2 * Copyright 2002-2005, Instant802 Networks, Inc.
3 * Copyright 2005-2006, Devicescape Software, Inc.
4 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
5 * Copyright 2007 Johannes Berg <johannes@sipsolutions.net>
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as
9 * published by the Free Software Foundation.
12 #include <linux/jiffies.h>
13 #include <linux/kernel.h>
14 #include <linux/skbuff.h>
15 #include <linux/netdevice.h>
16 #include <linux/etherdevice.h>
17 #include <linux/rcupdate.h>
18 #include <net/mac80211.h>
19 #include <net/ieee80211_radiotap.h>
21 #include "ieee80211_i.h"
29 static u8 ieee80211_sta_manage_reorder_buf(struct ieee80211_hw *hw,
30 struct tid_ampdu_rx *tid_agg_rx,
35 * monitor mode reception
37 * This function cleans up the SKB, i.e. it removes all the stuff
38 * only useful for monitoring.
40 static struct sk_buff *remove_monitor_info(struct ieee80211_local *local,
44 skb_pull(skb, rtap_len);
46 if (local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS) {
47 if (likely(skb->len > FCS_LEN))
48 skb_trim(skb, skb->len - FCS_LEN);
60 static inline int should_drop_frame(struct ieee80211_rx_status *status,
65 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
67 if (status->flag & (RX_FLAG_FAILED_FCS_CRC | RX_FLAG_FAILED_PLCP_CRC))
69 if (unlikely(skb->len < 16 + present_fcs_len + radiotap_len))
71 if (ieee80211_is_ctl(hdr->frame_control) &&
72 !ieee80211_is_pspoll(hdr->frame_control) &&
73 !ieee80211_is_back_req(hdr->frame_control))
79 ieee80211_rx_radiotap_len(struct ieee80211_local *local,
80 struct ieee80211_rx_status *status)
84 /* always present fields */
85 len = sizeof(struct ieee80211_radiotap_header) + 9;
87 if (status->flag & RX_FLAG_TSFT)
89 if (local->hw.flags & IEEE80211_HW_SIGNAL_DB ||
90 local->hw.flags & IEEE80211_HW_SIGNAL_DBM)
92 if (local->hw.flags & IEEE80211_HW_NOISE_DBM)
95 if (len & 1) /* padding for RX_FLAGS if necessary */
98 /* make sure radiotap starts at a naturally aligned address */
100 len = roundup(len, 8);
106 * ieee80211_add_rx_radiotap_header - add radiotap header
108 * add a radiotap header containing all the fields which the hardware provided.
111 ieee80211_add_rx_radiotap_header(struct ieee80211_local *local,
113 struct ieee80211_rx_status *status,
114 struct ieee80211_rate *rate,
117 struct ieee80211_radiotap_header *rthdr;
120 rthdr = (struct ieee80211_radiotap_header *)skb_push(skb, rtap_len);
121 memset(rthdr, 0, rtap_len);
123 /* radiotap header, set always present flags */
125 cpu_to_le32((1 << IEEE80211_RADIOTAP_FLAGS) |
126 (1 << IEEE80211_RADIOTAP_RATE) |
127 (1 << IEEE80211_RADIOTAP_CHANNEL) |
128 (1 << IEEE80211_RADIOTAP_ANTENNA) |
129 (1 << IEEE80211_RADIOTAP_RX_FLAGS));
130 rthdr->it_len = cpu_to_le16(rtap_len);
132 pos = (unsigned char *)(rthdr+1);
134 /* the order of the following fields is important */
136 /* IEEE80211_RADIOTAP_TSFT */
137 if (status->flag & RX_FLAG_TSFT) {
138 *(__le64 *)pos = cpu_to_le64(status->mactime);
140 cpu_to_le32(1 << IEEE80211_RADIOTAP_TSFT);
144 /* IEEE80211_RADIOTAP_FLAGS */
145 if (local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS)
146 *pos |= IEEE80211_RADIOTAP_F_FCS;
147 if (status->flag & RX_FLAG_SHORTPRE)
148 *pos |= IEEE80211_RADIOTAP_F_SHORTPRE;
151 /* IEEE80211_RADIOTAP_RATE */
152 *pos = rate->bitrate / 5;
155 /* IEEE80211_RADIOTAP_CHANNEL */
156 *(__le16 *)pos = cpu_to_le16(status->freq);
158 if (status->band == IEEE80211_BAND_5GHZ)
159 *(__le16 *)pos = cpu_to_le16(IEEE80211_CHAN_OFDM |
160 IEEE80211_CHAN_5GHZ);
161 else if (rate->flags & IEEE80211_RATE_ERP_G)
162 *(__le16 *)pos = cpu_to_le16(IEEE80211_CHAN_OFDM |
163 IEEE80211_CHAN_2GHZ);
165 *(__le16 *)pos = cpu_to_le16(IEEE80211_CHAN_CCK |
166 IEEE80211_CHAN_2GHZ);
169 /* IEEE80211_RADIOTAP_DBM_ANTSIGNAL */
170 if (local->hw.flags & IEEE80211_HW_SIGNAL_DBM) {
171 *pos = status->signal;
173 cpu_to_le32(1 << IEEE80211_RADIOTAP_DBM_ANTSIGNAL);
177 /* IEEE80211_RADIOTAP_DBM_ANTNOISE */
178 if (local->hw.flags & IEEE80211_HW_NOISE_DBM) {
179 *pos = status->noise;
181 cpu_to_le32(1 << IEEE80211_RADIOTAP_DBM_ANTNOISE);
185 /* IEEE80211_RADIOTAP_LOCK_QUALITY is missing */
187 /* IEEE80211_RADIOTAP_ANTENNA */
188 *pos = status->antenna;
191 /* IEEE80211_RADIOTAP_DB_ANTSIGNAL */
192 if (local->hw.flags & IEEE80211_HW_SIGNAL_DB) {
193 *pos = status->signal;
195 cpu_to_le32(1 << IEEE80211_RADIOTAP_DB_ANTSIGNAL);
199 /* IEEE80211_RADIOTAP_DB_ANTNOISE is not used */
201 /* IEEE80211_RADIOTAP_RX_FLAGS */
202 /* ensure 2 byte alignment for the 2 byte field as required */
203 if ((pos - (unsigned char *)rthdr) & 1)
205 /* FIXME: when radiotap gets a 'bad PLCP' flag use it here */
206 if (status->flag & (RX_FLAG_FAILED_FCS_CRC | RX_FLAG_FAILED_PLCP_CRC))
207 *(__le16 *)pos |= cpu_to_le16(IEEE80211_RADIOTAP_F_RX_BADFCS);
212 * This function copies a received frame to all monitor interfaces and
213 * returns a cleaned-up SKB that no longer includes the FCS nor the
214 * radiotap header the driver might have added.
216 static struct sk_buff *
217 ieee80211_rx_monitor(struct ieee80211_local *local, struct sk_buff *origskb,
218 struct ieee80211_rx_status *status,
219 struct ieee80211_rate *rate)
221 struct ieee80211_sub_if_data *sdata;
222 int needed_headroom = 0;
223 struct sk_buff *skb, *skb2;
224 struct net_device *prev_dev = NULL;
225 int present_fcs_len = 0;
229 * First, we may need to make a copy of the skb because
230 * (1) we need to modify it for radiotap (if not present), and
231 * (2) the other RX handlers will modify the skb we got.
233 * We don't need to, of course, if we aren't going to return
234 * the SKB because it has a bad FCS/PLCP checksum.
236 if (status->flag & RX_FLAG_RADIOTAP)
237 rtap_len = ieee80211_get_radiotap_len(origskb->data);
239 /* room for the radiotap header based on driver features */
240 needed_headroom = ieee80211_rx_radiotap_len(local, status);
242 if (local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS)
243 present_fcs_len = FCS_LEN;
245 if (!local->monitors) {
246 if (should_drop_frame(status, origskb, present_fcs_len,
248 dev_kfree_skb(origskb);
252 return remove_monitor_info(local, origskb, rtap_len);
255 if (should_drop_frame(status, origskb, present_fcs_len, rtap_len)) {
256 /* only need to expand headroom if necessary */
261 * This shouldn't trigger often because most devices have an
262 * RX header they pull before we get here, and that should
263 * be big enough for our radiotap information. We should
264 * probably export the length to drivers so that we can have
265 * them allocate enough headroom to start with.
267 if (skb_headroom(skb) < needed_headroom &&
268 pskb_expand_head(skb, needed_headroom, 0, GFP_ATOMIC)) {
274 * Need to make a copy and possibly remove radiotap header
275 * and FCS from the original.
