2 * Copyright 2002-2005, Instant802 Networks, Inc.
3 * Copyright 2005-2006, Devicescape Software, Inc.
4 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
5 * Copyright 2007 Johannes Berg <johannes@sipsolutions.net>
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as
9 * published by the Free Software Foundation.
12 #include <linux/jiffies.h>
13 #include <linux/kernel.h>
14 #include <linux/skbuff.h>
15 #include <linux/netdevice.h>
16 #include <linux/etherdevice.h>
17 #include <linux/rcupdate.h>
18 #include <net/mac80211.h>
19 #include <net/ieee80211_radiotap.h>
21 #include "ieee80211_i.h"
22 #include "ieee80211_led.h"
23 #ifdef CONFIG_MAC80211_MESH
31 u8 ieee80211_sta_manage_reorder_buf(struct ieee80211_hw *hw,
32 struct tid_ampdu_rx *tid_agg_rx,
33 struct sk_buff *skb, u16 mpdu_seq_num,
36 * monitor mode reception
38 * This function cleans up the SKB, i.e. it removes all the stuff
39 * only useful for monitoring.
41 static struct sk_buff *remove_monitor_info(struct ieee80211_local *local,
45 skb_pull(skb, rtap_len);
47 if (local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS) {
48 if (likely(skb->len > FCS_LEN))
49 skb_trim(skb, skb->len - FCS_LEN);
61 static inline int should_drop_frame(struct ieee80211_rx_status *status,
66 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
68 if (status->flag & (RX_FLAG_FAILED_FCS_CRC | RX_FLAG_FAILED_PLCP_CRC))
70 if (unlikely(skb->len < 16 + present_fcs_len + radiotap_len))
72 if (((hdr->frame_control & cpu_to_le16(IEEE80211_FCTL_FTYPE)) ==
73 cpu_to_le16(IEEE80211_FTYPE_CTL)) &&
74 ((hdr->frame_control & cpu_to_le16(IEEE80211_FCTL_STYPE)) !=
75 cpu_to_le16(IEEE80211_STYPE_PSPOLL)) &&
76 ((hdr->frame_control & cpu_to_le16(IEEE80211_FCTL_STYPE)) !=
77 cpu_to_le16(IEEE80211_STYPE_BACK_REQ)))
83 * This function copies a received frame to all monitor interfaces and
84 * returns a cleaned-up SKB that no longer includes the FCS nor the
85 * radiotap header the driver might have added.
87 static struct sk_buff *
88 ieee80211_rx_monitor(struct ieee80211_local *local, struct sk_buff *origskb,
89 struct ieee80211_rx_status *status,
90 struct ieee80211_rate *rate)
92 struct ieee80211_sub_if_data *sdata;
93 int needed_headroom = 0;
94 struct ieee80211_radiotap_header *rthdr;
95 __le64 *rttsft = NULL;
96 struct ieee80211_rtap_fixed_data {
102 u8 padding_for_rxflags;
104 } __attribute__ ((packed)) *rtfixed;
105 struct sk_buff *skb, *skb2;
106 struct net_device *prev_dev = NULL;
107 int present_fcs_len = 0;
111 * First, we may need to make a copy of the skb because
112 * (1) we need to modify it for radiotap (if not present), and
113 * (2) the other RX handlers will modify the skb we got.
115 * We don't need to, of course, if we aren't going to return
116 * the SKB because it has a bad FCS/PLCP checksum.
118 if (status->flag & RX_FLAG_RADIOTAP)
119 rtap_len = ieee80211_get_radiotap_len(origskb->data);
121 /* room for radiotap header, always present fields and TSFT */
122 needed_headroom = sizeof(*rthdr) + sizeof(*rtfixed) + 8;
124 if (local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS)
125 present_fcs_len = FCS_LEN;
127 if (!local->monitors) {
128 if (should_drop_frame(status, origskb, present_fcs_len,
130 dev_kfree_skb(origskb);
134 return remove_monitor_info(local, origskb, rtap_len);
137 if (should_drop_frame(status, origskb, present_fcs_len, rtap_len)) {
138 /* only need to expand headroom if necessary */
143 * This shouldn't trigger often because most devices have an
144 * RX header they pull before we get here, and that should
145 * be big enough for our radiotap information. We should
146 * probably export the length to drivers so that we can have
147 * them allocate enough headroom to start with.
149 if (skb_headroom(skb) < needed_headroom &&
150 pskb_expand_head(skb, needed_headroom, 0, GFP_ATOMIC)) {
156 * Need to make a copy and possibly remove radiotap header
157 * and FCS from the original.
159 skb = skb_copy_expand(origskb, needed_headroom, 0, GFP_ATOMIC);
161 origskb = remove_monitor_info(local, origskb, rtap_len);
167 /* if necessary, prepend radiotap information */
168 if (!(status->flag & RX_FLAG_RADIOTAP)) {
169 rtfixed = (void *) skb_push(skb, sizeof(*rtfixed));
170 rtap_len = sizeof(*rthdr) + sizeof(*rtfixed);
171 if (status->flag & RX_FLAG_TSFT) {
172 rttsft = (void *) skb_push(skb, sizeof(*rttsft));
175 rthdr = (void *) skb_push(skb, sizeof(*rthdr));
176 memset(rthdr, 0, sizeof(*rthdr));
177 memset(rtfixed, 0, sizeof(*rtfixed));
179 cpu_to_le32((1 << IEEE80211_RADIOTAP_FLAGS) |
180 (1 << IEEE80211_RADIOTAP_RATE) |
181 (1 << IEEE80211_RADIOTAP_CHANNEL) |
182 (1 << IEEE80211_RADIOTAP_DB_ANTSIGNAL) |
183 (1 << IEEE80211_RADIOTAP_RX_FLAGS));
185 if (local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS)
186 rtfixed->flags |= IEEE80211_RADIOTAP_F_FCS;
189 *rttsft = cpu_to_le64(status->mactime);
191 cpu_to_le32(1 << IEEE80211_RADIOTAP_TSFT);
194 /* FIXME: when radiotap gets a 'bad PLCP' flag use it here */
195 rtfixed->rx_flags = 0;
197 (RX_FLAG_FAILED_FCS_CRC | RX_FLAG_FAILED_PLCP_CRC))
199 cpu_to_le16(IEEE80211_RADIOTAP_F_RX_BADFCS);
201 rtfixed->rate = rate->bitrate / 5;
203 rtfixed->chan_freq = cpu_to_le16(status->freq);
205 if (status->band == IEEE80211_BAND_5GHZ)
206 rtfixed->chan_flags =
207 cpu_to_le16(IEEE80211_CHAN_OFDM |
208 IEEE80211_CHAN_5GHZ);
210 rtfixed->chan_flags =
211 cpu_to_le16(IEEE80211_CHAN_DYN |
212 IEEE80211_CHAN_2GHZ);
214 rtfixed->antsignal = status->ssi;
215 rthdr->it_len = cpu_to_le16(rtap_len);
218 skb_reset_mac_header(skb);
219 skb->ip_summed = CHECKSUM_UNNECESSARY;
220 skb->pkt_type = PACKET_OTHERHOST;
221 skb->protocol = htons(ETH_P_802_2);
223 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
224 if (!netif_running(sdata->dev))
227 if (sdata->vif.type != IEEE80211_IF_TYPE_MNTR)
230 if (sdata->u.mntr_flags & MONITOR_FLAG_COOK_FRAMES)
234 skb2 = skb_clone(skb, GFP_ATOMIC);
236 skb2->dev = prev_dev;
241 prev_dev = sdata->dev;
242 sdata->dev->stats.rx_packets++;
243 sdata->dev->stats.rx_bytes += skb->len;
256 static void ieee80211_parse_qos(struct ieee80211_txrx_data *rx)
258 u8 *data = rx->skb->data;
261 /* does the frame have a qos control field? */
262 if (WLAN_FC_IS_QOS_DATA(rx->fc)) {
263 u8 *qc = data + ieee80211_get_hdrlen(rx->fc) - QOS_CONTROL_LEN;
264 /* frame has qos control */
265 tid = qc[0] & QOS_CONTROL_TID_MASK;
266 if (qc[0] & IEEE80211_QOS_CONTROL_A_MSDU_PRESENT)
267 rx->flags |= IEEE80211_TXRXD_RX_AMSDU;
269 rx->flags &= ~IEEE80211_TXRXD_RX_AMSDU;
271 if (unlikely((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_MGMT)) {
272 /* Separate TID for management frames */
273 tid = NUM_RX_DATA_QUEUES - 1;
275 /* no qos control present */
276 tid = 0; /* 802.1d - Best Effort */
280 I802_DEBUG_INC(rx->local->wme_rx_queue[tid]);
281 /* only a debug counter, sta might not be assigned properly yet */
283 I802_DEBUG_INC(rx->sta->wme_rx_queue[tid]);
285 rx->u.rx.queue = tid;
286 /* Set skb->priority to 1d tag if highest order bit of TID is not set.
287 * For now, set skb->priority to 0 for other cases. */
288 rx->skb->priority = (tid > 7) ? 0 : tid;
291 static void ieee80211_verify_ip_alignment(struct ieee80211_txrx_data *rx)
293 #ifdef CONFIG_MAC80211_DEBUG_PACKET_ALIGNMENT
296 if (!WLAN_FC_DATA_PRESENT(rx->fc))
300 * Drivers are required to align the payload data in a way that
301 * guarantees that the contained IP header is aligned to a four-
302 * byte boundary. In the case of regular frames, this simply means
303 * aligning the payload to a four-byte boundary (because either
304 * the IP header is directly contained, or IV/RFC1042 headers that
305 * have a length divisible by four are in front of it.
