tx.c 71.4 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
/*
 * Copyright 2002-2005, Instant802 Networks, Inc.
 * Copyright 2005-2006, Devicescape Software, Inc.
 * Copyright 2006-2007	Jiri Benc <jbenc@suse.cz>
 * Copyright 2007	Johannes Berg <johannes@sipsolutions.net>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 *
 *
 * Transmit and frame generation functions.
 */

#include <linux/kernel.h>
#include <linux/slab.h>
#include <linux/skbuff.h>
#include <linux/etherdevice.h>
#include <linux/bitmap.h>
20
#include <linux/rcupdate.h>
21
#include <net/net_namespace.h>
22
23
24
25
26
27
#include <net/ieee80211_radiotap.h>
#include <net/cfg80211.h>
#include <net/mac80211.h>
#include <asm/unaligned.h>

#include "ieee80211_i.h"
28
#include "driver-ops.h"
Johannes Berg's avatar
Johannes Berg committed
29
#include "led.h"
30
#include "mesh.h"
31
32
33
#include "wep.h"
#include "wpa.h"
#include "wme.h"
Johannes Berg's avatar
Johannes Berg committed
34
#include "rate.h"
35
36
37

/* misc utils */

Johannes Berg's avatar
Johannes Berg committed
38
39
static __le16 ieee80211_duration(struct ieee80211_tx_data *tx, int group_addr,
				 int next_frag_len)
40
41
{
	int rate, mrate, erp, dur, i;
42
	struct ieee80211_rate *txrate;
43
	struct ieee80211_local *local = tx->local;
44
	struct ieee80211_supported_band *sband;
45
	struct ieee80211_hdr *hdr;
46
47
48
49
50
51
52
53
54
	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);

	/* assume HW handles this */
	if (info->control.rates[0].flags & IEEE80211_TX_RC_MCS)
		return 0;

	/* uh huh? */
	if (WARN_ON_ONCE(info->control.rates[0].idx < 0))
		return 0;
55

56
	sband = local->hw.wiphy->bands[tx->channel->band];
57
	txrate = &sband->bitrates[info->control.rates[0].idx];
58

59
	erp = txrate->flags & IEEE80211_RATE_ERP_G;
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77

	/*
	 * data and mgmt (except PS Poll):
	 * - during CFP: 32768
	 * - during contention period:
	 *   if addr1 is group address: 0
	 *   if more fragments = 0 and addr1 is individual address: time to
	 *      transmit one ACK plus SIFS
	 *   if more fragments = 1 and addr1 is individual address: time to
	 *      transmit next fragment plus 2 x ACK plus 3 x SIFS
	 *
	 * IEEE 802.11, 9.6:
	 * - control response frame (CTS or ACK) shall be transmitted using the
	 *   same rate as the immediately previous frame in the frame exchange
	 *   sequence, if this rate belongs to the PHY mandatory rates, or else
	 *   at the highest possible rate belonging to the PHY rates in the
	 *   BSSBasicRateSet
	 */
78
79
	hdr = (struct ieee80211_hdr *)tx->skb->data;
	if (ieee80211_is_ctl(hdr->frame_control)) {
80
		/* TODO: These control frames are not currently sent by
81
		 * mac80211, but should they be implemented, this function
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
		 * needs to be updated to support duration field calculation.
		 *
		 * RTS: time needed to transmit pending data/mgmt frame plus
		 *    one CTS frame plus one ACK frame plus 3 x SIFS
		 * CTS: duration of immediately previous RTS minus time
		 *    required to transmit CTS and its SIFS
		 * ACK: 0 if immediately previous directed data/mgmt had
		 *    more=0, with more=1 duration in ACK frame is duration
		 *    from previous frame minus time needed to transmit ACK
		 *    and its SIFS
		 * PS Poll: BIT(15) | BIT(14) | aid
		 */
		return 0;
	}

	/* data/mgmt */
	if (0 /* FIX: data/mgmt during CFP */)
Johannes Berg's avatar
Johannes Berg committed
99
		return cpu_to_le16(32768);
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114

	if (group_addr) /* Group address as the destination - no ACK */
		return 0;

	/* Individual destination address:
	 * IEEE 802.11, Ch. 9.6 (after IEEE 802.11g changes)
	 * CTS and ACK frames shall be transmitted using the highest rate in
	 * basic rate set that is less than or equal to the rate of the
	 * immediately previous frame and that is using the same modulation
	 * (CCK or OFDM). If no basic rate set matches with these requirements,
	 * the highest mandatory rate of the PHY that is less than or equal to
	 * the rate of the previous frame is used.
	 * Mandatory rates for IEEE 802.11g PHY: 1, 2, 5.5, 11, 6, 12, 24 Mbps
	 */
	rate = -1;
115
116
117
118
	/* use lowest available if everything fails */
	mrate = sband->bitrates[0].bitrate;
	for (i = 0; i < sband->n_bitrates; i++) {
		struct ieee80211_rate *r = &sband->bitrates[i];
119

120
121
		if (r->bitrate > txrate->bitrate)
			break;
122

123
		if (tx->sdata->vif.bss_conf.basic_rates & BIT(i))
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
			rate = r->bitrate;

		switch (sband->band) {
		case IEEE80211_BAND_2GHZ: {
			u32 flag;
			if (tx->sdata->flags & IEEE80211_SDATA_OPERATING_GMODE)
				flag = IEEE80211_RATE_MANDATORY_G;
			else
				flag = IEEE80211_RATE_MANDATORY_B;
			if (r->flags & flag)
				mrate = r->bitrate;
			break;
		}
		case IEEE80211_BAND_5GHZ:
			if (r->flags & IEEE80211_RATE_MANDATORY_A)
				mrate = r->bitrate;
			break;
		case IEEE80211_NUM_BANDS:
			WARN_ON(1);
			break;
		}
145
146
147
148
149
150
151
152
153
154
155
156
	}
	if (rate == -1) {
		/* No matching basic rate found; use highest suitable mandatory
		 * PHY rate */
		rate = mrate;
	}

