1 /* src/p80211/p80211conv.c
3 * Ether/802.11 conversions and packet buffer routines
5 * Copyright (C) 1999 AbsoluteValue Systems, Inc. All Rights Reserved.
6 * --------------------------------------------------------------------
10 * The contents of this file are subject to the Mozilla Public
11 * License Version 1.1 (the "License"); you may not use this file
12 * except in compliance with the License. You may obtain a copy of
13 * the License at http://www.mozilla.org/MPL/
15 * Software distributed under the License is distributed on an "AS
16 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
17 * implied. See the License for the specific language governing
18 * rights and limitations under the License.
20 * Alternatively, the contents of this file may be used under the
21 * terms of the GNU Public License version 2 (the "GPL"), in which
22 * case the provisions of the GPL are applicable instead of the
23 * above. If you wish to allow the use of your version of this file
24 * only under the terms of the GPL and not to allow others to use
25 * your version of this file under the MPL, indicate your decision
26 * by deleting the provisions above and replace them with the notice
27 * and other provisions required by the GPL. If you do not delete
28 * the provisions above, a recipient may use your version of this
29 * file under either the MPL or the GPL.
31 * --------------------------------------------------------------------
33 * Inquiries regarding the linux-wlan Open Source project can be
36 * AbsoluteValue Systems Inc.
38 * http://www.linux-wlan.com
40 * --------------------------------------------------------------------
42 * Portions of the development of this software were funded by
43 * Intersil Corporation as part of PRISM(R) chipset product development.
45 * --------------------------------------------------------------------
47 * This file defines the functions that perform Ethernet to/from
48 * 802.11 frame conversions.
50 * --------------------------------------------------------------------
52 /*================================================================*/
56 #include <linux/module.h>
57 #include <linux/kernel.h>
58 #include <linux/sched.h>
59 #include <linux/types.h>
60 #include <linux/skbuff.h>
61 #include <linux/slab.h>
62 #include <linux/wireless.h>
63 #include <linux/netdevice.h>
64 #include <linux/etherdevice.h>
65 #include <linux/if_ether.h>
66 #include <linux/byteorder/generic.h>
68 #include <asm/byteorder.h>
70 #include "wlan_compat.h"
72 /*================================================================*/
73 /* Project Includes */
75 #include "p80211types.h"
76 #include "p80211hdr.h"
77 #include "p80211conv.h"
78 #include "p80211mgmt.h"
79 #include "p80211msg.h"
80 #include "p80211netdev.h"
81 #include "p80211ioctl.h"
82 #include "p80211req.h"
85 /*================================================================*/
86 /* Local Static Definitions */
88 static u8 oui_rfc1042[] = {0x00, 0x00, 0x00};
89 static u8 oui_8021h[] = {0x00, 0x00, 0xf8};
91 /*================================================================*/
92 /* Function Definitions */
94 /*----------------------------------------------------------------
95 * p80211pb_ether_to_80211
97 * Uses the contents of the ether frame and the etherconv setting
98 * to build the elements of the 802.11 frame.
100 * We don't actually set
101 * up the frame header here. That's the MAC's job. We're only handling
102 * conversion of DIXII or 802.3+LLC frames to something that works
105 * Note -- 802.11 header is NOT part of the skb. Likewise, the 802.11
106 * FCS is also not present and will need to be added elsewhere.
