1 #include <linux/etherdevice.h>
2 #include <net/ieee80211_crypt.h>
4 #include "hostap_80211.h"
8 /* See IEEE 802.1H for LLC/SNAP encapsulation/decapsulation */
9 /* Ethernet-II snap header (RFC1042 for most EtherTypes) */
10 static unsigned char rfc1042_header[] =
11 { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 };
12 /* Bridge-Tunnel header (for EtherTypes ETH_P_AARP and ETH_P_IPX) */
13 static unsigned char bridge_tunnel_header[] =
14 { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0xf8 };
15 /* No encapsulation header if EtherType < 0x600 (=length) */
17 void hostap_dump_rx_80211(const char *name, struct sk_buff *skb,
18 struct hostap_80211_rx_status *rx_stats)
20 struct ieee80211_hdr_4addr *hdr;
23 hdr = (struct ieee80211_hdr_4addr *) skb->data;
25 printk(KERN_DEBUG "%s: RX signal=%d noise=%d rate=%d len=%d "
27 name, rx_stats->signal, rx_stats->noise, rx_stats->rate,
33 fc = le16_to_cpu(hdr->frame_ctl);
34 printk(KERN_DEBUG " FC=0x%04x (type=%d:%d)%s%s",
35 fc, WLAN_FC_GET_TYPE(fc) >> 2, WLAN_FC_GET_STYPE(fc) >> 4,
36 fc & IEEE80211_FCTL_TODS ? " [ToDS]" : "",
37 fc & IEEE80211_FCTL_FROMDS ? " [FromDS]" : "");
39 if (skb->len < IEEE80211_DATA_HDR3_LEN) {
44 printk(" dur=0x%04x seq=0x%04x\n", le16_to_cpu(hdr->duration_id),
45 le16_to_cpu(hdr->seq_ctl));
47 printk(KERN_DEBUG " A1=%pM", hdr->addr1);
48 printk(" A2=%pM", hdr->addr2);
49 printk(" A3=%pM", hdr->addr3);
51 printk(" A4=%pM", hdr->addr4);
56 /* Send RX frame to netif with 802.11 (and possible prism) header.
57 * Called from hardware or software IRQ context. */
58 int prism2_rx_80211(struct net_device *dev, struct sk_buff *skb,
59 struct hostap_80211_rx_status *rx_stats, int type)
61 struct hostap_interface *iface;
63 int hdrlen, phdrlen, head_need, tail_need;
65 int prism_header, ret;
66 struct ieee80211_hdr_4addr *fhdr;
68 iface = netdev_priv(dev);
70 dev->last_rx = jiffies;
72 if (dev->type == ARPHRD_IEEE80211_PRISM) {
73 if (local->monitor_type == PRISM2_MONITOR_PRISM) {
75 phdrlen = sizeof(struct linux_wlan_ng_prism_hdr);
76 } else { /* local->monitor_type == PRISM2_MONITOR_CAPHDR */
78 phdrlen = sizeof(struct linux_wlan_ng_cap_hdr);
80 } else if (dev->type == ARPHRD_IEEE80211_RADIOTAP) {
82 phdrlen = sizeof(struct hostap_radiotap_rx);
88 fhdr = (struct ieee80211_hdr_4addr *) skb->data;
89 fc = le16_to_cpu(fhdr->frame_ctl);
91 if (type == PRISM2_RX_MGMT && (fc & IEEE80211_FCTL_VERS)) {
92 printk(KERN_DEBUG "%s: dropped management frame with header "
93 "version %d\n", dev->name, fc & IEEE80211_FCTL_VERS);
94 dev_kfree_skb_any(skb);
98 hdrlen = hostap_80211_get_hdrlen(fc);
100 /* check if there is enough room for extra data; if not, expand skb
101 * buffer to be large enough for the changes */
104 #ifdef PRISM2_ADD_BOGUS_CRC
106 #endif /* PRISM2_ADD_BOGUS_CRC */
108 head_need -= skb_headroom(skb);
109 tail_need -= skb_tailroom(skb);
111 if (head_need > 0 || tail_need > 0) {
112 if (pskb_expand_head(skb, head_need > 0 ? head_need : 0,
113 tail_need > 0 ? tail_need : 0,
115 printk(KERN_DEBUG "%s: prism2_rx_80211 failed to "
116 "reallocate skb buffer\n", dev->name);
117 dev_kfree_skb_any(skb);
122 /* We now have an skb with enough head and tail room, so just insert
125 #ifdef PRISM2_ADD_BOGUS_CRC
126 memset(skb_put(skb, 4), 0xff, 4); /* Prism2 strips CRC */
