Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
libipw_rx.c
Go to the documentation of this file.
1 /*
2  * Original code based Host AP (software wireless LAN access point) driver
3  * for Intersil Prism2/2.5/3 - hostap.o module, common routines
4  *
5  * Copyright (c) 2001-2002, SSH Communications Security Corp and Jouni Malinen
6  * <[email protected]>
7  * Copyright (c) 2002-2003, Jouni Malinen <[email protected]>
8  * Copyright (c) 2004-2005, Intel Corporation
9  *
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License version 2 as
12  * published by the Free Software Foundation. See README and COPYING for
13  * more details.
14  */
15 
16 #include <linux/compiler.h>
17 #include <linux/errno.h>
18 #include <linux/if_arp.h>
19 #include <linux/in6.h>
20 #include <linux/gfp.h>
21 #include <linux/in.h>
22 #include <linux/ip.h>
23 #include <linux/kernel.h>
24 #include <linux/module.h>
25 #include <linux/netdevice.h>
26 #include <linux/proc_fs.h>
27 #include <linux/skbuff.h>
28 #include <linux/tcp.h>
29 #include <linux/types.h>
30 #include <linux/wireless.h>
31 #include <linux/etherdevice.h>
32 #include <asm/uaccess.h>
33 #include <linux/ctype.h>
34 
35 #include <net/lib80211.h>
36 
37 #include "libipw.h"
38 
39 static void libipw_monitor_rx(struct libipw_device *ieee,
40  struct sk_buff *skb,
41  struct libipw_rx_stats *rx_stats)
42 {
43  struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
44  u16 fc = le16_to_cpu(hdr->frame_control);
45 
46  skb->dev = ieee->dev;
47  skb_reset_mac_header(skb);
48  skb_pull(skb, libipw_get_hdrlen(fc));
49  skb->pkt_type = PACKET_OTHERHOST;
50  skb->protocol = htons(ETH_P_80211_RAW);
51  memset(skb->cb, 0, sizeof(skb->cb));
52  netif_rx(skb);
53 }
54 
55 /* Called only as a tasklet (software IRQ) */
56 static struct libipw_frag_entry *libipw_frag_cache_find(struct
57  libipw_device
58  *ieee,
59  unsigned int seq,
60  unsigned int frag,
61  u8 * src,
62  u8 * dst)
63 {
64  struct libipw_frag_entry *entry;
65  int i;
66 
67  for (i = 0; i < LIBIPW_FRAG_CACHE_LEN; i++) {
68  entry = &ieee->frag_cache[i];
69  if (entry->skb != NULL &&
70  time_after(jiffies, entry->first_frag_time + 2 * HZ)) {
71  LIBIPW_DEBUG_FRAG("expiring fragment cache entry "
72  "seq=%u last_frag=%u\n",
73  entry->seq, entry->last_frag);
74  dev_kfree_skb_any(entry->skb);
75  entry->skb = NULL;
76  }
77 
78  if (entry->skb != NULL && entry->seq == seq &&
79  (entry->last_frag + 1 == frag || frag == -1) &&
80  ether_addr_equal(entry->src_addr, src) &&
81  ether_addr_equal(entry->dst_addr, dst))
82  return entry;
83  }
84 
85  return NULL;
86 }
87 
88 /* Called only as a tasklet (software IRQ) */
89 static struct sk_buff *libipw_frag_cache_get(struct libipw_device *ieee,
90  struct libipw_hdr_4addr *hdr)
91 {
92  struct sk_buff *skb = NULL;
93  u16 sc;
94  unsigned int frag, seq;
95  struct libipw_frag_entry *entry;
96 
97  sc = le16_to_cpu(hdr->seq_ctl);
98  frag = WLAN_GET_SEQ_FRAG(sc);
99  seq = WLAN_GET_SEQ_SEQ(sc);
100 
101  if (frag == 0) {
102  /* Reserve enough space to fit maximum frame length */
103  skb = dev_alloc_skb(ieee->dev->mtu +
104  sizeof(struct libipw_hdr_4addr) +
105  8 /* LLC */ +
106  2 /* alignment */ +
107  8 /* WEP */ + ETH_ALEN /* WDS */ );
108  if (skb == NULL)
109  return NULL;
110 
111  entry = &ieee->frag_cache[ieee->frag_next_idx];
112  ieee->frag_next_idx++;
113  if (ieee->frag_next_idx >= LIBIPW_FRAG_CACHE_LEN)
114  ieee->frag_next_idx = 0;
115 
116  if (entry->skb != NULL)
117  dev_kfree_skb_any(entry->skb);
118 
119  entry->first_frag_time = jiffies;
120  entry->seq = seq;
121  entry->last_frag = frag;
122  entry->skb = skb;
123  memcpy(entry->src_addr, hdr->addr2, ETH_ALEN);
124  memcpy(entry->dst_addr, hdr->addr1, ETH_ALEN);
125  } else {
126  /* received a fragment of a frame for which the head fragment
127  * should have already been received */
128  entry = libipw_frag_cache_find(ieee, seq, frag, hdr->addr2,
129  hdr->addr1);
130  if (entry != NULL) {
131  entry->last_frag = frag;
132  skb = entry->skb;
133  }
134  }
135 
136  return skb;
137 }
138 
139 /* Called only as a tasklet (software IRQ) */
140 static int libipw_frag_cache_invalidate(struct libipw_device *ieee,
141  struct libipw_hdr_4addr *hdr)
142 {
143  u16 sc;
144  unsigned int seq;
145  struct libipw_frag_entry *entry;
146 
147  sc = le16_to_cpu(hdr->seq_ctl);
148  seq = WLAN_GET_SEQ_SEQ(sc);
149 
150  entry = libipw_frag_cache_find(ieee, seq, -1, hdr->addr2,
151  hdr->addr1);
152 
153  if (entry == NULL) {
154  LIBIPW_DEBUG_FRAG("could not invalidate fragment cache "
155  "entry (seq=%u)\n", seq);
156  return -1;
157  }
158 
159  entry->skb = NULL;
160  return 0;
161 }
162 
163 #ifdef NOT_YET
164 /* libipw_rx_frame_mgtmt
165  *
166  * Responsible for handling management control frames
167  *
168  * Called by libipw_rx */
169 static int
170 libipw_rx_frame_mgmt(struct libipw_device *ieee, struct sk_buff *skb,
171  struct libipw_rx_stats *rx_stats, u16 type,
172  u16 stype)
173 {
174  if (ieee->iw_mode == IW_MODE_MASTER) {
175  printk(KERN_DEBUG "%s: Master mode not yet supported.\n",
176  ieee->dev->name);
177  return 0;
178 /*
179  hostap_update_sta_ps(ieee, (struct hostap_libipw_hdr_4addr *)
180  skb->data);*/
181  }
182 
183  if (ieee->hostapd && type == WLAN_FC_TYPE_MGMT) {
184  if (stype == WLAN_FC_STYPE_BEACON &&
185  ieee->iw_mode == IW_MODE_MASTER) {
186  struct sk_buff *skb2;
187  /* Process beacon frames also in kernel driver to
188  * update STA(AP) table statistics */
189  skb2 = skb_clone(skb, GFP_ATOMIC);
190  if (skb2)
191  hostap_rx(skb2->dev, skb2, rx_stats);
192  }
193 
194  /* send management frames to the user space daemon for
195  * processing */
196  ieee->apdevstats.rx_packets++;
197  ieee->apdevstats.rx_bytes += skb->len;
198  prism2_rx_80211(ieee->apdev, skb, rx_stats, PRISM2_RX_MGMT);
199  return 0;
200  }
201 
202  if (ieee->iw_mode == IW_MODE_MASTER) {
203  if (type != WLAN_FC_TYPE_MGMT && type != WLAN_FC_TYPE_CTRL) {
204  printk(KERN_DEBUG "%s: unknown management frame "
205  "(type=0x%02x, stype=0x%02x) dropped\n",
206  skb->dev->name, type, stype);
207  return -1;
208  }
209 
210  hostap_rx(skb->dev, skb, rx_stats);
211  return 0;
212  }
213 
214  printk(KERN_DEBUG "%s: hostap_rx_frame_mgmt: management frame "
215  "received in non-Host AP mode\n", skb->dev->name);
216  return -1;
217 }
218 #endif
219 
220 /* See IEEE 802.1H for LLC/SNAP encapsulation/decapsulation */
221 /* Ethernet-II snap header (RFC1042 for most EtherTypes) */
222 static unsigned char libipw_rfc1042_header[] =
223  { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 };
224 
225 /* Bridge-Tunnel header (for EtherTypes ETH_P_AARP and ETH_P_IPX) */
226 static unsigned char libipw_bridge_tunnel_header[] =
227  { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0xf8 };
228 /* No encapsulation header if EtherType < 0x600 (=length) */
229 
230 /* Called by libipw_rx_frame_decrypt */
231 static int libipw_is_eapol_frame(struct libipw_device *ieee,
232  struct sk_buff *skb)
233 {
234  struct net_device *dev = ieee->dev;
