Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
tx.c
Go to the documentation of this file.
1 /*
2  * Copyright 2002-2005, Instant802 Networks, Inc.
3  * Copyright 2005-2006, Devicescape Software, Inc.
4  * Copyright 2006-2007 Jiri Benc <[email protected]>
5  * Copyright 2007 Johannes Berg <[email protected]>
6  *
7  * This program is free software; you can redistribute it and/or modify
8  * it under the terms of the GNU General Public License version 2 as
9  * published by the Free Software Foundation.
10  *
11  *
12  * Transmit and frame generation functions.
13  */
14 
15 #include <linux/kernel.h>
16 #include <linux/slab.h>
17 #include <linux/skbuff.h>
18 #include <linux/etherdevice.h>
19 #include <linux/bitmap.h>
20 #include <linux/rcupdate.h>
21 #include <linux/export.h>
22 #include <net/net_namespace.h>
23 #include <net/ieee80211_radiotap.h>
24 #include <net/cfg80211.h>
25 #include <net/mac80211.h>
26 #include <asm/unaligned.h>
27 
28 #include "ieee80211_i.h"
29 #include "driver-ops.h"
30 #include "led.h"
31 #include "mesh.h"
32 #include "wep.h"
33 #include "wpa.h"
34 #include "wme.h"
35 #include "rate.h"
36 
37 /* misc utils */
38 
39 static __le16 ieee80211_duration(struct ieee80211_tx_data *tx,
40  struct sk_buff *skb, int group_addr,
41  int next_frag_len)
42 {
43  int rate, mrate, erp, dur, i;
44  struct ieee80211_rate *txrate;
45  struct ieee80211_local *local = tx->local;
46  struct ieee80211_supported_band *sband;
47  struct ieee80211_hdr *hdr;
48  struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
49 
50  /* assume HW handles this */
51  if (info->control.rates[0].flags & IEEE80211_TX_RC_MCS)
52  return 0;
53 
54  /* uh huh? */
55  if (WARN_ON_ONCE(info->control.rates[0].idx < 0))
56  return 0;
57 
58  sband = local->hw.wiphy->bands[info->band];
59  txrate = &sband->bitrates[info->control.rates[0].idx];
60 
61  erp = txrate->flags & IEEE80211_RATE_ERP_G;
62 
63  /*
64  * data and mgmt (except PS Poll):
65  * - during CFP: 32768
66  * - during contention period:
67  * if addr1 is group address: 0
68  * if more fragments = 0 and addr1 is individual address: time to
69  * transmit one ACK plus SIFS
70  * if more fragments = 1 and addr1 is individual address: time to
71  * transmit next fragment plus 2 x ACK plus 3 x SIFS
72  *
73  * IEEE 802.11, 9.6:
74  * - control response frame (CTS or ACK) shall be transmitted using the
75  * same rate as the immediately previous frame in the frame exchange
76  * sequence, if this rate belongs to the PHY mandatory rates, or else
77  * at the highest possible rate belonging to the PHY rates in the
78  * BSSBasicRateSet
79  */
80  hdr = (struct ieee80211_hdr *)skb->data;
81  if (ieee80211_is_ctl(hdr->frame_control)) {
82  /* TODO: These control frames are not currently sent by
83  * mac80211, but should they be implemented, this function
84  * needs to be updated to support duration field calculation.
85  *
86  * RTS: time needed to transmit pending data/mgmt frame plus
87  * one CTS frame plus one ACK frame plus 3 x SIFS
88  * CTS: duration of immediately previous RTS minus time
89  * required to transmit CTS and its SIFS
90  * ACK: 0 if immediately previous directed data/mgmt had
91  * more=0, with more=1 duration in ACK frame is duration
92  * from previous frame minus time needed to transmit ACK
93  * and its SIFS
94  * PS Poll: BIT(15) | BIT(14) | aid
95  */
96  return 0;
97  }
98 
99  /* data/mgmt */
100  if (0 /* FIX: data/mgmt during CFP */)
101  return cpu_to_le16(32768);
102 
103  if (group_addr) /* Group address as the destination - no ACK */
104  return 0;
105 
106  /* Individual destination address:
107  * IEEE 802.11, Ch. 9.6 (after IEEE 802.11g changes)
108  * CTS and ACK frames shall be transmitted using the highest rate in
109  * basic rate set that is less than or equal to the rate of the
110  * immediately previous frame and that is using the same modulation
111  * (CCK or OFDM). If no basic rate set matches with these requirements,
112  * the highest mandatory rate of the PHY that is less than or equal to
113  * the rate of the previous frame is used.
114  * Mandatory rates for IEEE 802.11g PHY: 1, 2, 5.5, 11, 6, 12, 24 Mbps
115  */
116  rate = -1;
117  /* use lowest available if everything fails */
118  mrate = sband->bitrates[0].bitrate;
119  for (i = 0; i < sband->n_bitrates; i++) {
120  struct ieee80211_rate *r = &sband->bitrates[i];
121 
122  if (r->bitrate > txrate->bitrate)
123  break;
124 
125  if (tx->sdata->vif.bss_conf.basic_rates & BIT(i))
126  rate = r->bitrate;
127 
128  switch (sband->band) {
129  case IEEE80211_BAND_2GHZ: {
130  u32 flag;
131  if (tx->sdata->flags & IEEE80211_SDATA_OPERATING_GMODE)
132  flag = IEEE80211_RATE_MANDATORY_G;
133  else
134  flag = IEEE80211_RATE_MANDATORY_B;
135  if (r->flags & flag)
136  mrate = r->bitrate;
137  break;
138  }
139  case IEEE80211_BAND_5GHZ:
140  if (r->flags & IEEE80211_RATE_MANDATORY_A)
141  mrate = r->bitrate;
142  break;
143  case IEEE80211_BAND_60GHZ:
144  /* TODO, for now fall through */
145  case IEEE80211_NUM_BANDS:
146  WARN_ON(1);
147  break;
148  }
149  }
150  if (rate == -1) {
151  /* No matching basic rate found; use highest suitable mandatory
152  * PHY rate */
153  rate = mrate;
154  }
155 
156  /* Don't calculate ACKs for QoS Frames with NoAck Policy set */
157  if (ieee80211_is_data_qos(hdr->frame_control) &&
158  *(ieee80211_get_qos_ctl(hdr)) & IEEE80211_QOS_CTL_ACK_POLICY_NOACK)
159  dur = 0;
160  else
161  /* Time needed to transmit ACK
162  * (10 bytes + 4-byte FCS = 112 bits) plus SIFS; rounded up
163  * to closest integer */
164  dur = ieee80211_frame_duration(sband->band, 10, rate, erp,
165  tx->sdata->vif.bss_conf.use_short_preamble);
166 
167  if (next_frag_len) {
168  /* Frame is fragmented: duration increases with time needed to
169  * transmit next fragment plus ACK and 2 x SIFS. */
170  dur *= 2; /* ACK + SIFS */
171  /* next fragment */
172  dur += ieee80211_frame_duration(sband->band, next_frag_len,
173  txrate->bitrate, erp,
174  tx->sdata->vif.bss_conf.use_short_preamble);
175  }
176 
177  return cpu_to_le16(dur);
178 }
179 
180 /* tx handlers */
181 static ieee80211_tx_result debug_noinline
182 ieee80211_tx_h_dynamic_ps(struct ieee80211_tx_data *tx)
183 {
184  struct ieee80211_local *local = tx->local;
185  struct ieee80211_if_managed *ifmgd;
186 
187  /* driver doesn't support power save */
188  if (!(local->hw.flags & IEEE80211_HW_SUPPORTS_PS))
189  return TX_CONTINUE;
190 
191  /* hardware does dynamic power save */
192  if (local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_PS)
193  return TX_CONTINUE;
194 
195  /* dynamic power save disabled */
196  if (local->hw.conf.dynamic_ps_timeout <= 0)
197  return TX_CONTINUE;
198 
199  /* we are scanning, don't enable power save */
200  if (local->scanning)
201  return TX_CONTINUE;
202 
203  if (!local->ps_sdata)
204  return TX_CONTINUE;
205 
206  /* No point if we're going to suspend */
207  if (local->quiescing)
208  return TX_CONTINUE;
209 
210  /* dynamic ps is supported only in managed mode */
211  if (tx->sdata->vif.type != NL80211_IFTYPE_STATION)
212  return TX_CONTINUE;
213 
214  ifmgd = &tx->sdata->u.mgd;
215 
216  /*
217  * Don't wakeup from power save if u-apsd is enabled, voip ac has
218  * u-apsd enabled and the frame is in voip class. This effectively
219  * means that even if all access categories have u-apsd enabled, in
220  * practise u-apsd is only used with the voip ac. This is a
221  * workaround for the case when received voip class packets do not
222  * have correct qos tag for some reason, due the network or the
223  * peer application.
224  *
225  * Note: ifmgd->uapsd_queues access is racy here. If the value is
226  * changed via debugfs, user needs to reassociate manually to have
227  * everything in sync.
228  */
229  if ((ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED) &&
230  (ifmgd->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO) &&
231  skb_get_queue_mapping(tx->skb) == IEEE80211_AC_VO)
232  return TX_CONTINUE;
233 
234  if (local->hw.conf.flags & IEEE80211_CONF_PS) {
235  ieee80211_stop_queues_by_reason(&local->hw,
236  IEEE80211_QUEUE_STOP_REASON_PS);
237  ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED;
238  ieee80211_queue_work(&local->hw,
239  &local->dynamic_ps_disable_work);
240  }
241 
242  /* Don't restart the timer if we're not disassociated */
243  if (!ifmgd->associated)
244  return TX_CONTINUE;
245 
246  mod_timer(&local->dynamic_ps_timer, jiffies +
247  msecs_to_jiffies(local->hw.conf.dynamic_ps_timeout));
248 
249  return TX_CONTINUE;
250 }
251 
252 static ieee80211_tx_result debug_noinline
253 ieee80211_tx_h_check_assoc(struct ieee80211_tx_data *tx)
254 {
255 
256  struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
257  struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
258  bool assoc = false;
259 
260  if (unlikely(info->flags & IEEE80211_TX_CTL_INJECTED))
261  return TX_CONTINUE;
262 
263  if (unlikely(test_bit(SCAN_SW_SCANNING, &tx->local->scanning)) &&
264  test_bit(SDATA_STATE_OFFCHANNEL, &tx->sdata->state) &&
265  !ieee80211_is_probe_req(hdr->frame_control) &&
266  !ieee80211_is_nullfunc(hdr->frame_control))
267  /*
268  * When software scanning only nullfunc frames (to notify
269  * the sleep state to the AP) and probe requests (for the
270  * active scan) are allowed, all other frames should not be
271  * sent and we should not get here, but if we do
272  * nonetheless, drop them to avoid sending them
273  * off-channel. See the link below and
274  * ieee80211_start_scan() for more.
275  *
276  * http://article.gmane.org/gmane.linux.kernel.wireless.general/30089
277  */
278  return TX_DROP;
279 
280  if (tx->sdata->vif.type == NL80211_IFTYPE_WDS)
281  return TX_CONTINUE;
282 
283  if (tx->sdata->vif.type == NL80211_IFTYPE_MESH_POINT)
284  return TX_CONTINUE;
285 
286  if (tx->flags & IEEE80211_TX_PS_BUFFERED)
287  return TX_CONTINUE;
288 
289  if (tx->sta)
290  assoc = test_sta_flag(tx->sta, WLAN_STA_ASSOC);
291 
292  if (likely(tx->flags & IEEE80211_TX_UNICAST)) {
293  if (unlikely(!assoc &&
294  ieee80211_is_data(hdr->frame_control))) {
295 #ifdef CONFIG_MAC80211_VERBOSE_DEBUG
296  sdata_info(tx->sdata,
297  "dropped data frame to not associated station %pM\n",
298  hdr->addr1);
299 #endif
300  I802_DEBUG_INC(tx->local->tx_handlers_drop_not_assoc);
301  return TX_DROP;
302  }
303  } else if (unlikely(tx->sdata->vif.type == NL80211_IFTYPE_AP &&
304  ieee80211_is_data(hdr->frame_control) &&
305  !atomic_read(&tx->sdata->u.ap.num_mcast_sta))) {
306  /*
307  * No associated STAs - no need to send multicast
308  * frames.
309  */
310  return TX_DROP;
311  }
312 
313  return TX_CONTINUE;
314 }
315 
316 /* This function is called whenever the AP is about to exceed the maximum limit
317  * of buffered frames for power saving STAs. This situation should not really
318  * happen often during normal operation, so dropping the oldest buffered packet
319  * from each queue should be OK to make some room for new frames. */
320 static void purge_old_ps_buffers(struct ieee80211_local *local)
321 {
322  int total = 0, purged = 0;
323  struct sk_buff *skb;
324  struct ieee80211_sub_if_data *sdata;
325  struct sta_info *sta;
326 
327  /*
328  * virtual interfaces are protected by RCU
329  */
330  rcu_read_lock();
331 
332  list_for_each_entry_rcu(sdata, &local->interfaces, list) {
333  struct ieee80211_if_ap *ap;
334  if (sdata->vif.type != NL80211_IFTYPE_AP)
335  continue;
336  ap = &sdata->u.ap;
337  skb = skb_dequeue(&ap->ps_bc_buf);
338  if (skb) {
339  purged++;
340  dev_kfree_skb(skb);
341  }
342  total += skb_queue_len(&ap->ps_bc_buf);
343  }
344 
345  /*
346  * Drop one frame from each station from the lowest-priority
347  * AC that has frames at all.