127 #endif /* PRISM2_ADD_BOGUS_CRC */
129 if (prism_header == 1) {
130 struct linux_wlan_ng_prism_hdr *hdr;
131 hdr = (struct linux_wlan_ng_prism_hdr *)
132 skb_push(skb, phdrlen);
133 memset(hdr, 0, phdrlen);
134 hdr->msgcode = LWNG_CAP_DID_BASE;
135 hdr->msglen = sizeof(*hdr);
136 memcpy(hdr->devname, dev->name, sizeof(hdr->devname));
137 #define LWNG_SETVAL(f,i,s,l,d) \
138 hdr->f.did = LWNG_CAP_DID_BASE | (i << 12); \
139 hdr->f.status = s; hdr->f.len = l; hdr->f.data = d
140 LWNG_SETVAL(hosttime, 1, 0, 4, jiffies);
141 LWNG_SETVAL(mactime, 2, 0, 4, rx_stats->mac_time);
142 LWNG_SETVAL(channel, 3, 1 /* no value */, 4, 0);
143 LWNG_SETVAL(rssi, 4, 1 /* no value */, 4, 0);
144 LWNG_SETVAL(sq, 5, 1 /* no value */, 4, 0);
145 LWNG_SETVAL(signal, 6, 0, 4, rx_stats->signal);
146 LWNG_SETVAL(noise, 7, 0, 4, rx_stats->noise);
147 LWNG_SETVAL(rate, 8, 0, 4, rx_stats->rate / 5);
148 LWNG_SETVAL(istx, 9, 0, 4, 0);
149 LWNG_SETVAL(frmlen, 10, 0, 4, skb->len - phdrlen);
151 } else if (prism_header == 2) {
152 struct linux_wlan_ng_cap_hdr *hdr;
153 hdr = (struct linux_wlan_ng_cap_hdr *)
154 skb_push(skb, phdrlen);
155 memset(hdr, 0, phdrlen);
156 hdr->version = htonl(LWNG_CAPHDR_VERSION);
157 hdr->length = htonl(phdrlen);
158 hdr->mactime = __cpu_to_be64(rx_stats->mac_time);
159 hdr->hosttime = __cpu_to_be64(jiffies);
160 hdr->phytype = htonl(4); /* dss_dot11_b */
161 hdr->channel = htonl(local->channel);
162 hdr->datarate = htonl(rx_stats->rate);
163 hdr->antenna = htonl(0); /* unknown */
164 hdr->priority = htonl(0); /* unknown */
165 hdr->ssi_type = htonl(3); /* raw */
166 hdr->ssi_signal = htonl(rx_stats->signal);
167 hdr->ssi_noise = htonl(rx_stats->noise);
168 hdr->preamble = htonl(0); /* unknown */
169 hdr->encoding = htonl(1); /* cck */
170 } else if (prism_header == 3) {
171 struct hostap_radiotap_rx *hdr;
172 hdr = (struct hostap_radiotap_rx *)skb_push(skb, phdrlen);
173 memset(hdr, 0, phdrlen);
174 hdr->hdr.it_len = cpu_to_le16(phdrlen);
175 hdr->hdr.it_present =
176 cpu_to_le32((1 << IEEE80211_RADIOTAP_TSFT) |
177 (1 << IEEE80211_RADIOTAP_CHANNEL) |
178 (1 << IEEE80211_RADIOTAP_RATE) |
179 (1 << IEEE80211_RADIOTAP_DBM_ANTSIGNAL) |
180 (1 << IEEE80211_RADIOTAP_DBM_ANTNOISE));
181 hdr->tsft = cpu_to_le64(rx_stats->mac_time);
182 hdr->chan_freq = cpu_to_le16(freq_list[local->channel - 1]);
183 hdr->chan_flags = cpu_to_le16(IEEE80211_CHAN_CCK |
184 IEEE80211_CHAN_2GHZ);
185 hdr->rate = rx_stats->rate / 5;
186 hdr->dbm_antsignal = rx_stats->signal;
187 hdr->dbm_antnoise = rx_stats->noise;
190 ret = skb->len - phdrlen;
192 skb_reset_mac_header(skb);
193 skb_pull(skb, hdrlen);
195 skb_pull(skb, phdrlen);
196 skb->pkt_type = PACKET_OTHERHOST;
197 skb->protocol = __constant_htons(ETH_P_802_2);
198 memset(skb->cb, 0, sizeof(skb->cb));
205 /* Called only as a tasklet (software IRQ) */
206 static void monitor_rx(struct net_device *dev, struct sk_buff *skb,
207 struct hostap_80211_rx_status *rx_stats)
209 struct net_device_stats *stats;
212 len = prism2_rx_80211(dev, skb, rx_stats, PRISM2_RX_MONITOR);
213 stats = hostap_get_stats(dev);
215 stats->rx_bytes += len;
219 /* Called only as a tasklet (software IRQ) */
220 static struct prism2_frag_entry *
221 prism2_frag_cache_find(local_info_t *local, unsigned int seq,
222 unsigned int frag, u8 *src, u8 *dst)