307 * With A-MSDU frames, however, the payload data address must
308 * yield two modulo four because there are 14-byte 802.3 headers
309 * within the A-MSDU frames that push the IP header further back
310 * to a multiple of four again. Thankfully, the specs were sane
311 * enough this time around to require padding each A-MSDU subframe
312 * to a length that is a multiple of four.
314 * Padding like atheros hardware adds which is inbetween the 802.11
315 * header and the payload is not supported, the driver is required
316 * to move the 802.11 header further back in that case.
318 hdrlen = ieee80211_get_hdrlen(rx->fc);
319 if (rx->flags & IEEE80211_TXRXD_RX_AMSDU)
321 WARN_ON_ONCE(((unsigned long)(rx->skb->data + hdrlen)) & 3);
326 static u32 ieee80211_rx_load_stats(struct ieee80211_local *local,
328 struct ieee80211_rx_status *status,
329 struct ieee80211_rate *rate)
331 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
332 u32 load = 0, hdrtime;
334 /* Estimate total channel use caused by this frame */
336 /* 1 bit at 1 Mbit/s takes 1 usec; in channel_use values,
337 * 1 usec = 1/8 * (1080 / 10) = 13.5 */
339 if (status->band == IEEE80211_BAND_5GHZ ||
340 (status->band == IEEE80211_BAND_5GHZ &&
341 rate->flags & IEEE80211_RATE_ERP_G))
342 hdrtime = CHAN_UTIL_HDR_SHORT;
344 hdrtime = CHAN_UTIL_HDR_LONG;
347 if (!is_multicast_ether_addr(hdr->addr1))
350 /* TODO: optimise again */
351 load += skb->len * CHAN_UTIL_RATE_LCM / rate->bitrate;
353 /* Divide channel_use by 8 to avoid wrapping around the counter */
354 load >>= CHAN_UTIL_SHIFT;
361 static ieee80211_rx_result
362 ieee80211_rx_h_if_stats(struct ieee80211_txrx_data *rx)
365 rx->sta->channel_use_raw += rx->u.rx.load;
366 rx->sdata->channel_use_raw += rx->u.rx.load;
370 static ieee80211_rx_result
371 ieee80211_rx_h_passive_scan(struct ieee80211_txrx_data *rx)
373 struct ieee80211_local *local = rx->local;
374 struct sk_buff *skb = rx->skb;
376 if (unlikely(local->sta_hw_scanning))
377 return ieee80211_sta_rx_scan(rx->dev, skb, rx->u.rx.status);
379 if (unlikely(local->sta_sw_scanning)) {
380 /* drop all the other packets during a software scan anyway */
381 if (ieee80211_sta_rx_scan(rx->dev, skb, rx->u.rx.status)
387 if (unlikely(rx->flags & IEEE80211_TXRXD_RXIN_SCAN)) {
388 /* scanning finished during invoking of handlers */
389 I802_DEBUG_INC(local->rx_handlers_drop_passive_scan);
390 return RX_DROP_UNUSABLE;
396 #ifdef CONFIG_MAC80211_MESH
397 #define msh_h_get(h, l) ((struct ieee80211s_hdr *) ((u8 *)h + l))
398 static ieee80211_rx_result
399 ieee80211_rx_mesh_check(struct ieee80211_txrx_data *rx)
401 int hdrlen = ieee80211_get_hdrlen(rx->fc);
402 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
403 if ((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA) {
404 if (!((rx->fc & IEEE80211_FCTL_FROMDS) &&
405 (rx->fc & IEEE80211_FCTL_TODS)))
406 return RX_DROP_MONITOR;
407 if (memcmp(hdr->addr4, rx->dev->dev_addr, ETH_ALEN) == 0)
408 return RX_DROP_MONITOR;
411 /* If there is not an established peer link and this is not a peer link
412 * establisment frame, beacon or probe, drop the frame.
415 if (!rx->sta || rx->sta->plink_state != ESTAB) {
416 struct ieee80211_mgmt *mgmt;
417 if ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT)
418 return RX_DROP_MONITOR;
420 switch (rx->fc & IEEE80211_FCTL_STYPE) {
421 case IEEE80211_STYPE_ACTION:
422 mgmt = (struct ieee80211_mgmt *)hdr;
423 if (mgmt->u.action.category != PLINK_CATEGORY)
424 return RX_DROP_MONITOR;
425 /* fall through on else */
426 case IEEE80211_STYPE_PROBE_REQ:
427 case IEEE80211_STYPE_PROBE_RESP:
428 case IEEE80211_STYPE_BEACON:
432 return RX_DROP_MONITOR;
435 } else if ((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA &&
436 is_broadcast_ether_addr(hdr->addr1) &&
437 mesh_rmc_check(hdr->addr4, msh_h_get(hdr, hdrlen), rx->dev))
438 return RX_DROP_MONITOR;
445 static ieee80211_rx_result
446 ieee80211_rx_h_check(struct ieee80211_txrx_data *rx)
448 struct ieee80211_hdr *hdr;
450 hdr = (struct ieee80211_hdr *) rx->skb->data;
452 /* Drop duplicate 802.11 retransmissions (IEEE 802.11 Chap. 9.2.9) */
453 if (rx->sta && !is_multicast_ether_addr(hdr->addr1)) {
454 if (unlikely(rx->fc & IEEE80211_FCTL_RETRY &&
455 rx->sta->last_seq_ctrl[rx->u.rx.queue] ==
457 if (rx->flags & IEEE80211_TXRXD_RXRA_MATCH) {
458 rx->local->dot11FrameDuplicateCount++;
459 rx->sta->num_duplicates++;
461 return RX_DROP_MONITOR;
463 rx->sta->last_seq_ctrl[rx->u.rx.queue] = hdr->seq_ctrl;
466 if (unlikely(rx->skb->len < 16)) {
467 I802_DEBUG_INC(rx->local->rx_handlers_drop_short);
468 return RX_DROP_MONITOR;
471 /* Drop disallowed frame classes based on STA auth/assoc state;
472 * IEEE 802.11, Chap 5.5.
474 * 80211.o does filtering only based on association state, i.e., it
475 * drops Class 3 frames from not associated stations. hostapd sends
476 * deauth/disassoc frames when needed. In addition, hostapd is
477 * responsible for filtering on both auth and assoc states.
480 #ifdef CONFIG_MAC80211_MESH
481 if (rx->sdata->vif.type == IEEE80211_IF_TYPE_MESH_POINT)
482 return ieee80211_rx_mesh_check(rx);
485 if (unlikely(((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA ||
486 ((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_CTL &&
487 (rx->fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_PSPOLL)) &&
488 rx->sdata->vif.type != IEEE80211_IF_TYPE_IBSS &&
489 (!rx->sta || !(rx->sta->flags & WLAN_STA_ASSOC)))) {
490 if ((!(rx->fc & IEEE80211_FCTL_FROMDS) &&
491 !(rx->fc & IEEE80211_FCTL_TODS) &&
492 (rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA)
493 || !(rx->flags & IEEE80211_TXRXD_RXRA_MATCH)) {
494 /* Drop IBSS frames and frames for other hosts
496 return RX_DROP_MONITOR;
499 return RX_DROP_MONITOR;
506 static ieee80211_rx_result
507 ieee80211_rx_h_decrypt(struct ieee80211_txrx_data *rx)
509 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
512 ieee80211_rx_result result = RX_DROP_UNUSABLE;
513 struct ieee80211_key *stakey = NULL;
518 * There are three types of keys:
520 * - PTK (pairwise keys)
521 * - STK (station-to-station pairwise keys)
523 * When selecting a key, we have to distinguish between multicast
524 * (including broadcast) and unicast frames, the latter can only
525 * use PTKs and STKs while the former always use GTKs. Unless, of
526 * course, actual WEP keys ("pre-RSNA") are used, then unicast
527 * frames can also use key indizes like GTKs. Hence, if we don't
528 * have a PTK/STK we check the key index for a WEP key.
530 * Note that in a regular BSS, multicast frames are sent by the
531 * AP only, associated stations unicast the frame to the AP first
532 * which then multicasts it on their behalf.
534 * There is also a slight problem in IBSS mode: GTKs are negotiated
535 * with each station, that is something we don't currently handle.
536 * The spec seems to expect that one negotiates the same key with
537 * every station but there's no such requirement; VLANs could be
541 if (!(rx->fc & IEEE80211_FCTL_PROTECTED))
545 * No point in finding a key and decrypting if the frame is neither
546 * addressed to us nor a multicast frame.
548 if (!(rx->flags & IEEE80211_TXRXD_RXRA_MATCH))
552 stakey = rcu_dereference(rx->sta->key);
554 if (!is_multicast_ether_addr(hdr->addr1) && stakey) {
558 * The device doesn't give us the IV so we won't be
559 * able to look up the key. That's ok though, we
560 * don't need to decrypt the frame, we just won't
561 * be able to keep statistics accurate.
562 * Except for key threshold notifications, should
563 * we somehow allow the driver to tell us which key
564 * the hardware used if this flag is set?
566 if ((rx->u.rx.status->flag & RX_FLAG_DECRYPTED) &&
567 (rx->u.rx.status->flag & RX_FLAG_IV_STRIPPED))
570 hdrlen = ieee80211_get_hdrlen(rx->fc);
572 if (rx->skb->len < 8 + hdrlen)
573 return RX_DROP_UNUSABLE; /* TODO: count this? */
576 * no need to call ieee80211_wep_get_keyidx,
577 * it verifies a bunch of things we've done already
579 keyidx = rx->skb->data[hdrlen + 3] >> 6;
581 rx->key = rcu_dereference(rx->sdata->keys[keyidx]);
584 * RSNA-protected unicast frames should always be sent with
585 * pairwise or station-to-station keys, but for WEP we allow
586 * using a key index as well.
