projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit...
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / drivers / net / wireless / hostap / hostap_80211_rx.c
1 #include <linux/etherdevice.h>
2 #include <linux/slab.h>
3 #include <net/lib80211.h>
4 #include <linux/if_arp.h>
5
6 #include "hostap_80211.h"
7 #include "hostap.h"
8 #include "hostap_ap.h"
9
10 /* See IEEE 802.1H for LLC/SNAP encapsulation/decapsulation */
11 /* Ethernet-II snap header (RFC1042 for most EtherTypes) */
12 static unsigned char rfc1042_header[] =
13 { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 };
14 /* Bridge-Tunnel header (for EtherTypes ETH_P_AARP and ETH_P_IPX) */
15 static unsigned char bridge_tunnel_header[] =
16 { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0xf8 };
17 /* No encapsulation header if EtherType < 0x600 (=length) */
18
19 void hostap_dump_rx_80211(const char *name, struct sk_buff *skb,
20 struct hostap_80211_rx_status *rx_stats)
21 {
22 struct ieee80211_hdr *hdr;
23 u16 fc;
24
25 hdr = (struct ieee80211_hdr *) skb->data;
26
27 printk(KERN_DEBUG "%s: RX signal=%d noise=%d rate=%d len=%d "
28 "jiffies=%ld\n",
29 name, rx_stats->signal, rx_stats->noise, rx_stats->rate,
30 skb->len, jiffies);
31
32 if (skb->len < 2)
33 return;
34
35 fc = le16_to_cpu(hdr->frame_control);
36 printk(KERN_DEBUG " FC=0x%04x (type=%d:%d)%s%s",
37 fc, (fc & IEEE80211_FCTL_FTYPE) >> 2,
38 (fc & IEEE80211_FCTL_STYPE) >> 4,
39 fc & IEEE80211_FCTL_TODS ? " [ToDS]" : "",
40 fc & IEEE80211_FCTL_FROMDS ? " [FromDS]" : "");
41
42 if (skb->len < IEEE80211_DATA_HDR3_LEN) {
43 printk("\n");
44 return;
45 }
46
47 printk(" dur=0x%04x seq=0x%04x\n", le16_to_cpu(hdr->duration_id),
48 le16_to_cpu(hdr->seq_ctrl));
49
50 printk(KERN_DEBUG " A1=%pM", hdr->addr1);
51 printk(" A2=%pM", hdr->addr2);
52 printk(" A3=%pM", hdr->addr3);
53 if (skb->len >= 30)
54 printk(" A4=%pM", hdr->addr4);
55 printk("\n");
56 }
57
58
59 /* Send RX frame to netif with 802.11 (and possible prism) header.
60 * Called from hardware or software IRQ context. */
61 int prism2_rx_80211(struct net_device *dev, struct sk_buff *skb,
62 struct hostap_80211_rx_status *rx_stats, int type)
63 {
64 struct hostap_interface *iface;
65 local_info_t *local;
66 int hdrlen, phdrlen, head_need, tail_need;
67 u16 fc;
68 int prism_header, ret;
69 struct ieee80211_hdr *fhdr;
70
71 iface = netdev_priv(dev);
72 local = iface->local;
73
74 if (dev->type == ARPHRD_IEEE80211_PRISM) {
75 if (local->monitor_type == PRISM2_MONITOR_PRISM) {
76 prism_header = 1;
77 phdrlen = sizeof(struct linux_wlan_ng_prism_hdr);
78 } else { /* local->monitor_type == PRISM2_MONITOR_CAPHDR */
79 prism_header = 2;
80 phdrlen = sizeof(struct linux_wlan_ng_cap_hdr);
81 }
82 } else if (dev->type == ARPHRD_IEEE80211_RADIOTAP) {
83 prism_header = 3;
84 phdrlen = sizeof(struct hostap_radiotap_rx);
85 } else {
86 prism_header = 0;
87 phdrlen = 0;
88 }
89
90 fhdr = (struct ieee80211_hdr *) skb->data;
91 fc = le16_to_cpu(fhdr->frame_control);
92
93 if (type == PRISM2_RX_MGMT && (fc & IEEE80211_FCTL_VERS)) {
94 printk(KERN_DEBUG "%s: dropped management frame with header "
95 "version %d\n", dev->name, fc & IEEE80211_FCTL_VERS);
96 dev_kfree_skb_any(skb);
97 return 0;
98 }
99
100 hdrlen = hostap_80211_get_hdrlen(fhdr->frame_control);
101
102 /* check if there is enough room for extra data; if not, expand skb
103 * buffer to be large enough for the changes */
104 head_need = phdrlen;
105 tail_need = 0;
106 #ifdef PRISM2_ADD_BOGUS_CRC
107 tail_need += 4;
108 #endif /* PRISM2_ADD_BOGUS_CRC */
109
110 head_need -= skb_headroom(skb);
111 tail_need -= skb_tailroom(skb);
112
113 if (head_need > 0 || tail_need > 0) {
114 if (pskb_expand_head(skb, head_need > 0 ? head_need : 0,
115 tail_need > 0 ? tail_need : 0,
116 GFP_ATOMIC)) {
117 printk(KERN_DEBUG "%s: prism2_rx_80211 failed to "
118 "reallocate skb buffer\n", dev->name);
119 dev_kfree_skb_any(skb);
120 return 0;
121 }
122 }
123
