rtllib_rx.c (79411B)
1// SPDX-License-Identifier: GPL-2.0 2/* 3 * Original code based Host AP (software wireless LAN access point) driver 4 * for Intersil Prism2/2.5/3 - hostap.o module, common routines 5 * 6 * Copyright (c) 2001-2002, SSH Communications Security Corp and Jouni Malinen 7 * <jkmaline@cc.hut.fi> 8 * Copyright (c) 2002-2003, Jouni Malinen <jkmaline@cc.hut.fi> 9 * Copyright (c) 2004, Intel Corporation 10 * 11 * Few modifications for Realtek's Wi-Fi drivers by 12 * Andrea Merello <andrea.merello@gmail.com> 13 * 14 * A special thanks goes to Realtek for their support ! 15 */ 16#include <linux/compiler.h> 17#include <linux/errno.h> 18#include <linux/if_arp.h> 19#include <linux/in6.h> 20#include <linux/in.h> 21#include <linux/ip.h> 22#include <linux/kernel.h> 23#include <linux/module.h> 24#include <linux/netdevice.h> 25#include <linux/pci.h> 26#include <linux/proc_fs.h> 27#include <linux/skbuff.h> 28#include <linux/slab.h> 29#include <linux/tcp.h> 30#include <linux/types.h> 31#include <linux/wireless.h> 32#include <linux/etherdevice.h> 33#include <linux/uaccess.h> 34#include <linux/ctype.h> 35 36#include "rtllib.h" 37#include "dot11d.h" 38 39static void rtllib_rx_mgt(struct rtllib_device *ieee, struct sk_buff *skb, 40 struct rtllib_rx_stats *stats); 41 42static inline void rtllib_monitor_rx(struct rtllib_device *ieee, 43 struct sk_buff *skb, 44 struct rtllib_rx_stats *rx_status, 45 size_t hdr_length) 46{ 47 skb->dev = ieee->dev; 48 skb_reset_mac_header(skb); 49 skb_pull(skb, hdr_length); 50 skb->pkt_type = PACKET_OTHERHOST; 51 skb->protocol = htons(ETH_P_80211_RAW); 52 memset(skb->cb, 0, sizeof(skb->cb)); 53 netif_rx(skb); 54} 55 56/* Called only as a tasklet (software IRQ) */ 57static struct rtllib_frag_entry * 58rtllib_frag_cache_find(struct rtllib_device *ieee, unsigned int seq, 59 unsigned int frag, u8 tid, u8 *src, u8 *dst) 60{ 61 struct rtllib_frag_entry *entry; 62 int i; 63 64 for (i = 0; i < RTLLIB_FRAG_CACHE_LEN; i++) { 65 entry = &ieee->frag_cache[tid][i]; 66 if (entry->skb != NULL && 67 time_after(jiffies, entry->first_frag_time + 2 * HZ)) { 68 netdev_dbg(ieee->dev, 69 "expiring fragment cache entry seq=%u last_frag=%u\n", 70 entry->seq, entry->last_frag); 71 dev_kfree_skb_any(entry->skb); 72 entry->skb = NULL; 73 } 74 75 if (entry->skb != NULL && entry->seq == seq && 76 (entry->last_frag + 1 == frag || frag == -1) && 77 memcmp(entry->src_addr, src, ETH_ALEN) == 0 && 78 memcmp(entry->dst_addr, dst, ETH_ALEN) == 0) 79 return entry; 80 } 81 82 return NULL; 83} 84 85/* Called only as a tasklet (software IRQ) */ 86static struct sk_buff * 87rtllib_frag_cache_get(struct rtllib_device *ieee, 88 struct rtllib_hdr_4addr *hdr) 89{ 90 struct sk_buff *skb = NULL; 91 u16 fc = le16_to_cpu(hdr->frame_ctl); 92 u16 sc = le16_to_cpu(hdr->seq_ctl); 93 unsigned int frag = WLAN_GET_SEQ_FRAG(sc); 94 unsigned int seq = WLAN_GET_SEQ_SEQ(sc); 95 struct rtllib_frag_entry *entry; 96 struct rtllib_hdr_3addrqos *hdr_3addrqos; 97 struct rtllib_hdr_4addrqos *hdr_4addrqos; 98 u8 tid; 99 100 if (((fc & RTLLIB_FCTL_DSTODS) == RTLLIB_FCTL_DSTODS) && 101 RTLLIB_QOS_HAS_SEQ(fc)) { 102 hdr_4addrqos = (struct rtllib_hdr_4addrqos *)hdr; 103 tid = le16_to_cpu(hdr_4addrqos->qos_ctl) & RTLLIB_QCTL_TID; 104 tid = UP2AC(tid); 105 tid++; 106 } else if (RTLLIB_QOS_HAS_SEQ(fc)) { 107 hdr_3addrqos = (struct rtllib_hdr_3addrqos *)hdr; 108 tid = le16_to_cpu(hdr_3addrqos->qos_ctl) & RTLLIB_QCTL_TID; 109 tid = UP2AC(tid); 110 tid++; 111 } else { 112 tid = 0; 113 } 114 115 if (frag == 0) { 116 /* Reserve enough space to fit maximum frame length */ 117 skb = dev_alloc_skb(ieee->dev->mtu + 118 sizeof(struct rtllib_hdr_4addr) + 119 8 /* LLC */ + 120 2 /* alignment */ + 121 8 /* WEP */ + 122 ETH_ALEN /* WDS */ + 123 /* QOS Control */ 124 (RTLLIB_QOS_HAS_SEQ(fc) ? 2 : 0)); 125 if (!skb) 126 return NULL; 127 128 entry = &ieee->frag_cache[tid][ieee->frag_next_idx[tid]]; 129 ieee->frag_next_idx[tid]++; 130 if (ieee->frag_next_idx[tid] >= RTLLIB_FRAG_CACHE_LEN) 131 ieee->frag_next_idx[tid] = 0; 132 133 if (entry->skb != NULL) 134 dev_kfree_skb_any(entry->skb); 135 136 entry->first_frag_time = jiffies; 137 entry->seq = seq; 138 entry->last_frag = frag; 139 entry->skb = skb; 140 ether_addr_copy(entry->src_addr, hdr->addr2); 141 ether_addr_copy(entry->dst_addr, hdr->addr1); 142 } else { 143 /* received a fragment of a frame for which the head fragment 144 * should have already been received 145 */ 146 entry = rtllib_frag_cache_find(ieee, seq, frag, tid, hdr->addr2, 147 hdr->addr1); 148 if (entry != NULL) { 149 entry->last_frag = frag; 150 skb = entry->skb; 151 } 152 } 153 154 return skb; 155} 156 157 158/* Called only as a tasklet (software IRQ) */ 159static int rtllib_frag_cache_invalidate(struct rtllib_device *ieee, 160 struct rtllib_hdr_4addr *hdr) 161{ 162 u16 fc = le16_to_cpu(hdr->frame_ctl); 163 u16 sc = le16_to_cpu(hdr->seq_ctl); 164 unsigned int seq = WLAN_GET_SEQ_SEQ(sc); 165 struct rtllib_frag_entry *entry; 166 struct rtllib_hdr_3addrqos *hdr_3addrqos; 167 struct rtllib_hdr_4addrqos *hdr_4addrqos; 168 u8 tid; 169 170 if (((fc & RTLLIB_FCTL_DSTODS) == RTLLIB_FCTL_DSTODS) && 171 RTLLIB_QOS_HAS_SEQ(fc)) { 172 hdr_4addrqos = (struct rtllib_hdr_4addrqos *)hdr; 173 tid = le16_to_cpu(hdr_4addrqos->qos_ctl) & RTLLIB_QCTL_TID; 174 tid = UP2AC(tid); 175 tid++; 176 } else if (RTLLIB_QOS_HAS_SEQ(fc)) { 177 hdr_3addrqos = (struct rtllib_hdr_3addrqos *)hdr; 178 tid = le16_to_cpu(hdr_3addrqos->qos_ctl) & RTLLIB_QCTL_TID; 179 tid = UP2AC(tid); 180 tid++; 181 } else { 182 tid = 0; 183 } 184 185 entry = rtllib_frag_cache_find(ieee, seq, -1, tid, hdr->addr2, 186 hdr->addr1); 187 188 if (entry == NULL) { 189 netdev_dbg(ieee->dev, 190 "Couldn't invalidate fragment cache entry (seq=%u)\n", 191 seq); 192 return -1; 193 } 194 195 entry->skb = NULL; 196 return 0; 197} 198 199/* rtllib_rx_frame_mgtmt 200 * 201 * Responsible for handling management control frames 202 * 203 * Called by rtllib_rx 204 */ 205static inline int 206rtllib_rx_frame_mgmt(struct rtllib_device *ieee, struct sk_buff *skb, 207 struct rtllib_rx_stats *rx_stats, u16 type, 208 u16 stype) 209{ 210 /* On the struct stats definition there is written that 211 * this is not mandatory.... but seems that the probe 212 * response parser uses it 213 */ 214 struct rtllib_hdr_3addr *hdr = (struct rtllib_hdr_3addr *)skb->data; 215 216 rx_stats->len = skb->len; 217 rtllib_rx_mgt(ieee, skb, rx_stats); 218 if ((memcmp(hdr->addr1, ieee->dev->dev_addr, ETH_ALEN))) { 219 dev_kfree_skb_any(skb); 220 return 0; 221 } 222 rtllib_rx_frame_softmac(ieee, skb, rx_stats, type, stype); 223 224 dev_kfree_skb_any(skb); 225 226 return 0; 227} 228 229/* See IEEE 802.1H for LLC/SNAP encapsulation/decapsulation 230 * Ethernet-II snap header (RFC1042 for most EtherTypes) 231 */ 232static unsigned char rfc1042_header[] = { 233 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 234}; 235/* Bridge-Tunnel header (for EtherTypes ETH_P_AARP and ETH_P_IPX) */ 236static unsigned char bridge_tunnel_header[] = { 237 0xaa, 0xaa, 0x03, 0x00, 0x00, 0xf8 238}; 239/* No encapsulation header if EtherType < 0x600 (=length) */ 240 241/* Called by rtllib_rx_frame_decrypt */ 242static int rtllib_is_eapol_frame(struct rtllib_device *ieee, 243 struct sk_buff *skb, size_t hdrlen) 244{ 245 struct net_device *dev = ieee->dev; 246 u16 fc, ethertype; 247 struct rtllib_hdr_4addr *hdr; 248 u8 *pos; 249 250 if (skb->len < 24) 251 return 0; 252 253 hdr = (struct rtllib_hdr_4addr *)skb->data; 254 fc = le16_to_cpu(hdr->frame_ctl); 255 256 /* check that the frame is unicast frame to us */ 257 if ((fc & (RTLLIB_FCTL_TODS | RTLLIB_FCTL_FROMDS)) == 258 RTLLIB_FCTL_TODS && 259 memcmp(hdr->addr1, dev->dev_addr, ETH_ALEN) == 0 && 260 memcmp(hdr->addr3, dev->dev_addr, ETH_ALEN) == 0) { 261 /* ToDS frame with own addr BSSID and DA */ 262 } else if ((fc & (RTLLIB_FCTL_TODS | RTLLIB_FCTL_FROMDS)) == 263 RTLLIB_FCTL_FROMDS && 264 memcmp(hdr->addr1, dev->dev_addr, ETH_ALEN) == 0) { 265 /* FromDS frame with own addr as DA */ 266 } else 267 return 0; 268 269 if (skb->len < 24 + 8) 270 return 0; 271 272 /* check for port access entity Ethernet type */ 273 pos = skb->data + hdrlen; 274 ethertype = (pos[6] << 8) | pos[7]; 275 if (ethertype == ETH_P_PAE) 276 return 1; 277 278 return 0; 279} 280 281/* Called only as a tasklet (software IRQ), by rtllib_rx */ 282static inline int 283rtllib_rx_frame_decrypt(struct rtllib_device *ieee, struct sk_buff *skb, 284 struct lib80211_crypt_data *crypt) 285{ 286 struct rtllib_hdr_4addr *hdr; 287 int res, hdrlen; 288 289 if (crypt == NULL || crypt->ops->decrypt_mpdu == NULL) 290 return 0; 291 292 if (ieee->hwsec_active) { 293 struct cb_desc *tcb_desc = (struct cb_desc *) 294 (skb->cb + MAX_DEV_ADDR_SIZE); 295 296 tcb_desc->bHwSec = 1; 297 298 if (ieee->need_sw_enc) 299 tcb_desc->bHwSec = 0; 300 } 301 302 hdr = (struct rtllib_hdr_4addr *)skb->data; 303 hdrlen = rtllib_get_hdrlen(le16_to_cpu(hdr->frame_ctl)); 304 305 atomic_inc(&crypt->refcnt); 306 res = crypt->ops->decrypt_mpdu(skb, hdrlen, crypt->priv); 307 atomic_dec(&crypt->refcnt); 308 if (res < 0) { 309 netdev_dbg(ieee->dev, "decryption failed (SA= %pM) res=%d\n", 310 hdr->addr2, res); 311 if (res == -2) 312 netdev_dbg(ieee->dev, 313 "Decryption failed ICV mismatch (key %d)\n", 314 skb->data[hdrlen + 3] >> 6); 315 return -1; 316 } 317 318 return res; 319} 320 321 322/* Called only as a tasklet (software IRQ), by rtllib_rx */ 323static inline int 324rtllib_rx_frame_decrypt_msdu(struct rtllib_device *ieee, struct sk_buff *skb, 325 int keyidx, struct lib80211_crypt_data *crypt) 326{ 327 struct rtllib_hdr_4addr *hdr; 328 int res, hdrlen; 329 330 if (crypt == NULL || crypt->ops->decrypt_msdu == NULL) 331 return 0; 332 if (ieee->hwsec_active) { 333 struct cb_desc *tcb_desc = (struct cb_desc *) 334 (skb->cb + MAX_DEV_ADDR_SIZE); 335 336 tcb_desc->bHwSec = 1; 337 338 if (ieee->need_sw_enc) 339 tcb_desc->bHwSec = 0; 340 } 341 342 hdr = (struct rtllib_hdr_4addr *)skb->data; 343 hdrlen = rtllib_get_hdrlen(le16_to_cpu(hdr->frame_ctl)); 344 345 atomic_inc(&crypt->refcnt); 346 res = crypt->ops->decrypt_msdu(skb, keyidx, hdrlen, crypt->priv); 347 atomic_dec(&crypt->refcnt); 348 if (res < 0) { 349 netdev_dbg(ieee->dev, 350 "MSDU decryption/MIC verification failed (SA= %pM keyidx=%d)\n", 351 hdr->addr2, keyidx); 352 return -1; 353 } 354 355 return 0; 356} 357 358 359/* this function is stolen from ipw2200 driver*/ 360#define IEEE_PACKET_RETRY_TIME (5*HZ) 361static int is_duplicate_packet(struct rtllib_device *ieee, 362 struct rtllib_hdr_4addr *header) 363{ 364 u16 fc = le16_to_cpu(header->frame_ctl); 365 u16 sc = le16_to_cpu(header->seq_ctl); 