1 /* src/p80211/p80211conv.c
3 * Ether/802.11 conversions and packet buffer routines
5 * Copyright (C) 1999 AbsoluteValue Systems, Inc. All Rights Reserved.
6 * --------------------------------------------------------------------
10 * The contents of this file are subject to the Mozilla Public
11 * License Version 1.1 (the "License"); you may not use this file
12 * except in compliance with the License. You may obtain a copy of
13 * the License at http://www.mozilla.org/MPL/
15 * Software distributed under the License is distributed on an "AS
16 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
17 * implied. See the License for the specific language governing
18 * rights and limitations under the License.
20 * Alternatively, the contents of this file may be used under the
21 * terms of the GNU Public License version 2 (the "GPL"), in which
22 * case the provisions of the GPL are applicable instead of the
23 * above. If you wish to allow the use of your version of this file
24 * only under the terms of the GPL and not to allow others to use
25 * your version of this file under the MPL, indicate your decision
26 * by deleting the provisions above and replace them with the notice
27 * and other provisions required by the GPL. If you do not delete
28 * the provisions above, a recipient may use your version of this
29 * file under either the MPL or the GPL.
31 * --------------------------------------------------------------------
33 * Inquiries regarding the linux-wlan Open Source project can be
36 * AbsoluteValue Systems Inc.
38 * http://www.linux-wlan.com
40 * --------------------------------------------------------------------
42 * Portions of the development of this software were funded by
43 * Intersil Corporation as part of PRISM(R) chipset product development.
45 * --------------------------------------------------------------------
47 * This file defines the functions that perform Ethernet to/from
48 * 802.11 frame conversions.
50 * --------------------------------------------------------------------
52 *================================================================ */
54 #include <linux/module.h>
55 #include <linux/kernel.h>
56 #include <linux/sched.h>
57 #include <linux/types.h>
58 #include <linux/skbuff.h>
59 #include <linux/slab.h>
60 #include <linux/wireless.h>
61 #include <linux/netdevice.h>
62 #include <linux/etherdevice.h>
63 #include <linux/if_ether.h>
64 #include <linux/byteorder/generic.h>
66 #include <asm/byteorder.h>
68 #include "p80211types.h"
69 #include "p80211hdr.h"
70 #include "p80211conv.h"
71 #include "p80211mgmt.h"
72 #include "p80211msg.h"
73 #include "p80211netdev.h"
74 #include "p80211ioctl.h"
75 #include "p80211req.h"
77 static u8 oui_rfc1042
[] = { 0x00, 0x00, 0x00 };
78 static u8 oui_8021h
[] = { 0x00, 0x00, 0xf8 };
80 /*----------------------------------------------------------------
81 * p80211pb_ether_to_80211
83 * Uses the contents of the ether frame and the etherconv setting
84 * to build the elements of the 802.11 frame.
86 * We don't actually set
87 * up the frame header here. That's the MAC's job. We're only handling
88 * conversion of DIXII or 802.3+LLC frames to something that works
91 * Note -- 802.11 header is NOT part of the skb. Likewise, the 802.11
92 * FCS is also not present and will need to be added elsewhere.
