2 * Copyright 2002-2005, Instant802 Networks, Inc.
3 * Copyright 2005-2006, Devicescape Software, Inc.
4 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
5 * Copyright 2007 Johannes Berg <johannes@sipsolutions.net>
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as
9 * published by the Free Software Foundation.
12 #include <linux/kernel.h>
13 #include <linux/skbuff.h>
14 #include <linux/netdevice.h>
15 #include <linux/etherdevice.h>
16 #include <net/iw_handler.h>
17 #include <net/mac80211.h>
18 #include <net/ieee80211_radiotap.h>
20 #include "ieee80211_i.h"
21 #include "ieee80211_led.h"
22 #include "ieee80211_common.h"
30 * these don't have dev/sdata fields in the rx data
31 * The sta value should also not be used because it may
32 * be NULL even though a STA (in IBSS mode) will be added.
35 static ieee80211_txrx_result
36 ieee80211_rx_h_parse_qos(struct ieee80211_txrx_data *rx)
38 u8 *data = rx->skb->data;
41 /* does the frame have a qos control field? */
42 if (WLAN_FC_IS_QOS_DATA(rx->fc)) {
43 u8 *qc = data + ieee80211_get_hdrlen(rx->fc) - QOS_CONTROL_LEN;
44 /* frame has qos control */
45 tid = qc[0] & QOS_CONTROL_TID_MASK;
47 if (unlikely((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_MGMT)) {
48 /* Separate TID for management frames */
49 tid = NUM_RX_DATA_QUEUES - 1;
51 /* no qos control present */
52 tid = 0; /* 802.1d - Best Effort */
56 I802_DEBUG_INC(rx->local->wme_rx_queue[tid]);
57 /* only a debug counter, sta might not be assigned properly yet */
59 I802_DEBUG_INC(rx->sta->wme_rx_queue[tid]);
62 /* Set skb->priority to 1d tag if highest order bit of TID is not set.
63 * For now, set skb->priority to 0 for other cases. */
64 rx->skb->priority = (tid > 7) ? 0 : tid;
69 static ieee80211_txrx_result
70 ieee80211_rx_h_load_stats(struct ieee80211_txrx_data *rx)
72 struct ieee80211_local *local = rx->local;
73 struct sk_buff *skb = rx->skb;
74 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
75 u32 load = 0, hdrtime;
76 struct ieee80211_rate *rate;
77 struct ieee80211_hw_mode *mode = local->hw.conf.mode;
80 /* Estimate total channel use caused by this frame */
82 if (unlikely(mode->num_rates < 0))
85 rate = &mode->rates[0];
86 for (i = 0; i < mode->num_rates; i++) {
87 if (mode->rates[i].val == rx->u.rx.status->rate) {
88 rate = &mode->rates[i];
93 /* 1 bit at 1 Mbit/s takes 1 usec; in channel_use values,
94 * 1 usec = 1/8 * (1080 / 10) = 13.5 */
96 if (mode->mode == MODE_IEEE80211A ||
97 mode->mode == MODE_ATHEROS_TURBO ||
98 mode->mode == MODE_ATHEROS_TURBOG ||
99 (mode->mode == MODE_IEEE80211G &&
100 rate->flags & IEEE80211_RATE_ERP))
101 hdrtime = CHAN_UTIL_HDR_SHORT;
103 hdrtime = CHAN_UTIL_HDR_LONG;
106 if (!is_multicast_ether_addr(hdr->addr1))
109 load += skb->len * rate->rate_inv;
111 /* Divide channel_use by 8 to avoid wrapping around the counter */
112 load >>= CHAN_UTIL_SHIFT;
113 local->channel_use_raw += load;
114 rx->u.rx.load = load;
116 return TXRX_CONTINUE;
119 ieee80211_rx_handler ieee80211_rx_pre_handlers[] =
121 ieee80211_rx_h_parse_qos,
122 ieee80211_rx_h_load_stats,
128 static ieee80211_txrx_result
129 ieee80211_rx_h_if_stats(struct ieee80211_txrx_data *rx)
132 rx->sta->channel_use_raw += rx->u.rx.load;
133 rx->sdata->channel_use_raw += rx->u.rx.load;
134 return TXRX_CONTINUE;
138 ieee80211_rx_monitor(struct net_device *dev, struct sk_buff *skb,
139 struct ieee80211_rx_status *status)
141 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
142 struct ieee80211_sub_if_data *sdata;
143 struct ieee80211_rate *rate;
144 struct ieee80211_rtap_hdr {
145 struct ieee80211_radiotap_header hdr;
151 } __attribute__ ((packed)) *rthdr;
155 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
157 if (status->flag & RX_FLAG_RADIOTAP)
160 if (skb_headroom(skb) < sizeof(*rthdr)) {
161 I802_DEBUG_INC(local->rx_expand_skb_head);
162 if (pskb_expand_head(skb, sizeof(*rthdr), 0, GFP_ATOMIC)) {
168 rthdr = (struct ieee80211_rtap_hdr *) skb_push(skb, sizeof(*rthdr));
169 memset(rthdr, 0, sizeof(*rthdr));
170 rthdr->hdr.it_len = cpu_to_le16(sizeof(*rthdr));
171 rthdr->hdr.it_present =
172 cpu_to_le32((1 << IEEE80211_RADIOTAP_FLAGS) |
173 (1 << IEEE80211_RADIOTAP_RATE) |
174 (1 << IEEE80211_RADIOTAP_CHANNEL) |
175 (1 << IEEE80211_RADIOTAP_DB_ANTSIGNAL));
176 rthdr->flags = local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS ?
177 IEEE80211_RADIOTAP_F_FCS : 0;
178 rate = ieee80211_get_rate(local, status->phymode, status->rate);
180 rthdr->rate = rate->rate / 5;
181 rthdr->chan_freq = cpu_to_le16(status->freq);
183 status->phymode == MODE_IEEE80211A ?