277 skb = skb_copy_expand(origskb, needed_headroom, 0, GFP_ATOMIC);
279 origskb = remove_monitor_info(local, origskb, rtap_len);
285 /* if necessary, prepend radiotap information */
286 if (!(status->flag & RX_FLAG_RADIOTAP))
287 ieee80211_add_rx_radiotap_header(local, skb, status, rate,
290 skb_reset_mac_header(skb);
291 skb->ip_summed = CHECKSUM_UNNECESSARY;
292 skb->pkt_type = PACKET_OTHERHOST;
293 skb->protocol = htons(ETH_P_802_2);
295 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
296 if (!netif_running(sdata->dev))
299 if (sdata->vif.type != NL80211_IFTYPE_MONITOR)
302 if (sdata->u.mntr_flags & MONITOR_FLAG_COOK_FRAMES)
306 skb2 = skb_clone(skb, GFP_ATOMIC);
308 skb2->dev = prev_dev;
313 prev_dev = sdata->dev;
314 sdata->dev->stats.rx_packets++;
315 sdata->dev->stats.rx_bytes += skb->len;
328 static void ieee80211_parse_qos(struct ieee80211_rx_data *rx)
330 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
333 /* does the frame have a qos control field? */
334 if (ieee80211_is_data_qos(hdr->frame_control)) {
335 u8 *qc = ieee80211_get_qos_ctl(hdr);
336 /* frame has qos control */
337 tid = *qc & IEEE80211_QOS_CTL_TID_MASK;
338 if (*qc & IEEE80211_QOS_CONTROL_A_MSDU_PRESENT)
339 rx->flags |= IEEE80211_RX_AMSDU;
341 rx->flags &= ~IEEE80211_RX_AMSDU;
344 * IEEE 802.11-2007, 7.1.3.4.1 ("Sequence Number field"):
346 * Sequence numbers for management frames, QoS data
347 * frames with a broadcast/multicast address in the
348 * Address 1 field, and all non-QoS data frames sent
349 * by QoS STAs are assigned using an additional single
350 * modulo-4096 counter, [...]
352 * We also use that counter for non-QoS STAs.
354 tid = NUM_RX_DATA_QUEUES - 1;
358 /* Set skb->priority to 1d tag if highest order bit of TID is not set.
359 * For now, set skb->priority to 0 for other cases. */
360 rx->skb->priority = (tid > 7) ? 0 : tid;
363 static void ieee80211_verify_ip_alignment(struct ieee80211_rx_data *rx)
365 #ifdef CONFIG_MAC80211_DEBUG_PACKET_ALIGNMENT
366 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
369 if (!ieee80211_is_data_present(hdr->frame_control))
373 * Drivers are required to align the payload data in a way that
374 * guarantees that the contained IP header is aligned to a four-
375 * byte boundary. In the case of regular frames, this simply means
376 * aligning the payload to a four-byte boundary (because either
377 * the IP header is directly contained, or IV/RFC1042 headers that
378 * have a length divisible by four are in front of it.
380 * With A-MSDU frames, however, the payload data address must
381 * yield two modulo four because there are 14-byte 802.3 headers
382 * within the A-MSDU frames that push the IP header further back
383 * to a multiple of four again. Thankfully, the specs were sane
384 * enough this time around to require padding each A-MSDU subframe
385 * to a length that is a multiple of four.
387 * Padding like atheros hardware adds which is inbetween the 802.11
388 * header and the payload is not supported, the driver is required
389 * to move the 802.11 header further back in that case.
391 hdrlen = ieee80211_hdrlen(hdr->frame_control);
392 if (rx->flags & IEEE80211_RX_AMSDU)
394 WARN_ON_ONCE(((unsigned long)(rx->skb->data + hdrlen)) & 3);
401 static ieee80211_rx_result debug_noinline
402 ieee80211_rx_h_passive_scan(struct ieee80211_rx_data *rx)
404 struct ieee80211_local *local = rx->local;
405 struct sk_buff *skb = rx->skb;
407 if (unlikely(local->hw_scanning))
408 return ieee80211_scan_rx(rx->sdata, skb, rx->status);
410 if (unlikely(local->sw_scanning)) {
411 /* drop all the other packets during a software scan anyway */
412 if (ieee80211_scan_rx(rx->sdata, skb, rx->status)
418 if (unlikely(rx->flags & IEEE80211_RX_IN_SCAN)) {
419 /* scanning finished during invoking of handlers */
420 I802_DEBUG_INC(local->rx_handlers_drop_passive_scan);
421 return RX_DROP_UNUSABLE;
427 static ieee80211_rx_result
428 ieee80211_rx_mesh_check(struct ieee80211_rx_data *rx)
430 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
431 unsigned int hdrlen = ieee80211_hdrlen(hdr->frame_control);
433 if (ieee80211_is_data(hdr->frame_control)) {
434 if (!ieee80211_has_a4(hdr->frame_control))
435 return RX_DROP_MONITOR;
436 if (memcmp(hdr->addr4, rx->dev->dev_addr, ETH_ALEN) == 0)
437 return RX_DROP_MONITOR;
440 /* If there is not an established peer link and this is not a peer link
441 * establisment frame, beacon or probe, drop the frame.
444 if (!rx->sta || sta_plink_state(rx->sta) != PLINK_ESTAB) {
445 struct ieee80211_mgmt *mgmt;
447 if (!ieee80211_is_mgmt(hdr->frame_control))
448 return RX_DROP_MONITOR;
450 if (ieee80211_is_action(hdr->frame_control)) {
451 mgmt = (struct ieee80211_mgmt *)hdr;
452 if (mgmt->u.action.category != PLINK_CATEGORY)
453 return RX_DROP_MONITOR;
457 if (ieee80211_is_probe_req(hdr->frame_control) ||
458 ieee80211_is_probe_resp(hdr->frame_control) ||
459 ieee80211_is_beacon(hdr->frame_control))
462 return RX_DROP_MONITOR;
466 #define msh_h_get(h, l) ((struct ieee80211s_hdr *) ((u8 *)h + l))
468 if (ieee80211_is_data(hdr->frame_control) &&
469 is_multicast_ether_addr(hdr->addr1) &&
470 mesh_rmc_check(hdr->addr4, msh_h_get(hdr, hdrlen), rx->sdata))
471 return RX_DROP_MONITOR;
478 static ieee80211_rx_result debug_noinline
479 ieee80211_rx_h_check(struct ieee80211_rx_data *rx)
481 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
483 /* Drop duplicate 802.11 retransmissions (IEEE 802.11 Chap. 9.2.9) */
484 if (rx->sta && !is_multicast_ether_addr(hdr->addr1)) {
485 if (unlikely(ieee80211_has_retry(hdr->frame_control) &&
486 rx->sta->last_seq_ctrl[rx->queue] ==
488 if (rx->flags & IEEE80211_RX_RA_MATCH) {
489 rx->local->dot11FrameDuplicateCount++;
490 rx->sta->num_duplicates++;
492 return RX_DROP_MONITOR;
494 rx->sta->last_seq_ctrl[rx->queue] = hdr->seq_ctrl;
497 if (unlikely(rx->skb->len < 16)) {
498 I802_DEBUG_INC(rx->local->rx_handlers_drop_short);
499 return RX_DROP_MONITOR;
502 /* Drop disallowed frame classes based on STA auth/assoc state;
503 * IEEE 802.11, Chap 5.5.
505 * mac80211 filters only based on association state, i.e. it drops
506 * Class 3 frames from not associated stations. hostapd sends
507 * deauth/disassoc frames when needed. In addition, hostapd is
508 * responsible for filtering on both auth and assoc states.
511 if (ieee80211_vif_is_mesh(&rx->sdata->vif))
512 return ieee80211_rx_mesh_check(rx);
514 if (unlikely((ieee80211_is_data(hdr->frame_control) ||
515 ieee80211_is_pspoll(hdr->frame_control)) &&
516 rx->sdata->vif.type != NL80211_IFTYPE_ADHOC &&
517 (!rx->sta || !test_sta_flags(rx->sta, WLAN_STA_ASSOC)))) {
518 if ((!ieee80211_has_fromds(hdr->frame_control) &&
519 !ieee80211_has_tods(hdr->frame_control) &&
520 ieee80211_is_data(hdr->frame_control)) ||
521 !(rx->flags & IEEE80211_RX_RA_MATCH)) {
522 /* Drop IBSS frames and frames for other hosts
524 return RX_DROP_MONITOR;
527 return RX_DROP_MONITOR;
534 static ieee80211_rx_result debug_noinline
535 ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
537 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
540 ieee80211_rx_result result = RX_DROP_UNUSABLE;
541 struct ieee80211_key *stakey = NULL;
546 * There are three types of keys:
548 * - PTK (pairwise keys)
549 * - STK (station-to-station pairwise keys)
551 * When selecting a key, we have to distinguish between multicast
552 * (including broadcast) and unicast frames, the latter can only
553 * use PTKs and STKs while the former always use GTKs. Unless, of
554 * course, actual WEP keys ("pre-RSNA") are used, then unicast
555 * frames can also use key indizes like GTKs. Hence, if we don't
556 * have a PTK/STK we check the key index for a WEP key.
558 * Note that in a regular BSS, multicast frames are sent by the
559 * AP only, associated stations unicast the frame to the AP first
560 * which then multicasts it on their behalf.
562 * There is also a slight problem in IBSS mode: GTKs are negotiated
563 * with each station, that is something we don't currently handle.
564 * The spec seems to expect that one negotiates the same key with
565 * every station but there's no such requirement; VLANs could be
569 if (!ieee80211_has_protected(hdr->frame_control))
573 * No point in finding a key and decrypting if the frame is neither
574 * addressed to us nor a multicast frame.
576 if (!(rx->flags & IEEE80211_RX_RA_MATCH))
580 stakey = rcu_dereference(rx->sta->key);
582 if (!is_multicast_ether_addr(hdr->addr1) && stakey) {
586 * The device doesn't give us the IV so we won't be
587 * able to look up the key. That's ok though, we
588 * don't need to decrypt the frame, we just won't
589 * be able to keep statistics accurate.
