1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Original code based Host AP (software wireless LAN access point) driver 4 * for Intersil Prism2/2.5/3 - hostap.o module, common routines 5 * 6 * Copyright (c) 2001-2002, SSH Communications Security Corp and Jouni Malinen 7 * <j@w1.fi> 8 * Copyright (c) 2002-2003, Jouni Malinen <j@w1.fi> 9 * Copyright (c) 2004-2005, Intel Corporation 10 */ 11 12 #include <linux/compiler.h> 13 #include <linux/errno.h> 14 #include <linux/if_arp.h> 15 #include <linux/in6.h> 16 #include <linux/gfp.h> 17 #include <linux/in.h> 18 #include <linux/ip.h> 19 #include <linux/kernel.h> 20 #include <linux/module.h> 21 #include <linux/netdevice.h> 22 #include <linux/proc_fs.h> 23 #include <linux/skbuff.h> 24 #include <linux/tcp.h> 25 #include <linux/types.h> 26 #include <linux/wireless.h> 27 #include <linux/etherdevice.h> 28 #include <linux/uaccess.h> 29 #include <linux/ctype.h> 30 #include "libipw.h" 31 32 static void libipw_monitor_rx(struct libipw_device *ieee, 33 struct sk_buff *skb, 34 struct libipw_rx_stats *rx_stats) 35 { 36 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; 37 u16 fc = le16_to_cpu(hdr->frame_control); 38 39 skb->dev = ieee->dev; 40 skb_reset_mac_header(skb); 41 skb_pull(skb, libipw_get_hdrlen(fc)); 42 skb->pkt_type = PACKET_OTHERHOST; 43 skb->protocol = htons(ETH_P_80211_RAW); 44 memset(skb->cb, 0, sizeof(skb->cb)); 45 netif_rx(skb); 46 } 47 48 /* Called only as a tasklet (software IRQ) */ 49 static struct libipw_frag_entry *libipw_frag_cache_find(struct 50 libipw_device 51 *ieee, 52 unsigned int seq, 53 unsigned int frag, 54 u8 * src, 55 u8 * dst) 56 { 57 struct libipw_frag_entry *entry; 58 int i; 59 60 for (i = 0; i < LIBIPW_FRAG_CACHE_LEN; i++) { 61 entry = &ieee->frag_cache[i]; 62 if (entry->skb != NULL && 63 time_after(jiffies, entry->first_frag_time + 2 * HZ)) { 64 LIBIPW_DEBUG_FRAG("expiring fragment cache entry " 65 "seq=%u last_frag=%u\n", 66 entry->seq, entry->last_frag); 67 dev_kfree_skb_any(entry->skb); 68 entry->skb = NULL; 69 } 70 71 if (entry->skb != NULL && entry->seq == seq && 72 (entry->last_frag + 1 == frag || frag == -1) && 73 ether_addr_equal(entry->src_addr, src) && 74 ether_addr_equal(entry->dst_addr, dst)) 75 return entry; 76 } 77 78 return NULL; 79 } 80 81 /* Called only as a tasklet (software IRQ) */ 82 static struct sk_buff *libipw_frag_cache_get(struct libipw_device *ieee, 83 struct libipw_hdr_4addr *hdr) 84 { 85 struct sk_buff *skb = NULL; 86 u16 sc; 87 unsigned int frag, seq; 88 struct libipw_frag_entry *entry; 89 90 sc = le16_to_cpu(hdr->seq_ctl); 91 frag = WLAN_GET_SEQ_FRAG(sc); 92 seq = WLAN_GET_SEQ_SEQ(sc); 93 94 if (frag == 0) { 95 /* Reserve enough space to fit maximum frame length */ 96 skb = dev_alloc_skb(ieee->dev->mtu + 97 sizeof(struct libipw_hdr_4addr) + 98 8 /* LLC */ + 99 2 /* alignment */ + 100 8 /* WEP */ + ETH_ALEN /* WDS */ ); 101 if (skb == NULL) 102 return NULL; 103 104 entry = &ieee->frag_cache[ieee->frag_next_idx]; 105 ieee->frag_next_idx++; 106 if (ieee->frag_next_idx >= LIBIPW_FRAG_CACHE_LEN) 107 ieee->frag_next_idx = 0; 108 109 if (entry->skb != NULL) 110 dev_kfree_skb_any(entry->skb); 111 112 entry->first_frag_time = jiffies; 113 entry->seq = seq; 114 entry->last_frag = frag; 115 entry->skb = skb; 116 memcpy(entry->src_addr, hdr->addr2, ETH_ALEN); 117 memcpy(entry->dst_addr, hdr->addr1, ETH_ALEN); 118 } else { 119 /* received a fragment of a frame for which the head fragment 120 * should have already been received */ 121 entry = libipw_frag_cache_find(ieee, seq, frag, hdr->addr2, 122 hdr->addr1); 123 if (entry != NULL) { 124 entry->last_frag = frag; 125 skb = entry->skb; 126 } 127 } 128 129 return skb; 130 } 131 132 /* Called only as a tasklet (software IRQ) */ 133 static int libipw_frag_cache_invalidate(struct libipw_device *ieee, 134 struct libipw_hdr_4addr *hdr) 135 { 136 u16 sc; 137 unsigned int seq; 138 struct libipw_frag_entry *entry; 139 140 sc = le16_to_cpu(hdr->seq_ctl); 141 seq = WLAN_GET_SEQ_SEQ(sc); 142 143 entry = libipw_frag_cache_find(ieee, seq, -1, hdr->addr2, 144 hdr->addr1); 145 146 if (entry == NULL) { 147 LIBIPW_DEBUG_FRAG("could not invalidate fragment cache " 148 "entry (seq=%u)\n", seq); 149 return -1; 150 } 151 152 entry->skb = NULL; 153 return 0; 154 } 155 156 #ifdef NOT_YET 157 /* libipw_rx_frame_mgtmt 158 * 159 * Responsible for handling management control frames 160 * 161 * Called by libipw_rx */ 162 static int 163 libipw_rx_frame_mgmt(struct libipw_device *ieee, struct sk_buff *skb, 164 struct libipw_rx_stats *rx_stats, u16 type, 165 u16 stype) 166 { 167 if (ieee->iw_mode == IW_MODE_MASTER) { 168 printk(KERN_DEBUG "%s: Master mode not yet supported.\n", 169 ieee->dev->name); 170 return 0; 171 /* 172 hostap_update_sta_ps(ieee, (struct hostap_libipw_hdr_4addr *) 173 skb->data);*/ 174 } 175 176 if (ieee->hostapd && type == WLAN_FC_TYPE_MGMT) { 177 if (stype == WLAN_FC_STYPE_BEACON && 178 ieee->iw_mode == IW_MODE_MASTER) { 179 struct sk_buff *skb2; 180 /* Process beacon frames also in kernel driver to 181 * update STA(AP) table statistics */ 182 skb2 = skb_clone(skb, GFP_ATOMIC); 183 if (skb2) 184 hostap_rx(skb2->dev, skb2, rx_stats); 185 } 186 187 /* send management frames to the user space daemon for 188 * processing */ 189 ieee->apdevstats.rx_packets++; 190 ieee->apdevstats.rx_bytes += skb->len; 191 prism2_rx_80211(ieee->apdev, skb, rx_stats, PRISM2_RX_MGMT); 192 return 0; 193 } 194 195 if (ieee->iw_mode == IW_MODE_MASTER) { 196 if (type != WLAN_FC_TYPE_MGMT && type != WLAN_FC_TYPE_CTRL) { 197 printk(KERN_DEBUG "%s: unknown management frame " 198 "(type=0x%02x, stype=0x%02x) dropped\n", 199 skb->dev->name, type, stype); 200 return -1; 201 } 202 203 hostap_rx(skb->dev, skb, rx_stats); 204 return 0; 205 } 206 207 printk(KERN_DEBUG "%s: hostap_rx_frame_mgmt: management frame " 208 "received in non-Host AP mode\n", skb->dev->name); 209 return -1; 210 } 211 #endif 212 213 /* See IEEE 802.1H for LLC/SNAP encapsulation/decapsulation */ 214 /* Ethernet-II snap header (RFC1042 for most EtherTypes) */ 215 static unsigned char libipw_rfc1042_header[] = 216 { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 }; 217 218 /* Bridge-Tunnel header (for EtherTypes ETH_P_AARP and ETH_P_IPX) */ 219 static unsigned char libipw_bridge_tunnel_header[] = 220 { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0xf8 }; 221 /* No encapsulation header if EtherType < 0x600 (=length) */ 222 223 /* Called by libipw_rx_frame_decrypt */ 224 static int libipw_is_eapol_frame(struct libipw_device *ieee, 225 struct sk_buff *skb) 226 { 227 struct net_device *dev = ieee->dev; 228 u16 fc, ethertype; 229 struct libipw_hdr_3addr *hdr; 230 