348  */
349  list_for_each_entry_rcu(sta, &local->sta_list, list) {
350  int ac;
351 
352  for (ac = IEEE80211_AC_BK; ac >= IEEE80211_AC_VO; ac--) {
353  skb = skb_dequeue(&sta->ps_tx_buf[ac]);
354  total += skb_queue_len(&sta->ps_tx_buf[ac]);
355  if (skb) {
356  purged++;
357  ieee80211_free_txskb(&local->hw, skb);
358  break;
359  }
360  }
361  }
362 
363  rcu_read_unlock();
364 
365  local->total_ps_buffered = total;
366  ps_dbg_hw(&local->hw, "PS buffers full - purged %d frames\n", purged);
367 }
368 
369 static ieee80211_tx_result
370 ieee80211_tx_h_multicast_ps_buf(struct ieee80211_tx_data *tx)
371 {
372  struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
373  struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
374 
375  /*
376  * broadcast/multicast frame
377  *
378  * If any of the associated stations is in power save mode,
379  * the frame is buffered to be sent after DTIM beacon frame.
380  * This is done either by the hardware or us.
381  */
382 
383  /* powersaving STAs only in AP/VLAN mode */
384  if (!tx->sdata->bss)
385  return TX_CONTINUE;
386 
387  /* no buffering for ordered frames */
388  if (ieee80211_has_order(hdr->frame_control))
389  return TX_CONTINUE;
390 
391  /* no stations in PS mode */
392  if (!atomic_read(&tx->sdata->bss->num_sta_ps))
393  return TX_CONTINUE;
394 
395  info->flags |= IEEE80211_TX_CTL_SEND_AFTER_DTIM;
396  if (tx->local->hw.flags & IEEE80211_HW_QUEUE_CONTROL)
397  info->hw_queue = tx->sdata->vif.cab_queue;
398 
399  /* device releases frame after DTIM beacon */
400  if (!(tx->local->hw.flags & IEEE80211_HW_HOST_BROADCAST_PS_BUFFERING))
401  return TX_CONTINUE;
402 
403  /* buffered in mac80211 */
404  if (tx->local->total_ps_buffered >= TOTAL_MAX_TX_BUFFER)
405  purge_old_ps_buffers(tx->local);
406 
407  if (skb_queue_len(&tx->sdata->bss->ps_bc_buf) >= AP_MAX_BC_BUFFER) {
408  ps_dbg(tx->sdata,
409  "BC TX buffer full - dropping the oldest frame\n");
410  dev_kfree_skb(skb_dequeue(&tx->sdata->bss->ps_bc_buf));
411  } else
412  tx->local->total_ps_buffered++;
413 
414  skb_queue_tail(&tx->sdata->bss->ps_bc_buf, tx->skb);
415 
416  return TX_QUEUED;
417 }
418 
419 static int ieee80211_use_mfp(__le16 fc, struct sta_info *sta,
420  struct sk_buff *skb)
421 {
422  if (!ieee80211_is_mgmt(fc))
423  return 0;
424 
425  if (sta == NULL || !test_sta_flag(sta, WLAN_STA_MFP))
426  return 0;
427 
428  if (!ieee80211_is_robust_mgmt_frame((struct ieee80211_hdr *)
429  skb->data))
430  return 0;
431 
432  return 1;
433 }
434 
435 static ieee80211_tx_result
436 ieee80211_tx_h_unicast_ps_buf(struct ieee80211_tx_data *tx)
437 {
438  struct sta_info *sta = tx->sta;
439  struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
440  struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
441  struct ieee80211_local *local = tx->local;
442 
443  if (unlikely(!sta))
444  return TX_CONTINUE;
445 
446  if (unlikely((test_sta_flag(sta, WLAN_STA_PS_STA) ||
447  test_sta_flag(sta, WLAN_STA_PS_DRIVER)) &&
448  !(info->flags & IEEE80211_TX_CTL_NO_PS_BUFFER))) {
449  int ac = skb_get_queue_mapping(tx->skb);
450 
451  /* only deauth, disassoc and action are bufferable MMPDUs */
452  if (ieee80211_is_mgmt(hdr->frame_control) &&
453  !ieee80211_is_deauth(hdr->frame_control) &&
454  !ieee80211_is_disassoc(hdr->frame_control) &&
455  !ieee80211_is_action(hdr->frame_control)) {
456  info->flags |= IEEE80211_TX_CTL_NO_PS_BUFFER;
457  return TX_CONTINUE;
458  }
459 
460  ps_dbg(sta->sdata, "STA %pM aid %d: PS buffer for AC %d\n",
461  sta->sta.addr, sta->sta.aid, ac);
462  if (tx->local->total_ps_buffered >= TOTAL_MAX_TX_BUFFER)
463  purge_old_ps_buffers(tx->local);
464  if (skb_queue_len(&sta->ps_tx_buf[ac]) >= STA_MAX_TX_BUFFER) {
465  struct sk_buff *old = skb_dequeue(&sta->ps_tx_buf[ac]);
466  ps_dbg(tx->sdata,
467  "STA %pM TX buffer for AC %d full - dropping oldest frame\n",
468  sta->sta.addr, ac);
469  ieee80211_free_txskb(&local->hw, old);
470  } else
471  tx->local->total_ps_buffered++;
472 
473  info->control.jiffies = jiffies;
474  info->control.vif = &tx->sdata->vif;
475  info->flags |= IEEE80211_TX_INTFL_NEED_TXPROCESSING;
476  skb_queue_tail(&sta->ps_tx_buf[ac], tx->skb);
477 
478  if (!timer_pending(&local->sta_cleanup))
479  mod_timer(&local->sta_cleanup,
480  round_jiffies(jiffies +
481  STA_INFO_CLEANUP_INTERVAL));
482 
483  /*
484  * We queued up some frames, so the TIM bit might
485  * need to be set, recalculate it.
486  */
487  sta_info_recalc_tim(sta);
488 
489  return TX_QUEUED;
490  } else if (unlikely(test_sta_flag(sta, WLAN_STA_PS_STA))) {
491  ps_dbg(tx->sdata,
492  "STA %pM in PS mode, but polling/in SP -> send frame\n",
493  sta->sta.addr);
494  }
495 
496  return TX_CONTINUE;
497 }
498 
499 static ieee80211_tx_result debug_noinline
500 ieee80211_tx_h_ps_buf(struct ieee80211_tx_data *tx)
501 {
502  if (unlikely(tx->flags & IEEE80211_TX_PS_BUFFERED))
503  return TX_CONTINUE;
504 
505  if (tx->flags & IEEE80211_TX_UNICAST)
506  return ieee80211_tx_h_unicast_ps_buf(tx);
507  else
508  return ieee80211_tx_h_multicast_ps_buf(tx);
509 }
510 
511 static ieee80211_tx_result debug_noinline
512 ieee80211_tx_h_check_control_port_protocol(struct ieee80211_tx_data *tx)
513 {
514  struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
515 
516  if (unlikely(tx->sdata->control_port_protocol == tx->skb->protocol &&
517  tx->sdata->control_port_no_encrypt))
518  info->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
519 
520  return TX_CONTINUE;
521 }
522 
523 static ieee80211_tx_result debug_noinline
524 ieee80211_tx_h_select_key(struct ieee80211_tx_data *tx)
525 {
526  struct ieee80211_key *key;
527  struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
528  struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
529 
530  if (unlikely(info->flags & IEEE80211_TX_INTFL_DONT_ENCRYPT))
531  tx->key = NULL;
532  else if (tx->sta && (key = rcu_dereference(tx->sta->ptk)))
533  tx->key = key;
534  else if (ieee80211_is_mgmt(hdr->frame_control) &&
535  is_multicast_ether_addr(hdr->addr1) &&
536  ieee80211_is_robust_mgmt_frame(hdr) &&
537  (key = rcu_dereference(tx->sdata->default_mgmt_key)))
538  tx->key = key;
539  else if (is_multicast_ether_addr(hdr->addr1) &&
540  (key = rcu_dereference(tx->sdata->default_multicast_key)))
541  tx->key = key;
542  else if (!is_multicast_ether_addr(hdr->addr1) &&
543  (key = rcu_dereference(tx->sdata->default_unicast_key)))
544  tx->key = key;
545  else if (info->flags & IEEE80211_TX_CTL_INJECTED)
546  tx->key = NULL;
547  else if (!tx->sdata->drop_unencrypted)
548  tx->key = NULL;
549  else if (tx->skb->protocol == tx->sdata->control_port_protocol)
550  tx->key = NULL;
551  else if (ieee80211_is_robust_mgmt_frame(hdr) &&
552  !(ieee80211_is_action(hdr->frame_control) &&
553  tx->sta && test_sta_flag(tx->sta, WLAN_STA_MFP)))
554  tx->key = NULL;
555  else if (ieee80211_is_mgmt(hdr->frame_control) &&
556  !ieee80211_is_robust_mgmt_frame(hdr))
557  tx->key = NULL;
558  else {
559  I802_DEBUG_INC(tx->local->tx_handlers_drop_unencrypted);
560  return TX_DROP;
561  }
562 
563  if (tx->key) {
564  bool skip_hw = false;
565 
566  tx->key->tx_rx_count++;
567  /* TODO: add threshold stuff again */
568 
569  switch (tx->key->conf.cipher) {
570  case WLAN_CIPHER_SUITE_WEP40:
571  case WLAN_CIPHER_SUITE_WEP104:
572  case WLAN_CIPHER_SUITE_TKIP:
573  if (!ieee80211_is_data_present(hdr->frame_control))
574  tx->key = NULL;
575  break;
576  case WLAN_CIPHER_SUITE_CCMP:
577  if (!ieee80211_is_data_present(hdr->frame_control) &&
578  !ieee80211_use_mfp(hdr->frame_control, tx->sta,
579  tx->skb))
580  tx->key = NULL;
581  else
582  skip_hw = (tx->key->conf.flags &
583  IEEE80211_KEY_FLAG_SW_MGMT_TX) &&
584  ieee80211_is_mgmt(hdr->frame_control);
585  break;
586  case WLAN_CIPHER_SUITE_AES_CMAC:
587  if (!ieee80211_is_mgmt(hdr->frame_control))
588  tx->key = NULL;
589  break;
590  }
591 
592  if (unlikely(tx->key && tx->key->flags & KEY_FLAG_TAINTED))
593  return TX_DROP;
594 
595  if (!skip_hw && tx->key &&
596  tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE)
597  info->control.hw_key = &tx->key->conf;
598  }
599 
600  return TX_CONTINUE;
601 }
602 
603 static ieee80211_tx_result debug_noinline
604 ieee80211_tx_h_rate_ctrl(struct ieee80211_tx_data *tx)
605 {
606  struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
607  struct ieee80211_hdr *hdr = (void *)tx->skb->data;
608  struct ieee80211_supported_band *sband;
609  struct ieee80211_rate *rate;
610  int i;
611  u32 len;
612  bool inval = false, rts = false, short_preamble = false;
613  struct ieee80211_tx_rate_control txrc;
614  bool assoc = false;
615 
616  memset(&txrc, 0, sizeof(txrc));
617 
618  sband = tx->local->hw.wiphy->bands[info->band];
619 
620  len = min_t(u32, tx->skb->len + FCS_LEN,
621  tx->local->hw.wiphy->frag_threshold);
622 
623  /* set up the tx rate control struct we give the RC algo */
624  txrc.hw = &tx->local->hw;
625  txrc.sband = sband;
626  txrc.bss_conf = &tx->sdata->vif.bss_conf;
627  txrc.skb = tx->skb;
628  txrc.reported_rate.idx = -1;
629  txrc.rate_idx_mask = tx->sdata->rc_rateidx_mask[info->band];
630  if (txrc.rate_idx_mask == (1 << sband->n_bitrates) - 1)
631  txrc.max_rate_idx = -1;
632  else
633  txrc.max_rate_idx = fls(txrc.rate_idx_mask) - 1;
634  memcpy(txrc.rate_idx_mcs_mask,
635  tx->sdata->rc_rateidx_mcs_mask[info->band],
636  sizeof(txrc.rate_idx_mcs_mask));
637  txrc.bss = (tx->sdata->vif.type == NL80211_IFTYPE_AP ||
638  tx->sdata->vif.type == NL80211_IFTYPE_MESH_POINT ||
639  tx->sdata->vif.type == NL80211_IFTYPE_ADHOC);
640 
641  /* set up RTS protection if desired */
642  if (len > tx->local->hw.wiphy->rts_threshold) {
643  txrc.rts = rts = true;
644  }
645 
646  /*
647  * Use short preamble if the BSS can handle it, but not for
648  * management frames unless we know the receiver can handle
649  * that -- the management frame might be to a station that
650  * just wants a probe response.
651  */
652  if (tx->sdata->vif.bss_conf.use_short_preamble &&
653  (ieee80211_is_data(hdr->frame_control) ||
654  (tx->sta && test_sta_flag(tx->sta, WLAN_STA_SHORT_PREAMBLE))))
655  txrc.short_preamble = short_preamble = true;
656 
657  if (tx->sta)
658  assoc = test_sta_flag(tx->sta, WLAN_STA_ASSOC);
659 
660  /*
661  * Lets not bother rate control if we're associated and cannot
662  * talk to the sta. This should not happen.
663  */
664  if (WARN(test_bit(SCAN_SW_SCANNING, &tx->local->scanning) && assoc &&
665  !rate_usable_index_exists(sband, &tx->sta->sta),
666  "%s: Dropped data frame as no usable bitrate found while "
667  "scanning and associated. Target station: "
668  "%pM on %d GHz band\n",
669  tx->sdata->name, hdr->addr1,
670  info->band ? 5 : 2))
671  return TX_DROP;
672 
673  /*
674  * If we're associated with the sta at this point we know we can at
675  * least send the frame at the lowest bit rate.
