1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Original code based Host AP (software wireless LAN access point) driver 4 * for Intersil Prism2/2.5/3 - hostap.o module, common routines 5 * 6 * Copyright (c) 2001-2002, SSH Communications Security Corp and Jouni Malinen 7 * <j@w1.fi> 8 * Copyright (c) 2002-2003, Jouni Malinen <j@w1.fi> 9 * Copyright (c) 2004-2005, Intel Corporation 10 */ 11 12 #include <linux/compiler.h> 13 #include <linux/errno.h> 14 #include <linux/if_arp.h> 15 #include <linux/in6.h> 16 #include <linux/gfp.h> 17 #include <linux/in.h> 18 #include <linux/ip.h> 19 #include <linux/kernel.h> 20 #include <linux/module.h> 21 #include <linux/netdevice.h> 22 #include <linux/proc_fs.h> 23 #include <linux/skbuff.h> 24 #include <linux/tcp.h> 25 #include <linux/types.h> 26 #include <linux/wireless.h> 27 #include <linux/etherdevice.h> 28 #include <linux/uaccess.h> 29 #include <linux/ctype.h> 30 #include "libipw.h" 31 32 static void libipw_monitor_rx(struct libipw_device *ieee, 33 struct sk_buff *skb, 34 struct libipw_rx_stats *rx_stats) 35 { 36 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; 37 u16 fc = le16_to_cpu(hdr->frame_control); 38 39 skb->dev = ieee->dev; 40 skb_reset_mac_header(skb); 41 skb_pull(skb, libipw_get_hdrlen(fc)); 42 skb->pkt_type = PACKET_OTHERHOST; 43 skb->protocol = htons(ETH_P_80211_RAW); 44 memset(skb->cb, 0, sizeof(skb->cb)); 45 netif_rx(skb); 46 } 47 48 /* Called only as a tasklet (software IRQ) */ 49 static struct libipw_frag_entry *libipw_frag_cache_find(struct 50 libipw_device 51 *ieee, 52 unsigned int seq, 53 unsigned int frag, 54 u8 * src, 55 u8 * dst) 56 { 57 struct libipw_frag_entry *entry; 58 int i; 59 60 for (i = 0; i < LIBIPW_FRAG_CACHE_LEN; i++) { 61 entry = &ieee->frag_cache[i]; 62 if (entry->skb != NULL && 63 time_after(jiffies, entry->first_frag_time + 2 * HZ)) { 64 LIBIPW_DEBUG_FRAG("expiring fragment cache entry " 65 "seq=%u last_frag=%u\n", 66 entry->seq, entry->last_frag); 67 dev_kfree_skb_any(entry->skb); 68 entry->skb = NULL; 69 } 70 71 if (entry->skb != NULL && entry->seq == seq && 72 (entry->last_frag + 1 == frag || frag == -1) && 73 ether_addr_equal(entry->src_addr, src) && 74 ether_addr_equal(entry->dst_addr, dst)) 75 return entry; 76 } 77 78 return NULL; 79 } 80 81 /* Called only as a tasklet (software IRQ) */ 82 static struct sk_buff *libipw_frag_cache_get(struct libipw_device *ieee, 83 struct libipw_hdr_4addr *hdr) 84 { 85 struct sk_buff *skb = NULL; 86 u16 sc; 87 unsigned int frag, seq; 88 struct libipw_frag_entry *entry; 89 90 sc = le16_to_cpu(hdr->seq_ctl); 91 frag = WLAN_GET_SEQ_FRAG(sc); 92 seq = WLAN_GET_SEQ_SEQ(sc); 93 94 if (frag == 0) { 95 /* Reserve enough space to fit maximum frame length */ 96 skb = dev_alloc_skb(ieee->dev->mtu + 97 sizeof(struct libipw_hdr_4addr) + 98 8 /* LLC */ + 99 2 /* alignment */ + 100 8 /* WEP */ + ETH_ALEN /* WDS */ ); 101 if (skb == NULL) 102 return NULL; 103 104 entry = &ieee->frag_cache[ieee->frag_next_idx]; 105 ieee->frag_next_idx++; 106 if (ieee->frag_next_idx >= LIBIPW_FRAG_CACHE_LEN) 107 ieee->frag_next_idx = 0; 108 109 if (entry->skb != NULL) 110 dev_kfree_skb_any(entry->skb); 111 112 entry->first_frag_time = jiffies; 113 entry->seq = seq; 114 entry->last_frag = frag; 115 entry->skb = skb; 116 memcpy(entry->src_addr, hdr->addr2, ETH_ALEN); 117 memcpy(entry->dst_addr, hdr->addr1, ETH_ALEN); 118 } else { 119 /* received a fragment of a frame for which the head fragment 120 * should have already been received */ 121 entry = libipw_frag_cache_find(ieee, seq, frag, hdr->addr2, 122 hdr->addr1); 123 if (entry != NULL) { 124 entry->last_frag = frag; 125 skb = entry->skb; 126 } 127 } 128 129 return skb; 130 } 131 132 /* Called only as a tasklet (software IRQ) */ 133 static int libipw_frag_cache_invalidate(struct libipw_device *ieee, 134 struct libipw_hdr_4addr *hdr) 135 { 136 u16 sc; 137 unsigned int seq; 138 struct libipw_frag_entry *entry; 139 140 sc = le16_to_cpu(hdr->seq_ctl); 141 seq = WLAN_GET_SEQ_SEQ(sc); 142 143 entry = libipw_frag_cache_find(ieee, seq, -1, hdr->addr2, 144 hdr->addr1); 145 146 if (entry == NULL) { 147 LIBIPW_DEBUG_FRAG("could not invalidate fragment cache " 148 "entry (seq=%u)\n", seq); 149 return -1; 150 } 151 152 entry->skb = NULL; 153 return 0; 154 } 155 156 #ifdef NOT_YET 157 /* libipw_rx_frame_mgtmt 158 * 159 * Responsible for handling management control frames 160 * 161 * Called by libipw_rx */ 162 static int 163 libipw_rx_frame_mgmt(struct libipw_device *ieee, struct sk_buff *skb, 164 struct libipw_rx_stats *rx_stats, u16 type, 165 u16 stype) 166 { 167 if (ieee->iw_mode == IW_MODE_MASTER) { 168 printk(KERN_DEBUG "%s: Master mode not yet supported.\n", 169 ieee->dev->name); 170 return 0; 171 /* 172 hostap_update_sta_ps(ieee, (struct hostap_libipw_hdr_4addr *) 173 skb->data);*/ 174 } 175 176 if (ieee->hostapd && type == WLAN_FC_TYPE_MGMT) { 177 if (stype == WLAN_FC_STYPE_BEACON && 178 ieee->iw_mode == IW_MODE_MASTER) { 179 struct sk_buff *skb2; 180 /* Process beacon frames also in kernel driver to 181 * update STA(AP) table statistics */ 182 skb2 = skb_clone(skb, GFP_ATOMIC); 183 if (skb2) 184 hostap_rx(skb2->dev, skb2, rx_stats); 185 } 186 187 /* send management frames to the user space daemon for 188 * processing */ 189 ieee->apdevstats.rx_packets++; 190 ieee->apdevstats.rx_bytes += skb->len; 191 prism2_rx_80211(ieee->apdev, skb, rx_stats, PRISM2_RX_MGMT); 192 return 0; 193 } 194 195 if (ieee->iw_mode == IW_MODE_MASTER) { 196 if (type != WLAN_FC_TYPE_MGMT && type != WLAN_FC_TYPE_CTRL) { 197 printk(KERN_DEBUG "%s: unknown management frame " 198 "(type=0x%02x, stype=0x%02x) dropped\n", 199 skb->dev->name, type, stype); 200 return -1; 201 } 202 203 hostap_rx(skb->dev, skb, rx_stats); 204 return 0; 205 } 206 207 printk(KERN_DEBUG "%s: hostap_rx_frame_mgmt: management frame " 208 "received in non-Host AP mode\n", skb->dev->name); 209 return -1; 210 } 211 #endif 212 213 /* See IEEE 802.1H for LLC/SNAP encapsulation/decapsulation */ 214 /* Ethernet-II snap header (RFC1042 for most EtherTypes) */ 215 static unsigned char libipw_rfc1042_header[] = 216 { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 }; 217 218 /* Bridge-Tunnel header (for EtherTypes ETH_P_AARP and ETH_P_IPX) */ 219 static unsigned char libipw_bridge_tunnel_header[] = 220 { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0xf8 }; 221 /* No encapsulation header if EtherType < 0x600 (=length) */ 222 223 /* Called by libipw_rx_frame_decrypt */ 224 static int libipw_is_eapol_frame(struct libipw_device *ieee, 225 struct sk_buff *skb) 226 { 227 struct net_device *dev = ieee->dev; 228 u16 fc, ethertype; 229 struct libipw_hdr_3addr *hdr; 230 u8 *pos; 231 232 if (skb->len < 24) 233 return 0; 234 235 hdr = (struct libipw_hdr_3addr *)skb->data; 236 fc = le16_to_cpu(hdr->frame_ctl); 237 238 /* check that the frame is unicast frame to us */ 239 if ((fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) == 240 IEEE80211_FCTL_TODS && 241 ether_addr_equal(hdr->addr1, dev->dev_addr) && 242 ether_addr_equal(hdr->addr3, dev->dev_addr)) { 243 /* ToDS frame with own addr BSSID and DA */ 244 } else if ((fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) == 245 IEEE80211_FCTL_FROMDS && 246 ether_addr_equal(hdr->addr1, dev->dev_addr)) { 247 /* FromDS frame with own addr as DA */ 248 } else 249 return 0; 250 251 if (skb->len < 24 + 8) 252 return 0; 253 254 /* check for port access entity Ethernet type */ 255 pos = skb->data + 24; 256 ethertype = (pos[6] << 8) | pos[7]; 257 if (ethertype == ETH_P_PAE) 258 return 1; 259 260 return 0; 261 } 262 263 /* Called only as a tasklet (software IRQ), by libipw_rx */ 264 static int 265 libipw_rx_frame_decrypt(struct libipw_device *ieee, struct sk_buff *skb, 266 struct libipw_crypt_data *crypt) 267 { 268 struct libipw_hdr_3addr *hdr; 269 int res, hdrlen; 270 271 if (crypt == NULL || crypt->ops->decrypt_mpdu == NULL) 272 return 0; 273 274 hdr = (struct libipw_hdr_3addr *)skb->data; 275 hdrlen = libipw_get_hdrlen(le16_to_cpu(hdr->frame_ctl)); 276 277 atomic_inc(&crypt->refcnt); 278 res = crypt->ops->decrypt_mpdu(skb, hdrlen, crypt->priv); 279 atomic_dec(&crypt->refcnt); 280 if (res < 0) { 281 LIBIPW_DEBUG_DROP("decryption failed (SA=%pM) res=%d\n", 282 hdr->addr2, res); 283 if (res == -2) 284 LIBIPW_DEBUG_DROP("Decryption failed ICV " 285 "mismatch (key %d)\n", 286 skb->data[hdrlen + 3] >> 6); 287 ieee->ieee_stats.rx_discards_undecryptable++; 288 return -1; 289 } 290 291 return res; 292 } 293 294 /* Called only as a tasklet (software IRQ), by libipw_rx */ 295 static int 296 libipw_rx_frame_decrypt_msdu(struct libipw_device *ieee, 297 struct sk_buff *skb, int keyidx, 298 struct libipw_crypt_data *crypt) 299 { 300 struct libipw_hdr_3addr *hdr; 301 int res, hdrlen; 302 303 if (crypt == NULL || crypt->ops->decrypt_msdu == NULL) 304 return 0; 305 306 hdr = (struct libipw_hdr_3addr *)skb->data; 307 hdrlen = libipw_get_hdrlen(le16_to_cpu(hdr->frame_ctl)); 308 309 atomic_inc(&crypt->refcnt); 310 res = crypt->ops->decrypt_msdu(skb, keyidx, hdrlen, crypt->priv); 311 atomic_dec(&crypt->refcnt); 312 if (res < 0) { 313 printk(KERN_DEBUG "%s: MSDU decryption/MIC verification failed" 314 " (SA=%pM keyidx=%d)\n", ieee->dev->name, hdr->addr2, 315 keyidx); 316 return -1; 317 } 318 319 return 0; 320 } 321 322 /* All received frames are sent to this function. @skb contains the frame in 323 * IEEE 802.11 format, i.e., in the format it was sent over air. 324 * This function is called only as a tasklet (software IRQ). */ 325 int libipw_rx(struct libipw_device *ieee, struct sk_buff *skb, 326 struct libipw_rx_stats *rx_stats) 327 { 328 struct net_device *dev = ieee->dev; 329 struct libipw_hdr_4addr *hdr; 330 size_t hdrlen; 331 u16 fc, type, stype, sc; 332 unsigned int frag; 333 u8 *payload; 334 u16 ethertype; 335 #ifdef NOT_YET 336 struct net_device *wds = NULL; 337 struct sk_buff *skb2 = NULL; 338 struct net_device *wds = NULL; 339 int frame_authorized = 0; 340 int from_assoc_ap = 0; 341 void *sta = NULL; 342 #endif 343 u8 dst[ETH_ALEN]; 344 u8 src[ETH_ALEN]; 345 struct libipw_crypt_data *crypt = NULL; 346 int keyidx = 0; 347 int can_be_decrypted = 0; 348 349 hdr = (struct libipw_hdr_4addr *)skb->data; 350 if (skb->len < 10) { 351 printk(KERN_INFO "%s: SKB length < 10\n", dev->name); 352 goto rx_dropped; 353 } 354 355 fc = le16_to_cpu(hdr->frame_ctl); 356 type = WLAN_FC_GET_TYPE(fc); 357 stype = WLAN_FC_GET_STYPE(fc); 358 sc = le16_to_cpu(hdr->seq_ctl); 359 frag = WLAN_GET_SEQ_FRAG(sc); 360 hdrlen = libipw_get_hdrlen(fc); 361 362 if (skb->len < hdrlen) { 363 printk(KERN_INFO "%s: invalid SKB length %d\n", 364 dev->name, skb->len); 365 goto rx_dropped; 366 } 367 368 /* Put this code here so that we avoid duplicating it in all 369 * Rx paths. - Jean II */ 370 #ifdef CONFIG_WIRELESS_EXT 371 #ifdef IW_WIRELESS_SPY /* defined in iw_handler.h */ 372 /* If spy monitoring on */ 373 if (ieee->spy_data.spy_number > 0) { 374 struct iw_quality wstats; 375 376 wstats.updated = 0; 377 if (rx_stats->mask & LIBIPW_STATMASK_RSSI) { 378 wstats.level = rx_stats->signal; 379 wstats.updated |= IW_QUAL_LEVEL_UPDATED; 380 } else 381 wstats.updated |= IW_QUAL_LEVEL_INVALID; 382 383 if (rx_stats->mask & LIBIPW_STATMASK_NOISE) { 384 wstats.noise = rx_stats->noise; 385 wstats.updated |= IW_QUAL_NOISE_UPDATED; 386 } else 387 wstats.updated |= IW_QUAL_NOISE_INVALID; 388 389 if (rx_stats->mask & LIBIPW_STATMASK_SIGNAL) { 390 wstats.qual = rx_stats->signal; 391 wstats.updated |= IW_QUAL_QUAL_UPDATED; 392 } else 393 wstats.updated |= IW_QUAL_QUAL_INVALID; 394 395 /* Update spy records */ 396 libipw_spy_update(ieee->dev, hdr->addr2, &wstats); 397 } 398 #endif /* IW_WIRELESS_SPY */ 399 #endif /* CONFIG_WIRELESS_EXT */ 400 401 #ifdef NOT_YET 402 hostap_update_rx_stats(local->ap, hdr, rx_stats); 403 #endif 404 405 if (ieee->iw_mode == IW_MODE_MONITOR) { 406 dev->stats.rx_packets++; 407 dev->stats.rx_bytes += skb->len; 408 libipw_monitor_rx(ieee, skb, rx_stats); 409 return 1; 410 } 411 412 can_be_decrypted = (is_multicast_ether_addr(hdr->addr1) || 413 is_broadcast_ether_addr(hdr->addr2)) ? 