184 cpu_to_le16(IEEE80211_CHAN_OFDM | IEEE80211_CHAN_5GHZ) :
185 cpu_to_le16(IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ);
186 rthdr->antsignal = status->ssi;
189 sdata->stats.rx_packets++;
190 sdata->stats.rx_bytes += skb->len;
192 skb_set_mac_header(skb, 0);
193 skb->ip_summed = CHECKSUM_UNNECESSARY;
194 skb->pkt_type = PACKET_OTHERHOST;
195 skb->protocol = htons(ETH_P_802_2);
196 memset(skb->cb, 0, sizeof(skb->cb));
200 static ieee80211_txrx_result
201 ieee80211_rx_h_monitor(struct ieee80211_txrx_data *rx)
203 if (rx->sdata->type == IEEE80211_IF_TYPE_MNTR) {
204 ieee80211_rx_monitor(rx->dev, rx->skb, rx->u.rx.status);
208 if (rx->u.rx.status->flag & RX_FLAG_RADIOTAP)
209 skb_pull(rx->skb, ieee80211_get_radiotap_len(rx->skb->data));
211 return TXRX_CONTINUE;
214 static ieee80211_txrx_result
215 ieee80211_rx_h_passive_scan(struct ieee80211_txrx_data *rx)
217 struct ieee80211_local *local = rx->local;
218 struct sk_buff *skb = rx->skb;
220 if (unlikely(local->sta_scanning != 0)) {
221 ieee80211_sta_rx_scan(rx->dev, skb, rx->u.rx.status);
225 if (unlikely(rx->u.rx.in_scan)) {
226 /* scanning finished during invoking of handlers */
227 I802_DEBUG_INC(local->rx_handlers_drop_passive_scan);
231 return TXRX_CONTINUE;
234 static ieee80211_txrx_result
235 ieee80211_rx_h_check(struct ieee80211_txrx_data *rx)
237 struct ieee80211_hdr *hdr;
238 hdr = (struct ieee80211_hdr *) rx->skb->data;
240 /* Drop duplicate 802.11 retransmissions (IEEE 802.11 Chap. 9.2.9) */
241 if (rx->sta && !is_multicast_ether_addr(hdr->addr1)) {
242 if (unlikely(rx->fc & IEEE80211_FCTL_RETRY &&
243 rx->sta->last_seq_ctrl[rx->u.rx.queue] ==
245 if (rx->u.rx.ra_match) {
246 rx->local->dot11FrameDuplicateCount++;
247 rx->sta->num_duplicates++;
251 rx->sta->last_seq_ctrl[rx->u.rx.queue] = hdr->seq_ctrl;
254 if ((rx->local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS) &&
255 rx->skb->len > FCS_LEN)
256 skb_trim(rx->skb, rx->skb->len - FCS_LEN);
258 if (unlikely(rx->skb->len < 16)) {
259 I802_DEBUG_INC(rx->local->rx_handlers_drop_short);
263 if (!rx->u.rx.ra_match)
264 rx->skb->pkt_type = PACKET_OTHERHOST;
265 else if (compare_ether_addr(rx->dev->dev_addr, hdr->addr1) == 0)
266 rx->skb->pkt_type = PACKET_HOST;
267 else if (is_multicast_ether_addr(hdr->addr1)) {
268 if (is_broadcast_ether_addr(hdr->addr1))
269 rx->skb->pkt_type = PACKET_BROADCAST;
271 rx->skb->pkt_type = PACKET_MULTICAST;
273 rx->skb->pkt_type = PACKET_OTHERHOST;
275 /* Drop disallowed frame classes based on STA auth/assoc state;
276 * IEEE 802.11, Chap 5.5.
278 * 80211.o does filtering only based on association state, i.e., it
279 * drops Class 3 frames from not associated stations. hostapd sends
280 * deauth/disassoc frames when needed. In addition, hostapd is
281 * responsible for filtering on both auth and assoc states.
283 if (unlikely(((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA ||
284 ((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_CTL &&
285 (rx->fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_PSPOLL)) &&
286 rx->sdata->type != IEEE80211_IF_TYPE_IBSS &&
287 (!rx->sta || !(rx->sta->flags & WLAN_STA_ASSOC)))) {
288 if ((!(rx->fc & IEEE80211_FCTL_FROMDS) &&
289 !(rx->fc & IEEE80211_FCTL_TODS) &&
290 (rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA)
291 || !rx->u.rx.ra_match) {
292 /* Drop IBSS frames and frames for other hosts
297 if (!rx->local->apdev)
300 ieee80211_rx_mgmt(rx->local, rx->skb, rx->u.rx.status,
301 ieee80211_msg_sta_not_assoc);
305 return TXRX_CONTINUE;
309 static ieee80211_txrx_result
310 ieee80211_rx_h_load_key(struct ieee80211_txrx_data *rx)
312 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
315 if (rx->sdata->type == IEEE80211_IF_TYPE_STA)
320 if (rx->sta && rx->sta->key && always_sta_key) {
321 rx->key = rx->sta->key;
323 if (rx->sta && rx->sta->key)
324 rx->key = rx->sta->key;
326 rx->key = rx->sdata->default_key;
328 if ((rx->local->hw.flags & IEEE80211_HW_WEP_INCLUDE_IV) &&
329 rx->fc & IEEE80211_FCTL_PROTECTED) {
330 int keyidx = ieee80211_wep_get_keyidx(rx->skb);
332 if (keyidx >= 0 && keyidx < NUM_DEFAULT_KEYS &&
333 (!rx->sta || !rx->sta->key || keyidx > 0))
334 rx->key = rx->sdata->keys[keyidx];
337 if (!rx->u.rx.ra_match)
340 printk(KERN_DEBUG "%s: RX WEP frame "
341 "with unknown keyidx %d "
344 " A3=" MAC_FMT ")\n",
345 rx->dev->name, keyidx,
348 MAC_ARG(hdr->addr3));
350 * TODO: notify userspace about this
358 if (rx->fc & IEEE80211_FCTL_PROTECTED && rx->key && rx->u.rx.ra_match) {
359 rx->key->tx_rx_count++;
360 if (unlikely(rx->local->key_tx_rx_threshold &&
361 rx->key->tx_rx_count >
362 rx->local->key_tx_rx_threshold)) {
