cachepc-linux

Fork of AMDESE/linux with modifications for CachePC side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-linux
Log | Files | Refs | README | LICENSE | sfeed.txt

hostap_80211_rx.c (32600B)


      1// SPDX-License-Identifier: GPL-2.0
      2#include <linux/etherdevice.h>
      3#include <linux/slab.h>
      4#include <linux/export.h>
      5#include <net/lib80211.h>
      6#include <linux/if_arp.h>
      7
      8#include "hostap_80211.h"
      9#include "hostap.h"
     10#include "hostap_ap.h"
     11
     12/* See IEEE 802.1H for LLC/SNAP encapsulation/decapsulation */
     13/* Ethernet-II snap header (RFC1042 for most EtherTypes) */
     14static unsigned char rfc1042_header[] =
     15{ 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 };
     16/* Bridge-Tunnel header (for EtherTypes ETH_P_AARP and ETH_P_IPX) */
     17static unsigned char bridge_tunnel_header[] =
     18{ 0xaa, 0xaa, 0x03, 0x00, 0x00, 0xf8 };
     19/* No encapsulation header if EtherType < 0x600 (=length) */
     20
     21void hostap_dump_rx_80211(const char *name, struct sk_buff *skb,
     22			  struct hostap_80211_rx_status *rx_stats)
     23{
     24	struct ieee80211_hdr *hdr;
     25	u16 fc;
     26
     27	hdr = (struct ieee80211_hdr *) skb->data;
     28
     29	printk(KERN_DEBUG "%s: RX signal=%d noise=%d rate=%d len=%d "
     30	       "jiffies=%ld\n",
     31	       name, rx_stats->signal, rx_stats->noise, rx_stats->rate,
     32	       skb->len, jiffies);
     33
     34	if (skb->len < 2)
     35		return;
     36
     37	fc = le16_to_cpu(hdr->frame_control);
     38	printk(KERN_DEBUG "   FC=0x%04x (type=%d:%d)%s%s",
     39	       fc, (fc & IEEE80211_FCTL_FTYPE) >> 2,
     40	       (fc & IEEE80211_FCTL_STYPE) >> 4,
     41	       fc & IEEE80211_FCTL_TODS ? " [ToDS]" : "",
     42	       fc & IEEE80211_FCTL_FROMDS ? " [FromDS]" : "");
     43
     44	if (skb->len < IEEE80211_DATA_HDR3_LEN) {
     45		printk("\n");
     46		return;
     47	}
     48
     49	printk(" dur=0x%04x seq=0x%04x\n", le16_to_cpu(hdr->duration_id),
     50	       le16_to_cpu(hdr->seq_ctrl));
     51
     52	printk(KERN_DEBUG "   A1=%pM", hdr->addr1);
     53	printk(" A2=%pM", hdr->addr2);
     54	printk(" A3=%pM", hdr->addr3);
     55	if (skb->len >= 30)
     56		printk(" A4=%pM", hdr->addr4);
     57	printk("\n");
     58}
     59
     60
     61/* Send RX frame to netif with 802.11 (and possible prism) header.
     62 * Called from hardware or software IRQ context. */
     63int prism2_rx_80211(struct net_device *dev, struct sk_buff *skb,
     64		    struct hostap_80211_rx_status *rx_stats, int type)
     65{
     66	struct hostap_interface *iface;
     67	local_info_t *local;
     68	int hdrlen, phdrlen, head_need, tail_need;
     69	u16 fc;
     70	int prism_header, ret;
     71	struct ieee80211_hdr *fhdr;
     72
     73	iface = netdev_priv(dev);
     74	local = iface->local;
     75
     76	if (dev->type == ARPHRD_IEEE80211_PRISM) {
     77		if (local->monitor_type == PRISM2_MONITOR_PRISM) {
     78			prism_header = 1;
     79			phdrlen = sizeof(struct linux_wlan_ng_prism_hdr);
     80		} else { /* local->monitor_type == PRISM2_MONITOR_CAPHDR */
     81			prism_header = 2;
     82			phdrlen = sizeof(struct linux_wlan_ng_cap_hdr);
     83		}
     84	} else if (dev->type == ARPHRD_IEEE80211_RADIOTAP) {
     85		prism_header = 3;
     86		phdrlen = sizeof(struct hostap_radiotap_rx);
     87	} else {
     88		prism_header = 0;
     89		phdrlen = 0;
     90	}
     91
     92	fhdr = (struct ieee80211_hdr *) skb->data;
     93	fc = le16_to_cpu(fhdr->frame_control);
     94
     95	if (type == PRISM2_RX_MGMT && (fc & IEEE80211_FCTL_VERS)) {
     96		printk(KERN_DEBUG "%s: dropped management frame with header "
     97		       "version %d\n", dev->name, fc & IEEE80211_FCTL_VERS);
     98		dev_kfree_skb_any(skb);
     99		return 0;
    100	}
    101
    102	hdrlen = hostap_80211_get_hdrlen(fhdr->frame_control);
    103
    104	/* check if there is enough room for extra data; if not, expand skb
    105	 * buffer to be large enough for the changes */
    106	head_need = phdrlen;
    107	tail_need = 0;
    108#ifdef PRISM2_ADD_BOGUS_CRC
    109	tail_need += 4;
    110#endif /* PRISM2_ADD_BOGUS_CRC */
    111
    112	head_need -= skb_headroom(skb);
    113	tail_need -= skb_tailroom(skb);
    114
    115	if (head_need > 0 || tail_need > 0) {
    116		if (pskb_expand_head(skb, head_need > 0 ? head_need : 0,
    117				     tail_need > 0 ? tail_need : 0,
    118				     GFP_ATOMIC)) {
    119			printk(KERN_DEBUG "%s: prism2_rx_80211 failed to "
    120			       "reallocate skb buffer\n", dev->name);
