1 #include <linux/etherdevice.h>
2 #include <linux/slab.h>
3 #include <net/lib80211.h>
4 #include <linux/if_arp.h>
6 #include "hostap_80211.h"
10 /* See IEEE 802.1H for LLC/SNAP encapsulation/decapsulation */
11 /* Ethernet-II snap header (RFC1042 for most EtherTypes) */
12 static unsigned char rfc1042_header
[] =
13 { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 };
14 /* Bridge-Tunnel header (for EtherTypes ETH_P_AARP and ETH_P_IPX) */
15 static unsigned char bridge_tunnel_header
[] =
16 { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0xf8 };
17 /* No encapsulation header if EtherType < 0x600 (=length) */
19 void hostap_dump_rx_80211(const char *name
, struct sk_buff
*skb
,
20 struct hostap_80211_rx_status
*rx_stats
)
22 struct ieee80211_hdr
*hdr
;
25 hdr
= (struct ieee80211_hdr
*) skb
->data
;
27 printk(KERN_DEBUG
"%s: RX signal=%d noise=%d rate=%d len=%d "
29 name
, rx_stats
->signal
, rx_stats
->noise
, rx_stats
->rate
,
35 fc
= le16_to_cpu(hdr
->frame_control
);
36 printk(KERN_DEBUG
" FC=0x%04x (type=%d:%d)%s%s",
37 fc
, (fc
& IEEE80211_FCTL_FTYPE
) >> 2,
38 (fc
& IEEE80211_FCTL_STYPE
) >> 4,
39 fc
& IEEE80211_FCTL_TODS
? " [ToDS]" : "",
40 fc
& IEEE80211_FCTL_FROMDS
? " [FromDS]" : "");
42 if (skb
->len
< IEEE80211_DATA_HDR3_LEN
) {
47 printk(" dur=0x%04x seq=0x%04x\n", le16_to_cpu(hdr
->duration_id
),
48 le16_to_cpu(hdr
->seq_ctrl
));
50 printk(KERN_DEBUG
" A1=%pM", hdr
->addr1
);
51 printk(" A2=%pM", hdr
->addr2
);
52 printk(" A3=%pM", hdr
->addr3
);
54 printk(" A4=%pM", hdr
->addr4
);
59 /* Send RX frame to netif with 802.11 (and possible prism) header.
60 * Called from hardware or software IRQ context. */
61 int prism2_rx_80211(struct net_device
*dev
, struct sk_buff
*skb
,
62 struct hostap_80211_rx_status
*rx_stats
, int type
)
64 struct hostap_interface
*iface
;
66 int hdrlen
, phdrlen
, head_need
, tail_need
;
68 int prism_header
, ret
;
69 struct ieee80211_hdr
*fhdr
;
71 iface
= netdev_priv(dev
);
74 if (dev
->type
== ARPHRD_IEEE80211_PRISM
) {
75 if (local
->monitor_type
== PRISM2_MONITOR_PRISM
) {
77 phdrlen
= sizeof(struct linux_wlan_ng_prism_hdr
);
78 } else { /* local->monitor_type == PRISM2_MONITOR_CAPHDR */
80 phdrlen
= sizeof(struct linux_wlan_ng_cap_hdr
);
82 } else if (dev
->type
== ARPHRD_IEEE80211_RADIOTAP
) {
84 phdrlen
= sizeof(struct hostap_radiotap_rx
);
90 fhdr
= (struct ieee80211_hdr
*) skb
->data
;
91 fc
= le16_to_cpu(fhdr
->frame_control
);
93 if (type
== PRISM2_RX_MGMT
&& (fc
& IEEE80211_FCTL_VERS
)) {
94 printk(KERN_DEBUG
"%s: dropped management frame with header "
95 "version %d\n", dev
->name
, fc
& IEEE80211_FCTL_VERS
);
96 dev_kfree_skb_any(skb
);
100 hdrlen
= hostap_80211_get_hdrlen(fhdr
->frame_control
);
102 /* check if there is enough room for extra data; if not, expand skb
103 * buffer to be large enough for the changes */
106 #ifdef PRISM2_ADD_BOGUS_CRC
108 #endif /* PRISM2_ADD_BOGUS_CRC */
110 head_need
-= skb_headroom(skb
);
111 tail_need
-= skb_tailroom(skb
);
113 if (head_need
> 0 || tail_need
> 0) {
114 if (pskb_expand_head(skb
, head_need
> 0 ? head_need
: 0,
115 tail_need
> 0 ? tail_need
: 0,
117 printk(KERN_DEBUG
"%s: prism2_rx_80211 failed to "
118 "reallocate skb buffer\n", dev
->name
);
119 dev_kfree_skb_any(skb
);
124 /* We now have an skb with enough head and tail room, so just insert
127 #ifdef PRISM2_ADD_BOGUS_CRC
128 memset(skb_put(skb
, 4), 0xff, 4); /* Prism2 strips CRC */
