1 /******************************************************************************
3 * Copyright(c) 2003 - 2010 Intel Corporation. All rights reserved.
5 * Portions of this file are derived from the ipw3945 project, as well
6 * as portions of the ieee80211 subsystem header files.
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of version 2 of the GNU General Public License as
10 * published by the Free Software Foundation.
12 * This program is distributed in the hope that it will be useful, but WITHOUT
13 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
14 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
17 * You should have received a copy of the GNU General Public License along with
18 * this program; if not, write to the Free Software Foundation, Inc.,
19 * 51 Franklin Street, Fifth Floor, Boston, MA 02110, USA
21 * The full GNU General Public License is included in this distribution in the
22 * file called LICENSE.
24 * Contact Information:
25 * Intel Linux Wireless <ilw@linux.intel.com>
26 * Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497
28 *****************************************************************************/
30 #include <linux/etherdevice.h>
31 #include <net/mac80211.h>
32 #include <asm/unaligned.h>
33 #include "iwl-eeprom.h"
38 #include "iwl-calib.h"
39 #include "iwl-helpers.h"
40 /************************** RX-FUNCTIONS ****************************/
42 * Rx theory of operation
44 * Driver allocates a circular buffer of Receive Buffer Descriptors (RBDs),
45 * each of which point to Receive Buffers to be filled by the NIC. These get
46 * used not only for Rx frames, but for any command response or notification
47 * from the NIC. The driver and NIC manage the Rx buffers by means
48 * of indexes into the circular buffer.
51 * The host/firmware share two index registers for managing the Rx buffers.
53 * The READ index maps to the first position that the firmware may be writing
54 * to -- the driver can read up to (but not including) this position and get
56 * The READ index is managed by the firmware once the card is enabled.
58 * The WRITE index maps to the last position the driver has read from -- the
59 * position preceding WRITE is the last slot the firmware can place a packet.
61 * The queue is empty (no good data) if WRITE = READ - 1, and is full if
64 * During initialization, the host sets up the READ queue position to the first
65 * INDEX position, and WRITE to the last (READ - 1 wrapped)
67 * When the firmware places a packet in a buffer, it will advance the READ index
68 * and fire the RX interrupt. The driver can then query the READ index and
69 * process as many packets as possible, moving the WRITE index forward as it
70 * resets the Rx queue buffers with new memory.
72 * The management in the driver is as follows:
73 * + A list of pre-allocated SKBs is stored in iwl->rxq->rx_free. When
74 * iwl->rxq->free_count drops to or below RX_LOW_WATERMARK, work is scheduled
75 * to replenish the iwl->rxq->rx_free.
76 * + In iwl_rx_replenish (scheduled) if 'processed' != 'read' then the
77 * iwl->rxq is replenished and the READ INDEX is updated (updating the
78 * 'processed' and 'read' driver indexes as well)
79 * + A received packet is processed and handed to the kernel network stack,
80 * detached from the iwl->rxq. The driver 'processed' index is updated.
81 * + The Host/Firmware iwl->rxq is replenished at tasklet time from the rx_free
82 * list. If there are no allocated buffers in iwl->rxq->rx_free, the READ
83 * INDEX is not incremented and iwl->status(RX_STALLED) is set. If there
84 * were enough free buffers and RX_STALLED is set it is cleared.
89 * iwl_rx_queue_alloc() Allocates rx_free
90 * iwl_rx_replenish() Replenishes rx_free list from rx_used, and calls
91 * iwl_rx_queue_restock
92 * iwl_rx_queue_restock() Moves available buffers from rx_free into Rx
93 * queue, updates firmware pointers, and updates
94 * the WRITE index. If insufficient rx_free buffers
95 * are available, schedules iwl_rx_replenish
97 * -- enable interrupts --
98 * ISR - iwl_rx() Detach iwl_rx_mem_buffers from pool up to the
99 * READ INDEX, detaching the SKB from the pool.
100 * Moves the packet buffer from queue to rx_used.
101 * Calls iwl_rx_queue_restock to refill any empty
108 * iwl_rx_queue_space - Return number of free slots available in queue.