363 ieee80211_key_threshold_notify(rx->dev, rx->key,
368 return TXRX_CONTINUE;
371 static void ap_sta_ps_start(struct net_device *dev, struct sta_info *sta)
373 struct ieee80211_sub_if_data *sdata;
374 sdata = IEEE80211_DEV_TO_SUB_IF(sta->dev);
377 atomic_inc(&sdata->bss->num_sta_ps);
378 sta->flags |= WLAN_STA_PS;
380 #ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
381 printk(KERN_DEBUG "%s: STA " MAC_FMT " aid %d enters power "
382 "save mode\n", dev->name, MAC_ARG(sta->addr), sta->aid);
383 #endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
386 static int ap_sta_ps_end(struct net_device *dev, struct sta_info *sta)
388 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
391 struct ieee80211_sub_if_data *sdata;
392 struct ieee80211_tx_packet_data *pkt_data;
394 sdata = IEEE80211_DEV_TO_SUB_IF(sta->dev);
396 atomic_dec(&sdata->bss->num_sta_ps);
397 sta->flags &= ~(WLAN_STA_PS | WLAN_STA_TIM);
399 if (!skb_queue_empty(&sta->ps_tx_buf)) {
400 if (local->ops->set_tim)
401 local->ops->set_tim(local_to_hw(local), sta->aid, 0);
403 bss_tim_clear(local, sdata->bss, sta->aid);
405 #ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
406 printk(KERN_DEBUG "%s: STA " MAC_FMT " aid %d exits power "
407 "save mode\n", dev->name, MAC_ARG(sta->addr), sta->aid);
408 #endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
409 /* Send all buffered frames to the station */
410 while ((skb = skb_dequeue(&sta->tx_filtered)) != NULL) {
411 pkt_data = (struct ieee80211_tx_packet_data *) skb->cb;
413 pkt_data->requeue = 1;
416 while ((skb = skb_dequeue(&sta->ps_tx_buf)) != NULL) {
417 pkt_data = (struct ieee80211_tx_packet_data *) skb->cb;
418 local->total_ps_buffered--;
420 #ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
421 printk(KERN_DEBUG "%s: STA " MAC_FMT " aid %d send PS frame "
422 "since STA not sleeping anymore\n", dev->name,
423 MAC_ARG(sta->addr), sta->aid);
424 #endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
425 pkt_data->requeue = 1;
432 static ieee80211_txrx_result
433 ieee80211_rx_h_sta_process(struct ieee80211_txrx_data *rx)
435 struct sta_info *sta = rx->sta;
436 struct net_device *dev = rx->dev;
437 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
440 return TXRX_CONTINUE;
442 /* Update last_rx only for IBSS packets which are for the current
443 * BSSID to avoid keeping the current IBSS network alive in cases where
444 * other STAs are using different BSSID. */
445 if (rx->sdata->type == IEEE80211_IF_TYPE_IBSS) {
446 u8 *bssid = ieee80211_get_bssid(hdr, rx->skb->len);
447 if (compare_ether_addr(bssid, rx->sdata->u.sta.bssid) == 0)
448 sta->last_rx = jiffies;
450 if (!is_multicast_ether_addr(hdr->addr1) ||
451 rx->sdata->type == IEEE80211_IF_TYPE_STA) {
452 /* Update last_rx only for unicast frames in order to prevent
453 * the Probe Request frames (the only broadcast frames from a
454 * STA in infrastructure mode) from keeping a connection alive.
456 sta->last_rx = jiffies;
459 if (!rx->u.rx.ra_match)
460 return TXRX_CONTINUE;
463 sta->rx_bytes += rx->skb->len;
464 sta->last_rssi = (sta->last_rssi * 15 +
465 rx->u.rx.status->ssi) / 16;
466 sta->last_signal = (sta->last_signal * 15 +
467 rx->u.rx.status->signal) / 16;
468 sta->last_noise = (sta->last_noise * 15 +
469 rx->u.rx.status->noise) / 16;
471 if (!(rx->fc & IEEE80211_FCTL_MOREFRAGS)) {
472 /* Change STA power saving mode only in the end of a frame
473 * exchange sequence */
474 if ((sta->flags & WLAN_STA_PS) && !(rx->fc & IEEE80211_FCTL_PM))
475 rx->u.rx.sent_ps_buffered += ap_sta_ps_end(dev, sta);
476 else if (!(sta->flags & WLAN_STA_PS) &&
477 (rx->fc & IEEE80211_FCTL_PM))
478 ap_sta_ps_start(dev, sta);
481 /* Drop data::nullfunc frames silently, since they are used only to
482 * control station power saving mode. */
483 if ((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA &&
484 (rx->fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_NULLFUNC) {
485 I802_DEBUG_INC(rx->local->rx_handlers_drop_nullfunc);
486 /* Update counter and free packet here to avoid counting this
487 * as a dropped packed. */
489 dev_kfree_skb(rx->skb);
493 return TXRX_CONTINUE;
494 } /* ieee80211_rx_h_sta_process */
496 static ieee80211_txrx_result
497 ieee80211_rx_h_wep_weak_iv_detection(struct ieee80211_txrx_data *rx)
499 if (!rx->sta || !(rx->fc & IEEE80211_FCTL_PROTECTED) ||
500 (rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA ||
501 !rx->key || rx->key->alg != ALG_WEP || !rx->u.rx.ra_match)
502 return TXRX_CONTINUE;
504 /* Check for weak IVs, if hwaccel did not remove IV from the frame */
505 if ((rx->local->hw.flags & IEEE80211_HW_WEP_INCLUDE_IV) ||
506 rx->key->force_sw_encrypt) {