u8 *pos; 231 232 if (skb->len < 24) 233 return 0; 234 235 hdr = (struct libipw_hdr_3addr *)skb->data; 236 fc = le16_to_cpu(hdr->frame_ctl); 237 238 /* check that the frame is unicast frame to us */ 239 if ((fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) == 240 IEEE80211_FCTL_TODS && 241 ether_addr_equal(hdr->addr1, dev->dev_addr) && 242 ether_addr_equal(hdr->addr3, dev->dev_addr)) { 243 /* ToDS frame with own addr BSSID and DA */ 244 } else if ((fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) == 245 IEEE80211_FCTL_FROMDS && 246 ether_addr_equal(hdr->addr1, dev->dev_addr)) { 247 /* FromDS frame with own addr as DA */ 248 } else 249 return 0; 250 251 if (skb->len < 24 + 8) 252 return 0; 253 254 /* check for port access entity Ethernet type */ 255 pos = skb->data + 24; 256 ethertype = (pos[6] << 8) | pos[7]; 257 if (ethertype == ETH_P_PAE) 258 return 1; 259 260 return 0; 261 } 262 263 /* Called only as a tasklet (software IRQ), by libipw_rx */ 264 static int 265 libipw_rx_frame_decrypt(struct libipw_device *ieee, struct sk_buff *skb, 266 struct libipw_crypt_data *crypt) 267 { 268 struct libipw_hdr_3addr *hdr; 269 int res, hdrlen; 270 271 if (crypt == NULL || crypt->ops->decrypt_mpdu == NULL) 272 return 0; 273 274 hdr = (struct libipw_hdr_3addr *)skb->data; 275 hdrlen = libipw_get_hdrlen(le16_to_cpu(hdr->frame_ctl)); 276 277 atomic_inc(&crypt->refcnt); 278 res = crypt->ops->decrypt_mpdu(skb, hdrlen, crypt->priv); 279 atomic_dec(&crypt->refcnt); 280 if (res < 0) { 281 LIBIPW_DEBUG_DROP("decryption failed (SA=%pM) res=%d\n", 282 hdr->addr2, res); 283 if (res == -2) 284 LIBIPW_DEBUG_DROP("Decryption failed ICV " 285 "mismatch (key %d)\n", 286 skb->data[hdrlen + 3] >> 6); 287 ieee->ieee_stats.rx_discards_undecryptable++; 288 return -1; 289 } 290 291 return res; 292 } 293 294 /* Called only as a tasklet (software IRQ), by libipw_rx */ 295 static int 296 libipw_rx_frame_decrypt_msdu(struct libipw_device *ieee, 297 struct sk_buff *skb, int keyidx, 298 struct libipw_crypt_data *crypt) 299 { 300 struct libipw_hdr_3addr *hdr; 301 int res, hdrlen; 302 303 if (crypt == NULL || crypt->ops->decrypt_msdu == NULL) 304 return 0; 305 306 hdr = (struct libipw_hdr_3addr *)skb->data; 307 hdrlen = libipw_get_hdrlen(le16_to_cpu(hdr->frame_ctl)); 308 309 atomic_inc(&crypt->refcnt); 310 res = crypt->ops->decrypt_msdu(skb, keyidx, hdrlen, crypt->priv); 311 atomic_dec(&crypt->refcnt); 312 if (res < 0) { 313 printk(KERN_DEBUG "%s: MSDU decryption/MIC verification failed" 314 " (SA=%pM keyidx=%d)\n", ieee->dev->name, hdr->addr2, 315 keyidx); 316 return -1; 317 } 318 319 return 0; 320 } 321 322 /* All received frames are sent to this function. @skb contains the frame in 323 * IEEE 802.11 format, i.e., in the format it was sent over air. 324 * This function is called only as a tasklet (software IRQ). */ 325 int libipw_rx(struct libipw_device *ieee, struct sk_buff *skb, 326 struct libipw_rx_stats *rx_stats) 327 { 328 struct net_device *dev = ieee->dev; 329 struct libipw_hdr_4addr *hdr; 330 size_t hdrlen; 331 u16 fc, type, stype, sc; 332 unsigned int frag; 333 u8 *payload; 334 u16 ethertype; 335 #ifdef NOT_YET 336 struct net_device *wds = NULL; 337 struct sk_buff *skb2 = NULL; 338 struct net_device *wds = NULL; 339 int frame_authorized = 0; 340 int from_assoc_ap = 0; 341 void *sta = NULL; 342 #endif 343 u8 dst[ETH_ALEN]; 344 u8 src[ETH_ALEN]; 345 struct libipw_crypt_data *crypt = NULL; 346 int keyidx = 0; 347 int can_be_decrypted = 0; 348 349 hdr = (struct libipw_hdr_4addr *)skb->data; 350 if (skb->len < 10) { 351 printk(KERN_INFO "%s: SKB length < 10\n", dev->name); 352 goto rx_dropped; 353 } 354 355 fc = le16_to_cpu(hdr->frame_ctl); 356 type = WLAN_FC_GET_TYPE(fc); 357 stype = WLAN_FC_GET_STYPE(fc); 358 sc = le16_to_cpu(hdr->seq_ctl); 359 frag = WLAN_GET_SEQ_FRAG(sc); 360 hdrlen = libipw_get_hdrlen(fc); 361 362 if (skb->len < hdrlen) { 363 printk(KERN_INFO "%s: invalid SKB length %d\n", 364 dev->name, skb->len); 365 goto rx_dropped; 366 } 367 368 /* Put this code here so that we avoid duplicating it in all 369 * Rx paths. - Jean II */ 370 #ifdef CONFIG_WIRELESS_EXT 371 #ifdef IW_WIRELESS_SPY /* defined in iw_handler.h */ 372 /* If spy monitoring on */ 373 if (ieee->spy_data.spy_number > 0) { 374 struct iw_quality wstats; 375 376 wstats.updated = 0; 377 if (rx_stats->mask & LIBIPW_STATMASK_RSSI) { 378 wstats.level = rx_stats->signal; 379 wstats.updated |= IW_QUAL_LEVEL_UPDATED; 380 } else 381 wstats.updated |= IW_QUAL_LEVEL_INVALID; 382 383 if (rx_stats->mask & LIBIPW_STATMASK_NOISE) { 384 wstats.noise = rx_stats->noise; 385 wstats.updated |= IW_QUAL_NOISE_UPDATED; 386 } else 387 wstats.updated |= IW_QUAL_NOISE_INVALID; 388 389 if (rx_stats->mask & LIBIPW_STATMASK_SIGNAL) { 390 wstats.qual = rx_stats->signal; 391 wstats.updated |= IW_QUAL_QUAL_UPDATED; 392 } else 393 wstats.updated |= IW_QUAL_QUAL_INVALID; 394 395 /* Update spy records */ 396 libipw_spy_update(ieee->dev, hdr->addr2, &wstats); 397 } 398 #endif /* IW_WIRELESS_SPY */ 399 #endif /* CONFIG_WIRELESS_EXT */ 400 401 #ifdef NOT_YET 402 hostap_update_rx_stats(local->ap, hdr, rx_stats); 403 #endif 404 405 if (ieee->iw_mode == IW_MODE_MONITOR) { 406 dev->stats.rx_packets++; 407 dev->stats.rx_bytes += skb->len; 408 libipw_monitor_rx(ieee, skb, rx_stats); 409 return 1; 410 } 411 412 can_be_decrypted = (is_multicast_ether_addr(hdr->addr1) || 413 is_broadcast_ether_addr(hdr->addr2)) ? 414 ieee->host_mc_decrypt : ieee->host_decrypt; 415 416 if (can_be_decrypted) { 417 if (skb->len >= hdrlen + 3) { 418 /* Top two-bits of byte 3 are the key index */ 419 keyidx = skb->data[hdrlen + 3] >> 6; 420 } 421 422 /* ieee->crypt[] is WEP_KEY (4) in length. Given that keyidx 423 * is only allowed 2-bits of storage, no value of keyidx can 424 * be provided via above code that would result in keyidx 425 * being out of range */ 426 crypt = ieee->crypt_info.crypt[keyidx]; 427 428 #ifdef NOT_YET 429 sta = NULL; 430 431 /* Use station specific key to override default keys if the 432 * receiver address is a unicast address ("individual RA"). If 433 * bcrx_sta_key parameter is set, station specific key is used 434 * even with broad/multicast targets (this is against IEEE 435 * 802.11, but makes it easier to use different keys with 436 * stations that do not support WEP key mapping). */ 437 438 if (is_unicast_ether_addr(hdr->addr1) || local->bcrx_sta_key) 439 (void)hostap_handle_sta_crypto(local, hdr, &crypt, 440 &sta); 441 #endif 442 443 /* allow NULL decrypt to indicate an station specific override 444 * for default encryption */ 445 if (crypt && (crypt->ops == NULL || 446 crypt->ops->decrypt_mpdu == NULL)) 447 crypt = NULL; 448 449 if (!crypt && (fc & IEEE80211_FCTL_PROTECTED)) { 450 /* This seems to be triggered by some (multicast?) 