/* * Copyright 2002-2005, Instant802 Networks, Inc. * Copyright 2005-2006, D

1. /*
2. * Copyright 2002-2005, Instant802 Networks, Inc.
3. * Copyright 2005-2006, Devicescape Software, Inc.
4. * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
5. * Copyright 2007 Johannes Berg <johannes@sipsolutions.net>
6. * Copyright 2013-2014 Intel Mobile Communications GmbH
7. *
8. * This program is free software; you can redistribute it and/or modify
9. * it under the terms of the GNU General Public License version 2 as
10. * published by the Free Software Foundation.
11. *
12. *
13. * Transmit and frame generation functions.
14. */
15.  
16. #include <linux/kernel.h>
17. #include <linux/slab.h>
18. #include <linux/skbuff.h>
19. #include <linux/etherdevice.h>
20. #include <linux/bitmap.h>
21. #include <linux/rcupdate.h>
22. #include <linux/export.h>
23. #include <net/net_namespace.h>
24. #include <net/ieee80211_radiotap.h>
25. #include <net/cfg80211.h>
26. #include <net/mac80211.h>
27. #include <net/codel.h>
28. #include <net/codel_impl.h>
29. #include <asm/unaligned.h>
30. #include <net/fq_impl.h>
31.  
32. #include "ieee80211_i.h"
33. #include "driver-ops.h"
34. #include "led.h"
35. #include "mesh.h"
36. #include "wep.h"
37. #include "wpa.h"
38. #include "wme.h"
39. #include "rate.h"
40.  
41. /* misc utils */
42.  
43. static inline void ieee80211_tx_stats(struct net_device *dev, u32 len)
44. {
45. struct pcpu_sw_netstats *tstats = this_cpu_ptr(dev->tstats);
46.  
47. u64_stats_update_begin(&tstats->syncp);
48. tstats->tx_packets++;
49. tstats->tx_bytes += len;
50. u64_stats_update_end(&tstats->syncp);
51. }
52.  
53. static __le16 ieee80211_duration(struct ieee80211_tx_data *tx,
54. struct sk_buff *skb, int group_addr,
55. int next_frag_len)
56. {
57. int rate, mrate, erp, dur, i, shift = 0;
58. struct ieee80211_rate *txrate;
59. struct ieee80211_local *local = tx->local;
60. struct ieee80211_supported_band *sband;
61. struct ieee80211_hdr *hdr;
62. struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
63. struct ieee80211_chanctx_conf *chanctx_conf;
64. u32 rate_flags = 0;
65.  
66. rcu_read_lock();
67. chanctx_conf = rcu_dereference(tx->sdata->vif.chanctx_conf);
68. if (chanctx_conf) {
69. shift = ieee80211_chandef_get_shift(&chanctx_conf->def);
70. rate_flags = ieee80211_chandef_rate_flags(&chanctx_conf->def);
71. }
72. rcu_read_unlock();
73.  
74. /* assume HW handles this */
75. if (tx->rate.flags & (IEEE80211_TX_RC_MCS | IEEE80211_TX_RC_VHT_MCS))
76. return 0;
77.  
78. /* uh huh? */
79. if (WARN_ON_ONCE(tx->rate.idx < 0))
80. return 0;
81.  
82. sband = local->hw.wiphy->bands[info->band];
83. txrate = &sband->bitrates[tx->rate.idx];
84.  
85. erp = txrate->flags & IEEE80211_RATE_ERP_G;
86.  
87. /*
88. * data and mgmt (except PS Poll):
89. * - during CFP: 32768
90. * - during contention period:
91. * if addr1 is group address: 0
92. * if more fragments = 0 and addr1 is individual address: time to
93. * transmit one ACK plus SIFS
94. * if more fragments = 1 and addr1 is individual address: time to
95. * transmit next fragment plus 2 x ACK plus 3 x SIFS
96. *
97. * IEEE 802.11, 9.6:
98. * - control response frame (CTS or ACK) shall be transmitted using the
99. * same rate as the immediately previous frame in the frame exchange
100. * sequence, if this rate belongs to the PHY mandatory rates, or else
101. * at the highest possible rate belonging to the PHY rates in the
102. * BSSBasicRateSet
103. */
104. hdr = (struct ieee80211_hdr *)skb->data;
105. if (ieee80211_is_ctl(hdr->frame_control)) {
106. /* TODO: These control frames are not currently sent by
107. * mac80211, but should they be implemented, this function
108. * needs to be updated to support duration field calculation.
109. *
110. * RTS: time needed to transmit pending data/mgmt frame plus
111. * one CTS frame plus one ACK frame plus 3 x SIFS
112. * CTS: duration of immediately previous RTS minus time
113. * required to transmit CTS and its SIFS
114. * ACK: 0 if immediately previous directed data/mgmt had
115. * more=0, with more=1 duration in ACK frame is duration
116. * from previous frame minus time needed to transmit ACK
117. * and its SIFS
118. * PS Poll: BIT(15) | BIT(14) | aid
119. */
120. return 0;
121. }
122.  
123. /* data/mgmt */
124. if (0 /* FIX: data/mgmt during CFP */)
125. return cpu_to_le16(32768);
126.  
127. if (group_addr) /* Group address as the destination - no ACK */
128. return 0;
129.  
130. /* Individual destination address:
131. * IEEE 802.11, Ch. 9.6 (after IEEE 802.11g changes)
132. * CTS and ACK frames shall be transmitted using the highest rate in
133. * basic rate set that is less than or equal to the rate of the
134. * immediately previous frame and that is using the same modulation
135. * (CCK or OFDM). If no basic rate set matches with these requirements,
136. * the highest mandatory rate of the PHY that is less than or equal to
137. * the rate of the previous frame is used.
138. * Mandatory rates for IEEE 802.11g PHY: 1, 2, 5.5, 11, 6, 12, 24 Mbps
139. */
140. rate = -1;
141. /* use lowest available if everything fails */
142. mrate = sband->bitrates[0].bitrate;
143. for (i = 0; i < sband->n_bitrates; i++) {
144. struct ieee80211_rate *r = &sband->bitrates[i];
145.  
146. if (r->bitrate > txrate->bitrate)
147. break;
148.  
149. if ((rate_flags & r->flags) != rate_flags)
150. continue;
151.  
152. if (tx->sdata->vif.bss_conf.basic_rates & BIT(i))
153. rate = DIV_ROUND_UP(r->bitrate, 1 << shift);
154.  
155. switch (sband->band) {
156. case NL80211_BAND_2GHZ: {
157. u32 flag;
158. if (tx->sdata->flags & IEEE80211_SDATA_OPERATING_GMODE)
159. flag = IEEE80211_RATE_MANDATORY_G;
160. else
161. flag = IEEE80211_RATE_MANDATORY_B;
162. if (r->flags & flag)
163. mrate = r->bitrate;
164. break;
165. }
166. case NL80211_BAND_5GHZ:
167. if (r->flags & IEEE80211_RATE_MANDATORY_A)
168. mrate = r->bitrate;
169. break;
170. case NL80211_BAND_60GHZ:
171. /* TODO, for now fall through */
172. case NUM_NL80211_BANDS:
173. WARN_ON(1);
174. break;
175. }
176. }
177. if (rate == -1) {
178. /* No matching basic rate found; use highest suitable mandatory
179. * PHY rate */
180. rate = DIV_ROUND_UP(mrate, 1 << shift);
181. }
182.  
183. /* Don't calculate ACKs for QoS Frames with NoAck Policy set */
184. if (ieee80211_is_data_qos(hdr->frame_control) &&
185. *(ieee80211_get_qos_ctl(hdr)) & IEEE80211_QOS_CTL_ACK_POLICY_NOACK)
186. dur = 0;
187. else
188. /* Time needed to transmit ACK
189. * (10 bytes + 4-byte FCS = 112 bits) plus SIFS; rounded up
190. * to closest integer */
191. dur = ieee80211_frame_duration(sband->band, 10, rate, erp,
192. tx->sdata->vif.bss_conf.use_short_preamble,
193. shift);
194.  
195. if (next_frag_len) {
196. /* Frame is fragmented: duration increases with time needed to
197. * transmit next fragment plus ACK and 2 x SIFS. */
198. dur *= 2; /* ACK + SIFS */
199. /* next fragment */
200. dur += ieee80211_frame_duration(sband->band, next_frag_len,
201. txrate->bitrate, erp,
202. tx->sdata->vif.bss_conf.use_short_preamble,
203. shift);
204. }
205.  
206. return cpu_to_le16(dur);
207. }
208.  
209. /* tx handlers */
210. static ieee80211_tx_result debug_noinline
211. ieee80211_tx_h_dynamic_ps(struct ieee80211_tx_data *tx)
212. {
213. struct ieee80211_local *local = tx->local;
214. struct ieee80211_if_managed *ifmgd;
215.  
216. /* driver doesn't support power save */
217. if (!ieee80211_hw_check(&local->hw, SUPPORTS_PS))
218. return TX_CONTINUE;
219.  
220. /* hardware does dynamic power save */
221. if (ieee80211_hw_check(&local->hw, SUPPORTS_DYNAMIC_PS))
222. return TX_CONTINUE;
223.  
224. /* dynamic power save disabled */
225. if (local->hw.conf.dynamic_ps_timeout <= 0)
226. return TX_CONTINUE;
227.  
228. /* we are scanning, don't enable power save */
229. if (local->scanning)
230. return TX_CONTINUE;
231.  
232. if (!local->ps_sdata)
233. return TX_CONTINUE;
234.  
235. /* No point if we're going to suspend */
236. if (local->quiescing)
237. return TX_CONTINUE;
238.  
239. /* dynamic ps is supported only in managed mode */
240. if (tx->sdata->vif.type != NL80211_IFTYPE_STATION)
241. return TX_CONTINUE;
242.  
243. ifmgd = &tx->sdata->u.mgd;
244.  
245. /*
246. * Don't wakeup from power save if u-apsd is enabled, voip ac has
247. * u-apsd enabled and the frame is in voip class. This effectively
248. * means that even if all access categories have u-apsd enabled, in
249. * practise u-apsd is only used with the voip ac. This is a
250. * workaround for the case when received voip class packets do not
251. * have correct qos tag for some reason, due the network or the
252. * peer application.
253. *
254. * Note: ifmgd->uapsd_queues access is racy here. If the value is
255. * changed via debugfs, user needs to reassociate manually to have
256. * everything in sync.
257. */
258. if ((ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED) &&
259. (ifmgd->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO) &&
260. skb_get_queue_mapping(tx->skb) == IEEE80211_AC_VO)
261. return TX_CONTINUE;
262.  
263. if (local->hw.conf.flags & IEEE80211_CONF_PS) {
264. ieee80211_stop_queues_by_reason(&local->hw,
265. IEEE80211_MAX_QUEUE_MAP,
266. IEEE80211_QUEUE_STOP_REASON_PS,
267. false);
268. ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED;
269. ieee80211_queue_work(&local->hw,
270. &local->dynamic_ps_disable_work);
271. }
272.  
273. /* Don't restart the timer if we're not disassociated */
274. if (!ifmgd->associated)
275. return TX_CONTINUE;
276.  
277. mod_timer(&local->dynamic_ps_timer, jiffies +
278. msecs_to_jiffies(local->hw.conf.dynamic_ps_timeout));
279.  
280. return TX_CONTINUE;
281. }
282.  
283. static ieee80211_tx_result debug_noinline
284. ieee80211_tx_h_check_assoc(struct ieee80211_tx_data *tx)
285. {
286.  
287. struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
288. struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
289. bool assoc = false;
290.  
291. if (unlikely(info->flags & IEEE80211_TX_CTL_INJECTED))
292. return TX_CONTINUE;
293.  
294. if (unlikely(test_bit(SCAN_SW_SCANNING, &tx->local->scanning)) &&
295. test_bit(SDATA_STATE_OFFCHANNEL, &tx->sdata->state) &&
296. !ieee80211_is_probe_req(hdr->frame_control) &&
297. !ieee80211_is_nullfunc(hdr->frame_control))
298. /*
299. * When software scanning only nullfunc frames (to notify
300. * the sleep state to the AP) and probe requests (for the
301. * active scan) are allowed, all other frames should not be
302. * sent and we should not get here, but if we do
303. * nonetheless, drop them to avoid sending them
304. * off-channel. See the link below and
305. * ieee80211_start_scan() for more.
306. *
307. * http://article.gmane.org/gmane.linux.kernel.wireless.general/30089
308. */
309. return TX_DROP;
310.  
311. if (tx->sdata->vif.type == NL80211_IFTYPE_OCB)
312. return TX_CONTINUE;
313.  
314. if (tx->sdata->vif.type == NL80211_IFTYPE_WDS)
315. return TX_CONTINUE;
316.  
317. if (tx->flags & IEEE80211_TX_PS_BUFFERED)
318. return TX_CONTINUE;
319.  
320. if (tx->sta)
321. assoc = test_sta_flag(tx->sta, WLAN_STA_ASSOC);
322.  
323. if (likely(tx->flags & IEEE80211_TX_UNICAST)) {
324. if (unlikely(!assoc &&
325. ieee80211_is_data(hdr->frame_control))) {
326. #ifdef CONFIG_MAC80211_VERBOSE_DEBUG
327. sdata_info(tx->sdata,
328. "dropped data frame to not associated station %pM\n",
329. hdr->addr1);
330. #endif
331. I802_DEBUG_INC(tx->local->tx_handlers_drop_not_assoc);
332. return TX_DROP;
333. }
334. } else if (unlikely(tx->sdata->vif.type == NL80211_IFTYPE_AP &&
335. ieee80211_is_data(hdr->frame_control) &&
336. !atomic_read(&tx->sdata->u.ap.num_mcast_sta))) {
337. /*
338. * No associated STAs - no need to send multicast
339. * frames.
340. */
341. return TX_DROP;
342. }
343.  
344. return TX_CONTINUE;
345. }
346.  
347. /* This function is called whenever the AP is about to exceed the maximum limit
348. * of buffered frames for power saving STAs. This situation should not really
349. * happen often during normal operation, so dropping the oldest buffered packet
350. * from each queue should be OK to make some room for new frames. */
351. static void purge_old_ps_buffers(struct ieee80211_local *local)
352. {
353. int total = 0, purged = 0;
354. struct sk_buff *skb;
355. struct ieee80211_sub_if_data *sdata;
356. struct sta_info *sta;
357.  
358. list_for_each_entry_rcu(sdata, &local->interfaces, list) {
359. struct ps_data *ps;
360.  
361. if (sdata->vif.type == NL80211_IFTYPE_AP)
362. ps = &sdata->u.ap.ps;
363. else if (ieee80211_vif_is_mesh(&sdata->vif))
364. ps = &sdata->u.mesh.ps;
365. else
366. continue;
367.  
368. skb = skb_dequeue(&ps->bc_buf);
369. if (skb) {
370. purged++;
371. ieee80211_free_txskb(&local->hw, skb);
372. }
373. total += skb_queue_len(&ps->bc_buf);
374. }
375.  
376. /*
377. * Drop one frame from each station from the lowest-priority
378. * AC that has frames at all.
379. */
380. list_for_each_entry_rcu(sta, &local->sta_list, list) {
381. int ac;
382.  
383. for (ac = IEEE80211_AC_BK; ac >= IEEE80211_AC_VO; ac--) {
384. skb = skb_dequeue(&sta->ps_tx_buf[ac]);
385. total += skb_queue_len(&sta->ps_tx_buf[ac]);
386. if (skb) {
387. purged++;
388. ieee80211_free_txskb(&local->hw, skb);
389. break;
390. }
391. }
392. }
393.  
394. local->total_ps_buffered = total;
395. ps_dbg_hw(&local->hw, "PS buffers full - purged %d frames\n", purged);
396. }
397.  
398. static ieee80211_tx_result
399. ieee80211_tx_h_multicast_ps_buf(struct ieee80211_tx_data *tx)
400. {
401. struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
402. struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
403. struct ps_data *ps;
404.  
405. /*
406. * broadcast/multicast frame
407. *
408. * If any of the associated/peer stations is in power save mode,
409. * the frame is buffered to be sent after DTIM beacon frame.
410. * This is done either by the hardware or us.
411. */
412.  
413. /* powersaving STAs currently only in AP/VLAN/mesh mode */
414. if (tx->sdata->vif.type == NL80211_IFTYPE_AP ||
415. tx->sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
416. if (!tx->sdata->bss)
417. return TX_CONTINUE;
418.  
419. ps = &tx->sdata->bss->ps;
420. } else if (ieee80211_vif_is_mesh(&tx->sdata->vif)) {
421. ps = &tx->sdata->u.mesh.ps;
422. } else {
423. return TX_CONTINUE;
424. }
425.  
426.  
427. /* no buffering for ordered frames */
428. if (ieee80211_has_order(hdr->frame_control))
429. return TX_CONTINUE;
430.  
431. if (ieee80211_is_probe_req(hdr->frame_control))
432. return TX_CONTINUE;
433.  
434. if (ieee80211_hw_check(&tx->local->hw, QUEUE_CONTROL))
435. info->hw_queue = tx->sdata->vif.cab_queue;
436.  
437. /* no stations in PS mode */
438. if (!atomic_read(&ps->num_sta_ps))
439. return TX_CONTINUE;
440.  
441. info->flags |= IEEE80211_TX_CTL_SEND_AFTER_DTIM;
442.  
443. /* device releases frame after DTIM beacon */
444. if (!ieee80211_hw_check(&tx->local->hw, HOST_BROADCAST_PS_BUFFERING))
445. return TX_CONTINUE;
446.  
447. /* buffered in mac80211 */
448. if (tx->local->total_ps_buffered >= TOTAL_MAX_TX_BUFFER)
449. purge_old_ps_buffers(tx->local);
450.  
451. if (skb_queue_len(&ps->bc_buf) >= AP_MAX_BC_BUFFER) {
452. ps_dbg(tx->sdata,
453. "BC TX buffer full - dropping the oldest frame\n");
454. ieee80211_free_txskb(&tx->local->hw, skb_dequeue(&ps->bc_buf));
455. } else
456. tx->local->total_ps_buffered++;
457.  
458. skb_queue_tail(&ps->bc_buf, tx->skb);
459.  
460. return TX_QUEUED;
461. }
462.  
463. static int ieee80211_use_mfp(__le16 fc, struct sta_info *sta,
464. struct sk_buff *skb)
465. {
466. if (!ieee80211_is_mgmt(fc))
467. return 0;
468.  
469. if (sta == NULL || !test_sta_flag(sta, WLAN_STA_MFP))
470. return 0;
471.  
472. if (!ieee80211_is_robust_mgmt_frame(skb))
473. return 0;
474.  
475. return 1;
476. }
477.  
478. static ieee80211_tx_result
479. ieee80211_tx_h_unicast_ps_buf(struct ieee80211_tx_data *tx)
480. {
481. struct sta_info *sta = tx->sta;
482. struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
483. struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
484. struct ieee80211_local *local = tx->local;
485.  
486. if (unlikely(!sta))
487. return TX_CONTINUE;
488.  
489. if (unlikely((test_sta_flag(sta, WLAN_STA_PS_STA) ||
490. test_sta_flag(sta, WLAN_STA_PS_DRIVER) ||
491. test_sta_flag(sta, WLAN_STA_PS_DELIVER)) &&
492. !(info->flags & IEEE80211_TX_CTL_NO_PS_BUFFER))) {
493. int ac = skb_get_queue_mapping(tx->skb);
494.  
495. if (ieee80211_is_mgmt(hdr->frame_control) &&
496. !ieee80211_is_bufferable_mmpdu(hdr->frame_control)) {
497. info->flags |= IEEE80211_TX_CTL_NO_PS_BUFFER;
498. return TX_CONTINUE;
499. }
500.  
501. ps_dbg(sta->sdata, "STA %pM aid %d: PS buffer for AC %d\n",
502. sta->sta.addr, sta->sta.aid, ac);
503. if (tx->local->total_ps_buffered >= TOTAL_MAX_TX_BUFFER)
504. purge_old_ps_buffers(tx->local);
505.  
506. /* sync with ieee80211_sta_ps_deliver_wakeup */
507. spin_lock(&sta->ps_lock);
508. /*
509. * STA woke up the meantime and all the frames on ps_tx_buf have
510. * been queued to pending queue. No reordering can happen, go
511. * ahead and Tx the packet.
512. */
513. if (!test_sta_flag(sta, WLAN_STA_PS_STA) &&
514. !test_sta_flag(sta, WLAN_STA_PS_DRIVER) &&
515. !test_sta_flag(sta, WLAN_STA_PS_DELIVER)) {
516. spin_unlock(&sta->ps_lock);
517. return TX_CONTINUE;
518. }
519.  
520. if (skb_queue_len(&sta->ps_tx_buf[ac]) >= STA_MAX_TX_BUFFER) {
521. struct sk_buff *old = skb_dequeue(&sta->ps_tx_buf[ac]);
522. ps_dbg(tx->sdata,
523. "STA %pM TX buffer for AC %d full - dropping oldest frame\n",
524. sta->sta.addr, ac);
525. ieee80211_free_txskb(&local->hw, old);
526. } else
527. tx->local->total_ps_buffered++;
528.  
529. info->control.jiffies = jiffies;
530. info->control.vif = &tx->sdata->vif;
531. info->flags |= IEEE80211_TX_INTFL_NEED_TXPROCESSING;
532. info->flags &= ~IEEE80211_TX_TEMPORARY_FLAGS;
533. skb_queue_tail(&sta->ps_tx_buf[ac], tx->skb);
534. spin_unlock(&sta->ps_lock);
535.  
536. if (!timer_pending(&local->sta_cleanup))
537. mod_timer(&local->sta_cleanup,
538. round_jiffies(jiffies +
539. STA_INFO_CLEANUP_INTERVAL));
540.  
541. /*
542. * We queued up some frames, so the TIM bit might
543. * need to be set, recalculate it.
544. */
545. sta_info_recalc_tim(sta);
546.  
547. return TX_QUEUED;
548. } else if (unlikely(test_sta_flag(sta, WLAN_STA_PS_STA))) {
549. ps_dbg(tx->sdata,
550. "STA %pM in PS mode, but polling/in SP -> send frame\n",
551. sta->sta.addr);
552. }
553.  
554. return TX_CONTINUE;
555. }
556.  
557. static ieee80211_tx_result debug_noinline
558. ieee80211_tx_h_ps_buf(struct ieee80211_tx_data *tx)
559. {
560. if (unlikely(tx->flags & IEEE80211_TX_PS_BUFFERED))
561. return TX_CONTINUE;
562.  
563. if (tx->flags & IEEE80211_TX_UNICAST)
564. return ieee80211_tx_h_unicast_ps_buf(tx);
565. else
566. return ieee80211_tx_h_multicast_ps_buf(tx);
567. }
568.  
569. static ieee80211_tx_result debug_noinline
570. ieee80211_tx_h_check_control_port_protocol(struct ieee80211_tx_data *tx)
571. {
572. struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
573.  