507 u8 *iv = ieee80211_wep_is_weak_iv(rx->skb, rx->key);
509 rx->sta->wep_weak_iv_count++;
513 return TXRX_CONTINUE;
516 static ieee80211_txrx_result
517 ieee80211_rx_h_wep_decrypt(struct ieee80211_txrx_data *rx)
519 /* If the device handles decryption totally, skip this test */
520 if (rx->local->hw.flags & IEEE80211_HW_DEVICE_HIDES_WEP)
521 return TXRX_CONTINUE;
523 if ((rx->key && rx->key->alg != ALG_WEP) ||
524 !(rx->fc & IEEE80211_FCTL_PROTECTED) ||
525 ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA &&
526 ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT ||
527 (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_AUTH)))
528 return TXRX_CONTINUE;
532 printk(KERN_DEBUG "%s: RX WEP frame, but no key set\n",
537 if (!(rx->u.rx.status->flag & RX_FLAG_DECRYPTED) ||
538 rx->key->force_sw_encrypt) {
539 if (ieee80211_wep_decrypt(rx->local, rx->skb, rx->key)) {
541 printk(KERN_DEBUG "%s: RX WEP frame, decrypt "
542 "failed\n", rx->dev->name);
545 } else if (rx->local->hw.flags & IEEE80211_HW_WEP_INCLUDE_IV) {
546 ieee80211_wep_remove_iv(rx->local, rx->skb, rx->key);
548 skb_trim(rx->skb, rx->skb->len - 4);
551 return TXRX_CONTINUE;
554 static inline struct ieee80211_fragment_entry *
555 ieee80211_reassemble_add(struct ieee80211_sub_if_data *sdata,
556 unsigned int frag, unsigned int seq, int rx_queue,
557 struct sk_buff **skb)
559 struct ieee80211_fragment_entry *entry;
562 idx = sdata->fragment_next;
563 entry = &sdata->fragments[sdata->fragment_next++];
564 if (sdata->fragment_next >= IEEE80211_FRAGMENT_MAX)
565 sdata->fragment_next = 0;
567 if (!skb_queue_empty(&entry->skb_list)) {
568 #ifdef CONFIG_MAC80211_DEBUG
569 struct ieee80211_hdr *hdr =
570 (struct ieee80211_hdr *) entry->skb_list.next->data;
571 printk(KERN_DEBUG "%s: RX reassembly removed oldest "
572 "fragment entry (idx=%d age=%lu seq=%d last_frag=%d "
573 "addr1=" MAC_FMT " addr2=" MAC_FMT "\n",
574 sdata->dev->name, idx,
575 jiffies - entry->first_frag_time, entry->seq,
576 entry->last_frag, MAC_ARG(hdr->addr1),
577 MAC_ARG(hdr->addr2));
578 #endif /* CONFIG_MAC80211_DEBUG */
579 __skb_queue_purge(&entry->skb_list);
582 __skb_queue_tail(&entry->skb_list, *skb); /* no need for locking */
584 entry->first_frag_time = jiffies;
586 entry->rx_queue = rx_queue;
587 entry->last_frag = frag;
589 entry->extra_len = 0;
594 static inline struct ieee80211_fragment_entry *
595 ieee80211_reassemble_find(struct ieee80211_sub_if_data *sdata,
596 u16 fc, unsigned int frag, unsigned int seq,
597 int rx_queue, struct ieee80211_hdr *hdr)
599 struct ieee80211_fragment_entry *entry;
602 idx = sdata->fragment_next;
603 for (i = 0; i < IEEE80211_FRAGMENT_MAX; i++) {
604 struct ieee80211_hdr *f_hdr;
609 idx = IEEE80211_FRAGMENT_MAX - 1;
611 entry = &sdata->fragments[idx];
612 if (skb_queue_empty(&entry->skb_list) || entry->seq != seq ||
613 entry->rx_queue != rx_queue ||
614 entry->last_frag + 1 != frag)
617 f_hdr = (struct ieee80211_hdr *) entry->skb_list.next->data;
618 f_fc = le16_to_cpu(f_hdr->frame_control);
620 if ((fc & IEEE80211_FCTL_FTYPE) != (f_fc & IEEE80211_FCTL_FTYPE) ||
621 compare_ether_addr(hdr->addr1, f_hdr->addr1) != 0 ||
622 compare_ether_addr(hdr->addr2, f_hdr->addr2) != 0)
625 if (entry->first_frag_time + 2 * HZ < jiffies) {
626 __skb_queue_purge(&entry->skb_list);
635 static ieee80211_txrx_result
636 ieee80211_rx_h_defragment(struct ieee80211_txrx_data *rx)
638 struct ieee80211_hdr *hdr;
640 unsigned int frag, seq;
641 struct ieee80211_fragment_entry *entry;
644 hdr = (struct ieee80211_hdr *) rx->skb->data;
645 sc = le16_to_cpu(hdr->seq_ctrl);
646 frag = sc & IEEE80211_SCTL_FRAG;
648 if (likely((!(rx->fc & IEEE80211_FCTL_MOREFRAGS) && frag == 0) ||
649 (rx->skb)->len < 24 ||
650 is_multicast_ether_addr(hdr->addr1))) {
654 I802_DEBUG_INC(rx->local->rx_handlers_fragments);
656 seq = (sc & IEEE80211_SCTL_SEQ) >> 4;
659 /* This is the first fragment of a new frame. */
660 entry = ieee80211_reassemble_add(rx->sdata, frag, seq,
661 rx->u.rx.queue, &(rx->skb));
662 if (rx->key && rx->key->alg == ALG_CCMP &&
663 (rx->fc & IEEE80211_FCTL_PROTECTED)) {
664 /* Store CCMP PN so that we can verify that the next
665 * fragment has a sequential PN value. */
667 memcpy(entry->last_pn,
668 rx->key->u.ccmp.rx_pn[rx->u.rx.queue],
674 /* This is a fragment for a frame that should already be pending in
675 * fragment cache. Add this fragment to the end of the pending entry.
677 entry = ieee80211_reassemble_find(rx->sdata, rx->fc, frag, seq,
678 rx->u.rx.queue, hdr);
680 I802_DEBUG_INC(rx->local->rx_handlers_drop_defrag);
684 /* Verify that MPDUs within one MSDU have sequential PN values.
