1/* 2 * Original code based Host AP (software wireless LAN access point) driver 3 * for Intersil Prism2/2.5/3 - hostap.o module, common routines 4 * 5 * Copyright (c) 2001-2002, SSH Communications Security Corp and Jouni Malinen 6 * <jkmaline@cc.hut.fi> 7 * Copyright (c) 2002-2003, Jouni Malinen <jkmaline@cc.hut.fi> 8 * Copyright (c) 2004, Intel Corporation 9 * 10 * This program is free software; you can redistribute it and/or modify 11 * it under the terms of the GNU General Public License version 2 as 12 * published by the Free Software Foundation. See README and COPYING for 13 * more details. 14 ****************************************************************************** 15 16 Few modifications for Realtek's Wi-Fi drivers by 17 Andrea Merello <andrea.merello@gmail.com> 18 19 A special thanks goes to Realtek for their support ! 20 21******************************************************************************/ 22 23 24#include <linux/compiler.h> 25#include <linux/errno.h> 26#include <linux/if_arp.h> 27#include <linux/in6.h> 28#include <linux/in.h> 29#include <linux/ip.h> 30#include <linux/kernel.h> 31#include <linux/module.h> 32#include <linux/netdevice.h> 33#include <linux/pci.h> 34#include <linux/proc_fs.h> 35#include <linux/skbuff.h> 36#include <linux/slab.h> 37#include <linux/tcp.h> 38#include <linux/types.h> 39#include <linux/wireless.h> 40#include <linux/etherdevice.h> 41#include <linux/uaccess.h> 42#include <linux/ctype.h> 43 44#include "rtllib.h" 45#include "dot11d.h" 46 47static inline void rtllib_monitor_rx(struct rtllib_device *ieee, 48 struct sk_buff *skb, struct rtllib_rx_stats *rx_status, 49 size_t hdr_length) 50{ 51 skb->dev = ieee->dev; 52 skb_reset_mac_header(skb); 53 skb_pull(skb, hdr_length); 54 skb->pkt_type = PACKET_OTHERHOST; 55 skb->protocol = htons(ETH_P_80211_RAW); 56 memset(skb->cb, 0, sizeof(skb->cb)); 57 netif_rx(skb); 58} 59 60/* Called only as a tasklet (software IRQ) */ 61static struct rtllib_frag_entry * 62rtllib_frag_cache_find(struct rtllib_device *ieee, unsigned int seq, 63 unsigned int frag, u8 tid, u8 *src, u8 *dst) 64{ 65 struct rtllib_frag_entry *entry; 66 int i; 67 68 for (i = 0; i < RTLLIB_FRAG_CACHE_LEN; i++) { 69 entry = &ieee->frag_cache[tid][i]; 70 if (entry->skb != NULL && 71 time_after(jiffies, entry->first_frag_time + 2 * HZ)) { 72 RTLLIB_DEBUG_FRAG( 73 "expiring fragment cache entry seq=%u last_frag=%u\n", 74 entry->seq, entry->last_frag); 75 dev_kfree_skb_any(entry->skb); 76 entry->skb = NULL; 77 } 78 79 if (entry->skb != NULL && entry->seq == seq && 80 (entry->last_frag + 1 == frag || frag == -1) && 81 memcmp(entry->src_addr, src, ETH_ALEN) == 0 && 82 memcmp(entry->dst_addr, dst, ETH_ALEN) == 0) 83 return entry; 84 } 85 86 return NULL; 87} 88 89/* Called only as a tasklet (software IRQ) */ 90static struct sk_buff * 91rtllib_frag_cache_get(struct rtllib_device *ieee, 92 struct rtllib_hdr_4addr *hdr) 93{ 94 struct sk_buff *skb = NULL; 95 u16 fc = le16_to_cpu(hdr->frame_ctl); 96 u16 sc = le16_to_cpu(hdr->seq_ctl); 97 unsigned int frag = WLAN_GET_SEQ_FRAG(sc); 98 unsigned int seq = WLAN_GET_SEQ_SEQ(sc); 99 struct rtllib_frag_entry *entry; 100 struct rtllib_hdr_3addrqos *hdr_3addrqos; 101 struct rtllib_hdr_4addrqos *hdr_4addrqos; 102 u8 tid; 103 104 if (((fc & RTLLIB_FCTL_DSTODS) == RTLLIB_FCTL_DSTODS) && RTLLIB_QOS_HAS_SEQ(fc)) { 105 hdr_4addrqos = (struct rtllib_hdr_4addrqos *)hdr; 106 tid = le16_to_cpu(hdr_4addrqos->qos_ctl) & RTLLIB_QCTL_TID; 107 tid = UP2AC(tid); 108 tid++; 109 } else if (RTLLIB_QOS_HAS_SEQ(fc)) { 110 hdr_3addrqos = (struct rtllib_hdr_3addrqos *)hdr; 111 tid = le16_to_cpu(hdr_3addrqos->qos_ctl) & RTLLIB_QCTL_TID; 112 tid = UP2AC(tid); 113 tid++; 114 } else { 115 tid = 0; 116 } 117 118 if (frag == 0) { 119 /* Reserve enough space to fit maximum frame length */ 120 skb = dev_alloc_skb(ieee->dev->mtu + 121 sizeof(struct rtllib_hdr_4addr) + 122 8 /* LLC */ + 123 2 /* alignment */ + 124 8 /* WEP */ + 125 ETH_ALEN /* WDS */ + 126 (RTLLIB_QOS_HAS_SEQ(fc) ? 2 : 0) /* QOS Control */); 127 if (skb == NULL) 128 return NULL; 129 130 entry = &ieee->frag_cache[tid][ieee->frag_next_idx[tid]]; 131 ieee->frag_next_idx[tid]++; 132 if (ieee->frag_next_idx[tid] >= RTLLIB_FRAG_CACHE_LEN) 133 ieee->frag_next_idx[tid] = 0; 134 135 if (entry->skb != NULL) 136 dev_kfree_skb_any(entry->skb); 137 138 entry->first_frag_time = jiffies; 139 entry->seq = seq; 140 entry->last_frag = frag; 141 entry->skb = skb; 142 memcpy(entry->src_addr, hdr->addr2, ETH_ALEN); 143 memcpy(entry->dst_addr, hdr->addr1, ETH_ALEN); 144 } else { 145 /* received a fragment of a frame for which the head fragment 146 * should have already been received 147 */ 148 entry = rtllib_frag_cache_find(ieee, seq, frag, tid, hdr->addr2, 149 hdr->addr1); 150 if (entry != NULL) { 151 entry->last_frag = frag; 152 skb = entry->skb; 153 } 154 } 155 156 return skb; 157} 158 159 160/* Called only as a tasklet (software IRQ) */ 161static int rtllib_frag_cache_invalidate(struct rtllib_device *ieee, 162 struct rtllib_hdr_4addr *hdr) 163{ 164 u16 fc = le16_to_cpu(hdr->frame_ctl); 165 u16 sc = le16_to_cpu(hdr->seq_ctl); 166 unsigned int seq = WLAN_GET_SEQ_SEQ(sc); 167 struct rtllib_frag_entry *entry; 168 struct rtllib_hdr_3addrqos *hdr_3addrqos; 169 struct rtllib_hdr_4addrqos *hdr_4addrqos; 170 u8 tid; 171 172 if (((fc & RTLLIB_FCTL_DSTODS) == RTLLIB_FCTL_DSTODS) && RTLLIB_QOS_HAS_SEQ(fc)) { 173 hdr_4addrqos = (struct rtllib_hdr_4addrqos *)hdr; 174 tid = le16_to_cpu(hdr_4addrqos->qos_ctl) & RTLLIB_QCTL_TID; 175 tid = UP2AC(tid); 176 tid++; 177 } else if (RTLLIB_QOS_HAS_SEQ(fc)) { 178 hdr_3addrqos = (struct rtllib_hdr_3addrqos *)hdr; 179 tid = le16_to_cpu(hdr_3addrqos->qos_ctl) & RTLLIB_QCTL_TID; 180 tid = UP2AC(tid); 181 tid++; 182 } else { 183 tid = 0; 184 } 185 186 entry = rtllib_frag_cache_find(ieee, seq, -1, tid, hdr->addr2, 187 hdr->addr1); 188 189 if (entry == NULL) { 190 RTLLIB_DEBUG_FRAG( 191 "could not invalidate fragment cache entry (seq=%u)\n", seq); 192 return -1; 193 } 194 195 entry->skb = NULL; 196 return 0; 197} 198 199/* rtllib_rx_frame_mgtmt 200 * 201 * Responsible for handling management control frames 202 * 203 * Called by rtllib_rx 204 */ 205static inline int 206rtllib_rx_frame_mgmt(struct rtllib_device *ieee, struct sk_buff *skb, 207 struct rtllib_rx_stats *rx_stats, u16 type, 208 u16 stype) 209{ 210 /* On the struct stats definition there is written that 211 * this is not mandatory.... but seems that the probe 212 * response parser uses it 213 */ 214 struct rtllib_hdr_3addr *hdr = (struct rtllib_hdr_3addr *)skb->data; 215 216 rx_stats->len = skb->len; 217 rtllib_rx_mgt(ieee, skb, rx_stats); 218 if ((memcmp(hdr->addr1, ieee->dev->dev_addr, ETH_ALEN))) { 219 dev_kfree_skb_any(skb); 220 return 0; 221 } 222 rtllib_rx_frame_softmac(ieee, skb, rx_stats, type, stype); 223 224 dev_kfree_skb_any(skb); 225 226 return 0; 227} 228 229/* See IEEE 802.1H for LLC/SNAP encapsulation/decapsulation 230 * Ethernet-II snap header (RFC1042 for most EtherTypes) 231 */ 232static unsigned char rfc1042_header[] = { 233 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 234}; 235/* Bridge-Tunnel header (for EtherTypes ETH_P_AARP and ETH_P_IPX) */ 236static unsigned char bridge_tunnel_header[] = { 237 0xaa, 0xaa, 0x03, 0x00, 0x00, 0xf8 238}; 239/* No encapsulation header if EtherType < 0x600 (=length) */ 240 241/* Called by rtllib_rx_frame_decrypt */ 242static int rtllib_is_eapol_frame(struct rtllib_device *ieee, 243 struct sk_buff *skb, size_t hdrlen) 244{ 245 struct net_device *dev = ieee->dev; 246 u16 fc, ethertype; 247 struct rtllib_hdr_4addr *hdr; 248 u8 *pos; 249 250 if (skb->len < 24) 251 return 0; 252 253 hdr = (struct rtllib_hdr_4addr *) skb->data; 254 fc = le16_to_cpu(hdr->frame_ctl); 255 256 /* check that the frame is unicast frame to us */ 257 if ((fc & (RTLLIB_FCTL_TODS | RTLLIB_FCTL_FROMDS)) == 258 RTLLIB_FCTL_TODS && 259 memcmp(hdr->addr1, dev->dev_addr, ETH_ALEN) == 0 && 260 memcmp(hdr->addr3, dev->dev_addr, ETH_ALEN) == 0) { 261 /* ToDS frame with own addr BSSID and DA */ 262 } else if ((fc & (RTLLIB_FCTL_TODS | RTLLIB_FCTL_FROMDS)) == 263 RTLLIB_FCTL_FROMDS && 264 memcmp(hdr->addr1, dev->dev_addr, ETH_ALEN) == 0) { 265 /* FromDS frame with own addr as DA */ 266 } else 267 return 0; 268 269 if (skb->len < 24 + 8) 270 return 0; 271 272 /* check for port access entity Ethernet type */ 273 pos = skb->data + hdrlen; 274 ethertype = (pos[6] << 8) | pos[7]; 275 if (ethertype == ETH_P_PAE) 276 return 1; 277 278 return 0; 279} 280 281/* Called only as a tasklet (software IRQ), by rtllib_rx */ 282static inline int 283rtllib_rx_frame_decrypt(struct rtllib_device *ieee, struct sk_buff *skb, 284 struct lib80211_crypt_data *crypt) 285{ 286 struct rtllib_hdr_4addr *hdr; 287 int res, hdrlen; 288 289 if (crypt == NULL || crypt->ops->decrypt_mpdu == NULL) 290 return 0; 291 292 if (ieee->hwsec_active) { 293 struct cb_desc *tcb_desc = (struct cb_desc *)(skb->cb + MAX_DEV_ADDR_SIZE); 294 295 tcb_desc->bHwSec = 1; 296 297 if (ieee->need_sw_enc) 298 tcb_desc->bHwSec = 0; 299 } 300 301 hdr = (struct rtllib_hdr_4addr *) skb->data; 302 hdrlen = rtllib_get_hdrlen(le16_to_cpu(hdr->frame_ctl)); 303 304 atomic_inc(&crypt->refcnt); 305 res = crypt->ops->decrypt_mpdu(skb, hdrlen, crypt->priv); 306 atomic_dec(&crypt->refcnt); 307 if (res < 0) { 308 RTLLIB_DEBUG_DROP( 309 "decryption failed (SA= %pM) res=%d\n", hdr->addr2, res); 310 if (res == -2) 311 RTLLIB_DEBUG_DROP("Decryption failed ICV mismatch (key %d)\n", 312 skb->data[hdrlen + 3] >> 6); 313 ieee->ieee_stats.rx_discards_undecryptable++; 314 return -1; 315 } 316 317 return res; 318} 319 320 321/* Called only as a tasklet (software IRQ), by rtllib_rx */ 322static inline int 323rtllib_rx_frame_decrypt_msdu(struct rtllib_device *ieee, struct sk_buff *skb, 324 int keyidx, struct lib80211_crypt_data *crypt) 325{ 326 struct rtllib_hdr_4addr *hdr; 327 int res, hdrlen; 328 329 if (crypt == NULL || crypt->ops->decrypt_msdu == NULL) 330 return 0; 331 if (ieee->hwsec_active) { 332 struct cb_desc *tcb_desc = (struct cb_desc *)(skb->cb + MAX_DEV_ADDR_SIZE); 333 334 tcb_desc->bHwSec = 1; 335 336 if (ieee->need_sw_enc) 337 tcb_desc->bHwSec = 0; 338 } 339 340 hdr = (struct rtllib_hdr_4addr *) skb->data; 341 hdrlen = rtllib_get_hdrlen(le16_to_cpu(hdr->frame_ctl)); 342 343 atomic_inc(&crypt->refcnt); 344 res = crypt->ops->decrypt_msdu(skb, keyidx, hdrlen, crypt->priv); 345 atomic_dec(&crypt->refcnt); 346 if (res < 0) { 347 printk(KERN_DEBUG "%s: MSDU decryption/MIC verification failed (SA= %pM keyidx=%d)\n", 348 ieee->dev->name, hdr->addr2, keyidx); 349 return -1; 350 } 351 352 return 0; 353} 354 355 356/* this function is stolen from ipw2200 driver*/ 