (sdata->type) {
1251 case IEEE80211_IF_TYPE_STA:
1252 if (!bssid)
1253 return 0;
1254 if (!ieee80211_bssid_match(bssid, sdata->u.sta.bssid)) {
1255 if (!rx->u.rx.in_scan)
1256 return 0;
1257 rx->u.rx.ra_match = 0;
1258 } else if (!multicast &&
1259 compare_ether_addr(sdata->dev->dev_addr,
1260 hdr->addr1) != 0) {
1261 if (!sdata->promisc)
1262 return 0;
1263 rx->u.rx.ra_match = 0;
1264 }
1265 break;
1266 case IEEE80211_IF_TYPE_IBSS:
1267 if (!bssid)
1268 return 0;
1269 if (!ieee80211_bssid_match(bssid, sdata->u.sta.bssid)) {
1270 if (!rx->u.rx.in_scan)
1271 return 0;
1272 rx->u.rx.ra_match = 0;
1273 } else if (!multicast &&
1274 compare_ether_addr(sdata->dev->dev_addr,
1275 hdr->addr1) != 0) {
1276 if (!sdata->promisc)
1277 return 0;
1278 rx->u.rx.ra_match = 0;
1279 } else if (!rx->sta)
1280 rx->sta = ieee80211_ibss_add_sta(sdata->dev, rx->skb,
1281 bssid, hdr->addr2);
1282 break;
1283 case IEEE80211_IF_TYPE_AP:
1284 if (!bssid) {
1285 if (compare_ether_addr(sdata->dev->dev_addr,
1286 hdr->addr1))
1287 return 0;
1288 } else if (!ieee80211_bssid_match(bssid,
1289 sdata->dev->dev_addr)) {
1290 if (!rx->u.rx.in_scan)
1291 return 0;
1292 rx->u.rx.ra_match = 0;
1293 }
1294 if (sdata->dev == sdata->local->mdev && !rx->u.rx.in_scan)
1295 /* do not receive anything via
1296 * master device when not scanning */
1297 return 0;
1298 break;
1299 case IEEE80211_IF_TYPE_WDS:
1300 if (bssid ||
1301 (rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA)
1302 return 0;
1303 if (compare_ether_addr(sdata->u.wds.remote_addr, hdr->addr2))
1304 return 0;
1305 break;
1306 }
1307
1308 return 1;
1309}
1310
Johannes Berg571ecf62007-07-27 15:43:22 +0200[diff] [blame]1311/*
1312 * This is the receive path handler. It is called by a low level driver when an
1313 * 802.11 MPDU is received from the hardware.
1314 */
1315void __ieee80211_rx(struct ieee80211_hw *hw, struct sk_buff *skb,
1316 struct ieee80211_rx_status *status)
1317{
1318 struct ieee80211_local *local = hw_to_local(hw);
1319 struct ieee80211_sub_if_data *sdata;
1320 struct sta_info *sta;
1321 struct ieee80211_hdr *hdr;
1322 struct ieee80211_txrx_data rx;
1323 u16 type;
Johannes Berg23a24de2007-07-27 15:43:22 +0200[diff] [blame]1324 int radiotap_len = 0, prepres;
Johannes Berg8e6f00322007-07-27 15:43:22 +0200[diff] [blame]1325 struct ieee80211_sub_if_data *prev = NULL;
1326 struct sk_buff *skb_new;
1327 u8 *bssid;
Johannes Berg571ecf62007-07-27 15:43:22 +0200[diff] [blame]1328
1329 if (status->flag & RX_FLAG_RADIOTAP) {
1330 radiotap_len = ieee80211_get_radiotap_len(skb->data);
1331 skb_pull(skb, radiotap_len);
1332 }
1333
1334 hdr = (struct ieee80211_hdr *) skb->data;
1335 memset(&rx, 0, sizeof(rx));
1336 rx.skb = skb;
1337 rx.local = local;
1338
1339 rx.u.rx.status = status;
1340 rx.fc = skb->len >= 2 ? le16_to_cpu(hdr->frame_control) : 0;
1341 type = rx.fc & IEEE80211_FCTL_FTYPE;
1342 if (type == IEEE80211_FTYPE_DATA || type == IEEE80211_FTYPE_MGMT)
1343 local->dot11ReceivedFragmentCount++;
Johannes Berg571ecf62007-07-27 15:43:22 +0200[diff] [blame]1344
Johannes Berg23a24de2007-07-27 15:43:22 +0200[diff] [blame]1345 if (skb->len >= 16) {
Johannes Berg571ecf62007-07-27 15:43:22 +0200[diff] [blame]1346 sta = rx.sta = sta_info_get(local, hdr->addr2);
Johannes Berg23a24de2007-07-27 15:43:22 +0200[diff] [blame]1347 if (sta) {
1348 rx.dev = rx.sta->dev;
1349 rx.sdata = IEEE80211_DEV_TO_SUB_IF(rx.dev);
1350 }
1351 } else
Johannes Berg571ecf62007-07-27 15:43:22 +0200[diff] [blame]1352 sta = rx.sta = NULL;
1353
Johannes Berg571ecf62007-07-27 15:43:22 +0200[diff] [blame]1354 if ((status->flag & RX_FLAG_MMIC_ERROR)) {