414 ieee->host_mc_decrypt : ieee->host_decrypt; 415 416 if (can_be_decrypted) { 417 if (skb->len >= hdrlen + 3) { 418 /* Top two-bits of byte 3 are the key index */ 419 keyidx = skb->data[hdrlen + 3] >> 6; 420 } 421 422 /* ieee->crypt[] is WEP_KEY (4) in length. Given that keyidx 423 * is only allowed 2-bits of storage, no value of keyidx can 424 * be provided via above code that would result in keyidx 425 * being out of range */ 426 crypt = ieee->crypt_info.crypt[keyidx]; 427 428 #ifdef NOT_YET 429 sta = NULL; 430 431 /* Use station specific key to override default keys if the 432 * receiver address is a unicast address ("individual RA"). If 433 * bcrx_sta_key parameter is set, station specific key is used 434 * even with broad/multicast targets (this is against IEEE 435 * 802.11, but makes it easier to use different keys with 436 * stations that do not support WEP key mapping). */ 437 438 if (is_unicast_ether_addr(hdr->addr1) || local->bcrx_sta_key) 439 (void)hostap_handle_sta_crypto(local, hdr, &crypt, 440 &sta); 441 #endif 442 443 /* allow NULL decrypt to indicate an station specific override 444 * for default encryption */ 445 if (crypt && (crypt->ops == NULL || 446 crypt->ops->decrypt_mpdu == NULL)) 447 crypt = NULL; 448 449 if (!crypt && (fc & IEEE80211_FCTL_PROTECTED)) { 450 /* This seems to be triggered by some (multicast?) 451 * frames from other than current BSS, so just drop the 452 * frames silently instead of filling system log with 453 * these reports. */ 454 LIBIPW_DEBUG_DROP("Decryption failed (not set)" 455 " (SA=%pM)\n", hdr->addr2); 456 ieee->ieee_stats.rx_discards_undecryptable++; 457 goto rx_dropped; 458 } 459 } 460 #ifdef NOT_YET 461 if (type != WLAN_FC_TYPE_DATA) { 462 if (type == WLAN_FC_TYPE_MGMT && stype == WLAN_FC_STYPE_AUTH && 463 fc & IEEE80211_FCTL_PROTECTED && ieee->host_decrypt && 464 (keyidx = hostap_rx_frame_decrypt(ieee, skb, crypt)) < 0) { 465 printk(KERN_DEBUG "%s: failed to decrypt mgmt::auth " 466 "from %pM\n", dev->name, hdr->addr2); 467 /* TODO: could inform hostapd about this so that it 468 * could send auth failure report */ 469 goto rx_dropped; 470 } 471 472 if (libipw_rx_frame_mgmt(ieee, skb, rx_stats, type, stype)) 473 goto rx_dropped; 474 else 475 goto rx_exit; 476 } 477 #endif 478 /* drop duplicate 802.11 retransmissions (IEEE 802.11 Chap. 9.29) */ 479 if (sc == ieee->prev_seq_ctl) 480 goto rx_dropped; 481 else 482 ieee->prev_seq_ctl = sc; 483 484 /* Data frame - extract src/dst addresses */ 485 if (skb->len < LIBIPW_3ADDR_LEN) 486 goto rx_dropped; 487 488 switch (fc & (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) { 489 case IEEE80211_FCTL_FROMDS: 490 memcpy(dst, hdr->addr1, ETH_ALEN); 491 memcpy(src, hdr->addr3, ETH_ALEN); 492 break; 493 case IEEE80211_FCTL_TODS: 494 memcpy(dst, hdr->addr3, ETH_ALEN); 495 memcpy(src, hdr->addr2, ETH_ALEN); 496 break; 497 case IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS: 498 if (skb->len < LIBIPW_4ADDR_LEN) 499 goto rx_dropped; 500 memcpy(dst, hdr->addr3, ETH_ALEN); 501 memcpy(src, hdr->addr4, ETH_ALEN); 502 break; 503 default: 504 memcpy(dst, hdr->addr1, ETH_ALEN); 505 memcpy(src, hdr->addr2, ETH_ALEN); 506 break; 507 } 508 509 #ifdef NOT_YET 510 if (hostap_rx_frame_wds(ieee, hdr, fc, &wds)) 511 goto rx_dropped; 512 if (wds) { 513 skb->dev = dev = wds; 514 stats = hostap_get_stats(dev); 515 } 516 517 if (ieee->iw_mode == IW_MODE_MASTER && !wds && 518 (fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) == 519 IEEE80211_FCTL_FROMDS && ieee->stadev && 520 ether_addr_equal(hdr->addr2, ieee->assoc_ap_addr)) { 521 /* Frame from BSSID of the AP for which we are a client */ 522 skb->dev = dev = ieee->stadev; 523 stats = hostap_get_stats(dev); 524 from_assoc_ap = 1; 525 } 526 #endif 527 528 #ifdef NOT_YET 529 if ((ieee->iw_mode == IW_MODE_MASTER || 530 ieee->iw_mode == IW_MODE_REPEAT) && !from_assoc_ap) { 531 switch (hostap_handle_sta_rx(ieee, dev, skb, rx_stats, 532 wds != NULL)) { 533 case AP_RX_CONTINUE_NOT_AUTHORIZED: 534 frame_authorized = 0; 535 break; 536 case AP_RX_CONTINUE: 537 frame_authorized = 1; 538 break; 539 case AP_RX_DROP: 540 goto rx_dropped; 541 case AP_RX_EXIT: 542 goto rx_exit; 543 } 544 } 545 #endif 546 547 /* Nullfunc frames may have PS-bit set, so they must be passed to 548 * hostap_handle_sta_rx() before being dropped here. */ 549 550 stype &= ~IEEE80211_STYPE_QOS_DATA; 551 552 if (stype != IEEE80211_STYPE_DATA && 553 stype != IEEE80211_STYPE_DATA_CFACK && 554 stype != IEEE80211_STYPE_DATA_CFPOLL && 555 stype != IEEE80211_STYPE_DATA_CFACKPOLL) { 556 if (stype != IEEE80211_STYPE_NULLFUNC) 557 LIBIPW_DEBUG_DROP("RX: dropped data frame " 558 "with no data (type=0x%02x, " 559 "subtype=0x%02x, len=%d)\n", 560 type, stype, skb->len); 561 goto rx_dropped; 562 } 563 564 /* skb: hdr + (possibly fragmented, possibly encrypted) payload */ 565 566 if ((fc & IEEE80211_FCTL_PROTECTED) && can_be_decrypted && 567 (keyidx = libipw_rx_frame_decrypt(ieee, skb, crypt)) < 0) 568 goto rx_dropped; 569 570 hdr = (struct libipw_hdr_4addr *)skb->data; 571 572 /* skb: hdr + (possibly fragmented) plaintext payload */ 573 // PR: FIXME: hostap has additional conditions in the "if" below: 574 // ieee->host_decrypt && (fc & IEEE80211_FCTL_PROTECTED) && 575 if ((frag != 0) || (fc & IEEE80211_FCTL_MOREFRAGS)) { 576 int flen; 577 struct sk_buff *frag_skb = libipw_frag_cache_get(ieee, hdr); 578 LIBIPW_DEBUG_FRAG("Rx Fragment received (%u)\n", frag); 579 580 if (!frag_skb) { 581 LIBIPW_DEBUG(LIBIPW_DL_RX | LIBIPW_DL_FRAG, 582 "Rx cannot get skb from fragment " 583 "cache (morefrag=%d seq=%u frag=%u)\n", 584 (fc & IEEE80211_FCTL_MOREFRAGS) != 0, 585 WLAN_GET_SEQ_SEQ(sc), frag); 586 goto rx_dropped; 587 } 588 589 flen = skb->len; 590 if (frag != 0) 591 flen -= hdrlen; 592 593 if (frag_skb->tail + flen > frag_skb->end) { 594 printk(KERN_WARNING "%s: host decrypted and " 595 "reassembled frame did not fit skb\n", 596 dev->name); 597 libipw_frag_cache_invalidate(ieee, hdr); 598 goto rx_dropped; 599 } 600 601 if (frag == 0) { 602 /* copy first fragment (including full headers) into 603 * beginning of the fragment cache skb */ 604 skb_copy_from_linear_data(skb, skb_put(frag_skb, flen), flen); 605 } else { 606 /* append frame payload to the end of the fragment 607 * cache skb */ 608 skb_copy_from_linear_data_offset(skb, hdrlen, 609 skb_put(frag_skb, flen), flen); 610 } 611 dev_kfree_skb_any(skb); 612 skb = NULL; 613 614 if (fc & IEEE80211_FCTL_MOREFRAGS) { 615 /* more fragments expected - leave the skb in fragment 616 * cache for now; it will be delivered to upper layers 617 * after all fragments have been received */ 618 goto rx_exit; 619 } 620 621 /* this was the last fragment and the frame will be 622 * delivered, so remove skb from fragment cache */ 623 skb = frag_skb; 624 hdr = (struct libipw_hdr_4addr *)skb->data; 625 libipw_frag_cache_invalidate(ieee, hdr); 626 } 627 628 /* skb: hdr + (possible reassembled) full MSDU payload; possibly still 629 * encrypted/authenticated */ 630 if ((fc & IEEE80211_FCTL_PROTECTED) && can_be_decrypted && 631 libipw_rx_frame_decrypt_msdu(ieee, skb, keyidx, crypt)) 632 goto rx_dropped; 633 634 hdr = (struct libipw_hdr_4addr *)skb->data; 635 if (crypt && !