Gitiles
Code Review Sign In
192.168.1.100 / T106_DC / e3048a133df731f07bfca74e69cdcd9a007a573d / . / ap / os / linux / linux-3.4.x / net / mac80211 / tx.c
blob: f4f24bee99c24cd04ae5e9d27908f1a666233b49 [file] [log] [blame]
lh9ed821d2023-04-07 01:36:19 -0700[diff] [blame]1/*
2 * Copyright 2002-2005, Instant802 Networks, Inc.
3 * Copyright 2005-2006, Devicescape Software, Inc.
4 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
5 * Copyright 2007 Johannes Berg <johannes@sipsolutions.net>
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as
9 * published by the Free Software Foundation.
10 *
11 *
12 * Transmit and frame generation functions.
13 */
14
15#include <linux/kernel.h>
16#include <linux/slab.h>
17#include <linux/skbuff.h>
18#include <linux/etherdevice.h>
19#include <linux/bitmap.h>
20#include <linux/rcupdate.h>
21#include <linux/export.h>
22#include <net/net_namespace.h>
23#include <net/ieee80211_radiotap.h>
24#include <net/cfg80211.h>
25#include <net/mac80211.h>
26#include <asm/unaligned.h>
27
28#include "ieee80211_i.h"
29#include "driver-ops.h"
30#include "led.h"
31#include "mesh.h"
32#include "wep.h"
33#include "wpa.h"
34#include "wme.h"
35#include "rate.h"
36
37/* misc utils */
38
39static __le16 ieee80211_duration(struct ieee80211_tx_data *tx,
40 struct sk_buff *skb, int group_addr,
41 int next_frag_len)
42{
43 int rate, mrate, erp, dur, i;
44 struct ieee80211_rate *txrate;
45 struct ieee80211_local *local = tx->local;
46 struct ieee80211_supported_band *sband;
47 struct ieee80211_hdr *hdr;
48 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
49
50 /* assume HW handles this */
51 if (info->control.rates[0].flags & IEEE80211_TX_RC_MCS)
52 return 0;
53
54 /* uh huh? */
55 if (WARN_ON_ONCE(info->control.rates[0].idx < 0))
56 return 0;
57
58 sband = local->hw.wiphy->bands[tx->channel->band];
59 txrate = &sband->bitrates[info->control.rates[0].idx];
60
61 erp = txrate->flags & IEEE80211_RATE_ERP_G;
62
63 /*
64 * data and mgmt (except PS Poll):
65 * - during CFP: 32768
66 * - during contention period:
67 * if addr1 is group address: 0
68 * if more fragments = 0 and addr1 is individual address: time to
69 * transmit one ACK plus SIFS
70 * if more fragments = 1 and addr1 is individual address: time to
71 * transmit next fragment plus 2 x ACK plus 3 x SIFS
72 *
73 * IEEE 802.11, 9.6:
74 * - control response frame (CTS or ACK) shall be transmitted using the
75 * same rate as the immediately previous frame in the frame exchange
76 * sequence, if this rate belongs to the PHY mandatory rates, or else
77 * at the highest possible rate belonging to the PHY rates in the
78 * BSSBasicRateSet
79 */
80 hdr = (struct ieee80211_hdr *)skb->data;
81 if (ieee80211_is_ctl(hdr->frame_control)) {
82 /* TODO: These control frames are not currently sent by
83 * mac80211, but should they be implemented, this function
84 * needs to be updated to support duration field calculation.
85 *
86 * RTS: time needed to transmit pending data/mgmt frame plus
87 * one CTS frame plus one ACK frame plus 3 x SIFS
88 * CTS: duration of immediately previous RTS minus time
89 * required to transmit CTS and its SIFS
90 * ACK: 0 if immediately previous directed data/mgmt had
91 * more=0, with more=1 duration in ACK frame is duration
92 * from previous frame minus time needed to transmit ACK
93 * and its SIFS
94 * PS Poll: BIT(15) | BIT(14) | aid
95 */
96 return 0;
97 }
98
99 /* data/mgmt */
100 if (0 /* FIX: data/mgmt during CFP */)
101 return cpu_to_le16(32768);
102
103 if (group_addr) /* Group address as the destination - no ACK */
104 return 0;
105
106 /* Individual destination address:
107 * IEEE 802.11, Ch. 9.6 (after IEEE 802.11g changes)
108 * CTS and ACK frames shall be transmitted using the highest rate in
109 * basic rate set that is less than or equal to the rate of the
110 * immediately previous frame and that is using the same modulation
111 * (CCK or OFDM). If no basic rate set matches with these requirements,
112 * the highest mandatory rate of the PHY that is less than or equal to
113 * the rate of the previous frame is used.
114 * Mandatory rates for IEEE 802.11g PHY: 1, 2, 5.5, 11, 6, 12, 24 Mbps
115 */
116 rate = -1;
117 /* use lowest available if everything fails */
118 mrate = sband->bitrates[0].bitrate;
119 for (i = 0; i < sband->n_bitrates; i++) {
120 struct ieee80211_rate *r = &sband->bitrates[i];
121
122 if (r->bitrate > txrate->bitrate)
123 break;
124
125 if (tx->sdata->vif.bss_conf.basic_rates & BIT(i))
126 rate = r->bitrate;
127
128 switch (sband->band) {
129 case IEEE80211_BAND_2GHZ: {
130 u32 flag;
131 if (tx->sdata->flags & IEEE80211_SDATA_OPERATING_GMODE)
132 flag = IEEE80211_RATE_MANDATORY_G;
133 else
134 flag = IEEE80211_RATE_MANDATORY_B;
135 if (r->flags & flag)
136 mrate = r->bitrate;
137 break;
138 }
139 case IEEE80211_BAND_5GHZ:
140 if (r->flags & IEEE80211_RATE_MANDATORY_A)
141 mrate = r->bitrate;
142 break;
143 case IEEE80211_NUM_BANDS:
144 WARN_ON(1);
145 break;
146 }
147 }
148 if (rate == -1) {
149 /* No matching basic rate found; use highest suitable mandatory
150 * PHY rate */
151 rate = mrate;
152 }
153
154 /* Don't calculate ACKs for QoS Frames with NoAck Policy set */
155 if (ieee80211_is_data_qos(hdr->frame_control) &&
156 *(ieee80211_get_qos_ctl(hdr)) | IEEE80211_QOS_CTL_ACK_POLICY_NOACK)
157 dur = 0;
158 else
159 /* Time needed to transmit ACK
160 * (10 bytes + 4-byte FCS = 112 bits) plus SIFS; rounded up
161 * to closest integer */
162 dur = ieee80211_frame_duration(local, 10, rate, erp,
163 tx->sdata->vif.bss_conf.use_short_preamble);
164
165 if (next_frag_len) {
166 /* Frame is fragmented: duration increases with time needed to
167 * transmit next fragment plus ACK and 2 x SIFS. */
168 dur *= 2; /* ACK + SIFS */
169 /* next fragment */
170 dur += ieee80211_frame_duration(local, next_frag_len,
171 txrate->bitrate, erp,
172 tx->sdata->vif.bss_conf.use_short_preamble);
173 }
174
175 return cpu_to_le16(dur);
176}
177
178static inline int is_ieee80211_device(struct ieee80211_local *local,
179 struct net_device *dev)
180{
181 return local == wdev_priv(dev->ieee80211_ptr);
182}
183
184/* tx handlers */
185static ieee80211_tx_result debug_noinline
186ieee80211_tx_h_dynamic_ps(struct ieee80211_tx_data *tx)
187{
188 struct ieee80211_local *local = tx->local;
189 struct ieee80211_if_managed *ifmgd;
190
191 /* driver doesn't support power save */
192 if (!(local->hw.flags & IEEE80211_HW_SUPPORTS_PS))
193 return TX_CONTINUE;
194
195 /* hardware does dynamic power save */
196 if (local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_PS)
197 return TX_CONTINUE;
198
199 /* dynamic power save disabled */
200 if (local->hw.conf.dynamic_ps_timeout <= 0)
201 return TX_CONTINUE;
202
203 /* we are scanning, don't enable power save */
204 if (local->scanning)
205 return TX_CONTINUE;
206
207 if (!local->ps_sdata)
208 return TX_CONTINUE;
209
210 /* No point if we're going to suspend */
211 if (local->quiescing)
212 return TX_CONTINUE;
213
214 /* dynamic ps is supported only in managed mode */
215 if (tx->sdata->vif.type != NL80211_IFTYPE_STATION)
216 return TX_CONTINUE;
217
218 ifmgd = &tx->sdata->u.mgd;
219
220 /*
221 * Don't wakeup from power save if u-apsd is enabled, voip ac has
222 * u-apsd enabled and the frame is in voip class. This effectively
223 * means that even if all access categories have u-apsd enabled, in
224 * practise u-apsd is only used with the voip ac. This is a
225 * workaround for the case when received voip class packets do not
226 * have correct qos tag for some reason, due the network or the
227 * peer application.
228 *
229 * Note: ifmgd->uapsd_queues access is racy here. If the value is
230 * changed via debugfs, user needs to reassociate manually to have
231 * everything in sync.
232 */
233 if ((ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED)
234 && (ifmgd->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO)
235 && skb_get_queue_mapping(tx->skb) == 0)
236 return TX_CONTINUE;
237
238 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
239 ieee80211_stop_queues_by_reason(&local->hw,
240 IEEE80211_QUEUE_STOP_REASON_PS);
241 ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED;
242 ieee80211_queue_work(&local->hw,
243 &local->dynamic_ps_disable_work);
244 }
245
246 /* Don't restart the timer if we're not disassociated */
247 if (!ifmgd->associated)
248 return TX_CONTINUE;
249
250 mod_timer(&local->dynamic_ps_timer, jiffies +
251 msecs_to_jiffies(local->hw.conf.dynamic_ps_timeout));
252
253 return TX_CONTINUE;
254}
255
256static ieee80211_tx_result debug_noinline
257ieee80211_tx_h_check_assoc(struct ieee80211_tx_data *tx)
258{
259
260 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
261 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
262 bool assoc = false;
263
264 if (unlikely(info->flags & IEEE80211_TX_CTL_INJECTED))
265 return TX_CONTINUE;
266
267 if (unlikely(test_bit(SCAN_SW_SCANNING, &tx->local->scanning)) &&
268 test_bit(SDATA_STATE_OFFCHANNEL, &tx->sdata->state) &&
269 !ieee80211_is_probe_req(hdr->frame_control) &&
270 !ieee80211_is_nullfunc(hdr->frame_control))
271 /*
272 * When software scanning only nullfunc frames (to notify
273 * the sleep state to the AP) and probe requests (for the
274 * active scan) are allowed, all other frames should not be
275 * sent and we should not get here, but if we do
276 * nonetheless, drop them to avoid sending them
277 * off-channel. See the link below and
278 * ieee80211_start_scan() for more.
279 *
280 * http://article.gmane.org/gmane.linux.kernel.wireless.general/30089
281 */
282 return TX_DROP;
283
284 if (tx->sdata->vif.type == NL80211_IFTYPE_WDS)
285 return TX_CONTINUE;
286
287 if (tx->sdata->vif.type == NL80211_IFTYPE_MESH_POINT)
288 return TX_CONTINUE;
289
290 if (tx->flags & IEEE80211_TX_PS_BUFFERED)
291 return TX_CONTINUE;
292
293 if (tx->sta)
294 assoc = test_sta_flag(tx->sta, WLAN_STA_ASSOC);
295
296 if (likely(tx->flags & IEEE80211_TX_UNICAST)) {
297 if (unlikely(!assoc &&
298 ieee80211_is_data(hdr->frame_control))) {
299#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
300 printk(KERN_DEBUG "%s: dropped data frame to not "
301 "associated station %pM\n",
302 tx->sdata->name, hdr->addr1);
303#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
304 I802_DEBUG_INC(tx->local->tx_handlers_drop_not_assoc);
305 return TX_DROP;
306 }
307 } else if (unlikely(tx->sdata->vif.type == NL80211_IFTYPE_AP &&
308 ieee80211_is_data(hdr->frame_control) &&
309 !atomic_read(&tx->sdata->u.ap.num_sta_authorized))) {
310 /*
311 * No associated STAs - no need to send multicast
312 * frames.
313 */
314 return TX_DROP;
315 }
316
317 return TX_CONTINUE;
318}
319
320/* This function is called whenever the AP is about to exceed the maximum limit
321 * of buffered frames for power saving STAs. This situation should not really
322 * happen often during normal operation, so dropping the oldest buffered packet
323 * from each queue should be OK to make some room for new frames. */
324static void purge_old_ps_buffers(struct ieee80211_local *local)
325{
326 int total = 0, purged = 0;
327 struct sk_buff *skb;
328 struct ieee80211_sub_if_data *sdata;
329 struct sta_info *sta;
330
331 /*
332 * virtual interfaces are protected by RCU
333 */
334 rcu_read_lock();
335
336 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
337 struct ieee80211_if_ap *ap;
338 if (sdata->vif.type != NL80211_IFTYPE_AP)
339 continue;
340 ap = &sdata->u.ap;
341 skb = skb_dequeue(&ap->ps_bc_buf);
342 if (skb) {
343 purged++;
344 dev_kfree_skb(skb);
345 }
346 total += skb_queue_len(&ap->ps_bc_buf);
347 }
348
349 /*
350 * Drop one frame from each station from the lowest-priority
351 * AC that has frames at all.