676  */
677  rate_control_get_rate(tx->sdata, tx->sta, &txrc);
678 
679  if (unlikely(info->control.rates[0].idx < 0))
680  return TX_DROP;
681 
682  if (txrc.reported_rate.idx < 0) {
683  txrc.reported_rate = info->control.rates[0];
684  if (tx->sta && ieee80211_is_data(hdr->frame_control))
685  tx->sta->last_tx_rate = txrc.reported_rate;
686  } else if (tx->sta)
687  tx->sta->last_tx_rate = txrc.reported_rate;
688 
689  if (unlikely(!info->control.rates[0].count))
690  info->control.rates[0].count = 1;
691 
692  if (WARN_ON_ONCE((info->control.rates[0].count > 1) &&
693  (info->flags & IEEE80211_TX_CTL_NO_ACK)))
694  info->control.rates[0].count = 1;
695 
696  if (is_multicast_ether_addr(hdr->addr1)) {
697  /*
698  * XXX: verify the rate is in the basic rateset
699  */
700  return TX_CONTINUE;
701  }
702 
703  /*
704  * set up the RTS/CTS rate as the fastest basic rate
705  * that is not faster than the data rate
706  *
707  * XXX: Should this check all retry rates?
708  */
709  if (!(info->control.rates[0].flags & IEEE80211_TX_RC_MCS)) {
710  s8 baserate = 0;
711 
712  rate = &sband->bitrates[info->control.rates[0].idx];
713 
714  for (i = 0; i < sband->n_bitrates; i++) {
715  /* must be a basic rate */
716  if (!(tx->sdata->vif.bss_conf.basic_rates & BIT(i)))
717  continue;
718  /* must not be faster than the data rate */
719  if (sband->bitrates[i].bitrate > rate->bitrate)
720  continue;
721  /* maximum */
722  if (sband->bitrates[baserate].bitrate <
723  sband->bitrates[i].bitrate)
724  baserate = i;
725  }
726 
727  info->control.rts_cts_rate_idx = baserate;
728  }
729 
730  for (i = 0; i < IEEE80211_TX_MAX_RATES; i++) {
731  /*
732  * make sure there's no valid rate following
733  * an invalid one, just in case drivers don't
734  * take the API seriously to stop at -1.
735  */
736  if (inval) {
737  info->control.rates[i].idx = -1;
738  continue;
739  }
740  if (info->control.rates[i].idx < 0) {
741  inval = true;
742  continue;
743  }
744 
745  /*
746  * For now assume MCS is already set up correctly, this
747  * needs to be fixed.
748  */
749  if (info->control.rates[i].flags & IEEE80211_TX_RC_MCS) {
750  WARN_ON(info->control.rates[i].idx > 76);
751  continue;
752  }
753 
754  /* set up RTS protection if desired */
755  if (rts)
756  info->control.rates[i].flags |=
757  IEEE80211_TX_RC_USE_RTS_CTS;
758 
759  /* RC is busted */
760  if (WARN_ON_ONCE(info->control.rates[i].idx >=
761  sband->n_bitrates)) {
762  info->control.rates[i].idx = -1;
763  continue;
764  }
765 
766  rate = &sband->bitrates[info->control.rates[i].idx];
767 
768  /* set up short preamble */
769  if (short_preamble &&
770  rate->flags & IEEE80211_RATE_SHORT_PREAMBLE)
771  info->control.rates[i].flags |=
772  IEEE80211_TX_RC_USE_SHORT_PREAMBLE;
773 
774  /* set up G protection */
775  if (!rts && tx->sdata->vif.bss_conf.use_cts_prot &&
776  rate->flags & IEEE80211_RATE_ERP_G)
777  info->control.rates[i].flags |=
778  IEEE80211_TX_RC_USE_CTS_PROTECT;
779  }
780 
781  return TX_CONTINUE;
782 }
783 
784 static ieee80211_tx_result debug_noinline
785 ieee80211_tx_h_sequence(struct ieee80211_tx_data *tx)
786 {
787  struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
788  struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
789  u16 *seq;
790  u8 *qc;
791  int tid;
792 
793  /*
794  * Packet injection may want to control the sequence
795  * number, if we have no matching interface then we
796  * neither assign one ourselves nor ask the driver to.
797  */
798  if (unlikely(info->control.vif->type == NL80211_IFTYPE_MONITOR))
799  return TX_CONTINUE;
800 
801  if (unlikely(ieee80211_is_ctl(hdr->frame_control)))
802  return TX_CONTINUE;
803 
804  if (ieee80211_hdrlen(hdr->frame_control) < 24)
805  return TX_CONTINUE;
806 
807  if (ieee80211_is_qos_nullfunc(hdr->frame_control))
808  return TX_CONTINUE;
809 
810  /*
811  * Anything but QoS data that has a sequence number field
812  * (is long enough) gets a sequence number from the global
813  * counter.
814  */
815  if (!ieee80211_is_data_qos(hdr->frame_control)) {
816  /* driver should assign sequence number */
817  info->flags |= IEEE80211_TX_CTL_ASSIGN_SEQ;
818  /* for pure STA mode without beacons, we can do it */
819  hdr->seq_ctrl = cpu_to_le16(tx->sdata->sequence_number);
820  tx->sdata->sequence_number += 0x10;
821  return TX_CONTINUE;
822  }
823 
824  /*
825  * This should be true for injected/management frames only, for
826  * management frames we have set the IEEE80211_TX_CTL_ASSIGN_SEQ
827  * above since they are not QoS-data frames.
828  */
829  if (!tx->sta)
830  return TX_CONTINUE;
831 
832  /* include per-STA, per-TID sequence counter */
833 
834  qc = ieee80211_get_qos_ctl(hdr);
835  tid = *qc & IEEE80211_QOS_CTL_TID_MASK;
836  seq = &tx->sta->tid_seq[tid];
837 
838  hdr->seq_ctrl = cpu_to_le16(*seq);
839 
840  /* Increase the sequence number. */
841  *seq = (*seq + 0x10) & IEEE80211_SCTL_SEQ;
842 
843  return TX_CONTINUE;
844 }
845 
846 static int ieee80211_fragment(struct ieee80211_tx_data *tx,
847  struct sk_buff *skb, int hdrlen,
848  int frag_threshold)
849 {
850  struct ieee80211_local *local = tx->local;
851  struct ieee80211_tx_info *info;
852  struct sk_buff *tmp;
853  int per_fragm = frag_threshold - hdrlen - FCS_LEN;
854  int pos = hdrlen + per_fragm;
855  int rem = skb->len - hdrlen - per_fragm;
856 
857  if (WARN_ON(rem < 0))
858  return -EINVAL;
859 
860  /* first fragment was already added to queue by caller */
861 
862  while (rem) {
863  int fraglen = per_fragm;
864 
865  if (fraglen > rem)
866  fraglen = rem;
867  rem -= fraglen;
868  tmp = dev_alloc_skb(local->tx_headroom +
869  frag_threshold +
870  IEEE80211_ENCRYPT_HEADROOM +
871  IEEE80211_ENCRYPT_TAILROOM);
872  if (!tmp)
873  return -ENOMEM;
874 
875  __skb_queue_tail(&tx->skbs, tmp);
876 
877  skb_reserve(tmp, local->tx_headroom +
878  IEEE80211_ENCRYPT_HEADROOM);
879  /* copy control information */
880  memcpy(tmp->cb, skb->cb, sizeof(tmp->cb));
881 
882  info = IEEE80211_SKB_CB(tmp);
883  info->flags &= ~(IEEE80211_TX_CTL_CLEAR_PS_FILT |
884  IEEE80211_TX_CTL_FIRST_FRAGMENT);
885 
886  if (rem)
887  info->flags |= IEEE80211_TX_CTL_MORE_FRAMES;
888 
889  skb_copy_queue_mapping(tmp, skb);
890  tmp->priority = skb->priority;
891  tmp->dev = skb->dev;
892 
893  /* copy header and data */
894  memcpy(skb_put(tmp, hdrlen), skb->data, hdrlen);
895  memcpy(skb_put(tmp, fraglen), skb->data + pos, fraglen);
896 
897  pos += fraglen;
898  }
899 
900  /* adjust first fragment's length */
901  skb->len = hdrlen + per_fragm;
902  return 0;
903 }
904 
905 static ieee80211_tx_result debug_noinline
906 ieee80211_tx_h_fragment(struct ieee80211_tx_data *tx)
907 {
908  struct sk_buff *skb = tx->skb;
909  struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
910  struct ieee80211_hdr *hdr = (void *)skb->data;
911  int frag_threshold = tx->local->hw.wiphy->frag_threshold;
912  int hdrlen;
913  int fragnum;
914 
915  /* no matter what happens, tx->skb moves to tx->skbs */
916  __skb_queue_tail(&tx->skbs, skb);
917  tx->skb = NULL;
918 
919  if (info->flags & IEEE80211_TX_CTL_DONTFRAG)
920  return TX_CONTINUE;
921 
922  if (tx->local->ops->set_frag_threshold)
923  return TX_CONTINUE;
924 
925  /*
926  * Warn when submitting a fragmented A-MPDU frame and drop it.
927  * This scenario is handled in ieee80211_tx_prepare but extra
928  * caution taken here as fragmented ampdu may cause Tx stop.
929  */
930  if (WARN_ON(info->flags & IEEE80211_TX_CTL_AMPDU))
931  return TX_DROP;
932 
933  hdrlen = ieee80211_hdrlen(hdr->frame_control);
934 
935  /* internal error, why isn't DONTFRAG set? */
936  if (WARN_ON(skb->len + FCS_LEN <= frag_threshold))
937  return TX_DROP;
938 
939  /*
940  * Now fragment the frame. This will allocate all the fragments and
941  * chain them (using skb as the first fragment) to skb->next.
942  * During transmission, we will remove the successfully transmitted
943  * fragments from this list. When the low-level driver rejects one
944  * of the fragments then we will simply pretend to accept the skb
945  * but store it away as pending.
946  */
947  if (ieee80211_fragment(tx, skb, hdrlen, frag_threshold))
948  return TX_DROP;
949 
950  /* update duration/seq/flags of fragments */
951  fragnum = 0;
952 
953  skb_queue_walk(&tx->skbs, skb) {
954  int next_len;
955  const __le16 morefrags = cpu_to_le16(IEEE80211_FCTL_MOREFRAGS);
956 
957  hdr = (void *)skb->data;
958  info = IEEE80211_SKB_CB(skb);
959 
960  if (!skb_queue_is_last(&tx->skbs, skb)) {
961  hdr->frame_control |= morefrags;
962  /*
963  * No multi-rate retries for fragmented frames, that
964  * would completely throw off the NAV at other STAs.
965  */
966  info->control.rates[1].idx = -1;
967  info->control.rates[2].idx = -1;
968  info->control.rates[3].idx = -1;
969  BUILD_BUG_ON(IEEE80211_TX_MAX_RATES != 4);
970  info->flags &= ~IEEE80211_TX_CTL_RATE_CTRL_PROBE;
971  } else {
972  hdr->frame_control &= ~morefrags;
973  next_len = 0;
974  }
975  hdr->seq_ctrl |= cpu_to_le16(fragnum & IEEE80211_SCTL_FRAG);
976  fragnum++;
977  }
978 
979  return TX_CONTINUE;
980 }
981 
982 static ieee80211_tx_result debug_noinline
983 ieee80211_tx_h_stats(struct ieee80211_tx_data *tx)
984 {
985  struct sk_buff *skb;
986 
987  if (!tx->sta)
988  return TX_CONTINUE;
989 
990  tx->sta->tx_packets++;
991  skb_queue_walk(&tx->skbs, skb) {
992  tx->sta->tx_fragments++;
993  tx->sta->tx_bytes += skb->len;
994  }
995 
996  return TX_CONTINUE;
997 }
998 
999 static ieee80211_tx_result debug_noinline
1000 ieee80211_tx_h_encrypt(struct ieee80211_tx_data *tx)
1001 {
1002  if (!tx->key)
1003  return TX_CONTINUE;
1004 
1005  switch (tx->key->conf.cipher) {
1006  case WLAN_CIPHER_SUITE_WEP40:
1007  case WLAN_CIPHER_SUITE_WEP104:
1008  return ieee80211_crypto_wep_encrypt(tx);
1009  case WLAN_CIPHER_SUITE_TKIP:
1010  return ieee80211_crypto_tkip_encrypt(tx);
1011  case WLAN_CIPHER_SUITE_CCMP:
1012  return ieee80211_crypto_ccmp_encrypt(tx);
1013  case WLAN_CIPHER_SUITE_AES_CMAC:
1014  return ieee80211_crypto_aes_cmac_encrypt(tx);
1015  default:
1016  return ieee80211_crypto_hw_encrypt(tx);
1017  }
1018 
1019  return TX_DROP;
1020 }
1021 
1022 static ieee80211_tx_result debug_noinline
1023 ieee80211_tx_h_calculate_duration(struct ieee80211_tx_data *tx)
1024 {
1025  struct sk_buff *skb;
1026  struct ieee80211_hdr *hdr;
1027  int next_len;
1028  bool group_addr;
1029 
1030  skb_queue_walk(&tx->skbs, skb) {
1031  hdr = (void *) skb->data;
1032  if (unlikely(ieee80211_is_pspoll(hdr->frame_control)))
1033  break; /* must not overwrite AID */
1034  if (!skb_queue_is_last(&tx->skbs, skb)) {
1035  struct sk_buff *next = skb_queue_next(&tx->skbs, skb);
1036  next_len = next->len;
1037  } else
1038  next_len = 0;
1039  group_addr = is_multicast_ether_addr(hdr->addr1);
1040 
1041  hdr->duration_id =
1042  ieee80211_duration(tx, skb, group_addr, next_len);
1043  }
1044 
1045  return TX_CONTINUE;
1046 }
1047 
1048 /* actual transmit path */
1049 
1050 static bool ieee80211_tx_prep_agg(struct ieee80211_tx_data *tx,
1051  struct sk_buff *skb,
1052  struct ieee80211_tx_info *info,
1053  struct tid_ampdu_tx *tid_tx,
1054  int tid)
1055 {
1056  bool queued = false;
1057  bool reset_agg_timer = false;
1058  struct sk_buff *purge_skb = NULL;
1059 
1060  if (test_bit(HT_AGG_STATE_OPERATIONAL, &tid_tx->state)) {
1061  info->flags |= IEEE80211_TX_CTL_AMPDU;
1062  reset_agg_timer = true;
1063  } else if (test_bit(HT_AGG_STATE_WANT_START, &tid_tx->state)) {
1064  /*
1065  * nothing -- this aggregation session is being started
1066  * but that might still fail with the driver
1067  */
1068  } else {
1069  spin_lock(&tx->sta->lock);
1070  /*
1071  * Need to re-check now, because we may get here
1072  *
1073  * 1) in the window during which the setup is actually
1074  * already done, but not marked yet because not all
1075  * packets are spliced over to the driver pending
1076  * queue yet -- if this happened we acquire the lock
1077  * either before or after the splice happens, but
1078  * need to recheck which of these cases happened.