    121			dev_kfree_skb_any(skb);
    122			return 0;
    123		}
    124	}
    125
    126	/* We now have an skb with enough head and tail room, so just insert
    127	 * the extra data */
    128
    129#ifdef PRISM2_ADD_BOGUS_CRC
    130	memset(skb_put(skb, 4), 0xff, 4); /* Prism2 strips CRC */
    131#endif /* PRISM2_ADD_BOGUS_CRC */
    132
    133	if (prism_header == 1) {
    134		struct linux_wlan_ng_prism_hdr *hdr;
    135		hdr = skb_push(skb, phdrlen);
    136		memset(hdr, 0, phdrlen);
    137		hdr->msgcode = LWNG_CAP_DID_BASE;
    138		hdr->msglen = sizeof(*hdr);
    139		memcpy(hdr->devname, dev->name, sizeof(hdr->devname));
    140#define LWNG_SETVAL(f,i,s,l,d) \
    141hdr->f.did = LWNG_CAP_DID_BASE | (i << 12); \
    142hdr->f.status = s; hdr->f.len = l; hdr->f.data = d
    143		LWNG_SETVAL(hosttime, 1, 0, 4, jiffies);
    144		LWNG_SETVAL(mactime, 2, 0, 4, rx_stats->mac_time);
    145		LWNG_SETVAL(channel, 3, 1 /* no value */, 4, 0);
    146		LWNG_SETVAL(rssi, 4, 1 /* no value */, 4, 0);
    147		LWNG_SETVAL(sq, 5, 1 /* no value */, 4, 0);
    148		LWNG_SETVAL(signal, 6, 0, 4, rx_stats->signal);
    149		LWNG_SETVAL(noise, 7, 0, 4, rx_stats->noise);
    150		LWNG_SETVAL(rate, 8, 0, 4, rx_stats->rate / 5);
    151		LWNG_SETVAL(istx, 9, 0, 4, 0);
    152		LWNG_SETVAL(frmlen, 10, 0, 4, skb->len - phdrlen);
    153#undef LWNG_SETVAL
    154	} else if (prism_header == 2) {
    155		struct linux_wlan_ng_cap_hdr *hdr;
    156		hdr = skb_push(skb, phdrlen);
    157		memset(hdr, 0, phdrlen);
    158		hdr->version    = htonl(LWNG_CAPHDR_VERSION);
    159		hdr->length     = htonl(phdrlen);
    160		hdr->mactime    = __cpu_to_be64(rx_stats->mac_time);
    161		hdr->hosttime   = __cpu_to_be64(jiffies);
    162		hdr->phytype    = htonl(4); /* dss_dot11_b */
    163		hdr->channel    = htonl(local->channel);
    164		hdr->datarate   = htonl(rx_stats->rate);
    165		hdr->antenna    = htonl(0); /* unknown */
    166		hdr->priority   = htonl(0); /* unknown */
    167		hdr->ssi_type   = htonl(3); /* raw */
    168		hdr->ssi_signal = htonl(rx_stats->signal);
    169		hdr->ssi_noise  = htonl(rx_stats->noise);
    170		hdr->preamble   = htonl(0); /* unknown */
    171		hdr->encoding   = htonl(1); /* cck */
    172	} else if (prism_header == 3) {
    173		struct hostap_radiotap_rx *hdr;
    174		hdr = skb_push(skb, phdrlen);
    175		memset(hdr, 0, phdrlen);
    176		hdr->hdr.it_len = cpu_to_le16(phdrlen);
    177		hdr->hdr.it_present =
    178			cpu_to_le32((1 << IEEE80211_RADIOTAP_TSFT) |
    179				    (1 << IEEE80211_RADIOTAP_CHANNEL) |
    180				    (1 << IEEE80211_RADIOTAP_RATE) |
    181				    (1 << IEEE80211_RADIOTAP_DBM_ANTSIGNAL) |
    182				    (1 << IEEE80211_RADIOTAP_DBM_ANTNOISE));
    183		hdr->tsft = cpu_to_le64(rx_stats->mac_time);
    184		hdr->chan_freq = cpu_to_le16(freq_list[local->channel - 1]);
    185		hdr->chan_flags = cpu_to_le16(IEEE80211_CHAN_CCK |
    186						 IEEE80211_CHAN_2GHZ);
    187		hdr->rate = rx_stats->rate / 5;
    188		hdr->dbm_antsignal = rx_stats->signal;
    189		hdr->dbm_antnoise = rx_stats->noise;
    190	}
    191
    192	ret = skb->len - phdrlen;
    193	skb->dev = dev;
    194	skb_reset_mac_header(skb);
    195	skb_pull(skb, hdrlen);
    196	if (prism_header)
    197		skb_pull(skb, phdrlen);
    198	skb->pkt_type = PACKET_OTHERHOST;
    199	skb->protocol = cpu_to_be16(ETH_P_802_2);
    200	memset(skb->cb, 0, sizeof(skb->cb));
    201	netif_rx(skb);
    202
    203	return ret;
    204}
    205
    206
    207/* Called only as a tasklet (software IRQ) */
    208static void monitor_rx(struct net_device *dev, struct sk_buff *skb,
    209		       struct hostap_80211_rx_status *rx_stats)
    210{
    211	int len;
    212
    213	len = prism2_rx_80211(dev, skb, rx_stats, PRISM2_RX_MONITOR);
    214	dev->stats.rx_packets++;
    215	dev->stats.rx_bytes += len;
    216}
    217
    218
    219/* Called only as a tasklet (software IRQ) */
    220static struct prism2_frag_entry *
    221prism2_frag_cache_find(local_info_t *local, unsigned int seq,
    222		       unsigned int frag, u8 *src, u8 *dst)
    223{
    224	struct prism2_frag_entry *entry;
    225	int i;
    226
    227	for (i = 0; i < PRISM2_FRAG_CACHE_LEN; i++) {
    228		entry = &local->frag_cache[i];
    229		if (entry->skb != NULL &&
    230		    time_after(jiffies, entry->first_frag_time + 2 * HZ)) {
    231			printk(KERN_DEBUG "%s: expiring fragment cache entry "
    232			       "seq=%u last_frag=%u\n",
    233			       local->dev->name, entry->seq, entry->last_frag);
    234			dev_kfree_skb(entry->skb);
    235			entry->skb = NULL;