357#define IEEE_PACKET_RETRY_TIME (5*HZ) 358static int is_duplicate_packet(struct rtllib_device *ieee, 359 struct rtllib_hdr_4addr *header) 360{ 361 u16 fc = le16_to_cpu(header->frame_ctl); 362 u16 sc = le16_to_cpu(header->seq_ctl); 363 u16 seq = WLAN_GET_SEQ_SEQ(sc); 364 u16 frag = WLAN_GET_SEQ_FRAG(sc); 365 u16 *last_seq, *last_frag; 366 unsigned long *last_time; 367 struct rtllib_hdr_3addrqos *hdr_3addrqos; 368 struct rtllib_hdr_4addrqos *hdr_4addrqos; 369 u8 tid; 370 371 if (((fc & RTLLIB_FCTL_DSTODS) == RTLLIB_FCTL_DSTODS) && RTLLIB_QOS_HAS_SEQ(fc)) { 372 hdr_4addrqos = (struct rtllib_hdr_4addrqos *)header; 373 tid = le16_to_cpu(hdr_4addrqos->qos_ctl) & RTLLIB_QCTL_TID; 374 tid = UP2AC(tid); 375 tid++; 376 } else if (RTLLIB_QOS_HAS_SEQ(fc)) { 377 hdr_3addrqos = (struct rtllib_hdr_3addrqos *)header; 378 tid = le16_to_cpu(hdr_3addrqos->qos_ctl) & RTLLIB_QCTL_TID; 379 tid = UP2AC(tid); 380 tid++; 381 } else { 382 tid = 0; 383 } 384 385 switch (ieee->iw_mode) { 386 case IW_MODE_ADHOC: 387 { 388 struct list_head *p; 389 struct ieee_ibss_seq *entry = NULL; 390 u8 *mac = header->addr2; 391 int index = mac[5] % IEEE_IBSS_MAC_HASH_SIZE; 392 393 list_for_each(p, &ieee->ibss_mac_hash[index]) { 394 entry = list_entry(p, struct ieee_ibss_seq, list); 395 if (!memcmp(entry->mac, mac, ETH_ALEN)) 396 break; 397 } 398 if (p == &ieee->ibss_mac_hash[index]) { 399 entry = kmalloc(sizeof(struct ieee_ibss_seq), GFP_ATOMIC); 400 if (!entry) 401 return 0; 402 403 memcpy(entry->mac, mac, ETH_ALEN); 404 entry->seq_num[tid] = seq; 405 entry->frag_num[tid] = frag; 406 entry->packet_time[tid] = jiffies; 407 list_add(&entry->list, &ieee->ibss_mac_hash[index]); 408 return 0; 409 } 410 last_seq = &entry->seq_num[tid]; 411 last_frag = &entry->frag_num[tid]; 412 last_time = &entry->packet_time[tid]; 413 break; 414 } 415 416 case IW_MODE_INFRA: 417 last_seq = &ieee->last_rxseq_num[tid]; 418 last_frag = &ieee->last_rxfrag_num[tid]; 419 last_time = &ieee->last_packet_time[tid]; 420 break; 421 default: 422 return 0; 423 } 424 425 if ((*last_seq == seq) && 426 time_after(*last_time + IEEE_PACKET_RETRY_TIME, jiffies)) { 427 if (*last_frag == frag) 428 goto drop; 429 if (*last_frag + 1 != frag) 430 /* out-of-order fragment */ 431 goto drop; 432 } else 433 *last_seq = seq; 434 435 *last_frag = frag; 436 *last_time = jiffies; 437 return 0; 438 439drop: 440 441 return 1; 442} 443 444static bool AddReorderEntry(struct rx_ts_record *pTS, 445 struct rx_reorder_entry *pReorderEntry) 446{ 447 struct list_head *pList = &pTS->RxPendingPktList; 448 449 while (pList->next != &pTS->RxPendingPktList) { 450 if (SN_LESS(pReorderEntry->SeqNum, ((struct rx_reorder_entry *) 451 list_entry(pList->next, struct rx_reorder_entry, 452 List))->SeqNum)) 453 pList = pList->next; 454 else if (SN_EQUAL(pReorderEntry->SeqNum, 455 ((struct rx_reorder_entry *)list_entry(pList->next, 456 struct rx_reorder_entry, List))->SeqNum)) 457 return false; 458 else 459 break; 460 } 461 pReorderEntry->List.next = pList->next; 462 pReorderEntry->List.next->prev = &pReorderEntry->List; 463 pReorderEntry->List.prev = pList; 464 pList->next = &pReorderEntry->List; 465 466 return true; 467} 468 469void rtllib_indicate_packets(struct rtllib_device *ieee, struct rtllib_rxb **prxbIndicateArray, u8 index) 470{ 471 struct net_device_stats *stats = &ieee->stats; 472 u8 i = 0 , j = 0; 473 u16 ethertype; 474 475 for (j = 0; j < index; j++) { 476 struct rtllib_rxb *prxb = prxbIndicateArray[j]; 477 478 for (i = 0; i < prxb->nr_subframes; i++) { 479 struct sk_buff *sub_skb = prxb->subframes[i]; 480 481 /* convert hdr + possible LLC headers into Ethernet header */ 482 ethertype = (sub_skb->data[6] << 8) | sub_skb->data[7]; 483 if (sub_skb->len >= 8 && 484 ((memcmp(sub_skb->data, rfc1042_header, SNAP_SIZE) == 0 && 485 ethertype != ETH_P_AARP && ethertype != ETH_P_IPX) || 486 memcmp(sub_skb->data, bridge_tunnel_header, SNAP_SIZE) == 0)) { 487 /* remove RFC1042 or Bridge-Tunnel encapsulation 488 * and replace EtherType 489 */ 490 skb_pull(sub_skb, SNAP_SIZE); 491 memcpy(skb_push(sub_skb, ETH_ALEN), prxb->src, ETH_ALEN); 492 memcpy(skb_push(sub_skb, ETH_ALEN), prxb->dst, ETH_ALEN); 493 } else { 494 u16 len; 495 /* Leave Ethernet header part of hdr and full payload */ 496 len = sub_skb->len; 497 memcpy(skb_push(sub_skb, 2), &len, 2); 498 memcpy(skb_push(sub_skb, ETH_ALEN), prxb->src, ETH_ALEN); 499 memcpy(skb_push(sub_skb, ETH_ALEN), prxb->dst, ETH_ALEN); 500 } 501 502 /* Indicate the packets to upper layer */ 503 if (sub_skb) { 504 stats->rx_packets++; 505 stats->rx_bytes += sub_skb->len; 506 507 memset(sub_skb->cb, 0, sizeof(sub_skb->cb)); 508 sub_skb->protocol = eth_type_trans(sub_skb, ieee->dev); 509 sub_skb->dev = ieee->dev; 510 sub_skb->dev->stats.rx_packets++; 511 sub_skb->dev->stats.rx_bytes += sub_skb->len; 512 sub_skb->ip_summed = CHECKSUM_NONE; /* 802.11 crc not sufficient */ 513 ieee->last_rx_ps_time = jiffies; 514 netif_rx(sub_skb); 515 } 516 } 517 kfree(prxb); 518 prxb = NULL; 519 } 520} 521 522void rtllib_FlushRxTsPendingPkts(struct rtllib_device *ieee, struct rx_ts_record *pTS) 523{ 524 struct rx_reorder_entry *pRxReorderEntry; 525 u8 RfdCnt = 0; 526 527 del_timer_sync(&pTS->RxPktPendingTimer); 528 while (!list_empty(&pTS->RxPendingPktList)) { 529 if (RfdCnt >= REORDER_WIN_SIZE) { 530 netdev_info(ieee->dev, 531 "-------------->%s() error! RfdCnt >= REORDER_WIN_SIZE\n", 532 __func__); 533 break; 534 } 535 536 pRxReorderEntry = (struct rx_reorder_entry *)list_entry(pTS->RxPendingPktList.prev, struct rx_reorder_entry, List); 537 RTLLIB_DEBUG(RTLLIB_DL_REORDER, "%s(): Indicate SeqNum %d!\n", __func__, pRxReorderEntry->SeqNum); 538 list_del_init(&pRxReorderEntry->List); 539 540 ieee->RfdArray[RfdCnt] = pRxReorderEntry->prxb; 541 542 RfdCnt = RfdCnt + 1; 543 list_add_tail(&pRxReorderEntry->List, &ieee->RxReorder_Unused_List); 544 } 545 rtllib_indicate_packets(ieee, ieee->RfdArray, RfdCnt); 546 547 pTS->RxIndicateSeq = 0xffff; 548} 549 550static void RxReorderIndicatePacket(struct rtllib_device *ieee, 551 struct rtllib_rxb *prxb, 552 struct rx_ts_record *pTS, u16 SeqNum) 553{ 554 struct rt_hi_throughput *pHTInfo = ieee->pHTInfo; 555 struct rx_reorder_entry *pReorderEntry = NULL; 556 u8 WinSize = pHTInfo->RxReorderWinSize; 557 u16 WinEnd = 0; 558 u8 index = 0; 559 bool bMatchWinStart = false, bPktInBuf = false; 560 unsigned long flags; 561 562 RTLLIB_DEBUG(RTLLIB_DL_REORDER, "%s(): Seq is %d, pTS->RxIndicateSeq is %d, WinSize is %d\n", __func__, SeqNum, 563 pTS->RxIndicateSeq, WinSize); 564 565 spin_lock_irqsave(&(ieee->reorder_spinlock), flags); 566 567 WinEnd = (pTS->RxIndicateSeq + WinSize - 1) % 4096; 568 /* Rx Reorder initialize condition.*/ 569 if (pTS->RxIndicateSeq == 0xffff) 570 pTS->RxIndicateSeq = SeqNum; 571 572 /* Drop out the packet which SeqNum is smaller than WinStart */ 573 if (SN_LESS(SeqNum, pTS->RxIndicateSeq)) { 574 RTLLIB_DEBUG(RTLLIB_DL_REORDER, "Packet Drop! IndicateSeq: %d, NewSeq: %d\n", 575 pTS->RxIndicateSeq, SeqNum); 576 pHTInfo->RxReorderDropCounter++; 577 { 578 int i; 579 580 for (i = 0; i < prxb->nr_subframes; i++) 581 dev_kfree_skb(prxb->subframes[i]); 582 kfree(prxb); 583 prxb = NULL; 584 } 585 spin_unlock_irqrestore(&(ieee->reorder_spinlock), flags); 586 return; 587 } 588 589 /* Sliding window manipulation. Conditions includes: 590 * 1. Incoming SeqNum is equal to WinStart =>Window shift 1 591 * 2. Incoming SeqNum is larger than the WinEnd => Window shift N 592 */ 593 if (SN_EQUAL(SeqNum, pTS->RxIndicateSeq)) { 594 pTS->RxIndicateSeq = (pTS->RxIndicateSeq + 1) % 4096; 595 bMatchWinStart = true; 596 } else if (SN_LESS(WinEnd, SeqNum)) { 597 if (SeqNum >= (WinSize - 1)) 598 pTS->RxIndicateSeq = SeqNum + 1 - WinSize; 599 else 600 pTS->RxIndicateSeq = 4095 - (WinSize - (SeqNum + 1)) + 1; 601 RTLLIB_DEBUG(RTLLIB_DL_REORDER, "Window Shift! IndicateSeq: %d, NewSeq: %d\n", pTS->RxIndicateSeq, SeqNum); 602 } 603 604 /* Indication process. 605 * After Packet dropping and Sliding Window shifting as above, we can 606 * now just indicate the packets with the SeqNum smaller than latest 607 * WinStart and struct buffer other packets. 608 * 609 * For Rx Reorder condition: 610 * 1. All packets with SeqNum smaller than WinStart => Indicate 611 * 2. All packets with SeqNum larger than or equal to 612 * WinStart => Buffer it. 613 */ 614 if (bMatchWinStart) { 615 /* Current packet is going to be indicated.*/ 616 RTLLIB_DEBUG(RTLLIB_DL_REORDER, "Packets indication!! IndicateSeq: %d, NewSeq: %d\n", 617 pTS->RxIndicateSeq, SeqNum); 618 ieee->prxbIndicateArray[0] = prxb; 619 index = 1; 620 } else { 621 /* Current packet is going to be inserted into pending list.*/ 622 if (!list_empty(&ieee->RxReorder_Unused_List)) { 623 pReorderEntry = (struct rx_reorder_entry *) 624 list_entry(ieee->RxReorder_Unused_List.next, 625 struct rx_reorder_entry, List); 626 list_del_init(&pReorderEntry->List); 627 628 /* Make a reorder entry and insert into a the packet list.*/ 629 pReorderEntry->SeqNum = SeqNum; 630 pReorderEntry->prxb = prxb; 631 632 if (!AddReorderEntry(pTS, pReorderEntry)) { 633 RTLLIB_DEBUG(RTLLIB_DL_REORDER, 634 "%s(): Duplicate packet is dropped!! IndicateSeq: %d, NewSeq: %d\n", 635 __func__, pTS->RxIndicateSeq, 636 SeqNum); 637 list_add_tail(&pReorderEntry->List, 638 &ieee->RxReorder_Unused_List); { 639 int i; 640 641 for (i = 0; i < prxb->nr_subframes; i++) 642 dev_kfree_skb(prxb->subframes[i]); 643 kfree(prxb); 644 prxb = NULL; 645 } 646 } else { 647 RTLLIB_DEBUG(RTLLIB_DL_REORDER, 648 "Pkt insert into struct buffer!! IndicateSeq: %d, NewSeq: %d\n", 649 pTS->RxIndicateSeq, SeqNum); 650 } 651 } else { 652 /* Packets are dropped if there are not enough reorder 653 * entries. This part should be modified!! We can just 654 * indicate all the packets in struct buffer and get 655 * reorder entries. 656 */ 657 RTLLIB_DEBUG(RTLLIB_DL_ERR, "RxReorderIndicatePacket(): There is no reorder entry!! Packet is dropped!!\n"); 658 { 659 int i; 660 661 for (i = 0; i < prxb->nr_subframes; i++) 662 dev_kfree_skb(prxb->subframes[i]); 663 kfree(prxb); 664 prxb = NULL; 665 } 666 } 667 } 668 669 /* Check if there is any packet need indicate.*/ 670 while (!list_empty(&pTS->RxPendingPktList)) { 671 RTLLIB_DEBUG(RTLLIB_DL_REORDER, "%s(): start RREORDER indicate\n", __func__); 672 673 pReorderEntry = (struct rx_reorder_entry *)list_entry(pTS->RxPendingPktList.prev, 674 struct rx_reorder_entry, List); 675 if (SN_LESS(pReorderEntry->SeqNum, pTS->RxIndicateSeq) || 676 SN_EQUAL(pReorderEntry->SeqNum, pTS->RxIndicateSeq)) { 677 /* This protect struct buffer from overflow. */ 678 if (index >= REORDER_WIN_SIZE) { 679 RTLLIB_DEBUG(RTLLIB_DL_ERR, "RxReorderIndicatePacket(): Buffer overflow!!