110 int iwl_rx_queue_space(const struct iwl_rx_queue *q)
112 int s = q->read - q->write;
115 /* keep some buffer to not confuse full and empty queue */
121 EXPORT_SYMBOL(iwl_rx_queue_space);
124 * iwl_rx_queue_update_write_ptr - Update the write pointer for the RX queue
126 void iwl_rx_queue_update_write_ptr(struct iwl_priv *priv, struct iwl_rx_queue *q)
129 u32 rx_wrt_ptr_reg = priv->hw_params.rx_wrt_ptr_reg;
132 spin_lock_irqsave(&q->lock, flags);
134 if (q->need_update == 0)
137 /* If power-saving is in use, make sure device is awake */
138 if (test_bit(STATUS_POWER_PMI, &priv->status)) {
139 reg = iwl_read32(priv, CSR_UCODE_DRV_GP1);
141 if (reg & CSR_UCODE_DRV_GP1_BIT_MAC_SLEEP) {
142 IWL_DEBUG_INFO(priv, "Rx queue requesting wakeup, GP1 = 0x%x\n",
144 iwl_set_bit(priv, CSR_GP_CNTRL,
145 CSR_GP_CNTRL_REG_FLAG_MAC_ACCESS_REQ);
149 q->write_actual = (q->write & ~0x7);
150 iwl_write_direct32(priv, rx_wrt_ptr_reg, q->write_actual);
152 /* Else device is assumed to be awake */
154 /* Device expects a multiple of 8 */
155 q->write_actual = (q->write & ~0x7);
156 iwl_write_direct32(priv, rx_wrt_ptr_reg, q->write_actual);
162 spin_unlock_irqrestore(&q->lock, flags);
164 EXPORT_SYMBOL(iwl_rx_queue_update_write_ptr);
166 int iwl_rx_queue_alloc(struct iwl_priv *priv)
168 struct iwl_rx_queue *rxq = &priv->rxq;
169 struct device *dev = &priv->pci_dev->dev;
172 spin_lock_init(&rxq->lock);
173 INIT_LIST_HEAD(&rxq->rx_free);
174 INIT_LIST_HEAD(&rxq->rx_used);
176 /* Alloc the circular buffer of Read Buffer Descriptors (RBDs) */
177 rxq->bd = dma_alloc_coherent(dev, 4 * RX_QUEUE_SIZE, &rxq->dma_addr,
182 rxq->rb_stts = dma_alloc_coherent(dev, sizeof(struct iwl_rb_status),
183 &rxq->rb_stts_dma, GFP_KERNEL);
187 /* Fill the rx_used queue with _all_ of the Rx buffers */
188 for (i = 0; i < RX_FREE_BUFFERS + RX_QUEUE_SIZE; i++)
189 list_add_tail(&rxq->pool[i].list, &rxq->rx_used);
191 /* Set us so that we have processed and used all buffers, but have
192 * not restocked the Rx queue with fresh buffers */
193 rxq->read = rxq->write = 0;
194 rxq->write_actual = 0;
196 rxq->need_update = 0;
200 dma_free_coherent(&priv->pci_dev->dev, 4 * RX_QUEUE_SIZE, rxq->bd,
205 EXPORT_SYMBOL(iwl_rx_queue_alloc);
207 void iwl_rx_missed_beacon_notif(struct iwl_priv *priv,
208 struct iwl_rx_mem_buffer *rxb)
211 struct iwl_rx_packet *pkt = rxb_addr(rxb);
212 struct iwl_missed_beacon_notif *missed_beacon;
214 missed_beacon = &pkt->u.missed_beacon;
215 if (le32_to_cpu(missed_beacon->consecutive_missed_beacons) >
216 priv->missed_beacon_threshold) {
217 IWL_DEBUG_CALIB(priv, "missed bcn cnsq %d totl %d rcd %d expctd %d\n",
218 le32_to_cpu(missed_beacon->consecutive_missed_beacons),
219 le32_to_cpu(missed_beacon->total_missed_becons),
220 le32_to_cpu(missed_beacon->num_recvd_beacons),
221 le32_to_cpu(missed_beacon->num_expected_beacons));
222 if (!test_bit(STATUS_SCANNING, &priv->status))
223 iwl_init_sensitivity(priv);
226 EXPORT_SYMBOL(iwl_rx_missed_beacon_notif);
228 void iwl_rx_spectrum_measure_notif(struct iwl_priv *priv,
229 struct iwl_rx_mem_buffer *rxb)
231 struct iwl_rx_packet *pkt = rxb_addr(rxb);
232 struct iwl_spectrum_notification *report = &(pkt->u.spectrum_notif);
