tx.c 72.5 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
/*
 * Copyright 2002-2005, Instant802 Networks, Inc.
 * Copyright 2005-2006, Devicescape Software, Inc.
 * Copyright 2006-2007	Jiri Benc <jbenc@suse.cz>
 * Copyright 2007	Johannes Berg <johannes@sipsolutions.net>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 *
 *
 * Transmit and frame generation functions.
 */

#include <linux/kernel.h>
#include <linux/slab.h>
#include <linux/skbuff.h>
#include <linux/etherdevice.h>
#include <linux/bitmap.h>
20
#include <linux/rcupdate.h>
21
#include <net/net_namespace.h>
22 23 24 25 26 27
#include <net/ieee80211_radiotap.h>
#include <net/cfg80211.h>
#include <net/mac80211.h>
#include <asm/unaligned.h>

#include "ieee80211_i.h"
28
#include "driver-ops.h"
Johannes Berg's avatar
Johannes Berg committed
29
#include "led.h"
30
#include "mesh.h"
31 32 33
#include "wep.h"
#include "wpa.h"
#include "wme.h"
Johannes Berg's avatar
Johannes Berg committed
34
#include "rate.h"
35 36 37

/* misc utils */

Johannes Berg's avatar
Johannes Berg committed
38 39
static __le16 ieee80211_duration(struct ieee80211_tx_data *tx, int group_addr,
				 int next_frag_len)
40 41
{
	int rate, mrate, erp, dur, i;
42
	struct ieee80211_rate *txrate;
43
	struct ieee80211_local *local = tx->local;
44
	struct ieee80211_supported_band *sband;
45
	struct ieee80211_hdr *hdr;
46 47 48 49 50 51 52 53 54
	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);

	/* assume HW handles this */
	if (info->control.rates[0].flags & IEEE80211_TX_RC_MCS)
		return 0;

	/* uh huh? */
	if (WARN_ON_ONCE(info->control.rates[0].idx < 0))
		return 0;
55

56
	sband = local->hw.wiphy->bands[tx->channel->band];
57
	txrate = &sband->bitrates[info->control.rates[0].idx];
58

59
	erp = txrate->flags & IEEE80211_RATE_ERP_G;
60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77

	/*
	 * data and mgmt (except PS Poll):
	 * - during CFP: 32768
	 * - during contention period:
	 *   if addr1 is group address: 0
	 *   if more fragments = 0 and addr1 is individual address: time to
	 *      transmit one ACK plus SIFS
	 *   if more fragments = 1 and addr1 is individual address: time to
	 *      transmit next fragment plus 2 x ACK plus 3 x SIFS
	 *
	 * IEEE 802.11, 9.6:
	 * - control response frame (CTS or ACK) shall be transmitted using the
	 *   same rate as the immediately previous frame in the frame exchange
	 *   sequence, if this rate belongs to the PHY mandatory rates, or else
	 *   at the highest possible rate belonging to the PHY rates in the
	 *   BSSBasicRateSet
	 */
78 79
	hdr = (struct ieee80211_hdr *)tx->skb->data;
	if (ieee80211_is_ctl(hdr->frame_control)) {
80
		/* TODO: These control frames are not currently sent by
81
		 * mac80211, but should they be implemented, this function
82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98
		 * needs to be updated to support duration field calculation.
		 *
		 * RTS: time needed to transmit pending data/mgmt frame plus
		 *    one CTS frame plus one ACK frame plus 3 x SIFS
		 * CTS: duration of immediately previous RTS minus time
		 *    required to transmit CTS and its SIFS
		 * ACK: 0 if immediately previous directed data/mgmt had
		 *    more=0, with more=1 duration in ACK frame is duration
		 *    from previous frame minus time needed to transmit ACK
		 *    and its SIFS
		 * PS Poll: BIT(15) | BIT(14) | aid
		 */
		return 0;
	}

	/* data/mgmt */
	if (0 /* FIX: data/mgmt during CFP */)
Johannes Berg's avatar
Johannes Berg committed
99
		return cpu_to_le16(32768);
100 101 102 103 104 105 106 107 108 109 110 111 112 113 114

	if (group_addr) /* Group address as the destination - no ACK */
		return 0;

	/* Individual destination address:
	 * IEEE 802.11, Ch. 9.6 (after IEEE 802.11g changes)
	 * CTS and ACK frames shall be transmitted using the highest rate in
	 * basic rate set that is less than or equal to the rate of the
	 * immediately previous frame and that is using the same modulation
	 * (CCK or OFDM). If no basic rate set matches with these requirements,
	 * the highest mandatory rate of the PHY that is less than or equal to
	 * the rate of the previous frame is used.
	 * Mandatory rates for IEEE 802.11g PHY: 1, 2, 5.5, 11, 6, 12, 24 Mbps
	 */
	rate = -1;
115 116 117 118
	/* use lowest available if everything fails */
	mrate = sband->bitrates[0].bitrate;
	for (i = 0; i < sband->n_bitrates; i++) {
		struct ieee80211_rate *r = &sband->bitrates[i];
119

