tx.c 78.4 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
/*
 * Copyright 2002-2005, Instant802 Networks, Inc.
 * Copyright 2005-2006, Devicescape Software, Inc.
 * Copyright 2006-2007	Jiri Benc <jbenc@suse.cz>
 * Copyright 2007	Johannes Berg <johannes@sipsolutions.net>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 *
 *
 * Transmit and frame generation functions.
 */

#include <linux/kernel.h>
#include <linux/slab.h>
#include <linux/skbuff.h>
#include <linux/etherdevice.h>
#include <linux/bitmap.h>
20
#include <linux/rcupdate.h>
21
#include <linux/export.h>
22
#include <net/net_namespace.h>
23
24
25
26
27
28
#include <net/ieee80211_radiotap.h>
#include <net/cfg80211.h>
#include <net/mac80211.h>
#include <asm/unaligned.h>

#include "ieee80211_i.h"
29
#include "driver-ops.h"
Johannes Berg's avatar
Johannes Berg committed
30
#include "led.h"
31
#include "mesh.h"
32
33
34
#include "wep.h"
#include "wpa.h"
#include "wme.h"
Johannes Berg's avatar
Johannes Berg committed
35
#include "rate.h"
36
37
38

/* misc utils */

39
40
static __le16 ieee80211_duration(struct ieee80211_tx_data *tx,
				 struct sk_buff *skb, int group_addr,
Johannes Berg's avatar
Johannes Berg committed
41
				 int next_frag_len)
42
43
{
	int rate, mrate, erp, dur, i;
44
	struct ieee80211_rate *txrate;
45
	struct ieee80211_local *local = tx->local;
46
	struct ieee80211_supported_band *sband;
47
	struct ieee80211_hdr *hdr;
48
	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
49
50
51
52
53
54
55
56

	/* assume HW handles this */
	if (info->control.rates[0].flags & IEEE80211_TX_RC_MCS)
		return 0;

	/* uh huh? */
	if (WARN_ON_ONCE(info->control.rates[0].idx < 0))
		return 0;
57

58
	sband = local->hw.wiphy->bands[info->band];
59
	txrate = &sband->bitrates[info->control.rates[0].idx];
60

61
	erp = txrate->flags & IEEE80211_RATE_ERP_G;
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79

	/*
	 * data and mgmt (except PS Poll):
	 * - during CFP: 32768
	 * - during contention period:
	 *   if addr1 is group address: 0
	 *   if more fragments = 0 and addr1 is individual address: time to
	 *      transmit one ACK plus SIFS
	 *   if more fragments = 1 and addr1 is individual address: time to
	 *      transmit next fragment plus 2 x ACK plus 3 x SIFS
	 *
	 * IEEE 802.11, 9.6:
	 * - control response frame (CTS or ACK) shall be transmitted using the
	 *   same rate as the immediately previous frame in the frame exchange
	 *   sequence, if this rate belongs to the PHY mandatory rates, or else
	 *   at the highest possible rate belonging to the PHY rates in the
	 *   BSSBasicRateSet
	 */
80
	hdr = (struct ieee80211_hdr *)skb->data;
81
	if (ieee80211_is_ctl(hdr->frame_control)) {
82
		/* TODO: These control frames are not currently sent by
83
		 * mac80211, but should they be implemented, this function
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
		 * needs to be updated to support duration field calculation.
		 *
		 * RTS: time needed to transmit pending data/mgmt frame plus
		 *    one CTS frame plus one ACK frame plus 3 x SIFS
		 * CTS: duration of immediately previous RTS minus time
		 *    required to transmit CTS and its SIFS
		 * ACK: 0 if immediately previous directed data/mgmt had
		 *    more=0, with more=1 duration in ACK frame is duration
		 *    from previous frame minus time needed to transmit ACK
		 *    and its SIFS
		 * PS Poll: BIT(15) | BIT(14) | aid
		 */
		return 0;
	}

	/* data/mgmt */
	if (0 /* FIX: data/mgmt during CFP */)
Johannes Berg's avatar
Johannes Berg committed
101
		return cpu_to_le16(32768);
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116

	if (group_addr) /* Group address as the destination - no ACK */
		return 0;

	/* Individual destination address:
	 * IEEE 802.11, Ch. 9.6 (after IEEE 802.11g changes)
	 * CTS and ACK frames shall be transmitted using the highest rate in
	 * basic rate set that is less than or equal to the rate of the
	 * immediately previous frame and that is using the same modulation
	 * (CCK or OFDM). If no basic rate set matches with these requirements,
	 * the highest mandatory rate of the PHY that is less than or equal to
	 * the rate of the previous frame is used.
	 * Mandatory rates for IEEE 802.11g PHY: 1, 2, 5.5, 11, 6, 12, 24 Mbps
	 */
	rate = -1;
117
118
119
120
	/* use lowest available if everything fails */
	mrate = sband->bitrates[0].bitrate;
	for (i = 0; i < sband->n_bitrates; i++) {
		struct ieee80211_rate *r = &sband->bitrates[i];
121