	/* Time needed to transmit ACK
	 * (10 bytes + 4-byte FCS = 112 bits) plus SIFS; rounded up
	 * to closest integer */

	dur = ieee80211_frame_duration(local, 10, rate, erp,
157
				tx->sdata->vif.bss_conf.use_short_preamble);
158
159
160
161
162
163
164

	if (next_frag_len) {
		/* Frame is fragmented: duration increases with time needed to
		 * transmit next fragment plus ACK and 2 x SIFS. */
		dur *= 2; /* ACK + SIFS */
		/* next fragment */
		dur += ieee80211_frame_duration(local, next_frag_len,
165
				txrate->bitrate, erp,
166
				tx->sdata->vif.bss_conf.use_short_preamble);
167
168
	}

Johannes Berg's avatar
Johannes Berg committed
169
	return cpu_to_le16(dur);
170
171
}

172
static inline int is_ieee80211_device(struct ieee80211_local *local,
173
				      struct net_device *dev)
174
{
175
	return local == wdev_priv(dev->ieee80211_ptr);
176
177
178
}

/* tx handlers */
179
180
181
182
static ieee80211_tx_result debug_noinline
ieee80211_tx_h_dynamic_ps(struct ieee80211_tx_data *tx)
{
	struct ieee80211_local *local = tx->local;
183
	struct ieee80211_if_managed *ifmgd;
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207

	/* driver doesn't support power save */
	if (!(local->hw.flags & IEEE80211_HW_SUPPORTS_PS))
		return TX_CONTINUE;

	/* hardware does dynamic power save */
	if (local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_PS)
		return TX_CONTINUE;

	/* dynamic power save disabled */
	if (local->hw.conf.dynamic_ps_timeout <= 0)
		return TX_CONTINUE;

	/* we are scanning, don't enable power save */
	if (local->scanning)
		return TX_CONTINUE;

	if (!local->ps_sdata)
		return TX_CONTINUE;

	/* No point if we're going to suspend */
	if (local->quiescing)
		return TX_CONTINUE;

208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
	/* dynamic ps is supported only in managed mode */
	if (tx->sdata->vif.type != NL80211_IFTYPE_STATION)
		return TX_CONTINUE;

	ifmgd = &tx->sdata->u.mgd;

	/*
	 * Don't wakeup from power save if u-apsd is enabled, voip ac has
	 * u-apsd enabled and the frame is in voip class. This effectively
	 * means that even if all access categories have u-apsd enabled, in
	 * practise u-apsd is only used with the voip ac. This is a
	 * workaround for the case when received voip class packets do not
	 * have correct qos tag for some reason, due the network or the
	 * peer application.
	 *
	 * Note: local->uapsd_queues access is racy here. If the value is
	 * changed via debugfs, user needs to reassociate manually to have
	 * everything in sync.
	 */
	if ((ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED)
	    && (local->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO)
	    && skb_get_queue_mapping(tx->skb) == 0)
		return TX_CONTINUE;

232
233
234
	if (local->hw.conf.flags & IEEE80211_CONF_PS) {
		ieee80211_stop_queues_by_reason(&local->hw,
						IEEE80211_QUEUE_STOP_REASON_PS);
235
		ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED;
236
237
238
239
		ieee80211_queue_work(&local->hw,
				     &local->dynamic_ps_disable_work);
	}

240
241
242
243
	/* Don't restart the timer if we're not disassociated */
	if (!ifmgd->associated)
		return TX_CONTINUE;

244
245
246
247
248
	mod_timer(&local->dynamic_ps_timer, jiffies +
		  msecs_to_jiffies(local->hw.conf.dynamic_ps_timeout));

	return TX_CONTINUE;
}
249

250
static ieee80211_tx_result debug_noinline
251
ieee80211_tx_h_check_assoc(struct ieee80211_tx_data *tx)
252
{
253

254
255
	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
256
	bool assoc = false;
257

258
	if (unlikely(info->flags & IEEE80211_TX_CTL_INJECTED))
259
		return TX_CONTINUE;
260

261
262
	if (unlikely(test_bit(SCAN_SW_SCANNING, &tx->local->scanning)) &&
	    test_bit(SDATA_STATE_OFFCHANNEL, &tx->sdata->state) &&
263
264
265
266
267
268
269
270
271
272
273
274
275
	    !ieee80211_is_probe_req(hdr->frame_control) &&
	    !ieee80211_is_nullfunc(hdr->frame_control))
		/*
		 * When software scanning only nullfunc frames (to notify
		 * the sleep state to the AP) and probe requests (for the
		 * active scan) are allowed, all other frames should not be
		 * sent and we should not get here, but if we do
		 * nonetheless, drop them to avoid sending them
		 * off-channel. See the link below and
		 * ieee80211_start_scan() for more.
		 *
		 * http://article.gmane.org/gmane.linux.kernel.wireless.general/30089
		 */
276
		return TX_DROP;
277

Bill Jordan's avatar
Bill Jordan committed
278
279
280
	if (tx->sdata->vif.type == NL80211_IFTYPE_WDS)
		return TX_CONTINUE;

281
	if (tx->sdata->vif.type == NL80211_IFTYPE_MESH_POINT)
282
283
		return TX_CONTINUE;

