rx.c 69 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11
/*
 * Copyright 2002-2005, Instant802 Networks, Inc.
 * Copyright 2005-2006, Devicescape Software, Inc.
 * Copyright 2006-2007	Jiri Benc <jbenc@suse.cz>
 * Copyright 2007	Johannes Berg <johannes@sipsolutions.net>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 */

12
#include <linux/jiffies.h>
13 14 15 16
#include <linux/kernel.h>
#include <linux/skbuff.h>
#include <linux/netdevice.h>
#include <linux/etherdevice.h>
17
#include <linux/rcupdate.h>
18 19 20 21
#include <net/mac80211.h>
#include <net/ieee80211_radiotap.h>

#include "ieee80211_i.h"
Johannes Berg's avatar
Johannes Berg committed
22
#include "led.h"
23
#include "mesh.h"
24 25 26 27 28
#include "wep.h"
#include "wpa.h"
#include "tkip.h"
#include "wme.h"

Johannes Berg's avatar
Johannes Berg committed
29 30 31 32 33
static u8 ieee80211_sta_manage_reorder_buf(struct ieee80211_hw *hw,
					   struct tid_ampdu_rx *tid_agg_rx,
					   struct sk_buff *skb,
					   u16 mpdu_seq_num,
					   int bar_req);
34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64
/*
 * monitor mode reception
 *
 * This function cleans up the SKB, i.e. it removes all the stuff
 * only useful for monitoring.
 */
static struct sk_buff *remove_monitor_info(struct ieee80211_local *local,
					   struct sk_buff *skb,
					   int rtap_len)
{
	skb_pull(skb, rtap_len);

	if (local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS) {
		if (likely(skb->len > FCS_LEN))
			skb_trim(skb, skb->len - FCS_LEN);
		else {
			/* driver bug */
			WARN_ON(1);
			dev_kfree_skb(skb);
			skb = NULL;
		}
	}

	return skb;
}

static inline int should_drop_frame(struct ieee80211_rx_status *status,
				    struct sk_buff *skb,
				    int present_fcs_len,
				    int radiotap_len)
{
65
	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
66 67 68 69 70

	if (status->flag & (RX_FLAG_FAILED_FCS_CRC | RX_FLAG_FAILED_PLCP_CRC))
		return 1;
	if (unlikely(skb->len < 16 + present_fcs_len + radiotap_len))
		return 1;
71 72 73
	if (ieee80211_is_ctl(hdr->frame_control) &&
	    !ieee80211_is_pspoll(hdr->frame_control) &&
	    !ieee80211_is_back_req(hdr->frame_control))
74 75 76 77
		return 1;
	return 0;
}

78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104
static int
ieee80211_rx_radiotap_len(struct ieee80211_local *local,
			  struct ieee80211_rx_status *status)
{
	int len;

	/* always present fields */
	len = sizeof(struct ieee80211_radiotap_header) + 9;

	if (status->flag & RX_FLAG_TSFT)
		len += 8;
	if (local->hw.flags & IEEE80211_HW_SIGNAL_DB ||
	    local->hw.flags & IEEE80211_HW_SIGNAL_DBM)
		len += 1;
	if (local->hw.flags & IEEE80211_HW_NOISE_DBM)
		len += 1;

	if (len & 1) /* padding for RX_FLAGS if necessary */
		len++;

	/* make sure radiotap starts at a naturally aligned address */
	if (len % 8)
		len = roundup(len, 8);

	return len;
}

105
/*
106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145
 * ieee80211_add_rx_radiotap_header - add radiotap header
 *
 * add a radiotap header containing all the fields which the hardware provided.
 */
static void
ieee80211_add_rx_radiotap_header(struct ieee80211_local *local,
				 struct sk_buff *skb,
				 struct ieee80211_rx_status *status,
				 struct ieee80211_rate *rate,
				 int rtap_len)
{
	struct ieee80211_radiotap_header *rthdr;
	unsigned char *pos;

	rthdr = (struct ieee80211_radiotap_header *)skb_push(skb, rtap_len);
	memset(rthdr, 0, rtap_len);

	/* radiotap header, set always present flags */
	rthdr->it_present =
		cpu_to_le32((1 << IEEE80211_RADIOTAP_FLAGS) |
			    (1 << IEEE80211_RADIOTAP_CHANNEL) |
			    (1 << IEEE80211_RADIOTAP_ANTENNA) |
			    (1 << IEEE80211_RADIOTAP_RX_FLAGS));
	rthdr->it_len = cpu_to_le16(rtap_len);

	pos = (unsigned char *)(rthdr+1);

	/* the order of the following fields is important */

	/* IEEE80211_RADIOTAP_TSFT */
	if (status->flag & RX_FLAG_TSFT) {
		*(__le64 *)pos = cpu_to_le64(status->mactime);
		rthdr->it_present |=
			cpu_to_le32(1 << IEEE80211_RADIOTAP_TSFT);
		pos += 8;
	}

	/* IEEE80211_RADIOTAP_FLAGS */
	if (local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS)
		*pos |= IEEE80211_RADIOTAP_F_FCS;
146 147
	if (status->flag & RX_FLAG_SHORTPRE)
		*pos |= IEEE80211_RADIOTAP_F_SHORTPRE;
148 149 150
	pos++;

	/* IEEE80211_RADIOTAP_RATE */
151 152 153 154 155 156 157 158 159
	if (status->flag & RX_FLAG_HT) {
		/*
		 * TODO: add following information into radiotap header once
		 * suitable fields are defined for it:
		 * - MCS index (status->rate_idx)
		 * - HT40 (status->flag & RX_FLAG_40MHZ)
		 * - short-GI (status->flag & RX_FLAG_SHORT_GI)
		 */
		*pos = 0;
160 161
	} else {
		rthdr->it_present |= (1 << IEEE80211_RADIOTAP_RATE);
162
		*pos = rate->bitrate / 5;
163
	}
164 165 166 167 168 169 170 171
	pos++;