122
123
		if (r->bitrate > txrate->bitrate)
			break;
124

125
		if (tx->sdata->vif.bss_conf.basic_rates & BIT(i))
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
			rate = r->bitrate;

		switch (sband->band) {
		case IEEE80211_BAND_2GHZ: {
			u32 flag;
			if (tx->sdata->flags & IEEE80211_SDATA_OPERATING_GMODE)
				flag = IEEE80211_RATE_MANDATORY_G;
			else
				flag = IEEE80211_RATE_MANDATORY_B;
			if (r->flags & flag)
				mrate = r->bitrate;
			break;
		}
		case IEEE80211_BAND_5GHZ:
			if (r->flags & IEEE80211_RATE_MANDATORY_A)
				mrate = r->bitrate;
			break;
143
144
		case IEEE80211_BAND_60GHZ:
			/* TODO, for now fall through */
145
146
147
148
		case IEEE80211_NUM_BANDS:
			WARN_ON(1);
			break;
		}
149
150
151
152
153
154
155
	}
	if (rate == -1) {
		/* No matching basic rate found; use highest suitable mandatory
		 * PHY rate */
		rate = mrate;
	}

156
157
	/* Don't calculate ACKs for QoS Frames with NoAck Policy set */
	if (ieee80211_is_data_qos(hdr->frame_control) &&
158
	    *(ieee80211_get_qos_ctl(hdr)) & IEEE80211_QOS_CTL_ACK_POLICY_NOACK)
159
160
161
162
163
		dur = 0;
	else
		/* Time needed to transmit ACK
		 * (10 bytes + 4-byte FCS = 112 bits) plus SIFS; rounded up
		 * to closest integer */
164
		dur = ieee80211_frame_duration(sband->band, 10, rate, erp,
165
				tx->sdata->vif.bss_conf.use_short_preamble);
166
167
168
169
170
171

	if (next_frag_len) {
		/* Frame is fragmented: duration increases with time needed to
		 * transmit next fragment plus ACK and 2 x SIFS. */
		dur *= 2; /* ACK + SIFS */
		/* next fragment */
172
		dur += ieee80211_frame_duration(sband->band, next_frag_len,
173
				txrate->bitrate, erp,
174
				tx->sdata->vif.bss_conf.use_short_preamble);
175
176
	}

Johannes Berg's avatar
Johannes Berg committed
177
	return cpu_to_le16(dur);
178
179
180
}

/* tx handlers */
181
182
183
184
static ieee80211_tx_result debug_noinline
ieee80211_tx_h_dynamic_ps(struct ieee80211_tx_data *tx)
{
	struct ieee80211_local *local = tx->local;
185
	struct ieee80211_if_managed *ifmgd;
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209

	/* driver doesn't support power save */
	if (!(local->hw.flags & IEEE80211_HW_SUPPORTS_PS))
		return TX_CONTINUE;

	/* hardware does dynamic power save */
	if (local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_PS)
		return TX_CONTINUE;

	/* dynamic power save disabled */
	if (local->hw.conf.dynamic_ps_timeout <= 0)
		return TX_CONTINUE;

	/* we are scanning, don't enable power save */
	if (local->scanning)
		return TX_CONTINUE;

	if (!local->ps_sdata)
		return TX_CONTINUE;

	/* No point if we're going to suspend */
	if (local->quiescing)
		return TX_CONTINUE;

210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
	/* dynamic ps is supported only in managed mode */
	if (tx->sdata->vif.type != NL80211_IFTYPE_STATION)
		return TX_CONTINUE;

	ifmgd = &tx->sdata->u.mgd;

	/*
	 * Don't wakeup from power save if u-apsd is enabled, voip ac has
	 * u-apsd enabled and the frame is in voip class. This effectively
	 * means that even if all access categories have u-apsd enabled, in
	 * practise u-apsd is only used with the voip ac. This is a
	 * workaround for the case when received voip class packets do not
	 * have correct qos tag for some reason, due the network or the
	 * peer application.
	 *
225
	 * Note: ifmgd->uapsd_queues access is racy here. If the value is
226
227
228
	 * changed via debugfs, user needs to reassociate manually to have
	 * everything in sync.
	 */
229
230
231
	if ((ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED) &&
	    (ifmgd->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO) &&
	    skb_get_queue_mapping(tx->skb) == IEEE80211_AC_VO)
232
233
		return TX_CONTINUE;

234
235
236
	if (local->hw.conf.flags & IEEE80211_CONF_PS) {
		ieee80211_stop_queues_by_reason(&local->hw,
						IEEE80211_QUEUE_STOP_REASON_PS);
237
		ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED;
238
239
240
241
		ieee80211_queue_work(&local->hw,
				     &local->dynamic_ps_disable_work);
	}

242
243
244
245
	/* Don't restart the timer if we're not disassociated */
	if (!ifmgd->associated)
		return TX_CONTINUE;

246
247
248
249
250
	mod_timer(&local->dynamic_ps_timer, jiffies +
		  msecs_to_jiffies(local->hw.conf.dynamic_ps_timeout));

	return TX_CONTINUE;
}
251

252
static ieee80211_tx_result debug_noinline
253
ieee80211_tx_h_check_assoc(struct ieee80211_tx_data *tx)
254
{
255

256
257
	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
258
	bool assoc = false;
259

260
	if (unlikely(info->flags & IEEE80211_TX_CTL_INJECTED))
261
		return TX_CONTINUE;
262

263
264
	if (unlikely(test_bit(SCAN_SW_SCANNING, &tx->local->scanning)) &&
	    test_bit(SDATA_STATE_OFFCHANNEL, &tx->sdata->state) &&
265
266
267
268
269
270
271
272
273
274
275
276
277
	    !ieee80211_is_probe_req(hdr->frame_control) &&
	    !ieee80211_is_nullfunc(hdr->frame_control))
		/*
		 * When software scanning only nullfunc frames (to notify
		 * the sleep state to the AP) and probe requests (for the
		 * active scan) are allowed, all other frames should not be
		 * sent and we should not get here, but if we do
		 * nonetheless, drop them to avoid sending them
		 * off-channel. See the link below and
		 * ieee80211_start_scan() for more.
		 *
		 * http://article.gmane.org/gmane.linux.kernel.wireless.general/30089
		 */
278
		return TX_DROP;
279