124 /* We now have an skb with enough head and tail room, so just insert
125 * the extra data */
126
127 #ifdef PRISM2_ADD_BOGUS_CRC
128 memset(skb_put(skb, 4), 0xff, 4); /* Prism2 strips CRC */
129 #endif /* PRISM2_ADD_BOGUS_CRC */
130
131 if (prism_header == 1) {
132 struct linux_wlan_ng_prism_hdr *hdr;
133 hdr = (struct linux_wlan_ng_prism_hdr *)
134 skb_push(skb, phdrlen);
135 memset(hdr, 0, phdrlen);
136 hdr->msgcode = LWNG_CAP_DID_BASE;
137 hdr->msglen = sizeof(*hdr);
138 memcpy(hdr->devname, dev->name, sizeof(hdr->devname));
139 #define LWNG_SETVAL(f,i,s,l,d) \
140 hdr->f.did = LWNG_CAP_DID_BASE | (i << 12); \
141 hdr->f.status = s; hdr->f.len = l; hdr->f.data = d
142 LWNG_SETVAL(hosttime, 1, 0, 4, jiffies);
143 LWNG_SETVAL(mactime, 2, 0, 4, rx_stats->mac_time);
144 LWNG_SETVAL(channel, 3, 1 /* no value */, 4, 0);
145 LWNG_SETVAL(rssi, 4, 1 /* no value */, 4, 0);
146 LWNG_SETVAL(sq, 5, 1 /* no value */, 4, 0);
147 LWNG_SETVAL(signal, 6, 0, 4, rx_stats->signal);
148 LWNG_SETVAL(noise, 7, 0, 4, rx_stats->noise);
149 LWNG_SETVAL(rate, 8, 0, 4, rx_stats->rate / 5);
150 LWNG_SETVAL(istx, 9, 0, 4, 0);
151 LWNG_SETVAL(frmlen, 10, 0, 4, skb->len - phdrlen);
152 #undef LWNG_SETVAL
153 } else if (prism_header == 2) {
154 struct linux_wlan_ng_cap_hdr *hdr;
155 hdr = (struct linux_wlan_ng_cap_hdr *)
156 skb_push(skb, phdrlen);
157 memset(hdr, 0, phdrlen);
158 hdr->version = htonl(LWNG_CAPHDR_VERSION);
159 hdr->length = htonl(phdrlen);
160 hdr->mactime = __cpu_to_be64(rx_stats->mac_time);
161 hdr->hosttime = __cpu_to_be64(jiffies);
162 hdr->phytype = htonl(4); /* dss_dot11_b */
163 hdr->channel = htonl(local->channel);
164 hdr->datarate = htonl(rx_stats->rate);
165 hdr->antenna = htonl(0); /* unknown */
166 hdr->priority = htonl(0); /* unknown */
167 hdr->ssi_type = htonl(3); /* raw */
168 hdr->ssi_signal = htonl(rx_stats->signal);
169 hdr->ssi_noise = htonl(rx_stats->noise);
170 hdr->preamble = htonl(0); /* unknown */
171 hdr->encoding = htonl(1); /* cck */
172 } else if (prism_header == 3) {
173 struct hostap_radiotap_rx *hdr;
174 hdr = (struct hostap_radiotap_rx *)skb_push(skb, phdrlen);
175 memset(hdr, 0, phdrlen);
176 hdr->hdr.it_len = cpu_to_le16(phdrlen);
177 hdr->hdr.it_present =
178 cpu_to_le32((1 << IEEE80211_RADIOTAP_TSFT) |
179 (1 << IEEE80211_RADIOTAP_CHANNEL) |
180 (1 << IEEE80211_RADIOTAP_RATE) |
181 (1 << IEEE80211_RADIOTAP_DBM_ANTSIGNAL) |
182 (1 << IEEE80211_RADIOTAP_DBM_ANTNOISE));
183 hdr->tsft = cpu_to_le64(rx_stats->mac_time);
184 hdr->chan_freq = cpu_to_le16(freq_list[local->channel - 1]);
185 hdr->chan_flags = cpu_to_le16(IEEE80211_CHAN_CCK |
186 IEEE80211_CHAN_2GHZ);
187 hdr->rate = rx_stats->rate / 5;
188 hdr->dbm_antsignal = rx_stats->signal;
189 hdr->dbm_antnoise = rx_stats->noise;
190 }
191
192 ret = skb->len - phdrlen;
193 skb->dev = dev;
194 skb_reset_mac_header(skb);
195 skb_pull(skb, hdrlen);
196 if (prism_header)
197 skb_pull(skb, phdrlen);
198 skb->pkt_type = PACKET_OTHERHOST;
199 skb->protocol = cpu_to_be16(ETH_P_802_2);
200 memset(skb->cb, 0, sizeof(skb->cb));
201 netif_rx(skb);
202
203 return ret;
204 }
205
206
207 /* Called only as a tasklet (software IRQ) */
208 static void monitor_rx(struct net_device *dev, struct sk_buff *skb,
209 struct hostap_80211_rx_status *rx_stats)
210 {
211 int len;
212
213 len = prism2_rx_80211(dev, skb, rx_stats, PRISM2_RX_MONITOR);
214 dev->stats.rx_packets++;
215 dev->stats.rx_bytes += len;
216 }
217
218
219 /* Called only as a tasklet (software IRQ) */
220 static struct prism2_frag_entry *
221 prism2_frag_cache_find(local_info_t *local, unsigned int seq,
222 unsigned int frag, u8 *src, u8 *dst)
223 {
224 struct prism2_frag_entry *entry;
225 int i;
226
227 for (i = 0; i < PRISM2_FRAG_CACHE_LEN; i++) {
228 entry = &local->frag_cache[i];
229 if (entry->skb != NULL &&
230 time_after(jiffies, entry->first_frag_time + 2 * HZ)) {
231 printk(KERN_DEBUG "%s: expiring fragment cache entry "
232 "seq=%u last_frag=%u\n",
