tx.c 56 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
/*
 * Copyright 2002-2005, Instant802 Networks, Inc.
 * Copyright 2005-2006, Devicescape Software, Inc.
 * Copyright 2006-2007	Jiri Benc <jbenc@suse.cz>
 * Copyright 2007	Johannes Berg <johannes@sipsolutions.net>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 *
 *
 * Transmit and frame generation functions.
 */

#include <linux/kernel.h>
#include <linux/slab.h>
#include <linux/skbuff.h>
#include <linux/etherdevice.h>
#include <linux/bitmap.h>
20
#include <linux/rcupdate.h>
21
#include <net/net_namespace.h>
22
23
24
25
26
27
28
#include <net/ieee80211_radiotap.h>
#include <net/cfg80211.h>
#include <net/mac80211.h>
#include <asm/unaligned.h>

#include "ieee80211_i.h"
#include "ieee80211_led.h"
29
#include "mesh.h"
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
#include "wep.h"
#include "wpa.h"
#include "wme.h"
#include "ieee80211_rate.h"

#define IEEE80211_TX_OK		0
#define IEEE80211_TX_AGAIN	1
#define IEEE80211_TX_FRAG_AGAIN	2

/* misc utils */

static inline void ieee80211_include_sequence(struct ieee80211_sub_if_data *sdata,
					      struct ieee80211_hdr *hdr)
{
	/* Set the sequence number for this frame. */
	hdr->seq_ctrl = cpu_to_le16(sdata->sequence);

	/* Increase the sequence number. */
	sdata->sequence = (sdata->sequence + 0x10) & IEEE80211_SCTL_SEQ;
}

#ifdef CONFIG_MAC80211_LOWTX_FRAME_DUMP
static void ieee80211_dump_frame(const char *ifname, const char *title,
				 const struct sk_buff *skb)
{
	const struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
	u16 fc;
	int hdrlen;
58
	DECLARE_MAC_BUF(mac);
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73

	printk(KERN_DEBUG "%s: %s (len=%d)", ifname, title, skb->len);
	if (skb->len < 4) {
		printk("\n");
		return;
	}

	fc = le16_to_cpu(hdr->frame_control);
	hdrlen = ieee80211_get_hdrlen(fc);
	if (hdrlen > skb->len)
		hdrlen = skb->len;
	if (hdrlen >= 4)
		printk(" FC=0x%04x DUR=0x%04x",
		       fc, le16_to_cpu(hdr->duration_id));
	if (hdrlen >= 10)
74
		printk(" A1=%s", print_mac(mac, hdr->addr1));
75
	if (hdrlen >= 16)
76
		printk(" A2=%s", print_mac(mac, hdr->addr2));
77
	if (hdrlen >= 24)
78
		printk(" A3=%s", print_mac(mac, hdr->addr3));
79
	if (hdrlen >= 30)
80
		printk(" A4=%s", print_mac(mac, hdr->addr4));
81
82
83
84
85
86
87
88
89
	printk("\n");
}
#else /* CONFIG_MAC80211_LOWTX_FRAME_DUMP */
static inline void ieee80211_dump_frame(const char *ifname, const char *title,
					struct sk_buff *skb)
{
}
#endif /* CONFIG_MAC80211_LOWTX_FRAME_DUMP */

90
static u16 ieee80211_duration(struct ieee80211_tx_data *tx, int group_addr,
91
92
93
			      int next_frag_len)
{
	int rate, mrate, erp, dur, i;
94
	struct ieee80211_rate *txrate = tx->rate;
95
	struct ieee80211_local *local = tx->local;
96
	struct ieee80211_supported_band *sband;
97

98
99
100
101
102
	sband = local->hw.wiphy->bands[local->hw.conf.channel->band];

	erp = 0;
	if (tx->sdata->flags & IEEE80211_SDATA_OPERATING_GMODE)
		erp = txrate->flags & IEEE80211_RATE_ERP_G;
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157

	/*
	 * data and mgmt (except PS Poll):
	 * - during CFP: 32768
	 * - during contention period:
	 *   if addr1 is group address: 0
	 *   if more fragments = 0 and addr1 is individual address: time to
	 *      transmit one ACK plus SIFS
	 *   if more fragments = 1 and addr1 is individual address: time to
	 *      transmit next fragment plus 2 x ACK plus 3 x SIFS
	 *
	 * IEEE 802.11, 9.6:
	 * - control response frame (CTS or ACK) shall be transmitted using the
	 *   same rate as the immediately previous frame in the frame exchange
	 *   sequence, if this rate belongs to the PHY mandatory rates, or else
	 *   at the highest possible rate belonging to the PHY rates in the
	 *   BSSBasicRateSet
	 */

	if ((tx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_CTL) {
		/* TODO: These control frames are not currently sent by
		 * 80211.o, but should they be implemented, this function
		 * needs to be updated to support duration field calculation.
		 *
		 * RTS: time needed to transmit pending data/mgmt frame plus
		 *    one CTS frame plus one ACK frame plus 3 x SIFS
		 * CTS: duration of immediately previous RTS minus time
		 *    required to transmit CTS and its SIFS
		 * ACK: 0 if immediately previous directed data/mgmt had
		 *    more=0, with more=1 duration in ACK frame is duration
		 *    from previous frame minus time needed to transmit ACK
		 *    and its SIFS
		 * PS Poll: BIT(15) | BIT(14) | aid
		 */
		return 0;
	}

