1 /******************************************************************************
3 Copyright(c) 2003 - 2005 Intel Corporation. All rights reserved.
5 This program is free software; you can redistribute it and/or modify it
6 under the terms of version 2 of the GNU General Public License as
7 published by the Free Software Foundation.
9 This program is distributed in the hope that it will be useful, but WITHOUT
10 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
14 You should have received a copy of the GNU General Public License along with
15 this program; if not, write to the Free Software Foundation, Inc., 59
16 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
18 The full GNU General Public License is included in this distribution in the
22 James P. Ketrenos <ipw2100-admin@linux.intel.com>
23 Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497
25 ******************************************************************************/
26 #include <linux/compiler.h>
27 #include <linux/config.h>
28 #include <linux/errno.h>
29 #include <linux/if_arp.h>
30 #include <linux/in6.h>
33 #include <linux/kernel.h>
34 #include <linux/module.h>
35 #include <linux/netdevice.h>
36 #include <linux/proc_fs.h>
37 #include <linux/skbuff.h>
38 #include <linux/slab.h>
39 #include <linux/tcp.h>
40 #include <linux/types.h>
41 #include <linux/version.h>
42 #include <linux/wireless.h>
43 #include <linux/etherdevice.h>
44 #include <asm/uaccess.h>
46 #include <net/ieee80211.h>
52 ,-------------------------------------------------------------------.
53 Bytes | 2 | 2 | 6 | 6 | 6 | 2 | 0..2312 | 4 |
54 |------|------|---------|---------|---------|------|---------|------|
55 Desc. | ctrl | dura | DA/RA | TA | SA | Sequ | Frame | fcs |
56 | | tion | (BSSID) | | | ence | data | |
57 `--------------------------------------------------| |------'
58 Total: 28 non-data bytes `----.----'
60 .- 'Frame data' expands to <---------------------------'
63 ,---------------------------------------------------.
64 Bytes | 1 | 1 | 1 | 3 | 2 | 0-2304 |
65 |------|------|---------|----------|------|---------|
66 Desc. | SNAP | SNAP | Control |Eth Tunnel| Type | IP |
67 | DSAP | SSAP | | | | Packet |
68 | 0xAA | 0xAA |0x03 (UI)|0x00-00-F8| | |
69 `-----------------------------------------| |
70 Total: 8 non-data bytes `----.----'
72 .- 'IP Packet' expands, if WEP enabled, to <--'
75 ,-----------------------.
76 Bytes | 4 | 0-2296 | 4 |
77 |-----|-----------|-----|
78 Desc. | IV | Encrypted | ICV |
80 `-----------------------'
81 Total: 8 non-data bytes
83 802.3 Ethernet Data Frame
85 ,-----------------------------------------.
86 Bytes | 6 | 6 | 2 | Variable | 4 |
87 |-------|-------|------|-----------|------|
88 Desc. | Dest. | Source| Type | IP Packet | fcs |
90 `-----------------------------------------'
91 Total: 18 non-data bytes
93 In the event that fragmentation is required, the incoming payload is split into
94 N parts of size ieee->fts. The first fragment contains the SNAP header and the
95 remaining packets are just data.
97 If encryption is enabled, each fragment payload size is reduced by enough space
98 to add the prefix and postfix (IV and ICV totalling 8 bytes in the case of WEP)
99 So if you have 1500 bytes of payload with ieee->fts set to 500 without
100 encryption it will take 3 frames. With WEP it will take 4 frames as the
101 payload of each frame is reduced to 492 bytes.