129 #endif /* PRISM2_ADD_BOGUS_CRC */
131 if (prism_header
== 1) {
132 struct linux_wlan_ng_prism_hdr
*hdr
;
133 hdr
= (struct linux_wlan_ng_prism_hdr
*)
134 skb_push(skb
, phdrlen
);
135 memset(hdr
, 0, phdrlen
);
136 hdr
->msgcode
= LWNG_CAP_DID_BASE
;
137 hdr
->msglen
= sizeof(*hdr
);
138 memcpy(hdr
->devname
, dev
->name
, sizeof(hdr
->devname
));
139 #define LWNG_SETVAL(f,i,s,l,d) \
140 hdr->f.did = LWNG_CAP_DID_BASE | (i << 12); \
141 hdr->f.status = s; hdr->f.len = l; hdr->f.data = d
142 LWNG_SETVAL(hosttime
, 1, 0, 4, jiffies
);
143 LWNG_SETVAL(mactime
, 2, 0, 4, rx_stats
->mac_time
);
144 LWNG_SETVAL(channel
, 3, 1 /* no value */, 4, 0);
145 LWNG_SETVAL(rssi
, 4, 1 /* no value */, 4, 0);
146 LWNG_SETVAL(sq
, 5, 1 /* no value */, 4, 0);
147 LWNG_SETVAL(signal
, 6, 0, 4, rx_stats
->signal
);
148 LWNG_SETVAL(noise
, 7, 0, 4, rx_stats
->noise
);
149 LWNG_SETVAL(rate
, 8, 0, 4, rx_stats
->rate
/ 5);
150 LWNG_SETVAL(istx
, 9, 0, 4, 0);
151 LWNG_SETVAL(frmlen
, 10, 0, 4, skb
->len
- phdrlen
);
153 } else if (prism_header
== 2) {
154 struct linux_wlan_ng_cap_hdr
*hdr
;
155 hdr
= (struct linux_wlan_ng_cap_hdr
*)
156 skb_push(skb
, phdrlen
);
157 memset(hdr
, 0, phdrlen
);
158 hdr
->version
= htonl(LWNG_CAPHDR_VERSION
);
159 hdr
->length
= htonl(phdrlen
);
160 hdr
->mactime
= __cpu_to_be64(rx_stats
->mac_time
);
161 hdr
->hosttime
= __cpu_to_be64(jiffies
);
162 hdr
->phytype
= htonl(4); /* dss_dot11_b */
163 hdr
->channel
= htonl(local
->channel
);
164 hdr
->datarate
= htonl(rx_stats
->rate
);
165 hdr
->antenna
= htonl(0); /* unknown */
166 hdr
->priority
= htonl(0); /* unknown */
167 hdr
->ssi_type
= htonl(3); /* raw */
168 hdr
->ssi_signal
= htonl(rx_stats
->signal
);
169 hdr
->ssi_noise
= htonl(rx_stats
->noise
);
170 hdr
->preamble
= htonl(0); /* unknown */
171 hdr
->encoding
= htonl(1); /* cck */
172 } else if (prism_header
== 3) {
173 struct hostap_radiotap_rx
*hdr
;
174 hdr
= (struct hostap_radiotap_rx
*)skb_push(skb
, phdrlen
);
175 memset(hdr
, 0, phdrlen
);
176 hdr
->hdr
.it_len
= cpu_to_le16(phdrlen
);
177 hdr
->hdr
.it_present
=
178 cpu_to_le32((1 << IEEE80211_RADIOTAP_TSFT
) |
179 (1 << IEEE80211_RADIOTAP_CHANNEL
) |
180 (1 << IEEE80211_RADIOTAP_RATE
) |
181 (1 << IEEE80211_RADIOTAP_DBM_ANTSIGNAL
) |
182 (1 << IEEE80211_RADIOTAP_DBM_ANTNOISE
));
183 hdr
->tsft
= cpu_to_le64(rx_stats
->mac_time
);
184 hdr
->chan_freq
= cpu_to_le16(freq_list
[local
->channel
- 1]);
185 hdr
->chan_flags
= cpu_to_le16(IEEE80211_CHAN_CCK
|
186 IEEE80211_CHAN_2GHZ
);
187 hdr
->rate
= rx_stats
->rate
/ 5;
188 hdr
->dbm_antsignal
= rx_stats
->signal
;
189 hdr
->dbm_antnoise
= rx_stats
->noise
;
192 ret
= skb
->len
- phdrlen
;
194 skb_reset_mac_header(skb
);
195 skb_pull(skb
, hdrlen
);
197 skb_pull(skb
, phdrlen
);
198 skb
->pkt_type
= PACKET_OTHERHOST
;
199 skb
->protocol
= cpu_to_be16(ETH_P_802_2
);
200 memset(skb
->cb
, 0, sizeof(skb
->cb
));
207 /* Called only as a tasklet (software IRQ) */
208 static void monitor_rx(struct net_device
*dev
, struct sk_buff
*skb
,
209 struct hostap_80211_rx_status
*rx_stats
)
213 len
= prism2_rx_80211(dev
, skb
, rx_stats
, PRISM2_RX_MONITOR
);
214 dev
->stats
.rx_packets
++;
215 dev
->stats
.rx_bytes
+= len
;
219 /* Called only as a tasklet (software IRQ) */
220 static struct prism2_frag_entry
*
221 prism2_frag_cache_find(local_info_t
*local
, unsigned int seq
,
222 unsigned int frag
, u8
*src
, u8
*dst
)
224 struct prism2_frag_entry
*entry
;
227 for (i