590 * Except for key threshold notifications, should
591 * we somehow allow the driver to tell us which key
592 * the hardware used if this flag is set?
594 if ((rx->status->flag & RX_FLAG_DECRYPTED) &&
595 (rx->status->flag & RX_FLAG_IV_STRIPPED))
598 hdrlen = ieee80211_hdrlen(hdr->frame_control);
600 if (rx->skb->len < 8 + hdrlen)
601 return RX_DROP_UNUSABLE; /* TODO: count this? */
604 * no need to call ieee80211_wep_get_keyidx,
605 * it verifies a bunch of things we've done already
607 keyidx = rx->skb->data[hdrlen + 3] >> 6;
609 rx->key = rcu_dereference(rx->sdata->keys[keyidx]);
612 * RSNA-protected unicast frames should always be sent with
613 * pairwise or station-to-station keys, but for WEP we allow
614 * using a key index as well.
616 if (rx->key && rx->key->conf.alg != ALG_WEP &&
617 !is_multicast_ether_addr(hdr->addr1))
622 rx->key->tx_rx_count++;
623 /* TODO: add threshold stuff again */
625 return RX_DROP_MONITOR;
628 /* Check for weak IVs if possible */
629 if (rx->sta && rx->key->conf.alg == ALG_WEP &&
630 ieee80211_is_data(hdr->frame_control) &&
631 (!(rx->status->flag & RX_FLAG_IV_STRIPPED) ||
632 !(rx->status->flag & RX_FLAG_DECRYPTED)) &&
633 ieee80211_wep_is_weak_iv(rx->skb, rx->key))
634 rx->sta->wep_weak_iv_count++;
636 switch (rx->key->conf.alg) {
638 result = ieee80211_crypto_wep_decrypt(rx);
641 result = ieee80211_crypto_tkip_decrypt(rx);
644 result = ieee80211_crypto_ccmp_decrypt(rx);
648 /* either the frame has been decrypted or will be dropped */
649 rx->status->flag |= RX_FLAG_DECRYPTED;
654 static void ap_sta_ps_start(struct sta_info *sta)
656 struct ieee80211_sub_if_data *sdata = sta->sdata;
658 atomic_inc(&sdata->bss->num_sta_ps);
659 set_and_clear_sta_flags(sta, WLAN_STA_PS, WLAN_STA_PSPOLL);
660 #ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
661 printk(KERN_DEBUG "%s: STA %pM aid %d enters power save mode\n",
662 sdata->dev->name, sta->sta.addr, sta->sta.aid);
663 #endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
666 static int ap_sta_ps_end(struct sta_info *sta)
668 struct ieee80211_sub_if_data *sdata = sta->sdata;
669 struct ieee80211_local *local = sdata->local;
673 atomic_dec(&sdata->bss->num_sta_ps);
675 clear_sta_flags(sta, WLAN_STA_PS | WLAN_STA_PSPOLL);
677 if (!skb_queue_empty(&sta->ps_tx_buf))
678 sta_info_clear_tim_bit(sta);
680 #ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
681 printk(KERN_DEBUG "%s: STA %pM aid %d exits power save mode\n",
682 sdata->dev->name, sta->sta.addr, sta->sta.aid);
683 #endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
685 /* Send all buffered frames to the station */
686 while ((skb = skb_dequeue(&sta->tx_filtered)) != NULL) {
691 while ((skb = skb_dequeue(&sta->ps_tx_buf)) != NULL) {
692 local->total_ps_buffered--;
694 #ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
695 printk(KERN_DEBUG "%s: STA %pM aid %d send PS frame "
696 "since STA not sleeping anymore\n", sdata->dev->name,
697 sta->sta.addr, sta->sta.aid);
698 #endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
706 static ieee80211_rx_result debug_noinline
707 ieee80211_rx_h_sta_process(struct ieee80211_rx_data *rx)
709 struct sta_info *sta = rx->sta;
710 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
715 /* Update last_rx only for IBSS packets which are for the current
716 * BSSID to avoid keeping the current IBSS network alive in cases where
717 * other STAs are using different BSSID. */
718 if (rx->sdata->vif.type == NL80211_IFTYPE_ADHOC) {
719 u8 *bssid = ieee80211_get_bssid(hdr, rx->skb->len,
720 NL80211_IFTYPE_ADHOC);
721 if (compare_ether_addr(bssid, rx->sdata->u.sta.bssid) == 0)
722 sta->last_rx = jiffies;
724 if (!is_multicast_ether_addr(hdr->addr1) ||
725 rx->sdata->vif.type == NL80211_IFTYPE_STATION) {
726 /* Update last_rx only for unicast frames in order to prevent
727 * the Probe Request frames (the only broadcast frames from a
728 * STA in infrastructure mode) from keeping a connection alive.
729 * Mesh beacons will update last_rx when if they are found to
730 * match the current local configuration when processed.
732 sta->last_rx = jiffies;
735 if (!(rx->flags & IEEE80211_RX_RA_MATCH))
739 sta->rx_bytes += rx->skb->len;
740 sta->last_signal = rx->status->signal;
741 sta->last_qual = rx->status->qual;
742 sta->last_noise = rx->status->noise;
745 * Change STA power saving mode only at the end of a frame
748 if (!ieee80211_has_morefrags(hdr->frame_control) &&
749 (rx->sdata->vif.type == NL80211_IFTYPE_AP ||
750 rx->sdata->vif.type == NL80211_IFTYPE_AP_VLAN)) {
751 if (test_sta_flags(sta, WLAN_STA_PS)) {
753 * Ignore doze->wake transitions that are
754 * indicated by non-data frames, the standard
755 * is unclear here, but for example going to
756 * PS mode and then scanning would cause a
757 * doze->wake transition for the probe request,
758 * and that is clearly undesirable.
760 if (ieee80211_is_data(hdr->frame_control) &&
761 !ieee80211_has_pm(hdr->frame_control))
762 rx->sent_ps_buffered += ap_sta_ps_end(sta);
764 if (ieee80211_has_pm(hdr->frame_control))
765 ap_sta_ps_start(sta);
769 /* Drop data::nullfunc frames silently, since they are used only to
770 * control station power saving mode. */
771 if (ieee80211_is_nullfunc(hdr->frame_control)) {
772 I802_DEBUG_INC(rx->local->rx_handlers_drop_nullfunc);
773 /* Update counter and free packet here to avoid counting this
774 * as a dropped packed. */
776 dev_kfree_skb(rx->skb);
781 } /* ieee80211_rx_h_sta_process */
783 static inline struct ieee80211_fragment_entry *
784 ieee80211_reassemble_add(struct ieee80211_sub_if_data *sdata,
785 unsigned int frag, unsigned int seq, int rx_queue,
786 struct sk_buff **skb)
788 struct ieee80211_fragment_entry *entry;
791 idx = sdata->fragment_next;
792 entry = &sdata->fragments[sdata->fragment_next++];
793 if (sdata->fragment_next >= IEEE80211_FRAGMENT_MAX)
794 sdata->fragment_next = 0;
796 if (!skb_queue_empty(&entry->skb_list)) {
797 #ifdef CONFIG_MAC80211_VERBOSE_DEBUG
798 struct ieee80211_hdr *hdr =
799 (struct ieee80211_hdr *) entry->skb_list.next->data;
800 printk(KERN_DEBUG "%s: RX reassembly removed oldest "
801 "fragment entry (idx=%d age=%lu seq=%d last_frag=%d "
802 "addr1=%pM addr2=%pM\n",
803 sdata->dev->name, idx,
804 jiffies - entry->first_frag_time, entry->seq,
805 entry->last_frag, hdr->addr1, hdr->addr2);
807 __skb_queue_purge(&entry->skb_list);
810 __skb_queue_tail(&entry->skb_list, *skb); /* no need for locking */
812 entry->first_frag_time = jiffies;
814 entry->rx_queue = rx_queue;
815 entry->last_frag = frag;
817 entry->extra_len = 0;
822 static inline struct ieee80211_fragment_entry *
823 ieee80211_reassemble_find(struct ieee80211_sub_if_data *sdata,
824 unsigned int frag, unsigned int seq,
825 int rx_queue, struct ieee80211_hdr *hdr)
827 struct ieee80211_fragment_entry *entry;
830 idx = sdata->fragment_next;
831 for (i = 0; i < IEEE80211_FRAGMENT_MAX; i++) {
832 struct ieee80211_hdr *f_hdr;
836 idx = IEEE80211_FRAGMENT_MAX - 1;
838 entry = &sdata->fragments[idx];
839 if (skb_queue_empty(&entry->skb_list) || entry->seq != seq ||
840 entry->rx_queue != rx_queue ||
841 entry->last_frag + 1 != frag)
844 f_hdr = (struct ieee80211_hdr *)entry->skb_list.next->data;
847 * Check ftype and addresses are equal, else check next fragment
849 if (((hdr->frame_control ^ f_hdr->frame_control) &
850 cpu_to_le16(IEEE80211_FCTL_FTYPE)) ||
851 compare_ether_addr(hdr->addr1, f_hdr->addr1) != 0 ||
852 compare_ether_addr(hdr->addr2, f_hdr->addr2) != 0)
855 if (time_after(jiffies, entry->first_frag_time + 2 * HZ)) {
856 __skb_queue_purge(&entry->skb_list);
865 static ieee80211_rx_result debug_noinline
866 ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx)
868 struct ieee80211_hdr *hdr;
871 unsigned int frag, seq;
872 struct ieee80211_fragment_entry *entry;
875 hdr = (struct ieee80211_hdr *)rx->skb->data;
876 fc = hdr->frame_control;
877 sc = le16_to_cpu(hdr->seq_ctrl);
878 frag = sc & IEEE80211_SCTL_FRAG;
880 if (likely((!ieee80211_has_morefrags(fc) && frag == 0) ||
881 (rx->skb)->len < 24 ||
882 is_multicast_ether_addr(hdr->addr1))) {
886 I802_DEBUG_INC(rx->local->rx_handlers_fragments);
888 seq = (sc & IEEE80211_SCTL_SEQ) >> 4;
891 /* This is the first fragment of a new frame. */
892 entry = ieee80211_reassemble_add(rx->sdata, frag, seq,
893 rx->queue, &(rx->skb));
894 if (rx->key && rx->key->conf.alg == ALG_CCMP &&
895 ieee80211_has_protected(fc)) {
896 /* Store CCMP PN so that we can verify that the next
897 * fragment has a sequential PN value. */
899 memcpy(entry->last_pn,
900 rx->key->u.ccmp.rx_pn[rx->queue],
906 /* This is a fragment for a frame that should already be pending in
907 * fragment cache. Add this fragment to the end of the pending entry.
