1 /* src/p80211/p80211conv.c
3 * Ether/802.11 conversions and packet buffer routines
5 * Copyright (C) 1999 AbsoluteValue Systems, Inc. All Rights Reserved.
6 * --------------------------------------------------------------------
10 * The contents of this file are subject to the Mozilla Public
11 * License Version 1.1 (the "License"); you may not use this file
12 * except in compliance with the License. You may obtain a copy of
13 * the License at http://www.mozilla.org/MPL/
15 * Software distributed under the License is distributed on an "AS
16 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
17 * implied. See the License for the specific language governing
18 * rights and limitations under the License.
20 * Alternatively, the contents of this file may be used under the
21 * terms of the GNU Public License version 2 (the "GPL"), in which
22 * case the provisions of the GPL are applicable instead of the
23 * above. If you wish to allow the use of your version of this file
24 * only under the terms of the GPL and not to allow others to use
25 * your version of this file under the MPL, indicate your decision
26 * by deleting the provisions above and replace them with the notice
27 * and other provisions required by the GPL. If you do not delete
28 * the provisions above, a recipient may use your version of this
29 * file under either the MPL or the GPL.
31 * --------------------------------------------------------------------
33 * Inquiries regarding the linux-wlan Open Source project can be
36 * AbsoluteValue Systems Inc.
38 * http://www.linux-wlan.com
40 * --------------------------------------------------------------------
42 * Portions of the development of this software were funded by
43 * Intersil Corporation as part of PRISM(R) chipset product development.
45 * --------------------------------------------------------------------
47 * This file defines the functions that perform Ethernet to/from
48 * 802.11 frame conversions.
50 * --------------------------------------------------------------------
52 /*================================================================*/
55 #include <linux/version.h>
57 #include <linux/module.h>
58 #include <linux/kernel.h>
59 #include <linux/sched.h>
60 #include <linux/types.h>
61 #include <linux/skbuff.h>
62 #include <linux/slab.h>
63 #include <linux/wireless.h>
64 #include <linux/netdevice.h>
65 #include <linux/etherdevice.h>
66 #include <linux/if_ether.h>
68 #include <asm/byteorder.h>
70 #include "wlan_compat.h"
72 /*================================================================*/
73 /* Project Includes */
75 #include "p80211types.h"
76 #include "p80211hdr.h"
77 #include "p80211conv.h"
78 #include "p80211mgmt.h"
79 #include "p80211msg.h"
80 #include "p80211netdev.h"
81 #include "p80211ioctl.h"
82 #include "p80211req.h"
85 /*================================================================*/
88 /*================================================================*/
92 /*================================================================*/
96 /*================================================================*/
97 /* Local Static Definitions */
99 static u8 oui_rfc1042[] = {0x00, 0x00, 0x00};
100 static u8 oui_8021h[] = {0x00, 0x00, 0xf8};
102 /*================================================================*/
103 /* Local Function Declarations */
106 /*================================================================*/
107 /* Function Definitions */
109 /*----------------------------------------------------------------
110 * p80211pb_ether_to_80211
112 * Uses the contents of the ether frame and the etherconv setting
113 * to build the elements of the 802.11 frame.
115 * We don't actually set
116 * up the frame header here. That's the MAC's job. We're only handling
117 * conversion of DIXII or 802.3+LLC frames to something that works
120 * Note -- 802.11 header is NOT part of the skb. Likewise, the 802.11
121 * FCS is also not present and will need to be added elsewhere.
