rx.c 101 KB
Newer Older
1 2 3 4
/*
 * Copyright 2002-2005, Instant802 Networks, Inc.
 * Copyright 2005-2006, Devicescape Software, Inc.
 * Copyright 2006-2007	Jiri Benc <jbenc@suse.cz>
5
 * Copyright 2007-2010	Johannes Berg <johannes@sipsolutions.net>
6
 * Copyright 2013-2014  Intel Mobile Communications GmbH
7 8 9 10 11 12
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 */

13
#include <linux/jiffies.h>
14
#include <linux/slab.h>
15 16 17 18
#include <linux/kernel.h>
#include <linux/skbuff.h>
#include <linux/netdevice.h>
#include <linux/etherdevice.h>
19
#include <linux/rcupdate.h>
20
#include <linux/export.h>
21 22
#include <net/mac80211.h>
#include <net/ieee80211_radiotap.h>
23
#include <asm/unaligned.h>
24 25

#include "ieee80211_i.h"
26
#include "driver-ops.h"
Johannes Berg's avatar
Johannes Berg committed
27
#include "led.h"
28
#include "mesh.h"
29 30 31 32
#include "wep.h"
#include "wpa.h"
#include "tkip.h"
#include "wme.h"
33
#include "rate.h"
34

35 36 37 38 39 40 41 42 43 44
static inline void ieee80211_rx_stats(struct net_device *dev, u32 len)
{
	struct pcpu_sw_netstats *tstats = this_cpu_ptr(dev->tstats);

	u64_stats_update_begin(&tstats->syncp);
	tstats->rx_packets++;
	tstats->rx_bytes += len;
	u64_stats_update_end(&tstats->syncp);
}

45 46 47 48 49 50 51
/*
 * monitor mode reception
 *
 * This function cleans up the SKB, i.e. it removes all the stuff
 * only useful for monitoring.
 */
static struct sk_buff *remove_monitor_info(struct ieee80211_local *local,
52 53
					   struct sk_buff *skb,
					   unsigned int rtap_vendor_space)
54
{
55
	if (ieee80211_hw_check(&local->hw, RX_INCLUDES_FCS)) {
56
		if (likely(skb->len > FCS_LEN))
Zhu Yi's avatar
Zhu Yi committed
57
			__pskb_trim(skb, skb->len - FCS_LEN);
58 59 60 61
		else {
			/* driver bug */
			WARN_ON(1);
			dev_kfree_skb(skb);
62
			return NULL;
63 64 65
		}
	}

66 67
	__pskb_pull(skb, rtap_vendor_space);

68 69 70
	return skb;
}

71 72
static inline bool should_drop_frame(struct sk_buff *skb, int present_fcs_len,
				     unsigned int rtap_vendor_space)
73
{
74
	struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
75 76 77
	struct ieee80211_hdr *hdr;

	hdr = (void *)(skb->data + rtap_vendor_space);
78

79 80 81
	if (status->flag & (RX_FLAG_FAILED_FCS_CRC |
			    RX_FLAG_FAILED_PLCP_CRC |
			    RX_FLAG_AMPDU_IS_ZEROLEN))
82 83
		return true;

84
	if (unlikely(skb->len < 16 + present_fcs_len + rtap_vendor_space))
85 86
		return true;

87 88 89
	if (ieee80211_is_ctl(hdr->frame_control) &&
	    !ieee80211_is_pspoll(hdr->frame_control) &&
	    !ieee80211_is_back_req(hdr->frame_control))
90 91 92
		return true;

	return false;
93 94
}

95
static int
96 97 98
ieee80211_rx_radiotap_hdrlen(struct ieee80211_local *local,
			     struct ieee80211_rx_status *status,
			     struct sk_buff *skb)
99 100 101 102
{
	int len;

	/* always present fields */
103
	len = sizeof(struct ieee80211_radiotap_header) + 8;
104

105 106 107
	/* allocate extra bitmaps */
	if (status->chains)
		len += 4 * hweight8(status->chains);
108 109 110

	if (ieee80211_have_rx_timestamp(status)) {
		len = ALIGN(len, 8);
111
		len += 8;
112
	}
113
	if (ieee80211_hw_check(&local->hw, SIGNAL_DBM))
114 115
		len += 1;

116 117 118 119
	/* antenna field, if we don't have per-chain info */
	if (!status->chains)
		len += 1;

120 121
	/* padding for RX_FLAGS if necessary */
	len = ALIGN(len, 2);
122

123 124 125
	if (status->flag & RX_FLAG_HT) /* HT info */
		len += 3;

126
	if (status->flag & RX_FLAG_AMPDU_DETAILS) {
127
		len = ALIGN(len, 4);
128 129 130
		len += 8;
	}

131 132 133 134 135
	if (status->flag & RX_FLAG_VHT) {
		len = ALIGN(len, 2);
		len += 12;
	}

136 137 138 139 140
	if (status->chains) {
		/* antenna and antenna signal fields */
		len += 2 * hweight8(status->chains);
	}

141 142 143 144 145 146 147 148 149 150 151 152 153 154 155
	if (status->flag & RX_FLAG_RADIOTAP_VENDOR_DATA) {
		struct ieee80211_vendor_radiotap *rtap = (void *)skb->data;

		/* vendor presence bitmap */
		len += 4;
		/* alignment for fixed 6-byte vendor data header */
		len = ALIGN(len, 2);
		/* vendor data header */
		len += 6;
		if (WARN_ON(rtap->align == 0))
			rtap->align = 1;
		len = ALIGN(len, rtap->align);
		len += rtap->len + rtap->pad;
	}