	/* IEEE80211_RADIOTAP_CHANNEL */
	*(__le16 *)pos = cpu_to_le16(status->freq);
	pos += 2;
	if (status->band == IEEE80211_BAND_5GHZ)
		*(__le16 *)pos = cpu_to_le16(IEEE80211_CHAN_OFDM |
					     IEEE80211_CHAN_5GHZ);
172 173 174
	else if (rate->flags & IEEE80211_RATE_ERP_G)
		*(__le16 *)pos = cpu_to_le16(IEEE80211_CHAN_OFDM |
					     IEEE80211_CHAN_2GHZ);
175
	else
176
		*(__le16 *)pos = cpu_to_le16(IEEE80211_CHAN_CCK |
177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221
					     IEEE80211_CHAN_2GHZ);
	pos += 2;

	/* IEEE80211_RADIOTAP_DBM_ANTSIGNAL */
	if (local->hw.flags & IEEE80211_HW_SIGNAL_DBM) {
		*pos = status->signal;
		rthdr->it_present |=
			cpu_to_le32(1 << IEEE80211_RADIOTAP_DBM_ANTSIGNAL);
		pos++;
	}

	/* IEEE80211_RADIOTAP_DBM_ANTNOISE */
	if (local->hw.flags & IEEE80211_HW_NOISE_DBM) {
		*pos = status->noise;
		rthdr->it_present |=
			cpu_to_le32(1 << IEEE80211_RADIOTAP_DBM_ANTNOISE);
		pos++;
	}

	/* IEEE80211_RADIOTAP_LOCK_QUALITY is missing */

	/* IEEE80211_RADIOTAP_ANTENNA */
	*pos = status->antenna;
	pos++;

	/* IEEE80211_RADIOTAP_DB_ANTSIGNAL */
	if (local->hw.flags & IEEE80211_HW_SIGNAL_DB) {
		*pos = status->signal;
		rthdr->it_present |=
			cpu_to_le32(1 << IEEE80211_RADIOTAP_DB_ANTSIGNAL);
		pos++;
	}

	/* IEEE80211_RADIOTAP_DB_ANTNOISE is not used */

	/* IEEE80211_RADIOTAP_RX_FLAGS */
	/* ensure 2 byte alignment for the 2 byte field as required */
	if ((pos - (unsigned char *)rthdr) & 1)
		pos++;
	/* FIXME: when radiotap gets a 'bad PLCP' flag use it here */
	if (status->flag & (RX_FLAG_FAILED_FCS_CRC | RX_FLAG_FAILED_PLCP_CRC))
		*(__le16 *)pos |= cpu_to_le16(IEEE80211_RADIOTAP_F_RX_BADFCS);
	pos += 2;
}

222 223 224 225 226 227 228
/*
 * This function copies a received frame to all monitor interfaces and
 * returns a cleaned-up SKB that no longer includes the FCS nor the
 * radiotap header the driver might have added.
 */
static struct sk_buff *
ieee80211_rx_monitor(struct ieee80211_local *local, struct sk_buff *origskb,
229 230
		     struct ieee80211_rx_status *status,
		     struct ieee80211_rate *rate)
231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249
{
	struct ieee80211_sub_if_data *sdata;
	int needed_headroom = 0;
	struct sk_buff *skb, *skb2;
	struct net_device *prev_dev = NULL;
	int present_fcs_len = 0;
	int rtap_len = 0;

	/*
	 * First, we may need to make a copy of the skb because
	 *  (1) we need to modify it for radiotap (if not present), and
	 *  (2) the other RX handlers will modify the skb we got.
	 *
	 * We don't need to, of course, if we aren't going to return
	 * the SKB because it has a bad FCS/PLCP checksum.
	 */
	if (status->flag & RX_FLAG_RADIOTAP)
		rtap_len = ieee80211_get_radiotap_len(origskb->data);
	else
250 251
		/* room for the radiotap header based on driver features */
		needed_headroom = ieee80211_rx_radiotap_len(local, status);
252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278

	if (local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS)
		present_fcs_len = FCS_LEN;

	if (!local->monitors) {
		if (should_drop_frame(status, origskb, present_fcs_len,
				      rtap_len)) {
			dev_kfree_skb(origskb);
			return NULL;
		}

		return remove_monitor_info(local, origskb, rtap_len);
	}

	if (should_drop_frame(status, origskb, present_fcs_len, rtap_len)) {
		/* only need to expand headroom if necessary */
		skb = origskb;
		origskb = NULL;

		/*
		 * This shouldn't trigger often because most devices have an
		 * RX header they pull before we get here, and that should
		 * be big enough for our radiotap information. We should
		 * probably export the length to drivers so that we can have
		 * them allocate enough headroom to start with.
		 */
		if (skb_headroom(skb) < needed_headroom &&
279
		    pskb_expand_head(skb, needed_headroom, 0, GFP_ATOMIC)) {
280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296
			dev_kfree_skb(skb);
			return NULL;
		}
	} else {
		/*
		 * Need to make a copy and possibly remove radiotap header
		 * and FCS from the original.
		 */
		skb = skb_copy_expand(origskb, needed_headroom, 0, GFP_ATOMIC);

		origskb = remove_monitor_info(local, origskb, rtap_len);

		if (!skb)
			return origskb;
	}

	/* if necessary, prepend radiotap information */
297 298 299
	if (!(status->flag & RX_FLAG_RADIOTAP))
		ieee80211_add_rx_radiotap_header(local, skb, status, rate,
						 needed_headroom);
300

301
	skb_reset_mac_header(skb);
302 303 304 305 306 307 308 309
	skb->ip_summed = CHECKSUM_UNNECESSARY;
	skb->pkt_type = PACKET_OTHERHOST;
	skb->protocol = htons(ETH_P_802_2);

	list_for_each_entry_rcu(sdata, &local->interfaces, list) {
		if (!netif_running(sdata->dev))
			continue;