233 local->dev->name, entry->seq, entry->last_frag);
234 dev_kfree_skb(entry->skb);
235 entry->skb = NULL;
236 }
237
238 if (entry->skb != NULL && entry->seq == seq &&
239 (entry->last_frag + 1 == frag || frag == -1) &&
240 memcmp(entry->src_addr, src, ETH_ALEN) == 0 &&
241 memcmp(entry->dst_addr, dst, ETH_ALEN) == 0)
242 return entry;
243 }
244
245 return NULL;
246 }
247
248
249 /* Called only as a tasklet (software IRQ) */
250 static struct sk_buff *
251 prism2_frag_cache_get(local_info_t *local, struct ieee80211_hdr *hdr)
252 {
253 struct sk_buff *skb = NULL;
254 u16 sc;
255 unsigned int frag, seq;
256 struct prism2_frag_entry *entry;
257
258 sc = le16_to_cpu(hdr->seq_ctrl);
259 frag = sc & IEEE80211_SCTL_FRAG;
260 seq = (sc & IEEE80211_SCTL_SEQ) >> 4;
261
262 if (frag == 0) {
263 /* Reserve enough space to fit maximum frame length */
264 skb = dev_alloc_skb(local->dev->mtu +
265 sizeof(struct ieee80211_hdr) +
266 8 /* LLC */ +
267 2 /* alignment */ +
268 8 /* WEP */ + ETH_ALEN /* WDS */);
269 if (skb == NULL)
270 return NULL;
271
272 entry = &local->frag_cache[local->frag_next_idx];
273 local->frag_next_idx++;
274 if (local->frag_next_idx >= PRISM2_FRAG_CACHE_LEN)
275 local->frag_next_idx = 0;
276
277 if (entry->skb != NULL)
278 dev_kfree_skb(entry->skb);
279
280 entry->first_frag_time = jiffies;
281 entry->seq = seq;
282 entry->last_frag = frag;
283 entry->skb = skb;
284 memcpy(entry->src_addr, hdr->addr2, ETH_ALEN);
285 memcpy(entry->dst_addr, hdr->addr1, ETH_ALEN);
286 } else {
287 /* received a fragment of a frame for which the head fragment
288 * should have already been received */
289 entry = prism2_frag_cache_find(local, seq, frag, hdr->addr2,
290 hdr->addr1);
291 if (entry != NULL) {
292 entry->last_frag = frag;
293 skb = entry->skb;
294 }
295 }
296
297 return skb;
298 }
299
300
301 /* Called only as a tasklet (software IRQ) */
302 static int prism2_frag_cache_invalidate(local_info_t *local,
303 struct ieee80211_hdr *hdr)
304 {
305 u16 sc;
306 unsigned int seq;
307 struct prism2_frag_entry *entry;
308
309 sc = le16_to_cpu(hdr->seq_ctrl);
310 seq = (sc & IEEE80211_SCTL_SEQ) >> 4;
311
312 entry = prism2_frag_cache_find(local, seq, -1, hdr->addr2, hdr->addr1);
313
314 if (entry == NULL) {
315 printk(KERN_DEBUG "%s: could not invalidate fragment cache "
316 "entry (seq=%u)\n",
317 local->dev->name, seq);
318 return -1;
319 }
320
321 entry->skb = NULL;
322 return 0;
323 }
324
325
326 static struct hostap_bss_info *__hostap_get_bss(local_info_t *local, u8 *bssid,
327 u8 *ssid, size_t ssid_len)
328 {
329 struct list_head *ptr;
330 struct hostap_bss_info *bss;
331
332 list_for_each(ptr, &local->bss_list) {
333 bss = list_entry(ptr, struct hostap_bss_info, list);
334 if (memcmp(bss->bssid, bssid, ETH_ALEN) == 0 &&
335 (ssid == NULL ||
336 (ssid_len == bss->ssid_len &&
337 memcmp(ssid, bss->ssid, ssid_len) == 0))) {
338 list_move(&bss->list, &local->bss_list);
339 return bss;
340 }
341 }
342
343 return NULL;
344 }
345
346
347 static struct hostap_bss_info *__hostap_add_bss(local_info_t *local, u8 *bssid,
348 u8 *ssid, size_t ssid_len)
349 {
350 struct hostap_bss_info *bss;
351
352 if (local->num_bss_info >= HOSTAP_MAX_BSS_COUNT) {
353 bss = list_entry(local->bss_list.prev,
354 struct hostap_bss_info, list);
355 list_del(&bss->list);
356 local->num_bss_info--;
357 } else {
358 bss = (struct hostap_bss_info *)
359 kmalloc(sizeof(*bss), GFP_ATOMIC);
360 if (bss == NULL)
361 return NULL;
362 }
363
364 memset(bss, 0, sizeof(*bss));
365 memcpy(bss->bssid, bssid, ETH_ALEN);
366 memcpy(bss->ssid, ssid, ssid_len);
367 bss->ssid_len = ssid_len;
368 local->num_bss_info++;
369 list_add(&bss->list, &local->bss_list);
370 return bss;
371 }
372
373
374 static void __hostap_expire_bss(local_info_t *local)
375 {
376 struct hostap_bss_info *bss;
377
378 while (local->num_bss_info > 0) {
379 bss = list_entry(local->bss_list.prev,
380 struct hostap_bss_info, list);
381 if (!time_after(jiffies, bss->last_update + 60 * HZ))