(fc & IEEE80211_FCTL_PROTECTED) && !ieee->open_wep) { 636 if ( /*ieee->ieee802_1x && */ 637 libipw_is_eapol_frame(ieee, skb)) { 638 /* pass unencrypted EAPOL frames even if encryption is 639 * configured */ 640 } else { 641 LIBIPW_DEBUG_DROP("encryption configured, but RX " 642 "frame not encrypted (SA=%pM)\n", 643 hdr->addr2); 644 goto rx_dropped; 645 } 646 } 647 648 if (crypt && !(fc & IEEE80211_FCTL_PROTECTED) && !ieee->open_wep && 649 !libipw_is_eapol_frame(ieee, skb)) { 650 LIBIPW_DEBUG_DROP("dropped unencrypted RX data " 651 "frame from %pM (drop_unencrypted=1)\n", 652 hdr->addr2); 653 goto rx_dropped; 654 } 655 656 /* If the frame was decrypted in hardware, we may need to strip off 657 * any security data (IV, ICV, etc) that was left behind */ 658 if (!can_be_decrypted && (fc & IEEE80211_FCTL_PROTECTED) && 659 ieee->host_strip_iv_icv) { 660 int trimlen = 0; 661 662 /* Top two-bits of byte 3 are the key index */ 663 if (skb->len >= hdrlen + 3) 664 keyidx = skb->data[hdrlen + 3] >> 6; 665 666 /* To strip off any security data which appears before the 667 * payload, we simply increase hdrlen (as the header gets 668 * chopped off immediately below). For the security data which 669 * appears after the payload, we use skb_trim. */ 670 671 switch (ieee->sec.encode_alg[keyidx]) { 672 case SEC_ALG_WEP: 673 /* 4 byte IV */ 674 hdrlen += 4; 675 /* 4 byte ICV */ 676 trimlen = 4; 677 break; 678 case SEC_ALG_TKIP: 679 /* 4 byte IV, 4 byte ExtIV */ 680 hdrlen += 8; 681 /* 8 byte MIC, 4 byte ICV */ 682 trimlen = 12; 683 break; 684 case SEC_ALG_CCMP: 685 /* 8 byte CCMP header */ 686 hdrlen += 8; 687 /* 8 byte MIC */ 688 trimlen = 8; 689 break; 690 } 691 692 if (skb->len < trimlen) 693 goto rx_dropped; 694 695 __skb_trim(skb, skb->len - trimlen); 696 697 if (skb->len < hdrlen) 698 goto rx_dropped; 699 } 700 701 /* skb: hdr + (possible reassembled) full plaintext payload */ 702 703 payload = skb->data + hdrlen; 704 ethertype = (payload[6] << 8) | payload[7]; 705 706 #ifdef NOT_YET 707 /* If IEEE 802.1X is used, check whether the port is authorized to send 708 * the received frame. */ 709 if (ieee->ieee802_1x && ieee->iw_mode == IW_MODE_MASTER) { 710 if (ethertype == ETH_P_PAE) { 711 printk(KERN_DEBUG "%s: RX: IEEE 802.1X frame\n", 712 dev->name); 713 if (ieee->hostapd && ieee->apdev) { 714 /* Send IEEE 802.1X frames to the user 715 * space daemon for processing */ 716 prism2_rx_80211(ieee->apdev, skb, rx_stats, 717 PRISM2_RX_MGMT); 718 ieee->apdevstats.rx_packets++; 719 ieee->apdevstats.rx_bytes += skb->len; 720 goto rx_exit; 721 } 722 } else if (!frame_authorized) { 723 printk(KERN_DEBUG "%s: dropped frame from " 724 "unauthorized port (IEEE 802.1X): " 725 "ethertype=0x%04x\n", dev->name, ethertype); 726 goto rx_dropped; 727 } 728 } 729 #endif 730 731 /* convert hdr + possible LLC headers into Ethernet header */ 732 if (skb->len - hdrlen >= 8 && 733 ((memcmp(payload, libipw_rfc1042_header, SNAP_SIZE) == 0 && 734 ethertype != ETH_P_AARP && ethertype != ETH_P_IPX) || 735 memcmp(payload, libipw_bridge_tunnel_header, SNAP_SIZE) == 0)) { 736 /* remove RFC1042 or Bridge-Tunnel encapsulation and 737 * replace EtherType */ 738 skb_pull(skb, hdrlen + SNAP_SIZE); 739 memcpy(skb_push(skb, ETH_ALEN), src, ETH_ALEN); 740 memcpy(skb_push(skb, ETH_ALEN), dst, ETH_ALEN); 741 } else { 742 __be16 len; 743 /* Leave Ethernet header part of hdr and full payload */ 744 skb_pull(skb, hdrlen); 745 len = htons(skb->len); 746 memcpy(skb_push(skb, 2), &len, 2); 747 memcpy(skb_push(skb, ETH_ALEN), src, ETH_ALEN); 748 memcpy(skb_push(skb, ETH_ALEN), dst, ETH_ALEN); 749 } 750 751 #ifdef NOT_YET 752 if (wds && ((fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) == 753 IEEE80211_FCTL_TODS) && skb->len >= ETH_HLEN + ETH_ALEN) { 754 /* Non-standard frame: get addr4 from its bogus location after 755 * the payload */ 756 skb_copy_to_linear_data_offset(skb, ETH_ALEN, 757 skb->data + skb->len - ETH_ALEN, 758 ETH_ALEN); 759 skb_trim(skb, skb->len - ETH_ALEN); 760 } 761 #endif 762 763 dev->stats.rx_packets++; 764 dev->stats.rx_bytes += skb->len; 765 766 #ifdef NOT_YET 767 if (ieee->iw_mode == IW_MODE_MASTER && !wds && ieee->ap->bridge_packets) { 768 if (is_multicast_ether_addr(dst)) { 769 /* copy multicast frame both to the higher layers and 770 * to the wireless media */ 771 ieee->ap->bridged_multicast++; 772 skb2 = skb_clone(skb, GFP_ATOMIC); 773 if (skb2 == NULL) 774 printk(KERN_DEBUG "%s: skb_clone failed for " 775 "multicast frame\n", dev->name); 776 } else if (hostap_is_sta_assoc(ieee->ap, dst)) { 777 /* send frame directly to the associated STA using 778 * wireless media and not passing to higher layers */ 779 ieee->ap->bridged_unicast++; 780 skb2 = skb; 781 skb = NULL; 782 } 783 } 784 785 if (skb2 != NULL) { 786 /* send to wireless media */ 787 skb2->dev = dev; 788 skb2->protocol = htons(ETH_P_802_3); 789 skb_reset_mac_header(skb2); 790 skb_reset_network_header(skb2); 791 /* skb2->network_header += ETH_HLEN; */ 792 dev_queue_xmit(skb2); 793 } 794 #endif 795 796 if (skb) { 797 skb->protocol = eth_type_trans(skb, dev); 798 memset(skb->cb, 0, sizeof(skb->cb)); 799 skb->ip_summed = CHECKSUM_NONE; /* 802.11 crc not sufficient */ 800 if (netif_rx(skb) == NET_RX_DROP) { 801 /* netif_rx always succeeds, but it might drop 802 * the packet. If it drops the packet, we log that 803 * in our stats. */ 804 LIBIPW_DEBUG_DROP 805 ("RX: netif_rx dropped the packet\n"); 806 dev->stats.rx_dropped++; 807 } 808 } 809 810 rx_exit: 811 #ifdef NOT_YET 812 if (sta) 813 hostap_handle_sta_release(sta); 814 #endif 815 return 1; 816 817 rx_dropped: 818 dev->stats.rx_dropped++; 819 820 /* Returning 0 indicates to caller that we have not handled the SKB-- 821 * so it is still allocated and can be used again by underlying 822 * hardware as a DMA target */ 823 return 0; 824 } 825 826 #define MGMT_FRAME_FIXED_PART_LENGTH 0x24 827 828 static u8 qos_oui[QOS_OUI_LEN] = { 0x00, 0x50, 0xF2 }; 829 830 /* 831 * Make the structure we read from the beacon packet to have 832 * the right values 833 */ 834 static int