Bill Jordan's avatar
Bill Jordan committed
280
281
282
	if (tx->sdata->vif.type == NL80211_IFTYPE_WDS)
		return TX_CONTINUE;

283
	if (tx->sdata->vif.type == NL80211_IFTYPE_MESH_POINT)
284
285
		return TX_CONTINUE;

286
	if (tx->flags & IEEE80211_TX_PS_BUFFERED)
287
		return TX_CONTINUE;
288

289
290
	if (tx->sta)
		assoc = test_sta_flag(tx->sta, WLAN_STA_ASSOC);
291

292
	if (likely(tx->flags & IEEE80211_TX_UNICAST)) {
293
		if (unlikely(!assoc &&
294
			     ieee80211_is_data(hdr->frame_control))) {
295
#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
Johannes Berg's avatar
Johannes Berg committed
296
297
298
299
			sdata_info(tx->sdata,
				   "dropped data frame to not associated station %pM\n",
				   hdr->addr1);
#endif
300
			I802_DEBUG_INC(tx->local->tx_handlers_drop_not_assoc);
301
			return TX_DROP;
302
		}
303
304
	} else if (unlikely(tx->sdata->vif.type == NL80211_IFTYPE_AP &&
			    ieee80211_is_data(hdr->frame_control) &&
305
			    !atomic_read(&tx->sdata->u.ap.num_mcast_sta))) {
306
307
308
309
310
		/*
		 * No associated STAs - no need to send multicast
		 * frames.
		 */
		return TX_DROP;
311
312
	}

313
	return TX_CONTINUE;
314
315
316
317
318
319
320
321
322
323
324
325
326
}

/* This function is called whenever the AP is about to exceed the maximum limit
 * of buffered frames for power saving STAs. This situation should not really
 * happen often during normal operation, so dropping the oldest buffered packet
 * from each queue should be OK to make some room for new frames. */
static void purge_old_ps_buffers(struct ieee80211_local *local)
{
	int total = 0, purged = 0;
	struct sk_buff *skb;
	struct ieee80211_sub_if_data *sdata;
	struct sta_info *sta;

327
	list_for_each_entry_rcu(sdata, &local->interfaces, list) {
328
329
330
331
		struct ps_data *ps;

		if (sdata->vif.type == NL80211_IFTYPE_AP)
			ps = &sdata->u.ap.ps;
332
333
		else if (ieee80211_vif_is_mesh(&sdata->vif))
			ps = &sdata->u.mesh.ps;
334
		else
335
			continue;
336
337

		skb = skb_dequeue(&ps->bc_buf);
338
339
340
341
		if (skb) {
			purged++;
			dev_kfree_skb(skb);
		}
342
		total += skb_queue_len(&ps->bc_buf);
343
344
	}

345
346
347
348
	/*
	 * Drop one frame from each station from the lowest-priority
	 * AC that has frames at all.
	 */
349
	list_for_each_entry_rcu(sta, &local->sta_list, list) {
350
351
352
353
354
355
356
		int ac;

		for (ac = IEEE80211_AC_BK; ac >= IEEE80211_AC_VO; ac--) {
			skb = skb_dequeue(&sta->ps_tx_buf[ac]);
			total += skb_queue_len(&sta->ps_tx_buf[ac]);
			if (skb) {
				purged++;
357
				ieee80211_free_txskb(&local->hw, skb);
358
359
				break;
			}
360
361
		}
	}
362

363
	local->total_ps_buffered = total;
Johannes Berg's avatar
Johannes Berg committed
364
	ps_dbg_hw(&local->hw, "PS buffers full - purged %d frames\n", purged);
365
366
}

367
static ieee80211_tx_result
368
ieee80211_tx_h_multicast_ps_buf(struct ieee80211_tx_data *tx)
369
{
370
	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
371
	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
372
	struct ps_data *ps;
373

374
375
376
	/*
	 * broadcast/multicast frame
	 *
377
	 * If any of the associated/peer stations is in power save mode,
378
379
380
381
	 * the frame is buffered to be sent after DTIM beacon frame.
	 * This is done either by the hardware or us.
	 */

382
	/* powersaving STAs currently only in AP/VLAN/mesh mode */
383
384
385
386
387
388
	if (tx->sdata->vif.type == NL80211_IFTYPE_AP ||
	    tx->sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
		if (!tx->sdata->bss)
			return TX_CONTINUE;

		ps = &tx->sdata->bss->ps;
389
390
	} else if (ieee80211_vif_is_mesh(&tx->sdata->vif)) {
		ps = &tx->sdata->u.mesh.ps;
391
	} else {
392
		return TX_CONTINUE;
393
394
	}

395
396

	/* no buffering for ordered frames */
397
	if (ieee80211_has_order(hdr->frame_control))
398
		return TX_CONTINUE;
399
400

	/* no stations in PS mode */
401
	if (!atomic_read(&ps->num_sta_ps))
402
		return TX_CONTINUE;
403

404
	info->flags |= IEEE80211_TX_CTL_SEND_AFTER_DTIM;
405
406
	if (tx->local->hw.flags & IEEE80211_HW_QUEUE_CONTROL)
		info->hw_queue = tx->sdata->vif.cab_queue;
407

408
409
	/* device releases frame after DTIM beacon */
	if (!(tx->local->hw.flags & IEEE80211_HW_HOST_BROADCAST_PS_BUFFERING))
410
411
		return TX_CONTINUE;