120 121
		if (r->bitrate > txrate->bitrate)
			break;
122

123
		if (tx->sdata->vif.bss_conf.basic_rates & BIT(i))
124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144
			rate = r->bitrate;

		switch (sband->band) {
		case IEEE80211_BAND_2GHZ: {
			u32 flag;
			if (tx->sdata->flags & IEEE80211_SDATA_OPERATING_GMODE)
				flag = IEEE80211_RATE_MANDATORY_G;
			else
				flag = IEEE80211_RATE_MANDATORY_B;
			if (r->flags & flag)
				mrate = r->bitrate;
			break;
		}
		case IEEE80211_BAND_5GHZ:
			if (r->flags & IEEE80211_RATE_MANDATORY_A)
				mrate = r->bitrate;
			break;
		case IEEE80211_NUM_BANDS:
			WARN_ON(1);
			break;
		}
145 146 147 148 149 150 151 152 153 154 155 156
	}
	if (rate == -1) {
		/* No matching basic rate found; use highest suitable mandatory
		 * PHY rate */
		rate = mrate;
	}

	/* Time needed to transmit ACK
	 * (10 bytes + 4-byte FCS = 112 bits) plus SIFS; rounded up
	 * to closest integer */

	dur = ieee80211_frame_duration(local, 10, rate, erp,
157
				tx->sdata->vif.bss_conf.use_short_preamble);
158 159 160 161 162 163 164

	if (next_frag_len) {
		/* Frame is fragmented: duration increases with time needed to
		 * transmit next fragment plus ACK and 2 x SIFS. */
		dur *= 2; /* ACK + SIFS */
		/* next fragment */
		dur += ieee80211_frame_duration(local, next_frag_len,
165
				txrate->bitrate, erp,
166
				tx->sdata->vif.bss_conf.use_short_preamble);
167 168
	}

Johannes Berg's avatar
Johannes Berg committed
169
	return cpu_to_le16(dur);
170 171
}

172
static inline int is_ieee80211_device(struct ieee80211_local *local,
173
				      struct net_device *dev)
174
{
175
	return local == wdev_priv(dev->ieee80211_ptr);
176 177 178
}

/* tx handlers */
179 180 181 182
static ieee80211_tx_result debug_noinline
ieee80211_tx_h_dynamic_ps(struct ieee80211_tx_data *tx)
{
	struct ieee80211_local *local = tx->local;
183
	struct ieee80211_if_managed *ifmgd;
184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207

	/* driver doesn't support power save */
	if (!(local->hw.flags & IEEE80211_HW_SUPPORTS_PS))
		return TX_CONTINUE;

	/* hardware does dynamic power save */
	if (local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_PS)
		return TX_CONTINUE;

	/* dynamic power save disabled */
	if (local->hw.conf.dynamic_ps_timeout <= 0)
		return TX_CONTINUE;

	/* we are scanning, don't enable power save */
	if (local->scanning)
		return TX_CONTINUE;

	if (!local->ps_sdata)
		return TX_CONTINUE;

	/* No point if we're going to suspend */
	if (local->quiescing)
		return TX_CONTINUE;

208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231
	/* dynamic ps is supported only in managed mode */
	if (tx->sdata->vif.type != NL80211_IFTYPE_STATION)
		return TX_CONTINUE;

	ifmgd = &tx->sdata->u.mgd;

	/*
	 * Don't wakeup from power save if u-apsd is enabled, voip ac has
	 * u-apsd enabled and the frame is in voip class. This effectively
	 * means that even if all access categories have u-apsd enabled, in
	 * practise u-apsd is only used with the voip ac. This is a
	 * workaround for the case when received voip class packets do not
	 * have correct qos tag for some reason, due the network or the
	 * peer application.
	 *
	 * Note: local->uapsd_queues access is racy here. If the value is
	 * changed via debugfs, user needs to reassociate manually to have
	 * everything in sync.
	 */
	if ((ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED)
	    && (local->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO)
	    && skb_get_queue_mapping(tx->skb) == 0)
		return TX_CONTINUE;

232 233 234
	if (local->hw.conf.flags & IEEE80211_CONF_PS) {
		ieee80211_stop_queues_by_reason(&local->hw,
						IEEE80211_QUEUE_STOP_REASON_PS);
235
		ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED;
236 237 238 239
		ieee80211_queue_work(&local->hw,
				     &local->dynamic_ps_disable_work);
	}

240 241 242 243
	/* Don't restart the timer if we're not disassociated */
	if (!ifmgd->associated)
		return TX_CONTINUE;

244 245 246 247 248
	mod_timer(&local->dynamic_ps_timer, jiffies +
		  msecs_to_jiffies(local->hw.conf.dynamic_ps_timeout));

	return TX_CONTINUE;
}
249

250
static ieee80211_tx_result debug_noinline
251
ieee80211_tx_h_check_assoc(struct ieee80211_tx_data *tx)
252
{
253