352 */
353 list_for_each_entry_rcu(sta, &local->sta_list, list) {
354 int ac;
355
356 for (ac = IEEE80211_AC_BK; ac >= IEEE80211_AC_VO; ac--) {
357 skb = skb_dequeue(&sta->ps_tx_buf[ac]);
358 total += skb_queue_len(&sta->ps_tx_buf[ac]);
359 if (skb) {
360 purged++;
361 dev_kfree_skb(skb);
362 break;
363 }
364 }
365 }
366
367 rcu_read_unlock();
368
369 local->total_ps_buffered = total;
370#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
371 wiphy_debug(local->hw.wiphy, "PS buffers full - purged %d frames\n",
372 purged);
373#endif
374}
375
376static ieee80211_tx_result
377ieee80211_tx_h_multicast_ps_buf(struct ieee80211_tx_data *tx)
378{
379 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
380 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
381
382 /*
383 * broadcast/multicast frame
384 *
385 * If any of the associated stations is in power save mode,
386 * the frame is buffered to be sent after DTIM beacon frame.
387 * This is done either by the hardware or us.
388 */
389
390 /* powersaving STAs only in AP/VLAN mode */
391 if (!tx->sdata->bss)
392 return TX_CONTINUE;
393
394 /* no buffering for ordered frames */
395 if (ieee80211_has_order(hdr->frame_control))
396 return TX_CONTINUE;
397
398 /* no stations in PS mode */
399 if (!atomic_read(&tx->sdata->bss->num_sta_ps))
400 return TX_CONTINUE;
401
402 info->flags |= IEEE80211_TX_CTL_SEND_AFTER_DTIM;
403
404 /* device releases frame after DTIM beacon */
405 if (!(tx->local->hw.flags & IEEE80211_HW_HOST_BROADCAST_PS_BUFFERING))
406 return TX_CONTINUE;
407
408 /* buffered in mac80211 */
409 if (tx->local->total_ps_buffered >= TOTAL_MAX_TX_BUFFER)
410 purge_old_ps_buffers(tx->local);
411
412 if (skb_queue_len(&tx->sdata->bss->ps_bc_buf) >= AP_MAX_BC_BUFFER) {
413#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
414 if (net_ratelimit())
415 printk(KERN_DEBUG "%s: BC TX buffer full - dropping the oldest frame\n",
416 tx->sdata->name);
417#endif
418 dev_kfree_skb(skb_dequeue(&tx->sdata->bss->ps_bc_buf));
419 } else
420 tx->local->total_ps_buffered++;
421
422 skb_queue_tail(&tx->sdata->bss->ps_bc_buf, tx->skb);
423
424 return TX_QUEUED;
425}
426
427static int ieee80211_use_mfp(__le16 fc, struct sta_info *sta,
428 struct sk_buff *skb)
429{
430 if (!ieee80211_is_mgmt(fc))
431 return 0;
432
433 if (sta == NULL || !test_sta_flag(sta, WLAN_STA_MFP))
434 return 0;
435
436 if (!ieee80211_is_robust_mgmt_frame((struct ieee80211_hdr *)
437 skb->data))
438 return 0;
439
440 return 1;
441}
442
443static ieee80211_tx_result
444ieee80211_tx_h_unicast_ps_buf(struct ieee80211_tx_data *tx)
445{
446 struct sta_info *sta = tx->sta;
447 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
448 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
449 struct ieee80211_local *local = tx->local;
450
451 if (unlikely(!sta))
452 return TX_CONTINUE;
453
454 if (unlikely((test_sta_flag(sta, WLAN_STA_PS_STA) ||
455 test_sta_flag(sta, WLAN_STA_PS_DRIVER)) &&
456 !(info->flags & IEEE80211_TX_CTL_NO_PS_BUFFER))) {
457 int ac = skb_get_queue_mapping(tx->skb);
458
459 /* only deauth, disassoc and action are bufferable MMPDUs */
460 if (ieee80211_is_mgmt(hdr->frame_control) &&
461 !ieee80211_is_deauth(hdr->frame_control) &&
462 !ieee80211_is_disassoc(hdr->frame_control) &&
463 !ieee80211_is_action(hdr->frame_control)) {
464 info->flags |= IEEE80211_TX_CTL_NO_PS_BUFFER;
465 return TX_CONTINUE;
466 }
467
468#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
469 printk(KERN_DEBUG "STA %pM aid %d: PS buffer for AC %d\n",
470 sta->sta.addr, sta->sta.aid, ac);
471#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
472 if (tx->local->total_ps_buffered >= TOTAL_MAX_TX_BUFFER)
473 purge_old_ps_buffers(tx->local);
474
475 /* sync with ieee80211_sta_ps_deliver_wakeup */
476 spin_lock(&sta->ps_lock);
477 /*
478 * STA woke up the meantime and all the frames on ps_tx_buf have
479 * been queued to pending queue. No reordering can happen, go
480 * ahead and Tx the packet.
481 */
482 if (!test_sta_flag(sta, WLAN_STA_PS_STA) &&
483 !test_sta_flag(sta, WLAN_STA_PS_DRIVER)) {
484 spin_unlock(&sta->ps_lock);
485 return TX_CONTINUE;
486 }
487
488 if (skb_queue_len(&sta->ps_tx_buf[ac]) >= STA_MAX_TX_BUFFER) {
489 struct sk_buff *old = skb_dequeue(&sta->ps_tx_buf[ac]);
490#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
491 if (net_ratelimit())
492 printk(KERN_DEBUG "%s: STA %pM TX buffer for "
493 "AC %d full - dropping oldest frame\n",
494 tx->sdata->name, sta->sta.addr, ac);
495#endif
496 dev_kfree_skb(old);
497 } else
498 tx->local->total_ps_buffered++;
499
500 info->control.jiffies = jiffies;
501 info->control.vif = &tx->sdata->vif;
502 info->flags |= IEEE80211_TX_INTFL_NEED_TXPROCESSING;
503 skb_queue_tail(&sta->ps_tx_buf[ac], tx->skb);
504 spin_unlock(&sta->ps_lock);
505
506 if (!timer_pending(&local->sta_cleanup))
507 mod_timer(&local->sta_cleanup,
508 round_jiffies(jiffies +
509 STA_INFO_CLEANUP_INTERVAL));
510
511 /*
512 * We queued up some frames, so the TIM bit might
513 * need to be set, recalculate it.
514 */
515 sta_info_recalc_tim(sta);
516
517 return TX_QUEUED;
518 }
519#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
520 else if (unlikely(test_sta_flag(sta, WLAN_STA_PS_STA))) {
521 printk(KERN_DEBUG
522 "%s: STA %pM in PS mode, but polling/in SP -> send frame\n",
523 tx->sdata->name, sta->sta.addr);
524 }
525#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
526
527 return TX_CONTINUE;
528}
529
530static ieee80211_tx_result debug_noinline
531ieee80211_tx_h_ps_buf(struct ieee80211_tx_data *tx)
532{
533 if (unlikely(tx->flags & IEEE80211_TX_PS_BUFFERED))
534 return TX_CONTINUE;
535
536 if (tx->flags & IEEE80211_TX_UNICAST)
537 return ieee80211_tx_h_unicast_ps_buf(tx);
538 else
539 return ieee80211_tx_h_multicast_ps_buf(tx);
540}
541
542static ieee80211_tx_result debug_noinline
543ieee80211_tx_h_check_control_port_protocol(struct ieee80211_tx_data *tx)
544{
545 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
546
547 if (unlikely(tx->sdata->control_port_protocol == tx->skb->protocol)) {
548 if (tx->sdata->control_port_no_encrypt)
549 info->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
550 info->flags |= IEEE80211_TX_CTL_USE_MINRATE;
551 }
552
553 return TX_CONTINUE;
554}
555
556static ieee80211_tx_result debug_noinline
557ieee80211_tx_h_select_key(struct ieee80211_tx_data *tx)
558{
559 struct ieee80211_key *key = NULL;
560 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
561 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
562
563 if (unlikely(info->flags & IEEE80211_TX_INTFL_DONT_ENCRYPT))
564 tx->key = NULL;
565 else if (tx->sta && (key = rcu_dereference(tx->sta->ptk)))
566 tx->key = key;
567 else if (ieee80211_is_mgmt(hdr->frame_control) &&
568 is_multicast_ether_addr(hdr->addr1) &&
569 ieee80211_is_robust_mgmt_frame(hdr) &&
570 (key = rcu_dereference(tx->sdata->default_mgmt_key)))
571 tx->key = key;
572 else if (is_multicast_ether_addr(hdr->addr1) &&
573 (key = rcu_dereference(tx->sdata->default_multicast_key)))
574 tx->key = key;
575 else if (!is_multicast_ether_addr(hdr->addr1) &&
576 (key = rcu_dereference(tx->sdata->default_unicast_key)))
577 tx->key = key;
578 else if (tx->sdata->drop_unencrypted &&
579 (tx->skb->protocol != tx->sdata->control_port_protocol) &&
580 !(info->flags & IEEE80211_TX_CTL_INJECTED) &&
581 (!ieee80211_is_robust_mgmt_frame(hdr) ||
582 (ieee80211_is_action(hdr->frame_control) &&
583 tx->sta && test_sta_flag(tx->sta, WLAN_STA_MFP)))) {
584 I802_DEBUG_INC(tx->local->tx_handlers_drop_unencrypted);
585 return TX_DROP;
586 } else
587 tx->key = NULL;
588
589 if (tx->key) {
590 bool skip_hw = false;
591
592 tx->key->tx_rx_count++;
593 /* TODO: add threshold stuff again */
594
595 switch (tx->key->conf.cipher) {
596 case WLAN_CIPHER_SUITE_WEP40:
597 case WLAN_CIPHER_SUITE_WEP104:
598 case WLAN_CIPHER_SUITE_TKIP:
599 if (!ieee80211_is_data_present(hdr->frame_control))
600 tx->key = NULL;
601 break;
602 case WLAN_CIPHER_SUITE_CCMP:
603 if (!ieee80211_is_data_present(hdr->frame_control) &&
604 !ieee80211_use_mfp(hdr->frame_control, tx->sta,
605 tx->skb))
606 tx->key = NULL;
607 else
608 skip_hw = (tx->key->conf.flags &
609 IEEE80211_KEY_FLAG_SW_MGMT) &&
610 ieee80211_is_mgmt(hdr->frame_control);
611 break;
612 case WLAN_CIPHER_SUITE_AES_CMAC:
613 if (!ieee80211_is_mgmt(hdr->frame_control))
614 tx->key = NULL;
615 break;
616 }
617
618 if (unlikely(tx->key && tx->key->flags & KEY_FLAG_TAINTED))
619 return TX_DROP;
620
621 if (!skip_hw && tx->key &&
622 tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE)
623 info->control.hw_key = &tx->key->conf;
624 }
625
626 return TX_CONTINUE;
627}
628
629static ieee80211_tx_result debug_noinline
630ieee80211_tx_h_rate_ctrl(struct ieee80211_tx_data *tx)
631{
632 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
633 struct ieee80211_hdr *hdr = (void *)tx->skb->data;
634 struct ieee80211_supported_band *sband;
635 struct ieee80211_rate *rate;
636 int i;
637 u32 len;
638 bool inval = false, rts = false, short_preamble = false;
639 struct ieee80211_tx_rate_control txrc;
640 bool assoc = false;
641
642 memset(&txrc, 0, sizeof(txrc));
643
644 sband = tx->local->hw.wiphy->bands[tx->channel->band];
645
646 len = min_t(u32, tx->skb->len + FCS_LEN,
647 tx->local->hw.wiphy->frag_threshold);
648
649 /* set up the tx rate control struct we give the RC algo */
650 txrc.hw = &tx->local->hw;
651 txrc.sband = sband;
652 txrc.bss_conf = &tx->sdata->vif.bss_conf;
653 txrc.skb = tx->skb;
654 txrc.reported_rate.idx = -1;
655 txrc.rate_idx_mask = tx->sdata->rc_rateidx_mask[tx->channel->band];
656 if (txrc.rate_idx_mask == (1 << sband->n_bitrates) - 1)
657 txrc.max_rate_idx = -1;
658 else
659 txrc.max_rate_idx = fls(txrc.rate_idx_mask) - 1;
660 memcpy(txrc.rate_idx_mcs_mask,
661 tx->sdata->rc_rateidx_mcs_mask[tx->channel->band],
662 sizeof(txrc.rate_idx_mcs_mask));
663 txrc.bss = (tx->sdata->vif.type == NL80211_IFTYPE_AP ||
664 tx->sdata->vif.type == NL80211_IFTYPE_MESH_POINT ||
665 tx->sdata->vif.type == NL80211_IFTYPE_ADHOC);
666
667 /* set up RTS protection if desired */
668 if (len > tx->local->hw.wiphy->rts_threshold) {
669 txrc.rts = rts = true;
670 }
671
672 /*
673 * Use short preamble if the BSS can handle it, but not for
674 * management frames unless we know the receiver can handle
675 * that -- the management frame might be to a station that
676 * just wants a probe response.
677 */
678 if (tx->sdata->vif.bss_conf.use_short_preamble &&
679 (ieee80211_is_data(hdr->frame_control) ||
680 (tx->sta && test_sta_flag(tx->sta, WLAN_STA_SHORT_PREAMBLE))))
681 txrc.short_preamble = short_preamble = true;
682
683 if (tx->sta)
684 assoc = test_sta_flag(tx->sta, WLAN_STA_ASSOC);
685
686 /*
687 * Lets not bother rate control if we're associated and cannot
688 * talk to the sta. This should not happen.
