1
2
3
4
5
6
7
8
9
10
11
12
13#include <linux/jiffies.h>
14#include <linux/slab.h>
15#include <linux/kernel.h>
16#include <linux/skbuff.h>
17#include <linux/netdevice.h>
18#include <linux/etherdevice.h>
19#include <linux/rcupdate.h>
20#include <linux/export.h>
21#include <net/mac80211.h>
22#include <net/ieee80211_radiotap.h>
23#include <asm/unaligned.h>
24
25#include "ieee80211_i.h"
26#include "driver-ops.h"
27#include "led.h"
28#include "mesh.h"
29#include "wep.h"
30#include "wpa.h"
31#include "tkip.h"
32#include "wme.h"
33#include "rate.h"
34
35
36
37
38
39
40
41static struct sk_buff *remove_monitor_info(struct ieee80211_local *local,
42 struct sk_buff *skb)
43{
44 if (local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS) {
45 if (likely(skb->len > FCS_LEN))
46 __pskb_trim(skb, skb->len - FCS_LEN);
47 else {
48
49 WARN_ON(1);
50 dev_kfree_skb(skb);
51 return NULL;
52 }
53 }
54
55 return skb;
56}
57
58static inline bool should_drop_frame(struct sk_buff *skb, int present_fcs_len)
59{
60 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
61 struct ieee80211_hdr *hdr = (void *)skb->data;
62
63 if (status->flag & (RX_FLAG_FAILED_FCS_CRC |
64 RX_FLAG_FAILED_PLCP_CRC |
65 RX_FLAG_AMPDU_IS_ZEROLEN))
66 return true;
67
68 if (unlikely(skb->len < 16 + present_fcs_len))
69 return true;
70
71 if (ieee80211_is_ctl(hdr->frame_control) &&
72 !ieee80211_is_pspoll(hdr->frame_control) &&
73 !ieee80211_is_back_req(hdr->frame_control))
74 return true;
75
76 return false;
77}
78
79static int
80ieee80211_rx_radiotap_space(struct ieee80211_local *local,
81 struct ieee80211_rx_status *status)
82{
83 int len;
84
85
86 len = sizeof(struct ieee80211_radiotap_header) + 8;
87
88
89 if (status->chains)
90 len += 4 * hweight8(status->chains);
91
92 if (ieee80211_have_rx_timestamp(status)) {
93 len = ALIGN(len, 8);
94 len += 8;
95 }
96 if (local->hw.flags & IEEE80211_HW_SIGNAL_DBM)
97 len += 1;
98
99
100 if (!status->chains)
101 len += 1;
102
103
104 len = ALIGN(len, 2);
105
106 if (status->flag & RX_FLAG_HT)
107 len += 3;
108
109 if (status->flag & RX_FLAG_AMPDU_DETAILS) {
110 len = ALIGN(len, 4);
111 len += 8;
112 }
113
114 if (status->flag & RX_FLAG_VHT) {
115 len = ALIGN(len, 2);
116 len += 12;
117 }
118
119 if (status->chains) {
120
121 len += 2 * hweight8(status->chains);
122 }
123
124 return len;
125}
126
127
128
129
130
131
132static void
133ieee80211_add_rx_radiotap_header(struct ieee80211_local *local,
134 struct sk_buff *skb,
135 struct ieee80211_rate *rate,
136 int rtap_len, bool has_fcs)
137{
138 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
139 struct ieee80211_radiotap_header *rthdr;
140 unsigned char *pos;
141 __le32 *it_present;
142 u32 it_present_val;
143 u16 rx_flags = 0;
144 u16 channel_flags = 0;
145 int mpdulen, chain;
146 unsigned long chains = status->chains;
147
148 mpdulen = skb->len;
149 if (!(has_fcs && (local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS)))
150 mpdulen += FCS_LEN;
151
152 rthdr = (struct ieee80211_radiotap_header *)skb_push(skb, rtap_len);
153 memset(rthdr, 0, rtap_len);
154 it_present = &rthdr->it_present;
155
156
157 rthdr->it_len = cpu_to_le16(rtap_len);
158 it_present_val = BIT(IEEE80211_RADIOTAP_FLAGS) |
159 BIT(IEEE80211_RADIOTAP_CHANNEL) |
160 BIT(IEEE80211_RADIOTAP_RX_FLAGS);
161
162 if (!status->chains)
163 it_present_val |= BIT(IEEE80211_RADIOTAP_ANTENNA);
164
165 for_each_set_bit(chain, &chains, IEEE80211_MAX_CHAINS) {
166 it_present_val |=
167 BIT(IEEE80211_RADIOTAP_EXT) |
168 BIT(IEEE80211_RADIOTAP_RADIOTAP_NAMESPACE);
169 put_unaligned_le32(it_present_val, it_present);
170 it_present++;
171 it_present_val = BIT(IEEE80211_RADIOTAP_ANTENNA) |
172 BIT(IEEE80211_RADIOTAP_DBM_ANTSIGNAL);
173 }
174
175 put_unaligned_le32(it_present_val, it_present);
176
177 pos = (void *)(it_present + 1);
178
179
180
181
182 if (ieee80211_have_rx_timestamp(status)) {
183
184 while ((pos - (u8 *)rthdr) & 7)
185 *pos++ = 0;
186 put_unaligned_le64(
187 ieee80211_calculate_rx_timestamp(local, status,
188 mpdulen, 0),
189 pos);
190 rthdr->it_present |= cpu_to_le32(1 << IEEE80211_RADIOTAP_TSFT);
191 pos += 8;
192 }
193
194
195 if (has_fcs && (local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS))
196 *pos |= IEEE80211_RADIOTAP_F_FCS;
197 if (status->flag & (RX_FLAG_FAILED_FCS_CRC | RX_FLAG_FAILED_PLCP_CRC))
198 *pos |= IEEE80211_RADIOTAP_F_BADFCS;
199 if (status->flag & RX_FLAG_SHORTPRE)
200 *pos |= IEEE80211_RADIOTAP_F_SHORTPRE;
201 pos++;
202
203
204 if (!rate || status->flag & (RX_FLAG_HT | RX_FLAG_VHT)) {
205
206
207
208
209
210
211 *pos = 0;
212 } else {
213 int shift = 0;
214 rthdr->it_present |= cpu_to_le32(1 << IEEE80211_RADIOTAP_RATE);
215 if (status->flag & RX_FLAG_10MHZ)
216 shift = 1;
217 else if (status->flag & RX_FLAG_5MHZ)
218 shift = 2;
219 *pos = DIV_ROUND_UP(rate->bitrate, 5 * (1 << shift));
220 }
221 pos++;
222
223
224 put_unaligned_le16(status->freq, pos);
225 pos += 2;
226 if (status->flag & RX_FLAG_10MHZ)
227 channel_flags |= IEEE80211_CHAN_HALF;
228 else if (status->flag & RX_FLAG_5MHZ)
229 channel_flags |= IEEE80211_CHAN_QUARTER;
230
231 if (status->band == IEEE80211_BAND_5GHZ)
232 channel_flags |= IEEE80211_CHAN_OFDM | IEEE80211_CHAN_5GHZ;
233 else if (status->flag & (RX_FLAG_HT | RX_FLAG_VHT))
234 channel_flags |= IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ;
235 else if (rate && rate->flags & IEEE80211_RATE_ERP_G)
236 channel_flags |= IEEE80211_CHAN_OFDM | IEEE80211_CHAN_2GHZ;
237 else if (rate)
238 channel_flags |= IEEE80211_CHAN_OFDM | IEEE80211_CHAN_2GHZ;
239 else
240 channel_flags |= IEEE80211_CHAN_2GHZ;
241 put_unaligned_le16(channel_flags, pos);
242 pos += 2;
243
244
245 if (local->hw.flags & IEEE80211_HW_SIGNAL_DBM &&
246 !(status->flag & RX_FLAG_NO_SIGNAL_VAL)) {
247 *pos = status->signal;
248 rthdr->it_present |=
249 cpu_to_le32(1 << IEEE80211_RADIOTAP_DBM_ANTSIGNAL);
250 pos++;
251 }
252
253
254
255 if (!status->chains) {
256
257 *pos = status->antenna;
258 pos++;
259 }
260
261
262
263
264
265 if ((pos - (u8 *)rthdr) & 1)
266 *pos++ = 0;
267 if (status->flag & RX_FLAG_FAILED_PLCP_CRC)
268 rx_flags |= IEEE80211_RADIOTAP_F_RX_BADPLCP;
269 put_unaligned_le16(rx_flags, pos);
270 pos += 2;
271
272 if (status->flag & RX_FLAG_HT) {
273 unsigned int stbc;
274
275 rthdr->it_present |= cpu_to_le32(1 << IEEE80211_RADIOTAP_MCS);
276 *pos++ = local->hw.radiotap_mcs_details;
277 *pos = 0;
278 if (status->flag & RX_FLAG_SHORT_GI)
279 *pos |= IEEE80211_RADIOTAP_MCS_SGI;
280 if (status->flag & RX_FLAG_40MHZ)
281 *pos |= IEEE80211_RADIOTAP_MCS_BW_40;
282 if (status->flag & RX_FLAG_HT_GF)
283 *pos |= IEEE80211_RADIOTAP_MCS_FMT_GF;
284 if (status->flag & RX_FLAG_LDPC)
285 *pos |= IEEE80211_RADIOTAP_MCS_FEC_LDPC;
286 stbc = (status->flag & RX_FLAG_STBC_MASK) >> RX_FLAG_STBC_SHIFT;
287 *pos |= stbc << IEEE80211_RADIOTAP_MCS_STBC_SHIFT;
288 pos++;
289 *pos++ = status->rate_idx;
290 }
291
292 if (status->flag & RX_FLAG_AMPDU_DETAILS) {
293 u16 flags = 0;
294
295
296 while ((pos - (u8 *)rthdr) & 3)
297 pos++;
298 rthdr->it_present |=
299 cpu_to_le32(1 << IEEE80211_RADIOTAP_AMPDU_STATUS);
300 put_unaligned_le32(status->ampdu_reference, pos);
301 pos += 4;
302 if (status->flag & RX_FLAG_AMPDU_REPORT_ZEROLEN)
303 flags |= IEEE80211_RADIOTAP_AMPDU_REPORT_ZEROLEN;
304 if (status->flag & RX_FLAG_AMPDU_IS_ZEROLEN)
305 flags |= IEEE80211_RADIOTAP_AMPDU_IS_ZEROLEN;
306 if (status->flag & RX_FLAG_AMPDU_LAST_KNOWN)
307 flags |= IEEE80211_RADIOTAP_AMPDU_LAST_KNOWN;
308 if (status->flag & RX_FLAG_AMPDU_IS_LAST)
309 flags |= IEEE80211_RADIOTAP_AMPDU_IS_LAST;
310 if (status->flag & RX_FLAG_AMPDU_DELIM_CRC_ERROR)
311 flags |= IEEE80211_RADIOTAP_AMPDU_DELIM_CRC_ERR;
312 if (status->flag & RX_FLAG_AMPDU_DELIM_CRC_KNOWN)
313 flags |= IEEE80211_RADIOTAP_AMPDU_DELIM_CRC_KNOWN;
314 put_unaligned_le16(flags, pos);
315 pos += 2;
316 if (status->flag & RX_FLAG_AMPDU_DELIM_CRC_KNOWN)
317 *pos++ = status->ampdu_delimiter_crc;
318 else
319 *pos++ = 0;
320 *pos++ = 0;
321 }
322
323 if (status->flag & RX_FLAG_VHT) {
324 u16 known = local->hw.radiotap_vht_details;
325
326 rthdr->it_present |= cpu_to_le32(1 << IEEE80211_RADIOTAP_VHT);
327
328 if (status->vht_flag & RX_VHT_FLAG_80P80MHZ)
329 known &= ~IEEE80211_RADIOTAP_VHT_KNOWN_BANDWIDTH;
330 put_unaligned_le16(known, pos);
331 pos += 2;
332
333 if (status->flag & RX_FLAG_SHORT_GI)
334 *pos |= IEEE80211_RADIOTAP_VHT_FLAG_SGI;
335
336 if (status->flag & RX_FLAG_STBC_MASK)
337 *pos |= IEEE80211_RADIOTAP_VHT_FLAG_STBC;
338 if (status->vht_flag & RX_VHT_FLAG_BF)
339 *pos |= IEEE80211_RADIOTAP_VHT_FLAG_BEAMFORMED;
340 pos++;
341
342 if (status->vht_flag & RX_VHT_FLAG_80MHZ)
343 *pos++ = 4;
344 else if (status->vht_flag & RX_VHT_FLAG_80P80MHZ)
345 *pos++ = 0;
346 else if (status->vht_flag & RX_VHT_FLAG_160MHZ)
347 *pos++ = 11;
348 else if (status->flag & RX_FLAG_40MHZ)
349 *pos++ = 1;
350 else
351 *pos++ = 0;
352
353 *pos = (status->rate_idx << 4) | status->vht_nss;
354 pos += 4;
355
356 if (status->flag & RX_FLAG_LDPC)
357 *pos |= IEEE80211_RADIOTAP_CODING_LDPC_USER0;
358 pos++;
359
360 pos++;
361
362 pos += 2;
363 }
364
365 for_each_set_bit(chain, &chains, IEEE80211_MAX_CHAINS) {
366 *pos++ = status->chain_signal[chain];
367 *pos++ = chain;
368 }
369}
370
371
372
373
374
375
376static struct sk_buff *
377ieee80211_rx_monitor(struct ieee80211_local *local, struct sk_buff *origskb,
378 struct ieee80211_rate *rate)
379{
380 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(origskb);
381 struct ieee80211_sub_if_data *sdata;
382 int needed_headroom;
383 struct sk_buff *skb, *skb2;
384 struct net_device *prev_dev = NULL;
385 int present_fcs_len = 0;
386
387
388
389
390
391
392
393
394
395
396 if (local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS)
397 present_fcs_len = FCS_LEN;
398
399
400 if (!pskb_may_pull(origskb, 2)) {
401 dev_kfree_skb(origskb);
402 return NULL;
403 }
404
405 if (!local->monitors) {
406 if (should_drop_frame(origskb, present_fcs_len)) {
407 dev_kfree_skb(origskb);
408 return NULL;
409 }
410
411 return remove_monitor_info(local, origskb);
412 }
413
414
415 needed_headroom = ieee80211_rx_radiotap_space(local, status);
416
417 if (should_drop_frame(origskb, present_fcs_len)) {
418
419 skb = origskb;
420 origskb = NULL;
421
422
423
424
425
426
427
428
429 if (skb_headroom(skb) < needed_headroom &&
430 pskb_expand_head(skb, needed_headroom, 0, GFP_ATOMIC)) {
431 dev_kfree_skb(skb);
432 return NULL;
433 }
434 } else {
435
436
437
438
439 skb = skb_copy_expand(origskb, needed_headroom, 0, GFP_ATOMIC);
440
441 origskb = remove_monitor_info(local, origskb);
442
443 if (!skb)
444 return origskb;
445 }
446
447
448 ieee80211_add_rx_radiotap_header(local, skb, rate, needed_headroom,
449 true);
450
451 skb_reset_mac_header(skb);
452 skb->ip_summed = CHECKSUM_UNNECESSARY;
453 skb->pkt_type = PACKET_OTHERHOST;
454 skb->protocol = htons(ETH_P_802_2);
455
456 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