\n"); 680 bPktInBuf = true; 681 break; 682 } 683 684 list_del_init(&pReorderEntry->List); 685 686 if (SN_EQUAL(pReorderEntry->SeqNum, pTS->RxIndicateSeq)) 687 pTS->RxIndicateSeq = (pTS->RxIndicateSeq + 1) % 4096; 688 689 ieee->prxbIndicateArray[index] = pReorderEntry->prxb; 690 RTLLIB_DEBUG(RTLLIB_DL_REORDER, "%s(): Indicate SeqNum %d!\n", __func__, pReorderEntry->SeqNum); 691 index++; 692 693 list_add_tail(&pReorderEntry->List, 694 &ieee->RxReorder_Unused_List); 695 } else { 696 bPktInBuf = true; 697 break; 698 } 699 } 700 701 /* Handling pending timer. Set this timer to prevent from long time 702 * Rx buffering. 703 */ 704 if (index > 0) { 705 if (timer_pending(&pTS->RxPktPendingTimer)) 706 del_timer_sync(&pTS->RxPktPendingTimer); 707 pTS->RxTimeoutIndicateSeq = 0xffff; 708 709 if (index > REORDER_WIN_SIZE) { 710 RTLLIB_DEBUG(RTLLIB_DL_ERR, "RxReorderIndicatePacket(): Rx Reorder struct buffer full!!\n"); 711 spin_unlock_irqrestore(&(ieee->reorder_spinlock), 712 flags); 713 return; 714 } 715 rtllib_indicate_packets(ieee, ieee->prxbIndicateArray, index); 716 bPktInBuf = false; 717 } 718 719 if (bPktInBuf && pTS->RxTimeoutIndicateSeq == 0xffff) { 720 RTLLIB_DEBUG(RTLLIB_DL_REORDER, "%s(): SET rx timeout timer\n", 721 __func__); 722 pTS->RxTimeoutIndicateSeq = pTS->RxIndicateSeq; 723 mod_timer(&pTS->RxPktPendingTimer, jiffies + 724 msecs_to_jiffies(pHTInfo->RxReorderPendingTime)); 725 } 726 spin_unlock_irqrestore(&(ieee->reorder_spinlock), flags); 727} 728 729static u8 parse_subframe(struct rtllib_device *ieee, struct sk_buff *skb, 730 struct rtllib_rx_stats *rx_stats, 731 struct rtllib_rxb *rxb, u8 *src, u8 *dst) 732{ 733 struct rtllib_hdr_3addr *hdr = (struct rtllib_hdr_3addr *)skb->data; 734 u16 fc = le16_to_cpu(hdr->frame_ctl); 735 736 u16 LLCOffset = sizeof(struct rtllib_hdr_3addr); 737 u16 ChkLength; 738 bool bIsAggregateFrame = false; 739 u16 nSubframe_Length; 740 u8 nPadding_Length = 0; 741 u16 SeqNum = 0; 742 struct sk_buff *sub_skb; 743 u8 *data_ptr; 744 /* just for debug purpose */ 745 SeqNum = WLAN_GET_SEQ_SEQ(le16_to_cpu(hdr->seq_ctl)); 746 if ((RTLLIB_QOS_HAS_SEQ(fc)) && 747 (((union frameqos *)(skb->data + RTLLIB_3ADDR_LEN))->field.reserved)) 748 bIsAggregateFrame = true; 749 750 if (RTLLIB_QOS_HAS_SEQ(fc)) 751 LLCOffset += 2; 752 if (rx_stats->bContainHTC) 753 LLCOffset += sHTCLng; 754 755 ChkLength = LLCOffset; 756 757 if (skb->len <= ChkLength) 758 return 0; 759 760 skb_pull(skb, LLCOffset); 761 ieee->bIsAggregateFrame = bIsAggregateFrame; 762 if (!bIsAggregateFrame) { 763 rxb->nr_subframes = 1; 764 765 /* altered by clark 3/30/2010 766 * The struct buffer size of the skb indicated to upper layer 767 * must be less than 5000, or the defraged IP datagram 768 * in the IP layer will exceed "ipfrag_high_tresh" and be 769 * discarded. so there must not use the function 770 * "skb_copy" and "skb_clone" for "skb". 771 */ 772 773 /* Allocate new skb for releasing to upper layer */ 774 sub_skb = dev_alloc_skb(RTLLIB_SKBBUFFER_SIZE); 775 if (!sub_skb) 776 return 0; 777 skb_reserve(sub_skb, 12); 778 data_ptr = (u8 *)skb_put(sub_skb, skb->len); 779 memcpy(data_ptr, skb->data, skb->len); 780 sub_skb->dev = ieee->dev; 781 782 rxb->subframes[0] = sub_skb; 783 784 memcpy(rxb->src, src, ETH_ALEN); 785 memcpy(rxb->dst, dst, ETH_ALEN); 786 rxb->subframes[0]->dev = ieee->dev; 787 return 1; 788 } 789 790 rxb->nr_subframes = 0; 791 memcpy(rxb->src, src, ETH_ALEN); 792 memcpy(rxb->dst, dst, ETH_ALEN); 793 while (skb->len > ETHERNET_HEADER_SIZE) { 794 /* Offset 12 denote 2 mac address */ 795 nSubframe_Length = *((u16 *)(skb->data + 12)); 796 nSubframe_Length = (nSubframe_Length >> 8) + 797 (nSubframe_Length << 8); 798 799 if (skb->len < (ETHERNET_HEADER_SIZE + nSubframe_Length)) { 800 netdev_info(ieee->dev, 801 "%s: A-MSDU parse error!! pRfd->nTotalSubframe : %d\n", 802 __func__, rxb->nr_subframes); 803 netdev_info(ieee->dev, 804 "%s: A-MSDU parse error!! Subframe Length: %d\n", 805 __func__, nSubframe_Length); 806 netdev_info(ieee->dev, 807 "nRemain_Length is %d and nSubframe_Length is : %d\n", 808 skb->len, nSubframe_Length); 809 netdev_info(ieee->dev, 810 "The Packet SeqNum is %d\n", 811 SeqNum); 812 return 0; 813 } 814 815 /* move the data point to data content */ 816 skb_pull(skb, ETHERNET_HEADER_SIZE); 817 818 /* altered by clark 3/30/2010 819 * The struct buffer size of the skb indicated to upper layer 820 * must be less than 5000, or the defraged IP datagram 821 * in the IP layer will exceed "ipfrag_high_tresh" and be 822 * discarded. so there must not use the function 823 * "skb_copy" and "skb_clone" for "skb". 824 */ 825 826 /* Allocate new skb for releasing to upper layer */ 827 sub_skb = dev_alloc_skb(nSubframe_Length + 12); 828 if (!sub_skb) 829 return 0; 830 skb_reserve(sub_skb, 12); 831 data_ptr = (u8 *)skb_put(sub_skb, nSubframe_Length); 832 memcpy(data_ptr, skb->data, nSubframe_Length); 833 834 sub_skb->dev = ieee->dev; 835 rxb->subframes[rxb->nr_subframes++] = sub_skb; 836 if (rxb->nr_subframes >= MAX_SUBFRAME_COUNT) { 837 RTLLIB_DEBUG_RX("ParseSubframe(): Too many Subframes! Packets dropped!\n"); 838 break; 839 } 840 skb_pull(skb, nSubframe_Length); 841 842 if (skb->len != 0) { 843 nPadding_Length = 4 - ((nSubframe_Length + 844 ETHERNET_HEADER_SIZE) % 4); 845 if (nPadding_Length == 4) 846 nPadding_Length = 0; 847 848 if (skb->len < nPadding_Length) 849 return 0; 850 851 skb_pull(skb, nPadding_Length); 852 } 853 } 854 855 return rxb->nr_subframes; 856} 857 858 859static size_t rtllib_rx_get_hdrlen(struct rtllib_device *ieee, 860 struct sk_buff *skb, 861 struct rtllib_rx_stats *rx_stats) 862{ 863 struct rtllib_hdr_4addr *hdr = (struct rtllib_hdr_4addr *)skb->data; 864 u16 fc = le16_to_cpu(hdr->frame_ctl); 865 size_t hdrlen = 0; 866 867 hdrlen = rtllib_get_hdrlen(fc); 868 if (HTCCheck(ieee, skb->data)) { 869 if (net_ratelimit()) 870 netdev_info(ieee->dev, "%s: find HTCControl!\n", 871 __func__); 872 hdrlen += 4; 873 rx_stats->bContainHTC = true; 874 } 875 876 if (RTLLIB_QOS_HAS_SEQ(fc)) 877 rx_stats->bIsQosData = true; 878 879 return hdrlen; 880} 881 882static int rtllib_rx_check_duplicate(struct rtllib_device *ieee, 883 struct sk_buff *skb, u8 multicast) 884{ 885 struct rtllib_hdr_4addr *hdr = (struct rtllib_hdr_4addr *)skb->data; 886 u16 fc, sc; 887 u8 frag, type, stype; 888 889 fc = le16_to_cpu(hdr->frame_ctl); 890 type = WLAN_FC_GET_TYPE(fc); 891 stype = WLAN_FC_GET_STYPE(fc); 892 sc = le16_to_cpu(hdr->seq_ctl); 893 frag = WLAN_GET_SEQ_FRAG(sc); 894 895 if ((ieee->pHTInfo->bCurRxReorderEnable == false) || 896 !ieee->current_network.qos_data.active || 897 !IsDataFrame(skb->data) || 898 IsLegacyDataFrame(skb->data)) { 899 if (!((type == RTLLIB_FTYPE_MGMT) && (stype == RTLLIB_STYPE_BEACON))) { 900 if (is_duplicate_packet(ieee, hdr)) 901 return -1; 902 } 903 } else { 904 struct rx_ts_record *pRxTS = NULL; 905 906 if (GetTs(ieee, (struct ts_common_info **) &pRxTS, hdr->addr2, 907 (u8)Frame_QoSTID((u8 *)(skb->data)), RX_DIR, true)) { 908 if ((fc & (1<<11)) && (frag == pRxTS->RxLastFragNum) && 909 (WLAN_GET_SEQ_SEQ(sc) == pRxTS->RxLastSeqNum)) 910 return -1; 911 pRxTS->RxLastFragNum = frag; 912 pRxTS->RxLastSeqNum = WLAN_GET_SEQ_SEQ(sc); 913 } else { 914 RTLLIB_DEBUG(RTLLIB_DL_ERR, "ERR!!%s(): No TS!! Skip the check!!\n", __func__); 915 return -1; 916 } 917 } 918 919 return 0; 920} 921 922static void rtllib_rx_extract_addr(struct rtllib_device *ieee, 923 struct rtllib_hdr_4addr *hdr, u8 *dst, 924 u8 *src, u8 *bssid) 925{ 926 u16 fc = le16_to_cpu(hdr->frame_ctl); 927 928 switch (fc & (RTLLIB_FCTL_FROMDS | RTLLIB_FCTL_TODS)) { 929 case RTLLIB_FCTL_FROMDS: 930 memcpy(dst, hdr->addr1, ETH_ALEN); 931 memcpy(src, hdr->addr3, ETH_ALEN); 932 memcpy(bssid, hdr->addr2, ETH_ALEN); 933 break; 934 case RTLLIB_FCTL_TODS: 935 memcpy(dst, hdr->addr3, ETH_ALEN); 936 memcpy(src, hdr->addr2, ETH_ALEN); 937 memcpy(bssid, hdr->addr1, ETH_ALEN); 938 break; 939 case RTLLIB_FCTL_FROMDS | RTLLIB_FCTL_TODS: 940 memcpy(dst, hdr->addr3, ETH_ALEN); 941 memcpy(src, hdr->addr4, ETH_ALEN); 942 memcpy(bssid, ieee->current_network.bssid, ETH_ALEN); 943 break; 944 case 0: 945 memcpy(dst, hdr->addr1, ETH_ALEN); 946 memcpy(src, hdr->addr2, ETH_ALEN); 947 memcpy(bssid, hdr->addr3, ETH_ALEN); 948 break; 949 } 950} 951 952static int rtllib_rx_data_filter(struct rtllib_device *ieee, u16 fc, 953 u8 *dst, u8 *src, u8 *bssid, u8 *addr2) 954{ 955 u8 type, stype; 956 957 type = WLAN_FC_GET_TYPE(fc); 958 stype = WLAN_FC_GET_STYPE(fc); 959 960 /* Filter frames from different BSS */ 961 if (((fc & RTLLIB_FCTL_DSTODS) != RTLLIB_FCTL_DSTODS) && 962 !ether_addr_equal(ieee->current_network.bssid, bssid) && 963 !is_zero_ether_addr(ieee->current_network.bssid)) { 964 return -1; 965 } 966 967 /* Filter packets sent by an STA that will be forwarded by AP */ 968 if (ieee->IntelPromiscuousModeInfo.bPromiscuousOn && 969 ieee->IntelPromiscuousModeInfo.bFilterSourceStationFrame) { 970 if ((fc & RTLLIB_FCTL_TODS) && !(fc & RTLLIB_FCTL_FROMDS) && 971 !ether_addr_equal(dst, ieee->current_network.bssid) && 972 ether_addr_equal(bssid, ieee->current_network.bssid)) { 973 return -1; 974 } 975 } 976 977 /* Nullfunc frames may have PS-bit set, so they must be passed to 978 * hostap_handle_sta_rx() before being dropped here. 979 */ 980 if (!ieee->IntelPromiscuousModeInfo.bPromiscuousOn) { 981 if (stype != RTLLIB_STYPE_DATA && 982 stype != RTLLIB_STYPE_DATA_CFACK && 983 stype != RTLLIB_STYPE_DATA_CFPOLL && 984 stype != RTLLIB_STYPE_DATA_CFACKPOLL && 985 stype != RTLLIB_STYPE_QOS_DATA) { 986 if (stype != RTLLIB_STYPE_NULLFUNC) 987 RTLLIB_DEBUG_DROP( 988 "RX: dropped data frame with no data (type=0x%02x, subtype=0x%02x)\n", 989 type, stype); 990 return -1; 991 } 992 } 993 994 if (ieee->iw_mode != IW_MODE_MESH) { 995 /* packets from our adapter are dropped (echo) */ 996 if (!memcmp(src, ieee->dev->dev_addr, ETH_ALEN)) 997 return -1; 998 999 /* {broad,multi}cast packets to our BSS go through */ 1000 if (is_multicast_ether_addr(dst)) { 1001 if (memcmp(bssid, ieee->current_network.bssid, ETH_ALEN)) 1002 return -1; 1003 } 1004 } 1005 return 0; 1006} 1007 1008static int rtllib_rx_get_crypt(struct rtllib_device *ieee, struct sk_buff *skb, 1009 struct lib80211_crypt_data **crypt, size_t hdrlen) 1010{ 1011 struct rtllib_hdr_4addr *hdr = (struct rtllib_hdr_4addr *)skb->data; 1012 u16 fc = le16_to_cpu(hdr->frame_ctl); 1013 int idx = 0; 1014 1015 if (ieee->host_decrypt) { 1016 if (skb->len >= hdrlen + 3) 1017 idx = skb->data[hdrlen + 3] >> 6; 1018 1019 *crypt = ieee->crypt_info.crypt[idx]; 1020 /* allow NULL decrypt to indicate an station specific override 1021 * for default encryption 1022 */ 1023 if (*crypt && ((*crypt)->ops == NULL || 1024 (*crypt)->ops->decrypt_mpdu == NULL)) 1025 *crypt = NULL; 1026 1027 if (!