	/* data/mgmt */
	if (0 /* FIX: data/mgmt during CFP */)
		return 32768;

	if (group_addr) /* Group address as the destination - no ACK */
		return 0;

	/* Individual destination address:
	 * IEEE 802.11, Ch. 9.6 (after IEEE 802.11g changes)
	 * CTS and ACK frames shall be transmitted using the highest rate in
	 * basic rate set that is less than or equal to the rate of the
	 * immediately previous frame and that is using the same modulation
	 * (CCK or OFDM). If no basic rate set matches with these requirements,
	 * the highest mandatory rate of the PHY that is less than or equal to
	 * the rate of the previous frame is used.
	 * Mandatory rates for IEEE 802.11g PHY: 1, 2, 5.5, 11, 6, 12, 24 Mbps
	 */
	rate = -1;
158
159
160
161
	/* use lowest available if everything fails */
	mrate = sband->bitrates[0].bitrate;
	for (i = 0; i < sband->n_bitrates; i++) {
		struct ieee80211_rate *r = &sband->bitrates[i];
162

163
164
		if (r->bitrate > txrate->bitrate)
			break;
165

166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
		if (tx->sdata->basic_rates & BIT(i))
			rate = r->bitrate;

		switch (sband->band) {
		case IEEE80211_BAND_2GHZ: {
			u32 flag;
			if (tx->sdata->flags & IEEE80211_SDATA_OPERATING_GMODE)
				flag = IEEE80211_RATE_MANDATORY_G;
			else
				flag = IEEE80211_RATE_MANDATORY_B;
			if (r->flags & flag)
				mrate = r->bitrate;
			break;
		}
		case IEEE80211_BAND_5GHZ:
			if (r->flags & IEEE80211_RATE_MANDATORY_A)
				mrate = r->bitrate;
			break;
		case IEEE80211_NUM_BANDS:
			WARN_ON(1);
			break;
		}
188
189
190
191
192
193
194
195
196
197
198
199
	}
	if (rate == -1) {
		/* No matching basic rate found; use highest suitable mandatory
		 * PHY rate */
		rate = mrate;
	}

	/* Time needed to transmit ACK
	 * (10 bytes + 4-byte FCS = 112 bits) plus SIFS; rounded up
	 * to closest integer */

	dur = ieee80211_frame_duration(local, 10, rate, erp,
200
				tx->sdata->bss_conf.use_short_preamble);
201
202
203
204
205
206
207

	if (next_frag_len) {
		/* Frame is fragmented: duration increases with time needed to
		 * transmit next fragment plus ACK and 2 x SIFS. */
		dur *= 2; /* ACK + SIFS */
		/* next fragment */
		dur += ieee80211_frame_duration(local, next_frag_len,
208
				txrate->bitrate, erp,
209
				tx->sdata->bss_conf.use_short_preamble);
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
	}

	return dur;
}

static inline int __ieee80211_queue_stopped(const struct ieee80211_local *local,
					    int queue)
{
	return test_bit(IEEE80211_LINK_STATE_XOFF, &local->state[queue]);
}

static inline int __ieee80211_queue_pending(const struct ieee80211_local *local,
					    int queue)
{
	return test_bit(IEEE80211_LINK_STATE_PENDING, &local->state[queue]);
}

static int inline is_ieee80211_device(struct net_device *dev,
				      struct net_device *master)
{
	return (wdev_priv(dev->ieee80211_ptr) ==
		wdev_priv(master->ieee80211_ptr));
}

/* tx handlers */

236
static ieee80211_tx_result
237
ieee80211_tx_h_check_assoc(struct ieee80211_tx_data *tx)
238
239
240
241
242
243
244
{
#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
	struct sk_buff *skb = tx->skb;
	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
	u32 sta_flags;

245
	if (unlikely(tx->flags & IEEE80211_TX_INJECTED))
246
		return TX_CONTINUE;
247

Zhu Yi's avatar
Zhu Yi committed
248
	if (unlikely(tx->local->sta_sw_scanning) &&
249
250
	    ((tx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT ||
	     (tx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_PROBE_REQ))
251
		return TX_DROP;
252

253
254
255
	if (tx->sdata->vif.type == IEEE80211_IF_TYPE_MESH_POINT)
		return TX_CONTINUE;

256
	if (tx->flags & IEEE80211_TX_PS_BUFFERED)
257
		return TX_CONTINUE;
258
259
260

	sta_flags = tx->sta ? tx->sta->flags : 0;

261
	if (likely(tx->flags & IEEE80211_TX_UNICAST)) {
262
		if (unlikely(!(sta_flags & WLAN_STA_ASSOC) &&
263
			     tx->sdata->vif.type != IEEE80211_IF_TYPE_IBSS &&
264
265
			     (tx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA)) {
#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
266
			DECLARE_MAC_BUF(mac);
267
			printk(KERN_DEBUG "%s: dropped data frame to not "
268
269
			       "associated station %s\n",
			       tx->dev->name, print_mac(mac, hdr->addr1));
270
271
#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
			I802_DEBUG_INC(tx->local->tx_handlers_drop_not_assoc);
272
			return TX_DROP;
273
274
275
276
		}
	} else {
		if (unlikely((tx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA &&
			     tx->local->num_sta == 0 &&
277
			     tx->sdata->vif.type != IEEE80211_IF_TYPE_IBSS)) {
278
279
280
281
			/*
			 * No associated STAs - no need to send multicast
			 * frames.
			 */
282
			return TX_DROP;
283
		}
284
		return TX_CONTINUE;
285
286
	}