366 u16 seq = WLAN_GET_SEQ_SEQ(sc); 367 u16 frag = WLAN_GET_SEQ_FRAG(sc); 368 u16 *last_seq, *last_frag; 369 unsigned long *last_time; 370 struct rtllib_hdr_3addrqos *hdr_3addrqos; 371 struct rtllib_hdr_4addrqos *hdr_4addrqos; 372 u8 tid; 373 374 if (((fc & RTLLIB_FCTL_DSTODS) == RTLLIB_FCTL_DSTODS) && 375 RTLLIB_QOS_HAS_SEQ(fc)) { 376 hdr_4addrqos = (struct rtllib_hdr_4addrqos *)header; 377 tid = le16_to_cpu(hdr_4addrqos->qos_ctl) & RTLLIB_QCTL_TID; 378 tid = UP2AC(tid); 379 tid++; 380 } else if (RTLLIB_QOS_HAS_SEQ(fc)) { 381 hdr_3addrqos = (struct rtllib_hdr_3addrqos *)header; 382 tid = le16_to_cpu(hdr_3addrqos->qos_ctl) & RTLLIB_QCTL_TID; 383 tid = UP2AC(tid); 384 tid++; 385 } else { 386 tid = 0; 387 } 388 389 switch (ieee->iw_mode) { 390 case IW_MODE_ADHOC: 391 { 392 struct list_head *p; 393 struct ieee_ibss_seq *entry = NULL; 394 u8 *mac = header->addr2; 395 int index = mac[5] % IEEE_IBSS_MAC_HASH_SIZE; 396 397 list_for_each(p, &ieee->ibss_mac_hash[index]) { 398 entry = list_entry(p, struct ieee_ibss_seq, list); 399 if (!memcmp(entry->mac, mac, ETH_ALEN)) 400 break; 401 } 402 if (p == &ieee->ibss_mac_hash[index]) { 403 entry = kmalloc(sizeof(struct ieee_ibss_seq), 404 GFP_ATOMIC); 405 if (!entry) 406 return 0; 407 408 ether_addr_copy(entry->mac, mac); 409 entry->seq_num[tid] = seq; 410 entry->frag_num[tid] = frag; 411 entry->packet_time[tid] = jiffies; 412 list_add(&entry->list, &ieee->ibss_mac_hash[index]); 413 return 0; 414 } 415 last_seq = &entry->seq_num[tid]; 416 last_frag = &entry->frag_num[tid]; 417 last_time = &entry->packet_time[tid]; 418 break; 419 } 420 421 case IW_MODE_INFRA: 422 last_seq = &ieee->last_rxseq_num[tid]; 423 last_frag = &ieee->last_rxfrag_num[tid]; 424 last_time = &ieee->last_packet_time[tid]; 425 break; 426 default: 427 return 0; 428 } 429 430 if ((*last_seq == seq) && 431 time_after(*last_time + IEEE_PACKET_RETRY_TIME, jiffies)) { 432 if (*last_frag == frag) 433 goto drop; 434 if (*last_frag + 1 != frag) 435 /* out-of-order fragment */ 436 goto drop; 437 } else 438 *last_seq = seq; 439 440 *last_frag = frag; 441 *last_time = jiffies; 442 return 0; 443 444drop: 445 446 return 1; 447} 448 449static bool AddReorderEntry(struct rx_ts_record *pTS, 450 struct rx_reorder_entry *pReorderEntry) 451{ 452 struct list_head *pList = &pTS->rx_pending_pkt_list; 453 454 while (pList->next != &pTS->rx_pending_pkt_list) { 455 if (SN_LESS(pReorderEntry->SeqNum, ((struct rx_reorder_entry *) 456 list_entry(pList->next, struct rx_reorder_entry, 457 List))->SeqNum)) 458 pList = pList->next; 459 else if (SN_EQUAL(pReorderEntry->SeqNum, 460 ((struct rx_reorder_entry *)list_entry(pList->next, 461 struct rx_reorder_entry, List))->SeqNum)) 462 return false; 463 else 464 break; 465 } 466 pReorderEntry->List.next = pList->next; 467 pReorderEntry->List.next->prev = &pReorderEntry->List; 468 pReorderEntry->List.prev = pList; 469 pList->next = &pReorderEntry->List; 470 471 return true; 472} 473 474void rtllib_indicate_packets(struct rtllib_device *ieee, 475 struct rtllib_rxb **prxbIndicateArray, u8 index) 476{ 477 struct net_device_stats *stats = &ieee->stats; 478 u8 i = 0, j = 0; 479 u16 ethertype; 480 481 for (j = 0; j < index; j++) { 482 struct rtllib_rxb *prxb = prxbIndicateArray[j]; 483 484 for (i = 0; i < prxb->nr_subframes; i++) { 485 struct sk_buff *sub_skb = prxb->subframes[i]; 486 487 /* convert hdr + possible LLC headers into Ethernet header */ 488 ethertype = (sub_skb->data[6] << 8) | sub_skb->data[7]; 489 if (sub_skb->len >= 8 && 490 ((memcmp(sub_skb->data, rfc1042_header, 491 SNAP_SIZE) == 0 && 492 ethertype != ETH_P_AARP && 493 ethertype != ETH_P_IPX) || 494 memcmp(sub_skb->data, bridge_tunnel_header, 495 SNAP_SIZE) == 0)) { 496 /* remove RFC1042 or Bridge-Tunnel encapsulation 497 * and replace EtherType 498 */ 499 skb_pull(sub_skb, SNAP_SIZE); 500 memcpy(skb_push(sub_skb, ETH_ALEN), prxb->src, ETH_ALEN); 501 memcpy(skb_push(sub_skb, ETH_ALEN), prxb->dst, ETH_ALEN); 502 } else { 503 u16 len; 504 /* Leave Ethernet header part of hdr and full payload */ 505 len = sub_skb->len; 506 memcpy(skb_push(sub_skb, 2), &len, 2); 507 memcpy(skb_push(sub_skb, ETH_ALEN), prxb->src, ETH_ALEN); 508 memcpy(skb_push(sub_skb, ETH_ALEN), prxb->dst, ETH_ALEN); 509 } 510 511 /* Indicate the packets to upper layer */ 512 if (sub_skb) { 513 stats->rx_packets++; 514 stats->rx_bytes += sub_skb->len; 515 516 memset(sub_skb->cb, 0, sizeof(sub_skb->cb)); 517 sub_skb->protocol = eth_type_trans(sub_skb, 518 ieee->dev); 519 sub_skb->dev = ieee->dev; 520 sub_skb->dev->stats.rx_packets++; 521 sub_skb->dev->stats.rx_bytes += sub_skb->len; 522 /* 802.11 crc not sufficient */ 523 sub_skb->ip_summed = CHECKSUM_NONE; 524 ieee->last_rx_ps_time = jiffies; 525 netif_rx(sub_skb); 526 } 527 } 528 kfree(prxb); 529 prxb = NULL; 530 } 531} 532 533void rtllib_FlushRxTsPendingPkts(struct rtllib_device *ieee, 534 struct rx_ts_record *pTS) 535{ 536 struct rx_reorder_entry *pRxReorderEntry; 537 u8 RfdCnt = 0; 538 539 del_timer_sync(&pTS->rx_pkt_pending_timer); 540 while (!list_empty(&pTS->rx_pending_pkt_list)) { 541 if (RfdCnt >= REORDER_WIN_SIZE) { 542 netdev_info(ieee->dev, 543 "-------------->%s() error! RfdCnt >= REORDER_WIN_SIZE\n", 544 __func__); 545 break; 546 } 547 548 pRxReorderEntry = (struct rx_reorder_entry *) 549 list_entry(pTS->rx_pending_pkt_list.prev, 550 struct rx_reorder_entry, List); 551 netdev_dbg(ieee->dev, "%s(): Indicate SeqNum %d!\n", __func__, 552 pRxReorderEntry->SeqNum); 553 list_del_init(&pRxReorderEntry->List); 554 555 ieee->RfdArray[RfdCnt] = pRxReorderEntry->prxb; 556 557 RfdCnt = RfdCnt + 1; 558 list_add_tail(&pRxReorderEntry->List, 559 &ieee->RxReorder_Unused_List); 560 } 561 rtllib_indicate_packets(ieee, ieee->RfdArray, RfdCnt); 562 563 pTS->rx_indicate_seq = 0xffff; 564} 565 566static void RxReorderIndicatePacket(struct rtllib_device *ieee, 567 struct rtllib_rxb *prxb, 568 struct rx_ts_record *pTS, u16 SeqNum) 569{ 570 struct rt_hi_throughput *pHTInfo = ieee->pHTInfo; 571 struct rx_reorder_entry *pReorderEntry = NULL; 572 u8 WinSize = pHTInfo->RxReorderWinSize; 573 u16 WinEnd = 0; 574 u8 index = 0; 575 bool bMatchWinStart = false, bPktInBuf = false; 576 unsigned long flags; 577 578 netdev_dbg(ieee->dev, 579 "%s(): Seq is %d, pTS->rx_indicate_seq is %d, WinSize is %d\n", 580 __func__, SeqNum, pTS->rx_indicate_seq, WinSize); 581 582 spin_lock_irqsave(&(ieee->reorder_spinlock), flags); 583 584 WinEnd = (pTS->rx_indicate_seq + WinSize - 1) % 4096; 585 /* Rx Reorder initialize condition.*/ 586 if (pTS->rx_indicate_seq == 0xffff) 587 pTS->rx_indicate_seq = SeqNum; 588 589 /* Drop out the packet which SeqNum is smaller than WinStart */ 590 if (SN_LESS(SeqNum, pTS->rx_indicate_seq)) { 591 netdev_dbg(ieee->dev, 592 "Packet Drop! IndicateSeq: %d, NewSeq: %d\n", 593 pTS->rx_indicate_seq, SeqNum); 594 pHTInfo->RxReorderDropCounter++; 595 { 596 int i; 597 598 for (i = 0; i < prxb->nr_subframes; i++) 599 dev_kfree_skb(prxb->subframes[i]); 600 kfree(prxb); 601 prxb = NULL; 602 } 603 spin_unlock_irqrestore(&(ieee->reorder_spinlock), flags); 604 return; 605 } 606 607 /* Sliding window manipulation. Conditions includes: 608 * 1. Incoming SeqNum is equal to WinStart =>Window shift 1 609 * 2. Incoming SeqNum is larger than the WinEnd => Window shift N 610 */ 611 if (SN_EQUAL(SeqNum, pTS->rx_indicate_seq)) { 612 pTS->rx_indicate_seq = (pTS->rx_indicate_seq + 1) % 4096; 613 bMatchWinStart = true; 614 } else if (SN_LESS(WinEnd, SeqNum)) { 615 if (SeqNum >= (WinSize - 1)) 616 pTS->rx_indicate_seq = SeqNum + 1 - WinSize; 617 else 618 pTS->rx_indicate_seq = 4095 - 619 (WinSize - (SeqNum + 1)) + 1; 620 netdev_dbg(ieee->dev, 621 "Window Shift! IndicateSeq: %d, NewSeq: %d\n", 622 pTS->rx_indicate_seq, SeqNum); 623 } 624 625 /* Indication process. 626 * After Packet dropping and Sliding Window shifting as above, we can 627 * now just indicate the packets with the SeqNum smaller than latest 628 * WinStart and struct buffer other packets. 629 * 630 * For Rx Reorder condition: 631 * 1. All packets with SeqNum smaller than WinStart => Indicate 632 * 2. All packets with SeqNum larger than or equal to 633 * WinStart => Buffer it. 634 */ 635 if (bMatchWinStart) { 636 /* Current packet is going to be indicated.*/ 637 netdev_dbg(ieee->dev, 638 "Packets indication! IndicateSeq: %d, NewSeq: %d\n", 639 pTS->rx_indicate_seq, SeqNum); 640 ieee->prxbIndicateArray[0] = prxb; 641 index = 1; 642 } else { 643 /* Current packet is going to be inserted into pending list.*/ 644 if (!list_empty(&ieee->RxReorder_Unused_List)) { 645 pReorderEntry = (struct rx_reorder_entry *) 646 list_entry(ieee->RxReorder_Unused_List.next, 647 struct rx_reorder_entry, List); 648 list_del_init(&pReorderEntry->List); 649 650 /* Make a reorder entry and insert 651 * into a the packet list. 652 */ 653 pReorderEntry->SeqNum = SeqNum; 654 pReorderEntry->prxb = prxb; 655 656 if (!AddReorderEntry(pTS, pReorderEntry)) { 657 int i; 658 659 netdev_dbg(ieee->dev, 660 "%s(): Duplicate packet is dropped. IndicateSeq: %d, NewSeq: %d\n", 661 __func__, pTS->rx_indicate_seq, 662 SeqNum); 663 list_add_tail(&pReorderEntry->List, 664 &ieee->RxReorder_Unused_List); 665 666 for (i = 0; i < prxb->nr_subframes; i++) 667 dev_kfree_skb(prxb->subframes[i]); 668 kfree(prxb); 669 prxb = NULL; 670 } else { 671 netdev_dbg(ieee->dev, 672 "Pkt insert into struct buffer. IndicateSeq: %d, NewSeq: %d\n", 673 pTS->rx_indicate_seq, SeqNum); 674 } 675 } else { 676 /* Packets are dropped if there are not enough reorder 677 * entries. This part should be modified!! We can just 678 * indicate all the packets in struct buffer and get 679 * reorder entries. 680 */ 681 netdev_err(ieee->dev, 682 "%s(): There is no reorder entry! Packet is dropped!\n", 683 __func__); 684 { 685 int i; 686 687 for (i = 0; i < prxb->nr_subframes; i++) 688 dev_kfree_skb(prxb->subframes[i]); 689 kfree(prxb); 690 prxb = NULL; 691 } 692 } 693 } 694 695 /* Check if there is any packet need indicate.*/ 696 while (!list_empty(&pTS->rx_pending_pkt_list)) { 697 netdev_dbg(ieee->dev, "%s(): start RREORDER indicate\n", 698 __func__); 699 700 pReorderEntry = (struct rx_reorder_entry *) 701 list_entry(pTS->rx_pending_pkt_list.prev, 702 struct rx_reorder_entry, 703 List); 704 if (SN_LESS(pReorderEntry->SeqNum, pTS->rx_indicate_seq) || 705 SN_EQUAL(pReorderEntry->SeqNum, pTS->rx_indicate_seq)) { 706 /* This protect struct buffer from overflow. */ 707 if (index >= REORDER_WIN_SIZE) { 708 netdev_err(ieee->dev, 709 "%s(): Buffer overflow!