457 if (sdata->vif.type != NL80211_IFTYPE_MONITOR)
458 continue;
459
460 if (sdata->u.mntr_flags & MONITOR_FLAG_COOK_FRAMES)
461 continue;
462
463 if (!ieee80211_sdata_running(sdata))
464 continue;
465
466 if (prev_dev) {
467 skb2 = skb_clone(skb, GFP_ATOMIC);
468 if (skb2) {
469 skb2->dev = prev_dev;
470 netif_receive_skb(skb2);
471 }
472 }
473
474 prev_dev = sdata->dev;
475 sdata->dev->stats.rx_packets++;
476 sdata->dev->stats.rx_bytes += skb->len;
477 }
478
479 if (prev_dev) {
480 skb->dev = prev_dev;
481 netif_receive_skb(skb);
482 } else
483 dev_kfree_skb(skb);
484
485 return origskb;
486}
487
488static void ieee80211_parse_qos(struct ieee80211_rx_data *rx)
489{
490 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
491 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb);
492 int tid, seqno_idx, security_idx;
493
494
495 if (ieee80211_is_data_qos(hdr->frame_control)) {
496 u8 *qc = ieee80211_get_qos_ctl(hdr);
497
498 tid = *qc & IEEE80211_QOS_CTL_TID_MASK;
499 if (*qc & IEEE80211_QOS_CTL_A_MSDU_PRESENT)
500 status->rx_flags |= IEEE80211_RX_AMSDU;
501
502 seqno_idx = tid;
503 security_idx = tid;
504 } else {
505
506
507
508
509
510
511
512
513
514
515
516 seqno_idx = IEEE80211_NUM_TIDS;
517 security_idx = 0;
518 if (ieee80211_is_mgmt(hdr->frame_control))
519 security_idx = IEEE80211_NUM_TIDS;
520 tid = 0;
521 }
522
523 rx->seqno_idx = seqno_idx;
524 rx->security_idx = security_idx;
525
526
527 rx->skb->priority = (tid > 7) ? 0 : tid;
528}
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555static void ieee80211_verify_alignment(struct ieee80211_rx_data *rx)
556{
557#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
558 WARN_ONCE((unsigned long)rx->skb->data & 1,
559 "unaligned packet at 0x%p\n", rx->skb->data);
560#endif
561}
562
563
564
565
566static int ieee80211_is_unicast_robust_mgmt_frame(struct sk_buff *skb)
567{
568 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
569
570 if (is_multicast_ether_addr(hdr->addr1))
571 return 0;
572
573 return ieee80211_is_robust_mgmt_frame(skb);
574}
575
576
577static int ieee80211_is_multicast_robust_mgmt_frame(struct sk_buff *skb)
578{
579 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
580
581 if (!is_multicast_ether_addr(hdr->addr1))
582 return 0;
583
584 return ieee80211_is_robust_mgmt_frame(skb);
585}
586
587
588
589static int ieee80211_get_mmie_keyidx(struct sk_buff *skb)
590{
591 struct ieee80211_mgmt *hdr = (struct ieee80211_mgmt *) skb->data;
592 struct ieee80211_mmie *mmie;
593
594 if (skb->len < 24 + sizeof(*mmie) || !is_multicast_ether_addr(hdr->da))
595 return -1;
596
597 if (!ieee80211_is_robust_mgmt_frame(skb))
598 return -1;
599
600 mmie = (struct ieee80211_mmie *)
601 (skb->data + skb->len - sizeof(*mmie));
602 if (mmie->element_id != WLAN_EID_MMIE ||
603 mmie->length != sizeof(*mmie) - 2)
604 return -1;
605
606 return le16_to_cpu(mmie->key_id);
607}
608
609static int iwl80211_get_cs_keyid(const struct ieee80211_cipher_scheme *cs,
610 struct sk_buff *skb)
611{
612 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
613 __le16 fc;
614 int hdrlen;
615 u8 keyid;
616
617 fc = hdr->frame_control;
618 hdrlen = ieee80211_hdrlen(fc);
619
620 if (skb->len < hdrlen + cs->hdr_len)
621 return -EINVAL;
622
623 skb_copy_bits(skb, hdrlen + cs->key_idx_off, &keyid, 1);
624 keyid &= cs->key_idx_mask;
625 keyid >>= cs->key_idx_shift;
626
627 return keyid;
628}
629
630static ieee80211_rx_result ieee80211_rx_mesh_check(struct ieee80211_rx_data *rx)
631{
632 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
633 char *dev_addr = rx->sdata->vif.addr;
634
635 if (ieee80211_is_data(hdr->frame_control)) {
636 if (is_multicast_ether_addr(hdr->addr1)) {
637 if (ieee80211_has_tods(hdr->frame_control) ||
638 !ieee80211_has_fromds(hdr->frame_control))
639 return RX_DROP_MONITOR;
640 if (ether_addr_equal(hdr->addr3, dev_addr))
641 return RX_DROP_MONITOR;
642 } else {
643 if (!ieee80211_has_a4(hdr->frame_control))
644 return RX_DROP_MONITOR;
645 if (ether_addr_equal(hdr->addr4, dev_addr))
646 return RX_DROP_MONITOR;
647 }
648 }
649
650
651
652
653
654 if (!rx->sta || sta_plink_state(rx->sta) != NL80211_PLINK_ESTAB) {
655 struct ieee80211_mgmt *mgmt;
656
657 if (!ieee80211_is_mgmt(hdr->frame_control))
658 return RX_DROP_MONITOR;
659
660 if (ieee80211_is_action(hdr->frame_control)) {
661 u8 category;
662
663
664 if (rx->skb->len < IEEE80211_MIN_ACTION_SIZE)
665 return RX_DROP_MONITOR;
666
667 mgmt = (struct ieee80211_mgmt *)hdr;
668 category = mgmt->u.action.category;
669 if (category != WLAN_CATEGORY_MESH_ACTION &&
670 category != WLAN_CATEGORY_SELF_PROTECTED)
671 return RX_DROP_MONITOR;
672 return RX_CONTINUE;
673 }
674
675 if (ieee80211_is_probe_req(hdr->frame_control) ||
676 ieee80211_is_probe_resp(hdr->frame_control) ||
677 ieee80211_is_beacon(hdr->frame_control) ||
678 ieee80211_is_auth(hdr->frame_control))
679 return RX_CONTINUE;
680
681 return RX_DROP_MONITOR;
682 }
683
684 return RX_CONTINUE;
685}
686
687static void ieee80211_release_reorder_frame(struct ieee80211_sub_if_data *sdata,
688 struct tid_ampdu_rx *tid_agg_rx,
689 int index,
690 struct sk_buff_head *frames)
691{
692 struct sk_buff_head *skb_list = &tid_agg_rx->reorder_buf[index];
693 struct sk_buff *skb;
694 struct ieee80211_rx_status *status;
695
696 lockdep_assert_held(&tid_agg_rx->reorder_lock);
697
698 if (skb_queue_empty(skb_list))
699 goto no_frame;
700
701 if (!ieee80211_rx_reorder_ready(skb_list)) {
702 __skb_queue_purge(skb_list);
703 goto no_frame;
704 }
705
706
707 tid_agg_rx->stored_mpdu_num--;
708 while ((skb = __skb_dequeue(skb_list))) {
709 status = IEEE80211_SKB_RXCB(skb);
710 status->rx_flags |= IEEE80211_RX_DEFERRED_RELEASE;
711 __skb_queue_tail(frames, skb);
712 }
713
714no_frame:
715 tid_agg_rx->head_seq_num = ieee80211_sn_inc(tid_agg_rx->head_seq_num);
716}
717
718static void ieee80211_release_reorder_frames(struct ieee80211_sub_if_data *sdata,
719 struct tid_ampdu_rx *tid_agg_rx,
720 u16 head_seq_num,
721 struct sk_buff_head *frames)
722{
723 int index;
724
725 lockdep_assert_held(&tid_agg_rx->reorder_lock);
726
727 while (ieee80211_sn_less(tid_agg_rx->head_seq_num, head_seq_num)) {
728 index = tid_agg_rx->head_seq_num % tid_agg_rx->buf_size;
729 ieee80211_release_reorder_frame(sdata, tid_agg_rx, index,
730 frames);
731 }
732}
733
734
735
736
737
738
739
740
741
742
743#define HT_RX_REORDER_BUF_TIMEOUT (HZ / 10)
744
745static void ieee80211_sta_reorder_release(struct ieee80211_sub_if_data *sdata,
746 struct tid_ampdu_rx *tid_agg_rx,
747 struct sk_buff_head *frames)
748{
749 int index, i, j;
750
751 lockdep_assert_held(&tid_agg_rx->reorder_lock);
752
753
754 index = tid_agg_rx->head_seq_num % tid_agg_rx->buf_size;
755 if (!ieee80211_rx_reorder_ready(&tid_agg_rx->reorder_buf[index]) &&
756 tid_agg_rx->stored_mpdu_num) {
757
758
759
760
761 int skipped = 1;
762 for (j = (index + 1) % tid_agg_rx->buf_size; j != index;
763 j = (j + 1) % tid_agg_rx->buf_size) {
764 if (!ieee80211_rx_reorder_ready(
765 &tid_agg_rx->reorder_buf[j])) {
766 skipped++;
767 continue;
768 }
769 if (skipped &&
770 !time_after(jiffies, tid_agg_rx->reorder_time[j] +
771 HT_RX_REORDER_BUF_TIMEOUT))
772 goto set_release_timer;
773
774
775 for (i = (index + 1) % tid_agg_rx->buf_size; i != j;
776 i = (i + 1) % tid_agg_rx->buf_size)
777 __skb_queue_purge(&tid_agg_rx->reorder_buf[i]);
778
779 ht_dbg_ratelimited(sdata,
780 "release an RX reorder frame due to timeout on earlier frames\n");
781 ieee80211_release_reorder_frame(sdata, tid_agg_rx, j,
782 frames);
783
784
785
786
787 tid_agg_rx->head_seq_num =
788 (tid_agg_rx->head_seq_num +
789 skipped) & IEEE80211_SN_MASK;
790 skipped = 0;
791 }
792 } else while (ieee80211_rx_reorder_ready(
793 &tid_agg_rx->reorder_buf[index])) {
794 ieee80211_release_reorder_frame(sdata, tid_agg_rx, index,
795 frames);
796 index = tid_agg_rx->head_seq_num % tid_agg_rx->buf_size;
797 }
798
799 if (tid_agg_rx->stored_mpdu_num) {
800 j = index = tid_agg_rx->head_seq_num % tid_agg_rx->buf_size;
801
802 for (; j != (index - 1) % tid_agg_rx->buf_size;
803 j = (j + 1) % tid_agg_rx->buf_size) {
804 if (ieee80211_rx_reorder_ready(
805 &tid_agg_rx->reorder_buf[j]))
806 break;
807 }
808
809 set_release_timer:
810
811 mod_timer(&tid_agg_rx->reorder_timer,
812 tid_agg_rx->reorder_time[j] + 1 +
813 HT_RX_REORDER_BUF_TIMEOUT);
814 } else {
815 del_timer(&tid_agg_rx->reorder_timer);
816 }
817}
818
819
820
821
822
823
824static bool ieee80211_sta_manage_reorder_buf(struct ieee80211_sub_if_data *sdata,
825 struct tid_ampdu_rx *tid_agg_rx,
826 struct sk_buff *skb,
827 struct sk_buff_head *frames)
828{
829 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
830 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
831 u16 sc = le16_to_cpu(hdr->seq_ctrl);
832 u16 mpdu_seq_num = (sc & IEEE80211_SCTL_SEQ) >> 4;
833 u16 head_seq_num, buf_size;
834 int index;
835 bool ret = true;
836
837 spin_lock(&tid_agg_rx->reorder_lock);
838
839
840
841
842
843 if (unlikely(tid_agg_rx->auto_seq)) {
844 tid_agg_rx->auto_seq = false;
845 tid_agg_rx->ssn = mpdu_seq_num;
846 tid_agg_rx->head_seq_num = mpdu_seq_num;
847 }
848
849 buf_size = tid_agg_rx->buf_size;
850 head_seq_num = tid_agg_rx->head_seq_num;
851
852
853 if (ieee80211_sn_less(mpdu_seq_num, head_seq_num)) {
854 dev_kfree_skb(skb);
855 goto out;
856 }
857
858
859
860
861
862 if (!ieee80211_sn_less(mpdu_seq_num, head_seq_num + buf_size)) {
863 head_seq_num = ieee80211_sn_inc(
864 ieee80211_sn_sub(mpdu_seq_num, buf_size));
865
866 ieee80211_release_reorder_frames(sdata, tid_agg_rx,
867 head_seq_num, frames);
868 }
869
870
871
872 index = mpdu_seq_num % tid_agg_rx->buf_size;
873
874
875 if (ieee80211_rx_reorder_ready(&tid_agg_rx->reorder_buf[index])) {
876 dev_kfree_skb(skb);
877 goto out;
878 }
879
880
881
882
883
884
885
886 if (mpdu_seq_num == tid_agg_rx->head_seq_num &&
887 tid_agg_rx->stored_mpdu_num == 0) {
888 if (!(status->flag & RX_FLAG_AMSDU_MORE))
889 tid_agg_rx->head_seq_num =
890 ieee80211_sn_inc(tid_agg_rx->head_seq_num);
891 ret = false;
892 goto out;
893 }
894
895
896 __skb_queue_tail(&tid_agg_rx->reorder_buf[index], skb);
897 if (!(status->flag & RX_FLAG_AMSDU_MORE)) {
898 tid_agg_rx->reorder_time[index] = jiffies;
899 tid_agg_rx->stored_mpdu_num++;
900 ieee80211_sta_reorder_release(sdata, tid_agg_rx, frames);
901 }
902
903 out:
904 spin_unlock(&tid_agg_rx->reorder_lock);
905 return ret;
906}
907
908
909
910
911
912static void ieee80211_rx_reorder_ampdu(struct ieee80211_rx_data *rx,
913 struct sk_buff_head *frames)
914{
915 struct sk_buff *skb = rx->skb;
916 struct ieee80211_local *local = rx->local;
917 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
918 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
919 struct sta_info *sta = rx->sta;
920 struct tid_ampdu_rx *tid_agg_rx;
921 u16 sc;
922 u8 tid, ack_policy;
923
924 if (!ieee80211_is_data_qos(hdr->frame_control) ||
925 is_multicast_ether_addr(hdr->addr1))