156 157 158
	return len;
}

159
/*
160 161 162 163 164 165 166 167
 * ieee80211_add_rx_radiotap_header - add radiotap header
 *
 * add a radiotap header containing all the fields which the hardware provided.
 */
static void
ieee80211_add_rx_radiotap_header(struct ieee80211_local *local,
				 struct sk_buff *skb,
				 struct ieee80211_rate *rate,
168
				 int rtap_len, bool has_fcs)
169
{
170
	struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
171 172
	struct ieee80211_radiotap_header *rthdr;
	unsigned char *pos;
173 174
	__le32 *it_present;
	u32 it_present_val;
175
	u16 rx_flags = 0;
176
	u16 channel_flags = 0;
177 178
	int mpdulen, chain;
	unsigned long chains = status->chains;
179 180 181 182 183 184 185
	struct ieee80211_vendor_radiotap rtap = {};

	if (status->flag & RX_FLAG_RADIOTAP_VENDOR_DATA) {
		rtap = *(struct ieee80211_vendor_radiotap *)skb->data;
		/* rtap.len and rtap.pad are undone immediately */
		skb_pull(skb, sizeof(rtap) + rtap.len + rtap.pad);
	}
186 187

	mpdulen = skb->len;
188
	if (!(has_fcs && ieee80211_hw_check(&local->hw, RX_INCLUDES_FCS)))
189
		mpdulen += FCS_LEN;
190 191

	rthdr = (struct ieee80211_radiotap_header *)skb_push(skb, rtap_len);
192
	memset(rthdr, 0, rtap_len - rtap.len - rtap.pad);
193
	it_present = &rthdr->it_present;
194 195

	/* radiotap header, set always present flags */
196
	rthdr->it_len = cpu_to_le16(rtap_len);
197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212
	it_present_val = BIT(IEEE80211_RADIOTAP_FLAGS) |
			 BIT(IEEE80211_RADIOTAP_CHANNEL) |
			 BIT(IEEE80211_RADIOTAP_RX_FLAGS);

	if (!status->chains)
		it_present_val |= BIT(IEEE80211_RADIOTAP_ANTENNA);

	for_each_set_bit(chain, &chains, IEEE80211_MAX_CHAINS) {
		it_present_val |=
			BIT(IEEE80211_RADIOTAP_EXT) |
			BIT(IEEE80211_RADIOTAP_RADIOTAP_NAMESPACE);
		put_unaligned_le32(it_present_val, it_present);
		it_present++;
		it_present_val = BIT(IEEE80211_RADIOTAP_ANTENNA) |
				 BIT(IEEE80211_RADIOTAP_DBM_ANTSIGNAL);
	}
213

214 215 216 217 218 219 220 221
	if (status->flag & RX_FLAG_RADIOTAP_VENDOR_DATA) {
		it_present_val |= BIT(IEEE80211_RADIOTAP_VENDOR_NAMESPACE) |
				  BIT(IEEE80211_RADIOTAP_EXT);
		put_unaligned_le32(it_present_val, it_present);
		it_present++;
		it_present_val = rtap.present;
	}

222 223 224 225
	put_unaligned_le32(it_present_val, it_present);

	pos = (void *)(it_present + 1);

226 227 228
	/* the order of the following fields is important */

	/* IEEE80211_RADIOTAP_TSFT */
229
	if (ieee80211_have_rx_timestamp(status)) {
230 231 232
		/* padding */
		while ((pos - (u8 *)rthdr) & 7)
			*pos++ = 0;
233 234 235 236
		put_unaligned_le64(
			ieee80211_calculate_rx_timestamp(local, status,
							 mpdulen, 0),
			pos);
237
		rthdr->it_present |= cpu_to_le32(1 << IEEE80211_RADIOTAP_TSFT);
238 239 240 241
		pos += 8;
	}

	/* IEEE80211_RADIOTAP_FLAGS */
242
	if (has_fcs && ieee80211_hw_check(&local->hw, RX_INCLUDES_FCS))
243
		*pos |= IEEE80211_RADIOTAP_F_FCS;
Johannes Berg's avatar
Johannes Berg committed
244 245
	if (status->flag & (RX_FLAG_FAILED_FCS_CRC | RX_FLAG_FAILED_PLCP_CRC))
		*pos |= IEEE80211_RADIOTAP_F_BADFCS;
246 247
	if (status->flag & RX_FLAG_SHORTPRE)
		*pos |= IEEE80211_RADIOTAP_F_SHORTPRE;
248 249 250
	pos++;

	/* IEEE80211_RADIOTAP_RATE */
251
	if (!rate || status->flag & (RX_FLAG_HT | RX_FLAG_VHT)) {
252
		/*
253
		 * Without rate information don't add it. If we have,
254
		 * MCS information is a separate field in radiotap,
255 256
		 * added below. The byte here is needed as padding
		 * for the channel though, so initialise it to 0.
257 258
		 */
		*pos = 0;
259
	} else {
260
		int shift = 0;
261
		rthdr->it_present |= cpu_to_le32(1 << IEEE80211_RADIOTAP_RATE);
262 263 264 265 266
		if (status->flag & RX_FLAG_10MHZ)
			shift = 1;
		else if (status->flag & RX_FLAG_5MHZ)
			shift = 2;
		*pos = DIV_ROUND_UP(rate->bitrate, 5 * (1 << shift));
267
	}
268 269 270
	pos++;

