1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54#include <linux/module.h>
55#include <linux/kernel.h>
56#include <linux/sched.h>
57#include <linux/types.h>
58#include <linux/skbuff.h>
59#include <linux/slab.h>
60#include <linux/wireless.h>
61#include <linux/netdevice.h>
62#include <linux/etherdevice.h>
63#include <linux/if_ether.h>
64#include <linux/byteorder/generic.h>
65
66#include <asm/byteorder.h>
67
68#include "p80211types.h"
69#include "p80211hdr.h"
70#include "p80211conv.h"
71#include "p80211mgmt.h"
72#include "p80211msg.h"
73#include "p80211netdev.h"
74#include "p80211ioctl.h"
75#include "p80211req.h"
76
77static u8 oui_rfc1042[] = { 0x00, 0x00, 0x00 };
78static u8 oui_8021h[] = { 0x00, 0x00, 0xf8 };
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105int skb_ether_to_p80211(wlandevice_t *wlandev, u32 ethconv,
106 struct sk_buff *skb, p80211_hdr_t *p80211_hdr,
107 p80211_metawep_t *p80211_wep)
108{
109
110 u16 fc;
111 u16 proto;
112 wlan_ethhdr_t e_hdr;
113 wlan_llc_t *e_llc;
114 wlan_snap_t *e_snap;
115 int foo;
116
117 memcpy(&e_hdr, skb->data, sizeof(e_hdr));
118
119 if (skb->len <= 0) {
120 pr_debug("zero-length skb!\n");
121 return 1;
122 }
123
124 if (ethconv == WLAN_ETHCONV_ENCAP) {
125 pr_debug("ENCAP len: %d\n", skb->len);
126
127
128
129 } else {
130
131 proto = ntohs(e_hdr.type);
132 if (proto <= 1500) {
133 pr_debug("802.3 len: %d\n", skb->len);
134
135
136
137
138 skb_pull(skb, WLAN_ETHHDR_LEN);
139
140
141 skb_trim(skb, proto);
142 } else {
143 pr_debug("DIXII len: %d\n", skb->len);
144
145
146
147 skb_pull(skb, WLAN_ETHHDR_LEN);
148
149
150 e_snap =
151 (wlan_snap_t *) skb_push(skb, sizeof(wlan_snap_t));
152 e_snap->type = htons(proto);
153 if (ethconv == WLAN_ETHCONV_8021h
154 && p80211_stt_findproto(proto)) {
155 memcpy(e_snap->oui, oui_8021h,
156 WLAN_IEEE_OUI_LEN);
157 } else {
158 memcpy(e_snap->oui, oui_rfc1042,
159 WLAN_IEEE_OUI_LEN);
160 }
161
162
163 e_llc =
164 (wlan_llc_t *) skb_push(skb, sizeof(wlan_llc_t));
165 e_llc->dsap = 0xAA;
166 e_llc->ssap = 0xAA;
167 e_llc->ctl = 0x03;
168
169 }
170 }
171
172
173
174 fc = cpu_to_le16(WLAN_SET_FC_FTYPE(WLAN_FTYPE_DATA) |
175 WLAN_SET_FC_FSTYPE(WLAN_FSTYPE_DATAONLY));
176
177 switch (wlandev->macmode) {
178 case WLAN_MACMODE_IBSS_STA:
179 memcpy(p80211_hdr->a3.a1, &e_hdr.daddr, ETH_ALEN);
180 memcpy(p80211_hdr->a3.a2, wlandev->netdev->dev_addr, ETH_ALEN);
181 memcpy(p80211_hdr->a3.a3, wlandev->bssid, ETH_ALEN);
182 break;
183 case WLAN_MACMODE_ESS_STA:
184 fc |= cpu_to_le16(WLAN_SET_FC_TODS(1));
185 memcpy(p80211_hdr->a3.a1, wlandev->bssid, ETH_ALEN);
186 memcpy(p80211_hdr->a3.a2, wlandev->netdev->dev_addr, ETH_ALEN);
187 memcpy(p80211_hdr->a3.a3, &e_hdr.daddr, ETH_ALEN);
188 break;
189 case WLAN_MACMODE_ESS_AP:
190 fc |= cpu_to_le16(WLAN_SET_FC_FROMDS(1));
191 memcpy(p80211_hdr->a3.a1, &e_hdr.daddr, ETH_ALEN);
192 memcpy(p80211_hdr->a3.a2, wlandev->bssid, ETH_ALEN);
193 memcpy(p80211_hdr->a3.a3, &e_hdr.saddr, ETH_ALEN);
194 break;
195 default:
196 printk(KERN_ERR