926 goto dont_reorder;
927
928
929
930
931
932
933 if (!sta)
934 goto dont_reorder;
935
936 ack_policy = *ieee80211_get_qos_ctl(hdr) &
937 IEEE80211_QOS_CTL_ACK_POLICY_MASK;
938 tid = *ieee80211_get_qos_ctl(hdr) & IEEE80211_QOS_CTL_TID_MASK;
939
940 tid_agg_rx = rcu_dereference(sta->ampdu_mlme.tid_rx[tid]);
941 if (!tid_agg_rx)
942 goto dont_reorder;
943
944
945 if (unlikely(hdr->frame_control & cpu_to_le16(IEEE80211_STYPE_NULLFUNC)))
946 goto dont_reorder;
947
948
949 if (ack_policy != IEEE80211_QOS_CTL_ACK_POLICY_BLOCKACK &&
950 ack_policy != IEEE80211_QOS_CTL_ACK_POLICY_NORMAL)
951 goto dont_reorder;
952
953
954 if (!(status->rx_flags & IEEE80211_RX_RA_MATCH))
955 goto dont_reorder;
956
957
958
959
960 if (tid_agg_rx->timeout)
961 tid_agg_rx->last_rx = jiffies;
962
963
964 sc = le16_to_cpu(hdr->seq_ctrl);
965 if (sc & IEEE80211_SCTL_FRAG) {
966 skb->pkt_type = IEEE80211_SDATA_QUEUE_TYPE_FRAME;
967 skb_queue_tail(&rx->sdata->skb_queue, skb);
968 ieee80211_queue_work(&local->hw, &rx->sdata->work);
969 return;
970 }
971
972
973
974
975
976
977
978
979 if (ieee80211_sta_manage_reorder_buf(rx->sdata, tid_agg_rx, skb,
980 frames))
981 return;
982
983 dont_reorder:
984 __skb_queue_tail(frames, skb);
985}
986
987static ieee80211_rx_result debug_noinline
988ieee80211_rx_h_check(struct ieee80211_rx_data *rx)
989{
990 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
991 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb);
992
993
994
995
996
997 if (rx->skb->len >= 24 && rx->sta &&
998 !ieee80211_is_ctl(hdr->frame_control) &&
999 !ieee80211_is_qos_nullfunc(hdr->frame_control) &&
1000 !is_multicast_ether_addr(hdr->addr1)) {
1001 if (unlikely(ieee80211_has_retry(hdr->frame_control) &&
1002 rx->sta->last_seq_ctrl[rx->seqno_idx] ==
1003 hdr->seq_ctrl)) {
1004 if (status->rx_flags & IEEE80211_RX_RA_MATCH) {
1005 rx->local->dot11FrameDuplicateCount++;
1006 rx->sta->num_duplicates++;
1007 }
1008 return RX_DROP_UNUSABLE;
1009 } else if (!(status->flag & RX_FLAG_AMSDU_MORE)) {
1010 rx->sta->last_seq_ctrl[rx->seqno_idx] = hdr->seq_ctrl;
1011 }
1012 }
1013
1014 if (unlikely(rx->skb->len < 16)) {
1015 I802_DEBUG_INC(rx->local->rx_handlers_drop_short);
1016 return RX_DROP_MONITOR;
1017 }
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028 if (ieee80211_vif_is_mesh(&rx->sdata->vif))
1029 return ieee80211_rx_mesh_check(rx);
1030
1031 if (unlikely((ieee80211_is_data(hdr->frame_control) ||
1032 ieee80211_is_pspoll(hdr->frame_control)) &&
1033 rx->sdata->vif.type != NL80211_IFTYPE_ADHOC &&
1034 rx->sdata->vif.type != NL80211_IFTYPE_WDS &&
1035 (!rx->sta || !test_sta_flag(rx->sta, WLAN_STA_ASSOC)))) {
1036
1037
1038
1039
1040
1041 if (rx->sta && rx->sdata->vif.type == NL80211_IFTYPE_STATION &&
1042 ieee80211_is_data_present(hdr->frame_control)) {
1043 unsigned int hdrlen;
1044 __be16 ethertype;
1045
1046 hdrlen = ieee80211_hdrlen(hdr->frame_control);
1047
1048 if (rx->skb->len < hdrlen + 8)
1049 return RX_DROP_MONITOR;
1050
1051 skb_copy_bits(rx->skb, hdrlen + 6, ðertype, 2);
1052 if (ethertype == rx->sdata->control_port_protocol)
1053 return RX_CONTINUE;
1054 }
1055
1056 if (rx->sdata->vif.type == NL80211_IFTYPE_AP &&
1057 cfg80211_rx_spurious_frame(rx->sdata->dev,
1058 hdr->addr2,
1059 GFP_ATOMIC))
1060 return RX_DROP_UNUSABLE;
1061
1062 return RX_DROP_MONITOR;
1063 }
1064
1065 return RX_CONTINUE;
1066}
1067
1068
1069static ieee80211_rx_result debug_noinline
1070ieee80211_rx_h_check_more_data(struct ieee80211_rx_data *rx)
1071{
1072 struct ieee80211_local *local;
1073 struct ieee80211_hdr *hdr;
1074 struct sk_buff *skb;
1075
1076 local = rx->local;
1077 skb = rx->skb;
1078 hdr = (struct ieee80211_hdr *) skb->data;
1079
1080 if (!local->pspolling)
1081 return RX_CONTINUE;
1082
1083 if (!ieee80211_has_fromds(hdr->frame_control))
1084
1085 return RX_CONTINUE;
1086
1087 if (!ieee80211_is_data(hdr->frame_control))
1088 return RX_CONTINUE;
1089
1090 if (!ieee80211_has_moredata(hdr->frame_control)) {
1091
1092 local->pspolling = false;
1093 return RX_CONTINUE;
1094 }
1095
1096
1097 ieee80211_send_pspoll(local, rx->sdata);
1098
1099 return RX_CONTINUE;
1100}
1101
1102static void sta_ps_start(struct sta_info *sta)
1103{
1104 struct ieee80211_sub_if_data *sdata = sta->sdata;
1105 struct ieee80211_local *local = sdata->local;
1106 struct ps_data *ps;
1107
1108 if (sta->sdata->vif.type == NL80211_IFTYPE_AP ||
1109 sta->sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
1110 ps = &sdata->bss->ps;
1111 else
1112 return;
1113
1114 atomic_inc(&ps->num_sta_ps);
1115 set_sta_flag(sta, WLAN_STA_PS_STA);
1116 if (!(local->hw.flags & IEEE80211_HW_AP_LINK_PS))
1117 drv_sta_notify(local, sdata, STA_NOTIFY_SLEEP, &sta->sta);
1118 ps_dbg(sdata, "STA %pM aid %d enters power save mode\n",
1119 sta->sta.addr, sta->sta.aid);
1120}
1121
1122static void sta_ps_end(struct sta_info *sta)
1123{
1124 ps_dbg(sta->sdata, "STA %pM aid %d exits power save mode\n",
1125 sta->sta.addr, sta->sta.aid);
1126
1127 if (test_sta_flag(sta, WLAN_STA_PS_DRIVER)) {
1128
1129
1130
1131
1132
1133
1134 clear_sta_flag(sta, WLAN_STA_PS_STA);
1135 ps_dbg(sta->sdata, "STA %pM aid %d driver-ps-blocked\n",
1136 sta->sta.addr, sta->sta.aid);
1137 return;
1138 }
1139
1140 set_sta_flag(sta, WLAN_STA_PS_DELIVER);
1141 clear_sta_flag(sta, WLAN_STA_PS_STA);
1142 ieee80211_sta_ps_deliver_wakeup(sta);
1143}
1144
1145int ieee80211_sta_ps_transition(struct ieee80211_sta *sta, bool start)
1146{
1147 struct sta_info *sta_inf = container_of(sta, struct sta_info, sta);
1148 bool in_ps;
1149
1150 WARN_ON(!(sta_inf->local->hw.flags & IEEE80211_HW_AP_LINK_PS));
1151
1152
1153 in_ps = test_sta_flag(sta_inf, WLAN_STA_PS_STA);
1154 if ((start && in_ps) || (!start && !in_ps))
1155 return -EINVAL;
1156
1157 if (start)
1158 sta_ps_start(sta_inf);
1159 else
1160 sta_ps_end(sta_inf);
1161
1162 return 0;
1163}
1164EXPORT_SYMBOL(ieee80211_sta_ps_transition);
1165
1166static ieee80211_rx_result debug_noinline
1167ieee80211_rx_h_uapsd_and_pspoll(struct ieee80211_rx_data *rx)
1168{
1169 struct ieee80211_sub_if_data *sdata = rx->sdata;
1170 struct ieee80211_hdr *hdr = (void *)rx->skb->data;
1171 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb);
1172 int tid, ac;
1173
1174 if (!rx->sta || !(status->rx_flags & IEEE80211_RX_RA_MATCH))
1175 return RX_CONTINUE;
1176
1177 if (sdata->vif.type != NL80211_IFTYPE_AP &&
1178 sdata->vif.type != NL80211_IFTYPE_AP_VLAN)
1179 return RX_CONTINUE;
1180
1181
1182
1183
1184
1185
1186 if (sdata->local->hw.flags & IEEE80211_HW_AP_LINK_PS)
1187 return RX_CONTINUE;
1188
1189
1190
1191
1192
1193
1194 if (!test_sta_flag(rx->sta, WLAN_STA_PS_STA))
1195 return RX_CONTINUE;
1196
1197 if (unlikely(ieee80211_is_pspoll(hdr->frame_control))) {
1198 if (!test_sta_flag(rx->sta, WLAN_STA_SP)) {
1199 if (!test_sta_flag(rx->sta, WLAN_STA_PS_DRIVER))
1200 ieee80211_sta_ps_deliver_poll_response(rx->sta);
1201 else
1202 set_sta_flag(rx->sta, WLAN_STA_PSPOLL);
1203 }
1204
1205
1206
1207 dev_kfree_skb(rx->skb);
1208
1209 return RX_QUEUED;
1210 } else if (!ieee80211_has_morefrags(hdr->frame_control) &&
1211 !(status->rx_flags & IEEE80211_RX_DEFERRED_RELEASE) &&
1212 ieee80211_has_pm(hdr->frame_control) &&
1213 (ieee80211_is_data_qos(hdr->frame_control) ||
1214 ieee80211_is_qos_nullfunc(hdr->frame_control))) {
1215 tid = *ieee80211_get_qos_ctl(hdr) & IEEE80211_QOS_CTL_TID_MASK;
1216 ac = ieee802_1d_to_ac[tid & 7];
1217
1218
1219
1220
1221
1222
1223
1224
1225 if (!(rx->sta->sta.uapsd_queues & BIT(ac)))
1226 return RX_CONTINUE;
1227
1228
1229 if (test_sta_flag(rx->sta, WLAN_STA_SP))
1230 return RX_CONTINUE;
1231
1232 if (!test_sta_flag(rx->sta, WLAN_STA_PS_DRIVER))
1233 ieee80211_sta_ps_deliver_uapsd(rx->sta);
1234 else
1235 set_sta_flag(rx->sta, WLAN_STA_UAPSD);
1236 }
1237
1238 return RX_CONTINUE;
1239}
1240
1241static ieee80211_rx_result debug_noinline
1242ieee80211_rx_h_sta_process(struct ieee80211_rx_data *rx)
1243{
1244 struct sta_info *sta = rx->sta;
1245 struct sk_buff *skb = rx->skb;
1246 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
1247 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
1248 int i;
1249
1250 if (!sta)
1251 return RX_CONTINUE;
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261 if (rx->sdata->vif.type == NL80211_IFTYPE_ADHOC) {
1262 u8 *bssid = ieee80211_get_bssid(hdr, rx->skb->len,
1263 NL80211_IFTYPE_ADHOC);
1264 if (ether_addr_equal(bssid, rx->sdata->u.ibss.bssid) &&
1265 test_sta_flag(sta, WLAN_STA_AUTHORIZED)) {
1266 sta->last_rx = jiffies;
1267 if (ieee80211_is_data(hdr->frame_control) &&
1268 !is_multicast_ether_addr(hdr->addr1)) {
1269 sta->last_rx_rate_idx = status->rate_idx;
1270 sta->last_rx_rate_flag = status->flag;
1271 sta->last_rx_rate_vht_flag = status->vht_flag;
1272 sta->last_rx_rate_vht_nss = status->vht_nss;
1273 }
1274 }
1275 } else if (!is_multicast_ether_addr(hdr->addr1)) {
1276
1277
1278
1279
1280 sta->last_rx = jiffies;
1281 if (ieee80211_is_data(hdr->frame_control)) {
1282 sta->last_rx_rate_idx = status->rate_idx;
1283 sta->last_rx_rate_flag = status->flag;
1284 sta->last_rx_rate_vht_flag = status->vht_flag;
1285 sta->last_rx_rate_vht_nss = status->vht_nss;
1286 }
1287 }
1288
1289 if (!(status->rx_flags & IEEE80211_RX_RA_MATCH))
1290 return RX_CONTINUE;
1291
1292 if (rx->sdata->vif.type == NL80211_IFTYPE_STATION)
1293 ieee80211_sta_rx_notify(rx->sdata, hdr);
1294
1295 sta->rx_fragments++;
1296 sta->rx_bytes += rx->skb->len;
1297 if (!(status->flag & RX_FLAG_NO_SIGNAL_VAL)) {
1298 sta->last_signal = status->signal;
1299 ewma_add(&sta->avg_signal, -status->signal);
1300 }
1301
1302 if (status->chains) {
1303 sta->chains = status->chains;
1304 for (i = 0; i < ARRAY_SIZE(status->chain_signal); i++) {
1305 int signal = status->chain_signal[i];
1306
1307 if (!(status->chains & BIT(i)))
1308 continue;
1309
1310 sta->chain_signal_last[i] = signal;
1311 ewma_add(&sta->chain_signal_avg[i], -signal);
1312 }
1313 }
1314
1315
1316
1317
1318
1319 if (!(sta->local->hw.flags & IEEE80211_HW_AP_LINK_PS) &&
1320 !ieee80211_has_morefrags(hdr->frame_control) &&
1321 !(status->rx_flags & IEEE80211_RX_DEFERRED_RELEASE) &&
1322 (rx->sdata->vif.type == NL80211_IFTYPE_AP ||
1323 rx->sdata->vif.type == NL80211_IFTYPE_AP_VLAN) &&
1324
1325
1326
1327
1328 (!ieee80211_is_mgmt(hdr->frame_control) ||
1329 ieee80211_is_bufferable_mmpdu(hdr->frame_control))) {
1330 if (test_sta_flag(sta, WLAN_STA_PS_STA)) {
1331 if (!ieee80211_has_pm(hdr->frame_control))
1332 sta_ps_end(sta);
1333 } else {
1334 if (ieee80211_has_pm(hdr->frame_control))
1335 sta_ps_start(sta);
1336 }
1337 }
1338
1339
1340 if (ieee80211_vif_is_mesh(&rx->sdata->vif))
1341 ieee80211_mps_rx_h_sta_process(sta, hdr);
1342
1343
1344
1345
1346
1347 if (ieee80211_is_nullfunc(hdr->frame_control) ||
1348 ieee80211_is_qos_nullfunc(hdr->frame_control)) {
1349 I802_DEBUG_INC(rx->local->rx_handlers_drop_nullfunc);
1350
1351
1352
1353
1354
1355
1356
1357 if (ieee80211_has_a4(hdr->frame_control) &&