*crypt && (fc & RTLLIB_FCTL_WEP)) { 1028 /* This seems to be triggered by some (multicast?) 1029 * frames from other than current BSS, so just drop the 1030 * frames silently instead of filling system log with 1031 * these reports. 1032 */ 1033 RTLLIB_DEBUG_DROP("Decryption failed (not set) (SA= %pM)\n", 1034 hdr->addr2); 1035 ieee->ieee_stats.rx_discards_undecryptable++; 1036 return -1; 1037 } 1038 } 1039 1040 return 0; 1041} 1042 1043static int rtllib_rx_decrypt(struct rtllib_device *ieee, struct sk_buff *skb, 1044 struct rtllib_rx_stats *rx_stats, 1045 struct lib80211_crypt_data *crypt, size_t hdrlen) 1046{ 1047 struct rtllib_hdr_4addr *hdr; 1048 int keyidx = 0; 1049 u16 fc, sc; 1050 u8 frag; 1051 1052 hdr = (struct rtllib_hdr_4addr *)skb->data; 1053 fc = le16_to_cpu(hdr->frame_ctl); 1054 sc = le16_to_cpu(hdr->seq_ctl); 1055 frag = WLAN_GET_SEQ_FRAG(sc); 1056 1057 if ((!rx_stats->Decrypted)) 1058 ieee->need_sw_enc = 1; 1059 else 1060 ieee->need_sw_enc = 0; 1061 1062 keyidx = rtllib_rx_frame_decrypt(ieee, skb, crypt); 1063 if (ieee->host_decrypt && (fc & RTLLIB_FCTL_WEP) && (keyidx < 0)) { 1064 netdev_info(ieee->dev, "%s: decrypt frame error\n", __func__); 1065 return -1; 1066 } 1067 1068 hdr = (struct rtllib_hdr_4addr *) skb->data; 1069 if ((frag != 0 || (fc & RTLLIB_FCTL_MOREFRAGS))) { 1070 int flen; 1071 struct sk_buff *frag_skb = rtllib_frag_cache_get(ieee, hdr); 1072 1073 RTLLIB_DEBUG_FRAG("Rx Fragment received (%u)\n", frag); 1074 1075 if (!frag_skb) { 1076 RTLLIB_DEBUG(RTLLIB_DL_RX | RTLLIB_DL_FRAG, 1077 "Rx cannot get skb from fragment cache (morefrag=%d seq=%u frag=%u)\n", 1078 (fc & RTLLIB_FCTL_MOREFRAGS) != 0, 1079 WLAN_GET_SEQ_SEQ(sc), frag); 1080 return -1; 1081 } 1082 flen = skb->len; 1083 if (frag != 0) 1084 flen -= hdrlen; 1085 1086 if (frag_skb->tail + flen > frag_skb->end) { 1087 netdev_warn(ieee->dev, 1088 "%s: host decrypted and reassembled frame did not fit skb\n", 1089 __func__); 1090 rtllib_frag_cache_invalidate(ieee, hdr); 1091 return -1; 1092 } 1093 1094 if (frag == 0) { 1095 /* copy first fragment (including full headers) into 1096 * beginning of the fragment cache skb 1097 */ 1098 memcpy(skb_put(frag_skb, flen), skb->data, flen); 1099 } else { 1100 /* append frame payload to the end of the fragment 1101 * cache skb 1102 */ 1103 memcpy(skb_put(frag_skb, flen), skb->data + hdrlen, 1104 flen); 1105 } 1106 dev_kfree_skb_any(skb); 1107 skb = NULL; 1108 1109 if (fc & RTLLIB_FCTL_MOREFRAGS) { 1110 /* more fragments expected - leave the skb in fragment 1111 * cache for now; it will be delivered to upper layers 1112 * after all fragments have been received 1113 */ 1114 return -2; 1115 } 1116 1117 /* this was the last fragment and the frame will be 1118 * delivered, so remove skb from fragment cache 1119 */ 1120 skb = frag_skb; 1121 hdr = (struct rtllib_hdr_4addr *) skb->data; 1122 rtllib_frag_cache_invalidate(ieee, hdr); 1123 } 1124 1125 /* skb: hdr + (possible reassembled) full MSDU payload; possibly still 1126 * encrypted/authenticated 1127 */ 1128 if (ieee->host_decrypt && (fc & RTLLIB_FCTL_WEP) && 1129 rtllib_rx_frame_decrypt_msdu(ieee, skb, keyidx, crypt)) { 1130 netdev_info(ieee->dev, "%s: ==>decrypt msdu error\n", __func__); 1131 return -1; 1132 } 1133 1134 hdr = (struct rtllib_hdr_4addr *) skb->data; 1135 if (crypt && !(fc & RTLLIB_FCTL_WEP) && !ieee->open_wep) { 1136 if (/*ieee->ieee802_1x &&*/ 1137 rtllib_is_eapol_frame(ieee, skb, hdrlen)) { 1138 1139 /* pass unencrypted EAPOL frames even if encryption is 1140 * configured 1141 */ 1142 struct eapol *eap = (struct eapol *)(skb->data + 1143 24); 1144 RTLLIB_DEBUG_EAP("RX: IEEE 802.1X EAPOL frame: %s\n", 1145 eap_get_type(eap->type)); 1146 } else { 1147 RTLLIB_DEBUG_DROP( 1148 "encryption configured, but RX frame not encrypted (SA= %pM)\n", 1149 hdr->addr2); 1150 return -1; 1151 } 1152 } 1153 1154 if (crypt && !(fc & RTLLIB_FCTL_WEP) && 1155 rtllib_is_eapol_frame(ieee, skb, hdrlen)) { 1156 struct eapol *eap = (struct eapol *)(skb->data + 1157 24); 1158 RTLLIB_DEBUG_EAP("RX: IEEE 802.1X EAPOL frame: %s\n", 1159 eap_get_type(eap->type)); 1160 } 1161 1162 if (crypt && !(fc & RTLLIB_FCTL_WEP) && !ieee->open_wep && 1163 !rtllib_is_eapol_frame(ieee, skb, hdrlen)) { 1164 RTLLIB_DEBUG_DROP( 1165 "dropped unencrypted RX data frame from %pM (drop_unencrypted=1)\n", 1166 hdr->addr2); 1167 return -1; 1168 } 1169 1170 if (rtllib_is_eapol_frame(ieee, skb, hdrlen)) 1171 netdev_warn(ieee->dev, "RX: IEEE802.1X EAPOL frame!\n"); 1172 1173 return 0; 1174} 1175 1176static void rtllib_rx_check_leave_lps(struct rtllib_device *ieee, u8 unicast, u8 nr_subframes) 1177{ 1178 if (unicast) { 1179 1180 if (ieee->state == RTLLIB_LINKED) { 1181 if (((ieee->LinkDetectInfo.NumRxUnicastOkInPeriod + 1182 ieee->LinkDetectInfo.NumTxOkInPeriod) > 8) || 1183 (ieee->LinkDetectInfo.NumRxUnicastOkInPeriod > 2)) { 1184 if (ieee->LeisurePSLeave) 1185 ieee->LeisurePSLeave(ieee->dev); 1186 } 1187 } 1188 } 1189 ieee->last_rx_ps_time = jiffies; 1190} 1191 1192static void rtllib_rx_indicate_pkt_legacy(struct rtllib_device *ieee, 1193 struct rtllib_rx_stats *rx_stats, 1194 struct rtllib_rxb *rxb, 1195 u8 *dst, 1196 u8 *src) 1197{ 1198 struct net_device *dev = ieee->dev; 1199 u16 ethertype; 1200 int i = 0; 1201 1202 if (rxb == NULL) { 1203 netdev_info(dev, "%s: rxb is NULL!!\n", __func__); 1204 return; 1205 } 1206 1207 for (i = 0; i < rxb->nr_subframes; i++) { 1208 struct sk_buff *sub_skb = rxb->subframes[i]; 1209 1210 if (sub_skb) { 1211 /* convert hdr + possible LLC headers into Ethernet header */ 1212 ethertype = (sub_skb->data[6] << 8) | sub_skb->data[7]; 1213 if (sub_skb->len >= 8 && 1214 ((memcmp(sub_skb->data, rfc1042_header, SNAP_SIZE) == 0 && 1215 ethertype != ETH_P_AARP && ethertype != ETH_P_IPX) || 1216 memcmp(sub_skb->data, bridge_tunnel_header, SNAP_SIZE) == 0)) { 1217 /* remove RFC1042 or Bridge-Tunnel encapsulation and 1218 * replace EtherType 1219 */ 1220 skb_pull(sub_skb, SNAP_SIZE); 1221 memcpy(skb_push(sub_skb, ETH_ALEN), src, ETH_ALEN); 1222 memcpy(skb_push(sub_skb, ETH_ALEN), dst, ETH_ALEN); 1223 } else { 1224 u16 len; 1225 /* Leave Ethernet header part of hdr and full payload */ 1226 len = sub_skb->len; 1227 memcpy(skb_push(sub_skb, 2), &len, 2); 1228 memcpy(skb_push(sub_skb, ETH_ALEN), src, ETH_ALEN); 1229 memcpy(skb_push(sub_skb, ETH_ALEN), dst, ETH_ALEN); 1230 } 1231 1232 ieee->stats.rx_packets++; 1233 ieee->stats.rx_bytes += sub_skb->len; 1234 1235 if (is_multicast_ether_addr(dst)) 1236 ieee->stats.multicast++; 1237 1238 /* Indicate the packets to upper layer */ 1239 memset(sub_skb->cb, 0, sizeof(sub_skb->cb)); 1240 sub_skb->protocol = eth_type_trans(sub_skb, dev); 1241 sub_skb->dev = dev; 1242 sub_skb->dev->stats.rx_packets++; 1243 sub_skb->dev->stats.rx_bytes += sub_skb->len; 1244 sub_skb->ip_summed = CHECKSUM_NONE; /* 802.11 crc not sufficient */ 1245 netif_rx(sub_skb); 1246 } 1247 } 1248 kfree(rxb); 1249} 1250 1251static int rtllib_rx_InfraAdhoc(struct rtllib_device *ieee, struct sk_buff *skb, 1252 struct rtllib_rx_stats *rx_stats) 1253{ 1254 struct net_device *dev = ieee->dev; 1255 struct rtllib_hdr_4addr *hdr = (struct rtllib_hdr_4addr *)skb->data; 1256 struct lib80211_crypt_data *crypt = NULL; 1257 struct rtllib_rxb *rxb = NULL; 1258 struct rx_ts_record *pTS = NULL; 1259 u16 fc, sc, SeqNum = 0; 1260 u8 type, stype, multicast = 0, unicast = 0, nr_subframes = 0, TID = 0; 1261 u8 dst[ETH_ALEN], src[ETH_ALEN], bssid[ETH_ALEN] = {0}, *payload; 1262 size_t hdrlen = 0; 1263 bool bToOtherSTA = false; 1264 int ret = 0, i = 0; 1265 1266 hdr = (struct rtllib_hdr_4addr *)skb->data; 1267 fc = le16_to_cpu(hdr->frame_ctl); 1268 type = WLAN_FC_GET_TYPE(fc); 1269 stype = WLAN_FC_GET_STYPE(fc); 1270 sc = le16_to_cpu(hdr->seq_ctl); 1271 1272 /*Filter pkt not to me*/ 1273 multicast = is_multicast_ether_addr(hdr->addr1); 1274 unicast = !multicast; 1275 if (unicast && !ether_addr_equal(dev->dev_addr, hdr->addr1)) { 1276 if (ieee->bNetPromiscuousMode) 1277 bToOtherSTA = true; 1278 else 1279 goto rx_dropped; 1280 } 1281 1282 /*Filter pkt has too small length */ 1283 hdrlen = rtllib_rx_get_hdrlen(ieee, skb, rx_stats); 1284 if (skb->len < hdrlen) { 1285 netdev_info(dev, "%s():ERR!!! skb->len is smaller than hdrlen\n", 1286 __func__); 1287 goto rx_dropped; 1288 } 1289 1290 /* Filter Duplicate pkt */ 1291 ret = rtllib_rx_check_duplicate(ieee, skb, multicast); 1292 if (ret < 0) 1293 goto rx_dropped; 1294 1295 /* Filter CTRL Frame */ 1296 if (type == RTLLIB_FTYPE_CTL) 1297 goto rx_dropped; 1298 1299 /* Filter MGNT Frame */ 1300 if (type == RTLLIB_FTYPE_MGMT) { 1301 if (bToOtherSTA) 1302 goto rx_dropped; 1303 if (rtllib_rx_frame_mgmt(ieee, skb, rx_stats, type, stype)) 1304 goto rx_dropped; 1305 else 1306 goto rx_exit; 1307 } 1308 1309 /* Filter WAPI DATA Frame */ 1310 1311 /* Update statstics for AP roaming */ 1312 if (!bToOtherSTA) { 1313 ieee->LinkDetectInfo.NumRecvDataInPeriod++; 1314 ieee->LinkDetectInfo.NumRxOkInPeriod++; 1315 } 1316 dev->last_rx = jiffies; 1317 1318 /* Data frame - extract src/dst addresses */ 1319 rtllib_rx_extract_addr(ieee, hdr, dst, src, bssid); 1320 1321 /* Filter Data frames */ 1322 ret = rtllib_rx_data_filter(ieee, fc, dst, src, bssid, hdr->addr2); 1323 if (ret < 0) 1324 goto rx_dropped; 1325 1326 if (skb->len == hdrlen) 1327 goto rx_dropped; 1328 1329 /* Send pspoll based on moredata */ 1330 if ((ieee->iw_mode == IW_MODE_INFRA) && (ieee->sta_sleep == LPS_IS_SLEEP) 1331 && (ieee->polling) && (!bToOtherSTA)) { 1332 if (WLAN_FC_MORE_DATA(fc)) { 1333 /* more data bit is set, let's request a new frame from the AP */ 1334 rtllib_sta_ps_send_pspoll_frame(ieee); 1335 } else { 1336 ieee->polling = false; 1337 } 1338 } 1339 1340 /* Get crypt if encrypted */ 1341 ret = rtllib_rx_get_crypt(ieee, skb, &crypt, hdrlen); 1342 if (ret == -1) 1343 goto rx_dropped; 1344 1345 /* Decrypt data frame (including reassemble) */ 1346 ret = rtllib_rx_decrypt(ieee, skb, rx_stats, crypt, hdrlen); 1347 if (ret == -1) 1348 goto rx_dropped; 1349 else if (ret == -2) 1350 goto rx_exit; 1351 1352 /* Get TS for Rx Reorder */ 1353 hdr = (struct rtllib_hdr_4addr *) skb->data; 1354 if (ieee->current_network.qos_data.active && IsQoSDataFrame(skb->data) 1355 && !is_multicast_ether_addr(hdr->addr1) 1356 && (!bToOtherSTA)) { 1357 TID = Frame_QoSTID(skb->data); 1358 SeqNum = WLAN_GET_SEQ_SEQ(sc); 1359 GetTs(ieee, (struct ts_common_info **) &pTS, hdr->addr2, TID, RX_DIR, true); 1360 if (TID != 0 && TID != 3) 1361 ieee->bis_any_nonbepkts = true; 1362 } 1363 1364 /* Parse rx data frame (For AMSDU) */ 1365 /* skb: hdr + (possible reassembled) full plaintext payload */ 1366 