1079  *
1080  * 2) during session teardown, if the OPERATIONAL bit
1081  * was cleared due to the teardown but the pointer
1082  * hasn't been assigned NULL yet (or we loaded it
1083  * before it was assigned) -- in this case it may
1084  * now be NULL which means we should just let the
1085  * packet pass through because splicing the frames
1086  * back is already done.
1087  */
1088  tid_tx = rcu_dereference_protected_tid_tx(tx->sta, tid);
1089 
1090  if (!tid_tx) {
1091  /* do nothing, let packet pass through */
1092  } else if (test_bit(HT_AGG_STATE_OPERATIONAL, &tid_tx->state)) {
1093  info->flags |= IEEE80211_TX_CTL_AMPDU;
1094  reset_agg_timer = true;
1095  } else {
1096  queued = true;
1097  info->control.vif = &tx->sdata->vif;
1098  info->flags |= IEEE80211_TX_INTFL_NEED_TXPROCESSING;
1099  __skb_queue_tail(&tid_tx->pending, skb);
1100  if (skb_queue_len(&tid_tx->pending) > STA_MAX_TX_BUFFER)
1101  purge_skb = __skb_dequeue(&tid_tx->pending);
1102  }
1103  spin_unlock(&tx->sta->lock);
1104 
1105  if (purge_skb)
1106  ieee80211_free_txskb(&tx->local->hw, purge_skb);
1107  }
1108 
1109  /* reset session timer */
1110  if (reset_agg_timer && tid_tx->timeout)
1111  tid_tx->last_tx = jiffies;
1112 
1113  return queued;
1114 }
1115 
1116 /*
1117  * initialises @tx
1118  */
1119 static ieee80211_tx_result
1120 ieee80211_tx_prepare(struct ieee80211_sub_if_data *sdata,
1121  struct ieee80211_tx_data *tx,
1122  struct sk_buff *skb)
1123 {
1124  struct ieee80211_local *local = sdata->local;
1125  struct ieee80211_hdr *hdr;
1126  struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1127  int tid;
1128  u8 *qc;
1129 
1130  memset(tx, 0, sizeof(*tx));
1131  tx->skb = skb;
1132  tx->local = local;
1133  tx->sdata = sdata;
1134  __skb_queue_head_init(&tx->skbs);
1135 
1136  /*
1137  * If this flag is set to true anywhere, and we get here,
1138  * we are doing the needed processing, so remove the flag
1139  * now.
1140  */
1141  info->flags &= ~IEEE80211_TX_INTFL_NEED_TXPROCESSING;
1142 
1143  hdr = (struct ieee80211_hdr *) skb->data;
1144 
1145  if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
1146  tx->sta = rcu_dereference(sdata->u.vlan.sta);
1147  if (!tx->sta && sdata->dev->ieee80211_ptr->use_4addr)
1148  return TX_DROP;
1149  } else if (info->flags & IEEE80211_TX_CTL_INJECTED ||
1150  tx->sdata->control_port_protocol == tx->skb->protocol) {
1151  tx->sta = sta_info_get_bss(sdata, hdr->addr1);
1152  }
1153  if (!tx->sta)
1154  tx->sta = sta_info_get(sdata, hdr->addr1);
1155 
1156  if (tx->sta && ieee80211_is_data_qos(hdr->frame_control) &&
1157  !ieee80211_is_qos_nullfunc(hdr->frame_control) &&
1158  (local->hw.flags & IEEE80211_HW_AMPDU_AGGREGATION) &&
1159  !(local->hw.flags & IEEE80211_HW_TX_AMPDU_SETUP_IN_HW)) {
1160  struct tid_ampdu_tx *tid_tx;
1161 
1162  qc = ieee80211_get_qos_ctl(hdr);
1163  tid = *qc & IEEE80211_QOS_CTL_TID_MASK;
1164 
1165  tid_tx = rcu_dereference(tx->sta->ampdu_mlme.tid_tx[tid]);
1166  if (tid_tx) {
1167  bool queued;
1168 
1169  queued = ieee80211_tx_prep_agg(tx, skb, info,
1170  tid_tx, tid);
1171 
1172  if (unlikely(queued))
1173  return TX_QUEUED;
1174  }
1175  }
1176 
1177  if (is_multicast_ether_addr(hdr->addr1)) {
1178  tx->flags &= ~IEEE80211_TX_UNICAST;
1179  info->flags |= IEEE80211_TX_CTL_NO_ACK;
1180  } else
1181  tx->flags |= IEEE80211_TX_UNICAST;
1182 
1183  if (!(info->flags & IEEE80211_TX_CTL_DONTFRAG)) {
1184  if (!(tx->flags & IEEE80211_TX_UNICAST) ||
1185  skb->len + FCS_LEN <= local->hw.wiphy->frag_threshold ||
1186  info->flags & IEEE80211_TX_CTL_AMPDU)
1187  info->flags |= IEEE80211_TX_CTL_DONTFRAG;
1188  }
1189 
1190  if (!tx->sta)
1191  info->flags |= IEEE80211_TX_CTL_CLEAR_PS_FILT;
1192  else if (test_and_clear_sta_flag(tx->sta, WLAN_STA_CLEAR_PS_FILT))
1193  info->flags |= IEEE80211_TX_CTL_CLEAR_PS_FILT;
1194 
1195  info->flags |= IEEE80211_TX_CTL_FIRST_FRAGMENT;
1196 
1197  return TX_CONTINUE;
1198 }
1199 
1200 static bool ieee80211_tx_frags(struct ieee80211_local *local,
1201  struct ieee80211_vif *vif,
1202  struct ieee80211_sta *sta,
1203  struct sk_buff_head *skbs,
1204  bool txpending)
1205 {
1206  struct ieee80211_tx_control control;
1207  struct sk_buff *skb, *tmp;
1208  unsigned long flags;
1209 
1210  skb_queue_walk_safe(skbs, skb, tmp) {
1211  struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1212  int q = info->hw_queue;
1213 
1214 #ifdef CONFIG_MAC80211_VERBOSE_DEBUG
1215  if (WARN_ON_ONCE(q >= local->hw.queues)) {
1216  __skb_unlink(skb, skbs);
1217  ieee80211_free_txskb(&local->hw, skb);
1218  continue;
1219  }
1220 #endif
1221 
1222  spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
1223  if (local->queue_stop_reasons[q] ||
1224  (!txpending && !skb_queue_empty(&local->pending[q]))) {
1225  /*
1226  * Since queue is stopped, queue up frames for later
1227  * transmission from the tx-pending tasklet when the
1228  * queue is woken again.
1229  */
1230  if (txpending)
1231  skb_queue_splice_init(skbs, &local->pending[q]);
1232  else
1233  skb_queue_splice_tail_init(skbs,
1234  &local->pending[q]);
1235 
1236  spin_unlock_irqrestore(&local->queue_stop_reason_lock,
1237  flags);
1238  return false;
1239  }
1240  spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
1241 
1242  info->control.vif = vif;
1243  control.sta = sta;
1244 
1245  __skb_unlink(skb, skbs);
1246  drv_tx(local, &control, skb);
1247  }
1248 
1249  return true;
1250 }
1251 
1252 /*
1253  * Returns false if the frame couldn't be transmitted but was queued instead.
1254  */
1255 static bool __ieee80211_tx(struct ieee80211_local *local,
1256  struct sk_buff_head *skbs, int led_len,
1257  struct sta_info *sta, bool txpending)
1258 {
1259  struct ieee80211_tx_info *info;
1260  struct ieee80211_sub_if_data *sdata;
1261  struct ieee80211_vif *vif;
1262  struct ieee80211_sta *pubsta;
1263  struct sk_buff *skb;
1264  bool result = true;
1265  __le16 fc;
1266 
1267  if (WARN_ON(skb_queue_empty(skbs)))
1268  return true;
1269 
1270  skb = skb_peek(skbs);
1271  fc = ((struct ieee80211_hdr *)skb->data)->frame_control;
1272  info = IEEE80211_SKB_CB(skb);
1273  sdata = vif_to_sdata(info->control.vif);
1274  if (sta && !sta->uploaded)
1275  sta = NULL;
1276 
1277  if (sta)
1278  pubsta = &sta->sta;
1279  else
1280  pubsta = NULL;
1281 
1282  switch (sdata->vif.type) {
1283  case NL80211_IFTYPE_MONITOR:
1284  sdata = rcu_dereference(local->monitor_sdata);
1285  if (sdata) {
1286  vif = &sdata->vif;
1287  info->hw_queue =
1288  vif->hw_queue[skb_get_queue_mapping(skb)];
1289  } else if (local->hw.flags & IEEE80211_HW_QUEUE_CONTROL) {
1290  dev_kfree_skb(skb);
1291  return true;
1292  } else
1293  vif = NULL;
1294  break;
1295  case NL80211_IFTYPE_AP_VLAN:
1296  sdata = container_of(sdata->bss,
1297  struct ieee80211_sub_if_data, u.ap);
1298  /* fall through */
1299  default:
1300  vif = &sdata->vif;
1301  break;
1302  }
1303 
1304  result = ieee80211_tx_frags(local, vif, pubsta, skbs,
1305  txpending);
1306 
1307  ieee80211_tpt_led_trig_tx(local, fc, led_len);
1308  ieee80211_led_tx(local, 1);
1309 
1310  WARN_ON_ONCE(!skb_queue_empty(skbs));
1311 
1312  return result;
1313 }
1314 
1315 /*
1316  * Invoke TX handlers, return 0 on success and non-zero if the
1317  * frame was dropped or queued.
1318  */
1319 static int invoke_tx_handlers(struct ieee80211_tx_data *tx)
1320 {
1321  struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
1322  ieee80211_tx_result res = TX_DROP;
1323 
1324 #define CALL_TXH(txh) \
1325  do { \
1326  res = txh(tx); \
1327  if (res != TX_CONTINUE) \
1328  goto txh_done; \
1329  } while (0)
1330 
1331  CALL_TXH(ieee80211_tx_h_dynamic_ps);
1332  CALL_TXH(ieee80211_tx_h_check_assoc);
1333  CALL_TXH(ieee80211_tx_h_ps_buf);
1334  CALL_TXH(ieee80211_tx_h_check_control_port_protocol);
1335  CALL_TXH(ieee80211_tx_h_select_key);
1336  if (!(tx->local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL))
1337  CALL_TXH(ieee80211_tx_h_rate_ctrl);
1338 
1339  if (unlikely(info->flags & IEEE80211_TX_INTFL_RETRANSMISSION)) {
1340  __skb_queue_tail(&tx->skbs, tx->skb);
1341  tx->skb = NULL;
1342  goto txh_done;
1343  }
1344 
1345  CALL_TXH(ieee80211_tx_h_michael_mic_add);
1346  CALL_TXH(ieee80211_tx_h_sequence);
1347  CALL_TXH(ieee80211_tx_h_fragment);
1348  /* handlers after fragment must be aware of tx info fragmentation! */
1349  CALL_TXH(ieee80211_tx_h_stats);
1350  CALL_TXH(ieee80211_tx_h_encrypt);
1351  if (!(tx->local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL))
1352  CALL_TXH(ieee80211_tx_h_calculate_duration);
1353 #undef CALL_TXH
1354 
1355  txh_done:
1356  if (unlikely(res == TX_DROP)) {
1357  I802_DEBUG_INC(tx->local->tx_handlers_drop);
1358  if (tx->skb)
1359  ieee80211_free_txskb(&tx->local->hw, tx->skb);
1360  else
1361  ieee80211_purge_tx_queue(&tx->local->hw, &tx->skbs);
1362  return -1;
1363  } else if (unlikely(res == TX_QUEUED)) {
1364  I802_DEBUG_INC(tx->local->tx_handlers_queued);
1365  return -1;
1366  }
1367 
1368  return 0;
1369 }
1370 
1371 /*
1372  * Returns false if the frame couldn't be transmitted but was queued instead.