588 if (rx->key && rx->key->conf.alg != ALG_WEP &&
589 !is_multicast_ether_addr(hdr->addr1))
594 rx->key->tx_rx_count++;
595 /* TODO: add threshold stuff again */
597 #ifdef CONFIG_MAC80211_DEBUG
599 printk(KERN_DEBUG "%s: RX protected frame,"
600 " but have no key\n", rx->dev->name);
601 #endif /* CONFIG_MAC80211_DEBUG */
602 return RX_DROP_MONITOR;
605 /* Check for weak IVs if possible */
606 if (rx->sta && rx->key->conf.alg == ALG_WEP &&
607 ((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA) &&
608 (!(rx->u.rx.status->flag & RX_FLAG_IV_STRIPPED) ||
609 !(rx->u.rx.status->flag & RX_FLAG_DECRYPTED)) &&
610 ieee80211_wep_is_weak_iv(rx->skb, rx->key))
611 rx->sta->wep_weak_iv_count++;
613 switch (rx->key->conf.alg) {
615 result = ieee80211_crypto_wep_decrypt(rx);
618 result = ieee80211_crypto_tkip_decrypt(rx);
621 result = ieee80211_crypto_ccmp_decrypt(rx);
625 /* either the frame has been decrypted or will be dropped */
626 rx->u.rx.status->flag |= RX_FLAG_DECRYPTED;
631 static void ap_sta_ps_start(struct net_device *dev, struct sta_info *sta)
633 struct ieee80211_sub_if_data *sdata;
634 DECLARE_MAC_BUF(mac);
636 sdata = IEEE80211_DEV_TO_SUB_IF(sta->dev);
639 atomic_inc(&sdata->bss->num_sta_ps);
640 sta->flags |= WLAN_STA_PS;
641 sta->flags &= ~WLAN_STA_PSPOLL;
642 #ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
643 printk(KERN_DEBUG "%s: STA %s aid %d enters power save mode\n",
644 dev->name, print_mac(mac, sta->addr), sta->aid);
645 #endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
648 static int ap_sta_ps_end(struct net_device *dev, struct sta_info *sta)
650 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
653 struct ieee80211_sub_if_data *sdata;
654 struct ieee80211_tx_packet_data *pkt_data;
655 DECLARE_MAC_BUF(mac);
657 sdata = IEEE80211_DEV_TO_SUB_IF(sta->dev);
660 atomic_dec(&sdata->bss->num_sta_ps);
662 sta->flags &= ~(WLAN_STA_PS | WLAN_STA_PSPOLL);
664 if (!skb_queue_empty(&sta->ps_tx_buf))
665 sta_info_clear_tim_bit(sta);
667 #ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
668 printk(KERN_DEBUG "%s: STA %s aid %d exits power save mode\n",
669 dev->name, print_mac(mac, sta->addr), sta->aid);
670 #endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
672 /* Send all buffered frames to the station */
673 while ((skb = skb_dequeue(&sta->tx_filtered)) != NULL) {
674 pkt_data = (struct ieee80211_tx_packet_data *) skb->cb;
676 pkt_data->flags |= IEEE80211_TXPD_REQUEUE;
679 while ((skb = skb_dequeue(&sta->ps_tx_buf)) != NULL) {
680 pkt_data = (struct ieee80211_tx_packet_data *) skb->cb;
681 local->total_ps_buffered--;
683 #ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
684 printk(KERN_DEBUG "%s: STA %s aid %d send PS frame "
685 "since STA not sleeping anymore\n", dev->name,
686 print_mac(mac, sta->addr), sta->aid);
687 #endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
688 pkt_data->flags |= IEEE80211_TXPD_REQUEUE;
695 static ieee80211_rx_result
696 ieee80211_rx_h_sta_process(struct ieee80211_txrx_data *rx)
698 struct sta_info *sta = rx->sta;
699 struct net_device *dev = rx->dev;
700 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
705 /* Update last_rx only for IBSS packets which are for the current
706 * BSSID to avoid keeping the current IBSS network alive in cases where
707 * other STAs are using different BSSID. */
708 if (rx->sdata->vif.type == IEEE80211_IF_TYPE_IBSS) {
709 u8 *bssid = ieee80211_get_bssid(hdr, rx->skb->len,
710 IEEE80211_IF_TYPE_IBSS);
711 if (compare_ether_addr(bssid, rx->sdata->u.sta.bssid) == 0)
712 sta->last_rx = jiffies;
714 if (!is_multicast_ether_addr(hdr->addr1) ||
715 rx->sdata->vif.type == IEEE80211_IF_TYPE_STA) {
716 /* Update last_rx only for unicast frames in order to prevent
717 * the Probe Request frames (the only broadcast frames from a
718 * STA in infrastructure mode) from keeping a connection alive.
719 * Mesh beacons will update last_rx when if they are found to
720 * match the current local configuration when processed.
722 sta->last_rx = jiffies;
725 if (!(rx->flags & IEEE80211_TXRXD_RXRA_MATCH))
729 sta->rx_bytes += rx->skb->len;
730 sta->last_rssi = rx->u.rx.status->ssi;
731 sta->last_signal = rx->u.rx.status->signal;
732 sta->last_noise = rx->u.rx.status->noise;
734 if (!(rx->fc & IEEE80211_FCTL_MOREFRAGS)) {
735 /* Change STA power saving mode only in the end of a frame
736 * exchange sequence */
737 if ((sta->flags & WLAN_STA_PS) && !(rx->fc & IEEE80211_FCTL_PM))
738 rx->u.rx.sent_ps_buffered += ap_sta_ps_end(dev, sta);
739 else if (!(sta->flags & WLAN_STA_PS) &&
740 (rx->fc & IEEE80211_FCTL_PM))
741 ap_sta_ps_start(dev, sta);
744 /* Drop data::nullfunc frames silently, since they are used only to
745 * control station power saving mode. */
746 if ((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA &&
747 (rx->fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_NULLFUNC) {
748 I802_DEBUG_INC(rx->local->rx_handlers_drop_nullfunc);
749 /* Update counter and free packet here to avoid counting this
750 * as a dropped packed. */
752 dev_kfree_skb(rx->skb);
757 } /* ieee80211_rx_h_sta_process */
759 static inline struct ieee80211_fragment_entry *
760 ieee80211_reassemble_add(struct ieee80211_sub_if_data *sdata,
761 unsigned int frag, unsigned int seq, int rx_queue,
762 struct sk_buff **skb)
764 struct ieee80211_fragment_entry *entry;
767 idx = sdata->fragment_next;
768 entry = &sdata->fragments[sdata->fragment_next++];
769 if (sdata->fragment_next >= IEEE80211_FRAGMENT_MAX)
770 sdata->fragment_next = 0;
772 if (!skb_queue_empty(&entry->skb_list)) {
773 #ifdef CONFIG_MAC80211_DEBUG
774 struct ieee80211_hdr *hdr =
775 (struct ieee80211_hdr *) entry->skb_list.next->data;
776 DECLARE_MAC_BUF(mac);
777 DECLARE_MAC_BUF(mac2);
778 printk(KERN_DEBUG "%s: RX reassembly removed oldest "
779 "fragment entry (idx=%d age=%lu seq=%d last_frag=%d "
780 "addr1=%s addr2=%s\n",
781 sdata->dev->name, idx,
782 jiffies - entry->first_frag_time, entry->seq,
783 entry->last_frag, print_mac(mac, hdr->addr1),
784 print_mac(mac2, hdr->addr2));
785 #endif /* CONFIG_MAC80211_DEBUG */
786 __skb_queue_purge(&entry->skb_list);
789 __skb_queue_tail(&entry->skb_list, *skb); /* no need for locking */
791 entry->first_frag_time = jiffies;
793 entry->rx_queue = rx_queue;
794 entry->last_frag = frag;
796 entry->extra_len = 0;
801 static inline struct ieee80211_fragment_entry *
802 ieee80211_reassemble_find(struct ieee80211_sub_if_data *sdata,
803 u16 fc, unsigned int frag, unsigned int seq,
804 int rx_queue, struct ieee80211_hdr *hdr)
806 struct ieee80211_fragment_entry *entry;
809 idx = sdata->fragment_next;
810 for (i = 0; i < IEEE80211_FRAGMENT_MAX; i++) {
811 struct ieee80211_hdr *f_hdr;
816 idx = IEEE80211_FRAGMENT_MAX - 1;
818 entry = &sdata->fragments[idx];
819 if (skb_queue_empty(&entry->skb_list) || entry->seq != seq ||
820 entry->rx_queue != rx_queue ||
821 entry->last_frag + 1 != frag)
824 f_hdr = (struct ieee80211_hdr *) entry->skb_list.next->data;
825 f_fc = le16_to_cpu(f_hdr->frame_control);
827 if ((fc & IEEE80211_FCTL_FTYPE) != (f_fc & IEEE80211_FCTL_FTYPE) ||
828 compare_ether_addr(hdr->addr1, f_hdr->addr1) != 0 ||
829 compare_ether_addr(hdr->addr2, f_hdr->addr2) != 0)
832 if (time_after(jiffies, entry->first_frag_time + 2 * HZ)) {
833 __skb_queue_purge(&entry->skb_list);
842 static ieee80211_rx_result
843 ieee80211_rx_h_defragment(struct ieee80211_txrx_data *rx)
845 struct ieee80211_hdr *hdr;
847 unsigned int frag, seq;
848 struct ieee80211_fragment_entry *entry;
850 DECLARE_MAC_BUF(mac);
852 hdr = (struct ieee80211_hdr *) rx->skb->data;
853 sc = le16_to_cpu(hdr->seq_ctrl);
854 frag = sc & IEEE80211_SCTL_FRAG;
856 if (likely((!(rx->fc & IEEE80211_FCTL_MOREFRAGS) && frag == 0) ||
857 (rx->skb)->len < 24 ||
858 is_multicast_ether_addr(hdr->addr1))) {
862 I802_DEBUG_INC(rx->local->rx_handlers_fragments);
864 seq = (sc & IEEE80211_SCTL_SEQ) >> 4;
867 /* This is the first fragment of a new frame. */
868 entry = ieee80211_reassemble_add(rx->sdata, frag, seq,
869 rx->u.rx.queue, &(rx->skb));
870 if (rx->key && rx->key->conf.alg == ALG_CCMP &&
871 (rx->fc & IEEE80211_FCTL_PROTECTED)) {
872 /* Store CCMP PN so that we can verify that the next
873 * fragment has a sequential PN value. */
875 memcpy(entry->last_pn,
876 rx->key->u.ccmp.rx_pn[rx->u.rx.queue],
882 /* This is a fragment for a frame that should already be pending in
883 * fragment cache. Add this fragment to the end of the pending entry.