197 "Error: Converting eth to wlan in unknown mode.\n");
198 return 1;
199 break;
200 }
201
202 p80211_wep->data = NULL;
203
204 if ((wlandev->hostwep & HOSTWEP_PRIVACYINVOKED)
205 && (wlandev->hostwep & HOSTWEP_ENCRYPT)) {
206
207
208 p80211_wep->data = kmalloc(skb->len, GFP_ATOMIC);
209
210 if ((foo = wep_encrypt(wlandev, skb->data, p80211_wep->data,
211 skb->len,
212 (wlandev->hostwep &
213 HOSTWEP_DEFAULTKEY_MASK),
214 p80211_wep->iv, p80211_wep->icv))) {
215 printk(KERN_WARNING
216 "Host en-WEP failed, dropping frame (%d).\n",
217 foo);
218 return 2;
219 }
220 fc |= cpu_to_le16(WLAN_SET_FC_ISWEP(1));
221 }
222
223
224
225 p80211_hdr->a3.fc = fc;
226 p80211_hdr->a3.dur = 0;
227 p80211_hdr->a3.seq = 0;
228
229 return 0;
230}
231
232
233static void orinoco_spy_gather(wlandevice_t *wlandev, char *mac,
234 p80211_rxmeta_t *rxmeta)
235{
236 int i;
237
238
239
240
241 for (i = 0; i < wlandev->spy_number; i++) {
242
243 if (!memcmp(wlandev->spy_address[i], mac, ETH_ALEN)) {
244 memcpy(wlandev->spy_address[i], mac, ETH_ALEN);
245 wlandev->spy_stat[i].level = rxmeta->signal;
246 wlandev->spy_stat[i].noise = rxmeta->noise;
247 wlandev->spy_stat[i].qual =
248 (rxmeta->signal >
249 rxmeta->noise) ? (rxmeta->signal -
250 rxmeta->noise) : 0;
251 wlandev->spy_stat[i].updated = 0x7;
252 }
253 }
254}
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275int skb_p80211_to_ether(wlandevice_t *wlandev, u32 ethconv,
276 struct sk_buff *skb)
277{
278 netdevice_t *netdev = wlandev->netdev;
279 u16 fc;
280 unsigned int payload_length;
281 unsigned int payload_offset;
282 u8 daddr[WLAN_ETHADDR_LEN];
283 u8 saddr[WLAN_ETHADDR_LEN];
284 p80211_hdr_t *w_hdr;
285 wlan_ethhdr_t *e_hdr;
286 wlan_llc_t *e_llc;
287 wlan_snap_t *e_snap;
288
289 int foo;
290
291 payload_length = skb->len - WLAN_HDR_A3_LEN - WLAN_CRC_LEN;
292 payload_offset = WLAN_HDR_A3_LEN;
293
294 w_hdr = (p80211_hdr_t *) skb->data;
295
296
297 fc = le16_to_cpu(w_hdr->a3.fc);
298 if ((WLAN_GET_FC_TODS(fc) == 0) && (WLAN_GET_FC_FROMDS(fc) == 0)) {
299 memcpy(daddr, w_hdr->a3.a1, WLAN_ETHADDR_LEN);
300 memcpy(saddr, w_hdr->a3.a2, WLAN_ETHADDR_LEN);
301 } else if ((WLAN_GET_FC_TODS(fc) == 0) && (WLAN_GET_FC_FROMDS(fc) == 1)) {
302 memcpy(daddr, w_hdr->a3.a1, WLAN_ETHADDR_LEN);
303 memcpy(saddr, w_hdr->a3.a3, WLAN_ETHADDR_LEN);
304 } else if ((WLAN_GET_FC_TODS(fc) == 1) && (WLAN_GET_FC_FROMDS(fc) == 0)) {
305 memcpy(daddr, w_hdr->a3.a3, WLAN_ETHADDR_LEN);
306 memcpy(saddr, w_hdr->a3.a2, WLAN_ETHADDR_LEN);
307 } else {
308 payload_offset = WLAN_HDR_A4_LEN;
309 if (payload_length < WLAN_HDR_A4_LEN - WLAN_HDR_A3_LEN) {
310 printk(KERN_ERR "A4 frame too short!\n");
311 return 1;
312 }
313 payload_length -= (WLAN_HDR_A4_LEN - WLAN_HDR_A3_LEN);
314 memcpy(daddr, w_hdr->a4.a3, WLAN_ETHADDR_LEN);
315 memcpy(saddr, w_hdr->a4.a4, WLAN_ETHADDR_LEN);
316 }
317
318
319 if ((wlandev->hostwep & HOSTWEP_PRIVACYINVOKED) && WLAN_GET_FC_ISWEP(fc)
320 && (wlandev->hostwep & HOSTWEP_DECRYPT)) {
321 if (payload_length <= 8) {
322 printk(KERN_ERR "WEP frame too short (%u).\n",
