1 /******************************************************************************
3 Copyright(c) 2003 - 2005 Intel Corporation. All rights reserved.
5 This program is free software; you can redistribute it and/or modify it
6 under the terms of version 2 of the GNU General Public License as
7 published by the Free Software Foundation.
9 This program is distributed in the hope that it will be useful, but WITHOUT
10 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
14 You should have received a copy of the GNU General Public License along with
15 this program; if not, write to the Free Software Foundation, Inc., 59
16 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
18 The full GNU General Public License is included in this distribution in the
22 James P. Ketrenos <ipw2100-admin@linux.intel.com>
23 Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497
25 ******************************************************************************/
26 #include <linux/compiler.h>
27 #include <linux/config.h>
28 #include <linux/errno.h>
29 #include <linux/if_arp.h>
30 #include <linux/in6.h>
33 #include <linux/kernel.h>
34 #include <linux/module.h>
35 #include <linux/netdevice.h>
36 #include <linux/proc_fs.h>
37 #include <linux/skbuff.h>
38 #include <linux/slab.h>
39 #include <linux/tcp.h>
40 #include <linux/types.h>
41 #include <linux/wireless.h>
42 #include <linux/etherdevice.h>
43 #include <asm/uaccess.h>
45 #include <net/ieee80211.h>
51 ,-------------------------------------------------------------------.
52 Bytes | 2 | 2 | 6 | 6 | 6 | 2 | 0..2312 | 4 |
53 |------|------|---------|---------|---------|------|---------|------|
54 Desc. | ctrl | dura | DA/RA | TA | SA | Sequ | Frame | fcs |
55 | | tion | (BSSID) | | | ence | data | |
56 `--------------------------------------------------| |------'
57 Total: 28 non-data bytes `----.----'
59 .- 'Frame data' expands to <---------------------------'
62 ,---------------------------------------------------.
63 Bytes | 1 | 1 | 1 | 3 | 2 | 0-2304 |
64 |------|------|---------|----------|------|---------|
65 Desc. | SNAP | SNAP | Control |Eth Tunnel| Type | IP |
66 | DSAP | SSAP | | | | Packet |
67 | 0xAA | 0xAA |0x03 (UI)|0x00-00-F8| | |
68 `-----------------------------------------| |
69 Total: 8 non-data bytes `----.----'
71 .- 'IP Packet' expands, if WEP enabled, to <--'
74 ,-----------------------.
75 Bytes | 4 | 0-2296 | 4 |
76 |-----|-----------|-----|
77 Desc. | IV | Encrypted | ICV |
79 `-----------------------'
80 Total: 8 non-data bytes
82 802.3 Ethernet Data Frame
84 ,-----------------------------------------.
85 Bytes | 6 | 6 | 2 | Variable | 4 |
86 |-------|-------|------|-----------|------|
87 Desc. | Dest. | Source| Type | IP Packet | fcs |
89 `-----------------------------------------'
90 Total: 18 non-data bytes
92 In the event that fragmentation is required, the incoming payload is split into
93 N parts of size ieee->fts. The first fragment contains the SNAP header and the
94 remaining packets are just data.
96 If encryption is enabled, each fragment payload size is reduced by enough space
97 to add the prefix and postfix (IV and ICV totalling 8 bytes in the case of WEP)
98 So if you have 1500 bytes of payload with ieee->fts set to 500 without
99 encryption it will take 3 frames. With WEP it will take 4 frames as the
100 payload of each frame is reduced to 492 bytes.