    236		}
    237
    238		if (entry->skb != NULL && entry->seq == seq &&
    239		    (entry->last_frag + 1 == frag || frag == -1) &&
    240		    memcmp(entry->src_addr, src, ETH_ALEN) == 0 &&
    241		    memcmp(entry->dst_addr, dst, ETH_ALEN) == 0)
    242			return entry;
    243	}
    244
    245	return NULL;
    246}
    247
    248
    249/* Called only as a tasklet (software IRQ) */
    250static struct sk_buff *
    251prism2_frag_cache_get(local_info_t *local, struct ieee80211_hdr *hdr)
    252{
    253	struct sk_buff *skb = NULL;
    254	u16 sc;
    255	unsigned int frag, seq;
    256	struct prism2_frag_entry *entry;
    257
    258	sc = le16_to_cpu(hdr->seq_ctrl);
    259	frag = sc & IEEE80211_SCTL_FRAG;
    260	seq = (sc & IEEE80211_SCTL_SEQ) >> 4;
    261
    262	if (frag == 0) {
    263		/* Reserve enough space to fit maximum frame length */
    264		skb = dev_alloc_skb(local->dev->mtu +
    265				    sizeof(struct ieee80211_hdr) +
    266				    8 /* LLC */ +
    267				    2 /* alignment */ +
    268				    8 /* WEP */ + ETH_ALEN /* WDS */);
    269		if (skb == NULL)
    270			return NULL;
    271
    272		entry = &local->frag_cache[local->frag_next_idx];
    273		local->frag_next_idx++;
    274		if (local->frag_next_idx >= PRISM2_FRAG_CACHE_LEN)
    275			local->frag_next_idx = 0;
    276
    277		if (entry->skb != NULL)
    278			dev_kfree_skb(entry->skb);
    279
    280		entry->first_frag_time = jiffies;
    281		entry->seq = seq;
    282		entry->last_frag = frag;
    283		entry->skb = skb;
    284		memcpy(entry->src_addr, hdr->addr2, ETH_ALEN);
    285		memcpy(entry->dst_addr, hdr->addr1, ETH_ALEN);
    286	} else {
    287		/* received a fragment of a frame for which the head fragment
    288		 * should have already been received */
    289		entry = prism2_frag_cache_find(local, seq, frag, hdr->addr2,
    290					       hdr->addr1);
    291		if (entry != NULL) {
    292			entry->last_frag = frag;
    293			skb = entry->skb;
    294		}
    295	}
    296
    297	return skb;
    298}
    299
    300
    301/* Called only as a tasklet (software IRQ) */
    302static int prism2_frag_cache_invalidate(local_info_t *local,
    303					struct ieee80211_hdr *hdr)
    304{
    305	u16 sc;
    306	unsigned int seq;
    307	struct prism2_frag_entry *entry;
    308
    309	sc = le16_to_cpu(hdr->seq_ctrl);
    310	seq = (sc & IEEE80211_SCTL_SEQ) >> 4;
    311
    312	entry = prism2_frag_cache_find(local, seq, -1, hdr->addr2, hdr->addr1);
    313
    314	if (entry == NULL) {
    315		printk(KERN_DEBUG "%s: could not invalidate fragment cache "
    316		       "entry (seq=%u)\n",
    317		       local->dev->name, seq);
    318		return -1;
    319	}
    320
    321	entry->skb = NULL;
    322	return 0;
    323}
    324
    325
    326static struct hostap_bss_info *__hostap_get_bss(local_info_t *local, u8 *bssid,
    327						u8 *ssid, size_t ssid_len)
    328{
    329	struct list_head *ptr;
    330	struct hostap_bss_info *bss;
    331
    332	list_for_each(ptr, &local->bss_list) {
    333		bss = list_entry(ptr, struct hostap_bss_info, list);
    334		if (memcmp(bss->bssid, bssid, ETH_ALEN) == 0 &&
    335		    (ssid == NULL ||
    336		     (ssid_len == bss->ssid_len &&
    337		      memcmp(ssid, bss->ssid, ssid_len) == 0))) {
    338			list_move(&bss->list, &local->bss_list);
    339			return bss;
    340		}
    341	}
    342
    343	return NULL;
    344}
    345
    346
    347static struct hostap_bss_info *__hostap_add_bss(local_info_t *local, u8 *bssid,
    348						u8 *ssid, size_t ssid_len)
    349{
    350	struct hostap_bss_info *bss;
    351
    352	if (local->num_bss_info >= HOSTAP_MAX_BSS_COUNT) {
    353		bss = list_entry(local->bss_list.prev,
    354				 struct hostap_bss_info, list);
    355		list_del(&bss->list);
    356		local->num_bss_info--;
    357	} else {
    358		bss = kmalloc(sizeof(*bss), GFP_ATOMIC);
    359		if (bss == NULL)
    360			return NULL;
    361	}
    362
    363	memset(bss, 0, sizeof(*bss));
    364	memcpy(bss->bssid, bssid, ETH_ALEN);
    365	memcpy(bss->ssid, ssid, ssid_len);
    366	bss->ssid_len = ssid_len;
    367	local->num_bss_info++;
    368	list_add(&bss->list, &local->bss_list);
    369	return bss;
    370}
    371
    372
    373static void __hostap_expire_bss(local_info_t *local)
    374{
    375	struct hostap_bss_info *bss;
    376
    377	while (local->num_bss_info > 0) {
    378		bss = list_entry(local->bss_list.prev,
    379				 struct hostap_bss_info, list);
    380		if (!time_after(jiffies, bss->last_update + 60 * HZ))
    381			break;
    382
    383		list_del(&bss->list);