254 255
	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
256 257
	u32 sta_flags;

258
	if (unlikely(info->flags & IEEE80211_TX_CTL_INJECTED))
259
		return TX_CONTINUE;
260

261 262
	if (unlikely(test_bit(SCAN_SW_SCANNING, &tx->local->scanning)) &&
	    test_bit(SDATA_STATE_OFFCHANNEL, &tx->sdata->state) &&
263 264 265 266 267 268 269 270 271 272 273 274 275
	    !ieee80211_is_probe_req(hdr->frame_control) &&
	    !ieee80211_is_nullfunc(hdr->frame_control))
		/*
		 * When software scanning only nullfunc frames (to notify
		 * the sleep state to the AP) and probe requests (for the
		 * active scan) are allowed, all other frames should not be
		 * sent and we should not get here, but if we do
		 * nonetheless, drop them to avoid sending them
		 * off-channel. See the link below and
		 * ieee80211_start_scan() for more.
		 *
		 * http://article.gmane.org/gmane.linux.kernel.wireless.general/30089
		 */
276
		return TX_DROP;
277

Bill Jordan's avatar
Bill Jordan committed
278 279 280
	if (tx->sdata->vif.type == NL80211_IFTYPE_WDS)
		return TX_CONTINUE;

281
	if (tx->sdata->vif.type == NL80211_IFTYPE_MESH_POINT)
282 283
		return TX_CONTINUE;

284
	if (tx->flags & IEEE80211_TX_PS_BUFFERED)
285
		return TX_CONTINUE;
286

287
	sta_flags = tx->sta ? get_sta_flags(tx->sta) : 0;
288

289
	if (likely(tx->flags & IEEE80211_TX_UNICAST)) {
290
		if (unlikely(!(sta_flags & WLAN_STA_ASSOC) &&
291
			     tx->sdata->vif.type != NL80211_IFTYPE_ADHOC &&
292
			     ieee80211_is_data(hdr->frame_control))) {
293 294
#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
			printk(KERN_DEBUG "%s: dropped data frame to not "
295
			       "associated station %pM\n",
296
			       tx->sdata->name, hdr->addr1);
297 298
#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
			I802_DEBUG_INC(tx->local->tx_handlers_drop_not_assoc);
299
			return TX_DROP;
300 301
		}
	} else {
302
		if (unlikely(ieee80211_is_data(hdr->frame_control) &&
303
			     tx->local->num_sta == 0 &&
304
			     tx->sdata->vif.type != NL80211_IFTYPE_ADHOC)) {
305 306 307 308
			/*
			 * No associated STAs - no need to send multicast
			 * frames.
			 */
309
			return TX_DROP;
310
		}
311
		return TX_CONTINUE;
312 313
	}

314
	return TX_CONTINUE;
315 316 317 318 319 320 321 322 323 324 325 326 327
}

/* This function is called whenever the AP is about to exceed the maximum limit
 * of buffered frames for power saving STAs. This situation should not really
 * happen often during normal operation, so dropping the oldest buffered packet
 * from each queue should be OK to make some room for new frames. */
static void purge_old_ps_buffers(struct ieee80211_local *local)
{
	int total = 0, purged = 0;
	struct sk_buff *skb;
	struct ieee80211_sub_if_data *sdata;
	struct sta_info *sta;

328 329 330 331 332 333
	/*
	 * virtual interfaces are protected by RCU
	 */
	rcu_read_lock();

	list_for_each_entry_rcu(sdata, &local->interfaces, list) {
334
		struct ieee80211_if_ap *ap;
335
		if (sdata->vif.type != NL80211_IFTYPE_AP)
336 337 338 339 340 341 342 343 344 345
			continue;
		ap = &sdata->u.ap;
		skb = skb_dequeue(&ap->ps_bc_buf);
		if (skb) {
			purged++;
			dev_kfree_skb(skb);
		}
		total += skb_queue_len(&ap->ps_bc_buf);
	}

346 347 348 349
	/*
	 * Drop one frame from each station from the lowest-priority
	 * AC that has frames at all.
	 */
350
	list_for_each_entry_rcu(sta, &local->sta_list, list) {
351 352 353 354 355 356 357 358 359 360
		int ac;

		for (ac = IEEE80211_AC_BK; ac >= IEEE80211_AC_VO; ac--) {
			skb = skb_dequeue(&sta->ps_tx_buf[ac]);
			total += skb_queue_len(&sta->ps_tx_buf[ac]);
			if (skb) {
				purged++;
				dev_kfree_skb(skb);
				break;
			}
361 362
		}
	}
363 364

	rcu_read_unlock();
365 366

	local->total_ps_buffered = total;
367
#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
Joe Perches's avatar
Joe Perches committed
368 369
	wiphy_debug(local->hw.wiphy, "PS buffers full - purged %d frames\n",
		    purged);
370
#endif
371 372
}