235  u16 fc, ethertype;
236  struct libipw_hdr_3addr *hdr;
237  u8 *pos;
238 
239  if (skb->len < 24)
240  return 0;
241 
242  hdr = (struct libipw_hdr_3addr *)skb->data;
243  fc = le16_to_cpu(hdr->frame_ctl);
244 
245  /* check that the frame is unicast frame to us */
246  if ((fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) ==
247  IEEE80211_FCTL_TODS &&
248  ether_addr_equal(hdr->addr1, dev->dev_addr) &&
249  ether_addr_equal(hdr->addr3, dev->dev_addr)) {
250  /* ToDS frame with own addr BSSID and DA */
251  } else if ((fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) ==
252  IEEE80211_FCTL_FROMDS &&
253  ether_addr_equal(hdr->addr1, dev->dev_addr)) {
254  /* FromDS frame with own addr as DA */
255  } else
256  return 0;
257 
258  if (skb->len < 24 + 8)
259  return 0;
260 
261  /* check for port access entity Ethernet type */
262  pos = skb->data + 24;
263  ethertype = (pos[6] << 8) | pos[7];
264  if (ethertype == ETH_P_PAE)
265  return 1;
266 
267  return 0;
268 }
269 
270 /* Called only as a tasklet (software IRQ), by libipw_rx */
271 static int
272 libipw_rx_frame_decrypt(struct libipw_device *ieee, struct sk_buff *skb,
273  struct lib80211_crypt_data *crypt)
274 {
275  struct libipw_hdr_3addr *hdr;
276  int res, hdrlen;
277 
278  if (crypt == NULL || crypt->ops->decrypt_mpdu == NULL)
279  return 0;
280 
281  hdr = (struct libipw_hdr_3addr *)skb->data;
282  hdrlen = libipw_get_hdrlen(le16_to_cpu(hdr->frame_ctl));
283 
284  atomic_inc(&crypt->refcnt);
285  res = crypt->ops->decrypt_mpdu(skb, hdrlen, crypt->priv);
286  atomic_dec(&crypt->refcnt);
287  if (res < 0) {
288  LIBIPW_DEBUG_DROP("decryption failed (SA=%pM) res=%d\n",
289  hdr->addr2, res);
290  if (res == -2)
291  LIBIPW_DEBUG_DROP("Decryption failed ICV "
292  "mismatch (key %d)\n",
293  skb->data[hdrlen + 3] >> 6);
294  ieee->ieee_stats.rx_discards_undecryptable++;
295  return -1;
296  }
297 
298  return res;
299 }
300 
301 /* Called only as a tasklet (software IRQ), by libipw_rx */
302 static int
303 libipw_rx_frame_decrypt_msdu(struct libipw_device *ieee,
304  struct sk_buff *skb, int keyidx,
305  struct lib80211_crypt_data *crypt)
306 {
307  struct libipw_hdr_3addr *hdr;
308  int res, hdrlen;
309 
310  if (crypt == NULL || crypt->ops->decrypt_msdu == NULL)
311  return 0;
312 
313  hdr = (struct libipw_hdr_3addr *)skb->data;
314  hdrlen = libipw_get_hdrlen(le16_to_cpu(hdr->frame_ctl));
315 
316  atomic_inc(&crypt->refcnt);
317  res = crypt->ops->decrypt_msdu(skb, keyidx, hdrlen, crypt->priv);
318  atomic_dec(&crypt->refcnt);
319  if (res < 0) {
320  printk(KERN_DEBUG "%s: MSDU decryption/MIC verification failed"
321  " (SA=%pM keyidx=%d)\n", ieee->dev->name, hdr->addr2,
322  keyidx);
323  return -1;
324  }
325 
326  return 0;
327 }
328 
329 /* All received frames are sent to this function. @skb contains the frame in
330  * IEEE 802.11 format, i.e., in the format it was sent over air.
331  * This function is called only as a tasklet (software IRQ). */
332 int libipw_rx(struct libipw_device *ieee, struct sk_buff *skb,
333  struct libipw_rx_stats *rx_stats)
334 {
335  struct net_device *dev = ieee->dev;
336  struct libipw_hdr_4addr *hdr;
337  size_t hdrlen;
338  u16 fc, type, stype, sc;
339  unsigned int frag;
340  u8 *payload;
341  u16 ethertype;
342 #ifdef NOT_YET
343  struct net_device *wds = NULL;
344  struct sk_buff *skb2 = NULL;
345  struct net_device *wds = NULL;
346  int frame_authorized = 0;
347  int from_assoc_ap = 0;
348  void *sta = NULL;
349 #endif
350  u8 dst[ETH_ALEN];
351  u8 src[ETH_ALEN];
352  struct lib80211_crypt_data *crypt = NULL;
353  int keyidx = 0;
354  int can_be_decrypted = 0;
355 
356  hdr = (struct libipw_hdr_4addr *)skb->data;
357  if (skb->len < 10) {
358  printk(KERN_INFO "%s: SKB length < 10\n", dev->name);
359  goto rx_dropped;
360  }
361 
362  fc = le16_to_cpu(hdr->frame_ctl);
363  type = WLAN_FC_GET_TYPE(fc);
364  stype = WLAN_FC_GET_STYPE(fc);
365  sc = le16_to_cpu(hdr->seq_ctl);
366  frag = WLAN_GET_SEQ_FRAG(sc);
367  hdrlen = libipw_get_hdrlen(fc);
368 
369  if (skb->len < hdrlen) {
370  printk(KERN_INFO "%s: invalid SKB length %d\n",
371  dev->name, skb->len);
372  goto rx_dropped;
373  }
374 
375  /* Put this code here so that we avoid duplicating it in all
376  * Rx paths. - Jean II */
377 #ifdef CONFIG_WIRELESS_EXT
378 #ifdef IW_WIRELESS_SPY /* defined in iw_handler.h */
379  /* If spy monitoring on */
380  if (ieee->spy_data.spy_number > 0) {
381  struct iw_quality wstats;
382 
383  wstats.updated = 0;
384  if (rx_stats->mask & LIBIPW_STATMASK_RSSI) {
385  wstats.level = rx_stats->signal;
386  wstats.updated |= IW_QUAL_LEVEL_UPDATED;
387  } else
388  wstats.updated |= IW_QUAL_LEVEL_INVALID;
389 
390  if (rx_stats->mask & LIBIPW_STATMASK_NOISE) {
391  wstats.noise = rx_stats->noise;
392  wstats.updated |= IW_QUAL_NOISE_UPDATED;
393  } else
394  wstats.updated |= IW_QUAL_NOISE_INVALID;
395 
396  if (rx_stats->mask & LIBIPW_STATMASK_SIGNAL) {
397  wstats.qual = rx_stats->signal;
398  wstats.updated |= IW_QUAL_QUAL_UPDATED;
399  } else
400  wstats.updated |= IW_QUAL_QUAL_INVALID;
401 
402  /* Update spy records */
403  wireless_spy_update(ieee->dev, hdr->addr2, &wstats);
404  }
405 #endif /* IW_WIRELESS_SPY */
406 #endif /* CONFIG_WIRELESS_EXT */
407 
408 #ifdef NOT_YET
409  hostap_update_rx_stats(local->ap, hdr, rx_stats);
410 #endif
411 
412  if (ieee->iw_mode == IW_MODE_MONITOR) {
413  dev->stats.rx_packets++;
414  dev->stats.rx_bytes += skb->len;
415  libipw_monitor_rx(ieee, skb, rx_stats);
416  return 1;
417  }
418 
419  can_be_decrypted = (is_multicast_ether_addr(hdr->addr1) ||
420  is_broadcast_ether_addr(hdr->addr2)) ?
421  ieee->host_mc_decrypt : ieee->host_decrypt;
422 
423  if (can_be_decrypted) {
424  if (skb->len >= hdrlen + 3) {
425  /* Top two-bits of byte 3 are the key index */
426  keyidx = skb->data[hdrlen + 3] >> 6;
427  }
428 
429  /* ieee->crypt[] is WEP_KEY (4) in length. Given that keyidx
430  * is only allowed 2-bits of storage, no value of keyidx can
431  * be provided via above code that would result in keyidx
432  * being out of range */
433  crypt = ieee->crypt_info.crypt[keyidx];
434 
435 #ifdef NOT_YET
436  sta = NULL;
437 
438  /* Use station specific key to override default keys if the
439  * receiver address is a unicast address ("individual RA"). If
440  * bcrx_sta_key parameter is set, station specific key is used
441  * even with broad/multicast targets (this is against IEEE
442  * 802.11, but makes it easier to use different keys with
443  * stations that do not support WEP key mapping). */
444 
445  if (is_unicast_ether_addr(hdr->addr1) || local->bcrx_sta_key)
446  (void)hostap_handle_sta_crypto(local, hdr, &crypt,
447  &sta);
448 #endif
449 
450  /* allow NULL decrypt to indicate an station specific override
451  * for default encryption */
452  if (crypt && (crypt->ops == NULL ||
453  crypt->ops->decrypt_mpdu == NULL))
454  crypt = NULL;
455 
456  if (!crypt && (fc & IEEE80211_FCTL_PROTECTED)) {
457  /* This seems to be triggered by some (multicast?)