909 entry = ieee80211_reassemble_find(rx->sdata, frag, seq, rx->queue, hdr);
911 I802_DEBUG_INC(rx->local->rx_handlers_drop_defrag);
912 return RX_DROP_MONITOR;
915 /* Verify that MPDUs within one MSDU have sequential PN values.
916 * (IEEE 802.11i, 8.3.3.4.5) */
919 u8 pn[CCMP_PN_LEN], *rpn;
920 if (!rx->key || rx->key->conf.alg != ALG_CCMP)
921 return RX_DROP_UNUSABLE;
922 memcpy(pn, entry->last_pn, CCMP_PN_LEN);
923 for (i = CCMP_PN_LEN - 1; i >= 0; i--) {
928 rpn = rx->key->u.ccmp.rx_pn[rx->queue];
929 if (memcmp(pn, rpn, CCMP_PN_LEN))
930 return RX_DROP_UNUSABLE;
931 memcpy(entry->last_pn, pn, CCMP_PN_LEN);
934 skb_pull(rx->skb, ieee80211_hdrlen(fc));
935 __skb_queue_tail(&entry->skb_list, rx->skb);
936 entry->last_frag = frag;
937 entry->extra_len += rx->skb->len;
938 if (ieee80211_has_morefrags(fc)) {
943 rx->skb = __skb_dequeue(&entry->skb_list);
944 if (skb_tailroom(rx->skb) < entry->extra_len) {
945 I802_DEBUG_INC(rx->local->rx_expand_skb_head2);
946 if (unlikely(pskb_expand_head(rx->skb, 0, entry->extra_len,
948 I802_DEBUG_INC(rx->local->rx_handlers_drop_defrag);
949 __skb_queue_purge(&entry->skb_list);
950 return RX_DROP_UNUSABLE;
953 while ((skb = __skb_dequeue(&entry->skb_list))) {
954 memcpy(skb_put(rx->skb, skb->len), skb->data, skb->len);
958 /* Complete frame has been reassembled - process it now */
959 rx->flags |= IEEE80211_RX_FRAGMENTED;
963 rx->sta->rx_packets++;
964 if (is_multicast_ether_addr(hdr->addr1))
965 rx->local->dot11MulticastReceivedFrameCount++;
967 ieee80211_led_rx(rx->local);
971 static ieee80211_rx_result debug_noinline
972 ieee80211_rx_h_ps_poll(struct ieee80211_rx_data *rx)
974 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(rx->dev);
977 __le16 fc = ((struct ieee80211_hdr *)rx->skb->data)->frame_control;
979 if (likely(!rx->sta || !ieee80211_is_pspoll(fc) ||
980 !(rx->flags & IEEE80211_RX_RA_MATCH)))
983 if ((sdata->vif.type != NL80211_IFTYPE_AP) &&
984 (sdata->vif.type != NL80211_IFTYPE_AP_VLAN))
985 return RX_DROP_UNUSABLE;
987 skb = skb_dequeue(&rx->sta->tx_filtered);
989 skb = skb_dequeue(&rx->sta->ps_tx_buf);
991 rx->local->total_ps_buffered--;
993 no_pending_pkts = skb_queue_empty(&rx->sta->tx_filtered) &&
994 skb_queue_empty(&rx->sta->ps_tx_buf);
997 struct ieee80211_hdr *hdr =
998 (struct ieee80211_hdr *) skb->data;
1001 * Tell TX path to send one frame even though the STA may
1002 * still remain is PS mode after this frame exchange.
1004 set_sta_flags(rx->sta, WLAN_STA_PSPOLL);
1006 #ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
1007 printk(KERN_DEBUG "STA %pM aid %d: PS Poll (entries after %d)\n",
1008 rx->sta->sta.addr, rx->sta->sta.aid,
1009 skb_queue_len(&rx->sta->ps_tx_buf));
1010 #endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
1012 /* Use MoreData flag to indicate whether there are more
1013 * buffered frames for this STA */
1014 if (no_pending_pkts)
1015 hdr->frame_control &= cpu_to_le16(~IEEE80211_FCTL_MOREDATA);
1017 hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_MOREDATA);
1019 dev_queue_xmit(skb);
1021 if (no_pending_pkts)
1022 sta_info_clear_tim_bit(rx->sta);
1023 #ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
1024 } else if (!rx->sent_ps_buffered) {
1026 * FIXME: This can be the result of a race condition between
1027 * us expiring a frame and the station polling for it.
1028 * Should we send it a null-func frame indicating we
1029 * have nothing buffered for it?
1031 printk(KERN_DEBUG "%s: STA %pM sent PS Poll even "
1032 "though there are no buffered frames for it\n",
1033 rx->dev->name, rx->sta->sta.addr);
1034 #endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
1037 /* Free PS Poll skb here instead of returning RX_DROP that would
1038 * count as an dropped frame. */
1039 dev_kfree_skb(rx->skb);
1044 static ieee80211_rx_result debug_noinline
1045 ieee80211_rx_h_remove_qos_control(struct ieee80211_rx_data *rx)
1047 u8 *data = rx->skb->data;
1048 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)data;
1050 if (!ieee80211_is_data_qos(hdr->frame_control))
1053 /* remove the qos control field, update frame type and meta-data */
1054 memmove(data + IEEE80211_QOS_CTL_LEN, data,
1055 ieee80211_hdrlen(hdr->frame_control) - IEEE80211_QOS_CTL_LEN);
1056 hdr = (struct ieee80211_hdr *)skb_pull(rx->skb, IEEE80211_QOS_CTL_LEN);
1057 /* change frame type to non QOS */
1058 hdr->frame_control &= ~cpu_to_le16(IEEE80211_STYPE_QOS_DATA);
1064 ieee80211_802_1x_port_control(struct ieee80211_rx_data *rx)
1066 if (unlikely(!rx->sta ||
1067 !test_sta_flags(rx->sta, WLAN_STA_AUTHORIZED)))
1074 ieee80211_drop_unencrypted(struct ieee80211_rx_data *rx, __le16 fc)
1077 * Pass through unencrypted frames if the hardware has
1078 * decrypted them already.