109 * ethconv Conversion type to perform
110 * skb skbuff containing the ether frame
111 * p80211_hdr 802.11 header
114 * 0 on success, non-zero otherwise
117 * May be called in interrupt or non-interrupt context
118 ----------------------------------------------------------------*/
119 int skb_ether_to_p80211( wlandevice_t *wlandev, u32 ethconv, struct sk_buff *skb, p80211_hdr_t *p80211_hdr, p80211_metawep_t *p80211_wep)
129 memcpy(&e_hdr, skb->data, sizeof(e_hdr));
132 pr_debug("zero-length skb!\n");
136 if ( ethconv == WLAN_ETHCONV_ENCAP ) { /* simplest case */
137 pr_debug("ENCAP len: %d\n", skb->len);
138 /* here, we don't care what kind of ether frm. Just stick it */
139 /* in the 80211 payload */
140 /* which is to say, leave the skb alone. */
142 /* step 1: classify ether frame, DIX or 802.3? */
143 proto = ntohs(e_hdr.type);
144 if ( proto <= 1500 ) {
145 pr_debug("802.3 len: %d\n", skb->len);
146 /* codes <= 1500 reserved for 802.3 lengths */
147 /* it's 802.3, pass ether payload unchanged, */
149 /* trim off ethernet header */
150 skb_pull(skb, WLAN_ETHHDR_LEN);
152 /* leave off any PAD octets. */
153 skb_trim(skb, proto);
155 pr_debug("DIXII len: %d\n", skb->len);
156 /* it's DIXII, time for some conversion */
158 /* trim off ethernet header */
159 skb_pull(skb, WLAN_ETHHDR_LEN);
162 e_snap = (wlan_snap_t *) skb_push(skb, sizeof(wlan_snap_t));
163 e_snap->type = htons(proto);
164 if ( ethconv == WLAN_ETHCONV_8021h && p80211_stt_findproto(proto) ) {
165 memcpy( e_snap->oui, oui_8021h, WLAN_IEEE_OUI_LEN);
167 memcpy( e_snap->oui, oui_rfc1042, WLAN_IEEE_OUI_LEN);
171 e_llc = (wlan_llc_t *) skb_push(skb, sizeof(wlan_llc_t));
172 e_llc->dsap = 0xAA; /* SNAP, see IEEE 802 */
179 /* Set up the 802.11 header */
180 /* It's a data frame */
181 fc = cpu_to_le16( WLAN_SET_FC_FTYPE(WLAN_FTYPE_DATA) |
182 WLAN_SET_FC_FSTYPE(WLAN_FSTYPE_DATAONLY));
184 switch ( wlandev->macmode ) {
185 case WLAN_MACMODE_IBSS_STA:
186 memcpy(p80211_hdr->a3.a1, &e_hdr.daddr, ETH_ALEN);
187 memcpy(p80211_hdr->a3.a2, wlandev->netdev->dev_addr, ETH_ALEN);
188 memcpy(p80211_hdr->a3.a3, wlandev->bssid, ETH_ALEN);
190 case WLAN_MACMODE_ESS_STA:
191 fc |= cpu_to_le16(WLAN_SET_FC_TODS(1));
192 memcpy(p80211_hdr->a3.a1, wlandev->bssid, ETH_ALEN);
193 memcpy(p80211_hdr->a3.a2, wlandev->netdev->dev_addr, ETH_ALEN);
194 memcpy(p80211_hdr->a3.a3, &e_hdr.daddr, ETH_ALEN);
196 case WLAN_MACMODE_ESS_AP:
197 fc |= cpu_to_le16(WLAN_SET_FC_FROMDS(1));
198 memcpy(p80211_hdr->a3.a1, &e_hdr.daddr, ETH_ALEN);
199 memcpy(p80211_hdr->a3.a2, wlandev->bssid, ETH_ALEN);
200 memcpy(p80211_hdr->a3.a3, &e_hdr.saddr, ETH_ALEN);
203 printk(KERN_ERR "Error: Converting eth to wlan in unknown mode.\n");
208 p80211_wep->data = NULL;
210 if ((wlandev->hostwep & HOSTWEP_PRIVACYINVOKED) && (wlandev->hostwep & HOSTWEP_ENCRYPT)) {
211 // XXXX need to pick keynum other than default?