458  * frames from other than current BSS, so just drop the
459  * frames silently instead of filling system log with
460  * these reports. */
461  LIBIPW_DEBUG_DROP("Decryption failed (not set)"
462  " (SA=%pM)\n", hdr->addr2);
463  ieee->ieee_stats.rx_discards_undecryptable++;
464  goto rx_dropped;
465  }
466  }
467 #ifdef NOT_YET
468  if (type != WLAN_FC_TYPE_DATA) {
469  if (type == WLAN_FC_TYPE_MGMT && stype == WLAN_FC_STYPE_AUTH &&
470  fc & IEEE80211_FCTL_PROTECTED && ieee->host_decrypt &&
471  (keyidx = hostap_rx_frame_decrypt(ieee, skb, crypt)) < 0) {
472  printk(KERN_DEBUG "%s: failed to decrypt mgmt::auth "
473  "from %pM\n", dev->name, hdr->addr2);
474  /* TODO: could inform hostapd about this so that it
475  * could send auth failure report */
476  goto rx_dropped;
477  }
478 
479  if (libipw_rx_frame_mgmt(ieee, skb, rx_stats, type, stype))
480  goto rx_dropped;
481  else
482  goto rx_exit;
483  }
484 #endif
485  /* drop duplicate 802.11 retransmissions (IEEE 802.11 Chap. 9.29) */
486  if (sc == ieee->prev_seq_ctl)
487  goto rx_dropped;
488  else
489  ieee->prev_seq_ctl = sc;
490 
491  /* Data frame - extract src/dst addresses */
492  if (skb->len < LIBIPW_3ADDR_LEN)
493  goto rx_dropped;
494 
495  switch (fc & (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) {
496  case IEEE80211_FCTL_FROMDS:
497  memcpy(dst, hdr->addr1, ETH_ALEN);
498  memcpy(src, hdr->addr3, ETH_ALEN);
499  break;
500  case IEEE80211_FCTL_TODS:
501  memcpy(dst, hdr->addr3, ETH_ALEN);
502  memcpy(src, hdr->addr2, ETH_ALEN);
503  break;
504  case IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS:
505  if (skb->len < LIBIPW_4ADDR_LEN)
506  goto rx_dropped;
507  memcpy(dst, hdr->addr3, ETH_ALEN);
508  memcpy(src, hdr->addr4, ETH_ALEN);
509  break;
510  case 0:
511  memcpy(dst, hdr->addr1, ETH_ALEN);
512  memcpy(src, hdr->addr2, ETH_ALEN);
513  break;
514  }
515 
516 #ifdef NOT_YET
517  if (hostap_rx_frame_wds(ieee, hdr, fc, &wds))
518  goto rx_dropped;
519  if (wds) {
520  skb->dev = dev = wds;
521  stats = hostap_get_stats(dev);
522  }
523 
524  if (ieee->iw_mode == IW_MODE_MASTER && !wds &&
525  (fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) ==
526  IEEE80211_FCTL_FROMDS && ieee->stadev &&
527  ether_addr_equal(hdr->addr2, ieee->assoc_ap_addr)) {
528  /* Frame from BSSID of the AP for which we are a client */
529  skb->dev = dev = ieee->stadev;
530  stats = hostap_get_stats(dev);
531  from_assoc_ap = 1;
532  }
533 #endif
534 
535 #ifdef NOT_YET
536  if ((ieee->iw_mode == IW_MODE_MASTER ||
537  ieee->iw_mode == IW_MODE_REPEAT) && !from_assoc_ap) {
538  switch (hostap_handle_sta_rx(ieee, dev, skb, rx_stats,
539  wds != NULL)) {
540  case AP_RX_CONTINUE_NOT_AUTHORIZED:
541  frame_authorized = 0;
542  break;
543  case AP_RX_CONTINUE:
544  frame_authorized = 1;
545  break;
546  case AP_RX_DROP:
547  goto rx_dropped;
548  case AP_RX_EXIT:
549  goto rx_exit;
550  }
551  }
552 #endif
553 
554  /* Nullfunc frames may have PS-bit set, so they must be passed to
555  * hostap_handle_sta_rx() before being dropped here. */
556 
557  stype &= ~IEEE80211_STYPE_QOS_DATA;
558 
559  if (stype != IEEE80211_STYPE_DATA &&
560  stype != IEEE80211_STYPE_DATA_CFACK &&
561  stype != IEEE80211_STYPE_DATA_CFPOLL &&
562  stype != IEEE80211_STYPE_DATA_CFACKPOLL) {
563  if (stype != IEEE80211_STYPE_NULLFUNC)
564  LIBIPW_DEBUG_DROP("RX: dropped data frame "
565  "with no data (type=0x%02x, "
566  "subtype=0x%02x, len=%d)\n",
567  type, stype, skb->len);
568  goto rx_dropped;
569  }
570 
571  /* skb: hdr + (possibly fragmented, possibly encrypted) payload */
572 
573  if ((fc & IEEE80211_FCTL_PROTECTED) && can_be_decrypted &&
574  (keyidx = libipw_rx_frame_decrypt(ieee, skb, crypt)) < 0)
575  goto rx_dropped;
576 
577  hdr = (struct libipw_hdr_4addr *)skb->data;
578 
579  /* skb: hdr + (possibly fragmented) plaintext payload */
580  // PR: FIXME: hostap has additional conditions in the "if" below:
581  // ieee->host_decrypt && (fc & IEEE80211_FCTL_PROTECTED) &&
582  if ((frag != 0) || (fc & IEEE80211_FCTL_MOREFRAGS)) {
583  int flen;
584  struct sk_buff *frag_skb = libipw_frag_cache_get(ieee, hdr);
585  LIBIPW_DEBUG_FRAG("Rx Fragment received (%u)\n", frag);
586 
587  if (!frag_skb) {
588  LIBIPW_DEBUG(LIBIPW_DL_RX | LIBIPW_DL_FRAG,
589  "Rx cannot get skb from fragment "
590  "cache (morefrag=%d seq=%u frag=%u)\n",
591  (fc & IEEE80211_FCTL_MOREFRAGS) != 0,
592  WLAN_GET_SEQ_SEQ(sc), frag);
593  goto rx_dropped;
594  }
595 
596  flen = skb->len;
597  if (frag != 0)
598  flen -= hdrlen;
599 
600  if (frag_skb->tail + flen > frag_skb->end) {
601  printk(KERN_WARNING "%s: host decrypted and "
602  "reassembled frame did not fit skb\n",
603  dev->name);
604  libipw_frag_cache_invalidate(ieee, hdr);
605  goto rx_dropped;
606  }
607 
608  if (frag == 0) {
609  /* copy first fragment (including full headers) into
610  * beginning of the fragment cache skb */
611  skb_copy_from_linear_data(skb, skb_put(frag_skb, flen), flen);
612  } else {
613  /* append frame payload to the end of the fragment
614  * cache skb */
615  skb_copy_from_linear_data_offset(skb, hdrlen,
616  skb_put(frag_skb, flen), flen);
617  }
618  dev_kfree_skb_any(skb);
619  skb = NULL;
620 
621  if (fc & IEEE80211_FCTL_MOREFRAGS) {
622  /* more fragments expected - leave the skb in fragment
623  * cache for now; it will be delivered to upper layers
624  * after all fragments have been received */
625  goto rx_exit;
626  }
627 
628  /* this was the last fragment and the frame will be
629  * delivered, so remove skb from fragment cache */
630  skb = frag_skb;
631  hdr = (struct libipw_hdr_4addr *)skb->data;
632  libipw_frag_cache_invalidate(ieee, hdr);
633  }
634 
635  /* skb: hdr + (possible reassembled) full MSDU payload; possibly still
636  * encrypted/authenticated */
637  if ((fc & IEEE80211_FCTL_PROTECTED) && can_be_decrypted &&
638  libipw_rx_frame_decrypt_msdu(ieee, skb, keyidx, crypt))
639  goto rx_dropped;
640 
641  hdr = (struct libipw_hdr_4addr *)skb->data;
642  if (crypt && !(fc & IEEE80211_FCTL_PROTECTED) && !ieee->open_wep) {
643  if ( /*ieee->ieee802_1x && */
644  libipw_is_eapol_frame(ieee, skb)) {
645  /* pass unencrypted EAPOL frames even if encryption is
646  * configured */
647  } else {
648  LIBIPW_DEBUG_DROP("encryption configured, but RX "
649  "frame not encrypted (SA=%pM)\n",
650  hdr->addr2);
651  goto rx_dropped;
652  }
653  }
654 
655  if (crypt && !(fc & IEEE80211_FCTL_PROTECTED) && !ieee->open_wep &&
656  !libipw_is_eapol_frame(ieee, skb)) {
657  LIBIPW_DEBUG_DROP("dropped unencrypted RX data "
658  "frame from %pM (drop_unencrypted=1)\n",
659  hdr->addr2);
660  goto rx_dropped;
661  }
662 
663  /* If the frame was decrypted in hardware, we may need to strip off
664  * any security data (IV, ICV, etc) that was left behind */
665  if (!can_be_decrypted && (fc & IEEE80211_FCTL_PROTECTED) &&
666  ieee->host_strip_iv_icv) {
667  int trimlen = 0;
668 
669  /* Top two-bits of byte 3 are the key index */
670  if (skb->len >= hdrlen + 3)