234 if (!report->state) {
236 "Spectrum Measure Notification: Start\n");
240 memcpy(&priv->measure_report, report, sizeof(*report));
241 priv->measurement_status |= MEASUREMENT_READY;
243 EXPORT_SYMBOL(iwl_rx_spectrum_measure_notif);
247 /* Calculate noise level, based on measurements during network silence just
248 * before arriving beacon. This measurement can be done only if we know
249 * exactly when to expect beacons, therefore only when we're associated. */
250 static void iwl_rx_calc_noise(struct iwl_priv *priv)
252 struct statistics_rx_non_phy *rx_info
253 = &(priv->statistics.rx.general);
254 int num_active_rx = 0;
255 int total_silence = 0;
257 le32_to_cpu(rx_info->beacon_silence_rssi_a) & IN_BAND_FILTER;
259 le32_to_cpu(rx_info->beacon_silence_rssi_b) & IN_BAND_FILTER;
261 le32_to_cpu(rx_info->beacon_silence_rssi_c) & IN_BAND_FILTER;
264 total_silence += bcn_silence_a;
268 total_silence += bcn_silence_b;
272 total_silence += bcn_silence_c;
276 /* Average among active antennas */
278 priv->last_rx_noise = (total_silence / num_active_rx) - 107;
280 priv->last_rx_noise = IWL_NOISE_MEAS_NOT_AVAILABLE;
282 IWL_DEBUG_CALIB(priv, "inband silence a %u, b %u, c %u, dBm %d\n",
283 bcn_silence_a, bcn_silence_b, bcn_silence_c,
284 priv->last_rx_noise);
287 #ifdef CONFIG_IWLWIFI_DEBUG
289 * based on the assumption of all statistics counter are in DWORD
290 * FIXME: This function is for debugging, do not deal with
291 * the case of counters roll-over.
293 static void iwl_accumulative_statistics(struct iwl_priv *priv,
299 u32 *delta, *max_delta;
301 prev_stats = (__le32 *)&priv->statistics;
302 accum_stats = (u32 *)&priv->accum_statistics;
303 delta = (u32 *)&priv->delta_statistics;
304 max_delta = (u32 *)&priv->max_delta;
306 for (i = sizeof(__le32); i < sizeof(struct iwl_notif_statistics);
307 i += sizeof(__le32), stats++, prev_stats++, delta++,
308 max_delta++, accum_stats++) {
309 if (le32_to_cpu(*stats) > le32_to_cpu(*prev_stats)) {
310 *delta = (le32_to_cpu(*stats) -
311 le32_to_cpu(*prev_stats));
312 *accum_stats += *delta;
313 if (*delta > *max_delta)
318 /* reset accumulative statistics for "no-counter" type statistics */
319 priv->accum_statistics.general.temperature =
320 priv->statistics.general.temperature;
321 priv->accum_statistics.general.temperature_m =
322 priv->statistics.general.temperature_m;
323 priv->accum_statistics.general.ttl_timestamp =
324 priv->statistics.general.ttl_timestamp;
325 priv->accum_statistics.tx.tx_power.ant_a =
326 priv->statistics.tx.tx_power.ant_a;
327 priv->accum_statistics.tx.tx_power.ant_b =
328 priv->statistics.tx.tx_power.ant_b;
329 priv->accum_statistics.tx.tx_power.ant_c =
330 priv->statistics.tx.tx_power.ant_c;
334 #define REG_RECALIB_PERIOD (60)
337 * iwl_good_plcp_health - checks for plcp error.
339 * When the plcp error is exceeding the thresholds, reset the radio
340 * to improve the throughput.
342 bool iwl_good_plcp_health(struct iwl_priv *priv,
343 struct iwl_rx_packet *pkt)
346 int combined_plcp_delta;
347 unsigned int plcp_msec;
348 unsigned long plcp_received_jiffies;
351 * check for plcp_err and trigger radio reset if it exceeds
352 * the plcp error threshold plcp_delta.