574. if (unlikely(tx->sdata->control_port_protocol == tx->skb->protocol)) {
575. if (tx->sdata->control_port_no_encrypt)
576. info->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
577. info->control.flags |= IEEE80211_TX_CTRL_PORT_CTRL_PROTO;
578. info->flags |= IEEE80211_TX_CTL_USE_MINRATE;
579. }
580.  
581. return TX_CONTINUE;
582. }
583.  
584. static ieee80211_tx_result debug_noinline
585. ieee80211_tx_h_select_key(struct ieee80211_tx_data *tx)
586. {
587. struct ieee80211_key *key;
588. struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
589. struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
590.  
591. if (unlikely(info->flags & IEEE80211_TX_INTFL_DONT_ENCRYPT))
592. tx->key = NULL;
593. else if (tx->sta &&
594. (key = rcu_dereference(tx->sta->ptk[tx->sta->ptk_idx])))
595. tx->key = key;
596. else if (ieee80211_is_group_privacy_action(tx->skb) &&
597. (key = rcu_dereference(tx->sdata->default_multicast_key)))
598. tx->key = key;
599. else if (ieee80211_is_mgmt(hdr->frame_control) &&
600. is_multicast_ether_addr(hdr->addr1) &&
601. ieee80211_is_robust_mgmt_frame(tx->skb) &&
602. (key = rcu_dereference(tx->sdata->default_mgmt_key)))
603. tx->key = key;
604. else if (is_multicast_ether_addr(hdr->addr1) &&
605. (key = rcu_dereference(tx->sdata->default_multicast_key)))
606. tx->key = key;
607. else if (!is_multicast_ether_addr(hdr->addr1) &&
608. (key = rcu_dereference(tx->sdata->default_unicast_key)))
609. tx->key = key;
610. else
611. tx->key = NULL;
612.  
613. if (tx->key) {
614. bool skip_hw = false;
615.  
616. /* TODO: add threshold stuff again */
617.  
618. switch (tx->key->conf.cipher) {
619. case WLAN_CIPHER_SUITE_WEP40:
620. case WLAN_CIPHER_SUITE_WEP104:
621. case WLAN_CIPHER_SUITE_TKIP:
622. if (!ieee80211_is_data_present(hdr->frame_control))
623. tx->key = NULL;
624. break;
625. case WLAN_CIPHER_SUITE_CCMP:
626. case WLAN_CIPHER_SUITE_CCMP_256:
627. case WLAN_CIPHER_SUITE_GCMP:
628. case WLAN_CIPHER_SUITE_GCMP_256:
629. if (!ieee80211_is_data_present(hdr->frame_control) &&
630. !ieee80211_use_mfp(hdr->frame_control, tx->sta,
631. tx->skb) &&
632. !ieee80211_is_group_privacy_action(tx->skb))
633. tx->key = NULL;
634. else
635. skip_hw = (tx->key->conf.flags &
636. IEEE80211_KEY_FLAG_SW_MGMT_TX) &&
637. ieee80211_is_mgmt(hdr->frame_control);
638. break;
639. case WLAN_CIPHER_SUITE_AES_CMAC:
640. case WLAN_CIPHER_SUITE_BIP_CMAC_256:
641. case WLAN_CIPHER_SUITE_BIP_GMAC_128:
642. case WLAN_CIPHER_SUITE_BIP_GMAC_256:
643. if (!ieee80211_is_mgmt(hdr->frame_control))
644. tx->key = NULL;
645. break;
646. }
647.  
648. if (unlikely(tx->key && tx->key->flags & KEY_FLAG_TAINTED &&
649. !ieee80211_is_deauth(hdr->frame_control)))
650. return TX_DROP;
651.  
652. if (!skip_hw && tx->key &&
653. tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE)
654. info->control.hw_key = &tx->key->conf;
655. }
656.  
657. return TX_CONTINUE;
658. }
659.  
660. static ieee80211_tx_result debug_noinline
661. ieee80211_tx_h_rate_ctrl(struct ieee80211_tx_data *tx)
662. {
663. struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
664. struct ieee80211_hdr *hdr = (void *)tx->skb->data;
665. struct ieee80211_supported_band *sband;
666. u32 len;
667. struct ieee80211_tx_rate_control txrc;
668. struct ieee80211_sta_rates *ratetbl = NULL;
669. bool assoc = false;
670.  
671. memset(&txrc, 0, sizeof(txrc));
672.  
673. sband = tx->local->hw.wiphy->bands[info->band];
674.  
675. len = min_t(u32, tx->skb->len + FCS_LEN,
676. tx->local->hw.wiphy->frag_threshold);
677.  
678. /* set up the tx rate control struct we give the RC algo */
679. txrc.hw = &tx->local->hw;
680. txrc.sband = sband;
681. txrc.bss_conf = &tx->sdata->vif.bss_conf;
682. txrc.skb = tx->skb;
683. txrc.reported_rate.idx = -1;
684. txrc.rate_idx_mask = tx->sdata->rc_rateidx_mask[info->band];
685. if (txrc.rate_idx_mask == (1 << sband->n_bitrates) - 1)
686. txrc.max_rate_idx = -1;
687. else
688. txrc.max_rate_idx = fls(txrc.rate_idx_mask) - 1;
689.  
690. if (tx->sdata->rc_has_mcs_mask[info->band])
691. txrc.rate_idx_mcs_mask =
692. tx->sdata->rc_rateidx_mcs_mask[info->band];
693.  
694. txrc.bss = (tx->sdata->vif.type == NL80211_IFTYPE_AP ||
695. tx->sdata->vif.type == NL80211_IFTYPE_MESH_POINT ||
696. tx->sdata->vif.type == NL80211_IFTYPE_ADHOC ||
697. tx->sdata->vif.type == NL80211_IFTYPE_OCB);
698.  
699. /* set up RTS protection if desired */
700. if (len > tx->local->hw.wiphy->rts_threshold) {
701. txrc.rts = true;
702. }
703.  
704. info->control.use_rts = txrc.rts;
705. info->control.use_cts_prot = tx->sdata->vif.bss_conf.use_cts_prot;
706.  
707. /*
708. * Use short preamble if the BSS can handle it, but not for
709. * management frames unless we know the receiver can handle
710. * that -- the management frame might be to a station that
711. * just wants a probe response.
712. */
713. if (tx->sdata->vif.bss_conf.use_short_preamble &&
714. (ieee80211_is_data(hdr->frame_control) ||
715. (tx->sta && test_sta_flag(tx->sta, WLAN_STA_SHORT_PREAMBLE))))
716. txrc.short_preamble = true;
717.  
718. info->control.short_preamble = txrc.short_preamble;
719.  
720. /* don't ask rate control when rate already injected via radiotap */
721. if (info->control.flags & IEEE80211_TX_CTRL_RATE_INJECT)
722. return TX_CONTINUE;
723.  
724. if (tx->sta)
725. assoc = test_sta_flag(tx->sta, WLAN_STA_ASSOC);
726.  
727. /*
728. * Lets not bother rate control if we're associated and cannot
729. * talk to the sta. This should not happen.
730. */
731. if (WARN(test_bit(SCAN_SW_SCANNING, &tx->local->scanning) && assoc &&
732. !rate_usable_index_exists(sband, &tx->sta->sta),
733. "%s: Dropped data frame as no usable bitrate found while "
734. "scanning and associated. Target station: "
735. "%pM on %d GHz band\n",
736. tx->sdata->name, hdr->addr1,
737. info->band ? 5 : 2))
738. return TX_DROP;
739.  
740. /*
741. * If we're associated with the sta at this point we know we can at
742. * least send the frame at the lowest bit rate.
743. */
744. rate_control_get_rate(tx->sdata, tx->sta, &txrc);
745.  
746. if (tx->sta && !info->control.skip_table)
747. ratetbl = rcu_dereference(tx->sta->sta.rates);
748.  
749. if (unlikely(info->control.rates[0].idx < 0)) {
750. if (ratetbl) {
751. struct ieee80211_tx_rate rate = {
752. .idx = ratetbl->rate[0].idx,
753. .flags = ratetbl->rate[0].flags,
754. .count = ratetbl->rate[0].count
755. };
756.  
757. if (ratetbl->rate[0].idx < 0)
758. return TX_DROP;
759.  
760. tx->rate = rate;
761. } else {
762. return TX_DROP;
763. }
764. } else {
765. tx->rate = info->control.rates[0];
766. }
767.  
768. if (txrc.reported_rate.idx < 0) {
769. txrc.reported_rate = tx->rate;
770. if (tx->sta && ieee80211_is_data(hdr->frame_control))
771. tx->sta->tx_stats.last_rate = txrc.reported_rate;
772. } else if (tx->sta)
773. tx->sta->tx_stats.last_rate = txrc.reported_rate;
774.  
775. if (ratetbl)
776. return TX_CONTINUE;
777.  
778. if (unlikely(!info->control.rates[0].count))
779. info->control.rates[0].count = 1;
780.  
781. if (WARN_ON_ONCE((info->control.rates[0].count > 1) &&
782. (info->flags & IEEE80211_TX_CTL_NO_ACK)))
783. info->control.rates[0].count = 1;
784.  
785. return TX_CONTINUE;
786. }
787.  
788. static __le16 ieee80211_tx_next_seq(struct sta_info *sta, int tid)
789. {
790. u16 *seq = &sta->tid_seq[tid];
791. __le16 ret = cpu_to_le16(*seq);
792.  
793. /* Increase the sequence number. */
794. *seq = (*seq + 0x10) & IEEE80211_SCTL_SEQ;
795.  
796. return ret;
797. }
798.  
799. static ieee80211_tx_result debug_noinline
800. ieee80211_tx_h_sequence(struct ieee80211_tx_data *tx)
801. {
802. struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
803. struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
804. u8 *qc;
805. int tid;
806.  
807. /*
808. * Packet injection may want to control the sequence
809. * number, so if an injected packet is found, skip
810. * renumbering it. Also make the packet NO_ACK to avoid
811. * excessive retries (ACKing and retrying should be
812. * handled by the injecting application).
813. * FIXME This may break hostapd and some other injectors.
814. * This should be done using a radiotap flag.
815. */
816. if (unlikely((info->flags & IEEE80211_TX_CTL_INJECTED) &&
817. !(tx->sdata->u.mntr_flags & MONITOR_FLAG_COOK_FRAMES))) {
818. if (!ieee80211_has_morefrags(hdr->frame_control))
819. info->flags |= IEEE80211_TX_CTL_NO_ACK;
820. return TX_CONTINUE;
821. }
822.  
823. if (unlikely(ieee80211_is_ctl(hdr->frame_control)))
824. return TX_CONTINUE;
825.  
826. if (ieee80211_hdrlen(hdr->frame_control) < 24)
827. return TX_CONTINUE;
828.  
829. if (ieee80211_is_qos_nullfunc(hdr->frame_control))
830. return TX_CONTINUE;
831.  
832. /*
833. * Anything but QoS data that has a sequence number field
834. * (is long enough) gets a sequence number from the global
835. * counter. QoS data frames with a multicast destination
836. * also use the global counter (802.11-2012 9.3.2.10).
837. */
838. if (!ieee80211_is_data_qos(hdr->frame_control) ||
839. is_multicast_ether_addr(hdr->addr1)) {
840. /* driver should assign sequence number */
841. info->flags |= IEEE80211_TX_CTL_ASSIGN_SEQ;
842. /* for pure STA mode without beacons, we can do it */
843. hdr->seq_ctrl = cpu_to_le16(tx->sdata->sequence_number);
844. tx->sdata->sequence_number += 0x10;
845. if (tx->sta)
846. tx->sta->tx_stats.msdu[IEEE80211_NUM_TIDS]++;
847. return TX_CONTINUE;
848. }
849.  
850. /*
851. * This should be true for injected/management frames only, for
852. * management frames we have set the IEEE80211_TX_CTL_ASSIGN_SEQ
853. * above since they are not QoS-data frames.
854. */
855. if (!tx->sta)
856. return TX_CONTINUE;
857.  
858. /* include per-STA, per-TID sequence counter */
859.  
860. qc = ieee80211_get_qos_ctl(hdr);
861. tid = *qc & IEEE80211_QOS_CTL_TID_MASK;
862. tx->sta->tx_stats.msdu[tid]++;
863.  
864. hdr->seq_ctrl = ieee80211_tx_next_seq(tx->sta, tid);
865.  
866. return TX_CONTINUE;
867. }
868.  
869. static int ieee80211_fragment(struct ieee80211_tx_data *tx,
870. struct sk_buff *skb, int hdrlen,
871. int frag_threshold)
872. {
873. struct ieee80211_local *local = tx->local;
874. struct ieee80211_tx_info *info;
875. struct sk_buff *tmp;
876. int per_fragm = frag_threshold - hdrlen - FCS_LEN;
877. int pos = hdrlen + per_fragm;
878. int rem = skb->len - hdrlen - per_fragm;
879.  
880. if (WARN_ON(rem < 0))
881. return -EINVAL;
882.  
883. /* first fragment was already added to queue by caller */
884.  
885. while (rem) {
886. int fraglen = per_fragm;
887.  
888. if (fraglen > rem)
889. fraglen = rem;
890. rem -= fraglen;
891. tmp = dev_alloc_skb(local->tx_headroom +
892. frag_threshold +
893. tx->sdata->encrypt_headroom +
894. IEEE80211_ENCRYPT_TAILROOM);
895. if (!tmp)
896. return -ENOMEM;
897.  
898. __skb_queue_tail(&tx->skbs, tmp);
899.  
900. skb_reserve(tmp,
901. local->tx_headroom + tx->sdata->encrypt_headroom);
902.  
903. /* copy control information */
904. memcpy(tmp->cb, skb->cb, sizeof(tmp->cb));
905.  
906. info = IEEE80211_SKB_CB(tmp);
907. info->flags &= ~(IEEE80211_TX_CTL_CLEAR_PS_FILT |
908. IEEE80211_TX_CTL_FIRST_FRAGMENT);
909.  
910. if (rem)
911. info->flags |= IEEE80211_TX_CTL_MORE_FRAMES;
912.  
913. skb_copy_queue_mapping(tmp, skb);
914. tmp->priority = skb->priority;
915. tmp->dev = skb->dev;
916.  
917. /* copy header and data */
918. memcpy(skb_put(tmp, hdrlen), skb->data, hdrlen);
919. memcpy(skb_put(tmp, fraglen), skb->data + pos, fraglen);
920.  
921. pos += fraglen;
922. }
923.  
924. /* adjust first fragment's length */
925. skb_trim(skb, hdrlen + per_fragm);
926. return 0;
927. }
928.  
929. static ieee80211_tx_result debug_noinline
930. ieee80211_tx_h_fragment(struct ieee80211_tx_data *tx)
931. {
932. struct sk_buff *skb = tx->skb;
933. struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
934. struct ieee80211_hdr *hdr = (void *)skb->data;
935. int frag_threshold = tx->local->hw.wiphy->frag_threshold;
936. int hdrlen;
937. int fragnum;
938.  
939. /* no matter what happens, tx->skb moves to tx->skbs */
940. __skb_queue_tail(&tx->skbs, skb);
941. tx->skb = NULL;
942.  
943. if (info->flags & IEEE80211_TX_CTL_DONTFRAG)
944. return TX_CONTINUE;
945.  
946. if (tx->local->ops->set_frag_threshold)
947. return TX_CONTINUE;
948.  
949. /*
950. * Warn when submitting a fragmented A-MPDU frame and drop it.
951. * This scenario is handled in ieee80211_tx_prepare but extra
952. * caution taken here as fragmented ampdu may cause Tx stop.
953. */
954. if (WARN_ON(info->flags & IEEE80211_TX_CTL_AMPDU))
955. return TX_DROP;
956.  
957. hdrlen = ieee80211_hdrlen(hdr->frame_control);
958.  
959. /* internal error, why isn't DONTFRAG set? */
960. if (WARN_ON(skb->len + FCS_LEN <= frag_threshold))
961. return TX_DROP;
962.  
963. /*
964. * Now fragment the frame. This will allocate all the fragments and
965. * chain them (using skb as the first fragment) to skb->next.
966. * During transmission, we will remove the successfully transmitted
967. * fragments from this list. When the low-level driver rejects one
968. * of the fragments then we will simply pretend to accept the skb
969. * but store it away as pending.
970. */
971. if (ieee80211_fragment(tx, skb, hdrlen, frag_threshold))
972. return TX_DROP;
973.  
974. /* update duration/seq/flags of fragments */
975. fragnum = 0;
976.  
977. skb_queue_walk(&tx->skbs, skb) {
978. const __le16 morefrags = cpu_to_le16(IEEE80211_FCTL_MOREFRAGS);
979.  
980. hdr = (void *)skb->data;
981. info = IEEE80211_SKB_CB(skb);
982.  
983. if (!skb_queue_is_last(&tx->skbs, skb)) {
984. hdr->frame_control |= morefrags;
985. /*
986. * No multi-rate retries for fragmented frames, that
987. * would completely throw off the NAV at other STAs.
988. */
989. info->control.rates[1].idx = -1;
990. info->control.rates[2].idx = -1;
991. info->control.rates[3].idx = -1;
992. BUILD_BUG_ON(IEEE80211_TX_MAX_RATES != 4);
993. info->flags &= ~IEEE80211_TX_CTL_RATE_CTRL_PROBE;
994. } else {
995. hdr->frame_control &= ~morefrags;
996. }
997. hdr->seq_ctrl |= cpu_to_le16(fragnum & IEEE80211_SCTL_FRAG);
998. fragnum++;
999. }
1000.  
1001. return TX_CONTINUE;
1002. }
1003.  
1004. static ieee80211_tx_result debug_noinline
1005. ieee80211_tx_h_stats(struct ieee80211_tx_data *tx)
1006. {
1007. struct sk_buff *skb;
1008. int ac = -1;
1009.  
1010. if (!tx->sta)
1011. return TX_CONTINUE;
1012.  
1013. skb_queue_walk(&tx->skbs, skb) {
1014. ac = skb_get_queue_mapping(skb);
1015. tx->sta->tx_stats.bytes[ac] += skb->len;
1016. }
1017. if (ac >= 0)
1018. tx->sta->tx_stats.packets[ac]++;
1019.  
1020. return TX_CONTINUE;
1021. }
1022.  
1023. static ieee80211_tx_result debug_noinline
1024. ieee80211_tx_h_encrypt(struct ieee80211_tx_data *tx)
1025. {
1026. if (!tx->key)
1027. return TX_CONTINUE;
1028.  
1029. switch (tx->key->conf.cipher) {
1030. case WLAN_CIPHER_SUITE_WEP40:
1031. case WLAN_CIPHER_SUITE_WEP104:
1032. return ieee80211_crypto_wep_encrypt(tx);
1033. case WLAN_CIPHER_SUITE_TKIP:
1034. return ieee80211_crypto_tkip_encrypt(tx);
1035. case WLAN_CIPHER_SUITE_CCMP:
1036. return ieee80211_crypto_ccmp_encrypt(
1037. tx, IEEE80211_CCMP_MIC_LEN);
1038. case WLAN_CIPHER_SUITE_CCMP_256:
1039. return ieee80211_crypto_ccmp_encrypt(
1040. tx, IEEE80211_CCMP_256_MIC_LEN);
1041. case WLAN_CIPHER_SUITE_AES_CMAC:
1042. return ieee80211_crypto_aes_cmac_encrypt(tx);
1043. case WLAN_CIPHER_SUITE_BIP_CMAC_256:
1044. return ieee80211_crypto_aes_cmac_256_encrypt(tx);
1045. case WLAN_CIPHER_SUITE_BIP_GMAC_128:
1046. case WLAN_CIPHER_SUITE_BIP_GMAC_256:
1047. return ieee80211_crypto_aes_gmac_encrypt(tx);
1048. case WLAN_CIPHER_SUITE_GCMP:
1049. case WLAN_CIPHER_SUITE_GCMP_256:
1050. return ieee80211_crypto_gcmp_encrypt(tx);
1051. default:
1052. return ieee80211_crypto_hw_encrypt(tx);
1053. }
1054.  
1055. return TX_DROP;
1056. }
1057.  
1058. static ieee80211_tx_result debug_noinline
1059. ieee80211_tx_h_calculate_duration(struct ieee80211_tx_data *tx)
1060. {
1061. struct sk_buff *skb;
1062. struct ieee80211_hdr *hdr;
1063. int next_len;
1064. bool group_addr;
1065.  
1066. skb_queue_walk(&tx->skbs, skb) {
1067. hdr = (void *) skb->data;
1068. if (unlikely(ieee80211_is_pspoll(hdr->frame_control)))
1069. break; /* must not overwrite AID */
1070. if (!skb_queue_is_last(&tx->skbs, skb)) {
1071. struct sk_buff *next = skb_queue_next(&tx->skbs, skb);
1072. next_len = next->len;
1073. } else
1074. next_len = 0;
1075. group_addr = is_multicast_ether_addr(hdr->addr1);
1076.  
1077. hdr->duration_id =
1078. ieee80211_duration(tx, skb, group_addr, next_len);
1079. }
1080.  
1081. return TX_CONTINUE;
1082. }
1083.  
1084. /* actual transmit path */
1085.  
1086. static bool ieee80211_tx_prep_agg(struct ieee80211_tx_data *tx,
1087. struct sk_buff *skb,
1088. struct ieee80211_tx_info *info,
1089. struct tid_ampdu_tx *tid_tx,
1090. int tid)
1091. {
1092. bool queued = false;
1093. bool reset_agg_timer = false;
1094. struct sk_buff *purge_skb = NULL;
1095.  
1096. if (test_bit(HT_AGG_STATE_OPERATIONAL, &tid_tx->state)) {
1097. info->flags |= IEEE80211_TX_CTL_AMPDU;
1098. reset_agg_timer = true;
1099. } else if (test_bit(HT_AGG_STATE_WANT_START, &tid_tx->state)) {
1100. /*
1101. * nothing -- this aggregation session is being started
1102. * but that might still fail with the driver
1103. */
1104. } else if (!tx->sta->sta.txq[tid]) {
1105. spin_lock(&tx->sta->lock);
1106. /*
1107. * Need to re-check now, because we may get here
1108. *
1109. * 1) in the window during which the setup is actually
1110. * already done, but not marked yet because not all
1111. * packets are spliced over to the driver pending
1112. * queue yet -- if this happened we acquire the lock
1113. * either before or after the splice happens, but
1114. * need to recheck which of these cases happened.
1115. *
1116. * 2) during session teardown, if the OPERATIONAL bit
1117. * was cleared due to the teardown but the pointer
1118. * hasn't been assigned NULL yet (or we loaded it
1119. * before it was assigned) -- in this case it may
1120. * now be NULL which means we should just let the
1121. * packet pass through because splicing the frames
1122. * back is already done.
1123. */
1124. tid_tx = rcu_dereference_protected_tid_tx(tx->sta, tid);
1125.  