= 0; i
< PRISM2_FRAG_CACHE_LEN
; i
++) {
228 entry
= &local
->frag_cache
[i
];
229 if (entry
->skb
!= NULL
&&
230 time_after(jiffies
, entry
->first_frag_time
+ 2 * HZ
)) {
231 printk(KERN_DEBUG
"%s: expiring fragment cache entry "
232 "seq=%u last_frag=%u\n",
233 local
->dev
->name
, entry
->seq
, entry
->last_frag
);
234 dev_kfree_skb(entry
->skb
);
238 if (entry
->skb
!= NULL
&& entry
->seq
== seq
&&
239 (entry
->last_frag
+ 1 == frag
|| frag
== -1) &&
240 memcmp(entry
->src_addr
, src
, ETH_ALEN
) == 0 &&
241 memcmp(entry
->dst_addr
, dst
, ETH_ALEN
) == 0)
249 /* Called only as a tasklet (software IRQ) */
250 static struct sk_buff
*
251 prism2_frag_cache_get(local_info_t
*local
, struct ieee80211_hdr
*hdr
)
253 struct sk_buff
*skb
= NULL
;
255 unsigned int frag
, seq
;
256 struct prism2_frag_entry
*entry
;
258 sc
= le16_to_cpu(hdr
->seq_ctrl
);
259 frag
= sc
& IEEE80211_SCTL_FRAG
;
260 seq
= (sc
& IEEE80211_SCTL_SEQ
) >> 4;
263 /* Reserve enough space to fit maximum frame length */
264 skb
= dev_alloc_skb(local
->dev
->mtu
+
265 sizeof(struct ieee80211_hdr
) +
268 8 /* WEP */ + ETH_ALEN
/* WDS */);
272 entry
= &local
->frag_cache
[local
->frag_next_idx
];
273 local
->frag_next_idx
++;
274 if (local
->frag_next_idx
>= PRISM2_FRAG_CACHE_LEN
)
275 local
->frag_next_idx
= 0;
277 if (entry
->skb
!= NULL
)
278 dev_kfree_skb(entry
->skb
);
280 entry
->first_frag_time
= jiffies
;
282 entry
->last_frag
= frag
;
284 memcpy(entry
->src_addr
, hdr
->addr2
, ETH_ALEN
);
285 memcpy(entry
->dst_addr
, hdr
->addr1
, ETH_ALEN
);
287 /* received a fragment of a frame for which the head fragment
288 * should have already been received */
289 entry
= prism2_frag_cache_find(local
, seq
, frag
, hdr
->addr2
,
292 entry
->last_frag
= frag
;
301 /* Called only as a tasklet (software IRQ) */
302 static int prism2_frag_cache_invalidate(local_info_t
*local
,
303 struct ieee80211_hdr
*hdr
)
307 struct prism2_frag_entry
*entry
;
309 sc
= le16_to_cpu(hdr
->seq_ctrl
);
310 seq
= (sc
& IEEE80211_SCTL_SEQ
) >> 4;
312 entry
= prism2_frag_cache_find(local
, seq
, -1, hdr
->addr2
, hdr
->addr1
);
315 printk(KERN_DEBUG
"%s: could not invalidate fragment cache "
317 local
->dev
->name
, seq
);
326 static struct hostap_bss_info
*__hostap_get_bss(local_info_t
*local
, u8
*bssid
,
327 u8
*ssid
, size_t ssid_len
)
329 struct list_head
*ptr
;
330 struct hostap_bss_info
*bss
;
332 list_for_each(ptr
, &local
->bss_list
) {
333 bss
= list_entry(ptr
, struct hostap_bss_info
, list
);
334 if (memcmp(bss
->bssid
, bssid
, ETH_ALEN
) == 0 &&
336 (ssid_len
== bss
->ssid_len
&&
337 memcmp(ssid
, bss
->ssid
, ssid_len
) == 0))) {
338 list_move(&bss
->list
, &local
->bss_list
);
347 static struct hostap_bss_info
*__hostap_add_bss(local_info_t
*local
, u8
*bssid
,
348 u8
*ssid
, size_t ssid_len
)
350 struct hostap_bss_info
*bss
;
352 if (local
->num_bss_info
>= HOSTAP_MAX_BSS_COUNT
) {
353 bss
= list_entry(local
->bss_list
.prev
,
354 struct hostap_bss_info
, list
);
355 list_del(&bss
->list
);
356 local
->num_bss_info
--;
358 bss
= (struct hostap_bss_info
*)
359 kmalloc(sizeof(*bss
), GFP_ATOMIC
);
364 memset(bss
, 0, sizeof(*bss
));
365 memcpy(bss
->bssid
, bssid
, ETH_ALEN
);
366 memcpy(bss
->ssid
, ssid
, ssid_len
);
367 bss
->ssid_len
= ssid_len
;
368 local
->num_bss_info
++;
369 list_add(&bss
->list
, &local
->bss_list
);
374 static void __hostap_expire_bss(local_info_t
*local
)
376 struct hostap_bss_info