354 plcp_received_jiffies = jiffies;
355 plcp_msec = jiffies_to_msecs((long) plcp_received_jiffies -
356 (long) priv->plcp_jiffies);
357 priv->plcp_jiffies = plcp_received_jiffies;
359 * check to make sure plcp_msec is not 0 to prevent division
363 combined_plcp_delta =
364 (le32_to_cpu(pkt->u.stats.rx.ofdm.plcp_err) -
365 le32_to_cpu(priv->statistics.rx.ofdm.plcp_err)) +
366 (le32_to_cpu(pkt->u.stats.rx.ofdm_ht.plcp_err) -
367 le32_to_cpu(priv->statistics.rx.ofdm_ht.plcp_err));
369 if ((combined_plcp_delta > 0) &&
370 ((combined_plcp_delta * 100) / plcp_msec) >
371 priv->cfg->plcp_delta_threshold) {
373 * if plcp_err exceed the threshold,
374 * the following data is printed in csv format:
375 * Text: plcp_err exceeded %d,
376 * Received ofdm.plcp_err,
377 * Current ofdm.plcp_err,
378 * Received ofdm_ht.plcp_err,
379 * Current ofdm_ht.plcp_err,
380 * combined_plcp_delta,
383 IWL_DEBUG_RADIO(priv, "plcp_err exceeded %u, "
384 "%u, %u, %u, %u, %d, %u mSecs\n",
385 priv->cfg->plcp_delta_threshold,
386 le32_to_cpu(pkt->u.stats.rx.ofdm.plcp_err),
387 le32_to_cpu(priv->statistics.rx.ofdm.plcp_err),
388 le32_to_cpu(pkt->u.stats.rx.ofdm_ht.plcp_err),
390 priv->statistics.rx.ofdm_ht.plcp_err),
391 combined_plcp_delta, plcp_msec);
397 EXPORT_SYMBOL(iwl_good_plcp_health);
399 static void iwl_recover_from_statistics(struct iwl_priv *priv,
400 struct iwl_rx_packet *pkt)
402 if (test_bit(STATUS_EXIT_PENDING, &priv->status))
404 if (iwl_is_associated(priv)) {
405 if (priv->cfg->ops->lib->check_ack_health) {
406 if (!priv->cfg->ops->lib->check_ack_health(
409 * low ack count detected
412 IWL_ERR(priv, "low ack count detected, "
413 "restart firmware\n");
414 iwl_force_reset(priv, IWL_FW_RESET);
416 } else if (priv->cfg->ops->lib->check_plcp_health) {
417 if (!priv->cfg->ops->lib->check_plcp_health(
420 * high plcp error detected
423 iwl_force_reset(priv, IWL_RF_RESET);
429 void iwl_rx_statistics(struct iwl_priv *priv,
430 struct iwl_rx_mem_buffer *rxb)
433 struct iwl_rx_packet *pkt = rxb_addr(rxb);
436 IWL_DEBUG_RX(priv, "Statistics notification received (%d vs %d).\n",
437 (int)sizeof(priv->statistics),
438 le32_to_cpu(pkt->len_n_flags) & FH_RSCSR_FRAME_SIZE_MSK);
440 change = ((priv->statistics.general.temperature !=
441 pkt->u.stats.general.temperature) ||
442 ((priv->statistics.flag &
443 STATISTICS_REPLY_FLG_HT40_MODE_MSK) !=
444 (pkt->u.stats.flag & STATISTICS_REPLY_FLG_HT40_MODE_MSK)));
446 #ifdef CONFIG_IWLWIFI_DEBUG
447 iwl_accumulative_statistics(priv, (__le32 *)&pkt->u.stats);
449 iwl_recover_from_statistics(priv, pkt);
451 memcpy(&priv->statistics, &pkt->u.stats, sizeof(priv->statistics));
453 set_bit(STATUS_STATISTICS, &priv->status);
455 /* Reschedule the statistics timer to occur in
456 * REG_RECALIB_PERIOD seconds to ensure we get a
457 * thermal update even if the uCode doesn't give
459 mod_timer(&priv->statistics_periodic, jiffies +
460 msecs_to_jiffies(REG_RECALIB_PERIOD * 1000));
462 if (unlikely(!test_bit(STATUS_SCANNING, &priv->status)) &&
463 (pkt->hdr.cmd == STATISTICS_NOTIFICATION)) {
464 iwl_rx_calc_noise(priv);
465 queue_work(priv->workqueue, &priv->run_time_calib_work);
467 if (priv->cfg->ops->lib->temp_ops.temperature && change)
468 priv->cfg->ops->lib->temp_ops.temperature(priv);
470 EXPORT_SYMBOL(iwl_rx_statistics);
472 void iwl_reply_statistics(struct iwl_priv *priv,
473 struct iwl_rx_mem_buffer *rxb)
475 struct iwl_rx_packet *pkt = rxb_addr(rxb);
477 if (le32_to_cpu(pkt->u.stats.flag) & UCODE_STATISTICS_CLEAR_MSK) {
478 #ifdef CONFIG_IWLWIFI_DEBUG
479 memset(&priv->accum_statistics, 0,
480 sizeof(struct iwl_notif_statistics));
481 memset(&priv->delta_statistics, 0,
482 sizeof(struct iwl_notif_statistics));
483 memset(&priv->max_delta, 0,
484 sizeof(struct iwl_notif_statistics));
486 IWL_DEBUG_RX(priv, "Statistics have been cleared\n");
488 iwl_rx_statistics(priv, rxb);
490 EXPORT_SYMBOL(iwl_reply_statistics);
492 /* Calc max signal level (dBm) among 3 possible receivers */
493 static inline int iwl_calc_rssi(struct iwl_priv *priv,
494 struct iwl_rx_phy_res *rx_resp)
496 return priv->cfg->ops->utils->calc_rssi(priv, rx_resp);
499 #ifdef CONFIG_IWLWIFI_DEBUG
501 * iwl_dbg_report_frame - dump frame to syslog during debug sessions
503 * You may hack this function to show different aspects of received frames,
504 * including selective frame dumps.