	/* IEEE80211_RADIOTAP_CHANNEL */
271
	put_unaligned_le16(status->freq, pos);
272
	pos += 2;
273 274 275 276 277
	if (status->flag & RX_FLAG_10MHZ)
		channel_flags |= IEEE80211_CHAN_HALF;
	else if (status->flag & RX_FLAG_5MHZ)
		channel_flags |= IEEE80211_CHAN_QUARTER;

278
	if (status->band == IEEE80211_BAND_5GHZ)
279
		channel_flags |= IEEE80211_CHAN_OFDM | IEEE80211_CHAN_5GHZ;
280
	else if (status->flag & (RX_FLAG_HT | RX_FLAG_VHT))
281
		channel_flags |= IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ;
282
	else if (rate && rate->flags & IEEE80211_RATE_ERP_G)
283
		channel_flags |= IEEE80211_CHAN_OFDM | IEEE80211_CHAN_2GHZ;
284
	else if (rate)
285
		channel_flags |= IEEE80211_CHAN_CCK | IEEE80211_CHAN_2GHZ;
286
	else
287 288
		channel_flags |= IEEE80211_CHAN_2GHZ;
	put_unaligned_le16(channel_flags, pos);
289 290 291
	pos += 2;

	/* IEEE80211_RADIOTAP_DBM_ANTSIGNAL */
292
	if (ieee80211_hw_check(&local->hw, SIGNAL_DBM) &&
293
	    !(status->flag & RX_FLAG_NO_SIGNAL_VAL)) {
294 295 296 297 298 299 300 301
		*pos = status->signal;
		rthdr->it_present |=
			cpu_to_le32(1 << IEEE80211_RADIOTAP_DBM_ANTSIGNAL);
		pos++;
	}

	/* IEEE80211_RADIOTAP_LOCK_QUALITY is missing */

302 303 304 305 306
	if (!status->chains) {
		/* IEEE80211_RADIOTAP_ANTENNA */
		*pos = status->antenna;
		pos++;
	}
307 308 309 310 311

	/* IEEE80211_RADIOTAP_DB_ANTNOISE is not used */

	/* IEEE80211_RADIOTAP_RX_FLAGS */
	/* ensure 2 byte alignment for the 2 byte field as required */
312
	if ((pos - (u8 *)rthdr) & 1)
313
		*pos++ = 0;
Johannes Berg's avatar
Johannes Berg committed
314
	if (status->flag & RX_FLAG_FAILED_PLCP_CRC)
315 316
		rx_flags |= IEEE80211_RADIOTAP_F_RX_BADPLCP;
	put_unaligned_le16(rx_flags, pos);
317
	pos += 2;
318 319

	if (status->flag & RX_FLAG_HT) {
320 321
		unsigned int stbc;

322
		rthdr->it_present |= cpu_to_le32(1 << IEEE80211_RADIOTAP_MCS);
323
		*pos++ = local->hw.radiotap_mcs_details;
324 325 326 327 328
		*pos = 0;
		if (status->flag & RX_FLAG_SHORT_GI)
			*pos |= IEEE80211_RADIOTAP_MCS_SGI;
		if (status->flag & RX_FLAG_40MHZ)
			*pos |= IEEE80211_RADIOTAP_MCS_BW_40;
329 330
		if (status->flag & RX_FLAG_HT_GF)
			*pos |= IEEE80211_RADIOTAP_MCS_FMT_GF;
331 332
		if (status->flag & RX_FLAG_LDPC)
			*pos |= IEEE80211_RADIOTAP_MCS_FEC_LDPC;
333 334
		stbc = (status->flag & RX_FLAG_STBC_MASK) >> RX_FLAG_STBC_SHIFT;
		*pos |= stbc << IEEE80211_RADIOTAP_MCS_STBC_SHIFT;
335 336 337
		pos++;
		*pos++ = status->rate_idx;
	}
338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368

	if (status->flag & RX_FLAG_AMPDU_DETAILS) {
		u16 flags = 0;

		/* ensure 4 byte alignment */
		while ((pos - (u8 *)rthdr) & 3)
			pos++;
		rthdr->it_present |=
			cpu_to_le32(1 << IEEE80211_RADIOTAP_AMPDU_STATUS);
		put_unaligned_le32(status->ampdu_reference, pos);
		pos += 4;
		if (status->flag & RX_FLAG_AMPDU_REPORT_ZEROLEN)
			flags |= IEEE80211_RADIOTAP_AMPDU_REPORT_ZEROLEN;
		if (status->flag & RX_FLAG_AMPDU_IS_ZEROLEN)
			flags |= IEEE80211_RADIOTAP_AMPDU_IS_ZEROLEN;
		if (status->flag & RX_FLAG_AMPDU_LAST_KNOWN)
			flags |= IEEE80211_RADIOTAP_AMPDU_LAST_KNOWN;
		if (status->flag & RX_FLAG_AMPDU_IS_LAST)
			flags |= IEEE80211_RADIOTAP_AMPDU_IS_LAST;
		if (status->flag & RX_FLAG_AMPDU_DELIM_CRC_ERROR)
			flags |= IEEE80211_RADIOTAP_AMPDU_DELIM_CRC_ERR;
		if (status->flag & RX_FLAG_AMPDU_DELIM_CRC_KNOWN)
			flags |= IEEE80211_RADIOTAP_AMPDU_DELIM_CRC_KNOWN;
		put_unaligned_le16(flags, pos);
		pos += 2;
		if (status->flag & RX_FLAG_AMPDU_DELIM_CRC_KNOWN)
			*pos++ = status->ampdu_delimiter_crc;
		else
			*pos++ = 0;
		*pos++ = 0;
	}
369