310
		if (sdata->vif.type != NL80211_IFTYPE_MONITOR)
311 312
			continue;

313 314 315
		if (sdata->u.mntr_flags & MONITOR_FLAG_COOK_FRAMES)
			continue;

316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338
		if (prev_dev) {
			skb2 = skb_clone(skb, GFP_ATOMIC);
			if (skb2) {
				skb2->dev = prev_dev;
				netif_rx(skb2);
			}
		}

		prev_dev = sdata->dev;
		sdata->dev->stats.rx_packets++;
		sdata->dev->stats.rx_bytes += skb->len;
	}

	if (prev_dev) {
		skb->dev = prev_dev;
		netif_rx(skb);
	} else
		dev_kfree_skb(skb);

	return origskb;
}


339
static void ieee80211_parse_qos(struct ieee80211_rx_data *rx)
340
{
341
	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
342 343 344
	int tid;

	/* does the frame have a qos control field? */
345 346
	if (ieee80211_is_data_qos(hdr->frame_control)) {
		u8 *qc = ieee80211_get_qos_ctl(hdr);
347
		/* frame has qos control */
348 349
		tid = *qc & IEEE80211_QOS_CTL_TID_MASK;
		if (*qc & IEEE80211_QOS_CONTROL_A_MSDU_PRESENT)
350
			rx->flags |= IEEE80211_RX_AMSDU;
351
		else
352
			rx->flags &= ~IEEE80211_RX_AMSDU;
353
	} else {
354 355 356 357 358 359 360 361 362 363 364 365
		/*
		 * IEEE 802.11-2007, 7.1.3.4.1 ("Sequence Number field"):
		 *
		 *	Sequence numbers for management frames, QoS data
		 *	frames with a broadcast/multicast address in the
		 *	Address 1 field, and all non-QoS data frames sent
		 *	by QoS STAs are assigned using an additional single
		 *	modulo-4096 counter, [...]
		 *
		 * We also use that counter for non-QoS STAs.
		 */
		tid = NUM_RX_DATA_QUEUES - 1;
366
	}
367

368
	rx->queue = tid;
369 370 371
	/* Set skb->priority to 1d tag if highest order bit of TID is not set.
	 * For now, set skb->priority to 0 for other cases. */
	rx->skb->priority = (tid > 7) ? 0 : tid;
372
}
373

374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397
/**
 * DOC: Packet alignment
 *
 * Drivers always need to pass packets that are aligned to two-byte boundaries
 * to the stack.
 *
 * Additionally, should, if possible, align the payload data in a way that
 * guarantees that the contained IP header is aligned to a four-byte
 * boundary. In the case of regular frames, this simply means aligning the
 * payload to a four-byte boundary (because either the IP header is directly
 * contained, or IV/RFC1042 headers that have a length divisible by four are
 * in front of it).
 *
 * With A-MSDU frames, however, the payload data address must yield two modulo
 * four because there are 14-byte 802.3 headers within the A-MSDU frames that
 * push the IP header further back to a multiple of four again. Thankfully, the
 * specs were sane enough this time around to require padding each A-MSDU
 * subframe to a length that is a multiple of four.
 *
 * Padding like Atheros hardware adds which is inbetween the 802.11 header and
 * the payload is not supported, the driver is required to move the 802.11
 * header to be directly in front of the payload in that case.
 */
static void ieee80211_verify_alignment(struct ieee80211_rx_data *rx)
398
{
399
	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
400 401
	int hdrlen;

402 403 404 405 406 407 408 409
#ifndef CONFIG_MAC80211_DEBUG_PACKET_ALIGNMENT
	return;
#endif

	if (WARN_ONCE((unsigned long)rx->skb->data & 1,
		      "unaligned packet at 0x%p\n", rx->skb->data))
		return;

410
	if (!ieee80211_is_data_present(hdr->frame_control))
411 412
		return;

413
	hdrlen = ieee80211_hdrlen(hdr->frame_control);
414
	if (rx->flags & IEEE80211_RX_AMSDU)
415
		hdrlen += ETH_HLEN;
416 417
	WARN_ONCE(((unsigned long)(rx->skb->data + hdrlen)) & 3,
		  "unaligned IP payload at 0x%p\n", rx->skb->data + hdrlen);
418 419
}

420

421 422
/* rx handlers */

423
static ieee80211_rx_result debug_noinline
424
ieee80211_rx_h_passive_scan(struct ieee80211_rx_data *rx)
425 426 427 428
{
	struct ieee80211_local *local = rx->local;
	struct sk_buff *skb = rx->skb;

429 430
	if (unlikely(local->hw_scanning))
		return ieee80211_scan_rx(rx->sdata, skb, rx->status);
Zhu Yi's avatar
Zhu Yi committed
431

432
	if (unlikely(local->sw_scanning)) {
Zhu Yi's avatar
Zhu Yi committed
433
		/* drop all the other packets during a software scan anyway */
434
		if (ieee80211_scan_rx(rx->sdata, skb, rx->status)
435
		    != RX_QUEUED)
Zhu Yi's avatar
Zhu Yi committed
436
			dev_kfree_skb(skb);
437
		return RX_QUEUED;
438 439
	}

440
	if (unlikely(rx->flags & IEEE80211_RX_IN_SCAN)) {
441 442
		/* scanning finished during invoking of handlers */
		I802_DEBUG_INC(local->rx_handlers_drop_passive_scan);
Johannes Berg's avatar
Johannes Berg committed
443
		return RX_DROP_UNUSABLE;
444 445
	}

