1/* 2 * Original code based Host AP (software wireless LAN access point) driver 3 * for Intersil Prism2/2.5/3 - hostap.o module, common routines 4 * 5 * Copyright (c) 2001-2002, SSH Communications Security Corp and Jouni Malinen 6 * <jkmaline@cc.hut.fi> 7 * Copyright (c) 2002-2003, Jouni Malinen <jkmaline@cc.hut.fi> 8 * Copyright (c) 2004, Intel Corporation 9 * 10 * This program is free software; you can redistribute it and/or modify 11 * it under the terms of the GNU General Public License version 2 as 12 * published by the Free Software Foundation. See README and COPYING for 13 * more details. 14 ****************************************************************************** 15 16 Few modifications for Realtek's Wi-Fi drivers by 17 Andrea Merello <andrea.merello@gmail.com> 18 19 A special thanks goes to Realtek for their support ! 20 21******************************************************************************/ 22 23 24#include <linux/compiler.h> 25#include <linux/errno.h> 26#include <linux/if_arp.h> 27#include <linux/in6.h> 28#include <linux/in.h> 29#include <linux/ip.h> 30#include <linux/kernel.h> 31#include <linux/module.h> 32#include <linux/netdevice.h> 33#include <linux/pci.h> 34#include <linux/proc_fs.h> 35#include <linux/skbuff.h> 36#include <linux/slab.h> 37#include <linux/tcp.h> 38#include <linux/types.h> 39#include <linux/wireless.h> 40#include <linux/etherdevice.h> 41#include <linux/uaccess.h> 42#include <linux/ctype.h> 43 44#include "rtllib.h" 45#include "dot11d.h" 46 47static inline void rtllib_monitor_rx(struct rtllib_device *ieee, 48 struct sk_buff *skb, struct rtllib_rx_stats *rx_status, 49 size_t hdr_length) 50{ 51 skb->dev = ieee->dev; 52 skb_reset_mac_header(skb); 53 skb_pull(skb, hdr_length); 54 skb->pkt_type = PACKET_OTHERHOST; 55 skb->protocol = htons(ETH_P_80211_RAW); 56 memset(skb->cb, 0, sizeof(skb->cb)); 57 netif_rx(skb); 58} 59 60/* Called only as a tasklet (software IRQ) */ 61static struct rtllib_frag_entry * 62rtllib_frag_cache_find(struct rtllib_device *ieee, unsigned int seq, 63 unsigned int frag, u8 tid, u8 *src, u8 *dst) 64{ 65 struct rtllib_frag_entry *entry; 66 int i; 67 68 for (i = 0; i < RTLLIB_FRAG_CACHE_LEN; i++) { 69 entry = &ieee->frag_cache[tid][i]; 70 if (entry->skb != NULL && 71 time_after(jiffies, entry->first_frag_time + 2 * HZ)) { 72 RTLLIB_DEBUG_FRAG( 73 "expiring fragment cache entry " 74 "seq=%u last_frag=%u\n", 75 entry->seq, entry->last_frag); 76 dev_kfree_skb_any(entry->skb); 77 entry->skb = NULL; 78 } 79 80 if (entry->skb != NULL && entry->seq == seq && 81 (entry->last_frag + 1 == frag || frag == -1) && 82 memcmp(entry->src_addr, src, ETH_ALEN) == 0 && 83 memcmp(entry->dst_addr, dst, ETH_ALEN) == 0) 84 return entry; 85 } 86 87 return NULL; 88} 89 90/* Called only as a tasklet (software IRQ) */ 91static struct sk_buff * 92rtllib_frag_cache_get(struct rtllib_device *ieee, 93 struct rtllib_hdr_4addr *hdr) 94{ 95 struct sk_buff *skb = NULL; 96 u16 fc = le16_to_cpu(hdr->frame_ctl); 97 u16 sc = le16_to_cpu(hdr->seq_ctl); 98 unsigned int frag = WLAN_GET_SEQ_FRAG(sc); 99 unsigned int seq = WLAN_GET_SEQ_SEQ(sc); 100 struct rtllib_frag_entry *entry; 101 struct rtllib_hdr_3addrqos *hdr_3addrqos; 102 struct rtllib_hdr_4addrqos *hdr_4addrqos; 103 u8 tid; 104 105 if (((fc & RTLLIB_FCTL_DSTODS) == RTLLIB_FCTL_DSTODS) && RTLLIB_QOS_HAS_SEQ(fc)) { 106 hdr_4addrqos = (struct rtllib_hdr_4addrqos *)hdr; 107 tid = le16_to_cpu(hdr_4addrqos->qos_ctl) & RTLLIB_QCTL_TID; 108 tid = UP2AC(tid); 109 tid++; 110 } else if (RTLLIB_QOS_HAS_SEQ(fc)) { 111 hdr_3addrqos = (struct rtllib_hdr_3addrqos *)hdr; 112 tid = le16_to_cpu(hdr_3addrqos->qos_ctl) & RTLLIB_QCTL_TID; 113 tid = UP2AC(tid); 114 tid++; 115 } else { 116 tid = 0; 117 } 118 119 if (frag == 0) { 120 /* Reserve enough space to fit maximum frame length */ 121 skb = dev_alloc_skb(ieee->dev->mtu + 122 sizeof(struct rtllib_hdr_4addr) + 123 8 /* LLC */ + 124 2 /* alignment */ + 125 8 /* WEP */ + 126 ETH_ALEN /* WDS */ + 127 (RTLLIB_QOS_HAS_SEQ(fc) ? 2 : 0) /* QOS Control */); 128 if (skb == NULL) 129 return NULL; 130 131 entry = &ieee->frag_cache[tid][ieee->frag_next_idx[tid]]; 132 ieee->frag_next_idx[tid]++; 133 if (ieee->frag_next_idx[tid] >= RTLLIB_FRAG_CACHE_LEN) 134 ieee->frag_next_idx[tid] = 0; 135 136 if (entry->skb != NULL) 137 dev_kfree_skb_any(entry->skb); 138 139 entry->first_frag_time = jiffies; 140 entry->seq = seq; 141 entry->last_frag = frag; 142 entry->skb = skb; 143 memcpy(entry->src_addr, hdr->addr2, ETH_ALEN); 144 memcpy(entry->dst_addr, hdr->addr1, ETH_ALEN); 145 } else { 146 /* received a fragment of a frame for which the head fragment 147 * should have already been received */ 148 entry = rtllib_frag_cache_find(ieee, seq, frag, tid, hdr->addr2, 149 hdr->addr1); 150 if (entry != NULL) { 151 entry->last_frag = frag; 152 skb = entry->skb; 153 } 154 } 155 156 return skb; 157} 158 159 160/* Called only as a tasklet (software IRQ) */ 161static int rtllib_frag_cache_invalidate(struct rtllib_device *ieee, 162 struct rtllib_hdr_4addr *hdr) 163{ 164 u16 fc = le16_to_cpu(hdr->frame_ctl); 165 u16 sc = le16_to_cpu(hdr->seq_ctl); 166 unsigned int seq = WLAN_GET_SEQ_SEQ(sc); 167 struct rtllib_frag_entry *entry; 168 struct rtllib_hdr_3addrqos *hdr_3addrqos; 169 struct rtllib_hdr_4addrqos *hdr_4addrqos; 170 u8 tid; 171 172 if (((fc & RTLLIB_FCTL_DSTODS) == RTLLIB_FCTL_DSTODS) && RTLLIB_QOS_HAS_SEQ(fc)) { 173 hdr_4addrqos = (struct rtllib_hdr_4addrqos *)hdr; 174 tid = le16_to_cpu(hdr_4addrqos->qos_ctl) & RTLLIB_QCTL_TID; 175 tid = UP2AC(tid); 176 tid++; 177 } else if (RTLLIB_QOS_HAS_SEQ(fc)) { 178 hdr_3addrqos = (struct rtllib_hdr_3addrqos *)hdr; 179 tid = le16_to_cpu(hdr_3addrqos->qos_ctl) & RTLLIB_QCTL_TID; 180 tid = UP2AC(tid); 181 tid++; 182 } else { 183 tid = 0; 184 } 185 186 entry = rtllib_frag_cache_find(ieee, seq, -1, tid, hdr->addr2, 187 hdr->addr1); 188 189 if (entry == NULL) { 190 RTLLIB_DEBUG_FRAG( 191 "could not invalidate fragment cache " 192 "entry (seq=%u)\n", seq); 193 return -1; 194 } 195 196 entry->skb = NULL; 197 return 0; 198} 199 200/* rtllib_rx_frame_mgtmt 201 * 202 * Responsible for handling management control frames 203 * 204 * Called by rtllib_rx */ 205static inline int 206rtllib_rx_frame_mgmt(struct rtllib_device *ieee, struct sk_buff *skb, 207 struct rtllib_rx_stats *rx_stats, u16 type, 208 u16 stype) 209{ 210 /* On the struct stats definition there is written that 211 * this is not mandatory.... but seems that the probe 212 * response parser uses it 213 */ 214 struct rtllib_hdr_3addr *hdr = (struct rtllib_hdr_3addr *)skb->data; 215 216 rx_stats->len = skb->len; 217 rtllib_rx_mgt(ieee, skb, rx_stats); 218 if ((memcmp(hdr->addr1, ieee->dev->dev_addr, ETH_ALEN))) { 219 dev_kfree_skb_any(skb); 220 return 0; 221 } 222 rtllib_rx_frame_softmac(ieee, skb, rx_stats, type, stype); 223 224 dev_kfree_skb_any(skb); 225 226 return 0; 227} 228 229/* See IEEE 802.1H for LLC/SNAP encapsulation/decapsulation */ 230/* Ethernet-II snap header (RFC1042 for most EtherTypes) */ 231static unsigned char rfc1042_header[] = { 232 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 233}; 234/* Bridge-Tunnel header (for EtherTypes ETH_P_AARP and ETH_P_IPX) */ 235static unsigned char bridge_tunnel_header[] = { 236 0xaa, 0xaa, 0x03, 0x00, 0x00, 0xf8 237}; 238/* No encapsulation header if EtherType < 0x600 (=length) */ 239 240/* Called by rtllib_rx_frame_decrypt */ 241static int rtllib_is_eapol_frame(struct rtllib_device *ieee, 242 struct sk_buff *skb, size_t hdrlen) 243{ 244 struct net_device *dev = ieee->dev; 245 u16 fc, ethertype; 246 struct rtllib_hdr_4addr *hdr; 247 u8 *pos; 248 249 if (skb->len < 24) 250 return 0; 251 252 hdr = (struct rtllib_hdr_4addr *) skb->data; 253 fc = le16_to_cpu(hdr->frame_ctl); 254 255 /* check that the frame is unicast frame to us */ 256 if ((fc & (RTLLIB_FCTL_TODS | RTLLIB_FCTL_FROMDS)) == 257 RTLLIB_FCTL_TODS && 258 memcmp(hdr->addr1, dev->dev_addr, ETH_ALEN) == 0 && 259 memcmp(hdr->addr3, dev->dev_addr, ETH_ALEN) == 0) { 260 /* ToDS frame with own addr BSSID and DA */ 261 } else if ((fc & (RTLLIB_FCTL_TODS | RTLLIB_FCTL_FROMDS)) == 262 RTLLIB_FCTL_FROMDS && 263 memcmp(hdr->addr1, dev->dev_addr, ETH_ALEN) == 0) { 264 /* FromDS frame with own addr as DA */ 265 } else 266 return 0; 267 268 if (skb->len < 24 + 8) 269 return 0; 270 271 /* check for port access entity Ethernet type */ 272 pos = skb->data + hdrlen; 273 ethertype = (pos[6] << 8) | pos[7]; 274 if (ethertype == ETH_P_PAE) 275 return 1; 276 277 return 0; 278} 279 280/* Called only as a tasklet (software IRQ), by rtllib_rx */ 281static inline int 282rtllib_rx_frame_decrypt(struct rtllib_device *ieee, struct sk_buff *skb, 283 struct lib80211_crypt_data *crypt) 284{ 285 struct rtllib_hdr_4addr *hdr; 286 int res, hdrlen; 287 288 if (crypt == NULL || crypt->ops->decrypt_mpdu == NULL) 289 return 0; 290 291 if (ieee->hwsec_active) { 292 struct cb_desc *tcb_desc = (struct cb_desc *)(skb->cb + MAX_DEV_ADDR_SIZE); 293 294 tcb_desc->bHwSec = 1; 295 296 if (ieee->need_sw_enc) 297 tcb_desc->bHwSec = 0; 298 } 299 300 hdr = (struct rtllib_hdr_4addr *) skb->data; 301 hdrlen = rtllib_get_hdrlen(le16_to_cpu(hdr->frame_ctl)); 302 303 atomic_inc(&crypt->refcnt); 304 res = crypt->ops->decrypt_mpdu(skb, hdrlen, crypt->priv); 305 atomic_dec(&crypt->refcnt); 306 if (res < 0) { 307 RTLLIB_DEBUG_DROP( 308 "decryption failed (SA= %pM" 309 ") res=%d\n", hdr->addr2, res); 310 if (res == -2) 311 RTLLIB_DEBUG_DROP("Decryption failed ICV " 312 "mismatch (key %d)\n", 313 skb->data[hdrlen + 3] >> 6); 314 ieee->ieee_stats.rx_discards_undecryptable++; 315 return -1; 316 } 317 318 return res; 319} 320 321 322/* Called only as a tasklet (software IRQ), by rtllib_rx */ 323static inline int 324rtllib_rx_frame_decrypt_msdu(struct rtllib_device *ieee, struct sk_buff *skb, 325 int keyidx, struct lib80211_crypt_data *crypt) 326{ 327 struct rtllib_hdr_4addr *hdr; 328 int res, hdrlen; 329 330 if (crypt == NULL || crypt->ops->decrypt_msdu == NULL) 331 return 0; 332 if (ieee->hwsec_active) { 333 struct cb_desc *tcb_desc = (struct cb_desc *)(skb->cb + MAX_DEV_ADDR_SIZE); 334 335 tcb_desc->bHwSec = 1; 336 337 if (ieee->need_sw_enc) 338 tcb_desc->bHwSec = 0; 339 } 340 341 hdr = (struct rtllib_hdr_4addr *) skb->data; 342 hdrlen = rtllib_get_hdrlen(le16_to_cpu(hdr->frame_ctl)); 343 344 atomic_inc(&crypt->refcnt); 345 res = crypt->ops->decrypt_msdu(skb, keyidx, hdrlen, crypt->priv); 346 atomic_dec(&crypt->refcnt); 347 if (res < 0) { 348 printk(KERN_DEBUG "%s: MSDU decryption/MIC verification failed" 349 " (SA= %pM keyidx=%d)\n", 350 ieee->dev->name, hdr->addr2, keyidx); 351 return -1; 352 } 353 354 return 0; 355} 356 357 358/* this function is stolen from ipw2200 driver*/ 359#define IEEE_PACKET_RETRY_TIME (5*HZ) 360static int is_duplicate_packet(struct rtllib_device *ieee, 361 struct rtllib_hdr_4addr *header) 362{ 363 u16 