224 struct prism2_frag_entry *entry;
227 for (i = 0; i < PRISM2_FRAG_CACHE_LEN; i++) {
228 entry = &local->frag_cache[i];
229 if (entry->skb != NULL &&
230 time_after(jiffies, entry->first_frag_time + 2 * HZ)) {
231 printk(KERN_DEBUG "%s: expiring fragment cache entry "
232 "seq=%u last_frag=%u\n",
233 local->dev->name, entry->seq, entry->last_frag);
234 dev_kfree_skb(entry->skb);
238 if (entry->skb != NULL && entry->seq == seq &&
239 (entry->last_frag + 1 == frag || frag == -1) &&
240 memcmp(entry->src_addr, src, ETH_ALEN) == 0 &&
241 memcmp(entry->dst_addr, dst, ETH_ALEN) == 0)
249 /* Called only as a tasklet (software IRQ) */
250 static struct sk_buff *
251 prism2_frag_cache_get(local_info_t *local, struct ieee80211_hdr_4addr *hdr)
253 struct sk_buff *skb = NULL;
255 unsigned int frag, seq;
256 struct prism2_frag_entry *entry;
258 sc = le16_to_cpu(hdr->seq_ctl);
259 frag = WLAN_GET_SEQ_FRAG(sc);
260 seq = WLAN_GET_SEQ_SEQ(sc) >> 4;
263 /* Reserve enough space to fit maximum frame length */
264 skb = dev_alloc_skb(local->dev->mtu +
265 sizeof(struct ieee80211_hdr_4addr) +
268 8 /* WEP */ + ETH_ALEN /* WDS */);
272 entry = &local->frag_cache[local->frag_next_idx];
273 local->frag_next_idx++;
274 if (local->frag_next_idx >= PRISM2_FRAG_CACHE_LEN)
275 local->frag_next_idx = 0;
277 if (entry->skb != NULL)
278 dev_kfree_skb(entry->skb);
280 entry->first_frag_time = jiffies;
282 entry->last_frag = frag;
284 memcpy(entry->src_addr, hdr->addr2, ETH_ALEN);
285 memcpy(entry->dst_addr, hdr->addr1, ETH_ALEN);
287 /* received a fragment of a frame for which the head fragment
288 * should have already been received */
289 entry = prism2_frag_cache_find(local, seq, frag, hdr->addr2,
292 entry->last_frag = frag;
301 /* Called only as a tasklet (software IRQ) */
302 static int prism2_frag_cache_invalidate(local_info_t *local,
303 struct ieee80211_hdr_4addr *hdr)
307 struct prism2_frag_entry *entry;
309 sc = le16_to_cpu(hdr->seq_ctl);
310 seq = WLAN_GET_SEQ_SEQ(sc) >> 4;
312 entry = prism2_frag_cache_find(local, seq, -1, hdr->addr2, hdr->addr1);
315 printk(KERN_DEBUG "%s: could not invalidate fragment cache "
317 local->dev->name, seq);
326 static struct hostap_bss_info *__hostap_get_bss(local_info_t *local, u8 *bssid,
327 u8 *ssid, size_t ssid_len)
329 struct list_head *ptr;
330 struct hostap_bss_info *bss;
332 list_for_each(ptr, &local->bss_list) {
333 bss = list_entry(ptr, struct hostap_bss_info, list);
334 if (memcmp(bss->bssid, bssid, ETH_ALEN) == 0 &&
336 (ssid_len == bss->ssid_len &&
337 memcmp(ssid, bss->ssid, ssid_len) == 0))) {
338 list_move(&bss->list, &local->bss_list);
347 static struct hostap_bss_info *__hostap_add_bss(local_info_t *local, u8 *bssid,
348 u8 *ssid, size_t ssid_len)
350 struct hostap_bss_info *bss;
352 if (local->num_bss_info >= HOSTAP_MAX_BSS_COUNT) {
353 bss = list_entry(local->bss_list.prev,
354 struct hostap_bss_info, list);
355 list_del(&bss->list);
356 local->num_bss_info--;
358 bss = (struct hostap_bss_info *)
359 kmalloc(sizeof(*bss), GFP_ATOMIC);
364 memset(bss, 0, sizeof(*bss));
365 memcpy(bss->bssid, bssid, ETH_ALEN);
366 memcpy(bss->ssid, ssid, ssid_len);
367 bss->ssid_len = ssid_len;
368 local->num_bss_info++;
369 list_add(&bss->list, &local->bss_list);
374 static void __hostap_expire_bss(local_info_t *local)