*bss
;
378 while (local
->num_bss_info
> 0) {
379 bss
= list_entry(local
->bss_list
.prev
,
380 struct hostap_bss_info
, list
);
381 if (!time_after(jiffies
, bss
->last_update
+ 60 * HZ
))
384 list_del(&bss
->list
);
385 local
->num_bss_info
--;
391 /* Both IEEE 802.11 Beacon and Probe Response frames have similar structure, so
392 * the same routine can be used to parse both of them. */
393 static void hostap_rx_sta_beacon(local_info_t
*local
, struct sk_buff
*skb
,
396 struct hostap_ieee80211_mgmt
*mgmt
;
399 u8
*ssid
= NULL
, *wpa
= NULL
, *rsn
= NULL
;
400 size_t ssid_len
= 0, wpa_len
= 0, rsn_len
= 0;
401 struct hostap_bss_info
*bss
;
403 if (skb
->len
< IEEE80211_MGMT_HDR_LEN
+ sizeof(mgmt
->u
.beacon
))
406 mgmt
= (struct hostap_ieee80211_mgmt
*) skb
->data
;
407 pos
= mgmt
->u
.beacon
.variable
;
408 left
= skb
->len
- (pos
- skb
->data
);
411 if (2 + pos
[1] > left
)
412 return; /* parse failed */
418 case WLAN_EID_GENERIC
:
420 pos
[2] == 0x00 && pos
[3] == 0x50 &&
421 pos
[4] == 0xf2 && pos
[5] == 1) {
423 wpa_len
= pos
[1] + 2;
428 rsn_len
= pos
[1] + 2;
430 case WLAN_EID_DS_PARAMS
:
439 if (wpa_len
> MAX_WPA_IE_LEN
)
440 wpa_len
= MAX_WPA_IE_LEN
;
441 if (rsn_len
> MAX_WPA_IE_LEN
)
442 rsn_len
= MAX_WPA_IE_LEN
;
443 if (ssid_len
> sizeof(bss
->ssid
))
444 ssid_len
= sizeof(bss
->ssid
);
446 spin_lock(&local
->lock
);
447 bss
= __hostap_get_bss(local
, mgmt
->bssid
, ssid
, ssid_len
);
449 bss
= __hostap_add_bss(local
, mgmt
->bssid
, ssid
, ssid_len
);
451 bss
->last_update
= jiffies
;
453 bss
->capab_info
= le16_to_cpu(mgmt
->u
.beacon
.capab_info
);
455 memcpy(bss
->wpa_ie
, wpa
, wpa_len
);
456 bss
->wpa_ie_len
= wpa_len
;
460 memcpy(bss
->rsn_ie
, rsn
, rsn_len
);
461 bss
->rsn_ie_len
= rsn_len
;
466 __hostap_expire_bss(local
);
467 spin_unlock(&local
->lock
);
472 hostap_rx_frame_mgmt(local_info_t
*local
, struct sk_buff
*skb
,
473 struct hostap_80211_rx_status
*rx_stats
, u16 type
,
476 if (local
->iw_mode
== IW_MODE_MASTER
)
477 hostap_update_sta_ps(local
, (struct ieee80211_hdr
*) skb
->data
);
479 if (local
->hostapd
&& type
== IEEE80211_FTYPE_MGMT
) {
480 if (stype
== IEEE80211_STYPE_BEACON
&&
481 local
->iw_mode
== IW_MODE_MASTER
) {
482 struct sk_buff
*skb2
;
483 /* Process beacon frames also in kernel driver to
484 * update STA(AP) table statistics */
485 skb2
= skb_clone(skb
, GFP_ATOMIC
);
487 hostap_rx(skb2
->dev
, skb2
, rx_stats
);
490 /* send management frames to the user space daemon for
492 local
->apdevstats
.rx_packets
++;
493 local
->apdevstats
.rx_bytes
+= skb
->len
;
494 if (local
->apdev
== NULL
)
496 prism2_rx_80211(local
->apdev
, skb
, rx_stats
, PRISM2_RX_MGMT
);
500 if (local
->iw_mode
== IW_MODE_MASTER
) {
501 if (type
!= IEEE80211_FTYPE_MGMT
&&
502 type
!= IEEE80211_FTYPE_CTL
) {
503 printk(KERN_DEBUG
"%s: unknown management frame "
504 "(type=0x%02x, stype=0x%02x) dropped\n",
505 skb
->dev
->name
, type
>> 2, stype
>> 4);
509 hostap_rx(skb
->dev
, skb
, rx_stats
);
511 } else if (type
== IEEE80211_FTYPE_MGMT
&&
512 (stype
== IEEE80211_STYPE_BEACON
||
513 stype
== IEEE80211_STYPE_PROBE_RESP
)) {
514 hostap_rx_sta_beacon(local
, skb
, stype
);
516 } else if (type
== IEEE80211_FTYPE_MGMT
&&
517 (stype
== IEEE80211_STYPE_ASSOC_RESP
||
518 stype
== IEEE80211_STYPE_REASSOC_RESP
)) {
519 /* Ignore (Re)AssocResp silently since these are not currently
520 * needed but are still received when WPA/RSN mode is enabled.