451 * frames from other than current BSS, so just drop the 452 * frames silently instead of filling system log with 453 * these reports. */ 454 LIBIPW_DEBUG_DROP("Decryption failed (not set)" 455 " (SA=%pM)\n", hdr->addr2); 456 ieee->ieee_stats.rx_discards_undecryptable++; 457 goto rx_dropped; 458 } 459 } 460 #ifdef NOT_YET 461 if (type != WLAN_FC_TYPE_DATA) { 462 if (type == WLAN_FC_TYPE_MGMT && stype == WLAN_FC_STYPE_AUTH && 463 fc & IEEE80211_FCTL_PROTECTED && ieee->host_decrypt && 464 (keyidx = hostap_rx_frame_decrypt(ieee, skb, crypt)) < 0) { 465 printk(KERN_DEBUG "%s: failed to decrypt mgmt::auth " 466 "from %pM\n", dev->name, hdr->addr2); 467 /* TODO: could inform hostapd about this so that it 468 * could send auth failure report */ 469 goto rx_dropped; 470 } 471 472 if (libipw_rx_frame_mgmt(ieee, skb, rx_stats, type, stype)) 473 goto rx_dropped; 474 else 475 goto rx_exit; 476 } 477 #endif 478 /* drop duplicate 802.11 retransmissions (IEEE 802.11 Chap. 9.29) */ 479 if (sc == ieee->prev_seq_ctl) 480 goto rx_dropped; 481 else 482 ieee->prev_seq_ctl = sc; 483 484 /* Data frame - extract src/dst addresses */ 485 if (skb->len < LIBIPW_3ADDR_LEN) 486 goto rx_dropped; 487 488 switch (fc & (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) { 489 case IEEE80211_FCTL_FROMDS: 490 memcpy(dst, hdr->addr1, ETH_ALEN); 491 memcpy(src, hdr->addr3, ETH_ALEN); 492 break; 493 case IEEE80211_FCTL_TODS: 494 memcpy(dst, hdr->addr3, ETH_ALEN); 495 memcpy(src, hdr->addr2, ETH_ALEN); 496 break; 497 case IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS: 498 if (skb->len < LIBIPW_4ADDR_LEN) 499 goto rx_dropped; 500 memcpy(dst, hdr->addr3, ETH_ALEN); 501 memcpy(src, hdr->addr4, ETH_ALEN); 502 break; 503 default: 504 memcpy(dst, hdr->addr1, ETH_ALEN); 505 memcpy(src, hdr->addr2, ETH_ALEN); 506 break; 507 } 508 509 #ifdef NOT_YET 510 if (hostap_rx_frame_wds(ieee, hdr, fc, &wds)) 511 goto rx_dropped; 512 if (wds) { 513 skb->dev = dev = wds; 514 stats = hostap_get_stats(dev); 515 } 516 517 if (ieee->iw_mode == IW_MODE_MASTER && !wds && 518 (fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) == 519 IEEE80211_FCTL_FROMDS && ieee->stadev && 520 ether_addr_equal(hdr->addr2, ieee->assoc_ap_addr)) { 521 /* Frame from BSSID of the AP for which we are a client */ 522 skb->dev = dev = ieee->stadev; 523 stats = hostap_get_stats(dev); 524 from_assoc_ap = 1; 525 } 526 #endif 527 528 #ifdef NOT_YET 529 if ((ieee->iw_mode == IW_MODE_MASTER || 530 ieee->iw_mode == IW_MODE_REPEAT) && !from_assoc_ap) { 531 switch (hostap_handle_sta_rx(ieee, dev, skb, rx_stats, 532 wds != NULL)) { 533 case AP_RX_CONTINUE_NOT_AUTHORIZED: 534 frame_authorized = 0; 535 break; 536 case AP_RX_CONTINUE: 537 frame_authorized = 1; 538 break; 539 case AP_RX_DROP: 540 goto rx_dropped; 541 case AP_RX_EXIT: 542 goto rx_exit; 543 } 544 } 545 #endif 546 547 /* Nullfunc frames may have PS-bit set, so they must be passed to 548 * hostap_handle_sta_rx() before being dropped here. */ 549 550 stype &= ~IEEE80211_STYPE_QOS_DATA; 551 552 if (stype != IEEE80211_STYPE_DATA && 553 stype != IEEE80211_STYPE_DATA_CFACK && 554 stype != IEEE80211_STYPE_DATA_CFPOLL && 555 stype != IEEE80211_STYPE_DATA_CFACKPOLL) { 556 if (stype != IEEE80211_STYPE_NULLFUNC) 557 LIBIPW_DEBUG_DROP("RX: dropped data frame " 558 "with no data (type=0x%02x, " 559 "subtype=0x%02x, len=%d)\n", 560 type, stype, skb->len); 561 goto rx_dropped; 562 } 563 564 /* skb: hdr + (possibly fragmented, possibly encrypted) payload */ 565 566 if ((fc & IEEE80211_FCTL_PROTECTED) && can_be_decrypted && 567 (keyidx = libipw_rx_frame_decrypt(ieee, skb, crypt)) < 0) 568 goto rx_dropped; 569 570 hdr = (struct libipw_hdr_4addr *)skb->data; 571 572 /* skb: hdr + (possibly fragmented) plaintext payload */ 573 // PR: FIXME: hostap has additional conditions in the "if" below: 574 // ieee->host_decrypt && (fc & IEEE80211_FCTL_PROTECTED) && 575 if ((frag != 0) || (fc & IEEE80211_FCTL_MOREFRAGS)) { 576 int flen; 577 struct sk_buff *frag_skb = libipw_frag_cache_get(ieee, hdr); 578 LIBIPW_DEBUG_FRAG("Rx Fragment received (%u)\n", frag); 579 580 if (!frag_skb) { 581 LIBIPW_DEBUG(LIBIPW_DL_RX | LIBIPW_DL_FRAG, 582 "Rx cannot get skb from fragment " 583 "cache (morefrag=%d seq=%u frag=%u)\n", 584 (fc & IEEE80211_FCTL_MOREFRAGS) != 0, 585 WLAN_GET_SEQ_SEQ(sc), frag); 586 goto rx_dropped; 587 } 588 589 flen = skb->len; 590 if (frag != 0) 591 flen -= hdrlen; 592 593 if (frag_skb->tail + flen > frag_skb->end) { 594 printk(KERN_WARNING "%s: host decrypted and " 595 "reassembled frame did not fit skb\n", 596 dev->name); 597 libipw_frag_cache_invalidate(ieee, hdr); 598 goto rx_dropped; 599 } 600 601 if (frag == 0) { 602 /* copy first fragment (including full headers) into 603 * beginning of the fragment cache skb */ 604 skb_copy_from_linear_data(skb, skb_put(frag_skb, flen), flen); 605 } else { 606 /* append frame payload to the end of the fragment 607 * cache skb */ 608 skb_copy_from_linear_data_offset(skb, hdrlen, 609 skb_put(frag_skb, flen), flen); 610 } 611 dev_kfree_skb_any(skb); 612 skb = NULL; 613 614 if (fc & IEEE80211_FCTL_MOREFRAGS) { 615 /* more fragments expected - leave the skb in fragment 616 * cache for now; it will be delivered to upper layers 617 * after all fragments have been received */ 618 goto rx_exit; 619 } 620 621 /* this was the last fragment and the frame will be 622 * delivered, so remove skb from fragment cache */ 623 skb = frag_skb; 624 hdr = (struct libipw_hdr_4addr *)skb->data; 625 libipw_frag_cache_invalidate(ieee, hdr); 626 } 627 628 /* skb: hdr + (possible reassembled) full MSDU payload; possibly still 629 * encrypted/authenticated */ 630 if ((fc & IEEE80211_FCTL_PROTECTED) && can_be_decrypted && 631 libipw_rx_frame_decrypt_msdu(ieee, skb, keyidx, crypt)) 632 goto rx_dropped; 633 634 hdr = (struct libipw_hdr_4addr *)skb->data; 635 if (crypt && !(fc & IEEE80211_FCTL_PROTECTED) && !ieee->open_wep) { 636 if ( /*ieee->ieee802_1x && */ 637 libipw_is_eapol_frame(ieee, skb)) { 638 /* pass unencrypted EAPOL frames even if encryption is 639 * configured */ 640 } else { 641 LIBIPW_DEBUG_DROP("encryption configured, but RX " 642 "frame not encrypted (SA=%pM)\n", 643 hdr->addr2); 644 goto rx_dropped; 645 } 646 } 647 648 if (crypt && !