1080 if (rx->status->flag & RX_FLAG_DECRYPTED)
1083 /* Drop unencrypted frames if key is set. */
1084 if (unlikely(!ieee80211_has_protected(fc) &&
1085 !ieee80211_is_nullfunc(fc) &&
1086 (rx->key || rx->sdata->drop_unencrypted)))
1093 ieee80211_data_to_8023(struct ieee80211_rx_data *rx)
1095 struct net_device *dev = rx->dev;
1096 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
1097 u16 hdrlen, ethertype;
1100 u8 src[ETH_ALEN] __aligned(2);
1101 struct sk_buff *skb = rx->skb;
1102 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1104 if (unlikely(!ieee80211_is_data_present(hdr->frame_control)))
1107 hdrlen = ieee80211_hdrlen(hdr->frame_control);
1109 /* convert IEEE 802.11 header + possible LLC headers into Ethernet
1111 * IEEE 802.11 address fields:
1112 * ToDS FromDS Addr1 Addr2 Addr3 Addr4
1113 * 0 0 DA SA BSSID n/a
1114 * 0 1 DA BSSID SA n/a
1115 * 1 0 BSSID SA DA n/a
1118 memcpy(dst, ieee80211_get_DA(hdr), ETH_ALEN);
1119 memcpy(src, ieee80211_get_SA(hdr), ETH_ALEN);
1121 switch (hdr->frame_control &
1122 cpu_to_le16(IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) {
1123 case __constant_cpu_to_le16(IEEE80211_FCTL_TODS):
1124 if (unlikely(sdata->vif.type != NL80211_IFTYPE_AP &&
1125 sdata->vif.type != NL80211_IFTYPE_AP_VLAN))
1128 case __constant_cpu_to_le16(IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS):
1129 if (unlikely(sdata->vif.type != NL80211_IFTYPE_WDS &&
1130 sdata->vif.type != NL80211_IFTYPE_MESH_POINT))
1132 if (ieee80211_vif_is_mesh(&sdata->vif)) {
1133 struct ieee80211s_hdr *meshdr = (struct ieee80211s_hdr *)
1134 (skb->data + hdrlen);
1135 hdrlen += ieee80211_get_mesh_hdrlen(meshdr);
1136 if (meshdr->flags & MESH_FLAGS_AE_A5_A6) {
1137 memcpy(dst, meshdr->eaddr1, ETH_ALEN);
1138 memcpy(src, meshdr->eaddr2, ETH_ALEN);
1142 case __constant_cpu_to_le16(IEEE80211_FCTL_FROMDS):
1143 if (sdata->vif.type != NL80211_IFTYPE_STATION ||
1144 (is_multicast_ether_addr(dst) &&
1145 !compare_ether_addr(src, dev->dev_addr)))
1148 case __constant_cpu_to_le16(0):
1149 if (sdata->vif.type != NL80211_IFTYPE_ADHOC)
1154 if (unlikely(skb->len - hdrlen < 8))
1157 payload = skb->data + hdrlen;
1158 ethertype = (payload[6] << 8) | payload[7];
1160 if (likely((compare_ether_addr(payload, rfc1042_header) == 0 &&
1161 ethertype != ETH_P_AARP && ethertype != ETH_P_IPX) ||
1162 compare_ether_addr(payload, bridge_tunnel_header) == 0)) {
1163 /* remove RFC1042 or Bridge-Tunnel encapsulation and
1164 * replace EtherType */
1165 skb_pull(skb, hdrlen + 6);
1166 memcpy(skb_push(skb, ETH_ALEN), src, ETH_ALEN);
1167 memcpy(skb_push(skb, ETH_ALEN), dst, ETH_ALEN);
1169 struct ethhdr *ehdr;
1172 skb_pull(skb, hdrlen);
1173 len = htons(skb->len);
1174 ehdr = (struct ethhdr *) skb_push(skb, sizeof(struct ethhdr));
1175 memcpy(ehdr->h_dest, dst, ETH_ALEN);
1176 memcpy(ehdr->h_source, src, ETH_ALEN);
1177 ehdr->h_proto = len;
1183 * requires that rx->skb is a frame with ethernet header
1185 static bool ieee80211_frame_allowed(struct ieee80211_rx_data *rx, __le16 fc)
1187 static const u8 pae_group_addr[ETH_ALEN] __aligned(2)
1188 = { 0x01, 0x80, 0xC2, 0x00, 0x00, 0x03 };
1189 struct ethhdr *ehdr = (struct ethhdr *) rx->skb->data;
1192 * Allow EAPOL frames to us/the PAE group address regardless
1193 * of whether the frame was encrypted or not.
1195 if (ehdr->h_proto == htons(ETH_P_PAE) &&
1196 (compare_ether_addr(ehdr->h_dest, rx->dev->dev_addr) == 0 ||
1197 compare_ether_addr(ehdr->h_dest, pae_group_addr) == 0))
1200 if (ieee80211_802_1x_port_control(rx) ||
1201 ieee80211_drop_unencrypted(rx, fc))
1208 * requires that rx->skb is a frame with ethernet header
1211 ieee80211_deliver_skb(struct ieee80211_rx_data *rx)
1213 struct net_device *dev = rx->dev;
1214 struct ieee80211_local *local = rx->local;
1215 struct sk_buff *skb, *xmit_skb;
1216 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1217 struct ethhdr *ehdr = (struct ethhdr *) rx->skb->data;
1218 struct sta_info *dsta;
1223 if ((sdata->vif.type == NL80211_IFTYPE_AP ||
1224 sdata->vif.type == NL80211_IFTYPE_AP_VLAN) &&
1225 !(sdata->flags & IEEE80211_SDATA_DONT_BRIDGE_PACKETS) &&
1226 (rx->flags & IEEE80211_RX_RA_MATCH)) {
1227 if (is_multicast_ether_addr(ehdr->h_dest)) {
1229 * send multicast frames both to higher layers in
1230 * local net stack and back to the wireless medium
1232 xmit_skb = skb_copy(skb, GFP_ATOMIC);
1233 if (!xmit_skb && net_ratelimit())
1234 printk(KERN_DEBUG "%s: failed to clone "
1235 "multicast frame\n", dev->name);
1237 dsta = sta_info_get(local, skb->data);
1238 if (dsta && dsta->sdata->dev == dev) {
1240 * The destination station is associated to
1241 * this AP (in this VLAN), so send the frame
1242 * directly to it and do not pass it to local
1252 /* deliver to local stack */
1253 skb->protocol = eth_type_trans(skb, dev);
1254 memset(skb->cb, 0, sizeof(skb->cb));
1259 /* send to wireless media */
1260 xmit_skb->protocol = htons(ETH_P_802_3);
1261 skb_reset_network_header(xmit_skb);
1262 skb_reset_mac_header(xmit_skb);
1263 dev_queue_xmit(xmit_skb);
1267 static ieee80211_rx_result debug_noinline
1268 ieee80211_rx_h_amsdu(struct ieee80211_rx_data *rx)
1270 struct net_device *dev = rx->dev;
1271 struct ieee80211_local *local = rx->local;
1274 struct sk_buff *skb = rx->skb, *frame = NULL;
1275 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
1276 __le16 fc = hdr->frame_control;
1277 const struct ethhdr *eth;
1282 if (unlikely(!ieee80211_is_data(fc)))
1285 if (unlikely(!ieee80211_is_data_present(fc)))
1286 return RX_DROP_MONITOR;
1288 if (!(rx->flags & IEEE80211_RX_AMSDU))
1291 err = ieee80211_data_to_8023(rx);
1293 return RX_DROP_UNUSABLE;
1297 dev->stats.rx_packets++;
1298 dev->stats.rx_bytes += skb->len;
1300 /* skip the wrapping header */
1301 eth = (struct ethhdr *) skb_pull(skb, sizeof(struct ethhdr));
1303 return RX_DROP_UNUSABLE;
1305 while (skb != frame) {
1307 __be16 len = eth->h_proto;
1308 unsigned int subframe_len = sizeof(struct ethhdr) + ntohs(len);
1310 remaining = skb->len;
1311 memcpy(dst, eth->h_dest, ETH_ALEN);
1312 memcpy(src, eth->h_source, ETH_ALEN);
1314 padding = ((4 - subframe_len) & 0x3);
1315 /* the last MSDU has no padding */
1316 if (subframe_len > remaining)
1317 return RX_DROP_UNUSABLE;
1319 skb_pull(skb, sizeof(struct ethhdr));
1320 /* if last subframe reuse skb */
1321 if (remaining <= subframe_len + padding)
1324 frame = dev_alloc_skb(local->hw.extra_tx_headroom +
1328 return RX_DROP_UNUSABLE;
1330 skb_reserve(frame, local->hw.extra_tx_headroom +
1331 sizeof(struct ethhdr));
1332 memcpy(skb_put(frame, ntohs(len)), skb->data,
1335 eth = (struct ethhdr *) skb_pull(skb, ntohs(len) +
1338 dev_kfree_skb(frame);
1339 return RX_DROP_UNUSABLE;
1343 skb_reset_network_header(frame);
1345 frame->priority = skb->priority;
1348 payload = frame->data;
1349 ethertype = (payload[6] << 8) | payload[7];
1351 if (likely((compare_ether_addr(payload, rfc1042_header) == 0 &&
1352 ethertype != ETH_P_AARP && ethertype != ETH_P_IPX) ||
1353 compare_ether_addr(payload,
1354 bridge_tunnel_header) == 0)) {
1355 /* remove RFC1042 or Bridge-Tunnel
1356 * encapsulation and replace EtherType */
1358 memcpy(skb_push(frame, ETH_ALEN), src, ETH_ALEN);