524 printk(KERN_DEBUG
"%s: hostap_rx_frame_mgmt: dropped unhandled"
525 " management frame in non-Host AP mode (type=%d:%d)\n",
526 skb
->dev
->name
, type
>> 2, stype
>> 4);
532 /* Called only as a tasklet (software IRQ) */
533 static struct net_device
*prism2_rx_get_wds(local_info_t
*local
,
536 struct hostap_interface
*iface
= NULL
;
537 struct list_head
*ptr
;
539 read_lock_bh(&local
->iface_lock
);
540 list_for_each(ptr
, &local
->hostap_interfaces
) {
541 iface
= list_entry(ptr
, struct hostap_interface
, list
);
542 if (iface
->type
== HOSTAP_INTERFACE_WDS
&&
543 memcmp(iface
->u
.wds
.remote_addr
, addr
, ETH_ALEN
) == 0)
547 read_unlock_bh(&local
->iface_lock
);
549 return iface
? iface
->dev
: NULL
;
554 hostap_rx_frame_wds(local_info_t
*local
, struct ieee80211_hdr
*hdr
, u16 fc
,
555 struct net_device
**wds
)
557 /* FIX: is this really supposed to accept WDS frames only in Master
558 * mode? What about Repeater or Managed with WDS frames? */
559 if ((fc
& (IEEE80211_FCTL_TODS
| IEEE80211_FCTL_FROMDS
)) !=
560 (IEEE80211_FCTL_TODS
| IEEE80211_FCTL_FROMDS
) &&
561 (local
->iw_mode
!= IW_MODE_MASTER
|| !(fc
& IEEE80211_FCTL_TODS
)))
562 return 0; /* not a WDS frame */
564 /* Possible WDS frame: either IEEE 802.11 compliant (if FromDS)
565 * or own non-standard frame with 4th address after payload */
566 if (memcmp(hdr
->addr1
, local
->dev
->dev_addr
, ETH_ALEN
) != 0 &&
567 (hdr
->addr1
[0] != 0xff || hdr
->addr1
[1] != 0xff ||
568 hdr
->addr1
[2] != 0xff || hdr
->addr1
[3] != 0xff ||
569 hdr
->addr1
[4] != 0xff || hdr
->addr1
[5] != 0xff)) {
570 /* RA (or BSSID) is not ours - drop */
571 PDEBUG(DEBUG_EXTRA2
, "%s: received WDS frame with "
572 "not own or broadcast %s=%pM\n",
574 fc
& IEEE80211_FCTL_FROMDS
? "RA" : "BSSID",
579 /* check if the frame came from a registered WDS connection */
580 *wds
= prism2_rx_get_wds(local
, hdr
->addr2
);
581 if (*wds
== NULL
&& fc
& IEEE80211_FCTL_FROMDS
&&
582 (local
->iw_mode
!= IW_MODE_INFRA
||
583 !(local
->wds_type
& HOSTAP_WDS_AP_CLIENT
) ||
584 memcmp(hdr
->addr2
, local
->bssid
, ETH_ALEN
) != 0)) {
585 /* require that WDS link has been registered with TA or the
586 * frame is from current AP when using 'AP client mode' */
587 PDEBUG(DEBUG_EXTRA
, "%s: received WDS[4 addr] frame "
588 "from unknown TA=%pM\n",
589 local
->dev
->name
, hdr
->addr2
);
590 if (local
->ap
&& local
->ap
->autom_ap_wds
)
591 hostap_wds_link_oper(local
, hdr
->addr2
, WDS_ADD
);
595 if (*wds
&& !(fc
& IEEE80211_FCTL_FROMDS
) && local
->ap
&&
596 hostap_is_sta_assoc(local
->ap
, hdr
->addr2
)) {
597 /* STA is actually associated with us even though it has a
598 * registered WDS link. Assume it is in 'AP client' mode.
599 * Since this is a 3-addr frame, assume it is not (bogus) WDS
600 * frame and process it like any normal ToDS frame from
609 static int hostap_is_eapol_frame(local_info_t
*local
, struct sk_buff
*skb
)
611 struct net_device
*dev
= local
->dev
;
613 struct ieee80211_hdr
*hdr
;
619 hdr
= (struct ieee80211_hdr
*) skb
->data
;
620 fc
= le16_to_cpu(hdr
->frame_control
);
622 /* check that the frame is unicast frame to us */
623 if ((fc
& (IEEE80211_FCTL_TODS
| IEEE80211_FCTL_FROMDS
)) ==
624 IEEE80211_FCTL_TODS
&&
625 memcmp(hdr
->addr1
, dev
->dev_addr
, ETH_ALEN
) == 0 &&
626 memcmp(hdr
->addr3
, dev
->dev_addr
, ETH_ALEN
) == 0) {
627 /* ToDS frame with own addr BSSID and DA */
628 } else if ((fc
& (IEEE80211_FCTL_TODS
| IEEE80211_FCTL_FROMDS
)) ==
629 IEEE80211_FCTL_FROMDS
&&
630 memcmp(hdr
->addr1
, dev
->dev_addr
, ETH_ALEN
) == 0) {
631 /* FromDS frame with own addr as DA */
635 if (skb
->len
< 24 + 8)
638 /* check for port access entity Ethernet type */
639 pos
= skb
->data
+ 24;
640 ethertype
= (pos
[6] << 8) | pos
[7];
641 if (ethertype
== ETH_P_PAE
)
648 /* Called only as a tasklet (software IRQ) */
650 hostap_rx_frame_decrypt(local_info_t
*local
, struct sk_buff
*skb
,
651 struct lib80211_crypt_data
*crypt
)
653 struct ieee80211_hdr
*hdr
;
656 if (crypt
== NULL
|| crypt
->ops
->decrypt_mpdu
== NULL
)
659 hdr
= (struct ieee80211_hdr
*) skb
->data
;
660 hdrlen
= hostap_80211_get_hdrlen(hdr
->frame_control
);
662 if (local
->tkip_countermeasures
&&
663 strcmp(crypt
->ops
->name
, "TKIP") == 0) {
664 if (net_ratelimit()) {
665 printk(KERN_DEBUG
"%s: TKIP countermeasures: dropped "
666 "received packet from %pM\n",
667 local
->dev
->name
, hdr
->addr2
);
672 atomic_inc(&crypt
->refcnt
);
673 res
= crypt
->ops
->decrypt_mpdu(skb
, hdrlen
, crypt
->priv
);
674 atomic_dec(&crypt
->refcnt
);
676 printk(KERN_DEBUG
"%s: decryption failed (SA=%pM) res=%d\n",
677 local
->dev
->name
, hdr
->addr2
, res
);
678 local
->comm_tallies
.rx_discards_wep_undecryptable
++;
686 /* Called only as a tasklet (software IRQ) */
688 hostap_rx_frame_decrypt_msdu(local_info_t
*local
, struct sk_buff
*skb
,
689 int keyidx
, struct lib80211_crypt_data
*crypt
)
691 struct ieee80211_hdr
*hdr
;
694 if (crypt
== NULL
|| crypt
->ops
->decrypt_msdu
== NULL
)
697 hdr
= (struct ieee80211_hdr
*) skb
->data
;
698 hdrlen
= hostap_80211_get_hdrlen(hdr
->frame_control
);
700 atomic_inc(&crypt
->refcnt
);
701 res
= crypt
->ops
->decrypt_msdu(skb
, keyidx
, hdrlen
, crypt
->priv
);
702 atomic_dec(&crypt
->refcnt
);
704 printk(KERN_DEBUG
"%s: MSDU decryption/MIC verification failed"
705 " (SA=%pM keyidx=%d)\n",
706 local
->dev
->name
, hdr
->addr2
, keyidx
);
714 /* All received frames are sent to this function. @skb contains the frame in
715 * IEEE 802.11 format, i.e., in the format it was sent over air.