1126. if (!tid_tx) {
1127. /* do nothing, let packet pass through */
1128. } else if (test_bit(HT_AGG_STATE_OPERATIONAL, &tid_tx->state)) {
1129. info->flags |= IEEE80211_TX_CTL_AMPDU;
1130. reset_agg_timer = true;
1131. } else {
1132. queued = true;
1133. if (info->flags & IEEE80211_TX_CTL_NO_PS_BUFFER) {
1134. clear_sta_flag(tx->sta, WLAN_STA_SP);
1135. ps_dbg(tx->sta->sdata,
1136. "STA %pM aid %d: SP frame queued, close the SP w/o telling the peer\n",
1137. tx->sta->sta.addr, tx->sta->sta.aid);
1138. }
1139. info->control.vif = &tx->sdata->vif;
1140. info->flags |= IEEE80211_TX_INTFL_NEED_TXPROCESSING;
1141. info->flags &= ~IEEE80211_TX_TEMPORARY_FLAGS;
1142. __skb_queue_tail(&tid_tx->pending, skb);
1143. if (skb_queue_len(&tid_tx->pending) > STA_MAX_TX_BUFFER)
1144. purge_skb = __skb_dequeue(&tid_tx->pending);
1145. }
1146. spin_unlock(&tx->sta->lock);
1147.  
1148. if (purge_skb)
1149. ieee80211_free_txskb(&tx->local->hw, purge_skb);
1150. }
1151.  
1152. /* reset session timer */
1153. if (reset_agg_timer && tid_tx->timeout)
1154. tid_tx->last_tx = jiffies;
1155.  
1156. return queued;
1157. }
1158.  
1159. /*
1160. * initialises @tx
1161. * pass %NULL for the station if unknown, a valid pointer if known
1162. * or an ERR_PTR() if the station is known not to exist
1163. */
1164. static ieee80211_tx_result
1165. ieee80211_tx_prepare(struct ieee80211_sub_if_data *sdata,
1166. struct ieee80211_tx_data *tx,
1167. struct sta_info *sta, struct sk_buff *skb)
1168. {
1169. struct ieee80211_local *local = sdata->local;
1170. struct ieee80211_hdr *hdr;
1171. struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1172. int tid;
1173. u8 *qc;
1174.  
1175. memset(tx, 0, sizeof(*tx));
1176. tx->skb = skb;
1177. tx->local = local;
1178. tx->sdata = sdata;
1179. __skb_queue_head_init(&tx->skbs);
1180.  
1181. /*
1182. * If this flag is set to true anywhere, and we get here,
1183. * we are doing the needed processing, so remove the flag
1184. * now.
1185. */
1186. info->flags &= ~IEEE80211_TX_INTFL_NEED_TXPROCESSING;
1187.  
1188. hdr = (struct ieee80211_hdr *) skb->data;
1189.  
1190. if (likely(sta)) {
1191. if (!IS_ERR(sta))
1192. tx->sta = sta;
1193. } else {
1194. if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
1195. tx->sta = rcu_dereference(sdata->u.vlan.sta);
1196. if (!tx->sta && sdata->wdev.use_4addr)
1197. return TX_DROP;
1198. } else if (info->flags & (IEEE80211_TX_INTFL_NL80211_FRAME_TX |
1199. IEEE80211_TX_CTL_INJECTED) ||
1200. tx->sdata->control_port_protocol == tx->skb->protocol) {
1201. tx->sta = sta_info_get_bss(sdata, hdr->addr1);
1202. }
1203. if (!tx->sta && !is_multicast_ether_addr(hdr->addr1))
1204. tx->sta = sta_info_get(sdata, hdr->addr1);
1205. }
1206.  
1207. if (tx->sta && ieee80211_is_data_qos(hdr->frame_control) &&
1208. !ieee80211_is_qos_nullfunc(hdr->frame_control) &&
1209. ieee80211_hw_check(&local->hw, AMPDU_AGGREGATION) &&
1210. !ieee80211_hw_check(&local->hw, TX_AMPDU_SETUP_IN_HW)) {
1211. struct tid_ampdu_tx *tid_tx;
1212.  
1213. qc = ieee80211_get_qos_ctl(hdr);
1214. tid = *qc & IEEE80211_QOS_CTL_TID_MASK;
1215.  
1216. tid_tx = rcu_dereference(tx->sta->ampdu_mlme.tid_tx[tid]);
1217. if (tid_tx) {
1218. bool queued;
1219.  
1220. queued = ieee80211_tx_prep_agg(tx, skb, info,
1221. tid_tx, tid);
1222.  
1223. if (unlikely(queued))
1224. return TX_QUEUED;
1225. }
1226. }
1227.  
1228. if (is_multicast_ether_addr(hdr->addr1)) {
1229. tx->flags &= ~IEEE80211_TX_UNICAST;
1230. info->flags |= IEEE80211_TX_CTL_NO_ACK;
1231. } else
1232. tx->flags |= IEEE80211_TX_UNICAST;
1233.  
1234. if (!(info->flags & IEEE80211_TX_CTL_DONTFRAG)) {
1235. if (!(tx->flags & IEEE80211_TX_UNICAST) ||
1236. skb->len + FCS_LEN <= local->hw.wiphy->frag_threshold ||
1237. info->flags & IEEE80211_TX_CTL_AMPDU)
1238. info->flags |= IEEE80211_TX_CTL_DONTFRAG;
1239. }
1240.  
1241. if (!tx->sta)
1242. info->flags |= IEEE80211_TX_CTL_CLEAR_PS_FILT;
1243. else if (test_and_clear_sta_flag(tx->sta, WLAN_STA_CLEAR_PS_FILT)) {
1244. info->flags |= IEEE80211_TX_CTL_CLEAR_PS_FILT;
1245. ieee80211_check_fast_xmit(tx->sta);
1246. }
1247.  
1248. info->flags |= IEEE80211_TX_CTL_FIRST_FRAGMENT;
1249.  
1250. return TX_CONTINUE;
1251. }
1252.  
1253. static struct txq_info *ieee80211_get_txq(struct ieee80211_local *local,
1254. struct ieee80211_vif *vif,
1255. struct sta_info *sta,
1256. struct sk_buff *skb)
1257. {
1258. struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
1259. struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1260. struct ieee80211_txq *txq = NULL;
1261.  
1262. if ((info->flags & IEEE80211_TX_CTL_SEND_AFTER_DTIM) ||
1263. (info->control.flags & IEEE80211_TX_CTRL_PS_RESPONSE))
1264. return NULL;
1265.  
1266. if (!ieee80211_is_data(hdr->frame_control))
1267. return NULL;
1268.  
1269. if (sta) {
1270. u8 tid = skb->priority & IEEE80211_QOS_CTL_TID_MASK;
1271.  
1272. if (!sta->uploaded)
1273. return NULL;
1274.  
1275. txq = sta->sta.txq[tid];
1276. } else if (vif) {
1277. txq = vif->txq;
1278. }
1279.  
1280. if (!txq)
1281. return NULL;
1282.  
1283. return to_txq_info(txq);
1284. }
1285.  
1286. static void ieee80211_set_skb_enqueue_time(struct sk_buff *skb)
1287. {
1288. IEEE80211_SKB_CB(skb)->control.enqueue_time = codel_get_time();
1289. }
1290.  
1291. static u32 codel_skb_len_func(const struct sk_buff *skb)
1292. {
1293. return skb->len;
1294. }
1295.  
1296. static codel_time_t codel_skb_time_func(const struct sk_buff *skb)
1297. {
1298. const struct ieee80211_tx_info *info;
1299.  
1300. info = (const struct ieee80211_tx_info *)skb->cb;
1301. return info->control.enqueue_time;
1302. }
1303.  
1304. static struct sk_buff *codel_dequeue_func(struct codel_vars *cvars,
1305. void *ctx)
1306. {
1307. struct ieee80211_local *local;
1308. struct txq_info *txqi;
1309. struct fq *fq;
1310. struct fq_flow *flow;
1311.  
1312. txqi = ctx;
1313. local = vif_to_sdata(txqi->txq.vif)->local;
1314. fq = &local->fq;
1315.  
1316. if (cvars == &txqi->def_cvars)
1317. flow = &txqi->def_flow;
1318. else
1319. flow = &fq->flows[cvars - local->cvars];
1320.  
1321. return fq_flow_dequeue(fq, flow);
1322. }
1323.  
1324. static void codel_drop_func(struct sk_buff *skb,
1325. void *ctx)
1326. {
1327. struct ieee80211_local *local;
1328. struct ieee80211_hw *hw;
1329. struct txq_info *txqi;
1330.  
1331. txqi = ctx;
1332. local = vif_to_sdata(txqi->txq.vif)->local;
1333. hw = &local->hw;
1334.  
1335. ieee80211_free_txskb(hw, skb);
1336. }
1337.  
1338. static struct sk_buff *fq_tin_dequeue_func(struct fq *fq,
1339. struct fq_tin *tin,
1340. struct fq_flow *flow)
1341. {
1342. struct ieee80211_local *local;
1343. struct txq_info *txqi;
1344. struct codel_vars *cvars;
1345. struct codel_params *cparams;
1346. struct codel_stats *cstats;
1347.  
1348. local = container_of(fq, struct ieee80211_local, fq);
1349. txqi = container_of(tin, struct txq_info, tin);
1350. cparams = &local->cparams;
1351. cstats = &txqi->cstats;
1352.  
1353. if (flow == &txqi->def_flow)
1354. cvars = &txqi->def_cvars;
1355. else
1356. cvars = &local->cvars[flow - fq->flows];
1357.  
1358. return codel_dequeue(txqi,
1359. &flow->backlog,
1360. cparams,
1361. cvars,
1362. cstats,
1363. codel_skb_len_func,
1364. codel_skb_time_func,
1365. codel_drop_func,
1366. codel_dequeue_func);
1367. }
1368.  
1369. static void fq_skb_free_func(struct fq *fq,
1370. struct fq_tin *tin,
1371. struct fq_flow *flow,
1372. struct sk_buff *skb)
1373. {
1374. struct ieee80211_local *local;
1375.  
1376. local = container_of(fq, struct ieee80211_local, fq);
1377. ieee80211_free_txskb(&local->hw, skb);
1378. }
1379.  
1380. static struct fq_flow *fq_flow_get_default_func(struct fq *fq,
1381. struct fq_tin *tin,
1382. int idx,
1383. struct sk_buff *skb)
1384. {
1385. struct txq_info *txqi;
1386.  
1387. txqi = container_of(tin, struct txq_info, tin);
1388. return &txqi->def_flow;
1389. }
1390.  
1391. static void ieee80211_txq_enqueue(struct ieee80211_local *local,
1392. struct txq_info *txqi,
1393. struct sk_buff *skb)
1394. {
1395. struct fq *fq = &local->fq;
1396. struct fq_tin *tin = &txqi->tin;
1397.  
1398. ieee80211_set_skb_enqueue_time(skb);
1399. fq_tin_enqueue(fq, tin, skb,
1400. fq_skb_free_func,
1401. fq_flow_get_default_func);
1402. }
1403.  
1404. void ieee80211_txq_init(struct ieee80211_sub_if_data *sdata,
1405. struct sta_info *sta,
1406. struct txq_info *txqi, int tid)
1407. {
1408. fq_tin_init(&txqi->tin);
1409. fq_flow_init(&txqi->def_flow);
1410. codel_vars_init(&txqi->def_cvars);
1411. codel_stats_init(&txqi->cstats);
1412. __skb_queue_head_init(&txqi->frags);
1413.  
1414. txqi->txq.vif = &sdata->vif;
1415.  
1416. if (sta) {
1417. txqi->txq.sta = &sta->sta;
1418. sta->sta.txq[tid] = &txqi->txq;
1419. txqi->txq.tid = tid;
1420. txqi->txq.ac = ieee802_1d_to_ac[tid & 7];
1421. } else {
1422. sdata->vif.txq = &txqi->txq;
1423. txqi->txq.tid = 0;
1424. txqi->txq.ac = IEEE80211_AC_BE;
1425. }
1426. }
1427.  
1428. void ieee80211_txq_purge(struct ieee80211_local *local,
1429. struct txq_info *txqi)
1430. {
1431. struct fq *fq = &local->fq;
1432. struct fq_tin *tin = &txqi->tin;
1433.  
1434. fq_tin_reset(fq, tin, fq_skb_free_func);
1435. ieee80211_purge_tx_queue(&local->hw, &txqi->frags);
1436. }
1437.  
1438. int ieee80211_txq_setup_flows(struct ieee80211_local *local)
1439. {
1440. struct fq *fq = &local->fq;
1441. int ret;
1442. int i;
1443. bool supp_vht = false;
1444. enum nl80211_band band;
1445.  
1446. if (!local->ops->wake_tx_queue)
1447. return 0;
1448.  
1449. ret = fq_init(fq, 4096);
1450. if (ret)
1451. return ret;
1452.  
1453. /*
1454. * If the hardware doesn't support VHT, it is safe to limit the maximum
1455. * queue size. 4 Mbytes is 64 max-size aggregates in 802.11n.
1456. */
1457. for (band = 0; band < NUM_NL80211_BANDS; band++) {
1458. struct ieee80211_supported_band *sband;
1459.  
1460. sband = local->hw.wiphy->bands[band];
1461. if (!sband)
1462. continue;
1463.  
1464. supp_vht = supp_vht || sband->vht_cap.vht_supported;
1465. }
1466.  
1467. if (!supp_vht)
1468. fq->memory_limit = 4 << 20; /* 4 Mbytes */
1469.  
1470. codel_params_init(&local->cparams);
1471. local->cparams.interval = MS2TIME(100);
1472. local->cparams.target = MS2TIME(20);
1473. local->cparams.ecn = true;
1474.  
1475. local->cvars = kcalloc(fq->flows_cnt, sizeof(local->cvars[0]),
1476. GFP_KERNEL);
1477. if (!local->cvars) {
1478. spin_lock_bh(&fq->lock);
1479. fq_reset(fq, fq_skb_free_func);
1480. spin_unlock_bh(&fq->lock);
1481. return -ENOMEM;
1482. }
1483.  
1484. for (i = 0; i < fq->flows_cnt; i++)
1485. codel_vars_init(&local->cvars[i]);
1486.  
1487. return 0;
1488. }
1489.  
1490. void ieee80211_txq_teardown_flows(struct ieee80211_local *local)
1491. {
1492. struct fq *fq = &local->fq;
1493.  
1494. if (!local->ops->wake_tx_queue)
1495. return;
1496.  
1497. kfree(local->cvars);
1498. local->cvars = NULL;
1499.  
1500. spin_lock_bh(&fq->lock);
1501. fq_reset(fq, fq_skb_free_func);
1502. spin_unlock_bh(&fq->lock);
1503. }
1504.  
1505. static bool ieee80211_queue_skb(struct ieee80211_local *local,
1506. struct ieee80211_sub_if_data *sdata,
1507. struct sta_info *sta,
1508. struct sk_buff *skb)
1509. {
1510. struct fq *fq = &local->fq;
1511. struct ieee80211_vif *vif;
1512. struct txq_info *txqi;
1513.  
1514. if (!local->ops->wake_tx_queue ||
1515. sdata->vif.type == NL80211_IFTYPE_MONITOR)
1516. return false;
1517.  
1518. if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
1519. sdata = container_of(sdata->bss,
1520. struct ieee80211_sub_if_data, u.ap);
1521.  
1522. vif = &sdata->vif;
1523. txqi = ieee80211_get_txq(local, vif, sta, skb);
1524.  
1525. if (!txqi)
1526. return false;
1527.  
1528. spin_lock_bh(&fq->lock);
1529. ieee80211_txq_enqueue(local, txqi, skb);
1530. spin_unlock_bh(&fq->lock);
1531.  
1532. drv_wake_tx_queue(local, txqi);
1533.  
1534. return true;
1535. }
1536.  
1537. static bool ieee80211_tx_frags(struct ieee80211_local *local,
1538. struct ieee80211_vif *vif,
1539. struct ieee80211_sta *sta,
1540. struct sk_buff_head *skbs,
1541. bool txpending)
1542. {
1543. struct ieee80211_tx_control control = {};
1544. struct sk_buff *skb, *tmp;
1545. unsigned long flags;
1546.  
1547. skb_queue_walk_safe(skbs, skb, tmp) {
1548. struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1549. int q = info->hw_queue;
1550.  
1551. #ifdef CONFIG_MAC80211_VERBOSE_DEBUG
1552. if (WARN_ON_ONCE(q >= local->hw.queues)) {
1553. __skb_unlink(skb, skbs);
1554. ieee80211_free_txskb(&local->hw, skb);
1555. continue;
1556. }
1557. #endif
1558.  
1559. spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
1560. if (local->queue_stop_reasons[q] ||
1561. (!txpending && !skb_queue_empty(&local->pending[q]))) {
1562. if (unlikely(info->flags &
1563. IEEE80211_TX_INTFL_OFFCHAN_TX_OK)) {
1564. if (local->queue_stop_reasons[q] &
1565. ~BIT(IEEE80211_QUEUE_STOP_REASON_OFFCHANNEL)) {
1566. /*
1567. * Drop off-channel frames if queues
1568. * are stopped for any reason other
1569. * than off-channel operation. Never
1570. * queue them.
1571. */
1572. spin_unlock_irqrestore(
1573. &local->queue_stop_reason_lock,
1574. flags);
1575. ieee80211_purge_tx_queue(&local->hw,
1576. skbs);
1577. return true;
1578. }
1579. } else {
1580.  
1581. /*
1582. * Since queue is stopped, queue up frames for
1583. * later transmission from the tx-pending
1584. * tasklet when the queue is woken again.
1585. */
1586. if (txpending)
1587. skb_queue_splice_init(skbs,
1588. &local->pending[q]);
1589. else
1590. skb_queue_splice_tail_init(skbs,
1591. &local->pending[q]);
1592.  
1593. spin_unlock_irqrestore(&local->queue_stop_reason_lock,
1594. flags);
1595. return false;
1596. }
1597. }
1598. spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
1599.  
1600. info->control.vif = vif;
1601. control.sta = sta;
1602.  
1603. __skb_unlink(skb, skbs);
1604. drv_tx(local, &control, skb);
1605. }
1606.  
1607. return true;
1608. }
1609.  
1610. /*
1611. * Returns false if the frame couldn't be transmitted but was queued instead.
1612. */
1613. static bool __ieee80211_tx(struct ieee80211_local *local,
1614. struct sk_buff_head *skbs, int led_len,
1615. struct sta_info *sta, bool txpending)
1616. {
1617. struct ieee80211_tx_info *info;
1618. struct ieee80211_sub_if_data *sdata;
1619. struct ieee80211_vif *vif;
1620. struct ieee80211_sta *pubsta;
1621. struct sk_buff *skb;
1622. bool result = true;
1623. __le16 fc;
1624.  
1625. if (WARN_ON(skb_queue_empty(skbs)))
1626. return true;
1627.  
1628. skb = skb_peek(skbs);
1629. fc = ((struct ieee80211_hdr *)skb->data)->frame_control;
1630. info = IEEE80211_SKB_CB(skb);
1631. sdata = vif_to_sdata(info->control.vif);
1632. if (sta && !sta->uploaded)
1633. sta = NULL;
1634.  
1635. if (sta)
1636. pubsta = &sta->sta;
1637. else
1638. pubsta = NULL;
1639.  
1640. switch (sdata->vif.type) {
1641. case NL80211_IFTYPE_MONITOR:
1642. if (sdata->u.mntr.flags & MONITOR_FLAG_ACTIVE) {
1643. vif = &sdata->vif;
1644. break;
1645. }
1646. sdata = rcu_dereference(local->monitor_sdata);
1647. if (sdata) {
1648. vif = &sdata->vif;
1649. info->hw_queue =
1650. vif->hw_queue[skb_get_queue_mapping(skb)];
1651. } else if (ieee80211_hw_check(&local->hw, QUEUE_CONTROL)) {
1652. ieee80211_purge_tx_queue(&local->hw, skbs);
1653. return true;
1654. } else
1655. vif = NULL;
1656. break;
1657. case NL80211_IFTYPE_AP_VLAN:
1658. sdata = container_of(sdata->bss,
1659. struct ieee80211_sub_if_data, u.ap);
1660. /* fall through */
1661. default:
1662. vif = &sdata->vif;
1663. break;
1664. }
1665.  
1666. result = ieee80211_tx_frags(local, vif, pubsta, skbs,
1667. txpending);
1668.  
1669. ieee80211_tpt_led_trig_tx(local, fc, led_len);
1670.  
1671. WARN_ON_ONCE(!skb_queue_empty(skbs));
1672.  
1673. return result;
1674. }
1675.  
1676. /*
1677. * Invoke TX handlers, return 0 on success and non-zero if the
1678. * frame was dropped or queued.
1679. *
1680. * The handlers are split into an early and late part. The latter is everything
1681. * that can be sensitive to reordering, and will be deferred to after packets
1682. * are dequeued from the intermediate queues (when they are enabled).
1683. */
1684. static int invoke_tx_handlers_early(struct ieee80211_tx_data *tx)
1685. {
1686. ieee80211_tx_result res = TX_DROP;
1687.  
1688. #define CALL_TXH(txh) \
1689. do { \
1690. res = txh(tx); \
1691. if (res != TX_CONTINUE) \
1692. goto txh_done; \
1693. } while (0)
1694.  
1695. CALL_TXH(ieee80211_tx_h_dynamic_ps);
1696. CALL_TXH(ieee80211_tx_h_check_assoc);
1697. CALL_TXH(ieee80211_tx_h_ps_buf);
1698. CALL_TXH(ieee80211_tx_h_check_control_port_protocol);
1699. CALL_TXH(ieee80211_tx_h_select_key);
1700. if (!ieee80211_hw_check(&tx->local->hw, HAS_RATE_CONTROL))
1701. CALL_TXH(ieee80211_tx_h_rate_ctrl);
1702.  
1703. txh_done:
1704. if (unlikely(res == TX_DROP)) {
1705. I802_DEBUG_INC(tx->local->tx_handlers_drop);
1706. if (tx->skb)
1707. ieee80211_free_txskb(&tx->local->hw, tx->skb);
1708. else
1709. ieee80211_purge_tx_queue(&tx->local->hw, &tx->skbs);
1710. return -1;
1711. } else if (unlikely(res == TX_QUEUED)) {
1712. I802_DEBUG_INC(tx->local->tx_handlers_queued);
1713. return -1;
1714. }
1715.  
1716. return 0;
1717. }
1718.  
1719. /*
1720. * Late handlers can be called while the sta lock is held. Handlers that can
1721. * cause packets to be generated will cause deadlock!
1722. */
1723. static int invoke_tx_handlers_late(struct ieee80211_tx_data *tx)
1724. {
1725. struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
1726. ieee80211_tx_result res = TX_CONTINUE;
1727.  
1728. if (unlikely(info->flags & IEEE80211_TX_INTFL_RETRANSMISSION)) {
1729. __skb_queue_tail(&tx->skbs, tx->skb);
1730. tx->skb = NULL;
1731. goto txh_done;
1732. }
1733.  