107 * | ETHERNET HEADER ,-<-- PAYLOAD
108 * | | 14 bytes from skb->data
109 * | 2 bytes for Type --> ,T. | (sizeof ethhdr)
111 * |,-Dest.--. ,--Src.---. | | |
112 * | 6 bytes| | 6 bytes | | | |
115 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
118 * | | | | `T' <---- 2 bytes for Type
120 * | | '---SNAP--' <-------- 6 bytes for SNAP
122 * `-IV--' <-------------------- 4 bytes for IV (WEP)
128 static u8 P802_1H_OUI
[P80211_OUI_LEN
] = { 0x00, 0x00, 0xf8 };
129 static u8 RFC1042_OUI
[P80211_OUI_LEN
] = { 0x00, 0x00, 0x00 };
131 static inline int ieee80211_copy_snap(u8
* data
, u16 h_proto
)
133 struct ieee80211_snap_hdr
*snap
;
136 snap
= (struct ieee80211_snap_hdr
*)data
;
141 if (h_proto
== 0x8137 || h_proto
== 0x80f3)
145 snap
->oui
[0] = oui
[0];
146 snap
->oui
[1] = oui
[1];
147 snap
->oui
[2] = oui
[2];
149 *(u16
*) (data
+ SNAP_SIZE
) = htons(h_proto
);
151 return SNAP_SIZE
+ sizeof(u16
);
154 static inline int ieee80211_encrypt_fragment(struct ieee80211_device
*ieee
,
155 struct sk_buff
*frag
, int hdr_len
)
157 struct ieee80211_crypt_data
*crypt
= ieee
->crypt
[ieee
->tx_keyidx
];
163 /* To encrypt, frame format is:
164 * IV (4 bytes), clear payload (including SNAP), ICV (4 bytes) */
165 atomic_inc(&crypt
->refcnt
);
167 if (crypt
->ops
&& crypt
->ops
->encrypt_mpdu
)
168 res
= crypt
->ops
->encrypt_mpdu(frag
, hdr_len
, crypt
->priv
);
170 atomic_dec(&crypt
->refcnt
);
172 printk(KERN_INFO
"%s: Encryption failed: len=%d.\n",
173 ieee
->dev
->name
, frag
->len
);
174 ieee
->ieee_stats
.tx_discards
++;
181 void ieee80211_txb_free(struct ieee80211_txb
*txb
)
186 for (i
= 0; i
< txb
->nr_frags
; i
++)
187 if (txb
->fragments
[i
])
188 dev_kfree_skb_any(txb
->fragments
[i
]);
192 static struct ieee80211_txb
*ieee80211_alloc_txb(int nr_frags
, int txb_size
,
193 int headroom
, gfp_t gfp_mask
)
195 struct ieee80211_txb
*txb
;
197 txb
= kmalloc(sizeof(struct ieee80211_txb
) + (sizeof(u8
*) * nr_frags
),
202 memset(txb
, 0, sizeof(struct ieee80211_txb
));
203 txb
->nr_frags
= nr_frags
;
204 txb
->frag_size
= txb_size
;
206 for (i
= 0; i
< nr_frags
; i
++) {
207 txb
->fragments
[i
] = __dev_alloc_skb(txb_size
+ headroom
,
209 if (unlikely(!txb
->fragments
[i
])) {
213 skb_reserve(txb
->fragments
[i
], headroom
);
215 if (unlikely(i
!= nr_frags
)) {
217 dev_kfree_skb_any(txb
->fragments
[i
--]);
224 /* Incoming skb is converted to a txb which consists of
225 * a block of 802.11 fragment packets (stored as skbs) */
226 int ieee80211_xmit(struct sk_buff
*skb
, struct net_device
*dev
)
228 struct ieee80211_device
*ieee
= netdev_priv(dev
);
229 struct ieee80211_txb
*txb
= NULL
;
230 struct ieee80211_hdr_3addr
*frag_hdr
;
231 int i
, bytes_per_frag
, nr_frags
, bytes_last_frag