1373  */
1374 static bool ieee80211_tx(struct ieee80211_sub_if_data *sdata,
1375  struct sk_buff *skb, bool txpending)
1376 {
1377  struct ieee80211_local *local = sdata->local;
1378  struct ieee80211_tx_data tx;
1379  ieee80211_tx_result res_prepare;
1380  struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1381  bool result = true;
1382  int led_len;
1383 
1384  if (unlikely(skb->len < 10)) {
1385  dev_kfree_skb(skb);
1386  return true;
1387  }
1388 
1389  rcu_read_lock();
1390 
1391  /* initialises tx */
1392  led_len = skb->len;
1393  res_prepare = ieee80211_tx_prepare(sdata, &tx, skb);
1394 
1395  if (unlikely(res_prepare == TX_DROP)) {
1396  ieee80211_free_txskb(&local->hw, skb);
1397  goto out;
1398  } else if (unlikely(res_prepare == TX_QUEUED)) {
1399  goto out;
1400  }
1401 
1402  info->band = local->hw.conf.channel->band;
1403 
1404  /* set up hw_queue value early */
1405  if (!(info->flags & IEEE80211_TX_CTL_TX_OFFCHAN) ||
1406  !(local->hw.flags & IEEE80211_HW_QUEUE_CONTROL))
1407  info->hw_queue =
1408  sdata->vif.hw_queue[skb_get_queue_mapping(skb)];
1409 
1410  if (!invoke_tx_handlers(&tx))
1411  result = __ieee80211_tx(local, &tx.skbs, led_len,
1412  tx.sta, txpending);
1413  out:
1414  rcu_read_unlock();
1415  return result;
1416 }
1417 
1418 /* device xmit handlers */
1419 
1420 static int ieee80211_skb_resize(struct ieee80211_sub_if_data *sdata,
1421  struct sk_buff *skb,
1422  int head_need, bool may_encrypt)
1423 {
1424  struct ieee80211_local *local = sdata->local;
1425  int tail_need = 0;
1426 
1427  if (may_encrypt && sdata->crypto_tx_tailroom_needed_cnt) {
1428  tail_need = IEEE80211_ENCRYPT_TAILROOM;
1429  tail_need -= skb_tailroom(skb);
1430  tail_need = max_t(int, tail_need, 0);
1431  }
1432 
1433  if (skb_cloned(skb))
1434  I802_DEBUG_INC(local->tx_expand_skb_head_cloned);
1435  else if (head_need || tail_need)
1436  I802_DEBUG_INC(local->tx_expand_skb_head);
1437  else
1438  return 0;
1439 
1440  if (pskb_expand_head(skb, head_need, tail_need, GFP_ATOMIC)) {
1441  wiphy_debug(local->hw.wiphy,
1442  "failed to reallocate TX buffer\n");
1443  return -ENOMEM;
1444  }
1445 
1446  return 0;
1447 }
1448 
1449 void ieee80211_xmit(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb)
1450 {
1451  struct ieee80211_local *local = sdata->local;
1452  struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1453  struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
1454  int headroom;
1455  bool may_encrypt;
1456 
1457  rcu_read_lock();
1458 
1459  may_encrypt = !(info->flags & IEEE80211_TX_INTFL_DONT_ENCRYPT);
1460 
1461  headroom = local->tx_headroom;
1462  if (may_encrypt)
1463  headroom += IEEE80211_ENCRYPT_HEADROOM;
1464  headroom -= skb_headroom(skb);
1465  headroom = max_t(int, 0, headroom);
1466 
1467  if (ieee80211_skb_resize(sdata, skb, headroom, may_encrypt)) {
1468  ieee80211_free_txskb(&local->hw, skb);
1469  rcu_read_unlock();
1470  return;
1471  }
1472 
1473  hdr = (struct ieee80211_hdr *) skb->data;
1474  info->control.vif = &sdata->vif;
1475 
1476  if (ieee80211_vif_is_mesh(&sdata->vif) &&
1477  ieee80211_is_data(hdr->frame_control) &&
1478  !is_multicast_ether_addr(hdr->addr1) &&
1479  mesh_nexthop_resolve(skb, sdata)) {
1480  /* skb queued: don't free */
1481  rcu_read_unlock();
1482  return;
1483  }
1484 
1485  ieee80211_set_qos_hdr(sdata, skb);
1486  ieee80211_tx(sdata, skb, false);
1487  rcu_read_unlock();
1488 }
1489 
1490 static bool ieee80211_parse_tx_radiotap(struct sk_buff *skb)
1491 {
1492  struct ieee80211_radiotap_iterator iterator;
1493  struct ieee80211_radiotap_header *rthdr =
1494  (struct ieee80211_radiotap_header *) skb->data;
1495  struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1496  int ret = ieee80211_radiotap_iterator_init(&iterator, rthdr, skb->len,
1497  NULL);
1498  u16 txflags;
1499 
1500  info->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT |
1501  IEEE80211_TX_CTL_DONTFRAG;
1502 
1503  /*
1504  * for every radiotap entry that is present
1505  * (ieee80211_radiotap_iterator_next returns -ENOENT when no more
1506  * entries present, or -EINVAL on error)
1507  */
1508 
1509  while (!ret) {
1510  ret = ieee80211_radiotap_iterator_next(&iterator);
1511 
1512  if (ret)
1513  continue;
1514 
1515  /* see if this argument is something we can use */
1516  switch (iterator.this_arg_index) {
1517  /*
1518  * You must take care when dereferencing iterator.this_arg
1519  * for multibyte types... the pointer is not aligned. Use
1520  * get_unaligned((type *)iterator.this_arg) to dereference
1521  * iterator.this_arg for type "type" safely on all arches.
1522  */
1523  case IEEE80211_RADIOTAP_FLAGS:
1524  if (*iterator.this_arg & IEEE80211_RADIOTAP_F_FCS) {
1525  /*
1526  * this indicates that the skb we have been
1527  * handed has the 32-bit FCS CRC at the end...
1528  * we should react to that by snipping it off
1529  * because it will be recomputed and added
1530  * on transmission
1531  */
1532  if (skb->len < (iterator._max_length + FCS_LEN))
1533  return false;
1534 
1535  skb_trim(skb, skb->len - FCS_LEN);
1536  }
1537  if (*iterator.this_arg & IEEE80211_RADIOTAP_F_WEP)
1538  info->flags &= ~IEEE80211_TX_INTFL_DONT_ENCRYPT;
1539  if (*iterator.this_arg & IEEE80211_RADIOTAP_F_FRAG)
1540  info->flags &= ~IEEE80211_TX_CTL_DONTFRAG;
1541  break;
1542 
1543  case IEEE80211_RADIOTAP_TX_FLAGS:
1544  txflags = get_unaligned_le16(iterator.this_arg);
1545  if (txflags & IEEE80211_RADIOTAP_F_TX_NOACK)
1546  info->flags |= IEEE80211_TX_CTL_NO_ACK;
1547  break;
1548 
1549  /*
1550  * Please update the file
1551  * Documentation/networking/mac80211-injection.txt
1552  * when parsing new fields here.
1553  */
1554 
1555  default:
1556  break;
1557  }
1558  }
1559 
1560  if (ret != -ENOENT) /* ie, if we didn't simply run out of fields */
1561  return false;
1562 
1563  /*
1564  * remove the radiotap header
1565  * iterator->_max_length was sanity-checked against
1566  * skb->len by iterator init
1567  */
1568  skb_pull(skb, iterator._max_length);
1569 
1570  return true;
1571 }
1572 
1573 netdev_tx_t ieee80211_monitor_start_xmit(struct sk_buff *skb,
1574  struct net_device *dev)
1575 {
1576  struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1577  struct ieee80211_channel *chan = local->hw.conf.channel;
1578  struct ieee80211_radiotap_header *prthdr =
1579  (struct ieee80211_radiotap_header *)skb->data;
1580  struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1581  struct ieee80211_hdr *hdr;
1582  struct ieee80211_sub_if_data *tmp_sdata, *sdata;
1583  u16 len_rthdr;
1584  int hdrlen;
1585 
1586  /*
1587  * Frame injection is not allowed if beaconing is not allowed
1588  * or if we need radar detection. Beaconing is usually not allowed when
1589  * the mode or operation (Adhoc, AP, Mesh) does not support DFS.
1590  * Passive scan is also used in world regulatory domains where
1591  * your country is not known and as such it should be treated as
1592  * NO TX unless the channel is explicitly allowed in which case
1593  * your current regulatory domain would not have the passive scan
1594  * flag.
1595  *
1596  * Since AP mode uses monitor interfaces to inject/TX management
1597  * frames we can make AP mode the exception to this rule once it
1598  * supports radar detection as its implementation can deal with
1599  * radar detection by itself. We can do that later by adding a
1600  * monitor flag interfaces used for AP support.
1601  */
1602  if ((chan->flags & (IEEE80211_CHAN_NO_IBSS | IEEE80211_CHAN_RADAR |
1603  IEEE80211_CHAN_PASSIVE_SCAN)))
1604  goto fail;
1605 
1606  /* check for not even having the fixed radiotap header part */
1607  if (unlikely(skb->len < sizeof(struct ieee80211_radiotap_header)))
1608  goto fail; /* too short to be possibly valid */
1609 
1610  /* is it a header version we can trust to find length from? */
1611  if (unlikely(prthdr->it_version))
1612  goto fail; /* only version 0 is supported */
1613 
1614  /* then there must be a radiotap header with a length we can use */
1615  len_rthdr = ieee80211_get_radiotap_len(skb->data);
1616 
1617  /* does the skb contain enough to deliver on the alleged length? */
1618  if (unlikely(skb->len < len_rthdr))
1619  goto fail; /* skb too short for claimed rt header extent */
1620 
1621  /*
1622  * fix up the pointers accounting for the radiotap
1623  * header still being in there. We are being given
1624  * a precooked IEEE80211 header so no need for
1625  * normal processing
1626  */
1627  skb_set_mac_header(skb, len_rthdr);
1628  /*
1629  * these are just fixed to the end of the rt area since we
1630  * don't have any better information and at this point, nobody cares
1631  */
1632  skb_set_network_header(skb, len_rthdr);
1633  skb_set_transport_header(skb, len_rthdr);
1634 
1635  if (skb->len < len_rthdr + 2)
1636  goto fail;
1637 
1638  hdr = (struct ieee80211_hdr *)(skb->data + len_rthdr);
1639  hdrlen = ieee80211_hdrlen(hdr->frame_control);
1640 
1641  if (skb->len < len_rthdr + hdrlen)
1642  goto fail;
1643 
1644  /*
1645  * Initialize skb->protocol if the injected frame is a data frame
1646  * carrying a rfc1042 header
1647  */
1648  if (ieee80211_is_data(hdr->frame_control) &&
1649  skb->len >= len_rthdr + hdrlen + sizeof(rfc1042_header) + 2) {
1650  u8 *payload = (u8 *)hdr + hdrlen;
1651 
1652  if (ether_addr_equal(payload, rfc1042_header))
1653  skb->protocol = cpu_to_be16((payload[6] << 8) |
1654  payload[7]);
1655  }
1656 
1657  memset(info, 0, sizeof(*info));
1658 
1659  info->flags = IEEE80211_TX_CTL_REQ_TX_STATUS |
1660  IEEE80211_TX_CTL_INJECTED;
1661 
1662  /* process and remove the injection radiotap header */
1663  if (!ieee80211_parse_tx_radiotap(skb))
1664  goto fail;
1665 
1666  rcu_read_lock();
1667 
1668  /*
1669  * We process outgoing injected frames that have a local address
1670  * we handle as though they are non-injected frames.
1671  * This code here isn't entirely correct, the local MAC address
1672  * isn't always enough to find the interface to use; for proper
1673  * VLAN/WDS support we will need a different mechanism (which
1674  * likely isn't going to be monitor interfaces).