124 * ethconv Conversion type to perform
125 * skb skbuff containing the ether frame
126 * p80211_hdr 802.11 header
129 * 0 on success, non-zero otherwise
132 * May be called in interrupt or non-interrupt context
133 ----------------------------------------------------------------*/
134 int skb_ether_to_p80211( wlandevice_t *wlandev, u32 ethconv, struct sk_buff *skb, p80211_hdr_t *p80211_hdr, p80211_metawep_t *p80211_wep)
145 memcpy(&e_hdr, skb->data, sizeof(e_hdr));
148 WLAN_LOG_DEBUG(1, "zero-length skb!\n");
152 if ( ethconv == WLAN_ETHCONV_ENCAP ) { /* simplest case */
153 WLAN_LOG_DEBUG(3, "ENCAP len: %d\n", skb->len);
154 /* here, we don't care what kind of ether frm. Just stick it */
155 /* in the 80211 payload */
156 /* which is to say, leave the skb alone. */
158 /* step 1: classify ether frame, DIX or 802.3? */
159 proto = ntohs(e_hdr.type);
160 if ( proto <= 1500 ) {
161 WLAN_LOG_DEBUG(3, "802.3 len: %d\n", skb->len);
162 /* codes <= 1500 reserved for 802.3 lengths */
163 /* it's 802.3, pass ether payload unchanged, */
165 /* trim off ethernet header */
166 skb_pull(skb, WLAN_ETHHDR_LEN);
168 /* leave off any PAD octets. */
169 skb_trim(skb, proto);
171 WLAN_LOG_DEBUG(3, "DIXII len: %d\n", skb->len);
172 /* it's DIXII, time for some conversion */
174 /* trim off ethernet header */
175 skb_pull(skb, WLAN_ETHHDR_LEN);
178 e_snap = (wlan_snap_t *) skb_push(skb, sizeof(wlan_snap_t));
179 e_snap->type = htons(proto);
180 if ( ethconv == WLAN_ETHCONV_8021h && p80211_stt_findproto(proto) ) {
181 memcpy( e_snap->oui, oui_8021h, WLAN_IEEE_OUI_LEN);
183 memcpy( e_snap->oui, oui_rfc1042, WLAN_IEEE_OUI_LEN);
187 e_llc = (wlan_llc_t *) skb_push(skb, sizeof(wlan_llc_t));
188 e_llc->dsap = 0xAA; /* SNAP, see IEEE 802 */
195 /* Set up the 802.11 header */
196 /* It's a data frame */
197 fc = host2ieee16( WLAN_SET_FC_FTYPE(WLAN_FTYPE_DATA) |
198 WLAN_SET_FC_FSTYPE(WLAN_FSTYPE_DATAONLY));
200 switch ( wlandev->macmode ) {
201 case WLAN_MACMODE_IBSS_STA:
202 memcpy(p80211_hdr->a3.a1, &e_hdr.daddr, WLAN_ADDR_LEN);
203 memcpy(p80211_hdr->a3.a2, wlandev->netdev->dev_addr, WLAN_ADDR_LEN);
204 memcpy(p80211_hdr->a3.a3, wlandev->bssid, WLAN_ADDR_LEN);
206 case WLAN_MACMODE_ESS_STA:
207 fc |= host2ieee16(WLAN_SET_FC_TODS(1));
208 memcpy(p80211_hdr->a3.a1, wlandev->bssid, WLAN_ADDR_LEN);
209 memcpy(p80211_hdr->a3.a2, wlandev->netdev->dev_addr, WLAN_ADDR_LEN);
210 memcpy(p80211_hdr->a3.a3, &e_hdr.daddr, WLAN_ADDR_LEN);
212 case WLAN_MACMODE_ESS_AP:
213 fc |= host2ieee16(WLAN_SET_FC_FROMDS(1));
214 memcpy(p80211_hdr->a3.a1, &e_hdr.daddr, WLAN_ADDR_LEN);
215 memcpy(p80211_hdr->a3.a2, wlandev->bssid, WLAN_ADDR_LEN);
216 memcpy(p80211_hdr->a3.a3, &e_hdr.saddr, WLAN_ADDR_LEN);
219 WLAN_LOG_ERROR("Error: Converting eth to wlan in unknown mode.\n");
224 p80211_wep->data = NULL;
226 if ((wlandev->hostwep & HOSTWEP_PRIVACYINVOKED) && (wlandev->hostwep & HOSTWEP_ENCRYPT)) {
227 // XXXX need to pick keynum other than default?