213 p80211_wep->data = kmalloc(skb->len, GFP_ATOMIC);
215 if ((foo = wep_encrypt(wlandev, skb->data, p80211_wep->data,
217 (wlandev->hostwep & HOSTWEP_DEFAULTKEY_MASK),
218 p80211_wep->iv, p80211_wep->icv))) {
219 printk(KERN_WARNING "Host en-WEP failed, dropping frame (%d).\n", foo);
222 fc |= cpu_to_le16(WLAN_SET_FC_ISWEP(1));
226 // skb->nh.raw = skb->data;
228 p80211_hdr->a3.fc = fc;
229 p80211_hdr->a3.dur = 0;
230 p80211_hdr->a3.seq = 0;
235 /* jkriegl: from orinoco, modified */
236 static void orinoco_spy_gather(wlandevice_t *wlandev, char *mac,
237 p80211_rxmeta_t *rxmeta)
241 /* Gather wireless spy statistics: for each packet, compare the
242 * source address with out list, and if match, get the stats... */
244 for (i = 0; i < wlandev->spy_number; i++) {
246 if (!memcmp(wlandev->spy_address[i], mac, ETH_ALEN)) {
247 memcpy(wlandev->spy_address[i], mac, ETH_ALEN);
248 wlandev->spy_stat[i].level = rxmeta->signal;
249 wlandev->spy_stat[i].noise = rxmeta->noise;
250 wlandev->spy_stat[i].qual = (rxmeta->signal > rxmeta->noise) ? \
251 (rxmeta->signal - rxmeta->noise) : 0;
252 wlandev->spy_stat[i].updated = 0x7;
257 /*----------------------------------------------------------------
258 * p80211pb_80211_to_ether
260 * Uses the contents of a received 802.11 frame and the etherconv
261 * setting to build an ether frame.
263 * This function extracts the src and dest address from the 802.11
264 * frame to use in the construction of the eth frame.
267 * ethconv Conversion type to perform
268 * skb Packet buffer containing the 802.11 frame
271 * 0 on success, non-zero otherwise
274 * May be called in interrupt or non-interrupt context
275 ----------------------------------------------------------------*/
276 int skb_p80211_to_ether( wlandevice_t *wlandev, u32 ethconv, struct sk_buff *skb)
278 netdevice_t *netdev = wlandev->netdev;
280 unsigned int payload_length;
281 unsigned int payload_offset;
282 u8 daddr[WLAN_ETHADDR_LEN];
283 u8 saddr[WLAN_ETHADDR_LEN];
285 wlan_ethhdr_t *e_hdr;
291 payload_length = skb->len - WLAN_HDR_A3_LEN - WLAN_CRC_LEN;
292 payload_offset = WLAN_HDR_A3_LEN;
294 w_hdr = (p80211_hdr_t *) skb->data;
296 /* setup some vars for convenience */
297 fc = le16_to_cpu(w_hdr->a3.fc);
298 if ( (WLAN_GET_FC_TODS(fc) == 0) && (WLAN_GET_FC_FROMDS(fc) == 0) ) {
299 memcpy(daddr, w_hdr->a3.a1, WLAN_ETHADDR_LEN);
300 memcpy(saddr, w_hdr->a3.a2, WLAN_ETHADDR_LEN);
301 } else if( (WLAN_GET_FC_TODS(fc) == 0) && (WLAN_GET_FC_FROMDS(fc) == 1) ) {
302 memcpy(daddr, w_hdr->a3.a1, WLAN_ETHADDR_LEN);
303 memcpy(saddr, w_hdr->a3.a3, WLAN_ETHADDR_LEN);
304 } else if( (WLAN_GET_FC_TODS(fc) == 1) && (WLAN_GET_FC_FROMDS(fc) == 0) ) {
305 memcpy(daddr, w_hdr->a3.a3, WLAN_ETHADDR_LEN);
306 memcpy(saddr, w_hdr->a3.a2, WLAN_ETHADDR_LEN);
308 payload_offset = WLAN_HDR_A4_LEN;
309 if (payload_length < WLAN_HDR_A4_LEN - WLAN_HDR_A3_LEN) {
310 printk(KERN_ERR "A4 frame too short!\n");
313 payload_length -= (WLAN_HDR_A4_LEN - WLAN_HDR_A3_LEN);