716 * This function is called only as a tasklet (software IRQ). */
717 void hostap_80211_rx(struct net_device
*dev
, struct sk_buff
*skb
,
718 struct hostap_80211_rx_status
*rx_stats
)
720 struct hostap_interface
*iface
;
722 struct ieee80211_hdr
*hdr
;
724 u16 fc
, type
, stype
, sc
;
725 struct net_device
*wds
= NULL
;
728 struct sk_buff
*skb2
= NULL
;
730 int frame_authorized
= 0;
731 int from_assoc_ap
= 0;
734 struct lib80211_crypt_data
*crypt
= NULL
;
738 iface
= netdev_priv(dev
);
739 local
= iface
->local
;
740 iface
->stats
.rx_packets
++;
741 iface
->stats
.rx_bytes
+= skb
->len
;
743 /* dev is the master radio device; change this to be the default
744 * virtual interface (this may be changed to WDS device below) */
746 iface
= netdev_priv(dev
);
748 hdr
= (struct ieee80211_hdr
*) skb
->data
;
753 fc
= le16_to_cpu(hdr
->frame_control
);
754 type
= fc
& IEEE80211_FCTL_FTYPE
;
755 stype
= fc
& IEEE80211_FCTL_STYPE
;
756 sc
= le16_to_cpu(hdr
->seq_ctrl
);
757 frag
= sc
& IEEE80211_SCTL_FRAG
;
758 hdrlen
= hostap_80211_get_hdrlen(hdr
->frame_control
);
760 /* Put this code here so that we avoid duplicating it in all
761 * Rx paths. - Jean II */
762 #ifdef IW_WIRELESS_SPY /* defined in iw_handler.h */
763 /* If spy monitoring on */
764 if (iface
->spy_data
.spy_number
> 0) {
765 struct iw_quality wstats
;
766 wstats
.level
= rx_stats
->signal
;
767 wstats
.noise
= rx_stats
->noise
;
768 wstats
.updated
= IW_QUAL_LEVEL_UPDATED
| IW_QUAL_NOISE_UPDATED
769 | IW_QUAL_QUAL_INVALID
| IW_QUAL_DBM
;
770 /* Update spy records */
771 wireless_spy_update(dev
, hdr
->addr2
, &wstats
);
773 #endif /* IW_WIRELESS_SPY */
774 hostap_update_rx_stats(local
->ap
, hdr
, rx_stats
);
776 if (local
->iw_mode
== IW_MODE_MONITOR
) {
777 monitor_rx(dev
, skb
, rx_stats
);
781 if (local
->host_decrypt
) {
783 if (skb
->len
>= hdrlen
+ 3)
784 idx
= skb
->data
[hdrlen
+ 3] >> 6;
785 crypt
= local
->crypt_info
.crypt
[idx
];
788 /* Use station specific key to override default keys if the
789 * receiver address is a unicast address ("individual RA"). If
790 * bcrx_sta_key parameter is set, station specific key is used
791 * even with broad/multicast targets (this is against IEEE
792 * 802.11, but makes it easier to use different keys with
793 * stations that do not support WEP key mapping). */
795 if (!(hdr
->addr1
[0] & 0x01) || local
->bcrx_sta_key
)
796 (void) hostap_handle_sta_crypto(local
, hdr
, &crypt
,
799 /* allow NULL decrypt to indicate an station specific override
800 * for default encryption */
801 if (crypt
&& (crypt
->ops
== NULL
||
802 crypt
->ops
->decrypt_mpdu
== NULL
))
805 if (!crypt
&& (fc
& IEEE80211_FCTL_PROTECTED
)) {
807 /* This seems to be triggered by some (multicast?)