689 */
690 if (WARN(test_bit(SCAN_SW_SCANNING, &tx->local->scanning) && assoc &&
691 !rate_usable_index_exists(sband, &tx->sta->sta),
692 "%s: Dropped data frame as no usable bitrate found while "
693 "scanning and associated. Target station: "
694 "%pM on %d GHz band\n",
695 tx->sdata->name, hdr->addr1,
696 tx->channel->band ? 5 : 2))
697 return TX_DROP;
698
699 /*
700 * If we're associated with the sta at this point we know we can at
701 * least send the frame at the lowest bit rate.
702 */
703 rate_control_get_rate(tx->sdata, tx->sta, &txrc);
704
705 if (unlikely(info->control.rates[0].idx < 0))
706 return TX_DROP;
707
708 if (txrc.reported_rate.idx < 0) {
709 txrc.reported_rate = info->control.rates[0];
710 if (tx->sta && ieee80211_is_data(hdr->frame_control))
711 tx->sta->last_tx_rate = txrc.reported_rate;
712 } else if (tx->sta)
713 tx->sta->last_tx_rate = txrc.reported_rate;
714
715 if (unlikely(!info->control.rates[0].count))
716 info->control.rates[0].count = 1;
717
718 if (WARN_ON_ONCE((info->control.rates[0].count > 1) &&
719 (info->flags & IEEE80211_TX_CTL_NO_ACK)))
720 info->control.rates[0].count = 1;
721
722 if (is_multicast_ether_addr(hdr->addr1)) {
723 /*
724 * XXX: verify the rate is in the basic rateset
725 */
726 return TX_CONTINUE;
727 }
728
729 /*
730 * set up the RTS/CTS rate as the fastest basic rate
731 * that is not faster than the data rate
732 *
733 * XXX: Should this check all retry rates?
734 */
735 if (!(info->control.rates[0].flags & IEEE80211_TX_RC_MCS)) {
736 s8 baserate = 0;
737
738 rate = &sband->bitrates[info->control.rates[0].idx];
739
740 for (i = 0; i < sband->n_bitrates; i++) {
741 /* must be a basic rate */
742 if (!(tx->sdata->vif.bss_conf.basic_rates & BIT(i)))
743 continue;
744 /* must not be faster than the data rate */
745 if (sband->bitrates[i].bitrate > rate->bitrate)
746 continue;
747 /* maximum */
748 if (sband->bitrates[baserate].bitrate <
749 sband->bitrates[i].bitrate)
750 baserate = i;
751 }
752
753 info->control.rts_cts_rate_idx = baserate;
754 }
755
756 for (i = 0; i < IEEE80211_TX_MAX_RATES; i++) {
757 /*
758 * make sure there's no valid rate following
759 * an invalid one, just in case drivers don't
760 * take the API seriously to stop at -1.
761 */
762 if (inval) {
763 info->control.rates[i].idx = -1;
764 continue;
765 }
766 if (info->control.rates[i].idx < 0) {
767 inval = true;
768 continue;
769 }
770
771 /*
772 * For now assume MCS is already set up correctly, this
773 * needs to be fixed.
774 */
775 if (info->control.rates[i].flags & IEEE80211_TX_RC_MCS) {
776 WARN_ON(info->control.rates[i].idx > 76);
777 continue;
778 }
779
780 /* set up RTS protection if desired */
781 if (rts)
782 info->control.rates[i].flags |=
783 IEEE80211_TX_RC_USE_RTS_CTS;
784
785 /* RC is busted */
786 if (WARN_ON_ONCE(info->control.rates[i].idx >=
787 sband->n_bitrates)) {
788 info->control.rates[i].idx = -1;
789 continue;
790 }
791
792 rate = &sband->bitrates[info->control.rates[i].idx];
793
794 /* set up short preamble */
795 if (short_preamble &&
796 rate->flags & IEEE80211_RATE_SHORT_PREAMBLE)
797 info->control.rates[i].flags |=
798 IEEE80211_TX_RC_USE_SHORT_PREAMBLE;
799
800 /* set up G protection */
801 if (!rts && tx->sdata->vif.bss_conf.use_cts_prot &&
802 rate->flags & IEEE80211_RATE_ERP_G)
803 info->control.rates[i].flags |=
804 IEEE80211_TX_RC_USE_CTS_PROTECT;
805 }
806
807 return TX_CONTINUE;
808}
809
810static ieee80211_tx_result debug_noinline
811ieee80211_tx_h_sequence(struct ieee80211_tx_data *tx)
812{
813 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
814 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
815 u16 *seq;
816 u8 *qc;
817 int tid;
818
819 /*
820 * Packet injection may want to control the sequence
821 * number, if we have no matching interface then we
822 * neither assign one ourselves nor ask the driver to.
823 */
824 if (unlikely(info->control.vif->type == NL80211_IFTYPE_MONITOR))
825 return TX_CONTINUE;
826
827 if (unlikely(ieee80211_is_ctl(hdr->frame_control)))
828 return TX_CONTINUE;
829
830 if (ieee80211_hdrlen(hdr->frame_control) < 24)
831 return TX_CONTINUE;
832
833 if (ieee80211_is_qos_nullfunc(hdr->frame_control))
834 return TX_CONTINUE;
835
836 /*
837 * Anything but QoS data that has a sequence number field
838 * (is long enough) gets a sequence number from the global
839 * counter.
840 */
841 if (!ieee80211_is_data_qos(hdr->frame_control)) {
842 /* driver should assign sequence number */
843 info->flags |= IEEE80211_TX_CTL_ASSIGN_SEQ;
844 /* for pure STA mode without beacons, we can do it */
845 hdr->seq_ctrl = cpu_to_le16(tx->sdata->sequence_number);
846 tx->sdata->sequence_number += 0x10;
847 return TX_CONTINUE;
848 }
849
850 /*
851 * This should be true for injected/management frames only, for
852 * management frames we have set the IEEE80211_TX_CTL_ASSIGN_SEQ
853 * above since they are not QoS-data frames.
854 */
855 if (!tx->sta)
856 return TX_CONTINUE;
857
858 /* include per-STA, per-TID sequence counter */
859
860 qc = ieee80211_get_qos_ctl(hdr);
861 tid = *qc & IEEE80211_QOS_CTL_TID_MASK;
862 seq = &tx->sta->tid_seq[tid];
863
864 hdr->seq_ctrl = cpu_to_le16(*seq);
865
866 /* Increase the sequence number. */
867 *seq = (*seq + 0x10) & IEEE80211_SCTL_SEQ;
868
869 return TX_CONTINUE;
870}
871
872static int ieee80211_fragment(struct ieee80211_tx_data *tx,
873 struct sk_buff *skb, int hdrlen,
874 int frag_threshold)
875{
876 struct ieee80211_local *local = tx->local;
877 struct ieee80211_tx_info *info;
878 struct sk_buff *tmp;
879 int per_fragm = frag_threshold - hdrlen - FCS_LEN;
880 int pos = hdrlen + per_fragm;
881 int rem = skb->len - hdrlen - per_fragm;
882
883 if (WARN_ON(rem < 0))
884 return -EINVAL;
885
886 /* first fragment was already added to queue by caller */
887
888 while (rem) {
889 int fraglen = per_fragm;
890
891 if (fraglen > rem)
892 fraglen = rem;
893 rem -= fraglen;
894 tmp = dev_alloc_skb(local->tx_headroom +
895 frag_threshold +
896 IEEE80211_ENCRYPT_HEADROOM +
897 IEEE80211_ENCRYPT_TAILROOM);
898 if (!tmp)
899 return -ENOMEM;
900
901 __skb_queue_tail(&tx->skbs, tmp);
902
903 skb_reserve(tmp, local->tx_headroom +
904 IEEE80211_ENCRYPT_HEADROOM);
905 /* copy control information */
906 memcpy(tmp->cb, skb->cb, sizeof(tmp->cb));
907
908 info = IEEE80211_SKB_CB(tmp);
909 info->flags &= ~(IEEE80211_TX_CTL_CLEAR_PS_FILT |
910 IEEE80211_TX_CTL_FIRST_FRAGMENT);
911
912 if (rem)
913 info->flags |= IEEE80211_TX_CTL_MORE_FRAMES;
914
915 skb_copy_queue_mapping(tmp, skb);
916 tmp->priority = skb->priority;
917 tmp->dev = skb->dev;
918
919 /* copy header and data */
920 memcpy(skb_put(tmp, hdrlen), skb->data, hdrlen);
921 memcpy(skb_put(tmp, fraglen), skb->data + pos, fraglen);
922
923 pos += fraglen;
924 }
925
926 /* adjust first fragment's length */
927 skb_trim(skb, hdrlen + per_fragm);
928 return 0;
929}
930
931static ieee80211_tx_result debug_noinline
932ieee80211_tx_h_fragment(struct ieee80211_tx_data *tx)
933{
934 struct sk_buff *skb = tx->skb;
935 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
936 struct ieee80211_hdr *hdr = (void *)skb->data;
937 int frag_threshold = tx->local->hw.wiphy->frag_threshold;
938 int hdrlen;
939 int fragnum;
940
941 /* no matter what happens, tx->skb moves to tx->skbs */
942 __skb_queue_tail(&tx->skbs, skb);
943 tx->skb = NULL;
944
945 if (info->flags & IEEE80211_TX_CTL_DONTFRAG)
946 return TX_CONTINUE;
947
948 if (tx->local->ops->set_frag_threshold)
949 return TX_CONTINUE;
950
951 /*
952 * Warn when submitting a fragmented A-MPDU frame and drop it.
953 * This scenario is handled in ieee80211_tx_prepare but extra
954 * caution taken here as fragmented ampdu may cause Tx stop.
955 */
956 if (WARN_ON(info->flags & IEEE80211_TX_CTL_AMPDU))
957 return TX_DROP;
958
959 hdrlen = ieee80211_hdrlen(hdr->frame_control);
960
961 /* internal error, why isn't DONTFRAG set? */
962 if (WARN_ON(skb->len + FCS_LEN <= frag_threshold))
963 return TX_DROP;
964
965 /*
966 * Now fragment the frame. This will allocate all the fragments and
967 * chain them (using skb as the first fragment) to skb->next.
968 * During transmission, we will remove the successfully transmitted
969 * fragments from this list. When the low-level driver rejects one
970 * of the fragments then we will simply pretend to accept the skb
971 * but store it away as pending.
972 */
973 if (ieee80211_fragment(tx, skb, hdrlen, frag_threshold))
974 return TX_DROP;
975
976 /* update duration/seq/flags of fragments */
977 fragnum = 0;
978
979 skb_queue_walk(&tx->skbs, skb) {
980 int next_len;
981 const __le16 morefrags = cpu_to_le16(IEEE80211_FCTL_MOREFRAGS);
982
983 hdr = (void *)skb->data;
984 info = IEEE80211_SKB_CB(skb);
985
986 if (!skb_queue_is_last(&tx->skbs, skb)) {
987 hdr->frame_control |= morefrags;
988 /*
989 * No multi-rate retries for fragmented frames, that
990 * would completely throw off the NAV at other STAs.
991 */
992 info->control.rates[1].idx = -1;
993 info->control.rates[2].idx = -1;
994 info->control.rates[3].idx = -1;
995 info->control.rates[4].idx = -1;
996 BUILD_BUG_ON(IEEE80211_TX_MAX_RATES != 5);
997 info->flags &= ~IEEE80211_TX_CTL_RATE_CTRL_PROBE;
998 } else {
999 hdr->frame_control &= ~morefrags;
1000 next_len = 0;
1001 }
1002 hdr->seq_ctrl |= cpu_to_le16(fragnum & IEEE80211_SCTL_FRAG);
1003 fragnum++;
1004 }
1005
1006 return TX_CONTINUE;
1007}
1008
1009static ieee80211_tx_result debug_noinline
1010ieee80211_tx_h_stats(struct ieee80211_tx_data *tx)
1011{
1012 struct sk_buff *skb;
1013
1014 if (!tx->sta)
1015 return TX_CONTINUE;
1016
1017 tx->sta->tx_packets++;
1018 skb_queue_walk(&tx->skbs, skb) {
1019 tx->sta->tx_fragments++;
1020 tx->sta->tx_bytes += skb->len;
1021 }
1022
1023 return TX_CONTINUE;
1024}
1025
1026static ieee80211_tx_result debug_noinline
1027ieee80211_tx_h_encrypt(struct ieee80211_tx_data *tx)
1028{
1029 if (!tx->key)
1030 return TX_CONTINUE;
1031
1032 switch (tx->key->conf.cipher) {
1033 case WLAN_CIPHER_SUITE_WEP40:
1034 case WLAN_CIPHER_SUITE_WEP104:
1035 return ieee80211_crypto_wep_encrypt(tx);
1036 case WLAN_CIPHER_SUITE_TKIP:
1037 return ieee80211_crypto_tkip_encrypt(tx);
1038 case WLAN_CIPHER_SUITE_CCMP:
1039 return ieee80211_crypto_ccmp_encrypt(tx);
1040 case WLAN_CIPHER_SUITE_AES_CMAC:
1041 return ieee80211_crypto_aes_cmac_encrypt(tx);
1042 default:
1043 return ieee80211_crypto_hw_encrypt(tx);
1044 }
1045
1046 return TX_DROP;
1047}
1048
1049static ieee80211_tx_result debug_noinline
1050ieee80211_tx_h_calculate_duration(struct ieee80211_tx_data *tx)
1051{
1052 struct sk_buff *skb;
1053 struct ieee80211_hdr *hdr;
1054 int next_len;
1055 bool group_addr;
1056
1057 skb_queue_walk(&tx->skbs, skb) {
1058 hdr = (void *) skb->data;
1059 if (unlikely(ieee80211_is_pspoll(hdr->frame_control)))
1060 break; /* must not overwrite AID */
1061 if (!skb_queue_is_last(&tx->skbs, skb)) {
1062 struct sk_buff *next = skb_queue_next(&tx->skbs, skb);
1063 next_len = next->len;
1064 } else
1065 next_len = 0;
1066 group_addr = is_multicast_ether_addr(hdr->addr1);
1067
1068 hdr->duration_id =
1069 ieee80211_duration(tx, skb, group_addr, next_len);
1070 }
1071
1072 return TX_CONTINUE;
1073}
1074
1075/* actual transmit path */
1076
1077static bool ieee80211_tx_prep_agg(struct ieee80211_tx_data *tx,
1078 struct sk_buff *skb,
1079 struct ieee80211_tx_info *info,
1080 struct tid_ampdu_tx *tid_tx,
1081 int tid)
1082{
1083 bool queued = false;
1084 bool reset_agg_timer = false;
1085 struct sk_buff *purge_skb = NULL;
1086
1087 if (test_bit(HT_AGG_STATE_OPERATIONAL, &tid_tx->state)) {
1088 info->flags |= IEEE80211_TX_CTL_AMPDU;
1089 reset_agg_timer = true;
1090 } else if (test_bit(HT_AGG_STATE_WANT_START, &tid_tx->state)) {
1091 /*
1092 * nothing -- this aggregation session is being started
1093 * but that might still fail with the driver
1094 */
1095 } else {
1096 spin_lock(&tx->sta->lock);
1097 /*
1098 * Need to re-check now, because we may get here
1099 *
1100 * 1) in the window during which the setup is actually
1101 * already done, but not marked yet because not all
1102 * packets are spliced over to the driver pending
1103 * queue yet -- if this happened we acquire the lock
1104 * either before or after the splice happens, but
1105 * need to recheck which of these cases happened.