1675  */
1676  sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1677 
1678  list_for_each_entry_rcu(tmp_sdata, &local->interfaces, list) {
1679  if (!ieee80211_sdata_running(tmp_sdata))
1680  continue;
1681  if (tmp_sdata->vif.type == NL80211_IFTYPE_MONITOR ||
1682  tmp_sdata->vif.type == NL80211_IFTYPE_AP_VLAN ||
1683  tmp_sdata->vif.type == NL80211_IFTYPE_WDS)
1684  continue;
1685  if (ether_addr_equal(tmp_sdata->vif.addr, hdr->addr2)) {
1686  sdata = tmp_sdata;
1687  break;
1688  }
1689  }
1690 
1691  ieee80211_xmit(sdata, skb);
1692  rcu_read_unlock();
1693 
1694  return NETDEV_TX_OK;
1695 
1696 fail:
1697  dev_kfree_skb(skb);
1698  return NETDEV_TX_OK; /* meaning, we dealt with the skb */
1699 }
1700 
1716 netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb,
1717  struct net_device *dev)
1718 {
1719  struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1720  struct ieee80211_local *local = sdata->local;
1721  struct ieee80211_tx_info *info;
1722  int head_need;
1723  u16 ethertype, hdrlen, meshhdrlen = 0;
1724  __le16 fc;
1725  struct ieee80211_hdr hdr;
1726  struct ieee80211s_hdr mesh_hdr __maybe_unused;
1727  struct mesh_path __maybe_unused *mppath = NULL, *mpath = NULL;
1728  const u8 *encaps_data;
1729  int encaps_len, skip_header_bytes;
1730  int nh_pos, h_pos;
1731  struct sta_info *sta = NULL;
1732  bool wme_sta = false, authorized = false, tdls_auth = false;
1733  bool tdls_direct = false;
1734  bool multicast;
1735  u32 info_flags = 0;
1736  u16 info_id = 0;
1737 
1738  if (unlikely(skb->len < ETH_HLEN))
1739  goto fail;
1740 
1741  /* convert Ethernet header to proper 802.11 header (based on
1742  * operation mode) */
1743  ethertype = (skb->data[12] << 8) | skb->data[13];
1744  fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA);
1745 
1746  switch (sdata->vif.type) {
1747  case NL80211_IFTYPE_AP_VLAN:
1748  rcu_read_lock();
1749  sta = rcu_dereference(sdata->u.vlan.sta);
1750  if (sta) {
1751  fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS);
1752  /* RA TA DA SA */
1753  memcpy(hdr.addr1, sta->sta.addr, ETH_ALEN);
1754  memcpy(hdr.addr2, sdata->vif.addr, ETH_ALEN);
1755  memcpy(hdr.addr3, skb->data, ETH_ALEN);
1756  memcpy(hdr.addr4, skb->data + ETH_ALEN, ETH_ALEN);
1757  hdrlen = 30;
1758  authorized = test_sta_flag(sta, WLAN_STA_AUTHORIZED);
1759  wme_sta = test_sta_flag(sta, WLAN_STA_WME);
1760  }
1761  rcu_read_unlock();
1762  if (sta)
1763  break;
1764  /* fall through */
1765  case NL80211_IFTYPE_AP:
1766  fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS);
1767  /* DA BSSID SA */
1768  memcpy(hdr.addr1, skb->data, ETH_ALEN);
1769  memcpy(hdr.addr2, sdata->vif.addr, ETH_ALEN);
1770  memcpy(hdr.addr3, skb->data + ETH_ALEN, ETH_ALEN);
1771  hdrlen = 24;
1772  break;
1773  case NL80211_IFTYPE_WDS:
1774  fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS);
1775  /* RA TA DA SA */
1776  memcpy(hdr.addr1, sdata->u.wds.remote_addr, ETH_ALEN);
1777  memcpy(hdr.addr2, sdata->vif.addr, ETH_ALEN);
1778  memcpy(hdr.addr3, skb->data, ETH_ALEN);
1779  memcpy(hdr.addr4, skb->data + ETH_ALEN, ETH_ALEN);
1780  hdrlen = 30;
1781  break;
1782 #ifdef CONFIG_MAC80211_MESH
1783  case NL80211_IFTYPE_MESH_POINT:
1784  if (!sdata->u.mesh.mshcfg.dot11MeshTTL) {
1785  /* Do not send frames with mesh_ttl == 0 */
1786  sdata->u.mesh.mshstats.dropped_frames_ttl++;
1787  goto fail;
1788  }
1789  rcu_read_lock();
1790  if (!is_multicast_ether_addr(skb->data)) {
1791  mpath = mesh_path_lookup(skb->data, sdata);
1792  if (!mpath)
1793  mppath = mpp_path_lookup(skb->data, sdata);
1794  }
1795 
1796  /*
1797  * Use address extension if it is a packet from
1798  * another interface or if we know the destination
1799  * is being proxied by a portal (i.e. portal address
1800  * differs from proxied address)
1801  */
1802  if (ether_addr_equal(sdata->vif.addr, skb->data + ETH_ALEN) &&
1803  !(mppath && !ether_addr_equal(mppath->mpp, skb->data))) {
1804  hdrlen = ieee80211_fill_mesh_addresses(&hdr, &fc,
1805  skb->data, skb->data + ETH_ALEN);
1806  rcu_read_unlock();
1807  meshhdrlen = ieee80211_new_mesh_header(&mesh_hdr,
1808  sdata, NULL, NULL);
1809  } else {
1810  /* DS -> MBSS (802.11-2012 13.11.3.3).
1811  * For unicast with unknown forwarding information,
1812  * destination might be in the MBSS or if that fails
1813  * forwarded to another mesh gate. In either case
1814  * resolution will be handled in ieee80211_xmit(), so
1815  * leave the original DA. This also works for mcast */
1816  const u8 *mesh_da = skb->data;
1817 
1818  if (mppath)
1819  mesh_da = mppath->mpp;
1820  else if (mpath)
1821  mesh_da = mpath->dst;
1822  rcu_read_unlock();
1823 
1824  hdrlen = ieee80211_fill_mesh_addresses(&hdr, &fc,
1825  mesh_da, sdata->vif.addr);
1826  if (is_multicast_ether_addr(mesh_da))
1827  /* DA TA mSA AE:SA */
1828  meshhdrlen =
1829  ieee80211_new_mesh_header(&mesh_hdr,
1830  sdata,
1831  skb->data + ETH_ALEN,
1832  NULL);
1833  else
1834  /* RA TA mDA mSA AE:DA SA */
1835  meshhdrlen =
1836  ieee80211_new_mesh_header(&mesh_hdr,
1837  sdata,
1838  skb->data,
1839  skb->data + ETH_ALEN);
1840 
1841  }
1842  break;
1843 #endif
1844  case NL80211_IFTYPE_STATION:
1845  if (sdata->wdev.wiphy->flags & WIPHY_FLAG_SUPPORTS_TDLS) {
1846  bool tdls_peer = false;
1847 
1848  rcu_read_lock();
1849  sta = sta_info_get(sdata, skb->data);
1850  if (sta) {
1851  authorized = test_sta_flag(sta,
1852  WLAN_STA_AUTHORIZED);
1853  wme_sta = test_sta_flag(sta, WLAN_STA_WME);
1854  tdls_peer = test_sta_flag(sta,
1855  WLAN_STA_TDLS_PEER);
1856  tdls_auth = test_sta_flag(sta,
1857  WLAN_STA_TDLS_PEER_AUTH);
1858  }
1859  rcu_read_unlock();
1860 
1861  /*
1862  * If the TDLS link is enabled, send everything
1863  * directly. Otherwise, allow TDLS setup frames
1864  * to be transmitted indirectly.
1865  */
1866  tdls_direct = tdls_peer && (tdls_auth ||
1867  !(ethertype == ETH_P_TDLS && skb->len > 14 &&
1868  skb->data[14] == WLAN_TDLS_SNAP_RFTYPE));
1869  }
1870 
1871  if (tdls_direct) {
1872  /* link during setup - throw out frames to peer */
1873  if (!tdls_auth)
1874  goto fail;
1875 
1876  /* DA SA BSSID */
1877  memcpy(hdr.addr1, skb->data, ETH_ALEN);
1878  memcpy(hdr.addr2, skb->data + ETH_ALEN, ETH_ALEN);
1879  memcpy(hdr.addr3, sdata->u.mgd.bssid, ETH_ALEN);
1880  hdrlen = 24;
1881  } else if (sdata->u.mgd.use_4addr &&
1882  cpu_to_be16(ethertype) != sdata->control_port_protocol) {
1883  fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS |
1884  IEEE80211_FCTL_TODS);
1885  /* RA TA DA SA */
1886  memcpy(hdr.addr1, sdata->u.mgd.bssid, ETH_ALEN);
1887  memcpy(hdr.addr2, sdata->vif.addr, ETH_ALEN);
1888  memcpy(hdr.addr3, skb->data, ETH_ALEN);
1889  memcpy(hdr.addr4, skb->data + ETH_ALEN, ETH_ALEN);
1890  hdrlen = 30;
1891  } else {
1892  fc |= cpu_to_le16(IEEE80211_FCTL_TODS);
1893  /* BSSID SA DA */
1894  memcpy(hdr.addr1, sdata->u.mgd.bssid, ETH_ALEN);
1895  memcpy(hdr.addr2, skb->data + ETH_ALEN, ETH_ALEN);
1896  memcpy(hdr.addr3, skb->data, ETH_ALEN);
1897  hdrlen = 24;
1898  }
1899  break;
1900  case NL80211_IFTYPE_ADHOC:
1901  /* DA SA BSSID */
1902  memcpy(hdr.addr1, skb->data, ETH_ALEN);
1903  memcpy(hdr.addr2, skb->data + ETH_ALEN, ETH_ALEN);
1904  memcpy(hdr.addr3, sdata->u.ibss.bssid, ETH_ALEN);
1905  hdrlen = 24;
1906  break;
1907  default:
1908  goto fail;
1909  }
1910 
1911  /*
1912  * There's no need to try to look up the destination
1913  * if it is a multicast address (which can only happen
1914  * in AP mode)
1915  */
1916  multicast = is_multicast_ether_addr(hdr.addr1);
1917  if (!multicast) {
1918  rcu_read_lock();
1919  sta = sta_info_get(sdata, hdr.addr1);
1920  if (sta) {
1921  authorized = test_sta_flag(sta, WLAN_STA_AUTHORIZED);
1922  wme_sta = test_sta_flag(sta, WLAN_STA_WME);
1923  }
1924  rcu_read_unlock();
1925  }
1926 
1927  /* For mesh, the use of the QoS header is mandatory */
1928  if (ieee80211_vif_is_mesh(&sdata->vif))
1929  wme_sta = true;
1930 
1931  /* receiver and we are QoS enabled, use a QoS type frame */
1932  if (wme_sta && local->hw.queues >= IEEE80211_NUM_ACS) {
1933  fc |= cpu_to_le16(IEEE80211_STYPE_QOS_DATA);
1934  hdrlen += 2;
1935  }
1936 
1937  /*
1938  * Drop unicast frames to unauthorised stations unless they are
1939  * EAPOL frames from the local station.
1940  */
1941  if (unlikely(!ieee80211_vif_is_mesh(&sdata->vif) &&
1942  !is_multicast_ether_addr(hdr.addr1) && !authorized &&
1943  (cpu_to_be16(ethertype) != sdata->control_port_protocol ||
1944  !ether_addr_equal(sdata->vif.addr, skb->data + ETH_ALEN)))) {
1945 #ifdef CONFIG_MAC80211_VERBOSE_DEBUG
1946  net_info_ratelimited("%s: dropped frame to %pM (unauthorized port)\n",
1947  dev->name, hdr.addr1);
1948 #endif
1949 
1950  I802_DEBUG_INC(local->tx_handlers_drop_unauth_port);
1951 
1952  goto fail;
1953  }
1954 
1955  if (unlikely(!multicast && skb->sk &&
1956  skb_shinfo(skb)->tx_flags & SKBTX_WIFI_STATUS)) {
1957  struct sk_buff *orig_skb = skb;
1958 
1959  skb = skb_clone(skb, GFP_ATOMIC);
1960  if (skb) {
1961  unsigned long flags;
1962  int id, r;
1963 
1964  spin_lock_irqsave(&local->ack_status_lock, flags);
1965  r = idr_get_new_above(&local->ack_status_frames,
1966  orig_skb, 1, &id);
1967  if (r == -EAGAIN) {
1968  idr_pre_get(&local->ack_status_frames,
1969  GFP_ATOMIC);
1970  r = idr_get_new_above(&local->ack_status_frames,
1971  orig_skb, 1, &id);
1972  }
1973  if (WARN_ON(!id) || id > 0xffff) {
1974  idr_remove(&local->ack_status_frames, id);
1975  r = -ERANGE;
1976  }
1977  spin_unlock_irqrestore(&local->ack_status_lock, flags);
1978 
1979  if (!r) {
1980  info_id = id;
1981  info_flags |= IEEE80211_TX_CTL_REQ_TX_STATUS;
1982  } else if (skb_shared(skb)) {
1983  kfree_skb(orig_skb);
1984  } else {
1985  kfree_skb(skb);
1986  skb = orig_skb;
1987  }
1988  } else {
1989  /* couldn't clone -- lose tx status ... */
1990  skb = orig_skb;
1991  }
1992  }
1993 
1994  /*
1995  * If the skb is shared we need to obtain our own copy.
1996  */
1997  if (skb_shared(skb)) {
1998  struct sk_buff *tmp_skb = skb;
1999 
2000  /* can't happen -- skb is a clone if info_id != 0 */
2001  WARN_ON(info_id);
2002 
2003  skb = skb_clone(skb, GFP_ATOMIC);
2004  kfree_skb(tmp_skb);
2005 
2006  if (!skb)
2007  goto fail;
2008  }
2009 
2010  hdr.frame_control = fc;
2011  hdr.duration_id = 0;
2012  hdr.seq_ctrl = 0;
2013 
2014  skip_header_bytes = ETH_HLEN;
2015  if (ethertype == ETH_P_AARP || ethertype == ETH_P_IPX) {
2016  encaps_data = bridge_tunnel_header;
2017  encaps_len = sizeof(bridge_tunnel_header);
2018  skip_header_bytes -= 2;
2019  } else if (ethertype >= 0x600) {
2020  encaps_data = rfc1042_header;
2021  encaps_len = sizeof(rfc1042_header);
2022  skip_header_bytes -= 2;
2023  } else {
2024  encaps_data = NULL;
2025  encaps_len = 0;
2026  }
2027 
2028  nh_pos = skb_network_header(skb) - skb->data;
2029  h_pos = skb_transport_header(skb) - skb->data;
2030 
2031  skb_pull(skb, skip_header_bytes);
2032  nh_pos -= skip_header_bytes;
2033  h_pos -= skip_header_bytes;
2034 
2035  head_need = hdrlen + encaps_len + meshhdrlen - skb_headroom(skb);
2036 
2037  /*
2038  * So we need to modify the skb header and hence need a copy of
2039  * that. The head_need variable above doesn't, so far, include
2040  * the needed header space that we don't need right away. If we
2041  * can, then we don't reallocate right now but only after the
2042  * frame arrives at the master device (if it does...)
2043  *
2044  * If we cannot, however, then we will reallocate to include all
2045  * the ever needed space. Also, if we need to reallocate it anyway,
2046  * make it big enough for everything we may ever need.