382 break;
383
384 list_del(&bss->list);
385 local->num_bss_info--;
386 kfree(bss);
387 }
388 }
389
390
391 /* Both IEEE 802.11 Beacon and Probe Response frames have similar structure, so
392 * the same routine can be used to parse both of them. */
393 static void hostap_rx_sta_beacon(local_info_t *local, struct sk_buff *skb,
394 int stype)
395 {
396 struct hostap_ieee80211_mgmt *mgmt;
397 int left, chan = 0;
398 u8 *pos;
399 u8 *ssid = NULL, *wpa = NULL, *rsn = NULL;
400 size_t ssid_len = 0, wpa_len = 0, rsn_len = 0;
401 struct hostap_bss_info *bss;
402
403 if (skb->len < IEEE80211_MGMT_HDR_LEN + sizeof(mgmt->u.beacon))
404 return;
405
406 mgmt = (struct hostap_ieee80211_mgmt *) skb->data;
407 pos = mgmt->u.beacon.variable;
408 left = skb->len - (pos - skb->data);
409
410 while (left >= 2) {
411 if (2 + pos[1] > left)
412 return; /* parse failed */
413 switch (*pos) {
414 case WLAN_EID_SSID:
415 ssid = pos + 2;
416 ssid_len = pos[1];
417 break;
418 case WLAN_EID_GENERIC:
419 if (pos[1] >= 4 &&
420 pos[2] == 0x00 && pos[3] == 0x50 &&
421 pos[4] == 0xf2 && pos[5] == 1) {
422 wpa = pos;
423 wpa_len = pos[1] + 2;
424 }
425 break;
426 case WLAN_EID_RSN:
427 rsn = pos;
428 rsn_len = pos[1] + 2;
429 break;
430 case WLAN_EID_DS_PARAMS:
431 if (pos[1] >= 1)
432 chan = pos[2];
433 break;
434 }
435 left -= 2 + pos[1];
436 pos += 2 + pos[1];
437 }
438
439 if (wpa_len > MAX_WPA_IE_LEN)
440 wpa_len = MAX_WPA_IE_LEN;
441 if (rsn_len > MAX_WPA_IE_LEN)
442 rsn_len = MAX_WPA_IE_LEN;
443 if (ssid_len > sizeof(bss->ssid))
444 ssid_len = sizeof(bss->ssid);
445
446 spin_lock(&local->lock);
447 bss = __hostap_get_bss(local, mgmt->bssid, ssid, ssid_len);
448 if (bss == NULL)
449 bss = __hostap_add_bss(local, mgmt->bssid, ssid, ssid_len);
450 if (bss) {
451 bss->last_update = jiffies;
452 bss->count++;
453 bss->capab_info = le16_to_cpu(mgmt->u.beacon.capab_info);
454 if (wpa) {
455 memcpy(bss->wpa_ie, wpa, wpa_len);
456 bss->wpa_ie_len = wpa_len;
457 } else
458 bss->wpa_ie_len = 0;
459 if (rsn) {
460 memcpy(bss->rsn_ie, rsn, rsn_len);
461 bss->rsn_ie_len = rsn_len;
462 } else
463 bss->rsn_ie_len = 0;
464 bss->chan = chan;
465 }
466 __hostap_expire_bss(local);
467 spin_unlock(&local->lock);
468 }
469
470
471 static int
472 hostap_rx_frame_mgmt(local_info_t *local, struct sk_buff *skb,
473 struct hostap_80211_rx_status *rx_stats, u16 type,
474 u16 stype)
475 {
476 if (local->iw_mode == IW_MODE_MASTER)
477 hostap_update_sta_ps(local, (struct ieee80211_hdr *) skb->data);
478
479 if (local->hostapd && type == IEEE80211_FTYPE_MGMT) {
480 if (stype == IEEE80211_STYPE_BEACON &&
481 local->iw_mode == IW_MODE_MASTER) {
482 struct sk_buff *skb2;
483 /* Process beacon frames also in kernel driver to
484 * update STA(AP) table statistics */
485 skb2 = skb_clone(skb, GFP_ATOMIC);
486 if (skb2)
487 hostap_rx(skb2->dev, skb2, rx_stats);
488 }
489
490 /* send management frames to the user space daemon for
491 * processing */
492 local->apdevstats.rx_packets++;
493 local->apdevstats.rx_bytes += skb->len;
494 if (local->apdev == NULL)
495 return -1;
496 prism2_rx_80211(local->apdev, skb, rx_stats, PRISM2_RX_MGMT);
497 return 0;
498 }
499
500 if (local->iw_mode == IW_MODE_MASTER) {
501 if (type != IEEE80211_FTYPE_MGMT &&
502 type != IEEE80211_FTYPE_CTL) {
503 printk(KERN_DEBUG "%s: unknown management frame "
504 "(type=0x%02x, stype=0x%02x) dropped\n",
505 skb->dev->name, type >> 2, stype >> 4);
506 return -1;
507 }
508
509 hostap_rx(skb->dev, skb, rx_stats);
510 return 0;
511 } else if (type == IEEE80211_FTYPE_MGMT &&
512 (stype == IEEE80211_STYPE_BEACON ||
513 stype == IEEE80211_STYPE_PROBE_RESP)) {
514 hostap_rx_sta_beacon(local, skb, stype);
515 return -1;
516 } else if (type == IEEE80211_FTYPE_MGMT &&
517 (stype == IEEE80211_STYPE_ASSOC_RESP ||
518 stype == IEEE80211_STYPE_REASSOC_RESP)) {
519 /* Ignore (Re)AssocResp silently since these are not currently
520 * needed but are still received when WPA/RSN mode is enabled.