fc = le16_to_cpu(header->frame_ctl); 364 u16 sc = le16_to_cpu(header->seq_ctl); 365 u16 seq = WLAN_GET_SEQ_SEQ(sc); 366 u16 frag = WLAN_GET_SEQ_FRAG(sc); 367 u16 *last_seq, *last_frag; 368 unsigned long *last_time; 369 struct rtllib_hdr_3addrqos *hdr_3addrqos; 370 struct rtllib_hdr_4addrqos *hdr_4addrqos; 371 u8 tid; 372 373 if (((fc & RTLLIB_FCTL_DSTODS) == RTLLIB_FCTL_DSTODS) && RTLLIB_QOS_HAS_SEQ(fc)) { 374 hdr_4addrqos = (struct rtllib_hdr_4addrqos *)header; 375 tid = le16_to_cpu(hdr_4addrqos->qos_ctl) & RTLLIB_QCTL_TID; 376 tid = UP2AC(tid); 377 tid++; 378 } else if (RTLLIB_QOS_HAS_SEQ(fc)) { 379 hdr_3addrqos = (struct rtllib_hdr_3addrqos *)header; 380 tid = le16_to_cpu(hdr_3addrqos->qos_ctl) & RTLLIB_QCTL_TID; 381 tid = UP2AC(tid); 382 tid++; 383 } else { 384 tid = 0; 385 } 386 387 switch (ieee->iw_mode) { 388 case IW_MODE_ADHOC: 389 { 390 struct list_head *p; 391 struct ieee_ibss_seq *entry = NULL; 392 u8 *mac = header->addr2; 393 int index = mac[5] % IEEE_IBSS_MAC_HASH_SIZE; 394 395 list_for_each(p, &ieee->ibss_mac_hash[index]) { 396 entry = list_entry(p, struct ieee_ibss_seq, list); 397 if (!memcmp(entry->mac, mac, ETH_ALEN)) 398 break; 399 } 400 if (p == &ieee->ibss_mac_hash[index]) { 401 entry = kmalloc(sizeof(struct ieee_ibss_seq), GFP_ATOMIC); 402 if (!entry) { 403 printk(KERN_WARNING "Cannot malloc new mac entry\n"); 404 return 0; 405 } 406 memcpy(entry->mac, mac, ETH_ALEN); 407 entry->seq_num[tid] = seq; 408 entry->frag_num[tid] = frag; 409 entry->packet_time[tid] = jiffies; 410 list_add(&entry->list, &ieee->ibss_mac_hash[index]); 411 return 0; 412 } 413 last_seq = &entry->seq_num[tid]; 414 last_frag = &entry->frag_num[tid]; 415 last_time = &entry->packet_time[tid]; 416 break; 417 } 418 419 case IW_MODE_INFRA: 420 last_seq = &ieee->last_rxseq_num[tid]; 421 last_frag = &ieee->last_rxfrag_num[tid]; 422 last_time = &ieee->last_packet_time[tid]; 423 break; 424 default: 425 return 0; 426 } 427 428 if ((*last_seq == seq) && 429 time_after(*last_time + IEEE_PACKET_RETRY_TIME, jiffies)) { 430 if (*last_frag == frag) 431 goto drop; 432 if (*last_frag + 1 != frag) 433 /* out-of-order fragment */ 434 goto drop; 435 } else 436 *last_seq = seq; 437 438 *last_frag = frag; 439 *last_time = jiffies; 440 return 0; 441 442drop: 443 444 return 1; 445} 446 447static bool AddReorderEntry(struct rx_ts_record *pTS, 448 struct rx_reorder_entry *pReorderEntry) 449{ 450 struct list_head *pList = &pTS->RxPendingPktList; 451 452 while (pList->next != &pTS->RxPendingPktList) { 453 if (SN_LESS(pReorderEntry->SeqNum, ((struct rx_reorder_entry *) 454 list_entry(pList->next, struct rx_reorder_entry, 455 List))->SeqNum)) 456 pList = pList->next; 457 else if (SN_EQUAL(pReorderEntry->SeqNum, 458 ((struct rx_reorder_entry *)list_entry(pList->next, 459 struct rx_reorder_entry, List))->SeqNum)) 460 return false; 461 else 462 break; 463 } 464 pReorderEntry->List.next = pList->next; 465 pReorderEntry->List.next->prev = &pReorderEntry->List; 466 pReorderEntry->List.prev = pList; 467 pList->next = &pReorderEntry->List; 468 469 return true; 470} 471 472void rtllib_indicate_packets(struct rtllib_device *ieee, struct rtllib_rxb **prxbIndicateArray, u8 index) 473{ 474 struct net_device_stats *stats = &ieee->stats; 475 u8 i = 0 , j = 0; 476 u16 ethertype; 477 478 for (j = 0; j < index; j++) { 479 struct rtllib_rxb *prxb = prxbIndicateArray[j]; 480 481 for (i = 0; i < prxb->nr_subframes; i++) { 482 struct sk_buff *sub_skb = prxb->subframes[i]; 483 484 /* convert hdr + possible LLC headers into Ethernet header */ 485 ethertype = (sub_skb->data[6] << 8) | sub_skb->data[7]; 486 if (sub_skb->len >= 8 && 487 ((memcmp(sub_skb->data, rfc1042_header, SNAP_SIZE) == 0 && 488 ethertype != ETH_P_AARP && ethertype != ETH_P_IPX) || 489 memcmp(sub_skb->data, bridge_tunnel_header, SNAP_SIZE) == 0)) { 490 /* remove RFC1042 or Bridge-Tunnel encapsulation 491 * and replace EtherType */ 492 skb_pull(sub_skb, SNAP_SIZE); 493 memcpy(skb_push(sub_skb, ETH_ALEN), prxb->src, ETH_ALEN); 494 memcpy(skb_push(sub_skb, ETH_ALEN), prxb->dst, ETH_ALEN); 495 } else { 496 u16 len; 497 /* Leave Ethernet header part of hdr and full payload */ 498 len = sub_skb->len; 499 memcpy(skb_push(sub_skb, 2), &len, 2); 500 memcpy(skb_push(sub_skb, ETH_ALEN), prxb->src, ETH_ALEN); 501 memcpy(skb_push(sub_skb, ETH_ALEN), prxb->dst, ETH_ALEN); 502 } 503 504 /* Indicate the packets to upper layer */ 505 if (sub_skb) { 506 stats->rx_packets++; 507 stats->rx_bytes += sub_skb->len; 508 509 memset(sub_skb->cb, 0, sizeof(sub_skb->cb)); 510 sub_skb->protocol = eth_type_trans(sub_skb, ieee->dev); 511 sub_skb->dev = ieee->dev; 512 sub_skb->dev->stats.rx_packets++; 513 sub_skb->dev->stats.rx_bytes += sub_skb->len; 514 sub_skb->ip_summed = CHECKSUM_NONE; /* 802.11 crc not sufficient */ 515 ieee->last_rx_ps_time = jiffies; 516 netif_rx(sub_skb); 517 } 518 } 519 kfree(prxb); 520 prxb = NULL; 521 } 522} 523 524void rtllib_FlushRxTsPendingPkts(struct rtllib_device *ieee, struct rx_ts_record *pTS) 525{ 526 struct rx_reorder_entry *pRxReorderEntry; 527 u8 RfdCnt = 0; 528 529 del_timer_sync(&pTS->RxPktPendingTimer); 530 while (!list_empty(&pTS->RxPendingPktList)) { 531 if (RfdCnt >= REORDER_WIN_SIZE) { 532 printk(KERN_INFO "-------------->%s() error! RfdCnt >= REORDER_WIN_SIZE\n", __func__); 533 break; 534 } 535 536 pRxReorderEntry = (struct rx_reorder_entry *)list_entry(pTS->RxPendingPktList.prev, struct rx_reorder_entry, List); 537 RTLLIB_DEBUG(RTLLIB_DL_REORDER, "%s(): Indicate SeqNum %d!\n", __func__, pRxReorderEntry->SeqNum); 538 list_del_init(&pRxReorderEntry->List); 539 540 ieee->RfdArray[RfdCnt] = pRxReorderEntry->prxb; 541 542 RfdCnt = RfdCnt + 1; 543 list_add_tail(&pRxReorderEntry->List, &ieee->RxReorder_Unused_List); 544 } 545 rtllib_indicate_packets(ieee, ieee->RfdArray, RfdCnt); 546 547 pTS->RxIndicateSeq = 0xffff; 548} 549 550static void RxReorderIndicatePacket(struct rtllib_device *ieee, 551 struct rtllib_rxb *prxb, 552 struct rx_ts_record *pTS, u16 SeqNum) 553{ 554 struct rt_hi_throughput *pHTInfo = ieee->pHTInfo; 555 struct rx_reorder_entry *pReorderEntry = NULL; 556 u8 WinSize = pHTInfo->RxReorderWinSize; 557 u16 WinEnd = 0; 558 u8 index = 0; 559 bool bMatchWinStart = false, bPktInBuf = false; 560 unsigned long flags; 561 562 RTLLIB_DEBUG(RTLLIB_DL_REORDER, "%s(): Seq is %d, pTS->RxIndicateSeq" 563 " is %d, WinSize is %d\n", __func__, SeqNum, 564 pTS->RxIndicateSeq, WinSize); 565 566 spin_lock_irqsave(&(ieee->reorder_spinlock), flags); 567 568 WinEnd = (pTS->RxIndicateSeq + WinSize - 1) % 4096; 569 /* Rx Reorder initialize condition.*/ 570 if (pTS->RxIndicateSeq == 0xffff) 571 pTS->RxIndicateSeq = SeqNum; 572 573 /* Drop out the packet which SeqNum is smaller than WinStart */ 574 if (SN_LESS(SeqNum, pTS->RxIndicateSeq)) { 575 RTLLIB_DEBUG(RTLLIB_DL_REORDER, "Packet Drop! IndicateSeq: %d, NewSeq: %d\n", 576 pTS->RxIndicateSeq, SeqNum); 577 pHTInfo->RxReorderDropCounter++; 578 { 579 int i; 580 581 for (i = 0; i < prxb->nr_subframes; i++) 582 dev_kfree_skb(prxb->subframes[i]); 583 kfree(prxb); 584 prxb = NULL; 585 } 586 spin_unlock_irqrestore(&(ieee->reorder_spinlock), flags); 587 return; 588 } 589 590 /* 591 * Sliding window manipulation. Conditions includes: 592 * 1. Incoming SeqNum is equal to WinStart =>Window shift 1 593 * 2. Incoming SeqNum is larger than the WinEnd => Window shift N 594 */ 595 if (SN_EQUAL(SeqNum, pTS->RxIndicateSeq)) { 596 pTS->RxIndicateSeq = (pTS->RxIndicateSeq + 1) % 4096; 597 bMatchWinStart = true; 598 } else if (SN_LESS(WinEnd, SeqNum)) { 599 if (SeqNum >= (WinSize - 1)) 600 pTS->RxIndicateSeq = SeqNum + 1 - WinSize; 601 else 602 pTS->RxIndicateSeq = 4095 - (WinSize - (SeqNum + 1)) + 1; 603 RTLLIB_DEBUG(RTLLIB_DL_REORDER, "Window Shift! IndicateSeq: %d," 604 " NewSeq: %d\n", pTS->RxIndicateSeq, SeqNum); 605 } 606 607 /* 608 * Indication process. 609 * After Packet dropping and Sliding Window shifting as above, we can 610 * now just indicate the packets with the SeqNum smaller than latest 611 * WinStart and struct buffer other packets. 612 */ 613 /* For Rx Reorder condition: 614 * 1. All packets with SeqNum smaller than WinStart => Indicate 615 * 2. All packets with SeqNum larger than or equal to 616 * WinStart => Buffer it. 617 */ 618 if (bMatchWinStart) { 619 /* Current packet is going to be indicated.*/ 620 RTLLIB_DEBUG(RTLLIB_DL_REORDER, "Packets indication!! " 621 "IndicateSeq: %d, NewSeq: %d\n", 622 pTS->RxIndicateSeq, SeqNum); 623 ieee->prxbIndicateArray[0] = prxb; 624 index = 1; 625 } else { 626 /* Current packet is going to be inserted into pending list.*/ 627 if (!list_empty(&ieee->RxReorder_Unused_List)) { 628 pReorderEntry = (struct rx_reorder_entry *) 629 list_entry(ieee->RxReorder_Unused_List.next, 630 struct rx_reorder_entry, List); 631 list_del_init(&pReorderEntry->List); 632 633 /* Make a reorder entry and insert into a the packet list.*/ 634 pReorderEntry->SeqNum = SeqNum; 635 pReorderEntry->prxb = prxb; 636 637 if (!AddReorderEntry(pTS, pReorderEntry)) { 638 RTLLIB_DEBUG(RTLLIB_DL_REORDER, 639 "%s(): Duplicate packet is " 640 "dropped!! IndicateSeq: %d, " 641 "NewSeq: %d\n", 642 __func__, pTS->RxIndicateSeq, 643 SeqNum); 644 list_add_tail(&pReorderEntry->List, 645 &ieee->RxReorder_Unused_List); { 646 int i; 647 648 for (i = 0; i < prxb->nr_subframes; i++) 649 dev_kfree_skb(prxb->subframes[i]); 650 kfree(prxb); 651 prxb = NULL; 652 } 653 } else { 654 RTLLIB_DEBUG(RTLLIB_DL_REORDER, 655 "Pkt insert into struct buffer!! " 656 "IndicateSeq: %d, NewSeq: %d\n", 657 pTS->RxIndicateSeq, SeqNum); 658 } 659 } else { 660 /* 661 * Packets are dropped if there are not enough reorder 662 * entries. This part should be modified!! We can just 663 * indicate all the packets in struct buffer and get 664 * reorder entries. 665 */ 666 RTLLIB_DEBUG(RTLLIB_DL_ERR, "RxReorderIndicatePacket():" 667 " There is no reorder entry!! Packet is " 668 "dropped!!\n"); 669 { 670 int i; 671 672 for (i = 0; i < prxb->nr_subframes; i++) 673 dev_kfree_skb(prxb->subframes[i]); 674 kfree(prxb); 675 prxb = NULL; 676 } 677 } 678 } 679 680 /* Check if there is any packet need indicate.*/ 681 while (!list_empty(&pTS->RxPendingPktList)) { 682 RTLLIB_DEBUG(RTLLIB_DL_REORDER, "%s(): start RREORDER indicate\n", __func__); 683 684 pReorderEntry = (struct rx_reorder_entry *)list_entry(pTS->RxPendingPktList.prev, 685 struct rx_reorder_entry, List); 686 if (SN_LESS(pReorderEntry->SeqNum, pTS->RxIndicateSeq) || 687 SN_EQUAL(pReorderEntry->SeqNum, pTS->RxIndicateSeq)) { 688 /* This protect struct buffer from overflow. */ 689 if (index >= REORDER_WIN_SIZE) { 690 RTLLIB_DEBUG(RTLLIB_DL_ERR, "RxReorderIndicate" 691 "Packet(): Buffer overflow!!\n"); 692 bPktInBuf = true; 693 break; 694 } 695 696 list_del_init(&pReorderEntry->List); 697 698 if (SN_EQUAL(pReorderEntry->SeqNum, pTS->RxIndicateSeq)) 699 pTS->RxIndicateSeq = (pTS->RxIndicateSeq + 1) % 4096; 700 701 ieee->prxbIndicateArray[index] = pReorderEntry->prxb; 702 RTLLIB_DEBUG(RTLLIB_DL_REORDER, "%s(): Indicate SeqNum" 703 " %d!