1358 (rx->sdata->vif.type == NL80211_IFTYPE_AP ||
1359 (rx->sdata->vif.type == NL80211_IFTYPE_AP_VLAN &&
1360 !rx->sdata->u.vlan.sta))) {
1361 if (!test_and_set_sta_flag(sta, WLAN_STA_4ADDR_EVENT))
1362 cfg80211_rx_unexpected_4addr_frame(
1363 rx->sdata->dev, sta->sta.addr,
1364 GFP_ATOMIC);
1365 return RX_DROP_MONITOR;
1366 }
1367
1368
1369
1370
1371 sta->rx_packets++;
1372 dev_kfree_skb(rx->skb);
1373 return RX_QUEUED;
1374 }
1375
1376 return RX_CONTINUE;
1377}
1378
1379static ieee80211_rx_result debug_noinline
1380ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
1381{
1382 struct sk_buff *skb = rx->skb;
1383 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
1384 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
1385 int keyidx;
1386 int hdrlen;
1387 ieee80211_rx_result result = RX_DROP_UNUSABLE;
1388 struct ieee80211_key *sta_ptk = NULL;
1389 int mmie_keyidx = -1;
1390 __le16 fc;
1391 const struct ieee80211_cipher_scheme *cs = NULL;
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424 if (!(status->rx_flags & IEEE80211_RX_RA_MATCH))
1425 return RX_CONTINUE;
1426
1427
1428 rx->key = NULL;
1429 fc = hdr->frame_control;
1430
1431 if (rx->sta) {
1432 int keyid = rx->sta->ptk_idx;
1433
1434 if (ieee80211_has_protected(fc) && rx->sta->cipher_scheme) {
1435 cs = rx->sta->cipher_scheme;
1436 keyid = iwl80211_get_cs_keyid(cs, rx->skb);
1437 if (unlikely(keyid < 0))
1438 return RX_DROP_UNUSABLE;
1439 }
1440 sta_ptk = rcu_dereference(rx->sta->ptk[keyid]);
1441 }
1442
1443 if (!ieee80211_has_protected(fc))
1444 mmie_keyidx = ieee80211_get_mmie_keyidx(rx->skb);
1445
1446 if (!is_multicast_ether_addr(hdr->addr1) && sta_ptk) {
1447 rx->key = sta_ptk;
1448 if ((status->flag & RX_FLAG_DECRYPTED) &&
1449 (status->flag & RX_FLAG_IV_STRIPPED))
1450 return RX_CONTINUE;
1451
1452 if (!ieee80211_has_protected(fc))
1453 return RX_CONTINUE;
1454 } else if (mmie_keyidx >= 0) {
1455
1456 if ((status->flag & RX_FLAG_DECRYPTED) &&
1457 (status->flag & RX_FLAG_IV_STRIPPED))
1458 return RX_CONTINUE;
1459
1460 if (mmie_keyidx < NUM_DEFAULT_KEYS ||
1461 mmie_keyidx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS)
1462 return RX_DROP_MONITOR;
1463 if (rx->sta)
1464 rx->key = rcu_dereference(rx->sta->gtk[mmie_keyidx]);
1465 if (!rx->key)
1466 rx->key = rcu_dereference(rx->sdata->keys[mmie_keyidx]);
1467 } else if (!ieee80211_has_protected(fc)) {
1468
1469
1470
1471
1472
1473
1474 struct ieee80211_key *key = NULL;
1475 struct ieee80211_sub_if_data *sdata = rx->sdata;
1476 int i;
1477
1478 if (ieee80211_is_mgmt(fc) &&
1479 is_multicast_ether_addr(hdr->addr1) &&
1480 (key = rcu_dereference(rx->sdata->default_mgmt_key)))
1481 rx->key = key;
1482 else {
1483 if (rx->sta) {
1484 for (i = 0; i < NUM_DEFAULT_KEYS; i++) {
1485 key = rcu_dereference(rx->sta->gtk[i]);
1486 if (key)
1487 break;
1488 }
1489 }
1490 if (!key) {
1491 for (i = 0; i < NUM_DEFAULT_KEYS; i++) {
1492 key = rcu_dereference(sdata->keys[i]);
1493 if (key)
1494 break;
1495 }
1496 }
1497 if (key)
1498 rx->key = key;
1499 }
1500 return RX_CONTINUE;
1501 } else {
1502 u8 keyid;
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513 if ((status->flag & RX_FLAG_DECRYPTED) &&
1514 (status->flag & RX_FLAG_IV_STRIPPED))
1515 return RX_CONTINUE;
1516
1517 hdrlen = ieee80211_hdrlen(fc);
1518
1519 if (cs) {
1520 keyidx = iwl80211_get_cs_keyid(cs, rx->skb);
1521
1522 if (unlikely(keyidx < 0))
1523 return RX_DROP_UNUSABLE;
1524 } else {
1525 if (rx->skb->len < 8 + hdrlen)
1526 return RX_DROP_UNUSABLE;
1527
1528
1529
1530
1531 skb_copy_bits(rx->skb, hdrlen + 3, &keyid, 1);
1532 keyidx = keyid >> 6;
1533 }
1534
1535
1536 if (is_multicast_ether_addr(hdr->addr1) && rx->sta)
1537 rx->key = rcu_dereference(rx->sta->gtk[keyidx]);
1538
1539
1540 if (!rx->key) {
1541 rx->key = rcu_dereference(rx->sdata->keys[keyidx]);
1542
1543
1544
1545
1546
1547
1548 if (rx->key &&
1549 rx->key->conf.cipher != WLAN_CIPHER_SUITE_WEP40 &&
1550 rx->key->conf.cipher != WLAN_CIPHER_SUITE_WEP104 &&
1551 !is_multicast_ether_addr(hdr->addr1))
1552 rx->key = NULL;
1553 }
1554 }
1555
1556 if (rx->key) {
1557 if (unlikely(rx->key->flags & KEY_FLAG_TAINTED))
1558 return RX_DROP_MONITOR;
1559
1560 rx->key->tx_rx_count++;
1561
1562 } else {
1563 return RX_DROP_MONITOR;
1564 }
1565
1566 switch (rx->key->conf.cipher) {
1567 case WLAN_CIPHER_SUITE_WEP40:
1568 case WLAN_CIPHER_SUITE_WEP104:
1569 result = ieee80211_crypto_wep_decrypt(rx);
1570 break;
1571 case WLAN_CIPHER_SUITE_TKIP:
1572 result = ieee80211_crypto_tkip_decrypt(rx);
1573 break;
1574 case WLAN_CIPHER_SUITE_CCMP:
1575 result = ieee80211_crypto_ccmp_decrypt(rx);
1576 break;
1577 case WLAN_CIPHER_SUITE_AES_CMAC:
1578 result = ieee80211_crypto_aes_cmac_decrypt(rx);
1579 break;
1580 default:
1581 result = ieee80211_crypto_hw_decrypt(rx);
1582 }
1583
1584
1585
1586
1587 status->flag |= RX_FLAG_DECRYPTED;
1588
1589 return result;
1590}
1591
1592static inline struct ieee80211_fragment_entry *
1593ieee80211_reassemble_add(struct ieee80211_sub_if_data *sdata,
1594 unsigned int frag, unsigned int seq, int rx_queue,
1595 struct sk_buff **skb)
1596{
1597 struct ieee80211_fragment_entry *entry;
1598
1599 entry = &sdata->fragments[sdata->fragment_next++];
1600 if (sdata->fragment_next >= IEEE80211_FRAGMENT_MAX)
1601 sdata->fragment_next = 0;
1602
1603 if (!skb_queue_empty(&entry->skb_list))
1604 __skb_queue_purge(&entry->skb_list);
1605
1606 __skb_queue_tail(&entry->skb_list, *skb);
1607 *skb = NULL;
1608 entry->first_frag_time = jiffies;
1609 entry->seq = seq;
1610 entry->rx_queue = rx_queue;
1611 entry->last_frag = frag;
1612 entry->ccmp = 0;
1613 entry->extra_len = 0;
1614
1615 return entry;
1616}
1617
1618static inline struct ieee80211_fragment_entry *
1619ieee80211_reassemble_find(struct ieee80211_sub_if_data *sdata,
1620 unsigned int frag, unsigned int seq,
1621 int rx_queue, struct ieee80211_hdr *hdr)
1622{
1623 struct ieee80211_fragment_entry *entry;
1624 int i, idx;
1625
1626 idx = sdata->fragment_next;
1627 for (i = 0; i < IEEE80211_FRAGMENT_MAX; i++) {
1628 struct ieee80211_hdr *f_hdr;
1629
1630 idx--;
1631 if (idx < 0)
1632 idx = IEEE80211_FRAGMENT_MAX - 1;
1633
1634 entry = &sdata->fragments[idx];
1635 if (skb_queue_empty(&entry->skb_list) || entry->seq != seq ||
1636 entry->rx_queue != rx_queue ||
1637 entry->last_frag + 1 != frag)
1638 continue;
1639
1640 f_hdr = (struct ieee80211_hdr *)entry->skb_list.next->data;
1641
1642
1643
1644
1645 if (((hdr->frame_control ^ f_hdr->frame_control) &
1646 cpu_to_le16(IEEE80211_FCTL_FTYPE)) ||
1647 !ether_addr_equal(hdr->addr1, f_hdr->addr1) ||
1648 !ether_addr_equal(hdr->addr2, f_hdr->addr2))
1649 continue;
1650
1651 if (time_after(jiffies, entry->first_frag_time + 2 * HZ)) {
1652 __skb_queue_purge(&entry->skb_list);
1653 continue;
1654 }
1655 return entry;
1656 }
1657
1658 return NULL;
1659}
1660
1661static ieee80211_rx_result debug_noinline
1662ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx)
1663{
1664 struct ieee80211_hdr *hdr;
1665 u16 sc;
1666 __le16 fc;
1667 unsigned int frag, seq;
1668 struct ieee80211_fragment_entry *entry;
1669 struct sk_buff *skb;
1670 struct ieee80211_rx_status *status;
1671
1672 hdr = (struct ieee80211_hdr *)rx->skb->data;
1673 fc = hdr->frame_control;
1674
1675 if (ieee80211_is_ctl(fc))
1676 return RX_CONTINUE;
1677
1678 sc = le16_to_cpu(hdr->seq_ctrl);
1679 frag = sc & IEEE80211_SCTL_FRAG;
1680
1681 if (likely(!ieee80211_has_morefrags(fc) && frag == 0))
1682 goto out;
1683
1684 if (is_multicast_ether_addr(hdr->addr1)) {
1685 rx->local->dot11MulticastReceivedFrameCount++;
1686 goto out;
1687 }
1688
1689 I802_DEBUG_INC(rx->local->rx_handlers_fragments);
1690
1691 if (skb_linearize(rx->skb))
1692 return RX_DROP_UNUSABLE;
1693
1694
1695
1696
1697
1698
1699 hdr = (struct ieee80211_hdr *)rx->skb->data;
1700 seq = (sc & IEEE80211_SCTL_SEQ) >> 4;
1701
1702 if (frag == 0) {
1703
1704 entry = ieee80211_reassemble_add(rx->sdata, frag, seq,
1705 rx->seqno_idx, &(rx->skb));
1706 if (rx->key && rx->key->conf.cipher == WLAN_CIPHER_SUITE_CCMP &&
1707 ieee80211_has_protected(fc)) {
1708 int queue = rx->security_idx;
1709
1710
1711 entry->ccmp = 1;
1712 memcpy(entry->last_pn,
1713 rx->key->u.ccmp.rx_pn[queue],
1714 IEEE80211_CCMP_PN_LEN);
1715 }
1716 return RX_QUEUED;
1717 }
1718
1719
1720
1721
1722 entry = ieee80211_reassemble_find(rx->sdata, frag, seq,
1723 rx->seqno_idx, hdr);
1724 if (!entry) {
1725 I802_DEBUG_INC(rx->local->rx_handlers_drop_defrag);
1726 return RX_DROP_MONITOR;
1727 }
1728
1729
1730
1731 if (entry->ccmp) {
1732 int i;
1733 u8 pn[IEEE80211_CCMP_PN_LEN], *rpn;
1734 int queue;
1735 if (!rx->key || rx->key->conf.cipher != WLAN_CIPHER_SUITE_CCMP)
1736 return RX_DROP_UNUSABLE;
1737 memcpy(pn, entry->last_pn, IEEE80211_CCMP_PN_LEN);
1738 for (i = IEEE80211_CCMP_PN_LEN - 1; i >= 0; i--) {
1739 pn[i]++;
1740 if (pn[i])
1741 break;
1742 }
1743 queue = rx->security_idx;
1744 rpn = rx->key->u.ccmp.rx_pn[queue];
1745 if (memcmp(pn, rpn, IEEE80211_CCMP_PN_LEN))
1746 return RX_DROP_UNUSABLE;
1747 memcpy(entry->last_pn, pn, IEEE80211_CCMP_PN_LEN);
1748 }
1749
1750 skb_pull(rx->skb, ieee80211_hdrlen(fc));
1751 __skb_queue_tail(&entry->skb_list, rx->skb);
1752 entry->last_frag = frag;
1753 entry->extra_len += rx->skb->len;
1754 if (ieee80211_has_morefrags(fc)) {
1755 rx->skb = NULL;
1756 return RX_QUEUED;
1757 }
1758
1759 rx->skb = __skb_dequeue(&entry->skb_list);
1760 if (skb_tailroom(rx->skb) < entry->extra_len) {
1761 I802_DEBUG_INC(rx->local->rx_expand_skb_head2);
1762 if (unlikely(pskb_expand_head(rx->skb, 0, entry->extra_len,
1763 GFP_ATOMIC))) {
1764 I802_DEBUG_INC(rx->local->rx_handlers_drop_defrag);
1765 __skb_queue_purge(&entry->skb_list);
1766 return RX_DROP_UNUSABLE;
1767 }
1768 }
1769 while ((skb = __skb_dequeue(&entry->skb_list))) {
1770 memcpy(skb_put(rx->skb, skb->len), skb->data, skb->len);
1771 dev_kfree_skb(skb);
1772 }
1773
1774
1775 status = IEEE80211_SKB_RXCB(rx->skb);
1776 status->rx_flags |= IEEE80211_RX_FRAGMENTED;
1777
1778 out:
1779 if (rx->sta)
1780 rx->sta->rx_packets++;
1781 ieee80211_led_rx(rx->local);
1782 return RX_CONTINUE;
1783}
1784
1785static int ieee80211_802_1x_port_control(struct ieee80211_rx_data *rx)
1786{
1787 if (unlikely(!rx->sta || !test_sta_flag(rx->sta, WLAN_STA_AUTHORIZED)))
1788 return -EACCES;
1789
1790 return 0;
1791}
1792
1793static int ieee80211_drop_unencrypted(struct ieee80211_rx_data *rx, __le16 fc)
1794{
1795 struct sk_buff *skb = rx->skb;
1796 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
1797
1798
1799
1800
1801
1802 if (status->flag & RX_FLAG_DECRYPTED)
1803 return 0;
1804
1805
1806 if (unlikely(!ieee80211_has_protected(fc) &&
1807 !ieee80211_is_nullfunc(fc) &&
1808 ieee80211_is_data(fc) &&
1809 (rx->key || rx->sdata->drop_unencrypted)))
1810 return -EACCES;
1811
1812 return 0;
1813}
1814
1815static int ieee80211_drop_unencrypted_mgmt(struct ieee80211_rx_data *rx)
1816{