521 */
522 return -1;
523 } else {
524 printk(KERN_DEBUG "%s: hostap_rx_frame_mgmt: dropped unhandled"
525 " management frame in non-Host AP mode (type=%d:%d)\n",
526 skb->dev->name, type >> 2, stype >> 4);
527 return -1;
528 }
529 }
530
531
532 /* Called only as a tasklet (software IRQ) */
533 static struct net_device *prism2_rx_get_wds(local_info_t *local,
534 u8 *addr)
535 {
536 struct hostap_interface *iface = NULL;
537 struct list_head *ptr;
538
539 read_lock_bh(&local->iface_lock);
540 list_for_each(ptr, &local->hostap_interfaces) {
541 iface = list_entry(ptr, struct hostap_interface, list);
542 if (iface->type == HOSTAP_INTERFACE_WDS &&
543 memcmp(iface->u.wds.remote_addr, addr, ETH_ALEN) == 0)
544 break;
545 iface = NULL;
546 }
547 read_unlock_bh(&local->iface_lock);
548
549 return iface ? iface->dev : NULL;
550 }
551
552
553 static int
554 hostap_rx_frame_wds(local_info_t *local, struct ieee80211_hdr *hdr, u16 fc,
555 struct net_device **wds)
556 {
557 /* FIX: is this really supposed to accept WDS frames only in Master
558 * mode? What about Repeater or Managed with WDS frames? */
559 if ((fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) !=
560 (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS) &&
561 (local->iw_mode != IW_MODE_MASTER || !(fc & IEEE80211_FCTL_TODS)))
562 return 0; /* not a WDS frame */
563
564 /* Possible WDS frame: either IEEE 802.11 compliant (if FromDS)
565 * or own non-standard frame with 4th address after payload */
566 if (memcmp(hdr->addr1, local->dev->dev_addr, ETH_ALEN) != 0 &&
567 (hdr->addr1[0] != 0xff || hdr->addr1[1] != 0xff ||
568 hdr->addr1[2] != 0xff || hdr->addr1[3] != 0xff ||
569 hdr->addr1[4] != 0xff || hdr->addr1[5] != 0xff)) {
570 /* RA (or BSSID) is not ours - drop */
571 PDEBUG(DEBUG_EXTRA2, "%s: received WDS frame with "
572 "not own or broadcast %s=%pM\n",
573 local->dev->name,
574 fc & IEEE80211_FCTL_FROMDS ? "RA" : "BSSID",
575 hdr->addr1);
576 return -1;
577 }
578
579 /* check if the frame came from a registered WDS connection */
580 *wds = prism2_rx_get_wds(local, hdr->addr2);
581 if (*wds == NULL && fc & IEEE80211_FCTL_FROMDS &&
582 (local->iw_mode != IW_MODE_INFRA ||
583 !(local->wds_type & HOSTAP_WDS_AP_CLIENT) ||
584 memcmp(hdr->addr2, local->bssid, ETH_ALEN) != 0)) {
585 /* require that WDS link has been registered with TA or the
586 * frame is from current AP when using 'AP client mode' */
587 PDEBUG(DEBUG_EXTRA, "%s: received WDS[4 addr] frame "
588 "from unknown TA=%pM\n",
589 local->dev->name, hdr->addr2);
590 if (local->ap && local->ap->autom_ap_wds)
591 hostap_wds_link_oper(local, hdr->addr2, WDS_ADD);
592 return -1;
593 }
594
595 if (*wds && !(fc & IEEE80211_FCTL_FROMDS) && local->ap &&
596 hostap_is_sta_assoc(local->ap, hdr->addr2)) {
597 /* STA is actually associated with us even though it has a
598 * registered WDS link. Assume it is in 'AP client' mode.
599 * Since this is a 3-addr frame, assume it is not (bogus) WDS
600 * frame and process it like any normal ToDS frame from
601 * associated STA. */
602 *wds = NULL;
603 }
604
605 return 0;
606 }
607
608
609 static int hostap_is_eapol_frame(local_info_t *local, struct sk_buff *skb)
610 {
611 struct net_device *dev = local->dev;
612 u16 fc, ethertype;
613 struct ieee80211_hdr *hdr;
614 u8 *pos;
615
616 if (skb->len < 24)
617 return 0;
618
619 hdr = (struct ieee80211_hdr *) skb->data;
620 fc = le16_to_cpu(hdr->frame_control);
621
622 /* check that the frame is unicast frame to us */
623 if ((fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) ==
624 IEEE80211_FCTL_TODS &&
625 memcmp(hdr->addr1, dev->dev_addr, ETH_ALEN) == 0 &&
626 memcmp(hdr->addr3, dev->dev_addr, ETH_ALEN) == 0) {
627 /* ToDS frame with own addr BSSID and DA */
628 } else if ((fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) ==
629 IEEE80211_FCTL_FROMDS &&
630 memcmp(hdr->addr1, dev->dev_addr, ETH_ALEN) == 0) {
631 /* FromDS frame with own addr as DA */
632 } else
633 return 0;
634
635 if (skb->len < 24 + 8)
636 return 0;
637
638 /* check for port access entity Ethernet type */
639 pos = skb->data + 24;
640 ethertype = (pos[6] << 8) | pos[7];
641 if (ethertype == ETH_P_PAE)
642 return 1;
643
644 return 0;
645 }
646
647
648 /* Called only as a tasklet (software IRQ) */
649 static int
650 hostap_rx_frame_decrypt(local_info_t *local, struct sk_buff *skb,
651 struct lib80211_crypt_data *crypt)
652 {
653 struct ieee80211_hdr *hdr;
654 int res, hdrlen;
655
656 if (crypt == NULL || crypt->ops->decrypt_mpdu == NULL)
657 return 0;
658
659 hdr = (struct ieee80211_hdr *) skb->data;
660 hdrlen = hostap_80211_get_hdrlen(hdr->frame_control);
661
662 if (local->tkip_countermeasures &&
663 strcmp(crypt->ops->name, "TKIP") == 0) {
664 if (net_ratelimit()) {
665 printk(KERN_DEBUG "%s: TKIP countermeasures: dropped "
666 "received packet from %pM\n",
667 local->dev->name, hdr->addr2);
668 }
669 return -1;
670 }
671
672 atomic_inc(&crypt->refcnt);
673 res = crypt->ops->decrypt_mpdu(skb, hdrlen, crypt->priv);
674 atomic_dec(&crypt->refcnt);
675 if (res < 0) {
676 printk(KERN_DEBUG "%s: decryption failed (SA=%pM) res=%d\n",
677 local->dev->name, hdr->addr2, res);
678 local->comm_tallies.rx_discards_wep_undecryptable++;
679 return -1;
680 }
681
682 return res;
683 }
684
685
686 /* Called only as a tasklet (software IRQ) */
687 static int
688 hostap_rx_frame_decrypt_msdu(local_info_t *local, struct sk_buff *skb,
689 int keyidx, struct lib80211_crypt_data *crypt)
690 {
691 struct ieee80211_hdr *hdr;
692 int res, hdrlen;
693
694 if (crypt == NULL || crypt->ops->decrypt_msdu == NULL)
695 return 0;
696
697 hdr = (struct ieee80211_hdr *) skb->data;
698 hdrlen = hostap_80211_get_hdrlen(hdr->frame_control);
699
700 atomic_inc(&crypt->refcnt);
701 res = crypt->ops->decrypt_msdu(skb, keyidx, hdrlen, crypt->priv);
702 atomic_dec(&crypt->refcnt);
703 if (res < 0) {
704 printk(KERN_DEBUG "%s: MSDU decryption/MIC verification failed"
705 " (SA=%pM keyidx=%d)\n",
706 local->dev->name, hdr->addr2, keyidx);
707 return -1;
708 }
709
710 return 0;
711 }
712
713
714 /* All received frames are sent to this function. @skb contains the frame in
715 * IEEE 802.11 format, i.e., in the format it was sent over air.