376 struct hostap_bss_info *bss;
378 while (local->num_bss_info > 0) {
379 bss = list_entry(local->bss_list.prev,
380 struct hostap_bss_info, list);
381 if (!time_after(jiffies, bss->last_update + 60 * HZ))
384 list_del(&bss->list);
385 local->num_bss_info--;
391 /* Both IEEE 802.11 Beacon and Probe Response frames have similar structure, so
392 * the same routine can be used to parse both of them. */
393 static void hostap_rx_sta_beacon(local_info_t *local, struct sk_buff *skb,
396 struct hostap_ieee80211_mgmt *mgmt;
399 u8 *ssid = NULL, *wpa = NULL, *rsn = NULL;
400 size_t ssid_len = 0, wpa_len = 0, rsn_len = 0;
401 struct hostap_bss_info *bss;
403 if (skb->len < IEEE80211_MGMT_HDR_LEN + sizeof(mgmt->u.beacon))
406 mgmt = (struct hostap_ieee80211_mgmt *) skb->data;
407 pos = mgmt->u.beacon.variable;
408 left = skb->len - (pos - skb->data);
411 if (2 + pos[1] > left)
412 return; /* parse failed */
418 case WLAN_EID_GENERIC:
420 pos[2] == 0x00 && pos[3] == 0x50 &&
421 pos[4] == 0xf2 && pos[5] == 1) {
423 wpa_len = pos[1] + 2;
428 rsn_len = pos[1] + 2;
430 case WLAN_EID_DS_PARAMS:
439 if (wpa_len > MAX_WPA_IE_LEN)
440 wpa_len = MAX_WPA_IE_LEN;
441 if (rsn_len > MAX_WPA_IE_LEN)
442 rsn_len = MAX_WPA_IE_LEN;
443 if (ssid_len > sizeof(bss->ssid))
444 ssid_len = sizeof(bss->ssid);
446 spin_lock(&local->lock);
447 bss = __hostap_get_bss(local, mgmt->bssid, ssid, ssid_len);
449 bss = __hostap_add_bss(local, mgmt->bssid, ssid, ssid_len);
451 bss->last_update = jiffies;
453 bss->capab_info = le16_to_cpu(mgmt->u.beacon.capab_info);
455 memcpy(bss->wpa_ie, wpa, wpa_len);
456 bss->wpa_ie_len = wpa_len;
460 memcpy(bss->rsn_ie, rsn, rsn_len);
461 bss->rsn_ie_len = rsn_len;
466 __hostap_expire_bss(local);
467 spin_unlock(&local->lock);
472 hostap_rx_frame_mgmt(local_info_t *local, struct sk_buff *skb,
473 struct hostap_80211_rx_status *rx_stats, u16 type,
476 if (local->iw_mode == IW_MODE_MASTER) {
477 hostap_update_sta_ps(local, (struct ieee80211_hdr_4addr *)
481 if (local->hostapd && type == IEEE80211_FTYPE_MGMT) {
482 if (stype == IEEE80211_STYPE_BEACON &&
483 local->iw_mode == IW_MODE_MASTER) {
484 struct sk_buff *skb2;
485 /* Process beacon frames also in kernel driver to
486 * update STA(AP) table statistics */
487 skb2 = skb_clone(skb, GFP_ATOMIC);
489 hostap_rx(skb2->dev, skb2, rx_stats);
492 /* send management frames to the user space daemon for
494 local->apdevstats.rx_packets++;
495 local->apdevstats.rx_bytes += skb->len;
496 if (local->apdev == NULL)
498 prism2_rx_80211(local->apdev, skb, rx_stats, PRISM2_RX_MGMT);
502 if (local->iw_mode == IW_MODE_MASTER) {
503 if (type != IEEE80211_FTYPE_MGMT &&
504 type != IEEE80211_FTYPE_CTL) {
505 printk(KERN_DEBUG "%s: unknown management frame "
506 "(type=0x%02x, stype=0x%02x) dropped\n",
507 skb->dev->name, type >> 2, stype >> 4);
511 hostap_rx(skb->dev, skb, rx_stats);
513 } else if (type == IEEE80211_FTYPE_MGMT &&
514 (stype == IEEE80211_STYPE_BEACON ||
515 stype == IEEE80211_STYPE_PROBE_RESP)) {
516 hostap_rx_sta_beacon(local, skb, stype);
518 } else if (type == IEEE80211_FTYPE_MGMT &&
519 (stype == IEEE80211_STYPE_ASSOC_RESP ||
520 stype == IEEE80211_STYPE_REASSOC_RESP)) {
521 /* Ignore (Re)AssocResp silently since these are not currently
522 * needed but are still received when WPA/RSN mode is enabled.