505 * group100 parameter selects whether to show 1 out of 100 good data frames.
506 * All beacon and probe response frames are printed.
508 static void iwl_dbg_report_frame(struct iwl_priv *priv,
509 struct iwl_rx_phy_res *phy_res, u16 length,
510 struct ieee80211_hdr *header, int group100)
513 u32 print_summary = 0;
514 u32 print_dump = 0; /* set to 1 to dump all frames' contents */
525 if (likely(!(iwl_get_debug_level(priv) & IWL_DL_RX)))
529 fc = header->frame_control;
530 seq_ctl = le16_to_cpu(header->seq_ctrl);
533 channel = le16_to_cpu(phy_res->channel);
534 phy_flags = le16_to_cpu(phy_res->phy_flags);
535 rate_n_flags = le32_to_cpu(phy_res->rate_n_flags);
537 /* signal statistics */
538 rssi = iwl_calc_rssi(priv, phy_res);
539 tsf_low = le64_to_cpu(phy_res->timestamp) & 0x0ffffffff;
541 to_us = !compare_ether_addr(header->addr1, priv->mac_addr);
543 /* if data frame is to us and all is good,
544 * (optionally) print summary for only 1 out of every 100 */
545 if (to_us && (fc & ~cpu_to_le16(IEEE80211_FCTL_PROTECTED)) ==
546 cpu_to_le16(IEEE80211_FCTL_FROMDS | IEEE80211_FTYPE_DATA)) {
549 print_summary = 1; /* print each frame */
550 else if (priv->framecnt_to_us < 100) {
551 priv->framecnt_to_us++;
554 priv->framecnt_to_us = 0;
559 /* print summary for all other frames */
570 else if (ieee80211_has_retry(fc))
572 else if (ieee80211_is_assoc_resp(fc))
574 else if (ieee80211_is_reassoc_resp(fc))
576 else if (ieee80211_is_probe_resp(fc)) {
578 print_dump = 1; /* dump frame contents */
579 } else if (ieee80211_is_beacon(fc)) {
581 print_dump = 1; /* dump frame contents */
582 } else if (ieee80211_is_atim(fc))
584 else if (ieee80211_is_auth(fc))
586 else if (ieee80211_is_deauth(fc))
588 else if (ieee80211_is_disassoc(fc))
593 rate_idx = iwl_hwrate_to_plcp_idx(rate_n_flags);
594 if (unlikely((rate_idx < 0) || (rate_idx >= IWL_RATE_COUNT))) {
598 bitrate = iwl_rates[rate_idx].ieee / 2;
601 /* print frame summary.
602 * MAC addresses show just the last byte (for brevity),
603 * but you can hack it to show more, if you'd like to. */
605 IWL_DEBUG_RX(priv, "%s: mhd=0x%04x, dst=0x%02x, "
606 "len=%u, rssi=%d, chnl=%d, rate=%u, \n",
607 title, le16_to_cpu(fc), header->addr1[5],
608 length, rssi, channel, bitrate);
610 /* src/dst addresses assume managed mode */
611 IWL_DEBUG_RX(priv, "%s: 0x%04x, dst=0x%02x, src=0x%02x, "
612 "len=%u, rssi=%d, tim=%lu usec, "
613 "phy=0x%02x, chnl=%d\n",
614 title, le16_to_cpu(fc), header->addr1[5],
615 header->addr3[5], length, rssi,
616 tsf_low - priv->scan_start_tsf,
621 iwl_print_hex_dump(priv, IWL_DL_RX, header, length);
626 * returns non-zero if packet should be dropped
628 int iwl_set_decrypted_flag(struct iwl_priv *priv,
629 struct ieee80211_hdr *hdr,
631 struct ieee80211_rx_status *stats)
633 u16 fc = le16_to_cpu(hdr->frame_control);
635 if (priv->active_rxon.filter_flags & RXON_FILTER_DIS_DECRYPT_MSK)
638 if (!(fc & IEEE80211_FCTL_PROTECTED))
641 IWL_DEBUG_RX(priv, "decrypt_res:0x%x\n", decrypt_res);
642 switch (decrypt_res & RX_RES_STATUS_SEC_TYPE_MSK) {
643 case RX_RES_STATUS_SEC_TYPE_TKIP:
644 /* The uCode has got a bad phase 1 Key, pushes the packet.