716 * This function is called only as a tasklet (software IRQ). */
717 void hostap_80211_rx(struct net_device *dev, struct sk_buff *skb,
718 struct hostap_80211_rx_status *rx_stats)
719 {
720 struct hostap_interface *iface;
721 local_info_t *local;
722 struct ieee80211_hdr *hdr;
723 size_t hdrlen;
724 u16 fc, type, stype, sc;
725 struct net_device *wds = NULL;
726 unsigned int frag;
727 u8 *payload;
728 struct sk_buff *skb2 = NULL;
729 u16 ethertype;
730 int frame_authorized = 0;
731 int from_assoc_ap = 0;
732 u8 dst[ETH_ALEN];
733 u8 src[ETH_ALEN];
734 struct lib80211_crypt_data *crypt = NULL;
735 void *sta = NULL;
736 int keyidx = 0;
737
738 iface = netdev_priv(dev);
739 local = iface->local;
740 iface->stats.rx_packets++;
741 iface->stats.rx_bytes += skb->len;
742
743 /* dev is the master radio device; change this to be the default
744 * virtual interface (this may be changed to WDS device below) */
745 dev = local->ddev;
746 iface = netdev_priv(dev);
747
748 hdr = (struct ieee80211_hdr *) skb->data;
749
750 if (skb->len < 10)
751 goto rx_dropped;
752
753 fc = le16_to_cpu(hdr->frame_control);
754 type = fc & IEEE80211_FCTL_FTYPE;
755 stype = fc & IEEE80211_FCTL_STYPE;
756 sc = le16_to_cpu(hdr->seq_ctrl);
757 frag = sc & IEEE80211_SCTL_FRAG;
758 hdrlen = hostap_80211_get_hdrlen(hdr->frame_control);
759
760 /* Put this code here so that we avoid duplicating it in all
761 * Rx paths. - Jean II */
762 #ifdef IW_WIRELESS_SPY /* defined in iw_handler.h */
763 /* If spy monitoring on */
764 if (iface->spy_data.spy_number > 0) {
765 struct iw_quality wstats;
766 wstats.level = rx_stats->signal;
767 wstats.noise = rx_stats->noise;
768 wstats.updated = IW_QUAL_LEVEL_UPDATED | IW_QUAL_NOISE_UPDATED
769 | IW_QUAL_QUAL_INVALID | IW_QUAL_DBM;
770 /* Update spy records */
771 wireless_spy_update(dev, hdr->addr2, &wstats);
772 }
773 #endif /* IW_WIRELESS_SPY */
774 hostap_update_rx_stats(local->ap, hdr, rx_stats);
775
776 if (local->iw_mode == IW_MODE_MONITOR) {
777 monitor_rx(dev, skb, rx_stats);
778 return;
779 }
780
781 if (local->host_decrypt) {
782 int idx = 0;
783 if (skb->len >= hdrlen + 3)
784 idx = skb->data[hdrlen + 3] >> 6;
785 crypt = local->crypt_info.crypt[idx];
786 sta = NULL;
787
788 /* Use station specific key to override default keys if the
789 * receiver address is a unicast address ("individual RA"). If
790 * bcrx_sta_key parameter is set, station specific key is used
791 * even with broad/multicast targets (this is against IEEE
792 * 802.11, but makes it easier to use different keys with
793 * stations that do not support WEP key mapping). */
794
795 if (!(hdr->addr1[0] & 0x01) || local->bcrx_sta_key)
796 (void) hostap_handle_sta_crypto(local, hdr, &crypt,
797 &sta);
798
799 /* allow NULL decrypt to indicate an station specific override
800 * for default encryption */
801 if (crypt && (crypt->ops == NULL ||
802 crypt->ops->decrypt_mpdu == NULL))
803 crypt = NULL;
804
805 if (!crypt && (fc & IEEE80211_FCTL_PROTECTED)) {
806 #if 0
807 /* This seems to be triggered by some (multicast?)