446
	return RX_CONTINUE;
447 448
}

449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494

static int ieee80211_is_unicast_robust_mgmt_frame(struct sk_buff *skb)
{
	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;

	if (skb->len < 24 || is_multicast_ether_addr(hdr->addr1))
		return 0;

	return ieee80211_is_robust_mgmt_frame(hdr);
}


static int ieee80211_is_multicast_robust_mgmt_frame(struct sk_buff *skb)
{
	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;

	if (skb->len < 24 || !is_multicast_ether_addr(hdr->addr1))
		return 0;

	return ieee80211_is_robust_mgmt_frame(hdr);
}


/* Get the BIP key index from MMIE; return -1 if this is not a BIP frame */
static int ieee80211_get_mmie_keyidx(struct sk_buff *skb)
{
	struct ieee80211_mgmt *hdr = (struct ieee80211_mgmt *) skb->data;
	struct ieee80211_mmie *mmie;

	if (skb->len < 24 + sizeof(*mmie) ||
	    !is_multicast_ether_addr(hdr->da))
		return -1;

	if (!ieee80211_is_robust_mgmt_frame((struct ieee80211_hdr *) hdr))
		return -1; /* not a robust management frame */

	mmie = (struct ieee80211_mmie *)
		(skb->data + skb->len - sizeof(*mmie));
	if (mmie->element_id != WLAN_EID_MMIE ||
	    mmie->length != sizeof(*mmie) - 2)
		return -1;

	return le16_to_cpu(mmie->key_id);
}


495
static ieee80211_rx_result
496
ieee80211_rx_mesh_check(struct ieee80211_rx_data *rx)
497
{
498 499
	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
	unsigned int hdrlen = ieee80211_hdrlen(hdr->frame_control);
500

501 502
	if (ieee80211_is_data(hdr->frame_control)) {
		if (!ieee80211_has_a4(hdr->frame_control))
503 504 505 506 507 508 509 510 511
			return RX_DROP_MONITOR;
		if (memcmp(hdr->addr4, rx->dev->dev_addr, ETH_ALEN) == 0)
			return RX_DROP_MONITOR;
	}

	/* If there is not an established peer link and this is not a peer link
	 * establisment frame, beacon or probe, drop the frame.
	 */

512
	if (!rx->sta || sta_plink_state(rx->sta) != PLINK_ESTAB) {
513
		struct ieee80211_mgmt *mgmt;
514

515
		if (!ieee80211_is_mgmt(hdr->frame_control))
516 517
			return RX_DROP_MONITOR;

518
		if (ieee80211_is_action(hdr->frame_control)) {
519 520 521 522 523 524
			mgmt = (struct ieee80211_mgmt *)hdr;
			if (mgmt->u.action.category != PLINK_CATEGORY)
				return RX_DROP_MONITOR;
			return RX_CONTINUE;
		}

525 526 527 528 529 530 531 532 533 534 535 536 537
		if (ieee80211_is_probe_req(hdr->frame_control) ||
		    ieee80211_is_probe_resp(hdr->frame_control) ||
		    ieee80211_is_beacon(hdr->frame_control))
			return RX_CONTINUE;

		return RX_DROP_MONITOR;

	}

#define msh_h_get(h, l) ((struct ieee80211s_hdr *) ((u8 *)h + l))

	if (ieee80211_is_data(hdr->frame_control) &&
	    is_multicast_ether_addr(hdr->addr1) &&
538
	    mesh_rmc_check(hdr->addr4, msh_h_get(hdr, hdrlen), rx->sdata))
539
		return RX_DROP_MONITOR;
Johannes Berg's avatar
Johannes Berg committed
540
#undef msh_h_get
541

Johannes Berg's avatar
Johannes Berg committed
542 543
	return RX_CONTINUE;
}
544 545


546
static ieee80211_rx_result debug_noinline
547
ieee80211_rx_h_check(struct ieee80211_rx_data *rx)
548
{
549
	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
550 551 552

	/* Drop duplicate 802.11 retransmissions (IEEE 802.11 Chap. 9.2.9) */
	if (rx->sta && !is_multicast_ether_addr(hdr->addr1)) {
553
		if (unlikely(ieee80211_has_retry(hdr->frame_control) &&
554
			     rx->sta->last_seq_ctrl[rx->queue] ==
555
			     hdr->seq_ctrl)) {
556
			if (rx->flags & IEEE80211_RX_RA_MATCH) {
557 558 559
				rx->local->dot11FrameDuplicateCount++;
				rx->sta->num_duplicates++;
			}
Johannes Berg's avatar
Johannes Berg committed
560
			return RX_DROP_MONITOR;
561
		} else
562
			rx->sta->last_seq_ctrl[rx->queue] = hdr->seq_ctrl;
563 564 565 566
	}

	if (unlikely(rx->skb->len < 16)) {
		I802_DEBUG_INC(rx->local->rx_handlers_drop_short);
Johannes Berg's avatar
Johannes Berg committed
567
		return RX_DROP_MONITOR;
568 569 570 571 572
	}

	/* Drop disallowed frame classes based on STA auth/assoc state;
	 * IEEE 802.11, Chap 5.5.
	 *
573 574
	 * mac80211 filters only based on association state, i.e. it drops
	 * Class 3 frames from not associated stations. hostapd sends
575 576 577
	 * deauth/disassoc frames when needed. In addition, hostapd is
	 * responsible for filtering on both auth and assoc states.
	 */
578

Johannes Berg's avatar
Johannes Berg committed
579
	if (ieee80211_vif_is_mesh(&rx->sdata->vif))
580 581
		return ieee80211_rx_mesh_check(rx);

582 583
	if (unlikely((ieee80211_is_data(hdr->frame_control) ||
		      ieee80211_is_pspoll(hdr->frame_control)) &&
584
		     rx->sdata->vif.type != NL80211_IFTYPE_ADHOC &&
585
		     (!rx->sta || !test_sta_flags(rx->sta, WLAN_STA_ASSOC)))) {
586 587 588 589
		if ((!ieee80211_has_fromds(hdr->frame_control) &&
		     !ieee80211_has_tods(hdr->frame_control) &&
		     ieee80211_is_data(hdr->frame_control)) ||
		    !(rx->flags & IEEE80211_RX_RA_MATCH)) {
590 591
			/* Drop IBSS frames and frames for other hosts
			 * silently. */
Johannes Berg's avatar
Johannes Berg committed
592
			return RX_DROP_MONITOR;
593 594
		}