106 * | ETHERNET HEADER ,-<-- PAYLOAD
107 * | | 14 bytes from skb->data
108 * | 2 bytes for Type --> ,T. | (sizeof ethhdr)
110 * |,-Dest.--. ,--Src.---. | | |
111 * | 6 bytes| | 6 bytes | | | |
114 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
117 * | | | | `T' <---- 2 bytes for Type
119 * | | '---SNAP--' <-------- 6 bytes for SNAP
121 * `-IV--' <-------------------- 4 bytes for IV (WEP)
127 static u8 P802_1H_OUI[P80211_OUI_LEN] = { 0x00, 0x00, 0xf8 };
128 static u8 RFC1042_OUI[P80211_OUI_LEN] = { 0x00, 0x00, 0x00 };
130 static int ieee80211_copy_snap(u8 * data, u16 h_proto)
132 struct ieee80211_snap_hdr *snap;
135 snap = (struct ieee80211_snap_hdr *)data;
140 if (h_proto == 0x8137 || h_proto == 0x80f3)
144 snap->oui[0] = oui[0];
145 snap->oui[1] = oui[1];
146 snap->oui[2] = oui[2];
148 *(u16 *) (data + SNAP_SIZE) = htons(h_proto);
150 return SNAP_SIZE + sizeof(u16);
153 static int ieee80211_encrypt_fragment(struct ieee80211_device *ieee,
154 struct sk_buff *frag, int hdr_len)
156 struct ieee80211_crypt_data *crypt = ieee->crypt[ieee->tx_keyidx];
162 /* To encrypt, frame format is:
163 * IV (4 bytes), clear payload (including SNAP), ICV (4 bytes) */
164 atomic_inc(&crypt->refcnt);
166 if (crypt->ops && crypt->ops->encrypt_mpdu)
167 res = crypt->ops->encrypt_mpdu(frag, hdr_len, crypt->priv);
169 atomic_dec(&crypt->refcnt);
171 printk(KERN_INFO "%s: Encryption failed: len=%d.\n",
172 ieee->dev->name, frag->len);
173 ieee->ieee_stats.tx_discards++;
180 void ieee80211_txb_free(struct ieee80211_txb *txb)
185 for (i = 0; i < txb->nr_frags; i++)
186 if (txb->fragments[i])
187 dev_kfree_skb_any(txb->fragments[i]);
191 static struct ieee80211_txb *ieee80211_alloc_txb(int nr_frags, int txb_size,
192 int headroom, gfp_t gfp_mask)
194 struct ieee80211_txb *txb;
196 txb = kmalloc(sizeof(struct ieee80211_txb) + (sizeof(u8 *) * nr_frags),
201 memset(txb, 0, sizeof(struct ieee80211_txb));
202 txb->nr_frags = nr_frags;
203 txb->frag_size = txb_size;
205 for (i = 0; i < nr_frags; i++) {
206 txb->fragments[i] = __dev_alloc_skb(txb_size + headroom,
208 if (unlikely(!txb->fragments[i])) {
212 skb_reserve(txb->fragments[i], headroom);
214 if (unlikely(i != nr_frags)) {
216 dev_kfree_skb_any(txb->fragments[i--]);
223 /* Incoming skb is converted to a txb which consists of
224 * a block of 802.11 fragment packets (stored as skbs) */
225 int ieee80211_xmit(struct sk_buff *skb, struct net_device *dev)
227 struct ieee80211_device *ieee = netdev_priv(dev);
228 struct ieee80211_txb *txb = NULL;
229 struct ieee80211_hdr_3addr *frag_hdr;
230 int i, bytes_per_frag, nr_frags, bytes_last_frag, frag_size,
233 struct net_device_stats *stats = &ieee->stats;
234 int ether_type, encrypt, host_encrypt, host_encrypt_msdu, host_build_iv;
235 int bytes, fc, hdr_len;
236 struct sk_buff *skb_frag;
237 struct ieee80211_hdr_3addr header = { /* Ensure zero initialized */
241 u8 dest[ETH_ALEN], src[ETH_ALEN];
242 struct ieee80211_crypt_data *crypt;
243 int priority = skb->priority;
246 if (ieee->is_queue_full && (*ieee->is_queue_full) (dev, priority))
247 return NETDEV_TX_BUSY;
249 spin_lock_irqsave(&ieee->lock, flags);
251 /* If there is no driver handler to take the TXB, dont' bother
253 if (!ieee->hard_start_xmit) {
254 printk(KERN_WARNING "%s: No xmit handler.\n", ieee->dev->name);
258 if (unlikely(skb->len < SNAP_SIZE + sizeof(u16))) {
259 printk(KERN_WARNING "%s: skb too small (%d).\n",
260 ieee->dev->name, skb->len);
264 ether_type = ntohs(((struct ethhdr *)skb->data)->h_proto);
266 crypt = ieee->crypt[ieee->tx_keyidx];
268 encrypt = !(ether_type == ETH_P_PAE && ieee->ieee802_1x) &&
271 host_encrypt = ieee->host_encrypt && encrypt && crypt;
272 host_encrypt_msdu = ieee->host_encrypt_msdu && encrypt && crypt;
273 host_build_iv = ieee->host_build_iv && encrypt && crypt;
275 if (!encrypt && ieee->ieee802_1x &&
276 ieee->drop_unencrypted && ether_type != ETH_P_PAE) {
281 /* Save source and destination addresses */