230 p80211_wep->data = kmalloc(skb->len, GFP_ATOMIC);
232 p80211_wep->data = skb->data;
235 if ((foo = wep_encrypt(wlandev, skb->data, p80211_wep->data,
237 (wlandev->hostwep & HOSTWEP_DEFAULTKEY_MASK),
238 p80211_wep->iv, p80211_wep->icv))) {
239 WLAN_LOG_WARNING("Host en-WEP failed, dropping frame (%d).\n", foo);
242 fc |= host2ieee16(WLAN_SET_FC_ISWEP(1));
246 // skb->nh.raw = skb->data;
248 p80211_hdr->a3.fc = fc;
249 p80211_hdr->a3.dur = 0;
250 p80211_hdr->a3.seq = 0;
256 /* jkriegl: from orinoco, modified */
257 static void orinoco_spy_gather(wlandevice_t *wlandev, char *mac,
258 p80211_rxmeta_t *rxmeta)
262 /* Gather wireless spy statistics: for each packet, compare the
263 * source address with out list, and if match, get the stats... */
265 for (i = 0; i < wlandev->spy_number; i++) {
267 if (!memcmp(wlandev->spy_address[i], mac, ETH_ALEN)) {
268 memcpy(wlandev->spy_address[i], mac, ETH_ALEN);
269 wlandev->spy_stat[i].level = rxmeta->signal;
270 wlandev->spy_stat[i].noise = rxmeta->noise;
271 wlandev->spy_stat[i].qual = (rxmeta->signal > rxmeta->noise) ? \
272 (rxmeta->signal - rxmeta->noise) : 0;
273 wlandev->spy_stat[i].updated = 0x7;
278 /*----------------------------------------------------------------
279 * p80211pb_80211_to_ether
281 * Uses the contents of a received 802.11 frame and the etherconv
282 * setting to build an ether frame.
284 * This function extracts the src and dest address from the 802.11
285 * frame to use in the construction of the eth frame.
288 * ethconv Conversion type to perform
289 * skb Packet buffer containing the 802.11 frame
292 * 0 on success, non-zero otherwise
295 * May be called in interrupt or non-interrupt context
296 ----------------------------------------------------------------*/
297 int skb_p80211_to_ether( wlandevice_t *wlandev, u32 ethconv, struct sk_buff *skb)
299 netdevice_t *netdev = wlandev->netdev;
301 unsigned int payload_length;
302 unsigned int payload_offset;
303 u8 daddr[WLAN_ETHADDR_LEN];
304 u8 saddr[WLAN_ETHADDR_LEN];
306 wlan_ethhdr_t *e_hdr;
314 payload_length = skb->len - WLAN_HDR_A3_LEN - WLAN_CRC_LEN;
315 payload_offset = WLAN_HDR_A3_LEN;
317 w_hdr = (p80211_hdr_t *) skb->data;
319 /* setup some vars for convenience */
320 fc = ieee2host16(w_hdr->a3.fc);
321 if ( (WLAN_GET_FC_TODS(fc) == 0) && (WLAN_GET_FC_FROMDS(fc) == 0) ) {
322 memcpy(daddr, w_hdr->a3.a1, WLAN_ETHADDR_LEN);
323 memcpy(saddr, w_hdr->a3.a2, WLAN_ETHADDR_LEN);
324 } else if( (WLAN_GET_FC_TODS(fc) == 0) && (WLAN_GET_FC_FROMDS(fc) == 1) ) {
325 memcpy(daddr, w_hdr->a3.a1, WLAN_ETHADDR_LEN);
326 memcpy(saddr, w_hdr->a3.a3, WLAN_ETHADDR_LEN);
327 } else if( (WLAN_GET_FC_TODS(fc) == 1) && (WLAN_GET_FC_FROMDS(fc) == 0) ) {
328 memcpy(daddr, w_hdr->a3.a3, WLAN_ETHADDR_LEN);
329 memcpy(saddr, w_hdr->a3.a2, WLAN_ETHADDR_LEN);
331 payload_offset = WLAN_HDR_A4_LEN;
332 payload_length -= ( WLAN_HDR_A4_LEN - WLAN_HDR_A3_LEN );
333 if (payload_length < 0 ) {
334 WLAN_LOG_ERROR("A4 frame too short!\n");