370 371 372 373 374 375 376 377 378
	if (status->flag & RX_FLAG_VHT) {
		u16 known = local->hw.radiotap_vht_details;

		rthdr->it_present |= cpu_to_le32(1 << IEEE80211_RADIOTAP_VHT);
		put_unaligned_le16(known, pos);
		pos += 2;
		/* flags */
		if (status->flag & RX_FLAG_SHORT_GI)
			*pos |= IEEE80211_RADIOTAP_VHT_FLAG_SGI;
379 380 381
		/* in VHT, STBC is binary */
		if (status->flag & RX_FLAG_STBC_MASK)
			*pos |= IEEE80211_RADIOTAP_VHT_FLAG_STBC;
382 383
		if (status->vht_flag & RX_VHT_FLAG_BF)
			*pos |= IEEE80211_RADIOTAP_VHT_FLAG_BEAMFORMED;
384 385
		pos++;
		/* bandwidth */
386
		if (status->vht_flag & RX_VHT_FLAG_80MHZ)
387
			*pos++ = 4;
388
		else if (status->vht_flag & RX_VHT_FLAG_160MHZ)
389 390 391 392 393 394 395 396 397
			*pos++ = 11;
		else if (status->flag & RX_FLAG_40MHZ)
			*pos++ = 1;
		else /* 20 MHz */
			*pos++ = 0;
		/* MCS/NSS */
		*pos = (status->rate_idx << 4) | status->vht_nss;
		pos += 4;
		/* coding field */
398 399
		if (status->flag & RX_FLAG_LDPC)
			*pos |= IEEE80211_RADIOTAP_CODING_LDPC_USER0;
400 401 402 403 404 405 406
		pos++;
		/* group ID */
		pos++;
		/* partial_aid */
		pos += 2;
	}

407 408 409 410
	for_each_set_bit(chain, &chains, IEEE80211_MAX_CHAINS) {
		*pos++ = status->chain_signal[chain];
		*pos++ = chain;
	}
411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426

	if (status->flag & RX_FLAG_RADIOTAP_VENDOR_DATA) {
		/* ensure 2 byte alignment for the vendor field as required */
		if ((pos - (u8 *)rthdr) & 1)
			*pos++ = 0;
		*pos++ = rtap.oui[0];
		*pos++ = rtap.oui[1];
		*pos++ = rtap.oui[2];
		*pos++ = rtap.subns;
		put_unaligned_le16(rtap.len, pos);
		pos += 2;
		/* align the actual payload as requested */
		while ((pos - (u8 *)rthdr) & (rtap.align - 1))
			*pos++ = 0;
		/* data (and possible padding) already follows */
	}
427 428
}

429 430 431 432 433 434 435
/*
 * This function copies a received frame to all monitor interfaces and
 * returns a cleaned-up SKB that no longer includes the FCS nor the
 * radiotap header the driver might have added.
 */
static struct sk_buff *
ieee80211_rx_monitor(struct ieee80211_local *local, struct sk_buff *origskb,
436
		     struct ieee80211_rate *rate)
437
{
438
	struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(origskb);
439
	struct ieee80211_sub_if_data *sdata;
440
	int rt_hdrlen, needed_headroom;
441 442 443
	struct sk_buff *skb, *skb2;
	struct net_device *prev_dev = NULL;
	int present_fcs_len = 0;
444 445 446 447 448 449 450
	unsigned int rtap_vendor_space = 0;

	if (unlikely(status->flag & RX_FLAG_RADIOTAP_VENDOR_DATA)) {
		struct ieee80211_vendor_radiotap *rtap = (void *)origskb->data;

		rtap_vendor_space = sizeof(*rtap) + rtap->len + rtap->pad;
	}
451 452 453 454 455 456 457 458 459

	/*
	 * First, we may need to make a copy of the skb because
	 *  (1) we need to modify it for radiotap (if not present), and
	 *  (2) the other RX handlers will modify the skb we got.
	 *
	 * We don't need to, of course, if we aren't going to return
	 * the SKB because it has a bad FCS/PLCP checksum.
	 */
460

461
	if (ieee80211_hw_check(&local->hw, RX_INCLUDES_FCS))
462 463
		present_fcs_len = FCS_LEN;

464 465
	/* ensure hdr->frame_control and vendor radiotap data are in skb head */
	if (!pskb_may_pull(origskb, 2 + rtap_vendor_space)) {
Zhu Yi's avatar
Zhu Yi committed
466 467 468 469
		dev_kfree_skb(origskb);
		return NULL;
	}

470
	if (!local->monitors) {
471 472
		if (should_drop_frame(origskb, present_fcs_len,
				      rtap_vendor_space)) {
473 474 475 476
			dev_kfree_skb(origskb);
			return NULL;
		}

477
		return remove_monitor_info(local, origskb, rtap_vendor_space);
478 479
	}

480
	/* room for the radiotap header based on driver features */
481 482
	rt_hdrlen = ieee80211_rx_radiotap_hdrlen(local, status, origskb);
	needed_headroom = rt_hdrlen - rtap_vendor_space;
483

484
	if (should_drop_frame(origskb, present_fcs_len, rtap_vendor_space)) {
485 486 487 488 489 490 491 492 493 494 495 496
		/* only need to expand headroom if necessary */
		skb = origskb;
		origskb = NULL;