323 skb->len);
324 return 1;
325 }
326 if ((foo = wep_decrypt(wlandev, skb->data + payload_offset + 4,
327 payload_length - 8, -1,
328 skb->data + payload_offset,
329 skb->data + payload_offset +
330 payload_length - 4))) {
331
332 pr_debug("Host de-WEP failed, dropping frame (%d).\n",
333 foo);
334 wlandev->rx.decrypt_err++;
335 return 2;
336 }
337
338
339 payload_length -= 8;
340
341 skb_pull(skb, 4);
342
343 skb_trim(skb, skb->len - 4);
344
345 wlandev->rx.decrypt++;
346 }
347
348 e_hdr = (wlan_ethhdr_t *) (skb->data + payload_offset);
349
350 e_llc = (wlan_llc_t *) (skb->data + payload_offset);
351 e_snap =
352 (wlan_snap_t *) (skb->data + payload_offset + sizeof(wlan_llc_t));
353
354
355 if ((payload_length >= sizeof(wlan_ethhdr_t)) &&
356 (e_llc->dsap != 0xaa || e_llc->ssap != 0xaa) &&
357 ((memcmp(daddr, e_hdr->daddr, WLAN_ETHADDR_LEN) == 0) ||
358 (memcmp(saddr, e_hdr->saddr, WLAN_ETHADDR_LEN) == 0))) {
359 pr_debug("802.3 ENCAP len: %d\n", payload_length);
360
361
362 if (payload_length > (netdev->mtu + WLAN_ETHHDR_LEN)) {
363
364
365 printk(KERN_ERR "ENCAP frame too large (%d > %d)\n",
366 payload_length, netdev->mtu + WLAN_ETHHDR_LEN);
367 return 1;
368 }
369
370
371 skb_pull(skb, payload_offset);
372
373 skb_trim(skb, skb->len - WLAN_CRC_LEN);
374
375 } else if ((payload_length >= sizeof(wlan_llc_t) + sizeof(wlan_snap_t))
376 && (e_llc->dsap == 0xaa) && (e_llc->ssap == 0xaa)
377 && (e_llc->ctl == 0x03)
378 &&
379 (((memcmp(e_snap->oui, oui_rfc1042, WLAN_IEEE_OUI_LEN) == 0)
380 && (ethconv == WLAN_ETHCONV_8021h)
381 && (p80211_stt_findproto(le16_to_cpu(e_snap->type))))
382 || (memcmp(e_snap->oui, oui_rfc1042, WLAN_IEEE_OUI_LEN) !=
383 0))) {
384 pr_debug("SNAP+RFC1042 len: %d\n", payload_length);
385
386
387
388
389 if (payload_length > netdev->mtu) {
390
391
392 printk(KERN_ERR "SNAP frame too large (%d > %d)\n",
393 payload_length, netdev->mtu);
394 return 1;
395 }
396
397
398 skb_pull(skb, payload_offset);
399
400
401 e_hdr = (wlan_ethhdr_t *) skb_push(skb, WLAN_ETHHDR_LEN);
402 memcpy(e_hdr->daddr, daddr, WLAN_ETHADDR_LEN);
403 memcpy(e_hdr->saddr, saddr, WLAN_ETHADDR_LEN);
404 e_hdr->type = htons(payload_length);
405
406
407 skb_trim(skb, skb->len - WLAN_CRC_LEN);
408
409 } else if ((payload_length >= sizeof(wlan_llc_t) + sizeof(wlan_snap_t))
410 && (e_llc->dsap == 0xaa) && (e_llc->ssap == 0xaa)
411 && (e_llc->ctl == 0x03)) {
412 pr_debug("802.1h/RFC1042 len: %d\n", payload_length);
413
414
415
416
417 if ((payload_length - sizeof(wlan_llc_t) - sizeof(wlan_snap_t))
418 > netdev->mtu) {
419
420
421 printk(KERN_ERR "DIXII frame too large (%ld > %d)\n",
422 (long int)(payload_length - sizeof(wlan_llc_t) -
423 sizeof(wlan_snap_t)), netdev->mtu);
424 return 1;
425 }
426
427
428 skb_pull(skb, payload_offset);
429
430
431 skb_pull(skb, sizeof(wlan_llc_t));
432
433
434 skb_pull(skb, sizeof(wlan_snap_t));
435
436
437 e_hdr = (wlan_ethhdr_t *) skb_push(skb, WLAN_ETHHDR_LEN);
438 e_hdr->type = e_snap->type;
439 memcpy(e_hdr->daddr, daddr, WLAN_ETHADDR_LEN);