885 entry = ieee80211_reassemble_find(rx->sdata, rx->fc, frag, seq,
886 rx->u.rx.queue, hdr);
888 I802_DEBUG_INC(rx->local->rx_handlers_drop_defrag);
889 return RX_DROP_MONITOR;
892 /* Verify that MPDUs within one MSDU have sequential PN values.
893 * (IEEE 802.11i, 8.3.3.4.5) */
896 u8 pn[CCMP_PN_LEN], *rpn;
897 if (!rx->key || rx->key->conf.alg != ALG_CCMP)
898 return RX_DROP_UNUSABLE;
899 memcpy(pn, entry->last_pn, CCMP_PN_LEN);
900 for (i = CCMP_PN_LEN - 1; i >= 0; i--) {
905 rpn = rx->key->u.ccmp.rx_pn[rx->u.rx.queue];
906 if (memcmp(pn, rpn, CCMP_PN_LEN) != 0) {
908 printk(KERN_DEBUG "%s: defrag: CCMP PN not "
910 " PN=%02x%02x%02x%02x%02x%02x "
911 "(expected %02x%02x%02x%02x%02x%02x)\n",
912 rx->dev->name, print_mac(mac, hdr->addr2),
913 rpn[0], rpn[1], rpn[2], rpn[3], rpn[4],
914 rpn[5], pn[0], pn[1], pn[2], pn[3],
916 return RX_DROP_UNUSABLE;
918 memcpy(entry->last_pn, pn, CCMP_PN_LEN);
921 skb_pull(rx->skb, ieee80211_get_hdrlen(rx->fc));
922 __skb_queue_tail(&entry->skb_list, rx->skb);
923 entry->last_frag = frag;
924 entry->extra_len += rx->skb->len;
925 if (rx->fc & IEEE80211_FCTL_MOREFRAGS) {
930 rx->skb = __skb_dequeue(&entry->skb_list);
931 if (skb_tailroom(rx->skb) < entry->extra_len) {
932 I802_DEBUG_INC(rx->local->rx_expand_skb_head2);
933 if (unlikely(pskb_expand_head(rx->skb, 0, entry->extra_len,
935 I802_DEBUG_INC(rx->local->rx_handlers_drop_defrag);
936 __skb_queue_purge(&entry->skb_list);
937 return RX_DROP_UNUSABLE;
940 while ((skb = __skb_dequeue(&entry->skb_list))) {
941 memcpy(skb_put(rx->skb, skb->len), skb->data, skb->len);
945 /* Complete frame has been reassembled - process it now */
946 rx->flags |= IEEE80211_TXRXD_FRAGMENTED;
950 rx->sta->rx_packets++;
951 if (is_multicast_ether_addr(hdr->addr1))
952 rx->local->dot11MulticastReceivedFrameCount++;
954 ieee80211_led_rx(rx->local);
958 static ieee80211_rx_result
959 ieee80211_rx_h_ps_poll(struct ieee80211_txrx_data *rx)
961 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(rx->dev);
964 DECLARE_MAC_BUF(mac);
966 if (likely(!rx->sta ||
967 (rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_CTL ||
968 (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_PSPOLL ||
969 !(rx->flags & IEEE80211_TXRXD_RXRA_MATCH)))
972 if ((sdata->vif.type != IEEE80211_IF_TYPE_AP) &&
973 (sdata->vif.type != IEEE80211_IF_TYPE_VLAN))
974 return RX_DROP_UNUSABLE;
976 skb = skb_dequeue(&rx->sta->tx_filtered);
978 skb = skb_dequeue(&rx->sta->ps_tx_buf);
980 rx->local->total_ps_buffered--;
982 no_pending_pkts = skb_queue_empty(&rx->sta->tx_filtered) &&
983 skb_queue_empty(&rx->sta->ps_tx_buf);
986 struct ieee80211_hdr *hdr =
987 (struct ieee80211_hdr *) skb->data;
990 * Tell TX path to send one frame even though the STA may
991 * still remain is PS mode after this frame exchange.
993 rx->sta->flags |= WLAN_STA_PSPOLL;
995 #ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
996 printk(KERN_DEBUG "STA %s aid %d: PS Poll (entries after %d)\n",
997 print_mac(mac, rx->sta->addr), rx->sta->aid,
998 skb_queue_len(&rx->sta->ps_tx_buf));
999 #endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
1001 /* Use MoreData flag to indicate whether there are more
1002 * buffered frames for this STA */
1003 if (no_pending_pkts)
1004 hdr->frame_control &= cpu_to_le16(~IEEE80211_FCTL_MOREDATA);
1006 hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_MOREDATA);
1008 dev_queue_xmit(skb);
1010 if (no_pending_pkts)
1011 sta_info_clear_tim_bit(rx->sta);
1012 #ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
1013 } else if (!rx->u.rx.sent_ps_buffered) {
1015 * FIXME: This can be the result of a race condition between
1016 * us expiring a frame and the station polling for it.
1017 * Should we send it a null-func frame indicating we
1018 * have nothing buffered for it?
1020 printk(KERN_DEBUG "%s: STA %s sent PS Poll even "
1021 "though there is no buffered frames for it\n",
1022 rx->dev->name, print_mac(mac, rx->sta->addr));
1023 #endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
1026 /* Free PS Poll skb here instead of returning RX_DROP that would
1027 * count as an dropped frame. */
1028 dev_kfree_skb(rx->skb);
1033 static ieee80211_rx_result
1034 ieee80211_rx_h_remove_qos_control(struct ieee80211_txrx_data *rx)
1037 u8 *data = rx->skb->data;
1038 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) data;
1040 if (!WLAN_FC_IS_QOS_DATA(fc))
1043 /* remove the qos control field, update frame type and meta-data */
1044 memmove(data + 2, data, ieee80211_get_hdrlen(fc) - 2);
1045 hdr = (struct ieee80211_hdr *) skb_pull(rx->skb, 2);
1046 /* change frame type to non QOS */
1047 rx->fc = fc &= ~IEEE80211_STYPE_QOS_DATA;
1048 hdr->frame_control = cpu_to_le16(fc);
1054 ieee80211_802_1x_port_control(struct ieee80211_txrx_data *rx)
1056 if (unlikely(!rx->sta || !(rx->sta->flags & WLAN_STA_AUTHORIZED))) {
1057 #ifdef CONFIG_MAC80211_DEBUG
1058 if (net_ratelimit())
1059 printk(KERN_DEBUG "%s: dropped frame "
1060 "(unauthorized port)\n", rx->dev->name);
1061 #endif /* CONFIG_MAC80211_DEBUG */
1069 ieee80211_drop_unencrypted(struct ieee80211_txrx_data *rx)
1072 * Pass through unencrypted frames if the hardware has
1073 * decrypted them already.
1075 if (rx->u.rx.status->flag & RX_FLAG_DECRYPTED)
1078 /* Drop unencrypted frames if key is set. */
1079 if (unlikely(!(rx->fc & IEEE80211_FCTL_PROTECTED) &&
1080 (rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA &&
1081 (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_NULLFUNC &&
1082 (rx->key || rx->sdata->drop_unencrypted))) {
1083 if (net_ratelimit())
1084 printk(KERN_DEBUG "%s: RX non-WEP frame, but expected "
1085 "encryption\n", rx->dev->name);
1092 ieee80211_data_to_8023(struct ieee80211_txrx_data *rx)
1094 struct net_device *dev = rx->dev;
1095 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
1096 u16 fc, hdrlen, ethertype;
1100 struct sk_buff *skb = rx->skb;
1101 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1102 DECLARE_MAC_BUF(mac);
1103 DECLARE_MAC_BUF(mac2);
1104 DECLARE_MAC_BUF(mac3);
1105 DECLARE_MAC_BUF(mac4);
1109 if (unlikely(!WLAN_FC_DATA_PRESENT(fc)))
1112 hdrlen = ieee80211_get_hdrlen(fc);
1114 #ifdef CONFIG_MAC80211_MESH
1115 if (sdata->vif.type == IEEE80211_IF_TYPE_MESH_POINT) {
1116 int meshhdrlen = ieee80211_get_mesh_hdrlen(
1117 (struct ieee80211s_hdr *) (skb->data + hdrlen));
1119 * - mesh header: to be used for mesh forwarding
1120 * decision. It will also be used as mesh header template at
1121 * tx.c:ieee80211_subif_start_xmit() if interface
1122 * type is mesh and skb->pkt_type == PACKET_OTHERHOST
1123 * - ta: to be used if a RERR needs to be sent.