Johannes Berg's avatar
Johannes Berg committed
595
		return RX_DROP_MONITOR;
596 597
	}

598
	return RX_CONTINUE;
599 600 601
}


602
static ieee80211_rx_result debug_noinline
603
ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
604
{
605
	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
606 607
	int keyidx;
	int hdrlen;
Johannes Berg's avatar
Johannes Berg committed
608
	ieee80211_rx_result result = RX_DROP_UNUSABLE;
609
	struct ieee80211_key *stakey = NULL;
610
	int mmie_keyidx = -1;
611

612 613 614
	/*
	 * Key selection 101
	 *
615
	 * There are four types of keys:
616
	 *  - GTK (group keys)
617
	 *  - IGTK (group keys for management frames)
618 619 620 621 622
	 *  - PTK (pairwise keys)
	 *  - STK (station-to-station pairwise keys)
	 *
	 * When selecting a key, we have to distinguish between multicast
	 * (including broadcast) and unicast frames, the latter can only
623 624 625 626
	 * use PTKs and STKs while the former always use GTKs and IGTKs.
	 * Unless, of course, actual WEP keys ("pre-RSNA") are used, then
	 * unicast frames can also use key indices like GTKs. Hence, if we
	 * don't have a PTK/STK we check the key index for a WEP key.
627
	 *
628 629 630 631
	 * Note that in a regular BSS, multicast frames are sent by the
	 * AP only, associated stations unicast the frame to the AP first
	 * which then multicasts it on their behalf.
	 *
632 633
	 * There is also a slight problem in IBSS mode: GTKs are negotiated
	 * with each station, that is something we don't currently handle.
634 635 636
	 * The spec seems to expect that one negotiates the same key with
	 * every station but there's no such requirement; VLANs could be
	 * possible.
637 638
	 */

639 640 641 642 643 644 645 646
	if (!ieee80211_has_protected(hdr->frame_control)) {
		if (!ieee80211_is_mgmt(hdr->frame_control) ||
		    rx->sta == NULL || !test_sta_flags(rx->sta, WLAN_STA_MFP))
			return RX_CONTINUE;
		mmie_keyidx = ieee80211_get_mmie_keyidx(rx->skb);
		if (mmie_keyidx < 0)
			return RX_CONTINUE;
	}
647

648
	/*
649
	 * No point in finding a key and decrypting if the frame is neither
650 651
	 * addressed to us nor a multicast frame.
	 */
652
	if (!(rx->flags & IEEE80211_RX_RA_MATCH))
653
		return RX_CONTINUE;
654

655 656 657 658 659
	if (rx->sta)
		stakey = rcu_dereference(rx->sta->key);

	if (!is_multicast_ether_addr(hdr->addr1) && stakey) {
		rx->key = stakey;
660 661 662 663 664 665 666 667 668 669
	} else if (mmie_keyidx >= 0) {
		/* Broadcast/multicast robust management frame / BIP */
		if ((rx->status->flag & RX_FLAG_DECRYPTED) &&
		    (rx->status->flag & RX_FLAG_IV_STRIPPED))
			return RX_CONTINUE;

		if (mmie_keyidx < NUM_DEFAULT_KEYS ||
		    mmie_keyidx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS)
			return RX_DROP_MONITOR; /* unexpected BIP keyidx */
		rx->key = rcu_dereference(rx->sdata->keys[mmie_keyidx]);
670
	} else {
671 672 673 674 675 676 677 678 679
		/*
		 * The device doesn't give us the IV so we won't be
		 * able to look up the key. That's ok though, we
		 * don't need to decrypt the frame, we just won't
		 * be able to keep statistics accurate.
		 * Except for key threshold notifications, should
		 * we somehow allow the driver to tell us which key
		 * the hardware used if this flag is set?
		 */
680 681
		if ((rx->status->flag & RX_FLAG_DECRYPTED) &&
		    (rx->status->flag & RX_FLAG_IV_STRIPPED))
682
			return RX_CONTINUE;
683

684
		hdrlen = ieee80211_hdrlen(hdr->frame_control);
685 686

		if (rx->skb->len < 8 + hdrlen)
Johannes Berg's avatar
Johannes Berg committed
687
			return RX_DROP_UNUSABLE; /* TODO: count this? */
688 689 690 691 692 693 694

		/*
		 * no need to call ieee80211_wep_get_keyidx,
		 * it verifies a bunch of things we've done already
		 */
		keyidx = rx->skb->data[hdrlen + 3] >> 6;

695
		rx->key = rcu_dereference(rx->sdata->keys[keyidx]);
696 697 698 699 700 701

		/*
		 * RSNA-protected unicast frames should always be sent with
		 * pairwise or station-to-station keys, but for WEP we allow
		 * using a key index as well.
		 */
702
		if (rx->key && rx->key->conf.alg != ALG_WEP &&
703 704
		    !is_multicast_ether_addr(hdr->addr1))
			rx->key = NULL;
705 706
	}

707
	if (rx->key) {
708
		rx->key->tx_rx_count++;
709
		/* TODO: add threshold stuff again */
710
	} else {
Johannes Berg's avatar
Johannes Berg committed
711
		return RX_DROP_MONITOR;
712 713
	}

714 715
	/* Check for weak IVs if possible */
	if (rx->sta && rx->key->conf.alg == ALG_WEP &&
716
	    ieee80211_is_data(hdr->frame_control) &&
717 718
	    (!(rx->status->flag & RX_FLAG_IV_STRIPPED) ||
	     !(rx->status->flag & RX_FLAG_DECRYPTED)) &&
719 720 721
	    ieee80211_wep_is_weak_iv(rx->skb, rx->key))
		rx->sta->wep_weak_iv_count++;