284
	if (tx->flags & IEEE80211_TX_PS_BUFFERED)
285
		return TX_CONTINUE;
286

287
288
	if (tx->sta)
		assoc = test_sta_flag(tx->sta, WLAN_STA_ASSOC);
289

290
	if (likely(tx->flags & IEEE80211_TX_UNICAST)) {
291
		if (unlikely(!assoc &&
292
			     tx->sdata->vif.type != NL80211_IFTYPE_ADHOC &&
293
			     ieee80211_is_data(hdr->frame_control))) {
294
295
#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
			printk(KERN_DEBUG "%s: dropped data frame to not "
296
			       "associated station %pM\n",
297
			       tx->sdata->name, hdr->addr1);
298
299
#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
			I802_DEBUG_INC(tx->local->tx_handlers_drop_not_assoc);
300
			return TX_DROP;
301
302
		}
	} else {
303
		if (unlikely(ieee80211_is_data(hdr->frame_control) &&
304
			     tx->local->num_sta == 0 &&
305
			     tx->sdata->vif.type != NL80211_IFTYPE_ADHOC)) {
306
307
308
309
			/*
			 * No associated STAs - no need to send multicast
			 * frames.
			 */
310
			return TX_DROP;
311
		}
312
		return TX_CONTINUE;
313
314
	}

315
	return TX_CONTINUE;
316
317
318
319
320
321
322
323
324
325
326
327
328
}

/* This function is called whenever the AP is about to exceed the maximum limit
 * of buffered frames for power saving STAs. This situation should not really
 * happen often during normal operation, so dropping the oldest buffered packet
 * from each queue should be OK to make some room for new frames. */
static void purge_old_ps_buffers(struct ieee80211_local *local)
{
	int total = 0, purged = 0;
	struct sk_buff *skb;
	struct ieee80211_sub_if_data *sdata;
	struct sta_info *sta;

329
330
331
332
333
334
	/*
	 * virtual interfaces are protected by RCU
	 */
	rcu_read_lock();

	list_for_each_entry_rcu(sdata, &local->interfaces, list) {
335
		struct ieee80211_if_ap *ap;
336
		if (sdata->vif.type != NL80211_IFTYPE_AP)
337
338
339
340
341
342
343
344
345
346
			continue;
		ap = &sdata->u.ap;
		skb = skb_dequeue(&ap->ps_bc_buf);
		if (skb) {
			purged++;
			dev_kfree_skb(skb);
		}
		total += skb_queue_len(&ap->ps_bc_buf);
	}

347
348
349
350
	/*
	 * Drop one frame from each station from the lowest-priority
	 * AC that has frames at all.
	 */
351
	list_for_each_entry_rcu(sta, &local->sta_list, list) {
352
353
354
355
356
357
358
359
360
361
		int ac;

		for (ac = IEEE80211_AC_BK; ac >= IEEE80211_AC_VO; ac--) {
			skb = skb_dequeue(&sta->ps_tx_buf[ac]);
			total += skb_queue_len(&sta->ps_tx_buf[ac]);
			if (skb) {
				purged++;
				dev_kfree_skb(skb);
				break;
			}
362
363
		}
	}
364
365

	rcu_read_unlock();
366
367

	local->total_ps_buffered = total;
368
#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
Joe Perches's avatar
Joe Perches committed
369
370
	wiphy_debug(local->hw.wiphy, "PS buffers full - purged %d frames\n",
		    purged);
371
#endif
372
373
}

374
static ieee80211_tx_result
375
ieee80211_tx_h_multicast_ps_buf(struct ieee80211_tx_data *tx)
376
{
377
	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
378
	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
379

380
381
382
383
384
385
386
387
	/*
	 * broadcast/multicast frame
	 *
	 * If any of the associated stations is in power save mode,
	 * the frame is buffered to be sent after DTIM beacon frame.
	 * This is done either by the hardware or us.
	 */

388
389
390
391
392
	/* powersaving STAs only in AP/VLAN mode */
	if (!tx->sdata->bss)
		return TX_CONTINUE;

	/* no buffering for ordered frames */
393
	if (ieee80211_has_order(hdr->frame_control))
394
		return TX_CONTINUE;
395
396
397

	/* no stations in PS mode */
	if (!atomic_read(&tx->sdata->bss->num_sta_ps))
398
		return TX_CONTINUE;
399

400
	info->flags |= IEEE80211_TX_CTL_SEND_AFTER_DTIM;
401

402
403
	/* device releases frame after DTIM beacon */
	if (!(tx->local->hw.flags & IEEE80211_HW_HOST_BROADCAST_PS_BUFFERING))
404
405
		return TX_CONTINUE;

406
	/* buffered in mac80211 */
407
408
409
410
	if (tx->local->total_ps_buffered >= TOTAL_MAX_TX_BUFFER)
		purge_old_ps_buffers(tx->local);

	if (skb_queue_len(&tx->sdata->bss->ps_bc_buf) >= AP_MAX_BC_BUFFER) {
411
#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
412
413
		if (net_ratelimit())
			printk(KERN_DEBUG "%s: BC TX buffer full - dropping the oldest frame\n",
414
			       tx->sdata->name);
415
#endif
416
417
418
		dev_kfree_skb(skb_dequeue(&tx->sdata->bss->ps_bc_buf));
	} else
		tx->local->total_ps_buffered++;
419

420
	skb_queue_tail(&tx->sdata->bss->ps_bc_buf, tx->skb);
421

422
	return TX_QUEUED;
423
424
}

425
426
427
428
429
430
static int ieee80211_use_mfp(__le16 fc, struct sta_info *sta,
			     struct sk_buff *skb)
{
	if (!ieee80211_is_mgmt(fc))
		return 0;

431
	if (sta == NULL || !test_sta_flag(sta, WLAN_STA_MFP))
432
433
434
435
436
437
438
439
440
		return 0;

	if (!ieee80211_is_robust_mgmt_frame((struct ieee80211_hdr *)
					    skb->data))
		return 0;

	return 1;
}

441
static ieee80211_tx_result
442
ieee80211_tx_h_unicast_ps_buf(struct ieee80211_tx_data *tx)
443
444
{
	struct sta_info *sta = tx->sta;
445
	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
446
	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
447
	struct ieee80211_local *local = tx->local;
448