287
	return TX_CONTINUE;
288
289
}

290
static ieee80211_tx_result
291
ieee80211_tx_h_sequence(struct ieee80211_tx_data *tx)
292
293
294
295
296
297
{
	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;

	if (ieee80211_get_hdrlen(le16_to_cpu(hdr->frame_control)) >= 24)
		ieee80211_include_sequence(tx->sdata, hdr);

298
	return TX_CONTINUE;
299
300
301
302
303
304
305
306
307
308
309
310
311
}

/* This function is called whenever the AP is about to exceed the maximum limit
 * of buffered frames for power saving STAs. This situation should not really
 * happen often during normal operation, so dropping the oldest buffered packet
 * from each queue should be OK to make some room for new frames. */
static void purge_old_ps_buffers(struct ieee80211_local *local)
{
	int total = 0, purged = 0;
	struct sk_buff *skb;
	struct ieee80211_sub_if_data *sdata;
	struct sta_info *sta;

312
313
314
315
316
317
	/*
	 * virtual interfaces are protected by RCU
	 */
	rcu_read_lock();

	list_for_each_entry_rcu(sdata, &local->interfaces, list) {
318
319
		struct ieee80211_if_ap *ap;
		if (sdata->dev == local->mdev ||
320
		    sdata->vif.type != IEEE80211_IF_TYPE_AP)
321
322
323
324
325
326
327
328
329
330
			continue;
		ap = &sdata->u.ap;
		skb = skb_dequeue(&ap->ps_bc_buf);
		if (skb) {
			purged++;
			dev_kfree_skb(skb);
		}
		total += skb_queue_len(&ap->ps_bc_buf);
	}

331
	list_for_each_entry_rcu(sta, &local->sta_list, list) {
332
333
334
335
336
337
338
		skb = skb_dequeue(&sta->ps_tx_buf);
		if (skb) {
			purged++;
			dev_kfree_skb(skb);
		}
		total += skb_queue_len(&sta->ps_tx_buf);
	}
339
340

	rcu_read_unlock();
341
342
343

	local->total_ps_buffered = total;
	printk(KERN_DEBUG "%s: PS buffers full - purged %d frames\n",
344
	       wiphy_name(local->hw.wiphy), purged);
345
346
}

347
static ieee80211_tx_result
348
ieee80211_tx_h_multicast_ps_buf(struct ieee80211_tx_data *tx)
349
{
350
351
352
353
354
355
356
357
358
359
	/*
	 * broadcast/multicast frame
	 *
	 * If any of the associated stations is in power save mode,
	 * the frame is buffered to be sent after DTIM beacon frame.
	 * This is done either by the hardware or us.
	 */

	/* not AP/IBSS or ordered frame */
	if (!tx->sdata->bss || (tx->fc & IEEE80211_FCTL_ORDER))
360
		return TX_CONTINUE;
361
362
363

	/* no stations in PS mode */
	if (!atomic_read(&tx->sdata->bss->num_sta_ps))
364
		return TX_CONTINUE;
365
366
367

	/* buffered in mac80211 */
	if (tx->local->hw.flags & IEEE80211_HW_HOST_BROADCAST_PS_BUFFERING) {
368
369
370
371
372
373
374
375
376
377
378
379
380
		if (tx->local->total_ps_buffered >= TOTAL_MAX_TX_BUFFER)
			purge_old_ps_buffers(tx->local);
		if (skb_queue_len(&tx->sdata->bss->ps_bc_buf) >=
		    AP_MAX_BC_BUFFER) {
			if (net_ratelimit()) {
				printk(KERN_DEBUG "%s: BC TX buffer full - "
				       "dropping the oldest frame\n",
				       tx->dev->name);
			}
			dev_kfree_skb(skb_dequeue(&tx->sdata->bss->ps_bc_buf));
		} else
			tx->local->total_ps_buffered++;
		skb_queue_tail(&tx->sdata->bss->ps_bc_buf, tx->skb);
381
		return TX_QUEUED;
382
383
	}

384
	/* buffered in hardware */
385
	tx->control->flags |= IEEE80211_TXCTL_SEND_AFTER_DTIM;
386

387
	return TX_CONTINUE;
388
389
}

390
static ieee80211_tx_result
391
ieee80211_tx_h_unicast_ps_buf(struct ieee80211_tx_data *tx)
392
393
{
	struct sta_info *sta = tx->sta;
394
	DECLARE_MAC_BUF(mac);
395
396
397
398

	if (unlikely(!sta ||
		     ((tx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_MGMT &&
		      (tx->fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_PROBE_RESP)))
399
		return TX_CONTINUE;
400

401
402
	if (unlikely((sta->flags & WLAN_STA_PS) &&
		     !(sta->flags & WLAN_STA_PSPOLL))) {
403
404
		struct ieee80211_tx_packet_data *pkt_data;
#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
405
		printk(KERN_DEBUG "STA %s aid %d: PS buffer (entries "
406
		       "before %d)\n",
407
		       print_mac(mac, sta->addr), sta->aid,
408
409
410
411
412
413
414
		       skb_queue_len(&sta->ps_tx_buf));
#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
		if (tx->local->total_ps_buffered >= TOTAL_MAX_TX_BUFFER)
			purge_old_ps_buffers(tx->local);
		if (skb_queue_len(&sta->ps_tx_buf) >= STA_MAX_TX_BUFFER) {
			struct sk_buff *old = skb_dequeue(&sta->ps_tx_buf);
			if (net_ratelimit()) {
415
				printk(KERN_DEBUG "%s: STA %s TX "
416
				       "buffer full - dropping oldest frame\n",
417
				       tx->dev->name, print_mac(mac, sta->addr));
418
419
420
421
			}
			dev_kfree_skb(old);
		} else
			tx->local->total_ps_buffered++;
422