685 * (IEEE 802.11i, 8.3.3.4.5) */
688 u8 pn[CCMP_PN_LEN], *rpn;
689 if (!rx->key || rx->key->alg != ALG_CCMP)
691 memcpy(pn, entry->last_pn, CCMP_PN_LEN);
692 for (i = CCMP_PN_LEN - 1; i >= 0; i--) {
697 rpn = rx->key->u.ccmp.rx_pn[rx->u.rx.queue];
698 if (memcmp(pn, rpn, CCMP_PN_LEN) != 0) {
700 printk(KERN_DEBUG "%s: defrag: CCMP PN not "
701 "sequential A2=" MAC_FMT
702 " PN=%02x%02x%02x%02x%02x%02x "
703 "(expected %02x%02x%02x%02x%02x%02x)\n",
704 rx->dev->name, MAC_ARG(hdr->addr2),
705 rpn[0], rpn[1], rpn[2], rpn[3], rpn[4],
706 rpn[5], pn[0], pn[1], pn[2], pn[3],
710 memcpy(entry->last_pn, pn, CCMP_PN_LEN);
713 skb_pull(rx->skb, ieee80211_get_hdrlen(rx->fc));
714 __skb_queue_tail(&entry->skb_list, rx->skb);
715 entry->last_frag = frag;
716 entry->extra_len += rx->skb->len;
717 if (rx->fc & IEEE80211_FCTL_MOREFRAGS) {
722 rx->skb = __skb_dequeue(&entry->skb_list);
723 if (skb_tailroom(rx->skb) < entry->extra_len) {
724 I802_DEBUG_INC(rx->local->rx_expand_skb_head2);
725 if (unlikely(pskb_expand_head(rx->skb, 0, entry->extra_len,
727 I802_DEBUG_INC(rx->local->rx_handlers_drop_defrag);
728 __skb_queue_purge(&entry->skb_list);
732 while ((skb = __skb_dequeue(&entry->skb_list))) {
733 memcpy(skb_put(rx->skb, skb->len), skb->data, skb->len);
737 /* Complete frame has been reassembled - process it now */
742 rx->sta->rx_packets++;
743 if (is_multicast_ether_addr(hdr->addr1))
744 rx->local->dot11MulticastReceivedFrameCount++;
746 ieee80211_led_rx(rx->local);
747 return TXRX_CONTINUE;
750 static ieee80211_txrx_result
751 ieee80211_rx_h_ps_poll(struct ieee80211_txrx_data *rx)
756 if (likely(!rx->sta ||
757 (rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_CTL ||
758 (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_PSPOLL ||
760 return TXRX_CONTINUE;
762 skb = skb_dequeue(&rx->sta->tx_filtered);
764 skb = skb_dequeue(&rx->sta->ps_tx_buf);
766 rx->local->total_ps_buffered--;
768 no_pending_pkts = skb_queue_empty(&rx->sta->tx_filtered) &&
769 skb_queue_empty(&rx->sta->ps_tx_buf);
772 struct ieee80211_hdr *hdr =
773 (struct ieee80211_hdr *) skb->data;
775 /* tell TX path to send one frame even though the STA may
776 * still remain is PS mode after this frame exchange */
779 #ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
780 printk(KERN_DEBUG "STA " MAC_FMT " aid %d: PS Poll (entries "
782 MAC_ARG(rx->sta->addr), rx->sta->aid,
783 skb_queue_len(&rx->sta->ps_tx_buf));
784 #endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
786 /* Use MoreData flag to indicate whether there are more
787 * buffered frames for this STA */
788 if (no_pending_pkts) {
789 hdr->frame_control &= cpu_to_le16(~IEEE80211_FCTL_MOREDATA);
790 rx->sta->flags &= ~WLAN_STA_TIM;
792 hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_MOREDATA);
796 if (no_pending_pkts) {
797 if (rx->local->ops->set_tim)
798 rx->local->ops->set_tim(local_to_hw(rx->local),
801 bss_tim_clear(rx->local, rx->sdata->bss, rx->sta->aid);
803 #ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
804 } else if (!rx->u.rx.sent_ps_buffered) {
805 printk(KERN_DEBUG "%s: STA " MAC_FMT " sent PS Poll even "
806 "though there is no buffered frames for it\n",
807 rx->dev->name, MAC_ARG(rx->sta->addr));
808 #endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
812 /* Free PS Poll skb here instead of returning TXRX_DROP that would
813 * count as an dropped frame. */
814 dev_kfree_skb(rx->skb);
819 static ieee80211_txrx_result
820 ieee80211_rx_h_remove_qos_control(struct ieee80211_txrx_data *rx)
823 u8 *data = rx->skb->data;
824 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) data;
826 if (!WLAN_FC_IS_QOS_DATA(fc))
827 return TXRX_CONTINUE;
829 /* remove the qos control field, update frame type and meta-data */
830 memmove(data + 2, data, ieee80211_get_hdrlen(fc) - 2);
831 hdr = (struct ieee80211_hdr *) skb_pull(rx->skb, 2);
832 /* change frame type to non QOS */
833 rx->fc = fc &= ~IEEE80211_STYPE_QOS_DATA;
834 hdr->frame_control = cpu_to_le16(fc);
836 return TXRX_CONTINUE;
839 static ieee80211_txrx_result
840 ieee80211_rx_h_802_1x_pae(struct ieee80211_txrx_data *rx)
842 if (rx->sdata->eapol && ieee80211_is_eapol(rx->skb) &&
843 rx->sdata->type != IEEE80211_IF_TYPE_STA && rx->u.rx.ra_match) {
844 /* Pass both encrypted and unencrypted EAPOL frames to user
845 * space for processing. */
846 if (!rx->local->apdev)
848 ieee80211_rx_mgmt(rx->local, rx->skb, rx->u.rx.status,
849 ieee80211_msg_normal);
853 if (unlikely(rx->sdata->ieee802_1x &&
854 (rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA &&
855 (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_NULLFUNC &&
856 (!rx->sta || !(rx->sta->flags & WLAN_STA_AUTHORIZED)) &&
857 !ieee80211_is_eapol(rx->skb))) {
858 #ifdef CONFIG_MAC80211_DEBUG
859 struct ieee80211_hdr *hdr =