645 * Decryption will be done in SW. */
646 if ((decrypt_res & RX_RES_STATUS_DECRYPT_TYPE_MSK) ==
647 RX_RES_STATUS_BAD_KEY_TTAK)
650 case RX_RES_STATUS_SEC_TYPE_WEP:
651 if ((decrypt_res & RX_RES_STATUS_DECRYPT_TYPE_MSK) ==
652 RX_RES_STATUS_BAD_ICV_MIC) {
653 /* bad ICV, the packet is destroyed since the
654 * decryption is inplace, drop it */
655 IWL_DEBUG_RX(priv, "Packet destroyed\n");
658 case RX_RES_STATUS_SEC_TYPE_CCMP:
659 if ((decrypt_res & RX_RES_STATUS_DECRYPT_TYPE_MSK) ==
660 RX_RES_STATUS_DECRYPT_OK) {
661 IWL_DEBUG_RX(priv, "hw decrypt successfully!!!\n");
662 stats->flag |= RX_FLAG_DECRYPTED;
671 EXPORT_SYMBOL(iwl_set_decrypted_flag);
673 static u32 iwl_translate_rx_status(struct iwl_priv *priv, u32 decrypt_in)
677 if ((decrypt_in & RX_RES_STATUS_STATION_FOUND) ==
678 RX_RES_STATUS_STATION_FOUND)
679 decrypt_out |= (RX_RES_STATUS_STATION_FOUND |
680 RX_RES_STATUS_NO_STATION_INFO_MISMATCH);
682 decrypt_out |= (decrypt_in & RX_RES_STATUS_SEC_TYPE_MSK);
684 /* packet was not encrypted */
685 if ((decrypt_in & RX_RES_STATUS_SEC_TYPE_MSK) ==
686 RX_RES_STATUS_SEC_TYPE_NONE)
689 /* packet was encrypted with unknown alg */
690 if ((decrypt_in & RX_RES_STATUS_SEC_TYPE_MSK) ==
691 RX_RES_STATUS_SEC_TYPE_ERR)
694 /* decryption was not done in HW */
695 if ((decrypt_in & RX_MPDU_RES_STATUS_DEC_DONE_MSK) !=
696 RX_MPDU_RES_STATUS_DEC_DONE_MSK)
699 switch (decrypt_in & RX_RES_STATUS_SEC_TYPE_MSK) {
701 case RX_RES_STATUS_SEC_TYPE_CCMP:
702 /* alg is CCM: check MIC only */
703 if (!(decrypt_in & RX_MPDU_RES_STATUS_MIC_OK))
705 decrypt_out |= RX_RES_STATUS_BAD_ICV_MIC;
707 decrypt_out |= RX_RES_STATUS_DECRYPT_OK;
711 case RX_RES_STATUS_SEC_TYPE_TKIP:
712 if (!(decrypt_in & RX_MPDU_RES_STATUS_TTAK_OK)) {
714 decrypt_out |= RX_RES_STATUS_BAD_KEY_TTAK;
717 /* fall through if TTAK OK */
719 if (!(decrypt_in & RX_MPDU_RES_STATUS_ICV_OK))
720 decrypt_out |= RX_RES_STATUS_BAD_ICV_MIC;
722 decrypt_out |= RX_RES_STATUS_DECRYPT_OK;
726 IWL_DEBUG_RX(priv, "decrypt_in:0x%x decrypt_out = 0x%x\n",
727 decrypt_in, decrypt_out);
732 static void iwl_pass_packet_to_mac80211(struct iwl_priv *priv,
733 struct ieee80211_hdr *hdr,
736 struct iwl_rx_mem_buffer *rxb,
737 struct ieee80211_rx_status *stats)
741 __le16 fc = hdr->frame_control;
743 /* We only process data packets if the interface is open */
744 if (unlikely(!priv->is_open)) {
745 IWL_DEBUG_DROP_LIMIT(priv,
746 "Dropping packet while interface is not open.\n");
750 /* In case of HW accelerated crypto and bad decryption, drop */
751 if (!priv->cfg->mod_params->sw_crypto &&
752 iwl_set_decrypted_flag(priv, hdr, ampdu_status, stats))
755 skb = alloc_skb(IWL_LINK_HDR_MAX * 2, GFP_ATOMIC);
757 IWL_ERR(priv, "alloc_skb failed\n");
761 skb_reserve(skb, IWL_LINK_HDR_MAX);
762 skb_add_rx_frag(skb, 0, rxb->page, (void *)hdr - rxb_addr(rxb), len);
764 /* mac80211 currently doesn't support paged SKB. Convert it to
765 * linear SKB for management frame and data frame requires
766 * software decryption or software defragementation. */
767 if (ieee80211_is_mgmt(fc) ||
768 ieee80211_has_protected(fc) ||
769 ieee80211_has_morefrags(fc) ||
770 le16_to_cpu(hdr->seq_ctrl) & IEEE80211_SCTL_FRAG ||
771 (ieee80211_is_data_qos(fc) &&
772 *ieee80211_get_qos_ctl(hdr) &
773 IEEE80211_QOS_CONTROL_A_MSDU_PRESENT))
774 ret = skb_linearize(skb);
776 ret = __pskb_pull_tail(skb, min_t(u16, IWL_LINK_HDR_MAX, len)) ?