95 * ethconv Conversion type to perform
96 * skb skbuff containing the ether frame
97 * p80211_hdr 802.11 header
100 * 0 on success, non-zero otherwise
103 * May be called in interrupt or non-interrupt context
104 ----------------------------------------------------------------*/
105 int skb_ether_to_p80211(wlandevice_t
*wlandev
, u32 ethconv
,
106 struct sk_buff
*skb
, p80211_hdr_t
*p80211_hdr
,
107 p80211_metawep_t
*p80211_wep
)
117 memcpy(&e_hdr
, skb
->data
, sizeof(e_hdr
));
120 pr_debug("zero-length skb!\n");
124 if (ethconv
== WLAN_ETHCONV_ENCAP
) { /* simplest case */
125 pr_debug("ENCAP len: %d\n", skb
->len
);
126 /* here, we don't care what kind of ether frm. Just stick it */
127 /* in the 80211 payload */
128 /* which is to say, leave the skb alone. */
130 /* step 1: classify ether frame, DIX or 802.3? */
131 proto
= ntohs(e_hdr
.type
);
133 pr_debug("802.3 len: %d\n", skb
->len
);
134 /* codes <= 1500 reserved for 802.3 lengths */
135 /* it's 802.3, pass ether payload unchanged, */
137 /* trim off ethernet header */
138 skb_pull(skb
, WLAN_ETHHDR_LEN
);
140 /* leave off any PAD octets. */
141 skb_trim(skb
, proto
);
143 pr_debug("DIXII len: %d\n", skb
->len
);
144 /* it's DIXII, time for some conversion */
146 /* trim off ethernet header */
147 skb_pull(skb
, WLAN_ETHHDR_LEN
);
151 (wlan_snap_t
*) skb_push(skb
, sizeof(wlan_snap_t
));
152 e_snap
->type
= htons(proto
);
153 if (ethconv
== WLAN_ETHCONV_8021h
154 && p80211_stt_findproto(proto
)) {
155 memcpy(e_snap
->oui
, oui_8021h
,
158 memcpy(e_snap
->oui
, oui_rfc1042
,
164 (wlan_llc_t
*) skb_push(skb
, sizeof(wlan_llc_t
));
165 e_llc
->dsap
= 0xAA; /* SNAP, see IEEE 802 */
172 /* Set up the 802.11 header */
173 /* It's a data frame */
174 fc
= cpu_to_le16(WLAN_SET_FC_FTYPE(WLAN_FTYPE_DATA
) |
175 WLAN_SET_FC_FSTYPE(WLAN_FSTYPE_DATAONLY
));
177 switch (wlandev
->macmode
) {
178 case WLAN_MACMODE_IBSS_STA
:
179 memcpy(p80211_hdr
->a3
.a1
, &e_hdr
.daddr
, ETH_ALEN
);
180 memcpy(p80211_hdr
->a3
.a2
, wlandev
->netdev
->dev_addr
, ETH_ALEN
);
181 memcpy(p80211_hdr
->a3
.a3
, wlandev
->bssid
, ETH_ALEN
);
183 case WLAN_MACMODE_ESS_STA
:
184 fc
|= cpu_to_le16(WLAN_SET_FC_TODS(1));
185 memcpy(p80211_hdr
->a3
.a1
, wlandev
->bssid
, ETH_ALEN
);
186 memcpy(p80211_hdr
->a3
.a2
, wlandev
->netdev
->dev_addr
, ETH_ALEN
);
187 memcpy(p80211_hdr
->a3
.a3
, &e_hdr
.daddr
, ETH_ALEN
);
189 case WLAN_MACMODE_ESS_AP
:
190 fc
|= cpu_to_le16(WLAN_SET_FC_FROMDS(1));
191 memcpy(p80211_hdr
->a3
.a1
, &e_hdr
.daddr
, ETH_ALEN
);
192 memcpy(p80211_hdr
->a3
.a2
, wlandev
->bssid
, ETH_ALEN
);
193 memcpy(p80211_hdr
->a3
.a3
, &e_hdr
.saddr
, ETH_ALEN
);
197 "Error: Converting eth to wlan in unknown mode.\n");
202 p80211_wep
->data
= NULL
;
204 if ((wlandev
->hostwep
& HOSTWEP_PRIVACYINVOKED
)
205 && (wlandev
->hostwep
& HOSTWEP_ENCRYPT
)) {
206 /* XXXX need to pick keynum other than default? */
208 p80211_wep
->data
= kmalloc(skb
->len
, GFP_ATOMIC
);
210 if ((foo
= wep_encrypt(wlandev
, skb
->data
, p80211_wep
->data
,
213 HOSTWEP_DEFAULTKEY_MASK
),
214 p80211_wep
->iv
, p80211_wep
->icv
))) {
216 "Host en-WEP failed, dropping frame (%d).\n",
220 fc
|= cpu_to_le16(WLAN_SET_FC_ISWEP(1));
223 /* skb->nh.raw = skb->data; */
225 p80211_hdr
->a3
.fc
= fc
;
226 p80211_hdr
->a3
.dur
= 0;
227 p80211_hdr
->a3
.seq
= 0;
232 /* jkriegl: from orinoco, modified */
233 static void orinoco_spy_gather(wlandevice_t
*wlandev
, char *mac
,
234 p80211_rxmeta_t
*rxmeta
)
238 /* Gather wireless spy statistics: for each packet, compare the
239 * source address with out list, and if match, get the stats... */
241 for (i
= 0; i
< wlandev
->spy_number
; i
++) {
243 if (!memcmp(wlandev
->spy_address
[i
], mac
, ETH_ALEN
)) {
244 memcpy(wlandev
->spy_address
[i
], mac
, ETH_ALEN
);
245 wlandev
->spy_stat
[i
].level
= rxmeta
->signal
;
246 wlandev
->spy_stat
[i
].noise
= rxmeta
->noise
;
247 wlandev
->spy_stat
[i
].qual
=
249 rxmeta
->noise
) ? (rxmeta
->signal
-
251 wlandev
->spy_stat
[i
].updated
= 0x7;
256 /*----------------------------------------------------------------
257 * p80211pb_80211_to_ether
259 * Uses the contents of a received 802.11 frame and the etherconv
260 * setting to build an ether frame.