libipw_verify_qos_info(struct libipw_qos_information_element 835 *info_element, int sub_type) 836 { 837 if (info_element->elementID != QOS_ELEMENT_ID) 838 return -1; 839 if (info_element->qui_subtype != sub_type) 840 return -1; 841 if (memcmp(info_element->qui, qos_oui, QOS_OUI_LEN)) 842 return -1; 843 if (info_element->qui_type != QOS_OUI_TYPE) 844 return -1; 845 if (info_element->version != QOS_VERSION_1) 846 return -1; 847 848 return 0; 849 } 850 851 /* 852 * Parse a QoS parameter element 853 */ 854 static int libipw_read_qos_param_element( 855 struct libipw_qos_parameter_info *element_param, 856 struct libipw_info_element *info_element) 857 { 858 size_t size = sizeof(*element_param); 859 860 if (!element_param || !info_element || info_element->len != size - 2) 861 return -1; 862 863 memcpy(element_param, info_element, size); 864 return libipw_verify_qos_info(&element_param->info_element, 865 QOS_OUI_PARAM_SUB_TYPE); 866 } 867 868 /* 869 * Parse a QoS information element 870 */ 871 static int libipw_read_qos_info_element( 872 struct libipw_qos_information_element *element_info, 873 struct libipw_info_element *info_element) 874 { 875 size_t size = sizeof(struct libipw_qos_information_element) - 2; 876 877 if (!element_info || !info_element || info_element->len != size - 2) 878 return -1; 879 880 memcpy(element_info, info_element, size); 881 return libipw_verify_qos_info(element_info, QOS_OUI_INFO_SUB_TYPE); 882 } 883 884 /* 885 * Write QoS parameters from the ac parameters. 886 */ 887 static void libipw_qos_convert_ac_to_parameters(struct 888 libipw_qos_parameter_info 889 *param_elm, struct 890 libipw_qos_parameters 891 *qos_param) 892 { 893 int i; 894 struct libipw_qos_ac_parameter *ac_params; 895 u32 txop; 896 u8 cw_min; 897 u8 cw_max; 898 899 for (i = 0; i < QOS_QUEUE_NUM; i++) { 900 ac_params = &(param_elm->ac_params_record[i]); 901 902 qos_param->aifs[i] = (ac_params->aci_aifsn) & 0x0F; 903 qos_param->aifs[i] -= (qos_param->aifs[i] < 2) ? 0 : 2; 904 905 cw_min = ac_params->ecw_min_max & 0x0F; 906 qos_param->cw_min[i] = cpu_to_le16((1 << cw_min) - 1); 907 908 cw_max = (ac_params->ecw_min_max & 0xF0) >> 4; 909 qos_param->cw_max[i] = cpu_to_le16((1 << cw_max) - 1); 910 911 qos_param->flag[i] = 912 (ac_params->aci_aifsn & 0x10) ? 0x01 : 0x00; 913 914 txop = le16_to_cpu(ac_params->tx_op_limit) * 32; 915 qos_param->tx_op_limit[i] = cpu_to_le16(txop); 916 } 917 } 918 919 /* 920 * we have a generic data element which it may contain QoS information or 921 * parameters element. check the information element length to decide 922 * which type to read 923 */ 924 static int libipw_parse_qos_info_param_IE(struct libipw_info_element 925 *info_element, 926 struct libipw_network *network) 927 { 928 int rc = 0; 929 struct libipw_qos_parameters *qos_param = NULL; 930 struct libipw_qos_information_element qos_info_element; 931 932 rc = libipw_read_qos_info_element(&qos_info_element, info_element); 933 934 if (rc == 0) { 935 network->qos_data.param_count = qos_info_element.ac_info & 0x0F; 936 network->flags |= NETWORK_HAS_QOS_INFORMATION; 937 } else { 938 struct libipw_qos_parameter_info param_element; 939 940 rc = libipw_read_qos_param_element(¶m_element, 941 info_element); 942 if (rc == 0) { 943 qos_param = &(network->qos_data.parameters); 944 libipw_qos_convert_ac_to_parameters(¶m_element, 945 qos_param); 946 network->flags |= NETWORK_HAS_QOS_PARAMETERS; 947 network->qos_data.param_count = 948 param_element.info_element.ac_info & 0x0F; 949 } 950 } 951 952 if (rc == 0) { 953 LIBIPW_DEBUG_QOS("QoS is supported\n"); 954 network->qos_data.supported = 1; 955 } 956 return rc; 957 } 958 959 #ifdef CONFIG_LIBIPW_DEBUG 960 #define MFIE_STRING(x) case WLAN_EID_ ##x: return #x 961 962 static const char *get_info_element_string(u16 id) 963 { 964 switch (id) { 965 MFIE_STRING(SSID); 966 MFIE_STRING(SUPP_RATES); 967 MFIE_STRING(FH_PARAMS); 968 MFIE_STRING(DS_PARAMS); 969 MFIE_STRING(CF_PARAMS); 970 MFIE_STRING(TIM); 971 MFIE_STRING(IBSS_PARAMS); 972 MFIE_STRING(COUNTRY); 973 MFIE_STRING(REQUEST); 974 MFIE_STRING(CHALLENGE); 975 MFIE_STRING(PWR_CONSTRAINT); 976 MFIE_STRING(PWR_CAPABILITY); 977 MFIE_STRING(TPC_REQUEST); 978 MFIE_STRING(TPC_REPORT); 979 MFIE_STRING(SUPPORTED_CHANNELS); 980 MFIE_STRING(CHANNEL_SWITCH); 981 MFIE_STRING(MEASURE_REQUEST); 982 MFIE_STRING(MEASURE_REPORT); 983 MFIE_STRING(QUIET); 984 MFIE_STRING(IBSS_DFS); 985 MFIE_STRING(ERP_INFO); 986 MFIE_STRING(RSN); 987 MFIE_STRING(EXT_SUPP_RATES); 988 MFIE_STRING(VENDOR_SPECIFIC); 989 MFIE_STRING(QOS_PARAMETER); 990 default: 991 return "UNKNOWN"; 992 } 993 } 994 #endif 995 996 static int libipw_parse_info_param(struct libipw_info_element 997 *info_element, u16 length, 998 struct libipw_network *network) 999 { 1000 u8 i; 1001 #ifdef CONFIG_LIBIPW_DEBUG 1002 char rates_str[64]; 1003 char *p; 1004 #endif 1005 1006 while (length >= sizeof(*info_element)) { 1007 if (sizeof(*info_element) + info_element->len > length) { 1008 LIBIPW_DEBUG_MGMT("Info elem: parse failed: " 1009 "info_element->len + 2 > left : " 1010 "info_element->len+2=%zd left=%d, id=%d.\n", 1011 info_element->len + 1012 sizeof(*info_element), 1013 length, info_element->id); 1014 /* We stop processing but don't return an error here 1015 * because some misbehaviour APs break this rule. ie. 1016 * Orinoco AP1000. */ 1017 break; 1018 } 1019 1020 switch (info_element->id) { 1021 case WLAN_EID_SSID: 1022 network->ssid_len = min(info_element->len, 1023 (u8) IW_ESSID_MAX_SIZE); 1024 memcpy(network->ssid, info_element->data, 1025 network->ssid_len); 1026 if (network->ssid_len < IW_ESSID_MAX_SIZE) 1027 memset(network->ssid + network->ssid_len, 0, 1028 IW_ESSID_MAX_SIZE - network->ssid_len); 1029 1030 LIBIPW_DEBUG_MGMT("WLAN_EID_SSID: '%*pE' len=%d.