373
static ieee80211_tx_result
374
ieee80211_tx_h_multicast_ps_buf(struct ieee80211_tx_data *tx)
375
{
376
	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
377
	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
378

379 380 381 382 383 384 385 386
	/*
	 * broadcast/multicast frame
	 *
	 * If any of the associated stations is in power save mode,
	 * the frame is buffered to be sent after DTIM beacon frame.
	 * This is done either by the hardware or us.
	 */

387 388 389 390 391
	/* powersaving STAs only in AP/VLAN mode */
	if (!tx->sdata->bss)
		return TX_CONTINUE;

	/* no buffering for ordered frames */
392
	if (ieee80211_has_order(hdr->frame_control))
393
		return TX_CONTINUE;
394 395 396

	/* no stations in PS mode */
	if (!atomic_read(&tx->sdata->bss->num_sta_ps))
397
		return TX_CONTINUE;
398

399
	info->flags |= IEEE80211_TX_CTL_SEND_AFTER_DTIM;
400

401 402
	/* device releases frame after DTIM beacon */
	if (!(tx->local->hw.flags & IEEE80211_HW_HOST_BROADCAST_PS_BUFFERING))
403 404
		return TX_CONTINUE;

405
	/* buffered in mac80211 */
406 407 408 409
	if (tx->local->total_ps_buffered >= TOTAL_MAX_TX_BUFFER)
		purge_old_ps_buffers(tx->local);

	if (skb_queue_len(&tx->sdata->bss->ps_bc_buf) >= AP_MAX_BC_BUFFER) {
410
#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
411 412
		if (net_ratelimit())
			printk(KERN_DEBUG "%s: BC TX buffer full - dropping the oldest frame\n",
413
			       tx->sdata->name);
414
#endif
415 416 417
		dev_kfree_skb(skb_dequeue(&tx->sdata->bss->ps_bc_buf));
	} else
		tx->local->total_ps_buffered++;
418

419
	skb_queue_tail(&tx->sdata->bss->ps_bc_buf, tx->skb);
420

421
	return TX_QUEUED;
422 423
}

424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439
static int ieee80211_use_mfp(__le16 fc, struct sta_info *sta,
			     struct sk_buff *skb)
{
	if (!ieee80211_is_mgmt(fc))
		return 0;

	if (sta == NULL || !test_sta_flags(sta, WLAN_STA_MFP))
		return 0;

	if (!ieee80211_is_robust_mgmt_frame((struct ieee80211_hdr *)
					    skb->data))
		return 0;

	return 1;
}

440
static ieee80211_tx_result
441
ieee80211_tx_h_unicast_ps_buf(struct ieee80211_tx_data *tx)
442 443
{
	struct sta_info *sta = tx->sta;
444
	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
445
	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
446
	struct ieee80211_local *local = tx->local;
447
	u32 staflags;
448

449 450 451 452 453
	if (unlikely(!sta ||
		     ieee80211_is_probe_resp(hdr->frame_control) ||
		     ieee80211_is_auth(hdr->frame_control) ||
		     ieee80211_is_assoc_resp(hdr->frame_control) ||
		     ieee80211_is_reassoc_resp(hdr->frame_control)))
454
		return TX_CONTINUE;
455

456 457
	staflags = get_sta_flags(sta);

458
	if (unlikely((staflags & (WLAN_STA_PS_STA | WLAN_STA_PS_DRIVER)) &&
Johannes Berg's avatar
Johannes Berg committed
459
		     !(info->flags & IEEE80211_TX_CTL_POLL_RESPONSE))) {
460 461
		int ac = skb_get_queue_mapping(tx->skb);

462
#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
463 464
		printk(KERN_DEBUG "STA %pM aid %d: PS buffer for AC %d\n",
		       sta->sta.addr, sta->sta.aid, ac);
465 466 467
#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
		if (tx->local->total_ps_buffered >= TOTAL_MAX_TX_BUFFER)
			purge_old_ps_buffers(tx->local);
468 469
		if (skb_queue_len(&sta->ps_tx_buf[ac]) >= STA_MAX_TX_BUFFER) {
			struct sk_buff *old = skb_dequeue(&sta->ps_tx_buf[ac]);
470
#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
471 472 473 474
			if (net_ratelimit())
				printk(KERN_DEBUG "%s: STA %pM TX buffer for "
				       "AC %d full - dropping oldest frame\n",
				       tx->sdata->name, sta->sta.addr, ac);
475
#endif
476 477 478
			dev_kfree_skb(old);
		} else
			tx->local->total_ps_buffered++;
479

480
		info->control.jiffies = jiffies;
481
		info->control.vif = &tx->sdata->vif;
482
		info->flags |= IEEE80211_TX_INTFL_NEED_TXPROCESSING;
483
		skb_queue_tail(&sta->ps_tx_buf[ac], tx->skb);
484 485 486 487 488 489

		if (!timer_pending(&local->sta_cleanup))
			mod_timer(&local->sta_cleanup,
				  round_jiffies(jiffies +
						STA_INFO_CLEANUP_INTERVAL));

