1 /******************************************************************************
3 Copyright(c) 2003 - 2005 Intel Corporation. All rights reserved.
5 This program is free software; you can redistribute it and/or modify it
6 under the terms of version 2 of the GNU General Public License as
7 published by the Free Software Foundation.
9 This program is distributed in the hope that it will be useful, but WITHOUT
10 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
14 You should have received a copy of the GNU General Public License along with
15 this program; if not, write to the Free Software Foundation, Inc., 59
16 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
18 The full GNU General Public License is included in this distribution in the
22 James P. Ketrenos <ipw2100-admin@linux.intel.com>
23 Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497
25 ******************************************************************************/
26 #include <linux/compiler.h>
27 #include <linux/config.h>
28 #include <linux/errno.h>
29 #include <linux/if_arp.h>
30 #include <linux/in6.h>
33 #include <linux/kernel.h>
34 #include <linux/module.h>
35 #include <linux/netdevice.h>
36 #include <linux/proc_fs.h>
37 #include <linux/skbuff.h>
38 #include <linux/slab.h>
39 #include <linux/tcp.h>
40 #include <linux/types.h>
41 #include <linux/version.h>
42 #include <linux/wireless.h>
43 #include <linux/etherdevice.h>
44 #include <asm/uaccess.h>
46 #include <net/ieee80211.h>
52 ,-------------------------------------------------------------------.
53 Bytes | 2 | 2 | 6 | 6 | 6 | 2 | 0..2312 | 4 |
54 |------|------|---------|---------|---------|------|---------|------|
55 Desc. | ctrl | dura | DA/RA | TA | SA | Sequ | Frame | fcs |
56 | | tion | (BSSID) | | | ence | data | |
57 `--------------------------------------------------| |------'
58 Total: 28 non-data bytes `----.----'
60 .- 'Frame data' expands to <---------------------------'
63 ,---------------------------------------------------.
64 Bytes | 1 | 1 | 1 | 3 | 2 | 0-2304 |
65 |------|------|---------|----------|------|---------|
66 Desc. | SNAP | SNAP | Control |Eth Tunnel| Type | IP |
67 | DSAP | SSAP | | | | Packet |
68 | 0xAA | 0xAA |0x03 (UI)|0x00-00-F8| | |
69 `-----------------------------------------| |
70 Total: 8 non-data bytes `----.----'
72 .- 'IP Packet' expands, if WEP enabled, to <--'
75 ,-----------------------.
76 Bytes | 4 | 0-2296 | 4 |
77 |-----|-----------|-----|
78 Desc. | IV | Encrypted | ICV |
80 `-----------------------'
81 Total: 8 non-data bytes
83 802.3 Ethernet Data Frame
85 ,-----------------------------------------.
86 Bytes | 6 | 6 | 2 | Variable | 4 |
87 |-------|-------|------|-----------|------|
88 Desc. | Dest. | Source| Type | IP Packet | fcs |
90 `-----------------------------------------'
91 Total: 18 non-data bytes
93 In the event that fragmentation is required, the incoming payload is split into
94 N parts of size ieee->fts. The first fragment contains the SNAP header and the
95 remaining packets are just data.
97 If encryption is enabled, each fragment payload size is reduced by enough space
98 to add the prefix and postfix (IV and ICV totalling 8 bytes in the case of WEP)
99 So if you have 1500 bytes of payload with ieee->fts set to 500 without
100 encryption it will take 3 frames. With WEP it will take 4 frames as the
101 payload of each frame is reduced to 492 bytes.