1359 memcpy(skb_push(frame, ETH_ALEN), dst, ETH_ALEN);
1361 memcpy(skb_push(frame, sizeof(__be16)),
1362 &len, sizeof(__be16));
1363 memcpy(skb_push(frame, ETH_ALEN), src, ETH_ALEN);
1364 memcpy(skb_push(frame, ETH_ALEN), dst, ETH_ALEN);
1367 if (!ieee80211_frame_allowed(rx, fc)) {
1368 if (skb == frame) /* last frame */
1369 return RX_DROP_UNUSABLE;
1370 dev_kfree_skb(frame);
1374 ieee80211_deliver_skb(rx);
1380 #ifdef CONFIG_MAC80211_MESH
1381 static ieee80211_rx_result
1382 ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx)
1384 struct ieee80211_hdr *hdr;
1385 struct ieee80211s_hdr *mesh_hdr;
1386 unsigned int hdrlen;
1387 struct sk_buff *skb = rx->skb, *fwd_skb;
1389 hdr = (struct ieee80211_hdr *) skb->data;
1390 hdrlen = ieee80211_hdrlen(hdr->frame_control);
1391 mesh_hdr = (struct ieee80211s_hdr *) (skb->data + hdrlen);
1393 if (!ieee80211_is_data(hdr->frame_control))
1398 return RX_DROP_MONITOR;
1400 if (mesh_hdr->flags & MESH_FLAGS_AE_A5_A6){
1401 struct ieee80211_sub_if_data *sdata;
1402 struct mesh_path *mppath;
1404 sdata = IEEE80211_DEV_TO_SUB_IF(rx->dev);
1406 mppath = mpp_path_lookup(mesh_hdr->eaddr2, sdata);
1408 mpp_path_add(mesh_hdr->eaddr2, hdr->addr4, sdata);
1410 spin_lock_bh(&mppath->state_lock);
1411 mppath->exp_time = jiffies;
1412 if (compare_ether_addr(mppath->mpp, hdr->addr4) != 0)
1413 memcpy(mppath->mpp, hdr->addr4, ETH_ALEN);
1414 spin_unlock_bh(&mppath->state_lock);
1419 if (compare_ether_addr(rx->dev->dev_addr, hdr->addr3) == 0)
1424 if (rx->flags & IEEE80211_RX_RA_MATCH) {
1426 IEEE80211_IFSTA_MESH_CTR_INC(&rx->sdata->u.mesh,
1427 dropped_frames_ttl);
1429 struct ieee80211_hdr *fwd_hdr;
1430 fwd_skb = skb_copy(skb, GFP_ATOMIC);
1432 if (!fwd_skb && net_ratelimit())
1433 printk(KERN_DEBUG "%s: failed to clone mesh frame\n",
1436 fwd_hdr = (struct ieee80211_hdr *) fwd_skb->data;
1438 * Save TA to addr1 to send TA a path error if a
1439 * suitable next hop is not found
1441 memcpy(fwd_hdr->addr1, fwd_hdr->addr2, ETH_ALEN);
1442 memcpy(fwd_hdr->addr2, rx->dev->dev_addr, ETH_ALEN);
1443 fwd_skb->dev = rx->local->mdev;
1444 fwd_skb->iif = rx->dev->ifindex;
1445 dev_queue_xmit(fwd_skb);
1449 if (is_multicast_ether_addr(hdr->addr3) ||
1450 rx->dev->flags & IFF_PROMISC)
1453 return RX_DROP_MONITOR;
1457 static ieee80211_rx_result debug_noinline
1458 ieee80211_rx_h_data(struct ieee80211_rx_data *rx)
1460 struct net_device *dev = rx->dev;
1461 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
1462 __le16 fc = hdr->frame_control;
1465 if (unlikely(!ieee80211_is_data(hdr->frame_control)))
1468 if (unlikely(!ieee80211_is_data_present(hdr->frame_control)))
1469 return RX_DROP_MONITOR;
1471 err = ieee80211_data_to_8023(rx);
1473 return RX_DROP_UNUSABLE;
1475 if (!ieee80211_frame_allowed(rx, fc))
1476 return RX_DROP_MONITOR;
1480 dev->stats.rx_packets++;
1481 dev->stats.rx_bytes += rx->skb->len;
1483 ieee80211_deliver_skb(rx);
1488 static ieee80211_rx_result debug_noinline
1489 ieee80211_rx_h_ctrl(struct ieee80211_rx_data *rx)
1491 struct ieee80211_local *local = rx->local;
1492 struct ieee80211_hw *hw = &local->hw;
1493 struct sk_buff *skb = rx->skb;
1494 struct ieee80211_bar *bar = (struct ieee80211_bar *)skb->data;
1495 struct tid_ampdu_rx *tid_agg_rx;
1499 if (likely(!ieee80211_is_ctl(bar->frame_control)))
1502 if (ieee80211_is_back_req(bar->frame_control)) {
1505 tid = le16_to_cpu(bar->control) >> 12;
1506 if (rx->sta->ampdu_mlme.tid_state_rx[tid]
1507 != HT_AGG_STATE_OPERATIONAL)
1509 tid_agg_rx = rx->sta->ampdu_mlme.tid_rx[tid];
1511 start_seq_num = le16_to_cpu(bar->start_seq_num) >> 4;
1513 /* reset session timer */
1514 if (tid_agg_rx->timeout) {
1515 unsigned long expires =
1516 jiffies + (tid_agg_rx->timeout / 1000) * HZ;
1517 mod_timer(&tid_agg_rx->session_timer, expires);
1520 /* manage reordering buffer according to requested */
1521 /* sequence number */
1523 ieee80211_sta_manage_reorder_buf(hw, tid_agg_rx, NULL,
1526 return RX_DROP_UNUSABLE;
1532 static ieee80211_rx_result debug_noinline
1533 ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
1535 struct ieee80211_local *local = rx->local;
1536 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(rx->dev);
1537 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) rx->skb->data;
1538 int len = rx->skb->len;
1540 if (!ieee80211_is_action(mgmt->frame_control))
1544 return RX_DROP_MONITOR;
1546 if (!(rx->flags & IEEE80211_RX_RA_MATCH))
1547 return RX_DROP_MONITOR;
1549 /* all categories we currently handle have action_code */
1550 if (len < IEEE80211_MIN_ACTION_SIZE + 1)
1551 return RX_DROP_MONITOR;
1553 switch (mgmt->u.action.category) {
1554 case WLAN_CATEGORY_BACK:
1555 switch (mgmt->u.action.u.addba_req.action_code) {
1556 case WLAN_ACTION_ADDBA_REQ:
1557 if (len < (IEEE80211_MIN_ACTION_SIZE +
1558 sizeof(mgmt->u.action.u.addba_req)))
1559 return RX_DROP_MONITOR;
1560 ieee80211_process_addba_request(local, rx->sta, mgmt, len);
1562 case WLAN_ACTION_ADDBA_RESP:
1563 if (len < (IEEE80211_MIN_ACTION_SIZE +
1564 sizeof(mgmt->u.action.u.addba_resp)))
1565 return RX_DROP_MONITOR;
1566 ieee80211_process_addba_resp(local, rx->sta, mgmt, len);
1568 case WLAN_ACTION_DELBA:
1569 if (len < (IEEE80211_MIN_ACTION_SIZE +
1570 sizeof(mgmt->u.action.u.delba)))
1571 return RX_DROP_MONITOR;
1572 ieee80211_process_delba(sdata, rx->sta, mgmt, len);
1576 case WLAN_CATEGORY_SPECTRUM_MGMT:
1577 if (local->hw.conf.channel->band != IEEE80211_BAND_5GHZ)
1578 return RX_DROP_MONITOR;
1579 switch (mgmt->u.action.u.measurement.action_code) {
1580 case WLAN_ACTION_SPCT_MSR_REQ:
1581 if (len < (IEEE80211_MIN_ACTION_SIZE +
1582 sizeof(mgmt->u.action.u.measurement)))
1583 return RX_DROP_MONITOR;
1584 ieee80211_process_measurement_req(sdata, mgmt, len);
1592 rx->sta->rx_packets++;
1593 dev_kfree_skb(rx->skb);
1597 static ieee80211_rx_result debug_noinline
1598 ieee80211_rx_h_mgmt(struct ieee80211_rx_data *rx)
1600 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(rx->dev);
1602 if (!(rx->flags & IEEE80211_RX_RA_MATCH))
1603 return RX_DROP_MONITOR;
1605 if (ieee80211_vif_is_mesh(&sdata->vif))
1606 return ieee80211_mesh_rx_mgmt(sdata, rx->skb, rx->status);
1608 if (sdata->vif.type != NL80211_IFTYPE_STATION &&
1609 sdata->vif.type != NL80211_IFTYPE_ADHOC)
1610 return RX_DROP_MONITOR;
1612 if (sdata->flags & IEEE80211_SDATA_USERSPACE_MLME)
1613 return RX_DROP_MONITOR;
1615 ieee80211_sta_rx_mgmt(sdata, rx->skb, rx->status);
1619 static void ieee80211_rx_michael_mic_report(struct net_device *dev,
1620 struct ieee80211_hdr *hdr,
1621 struct ieee80211_rx_data *rx)
1624 unsigned int hdrlen;
1626 hdrlen = ieee80211_hdrlen(hdr->frame_control);
1627 if (rx->skb->len >= hdrlen + 4)
1628 keyidx = rx->skb->data[hdrlen + 3] >> 6;
1634 * Some hardware seem to generate incorrect Michael MIC
1635 * reports; ignore them to avoid triggering countermeasures.
1640 if (!ieee80211_has_protected(hdr->frame_control))
1643 if (rx->sdata->vif.type == NL80211_IFTYPE_AP && keyidx) {
1645 * APs with pairwise keys should never receive Michael MIC
1646 * errors for non-zero keyidx because these are reserved for
1647 * group keys and only the AP is sending real multicast
1648 * frames in the BSS.