412
	/* buffered in mac80211 */
413
414
415
	if (tx->local->total_ps_buffered >= TOTAL_MAX_TX_BUFFER)
		purge_old_ps_buffers(tx->local);

416
	if (skb_queue_len(&ps->bc_buf) >= AP_MAX_BC_BUFFER) {
Johannes Berg's avatar
Johannes Berg committed
417
418
		ps_dbg(tx->sdata,
		       "BC TX buffer full - dropping the oldest frame\n");
419
		dev_kfree_skb(skb_dequeue(&ps->bc_buf));
420
421
	} else
		tx->local->total_ps_buffered++;
422

423
	skb_queue_tail(&ps->bc_buf, tx->skb);
424

425
	return TX_QUEUED;
426
427
}

428
429
430
431
432
433
static int ieee80211_use_mfp(__le16 fc, struct sta_info *sta,
			     struct sk_buff *skb)
{
	if (!ieee80211_is_mgmt(fc))
		return 0;

434
	if (sta == NULL || !test_sta_flag(sta, WLAN_STA_MFP))
435
436
437
438
439
440
441
442
443
		return 0;

	if (!ieee80211_is_robust_mgmt_frame((struct ieee80211_hdr *)
					    skb->data))
		return 0;

	return 1;
}

444
static ieee80211_tx_result
445
ieee80211_tx_h_unicast_ps_buf(struct ieee80211_tx_data *tx)
446
447
{
	struct sta_info *sta = tx->sta;
448
	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
449
	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
450
	struct ieee80211_local *local = tx->local;
451

452
	if (unlikely(!sta))
453
		return TX_CONTINUE;
454

455
456
	if (unlikely((test_sta_flag(sta, WLAN_STA_PS_STA) ||
		      test_sta_flag(sta, WLAN_STA_PS_DRIVER)) &&
457
		     !(info->flags & IEEE80211_TX_CTL_NO_PS_BUFFER))) {
458
459
		int ac = skb_get_queue_mapping(tx->skb);

460
461
462
463
464
465
466
467
468
		/* only deauth, disassoc and action are bufferable MMPDUs */
		if (ieee80211_is_mgmt(hdr->frame_control) &&
		    !ieee80211_is_deauth(hdr->frame_control) &&
		    !ieee80211_is_disassoc(hdr->frame_control) &&
		    !ieee80211_is_action(hdr->frame_control)) {
			info->flags |= IEEE80211_TX_CTL_NO_PS_BUFFER;
			return TX_CONTINUE;
		}

Johannes Berg's avatar
Johannes Berg committed
469
470
		ps_dbg(sta->sdata, "STA %pM aid %d: PS buffer for AC %d\n",
		       sta->sta.addr, sta->sta.aid, ac);
471
472
		if (tx->local->total_ps_buffered >= TOTAL_MAX_TX_BUFFER)
			purge_old_ps_buffers(tx->local);
473
474
		if (skb_queue_len(&sta->ps_tx_buf[ac]) >= STA_MAX_TX_BUFFER) {
			struct sk_buff *old = skb_dequeue(&sta->ps_tx_buf[ac]);
Johannes Berg's avatar
Johannes Berg committed
475
476
477
			ps_dbg(tx->sdata,
			       "STA %pM TX buffer for AC %d full - dropping oldest frame\n",
			       sta->sta.addr, ac);
478
			ieee80211_free_txskb(&local->hw, old);
479
480
		} else
			tx->local->total_ps_buffered++;
481

482
		info->control.jiffies = jiffies;
483
		info->control.vif = &tx->sdata->vif;
484
		info->flags |= IEEE80211_TX_INTFL_NEED_TXPROCESSING;
485
		skb_queue_tail(&sta->ps_tx_buf[ac], tx->skb);
486
487
488
489
490
491

		if (!timer_pending(&local->sta_cleanup))
			mod_timer(&local->sta_cleanup,
				  round_jiffies(jiffies +
						STA_INFO_CLEANUP_INTERVAL));

492
493
494
495
496
497
		/*
		 * We queued up some frames, so the TIM bit might
		 * need to be set, recalculate it.
		 */
		sta_info_recalc_tim(sta);

498
		return TX_QUEUED;
Johannes Berg's avatar
Johannes Berg committed
499
500
501
502
	} else if (unlikely(test_sta_flag(sta, WLAN_STA_PS_STA))) {
		ps_dbg(tx->sdata,
		       "STA %pM in PS mode, but polling/in SP -> send frame\n",
		       sta->sta.addr);
503
504
	}

505
	return TX_CONTINUE;
506
507
}

508
static ieee80211_tx_result debug_noinline
509
ieee80211_tx_h_ps_buf(struct ieee80211_tx_data *tx)
510
{
511
	if (unlikely(tx->flags & IEEE80211_TX_PS_BUFFERED))
512
		return TX_CONTINUE;
513

514
	if (tx->flags & IEEE80211_TX_UNICAST)
515
516
517
518
519
		return ieee80211_tx_h_unicast_ps_buf(tx);
	else
		return ieee80211_tx_h_multicast_ps_buf(tx);
}

520
521
522
523
524
525
526
527
528
529
530
531
static ieee80211_tx_result debug_noinline
ieee80211_tx_h_check_control_port_protocol(struct ieee80211_tx_data *tx)
{
	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);

	if (unlikely(tx->sdata->control_port_protocol == tx->skb->protocol &&
		     tx->sdata->control_port_no_encrypt))
		info->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;

	return TX_CONTINUE;
}

532
static ieee80211_tx_result debug_noinline
533
ieee80211_tx_h_select_key(struct ieee80211_tx_data *tx)
534
{
535
	struct ieee80211_key *key;
536
	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
537
	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
538