860 (struct ieee80211_hdr *) rx->skb->data;
861 printk(KERN_DEBUG "%s: dropped frame from " MAC_FMT
862 " (unauthorized port)\n", rx->dev->name,
863 MAC_ARG(hdr->addr2));
864 #endif /* CONFIG_MAC80211_DEBUG */
868 return TXRX_CONTINUE;
871 static ieee80211_txrx_result
872 ieee80211_rx_h_drop_unencrypted(struct ieee80211_txrx_data *rx)
874 /* If the device handles decryption totally, skip this test */
875 if (rx->local->hw.flags & IEEE80211_HW_DEVICE_HIDES_WEP)
876 return TXRX_CONTINUE;
878 /* Drop unencrypted frames if key is set. */
879 if (unlikely(!(rx->fc & IEEE80211_FCTL_PROTECTED) &&
880 (rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA &&
881 (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_NULLFUNC &&
882 (rx->key || rx->sdata->drop_unencrypted) &&
883 (rx->sdata->eapol == 0 ||
884 !ieee80211_is_eapol(rx->skb)))) {
886 printk(KERN_DEBUG "%s: RX non-WEP frame, but expected "
887 "encryption\n", rx->dev->name);
890 return TXRX_CONTINUE;
893 static ieee80211_txrx_result
894 ieee80211_rx_h_data(struct ieee80211_txrx_data *rx)
896 struct net_device *dev = rx->dev;
897 struct ieee80211_local *local = rx->local;
898 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
899 u16 fc, hdrlen, ethertype;
903 struct sk_buff *skb = rx->skb, *skb2;
904 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
907 if (unlikely((fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA))
908 return TXRX_CONTINUE;
910 if (unlikely(!WLAN_FC_DATA_PRESENT(fc)))
913 hdrlen = ieee80211_get_hdrlen(fc);
915 /* convert IEEE 802.11 header + possible LLC headers into Ethernet
917 * IEEE 802.11 address fields:
918 * ToDS FromDS Addr1 Addr2 Addr3 Addr4
919 * 0 0 DA SA BSSID n/a
920 * 0 1 DA BSSID SA n/a
921 * 1 0 BSSID SA DA n/a
925 switch (fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) {
926 case IEEE80211_FCTL_TODS:
928 memcpy(dst, hdr->addr3, ETH_ALEN);
929 memcpy(src, hdr->addr2, ETH_ALEN);
931 if (unlikely(sdata->type != IEEE80211_IF_TYPE_AP &&
932 sdata->type != IEEE80211_IF_TYPE_VLAN)) {
934 printk(KERN_DEBUG "%s: dropped ToDS frame "
937 " DA=" MAC_FMT ")\n",
941 MAC_ARG(hdr->addr3));
945 case (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS):
947 memcpy(dst, hdr->addr3, ETH_ALEN);
948 memcpy(src, hdr->addr4, ETH_ALEN);
950 if (unlikely(sdata->type != IEEE80211_IF_TYPE_WDS)) {
952 printk(KERN_DEBUG "%s: dropped FromDS&ToDS "
954 " TA=" MAC_FMT " DA=" MAC_FMT
955 " SA=" MAC_FMT ")\n",
960 MAC_ARG(hdr->addr4));
964 case IEEE80211_FCTL_FROMDS:
966 memcpy(dst, hdr->addr1, ETH_ALEN);
967 memcpy(src, hdr->addr3, ETH_ALEN);
969 if (sdata->type != IEEE80211_IF_TYPE_STA) {
975 memcpy(dst, hdr->addr1, ETH_ALEN);
976 memcpy(src, hdr->addr2, ETH_ALEN);
978 if (sdata->type != IEEE80211_IF_TYPE_IBSS) {
979 if (net_ratelimit()) {
980 printk(KERN_DEBUG "%s: dropped IBSS frame (DA="
981 MAC_FMT " SA=" MAC_FMT " BSSID=" MAC_FMT
983 dev->name, MAC_ARG(hdr->addr1),
985 MAC_ARG(hdr->addr3));
992 payload = skb->data + hdrlen;
994 if (unlikely(skb->len - hdrlen < 8)) {
995 if (net_ratelimit()) {
996 printk(KERN_DEBUG "%s: RX too short data frame "
997 "payload\n", dev->name);
1002 ethertype = (payload[6] << 8) | payload[7];
1004 if (likely((compare_ether_addr(payload, rfc1042_header) == 0 &&
1005 ethertype != ETH_P_AARP && ethertype != ETH_P_IPX) ||
1006 compare_ether_addr(payload, bridge_tunnel_header) == 0)) {
1007 /* remove RFC1042 or Bridge-Tunnel encapsulation and
1008 * replace EtherType */
1009 skb_pull(skb, hdrlen + 6);
1010 memcpy(skb_push(skb, ETH_ALEN), src, ETH_ALEN);
1011 memcpy(skb_push(skb, ETH_ALEN), dst, ETH_ALEN);
1013 struct ethhdr *ehdr;
1015 skb_pull(skb, hdrlen);
1016 len = htons(skb->len);
1017 ehdr = (struct ethhdr *) skb_push(skb, sizeof(struct ethhdr));
1018 memcpy(ehdr->h_dest, dst, ETH_ALEN);
1019 memcpy(ehdr->h_source, src, ETH_ALEN);
1020 ehdr->h_proto = len;
1026 sdata->stats.rx_packets++;
1027 sdata->stats.rx_bytes += skb->len;
1029 if (local->bridge_packets && (sdata->type == IEEE80211_IF_TYPE_AP
1030 || sdata->type == IEEE80211_IF_TYPE_VLAN) && rx->u.rx.ra_match) {
1031 if (is_multicast_ether_addr(skb->data)) {
1032 /* send multicast frames both to higher layers in
1033 * local net stack and back to the wireless media */
1034 skb2 = skb_copy(skb, GFP_ATOMIC);
1035 if (!skb2 && net_ratelimit())
1036 printk(KERN_DEBUG "%s: failed to clone "
1037 "multicast frame\n", dev->name);
1039 struct sta_info *dsta;
1040 dsta = sta_info_get(local, skb->data);
1041 if (dsta && !dsta->dev) {
1042 if (net_ratelimit())
1043 printk(KERN_DEBUG "Station with null "
1044 "dev structure!\n");
1045 } else if (dsta && dsta->dev == dev) {
1046 /* Destination station is associated to this
1047 * AP, so send the frame directly to it and
1048 * do not pass the frame to local net stack.