1106 *
1107 * 2) during session teardown, if the OPERATIONAL bit
1108 * was cleared due to the teardown but the pointer
1109 * hasn't been assigned NULL yet (or we loaded it
1110 * before it was assigned) -- in this case it may
1111 * now be NULL which means we should just let the
1112 * packet pass through because splicing the frames
1113 * back is already done.
1114 */
1115 tid_tx = rcu_dereference_protected_tid_tx(tx->sta, tid);
1116
1117 if (!tid_tx) {
1118 /* do nothing, let packet pass through */
1119 } else if (test_bit(HT_AGG_STATE_OPERATIONAL, &tid_tx->state)) {
1120 info->flags |= IEEE80211_TX_CTL_AMPDU;
1121 reset_agg_timer = true;
1122 } else {
1123 queued = true;
1124 info->control.vif = &tx->sdata->vif;
1125 info->flags |= IEEE80211_TX_INTFL_NEED_TXPROCESSING;
1126 __skb_queue_tail(&tid_tx->pending, skb);
1127 if (skb_queue_len(&tid_tx->pending) > STA_MAX_TX_BUFFER)
1128 purge_skb = __skb_dequeue(&tid_tx->pending);
1129 }
1130 spin_unlock(&tx->sta->lock);
1131
1132 if (purge_skb)
1133 dev_kfree_skb(purge_skb);
1134 }
1135
1136 /* reset session timer */
1137 if (reset_agg_timer && tid_tx->timeout)
1138 mod_timer(&tid_tx->session_timer,
1139 TU_TO_EXP_TIME(tid_tx->timeout));
1140
1141 return queued;
1142}
1143
1144/*
1145 * initialises @tx
1146 */
1147static ieee80211_tx_result
1148ieee80211_tx_prepare(struct ieee80211_sub_if_data *sdata,
1149 struct ieee80211_tx_data *tx,
1150 struct sk_buff *skb)
1151{
1152 struct ieee80211_local *local = sdata->local;
1153 struct ieee80211_hdr *hdr;
1154 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1155 int tid;
1156 u8 *qc;
1157
1158 memset(tx, 0, sizeof(*tx));
1159 tx->skb = skb;
1160 tx->local = local;
1161 tx->sdata = sdata;
1162 tx->channel = local->hw.conf.channel;
1163 __skb_queue_head_init(&tx->skbs);
1164
1165 /*
1166 * If this flag is set to true anywhere, and we get here,
1167 * we are doing the needed processing, so remove the flag
1168 * now.
1169 */
1170 info->flags &= ~IEEE80211_TX_INTFL_NEED_TXPROCESSING;
1171
1172 hdr = (struct ieee80211_hdr *) skb->data;
1173
1174 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
1175 tx->sta = rcu_dereference(sdata->u.vlan.sta);
1176 if (!tx->sta && sdata->dev->ieee80211_ptr->use_4addr)
1177 return TX_DROP;
1178 } else if (info->flags & IEEE80211_TX_CTL_INJECTED ||
1179 tx->sdata->control_port_protocol == tx->skb->protocol) {
1180 tx->sta = sta_info_get_bss(sdata, hdr->addr1);
1181 }
1182 if (!tx->sta)
1183 tx->sta = sta_info_get(sdata, hdr->addr1);
1184
1185 if (tx->sta && ieee80211_is_data_qos(hdr->frame_control) &&
1186 !ieee80211_is_qos_nullfunc(hdr->frame_control) &&
1187 (local->hw.flags & IEEE80211_HW_AMPDU_AGGREGATION) &&
1188 !(local->hw.flags & IEEE80211_HW_TX_AMPDU_SETUP_IN_HW)) {
1189 struct tid_ampdu_tx *tid_tx;
1190
1191 qc = ieee80211_get_qos_ctl(hdr);
1192 tid = *qc & IEEE80211_QOS_CTL_TID_MASK;
1193
1194 tid_tx = rcu_dereference(tx->sta->ampdu_mlme.tid_tx[tid]);
1195 if (tid_tx) {
1196 bool queued;
1197
1198 queued = ieee80211_tx_prep_agg(tx, skb, info,
1199 tid_tx, tid);
1200
1201 if (unlikely(queued))
1202 return TX_QUEUED;
1203 }
1204 }
1205
1206 if (is_multicast_ether_addr(hdr->addr1)) {
1207 tx->flags &= ~IEEE80211_TX_UNICAST;
1208 info->flags |= IEEE80211_TX_CTL_NO_ACK;
1209 } else
1210 tx->flags |= IEEE80211_TX_UNICAST;
1211
1212 if (!(info->flags & IEEE80211_TX_CTL_DONTFRAG)) {
1213 if (!(tx->flags & IEEE80211_TX_UNICAST) ||
1214 skb->len + FCS_LEN <= local->hw.wiphy->frag_threshold ||
1215 info->flags & IEEE80211_TX_CTL_AMPDU)
1216 info->flags |= IEEE80211_TX_CTL_DONTFRAG;
1217 }
1218
1219 if (!tx->sta)
1220 info->flags |= IEEE80211_TX_CTL_CLEAR_PS_FILT;
1221 else if (test_and_clear_sta_flag(tx->sta, WLAN_STA_CLEAR_PS_FILT))
1222 info->flags |= IEEE80211_TX_CTL_CLEAR_PS_FILT;
1223
1224 info->flags |= IEEE80211_TX_CTL_FIRST_FRAGMENT;
1225
1226 return TX_CONTINUE;
1227}
1228
1229static bool ieee80211_tx_frags(struct ieee80211_local *local,
1230 struct ieee80211_vif *vif,
1231 struct ieee80211_sta *sta,
1232 struct sk_buff_head *skbs,
1233 bool txpending)
1234{
1235 struct sk_buff *skb, *tmp;
1236 struct ieee80211_tx_info *info;
1237 unsigned long flags;
1238
1239 skb_queue_walk_safe(skbs, skb, tmp) {
1240 int q = skb_get_queue_mapping(skb);
1241
1242 spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
1243 if (local->queue_stop_reasons[q] ||
1244 (!txpending && !skb_queue_empty(&local->pending[q]))) {
1245 /*
1246 * Since queue is stopped, queue up frames for later
1247 * transmission from the tx-pending tasklet when the
1248 * queue is woken again.
1249 */
1250 if (txpending)
1251 skb_queue_splice_init(skbs, &local->pending[q]);
1252 else
1253 skb_queue_splice_tail_init(skbs,
1254 &local->pending[q]);
1255
1256 spin_unlock_irqrestore(&local->queue_stop_reason_lock,
1257 flags);
1258 return false;
1259 }
1260 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
1261
1262 info = IEEE80211_SKB_CB(skb);
1263 info->control.vif = vif;
1264 info->control.sta = sta;
1265
1266 __skb_unlink(skb, skbs);
1267 drv_tx(local, skb);
1268 }
1269
1270 return true;
1271}
1272
1273/*
1274 * Returns false if the frame couldn't be transmitted but was queued instead.
1275 */
1276static bool __ieee80211_tx(struct ieee80211_local *local,
1277 struct sk_buff_head *skbs, int led_len,
1278 struct sta_info *sta, bool txpending)
1279{
1280 struct ieee80211_tx_info *info;
1281 struct ieee80211_sub_if_data *sdata;
1282 struct ieee80211_vif *vif;
1283 struct ieee80211_sta *pubsta;
1284 struct sk_buff *skb;
1285 bool result = true;
1286 __le16 fc;
1287
1288 if (WARN_ON(skb_queue_empty(skbs)))
1289 return true;
1290
1291 skb = skb_peek(skbs);
1292 fc = ((struct ieee80211_hdr *)skb->data)->frame_control;
1293 info = IEEE80211_SKB_CB(skb);
1294 sdata = vif_to_sdata(info->control.vif);
1295 if (sta && !sta->uploaded)
1296 sta = NULL;
1297
1298 if (sta)
1299 pubsta = &sta->sta;
1300 else
1301 pubsta = NULL;
1302
1303 switch (sdata->vif.type) {
1304 case NL80211_IFTYPE_MONITOR:
1305 sdata = NULL;
1306 vif = NULL;
1307 break;
1308 case NL80211_IFTYPE_AP_VLAN:
1309 sdata = container_of(sdata->bss,
1310 struct ieee80211_sub_if_data, u.ap);
1311 /* fall through */
1312 default:
1313 vif = &sdata->vif;
1314 break;
1315 }
1316
1317 if (local->ops->tx_frags)
1318 drv_tx_frags(local, vif, pubsta, skbs);
1319 else
1320 result = ieee80211_tx_frags(local, vif, pubsta, skbs,
1321 txpending);
1322
1323 ieee80211_tpt_led_trig_tx(local, fc, led_len);
1324 ieee80211_led_tx(local, 1);
1325
1326 WARN_ON_ONCE(!skb_queue_empty(skbs));
1327
1328 return result;
1329}
1330
1331/*
1332 * Invoke TX handlers, return 0 on success and non-zero if the
1333 * frame was dropped or queued.
1334 */
1335static int invoke_tx_handlers(struct ieee80211_tx_data *tx)
1336{
1337 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
1338 ieee80211_tx_result res = TX_DROP;
1339
1340#define CALL_TXH(txh) \
1341 do { \
1342 res = txh(tx); \
1343 if (res != TX_CONTINUE) \
1344 goto txh_done; \
1345 } while (0)
1346
1347 CALL_TXH(ieee80211_tx_h_dynamic_ps);
1348 CALL_TXH(ieee80211_tx_h_check_assoc);
1349 CALL_TXH(ieee80211_tx_h_ps_buf);
1350 CALL_TXH(ieee80211_tx_h_check_control_port_protocol);
1351 CALL_TXH(ieee80211_tx_h_select_key);
1352 if (!(tx->local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL))
1353 CALL_TXH(ieee80211_tx_h_rate_ctrl);
1354
1355 if (unlikely(info->flags & IEEE80211_TX_INTFL_RETRANSMISSION)) {
1356 __skb_queue_tail(&tx->skbs, tx->skb);
1357 tx->skb = NULL;
1358 goto txh_done;
1359 }
1360
1361 CALL_TXH(ieee80211_tx_h_michael_mic_add);
1362 CALL_TXH(ieee80211_tx_h_sequence);
1363 CALL_TXH(ieee80211_tx_h_fragment);
1364 /* handlers after fragment must be aware of tx info fragmentation! */
1365 CALL_TXH(ieee80211_tx_h_stats);
1366 CALL_TXH(ieee80211_tx_h_encrypt);
1367 if (!(tx->local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL))
1368 CALL_TXH(ieee80211_tx_h_calculate_duration);
1369#undef CALL_TXH
1370
1371 txh_done:
1372 if (unlikely(res == TX_DROP)) {
1373 I802_DEBUG_INC(tx->local->tx_handlers_drop);
1374 if (tx->skb)
1375 dev_kfree_skb(tx->skb);
1376 else
1377 ieee80211_purge_tx_queue(&tx->local->hw, &tx->skbs);
1378 return -1;
1379 } else if (unlikely(res == TX_QUEUED)) {
1380 I802_DEBUG_INC(tx->local->tx_handlers_queued);
1381 return -1;
1382 }
1383
1384 return 0;
1385}
1386
1387/*
1388 * Returns false if the frame couldn't be transmitted but was queued instead.