1734. CALL_TXH(ieee80211_tx_h_michael_mic_add);
1735. CALL_TXH(ieee80211_tx_h_sequence);
1736. CALL_TXH(ieee80211_tx_h_fragment);
1737. /* handlers after fragment must be aware of tx info fragmentation! */
1738. CALL_TXH(ieee80211_tx_h_stats);
1739. CALL_TXH(ieee80211_tx_h_encrypt);
1740. if (!ieee80211_hw_check(&tx->local->hw, HAS_RATE_CONTROL))
1741. CALL_TXH(ieee80211_tx_h_calculate_duration);
1742. #undef CALL_TXH
1743.  
1744. txh_done:
1745. if (unlikely(res == TX_DROP)) {
1746. I802_DEBUG_INC(tx->local->tx_handlers_drop);
1747. if (tx->skb)
1748. ieee80211_free_txskb(&tx->local->hw, tx->skb);
1749. else
1750. ieee80211_purge_tx_queue(&tx->local->hw, &tx->skbs);
1751. return -1;
1752. } else if (unlikely(res == TX_QUEUED)) {
1753. I802_DEBUG_INC(tx->local->tx_handlers_queued);
1754. return -1;
1755. }
1756.  
1757. return 0;
1758. }
1759.  
1760. static int invoke_tx_handlers(struct ieee80211_tx_data *tx)
1761. {
1762. int r = invoke_tx_handlers_early(tx);
1763.  
1764. if (r)
1765. return r;
1766. return invoke_tx_handlers_late(tx);
1767. }
1768.  
1769. bool ieee80211_tx_prepare_skb(struct ieee80211_hw *hw,
1770. struct ieee80211_vif *vif, struct sk_buff *skb,
1771. int band, struct ieee80211_sta **sta)
1772. {
1773. struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1774. struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1775. struct ieee80211_tx_data tx;
1776. struct sk_buff *skb2;
1777.  
1778. if (ieee80211_tx_prepare(sdata, &tx, NULL, skb) == TX_DROP)
1779. return false;
1780.  
1781. info->band = band;
1782. info->control.vif = vif;
1783. info->hw_queue = vif->hw_queue[skb_get_queue_mapping(skb)];
1784.  
1785. if (invoke_tx_handlers(&tx))
1786. return false;
1787.  
1788. if (sta) {
1789. if (tx.sta)
1790. *sta = &tx.sta->sta;
1791. else
1792. *sta = NULL;
1793. }
1794.  
1795. /* this function isn't suitable for fragmented data frames */
1796. skb2 = __skb_dequeue(&tx.skbs);
1797. if (WARN_ON(skb2 != skb || !skb_queue_empty(&tx.skbs))) {
1798. ieee80211_free_txskb(hw, skb2);
1799. ieee80211_purge_tx_queue(hw, &tx.skbs);
1800. return false;
1801. }
1802.  
1803. return true;
1804. }
1805. EXPORT_SYMBOL(ieee80211_tx_prepare_skb);
1806.  
1807. /*
1808. * Returns false if the frame couldn't be transmitted but was queued instead.
1809. */
1810. static bool ieee80211_tx(struct ieee80211_sub_if_data *sdata,
1811. struct sta_info *sta, struct sk_buff *skb,
1812. bool txpending)
1813. {
1814. struct ieee80211_local *local = sdata->local;
1815. struct ieee80211_tx_data tx;
1816. ieee80211_tx_result res_prepare;
1817. struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1818. bool result = true;
1819. int led_len;
1820.  
1821. if (unlikely(skb->len < 10)) {
1822. dev_kfree_skb(skb);
1823. return true;
1824. }
1825.  
1826. /* initialises tx */
1827. led_len = skb->len;
1828. res_prepare = ieee80211_tx_prepare(sdata, &tx, sta, skb);
1829.  
1830. if (unlikely(res_prepare == TX_DROP)) {
1831. ieee80211_free_txskb(&local->hw, skb);
1832. return true;
1833. } else if (unlikely(res_prepare == TX_QUEUED)) {
1834. return true;
1835. }
1836.  
1837. /* set up hw_queue value early */
1838. if (!(info->flags & IEEE80211_TX_CTL_TX_OFFCHAN) ||
1839. !ieee80211_hw_check(&local->hw, QUEUE_CONTROL))
1840. info->hw_queue =
1841. sdata->vif.hw_queue[skb_get_queue_mapping(skb)];
1842.  
1843. if (invoke_tx_handlers_early(&tx))
1844. return false;
1845.  
1846. if (ieee80211_queue_skb(local, sdata, tx.sta, tx.skb))
1847. return true;
1848.  
1849. if (!invoke_tx_handlers_late(&tx))
1850. result = __ieee80211_tx(local, &tx.skbs, led_len,
1851. tx.sta, txpending);
1852.  
1853. return result;
1854. }
1855.  
1856. /* device xmit handlers */
1857.  
1858. static int ieee80211_skb_resize(struct ieee80211_sub_if_data *sdata,
1859. struct sk_buff *skb,
1860. int head_need, bool may_encrypt)
1861. {
1862. struct ieee80211_local *local = sdata->local;
1863. int tail_need = 0;
1864.  
1865. if (may_encrypt && sdata->crypto_tx_tailroom_needed_cnt) {
1866. tail_need = IEEE80211_ENCRYPT_TAILROOM;
1867. tail_need -= skb_tailroom(skb);
1868. tail_need = max_t(int, tail_need, 0);
1869. }
1870.  
1871. if (skb_cloned(skb) &&
1872. (!ieee80211_hw_check(&local->hw, SUPPORTS_CLONED_SKBS) ||
1873. !skb_clone_writable(skb, ETH_HLEN) ||
1874. (may_encrypt && sdata->crypto_tx_tailroom_needed_cnt)))
1875. I802_DEBUG_INC(local->tx_expand_skb_head_cloned);
1876. else if (head_need || tail_need)
1877. I802_DEBUG_INC(local->tx_expand_skb_head);
1878. else
1879. return 0;
1880.  
1881. if (pskb_expand_head(skb, head_need, tail_need, GFP_ATOMIC)) {
1882. wiphy_debug(local->hw.wiphy,
1883. "failed to reallocate TX buffer\n");
1884. return -ENOMEM;
1885. }
1886.  
1887. return 0;
1888. }
1889.  
1890. void ieee80211_xmit(struct ieee80211_sub_if_data *sdata,
1891. struct sta_info *sta, struct sk_buff *skb)
1892. {
1893. struct ieee80211_local *local = sdata->local;
1894. struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1895. struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
1896. int headroom;
1897. bool may_encrypt;
1898.  
1899. may_encrypt = !(info->flags & IEEE80211_TX_INTFL_DONT_ENCRYPT);
1900.  
1901. headroom = local->tx_headroom;
1902. if (may_encrypt)
1903. headroom += sdata->encrypt_headroom;
1904. headroom -= skb_headroom(skb);
1905. headroom = max_t(int, 0, headroom);
1906.  
1907. if (ieee80211_skb_resize(sdata, skb, headroom, may_encrypt)) {
1908. ieee80211_free_txskb(&local->hw, skb);
1909. return;
1910. }
1911.  
1912. hdr = (struct ieee80211_hdr *) skb->data;
1913. info->control.vif = &sdata->vif;
1914.  
1915. if (ieee80211_vif_is_mesh(&sdata->vif)) {
1916. if (ieee80211_is_data(hdr->frame_control) &&
1917. is_unicast_ether_addr(hdr->addr1)) {
1918. if (mesh_nexthop_resolve(sdata, skb))
1919. return; /* skb queued: don't free */
1920. } else {
1921. ieee80211_mps_set_frame_flags(sdata, NULL, hdr);
1922. }
1923. }
1924.  
1925. ieee80211_set_qos_hdr(sdata, skb);
1926. ieee80211_tx(sdata, sta, skb, false);
1927. }
1928.  
1929. static bool ieee80211_parse_tx_radiotap(struct ieee80211_local *local,
1930. struct sk_buff *skb)
1931. {
1932. struct ieee80211_radiotap_iterator iterator;
1933. struct ieee80211_radiotap_header *rthdr =
1934. (struct ieee80211_radiotap_header *) skb->data;
1935. struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1936. struct ieee80211_supported_band *sband =
1937. local->hw.wiphy->bands[info->band];
1938. int ret = ieee80211_radiotap_iterator_init(&iterator, rthdr, skb->len,
1939. NULL);
1940. u16 txflags;
1941. u16 rate = 0;
1942. bool rate_found = false;
1943. u8 rate_retries = 0;
1944. u16 rate_flags = 0;
1945. u8 mcs_known, mcs_flags, mcs_bw;
1946. u16 vht_known;
1947. u8 vht_mcs = 0, vht_nss = 0;
1948. int i;
1949.  
1950. info->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT |
1951. IEEE80211_TX_CTL_DONTFRAG;
1952.  
1953. /*
1954. * for every radiotap entry that is present
1955. * (ieee80211_radiotap_iterator_next returns -ENOENT when no more
1956. * entries present, or -EINVAL on error)
1957. */
1958.  
1959. while (!ret) {
1960. ret = ieee80211_radiotap_iterator_next(&iterator);
1961.  
1962. if (ret)
1963. continue;
1964.  
1965. /* see if this argument is something we can use */
1966. switch (iterator.this_arg_index) {
1967. /*
1968. * You must take care when dereferencing iterator.this_arg
1969. * for multibyte types... the pointer is not aligned. Use
1970. * get_unaligned((type *)iterator.this_arg) to dereference
1971. * iterator.this_arg for type "type" safely on all arches.
1972. */
1973. case IEEE80211_RADIOTAP_FLAGS:
1974. if (*iterator.this_arg & IEEE80211_RADIOTAP_F_FCS) {
1975. /*
1976. * this indicates that the skb we have been
1977. * handed has the 32-bit FCS CRC at the end...
1978. * we should react to that by snipping it off
1979. * because it will be recomputed and added
1980. * on transmission
1981. */
1982. if (skb->len < (iterator._max_length + FCS_LEN))
1983. return false;
1984.  
1985. skb_trim(skb, skb->len - FCS_LEN);
1986. }
1987. if (*iterator.this_arg & IEEE80211_RADIOTAP_F_WEP)
1988. info->flags &= ~IEEE80211_TX_INTFL_DONT_ENCRYPT;
1989. if (*iterator.this_arg & IEEE80211_RADIOTAP_F_FRAG)
1990. info->flags &= ~IEEE80211_TX_CTL_DONTFRAG;
1991. break;
1992.  
1993. case IEEE80211_RADIOTAP_TX_FLAGS:
1994. txflags = get_unaligned_le16(iterator.this_arg);
1995. if (txflags & IEEE80211_RADIOTAP_F_TX_NOACK)
1996. info->flags |= IEEE80211_TX_CTL_NO_ACK;
1997. break;
1998.  
1999. case IEEE80211_RADIOTAP_RATE:
2000. rate = *iterator.this_arg;
2001. rate_flags = 0;
2002. rate_found = true;
2003. break;
2004.  
2005. case IEEE80211_RADIOTAP_DATA_RETRIES:
2006. rate_retries = *iterator.this_arg;
2007. break;
2008.  
2009. case IEEE80211_RADIOTAP_MCS:
2010. mcs_known = iterator.this_arg[0];
2011. mcs_flags = iterator.this_arg[1];
2012. if (!(mcs_known & IEEE80211_RADIOTAP_MCS_HAVE_MCS))
2013. break;
2014.  
2015. rate_found = true;
2016. rate = iterator.this_arg[2];
2017. rate_flags = IEEE80211_TX_RC_MCS;
2018.  
2019. if (mcs_known & IEEE80211_RADIOTAP_MCS_HAVE_GI &&
2020. mcs_flags & IEEE80211_RADIOTAP_MCS_SGI)
2021. rate_flags |= IEEE80211_TX_RC_SHORT_GI;
2022.  
2023. mcs_bw = mcs_flags & IEEE80211_RADIOTAP_MCS_BW_MASK;
2024. if (mcs_known & IEEE80211_RADIOTAP_MCS_HAVE_BW &&
2025. mcs_bw == IEEE80211_RADIOTAP_MCS_BW_40)
2026. rate_flags |= IEEE80211_TX_RC_40_MHZ_WIDTH;
2027. break;
2028.  
2029. case IEEE80211_RADIOTAP_VHT:
2030. vht_known = get_unaligned_le16(iterator.this_arg);
2031. rate_found = true;
2032.  
2033. rate_flags = IEEE80211_TX_RC_VHT_MCS;
2034. if ((vht_known & IEEE80211_RADIOTAP_VHT_KNOWN_GI) &&
2035. (iterator.this_arg[2] &
2036. IEEE80211_RADIOTAP_VHT_FLAG_SGI))
2037. rate_flags |= IEEE80211_TX_RC_SHORT_GI;
2038. if (vht_known &
2039. IEEE80211_RADIOTAP_VHT_KNOWN_BANDWIDTH) {
2040. if (iterator.this_arg[3] == 1)
2041. rate_flags |=
2042. IEEE80211_TX_RC_40_MHZ_WIDTH;
2043. else if (iterator.this_arg[3] == 4)
2044. rate_flags |=
2045. IEEE80211_TX_RC_80_MHZ_WIDTH;
2046. else if (iterator.this_arg[3] == 11)
2047. rate_flags |=
2048. IEEE80211_TX_RC_160_MHZ_WIDTH;
2049. }
2050.  
2051. vht_mcs = iterator.this_arg[4] >> 4;
2052. vht_nss = iterator.this_arg[4] & 0xF;
2053. break;
2054.  
2055. /*
2056. * Please update the file
2057. * Documentation/networking/mac80211-injection.txt
2058. * when parsing new fields here.
2059. */
2060.  
2061. default:
2062. break;
2063. }
2064. }
2065.  
2066. if (ret != -ENOENT) /* ie, if we didn't simply run out of fields */
2067. return false;
2068.  
2069. if (rate_found) {
2070. info->control.flags |= IEEE80211_TX_CTRL_RATE_INJECT;
2071.  
2072. for (i = 0; i < IEEE80211_TX_MAX_RATES; i++) {
2073. info->control.rates[i].idx = -1;
2074. info->control.rates[i].flags = 0;
2075. info->control.rates[i].count = 0;
2076. }
2077.  
2078. if (rate_flags & IEEE80211_TX_RC_MCS) {
2079. info->control.rates[0].idx = rate;
2080. } else if (rate_flags & IEEE80211_TX_RC_VHT_MCS) {
2081. ieee80211_rate_set_vht(info->control.rates, vht_mcs,
2082. vht_nss);
2083. } else {
2084. for (i = 0; i < sband->n_bitrates; i++) {
2085. if (rate * 5 != sband->bitrates[i].bitrate)
2086. continue;
2087.  
2088. info->control.rates[0].idx = i;
2089. break;
2090. }
2091. }
2092.  
2093. if (info->control.rates[0].idx < 0)
2094. info->control.flags &= ~IEEE80211_TX_CTRL_RATE_INJECT;
2095.  
2096. info->control.rates[0].flags = rate_flags;
2097. info->control.rates[0].count = min_t(u8, rate_retries + 1,
2098. local->hw.max_rate_tries);
2099. }
2100.  
2101. /*
2102. * remove the radiotap header
2103. * iterator->_max_length was sanity-checked against
2104. * skb->len by iterator init
2105. */
2106. skb_pull(skb, iterator._max_length);
2107.  
2108. return true;
2109. }
2110.  
2111. netdev_tx_t ieee80211_monitor_start_xmit(struct sk_buff *skb,
2112. struct net_device *dev)
2113. {
2114. struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2115. struct ieee80211_chanctx_conf *chanctx_conf;
2116. struct ieee80211_radiotap_header *prthdr =
2117. (struct ieee80211_radiotap_header *)skb->data;
2118. struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
2119. struct ieee80211_hdr *hdr;
2120. struct ieee80211_sub_if_data *tmp_sdata, *sdata;
2121. struct cfg80211_chan_def *chandef;
2122. u16 len_rthdr;
2123. int hdrlen;
2124.  
2125. /* check for not even having the fixed radiotap header part */
2126. if (unlikely(skb->len < sizeof(struct ieee80211_radiotap_header)))
2127. goto fail; /* too short to be possibly valid */
2128.  
2129. /* is it a header version we can trust to find length from? */
2130. if (unlikely(prthdr->it_version))
2131. goto fail; /* only version 0 is supported */
2132.  
2133. /* then there must be a radiotap header with a length we can use */
2134. len_rthdr = ieee80211_get_radiotap_len(skb->data);
2135.  
2136. /* does the skb contain enough to deliver on the alleged length? */
2137. if (unlikely(skb->len < len_rthdr))
2138. goto fail; /* skb too short for claimed rt header extent */
2139.  
2140. /*
2141. * fix up the pointers accounting for the radiotap
2142. * header still being in there. We are being given
2143. * a precooked IEEE80211 header so no need for
2144. * normal processing
2145. */
2146. skb_set_mac_header(skb, len_rthdr);
2147. /*
2148. * these are just fixed to the end of the rt area since we
2149. * don't have any better information and at this point, nobody cares
2150. */
2151. skb_set_network_header(skb, len_rthdr);
2152. skb_set_transport_header(skb, len_rthdr);
2153.  
2154. if (skb->len < len_rthdr + 2)
2155. goto fail;
2156.  
2157. hdr = (struct ieee80211_hdr *)(skb->data + len_rthdr);
2158. hdrlen = ieee80211_hdrlen(hdr->frame_control);
2159.  
2160. if (skb->len < len_rthdr + hdrlen)
2161. goto fail;
2162.  
2163. /*
2164. * Initialize skb->protocol if the injected frame is a data frame
2165. * carrying a rfc1042 header
2166. */
2167. if (ieee80211_is_data(hdr->frame_control) &&
2168. skb->len >= len_rthdr + hdrlen + sizeof(rfc1042_header) + 2) {
2169. u8 *payload = (u8 *)hdr + hdrlen;
2170.  
2171. if (ether_addr_equal(payload, rfc1042_header))
2172. skb->protocol = cpu_to_be16((payload[6] << 8) |
2173. payload[7]);
2174. }
2175.  
2176. memset(info, 0, sizeof(*info));
2177.  
2178. info->flags = IEEE80211_TX_CTL_REQ_TX_STATUS |
2179. IEEE80211_TX_CTL_INJECTED;
2180.  
2181. rcu_read_lock();
2182.  
2183. /*
2184. * We process outgoing injected frames that have a local address
2185. * we handle as though they are non-injected frames.
2186. * This code here isn't entirely correct, the local MAC address
2187. * isn't always enough to find the interface to use; for proper
2188. * VLAN/WDS support we will need a different mechanism (which
2189. * likely isn't going to be monitor interfaces).
2190. */
2191. sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2192.  
2193. list_for_each_entry_rcu(tmp_sdata, &local->interfaces, list) {
2194. if (!ieee80211_sdata_running(tmp_sdata))
2195. continue;
2196. if (tmp_sdata->vif.type == NL80211_IFTYPE_MONITOR ||
2197. tmp_sdata->vif.type == NL80211_IFTYPE_AP_VLAN ||
2198. tmp_sdata->vif.type == NL80211_IFTYPE_WDS)
2199. continue;
2200. if (ether_addr_equal(tmp_sdata->vif.addr, hdr->addr2)) {
2201. sdata = tmp_sdata;
2202. break;
2203. }
2204. }
2205.  
2206. chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
2207. if (!chanctx_conf) {
2208. tmp_sdata = rcu_dereference(local->monitor_sdata);
2209. if (tmp_sdata)
2210. chanctx_conf =
2211. rcu_dereference(tmp_sdata->vif.chanctx_conf);
2212. }
2213.  
2214. if (chanctx_conf)
2215. chandef = &chanctx_conf->def;
2216. else if (!local->use_chanctx)
2217. chandef = &local->_oper_chandef;
2218. else
2219. goto fail_rcu;
2220.  
2221. /*
2222. * Frame injection is not allowed if beaconing is not allowed
2223. * or if we need radar detection. Beaconing is usually not allowed when
2224. * the mode or operation (Adhoc, AP, Mesh) does not support DFS.
2225. * Passive scan is also used in world regulatory domains where
2226. * your country is not known and as such it should be treated as
2227. * NO TX unless the channel is explicitly allowed in which case
2228. * your current regulatory domain would not have the passive scan
2229. * flag.
2230. *
2231. * Since AP mode uses monitor interfaces to inject/TX management
2232. * frames we can make AP mode the exception to this rule once it
2233. * supports radar detection as its implementation can deal with
2234. * radar detection by itself. We can do that later by adding a
2235. * monitor flag interfaces used for AP support.
2236. */
2237. if (!cfg80211_reg_can_beacon(local->hw.wiphy, chandef,
2238. sdata->vif.type))
2239. goto fail_rcu;
2240.  
2241. info->band = chandef->chan->band;
2242.  
2243. /* process and remove the injection radiotap header */
2244. if (!ieee80211_parse_tx_radiotap(local, skb))
2245. goto fail_rcu;
2246.  
2247. ieee80211_xmit(sdata, NULL, skb);
2248. rcu_read_unlock();
2249.  
2250. return NETDEV_TX_OK;
2251.  
2252. fail_rcu:
2253. rcu_read_unlock();
2254. fail:
2255. dev_kfree_skb(skb);
2256. return NETDEV_TX_OK; /* meaning, we dealt with the skb */
2257. }
2258.  
2259. static inline bool ieee80211_is_tdls_setup(struct sk_buff *skb)
2260. {
2261. u16 ethertype = (skb->data[12] << 8) | skb->data[13];
2262.  
2263. return ethertype == ETH_P_TDLS &&
2264. skb->len > 14 &&
2265. skb->data[14] == WLAN_TDLS_SNAP_RFTYPE;
2266. }
2267.  
2268. static int ieee80211_lookup_ra_sta(struct ieee80211_sub_if_data *sdata,
2269. struct sk_buff *skb,
2270. struct sta_info **sta_out)
2271. {
2272. struct sta_info *sta;
2273.  
2274. switch (sdata->vif.type) {
2275. case NL80211_IFTYPE_AP_VLAN:
2276. sta = rcu_dereference(sdata->u.vlan.sta);
2277. if (sta) {
2278. *sta_out = sta;
2279. return 0;
2280. } else if (sdata->wdev.use_4addr) {
2281. return -ENOLINK;
2282. }
2283. /* fall through */
2284. case NL80211_IFTYPE_AP:
2285. case NL80211_IFTYPE_OCB:
2286. case NL80211_IFTYPE_ADHOC:
2287. if (is_multicast_ether_addr(skb->data)) {
2288. *sta_out = ERR_PTR(-ENOENT);
2289. return 0;
2290. }
2291. sta = sta_info_get_bss(sdata, skb->data);
2292. break;
2293. case NL80211_IFTYPE_WDS:
2294. sta = sta_info_get(sdata, sdata->u.wds.remote_addr);
2295. break;
2296. #ifdef CONFIG_MAC80211_MESH
2297. case NL80211_IFTYPE_MESH_POINT:
2298. /* determined much later */
2299. *sta_out = NULL;
2300. return 0;
2301. #endif
2302. case NL80211_IFTYPE_STATION:
2303. if (sdata->wdev.wiphy->flags & WIPHY_FLAG_SUPPORTS_TDLS) {
2304. sta = sta_info_get(sdata, skb->data);
2305. if (sta && test_sta_flag(sta, WLAN_STA_TDLS_PEER)) {
2306. if (test_sta_flag(sta,
2307. WLAN_STA_TDLS_PEER_AUTH)) {
2308. *sta_out = sta;
2309. return 0;
2310. }
2311.  