808 * frames from other than current BSS, so just drop the
809 * frames silently instead of filling system log with
811 printk(KERN_DEBUG
"%s: WEP decryption failed (not set)"
813 local
->dev
->name
, hdr
->addr2
);
815 local
->comm_tallies
.rx_discards_wep_undecryptable
++;
820 if (type
!= IEEE80211_FTYPE_DATA
) {
821 if (type
== IEEE80211_FTYPE_MGMT
&&
822 stype
== IEEE80211_STYPE_AUTH
&&
823 fc
& IEEE80211_FCTL_PROTECTED
&& local
->host_decrypt
&&
824 (keyidx
= hostap_rx_frame_decrypt(local
, skb
, crypt
)) < 0)
826 printk(KERN_DEBUG
"%s: failed to decrypt mgmt::auth "
827 "from %pM\n", dev
->name
, hdr
->addr2
);
828 /* TODO: could inform hostapd about this so that it
829 * could send auth failure report */
833 if (hostap_rx_frame_mgmt(local
, skb
, rx_stats
, type
, stype
))
839 /* Data frame - extract src/dst addresses */
840 if (skb
->len
< IEEE80211_DATA_HDR3_LEN
)
843 switch (fc
& (IEEE80211_FCTL_FROMDS
| IEEE80211_FCTL_TODS
)) {
844 case IEEE80211_FCTL_FROMDS
:
845 memcpy(dst
, hdr
->addr1
, ETH_ALEN
);
846 memcpy(src
, hdr
->addr3
, ETH_ALEN
);
848 case IEEE80211_FCTL_TODS
:
849 memcpy(dst
, hdr
->addr3
, ETH_ALEN
);
850 memcpy(src
, hdr
->addr2
, ETH_ALEN
);
852 case IEEE80211_FCTL_FROMDS
| IEEE80211_FCTL_TODS
:
853 if (skb
->len
< IEEE80211_DATA_HDR4_LEN
)
855 memcpy(dst
, hdr
->addr3
, ETH_ALEN
);
856 memcpy(src
, hdr
->addr4
, ETH_ALEN
);
859 memcpy(dst
, hdr
->addr1
, ETH_ALEN
);
860 memcpy(src
, hdr
->addr2
, ETH_ALEN
);
864 if (hostap_rx_frame_wds(local
, hdr
, fc
, &wds
))
867 skb
->dev
= dev
= wds
;
869 if (local
->iw_mode
== IW_MODE_MASTER
&& !wds
&&
870 (fc
& (IEEE80211_FCTL_TODS
| IEEE80211_FCTL_FROMDS
)) ==
871 IEEE80211_FCTL_FROMDS
&&
873 memcmp(hdr
->addr2
, local
->assoc_ap_addr
, ETH_ALEN
) == 0) {
874 /* Frame from BSSID of the AP for which we are a client */
875 skb
->dev
= dev
= local
->stadev
;
879 if ((local
->iw_mode
== IW_MODE_MASTER
||
880 local
->iw_mode
== IW_MODE_REPEAT
) &&
882 switch (hostap_handle_sta_rx(local
, dev
, skb
, rx_stats
,
884 case AP_RX_CONTINUE_NOT_AUTHORIZED
:
885 frame_authorized
= 0;
888 frame_authorized
= 1;
897 /* Nullfunc frames may have PS-bit set, so they must be passed to
898 * hostap_handle_sta_rx() before being dropped here. */
899 if (stype
!= IEEE80211_STYPE_DATA
&&
900 stype
!= IEEE80211_STYPE_DATA_CFACK
&&
901 stype
!= IEEE80211_STYPE_DATA_CFPOLL
&&
902 stype
!= IEEE80211_STYPE_DATA_CFACKPOLL
) {
903 if (stype
!= IEEE80211_STYPE_NULLFUNC
)
904 printk(KERN_DEBUG
"%s: RX: dropped data frame "
905 "with no data (type=0x%02x, subtype=0x%02x)\n",
906 dev
->name
, type
>> 2, stype
>> 4);
910 /* skb: hdr + (possibly fragmented, possibly encrypted) payload */
912 if (local
->host_decrypt
&& (fc
& IEEE80211_FCTL_PROTECTED
) &&
913 (keyidx
= hostap_rx_frame_decrypt(local
, skb
, crypt
)) < 0)
915 hdr
= (struct ieee80211_hdr
*) skb
->data
;
917 /* skb: hdr + (possibly fragmented) plaintext payload */
919 if (local
->host_decrypt
&& (fc
& IEEE80211_FCTL_PROTECTED
) &&
920 (frag
!= 0 || (fc
& IEEE80211_FCTL_MOREFRAGS
))) {
922 struct sk_buff
*frag_skb
=
923 prism2_frag_cache_get(local
, hdr
);
925 printk(KERN_DEBUG
"%s: Rx cannot get skb from "
926 "fragment cache (morefrag=%d seq=%u frag=%u)\n",
927 dev
->name
, (fc
& IEEE80211_FCTL_MOREFRAGS
) != 0,
928 (sc
& IEEE80211_SCTL_SEQ
) >> 4, frag
);
936 if (frag_skb
->tail
+ flen
> frag_skb
->end
) {
937 printk(KERN_WARNING
"%s: host decrypted and "
938 "reassembled frame did not fit skb\n",
940 prism2_frag_cache_invalidate(local
, hdr
);
945 /* copy first fragment (including full headers) into
946 * beginning of the fragment cache skb */
947 skb_copy_from_linear_data(skb
, skb_put(frag_skb
, flen
),
950 /* append frame payload to the end of the fragment
952 skb_copy_from_linear_data_offset(skb
, hdrlen
,
959 if (fc
& IEEE80211_FCTL_MOREFRAGS
) {
960 /* more fragments expected - leave the skb in fragment
961 * cache for now; it will be delivered to upper layers
962 * after all fragments have been received */
966 /* this was the last fragment and the frame will be
967 * delivered, so remove skb from fragment cache */
969 hdr
= (struct ieee80211_hdr
*) skb
->data
;
970 prism2_frag_cache_invalidate(local