1389 */
1390static bool ieee80211_tx(struct ieee80211_sub_if_data *sdata,
1391 struct sk_buff *skb, bool txpending)
1392{
1393 struct ieee80211_local *local = sdata->local;
1394 struct ieee80211_tx_data tx;
1395 ieee80211_tx_result res_prepare;
1396 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1397 bool result = true;
1398 int led_len;
1399
1400 if (unlikely(skb->len < 10)) {
1401 dev_kfree_skb(skb);
1402 return true;
1403 }
1404
1405 rcu_read_lock();
1406
1407 /* initialises tx */
1408 led_len = skb->len;
1409 res_prepare = ieee80211_tx_prepare(sdata, &tx, skb);
1410
1411 if (unlikely(res_prepare == TX_DROP)) {
1412 dev_kfree_skb(skb);
1413 goto out;
1414 } else if (unlikely(res_prepare == TX_QUEUED)) {
1415 goto out;
1416 }
1417
1418 tx.channel = local->hw.conf.channel;
1419 info->band = tx.channel->band;
1420
1421 if (!invoke_tx_handlers(&tx))
1422 result = __ieee80211_tx(local, &tx.skbs, led_len,
1423 tx.sta, txpending);
1424 out:
1425 rcu_read_unlock();
1426 return result;
1427}
1428
1429/* device xmit handlers */
1430
1431static int ieee80211_skb_resize(struct ieee80211_sub_if_data *sdata,
1432 struct sk_buff *skb,
1433 int head_need, bool may_encrypt)
1434{
1435 struct ieee80211_local *local = sdata->local;
1436 int tail_need = 0;
1437
1438 if (may_encrypt && sdata->crypto_tx_tailroom_needed_cnt) {
1439 tail_need = IEEE80211_ENCRYPT_TAILROOM;
1440 tail_need -= skb_tailroom(skb);
1441 tail_need = max_t(int, tail_need, 0);
1442 }
1443
1444 if (skb_cloned(skb))
1445 I802_DEBUG_INC(local->tx_expand_skb_head_cloned);
1446 else if (head_need || tail_need)
1447 I802_DEBUG_INC(local->tx_expand_skb_head);
1448 else
1449 return 0;
1450
1451 if (pskb_expand_head(skb, head_need, tail_need, GFP_ATOMIC)) {
1452 wiphy_debug(local->hw.wiphy,
1453 "failed to reallocate TX buffer\n");
1454 return -ENOMEM;
1455 }
1456
1457 return 0;
1458}
1459
1460void ieee80211_xmit(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb)
1461{
1462 struct ieee80211_local *local = sdata->local;
1463 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1464 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
1465 int headroom;
1466 bool may_encrypt;
1467
1468 rcu_read_lock();
1469
1470 may_encrypt = !(info->flags & IEEE80211_TX_INTFL_DONT_ENCRYPT);
1471
1472 headroom = local->tx_headroom;
1473 if (may_encrypt)
1474 headroom += IEEE80211_ENCRYPT_HEADROOM;
1475 headroom -= skb_headroom(skb);
1476 headroom = max_t(int, 0, headroom);
1477
1478 if (ieee80211_skb_resize(sdata, skb, headroom, may_encrypt)) {
1479 dev_kfree_skb(skb);
1480 rcu_read_unlock();
1481 return;
1482 }
1483
1484 hdr = (struct ieee80211_hdr *) skb->data;
1485 info->control.vif = &sdata->vif;
1486
1487 if (ieee80211_vif_is_mesh(&sdata->vif) &&
1488 ieee80211_is_data(hdr->frame_control) &&
1489 !is_multicast_ether_addr(hdr->addr1))
1490 if (mesh_nexthop_resolve(skb, sdata)) {
1491 /* skb queued: don't free */
1492 rcu_read_unlock();
1493 return;
1494 }
1495
1496 ieee80211_set_qos_hdr(sdata, skb);
1497 ieee80211_tx(sdata, skb, false);
1498 rcu_read_unlock();
1499}
1500
1501static bool ieee80211_parse_tx_radiotap(struct sk_buff *skb)
1502{
1503 struct ieee80211_radiotap_iterator iterator;
1504 struct ieee80211_radiotap_header *rthdr =
1505 (struct ieee80211_radiotap_header *) skb->data;
1506 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1507 int ret = ieee80211_radiotap_iterator_init(&iterator, rthdr, skb->len,
1508 NULL);
1509 u16 txflags;
1510
1511 info->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT |
1512 IEEE80211_TX_CTL_DONTFRAG;
1513
1514 /*
1515 * for every radiotap entry that is present
1516 * (ieee80211_radiotap_iterator_next returns -ENOENT when no more
1517 * entries present, or -EINVAL on error)
1518 */
1519
1520 while (!ret) {
1521 ret = ieee80211_radiotap_iterator_next(&iterator);
1522
1523 if (ret)
1524 continue;
1525
1526 /* see if this argument is something we can use */
1527 switch (iterator.this_arg_index) {
1528 /*
1529 * You must take care when dereferencing iterator.this_arg
1530 * for multibyte types... the pointer is not aligned. Use
1531 * get_unaligned((type *)iterator.this_arg) to dereference
1532 * iterator.this_arg for type "type" safely on all arches.
1533 */
1534 case IEEE80211_RADIOTAP_FLAGS:
1535 if (*iterator.this_arg & IEEE80211_RADIOTAP_F_FCS) {
1536 /*
1537 * this indicates that the skb we have been
1538 * handed has the 32-bit FCS CRC at the end...
1539 * we should react to that by snipping it off
1540 * because it will be recomputed and added
1541 * on transmission
1542 */
1543 if (skb->len < (iterator._max_length + FCS_LEN))
1544 return false;
1545
1546 skb_trim(skb, skb->len - FCS_LEN);
1547 }
1548 if (*iterator.this_arg & IEEE80211_RADIOTAP_F_WEP)
1549 info->flags &= ~IEEE80211_TX_INTFL_DONT_ENCRYPT;
1550 if (*iterator.this_arg & IEEE80211_RADIOTAP_F_FRAG)
1551 info->flags &= ~IEEE80211_TX_CTL_DONTFRAG;
1552 break;
1553
1554 case IEEE80211_RADIOTAP_TX_FLAGS:
1555 txflags = get_unaligned_le16(iterator.this_arg);
1556 if (txflags & IEEE80211_RADIOTAP_F_TX_NOACK)
1557 info->flags |= IEEE80211_TX_CTL_NO_ACK;
1558 break;
1559
1560 /*
1561 * Please update the file
1562 * Documentation/networking/mac80211-injection.txt
1563 * when parsing new fields here.
1564 */
1565
1566 default:
1567 break;
1568 }
1569 }
1570
1571 if (ret != -ENOENT) /* ie, if we didn't simply run out of fields */
1572 return false;
1573
1574 /*
1575 * remove the radiotap header
1576 * iterator->_max_length was sanity-checked against
1577 * skb->len by iterator init
1578 */
1579 skb_pull(skb, iterator._max_length);
1580
1581 return true;
1582}
1583
1584netdev_tx_t ieee80211_monitor_start_xmit(struct sk_buff *skb,
1585 struct net_device *dev)
1586{
1587 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1588 struct ieee80211_channel *chan = local->hw.conf.channel;
1589 struct ieee80211_radiotap_header *prthdr =
1590 (struct ieee80211_radiotap_header *)skb->data;
1591 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1592 struct ieee80211_hdr *hdr;
1593 struct ieee80211_sub_if_data *tmp_sdata, *sdata;
1594 u16 len_rthdr;
1595 int hdrlen;
1596
1597 /*
1598 * Frame injection is not allowed if beaconing is not allowed
1599 * or if we need radar detection. Beaconing is usually not allowed when
1600 * the mode or operation (Adhoc, AP, Mesh) does not support DFS.
1601 * Passive scan is also used in world regulatory domains where
1602 * your country is not known and as such it should be treated as
1603 * NO TX unless the channel is explicitly allowed in which case
1604 * your current regulatory domain would not have the passive scan
1605 * flag.
1606 *
1607 * Since AP mode uses monitor interfaces to inject/TX management
1608 * frames we can make AP mode the exception to this rule once it
1609 * supports radar detection as its implementation can deal with
1610 * radar detection by itself. We can do that later by adding a
1611 * monitor flag interfaces used for AP support.
1612 */
1613 if ((chan->flags & (IEEE80211_CHAN_NO_IBSS | IEEE80211_CHAN_RADAR |
1614 IEEE80211_CHAN_PASSIVE_SCAN)))
1615 goto fail;
1616
1617 /* check for not even having the fixed radiotap header part */
1618 if (unlikely(skb->len < sizeof(struct ieee80211_radiotap_header)))
1619 goto fail; /* too short to be possibly valid */
1620
1621 /* is it a header version we can trust to find length from? */
1622 if (unlikely(prthdr->it_version))
1623 goto fail; /* only version 0 is supported */
1624
1625 /* then there must be a radiotap header with a length we can use */
1626 len_rthdr = ieee80211_get_radiotap_len(skb->data);
1627
1628 /* does the skb contain enough to deliver on the alleged length? */
1629 if (unlikely(skb->len < len_rthdr))
1630 goto fail; /* skb too short for claimed rt header extent */
1631
1632 /*
1633 * fix up the pointers accounting for the radiotap
1634 * header still being in there. We are being given
1635 * a precooked IEEE80211 header so no need for
1636 * normal processing
1637 */
1638 skb_set_mac_header(skb, len_rthdr);
1639 /*
1640 * these are just fixed to the end of the rt area since we
1641 * don't have any better information and at this point, nobody cares
1642 */
1643 skb_set_network_header(skb, len_rthdr);
1644 skb_set_transport_header(skb, len_rthdr);
1645
1646 if (skb->len < len_rthdr + 2)
1647 goto fail;
1648
1649 hdr = (struct ieee80211_hdr *)(skb->data + len_rthdr);
1650 hdrlen = ieee80211_hdrlen(hdr->frame_control);
1651
1652 if (skb->len < len_rthdr + hdrlen)
1653 goto fail;
1654
1655 /*
1656 * Initialize skb->protocol if the injected frame is a data frame
1657 * carrying a rfc1042 header
1658 */
1659 if (ieee80211_is_data(hdr->frame_control) &&
1660 skb->len >= len_rthdr + hdrlen + sizeof(rfc1042_header) + 2) {
1661 u8 *payload = (u8 *)hdr + hdrlen;
1662
1663 if (compare_ether_addr(payload, rfc1042_header) == 0)
1664 skb->protocol = cpu_to_be16((payload[6] << 8) |
1665 payload[7]);
1666 }
1667
1668 memset(info, 0, sizeof(*info));
1669
1670 info->flags = IEEE80211_TX_CTL_REQ_TX_STATUS |
1671 IEEE80211_TX_CTL_INJECTED;
1672
1673 /* process and remove the injection radiotap header */
1674 if (!ieee80211_parse_tx_radiotap(skb))
1675 goto fail;
1676
1677 rcu_read_lock();
1678
1679 /*
1680 * We process outgoing injected frames that have a local address
1681 * we handle as though they are non-injected frames.
1682 * This code here isn't entirely correct, the local MAC address
1683 * isn't always enough to find the interface to use; for proper
1684 * VLAN/WDS support we will need a different mechanism (which
1685 * likely isn't going to be monitor interfaces).
1686 */
1687 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1688
1689 list_for_each_entry_rcu(tmp_sdata, &local->interfaces, list) {
1690 if (!ieee80211_sdata_running(tmp_sdata))
1691 continue;
1692 if (tmp_sdata->vif.type == NL80211_IFTYPE_MONITOR ||
1693 tmp_sdata->vif.type == NL80211_IFTYPE_AP_VLAN ||
1694 tmp_sdata->vif.type == NL80211_IFTYPE_WDS)
1695 continue;
1696 if (compare_ether_addr(tmp_sdata->vif.addr, hdr->addr2) == 0) {
1697 sdata = tmp_sdata;
1698 break;
1699 }
1700 }
1701
1702 ieee80211_xmit(sdata, skb);
1703 rcu_read_unlock();
1704
1705 return NETDEV_TX_OK;
1706
1707fail:
1708 dev_kfree_skb(skb);
1709 return NETDEV_TX_OK; /* meaning, we dealt with the skb */
1710}
1711
1712/**
1713 * ieee80211_subif_start_xmit - netif start_xmit function for Ethernet-type
1714 * subinterfaces (wlan#, WDS, and VLAN interfaces)
1715 * @skb: packet to be sent
1716 * @dev: incoming interface
1717 *
1718 * Returns: 0 on success (and frees skb in this case) or 1 on failure (skb will
1719 * not be freed, and caller is responsible for either retrying later or freeing
1720 * skb).
1721 *
1722 * This function takes in an Ethernet header and encapsulates it with suitable
1723 * IEEE 802.11 header based on which interface the packet is coming in. The
1724 * encapsulated packet will then be passed to master interface, wlan#.11, for
1725 * transmission (through low-level driver).