314 memcpy(daddr, w_hdr->a4.a3, WLAN_ETHADDR_LEN);
315 memcpy(saddr, w_hdr->a4.a4, WLAN_ETHADDR_LEN);
318 /* perform de-wep if necessary.. */
319 if ((wlandev->hostwep & HOSTWEP_PRIVACYINVOKED) && WLAN_GET_FC_ISWEP(fc) && (wlandev->hostwep & HOSTWEP_DECRYPT)) {
320 if (payload_length <= 8) {
321 printk(KERN_ERR "WEP frame too short (%u).\n",
325 if ((foo = wep_decrypt(wlandev, skb->data + payload_offset + 4,
326 payload_length - 8, -1,
327 skb->data + payload_offset,
328 skb->data + payload_offset + payload_length - 4))) {
329 /* de-wep failed, drop skb. */
330 pr_debug("Host de-WEP failed, dropping frame (%d).\n", foo);
331 wlandev->rx.decrypt_err++;
335 /* subtract the IV+ICV length off the payload */
337 /* chop off the IV */
339 /* chop off the ICV. */
340 skb_trim(skb, skb->len - 4);
342 wlandev->rx.decrypt++;
345 e_hdr = (wlan_ethhdr_t *) (skb->data + payload_offset);
347 e_llc = (wlan_llc_t *) (skb->data + payload_offset);
348 e_snap = (wlan_snap_t *) (skb->data + payload_offset + sizeof(wlan_llc_t));
350 /* Test for the various encodings */
351 if ( (payload_length >= sizeof(wlan_ethhdr_t)) &&
352 ( e_llc->dsap != 0xaa || e_llc->ssap != 0xaa ) &&
353 ((memcmp(daddr, e_hdr->daddr, WLAN_ETHADDR_LEN) == 0) ||
354 (memcmp(saddr, e_hdr->saddr, WLAN_ETHADDR_LEN) == 0))) {
355 pr_debug("802.3 ENCAP len: %d\n", payload_length);
356 /* 802.3 Encapsulated */
357 /* Test for an overlength frame */
358 if ( payload_length > (netdev->mtu + WLAN_ETHHDR_LEN)) {
359 /* A bogus length ethfrm has been encap'd. */
360 /* Is someone trying an oflow attack? */
361 printk(KERN_ERR "ENCAP frame too large (%d > %d)\n",
362 payload_length, netdev->mtu + WLAN_ETHHDR_LEN);
366 /* Chop off the 802.11 header. it's already sane. */
367 skb_pull(skb, payload_offset);
368 /* chop off the 802.11 CRC */
369 skb_trim(skb, skb->len - WLAN_CRC_LEN);
371 } else if ((payload_length >= sizeof(wlan_llc_t) + sizeof(wlan_snap_t)) &&
372 (e_llc->dsap == 0xaa) &&
373 (e_llc->ssap == 0xaa) &&
374 (e_llc->ctl == 0x03) &&
375 (((memcmp( e_snap->oui, oui_rfc1042, WLAN_IEEE_OUI_LEN)==0) &&
376 (ethconv == WLAN_ETHCONV_8021h) &&
377 (p80211_stt_findproto(le16_to_cpu(e_snap->type)))) ||
378 (memcmp( e_snap->oui, oui_rfc1042, WLAN_IEEE_OUI_LEN)!=0)))
380 pr_debug("SNAP+RFC1042 len: %d\n", payload_length);
381 /* it's a SNAP + RFC1042 frame && protocol is in STT */
382 /* build 802.3 + RFC1042 */
384 /* Test for an overlength frame */
385 if ( payload_length > netdev->mtu ) {
386 /* A bogus length ethfrm has been sent. */
387 /* Is someone trying an oflow attack? */
388 printk(KERN_ERR "SNAP frame too large (%d > %d)\n",
389 payload_length, netdev->mtu);
393 /* chop 802.11 header from skb. */
394 skb_pull(skb, payload_offset);
396 /* create 802.3 header at beginning of skb. */
397 e_hdr = (wlan_ethhdr_t *) skb_push(skb, WLAN_ETHHDR_LEN);
398 memcpy(e_hdr->daddr, daddr, WLAN_ETHADDR_LEN);
399 memcpy(e_hdr->saddr, saddr, WLAN_ETHADDR_LEN);
400 e_hdr->type = htons(payload_length);