2312. /*
2313. * TDLS link during setup - throw out frames to
2314. * peer. Allow TDLS-setup frames to unauthorized
2315. * peers for the special case of a link teardown
2316. * after a TDLS sta is removed due to being
2317. * unreachable.
2318. */
2319. if (!ieee80211_is_tdls_setup(skb))
2320. return -EINVAL;
2321. }
2322.  
2323. }
2324.  
2325. sta = sta_info_get(sdata, sdata->u.mgd.bssid);
2326. if (!sta)
2327. return -ENOLINK;
2328. break;
2329. default:
2330. return -EINVAL;
2331. }
2332.  
2333. *sta_out = sta ?: ERR_PTR(-ENOENT);
2334. return 0;
2335. }
2336.  
2337. /**
2338. * ieee80211_build_hdr - build 802.11 header in the given frame
2339. * @sdata: virtual interface to build the header for
2340. * @skb: the skb to build the header in
2341. * @info_flags: skb flags to set
2342. *
2343. * This function takes the skb with 802.3 header and reformats the header to
2344. * the appropriate IEEE 802.11 header based on which interface the packet is
2345. * being transmitted on.
2346. *
2347. * Note that this function also takes care of the TX status request and
2348. * potential unsharing of the SKB - this needs to be interleaved with the
2349. * header building.
2350. *
2351. * The function requires the read-side RCU lock held
2352. *
2353. * Returns: the (possibly reallocated) skb or an ERR_PTR() code
2354. */
2355. static struct sk_buff *ieee80211_build_hdr(struct ieee80211_sub_if_data *sdata,
2356. struct sk_buff *skb, u32 info_flags,
2357. struct sta_info *sta)
2358. {
2359. struct ieee80211_local *local = sdata->local;
2360. struct ieee80211_tx_info *info;
2361. int head_need;
2362. u16 ethertype, hdrlen, meshhdrlen = 0;
2363. __le16 fc;
2364. struct ieee80211_hdr hdr;
2365. struct ieee80211s_hdr mesh_hdr __maybe_unused;
2366. struct mesh_path __maybe_unused *mppath = NULL, *mpath = NULL;
2367. const u8 *encaps_data;
2368. int encaps_len, skip_header_bytes;
2369. bool wme_sta = false, authorized = false;
2370. bool tdls_peer;
2371. bool multicast;
2372. u16 info_id = 0;
2373. struct ieee80211_chanctx_conf *chanctx_conf;
2374. struct ieee80211_sub_if_data *ap_sdata;
2375. enum nl80211_band band;
2376. int ret;
2377.  
2378. if (IS_ERR(sta))
2379. sta = NULL;
2380.  
2381. /* convert Ethernet header to proper 802.11 header (based on
2382. * operation mode) */
2383. ethertype = (skb->data[12] << 8) | skb->data[13];
2384. fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA);
2385.  
2386. switch (sdata->vif.type) {
2387. case NL80211_IFTYPE_AP_VLAN:
2388. if (sdata->wdev.use_4addr) {
2389. fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS);
2390. /* RA TA DA SA */
2391. memcpy(hdr.addr1, sta->sta.addr, ETH_ALEN);
2392. memcpy(hdr.addr2, sdata->vif.addr, ETH_ALEN);
2393. memcpy(hdr.addr3, skb->data, ETH_ALEN);
2394. memcpy(hdr.addr4, skb->data + ETH_ALEN, ETH_ALEN);
2395. hdrlen = 30;
2396. authorized = test_sta_flag(sta, WLAN_STA_AUTHORIZED);
2397. wme_sta = sta->sta.wme;
2398. }
2399. ap_sdata = container_of(sdata->bss, struct ieee80211_sub_if_data,
2400. u.ap);
2401. chanctx_conf = rcu_dereference(ap_sdata->vif.chanctx_conf);
2402. if (!chanctx_conf) {
2403. ret = -ENOTCONN;
2404. goto free;
2405. }
2406. band = chanctx_conf->def.chan->band;
2407. if (sdata->wdev.use_4addr)
2408. break;
2409. /* fall through */
2410. case NL80211_IFTYPE_AP:
2411. if (sdata->vif.type == NL80211_IFTYPE_AP)
2412. chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
2413. if (!chanctx_conf) {
2414. ret = -ENOTCONN;
2415. goto free;
2416. }
2417. fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS);
2418. /* DA BSSID SA */
2419. memcpy(hdr.addr1, skb->data, ETH_ALEN);
2420. memcpy(hdr.addr2, sdata->vif.addr, ETH_ALEN);
2421. memcpy(hdr.addr3, skb->data + ETH_ALEN, ETH_ALEN);
2422. hdrlen = 24;
2423. band = chanctx_conf->def.chan->band;
2424. break;
2425. case NL80211_IFTYPE_WDS:
2426. fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS);
2427. /* RA TA DA SA */
2428. memcpy(hdr.addr1, sdata->u.wds.remote_addr, ETH_ALEN);
2429. memcpy(hdr.addr2, sdata->vif.addr, ETH_ALEN);
2430. memcpy(hdr.addr3, skb->data, ETH_ALEN);
2431. memcpy(hdr.addr4, skb->data + ETH_ALEN, ETH_ALEN);
2432. hdrlen = 30;
2433. /*
2434. * This is the exception! WDS style interfaces are prohibited
2435. * when channel contexts are in used so this must be valid
2436. */
2437. band = local->hw.conf.chandef.chan->band;
2438. break;
2439. #ifdef CONFIG_MAC80211_MESH
2440. case NL80211_IFTYPE_MESH_POINT:
2441. if (!is_multicast_ether_addr(skb->data)) {
2442. struct sta_info *next_hop;
2443. bool mpp_lookup = true;
2444.  
2445. mpath = mesh_path_lookup(sdata, skb->data);
2446. if (mpath) {
2447. mpp_lookup = false;
2448. next_hop = rcu_dereference(mpath->next_hop);
2449. if (!next_hop ||
2450. !(mpath->flags & (MESH_PATH_ACTIVE |
2451. MESH_PATH_RESOLVING)))
2452. mpp_lookup = true;
2453. }
2454.  
2455. if (mpp_lookup) {
2456. mppath = mpp_path_lookup(sdata, skb->data);
2457. if (mppath)
2458. mppath->exp_time = jiffies;
2459. }
2460.  
2461. if (mppath && mpath)
2462. mesh_path_del(sdata, mpath->dst);
2463. }
2464.  
2465. /*
2466. * Use address extension if it is a packet from
2467. * another interface or if we know the destination
2468. * is being proxied by a portal (i.e. portal address
2469. * differs from proxied address)
2470. */
2471. if (ether_addr_equal(sdata->vif.addr, skb->data + ETH_ALEN) &&
2472. !(mppath && !ether_addr_equal(mppath->mpp, skb->data))) {
2473. hdrlen = ieee80211_fill_mesh_addresses(&hdr, &fc,
2474. skb->data, skb->data + ETH_ALEN);
2475. meshhdrlen = ieee80211_new_mesh_header(sdata, &mesh_hdr,
2476. NULL, NULL);
2477. } else {
2478. /* DS -> MBSS (802.11-2012 13.11.3.3).
2479. * For unicast with unknown forwarding information,
2480. * destination might be in the MBSS or if that fails
2481. * forwarded to another mesh gate. In either case
2482. * resolution will be handled in ieee80211_xmit(), so
2483. * leave the original DA. This also works for mcast */
2484. const u8 *mesh_da = skb->data;
2485.  
2486. if (mppath)
2487. mesh_da = mppath->mpp;
2488. else if (mpath)
2489. mesh_da = mpath->dst;
2490.  
2491. hdrlen = ieee80211_fill_mesh_addresses(&hdr, &fc,
2492. mesh_da, sdata->vif.addr);
2493. if (is_multicast_ether_addr(mesh_da))
2494. /* DA TA mSA AE:SA */
2495. meshhdrlen = ieee80211_new_mesh_header(
2496. sdata, &mesh_hdr,
2497. skb->data + ETH_ALEN, NULL);
2498. else
2499. /* RA TA mDA mSA AE:DA SA */
2500. meshhdrlen = ieee80211_new_mesh_header(
2501. sdata, &mesh_hdr, skb->data,
2502. skb->data + ETH_ALEN);
2503.  
2504. }
2505. chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
2506. if (!chanctx_conf) {
2507. ret = -ENOTCONN;
2508. goto free;
2509. }
2510. band = chanctx_conf->def.chan->band;
2511. break;
2512. #endif
2513. case NL80211_IFTYPE_STATION:
2514. /* we already did checks when looking up the RA STA */
2515. tdls_peer = test_sta_flag(sta, WLAN_STA_TDLS_PEER);
2516.  
2517. if (tdls_peer) {
2518. /* DA SA BSSID */
2519. memcpy(hdr.addr1, skb->data, ETH_ALEN);
2520. memcpy(hdr.addr2, skb->data + ETH_ALEN, ETH_ALEN);
2521. memcpy(hdr.addr3, sdata->u.mgd.bssid, ETH_ALEN);
2522. hdrlen = 24;
2523. } else if (sdata->u.mgd.use_4addr &&
2524. cpu_to_be16(ethertype) != sdata->control_port_protocol) {
2525. fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS |
2526. IEEE80211_FCTL_TODS);
2527. /* RA TA DA SA */
2528. memcpy(hdr.addr1, sdata->u.mgd.bssid, ETH_ALEN);
2529. memcpy(hdr.addr2, sdata->vif.addr, ETH_ALEN);
2530. memcpy(hdr.addr3, skb->data, ETH_ALEN);
2531. memcpy(hdr.addr4, skb->data + ETH_ALEN, ETH_ALEN);
2532. hdrlen = 30;
2533. } else {
2534. fc |= cpu_to_le16(IEEE80211_FCTL_TODS);
2535. /* BSSID SA DA */
2536. memcpy(hdr.addr1, sdata->u.mgd.bssid, ETH_ALEN);
2537. memcpy(hdr.addr2, skb->data + ETH_ALEN, ETH_ALEN);
2538. memcpy(hdr.addr3, skb->data, ETH_ALEN);
2539. hdrlen = 24;
2540. }
2541. chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
2542. if (!chanctx_conf) {
2543. ret = -ENOTCONN;
2544. goto free;
2545. }
2546. band = chanctx_conf->def.chan->band;
2547. break;
2548. case NL80211_IFTYPE_OCB:
2549. /* DA SA BSSID */
2550. memcpy(hdr.addr1, skb->data, ETH_ALEN);
2551. memcpy(hdr.addr2, skb->data + ETH_ALEN, ETH_ALEN);
2552. eth_broadcast_addr(hdr.addr3);
2553. hdrlen = 24;
2554. chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
2555. if (!chanctx_conf) {
2556. ret = -ENOTCONN;
2557. goto free;
2558. }
2559. band = chanctx_conf->def.chan->band;
2560. break;
2561. case NL80211_IFTYPE_ADHOC:
2562. /* DA SA BSSID */
2563. memcpy(hdr.addr1, skb->data, ETH_ALEN);
2564. memcpy(hdr.addr2, skb->data + ETH_ALEN, ETH_ALEN);
2565. memcpy(hdr.addr3, sdata->u.ibss.bssid, ETH_ALEN);
2566. hdrlen = 24;
2567. chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
2568. if (!chanctx_conf) {
2569. ret = -ENOTCONN;
2570. goto free;
2571. }
2572. band = chanctx_conf->def.chan->band;
2573. break;
2574. default:
2575. ret = -EINVAL;
2576. goto free;
2577. }
2578.  
2579. multicast = is_multicast_ether_addr(hdr.addr1);
2580.  
2581. /* sta is always NULL for mesh */
2582. if (sta) {
2583. authorized = test_sta_flag(sta, WLAN_STA_AUTHORIZED);
2584. wme_sta = sta->sta.wme;
2585. } else if (ieee80211_vif_is_mesh(&sdata->vif)) {
2586. /* For mesh, the use of the QoS header is mandatory */
2587. wme_sta = true;
2588. }
2589.  
2590. /* receiver does QoS (which also means we do) use it */
2591. if (wme_sta) {
2592. fc |= cpu_to_le16(IEEE80211_STYPE_QOS_DATA);
2593. hdrlen += 2;
2594. }
2595.  
2596. /*
2597. * Drop unicast frames to unauthorised stations unless they are
2598. * EAPOL frames from the local station.
2599. */
2600. if (unlikely(!ieee80211_vif_is_mesh(&sdata->vif) &&
2601. (sdata->vif.type != NL80211_IFTYPE_OCB) &&
2602. !multicast && !authorized &&
2603. (cpu_to_be16(ethertype) != sdata->control_port_protocol ||
2604. !ether_addr_equal(sdata->vif.addr, skb->data + ETH_ALEN)))) {
2605. #ifdef CONFIG_MAC80211_VERBOSE_DEBUG
2606. net_info_ratelimited("%s: dropped frame to %pM (unauthorized port)\n",
2607. sdata->name, hdr.addr1);
2608. #endif
2609.  
2610. I802_DEBUG_INC(local->tx_handlers_drop_unauth_port);
2611.  
2612. ret = -EPERM;
2613. goto free;
2614. }
2615.  
2616. if (unlikely(!multicast && skb->sk &&
2617. skb_shinfo(skb)->tx_flags & SKBTX_WIFI_STATUS)) {
2618. struct sk_buff *ack_skb = skb_clone_sk(skb);
2619.  
2620. if (ack_skb) {
2621. unsigned long flags;
2622. int id;
2623.  
2624. spin_lock_irqsave(&local->ack_status_lock, flags);
2625. id = idr_alloc(&local->ack_status_frames, ack_skb,
2626. 1, 0x10000, GFP_ATOMIC);
2627. spin_unlock_irqrestore(&local->ack_status_lock, flags);
2628.  
2629. if (id >= 0) {
2630. info_id = id;
2631. info_flags |= IEEE80211_TX_CTL_REQ_TX_STATUS;
2632. } else {
2633. kfree_skb(ack_skb);
2634. }
2635. }
2636. }
2637.  
2638. /*
2639. * If the skb is shared we need to obtain our own copy.
2640. */
2641. if (skb_shared(skb)) {
2642. struct sk_buff *tmp_skb = skb;
2643.  
2644. /* can't happen -- skb is a clone if info_id != 0 */
2645. WARN_ON(info_id);
2646.  
2647. skb = skb_clone(skb, GFP_ATOMIC);
2648. kfree_skb(tmp_skb);
2649.  
2650. if (!skb) {
2651. ret = -ENOMEM;
2652. goto free;
2653. }
2654. }
2655.  
2656. hdr.frame_control = fc;
2657. hdr.duration_id = 0;
2658. hdr.seq_ctrl = 0;
2659.  
2660. skip_header_bytes = ETH_HLEN;
2661. if (ethertype == ETH_P_AARP || ethertype == ETH_P_IPX) {
2662. encaps_data = bridge_tunnel_header;
2663. encaps_len = sizeof(bridge_tunnel_header);
2664. skip_header_bytes -= 2;
2665. } else if (ethertype >= ETH_P_802_3_MIN) {
2666. encaps_data = rfc1042_header;
2667. encaps_len = sizeof(rfc1042_header);
2668. skip_header_bytes -= 2;
2669. } else {
2670. encaps_data = NULL;
2671. encaps_len = 0;
2672. }
2673.  
2674. skb_pull(skb, skip_header_bytes);
2675. head_need = hdrlen + encaps_len + meshhdrlen - skb_headroom(skb);
2676.  
2677. /*
2678. * So we need to modify the skb header and hence need a copy of
2679. * that. The head_need variable above doesn't, so far, include
2680. * the needed header space that we don't need right away. If we
2681. * can, then we don't reallocate right now but only after the
2682. * frame arrives at the master device (if it does...)
2683. *
2684. * If we cannot, however, then we will reallocate to include all
2685. * the ever needed space. Also, if we need to reallocate it anyway,
2686. * make it big enough for everything we may ever need.
2687. */
2688.  
2689. if (head_need > 0 || skb_cloned(skb)) {
2690. head_need += sdata->encrypt_headroom;
2691. head_need += local->tx_headroom;
2692. head_need = max_t(int, 0, head_need);
2693. if (ieee80211_skb_resize(sdata, skb, head_need, true)) {
2694. ieee80211_free_txskb(&local->hw, skb);
2695. skb = NULL;
2696. return ERR_PTR(-ENOMEM);
2697. }
2698. }
2699.  
2700. if (encaps_data)
2701. memcpy(skb_push(skb, encaps_len), encaps_data, encaps_len);
2702.  
2703. #ifdef CONFIG_MAC80211_MESH
2704. if (meshhdrlen > 0)
2705. memcpy(skb_push(skb, meshhdrlen), &mesh_hdr, meshhdrlen);
2706. #endif
2707.  
2708. if (ieee80211_is_data_qos(fc)) {
2709. __le16 *qos_control;
2710.  
2711. qos_control = (__le16 *) skb_push(skb, 2);
2712. memcpy(skb_push(skb, hdrlen - 2), &hdr, hdrlen - 2);
2713. /*
2714. * Maybe we could actually set some fields here, for now just
2715. * initialise to zero to indicate no special operation.
2716. */
2717. *qos_control = 0;
2718. } else
2719. memcpy(skb_push(skb, hdrlen), &hdr, hdrlen);
2720.  
2721. skb_reset_mac_header(skb);
2722.  
2723. info = IEEE80211_SKB_CB(skb);
2724. memset(info, 0, sizeof(*info));
2725.  
2726. info->flags = info_flags;
2727. info->ack_frame_id = info_id;
2728. info->band = band;
2729.  
2730. return skb;
2731. free:
2732. kfree_skb(skb);
2733. return ERR_PTR(ret);
2734. }
2735.  
2736. /*
2737. * fast-xmit overview
2738. *
2739. * The core idea of this fast-xmit is to remove per-packet checks by checking
2740. * them out of band. ieee80211_check_fast_xmit() implements the out-of-band
2741. * checks that are needed to get the sta->fast_tx pointer assigned, after which
2742. * much less work can be done per packet. For example, fragmentation must be
2743. * disabled or the fast_tx pointer will not be set. All the conditions are seen
2744. * in the code here.
2745. *
2746. * Once assigned, the fast_tx data structure also caches the per-packet 802.11
2747. * header and other data to aid packet processing in ieee80211_xmit_fast().
2748. *
2749. * The most difficult part of this is that when any of these assumptions
2750. * change, an external trigger (i.e. a call to ieee80211_clear_fast_xmit(),
2751. * ieee80211_check_fast_xmit() or friends) is required to reset the data,
2752. * since the per-packet code no longer checks the conditions. This is reflected
2753. * by the calls to these functions throughout the rest of the code, and must be
2754. * maintained if any of the TX path checks change.
2755. */
2756.  
2757. void ieee80211_check_fast_xmit(struct sta_info *sta)
2758. {
2759. struct ieee80211_fast_tx build = {}, *fast_tx = NULL, *old;
2760. struct ieee80211_local *local = sta->local;
2761. struct ieee80211_sub_if_data *sdata = sta->sdata;
2762. struct ieee80211_hdr *hdr = (void *)build.hdr;
2763. struct ieee80211_chanctx_conf *chanctx_conf;
2764. __le16 fc;
2765.  
2766. if (!ieee80211_hw_check(&local->hw, SUPPORT_FAST_XMIT))
2767. return;
2768.  
2769. /* Locking here protects both the pointer itself, and against concurrent
2770. * invocations winning data access races to, e.g., the key pointer that
2771. * is used.
2772. * Without it, the invocation of this function right after the key
2773. * pointer changes wouldn't be sufficient, as another CPU could access
2774. * the pointer, then stall, and then do the cache update after the CPU
2775. * that invalidated the key.
2776. * With the locking, such scenarios cannot happen as the check for the
2777. * key and the fast-tx assignment are done atomically, so the CPU that
2778. * modifies the key will either wait or other one will see the key
2779. * cleared/changed already.
2780. */
2781. spin_lock_bh(&sta->lock);
2782. if (ieee80211_hw_check(&local->hw, SUPPORTS_PS) &&
2783. !ieee80211_hw_check(&local->hw, SUPPORTS_DYNAMIC_PS) &&
2784. sdata->vif.type == NL80211_IFTYPE_STATION)
2785. goto out;
2786.  
2787. if (!test_sta_flag(sta, WLAN_STA_AUTHORIZED))
2788. goto out;
2789.  
2790. if (test_sta_flag(sta, WLAN_STA_PS_STA) ||
2791. test_sta_flag(sta, WLAN_STA_PS_DRIVER) ||
2792. test_sta_flag(sta, WLAN_STA_PS_DELIVER) ||
2793. test_sta_flag(sta, WLAN_STA_CLEAR_PS_FILT))
2794. goto out;
2795.  
2796. if (sdata->noack_map)
2797. goto out;
2798.  
2799. /* fast-xmit doesn't handle fragmentation at all */
2800. if (local->hw.wiphy->frag_threshold != (u32)-1 &&
2801. !local->ops->set_frag_threshold)
2802. goto out;
2803.  
2804. rcu_read_lock();
2805. chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
2806. if (!chanctx_conf) {
2807. rcu_read_unlock();
2808. goto out;
2809. }
2810. build.band = chanctx_conf->def.chan->band;
2811. rcu_read_unlock();
2812.  
2813. fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA);
2814.  
2815. switch (sdata->vif.type) {
2816. case NL80211_IFTYPE_ADHOC:
2817. /* DA SA BSSID */
2818. build.da_offs = offsetof(struct ieee80211_hdr, addr1);
2819. build.sa_offs = offsetof(struct ieee80211_hdr, addr2);
2820. memcpy(hdr->addr3, sdata->u.ibss.bssid, ETH_ALEN);
2821. build.hdr_len = 24;
2822. break;
2823. case NL80211_IFTYPE_STATION:
2824. if (test_sta_flag(sta, WLAN_STA_TDLS_PEER)) {
2825. /* DA SA BSSID */
2826. build.da_offs = offsetof(struct ieee80211_hdr, addr1);
2827. build.sa_offs = offsetof(struct ieee80211_hdr, addr2);
2828. memcpy(hdr->addr3, sdata->u.mgd.bssid, ETH_ALEN);
2829. build.hdr_len = 24;
2830. break;
2831. }
2832.  