526 printk(KERN_DEBUG "%s: hostap_rx_frame_mgmt: dropped unhandled"
527 " management frame in non-Host AP mode (type=%d:%d)\n",
528 skb->dev->name, type >> 2, stype >> 4);
534 /* Called only as a tasklet (software IRQ) */
535 static struct net_device *prism2_rx_get_wds(local_info_t *local,
538 struct hostap_interface *iface = NULL;
539 struct list_head *ptr;
541 read_lock_bh(&local->iface_lock);
542 list_for_each(ptr, &local->hostap_interfaces) {
543 iface = list_entry(ptr, struct hostap_interface, list);
544 if (iface->type == HOSTAP_INTERFACE_WDS &&
545 memcmp(iface->u.wds.remote_addr, addr, ETH_ALEN) == 0)
549 read_unlock_bh(&local->iface_lock);
551 return iface ? iface->dev : NULL;
556 hostap_rx_frame_wds(local_info_t *local, struct ieee80211_hdr_4addr *hdr,
557 u16 fc, struct net_device **wds)
559 /* FIX: is this really supposed to accept WDS frames only in Master
560 * mode? What about Repeater or Managed with WDS frames? */
561 if ((fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) !=
562 (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS) &&
563 (local->iw_mode != IW_MODE_MASTER || !(fc & IEEE80211_FCTL_TODS)))
564 return 0; /* not a WDS frame */
566 /* Possible WDS frame: either IEEE 802.11 compliant (if FromDS)
567 * or own non-standard frame with 4th address after payload */
568 if (memcmp(hdr->addr1, local->dev->dev_addr, ETH_ALEN) != 0 &&
569 (hdr->addr1[0] != 0xff || hdr->addr1[1] != 0xff ||
570 hdr->addr1[2] != 0xff || hdr->addr1[3] != 0xff ||
571 hdr->addr1[4] != 0xff || hdr->addr1[5] != 0xff)) {
572 /* RA (or BSSID) is not ours - drop */
573 PDEBUG(DEBUG_EXTRA2, "%s: received WDS frame with "
574 "not own or broadcast %s=%pM\n",
576 fc & IEEE80211_FCTL_FROMDS ? "RA" : "BSSID",
581 /* check if the frame came from a registered WDS connection */
582 *wds = prism2_rx_get_wds(local, hdr->addr2);
583 if (*wds == NULL && fc & IEEE80211_FCTL_FROMDS &&
584 (local->iw_mode != IW_MODE_INFRA ||
585 !(local->wds_type & HOSTAP_WDS_AP_CLIENT) ||
586 memcmp(hdr->addr2, local->bssid, ETH_ALEN) != 0)) {
587 /* require that WDS link has been registered with TA or the
588 * frame is from current AP when using 'AP client mode' */
589 PDEBUG(DEBUG_EXTRA, "%s: received WDS[4 addr] frame "
590 "from unknown TA=%pM\n",
591 local->dev->name, hdr->addr2);
592 if (local->ap && local->ap->autom_ap_wds)
593 hostap_wds_link_oper(local, hdr->addr2, WDS_ADD);
597 if (*wds && !(fc & IEEE80211_FCTL_FROMDS) && local->ap &&
598 hostap_is_sta_assoc(local->ap, hdr->addr2)) {
599 /* STA is actually associated with us even though it has a
600 * registered WDS link. Assume it is in 'AP client' mode.
601 * Since this is a 3-addr frame, assume it is not (bogus) WDS
602 * frame and process it like any normal ToDS frame from
611 static int hostap_is_eapol_frame(local_info_t *local, struct sk_buff *skb)
613 struct net_device *dev = local->dev;
615 struct ieee80211_hdr_4addr *hdr;
621 hdr = (struct ieee80211_hdr_4addr *) skb->data;
622 fc = le16_to_cpu(hdr->frame_ctl);
624 /* check that the frame is unicast frame to us */
625 if ((fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) ==
626 IEEE80211_FCTL_TODS &&
627 memcmp(hdr->addr1, dev->dev_addr, ETH_ALEN) == 0 &&
628 memcmp(hdr->addr3, dev->dev_addr, ETH_ALEN) == 0) {
629 /* ToDS frame with own addr BSSID and DA */
630 } else if ((fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) ==
631 IEEE80211_FCTL_FROMDS &&
632 memcmp(hdr->addr1, dev->dev_addr, ETH_ALEN) == 0) {
633 /* FromDS frame with own addr as DA */
637 if (skb->len < 24 + 8)
640 /* check for port access entity Ethernet type */
641 pos = skb->data + 24;
642 ethertype = (pos[6] << 8) | pos[7];
643 if (ethertype == ETH_P_PAE)
650 /* Called only as a tasklet (software IRQ) */
652 hostap_rx_frame_decrypt(local_info_t *local, struct sk_buff *skb,
653 struct ieee80211_crypt_data *crypt)
655 struct ieee80211_hdr_4addr *hdr;
658 if (crypt == NULL || crypt->ops->decrypt_mpdu == NULL)
661 hdr = (struct ieee80211_hdr_4addr *) skb->data;
662 hdrlen = hostap_80211_get_hdrlen(le16_to_cpu(hdr->frame_ctl));
664 if (local->tkip_countermeasures &&
665 strcmp(crypt->ops->name, "TKIP") == 0) {
666 if (net_ratelimit()) {
667 printk(KERN_DEBUG "%s: TKIP countermeasures: dropped "
668 "received packet from %pM\n",
669 local->dev->name, hdr->addr2);
674 atomic_inc(&crypt->refcnt);
675 res = crypt->ops->decrypt_mpdu(skb, hdrlen, crypt->priv);
676 atomic_dec(&crypt->refcnt);
678 printk(KERN_DEBUG "%s: decryption failed (SA=%pM) res=%d\n",
679 local->dev->name, hdr->addr2, res);
680 local->comm_tallies.rx_discards_wep_undecryptable++;
688 /* Called only as a tasklet (software IRQ) */
690 hostap_rx_frame_decrypt_msdu(local_info_t *local, struct sk_buff *skb,
691 int keyidx, struct ieee80211_crypt_data *crypt)
693 struct ieee80211_hdr_4addr *hdr;
696 if (crypt == NULL || crypt->ops->decrypt_msdu == NULL)
699 hdr = (struct ieee80211_hdr_4addr *) skb->data;
700 hdrlen = hostap_80211_get_hdrlen(le16_to_cpu(hdr->frame_ctl));
702 atomic_inc(&crypt->refcnt);
703 res = crypt->ops->decrypt_msdu(skb, keyidx, hdrlen, crypt->priv);
704 atomic_dec(&crypt->refcnt);
706 printk(KERN_DEBUG "%s: MSDU decryption/MIC verification failed"
707 " (SA=%pM keyidx=%d)\n",
708 local->dev->name, hdr->addr2, keyidx);
716 /* All received frames are sent to this function. @skb contains the frame in
717 * IEEE 802.11 format, i.e., in the format it was sent over air.