payload = skb->data + hdrlen; 1367 rxb = kmalloc(sizeof(struct rtllib_rxb), GFP_ATOMIC); 1368 if (rxb == NULL) 1369 goto rx_dropped; 1370 1371 /* to parse amsdu packets */ 1372 /* qos data packets & reserved bit is 1 */ 1373 if (parse_subframe(ieee, skb, rx_stats, rxb, src, dst) == 0) { 1374 /* only to free rxb, and not submit the packets to upper layer */ 1375 for (i = 0; i < rxb->nr_subframes; i++) 1376 dev_kfree_skb(rxb->subframes[i]); 1377 kfree(rxb); 1378 rxb = NULL; 1379 goto rx_dropped; 1380 } 1381 1382 /* Update WAPI PN */ 1383 1384 /* Check if leave LPS */ 1385 if (!bToOtherSTA) { 1386 if (ieee->bIsAggregateFrame) 1387 nr_subframes = rxb->nr_subframes; 1388 else 1389 nr_subframes = 1; 1390 if (unicast) 1391 ieee->LinkDetectInfo.NumRxUnicastOkInPeriod += nr_subframes; 1392 rtllib_rx_check_leave_lps(ieee, unicast, nr_subframes); 1393 } 1394 1395 /* Indicate packets to upper layer or Rx Reorder */ 1396 if (ieee->pHTInfo->bCurRxReorderEnable == false || pTS == NULL || bToOtherSTA) 1397 rtllib_rx_indicate_pkt_legacy(ieee, rx_stats, rxb, dst, src); 1398 else 1399 RxReorderIndicatePacket(ieee, rxb, pTS, SeqNum); 1400 1401 dev_kfree_skb(skb); 1402 1403 rx_exit: 1404 return 1; 1405 1406 rx_dropped: 1407 ieee->stats.rx_dropped++; 1408 1409 /* Returning 0 indicates to caller that we have not handled the SKB-- 1410 * so it is still allocated and can be used again by underlying 1411 * hardware as a DMA target 1412 */ 1413 return 0; 1414} 1415 1416static int rtllib_rx_Master(struct rtllib_device *ieee, struct sk_buff *skb, 1417 struct rtllib_rx_stats *rx_stats) 1418{ 1419 return 0; 1420} 1421 1422static int rtllib_rx_Monitor(struct rtllib_device *ieee, struct sk_buff *skb, 1423 struct rtllib_rx_stats *rx_stats) 1424{ 1425 struct rtllib_hdr_4addr *hdr = (struct rtllib_hdr_4addr *)skb->data; 1426 u16 fc = le16_to_cpu(hdr->frame_ctl); 1427 size_t hdrlen = rtllib_get_hdrlen(fc); 1428 1429 if (skb->len < hdrlen) { 1430 netdev_info(ieee->dev, 1431 "%s():ERR!!! skb->len is smaller than hdrlen\n", 1432 __func__); 1433 return 0; 1434 } 1435 1436 if (HTCCheck(ieee, skb->data)) { 1437 if (net_ratelimit()) 1438 netdev_info(ieee->dev, "%s: Find HTCControl!\n", 1439 __func__); 1440 hdrlen += 4; 1441 } 1442 1443 rtllib_monitor_rx(ieee, skb, rx_stats, hdrlen); 1444 ieee->stats.rx_packets++; 1445 ieee->stats.rx_bytes += skb->len; 1446 1447 return 1; 1448} 1449 1450static int rtllib_rx_Mesh(struct rtllib_device *ieee, struct sk_buff *skb, 1451 struct rtllib_rx_stats *rx_stats) 1452{ 1453 return 0; 1454} 1455 1456/* All received frames are sent to this function. @skb contains the frame in 1457 * IEEE 802.11 format, i.e., in the format it was sent over air. 1458 * This function is called only as a tasklet (software IRQ). 1459 */ 1460int rtllib_rx(struct rtllib_device *ieee, struct sk_buff *skb, 1461 struct rtllib_rx_stats *rx_stats) 1462{ 1463 int ret = 0; 1464 1465 if ((NULL == ieee) || (NULL == skb) || (NULL == rx_stats)) { 1466 pr_info("%s: Input parameters NULL!\n", __func__); 1467 goto rx_dropped; 1468 } 1469 if (skb->len < 10) { 1470 netdev_info(ieee->dev, "%s: SKB length < 10\n", __func__); 1471 goto rx_dropped; 1472 } 1473 1474 switch (ieee->iw_mode) { 1475 case IW_MODE_ADHOC: 1476 case IW_MODE_INFRA: 1477 ret = rtllib_rx_InfraAdhoc(ieee, skb, rx_stats); 1478 break; 1479 case IW_MODE_MASTER: 1480 case IW_MODE_REPEAT: 1481 ret = rtllib_rx_Master(ieee, skb, rx_stats); 1482 break; 1483 case IW_MODE_MONITOR: 1484 ret = rtllib_rx_Monitor(ieee, skb, rx_stats); 1485 break; 1486 case IW_MODE_MESH: 1487 ret = rtllib_rx_Mesh(ieee, skb, rx_stats); 1488 break; 1489 default: 1490 netdev_info(ieee->dev, "%s: ERR iw mode!!!\n", __func__); 1491 break; 1492 } 1493 1494 return ret; 1495 1496 rx_dropped: 1497 if (ieee) 1498 ieee->stats.rx_dropped++; 1499 return 0; 1500} 1501EXPORT_SYMBOL(rtllib_rx); 1502 1503static u8 qos_oui[QOS_OUI_LEN] = { 0x00, 0x50, 0xF2 }; 1504 1505/* Make ther structure we read from the beacon packet has the right values */ 1506static int rtllib_verify_qos_info(struct rtllib_qos_information_element 1507 *info_element, int sub_type) 1508{ 1509 1510 if (info_element->qui_subtype != sub_type) 1511 return -1; 1512 if (memcmp(info_element->qui, qos_oui, QOS_OUI_LEN)) 1513 return -1; 1514 if (info_element->qui_type != QOS_OUI_TYPE) 1515 return -1; 1516 if (info_element->version != QOS_VERSION_1) 1517 return -1; 1518 1519 return 0; 1520} 1521 1522 1523/* Parse a QoS parameter element */ 1524static int rtllib_read_qos_param_element(struct rtllib_qos_parameter_info 1525 *element_param, struct rtllib_info_element 1526 *info_element) 1527{ 1528 int ret = 0; 1529 u16 size = sizeof(struct rtllib_qos_parameter_info) - 2; 1530 1531 if ((info_element == NULL) || (element_param == NULL)) 1532 return -1; 1533 1534 if (info_element->id == QOS_ELEMENT_ID && info_element->len == size) { 1535 memcpy(element_param->info_element.qui, info_element->data, 1536 info_element->len); 1537 element_param->info_element.elementID = info_element->id; 1538 element_param->info_element.length = info_element->len; 1539 } else 1540 ret = -1; 1541 if (ret == 0) 1542 ret = rtllib_verify_qos_info(&element_param->info_element, 1543 QOS_OUI_PARAM_SUB_TYPE); 1544 return ret; 1545} 1546 1547/* Parse a QoS information element */ 1548static int rtllib_read_qos_info_element(struct 1549 rtllib_qos_information_element 1550 *element_info, struct rtllib_info_element 1551 *info_element) 1552{ 1553 int ret = 0; 1554 u16 size = sizeof(struct rtllib_qos_information_element) - 2; 1555 1556 if (element_info == NULL) 1557 return -1; 1558 if (info_element == NULL) 1559 return -1; 1560 1561 if ((info_element->id == QOS_ELEMENT_ID) && (info_element->len == size)) { 1562 memcpy(element_info->qui, info_element->data, 1563 info_element->len); 1564 element_info->elementID = info_element->id; 1565 element_info->length = info_element->len; 1566 } else 1567 ret = -1; 1568 1569 if (ret == 0) 1570 ret = rtllib_verify_qos_info(element_info, 1571 QOS_OUI_INFO_SUB_TYPE); 1572 return ret; 1573} 1574 1575 1576/* Write QoS parameters from the ac parameters. */ 1577static int rtllib_qos_convert_ac_to_parameters(struct rtllib_qos_parameter_info *param_elm, 1578 struct rtllib_qos_data *qos_data) 1579{ 1580 struct rtllib_qos_ac_parameter *ac_params; 1581 struct rtllib_qos_parameters *qos_param = &(qos_data->parameters); 1582 int i; 1583 u8 aci; 1584 u8 acm; 1585 1586 qos_data->wmm_acm = 0; 1587 for (i = 0; i < QOS_QUEUE_NUM; i++) { 1588 ac_params = &(param_elm->ac_params_record[i]); 1589 1590 aci = (ac_params->aci_aifsn & 0x60) >> 5; 1591 acm = (ac_params->aci_aifsn & 0x10) >> 4; 1592 1593 if (aci >= QOS_QUEUE_NUM) 1594 continue; 1595 switch (aci) { 1596 case 1: 1597 /* BIT(0) | BIT(3) */ 1598 if (acm) 1599 qos_data->wmm_acm |= (0x01<<0)|(0x01<<3); 1600 break; 1601 case 2: 1602 /* BIT(4) | BIT(5) */ 1603 if (acm) 1604 qos_data->wmm_acm |= (0x01<<4)|(0x01<<5); 1605 break; 1606 case 3: 1607 /* BIT(6) | BIT(7) */ 1608 if (acm) 1609 qos_data->wmm_acm |= (0x01<<6)|(0x01<<7); 1610 break; 1611 case 0: 1612 default: 1613 /* BIT(1) | BIT(2) */ 1614 if (acm) 1615 qos_data->wmm_acm |= (0x01<<1)|(0x01<<2); 1616 break; 1617 } 1618 1619 qos_param->aifs[aci] = (ac_params->aci_aifsn) & 0x0f; 1620 1621 /* WMM spec P.11: The minimum value for AIFSN shall be 2 */ 1622 qos_param->aifs[aci] = (qos_param->aifs[aci] < 2) ? 2 : qos_param->aifs[aci]; 1623 1624 qos_param->cw_min[aci] = cpu_to_le16(ac_params->ecw_min_max & 0x0F); 1625 1626 qos_param->cw_max[aci] = cpu_to_le16((ac_params->ecw_min_max & 0xF0) >> 4); 1627 1628 qos_param->flag[aci] = 1629 (ac_params->aci_aifsn & 0x10) ? 0x01 : 0x00; 1630 qos_param->tx_op_limit[aci] = ac_params->tx_op_limit; 1631 } 1632 return 0; 1633} 1634 1635/* we have a generic data element which it may contain QoS information or 1636 * parameters element. check the information element length to decide 1637 * which type to read 1638 */ 1639static int rtllib_parse_qos_info_param_IE(struct rtllib_info_element 1640 *info_element, 1641 struct rtllib_network *network) 1642{ 1643 int rc = 0; 1644 struct rtllib_qos_information_element qos_info_element; 1645 1646 rc = rtllib_read_qos_info_element(&qos_info_element, info_element); 1647 1648 if (rc == 0) { 1649 network->qos_data.param_count = qos_info_element.ac_info & 0x0F; 1650 network->flags |= NETWORK_HAS_QOS_INFORMATION; 1651 } else { 1652 struct rtllib_qos_parameter_info param_element; 1653 1654 rc = rtllib_read_qos_param_element(¶m_element, 1655 info_element); 1656 if (rc == 0) { 1657 rtllib_qos_convert_ac_to_parameters(¶m_element, 1658 &(network->qos_data)); 1659 network->flags |= NETWORK_HAS_QOS_PARAMETERS; 1660 network->qos_data.param_count = 1661 param_element.info_element.ac_info & 0x0F; 1662 } 1663 } 1664 1665 if (rc == 0) { 1666 RTLLIB_DEBUG_QOS("QoS is supported\n"); 1667 network->qos_data.supported = 1; 1668 } 1669 return rc; 1670} 1671 1672#define MFIE_STRING(x) case MFIE_TYPE_ ##x: return #x 1673 1674static const char *get_info_element_string(u16 id) 1675{ 1676 switch (id) { 1677 MFIE_STRING(SSID); 1678 MFIE_STRING(RATES); 1679 MFIE_STRING(FH_SET); 1680 MFIE_STRING(DS_SET); 1681 MFIE_STRING(CF_SET); 1682 MFIE_STRING(TIM); 1683 MFIE_STRING(IBSS_SET); 1684 MFIE_STRING(COUNTRY); 1685 MFIE_STRING(HOP_PARAMS); 1686 MFIE_STRING(HOP_TABLE); 1687 MFIE_STRING(REQUEST); 1688 MFIE_STRING(CHALLENGE); 1689 MFIE_STRING(POWER_CONSTRAINT); 1690 MFIE_STRING(POWER_CAPABILITY); 1691 MFIE_STRING(TPC_REQUEST); 1692 MFIE_STRING(TPC_REPORT); 1693 MFIE_STRING(SUPP_CHANNELS); 1694 MFIE_STRING(CSA); 1695 MFIE_STRING(MEASURE_REQUEST); 1696 MFIE_STRING(MEASURE_REPORT); 1697 MFIE_STRING(QUIET); 1698 MFIE_STRING(IBSS_DFS); 1699 MFIE_STRING(RSN); 1700 MFIE_STRING(RATES_EX); 1701 MFIE_STRING(GENERIC); 1702 MFIE_STRING(QOS_PARAMETER); 1703 default: 1704 return "UNKNOWN"; 1705 } 1706} 1707 1708static inline void rtllib_extract_country_ie( 1709 struct rtllib_device *ieee, 1710 struct rtllib_info_element *info_element, 1711 struct rtllib_network *network, 1712 u8 *addr2) 1713{ 1714 if (IS_DOT11D_ENABLE(ieee)) { 1715 if (info_element->len != 0) { 1716 memcpy(network->CountryIeBuf, info_element->data, info_element->len); 1717 network->CountryIeLen = info_element->len; 1718 1719 if (!IS_COUNTRY_IE_VALID(ieee)) { 1720 if (rtllib_act_scanning(ieee, false) && ieee->FirstIe_InScan) 1721 netdev_info(ieee->dev, 1722 "Received beacon ContryIE, SSID: <%s>\n", 1723 network->ssid); 1724 Dot11d_UpdateCountryIe(ieee, addr2, info_element->len, info_element->data); 1725 } 1726 } 1727 1728 if (IS_EQUAL_CIE_SRC(ieee, addr2)) 1729 UPDATE_CIE_WATCHDOG(ieee); 1730 } 1731 1732} 1733 1734int rtllib_parse_info_param(struct rtllib_device *ieee, 1735 struct rtllib_info_element *info_element, 1736 u16 length, 1737 struct rtllib_network *network, 1738 struct rtllib_rx_stats *stats) 1739{ 1740 u8 i; 1741 short offset; 1742 u16 tmp_htcap_len = 0; 1743 u16 tmp_htinfo_len = 0; 1744 u16 ht_realtek_agg_len = 0; 1745 u8 ht_realtek_agg_buf[MAX_IE_LEN]; 1746 char rates_str[64]; 1747 char *p; 1748 1749 while (length >= sizeof(*info_element)) { 1750 if (sizeof(*info_element) + info_element->len > length) { 1751 RTLLIB_DEBUG_MGMT("Info elem: parse failed: info_element->len + 2 > left : info_element->len+2=%zd left=%d, id=%d.