2833. if (sdata->u.mgd.use_4addr) {
2834. /* non-regular ethertype cannot use the fastpath */
2835. fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS |
2836. IEEE80211_FCTL_TODS);
2837. /* RA TA DA SA */
2838. memcpy(hdr->addr1, sdata->u.mgd.bssid, ETH_ALEN);
2839. memcpy(hdr->addr2, sdata->vif.addr, ETH_ALEN);
2840. build.da_offs = offsetof(struct ieee80211_hdr, addr3);
2841. build.sa_offs = offsetof(struct ieee80211_hdr, addr4);
2842. build.hdr_len = 30;
2843. break;
2844. }
2845. fc |= cpu_to_le16(IEEE80211_FCTL_TODS);
2846. /* BSSID SA DA */
2847. memcpy(hdr->addr1, sdata->u.mgd.bssid, ETH_ALEN);
2848. build.da_offs = offsetof(struct ieee80211_hdr, addr3);
2849. build.sa_offs = offsetof(struct ieee80211_hdr, addr2);
2850. build.hdr_len = 24;
2851. break;
2852. case NL80211_IFTYPE_AP_VLAN:
2853. if (sdata->wdev.use_4addr) {
2854. fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS |
2855. IEEE80211_FCTL_TODS);
2856. /* RA TA DA SA */
2857. memcpy(hdr->addr1, sta->sta.addr, ETH_ALEN);
2858. memcpy(hdr->addr2, sdata->vif.addr, ETH_ALEN);
2859. build.da_offs = offsetof(struct ieee80211_hdr, addr3);
2860. build.sa_offs = offsetof(struct ieee80211_hdr, addr4);
2861. build.hdr_len = 30;
2862. break;
2863. }
2864. /* fall through */
2865. case NL80211_IFTYPE_AP:
2866. fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS);
2867. /* DA BSSID SA */
2868. build.da_offs = offsetof(struct ieee80211_hdr, addr1);
2869. memcpy(hdr->addr2, sdata->vif.addr, ETH_ALEN);
2870. build.sa_offs = offsetof(struct ieee80211_hdr, addr3);
2871. build.hdr_len = 24;
2872. break;
2873. default:
2874. /* not handled on fast-xmit */
2875. goto out;
2876. }
2877.  
2878. if (sta->sta.wme) {
2879. build.hdr_len += 2;
2880. fc |= cpu_to_le16(IEEE80211_STYPE_QOS_DATA);
2881. }
2882.  
2883. /* We store the key here so there's no point in using rcu_dereference()
2884. * but that's fine because the code that changes the pointers will call
2885. * this function after doing so. For a single CPU that would be enough,
2886. * for multiple see the comment above.
2887. */
2888. build.key = rcu_access_pointer(sta->ptk[sta->ptk_idx]);
2889. if (!build.key)
2890. build.key = rcu_access_pointer(sdata->default_unicast_key);
2891. if (build.key) {
2892. bool gen_iv, iv_spc, mmic;
2893.  
2894. gen_iv = build.key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV;
2895. iv_spc = build.key->conf.flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE;
2896. mmic = build.key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC;
2897.  
2898. /* don't handle software crypto */
2899. if (!(build.key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
2900. goto out;
2901.  
2902. switch (build.key->conf.cipher) {
2903. case WLAN_CIPHER_SUITE_CCMP:
2904. case WLAN_CIPHER_SUITE_CCMP_256:
2905. /* add fixed key ID */
2906. if (gen_iv) {
2907. (build.hdr + build.hdr_len)[3] =
2908. 0x20 | (build.key->conf.keyidx << 6);
2909. build.pn_offs = build.hdr_len;
2910. }
2911. if (gen_iv || iv_spc)
2912. build.hdr_len += IEEE80211_CCMP_HDR_LEN;
2913. break;
2914. case WLAN_CIPHER_SUITE_GCMP:
2915. case WLAN_CIPHER_SUITE_GCMP_256:
2916. /* add fixed key ID */
2917. if (gen_iv) {
2918. (build.hdr + build.hdr_len)[3] =
2919. 0x20 | (build.key->conf.keyidx << 6);
2920. build.pn_offs = build.hdr_len;
2921. }
2922. if (gen_iv || iv_spc)
2923. build.hdr_len += IEEE80211_GCMP_HDR_LEN;
2924. break;
2925. case WLAN_CIPHER_SUITE_TKIP:
2926. /* cannot handle MMIC or IV generation in xmit-fast */
2927. if (mmic || gen_iv)
2928. goto out;
2929. if (iv_spc)
2930. build.hdr_len += IEEE80211_TKIP_IV_LEN;
2931. break;
2932. case WLAN_CIPHER_SUITE_WEP40:
2933. case WLAN_CIPHER_SUITE_WEP104:
2934. /* cannot handle IV generation in fast-xmit */
2935. if (gen_iv)
2936. goto out;
2937. if (iv_spc)
2938. build.hdr_len += IEEE80211_WEP_IV_LEN;
2939. break;
2940. case WLAN_CIPHER_SUITE_AES_CMAC:
2941. case WLAN_CIPHER_SUITE_BIP_CMAC_256:
2942. case WLAN_CIPHER_SUITE_BIP_GMAC_128:
2943. case WLAN_CIPHER_SUITE_BIP_GMAC_256:
2944. WARN(1,
2945. "management cipher suite 0x%x enabled for data\n",
2946. build.key->conf.cipher);
2947. goto out;
2948. default:
2949. /* we don't know how to generate IVs for this at all */
2950. if (WARN_ON(gen_iv))
2951. goto out;
2952. /* pure hardware keys are OK, of course */
2953. if (!(build.key->flags & KEY_FLAG_CIPHER_SCHEME))
2954. break;
2955. /* cipher scheme might require space allocation */
2956. if (iv_spc &&
2957. build.key->conf.iv_len > IEEE80211_FAST_XMIT_MAX_IV)
2958. goto out;
2959. if (iv_spc)
2960. build.hdr_len += build.key->conf.iv_len;
2961. }
2962.  
2963. fc |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
2964. }
2965.  
2966. hdr->frame_control = fc;
2967.  
2968. memcpy(build.hdr + build.hdr_len,
2969. rfc1042_header, sizeof(rfc1042_header));
2970. build.hdr_len += sizeof(rfc1042_header);
2971.  
2972. fast_tx = kmemdup(&build, sizeof(build), GFP_ATOMIC);
2973. /* if the kmemdup fails, continue w/o fast_tx */
2974. if (!fast_tx)
2975. goto out;
2976.  
2977. out:
2978. /* we might have raced against another call to this function */
2979. old = rcu_dereference_protected(sta->fast_tx,
2980. lockdep_is_held(&sta->lock));
2981. rcu_assign_pointer(sta->fast_tx, fast_tx);
2982. if (old)
2983. kfree_rcu(old, rcu_head);
2984. spin_unlock_bh(&sta->lock);
2985. }
2986.  
2987. void ieee80211_check_fast_xmit_all(struct ieee80211_local *local)
2988. {
2989. struct sta_info *sta;
2990.  
2991. rcu_read_lock();
2992. list_for_each_entry_rcu(sta, &local->sta_list, list)
2993. ieee80211_check_fast_xmit(sta);
2994. rcu_read_unlock();
2995. }
2996.  
2997. void ieee80211_check_fast_xmit_iface(struct ieee80211_sub_if_data *sdata)
2998. {
2999. struct ieee80211_local *local = sdata->local;
3000. struct sta_info *sta;
3001.  
3002. rcu_read_lock();
3003.  
3004. list_for_each_entry_rcu(sta, &local->sta_list, list) {
3005. if (sdata != sta->sdata &&
3006. (!sta->sdata->bss || sta->sdata->bss != sdata->bss))
3007. continue;
3008. ieee80211_check_fast_xmit(sta);
3009. }
3010.  
3011. rcu_read_unlock();
3012. }
3013.  
3014. void ieee80211_clear_fast_xmit(struct sta_info *sta)
3015. {
3016. struct ieee80211_fast_tx *fast_tx;
3017.  
3018. spin_lock_bh(&sta->lock);
3019. fast_tx = rcu_dereference_protected(sta->fast_tx,
3020. lockdep_is_held(&sta->lock));
3021. RCU_INIT_POINTER(sta->fast_tx, NULL);
3022. spin_unlock_bh(&sta->lock);
3023.  
3024. if (fast_tx)
3025. kfree_rcu(fast_tx, rcu_head);
3026. }
3027.  
3028. static bool ieee80211_amsdu_realloc_pad(struct ieee80211_local *local,
3029. struct sk_buff *skb, int headroom,
3030. int *subframe_len)
3031. {
3032. int amsdu_len = *subframe_len + sizeof(struct ethhdr);
3033. int padding = (4 - amsdu_len) & 3;
3034.  
3035. if (skb_headroom(skb) < headroom || skb_tailroom(skb) < padding) {
3036. I802_DEBUG_INC(local->tx_expand_skb_head);
3037.  
3038. if (pskb_expand_head(skb, headroom, padding, GFP_ATOMIC)) {
3039. wiphy_debug(local->hw.wiphy,
3040. "failed to reallocate TX buffer\n");
3041. return false;
3042. }
3043. }
3044.  
3045. if (padding) {
3046. *subframe_len += padding;
3047. memset(skb_put(skb, padding), 0, padding);
3048. }
3049.  
3050. return true;
3051. }
3052.  
3053. static bool ieee80211_amsdu_prepare_head(struct ieee80211_sub_if_data *sdata,
3054. struct ieee80211_fast_tx *fast_tx,
3055. struct sk_buff *skb)
3056. {
3057. struct ieee80211_local *local = sdata->local;
3058. struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
3059. struct ieee80211_hdr *hdr;
3060. struct ethhdr amsdu_hdr;
3061. int hdr_len = fast_tx->hdr_len - sizeof(rfc1042_header);
3062. int subframe_len = skb->len - hdr_len;
3063. void *data;
3064. u8 *qc;
3065.  
3066. if (info->flags & IEEE80211_TX_CTL_RATE_CTRL_PROBE)
3067. return false;
3068.  
3069. if (info->control.flags & IEEE80211_TX_CTRL_AMSDU)
3070. return true;
3071.  
3072. if (!ieee80211_amsdu_realloc_pad(local, skb, sizeof(amsdu_hdr),
3073. &subframe_len))
3074. return false;
3075.  
3076. amsdu_hdr.h_proto = cpu_to_be16(subframe_len);
3077. memcpy(amsdu_hdr.h_source, skb->data + fast_tx->sa_offs, ETH_ALEN);
3078. memcpy(amsdu_hdr.h_dest, skb->data + fast_tx->da_offs, ETH_ALEN);
3079.  
3080. data = skb_push(skb, sizeof(amsdu_hdr));
3081. memmove(data, data + sizeof(amsdu_hdr), hdr_len);
3082. memcpy(data + hdr_len, &amsdu_hdr, sizeof(amsdu_hdr));
3083.  
3084. hdr = data;
3085. qc = ieee80211_get_qos_ctl(hdr);
3086. *qc |= IEEE80211_QOS_CTL_A_MSDU_PRESENT;
3087.  
3088. info->control.flags |= IEEE80211_TX_CTRL_AMSDU;
3089.  
3090. return true;
3091. }
3092.  
3093. static bool ieee80211_amsdu_aggregate(struct ieee80211_sub_if_data *sdata,
3094. struct sta_info *sta,
3095. struct ieee80211_fast_tx *fast_tx,
3096. struct sk_buff *skb)
3097. {
3098. struct ieee80211_local *local = sdata->local;
3099. struct fq *fq = &local->fq;
3100. struct fq_tin *tin;
3101. struct fq_flow *flow;
3102. u8 tid = skb->priority & IEEE80211_QOS_CTL_TAG1D_MASK;
3103. struct ieee80211_txq *txq = sta->sta.txq[tid];
3104. struct txq_info *txqi;
3105. struct sk_buff **frag_tail, *head;
3106. int subframe_len = skb->len - ETH_ALEN;
3107. u8 max_subframes = sta->sta.max_amsdu_subframes;
3108. int max_frags = local->hw.max_tx_fragments;
3109. int max_amsdu_len = sta->sta.max_amsdu_len;
3110. __be16 len;
3111. void *data;
3112. bool ret = false;
3113. unsigned int orig_len;
3114. int n = 1, nfrags;
3115.  
3116. if (!ieee80211_hw_check(&local->hw, TX_AMSDU))
3117. return false;
3118.  
3119. if (!txq)
3120. return false;
3121.  
3122. txqi = to_txq_info(txq);
3123. if (test_bit(IEEE80211_TXQ_NO_AMSDU, &txqi->flags))
3124. return false;
3125.  
3126. if (sta->sta.max_rc_amsdu_len)
3127. max_amsdu_len = min_t(int, max_amsdu_len,
3128. sta->sta.max_rc_amsdu_len);
3129.  
3130. spin_lock_bh(&fq->lock);
3131.  
3132. /* TODO: Ideally aggregation should be done on dequeue to remain
3133. * responsive to environment changes.
3134. */
3135.  
3136. tin = &txqi->tin;
3137. flow = fq_flow_classify(fq, tin, skb, fq_flow_get_default_func);
3138. head = skb_peek_tail(&flow->queue);
3139. if (!head)
3140. goto out;
3141.  
3142. orig_len = head->len;
3143.  
3144. if (skb->len + head->len > max_amsdu_len)
3145. goto out;
3146.  
3147. if (!ieee80211_amsdu_prepare_head(sdata, fast_tx, head))
3148. goto out;
3149.  
3150. nfrags = 1 + skb_shinfo(skb)->nr_frags;
3151. nfrags += 1 + skb_shinfo(head)->nr_frags;
3152. frag_tail = &skb_shinfo(head)->frag_list;
3153. while (*frag_tail) {
3154. nfrags += 1 + skb_shinfo(*frag_tail)->nr_frags;
3155. frag_tail = &(*frag_tail)->next;
3156. n++;
3157. }
3158.  
3159. if (max_subframes && n > max_subframes)
3160. goto out;
3161.  
3162. if (max_frags && nfrags > max_frags)
3163. goto out;
3164.  
3165. if (!ieee80211_amsdu_realloc_pad(local, skb, sizeof(rfc1042_header) + 2,
3166. &subframe_len))
3167. goto out;
3168.  
3169. ret = true;
3170. data = skb_push(skb, ETH_ALEN + 2);
3171. memmove(data, data + ETH_ALEN + 2, 2 * ETH_ALEN);
3172.  
3173. data += 2 * ETH_ALEN;
3174. len = cpu_to_be16(subframe_len);
3175. memcpy(data, &len, 2);
3176. memcpy(data + 2, rfc1042_header, sizeof(rfc1042_header));
3177.  
3178. head->len += skb->len;
3179. head->data_len += skb->len;
3180. *frag_tail = skb;
3181.  
3182. flow->backlog += head->len - orig_len;
3183. tin->backlog_bytes += head->len - orig_len;
3184.  
3185. fq_recalc_backlog(fq, tin, flow);
3186.  
3187. out:
3188. spin_unlock_bh(&fq->lock);
3189.  
3190. return ret;
3191. }
3192.  
3193. /*
3194. * Can be called while the sta lock is held. Anything that can cause packets to
3195. * be generated will cause deadlock!
3196. */
3197. static void ieee80211_xmit_fast_finish(struct ieee80211_sub_if_data *sdata,
3198. struct sta_info *sta, u8 pn_offs,
3199. struct ieee80211_key *key,
3200. struct sk_buff *skb)
3201. {
3202. struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
3203. struct ieee80211_hdr *hdr = (void *)skb->data;
3204. u8 tid = IEEE80211_NUM_TIDS;
3205.  
3206. if (key)
3207. info->control.hw_key = &key->conf;
3208.  
3209. ieee80211_tx_stats(skb->dev, skb->len);
3210.  
3211. if (hdr->frame_control & cpu_to_le16(IEEE80211_STYPE_QOS_DATA)) {
3212. tid = skb->priority & IEEE80211_QOS_CTL_TAG1D_MASK;
3213. hdr->seq_ctrl = ieee80211_tx_next_seq(sta, tid);
3214. } else {
3215. info->flags |= IEEE80211_TX_CTL_ASSIGN_SEQ;
3216. hdr->seq_ctrl = cpu_to_le16(sdata->sequence_number);
3217. sdata->sequence_number += 0x10;
3218. }
3219.  
3220. if (skb_shinfo(skb)->gso_size)
3221. sta->tx_stats.msdu[tid] +=
3222. DIV_ROUND_UP(skb->len, skb_shinfo(skb)->gso_size);
3223. else
3224. sta->tx_stats.msdu[tid]++;
3225.  
3226. info->hw_queue = sdata->vif.hw_queue[skb_get_queue_mapping(skb)];
3227.  
3228. /* statistics normally done by ieee80211_tx_h_stats (but that
3229. * has to consider fragmentation, so is more complex)
3230. */
3231. sta->tx_stats.bytes[skb_get_queue_mapping(skb)] += skb->len;
3232. sta->tx_stats.packets[skb_get_queue_mapping(skb)]++;
3233.  
3234. if (pn_offs) {
3235. u64 pn;
3236. u8 *crypto_hdr = skb->data + pn_offs;
3237.  
3238. switch (key->conf.cipher) {
3239. case WLAN_CIPHER_SUITE_CCMP:
3240. case WLAN_CIPHER_SUITE_CCMP_256:
3241. case WLAN_CIPHER_SUITE_GCMP:
3242. case WLAN_CIPHER_SUITE_GCMP_256:
3243. pn = atomic64_inc_return(&key->conf.tx_pn);
3244. crypto_hdr[0] = pn;
3245. crypto_hdr[1] = pn >> 8;
3246. crypto_hdr[4] = pn >> 16;
3247. crypto_hdr[5] = pn >> 24;
3248. crypto_hdr[6] = pn >> 32;
3249. crypto_hdr[7] = pn >> 40;
3250. break;
3251. }
3252. }
3253. }
3254.  
3255. static bool ieee80211_xmit_fast(struct ieee80211_sub_if_data *sdata,
3256. struct sta_info *sta,
3257. struct ieee80211_fast_tx *fast_tx,
3258. struct sk_buff *skb)
3259. {
3260. struct ieee80211_local *local = sdata->local;
3261. u16 ethertype = (skb->data[12] << 8) | skb->data[13];
3262. int extra_head = fast_tx->hdr_len - (ETH_HLEN - 2);
3263. int hw_headroom = sdata->local->hw.extra_tx_headroom;
3264. struct ethhdr eth;
3265. struct ieee80211_tx_info *info;
3266. struct ieee80211_hdr *hdr = (void *)fast_tx->hdr;
3267. struct ieee80211_tx_data tx;
3268. ieee80211_tx_result r;
3269. struct tid_ampdu_tx *tid_tx = NULL;
3270. u8 tid = IEEE80211_NUM_TIDS;
3271.  
3272. /* control port protocol needs a lot of special handling */
3273. if (cpu_to_be16(ethertype) == sdata->control_port_protocol)
3274. return false;
3275.  
3276. /* only RFC 1042 SNAP */
3277. if (ethertype < ETH_P_802_3_MIN)
3278. return false;
3279.  
3280. /* don't handle TX status request here either */
3281. if (skb->sk && skb_shinfo(skb)->tx_flags & SKBTX_WIFI_STATUS)
3282. return false;
3283.  
3284. if (hdr->frame_control & cpu_to_le16(IEEE80211_STYPE_QOS_DATA)) {
3285. tid = skb->priority & IEEE80211_QOS_CTL_TAG1D_MASK;
3286. tid_tx = rcu_dereference(sta->ampdu_mlme.tid_tx[tid]);
3287. if (tid_tx) {
3288. if (!test_bit(HT_AGG_STATE_OPERATIONAL, &tid_tx->state))
3289. return false;
3290. if (tid_tx->timeout)
3291. tid_tx->last_tx = jiffies;
3292. }
3293. }
3294.  
3295. /* after this point (skb is modified) we cannot return false */
3296.  
3297. if (skb_shared(skb)) {
3298. struct sk_buff *tmp_skb = skb;
3299.  
3300. skb = skb_clone(skb, GFP_ATOMIC);
3301. kfree_skb(tmp_skb);
3302.  
3303. if (!skb)
3304. return true;
3305. }
3306.  
3307. if ((hdr->frame_control & cpu_to_le16(IEEE80211_STYPE_QOS_DATA)) &&
3308. ieee80211_amsdu_aggregate(sdata, sta, fast_tx, skb))
3309. return true;
3310.  
3311. /* will not be crypto-handled beyond what we do here, so use false
3312. * as the may-encrypt argument for the resize to not account for
3313. * more room than we already have in 'extra_head'
3314. */
3315. if (unlikely(ieee80211_skb_resize(sdata, skb,
3316. max_t(int, extra_head + hw_headroom -
3317. skb_headroom(skb), 0),
3318. false))) {
3319. kfree_skb(skb);
3320. return true;
3321. }
3322.  
3323. memcpy(&eth, skb->data, ETH_HLEN - 2);
3324. hdr = (void *)skb_push(skb, extra_head);
3325. memcpy(skb->data, fast_tx->hdr, fast_tx->hdr_len);
3326. memcpy(skb->data + fast_tx->da_offs, eth.h_dest, ETH_ALEN);
3327. memcpy(skb->data + fast_tx->sa_offs, eth.h_source, ETH_ALEN);
3328.  
3329. info = IEEE80211_SKB_CB(skb);
3330. memset(info, 0, sizeof(*info));
3331. info->band = fast_tx->band;
3332. info->control.vif = &sdata->vif;
3333. info->flags = IEEE80211_TX_CTL_FIRST_FRAGMENT |
3334. IEEE80211_TX_CTL_DONTFRAG |
3335. (tid_tx ? IEEE80211_TX_CTL_AMPDU : 0);
3336. info->control.flags = IEEE80211_TX_CTRL_FAST_XMIT;
3337.  
3338. if (hdr->frame_control & cpu_to_le16(IEEE80211_STYPE_QOS_DATA)) {
3339. tid = skb->priority & IEEE80211_QOS_CTL_TAG1D_MASK;
3340. *ieee80211_get_qos_ctl(hdr) = tid;
3341. }
3342.  
3343. __skb_queue_head_init(&tx.skbs);
3344.  
3345. tx.flags = IEEE80211_TX_UNICAST;
3346. tx.local = local;
3347. tx.sdata = sdata;
3348. tx.sta = sta;
3349. tx.key = fast_tx->key;
3350.  
3351. if (!ieee80211_hw_check(&local->hw, HAS_RATE_CONTROL)) {
3352. tx.skb = skb;
3353. r = ieee80211_tx_h_rate_ctrl(&tx);
3354. skb = tx.skb;
3355. tx.skb = NULL;
3356.  
3357. if (r != TX_CONTINUE) {
3358. if (r != TX_QUEUED)
3359. kfree_skb(skb);
3360. return true;
3361. }
3362. }
3363.  