282 memcpy(dest, skb->data, ETH_ALEN);
283 memcpy(src, skb->data + ETH_ALEN, ETH_ALEN);
285 /* Advance the SKB to the start of the payload */
286 skb_pull(skb, sizeof(struct ethhdr));
288 /* Determine total amount of storage required for TXB packets */
289 bytes = skb->len + SNAP_SIZE + sizeof(u16);
291 if (host_encrypt || host_build_iv)
292 fc = IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA |
293 IEEE80211_FCTL_PROTECTED;
295 fc = IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA;
297 if (ieee->iw_mode == IW_MODE_INFRA) {
298 fc |= IEEE80211_FCTL_TODS;
299 /* To DS: Addr1 = BSSID, Addr2 = SA, Addr3 = DA */
300 memcpy(header.addr1, ieee->bssid, ETH_ALEN);
301 memcpy(header.addr2, src, ETH_ALEN);
302 memcpy(header.addr3, dest, ETH_ALEN);
303 } else if (ieee->iw_mode == IW_MODE_ADHOC) {
304 /* not From/To DS: Addr1 = DA, Addr2 = SA, Addr3 = BSSID */
305 memcpy(header.addr1, dest, ETH_ALEN);
306 memcpy(header.addr2, src, ETH_ALEN);
307 memcpy(header.addr3, ieee->bssid, ETH_ALEN);
309 header.frame_ctl = cpu_to_le16(fc);
310 hdr_len = IEEE80211_3ADDR_LEN;
312 /* Encrypt msdu first on the whole data packet. */
313 if ((host_encrypt || host_encrypt_msdu) &&
314 crypt && crypt->ops && crypt->ops->encrypt_msdu) {
316 int len = bytes + hdr_len + crypt->ops->extra_msdu_prefix_len +
317 crypt->ops->extra_msdu_postfix_len;
318 struct sk_buff *skb_new = dev_alloc_skb(len);
320 if (unlikely(!skb_new))
323 skb_reserve(skb_new, crypt->ops->extra_msdu_prefix_len);
324 memcpy(skb_put(skb_new, hdr_len), &header, hdr_len);
326 ieee80211_copy_snap(skb_put(skb_new, SNAP_SIZE + sizeof(u16)),
328 memcpy(skb_put(skb_new, skb->len), skb->data, skb->len);
329 res = crypt->ops->encrypt_msdu(skb_new, hdr_len, crypt->priv);
331 IEEE80211_ERROR("msdu encryption failed\n");
332 dev_kfree_skb_any(skb_new);
335 dev_kfree_skb_any(skb);
337 bytes += crypt->ops->extra_msdu_prefix_len +
338 crypt->ops->extra_msdu_postfix_len;
339 skb_pull(skb, hdr_len);
342 if (host_encrypt || ieee->host_open_frag) {
343 /* Determine fragmentation size based on destination (multicast
344 * and broadcast are not fragmented) */
345 if (is_multicast_ether_addr(dest) ||
346 is_broadcast_ether_addr(dest))
347 frag_size = MAX_FRAG_THRESHOLD;
349 frag_size = ieee->fts;
351 /* Determine amount of payload per fragment. Regardless of if
352 * this stack is providing the full 802.11 header, one will
353 * eventually be affixed to this fragment -- so we must account
354 * for it when determining the amount of payload space. */
355 bytes_per_frag = frag_size - IEEE80211_3ADDR_LEN;
357 (CFG_IEEE80211_COMPUTE_FCS | CFG_IEEE80211_RESERVE_FCS))
358 bytes_per_frag -= IEEE80211_FCS_LEN;
360 /* Each fragment may need to have room for encryptiong
363 bytes_per_frag -= crypt->ops->extra_mpdu_prefix_len +
364 crypt->ops->extra_mpdu_postfix_len;
366 /* Number of fragments is the total
367 * bytes_per_frag / payload_per_fragment */
368 nr_frags = bytes / bytes_per_frag;
369 bytes_last_frag = bytes % bytes_per_frag;
373 bytes_last_frag = bytes_per_frag;
376 bytes_per_frag = bytes_last_frag = bytes;
377 frag_size = bytes + IEEE80211_3ADDR_LEN;
380 rts_required = (frag_size > ieee->rts
381 && ieee->config & CFG_IEEE80211_RTS);
385 /* When we allocate the TXB we allocate enough space for the reserve
386 * and full fragment bytes (bytes_per_frag doesn't include prefix,
387 * postfix, header, FCS, etc.) */
388 txb = ieee80211_alloc_txb(nr_frags, frag_size,
389 ieee->tx_headroom, GFP_ATOMIC);
390 if (unlikely(!txb)) {
391 printk(KERN_WARNING "%s: Could not allocate TXB\n",
395 txb->encrypted = encrypt;
397 txb->payload_size = frag_size * (nr_frags - 1) +
400 txb->payload_size = bytes;
403 skb_frag = txb->fragments[0];
405 (struct ieee80211_hdr_3addr *)skb_put(skb_frag, hdr_len);
408 * Set header frame_ctl to the RTS.
411 cpu_to_le16(IEEE80211_FTYPE_CTL | IEEE80211_STYPE_RTS);
412 memcpy(frag_hdr, &header, hdr_len);
415 * Restore header frame_ctl to the original data setting.