1817 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
1818 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb);
1819 __le16 fc = hdr->frame_control;
1820
1821
1822
1823
1824
1825 if (status->flag & RX_FLAG_DECRYPTED)
1826 return 0;
1827
1828 if (rx->sta && test_sta_flag(rx->sta, WLAN_STA_MFP)) {
1829 if (unlikely(!ieee80211_has_protected(fc) &&
1830 ieee80211_is_unicast_robust_mgmt_frame(rx->skb) &&
1831 rx->key)) {
1832 if (ieee80211_is_deauth(fc) ||
1833 ieee80211_is_disassoc(fc))
1834 cfg80211_rx_unprot_mlme_mgmt(rx->sdata->dev,
1835 rx->skb->data,
1836 rx->skb->len);
1837 return -EACCES;
1838 }
1839
1840 if (unlikely(ieee80211_is_multicast_robust_mgmt_frame(rx->skb) &&
1841 ieee80211_get_mmie_keyidx(rx->skb) < 0)) {
1842 if (ieee80211_is_deauth(fc) ||
1843 ieee80211_is_disassoc(fc))
1844 cfg80211_rx_unprot_mlme_mgmt(rx->sdata->dev,
1845 rx->skb->data,
1846 rx->skb->len);
1847 return -EACCES;
1848 }
1849
1850
1851
1852
1853 if (unlikely(ieee80211_is_action(fc) && !rx->key &&
1854 ieee80211_is_robust_mgmt_frame(rx->skb)))
1855 return -EACCES;
1856 }
1857
1858 return 0;
1859}
1860
1861static int
1862__ieee80211_data_to_8023(struct ieee80211_rx_data *rx, bool *port_control)
1863{
1864 struct ieee80211_sub_if_data *sdata = rx->sdata;
1865 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
1866 bool check_port_control = false;
1867 struct ethhdr *ehdr;
1868 int ret;
1869
1870 *port_control = false;
1871 if (ieee80211_has_a4(hdr->frame_control) &&
1872 sdata->vif.type == NL80211_IFTYPE_AP_VLAN && !sdata->u.vlan.sta)
1873 return -1;
1874
1875 if (sdata->vif.type == NL80211_IFTYPE_STATION &&
1876 !!sdata->u.mgd.use_4addr != !!ieee80211_has_a4(hdr->frame_control)) {
1877
1878 if (!sdata->u.mgd.use_4addr)
1879 return -1;
1880 else
1881 check_port_control = true;
1882 }
1883
1884 if (is_multicast_ether_addr(hdr->addr1) &&
1885 sdata->vif.type == NL80211_IFTYPE_AP_VLAN && sdata->u.vlan.sta)
1886 return -1;
1887
1888 ret = ieee80211_data_to_8023(rx->skb, sdata->vif.addr, sdata->vif.type);
1889 if (ret < 0)
1890 return ret;
1891
1892 ehdr = (struct ethhdr *) rx->skb->data;
1893 if (ehdr->h_proto == rx->sdata->control_port_protocol)
1894 *port_control = true;
1895 else if (check_port_control)
1896 return -1;
1897
1898 return 0;
1899}
1900
1901
1902
1903
1904static bool ieee80211_frame_allowed(struct ieee80211_rx_data *rx, __le16 fc)
1905{
1906 static const u8 pae_group_addr[ETH_ALEN] __aligned(2)
1907 = { 0x01, 0x80, 0xC2, 0x00, 0x00, 0x03 };
1908 struct ethhdr *ehdr = (struct ethhdr *) rx->skb->data;
1909
1910
1911
1912
1913
1914 if (ehdr->h_proto == rx->sdata->control_port_protocol &&
1915 (ether_addr_equal(ehdr->h_dest, rx->sdata->vif.addr) ||
1916 ether_addr_equal(ehdr->h_dest, pae_group_addr)))
1917 return true;
1918
1919 if (ieee80211_802_1x_port_control(rx) ||
1920 ieee80211_drop_unencrypted(rx, fc))
1921 return false;
1922
1923 return true;
1924}
1925
1926
1927
1928
1929static void
1930ieee80211_deliver_skb(struct ieee80211_rx_data *rx)
1931{
1932 struct ieee80211_sub_if_data *sdata = rx->sdata;
1933 struct net_device *dev = sdata->dev;
1934 struct sk_buff *skb, *xmit_skb;
1935 struct ethhdr *ehdr = (struct ethhdr *) rx->skb->data;
1936 struct sta_info *dsta;
1937 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb);
1938
1939 skb = rx->skb;
1940 xmit_skb = NULL;
1941
1942 if ((sdata->vif.type == NL80211_IFTYPE_AP ||
1943 sdata->vif.type == NL80211_IFTYPE_AP_VLAN) &&
1944 !(sdata->flags & IEEE80211_SDATA_DONT_BRIDGE_PACKETS) &&
1945 (status->rx_flags & IEEE80211_RX_RA_MATCH) &&
1946 (sdata->vif.type != NL80211_IFTYPE_AP_VLAN || !sdata->u.vlan.sta)) {
1947 if (is_multicast_ether_addr(ehdr->h_dest)) {
1948
1949
1950
1951
1952 xmit_skb = skb_copy(skb, GFP_ATOMIC);
1953 if (!xmit_skb)
1954 net_info_ratelimited("%s: failed to clone multicast frame\n",
1955 dev->name);
1956 } else {
1957 dsta = sta_info_get(sdata, skb->data);
1958 if (dsta) {
1959
1960
1961
1962
1963
1964
1965 xmit_skb = skb;
1966 skb = NULL;
1967 }
1968 }
1969 }
1970
1971#ifndef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS
1972 if (skb) {
1973
1974
1975
1976
1977
1978
1979 int align;
1980
1981 align = (unsigned long)(skb->data + sizeof(struct ethhdr)) & 3;
1982 if (align) {
1983 if (WARN_ON(skb_headroom(skb) < 3)) {
1984 dev_kfree_skb(skb);
1985 skb = NULL;
1986 } else {
1987 u8 *data = skb->data;
1988 size_t len = skb_headlen(skb);
1989 skb->data -= align;
1990 memmove(skb->data, data, len);
1991 skb_set_tail_pointer(skb, len);
1992 }
1993 }
1994 }
1995#endif
1996
1997 if (skb) {
1998
1999 skb->protocol = eth_type_trans(skb, dev);
2000 memset(skb->cb, 0, sizeof(skb->cb));
2001 if (rx->local->napi)
2002 napi_gro_receive(rx->local->napi, skb);
2003 else
2004 netif_receive_skb(skb);
2005 }
2006
2007 if (xmit_skb) {
2008
2009
2010
2011
2012
2013 xmit_skb->priority += 256;
2014 xmit_skb->protocol = htons(ETH_P_802_3);
2015 skb_reset_network_header(xmit_skb);
2016 skb_reset_mac_header(xmit_skb);
2017 dev_queue_xmit(xmit_skb);
2018 }
2019}
2020
2021static ieee80211_rx_result debug_noinline
2022ieee80211_rx_h_amsdu(struct ieee80211_rx_data *rx)
2023{
2024 struct net_device *dev = rx->sdata->dev;
2025 struct sk_buff *skb = rx->skb;
2026 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
2027 __le16 fc = hdr->frame_control;
2028 struct sk_buff_head frame_list;
2029 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb);
2030
2031 if (unlikely(!ieee80211_is_data(fc)))
2032 return RX_CONTINUE;
2033
2034 if (unlikely(!ieee80211_is_data_present(fc)))
2035 return RX_DROP_MONITOR;
2036
2037 if (!(status->rx_flags & IEEE80211_RX_AMSDU))
2038 return RX_CONTINUE;
2039
2040 if (ieee80211_has_a4(hdr->frame_control) &&
2041 rx->sdata->vif.type == NL80211_IFTYPE_AP_VLAN &&
2042 !rx->sdata->u.vlan.sta)
2043 return RX_DROP_UNUSABLE;
2044
2045 if (is_multicast_ether_addr(hdr->addr1) &&
2046 ((rx->sdata->vif.type == NL80211_IFTYPE_AP_VLAN &&
2047 rx->sdata->u.vlan.sta) ||
2048 (rx->sdata->vif.type == NL80211_IFTYPE_STATION &&
2049 rx->sdata->u.mgd.use_4addr)))
2050 return RX_DROP_UNUSABLE;
2051
2052 skb->dev = dev;
2053 __skb_queue_head_init(&frame_list);
2054
2055 if (skb_linearize(skb))
2056 return RX_DROP_UNUSABLE;
2057
2058 ieee80211_amsdu_to_8023s(skb, &frame_list, dev->dev_addr,
2059 rx->sdata->vif.type,
2060 rx->local->hw.extra_tx_headroom, true);
2061
2062 while (!skb_queue_empty(&frame_list)) {
2063 rx->skb = __skb_dequeue(&frame_list);
2064
2065 if (!ieee80211_frame_allowed(rx, fc)) {
2066 dev_kfree_skb(rx->skb);
2067 continue;
2068 }
2069 dev->stats.rx_packets++;
2070 dev->stats.rx_bytes += rx->skb->len;
2071
2072 ieee80211_deliver_skb(rx);
2073 }
2074
2075 return RX_QUEUED;
2076}
2077
2078#ifdef CONFIG_MAC80211_MESH
2079static ieee80211_rx_result
2080ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx)
2081{
2082 struct ieee80211_hdr *fwd_hdr, *hdr;
2083 struct ieee80211_tx_info *info;
2084 struct ieee80211s_hdr *mesh_hdr;
2085 struct sk_buff *skb = rx->skb, *fwd_skb;
2086 struct ieee80211_local *local = rx->local;
2087 struct ieee80211_sub_if_data *sdata = rx->sdata;
2088 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
2089 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
2090 u16 q, hdrlen;
2091
2092 hdr = (struct ieee80211_hdr *) skb->data;
2093 hdrlen = ieee80211_hdrlen(hdr->frame_control);
2094
2095
2096 if (!pskb_may_pull(rx->skb, hdrlen + 6))
2097 return RX_DROP_MONITOR;
2098
2099 mesh_hdr = (struct ieee80211s_hdr *) (skb->data + hdrlen);
2100
2101
2102 if (!pskb_may_pull(rx->skb,
2103 hdrlen + ieee80211_get_mesh_hdrlen(mesh_hdr)))
2104 return RX_DROP_MONITOR;
2105
2106
2107 hdr = (struct ieee80211_hdr *) skb->data;
2108 mesh_hdr = (struct ieee80211s_hdr *) (skb->data + hdrlen);
2109
2110
2111 if (ieee80211_is_data(hdr->frame_control) &&
2112 is_multicast_ether_addr(hdr->addr1) &&
2113 mesh_rmc_check(rx->sdata, hdr->addr3, mesh_hdr))
2114 return RX_DROP_MONITOR;
2115
2116 if (!ieee80211_is_data(hdr->frame_control) ||
2117 !(status->rx_flags & IEEE80211_RX_RA_MATCH))
2118 return RX_CONTINUE;
2119
2120 if (!mesh_hdr->ttl)
2121 return RX_DROP_MONITOR;
2122
2123 if (mesh_hdr->flags & MESH_FLAGS_AE) {
2124 struct mesh_path *mppath;
2125 char *proxied_addr;
2126 char *mpp_addr;
2127
2128 if (is_multicast_ether_addr(hdr->addr1)) {
2129 mpp_addr = hdr->addr3;
2130 proxied_addr = mesh_hdr->eaddr1;
2131 } else if (mesh_hdr->flags & MESH_FLAGS_AE_A5_A6) {
2132
2133 mpp_addr = hdr->addr4;
2134 proxied_addr = mesh_hdr->eaddr2;
2135 } else {
2136 return RX_DROP_MONITOR;
2137 }
2138
2139 rcu_read_lock();
2140 mppath = mpp_path_lookup(sdata, proxied_addr);
2141 if (!mppath) {
2142 mpp_path_add(sdata, proxied_addr, mpp_addr);
2143 } else {
2144 spin_lock_bh(&mppath->state_lock);
2145 if (!ether_addr_equal(mppath->mpp, mpp_addr))
2146 memcpy(mppath->mpp, mpp_addr, ETH_ALEN);
2147 spin_unlock_bh(&mppath->state_lock);
2148 }
2149 rcu_read_unlock();
2150 }
2151
2152
2153 if (!is_multicast_ether_addr(hdr->addr1) &&
2154 ether_addr_equal(sdata->vif.addr, hdr->addr3))
2155 return RX_CONTINUE;
2156
2157 q = ieee80211_select_queue_80211(sdata, skb, hdr);
2158 if (ieee80211_queue_stopped(&local->hw, q)) {
2159 IEEE80211_IFSTA_MESH_CTR_INC(ifmsh, dropped_frames_congestion);
2160 return RX_DROP_MONITOR;
2161 }
2162 skb_set_queue_mapping(skb, q);
2163
2164 if (!--mesh_hdr->ttl) {
2165 IEEE80211_IFSTA_MESH_CTR_INC(ifmsh, dropped_frames_ttl);
2166 goto out;
2167 }
2168
2169 if (!ifmsh->mshcfg.dot11MeshForwarding)
2170 goto out;
2171
2172 fwd_skb = skb_copy(skb, GFP_ATOMIC);
2173 if (!fwd_skb) {
2174 net_info_ratelimited("%s: failed to clone mesh frame\n",
2175 sdata->name);
2176 goto out;
2177 }
2178
2179 fwd_hdr = (struct ieee80211_hdr *) fwd_skb->data;
2180 fwd_hdr->frame_control &= ~cpu_to_le16(IEEE80211_FCTL_RETRY);
2181 info = IEEE80211_SKB_CB(fwd_skb);
2182 memset(info, 0, sizeof(*info));
2183 info->flags |= IEEE80211_TX_INTFL_NEED_TXPROCESSING;
2184 info->control.vif = &rx->sdata->vif;
2185 info->control.jiffies = jiffies;
2186 if (is_multicast_ether_addr(fwd_hdr->addr1)) {
2187 IEEE80211_IFSTA_MESH_CTR_INC(ifmsh, fwded_mcast);
2188 memcpy(fwd_hdr->addr2, sdata->vif.addr, ETH_ALEN);
2189
2190 ieee80211_mps_set_frame_flags(sdata, NULL, fwd_hdr);
2191 } else if (!mesh_nexthop_lookup(sdata, fwd_skb)) {
2192
2193 IEEE80211_IFSTA_MESH_CTR_INC(ifmsh, fwded_unicast);
2194 } else {
2195
2196 mesh_path_error_tx(sdata, ifmsh->mshcfg.element_ttl,
2197 fwd_hdr->addr3, 0,
2198 WLAN_REASON_MESH_PATH_NOFORWARD,
2199 fwd_hdr->addr2);
2200 IEEE80211_IFSTA_MESH_CTR_INC(ifmsh, dropped_frames_no_route);
2201 kfree_skb(fwd_skb);
2202 return RX_DROP_MONITOR;
2203 }
2204
2205 IEEE80211_IFSTA_MESH_CTR_INC(ifmsh, fwded_frames);
2206 ieee80211_add_pending_skb(local, fwd_skb);
2207 out:
2208 if (is_multicast_ether_addr(hdr->addr1) ||
2209 sdata->dev->flags & IFF_PROMISC)
2210 return RX_CONTINUE;
2211 else
2212 return RX_DROP_MONITOR;
2213}
2214#endif
2215