(fc & IEEE80211_FCTL_PROTECTED) && !ieee->open_wep && 649 !libipw_is_eapol_frame(ieee, skb)) { 650 LIBIPW_DEBUG_DROP("dropped unencrypted RX data " 651 "frame from %pM (drop_unencrypted=1)\n", 652 hdr->addr2); 653 goto rx_dropped; 654 } 655 656 /* If the frame was decrypted in hardware, we may need to strip off 657 * any security data (IV, ICV, etc) that was left behind */ 658 if (!can_be_decrypted && (fc & IEEE80211_FCTL_PROTECTED) && 659 ieee->host_strip_iv_icv) { 660 int trimlen = 0; 661 662 /* Top two-bits of byte 3 are the key index */ 663 if (skb->len >= hdrlen + 3) 664 keyidx = skb->data[hdrlen + 3] >> 6; 665 666 /* To strip off any security data which appears before the 667 * payload, we simply increase hdrlen (as the header gets 668 * chopped off immediately below). For the security data which 669 * appears after the payload, we use skb_trim. */ 670 671 switch (ieee->sec.encode_alg[keyidx]) { 672 case SEC_ALG_WEP: 673 /* 4 byte IV */ 674 hdrlen += 4; 675 /* 4 byte ICV */ 676 trimlen = 4; 677 break; 678 case SEC_ALG_TKIP: 679 /* 4 byte IV, 4 byte ExtIV */ 680 hdrlen += 8; 681 /* 8 byte MIC, 4 byte ICV */ 682 trimlen = 12; 683 break; 684 case SEC_ALG_CCMP: 685 /* 8 byte CCMP header */ 686 hdrlen += 8; 687 /* 8 byte MIC */ 688 trimlen = 8; 689 break; 690 } 691 692 if (skb->len < trimlen) 693 goto rx_dropped; 694 695 __skb_trim(skb, skb->len - trimlen); 696 697 if (skb->len < hdrlen) 698 goto rx_dropped; 699 } 700 701 /* skb: hdr + (possible reassembled) full plaintext payload */ 702 703 payload = skb->data + hdrlen; 704 ethertype = (payload[6] << 8) | payload[7]; 705 706 #ifdef NOT_YET 707 /* If IEEE 802.1X is used, check whether the port is authorized to send 708 * the received frame. */ 709 if (ieee->ieee802_1x && ieee->iw_mode == IW_MODE_MASTER) { 710 if (ethertype == ETH_P_PAE) { 711 printk(KERN_DEBUG "%s: RX: IEEE 802.1X frame\n", 712 dev->name); 713 if (ieee->hostapd && ieee->apdev) { 714 /* Send IEEE 802.1X frames to the user 715 * space daemon for processing */ 716 prism2_rx_80211(ieee->apdev, skb, rx_stats, 717 PRISM2_RX_MGMT); 718 ieee->apdevstats.rx_packets++; 719 ieee->apdevstats.rx_bytes += skb->len; 720 goto rx_exit; 721 } 722 } else if (!frame_authorized) { 723 printk(KERN_DEBUG "%s: dropped frame from " 724 "unauthorized port (IEEE 802.1X): " 725 "ethertype=0x%04x\n", dev->name, ethertype); 726 goto rx_dropped; 727 } 728 } 729 #endif 730 731 /* convert hdr + possible LLC headers into Ethernet header */ 732 if (skb->len - hdrlen >= 8 && 733 ((memcmp(payload, libipw_rfc1042_header, SNAP_SIZE) == 0 && 734 ethertype != ETH_P_AARP && ethertype != ETH_P_IPX) || 735 memcmp(payload, libipw_bridge_tunnel_header, SNAP_SIZE) == 0)) { 736 /* remove RFC1042 or Bridge-Tunnel encapsulation and 737 * replace EtherType */ 738 skb_pull(skb, hdrlen + SNAP_SIZE); 739 memcpy(skb_push(skb, ETH_ALEN), src, ETH_ALEN); 740 memcpy(skb_push(skb, ETH_ALEN), dst, ETH_ALEN); 741 } else { 742 __be16 len; 743 /* Leave Ethernet header part of hdr and full payload */ 744 skb_pull(skb, hdrlen); 745 len = htons(skb->len); 746 memcpy(skb_push(skb, 2), &len, 2); 747 memcpy(skb_push(skb, ETH_ALEN), src, ETH_ALEN); 748 memcpy(skb_push(skb, ETH_ALEN), dst, ETH_ALEN); 749 } 750 751 #ifdef NOT_YET 752 if (wds && ((fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) == 753 IEEE80211_FCTL_TODS) && skb->len >= ETH_HLEN + ETH_ALEN) { 754 /* Non-standard frame: get addr4 from its bogus location after 755 * the payload */ 756 skb_copy_to_linear_data_offset(skb, ETH_ALEN, 757 skb->data + skb->len - ETH_ALEN, 758 ETH_ALEN); 759 skb_trim(skb, skb->len - ETH_ALEN); 760 } 761 #endif 762 763 dev->stats.rx_packets++; 764 dev->stats.rx_bytes += skb->len; 765 766 #ifdef NOT_YET 767 if (ieee->iw_mode == IW_MODE_MASTER && !wds && ieee->ap->bridge_packets) { 768 if (is_multicast_ether_addr(dst)) { 769 /* copy multicast frame both to the higher layers and 770 * to the wireless media */ 771 ieee->ap->bridged_multicast++; 772 skb2 = skb_clone(skb, GFP_ATOMIC); 773 if (skb2 == NULL) 774 printk(KERN_DEBUG "%s: skb_clone failed for " 775 "multicast frame\n", dev->name); 776 } else if (hostap_is_sta_assoc(ieee->ap, dst)) { 777 /* send frame directly to the associated STA using 778 * wireless media and not passing to higher layers */ 779 ieee->ap->bridged_unicast++; 780 skb2 = skb; 781 skb = NULL; 782 } 783 } 784 785 if (skb2 != NULL) { 786 /* send to wireless media */ 787 skb2->dev = dev; 788 skb2->protocol = htons(ETH_P_802_3); 789 skb_reset_mac_header(skb2); 790 skb_reset_network_header(skb2); 791 /* skb2->network_header += ETH_HLEN; */ 792 dev_queue_xmit(skb2); 793 } 794 #endif 795 796 if (skb) { 797 skb->protocol = eth_type_trans(skb, dev); 798 memset(skb->cb, 0, sizeof(skb->cb)); 799 skb->ip_summed = CHECKSUM_NONE; /* 802.11 crc not sufficient */ 800 if (netif_rx(skb) == NET_RX_DROP) { 801 /* netif_rx always succeeds, but it might drop 802 * the packet. If it drops the packet, we log that 803 * in our stats. */ 804 LIBIPW_DEBUG_DROP 805 ("RX: netif_rx dropped the packet\n"); 806 dev->stats.rx_dropped++; 807 } 808 } 809 810 rx_exit: 811 #ifdef NOT_YET 812 if (sta) 813 hostap_handle_sta_release(sta); 814 #endif 815 return 1; 816 817 rx_dropped: 818 dev->stats.rx_dropped++; 819 820 /* Returning 0 indicates to caller that we have not handled the SKB-- 821 * so it is still allocated and can be used again by underlying 822 * hardware as a DMA target */ 823 return 0; 824 } 825 826 /* Filter out unrelated packets, call libipw_rx[_mgt] 827 * This function takes over the skb, it should not be used again after calling 828 * this function. */ 829 void libipw_rx_any(struct libipw_device *ieee, 830 struct sk_buff *skb, struct libipw_rx_stats *stats) 831 { 832 struct libipw_hdr_4addr *hdr; 833 int is_packet_for_us; 834 u16 fc; 835 836 if (ieee->iw_mode == IW_MODE_MONITOR) { 837 if (!libipw_rx(ieee, skb, stats)) 838 dev_kfree_skb_irq(skb); 839 return; 840 } 841 842 if (skb->len < sizeof(struct ieee80211_hdr)) 843 goto drop_free; 844 845 hdr = (struct libipw_hdr_4addr *)skb->data; 846 fc = le16_to_cpu(hdr->frame_ctl); 847 848 if ((fc & IEEE80211_FCTL_VERS) != 0) 849 goto drop_free; 850 851 switch (fc & IEEE80211_FCTL_FTYPE) { 852 case IEEE80211_FTYPE_MGMT: 853 if (skb->len < sizeof(struct libipw_hdr_3addr)) 854 goto drop_free; 855 libipw_rx_mgt(ieee, hdr, stats); 856 dev_kfree_skb_irq(skb); 857 return; 858 case IEEE80211_FTYPE_DATA: 859 break; 860 case IEEE80211_FTYPE_CTL: 861 return; 862 default: 863 return; 864 } 865 866 is_packet_for_us = 0; 867 switch (ieee->iw_mode) { 868 case IW_MODE_ADHOC: 869 /* our BSS and not from/to DS */ 870 if (ether_addr_equal(hdr->addr3, ieee->bssid) && 871 ((fc & (IEEE80211_FCTL_TODS + IEEE80211_FCTL_FROMDS)) == 0)) { 872 /* promisc: get all */ 873 if (ieee->dev->flags & IFF_PROMISC) 874 is_packet_for_us = 1; 875 /* to us */ 876 else if (ether_addr_equal(hdr->addr1, ieee->dev->dev_addr)) 877 is_packet_for_us = 1; 878 /* mcast */ 879 else if (is_multicast_ether_addr(hdr->addr1)) 880 is_packet_for_us = 1; 881 } 882 break; 883 case IW_MODE_INFRA: 884 /* our BSS (== from our AP) and from DS */ 885 if (ether_addr_equal(hdr->addr2, ieee->bssid) && 886 ((fc & (IEEE80211_FCTL_TODS + IEEE80211_FCTL_FROMDS)) == IEEE80211_FCTL_FROMDS)) { 887 /* promisc: get all */ 888 if (ieee->dev->flags & IFF_PROMISC) 889 is_packet_for_us = 1; 890 /* to us */ 891 else if (ether_addr_equal(hdr->addr1, ieee->dev->dev_addr)) 892 is_packet_for_us = 1; 893 /* mcast */ 894 else if (is_multicast_ether_addr(hdr->addr1)) { 895 /* not our own packet bcasted from AP */ 896 if (!ether_addr_equal(hdr->addr3, ieee->dev->dev_addr)) 897 is_packet_for_us = 1; 898 } 899 } 900 break; 901 default: 902 /* ? */ 903 break; 904 } 905 906 if (is_packet_for_us) 907 if (!libipw_rx(ieee, skb, stats)) 908 dev_kfree_skb_irq(skb); 909 return; 910 911 drop_free: 912 dev_kfree_skb_irq(skb); 913 ieee->dev->stats.rx_dropped++; 914 } 915 916 #define MGMT_FRAME_FIXED_PART_LENGTH 0x24 917 918 static u8 qos_oui[QOS_OUI_LEN] = { 0x00, 0x50, 0xF2 }; 919 920 /* 921 * Make the structure we read from the beacon packet to have 922 * the right values 923 */ 924 static int libipw_verify_qos_info(struct libipw_qos_information_element 925 *info_element, int sub_type) 926 { 927 if (info_element->elementID != QOS_ELEMENT_ID) 928 return -1; 929 if (info_element->qui_subtype != sub_type) 930 return -1; 931 if (memcmp(info_element->qui, qos_oui, QOS_OUI_LEN)) 932 return -1; 933 if (info_element->qui_type != QOS_OUI_TYPE) 934 return -1; 935 if (info_element->version != QOS_VERSION_1) 936 return -1; 937 938 return 0; 939 } 940 941 /* 942 * Parse a QoS parameter element 943 */ 944 static int libipw_read_qos_param_element( 945 struct libipw_qos_parameter_info *element_param, 946 struct libipw_info_element *info_element) 947 { 948 size_t size = sizeof(*element_param); 949 950 if (!element_param || !info_element || info_element->len != size - 2) 951 return -1; 952 953 memcpy(element_param, info_element, size); 954 return libipw_verify_qos_info(&element_param->info_element, 955 QOS_OUI_PARAM_SUB_TYPE); 956 } 957 958 /* 959 * Parse a QoS information element 960 */ 961 static int libipw_read_qos_info_element( 962 struct libipw_qos_information_element *element_info, 963 struct libipw_info_element *info_element) 964 { 965 size_t size = sizeof(struct libipw_qos_information_element) - 2; 966 967 if (!element_info || !info_element || info_element->len != size - 2) 968 return -1; 969 970 memcpy(element_info, info_element, size); 971 return libipw_verify_qos_info(element_info, QOS_OUI_INFO_SUB_TYPE); 972 } 973 974 /* 975 * Write QoS parameters from the ac parameters. 976 */ 977 static void libipw_qos_convert_ac_to_parameters(struct 978 libipw_qos_parameter_info 979 *param_elm, struct 980 libipw_qos_parameters 981 *qos_param) 982 { 983 int i; 984 struct libipw_qos_ac_parameter *ac_params; 985 u32 txop; 986 u8 cw_min; 987 u8 cw_max; 988 989 for (i = 0; i < QOS_QUEUE_NUM; i++) { 990 ac_params = &(param_elm->ac_params_record[i]); 991 992 qos_param->aifs[i] = (ac_params->aci_aifsn) & 0x0F; 993 qos_param->aifs[i] -= (qos_param->aifs[i] < 2) ? 0 : 2; 994 995 cw_min = ac_params->ecw_min_max & 0x0F; 996 qos_param->cw_min[i] = cpu_to_le16((1 << cw_min) - 1); 997 998 cw_max = (ac_params->ecw_min_max & 0xF0) >> 4; 999 qos_param->cw_max[i] = cpu_to_le16((1 << cw_max) - 1); 1000 1001 qos_param->flag[i] = 1002 (ac_params->aci_aifsn & 0x10) ? 0x01 : 0x00; 1003 1004 txop = le16_to_cpu(ac_params->tx_op_limit) * 32; 1005 qos_param->tx_op_limit[i] = cpu_to_le16(txop); 1006 } 1007 } 1008 1009 /* 1010 * we have a generic data element which it may contain QoS information or 1011 * parameters element. check the information element length to decide 1012 * which type to read 1013 */ 1014 static int libipw_parse_qos_info_param_IE(struct libipw_info_element 1015 *info_element, 1016 struct libipw_network *network) 1017 { 1018 int rc = 0; 1019 struct libipw_qos_parameters *qos_param = NULL; 1020 struct libipw_qos_information_element qos_info_element; 1021 1022 rc = libipw_read_qos_info_element(&qos_info_element, info_element); 1023 1024 if (rc == 0) { 1025 network->qos_data.param_count = qos_info_element.ac_info & 0x0F; 1026 network->flags |= NETWORK_HAS_QOS_INFORMATION; 1027 } else { 1028 struct libipw_qos_parameter_info param_element; 1029 1030 rc = libipw_read_qos_param_element(¶m_element, 1031 info_element); 1032 if (rc == 0) { 1033 qos_param = &(network->qos_data.parameters); 1034 libipw_qos_convert_ac_to_parameters(¶m_element, 1035 qos_param); 1036 network->flags |= NETWORK_HAS_QOS_PARAMETERS; 1037 network->qos_data.param_count = 1038 param_element.info_element.ac_info & 0x0F; 1039 } 1040 } 1041 1042 if (rc == 0) { 1043 LIBIPW_DEBUG_QOS("QoS is supported\n"); 1044 network->qos_data.supported = 1; 1045 } 1046 return rc; 1047 } 1048 1049 #ifdef CONFIG_LIBIPW_DEBUG 1050 #define MFIE_STRING(x) case WLAN_EID_ ##x: return #x 1051 1052 static const char *get_info_element_string(u16 id) 1053 { 1054 switch (id) { 1055 MFIE_STRING(SSID); 1056 MFIE_STRING(SUPP_RATES); 1057 MFIE_STRING(FH_PARAMS); 1058 MFIE_STRING(DS_PARAMS); 1059 MFIE_STRING(CF_PARAMS); 1060 MFIE_STRING(TIM); 1061 MFIE_STRING(IBSS_PARAMS); 1062 MFIE_STRING(COUNTRY); 1063 MFIE_STRING(REQUEST); 1064 MFIE_STRING(CHALLENGE); 1065 MFIE_STRING(PWR_CONSTRAINT); 1066 MFIE_STRING(PWR_CAPABILITY); 1067 MFIE_STRING(TPC_REQUEST); 1068 MFIE_STRING(TPC_REPORT); 1069 MFIE_STRING(SUPPORTED_CHANNELS); 1070 MFIE_STRING(CHANNEL_SWITCH); 1071 MFIE_STRING(MEASURE_REQUEST); 1072 MFIE_STRING(MEASURE_REPORT); 1073 MFIE_STRING(QUIET); 1074 MFIE_STRING(IBSS_DFS); 1075 MFIE_STRING(ERP_INFO); 1076 MFIE_STRING(RSN); 1077 MFIE_STRING(EXT_SUPP_RATES); 1078 MFIE_STRING(VENDOR_SPECIFIC); 1079 MFIE_STRING(QOS_PARAMETER); 1080 default: 1081 return "UNKNOWN"; 1082 } 1083 } 1084 #endif 1085 1086 static int libipw_parse_info_param(struct libipw_info_element 1087 *info_element, u16 length, 1088 struct libipw_network *network) 1089 { 1090 u8 i; 1091 #ifdef CONFIG_LIBIPW_DEBUG 1092 char rates_str[64]; 1093 char *p; 1094 #endif 1095 1096 while (length >= sizeof(*info_element)) { 1097 if (sizeof(*info_element) + info_element->len > length) { 1098 LIBIPW_DEBUG_MGMT("Info elem: parse failed: " 1099 "info_element->len + 2 > left : " 1100 "info_element->len+2=%zd left=%d, id=%d.