490 491 492 493 494 495
		/*
		 * We queued up some frames, so the TIM bit might
		 * need to be set, recalculate it.
		 */
		sta_info_recalc_tim(sta);

496
		return TX_QUEUED;
497 498
	}
#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
499
	else if (unlikely(staflags & WLAN_STA_PS_STA)) {
Johannes Berg's avatar
Johannes Berg committed
500 501 502
		printk(KERN_DEBUG
		       "%s: STA %pM in PS mode, but polling/in SP -> send frame\n",
		       tx->sdata->name, sta->sta.addr);
503 504 505
	}
#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */

506
	return TX_CONTINUE;
507 508
}

509
static ieee80211_tx_result debug_noinline
510
ieee80211_tx_h_ps_buf(struct ieee80211_tx_data *tx)
511
{
512
	if (unlikely(tx->flags & IEEE80211_TX_PS_BUFFERED))
513
		return TX_CONTINUE;
514

515
	if (tx->flags & IEEE80211_TX_UNICAST)
516 517 518 519 520
		return ieee80211_tx_h_unicast_ps_buf(tx);
	else
		return ieee80211_tx_h_multicast_ps_buf(tx);
}

521 522 523 524 525 526 527 528 529 530 531 532
static ieee80211_tx_result debug_noinline
ieee80211_tx_h_check_control_port_protocol(struct ieee80211_tx_data *tx)
{
	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);

	if (unlikely(tx->sdata->control_port_protocol == tx->skb->protocol &&
		     tx->sdata->control_port_no_encrypt))
		info->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;

	return TX_CONTINUE;
}

533
static ieee80211_tx_result debug_noinline
534
ieee80211_tx_h_select_key(struct ieee80211_tx_data *tx)
535
{
536
	struct ieee80211_key *key = NULL;
537
	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
538
	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
539

Johannes Berg's avatar
Johannes Berg committed
540
	if (unlikely(info->flags & IEEE80211_TX_INTFL_DONT_ENCRYPT))
541
		tx->key = NULL;
542
	else if (tx->sta && (key = rcu_dereference(tx->sta->ptk)))
543
		tx->key = key;
544
	else if (ieee80211_is_mgmt(hdr->frame_control) &&
545 546
		 is_multicast_ether_addr(hdr->addr1) &&
		 ieee80211_is_robust_mgmt_frame(hdr) &&
547 548
		 (key = rcu_dereference(tx->sdata->default_mgmt_key)))
		tx->key = key;
549 550 551 552 553
	else if (is_multicast_ether_addr(hdr->addr1) &&
		 (key = rcu_dereference(tx->sdata->default_multicast_key)))
		tx->key = key;
	else if (!is_multicast_ether_addr(hdr->addr1) &&
		 (key = rcu_dereference(tx->sdata->default_unicast_key)))
554
		tx->key = key;
555
	else if (tx->sdata->drop_unencrypted &&
556
		 (tx->skb->protocol != tx->sdata->control_port_protocol) &&
557 558 559 560
		 !(info->flags & IEEE80211_TX_CTL_INJECTED) &&
		 (!ieee80211_is_robust_mgmt_frame(hdr) ||
		  (ieee80211_is_action(hdr->frame_control) &&
		   tx->sta && test_sta_flags(tx->sta, WLAN_STA_MFP)))) {
561
		I802_DEBUG_INC(tx->local->tx_handlers_drop_unencrypted);
562
		return TX_DROP;
563
	} else
564 565 566
		tx->key = NULL;

	if (tx->key) {
567 568
		bool skip_hw = false;

569
		tx->key->tx_rx_count++;
570
		/* TODO: add threshold stuff again */
571

572 573 574
		switch (tx->key->conf.cipher) {
		case WLAN_CIPHER_SUITE_WEP40:
		case WLAN_CIPHER_SUITE_WEP104:
575
			if (ieee80211_is_auth(hdr->frame_control))
576
				break;
577
		case WLAN_CIPHER_SUITE_TKIP:
578
			if (!ieee80211_is_data_present(hdr->frame_control))
579 580
				tx->key = NULL;
			break;
581
		case WLAN_CIPHER_SUITE_CCMP:
582 583 584 585
			if (!ieee80211_is_data_present(hdr->frame_control) &&
			    !ieee80211_use_mfp(hdr->frame_control, tx->sta,
					       tx->skb))
				tx->key = NULL;
586 587 588 589
			else
				skip_hw = (tx->key->conf.flags &
					   IEEE80211_KEY_FLAG_SW_MGMT) &&
					ieee80211_is_mgmt(hdr->frame_control);
590
			break;
591
		case WLAN_CIPHER_SUITE_AES_CMAC:
592 593 594
			if (!ieee80211_is_mgmt(hdr->frame_control))
				tx->key = NULL;
			break;
595
		}
596

597 598 599
		if (unlikely(tx->key && tx->key->flags & KEY_FLAG_TAINTED))
			return TX_DROP;