1653 if (!ieee80211_is_data(hdr->frame_control) &&
1654 !ieee80211_is_auth(hdr->frame_control))
1657 mac80211_ev_michael_mic_failure(rx->sdata, keyidx, hdr);
1659 dev_kfree_skb(rx->skb);
1663 /* TODO: use IEEE80211_RX_FRAGMENTED */
1664 static void ieee80211_rx_cooked_monitor(struct ieee80211_rx_data *rx)
1666 struct ieee80211_sub_if_data *sdata;
1667 struct ieee80211_local *local = rx->local;
1668 struct ieee80211_rtap_hdr {
1669 struct ieee80211_radiotap_header hdr;
1674 } __attribute__ ((packed)) *rthdr;
1675 struct sk_buff *skb = rx->skb, *skb2;
1676 struct net_device *prev_dev = NULL;
1677 struct ieee80211_rx_status *status = rx->status;
1679 if (rx->flags & IEEE80211_RX_CMNTR_REPORTED)
1682 if (skb_headroom(skb) < sizeof(*rthdr) &&
1683 pskb_expand_head(skb, sizeof(*rthdr), 0, GFP_ATOMIC))
1686 rthdr = (void *)skb_push(skb, sizeof(*rthdr));
1687 memset(rthdr, 0, sizeof(*rthdr));
1688 rthdr->hdr.it_len = cpu_to_le16(sizeof(*rthdr));
1689 rthdr->hdr.it_present =
1690 cpu_to_le32((1 << IEEE80211_RADIOTAP_FLAGS) |
1691 (1 << IEEE80211_RADIOTAP_RATE) |
1692 (1 << IEEE80211_RADIOTAP_CHANNEL));
1694 rthdr->rate = rx->rate->bitrate / 5;
1695 rthdr->chan_freq = cpu_to_le16(status->freq);
1697 if (status->band == IEEE80211_BAND_5GHZ)
1698 rthdr->chan_flags = cpu_to_le16(IEEE80211_CHAN_OFDM |
1699 IEEE80211_CHAN_5GHZ);
1701 rthdr->chan_flags = cpu_to_le16(IEEE80211_CHAN_DYN |
1702 IEEE80211_CHAN_2GHZ);
1704 skb_set_mac_header(skb, 0);
1705 skb->ip_summed = CHECKSUM_UNNECESSARY;
1706 skb->pkt_type = PACKET_OTHERHOST;
1707 skb->protocol = htons(ETH_P_802_2);
1709 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
1710 if (!netif_running(sdata->dev))
1713 if (sdata->vif.type != NL80211_IFTYPE_MONITOR ||
1714 !(sdata->u.mntr_flags & MONITOR_FLAG_COOK_FRAMES))
1718 skb2 = skb_clone(skb, GFP_ATOMIC);
1720 skb2->dev = prev_dev;
1725 prev_dev = sdata->dev;
1726 sdata->dev->stats.rx_packets++;
1727 sdata->dev->stats.rx_bytes += skb->len;
1731 skb->dev = prev_dev;
1737 rx->flags |= IEEE80211_RX_CMNTR_REPORTED;
1745 static void ieee80211_invoke_rx_handlers(struct ieee80211_sub_if_data *sdata,
1746 struct ieee80211_rx_data *rx,
1747 struct sk_buff *skb)
1749 ieee80211_rx_result res = RX_DROP_MONITOR;
1753 rx->dev = sdata->dev;
1755 #define CALL_RXH(rxh) \
1758 if (res != RX_CONTINUE) \
1762 CALL_RXH(ieee80211_rx_h_passive_scan)
1763 CALL_RXH(ieee80211_rx_h_check)
1764 CALL_RXH(ieee80211_rx_h_decrypt)
1765 CALL_RXH(ieee80211_rx_h_sta_process)
1766 CALL_RXH(ieee80211_rx_h_defragment)
1767 CALL_RXH(ieee80211_rx_h_ps_poll)
1768 CALL_RXH(ieee80211_rx_h_michael_mic_verify)
1769 /* must be after MMIC verify so header is counted in MPDU mic */
1770 CALL_RXH(ieee80211_rx_h_remove_qos_control)
1771 CALL_RXH(ieee80211_rx_h_amsdu)
1772 #ifdef CONFIG_MAC80211_MESH
1773 if (ieee80211_vif_is_mesh(&sdata->vif))
1774 CALL_RXH(ieee80211_rx_h_mesh_fwding);
1776 CALL_RXH(ieee80211_rx_h_data)
1777 CALL_RXH(ieee80211_rx_h_ctrl)
1778 CALL_RXH(ieee80211_rx_h_action)
1779 CALL_RXH(ieee80211_rx_h_mgmt)
1785 case RX_DROP_MONITOR:
1786 I802_DEBUG_INC(sdata->local->rx_handlers_drop);
1788 rx->sta->rx_dropped++;
1791 ieee80211_rx_cooked_monitor(rx);
1793 case RX_DROP_UNUSABLE:
1794 I802_DEBUG_INC(sdata->local->rx_handlers_drop);
1796 rx->sta->rx_dropped++;
1797 dev_kfree_skb(rx->skb);
1800 I802_DEBUG_INC(sdata->local->rx_handlers_queued);
1805 /* main receive path */
1807 static int prepare_for_handlers(struct ieee80211_sub_if_data *sdata,
1808 u8 *bssid, struct ieee80211_rx_data *rx,
1809 struct ieee80211_hdr *hdr)
1811 int multicast = is_multicast_ether_addr(hdr->addr1);
1813 switch (sdata->vif.type) {
1814 case NL80211_IFTYPE_STATION:
1817 if (!ieee80211_bssid_match(bssid, sdata->u.sta.bssid)) {
1818 if (!(rx->flags & IEEE80211_RX_IN_SCAN))
1820 rx->flags &= ~IEEE80211_RX_RA_MATCH;
1821 } else if (!multicast &&
1822 compare_ether_addr(sdata->dev->dev_addr,
1824 if (!(sdata->dev->flags & IFF_PROMISC))
1826 rx->flags &= ~IEEE80211_RX_RA_MATCH;
1829 case NL80211_IFTYPE_ADHOC:
1832 if (ieee80211_is_beacon(hdr->frame_control)) {
1835 else if (!ieee80211_bssid_match(bssid, sdata->u.sta.bssid)) {
1836 if (!(rx->flags & IEEE80211_RX_IN_SCAN))
1838 rx->flags &= ~IEEE80211_RX_RA_MATCH;
1839 } else if (!multicast &&
1840 compare_ether_addr(sdata->dev->dev_addr,
1842 if (!(sdata->dev->flags & IFF_PROMISC))
1844 rx->flags &= ~IEEE80211_RX_RA_MATCH;
1845 } else if (!rx->sta)
1846 rx->sta = ieee80211_ibss_add_sta(sdata, rx->skb,
1848 BIT(rx->status->rate_idx));
1850 case NL80211_IFTYPE_MESH_POINT:
1852 compare_ether_addr(sdata->dev->dev_addr,
1854 if (!(sdata->dev->flags & IFF_PROMISC))
1857 rx->flags &= ~IEEE80211_RX_RA_MATCH;
1860 case NL80211_IFTYPE_AP_VLAN:
1861 case NL80211_IFTYPE_AP:
1863 if (compare_ether_addr(sdata->dev->dev_addr,
1866 } else if (!ieee80211_bssid_match(bssid,
1867 sdata->dev->dev_addr)) {
1868 if (!(rx->flags & IEEE80211_RX_IN_SCAN))
1870 rx->flags &= ~IEEE80211_RX_RA_MATCH;
1873 case NL80211_IFTYPE_WDS:
1874 if (bssid || !ieee80211_is_data(hdr->frame_control))
1876 if (compare_ether_addr(sdata->u.wds.remote_addr, hdr->addr2))
1879 case NL80211_IFTYPE_MONITOR:
1880 /* take everything */
1882 case NL80211_IFTYPE_UNSPECIFIED:
1883 case __NL80211_IFTYPE_AFTER_LAST:
1884 /* should never get here */
1893 * This is the actual Rx frames handler. as it blongs to Rx path it must
1894 * be called with rcu_read_lock protection.
1896 static void __ieee80211_rx_handle_packet(struct ieee80211_hw *hw,
1897 struct sk_buff *skb,
1898 struct ieee80211_rx_status *status,
1899 struct ieee80211_rate *rate)
1901 struct ieee80211_local *local = hw_to_local(hw);
1902 struct ieee80211_sub_if_data *sdata;
1903 struct ieee80211_hdr *hdr;
1904 struct ieee80211_rx_data rx;
1906 struct ieee80211_sub_if_data *prev = NULL;
1907 struct sk_buff *skb_new;
1910 hdr = (struct ieee80211_hdr *)skb->data;
1911 memset(&rx, 0, sizeof(rx));
1918 if (ieee80211_is_data(hdr->frame_control) || ieee80211_is_mgmt(hdr->frame_control))
1919 local->dot11ReceivedFragmentCount++;
1921 rx.sta = sta_info_get(local, hdr->addr2);
1923 rx.sdata = rx.sta->sdata;
1924 rx.dev = rx.sta->sdata->dev;
1927 if ((status->flag & RX_FLAG_MMIC_ERROR)) {
1928 ieee80211_rx_michael_mic_report(local->mdev, hdr, &rx);
1932 if (unlikely(local->sw_scanning || local->hw_scanning))
1933 rx.flags |= IEEE80211_RX_IN_SCAN;
1935 ieee80211_parse_qos(&rx);
1936 ieee80211_verify_ip_alignment(&rx);
1940 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
1941 if (!netif_running(sdata->dev))
1944 if (sdata->vif.type == NL80211_IFTYPE_MONITOR)
1947 bssid = ieee80211_get_bssid(hdr, skb->len, sdata->vif.type);
1948 rx.flags |= IEEE80211_RX_RA_MATCH;
1949 prepares = prepare_for_handlers(sdata, bssid, &rx, hdr);
1955 * frame is destined for this interface, but if it's not
1956 * also for the previous one we handle that after the
1957 * loop to avoid copying the SKB once too much
1966 * frame was destined for the previous interface
1967 * so invoke RX handlers for it
1970 skb_new = skb_copy(skb, GFP_ATOMIC);
1972 if (net_ratelimit())
1973 printk(KERN_DEBUG "%s: failed to copy "
1974 "multicast frame for %s\n",
1975 wiphy_name(local->hw.wiphy),
1979 ieee80211_invoke_rx_handlers(prev, &rx, skb_new);
1983 ieee80211_invoke_rx_handlers(prev, &rx, skb);
1988 #define SEQ_MODULO 0x1000
1989 #define SEQ_MASK 0xfff
1991 static inline int seq_less(u16 sq1, u16 sq2)
1993 return ((sq1 - sq2) & SEQ_MASK) > (SEQ_MODULO >> 1);
1996 static inline u16 seq_inc(u16 sq)
1998 return (sq + 1) & SEQ_MASK;
2001 static inline u16 seq_sub(u16 sq1, u16 sq2)
2003 return (sq1 - sq2) & SEQ_MASK;
2008 * As it function blongs to Rx path it must be called with
2009 * the proper rcu_read_lock protection for its flow.