423
		/* Queue frame to be sent after STA sends an PS Poll frame */
424
425
426
		if (skb_queue_empty(&sta->ps_tx_buf))
			sta_info_set_tim_bit(sta);

427
428
429
		pkt_data = (struct ieee80211_tx_packet_data *)tx->skb->cb;
		pkt_data->jiffies = jiffies;
		skb_queue_tail(&sta->ps_tx_buf, tx->skb);
430
		return TX_QUEUED;
431
432
433
	}
#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
	else if (unlikely(sta->flags & WLAN_STA_PS)) {
434
		printk(KERN_DEBUG "%s: STA %s in PS mode, but pspoll "
435
		       "set -> send frame\n", tx->dev->name,
436
		       print_mac(mac, sta->addr));
437
438
	}
#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
439
	sta->flags &= ~WLAN_STA_PSPOLL;
440

441
	return TX_CONTINUE;
442
443
}

444
static ieee80211_tx_result
445
ieee80211_tx_h_ps_buf(struct ieee80211_tx_data *tx)
446
{
447
	if (unlikely(tx->flags & IEEE80211_TX_PS_BUFFERED))
448
		return TX_CONTINUE;
449

450
	if (tx->flags & IEEE80211_TX_UNICAST)
451
452
453
454
455
		return ieee80211_tx_h_unicast_ps_buf(tx);
	else
		return ieee80211_tx_h_multicast_ps_buf(tx);
}

456
static ieee80211_tx_result
457
ieee80211_tx_h_select_key(struct ieee80211_tx_data *tx)
458
{
459
	struct ieee80211_key *key;
460
	u16 fc = tx->fc;
461

462
	if (unlikely(tx->control->flags & IEEE80211_TXCTL_DO_NOT_ENCRYPT))
463
		tx->key = NULL;
464
465
466
467
	else if (tx->sta && (key = rcu_dereference(tx->sta->key)))
		tx->key = key;
	else if ((key = rcu_dereference(tx->sdata->default_key)))
		tx->key = key;
468
	else if (tx->sdata->drop_unencrypted &&
469
470
		 !(tx->control->flags & IEEE80211_TXCTL_EAPOL_FRAME) &&
		 !(tx->flags & IEEE80211_TX_INJECTED)) {
471
		I802_DEBUG_INC(tx->local->tx_handlers_drop_unencrypted);
472
		return TX_DROP;
473
	} else
474
475
476
		tx->key = NULL;

	if (tx->key) {
477
478
		u16 ftype, stype;

479
		tx->key->tx_rx_count++;
480
		/* TODO: add threshold stuff again */
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495

		switch (tx->key->conf.alg) {
		case ALG_WEP:
			ftype = fc & IEEE80211_FCTL_FTYPE;
			stype = fc & IEEE80211_FCTL_STYPE;

			if (ftype == IEEE80211_FTYPE_MGMT &&
			    stype == IEEE80211_STYPE_AUTH)
				break;
		case ALG_TKIP:
		case ALG_CCMP:
			if (!WLAN_FC_DATA_PRESENT(fc))
				tx->key = NULL;
			break;
		}
496
497
	}

498
	if (!tx->key || !(tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
499
		tx->control->flags |= IEEE80211_TXCTL_DO_NOT_ENCRYPT;
500

501
	return TX_CONTINUE;
502
503
}

504
static ieee80211_tx_result
505
ieee80211_tx_h_fragment(struct ieee80211_tx_data *tx)
506
507
508
509
510
511
512
513
514
{
	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) tx->skb->data;
	size_t hdrlen, per_fragm, num_fragm, payload_len, left;
	struct sk_buff **frags, *first, *frag;
	int i;
	u16 seq;
	u8 *pos;
	int frag_threshold = tx->local->fragmentation_threshold;

515
	if (!(tx->flags & IEEE80211_TX_FRAGMENTED))
516
		return TX_CONTINUE;
517
518
519
520
521
522

	first = tx->skb;

	hdrlen = ieee80211_get_hdrlen(tx->fc);
	payload_len = first->len - hdrlen;
	per_fragm = frag_threshold - hdrlen - FCS_LEN;
523
	num_fragm = DIV_ROUND_UP(payload_len, per_fragm);
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566

	frags = kzalloc(num_fragm * sizeof(struct sk_buff *), GFP_ATOMIC);
	if (!frags)
		goto fail;

	hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_MOREFRAGS);
	seq = le16_to_cpu(hdr->seq_ctrl) & IEEE80211_SCTL_SEQ;
	pos = first->data + hdrlen + per_fragm;
	left = payload_len - per_fragm;
	for (i = 0; i < num_fragm - 1; i++) {
		struct ieee80211_hdr *fhdr;
		size_t copylen;

		if (left <= 0)
			goto fail;