\n", 710 __func__); 711 bPktInBuf = true; 712 break; 713 } 714 715 list_del_init(&pReorderEntry->List); 716 717 if (SN_EQUAL(pReorderEntry->SeqNum, pTS->rx_indicate_seq)) 718 pTS->rx_indicate_seq = (pTS->rx_indicate_seq + 1) % 719 4096; 720 721 ieee->prxbIndicateArray[index] = pReorderEntry->prxb; 722 netdev_dbg(ieee->dev, "%s(): Indicate SeqNum %d!\n", 723 __func__, pReorderEntry->SeqNum); 724 index++; 725 726 list_add_tail(&pReorderEntry->List, 727 &ieee->RxReorder_Unused_List); 728 } else { 729 bPktInBuf = true; 730 break; 731 } 732 } 733 734 /* Handling pending timer. Set this timer to prevent from long time 735 * Rx buffering. 736 */ 737 if (index > 0) { 738 if (timer_pending(&pTS->rx_pkt_pending_timer)) 739 del_timer_sync(&pTS->rx_pkt_pending_timer); 740 pTS->rx_timeout_indicate_seq = 0xffff; 741 742 if (index > REORDER_WIN_SIZE) { 743 netdev_err(ieee->dev, 744 "%s(): Rx Reorder struct buffer full!\n", 745 __func__); 746 spin_unlock_irqrestore(&(ieee->reorder_spinlock), 747 flags); 748 return; 749 } 750 rtllib_indicate_packets(ieee, ieee->prxbIndicateArray, index); 751 bPktInBuf = false; 752 } 753 754 if (bPktInBuf && pTS->rx_timeout_indicate_seq == 0xffff) { 755 netdev_dbg(ieee->dev, "%s(): SET rx timeout timer\n", __func__); 756 pTS->rx_timeout_indicate_seq = pTS->rx_indicate_seq; 757 mod_timer(&pTS->rx_pkt_pending_timer, jiffies + 758 msecs_to_jiffies(pHTInfo->RxReorderPendingTime)); 759 } 760 spin_unlock_irqrestore(&(ieee->reorder_spinlock), flags); 761} 762 763static u8 parse_subframe(struct rtllib_device *ieee, struct sk_buff *skb, 764 struct rtllib_rx_stats *rx_stats, 765 struct rtllib_rxb *rxb, u8 *src, u8 *dst) 766{ 767 struct rtllib_hdr_3addr *hdr = (struct rtllib_hdr_3addr *)skb->data; 768 u16 fc = le16_to_cpu(hdr->frame_ctl); 769 770 u16 LLCOffset = sizeof(struct rtllib_hdr_3addr); 771 u16 ChkLength; 772 bool bIsAggregateFrame = false; 773 u16 nSubframe_Length; 774 u8 nPadding_Length = 0; 775 u16 SeqNum = 0; 776 struct sk_buff *sub_skb; 777 /* just for debug purpose */ 778 SeqNum = WLAN_GET_SEQ_SEQ(le16_to_cpu(hdr->seq_ctl)); 779 if ((RTLLIB_QOS_HAS_SEQ(fc)) && 780 (((union frameqos *)(skb->data + RTLLIB_3ADDR_LEN))->field.reserved)) 781 bIsAggregateFrame = true; 782 783 if (RTLLIB_QOS_HAS_SEQ(fc)) 784 LLCOffset += 2; 785 if (rx_stats->bContainHTC) 786 LLCOffset += sHTCLng; 787 788 ChkLength = LLCOffset; 789 790 if (skb->len <= ChkLength) 791 return 0; 792 793 skb_pull(skb, LLCOffset); 794 ieee->bIsAggregateFrame = bIsAggregateFrame; 795 if (!bIsAggregateFrame) { 796 rxb->nr_subframes = 1; 797 798 /* altered by clark 3/30/2010 799 * The struct buffer size of the skb indicated to upper layer 800 * must be less than 5000, or the defraged IP datagram 801 * in the IP layer will exceed "ipfrag_high_tresh" and be 802 * discarded. so there must not use the function 803 * "skb_copy" and "skb_clone" for "skb". 804 */ 805 806 /* Allocate new skb for releasing to upper layer */ 807 sub_skb = dev_alloc_skb(RTLLIB_SKBBUFFER_SIZE); 808 if (!sub_skb) 809 return 0; 810 skb_reserve(sub_skb, 12); 811 skb_put_data(sub_skb, skb->data, skb->len); 812 sub_skb->dev = ieee->dev; 813 814 rxb->subframes[0] = sub_skb; 815 816 memcpy(rxb->src, src, ETH_ALEN); 817 memcpy(rxb->dst, dst, ETH_ALEN); 818 rxb->subframes[0]->dev = ieee->dev; 819 return 1; 820 } 821 822 rxb->nr_subframes = 0; 823 memcpy(rxb->src, src, ETH_ALEN); 824 memcpy(rxb->dst, dst, ETH_ALEN); 825 while (skb->len > ETHERNET_HEADER_SIZE) { 826 /* Offset 12 denote 2 mac address */ 827 nSubframe_Length = *((u16 *)(skb->data + 12)); 828 nSubframe_Length = (nSubframe_Length >> 8) + 829 (nSubframe_Length << 8); 830 831 if (skb->len < (ETHERNET_HEADER_SIZE + nSubframe_Length)) { 832 netdev_info(ieee->dev, 833 "%s: A-MSDU parse error!! pRfd->nTotalSubframe : %d\n", 834 __func__, rxb->nr_subframes); 835 netdev_info(ieee->dev, 836 "%s: A-MSDU parse error!! Subframe Length: %d\n", 837 __func__, nSubframe_Length); 838 netdev_info(ieee->dev, 839 "nRemain_Length is %d and nSubframe_Length is : %d\n", 840 skb->len, nSubframe_Length); 841 netdev_info(ieee->dev, 842 "The Packet SeqNum is %d\n", 843 SeqNum); 844 return 0; 845 } 846 847 /* move the data point to data content */ 848 skb_pull(skb, ETHERNET_HEADER_SIZE); 849 850 /* altered by clark 3/30/2010 851 * The struct buffer size of the skb indicated to upper layer 852 * must be less than 5000, or the defraged IP datagram 853 * in the IP layer will exceed "ipfrag_high_tresh" and be 854 * discarded. so there must not use the function 855 * "skb_copy" and "skb_clone" for "skb". 856 */ 857 858 /* Allocate new skb for releasing to upper layer */ 859 sub_skb = dev_alloc_skb(nSubframe_Length + 12); 860 if (!sub_skb) 861 return 0; 862 skb_reserve(sub_skb, 12); 863 skb_put_data(sub_skb, skb->data, nSubframe_Length); 864 865 sub_skb->dev = ieee->dev; 866 rxb->subframes[rxb->nr_subframes++] = sub_skb; 867 if (rxb->nr_subframes >= MAX_SUBFRAME_COUNT) { 868 netdev_dbg(ieee->dev, 869 "ParseSubframe(): Too many Subframes! Packets dropped!\n"); 870 break; 871 } 872 skb_pull(skb, nSubframe_Length); 873 874 if (skb->len != 0) { 875 nPadding_Length = 4 - ((nSubframe_Length + 876 ETHERNET_HEADER_SIZE) % 4); 877 if (nPadding_Length == 4) 878 nPadding_Length = 0; 879 880 if (skb->len < nPadding_Length) 881 return 0; 882 883 skb_pull(skb, nPadding_Length); 884 } 885 } 886 887 return rxb->nr_subframes; 888} 889 890 891static size_t rtllib_rx_get_hdrlen(struct rtllib_device *ieee, 892 struct sk_buff *skb, 893 struct rtllib_rx_stats *rx_stats) 894{ 895 struct rtllib_hdr_4addr *hdr = (struct rtllib_hdr_4addr *)skb->data; 896 u16 fc = le16_to_cpu(hdr->frame_ctl); 897 size_t hdrlen; 898 899 hdrlen = rtllib_get_hdrlen(fc); 900 if (HTCCheck(ieee, skb->data)) { 901 if (net_ratelimit()) 902 netdev_info(ieee->dev, "%s: find HTCControl!\n", 903 __func__); 904 hdrlen += 4; 905 rx_stats->bContainHTC = true; 906 } 907 908 if (RTLLIB_QOS_HAS_SEQ(fc)) 909 rx_stats->bIsQosData = true; 910 911 return hdrlen; 912} 913 914static int rtllib_rx_check_duplicate(struct rtllib_device *ieee, 915 struct sk_buff *skb, u8 multicast) 916{ 917 struct rtllib_hdr_4addr *hdr = (struct rtllib_hdr_4addr *)skb->data; 918 u16 fc, sc; 919 u8 frag, type, stype; 920 921 fc = le16_to_cpu(hdr->frame_ctl); 922 type = WLAN_FC_GET_TYPE(fc); 923 stype = WLAN_FC_GET_STYPE(fc); 924 sc = le16_to_cpu(hdr->seq_ctl); 925 frag = WLAN_GET_SEQ_FRAG(sc); 926 927 if (!ieee->pHTInfo->bCurRxReorderEnable || 928 !ieee->current_network.qos_data.active || 929 !IsDataFrame(skb->data) || 930 IsLegacyDataFrame(skb->data)) { 931 if (!((type == RTLLIB_FTYPE_MGMT) && 932 (stype == RTLLIB_STYPE_BEACON))) { 933 if (is_duplicate_packet(ieee, hdr)) 934 return -1; 935 } 936 } else { 937 struct rx_ts_record *pRxTS = NULL; 938 939 if (GetTs(ieee, (struct ts_common_info **)&pRxTS, hdr->addr2, 940 (u8)Frame_QoSTID((u8 *)(skb->data)), RX_DIR, true)) { 941 if ((fc & (1<<11)) && (frag == pRxTS->rx_last_frag_num) && 942 (WLAN_GET_SEQ_SEQ(sc) == pRxTS->rx_last_seq_num)) 943 return -1; 944 pRxTS->rx_last_frag_num = frag; 945 pRxTS->rx_last_seq_num = WLAN_GET_SEQ_SEQ(sc); 946 } else { 947 netdev_warn(ieee->dev, "%s(): No TS! Skip the check!\n", 948 __func__); 949 return -1; 950 } 951 } 952 953 return 0; 954} 955 956static void rtllib_rx_extract_addr(struct rtllib_device *ieee, 957 struct rtllib_hdr_4addr *hdr, u8 *dst, 958 u8 *src, u8 *bssid) 959{ 960 u16 fc = le16_to_cpu(hdr->frame_ctl); 961 962 switch (fc & (RTLLIB_FCTL_FROMDS | RTLLIB_FCTL_TODS)) { 963 case RTLLIB_FCTL_FROMDS: 964 ether_addr_copy(dst, hdr->addr1); 965 ether_addr_copy(src, hdr->addr3); 966 ether_addr_copy(bssid, hdr->addr2); 967 break; 968 case RTLLIB_FCTL_TODS: 969 ether_addr_copy(dst, hdr->addr3); 970 ether_addr_copy(src, hdr->addr2); 971 ether_addr_copy(bssid, hdr->addr1); 972 break; 973 case RTLLIB_FCTL_FROMDS | RTLLIB_FCTL_TODS: 974 ether_addr_copy(dst, hdr->addr3); 975 ether_addr_copy(src, hdr->addr4); 976 ether_addr_copy(bssid, ieee->current_network.bssid); 977 break; 978 default: 979 ether_addr_copy(dst, hdr->addr1); 980 ether_addr_copy(src, hdr->addr2); 981 ether_addr_copy(bssid, hdr->addr3); 982 break; 983 } 984} 985 986static int rtllib_rx_data_filter(struct rtllib_device *ieee, u16 fc, 987 u8 *dst, u8 *src, u8 *bssid, u8 *addr2) 988{ 989 u8 type, stype; 990 991 type = WLAN_FC_GET_TYPE(fc); 992 stype = WLAN_FC_GET_STYPE(fc); 993 994 /* Filter frames from different BSS */ 995 if (((fc & RTLLIB_FCTL_DSTODS) != RTLLIB_FCTL_DSTODS) && 996 !ether_addr_equal(ieee->current_network.bssid, bssid) && 997 !is_zero_ether_addr(ieee->current_network.bssid)) { 998 return -1; 999 } 1000 1001 /* Filter packets sent by an STA that will be forwarded by AP */ 1002 if (ieee->IntelPromiscuousModeInfo.bPromiscuousOn && 1003 ieee->IntelPromiscuousModeInfo.bFilterSourceStationFrame) { 1004 if ((fc & RTLLIB_FCTL_TODS) && !(fc & RTLLIB_FCTL_FROMDS) && 1005 !ether_addr_equal(dst, ieee->current_network.bssid) && 1006 ether_addr_equal(bssid, ieee->current_network.bssid)) { 1007 return -1; 1008 } 1009 } 1010 1011 /* Nullfunc frames may have PS-bit set, so they must be passed to 1012 * hostap_handle_sta_rx() before being dropped here. 1013 */ 1014 if (!ieee->IntelPromiscuousModeInfo.bPromiscuousOn) { 1015 if (stype != RTLLIB_STYPE_DATA && 1016 stype != RTLLIB_STYPE_DATA_CFACK && 1017 stype != RTLLIB_STYPE_DATA_CFPOLL && 1018 stype != RTLLIB_STYPE_DATA_CFACKPOLL && 1019 stype != RTLLIB_STYPE_QOS_DATA) { 1020 if (stype != RTLLIB_STYPE_NULLFUNC) 1021 netdev_dbg(ieee->dev, 1022 "RX: dropped data frame with no data (type=0x%02x, subtype=0x%02x)\n", 1023 type, stype); 1024 return -1; 1025 } 1026 } 1027 1028 if (ieee->iw_mode != IW_MODE_MESH) { 1029 /* packets from our adapter are dropped (echo) */ 1030 if (!memcmp(src, ieee->dev->dev_addr, ETH_ALEN)) 1031 return -1; 1032 1033 /* {broad,multi}cast packets to our BSS go through */ 1034 if (is_multicast_ether_addr(dst)) { 1035 if (memcmp(bssid, ieee->current_network.bssid, 1036 ETH_ALEN)) 1037 return -1; 1038 } 1039 } 1040 return 0; 1041} 1042 1043static int rtllib_rx_get_crypt(struct rtllib_device *ieee, struct sk_buff *skb, 1044 struct lib80211_crypt_data **crypt, size_t hdrlen) 1045{ 1046 struct rtllib_hdr_4addr *hdr = (struct rtllib_hdr_4addr *)skb->data; 1047 u16 fc = le16_to_cpu(hdr->frame_ctl); 1048 int idx = 0; 1049 1050 if (ieee->host_decrypt) { 1051 if (skb->len >= hdrlen + 3) 1052 idx = skb->data[hdrlen + 3] >> 6; 1053 1054 *crypt = ieee->crypt_info.crypt[idx]; 1055 /* allow NULL decrypt to indicate an station specific override 1056 * for default encryption 1057 */ 1058 if (*crypt && ((*crypt)->ops == NULL || 1059 (*crypt)->ops->decrypt_mpdu == NULL)) 1060 *crypt = NULL; 1061 1062 if (!*crypt && (fc & RTLLIB_FCTL_WEP)) { 1063 /* This seems to be triggered by some (multicast?) 