2216static ieee80211_rx_result debug_noinline
2217ieee80211_rx_h_data(struct ieee80211_rx_data *rx)
2218{
2219 struct ieee80211_sub_if_data *sdata = rx->sdata;
2220 struct ieee80211_local *local = rx->local;
2221 struct net_device *dev = sdata->dev;
2222 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
2223 __le16 fc = hdr->frame_control;
2224 bool port_control;
2225 int err;
2226
2227 if (unlikely(!ieee80211_is_data(hdr->frame_control)))
2228 return RX_CONTINUE;
2229
2230 if (unlikely(!ieee80211_is_data_present(hdr->frame_control)))
2231 return RX_DROP_MONITOR;
2232
2233
2234
2235
2236
2237 if (ieee80211_has_a4(hdr->frame_control) &&
2238 sdata->vif.type == NL80211_IFTYPE_AP) {
2239 if (rx->sta &&
2240 !test_and_set_sta_flag(rx->sta, WLAN_STA_4ADDR_EVENT))
2241 cfg80211_rx_unexpected_4addr_frame(
2242 rx->sdata->dev, rx->sta->sta.addr, GFP_ATOMIC);
2243 return RX_DROP_MONITOR;
2244 }
2245
2246 err = __ieee80211_data_to_8023(rx, &port_control);
2247 if (unlikely(err))
2248 return RX_DROP_UNUSABLE;
2249
2250 if (!ieee80211_frame_allowed(rx, fc))
2251 return RX_DROP_MONITOR;
2252
2253 if (rx->sdata->vif.type == NL80211_IFTYPE_AP_VLAN &&
2254 unlikely(port_control) && sdata->bss) {
2255 sdata = container_of(sdata->bss, struct ieee80211_sub_if_data,
2256 u.ap);
2257 dev = sdata->dev;
2258 rx->sdata = sdata;
2259 }
2260
2261 rx->skb->dev = dev;
2262
2263 dev->stats.rx_packets++;
2264 dev->stats.rx_bytes += rx->skb->len;
2265
2266 if (local->ps_sdata && local->hw.conf.dynamic_ps_timeout > 0 &&
2267 !is_multicast_ether_addr(
2268 ((struct ethhdr *)rx->skb->data)->h_dest) &&
2269 (!local->scanning &&
2270 !test_bit(SDATA_STATE_OFFCHANNEL, &sdata->state))) {
2271 mod_timer(&local->dynamic_ps_timer, jiffies +
2272 msecs_to_jiffies(local->hw.conf.dynamic_ps_timeout));
2273 }
2274
2275 ieee80211_deliver_skb(rx);
2276
2277 return RX_QUEUED;
2278}
2279
2280static ieee80211_rx_result debug_noinline
2281ieee80211_rx_h_ctrl(struct ieee80211_rx_data *rx, struct sk_buff_head *frames)
2282{
2283 struct sk_buff *skb = rx->skb;
2284 struct ieee80211_bar *bar = (struct ieee80211_bar *)skb->data;
2285 struct tid_ampdu_rx *tid_agg_rx;
2286 u16 start_seq_num;
2287 u16 tid;
2288
2289 if (likely(!ieee80211_is_ctl(bar->frame_control)))
2290 return RX_CONTINUE;
2291
2292 if (ieee80211_is_back_req(bar->frame_control)) {
2293 struct {
2294 __le16 control, start_seq_num;
2295 } __packed bar_data;
2296
2297 if (!rx->sta)
2298 return RX_DROP_MONITOR;
2299
2300 if (skb_copy_bits(skb, offsetof(struct ieee80211_bar, control),
2301 &bar_data, sizeof(bar_data)))
2302 return RX_DROP_MONITOR;
2303
2304 tid = le16_to_cpu(bar_data.control) >> 12;
2305
2306 tid_agg_rx = rcu_dereference(rx->sta->ampdu_mlme.tid_rx[tid]);
2307 if (!tid_agg_rx)
2308 return RX_DROP_MONITOR;
2309
2310 start_seq_num = le16_to_cpu(bar_data.start_seq_num) >> 4;
2311
2312
2313 if (tid_agg_rx->timeout)
2314 mod_timer(&tid_agg_rx->session_timer,
2315 TU_TO_EXP_TIME(tid_agg_rx->timeout));
2316
2317 spin_lock(&tid_agg_rx->reorder_lock);
2318
2319 ieee80211_release_reorder_frames(rx->sdata, tid_agg_rx,
2320 start_seq_num, frames);
2321 spin_unlock(&tid_agg_rx->reorder_lock);
2322
2323 kfree_skb(skb);
2324 return RX_QUEUED;
2325 }
2326
2327
2328
2329
2330
2331
2332 return RX_DROP_MONITOR;
2333}
2334
2335static void ieee80211_process_sa_query_req(struct ieee80211_sub_if_data *sdata,
2336 struct ieee80211_mgmt *mgmt,
2337 size_t len)
2338{
2339 struct ieee80211_local *local = sdata->local;
2340 struct sk_buff *skb;
2341 struct ieee80211_mgmt *resp;
2342
2343 if (!ether_addr_equal(mgmt->da, sdata->vif.addr)) {
2344
2345 return;
2346 }
2347
2348 if (!ether_addr_equal(mgmt->sa, sdata->u.mgd.bssid) ||
2349 !ether_addr_equal(mgmt->bssid, sdata->u.mgd.bssid)) {
2350
2351 return;
2352 }
2353
2354 if (len < 24 + 1 + sizeof(resp->u.action.u.sa_query)) {
2355
2356 return;
2357 }
2358
2359 skb = dev_alloc_skb(sizeof(*resp) + local->hw.extra_tx_headroom);
2360 if (skb == NULL)
2361 return;
2362
2363 skb_reserve(skb, local->hw.extra_tx_headroom);
2364 resp = (struct ieee80211_mgmt *) skb_put(skb, 24);
2365 memset(resp, 0, 24);
2366 memcpy(resp->da, mgmt->sa, ETH_ALEN);
2367 memcpy(resp->sa, sdata->vif.addr, ETH_ALEN);
2368 memcpy(resp->bssid, sdata->u.mgd.bssid, ETH_ALEN);
2369 resp->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
2370 IEEE80211_STYPE_ACTION);
2371 skb_put(skb, 1 + sizeof(resp->u.action.u.sa_query));
2372 resp->u.action.category = WLAN_CATEGORY_SA_QUERY;
2373 resp->u.action.u.sa_query.action = WLAN_ACTION_SA_QUERY_RESPONSE;
2374 memcpy(resp->u.action.u.sa_query.trans_id,
2375 mgmt->u.action.u.sa_query.trans_id,
2376 WLAN_SA_QUERY_TR_ID_LEN);
2377
2378 ieee80211_tx_skb(sdata, skb);
2379}
2380
2381static ieee80211_rx_result debug_noinline
2382ieee80211_rx_h_mgmt_check(struct ieee80211_rx_data *rx)
2383{
2384 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) rx->skb->data;
2385 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb);
2386
2387
2388
2389
2390
2391
2392 if (rx->skb->len < 24)
2393 return RX_DROP_MONITOR;
2394
2395 if (!ieee80211_is_mgmt(mgmt->frame_control))
2396 return RX_DROP_MONITOR;
2397
2398 if (rx->sdata->vif.type == NL80211_IFTYPE_AP &&
2399 ieee80211_is_beacon(mgmt->frame_control) &&
2400 !(rx->flags & IEEE80211_RX_BEACON_REPORTED)) {
2401 int sig = 0;
2402
2403 if (rx->local->hw.flags & IEEE80211_HW_SIGNAL_DBM)
2404 sig = status->signal;
2405
2406 cfg80211_report_obss_beacon(rx->local->hw.wiphy,
2407 rx->skb->data, rx->skb->len,
2408 status->freq, sig);
2409 rx->flags |= IEEE80211_RX_BEACON_REPORTED;
2410 }
2411
2412 if (!(status->rx_flags & IEEE80211_RX_RA_MATCH))
2413 return RX_DROP_MONITOR;
2414
2415 if (ieee80211_drop_unencrypted_mgmt(rx))
2416 return RX_DROP_UNUSABLE;
2417
2418 return RX_CONTINUE;
2419}
2420
2421static ieee80211_rx_result debug_noinline
2422ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
2423{
2424 struct ieee80211_local *local = rx->local;
2425 struct ieee80211_sub_if_data *sdata = rx->sdata;
2426 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) rx->skb->data;
2427 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb);
2428 int len = rx->skb->len;
2429
2430 if (!ieee80211_is_action(mgmt->frame_control))
2431 return RX_CONTINUE;
2432
2433
2434 if (len < IEEE80211_MIN_ACTION_SIZE)
2435 return RX_DROP_UNUSABLE;
2436
2437 if (!rx->sta && mgmt->u.action.category != WLAN_CATEGORY_PUBLIC &&
2438 mgmt->u.action.category != WLAN_CATEGORY_SELF_PROTECTED &&
2439 mgmt->u.action.category != WLAN_CATEGORY_SPECTRUM_MGMT)
2440 return RX_DROP_UNUSABLE;
2441
2442 if (!(status->rx_flags & IEEE80211_RX_RA_MATCH))
2443 return RX_DROP_UNUSABLE;
2444
2445 switch (mgmt->u.action.category) {
2446 case WLAN_CATEGORY_HT:
2447
2448 if (!rx->sta->sta.ht_cap.ht_supported)
2449 goto invalid;
2450
2451 if (sdata->vif.type != NL80211_IFTYPE_STATION &&
2452 sdata->vif.type != NL80211_IFTYPE_MESH_POINT &&
2453 sdata->vif.type != NL80211_IFTYPE_AP_VLAN &&
2454 sdata->vif.type != NL80211_IFTYPE_AP &&
2455 sdata->vif.type != NL80211_IFTYPE_ADHOC)
2456 break;
2457
2458
2459 if (len < IEEE80211_MIN_ACTION_SIZE + 2)
2460 goto invalid;
2461
2462 switch (mgmt->u.action.u.ht_smps.action) {
2463 case WLAN_HT_ACTION_SMPS: {
2464 struct ieee80211_supported_band *sband;
2465 enum ieee80211_smps_mode smps_mode;
2466
2467
2468 switch (mgmt->u.action.u.ht_smps.smps_control) {
2469 case WLAN_HT_SMPS_CONTROL_DISABLED:
2470 smps_mode = IEEE80211_SMPS_OFF;
2471 break;
2472 case WLAN_HT_SMPS_CONTROL_STATIC:
2473 smps_mode = IEEE80211_SMPS_STATIC;
2474 break;
2475 case WLAN_HT_SMPS_CONTROL_DYNAMIC:
2476 smps_mode = IEEE80211_SMPS_DYNAMIC;
2477 break;
2478 default:
2479 goto invalid;
2480 }
2481
2482
2483 if (rx->sta->sta.smps_mode == smps_mode)
2484 goto handled;
2485 rx->sta->sta.smps_mode = smps_mode;
2486
2487 sband = rx->local->hw.wiphy->bands[status->band];
2488
2489 rate_control_rate_update(local, sband, rx->sta,
2490 IEEE80211_RC_SMPS_CHANGED);
2491 goto handled;
2492 }
2493 case WLAN_HT_ACTION_NOTIFY_CHANWIDTH: {
2494 struct ieee80211_supported_band *sband;
2495 u8 chanwidth = mgmt->u.action.u.ht_notify_cw.chanwidth;
2496 enum ieee80211_sta_rx_bandwidth new_bw;
2497
2498
2499 if (!(rx->sta->sta.ht_cap.cap &
2500 IEEE80211_HT_CAP_SUP_WIDTH_20_40))
2501 goto handled;
2502
2503 if (chanwidth == IEEE80211_HT_CHANWIDTH_20MHZ)
2504 new_bw = IEEE80211_STA_RX_BW_20;
2505 else
2506 new_bw = ieee80211_sta_cur_vht_bw(rx->sta);
2507
2508 if (rx->sta->sta.bandwidth == new_bw)
2509 goto handled;
2510
2511 sband = rx->local->hw.wiphy->bands[status->band];
2512
2513 rate_control_rate_update(local, sband, rx->sta,
2514 IEEE80211_RC_BW_CHANGED);
2515 goto handled;
2516 }
2517 default:
2518 goto invalid;
2519 }
2520
2521 break;
2522 case WLAN_CATEGORY_PUBLIC:
2523 if (len < IEEE80211_MIN_ACTION_SIZE + 1)
2524 goto invalid;
2525 if (sdata->vif.type != NL80211_IFTYPE_STATION)
2526 break;
2527 if (!rx->sta)
2528 break;
2529 if (!ether_addr_equal(mgmt->bssid, sdata->u.mgd.bssid))
2530 break;
2531 if (mgmt->u.action.u.ext_chan_switch.action_code !=
2532 WLAN_PUB_ACTION_EXT_CHANSW_ANN)
2533 break;
2534 if (len < offsetof(struct ieee80211_mgmt,
2535 u.action.u.ext_chan_switch.variable))
2536 goto invalid;
2537 goto queue;
2538 case WLAN_CATEGORY_VHT:
2539 if (sdata->vif.type != NL80211_IFTYPE_STATION &&
2540 sdata->vif.type != NL80211_IFTYPE_MESH_POINT &&
2541 sdata->vif.type != NL80211_IFTYPE_AP_VLAN &&
2542 sdata->vif.type != NL80211_IFTYPE_AP &&
2543 sdata->vif.type != NL80211_IFTYPE_ADHOC)
2544 break;
2545
2546
2547 if (len < IEEE80211_MIN_ACTION_SIZE + 1)
2548 goto invalid;
2549
2550 switch (mgmt->u.action.u.vht_opmode_notif.action_code) {
2551 case WLAN_VHT_ACTION_OPMODE_NOTIF: {
2552 u8 opmode;
2553
2554
2555 if (len < IEEE80211_MIN_ACTION_SIZE + 2)
2556 goto invalid;
2557
2558 opmode = mgmt->u.action.u.vht_opmode_notif.operating_mode;
2559
2560 ieee80211_vht_handle_opmode(rx->sdata, rx->sta,
2561 opmode, status->band,
2562 false);
2563 goto handled;
2564 }
2565 default:
2566 break;
2567 }
2568 break;
2569 case WLAN_CATEGORY_BACK:
2570 if (sdata->vif.type != NL80211_IFTYPE_STATION &&
2571 sdata->vif.type != NL80211_IFTYPE_MESH_POINT &&
2572 sdata->vif.type != NL80211_IFTYPE_AP_VLAN &&
2573 sdata->vif.type != NL80211_IFTYPE_AP &&
2574 sdata->vif.type != NL80211_IFTYPE_ADHOC)
2575 break;
2576
2577
2578 if (len < IEEE80211_MIN_ACTION_SIZE + 1)
2579 break;
2580
2581 switch (mgmt->u.action.u.addba_req.action_code) {
2582 case WLAN_ACTION_ADDBA_REQ:
2583 if (len < (IEEE80211_MIN_ACTION_SIZE +
2584 sizeof(mgmt->u.action.u.addba_req)))
2585 goto invalid;
2586 break;
2587 case WLAN_ACTION_ADDBA_RESP:
2588 if (len < (IEEE80211_MIN_ACTION_SIZE +
2589 sizeof(mgmt->u.action.u.addba_resp)))
2590 goto invalid;
2591 break;
2592 case WLAN_ACTION_DELBA:
2593 if (len < (IEEE80211_MIN_ACTION_SIZE +
2594 sizeof(mgmt->u.action.u.delba)))
2595 goto invalid;
2596 break;
2597 default:
2598 goto invalid;