262 * This function extracts the src and dest address from the 802.11
263 * frame to use in the construction of the eth frame.
266 * ethconv Conversion type to perform
267 * skb Packet buffer containing the 802.11 frame
270 * 0 on success, non-zero otherwise
273 * May be called in interrupt or non-interrupt context
274 ----------------------------------------------------------------*/
275 int skb_p80211_to_ether(wlandevice_t
*wlandev
, u32 ethconv
,
278 netdevice_t
*netdev
= wlandev
->netdev
;
280 unsigned int payload_length
;
281 unsigned int payload_offset
;
282 u8 daddr
[WLAN_ETHADDR_LEN
];
283 u8 saddr
[WLAN_ETHADDR_LEN
];
285 wlan_ethhdr_t
*e_hdr
;
291 payload_length
= skb
->len
- WLAN_HDR_A3_LEN
- WLAN_CRC_LEN
;
292 payload_offset
= WLAN_HDR_A3_LEN
;
294 w_hdr
= (p80211_hdr_t
*) skb
->data
;
296 /* setup some vars for convenience */
297 fc
= le16_to_cpu(w_hdr
->a3
.fc
);
298 if ((WLAN_GET_FC_TODS(fc
) == 0) && (WLAN_GET_FC_FROMDS(fc
) == 0)) {
299 memcpy(daddr
, w_hdr
->a3
.a1
, WLAN_ETHADDR_LEN
);
300 memcpy(saddr
, w_hdr
->a3
.a2
, WLAN_ETHADDR_LEN
);
301 } else if ((WLAN_GET_FC_TODS(fc
) == 0) && (WLAN_GET_FC_FROMDS(fc
) == 1)) {
302 memcpy(daddr
, w_hdr
->a3
.a1
, WLAN_ETHADDR_LEN
);
303 memcpy(saddr
, w_hdr
->a3
.a3
, WLAN_ETHADDR_LEN
);
304 } else if ((WLAN_GET_FC_TODS(fc
) == 1) && (WLAN_GET_FC_FROMDS(fc
) == 0)) {
305 memcpy(daddr
, w_hdr
->a3
.a3
, WLAN_ETHADDR_LEN
);
306 memcpy(saddr
, w_hdr
->a3
.a2
, WLAN_ETHADDR_LEN
);
308 payload_offset
= WLAN_HDR_A4_LEN
;
309 if (payload_length
< WLAN_HDR_A4_LEN
- WLAN_HDR_A3_LEN
) {
310 printk(KERN_ERR
"A4 frame too short!\n");
313 payload_length
-= (WLAN_HDR_A4_LEN
- WLAN_HDR_A3_LEN
);
314 memcpy(daddr
, w_hdr
->a4
.a3
, WLAN_ETHADDR_LEN
);
315 memcpy(saddr
, w_hdr
->a4
.a4
, WLAN_ETHADDR_LEN
);
318 /* perform de-wep if necessary.. */
319 if ((wlandev
->hostwep
& HOSTWEP_PRIVACYINVOKED
) && WLAN_GET_FC_ISWEP(fc
)
320 && (wlandev
->hostwep
& HOSTWEP_DECRYPT
)) {
321 if (payload_length
<= 8) {
322 printk(KERN_ERR
"WEP frame too short (%u).\n",
326 if ((foo
= wep_decrypt(wlandev
, skb
->data
+ payload_offset
+ 4,
327 payload_length
- 8, -1,
328 skb
->data
+ payload_offset
,
329 skb
->data
+ payload_offset
+
330 payload_length
- 4))) {
331 /* de-wep failed, drop skb. */
332 pr_debug("Host de-WEP failed, dropping frame (%d).\n",
334 wlandev
->rx
.decrypt_err
++;
338 /* subtract the IV+ICV length off the payload */
340 /* chop off the IV */
342 /* chop off the ICV. */
343 skb_trim(skb
, skb
->len
- 4);
345 wlandev
->rx
.decrypt
++;
348 e_hdr
= (wlan_ethhdr_t
*) (skb
->data
+ payload_offset
);
350 e_llc
= (wlan_llc_t