		/* reserve enough extra head and tail room for possible
		 * encryption */
		frag = frags[i] =
			dev_alloc_skb(tx->local->tx_headroom +
				      frag_threshold +
				      IEEE80211_ENCRYPT_HEADROOM +
				      IEEE80211_ENCRYPT_TAILROOM);
		if (!frag)
			goto fail;
		/* Make sure that all fragments use the same priority so
		 * that they end up using the same TX queue */
		frag->priority = first->priority;
		skb_reserve(frag, tx->local->tx_headroom +
				  IEEE80211_ENCRYPT_HEADROOM);
		fhdr = (struct ieee80211_hdr *) skb_put(frag, hdrlen);
		memcpy(fhdr, first->data, hdrlen);
		if (i == num_fragm - 2)
			fhdr->frame_control &= cpu_to_le16(~IEEE80211_FCTL_MOREFRAGS);
		fhdr->seq_ctrl = cpu_to_le16(seq | ((i + 1) & IEEE80211_SCTL_FRAG));
		copylen = left > per_fragm ? per_fragm : left;
		memcpy(skb_put(frag, copylen), pos, copylen);

		pos += copylen;
		left -= copylen;
	}
	skb_trim(first, hdrlen + per_fragm);

567
568
	tx->num_extra_frag = num_fragm - 1;
	tx->extra_frag = frags;
569

570
	return TX_CONTINUE;
571
572
573
574
575
576
577
578
579
580

 fail:
	printk(KERN_DEBUG "%s: failed to fragment frame\n", tx->dev->name);
	if (frags) {
		for (i = 0; i < num_fragm - 1; i++)
			if (frags[i])
				dev_kfree_skb(frags[i]);
		kfree(frags);
	}
	I802_DEBUG_INC(tx->local->tx_handlers_drop_fragment);
581
	return TX_DROP;
582
583
}

584
static ieee80211_tx_result
585
ieee80211_tx_h_encrypt(struct ieee80211_tx_data *tx)
586
{
587
	if (!tx->key)
588
		return TX_CONTINUE;
589

590
591
592
593
594
595
596
	switch (tx->key->conf.alg) {
	case ALG_WEP:
		return ieee80211_crypto_wep_encrypt(tx);
	case ALG_TKIP:
		return ieee80211_crypto_tkip_encrypt(tx);
	case ALG_CCMP:
		return ieee80211_crypto_ccmp_encrypt(tx);
597
598
	}

599
600
	/* not reached */
	WARN_ON(1);
601
	return TX_DROP;
602
603
}

604
static ieee80211_tx_result
605
ieee80211_tx_h_rate_ctrl(struct ieee80211_tx_data *tx)
606
{
607
	struct rate_selection rsel;
608
609
610
	struct ieee80211_supported_band *sband;

	sband = tx->local->hw.wiphy->bands[tx->local->hw.conf.channel->band];
611

612
	if (likely(!tx->rate)) {
613
		rate_control_get_rate(tx->dev, sband, tx->skb, &rsel);
614
		tx->rate = rsel.rate;
615
		if (unlikely(rsel.probe)) {
616
			tx->control->flags |=
617
				IEEE80211_TXCTL_RATE_CTRL_PROBE;
618
619
620
			tx->flags |= IEEE80211_TX_PROBE_LAST_FRAG;
			tx->control->alt_retry_rate = tx->rate;
			tx->rate = rsel.probe;
621
		} else
622
			tx->control->alt_retry_rate = NULL;
623

624
		if (!tx->rate)
625
			return TX_DROP;
626
	} else
627
		tx->control->alt_retry_rate = NULL;
628

629
	if (tx->sdata->bss_conf.use_cts_prot &&
630
631
	    (tx->flags & IEEE80211_TX_FRAGMENTED) && rsel.nonerp) {
		tx->last_frag_rate = tx->rate;
632
		if (rsel.probe)
633
			tx->flags &= ~IEEE80211_TX_PROBE_LAST_FRAG;
634
		else
635
636
637
638
			tx->flags |= IEEE80211_TX_PROBE_LAST_FRAG;
		tx->rate = rsel.nonerp;
		tx->control->tx_rate = rsel.nonerp;
		tx->control->flags &= ~IEEE80211_TXCTL_RATE_CTRL_PROBE;
639
	} else {
640
641
		tx->last_frag_rate = tx->rate;
		tx->control->tx_rate = tx->rate;
642
	}
643
	tx->control->tx_rate = tx->rate;
644

645
	return TX_CONTINUE;
646
647
}

648
static ieee80211_tx_result
649
ieee80211_tx_h_misc(struct ieee80211_tx_data *tx)
650
651
{
	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) tx->skb->data;
652
	u16 fc = le16_to_cpu(hdr->frame_control);
653
	u16 dur;
654
	struct ieee80211_tx_control *control = tx->control;
655

656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
	if (!control->retry_limit) {
		if (!is_multicast_ether_addr(hdr->addr1)) {
			if (tx->skb->len + FCS_LEN > tx->local->rts_threshold
			    && tx->local->rts_threshold <
					IEEE80211_MAX_RTS_THRESHOLD) {
				control->flags |=
					IEEE80211_TXCTL_USE_RTS_CTS;
				control->flags |=
					IEEE80211_TXCTL_LONG_RETRY_LIMIT;
				control->retry_limit =
					tx->local->long_retry_limit;
			} else {
				control->retry_limit =
					tx->local->short_retry_limit;
			}
671
		} else {
672
			control->retry_limit = 1;
673
674
675
		}
	}

676
	if (tx->flags & IEEE80211_TX_FRAGMENTED) {
677
678
679
680
		/* Do not use multiple retry rates when sending fragmented
		 * frames.
		 * TODO: The last fragment could still use multiple retry
		 * rates. */
681
		control->alt_retry_rate = NULL;
682
683
684
685
686
	}