722 723
	switch (rx->key->conf.alg) {
	case ALG_WEP:
724 725
		result = ieee80211_crypto_wep_decrypt(rx);
		break;
726
	case ALG_TKIP:
727 728
		result = ieee80211_crypto_tkip_decrypt(rx);
		break;
729
	case ALG_CCMP:
730 731
		result = ieee80211_crypto_ccmp_decrypt(rx);
		break;
732 733 734
	case ALG_AES_CMAC:
		result = ieee80211_crypto_aes_cmac_decrypt(rx);
		break;
735 736
	}

737
	/* either the frame has been decrypted or will be dropped */
738
	rx->status->flag |= RX_FLAG_DECRYPTED;
739 740

	return result;
741 742
}

743
static void ap_sta_ps_start(struct sta_info *sta)
744
{
745
	struct ieee80211_sub_if_data *sdata = sta->sdata;
746
	struct ieee80211_local *local = sdata->local;
747

748
	atomic_inc(&sdata->bss->num_sta_ps);
749
	set_and_clear_sta_flags(sta, WLAN_STA_PS, WLAN_STA_PSPOLL);
750 751 752
	if (local->ops->sta_notify)
		local->ops->sta_notify(local_to_hw(local), &sdata->vif,
					STA_NOTIFY_SLEEP, &sta->sta);
753
#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
754 755
	printk(KERN_DEBUG "%s: STA %pM aid %d enters power save mode\n",
	       sdata->dev->name, sta->sta.addr, sta->sta.aid);
756 757 758
#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
}

759
static int ap_sta_ps_end(struct sta_info *sta)
760
{
761 762
	struct ieee80211_sub_if_data *sdata = sta->sdata;
	struct ieee80211_local *local = sdata->local;
763 764 765
	struct sk_buff *skb;
	int sent = 0;

766
	atomic_dec(&sdata->bss->num_sta_ps);
767

768
	clear_sta_flags(sta, WLAN_STA_PS | WLAN_STA_PSPOLL);
769 770 771
	if (local->ops->sta_notify)
		local->ops->sta_notify(local_to_hw(local), &sdata->vif,
					STA_NOTIFY_AWAKE, &sta->sta);
772 773 774 775

	if (!skb_queue_empty(&sta->ps_tx_buf))
		sta_info_clear_tim_bit(sta);

776
#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
777 778
	printk(KERN_DEBUG "%s: STA %pM aid %d exits power save mode\n",
	       sdata->dev->name, sta->sta.addr, sta->sta.aid);
779
#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
780

781 782 783
	/* Send all buffered frames to the station */
	while ((skb = skb_dequeue(&sta->tx_filtered)) != NULL) {
		sent++;
Sujith's avatar
Sujith committed
784
		skb->requeue = 1;
785 786 787 788 789 790
		dev_queue_xmit(skb);
	}
	while ((skb = skb_dequeue(&sta->ps_tx_buf)) != NULL) {
		local->total_ps_buffered--;
		sent++;
#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
791
		printk(KERN_DEBUG "%s: STA %pM aid %d send PS frame "
792
		       "since STA not sleeping anymore\n", sdata->dev->name,
793
		       sta->sta.addr, sta->sta.aid);
794
#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
Sujith's avatar
Sujith committed
795
		skb->requeue = 1;
796 797 798 799 800 801
		dev_queue_xmit(skb);
	}

	return sent;
}

802
static ieee80211_rx_result debug_noinline
803
ieee80211_rx_h_sta_process(struct ieee80211_rx_data *rx)
804 805
{
	struct sta_info *sta = rx->sta;
806
	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
807 808

	if (!sta)
809
		return RX_CONTINUE;
810 811 812 813

	/* Update last_rx only for IBSS packets which are for the current
	 * BSSID to avoid keeping the current IBSS network alive in cases where
	 * other STAs are using different BSSID. */
814
	if (rx->sdata->vif.type == NL80211_IFTYPE_ADHOC) {
815
		u8 *bssid = ieee80211_get_bssid(hdr, rx->skb->len,
816
						NL80211_IFTYPE_ADHOC);
817 818 819 820
		if (compare_ether_addr(bssid, rx->sdata->u.sta.bssid) == 0)
			sta->last_rx = jiffies;
	} else
	if (!is_multicast_ether_addr(hdr->addr1) ||
821
	    rx->sdata->vif.type == NL80211_IFTYPE_STATION) {
822 823 824
		/* Update last_rx only for unicast frames in order to prevent
		 * the Probe Request frames (the only broadcast frames from a
		 * STA in infrastructure mode) from keeping a connection alive.
825 826
		 * Mesh beacons will update last_rx when if they are found to
		 * match the current local configuration when processed.
827 828 829 830
		 */
		sta->last_rx = jiffies;
	}

831
	if (!(rx->flags & IEEE80211_RX_RA_MATCH))
832
		return RX_CONTINUE;
833 834 835

	sta->rx_fragments++;
	sta->rx_bytes += rx->skb->len;
836
	sta->last_signal = rx->status->signal;
837
	sta->last_qual = rx->status->qual;
838
	sta->last_noise = rx->status->noise;
839

840 841 842 843
	/*
	 * Change STA power saving mode only at the end of a frame
	 * exchange sequence.
	 */
844
	if (!ieee80211_has_morefrags(hdr->frame_control) &&
845 846
	    (rx->sdata->vif.type == NL80211_IFTYPE_AP ||
	     rx->sdata->vif.type == NL80211_IFTYPE_AP_VLAN)) {
847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862
		if (test_sta_flags(sta, WLAN_STA_PS)) {
			/*
			 * Ignore doze->wake transitions that are
			 * indicated by non-data frames, the standard
			 * is unclear here, but for example going to
			 * PS mode and then scanning would cause a
			 * doze->wake transition for the probe request,
			 * and that is clearly undesirable.
			 */
			if (ieee80211_is_data(hdr->frame_control) &&
			    !ieee80211_has_pm(hdr->frame_control))
				rx->sent_ps_buffered += ap_sta_ps_end(sta);
		} else {
			if (ieee80211_has_pm(hdr->frame_control))
				ap_sta_ps_start(sta);
		}
863 864 865 866
	}