808 * frames from other than current BSS, so just drop the
809 * frames silently instead of filling system log with
810 * these reports. */
811 printk(KERN_DEBUG "%s: WEP decryption failed (not set)"
812 " (SA=%pM)\n",
813 local->dev->name, hdr->addr2);
814 #endif
815 local->comm_tallies.rx_discards_wep_undecryptable++;
816 goto rx_dropped;
817 }
818 }
819
820 if (type != IEEE80211_FTYPE_DATA) {
821 if (type == IEEE80211_FTYPE_MGMT &&
822 stype == IEEE80211_STYPE_AUTH &&
823 fc & IEEE80211_FCTL_PROTECTED && local->host_decrypt &&
824 (keyidx = hostap_rx_frame_decrypt(local, skb, crypt)) < 0)
825 {
826 printk(KERN_DEBUG "%s: failed to decrypt mgmt::auth "
827 "from %pM\n", dev->name, hdr->addr2);
828 /* TODO: could inform hostapd about this so that it
829 * could send auth failure report */
830 goto rx_dropped;
831 }
832
833 if (hostap_rx_frame_mgmt(local, skb, rx_stats, type, stype))
834 goto rx_dropped;
835 else
836 goto rx_exit;
837 }
838
839 /* Data frame - extract src/dst addresses */
840 if (skb->len < IEEE80211_DATA_HDR3_LEN)
841 goto rx_dropped;
842
843 switch (fc & (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) {
844 case IEEE80211_FCTL_FROMDS:
845 memcpy(dst, hdr->addr1, ETH_ALEN);
846 memcpy(src, hdr->addr3, ETH_ALEN);
847 break;
848 case IEEE80211_FCTL_TODS:
849 memcpy(dst, hdr->addr3, ETH_ALEN);
850 memcpy(src, hdr->addr2, ETH_ALEN);
851 break;
852 case IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS:
853 if (skb->len < IEEE80211_DATA_HDR4_LEN)
854 goto rx_dropped;
855 memcpy(dst, hdr->addr3, ETH_ALEN);
856 memcpy(src, hdr->addr4, ETH_ALEN);
857 break;
858 case 0:
859 memcpy(dst, hdr->addr1, ETH_ALEN);
860 memcpy(src, hdr->addr2, ETH_ALEN);
861 break;
862 }
863
864 if (hostap_rx_frame_wds(local, hdr, fc, &wds))
865 goto rx_dropped;
866 if (wds)
867 skb->dev = dev = wds;
868
869 if (local->iw_mode == IW_MODE_MASTER && !wds &&
870 (fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) ==
871 IEEE80211_FCTL_FROMDS &&
872 local->stadev &&
873 memcmp(hdr->addr2, local->assoc_ap_addr, ETH_ALEN) == 0) {
874 /* Frame from BSSID of the AP for which we are a client */
875 skb->dev = dev = local->stadev;
876 from_assoc_ap = 1;
877 }
878
879 if ((local->iw_mode == IW_MODE_MASTER ||
880 local->iw_mode == IW_MODE_REPEAT) &&
881 !from_assoc_ap) {
882 switch (hostap_handle_sta_rx(local, dev, skb, rx_stats,
883 wds != NULL)) {
884 case AP_RX_CONTINUE_NOT_AUTHORIZED:
885 frame_authorized = 0;
886 break;
887 case AP_RX_CONTINUE:
888 frame_authorized = 1;
889 break;
890 case AP_RX_DROP:
891 goto rx_dropped;
892 case AP_RX_EXIT:
893 goto rx_exit;
894 }
895 }
896
897 /* Nullfunc frames may have PS-bit set, so they must be passed to
898 * hostap_handle_sta_rx() before being dropped here. */
899 if (stype != IEEE80211_STYPE_DATA &&
900 stype != IEEE80211_STYPE_DATA_CFACK &&
901 stype != IEEE80211_STYPE_DATA_CFPOLL &&
902 stype != IEEE80211_STYPE_DATA_CFACKPOLL) {
903 if (stype != IEEE80211_STYPE_NULLFUNC)
904 printk(KERN_DEBUG "%s: RX: dropped data frame "
905 "with no data (type=0x%02x, subtype=0x%02x)\n",
906 dev->name, type >> 2, stype >> 4);
907 goto rx_dropped;
908 }
909
910 /* skb: hdr + (possibly fragmented, possibly encrypted) payload */
911
912 if (local->host_decrypt && (fc & IEEE80211_FCTL_PROTECTED) &&
913 (keyidx = hostap_rx_frame_decrypt(local, skb, crypt)) < 0)
914 goto rx_dropped;
915 hdr = (struct ieee80211_hdr *) skb->data;
916
917 /* skb: hdr + (possibly fragmented) plaintext payload */
918
919 if (local->host_decrypt && (fc & IEEE80211_FCTL_PROTECTED) &&
920 (frag != 0 || (fc & IEEE80211_FCTL_MOREFRAGS))) {
921 int flen;
922 struct sk_buff *frag_skb =
923 prism2_frag_cache_get(local, hdr);
924 if (!frag_skb) {
925 printk(KERN_DEBUG "%s: Rx cannot get skb from "
926 "fragment cache (morefrag=%d seq=%u frag=%u)\n",
927 dev->name, (fc & IEEE80211_FCTL_MOREFRAGS) != 0,
928 (sc & IEEE80211_SCTL_SEQ) >> 4, frag);
929 goto rx_dropped;
930 }
931
932 flen = skb->len;
933 if (frag != 0)
934 flen -= hdrlen;
935
936 if (frag_skb->tail + flen > frag_skb->end) {
937 printk(KERN_WARNING "%s: host decrypted and "
938 "reassembled frame did not fit skb\n",
939 dev->name);
940 prism2_frag_cache_invalidate(local, hdr);
941 goto rx_dropped;
942 }
943
944 if (frag == 0) {
945 /* copy first fragment (including full headers) into
946 * beginning of the fragment cache skb */
947 skb_copy_from_linear_data(skb, skb_put(frag_skb, flen),
948 flen);
949 } else {
950 /* append frame payload to the end of the fragment
951 * cache skb */
952 skb_copy_from_linear_data_offset(skb, hdrlen,
953 skb_put(frag_skb,
954 flen), flen);
955 }
956 dev_kfree_skb(skb);
957 skb = NULL;
958
959 if (fc & IEEE80211_FCTL_MOREFRAGS) {
960 /* more fragments expected - leave the skb in fragment
961 * cache for now; it will be delivered to upper layers
962 * after all fragments have been received */
963 goto rx_exit;
964 }
965
966 /* this was the last fragment and the frame will be