\n", 1031 network->ssid_len, network->ssid, 1032 network->ssid_len); 1033 break; 1034 1035 case WLAN_EID_SUPP_RATES: 1036 #ifdef CONFIG_LIBIPW_DEBUG 1037 p = rates_str; 1038 #endif 1039 network->rates_len = min(info_element->len, 1040 MAX_RATES_LENGTH); 1041 for (i = 0; i < network->rates_len; i++) { 1042 network->rates[i] = info_element->data[i]; 1043 #ifdef CONFIG_LIBIPW_DEBUG 1044 p += scnprintf(p, sizeof(rates_str) - 1045 (p - rates_str), "%02X ", 1046 network->rates[i]); 1047 #endif 1048 if (libipw_is_ofdm_rate 1049 (info_element->data[i])) { 1050 network->flags |= NETWORK_HAS_OFDM; 1051 if (info_element->data[i] & 1052 LIBIPW_BASIC_RATE_MASK) 1053 network->flags &= 1054 ~NETWORK_HAS_CCK; 1055 } 1056 } 1057 1058 LIBIPW_DEBUG_MGMT("WLAN_EID_SUPP_RATES: '%s' (%d)\n", 1059 rates_str, network->rates_len); 1060 break; 1061 1062 case WLAN_EID_EXT_SUPP_RATES: 1063 #ifdef CONFIG_LIBIPW_DEBUG 1064 p = rates_str; 1065 #endif 1066 network->rates_ex_len = min(info_element->len, 1067 MAX_RATES_EX_LENGTH); 1068 for (i = 0; i < network->rates_ex_len; i++) { 1069 network->rates_ex[i] = info_element->data[i]; 1070 #ifdef CONFIG_LIBIPW_DEBUG 1071 p += scnprintf(p, sizeof(rates_str) - 1072 (p - rates_str), "%02X ", 1073 network->rates_ex[i]); 1074 #endif 1075 if (libipw_is_ofdm_rate 1076 (info_element->data[i])) { 1077 network->flags |= NETWORK_HAS_OFDM; 1078 if (info_element->data[i] & 1079 LIBIPW_BASIC_RATE_MASK) 1080 network->flags &= 1081 ~NETWORK_HAS_CCK; 1082 } 1083 } 1084 1085 LIBIPW_DEBUG_MGMT("WLAN_EID_EXT_SUPP_RATES: '%s' (%d)\n", 1086 rates_str, network->rates_ex_len); 1087 break; 1088 1089 case WLAN_EID_DS_PARAMS: 1090 LIBIPW_DEBUG_MGMT("WLAN_EID_DS_PARAMS: %d\n", 1091 info_element->data[0]); 1092 network->channel = info_element->data[0]; 1093 break; 1094 1095 case WLAN_EID_FH_PARAMS: 1096 LIBIPW_DEBUG_MGMT("WLAN_EID_FH_PARAMS: ignored\n"); 1097 break; 1098 1099 case WLAN_EID_CF_PARAMS: 1100 LIBIPW_DEBUG_MGMT("WLAN_EID_CF_PARAMS: ignored\n"); 1101 break; 1102 1103 case WLAN_EID_TIM: 1104 network->tim.tim_count = info_element->data[0]; 1105 network->tim.tim_period = info_element->data[1]; 1106 LIBIPW_DEBUG_MGMT("WLAN_EID_TIM: partially ignored\n"); 1107 break; 1108 1109 case WLAN_EID_ERP_INFO: 1110 network->erp_value = info_element->data[0]; 1111 network->flags |= NETWORK_HAS_ERP_VALUE; 1112 LIBIPW_DEBUG_MGMT("MFIE_TYPE_ERP_SET: %d\n", 1113 network->erp_value); 1114 break; 1115 1116 case WLAN_EID_IBSS_PARAMS: 1117 network->atim_window = info_element->data[0]; 1118 LIBIPW_DEBUG_MGMT("WLAN_EID_IBSS_PARAMS: %d\n", 1119 network->atim_window); 1120 break; 1121 1122 case WLAN_EID_CHALLENGE: 1123 LIBIPW_DEBUG_MGMT("WLAN_EID_CHALLENGE: ignored\n"); 1124 break; 1125 1126 case WLAN_EID_VENDOR_SPECIFIC: 1127 LIBIPW_DEBUG_MGMT("WLAN_EID_VENDOR_SPECIFIC: %d bytes\n", 1128 info_element->len); 1129 if (!libipw_parse_qos_info_param_IE(info_element, 1130 network)) 1131 break; 1132 1133 if (info_element->len >= 4 && 1134 info_element->data[0] == 0x00 && 1135 info_element->data[1] == 0x50 && 1136 info_element->data[2] == 0xf2 && 1137 info_element->data[3] == 0x01) { 1138 network->wpa_ie_len = min(info_element->len + 2, 1139 MAX_WPA_IE_LEN); 1140 memcpy(network->wpa_ie, info_element, 1141 network->wpa_ie_len); 1142 } 1143 break; 1144 1145 case WLAN_EID_RSN: 1146 LIBIPW_DEBUG_MGMT("WLAN_EID_RSN: %d bytes\n", 1147 info_element->len); 1148 network->rsn_ie_len = min(info_element->len + 2, 1149 MAX_WPA_IE_LEN); 1150 memcpy(network->rsn_ie, info_element, 1151 network->rsn_ie_len); 1152 break; 1153 1154 case WLAN_EID_QOS_PARAMETER: 1155 printk(KERN_ERR 1156 "QoS Error need to parse QOS_PARAMETER IE\n"); 1157 break; 1158 /* 802.11h */ 1159 case WLAN_EID_PWR_CONSTRAINT: 1160 network->power_constraint = info_element->data[0]; 1161 network->flags |= NETWORK_HAS_POWER_CONSTRAINT; 1162 break; 1163 1164 case WLAN_EID_CHANNEL_SWITCH: 1165 network->power_constraint = info_element->data[0]; 1166 network->flags |= NETWORK_HAS_CSA; 1167 break; 1168 1169 case WLAN_EID_QUIET: 1170 network->quiet.count = info_element->data[0]; 1171 network->quiet.period = info_element->data[1]; 1172 network->quiet.duration = info_element->data[2]; 1173 network->quiet.offset = info_element->data[3]; 1174 network->flags |= NETWORK_HAS_QUIET; 1175 break; 1176 1177 case WLAN_EID_IBSS_DFS: 1178 network->flags |= NETWORK_HAS_IBSS_DFS; 1179 break; 1180 1181 case WLAN_EID_TPC_REPORT: 1182 network->tpc_report.transmit_power = 1183 info_element->data[0]; 1184 network->tpc_report.link_margin = info_element->data[1]; 1185 network->flags |= NETWORK_HAS_TPC_REPORT; 1186 break; 1187 1188 default: 1189 LIBIPW_DEBUG_MGMT 1190 ("Unsupported info element: %s (%d)\n", 1191 get_info_element_string(info_element->id), 1192 info_element->id); 1193 break; 1194 } 1195 1196 length -= sizeof(*info_element) + info_element->len; 1197 info_element = 1198 (struct libipw_info_element *)&info_element-> 1199 data[info_element->len]; 1200 } 1201 1202 return 0; 1203 } 1204 1205 static int libipw_handle_assoc_resp(struct libipw_device *ieee, struct libipw_assoc_response 1206 *frame, struct libipw_rx_stats *stats) 1207 { 1208 struct libipw_network network_resp = { }; 1209 struct libipw_network *network = &network_resp; 1210 struct net_device *dev = ieee->dev; 1211 1212 network->flags = 0; 1213 network->qos_data.active = 0; 1214 network->qos_data.supported = 0; 1215 network->qos_data.param_count = 0; 1216 network->qos_data.old_param_count = 0; 1217 1218 //network->atim_window = le16_to_cpu(frame->aid) & (0x3FFF); 1219 network->atim_window = le16_to_cpu(frame->aid); 1220 network->listen_interval = le16_to_cpu(frame->status); 1221 memcpy(network->bssid, frame->header.addr3, ETH_ALEN); 1222 network->capability = le16_to_cpu(frame->capability); 1223 network->last_scanned = jiffies; 1224 network->rates_len = network->rates_ex_len = 0; 1225 network->last_associate = 0; 1226 network->ssid_len = 0; 1227 network->erp_value = 1228 (network->capability & WLAN_CAPABILITY_IBSS) ? 