\n", __func__, pReorderEntry->SeqNum); 704 index++; 705 706 list_add_tail(&pReorderEntry->List, 707 &ieee->RxReorder_Unused_List); 708 } else { 709 bPktInBuf = true; 710 break; 711 } 712 } 713 714 /* Handling pending timer. Set this timer to prevent from long time 715 * Rx buffering.*/ 716 if (index > 0) { 717 if (timer_pending(&pTS->RxPktPendingTimer)) 718 del_timer_sync(&pTS->RxPktPendingTimer); 719 pTS->RxTimeoutIndicateSeq = 0xffff; 720 721 if (index > REORDER_WIN_SIZE) { 722 RTLLIB_DEBUG(RTLLIB_DL_ERR, "RxReorderIndicatePacket():" 723 " Rx Reorder struct buffer full!!\n"); 724 spin_unlock_irqrestore(&(ieee->reorder_spinlock), 725 flags); 726 return; 727 } 728 rtllib_indicate_packets(ieee, ieee->prxbIndicateArray, index); 729 bPktInBuf = false; 730 } 731 732 if (bPktInBuf && pTS->RxTimeoutIndicateSeq == 0xffff) { 733 RTLLIB_DEBUG(RTLLIB_DL_REORDER, "%s(): SET rx timeout timer\n", 734 __func__); 735 pTS->RxTimeoutIndicateSeq = pTS->RxIndicateSeq; 736 mod_timer(&pTS->RxPktPendingTimer, jiffies + 737 MSECS(pHTInfo->RxReorderPendingTime)); 738 } 739 spin_unlock_irqrestore(&(ieee->reorder_spinlock), flags); 740} 741 742static u8 parse_subframe(struct rtllib_device *ieee, struct sk_buff *skb, 743 struct rtllib_rx_stats *rx_stats, 744 struct rtllib_rxb *rxb, u8 *src, u8 *dst) 745{ 746 struct rtllib_hdr_3addr *hdr = (struct rtllib_hdr_3addr *)skb->data; 747 u16 fc = le16_to_cpu(hdr->frame_ctl); 748 749 u16 LLCOffset = sizeof(struct rtllib_hdr_3addr); 750 u16 ChkLength; 751 bool bIsAggregateFrame = false; 752 u16 nSubframe_Length; 753 u8 nPadding_Length = 0; 754 u16 SeqNum = 0; 755 struct sk_buff *sub_skb; 756 u8 *data_ptr; 757 /* just for debug purpose */ 758 SeqNum = WLAN_GET_SEQ_SEQ(le16_to_cpu(hdr->seq_ctl)); 759 if ((RTLLIB_QOS_HAS_SEQ(fc)) && 760 (((union frameqos *)(skb->data + RTLLIB_3ADDR_LEN))->field.reserved)) 761 bIsAggregateFrame = true; 762 763 if (RTLLIB_QOS_HAS_SEQ(fc)) 764 LLCOffset += 2; 765 if (rx_stats->bContainHTC) 766 LLCOffset += sHTCLng; 767 768 ChkLength = LLCOffset; 769 770 if (skb->len <= ChkLength) 771 return 0; 772 773 skb_pull(skb, LLCOffset); 774 ieee->bIsAggregateFrame = bIsAggregateFrame; 775 if (!bIsAggregateFrame) { 776 rxb->nr_subframes = 1; 777 778 /* altered by clark 3/30/2010 779 * The struct buffer size of the skb indicated to upper layer 780 * must be less than 5000, or the defraged IP datagram 781 * in the IP layer will exceed "ipfrag_high_tresh" and be 782 * discarded. so there must not use the function 783 * "skb_copy" and "skb_clone" for "skb". 784 */ 785 786 /* Allocate new skb for releasing to upper layer */ 787 sub_skb = dev_alloc_skb(RTLLIB_SKBBUFFER_SIZE); 788 if (!sub_skb) 789 return 0; 790 skb_reserve(sub_skb, 12); 791 data_ptr = (u8 *)skb_put(sub_skb, skb->len); 792 memcpy(data_ptr, skb->data, skb->len); 793 sub_skb->dev = ieee->dev; 794 795 rxb->subframes[0] = sub_skb; 796 797 memcpy(rxb->src, src, ETH_ALEN); 798 memcpy(rxb->dst, dst, ETH_ALEN); 799 rxb->subframes[0]->dev = ieee->dev; 800 return 1; 801 } else { 802 rxb->nr_subframes = 0; 803 memcpy(rxb->src, src, ETH_ALEN); 804 memcpy(rxb->dst, dst, ETH_ALEN); 805 while (skb->len > ETHERNET_HEADER_SIZE) { 806 /* Offset 12 denote 2 mac address */ 807 nSubframe_Length = *((u16 *)(skb->data + 12)); 808 nSubframe_Length = (nSubframe_Length >> 8) + 809 (nSubframe_Length << 8); 810 811 if (skb->len < (ETHERNET_HEADER_SIZE + nSubframe_Length)) { 812 printk(KERN_INFO "%s: A-MSDU parse error!! " 813 "pRfd->nTotalSubframe : %d\n",\ 814 __func__, rxb->nr_subframes); 815 printk(KERN_INFO "%s: A-MSDU parse error!! " 816 "Subframe Length: %d\n", __func__, 817 nSubframe_Length); 818 printk(KERN_INFO "nRemain_Length is %d and " 819 "nSubframe_Length is : %d\n", skb->len, 820 nSubframe_Length); 821 printk(KERN_INFO "The Packet SeqNum is %d\n", SeqNum); 822 return 0; 823 } 824 825 /* move the data point to data content */ 826 skb_pull(skb, ETHERNET_HEADER_SIZE); 827 828 /* altered by clark 3/30/2010 829 * The struct buffer size of the skb indicated to upper layer 830 * must be less than 5000, or the defraged IP datagram 831 * in the IP layer will exceed "ipfrag_high_tresh" and be 832 * discarded. so there must not use the function 833 * "skb_copy" and "skb_clone" for "skb". 834 */ 835 836 /* Allocate new skb for releasing to upper layer */ 837 sub_skb = dev_alloc_skb(nSubframe_Length + 12); 838 if (!sub_skb) 839 return 0; 840 skb_reserve(sub_skb, 12); 841 data_ptr = (u8 *)skb_put(sub_skb, nSubframe_Length); 842 memcpy(data_ptr, skb->data, nSubframe_Length); 843 844 sub_skb->dev = ieee->dev; 845 rxb->subframes[rxb->nr_subframes++] = sub_skb; 846 if (rxb->nr_subframes >= MAX_SUBFRAME_COUNT) { 847 RTLLIB_DEBUG_RX("ParseSubframe(): Too many " 848 "Subframes! Packets dropped!\n"); 849 break; 850 } 851 skb_pull(skb, nSubframe_Length); 852 853 if (skb->len != 0) { 854 nPadding_Length = 4 - ((nSubframe_Length + 855 ETHERNET_HEADER_SIZE) % 4); 856 if (nPadding_Length == 4) 857 nPadding_Length = 0; 858 859 if (skb->len < nPadding_Length) 860 return 0; 861 862 skb_pull(skb, nPadding_Length); 863 } 864 } 865 866 return rxb->nr_subframes; 867 } 868} 869 870 871static size_t rtllib_rx_get_hdrlen(struct rtllib_device *ieee, 872 struct sk_buff *skb, 873 struct rtllib_rx_stats *rx_stats) 874{ 875 struct rtllib_hdr_4addr *hdr = (struct rtllib_hdr_4addr *)skb->data; 876 u16 fc = le16_to_cpu(hdr->frame_ctl); 877 size_t hdrlen = 0; 878 879 hdrlen = rtllib_get_hdrlen(fc); 880 if (HTCCheck(ieee, skb->data)) { 881 if (net_ratelimit()) 882 printk(KERN_INFO "%s: find HTCControl!\n", __func__); 883 hdrlen += 4; 884 rx_stats->bContainHTC = true; 885 } 886 887 if (RTLLIB_QOS_HAS_SEQ(fc)) 888 rx_stats->bIsQosData = true; 889 890 return hdrlen; 891} 892 893static int rtllib_rx_check_duplicate(struct rtllib_device *ieee, 894 struct sk_buff *skb, u8 multicast) 895{ 896 struct rtllib_hdr_4addr *hdr = (struct rtllib_hdr_4addr *)skb->data; 897 u16 fc, sc; 898 u8 frag, type, stype; 899 900 fc = le16_to_cpu(hdr->frame_ctl); 901 type = WLAN_FC_GET_TYPE(fc); 902 stype = WLAN_FC_GET_STYPE(fc); 903 sc = le16_to_cpu(hdr->seq_ctl); 904 frag = WLAN_GET_SEQ_FRAG(sc); 905 906 if ((ieee->pHTInfo->bCurRxReorderEnable == false) || 907 !ieee->current_network.qos_data.active || 908 !IsDataFrame(skb->data) || 909 IsLegacyDataFrame(skb->data)) { 910 if (!((type == RTLLIB_FTYPE_MGMT) && (stype == RTLLIB_STYPE_BEACON))) { 911 if (is_duplicate_packet(ieee, hdr)) 912 return -1; 913 } 914 } else { 915 struct rx_ts_record *pRxTS = NULL; 916 917 if (GetTs(ieee, (struct ts_common_info **) &pRxTS, hdr->addr2, 918 (u8)Frame_QoSTID((u8 *)(skb->data)), RX_DIR, true)) { 919 if ((fc & (1<<11)) && (frag == pRxTS->RxLastFragNum) && 920 (WLAN_GET_SEQ_SEQ(sc) == pRxTS->RxLastSeqNum)) 921 return -1; 922 pRxTS->RxLastFragNum = frag; 923 pRxTS->RxLastSeqNum = WLAN_GET_SEQ_SEQ(sc); 924 } else { 925 RTLLIB_DEBUG(RTLLIB_DL_ERR, "ERR!!%s(): No TS!! Skip" 926 " the check!!\n", __func__); 927 return -1; 928 } 929 } 930 931 return 0; 932} 933 934static void rtllib_rx_extract_addr(struct rtllib_device *ieee, 935 struct rtllib_hdr_4addr *hdr, u8 *dst, 936 u8 *src, u8 *bssid) 937{ 938 u16 fc = le16_to_cpu(hdr->frame_ctl); 939 940 switch (fc & (RTLLIB_FCTL_FROMDS | RTLLIB_FCTL_TODS)) { 941 case RTLLIB_FCTL_FROMDS: 942 memcpy(dst, hdr->addr1, ETH_ALEN); 943 memcpy(src, hdr->addr3, ETH_ALEN); 944 memcpy(bssid, hdr->addr2, ETH_ALEN); 945 break; 946 case RTLLIB_FCTL_TODS: 947 memcpy(dst, hdr->addr3, ETH_ALEN); 948 memcpy(src, hdr->addr2, ETH_ALEN); 949 memcpy(bssid, hdr->addr1, ETH_ALEN); 950 break; 951 case RTLLIB_FCTL_FROMDS | RTLLIB_FCTL_TODS: 952 memcpy(dst, hdr->addr3, ETH_ALEN); 953 memcpy(src, hdr->addr4, ETH_ALEN); 954 memcpy(bssid, ieee->current_network.bssid, ETH_ALEN); 955 break; 956 case 0: 957 memcpy(dst, hdr->addr1, ETH_ALEN); 958 memcpy(src, hdr->addr2, ETH_ALEN); 959 memcpy(bssid, hdr->addr3, ETH_ALEN); 960 break; 961 } 962} 963 964static int rtllib_rx_data_filter(struct rtllib_device *ieee, u16 fc, 965 u8 *dst, u8 *src, u8 *bssid, u8 *addr2) 966{ 967 u8 type, stype; 968 969 type = WLAN_FC_GET_TYPE(fc); 970 stype = WLAN_FC_GET_STYPE(fc); 971 972 /* Filter frames from different BSS */ 973 if (((fc & RTLLIB_FCTL_DSTODS) != RTLLIB_FCTL_DSTODS) && 974 !ether_addr_equal(ieee->current_network.bssid, bssid) && 975 !is_zero_ether_addr(ieee->current_network.bssid)) { 976 return -1; 977 } 978 979 /* Filter packets sent by an STA that will be forwarded by AP */ 980 if (ieee->IntelPromiscuousModeInfo.bPromiscuousOn && 981 ieee->IntelPromiscuousModeInfo.bFilterSourceStationFrame) { 982 if ((fc & RTLLIB_FCTL_TODS) && !(fc & RTLLIB_FCTL_FROMDS) && 983 !ether_addr_equal(dst, ieee->current_network.bssid) && 984 ether_addr_equal(bssid, ieee->current_network.bssid)) { 985 return -1; 986 } 987 } 988 989 /* Nullfunc frames may have PS-bit set, so they must be passed to 990 * hostap_handle_sta_rx() before being dropped here. */ 991 if (!ieee->IntelPromiscuousModeInfo.bPromiscuousOn) { 992 if (stype != RTLLIB_STYPE_DATA && 993 stype != RTLLIB_STYPE_DATA_CFACK && 994 stype != RTLLIB_STYPE_DATA_CFPOLL && 995 stype != RTLLIB_STYPE_DATA_CFACKPOLL && 996 stype != RTLLIB_STYPE_QOS_DATA) { 997 if (stype != RTLLIB_STYPE_NULLFUNC) 998 RTLLIB_DEBUG_DROP( 999 "RX: dropped data frame " 1000 "with no data (type=0x%02x, " 1001 "subtype=0x%02x)\n", 1002 type, stype); 1003 return -1; 1004 } 1005 } 1006 1007 if (ieee->iw_mode != IW_MODE_MESH) { 1008 /* packets from our adapter are dropped (echo) */ 1009 if (!memcmp(src, ieee->dev->dev_addr, ETH_ALEN)) 1010 return -1; 1011 1012 /* {broad,multi}cast packets to our BSS go through */ 1013 if (is_multicast_ether_addr(dst)) { 1014 if (memcmp(bssid, ieee->current_network.bssid, ETH_ALEN)) 1015 return -1; 1016 } 1017 } 1018 return 0; 1019} 1020 1021static int rtllib_rx_get_crypt(struct rtllib_device *ieee, struct sk_buff *skb, 1022 struct lib80211_crypt_data **crypt, size_t hdrlen) 1023{ 1024 struct rtllib_hdr_4addr *hdr = (struct rtllib_hdr_4addr *)skb->data; 1025 u16 fc = le16_to_cpu(hdr->frame_ctl); 1026 int idx = 0; 1027 1028 if (ieee->host_decrypt) { 1029 if (skb->len >= hdrlen + 3) 1030 idx = skb->data[hdrlen + 3] >> 6; 1031 1032 *crypt = ieee->crypt_info.crypt[idx]; 1033 /* allow NULL decrypt to indicate an station specific override 1034 * for default encryption */ 1035 if (*crypt && ((*crypt)->ops == NULL || 1036 (*crypt)->ops->decrypt_mpdu == NULL)) 1037 *crypt = NULL; 1038 1039 if (!*crypt && (fc & RTLLIB_FCTL_WEP)) { 1040 /* This seems to be triggered by some (multicast?) 