, frag_size
,
234 struct net_device_stats
*stats
= &ieee
->stats
;
235 int ether_type
, encrypt
, host_encrypt
, host_encrypt_msdu
, host_build_iv
;
236 int bytes
, fc
, hdr_len
;
237 struct sk_buff
*skb_frag
;
238 struct ieee80211_hdr_3addr header
= { /* Ensure zero initialized */
242 u8 dest
[ETH_ALEN
], src
[ETH_ALEN
];
243 struct ieee80211_crypt_data
*crypt
;
244 int priority
= skb
->priority
;
247 if (ieee
->is_queue_full
&& (*ieee
->is_queue_full
) (dev
, priority
))
248 return NETDEV_TX_BUSY
;
250 spin_lock_irqsave(&ieee
->lock
, flags
);
252 /* If there is no driver handler to take the TXB, dont' bother
254 if (!ieee
->hard_start_xmit
) {
255 printk(KERN_WARNING
"%s: No xmit handler.\n", ieee
->dev
->name
);
259 if (unlikely(skb
->len
< SNAP_SIZE
+ sizeof(u16
))) {
260 printk(KERN_WARNING
"%s: skb too small (%d).\n",
261 ieee
->dev
->name
, skb
->len
);
265 ether_type
= ntohs(((struct ethhdr
*)skb
->data
)->h_proto
);
267 crypt
= ieee
->crypt
[ieee
->tx_keyidx
];
269 encrypt
= !(ether_type
== ETH_P_PAE
&& ieee
->ieee802_1x
) &&
272 host_encrypt
= ieee
->host_encrypt
&& encrypt
&& crypt
;
273 host_encrypt_msdu
= ieee
->host_encrypt_msdu
&& encrypt
&& crypt
;
274 host_build_iv
= ieee
->host_build_iv
&& encrypt
&& crypt
;
276 if (!encrypt
&& ieee
->ieee802_1x
&&
277 ieee
->drop_unencrypted
&& ether_type
!= ETH_P_PAE
) {
282 /* Save source and destination addresses */
283 memcpy(dest
, skb
->data
, ETH_ALEN
);
284 memcpy(src
, skb
->data
+ ETH_ALEN
, ETH_ALEN
);
286 /* Advance the SKB to the start of the payload */
287 skb_pull(skb
, sizeof(struct ethhdr
));
289 /* Determine total amount of storage required for TXB packets */
290 bytes
= skb
->len
+ SNAP_SIZE
+ sizeof(u16
);
293 fc
= IEEE80211_FTYPE_DATA
| IEEE80211_STYPE_DATA
|
294 IEEE80211_FCTL_PROTECTED
;
296 fc
= IEEE80211_FTYPE_DATA
| IEEE80211_STYPE_DATA
;
298 if (ieee
->iw_mode
== IW_MODE_INFRA
) {
299 fc
|= IEEE80211_FCTL_TODS
;
300 /* To DS: Addr1 = BSSID, Addr2 = SA, Addr3 = DA */
301 memcpy(header
.addr1
, ieee
->bssid
, ETH_ALEN
);
302 memcpy(header
.addr2
, src
, ETH_ALEN
);
303 memcpy(header
.addr3
, dest
, ETH_ALEN
);
304 } else if (ieee
->iw_mode
== IW_MODE_ADHOC
) {
305 /* not From/To DS: Addr1 = DA, Addr2 = SA, Addr3 = BSSID */
306 memcpy(header
.addr1
, dest
, ETH_ALEN
);
307 memcpy(header
.addr2
, src
, ETH_ALEN
);
308 memcpy(header
.addr3
, ieee
->bssid
, ETH_ALEN
);
310 header
.frame_ctl
= cpu_to_le16(fc
);
311 hdr_len
= IEEE80211_3ADDR_LEN
;
313 /* Encrypt msdu first on the whole data packet. */
314 if ((host_encrypt
|| host_encrypt_msdu
) &&
315 crypt
&& crypt
->ops
&& crypt
->ops
->encrypt_msdu
) {
317 int len
= bytes
+ hdr_len
+ crypt
->ops
->extra_msdu_prefix_len
+
318 crypt
->ops