402 /* chop off the 802.11 CRC */
403 skb_trim(skb, skb->len - WLAN_CRC_LEN);
405 } else if ((payload_length >= sizeof(wlan_llc_t) + sizeof(wlan_snap_t)) &&
406 (e_llc->dsap == 0xaa) &&
407 (e_llc->ssap == 0xaa) &&
408 (e_llc->ctl == 0x03) ) {
409 pr_debug("802.1h/RFC1042 len: %d\n", payload_length);
410 /* it's an 802.1h frame || (an RFC1042 && protocol is not in STT) */
411 /* build a DIXII + RFC894 */
413 /* Test for an overlength frame */
414 if ((payload_length - sizeof(wlan_llc_t) - sizeof(wlan_snap_t))
416 /* A bogus length ethfrm has been sent. */
417 /* Is someone trying an oflow attack? */
418 printk(KERN_ERR "DIXII frame too large (%ld > %d)\n",
419 (long int) (payload_length - sizeof(wlan_llc_t) -
420 sizeof(wlan_snap_t)),
425 /* chop 802.11 header from skb. */
426 skb_pull(skb, payload_offset);
428 /* chop llc header from skb. */
429 skb_pull(skb, sizeof(wlan_llc_t));
431 /* chop snap header from skb. */
432 skb_pull(skb, sizeof(wlan_snap_t));
434 /* create 802.3 header at beginning of skb. */
435 e_hdr = (wlan_ethhdr_t *) skb_push(skb, WLAN_ETHHDR_LEN);
436 e_hdr->type = e_snap->type;
437 memcpy(e_hdr->daddr, daddr, WLAN_ETHADDR_LEN);
438 memcpy(e_hdr->saddr, saddr, WLAN_ETHADDR_LEN);
440 /* chop off the 802.11 CRC */
441 skb_trim(skb, skb->len - WLAN_CRC_LEN);
443 pr_debug("NON-ENCAP len: %d\n", payload_length);
445 /* it's a generic 80211+LLC or IPX 'Raw 802.3' */
446 /* build an 802.3 frame */
447 /* allocate space and setup hostbuf */
449 /* Test for an overlength frame */
450 if ( payload_length > netdev->mtu ) {
451 /* A bogus length ethfrm has been sent. */
452 /* Is someone trying an oflow attack? */
453 printk(KERN_ERR "OTHER frame too large (%d > %d)\n",
459 /* Chop off the 802.11 header. */
460 skb_pull(skb, payload_offset);
462 /* create 802.3 header at beginning of skb. */
463 e_hdr = (wlan_ethhdr_t *) skb_push(skb, WLAN_ETHHDR_LEN);
464 memcpy(e_hdr->daddr, daddr, WLAN_ETHADDR_LEN);
465 memcpy(e_hdr->saddr, saddr, WLAN_ETHADDR_LEN);
466 e_hdr->type = htons(payload_length);
468 /* chop off the 802.11 CRC */
469 skb_trim(skb, skb->len - WLAN_CRC_LEN);
474 * Note that eth_type_trans() expects an skb w/ skb->data pointing
475 * at the MAC header, it then sets the following skb members:
479 * It then _returns_ the value that _we're_ supposed to stuff in
480 * skb->protocol. This is nuts.
482 skb->protocol = eth_type_trans(skb, netdev);
484 /* jkriegl: process signal and noise as set in hfa384x_int_rx() */
485 /* jkriegl: only process signal/noise if requested by iwspy */
486 if (wlandev->spy_number)
487 orinoco_spy_gather(wlandev, eth_hdr(skb)->h_source, P80211SKB_RXMETA(skb));
489 /* Free the metadata */
490 p80211skb_rxmeta_detach(skb);
495 /*----------------------------------------------------------------
496 * p80211_stt_findproto
498 * Searches the 802.1h Selective Translation Table for a given
502 * proto protocl number (in host order) to search for.
505 * 1 - if the table is empty or a match is found.