785 * XXX: We cannot touch the page and its virtual memory (hdr) after
786 * here. It might have already been freed by the above skb change.
789 iwl_update_stats(priv, false, fc, len);
790 memcpy(IEEE80211_SKB_RXCB(skb), stats, sizeof(*stats));
792 ieee80211_rx(priv->hw, skb);
794 priv->alloc_rxb_page--;
798 /* Called for REPLY_RX (legacy ABG frames), or
799 * REPLY_RX_MPDU_CMD (HT high-throughput N frames). */
800 void iwl_rx_reply_rx(struct iwl_priv *priv,
801 struct iwl_rx_mem_buffer *rxb)
803 struct ieee80211_hdr *header;
804 struct ieee80211_rx_status rx_status;
805 struct iwl_rx_packet *pkt = rxb_addr(rxb);
806 struct iwl_rx_phy_res *phy_res;
807 __le32 rx_pkt_status;
808 struct iwl4965_rx_mpdu_res_start *amsdu;
814 * REPLY_RX and REPLY_RX_MPDU_CMD are handled differently.
815 * REPLY_RX: physical layer info is in this buffer
816 * REPLY_RX_MPDU_CMD: physical layer info was sent in separate
817 * command and cached in priv->last_phy_res
819 * Here we set up local variables depending on which command is
822 if (pkt->hdr.cmd == REPLY_RX) {
823 phy_res = (struct iwl_rx_phy_res *)pkt->u.raw;
824 header = (struct ieee80211_hdr *)(pkt->u.raw + sizeof(*phy_res)
825 + phy_res->cfg_phy_cnt);
827 len = le16_to_cpu(phy_res->byte_count);
828 rx_pkt_status = *(__le32 *)(pkt->u.raw + sizeof(*phy_res) +
829 phy_res->cfg_phy_cnt + len);
830 ampdu_status = le32_to_cpu(rx_pkt_status);
832 if (!priv->last_phy_res[0]) {
833 IWL_ERR(priv, "MPDU frame without cached PHY data\n");
836 phy_res = (struct iwl_rx_phy_res *)&priv->last_phy_res[1];
837 amsdu = (struct iwl4965_rx_mpdu_res_start *)pkt->u.raw;
838 header = (struct ieee80211_hdr *)(pkt->u.raw + sizeof(*amsdu));
839 len = le16_to_cpu(amsdu->byte_count);
840 rx_pkt_status = *(__le32 *)(pkt->u.raw + sizeof(*amsdu) + len);
841 ampdu_status = iwl_translate_rx_status(priv,
842 le32_to_cpu(rx_pkt_status));
845 if ((unlikely(phy_res->cfg_phy_cnt > 20))) {
846 IWL_DEBUG_DROP(priv, "dsp size out of range [0,20]: %d/n",
847 phy_res->cfg_phy_cnt);
851 if (!(rx_pkt_status & RX_RES_STATUS_NO_CRC32_ERROR) ||
852 !(rx_pkt_status & RX_RES_STATUS_NO_RXE_OVERFLOW)) {
853 IWL_DEBUG_RX(priv, "Bad CRC or FIFO: 0x%08X.\n",
854 le32_to_cpu(rx_pkt_status));
858 /* This will be used in several places later */
859 rate_n_flags = le32_to_cpu(phy_res->rate_n_flags);
861 /* rx_status carries information about the packet to mac80211 */
862 rx_status.mactime = le64_to_cpu(phy_res->timestamp);
864 ieee80211_channel_to_frequency(le16_to_cpu(phy_res->channel));
865 rx_status.band = (phy_res->phy_flags & RX_RES_PHY_FLAGS_BAND_24_MSK) ?