		/*
		 * This shouldn't trigger often because most devices have an
		 * RX header they pull before we get here, and that should
		 * be big enough for our radiotap information. We should
		 * probably export the length to drivers so that we can have
		 * them allocate enough headroom to start with.
		 */
		if (skb_headroom(skb) < needed_headroom &&
497
		    pskb_expand_head(skb, needed_headroom, 0, GFP_ATOMIC)) {
498 499 500 501 502 503 504 505 506 507
			dev_kfree_skb(skb);
			return NULL;
		}
	} else {
		/*
		 * Need to make a copy and possibly remove radiotap header
		 * and FCS from the original.
		 */
		skb = skb_copy_expand(origskb, needed_headroom, 0, GFP_ATOMIC);

508 509
		origskb = remove_monitor_info(local, origskb,
					      rtap_vendor_space);
510 511 512 513 514

		if (!skb)
			return origskb;
	}

515
	/* prepend radiotap information */
516
	ieee80211_add_rx_radiotap_header(local, skb, rate, rt_hdrlen, true);
517

518
	skb_reset_mac_header(skb);
519 520 521 522 523
	skb->ip_summed = CHECKSUM_UNNECESSARY;
	skb->pkt_type = PACKET_OTHERHOST;
	skb->protocol = htons(ETH_P_802_2);

	list_for_each_entry_rcu(sdata, &local->interfaces, list) {
524
		if (sdata->vif.type != NL80211_IFTYPE_MONITOR)
525 526
			continue;

527 528 529
		if (sdata->u.mntr_flags & MONITOR_FLAG_COOK_FRAMES)
			continue;

530
		if (!ieee80211_sdata_running(sdata))
531 532
			continue;

533 534 535 536
		if (prev_dev) {
			skb2 = skb_clone(skb, GFP_ATOMIC);
			if (skb2) {
				skb2->dev = prev_dev;
537
				netif_receive_skb(skb2);
538 539 540 541
			}
		}

		prev_dev = sdata->dev;
542
		ieee80211_rx_stats(sdata->dev, skb->len);
543 544 545 546
	}

	if (prev_dev) {
		skb->dev = prev_dev;
547
		netif_receive_skb(skb);
548 549 550 551 552 553
	} else
		dev_kfree_skb(skb);

	return origskb;
}

554
static void ieee80211_parse_qos(struct ieee80211_rx_data *rx)
555
{
556
	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
557
	struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb);
558
	int tid, seqno_idx, security_idx;
559 560

	/* does the frame have a qos control field? */
561 562
	if (ieee80211_is_data_qos(hdr->frame_control)) {
		u8 *qc = ieee80211_get_qos_ctl(hdr);
563
		/* frame has qos control */
564
		tid = *qc & IEEE80211_QOS_CTL_TID_MASK;
565
		if (*qc & IEEE80211_QOS_CTL_A_MSDU_PRESENT)
566
			status->rx_flags |= IEEE80211_RX_AMSDU;
567 568 569

		seqno_idx = tid;
		security_idx = tid;
570
	} else {
571 572 573 574 575 576 577 578 579 580 581
		/*
		 * IEEE 802.11-2007, 7.1.3.4.1 ("Sequence Number field"):
		 *
		 *	Sequence numbers for management frames, QoS data
		 *	frames with a broadcast/multicast address in the
		 *	Address 1 field, and all non-QoS data frames sent
		 *	by QoS STAs are assigned using an additional single
		 *	modulo-4096 counter, [...]
		 *
		 * We also use that counter for non-QoS STAs.
		 */
582
		seqno_idx = IEEE80211_NUM_TIDS;
583 584
		security_idx = 0;
		if (ieee80211_is_mgmt(hdr->frame_control))
585
			security_idx = IEEE80211_NUM_TIDS;
586
		tid = 0;
587
	}
588

589 590
	rx->seqno_idx = seqno_idx;
	rx->security_idx = security_idx;
591 592 593
	/* Set skb->priority to 1d tag if highest order bit of TID is not set.
	 * For now, set skb->priority to 0 for other cases. */
	rx->skb->priority = (tid > 7) ? 0 : tid;
594
}
595

596 597 598 599 600 601 602 603 604 605 606
/**
 * DOC: Packet alignment
 *
 * Drivers always need to pass packets that are aligned to two-byte boundaries
 * to the stack.
 *
 * Additionally, should, if possible, align the payload data in a way that
 * guarantees that the contained IP header is aligned to a four-byte
 * boundary. In the case of regular frames, this simply means aligning the
 * payload to a four-byte boundary (because either the IP header is directly
 * contained, or IV/RFC1042 headers that have a length divisible by four are
607 608 609
 * in front of it).  If the payload data is not properly aligned and the
 * architecture doesn't support efficient unaligned operations, mac80211
 * will align the data.
610 611 612 613 614 615 616
 *
 * With A-MSDU frames, however, the payload data address must yield two modulo
 * four because there are 14-byte 802.3 headers within the A-MSDU frames that
 * push the IP header further back to a multiple of four again. Thankfully, the
 * specs were sane enough this time around to require padding each A-MSDU
 * subframe to a length that is a multiple of four.
 *
Lucas De Marchi's avatar
Lucas De Marchi committed
617
 * Padding like Atheros hardware adds which is between the 802.11 header and
618 619 620 621
 * the payload is not supported, the driver is required to move the 802.11
 * header to be directly in front of the payload in that case.
 */
static void ieee80211_verify_alignment(struct ieee80211_rx_data *rx)
622
{
623 624 625
#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
	WARN_ONCE((unsigned long)rx->skb->data & 1,
		  "unaligned packet at 0x%p\n", rx->skb->data);
626
#endif
627 628
}