449
450
451
452
453
	if (unlikely(!sta ||
		     ieee80211_is_probe_resp(hdr->frame_control) ||
		     ieee80211_is_auth(hdr->frame_control) ||
		     ieee80211_is_assoc_resp(hdr->frame_control) ||
		     ieee80211_is_reassoc_resp(hdr->frame_control)))
454
		return TX_CONTINUE;
455

456
457
	if (unlikely((test_sta_flag(sta, WLAN_STA_PS_STA) ||
		      test_sta_flag(sta, WLAN_STA_PS_DRIVER)) &&
Johannes Berg's avatar
Johannes Berg committed
458
		     !(info->flags & IEEE80211_TX_CTL_POLL_RESPONSE))) {
459
460
		int ac = skb_get_queue_mapping(tx->skb);

461
#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
462
463
		printk(KERN_DEBUG "STA %pM aid %d: PS buffer for AC %d\n",
		       sta->sta.addr, sta->sta.aid, ac);
464
465
466
#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
		if (tx->local->total_ps_buffered >= TOTAL_MAX_TX_BUFFER)
			purge_old_ps_buffers(tx->local);
467
468
		if (skb_queue_len(&sta->ps_tx_buf[ac]) >= STA_MAX_TX_BUFFER) {
			struct sk_buff *old = skb_dequeue(&sta->ps_tx_buf[ac]);
469
#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
470
471
472
473
			if (net_ratelimit())
				printk(KERN_DEBUG "%s: STA %pM TX buffer for "
				       "AC %d full - dropping oldest frame\n",
				       tx->sdata->name, sta->sta.addr, ac);
474
#endif
475
476
477
			dev_kfree_skb(old);
		} else
			tx->local->total_ps_buffered++;
478

479
		info->control.jiffies = jiffies;
480
		info->control.vif = &tx->sdata->vif;
481
		info->flags |= IEEE80211_TX_INTFL_NEED_TXPROCESSING;
482
		skb_queue_tail(&sta->ps_tx_buf[ac], tx->skb);
483
484
485
486
487
488

		if (!timer_pending(&local->sta_cleanup))
			mod_timer(&local->sta_cleanup,
				  round_jiffies(jiffies +
						STA_INFO_CLEANUP_INTERVAL));

489
490
491
492
493
494
		/*
		 * We queued up some frames, so the TIM bit might
		 * need to be set, recalculate it.
		 */
		sta_info_recalc_tim(sta);

495
		return TX_QUEUED;
496
497
	}
#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
498
	else if (unlikely(test_sta_flag(sta, WLAN_STA_PS_STA))) {
Johannes Berg's avatar
Johannes Berg committed
499
500
501
		printk(KERN_DEBUG
		       "%s: STA %pM in PS mode, but polling/in SP -> send frame\n",
		       tx->sdata->name, sta->sta.addr);
502
503
504
	}
#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */

505
	return TX_CONTINUE;
506
507
}

508
static ieee80211_tx_result debug_noinline
509
ieee80211_tx_h_ps_buf(struct ieee80211_tx_data *tx)
510
{
511
	if (unlikely(tx->flags & IEEE80211_TX_PS_BUFFERED))
512
		return TX_CONTINUE;
513

514
	if (tx->flags & IEEE80211_TX_UNICAST)
515
516
517
518
519
		return ieee80211_tx_h_unicast_ps_buf(tx);
	else
		return ieee80211_tx_h_multicast_ps_buf(tx);
}

520
521
522
523
524
525
526
527
528
529
530
531
static ieee80211_tx_result debug_noinline
ieee80211_tx_h_check_control_port_protocol(struct ieee80211_tx_data *tx)
{
	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);

	if (unlikely(tx->sdata->control_port_protocol == tx->skb->protocol &&
		     tx->sdata->control_port_no_encrypt))
		info->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;

	return TX_CONTINUE;
}

532
static ieee80211_tx_result debug_noinline
533
ieee80211_tx_h_select_key(struct ieee80211_tx_data *tx)
534
{
535
	struct ieee80211_key *key = NULL;
536
	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
537
	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
538

Johannes Berg's avatar
Johannes Berg committed
539
	if (unlikely(info->flags & IEEE80211_TX_INTFL_DONT_ENCRYPT))
540
		tx->key = NULL;
541
	else if (tx->sta && (key = rcu_dereference(tx->sta->ptk)))
542
		tx->key = key;
543
	else if (ieee80211_is_mgmt(hdr->frame_control) &&
544
545
		 is_multicast_ether_addr(hdr->addr1) &&
		 ieee80211_is_robust_mgmt_frame(hdr) &&
546
547
		 (key = rcu_dereference(tx->sdata->default_mgmt_key)))
		tx->key = key;
548
549
550
551
552
	else if (is_multicast_ether_addr(hdr->addr1) &&
		 (key = rcu_dereference(tx->sdata->default_multicast_key)))
		tx->key = key;
	else if (!is_multicast_ether_addr(hdr->addr1) &&
		 (key = rcu_dereference(tx->sdata->default_unicast_key)))
553
		tx->key = key;
554
	else if (tx->sdata->drop_unencrypted &&
555
		 (tx->skb->protocol != tx->sdata->control_port_protocol) &&
556
557
558
		 !(info->flags & IEEE80211_TX_CTL_INJECTED) &&
		 (!ieee80211_is_robust_mgmt_frame(hdr) ||
		  (ieee80211_is_action(hdr->frame_control) &&
559
		   tx->sta && test_sta_flag(tx->sta, WLAN_STA_MFP)))) {
560
		I802_DEBUG_INC(tx->local->tx_handlers_drop_unencrypted);
561
		return TX_DROP;
562
	} else
563
564
565
		tx->key = NULL;

	if (tx->key) {
566
567
		bool skip_hw = false;