1041 * frames from other than current BSS, so just drop the 1042 * frames silently instead of filling system log with 1043 * these reports. */ 1044 RTLLIB_DEBUG_DROP("Decryption failed (not set)" 1045 " (SA= %pM)\n", 1046 hdr->addr2); 1047 ieee->ieee_stats.rx_discards_undecryptable++; 1048 return -1; 1049 } 1050 } 1051 1052 return 0; 1053} 1054 1055static int rtllib_rx_decrypt(struct rtllib_device *ieee, struct sk_buff *skb, 1056 struct rtllib_rx_stats *rx_stats, 1057 struct lib80211_crypt_data *crypt, size_t hdrlen) 1058{ 1059 struct rtllib_hdr_4addr *hdr; 1060 int keyidx = 0; 1061 u16 fc, sc; 1062 u8 frag; 1063 1064 hdr = (struct rtllib_hdr_4addr *)skb->data; 1065 fc = le16_to_cpu(hdr->frame_ctl); 1066 sc = le16_to_cpu(hdr->seq_ctl); 1067 frag = WLAN_GET_SEQ_FRAG(sc); 1068 1069 if ((!rx_stats->Decrypted)) 1070 ieee->need_sw_enc = 1; 1071 else 1072 ieee->need_sw_enc = 0; 1073 1074 keyidx = rtllib_rx_frame_decrypt(ieee, skb, crypt); 1075 if (ieee->host_decrypt && (fc & RTLLIB_FCTL_WEP) && (keyidx < 0)) { 1076 printk(KERN_INFO "%s: decrypt frame error\n", __func__); 1077 return -1; 1078 } 1079 1080 hdr = (struct rtllib_hdr_4addr *) skb->data; 1081 if ((frag != 0 || (fc & RTLLIB_FCTL_MOREFRAGS))) { 1082 int flen; 1083 struct sk_buff *frag_skb = rtllib_frag_cache_get(ieee, hdr); 1084 1085 RTLLIB_DEBUG_FRAG("Rx Fragment received (%u)\n", frag); 1086 1087 if (!frag_skb) { 1088 RTLLIB_DEBUG(RTLLIB_DL_RX | RTLLIB_DL_FRAG, 1089 "Rx cannot get skb from fragment " 1090 "cache (morefrag=%d seq=%u frag=%u)\n", 1091 (fc & RTLLIB_FCTL_MOREFRAGS) != 0, 1092 WLAN_GET_SEQ_SEQ(sc), frag); 1093 return -1; 1094 } 1095 flen = skb->len; 1096 if (frag != 0) 1097 flen -= hdrlen; 1098 1099 if (frag_skb->tail + flen > frag_skb->end) { 1100 printk(KERN_WARNING "%s: host decrypted and " 1101 "reassembled frame did not fit skb\n", 1102 __func__); 1103 rtllib_frag_cache_invalidate(ieee, hdr); 1104 return -1; 1105 } 1106 1107 if (frag == 0) { 1108 /* copy first fragment (including full headers) into 1109 * beginning of the fragment cache skb */ 1110 memcpy(skb_put(frag_skb, flen), skb->data, flen); 1111 } else { 1112 /* append frame payload to the end of the fragment 1113 * cache skb */ 1114 memcpy(skb_put(frag_skb, flen), skb->data + hdrlen, 1115 flen); 1116 } 1117 dev_kfree_skb_any(skb); 1118 skb = NULL; 1119 1120 if (fc & RTLLIB_FCTL_MOREFRAGS) { 1121 /* more fragments expected - leave the skb in fragment 1122 * cache for now; it will be delivered to upper layers 1123 * after all fragments have been received */ 1124 return -2; 1125 } 1126 1127 /* this was the last fragment and the frame will be 1128 * delivered, so remove skb from fragment cache */ 1129 skb = frag_skb; 1130 hdr = (struct rtllib_hdr_4addr *) skb->data; 1131 rtllib_frag_cache_invalidate(ieee, hdr); 1132 } 1133 1134 /* skb: hdr + (possible reassembled) full MSDU payload; possibly still 1135 * encrypted/authenticated */ 1136 if (ieee->host_decrypt && (fc & RTLLIB_FCTL_WEP) && 1137 rtllib_rx_frame_decrypt_msdu(ieee, skb, keyidx, crypt)) { 1138 printk(KERN_INFO "%s: ==>decrypt msdu error\n", __func__); 1139 return -1; 1140 } 1141 1142 hdr = (struct rtllib_hdr_4addr *) skb->data; 1143 if (crypt && !(fc & RTLLIB_FCTL_WEP) && !ieee->open_wep) { 1144 if (/*ieee->ieee802_1x &&*/ 1145 rtllib_is_eapol_frame(ieee, skb, hdrlen)) { 1146 1147 /* pass unencrypted EAPOL frames even if encryption is 1148 * configured */ 1149 struct eapol *eap = (struct eapol *)(skb->data + 1150 24); 1151 RTLLIB_DEBUG_EAP("RX: IEEE 802.1X EAPOL frame: %s\n", 1152 eap_get_type(eap->type)); 1153 } else { 1154 RTLLIB_DEBUG_DROP( 1155 "encryption configured, but RX " 1156 "frame not encrypted (SA= %pM)\n", 1157 hdr->addr2); 1158 return -1; 1159 } 1160 } 1161 1162 if (crypt && !(fc & RTLLIB_FCTL_WEP) && 1163 rtllib_is_eapol_frame(ieee, skb, hdrlen)) { 1164 struct eapol *eap = (struct eapol *)(skb->data + 1165 24); 1166 RTLLIB_DEBUG_EAP("RX: IEEE 802.1X EAPOL frame: %s\n", 1167 eap_get_type(eap->type)); 1168 } 1169 1170 if (crypt && !(fc & RTLLIB_FCTL_WEP) && !ieee->open_wep && 1171 !rtllib_is_eapol_frame(ieee, skb, hdrlen)) { 1172 RTLLIB_DEBUG_DROP( 1173 "dropped unencrypted RX data " 1174 "frame from %pM" 1175 " (drop_unencrypted=1)\n", 1176 hdr->addr2); 1177 return -1; 1178 } 1179 1180 if (rtllib_is_eapol_frame(ieee, skb, hdrlen)) 1181 printk(KERN_WARNING "RX: IEEE802.1X EAPOL frame!\n"); 1182 1183 return 0; 1184} 1185 1186static void rtllib_rx_check_leave_lps(struct rtllib_device *ieee, u8 unicast, u8 nr_subframes) 1187{ 1188 if (unicast) { 1189 1190 if ((ieee->state == RTLLIB_LINKED)) { 1191 if (((ieee->LinkDetectInfo.NumRxUnicastOkInPeriod + 1192 ieee->LinkDetectInfo.NumTxOkInPeriod) > 8) || 1193 (ieee->LinkDetectInfo.NumRxUnicastOkInPeriod > 2)) { 1194 if (ieee->LeisurePSLeave) 1195 ieee->LeisurePSLeave(ieee->dev); 1196 } 1197 } 1198 } 1199 ieee->last_rx_ps_time = jiffies; 1200} 1201 1202static void rtllib_rx_indicate_pkt_legacy(struct rtllib_device *ieee, 1203 struct rtllib_rx_stats *rx_stats, 1204 struct rtllib_rxb *rxb, 1205 u8 *dst, 1206 u8 *src) 1207{ 1208 struct net_device *dev = ieee->dev; 1209 u16 ethertype; 1210 int i = 0; 1211 1212 if (rxb == NULL) { 1213 printk(KERN_INFO "%s: rxb is NULL!!\n", __func__); 1214 return ; 1215 } 1216 1217 for (i = 0; i < rxb->nr_subframes; i++) { 1218 struct sk_buff *sub_skb = rxb->subframes[i]; 1219 1220 if (sub_skb) { 1221 /* convert hdr + possible LLC headers into Ethernet header */ 1222 ethertype = (sub_skb->data[6] << 8) | sub_skb->data[7]; 1223 if (sub_skb->len >= 8 && 1224 ((memcmp(sub_skb->data, rfc1042_header, SNAP_SIZE) == 0 && 1225 ethertype != ETH_P_AARP && ethertype != ETH_P_IPX) || 1226 memcmp(sub_skb->data, bridge_tunnel_header, SNAP_SIZE) == 0)) { 1227 /* remove RFC1042 or Bridge-Tunnel encapsulation and 1228 * replace EtherType */ 1229 skb_pull(sub_skb, SNAP_SIZE); 1230 memcpy(skb_push(sub_skb, ETH_ALEN), src, ETH_ALEN); 1231 memcpy(skb_push(sub_skb, ETH_ALEN), dst, ETH_ALEN); 1232 } else { 1233 u16 len; 1234 /* Leave Ethernet header part of hdr and full payload */ 1235 len = sub_skb->len; 1236 memcpy(skb_push(sub_skb, 2), &len, 2); 1237 memcpy(skb_push(sub_skb, ETH_ALEN), src, ETH_ALEN); 1238 memcpy(skb_push(sub_skb, ETH_ALEN), dst, ETH_ALEN); 1239 } 1240 1241 ieee->stats.rx_packets++; 1242 ieee->stats.rx_bytes += sub_skb->len; 1243 1244 if (is_multicast_ether_addr(dst)) 1245 ieee->stats.multicast++; 1246 1247 /* Indicate the packets to upper layer */ 1248 memset(sub_skb->cb, 0, sizeof(sub_skb->cb)); 1249 sub_skb->protocol = eth_type_trans(sub_skb, dev); 1250 sub_skb->dev = dev; 1251 sub_skb->dev->stats.rx_packets++; 1252 sub_skb->dev->stats.rx_bytes += sub_skb->len; 1253 sub_skb->ip_summed = CHECKSUM_NONE; /* 802.11 crc not sufficient */ 1254 netif_rx(sub_skb); 1255 } 1256 } 1257 kfree(rxb); 1258 rxb = NULL; 1259} 1260 1261static int rtllib_rx_InfraAdhoc(struct rtllib_device *ieee, struct sk_buff *skb, 1262 struct rtllib_rx_stats *rx_stats) 1263{ 1264 struct net_device *dev = ieee->dev; 1265 struct rtllib_hdr_4addr *hdr = (struct rtllib_hdr_4addr *)skb->data; 1266 struct lib80211_crypt_data *crypt = NULL; 1267 struct rtllib_rxb *rxb = NULL; 1268 struct rx_ts_record *pTS = NULL; 1269 u16 fc, sc, SeqNum = 0; 1270 u8 type, stype, multicast = 0, unicast = 0, nr_subframes = 0, TID = 0; 1271 u8 dst[ETH_ALEN], src[ETH_ALEN], bssid[ETH_ALEN] = {0}, *payload; 1272 size_t hdrlen = 0; 1273 bool bToOtherSTA = false; 1274 int ret = 0, i = 0; 1275 1276 hdr = (struct rtllib_hdr_4addr *)skb->data; 1277 fc = le16_to_cpu(hdr->frame_ctl); 1278 type = WLAN_FC_GET_TYPE(fc); 1279 stype = WLAN_FC_GET_STYPE(fc); 1280 sc = le16_to_cpu(hdr->seq_ctl); 1281 1282 /*Filter pkt not to me*/ 1283 multicast = is_multicast_ether_addr(hdr->addr1); 1284 unicast = !multicast; 1285 if (unicast && !ether_addr_equal(dev->dev_addr, hdr->addr1)) { 1286 if (ieee->bNetPromiscuousMode) 1287 bToOtherSTA = true; 1288 else 1289 goto rx_dropped; 1290 } 1291 1292 /*Filter pkt has too small length */ 1293 hdrlen = rtllib_rx_get_hdrlen(ieee, skb, rx_stats); 1294 if (skb->len < hdrlen) { 1295 printk(KERN_INFO "%s():ERR!!! skb->len is smaller than hdrlen\n", __func__); 1296 goto rx_dropped; 1297 } 1298 1299 /* Filter Duplicate pkt */ 1300 ret = rtllib_rx_check_duplicate(ieee, skb, multicast); 1301 if (ret < 0) 1302 goto rx_dropped; 1303 1304 /* Filter CTRL Frame */ 1305 if (type == RTLLIB_FTYPE_CTL) 1306 goto rx_dropped; 1307 1308 /* Filter MGNT Frame */ 1309 if (type == RTLLIB_FTYPE_MGMT) { 1310 if (bToOtherSTA) 1311 goto rx_dropped; 1312 if (rtllib_rx_frame_mgmt(ieee, skb, rx_stats, type, stype)) 1313 goto rx_dropped; 1314 else 1315 goto rx_exit; 1316 } 1317 1318 /* Filter WAPI DATA Frame */ 1319 1320 /* Update statstics for AP roaming */ 1321 if (!bToOtherSTA) { 1322 ieee->LinkDetectInfo.NumRecvDataInPeriod++; 1323 ieee->LinkDetectInfo.NumRxOkInPeriod++; 1324 } 1325 dev->last_rx = jiffies; 1326 1327 /* Data frame - extract src/dst addresses */ 1328 rtllib_rx_extract_addr(ieee, hdr, dst, src, bssid); 1329 1330 /* Filter Data frames */ 1331 ret = rtllib_rx_data_filter(ieee, fc, dst, src, bssid, hdr->addr2); 1332 if (ret < 0) 1333 goto rx_dropped; 1334 1335 if (skb->len == hdrlen) 1336 goto rx_dropped; 1337 1338 /* Send pspoll based on moredata */ 1339 if ((ieee->iw_mode == IW_MODE_INFRA) && (ieee->sta_sleep == LPS_IS_SLEEP) 1340 && (ieee->polling) && (!bToOtherSTA)) { 1341 if (WLAN_FC_MORE_DATA(fc)) { 1342 /* more data bit is set, let's request a new frame from the AP */ 1343 rtllib_sta_ps_send_pspoll_frame(ieee); 1344 } else { 1345 ieee->polling = false; 1346 } 1347 } 1348 1349 /* Get crypt if encrypted */ 1350 ret = rtllib_rx_get_crypt(ieee, skb, &crypt, hdrlen); 1351 if (ret == -1) 1352 goto rx_dropped; 1353 1354 /* Decrypt data frame (including reassemble) */ 1355 ret = rtllib_rx_decrypt(ieee, skb, rx_stats, crypt, hdrlen); 1356 if (ret == -1) 1357 goto rx_dropped; 1358 else if (ret == -2) 1359 goto rx_exit; 1360 1361 /* Get TS for Rx Reorder */ 1362 hdr = (struct rtllib_hdr_4addr *) skb->data; 1363 if (ieee->current_network.qos_data.active && IsQoSDataFrame(skb->data) 1364 && !is_multicast_ether_addr(hdr->addr1) 1365 && (!bToOtherSTA)) { 1366 TID = Frame_QoSTID(skb->data); 1367 SeqNum = WLAN_GET_SEQ_SEQ(sc); 1368 GetTs(ieee, (struct ts_common_info **) &pTS, hdr->addr2, TID, RX_DIR, true); 1369 if (TID != 0 && TID != 3) 1370 ieee->bis_any_nonbepkts = true; 1371 } 1372 1373 /* Parse rx data frame (For AMSDU) */ 1374 /* skb: hdr + (possible reassembled) full plaintext payload */ 1375 payload = skb->data + hdrlen; 1376 rxb = kmalloc(sizeof(struct rtllib_rxb), GFP_ATOMIC); 1377 if (rxb == NULL) { 1378 RTLLIB_DEBUG(RTLLIB_DL_ERR, 1379 "%s(): kmalloc rxb error\n", __func__); 1380 goto rx_dropped; 1381 } 1382 /* to parse amsdu packets */ 1383 /* qos data packets & reserved bit is 1 */ 1384 if (parse_subframe(ieee, skb, rx_stats, rxb, src, dst) == 0) { 1385 /* only to free rxb, and not submit the packets to upper layer */ 1386 for (i = 0; i < rxb->nr_subframes; i++) 1387 dev_kfree_skb(rxb->subframes[i]); 1388 kfree(rxb); 1389 rxb = NULL; 