671  keyidx = skb->data[hdrlen + 3] >> 6;
672 
673  /* To strip off any security data which appears before the
674  * payload, we simply increase hdrlen (as the header gets
675  * chopped off immediately below). For the security data which
676  * appears after the payload, we use skb_trim. */
677 
678  switch (ieee->sec.encode_alg[keyidx]) {
679  case SEC_ALG_WEP:
680  /* 4 byte IV */
681  hdrlen += 4;
682  /* 4 byte ICV */
683  trimlen = 4;
684  break;
685  case SEC_ALG_TKIP:
686  /* 4 byte IV, 4 byte ExtIV */
687  hdrlen += 8;
688  /* 8 byte MIC, 4 byte ICV */
689  trimlen = 12;
690  break;
691  case SEC_ALG_CCMP:
692  /* 8 byte CCMP header */
693  hdrlen += 8;
694  /* 8 byte MIC */
695  trimlen = 8;
696  break;
697  }
698 
699  if (skb->len < trimlen)
700  goto rx_dropped;
701 
702  __skb_trim(skb, skb->len - trimlen);
703 
704  if (skb->len < hdrlen)
705  goto rx_dropped;
706  }
707 
708  /* skb: hdr + (possible reassembled) full plaintext payload */
709 
710  payload = skb->data + hdrlen;
711  ethertype = (payload[6] << 8) | payload[7];
712 
713 #ifdef NOT_YET
714  /* If IEEE 802.1X is used, check whether the port is authorized to send
715  * the received frame. */
716  if (ieee->ieee802_1x && ieee->iw_mode == IW_MODE_MASTER) {
717  if (ethertype == ETH_P_PAE) {
718  printk(KERN_DEBUG "%s: RX: IEEE 802.1X frame\n",
719  dev->name);
720  if (ieee->hostapd && ieee->apdev) {
721  /* Send IEEE 802.1X frames to the user
722  * space daemon for processing */
723  prism2_rx_80211(ieee->apdev, skb, rx_stats,
724  PRISM2_RX_MGMT);
725  ieee->apdevstats.rx_packets++;
726  ieee->apdevstats.rx_bytes += skb->len;
727  goto rx_exit;
728  }
729  } else if (!frame_authorized) {
730  printk(KERN_DEBUG "%s: dropped frame from "
731  "unauthorized port (IEEE 802.1X): "
732  "ethertype=0x%04x\n", dev->name, ethertype);
733  goto rx_dropped;
734  }
735  }
736 #endif
737 
738  /* convert hdr + possible LLC headers into Ethernet header */
739  if (skb->len - hdrlen >= 8 &&
740  ((memcmp(payload, libipw_rfc1042_header, SNAP_SIZE) == 0 &&
741  ethertype != ETH_P_AARP && ethertype != ETH_P_IPX) ||
742  memcmp(payload, libipw_bridge_tunnel_header, SNAP_SIZE) == 0)) {
743  /* remove RFC1042 or Bridge-Tunnel encapsulation and
744  * replace EtherType */
745  skb_pull(skb, hdrlen + SNAP_SIZE);
746  memcpy(skb_push(skb, ETH_ALEN), src, ETH_ALEN);
747  memcpy(skb_push(skb, ETH_ALEN), dst, ETH_ALEN);
748  } else {
749  __be16 len;
750  /* Leave Ethernet header part of hdr and full payload */
751  skb_pull(skb, hdrlen);
752  len = htons(skb->len);
753  memcpy(skb_push(skb, 2), &len, 2);
754  memcpy(skb_push(skb, ETH_ALEN), src, ETH_ALEN);
755  memcpy(skb_push(skb, ETH_ALEN), dst, ETH_ALEN);
756  }
757 
758 #ifdef NOT_YET
759  if (wds && ((fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) ==
760  IEEE80211_FCTL_TODS) && skb->len >= ETH_HLEN + ETH_ALEN) {
761  /* Non-standard frame: get addr4 from its bogus location after
762  * the payload */
763  skb_copy_to_linear_data_offset(skb, ETH_ALEN,
764  skb->data + skb->len - ETH_ALEN,
765  ETH_ALEN);
766  skb_trim(skb, skb->len - ETH_ALEN);
767  }
768 #endif
769 
770  dev->stats.rx_packets++;
771  dev->stats.rx_bytes += skb->len;
772 
773 #ifdef NOT_YET
774  if (ieee->iw_mode == IW_MODE_MASTER && !wds && ieee->ap->bridge_packets) {
775  if (is_multicast_ether_addr(dst)) {
776  /* copy multicast frame both to the higher layers and
777  * to the wireless media */
778  ieee->ap->bridged_multicast++;
779  skb2 = skb_clone(skb, GFP_ATOMIC);
780  if (skb2 == NULL)
781  printk(KERN_DEBUG "%s: skb_clone failed for "
782  "multicast frame\n", dev->name);
783  } else if (hostap_is_sta_assoc(ieee->ap, dst)) {
784  /* send frame directly to the associated STA using
785  * wireless media and not passing to higher layers */
786  ieee->ap->bridged_unicast++;
787  skb2 = skb;
788  skb = NULL;
789  }
790  }
791 
792  if (skb2 != NULL) {
793  /* send to wireless media */
794  skb2->dev = dev;
795  skb2->protocol = htons(ETH_P_802_3);
796  skb_reset_mac_header(skb2);
797  skb_reset_network_header(skb2);
798  /* skb2->network_header += ETH_HLEN; */
799  dev_queue_xmit(skb2);
800  }
801 #endif
802 
803  if (skb) {
804  skb->protocol = eth_type_trans(skb, dev);
805  memset(skb->cb, 0, sizeof(skb->cb));
806  skb->ip_summed = CHECKSUM_NONE; /* 802.11 crc not sufficient */
807  if (netif_rx(skb) == NET_RX_DROP) {
808  /* netif_rx always succeeds, but it might drop
809  * the packet. If it drops the packet, we log that
810  * in our stats. */
811  LIBIPW_DEBUG_DROP
812  ("RX: netif_rx dropped the packet\n");
813  dev->stats.rx_dropped++;
814  }
815  }
816 
817  rx_exit:
818 #ifdef NOT_YET
819  if (sta)
820  hostap_handle_sta_release(sta);
821 #endif
822  return 1;
823 
824  rx_dropped:
825  dev->stats.rx_dropped++;
826 
827  /* Returning 0 indicates to caller that we have not handled the SKB--
828  * so it is still allocated and can be used again by underlying
829  * hardware as a DMA target */
830  return 0;
831 }
832 
833 /* Filter out unrelated packets, call libipw_rx[_mgt]
834  * This function takes over the skb, it should not be used again after calling
835  * this function. */
836 void libipw_rx_any(struct libipw_device *ieee,
837  struct sk_buff *skb, struct libipw_rx_stats *stats)
838 {
839  struct libipw_hdr_4addr *hdr;
840  int is_packet_for_us;
841  u16 fc;
842 
843  if (ieee->iw_mode == IW_MODE_MONITOR) {
844  if (!libipw_rx(ieee, skb, stats))
845  dev_kfree_skb_irq(skb);
846  return;
847  }
848 
849  if (skb->len < sizeof(struct ieee80211_hdr))
850  goto drop_free;
851 
852  hdr = (struct libipw_hdr_4addr *)skb->data;
853  fc = le16_to_cpu(hdr->frame_ctl);
854 
855  if ((fc & IEEE80211_FCTL_VERS) != 0)
856  goto drop_free;
857 
858  switch (fc & IEEE80211_FCTL_FTYPE) {
859  case IEEE80211_FTYPE_MGMT:
860  if (skb->len < sizeof(struct libipw_hdr_3addr))
861  goto drop_free;
862  libipw_rx_mgt(ieee, hdr, stats);
863  dev_kfree_skb_irq(skb);
864  return;
865  case IEEE80211_FTYPE_DATA:
866  break;
867  case IEEE80211_FTYPE_CTL:
868  return;
869  default:
870  return;
871  }
872 
873  is_packet_for_us = 0;
874  switch (ieee->iw_mode) {
875  case IW_MODE_ADHOC:
876  /* our BSS and not from/to DS */
877  if (memcmp(hdr->addr3, ieee->bssid, ETH_ALEN) == 0)
878  if ((fc & (IEEE80211_FCTL_TODS+IEEE80211_FCTL_FROMDS)) == 0) {
879  /* promisc: get all */
880  if (ieee->dev->flags & IFF_PROMISC)
881  is_packet_for_us = 1;
882  /* to us */
883  else if (memcmp(hdr->addr1, ieee->dev->dev_addr, ETH_ALEN) == 0)
884  is_packet_for_us = 1;
885  /* mcast */
886  else if (is_multicast_ether_addr(hdr->addr1))
887  is_packet_for_us = 1;
888  }
889  break;
890  case IW_MODE_INFRA:
891  /* our BSS (== from our AP) and from DS */
892  if (memcmp(hdr->addr2, ieee->bssid, ETH_ALEN) == 0)
893  if ((fc & (IEEE80211_FCTL_TODS+IEEE80211_FCTL_FROMDS)) == IEEE80211_FCTL_FROMDS) {
894  /* promisc: get all */
895  if (ieee->dev->flags & IFF_PROMISC)
896  is_packet_for_us = 1;
897  /* to us */