417 header.frame_ctl = cpu_to_le16(fc);
420 (CFG_IEEE80211_COMPUTE_FCS | CFG_IEEE80211_RESERVE_FCS))
421 skb_put(skb_frag, 4);
423 txb->rts_included = 1;
428 for (; i < nr_frags; i++) {
429 skb_frag = txb->fragments[i];
431 if (host_encrypt || host_build_iv)
432 skb_reserve(skb_frag,
433 crypt->ops->extra_mpdu_prefix_len);
436 (struct ieee80211_hdr_3addr *)skb_put(skb_frag, hdr_len);
437 memcpy(frag_hdr, &header, hdr_len);
439 /* If this is not the last fragment, then add the MOREFRAGS
440 * bit to the frame control */
441 if (i != nr_frags - 1) {
442 frag_hdr->frame_ctl =
443 cpu_to_le16(fc | IEEE80211_FCTL_MOREFRAGS);
444 bytes = bytes_per_frag;
446 /* The last fragment takes the remaining length */
447 bytes = bytes_last_frag;
450 if (i == 0 && !snapped) {
451 ieee80211_copy_snap(skb_put
452 (skb_frag, SNAP_SIZE + sizeof(u16)),
454 bytes -= SNAP_SIZE + sizeof(u16);
457 memcpy(skb_put(skb_frag, bytes), skb->data, bytes);
459 /* Advance the SKB... */
460 skb_pull(skb, bytes);
462 /* Encryption routine will move the header forward in order
463 * to insert the IV between the header and the payload */
465 ieee80211_encrypt_fragment(ieee, skb_frag, hdr_len);
466 else if (host_build_iv) {
467 struct ieee80211_crypt_data *crypt;
469 crypt = ieee->crypt[ieee->tx_keyidx];
470 atomic_inc(&crypt->refcnt);
471 if (crypt->ops->build_iv)
472 crypt->ops->build_iv(skb_frag, hdr_len,
474 atomic_dec(&crypt->refcnt);
478 (CFG_IEEE80211_COMPUTE_FCS | CFG_IEEE80211_RESERVE_FCS))
479 skb_put(skb_frag, 4);
483 spin_unlock_irqrestore(&ieee->lock, flags);
485 dev_kfree_skb_any(skb);
488 int ret = (*ieee->hard_start_xmit) (txb, dev, priority);
491 stats->tx_bytes += txb->payload_size;
495 if (ret == NETDEV_TX_BUSY) {
496 printk(KERN_ERR "%s: NETDEV_TX_BUSY returned; "
497 "driver should report queue full via "
498 "ieee_device->is_queue_full.\n",
502 ieee80211_txb_free(txb);
508 spin_unlock_irqrestore(&ieee->lock, flags);
509 netif_stop_queue(dev);
514 /* Incoming 802.11 strucure is converted to a TXB
515 * a block of 802.11 fragment packets (stored as skbs) */
516 int ieee80211_tx_frame(struct ieee80211_device *ieee,
517 struct ieee80211_hdr *frame, int len)
519 struct ieee80211_txb *txb = NULL;
521 struct net_device_stats *stats = &ieee->stats;
522 struct sk_buff *skb_frag;
525 spin_lock_irqsave(&ieee->lock, flags);
527 /* If there is no driver handler to take the TXB, dont' bother
529 if (!ieee->hard_start_xmit) {
530 printk(KERN_WARNING "%s: No xmit handler.\n", ieee->dev->name);
534 if (unlikely(len < 24)) {
535 printk(KERN_WARNING "%s: skb too small (%d).\n",
536 ieee->dev->name, len);
540 /* When we allocate the TXB we allocate enough space for the reserve
541 * and full fragment bytes (bytes_per_frag doesn't include prefix,
542 * postfix, header, FCS, etc.) */
543 txb = ieee80211_alloc_txb(1, len, ieee->tx_headroom, GFP_ATOMIC);
544 if (unlikely(!txb)) {
545 printk(KERN_WARNING "%s: Could not allocate TXB\n",
550 txb->payload_size = len;
552 skb_frag = txb->fragments[0];
554 memcpy(skb_put(skb_frag, len), frame, len);
557 (CFG_IEEE80211_COMPUTE_FCS | CFG_IEEE80211_RESERVE_FCS))
558 skb_put(skb_frag, 4);
561 spin_unlock_irqrestore(&ieee->lock, flags);
564 if ((*ieee->hard_start_xmit) (txb, ieee->dev, priority) == 0) {
566 stats->tx_bytes += txb->payload_size;
569 ieee80211_txb_free(txb);
574 spin_unlock_irqrestore(&ieee->lock, flags);
579 EXPORT_SYMBOL(ieee80211_tx_frame);
580 EXPORT_SYMBOL(ieee80211_txb_free);