    384		local->num_bss_info--;
    385		kfree(bss);
    386	}
    387}
    388
    389
    390/* Both IEEE 802.11 Beacon and Probe Response frames have similar structure, so
    391 * the same routine can be used to parse both of them. */
    392static void hostap_rx_sta_beacon(local_info_t *local, struct sk_buff *skb,
    393				 int stype)
    394{
    395	struct hostap_ieee80211_mgmt *mgmt;
    396	int left, chan = 0;
    397	u8 *pos;
    398	u8 *ssid = NULL, *wpa = NULL, *rsn = NULL;
    399	size_t ssid_len = 0, wpa_len = 0, rsn_len = 0;
    400	struct hostap_bss_info *bss;
    401
    402	if (skb->len < IEEE80211_MGMT_HDR_LEN + sizeof(mgmt->u.beacon))
    403		return;
    404
    405	mgmt = (struct hostap_ieee80211_mgmt *) skb->data;
    406	pos = mgmt->u.beacon.variable;
    407	left = skb->len - (pos - skb->data);
    408
    409	while (left >= 2) {
    410		if (2 + pos[1] > left)
    411			return; /* parse failed */
    412		switch (*pos) {
    413		case WLAN_EID_SSID:
    414			ssid = pos + 2;
    415			ssid_len = pos[1];
    416			break;
    417		case WLAN_EID_VENDOR_SPECIFIC:
    418			if (pos[1] >= 4 &&
    419			    pos[2] == 0x00 && pos[3] == 0x50 &&
    420			    pos[4] == 0xf2 && pos[5] == 1) {
    421				wpa = pos;
    422				wpa_len = pos[1] + 2;
    423			}
    424			break;
    425		case WLAN_EID_RSN:
    426			rsn = pos;
    427			rsn_len = pos[1] + 2;
    428			break;
    429		case WLAN_EID_DS_PARAMS:
    430			if (pos[1] >= 1)
    431				chan = pos[2];
    432			break;
    433		}
    434		left -= 2 + pos[1];
    435		pos += 2 + pos[1];
    436	}
    437
    438	if (wpa_len > MAX_WPA_IE_LEN)
    439		wpa_len = MAX_WPA_IE_LEN;
    440	if (rsn_len > MAX_WPA_IE_LEN)
    441		rsn_len = MAX_WPA_IE_LEN;
    442	if (ssid_len > sizeof(bss->ssid))
    443		ssid_len = sizeof(bss->ssid);
    444
    445	spin_lock(&local->lock);
    446	bss = __hostap_get_bss(local, mgmt->bssid, ssid, ssid_len);
    447	if (bss == NULL)
    448		bss = __hostap_add_bss(local, mgmt->bssid, ssid, ssid_len);
    449	if (bss) {
    450		bss->last_update = jiffies;
    451		bss->count++;
    452		bss->capab_info = le16_to_cpu(mgmt->u.beacon.capab_info);
    453		if (wpa) {
    454			memcpy(bss->wpa_ie, wpa, wpa_len);
    455			bss->wpa_ie_len = wpa_len;
    456		} else
    457			bss->wpa_ie_len = 0;
    458		if (rsn) {
    459			memcpy(bss->rsn_ie, rsn, rsn_len);
    460			bss->rsn_ie_len = rsn_len;
    461		} else
    462			bss->rsn_ie_len = 0;
    463		bss->chan = chan;
    464	}
    465	__hostap_expire_bss(local);
    466	spin_unlock(&local->lock);
    467}
    468
    469
    470static int
    471hostap_rx_frame_mgmt(local_info_t *local, struct sk_buff *skb,
    472		     struct hostap_80211_rx_status *rx_stats, u16 type,
    473		     u16 stype)
    474{
    475	if (local->iw_mode == IW_MODE_MASTER)
    476		hostap_update_sta_ps(local, (struct ieee80211_hdr *) skb->data);
    477
    478	if (local->hostapd && type == IEEE80211_FTYPE_MGMT) {
    479		if (stype == IEEE80211_STYPE_BEACON &&
    480		    local->iw_mode == IW_MODE_MASTER) {
    481			struct sk_buff *skb2;
    482			/* Process beacon frames also in kernel driver to
    483			 * update STA(AP) table statistics */
    484			skb2 = skb_clone(skb, GFP_ATOMIC);
    485			if (skb2)
    486				hostap_rx(skb2->dev, skb2, rx_stats);
    487		}
    488
    489		/* send management frames to the user space daemon for
    490		 * processing */
    491		local->apdevstats.rx_packets++;
    492		local->apdevstats.rx_bytes += skb->len;
    493		if (local->apdev == NULL)
    494			return -1;
    495		prism2_rx_80211(local->apdev, skb, rx_stats, PRISM2_RX_MGMT);
    496		return 0;
    497	}
    498
    499	if (local->iw_mode == IW_MODE_MASTER) {
    500		if (type != IEEE80211_FTYPE_MGMT &&
    501		    type != IEEE80211_FTYPE_CTL) {
    502			printk(KERN_DEBUG "%s: unknown management frame "
    503			       "(type=0x%02x, stype=0x%02x) dropped\n",
    504			       skb->dev->name, type >> 2, stype >> 4);
    505			return -1;
    506		}
    507
    508		hostap_rx(skb->dev, skb, rx_stats);
    509		return 0;
    510	} else if (type == IEEE80211_FTYPE_MGMT &&
    511		   (stype == IEEE80211_STYPE_BEACON ||
    512		    stype == IEEE80211_STYPE_PROBE_RESP)) {
    513		hostap_rx_sta_beacon(local, skb, stype);
    514		return -1;
    515	} else if (type == IEEE80211_FTYPE_MGMT &&
    516		   (stype == IEEE80211_STYPE_ASSOC_RESP ||
    517		    stype == IEEE80211_STYPE_REASSOC_RESP)) {
    518		/* Ignore (Re)AssocResp silently since these are not currently
    519		 * needed but are still received when WPA/RSN mode is enabled.