1125 memcpy(skb->cb, skb->data + hdrlen, meshhdrlen);
1126 memcpy(MESH_PREQ(skb), hdr->addr2, ETH_ALEN);
1127 hdrlen += meshhdrlen;
1131 /* convert IEEE 802.11 header + possible LLC headers into Ethernet
1133 * IEEE 802.11 address fields:
1134 * ToDS FromDS Addr1 Addr2 Addr3 Addr4
1135 * 0 0 DA SA BSSID n/a
1136 * 0 1 DA BSSID SA n/a
1137 * 1 0 BSSID SA DA n/a
1141 switch (fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) {
1142 case IEEE80211_FCTL_TODS:
1144 memcpy(dst, hdr->addr3, ETH_ALEN);
1145 memcpy(src, hdr->addr2, ETH_ALEN);
1147 if (unlikely(sdata->vif.type != IEEE80211_IF_TYPE_AP &&
1148 sdata->vif.type != IEEE80211_IF_TYPE_VLAN)) {
1149 if (net_ratelimit())
1150 printk(KERN_DEBUG "%s: dropped ToDS frame "
1151 "(BSSID=%s SA=%s DA=%s)\n",
1153 print_mac(mac, hdr->addr1),
1154 print_mac(mac2, hdr->addr2),
1155 print_mac(mac3, hdr->addr3));
1159 case (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS):
1161 memcpy(dst, hdr->addr3, ETH_ALEN);
1162 memcpy(src, hdr->addr4, ETH_ALEN);
1164 if (unlikely(sdata->vif.type != IEEE80211_IF_TYPE_WDS &&
1165 sdata->vif.type != IEEE80211_IF_TYPE_MESH_POINT)) {
1166 if (net_ratelimit())
1167 printk(KERN_DEBUG "%s: dropped FromDS&ToDS "
1168 "frame (RA=%s TA=%s DA=%s SA=%s)\n",
1170 print_mac(mac, hdr->addr1),
1171 print_mac(mac2, hdr->addr2),
1172 print_mac(mac3, hdr->addr3),
1173 print_mac(mac4, hdr->addr4));
1177 case IEEE80211_FCTL_FROMDS:
1179 memcpy(dst, hdr->addr1, ETH_ALEN);
1180 memcpy(src, hdr->addr3, ETH_ALEN);
1182 if (sdata->vif.type != IEEE80211_IF_TYPE_STA ||
1183 (is_multicast_ether_addr(dst) &&
1184 !compare_ether_addr(src, dev->dev_addr)))
1189 memcpy(dst, hdr->addr1, ETH_ALEN);
1190 memcpy(src, hdr->addr2, ETH_ALEN);
1192 if (sdata->vif.type != IEEE80211_IF_TYPE_IBSS) {
1193 if (net_ratelimit()) {
1194 printk(KERN_DEBUG "%s: dropped IBSS frame "
1195 "(DA=%s SA=%s BSSID=%s)\n",
1197 print_mac(mac, hdr->addr1),
1198 print_mac(mac2, hdr->addr2),
1199 print_mac(mac3, hdr->addr3));
1206 if (unlikely(skb->len - hdrlen < 8)) {
1207 if (net_ratelimit()) {
1208 printk(KERN_DEBUG "%s: RX too short data frame "
1209 "payload\n", dev->name);
1214 payload = skb->data + hdrlen;
1215 ethertype = (payload[6] << 8) | payload[7];
1217 if (likely((compare_ether_addr(payload, rfc1042_header) == 0 &&
1218 ethertype != ETH_P_AARP && ethertype != ETH_P_IPX) ||
1219 compare_ether_addr(payload, bridge_tunnel_header) == 0)) {
1220 /* remove RFC1042 or Bridge-Tunnel encapsulation and
1221 * replace EtherType */
1222 skb_pull(skb, hdrlen + 6);
1223 memcpy(skb_push(skb, ETH_ALEN), src, ETH_ALEN);
1224 memcpy(skb_push(skb, ETH_ALEN), dst, ETH_ALEN);
1226 struct ethhdr *ehdr;
1229 skb_pull(skb, hdrlen);
1230 len = htons(skb->len);
1231 ehdr = (struct ethhdr *) skb_push(skb, sizeof(struct ethhdr));
1232 memcpy(ehdr->h_dest, dst, ETH_ALEN);
1233 memcpy(ehdr->h_source, src, ETH_ALEN);
1234 ehdr->h_proto = len;
1240 * requires that rx->skb is a frame with ethernet header
1242 static bool ieee80211_frame_allowed(struct ieee80211_txrx_data *rx)
1244 static const u8 pae_group_addr[ETH_ALEN]
1245 = { 0x01, 0x80, 0xC2, 0x00, 0x00, 0x03 };
1246 struct ethhdr *ehdr = (struct ethhdr *) rx->skb->data;
1249 * Allow EAPOL frames to us/the PAE group address regardless
1250 * of whether the frame was encrypted or not.
1252 if (ehdr->h_proto == htons(ETH_P_PAE) &&
1253 (compare_ether_addr(ehdr->h_dest, rx->dev->dev_addr) == 0 ||
1254 compare_ether_addr(ehdr->h_dest, pae_group_addr) == 0))
1257 if (ieee80211_802_1x_port_control(rx) ||
1258 ieee80211_drop_unencrypted(rx))
1265 * requires that rx->skb is a frame with ethernet header
1268 ieee80211_deliver_skb(struct ieee80211_txrx_data *rx)
1270 struct net_device *dev = rx->dev;
1271 struct ieee80211_local *local = rx->local;
1272 struct sk_buff *skb, *xmit_skb;
1273 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1274 struct ethhdr *ehdr = (struct ethhdr *) rx->skb->data;
1275 struct sta_info *dsta;
1280 if (local->bridge_packets && (sdata->vif.type == IEEE80211_IF_TYPE_AP ||
1281 sdata->vif.type == IEEE80211_IF_TYPE_VLAN) &&
1282 (rx->flags & IEEE80211_TXRXD_RXRA_MATCH)) {
1283 if (is_multicast_ether_addr(ehdr->h_dest)) {
1285 * send multicast frames both to higher layers in
1286 * local net stack and back to the wireless medium
1288 xmit_skb = skb_copy(skb, GFP_ATOMIC);
1289 if (!xmit_skb && net_ratelimit())
1290 printk(KERN_DEBUG "%s: failed to clone "
1291 "multicast frame\n", dev->name);
1293 dsta = sta_info_get(local, skb->data);
1294 if (dsta && dsta->dev == dev) {
1296 * The destination station is associated to
1297 * this AP (in this VLAN), so send the frame
1298 * directly to it and do not pass it to local
1309 #ifdef CONFIG_MAC80211_MESH
1310 /* Mesh forwarding */
1311 if (sdata->vif.type == IEEE80211_IF_TYPE_MESH_POINT) {
1312 u8 *mesh_ttl = &((struct ieee80211s_hdr *)skb->cb)->ttl;
1315 if (is_multicast_ether_addr(skb->data)) {
1316 if (*mesh_ttl > 0) {
1317 xmit_skb = skb_copy(skb, GFP_ATOMIC);
1318 if (!xmit_skb && net_ratelimit())
1319 printk(KERN_DEBUG "%s: failed to clone "
1320 "multicast frame\n", dev->name);
1322 xmit_skb->pkt_type = PACKET_OTHERHOST;
1324 sdata->u.sta.mshstats.dropped_frames_ttl++;
1326 } else if (skb->pkt_type != PACKET_OTHERHOST &&
1327 compare_ether_addr(dev->dev_addr, skb->data) != 0) {
1328 if (*mesh_ttl == 0) {
1329 sdata->u.sta.mshstats.dropped_frames_ttl++;
1334 xmit_skb->pkt_type = PACKET_OTHERHOST;
1335 if (!(dev->flags & IFF_PROMISC))
1343 /* deliver to local stack */
1344 skb->protocol = eth_type_trans(skb, dev);
1345 memset(skb->cb, 0, sizeof(skb->cb));
1350 /* send to wireless media */
1351 xmit_skb->protocol = htons(ETH_P_802_3);
1352 skb_reset_network_header(xmit_skb);
1353 skb_reset_mac_header(xmit_skb);
1354 dev_queue_xmit(xmit_skb);
1358 static ieee80211_rx_result
1359 ieee80211_rx_h_amsdu(struct ieee80211_txrx_data *rx)
1361 struct net_device *dev = rx->dev;
1362 struct ieee80211_local *local = rx->local;