	/* Use CTS protection for unicast frames sent using extended rates if
	 * there are associated non-ERP stations and RTS/CTS is not configured
	 * for the frame. */
687
	if ((tx->sdata->flags & IEEE80211_SDATA_OPERATING_GMODE) &&
688
689
	    (tx->rate->flags & IEEE80211_RATE_ERP_G) &&
	    (tx->flags & IEEE80211_TX_UNICAST) &&
690
	    tx->sdata->bss_conf.use_cts_prot &&
691
692
693
	    !(control->flags & IEEE80211_TXCTL_USE_RTS_CTS))
		control->flags |= IEEE80211_TXCTL_USE_CTS_PROTECT;

694
695
696
697
	/* Transmit data frames using short preambles if the driver supports
	 * short preambles at the selected rate and short preambles are
	 * available on the network at the current point in time. */
	if (((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA) &&
698
	    (tx->rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
699
	    tx->sdata->bss_conf.use_short_preamble &&
700
	    (!tx->sta || (tx->sta->flags & WLAN_STA_SHORT_PREAMBLE))) {
701
		tx->control->flags |= IEEE80211_TXCTL_SHORT_PREAMBLE;
702
703
	}

704
705
706
707
	/* Setup duration field for the first fragment of the frame. Duration
	 * for remaining fragments will be updated when they are being sent
	 * to low-level driver in ieee80211_tx(). */
	dur = ieee80211_duration(tx, is_multicast_ether_addr(hdr->addr1),
708
709
				 (tx->flags & IEEE80211_TX_FRAGMENTED) ?
				 tx->extra_frag[0]->len : 0);
710
711
712
713
	hdr->duration_id = cpu_to_le16(dur);

	if ((control->flags & IEEE80211_TXCTL_USE_RTS_CTS) ||
	    (control->flags & IEEE80211_TXCTL_USE_CTS_PROTECT)) {
714
715
716
717
718
719
		struct ieee80211_supported_band *sband;
		struct ieee80211_rate *rate, *baserate;
		int idx;

		sband = tx->local->hw.wiphy->bands[
				tx->local->hw.conf.channel->band];
720
721

		/* Do not use multiple retry rates when using RTS/CTS */
722
		control->alt_retry_rate = NULL;
723
724

		/* Use min(data rate, max base rate) as CTS/RTS rate */
725
		rate = tx->rate;
726
727
728
729
730
731
732
733
734
735
		baserate = NULL;

		for (idx = 0; idx < sband->n_bitrates; idx++) {
			if (sband->bitrates[idx].bitrate > rate->bitrate)
				continue;
			if (tx->sdata->basic_rates & BIT(idx) &&
			    (!baserate ||
			     (baserate->bitrate < sband->bitrates[idx].bitrate)))
				baserate = &sband->bitrates[idx];
		}
736

737
738
739
740
		if (baserate)
			control->rts_cts_rate = baserate;
		else
			control->rts_cts_rate = &sband->bitrates[0];
741
742
743
	}

	if (tx->sta) {
744
		control->aid = tx->sta->aid;
745
746
747
		tx->sta->tx_packets++;
		tx->sta->tx_fragments++;
		tx->sta->tx_bytes += tx->skb->len;
748
		if (tx->extra_frag) {
749
			int i;
750
751
			tx->sta->tx_fragments += tx->num_extra_frag;
			for (i = 0; i < tx->num_extra_frag; i++) {
752
				tx->sta->tx_bytes +=
753
					tx->extra_frag[i]->len;
754
755
756
757
			}
		}
	}

758
	return TX_CONTINUE;
759
760
}

761
static ieee80211_tx_result
762
ieee80211_tx_h_load_stats(struct ieee80211_tx_data *tx)
763
764
765
766
767
{
	struct ieee80211_local *local = tx->local;
	struct sk_buff *skb = tx->skb;
	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
	u32 load = 0, hdrtime;
768
	struct ieee80211_rate *rate = tx->rate;
769
770
771
772
773
774
775
776
777
778

	/* TODO: this could be part of tx_status handling, so that the number
	 * of retries would be known; TX rate should in that case be stored
	 * somewhere with the packet */

	/* Estimate total channel use caused by this frame */

	/* 1 bit at 1 Mbit/s takes 1 usec; in channel_use values,
	 * 1 usec = 1/8 * (1080 / 10) = 13.5 */

779
780
	if (tx->channel->band == IEEE80211_BAND_5GHZ ||
	    (tx->channel->band == IEEE80211_BAND_2GHZ &&
781
	     rate->flags & IEEE80211_RATE_ERP_G))
782
783
784
785
786
787
788
789
		hdrtime = CHAN_UTIL_HDR_SHORT;
	else
		hdrtime = CHAN_UTIL_HDR_LONG;

	load = hdrtime;
	if (!is_multicast_ether_addr(hdr->addr1))
		load += hdrtime;

790
	if (tx->control->flags & IEEE80211_TXCTL_USE_RTS_CTS)
791
		load += 2 * hdrtime;
792
	else if (tx->control->flags & IEEE80211_TXCTL_USE_CTS_PROTECT)
793
794
		load += hdrtime;

795
796
	/* TODO: optimise again */
	load += skb->len * CHAN_UTIL_RATE_LCM / rate->bitrate;
797