1059 /* deliver to local stack */
1060 skb->protocol = eth_type_trans(skb, dev);
1061 memset(skb->cb, 0, sizeof(skb->cb));
1066 /* send to wireless media */
1067 skb2->protocol = __constant_htons(ETH_P_802_3);
1068 skb_set_network_header(skb2, 0);
1069 skb_set_mac_header(skb2, 0);
1070 dev_queue_xmit(skb2);
1076 static ieee80211_txrx_result
1077 ieee80211_rx_h_mgmt(struct ieee80211_txrx_data *rx)
1079 struct ieee80211_sub_if_data *sdata;
1081 if (!rx->u.rx.ra_match)
1084 sdata = IEEE80211_DEV_TO_SUB_IF(rx->dev);
1085 if ((sdata->type == IEEE80211_IF_TYPE_STA ||
1086 sdata->type == IEEE80211_IF_TYPE_IBSS) &&
1087 !rx->local->user_space_mlme) {
1088 ieee80211_sta_rx_mgmt(rx->dev, rx->skb, rx->u.rx.status);
1090 /* Management frames are sent to hostapd for processing */
1091 if (!rx->local->apdev)
1093 ieee80211_rx_mgmt(rx->local, rx->skb, rx->u.rx.status,
1094 ieee80211_msg_normal);
1099 static inline ieee80211_txrx_result __ieee80211_invoke_rx_handlers(
1100 struct ieee80211_local *local,
1101 ieee80211_rx_handler *handlers,
1102 struct ieee80211_txrx_data *rx,
1103 struct sta_info *sta)
1105 ieee80211_rx_handler *handler;
1106 ieee80211_txrx_result res = TXRX_DROP;
1108 for (handler = handlers; *handler != NULL; handler++) {
1109 res = (*handler)(rx);
1115 I802_DEBUG_INC(local->rx_handlers_drop);
1120 I802_DEBUG_INC(local->rx_handlers_queued);
1126 if (res == TXRX_DROP)
1127 dev_kfree_skb(rx->skb);
1131 static inline void ieee80211_invoke_rx_handlers(struct ieee80211_local *local,
1132 ieee80211_rx_handler *handlers,
1133 struct ieee80211_txrx_data *rx,
1134 struct sta_info *sta)
1136 if (__ieee80211_invoke_rx_handlers(local, handlers, rx, sta) ==
1138 dev_kfree_skb(rx->skb);
1141 static void ieee80211_rx_michael_mic_report(struct net_device *dev,
1142 struct ieee80211_hdr *hdr,
1143 struct sta_info *sta,
1144 struct ieee80211_txrx_data *rx)
1148 hdrlen = ieee80211_get_hdrlen_from_skb(rx->skb);
1149 if (rx->skb->len >= hdrlen + 4)
1150 keyidx = rx->skb->data[hdrlen + 3] >> 6;
1154 /* TODO: verify that this is not triggered by fragmented
1155 * frames (hw does not verify MIC for them). */
1156 if (net_ratelimit())
1157 printk(KERN_DEBUG "%s: TKIP hwaccel reported Michael MIC "
1158 "failure from " MAC_FMT " to " MAC_FMT " keyidx=%d\n",
1159 dev->name, MAC_ARG(hdr->addr2), MAC_ARG(hdr->addr1),
1163 /* Some hardware versions seem to generate incorrect
1164 * Michael MIC reports; ignore them to avoid triggering
1165 * countermeasures. */
1166 if (net_ratelimit())
1167 printk(KERN_DEBUG "%s: ignored spurious Michael MIC "
1168 "error for unknown address " MAC_FMT "\n",
1169 dev->name, MAC_ARG(hdr->addr2));
1173 if (!(rx->fc & IEEE80211_FCTL_PROTECTED)) {
1174 if (net_ratelimit())
1175 printk(KERN_DEBUG "%s: ignored spurious Michael MIC "
1176 "error for a frame with no ISWEP flag (src "
1177 MAC_FMT ")\n", dev->name, MAC_ARG(hdr->addr2));
1181 if ((rx->local->hw.flags & IEEE80211_HW_WEP_INCLUDE_IV) &&
1182 rx->sdata->type == IEEE80211_IF_TYPE_AP) {
1183 keyidx = ieee80211_wep_get_keyidx(rx->skb);
1184 /* AP with Pairwise keys support should never receive Michael
1185 * MIC errors for non-zero keyidx because these are reserved
1186 * for group keys and only the AP is sending real multicast
1189 if (net_ratelimit())
1190 printk(KERN_DEBUG "%s: ignored Michael MIC "
1191 "error for a frame with non-zero keyidx"
1192 " (%d) (src " MAC_FMT ")\n", dev->name,
1193 keyidx, MAC_ARG(hdr->addr2));
1198 if ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA &&
1199 ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT ||
1200 (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_AUTH)) {
1201 if (net_ratelimit())
1202 printk(KERN_DEBUG "%s: ignored spurious Michael MIC "
1203 "error for a frame that cannot be encrypted "
1204 "(fc=0x%04x) (src " MAC_FMT ")\n",
1205 dev->name, rx->fc, MAC_ARG(hdr->addr2));
1210 union iwreq_data wrqu;
1211 char *buf = kmalloc(128, GFP_ATOMIC);
1215 /* TODO: needed parameters: count, key type, TSC */
1216 sprintf(buf, "MLME-MICHAELMICFAILURE.indication("
1217 "keyid=%d %scast addr=" MAC_FMT ")",
1218 keyidx, hdr->addr1[0] & 0x01 ? "broad" : "uni",
1219 MAC_ARG(hdr->addr2));
1220 memset(&wrqu, 0, sizeof(wrqu));
1221 wrqu.data.length = strlen(buf);
1222 wireless_send_event(rx->dev, IWEVCUSTOM, &wrqu, buf);
1226 /* TODO: consider verifying the MIC error report with software
1227 * implementation if we get too many spurious reports from the
1229 if (!rx->local->apdev)
1231 ieee80211_rx_mgmt(rx->local, rx->skb, rx->u.rx.status,
1232 ieee80211_msg_michael_mic_failure);
1236 dev_kfree_skb(rx->skb);
1240 ieee80211_rx_handler ieee80211_rx_handlers[] =
1242 ieee80211_rx_h_if_stats,
1243 ieee80211_rx_h_monitor,
1244 ieee80211_rx_h_passive_scan,
1245 ieee80211_rx_h_check,
1246 ieee80211_rx_h_load_key,
1247 ieee80211_rx_h_sta_process,
1248 ieee80211_rx_h_ccmp_decrypt,
1249 ieee80211_rx_h_tkip_decrypt,
1250 ieee80211_rx_h_wep_weak_iv_detection,
1251 ieee80211_rx_h_wep_decrypt,
1252 ieee80211_rx_h_defragment,
1253 ieee80211_rx_h_ps_poll,
1254 ieee80211_rx_h_michael_mic_verify,
1255 /* this must be after decryption - so header is counted in MPDU mic
1256 * must be before pae and data, so QOS_DATA format frames
1257 * are not passed to user space by these functions
1259 ieee80211_rx_h_remove_qos_control,
1260 ieee80211_rx_h_802_1x_pae,
1261 ieee80211_rx_h_drop_unencrypted,
1262 ieee80211_rx_h_data,
1263 ieee80211_rx_h_mgmt,
1267 /* main receive path */
1269 static int prepare_for_handlers(struct ieee80211_sub_if_data *sdata,
1270 u8 *bssid, struct ieee80211_txrx_data *rx,
1271 struct ieee80211_hdr *hdr)
1273 int multicast = is_multicast_ether_addr(hdr->addr1);
1275 switch (sdata->type) {
1276 case IEEE80211_IF_TYPE_STA:
1279 if (!ieee80211_bssid_match(bssid, sdata->u.sta.bssid)) {
1280 if (!rx->u.rx.in_scan)
1282 rx->u.rx.ra_match = 0;
1283 } else if (!multicast &&
1284 compare_ether_addr(sdata->dev->dev_addr,
1286 if (!sdata->promisc)
1288 rx->u.rx.ra_match = 0;
1291 case IEEE80211_IF_TYPE_IBSS:
1294 if (!ieee80211_bssid_match(bssid, sdata->u.sta.bssid)) {
1295 if (!rx->u.rx.in_scan)
1297 rx->u.rx.ra_match = 0;
1298 } else if (!multicast &&
1299 compare_ether_addr(sdata->dev->dev_addr,
1301 if (!sdata->promisc)
1303 rx->u.rx.ra_match = 0;
1304 } else if (!rx->sta)
1305 rx->sta = ieee80211_ibss_add_sta(sdata->dev, rx->skb,
1308 case IEEE80211_IF_TYPE_AP:
1310 if (compare_ether_addr(sdata->dev->dev_addr,
1313 } else if (!ieee80211_bssid_match(bssid,
1314 sdata->dev->dev_addr)) {
1315 if (!rx->u.rx.in_scan)
1317 rx->u.rx.ra_match = 0;
1319 if (sdata->dev == sdata->local->mdev && !rx->u.rx.in_scan)
1320 /* do not receive anything via
1321 * master device when not scanning */
1324 case IEEE80211_IF_TYPE_WDS:
1326 (rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA)
1328 if (compare_ether_addr(sdata->u.wds.remote_addr, hdr->addr2))
1337 * This is the receive path handler. It is called by a low level driver when an
1338 * 802.11 MPDU is received from the hardware.