\n", 1101 info_element->len + 1102 sizeof(*info_element), 1103 length, info_element->id); 1104 /* We stop processing but don't return an error here 1105 * because some misbehaviour APs break this rule. ie. 1106 * Orinoco AP1000. */ 1107 break; 1108 } 1109 1110 switch (info_element->id) { 1111 case WLAN_EID_SSID: 1112 network->ssid_len = min(info_element->len, 1113 (u8) IW_ESSID_MAX_SIZE); 1114 memcpy(network->ssid, info_element->data, 1115 network->ssid_len); 1116 if (network->ssid_len < IW_ESSID_MAX_SIZE) 1117 memset(network->ssid + network->ssid_len, 0, 1118 IW_ESSID_MAX_SIZE - network->ssid_len); 1119 1120 LIBIPW_DEBUG_MGMT("WLAN_EID_SSID: '%*pE' len=%d.\n", 1121 network->ssid_len, network->ssid, 1122 network->ssid_len); 1123 break; 1124 1125 case WLAN_EID_SUPP_RATES: 1126 #ifdef CONFIG_LIBIPW_DEBUG 1127 p = rates_str; 1128 #endif 1129 network->rates_len = min(info_element->len, 1130 MAX_RATES_LENGTH); 1131 for (i = 0; i < network->rates_len; i++) { 1132 network->rates[i] = info_element->data[i]; 1133 #ifdef CONFIG_LIBIPW_DEBUG 1134 p += scnprintf(p, sizeof(rates_str) - 1135 (p - rates_str), "%02X ", 1136 network->rates[i]); 1137 #endif 1138 if (libipw_is_ofdm_rate 1139 (info_element->data[i])) { 1140 network->flags |= NETWORK_HAS_OFDM; 1141 if (info_element->data[i] & 1142 LIBIPW_BASIC_RATE_MASK) 1143 network->flags &= 1144 ~NETWORK_HAS_CCK; 1145 } 1146 } 1147 1148 LIBIPW_DEBUG_MGMT("WLAN_EID_SUPP_RATES: '%s' (%d)\n", 1149 rates_str, network->rates_len); 1150 break; 1151 1152 case WLAN_EID_EXT_SUPP_RATES: 1153 #ifdef CONFIG_LIBIPW_DEBUG 1154 p = rates_str; 1155 #endif 1156 network->rates_ex_len = min(info_element->len, 1157 MAX_RATES_EX_LENGTH); 1158 for (i = 0; i < network->rates_ex_len; i++) { 1159 network->rates_ex[i] = info_element->data[i]; 1160 #ifdef CONFIG_LIBIPW_DEBUG 1161 p += scnprintf(p, sizeof(rates_str) - 1162 (p - rates_str), "%02X ", 1163 network->rates_ex[i]); 1164 #endif 1165 if (libipw_is_ofdm_rate 1166 (info_element->data[i])) { 1167 network->flags |= NETWORK_HAS_OFDM; 1168 if (info_element->data[i] & 1169 LIBIPW_BASIC_RATE_MASK) 1170 network->flags &= 1171 ~NETWORK_HAS_CCK; 1172 } 1173 } 1174 1175 LIBIPW_DEBUG_MGMT("WLAN_EID_EXT_SUPP_RATES: '%s' (%d)\n", 1176 rates_str, network->rates_ex_len); 1177 break; 1178 1179 case WLAN_EID_DS_PARAMS: 1180 LIBIPW_DEBUG_MGMT("WLAN_EID_DS_PARAMS: %d\n", 1181 info_element->data[0]); 1182 network->channel = info_element->data[0]; 1183 break; 1184 1185 case WLAN_EID_FH_PARAMS: 1186 LIBIPW_DEBUG_MGMT("WLAN_EID_FH_PARAMS: ignored\n"); 1187 break; 1188 1189 case WLAN_EID_CF_PARAMS: 1190 LIBIPW_DEBUG_MGMT("WLAN_EID_CF_PARAMS: ignored\n"); 1191 break; 1192 1193 case WLAN_EID_TIM: 1194 network->tim.tim_count = info_element->data[0]; 1195 network->tim.tim_period = info_element->data[1]; 1196 LIBIPW_DEBUG_MGMT("WLAN_EID_TIM: partially ignored\n"); 1197 break; 1198 1199 case WLAN_EID_ERP_INFO: 1200 network->erp_value = info_element->data[0]; 1201 network->flags |= NETWORK_HAS_ERP_VALUE; 1202 LIBIPW_DEBUG_MGMT("MFIE_TYPE_ERP_SET: %d\n", 1203 network->erp_value); 1204 break; 1205 1206 case WLAN_EID_IBSS_PARAMS: 1207 network->atim_window = info_element->data[0]; 1208 LIBIPW_DEBUG_MGMT("WLAN_EID_IBSS_PARAMS: %d\n", 1209 network->atim_window); 1210 break; 1211 1212 case WLAN_EID_CHALLENGE: 1213 LIBIPW_DEBUG_MGMT("WLAN_EID_CHALLENGE: ignored\n"); 1214 break; 1215 1216 case WLAN_EID_VENDOR_SPECIFIC: 1217 LIBIPW_DEBUG_MGMT("WLAN_EID_VENDOR_SPECIFIC: %d bytes\n", 1218 info_element->len); 1219 if (!libipw_parse_qos_info_param_IE(info_element, 1220 network)) 1221 break; 1222 1223 if (info_element->len >= 4 && 1224 info_element->data[0] == 0x00 && 1225 info_element->data[1] == 0x50 && 1226 info_element->data[2] == 0xf2 && 1227 info_element->data[3] == 0x01) { 1228 network->wpa_ie_len = min(info_element->len + 2, 1229 MAX_WPA_IE_LEN); 1230 memcpy(network->wpa_ie, info_element, 1231 network->wpa_ie_len); 1232 } 1233 break; 1234 1235 case WLAN_EID_RSN: 1236 LIBIPW_DEBUG_MGMT("WLAN_EID_RSN: %d bytes\n", 1237 info_element->len); 1238 network->rsn_ie_len = min(info_element->len + 2, 1239 MAX_WPA_IE_LEN); 1240 memcpy(network->rsn_ie, info_element, 1241 network->rsn_ie_len); 1242 break; 1243 1244 case WLAN_EID_QOS_PARAMETER: 1245 printk(KERN_ERR 1246 "QoS Error need to parse QOS_PARAMETER IE\n"); 1247 break; 1248 /* 802.11h */ 1249 case WLAN_EID_PWR_CONSTRAINT: 1250 network->power_constraint = info_element->data[0]; 1251 network->flags |= NETWORK_HAS_POWER_CONSTRAINT; 1252 break; 1253 1254 case WLAN_EID_CHANNEL_SWITCH: 1255 network->power_constraint = info_element->data[0]; 1256 network->flags |= NETWORK_HAS_CSA; 1257 break; 1258 1259 case WLAN_EID_QUIET: 1260 network->quiet.count = info_element->data[0]; 1261 network->quiet.period = info_element->data[1]; 1262 network->quiet.duration = info_element->data[2]; 1263 network->quiet.offset = info_element->data[3]; 1264 network->flags |= NETWORK_HAS_QUIET; 1265 break; 1266 1267 case WLAN_EID_IBSS_DFS: 1268 network->flags |= NETWORK_HAS_IBSS_DFS; 1269 break; 1270 1271 case WLAN_EID_TPC_REPORT: 1272 network->tpc_report.transmit_power = 1273 info_element->data[0]; 1274 network->tpc_report.link_margin = info_element->data[1]; 1275 network->flags |= NETWORK_HAS_TPC_REPORT; 1276 break; 1277 1278 default: 1279 LIBIPW_DEBUG_MGMT 1280 ("Unsupported info element: %s (%d)\n", 1281 get_info_element_string(info_element->id), 1282 info_element->id); 1283 break; 1284 } 1285 1286 length -= sizeof(*info_element) + info_element->len; 1287 info_element = 1288 (struct libipw_info_element *)&info_element-> 1289 data[info_element->len]; 1290 } 1291 1292 return 0; 1293 } 1294 1295 static int libipw_handle_assoc_resp(struct libipw_device *ieee, struct libipw_assoc_response 1296 *frame, struct libipw_rx_stats *stats) 1297 { 1298 struct libipw_network network_resp = { }; 1299 struct libipw_network *network = &network_resp; 1300 struct net_device *dev = ieee->dev; 1301 1302 network->flags = 0; 1303 network->qos_data.active = 0; 1304 network->qos_data.supported = 0; 1305 network->qos_data.param_count = 0; 1306 network->qos_data.old_param_count = 0; 1307 1308 //network->atim_window = le16_to_cpu(frame->aid) & (0x3FFF); 1309 network->atim_window = le16_to_cpu(frame->aid); 1310 network->listen_interval = le16_to_cpu(frame->status); 1311 memcpy(network->bssid, frame->header.addr3, ETH_ALEN); 1312 network->capability = le16_to_cpu(frame->capability); 1313 network->last_scanned = jiffies; 1314 network->rates_len = network->rates_ex_len = 0; 1315 network->last_associate = 0; 1316 network->ssid_len = 0; 1317 network->erp_value = 1318 (network->capability & WLAN_CAPABILITY_IBSS) ? 