798
	if (tx->extra_frag) {
799
		int i;
800
		for (i = 0; i < tx->num_extra_frag; i++) {
801
			load += 2 * hdrtime;
802
803
			load += tx->extra_frag[i]->len *
				tx->rate->bitrate;
804
805
806
807
808
809
810
811
812
813
		}
	}

	/* Divide channel_use by 8 to avoid wrapping around the counter */
	load >>= CHAN_UTIL_SHIFT;
	local->channel_use_raw += load;
	if (tx->sta)
		tx->sta->channel_use_raw += load;
	tx->sdata->channel_use_raw += load;

814
	return TX_CONTINUE;
815
816
817
}


818
typedef ieee80211_tx_result (*ieee80211_tx_handler)(struct ieee80211_tx_data *);
819
static ieee80211_tx_handler ieee80211_tx_handlers[] =
820
821
822
823
824
825
826
{
	ieee80211_tx_h_check_assoc,
	ieee80211_tx_h_sequence,
	ieee80211_tx_h_ps_buf,
	ieee80211_tx_h_select_key,
	ieee80211_tx_h_michael_mic_add,
	ieee80211_tx_h_fragment,
827
	ieee80211_tx_h_encrypt,
828
829
830
831
832
833
834
835
836
837
838
839
	ieee80211_tx_h_rate_ctrl,
	ieee80211_tx_h_misc,
	ieee80211_tx_h_load_stats,
	NULL
};

/* actual transmit path */

/*
 * deal with packet injection down monitor interface
 * with Radiotap Header -- only called for monitor mode interface
 */
840
static ieee80211_tx_result
841
__ieee80211_parse_tx_radiotap(struct ieee80211_tx_data *tx,
842
			      struct sk_buff *skb)
843
844
845
846
847
848
849
850
851
852
853
854
{
	/*
	 * this is the moment to interpret and discard the radiotap header that
	 * must be at the start of the packet injected in Monitor mode
	 *
	 * Need to take some care with endian-ness since radiotap
	 * args are little-endian
	 */

	struct ieee80211_radiotap_iterator iterator;
	struct ieee80211_radiotap_header *rthdr =
		(struct ieee80211_radiotap_header *) skb->data;
855
	struct ieee80211_supported_band *sband;
856
	int ret = ieee80211_radiotap_iterator_init(&iterator, rthdr, skb->len);
857
	struct ieee80211_tx_control *control = tx->control;
858

859
860
	sband = tx->local->hw.wiphy->bands[tx->local->hw.conf.channel->band];

861
	control->flags |= IEEE80211_TXCTL_DO_NOT_ENCRYPT;
862
863
	tx->flags |= IEEE80211_TX_INJECTED;
	tx->flags &= ~IEEE80211_TX_FRAGMENTED;
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892

	/*
	 * for every radiotap entry that is present
	 * (ieee80211_radiotap_iterator_next returns -ENOENT when no more
	 * entries present, or -EINVAL on error)
	 */

	while (!ret) {
		int i, target_rate;

		ret = ieee80211_radiotap_iterator_next(&iterator);

		if (ret)
			continue;

		/* see if this argument is something we can use */
		switch (iterator.this_arg_index) {
		/*
		 * You must take care when dereferencing iterator.this_arg
		 * for multibyte types... the pointer is not aligned.  Use
		 * get_unaligned((type *)iterator.this_arg) to dereference
		 * iterator.this_arg for type "type" safely on all arches.
		*/
		case IEEE80211_RADIOTAP_RATE:
			/*
			 * radiotap rate u8 is in 500kbps units eg, 0x02=1Mbps
			 * ieee80211 rate int is in 100kbps units eg, 0x0a=1Mbps
			 */
			target_rate = (*iterator.this_arg) * 5;
893
894
			for (i = 0; i < sband->n_bitrates; i++) {
				struct ieee80211_rate *r;
895

896
897
898
				r = &sband->bitrates[i];

				if (r->bitrate == target_rate) {
899
					tx->rate = r;
900
901
					break;
				}
902
903
904
905
906
907
908
909
910
911
912
			}
			break;

		case IEEE80211_RADIOTAP_ANTENNA:
			/*
			 * radiotap uses 0 for 1st ant, mac80211 is 1 for
			 * 1st ant
			 */
			control->antenna_sel_tx = (*iterator.this_arg) + 1;
			break;

913
#if 0
914
915
916
		case IEEE80211_RADIOTAP_DBM_TX_POWER:
			control->power_level = *iterator.this_arg;
			break;
917
#endif
918
919
920
921
922
923
924
925
926
927
928

		case IEEE80211_RADIOTAP_FLAGS:
			if (*iterator.this_arg & IEEE80211_RADIOTAP_F_FCS) {
				/*
				 * this indicates that the skb we have been
				 * handed has the 32-bit FCS CRC at the end...
				 * we should react to that by snipping it off
				 * because it will be recomputed and added
				 * on transmission
				 */
				if (skb->len < (iterator.max_length + FCS_LEN))
929
					return TX_DROP;
930
931
932

				skb_trim(skb, skb->len - FCS_LEN);
			}
933
934
935
936
			if (*iterator.this_arg & IEEE80211_RADIOTAP_F_WEP)
				control->flags &=
					~IEEE80211_TXCTL_DO_NOT_ENCRYPT;
			if (*iterator.this_arg & IEEE80211_RADIOTAP_F_FRAG)
937
				tx->flags |= IEEE80211_TX_FRAGMENTED;
938
939
			break;