2599 }
2600
2601 goto queue;
2602 case WLAN_CATEGORY_SPECTRUM_MGMT:
2603
2604 if (len < IEEE80211_MIN_ACTION_SIZE + 1)
2605 break;
2606
2607 switch (mgmt->u.action.u.measurement.action_code) {
2608 case WLAN_ACTION_SPCT_MSR_REQ:
2609 if (status->band != IEEE80211_BAND_5GHZ)
2610 break;
2611
2612 if (len < (IEEE80211_MIN_ACTION_SIZE +
2613 sizeof(mgmt->u.action.u.measurement)))
2614 break;
2615
2616 if (sdata->vif.type != NL80211_IFTYPE_STATION)
2617 break;
2618
2619 ieee80211_process_measurement_req(sdata, mgmt, len);
2620 goto handled;
2621 case WLAN_ACTION_SPCT_CHL_SWITCH: {
2622 u8 *bssid;
2623 if (len < (IEEE80211_MIN_ACTION_SIZE +
2624 sizeof(mgmt->u.action.u.chan_switch)))
2625 break;
2626
2627 if (sdata->vif.type != NL80211_IFTYPE_STATION &&
2628 sdata->vif.type != NL80211_IFTYPE_ADHOC &&
2629 sdata->vif.type != NL80211_IFTYPE_MESH_POINT)
2630 break;
2631
2632 if (sdata->vif.type == NL80211_IFTYPE_STATION)
2633 bssid = sdata->u.mgd.bssid;
2634 else if (sdata->vif.type == NL80211_IFTYPE_ADHOC)
2635 bssid = sdata->u.ibss.bssid;
2636 else if (sdata->vif.type == NL80211_IFTYPE_MESH_POINT)
2637 bssid = mgmt->sa;
2638 else
2639 break;
2640
2641 if (!ether_addr_equal(mgmt->bssid, bssid))
2642 break;
2643
2644 goto queue;
2645 }
2646 }
2647 break;
2648 case WLAN_CATEGORY_SA_QUERY:
2649 if (len < (IEEE80211_MIN_ACTION_SIZE +
2650 sizeof(mgmt->u.action.u.sa_query)))
2651 break;
2652
2653 switch (mgmt->u.action.u.sa_query.action) {
2654 case WLAN_ACTION_SA_QUERY_REQUEST:
2655 if (sdata->vif.type != NL80211_IFTYPE_STATION)
2656 break;
2657 ieee80211_process_sa_query_req(sdata, mgmt, len);
2658 goto handled;
2659 }
2660 break;
2661 case WLAN_CATEGORY_SELF_PROTECTED:
2662 if (len < (IEEE80211_MIN_ACTION_SIZE +
2663 sizeof(mgmt->u.action.u.self_prot.action_code)))
2664 break;
2665
2666 switch (mgmt->u.action.u.self_prot.action_code) {
2667 case WLAN_SP_MESH_PEERING_OPEN:
2668 case WLAN_SP_MESH_PEERING_CLOSE:
2669 case WLAN_SP_MESH_PEERING_CONFIRM:
2670 if (!ieee80211_vif_is_mesh(&sdata->vif))
2671 goto invalid;
2672 if (sdata->u.mesh.user_mpm)
2673
2674 break;
2675 goto queue;
2676 case WLAN_SP_MGK_INFORM:
2677 case WLAN_SP_MGK_ACK:
2678 if (!ieee80211_vif_is_mesh(&sdata->vif))
2679 goto invalid;
2680 break;
2681 }
2682 break;
2683 case WLAN_CATEGORY_MESH_ACTION:
2684 if (len < (IEEE80211_MIN_ACTION_SIZE +
2685 sizeof(mgmt->u.action.u.mesh_action.action_code)))
2686 break;
2687
2688 if (!ieee80211_vif_is_mesh(&sdata->vif))
2689 break;
2690 if (mesh_action_is_path_sel(mgmt) &&
2691 !mesh_path_sel_is_hwmp(sdata))
2692 break;
2693 goto queue;
2694 }
2695
2696 return RX_CONTINUE;
2697
2698 invalid:
2699 status->rx_flags |= IEEE80211_RX_MALFORMED_ACTION_FRM;
2700
2701 return RX_CONTINUE;
2702
2703 handled:
2704 if (rx->sta)
2705 rx->sta->rx_packets++;
2706 dev_kfree_skb(rx->skb);
2707 return RX_QUEUED;
2708
2709 queue:
2710 rx->skb->pkt_type = IEEE80211_SDATA_QUEUE_TYPE_FRAME;
2711 skb_queue_tail(&sdata->skb_queue, rx->skb);
2712 ieee80211_queue_work(&local->hw, &sdata->work);
2713 if (rx->sta)
2714 rx->sta->rx_packets++;
2715 return RX_QUEUED;
2716}
2717
2718static ieee80211_rx_result debug_noinline
2719ieee80211_rx_h_userspace_mgmt(struct ieee80211_rx_data *rx)
2720{
2721 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb);
2722 int sig = 0;
2723
2724
2725 if (status->rx_flags & IEEE80211_RX_MALFORMED_ACTION_FRM)
2726 return RX_CONTINUE;
2727
2728
2729
2730
2731
2732
2733
2734
2735 if (rx->local->hw.flags & IEEE80211_HW_SIGNAL_DBM)
2736 sig = status->signal;
2737
2738 if (cfg80211_rx_mgmt(&rx->sdata->wdev, status->freq, sig,
2739 rx->skb->data, rx->skb->len, 0)) {
2740 if (rx->sta)
2741 rx->sta->rx_packets++;
2742 dev_kfree_skb(rx->skb);
2743 return RX_QUEUED;
2744 }
2745
2746 return RX_CONTINUE;
2747}
2748
2749static ieee80211_rx_result debug_noinline
2750ieee80211_rx_h_action_return(struct ieee80211_rx_data *rx)
2751{
2752 struct ieee80211_local *local = rx->local;
2753 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) rx->skb->data;
2754 struct sk_buff *nskb;
2755 struct ieee80211_sub_if_data *sdata = rx->sdata;
2756 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb);
2757
2758 if (!ieee80211_is_action(mgmt->frame_control))
2759 return RX_CONTINUE;
2760
2761
2762
2763
2764
2765
2766
2767
2768
2769
2770
2771 if (!(status->rx_flags & IEEE80211_RX_MALFORMED_ACTION_FRM) &&
2772 (sdata->vif.type == NL80211_IFTYPE_AP ||
2773 sdata->vif.type == NL80211_IFTYPE_AP_VLAN))
2774 return RX_DROP_MONITOR;
2775
2776 if (is_multicast_ether_addr(mgmt->da))
2777 return RX_DROP_MONITOR;
2778
2779
2780 if (mgmt->u.action.category & 0x80)
2781 return RX_DROP_UNUSABLE;
2782
2783 nskb = skb_copy_expand(rx->skb, local->hw.extra_tx_headroom, 0,
2784 GFP_ATOMIC);
2785 if (nskb) {
2786 struct ieee80211_mgmt *nmgmt = (void *)nskb->data;
2787
2788 nmgmt->u.action.category |= 0x80;
2789 memcpy(nmgmt->da, nmgmt->sa, ETH_ALEN);
2790 memcpy(nmgmt->sa, rx->sdata->vif.addr, ETH_ALEN);
2791
2792 memset(nskb->cb, 0, sizeof(nskb->cb));
2793
2794 if (rx->sdata->vif.type == NL80211_IFTYPE_P2P_DEVICE) {
2795 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(nskb);
2796
2797 info->flags = IEEE80211_TX_CTL_TX_OFFCHAN |
2798 IEEE80211_TX_INTFL_OFFCHAN_TX_OK |
2799 IEEE80211_TX_CTL_NO_CCK_RATE;
2800 if (local->hw.flags & IEEE80211_HW_QUEUE_CONTROL)
2801 info->hw_queue =
2802 local->hw.offchannel_tx_hw_queue;
2803 }
2804
2805 __ieee80211_tx_skb_tid_band(rx->sdata, nskb, 7,
2806 status->band);
2807 }
2808 dev_kfree_skb(rx->skb);
2809 return RX_QUEUED;
2810}
2811
2812static ieee80211_rx_result debug_noinline
2813ieee80211_rx_h_mgmt(struct ieee80211_rx_data *rx)
2814{
2815 struct ieee80211_sub_if_data *sdata = rx->sdata;
2816 struct ieee80211_mgmt *mgmt = (void *)rx->skb->data;
2817 __le16 stype;
2818
2819 stype = mgmt->frame_control & cpu_to_le16(IEEE80211_FCTL_STYPE);
2820
2821 if (!ieee80211_vif_is_mesh(&sdata->vif) &&
2822 sdata->vif.type != NL80211_IFTYPE_ADHOC &&
2823 sdata->vif.type != NL80211_IFTYPE_STATION)
2824 return RX_DROP_MONITOR;
2825
2826 switch (stype) {
2827 case cpu_to_le16(IEEE80211_STYPE_AUTH):
2828 case cpu_to_le16(IEEE80211_STYPE_BEACON):
2829 case cpu_to_le16(IEEE80211_STYPE_PROBE_RESP):
2830
2831 break;
2832 case cpu_to_le16(IEEE80211_STYPE_ASSOC_RESP):
2833 case cpu_to_le16(IEEE80211_STYPE_REASSOC_RESP):
2834 case cpu_to_le16(IEEE80211_STYPE_DEAUTH):
2835 case cpu_to_le16(IEEE80211_STYPE_DISASSOC):
2836 if (is_multicast_ether_addr(mgmt->da) &&
2837 !is_broadcast_ether_addr(mgmt->da))
2838 return RX_DROP_MONITOR;
2839
2840
2841 if (sdata->vif.type != NL80211_IFTYPE_STATION)
2842 return RX_DROP_MONITOR;
2843 break;
2844 case cpu_to_le16(IEEE80211_STYPE_PROBE_REQ):
2845
2846 if (sdata->vif.type != NL80211_IFTYPE_ADHOC &&
2847 sdata->vif.type != NL80211_IFTYPE_MESH_POINT)
2848 return RX_DROP_MONITOR;
2849 break;
2850 default:
2851 return RX_DROP_MONITOR;
2852 }
2853
2854
2855 rx->skb->pkt_type = IEEE80211_SDATA_QUEUE_TYPE_FRAME;
2856 skb_queue_tail(&sdata->skb_queue, rx->skb);
2857 ieee80211_queue_work(&rx->local->hw, &sdata->work);
2858 if (rx->sta)
2859 rx->sta->rx_packets++;
2860
2861 return RX_QUEUED;
2862}
2863
2864
2865static void ieee80211_rx_cooked_monitor(struct ieee80211_rx_data *rx,
2866 struct ieee80211_rate *rate)
2867{
2868 struct ieee80211_sub_if_data *sdata;
2869 struct ieee80211_local *local = rx->local;
2870 struct sk_buff *skb = rx->skb, *skb2;
2871 struct net_device *prev_dev = NULL;
2872 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
2873 int needed_headroom;
2874
2875
2876
2877
2878
2879 if (rx->flags & IEEE80211_RX_CMNTR)
2880 goto out_free_skb;
2881 rx->flags |= IEEE80211_RX_CMNTR;
2882
2883
2884 if (!local->cooked_mntrs)
2885 goto out_free_skb;
2886
2887
2888 needed_headroom = ieee80211_rx_radiotap_space(local, status);
2889
2890 if (skb_headroom(skb) < needed_headroom &&
2891 pskb_expand_head(skb, needed_headroom, 0, GFP_ATOMIC))
2892 goto out_free_skb;
2893
2894
2895 ieee80211_add_rx_radiotap_header(local, skb, rate, needed_headroom,
2896 false);
2897
2898 skb_set_mac_header(skb, 0);
2899 skb->ip_summed = CHECKSUM_UNNECESSARY;
2900 skb->pkt_type = PACKET_OTHERHOST;
2901 skb->protocol = htons(ETH_P_802_2);
2902
2903 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
2904 if (!ieee80211_sdata_running(sdata))
2905 continue;
2906
2907 if (sdata->vif.type != NL80211_IFTYPE_MONITOR ||
2908 !(sdata->u.mntr_flags & MONITOR_FLAG_COOK_FRAMES))
2909 continue;
2910
2911 if (prev_dev) {
2912 skb2 = skb_clone(skb, GFP_ATOMIC);
2913 if (skb2) {
2914 skb2->dev = prev_dev;
2915 netif_receive_skb(skb2);
2916 }
2917 }
2918
2919 prev_dev = sdata->dev;
2920 sdata->dev->stats.rx_packets++;
2921 sdata->dev->stats.rx_bytes += skb->len;
2922 }
2923
2924 if (prev_dev) {
2925 skb->dev = prev_dev;
2926 netif_receive_skb(skb);
2927 return;
2928 }
2929
2930 out_free_skb:
2931 dev_kfree_skb(skb);
2932}
2933
2934static void ieee80211_rx_handlers_result(struct ieee80211_rx_data *rx,
2935 ieee80211_rx_result res)
2936{
2937 switch (res) {
2938 case RX_DROP_MONITOR:
2939 I802_DEBUG_INC(rx->sdata->local->rx_handlers_drop);
2940 if (rx->sta)
2941 rx->sta->rx_dropped++;
2942
2943 case RX_CONTINUE: {
2944 struct ieee80211_rate *rate = NULL;
2945 struct ieee80211_supported_band *sband;
2946 struct ieee80211_rx_status *status;
2947
2948 status = IEEE80211_SKB_RXCB((rx->skb));
2949
2950 sband = rx->local->hw.wiphy->bands[status->band];
2951 if (!(status->flag & RX_FLAG_HT) &&
2952 !(status->flag & RX_FLAG_VHT))
2953 rate = &sband->bitrates[status->rate_idx];
2954
2955 ieee80211_rx_cooked_monitor(rx, rate);
2956 break;
2957 }
2958 case RX_DROP_UNUSABLE:
2959 I802_DEBUG_INC(rx->sdata->local->rx_handlers_drop);
2960 if (rx->sta)
2961 rx->sta->rx_dropped++;
2962 dev_kfree_skb(rx->skb);
2963 break;
2964 case RX_QUEUED:
2965 I802_DEBUG_INC(rx->sdata->local->rx_handlers_queued);
2966 break;
2967 }
2968}
2969
2970static void ieee80211_rx_handlers(struct ieee80211_rx_data *rx,
2971 struct sk_buff_head *frames)
2972{
2973 ieee80211_rx_result res = RX_DROP_MONITOR;
2974 struct sk_buff *skb;
2975
2976#define CALL_RXH(rxh) \
2977 do { \
2978 res = rxh(rx); \
2979 if (res != RX_CONTINUE) \
2980 goto rxh_next; \
2981 } while (0);
2982
2983 spin_lock_bh(&rx->local->rx_path_lock);
2984
2985 while ((skb = __skb_dequeue(frames))) {
2986
2987
2988
2989
2990
2991 rx->skb = skb;
2992
2993 CALL_RXH(ieee80211_rx_h_check_more_data)
2994 CALL_RXH(ieee80211_rx_h_uapsd_and_pspoll)
2995 CALL_RXH(ieee80211_rx_h_sta_process)
2996 CALL_RXH(ieee80211_rx_h_decrypt)
2997 CALL_RXH(ieee80211_rx_h_defragment)
2998 CALL_RXH(ieee80211_rx_h_michael_mic_verify)
2999
3000#ifdef CONFIG_MAC80211_MESH
3001 if (ieee80211_vif_is_mesh(&rx->sdata->vif))
3002 CALL_RXH(ieee80211_rx_h_mesh_fwding);
3003#endif
3004 CALL_RXH(ieee80211_rx_h_amsdu)
3005 CALL_RXH(ieee80211_rx_h_data)
3006
3007
3008 res = ieee80211_rx_h_ctrl(rx, frames);
3009 if (res != RX_CONTINUE)