0x3 : 0x0; 1229 1230 if (stats->freq == LIBIPW_52GHZ_BAND) { 1231 /* for A band (No DS info) */ 1232 network->channel = stats->received_channel; 1233 } else 1234 network->flags |= NETWORK_HAS_CCK; 1235 1236 network->wpa_ie_len = 0; 1237 network->rsn_ie_len = 0; 1238 1239 if (libipw_parse_info_param((void *)frame->variable, 1240 stats->len - sizeof(*frame), network)) 1241 return 1; 1242 1243 network->mode = 0; 1244 if (stats->freq == LIBIPW_52GHZ_BAND) 1245 network->mode = IEEE_A; 1246 else { 1247 if (network->flags & NETWORK_HAS_OFDM) 1248 network->mode |= IEEE_G; 1249 if (network->flags & NETWORK_HAS_CCK) 1250 network->mode |= IEEE_B; 1251 } 1252 1253 memcpy(&network->stats, stats, sizeof(network->stats)); 1254 1255 if (ieee->handle_assoc_response != NULL) 1256 ieee->handle_assoc_response(dev, frame, network); 1257 1258 return 0; 1259 } 1260 1261 /***************************************************/ 1262 1263 static int libipw_network_init(struct libipw_device *ieee, struct libipw_probe_response 1264 *beacon, 1265 struct libipw_network *network, 1266 struct libipw_rx_stats *stats) 1267 { 1268 network->qos_data.active = 0; 1269 network->qos_data.supported = 0; 1270 network->qos_data.param_count = 0; 1271 network->qos_data.old_param_count = 0; 1272 1273 /* Pull out fixed field data */ 1274 memcpy(network->bssid, beacon->header.addr3, ETH_ALEN); 1275 network->capability = le16_to_cpu(beacon->capability); 1276 network->last_scanned = jiffies; 1277 network->time_stamp[0] = le32_to_cpu(beacon->time_stamp[0]); 1278 network->time_stamp[1] = le32_to_cpu(beacon->time_stamp[1]); 1279 network->beacon_interval = le16_to_cpu(beacon->beacon_interval); 1280 /* Where to pull this? beacon->listen_interval; */ 1281 network->listen_interval = 0x0A; 1282 network->rates_len = network->rates_ex_len = 0; 1283 network->last_associate = 0; 1284 network->ssid_len = 0; 1285 network->flags = 0; 1286 network->atim_window = 0; 1287 network->erp_value = (network->capability & WLAN_CAPABILITY_IBSS) ? 1288 0x3 : 0x0; 1289 1290 if (stats->freq == LIBIPW_52GHZ_BAND) { 1291 /* for A band (No DS info) */ 1292 network->channel = stats->received_channel; 1293 } else 1294 network->flags |= NETWORK_HAS_CCK; 1295 1296 network->wpa_ie_len = 0; 1297 network->rsn_ie_len = 0; 1298 1299 if (libipw_parse_info_param((void *)beacon->variable, 1300 stats->len - sizeof(*beacon), network)) 1301 return 1; 1302 1303 network->mode = 0; 1304 if (stats->freq == LIBIPW_52GHZ_BAND) 1305 network->mode = IEEE_A; 1306 else { 1307 if (network->flags & NETWORK_HAS_OFDM) 1308 network->mode |= IEEE_G; 1309 if (network->flags & NETWORK_HAS_CCK) 1310 network->mode |= IEEE_B; 1311 } 1312 1313 if (network->mode == 0) { 1314 LIBIPW_DEBUG_SCAN("Filtered out '%*pE (%pM)' network.\n", 1315 network->ssid_len, network->ssid, 1316 network->bssid); 1317 return 1; 1318 } 1319 1320 memcpy(&network->stats, stats, sizeof(network->stats)); 1321 1322 return 0; 1323 } 1324 1325 static inline int is_same_network(struct libipw_network *src, 1326 struct libipw_network *dst) 1327 { 1328 /* A network is only a duplicate if the channel, BSSID, and ESSID 1329 * all match. We treat all <hidden> with the same BSSID and channel 1330 * as one network */ 1331 return ((src->ssid_len == dst->ssid_len) && 1332 (src->channel == dst->channel) && 1333 ether_addr_equal_64bits(src->bssid, dst->bssid) && 1334 !memcmp(src->ssid, dst->ssid, src->ssid_len)); 1335 } 1336 1337 static void update_network(struct libipw_network *dst, 1338 struct libipw_network *src) 1339 { 1340 int qos_active; 1341 u8 old_param; 1342 1343 /* We only update the statistics if they were created by receiving 1344 * the network information on the actual channel the network is on. 1345 * 1346 * This keeps beacons received on neighbor channels from bringing 1347 * down the signal level of an AP. */ 1348 if (dst->channel == src->stats.received_channel) 1349 memcpy(&dst->stats, &src->stats, 1350 sizeof(struct libipw_rx_stats)); 1351 else 1352 LIBIPW_DEBUG_SCAN("Network %pM info received " 1353 "off channel (%d vs. %d)\n", src->bssid, 1354 dst->channel, src->stats.received_channel); 1355 1356 dst->capability = src->capability; 1357 memcpy(dst->rates, src->rates, src->rates_len); 1358 dst->rates_len = src->rates_len; 1359 memcpy(dst->rates_ex, src->rates_ex, src->rates_ex_len); 1360 dst->rates_ex_len = src->rates_ex_len; 1361 1362 dst->mode = src->mode; 1363 dst->flags = src->flags; 1364 dst->time_stamp[0] = src->time_stamp[0]; 1365 dst->time_stamp[1] = src->time_stamp[1]; 1366 1367 dst->beacon_interval = src->beacon_interval; 1368 dst->listen_interval = src->listen_interval; 1369 dst->atim_window = src->atim_window; 1370 dst->erp_value = src->erp_value; 1371 dst->tim = src->tim; 1372 1373 memcpy(dst->wpa_ie, src->wpa_ie, src->wpa_ie_len); 1374 dst->wpa_ie_len = src->wpa_ie_len; 1375 memcpy(dst->rsn_ie, src->rsn_ie, src->rsn_ie_len); 1376 dst->rsn_ie_len = src->rsn_ie_len; 1377 1378 dst->last_scanned = jiffies; 1379 qos_active = src->qos_data.active; 1380 old_param = dst->qos_data.old_param_count; 1381 if (dst->flags & NETWORK_HAS_QOS_MASK) 1382 memcpy(&dst->qos_data, &src->qos_data, 1383 sizeof(struct libipw_qos_data)); 1384 else { 1385 dst->qos_data.supported = src->qos_data.supported; 1386 dst->qos_data.param_count = src->qos_data.param_count; 1387 } 1388 1389 if (dst->qos_data.supported == 1) { 1390 if (dst->ssid_len) 1391 LIBIPW_DEBUG_QOS 1392 ("QoS the network %s is QoS supported\n", 1393 dst->ssid); 1394 else 1395 LIBIPW_DEBUG_QOS 1396 ("QoS the network is QoS supported\n"); 1397 } 1398 dst->qos_data.active = qos_active; 1399 dst->qos_data.old_param_count = old_param; 1400 1401 /* dst->last_associate is not overwritten */ 1402 } 1403 1404 static inline int is_beacon(__le16 fc) 1405 { 1406 return (WLAN_FC_GET_STYPE(le16_to_cpu(fc)) == IEEE80211_STYPE_BEACON); 1407 } 1408 1409 static void libipw_process_probe_response(struct libipw_device 1410 *ieee, struct 1411 libipw_probe_response 1412 *beacon, struct libipw_rx_stats 1413 *stats) 1414 { 1415 struct net_device *dev = ieee->dev; 1416 struct libipw_network network = { }; 1417 struct libipw_network *target; 1418 struct libipw_network *oldest = NULL; 1419 #ifdef CONFIG_LIBIPW_DEBUG 1420 struct libipw_info_element *info_element = (void *)beacon->variable; 1421 #endif 1422 unsigned long flags; 1423 1424 LIBIPW_DEBUG_SCAN("'%*pE' (%pM): %c%c%c%c %c%c%c%c-%c%c%c%c %c%c%c%c\n", 1425 info_element->len, info_element->data, 1426 beacon->header.addr3, 1427 (beacon->capability & cpu_to_le16(1 << 0xf)) ? '1' : '0', 1428 (beacon->capability & cpu_to_le16(1 << 0xe)) ? '1' : '0', 1429 (beacon->capability & cpu_to_le16(1 << 0xd)) ? '1' : '0', 1430 (beacon->capability & cpu_to_le16(1 << 0xc)) ? '1' : '0', 1431 (beacon->capability & cpu_to_le16(1 << 0xb)) ? '1' : '0', 1432 (beacon->capability & cpu_to_le16(1 << 0xa)) ? '1' : '0', 1433 (beacon->capability & cpu_to_le16(1 << 0x9)) ? '1' : '0', 1434 (beacon->capability & cpu_to_le16(1 << 0x8)) ? '1' : '0', 1435 (beacon->capability & cpu_to_le16(1 << 0x7)) ? '1' : '0', 1436 (beacon->capability & cpu_to_le16(1 << 0x6)) ? '1' : '0', 1437 (beacon->capability & cpu_to_le16(1 << 0x5)) ? '1' : '0', 1438 (beacon->capability & cpu_to_le16(1 << 0x4)) ? '1' : '0', 1439 (beacon->capability & cpu_to_le16(1 << 0x3)) ? '1' : '0', 1440 (beacon->capability & cpu_to_le16(1 << 0x2)) ? '1' : '0', 1441 (beacon->capability & cpu_to_le16(1 << 0x1)) ? '1' : '0', 1442 (beacon->capability & cpu_to_le16(1 << 0x0)) ? '1' : '0'); 1443 1444 if (libipw_network_init(ieee, beacon, &network, stats)) { 1445 LIBIPW_DEBUG_SCAN("Dropped '%*pE' (%pM) via %s.