1390 goto rx_dropped; 1391 } 1392 1393 /* Update WAPI PN */ 1394 1395 /* Check if leave LPS */ 1396 if (!bToOtherSTA) { 1397 if (ieee->bIsAggregateFrame) 1398 nr_subframes = rxb->nr_subframes; 1399 else 1400 nr_subframes = 1; 1401 if (unicast) 1402 ieee->LinkDetectInfo.NumRxUnicastOkInPeriod += nr_subframes; 1403 rtllib_rx_check_leave_lps(ieee, unicast, nr_subframes); 1404 } 1405 1406 /* Indicate packets to upper layer or Rx Reorder */ 1407 if (ieee->pHTInfo->bCurRxReorderEnable == false || pTS == NULL || bToOtherSTA) 1408 rtllib_rx_indicate_pkt_legacy(ieee, rx_stats, rxb, dst, src); 1409 else 1410 RxReorderIndicatePacket(ieee, rxb, pTS, SeqNum); 1411 1412 dev_kfree_skb(skb); 1413 1414 rx_exit: 1415 return 1; 1416 1417 rx_dropped: 1418 if (rxb != NULL) { 1419 kfree(rxb); 1420 rxb = NULL; 1421 } 1422 ieee->stats.rx_dropped++; 1423 1424 /* Returning 0 indicates to caller that we have not handled the SKB-- 1425 * so it is still allocated and can be used again by underlying 1426 * hardware as a DMA target */ 1427 return 0; 1428} 1429 1430static int rtllib_rx_Master(struct rtllib_device *ieee, struct sk_buff *skb, 1431 struct rtllib_rx_stats *rx_stats) 1432{ 1433 return 0; 1434} 1435 1436static int rtllib_rx_Monitor(struct rtllib_device *ieee, struct sk_buff *skb, 1437 struct rtllib_rx_stats *rx_stats) 1438{ 1439 struct rtllib_hdr_4addr *hdr = (struct rtllib_hdr_4addr *)skb->data; 1440 u16 fc = le16_to_cpu(hdr->frame_ctl); 1441 size_t hdrlen = rtllib_get_hdrlen(fc); 1442 1443 if (skb->len < hdrlen) { 1444 printk(KERN_INFO "%s():ERR!!! skb->len is smaller than hdrlen\n", __func__); 1445 return 0; 1446 } 1447 1448 if (HTCCheck(ieee, skb->data)) { 1449 if (net_ratelimit()) 1450 printk(KERN_INFO "%s: Find HTCControl!\n", __func__); 1451 hdrlen += 4; 1452 } 1453 1454 rtllib_monitor_rx(ieee, skb, rx_stats, hdrlen); 1455 ieee->stats.rx_packets++; 1456 ieee->stats.rx_bytes += skb->len; 1457 1458 return 1; 1459} 1460 1461static int rtllib_rx_Mesh(struct rtllib_device *ieee, struct sk_buff *skb, 1462 struct rtllib_rx_stats *rx_stats) 1463{ 1464 return 0; 1465} 1466 1467/* All received frames are sent to this function. @skb contains the frame in 1468 * IEEE 802.11 format, i.e., in the format it was sent over air. 1469 * This function is called only as a tasklet (software IRQ). */ 1470int rtllib_rx(struct rtllib_device *ieee, struct sk_buff *skb, 1471 struct rtllib_rx_stats *rx_stats) 1472{ 1473 int ret = 0; 1474 1475 if ((NULL == ieee) || (NULL == skb) || (NULL == rx_stats)) { 1476 printk(KERN_INFO "%s: Input parameters NULL!\n", __func__); 1477 goto rx_dropped; 1478 } 1479 if (skb->len < 10) { 1480 printk(KERN_INFO "%s: SKB length < 10\n", __func__); 1481 goto rx_dropped; 1482 } 1483 1484 switch (ieee->iw_mode) { 1485 case IW_MODE_ADHOC: 1486 case IW_MODE_INFRA: 1487 ret = rtllib_rx_InfraAdhoc(ieee, skb, rx_stats); 1488 break; 1489 case IW_MODE_MASTER: 1490 case IW_MODE_REPEAT: 1491 ret = rtllib_rx_Master(ieee, skb, rx_stats); 1492 break; 1493 case IW_MODE_MONITOR: 1494 ret = rtllib_rx_Monitor(ieee, skb, rx_stats); 1495 break; 1496 case IW_MODE_MESH: 1497 ret = rtllib_rx_Mesh(ieee, skb, rx_stats); 1498 break; 1499 default: 1500 printk(KERN_INFO"%s: ERR iw mode!!!\n", __func__); 1501 break; 1502 } 1503 1504 return ret; 1505 1506 rx_dropped: 1507 if (ieee) 1508 ieee->stats.rx_dropped++; 1509 return 0; 1510} 1511EXPORT_SYMBOL(rtllib_rx); 1512 1513static u8 qos_oui[QOS_OUI_LEN] = { 0x00, 0x50, 0xF2 }; 1514 1515/* 1516* Make ther structure we read from the beacon packet has 1517* the right values 1518*/ 1519static int rtllib_verify_qos_info(struct rtllib_qos_information_element 1520 *info_element, int sub_type) 1521{ 1522 1523 if (info_element->qui_subtype != sub_type) 1524 return -1; 1525 if (memcmp(info_element->qui, qos_oui, QOS_OUI_LEN)) 1526 return -1; 1527 if (info_element->qui_type != QOS_OUI_TYPE) 1528 return -1; 1529 if (info_element->version != QOS_VERSION_1) 1530 return -1; 1531 1532 return 0; 1533} 1534 1535 1536/* 1537 * Parse a QoS parameter element 1538 */ 1539static int rtllib_read_qos_param_element(struct rtllib_qos_parameter_info 1540 *element_param, struct rtllib_info_element 1541 *info_element) 1542{ 1543 int ret = 0; 1544 u16 size = sizeof(struct rtllib_qos_parameter_info) - 2; 1545 1546 if ((info_element == NULL) || (element_param == NULL)) 1547 return -1; 1548 1549 if (info_element->id == QOS_ELEMENT_ID && info_element->len == size) { 1550 memcpy(element_param->info_element.qui, info_element->data, 1551 info_element->len); 1552 element_param->info_element.elementID = info_element->id; 1553 element_param->info_element.length = info_element->len; 1554 } else 1555 ret = -1; 1556 if (ret == 0) 1557 ret = rtllib_verify_qos_info(&element_param->info_element, 1558 QOS_OUI_PARAM_SUB_TYPE); 1559 return ret; 1560} 1561 1562/* 1563 * Parse a QoS information element 1564 */ 1565static int rtllib_read_qos_info_element(struct 1566 rtllib_qos_information_element 1567 *element_info, struct rtllib_info_element 1568 *info_element) 1569{ 1570 int ret = 0; 1571 u16 size = sizeof(struct rtllib_qos_information_element) - 2; 1572 1573 if (element_info == NULL) 1574 return -1; 1575 if (info_element == NULL) 1576 return -1; 1577 1578 if ((info_element->id == QOS_ELEMENT_ID) && (info_element->len == size)) { 1579 memcpy(element_info->qui, info_element->data, 1580 info_element->len); 1581 element_info->elementID = info_element->id; 1582 element_info->length = info_element->len; 1583 } else 1584 ret = -1; 1585 1586 if (ret == 0) 1587 ret = rtllib_verify_qos_info(element_info, 1588 QOS_OUI_INFO_SUB_TYPE); 1589 return ret; 1590} 1591 1592 1593/* 1594 * Write QoS parameters from the ac parameters. 1595 */ 1596static int rtllib_qos_convert_ac_to_parameters(struct rtllib_qos_parameter_info *param_elm, 1597 struct rtllib_qos_data *qos_data) 1598{ 1599 struct rtllib_qos_ac_parameter *ac_params; 1600 struct rtllib_qos_parameters *qos_param = &(qos_data->parameters); 1601 int i; 1602 u8 aci; 1603 u8 acm; 1604 1605 qos_data->wmm_acm = 0; 1606 for (i = 0; i < QOS_QUEUE_NUM; i++) { 1607 ac_params = &(param_elm->ac_params_record[i]); 1608 1609 aci = (ac_params->aci_aifsn & 0x60) >> 5; 1610 acm = (ac_params->aci_aifsn & 0x10) >> 4; 1611 1612 if (aci >= QOS_QUEUE_NUM) 1613 continue; 1614 switch (aci) { 1615 case 1: 1616 /* BIT(0) | BIT(3) */ 1617 if (acm) 1618 qos_data->wmm_acm |= (0x01<<0)|(0x01<<3); 1619 break; 1620 case 2: 1621 /* BIT(4) | BIT(5) */ 1622 if (acm) 1623 qos_data->wmm_acm |= (0x01<<4)|(0x01<<5); 1624 break; 1625 case 3: 1626 /* BIT(6) | BIT(7) */ 1627 if (acm) 1628 qos_data->wmm_acm |= (0x01<<6)|(0x01<<7); 1629 break; 1630 case 0: 1631 default: 1632 /* BIT(1) | BIT(2) */ 1633 if (acm) 1634 qos_data->wmm_acm |= (0x01<<1)|(0x01<<2); 1635 break; 1636 } 1637 1638 qos_param->aifs[aci] = (ac_params->aci_aifsn) & 0x0f; 1639 1640 /* WMM spec P.11: The minimum value for AIFSN shall be 2 */ 1641 qos_param->aifs[aci] = (qos_param->aifs[aci] < 2) ? 2 : qos_param->aifs[aci]; 1642 1643 qos_param->cw_min[aci] = cpu_to_le16(ac_params->ecw_min_max & 0x0F); 1644 1645 qos_param->cw_max[aci] = cpu_to_le16((ac_params->ecw_min_max & 0xF0) >> 4); 1646 1647 qos_param->flag[aci] = 1648 (ac_params->aci_aifsn & 0x10) ? 0x01 : 0x00; 1649 qos_param->tx_op_limit[aci] = ac_params->tx_op_limit; 1650 } 1651 return 0; 1652} 1653 1654/* 1655 * we have a generic data element which it may contain QoS information or 1656 * parameters element. check the information element length to decide 1657 * which type to read 1658 */ 1659static int rtllib_parse_qos_info_param_IE(struct rtllib_info_element 1660 *info_element, 1661 struct rtllib_network *network) 1662{ 1663 int rc = 0; 1664 struct rtllib_qos_information_element qos_info_element; 1665 1666 rc = rtllib_read_qos_info_element(&qos_info_element, info_element); 1667 1668 if (rc == 0) { 1669 network->qos_data.param_count = qos_info_element.ac_info & 0x0F; 1670 network->flags |= NETWORK_HAS_QOS_INFORMATION; 1671 } else { 1672 struct rtllib_qos_parameter_info param_element; 1673 1674 rc = rtllib_read_qos_param_element(¶m_element, 1675 info_element); 1676 if (rc == 0) { 1677 rtllib_qos_convert_ac_to_parameters(¶m_element, 1678 &(network->qos_data)); 1679 network->flags |= NETWORK_HAS_QOS_PARAMETERS; 1680 network->qos_data.param_count = 1681 param_element.info_element.ac_info & 0x0F; 1682 } 1683 } 1684 1685 if (rc == 0) { 1686 RTLLIB_DEBUG_QOS("QoS is supported\n"); 1687 network->qos_data.supported = 1; 1688 } 1689 return rc; 1690} 1691 1692#define MFIE_STRING(x) case MFIE_TYPE_ ##x: return #x 1693 1694static const char *get_info_element_string(u16 id) 1695{ 1696 switch (id) { 1697 MFIE_STRING(SSID); 1698 MFIE_STRING(RATES); 1699 MFIE_STRING(FH_SET); 1700 MFIE_STRING(DS_SET); 1701 MFIE_STRING(CF_SET); 1702 MFIE_STRING(TIM); 1703 MFIE_STRING(IBSS_SET); 1704 MFIE_STRING(COUNTRY); 1705 MFIE_STRING(HOP_PARAMS); 1706 MFIE_STRING(HOP_TABLE); 1707 MFIE_STRING(REQUEST); 1708 MFIE_STRING(CHALLENGE); 1709 MFIE_STRING(POWER_CONSTRAINT); 1710 MFIE_STRING(POWER_CAPABILITY); 1711 MFIE_STRING(TPC_REQUEST); 1712 MFIE_STRING(TPC_REPORT); 1713 MFIE_STRING(SUPP_CHANNELS); 1714 MFIE_STRING(CSA); 1715 MFIE_STRING(MEASURE_REQUEST); 1716 MFIE_STRING(MEASURE_REPORT); 1717 MFIE_STRING(QUIET); 1718 MFIE_STRING(IBSS_DFS); 1719 MFIE_STRING(RSN); 1720 MFIE_STRING(RATES_EX); 1721 MFIE_STRING(GENERIC); 1722 MFIE_STRING(QOS_PARAMETER); 1723 default: 1724 return "UNKNOWN"; 1725 } 1726} 1727 1728static inline void rtllib_extract_country_ie( 1729 struct rtllib_device *ieee, 1730 struct rtllib_info_element *info_element, 1731 struct rtllib_network *network, 1732 u8 *addr2) 1733{ 1734 if (IS_DOT11D_ENABLE(ieee)) { 1735 if (info_element->len != 0) { 1736 memcpy(network->CountryIeBuf, info_element->data, info_element->len); 1737 network->CountryIeLen = info_element->len; 1738 1739 if (!IS_COUNTRY_IE_VALID(ieee)) { 1740 if (rtllib_act_scanning(ieee, false) && ieee->FirstIe_InScan) 1741 printk(KERN_INFO "Received beacon ContryIE, SSID: <%s>\n", network->ssid); 1742 Dot11d_UpdateCountryIe(ieee, addr2, info_element->len, info_element->data); 1743 } 1744 } 1745 1746 if (IS_EQUAL_CIE_SRC(ieee, addr2)) 1747 UPDATE_CIE_WATCHDOG(ieee); 1748 } 1749 1750} 1751 1752int rtllib_parse_info_param(struct rtllib_device *ieee, 1753 struct rtllib_info_element *info_element, 1754 u16 length, 1755 struct rtllib_network *network, 1756 struct rtllib_rx_stats *stats) 1757{ 1758 u8 i; 1759 short offset; 1760 u16 tmp_htcap_len = 0; 1761 u16 tmp_htinfo_len = 0; 1762 u16 ht_realtek_agg_len = 0; 1763 u8 ht_realtek_agg_buf[MAX_IE_LEN]; 1764 char rates_str[64]; 1765 char *p; 1766 1767 while (length >= sizeof(*info_element)) { 1768 if (sizeof(*info_element) + info_element->len > length) { 1769 RTLLIB_DEBUG_MGMT("Info elem: parse failed: " 1770 "info_element->len + 2 > left : " 1771 "info_element->len+2=%zd left=%d, id=%d.