1365 struct sk_buff *skb = rx->skb, *frame = NULL;
1366 const struct ethhdr *eth;
1370 DECLARE_MAC_BUF(mac);
1373 if (unlikely((fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA))
1376 if (unlikely(!WLAN_FC_DATA_PRESENT(fc)))
1377 return RX_DROP_MONITOR;
1379 if (!(rx->flags & IEEE80211_TXRXD_RX_AMSDU))
1382 err = ieee80211_data_to_8023(rx);
1384 return RX_DROP_UNUSABLE;
1388 dev->stats.rx_packets++;
1389 dev->stats.rx_bytes += skb->len;
1391 /* skip the wrapping header */
1392 eth = (struct ethhdr *) skb_pull(skb, sizeof(struct ethhdr));
1394 return RX_DROP_UNUSABLE;
1396 while (skb != frame) {
1398 __be16 len = eth->h_proto;
1399 unsigned int subframe_len = sizeof(struct ethhdr) + ntohs(len);
1401 remaining = skb->len;
1402 memcpy(dst, eth->h_dest, ETH_ALEN);
1403 memcpy(src, eth->h_source, ETH_ALEN);
1405 padding = ((4 - subframe_len) & 0x3);
1406 /* the last MSDU has no padding */
1407 if (subframe_len > remaining) {
1408 printk(KERN_DEBUG "%s: wrong buffer size", dev->name);
1409 return RX_DROP_UNUSABLE;
1412 skb_pull(skb, sizeof(struct ethhdr));
1413 /* if last subframe reuse skb */
1414 if (remaining <= subframe_len + padding)
1417 frame = dev_alloc_skb(local->hw.extra_tx_headroom +
1421 return RX_DROP_UNUSABLE;
1423 skb_reserve(frame, local->hw.extra_tx_headroom +
1424 sizeof(struct ethhdr));
1425 memcpy(skb_put(frame, ntohs(len)), skb->data,
1428 eth = (struct ethhdr *) skb_pull(skb, ntohs(len) +
1431 printk(KERN_DEBUG "%s: wrong buffer size ",
1433 dev_kfree_skb(frame);
1434 return RX_DROP_UNUSABLE;
1438 skb_reset_network_header(frame);
1440 frame->priority = skb->priority;
1443 payload = frame->data;
1444 ethertype = (payload[6] << 8) | payload[7];
1446 if (likely((compare_ether_addr(payload, rfc1042_header) == 0 &&
1447 ethertype != ETH_P_AARP && ethertype != ETH_P_IPX) ||
1448 compare_ether_addr(payload,
1449 bridge_tunnel_header) == 0)) {
1450 /* remove RFC1042 or Bridge-Tunnel
1451 * encapsulation and replace EtherType */
1453 memcpy(skb_push(frame, ETH_ALEN), src, ETH_ALEN);
1454 memcpy(skb_push(frame, ETH_ALEN), dst, ETH_ALEN);
1456 memcpy(skb_push(frame, sizeof(__be16)),
1457 &len, sizeof(__be16));
1458 memcpy(skb_push(frame, ETH_ALEN), src, ETH_ALEN);
1459 memcpy(skb_push(frame, ETH_ALEN), dst, ETH_ALEN);
1462 if (!ieee80211_frame_allowed(rx)) {
1463 if (skb == frame) /* last frame */
1464 return RX_DROP_UNUSABLE;
1465 dev_kfree_skb(frame);
1469 ieee80211_deliver_skb(rx);
1475 static ieee80211_rx_result
1476 ieee80211_rx_h_data(struct ieee80211_txrx_data *rx)
1478 struct net_device *dev = rx->dev;
1483 if (unlikely((fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA))
1486 if (unlikely(!WLAN_FC_DATA_PRESENT(fc)))
1487 return RX_DROP_MONITOR;
1489 err = ieee80211_data_to_8023(rx);
1491 return RX_DROP_UNUSABLE;
1493 if (!ieee80211_frame_allowed(rx))
1494 return RX_DROP_MONITOR;
1498 dev->stats.rx_packets++;
1499 dev->stats.rx_bytes += rx->skb->len;
1501 ieee80211_deliver_skb(rx);
1506 static ieee80211_rx_result
1507 ieee80211_rx_h_ctrl(struct ieee80211_txrx_data *rx)
1509 struct ieee80211_local *local = rx->local;
1510 struct ieee80211_hw *hw = &local->hw;
1511 struct sk_buff *skb = rx->skb;
1512 struct ieee80211_bar *bar = (struct ieee80211_bar *) skb->data;
1513 struct tid_ampdu_rx *tid_agg_rx;
1517 if (likely((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_CTL))
1520 if ((rx->fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_BACK_REQ) {
1523 tid = le16_to_cpu(bar->control) >> 12;
1524 tid_agg_rx = &(rx->sta->ampdu_mlme.tid_rx[tid]);
1525 if (tid_agg_rx->state != HT_AGG_STATE_OPERATIONAL)
1528 start_seq_num = le16_to_cpu(bar->start_seq_num) >> 4;
1530 /* reset session timer */
1531 if (tid_agg_rx->timeout) {
1532 unsigned long expires =
1533 jiffies + (tid_agg_rx->timeout / 1000) * HZ;
1534 mod_timer(&tid_agg_rx->session_timer, expires);
1537 /* manage reordering buffer according to requested */
1538 /* sequence number */
1540 ieee80211_sta_manage_reorder_buf(hw, tid_agg_rx, NULL,
1543 return RX_DROP_UNUSABLE;
1549 static ieee80211_rx_result
1550 ieee80211_rx_h_mgmt(struct ieee80211_txrx_data *rx)
1552 struct ieee80211_sub_if_data *sdata;
1554 if (!(rx->flags & IEEE80211_TXRXD_RXRA_MATCH))
1555 return RX_DROP_MONITOR;
1557 sdata = IEEE80211_DEV_TO_SUB_IF(rx->dev);
1558 if ((sdata->vif.type == IEEE80211_IF_TYPE_STA ||
1559 sdata->vif.type == IEEE80211_IF_TYPE_IBSS ||
1560 sdata->vif.type == IEEE80211_IF_TYPE_MESH_POINT) &&
1561 !(sdata->flags & IEEE80211_SDATA_USERSPACE_MLME))
1562 ieee80211_sta_rx_mgmt(rx->dev, rx->skb, rx->u.rx.status);
1564 return RX_DROP_MONITOR;
1569 static void ieee80211_rx_michael_mic_report(struct net_device *dev,
1570 struct ieee80211_hdr *hdr,
1571 struct ieee80211_txrx_data *rx)
1574 DECLARE_MAC_BUF(mac);
1575 DECLARE_MAC_BUF(mac2);
1577 hdrlen = ieee80211_get_hdrlen_from_skb(rx->skb);
1578 if (rx->skb->len >= hdrlen + 4)
1579 keyidx = rx->skb->data[hdrlen + 3] >> 6;
1583 if (net_ratelimit())
1584 printk(KERN_DEBUG "%s: TKIP hwaccel reported Michael MIC "
1585 "failure from %s to %s keyidx=%d\n",
1586 dev->name, print_mac(mac, hdr->addr2),
1587 print_mac(mac2, hdr->addr1), keyidx);
1591 * Some hardware seem to generate incorrect Michael MIC
1592 * reports; ignore them to avoid triggering countermeasures.
1594 if (net_ratelimit())
1595 printk(KERN_DEBUG "%s: ignored spurious Michael MIC "
1596 "error for unknown address %s\n",
1597 dev->name, print_mac(mac, hdr->addr2));
1601 if (!(rx->fc & IEEE80211_FCTL_PROTECTED)) {
1602 if (net_ratelimit())
1603 printk(KERN_DEBUG "%s: ignored spurious Michael MIC "
1604 "error for a frame with no PROTECTED flag (src "
1605 "%s)\n", dev->name, print_mac(mac, hdr->addr2));
1609 if (rx->sdata->vif.type == IEEE80211_IF_TYPE_AP && keyidx) {
1611 * APs with pairwise keys should never receive Michael MIC
1612 * errors for non-zero keyidx because these are reserved for
1613 * group keys and only the AP is sending real multicast
1614 * frames in the BSS.