718 * This function is called only as a tasklet (software IRQ). */
719 void hostap_80211_rx(struct net_device *dev, struct sk_buff *skb,
720 struct hostap_80211_rx_status *rx_stats)
722 struct hostap_interface *iface;
724 struct ieee80211_hdr_4addr *hdr;
726 u16 fc, type, stype, sc;
727 struct net_device *wds = NULL;
728 struct net_device_stats *stats;
731 struct sk_buff *skb2 = NULL;
733 int frame_authorized = 0;
734 int from_assoc_ap = 0;
737 struct ieee80211_crypt_data *crypt = NULL;
741 iface = netdev_priv(dev);
742 local = iface->local;
743 iface->stats.rx_packets++;
744 iface->stats.rx_bytes += skb->len;
746 /* dev is the master radio device; change this to be the default
747 * virtual interface (this may be changed to WDS device below) */
749 iface = netdev_priv(dev);
751 hdr = (struct ieee80211_hdr_4addr *) skb->data;
752 stats = hostap_get_stats(dev);
757 fc = le16_to_cpu(hdr->frame_ctl);
758 type = WLAN_FC_GET_TYPE(fc);
759 stype = WLAN_FC_GET_STYPE(fc);
760 sc = le16_to_cpu(hdr->seq_ctl);
761 frag = WLAN_GET_SEQ_FRAG(sc);
762 hdrlen = hostap_80211_get_hdrlen(fc);
764 /* Put this code here so that we avoid duplicating it in all
765 * Rx paths. - Jean II */
766 #ifdef IW_WIRELESS_SPY /* defined in iw_handler.h */
767 /* If spy monitoring on */
768 if (iface->spy_data.spy_number > 0) {
769 struct iw_quality wstats;
770 wstats.level = rx_stats->signal;
771 wstats.noise = rx_stats->noise;
772 wstats.updated = IW_QUAL_LEVEL_UPDATED | IW_QUAL_NOISE_UPDATED
773 | IW_QUAL_QUAL_INVALID | IW_QUAL_DBM;
774 /* Update spy records */
775 wireless_spy_update(dev, hdr->addr2, &wstats);
777 #endif /* IW_WIRELESS_SPY */
778 hostap_update_rx_stats(local->ap, hdr, rx_stats);
780 if (local->iw_mode == IW_MODE_MONITOR) {
781 monitor_rx(dev, skb, rx_stats);
785 if (local->host_decrypt) {
787 if (skb->len >= hdrlen + 3)
788 idx = skb->data[hdrlen + 3] >> 6;
789 crypt = local->crypt[idx];
792 /* Use station specific key to override default keys if the
793 * receiver address is a unicast address ("individual RA"). If
794 * bcrx_sta_key parameter is set, station specific key is used
795 * even with broad/multicast targets (this is against IEEE
796 * 802.11, but makes it easier to use different keys with
797 * stations that do not support WEP key mapping). */
799 if (!(hdr->addr1[0] & 0x01) || local->bcrx_sta_key)
800 (void) hostap_handle_sta_crypto(local, hdr, &crypt,
803 /* allow NULL decrypt to indicate an station specific override
804 * for default encryption */
805 if (crypt && (crypt->ops == NULL ||
806 crypt->ops->decrypt_mpdu == NULL))
809 if (!crypt && (fc & IEEE80211_FCTL_PROTECTED)) {
811 /* This seems to be triggered by some (multicast?)