->extra_msdu_postfix_len
;
319 struct sk_buff
*skb_new
= dev_alloc_skb(len
);
321 if (unlikely(!skb_new
))
324 skb_reserve(skb_new
, crypt
->ops
->extra_msdu_prefix_len
);
325 memcpy(skb_put(skb_new
, hdr_len
), &header
, hdr_len
);
327 ieee80211_copy_snap(skb_put(skb_new
, SNAP_SIZE
+ sizeof(u16
)),
329 memcpy(skb_put(skb_new
, skb
->len
), skb
->data
, skb
->len
);
330 res
= crypt
->ops
->encrypt_msdu(skb_new
, hdr_len
, crypt
->priv
);
332 IEEE80211_ERROR("msdu encryption failed\n");
333 dev_kfree_skb_any(skb_new
);
336 dev_kfree_skb_any(skb
);
338 bytes
+= crypt
->ops
->extra_msdu_prefix_len
+
339 crypt
->ops
->extra_msdu_postfix_len
;
340 skb_pull(skb
, hdr_len
);
343 if (host_encrypt
|| ieee
->host_open_frag
) {
344 /* Determine fragmentation size based on destination (multicast
345 * and broadcast are not fragmented) */
346 if (is_multicast_ether_addr(dest
) ||
347 is_broadcast_ether_addr(dest
))
348 frag_size
= MAX_FRAG_THRESHOLD
;
350 frag_size
= ieee
->fts
;
352 /* Determine amount of payload per fragment. Regardless of if
353 * this stack is providing the full 802.11 header, one will
354 * eventually be affixed to this fragment -- so we must account
355 * for it when determining the amount of payload space. */
356 bytes_per_frag
= frag_size
- IEEE80211_3ADDR_LEN
;
358 (CFG_IEEE80211_COMPUTE_FCS
| CFG_IEEE80211_RESERVE_FCS
))
359 bytes_per_frag
-= IEEE80211_FCS_LEN
;
361 /* Each fragment may need to have room for encryptiong
364 bytes_per_frag
-= crypt
->ops
->extra_mpdu_prefix_len
+
365 crypt
->ops
->extra_mpdu_postfix_len
;
367 /* Number of fragments is the total
368 * bytes_per_frag / payload_per_fragment */
369 nr_frags
= bytes
/ bytes_per_frag
;
370 bytes_last_frag
= bytes
% bytes_per_frag
;
374 bytes_last_frag
= bytes_per_frag
;
377 bytes_per_frag
= bytes_last_frag
= bytes
;
378 frag_size
= bytes
+ IEEE80211_3ADDR_LEN
;
381 rts_required
= (frag_size
> ieee
->rts
382 && ieee
->config
& CFG_IEEE80211_RTS
);
386 /* When we allocate the TXB we allocate enough space for the reserve
387 * and full fragment bytes (bytes_per_frag doesn't include prefix,
388 * postfix, header, FCS, etc.) */
389 txb
= ieee80211_alloc_txb(nr_frags
, frag_size
,
390 ieee
->tx_headroom
, GFP_ATOMIC
);
391 if (unlikely(!txb
)) {
392 printk(KERN_WARNING
"%s: Could not allocate TXB\n",
396 txb
->encrypted
= encrypt
;
398 txb
->payload_size
= frag_size
* (nr_frags
- 1) +
401 txb
->payload_size
= bytes
;
404 skb_frag
= txb
->fragments
[0];
406 (struct ieee80211_hdr_3addr
*)skb_put(skb_frag
, hdr_len
);
409 * Set header frame_ctl to the RTS.
412 cpu_to_le16(IEEE80211_FTYPE_CTL
| IEEE80211_STYPE_RTS
);
413 memcpy(frag_hdr
, &header
, hdr_len
);
416 * Restore header frame_ctl to the original data setting.