3364. if (ieee80211_queue_skb(local, sdata, sta, skb))
3365. return true;
3366.  
3367. ieee80211_xmit_fast_finish(sdata, sta, fast_tx->pn_offs,
3368. fast_tx->key, skb);
3369.  
3370. if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
3371. sdata = container_of(sdata->bss,
3372. struct ieee80211_sub_if_data, u.ap);
3373.  
3374. __skb_queue_tail(&tx.skbs, skb);
3375. ieee80211_tx_frags(local, &sdata->vif, &sta->sta, &tx.skbs, false);
3376. return true;
3377. }
3378.  
3379. struct sk_buff *ieee80211_tx_dequeue(struct ieee80211_hw *hw,
3380. struct ieee80211_txq *txq)
3381. {
3382. struct ieee80211_local *local = hw_to_local(hw);
3383. struct txq_info *txqi = container_of(txq, struct txq_info, txq);
3384. struct ieee80211_hdr *hdr;
3385. struct sk_buff *skb = NULL;
3386. struct fq *fq = &local->fq;
3387. struct fq_tin *tin = &txqi->tin;
3388. struct ieee80211_tx_info *info;
3389. struct ieee80211_tx_data tx;
3390. ieee80211_tx_result r;
3391. struct ieee80211_vif *vif;
3392.  
3393. spin_lock_bh(&fq->lock);
3394.  
3395. if (test_bit(IEEE80211_TXQ_STOP, &txqi->flags))
3396. goto out;
3397.  
3398. /* Make sure fragments stay together. */
3399. skb = __skb_dequeue(&txqi->frags);
3400. if (skb)
3401. goto out;
3402.  
3403. begin:
3404. skb = fq_tin_dequeue(fq, tin, fq_tin_dequeue_func);
3405. if (!skb)
3406. goto out;
3407.  
3408. hdr = (struct ieee80211_hdr *)skb->data;
3409. info = IEEE80211_SKB_CB(skb);
3410.  
3411. memset(&tx, 0, sizeof(tx));
3412. __skb_queue_head_init(&tx.skbs);
3413. tx.local = local;
3414. tx.skb = skb;
3415. tx.sdata = vif_to_sdata(info->control.vif);
3416.  
3417. if (txq->sta)
3418. tx.sta = container_of(txq->sta, struct sta_info, sta);
3419.  
3420. /*
3421. * The key can be removed while the packet was queued, so need to call
3422. * this here to get the current key.
3423. */
3424. r = ieee80211_tx_h_select_key(&tx);
3425. if (r != TX_CONTINUE) {
3426. ieee80211_free_txskb(&local->hw, skb);
3427. goto begin;
3428. }
3429.  
3430. if (test_bit(IEEE80211_TXQ_AMPDU, &txqi->flags))
3431. info->flags |= IEEE80211_TX_CTL_AMPDU;
3432. else
3433. info->flags &= ~IEEE80211_TX_CTL_AMPDU;
3434.  
3435. if (info->control.flags & IEEE80211_TX_CTRL_FAST_XMIT) {
3436. struct sta_info *sta = container_of(txq->sta, struct sta_info,
3437. sta);
3438. u8 pn_offs = 0;
3439.  
3440. if (tx.key &&
3441. (tx.key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV))
3442. pn_offs = ieee80211_hdrlen(hdr->frame_control);
3443.  
3444. ieee80211_xmit_fast_finish(sta->sdata, sta, pn_offs,
3445. tx.key, skb);
3446. } else {
3447. if (invoke_tx_handlers_late(&tx))
3448. goto begin;
3449.  
3450. skb = __skb_dequeue(&tx.skbs);
3451.  
3452. if (!skb_queue_empty(&tx.skbs))
3453. skb_queue_splice_tail(&tx.skbs, &txqi->frags);
3454. }
3455.  
3456. if (skb && skb_has_frag_list(skb) &&
3457. !ieee80211_hw_check(&local->hw, TX_FRAG_LIST)) {
3458. if (skb_linearize(skb)) {
3459. ieee80211_free_txskb(&local->hw, skb);
3460. goto begin;
3461. }
3462. }
3463.  
3464. switch (tx.sdata->vif.type) {
3465. case NL80211_IFTYPE_MONITOR:
3466. if (tx.sdata->u.mntr.flags & MONITOR_FLAG_ACTIVE) {
3467. vif = &tx.sdata->vif;
3468. break;
3469. }
3470. tx.sdata = rcu_dereference(local->monitor_sdata);
3471. if (tx.sdata) {
3472. vif = &tx.sdata->vif;
3473. info->hw_queue =
3474. vif->hw_queue[skb_get_queue_mapping(skb)];
3475. } else if (ieee80211_hw_check(&local->hw, QUEUE_CONTROL)) {
3476. ieee80211_free_txskb(&local->hw, skb);
3477. goto begin;
3478. } else {
3479. vif = NULL;
3480. }
3481. break;
3482. case NL80211_IFTYPE_AP_VLAN:
3483. tx.sdata = container_of(tx.sdata->bss,
3484. struct ieee80211_sub_if_data, u.ap);
3485. /* fall through */
3486. default:
3487. vif = &tx.sdata->vif;
3488. break;
3489. }
3490.  
3491. IEEE80211_SKB_CB(skb)->control.vif = vif;
3492. out:
3493. spin_unlock_bh(&fq->lock);
3494.  
3495. return skb;
3496. }
3497. EXPORT_SYMBOL(ieee80211_tx_dequeue);
3498.  
3499. void __ieee80211_subif_start_xmit(struct sk_buff *skb,
3500. struct net_device *dev,
3501. u32 info_flags)
3502. {
3503. struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3504. struct sta_info *sta;
3505. struct sk_buff *next;
3506.  
3507. if (unlikely(skb->len < ETH_HLEN)) {
3508. kfree_skb(skb);
3509. return;
3510. }
3511.  
3512. rcu_read_lock();
3513.  
3514. if (ieee80211_lookup_ra_sta(sdata, skb, &sta))
3515. goto out_free;
3516.  
3517. if (!IS_ERR_OR_NULL(sta)) {
3518. struct ieee80211_fast_tx *fast_tx;
3519.  
3520. fast_tx = rcu_dereference(sta->fast_tx);
3521.  
3522. if (fast_tx &&
3523. ieee80211_xmit_fast(sdata, sta, fast_tx, skb))
3524. goto out;
3525. }
3526.  
3527. if (skb_is_gso(skb)) {
3528. struct sk_buff *segs;
3529.  
3530. segs = skb_gso_segment(skb, 0);
3531. if (IS_ERR(segs)) {
3532. goto out_free;
3533. } else if (segs) {
3534. consume_skb(skb);
3535. skb = segs;
3536. }
3537. } else {
3538. /* we cannot process non-linear frames on this path */
3539. if (skb_linearize(skb)) {
3540. kfree_skb(skb);
3541. goto out;
3542. }
3543.  
3544. /* the frame could be fragmented, software-encrypted, and other
3545. * things so we cannot really handle checksum offload with it -
3546. * fix it up in software before we handle anything else.
3547. */
3548. if (skb->ip_summed == CHECKSUM_PARTIAL) {
3549. skb_set_transport_header(skb,
3550. skb_checksum_start_offset(skb));
3551. if (skb_checksum_help(skb))
3552. goto out_free;
3553. }
3554. }
3555.  
3556. next = skb;
3557. while (next) {
3558. skb = next;
3559. next = skb->next;
3560.  
3561. skb->prev = NULL;
3562. skb->next = NULL;
3563.  
3564. skb = ieee80211_build_hdr(sdata, skb, info_flags, sta);
3565. if (IS_ERR(skb))
3566. goto out;
3567.  
3568. ieee80211_tx_stats(dev, skb->len);
3569.  
3570. ieee80211_xmit(sdata, sta, skb);
3571. }
3572. goto out;
3573. out_free:
3574. kfree_skb(skb);
3575. out:
3576. rcu_read_unlock();
3577. }
3578.  
3579. /**
3580. * ieee80211_subif_start_xmit - netif start_xmit function for 802.3 vifs
3581. * @skb: packet to be sent
3582. * @dev: incoming interface
3583. *
3584. * On failure skb will be freed.
3585. */
3586. netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb,
3587. struct net_device *dev)
3588. {
3589. __ieee80211_subif_start_xmit(skb, dev, 0);
3590. return NETDEV_TX_OK;
3591. }
3592.  
3593. struct sk_buff *
3594. ieee80211_build_data_template(struct ieee80211_sub_if_data *sdata,
3595. struct sk_buff *skb, u32 info_flags)
3596. {
3597. struct ieee80211_hdr *hdr;
3598. struct ieee80211_tx_data tx = {
3599. .local = sdata->local,
3600. .sdata = sdata,
3601. };
3602. struct sta_info *sta;
3603.  
3604. rcu_read_lock();
3605.  
3606. if (ieee80211_lookup_ra_sta(sdata, skb, &sta)) {
3607. kfree_skb(skb);
3608. skb = ERR_PTR(-EINVAL);
3609. goto out;
3610. }
3611.  
3612. skb = ieee80211_build_hdr(sdata, skb, info_flags, sta);
3613. if (IS_ERR(skb))
3614. goto out;
3615.  
3616. hdr = (void *)skb->data;
3617. tx.sta = sta_info_get(sdata, hdr->addr1);
3618. tx.skb = skb;
3619.  
3620. if (ieee80211_tx_h_select_key(&tx) != TX_CONTINUE) {
3621. rcu_read_unlock();
3622. kfree_skb(skb);
3623. return ERR_PTR(-EINVAL);
3624. }
3625.  
3626. out:
3627. rcu_read_unlock();
3628. return skb;
3629. }
3630.  
3631. /*
3632. * ieee80211_clear_tx_pending may not be called in a context where
3633. * it is possible that it packets could come in again.
3634. */
3635. void ieee80211_clear_tx_pending(struct ieee80211_local *local)
3636. {
3637. struct sk_buff *skb;
3638. int i;
3639.  
3640. for (i = 0; i < local->hw.queues; i++) {
3641. while ((skb = skb_dequeue(&local->pending[i])) != NULL)
3642. ieee80211_free_txskb(&local->hw, skb);
3643. }
3644. }
3645.  
3646. /*
3647. * Returns false if the frame couldn't be transmitted but was queued instead,
3648. * which in this case means re-queued -- take as an indication to stop sending
3649. * more pending frames.
3650. */
3651. static bool ieee80211_tx_pending_skb(struct ieee80211_local *local,
3652. struct sk_buff *skb)
3653. {
3654. struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
3655. struct ieee80211_sub_if_data *sdata;
3656. struct sta_info *sta;
3657. struct ieee80211_hdr *hdr;
3658. bool result;
3659. struct ieee80211_chanctx_conf *chanctx_conf;
3660.  
3661. sdata = vif_to_sdata(info->control.vif);
3662.  
3663. if (info->flags & IEEE80211_TX_INTFL_NEED_TXPROCESSING) {
3664. chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
3665. if (unlikely(!chanctx_conf)) {
3666. dev_kfree_skb(skb);
3667. return true;
3668. }
3669. info->band = chanctx_conf->def.chan->band;
3670. result = ieee80211_tx(sdata, NULL, skb, true);
3671. } else {
3672. struct sk_buff_head skbs;
3673.  
3674. __skb_queue_head_init(&skbs);
3675. __skb_queue_tail(&skbs, skb);
3676.  
3677. hdr = (struct ieee80211_hdr *)skb->data;
3678. sta = sta_info_get(sdata, hdr->addr1);
3679.  
3680. result = __ieee80211_tx(local, &skbs, skb->len, sta, true);
3681. }
3682.  
3683. return result;
3684. }
3685.  
3686. /*
3687. * Transmit all pending packets. Called from tasklet.
3688. */
3689. void ieee80211_tx_pending(unsigned long data)
3690. {
3691. struct ieee80211_local *local = (struct ieee80211_local *)data;
3692. unsigned long flags;
3693. int i;
3694. bool txok;
3695.  
3696. rcu_read_lock();
3697.  
3698. spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
3699. for (i = 0; i < local->hw.queues; i++) {
3700. /*
3701. * If queue is stopped by something other than due to pending
3702. * frames, or we have no pending frames, proceed to next queue.
3703. */
3704. if (local->queue_stop_reasons[i] ||
3705. skb_queue_empty(&local->pending[i]))
3706. continue;
3707.  
3708. while (!skb_queue_empty(&local->pending[i])) {
3709. struct sk_buff *skb = __skb_dequeue(&local->pending[i]);
3710. struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
3711.  
3712. if (WARN_ON(!info->control.vif)) {
3713. ieee80211_free_txskb(&local->hw, skb);
3714. continue;
3715. }
3716.  
3717. spin_unlock_irqrestore(&local->queue_stop_reason_lock,
3718. flags);
3719.  
3720. txok = ieee80211_tx_pending_skb(local, skb);
3721. spin_lock_irqsave(&local->queue_stop_reason_lock,
3722. flags);
3723. if (!txok)
3724. break;
3725. }
3726.  
3727. if (skb_queue_empty(&local->pending[i]))
3728. ieee80211_propagate_queue_wake(local, i);
3729. }
3730. spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
3731.  
3732. rcu_read_unlock();
3733. }
3734.  
3735. /* functions for drivers to get certain frames */
3736.  
3737. static void __ieee80211_beacon_add_tim(struct ieee80211_sub_if_data *sdata,
3738. struct ps_data *ps, struct sk_buff *skb,
3739. bool is_template)
3740. {
3741. u8 *pos, *tim;
3742. int aid0 = 0;
3743. int i, have_bits = 0, n1, n2;
3744.  
3745. /* Generate bitmap for TIM only if there are any STAs in power save
3746. * mode. */
3747. if (atomic_read(&ps->num_sta_ps) > 0)
3748. /* in the hope that this is faster than
3749. * checking byte-for-byte */
3750. have_bits = !bitmap_empty((unsigned long *)ps->tim,
3751. IEEE80211_MAX_AID+1);
3752. if (!is_template) {
3753. if (ps->dtim_count == 0)
3754. ps->dtim_count = sdata->vif.bss_conf.dtim_period - 1;
3755. else
3756. ps->dtim_count--;
3757. }
3758.  
3759. tim = pos = (u8 *) skb_put(skb, 6);
3760. *pos++ = WLAN_EID_TIM;
3761. *pos++ = 4;
3762. *pos++ = ps->dtim_count;
3763. *pos++ = sdata->vif.bss_conf.dtim_period;
3764.  
3765. if (ps->dtim_count == 0 && !skb_queue_empty(&ps->bc_buf))
3766. aid0 = 1;
3767.  
3768. ps->dtim_bc_mc = aid0 == 1;
3769.  
3770. if (have_bits) {
3771. /* Find largest even number N1 so that bits numbered 1 through
3772. * (N1 x 8) - 1 in the bitmap are 0 and number N2 so that bits
3773. * (N2 + 1) x 8 through 2007 are 0. */
3774. n1 = 0;
3775. for (i = 0; i < IEEE80211_MAX_TIM_LEN; i++) {
3776. if (ps->tim[i]) {
3777. n1 = i & 0xfe;
3778. break;
3779. }
3780. }
3781. n2 = n1;
3782. for (i = IEEE80211_MAX_TIM_LEN - 1; i >= n1; i--) {
3783. if (ps->tim[i]) {
3784. n2 = i;
3785. break;
3786. }
3787. }
3788.  
3789. /* Bitmap control */
3790. *pos++ = n1 | aid0;
3791. /* Part Virt Bitmap */
3792. skb_put(skb, n2 - n1);
3793. memcpy(pos, ps->tim + n1, n2 - n1 + 1);
3794.  
3795. tim[1] = n2 - n1 + 4;
3796. } else {
3797. *pos++ = aid0; /* Bitmap control */
3798. *pos++ = 0; /* Part Virt Bitmap */
3799. }
3800. }
3801.  
3802. static int ieee80211_beacon_add_tim(struct ieee80211_sub_if_data *sdata,
3803. struct ps_data *ps, struct sk_buff *skb,
3804. bool is_template)
3805. {
3806. struct ieee80211_local *local = sdata->local;
3807.  
3808. /*
3809. * Not very nice, but we want to allow the driver to call
3810. * ieee80211_beacon_get() as a response to the set_tim()
3811. * callback. That, however, is already invoked under the
3812. * sta_lock to guarantee consistent and race-free update
3813. * of the tim bitmap in mac80211 and the driver.
3814. */
3815. if (local->tim_in_locked_section) {
3816. __ieee80211_beacon_add_tim(sdata, ps, skb, is_template);
3817. } else {
3818. spin_lock_bh(&local->tim_lock);
3819. __ieee80211_beacon_add_tim(sdata, ps, skb, is_template);
3820. spin_unlock_bh(&local->tim_lock);
3821. }
3822.  
3823. return 0;
3824. }
3825.  
3826. static void ieee80211_set_csa(struct ieee80211_sub_if_data *sdata,
3827. struct beacon_data *beacon)
3828. {
3829. struct probe_resp *resp;
3830. u8 *beacon_data;
3831. size_t beacon_data_len;
3832. int i;
3833. u8 count = beacon->csa_current_counter;
3834.  
3835. switch (sdata->vif.type) {
3836. case NL80211_IFTYPE_AP:
3837. beacon_data = beacon->tail;
3838. beacon_data_len = beacon->tail_len;
3839. break;
3840. case NL80211_IFTYPE_ADHOC:
3841. beacon_data = beacon->head;
3842. beacon_data_len = beacon->head_len;
3843. break;
3844. case NL80211_IFTYPE_MESH_POINT:
3845. beacon_data = beacon->head;
3846. beacon_data_len = beacon->head_len;
3847. break;
3848. default:
3849. return;
3850. }
3851.  
3852. rcu_read_lock();
3853. for (i = 0; i < IEEE80211_MAX_CSA_COUNTERS_NUM; ++i) {
3854. resp = rcu_dereference(sdata->u.ap.probe_resp);
3855.  
3856. if (beacon->csa_counter_offsets[i]) {
3857. if (WARN_ON_ONCE(beacon->csa_counter_offsets[i] >=
3858. beacon_data_len)) {
3859. rcu_read_unlock();
3860. return;
3861. }
3862.  
3863. beacon_data[beacon->csa_counter_offsets[i]] = count;
3864. }
3865.  
3866. if (sdata->vif.type == NL80211_IFTYPE_AP && resp)
3867. resp->data[resp->csa_counter_offsets[i]] = count;
3868. }
3869. rcu_read_unlock();
3870. }
3871.  
3872. static u8 __ieee80211_csa_update_counter(struct beacon_data *beacon)
3873. {
3874. beacon->csa_current_counter--;
3875.  
3876. /* the counter should never reach 0 */
3877. WARN_ON_ONCE(!beacon->csa_current_counter);
3878.  
3879. return beacon->csa_current_counter;
3880. }
3881.  
3882. u8 ieee80211_csa_update_counter(struct ieee80211_vif *vif)
3883. {
3884. struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
3885. struct beacon_data *beacon = NULL;
3886. u8 count = 0;
3887.  
3888. rcu_read_lock();
3889.  
3890. if (sdata->vif.type == NL80211_IFTYPE_AP)
3891. beacon = rcu_dereference(sdata->u.ap.beacon);
3892. else if (sdata->vif.type == NL80211_IFTYPE_ADHOC)
3893. beacon = rcu_dereference(sdata->u.ibss.presp);
3894. else if (ieee80211_vif_is_mesh(&sdata->vif))
3895. beacon = rcu_dereference(sdata->u.mesh.beacon);
3896.  
3897. if (!beacon)
3898. goto unlock;
3899.  
3900. count = __ieee80211_csa_update_counter(beacon);
3901.  
3902. unlock:
3903. rcu_read_unlock();
3904. return count;
3905. }
3906. EXPORT_SYMBOL(ieee80211_csa_update_counter);
3907.  
3908. bool ieee80211_csa_is_complete(struct ieee80211_vif *vif)
3909. {
3910. struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
3911. struct beacon_data *beacon = NULL;
3912. u8 *beacon_data;
3913. size_t beacon_data_len;
3914. int ret = false;
3915.  
3916. if (!ieee80211_sdata_running(sdata))
3917. return false;
3918.  
3919. rcu_read_lock();
3920. if (vif->type == NL80211_IFTYPE_AP) {
3921. struct ieee80211_if_ap *ap = &sdata->u.ap;
3922.  
3923. beacon = rcu_dereference(ap->beacon);
3924. if (WARN_ON(!beacon || !beacon->tail))
3925. goto out;
3926. beacon_data = beacon->tail;
3927. beacon_data_len = beacon->tail_len;
3928. } else if (vif->type == NL80211_IFTYPE_ADHOC) {
3929. struct ieee80211_if_ibss *ifibss = &sdata->u.ibss;
3930.  
3931. beacon = rcu_dereference(ifibss->presp);
3932. if (!beacon)
3933. goto out;
3934.  
3935. beacon_data = beacon->head;
3936. beacon_data_len = beacon->head_len;
3937. } else if (vif->type == NL80211_IFTYPE_MESH_POINT) {
3938. struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
3939.  
3940. beacon = rcu_dereference(ifmsh->beacon);
3941. if (!beacon)
3942. goto out;
3943.  
3944. beacon_data = beacon->head;
3945. beacon_data_len = beacon->head_len;
3946. } else {
3947. WARN_ON(1);
3948. goto out;
3949. }
3950.  
3951. if (!beacon->csa_counter_offsets[0])
3952. goto out;
3953.  
3954. if (WARN_ON_ONCE(beacon->csa_counter_offsets[0] > beacon_data_len))
3955. goto out;
3956.  
3957. if (beacon_data[beacon->csa_counter_offsets[0]] == 1)
3958. ret = true;
3959. out:
3960. rcu_read_unlock();
3961.  
3962. return ret;
3963. }
3964. EXPORT_SYMBOL(ieee80211_csa_is_complete);
3965.  
3966. static struct sk_buff *
3967. __ieee80211_beacon_get(struct ieee80211_hw *hw,
3968. struct ieee80211_vif *vif,
3969. struct ieee80211_mutable_offsets *offs,
3970. bool is_template)
3971. {
3972. struct ieee80211_local *local = hw_to_local(hw);
3973. struct beacon_data *beacon = NULL;
3974. struct sk_buff *skb = NULL;
3975. struct ieee80211_tx_info *info;
3976. struct ieee80211_sub_if_data *sdata = NULL;
3977. enum nl80211_band band;
3978. struct ieee80211_tx_rate_control txrc;
3979. struct ieee80211_chanctx_conf *chanctx_conf;
3980. int csa_off_base = 0;
3981.  
3982. rcu_read_lock();
3983.  
3984. sdata = vif_to_sdata(vif);
3985. chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
3986.  
3987. if (!ieee80211_sdata_running(sdata) || !chanctx_conf)
3988. goto out;
3989.  
3990. if (offs)
3991. memset(offs, 0, sizeof(*offs));
3992.  