629

630 631
/* rx handlers */

632 633 634 635
static int ieee80211_is_unicast_robust_mgmt_frame(struct sk_buff *skb)
{
	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;

636
	if (is_multicast_ether_addr(hdr->addr1))
637 638
		return 0;

639
	return ieee80211_is_robust_mgmt_frame(skb);
640 641 642 643 644 645 646
}


static int ieee80211_is_multicast_robust_mgmt_frame(struct sk_buff *skb)
{
	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;

647
	if (!is_multicast_ether_addr(hdr->addr1))
648 649
		return 0;

650
	return ieee80211_is_robust_mgmt_frame(skb);
651 652 653 654 655 656 657 658
}


/* Get the BIP key index from MMIE; return -1 if this is not a BIP frame */
static int ieee80211_get_mmie_keyidx(struct sk_buff *skb)
{
	struct ieee80211_mgmt *hdr = (struct ieee80211_mgmt *) skb->data;
	struct ieee80211_mmie *mmie;
659
	struct ieee80211_mmie_16 *mmie16;
660

661
	if (skb->len < 24 + sizeof(*mmie) || !is_multicast_ether_addr(hdr->da))
662 663
		return -1;

664
	if (!ieee80211_is_robust_mgmt_frame(skb))
665 666 667 668
		return -1; /* not a robust management frame */

	mmie = (struct ieee80211_mmie *)
		(skb->data + skb->len - sizeof(*mmie));
669 670 671 672 673 674 675 676 677 678 679 680
	if (mmie->element_id == WLAN_EID_MMIE &&
	    mmie->length == sizeof(*mmie) - 2)
		return le16_to_cpu(mmie->key_id);

	mmie16 = (struct ieee80211_mmie_16 *)
		(skb->data + skb->len - sizeof(*mmie16));
	if (skb->len >= 24 + sizeof(*mmie16) &&
	    mmie16->element_id == WLAN_EID_MMIE &&
	    mmie16->length == sizeof(*mmie16) - 2)
		return le16_to_cpu(mmie16->key_id);

	return -1;
681 682
}

683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703
static int iwl80211_get_cs_keyid(const struct ieee80211_cipher_scheme *cs,
				 struct sk_buff *skb)
{
	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
	__le16 fc;
	int hdrlen;
	u8 keyid;

	fc = hdr->frame_control;
	hdrlen = ieee80211_hdrlen(fc);

	if (skb->len < hdrlen + cs->hdr_len)
		return -EINVAL;

	skb_copy_bits(skb, hdrlen + cs->key_idx_off, &keyid, 1);
	keyid &= cs->key_idx_mask;
	keyid >>= cs->key_idx_shift;

	return keyid;
}

704
static ieee80211_rx_result ieee80211_rx_mesh_check(struct ieee80211_rx_data *rx)
705
{
706
	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
707
	char *dev_addr = rx->sdata->vif.addr;
708

709
	if (ieee80211_is_data(hdr->frame_control)) {
710 711
		if (is_multicast_ether_addr(hdr->addr1)) {
			if (ieee80211_has_tods(hdr->frame_control) ||
712
			    !ieee80211_has_fromds(hdr->frame_control))
713
				return RX_DROP_MONITOR;
714
			if (ether_addr_equal(hdr->addr3, dev_addr))
715 716 717 718
				return RX_DROP_MONITOR;
		} else {
			if (!ieee80211_has_a4(hdr->frame_control))
				return RX_DROP_MONITOR;
719
			if (ether_addr_equal(hdr->addr4, dev_addr))
720 721
				return RX_DROP_MONITOR;
		}
722 723 724 725 726 727
	}

	/* If there is not an established peer link and this is not a peer link
	 * establisment frame, beacon or probe, drop the frame.
	 */

728
	if (!rx->sta || sta_plink_state(rx->sta) != NL80211_PLINK_ESTAB) {
729
		struct ieee80211_mgmt *mgmt;
730

731
		if (!ieee80211_is_mgmt(hdr->frame_control))
732 733
			return RX_DROP_MONITOR;

734
		if (ieee80211_is_action(hdr->frame_control)) {
735
			u8 category;
736 737 738 739 740

			/* make sure category field is present */
			if (rx->skb->len < IEEE80211_MIN_ACTION_SIZE)
				return RX_DROP_MONITOR;

741
			mgmt = (struct ieee80211_mgmt *)hdr;
742 743
			category = mgmt->u.action.category;
			if (category != WLAN_CATEGORY_MESH_ACTION &&
744
			    category != WLAN_CATEGORY_SELF_PROTECTED)
745 746 747 748
				return RX_DROP_MONITOR;
			return RX_CONTINUE;
		}

749 750
		if (ieee80211_is_probe_req(hdr->frame_control) ||
		    ieee80211_is_probe_resp(hdr->frame_control) ||
751 752
		    ieee80211_is_beacon(hdr->frame_control) ||
		    ieee80211_is_auth(hdr->frame_control))
753 754 755 756 757
			return RX_CONTINUE;

		return RX_DROP_MONITOR;
	}

Johannes Berg's avatar
Johannes Berg committed
758 759
	return RX_CONTINUE;
}
760