418 header
.frame_ctl
= cpu_to_le16(fc
);
421 (CFG_IEEE80211_COMPUTE_FCS
| CFG_IEEE80211_RESERVE_FCS
))
422 skb_put(skb_frag
, 4);
424 txb
->rts_included
= 1;
429 for (; i
< nr_frags
; i
++) {
430 skb_frag
= txb
->fragments
[i
];
432 if (host_encrypt
|| host_build_iv
)
433 skb_reserve(skb_frag
,
434 crypt
->ops
->extra_mpdu_prefix_len
);
437 (struct ieee80211_hdr_3addr
*)skb_put(skb_frag
, hdr_len
);
438 memcpy(frag_hdr
, &header
, hdr_len
);
440 /* If this is not the last fragment, then add the MOREFRAGS
441 * bit to the frame control */
442 if (i
!= nr_frags
- 1) {
443 frag_hdr
->frame_ctl
=
444 cpu_to_le16(fc
| IEEE80211_FCTL_MOREFRAGS
);
445 bytes
= bytes_per_frag
;
447 /* The last fragment takes the remaining length */
448 bytes
= bytes_last_frag
;
451 if (i
== 0 && !snapped
) {
452 ieee80211_copy_snap(skb_put
453 (skb_frag
, SNAP_SIZE
+ sizeof(u16
)),
455 bytes
-= SNAP_SIZE
+ sizeof(u16
);
458 memcpy(skb_put(skb_frag
, bytes
), skb
->data
, bytes
);
460 /* Advance the SKB... */
461 skb_pull(skb
, bytes
);
463 /* Encryption routine will move the header forward in order
464 * to insert the IV between the header and the payload */
466 ieee80211_encrypt_fragment(ieee
, skb_frag
, hdr_len
);
467 else if (host_build_iv
) {
468 struct ieee80211_crypt_data
*crypt
;
470 crypt
= ieee
->crypt
[ieee
->tx_keyidx
];
471 atomic_inc(&crypt
->refcnt
);
472 if (crypt
->ops
->build_iv
)
473 crypt
->ops
->build_iv(skb_frag
, hdr_len
,
475 atomic_dec(&crypt
->refcnt
);
479 (CFG_IEEE80211_COMPUTE_FCS
| CFG_IEEE80211_RESERVE_FCS
))
480 skb_put(skb_frag
, 4);
484 spin_unlock_irqrestore(&ieee
->lock
, flags
);
486 dev_kfree_skb_any(skb
);
489 int ret
= (*ieee
->hard_start_xmit
) (txb
, dev
, priority
);
492 stats
->tx_bytes
+= txb
->payload_size
;
496 if (ret
== NETDEV_TX_BUSY
) {
497 printk(KERN_ERR
"%s: NETDEV_TX_BUSY returned; "
498 "driver should report queue full via "
499 "ieee_device->is_queue_full.\n",
503 ieee80211_txb_free(txb
);
509 spin_unlock_irqrestore(&ieee
->lock
, flags
);
510 netif_stop_queue(dev
);
515 /* Incoming 802.11 strucure is converted to a TXB
516 * a block of 802.11 fragment packets (stored as skbs) */
517 int ieee80211_tx_frame(struct ieee80211_device
*ieee
,
518 struct ieee80211_hdr
*frame
, int len
)
520 struct ieee80211_txb
*txb
= NULL
;
522 struct net_device_stats
*stats
= &ieee
->stats
;
523 struct sk_buff
*skb_frag
;
526 spin_lock_irqsave(&ieee
->lock
, flags
);
528 /* If there is no driver handler to take the TXB, dont' bother
530 if (!ieee
->hard_start_xmit
) {
531 printk(KERN_WARNING
"%s: No xmit handler.\n", ieee
->dev
->name
);
535 if (unlikely(len
< 24)) {
536 printk(KERN_WARNING
"%s: skb too small (%d).\n",
537 ieee
->dev
->name
, len
);
541 /* When we allocate the TXB we allocate enough space for the reserve
542 * and full fragment bytes (bytes_per_frag doesn't include prefix,
543 * postfix, header, FCS, etc.) */
544 txb
= ieee80211_alloc_txb(1, len
, ieee
->tx_headroom
, GFP_ATOMIC
);
545 if (unlikely(!txb
)) {
546 printk(KERN_WARNING
"%s: Could not allocate TXB\n",
551 txb
->payload_size
= len
;
553 skb_frag
= txb
->fragments
[0];
555 memcpy(skb_put(skb_frag
, len
), frame
, len
);
558 (CFG_IEEE80211_COMPUTE_FCS
| CFG_IEEE80211_RESERVE_FCS
))
559 skb_put(skb_frag
, 4);
562 spin_unlock_irqrestore(&ieee
->lock
, flags
);
565 if ((*ieee
->hard_start_xmit
) (txb
, ieee
->dev
, priority
) == 0) {
567 stats
->tx_bytes
+= txb
->payload_size
;
570 ieee80211_txb_free(txb
);
575 spin_unlock_irqrestore(&ieee
->lock
, flags
);
580 EXPORT_SYMBOL(ieee80211_tx_frame
);
581 EXPORT_SYMBOL(ieee80211_txb_free
);