	/* Drop data::nullfunc frames silently, since they are used only to
	 * control station power saving mode. */
867
	if (ieee80211_is_nullfunc(hdr->frame_control)) {
868 869 870 871 872
		I802_DEBUG_INC(rx->local->rx_handlers_drop_nullfunc);
		/* Update counter and free packet here to avoid counting this
		 * as a dropped packed. */
		sta->rx_packets++;
		dev_kfree_skb(rx->skb);
873
		return RX_QUEUED;
874 875
	}

876
	return RX_CONTINUE;
877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892
} /* ieee80211_rx_h_sta_process */

static inline struct ieee80211_fragment_entry *
ieee80211_reassemble_add(struct ieee80211_sub_if_data *sdata,
			 unsigned int frag, unsigned int seq, int rx_queue,
			 struct sk_buff **skb)
{
	struct ieee80211_fragment_entry *entry;
	int idx;

	idx = sdata->fragment_next;
	entry = &sdata->fragments[sdata->fragment_next++];
	if (sdata->fragment_next >= IEEE80211_FRAGMENT_MAX)
		sdata->fragment_next = 0;

	if (!skb_queue_empty(&entry->skb_list)) {
893
#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
894 895 896 897
		struct ieee80211_hdr *hdr =
			(struct ieee80211_hdr *) entry->skb_list.next->data;
		printk(KERN_DEBUG "%s: RX reassembly removed oldest "
		       "fragment entry (idx=%d age=%lu seq=%d last_frag=%d "
898
		       "addr1=%pM addr2=%pM\n",
899 900
		       sdata->dev->name, idx,
		       jiffies - entry->first_frag_time, entry->seq,
901
		       entry->last_frag, hdr->addr1, hdr->addr2);
902
#endif
903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919
		__skb_queue_purge(&entry->skb_list);
	}

	__skb_queue_tail(&entry->skb_list, *skb); /* no need for locking */
	*skb = NULL;
	entry->first_frag_time = jiffies;
	entry->seq = seq;
	entry->rx_queue = rx_queue;
	entry->last_frag = frag;
	entry->ccmp = 0;
	entry->extra_len = 0;

	return entry;
}

static inline struct ieee80211_fragment_entry *
ieee80211_reassemble_find(struct ieee80211_sub_if_data *sdata,
920
			  unsigned int frag, unsigned int seq,
921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939
			  int rx_queue, struct ieee80211_hdr *hdr)
{
	struct ieee80211_fragment_entry *entry;
	int i, idx;

	idx = sdata->fragment_next;
	for (i = 0; i < IEEE80211_FRAGMENT_MAX; i++) {
		struct ieee80211_hdr *f_hdr;

		idx--;
		if (idx < 0)
			idx = IEEE80211_FRAGMENT_MAX - 1;

		entry = &sdata->fragments[idx];
		if (skb_queue_empty(&entry->skb_list) || entry->seq != seq ||
		    entry->rx_queue != rx_queue ||
		    entry->last_frag + 1 != frag)
			continue;

940
		f_hdr = (struct ieee80211_hdr *)entry->skb_list.next->data;
941

942 943 944 945 946
		/*
		 * Check ftype and addresses are equal, else check next fragment
		 */
		if (((hdr->frame_control ^ f_hdr->frame_control) &
		     cpu_to_le16(IEEE80211_FCTL_FTYPE)) ||
947 948 949 950
		    compare_ether_addr(hdr->addr1, f_hdr->addr1) != 0 ||
		    compare_ether_addr(hdr->addr2, f_hdr->addr2) != 0)
			continue;

951
		if (time_after(jiffies, entry->first_frag_time + 2 * HZ)) {
952 953 954 955 956 957 958 959 960
			__skb_queue_purge(&entry->skb_list);
			continue;
		}
		return entry;
	}

	return NULL;
}

961
static ieee80211_rx_result debug_noinline
962
ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx)
963 964 965
{
	struct ieee80211_hdr *hdr;
	u16 sc;
966
	__le16 fc;
967 968 969 970
	unsigned int frag, seq;
	struct ieee80211_fragment_entry *entry;
	struct sk_buff *skb;

971
	hdr = (struct ieee80211_hdr *)rx->skb->data;
972
	fc = hdr->frame_control;
973 974 975
	sc = le16_to_cpu(hdr->seq_ctrl);
	frag = sc & IEEE80211_SCTL_FRAG;

976
	if (likely((!ieee80211_has_morefrags(fc) && frag == 0) ||
977 978 979 980 981 982 983 984 985 986 987 988
		   (rx->skb)->len < 24 ||
		   is_multicast_ether_addr(hdr->addr1))) {
		/* not fragmented */
		goto out;
	}
	I802_DEBUG_INC(rx->local->rx_handlers_fragments);

	seq = (sc & IEEE80211_SCTL_SEQ) >> 4;

	if (frag == 0) {
		/* This is the first fragment of a new frame. */
		entry = ieee80211_reassemble_add(rx->sdata, frag, seq,
989
						 rx->queue, &(rx->skb));
990
		if (rx->key && rx->key->conf.alg == ALG_CCMP &&
991
		    ieee80211_has_protected(fc)) {
992 993 994 995
			/* Store CCMP PN so that we can verify that the next
			 * fragment has a sequential PN value. */
			entry->ccmp = 1;
			memcpy(entry->last_pn,
996
			       rx->key->u.ccmp.rx_pn[rx->queue],
997 998
			       CCMP_PN_LEN);
		}
999
		return RX_QUEUED;
1000 1001 1002 1003 1004
	}

	/* This is a fragment for a frame that should already be pending in
	 * fragment cache. Add this fragment to the end of the pending entry.
	 */
1005
	entry = ieee80211_reassemble_find(rx->sdata, frag, seq, rx->queue, hdr);
1006 1007
	if (!entry) {
		I802_DEBUG_INC(rx->local->rx_handlers_drop_defrag);
Johannes Berg's avatar
Johannes Berg committed
1008
		return RX_DROP_MONITOR;
1009 1010 1011 1012 1013 1014 1015
	}