2047  */
2048 
2049  if (head_need > 0 || skb_cloned(skb)) {
2050  head_need += IEEE80211_ENCRYPT_HEADROOM;
2051  head_need += local->tx_headroom;
2052  head_need = max_t(int, 0, head_need);
2053  if (ieee80211_skb_resize(sdata, skb, head_need, true)) {
2054  ieee80211_free_txskb(&local->hw, skb);
2055  return NETDEV_TX_OK;
2056  }
2057  }
2058 
2059  if (encaps_data) {
2060  memcpy(skb_push(skb, encaps_len), encaps_data, encaps_len);
2061  nh_pos += encaps_len;
2062  h_pos += encaps_len;
2063  }
2064 
2065 #ifdef CONFIG_MAC80211_MESH
2066  if (meshhdrlen > 0) {
2067  memcpy(skb_push(skb, meshhdrlen), &mesh_hdr, meshhdrlen);
2068  nh_pos += meshhdrlen;
2069  h_pos += meshhdrlen;
2070  }
2071 #endif
2072 
2073  if (ieee80211_is_data_qos(fc)) {
2074  __le16 *qos_control;
2075 
2076  qos_control = (__le16*) skb_push(skb, 2);
2077  memcpy(skb_push(skb, hdrlen - 2), &hdr, hdrlen - 2);
2078  /*
2079  * Maybe we could actually set some fields here, for now just
2080  * initialise to zero to indicate no special operation.
2081  */
2082  *qos_control = 0;
2083  } else
2084  memcpy(skb_push(skb, hdrlen), &hdr, hdrlen);
2085 
2086  nh_pos += hdrlen;
2087  h_pos += hdrlen;
2088 
2089  dev->stats.tx_packets++;
2090  dev->stats.tx_bytes += skb->len;
2091 
2092  /* Update skb pointers to various headers since this modified frame
2093  * is going to go through Linux networking code that may potentially
2094  * need things like pointer to IP header. */
2095  skb_set_mac_header(skb, 0);
2096  skb_set_network_header(skb, nh_pos);
2097  skb_set_transport_header(skb, h_pos);
2098 
2099  info = IEEE80211_SKB_CB(skb);
2100  memset(info, 0, sizeof(*info));
2101 
2102  dev->trans_start = jiffies;
2103 
2104  info->flags = info_flags;
2105  info->ack_frame_id = info_id;
2106 
2107  ieee80211_xmit(sdata, skb);
2108 
2109  return NETDEV_TX_OK;
2110 
2111  fail:
2112  dev_kfree_skb(skb);
2113  return NETDEV_TX_OK;
2114 }
2115 
2116 
2117 /*
2118  * ieee80211_clear_tx_pending may not be called in a context where
2119  * it is possible that it packets could come in again.
2120  */
2121 void ieee80211_clear_tx_pending(struct ieee80211_local *local)
2122 {
2123  struct sk_buff *skb;
2124  int i;
2125 
2126  for (i = 0; i < local->hw.queues; i++) {
2127  while ((skb = skb_dequeue(&local->pending[i])) != NULL)
2128  ieee80211_free_txskb(&local->hw, skb);
2129  }
2130 }
2131 
2132 /*
2133  * Returns false if the frame couldn't be transmitted but was queued instead,
2134  * which in this case means re-queued -- take as an indication to stop sending
2135  * more pending frames.
2136  */
2137 static bool ieee80211_tx_pending_skb(struct ieee80211_local *local,
2138  struct sk_buff *skb)
2139 {
2140  struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
2141  struct ieee80211_sub_if_data *sdata;
2142  struct sta_info *sta;
2143  struct ieee80211_hdr *hdr;
2144  bool result;
2145 
2146  sdata = vif_to_sdata(info->control.vif);
2147 
2148  if (info->flags & IEEE80211_TX_INTFL_NEED_TXPROCESSING) {
2149  result = ieee80211_tx(sdata, skb, true);
2150  } else {
2151  struct sk_buff_head skbs;
2152 
2153  __skb_queue_head_init(&skbs);
2154  __skb_queue_tail(&skbs, skb);
2155 
2156  hdr = (struct ieee80211_hdr *)skb->data;
2157  sta = sta_info_get(sdata, hdr->addr1);
2158 
2159  result = __ieee80211_tx(local, &skbs, skb->len, sta, true);
2160  }
2161 
2162  return result;
2163 }
2164 
2165 /*
2166  * Transmit all pending packets. Called from tasklet.
2167  */
2168 void ieee80211_tx_pending(unsigned long data)
2169 {
2170  struct ieee80211_local *local = (struct ieee80211_local *)data;
2171  unsigned long flags;
2172  int i;
2173  bool txok;
2174 
2175  rcu_read_lock();
2176 
2177  spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
2178  for (i = 0; i < local->hw.queues; i++) {
2179  /*
2180  * If queue is stopped by something other than due to pending
2181  * frames, or we have no pending frames, proceed to next queue.
2182  */
2183  if (local->queue_stop_reasons[i] ||
2184  skb_queue_empty(&local->pending[i]))
2185  continue;
2186 
2187  while (!skb_queue_empty(&local->pending[i])) {
2188  struct sk_buff *skb = __skb_dequeue(&local->pending[i]);
2189  struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
2190 
2191  if (WARN_ON(!info->control.vif)) {
2192  ieee80211_free_txskb(&local->hw, skb);
2193  continue;
2194  }
2195 
2196  spin_unlock_irqrestore(&local->queue_stop_reason_lock,
2197  flags);
2198 
2199  txok = ieee80211_tx_pending_skb(local, skb);
2200  spin_lock_irqsave(&local->queue_stop_reason_lock,
2201  flags);
2202  if (!txok)
2203  break;
2204  }
2205 
2206  if (skb_queue_empty(&local->pending[i]))
2207  ieee80211_propagate_queue_wake(local, i);
2208  }
2209  spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
2210 
2211  rcu_read_unlock();
2212 }
2213 
2214 /* functions for drivers to get certain frames */
2215 
2216 static void ieee80211_beacon_add_tim(struct ieee80211_sub_if_data *sdata,
2217  struct ieee80211_if_ap *bss,
2218  struct sk_buff *skb,
2219  struct beacon_data *beacon)
2220 {
2221  u8 *pos, *tim;
2222  int aid0 = 0;
2223  int i, have_bits = 0, n1, n2;
2224 
2225  /* Generate bitmap for TIM only if there are any STAs in power save
2226  * mode. */
2227  if (atomic_read(&bss->num_sta_ps) > 0)
2228  /* in the hope that this is faster than
2229  * checking byte-for-byte */
2230  have_bits = !bitmap_empty((unsigned long*)bss->tim,
2231  IEEE80211_MAX_AID+1);
2232 
2233  if (bss->dtim_count == 0)
2234  bss->dtim_count = sdata->vif.bss_conf.dtim_period - 1;
2235  else
2236  bss->dtim_count--;
2237 
2238  tim = pos = (u8 *) skb_put(skb, 6);
2239  *pos++ = WLAN_EID_TIM;
2240  *pos++ = 4;
2241  *pos++ = bss->dtim_count;
2242  *pos++ = sdata->vif.bss_conf.dtim_period;
2243 
2244  if (bss->dtim_count == 0 && !skb_queue_empty(&bss->ps_bc_buf))
2245  aid0 = 1;
2246 
2247  bss->dtim_bc_mc = aid0 == 1;
2248 
2249  if (have_bits) {
2250  /* Find largest even number N1 so that bits numbered 1 through
2251  * (N1 x 8) - 1 in the bitmap are 0 and number N2 so that bits
2252  * (N2 + 1) x 8 through 2007 are 0. */
2253  n1 = 0;
2254  for (i = 0; i < IEEE80211_MAX_TIM_LEN; i++) {
2255  if (bss->tim[i]) {
2256  n1 = i & 0xfe;
2257  break;
2258  }
2259  }
2260  n2 = n1;
2261  for (i = IEEE80211_MAX_TIM_LEN - 1; i >= n1; i--) {
2262  if (bss->tim[i]) {
2263  n2 = i;
2264  break;
2265  }
2266  }
2267 
2268  /* Bitmap control */
2269  *pos++ = n1 | aid0;
2270  /* Part Virt Bitmap */
2271  skb_put(skb, n2 - n1);
2272  memcpy(pos, bss->tim + n1, n2 - n1 + 1);
2273 
2274  tim[1] = n2 - n1 + 4;
2275  } else {
2276  *pos++ = aid0; /* Bitmap control */
2277  *pos++ = 0; /* Part Virt Bitmap */
2278  }
2279 }
2280 
2281 struct sk_buff *ieee80211_beacon_get_tim(struct ieee80211_hw *hw,
2282  struct ieee80211_vif *vif,
2283  u16 *tim_offset, u16 *tim_length)
2284 {
2285  struct ieee80211_local *local = hw_to_local(hw);
2286  struct sk_buff *skb = NULL;
2287  struct ieee80211_tx_info *info;
2288  struct ieee80211_sub_if_data *sdata = NULL;
2289  struct ieee80211_if_ap *ap = NULL;
2290  struct beacon_data *beacon;
2291  enum ieee80211_band band = local->oper_channel->band;
2292  struct ieee80211_tx_rate_control txrc;
2293 
2294  rcu_read_lock();
2295 
2296  sdata = vif_to_sdata(vif);
2297 
2298  if (!ieee80211_sdata_running(sdata))
2299  goto out;
2300 
2301  if (tim_offset)
2302  *tim_offset = 0;
2303  if (tim_length)
2304  *tim_length = 0;
2305 
2306  if (sdata->vif.type == NL80211_IFTYPE_AP) {
2307  ap = &sdata->u.ap;
2308  beacon = rcu_dereference(ap->beacon);
2309  if (beacon) {
2310  /*
2311  * headroom, head length,
2312  * tail length and maximum TIM length
2313  */
2314  skb = dev_alloc_skb(local->tx_headroom +
2315  beacon->head_len +
2316  beacon->tail_len + 256);
2317  if (!skb)
2318  goto out;
2319 
2320  skb_reserve(skb, local->tx_headroom);
2321  memcpy(skb_put(skb, beacon->head_len), beacon->head,
2322  beacon->head_len);
2323 
2324  /*
2325  * Not very nice, but we want to allow the driver to call
2326  * ieee80211_beacon_get() as a response to the set_tim()
2327  * callback. That, however, is already invoked under the
2328  * sta_lock to guarantee consistent and race-free update
2329  * of the tim bitmap in mac80211 and the driver.