898  else if (memcmp(hdr->addr1, ieee->dev->dev_addr, ETH_ALEN) == 0)
899  is_packet_for_us = 1;
900  /* mcast */
901  else if (is_multicast_ether_addr(hdr->addr1)) {
902  /* not our own packet bcasted from AP */
903  if (memcmp(hdr->addr3, ieee->dev->dev_addr, ETH_ALEN))
904  is_packet_for_us = 1;
905  }
906  }
907  break;
908  default:
909  /* ? */
910  break;
911  }
912 
913  if (is_packet_for_us)
914  if (!libipw_rx(ieee, skb, stats))
915  dev_kfree_skb_irq(skb);
916  return;
917 
918 drop_free:
919  dev_kfree_skb_irq(skb);
920  ieee->dev->stats.rx_dropped++;
921 }
922 
923 #define MGMT_FRAME_FIXED_PART_LENGTH 0x24
924 
925 static u8 qos_oui[QOS_OUI_LEN] = { 0x00, 0x50, 0xF2 };
926 
927 /*
928 * Make the structure we read from the beacon packet to have
929 * the right values
930 */
931 static int libipw_verify_qos_info(struct libipw_qos_information_element
932  *info_element, int sub_type)
933 {
934 
935  if (info_element->qui_subtype != sub_type)
936  return -1;
937  if (memcmp(info_element->qui, qos_oui, QOS_OUI_LEN))
938  return -1;
939  if (info_element->qui_type != QOS_OUI_TYPE)
940  return -1;
941  if (info_element->version != QOS_VERSION_1)
942  return -1;
943 
944  return 0;
945 }
946 
947 /*
948  * Parse a QoS parameter element
949  */
950 static int libipw_read_qos_param_element(struct libipw_qos_parameter_info
951  *element_param, struct libipw_info_element
952  *info_element)
953 {
954  int ret = 0;
955  u16 size = sizeof(struct libipw_qos_parameter_info) - 2;
956 
957  if ((info_element == NULL) || (element_param == NULL))
958  return -1;
959 
960  if (info_element->id == QOS_ELEMENT_ID && info_element->len == size) {
961  memcpy(element_param->info_element.qui, info_element->data,
962  info_element->len);
963  element_param->info_element.elementID = info_element->id;
964  element_param->info_element.length = info_element->len;
965  } else
966  ret = -1;
967  if (ret == 0)
968  ret = libipw_verify_qos_info(&element_param->info_element,
969  QOS_OUI_PARAM_SUB_TYPE);
970  return ret;
971 }
972 
973 /*
974  * Parse a QoS information element
975  */
976 static int libipw_read_qos_info_element(struct
977  libipw_qos_information_element
978  *element_info, struct libipw_info_element
979  *info_element)
980 {
981  int ret = 0;
982  u16 size = sizeof(struct libipw_qos_information_element) - 2;
983 
984  if (element_info == NULL)
985  return -1;
986  if (info_element == NULL)
987  return -1;
988 
989  if ((info_element->id == QOS_ELEMENT_ID) && (info_element->len == size)) {
990  memcpy(element_info->qui, info_element->data,
991  info_element->len);
992  element_info->elementID = info_element->id;
993  element_info->length = info_element->len;
994  } else
995  ret = -1;
996 
997  if (ret == 0)
998  ret = libipw_verify_qos_info(element_info,
999  QOS_OUI_INFO_SUB_TYPE);
1000  return ret;
1001 }
1002 
1003 /*
1004  * Write QoS parameters from the ac parameters.
1005  */
1006 static int libipw_qos_convert_ac_to_parameters(struct
1007  libipw_qos_parameter_info
1008  *param_elm, struct
1009  libipw_qos_parameters
1010  *qos_param)
1011 {
1012  int rc = 0;
1013  int i;
1014  struct libipw_qos_ac_parameter *ac_params;
1015  u32 txop;
1016  u8 cw_min;
1017  u8 cw_max;
1018 
1019  for (i = 0; i < QOS_QUEUE_NUM; i++) {
1020  ac_params = &(param_elm->ac_params_record[i]);
1021 
1022  qos_param->aifs[i] = (ac_params->aci_aifsn) & 0x0F;
1023  qos_param->aifs[i] -= (qos_param->aifs[i] < 2) ? 0 : 2;
1024 
1025  cw_min = ac_params->ecw_min_max & 0x0F;
1026  qos_param->cw_min[i] = cpu_to_le16((1 << cw_min) - 1);
1027 
1028  cw_max = (ac_params->ecw_min_max & 0xF0) >> 4;
1029  qos_param->cw_max[i] = cpu_to_le16((1 << cw_max) - 1);
1030 
1031  qos_param->flag[i] =
1032  (ac_params->aci_aifsn & 0x10) ? 0x01 : 0x00;
1033 
1034  txop = le16_to_cpu(ac_params->tx_op_limit) * 32;
1035  qos_param->tx_op_limit[i] = cpu_to_le16(txop);
1036  }
1037  return rc;
1038 }
1039 
1040 /*
1041  * we have a generic data element which it may contain QoS information or
1042  * parameters element. check the information element length to decide
1043  * which type to read
1044  */
1045 static int libipw_parse_qos_info_param_IE(struct libipw_info_element
1046  *info_element,
1047  struct libipw_network *network)
1048 {
1049  int rc = 0;
1050  struct libipw_qos_parameters *qos_param = NULL;
1051  struct libipw_qos_information_element qos_info_element;
1052 
1053  rc = libipw_read_qos_info_element(&qos_info_element, info_element);
1054 
1055  if (rc == 0) {
1056  network->qos_data.param_count = qos_info_element.ac_info & 0x0F;
1057  network->flags |= NETWORK_HAS_QOS_INFORMATION;
1058  } else {
1059  struct libipw_qos_parameter_info param_element;
1060 
1061  rc = libipw_read_qos_param_element(&param_element,
1062  info_element);
1063  if (rc == 0) {
1064  qos_param = &(network->qos_data.parameters);
1065  libipw_qos_convert_ac_to_parameters(&param_element,
1066  qos_param);
1067  network->flags |= NETWORK_HAS_QOS_PARAMETERS;
1068  network->qos_data.param_count =
1069  param_element.info_element.ac_info & 0x0F;
1070  }
1071  }
1072 
1073  if (rc == 0) {
1074  LIBIPW_DEBUG_QOS("QoS is supported\n");
1075  network->qos_data.supported = 1;
1076  }
1077  return rc;
1078 }
1079 
1080 #ifdef CONFIG_LIBIPW_DEBUG
1081 #define MFIE_STRING(x) case WLAN_EID_ ##x: return #x
1082 
1083 static const char *get_info_element_string(u16 id)
1084 {
1085  switch (id) {
1086  MFIE_STRING(SSID);
1087  MFIE_STRING(SUPP_RATES);
1088  MFIE_STRING(FH_PARAMS);
1089  MFIE_STRING(DS_PARAMS);
1090  MFIE_STRING(CF_PARAMS);
1091  MFIE_STRING(TIM);
1092  MFIE_STRING(IBSS_PARAMS);
1093  MFIE_STRING(COUNTRY);
1094  MFIE_STRING(HP_PARAMS);
1095  MFIE_STRING(HP_TABLE);
1096  MFIE_STRING(REQUEST);
1097  MFIE_STRING(CHALLENGE);
1098  MFIE_STRING(PWR_CONSTRAINT);
1099  MFIE_STRING(PWR_CAPABILITY);
1100  MFIE_STRING(TPC_REQUEST);
1101  MFIE_STRING(TPC_REPORT);
1102  MFIE_STRING(SUPPORTED_CHANNELS);
1103  MFIE_STRING(CHANNEL_SWITCH);
1104  MFIE_STRING(MEASURE_REQUEST);
1105  MFIE_STRING(MEASURE_REPORT);
1106  MFIE_STRING(QUIET);
1107  MFIE_STRING(IBSS_DFS);
1108  MFIE_STRING(ERP_INFO);
1109  MFIE_STRING(RSN);
1110  MFIE_STRING(EXT_SUPP_RATES);
1111  MFIE_STRING(GENERIC);
1112  MFIE_STRING(QOS_PARAMETER);
1113  default:
1114  return "UNKNOWN";
1115  }
1116 }
1117 #endif
1118 
1119 static int libipw_parse_info_param(struct libipw_info_element
1120  *info_element, u16 length,
1121  struct libipw_network *network)
1122 {
1123  DECLARE_SSID_BUF(ssid);
1124  u8 i;
1125 #ifdef CONFIG_LIBIPW_DEBUG
1126  char rates_str[64];
1127  char *p;
1128 #endif
1129 
1130  while (length >= sizeof(*info_element)) {
1131  if (sizeof(*info_element) + info_element->len > length) {
1132  LIBIPW_DEBUG_MGMT("Info elem: parse failed: "
1133  "info_element->len + 2 > left : "
1134  "info_element->len+2=%zd left=%d, id=%d.\n",
1135  info_element->len +
1136  sizeof(*info_element),
1137  length, info_element->id);
1138  /* We stop processing but don't return an error here
1139  * because some misbehaviour APs break this rule. ie.