Johannes Berg's avatar
Johannes Berg committed
539
	if (unlikely(info->flags & IEEE80211_TX_INTFL_DONT_ENCRYPT))
540
		tx->key = NULL;
541
	else if (tx->sta && (key = rcu_dereference(tx->sta->ptk)))
542
		tx->key = key;
543
	else if (ieee80211_is_mgmt(hdr->frame_control) &&
544
545
		 is_multicast_ether_addr(hdr->addr1) &&
		 ieee80211_is_robust_mgmt_frame(hdr) &&
546
547
		 (key = rcu_dereference(tx->sdata->default_mgmt_key)))
		tx->key = key;
548
549
550
551
552
	else if (is_multicast_ether_addr(hdr->addr1) &&
		 (key = rcu_dereference(tx->sdata->default_multicast_key)))
		tx->key = key;
	else if (!is_multicast_ether_addr(hdr->addr1) &&
		 (key = rcu_dereference(tx->sdata->default_unicast_key)))
553
		tx->key = key;
554
555
556
557
558
559
560
561
562
563
	else if (info->flags & IEEE80211_TX_CTL_INJECTED)
		tx->key = NULL;
	else if (!tx->sdata->drop_unencrypted)
		tx->key = NULL;
	else if (tx->skb->protocol == tx->sdata->control_port_protocol)
		tx->key = NULL;
	else if (ieee80211_is_robust_mgmt_frame(hdr) &&
		 !(ieee80211_is_action(hdr->frame_control) &&
		   tx->sta && test_sta_flag(tx->sta, WLAN_STA_MFP)))
		tx->key = NULL;
564
565
566
	else if (ieee80211_is_mgmt(hdr->frame_control) &&
		 !ieee80211_is_robust_mgmt_frame(hdr))
		tx->key = NULL;
567
	else {
568
		I802_DEBUG_INC(tx->local->tx_handlers_drop_unencrypted);
569
		return TX_DROP;
570
	}
571
572

	if (tx->key) {
573
574
		bool skip_hw = false;

575
		tx->key->tx_rx_count++;
576
		/* TODO: add threshold stuff again */
577

578
579
580
581
		switch (tx->key->conf.cipher) {
		case WLAN_CIPHER_SUITE_WEP40:
		case WLAN_CIPHER_SUITE_WEP104:
		case WLAN_CIPHER_SUITE_TKIP:
582
			if (!ieee80211_is_data_present(hdr->frame_control))
583
584
				tx->key = NULL;
			break;
585
		case WLAN_CIPHER_SUITE_CCMP:
586
587
588
589
			if (!ieee80211_is_data_present(hdr->frame_control) &&
			    !ieee80211_use_mfp(hdr->frame_control, tx->sta,
					       tx->skb))
				tx->key = NULL;
590
591
			else
				skip_hw = (tx->key->conf.flags &
592
					   IEEE80211_KEY_FLAG_SW_MGMT_TX) &&
593
					ieee80211_is_mgmt(hdr->frame_control);
594
			break;
595
		case WLAN_CIPHER_SUITE_AES_CMAC:
596
597
598
			if (!ieee80211_is_mgmt(hdr->frame_control))
				tx->key = NULL;
			break;
599
		}
600

601
602
		if (unlikely(tx->key && tx->key->flags & KEY_FLAG_TAINTED &&
			     !ieee80211_is_deauth(hdr->frame_control)))
603
604
			return TX_DROP;

605
		if (!skip_hw && tx->key &&
Johannes Berg's avatar
Johannes Berg committed
606
		    tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE)
607
			info->control.hw_key = &tx->key->conf;
608
609
	}

610
	return TX_CONTINUE;
611
612
}

613
static ieee80211_tx_result debug_noinline
614
ieee80211_tx_h_rate_ctrl(struct ieee80211_tx_data *tx)
615
{
616
	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
617
618
619
	struct ieee80211_hdr *hdr = (void *)tx->skb->data;
	struct ieee80211_supported_band *sband;
	struct ieee80211_rate *rate;
620
621
	int i;
	u32 len;
622
623
	bool inval = false, rts = false, short_preamble = false;
	struct ieee80211_tx_rate_control txrc;
624
	bool assoc = false;
625

626
	memset(&txrc, 0, sizeof(txrc));
627

628
	sband = tx->local->hw.wiphy->bands[info->band];
629

630
	len = min_t(u32, tx->skb->len + FCS_LEN,
631
			 tx->local->hw.wiphy->frag_threshold);
632
633

	/* set up the tx rate control struct we give the RC algo */
Johannes Berg's avatar
Johannes Berg committed
634
	txrc.hw = &tx->local->hw;
635
636
637
638
	txrc.sband = sband;
	txrc.bss_conf = &tx->sdata->vif.bss_conf;
	txrc.skb = tx->skb;
	txrc.reported_rate.idx = -1;
639
	txrc.rate_idx_mask = tx->sdata->rc_rateidx_mask[info->band];
640
641
642
643
	if (txrc.rate_idx_mask == (1 << sband->n_bitrates) - 1)
		txrc.max_rate_idx = -1;
	else
		txrc.max_rate_idx = fls(txrc.rate_idx_mask) - 1;
644
	memcpy(txrc.rate_idx_mcs_mask,
645
	       tx->sdata->rc_rateidx_mcs_mask[info->band],
646
	       sizeof(txrc.rate_idx_mcs_mask));
647
	txrc.bss = (tx->sdata->vif.type == NL80211_IFTYPE_AP ||
648
		    tx->sdata->vif.type == NL80211_IFTYPE_MESH_POINT ||
649
		    tx->sdata->vif.type == NL80211_IFTYPE_ADHOC);
650
651