107 * | ETHERNET HEADER ,-<-- PAYLOAD
108 * | | 14 bytes from skb->data
109 * | 2 bytes for Type --> ,T. | (sizeof ethhdr)
111 * |,-Dest.--. ,--Src.---. | | |
112 * | 6 bytes| | 6 bytes | | | |
115 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
118 * | | | | `T' <---- 2 bytes for Type
120 * | | '---SNAP--' <-------- 6 bytes for SNAP
122 * `-IV--' <-------------------- 4 bytes for IV (WEP)
128 static u8 P802_1H_OUI[P80211_OUI_LEN] = { 0x00, 0x00, 0xf8 };
129 static u8 RFC1042_OUI[P80211_OUI_LEN] = { 0x00, 0x00, 0x00 };
131 static inline int ieee80211_copy_snap(u8 * data, u16 h_proto)
133 struct ieee80211_snap_hdr *snap;
136 snap = (struct ieee80211_snap_hdr *)data;
141 if (h_proto == 0x8137 || h_proto == 0x80f3)
145 snap->oui[0] = oui[0];
146 snap->oui[1] = oui[1];
147 snap->oui[2] = oui[2];
149 *(u16 *) (data + SNAP_SIZE) = htons(h_proto);
151 return SNAP_SIZE + sizeof(u16);
154 static inline int ieee80211_encrypt_fragment(struct ieee80211_device *ieee,
155 struct sk_buff *frag, int hdr_len)
157 struct ieee80211_crypt_data *crypt = ieee->crypt[ieee->tx_keyidx];
160 /* To encrypt, frame format is:
161 * IV (4 bytes), clear payload (including SNAP), ICV (4 bytes) */
162 atomic_inc(&crypt->refcnt);
164 if (crypt->ops->encrypt_mpdu)
165 res = crypt->ops->encrypt_mpdu(frag, hdr_len, crypt->priv);
167 atomic_dec(&crypt->refcnt);
169 printk(KERN_INFO "%s: Encryption failed: len=%d.\n",
170 ieee->dev->name, frag->len);
171 ieee->ieee_stats.tx_discards++;
178 void ieee80211_txb_free(struct ieee80211_txb *txb)
183 for (i = 0; i < txb->nr_frags; i++)
184 if (txb->fragments[i])
185 dev_kfree_skb_any(txb->fragments[i]);
189 static struct ieee80211_txb *ieee80211_alloc_txb(int nr_frags, int txb_size,
192 struct ieee80211_txb *txb;
194 txb = kmalloc(sizeof(struct ieee80211_txb) + (sizeof(u8 *) * nr_frags),
199 memset(txb, 0, sizeof(struct ieee80211_txb));
200 txb->nr_frags = nr_frags;
201 txb->frag_size = txb_size;
203 for (i = 0; i < nr_frags; i++) {
204 txb->fragments[i] = dev_alloc_skb(txb_size);
205 if (unlikely(!txb->fragments[i])) {
210 if (unlikely(i != nr_frags)) {
212 dev_kfree_skb_any(txb->fragments[i--]);
219 /* Incoming skb is converted to a txb which consists of
220 * a block of 802.11 fragment packets (stored as skbs) */
221 int ieee80211_xmit(struct sk_buff *skb, struct net_device *dev)
223 struct ieee80211_device *ieee = netdev_priv(dev);
224 struct ieee80211_txb *txb = NULL;
225 struct ieee80211_hdr_3addr *frag_hdr;
226 int i, bytes_per_frag, nr_frags, bytes_last_frag, frag_size,
229 struct net_device_stats *stats = &ieee->stats;
230 int ether_type, encrypt, host_encrypt, host_encrypt_msdu, host_build_iv;
231 int bytes, fc, hdr_len;
232 struct sk_buff *skb_frag;
233 struct ieee80211_hdr_3addr header = { /* Ensure zero initialized */
237 u8 dest[ETH_ALEN], src[ETH_ALEN];
238 struct ieee80211_crypt_data *crypt;
239 int priority = skb->priority;
242 if (ieee->is_queue_full && (*ieee->is_queue_full) (dev, priority))
243 return NETDEV_TX_BUSY;
245 spin_lock_irqsave(&ieee->lock, flags);
247 /* If there is no driver handler to take the TXB, dont' bother
249 if (!ieee->hard_start_xmit) {
250 printk(KERN_WARNING "%s: No xmit handler.\n", ieee->dev->name);
254 if (unlikely(skb->len < SNAP_SIZE + sizeof(u16))) {
255 printk(KERN_WARNING "%s: skb too small (%d).\n",
256 ieee->dev->name, skb->len);
260 ether_type = ntohs(((struct ethhdr *)skb->data)->h_proto);
262 crypt = ieee->crypt[ieee->tx_keyidx];
264 encrypt = !(ether_type == ETH_P_PAE && ieee->ieee802_1x) &&
267 host_encrypt = ieee->host_encrypt && encrypt;
268 host_encrypt_msdu = ieee->host_encrypt_msdu && encrypt;
269 host_build_iv = ieee->host_build_iv && encrypt;
271 if (!encrypt && ieee->ieee802_1x &&
272 ieee->drop_unencrypted && ether_type != ETH_P_PAE) {
277 /* Save source and destination addresses */
278 memcpy(dest, skb->data, ETH_ALEN);