600
		if (!skip_hw && tx->key &&
Johannes Berg's avatar
Johannes Berg committed
601
		    tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE)
602
			info->control.hw_key = &tx->key->conf;
603 604
	}

605
	return TX_CONTINUE;
606 607
}

608
static ieee80211_tx_result debug_noinline
609
ieee80211_tx_h_rate_ctrl(struct ieee80211_tx_data *tx)
610
{
611
	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
612 613 614
	struct ieee80211_hdr *hdr = (void *)tx->skb->data;
	struct ieee80211_supported_band *sband;
	struct ieee80211_rate *rate;
615 616
	int i;
	u32 len;
617 618
	bool inval = false, rts = false, short_preamble = false;
	struct ieee80211_tx_rate_control txrc;
619
	u32 sta_flags;
620

621
	memset(&txrc, 0, sizeof(txrc));
622

623
	sband = tx->local->hw.wiphy->bands[tx->channel->band];
624

625
	len = min_t(u32, tx->skb->len + FCS_LEN,
626
			 tx->local->hw.wiphy->frag_threshold);
627 628 629 630 631 632 633

	/* set up the tx rate control struct we give the RC algo */
	txrc.hw = local_to_hw(tx->local);
	txrc.sband = sband;
	txrc.bss_conf = &tx->sdata->vif.bss_conf;
	txrc.skb = tx->skb;
	txrc.reported_rate.idx = -1;
634 635 636 637 638
	txrc.rate_idx_mask = tx->sdata->rc_rateidx_mask[tx->channel->band];
	if (txrc.rate_idx_mask == (1 << sband->n_bitrates) - 1)
		txrc.max_rate_idx = -1;
	else
		txrc.max_rate_idx = fls(txrc.rate_idx_mask) - 1;
639 640
	txrc.bss = (tx->sdata->vif.type == NL80211_IFTYPE_AP ||
		    tx->sdata->vif.type == NL80211_IFTYPE_ADHOC);
641 642

	/* set up RTS protection if desired */
643
	if (len > tx->local->hw.wiphy->rts_threshold) {
644
		txrc.rts = rts = true;
645 646
	}

647 648 649 650 651 652 653 654 655 656
	/*
	 * Use short preamble if the BSS can handle it, but not for
	 * management frames unless we know the receiver can handle
	 * that -- the management frame might be to a station that
	 * just wants a probe response.
	 */
	if (tx->sdata->vif.bss_conf.use_short_preamble &&
	    (ieee80211_is_data(hdr->frame_control) ||
	     (tx->sta && test_sta_flags(tx->sta, WLAN_STA_SHORT_PREAMBLE))))
		txrc.short_preamble = short_preamble = true;
657

658 659 660 661 662 663
	sta_flags = tx->sta ? get_sta_flags(tx->sta) : 0;

	/*
	 * Lets not bother rate control if we're associated and cannot
	 * talk to the sta. This should not happen.
	 */
664
	if (WARN(test_bit(SCAN_SW_SCANNING, &tx->local->scanning) &&
665 666 667 668 669
		 (sta_flags & WLAN_STA_ASSOC) &&
		 !rate_usable_index_exists(sband, &tx->sta->sta),
		 "%s: Dropped data frame as no usable bitrate found while "
		 "scanning and associated. Target station: "
		 "%pM on %d GHz band\n",
670
		 tx->sdata->name, hdr->addr1,
671 672
		 tx->channel->band ? 5 : 2))
		return TX_DROP;
673

674 675 676 677
	/*
	 * If we're associated with the sta at this point we know we can at
	 * least send the frame at the lowest bit rate.
	 */
678 679 680 681 682
	rate_control_get_rate(tx->sdata, tx->sta, &txrc);

	if (unlikely(info->control.rates[0].idx < 0))
		return TX_DROP;

683
	if (txrc.reported_rate.idx < 0) {
684
		txrc.reported_rate = info->control.rates[0];
685 686 687
		if (tx->sta && ieee80211_is_data(hdr->frame_control))
			tx->sta->last_tx_rate = txrc.reported_rate;
	} else if (tx->sta)
688
		tx->sta->last_tx_rate = txrc.reported_rate;
689

690 691
	if (unlikely(!info->control.rates[0].count))
		info->control.rates[0].count = 1;
692

693 694 695 696
	if (WARN_ON_ONCE((info->control.rates[0].count > 1) &&
			 (info->flags & IEEE80211_TX_CTL_NO_ACK)))
		info->control.rates[0].count = 1;

697 698 699 700 701
	if (is_multicast_ether_addr(hdr->addr1)) {
		/*
		 * XXX: verify the rate is in the basic rateset
		 */
		return TX_CONTINUE;
702 703
	}