761
static void ieee80211_release_reorder_frame(struct ieee80211_sub_if_data *sdata,
762
					    struct tid_ampdu_rx *tid_agg_rx,
763 764
					    int index,
					    struct sk_buff_head *frames)
765
{
766 767
	struct sk_buff_head *skb_list = &tid_agg_rx->reorder_buf[index];
	struct sk_buff *skb;
768
	struct ieee80211_rx_status *status;
769

770 771
	lockdep_assert_held(&tid_agg_rx->reorder_lock);

772
	if (skb_queue_empty(skb_list))
773 774
		goto no_frame;

775 776 777 778 779 780
	if (!ieee80211_rx_reorder_ready(skb_list)) {
		__skb_queue_purge(skb_list);
		goto no_frame;
	}

	/* release frames from the reorder ring buffer */
781
	tid_agg_rx->stored_mpdu_num--;
782 783 784 785 786
	while ((skb = __skb_dequeue(skb_list))) {
		status = IEEE80211_SKB_RXCB(skb);
		status->rx_flags |= IEEE80211_RX_DEFERRED_RELEASE;
		__skb_queue_tail(frames, skb);
	}
787 788

no_frame:
789
	tid_agg_rx->head_seq_num = ieee80211_sn_inc(tid_agg_rx->head_seq_num);
790 791
}

792
static void ieee80211_release_reorder_frames(struct ieee80211_sub_if_data *sdata,
793
					     struct tid_ampdu_rx *tid_agg_rx,
794 795
					     u16 head_seq_num,
					     struct sk_buff_head *frames)
796 797 798
{
	int index;

799 800
	lockdep_assert_held(&tid_agg_rx->reorder_lock);

801
	while (ieee80211_sn_less(tid_agg_rx->head_seq_num, head_seq_num)) {
802
		index = tid_agg_rx->head_seq_num % tid_agg_rx->buf_size;
803 804
		ieee80211_release_reorder_frame(sdata, tid_agg_rx, index,
						frames);
805 806 807 808 809 810 811 812 813
	}
}

/*
 * Timeout (in jiffies) for skb's that are waiting in the RX reorder buffer. If
 * the skb was added to the buffer longer than this time ago, the earlier
 * frames that have not yet been received are assumed to be lost and the skb
 * can be released for processing. This may also release other skb's from the
 * reorder buffer if there are no additional gaps between the frames.
814 815
 *
 * Callers must hold tid_agg_rx->reorder_lock.
816 817 818
 */
#define HT_RX_REORDER_BUF_TIMEOUT (HZ / 10)

819
static void ieee80211_sta_reorder_release(struct ieee80211_sub_if_data *sdata,
820 821
					  struct tid_ampdu_rx *tid_agg_rx,
					  struct sk_buff_head *frames)
822
{
823
	int index, i, j;
824

825 826
	lockdep_assert_held(&tid_agg_rx->reorder_lock);

827
	/* release the buffer until next missing frame */
828
	index = tid_agg_rx->head_seq_num % tid_agg_rx->buf_size;
829
	if (!ieee80211_rx_reorder_ready(&tid_agg_rx->reorder_buf[index]) &&
830
	    tid_agg_rx->stored_mpdu_num) {
831 832 833 834 835 836 837
		/*
		 * No buffers ready to be released, but check whether any
		 * frames in the reorder buffer have timed out.
		 */
		int skipped = 1;
		for (j = (index + 1) % tid_agg_rx->buf_size; j != index;
		     j = (j + 1) % tid_agg_rx->buf_size) {
838 839
			if (!ieee80211_rx_reorder_ready(
					&tid_agg_rx->reorder_buf[j])) {
840 841 842
				skipped++;
				continue;
			}
843 844
			if (skipped &&
			    !time_after(jiffies, tid_agg_rx->reorder_time[j] +
845
					HT_RX_REORDER_BUF_TIMEOUT))
846
				goto set_release_timer;
847

848 849 850 851 852
			/* don't leave incomplete A-MSDUs around */
			for (i = (index + 1) % tid_agg_rx->buf_size; i != j;
			     i = (i + 1) % tid_agg_rx->buf_size)
				__skb_queue_purge(&tid_agg_rx->reorder_buf[i]);

Johannes Berg's avatar
Johannes Berg committed
853 854
			ht_dbg_ratelimited(sdata,
					   "release an RX reorder frame due to timeout on earlier frames\n");
855 856
			ieee80211_release_reorder_frame(sdata, tid_agg_rx, j,
							frames);
857 858 859 860 861

			/*
			 * Increment the head seq# also for the skipped slots.
			 */
			tid_agg_rx->head_seq_num =
862 863
				(tid_agg_rx->head_seq_num +
				 skipped) & IEEE80211_SN_MASK;
864 865
			skipped = 0;
		}
866 867
	} else while (ieee80211_rx_reorder_ready(
				&tid_agg_rx->reorder_buf[index])) {
868 869
		ieee80211_release_reorder_frame(sdata, tid_agg_rx, index,
						frames);
870
		index =	tid_agg_rx->head_seq_num % tid_agg_rx->buf_size;
871
	}
872 873

	if (tid_agg_rx->stored_mpdu_num) {
874
		j = index = tid_agg_rx->head_seq_num % tid_agg_rx->buf_size;
875 876 877

		for (; j != (index - 1) % tid_agg_rx->buf_size;
		     j = (j + 1) % tid_agg_rx->buf_size) {
878 879
			if (ieee80211_rx_reorder_ready(
					&tid_agg_rx->reorder_buf[j]))
880 881 882 883 884
				break;
		}

 set_release_timer:

885 886 887 888
		if (!tid_agg_rx->removed)
			mod_timer(&tid_agg_rx->reorder_timer,
				  tid_agg_rx->reorder_time[j] + 1 +
				  HT_RX_REORDER_BUF_TIMEOUT);
889 890 891
	} else {
		del_timer(&tid_agg_rx->reorder_timer);
	}
892 893
}

894 895 896 897 898
/*
 * As this function belongs to the RX path it must be under
 * rcu_read_lock protection. It returns false if the frame
 * can be processed immediately, true if it was consumed.
 */
899
static bool ieee80211_sta_manage_reorder_buf(struct ieee80211_sub_if_data *sdata,
900
					     struct tid_ampdu_rx *tid_agg_rx,
901 902
					     struct sk_buff *skb,
					     struct sk_buff_head *frames)
903 904
{
	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
905
	struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
906 907 908 909
	u16 sc = le16_to_cpu(hdr->seq_ctrl);
	u16 mpdu_seq_num = (sc & IEEE80211_SCTL_SEQ) >> 4;
	u16 head_seq_num, buf_size;
	int index;
910
	bool ret = true;
911

912 913
	spin_lock(&tid_agg_rx->reorder_lock);

914 915 916 917 918 919 920 921 922 923
	/*
	 * Offloaded BA sessions have no known starting sequence number so pick
	 * one from first Rxed frame for this tid after BA was started.
	 */
	if (unlikely(tid_agg_rx->auto_seq)) {
		tid_agg_rx->auto_seq = false;
		tid_agg_rx->ssn = mpdu_seq_num;
		tid_agg_rx->head_seq_num = mpdu_seq_num;
	}

924 925 926 927
	buf_size = tid_agg_rx->buf_size;
	head_seq_num = tid_agg_rx->head_seq_num;

	/* frame with out of date sequence number */
928
	if (ieee80211_sn_less(mpdu_seq_num, head_seq_num)) {
929
		dev_kfree_skb(skb);
930
		goto out;
931 932 933 934 935 936
	}

	/*
	 * If frame the sequence number exceeds our buffering window
	 * size release some previous frames to make room for this one.
	 */
937 938 939
	if (!ieee80211_sn_less(mpdu_seq_num, head_seq_num + buf_size)) {
		head_seq_num = ieee80211_sn_inc(
				ieee80211_sn_sub(mpdu_seq_num, buf_size));
940
		/* release stored frames up to new head to stack */
941
		ieee80211_release_reorder_frames(sdata, tid_agg_rx,
942
						 head_seq_num, frames);
943 944 945 946
	}

	/* Now the new frame is always in the range of the reordering buffer */

947
	index = mpdu_seq_num % tid_agg_rx->buf_size;
948 949

	/* check if we already stored this frame */
950
	if (ieee80211_rx_reorder_ready(&tid_agg_rx->reorder_buf[index])) {
951
		dev_kfree_skb(skb);
952
		goto out;
953 954 955 956 957
	}

	/*
	 * If the current MPDU is in the right order and nothing else
	 * is stored we can process it directly, no need to buffer it.
958 959
	 * If it is first but there's something stored, we may be able
	 * to release frames after this one.
960 961 962
	 */
	if (mpdu_seq_num == tid_agg_rx->head_seq_num &&
	    tid_agg_rx->stored_mpdu_num == 0) {
963 964 965
		if (!(status->flag & RX_FLAG_AMSDU_MORE))
			tid_agg_rx->head_seq_num =
				ieee80211_sn_inc(tid_agg_rx->head_seq_num);
966 967
		ret = false;
		goto out;
968 969 970
	}

	/* put the frame in the reordering buffer */
971 972 973 974 975 976
	__skb_queue_tail(&tid_agg_rx->reorder_buf[index], skb);
	if (!(status->flag & RX_FLAG_AMSDU_MORE)) {
		tid_agg_rx->reorder_time[index] = jiffies;
		tid_agg_rx->stored_mpdu_num++;
		ieee80211_sta_reorder_release(sdata, tid_agg_rx, frames);
	}
977

978 979 980
 out:
	spin_unlock(&tid_agg_rx->reorder_lock);
	return ret;
981 982 983 984 985 986
}

/*
 * Reorder MPDUs from A-MPDUs, keeping them on a buffer. Returns
 * true if the MPDU was buffered, false if it should be processed.
 */
987 988
static void ieee80211_rx_reorder_ampdu(struct ieee80211_rx_data *rx,
				       struct sk_buff_head *frames)
989
{
990 991
	struct sk_buff *skb = rx->skb;
	struct ieee80211_local *local = rx->local;
992
	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
993
	struct sta_info *sta = rx->sta;
994 995
	struct tid_ampdu_rx *tid_agg_rx;
	u16 sc;
996
	u8 tid, ack_policy;
997

998 999
	if (!ieee80211_is_data_qos(hdr->frame_control) ||
	    is_multicast_ether_addr(hdr->addr1))
1000
		goto dont_reorder;
1001 1002 1003 1004 1005 1006 1007

	/*
	 * filter the QoS data rx stream according to
	 * STA/TID and check if this STA/TID is on aggregation
	 */

	if (!sta)
1008
		goto dont_reorder;
1009

1010 1011
	ack_policy = *ieee80211_get_qos_ctl(hdr) &
		     IEEE80211_QOS_CTL_ACK_POLICY_MASK;
1012