1726 */
1727netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb,
1728 struct net_device *dev)
1729{
1730 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1731 struct ieee80211_local *local = sdata->local;
1732 struct ieee80211_tx_info *info;
1733 int ret = NETDEV_TX_BUSY, head_need;
1734 u16 ethertype, hdrlen, meshhdrlen = 0;
1735 __le16 fc;
1736 struct ieee80211_hdr hdr;
1737 struct ieee80211s_hdr mesh_hdr __maybe_unused;
1738 struct mesh_path __maybe_unused *mppath = NULL;
1739 const u8 *encaps_data;
1740 int encaps_len, skip_header_bytes;
1741 int nh_pos, h_pos;
1742 struct sta_info *sta = NULL;
1743 bool wme_sta = false, authorized = false, tdls_auth = false;
1744 bool tdls_direct = false;
1745 bool multicast;
1746 u32 info_flags = 0;
1747 u16 info_id = 0;
1748
1749 if (unlikely(skb->len < ETH_HLEN)) {
1750 ret = NETDEV_TX_OK;
1751 goto fail;
1752 }
1753
1754 /* convert Ethernet header to proper 802.11 header (based on
1755 * operation mode) */
1756 ethertype = (skb->data[12] << 8) | skb->data[13];
1757 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA);
1758
1759 switch (sdata->vif.type) {
1760 case NL80211_IFTYPE_AP_VLAN:
1761 rcu_read_lock();
1762 sta = rcu_dereference(sdata->u.vlan.sta);
1763 if (sta) {
1764 fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS);
1765 /* RA TA DA SA */
1766 memcpy(hdr.addr1, sta->sta.addr, ETH_ALEN);
1767 memcpy(hdr.addr2, sdata->vif.addr, ETH_ALEN);
1768 memcpy(hdr.addr3, skb->data, ETH_ALEN);
1769 memcpy(hdr.addr4, skb->data + ETH_ALEN, ETH_ALEN);
1770 hdrlen = 30;
1771 authorized = test_sta_flag(sta, WLAN_STA_AUTHORIZED);
1772 wme_sta = test_sta_flag(sta, WLAN_STA_WME);
1773 }
1774 rcu_read_unlock();
1775 if (sta)
1776 break;
1777 /* fall through */
1778 case NL80211_IFTYPE_AP:
1779 fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS);
1780 /* DA BSSID SA */
1781 memcpy(hdr.addr1, skb->data, ETH_ALEN);
1782 memcpy(hdr.addr2, sdata->vif.addr, ETH_ALEN);
1783 memcpy(hdr.addr3, skb->data + ETH_ALEN, ETH_ALEN);
1784 hdrlen = 24;
1785 break;
1786 case NL80211_IFTYPE_WDS:
1787 fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS);
1788 /* RA TA DA SA */
1789 memcpy(hdr.addr1, sdata->u.wds.remote_addr, ETH_ALEN);
1790 memcpy(hdr.addr2, sdata->vif.addr, ETH_ALEN);
1791 memcpy(hdr.addr3, skb->data, ETH_ALEN);
1792 memcpy(hdr.addr4, skb->data + ETH_ALEN, ETH_ALEN);
1793 hdrlen = 30;
1794 break;
1795#ifdef CONFIG_MAC80211_MESH
1796 case NL80211_IFTYPE_MESH_POINT:
1797 if (!sdata->u.mesh.mshcfg.dot11MeshTTL) {
1798 /* Do not send frames with mesh_ttl == 0 */
1799 sdata->u.mesh.mshstats.dropped_frames_ttl++;
1800 ret = NETDEV_TX_OK;
1801 goto fail;
1802 }
1803 rcu_read_lock();
1804 if (!is_multicast_ether_addr(skb->data))
1805 mppath = mpp_path_lookup(skb->data, sdata);
1806
1807 /*
1808 * Use address extension if it is a packet from
1809 * another interface or if we know the destination
1810 * is being proxied by a portal (i.e. portal address
1811 * differs from proxied address)
1812 */
1813 if (compare_ether_addr(sdata->vif.addr,
1814 skb->data + ETH_ALEN) == 0 &&
1815 !(mppath && compare_ether_addr(mppath->mpp, skb->data))) {
1816 hdrlen = ieee80211_fill_mesh_addresses(&hdr, &fc,
1817 skb->data, skb->data + ETH_ALEN);
1818 rcu_read_unlock();
1819 meshhdrlen = ieee80211_new_mesh_header(&mesh_hdr,
1820 sdata, NULL, NULL);
1821 } else {
1822 int is_mesh_mcast = 1;
1823 const u8 *mesh_da;
1824
1825 if (is_multicast_ether_addr(skb->data))
1826 /* DA TA mSA AE:SA */
1827 mesh_da = skb->data;
1828 else {
1829 static const u8 bcast[ETH_ALEN] =
1830 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
1831 if (mppath) {
1832 /* RA TA mDA mSA AE:DA SA */
1833 mesh_da = mppath->mpp;
1834 is_mesh_mcast = 0;
1835 } else {
1836 /* DA TA mSA AE:SA */
1837 mesh_da = bcast;
1838 }
1839 }
1840 hdrlen = ieee80211_fill_mesh_addresses(&hdr, &fc,
1841 mesh_da, sdata->vif.addr);
1842 rcu_read_unlock();
1843 if (is_mesh_mcast)
1844 meshhdrlen =
1845 ieee80211_new_mesh_header(&mesh_hdr,
1846 sdata,
1847 skb->data + ETH_ALEN,
1848 NULL);
1849 else
1850 meshhdrlen =
1851 ieee80211_new_mesh_header(&mesh_hdr,
1852 sdata,
1853 skb->data,
1854 skb->data + ETH_ALEN);
1855
1856 }
1857 break;
1858#endif
1859 case NL80211_IFTYPE_STATION:
1860 if (sdata->wdev.wiphy->flags & WIPHY_FLAG_SUPPORTS_TDLS) {
1861 bool tdls_peer = false;
1862
1863 rcu_read_lock();
1864 sta = sta_info_get(sdata, skb->data);
1865 if (sta) {
1866 authorized = test_sta_flag(sta,
1867 WLAN_STA_AUTHORIZED);
1868 wme_sta = test_sta_flag(sta, WLAN_STA_WME);
1869 tdls_peer = test_sta_flag(sta,
1870 WLAN_STA_TDLS_PEER);
1871 tdls_auth = test_sta_flag(sta,
1872 WLAN_STA_TDLS_PEER_AUTH);
1873 }
1874 rcu_read_unlock();
1875
1876 /*
1877 * If the TDLS link is enabled, send everything
1878 * directly. Otherwise, allow TDLS setup frames
1879 * to be transmitted indirectly.
1880 */
1881 tdls_direct = tdls_peer && (tdls_auth ||
1882 !(ethertype == ETH_P_TDLS && skb->len > 14 &&
1883 skb->data[14] == WLAN_TDLS_SNAP_RFTYPE));
1884 }
1885
1886 if (tdls_direct) {
1887 /* link during setup - throw out frames to peer */
1888 if (!tdls_auth) {
1889 ret = NETDEV_TX_OK;
1890 goto fail;
1891 }
1892
1893 /* DA SA BSSID */
1894 memcpy(hdr.addr1, skb->data, ETH_ALEN);
1895 memcpy(hdr.addr2, skb->data + ETH_ALEN, ETH_ALEN);
1896 memcpy(hdr.addr3, sdata->u.mgd.bssid, ETH_ALEN);
1897 hdrlen = 24;
1898 } else if (sdata->u.mgd.use_4addr &&
1899 cpu_to_be16(ethertype) != sdata->control_port_protocol) {
1900 fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS |
1901 IEEE80211_FCTL_TODS);
1902 /* RA TA DA SA */
1903 memcpy(hdr.addr1, sdata->u.mgd.bssid, ETH_ALEN);
1904 memcpy(hdr.addr2, sdata->vif.addr, ETH_ALEN);
1905 memcpy(hdr.addr3, skb->data, ETH_ALEN);
1906 memcpy(hdr.addr4, skb->data + ETH_ALEN, ETH_ALEN);
1907 hdrlen = 30;
1908 } else {
1909 fc |= cpu_to_le16(IEEE80211_FCTL_TODS);
1910 /* BSSID SA DA */
1911 memcpy(hdr.addr1, sdata->u.mgd.bssid, ETH_ALEN);
1912 memcpy(hdr.addr2, skb->data + ETH_ALEN, ETH_ALEN);
1913 memcpy(hdr.addr3, skb->data, ETH_ALEN);
1914 hdrlen = 24;
1915 }
1916 break;
1917 case NL80211_IFTYPE_ADHOC:
1918 /* DA SA BSSID */
1919 memcpy(hdr.addr1, skb->data, ETH_ALEN);
1920 memcpy(hdr.addr2, skb->data + ETH_ALEN, ETH_ALEN);
1921 memcpy(hdr.addr3, sdata->u.ibss.bssid, ETH_ALEN);
1922 hdrlen = 24;
1923 break;
1924 default:
1925 ret = NETDEV_TX_OK;
1926 goto fail;
1927 }
1928
1929 /*
1930 * There's no need to try to look up the destination
1931 * if it is a multicast address (which can only happen
1932 * in AP mode)
1933 */
1934 multicast = is_multicast_ether_addr(hdr.addr1);
1935 if (!multicast) {
1936 rcu_read_lock();
1937 sta = sta_info_get(sdata, hdr.addr1);
1938 if (sta) {
1939 authorized = test_sta_flag(sta, WLAN_STA_AUTHORIZED);
1940 wme_sta = test_sta_flag(sta, WLAN_STA_WME);
1941 }
1942 rcu_read_unlock();
1943 }
1944
1945 /* For mesh, the use of the QoS header is mandatory */
1946 if (ieee80211_vif_is_mesh(&sdata->vif))
1947 wme_sta = true;
1948
1949 /* receiver and we are QoS enabled, use a QoS type frame */
1950 if (wme_sta && local->hw.queues >= 4) {
1951 fc |= cpu_to_le16(IEEE80211_STYPE_QOS_DATA);
1952 hdrlen += 2;
1953 }
1954
1955 /*
1956 * Drop unicast frames to unauthorised stations unless they are
1957 * EAPOL frames from the local station.
1958 */
1959 if (unlikely(!ieee80211_vif_is_mesh(&sdata->vif) &&
1960 !is_multicast_ether_addr(hdr.addr1) && !authorized &&
1961 (cpu_to_be16(ethertype) != sdata->control_port_protocol ||
1962 compare_ether_addr(sdata->vif.addr, skb->data + ETH_ALEN)))) {
1963#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
1964 if (net_ratelimit())
1965 printk(KERN_DEBUG "%s: dropped frame to %pM"
1966 " (unauthorized port)\n", dev->name,
1967 hdr.addr1);
1968#endif
1969
1970 I802_DEBUG_INC(local->tx_handlers_drop_unauth_port);
1971
1972 ret = NETDEV_TX_OK;
1973 goto fail;
1974 }
1975
1976 if (unlikely(!multicast && skb->sk &&
1977 skb_shinfo(skb)->tx_flags & SKBTX_WIFI_STATUS)) {
1978 struct sk_buff *orig_skb = skb;
1979
1980 skb = skb_clone(skb, GFP_ATOMIC);
1981 if (skb) {
1982 unsigned long flags;
1983 int id, r;
1984
1985 spin_lock_irqsave(&local->ack_status_lock, flags);
1986 r = idr_get_new_above(&local->ack_status_frames,
1987 orig_skb, 1, &id);
1988 if (r == -EAGAIN) {
1989 idr_pre_get(&local->ack_status_frames,
1990 GFP_ATOMIC);
1991 r = idr_get_new_above(&local->ack_status_frames,
1992 orig_skb, 1, &id);
1993 }
1994 if (WARN_ON(!id) || id > 0xffff) {
1995 idr_remove(&local->ack_status_frames, id);
1996 r = -ERANGE;
1997 }
1998 spin_unlock_irqrestore(&local->ack_status_lock, flags);
1999
2000 if (!r) {
2001 info_id = id;
2002 info_flags |= IEEE80211_TX_CTL_REQ_TX_STATUS;
2003 } else if (skb_shared(skb)) {
2004 kfree_skb(orig_skb);
2005 } else {
2006 kfree_skb(skb);
2007 skb = orig_skb;
2008 }
2009 } else {
2010 /* couldn't clone -- lose tx status ... */
2011 skb = orig_skb;
2012 }
2013 }
2014
2015 /*
2016 * If the skb is shared we need to obtain our own copy.
2017 */
2018 if (skb_shared(skb)) {
2019 struct sk_buff *tmp_skb = skb;
2020
2021 /* can't happen -- skb is a clone if info_id != 0 */
2022 WARN_ON(info_id);
2023
2024 skb = skb_clone(skb, GFP_ATOMIC);
2025 kfree_skb(tmp_skb);
2026
2027 if (!skb) {
2028 ret = NETDEV_TX_OK;
2029 goto fail;
2030 }
2031 }
2032
2033 hdr.frame_control = fc;
2034 hdr.duration_id = 0;
2035 hdr.seq_ctrl = 0;
2036
2037 skip_header_bytes = ETH_HLEN;
2038 if (ethertype == ETH_P_AARP || ethertype == ETH_P_IPX) {
2039 encaps_data = bridge_tunnel_header;
2040 encaps_len = sizeof(bridge_tunnel_header);
2041 skip_header_bytes -= 2;
2042 } else if (ethertype >= 0x600) {
2043 encaps_data = rfc1042_header;
2044 encaps_len = sizeof(rfc1042_header);
2045 skip_header_bytes -= 2;
2046 } else {
2047 encaps_data = NULL;
2048 encaps_len = 0;
2049 }
2050
2051 nh_pos = skb_network_header(skb) - skb->data;
2052 h_pos = skb_transport_header(skb) - skb->data;
2053
2054 skb_pull(skb, skip_header_bytes);
2055 nh_pos -= skip_header_bytes;
2056 h_pos -= skip_header_bytes;
2057
2058 head_need = hdrlen + encaps_len + meshhdrlen - skb_headroom(skb);
2059
2060 /*
2061 * So we need to modify the skb header and hence need a copy of
2062 * that. The head_need variable above doesn't, so far, include
2063 * the needed header space that we don't need right away. If we
2064 * can, then we don't reallocate right now but only after the
2065 * frame arrives at the master device (if it does...)