568
		tx->key->tx_rx_count++;
569
		/* TODO: add threshold stuff again */
570

571
572
573
		switch (tx->key->conf.cipher) {
		case WLAN_CIPHER_SUITE_WEP40:
		case WLAN_CIPHER_SUITE_WEP104:
574
			if (ieee80211_is_auth(hdr->frame_control))
575
				break;
576
		case WLAN_CIPHER_SUITE_TKIP:
577
			if (!ieee80211_is_data_present(hdr->frame_control))
578
579
				tx->key = NULL;
			break;
580
		case WLAN_CIPHER_SUITE_CCMP:
581
582
583
584
			if (!ieee80211_is_data_present(hdr->frame_control) &&
			    !ieee80211_use_mfp(hdr->frame_control, tx->sta,
					       tx->skb))
				tx->key = NULL;
585
586
587
588
			else
				skip_hw = (tx->key->conf.flags &
					   IEEE80211_KEY_FLAG_SW_MGMT) &&
					ieee80211_is_mgmt(hdr->frame_control);
589
			break;
590
		case WLAN_CIPHER_SUITE_AES_CMAC:
591
592
593
			if (!ieee80211_is_mgmt(hdr->frame_control))
				tx->key = NULL;
			break;
594
		}
595

596
597
598
		if (unlikely(tx->key && tx->key->flags & KEY_FLAG_TAINTED))
			return TX_DROP;

599
		if (!skip_hw && tx->key &&
Johannes Berg's avatar
Johannes Berg committed
600
		    tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE)
601
			info->control.hw_key = &tx->key->conf;
602
603
	}

604
	return TX_CONTINUE;
605
606
}

607
static ieee80211_tx_result debug_noinline
608
ieee80211_tx_h_rate_ctrl(struct ieee80211_tx_data *tx)
609
{
610
	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
611
612
613
	struct ieee80211_hdr *hdr = (void *)tx->skb->data;
	struct ieee80211_supported_band *sband;
	struct ieee80211_rate *rate;
614
615
	int i;
	u32 len;
616
617
	bool inval = false, rts = false, short_preamble = false;
	struct ieee80211_tx_rate_control txrc;
618
	bool assoc = false;
619

620
	memset(&txrc, 0, sizeof(txrc));
621

622
	sband = tx->local->hw.wiphy->bands[tx->channel->band];
623

624
	len = min_t(u32, tx->skb->len + FCS_LEN,
625
			 tx->local->hw.wiphy->frag_threshold);
626
627
628
629
630
631
632

	/* set up the tx rate control struct we give the RC algo */
	txrc.hw = local_to_hw(tx->local);
	txrc.sband = sband;
	txrc.bss_conf = &tx->sdata->vif.bss_conf;
	txrc.skb = tx->skb;
	txrc.reported_rate.idx = -1;
633
634
635
636
637
	txrc.rate_idx_mask = tx->sdata->rc_rateidx_mask[tx->channel->band];
	if (txrc.rate_idx_mask == (1 << sband->n_bitrates) - 1)
		txrc.max_rate_idx = -1;
	else
		txrc.max_rate_idx = fls(txrc.rate_idx_mask) - 1;
638
639
	txrc.bss = (tx->sdata->vif.type == NL80211_IFTYPE_AP ||
		    tx->sdata->vif.type == NL80211_IFTYPE_ADHOC);
640
641

	/* set up RTS protection if desired */
642
	if (len > tx->local->hw.wiphy->rts_threshold) {
643
		txrc.rts = rts = true;
644
645
	}

646
647
648
649
650
651
652
653
	/*
	 * Use short preamble if the BSS can handle it, but not for
	 * management frames unless we know the receiver can handle
	 * that -- the management frame might be to a station that
	 * just wants a probe response.
	 */
	if (tx->sdata->vif.bss_conf.use_short_preamble &&
	    (ieee80211_is_data(hdr->frame_control) ||
654
	     (tx->sta && test_sta_flag(tx->sta, WLAN_STA_SHORT_PREAMBLE))))
655
		txrc.short_preamble = short_preamble = true;
656

657
658
	if (tx->sta)
		assoc = test_sta_flag(tx->sta, WLAN_STA_ASSOC);
659
660
661
662
663

	/*
	 * Lets not bother rate control if we're associated and cannot
	 * talk to the sta. This should not happen.
	 */
664
	if (WARN(test_bit(SCAN_SW_SCANNING, &tx->local->scanning) && assoc &&
665
666
667
668
		 !rate_usable_index_exists(sband, &tx->sta->sta),
		 "%s: Dropped data frame as no usable bitrate found while "
		 "scanning and associated. Target station: "
		 "%pM on %d GHz band\n",
669
		 tx->sdata->name, hdr->addr1,
670
671
		 tx->channel->band ? 5 : 2))
		return TX_DROP;
672

673
674
675
676
	/*
	 * If we're associated with the sta at this point we know we can at
	 * least send the frame at the lowest bit rate.
	 */
677
678
679
680
681
	rate_control_get_rate(tx->sdata, tx->sta, &txrc);

	if (unlikely(info->control.rates[0].idx < 0))
		return TX_DROP;

682
	if (txrc.reported_rate.idx < 0) {
683
		txrc.reported_rate = info->control.rates[0];
684
685
686
		if (tx->sta && ieee80211_is_data(hdr->frame_control))
			tx->sta->last_tx_rate = txrc.reported_rate;
	} else if (tx->sta)
687
		tx->sta->last_tx_rate = txrc.reported_rate;
688

689
690
	if (unlikely(!info->control.rates[0].count))
		info->control.rates[0].count = 1;
691

692
693
694
695
	if (WARN_ON_ONCE((info->control.rates[0].count > 1) &&
			 (info->flags & IEEE80211_TX_CTL_NO_ACK)))
		info->control.rates[0].count = 1;