337 memcpy(daddr, w_hdr->a4.a3, WLAN_ETHADDR_LEN);
338 memcpy(saddr, w_hdr->a4.a4, WLAN_ETHADDR_LEN);
341 /* perform de-wep if necessary.. */
342 if ((wlandev->hostwep & HOSTWEP_PRIVACYINVOKED) && WLAN_GET_FC_ISWEP(fc) && (wlandev->hostwep & HOSTWEP_DECRYPT)) {
343 if (payload_length <= 8) {
344 WLAN_LOG_ERROR("WEP frame too short (%u).\n",
348 if ((foo = wep_decrypt(wlandev, skb->data + payload_offset + 4,
349 payload_length - 8, -1,
350 skb->data + payload_offset,
351 skb->data + payload_offset + payload_length - 4))) {
352 /* de-wep failed, drop skb. */
353 WLAN_LOG_DEBUG(1, "Host de-WEP failed, dropping frame (%d).\n", foo);
354 wlandev->rx.decrypt_err++;
358 /* subtract the IV+ICV length off the payload */
360 /* chop off the IV */
362 /* chop off the ICV. */
363 skb_trim(skb, skb->len - 4);
365 wlandev->rx.decrypt++;
368 e_hdr = (wlan_ethhdr_t *) (skb->data + payload_offset);
370 e_llc = (wlan_llc_t *) (skb->data + payload_offset);
371 e_snap = (wlan_snap_t *) (skb->data + payload_offset + sizeof(wlan_llc_t));
373 /* Test for the various encodings */
374 if ( (payload_length >= sizeof(wlan_ethhdr_t)) &&
375 ( e_llc->dsap != 0xaa || e_llc->ssap != 0xaa ) &&
376 ((memcmp(daddr, e_hdr->daddr, WLAN_ETHADDR_LEN) == 0) ||
377 (memcmp(saddr, e_hdr->saddr, WLAN_ETHADDR_LEN) == 0))) {
378 WLAN_LOG_DEBUG(3, "802.3 ENCAP len: %d\n", payload_length);
379 /* 802.3 Encapsulated */
380 /* Test for an overlength frame */
381 if ( payload_length > (netdev->mtu + WLAN_ETHHDR_LEN)) {
382 /* A bogus length ethfrm has been encap'd. */
383 /* Is someone trying an oflow attack? */
384 WLAN_LOG_ERROR("ENCAP frame too large (%d > %d)\n",
385 payload_length, netdev->mtu + WLAN_ETHHDR_LEN);
389 /* Chop off the 802.11 header. it's already sane. */
390 skb_pull(skb, payload_offset);
391 /* chop off the 802.11 CRC */
392 skb_trim(skb, skb->len - WLAN_CRC_LEN);
394 } else if ((payload_length >= sizeof(wlan_llc_t) + sizeof(wlan_snap_t)) &&
395 (e_llc->dsap == 0xaa) &&
396 (e_llc->ssap == 0xaa) &&
397 (e_llc->ctl == 0x03) &&
398 (((memcmp( e_snap->oui, oui_rfc1042, WLAN_IEEE_OUI_LEN)==0) &&
399 (ethconv == WLAN_ETHCONV_8021h) &&
400 (p80211_stt_findproto(ieee2host16(e_snap->type)))) ||
401 (memcmp( e_snap->oui, oui_rfc1042, WLAN_IEEE_OUI_LEN)!=0)))
403 WLAN_LOG_DEBUG(3, "SNAP+RFC1042 len: %d\n", payload_length);
404 /* it's a SNAP + RFC1042 frame && protocol is in STT */
405 /* build 802.3 + RFC1042 */
407 /* Test for an overlength frame */
408 if ( payload_length > netdev->mtu ) {
409 /* A bogus length ethfrm has been sent. */
410 /* Is someone trying an oflow attack? */
411 WLAN_LOG_ERROR("SNAP frame too large (%d > %d)\n",
412 payload_length, netdev->mtu);
416 /* chop 802.11 header from skb. */
417 skb_pull(skb, payload_offset);
419 /* create 802.3 header at beginning of skb. */
420 e_hdr = (wlan_ethhdr_t *) skb_push(skb, WLAN_ETHHDR_LEN);
421 memcpy(e_hdr->daddr, daddr, WLAN_ETHADDR_LEN);
422 memcpy(e_hdr->saddr, saddr, WLAN_ETHADDR_LEN);
423 e_hdr->type = htons(payload_length);