1140  * Orinoco AP1000. */
1141  break;
1142  }
1143 
1144  switch (info_element->id) {
1145  case WLAN_EID_SSID:
1146  network->ssid_len = min(info_element->len,
1147  (u8) IW_ESSID_MAX_SIZE);
1148  memcpy(network->ssid, info_element->data,
1149  network->ssid_len);
1150  if (network->ssid_len < IW_ESSID_MAX_SIZE)
1151  memset(network->ssid + network->ssid_len, 0,
1152  IW_ESSID_MAX_SIZE - network->ssid_len);
1153 
1154  LIBIPW_DEBUG_MGMT("WLAN_EID_SSID: '%s' len=%d.\n",
1155  print_ssid(ssid, network->ssid,
1156  network->ssid_len),
1157  network->ssid_len);
1158  break;
1159 
1160  case WLAN_EID_SUPP_RATES:
1161 #ifdef CONFIG_LIBIPW_DEBUG
1162  p = rates_str;
1163 #endif
1164  network->rates_len = min(info_element->len,
1165  MAX_RATES_LENGTH);
1166  for (i = 0; i < network->rates_len; i++) {
1167  network->rates[i] = info_element->data[i];
1168 #ifdef CONFIG_LIBIPW_DEBUG
1169  p += snprintf(p, sizeof(rates_str) -
1170  (p - rates_str), "%02X ",
1171  network->rates[i]);
1172 #endif
1173  if (libipw_is_ofdm_rate
1174  (info_element->data[i])) {
1175  network->flags |= NETWORK_HAS_OFDM;
1176  if (info_element->data[i] &
1177  LIBIPW_BASIC_RATE_MASK)
1178  network->flags &=
1179  ~NETWORK_HAS_CCK;
1180  }
1181  }
1182 
1183  LIBIPW_DEBUG_MGMT("WLAN_EID_SUPP_RATES: '%s' (%d)\n",
1184  rates_str, network->rates_len);
1185  break;
1186 
1187  case WLAN_EID_EXT_SUPP_RATES:
1188 #ifdef CONFIG_LIBIPW_DEBUG
1189  p = rates_str;
1190 #endif
1191  network->rates_ex_len = min(info_element->len,
1192  MAX_RATES_EX_LENGTH);
1193  for (i = 0; i < network->rates_ex_len; i++) {
1194  network->rates_ex[i] = info_element->data[i];
1195 #ifdef CONFIG_LIBIPW_DEBUG
1196  p += snprintf(p, sizeof(rates_str) -
1197  (p - rates_str), "%02X ",
1198  network->rates[i]);
1199 #endif
1200  if (libipw_is_ofdm_rate
1201  (info_element->data[i])) {
1202  network->flags |= NETWORK_HAS_OFDM;
1203  if (info_element->data[i] &
1204  LIBIPW_BASIC_RATE_MASK)
1205  network->flags &=
1206  ~NETWORK_HAS_CCK;
1207  }
1208  }
1209 
1210  LIBIPW_DEBUG_MGMT("WLAN_EID_EXT_SUPP_RATES: '%s' (%d)\n",
1211  rates_str, network->rates_ex_len);
1212  break;
1213 
1214  case WLAN_EID_DS_PARAMS:
1215  LIBIPW_DEBUG_MGMT("WLAN_EID_DS_PARAMS: %d\n",
1216  info_element->data[0]);
1217  network->channel = info_element->data[0];
1218  break;
1219 
1220  case WLAN_EID_FH_PARAMS:
1221  LIBIPW_DEBUG_MGMT("WLAN_EID_FH_PARAMS: ignored\n");
1222  break;
1223 
1224  case WLAN_EID_CF_PARAMS:
1225  LIBIPW_DEBUG_MGMT("WLAN_EID_CF_PARAMS: ignored\n");
1226  break;
1227 
1228  case WLAN_EID_TIM:
1229  network->tim.tim_count = info_element->data[0];
1230  network->tim.tim_period = info_element->data[1];
1231  LIBIPW_DEBUG_MGMT("WLAN_EID_TIM: partially ignored\n");
1232  break;
1233 
1234  case WLAN_EID_ERP_INFO:
1235  network->erp_value = info_element->data[0];
1236  network->flags |= NETWORK_HAS_ERP_VALUE;
1237  LIBIPW_DEBUG_MGMT("MFIE_TYPE_ERP_SET: %d\n",
1238  network->erp_value);
1239  break;
1240 
1241  case WLAN_EID_IBSS_PARAMS:
1242  network->atim_window = info_element->data[0];
1243  LIBIPW_DEBUG_MGMT("WLAN_EID_IBSS_PARAMS: %d\n",
1244  network->atim_window);
1245  break;
1246 
1247  case WLAN_EID_CHALLENGE:
1248  LIBIPW_DEBUG_MGMT("WLAN_EID_CHALLENGE: ignored\n");
1249  break;
1250 
1251  case WLAN_EID_GENERIC:
1252  LIBIPW_DEBUG_MGMT("WLAN_EID_GENERIC: %d bytes\n",
1253  info_element->len);
1254  if (!libipw_parse_qos_info_param_IE(info_element,
1255  network))
1256  break;
1257 
1258  if (info_element->len >= 4 &&
1259  info_element->data[0] == 0x00 &&
1260  info_element->data[1] == 0x50 &&
1261  info_element->data[2] == 0xf2 &&
1262  info_element->data[3] == 0x01) {
1263  network->wpa_ie_len = min(info_element->len + 2,
1264  MAX_WPA_IE_LEN);
1265  memcpy(network->wpa_ie, info_element,
1266  network->wpa_ie_len);
1267  }
1268  break;
1269 
1270  case WLAN_EID_RSN:
1271  LIBIPW_DEBUG_MGMT("WLAN_EID_RSN: %d bytes\n",
1272  info_element->len);
1273  network->rsn_ie_len = min(info_element->len + 2,
1274  MAX_WPA_IE_LEN);
1275  memcpy(network->rsn_ie, info_element,
1276  network->rsn_ie_len);
1277  break;
1278 
1279  case WLAN_EID_QOS_PARAMETER:
1280  printk(KERN_ERR
1281  "QoS Error need to parse QOS_PARAMETER IE\n");
1282  break;
1283  /* 802.11h */
1284  case WLAN_EID_PWR_CONSTRAINT:
1285  network->power_constraint = info_element->data[0];
1286  network->flags |= NETWORK_HAS_POWER_CONSTRAINT;
1287  break;
1288 
1289  case WLAN_EID_CHANNEL_SWITCH:
1290  network->power_constraint = info_element->data[0];
1291  network->flags |= NETWORK_HAS_CSA;
1292  break;
1293 
1294  case WLAN_EID_QUIET:
1295  network->quiet.count = info_element->data[0];
1296  network->quiet.period = info_element->data[1];
1297  network->quiet.duration = info_element->data[2];
1298  network->quiet.offset = info_element->data[3];
1299  network->flags |= NETWORK_HAS_QUIET;
1300  break;
1301 
1302  case WLAN_EID_IBSS_DFS:
1303  if (network->ibss_dfs)
1304  break;
1305  network->ibss_dfs = kmemdup(info_element->data,
1306  info_element->len,
1307  GFP_ATOMIC);
1308  if (!network->ibss_dfs)
1309  return 1;
1310  network->flags |= NETWORK_HAS_IBSS_DFS;
1311  break;
1312 
1313  case WLAN_EID_TPC_REPORT:
1314  network->tpc_report.transmit_power =
1315  info_element->data[0];
1316  network->tpc_report.link_margin = info_element->data[1];
1317  network->flags |= NETWORK_HAS_TPC_REPORT;
1318  break;
1319 
1320  default:
1321  LIBIPW_DEBUG_MGMT
1322  ("Unsupported info element: %s (%d)\n",
1323  get_info_element_string(info_element->id),
1324  info_element->id);
1325  break;
1326  }
1327 
1328  length -= sizeof(*info_element) + info_element->len;
1329  info_element =
1330  (struct libipw_info_element *)&info_element->
1331  data[info_element->len];
1332  }
1333 
1334  return 0;
1335 }
1336 
1337 static int libipw_handle_assoc_resp(struct libipw_device *ieee, struct libipw_assoc_response
1338  *frame, struct libipw_rx_stats *stats)
1339 {
1340  struct libipw_network network_resp = {
1341  .ibss_dfs = NULL,
1342  };
1343  struct libipw_network *network = &network_resp;
1344  struct net_device *dev = ieee->dev;
1345 
1346  network->flags = 0;
1347  network->qos_data.active = 0;
1348  network->qos_data.supported = 0;
1349  network->qos_data.param_count = 0;
1350  network->qos_data.old_param_count = 0;
1351 
1352  //network->atim_window = le16_to_cpu(frame->aid) & (0x3FFF);
1353  network->atim_window = le16_to_cpu(frame->aid);
1354  network->listen_interval = le16_to_cpu(frame->status);
1355  memcpy(network->bssid, frame->header.addr3, ETH_ALEN);
1356  network->capability = le16_to_cpu(frame->capability);
1357  network->last_scanned = jiffies;
1358  network->rates_len = network->rates_ex_len = 0;
1359  network->last_associate = 0;
1360  network->ssid_len = 0;
1361  network->erp_value =
1362  (network->capability & WLAN_CAPABILITY_IBSS) ? 0x3 : 0x0;
1363 
1364  if (stats->freq == LIBIPW_52GHZ_BAND) {
1365  /* for A band (No DS info) */
1366  network->channel = stats->received_channel;
1367  } else
1368  network->flags |= NETWORK_HAS_CCK;
1369 
1370  network->wpa_ie_len = 0;
1371  network->rsn_ie_len = 0;
1372 
1373  if (libipw_parse_info_param
1374  (frame->info_element, stats->len - sizeof(*frame), network))
1375  return 1;
1376 
1377  network->mode = 0;
1378  if (stats->freq == LIBIPW_52GHZ_BAND)
1379  network->mode = IEEE_A;
1380  else {
1381  if (network->flags & NETWORK_HAS_OFDM)
1382  network->mode |= IEEE_G;
1383  if (network->flags & NETWORK_HAS_CCK)
1384  network->mode |= IEEE_B;
1385  }
1386 
1387  memcpy(&network->stats, stats, sizeof(network->stats));
1388 
1389  if (ieee->handle_assoc_response != NULL)
1390  ieee->handle_assoc_response(dev, frame, network);
1391 
1392  return 0;
1393 }
1394 
1395 /***************************************************/
1396 
1397 static int libipw_network_init(struct libipw_device *ieee, struct libipw_probe_response
1398  *beacon,
1399  struct libipw_network *network,
1400  struct libipw_rx_stats *stats)
1401 {
1402  DECLARE_SSID_BUF(ssid);
1403 
1404  network->qos_data.active = 0;
1405  network->qos_data.supported = 0;
1406  network->qos_data.param_count = 0;
1407  network->qos_data.old_param_count = 0;
1408 
1409  /* Pull out fixed field data */
1410  memcpy(network->bssid, beacon->header.addr3, ETH_ALEN);
1411  network->capability = le16_to_cpu(beacon->capability);
1412  network->last_scanned = jiffies;
1413  network->time_stamp[0] = le32_to_cpu(beacon->time_stamp[0]);
1414  network->time_stamp[1] = le32_to_cpu(beacon->time_stamp[1]);
1415  network->beacon_interval = le16_to_cpu(beacon->beacon_interval);
1416  /* Where to pull this? beacon->listen_interval; */
1417  network->listen_interval = 0x0A;
1418  network->rates_len = network->rates_ex_len = 0;
1419  network->last_associate = 0;
1420  network->ssid_len = 0;
1421  network->flags = 0;
1422  network->atim_window = 0;
1423  network->erp_value = (network->capability & WLAN_CAPABILITY_IBSS) ?