0x3 : 0x0; 1319 1320 if (stats->freq == LIBIPW_52GHZ_BAND) { 1321 /* for A band (No DS info) */ 1322 network->channel = stats->received_channel; 1323 } else 1324 network->flags |= NETWORK_HAS_CCK; 1325 1326 network->wpa_ie_len = 0; 1327 network->rsn_ie_len = 0; 1328 1329 if (libipw_parse_info_param((void *)frame->variable, 1330 stats->len - sizeof(*frame), network)) 1331 return 1; 1332 1333 network->mode = 0; 1334 if (stats->freq == LIBIPW_52GHZ_BAND) 1335 network->mode = IEEE_A; 1336 else { 1337 if (network->flags & NETWORK_HAS_OFDM) 1338 network->mode |= IEEE_G; 1339 if (network->flags & NETWORK_HAS_CCK) 1340 network->mode |= IEEE_B; 1341 } 1342 1343 memcpy(&network->stats, stats, sizeof(network->stats)); 1344 1345 if (ieee->handle_assoc_response != NULL) 1346 ieee->handle_assoc_response(dev, frame, network); 1347 1348 return 0; 1349 } 1350 1351 /***************************************************/ 1352 1353 static int libipw_network_init(struct libipw_device *ieee, struct libipw_probe_response 1354 *beacon, 1355 struct libipw_network *network, 1356 struct libipw_rx_stats *stats) 1357 { 1358 network->qos_data.active = 0; 1359 network->qos_data.supported = 0; 1360 network->qos_data.param_count = 0; 1361 network->qos_data.old_param_count = 0; 1362 1363 /* Pull out fixed field data */ 1364 memcpy(network->bssid, beacon->header.addr3, ETH_ALEN); 1365 network->capability = le16_to_cpu(beacon->capability); 1366 network->last_scanned = jiffies; 1367 network->time_stamp[0] = le32_to_cpu(beacon->time_stamp[0]); 1368 network->time_stamp[1] = le32_to_cpu(beacon->time_stamp[1]); 1369 network->beacon_interval = le16_to_cpu(beacon->beacon_interval); 1370 /* Where to pull this? beacon->listen_interval; */ 1371 network->listen_interval = 0x0A; 1372 network->rates_len = network->rates_ex_len = 0; 1373 network->last_associate = 0; 1374 network->ssid_len = 0; 1375 network->flags = 0; 1376 network->atim_window = 0; 1377 network->erp_value = (network->capability & WLAN_CAPABILITY_IBSS) ? 1378 0x3 : 0x0; 1379 1380 if (stats->freq == LIBIPW_52GHZ_BAND) { 1381 /* for A band (No DS info) */ 1382 network->channel = stats->received_channel; 1383 } else 1384 network->flags |= NETWORK_HAS_CCK; 1385 1386 network->wpa_ie_len = 0; 1387 network->rsn_ie_len = 0; 1388 1389 if (libipw_parse_info_param((void *)beacon->variable, 1390 stats->len - sizeof(*beacon), network)) 1391 return 1; 1392 1393 network->mode = 0; 1394 if (stats->freq == LIBIPW_52GHZ_BAND) 1395 network->mode = IEEE_A; 1396 else { 1397 if (network->flags & NETWORK_HAS_OFDM) 1398 network->mode |= IEEE_G; 1399 if (network->flags & NETWORK_HAS_CCK) 1400 network->mode |= IEEE_B; 1401 } 1402 1403 if (network->mode == 0) { 1404 LIBIPW_DEBUG_SCAN("Filtered out '%*pE (%pM)' network.\n", 1405 network->ssid_len, network->ssid, 1406 network->bssid); 1407 return 1; 1408 } 1409 1410 memcpy(&network->stats, stats, sizeof(network->stats)); 1411 1412 return 0; 1413 } 1414 1415 static inline int is_same_network(struct libipw_network *src, 1416 struct libipw_network *dst) 1417 { 1418 /* A network is only a duplicate if the channel, BSSID, and ESSID 1419 * all match. We treat all <hidden> with the same BSSID and channel 1420 * as one network */ 1421 return ((src->ssid_len == dst->ssid_len) && 1422 (src->channel == dst->channel) && 1423 ether_addr_equal_64bits(src->bssid, dst->bssid) && 1424 !memcmp(src->ssid, dst->ssid, src->ssid_len)); 1425 } 1426 1427 static void update_network(struct libipw_network *dst, 1428 struct libipw_network *src) 1429 { 1430 int qos_active; 1431 u8 old_param; 1432 1433 /* We only update the statistics if they were created by receiving 1434 * the network information on the actual channel the network is on. 1435 * 1436 * This keeps beacons received on neighbor channels from bringing 1437 * down the signal level of an AP. */ 1438 if (dst->channel == src->stats.received_channel) 1439 memcpy(&dst->stats, &src->stats, 1440 sizeof(struct libipw_rx_stats)); 1441 else 1442 LIBIPW_DEBUG_SCAN("Network %pM info received " 1443 "off channel (%d vs. %d)\n", src->bssid, 1444 dst->channel, src->stats.received_channel); 1445 1446 dst->capability = src->capability; 1447 memcpy(dst->rates, src->rates, src->rates_len); 1448 dst->rates_len = src->rates_len; 1449 memcpy(dst->rates_ex, src->rates_ex, src->rates_ex_len); 1450 dst->rates_ex_len = src->rates_ex_len; 1451 1452 dst->mode = src->mode; 1453 dst->flags = src->flags; 1454 dst->time_stamp[0] = src->time_stamp[0]; 1455 dst->time_stamp[1] = src->time_stamp[1]; 1456 1457 dst->beacon_interval = src->beacon_interval; 1458 dst->listen_interval = src->listen_interval; 1459 dst->atim_window = src->atim_window; 1460 dst->erp_value = src->erp_value; 1461 dst->tim = src->tim; 1462 1463 memcpy(dst->wpa_ie, src->wpa_ie, src->wpa_ie_len); 1464 dst->wpa_ie_len = src->wpa_ie_len; 1465 memcpy(dst->rsn_ie, src->rsn_ie, src->rsn_ie_len); 1466 dst->rsn_ie_len = src->rsn_ie_len; 1467 1468 dst->last_scanned = jiffies; 1469 qos_active = src->qos_data.active; 1470 old_param = dst->qos_data.old_param_count; 1471 if (dst->flags & NETWORK_HAS_QOS_MASK) 1472 memcpy(&dst->qos_data, &src->qos_data, 1473 sizeof(struct libipw_qos_data)); 1474 else { 1475 dst->qos_data.supported = src->qos_data.supported; 1476 dst->qos_data.param_count = src->qos_data.param_count; 1477 } 1478 1479 if (dst->qos_data.supported == 1) { 1480 if (dst->ssid_len) 1481 LIBIPW_DEBUG_QOS 1482 ("QoS the network %s is QoS supported\n", 1483 dst->ssid); 1484 else 1485 LIBIPW_DEBUG_QOS 1486 ("QoS the network is QoS supported\n"); 1487 } 1488 dst->qos_data.active = qos_active; 1489 dst->qos_data.old_param_count = old_param; 1490 1491 /* dst->last_associate is not overwritten */ 1492 } 1493 1494 static inline int is_beacon(__le16 fc) 1495 { 1496 return (WLAN_FC_GET_STYPE(le16_to_cpu(fc)) == IEEE80211_STYPE_BEACON); 1497 } 1498 1499 static void libipw_process_probe_response(struct libipw_device 1500 *ieee, struct 1501 libipw_probe_response 1502 *beacon, struct libipw_rx_stats 1503 *stats) 1504 { 1505 struct net_device *dev = ieee->dev; 1506 struct libipw_network network = { }; 1507 struct libipw_network *target; 1508 struct libipw_network *oldest = NULL; 1509 #ifdef CONFIG_LIBIPW_DEBUG 1510 struct libipw_info_element *info_element = (void *)beacon->variable; 1511 #endif 1512 unsigned long flags; 1513 1514 LIBIPW_DEBUG_SCAN("'%*pE' (%pM): %c%c%c%c %c%c%c%c-%c%c%c%c %c%c%c%c\n", 1515 info_element->len, info_element->data, 1516 beacon->header.addr3, 1517 (beacon->capability & cpu_to_le16(1 << 0xf)) ? '1' : '0', 1518 (beacon->capability & cpu_to_le16(1 << 0xe)) ? '1' : '0', 1519 (beacon->capability & cpu_to_le16(1 << 0xd)) ? '1' : '0', 1520 (beacon->capability & cpu_to_le16(1 << 0xc)) ? '1' : '0', 1521 (beacon->capability & cpu_to_le16(1 << 0xb)) ? '1' : '0', 1522 (beacon->capability & cpu_to_le16(1 << 0xa)) ? '1' : '0', 1523 (beacon->capability & cpu_to_le16(1 << 0x9)) ? '1' : '0', 1524 (beacon->capability & cpu_to_le16(1 << 0x8)) ? '1' : '0', 1525 (beacon->capability & cpu_to_le16(1 << 0x7)) ? '1' : '0', 1526 (beacon->capability & cpu_to_le16(1 << 0x6)) ? '1' : '0', 1527 (beacon->capability & cpu_to_le16(1 << 0x5)) ? '1' : '0', 1528 (beacon->capability & cpu_to_le16(1 << 0x4)) ? '1' : '0', 1529 (beacon->capability & cpu_to_le16(1 << 0x3)) ? '1' : '0', 1530 (beacon->capability & cpu_to_le16(1 << 0x2)) ? '1' : '0', 1531 (beacon->capability & cpu_to_le16(1 << 0x1)) ? '1' : '0', 1532 (beacon->capability & cpu_to_le16(1 << 0x0)) ? '1' : '0'); 1533 1534 if (libipw_network_init(ieee, beacon, &network, stats)) { 1535 LIBIPW_DEBUG_SCAN("Dropped '%*pE' (%pM) via %s.