425 /* chop off the 802.11 CRC */
426 skb_trim(skb, skb->len - WLAN_CRC_LEN);
428 } else if ((payload_length >= sizeof(wlan_llc_t) + sizeof(wlan_snap_t)) &&
429 (e_llc->dsap == 0xaa) &&
430 (e_llc->ssap == 0xaa) &&
431 (e_llc->ctl == 0x03) ) {
432 WLAN_LOG_DEBUG(3, "802.1h/RFC1042 len: %d\n", payload_length);
433 /* it's an 802.1h frame || (an RFC1042 && protocol is not in STT) */
434 /* build a DIXII + RFC894 */
436 /* Test for an overlength frame */
437 if ((payload_length - sizeof(wlan_llc_t) - sizeof(wlan_snap_t))
439 /* A bogus length ethfrm has been sent. */
440 /* Is someone trying an oflow attack? */
441 WLAN_LOG_ERROR("DIXII frame too large (%ld > %d)\n",
442 (long int) (payload_length - sizeof(wlan_llc_t) -
443 sizeof(wlan_snap_t)),
448 /* chop 802.11 header from skb. */
449 skb_pull(skb, payload_offset);
451 /* chop llc header from skb. */
452 skb_pull(skb, sizeof(wlan_llc_t));
454 /* chop snap header from skb. */
455 skb_pull(skb, sizeof(wlan_snap_t));
457 /* create 802.3 header at beginning of skb. */
458 e_hdr = (wlan_ethhdr_t *) skb_push(skb, WLAN_ETHHDR_LEN);
459 e_hdr->type = e_snap->type;
460 memcpy(e_hdr->daddr, daddr, WLAN_ETHADDR_LEN);
461 memcpy(e_hdr->saddr, saddr, WLAN_ETHADDR_LEN);
463 /* chop off the 802.11 CRC */
464 skb_trim(skb, skb->len - WLAN_CRC_LEN);
466 WLAN_LOG_DEBUG(3, "NON-ENCAP len: %d\n", payload_length);
468 /* it's a generic 80211+LLC or IPX 'Raw 802.3' */
469 /* build an 802.3 frame */
470 /* allocate space and setup hostbuf */
472 /* Test for an overlength frame */
473 if ( payload_length > netdev->mtu ) {
474 /* A bogus length ethfrm has been sent. */
475 /* Is someone trying an oflow attack? */
476 WLAN_LOG_ERROR("OTHER frame too large (%d > %d)\n",
482 /* Chop off the 802.11 header. */
483 skb_pull(skb, payload_offset);
485 /* create 802.3 header at beginning of skb. */
486 e_hdr = (wlan_ethhdr_t *) skb_push(skb, WLAN_ETHHDR_LEN);
487 memcpy(e_hdr->daddr, daddr, WLAN_ETHADDR_LEN);
488 memcpy(e_hdr->saddr, saddr, WLAN_ETHADDR_LEN);
489 e_hdr->type = htons(payload_length);
491 /* chop off the 802.11 CRC */
492 skb_trim(skb, skb->len - WLAN_CRC_LEN);
497 * Note that eth_type_trans() expects an skb w/ skb->data pointing
498 * at the MAC header, it then sets the following skb members:
502 * It then _returns_ the value that _we're_ supposed to stuff in
503 * skb->protocol. This is nuts.
505 skb->protocol = eth_type_trans(skb, netdev);
507 /* jkriegl: process signal and noise as set in hfa384x_int_rx() */
508 /* jkriegl: only process signal/noise if requested by iwspy */
509 if (wlandev->spy_number)
510 orinoco_spy_gather(wlandev, eth_hdr(skb)->h_source, P80211SKB_RXMETA(skb));
512 /* Free the metadata */
513 p80211skb_rxmeta_detach(skb);
519 /*----------------------------------------------------------------
520 * p80211_stt_findproto
522 * Searches the 802.1h Selective Translation Table for a given
526 * proto protocl number (in host order) to search for.
529 * 1 - if the table is empty or a match is found.