	/* set up RTS protection if desired */
652
	if (len > tx->local->hw.wiphy->rts_threshold) {
653
		txrc.rts = rts = true;
654
655
	}

656
657
658
659
660
661
662
663
	/*
	 * Use short preamble if the BSS can handle it, but not for
	 * management frames unless we know the receiver can handle
	 * that -- the management frame might be to a station that
	 * just wants a probe response.
	 */
	if (tx->sdata->vif.bss_conf.use_short_preamble &&
	    (ieee80211_is_data(hdr->frame_control) ||
664
	     (tx->sta && test_sta_flag(tx->sta, WLAN_STA_SHORT_PREAMBLE))))
665
		txrc.short_preamble = short_preamble = true;
666

667
668
	if (tx->sta)
		assoc = test_sta_flag(tx->sta, WLAN_STA_ASSOC);
669
670
671
672
673

	/*
	 * Lets not bother rate control if we're associated and cannot
	 * talk to the sta. This should not happen.
	 */
674
	if (WARN(test_bit(SCAN_SW_SCANNING, &tx->local->scanning) && assoc &&
675
676
677
678
		 !rate_usable_index_exists(sband, &tx->sta->sta),
		 "%s: Dropped data frame as no usable bitrate found while "
		 "scanning and associated. Target station: "
		 "%pM on %d GHz band\n",
679
		 tx->sdata->name, hdr->addr1,
680
		 info->band ? 5 : 2))
681
		return TX_DROP;
682

683
684
685
686
	/*
	 * If we're associated with the sta at this point we know we can at
	 * least send the frame at the lowest bit rate.
	 */
687
688
689
690
691
	rate_control_get_rate(tx->sdata, tx->sta, &txrc);

	if (unlikely(info->control.rates[0].idx < 0))
		return TX_DROP;

692
	if (txrc.reported_rate.idx < 0) {
693
		txrc.reported_rate = info->control.rates[0];
694
695
696
		if (tx->sta && ieee80211_is_data(hdr->frame_control))
			tx->sta->last_tx_rate = txrc.reported_rate;
	} else if (tx->sta)
697
		tx->sta->last_tx_rate = txrc.reported_rate;
698

699
700
	if (unlikely(!info->control.rates[0].count))
		info->control.rates[0].count = 1;
701

702
703
704
705
	if (WARN_ON_ONCE((info->control.rates[0].count > 1) &&
			 (info->flags & IEEE80211_TX_CTL_NO_ACK)))
		info->control.rates[0].count = 1;

706
707
708
709
710
	if (is_multicast_ether_addr(hdr->addr1)) {
		/*
		 * XXX: verify the rate is in the basic rateset
		 */
		return TX_CONTINUE;
711
712
	}

713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
	/*
	 * set up the RTS/CTS rate as the fastest basic rate
	 * that is not faster than the data rate
	 *
	 * XXX: Should this check all retry rates?
	 */
	if (!(info->control.rates[0].flags & IEEE80211_TX_RC_MCS)) {
		s8 baserate = 0;

		rate = &sband->bitrates[info->control.rates[0].idx];

		for (i = 0; i < sband->n_bitrates; i++) {
			/* must be a basic rate */
			if (!(tx->sdata->vif.bss_conf.basic_rates & BIT(i)))
				continue;
			/* must not be faster than the data rate */
			if (sband->bitrates[i].bitrate > rate->bitrate)
				continue;
			/* maximum */
			if (sband->bitrates[baserate].bitrate <
			     sband->bitrates[i].bitrate)
				baserate = i;
		}

		info->control.rts_cts_rate_idx = baserate;
738
739
	}

740
741
742
743
744
745
746
747
748
749
750
751
752
753
	for (i = 0; i < IEEE80211_TX_MAX_RATES; i++) {
		/*
		 * make sure there's no valid rate following
		 * an invalid one, just in case drivers don't
		 * take the API seriously to stop at -1.
		 */
		if (inval) {
			info->control.rates[i].idx = -1;
			continue;
		}
		if (info->control.rates[i].idx < 0) {
			inval = true;
			continue;
		}
754

755
756
757
758
759
760
761
762
		/*
		 * For now assume MCS is already set up correctly, this
		 * needs to be fixed.
		 */
		if (info->control.rates[i].flags & IEEE80211_TX_RC_MCS) {
			WARN_ON(info->control.rates[i].idx > 76);
			continue;
		}
763

764
765
766
767
		/* set up RTS protection if desired */
		if (rts)
			info->control.rates[i].flags |=
				IEEE80211_TX_RC_USE_RTS_CTS;
768

769
		/* RC is busted */
770
771
		if (WARN_ON_ONCE(info->control.rates[i].idx >=
				 sband->n_bitrates)) {
772
773
			info->control.rates[i].idx = -1;
			continue;
774
		}
775

776
777
778
779
780
781
782
783
784
785
786
787
788
		rate = &sband->bitrates[info->control.rates[i].idx];

		/* set up short preamble */
		if (short_preamble &&
		    rate->flags & IEEE80211_RATE_SHORT_PREAMBLE)
			info->control.rates[i].flags |=
				IEEE80211_TX_RC_USE_SHORT_PREAMBLE;

		/* set up G protection */
		if (!rts && tx->sdata->vif.bss_conf.use_cts_prot &&
		    rate->flags & IEEE80211_RATE_ERP_G)
			info->control.rates[i].flags |=
				IEEE80211_TX_RC_USE_CTS_PROTECT;
789
790
	}