1064 * frames from other than current BSS, so just drop the 1065 * frames silently instead of filling system log with 1066 * these reports. 1067 */ 1068 netdev_dbg(ieee->dev, 1069 "Decryption failed (not set) (SA= %pM)\n", 1070 hdr->addr2); 1071 return -1; 1072 } 1073 } 1074 1075 return 0; 1076} 1077 1078static int rtllib_rx_decrypt(struct rtllib_device *ieee, struct sk_buff *skb, 1079 struct rtllib_rx_stats *rx_stats, 1080 struct lib80211_crypt_data *crypt, size_t hdrlen) 1081{ 1082 struct rtllib_hdr_4addr *hdr; 1083 int keyidx = 0; 1084 u16 fc, sc; 1085 u8 frag; 1086 1087 hdr = (struct rtllib_hdr_4addr *)skb->data; 1088 fc = le16_to_cpu(hdr->frame_ctl); 1089 sc = le16_to_cpu(hdr->seq_ctl); 1090 frag = WLAN_GET_SEQ_FRAG(sc); 1091 1092 if ((!rx_stats->Decrypted)) 1093 ieee->need_sw_enc = 1; 1094 else 1095 ieee->need_sw_enc = 0; 1096 1097 keyidx = rtllib_rx_frame_decrypt(ieee, skb, crypt); 1098 if (ieee->host_decrypt && (fc & RTLLIB_FCTL_WEP) && (keyidx < 0)) { 1099 netdev_info(ieee->dev, "%s: decrypt frame error\n", __func__); 1100 return -1; 1101 } 1102 1103 hdr = (struct rtllib_hdr_4addr *)skb->data; 1104 if ((frag != 0 || (fc & RTLLIB_FCTL_MOREFRAGS))) { 1105 int flen; 1106 struct sk_buff *frag_skb = rtllib_frag_cache_get(ieee, hdr); 1107 1108 netdev_dbg(ieee->dev, "Rx Fragment received (%u)\n", frag); 1109 1110 if (!frag_skb) { 1111 netdev_dbg(ieee->dev, 1112 "Rx cannot get skb from fragment cache (morefrag=%d seq=%u frag=%u)\n", 1113 (fc & RTLLIB_FCTL_MOREFRAGS) != 0, 1114 WLAN_GET_SEQ_SEQ(sc), frag); 1115 return -1; 1116 } 1117 flen = skb->len; 1118 if (frag != 0) 1119 flen -= hdrlen; 1120 1121 if (frag_skb->tail + flen > frag_skb->end) { 1122 netdev_warn(ieee->dev, 1123 "%s: host decrypted and reassembled frame did not fit skb\n", 1124 __func__); 1125 rtllib_frag_cache_invalidate(ieee, hdr); 1126 return -1; 1127 } 1128 1129 if (frag == 0) { 1130 /* copy first fragment (including full headers) into 1131 * beginning of the fragment cache skb 1132 */ 1133 skb_put_data(frag_skb, skb->data, flen); 1134 } else { 1135 /* append frame payload to the end of the fragment 1136 * cache skb 1137 */ 1138 skb_put_data(frag_skb, skb->data + hdrlen, flen); 1139 } 1140 dev_kfree_skb_any(skb); 1141 skb = NULL; 1142 1143 if (fc & RTLLIB_FCTL_MOREFRAGS) { 1144 /* more fragments expected - leave the skb in fragment 1145 * cache for now; it will be delivered to upper layers 1146 * after all fragments have been received 1147 */ 1148 return -2; 1149 } 1150 1151 /* this was the last fragment and the frame will be 1152 * delivered, so remove skb from fragment cache 1153 */ 1154 skb = frag_skb; 1155 hdr = (struct rtllib_hdr_4addr *)skb->data; 1156 rtllib_frag_cache_invalidate(ieee, hdr); 1157 } 1158 1159 /* skb: hdr + (possible reassembled) full MSDU payload; possibly still 1160 * encrypted/authenticated 1161 */ 1162 if (ieee->host_decrypt && (fc & RTLLIB_FCTL_WEP) && 1163 rtllib_rx_frame_decrypt_msdu(ieee, skb, keyidx, crypt)) { 1164 netdev_info(ieee->dev, "%s: ==>decrypt msdu error\n", __func__); 1165 return -1; 1166 } 1167 1168 hdr = (struct rtllib_hdr_4addr *)skb->data; 1169 if (crypt && !(fc & RTLLIB_FCTL_WEP) && !ieee->open_wep) { 1170 if (/*ieee->ieee802_1x &&*/ 1171 rtllib_is_eapol_frame(ieee, skb, hdrlen)) { 1172 1173 /* pass unencrypted EAPOL frames even if encryption is 1174 * configured 1175 */ 1176 struct eapol *eap = (struct eapol *)(skb->data + 1177 24); 1178 netdev_dbg(ieee->dev, 1179 "RX: IEEE 802.1X EAPOL frame: %s\n", 1180 eap_get_type(eap->type)); 1181 } else { 1182 netdev_dbg(ieee->dev, 1183 "encryption configured, but RX frame not encrypted (SA= %pM)\n", 1184 hdr->addr2); 1185 return -1; 1186 } 1187 } 1188 1189 if (crypt && !(fc & RTLLIB_FCTL_WEP) && 1190 rtllib_is_eapol_frame(ieee, skb, hdrlen)) { 1191 struct eapol *eap = (struct eapol *)(skb->data + 24); 1192 1193 netdev_dbg(ieee->dev, "RX: IEEE 802.1X EAPOL frame: %s\n", 1194 eap_get_type(eap->type)); 1195 } 1196 1197 if (crypt && !(fc & RTLLIB_FCTL_WEP) && !ieee->open_wep && 1198 !rtllib_is_eapol_frame(ieee, skb, hdrlen)) { 1199 netdev_dbg(ieee->dev, 1200 "dropped unencrypted RX data frame from %pM (drop_unencrypted=1)\n", 1201 hdr->addr2); 1202 return -1; 1203 } 1204 1205 return 0; 1206} 1207 1208static void rtllib_rx_check_leave_lps(struct rtllib_device *ieee, u8 unicast, 1209 u8 nr_subframes) 1210{ 1211 if (unicast) { 1212 1213 if (ieee->state == RTLLIB_LINKED) { 1214 if (((ieee->LinkDetectInfo.NumRxUnicastOkInPeriod + 1215 ieee->LinkDetectInfo.NumTxOkInPeriod) > 8) || 1216 (ieee->LinkDetectInfo.NumRxUnicastOkInPeriod > 2)) { 1217 if (ieee->LeisurePSLeave) 1218 ieee->LeisurePSLeave(ieee->dev); 1219 } 1220 } 1221 } 1222 ieee->last_rx_ps_time = jiffies; 1223} 1224 1225static void rtllib_rx_indicate_pkt_legacy(struct rtllib_device *ieee, 1226 struct rtllib_rx_stats *rx_stats, 1227 struct rtllib_rxb *rxb, 1228 u8 *dst, 1229 u8 *src) 1230{ 1231 struct net_device *dev = ieee->dev; 1232 u16 ethertype; 1233 int i = 0; 1234 1235 if (rxb == NULL) { 1236 netdev_info(dev, "%s: rxb is NULL!!\n", __func__); 1237 return; 1238 } 1239 1240 for (i = 0; i < rxb->nr_subframes; i++) { 1241 struct sk_buff *sub_skb = rxb->subframes[i]; 1242 1243 if (sub_skb) { 1244 /* convert hdr + possible LLC headers 1245 * into Ethernet header 1246 */ 1247 ethertype = (sub_skb->data[6] << 8) | sub_skb->data[7]; 1248 if (sub_skb->len >= 8 && 1249 ((memcmp(sub_skb->data, rfc1042_header, SNAP_SIZE) == 0 && 1250 ethertype != ETH_P_AARP && ethertype != ETH_P_IPX) || 1251 memcmp(sub_skb->data, bridge_tunnel_header, SNAP_SIZE) == 0)) { 1252 /* remove RFC1042 or Bridge-Tunnel encapsulation 1253 * and replace EtherType 1254 */ 1255 skb_pull(sub_skb, SNAP_SIZE); 1256 ether_addr_copy(skb_push(sub_skb, ETH_ALEN), 1257 src); 1258 ether_addr_copy(skb_push(sub_skb, ETH_ALEN), 1259 dst); 1260 } else { 1261 u16 len; 1262 /* Leave Ethernet header part of hdr 1263 * and full payload 1264 */ 1265 len = sub_skb->len; 1266 memcpy(skb_push(sub_skb, 2), &len, 2); 1267 ether_addr_copy(skb_push(sub_skb, ETH_ALEN), 1268 src); 1269 ether_addr_copy(skb_push(sub_skb, ETH_ALEN), 1270 dst); 1271 } 1272 1273 ieee->stats.rx_packets++; 1274 ieee->stats.rx_bytes += sub_skb->len; 1275 1276 if (is_multicast_ether_addr(dst)) 1277 ieee->stats.multicast++; 1278 1279 /* Indicate the packets to upper layer */ 1280 memset(sub_skb->cb, 0, sizeof(sub_skb->cb)); 1281 sub_skb->protocol = eth_type_trans(sub_skb, dev); 1282 sub_skb->dev = dev; 1283 sub_skb->dev->stats.rx_packets++; 1284 sub_skb->dev->stats.rx_bytes += sub_skb->len; 1285 /* 802.11 crc not sufficient */ 1286 sub_skb->ip_summed = CHECKSUM_NONE; 1287 netif_rx(sub_skb); 1288 } 1289 } 1290 kfree(rxb); 1291} 1292 1293static int rtllib_rx_InfraAdhoc(struct rtllib_device *ieee, struct sk_buff *skb, 1294 struct rtllib_rx_stats *rx_stats) 1295{ 1296 struct net_device *dev = ieee->dev; 1297 struct rtllib_hdr_4addr *hdr = (struct rtllib_hdr_4addr *)skb->data; 1298 struct lib80211_crypt_data *crypt = NULL; 1299 struct rtllib_rxb *rxb = NULL; 1300 struct rx_ts_record *pTS = NULL; 1301 u16 fc, sc, SeqNum = 0; 1302 u8 type, stype, multicast = 0, unicast = 0, nr_subframes = 0, TID = 0; 1303 u8 dst[ETH_ALEN]; 1304 u8 src[ETH_ALEN]; 1305 u8 bssid[ETH_ALEN] = {0}; 1306 1307 size_t hdrlen = 0; 1308 bool bToOtherSTA = false; 1309 int ret = 0, i = 0; 1310 1311 fc = le16_to_cpu(hdr->frame_ctl); 1312 type = WLAN_FC_GET_TYPE(fc); 1313 stype = WLAN_FC_GET_STYPE(fc); 1314 sc = le16_to_cpu(hdr->seq_ctl); 1315 1316 /*Filter pkt not to me*/ 1317 multicast = is_multicast_ether_addr(hdr->addr1); 1318 unicast = !multicast; 1319 if (unicast && !ether_addr_equal(dev->dev_addr, hdr->addr1)) { 1320 if (ieee->bNetPromiscuousMode) 1321 bToOtherSTA = true; 1322 else 1323 goto rx_dropped; 1324 } 1325 1326 /*Filter pkt has too small length */ 1327 hdrlen = rtllib_rx_get_hdrlen(ieee, skb, rx_stats); 1328 if (skb->len < hdrlen) { 1329 netdev_info(dev, 1330 "%s():ERR!!! skb->len is smaller than hdrlen\n", 1331 __func__); 1332 goto rx_dropped; 1333 } 1334 1335 /* Filter Duplicate pkt */ 1336 ret = rtllib_rx_check_duplicate(ieee, skb, multicast); 1337 if (ret < 0) 1338 goto rx_dropped; 1339 1340 /* Filter CTRL Frame */ 1341 if (type == RTLLIB_FTYPE_CTL) 1342 goto rx_dropped; 1343 1344 /* Filter MGNT Frame */ 1345 if (type == RTLLIB_FTYPE_MGMT) { 1346 if (bToOtherSTA) 1347 goto rx_dropped; 1348 if (rtllib_rx_frame_mgmt(ieee, skb, rx_stats, type, stype)) 1349 goto rx_dropped; 1350 else 1351 goto rx_exit; 1352 } 1353 1354 /* Filter WAPI DATA Frame */ 1355 1356 /* Update statstics for AP roaming */ 1357 if (!bToOtherSTA) { 1358 ieee->LinkDetectInfo.NumRecvDataInPeriod++; 1359 ieee->LinkDetectInfo.NumRxOkInPeriod++; 1360 } 1361 1362 /* Data frame - extract src/dst addresses */ 1363 rtllib_rx_extract_addr(ieee, hdr, dst, src, bssid); 1364 1365 /* Filter Data frames */ 1366 ret = rtllib_rx_data_filter(ieee, fc, dst, src, bssid, hdr->addr2); 1367 if (ret < 0) 1368 goto rx_dropped; 1369 1370 if (skb->len == hdrlen) 1371 goto rx_dropped; 1372 1373 /* Send pspoll based on moredata */ 1374 if ((ieee->iw_mode == IW_MODE_INFRA) && 1375 (ieee->sta_sleep == LPS_IS_SLEEP) && 1376 (ieee->polling) && (!bToOtherSTA)) { 1377 if (WLAN_FC_MORE_DATA(fc)) { 1378 /* more data bit is set, let's request a new frame 1379 * from the AP 1380 */ 1381 rtllib_sta_ps_send_pspoll_frame(ieee); 1382 } else { 1383 ieee->polling = false; 1384 } 1385 } 1386 1387 /* Get crypt if encrypted */ 1388 ret = rtllib_rx_get_crypt(ieee, skb, &crypt, hdrlen); 1389 if (ret == -1) 1390 goto rx_dropped; 1391 1392 /* Decrypt data frame (including reassemble) */ 1393 ret = rtllib_rx_decrypt(ieee, skb, rx_stats, crypt, hdrlen); 1394 if (ret == -1) 1395 goto rx_dropped; 1396 else if (ret == -2) 1397 goto rx_exit; 1398 1399 /* Get TS for Rx Reorder */ 1400 hdr = (struct rtllib_hdr_4addr *)skb->data; 1401 if (ieee->current_network.qos_data.active && IsQoSDataFrame(skb->data) 1402 && !is_multicast_ether_addr(hdr->addr1) 1403 && (!bToOtherSTA)) { 1404 TID = Frame_QoSTID(skb->data); 1405 SeqNum = WLAN_GET_SEQ_SEQ(sc); 1406 GetTs(ieee, (struct ts_common_info **)&pTS, hdr->addr2, TID, 1407 RX_DIR, true); 1408 if (TID != 0 && TID != 3) 1409 ieee->bis_any_nonbepkts = true; 1410 } 1411 1412 /* Parse rx data frame (For AMSDU) */ 1413 /* skb: hdr + (possible reassembled) full plaintext payload */ 1414 rxb = kmalloc(sizeof(struct rtllib_rxb), GFP_ATOMIC); 1415 if (!rxb) 1416 goto rx_dropped; 1417 1418 /* to parse amsdu packets */ 1419 /* qos data packets & reserved bit is 1 */ 1420 if (parse_subframe(ieee, skb, rx_stats, rxb, src, dst) == 0) { 1421 /* only to free rxb, and not submit the packets 1422 * to upper layer 1423 */ 1424 for (i = 0; i < rxb->nr_subframes; i++) 1425 dev_kfree_skb(rxb->subframes[i]); 1426 kfree(rxb); 1427 rxb = NULL; 1428 goto rx_dropped; 1429 } 1430 1431 /* Update WAPI PN */ 1432 1433 /* Check if leave LPS */ 1434 if (!bToOtherSTA) { 1435 if (ieee->bIsAggregateFrame) 1436 nr_subframes = rxb->nr_subframes; 1437 else 1438 nr_subframes = 1; 1439 if (unicast) 1440 ieee->LinkDetectInfo.NumRxUnicastOkInPeriod += nr_subframes; 1441 rtllib_rx_check_leave_lps(ieee, unicast, nr_subframes); 1442 } 1443 1444 /* Indicate packets to upper layer or Rx Reorder */ 1445 if (!ieee->pHTInfo->bCurRxReorderEnable || pTS == NULL || bToOtherSTA) 1446 rtllib_rx_indicate_pkt_legacy(ieee, rx_stats, rxb, dst, src); 1447 else 1448 RxReorderIndicatePacket(ieee, rxb, pTS, SeqNum); 1449 1450 dev_kfree_skb(skb); 1451 1452 rx_exit: 1453 return 1; 1454 1455 rx_dropped: 1456 ieee->stats.rx_dropped++; 1457 1458 /* Returning 0 indicates to caller that we have not handled the SKB-- 1459 * so it is still allocated and can be used again by underlying 1460 * hardware as a DMA target 1461 */ 1462 return 0; 1463} 1464 1465static int rtllib_rx_Master(struct rtllib_device *ieee, struct sk_buff *skb, 1466 struct rtllib_rx_stats *rx_stats) 1467{ 1468 return 0; 1469} 1470 1471static int rtllib_rx_Monitor(struct rtllib_device *ieee, struct sk_buff *skb, 1472 struct rtllib_rx_stats *rx_stats) 1473{ 1474 struct rtllib_hdr_4addr *hdr = (struct rtllib_hdr_4addr *)skb->data; 1475 u16 fc = le16_to_cpu(hdr->frame_ctl); 1476 size_t hdrlen = rtllib_get_hdrlen(fc); 1477 1478 if (skb->len < hdrlen) { 1479 netdev_info(ieee->dev, 1480 "%s():ERR!!! skb->len is smaller than hdrlen\n", 1481 __func__); 1482 return 0; 1483 } 1484 1485 if (HTCCheck(ieee, skb->data)) { 1486 if (net_ratelimit()) 1487 netdev_info(ieee->dev, "%s: Find HTCControl!\n", 1488 __func__); 1489 hdrlen += 4; 1490 } 1491 1492 rtllib_monitor_rx(ieee, skb, rx_stats, hdrlen); 1493 ieee->stats.rx_packets++; 1494 ieee->stats.rx_bytes += skb->len; 1495 1496 return 1; 1497} 1498 1499static int rtllib_rx_Mesh(struct rtllib_device *ieee, struct sk_buff *skb, 1500 struct rtllib_rx_stats *rx_stats) 1501{ 1502 return 0; 1503} 1504 1505/* All received frames are sent to this function. @skb contains the frame in 1506 * IEEE 802.11 format, i.e., in the format it was sent over air. 1507 * This function is called only as a tasklet (software IRQ). 1508 */ 1509int rtllib_rx(struct rtllib_device *ieee, struct sk_buff *skb, 1510 struct rtllib_rx_stats *rx_stats) 1511{ 1512 int ret = 0; 1513 1514 if (!ieee || !skb || !rx_stats) { 1515 pr_info("%s: Input parameters NULL!\n", __func__); 1516 goto rx_dropped; 1517 } 1518 if (skb->len < 10) { 1519 netdev_info(ieee->dev, "%s: SKB length < 10\n", __func__); 1520 goto rx_dropped; 1521 } 1522 1523 switch (ieee->iw_mode) { 1524 case IW_MODE_ADHOC: 1525 case IW_MODE_INFRA: 1526 ret = rtllib_rx_InfraAdhoc(ieee, skb, rx_stats); 1527 break; 1528 case IW_MODE_MASTER: 1529 case IW_MODE_REPEAT: 1530 ret = rtllib_rx_Master(ieee, skb, rx_stats); 1531 break; 1532 case IW_MODE_MONITOR: 1533 ret = rtllib_rx_Monitor(ieee, skb, rx_stats); 1534 break; 1535 case IW_MODE_MESH: 1536 ret = rtllib_rx_Mesh(ieee, skb, rx_stats); 1537 break; 1538 default: 1539 netdev_info(ieee->dev, "%s: ERR iw mode!!!\n", __func__); 1540 break; 1541 } 1542 1543 return ret; 1544 1545 rx_dropped: 1546 if (ieee) 1547 ieee->stats.rx_dropped++; 1548 return 0; 1549} 1550EXPORT_SYMBOL(rtllib_rx); 1551 1552static u8 qos_oui[QOS_OUI_LEN] = { 0x00, 0x50, 0xF2 }; 1553 1554/* Make ther structure we read from the beacon packet has the right values */ 1555static int rtllib_verify_qos_info(struct rtllib_qos_information_element 1556 *info_element, int sub_type) 1557{ 1558 1559 if (info_element->elementID != QOS_ELEMENT_ID) 1560 return -1; 1561 if (info_element->qui_subtype != sub_type) 1562 return -1; 1563 if (memcmp(info_element->qui, qos_oui, QOS_OUI_LEN)) 1564 return -1; 1565 if (info_element->qui_type != QOS_OUI_TYPE) 1566 return -1; 1567 if (info_element->version != QOS_VERSION_1) 1568 return -1; 1569 1570 return 0; 1571} 1572 1573 1574/* Parse a QoS parameter element */ 1575static int rtllib_read_qos_param_element( 1576 struct rtllib_qos_parameter_info *element_param, 1577 struct rtllib_info_element *info_element) 1578{ 1579 size_t size = sizeof(*element_param); 1580 1581 if (!element_param || !info_element || info_element->len != size - 2) 1582 return -1; 1583 1584 memcpy(element_param, info_element, size); 1585 return rtllib_verify_qos_info(&element_param->info_element, 1586 QOS_OUI_PARAM_SUB_TYPE); 1587} 1588 1589/* Parse a QoS information element */ 1590static int rtllib_read_qos_info_element( 1591 struct rtllib_qos_information_element *element_info, 1592 struct rtllib_info_element *info_element) 1593{ 1594 size_t size = sizeof(*element_info); 1595 1596 if (!element_info || !info_element || info_element->len != size - 2) 1597 return -1; 1598 1599 memcpy(element_info, info_element, size); 1600 return rtllib_verify_qos_info(element_info, QOS_OUI_INFO_SUB_TYPE); 1601} 1602 1603 1604/* Write QoS parameters from the ac parameters. */ 1605static int rtllib_qos_convert_ac_to_parameters(struct rtllib_qos_parameter_info *param_elm, 1606 struct rtllib_qos_data *qos_data) 1607{ 1608 struct rtllib_qos_ac_parameter *ac_params; 1609 struct rtllib_qos_parameters *qos_param = &(qos_data->parameters); 1610 int i; 1611 u8 aci; 1612 u8 acm; 1613 1614 qos_data->wmm_acm = 0; 1615 for (i = 0; i < QOS_QUEUE_NUM; i++) { 1616 ac_params = &(param_elm->ac_params_record[i]); 1617 1618 aci = (ac_params->aci_aifsn & 0x60) >> 5; 1619 acm = (ac_params->aci_aifsn & 0x10) >> 4; 1620 1621 if (aci >= QOS_QUEUE_NUM) 1622 continue; 1623 switch (aci) { 1624 case 1: 1625 /* BIT(0) | BIT(3) */ 1626 if (acm) 1627 qos_data->wmm_acm |= (0x01<<0)|(0x01<<3); 1628 break; 1629 case 2: 1630 /* BIT(4) | BIT(5) */ 1631 if (acm) 1632 qos_data->wmm_acm |= (0x01<<4)|(0x01<<5); 1633 break; 1634 case 3: 1635 /* BIT(6) | BIT(7) */ 1636 if (acm) 1637 qos_data->wmm_acm |= (0x01<<6)|(0x01<<7); 1638 break; 1639 case 0: 1640 default: 1641 /* BIT(1) | BIT(2) */ 1642 if (acm) 1643 qos_data->wmm_acm |= (0x01<<1)|(0x01<<2); 1644 break; 1645 } 1646 1647 qos_param->aifs[aci] = (ac_params->aci_aifsn) & 0x0f; 1648 1649 /* WMM spec P.11: The minimum value for AIFSN shall be 2 */ 1650 qos_param->aifs[aci] = max_t(u8, qos_param->aifs[aci], 2); 1651 1652 qos_param->cw_min[aci] = cpu_to_le16(ac_params->ecw_min_max & 1653 0x0F); 1654 1655 qos_param->cw_max[aci] = cpu_to_le16((ac_params->ecw_min_max & 1656 0xF0) >> 4); 1657 1658 qos_param->flag[aci] = 1659 (ac_params->aci_aifsn & 0x10) ? 0x01 : 0x00; 1660 qos_param->tx_op_limit[aci] = ac_params->tx_op_limit; 1661 } 1662 return 0; 1663} 1664 1665/* we have a generic data element which it may contain QoS information or 1666 * parameters element. check the information element length to decide 1667 * which type to read 1668 */ 1669static int rtllib_parse_qos_info_param_IE(struct rtllib_device *ieee, 1670 struct rtllib_info_element 1671 *info_element, 1672 struct rtllib_network *network) 1673{ 1674 int rc = 0; 1675 struct rtllib_qos_information_element qos_info_element; 1676 1677 rc = rtllib_read_qos_info_element(&qos_info_element, info_element); 1678 1679 if (rc == 0) { 1680 network->qos_data.param_count = qos_info_element.ac_info & 0x0F; 1681 network->flags |= NETWORK_HAS_QOS_INFORMATION; 1682 } else { 1683 struct rtllib_qos_parameter_info param_element; 1684 1685 rc = rtllib_read_qos_param_element(¶m_element, 1686 info_element); 1687 if (rc == 0) { 1688 rtllib_qos_convert_ac_to_parameters(¶m_element, 1689 &(network->qos_data)); 1690 network->flags |= NETWORK_HAS_QOS_PARAMETERS; 1691 network->qos_data.param_count = 1692 param_element.info_element.ac_info & 0x0F; 1693 } 1694 } 1695 1696 if (rc == 0) { 1697 netdev_dbg(ieee->dev, "QoS is supported\n"); 1698 network->qos_data.supported = 1; 1699 } 1700 return rc; 1701} 1702 1703static const char *get_info_element_string(u16 id) 1704{ 1705 switch (id) { 1706 case MFIE_TYPE_SSID: 1707 return "SSID"; 1708 case MFIE_TYPE_RATES: 1709 return "RATES"; 1710 case MFIE_TYPE_FH_SET: 1711 return "FH_SET"; 1712 case MFIE_TYPE_DS_SET: 1713 return "DS_SET"; 1714 case MFIE_TYPE_CF_SET: 1715 return "CF_SET"; 1716 case MFIE_TYPE_TIM: 1717 return "TIM"; 1718 case MFIE_TYPE_IBSS_SET: 1719 return "IBSS_SET"; 1720 case MFIE_TYPE_COUNTRY: 1721 return "COUNTRY"; 1722 case MFIE_TYPE_HOP_PARAMS: 1723 return "HOP_PARAMS"; 1724 case MFIE_TYPE_HOP_TABLE: 1725 return "HOP_TABLE"; 1726 case MFIE_TYPE_REQUEST: 1727 return "REQUEST"; 1728 case MFIE_TYPE_CHALLENGE: 1729 return "CHALLENGE"; 1730 case MFIE_TYPE_POWER_CONSTRAINT: 1731 return "POWER_CONSTRAINT"; 1732 case MFIE_TYPE_POWER_CAPABILITY: 1733 return "POWER_CAPABILITY"; 1734 case MFIE_TYPE_TPC_REQUEST: 1735 return "TPC_REQUEST"; 1736 case MFIE_TYPE_TPC_REPORT: 1737 return "TPC_REPORT"; 1738 case MFIE_TYPE_SUPP_CHANNELS: 1739 return "SUPP_CHANNELS"; 1740 case MFIE_TYPE_CSA: 1741 return "CSA"; 1742 case MFIE_TYPE_MEASURE_REQUEST: 1743 return "MEASURE_REQUEST"; 1744 case MFIE_TYPE_MEASURE_REPORT: 1745 return "MEASURE_REPORT"; 1746 case MFIE_TYPE_QUIET: 1747 return "QUIET"; 1748 case MFIE_TYPE_IBSS_DFS: 1749 return "IBSS_DFS"; 1750 case MFIE_TYPE_RSN: 1751 return "RSN"; 1752 case MFIE_TYPE_RATES_EX: 1753 return "RATES_EX"; 1754 case MFIE_TYPE_GENERIC: 1755 return "GENERIC"; 1756 case MFIE_TYPE_QOS_PARAMETER: 1757 return "QOS_PARAMETER"; 1758 default: 1759 return "UNKNOWN"; 1760 } 1761} 1762 1763static inline void rtllib_extract_country_ie( 1764 struct rtllib_device *ieee, 1765 struct rtllib_info_element *info_element, 1766 struct rtllib_network *network, 1767 u8 *addr2) 1768{ 1769 if (IS_DOT11D_ENABLE(ieee)) { 1770 if (info_element->len != 0) { 1771 memcpy(network->CountryIeBuf, info_element->data, 1772 info_element->len); 1773 network->CountryIeLen = info_element->len; 1774 1775 if (!IS_COUNTRY_IE_VALID(ieee)) { 1776 if (rtllib_act_scanning(ieee, false) && 1777 ieee->FirstIe_InScan) 1778 netdev_info(ieee->dev, 1779 "Received beacon ContryIE, SSID: <%s>\n", 1780 network->ssid); 1781 dot11d_update_country(ieee, addr2, 1782 info_element->len, 1783 info_element->data); 1784 } 1785 } 1786 1787 if (IS_EQUAL_CIE_SRC(ieee, addr2)) 1788 UPDATE_CIE_WATCHDOG(ieee); 1789 } 1790} 1791 1792static void rtllib_parse_mife_generic(struct rtllib_device *ieee, 1793 struct rtllib_info_element *info_element, 1794 struct rtllib_network *network, 1795 u16 *tmp_htcap_len, 1796 u16 *tmp_htinfo_len) 1797{ 1798 u16 ht_realtek_agg_len = 0; 1799 u8 ht_realtek_agg_buf[MAX_IE_LEN]; 1800 1801 if (!rtllib_parse_qos_info_param_IE(ieee, info_element, network)) 