\n", 1772 info_element->len + 1773 sizeof(*info_element), 1774 length, info_element->id); 1775 /* We stop processing but don't return an error here 1776 * because some misbehaviour APs break this rule. ie. 1777 * Orinoco AP1000. */ 1778 break; 1779 } 1780 1781 switch (info_element->id) { 1782 case MFIE_TYPE_SSID: 1783 if (rtllib_is_empty_essid(info_element->data, 1784 info_element->len)) { 1785 network->flags |= NETWORK_EMPTY_ESSID; 1786 break; 1787 } 1788 1789 network->ssid_len = min(info_element->len, 1790 (u8) IW_ESSID_MAX_SIZE); 1791 memcpy(network->ssid, info_element->data, network->ssid_len); 1792 if (network->ssid_len < IW_ESSID_MAX_SIZE) 1793 memset(network->ssid + network->ssid_len, 0, 1794 IW_ESSID_MAX_SIZE - network->ssid_len); 1795 1796 RTLLIB_DEBUG_MGMT("MFIE_TYPE_SSID: '%s' len=%d.\n", 1797 network->ssid, network->ssid_len); 1798 break; 1799 1800 case MFIE_TYPE_RATES: 1801 p = rates_str; 1802 network->rates_len = min(info_element->len, 1803 MAX_RATES_LENGTH); 1804 for (i = 0; i < network->rates_len; i++) { 1805 network->rates[i] = info_element->data[i]; 1806 p += snprintf(p, sizeof(rates_str) - 1807 (p - rates_str), "%02X ", 1808 network->rates[i]); 1809 if (rtllib_is_ofdm_rate 1810 (info_element->data[i])) { 1811 network->flags |= NETWORK_HAS_OFDM; 1812 if (info_element->data[i] & 1813 RTLLIB_BASIC_RATE_MASK) 1814 network->flags &= 1815 ~NETWORK_HAS_CCK; 1816 } 1817 1818 if (rtllib_is_cck_rate 1819 (info_element->data[i])) { 1820 network->flags |= NETWORK_HAS_CCK; 1821 } 1822 } 1823 1824 RTLLIB_DEBUG_MGMT("MFIE_TYPE_RATES: '%s' (%d)\n", 1825 rates_str, network->rates_len); 1826 break; 1827 1828 case MFIE_TYPE_RATES_EX: 1829 p = rates_str; 1830 network->rates_ex_len = min(info_element->len, 1831 MAX_RATES_EX_LENGTH); 1832 for (i = 0; i < network->rates_ex_len; i++) { 1833 network->rates_ex[i] = info_element->data[i]; 1834 p += snprintf(p, sizeof(rates_str) - 1835 (p - rates_str), "%02X ", 1836 network->rates_ex[i]); 1837 if (rtllib_is_ofdm_rate 1838 (info_element->data[i])) { 1839 network->flags |= NETWORK_HAS_OFDM; 1840 if (info_element->data[i] & 1841 RTLLIB_BASIC_RATE_MASK) 1842 network->flags &= 1843 ~NETWORK_HAS_CCK; 1844 } 1845 } 1846 1847 RTLLIB_DEBUG_MGMT("MFIE_TYPE_RATES_EX: '%s' (%d)\n", 1848 rates_str, network->rates_ex_len); 1849 break; 1850 1851 case MFIE_TYPE_DS_SET: 1852 RTLLIB_DEBUG_MGMT("MFIE_TYPE_DS_SET: %d\n", 1853 info_element->data[0]); 1854 network->channel = info_element->data[0]; 1855 break; 1856 1857 case MFIE_TYPE_FH_SET: 1858 RTLLIB_DEBUG_MGMT("MFIE_TYPE_FH_SET: ignored\n"); 1859 break; 1860 1861 case MFIE_TYPE_CF_SET: 1862 RTLLIB_DEBUG_MGMT("MFIE_TYPE_CF_SET: ignored\n"); 1863 break; 1864 1865 case MFIE_TYPE_TIM: 1866 if (info_element->len < 4) 1867 break; 1868 1869 network->tim.tim_count = info_element->data[0]; 1870 network->tim.tim_period = info_element->data[1]; 1871 1872 network->dtim_period = info_element->data[1]; 1873 if (ieee->state != RTLLIB_LINKED) 1874 break; 1875 network->last_dtim_sta_time = jiffies; 1876 1877 network->dtim_data = RTLLIB_DTIM_VALID; 1878 1879 1880 if (info_element->data[2] & 1) 1881 network->dtim_data |= RTLLIB_DTIM_MBCAST; 1882 1883 offset = (info_element->data[2] >> 1)*2; 1884 1885 1886 if (ieee->assoc_id < 8*offset || 1887 ieee->assoc_id > 8*(offset + info_element->len - 3)) 1888 break; 1889 1890 offset = (ieee->assoc_id / 8) - offset; 1891 if (info_element->data[3 + offset] & 1892 (1 << (ieee->assoc_id % 8))) 1893 network->dtim_data |= RTLLIB_DTIM_UCAST; 1894 1895 network->listen_interval = network->dtim_period; 1896 break; 1897 1898 case MFIE_TYPE_ERP: 1899 network->erp_value = info_element->data[0]; 1900 network->flags |= NETWORK_HAS_ERP_VALUE; 1901 RTLLIB_DEBUG_MGMT("MFIE_TYPE_ERP_SET: %d\n", 1902 network->erp_value); 1903 break; 1904 case MFIE_TYPE_IBSS_SET: 1905 network->atim_window = info_element->data[0]; 1906 RTLLIB_DEBUG_MGMT("MFIE_TYPE_IBSS_SET: %d\n", 1907 network->atim_window); 1908 break; 1909 1910 case MFIE_TYPE_CHALLENGE: 1911 RTLLIB_DEBUG_MGMT("MFIE_TYPE_CHALLENGE: ignored\n"); 1912 break; 1913 1914 case MFIE_TYPE_GENERIC: 1915 RTLLIB_DEBUG_MGMT("MFIE_TYPE_GENERIC: %d bytes\n", 1916 info_element->len); 1917 if (!rtllib_parse_qos_info_param_IE(info_element, 1918 network)) 1919 break; 1920 if (info_element->len >= 4 && 1921 info_element->data[0] == 0x00 && 1922 info_element->data[1] == 0x50 && 1923 info_element->data[2] == 0xf2 && 1924 info_element->data[3] == 0x01) { 1925 network->wpa_ie_len = min(info_element->len + 2, 1926 MAX_WPA_IE_LEN); 1927 memcpy(network->wpa_ie, info_element, 1928 network->wpa_ie_len); 1929 break; 1930 } 1931 if (info_element->len == 7 && 1932 info_element->data[0] == 0x00 && 1933 info_element->data[1] == 0xe0 && 1934 info_element->data[2] == 0x4c && 1935 info_element->data[3] == 0x01 && 1936 info_element->data[4] == 0x02) 1937 network->Turbo_Enable = 1; 1938 1939 if (tmp_htcap_len == 0) { 1940 if (info_element->len >= 4 && 1941 info_element->data[0] == 0x00 && 1942 info_element->data[1] == 0x90 && 1943 info_element->data[2] == 0x4c && 1944 info_element->data[3] == 0x033) { 1945 1946 tmp_htcap_len = min(info_element->len, (u8)MAX_IE_LEN); 1947 if (tmp_htcap_len != 0) { 1948 network->bssht.bdHTSpecVer = HT_SPEC_VER_EWC; 1949 network->bssht.bdHTCapLen = tmp_htcap_len > sizeof(network->bssht.bdHTCapBuf) ? 1950 sizeof(network->bssht.bdHTCapBuf) : tmp_htcap_len; 1951 memcpy(network->bssht.bdHTCapBuf, info_element->data, network->bssht.bdHTCapLen); 1952 } 1953 } 1954 if (tmp_htcap_len != 0) { 1955 network->bssht.bdSupportHT = true; 1956 network->bssht.bdHT1R = ((((struct ht_capab_ele *)(network->bssht.bdHTCapBuf))->MCS[1]) == 0); 1957 } else { 1958 network->bssht.bdSupportHT = false; 1959 network->bssht.bdHT1R = false; 1960 } 1961 } 1962 1963 1964 if (tmp_htinfo_len == 0) { 1965 if (info_element->len >= 4 && 1966 info_element->data[0] == 0x00 && 1967 info_element->data[1] == 0x90 && 1968 info_element->data[2] == 0x4c && 1969 info_element->data[3] == 0x034) { 1970 tmp_htinfo_len = min(info_element->len, (u8)MAX_IE_LEN); 1971 if (tmp_htinfo_len != 0) { 1972 network->bssht.bdHTSpecVer = HT_SPEC_VER_EWC; 1973 if (tmp_htinfo_len) { 1974 network->bssht.bdHTInfoLen = tmp_htinfo_len > sizeof(network->bssht.bdHTInfoBuf) ? 1975 sizeof(network->bssht.bdHTInfoBuf) : tmp_htinfo_len; 1976 memcpy(network->bssht.bdHTInfoBuf, info_element->data, network->bssht.bdHTInfoLen); 1977 } 1978 1979 } 1980 1981 } 1982 } 1983 1984 if (ieee->aggregation) { 1985 if (network->bssht.bdSupportHT) { 1986 if (info_element->len >= 4 && 1987 info_element->data[0] == 0x00 && 1988 info_element->data[1] == 0xe0 && 1989 info_element->data[2] == 0x4c && 1990 info_element->data[3] == 0x02) { 1991 ht_realtek_agg_len = min(info_element->len, (u8)MAX_IE_LEN); 1992 memcpy(ht_realtek_agg_buf, info_element->data, info_element->len); 1993 } 1994 if (ht_realtek_agg_len >= 5) { 1995 network->realtek_cap_exit = true; 1996 network->bssht.bdRT2RTAggregation = true; 1997 1998 if ((ht_realtek_agg_buf[4] == 1) && (ht_realtek_agg_buf[5] & 0x02)) 1999 network->bssht.bdRT2RTLongSlotTime = true; 2000 2001 if ((ht_realtek_agg_buf[4] == 1) && (ht_realtek_agg_buf[5] & RT_HT_CAP_USE_92SE)) 2002 network->bssht.RT2RT_HT_Mode |= RT_HT_CAP_USE_92SE; 2003 } 2004 } 2005 if (ht_realtek_agg_len >= 5) { 2006 if ((ht_realtek_agg_buf[5] & RT_HT_CAP_USE_SOFTAP)) 2007 network->bssht.RT2RT_HT_Mode |= RT_HT_CAP_USE_SOFTAP; 2008 } 2009 } 2010 2011 if ((info_element->len >= 3 && 2012 info_element->data[0] == 0x00 && 2013 info_element->data[1] == 0x05 && 2014 info_element->data[2] == 0xb5) || 2015 (info_element->len >= 3 && 2016 info_element->data[0] == 0x00 && 2017 info_element->data[1] == 0x0a && 2018 info_element->data[2] == 0xf7) || 2019 (info_element->len >= 3 && 2020 info_element->data[0] == 0x00 && 2021 info_element->data[1] == 0x10 && 2022 info_element->data[2] == 0x18)) { 2023 network->broadcom_cap_exist = true; 2024 } 2025 if (info_element->len >= 3 && 2026 info_element->data[0] == 0x00 && 2027 info_element->data[1] == 0x0c && 2028 info_element->data[2] == 0x43) 2029 network->ralink_cap_exist = true; 2030 if ((info_element->len >= 3 && 2031 info_element->data[0] == 0x00 && 2032 info_element->data[1] == 0x03 && 2033 info_element->data[2] == 0x7f) || 2034 (info_element->len >= 3 && 2035 info_element->data[0] == 0x00 && 2036 info_element->data[1] == 0x13 && 2037 info_element->data[2] == 0x74)) 2038 network->atheros_cap_exist = true; 2039 2040 if ((info_element->len >= 3 && 2041 info_element->data[0] == 0x00 && 2042 info_element->data[1] == 0x50 && 2043 info_element->data[2] == 0x43)) 2044 network->marvell_cap_exist = true; 2045 if (info_element->len >= 3 && 2046 info_element->data[0] == 0x00 && 2047 info_element->data[1] == 0x40 && 2048 info_element->data[2] == 0x96) 2049 network->cisco_cap_exist = true; 2050 2051 2052 if (info_element->len >= 3 && 2053 info_element->data[0] == 0x00 && 2054 info_element->data[1] == 0x0a && 2055 info_element->data[2] == 0xf5) 2056 network->airgo_cap_exist = true; 2057 2058 if (info_element->len > 4 && 2059 info_element->data[0] == 0x00 && 2060 info_element->data[1] == 0x40 && 2061 info_element->data[2] == 0x96 && 2062 info_element->data[3] == 0x01) { 2063 if (info_element->len == 6) { 2064 memcpy(network->CcxRmState, &info_element[4], 2); 2065 if (network->CcxRmState[0] != 0) 2066 network->bCcxRmEnable = true; 2067 else 2068 network->bCcxRmEnable = false; 2069 network->MBssidMask = network->CcxRmState[1] & 0x07; 2070 if (network->MBssidMask != 0) { 2071 network->bMBssidValid = true; 2072 network->MBssidMask = 0xff << (network->MBssidMask); 2073 memcpy(network->MBssid, network->bssid, ETH_ALEN); 2074 network->MBssid[5] &= network->MBssidMask; 2075 } else { 2076 network->bMBssidValid = false; 2077 } 2078 } else { 2079 network->bCcxRmEnable = false; 2080 } 2081 } 2082 if (info_element->len > 4 && 2083 info_element->data[0] == 0x00 && 2084 info_element->data[1] == 0x40 && 2085 info_element->data[2] == 0x96 && 2086 info_element->data[3] == 0x03) { 2087 if (info_element->len == 5) { 2088 network->bWithCcxVerNum = true; 2089 network->BssCcxVerNumber = info_element->data[4]; 2090 } else { 2091 network->bWithCcxVerNum = false; 2092 network->BssCcxVerNumber = 0; 2093 } 2094 } 2095 if (info_element->len > 4 && 2096 info_element->data[0] == 0x00 && 2097 info_element->data[1] == 0x50 && 2098 info_element->data[2] == 0xf2 && 2099 info_element->data[3] == 0x04) { 2100 RTLLIB_DEBUG_MGMT("MFIE_TYPE_WZC: %d bytes\n", 2101 info_element->len); 2102 network->wzc_ie_len = min(info_element->len+2, 2103 MAX_WZC_IE_LEN); 2104 memcpy(network->wzc_ie, info_element, 2105 network->wzc_ie_len); 2106 } 2107 break; 2108 2109 case MFIE_TYPE_RSN: 2110 RTLLIB_DEBUG_MGMT("MFIE_TYPE_RSN: %d bytes\n", 2111 info_element->len); 2112 network->rsn_ie_len = min(info_element->len + 2, 2113 MAX_WPA_IE_LEN); 2114 memcpy(network->rsn_ie, info_element, 2115 network->rsn_ie_len); 2116 break; 2117 2118 case MFIE_TYPE_HT_CAP: 2119 RTLLIB_DEBUG_SCAN("MFIE_TYPE_HT_CAP: %d bytes\n", 2120 info_element->len); 2121 tmp_htcap_len = min(info_element->len, (u8)MAX_IE_LEN); 2122 if (tmp_htcap_len != 0) { 2123 network->bssht.bdHTSpecVer = HT_SPEC_VER_EWC; 2124 network->bssht.bdHTCapLen = tmp_htcap_len > sizeof(network->bssht.bdHTCapBuf) ? 