    520		 */
    521		return -1;
    522	} else {
    523		printk(KERN_DEBUG "%s: hostap_rx_frame_mgmt: dropped unhandled"
    524		       " management frame in non-Host AP mode (type=%d:%d)\n",
    525		       skb->dev->name, type >> 2, stype >> 4);
    526		return -1;
    527	}
    528}
    529
    530
    531/* Called only as a tasklet (software IRQ) */
    532static struct net_device *prism2_rx_get_wds(local_info_t *local,
    533						   u8 *addr)
    534{
    535	struct hostap_interface *iface = NULL;
    536	struct list_head *ptr;
    537
    538	read_lock_bh(&local->iface_lock);
    539	list_for_each(ptr, &local->hostap_interfaces) {
    540		iface = list_entry(ptr, struct hostap_interface, list);
    541		if (iface->type == HOSTAP_INTERFACE_WDS &&
    542		    memcmp(iface->u.wds.remote_addr, addr, ETH_ALEN) == 0)
    543			break;
    544		iface = NULL;
    545	}
    546	read_unlock_bh(&local->iface_lock);
    547
    548	return iface ? iface->dev : NULL;
    549}
    550
    551
    552static int
    553hostap_rx_frame_wds(local_info_t *local, struct ieee80211_hdr *hdr, u16 fc,
    554		    struct net_device **wds)
    555{
    556	/* FIX: is this really supposed to accept WDS frames only in Master
    557	 * mode? What about Repeater or Managed with WDS frames? */
    558	if ((fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) !=
    559	    (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS) &&
    560	    (local->iw_mode != IW_MODE_MASTER || !(fc & IEEE80211_FCTL_TODS)))
    561		return 0; /* not a WDS frame */
    562
    563	/* Possible WDS frame: either IEEE 802.11 compliant (if FromDS)
    564	 * or own non-standard frame with 4th address after payload */
    565	if (!ether_addr_equal(hdr->addr1, local->dev->dev_addr) &&
    566	    (hdr->addr1[0] != 0xff || hdr->addr1[1] != 0xff ||
    567	     hdr->addr1[2] != 0xff || hdr->addr1[3] != 0xff ||
    568	     hdr->addr1[4] != 0xff || hdr->addr1[5] != 0xff)) {
    569		/* RA (or BSSID) is not ours - drop */
    570		PDEBUG(DEBUG_EXTRA2, "%s: received WDS frame with "
    571		       "not own or broadcast %s=%pM\n",
    572		       local->dev->name,
    573		       fc & IEEE80211_FCTL_FROMDS ? "RA" : "BSSID",
    574		       hdr->addr1);
    575		return -1;
    576	}
    577
    578	/* check if the frame came from a registered WDS connection */
    579	*wds = prism2_rx_get_wds(local, hdr->addr2);
    580	if (*wds == NULL && fc & IEEE80211_FCTL_FROMDS &&
    581	    (local->iw_mode != IW_MODE_INFRA ||
    582	     !(local->wds_type & HOSTAP_WDS_AP_CLIENT) ||
    583	     memcmp(hdr->addr2, local->bssid, ETH_ALEN) != 0)) {
    584		/* require that WDS link has been registered with TA or the
    585		 * frame is from current AP when using 'AP client mode' */
    586		PDEBUG(DEBUG_EXTRA, "%s: received WDS[4 addr] frame "
    587		       "from unknown TA=%pM\n",
    588		       local->dev->name, hdr->addr2);
    589		if (local->ap && local->ap->autom_ap_wds)
    590			hostap_wds_link_oper(local, hdr->addr2, WDS_ADD);
    591		return -1;
    592	}
    593
    594	if (*wds && !(fc & IEEE80211_FCTL_FROMDS) && local->ap &&
    595	    hostap_is_sta_assoc(local->ap, hdr->addr2)) {
    596		/* STA is actually associated with us even though it has a
    597		 * registered WDS link. Assume it is in 'AP client' mode.
    598		 * Since this is a 3-addr frame, assume it is not (bogus) WDS
    599		 * frame and process it like any normal ToDS frame from
    600		 * associated STA. */
    601		*wds = NULL;
    602	}
    603
    604	return 0;
    605}
    606
    607
    608static int hostap_is_eapol_frame(local_info_t *local, struct sk_buff *skb)
    609{
    610	struct net_device *dev = local->dev;
    611	u16 fc, ethertype;
    612	struct ieee80211_hdr *hdr;
    613	u8 *pos;
    614
    615	if (skb->len < 24)
    616		return 0;
    617
    618	hdr = (struct ieee80211_hdr *) skb->data;
    619	fc = le16_to_cpu(hdr->frame_control);
    620
    621	/* check that the frame is unicast frame to us */
    622	if ((fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) ==
    623	    IEEE80211_FCTL_TODS &&
    624	    ether_addr_equal(hdr->addr1, dev->dev_addr) &&
    625	    ether_addr_equal(hdr->addr3, dev->dev_addr)) {
    626		/* ToDS frame with own addr BSSID and DA */
    627	} else if ((fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) ==
    628		   IEEE80211_FCTL_FROMDS &&
    629		   ether_addr_equal(hdr->addr1, dev->dev_addr)) {
    630		/* FromDS frame with own addr as DA */
    631	} else
    632		return 0;
    633
    634	if (skb->len < 24 + 8)
    635		return 0;
    636
    637	/* check for port access entity Ethernet type */
    638	pos = skb->data + 24;
    639	ethertype = (pos[6] << 8) | pos[7];
    640	if (ethertype == ETH_P_PAE)
    641		return 1;
    642
    643	return 0;
    644}
    645
    646
    647/* Called only as a tasklet (software IRQ) */
    648static int
    649hostap_rx_frame_decrypt(local_info_t *local, struct sk_buff *skb,
    650			struct lib80211_crypt_data *crypt)
    651{
    652	struct ieee80211_hdr *hdr;
    653	int res, hdrlen;
    654
    655	if (crypt == NULL || crypt->ops->decrypt_mpdu == NULL)
    656		return 0;
    657
    658	hdr = (struct ieee80211_hdr *) skb->data;
    659	hdrlen = hostap_80211_get_hdrlen(hdr->frame_control);
    660
    661	if (local->tkip_countermeasures &&
    662	    strcmp(crypt->ops->name, "TKIP") == 0) {
    663		if (net_ratelimit()) {
    664			printk(KERN_DEBUG "%s: TKIP countermeasures: dropped "
    665			       "received packet from %pM\n",
    666			       local->dev->name, hdr->addr2);
    667		}
    668		return -1;
    669	}
    670
    671	atomic_inc(&crypt->refcnt);
    672	res = crypt->ops->decrypt_mpdu(skb, hdrlen, crypt->priv);
    673	atomic_dec(&crypt->refcnt);
    674	if (res < 0) {
    675		printk(KERN_DEBUG "%s: decryption failed (SA=%pM) res=%d\n",
    676		       local->dev->name, hdr->addr2, res);
    677		local->comm_tallies.rx_discards_wep_undecryptable++;
    678		return -1;
    679	}
    680
    681	return res;
    682}
    683
    684
    685/* Called only as a tasklet (software IRQ) */
    686static int
    687hostap_rx_frame_decrypt_msdu(local_info_t *local, struct sk_buff *skb,
    688			     int keyidx, struct lib80211_crypt_data *crypt)
    689{
    690	struct ieee80211_hdr *hdr;
    691	int res, hdrlen;
    692
    693	if (crypt == NULL || crypt->ops->decrypt_msdu == NULL)
    694		return 0;
    695
    696	hdr = (struct ieee80211_hdr *) skb->data;
    697	hdrlen = hostap_80211_get_hdrlen(hdr->frame_control);
    698
    699	atomic_inc(&crypt->refcnt);
    700	res = crypt->ops->decrypt_msdu(skb, keyidx, hdrlen, crypt->priv);
    701	atomic_dec(&crypt->refcnt);
    702	if (res < 0) {
    703		printk(KERN_DEBUG "%s: MSDU decryption/MIC verification failed"
    704		       " (SA=%pM keyidx=%d)\n",
    705		       local->dev->name, hdr->addr2, keyidx);
    706		return -1;
    707	}
    708
    709	return 0;
    710}
    711
    712
    713/* All received frames are sent to this function. @skb contains the frame in
    714 * IEEE 802.11 format, i.e., in the format it was sent over air.