1802 return; 1803 if (info_element->len >= 4 && 1804 info_element->data[0] == 0x00 && 1805 info_element->data[1] == 0x50 && 1806 info_element->data[2] == 0xf2 && 1807 info_element->data[3] == 0x01) { 1808 network->wpa_ie_len = min(info_element->len + 2, 1809 MAX_WPA_IE_LEN); 1810 memcpy(network->wpa_ie, info_element, network->wpa_ie_len); 1811 return; 1812 } 1813 if (info_element->len == 7 && 1814 info_element->data[0] == 0x00 && 1815 info_element->data[1] == 0xe0 && 1816 info_element->data[2] == 0x4c && 1817 info_element->data[3] == 0x01 && 1818 info_element->data[4] == 0x02) 1819 network->Turbo_Enable = 1; 1820 1821 if (*tmp_htcap_len == 0) { 1822 if (info_element->len >= 4 && 1823 info_element->data[0] == 0x00 && 1824 info_element->data[1] == 0x90 && 1825 info_element->data[2] == 0x4c && 1826 info_element->data[3] == 0x033) { 1827 *tmp_htcap_len = min_t(u8, info_element->len, 1828 MAX_IE_LEN); 1829 if (*tmp_htcap_len != 0) { 1830 network->bssht.bd_ht_spec_ver = HT_SPEC_VER_EWC; 1831 network->bssht.bd_ht_cap_len = min_t(u16, *tmp_htcap_len, 1832 sizeof(network->bssht.bd_ht_cap_buf)); 1833 memcpy(network->bssht.bd_ht_cap_buf, 1834 info_element->data, 1835 network->bssht.bd_ht_cap_len); 1836 } 1837 } 1838 if (*tmp_htcap_len != 0) { 1839 network->bssht.bd_support_ht = true; 1840 network->bssht.bd_ht_1r = ((((struct ht_capab_ele *)(network->bssht.bd_ht_cap_buf))->MCS[1]) == 0); 1841 } else { 1842 network->bssht.bd_support_ht = false; 1843 network->bssht.bd_ht_1r = false; 1844 } 1845 } 1846 1847 1848 if (*tmp_htinfo_len == 0) { 1849 if (info_element->len >= 4 && 1850 info_element->data[0] == 0x00 && 1851 info_element->data[1] == 0x90 && 1852 info_element->data[2] == 0x4c && 1853 info_element->data[3] == 0x034) { 1854 *tmp_htinfo_len = min_t(u8, info_element->len, 1855 MAX_IE_LEN); 1856 if (*tmp_htinfo_len != 0) { 1857 network->bssht.bd_ht_spec_ver = HT_SPEC_VER_EWC; 1858 network->bssht.bd_ht_info_len = min_t(u16, *tmp_htinfo_len, 1859 sizeof(network->bssht.bd_ht_info_buf)); 1860 memcpy(network->bssht.bd_ht_info_buf, 1861 info_element->data, 1862 network->bssht.bd_ht_info_len); 1863 } 1864 } 1865 } 1866 1867 if (network->bssht.bd_support_ht) { 1868 if (info_element->len >= 4 && 1869 info_element->data[0] == 0x00 && 1870 info_element->data[1] == 0xe0 && 1871 info_element->data[2] == 0x4c && 1872 info_element->data[3] == 0x02) { 1873 ht_realtek_agg_len = min_t(u8, info_element->len, 1874 MAX_IE_LEN); 1875 memcpy(ht_realtek_agg_buf, info_element->data, 1876 info_element->len); 1877 } 1878 if (ht_realtek_agg_len >= 5) { 1879 network->realtek_cap_exit = true; 1880 network->bssht.bd_rt2rt_aggregation = true; 1881 1882 if ((ht_realtek_agg_buf[4] == 1) && 1883 (ht_realtek_agg_buf[5] & 0x02)) 1884 network->bssht.bd_rt2rt_long_slot_time = true; 1885 1886 if ((ht_realtek_agg_buf[4] == 1) && 1887 (ht_realtek_agg_buf[5] & RT_HT_CAP_USE_92SE)) 1888 network->bssht.rt2rt_ht_mode |= RT_HT_CAP_USE_92SE; 1889 } 1890 } 1891 if (ht_realtek_agg_len >= 5) { 1892 if ((ht_realtek_agg_buf[5] & RT_HT_CAP_USE_SOFTAP)) 1893 network->bssht.rt2rt_ht_mode |= RT_HT_CAP_USE_SOFTAP; 1894 } 1895 1896 if ((info_element->len >= 3 && 1897 info_element->data[0] == 0x00 && 1898 info_element->data[1] == 0x05 && 1899 info_element->data[2] == 0xb5) || 1900 (info_element->len >= 3 && 1901 info_element->data[0] == 0x00 && 1902 info_element->data[1] == 0x0a && 1903 info_element->data[2] == 0xf7) || 1904 (info_element->len >= 3 && 1905 info_element->data[0] == 0x00 && 1906 info_element->data[1] == 0x10 && 1907 info_element->data[2] == 0x18)) { 1908 network->broadcom_cap_exist = true; 1909 } 1910 if (info_element->len >= 3 && 1911 info_element->data[0] == 0x00 && 1912 info_element->data[1] == 0x0c && 1913 info_element->data[2] == 0x43) 1914 network->ralink_cap_exist = true; 1915 if ((info_element->len >= 3 && 1916 info_element->data[0] == 0x00 && 1917 info_element->data[1] == 0x03 && 1918 info_element->data[2] == 0x7f) || 1919 (info_element->len >= 3 && 1920 info_element->data[0] == 0x00 && 1921 info_element->data[1] == 0x13 && 1922 info_element->data[2] == 0x74)) 1923 network->atheros_cap_exist = true; 1924 1925 if ((info_element->len >= 3 && 1926 info_element->data[0] == 0x00 && 1927 info_element->data[1] == 0x50 && 1928 info_element->data[2] == 0x43)) 1929 network->marvell_cap_exist = true; 1930 if (info_element->len >= 3 && 1931 info_element->data[0] == 0x00 && 1932 info_element->data[1] == 0x40 && 1933 info_element->data[2] == 0x96) 1934 network->cisco_cap_exist = true; 1935 1936 1937 if (info_element->len >= 3 && 1938 info_element->data[0] == 0x00 && 1939 info_element->data[1] == 0x0a && 1940 info_element->data[2] == 0xf5) 1941 network->airgo_cap_exist = true; 1942 1943 if (info_element->len > 4 && 1944 info_element->data[0] == 0x00 && 1945 info_element->data[1] == 0x40 && 1946 info_element->data[2] == 0x96 && 1947 info_element->data[3] == 0x01) { 1948 if (info_element->len == 6) { 1949 memcpy(network->CcxRmState, &info_element->data[4], 2); 1950 if (network->CcxRmState[0] != 0) 1951 network->bCcxRmEnable = true; 1952 else 1953 network->bCcxRmEnable = false; 1954 network->MBssidMask = network->CcxRmState[1] & 0x07; 1955 if (network->MBssidMask != 0) { 1956 network->bMBssidValid = true; 1957 network->MBssidMask = 0xff << 1958 (network->MBssidMask); 1959 ether_addr_copy(network->MBssid, 1960 network->bssid); 1961 network->MBssid[5] &= network->MBssidMask; 1962 } else { 1963 network->bMBssidValid = false; 1964 } 1965 } else { 1966 network->bCcxRmEnable = false; 1967 } 1968 } 1969 if (info_element->len > 4 && 1970 info_element->data[0] == 0x00 && 1971 info_element->data[1] == 0x40 && 1972 info_element->data[2] == 0x96 && 1973 info_element->data[3] == 0x03) { 1974 if (info_element->len == 5) { 1975 network->bWithCcxVerNum = true; 1976 network->BssCcxVerNumber = info_element->data[4]; 1977 } else { 1978 network->bWithCcxVerNum = false; 1979 network->BssCcxVerNumber = 0; 1980 } 1981 } 1982 if (info_element->len > 4 && 1983 info_element->data[0] == 0x00 && 1984 info_element->data[1] == 0x50 && 1985 info_element->data[2] == 0xf2 && 1986 info_element->data[3] == 0x04) { 1987 netdev_dbg(ieee->dev, "MFIE_TYPE_WZC: %d bytes\n", 1988 info_element->len); 1989 network->wzc_ie_len = min(info_element->len+2, MAX_WZC_IE_LEN); 1990 memcpy(network->wzc_ie, info_element, network->wzc_ie_len); 1991 } 1992} 1993 1994static void rtllib_parse_mfie_ht_cap(struct rtllib_info_element *info_element, 1995 struct rtllib_network *network, 1996 u16 *tmp_htcap_len) 1997{ 1998 struct bss_ht *ht = &network->bssht; 1999 2000 *tmp_htcap_len = min_t(u8, info_element->len, MAX_IE_LEN); 2001 if (*tmp_htcap_len != 0) { 2002 ht->bd_ht_spec_ver = HT_SPEC_VER_EWC; 2003 ht->bd_ht_cap_len = min_t(u16, *tmp_htcap_len, 2004 sizeof(ht->bd_ht_cap_buf)); 2005 memcpy(ht->bd_ht_cap_buf, info_element->data, ht->bd_ht_cap_len); 2006 2007 ht->bd_support_ht = true; 2008 ht->bd_ht_1r = ((((struct ht_capab_ele *) 2009 ht->bd_ht_cap_buf))->MCS[1]) == 0; 2010 2011 ht->bd_bandwidth = (enum ht_channel_width) 2012 (((struct ht_capab_ele *) 2013 (ht->bd_ht_cap_buf))->ChlWidth); 2014 } else { 2015 ht->bd_support_ht = false; 2016 ht->bd_ht_1r = false; 2017 ht->bd_bandwidth = HT_CHANNEL_WIDTH_20; 2018 } 2019} 2020 2021int rtllib_parse_info_param(struct rtllib_device *ieee, 2022 struct rtllib_info_element *info_element, 2023 u16 length, 2024 struct rtllib_network *network, 2025 struct rtllib_rx_stats *stats) 2026{ 2027 u8 i; 2028 short offset; 2029 u16 tmp_htcap_len = 0; 2030 u16 tmp_htinfo_len = 0; 2031 char rates_str[64]; 2032 char *p; 2033 2034 while (length >= sizeof(*info_element)) { 2035 if (sizeof(*info_element) + info_element->len > length) { 2036 netdev_dbg(ieee->dev, 2037 "Info elem: parse failed: info_element->len + 2 > left : info_element->len+2=%zd left=%d, id=%d.\n", 2038 info_element->len + sizeof(*info_element), 2039 length, info_element->id); 2040 /* We stop processing but don't return an error here 2041 * because some misbehaviour APs break this rule. ie. 2042 * Orinoco AP1000. 2043 */ 2044 break; 2045 } 2046 2047 switch (info_element->id) { 2048 case MFIE_TYPE_SSID: 2049 if (rtllib_is_empty_essid(info_element->data, 2050 info_element->len)) { 2051 network->flags |= NETWORK_EMPTY_ESSID; 2052 break; 2053 } 2054 2055 network->ssid_len = min(info_element->len, 2056 (u8)IW_ESSID_MAX_SIZE); 2057 memcpy(network->ssid, info_element->data, 2058 network->ssid_len); 2059 if (network->ssid_len < IW_ESSID_MAX_SIZE) 2060 memset(network->ssid + network->ssid_len, 0, 2061 IW_ESSID_MAX_SIZE - network->ssid_len); 2062 2063 netdev_dbg(ieee->dev, "MFIE_TYPE_SSID: '%s' len=%d.\n", 2064 network->ssid, network->ssid_len); 2065 break; 2066 2067 case MFIE_TYPE_RATES: 2068 p = rates_str; 2069 network->rates_len = min(info_element->len, 2070 MAX_RATES_LENGTH); 2071 for (i = 0; i < network->rates_len; i++) { 2072 network->rates[i] = info_element->data[i]; 2073 p += scnprintf(p, sizeof(rates_str) - 2074 (p - rates_str), "%02X ", 2075 network->rates[i]); 2076 if (rtllib_is_ofdm_rate 2077 (info_element->data[i])) { 2078 network->flags |= NETWORK_HAS_OFDM; 2079 if (info_element->data[i] & 2080 RTLLIB_BASIC_RATE_MASK) 2081 network->flags &= 2082 ~NETWORK_HAS_CCK; 2083 } 2084 2085 if (rtllib_is_cck_rate 2086 (info_element->data[i])) { 2087 network->flags |= NETWORK_HAS_CCK; 2088 } 2089 } 2090 2091 netdev_dbg(ieee->dev, "MFIE_TYPE_RATES: '%s' (%d)\n", 2092 rates_str, network->rates_len); 2093 break; 2094 2095 case MFIE_TYPE_RATES_EX: 2096 p = rates_str; 2097 network->rates_ex_len = min(info_element->len, 2098 MAX_RATES_EX_LENGTH); 2099 for (i = 0; i < network->rates_ex_len; i++) { 2100 network->rates_ex[i] = info_element->data[i]; 2101 p += scnprintf(p, sizeof(rates_str) - 2102 (p - rates_str), "%02X ", 2103 network->rates_ex[i]); 2104 if (rtllib_is_ofdm_rate 2105 (info_element->data[i])) { 2106 network->flags |= NETWORK_HAS_OFDM; 2107 if (info_element->data[i] & 2108 RTLLIB_BASIC_RATE_MASK) 2109 network->flags &= 2110 ~NETWORK_HAS_CCK; 2111 } 2112 } 2113 2114 netdev_dbg(ieee->dev, "MFIE_TYPE_RATES_EX: '%s' (%d)\n", 2115 rates_str, network->rates_ex_len); 2116 break; 2117 2118 case MFIE_TYPE_DS_SET: 2119 netdev_dbg(ieee->dev, "MFIE_TYPE_DS_SET: %d\n", 2120 info_element->data[0]); 2121 network->channel = info_element->data[0]; 2122 break; 2123 2124 case MFIE_TYPE_FH_SET: 2125 netdev_dbg(ieee->dev, "MFIE_TYPE_FH_SET: ignored\n"); 2126 break; 2127 2128 case MFIE_TYPE_CF_SET: 2129 netdev_dbg(ieee->dev, "MFIE_TYPE_CF_SET: ignored\n"); 2130 break; 2131 2132 case MFIE_TYPE_TIM: 2133 if (info_element->len < 4) 2134 break; 2135 2136 network->tim.tim_count = info_element->data[0]; 2137 network->tim.tim_period = info_element->data[1]; 2138 2139 network->dtim_period = info_element->data[1]; 2140 if (ieee->state != RTLLIB_LINKED) 2141 break; 2142 network->last_dtim_sta_time = jiffies; 2143 2144 network->dtim_data = RTLLIB_DTIM_VALID; 2145 2146 2147 if (info_element->data[2] & 1) 2148 network->dtim_data |= RTLLIB_DTIM_MBCAST; 2149 2150 offset = (info_element->data[2] >> 1)*2; 2151 2152 2153 if (ieee->assoc_id < 8*offset || 2154 ieee->assoc_id > 8*(offset + info_element->len - 3)) 2155 break; 2156 2157 offset = (ieee->assoc_id / 8) - offset; 2158 if (info_element->data[3 + offset] & 2159 (1 << (ieee->assoc_id % 8))) 2160 network->dtim_data |= RTLLIB_DTIM_UCAST; 2161 2162 network->listen_interval = network->dtim_period; 2163 break; 2164 2165 case MFIE_TYPE_ERP: 2166 network->erp_value = info_element->data[0]; 2167 network->flags |= NETWORK_HAS_ERP_VALUE; 2168 netdev_dbg(ieee->dev, "MFIE_TYPE_ERP_SET: %d\n", 2169 network->erp_value); 2170 break; 2171 case MFIE_TYPE_IBSS_SET: 2172 network->atim_window = info_element->data[0]; 2173 netdev_dbg(ieee->dev, "MFIE_TYPE_IBSS_SET: %d\n", 2174 network->atim_window); 2175 break; 2176 2177 case MFIE_TYPE_CHALLENGE: 2178 netdev_dbg(ieee->dev, "MFIE_TYPE_CHALLENGE: ignored\n"); 2179 break; 2180 2181 case MFIE_TYPE_GENERIC: 2182 netdev_dbg(ieee->dev, "MFIE_TYPE_GENERIC: %d bytes\n", 2183 info_element->len); 2184 2185 rtllib_parse_mife_generic(ieee, info_element, network, 2186 &tmp_htcap_len, 2187 &tmp_htinfo_len); 2188 break; 2189 2190 case MFIE_TYPE_RSN: 2191 netdev_dbg(ieee->dev, "MFIE_TYPE_RSN: %d bytes\n", 2192 info_element->len); 2193 network->rsn_ie_len = min(info_element->len + 2, 2194 MAX_WPA_IE_LEN); 2195 memcpy(network->rsn_ie, info_element, 2196 network->rsn_ie_len); 2197 break; 2198 2199 case MFIE_TYPE_HT_CAP: 2200 netdev_dbg(ieee->dev, "MFIE_TYPE_HT_CAP: %d bytes\n", 2201 info_element->len); 2202 2203 rtllib_parse_mfie_ht_cap(info_element, network, 2204 &tmp_htcap_len); 2205 break; 2206 2207 2208 case MFIE_TYPE_HT_INFO: 2209 netdev_dbg(ieee->dev, "MFIE_TYPE_HT_INFO: %d bytes\n", 2210 info_element->len); 2211 tmp_htinfo_len = min_t(u8, info_element->len, 2212 MAX_IE_LEN); 2213 if (tmp_htinfo_len) { 2214 network->bssht.bd_ht_spec_ver = HT_SPEC_VER_IEEE; 2215 network->bssht.bd_ht_info_len = tmp_htinfo_len > 2216 sizeof(network->bssht.bd_ht_info_buf) ? 2217 sizeof(network->bssht.bd_ht_info_buf) : 2218 tmp_htinfo_len; 2219 memcpy(network->bssht.bd_ht_info_buf, 2220 info_element->data, 2221 network->bssht.bd_ht_info_len); 2222 } 2223 break; 2224 2225 case MFIE_TYPE_AIRONET: 2226 netdev_dbg(ieee->dev, "MFIE_TYPE_AIRONET: %d bytes\n", 2227 info_element->len); 2228 if (info_element->len > IE_CISCO_FLAG_POSITION) { 2229 network->bWithAironetIE = true; 2230 2231 if ((info_element->data[IE_CISCO_FLAG_POSITION] 2232 & SUPPORT_CKIP_MIC) || 2233 (info_element->data[IE_CISCO_FLAG_POSITION] 2234 & SUPPORT_CKIP_PK)) 2235 network->bCkipSupported = true; 2236 else 2237 network->bCkipSupported = false; 2238 } else { 2239 network->bWithAironetIE = false; 2240 network->bCkipSupported = false; 2241 } 2242 break; 2243 case MFIE_TYPE_QOS_PARAMETER: 2244 netdev_err(ieee->dev, 2245 "QoS Error need to parse QOS_PARAMETER IE\n"); 2246 break; 2247 2248 case MFIE_TYPE_COUNTRY: 2249 netdev_dbg(ieee->dev, "MFIE_TYPE_COUNTRY: %d bytes\n", 2250 info_element->len); 2251 rtllib_extract_country_ie(ieee, info_element, network, 2252 network->bssid); 2253 break; 2254/* TODO */ 2255 default: 2256 netdev_dbg(ieee->dev, 2257 "Unsupported info element: %s (%d)\n", 2258 get_info_element_string(info_element->id), 2259 info_element->id); 2260 break; 2261 } 2262 2263 length -= sizeof(*info_element) + info_element->len; 2264 info_element = 2265 (struct rtllib_info_element *)&info_element->data[info_element->len]; 2266 } 2267 2268 if (!network->atheros_cap_exist && !network->broadcom_cap_exist && 2269 !network->cisco_cap_exist && !network->ralink_cap_exist && 2270 !network->bssht.bd_rt2rt_aggregation) 2271 network->unknown_cap_exist = true; 2272 else 2273 network->unknown_cap_exist = false; 2274 return 0; 2275} 2276 2277static long rtllib_translate_todbm(u8 signal_strength_index) 2278{ 2279 long signal_power; 2280 2281 signal_power = (long)((signal_strength_index + 1) >> 1); 2282 signal_power -= 95; 2283 2284 return signal_power; 2285} 2286 2287static inline int rtllib_network_init( 2288 struct rtllib_device *ieee, 2289 struct rtllib_probe_response *beacon, 2290 struct rtllib_network *network, 2291 struct rtllib_rx_stats *stats) 2292{ 2293 memset(&network->qos_data, 0, sizeof(struct rtllib_qos_data)); 2294 2295 /* Pull out fixed field data */ 2296 ether_addr_copy(network->bssid, beacon->header.addr3); 2297 network->capability = le16_to_cpu(beacon->capability); 2298 network->last_scanned = jiffies; 2299 network->time_stamp[0] = beacon->time_stamp[0]; 2300 network->time_stamp[1] = beacon->time_stamp[1]; 2301 network->beacon_interval = le16_to_cpu(beacon->beacon_interval); 2302 /* Where to pull this? beacon->listen_interval;*/ 2303 network->listen_interval = 0x0A; 2304 network->rates_len = network->rates_ex_len = 0; 2305 network->ssid_len = 0; 2306 network->hidden_ssid_len = 0; 2307 memset(network->hidden_ssid, 0, sizeof(network->hidden_ssid)); 2308 network->flags = 0; 2309 network->atim_window = 0; 2310 network->erp_value = (network->capability & WLAN_CAPABILITY_IBSS) ? 2311 0x3 : 0x0; 2312 network->berp_info_valid = false; 2313 network->broadcom_cap_exist = false; 2314 network->ralink_cap_exist = false; 2315 network->atheros_cap_exist = false; 2316 network->cisco_cap_exist = false; 2317 network->unknown_cap_exist = false; 2318 network->realtek_cap_exit = false; 2319 network->marvell_cap_exist = false; 2320 network->airgo_cap_exist = false; 2321 network->Turbo_Enable = 0; 2322 network->SignalStrength = stats->SignalStrength; 2323 network->RSSI = stats->SignalStrength; 2324 network->CountryIeLen = 0; 2325 memset(network->CountryIeBuf, 0, MAX_IE_LEN); 2326 HTInitializeBssDesc(&network->bssht); 2327 if (stats->freq == RTLLIB_52GHZ_BAND) { 2328 /* for A band (No DS info) */ 2329 network->channel = stats->received_channel; 2330 } else 2331 network->flags |= NETWORK_HAS_CCK; 2332 2333 network->wpa_ie_len = 0; 2334 network->rsn_ie_len = 0; 2335 network->wzc_ie_len = 0; 2336 2337 if (rtllib_parse_info_param(ieee, 2338 beacon->info_element, 2339 (stats->len - sizeof(*beacon)), 2340 network, 2341 stats)) 2342 return 1; 2343 2344 network->mode = 0; 2345 if (stats->freq == RTLLIB_52GHZ_BAND) 2346 network->mode = IEEE_A; 2347 else { 2348 if (network->flags & NETWORK_HAS_OFDM) 2349 network->mode |= IEEE_G; 2350 if (network->flags & NETWORK_HAS_CCK) 2351 network->mode |= IEEE_B; 2352 } 2353 2354 if (network->mode == 0) { 2355 netdev_dbg(ieee->dev, "Filtered out '%s (%pM)' network.\n", 2356 escape_essid(network->ssid, network->ssid_len), 2357 network->bssid); 2358 return 1; 2359 } 2360 2361 if (network->bssht.bd_support_ht) { 2362 if (network->mode == IEEE_A) 2363 network->mode = IEEE_N_5G; 2364 else if (network->mode & (IEEE_G | IEEE_B)) 2365 network->mode = IEEE_N_24G; 2366 } 2367 if (rtllib_is_empty_essid(network->ssid, network->ssid_len)) 2368 network->flags |= NETWORK_EMPTY_ESSID; 2369 stats->signal = 30 + (stats->SignalStrength * 70) / 100; 2370 stats->noise = rtllib_translate_todbm((u8)(100-stats->signal)) - 25; 2371 2372 memcpy(&network->stats, stats, sizeof(network->stats)); 2373 2374 return 0; 2375} 2376 2377static inline int is_same_network(struct rtllib_network *src, 2378 struct rtllib_network *dst, u8 ssidbroad) 2379{ 2380 /* A network is only a duplicate if the channel, BSSID, ESSID 2381 * and the capability field (in particular IBSS and BSS) all match. 2382 * We treat all <hidden> with the same BSSID and channel 2383 * as one network 2384 */ 2385 return (((src->ssid_len == dst->ssid_len) || (!ssidbroad)) && 2386 (src->channel == dst->channel) && 2387 !memcmp(src->bssid, dst->bssid, ETH_ALEN) && 2388 (!memcmp(src->ssid, dst->ssid, src->ssid_len) || 2389 (!ssidbroad)) && 2390 ((src->capability & WLAN_CAPABILITY_IBSS) == 2391 (dst->capability & WLAN_CAPABILITY_IBSS)) && 2392 ((src->capability & WLAN_CAPABILITY_ESS) == 2393 (dst->capability & WLAN_CAPABILITY_ESS))); 2394} 2395 2396 2397static inline void update_network(struct rtllib_device *ieee, 2398 struct rtllib_network *dst, 2399 struct rtllib_network *src) 2400{ 2401 int qos_active; 2402 u8 old_param; 2403 2404 memcpy(&dst->stats, &src->stats, sizeof(struct rtllib_rx_stats)); 2405 dst->capability = src->capability; 2406 memcpy(dst->rates, src->rates, src->rates_len); 2407 dst->rates_len = src->rates_len; 2408 memcpy(dst->rates_ex, src->rates_ex, src->rates_ex_len); 2409 dst->rates_ex_len = src->rates_ex_len; 2410 if (src->ssid_len > 0) { 2411 if (dst->ssid_len == 0) { 2412 memset(dst->hidden_ssid, 0, sizeof(dst->hidden_ssid)); 2413 dst->hidden_ssid_len = src->ssid_len; 2414 memcpy(dst->hidden_ssid, src->ssid, src->ssid_len); 2415 } else { 2416 memset(dst->ssid, 0, dst->ssid_len); 2417 dst->ssid_len = src->ssid_len; 2418 memcpy(dst->ssid, src->ssid, src->ssid_len); 2419 } 2420 } 2421 dst->mode = src->mode; 2422 dst->flags = src->flags; 2423 dst->time_stamp[0] = src->time_stamp[0]; 2424 dst->time_stamp[1] = src->time_stamp[1]; 2425 if (src->flags & NETWORK_HAS_ERP_VALUE) { 2426 dst->erp_value = src->erp_value; 2427 dst->berp_info_valid = src->berp_info_valid = true; 2428 } 2429 dst->beacon_interval = src->beacon_interval; 2430 dst->listen_interval = src->listen_interval; 2431 dst->atim_window = src->atim_window; 2432 dst->dtim_period = src->dtim_period; 2433 dst->dtim_data = src->dtim_data; 2434 dst->last_dtim_sta_time = src->last_dtim_sta_time; 2435 memcpy(&dst->tim, &src->tim, sizeof(struct rtllib_tim_parameters)); 2436 2437 dst->bssht.bd_support_ht = src->bssht.bd_support_ht; 2438 dst->bssht.bd_rt2rt_aggregation = src->bssht.bd_rt2rt_aggregation; 2439 dst->bssht.bd_ht_cap_len = src->bssht.bd_ht_cap_len; 2440 memcpy(dst->bssht.bd_ht_cap_buf, src->bssht.bd_ht_cap_buf, 2441 src->bssht.bd_ht_cap_len); 2442 dst->bssht.bd_ht_info_len = src->bssht.bd_ht_info_len; 2443 memcpy(dst->bssht.bd_ht_info_buf, src->bssht.bd_ht_info_buf, 2444 src->bssht.bd_ht_info_len); 2445 dst->bssht.bd_ht_spec_ver = src->bssht.bd_ht_spec_ver; 2446 dst->bssht.bd_rt2rt_long_slot_time = src->bssht.bd_rt2rt_long_slot_time; 2447 dst->broadcom_cap_exist = src->broadcom_cap_exist; 2448 dst->ralink_cap_exist = src->ralink_cap_exist; 2449 dst->atheros_cap_exist = src->atheros_cap_exist; 2450 dst->realtek_cap_exit = src->realtek_cap_exit; 2451 dst->marvell_cap_exist = src->marvell_cap_exist; 