1340 void __ieee80211_rx(struct ieee80211_hw *hw, struct sk_buff *skb,
1341 struct ieee80211_rx_status *status)
1343 struct ieee80211_local *local = hw_to_local(hw);
1344 struct ieee80211_sub_if_data *sdata;
1345 struct sta_info *sta;
1346 struct ieee80211_hdr *hdr;
1347 struct ieee80211_txrx_data rx;
1349 int radiotap_len = 0, prepres;
1350 struct ieee80211_sub_if_data *prev = NULL;
1351 struct sk_buff *skb_new;
1354 if (status->flag & RX_FLAG_RADIOTAP) {
1355 radiotap_len = ieee80211_get_radiotap_len(skb->data);
1356 skb_pull(skb, radiotap_len);
1359 hdr = (struct ieee80211_hdr *) skb->data;
1360 memset(&rx, 0, sizeof(rx));
1364 rx.u.rx.status = status;
1365 rx.fc = skb->len >= 2 ? le16_to_cpu(hdr->frame_control) : 0;
1366 type = rx.fc & IEEE80211_FCTL_FTYPE;
1367 if (type == IEEE80211_FTYPE_DATA || type == IEEE80211_FTYPE_MGMT)
1368 local->dot11ReceivedFragmentCount++;
1370 if (skb->len >= 16) {
1371 sta = rx.sta = sta_info_get(local, hdr->addr2);
1373 rx.dev = rx.sta->dev;
1374 rx.sdata = IEEE80211_DEV_TO_SUB_IF(rx.dev);
1377 sta = rx.sta = NULL;
1379 if ((status->flag & RX_FLAG_MMIC_ERROR)) {
1380 ieee80211_rx_michael_mic_report(local->mdev, hdr, sta, &rx);
1384 if (unlikely(local->sta_scanning))
1385 rx.u.rx.in_scan = 1;
1387 if (__ieee80211_invoke_rx_handlers(local, local->rx_pre_handlers, &rx,
1388 sta) != TXRX_CONTINUE)
1392 skb_push(skb, radiotap_len);
1393 if (sta && !sta->assoc_ap && !(sta->flags & WLAN_STA_WDS) &&
1394 !local->iff_promiscs && !is_multicast_ether_addr(hdr->addr1)) {
1395 rx.u.rx.ra_match = 1;
1396 ieee80211_invoke_rx_handlers(local, local->rx_handlers, &rx,
1402 bssid = ieee80211_get_bssid(hdr, skb->len - radiotap_len);
1404 read_lock(&local->sub_if_lock);
1405 list_for_each_entry(sdata, &local->sub_if_list, list) {
1406 rx.u.rx.ra_match = 1;
1408 if (!netif_running(sdata->dev))
1411 prepres = prepare_for_handlers(sdata, bssid, &rx, hdr);
1412 /* prepare_for_handlers can change sta */
1419 * frame is destined for this interface, but if it's not
1420 * also for the previous one we handle that after the
1421 * loop to avoid copying the SKB once too much
1430 * frame was destined for the previous interface
1431 * so invoke RX handlers for it
1434 skb_new = skb_copy(skb, GFP_ATOMIC);
1436 if (net_ratelimit())
1437 printk(KERN_DEBUG "%s: failed to copy "
1438 "multicast frame for %s",
1439 local->mdev->name, prev->dev->name);
1445 ieee80211_invoke_rx_handlers(local, local->rx_handlers,
1453 ieee80211_invoke_rx_handlers(local, local->rx_handlers,
1457 read_unlock(&local->sub_if_lock);
1463 EXPORT_SYMBOL(__ieee80211_rx);
1465 /* This is a version of the rx handler that can be called from hard irq
1466 * context. Post the skb on the queue and schedule the tasklet */
1467 void ieee80211_rx_irqsafe(struct ieee80211_hw *hw, struct sk_buff *skb,
1468 struct ieee80211_rx_status *status)
1470 struct ieee80211_local *local = hw_to_local(hw);
1472 BUILD_BUG_ON(sizeof(struct ieee80211_rx_status) > sizeof(skb->cb));
1474 skb->dev = local->mdev;
1475 /* copy status into skb->cb for use by tasklet */
1476 memcpy(skb->cb, status, sizeof(*status));
1477 skb->pkt_type = IEEE80211_RX_MSG;
1478 skb_queue_tail(&local->skb_queue, skb);
1479 tasklet_schedule(&local->tasklet);
1481 EXPORT_SYMBOL(ieee80211_rx_irqsafe);
projects / linux-2.6 / blob