2125 sizeof(network->bssht.bdHTCapBuf) : tmp_htcap_len; 2126 memcpy(network->bssht.bdHTCapBuf, 2127 info_element->data, 2128 network->bssht.bdHTCapLen); 2129 2130 network->bssht.bdSupportHT = true; 2131 network->bssht.bdHT1R = ((((struct ht_capab_ele *) 2132 network->bssht.bdHTCapBuf))->MCS[1]) == 0; 2133 2134 network->bssht.bdBandWidth = (enum ht_channel_width) 2135 (((struct ht_capab_ele *) 2136 (network->bssht.bdHTCapBuf))->ChlWidth); 2137 } else { 2138 network->bssht.bdSupportHT = false; 2139 network->bssht.bdHT1R = false; 2140 network->bssht.bdBandWidth = HT_CHANNEL_WIDTH_20; 2141 } 2142 break; 2143 2144 2145 case MFIE_TYPE_HT_INFO: 2146 RTLLIB_DEBUG_SCAN("MFIE_TYPE_HT_INFO: %d bytes\n", 2147 info_element->len); 2148 tmp_htinfo_len = min(info_element->len, (u8)MAX_IE_LEN); 2149 if (tmp_htinfo_len) { 2150 network->bssht.bdHTSpecVer = HT_SPEC_VER_IEEE; 2151 network->bssht.bdHTInfoLen = tmp_htinfo_len > 2152 sizeof(network->bssht.bdHTInfoBuf) ? 2153 sizeof(network->bssht.bdHTInfoBuf) : 2154 tmp_htinfo_len; 2155 memcpy(network->bssht.bdHTInfoBuf, 2156 info_element->data, 2157 network->bssht.bdHTInfoLen); 2158 } 2159 break; 2160 2161 case MFIE_TYPE_AIRONET: 2162 RTLLIB_DEBUG_SCAN("MFIE_TYPE_AIRONET: %d bytes\n", 2163 info_element->len); 2164 if (info_element->len > IE_CISCO_FLAG_POSITION) { 2165 network->bWithAironetIE = true; 2166 2167 if ((info_element->data[IE_CISCO_FLAG_POSITION] 2168 & SUPPORT_CKIP_MIC) || 2169 (info_element->data[IE_CISCO_FLAG_POSITION] 2170 & SUPPORT_CKIP_PK)) 2171 network->bCkipSupported = true; 2172 else 2173 network->bCkipSupported = false; 2174 } else { 2175 network->bWithAironetIE = false; 2176 network->bCkipSupported = false; 2177 } 2178 break; 2179 case MFIE_TYPE_QOS_PARAMETER: 2180 printk(KERN_ERR 2181 "QoS Error need to parse QOS_PARAMETER IE\n"); 2182 break; 2183 2184 case MFIE_TYPE_COUNTRY: 2185 RTLLIB_DEBUG_SCAN("MFIE_TYPE_COUNTRY: %d bytes\n", 2186 info_element->len); 2187 rtllib_extract_country_ie(ieee, info_element, network, 2188 network->bssid); 2189 break; 2190/* TODO */ 2191 default: 2192 RTLLIB_DEBUG_MGMT 2193 ("Unsupported info element: %s (%d)\n", 2194 get_info_element_string(info_element->id), 2195 info_element->id); 2196 break; 2197 } 2198 2199 length -= sizeof(*info_element) + info_element->len; 2200 info_element = 2201 (struct rtllib_info_element *)&info_element-> 2202 data[info_element->len]; 2203 } 2204 2205 if (!network->atheros_cap_exist && !network->broadcom_cap_exist && 2206 !network->cisco_cap_exist && !network->ralink_cap_exist && 2207 !network->bssht.bdRT2RTAggregation) 2208 network->unknown_cap_exist = true; 2209 else 2210 network->unknown_cap_exist = false; 2211 return 0; 2212} 2213 2214static inline u8 rtllib_SignalStrengthTranslate(u8 CurrSS) 2215{ 2216 u8 RetSS; 2217 2218 if (CurrSS >= 71 && CurrSS <= 100) 2219 RetSS = 90 + ((CurrSS - 70) / 3); 2220 else if (CurrSS >= 41 && CurrSS <= 70) 2221 RetSS = 78 + ((CurrSS - 40) / 3); 2222 else if (CurrSS >= 31 && CurrSS <= 40) 2223 RetSS = 66 + (CurrSS - 30); 2224 else if (CurrSS >= 21 && CurrSS <= 30) 2225 RetSS = 54 + (CurrSS - 20); 2226 else if (CurrSS >= 5 && CurrSS <= 20) 2227 RetSS = 42 + (((CurrSS - 5) * 2) / 3); 2228 else if (CurrSS == 4) 2229 RetSS = 36; 2230 else if (CurrSS == 3) 2231 RetSS = 27; 2232 else if (CurrSS == 2) 2233 RetSS = 18; 2234 else if (CurrSS == 1) 2235 RetSS = 9; 2236 else 2237 RetSS = CurrSS; 2238 2239 return RetSS; 2240} 2241 2242static long rtllib_translate_todbm(u8 signal_strength_index) 2243{ 2244 long signal_power; 2245 2246 signal_power = (long)((signal_strength_index + 1) >> 1); 2247 signal_power -= 95; 2248 2249 return signal_power; 2250} 2251 2252static inline int rtllib_network_init( 2253 struct rtllib_device *ieee, 2254 struct rtllib_probe_response *beacon, 2255 struct rtllib_network *network, 2256 struct rtllib_rx_stats *stats) 2257{ 2258 2259 /* 2260 network->qos_data.active = 0; 2261 network->qos_data.supported = 0; 2262 network->qos_data.param_count = 0; 2263 network->qos_data.old_param_count = 0; 2264 */ 2265 memset(&network->qos_data, 0, sizeof(struct rtllib_qos_data)); 2266 2267 /* Pull out fixed field data */ 2268 memcpy(network->bssid, beacon->header.addr3, ETH_ALEN); 2269 network->capability = le16_to_cpu(beacon->capability); 2270 network->last_scanned = jiffies; 2271 network->time_stamp[0] = beacon->time_stamp[0]; 2272 network->time_stamp[1] = beacon->time_stamp[1]; 2273 network->beacon_interval = le16_to_cpu(beacon->beacon_interval); 2274 /* Where to pull this? beacon->listen_interval;*/ 2275 network->listen_interval = 0x0A; 2276 network->rates_len = network->rates_ex_len = 0; 2277 network->last_associate = 0; 2278 network->ssid_len = 0; 2279 network->hidden_ssid_len = 0; 2280 memset(network->hidden_ssid, 0, sizeof(network->hidden_ssid)); 2281 network->flags = 0; 2282 network->atim_window = 0; 2283 network->erp_value = (network->capability & WLAN_CAPABILITY_IBSS) ? 2284 0x3 : 0x0; 2285 network->berp_info_valid = false; 2286 network->broadcom_cap_exist = false; 2287 network->ralink_cap_exist = false; 2288 network->atheros_cap_exist = false; 2289 network->cisco_cap_exist = false; 2290 network->unknown_cap_exist = false; 2291 network->realtek_cap_exit = false; 2292 network->marvell_cap_exist = false; 2293 network->airgo_cap_exist = false; 2294 network->Turbo_Enable = 0; 2295 network->SignalStrength = stats->SignalStrength; 2296 network->RSSI = stats->SignalStrength; 2297 network->CountryIeLen = 0; 2298 memset(network->CountryIeBuf, 0, MAX_IE_LEN); 2299 HTInitializeBssDesc(&network->bssht); 2300 if (stats->freq == RTLLIB_52GHZ_BAND) { 2301 /* for A band (No DS info) */ 2302 network->channel = stats->received_channel; 2303 } else 2304 network->flags |= NETWORK_HAS_CCK; 2305 2306 network->wpa_ie_len = 0; 2307 network->rsn_ie_len = 0; 2308 network->wzc_ie_len = 0; 2309 2310 if (rtllib_parse_info_param(ieee, 2311 beacon->info_element, 2312 (stats->len - sizeof(*beacon)), 2313 network, 2314 stats)) 2315 return 1; 2316 2317 network->mode = 0; 2318 if (stats->freq == RTLLIB_52GHZ_BAND) 2319 network->mode = IEEE_A; 2320 else { 2321 if (network->flags & NETWORK_HAS_OFDM) 2322 network->mode |= IEEE_G; 2323 if (network->flags & NETWORK_HAS_CCK) 2324 network->mode |= IEEE_B; 2325 } 2326 2327 if (network->mode == 0) { 2328 RTLLIB_DEBUG_SCAN("Filtered out '%s (%pM)' " 2329 "network.\n", 2330 escape_essid(network->ssid, 2331 network->ssid_len), 2332 network->bssid); 2333 return 1; 2334 } 2335 2336 if (network->bssht.bdSupportHT) { 2337 if (network->mode == IEEE_A) 2338 network->mode = IEEE_N_5G; 2339 else if (network->mode & (IEEE_G | IEEE_B)) 2340 network->mode = IEEE_N_24G; 2341 } 2342 if (rtllib_is_empty_essid(network->ssid, network->ssid_len)) 2343 network->flags |= NETWORK_EMPTY_ESSID; 2344 stats->signal = 30 + (stats->SignalStrength * 70) / 100; 2345 stats->noise = rtllib_translate_todbm((u8)(100-stats->signal)) - 25; 2346 2347 memcpy(&network->stats, stats, sizeof(network->stats)); 2348 2349 return 0; 2350} 2351 2352static inline int is_same_network(struct rtllib_network *src, 2353 struct rtllib_network *dst, u8 ssidbroad) 2354{ 2355 /* A network is only a duplicate if the channel, BSSID, ESSID 2356 * and the capability field (in particular IBSS and BSS) all match. 2357 * We treat all <hidden> with the same BSSID and channel 2358 * as one network */ 2359 return (((src->ssid_len == dst->ssid_len) || (!ssidbroad)) && 2360 (src->channel == dst->channel) && 2361 !memcmp(src->bssid, dst->bssid, ETH_ALEN) && 2362 (!memcmp(src->ssid, dst->ssid, src->ssid_len) || 2363 (!ssidbroad)) && 2364 ((src->capability & WLAN_CAPABILITY_IBSS) == 2365 (dst->capability & WLAN_CAPABILITY_IBSS)) && 2366 ((src->capability & WLAN_CAPABILITY_ESS) == 2367 (dst->capability & WLAN_CAPABILITY_ESS))); 2368} 2369 2370static inline void update_ibss_network(struct rtllib_network *dst, 2371 struct rtllib_network *src) 2372{ 2373 memcpy(&dst->stats, &src->stats, sizeof(struct rtllib_rx_stats)); 2374 dst->last_scanned = jiffies; 2375} 2376 2377 2378static inline void update_network(struct rtllib_network *dst, 2379 struct rtllib_network *src) 2380{ 2381 int qos_active; 2382 u8 old_param; 2383 2384 memcpy(&dst->stats, &src->stats, sizeof(struct rtllib_rx_stats)); 2385 dst->capability = src->capability; 2386 memcpy(dst->rates, src->rates, src->rates_len); 2387 dst->rates_len = src->rates_len; 2388 memcpy(dst->rates_ex, src->rates_ex, src->rates_ex_len); 2389 dst->rates_ex_len = src->rates_ex_len; 2390 if (src->ssid_len > 0) { 2391 if (dst->ssid_len == 0) { 2392 memset(dst->hidden_ssid, 0, sizeof(dst->hidden_ssid)); 2393 dst->hidden_ssid_len = src->ssid_len; 2394 memcpy(dst->hidden_ssid, src->ssid, src->ssid_len); 2395 } else { 2396 memset(dst->ssid, 0, dst->ssid_len); 2397 dst->ssid_len = src->ssid_len; 2398 memcpy(dst->ssid, src->ssid, src->ssid_len); 2399 } 2400 } 2401 dst->mode = src->mode; 2402 dst->flags = src->flags; 2403 dst->time_stamp[0] = src->time_stamp[0]; 2404 dst->time_stamp[1] = src->time_stamp[1]; 2405 if (src->flags & NETWORK_HAS_ERP_VALUE) { 2406 dst->erp_value = src->erp_value; 2407 dst->berp_info_valid = src->berp_info_valid = true; 2408 } 2409 dst->beacon_interval = src->beacon_interval; 2410 dst->listen_interval = src->listen_interval; 2411 dst->atim_window = src->atim_window; 2412 dst->dtim_period = src->dtim_period; 2413 dst->dtim_data = src->dtim_data; 2414 dst->last_dtim_sta_time = src->last_dtim_sta_time; 2415 memcpy(&dst->tim, &src->tim, sizeof(struct rtllib_tim_parameters)); 2416 2417 dst->bssht.bdSupportHT = src->bssht.bdSupportHT; 2418 dst->bssht.bdRT2RTAggregation = src->bssht.bdRT2RTAggregation; 2419 dst->bssht.bdHTCapLen = src->bssht.bdHTCapLen; 2420 memcpy(dst->bssht.bdHTCapBuf, src->bssht.bdHTCapBuf, 2421 src->bssht.bdHTCapLen); 2422 dst->bssht.bdHTInfoLen = src->bssht.bdHTInfoLen; 2423 memcpy(dst->bssht.bdHTInfoBuf, src->bssht.bdHTInfoBuf, 2424 src->bssht.bdHTInfoLen); 2425 dst->bssht.bdHTSpecVer = src->bssht.bdHTSpecVer; 2426 dst->bssht.bdRT2RTLongSlotTime = src->bssht.bdRT2RTLongSlotTime; 2427 dst->broadcom_cap_exist = src->broadcom_cap_exist; 2428 dst->ralink_cap_exist = src->ralink_cap_exist; 2429 dst->atheros_cap_exist = src->atheros_cap_exist; 2430 dst->realtek_cap_exit = src->realtek_cap_exit; 2431 dst->marvell_cap_exist = src->marvell_cap_exist; 2432 dst->cisco_cap_exist = src->cisco_cap_exist; 2433 dst->airgo_cap_exist = src->airgo_cap_exist; 2434 dst->unknown_cap_exist = src->unknown_cap_exist; 