791
792
793
	return TX_CONTINUE;
}

794
795
796
797
798
799
800
801
802
static ieee80211_tx_result debug_noinline
ieee80211_tx_h_sequence(struct ieee80211_tx_data *tx)
{
	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
	u16 *seq;
	u8 *qc;
	int tid;

803
804
805
806
807
	/*
	 * Packet injection may want to control the sequence
	 * number, if we have no matching interface then we
	 * neither assign one ourselves nor ask the driver to.
	 */
808
	if (unlikely(info->control.vif->type == NL80211_IFTYPE_MONITOR))
809
810
		return TX_CONTINUE;

811
812
813
814
815
816
	if (unlikely(ieee80211_is_ctl(hdr->frame_control)))
		return TX_CONTINUE;

	if (ieee80211_hdrlen(hdr->frame_control) < 24)
		return TX_CONTINUE;

817
818
819
	if (ieee80211_is_qos_nullfunc(hdr->frame_control))
		return TX_CONTINUE;

820
821
822
823
824
	/*
	 * Anything but QoS data that has a sequence number field
	 * (is long enough) gets a sequence number from the global
	 * counter.
	 */
825
	if (!ieee80211_is_data_qos(hdr->frame_control)) {
826
		/* driver should assign sequence number */
827
		info->flags |= IEEE80211_TX_CTL_ASSIGN_SEQ;
828
829
830
		/* for pure STA mode without beacons, we can do it */
		hdr->seq_ctrl = cpu_to_le16(tx->sdata->sequence_number);
		tx->sdata->sequence_number += 0x10;
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
		return TX_CONTINUE;
	}

	/*
	 * This should be true for injected/management frames only, for
	 * management frames we have set the IEEE80211_TX_CTL_ASSIGN_SEQ
	 * above since they are not QoS-data frames.
	 */
	if (!tx->sta)
		return TX_CONTINUE;

	/* include per-STA, per-TID sequence counter */

	qc = ieee80211_get_qos_ctl(hdr);
	tid = *qc & IEEE80211_QOS_CTL_TID_MASK;
	seq = &tx->sta->tid_seq[tid];

	hdr->seq_ctrl = cpu_to_le16(*seq);

	/* Increase the sequence number. */
	*seq = (*seq + 0x10) & IEEE80211_SCTL_SEQ;

	return TX_CONTINUE;
}

856
static int ieee80211_fragment(struct ieee80211_tx_data *tx,
857
858
859
			      struct sk_buff *skb, int hdrlen,
			      int frag_threshold)
{
860
	struct ieee80211_local *local = tx->local;
861
	struct ieee80211_tx_info *info;
862
	struct sk_buff *tmp;
863
864
865
866
867
868
869
	int per_fragm = frag_threshold - hdrlen - FCS_LEN;
	int pos = hdrlen + per_fragm;
	int rem = skb->len - hdrlen - per_fragm;

	if (WARN_ON(rem < 0))
		return -EINVAL;

870
871
	/* first fragment was already added to queue by caller */

872
873
874
875
876
877
878
879
880
881
882
883
	while (rem) {
		int fraglen = per_fragm;

		if (fraglen > rem)
			fraglen = rem;
		rem -= fraglen;
		tmp = dev_alloc_skb(local->tx_headroom +
				    frag_threshold +
				    IEEE80211_ENCRYPT_HEADROOM +
				    IEEE80211_ENCRYPT_TAILROOM);
		if (!tmp)
			return -ENOMEM;
884
885
886

		__skb_queue_tail(&tx->skbs, tmp);

887
888
889
890
		skb_reserve(tmp, local->tx_headroom +
				 IEEE80211_ENCRYPT_HEADROOM);
		/* copy control information */
		memcpy(tmp->cb, skb->cb, sizeof(tmp->cb));
891
892
893
894
895
896
897
898

		info = IEEE80211_SKB_CB(tmp);
		info->flags &= ~(IEEE80211_TX_CTL_CLEAR_PS_FILT |
				 IEEE80211_TX_CTL_FIRST_FRAGMENT);

		if (rem)
			info->flags |= IEEE80211_TX_CTL_MORE_FRAMES;

899
900
901
902
903
904
905
906
907
908
909
		skb_copy_queue_mapping(tmp, skb);
		tmp->priority = skb->priority;
		tmp->dev = skb->dev;

		/* copy header and data */
		memcpy(skb_put(tmp, hdrlen), skb->data, hdrlen);
		memcpy(skb_put(tmp, fraglen), skb->data + pos, fraglen);

		pos += fraglen;
	}

910
	/* adjust first fragment's length */
911
912
913
914
	skb->len = hdrlen + per_fragm;
	return 0;
}

915
static ieee80211_tx_result debug_noinline
916
917
ieee80211_tx_h_fragment(struct ieee80211_tx_data *tx)
{
918
919
920
	struct sk_buff *skb = tx->skb;
	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
	struct ieee80211_hdr *hdr = (void *)skb->data;
921
	int frag_threshold = tx->local->hw.wiphy->frag_threshold;
922
923
	int hdrlen;
	int fragnum;
924

925
926
927
928
	/* no matter what happens, tx->skb moves to tx->skbs */
	__skb_queue_tail(&tx->skbs, skb);
	tx->skb = NULL;

929
930
931
932
	if (info->flags & IEEE80211_TX_CTL_DONTFRAG)
		return TX_CONTINUE;

	if (tx->local->ops->set_frag_threshold)
933
934
		return TX_CONTINUE;