\n", 1752 info_element->len + 1753 sizeof(*info_element), 1754 length, info_element->id); 1755 /* We stop processing but don't return an error here 1756 * because some misbehaviour APs break this rule. ie. 1757 * Orinoco AP1000. 1758 */ 1759 break; 1760 } 1761 1762 switch (info_element->id) { 1763 case MFIE_TYPE_SSID: 1764 if (rtllib_is_empty_essid(info_element->data, 1765 info_element->len)) { 1766 network->flags |= NETWORK_EMPTY_ESSID; 1767 break; 1768 } 1769 1770 network->ssid_len = min(info_element->len, 1771 (u8) IW_ESSID_MAX_SIZE); 1772 memcpy(network->ssid, info_element->data, network->ssid_len); 1773 if (network->ssid_len < IW_ESSID_MAX_SIZE) 1774 memset(network->ssid + network->ssid_len, 0, 1775 IW_ESSID_MAX_SIZE - network->ssid_len); 1776 1777 RTLLIB_DEBUG_MGMT("MFIE_TYPE_SSID: '%s' len=%d.\n", 1778 network->ssid, network->ssid_len); 1779 break; 1780 1781 case MFIE_TYPE_RATES: 1782 p = rates_str; 1783 network->rates_len = min(info_element->len, 1784 MAX_RATES_LENGTH); 1785 for (i = 0; i < network->rates_len; i++) { 1786 network->rates[i] = info_element->data[i]; 1787 p += snprintf(p, sizeof(rates_str) - 1788 (p - rates_str), "%02X ", 1789 network->rates[i]); 1790 if (rtllib_is_ofdm_rate 1791 (info_element->data[i])) { 1792 network->flags |= NETWORK_HAS_OFDM; 1793 if (info_element->data[i] & 1794 RTLLIB_BASIC_RATE_MASK) 1795 network->flags &= 1796 ~NETWORK_HAS_CCK; 1797 } 1798 1799 if (rtllib_is_cck_rate 1800 (info_element->data[i])) { 1801 network->flags |= NETWORK_HAS_CCK; 1802 } 1803 } 1804 1805 RTLLIB_DEBUG_MGMT("MFIE_TYPE_RATES: '%s' (%d)\n", 1806 rates_str, network->rates_len); 1807 break; 1808 1809 case MFIE_TYPE_RATES_EX: 1810 p = rates_str; 1811 network->rates_ex_len = min(info_element->len, 1812 MAX_RATES_EX_LENGTH); 1813 for (i = 0; i < network->rates_ex_len; i++) { 1814 network->rates_ex[i] = info_element->data[i]; 1815 p += snprintf(p, sizeof(rates_str) - 1816 (p - rates_str), "%02X ", 1817 network->rates_ex[i]); 1818 if (rtllib_is_ofdm_rate 1819 (info_element->data[i])) { 1820 network->flags |= NETWORK_HAS_OFDM; 1821 if (info_element->data[i] & 1822 RTLLIB_BASIC_RATE_MASK) 1823 network->flags &= 1824 ~NETWORK_HAS_CCK; 1825 } 1826 } 1827 1828 RTLLIB_DEBUG_MGMT("MFIE_TYPE_RATES_EX: '%s' (%d)\n", 1829 rates_str, network->rates_ex_len); 1830 break; 1831 1832 case MFIE_TYPE_DS_SET: 1833 RTLLIB_DEBUG_MGMT("MFIE_TYPE_DS_SET: %d\n", 1834 info_element->data[0]); 1835 network->channel = info_element->data[0]; 1836 break; 1837 1838 case MFIE_TYPE_FH_SET: 1839 RTLLIB_DEBUG_MGMT("MFIE_TYPE_FH_SET: ignored\n"); 1840 break; 1841 1842 case MFIE_TYPE_CF_SET: 1843 RTLLIB_DEBUG_MGMT("MFIE_TYPE_CF_SET: ignored\n"); 1844 break; 1845 1846 case MFIE_TYPE_TIM: 1847 if (info_element->len < 4) 1848 break; 1849 1850 network->tim.tim_count = info_element->data[0]; 1851 network->tim.tim_period = info_element->data[1]; 1852 1853 network->dtim_period = info_element->data[1]; 1854 if (ieee->state != RTLLIB_LINKED) 1855 break; 1856 network->last_dtim_sta_time = jiffies; 1857 1858 network->dtim_data = RTLLIB_DTIM_VALID; 1859 1860 1861 if (info_element->data[2] & 1) 1862 network->dtim_data |= RTLLIB_DTIM_MBCAST; 1863 1864 offset = (info_element->data[2] >> 1)*2; 1865 1866 1867 if (ieee->assoc_id < 8*offset || 1868 ieee->assoc_id > 8*(offset + info_element->len - 3)) 1869 break; 1870 1871 offset = (ieee->assoc_id / 8) - offset; 1872 if (info_element->data[3 + offset] & 1873 (1 << (ieee->assoc_id % 8))) 1874 network->dtim_data |= RTLLIB_DTIM_UCAST; 1875 1876 network->listen_interval = network->dtim_period; 1877 break; 1878 1879 case MFIE_TYPE_ERP: 1880 network->erp_value = info_element->data[0]; 1881 network->flags |= NETWORK_HAS_ERP_VALUE; 1882 RTLLIB_DEBUG_MGMT("MFIE_TYPE_ERP_SET: %d\n", 1883 network->erp_value); 1884 break; 1885 case MFIE_TYPE_IBSS_SET: 1886 network->atim_window = info_element->data[0]; 1887 RTLLIB_DEBUG_MGMT("MFIE_TYPE_IBSS_SET: %d\n", 1888 network->atim_window); 1889 break; 1890 1891 case MFIE_TYPE_CHALLENGE: 1892 RTLLIB_DEBUG_MGMT("MFIE_TYPE_CHALLENGE: ignored\n"); 1893 break; 1894 1895 case MFIE_TYPE_GENERIC: 1896 RTLLIB_DEBUG_MGMT("MFIE_TYPE_GENERIC: %d bytes\n", 1897 info_element->len); 1898 if (!rtllib_parse_qos_info_param_IE(info_element, 1899 network)) 1900 break; 1901 if (info_element->len >= 4 && 1902 info_element->data[0] == 0x00 && 1903 info_element->data[1] == 0x50 && 1904 info_element->data[2] == 0xf2 && 1905 info_element->data[3] == 0x01) { 1906 network->wpa_ie_len = min(info_element->len + 2, 1907 MAX_WPA_IE_LEN); 1908 memcpy(network->wpa_ie, info_element, 1909 network->wpa_ie_len); 1910 break; 1911 } 1912 if (info_element->len == 7 && 1913 info_element->data[0] == 0x00 && 1914 info_element->data[1] == 0xe0 && 1915 info_element->data[2] == 0x4c && 1916 info_element->data[3] == 0x01 && 1917 info_element->data[4] == 0x02) 1918 network->Turbo_Enable = 1; 1919 1920 if (tmp_htcap_len == 0) { 1921 if (info_element->len >= 4 && 1922 info_element->data[0] == 0x00 && 1923 info_element->data[1] == 0x90 && 1924 info_element->data[2] == 0x4c && 1925 info_element->data[3] == 0x033) { 1926 1927 tmp_htcap_len = min_t(u8, info_element->len, MAX_IE_LEN); 1928 if (tmp_htcap_len != 0) { 1929 network->bssht.bdHTSpecVer = HT_SPEC_VER_EWC; 1930 network->bssht.bdHTCapLen = tmp_htcap_len > sizeof(network->bssht.bdHTCapBuf) ? 1931 sizeof(network->bssht.bdHTCapBuf) : tmp_htcap_len; 1932 memcpy(network->bssht.bdHTCapBuf, info_element->data, network->bssht.bdHTCapLen); 1933 } 1934 } 1935 if (tmp_htcap_len != 0) { 1936 network->bssht.bdSupportHT = true; 1937 network->bssht.bdHT1R = ((((struct ht_capab_ele *)(network->bssht.bdHTCapBuf))->MCS[1]) == 0); 1938 } else { 1939 network->bssht.bdSupportHT = false; 1940 network->bssht.bdHT1R = false; 1941 } 1942 } 1943 1944 1945 if (tmp_htinfo_len == 0) { 1946 if (info_element->len >= 4 && 1947 info_element->data[0] == 0x00 && 1948 info_element->data[1] == 0x90 && 1949 info_element->data[2] == 0x4c && 1950 info_element->data[3] == 0x034) { 1951 tmp_htinfo_len = min_t(u8, info_element->len, MAX_IE_LEN); 1952 if (tmp_htinfo_len != 0) { 1953 network->bssht.bdHTSpecVer = HT_SPEC_VER_EWC; 1954 if (tmp_htinfo_len) { 1955 network->bssht.bdHTInfoLen = tmp_htinfo_len > sizeof(network->bssht.bdHTInfoBuf) ? 1956 sizeof(network->bssht.bdHTInfoBuf) : tmp_htinfo_len; 1957 memcpy(network->bssht.bdHTInfoBuf, info_element->data, network->bssht.bdHTInfoLen); 1958 } 1959 1960 } 1961 1962 } 1963 } 1964 1965 if (ieee->aggregation) { 1966 if (network->bssht.bdSupportHT) { 1967 if (info_element->len >= 4 && 1968 info_element->data[0] == 0x00 && 1969 info_element->data[1] == 0xe0 && 1970 info_element->data[2] == 0x4c && 1971 info_element->data[3] == 0x02) { 1972 ht_realtek_agg_len = min_t(u8, info_element->len, MAX_IE_LEN); 1973 memcpy(ht_realtek_agg_buf, info_element->data, info_element->len); 1974 } 1975 if (ht_realtek_agg_len >= 5) { 1976 network->realtek_cap_exit = true; 1977 network->bssht.bdRT2RTAggregation = true; 1978 1979 if ((ht_realtek_agg_buf[4] == 1) && (ht_realtek_agg_buf[5] & 0x02)) 1980 network->bssht.bdRT2RTLongSlotTime = true; 1981 1982 if ((ht_realtek_agg_buf[4] == 1) && (ht_realtek_agg_buf[5] & RT_HT_CAP_USE_92SE)) 1983 network->bssht.RT2RT_HT_Mode |= RT_HT_CAP_USE_92SE; 1984 } 1985 } 1986 if (ht_realtek_agg_len >= 5) { 1987 if ((ht_realtek_agg_buf[5] & RT_HT_CAP_USE_SOFTAP)) 1988 network->bssht.RT2RT_HT_Mode |= RT_HT_CAP_USE_SOFTAP; 1989 } 1990 } 1991 1992 if ((info_element->len >= 3 && 1993 info_element->data[0] == 0x00 && 1994 info_element->data[1] == 0x05 && 1995 info_element->data[2] == 0xb5) || 1996 (info_element->len >= 3 && 1997 info_element->data[0] == 0x00 && 1998 info_element->data[1] == 0x0a && 1999 info_element->data[2] == 0xf7) || 2000 (info_element->len >= 3 && 2001 info_element->data[0] == 0x00 && 2002 info_element->data[1] == 0x10 && 2003 info_element->data[2] == 0x18)) { 2004 network->broadcom_cap_exist = true; 2005 } 2006 if (info_element->len >= 3 && 2007 info_element->data[0] == 0x00 && 2008 info_element->data[1] == 0x0c && 2009 info_element->data[2] == 0x43) 2010 network->ralink_cap_exist = true; 2011 if ((info_element->len >= 3 && 2012 info_element->data[0] == 0x00 && 2013 info_element->data[1] == 0x03 && 2014 info_element->data[2] == 0x7f) || 2015 (info_element->len >= 3 && 2016 info_element->data[0] == 0x00 && 2017 info_element->data[1] == 0x13 && 2018 info_element->data[2] == 0x74)) 2019 network->atheros_cap_exist = true; 2020 2021 if ((info_element->len >= 3 && 2022 info_element->data[0] == 0x00 && 2023 info_element->data[1] == 0x50 && 2024 info_element->data[2] == 0x43)) 2025 network->marvell_cap_exist = true; 2026 if (info_element->len >= 3 && 2027 info_element->data[0] == 0x00 && 2028 info_element->data[1] == 0x40 && 2029 info_element->data[2] == 0x96) 2030 network->cisco_cap_exist = true; 2031 2032 2033 if (info_element->len >= 3 && 2034 info_element->data[0] == 0x00 && 2035 info_element->data[1] == 0x0a && 2036 info_element->data[2] == 0xf5) 2037 network->airgo_cap_exist = true; 2038 2039 if (info_element->len > 4 && 2040 info_element->data[0] == 0x00 && 2041 info_element->data[1] == 0x40 && 2042 info_element->data[2] == 0x96 && 2043 info_element->data[3] == 0x01) { 2044 if (info_element->len == 6) { 2045 memcpy(network->CcxRmState, &info_element[4], 2); 2046 if (network->CcxRmState[0] != 0) 2047 network->bCcxRmEnable = true; 2048 else 2049 network->bCcxRmEnable = false; 2050 network->MBssidMask = network->CcxRmState[1] & 0x07; 2051 if (network->MBssidMask != 0) { 2052 network->bMBssidValid = true; 2053 network->MBssidMask = 0xff << (network->MBssidMask); 2054 memcpy(network->MBssid, network->bssid, ETH_ALEN); 2055 network->MBssid[5] &= network->MBssidMask; 2056 } else { 2057 network->bMBssidValid = false; 2058 } 2059 } else { 2060 network->bCcxRmEnable = false; 2061 } 2062 } 2063 if (info_element->len > 4 && 2064 info_element->data[0] == 0x00 && 2065 info_element->data[1] == 0x40 && 2066 info_element->data[2] == 0x96 && 2067 info_element->data[3] == 0x03) { 2068 if (info_element->len == 5) { 2069 network->bWithCcxVerNum = true; 2070 network->BssCcxVerNumber = info_element->data[4]; 2071 } else { 2072 network->bWithCcxVerNum = false; 2073 network->BssCcxVerNumber = 0; 2074 } 2075 } 2076 if (info_element->len > 4 && 2077 info_element->data[0] == 0x00 && 2078 info_element->data[1] == 0x50 && 2079 info_element->data[2] == 0xf2 && 2080 info_element->data[3] == 0x04) { 2081 RTLLIB_DEBUG_MGMT("MFIE_TYPE_WZC: %d bytes\n", 2082 info_element->len); 2083 network->wzc_ie_len = min(info_element->len+2, 2084 MAX_WZC_IE_LEN); 2085 memcpy(network->wzc_ie, info_element, 2086 network->wzc_ie_len); 2087 } 2088 break; 2089 2090 case MFIE_TYPE_RSN: 2091 RTLLIB_DEBUG_MGMT("MFIE_TYPE_RSN: %d bytes\n", 2092 info_element->len); 2093 network->rsn_ie_len = min(info_element->len + 2, 2094 MAX_WPA_IE_LEN); 2095 memcpy(network->rsn_ie, info_element, 2096 network->rsn_ie_len); 2097 break; 2098 2099 case MFIE_TYPE_HT_CAP: 2100 RTLLIB_DEBUG_SCAN("MFIE_TYPE_HT_CAP: %d bytes\n", 2101 info_element->len); 2102 tmp_htcap_len = min_t(u8, info_element->len, MAX_IE_LEN); 2103 if (tmp_htcap_len != 0) { 2104 network->bssht.bdHTSpecVer = HT_SPEC_VER_EWC; 2105 network->bssht.bdHTCapLen = tmp_htcap_len > sizeof(network->bssht.bdHTCapBuf) ? 