704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728
	/*
	 * set up the RTS/CTS rate as the fastest basic rate
	 * that is not faster than the data rate
	 *
	 * XXX: Should this check all retry rates?
	 */
	if (!(info->control.rates[0].flags & IEEE80211_TX_RC_MCS)) {
		s8 baserate = 0;

		rate = &sband->bitrates[info->control.rates[0].idx];

		for (i = 0; i < sband->n_bitrates; i++) {
			/* must be a basic rate */
			if (!(tx->sdata->vif.bss_conf.basic_rates & BIT(i)))
				continue;
			/* must not be faster than the data rate */
			if (sband->bitrates[i].bitrate > rate->bitrate)
				continue;
			/* maximum */
			if (sband->bitrates[baserate].bitrate <
			     sband->bitrates[i].bitrate)
				baserate = i;
		}

		info->control.rts_cts_rate_idx = baserate;
729 730
	}

731 732 733 734 735 736 737 738 739 740 741 742 743 744
	for (i = 0; i < IEEE80211_TX_MAX_RATES; i++) {
		/*
		 * make sure there's no valid rate following
		 * an invalid one, just in case drivers don't
		 * take the API seriously to stop at -1.
		 */
		if (inval) {
			info->control.rates[i].idx = -1;
			continue;
		}
		if (info->control.rates[i].idx < 0) {
			inval = true;
			continue;
		}
745

746 747 748 749 750 751 752 753
		/*
		 * For now assume MCS is already set up correctly, this
		 * needs to be fixed.
		 */
		if (info->control.rates[i].flags & IEEE80211_TX_RC_MCS) {
			WARN_ON(info->control.rates[i].idx > 76);
			continue;
		}
754

755 756 757 758
		/* set up RTS protection if desired */
		if (rts)
			info->control.rates[i].flags |=
				IEEE80211_TX_RC_USE_RTS_CTS;
759

760
		/* RC is busted */
761 762
		if (WARN_ON_ONCE(info->control.rates[i].idx >=
				 sband->n_bitrates)) {
763 764
			info->control.rates[i].idx = -1;
			continue;
765
		}
766

767 768 769 770 771 772 773 774 775 776 777 778 779
		rate = &sband->bitrates[info->control.rates[i].idx];

		/* set up short preamble */
		if (short_preamble &&
		    rate->flags & IEEE80211_RATE_SHORT_PREAMBLE)
			info->control.rates[i].flags |=
				IEEE80211_TX_RC_USE_SHORT_PREAMBLE;

		/* set up G protection */
		if (!rts && tx->sdata->vif.bss_conf.use_cts_prot &&
		    rate->flags & IEEE80211_RATE_ERP_G)
			info->control.rates[i].flags |=
				IEEE80211_TX_RC_USE_CTS_PROTECT;
780 781
	}

782 783 784
	return TX_CONTINUE;
}

785 786 787 788 789 790 791 792 793
static ieee80211_tx_result debug_noinline
ieee80211_tx_h_sequence(struct ieee80211_tx_data *tx)
{
	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
	u16 *seq;
	u8 *qc;
	int tid;

794 795 796 797 798
	/*
	 * Packet injection may want to control the sequence
	 * number, if we have no matching interface then we
	 * neither assign one ourselves nor ask the driver to.
	 */
799
	if (unlikely(info->control.vif->type == NL80211_IFTYPE_MONITOR))
800 801
		return TX_CONTINUE;

802 803 804 805 806 807
	if (unlikely(ieee80211_is_ctl(hdr->frame_control)))
		return TX_CONTINUE;

	if (ieee80211_hdrlen(hdr->frame_control) < 24)
		return TX_CONTINUE;

808 809 810 811 812
	/*
	 * Anything but QoS data that has a sequence number field
	 * (is long enough) gets a sequence number from the global
	 * counter.
	 */
813
	if (!ieee80211_is_data_qos(hdr->frame_control)) {
814
		/* driver should assign sequence number */
815
		info->flags |= IEEE80211_TX_CTL_ASSIGN_SEQ;
816 817 818
		/* for pure STA mode without beacons, we can do it */
		hdr->seq_ctrl = cpu_to_le16(tx->sdata->sequence_number);
		tx->sdata->sequence_number += 0x10;
819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843
		return TX_CONTINUE;
	}

	/*
	 * This should be true for injected/management frames only, for
	 * management frames we have set the IEEE80211_TX_CTL_ASSIGN_SEQ
	 * above since they are not QoS-data frames.
	 */
	if (!tx->sta)
		return TX_CONTINUE;

	/* include per-STA, per-TID sequence counter */

	qc = ieee80211_get_qos_ctl(hdr);
	tid = *qc & IEEE80211_QOS_CTL_TID_MASK;
	seq = &tx->sta->tid_seq[tid];

	hdr->seq_ctrl = cpu_to_le16(*seq);