812 * frames from other than current BSS, so just drop the
813 * frames silently instead of filling system log with
815 printk(KERN_DEBUG "%s: WEP decryption failed (not set)"
817 local->dev->name, hdr->addr2);
819 local->comm_tallies.rx_discards_wep_undecryptable++;
824 if (type != IEEE80211_FTYPE_DATA) {
825 if (type == IEEE80211_FTYPE_MGMT &&
826 stype == IEEE80211_STYPE_AUTH &&
827 fc & IEEE80211_FCTL_PROTECTED && local->host_decrypt &&
828 (keyidx = hostap_rx_frame_decrypt(local, skb, crypt)) < 0)
830 printk(KERN_DEBUG "%s: failed to decrypt mgmt::auth "
831 "from %pM\n", dev->name, hdr->addr2);
832 /* TODO: could inform hostapd about this so that it
833 * could send auth failure report */
837 if (hostap_rx_frame_mgmt(local, skb, rx_stats, type, stype))
843 /* Data frame - extract src/dst addresses */
844 if (skb->len < IEEE80211_DATA_HDR3_LEN)
847 switch (fc & (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) {
848 case IEEE80211_FCTL_FROMDS:
849 memcpy(dst, hdr->addr1, ETH_ALEN);
850 memcpy(src, hdr->addr3, ETH_ALEN);
852 case IEEE80211_FCTL_TODS:
853 memcpy(dst, hdr->addr3, ETH_ALEN);
854 memcpy(src, hdr->addr2, ETH_ALEN);
856 case IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS:
857 if (skb->len < IEEE80211_DATA_HDR4_LEN)
859 memcpy(dst, hdr->addr3, ETH_ALEN);
860 memcpy(src, hdr->addr4, ETH_ALEN);
863 memcpy(dst, hdr->addr1, ETH_ALEN);
864 memcpy(src, hdr->addr2, ETH_ALEN);
868 if (hostap_rx_frame_wds(local, hdr, fc, &wds))
871 skb->dev = dev = wds;
872 stats = hostap_get_stats(dev);
875 if (local->iw_mode == IW_MODE_MASTER && !wds &&
876 (fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) ==
877 IEEE80211_FCTL_FROMDS &&
879 memcmp(hdr->addr2, local->assoc_ap_addr, ETH_ALEN) == 0) {
880 /* Frame from BSSID of the AP for which we are a client */
881 skb->dev = dev = local->stadev;
882 stats = hostap_get_stats(dev);
886 dev->last_rx = jiffies;
888 if ((local->iw_mode == IW_MODE_MASTER ||
889 local->iw_mode == IW_MODE_REPEAT) &&
891 switch (hostap_handle_sta_rx(local, dev, skb, rx_stats,
893 case AP_RX_CONTINUE_NOT_AUTHORIZED:
894 frame_authorized = 0;
897 frame_authorized = 1;
906 /* Nullfunc frames may have PS-bit set, so they must be passed to
907 * hostap_handle_sta_rx() before being dropped here. */
908 if (stype != IEEE80211_STYPE_DATA &&
909 stype != IEEE80211_STYPE_DATA_CFACK &&
910 stype != IEEE80211_STYPE_DATA_CFPOLL &&
911 stype != IEEE80211_STYPE_DATA_CFACKPOLL) {
912 if (stype != IEEE80211_STYPE_NULLFUNC)
913 printk(KERN_DEBUG "%s: RX: dropped data frame "
914 "with no data (type=0x%02x, subtype=0x%02x)\n",
915 dev->name, type >> 2, stype >> 4);
919 /* skb: hdr + (possibly fragmented, possibly encrypted) payload */
921 if (local->host_decrypt && (fc & IEEE80211_FCTL_PROTECTED) &&
922 (keyidx = hostap_rx_frame_decrypt(local, skb, crypt)) < 0)
924 hdr = (struct ieee80211_hdr_4addr *) skb->data;
926 /* skb: hdr + (possibly fragmented) plaintext payload */
928 if (local->host_decrypt && (fc & IEEE80211_FCTL_PROTECTED) &&
929 (frag != 0 || (fc & IEEE80211_FCTL_MOREFRAGS))) {
931 struct sk_buff *frag_skb =
932 prism2_frag_cache_get(local, hdr);
934 printk(KERN_DEBUG "%s: Rx cannot get skb from "
935 "fragment cache (morefrag=%d seq=%u frag=%u)\n",
936 dev->name, (fc & IEEE80211_FCTL_MOREFRAGS) != 0,
937 WLAN_GET_SEQ_SEQ(sc) >> 4, frag);
945 if (frag_skb->tail + flen > frag_skb->end) {
946 printk(KERN_WARNING "%s: host decrypted and "
947 "reassembled frame did not fit skb\n",
949 prism2_frag_cache_invalidate(local, hdr);
954 /* copy first fragment (including full headers) into
955 * beginning of the fragment cache skb */
956 skb_copy_from_linear_data(skb, skb_put(frag_skb, flen),
959 /* append frame payload to the end of the fragment
961 skb_copy_from_linear_data_offset(skb, hdrlen,
968 if (fc & IEEE80211_FCTL_MOREFRAGS) {
969 /* more fragments expected - leave the skb in fragment
970 * cache for now; it will be delivered to upper layers
971 * after all fragments have been received */
975 /* this was the last fragment and the frame will be
976 * delivered, so remove skb from fragment cache */