\n", 1536 info_element->len, info_element->data, 1537 beacon->header.addr3, 1538 is_beacon(beacon->header.frame_ctl) ? 1539 "BEACON" : "PROBE RESPONSE"); 1540 return; 1541 } 1542 1543 /* The network parsed correctly -- so now we scan our known networks 1544 * to see if we can find it in our list. 1545 * 1546 * NOTE: This search is definitely not optimized. Once its doing 1547 * the "right thing" we'll optimize it for efficiency if 1548 * necessary */ 1549 1550 /* Search for this entry in the list and update it if it is 1551 * already there. */ 1552 1553 spin_lock_irqsave(&ieee->lock, flags); 1554 1555 list_for_each_entry(target, &ieee->network_list, list) { 1556 if (is_same_network(target, &network)) 1557 break; 1558 1559 if ((oldest == NULL) || 1560 time_before(target->last_scanned, oldest->last_scanned)) 1561 oldest = target; 1562 } 1563 1564 /* If we didn't find a match, then get a new network slot to initialize 1565 * with this beacon's information */ 1566 if (&target->list == &ieee->network_list) { 1567 if (list_empty(&ieee->network_free_list)) { 1568 /* If there are no more slots, expire the oldest */ 1569 list_del(&oldest->list); 1570 target = oldest; 1571 LIBIPW_DEBUG_SCAN("Expired '%*pE' (%pM) from network list.\n", 1572 target->ssid_len, target->ssid, 1573 target->bssid); 1574 } else { 1575 /* Otherwise just pull from the free list */ 1576 target = list_entry(ieee->network_free_list.next, 1577 struct libipw_network, list); 1578 list_del(ieee->network_free_list.next); 1579 } 1580 1581 #ifdef CONFIG_LIBIPW_DEBUG 1582 LIBIPW_DEBUG_SCAN("Adding '%*pE' (%pM) via %s.\n", 1583 network.ssid_len, network.ssid, 1584 network.bssid, 1585 is_beacon(beacon->header.frame_ctl) ? 1586 "BEACON" : "PROBE RESPONSE"); 1587 #endif 1588 memcpy(target, &network, sizeof(*target)); 1589 list_add_tail(&target->list, &ieee->network_list); 1590 } else { 1591 LIBIPW_DEBUG_SCAN("Updating '%*pE' (%pM) via %s.\n", 1592 target->ssid_len, target->ssid, 1593 target->bssid, 1594 is_beacon(beacon->header.frame_ctl) ? 1595 "BEACON" : "PROBE RESPONSE"); 1596 update_network(target, &network); 1597 } 1598 1599 spin_unlock_irqrestore(&ieee->lock, flags); 1600 1601 if (is_beacon(beacon->header.frame_ctl)) { 1602 if (ieee->handle_beacon != NULL) 1603 ieee->handle_beacon(dev, beacon, target); 1604 } else { 1605 if (ieee->handle_probe_response != NULL) 1606 ieee->handle_probe_response(dev, beacon, target); 1607 } 1608 } 1609 1610 void libipw_rx_mgt(struct libipw_device *ieee, 1611 struct libipw_hdr_4addr *header, 1612 struct libipw_rx_stats *stats) 1613 { 1614 switch (WLAN_FC_GET_STYPE(le16_to_cpu(header->frame_ctl))) { 1615 case IEEE80211_STYPE_ASSOC_RESP: 1616 LIBIPW_DEBUG_MGMT("received ASSOCIATION RESPONSE (%d)\n", 1617 WLAN_FC_GET_STYPE(le16_to_cpu 1618 (header->frame_ctl))); 1619 libipw_handle_assoc_resp(ieee, 1620 (struct libipw_assoc_response *) 1621 header, stats); 1622 break; 1623 1624 case IEEE80211_STYPE_REASSOC_RESP: 1625 LIBIPW_DEBUG_MGMT("received REASSOCIATION RESPONSE (%d)\n", 1626 WLAN_FC_GET_STYPE(le16_to_cpu 1627 (header->frame_ctl))); 1628 break; 1629 1630 case IEEE80211_STYPE_PROBE_REQ: 1631 LIBIPW_DEBUG_MGMT("received auth (%d)\n", 1632 WLAN_FC_GET_STYPE(le16_to_cpu 1633 (header->frame_ctl))); 1634 1635 if (ieee->handle_probe_request != NULL) 1636 ieee->handle_probe_request(ieee->dev, 1637 (struct 1638 libipw_probe_request *) 1639 header, stats); 1640 break; 1641 1642 case IEEE80211_STYPE_PROBE_RESP: 1643 LIBIPW_DEBUG_MGMT("received PROBE RESPONSE (%d)\n", 1644 WLAN_FC_GET_STYPE(le16_to_cpu 1645 (header->frame_ctl))); 1646 LIBIPW_DEBUG_SCAN("Probe response\n"); 1647 libipw_process_probe_response(ieee, 1648 (struct 1649 libipw_probe_response *) 1650 header, stats); 1651 break; 1652 1653 case IEEE80211_STYPE_BEACON: 1654 LIBIPW_DEBUG_MGMT("received BEACON (%d)\n", 1655 WLAN_FC_GET_STYPE(le16_to_cpu 1656 (header->frame_ctl))); 1657 LIBIPW_DEBUG_SCAN("Beacon\n"); 1658 libipw_process_probe_response(ieee, 1659 (struct 1660 libipw_probe_response *) 1661 header, stats); 1662 break; 1663 case IEEE80211_STYPE_AUTH: 1664 1665 LIBIPW_DEBUG_MGMT("received auth (%d)\n", 1666 WLAN_FC_GET_STYPE(le16_to_cpu 1667 (header->frame_ctl))); 1668 1669 if (ieee->handle_auth != NULL) 1670 ieee->handle_auth(ieee->dev, 1671 (struct libipw_auth *)header); 1672 break; 1673 1674 case IEEE80211_STYPE_DISASSOC: 1675 if (ieee->handle_disassoc != NULL) 1676 ieee->handle_disassoc(ieee->dev, 1677 (struct libipw_disassoc *) 1678 header); 1679 break; 1680 1681 case IEEE80211_STYPE_ACTION: 1682 LIBIPW_DEBUG_MGMT("ACTION\n"); 1683 if (ieee->handle_action) 1684 ieee->handle_action(ieee->dev, 1685 (struct libipw_action *) 1686 header, stats); 1687 break; 1688 1689 case IEEE80211_STYPE_REASSOC_REQ: 1690 LIBIPW_DEBUG_MGMT("received reassoc (%d)\n", 1691 WLAN_FC_GET_STYPE(le16_to_cpu 1692 (header->frame_ctl))); 1693 1694 LIBIPW_DEBUG_MGMT("%s: LIBIPW_REASSOC_REQ received\n", 1695 ieee->dev->name); 1696 if (ieee->handle_reassoc_request != NULL) 1697 ieee->handle_reassoc_request(ieee->dev, 1698 (struct libipw_reassoc_request *) 1699 header); 1700 break; 1701 1702 case IEEE80211_STYPE_ASSOC_REQ: 1703 LIBIPW_DEBUG_MGMT("received assoc (%d)\n", 1704 WLAN_FC_GET_STYPE(le16_to_cpu 1705 (header->frame_ctl))); 1706 1707 LIBIPW_DEBUG_MGMT("%s: LIBIPW_ASSOC_REQ received\n", 1708 ieee->dev->name); 1709 if (ieee->handle_assoc_request != NULL) 1710 ieee->handle_assoc_request(ieee->dev); 1711 break; 1712 1713 case IEEE80211_STYPE_DEAUTH: 1714 LIBIPW_DEBUG_MGMT("DEAUTH\n"); 1715 if (ieee->handle_deauth != NULL) 1716 ieee->handle_deauth(ieee->dev, 1717 (struct libipw_deauth *) 1718 header); 1719 break; 1720 default: 1721 LIBIPW_DEBUG_MGMT("received UNKNOWN (%d)\n", 1722 WLAN_FC_GET_STYPE(le16_to_cpu 1723 (header->frame_ctl))); 1724 LIBIPW_DEBUG_MGMT("%s: Unknown management packet: %d\n", 1725 ieee->dev->name, 1726 WLAN_FC_GET_STYPE(le16_to_cpu 1727 (header->frame_ctl))); 1728 break; 1729 } 1730 } 1731 1732 EXPORT_SYMBOL_GPL(libipw_rx_any); 1733 EXPORT_SYMBOL(libipw_rx_mgt); 1734 EXPORT_SYMBOL(libipw_rx); 1735