1616 if (net_ratelimit())
1617 printk(KERN_DEBUG "%s: ignored Michael MIC error for "
1618 "a frame with non-zero keyidx (%d)"
1619 " (src %s)\n", dev->name, keyidx,
1620 print_mac(mac, hdr->addr2));
1624 if ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA &&
1625 ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT ||
1626 (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_AUTH)) {
1627 if (net_ratelimit())
1628 printk(KERN_DEBUG "%s: ignored spurious Michael MIC "
1629 "error for a frame that cannot be encrypted "
1630 "(fc=0x%04x) (src %s)\n",
1631 dev->name, rx->fc, print_mac(mac, hdr->addr2));
1635 mac80211_ev_michael_mic_failure(rx->dev, keyidx, hdr);
1637 dev_kfree_skb(rx->skb);
1641 static void ieee80211_rx_cooked_monitor(struct ieee80211_txrx_data *rx)
1643 struct ieee80211_sub_if_data *sdata;
1644 struct ieee80211_local *local = rx->local;
1645 struct ieee80211_rtap_hdr {
1646 struct ieee80211_radiotap_header hdr;
1651 } __attribute__ ((packed)) *rthdr;
1652 struct sk_buff *skb = rx->skb, *skb2;
1653 struct net_device *prev_dev = NULL;
1654 struct ieee80211_rx_status *status = rx->u.rx.status;
1656 if (rx->flags & IEEE80211_TXRXD_RX_CMNTR_REPORTED)
1659 if (skb_headroom(skb) < sizeof(*rthdr) &&
1660 pskb_expand_head(skb, sizeof(*rthdr), 0, GFP_ATOMIC))
1663 rthdr = (void *)skb_push(skb, sizeof(*rthdr));
1664 memset(rthdr, 0, sizeof(*rthdr));
1665 rthdr->hdr.it_len = cpu_to_le16(sizeof(*rthdr));
1666 rthdr->hdr.it_present =
1667 cpu_to_le32((1 << IEEE80211_RADIOTAP_FLAGS) |
1668 (1 << IEEE80211_RADIOTAP_RATE) |
1669 (1 << IEEE80211_RADIOTAP_CHANNEL));
1671 rthdr->rate = rx->u.rx.rate->bitrate / 5;
1672 rthdr->chan_freq = cpu_to_le16(status->freq);
1674 if (status->band == IEEE80211_BAND_5GHZ)
1675 rthdr->chan_flags = cpu_to_le16(IEEE80211_CHAN_OFDM |
1676 IEEE80211_CHAN_5GHZ);
1678 rthdr->chan_flags = cpu_to_le16(IEEE80211_CHAN_DYN |
1679 IEEE80211_CHAN_2GHZ);
1681 skb_set_mac_header(skb, 0);
1682 skb->ip_summed = CHECKSUM_UNNECESSARY;
1683 skb->pkt_type = PACKET_OTHERHOST;
1684 skb->protocol = htons(ETH_P_802_2);
1686 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
1687 if (!netif_running(sdata->dev))
1690 if (sdata->vif.type != IEEE80211_IF_TYPE_MNTR ||
1691 !(sdata->u.mntr_flags & MONITOR_FLAG_COOK_FRAMES))
1695 skb2 = skb_clone(skb, GFP_ATOMIC);
1697 skb2->dev = prev_dev;
1702 prev_dev = sdata->dev;
1703 sdata->dev->stats.rx_packets++;
1704 sdata->dev->stats.rx_bytes += skb->len;
1708 skb->dev = prev_dev;
1714 rx->flags |= IEEE80211_TXRXD_RX_CMNTR_REPORTED;
1721 typedef ieee80211_rx_result (*ieee80211_rx_handler)(struct ieee80211_txrx_data *);
1722 static ieee80211_rx_handler ieee80211_rx_handlers[] =
1724 ieee80211_rx_h_if_stats,
1725 ieee80211_rx_h_passive_scan,
1726 ieee80211_rx_h_check,
1727 ieee80211_rx_h_decrypt,
1728 ieee80211_rx_h_sta_process,
1729 ieee80211_rx_h_defragment,
1730 ieee80211_rx_h_ps_poll,
1731 ieee80211_rx_h_michael_mic_verify,
1732 /* this must be after decryption - so header is counted in MPDU mic
1733 * must be before pae and data, so QOS_DATA format frames
1734 * are not passed to user space by these functions
1736 ieee80211_rx_h_remove_qos_control,
1737 ieee80211_rx_h_amsdu,
1738 ieee80211_rx_h_data,
1739 ieee80211_rx_h_ctrl,
1740 ieee80211_rx_h_mgmt,
1744 static void ieee80211_invoke_rx_handlers(struct ieee80211_sub_if_data *sdata,
1745 struct ieee80211_txrx_data *rx,
1746 struct sk_buff *skb)
1748 ieee80211_rx_handler *handler;
1749 ieee80211_rx_result res = RX_DROP_MONITOR;
1753 rx->dev = sdata->dev;
1755 for (handler = ieee80211_rx_handlers; *handler != NULL; handler++) {
1756 res = (*handler)(rx);
1761 case RX_DROP_UNUSABLE:
1762 case RX_DROP_MONITOR:
1763 I802_DEBUG_INC(sdata->local->rx_handlers_drop);
1765 rx->sta->rx_dropped++;
1768 I802_DEBUG_INC(sdata->local->rx_handlers_queued);
1776 case RX_DROP_MONITOR:
1777 ieee80211_rx_cooked_monitor(rx);
1779 case RX_DROP_UNUSABLE:
1780 dev_kfree_skb(rx->skb);
1785 /* main receive path */
1787 static int prepare_for_handlers(struct ieee80211_sub_if_data *sdata,
1788 u8 *bssid, struct ieee80211_txrx_data *rx,
1789 struct ieee80211_hdr *hdr)
1791 int multicast = is_multicast_ether_addr(hdr->addr1);
1793 switch (sdata->vif.type) {
1794 case IEEE80211_IF_TYPE_STA:
1797 if (!ieee80211_bssid_match(bssid, sdata->u.sta.bssid)) {
1798 if (!(rx->flags & IEEE80211_TXRXD_RXIN_SCAN))
1800 rx->flags &= ~IEEE80211_TXRXD_RXRA_MATCH;
1801 } else if (!multicast &&
1802 compare_ether_addr(sdata->dev->dev_addr,
1804 if (!(sdata->dev->flags & IFF_PROMISC))
1806 rx->flags &= ~IEEE80211_TXRXD_RXRA_MATCH;
1809 case IEEE80211_IF_TYPE_IBSS:
1812 if ((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_MGMT &&
1813 (rx->fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_BEACON)
1815 else if (!ieee80211_bssid_match(bssid, sdata->u.sta.bssid)) {
1816 if (!(rx->flags & IEEE80211_TXRXD_RXIN_SCAN))
1818 rx->flags &= ~IEEE80211_TXRXD_RXRA_MATCH;
1819 } else if (!multicast &&
1820 compare_ether_addr(sdata->dev->dev_addr,
1822 if (!(sdata->dev->flags & IFF_PROMISC))
1824 rx->flags &= ~IEEE80211_TXRXD_RXRA_MATCH;
1825 } else if (!rx->sta)
1826 rx->sta = ieee80211_ibss_add_sta(sdata->dev, rx->skb,
1829 case IEEE80211_IF_TYPE_MESH_POINT:
1831 compare_ether_addr(sdata->dev->dev_addr,
1833 if (!(sdata->dev->flags & IFF_PROMISC))
1836 rx->flags &= ~IEEE80211_TXRXD_RXRA_MATCH;
1839 case IEEE80211_IF_TYPE_VLAN:
1840 case IEEE80211_IF_TYPE_AP:
1842 if (compare_ether_addr(sdata->dev->dev_addr,
1845 } else if (!ieee80211_bssid_match(bssid,
1846 sdata->dev->dev_addr)) {
1847 if (!(rx->flags & IEEE80211_TXRXD_RXIN_SCAN))
1849 rx->flags &= ~IEEE80211_TXRXD_RXRA_MATCH;
1851 if (sdata->dev == sdata->local->mdev &&
1852 !(rx->flags & IEEE80211_TXRXD_RXIN_SCAN))
1853 /* do not receive anything via
1854 * master device when not scanning */
1857 case IEEE80211_IF_TYPE_WDS:
1859 (rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA)
1861 if (compare_ether_addr(sdata->u.wds.remote_addr, hdr->addr2))
1864 case IEEE80211_IF_TYPE_MNTR:
1865 /* take everything */
1867 case IEEE80211_IF_TYPE_INVALID:
1868 /* should never get here */
1877 * This is the actual Rx frames handler. as it blongs to Rx path it must
1878 * be called with rcu_read_lock protection.
1880 static void __ieee80211_rx_handle_packet(struct ieee80211_hw *hw,
1881 struct sk_buff *skb,
1882 struct ieee80211_rx_status *status,
1884 struct ieee80211_rate *rate)
1886 struct ieee80211_local *local = hw_to_local(hw);
1887 struct ieee80211_sub_if_data *sdata;
1888 struct ieee80211_hdr *hdr;
1889 struct ieee80211_txrx_data rx;
1892 struct ieee80211_sub_if_data *prev = NULL;
1893 struct sk_buff *skb_new;
1896 hdr = (struct ieee80211_hdr *) skb->data;
1897 memset(&rx, 0, sizeof(rx));
1901 rx.u.rx.status = status;
1902 rx.u.rx.load = load;
1903 rx.u.rx.rate = rate;
1904 rx.fc = le16_to_cpu(hdr->frame_control);
1905 type = rx.fc & IEEE80211_FCTL_FTYPE;
1907 if (type == IEEE80211_FTYPE_DATA || type == IEEE80211_FTYPE_MGMT)
1908 local->dot11ReceivedFragmentCount++;
1910 rx.sta = sta_info_get(local, hdr->addr2);
1912 rx.dev = rx.sta->dev;
1913 rx.sdata = IEEE80211_DEV_TO_SUB_IF(rx.dev);
1916 if ((status->flag & RX_FLAG_MMIC_ERROR)) {
1917 ieee80211_rx_michael_mic_report(local->mdev, hdr, &rx);
1921 if (unlikely(local->sta_sw_scanning || local->sta_hw_scanning))
1922 rx.flags |= IEEE80211_TXRXD_RXIN_SCAN;
1924 ieee80211_parse_qos(&rx);
1925 ieee80211_verify_ip_alignment(&rx);
1929 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
1930 if (!netif_running(sdata->dev))
1933 if (sdata->vif.type == IEEE80211_IF_TYPE_MNTR)
1936 bssid = ieee80211_get_bssid(hdr, skb->len, sdata->vif.type);
1937 rx.flags |= IEEE80211_TXRXD_RXRA_MATCH;
1938 prepares = prepare_for_handlers(sdata, bssid, &rx, hdr);
1944 * frame is destined for this interface, but if it's not
1945 * also for the previous one we handle that after the
1946 * loop to avoid copying the SKB once too much
1955 * frame was destined for the previous interface
1956 * so invoke RX handlers for it
1959 skb_new = skb_copy(skb, GFP_ATOMIC);
1961 if (net_ratelimit())
1962 printk(KERN_DEBUG "%s: failed to copy "
1963 "multicast frame for %s",
1964 wiphy_name(local->hw.wiphy),
1968 rx.fc = le16_to_cpu(hdr->frame_control);
1969 ieee80211_invoke_rx_handlers(prev, &rx, skb_new);
1973 rx.fc = le16_to_cpu(hdr->frame_control);
1974 ieee80211_invoke_rx_handlers(prev, &rx, skb);
1980 sta_info_put(rx.sta);
1983 #define SEQ_MODULO 0x1000
1984 #define SEQ_MASK 0xfff
1986 static inline int seq_less(u16 sq1, u16 sq2)
1988 return (((sq1 - sq2) & SEQ_MASK) > (SEQ_MODULO >> 1));
1991 static inline u16 seq_inc(u16 sq)
1993 return ((sq + 1) & SEQ_MASK);
1996 static inline u16 seq_sub(u16 sq1, u16 sq2)
1998 return ((sq1 - sq2) & SEQ_MASK);
2003 * As it function blongs to Rx path it must be called with
2004 * the proper rcu_read_lock protection for its flow.