866 IEEE80211_BAND_2GHZ : IEEE80211_BAND_5GHZ;
868 iwl_hwrate_to_mac80211_idx(rate_n_flags, rx_status.band);
871 /* TSF isn't reliable. In order to allow smooth user experience,
872 * this W/A doesn't propagate it to the mac80211 */
873 /*rx_status.flag |= RX_FLAG_TSFT;*/
875 priv->ucode_beacon_time = le32_to_cpu(phy_res->beacon_time_stamp);
877 /* Find max signal strength (dBm) among 3 antenna/receiver chains */
878 rx_status.signal = iwl_calc_rssi(priv, phy_res);
880 /* Meaningful noise values are available only from beacon statistics,
881 * which are gathered only when associated, and indicate noise
882 * only for the associated network channel ...
883 * Ignore these noise values while scanning (other channels) */
884 if (iwl_is_associated(priv) &&
885 !test_bit(STATUS_SCANNING, &priv->status)) {
886 rx_status.noise = priv->last_rx_noise;
888 rx_status.noise = IWL_NOISE_MEAS_NOT_AVAILABLE;
891 /* Reset beacon noise level if not associated. */
892 if (!iwl_is_associated(priv))
893 priv->last_rx_noise = IWL_NOISE_MEAS_NOT_AVAILABLE;
895 #ifdef CONFIG_IWLWIFI_DEBUG
896 /* Set "1" to report good data frames in groups of 100 */
897 if (unlikely(iwl_get_debug_level(priv) & IWL_DL_RX))
898 iwl_dbg_report_frame(priv, phy_res, len, header, 1);
900 iwl_dbg_log_rx_data_frame(priv, len, header);
901 IWL_DEBUG_STATS_LIMIT(priv, "Rssi %d, noise %d, TSF %llu\n",
902 rx_status.signal, rx_status.noise,
903 (unsigned long long)rx_status.mactime);
908 * It seems that the antenna field in the phy flags value
909 * is actually a bit field. This is undefined by radiotap,
910 * it wants an actual antenna number but I always get "7"
911 * for most legacy frames I receive indicating that the
912 * same frame was received on all three RX chains.
914 * I think this field should be removed in favor of a
915 * new 802.11n radiotap field "RX chains" that is defined
919 (le16_to_cpu(phy_res->phy_flags) & RX_RES_PHY_FLAGS_ANTENNA_MSK)
920 >> RX_RES_PHY_FLAGS_ANTENNA_POS;
922 /* set the preamble flag if appropriate */
923 if (phy_res->phy_flags & RX_RES_PHY_FLAGS_SHORT_PREAMBLE_MSK)
924 rx_status.flag |= RX_FLAG_SHORTPRE;
926 /* Set up the HT phy flags */
927 if (rate_n_flags & RATE_MCS_HT_MSK)
928 rx_status.flag |= RX_FLAG_HT;
929 if (rate_n_flags & RATE_MCS_HT40_MSK)
930 rx_status.flag |= RX_FLAG_40MHZ;
931 if (rate_n_flags & RATE_MCS_SGI_MSK)
932 rx_status.flag |= RX_FLAG_SHORT_GI;
934 iwl_pass_packet_to_mac80211(priv, header, len, ampdu_status,
937 EXPORT_SYMBOL(iwl_rx_reply_rx);
939 /* Cache phy data (Rx signal strength, etc) for HT frame (REPLY_RX_PHY_CMD).
940 * This will be used later in iwl_rx_reply_rx() for REPLY_RX_MPDU_CMD. */
941 void iwl_rx_reply_rx_phy(struct iwl_priv *priv,
942 struct iwl_rx_mem_buffer *rxb)
944 struct iwl_rx_packet *pkt = rxb_addr(rxb);
945 priv->last_phy_res[0] = 1;
946 memcpy(&priv->last_phy_res[1], &(pkt->u.raw[0]),
947 sizeof(struct iwl_rx_phy_res));
949 EXPORT_SYMBOL(iwl_rx_reply_rx_phy);
git://ftp.safe.ca / safe / jmp / linux-2.6 / blob