940
941
942
943
944
945
		/*
		 * Please update the file
		 * Documentation/networking/mac80211-injection.txt
		 * when parsing new fields here.
		 */

946
947
948
949
950
951
		default:
			break;
		}
	}

	if (ret != -ENOENT) /* ie, if we didn't simply run out of fields */
952
		return TX_DROP;
953
954
955
956
957
958
959
960

	/*
	 * remove the radiotap header
	 * iterator->max_length was sanity-checked against
	 * skb->len by iterator init
	 */
	skb_pull(skb, iterator.max_length);

961
	return TX_CONTINUE;
962
963
}

964
965
966
/*
 * initialises @tx
 */
967
static ieee80211_tx_result
968
__ieee80211_tx_prepare(struct ieee80211_tx_data *tx,
969
970
971
972
973
		       struct sk_buff *skb,
		       struct net_device *dev,
		       struct ieee80211_tx_control *control)
{
	struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
974
	struct ieee80211_hdr *hdr;
975
976
977
978
979
980
981
982
983
	struct ieee80211_sub_if_data *sdata;

	int hdrlen;

	memset(tx, 0, sizeof(*tx));
	tx->skb = skb;
	tx->dev = dev; /* use original interface */
	tx->local = local;
	tx->sdata = IEEE80211_DEV_TO_SUB_IF(dev);
984
	tx->control = control;
985
	/*
986
987
	 * Set this flag (used below to indicate "automatic fragmentation"),
	 * it will be cleared/left by radiotap as desired.
988
	 */
989
	tx->flags |= IEEE80211_TX_FRAGMENTED;
990
991
992

	/* process and remove the injection radiotap header */
	sdata = IEEE80211_DEV_TO_SUB_IF(dev);
993
	if (unlikely(sdata->vif.type == IEEE80211_IF_TYPE_MNTR)) {
994
995
		if (__ieee80211_parse_tx_radiotap(tx, skb) == TX_DROP)
			return TX_DROP;
996

997
		/*
998
999
1000
		 * __ieee80211_parse_tx_radiotap has now removed
		 * the radiotap header that was present and pre-filled
		 * 'tx' with tx control information.
1001
1002
1003
		 */
	}

1004
1005
	hdr = (struct ieee80211_hdr *) skb->data;

1006
1007
	tx->sta = sta_info_get(local, hdr->addr1);
	tx->fc = le16_to_cpu(hdr->frame_control);
1008

1009
	if (is_multicast_ether_addr(hdr->addr1)) {
1010
		tx->flags &= ~IEEE80211_TX_UNICAST;
1011
		control->flags |= IEEE80211_TXCTL_NO_ACK;
1012
	} else {
1013
		tx->flags |= IEEE80211_TX_UNICAST;
1014
		control->flags &= ~IEEE80211_TXCTL_NO_ACK;
1015
	}
1016

1017
1018
	if (tx->flags & IEEE80211_TX_FRAGMENTED) {
		if ((tx->flags & IEEE80211_TX_UNICAST) &&
1019
1020
		    skb->len + FCS_LEN > local->fragmentation_threshold &&
		    !local->ops->set_frag_threshold)
1021
			tx->flags |= IEEE80211_TX_FRAGMENTED;
1022
		else
1023
			tx->flags &= ~IEEE80211_TX_FRAGMENTED;
1024
1025
	}

1026
	if (!tx->sta)
1027
1028
1029
1030
		control->flags |= IEEE80211_TXCTL_CLEAR_PS_FILT;
	else if (tx->sta->flags & WLAN_STA_CLEAR_PS_FILT) {
		control->flags |= IEEE80211_TXCTL_CLEAR_PS_FILT;
		tx->sta->flags &= ~WLAN_STA_CLEAR_PS_FILT;
1031
	}
1032

1033
1034
1035
1036
1037
1038
1039
	hdrlen = ieee80211_get_hdrlen(tx->fc);
	if (skb->len > hdrlen + sizeof(rfc1042_header) + 2) {
		u8 *pos = &skb->data[hdrlen + sizeof(rfc1042_header)];
		tx->ethertype = (pos[0] << 8) | pos[1];
	}
	control->flags |= IEEE80211_TXCTL_FIRST_FRAGMENT;

1040
	return TX_CONTINUE;
1041
1042
}

1043
/*
1044
1045
 * NB: @tx is uninitialised when passed in here
 */
1046
static int ieee80211_tx_prepare(struct ieee80211_tx_data *tx,
1047
1048
1049
				struct sk_buff *skb,
				struct net_device *mdev,
				struct ieee80211_tx_control *control)
1050
1051
1052
1053
1054
{
	struct ieee80211_tx_packet_data *pkt_data;
	struct net_device *dev;

	pkt_data = (struct ieee80211_tx_packet_data *)skb->cb;
1055
	dev = dev_get_by_index(&init_net, pkt_data->ifindex);
1056
1057
1058
1059
1060
1061
	if (unlikely(dev && !is_ieee80211_device(dev, mdev))) {
		dev_put(dev);
		dev = NULL;
	}
	if (unlikely(!dev))
		return -ENODEV;
1062
	/* initialises tx with control */
1063
	__ieee80211_tx_prepare(tx, skb, dev, control);
1064
	dev_put(dev);
1065
1066
1067
1068
	return 0;
}

static int __ieee80211_tx(struct ieee80211_local *local, struct sk_buff *skb,
1069
			  struct ieee80211_tx_data *tx)
1070
{
1071
	struct ieee80211_tx_control *control = tx->control;