2106 sizeof(network->bssht.bdHTCapBuf) : tmp_htcap_len; 2107 memcpy(network->bssht.bdHTCapBuf, 2108 info_element->data, 2109 network->bssht.bdHTCapLen); 2110 2111 network->bssht.bdSupportHT = true; 2112 network->bssht.bdHT1R = ((((struct ht_capab_ele *) 2113 network->bssht.bdHTCapBuf))->MCS[1]) == 0; 2114 2115 network->bssht.bdBandWidth = (enum ht_channel_width) 2116 (((struct ht_capab_ele *) 2117 (network->bssht.bdHTCapBuf))->ChlWidth); 2118 } else { 2119 network->bssht.bdSupportHT = false; 2120 network->bssht.bdHT1R = false; 2121 network->bssht.bdBandWidth = HT_CHANNEL_WIDTH_20; 2122 } 2123 break; 2124 2125 2126 case MFIE_TYPE_HT_INFO: 2127 RTLLIB_DEBUG_SCAN("MFIE_TYPE_HT_INFO: %d bytes\n", 2128 info_element->len); 2129 tmp_htinfo_len = min_t(u8, info_element->len, MAX_IE_LEN); 2130 if (tmp_htinfo_len) { 2131 network->bssht.bdHTSpecVer = HT_SPEC_VER_IEEE; 2132 network->bssht.bdHTInfoLen = tmp_htinfo_len > 2133 sizeof(network->bssht.bdHTInfoBuf) ? 2134 sizeof(network->bssht.bdHTInfoBuf) : 2135 tmp_htinfo_len; 2136 memcpy(network->bssht.bdHTInfoBuf, 2137 info_element->data, 2138 network->bssht.bdHTInfoLen); 2139 } 2140 break; 2141 2142 case MFIE_TYPE_AIRONET: 2143 RTLLIB_DEBUG_SCAN("MFIE_TYPE_AIRONET: %d bytes\n", 2144 info_element->len); 2145 if (info_element->len > IE_CISCO_FLAG_POSITION) { 2146 network->bWithAironetIE = true; 2147 2148 if ((info_element->data[IE_CISCO_FLAG_POSITION] 2149 & SUPPORT_CKIP_MIC) || 2150 (info_element->data[IE_CISCO_FLAG_POSITION] 2151 & SUPPORT_CKIP_PK)) 2152 network->bCkipSupported = true; 2153 else 2154 network->bCkipSupported = false; 2155 } else { 2156 network->bWithAironetIE = false; 2157 network->bCkipSupported = false; 2158 } 2159 break; 2160 case MFIE_TYPE_QOS_PARAMETER: 2161 netdev_err(ieee->dev, 2162 "QoS Error need to parse QOS_PARAMETER IE\n"); 2163 break; 2164 2165 case MFIE_TYPE_COUNTRY: 2166 RTLLIB_DEBUG_SCAN("MFIE_TYPE_COUNTRY: %d bytes\n", 2167 info_element->len); 2168 rtllib_extract_country_ie(ieee, info_element, network, 2169 network->bssid); 2170 break; 2171/* TODO */ 2172 default: 2173 RTLLIB_DEBUG_MGMT 2174 ("Unsupported info element: %s (%d)\n", 2175 get_info_element_string(info_element->id), 2176 info_element->id); 2177 break; 2178 } 2179 2180 length -= sizeof(*info_element) + info_element->len; 2181 info_element = 2182 (struct rtllib_info_element *)&info_element-> 2183 data[info_element->len]; 2184 } 2185 2186 if (!network->atheros_cap_exist && !network->broadcom_cap_exist && 2187 !network->cisco_cap_exist && !network->ralink_cap_exist && 2188 !network->bssht.bdRT2RTAggregation) 2189 network->unknown_cap_exist = true; 2190 else 2191 network->unknown_cap_exist = false; 2192 return 0; 2193} 2194 2195static long rtllib_translate_todbm(u8 signal_strength_index) 2196{ 2197 long signal_power; 2198 2199 signal_power = (long)((signal_strength_index + 1) >> 1); 2200 signal_power -= 95; 2201 2202 return signal_power; 2203} 2204 2205static inline int rtllib_network_init( 2206 struct rtllib_device *ieee, 2207 struct rtllib_probe_response *beacon, 2208 struct rtllib_network *network, 2209 struct rtllib_rx_stats *stats) 2210{ 2211 memset(&network->qos_data, 0, sizeof(struct rtllib_qos_data)); 2212 2213 /* Pull out fixed field data */ 2214 memcpy(network->bssid, beacon->header.addr3, ETH_ALEN); 2215 network->capability = le16_to_cpu(beacon->capability); 2216 network->last_scanned = jiffies; 2217 network->time_stamp[0] = beacon->time_stamp[0]; 2218 network->time_stamp[1] = beacon->time_stamp[1]; 2219 network->beacon_interval = le16_to_cpu(beacon->beacon_interval); 2220 /* Where to pull this? beacon->listen_interval;*/ 2221 network->listen_interval = 0x0A; 2222 network->rates_len = network->rates_ex_len = 0; 2223 network->last_associate = 0; 2224 network->ssid_len = 0; 2225 network->hidden_ssid_len = 0; 2226 memset(network->hidden_ssid, 0, sizeof(network->hidden_ssid)); 2227 network->flags = 0; 2228 network->atim_window = 0; 2229 network->erp_value = (network->capability & WLAN_CAPABILITY_IBSS) ? 2230 0x3 : 0x0; 2231 network->berp_info_valid = false; 2232 network->broadcom_cap_exist = false; 2233 network->ralink_cap_exist = false; 2234 network->atheros_cap_exist = false; 2235 network->cisco_cap_exist = false; 2236 network->unknown_cap_exist = false; 2237 network->realtek_cap_exit = false; 2238 network->marvell_cap_exist = false; 2239 network->airgo_cap_exist = false; 2240 network->Turbo_Enable = 0; 2241 network->SignalStrength = stats->SignalStrength; 2242 network->RSSI = stats->SignalStrength; 2243 network->CountryIeLen = 0; 2244 memset(network->CountryIeBuf, 0, MAX_IE_LEN); 2245 HTInitializeBssDesc(&network->bssht); 2246 if (stats->freq == RTLLIB_52GHZ_BAND) { 2247 /* for A band (No DS info) */ 2248 network->channel = stats->received_channel; 2249 } else 2250 network->flags |= NETWORK_HAS_CCK; 2251 2252 network->wpa_ie_len = 0; 2253 network->rsn_ie_len = 0; 2254 network->wzc_ie_len = 0; 2255 2256 if (rtllib_parse_info_param(ieee, 2257 beacon->info_element, 2258 (stats->len - sizeof(*beacon)), 2259 network, 2260 stats)) 2261 return 1; 2262 2263 network->mode = 0; 2264 if (stats->freq == RTLLIB_52GHZ_BAND) 2265 network->mode = IEEE_A; 2266 else { 2267 if (network->flags & NETWORK_HAS_OFDM) 2268 network->mode |= IEEE_G; 2269 if (network->flags & NETWORK_HAS_CCK) 2270 network->mode |= IEEE_B; 2271 } 2272 2273 if (network->mode == 0) { 2274 RTLLIB_DEBUG_SCAN("Filtered out '%s (%pM)' network.\n", 2275 escape_essid(network->ssid, 2276 network->ssid_len), 2277 network->bssid); 2278 return 1; 2279 } 2280 2281 if (network->bssht.bdSupportHT) { 2282 if (network->mode == IEEE_A) 2283 network->mode = IEEE_N_5G; 2284 else if (network->mode & (IEEE_G | IEEE_B)) 2285 network->mode = IEEE_N_24G; 2286 } 2287 if (rtllib_is_empty_essid(network->ssid, network->ssid_len)) 2288 network->flags |= NETWORK_EMPTY_ESSID; 2289 stats->signal = 30 + (stats->SignalStrength * 70) / 100; 2290 stats->noise = rtllib_translate_todbm((u8)(100-stats->signal)) - 25; 2291 2292 memcpy(&network->stats, stats, sizeof(network->stats)); 2293 2294 return 0; 2295} 2296 2297static inline int is_same_network(struct rtllib_network *src, 2298 struct rtllib_network *dst, u8 ssidbroad) 2299{ 2300 /* A network is only a duplicate if the channel, BSSID, ESSID 2301 * and the capability field (in particular IBSS and BSS) all match. 2302 * We treat all <hidden> with the same BSSID and channel 2303 * as one network 2304 */ 2305 return (((src->ssid_len == dst->ssid_len) || (!ssidbroad)) && 2306 (src->channel == dst->channel) && 2307 !memcmp(src->bssid, dst->bssid, ETH_ALEN) && 2308 (!memcmp(src->ssid, dst->ssid, src->ssid_len) || 2309 (!ssidbroad)) && 2310 ((src->capability & WLAN_CAPABILITY_IBSS) == 2311 (dst->capability & WLAN_CAPABILITY_IBSS)) && 2312 ((src->capability & WLAN_CAPABILITY_ESS) == 2313 (dst->capability & WLAN_CAPABILITY_ESS))); 2314} 2315 2316 2317static inline void update_network(struct rtllib_network *dst, 2318 struct rtllib_network *src) 2319{ 2320 int qos_active; 2321 u8 old_param; 2322 2323 memcpy(&dst->stats, &src->stats, sizeof(struct rtllib_rx_stats)); 2324 dst->capability = src->capability; 2325 memcpy(dst->rates, src->rates, src->rates_len); 2326 dst->rates_len = src->rates_len; 2327 memcpy(dst->rates_ex, src->rates_ex, src->rates_ex_len); 2328 dst->rates_ex_len = src->rates_ex_len; 2329 if (src->ssid_len > 0) { 2330 if (dst->ssid_len == 0) { 2331 memset(dst->hidden_ssid, 0, sizeof(dst->hidden_ssid)); 2332 dst->hidden_ssid_len = src->ssid_len; 2333 memcpy(dst->hidden_ssid, src->ssid, src->ssid_len); 2334 } else { 2335 memset(dst->ssid, 0, dst->ssid_len); 2336 dst->ssid_len = src->ssid_len; 2337 memcpy(dst->ssid, src->ssid, src->ssid_len); 2338 } 2339 } 2340 dst->mode = src->mode; 2341 dst->flags = src->flags; 2342 dst->time_stamp[0] = src->time_stamp[0]; 2343 dst->time_stamp[1] = src->time_stamp[1]; 2344 if (src->flags & NETWORK_HAS_ERP_VALUE) { 2345 dst->erp_value = src->erp_value; 2346 dst->berp_info_valid = src->berp_info_valid = true; 2347 } 2348 dst->beacon_interval = src->beacon_interval; 2349 dst->listen_interval = src->listen_interval; 2350 dst->atim_window = src->atim_window; 2351 dst->dtim_period = src->dtim_period; 2352 dst->dtim_data = src->dtim_data; 2353 dst->last_dtim_sta_time = src->last_dtim_sta_time; 2354 memcpy(&dst->tim, &src->tim, sizeof(struct rtllib_tim_parameters)); 2355 2356 dst->bssht.bdSupportHT = src->bssht.bdSupportHT; 2357 dst->bssht.bdRT2RTAggregation = src->bssht.bdRT2RTAggregation; 2358 dst->bssht.bdHTCapLen = src->bssht.bdHTCapLen; 2359 memcpy(dst->bssht.bdHTCapBuf, src->bssht.bdHTCapBuf, 2360 src->bssht.bdHTCapLen); 2361 dst->bssht.bdHTInfoLen = src->bssht.bdHTInfoLen; 2362 memcpy(dst->bssht.bdHTInfoBuf, src->bssht.bdHTInfoBuf, 2363 src->bssht.bdHTInfoLen); 2364 dst->bssht.bdHTSpecVer = src->bssht.bdHTSpecVer; 2365 dst->bssht.bdRT2RTLongSlotTime = src->bssht.bdRT2RTLongSlotTime; 2366 dst->broadcom_cap_exist = src->broadcom_cap_exist; 2367 dst->ralink_cap_exist = src->ralink_cap_exist; 2368 dst->atheros_cap_exist = src->atheros_cap_exist; 2369 dst->realtek_cap_exit = src->realtek_cap_exit; 2370 dst->marvell_cap_exist = src->marvell_cap_exist; 2371 dst->cisco_cap_exist = src->cisco_cap_exist; 2372 dst->airgo_cap_exist = src->airgo_cap_exist; 2373 dst->unknown_cap_exist = src->unknown_cap_exist; 2374 memcpy(dst->wpa_ie, src->wpa_ie, src->wpa_ie_len); 2375 dst->wpa_ie_len = src->wpa_ie_len; 2376 memcpy(dst->rsn_ie, src->rsn_ie, src->rsn_ie_len); 2377 dst->rsn_ie_len = src->rsn_ie_len; 