530 * 0 - if the table is non-empty and a match is not found.
533 * May be called in interrupt or non-interrupt context
534 ----------------------------------------------------------------*/
535 int p80211_stt_findproto(u16 proto)
537 /* Always return found for now. This is the behavior used by the */
538 /* Zoom Win95 driver when 802.1h mode is selected */
539 /* TODO: If necessary, add an actual search we'll probably
540 need this to match the CMAC's way of doing things.
541 Need to do some testing to confirm.
544 if (proto == 0x80f3) /* APPLETALK */
550 /*----------------------------------------------------------------
551 * p80211skb_rxmeta_detach
553 * Disconnects the frmmeta and rxmeta from an skb.
556 * wlandev The wlandev this skb belongs to.
557 * skb The skb we're attaching to.
560 * 0 on success, non-zero otherwise
563 * May be called in interrupt or non-interrupt context
564 ----------------------------------------------------------------*/
566 p80211skb_rxmeta_detach(struct sk_buff *skb)
568 p80211_rxmeta_t *rxmeta;
569 p80211_frmmeta_t *frmmeta;
573 if ( skb==NULL ) { /* bad skb */
574 WLAN_LOG_DEBUG(1, "Called w/ null skb.\n");
577 frmmeta = P80211SKB_FRMMETA(skb);
578 if ( frmmeta == NULL ) { /* no magic */
579 WLAN_LOG_DEBUG(1, "Called w/ bad frmmeta magic.\n");
582 rxmeta = frmmeta->rx;
583 if ( rxmeta == NULL ) { /* bad meta ptr */
584 WLAN_LOG_DEBUG(1, "Called w/ bad rxmeta ptr.\n");
592 memset(skb->cb, 0, sizeof(skb->cb));
598 /*----------------------------------------------------------------
599 * p80211skb_rxmeta_attach
601 * Allocates a p80211rxmeta structure, initializes it, and attaches
605 * wlandev The wlandev this skb belongs to.
606 * skb The skb we're attaching to.
609 * 0 on success, non-zero otherwise
612 * May be called in interrupt or non-interrupt context
613 ----------------------------------------------------------------*/
615 p80211skb_rxmeta_attach(struct wlandevice *wlandev, struct sk_buff *skb)
618 p80211_rxmeta_t *rxmeta;
619 p80211_frmmeta_t *frmmeta;
623 /* If these already have metadata, we error out! */
624 if (P80211SKB_RXMETA(skb) != NULL) {
625 WLAN_LOG_ERROR("%s: RXmeta already attached!\n",
631 /* Allocate the rxmeta */
632 rxmeta = kmalloc(sizeof(p80211_rxmeta_t), GFP_ATOMIC);
634 if ( rxmeta == NULL ) {
635 WLAN_LOG_ERROR("%s: Failed to allocate rxmeta.\n",
641 /* Initialize the rxmeta */
642 memset(rxmeta, 0, sizeof(p80211_rxmeta_t));
643 rxmeta->wlandev = wlandev;
644 rxmeta->hosttime = jiffies;
646 /* Overlay a frmmeta_t onto skb->cb */
647 memset(skb->cb, 0, sizeof(p80211_frmmeta_t));
648 frmmeta = (p80211_frmmeta_t*)(skb->cb);
649 frmmeta->magic = P80211_FRMMETA_MAGIC;
650 frmmeta->rx = rxmeta;
656 /*----------------------------------------------------------------
659 * Frees an entire p80211skb by checking and freeing the meta struct
660 * and then freeing the skb.
663 * wlandev The wlandev this skb belongs to.
664 * skb The skb we're attaching to.
667 * 0 on success, non-zero otherwise
670 * May be called in interrupt or non-interrupt context
671 ----------------------------------------------------------------*/
673 p80211skb_free(struct wlandevice *wlandev, struct sk_buff *skb)
675 p80211_frmmeta_t *meta;
677 meta = P80211SKB_FRMMETA(skb);
678 if ( meta && meta->rx) {
679 p80211skb_rxmeta_detach(skb);
681 WLAN_LOG_ERROR("Freeing an skb (%p) w/ no frmmeta.\n", skb);