    715 * This function is called only as a tasklet (software IRQ). */
    716void hostap_80211_rx(struct net_device *dev, struct sk_buff *skb,
    717		     struct hostap_80211_rx_status *rx_stats)
    718{
    719	struct hostap_interface *iface;
    720	local_info_t *local;
    721	struct ieee80211_hdr *hdr;
    722	size_t hdrlen;
    723	u16 fc, type, stype, sc;
    724	struct net_device *wds = NULL;
    725	unsigned int frag;
    726	u8 *payload;
    727	struct sk_buff *skb2 = NULL;
    728	u16 ethertype;
    729	int frame_authorized = 0;
    730	int from_assoc_ap = 0;
    731	u8 dst[ETH_ALEN];
    732	u8 src[ETH_ALEN];
    733	struct lib80211_crypt_data *crypt = NULL;
    734	void *sta = NULL;
    735	int keyidx = 0;
    736
    737	iface = netdev_priv(dev);
    738	local = iface->local;
    739	iface->stats.rx_packets++;
    740	iface->stats.rx_bytes += skb->len;
    741
    742	/* dev is the master radio device; change this to be the default
    743	 * virtual interface (this may be changed to WDS device below) */
    744	dev = local->ddev;
    745	iface = netdev_priv(dev);
    746
    747	hdr = (struct ieee80211_hdr *) skb->data;
    748
    749	if (skb->len < 10)
    750		goto rx_dropped;
    751
    752	fc = le16_to_cpu(hdr->frame_control);
    753	type = fc & IEEE80211_FCTL_FTYPE;
    754	stype = fc & IEEE80211_FCTL_STYPE;
    755	sc = le16_to_cpu(hdr->seq_ctrl);
    756	frag = sc & IEEE80211_SCTL_FRAG;
    757	hdrlen = hostap_80211_get_hdrlen(hdr->frame_control);
    758
    759	/* Put this code here so that we avoid duplicating it in all
    760	 * Rx paths. - Jean II */
    761#ifdef IW_WIRELESS_SPY		/* defined in iw_handler.h */
    762	/* If spy monitoring on */
    763	if (iface->spy_data.spy_number > 0) {
    764		struct iw_quality wstats;
    765		wstats.level = rx_stats->signal;
    766		wstats.noise = rx_stats->noise;
    767		wstats.updated = IW_QUAL_LEVEL_UPDATED | IW_QUAL_NOISE_UPDATED
    768			| IW_QUAL_QUAL_INVALID | IW_QUAL_DBM;
    769		/* Update spy records */
    770		wireless_spy_update(dev, hdr->addr2, &wstats);
    771	}
    772#endif /* IW_WIRELESS_SPY */
    773	hostap_update_rx_stats(local->ap, hdr, rx_stats);
    774
    775	if (local->iw_mode == IW_MODE_MONITOR) {
    776		monitor_rx(dev, skb, rx_stats);
    777		return;
    778	}
    779
    780	if (local->host_decrypt) {
    781		int idx = 0;
    782		if (skb->len >= hdrlen + 3)
    783			idx = skb->data[hdrlen + 3] >> 6;
    784		crypt = local->crypt_info.crypt[idx];
    785		sta = NULL;
    786
    787		/* Use station specific key to override default keys if the
    788		 * receiver address is a unicast address ("individual RA"). If
    789		 * bcrx_sta_key parameter is set, station specific key is used
    790		 * even with broad/multicast targets (this is against IEEE
    791		 * 802.11, but makes it easier to use different keys with
    792		 * stations that do not support WEP key mapping). */
    793
    794		if (!(hdr->addr1[0] & 0x01) || local->bcrx_sta_key)
    795			(void) hostap_handle_sta_crypto(local, hdr, &crypt,
    796							&sta);
    797
    798		/* allow NULL decrypt to indicate an station specific override
    799		 * for default encryption */
    800		if (crypt && (crypt->ops == NULL ||
    801			      crypt->ops->decrypt_mpdu == NULL))
    802			crypt = NULL;
    803
    804		if (!crypt && (fc & IEEE80211_FCTL_PROTECTED)) {
    805#if 0
    806			/* This seems to be triggered by some (multicast?)