2435 memcpy(dst->wpa_ie, src->wpa_ie, src->wpa_ie_len); 2436 dst->wpa_ie_len = src->wpa_ie_len; 2437 memcpy(dst->rsn_ie, src->rsn_ie, src->rsn_ie_len); 2438 dst->rsn_ie_len = src->rsn_ie_len; 2439 memcpy(dst->wzc_ie, src->wzc_ie, src->wzc_ie_len); 2440 dst->wzc_ie_len = src->wzc_ie_len; 2441 2442 dst->last_scanned = jiffies; 2443 /* qos related parameters */ 2444 qos_active = dst->qos_data.active; 2445 old_param = dst->qos_data.param_count; 2446 dst->qos_data.supported = src->qos_data.supported; 2447 if (dst->flags & NETWORK_HAS_QOS_PARAMETERS) 2448 memcpy(&dst->qos_data, &src->qos_data, 2449 sizeof(struct rtllib_qos_data)); 2450 if (dst->qos_data.supported == 1) { 2451 if (dst->ssid_len) 2452 RTLLIB_DEBUG_QOS 2453 ("QoS the network %s is QoS supported\n", 2454 dst->ssid); 2455 else 2456 RTLLIB_DEBUG_QOS 2457 ("QoS the network is QoS supported\n"); 2458 } 2459 dst->qos_data.active = qos_active; 2460 dst->qos_data.old_param_count = old_param; 2461 2462 /* dst->last_associate is not overwritten */ 2463 dst->wmm_info = src->wmm_info; 2464 if (src->wmm_param[0].ac_aci_acm_aifsn || 2465 src->wmm_param[1].ac_aci_acm_aifsn || 2466 src->wmm_param[2].ac_aci_acm_aifsn || 2467 src->wmm_param[3].ac_aci_acm_aifsn) 2468 memcpy(dst->wmm_param, src->wmm_param, WME_AC_PRAM_LEN); 2469 2470 dst->SignalStrength = src->SignalStrength; 2471 dst->RSSI = src->RSSI; 2472 dst->Turbo_Enable = src->Turbo_Enable; 2473 2474 dst->CountryIeLen = src->CountryIeLen; 2475 memcpy(dst->CountryIeBuf, src->CountryIeBuf, src->CountryIeLen); 2476 2477 dst->bWithAironetIE = src->bWithAironetIE; 2478 dst->bCkipSupported = src->bCkipSupported; 2479 memcpy(dst->CcxRmState, src->CcxRmState, 2); 2480 dst->bCcxRmEnable = src->bCcxRmEnable; 2481 dst->MBssidMask = src->MBssidMask; 2482 dst->bMBssidValid = src->bMBssidValid; 2483 memcpy(dst->MBssid, src->MBssid, 6); 2484 dst->bWithCcxVerNum = src->bWithCcxVerNum; 2485 dst->BssCcxVerNumber = src->BssCcxVerNumber; 2486} 2487 2488static inline int is_beacon(__le16 fc) 2489{ 2490 return (WLAN_FC_GET_STYPE(le16_to_cpu(fc)) == RTLLIB_STYPE_BEACON); 2491} 2492 2493static int IsPassiveChannel(struct rtllib_device *rtllib, u8 channel) 2494{ 2495 if (MAX_CHANNEL_NUMBER < channel) { 2496 printk(KERN_INFO "%s(): Invalid Channel\n", __func__); 2497 return 0; 2498 } 2499 2500 if (rtllib->active_channel_map[channel] == 2) 2501 return 1; 2502 2503 return 0; 2504} 2505 2506int rtllib_legal_channel(struct rtllib_device *rtllib, u8 channel) 2507{ 2508 if (MAX_CHANNEL_NUMBER < channel) { 2509 printk(KERN_INFO "%s(): Invalid Channel\n", __func__); 2510 return 0; 2511 } 2512 if (rtllib->active_channel_map[channel] > 0) 2513 return 1; 2514 2515 return 0; 2516} 2517EXPORT_SYMBOL(rtllib_legal_channel); 2518 2519static inline void rtllib_process_probe_response( 2520 struct rtllib_device *ieee, 2521 struct rtllib_probe_response *beacon, 2522 struct rtllib_rx_stats *stats) 2523{ 2524 struct rtllib_network *target; 2525 struct rtllib_network *oldest = NULL; 2526 struct rtllib_info_element *info_element = &beacon->info_element[0]; 2527 unsigned long flags; 2528 short renew; 2529 struct rtllib_network *network = kzalloc(sizeof(struct rtllib_network), 2530 GFP_ATOMIC); 2531 2532 if (!network) 2533 return; 2534 2535 RTLLIB_DEBUG_SCAN( 2536 "'%s' ( %pM ): %c%c%c%c %c%c%c%c-%c%c%c%c %c%c%c%c\n", 2537 escape_essid(info_element->data, info_element->len), 2538 beacon->header.addr3, 2539 (le16_to_cpu(beacon->capability) & (1<<0xf)) ? '1' : '0', 2540 (le16_to_cpu(beacon->capability) & (1<<0xe)) ? '1' : '0', 2541 (le16_to_cpu(beacon->capability) & (1<<0xd)) ? '1' : '0', 2542 (le16_to_cpu(beacon->capability) & (1<<0xc)) ? '1' : '0', 2543 (le16_to_cpu(beacon->capability) & (1<<0xb)) ? '1' : '0', 2544 (le16_to_cpu(beacon->capability) & (1<<0xa)) ? '1' : '0', 2545 (le16_to_cpu(beacon->capability) & (1<<0x9)) ? '1' : '0', 2546 (le16_to_cpu(beacon->capability) & (1<<0x8)) ? '1' : '0', 2547 (le16_to_cpu(beacon->capability) & (1<<0x7)) ? '1' : '0', 2548 (le16_to_cpu(beacon->capability) & (1<<0x6)) ? '1' : '0', 2549 (le16_to_cpu(beacon->capability) & (1<<0x5)) ? '1' : '0', 2550 (le16_to_cpu(beacon->capability) & (1<<0x4)) ? '1' : '0', 2551 (le16_to_cpu(beacon->capability) & (1<<0x3)) ? '1' : '0', 2552 (le16_to_cpu(beacon->capability) & (1<<0x2)) ? '1' : '0', 2553 (le16_to_cpu(beacon->capability) & (1<<0x1)) ? '1' : '0', 2554 (le16_to_cpu(beacon->capability) & (1<<0x0)) ? '1' : '0'); 2555 2556 if (rtllib_network_init(ieee, beacon, network, stats)) { 2557 RTLLIB_DEBUG_SCAN("Dropped '%s' ( %pM) via %s.\n", 2558 escape_essid(info_element->data, 2559 info_element->len), 2560 beacon->header.addr3, 2561 WLAN_FC_GET_STYPE( 2562 le16_to_cpu(beacon->header.frame_ctl)) == 2563 RTLLIB_STYPE_PROBE_RESP ? 2564 "PROBE RESPONSE" : "BEACON"); 2565 goto free_network; 2566 } 2567 2568 2569 if (!rtllib_legal_channel(ieee, network->channel)) 2570 goto free_network; 2571 2572 if (WLAN_FC_GET_STYPE(le16_to_cpu(beacon->header.frame_ctl)) == 2573 RTLLIB_STYPE_PROBE_RESP) { 2574 if (IsPassiveChannel(ieee, network->channel)) { 2575 printk(KERN_INFO "GetScanInfo(): For Global Domain, " 2576 "filter probe response at channel(%d).\n", 2577 network->channel); 2578 goto free_network; 2579 } 2580 } 2581 2582 /* The network parsed correctly -- so now we scan our known networks 2583 * to see if we can find it in our list. 2584 * 2585 * NOTE: This search is definitely not optimized. Once its doing 2586 * the "right thing" we'll optimize it for efficiency if 2587 * necessary */ 2588 2589 /* Search for this entry in the list and update it if it is 2590 * already there. */ 2591 2592 spin_lock_irqsave(&ieee->lock, flags); 2593 if (is_same_network(&ieee->current_network, network, 2594 (network->ssid_len ? 1 : 0))) { 2595 update_network(&ieee->current_network, network); 2596 if ((ieee->current_network.mode == IEEE_N_24G || 2597 ieee->current_network.mode == IEEE_G) 2598 && ieee->current_network.berp_info_valid) { 2599 if (ieee->current_network.erp_value & ERP_UseProtection) 2600 ieee->current_network.buseprotection = true; 2601 else 2602 ieee->current_network.buseprotection = false; 2603 } 2604 if (is_beacon(beacon->header.frame_ctl)) { 2605 if (ieee->state >= RTLLIB_LINKED) 2606 ieee->LinkDetectInfo.NumRecvBcnInPeriod++; 2607 } 2608 } 2609 list_for_each_entry(target, &ieee->network_list, list) { 2610 if (is_same_network(target, network, 2611 (target->ssid_len ? 1 : 0))) 2612 break; 2613 if ((oldest == NULL) || 2614 (target->last_scanned < oldest->last_scanned)) 2615 oldest = target; 2616 } 2617 2618 /* If we didn't find a match, then get a new network slot to initialize 2619 * with this beacon's information */ 2620 if (&target->list == &ieee->network_list) { 2621 if (list_empty(&ieee->network_free_list)) { 2622 /* If there are no more slots, expire the oldest */ 2623 list_del(&oldest->list); 2624 target = oldest; 2625 RTLLIB_DEBUG_SCAN("Expired '%s' ( %pM) from " 2626 "network list.\n", 2627 escape_essid(target->ssid, 2628 target->ssid_len), 2629 target->bssid); 2630 } else { 2631 /* Otherwise just pull from the free list */ 2632 target = list_entry(ieee->network_free_list.next, 2633 struct rtllib_network, list); 2634 list_del(ieee->network_free_list.next); 2635 } 2636 2637 2638 RTLLIB_DEBUG_SCAN("Adding '%s' ( %pM) via %s.\n", 2639 escape_essid(network->ssid, 2640 network->ssid_len), network->bssid, 2641 WLAN_FC_GET_STYPE( 2642 le16_to_cpu(beacon->header.frame_ctl)) == 2643 RTLLIB_STYPE_PROBE_RESP ? 2644 "PROBE RESPONSE" : "BEACON"); 2645 memcpy(target, network, sizeof(*target)); 2646 list_add_tail(&target->list, &ieee->network_list); 2647 if (ieee->softmac_features & IEEE_SOFTMAC_ASSOCIATE) 2648 rtllib_softmac_new_net(ieee, network); 2649 } else { 2650 RTLLIB_DEBUG_SCAN("Updating '%s' ( %pM) via %s.\n", 2651 escape_essid(target->ssid, 2652 target->ssid_len), target->bssid, 2653 WLAN_FC_GET_STYPE( 2654 le16_to_cpu(beacon->header.frame_ctl)) == 2655 RTLLIB_STYPE_PROBE_RESP ? 2656 "PROBE RESPONSE" : "BEACON"); 2657 2658 /* we have an entry and we are going to update it. But this 2659 * entry may be already expired. In this case we do the same 2660 * as we found a new net and call the new_net handler 2661 */ 2662 renew = !time_after(target->last_scanned + ieee->scan_age, 2663 jiffies); 2664 if ((!target->ssid_len) && 2665 (((network->ssid_len > 0) && (target->hidden_ssid_len == 0)) 2666 || ((ieee->current_network.ssid_len == network->ssid_len) && 2667 (strncmp(ieee->current_network.ssid, network->ssid, 2668 network->ssid_len) == 0) && 2669 (ieee->state == RTLLIB_NOLINK)))) 2670 renew = 1; 2671 update_network(target, network); 2672 if (renew && (ieee->softmac_features & IEEE_SOFTMAC_ASSOCIATE)) 2673 rtllib_softmac_new_net(ieee, network); 2674 } 2675 2676 spin_unlock_irqrestore(&ieee->lock, flags); 2677 if (is_beacon(beacon->header.frame_ctl) && 2678 is_same_network(&ieee->current_network, network, 2679 (network->ssid_len ? 1 : 0)) && 2680 (ieee->state == RTLLIB_LINKED)) { 2681 if (ieee->handle_beacon != NULL) 2682 ieee->handle_beacon(ieee->dev, beacon, 2683 &ieee->current_network); 2684 } 2685free_network: 2686 kfree(network); 2687 return; 2688} 2689 2690void rtllib_rx_mgt(struct rtllib_device *ieee, 2691 struct sk_buff *skb, 2692 struct rtllib_rx_stats *stats) 2693{ 2694 struct rtllib_hdr_4addr *header = (struct rtllib_hdr_4addr *)skb->data ; 2695 2696 if ((WLAN_FC_GET_STYPE(le16_to_cpu(header->frame_ctl)) != 2697 RTLLIB_STYPE_PROBE_RESP) && 2698 (WLAN_FC_GET_STYPE(le16_to_cpu(header->frame_ctl)) != 2699 RTLLIB_STYPE_BEACON)) 2700 ieee->last_rx_ps_time = jiffies; 2701 2702 switch (WLAN_FC_GET_STYPE(le16_to_cpu(header->frame_ctl))) { 2703 2704 case RTLLIB_STYPE_BEACON: 2705 RTLLIB_DEBUG_MGMT("received BEACON (%d)\n", 2706 WLAN_FC_GET_STYPE(le16_to_cpu(header->frame_ctl))); 2707 RTLLIB_DEBUG_SCAN("Beacon\n"); 2708 rtllib_process_probe_response( 2709 ieee, (struct rtllib_probe_response *)header, 2710 stats); 2711 2712 if (ieee->sta_sleep || (ieee->ps != RTLLIB_PS_DISABLED && 2713 ieee->iw_mode == IW_MODE_INFRA && 2714 ieee->state == RTLLIB_LINKED)) 2715 tasklet_schedule(&ieee->ps_task); 2716 2717 break; 2718 2719 case RTLLIB_STYPE_PROBE_RESP: 2720 RTLLIB_DEBUG_MGMT("received PROBE RESPONSE (%d)\n", 2721 WLAN_FC_GET_STYPE(le16_to_cpu(header->frame_ctl))); 2722 RTLLIB_DEBUG_SCAN("Probe response\n"); 2723 rtllib_process_probe_response(ieee, 2724 (struct rtllib_probe_response *)header, stats); 2725 break; 2726 case RTLLIB_STYPE_PROBE_REQ: 2727 RTLLIB_DEBUG_MGMT("received PROBE RESQUEST (%d)\n", 2728 WLAN_FC_GET_STYPE( 2729 le16_to_cpu(header->frame_ctl))); 2730 RTLLIB_DEBUG_SCAN("Probe request\n"); 2731 if ((ieee->softmac_features & IEEE_SOFTMAC_PROBERS) && 2732 ((ieee->iw_mode == IW_MODE_ADHOC || 2733 ieee->iw_mode == IW_MODE_MASTER) && 2734 ieee->state == RTLLIB_LINKED)) 2735 rtllib_rx_probe_rq(ieee, skb); 2736 break; 2737 } 2738} 2739