2452 dst->cisco_cap_exist = src->cisco_cap_exist; 2453 dst->airgo_cap_exist = src->airgo_cap_exist; 2454 dst->unknown_cap_exist = src->unknown_cap_exist; 2455 memcpy(dst->wpa_ie, src->wpa_ie, src->wpa_ie_len); 2456 dst->wpa_ie_len = src->wpa_ie_len; 2457 memcpy(dst->rsn_ie, src->rsn_ie, src->rsn_ie_len); 2458 dst->rsn_ie_len = src->rsn_ie_len; 2459 memcpy(dst->wzc_ie, src->wzc_ie, src->wzc_ie_len); 2460 dst->wzc_ie_len = src->wzc_ie_len; 2461 2462 dst->last_scanned = jiffies; 2463 /* qos related parameters */ 2464 qos_active = dst->qos_data.active; 2465 old_param = dst->qos_data.param_count; 2466 dst->qos_data.supported = src->qos_data.supported; 2467 if (dst->flags & NETWORK_HAS_QOS_PARAMETERS) 2468 memcpy(&dst->qos_data, &src->qos_data, 2469 sizeof(struct rtllib_qos_data)); 2470 if (dst->qos_data.supported == 1) { 2471 if (dst->ssid_len) 2472 netdev_dbg(ieee->dev, 2473 "QoS the network %s is QoS supported\n", 2474 dst->ssid); 2475 else 2476 netdev_dbg(ieee->dev, 2477 "QoS the network is QoS supported\n"); 2478 } 2479 dst->qos_data.active = qos_active; 2480 dst->qos_data.old_param_count = old_param; 2481 2482 dst->wmm_info = src->wmm_info; 2483 if (src->wmm_param[0].ac_aci_acm_aifsn || 2484 src->wmm_param[1].ac_aci_acm_aifsn || 2485 src->wmm_param[2].ac_aci_acm_aifsn || 2486 src->wmm_param[3].ac_aci_acm_aifsn) 2487 memcpy(dst->wmm_param, src->wmm_param, WME_AC_PRAM_LEN); 2488 2489 dst->SignalStrength = src->SignalStrength; 2490 dst->RSSI = src->RSSI; 2491 dst->Turbo_Enable = src->Turbo_Enable; 2492 2493 dst->CountryIeLen = src->CountryIeLen; 2494 memcpy(dst->CountryIeBuf, src->CountryIeBuf, src->CountryIeLen); 2495 2496 dst->bWithAironetIE = src->bWithAironetIE; 2497 dst->bCkipSupported = src->bCkipSupported; 2498 memcpy(dst->CcxRmState, src->CcxRmState, 2); 2499 dst->bCcxRmEnable = src->bCcxRmEnable; 2500 dst->MBssidMask = src->MBssidMask; 2501 dst->bMBssidValid = src->bMBssidValid; 2502 memcpy(dst->MBssid, src->MBssid, 6); 2503 dst->bWithCcxVerNum = src->bWithCcxVerNum; 2504 dst->BssCcxVerNumber = src->BssCcxVerNumber; 2505} 2506 2507static inline int is_beacon(u16 fc) 2508{ 2509 return (WLAN_FC_GET_STYPE(fc) == RTLLIB_STYPE_BEACON); 2510} 2511 2512static int IsPassiveChannel(struct rtllib_device *rtllib, u8 channel) 2513{ 2514 if (channel > MAX_CHANNEL_NUMBER) { 2515 netdev_info(rtllib->dev, "%s(): Invalid Channel\n", __func__); 2516 return 0; 2517 } 2518 2519 if (rtllib->active_channel_map[channel] == 2) 2520 return 1; 2521 2522 return 0; 2523} 2524 2525int rtllib_legal_channel(struct rtllib_device *rtllib, u8 channel) 2526{ 2527 if (channel > MAX_CHANNEL_NUMBER) { 2528 netdev_info(rtllib->dev, "%s(): Invalid Channel\n", __func__); 2529 return 0; 2530 } 2531 if (rtllib->active_channel_map[channel] > 0) 2532 return 1; 2533 2534 return 0; 2535} 2536EXPORT_SYMBOL(rtllib_legal_channel); 2537 2538static inline void rtllib_process_probe_response( 2539 struct rtllib_device *ieee, 2540 struct rtllib_probe_response *beacon, 2541 struct rtllib_rx_stats *stats) 2542{ 2543 struct rtllib_network *target; 2544 struct rtllib_network *oldest = NULL; 2545 struct rtllib_info_element *info_element = &beacon->info_element[0]; 2546 unsigned long flags; 2547 short renew; 2548 struct rtllib_network *network = kzalloc(sizeof(struct rtllib_network), 2549 GFP_ATOMIC); 2550 u16 frame_ctl = le16_to_cpu(beacon->header.frame_ctl); 2551 2552 if (!network) 2553 return; 2554 2555 netdev_dbg(ieee->dev, 2556 "'%s' ( %pM ): %c%c%c%c %c%c%c%c-%c%c%c%c %c%c%c%c\n", 2557 escape_essid(info_element->data, info_element->len), 2558 beacon->header.addr3, 2559 (le16_to_cpu(beacon->capability) & (1<<0xf)) ? '1' : '0', 2560 (le16_to_cpu(beacon->capability) & (1<<0xe)) ? '1' : '0', 2561 (le16_to_cpu(beacon->capability) & (1<<0xd)) ? '1' : '0', 2562 (le16_to_cpu(beacon->capability) & (1<<0xc)) ? '1' : '0', 2563 (le16_to_cpu(beacon->capability) & (1<<0xb)) ? '1' : '0', 2564 (le16_to_cpu(beacon->capability) & (1<<0xa)) ? '1' : '0', 2565 (le16_to_cpu(beacon->capability) & (1<<0x9)) ? '1' : '0', 2566 (le16_to_cpu(beacon->capability) & (1<<0x8)) ? '1' : '0', 2567 (le16_to_cpu(beacon->capability) & (1<<0x7)) ? '1' : '0', 2568 (le16_to_cpu(beacon->capability) & (1<<0x6)) ? '1' : '0', 2569 (le16_to_cpu(beacon->capability) & (1<<0x5)) ? '1' : '0', 2570 (le16_to_cpu(beacon->capability) & (1<<0x4)) ? '1' : '0', 2571 (le16_to_cpu(beacon->capability) & (1<<0x3)) ? '1' : '0', 2572 (le16_to_cpu(beacon->capability) & (1<<0x2)) ? '1' : '0', 2573 (le16_to_cpu(beacon->capability) & (1<<0x1)) ? '1' : '0', 2574 (le16_to_cpu(beacon->capability) & (1<<0x0)) ? '1' : '0'); 2575 2576 if (rtllib_network_init(ieee, beacon, network, stats)) { 2577 netdev_dbg(ieee->dev, "Dropped '%s' ( %pM) via %s.\n", 2578 escape_essid(info_element->data, info_element->len), 2579 beacon->header.addr3, 2580 is_beacon(frame_ctl) ? "BEACON" : "PROBE RESPONSE"); 2581 goto free_network; 2582 } 2583 2584 2585 if (!rtllib_legal_channel(ieee, network->channel)) 2586 goto free_network; 2587 2588 if (WLAN_FC_GET_STYPE(frame_ctl) == RTLLIB_STYPE_PROBE_RESP) { 2589 if (IsPassiveChannel(ieee, network->channel)) { 2590 netdev_info(ieee->dev, 2591 "GetScanInfo(): For Global Domain, filter probe response at channel(%d).\n", 2592 network->channel); 2593 goto free_network; 2594 } 2595 } 2596 2597 /* The network parsed correctly -- so now we scan our known networks 2598 * to see if we can find it in our list. 2599 * 2600 * NOTE: This search is definitely not optimized. Once its doing 2601 * the "right thing" we'll optimize it for efficiency if 2602 * necessary 2603 */ 2604 2605 /* Search for this entry in the list and update it if it is 2606 * already there. 2607 */ 2608 2609 spin_lock_irqsave(&ieee->lock, flags); 2610 if (is_same_network(&ieee->current_network, network, 2611 (network->ssid_len ? 1 : 0))) { 2612 update_network(ieee, &ieee->current_network, network); 2613 if ((ieee->current_network.mode == IEEE_N_24G || 2614 ieee->current_network.mode == IEEE_G) && 2615 ieee->current_network.berp_info_valid) { 2616 if (ieee->current_network.erp_value & ERP_UseProtection) 2617 ieee->current_network.buseprotection = true; 2618 else 2619 ieee->current_network.buseprotection = false; 2620 } 2621 if (is_beacon(frame_ctl)) { 2622 if (ieee->state >= RTLLIB_LINKED) 2623 ieee->LinkDetectInfo.NumRecvBcnInPeriod++; 2624 } 2625 } 2626 list_for_each_entry(target, &ieee->network_list, list) { 2627 if (is_same_network(target, network, 2628 (target->ssid_len ? 1 : 0))) 2629 break; 2630 if ((oldest == NULL) || 2631 (target->last_scanned < oldest->last_scanned)) 2632 oldest = target; 2633 } 2634 2635 /* If we didn't find a match, then get a new network slot to initialize 2636 * with this beacon's information 2637 */ 2638 if (&target->list == &ieee->network_list) { 2639 if (list_empty(&ieee->network_free_list)) { 2640 /* If there are no more slots, expire the oldest */ 2641 list_del(&oldest->list); 2642 target = oldest; 2643 netdev_dbg(ieee->dev, 2644 "Expired '%s' ( %pM) from network list.\n", 2645 escape_essid(target->ssid, target->ssid_len), 2646 target->bssid); 2647 } else { 2648 /* Otherwise just pull from the free list */ 2649 target = list_entry(ieee->network_free_list.next, 2650 struct rtllib_network, list); 2651 list_del(ieee->network_free_list.next); 2652 } 2653 2654 netdev_dbg(ieee->dev, "Adding '%s' ( %pM) via %s.\n", 2655 escape_essid(network->ssid, network->ssid_len), 2656 network->bssid, 2657 is_beacon(frame_ctl) ? "BEACON" : "PROBE RESPONSE"); 2658 2659 memcpy(target, network, sizeof(*target)); 2660 list_add_tail(&target->list, &ieee->network_list); 2661 if (ieee->softmac_features & IEEE_SOFTMAC_ASSOCIATE) 2662 rtllib_softmac_new_net(ieee, network); 2663 } else { 2664 netdev_dbg(ieee->dev, "Updating '%s' ( %pM) via %s.\n", 2665 escape_essid(target->ssid, target->ssid_len), 2666 target->bssid, 2667 is_beacon(frame_ctl) ? "BEACON" : "PROBE RESPONSE"); 2668 2669 /* we have an entry and we are going to update it. But this 2670 * entry may be already expired. In this case we do the same 2671 * as we found a new net and call the new_net handler 2672 */ 2673 renew = !time_after(target->last_scanned + ieee->scan_age, 2674 jiffies); 2675 if ((!target->ssid_len) && 2676 (((network->ssid_len > 0) && (target->hidden_ssid_len == 0)) 2677 || ((ieee->current_network.ssid_len == network->ssid_len) && 2678 (strncmp(ieee->current_network.ssid, network->ssid, 2679 network->ssid_len) == 0) && 2680 (ieee->state == RTLLIB_NOLINK)))) 2681 renew = 1; 2682 update_network(ieee, target, network); 2683 if (renew && (ieee->softmac_features & IEEE_SOFTMAC_ASSOCIATE)) 2684 rtllib_softmac_new_net(ieee, network); 2685 } 2686 2687 spin_unlock_irqrestore(&ieee->lock, flags); 2688 if (is_beacon(frame_ctl) && 2689 is_same_network(&ieee->current_network, network, 2690 (network->ssid_len ? 1 : 0)) && 2691 (ieee->state == RTLLIB_LINKED)) { 2692 if (ieee->handle_beacon != NULL) 2693 ieee->handle_beacon(ieee->dev, beacon, 2694 &ieee->current_network); 2695 } 2696free_network: 2697 kfree(network); 2698} 2699 2700static void rtllib_rx_mgt(struct rtllib_device *ieee, 2701 struct sk_buff *skb, 2702 struct rtllib_rx_stats *stats) 2703{ 2704 struct rtllib_hdr_4addr *header = (struct rtllib_hdr_4addr *)skb->data; 2705 2706 if ((WLAN_FC_GET_STYPE(le16_to_cpu(header->frame_ctl)) != 2707 RTLLIB_STYPE_PROBE_RESP) && 2708 (WLAN_FC_GET_STYPE(le16_to_cpu(header->frame_ctl)) != 2709 RTLLIB_STYPE_BEACON)) 2710 ieee->last_rx_ps_time = jiffies; 2711 2712 switch (WLAN_FC_GET_STYPE(le16_to_cpu(header->frame_ctl))) { 2713 2714 case RTLLIB_STYPE_BEACON: 2715 netdev_dbg(ieee->dev, "received BEACON (%d)\n", 2716 WLAN_FC_GET_STYPE(le16_to_cpu(header->frame_ctl))); 2717 rtllib_process_probe_response( 2718 ieee, (struct rtllib_probe_response *)header, 2719 stats); 2720 2721 if (ieee->sta_sleep || (ieee->ps != RTLLIB_PS_DISABLED && 2722 ieee->iw_mode == IW_MODE_INFRA && 2723 ieee->state == RTLLIB_LINKED)) 2724 schedule_work(&ieee->ps_task); 2725 2726 break; 2727 2728 case RTLLIB_STYPE_PROBE_RESP: 2729 netdev_dbg(ieee->dev, "received PROBE RESPONSE (%d)\n", 2730 WLAN_FC_GET_STYPE(le16_to_cpu(header->frame_ctl))); 2731 rtllib_process_probe_response(ieee, 2732 (struct rtllib_probe_response *)header, stats); 2733 break; 2734 case RTLLIB_STYPE_PROBE_REQ: 2735 netdev_dbg(ieee->dev, "received PROBE REQUEST (%d)\n", 2736 WLAN_FC_GET_STYPE(le16_to_cpu(header->frame_ctl))); 2737 if ((ieee->softmac_features & IEEE_SOFTMAC_PROBERS) && 2738 ((ieee->iw_mode == IW_MODE_ADHOC || 2739 ieee->iw_mode == IW_MODE_MASTER) && 2740 ieee->state == RTLLIB_LINKED)) 2741 rtllib_rx_probe_rq(ieee, skb); 2742 break; 2743 } 2744}