279 memcpy(src, skb->data + ETH_ALEN, ETH_ALEN);
281 /* Advance the SKB to the start of the payload */
282 skb_pull(skb, sizeof(struct ethhdr));
284 /* Determine total amount of storage required for TXB packets */
285 bytes = skb->len + SNAP_SIZE + sizeof(u16);
288 fc = IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA |
289 IEEE80211_FCTL_PROTECTED;
291 fc = IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA;
293 if (ieee->iw_mode == IW_MODE_INFRA) {
294 fc |= IEEE80211_FCTL_TODS;
295 /* To DS: Addr1 = BSSID, Addr2 = SA, Addr3 = DA */
296 memcpy(header.addr1, ieee->bssid, ETH_ALEN);
297 memcpy(header.addr2, src, ETH_ALEN);
298 memcpy(header.addr3, dest, ETH_ALEN);
299 } else if (ieee->iw_mode == IW_MODE_ADHOC) {
300 /* not From/To DS: Addr1 = DA, Addr2 = SA, Addr3 = BSSID */
301 memcpy(header.addr1, dest, ETH_ALEN);
302 memcpy(header.addr2, src, ETH_ALEN);
303 memcpy(header.addr3, ieee->bssid, ETH_ALEN);
305 header.frame_ctl = cpu_to_le16(fc);
306 hdr_len = IEEE80211_3ADDR_LEN;
308 /* Encrypt msdu first on the whole data packet. */
309 if ((host_encrypt || host_encrypt_msdu) &&
310 crypt && crypt->ops && crypt->ops->encrypt_msdu) {
312 int len = bytes + hdr_len + crypt->ops->extra_msdu_prefix_len +
313 crypt->ops->extra_msdu_postfix_len;
314 struct sk_buff *skb_new = dev_alloc_skb(len);
316 if (unlikely(!skb_new))
319 skb_reserve(skb_new, crypt->ops->extra_msdu_prefix_len);
320 memcpy(skb_put(skb_new, hdr_len), &header, hdr_len);
322 ieee80211_copy_snap(skb_put(skb_new, SNAP_SIZE + sizeof(u16)),
324 memcpy(skb_put(skb_new, skb->len), skb->data, skb->len);
325 res = crypt->ops->encrypt_msdu(skb_new, hdr_len, crypt->priv);
327 IEEE80211_ERROR("msdu encryption failed\n");
328 dev_kfree_skb_any(skb_new);
331 dev_kfree_skb_any(skb);
333 bytes += crypt->ops->extra_msdu_prefix_len +
334 crypt->ops->extra_msdu_postfix_len;
335 skb_pull(skb, hdr_len);
338 if (host_encrypt || ieee->host_open_frag) {
339 /* Determine fragmentation size based on destination (multicast
340 * and broadcast are not fragmented) */
341 if (is_multicast_ether_addr(dest))
342 frag_size = MAX_FRAG_THRESHOLD;
344 frag_size = ieee->fts;
346 /* Determine amount of payload per fragment. Regardless of if
347 * this stack is providing the full 802.11 header, one will
348 * eventually be affixed to this fragment -- so we must account
349 * for it when determining the amount of payload space. */
350 bytes_per_frag = frag_size - IEEE80211_3ADDR_LEN;
352 (CFG_IEEE80211_COMPUTE_FCS | CFG_IEEE80211_RESERVE_FCS))
353 bytes_per_frag -= IEEE80211_FCS_LEN;
355 /* Each fragment may need to have room for encryptiong
358 bytes_per_frag -= crypt->ops->extra_mpdu_prefix_len +
359 crypt->ops->extra_mpdu_postfix_len;
361 /* Number of fragments is the total
362 * bytes_per_frag / payload_per_fragment */
363 nr_frags = bytes / bytes_per_frag;
364 bytes_last_frag = bytes % bytes_per_frag;
368 bytes_last_frag = bytes_per_frag;
371 bytes_per_frag = bytes_last_frag = bytes;
372 frag_size = bytes + IEEE80211_3ADDR_LEN;
375 rts_required = (frag_size > ieee->rts
376 && ieee->config & CFG_IEEE80211_RTS);
380 /* When we allocate the TXB we allocate enough space for the reserve
381 * and full fragment bytes (bytes_per_frag doesn't include prefix,
382 * postfix, header, FCS, etc.) */
383 txb = ieee80211_alloc_txb(nr_frags, frag_size, GFP_ATOMIC);
384 if (unlikely(!txb)) {
385 printk(KERN_WARNING "%s: Could not allocate TXB\n",
389 txb->encrypted = encrypt;
391 txb->payload_size = frag_size * (nr_frags - 1) +
394 txb->payload_size = bytes;
397 skb_frag = txb->fragments[0];
399 (struct ieee80211_hdr_3addr *)skb_put(skb_frag, hdr_len);
402 * Set header frame_ctl to the RTS.
405 cpu_to_le16(IEEE80211_FTYPE_CTL | IEEE80211_STYPE_RTS);
406 memcpy(frag_hdr, &header, hdr_len);
409 * Restore header frame_ctl to the original data setting.