	/* Increase the sequence number. */
	*seq = (*seq + 0x10) & IEEE80211_SCTL_SEQ;

	return TX_CONTINUE;
}

844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888
static int ieee80211_fragment(struct ieee80211_local *local,
			      struct sk_buff *skb, int hdrlen,
			      int frag_threshold)
{
	struct sk_buff *tail = skb, *tmp;
	int per_fragm = frag_threshold - hdrlen - FCS_LEN;
	int pos = hdrlen + per_fragm;
	int rem = skb->len - hdrlen - per_fragm;

	if (WARN_ON(rem < 0))
		return -EINVAL;

	while (rem) {
		int fraglen = per_fragm;

		if (fraglen > rem)
			fraglen = rem;
		rem -= fraglen;
		tmp = dev_alloc_skb(local->tx_headroom +
				    frag_threshold +
				    IEEE80211_ENCRYPT_HEADROOM +
				    IEEE80211_ENCRYPT_TAILROOM);
		if (!tmp)
			return -ENOMEM;
		tail->next = tmp;
		tail = tmp;
		skb_reserve(tmp, local->tx_headroom +
				 IEEE80211_ENCRYPT_HEADROOM);
		/* copy control information */
		memcpy(tmp->cb, skb->cb, sizeof(tmp->cb));
		skb_copy_queue_mapping(tmp, skb);
		tmp->priority = skb->priority;
		tmp->dev = skb->dev;

		/* copy header and data */
		memcpy(skb_put(tmp, hdrlen), skb->data, hdrlen);
		memcpy(skb_put(tmp, fraglen), skb->data + pos, fraglen);

		pos += fraglen;
	}

	skb->len = hdrlen + per_fragm;
	return 0;
}

889
static ieee80211_tx_result debug_noinline
890 891
ieee80211_tx_h_fragment(struct ieee80211_tx_data *tx)
{
892 893 894
	struct sk_buff *skb = tx->skb;
	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
	struct ieee80211_hdr *hdr = (void *)skb->data;
895
	int frag_threshold = tx->local->hw.wiphy->frag_threshold;
896 897
	int hdrlen;
	int fragnum;
898 899 900 901

	if (!(tx->flags & IEEE80211_TX_FRAGMENTED))
		return TX_CONTINUE;

902 903
	/*
	 * Warn when submitting a fragmented A-MPDU frame and drop it.
Johannes Berg's avatar
Johannes Berg committed
904
	 * This scenario is handled in ieee80211_tx_prepare but extra
905
	 * caution taken here as fragmented ampdu may cause Tx stop.
906
	 */
Sujith's avatar
Sujith committed
907
	if (WARN_ON(info->flags & IEEE80211_TX_CTL_AMPDU))
908 909
		return TX_DROP;

910
	hdrlen = ieee80211_hdrlen(hdr->frame_control);
911

912
	/* internal error, why is TX_FRAGMENTED set? */
913
	if (WARN_ON(skb->len + FCS_LEN <= frag_threshold))
914
		return TX_DROP;
915

916 917 918 919 920 921 922 923 924 925
	/*
	 * Now fragment the frame. This will allocate all the fragments and
	 * chain them (using skb as the first fragment) to skb->next.
	 * During transmission, we will remove the successfully transmitted
	 * fragments from this list. When the low-level driver rejects one
	 * of the fragments then we will simply pretend to accept the skb
	 * but store it away as pending.
	 */
	if (ieee80211_fragment(tx->local, skb, hdrlen, frag_threshold))
		return TX_DROP;
926

927 928 929 930 931
	/* update duration/seq/flags of fragments */
	fragnum = 0;
	do {
		int next_len;
		const __le16 morefrags = cpu_to_le16(IEEE80211_FCTL_MOREFRAGS);
932

933 934
		hdr = (void *)skb->data;
		info = IEEE80211_SKB_CB(skb);
935

936 937 938
		if (skb->next) {
			hdr->frame_control |= morefrags;
			next_len = skb->next->len;
939 940 941 942 943 944 945 946 947 948
			/*
			 * No multi-rate retries for fragmented frames, that
			 * would completely throw off the NAV at other STAs.
			 */
			info->control.rates[1].idx = -1;
			info->control.rates[2].idx = -1;
			info->control.rates[3].idx = -1;
			info->control.rates[4].idx = -1;
			BUILD_BUG_ON(IEEE80211_TX_MAX_RATES != 5);
			info->flags &= ~IEEE80211_TX_CTL_RATE_CTRL_PROBE;
949 950 951
		} else {
			hdr->frame_control &= ~morefrags;
			next_len = 0;
952
		}
953 954 955 956
		hdr->duration_id = ieee80211_duration(tx, 0, next_len);
		hdr->seq_ctrl |= cpu_to_le16(fragnum & IEEE80211_SCTL_FRAG);
		fragnum++;
	} while ((skb = skb->next));
957

958
	return TX_CONTINUE;
959 960
}

961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977
static ieee80211_tx_result debug_noinline
ieee80211_tx_h_stats(struct ieee80211_tx_data *tx)
{
	struct sk_buff *skb = tx->skb;

	if (!tx->sta)
		return TX_CONTINUE;

	tx->sta->tx_packets++;
	do {
		tx->sta->tx_fragments++;
		tx->sta->tx_bytes += skb->len;
	} while ((skb = skb->next));

	return TX_CONTINUE;
}