696
697
698
699
700
	if (is_multicast_ether_addr(hdr->addr1)) {
		/*
		 * XXX: verify the rate is in the basic rateset
		 */
		return TX_CONTINUE;
701
702
	}

703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
	/*
	 * set up the RTS/CTS rate as the fastest basic rate
	 * that is not faster than the data rate
	 *
	 * XXX: Should this check all retry rates?
	 */
	if (!(info->control.rates[0].flags & IEEE80211_TX_RC_MCS)) {
		s8 baserate = 0;

		rate = &sband->bitrates[info->control.rates[0].idx];

		for (i = 0; i < sband->n_bitrates; i++) {
			/* must be a basic rate */
			if (!(tx->sdata->vif.bss_conf.basic_rates & BIT(i)))
				continue;
			/* must not be faster than the data rate */
			if (sband->bitrates[i].bitrate > rate->bitrate)
				continue;
			/* maximum */
			if (sband->bitrates[baserate].bitrate <
			     sband->bitrates[i].bitrate)
				baserate = i;
		}

		info->control.rts_cts_rate_idx = baserate;
728
729
	}

730
731
732
733
734
735
736
737
738
739
740
741
742
743
	for (i = 0; i < IEEE80211_TX_MAX_RATES; i++) {
		/*
		 * make sure there's no valid rate following
		 * an invalid one, just in case drivers don't
		 * take the API seriously to stop at -1.
		 */
		if (inval) {
			info->control.rates[i].idx = -1;
			continue;
		}
		if (info->control.rates[i].idx < 0) {
			inval = true;
			continue;
		}
744

745
746
747
748
749
750
751
752
		/*
		 * For now assume MCS is already set up correctly, this
		 * needs to be fixed.
		 */
		if (info->control.rates[i].flags & IEEE80211_TX_RC_MCS) {
			WARN_ON(info->control.rates[i].idx > 76);
			continue;
		}
753

754
755
756
757
		/* set up RTS protection if desired */
		if (rts)
			info->control.rates[i].flags |=
				IEEE80211_TX_RC_USE_RTS_CTS;
758

759
		/* RC is busted */
760
761
		if (WARN_ON_ONCE(info->control.rates[i].idx >=
				 sband->n_bitrates)) {
762
763
			info->control.rates[i].idx = -1;
			continue;
764
		}
765

766
767
768
769
770
771
772
773
774
775
776
777
778
		rate = &sband->bitrates[info->control.rates[i].idx];

		/* set up short preamble */
		if (short_preamble &&
		    rate->flags & IEEE80211_RATE_SHORT_PREAMBLE)
			info->control.rates[i].flags |=
				IEEE80211_TX_RC_USE_SHORT_PREAMBLE;

		/* set up G protection */
		if (!rts && tx->sdata->vif.bss_conf.use_cts_prot &&
		    rate->flags & IEEE80211_RATE_ERP_G)
			info->control.rates[i].flags |=
				IEEE80211_TX_RC_USE_CTS_PROTECT;
779
780
	}

781
782
783
	return TX_CONTINUE;
}

784
785
786
787
788
789
790
791
792
static ieee80211_tx_result debug_noinline
ieee80211_tx_h_sequence(struct ieee80211_tx_data *tx)
{
	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
	u16 *seq;
	u8 *qc;
	int tid;

793
794
795
796
797
	/*
	 * Packet injection may want to control the sequence
	 * number, if we have no matching interface then we
	 * neither assign one ourselves nor ask the driver to.
	 */
798
	if (unlikely(info->control.vif->type == NL80211_IFTYPE_MONITOR))
799
800
		return TX_CONTINUE;

801
802
803
804
805
806
	if (unlikely(ieee80211_is_ctl(hdr->frame_control)))
		return TX_CONTINUE;

	if (ieee80211_hdrlen(hdr->frame_control) < 24)
		return TX_CONTINUE;

807
808
809
	if (ieee80211_is_qos_nullfunc(hdr->frame_control))
		return TX_CONTINUE;

810
811
812
813
814
	/*
	 * Anything but QoS data that has a sequence number field
	 * (is long enough) gets a sequence number from the global
	 * counter.
	 */
815
	if (!ieee80211_is_data_qos(hdr->frame_control)) {
816
		/* driver should assign sequence number */
817
		info->flags |= IEEE80211_TX_CTL_ASSIGN_SEQ;
818
819
820
		/* for pure STA mode without beacons, we can do it */
		hdr->seq_ctrl = cpu_to_le16(tx->sdata->sequence_number);
		tx->sdata->sequence_number += 0x10;
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
		return TX_CONTINUE;
	}

	/*
	 * This should be true for injected/management frames only, for
	 * management frames we have set the IEEE80211_TX_CTL_ASSIGN_SEQ
	 * above since they are not QoS-data frames.
	 */
	if (!tx->sta)
		return TX_CONTINUE;

	/* include per-STA, per-TID sequence counter */

	qc = ieee80211_get_qos_ctl(hdr);
	tid = *qc & IEEE80211_QOS_CTL_TID_MASK;
	seq = &tx->sta->tid_seq[tid];

	hdr->seq_ctrl = cpu_to_le16(*seq);

	/* Increase the sequence number. */
	*seq = (*seq + 0x10) & IEEE80211_SCTL_SEQ;

	return TX_CONTINUE;
}

846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
static int ieee80211_fragment(struct ieee80211_local *local,
			      struct sk_buff *skb, int hdrlen,
			      int frag_threshold)
{
	struct sk_buff *tail = skb, *tmp;
	int per_fragm = frag_threshold - hdrlen - FCS_LEN;
	int pos = hdrlen + per_fragm;
	int rem = skb->len - hdrlen - per_fragm;

	if (WARN_ON(rem < 0))
		return -EINVAL;

	while (rem) {
		int fraglen = per_fragm;

		if (fraglen > rem)
			fraglen = rem;
		rem -= fraglen;
		tmp = dev_alloc_skb(local->tx_headroom +
				    frag_threshold +
				    IEEE80211_ENCRYPT_HEADROOM +
				    IEEE80211_ENCRYPT_TAILROOM);
		if (!tmp)
			return -ENOMEM;
		tail->next = tmp;
		tail = tmp;
		skb_reserve(tmp, local->tx_headroom +
				 IEEE80211_ENCRYPT_HEADROOM);
		/* copy control information */
		memcpy(tmp->cb, skb->cb, sizeof(tmp->cb));
		skb_copy_queue_mapping(tmp, skb);
		tmp->priority = skb->priority;
		tmp->dev = skb->dev;