440 memcpy(e_hdr->saddr, saddr, WLAN_ETHADDR_LEN);
441
442
443 skb_trim(skb, skb->len - WLAN_CRC_LEN);
444 } else {
445 pr_debug("NON-ENCAP len: %d\n", payload_length);
446
447
448
449
450
451
452 if (payload_length > netdev->mtu) {
453
454
455 printk(KERN_ERR "OTHER frame too large (%d > %d)\n",
456 payload_length, netdev->mtu);
457 return 1;
458 }
459
460
461 skb_pull(skb, payload_offset);
462
463
464 e_hdr = (wlan_ethhdr_t *) skb_push(skb, WLAN_ETHHDR_LEN);
465 memcpy(e_hdr->daddr, daddr, WLAN_ETHADDR_LEN);
466 memcpy(e_hdr->saddr, saddr, WLAN_ETHADDR_LEN);
467 e_hdr->type = htons(payload_length);
468
469
470 skb_trim(skb, skb->len - WLAN_CRC_LEN);
471
472 }
473
474
475
476
477
478
479
480
481
482
483 skb->protocol = eth_type_trans(skb, netdev);
484
485
486
487 if (wlandev->spy_number)
488 orinoco_spy_gather(wlandev, eth_hdr(skb)->h_source,
489 P80211SKB_RXMETA(skb));
490
491
492 p80211skb_rxmeta_detach(skb);
493
494 return 0;
495}
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513int p80211_stt_findproto(u16 proto)
514{
515
516
517
518
519
520
521
522 if (proto == 0x80f3)
523 return 1;
524
525 return 0;
526}
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543void p80211skb_rxmeta_detach(struct sk_buff *skb)
544{
545 p80211_rxmeta_t *rxmeta;
546 p80211_frmmeta_t *frmmeta;
547
548
549 if (skb == NULL) {
550 pr_debug("Called w/ null skb.\n");
551 goto exit;
552 }
553 frmmeta = P80211SKB_FRMMETA(skb);
554 if (frmmeta == NULL) {
555 pr_debug("Called w/ bad frmmeta magic.\n");
556 goto exit;
557 }
558 rxmeta = frmmeta->rx;
559 if (rxmeta == NULL) {
560 pr_debug("Called w/ bad rxmeta ptr.\n");
561 goto exit;
562 }
563
564
565 kfree(rxmeta);
566
567
568 memset(skb->cb, 0, sizeof(skb->cb));
569exit:
570 return;
571}
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589int p80211skb_rxmeta_attach(struct wlandevice *wlandev, struct sk_buff *skb)
590{
591 int result = 0;
592 p80211_rxmeta_t *rxmeta;
593 p80211_frmmeta_t *frmmeta;
594
595
596 if (P80211SKB_RXMETA(skb) != NULL) {
597 printk(KERN_ERR "%s: RXmeta already attached!\n",
598 wlandev->name);
599 result = 0;
600 goto exit;
601 }
602
603
604 rxmeta = kmalloc(sizeof(p80211_rxmeta_t), GFP_ATOMIC);
605
606 if (rxmeta == NULL) {
607 printk(KERN_ERR "%s: Failed to allocate rxmeta.\n",
608 wlandev->name);
609 result = 1;
610 goto exit;
611 }
612
613
614 memset(rxmeta, 0, sizeof(p80211_rxmeta_t));
615 rxmeta->wlandev = wlandev;
616 rxmeta->hosttime = jiffies;
617
618
619 memset(skb->cb, 0, sizeof(p80211_frmmeta_t));
620 frmmeta = (p80211_frmmeta_t *) (skb->cb);
621 frmmeta->magic = P80211_FRMMETA_MAGIC;
622 frmmeta->rx = rxmeta;
623exit:
624 return result;
625}
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643void p80211skb_free(struct wlandevice *wlandev, struct sk_buff *skb)
644{
645 p80211_frmmeta_t *meta;
646
647 meta = P80211SKB_FRMMETA(skb);
648 if (meta && meta->rx)
649 p80211skb_rxmeta_detach(skb);
650 else
651 printk(KERN_ERR "Freeing an skb (%p) w/ no frmmeta.\n", skb);
652 dev_kfree_skb(skb);
653 return;
654}
655