506 * 0 - if the table is non-empty and a match is not found.
509 * May be called in interrupt or non-interrupt context
510 ----------------------------------------------------------------*/
511 int p80211_stt_findproto(u16 proto)
513 /* Always return found for now. This is the behavior used by the */
514 /* Zoom Win95 driver when 802.1h mode is selected */
515 /* TODO: If necessary, add an actual search we'll probably
516 need this to match the CMAC's way of doing things.
517 Need to do some testing to confirm.
520 if (proto == 0x80f3) /* APPLETALK */
526 /*----------------------------------------------------------------
527 * p80211skb_rxmeta_detach
529 * Disconnects the frmmeta and rxmeta from an skb.
532 * wlandev The wlandev this skb belongs to.
533 * skb The skb we're attaching to.
536 * 0 on success, non-zero otherwise
539 * May be called in interrupt or non-interrupt context
540 ----------------------------------------------------------------*/
542 p80211skb_rxmeta_detach(struct sk_buff *skb)
544 p80211_rxmeta_t *rxmeta;
545 p80211_frmmeta_t *frmmeta;
548 if ( skb==NULL ) { /* bad skb */
549 pr_debug("Called w/ null skb.\n");
552 frmmeta = P80211SKB_FRMMETA(skb);
553 if ( frmmeta == NULL ) { /* no magic */
554 pr_debug("Called w/ bad frmmeta magic.\n");
557 rxmeta = frmmeta->rx;
558 if ( rxmeta == NULL ) { /* bad meta ptr */
559 pr_debug("Called w/ bad rxmeta ptr.\n");
567 memset(skb->cb, 0, sizeof(skb->cb));
572 /*----------------------------------------------------------------
573 * p80211skb_rxmeta_attach
575 * Allocates a p80211rxmeta structure, initializes it, and attaches
579 * wlandev The wlandev this skb belongs to.
580 * skb The skb we're attaching to.
583 * 0 on success, non-zero otherwise
586 * May be called in interrupt or non-interrupt context
587 ----------------------------------------------------------------*/
589 p80211skb_rxmeta_attach(struct wlandevice *wlandev, struct sk_buff *skb)
592 p80211_rxmeta_t *rxmeta;
593 p80211_frmmeta_t *frmmeta;
595 /* If these already have metadata, we error out! */
596 if (P80211SKB_RXMETA(skb) != NULL) {
597 printk(KERN_ERR "%s: RXmeta already attached!\n",
603 /* Allocate the rxmeta */
604 rxmeta = kmalloc(sizeof(p80211_rxmeta_t), GFP_ATOMIC);
606 if ( rxmeta == NULL ) {
607 printk(KERN_ERR "%s: Failed to allocate rxmeta.\n",
613 /* Initialize the rxmeta */
614 memset(rxmeta, 0, sizeof(p80211_rxmeta_t));
615 rxmeta->wlandev = wlandev;
616 rxmeta->hosttime = jiffies;
618 /* Overlay a frmmeta_t onto skb->cb */
619 memset(skb->cb, 0, sizeof(p80211_frmmeta_t));
620 frmmeta = (p80211_frmmeta_t*)(skb->cb);
621 frmmeta->magic = P80211_FRMMETA_MAGIC;
622 frmmeta->rx = rxmeta;
627 /*----------------------------------------------------------------
630 * Frees an entire p80211skb by checking and freeing the meta struct
631 * and then freeing the skb.
634 * wlandev The wlandev this skb belongs to.
635 * skb The skb we're attaching to.
638 * 0 on success, non-zero otherwise
641 * May be called in interrupt or non-interrupt context
642 ----------------------------------------------------------------*/
644 p80211skb_free(struct wlandevice *wlandev, struct sk_buff *skb)
646 p80211_frmmeta_t *meta;
648 meta = P80211SKB_FRMMETA(skb);
649 if ( meta && meta->rx) {
650 p80211skb_rxmeta_detach(skb);
652 printk(KERN_ERR "Freeing an skb (%p) w/ no frmmeta.\n", skb);