	/* Verify that MPDUs within one MSDU have sequential PN values.
	 * (IEEE 802.11i, 8.3.3.4.5) */
	if (entry->ccmp) {
		int i;
		u8 pn[CCMP_PN_LEN], *rpn;
1016
		if (!rx->key || rx->key->conf.alg != ALG_CCMP)
Johannes Berg's avatar
Johannes Berg committed
1017
			return RX_DROP_UNUSABLE;
1018 1019 1020 1021 1022 1023
		memcpy(pn, entry->last_pn, CCMP_PN_LEN);
		for (i = CCMP_PN_LEN - 1; i >= 0; i--) {
			pn[i]++;
			if (pn[i])
				break;
		}
1024
		rpn = rx->key->u.ccmp.rx_pn[rx->queue];
1025
		if (memcmp(pn, rpn, CCMP_PN_LEN))
Johannes Berg's avatar
Johannes Berg committed
1026
			return RX_DROP_UNUSABLE;
1027 1028 1029
		memcpy(entry->last_pn, pn, CCMP_PN_LEN);
	}

1030
	skb_pull(rx->skb, ieee80211_hdrlen(fc));
1031 1032 1033
	__skb_queue_tail(&entry->skb_list, rx->skb);
	entry->last_frag = frag;
	entry->extra_len += rx->skb->len;
1034
	if (ieee80211_has_morefrags(fc)) {
1035
		rx->skb = NULL;
1036
		return RX_QUEUED;
1037 1038 1039 1040 1041 1042 1043 1044 1045
	}

	rx->skb = __skb_dequeue(&entry->skb_list);
	if (skb_tailroom(rx->skb) < entry->extra_len) {
		I802_DEBUG_INC(rx->local->rx_expand_skb_head2);
		if (unlikely(pskb_expand_head(rx->skb, 0, entry->extra_len,
					      GFP_ATOMIC))) {
			I802_DEBUG_INC(rx->local->rx_handlers_drop_defrag);
			__skb_queue_purge(&entry->skb_list);
Johannes Berg's avatar
Johannes Berg committed
1046
			return RX_DROP_UNUSABLE;
1047 1048 1049 1050 1051 1052 1053 1054
		}
	}
	while ((skb = __skb_dequeue(&entry->skb_list))) {
		memcpy(skb_put(rx->skb, skb->len), skb->data, skb->len);
		dev_kfree_skb(skb);
	}

	/* Complete frame has been reassembled - process it now */
1055
	rx->flags |= IEEE80211_RX_FRAGMENTED;
1056 1057 1058 1059 1060 1061 1062 1063

 out:
	if (rx->sta)
		rx->sta->rx_packets++;
	if (is_multicast_ether_addr(hdr->addr1))
		rx->local->dot11MulticastReceivedFrameCount++;
	else
		ieee80211_led_rx(rx->local);
1064
	return RX_CONTINUE;
1065 1066
}

1067
static ieee80211_rx_result debug_noinline
1068
ieee80211_rx_h_ps_poll(struct ieee80211_rx_data *rx)
1069
{
1070
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(rx->dev);
1071 1072
	struct sk_buff *skb;
	int no_pending_pkts;
1073
	__le16 fc = ((struct ieee80211_hdr *)rx->skb->data)->frame_control;
1074

1075
	if (likely(!rx->sta || !ieee80211_is_pspoll(fc) ||
1076
		   !(rx->flags & IEEE80211_RX_RA_MATCH)))
1077
		return RX_CONTINUE;
1078

1079 1080
	if ((sdata->vif.type != NL80211_IFTYPE_AP) &&
	    (sdata->vif.type != NL80211_IFTYPE_AP_VLAN))
Johannes Berg's avatar
Johannes Berg committed
1081
		return RX_DROP_UNUSABLE;
1082

1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095
	skb = skb_dequeue(&rx->sta->tx_filtered);
	if (!skb) {
		skb = skb_dequeue(&rx->sta->ps_tx_buf);
		if (skb)
			rx->local->total_ps_buffered--;
	}
	no_pending_pkts = skb_queue_empty(&rx->sta->tx_filtered) &&
		skb_queue_empty(&rx->sta->ps_tx_buf);

	if (skb) {
		struct ieee80211_hdr *hdr =
			(struct ieee80211_hdr *) skb->data;

1096 1097 1098 1099
		/*
		 * Tell TX path to send one frame even though the STA may
		 * still remain is PS mode after this frame exchange.
		 */
1100
		set_sta_flags(rx->sta, WLAN_STA_PSPOLL);
1101 1102

#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
1103 1104
		printk(KERN_DEBUG "STA %pM aid %d: PS Poll (entries after %d)\n",
		       rx->sta->sta.addr, rx->sta->sta.aid,
1105 1106 1107 1108 1109
		       skb_queue_len(&rx->sta->ps_tx_buf));
#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */

		/* Use MoreData flag to indicate whether there are more
		 * buffered frames for this STA */
1110
		if (no_pending_pkts)
1111
			hdr->frame_control &= cpu_to_le16(~IEEE80211_FCTL_MOREDATA);
1112
		else
1113 1114 1115 1116
			hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_MOREDATA);

		dev_queue_xmit(skb);

1117 1118
		if (no_pending_pkts)
			sta_info_clear_tim_bit(rx->sta);
1119
#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
1120
	} else if (!rx->sent_ps_buffered) {
1121 1122 1123 1124 1125 1126
		/*
		 * FIXME: This can be the result of a race condition between
		 *	  us expiring a frame and the station polling for it.
		 *	  Should we send it a null-func frame indicating we
		 *	  have nothing buffered for it?
		 */
1127
		printk(KERN_DEBUG "%s: STA %pM sent PS Poll even "
1128
		       "though there are no buffered frames for it\n",
1129
		       rx->dev->name, rx->sta->sta.addr);