411 header.frame_ctl = cpu_to_le16(fc);
414 (CFG_IEEE80211_COMPUTE_FCS | CFG_IEEE80211_RESERVE_FCS))
415 skb_put(skb_frag, 4);
417 txb->rts_included = 1;
422 for (; i < nr_frags; i++) {
423 skb_frag = txb->fragments[i];
425 if (host_encrypt || host_build_iv)
426 skb_reserve(skb_frag,
427 crypt->ops->extra_mpdu_prefix_len);
430 (struct ieee80211_hdr_3addr *)skb_put(skb_frag, hdr_len);
431 memcpy(frag_hdr, &header, hdr_len);
433 /* If this is not the last fragment, then add the MOREFRAGS
434 * bit to the frame control */
435 if (i != nr_frags - 1) {
436 frag_hdr->frame_ctl =
437 cpu_to_le16(fc | IEEE80211_FCTL_MOREFRAGS);
438 bytes = bytes_per_frag;
440 /* The last fragment takes the remaining length */
441 bytes = bytes_last_frag;
444 if (i == 0 && !snapped) {
445 ieee80211_copy_snap(skb_put
446 (skb_frag, SNAP_SIZE + sizeof(u16)),
448 bytes -= SNAP_SIZE + sizeof(u16);
451 memcpy(skb_put(skb_frag, bytes), skb->data, bytes);
453 /* Advance the SKB... */
454 skb_pull(skb, bytes);
456 /* Encryption routine will move the header forward in order
457 * to insert the IV between the header and the payload */
459 ieee80211_encrypt_fragment(ieee, skb_frag, hdr_len);
460 else if (host_build_iv) {
461 struct ieee80211_crypt_data *crypt;
463 crypt = ieee->crypt[ieee->tx_keyidx];
464 atomic_inc(&crypt->refcnt);
465 if (crypt->ops->build_iv)
466 crypt->ops->build_iv(skb_frag, hdr_len,
468 atomic_dec(&crypt->refcnt);
472 (CFG_IEEE80211_COMPUTE_FCS | CFG_IEEE80211_RESERVE_FCS))
473 skb_put(skb_frag, 4);
477 spin_unlock_irqrestore(&ieee->lock, flags);
479 dev_kfree_skb_any(skb);
482 int ret = (*ieee->hard_start_xmit) (txb, dev, priority);
485 stats->tx_bytes += txb->payload_size;
489 if (ret == NETDEV_TX_BUSY) {
490 printk(KERN_ERR "%s: NETDEV_TX_BUSY returned; "
491 "driver should report queue full via "
492 "ieee_device->is_queue_full.\n",
496 ieee80211_txb_free(txb);
502 spin_unlock_irqrestore(&ieee->lock, flags);
503 netif_stop_queue(dev);
508 /* Incoming 802.11 strucure is converted to a TXB
509 * a block of 802.11 fragment packets (stored as skbs) */
510 int ieee80211_tx_frame(struct ieee80211_device *ieee,
511 struct ieee80211_hdr *frame, int len)
513 struct ieee80211_txb *txb = NULL;
515 struct net_device_stats *stats = &ieee->stats;
516 struct sk_buff *skb_frag;
519 spin_lock_irqsave(&ieee->lock, flags);
521 /* If there is no driver handler to take the TXB, dont' bother
523 if (!ieee->hard_start_xmit) {
524 printk(KERN_WARNING "%s: No xmit handler.\n", ieee->dev->name);
528 if (unlikely(len < 24)) {
529 printk(KERN_WARNING "%s: skb too small (%d).\n",
530 ieee->dev->name, len);
534 /* When we allocate the TXB we allocate enough space for the reserve
535 * and full fragment bytes (bytes_per_frag doesn't include prefix,
536 * postfix, header, FCS, etc.) */
537 txb = ieee80211_alloc_txb(1, len, GFP_ATOMIC);
538 if (unlikely(!txb)) {
539 printk(KERN_WARNING "%s: Could not allocate TXB\n",
544 txb->payload_size = len;
546 skb_frag = txb->fragments[0];
548 memcpy(skb_put(skb_frag, len), frame, len);
551 (CFG_IEEE80211_COMPUTE_FCS | CFG_IEEE80211_RESERVE_FCS))
552 skb_put(skb_frag, 4);
555 spin_unlock_irqrestore(&ieee->lock, flags);
558 if ((*ieee->hard_start_xmit) (txb, ieee->dev, priority) == 0) {
560 stats->tx_bytes += txb->payload_size;
563 ieee80211_txb_free(txb);
568 spin_unlock_irqrestore(&ieee->lock, flags);
573 EXPORT_SYMBOL(ieee80211_tx_frame);
574 EXPORT_SYMBOL(ieee80211_txb_free);