2378 memcpy(dst->wzc_ie, src->wzc_ie, src->wzc_ie_len); 2379 dst->wzc_ie_len = src->wzc_ie_len; 2380 2381 dst->last_scanned = jiffies; 2382 /* qos related parameters */ 2383 qos_active = dst->qos_data.active; 2384 old_param = dst->qos_data.param_count; 2385 dst->qos_data.supported = src->qos_data.supported; 2386 if (dst->flags & NETWORK_HAS_QOS_PARAMETERS) 2387 memcpy(&dst->qos_data, &src->qos_data, 2388 sizeof(struct rtllib_qos_data)); 2389 if (dst->qos_data.supported == 1) { 2390 if (dst->ssid_len) 2391 RTLLIB_DEBUG_QOS 2392 ("QoS the network %s is QoS supported\n", 2393 dst->ssid); 2394 else 2395 RTLLIB_DEBUG_QOS 2396 ("QoS the network is QoS supported\n"); 2397 } 2398 dst->qos_data.active = qos_active; 2399 dst->qos_data.old_param_count = old_param; 2400 2401 /* dst->last_associate is not overwritten */ 2402 dst->wmm_info = src->wmm_info; 2403 if (src->wmm_param[0].ac_aci_acm_aifsn || 2404 src->wmm_param[1].ac_aci_acm_aifsn || 2405 src->wmm_param[2].ac_aci_acm_aifsn || 2406 src->wmm_param[3].ac_aci_acm_aifsn) 2407 memcpy(dst->wmm_param, src->wmm_param, WME_AC_PRAM_LEN); 2408 2409 dst->SignalStrength = src->SignalStrength; 2410 dst->RSSI = src->RSSI; 2411 dst->Turbo_Enable = src->Turbo_Enable; 2412 2413 dst->CountryIeLen = src->CountryIeLen; 2414 memcpy(dst->CountryIeBuf, src->CountryIeBuf, src->CountryIeLen); 2415 2416 dst->bWithAironetIE = src->bWithAironetIE; 2417 dst->bCkipSupported = src->bCkipSupported; 2418 memcpy(dst->CcxRmState, src->CcxRmState, 2); 2419 dst->bCcxRmEnable = src->bCcxRmEnable; 2420 dst->MBssidMask = src->MBssidMask; 2421 dst->bMBssidValid = src->bMBssidValid; 2422 memcpy(dst->MBssid, src->MBssid, 6); 2423 dst->bWithCcxVerNum = src->bWithCcxVerNum; 2424 dst->BssCcxVerNumber = src->BssCcxVerNumber; 2425} 2426 2427static inline int is_beacon(__le16 fc) 2428{ 2429 return (WLAN_FC_GET_STYPE(le16_to_cpu(fc)) == RTLLIB_STYPE_BEACON); 2430} 2431 2432static int IsPassiveChannel(struct rtllib_device *rtllib, u8 channel) 2433{ 2434 if (MAX_CHANNEL_NUMBER < channel) { 2435 netdev_info(rtllib->dev, "%s(): Invalid Channel\n", __func__); 2436 return 0; 2437 } 2438 2439 if (rtllib->active_channel_map[channel] == 2) 2440 return 1; 2441 2442 return 0; 2443} 2444 2445int rtllib_legal_channel(struct rtllib_device *rtllib, u8 channel) 2446{ 2447 if (MAX_CHANNEL_NUMBER < channel) { 2448 netdev_info(rtllib->dev, "%s(): Invalid Channel\n", __func__); 2449 return 0; 2450 } 2451 if (rtllib->active_channel_map[channel] > 0) 2452 return 1; 2453 2454 return 0; 2455} 2456EXPORT_SYMBOL(rtllib_legal_channel); 2457 2458static inline void rtllib_process_probe_response( 2459 struct rtllib_device *ieee, 2460 struct rtllib_probe_response *beacon, 2461 struct rtllib_rx_stats *stats) 2462{ 2463 struct rtllib_network *target; 2464 struct rtllib_network *oldest = NULL; 2465 struct rtllib_info_element *info_element = &beacon->info_element[0]; 2466 unsigned long flags; 2467 short renew; 2468 struct rtllib_network *network = kzalloc(sizeof(struct rtllib_network), 2469 GFP_ATOMIC); 2470 2471 if (!network) 2472 return; 2473 2474 RTLLIB_DEBUG_SCAN( 2475 "'%s' ( %pM ): %c%c%c%c %c%c%c%c-%c%c%c%c %c%c%c%c\n", 2476 escape_essid(info_element->data, info_element->len), 2477 beacon->header.addr3, 2478 (le16_to_cpu(beacon->capability) & (1<<0xf)) ? '1' : '0', 2479 (le16_to_cpu(beacon->capability) & (1<<0xe)) ? '1' : '0', 2480 (le16_to_cpu(beacon->capability) & (1<<0xd)) ? '1' : '0', 2481 (le16_to_cpu(beacon->capability) & (1<<0xc)) ? '1' : '0', 2482 (le16_to_cpu(beacon->capability) & (1<<0xb)) ? '1' : '0', 2483 (le16_to_cpu(beacon->capability) & (1<<0xa)) ? '1' : '0', 2484 (le16_to_cpu(beacon->capability) & (1<<0x9)) ? '1' : '0', 2485 (le16_to_cpu(beacon->capability) & (1<<0x8)) ? '1' : '0', 2486 (le16_to_cpu(beacon->capability) & (1<<0x7)) ? '1' : '0', 2487 (le16_to_cpu(beacon->capability) & (1<<0x6)) ? '1' : '0', 2488 (le16_to_cpu(beacon->capability) & (1<<0x5)) ? '1' : '0', 2489 (le16_to_cpu(beacon->capability) & (1<<0x4)) ? '1' : '0', 2490 (le16_to_cpu(beacon->capability) & (1<<0x3)) ? '1' : '0', 2491 (le16_to_cpu(beacon->capability) & (1<<0x2)) ? '1' : '0', 2492 (le16_to_cpu(beacon->capability) & (1<<0x1)) ? '1' : '0', 2493 (le16_to_cpu(beacon->capability) & (1<<0x0)) ? '1' : '0'); 2494 2495 if (rtllib_network_init(ieee, beacon, network, stats)) { 2496 RTLLIB_DEBUG_SCAN("Dropped '%s' ( %pM) via %s.\n", 2497 escape_essid(info_element->data, 2498 info_element->len), 2499 beacon->header.addr3, 2500 WLAN_FC_GET_STYPE( 2501 le16_to_cpu(beacon->header.frame_ctl)) == 2502 RTLLIB_STYPE_PROBE_RESP ? 2503 "PROBE RESPONSE" : "BEACON"); 2504 goto free_network; 2505 } 2506 2507 2508 if (!rtllib_legal_channel(ieee, network->channel)) 2509 goto free_network; 2510 2511 if (WLAN_FC_GET_STYPE(le16_to_cpu(beacon->header.frame_ctl)) == 2512 RTLLIB_STYPE_PROBE_RESP) { 2513 if (IsPassiveChannel(ieee, network->channel)) { 2514 netdev_info(ieee->dev, 2515 "GetScanInfo(): For Global Domain, filter probe response at channel(%d).\n", 2516 network->channel); 2517 goto free_network; 2518 } 2519 } 2520 2521 /* The network parsed correctly -- so now we scan our known networks 2522 * to see if we can find it in our list. 2523 * 2524 * NOTE: This search is definitely not optimized. Once its doing 2525 * the "right thing" we'll optimize it for efficiency if 2526 * necessary 2527 */ 2528 2529 /* Search for this entry in the list and update it if it is 2530 * already there. 2531 */ 2532 2533 spin_lock_irqsave(&ieee->lock, flags); 2534 if (is_same_network(&ieee->current_network, network, 2535 (network->ssid_len ? 1 : 0))) { 2536 update_network(&ieee->current_network, network); 2537 if ((ieee->current_network.mode == IEEE_N_24G || 2538 ieee->current_network.mode == IEEE_G) 2539 && ieee->current_network.berp_info_valid) { 2540 if (ieee->current_network.erp_value & ERP_UseProtection) 2541 ieee->current_network.buseprotection = true; 2542 else 2543 ieee->current_network.buseprotection = false; 2544 } 2545 if (is_beacon(beacon->header.frame_ctl)) { 2546 if (ieee->state >= RTLLIB_LINKED) 2547 ieee->LinkDetectInfo.NumRecvBcnInPeriod++; 2548 } 2549 } 2550 list_for_each_entry(target, &ieee->network_list, list) { 2551 if (is_same_network(target, network, 2552 (target->ssid_len ? 1 : 0))) 2553 break; 2554 if ((oldest == NULL) || 2555 (target->last_scanned < oldest->last_scanned)) 2556 oldest = target; 2557 } 2558 2559 /* If we didn't find a match, then get a new network slot to initialize 2560 * with this beacon's information 2561 */ 2562 if (&target->list == &ieee->network_list) { 2563 if (list_empty(&ieee->network_free_list)) { 2564 /* If there are no more slots, expire the oldest */ 2565 list_del(&oldest->list); 2566 target = oldest; 2567 RTLLIB_DEBUG_SCAN("Expired '%s' ( %pM) from network list.\n", 2568 escape_essid(target->ssid, 2569 target->ssid_len), 2570 target->bssid); 2571 } else { 2572 /* Otherwise just pull from the free list */ 2573 target = list_entry(ieee->network_free_list.next, 2574 struct rtllib_network, list); 2575 list_del(ieee->network_free_list.next); 2576 } 2577 2578 2579 RTLLIB_DEBUG_SCAN("Adding '%s' ( %pM) via %s.\n", 2580 escape_essid(network->ssid, 2581 network->ssid_len), network->bssid, 2582 WLAN_FC_GET_STYPE( 2583 le16_to_cpu(beacon->header.frame_ctl)) == 2584 RTLLIB_STYPE_PROBE_RESP ? 2585 "PROBE RESPONSE" : "BEACON"); 2586 memcpy(target, network, sizeof(*target)); 2587 list_add_tail(&target->list, &ieee->network_list); 2588 if (ieee->softmac_features & IEEE_SOFTMAC_ASSOCIATE) 2589 rtllib_softmac_new_net(ieee, network); 2590 } else { 2591 RTLLIB_DEBUG_SCAN("Updating '%s' ( %pM) via %s.\n", 2592 escape_essid(target->ssid, 2593 target->ssid_len), target->bssid, 2594 WLAN_FC_GET_STYPE( 2595 le16_to_cpu(beacon->header.frame_ctl)) == 2596 RTLLIB_STYPE_PROBE_RESP ? 2597 "PROBE RESPONSE" : "BEACON"); 2598 2599 /* we have an entry and we are going to update it. But this 2600 * entry may be already expired. In this case we do the same 2601 * as we found a new net and call the new_net handler 2602 */ 2603 renew = !time_after(target->last_scanned + ieee->scan_age, 2604 jiffies); 2605 if ((!target->ssid_len) && 2606 (((network->ssid_len > 0) && (target->hidden_ssid_len == 0)) 2607 || ((ieee->current_network.ssid_len == network->ssid_len) && 2608 (strncmp(ieee->current_network.ssid, network->ssid, 2609 network->ssid_len) == 0) && 2610 (ieee->state == RTLLIB_NOLINK)))) 2611 renew = 1; 2612 update_network(target, network); 2613 if (renew && (ieee->softmac_features & IEEE_SOFTMAC_ASSOCIATE)) 2614 rtllib_softmac_new_net(ieee, network); 2615 } 2616 2617 spin_unlock_irqrestore(&ieee->lock, flags); 2618 if (is_beacon(beacon->header.frame_ctl) && 2619 is_same_network(&ieee->current_network, network, 2620 (network->ssid_len ? 1 : 0)) && 2621 (ieee->state == RTLLIB_LINKED)) { 2622 if (ieee->handle_beacon != NULL) 2623 ieee->handle_beacon(ieee->dev, beacon, 2624 &ieee->current_network); 2625 } 2626free_network: 2627 kfree(network); 2628} 2629 2630void rtllib_rx_mgt(struct rtllib_device *ieee, 2631 struct sk_buff *skb, 2632 struct rtllib_rx_stats *stats) 2633{ 2634 struct rtllib_hdr_4addr *header = (struct rtllib_hdr_4addr *)skb->data; 2635 2636 if ((WLAN_FC_GET_STYPE(le16_to_cpu(header->frame_ctl)) != 2637 RTLLIB_STYPE_PROBE_RESP) && 2638 (WLAN_FC_GET_STYPE(le16_to_cpu(header->frame_ctl)) != 2639 RTLLIB_STYPE_BEACON)) 2640 ieee->last_rx_ps_time = jiffies; 2641 2642 switch (WLAN_FC_GET_STYPE(le16_to_cpu(header->frame_ctl))) { 2643 2644 case RTLLIB_STYPE_BEACON: 2645 RTLLIB_DEBUG_MGMT("received BEACON (%d)\n", 2646 WLAN_FC_GET_STYPE(le16_to_cpu(header->frame_ctl))); 2647 RTLLIB_DEBUG_SCAN("Beacon\n"); 2648 rtllib_process_probe_response( 2649 ieee, (struct rtllib_probe_response *)header, 2650 stats); 2651 2652 if (ieee->sta_sleep || (ieee->ps != RTLLIB_PS_DISABLED && 2653 ieee->iw_mode == IW_MODE_INFRA && 2654 ieee->state == RTLLIB_LINKED)) 2655 tasklet_schedule(&ieee->ps_task); 2656 2657 break; 2658 2659 case RTLLIB_STYPE_PROBE_RESP: 2660 RTLLIB_DEBUG_MGMT("received PROBE RESPONSE (%d)\n", 2661 WLAN_FC_GET_STYPE(le16_to_cpu(header->frame_ctl))); 2662 RTLLIB_DEBUG_SCAN("Probe response\n"); 2663 rtllib_process_probe_response(ieee, 2664 (struct rtllib_probe_response *)header, stats); 2665 break; 2666 case RTLLIB_STYPE_PROBE_REQ: 2667 RTLLIB_DEBUG_MGMT("received PROBE RESQUEST (%d)\n", 2668 WLAN_FC_GET_STYPE( 2669 le16_to_cpu(header->frame_ctl))); 2670 RTLLIB_DEBUG_SCAN("Probe request\n"); 2671 if ((ieee->softmac_features & IEEE_SOFTMAC_PROBERS) && 2672 ((ieee->iw_mode == IW_MODE_ADHOC || 2673 ieee->iw_mode == IW_MODE_MASTER) && 2674 ieee->state == RTLLIB_LINKED)) 2675 rtllib_rx_probe_rq(ieee, skb); 2676 break; 2677 } 2678} 2679