*) (skb
->data
+ payload_offset
);
352 (wlan_snap_t
*) (skb
->data
+ payload_offset
+ sizeof(wlan_llc_t
));
354 /* Test for the various encodings */
355 if ((payload_length
>= sizeof(wlan_ethhdr_t
)) &&
356 (e_llc
->dsap
!= 0xaa || e_llc
->ssap
!= 0xaa) &&
357 ((memcmp(daddr
, e_hdr
->daddr
, WLAN_ETHADDR_LEN
) == 0) ||
358 (memcmp(saddr
, e_hdr
->saddr
, WLAN_ETHADDR_LEN
) == 0))) {
359 pr_debug("802.3 ENCAP len: %d\n", payload_length
);
360 /* 802.3 Encapsulated */
361 /* Test for an overlength frame */
362 if (payload_length
> (netdev
->mtu
+ WLAN_ETHHDR_LEN
)) {
363 /* A bogus length ethfrm has been encap'd. */
364 /* Is someone trying an oflow attack? */
365 printk(KERN_ERR
"ENCAP frame too large (%d > %d)\n",
366 payload_length
, netdev
->mtu
+ WLAN_ETHHDR_LEN
);
370 /* Chop off the 802.11 header. it's already sane. */
371 skb_pull(skb
, payload_offset
);
372 /* chop off the 802.11 CRC */
373 skb_trim(skb
, skb
->len
- WLAN_CRC_LEN
);
375 } else if ((payload_length
>= sizeof(wlan_llc_t
) + sizeof(wlan_snap_t
))
376 && (e_llc
->dsap
== 0xaa) && (e_llc
->ssap
== 0xaa)
377 && (e_llc
->ctl
== 0x03)
379 (((memcmp(e_snap
->oui
, oui_rfc1042
, WLAN_IEEE_OUI_LEN
) == 0)
380 && (ethconv
== WLAN_ETHCONV_8021h
)
381 && (p80211_stt_findproto(le16_to_cpu(e_snap
->type
))))
382 || (memcmp(e_snap
->oui
, oui_rfc1042
, WLAN_IEEE_OUI_LEN
) !=
384 pr_debug("SNAP+RFC1042 len: %d\n", payload_length
);
385 /* it's a SNAP + RFC1042 frame && protocol is in STT */
386 /* build 802.3 + RFC1042 */
388 /* Test for an overlength frame */
389 if (payload_length
> netdev
->mtu
) {
390 /* A bogus length ethfrm has been sent. */
391 /* Is someone trying an oflow attack? */
392 printk(KERN_ERR
"SNAP frame too large (%d > %d)\n",
393 payload_length
, netdev
->mtu
);
397 /* chop 802.11 header from skb. */
398 skb_pull(skb
, payload_offset
);
400 /* create 802.3 header at beginning of skb. */
401 e_hdr
= (wlan_ethhdr_t
*) skb_push(skb
, WLAN_ETHHDR_LEN
);
402 memcpy(e_hdr
->daddr
, daddr
, WLAN_ETHADDR_LEN
);
403 memcpy(e_hdr
->saddr
, saddr
, WLAN_ETHADDR_LEN
);
404 e_hdr
->type
= htons(payload_length
);
406 /* chop off the 802.11 CRC */
407 skb_trim(skb
, skb
->len
- WLAN_CRC_LEN
);
409 } else if ((payload_length
>= sizeof(wlan_llc_t
) + sizeof(wlan_snap_t
))
410 && (e_llc
->dsap
== 0xaa) && (e_llc
->ssap
== 0xaa)
411 && (e_llc
->ctl
== 0x03)) {
412 pr_debug("802.1h/RFC1042 len: %d\n", payload_length
);
413 /* it's an 802.1h frame || (an RFC1042 && protocol is not in STT) */
414 /* build a DIXII + RFC894 */
416 /* Test for an overlength frame */
417 if ((payload_length
- sizeof(wlan_llc_t