1355 ieee80211_rx_michael_mic_report(local->mdev, hdr, sta, &rx);
1356 goto end;
1357 }
1358
1359 if (unlikely(local->sta_scanning))
1360 rx.u.rx.in_scan = 1;
1361
1362 if (__ieee80211_invoke_rx_handlers(local, local->rx_pre_handlers, &rx,
1363 sta) != TXRX_CONTINUE)
1364 goto end;
1365 skb = rx.skb;
1366
1367 skb_push(skb, radiotap_len);
1368 if (sta && !sta->assoc_ap && !(sta->flags & WLAN_STA_WDS) &&
Johannes Berg23a24de2007-07-27 15:43:22 +0200[diff] [blame]1369 !local->iff_promiscs && !is_multicast_ether_addr(hdr->addr1)) {
Johannes Berg571ecf62007-07-27 15:43:22 +0200[diff] [blame]1370 rx.u.rx.ra_match = 1;
1371 ieee80211_invoke_rx_handlers(local, local->rx_handlers, &rx,
Johannes Berg23a24de2007-07-27 15:43:22 +0200[diff] [blame]1372 rx.sta);
Johannes Berg8e6f00322007-07-27 15:43:22 +0200[diff] [blame]1373 sta_info_put(sta);
1374 return;
1375 }
Johannes Berg571ecf62007-07-27 15:43:22 +0200[diff] [blame]1376
Johannes Berg8e6f00322007-07-27 15:43:22 +0200[diff] [blame]1377 bssid = ieee80211_get_bssid(hdr, skb->len - radiotap_len);
Johannes Berg571ecf62007-07-27 15:43:22 +0200[diff] [blame]1378
Johannes Berg8e6f00322007-07-27 15:43:22 +0200[diff] [blame]1379 read_lock(&local->sub_if_lock);
1380 list_for_each_entry(sdata, &local->sub_if_list, list) {
1381 rx.u.rx.ra_match = 1;
Johannes Berg23a24de2007-07-27 15:43:22 +0200[diff] [blame]1382
1383 prepres = prepare_for_handlers(sdata, bssid, &rx, hdr);
1384 /* prepare_for_handlers can change sta */
1385 sta = rx.sta;
1386
1387 if (!prepres)
1388 continue;
Johannes Berg8e6f00322007-07-27 15:43:22 +0200[diff] [blame]1389
Johannes Berg571ecf62007-07-27 15:43:22 +0200[diff] [blame]1390 if (prev) {
Johannes Berg8e6f00322007-07-27 15:43:22 +0200[diff] [blame]1391 skb_new = skb_copy(skb, GFP_ATOMIC);
1392 if (!skb_new) {
1393 if (net_ratelimit())
1394 printk(KERN_DEBUG "%s: failed to copy "
1395 "multicast frame for %s",
1396 local->mdev->name, prev->dev->name);
1397 continue;
1398 }
1399 rx.skb = skb_new;
Johannes Berg571ecf62007-07-27 15:43:22 +0200[diff] [blame]1400 rx.dev = prev->dev;
1401 rx.sdata = prev;
1402 ieee80211_invoke_rx_handlers(local, local->rx_handlers,
1403 &rx, sta);
Johannes Berg8e6f00322007-07-27 15:43:22 +0200[diff] [blame]1404 }
1405 prev = sdata;
Johannes Berg571ecf62007-07-27 15:43:22 +0200[diff] [blame]1406 }
Johannes Berg8e6f00322007-07-27 15:43:22 +0200[diff] [blame]1407 if (prev) {
1408 rx.skb = skb;
1409 rx.dev = prev->dev;
1410 rx.sdata = prev;
1411 ieee80211_invoke_rx_handlers(local, local->rx_handlers,
1412 &rx, sta);
1413 } else
1414 dev_kfree_skb(skb);
1415 read_unlock(&local->sub_if_lock);
Johannes Berg571ecf62007-07-27 15:43:22 +0200[diff] [blame]1416
Johannes Berg8e6f00322007-07-27 15:43:22 +0200[diff] [blame]1417 end:
Johannes Berg571ecf62007-07-27 15:43:22 +0200[diff] [blame]1418 if (sta)
1419 sta_info_put(sta);
1420}
1421EXPORT_SYMBOL(__ieee80211_rx);
1422
1423/* This is a version of the rx handler that can be called from hard irq
1424 * context. Post the skb on the queue and schedule the tasklet */
1425void ieee80211_rx_irqsafe(struct ieee80211_hw *hw, struct sk_buff *skb,
1426 struct ieee80211_rx_status *status)
1427{
1428 struct ieee80211_local *local = hw_to_local(hw);
1429
1430 BUILD_BUG_ON(sizeof(struct ieee80211_rx_status) > sizeof(skb->cb));
1431
1432 skb->dev = local->mdev;
1433 /* copy status into skb->cb for use by tasklet */
1434 memcpy(skb->cb, status, sizeof(*status));
1435 skb->pkt_type = IEEE80211_RX_MSG;
1436 skb_queue_tail(&local->skb_queue, skb);
1437 tasklet_schedule(&local->tasklet);
1438}
1439EXPORT_SYMBOL(ieee80211_rx_irqsafe);