1424  0x3 : 0x0;
1425 
1426  if (stats->freq == LIBIPW_52GHZ_BAND) {
1427  /* for A band (No DS info) */
1428  network->channel = stats->received_channel;
1429  } else
1430  network->flags |= NETWORK_HAS_CCK;
1431 
1432  network->wpa_ie_len = 0;
1433  network->rsn_ie_len = 0;
1434 
1435  if (libipw_parse_info_param
1436  (beacon->info_element, stats->len - sizeof(*beacon), network))
1437  return 1;
1438 
1439  network->mode = 0;
1440  if (stats->freq == LIBIPW_52GHZ_BAND)
1441  network->mode = IEEE_A;
1442  else {
1443  if (network->flags & NETWORK_HAS_OFDM)
1444  network->mode |= IEEE_G;
1445  if (network->flags & NETWORK_HAS_CCK)
1446  network->mode |= IEEE_B;
1447  }
1448 
1449  if (network->mode == 0) {
1450  LIBIPW_DEBUG_SCAN("Filtered out '%s (%pM)' "
1451  "network.\n",
1452  print_ssid(ssid, network->ssid,
1453  network->ssid_len),
1454  network->bssid);
1455  return 1;
1456  }
1457 
1458  memcpy(&network->stats, stats, sizeof(network->stats));
1459 
1460  return 0;
1461 }
1462 
1463 static inline int is_same_network(struct libipw_network *src,
1464  struct libipw_network *dst)
1465 {
1466  /* A network is only a duplicate if the channel, BSSID, and ESSID
1467  * all match. We treat all <hidden> with the same BSSID and channel
1468  * as one network */
1469  return ((src->ssid_len == dst->ssid_len) &&
1470  (src->channel == dst->channel) &&
1471  ether_addr_equal(src->bssid, dst->bssid) &&
1472  !memcmp(src->ssid, dst->ssid, src->ssid_len));
1473 }
1474 
1475 static void update_network(struct libipw_network *dst,
1476  struct libipw_network *src)
1477 {
1478  int qos_active;
1479  u8 old_param;
1480 
1481  libipw_network_reset(dst);
1482  dst->ibss_dfs = src->ibss_dfs;
1483 
1484  /* We only update the statistics if they were created by receiving
1485  * the network information on the actual channel the network is on.
1486  *
1487  * This keeps beacons received on neighbor channels from bringing
1488  * down the signal level of an AP. */
1489  if (dst->channel == src->stats.received_channel)
1490  memcpy(&dst->stats, &src->stats,
1491  sizeof(struct libipw_rx_stats));
1492  else
1493  LIBIPW_DEBUG_SCAN("Network %pM info received "
1494  "off channel (%d vs. %d)\n", src->bssid,
1495  dst->channel, src->stats.received_channel);
1496 
1497  dst->capability = src->capability;
1498  memcpy(dst->rates, src->rates, src->rates_len);
1499  dst->rates_len = src->rates_len;
1500  memcpy(dst->rates_ex, src->rates_ex, src->rates_ex_len);
1501  dst->rates_ex_len = src->rates_ex_len;
1502 
1503  dst->mode = src->mode;
1504  dst->flags = src->flags;
1505  dst->time_stamp[0] = src->time_stamp[0];
1506  dst->time_stamp[1] = src->time_stamp[1];
1507 
1508  dst->beacon_interval = src->beacon_interval;
1509  dst->listen_interval = src->listen_interval;
1510  dst->atim_window = src->atim_window;
1511  dst->erp_value = src->erp_value;
1512  dst->tim = src->tim;
1513 
1514  memcpy(dst->wpa_ie, src->wpa_ie, src->wpa_ie_len);
1515  dst->wpa_ie_len = src->wpa_ie_len;
1516  memcpy(dst->rsn_ie, src->rsn_ie, src->rsn_ie_len);
1517  dst->rsn_ie_len = src->rsn_ie_len;
1518 
1519  dst->last_scanned = jiffies;
1520  qos_active = src->qos_data.active;
1521  old_param = dst->qos_data.old_param_count;
1522  if (dst->flags & NETWORK_HAS_QOS_MASK)
1523  memcpy(&dst->qos_data, &src->qos_data,
1524  sizeof(struct libipw_qos_data));
1525  else {
1526  dst->qos_data.supported = src->qos_data.supported;
1527  dst->qos_data.param_count = src->qos_data.param_count;
1528  }
1529 
1530  if (dst->qos_data.supported == 1) {
1531  if (dst->ssid_len)
1532  LIBIPW_DEBUG_QOS
1533  ("QoS the network %s is QoS supported\n",
1534  dst->ssid);
1535  else
1536  LIBIPW_DEBUG_QOS
1537  ("QoS the network is QoS supported\n");
1538  }
1539  dst->qos_data.active = qos_active;
1540  dst->qos_data.old_param_count = old_param;
1541 
1542  /* dst->last_associate is not overwritten */
1543 }
1544 
1545 static inline int is_beacon(__le16 fc)
1546 {
1547  return (WLAN_FC_GET_STYPE(le16_to_cpu(fc)) == IEEE80211_STYPE_BEACON);
1548 }
1549 
1550 static void libipw_process_probe_response(struct libipw_device
1551  *ieee, struct
1552  libipw_probe_response
1553  *beacon, struct libipw_rx_stats
1554  *stats)
1555 {
1556  struct net_device *dev = ieee->dev;
1557  struct libipw_network network = {
1558  .ibss_dfs = NULL,
1559  };
1560  struct libipw_network *target;
1561  struct libipw_network *oldest = NULL;
1562 #ifdef CONFIG_LIBIPW_DEBUG
1563  struct libipw_info_element *info_element = beacon->info_element;
1564 #endif
1565  unsigned long flags;
1566  DECLARE_SSID_BUF(ssid);
1567 
1568  LIBIPW_DEBUG_SCAN("'%s' (%pM"
1569  "): %c%c%c%c %c%c%c%c-%c%c%c%c %c%c%c%c\n",
1570  print_ssid(ssid, info_element->data, info_element->len),
1571  beacon->header.addr3,
1572  (beacon->capability & cpu_to_le16(1 << 0xf)) ? '1' : '0',
1573  (beacon->capability & cpu_to_le16(1 << 0xe)) ? '1' : '0',
1574  (beacon->capability & cpu_to_le16(1 << 0xd)) ? '1' : '0',
1575  (beacon->capability & cpu_to_le16(1 << 0xc)) ? '1' : '0',
1576  (beacon->capability & cpu_to_le16(1 << 0xb)) ? '1' : '0',
1577  (beacon->capability & cpu_to_le16(1 << 0xa)) ? '1' : '0',
1578  (beacon->capability & cpu_to_le16(1 << 0x9)) ? '1' : '0',
1579  (beacon->capability & cpu_to_le16(1 << 0x8)) ? '1' : '0',
1580  (beacon->capability & cpu_to_le16(1 << 0x7)) ? '1' : '0',
1581  (beacon->capability & cpu_to_le16(1 << 0x6)) ? '1' : '0',
1582  (beacon->capability & cpu_to_le16(1 << 0x5)) ? '1' : '0',
1583  (beacon->capability & cpu_to_le16(1 << 0x4)) ? '1' : '0',
1584  (beacon->capability & cpu_to_le16(1 << 0x3)) ? '1' : '0',
1585  (beacon->capability & cpu_to_le16(1 << 0x2)) ? '1' : '0',
1586  (beacon->capability & cpu_to_le16(1 << 0x1)) ? '1' : '0',
1587  (beacon->capability & cpu_to_le16(1 << 0x0)) ? '1' : '0');
1588 
1589  if (libipw_network_init(ieee, beacon, &network, stats)) {
1590  LIBIPW_DEBUG_SCAN("Dropped '%s' (%pM) via %s.\n",
1591  print_ssid(ssid, info_element->data,
1592  info_element->len),
1593  beacon->header.addr3,
1594  is_beacon(beacon->header.frame_ctl) ?