) - sizeof(wlan_snap_t
))
419 /* A bogus length ethfrm has been sent. */
420 /* Is someone trying an oflow attack? */
421 printk(KERN_ERR
"DIXII frame too large (%ld > %d)\n",
422 (long int)(payload_length
- sizeof(wlan_llc_t
) -
423 sizeof(wlan_snap_t
)), netdev
->mtu
);
427 /* chop 802.11 header from skb. */
428 skb_pull(skb
, payload_offset
);
430 /* chop llc header from skb. */
431 skb_pull(skb
, sizeof(wlan_llc_t
));
433 /* chop snap header from skb. */
434 skb_pull(skb
, sizeof(wlan_snap_t
));
436 /* create 802.3 header at beginning of skb. */
437 e_hdr
= (wlan_ethhdr_t
*) skb_push(skb
, WLAN_ETHHDR_LEN
);
438 e_hdr
->type
= e_snap
->type
;
439 memcpy(e_hdr
->daddr
, daddr
, WLAN_ETHADDR_LEN
);
440 memcpy(e_hdr
->saddr
, saddr
, WLAN_ETHADDR_LEN
);
442 /* chop off the 802.11 CRC */
443 skb_trim(skb
, skb
->len
- WLAN_CRC_LEN
);
445 pr_debug("NON-ENCAP len: %d\n", payload_length
);
447 /* it's a generic 80211+LLC or IPX 'Raw 802.3' */
448 /* build an 802.3 frame */
449 /* allocate space and setup hostbuf */
451 /* Test for an overlength frame */
452 if (payload_length
> netdev
->mtu
) {
453 /* A bogus length ethfrm has been sent. */
454 /* Is someone trying an oflow attack? */
455 printk(KERN_ERR
"OTHER frame too large (%d > %d)\n",
456 payload_length
, netdev
->mtu
);
460 /* Chop off the 802.11 header. */
461 skb_pull(skb
, payload_offset
);
463 /* create 802.3 header at beginning of skb. */
464 e_hdr
= (wlan_ethhdr_t
*) skb_push(skb
, WLAN_ETHHDR_LEN
);
465 memcpy(e_hdr
->daddr
, daddr
, WLAN_ETHADDR_LEN
);
466 memcpy(e_hdr
->saddr
, saddr
, WLAN_ETHADDR_LEN
);
467 e_hdr
->type
= htons(payload_length
);
469 /* chop off the 802.11 CRC */
470 skb_trim(skb
, skb
->len
- WLAN_CRC_LEN
);
475 * Note that eth_type_trans() expects an skb w/ skb->data pointing
476 * at the MAC header, it then sets the following skb members:
480 * It then _returns_ the value that _we're_ supposed to stuff in
481 * skb->protocol. This is nuts.
483 skb
->protocol
= eth_type_trans(skb
, netdev
);
485 /* jkriegl: process signal and noise as set in hfa384x_int_rx() */
486 /* jkriegl: only process signal/noise if requested by iwspy */
487 if (wlandev
->spy_number
)
488 orinoco_spy_gather(wlandev
, eth_hdr(skb
)->h_source
,
489 P80211SKB_RXMETA(skb
));
491 /* Free the metadata */
492 p80211skb_rxmeta_detach(skb
);
497 /*----------------------------------------------------------------
498 * p80211_stt_findproto
500 * Searches the 802.1h Selective Translation Table for a given
504 * proto protocl number (in host order) to search for.
507 * 1 - if the table is empty or a match is found.