		/* copy header and data */
		memcpy(skb_put(tmp, hdrlen), skb->data, hdrlen);
		memcpy(skb_put(tmp, fraglen), skb->data + pos, fraglen);

		pos += fraglen;
	}

	skb->len = hdrlen + per_fragm;
	return 0;
}

891
static ieee80211_tx_result debug_noinline
892
893
ieee80211_tx_h_fragment(struct ieee80211_tx_data *tx)
{
894
895
896
	struct sk_buff *skb = tx->skb;
	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
	struct ieee80211_hdr *hdr = (void *)skb->data;
897
	int frag_threshold = tx->local->hw.wiphy->frag_threshold;
898
899
	int hdrlen;
	int fragnum;
900

901
902
903
904
	if (info->flags & IEEE80211_TX_CTL_DONTFRAG)
		return TX_CONTINUE;

	if (tx->local->ops->set_frag_threshold)
905
906
		return TX_CONTINUE;

907
908
	/*
	 * Warn when submitting a fragmented A-MPDU frame and drop it.
Johannes Berg's avatar
Johannes Berg committed
909
	 * This scenario is handled in ieee80211_tx_prepare but extra
910
	 * caution taken here as fragmented ampdu may cause Tx stop.
911
	 */
Sujith's avatar
Sujith committed
912
	if (WARN_ON(info->flags & IEEE80211_TX_CTL_AMPDU))
913
914
		return TX_DROP;

915
	hdrlen = ieee80211_hdrlen(hdr->frame_control);
916

917
	/* internal error, why isn't DONTFRAG set? */
918
	if (WARN_ON(skb->len + FCS_LEN <= frag_threshold))
919
		return TX_DROP;
920

921
922
923
924
925
926
927
928
929
930
	/*
	 * Now fragment the frame. This will allocate all the fragments and
	 * chain them (using skb as the first fragment) to skb->next.
	 * During transmission, we will remove the successfully transmitted
	 * fragments from this list. When the low-level driver rejects one
	 * of the fragments then we will simply pretend to accept the skb
	 * but store it away as pending.
	 */
	if (ieee80211_fragment(tx->local, skb, hdrlen, frag_threshold))
		return TX_DROP;
931

932
933
934
935
936
	/* update duration/seq/flags of fragments */
	fragnum = 0;
	do {
		int next_len;
		const __le16 morefrags = cpu_to_le16(IEEE80211_FCTL_MOREFRAGS);
937

938
939
		hdr = (void *)skb->data;
		info = IEEE80211_SKB_CB(skb);
940

941
942
943
		if (skb->next) {
			hdr->frame_control |= morefrags;
			next_len = skb->next->len;
944
945
946
947
948
949
950
951
952
953
			/*
			 * No multi-rate retries for fragmented frames, that
			 * would completely throw off the NAV at other STAs.
			 */
			info->control.rates[1].idx = -1;
			info->control.rates[2].idx = -1;
			info->control.rates[3].idx = -1;
			info->control.rates[4].idx = -1;
			BUILD_BUG_ON(IEEE80211_TX_MAX_RATES != 5);
			info->flags &= ~IEEE80211_TX_CTL_RATE_CTRL_PROBE;
954
955
956
		} else {
			hdr->frame_control &= ~morefrags;
			next_len = 0;
957
		}
958
959
960
961
		hdr->duration_id = ieee80211_duration(tx, 0, next_len);
		hdr->seq_ctrl |= cpu_to_le16(fragnum & IEEE80211_SCTL_FRAG);
		fragnum++;
	} while ((skb = skb->next));
962

963
	return TX_CONTINUE;
964
965
}

966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
static ieee80211_tx_result debug_noinline
ieee80211_tx_h_stats(struct ieee80211_tx_data *tx)
{
	struct sk_buff *skb = tx->skb;

	if (!tx->sta)
		return TX_CONTINUE;

	tx->sta->tx_packets++;
	do {
		tx->sta->tx_fragments++;
		tx->sta->tx_bytes += skb->len;
	} while ((skb = skb->next));

	return TX_CONTINUE;
}

983
static ieee80211_tx_result debug_noinline
984
985
ieee80211_tx_h_encrypt(struct ieee80211_tx_data *tx)
{
986
987
	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);

988
989
990
	if (!tx->key)
		return TX_CONTINUE;

991
992
993
	switch (tx->key->conf.cipher) {
	case WLAN_CIPHER_SUITE_WEP40:
	case WLAN_CIPHER_SUITE_WEP104:
994
		return ieee80211_crypto_wep_encrypt(tx);
995
	case WLAN_CIPHER_SUITE_TKIP:
996
		return ieee80211_crypto_tkip_encrypt(tx);
997
	case WLAN_CIPHER_SUITE_CCMP:
998
		return ieee80211_crypto_ccmp_encrypt(tx);
999
	case WLAN_CIPHER_SUITE_AES_CMAC:
1000
		return ieee80211_crypto_aes_cmac_encrypt(tx);
1001
1002
1003
1004
1005
1006
1007
1008
	default:
		/* handle hw-only algorithm */
		if (info->control.hw_key) {
			ieee80211_tx_set_protected(tx);
			return TX_CONTINUE;
		}
		break;