2011 static u8 ieee80211_sta_manage_reorder_buf(struct ieee80211_hw *hw,
2012 struct tid_ampdu_rx *tid_agg_rx,
2013 struct sk_buff *skb,
2017 struct ieee80211_local *local = hw_to_local(hw);
2018 struct ieee80211_rx_status status;
2019 u16 head_seq_num, buf_size;
2021 struct ieee80211_supported_band *sband;
2022 struct ieee80211_rate *rate;
2024 buf_size = tid_agg_rx->buf_size;
2025 head_seq_num = tid_agg_rx->head_seq_num;
2027 /* frame with out of date sequence number */
2028 if (seq_less(mpdu_seq_num, head_seq_num)) {
2033 /* if frame sequence number exceeds our buffering window size or
2034 * block Ack Request arrived - release stored frames */
2035 if ((!seq_less(mpdu_seq_num, head_seq_num + buf_size)) || (bar_req)) {
2036 /* new head to the ordering buffer */
2038 head_seq_num = mpdu_seq_num;
2041 seq_inc(seq_sub(mpdu_seq_num, buf_size));
2042 /* release stored frames up to new head to stack */
2043 while (seq_less(tid_agg_rx->head_seq_num, head_seq_num)) {
2044 index = seq_sub(tid_agg_rx->head_seq_num,
2046 % tid_agg_rx->buf_size;
2048 if (tid_agg_rx->reorder_buf[index]) {
2049 /* release the reordered frames to stack */
2051 tid_agg_rx->reorder_buf[index]->cb,
2053 sband = local->hw.wiphy->bands[status.band];
2054 rate = &sband->bitrates[status.rate_idx];
2055 __ieee80211_rx_handle_packet(hw,
2056 tid_agg_rx->reorder_buf[index],
2058 tid_agg_rx->stored_mpdu_num--;
2059 tid_agg_rx->reorder_buf[index] = NULL;
2061 tid_agg_rx->head_seq_num =
2062 seq_inc(tid_agg_rx->head_seq_num);
2068 /* now the new frame is always in the range of the reordering */
2070 index = seq_sub(mpdu_seq_num, tid_agg_rx->ssn)
2071 % tid_agg_rx->buf_size;
2072 /* check if we already stored this frame */
2073 if (tid_agg_rx->reorder_buf[index]) {
2078 /* if arrived mpdu is in the right order and nothing else stored */
2079 /* release it immediately */
2080 if (mpdu_seq_num == tid_agg_rx->head_seq_num &&
2081 tid_agg_rx->stored_mpdu_num == 0) {
2082 tid_agg_rx->head_seq_num =
2083 seq_inc(tid_agg_rx->head_seq_num);
2087 /* put the frame in the reordering buffer */
2088 tid_agg_rx->reorder_buf[index] = skb;
2089 tid_agg_rx->stored_mpdu_num++;
2090 /* release the buffer until next missing frame */
2091 index = seq_sub(tid_agg_rx->head_seq_num, tid_agg_rx->ssn)
2092 % tid_agg_rx->buf_size;
2093 while (tid_agg_rx->reorder_buf[index]) {
2094 /* release the reordered frame back to stack */
2095 memcpy(&status, tid_agg_rx->reorder_buf[index]->cb,
2097 sband = local->hw.wiphy->bands[status.band];
2098 rate = &sband->bitrates[status.rate_idx];
2099 __ieee80211_rx_handle_packet(hw, tid_agg_rx->reorder_buf[index],
2101 tid_agg_rx->stored_mpdu_num--;
2102 tid_agg_rx->reorder_buf[index] = NULL;
2103 tid_agg_rx->head_seq_num = seq_inc(tid_agg_rx->head_seq_num);
2104 index = seq_sub(tid_agg_rx->head_seq_num,
2105 tid_agg_rx->ssn) % tid_agg_rx->buf_size;
2110 static u8 ieee80211_rx_reorder_ampdu(struct ieee80211_local *local,
2111 struct sk_buff *skb)
2113 struct ieee80211_hw *hw = &local->hw;
2114 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
2115 struct sta_info *sta;
2116 struct tid_ampdu_rx *tid_agg_rx;
2122 sta = sta_info_get(local, hdr->addr2);
2126 /* filter the QoS data rx stream according to
2127 * STA/TID and check if this STA/TID is on aggregation */
2128 if (!ieee80211_is_data_qos(hdr->frame_control))
2131 tid = *ieee80211_get_qos_ctl(hdr) & IEEE80211_QOS_CTL_TID_MASK;
2133 if (sta->ampdu_mlme.tid_state_rx[tid] != HT_AGG_STATE_OPERATIONAL)
2136 tid_agg_rx = sta->ampdu_mlme.tid_rx[tid];
2138 /* qos null data frames are excluded */
2139 if (unlikely(hdr->frame_control & cpu_to_le16(IEEE80211_STYPE_NULLFUNC)))
2142 /* new un-ordered ampdu frame - process it */
2144 /* reset session timer */
2145 if (tid_agg_rx->timeout) {
2146 unsigned long expires =
2147 jiffies + (tid_agg_rx->timeout / 1000) * HZ;
2148 mod_timer(&tid_agg_rx->session_timer, expires);
2151 /* if this mpdu is fragmented - terminate rx aggregation session */
2152 sc = le16_to_cpu(hdr->seq_ctrl);
2153 if (sc & IEEE80211_SCTL_FRAG) {
2154 ieee80211_sta_stop_rx_ba_session(sta->sdata, sta->sta.addr,
2155 tid, 0, WLAN_REASON_QSTA_REQUIRE_SETUP);
2160 /* according to mpdu sequence number deal with reordering buffer */
2161 mpdu_seq_num = (sc & IEEE80211_SCTL_SEQ) >> 4;
2162 ret = ieee80211_sta_manage_reorder_buf(hw, tid_agg_rx, skb,
2169 * This is the receive path handler. It is called by a low level driver when an
2170 * 802.11 MPDU is received from the hardware.
2172 void __ieee80211_rx(struct ieee80211_hw *hw, struct sk_buff *skb,
2173 struct ieee80211_rx_status *status)
2175 struct ieee80211_local *local = hw_to_local(hw);
2176 struct ieee80211_rate *rate = NULL;
2177 struct ieee80211_supported_band *sband;
2179 if (status->band < 0 ||
2180 status->band >= IEEE80211_NUM_BANDS) {
2185 sband = local->hw.wiphy->bands[status->band];
2188 status->rate_idx < 0 ||
2189 status->rate_idx >= sband->n_bitrates) {
2194 rate = &sband->bitrates[status->rate_idx];
2197 * key references and virtual interfaces are protected using RCU
2198 * and this requires that we are in a read-side RCU section during
2199 * receive processing
2204 * Frames with failed FCS/PLCP checksum are not returned,
2205 * all other frames are returned without radiotap header
2206 * if it was previously present.
2207 * Also, frames with less than 16 bytes are dropped.
2209 skb = ieee80211_rx_monitor(local, skb, status, rate);
2215 if (!ieee80211_rx_reorder_ampdu(local, skb))
2216 __ieee80211_rx_handle_packet(hw, skb, status, rate);
2220 EXPORT_SYMBOL(__ieee80211_rx);
2222 /* This is a version of the rx handler that can be called from hard irq
2223 * context. Post the skb on the queue and schedule the tasklet */
2224 void ieee80211_rx_irqsafe(struct ieee80211_hw *hw, struct sk_buff *skb,
2225 struct ieee80211_rx_status *status)
2227 struct ieee80211_local *local = hw_to_local(hw);
2229 BUILD_BUG_ON(sizeof(struct ieee80211_rx_status) > sizeof(skb->cb));
2231 skb->dev = local->mdev;
2232 /* copy status into skb->cb for use by tasklet */
2233 memcpy(skb->cb, status, sizeof(*status));
2234 skb->pkt_type = IEEE80211_RX_MSG;
2235 skb_queue_tail(&local->skb_queue, skb);
2236 tasklet_schedule(&local->tasklet);
2238 EXPORT_SYMBOL(ieee80211_rx_irqsafe);
git://ftp.safe.ca / safe / jmp / linux-2.6 / blob