3010 goto rxh_next;
3011
3012 CALL_RXH(ieee80211_rx_h_mgmt_check)
3013 CALL_RXH(ieee80211_rx_h_action)
3014 CALL_RXH(ieee80211_rx_h_userspace_mgmt)
3015 CALL_RXH(ieee80211_rx_h_action_return)
3016 CALL_RXH(ieee80211_rx_h_mgmt)
3017
3018 rxh_next:
3019 ieee80211_rx_handlers_result(rx, res);
3020
3021#undef CALL_RXH
3022 }
3023
3024 spin_unlock_bh(&rx->local->rx_path_lock);
3025}
3026
3027static void ieee80211_invoke_rx_handlers(struct ieee80211_rx_data *rx)
3028{
3029 struct sk_buff_head reorder_release;
3030 ieee80211_rx_result res = RX_DROP_MONITOR;
3031
3032 __skb_queue_head_init(&reorder_release);
3033
3034#define CALL_RXH(rxh) \
3035 do { \
3036 res = rxh(rx); \
3037 if (res != RX_CONTINUE) \
3038 goto rxh_next; \
3039 } while (0);
3040
3041 CALL_RXH(ieee80211_rx_h_check)
3042
3043 ieee80211_rx_reorder_ampdu(rx, &reorder_release);
3044
3045 ieee80211_rx_handlers(rx, &reorder_release);
3046 return;
3047
3048 rxh_next:
3049 ieee80211_rx_handlers_result(rx, res);
3050
3051#undef CALL_RXH
3052}
3053
3054
3055
3056
3057
3058void ieee80211_release_reorder_timeout(struct sta_info *sta, int tid)
3059{
3060 struct sk_buff_head frames;
3061 struct ieee80211_rx_data rx = {
3062 .sta = sta,
3063 .sdata = sta->sdata,
3064 .local = sta->local,
3065
3066 .security_idx = tid,
3067 .seqno_idx = tid,
3068 .flags = 0,
3069 };
3070 struct tid_ampdu_rx *tid_agg_rx;
3071
3072 tid_agg_rx = rcu_dereference(sta->ampdu_mlme.tid_rx[tid]);
3073 if (!tid_agg_rx)
3074 return;
3075
3076 __skb_queue_head_init(&frames);
3077
3078 spin_lock(&tid_agg_rx->reorder_lock);
3079 ieee80211_sta_reorder_release(sta->sdata, tid_agg_rx, &frames);
3080 spin_unlock(&tid_agg_rx->reorder_lock);
3081
3082 ieee80211_rx_handlers(&rx, &frames);
3083}
3084
3085
3086
3087static bool prepare_for_handlers(struct ieee80211_rx_data *rx,
3088 struct ieee80211_hdr *hdr)
3089{
3090 struct ieee80211_sub_if_data *sdata = rx->sdata;
3091 struct sk_buff *skb = rx->skb;
3092 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
3093 u8 *bssid = ieee80211_get_bssid(hdr, skb->len, sdata->vif.type);
3094 int multicast = is_multicast_ether_addr(hdr->addr1);
3095
3096 switch (sdata->vif.type) {
3097 case NL80211_IFTYPE_STATION:
3098 if (!bssid && !sdata->u.mgd.use_4addr)
3099 return false;
3100 if (!multicast &&
3101 !ether_addr_equal(sdata->vif.addr, hdr->addr1)) {
3102 if (!(sdata->dev->flags & IFF_PROMISC) ||
3103 sdata->u.mgd.use_4addr)
3104 return false;
3105 status->rx_flags &= ~IEEE80211_RX_RA_MATCH;
3106 }
3107 break;
3108 case NL80211_IFTYPE_ADHOC:
3109 if (!bssid)
3110 return false;
3111 if (ether_addr_equal(sdata->vif.addr, hdr->addr2) ||
3112 ether_addr_equal(sdata->u.ibss.bssid, hdr->addr2))
3113 return false;
3114 if (ieee80211_is_beacon(hdr->frame_control)) {
3115 return true;
3116 } else if (!ieee80211_bssid_match(bssid, sdata->u.ibss.bssid)) {
3117 return false;
3118 } else if (!multicast &&
3119 !ether_addr_equal(sdata->vif.addr, hdr->addr1)) {
3120 if (!(sdata->dev->flags & IFF_PROMISC))
3121 return false;
3122 status->rx_flags &= ~IEEE80211_RX_RA_MATCH;
3123 } else if (!rx->sta) {
3124 int rate_idx;
3125 if (status->flag & (RX_FLAG_HT | RX_FLAG_VHT))
3126 rate_idx = 0;
3127 else
3128 rate_idx = status->rate_idx;
3129 ieee80211_ibss_rx_no_sta(sdata, bssid, hdr->addr2,
3130 BIT(rate_idx));
3131 }
3132 break;
3133 case NL80211_IFTYPE_MESH_POINT:
3134 if (!multicast &&
3135 !ether_addr_equal(sdata->vif.addr, hdr->addr1)) {
3136 if (!(sdata->dev->flags & IFF_PROMISC))
3137 return false;
3138
3139 status->rx_flags &= ~IEEE80211_RX_RA_MATCH;
3140 }
3141 break;
3142 case NL80211_IFTYPE_AP_VLAN:
3143 case NL80211_IFTYPE_AP:
3144 if (!bssid) {
3145 if (!ether_addr_equal(sdata->vif.addr, hdr->addr1))
3146 return false;
3147 } else if (!ieee80211_bssid_match(bssid, sdata->vif.addr)) {
3148
3149
3150
3151
3152
3153
3154 if (!multicast &&
3155 !ether_addr_equal(sdata->vif.addr, hdr->addr1))
3156 return false;
3157 if (ieee80211_is_public_action(hdr, skb->len))
3158 return true;
3159 if (!ieee80211_is_beacon(hdr->frame_control))
3160 return false;
3161 status->rx_flags &= ~IEEE80211_RX_RA_MATCH;
3162 } else if (!ieee80211_has_tods(hdr->frame_control)) {
3163
3164 if (ieee80211_is_data(hdr->frame_control))
3165 return false;
3166
3167 if (ieee80211_is_action(hdr->frame_control) &&
3168 !ether_addr_equal(bssid, hdr->addr1))
3169 return false;
3170 }
3171 break;
3172 case NL80211_IFTYPE_WDS:
3173 if (bssid || !ieee80211_is_data(hdr->frame_control))
3174 return false;
3175 if (!ether_addr_equal(sdata->u.wds.remote_addr, hdr->addr2))
3176 return false;
3177 break;
3178 case NL80211_IFTYPE_P2P_DEVICE:
3179 if (!ieee80211_is_public_action(hdr, skb->len) &&
3180 !ieee80211_is_probe_req(hdr->frame_control) &&
3181 !ieee80211_is_probe_resp(hdr->frame_control) &&
3182 !ieee80211_is_beacon(hdr->frame_control))
3183 return false;
3184 if (!ether_addr_equal(sdata->vif.addr, hdr->addr1) &&
3185 !multicast)
3186 status->rx_flags &= ~IEEE80211_RX_RA_MATCH;
3187 break;
3188 default:
3189
3190 WARN_ON_ONCE(1);
3191 break;
3192 }
3193
3194 return true;
3195}
3196
3197
3198
3199
3200
3201
3202
3203static bool ieee80211_prepare_and_rx_handle(struct ieee80211_rx_data *rx,
3204 struct sk_buff *skb, bool consume)
3205{
3206 struct ieee80211_local *local = rx->local;
3207 struct ieee80211_sub_if_data *sdata = rx->sdata;
3208 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
3209 struct ieee80211_hdr *hdr = (void *)skb->data;
3210
3211 rx->skb = skb;
3212 status->rx_flags |= IEEE80211_RX_RA_MATCH;
3213
3214 if (!prepare_for_handlers(rx, hdr))
3215 return false;
3216
3217 if (!consume) {
3218 skb = skb_copy(skb, GFP_ATOMIC);
3219 if (!skb) {
3220 if (net_ratelimit())
3221 wiphy_debug(local->hw.wiphy,
3222 "failed to copy skb for %s\n",
3223 sdata->name);
3224 return true;
3225 }
3226
3227 rx->skb = skb;
3228 }
3229
3230 ieee80211_invoke_rx_handlers(rx);
3231 return true;
3232}
3233
3234
3235
3236
3237
3238static void __ieee80211_rx_handle_packet(struct ieee80211_hw *hw,
3239 struct sk_buff *skb)
3240{
3241 struct ieee80211_local *local = hw_to_local(hw);
3242 struct ieee80211_sub_if_data *sdata;
3243 struct ieee80211_hdr *hdr;
3244 __le16 fc;
3245 struct ieee80211_rx_data rx;
3246 struct ieee80211_sub_if_data *prev;
3247 struct sta_info *sta, *tmp, *prev_sta;
3248 int err = 0;
3249
3250 fc = ((struct ieee80211_hdr *)skb->data)->frame_control;
3251 memset(&rx, 0, sizeof(rx));
3252 rx.skb = skb;
3253 rx.local = local;
3254
3255 if (ieee80211_is_data(fc) || ieee80211_is_mgmt(fc))
3256 local->dot11ReceivedFragmentCount++;
3257
3258 if (ieee80211_is_mgmt(fc)) {
3259
3260 if (skb->len < ieee80211_hdrlen(fc))
3261 err = -ENOBUFS;
3262 else
3263 err = skb_linearize(skb);
3264 } else {
3265 err = !pskb_may_pull(skb, ieee80211_hdrlen(fc));
3266 }
3267
3268 if (err) {
3269 dev_kfree_skb(skb);
3270 return;
3271 }
3272
3273 hdr = (struct ieee80211_hdr *)skb->data;
3274 ieee80211_parse_qos(&rx);
3275 ieee80211_verify_alignment(&rx);
3276
3277 if (unlikely(ieee80211_is_probe_resp(hdr->frame_control) ||
3278 ieee80211_is_beacon(hdr->frame_control)))
3279 ieee80211_scan_rx(local, skb);
3280
3281 if (ieee80211_is_data(fc)) {
3282 prev_sta = NULL;
3283
3284 for_each_sta_info(local, hdr->addr2, sta, tmp) {
3285 if (!prev_sta) {
3286 prev_sta = sta;
3287 continue;
3288 }
3289
3290 rx.sta = prev_sta;
3291 rx.sdata = prev_sta->sdata;
3292 ieee80211_prepare_and_rx_handle(&rx, skb, false);
3293
3294 prev_sta = sta;
3295 }
3296
3297 if (prev_sta) {
3298 rx.sta = prev_sta;
3299 rx.sdata = prev_sta->sdata;
3300
3301 if (ieee80211_prepare_and_rx_handle(&rx, skb, true))
3302 return;
3303 goto out;
3304 }
3305 }
3306
3307 prev = NULL;
3308
3309 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
3310 if (!ieee80211_sdata_running(sdata))
3311 continue;
3312
3313 if (sdata->vif.type == NL80211_IFTYPE_MONITOR ||
3314 sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
3315 continue;
3316
3317
3318
3319
3320
3321
3322
3323 if (!prev) {
3324 prev = sdata;
3325 continue;
3326 }
3327
3328 rx.sta = sta_info_get_bss(prev, hdr->addr2);
3329 rx.sdata = prev;
3330 ieee80211_prepare_and_rx_handle(&rx, skb, false);
3331
3332 prev = sdata;
3333 }
3334
3335 if (prev) {
3336 rx.sta = sta_info_get_bss(prev, hdr->addr2);
3337 rx.sdata = prev;
3338
3339 if (ieee80211_prepare_and_rx_handle(&rx, skb, true))
3340 return;
3341 }
3342
3343 out:
3344 dev_kfree_skb(skb);
3345}
3346
3347
3348
3349
3350
3351void ieee80211_rx(struct ieee80211_hw *hw, struct sk_buff *skb)
3352{
3353 struct ieee80211_local *local = hw_to_local(hw);
3354 struct ieee80211_rate *rate = NULL;
3355 struct ieee80211_supported_band *sband;
3356 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
3357
3358 WARN_ON_ONCE(softirq_count() == 0);
3359
3360 if (WARN_ON(status->band >= IEEE80211_NUM_BANDS))
3361 goto drop;
3362
3363 sband = local->hw.wiphy->bands[status->band];
3364 if (WARN_ON(!sband))
3365 goto drop;
3366
3367
3368
3369
3370
3371
3372
3373
3374 if (unlikely(local->quiescing || local->suspended))
3375 goto drop;
3376
3377
3378 if (unlikely(local->in_reconfig))
3379 goto drop;
3380
3381
3382
3383
3384
3385 if (WARN_ON(!local->started))
3386 goto drop;
3387
3388 if (likely(!(status->flag & RX_FLAG_FAILED_PLCP_CRC))) {
3389
3390
3391
3392
3393
3394 if (status->flag & RX_FLAG_HT) {
3395
3396
3397
3398
3399
3400
3401
3402
3403
3404
3405 if (WARN(status->rate_idx > 76,
3406 "Rate marked as an HT rate but passed "
3407 "status->rate_idx is not "
3408 "an MCS index [0-76]: %d (0x%02x)\n",
3409 status->rate_idx,
3410 status->rate_idx))
3411 goto drop;
3412 } else if (status->flag & RX_FLAG_VHT) {
3413 if (WARN_ONCE(status->rate_idx > 9 ||
3414 !status->vht_nss ||
3415 status->vht_nss > 8,
3416 "Rate marked as a VHT rate but data is invalid: MCS: %d, NSS: %d\n",
3417 status->rate_idx, status->vht_nss))
3418 goto drop;
3419 } else {
3420 if (WARN_ON(status->rate_idx >= sband->n_bitrates))
3421 goto drop;
3422 rate = &sband->bitrates[status->rate_idx];
3423 }
3424 }
3425
3426 status->rx_flags = 0;
3427
3428
3429
3430
3431
3432
3433 rcu_read_lock();
3434
3435
3436
3437
3438
3439
3440
3441 skb = ieee80211_rx_monitor(local, skb, rate);
3442 if (!skb) {
3443 rcu_read_unlock();
3444 return;
3445 }
3446
3447 ieee80211_tpt_led_trig_rx(local,
3448 ((struct ieee80211_hdr *)skb->data)->frame_control,
3449 skb->len);
3450 __ieee80211_rx_handle_packet(hw, skb);
3451
3452 rcu_read_unlock();
3453
3454 return;
3455 drop:
3456 kfree_skb(skb);
3457}
3458EXPORT_SYMBOL(ieee80211_rx);
3459
3460
3461
3462void ieee80211_rx_irqsafe(struct ieee80211_hw *hw, struct sk_buff *skb)
3463{
3464 struct ieee80211_local *local = hw_to_local(hw);
3465
3466 BUILD_BUG_ON(sizeof(struct ieee80211_rx_status) > sizeof(skb->cb));
3467
3468 skb->pkt_type = IEEE80211_RX_MSG;
3469 skb_queue_tail(&local->skb_queue, skb);
3470 tasklet_schedule(&local->tasklet);
3471}
3472EXPORT_SYMBOL(ieee80211_rx_irqsafe);
3473