935
936
	/*
	 * Warn when submitting a fragmented A-MPDU frame and drop it.
Johannes Berg's avatar
Johannes Berg committed
937
	 * This scenario is handled in ieee80211_tx_prepare but extra
938
	 * caution taken here as fragmented ampdu may cause Tx stop.
939
	 */
Sujith's avatar
Sujith committed
940
	if (WARN_ON(info->flags & IEEE80211_TX_CTL_AMPDU))
941
942
		return TX_DROP;

943
	hdrlen = ieee80211_hdrlen(hdr->frame_control);
944

945
	/* internal error, why isn't DONTFRAG set? */
946
	if (WARN_ON(skb->len + FCS_LEN <= frag_threshold))
947
		return TX_DROP;
948

949
950
951
952
953
954
955
956
	/*
	 * Now fragment the frame. This will allocate all the fragments and
	 * chain them (using skb as the first fragment) to skb->next.
	 * During transmission, we will remove the successfully transmitted
	 * fragments from this list. When the low-level driver rejects one
	 * of the fragments then we will simply pretend to accept the skb
	 * but store it away as pending.
	 */
957
	if (ieee80211_fragment(tx, skb, hdrlen, frag_threshold))
958
		return TX_DROP;
959

960
961
	/* update duration/seq/flags of fragments */
	fragnum = 0;
962
963

	skb_queue_walk(&tx->skbs, skb) {
964
		const __le16 morefrags = cpu_to_le16(IEEE80211_FCTL_MOREFRAGS);
965

966
967
		hdr = (void *)skb->data;
		info = IEEE80211_SKB_CB(skb);
968

969
		if (!skb_queue_is_last(&tx->skbs, skb)) {
970
			hdr->frame_control |= morefrags;
971
972
973
974
975
976
977
			/*
			 * No multi-rate retries for fragmented frames, that
			 * would completely throw off the NAV at other STAs.
			 */
			info->control.rates[1].idx = -1;
			info->control.rates[2].idx = -1;
			info->control.rates[3].idx = -1;
978
			BUILD_BUG_ON(IEEE80211_TX_MAX_RATES != 4);
979
			info->flags &= ~IEEE80211_TX_CTL_RATE_CTRL_PROBE;
980
981
		} else {
			hdr->frame_control &= ~morefrags;
982
		}
983
984
		hdr->seq_ctrl |= cpu_to_le16(fragnum & IEEE80211_SCTL_FRAG);
		fragnum++;
985
	}
986

987
	return TX_CONTINUE;
988
989
}

990
991
992
static ieee80211_tx_result debug_noinline
ieee80211_tx_h_stats(struct ieee80211_tx_data *tx)
{
993
	struct sk_buff *skb;
994
995
996
997
998

	if (!tx->sta)
		return TX_CONTINUE;

	tx->sta->tx_packets++;
999
	skb_queue_walk(&tx->skbs, skb) {
1000
1001
		tx->sta->tx_fragments++;
		tx->sta->tx_bytes += skb->len;
1002
	}
1003
1004
1005
1006

	return TX_CONTINUE;
}

1007
static ieee80211_tx_result debug_noinline
1008
1009
1010
1011
1012
ieee80211_tx_h_encrypt(struct ieee80211_tx_data *tx)
{
	if (!tx->key)
		return TX_CONTINUE;

1013
1014
1015
	switch (tx->key->conf.cipher) {
	case WLAN_CIPHER_SUITE_WEP40:
	case WLAN_CIPHER_SUITE_WEP104:
1016
		return ieee80211_crypto_wep_encrypt(tx);
1017
	case WLAN_CIPHER_SUITE_TKIP:
1018
		return ieee80211_crypto_tkip_encrypt(tx);
1019
	case WLAN_CIPHER_SUITE_CCMP:
1020
		return ieee80211_crypto_ccmp_encrypt(tx);
1021
	case WLAN_CIPHER_SUITE_AES_CMAC:
1022
		return ieee80211_crypto_aes_cmac_encrypt(tx);
1023
	default:
1024
		return ieee80211_crypto_hw_encrypt(tx);
1025
1026
1027
1028
1029
	}

	return TX_DROP;
}

1030
static ieee80211_tx_result debug_noinline
Johannes Berg's avatar
Johannes Berg committed
1031
1032
ieee80211_tx_h_calculate_duration(struct ieee80211_tx_data *tx)
{
1033
	struct sk_buff *skb;
1034
1035
1036
	struct ieee80211_hdr *hdr;
	int next_len;
	bool group_addr;
Johannes Berg's avatar
Johannes Berg committed
1037

1038
	skb_queue_walk(&tx->skbs, skb) {
1039
		hdr = (void *) skb->data;
1040
1041
		if (unlikely(ieee80211_is_pspoll(hdr->frame_control)))
			break; /* must not overwrite AID */
1042
1043
1044
1045
1046
		if (!skb_queue_is_last(&tx->skbs, skb)) {
			struct sk_buff *next = skb_queue_next(&tx->skbs, skb);
			next_len = next->len;
		} else
			next_len = 0;
1047
		group_addr = is_multicast_ether_addr(hdr->addr1);
Johannes Berg's avatar
Johannes Berg committed
1048

1049
		hdr->duration_id =
1050
1051
			ieee80211_duration(tx, skb, group_addr, next_len);
	}
Johannes Berg's avatar
Johannes Berg committed
1052
1053
1054
1055

	return TX_CONTINUE;
}

1056
1057
/* actual transmit path */

1058
1059
1060
1061
1062
1063
1064
static bool ieee80211_tx_prep_agg(struct ieee80211_tx_data *tx