967 * delivered, so remove skb from fragment cache */
968 skb = frag_skb;
969 hdr = (struct ieee80211_hdr *) skb->data;
970 prism2_frag_cache_invalidate(local, hdr);
971 }
972
973 /* skb: hdr + (possible reassembled) full MSDU payload; possibly still
974 * encrypted/authenticated */
975
976 if (local->host_decrypt && (fc & IEEE80211_FCTL_PROTECTED) &&
977 hostap_rx_frame_decrypt_msdu(local, skb, keyidx, crypt))
978 goto rx_dropped;
979
980 hdr = (struct ieee80211_hdr *) skb->data;
981 if (crypt && !(fc & IEEE80211_FCTL_PROTECTED) && !local->open_wep) {
982 if (local->ieee_802_1x &&
983 hostap_is_eapol_frame(local, skb)) {
984 /* pass unencrypted EAPOL frames even if encryption is
985 * configured */
986 PDEBUG(DEBUG_EXTRA2, "%s: RX: IEEE 802.1X - passing "
987 "unencrypted EAPOL frame\n", local->dev->name);
988 } else {
989 printk(KERN_DEBUG "%s: encryption configured, but RX "
990 "frame not encrypted (SA=%pM)\n",
991 local->dev->name, hdr->addr2);
992 goto rx_dropped;
993 }
994 }
995
996 if (local->drop_unencrypted && !(fc & IEEE80211_FCTL_PROTECTED) &&
997 !hostap_is_eapol_frame(local, skb)) {
998 if (net_ratelimit()) {
999 printk(KERN_DEBUG "%s: dropped unencrypted RX data "
1000 "frame from %pM (drop_unencrypted=1)\n",
1001 dev->name, hdr->addr2);
1002 }
1003 goto rx_dropped;
1004 }
1005
1006 /* skb: hdr + (possible reassembled) full plaintext payload */
1007
1008 payload = skb->data + hdrlen;
1009 ethertype = (payload[6] << 8) | payload[7];
1010
1011 /* If IEEE 802.1X is used, check whether the port is authorized to send
1012 * the received frame. */
1013 if (local->ieee_802_1x && local->iw_mode == IW_MODE_MASTER) {
1014 if (ethertype == ETH_P_PAE) {
1015 PDEBUG(DEBUG_EXTRA2, "%s: RX: IEEE 802.1X frame\n",
1016 dev->name);
1017 if (local->hostapd && local->apdev) {
1018 /* Send IEEE 802.1X frames to the user
1019 * space daemon for processing */
1020 prism2_rx_80211(local->apdev, skb, rx_stats,
1021 PRISM2_RX_MGMT);
1022 local->apdevstats.rx_packets++;
1023 local->apdevstats.rx_bytes += skb->len;
1024 goto rx_exit;
1025 }
1026 } else if (!frame_authorized) {
1027 printk(KERN_DEBUG "%s: dropped frame from "
1028 "unauthorized port (IEEE 802.1X): "
1029 "ethertype=0x%04x\n",
1030 dev->name, ethertype);
1031 goto rx_dropped;
1032 }
1033 }
1034
1035 /* convert hdr + possible LLC headers into Ethernet header */
1036 if (skb->len - hdrlen >= 8 &&
1037 ((memcmp(payload, rfc1042_header, 6) == 0 &&
1038 ethertype != ETH_P_AARP && ethertype != ETH_P_IPX) ||
1039 memcmp(payload, bridge_tunnel_header, 6) == 0)) {
1040 /* remove RFC1042 or Bridge-Tunnel encapsulation and
1041 * replace EtherType */
1042 skb_pull(skb, hdrlen + 6);
1043 memcpy(skb_push(skb, ETH_ALEN), src, ETH_ALEN);
1044 memcpy(skb_push(skb, ETH_ALEN), dst, ETH_ALEN);
1045 } else {
1046 __be16 len;
1047 /* Leave Ethernet header part of hdr and full payload */
1048 skb_pull(skb, hdrlen);
1049 len = htons(skb->len);
1050 memcpy(skb_push(skb, 2), &len, 2);
1051 memcpy(skb_push(skb, ETH_ALEN), src, ETH_ALEN);
1052 memcpy(skb_push(skb, ETH_ALEN), dst, ETH_ALEN);
1053 }
1054
1055 if (wds && ((fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) ==
1056 IEEE80211_FCTL_TODS) &&
1057 skb->len >= ETH_HLEN + ETH_ALEN) {
1058 /* Non-standard frame: get addr4 from its bogus location after
1059 * the payload */
1060 skb_copy_from_linear_data_offset(skb, skb->len - ETH_ALEN,
1061 skb->data + ETH_ALEN,
1062 ETH_ALEN);
1063 skb_trim(skb, skb->len - ETH_ALEN);
1064 }
1065
1066 dev->stats.rx_packets++;
1067 dev->stats.rx_bytes += skb->len;
1068
1069 if (local->iw_mode == IW_MODE_MASTER && !wds &&
1070 local->ap->bridge_packets) {
1071 if (dst[0] & 0x01) {
1072 /* copy multicast frame both to the higher layers and
1073 * to the wireless media */
1074 local->ap->bridged_multicast++;
1075 skb2 = skb_clone(skb, GFP_ATOMIC);
1076 if (skb2 == NULL)
1077 printk(KERN_DEBUG "%s: skb_clone failed for "
1078 "multicast frame\n", dev->name);
1079 } else if (hostap_is_sta_authorized(local->ap, dst)) {
1080 /* send frame directly to the associated STA using
1081 * wireless media and not passing to higher layers */
1082 local->ap->bridged_unicast++;
1083 skb2 = skb;
1084 skb = NULL;
1085 }
1086 }
1087
1088 if (skb2 != NULL) {
1089 /* send to wireless media */
1090 skb2->dev = dev;
1091 skb2->protocol = cpu_to_be16(ETH_P_802_3);
1092 skb_reset_mac_header(skb2);
1093 skb_reset_network_header(skb2);
1094 /* skb2->network_header += ETH_HLEN; */
1095 dev_queue_xmit(skb2);
1096 }
1097
1098 if (skb) {
1099 skb->protocol = eth_type_trans(skb, dev);
1100 memset(skb->cb, 0, sizeof(skb->cb));
1101 netif_rx(skb);
1102 }
1103
1104 rx_exit:
1105 if (sta)
1106 hostap_handle_sta_release(sta);
1107 return;
1108
1109 rx_dropped:
1110 dev_kfree_skb(skb);
1111
1112 dev->stats.rx_dropped++;
1113 goto rx_exit;
1114 }
1115
1116
1117 EXPORT_SYMBOL(hostap_80211_rx);
kernel source for telekom puls (alcatel/mediatek)