1009
1010
1011
1012
1013
	}

	return TX_DROP;
}

1014
static ieee80211_tx_result debug_noinline
Johannes Berg's avatar
Johannes Berg committed
1015
1016
ieee80211_tx_h_calculate_duration(struct ieee80211_tx_data *tx)
{
1017
1018
1019
1020
	struct sk_buff *skb = tx->skb;
	struct ieee80211_hdr *hdr;
	int next_len;
	bool group_addr;
Johannes Berg's avatar
Johannes Berg committed
1021

1022
1023
	do {
		hdr = (void *) skb->data;
1024
1025
		if (unlikely(ieee80211_is_pspoll(hdr->frame_control)))
			break; /* must not overwrite AID */
1026
1027
		next_len = skb->next ? skb->next->len : 0;
		group_addr = is_multicast_ether_addr(hdr->addr1);
Johannes Berg's avatar
Johannes Berg committed
1028

1029
1030
1031
		hdr->duration_id =
			ieee80211_duration(tx, group_addr, next_len);
	} while ((skb = skb->next));
Johannes Berg's avatar
Johannes Berg committed
1032
1033
1034
1035

	return TX_CONTINUE;
}

1036
1037
/* actual transmit path */

1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
static bool ieee80211_tx_prep_agg(struct ieee80211_tx_data *tx,
				  struct sk_buff *skb,
				  struct ieee80211_tx_info *info,
				  struct tid_ampdu_tx *tid_tx,
				  int tid)
{
	bool queued = false;

	if (test_bit(HT_AGG_STATE_OPERATIONAL, &tid_tx->state)) {
		info->flags |= IEEE80211_TX_CTL_AMPDU;
1048
1049
1050
1051
1052
	} else if (test_bit(HT_AGG_STATE_WANT_START, &tid_tx->state)) {
		/*
		 * nothing -- this aggregation session is being started
		 * but that might still fail with the driver
		 */
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
	} else {
		spin_lock(&tx->sta->lock);
		/*
		 * Need to re-check now, because we may get here
		 *
		 *  1) in the window during which the setup is actually
		 *     already done, but not marked yet because not all
		 *     packets are spliced over to the driver pending
		 *     queue yet -- if this happened we acquire the lock
		 *     either before or after the splice happens, but
		 *     need to recheck which of these cases happened.
		 *
		 *  2) during session teardown, if the OPERATIONAL bit
		 *     was cleared due to the teardown but the pointer
		 *     hasn't been assigned NULL yet (or we loaded it
		 *     before it was assigned) -- in this case it may
		 *     now be NULL which means we should just let the
		 *     packet pass through because splicing the frames
		 *     back is already done.
		 */
1073
		tid_tx = rcu_dereference_protected_tid_tx(tx->sta, tid);
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090

		if (!tid_tx) {
			/* do nothing, let packet pass through */
		} else if (test_bit(HT_AGG_STATE_OPERATIONAL, &tid_tx->state)) {
			info->flags |= IEEE80211_TX_CTL_AMPDU;
		} else {
			queued = true;
			info->control.vif = &tx->sdata->vif;
			info->flags |= IEEE80211_TX_INTFL_NEED_TXPROCESSING;
			__skb_queue_tail(&tid_tx->pending, skb);
		}
		spin_unlock(&tx->sta->lock);
	}

	return queued;
}

1091
1092
1093
/*
 * initialises @tx
 */
1094
static ieee80211_tx_result
Johannes Berg's avatar
Johannes Berg committed
1095
1096
1097
ieee80211_tx_prepare(struct ieee80211_sub_if_data *sdata,
		     struct ieee80211_tx_data *tx,
		     struct sk_buff *skb)
1098
{
Johannes Berg's avatar
Johannes Berg committed
1099
	struct ieee80211_local *local = sdata->local;
1100
	struct ieee80211_hdr *hdr;
1101
	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1102
	int tid;
1103
	u8 *qc;
1104
1105
1106
1107

	memset(tx, 0, sizeof(*tx));
	tx->skb = skb;
	tx->local = local;
Johannes Berg's avatar
Johannes Berg committed
1108
	tx->sdata = sdata;
1109
	tx->channel = local->hw.conf.channel;
1110

1111
1112
1113
1114
1115
1116
1117
	/*
	 * If this flag is set to true anywhere, and we get here,
	 * we are doing the needed processing, so remove the flag
	 * now.
	 */
	info->flags &= ~IEEE80211_TX_INTFL_NEED_TXPROCESSING;

1118
1119
	hdr = (struct ieee80211_hdr *) skb->data;

1120
	if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
1121
		tx->sta = rcu_dereference(sdata->u.vlan.sta);
1122
1123
		if (!tx->sta && sdata->dev->ieee80211_ptr->use_4addr)
			return TX_DROP;
1124
1125
	} else if (info->flags & IEEE80211_TX_CTL_INJECTED) {
		tx->sta = sta_info_get_bss(sdata, hdr->addr1);
1126
	}
1127
	if (!tx->sta)
1128
		tx->sta = sta_info_get(sdata, hdr->addr1);
1129

1130
	if (tx->sta && ieee80211_is_data_qos(hdr->frame_control) &&
1131
	    !ieee80211_is_qos_nullfunc(hdr->frame_control) &&
1132
1133
	    (local->hw.flags & IEEE80211_HW_AMPDU_AGGREGATION) &&
	    !(local->hw.flags & IEEE80211_HW_TX_AMPDU_SETUP_IN_HW)) {
1134
1135
		struct tid_ampdu_tx *tid_tx;

Sujith's avatar
Sujith committed
1136
1137
1138
		qc = ieee80211_get_qos_ctl(hdr);
		tid = *qc & IEEE80211_QOS_CTL_TID_MASK;

1139
1140
1141
		tid_tx = rcu_dereference(tx->sta->ampdu_mlme.tid_tx[