2330  */
2331  if (local->tim_in_locked_section) {
2332  ieee80211_beacon_add_tim(sdata, ap, skb,
2333  beacon);
2334  } else {
2335  unsigned long flags;
2336 
2337  spin_lock_irqsave(&local->tim_lock, flags);
2338  ieee80211_beacon_add_tim(sdata, ap, skb,
2339  beacon);
2340  spin_unlock_irqrestore(&local->tim_lock, flags);
2341  }
2342 
2343  if (tim_offset)
2344  *tim_offset = beacon->head_len;
2345  if (tim_length)
2346  *tim_length = skb->len - beacon->head_len;
2347 
2348  if (beacon->tail)
2349  memcpy(skb_put(skb, beacon->tail_len),
2350  beacon->tail, beacon->tail_len);
2351  } else
2352  goto out;
2353  } else if (sdata->vif.type == NL80211_IFTYPE_ADHOC) {
2354  struct ieee80211_if_ibss *ifibss = &sdata->u.ibss;
2355  struct ieee80211_hdr *hdr;
2356  struct sk_buff *presp = rcu_dereference(ifibss->presp);
2357 
2358  if (!presp)
2359  goto out;
2360 
2361  skb = skb_copy(presp, GFP_ATOMIC);
2362  if (!skb)
2363  goto out;
2364 
2365  hdr = (struct ieee80211_hdr *) skb->data;
2366  hdr->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
2367  IEEE80211_STYPE_BEACON);
2368  } else if (ieee80211_vif_is_mesh(&sdata->vif)) {
2369  struct ieee80211_mgmt *mgmt;
2370  struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
2371  u8 *pos;
2372  int hdr_len = offsetof(struct ieee80211_mgmt, u.beacon) +
2373  sizeof(mgmt->u.beacon);
2374 
2375 #ifdef CONFIG_MAC80211_MESH
2376  if (!sdata->u.mesh.mesh_id_len)
2377  goto out;
2378 #endif
2379 
2380  if (ifmsh->sync_ops)
2381  ifmsh->sync_ops->adjust_tbtt(
2382  sdata);
2383 
2384  skb = dev_alloc_skb(local->tx_headroom +
2385  hdr_len +
2386  2 + /* NULL SSID */
2387  2 + 8 + /* supported rates */
2388  2 + 3 + /* DS params */
2389  2 + (IEEE80211_MAX_SUPP_RATES - 8) +
2390  2 + sizeof(struct ieee80211_ht_cap) +
2391  2 + sizeof(struct ieee80211_ht_operation) +
2392  2 + sdata->u.mesh.mesh_id_len +
2393  2 + sizeof(struct ieee80211_meshconf_ie) +
2394  sdata->u.mesh.ie_len);
2395  if (!skb)
2396  goto out;
2397 
2398  skb_reserve(skb, local->hw.extra_tx_headroom);
2399  mgmt = (struct ieee80211_mgmt *) skb_put(skb, hdr_len);
2400  memset(mgmt, 0, hdr_len);
2401  mgmt->frame_control =
2402  cpu_to_le16(IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_BEACON);
2403  eth_broadcast_addr(mgmt->da);
2404  memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
2405  memcpy(mgmt->bssid, sdata->vif.addr, ETH_ALEN);
2406  mgmt->u.beacon.beacon_int =
2407  cpu_to_le16(sdata->vif.bss_conf.beacon_int);
2408  mgmt->u.beacon.capab_info |= cpu_to_le16(
2409  sdata->u.mesh.security ? WLAN_CAPABILITY_PRIVACY : 0);
2410 
2411  pos = skb_put(skb, 2);
2412  *pos++ = WLAN_EID_SSID;
2413  *pos++ = 0x0;
2414 
2415  if (ieee80211_add_srates_ie(sdata, skb, true, band) ||
2416  mesh_add_ds_params_ie(skb, sdata) ||
2417  ieee80211_add_ext_srates_ie(sdata, skb, true, band) ||
2418  mesh_add_rsn_ie(skb, sdata) ||
2419  mesh_add_ht_cap_ie(skb, sdata) ||
2420  mesh_add_ht_oper_ie(skb, sdata) ||
2421  mesh_add_meshid_ie(skb, sdata) ||
2422  mesh_add_meshconf_ie(skb, sdata) ||
2423  mesh_add_vendor_ies(skb, sdata)) {
2424  pr_err("o11s: couldn't add ies!\n");
2425  goto out;
2426  }
2427  } else {
2428  WARN_ON(1);
2429  goto out;
2430  }
2431 
2432  info = IEEE80211_SKB_CB(skb);
2433 
2434  info->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
2435  info->flags |= IEEE80211_TX_CTL_NO_ACK;
2436  info->band = band;
2437 
2438  memset(&txrc, 0, sizeof(txrc));
2439  txrc.hw = hw;
2440  txrc.sband = local->hw.wiphy->bands[band];
2441  txrc.bss_conf = &sdata->vif.bss_conf;
2442  txrc.skb = skb;
2443  txrc.reported_rate.idx = -1;
2444  txrc.rate_idx_mask = sdata->rc_rateidx_mask[band];
2445  if (txrc.rate_idx_mask == (1 << txrc.sband->n_bitrates) - 1)
2446  txrc.max_rate_idx = -1;
2447  else
2448  txrc.max_rate_idx = fls(txrc.rate_idx_mask) - 1;
2449  memcpy(txrc.rate_idx_mcs_mask, sdata->rc_rateidx_mcs_mask[band],
2450  sizeof(txrc.rate_idx_mcs_mask));
2451  txrc.bss = true;
2452  rate_control_get_rate(sdata, NULL, &txrc);
2453 
2454  info->control.vif = vif;
2455 
2456  info->flags |= IEEE80211_TX_CTL_CLEAR_PS_FILT |
2457  IEEE80211_TX_CTL_ASSIGN_SEQ |
2458  IEEE80211_TX_CTL_FIRST_FRAGMENT;
2459  out:
2460  rcu_read_unlock();
2461  return skb;
2462 }
2463 EXPORT_SYMBOL(ieee80211_beacon_get_tim);
2464 
2465 struct sk_buff *ieee80211_proberesp_get(struct ieee80211_hw *hw,
2466  struct ieee80211_vif *vif)
2467 {
2468  struct ieee80211_if_ap *ap = NULL;
2469  struct sk_buff *skb = NULL;
2470  struct probe_resp *presp = NULL;
2471  struct ieee80211_hdr *hdr;
2472  struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
2473 
2474  if (sdata->vif.type != NL80211_IFTYPE_AP)
2475  return NULL;
2476 
2477  rcu_read_lock();
2478 
2479  ap = &sdata->u.ap;
2480  presp = rcu_dereference(ap->probe_resp);
2481  if (!presp)
2482  goto out;
2483 
2484  skb = dev_alloc_skb(presp->len);
2485  if (!skb)
2486  goto out;
2487 
2488  memcpy(skb_put(skb, presp->len), presp->data, presp->len);
2489 
2490  hdr = (struct ieee80211_hdr *) skb->data;
2491  memset(hdr->addr1, 0, sizeof(hdr->addr1));
2492 
2493 out:
2494  rcu_read_unlock();
2495  return skb;
2496 }
2497 EXPORT_SYMBOL(ieee80211_proberesp_get);
2498 
2499 struct sk_buff *ieee80211_pspoll_get(struct ieee80211_hw *hw,
2500  struct ieee80211_vif *vif)
2501 {
2502  struct ieee80211_sub_if_data *sdata;
2503  struct ieee80211_if_managed *ifmgd;
2504  struct ieee80211_pspoll *pspoll;
2505  struct ieee80211_local *local;
2506  struct sk_buff *skb;
2507 
2508  if (WARN_ON(vif->type != NL80211_IFTYPE_STATION))
2509  return NULL;
2510 
2511  sdata = vif_to_sdata(vif);
2512  ifmgd = &sdata->u.mgd;
2513  local = sdata->local;
2514 
2515  skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*pspoll));
2516  if (!skb)
2517  return NULL;
2518 
2519  skb_reserve(skb, local->hw.extra_tx_headroom);
2520 
2521  pspoll = (struct ieee80211_pspoll *) skb_put(skb, sizeof(*pspoll));
2522  memset(pspoll, 0, sizeof(*pspoll));
2523  pspoll->frame_control = cpu_to_le16(IEEE80211_FTYPE_CTL |
2524  IEEE80211_STYPE_PSPOLL);
2525  pspoll->aid = cpu_to_le16(ifmgd->aid);
2526 
2527  /* aid in PS-Poll has its two MSBs each set to 1 */
2528  pspoll->aid |= cpu_to_le16(1 << 15 | 1 << 14);
2529 
2530  memcpy(pspoll->bssid, ifmgd->bssid, ETH_ALEN);
2531  memcpy(pspoll->ta, vif->addr, ETH_ALEN);
2532 
2533  return skb;
2534 }
2535 EXPORT_SYMBOL(ieee80211_pspoll_get);
2536 
2537 struct sk_buff *ieee80211_nullfunc_get(struct ieee80211_hw *hw,
2538  struct ieee80211_vif *vif)
2539 {
2540  struct ieee80211_hdr_3addr *nullfunc;
2541  struct ieee80211_sub_if_data *sdata;
2542  struct ieee80211_if_managed *ifmgd;
2543  struct ieee80211_local *local;
2544  struct sk_buff *skb;
2545 
2546  if (WARN_ON(vif->type != NL80211_IFTYPE_STATION))
2547  return NULL;
2548 
2549  sdata = vif_to_sdata(vif);
2550  ifmgd = &sdata->u.mgd;
2551  local = sdata->local;
2552 
2553  skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*nullfunc));
2554  if (!skb)
2555  return NULL;
2556 
2557  skb_reserve(skb, local->hw.extra_tx_headroom);
2558 
2559  nullfunc = (struct ieee80211_hdr_3addr *) skb_put(skb,
2560  sizeof(*nullfunc));
2561  memset(nullfunc, 0, sizeof(*nullfunc));
2562  nullfunc->frame_control = cpu_to_le16(IEEE80211_FTYPE_DATA |
2563  IEEE80211_STYPE_NULLFUNC |
2564  IEEE80211_FCTL_TODS);
2565  memcpy(nullfunc->addr1, ifmgd->bssid, ETH_ALEN);
2566  memcpy(nullfunc->addr2, vif->addr, ETH_ALEN);
2567  memcpy(nullfunc->addr3, ifmgd->bssid, ETH_ALEN);
2568 
2569  return skb;
2570 }
2571 EXPORT_SYMBOL(ieee80211_nullfunc_get);
2572 
2573 struct sk_buff *ieee80211_probereq_get(struct ieee80211_hw *hw,
2574  struct ieee80211_vif *vif,
2575  const u8 *ssid, size_t ssid_len,
2576  const u8 *ie, size_t ie_len)
2577 {
2578  struct ieee80211_sub_if_data *sdata;
2579  struct ieee80211_local *local;
2580  struct ieee80211_hdr_3addr *hdr;
2581  struct sk_buff *skb;
2582  size_t ie_ssid_len;
2583  u8 *pos;
2584 
2585  sdata = vif_to_sdata(vif);
2586  local = sdata->local;
2587  ie_ssid_len = 2 + ssid_len;
2588 
2589  skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*hdr) +
2590  ie_ssid_len + ie_len);
2591  if (!skb)
2592  return NULL;
2593 
2594  skb_reserve(skb, local->hw.extra_tx_headroom);
2595 
2596  hdr = (struct ieee80211_hdr_3addr *) skb_put(skb, sizeof(*hdr));
2597  memset(hdr, 0, sizeof(*hdr));
2598  hdr->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
2599  IEEE80211_STYPE_PROBE_REQ);
2600  eth_broadcast_addr(hdr->addr1);
2601  memcpy(hdr->addr2, vif->addr, ETH_ALEN);
2602  eth_broadcast_addr(hdr->addr3);
2603 
2604  pos = skb_put(skb, ie_ssid_len);
2605  *pos++ = WLAN_EID_SSID;
2606  *pos++ = ssid_len;
2607  if (ssid_len)
2608  memcpy(pos, ssid, ssid_len);
2609  pos += ssid_len;
2610 
2611  if (ie) {
2612  pos = skb_put(skb, ie_len);
2613  memcpy(pos, ie, ie_len);
2614  }
2615 
2616  return skb;
2617 }
2618 EXPORT_SYMBOL(ieee80211_probereq_get);
2619 
2620 void ieee80211_rts_get(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
2621  const void *frame, size_t frame_len,
2622  const struct ieee80211_tx_info *frame_txctl,
2623  struct ieee80211_rts *rts)
2624 {
2625  const struct ieee80211_hdr *hdr = frame;
2626 
2627  rts->frame_control =
2628  cpu_to_le16(IEEE80211_FTYPE_CTL | IEEE80211_STYPE_RTS);
2629  rts->duration = ieee80211_rts_duration(hw, vif, frame_len,
2630  frame_txctl);
2631  memcpy(rts->ra, hdr->addr1, sizeof(rts->ra));
2632  memcpy(rts->ta, hdr->addr2, sizeof(rts->ta));
2633 }
2634 EXPORT_SYMBOL(ieee80211_rts_get);
2635 
2636 void ieee80211_ctstoself_get(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
2637  const void *frame, size_t frame_len,
2638  const struct ieee80211_tx_info *frame_txctl,
2639  struct ieee80211_cts *cts)
2640 {
2641  const struct ieee80211_hdr *hdr = frame;
2642 
2643  cts->frame_control =
2644  cpu_to_le16(IEEE80211_FTYPE_CTL | IEEE80211_STYPE_CTS);
2645  cts->duration = ieee80211_ctstoself_duration(hw, vif,
2646  frame_len, frame_txctl);
2647  memcpy(cts->ra, hdr->addr1, sizeof(cts->ra));
2648 }
2649 EXPORT_SYMBOL(ieee80211_ctstoself_get);
2650 
2651 struct sk_buff *
2652 ieee80211_get_buffered_bc(struct ieee80211_hw *hw,
2653  struct ieee80211_vif *vif)
2654 {
2655  struct ieee80211_local *local = hw_to_local(hw);
2656  struct sk_buff *skb = NULL;
2657  struct ieee80211_tx_data tx;
2658  struct ieee80211_sub_if_data *sdata;
2659  struct ieee80211_if_ap *bss = NULL;
2660  struct beacon_data *beacon;
2661  struct ieee80211_tx_info *info;
2662 
2663  sdata = vif_to_sdata(vif);
2664  bss = &sdata->u.ap;
2665 
2666  rcu_read_lock();
2667  beacon = rcu_dereference(bss->beacon);
2668 
2669  if (sdata->vif.type != NL80211_IFTYPE_AP || !beacon || !beacon->head)
2670  goto out;
2671 
2672  if (bss->dtim_count != 0 || !bss->dtim_bc_mc)
2673  goto out; /* send buffered bc/mc only after DTIM beacon */
2674 
2675  while (1) {
2676  skb = skb_dequeue(&bss->ps_bc_buf);
2677  if (!skb)
2678  goto out;
2679  local->total_ps_buffered--;
2680 
2681  if (!skb_queue_empty(&bss->ps_bc_buf) && skb->len >= 2) {
2682  struct ieee80211_hdr *hdr =
2683  (struct ieee80211_hdr *) skb->data;
2684  /* more buffered multicast/broadcast frames ==> set
2685  * MoreData flag in IEEE 802.11 header to inform PS
2686  * STAs */
2687  hdr->frame_control |=
2688  cpu_to_le16(IEEE80211_FCTL_MOREDATA);
2689  }
2690 
2691  if (!ieee80211_tx_prepare(sdata, &tx, skb))
2692  break;
2693  dev_kfree_skb_any(skb);
2694  }
2695 
2696  info = IEEE80211_SKB_CB(skb);
2697 
2698  tx.flags |= IEEE80211_TX_PS_BUFFERED;
2699  info->band = local->oper_channel->band;
2700 
2701  if (invoke_tx_handlers(&tx))
2702  skb = NULL;
2703  out:
2704  rcu_read_unlock();
2705 
2706  return skb;
2707 }
2708 EXPORT_SYMBOL(ieee80211_get_buffered_bc);
2709 
2710 void ieee80211_tx_skb_tid(struct ieee80211_sub_if_data *sdata,
2711  struct sk_buff *skb, int tid)
2712 {
2713  int ac = ieee802_1d_to_ac[tid & 7];
2714 
2715  skb_set_mac_header(skb, 0);
2716  skb_set_network_header(skb, 0);
2717  skb_set_transport_header(skb, 0);
2718 
2719  skb_set_queue_mapping(skb, ac);
2720  skb->priority = tid;
2721 
2722  /*
2723  * The other path calling ieee80211_xmit is from the tasklet,
2724  * and while we can handle concurrent transmissions locking
2725  * requirements are that we do not come into tx with bhs on.
2726  */
2727  local_bh_disable();
2728  ieee80211_xmit(sdata, skb);
2729  local_bh_enable();
2730 }
Generated on Thu Jan 10 2013 14:05:13 for Linux Kernel by   doxygen 1.8.2