    807			 * frames from other than current BSS, so just drop the
    808			 * frames silently instead of filling system log with
    809			 * these reports. */
    810			printk(KERN_DEBUG "%s: WEP decryption failed (not set)"
    811			       " (SA=%pM)\n",
    812			       local->dev->name, hdr->addr2);
    813#endif
    814			local->comm_tallies.rx_discards_wep_undecryptable++;
    815			goto rx_dropped;
    816		}
    817	}
    818
    819	if (type != IEEE80211_FTYPE_DATA) {
    820		if (type == IEEE80211_FTYPE_MGMT &&
    821		    stype == IEEE80211_STYPE_AUTH &&
    822		    fc & IEEE80211_FCTL_PROTECTED && local->host_decrypt &&
    823		    (keyidx = hostap_rx_frame_decrypt(local, skb, crypt)) < 0)
    824		{
    825			printk(KERN_DEBUG "%s: failed to decrypt mgmt::auth "
    826			       "from %pM\n", dev->name, hdr->addr2);
    827			/* TODO: could inform hostapd about this so that it
    828			 * could send auth failure report */
    829			goto rx_dropped;
    830		}
    831
    832		if (hostap_rx_frame_mgmt(local, skb, rx_stats, type, stype))
    833			goto rx_dropped;
    834		else
    835			goto rx_exit;
    836	}
    837
    838	/* Data frame - extract src/dst addresses */
    839	if (skb->len < IEEE80211_DATA_HDR3_LEN)
    840		goto rx_dropped;
    841
    842	switch (fc & (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) {
    843	case IEEE80211_FCTL_FROMDS:
    844		memcpy(dst, hdr->addr1, ETH_ALEN);
    845		memcpy(src, hdr->addr3, ETH_ALEN);
    846		break;
    847	case IEEE80211_FCTL_TODS:
    848		memcpy(dst, hdr->addr3, ETH_ALEN);
    849		memcpy(src, hdr->addr2, ETH_ALEN);
    850		break;
    851	case IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS:
    852		if (skb->len < IEEE80211_DATA_HDR4_LEN)
    853			goto rx_dropped;
    854		memcpy(dst, hdr->addr3, ETH_ALEN);
    855		memcpy(src, hdr->addr4, ETH_ALEN);
    856		break;
    857	default:
    858		memcpy(dst, hdr->addr1, ETH_ALEN);
    859		memcpy(src, hdr->addr2, ETH_ALEN);
    860		break;
    861	}
    862
    863	if (hostap_rx_frame_wds(local, hdr, fc, &wds))
    864		goto rx_dropped;
    865	if (wds)
    866		skb->dev = dev = wds;
    867
    868	if (local->iw_mode == IW_MODE_MASTER && !wds &&
    869	    (fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) ==
    870	    IEEE80211_FCTL_FROMDS &&
    871	    local->stadev &&
    872	    memcmp(hdr->addr2, local->assoc_ap_addr, ETH_ALEN) == 0) {
    873		/* Frame from BSSID of the AP for which we are a client */
    874		skb->dev = dev = local->stadev;
    875		from_assoc_ap = 1;
    876	}
    877
    878	if ((local->iw_mode == IW_MODE_MASTER ||
    879	     local->iw_mode == IW_MODE_REPEAT) &&
    880	    !from_assoc_ap) {
    881		switch (hostap_handle_sta_rx(local, dev, skb, rx_stats,
    882					     wds != NULL)) {
    883		case AP_RX_CONTINUE_NOT_AUTHORIZED:
    884			frame_authorized = 0;
    885			break;
    886		case AP_RX_CONTINUE:
    887			frame_authorized = 1;
    888			break;
    889		case AP_RX_DROP:
    890			goto rx_dropped;
    891		case AP_RX_EXIT:
    892			goto rx_exit;
    893		}
    894	}
    895
    896	/* Nullfunc frames may have PS-bit set, so they must be passed to
    897	 * hostap_handle_sta_rx() before being dropped here. */
    898	if (stype != IEEE80211_STYPE_DATA &&
    899	    stype != IEEE80211_STYPE_DATA_CFACK &&
    900	    stype != IEEE80211_STYPE_DATA_CFPOLL &&
    901	    stype != IEEE80211_STYPE_DATA_CFACKPOLL) {
    902		if (stype != IEEE80211_STYPE_NULLFUNC)
    903			printk(KERN_DEBUG "%s: RX: dropped data frame "
    904			       "with no data (type=0x%02x, subtype=0x%02x)\n",
    905			       dev->name, type >> 2, stype >> 4);
    906		goto rx_dropped;
    907	}
    908
    909	/* skb: hdr + (possibly fragmented, possibly encrypted) payload */
    910
    911	if (local->host_decrypt && (fc & IEEE80211_FCTL_PROTECTED) &&
    912	    (keyidx = hostap_rx_frame_decrypt(local, skb, crypt)) < 0)
    913		goto rx_dropped;
    914	hdr = (struct ieee80211_hdr *) skb->data;
    915
    916	/* skb: hdr + (possibly fragmented) plaintext payload */
    917
    918	if (local->host_decrypt && (fc & IEEE80211_FCTL_PROTECTED) &&
    919	    (frag != 0 || (fc & IEEE80211_FCTL_MOREFRAGS))) {
    920		int flen;
    921		struct sk_buff *frag_skb =
    922			prism2_frag_cache_get(local, hdr);
    923		if (!frag_skb) {
    924			printk(KERN_DEBUG "%s: Rx cannot get skb from "
    925			       "fragment cache (morefrag=%d seq=%u frag=%u)\n",
    926			       dev->name, (fc & IEEE80211_FCTL_MOREFRAGS) != 0,
    927			       (sc & IEEE80211_SCTL_SEQ) >> 4, frag);
    928			goto rx_dropped;
    929		}
    930
    931		flen = skb->len;
    932		if (frag != 0)
    933			flen -= hdrlen;
    934
    935		if (frag_skb->tail + flen > frag_skb->end) {
    936			printk(KERN_WARNING "%s: host decrypted and "
    937			       "reassembled frame did not fit skb\n",
    938			       dev->name);
    939			prism2_frag_cache_invalidate(local, hdr);
    940			goto rx_dropped;
    941		}
    942
    943		if (frag == 0) {
    944			/* copy first fragment (including full headers) into
    945			 * beginning of the fragment cache skb */
    946			skb_copy_from_linear_data(skb, skb_put(frag_skb, flen),
    947						  flen);
    948		} else {
    949			/* append frame payload to the end of the fragment
    950			 * cache skb */
    951			skb_copy_from_linear_data_offset(skb, hdrlen,
    952							 skb_put(frag_skb,
    953								 flen), flen);
    954		}
    955		dev_kfree_skb(skb);
    956		skb = NULL;
    957
    958		if (fc & IEEE80211_FCTL_MOREFRAGS) {
    959			/* more fragments expected - leave the skb in fragment
    960			 * cache for now; it will be delivered to upper layers