2006 u8 ieee80211_sta_manage_reorder_buf(struct ieee80211_hw *hw,
2007 struct tid_ampdu_rx *tid_agg_rx,
2008 struct sk_buff *skb, u16 mpdu_seq_num,
2011 struct ieee80211_local *local = hw_to_local(hw);
2012 struct ieee80211_rx_status status;
2013 u16 head_seq_num, buf_size;
2016 struct ieee80211_supported_band *sband;
2017 struct ieee80211_rate *rate;
2019 buf_size = tid_agg_rx->buf_size;
2020 head_seq_num = tid_agg_rx->head_seq_num;
2022 /* frame with out of date sequence number */
2023 if (seq_less(mpdu_seq_num, head_seq_num)) {
2028 /* if frame sequence number exceeds our buffering window size or
2029 * block Ack Request arrived - release stored frames */
2030 if ((!seq_less(mpdu_seq_num, head_seq_num + buf_size)) || (bar_req)) {
2031 /* new head to the ordering buffer */
2033 head_seq_num = mpdu_seq_num;
2036 seq_inc(seq_sub(mpdu_seq_num, buf_size));
2037 /* release stored frames up to new head to stack */
2038 while (seq_less(tid_agg_rx->head_seq_num, head_seq_num)) {
2039 index = seq_sub(tid_agg_rx->head_seq_num,
2041 % tid_agg_rx->buf_size;
2043 if (tid_agg_rx->reorder_buf[index]) {
2044 /* release the reordered frames to stack */
2046 tid_agg_rx->reorder_buf[index]->cb,
2048 sband = local->hw.wiphy->bands[status.band];
2049 rate = &sband->bitrates[status.rate_idx];
2050 pkt_load = ieee80211_rx_load_stats(local,
2051 tid_agg_rx->reorder_buf[index],
2053 __ieee80211_rx_handle_packet(hw,
2054 tid_agg_rx->reorder_buf[index],
2055 &status, pkt_load, rate);
2056 tid_agg_rx->stored_mpdu_num--;
2057 tid_agg_rx->reorder_buf[index] = NULL;
2059 tid_agg_rx->head_seq_num =
2060 seq_inc(tid_agg_rx->head_seq_num);
2066 /* now the new frame is always in the range of the reordering */
2068 index = seq_sub(mpdu_seq_num, tid_agg_rx->ssn)
2069 % tid_agg_rx->buf_size;
2070 /* check if we already stored this frame */
2071 if (tid_agg_rx->reorder_buf[index]) {
2076 /* if arrived mpdu is in the right order and nothing else stored */
2077 /* release it immediately */
2078 if (mpdu_seq_num == tid_agg_rx->head_seq_num &&
2079 tid_agg_rx->stored_mpdu_num == 0) {
2080 tid_agg_rx->head_seq_num =
2081 seq_inc(tid_agg_rx->head_seq_num);
2085 /* put the frame in the reordering buffer */
2086 tid_agg_rx->reorder_buf[index] = skb;
2087 tid_agg_rx->stored_mpdu_num++;
2088 /* release the buffer until next missing frame */
2089 index = seq_sub(tid_agg_rx->head_seq_num, tid_agg_rx->ssn)
2090 % tid_agg_rx->buf_size;
2091 while (tid_agg_rx->reorder_buf[index]) {
2092 /* release the reordered frame back to stack */
2093 memcpy(&status, tid_agg_rx->reorder_buf[index]->cb,
2095 sband = local->hw.wiphy->bands[status.band];
2096 rate = &sband->bitrates[status.rate_idx];
2097 pkt_load = ieee80211_rx_load_stats(local,
2098 tid_agg_rx->reorder_buf[index],
2100 __ieee80211_rx_handle_packet(hw, tid_agg_rx->reorder_buf[index],
2101 &status, pkt_load, rate);
2102 tid_agg_rx->stored_mpdu_num--;
2103 tid_agg_rx->reorder_buf[index] = NULL;
2104 tid_agg_rx->head_seq_num = seq_inc(tid_agg_rx->head_seq_num);
2105 index = seq_sub(tid_agg_rx->head_seq_num,
2106 tid_agg_rx->ssn) % tid_agg_rx->buf_size;
2111 static u8 ieee80211_rx_reorder_ampdu(struct ieee80211_local *local,
2112 struct sk_buff *skb)
2114 struct ieee80211_hw *hw = &local->hw;
2115 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
2116 struct sta_info *sta;
2117 struct tid_ampdu_rx *tid_agg_rx;
2123 sta = sta_info_get(local, hdr->addr2);
2127 fc = le16_to_cpu(hdr->frame_control);
2129 /* filter the QoS data rx stream according to
2130 * STA/TID and check if this STA/TID is on aggregation */
2131 if (!WLAN_FC_IS_QOS_DATA(fc))
2134 qc = skb->data + ieee80211_get_hdrlen(fc) - QOS_CONTROL_LEN;
2135 tid = qc[0] & QOS_CONTROL_TID_MASK;
2136 tid_agg_rx = &(sta->ampdu_mlme.tid_rx[tid]);
2138 if (tid_agg_rx->state != HT_AGG_STATE_OPERATIONAL)
2141 /* null data frames are excluded */
2142 if (unlikely(fc & IEEE80211_STYPE_NULLFUNC))
2145 /* new un-ordered ampdu frame - process it */
2147 /* reset session timer */
2148 if (tid_agg_rx->timeout) {
2149 unsigned long expires =
2150 jiffies + (tid_agg_rx->timeout / 1000) * HZ;
2151 mod_timer(&tid_agg_rx->session_timer, expires);
2154 /* if this mpdu is fragmented - terminate rx aggregation session */
2155 sc = le16_to_cpu(hdr->seq_ctrl);
2156 if (sc & IEEE80211_SCTL_FRAG) {
2157 ieee80211_sta_stop_rx_ba_session(sta->dev, sta->addr,
2158 tid, 0, WLAN_REASON_QSTA_REQUIRE_SETUP);
2163 /* according to mpdu sequence number deal with reordering buffer */
2164 mpdu_seq_num = (sc & IEEE80211_SCTL_SEQ) >> 4;
2165 ret = ieee80211_sta_manage_reorder_buf(hw, tid_agg_rx, skb,
2174 * This is the receive path handler. It is called by a low level driver when an
2175 * 802.11 MPDU is received from the hardware.
2177 void __ieee80211_rx(struct ieee80211_hw *hw, struct sk_buff *skb,
2178 struct ieee80211_rx_status *status)
2180 struct ieee80211_local *local = hw_to_local(hw);
2182 struct ieee80211_rate *rate = NULL;
2183 struct ieee80211_supported_band *sband;
2185 if (status->band < 0 ||
2186 status->band > IEEE80211_NUM_BANDS) {
2191 sband = local->hw.wiphy->bands[status->band];
2194 status->rate_idx < 0 ||
2195 status->rate_idx >= sband->n_bitrates) {
2200 rate = &sband->bitrates[status->rate_idx];
2203 * key references and virtual interfaces are protected using RCU
2204 * and this requires that we are in a read-side RCU section during
2205 * receive processing
2210 * Frames with failed FCS/PLCP checksum are not returned,
2211 * all other frames are returned without radiotap header
2212 * if it was previously present.
2213 * Also, frames with less than 16 bytes are dropped.
2215 skb = ieee80211_rx_monitor(local, skb, status, rate);
2221 pkt_load = ieee80211_rx_load_stats(local, skb, status, rate);
2222 local->channel_use_raw += pkt_load;
2224 if (!ieee80211_rx_reorder_ampdu(local, skb))
2225 __ieee80211_rx_handle_packet(hw, skb, status, pkt_load, rate);
2229 EXPORT_SYMBOL(__ieee80211_rx);
2231 /* This is a version of the rx handler that can be called from hard irq
2232 * context. Post the skb on the queue and schedule the tasklet */
2233 void ieee80211_rx_irqsafe(struct ieee80211_hw *hw, struct sk_buff *skb,
2234 struct ieee80211_rx_status *status)
2236 struct ieee80211_local *local = hw_to_local(hw);
2238 BUILD_BUG_ON(sizeof(struct ieee80211_rx_status) > sizeof(skb->cb));
2240 skb->dev = local->mdev;
2241 /* copy status into skb->cb for use by tasklet */
2242 memcpy(skb->cb, status, sizeof(*status));
2243 skb->pkt_type = IEEE80211_RX_MSG;
2244 skb_queue_tail(&local->skb_queue, skb);
2245 tasklet_schedule(&local->tasklet);
2247 EXPORT_SYMBOL(ieee80211_rx_irqsafe);
git://ftp.safe.ca / safe / jmp / linux-2.6 / blob