508 * 0 - if the table is non-empty and a match is not found.
511 * May be called in interrupt or non-interrupt context
512 ----------------------------------------------------------------*/
513 int p80211_stt_findproto(u16 proto
)
515 /* Always return found for now. This is the behavior used by the */
516 /* Zoom Win95 driver when 802.1h mode is selected */
517 /* TODO: If necessary, add an actual search we'll probably
518 need this to match the CMAC's way of doing things.
519 Need to do some testing to confirm.
522 if (proto
== 0x80f3) /* APPLETALK */
528 /*----------------------------------------------------------------
529 * p80211skb_rxmeta_detach
531 * Disconnects the frmmeta and rxmeta from an skb.
534 * wlandev The wlandev this skb belongs to.
535 * skb The skb we're attaching to.
538 * 0 on success, non-zero otherwise
541 * May be called in interrupt or non-interrupt context
542 ----------------------------------------------------------------*/
543 void p80211skb_rxmeta_detach(struct sk_buff
*skb
)
545 p80211_rxmeta_t
*rxmeta
;
546 p80211_frmmeta_t
*frmmeta
;
549 if (skb
== NULL
) { /* bad skb */
550 pr_debug("Called w/ null skb.\n");
553 frmmeta
= P80211SKB_FRMMETA(skb
);
554 if (frmmeta
== NULL
) { /* no magic */
555 pr_debug("Called w/ bad frmmeta magic.\n");
558 rxmeta
= frmmeta
->rx
;
559 if (rxmeta
== NULL
) { /* bad meta ptr */
560 pr_debug("Called w/ bad rxmeta ptr.\n");
568 memset(skb
->cb
, 0, sizeof(skb
->cb
));
573 /*----------------------------------------------------------------
574 * p80211skb_rxmeta_attach
576 * Allocates a p80211rxmeta structure, initializes it, and attaches
580 * wlandev The wlandev this skb belongs to.
581 * skb The skb we're attaching to.
584 * 0 on success, non-zero otherwise
587 * May be called in interrupt or non-interrupt context
588 ----------------------------------------------------------------*/
589 int p80211skb_rxmeta_attach(struct wlandevice
*wlandev
, struct sk_buff
*skb
)
592 p80211_rxmeta_t
*rxmeta
;
593 p80211_frmmeta_t
*frmmeta
;
595 /* If these already have metadata, we error out! */
596 if (P80211SKB_RXMETA(skb
) != NULL
) {
597 printk(KERN_ERR
"%s: RXmeta already attached!\n",
603 /* Allocate the rxmeta */
604 rxmeta
= kmalloc(sizeof(p80211_rxmeta_t
), GFP_ATOMIC
);
606 if (rxmeta
== NULL
) {
607 printk(KERN_ERR
"%s: Failed to allocate rxmeta.\n",
613 /* Initialize the rxmeta */
614 memset(rxmeta
, 0, sizeof(p80211_rxmeta_t
));
615 rxmeta
->wlandev
= wlandev
;
616 rxmeta
->hosttime
= jiffies
;
618 /* Overlay a frmmeta_t onto skb->cb */
619 memset(skb
->cb
, 0, sizeof(p80211_frmmeta_t
));
620 frmmeta
= (p80211_frmmeta_t
*) (skb
->cb
);
621 frmmeta
->magic
= P80211_FRMMETA_MAGIC
;
622 frmmeta
->rx
= rxmeta
;
627 /*----------------------------------------------------------------
630 * Frees an entire p80211skb by checking and freeing the meta struct
631 * and then freeing the skb.
634 * wlandev The wlandev this skb belongs to.
635 * skb The skb we're attaching to.
638 * 0 on success, non-zero otherwise
641 * May be called in interrupt or non-interrupt context
642 ----------------------------------------------------------------*/
643 void p80211skb_free(struct wlandevice
*wlandev
, struct sk_buff
*skb
)
645 p80211_frmmeta_t
*meta
;
647 meta
= P80211SKB_FRMMETA(skb
);
648 if (meta
&& meta
->rx
)
649 p80211skb_rxmeta_detach(skb
);
651 printk(KERN_ERR
"Freeing an skb (%p) w/ no frmmeta.\n", skb
);