    961			 * after all fragments have been received */
    962			goto rx_exit;
    963		}
    964
    965		/* this was the last fragment and the frame will be
    966		 * delivered, so remove skb from fragment cache */
    967		skb = frag_skb;
    968		hdr = (struct ieee80211_hdr *) skb->data;
    969		prism2_frag_cache_invalidate(local, hdr);
    970	}
    971
    972	/* skb: hdr + (possible reassembled) full MSDU payload; possibly still
    973	 * encrypted/authenticated */
    974
    975	if (local->host_decrypt && (fc & IEEE80211_FCTL_PROTECTED) &&
    976	    hostap_rx_frame_decrypt_msdu(local, skb, keyidx, crypt))
    977		goto rx_dropped;
    978
    979	hdr = (struct ieee80211_hdr *) skb->data;
    980	if (crypt && !(fc & IEEE80211_FCTL_PROTECTED) && !local->open_wep) {
    981		if (local->ieee_802_1x &&
    982		    hostap_is_eapol_frame(local, skb)) {
    983			/* pass unencrypted EAPOL frames even if encryption is
    984			 * configured */
    985			PDEBUG(DEBUG_EXTRA2, "%s: RX: IEEE 802.1X - passing "
    986			       "unencrypted EAPOL frame\n", local->dev->name);
    987		} else {
    988			printk(KERN_DEBUG "%s: encryption configured, but RX "
    989			       "frame not encrypted (SA=%pM)\n",
    990			       local->dev->name, hdr->addr2);
    991			goto rx_dropped;
    992		}
    993	}
    994
    995	if (local->drop_unencrypted && !(fc & IEEE80211_FCTL_PROTECTED) &&
    996	    !hostap_is_eapol_frame(local, skb)) {
    997		if (net_ratelimit()) {
    998			printk(KERN_DEBUG "%s: dropped unencrypted RX data "
    999			       "frame from %pM (drop_unencrypted=1)\n",
   1000			       dev->name, hdr->addr2);
   1001		}
   1002		goto rx_dropped;
   1003	}
   1004
   1005	/* skb: hdr + (possible reassembled) full plaintext payload */
   1006
   1007	payload = skb->data + hdrlen;
   1008	ethertype = (payload[6] << 8) | payload[7];
   1009
   1010	/* If IEEE 802.1X is used, check whether the port is authorized to send
   1011	 * the received frame. */
   1012	if (local->ieee_802_1x && local->iw_mode == IW_MODE_MASTER) {
   1013		if (ethertype == ETH_P_PAE) {
   1014			PDEBUG(DEBUG_EXTRA2, "%s: RX: IEEE 802.1X frame\n",
   1015			       dev->name);
   1016			if (local->hostapd && local->apdev) {
   1017				/* Send IEEE 802.1X frames to the user
   1018				 * space daemon for processing */
   1019				prism2_rx_80211(local->apdev, skb, rx_stats,
   1020						PRISM2_RX_MGMT);
   1021				local->apdevstats.rx_packets++;
   1022				local->apdevstats.rx_bytes += skb->len;
   1023				goto rx_exit;
   1024			}
   1025		} else if (!frame_authorized) {
   1026			printk(KERN_DEBUG "%s: dropped frame from "
   1027			       "unauthorized port (IEEE 802.1X): "
   1028			       "ethertype=0x%04x\n",
   1029			       dev->name, ethertype);
   1030			goto rx_dropped;
   1031		}
   1032	}
   1033
   1034	/* convert hdr + possible LLC headers into Ethernet header */
   1035	if (skb->len - hdrlen >= 8 &&
   1036	    ((memcmp(payload, rfc1042_header, 6) == 0 &&
   1037	      ethertype != ETH_P_AARP && ethertype != ETH_P_IPX) ||
   1038	     memcmp(payload, bridge_tunnel_header, 6) == 0)) {
   1039		/* remove RFC1042 or Bridge-Tunnel encapsulation and
   1040		 * replace EtherType */
   1041		skb_pull(skb, hdrlen + 6);
   1042		memcpy(skb_push(skb, ETH_ALEN), src, ETH_ALEN);
   1043		memcpy(skb_push(skb, ETH_ALEN), dst, ETH_ALEN);
   1044	} else {
   1045		__be16 len;
   1046		/* Leave Ethernet header part of hdr and full payload */
   1047		skb_pull(skb, hdrlen);
   1048		len = htons(skb->len);
   1049		memcpy(skb_push(skb, 2), &len, 2);
   1050		memcpy(skb_push(skb, ETH_ALEN), src, ETH_ALEN);
   1051		memcpy(skb_push(skb, ETH_ALEN), dst, ETH_ALEN);
   1052	}
   1053
   1054	if (wds && ((fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) ==
   1055		    IEEE80211_FCTL_TODS) &&
   1056	    skb->len >= ETH_HLEN + ETH_ALEN) {
   1057		/* Non-standard frame: get addr4 from its bogus location after
   1058		 * the payload */
   1059		skb_copy_from_linear_data_offset(skb, skb->len - ETH_ALEN,
   1060						 skb->data + ETH_ALEN,
   1061						 ETH_ALEN);
   1062		skb_trim(skb, skb->len - ETH_ALEN);
   1063	}
   1064
   1065	dev->stats.rx_packets++;
   1066	dev->stats.rx_bytes += skb->len;
   1067
   1068	if (local->iw_mode == IW_MODE_MASTER && !wds &&
   1069	    local->ap->bridge_packets) {
   1070		if (dst[0] & 0x01) {
   1071			/* copy multicast frame both to the higher layers and
   1072			 * to the wireless media */
   1073			local->ap->bridged_multicast++;
   1074			skb2 = skb_clone(skb, GFP_ATOMIC);
   1075			if (skb2 == NULL)
   1076				printk(KERN_DEBUG "%s: skb_clone failed for "
   1077				       "multicast frame\n", dev->name);
   1078		} else if (hostap_is_sta_authorized(local->ap, dst)) {
   1079			/* send frame directly to the associated STA using
   1080			 * wireless media and not passing to higher layers */
   1081			local->ap->bridged_unicast++;
   1082			skb2 = skb;
   1083			skb = NULL;
   1084		}
   1085	}
   1086
   1087	if (skb2 != NULL) {
   1088		/* send to wireless media */
   1089		skb2->dev = dev;
   1090		skb2->protocol = cpu_to_be16(ETH_P_802_3);
   1091		skb_reset_mac_header(skb2);
   1092		skb_reset_network_header(skb2);
   1093		/* skb2->network_header += ETH_HLEN; */
   1094		dev_queue_xmit(skb2);
   1095	}
   1096
   1097	if (skb) {
   1098		skb->protocol = eth_type_trans(skb, dev);
   1099		memset(skb->cb, 0, sizeof(skb->cb));
   1100		netif_rx(skb);
   1101	}
   1102
   1103 rx_exit:
   1104	if (sta)
   1105		hostap_handle_sta_release(sta);
   1106	return;
   1107
   1108 rx_dropped:
   1109	dev_kfree_skb(skb);
   1110
   1111	dev->stats.rx_dropped++;
   1112	goto rx_exit;
   1113}
   1114
   1115
   1116EXPORT_SYMBOL(hostap_80211_rx);