\n", 1446 info_element->len, info_element->data, 1447 beacon->header.addr3, 1448 is_beacon(beacon->header.frame_ctl) ? 1449 "BEACON" : "PROBE RESPONSE"); 1450 return; 1451 } 1452 1453 /* The network parsed correctly -- so now we scan our known networks 1454 * to see if we can find it in our list. 1455 * 1456 * NOTE: This search is definitely not optimized. Once its doing 1457 * the "right thing" we'll optimize it for efficiency if 1458 * necessary */ 1459 1460 /* Search for this entry in the list and update it if it is 1461 * already there. */ 1462 1463 spin_lock_irqsave(&ieee->lock, flags); 1464 1465 list_for_each_entry(target, &ieee->network_list, list) { 1466 if (is_same_network(target, &network)) 1467 break; 1468 1469 if ((oldest == NULL) || 1470 time_before(target->last_scanned, oldest->last_scanned)) 1471 oldest = target; 1472 } 1473 1474 /* If we didn't find a match, then get a new network slot to initialize 1475 * with this beacon's information */ 1476 if (&target->list == &ieee->network_list) { 1477 if (list_empty(&ieee->network_free_list)) { 1478 /* If there are no more slots, expire the oldest */ 1479 list_del(&oldest->list); 1480 target = oldest; 1481 LIBIPW_DEBUG_SCAN("Expired '%*pE' (%pM) from network list.\n", 1482 target->ssid_len, target->ssid, 1483 target->bssid); 1484 } else { 1485 /* Otherwise just pull from the free list */ 1486 target = list_entry(ieee->network_free_list.next, 1487 struct libipw_network, list); 1488 list_del(ieee->network_free_list.next); 1489 } 1490 1491 #ifdef CONFIG_LIBIPW_DEBUG 1492 LIBIPW_DEBUG_SCAN("Adding '%*pE' (%pM) via %s.\n", 1493 network.ssid_len, network.ssid, 1494 network.bssid, 1495 is_beacon(beacon->header.frame_ctl) ? 1496 "BEACON" : "PROBE RESPONSE"); 1497 #endif 1498 memcpy(target, &network, sizeof(*target)); 1499 list_add_tail(&target->list, &ieee->network_list); 1500 } else { 1501 LIBIPW_DEBUG_SCAN("Updating '%*pE' (%pM) via %s.\n", 1502 target->ssid_len, target->ssid, 1503 target->bssid, 1504 is_beacon(beacon->header.frame_ctl) ? 1505 "BEACON" : "PROBE RESPONSE"); 1506 update_network(target, &network); 1507 } 1508 1509 spin_unlock_irqrestore(&ieee->lock, flags); 1510 1511 if (is_beacon(beacon->header.frame_ctl)) { 1512 if (ieee->handle_beacon != NULL) 1513 ieee->handle_beacon(dev, beacon, target); 1514 } else { 1515 if (ieee->handle_probe_response != NULL) 1516 ieee->handle_probe_response(dev, beacon, target); 1517 } 1518 } 1519 1520 void libipw_rx_mgt(struct libipw_device *ieee, 1521 struct libipw_hdr_4addr *header, 1522 struct libipw_rx_stats *stats) 1523 { 1524 switch (WLAN_FC_GET_STYPE(le16_to_cpu(header->frame_ctl))) { 1525 case IEEE80211_STYPE_ASSOC_RESP: 1526 LIBIPW_DEBUG_MGMT("received ASSOCIATION RESPONSE (%d)\n", 1527 WLAN_FC_GET_STYPE(le16_to_cpu 1528 (header->frame_ctl))); 1529 libipw_handle_assoc_resp(ieee, 1530 (struct libipw_assoc_response *) 1531 header, stats); 1532 break; 1533 1534 case IEEE80211_STYPE_REASSOC_RESP: 1535 LIBIPW_DEBUG_MGMT("received REASSOCIATION RESPONSE (%d)\n", 1536 WLAN_FC_GET_STYPE(le16_to_cpu 1537 (header->frame_ctl))); 1538 break; 1539 1540 case IEEE80211_STYPE_PROBE_REQ: 1541 LIBIPW_DEBUG_MGMT("received auth (%d)\n", 1542 WLAN_FC_GET_STYPE(le16_to_cpu 1543 (header->frame_ctl))); 1544 1545 if (ieee->handle_probe_request != NULL) 1546 ieee->handle_probe_request(ieee->dev, 1547 (struct 1548 libipw_probe_request *) 1549 header, stats); 1550 break; 1551 1552 case IEEE80211_STYPE_PROBE_RESP: 1553 LIBIPW_DEBUG_MGMT("received PROBE RESPONSE (%d)\n", 1554 WLAN_FC_GET_STYPE(le16_to_cpu 1555 (header->frame_ctl))); 1556 LIBIPW_DEBUG_SCAN("Probe response\n"); 1557 libipw_process_probe_response(ieee, 1558 (struct 1559 libipw_probe_response *) 1560 header, stats); 1561 break; 1562 1563 case IEEE80211_STYPE_BEACON: 1564 LIBIPW_DEBUG_MGMT("received BEACON (%d)\n", 1565 WLAN_FC_GET_STYPE(le16_to_cpu 1566 (header->frame_ctl))); 1567 LIBIPW_DEBUG_SCAN("Beacon\n"); 1568 libipw_process_probe_response(ieee, 1569 (struct 1570 libipw_probe_response *) 1571 header, stats); 1572 break; 1573 case IEEE80211_STYPE_AUTH: 1574 1575 LIBIPW_DEBUG_MGMT("received auth (%d)\n", 1576 WLAN_FC_GET_STYPE(le16_to_cpu 1577 (header->frame_ctl))); 1578 1579 if (ieee->handle_auth != NULL) 1580 ieee->handle_auth(ieee->dev, 1581 (struct libipw_auth *)header); 1582 break; 1583 1584 case IEEE80211_STYPE_DISASSOC: 1585 if (ieee->handle_disassoc != NULL) 1586 ieee->handle_disassoc(ieee->dev, 1587 (struct libipw_disassoc *) 1588 header); 1589 break; 1590 1591 case IEEE80211_STYPE_ACTION: 1592 LIBIPW_DEBUG_MGMT("ACTION\n"); 1593 if (ieee->handle_action) 1594 ieee->handle_action(ieee->dev, 1595 (struct libipw_action *) 1596 header, stats); 1597 break; 1598 1599 case IEEE80211_STYPE_REASSOC_REQ: 1600 LIBIPW_DEBUG_MGMT("received reassoc (%d)\n", 1601 WLAN_FC_GET_STYPE(le16_to_cpu 1602 (header->frame_ctl))); 1603 1604 LIBIPW_DEBUG_MGMT("%s: LIBIPW_REASSOC_REQ received\n", 1605 ieee->dev->name); 1606 if (ieee->handle_reassoc_request != NULL) 1607 ieee->handle_reassoc_request(ieee->dev, 1608 (struct libipw_reassoc_request *) 1609 header); 1610 break; 1611 1612 case IEEE80211_STYPE_ASSOC_REQ: 1613 LIBIPW_DEBUG_MGMT("received assoc (%d)\n", 1614 WLAN_FC_GET_STYPE(le16_to_cpu 1615 (header->frame_ctl))); 1616 1617 LIBIPW_DEBUG_MGMT("%s: LIBIPW_ASSOC_REQ received\n", 1618 ieee->dev->name); 1619 if (ieee->handle_assoc_request != NULL) 1620 ieee->handle_assoc_request(ieee->dev); 1621 break; 1622 1623 case IEEE80211_STYPE_DEAUTH: 1624 LIBIPW_DEBUG_MGMT("DEAUTH\n"); 1625 if (ieee->handle_deauth != NULL) 1626 ieee->handle_deauth(ieee->dev, 1627 (struct libipw_deauth *) 1628 header); 1629 break; 1630 default: 1631 LIBIPW_DEBUG_MGMT("received UNKNOWN (%d)\n", 1632 WLAN_FC_GET_STYPE(le16_to_cpu 1633 (header->frame_ctl))); 1634 LIBIPW_DEBUG_MGMT("%s: Unknown management packet: %d\n", 1635 ieee->dev->name, 1636 WLAN_FC_GET_STYPE(le16_to_cpu 1637 (header->frame_ctl))); 1638 break; 1639 } 1640 } 1641 1642 EXPORT_SYMBOL(libipw_rx_mgt); 1643 EXPORT_SYMBOL(libipw_rx); 1644