1595  "BEACON" : "PROBE RESPONSE");
1596  return;
1597  }
1598 
1599  /* The network parsed correctly -- so now we scan our known networks
1600  * to see if we can find it in our list.
1601  *
1602  * NOTE: This search is definitely not optimized. Once its doing
1603  * the "right thing" we'll optimize it for efficiency if
1604  * necessary */
1605 
1606  /* Search for this entry in the list and update it if it is
1607  * already there. */
1608 
1609  spin_lock_irqsave(&ieee->lock, flags);
1610 
1611  list_for_each_entry(target, &ieee->network_list, list) {
1612  if (is_same_network(target, &network))
1613  break;
1614 
1615  if ((oldest == NULL) ||
1616  time_before(target->last_scanned, oldest->last_scanned))
1617  oldest = target;
1618  }
1619 
1620  /* If we didn't find a match, then get a new network slot to initialize
1621  * with this beacon's information */
1622  if (&target->list == &ieee->network_list) {
1623  if (list_empty(&ieee->network_free_list)) {
1624  /* If there are no more slots, expire the oldest */
1625  list_del(&oldest->list);
1626  target = oldest;
1627  LIBIPW_DEBUG_SCAN("Expired '%s' (%pM) from "
1628  "network list.\n",
1629  print_ssid(ssid, target->ssid,
1630  target->ssid_len),
1631  target->bssid);
1632  libipw_network_reset(target);
1633  } else {
1634  /* Otherwise just pull from the free list */
1635  target = list_entry(ieee->network_free_list.next,
1636  struct libipw_network, list);
1637  list_del(ieee->network_free_list.next);
1638  }
1639 
1640 #ifdef CONFIG_LIBIPW_DEBUG
1641  LIBIPW_DEBUG_SCAN("Adding '%s' (%pM) via %s.\n",
1642  print_ssid(ssid, network.ssid,
1643  network.ssid_len),
1644  network.bssid,
1645  is_beacon(beacon->header.frame_ctl) ?
1646  "BEACON" : "PROBE RESPONSE");
1647 #endif
1648  memcpy(target, &network, sizeof(*target));
1649  network.ibss_dfs = NULL;
1650  list_add_tail(&target->list, &ieee->network_list);
1651  } else {
1652  LIBIPW_DEBUG_SCAN("Updating '%s' (%pM) via %s.\n",
1653  print_ssid(ssid, target->ssid,
1654  target->ssid_len),
1655  target->bssid,
1656  is_beacon(beacon->header.frame_ctl) ?
1657  "BEACON" : "PROBE RESPONSE");
1658  update_network(target, &network);
1659  network.ibss_dfs = NULL;
1660  }
1661 
1662  spin_unlock_irqrestore(&ieee->lock, flags);
1663 
1664  if (is_beacon(beacon->header.frame_ctl)) {
1665  if (ieee->handle_beacon != NULL)
1666  ieee->handle_beacon(dev, beacon, target);
1667  } else {
1668  if (ieee->handle_probe_response != NULL)
1669  ieee->handle_probe_response(dev, beacon, target);
1670  }
1671 }
1672 
1673 void libipw_rx_mgt(struct libipw_device *ieee,
1674  struct libipw_hdr_4addr *header,
1675  struct libipw_rx_stats *stats)
1676 {
1677  switch (WLAN_FC_GET_STYPE(le16_to_cpu(header->frame_ctl))) {
1678  case IEEE80211_STYPE_ASSOC_RESP:
1679  LIBIPW_DEBUG_MGMT("received ASSOCIATION RESPONSE (%d)\n",
1680  WLAN_FC_GET_STYPE(le16_to_cpu
1681  (header->frame_ctl)));
1682  libipw_handle_assoc_resp(ieee,
1683  (struct libipw_assoc_response *)
1684  header, stats);
1685  break;
1686 
1687  case IEEE80211_STYPE_REASSOC_RESP:
1688  LIBIPW_DEBUG_MGMT("received REASSOCIATION RESPONSE (%d)\n",
1689  WLAN_FC_GET_STYPE(le16_to_cpu
1690  (header->frame_ctl)));
1691  break;
1692 
1693  case IEEE80211_STYPE_PROBE_REQ:
1694  LIBIPW_DEBUG_MGMT("received auth (%d)\n",
1695  WLAN_FC_GET_STYPE(le16_to_cpu
1696  (header->frame_ctl)));
1697 
1698  if (ieee->handle_probe_request != NULL)
1699  ieee->handle_probe_request(ieee->dev,
1700  (struct
1701  libipw_probe_request *)
1702  header, stats);
1703  break;
1704 
1705  case IEEE80211_STYPE_PROBE_RESP:
1706  LIBIPW_DEBUG_MGMT("received PROBE RESPONSE (%d)\n",
1707  WLAN_FC_GET_STYPE(le16_to_cpu
1708  (header->frame_ctl)));
1709  LIBIPW_DEBUG_SCAN("Probe response\n");
1710  libipw_process_probe_response(ieee,
1711  (struct
1712  libipw_probe_response *)
1713  header, stats);
1714  break;
1715 
1716  case IEEE80211_STYPE_BEACON:
1717  LIBIPW_DEBUG_MGMT("received BEACON (%d)\n",
1718  WLAN_FC_GET_STYPE(le16_to_cpu
1719  (header->frame_ctl)));
1720  LIBIPW_DEBUG_SCAN("Beacon\n");
1721  libipw_process_probe_response(ieee,
1722  (struct
1723  libipw_probe_response *)
1724  header, stats);
1725  break;
1726  case IEEE80211_STYPE_AUTH:
1727 
1728  LIBIPW_DEBUG_MGMT("received auth (%d)\n",
1729  WLAN_FC_GET_STYPE(le16_to_cpu
1730  (header->frame_ctl)));
1731 
1732  if (ieee->handle_auth != NULL)
1733  ieee->handle_auth(ieee->dev,
1734  (struct libipw_auth *)header);
1735  break;
1736 
1737  case IEEE80211_STYPE_DISASSOC:
1738  if (ieee->handle_disassoc != NULL)
1739  ieee->handle_disassoc(ieee->dev,
1740  (struct libipw_disassoc *)
1741  header);
1742  break;
1743 
1744  case IEEE80211_STYPE_ACTION:
1745  LIBIPW_DEBUG_MGMT("ACTION\n");
1746  if (ieee->handle_action)
1747  ieee->handle_action(ieee->dev,
1748  (struct libipw_action *)
1749  header, stats);
1750  break;
1751 
1752  case IEEE80211_STYPE_REASSOC_REQ:
1753  LIBIPW_DEBUG_MGMT("received reassoc (%d)\n",
1754  WLAN_FC_GET_STYPE(le16_to_cpu
1755  (header->frame_ctl)));
1756 
1757  LIBIPW_DEBUG_MGMT("%s: LIBIPW_REASSOC_REQ received\n",
1758  ieee->dev->name);
1759  if (ieee->handle_reassoc_request != NULL)
1760  ieee->handle_reassoc_request(ieee->dev,
1761  (struct libipw_reassoc_request *)
1762  header);
1763  break;
1764 
1765  case IEEE80211_STYPE_ASSOC_REQ:
1766  LIBIPW_DEBUG_MGMT("received assoc (%d)\n",
1767  WLAN_FC_GET_STYPE(le16_to_cpu
1768  (header->frame_ctl)));
1769 
1770  LIBIPW_DEBUG_MGMT("%s: LIBIPW_ASSOC_REQ received\n",
1771  ieee->dev->name);
1772  if (ieee->handle_assoc_request != NULL)
1773  ieee->handle_assoc_request(ieee->dev);
1774  break;
1775 
1776  case IEEE80211_STYPE_DEAUTH:
1777  LIBIPW_DEBUG_MGMT("DEAUTH\n");
1778  if (ieee->handle_deauth != NULL)
1779  ieee->handle_deauth(ieee->dev,
1780  (struct libipw_deauth *)
1781  header);
1782  break;
1783  default:
1784  LIBIPW_DEBUG_MGMT("received UNKNOWN (%d)\n",
1785  WLAN_FC_GET_STYPE(le16_to_cpu
1786  (header->frame_ctl)));
1787  LIBIPW_DEBUG_MGMT("%s: Unknown management packet: %d\n",
1788  ieee->dev->name,
1789  WLAN_FC_GET_STYPE(le16_to_cpu
1790  (header->frame_ctl)));
1791  break;
1792  }
1793 }
1794 
1795 EXPORT_SYMBOL_GPL(libipw_rx_any);
1796 EXPORT_SYMBOL(libipw_rx_mgt);
1797 EXPORT_SYMBOL(libipw_rx);
Generated on Thu Jan 10 2013 14:11:25 for Linux Kernel by   doxygen 1.8.2