978 hdr = (struct ieee80211_hdr_4addr *) skb->data;
979 prism2_frag_cache_invalidate(local, hdr);
982 /* skb: hdr + (possible reassembled) full MSDU payload; possibly still
983 * encrypted/authenticated */
985 if (local->host_decrypt && (fc & IEEE80211_FCTL_PROTECTED) &&
986 hostap_rx_frame_decrypt_msdu(local, skb, keyidx, crypt))
989 hdr = (struct ieee80211_hdr_4addr *) skb->data;
990 if (crypt && !(fc & IEEE80211_FCTL_PROTECTED) && !local->open_wep) {
991 if (local->ieee_802_1x &&
992 hostap_is_eapol_frame(local, skb)) {
993 /* pass unencrypted EAPOL frames even if encryption is
995 PDEBUG(DEBUG_EXTRA2, "%s: RX: IEEE 802.1X - passing "
996 "unencrypted EAPOL frame\n", local->dev->name);
998 printk(KERN_DEBUG "%s: encryption configured, but RX "
999 "frame not encrypted (SA=%pM)\n",
1000 local->dev->name, hdr->addr2);
1005 if (local->drop_unencrypted && !(fc & IEEE80211_FCTL_PROTECTED) &&
1006 !hostap_is_eapol_frame(local, skb)) {
1007 if (net_ratelimit()) {
1008 printk(KERN_DEBUG "%s: dropped unencrypted RX data "
1009 "frame from %pM (drop_unencrypted=1)\n",
1010 dev->name, hdr->addr2);
1015 /* skb: hdr + (possible reassembled) full plaintext payload */
1017 payload = skb->data + hdrlen;
1018 ethertype = (payload[6] << 8) | payload[7];
1020 /* If IEEE 802.1X is used, check whether the port is authorized to send
1021 * the received frame. */
1022 if (local->ieee_802_1x && local->iw_mode == IW_MODE_MASTER) {
1023 if (ethertype == ETH_P_PAE) {
1024 PDEBUG(DEBUG_EXTRA2, "%s: RX: IEEE 802.1X frame\n",
1026 if (local->hostapd && local->apdev) {
1027 /* Send IEEE 802.1X frames to the user
1028 * space daemon for processing */
1029 prism2_rx_80211(local->apdev, skb, rx_stats,
1031 local->apdevstats.rx_packets++;
1032 local->apdevstats.rx_bytes += skb->len;
1035 } else if (!frame_authorized) {
1036 printk(KERN_DEBUG "%s: dropped frame from "
1037 "unauthorized port (IEEE 802.1X): "
1038 "ethertype=0x%04x\n",
1039 dev->name, ethertype);
1044 /* convert hdr + possible LLC headers into Ethernet header */
1045 if (skb->len - hdrlen >= 8 &&
1046 ((memcmp(payload, rfc1042_header, 6) == 0 &&
1047 ethertype != ETH_P_AARP && ethertype != ETH_P_IPX) ||
1048 memcmp(payload, bridge_tunnel_header, 6) == 0)) {
1049 /* remove RFC1042 or Bridge-Tunnel encapsulation and
1050 * replace EtherType */
1051 skb_pull(skb, hdrlen + 6);
1052 memcpy(skb_push(skb, ETH_ALEN), src, ETH_ALEN);
1053 memcpy(skb_push(skb, ETH_ALEN), dst, ETH_ALEN);
1056 /* Leave Ethernet header part of hdr and full payload */
1057 skb_pull(skb, hdrlen);
1058 len = htons(skb->len);
1059 memcpy(skb_push(skb, 2), &len, 2);
1060 memcpy(skb_push(skb, ETH_ALEN), src, ETH_ALEN);
1061 memcpy(skb_push(skb, ETH_ALEN), dst, ETH_ALEN);
1064 if (wds && ((fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) ==
1065 IEEE80211_FCTL_TODS) &&
1066 skb->len >= ETH_HLEN + ETH_ALEN) {
1067 /* Non-standard frame: get addr4 from its bogus location after
1069 skb_copy_from_linear_data_offset(skb, skb->len - ETH_ALEN,
1070 skb->data + ETH_ALEN,
1072 skb_trim(skb, skb->len - ETH_ALEN);
1075 stats->rx_packets++;
1076 stats->rx_bytes += skb->len;
1078 if (local->iw_mode == IW_MODE_MASTER && !wds &&
1079 local->ap->bridge_packets) {
1080 if (dst[0] & 0x01) {
1081 /* copy multicast frame both to the higher layers and
1082 * to the wireless media */
1083 local->ap->bridged_multicast++;
1084 skb2 = skb_clone(skb, GFP_ATOMIC);
1086 printk(KERN_DEBUG "%s: skb_clone failed for "
1087 "multicast frame\n", dev->name);
1088 } else if (hostap_is_sta_authorized(local->ap, dst)) {
1089 /* send frame directly to the associated STA using
1090 * wireless media and not passing to higher layers */
1091 local->ap->bridged_unicast++;
1098 /* send to wireless media */
1100 skb2->protocol = __constant_htons(ETH_P_802_3);
1101 skb_reset_mac_header(skb2);
1102 skb_reset_network_header(skb2);
1103 /* skb2->network_header += ETH_HLEN; */
1104 dev_queue_xmit(skb2);
1108 skb->protocol = eth_type_trans(skb, dev);
1109 memset(skb->cb, 0, sizeof(skb->cb));
1115 hostap_handle_sta_release(sta);
1121 stats->rx_dropped++;
1126 EXPORT_SYMBOL(hostap_80211_rx);