2066 *
2067 * If we cannot, however, then we will reallocate to include all
2068 * the ever needed space. Also, if we need to reallocate it anyway,
2069 * make it big enough for everything we may ever need.
2070 */
2071
2072 if (head_need > 0 || skb_cloned(skb)) {
2073 head_need += IEEE80211_ENCRYPT_HEADROOM;
2074 head_need += local->tx_headroom;
2075 head_need = max_t(int, 0, head_need);
2076 if (ieee80211_skb_resize(sdata, skb, head_need, true))
2077 goto fail;
2078 }
2079
2080 if (encaps_data) {
2081 memcpy(skb_push(skb, encaps_len), encaps_data, encaps_len);
2082 nh_pos += encaps_len;
2083 h_pos += encaps_len;
2084 }
2085
2086#ifdef CONFIG_MAC80211_MESH
2087 if (meshhdrlen > 0) {
2088 memcpy(skb_push(skb, meshhdrlen), &mesh_hdr, meshhdrlen);
2089 nh_pos += meshhdrlen;
2090 h_pos += meshhdrlen;
2091 }
2092#endif
2093
2094 if (ieee80211_is_data_qos(fc)) {
2095 __le16 *qos_control;
2096
2097 qos_control = (__le16*) skb_push(skb, 2);
2098 memcpy(skb_push(skb, hdrlen - 2), &hdr, hdrlen - 2);
2099 /*
2100 * Maybe we could actually set some fields here, for now just
2101 * initialise to zero to indicate no special operation.
2102 */
2103 *qos_control = 0;
2104 } else
2105 memcpy(skb_push(skb, hdrlen), &hdr, hdrlen);
2106
2107 nh_pos += hdrlen;
2108 h_pos += hdrlen;
2109
2110 dev->stats.tx_packets++;
2111 dev->stats.tx_bytes += skb->len;
2112
2113 /* Update skb pointers to various headers since this modified frame
2114 * is going to go through Linux networking code that may potentially
2115 * need things like pointer to IP header. */
2116 skb_set_mac_header(skb, 0);
2117 skb_set_network_header(skb, nh_pos);
2118 skb_set_transport_header(skb, h_pos);
2119
2120 info = IEEE80211_SKB_CB(skb);
2121 memset(info, 0, sizeof(*info));
2122
2123 dev->trans_start = jiffies;
2124
2125 info->flags = info_flags;
2126 info->ack_frame_id = info_id;
2127
2128 ieee80211_xmit(sdata, skb);
2129
2130 return NETDEV_TX_OK;
2131
2132 fail:
2133 if (ret == NETDEV_TX_OK)
2134 dev_kfree_skb(skb);
2135
2136 return ret;
2137}
2138
2139
2140/*
2141 * ieee80211_clear_tx_pending may not be called in a context where
2142 * it is possible that it packets could come in again.
2143 */
2144void ieee80211_clear_tx_pending(struct ieee80211_local *local)
2145{
2146 struct sk_buff *skb;
2147 int i;
2148
2149 for (i = 0; i < local->hw.queues; i++) {
2150 while ((skb = skb_dequeue(&local->pending[i])) != NULL)
2151 ieee80211_free_txskb(&local->hw, skb);
2152 }
2153}
2154
2155/*
2156 * Returns false if the frame couldn't be transmitted but was queued instead,
2157 * which in this case means re-queued -- take as an indication to stop sending
2158 * more pending frames.
2159 */
2160static bool ieee80211_tx_pending_skb(struct ieee80211_local *local,
2161 struct sk_buff *skb)
2162{
2163 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
2164 struct ieee80211_sub_if_data *sdata;
2165 struct sta_info *sta;
2166 struct ieee80211_hdr *hdr;
2167 bool result;
2168
2169 sdata = vif_to_sdata(info->control.vif);
2170
2171 if (info->flags & IEEE80211_TX_INTFL_NEED_TXPROCESSING) {
2172 result = ieee80211_tx(sdata, skb, true);
2173 } else {
2174 struct sk_buff_head skbs;
2175
2176 __skb_queue_head_init(&skbs);
2177 __skb_queue_tail(&skbs, skb);
2178
2179 hdr = (struct ieee80211_hdr *)skb->data;
2180 sta = sta_info_get(sdata, hdr->addr1);
2181
2182 result = __ieee80211_tx(local, &skbs, skb->len, sta, true);
2183 }
2184
2185 return result;
2186}
2187
2188/*
2189 * Transmit all pending packets. Called from tasklet.
2190 */
2191void ieee80211_tx_pending(unsigned long data)
2192{
2193 struct ieee80211_local *local = (struct ieee80211_local *)data;
2194 struct ieee80211_sub_if_data *sdata;
2195 unsigned long flags;
2196 int i;
2197 bool txok;
2198
2199 rcu_read_lock();
2200
2201 spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
2202 for (i = 0; i < local->hw.queues; i++) {
2203 /*
2204 * If queue is stopped by something other than due to pending
2205 * frames, or we have no pending frames, proceed to next queue.
2206 */
2207 if (local->queue_stop_reasons[i] ||
2208 skb_queue_empty(&local->pending[i]))
2209 continue;
2210
2211 while (!skb_queue_empty(&local->pending[i])) {
2212 struct sk_buff *skb = __skb_dequeue(&local->pending[i]);
2213 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
2214
2215 if (WARN_ON(!info->control.vif)) {
2216 kfree_skb(skb);
2217 continue;
2218 }
2219
2220 spin_unlock_irqrestore(&local->queue_stop_reason_lock,
2221 flags);
2222
2223 txok = ieee80211_tx_pending_skb(local, skb);
2224 spin_lock_irqsave(&local->queue_stop_reason_lock,
2225 flags);
2226 if (!txok)
2227 break;
2228 }
2229
2230 if (skb_queue_empty(&local->pending[i]))
2231 list_for_each_entry_rcu(sdata, &local->interfaces, list)
2232 netif_wake_subqueue(sdata->dev, i);
2233 }
2234 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
2235
2236 rcu_read_unlock();
2237}
2238
2239/* functions for drivers to get certain frames */
2240
2241static void ieee80211_beacon_add_tim(struct ieee80211_sub_if_data *sdata,
2242 struct ieee80211_if_ap *bss,
2243 struct sk_buff *skb,
2244 struct beacon_data *beacon)
2245{
2246 u8 *pos, *tim;
2247 int aid0 = 0;
2248 int i, have_bits = 0, n1, n2;
2249
2250 /* Generate bitmap for TIM only if there are any STAs in power save
2251 * mode. */
2252 if (atomic_read(&bss->num_sta_ps) > 0)
2253 /* in the hope that this is faster than
2254 * checking byte-for-byte */
2255 have_bits = !bitmap_empty((unsigned long*)bss->tim,
2256 IEEE80211_MAX_AID+1);
2257
2258 if (bss->dtim_count == 0)
2259 bss->dtim_count = sdata->vif.bss_conf.dtim_period - 1;
2260 else
2261 bss->dtim_count--;
2262
2263 tim = pos = (u8 *) skb_put(skb, 6);
2264 *pos++ = WLAN_EID_TIM;
2265 *pos++ = 4;
2266 *pos++ = bss->dtim_count;
2267 *pos++ = sdata->vif.bss_conf.dtim_period;
2268
2269 if (bss->dtim_count == 0 && !skb_queue_empty(&bss->ps_bc_buf))
2270 aid0 = 1;
2271
2272 bss->dtim_bc_mc = aid0 == 1;
2273
2274 if (have_bits) {
2275 /* Find largest even number N1 so that bits numbered 1 through
2276 * (N1 x 8) - 1 in the bitmap are 0 and number N2 so that bits
2277 * (N2 + 1) x 8 through 2007 are 0. */
2278 n1 = 0;
2279 for (i = 0; i < IEEE80211_MAX_TIM_LEN; i++) {
2280 if (bss->tim[i]) {
2281 n1 = i & 0xfe;
2282 break;
2283 }
2284 }
2285 n2 = n1;
2286 for (i = IEEE80211_MAX_TIM_LEN - 1; i >= n1; i--) {
2287 if (bss->tim[i]) {
2288 n2 = i;
2289 break;
2290 }
2291 }
2292
2293 /* Bitmap control */
2294 *pos++ = n1 | aid0;
2295 /* Part Virt Bitmap */
2296 skb_put(skb, n2 - n1);
2297 memcpy(pos, bss->tim + n1, n2 - n1 + 1);
2298
2299 tim[1] = n2 - n1 + 4;
2300 } else {
2301 *pos++ = aid0; /* Bitmap control */
2302 *pos++ = 0; /* Part Virt Bitmap */
2303 }
2304}
2305
2306struct sk_buff *ieee80211_beacon_get_tim(struct ieee80211_hw *hw,
2307 struct ieee80211_vif *vif,
2308 u16 *tim_offset, u16 *tim_length)
2309{
2310 struct ieee80211_local *local = hw_to_local(hw);
2311 struct sk_buff *skb = NULL;
2312 struct ieee80211_tx_info *info;
2313 struct ieee80211_sub_if_data *sdata = NULL;
2314 struct ieee80211_if_ap *ap = NULL;
2315 struct beacon_data *beacon;
2316 struct ieee80211_supported_band *sband;
2317 enum ieee80211_band band = local->hw.conf.channel->band;
2318 struct ieee80211_tx_rate_control txrc;
2319
2320 sband = local->hw.wiphy->bands[band];
2321
2322 rcu_read_lock();
2323
2324 sdata = vif_to_sdata(vif);
2325
2326 if (!ieee80211_sdata_running(sdata))
2327 goto out;
2328
2329 if (tim_offset)
2330 *tim_offset = 0;
2331 if (tim_length)
2332 *tim_length = 0;
2333
2334 if (sdata->vif.type == NL80211_IFTYPE_AP) {
2335 ap = &sdata->u.ap;
2336 beacon = rcu_dereference(ap->beacon);
2337 if (beacon) {
2338 /*
2339 * headroom, head length,
2340 * tail length and maximum TIM length
2341 */
2342 skb = dev_alloc_skb(local->tx_headroom +
2343 beacon->head_len +
2344 beacon->tail_len + 256);
2345 if (!skb)
2346 goto out;
2347
2348 skb_reserve(skb, local->tx_headroom);
2349 memcpy(skb_put(skb, beacon->head_len), beacon->head,
2350 beacon->head_len);
2351
2352 /*
2353 * Not very nice, but we want to allow the driver to call
2354 * ieee80211_beacon_get() as a response to the set_tim()
2355 * callback. That, however, is already invoked under the
2356 * sta_lock to guarantee consistent and race-free update
2357 * of the tim bitmap in mac80211 and the driver.