, hdr
);
973 /* skb: hdr + (possible reassembled) full MSDU payload; possibly still
974 * encrypted/authenticated */
976 if (local
->host_decrypt
&& (fc
& IEEE80211_FCTL_PROTECTED
) &&
977 hostap_rx_frame_decrypt_msdu(local
, skb
, keyidx
, crypt
))
980 hdr
= (struct ieee80211_hdr
*) skb
->data
;
981 if (crypt
&& !(fc
& IEEE80211_FCTL_PROTECTED
) && !local
->open_wep
) {
982 if (local
->ieee_802_1x
&&
983 hostap_is_eapol_frame(local
, skb
)) {
984 /* pass unencrypted EAPOL frames even if encryption is
986 PDEBUG(DEBUG_EXTRA2
, "%s: RX: IEEE 802.1X - passing "
987 "unencrypted EAPOL frame\n", local
->dev
->name
);
989 printk(KERN_DEBUG
"%s: encryption configured, but RX "
990 "frame not encrypted (SA=%pM)\n",
991 local
->dev
->name
, hdr
->addr2
);
996 if (local
->drop_unencrypted
&& !(fc
& IEEE80211_FCTL_PROTECTED
) &&
997 !hostap_is_eapol_frame(local
, skb
)) {
998 if (net_ratelimit()) {
999 printk(KERN_DEBUG
"%s: dropped unencrypted RX data "
1000 "frame from %pM (drop_unencrypted=1)\n",
1001 dev
->name
, hdr
->addr2
);
1006 /* skb: hdr + (possible reassembled) full plaintext payload */
1008 payload
= skb
->data
+ hdrlen
;
1009 ethertype
= (payload
[6] << 8) | payload
[7];
1011 /* If IEEE 802.1X is used, check whether the port is authorized to send
1012 * the received frame. */
1013 if (local
->ieee_802_1x
&& local
->iw_mode
== IW_MODE_MASTER
) {
1014 if (ethertype
== ETH_P_PAE
) {
1015 PDEBUG(DEBUG_EXTRA2
, "%s: RX: IEEE 802.1X frame\n",
1017 if (local
->hostapd
&& local
->apdev
) {
1018 /* Send IEEE 802.1X frames to the user
1019 * space daemon for processing */
1020 prism2_rx_80211(local
->apdev
, skb
, rx_stats
,
1022 local
->apdevstats
.rx_packets
++;
1023 local
->apdevstats
.rx_bytes
+= skb
->len
;
1026 } else if (!frame_authorized
) {
1027 printk(KERN_DEBUG
"%s: dropped frame from "
1028 "unauthorized port (IEEE 802.1X): "
1029 "ethertype=0x%04x\n",
1030 dev
->name
, ethertype
);
1035 /* convert hdr + possible LLC headers into Ethernet header */
1036 if (skb
->len
- hdrlen
>= 8 &&
1037 ((memcmp(payload
, rfc1042_header
, 6) == 0 &&
1038 ethertype
!= ETH_P_AARP
&& ethertype
!= ETH_P_IPX
) ||
1039 memcmp(payload
, bridge_tunnel_header
, 6) == 0)) {
1040 /* remove RFC1042 or Bridge-Tunnel encapsulation and
1041 * replace EtherType */
1042 skb_pull(skb
, hdrlen
+ 6);
1043 memcpy(skb_push(skb
, ETH_ALEN
), src
, ETH_ALEN
);
1044 memcpy(skb_push(skb
, ETH_ALEN
), dst
, ETH_ALEN
);
1047 /* Leave Ethernet header part of hdr and full payload */
1048 skb_pull(skb
, hdrlen
);
1049 len
= htons(skb
->len
);
1050 memcpy(skb_push(skb
, 2), &len
, 2);
1051 memcpy(skb_push(skb
, ETH_ALEN
), src
, ETH_ALEN
);
1052 memcpy(skb_push(skb
, ETH_ALEN
), dst
, ETH_ALEN
);
1055 if (wds
&& ((fc
& (IEEE80211_FCTL_TODS
| IEEE80211_FCTL_FROMDS
)) ==
1056 IEEE80211_FCTL_TODS
) &&
1057 skb
->len
>= ETH_HLEN
+ ETH_ALEN
) {
1058 /* Non-standard frame: get addr4 from its bogus location after
1060 skb_copy_from_linear_data_offset(skb
, skb
->len
- ETH_ALEN
,
1061 skb
->data
+ ETH_ALEN
,
1063 skb_trim(skb
, skb
->len
- ETH_ALEN
);
1066 dev
->stats
.rx_packets
++;
1067 dev
->stats
.rx_bytes
+= skb
->len
;
1069 if (local
->iw_mode
== IW_MODE_MASTER
&& !wds
&&
1070 local
->ap
->bridge_packets
) {
1071 if (dst
[0] & 0x01) {
1072 /* copy multicast frame both to the higher layers and
1073 * to the wireless media */
1074 local
->ap
->bridged_multicast
++;
1075 skb2
= skb_clone(skb
, GFP_ATOMIC
);
1077 printk(KERN_DEBUG
"%s: skb_clone failed for "
1078 "multicast frame\n", dev
->name
);
1079 } else if (hostap_is_sta_authorized(local
->ap
, dst
)) {
1080 /* send frame directly to the associated STA using
1081 * wireless media and not passing to higher layers */
1082 local
->ap
->bridged_unicast
++;
1089 /* send to wireless media */
1091 skb2
->protocol
= cpu_to_be16(ETH_P_802_3
);
1092 skb_reset_mac_header(skb2
);
1093 skb_reset_network_header(skb2
);
1094 /* skb2->network_header += ETH_HLEN; */
1095 dev_queue_xmit(skb2
);
1099 skb
->protocol
= eth_type_trans(skb
, dev
);
1100 memset(skb
->cb
, 0, sizeof(skb
->cb
));
1106 hostap_handle_sta_release(sta
);
1112 dev
->stats
.rx_dropped
++;
1117 EXPORT_SYMBOL(hostap_80211_rx
);