3993. if (sdata->vif.type == NL80211_IFTYPE_AP) {
3994. struct ieee80211_if_ap *ap = &sdata->u.ap;
3995.  
3996. beacon = rcu_dereference(ap->beacon);
3997. if (beacon) {
3998. if (beacon->csa_counter_offsets[0]) {
3999. if (!is_template)
4000. __ieee80211_csa_update_counter(beacon);
4001.  
4002. ieee80211_set_csa(sdata, beacon);
4003. }
4004.  
4005. /*
4006. * headroom, head length,
4007. * tail length and maximum TIM length
4008. */
4009. skb = dev_alloc_skb(local->tx_headroom +
4010. beacon->head_len +
4011. beacon->tail_len + 256 +
4012. local->hw.extra_beacon_tailroom);
4013. if (!skb)
4014. goto out;
4015.  
4016. skb_reserve(skb, local->tx_headroom);
4017. memcpy(skb_put(skb, beacon->head_len), beacon->head,
4018. beacon->head_len);
4019.  
4020. ieee80211_beacon_add_tim(sdata, &ap->ps, skb,
4021. is_template);
4022.  
4023. if (offs) {
4024. offs->tim_offset = beacon->head_len;
4025. offs->tim_length = skb->len - beacon->head_len;
4026.  
4027. /* for AP the csa offsets are from tail */
4028. csa_off_base = skb->len;
4029. }
4030.  
4031. if (beacon->tail)
4032. memcpy(skb_put(skb, beacon->tail_len),
4033. beacon->tail, beacon->tail_len);
4034. } else
4035. goto out;
4036. } else if (sdata->vif.type == NL80211_IFTYPE_ADHOC) {
4037. struct ieee80211_if_ibss *ifibss = &sdata->u.ibss;
4038. struct ieee80211_hdr *hdr;
4039.  
4040. beacon = rcu_dereference(ifibss->presp);
4041. if (!beacon)
4042. goto out;
4043.  
4044. if (beacon->csa_counter_offsets[0]) {
4045. if (!is_template)
4046. __ieee80211_csa_update_counter(beacon);
4047.  
4048. ieee80211_set_csa(sdata, beacon);
4049. }
4050.  
4051. skb = dev_alloc_skb(local->tx_headroom + beacon->head_len +
4052. local->hw.extra_beacon_tailroom);
4053. if (!skb)
4054. goto out;
4055. skb_reserve(skb, local->tx_headroom);
4056. memcpy(skb_put(skb, beacon->head_len), beacon->head,
4057. beacon->head_len);
4058.  
4059. hdr = (struct ieee80211_hdr *) skb->data;
4060. hdr->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
4061. IEEE80211_STYPE_BEACON);
4062. } else if (ieee80211_vif_is_mesh(&sdata->vif)) {
4063. struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
4064.  
4065. beacon = rcu_dereference(ifmsh->beacon);
4066. if (!beacon)
4067. goto out;
4068.  
4069. if (beacon->csa_counter_offsets[0]) {
4070. if (!is_template)
4071. /* TODO: For mesh csa_counter is in TU, so
4072. * decrementing it by one isn't correct, but
4073. * for now we leave it consistent with overall
4074. * mac80211's behavior.
4075. */
4076. __ieee80211_csa_update_counter(beacon);
4077.  
4078. ieee80211_set_csa(sdata, beacon);
4079. }
4080.  
4081. if (ifmsh->sync_ops)
4082. ifmsh->sync_ops->adjust_tbtt(sdata, beacon);
4083.  
4084. skb = dev_alloc_skb(local->tx_headroom +
4085. beacon->head_len +
4086. 256 + /* TIM IE */
4087. beacon->tail_len +
4088. local->hw.extra_beacon_tailroom);
4089. if (!skb)
4090. goto out;
4091. skb_reserve(skb, local->tx_headroom);
4092. memcpy(skb_put(skb, beacon->head_len), beacon->head,
4093. beacon->head_len);
4094. ieee80211_beacon_add_tim(sdata, &ifmsh->ps, skb, is_template);
4095.  
4096. if (offs) {
4097. offs->tim_offset = beacon->head_len;
4098. offs->tim_length = skb->len - beacon->head_len;
4099. }
4100.  
4101. memcpy(skb_put(skb, beacon->tail_len), beacon->tail,
4102. beacon->tail_len);
4103. } else {
4104. WARN_ON(1);
4105. goto out;
4106. }
4107.  
4108. /* CSA offsets */
4109. if (offs && beacon) {
4110. int i;
4111.  
4112. for (i = 0; i < IEEE80211_MAX_CSA_COUNTERS_NUM; i++) {
4113. u16 csa_off = beacon->csa_counter_offsets[i];
4114.  
4115. if (!csa_off)
4116. continue;
4117.  
4118. offs->csa_counter_offs[i] = csa_off_base + csa_off;
4119. }
4120. }
4121.  
4122. band = chanctx_conf->def.chan->band;
4123.  
4124. info = IEEE80211_SKB_CB(skb);
4125.  
4126. info->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
4127. info->flags |= IEEE80211_TX_CTL_NO_ACK;
4128. info->band = band;
4129.  
4130. memset(&txrc, 0, sizeof(txrc));
4131. txrc.hw = hw;
4132. txrc.sband = local->hw.wiphy->bands[band];
4133. txrc.bss_conf = &sdata->vif.bss_conf;
4134. txrc.skb = skb;
4135. txrc.reported_rate.idx = -1;
4136. txrc.rate_idx_mask = sdata->rc_rateidx_mask[band];
4137. if (txrc.rate_idx_mask == (1 << txrc.sband->n_bitrates) - 1)
4138. txrc.max_rate_idx = -1;
4139. else
4140. txrc.max_rate_idx = fls(txrc.rate_idx_mask) - 1;
4141. txrc.bss = true;
4142. rate_control_get_rate(sdata, NULL, &txrc);
4143.  
4144. info->control.vif = vif;
4145.  
4146. info->flags |= IEEE80211_TX_CTL_CLEAR_PS_FILT |
4147. IEEE80211_TX_CTL_ASSIGN_SEQ |
4148. IEEE80211_TX_CTL_FIRST_FRAGMENT;
4149. out:
4150. rcu_read_unlock();
4151. return skb;
4152.  
4153. }
4154.  
4155. struct sk_buff *
4156. ieee80211_beacon_get_template(struct ieee80211_hw *hw,
4157. struct ieee80211_vif *vif,
4158. struct ieee80211_mutable_offsets *offs)
4159. {
4160. return __ieee80211_beacon_get(hw, vif, offs, true);
4161. }
4162. EXPORT_SYMBOL(ieee80211_beacon_get_template);
4163.  
4164. struct sk_buff *ieee80211_beacon_get_tim(struct ieee80211_hw *hw,
4165. struct ieee80211_vif *vif,
4166. u16 *tim_offset, u16 *tim_length)
4167. {
4168. struct ieee80211_mutable_offsets offs = {};
4169. struct sk_buff *bcn = __ieee80211_beacon_get(hw, vif, &offs, false);
4170. struct sk_buff *copy;
4171. struct ieee80211_supported_band *sband;
4172. int shift;
4173.  
4174. if (!bcn)
4175. return bcn;
4176.  
4177. if (tim_offset)
4178. *tim_offset = offs.tim_offset;
4179.  
4180. if (tim_length)
4181. *tim_length = offs.tim_length;
4182.  
4183. if (ieee80211_hw_check(hw, BEACON_TX_STATUS) ||
4184. !hw_to_local(hw)->monitors)
4185. return bcn;
4186.  
4187. /* send a copy to monitor interfaces */
4188. copy = skb_copy(bcn, GFP_ATOMIC);
4189. if (!copy)
4190. return bcn;
4191.  
4192. shift = ieee80211_vif_get_shift(vif);
4193. sband = ieee80211_get_sband(vif_to_sdata(vif));
4194. if (!sband)
4195. return bcn;
4196.  
4197. ieee80211_tx_monitor(hw_to_local(hw), copy, sband, 1, shift, false);
4198.  
4199. return bcn;
4200. }
4201. EXPORT_SYMBOL(ieee80211_beacon_get_tim);
4202.  
4203. struct sk_buff *ieee80211_proberesp_get(struct ieee80211_hw *hw,
4204. struct ieee80211_vif *vif)
4205. {
4206. struct ieee80211_if_ap *ap = NULL;
4207. struct sk_buff *skb = NULL;
4208. struct probe_resp *presp = NULL;
4209. struct ieee80211_hdr *hdr;
4210. struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
4211.  
4212. if (sdata->vif.type != NL80211_IFTYPE_AP)
4213. return NULL;
4214.  
4215. rcu_read_lock();
4216.  
4217. ap = &sdata->u.ap;
4218. presp = rcu_dereference(ap->probe_resp);
4219. if (!presp)
4220. goto out;
4221.  
4222. skb = dev_alloc_skb(presp->len);
4223. if (!skb)
4224. goto out;
4225.  
4226. memcpy(skb_put(skb, presp->len), presp->data, presp->len);
4227.  
4228. hdr = (struct ieee80211_hdr *) skb->data;
4229. memset(hdr->addr1, 0, sizeof(hdr->addr1));
4230.  
4231. out:
4232. rcu_read_unlock();
4233. return skb;
4234. }
4235. EXPORT_SYMBOL(ieee80211_proberesp_get);
4236.  
4237. struct sk_buff *ieee80211_pspoll_get(struct ieee80211_hw *hw,
4238. struct ieee80211_vif *vif)
4239. {
4240. struct ieee80211_sub_if_data *sdata;
4241. struct ieee80211_if_managed *ifmgd;
4242. struct ieee80211_pspoll *pspoll;
4243. struct ieee80211_local *local;
4244. struct sk_buff *skb;
4245.  
4246. if (WARN_ON(vif->type != NL80211_IFTYPE_STATION))
4247. return NULL;
4248.  
4249. sdata = vif_to_sdata(vif);
4250. ifmgd = &sdata->u.mgd;
4251. local = sdata->local;
4252.  
4253. skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*pspoll));
4254. if (!skb)
4255. return NULL;
4256.  
4257. skb_reserve(skb, local->hw.extra_tx_headroom);
4258.  
4259. pspoll = (struct ieee80211_pspoll *) skb_put(skb, sizeof(*pspoll));
4260. memset(pspoll, 0, sizeof(*pspoll));
4261. pspoll->frame_control = cpu_to_le16(IEEE80211_FTYPE_CTL |
4262. IEEE80211_STYPE_PSPOLL);
4263. pspoll->aid = cpu_to_le16(ifmgd->aid);
4264.  
4265. /* aid in PS-Poll has its two MSBs each set to 1 */
4266. pspoll->aid |= cpu_to_le16(1 << 15 | 1 << 14);
4267.  
4268. memcpy(pspoll->bssid, ifmgd->bssid, ETH_ALEN);
4269. memcpy(pspoll->ta, vif->addr, ETH_ALEN);
4270.  
4271. return skb;
4272. }
4273. EXPORT_SYMBOL(ieee80211_pspoll_get);
4274.  
4275. struct sk_buff *ieee80211_nullfunc_get(struct ieee80211_hw *hw,
4276. struct ieee80211_vif *vif)
4277. {
4278. struct ieee80211_hdr_3addr *nullfunc;
4279. struct ieee80211_sub_if_data *sdata;
4280. struct ieee80211_if_managed *ifmgd;
4281. struct ieee80211_local *local;
4282. struct sk_buff *skb;
4283.  
4284. if (WARN_ON(vif->type != NL80211_IFTYPE_STATION))
4285. return NULL;
4286.  
4287. sdata = vif_to_sdata(vif);
4288. ifmgd = &sdata->u.mgd;
4289. local = sdata->local;
4290.  
4291. skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*nullfunc));
4292. if (!skb)
4293. return NULL;
4294.  
4295. skb_reserve(skb, local->hw.extra_tx_headroom);
4296.  
4297. nullfunc = (struct ieee80211_hdr_3addr *) skb_put(skb,
4298. sizeof(*nullfunc));
4299. memset(nullfunc, 0, sizeof(*nullfunc));
4300. nullfunc->frame_control = cpu_to_le16(IEEE80211_FTYPE_DATA |
4301. IEEE80211_STYPE_NULLFUNC |
4302. IEEE80211_FCTL_TODS);
4303. memcpy(nullfunc->addr1, ifmgd->bssid, ETH_ALEN);
4304. memcpy(nullfunc->addr2, vif->addr, ETH_ALEN);
4305. memcpy(nullfunc->addr3, ifmgd->bssid, ETH_ALEN);
4306.  
4307. return skb;
4308. }
4309. EXPORT_SYMBOL(ieee80211_nullfunc_get);
4310.  
4311. struct sk_buff *ieee80211_probereq_get(struct ieee80211_hw *hw,
4312. const u8 *src_addr,
4313. const u8 *ssid, size_t ssid_len,
4314. size_t tailroom)
4315. {
4316. struct ieee80211_local *local = hw_to_local(hw);
4317. struct ieee80211_hdr_3addr *hdr;
4318. struct sk_buff *skb;
4319. size_t ie_ssid_len;
4320. u8 *pos;
4321.  
4322. ie_ssid_len = 2 + ssid_len;
4323.  
4324. skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*hdr) +
4325. ie_ssid_len + tailroom);
4326. if (!skb)
4327. return NULL;
4328.  
4329. skb_reserve(skb, local->hw.extra_tx_headroom);
4330.  
4331. hdr = (struct ieee80211_hdr_3addr *) skb_put(skb, sizeof(*hdr));
4332. memset(hdr, 0, sizeof(*hdr));
4333. hdr->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
4334. IEEE80211_STYPE_PROBE_REQ);
4335. eth_broadcast_addr(hdr->addr1);
4336. memcpy(hdr->addr2, src_addr, ETH_ALEN);
4337. eth_broadcast_addr(hdr->addr3);
4338.  
4339. pos = skb_put(skb, ie_ssid_len);
4340. *pos++ = WLAN_EID_SSID;
4341. *pos++ = ssid_len;
4342. if (ssid_len)
4343. memcpy(pos, ssid, ssid_len);
4344. pos += ssid_len;
4345.  
4346. return skb;
4347. }
4348. EXPORT_SYMBOL(ieee80211_probereq_get);
4349.  
4350. void ieee80211_rts_get(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
4351. const void *frame, size_t frame_len,
4352. const struct ieee80211_tx_info *frame_txctl,
4353. struct ieee80211_rts *rts)
4354. {
4355. const struct ieee80211_hdr *hdr = frame;
4356.  
4357. rts->frame_control =
4358. cpu_to_le16(IEEE80211_FTYPE_CTL | IEEE80211_STYPE_RTS);
4359. rts->duration = ieee80211_rts_duration(hw, vif, frame_len,
4360. frame_txctl);
4361. memcpy(rts->ra, hdr->addr1, sizeof(rts->ra));
4362. memcpy(rts->ta, hdr->addr2, sizeof(rts->ta));
4363. }
4364. EXPORT_SYMBOL(ieee80211_rts_get);
4365.  
4366. void ieee80211_ctstoself_get(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
4367. const void *frame, size_t frame_len,
4368. const struct ieee80211_tx_info *frame_txctl,
4369. struct ieee80211_cts *cts)
4370. {
4371. const struct ieee80211_hdr *hdr = frame;
4372.  
4373. cts->frame_control =
4374. cpu_to_le16(IEEE80211_FTYPE_CTL | IEEE80211_STYPE_CTS);
4375. cts->duration = ieee80211_ctstoself_duration(hw, vif,
4376. frame_len, frame_txctl);
4377. memcpy(cts->ra, hdr->addr1, sizeof(cts->ra));
4378. }
4379. EXPORT_SYMBOL(ieee80211_ctstoself_get);
4380.  
4381. struct sk_buff *
4382. ieee80211_get_buffered_bc(struct ieee80211_hw *hw,
4383. struct ieee80211_vif *vif)
4384. {
4385. struct ieee80211_local *local = hw_to_local(hw);
4386. struct sk_buff *skb = NULL;
4387. struct ieee80211_tx_data tx;
4388. struct ieee80211_sub_if_data *sdata;
4389. struct ps_data *ps;
4390. struct ieee80211_tx_info *info;
4391. struct ieee80211_chanctx_conf *chanctx_conf;
4392.  
4393. sdata = vif_to_sdata(vif);
4394.  
4395. rcu_read_lock();
4396. chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
4397.  
4398. if (!chanctx_conf)
4399. goto out;
4400.  
4401. if (sdata->vif.type == NL80211_IFTYPE_AP) {
4402. struct beacon_data *beacon =
4403. rcu_dereference(sdata->u.ap.beacon);
4404.  
4405. if (!beacon || !beacon->head)
4406. goto out;
4407.  
4408. ps = &sdata->u.ap.ps;
4409. } else if (ieee80211_vif_is_mesh(&sdata->vif)) {
4410. ps = &sdata->u.mesh.ps;
4411. } else {
4412. goto out;
4413. }
4414.  
4415. if (ps->dtim_count != 0 || !ps->dtim_bc_mc)
4416. goto out; /* send buffered bc/mc only after DTIM beacon */
4417.  
4418. while (1) {
4419. skb = skb_dequeue(&ps->bc_buf);
4420. if (!skb)
4421. goto out;
4422. local->total_ps_buffered--;
4423.  
4424. if (!skb_queue_empty(&ps->bc_buf) && skb->len >= 2) {
4425. struct ieee80211_hdr *hdr =
4426. (struct ieee80211_hdr *) skb->data;
4427. /* more buffered multicast/broadcast frames ==> set
4428. * MoreData flag in IEEE 802.11 header to inform PS
4429. * STAs */
4430. hdr->frame_control |=
4431. cpu_to_le16(IEEE80211_FCTL_MOREDATA);
4432. }
4433.  
4434. if (sdata->vif.type == NL80211_IFTYPE_AP)
4435. sdata = IEEE80211_DEV_TO_SUB_IF(skb->dev);
4436. if (!ieee80211_tx_prepare(sdata, &tx, NULL, skb))
4437. break;
4438. ieee80211_free_txskb(hw, skb);
4439. }
4440.  
4441. info = IEEE80211_SKB_CB(skb);
4442.  
4443. tx.flags |= IEEE80211_TX_PS_BUFFERED;
4444. info->band = chanctx_conf->def.chan->band;
4445.  
4446. if (invoke_tx_handlers(&tx))
4447. skb = NULL;
4448. out:
4449. rcu_read_unlock();
4450.  
4451. return skb;
4452. }
4453. EXPORT_SYMBOL(ieee80211_get_buffered_bc);
4454.  
4455. int ieee80211_reserve_tid(struct ieee80211_sta *pubsta, u8 tid)
4456. {
4457. struct sta_info *sta = container_of(pubsta, struct sta_info, sta);
4458. struct ieee80211_sub_if_data *sdata = sta->sdata;
4459. struct ieee80211_local *local = sdata->local;
4460. int ret;
4461. u32 queues;
4462.  
4463. lockdep_assert_held(&local->sta_mtx);
4464.  
4465. /* only some cases are supported right now */
4466. switch (sdata->vif.type) {
4467. case NL80211_IFTYPE_STATION:
4468. case NL80211_IFTYPE_AP:
4469. case NL80211_IFTYPE_AP_VLAN:
4470. break;
4471. default:
4472. WARN_ON(1);
4473. return -EINVAL;
4474. }
4475.  
4476. if (WARN_ON(tid >= IEEE80211_NUM_UPS))
4477. return -EINVAL;
4478.  
4479. if (sta->reserved_tid == tid) {
4480. ret = 0;
4481. goto out;
4482. }
4483.  
4484. if (sta->reserved_tid != IEEE80211_TID_UNRESERVED) {
4485. sdata_err(sdata, "TID reservation already active\n");
4486. ret = -EALREADY;
4487. goto out;
4488. }
4489.  
4490. ieee80211_stop_vif_queues(sdata->local, sdata,
4491. IEEE80211_QUEUE_STOP_REASON_RESERVE_TID);
4492.  
4493. synchronize_net();
4494.  
4495. /* Tear down BA sessions so we stop aggregating on this TID */
4496. if (ieee80211_hw_check(&local->hw, AMPDU_AGGREGATION)) {
4497. set_sta_flag(sta, WLAN_STA_BLOCK_BA);
4498. __ieee80211_stop_tx_ba_session(sta, tid,
4499. AGG_STOP_LOCAL_REQUEST);
4500. }
4501.  
4502. queues = BIT(sdata->vif.hw_queue[ieee802_1d_to_ac[tid]]);
4503. __ieee80211_flush_queues(local, sdata, queues, false);
4504.  
4505. sta->reserved_tid = tid;
4506.  
4507. ieee80211_wake_vif_queues(local, sdata,
4508. IEEE80211_QUEUE_STOP_REASON_RESERVE_TID);
4509.  
4510. if (ieee80211_hw_check(&local->hw, AMPDU_AGGREGATION))
4511. clear_sta_flag(sta, WLAN_STA_BLOCK_BA);
4512.  
4513. ret = 0;
4514. out:
4515. return ret;
4516. }
4517. EXPORT_SYMBOL(ieee80211_reserve_tid);
4518.  
4519. void ieee80211_unreserve_tid(struct ieee80211_sta *pubsta, u8 tid)
4520. {
4521. struct sta_info *sta = container_of(pubsta, struct sta_info, sta);
4522. struct ieee80211_sub_if_data *sdata = sta->sdata;
4523.  
4524. lockdep_assert_held(&sdata->local->sta_mtx);
4525.  
4526. /* only some cases are supported right now */
4527. switch (sdata->vif.type) {
4528. case NL80211_IFTYPE_STATION:
4529. case NL80211_IFTYPE_AP:
4530. case NL80211_IFTYPE_AP_VLAN:
4531. break;
4532. default:
4533. WARN_ON(1);
4534. return;
4535. }
4536.  
4537. if (tid != sta->reserved_tid) {
4538. sdata_err(sdata, "TID to unreserve (%d) isn't reserved\n", tid);
4539. return;
4540. }
4541.  
4542. sta->reserved_tid = IEEE80211_TID_UNRESERVED;
4543. }
4544. EXPORT_SYMBOL(ieee80211_unreserve_tid);
4545.  
4546. void __ieee80211_tx_skb_tid_band(struct ieee80211_sub_if_data *sdata,
4547. struct sk_buff *skb, int tid,
4548. enum nl80211_band band)
4549. {
4550. int ac = ieee802_1d_to_ac[tid & 7];
4551.  
4552. skb_reset_mac_header(skb);
4553. skb_set_queue_mapping(skb, ac);
4554. skb->priority = tid;
4555.  
4556. skb->dev = sdata->dev;
4557.  
4558. /*
4559. * The other path calling ieee80211_xmit is from the tasklet,
4560. * and while we can handle concurrent transmissions locking
4561. * requirements are that we do not come into tx with bhs on.
4562. */
4563. local_bh_disable();
4564. IEEE80211_SKB_CB(skb)->band = band;
4565. ieee80211_xmit(sdata, NULL, skb);
4566. local_bh_enable();
4567. }