2358 */
2359 if (local->tim_in_locked_section) {
2360 ieee80211_beacon_add_tim(sdata, ap, skb,
2361 beacon);
2362 } else {
2363 unsigned long flags;
2364
2365 spin_lock_irqsave(&local->tim_lock, flags);
2366 ieee80211_beacon_add_tim(sdata, ap, skb,
2367 beacon);
2368 spin_unlock_irqrestore(&local->tim_lock, flags);
2369 }
2370
2371 if (tim_offset)
2372 *tim_offset = beacon->head_len;
2373 if (tim_length)
2374 *tim_length = skb->len - beacon->head_len;
2375
2376 if (beacon->tail)
2377 memcpy(skb_put(skb, beacon->tail_len),
2378 beacon->tail, beacon->tail_len);
2379 } else
2380 goto out;
2381 } else if (sdata->vif.type == NL80211_IFTYPE_ADHOC) {
2382 struct ieee80211_if_ibss *ifibss = &sdata->u.ibss;
2383 struct ieee80211_hdr *hdr;
2384 struct sk_buff *presp = rcu_dereference(ifibss->presp);
2385
2386 if (!presp)
2387 goto out;
2388
2389 skb = skb_copy(presp, GFP_ATOMIC);
2390 if (!skb)
2391 goto out;
2392
2393 hdr = (struct ieee80211_hdr *) skb->data;
2394 hdr->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
2395 IEEE80211_STYPE_BEACON);
2396 } else if (ieee80211_vif_is_mesh(&sdata->vif)) {
2397 struct ieee80211_mgmt *mgmt;
2398 u8 *pos;
2399 int hdr_len = offsetof(struct ieee80211_mgmt, u.beacon) +
2400 sizeof(mgmt->u.beacon);
2401
2402#ifdef CONFIG_MAC80211_MESH
2403 if (!sdata->u.mesh.mesh_id_len)
2404 goto out;
2405#endif
2406
2407 skb = dev_alloc_skb(local->tx_headroom +
2408 hdr_len +
2409 2 + /* NULL SSID */
2410 2 + 8 + /* supported rates */
2411 2 + 3 + /* DS params */
2412 2 + (IEEE80211_MAX_SUPP_RATES - 8) +
2413 2 + sizeof(struct ieee80211_ht_cap) +
2414 2 + sizeof(struct ieee80211_ht_info) +
2415 2 + sdata->u.mesh.mesh_id_len +
2416 2 + sizeof(struct ieee80211_meshconf_ie) +
2417 sdata->u.mesh.ie_len);
2418 if (!skb)
2419 goto out;
2420
2421 skb_reserve(skb, local->hw.extra_tx_headroom);
2422 mgmt = (struct ieee80211_mgmt *) skb_put(skb, hdr_len);
2423 memset(mgmt, 0, hdr_len);
2424 mgmt->frame_control =
2425 cpu_to_le16(IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_BEACON);
2426 memset(mgmt->da, 0xff, ETH_ALEN);
2427 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
2428 memcpy(mgmt->bssid, sdata->vif.addr, ETH_ALEN);
2429 mgmt->u.beacon.beacon_int =
2430 cpu_to_le16(sdata->vif.bss_conf.beacon_int);
2431 mgmt->u.beacon.capab_info |= cpu_to_le16(
2432 sdata->u.mesh.security ? WLAN_CAPABILITY_PRIVACY : 0);
2433
2434 pos = skb_put(skb, 2);
2435 *pos++ = WLAN_EID_SSID;
2436 *pos++ = 0x0;
2437
2438 if (ieee80211_add_srates_ie(&sdata->vif, skb) ||
2439 mesh_add_ds_params_ie(skb, sdata) ||
2440 ieee80211_add_ext_srates_ie(&sdata->vif, skb) ||
2441 mesh_add_rsn_ie(skb, sdata) ||
2442 mesh_add_ht_cap_ie(skb, sdata) ||
2443 mesh_add_ht_info_ie(skb, sdata) ||
2444 mesh_add_meshid_ie(skb, sdata) ||
2445 mesh_add_meshconf_ie(skb, sdata) ||
2446 mesh_add_vendor_ies(skb, sdata)) {
2447 pr_err("o11s: couldn't add ies!\n");
2448 goto out;
2449 }
2450 } else {
2451 WARN_ON(1);
2452 goto out;
2453 }
2454
2455 info = IEEE80211_SKB_CB(skb);
2456
2457 info->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
2458 info->flags |= IEEE80211_TX_CTL_NO_ACK;
2459 info->band = band;
2460
2461 memset(&txrc, 0, sizeof(txrc));
2462 txrc.hw = hw;
2463 txrc.sband = sband;
2464 txrc.bss_conf = &sdata->vif.bss_conf;
2465 txrc.skb = skb;
2466 txrc.reported_rate.idx = -1;
2467 txrc.rate_idx_mask = sdata->rc_rateidx_mask[band];
2468 if (txrc.rate_idx_mask == (1 << sband->n_bitrates) - 1)
2469 txrc.max_rate_idx = -1;
2470 else
2471 txrc.max_rate_idx = fls(txrc.rate_idx_mask) - 1;
2472 memcpy(txrc.rate_idx_mcs_mask, sdata->rc_rateidx_mcs_mask[band],
2473 sizeof(txrc.rate_idx_mcs_mask));
2474 txrc.bss = true;
2475 rate_control_get_rate(sdata, NULL, &txrc);
2476
2477 info->control.vif = vif;
2478
2479 info->flags |= IEEE80211_TX_CTL_CLEAR_PS_FILT |
2480 IEEE80211_TX_CTL_ASSIGN_SEQ |
2481 IEEE80211_TX_CTL_FIRST_FRAGMENT;
2482 out:
2483 rcu_read_unlock();
2484 return skb;
2485}
2486EXPORT_SYMBOL(ieee80211_beacon_get_tim);
2487
2488struct sk_buff *ieee80211_proberesp_get(struct ieee80211_hw *hw,
2489 struct ieee80211_vif *vif)
2490{
2491 struct ieee80211_if_ap *ap = NULL;
2492 struct sk_buff *presp = NULL, *skb = NULL;
2493 struct ieee80211_hdr *hdr;
2494 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
2495
2496 if (sdata->vif.type != NL80211_IFTYPE_AP)
2497 return NULL;
2498
2499 rcu_read_lock();
2500
2501 ap = &sdata->u.ap;
2502 presp = rcu_dereference(ap->probe_resp);
2503 if (!presp)
2504 goto out;
2505
2506 skb = skb_copy(presp, GFP_ATOMIC);
2507 if (!skb)
2508 goto out;
2509
2510 hdr = (struct ieee80211_hdr *) skb->data;
2511 memset(hdr->addr1, 0, sizeof(hdr->addr1));
2512
2513out:
2514 rcu_read_unlock();
2515 return skb;
2516}
2517EXPORT_SYMBOL(ieee80211_proberesp_get);
2518
2519struct sk_buff *ieee80211_pspoll_get(struct ieee80211_hw *hw,
2520 struct ieee80211_vif *vif)
2521{
2522 struct ieee80211_sub_if_data *sdata;
2523 struct ieee80211_if_managed *ifmgd;
2524 struct ieee80211_pspoll *pspoll;
2525 struct ieee80211_local *local;
2526 struct sk_buff *skb;
2527
2528 if (WARN_ON(vif->type != NL80211_IFTYPE_STATION))
2529 return NULL;
2530
2531 sdata = vif_to_sdata(vif);
2532 ifmgd = &sdata->u.mgd;
2533 local = sdata->local;
2534
2535 skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*pspoll));
2536 if (!skb)
2537 return NULL;
2538
2539 skb_reserve(skb, local->hw.extra_tx_headroom);
2540
2541 pspoll = (struct ieee80211_pspoll *) skb_put(skb, sizeof(*pspoll));
2542 memset(pspoll, 0, sizeof(*pspoll));
2543 pspoll->frame_control = cpu_to_le16(IEEE80211_FTYPE_CTL |
2544 IEEE80211_STYPE_PSPOLL);
2545 pspoll->aid = cpu_to_le16(ifmgd->aid);
2546
2547 /* aid in PS-Poll has its two MSBs each set to 1 */
2548 pspoll->aid |= cpu_to_le16(1 << 15 | 1 << 14);
2549
2550 memcpy(pspoll->bssid, ifmgd->bssid, ETH_ALEN);
2551 memcpy(pspoll->ta, vif->addr, ETH_ALEN);
2552
2553 return skb;
2554}
2555EXPORT_SYMBOL(ieee80211_pspoll_get);
2556
2557struct sk_buff *ieee80211_nullfunc_get(struct ieee80211_hw *hw,
2558 struct ieee80211_vif *vif)
2559{
2560 struct ieee80211_hdr_3addr *nullfunc;
2561 struct ieee80211_sub_if_data *sdata;
2562 struct ieee80211_if_managed *ifmgd;
2563 struct ieee80211_local *local;
2564 struct sk_buff *skb;
2565
2566 if (WARN_ON(vif->type != NL80211_IFTYPE_STATION))
2567 return NULL;
2568
2569 sdata = vif_to_sdata(vif);
2570 ifmgd = &sdata->u.mgd;
2571 local = sdata->local;
2572
2573 skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*nullfunc));
2574 if (!skb)
2575 return NULL;
2576
2577 skb_reserve(skb, local->hw.extra_tx_headroom);
2578
2579 nullfunc = (struct ieee80211_hdr_3addr *) skb_put(skb,
2580 sizeof(*nullfunc));
2581 memset(nullfunc, 0, sizeof(*nullfunc));
2582 nullfunc->frame_control = cpu_to_le16(IEEE80211_FTYPE_DATA |
2583 IEEE80211_STYPE_NULLFUNC |
2584 IEEE80211_FCTL_TODS);
2585 memcpy(nullfunc->addr1, ifmgd->bssid, ETH_ALEN);
2586 memcpy(nullfunc->addr2, vif->addr, ETH_ALEN);
2587 memcpy(nullfunc->addr3, ifmgd->bssid, ETH_ALEN);
2588
2589 return skb;
2590}
2591EXPORT_SYMBOL(ieee80211_nullfunc_get);
2592
2593struct sk_buff *ieee80211_probereq_get(struct ieee80211_hw *hw,
2594 struct ieee80211_vif *vif,
2595 const u8 *ssid, size_t ssid_len,
2596 const u8 *ie, size_t ie_len)
2597{
2598 struct ieee80211_sub_if_data *sdata;
2599 struct ieee80211_local *local;
2600 struct ieee80211_hdr_3addr *hdr;
2601 struct sk_buff *skb;
2602 size_t ie_ssid_len;
2603 u8 *pos;
2604
2605 sdata = vif_to_sdata(vif);
2606 local = sdata->local;
2607 ie_ssid_len = 2 + ssid_len;
2608
2609 skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*hdr) +
2610 ie_ssid_len + ie_len);
2611 if (!skb)
2612 return NULL;
2613
2614 skb_reserve(skb, local->hw.extra_tx_headroom);
2615
2616 hdr = (struct ieee80211_hdr_3addr *) skb_put(skb, sizeof(*hdr));
2617 memset(hdr, 0, sizeof(*hdr));
2618 hdr->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
2619 IEEE80211_STYPE_PROBE_REQ);
2620 memset(hdr->addr1, 0xff, ETH_ALEN);
2621 memcpy(hdr->addr2, vif->addr, ETH_ALEN);
2622 memset(hdr->addr3, 0xff, ETH_ALEN);
2623
2624 pos = skb_put(skb, ie_ssid_len);
2625 *pos++ = WLAN_EID_SSID;
2626 *pos++ = ssid_len;
2627 if (ssid)
2628 memcpy(pos, ssid, ssid_len);
2629 pos += ssid_len;
2630
2631 if (ie) {
2632 pos = skb_put(skb, ie_len);
2633 memcpy(pos, ie, ie_len);
2634 }
2635
2636 return skb;
2637}
2638EXPORT_SYMBOL(ieee80211_probereq_get);
2639
2640void ieee80211_rts_get(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
2641 const void *frame, size_t frame_len,
2642 const struct ieee80211_tx_info *frame_txctl,
2643 struct ieee80211_rts *rts)
2644{
2645 const struct ieee80211_hdr *hdr = frame;
2646
2647 rts->frame_control =
2648 cpu_to_le16(IEEE80211_FTYPE_CTL | IEEE80211_STYPE_RTS);
2649 rts->duration = ieee80211_rts_duration(hw, vif, frame_len,
2650 frame_txctl);
2651 memcpy(rts->ra, hdr->addr1, sizeof(rts->ra));
2652 memcpy(rts->ta, hdr->addr2, sizeof(rts->ta));
2653}
2654EXPORT_SYMBOL(ieee80211_rts_get);
2655
2656void ieee80211_ctstoself_get(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
2657 const void *frame, size_t frame_len,
2658 const struct ieee80211_tx_info *frame_txctl,
2659 struct ieee80211_cts *cts)
2660{
2661 const struct ieee80211_hdr *hdr = frame;
2662
2663 cts->frame_control =
2664 cpu_to_le16(IEEE80211_FTYPE_CTL | IEEE80211_STYPE_CTS);
2665 cts->duration = ieee80211_ctstoself_duration(hw, vif,
2666 frame_len, frame_txctl);
2667 memcpy(cts->ra, hdr->addr1, sizeof(cts->ra));
2668}
2669EXPORT_SYMBOL(ieee80211_ctstoself_get);
2670
2671struct sk_buff *
2672ieee80211_get_buffered_bc(struct ieee80211_hw *hw,
2673 struct ieee80211_vif *vif)
2674{
2675 struct ieee80211_local *local = hw_to_local(hw);
2676 struct sk_buff *skb = NULL;
2677 struct ieee80211_tx_data tx;
2678 struct ieee80211_sub_if_data *sdata;
2679 struct ieee80211_if_ap *bss = NULL;
2680 struct beacon_data *beacon;
2681 struct ieee80211_tx_info *info;
2682
2683 sdata = vif_to_sdata(vif);
2684 bss = &sdata->u.ap;
2685
2686 rcu_read_lock();
2687 beacon = rcu_dereference(bss->beacon);
2688
2689 if (sdata->vif.type != NL80211_IFTYPE_AP || !beacon || !beacon->head)
2690 goto out;
2691
2692 if (bss->dtim_count != 0 || !bss->dtim_bc_mc)
2693 goto out; /* send buffered bc/mc only after DTIM beacon */
2694
2695 while (1) {
2696 skb = skb_dequeue(&bss->ps_bc_buf);
2697 if (!skb)
2698 goto out;
2699 local->total_ps_buffered--;
2700
2701 if (!skb_queue_empty(&bss->ps_bc_buf) && skb->len >= 2) {
2702 struct ieee80211_hdr *hdr =
2703 (struct ieee80211_hdr *) skb->data;
2704 /* more buffered multicast/broadcast frames ==> set
2705 * MoreData flag in IEEE 802.11 header to inform PS
2706 * STAs */
2707 hdr->frame_control |=
2708 cpu_to_le16(IEEE80211_FCTL_MOREDATA);
2709 }
2710
2711 if (!ieee80211_tx_prepare(sdata, &tx, skb))
2712 break;
2713 dev_kfree_skb_any(skb);
2714 }
2715
2716 info = IEEE80211_SKB_CB(skb);
2717
2718 tx.flags |= IEEE80211_TX_PS_BUFFERED;
2719 tx.channel = local->hw.conf.channel;
2720 info->band = tx.channel->band;
2721
2722 if (invoke_tx_handlers(&tx))
2723 skb = NULL;
2724 out:
2725 rcu_read_unlock();
2726
2727 return skb;
2728}
2729EXPORT_SYMBOL(ieee80211_get_buffered_bc);
2730
2731void ieee80211_tx_skb_tid(struct ieee80211_sub_if_data *sdata,
2732 struct sk_buff *skb, int tid)
2733{
2734 skb_set_mac_header(skb, 0);
2735 skb_set_network_header(skb, 0);
2736 skb_set_transport_header(skb, 0);
2737
2738 skb_set_queue_mapping(skb, ieee802_1d_to_ac[tid]);
2739 skb->priority = tid;
2740
2741 /*
2742 * The other path calling ieee80211_xmit is from the tasklet,
2743 * and while we can handle concurrent transmissions locking
2744 * requirements are that we do not come into tx with bhs on.
2745 */
2746 local_bh_disable();
2747 ieee80211_xmit(sdata, skb);
2748 local_bh_enable();
2749}