1#include <linux/etherdevice.h>
2#include <linux/slab.h>
3#include <linux/export.h>
4#include <net/lib80211.h>
5#include <linux/if_arp.h>
6
7#include "hostap_80211.h"
8#include "hostap.h"
9#include "hostap_ap.h"
10
11
12
13static unsigned char rfc1042_header[] =
14{ 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 };
15
16static unsigned char bridge_tunnel_header[] =
17{ 0xaa, 0xaa, 0x03, 0x00, 0x00, 0xf8 };
18
19
20void hostap_dump_rx_80211(const char *name, struct sk_buff *skb,
21 struct hostap_80211_rx_status *rx_stats)
22{
23 struct ieee80211_hdr *hdr;
24 u16 fc;
25
26 hdr = (struct ieee80211_hdr *) skb->data;
27
28 printk(KERN_DEBUG "%s: RX signal=%d noise=%d rate=%d len=%d "
29 "jiffies=%ld\n",
30 name, rx_stats->signal, rx_stats->noise, rx_stats->rate,
31 skb->len, jiffies);
32
33 if (skb->len < 2)
34 return;
35
36 fc = le16_to_cpu(hdr->frame_control);
37 printk(KERN_DEBUG " FC=0x%04x (type=%d:%d)%s%s",
38 fc, (fc & IEEE80211_FCTL_FTYPE) >> 2,
39 (fc & IEEE80211_FCTL_STYPE) >> 4,
40 fc & IEEE80211_FCTL_TODS ? " [ToDS]" : "",
41 fc & IEEE80211_FCTL_FROMDS ? " [FromDS]" : "");
42
43 if (skb->len < IEEE80211_DATA_HDR3_LEN) {
44 printk("\n");
45 return;
46 }
47
48 printk(" dur=0x%04x seq=0x%04x\n", le16_to_cpu(hdr->duration_id),
49 le16_to_cpu(hdr->seq_ctrl));
50
51 printk(KERN_DEBUG " A1=%pM", hdr->addr1);
52 printk(" A2=%pM", hdr->addr2);
53 printk(" A3=%pM", hdr->addr3);
54 if (skb->len >= 30)
55 printk(" A4=%pM", hdr->addr4);
56 printk("\n");
57}
58
59
60
61
62int prism2_rx_80211(struct net_device *dev, struct sk_buff *skb,
63 struct hostap_80211_rx_status *rx_stats, int type)
64{
65 struct hostap_interface *iface;
66 local_info_t *local;
67 int hdrlen, phdrlen, head_need, tail_need;
68 u16 fc;
69 int prism_header, ret;
70 struct ieee80211_hdr *fhdr;
71
72 iface = netdev_priv(dev);
73 local = iface->local;
74
75 if (dev->type == ARPHRD_IEEE80211_PRISM) {
76 if (local->monitor_type == PRISM2_MONITOR_PRISM) {
77 prism_header = 1;
78 phdrlen = sizeof(struct linux_wlan_ng_prism_hdr);
79 } else {
80 prism_header = 2;
81 phdrlen = sizeof(struct linux_wlan_ng_cap_hdr);
82 }
83 } else if (dev->type == ARPHRD_IEEE80211_RADIOTAP) {
84 prism_header = 3;
85 phdrlen = sizeof(struct hostap_radiotap_rx);
86 } else {
87 prism_header = 0;
88 phdrlen = 0;
89 }
90
91 fhdr = (struct ieee80211_hdr *) skb->data;
92 fc = le16_to_cpu(fhdr->frame_control);
93
94 if (type == PRISM2_RX_MGMT && (fc & IEEE80211_FCTL_VERS)) {
95 printk(KERN_DEBUG "%s: dropped management frame with header "
96 "version %d\n", dev->name, fc & IEEE80211_FCTL_VERS);
97 dev_kfree_skb_any(skb);
98 return 0;
99 }
100
101 hdrlen = hostap_80211_get_hdrlen(fhdr->frame_control);
102
103
104
105 head_need = phdrlen;
106 tail_need = 0;
107#ifdef PRISM2_ADD_BOGUS_CRC
108 tail_need += 4;
109#endif
110
111 head_need -= skb_headroom(skb);
112 tail_need -= skb_tailroom(skb);
113
114 if (head_need > 0 || tail_need > 0) {
115 if (pskb_expand_head(skb, head_need > 0 ? head_need : 0,
116 tail_need > 0 ? tail_need : 0,
117 GFP_ATOMIC)) {
118 printk(KERN_DEBUG "%s: prism2_rx_80211 failed to "
119 "reallocate skb buffer\n", dev->name);
120 dev_kfree_skb_any(skb);
121 return 0;
122 }
123 }
124
125
126
127
128#ifdef PRISM2_ADD_BOGUS_CRC
129 memset(skb_put(skb, 4), 0xff, 4);
130#endif
131
132 if (prism_header == 1) {
133 struct linux_wlan_ng_prism_hdr *hdr;
134 hdr = skb_push(skb, phdrlen);
135 memset(hdr, 0, phdrlen);
136 hdr->msgcode = LWNG_CAP_DID_BASE;
137 hdr->msglen = sizeof(*hdr);
138 memcpy(hdr->devname, dev->name, sizeof(hdr->devname));
139#define LWNG_SETVAL(f,i,s,l,d) \
140hdr->f.did = LWNG_CAP_DID_BASE | (i << 12); \
141hdr->f.status = s; hdr->f.len = l; hdr->f.data = d
142 LWNG_SETVAL(hosttime, 1, 0, 4, jiffies);
143 LWNG_SETVAL(mactime, 2, 0, 4, rx_stats->mac_time);
144 LWNG_SETVAL(channel, 3, 1 , 4, 0);
145 LWNG_SETVAL(rssi, 4, 1 , 4, 0);
146 LWNG_SETVAL(sq, 5, 1 , 4, 0);
147 LWNG_SETVAL(signal, 6, 0, 4, rx_stats->signal);
148 LWNG_SETVAL(noise, 7, 0, 4, rx_stats->noise);
149 LWNG_SETVAL(rate, 8, 0, 4, rx_stats->rate / 5);
150 LWNG_SETVAL(istx, 9, 0, 4, 0);
151 LWNG_SETVAL(frmlen, 10, 0, 4, skb->len - phdrlen);
152#undef LWNG_SETVAL
153 } else if (prism_header == 2) {
154 struct linux_wlan_ng_cap_hdr *hdr;
155 hdr = skb_push(skb, phdrlen);
156 memset(hdr, 0, phdrlen);
157 hdr->version = htonl(LWNG_CAPHDR_VERSION);
158 hdr->length = htonl(phdrlen);
159 hdr->mactime = __cpu_to_be64(rx_stats->mac_time);
160 hdr->hosttime = __cpu_to_be64(jiffies);
161 hdr->phytype = htonl(4);
162 hdr->channel = htonl(local->channel);
163 hdr->datarate = htonl(rx_stats->rate);
164 hdr->antenna = htonl(0);
165 hdr->priority = htonl(0);
166 hdr->ssi_type = htonl(3);
167 hdr->ssi_signal = htonl(rx_stats->signal);
168 hdr->ssi_noise = htonl(rx_stats->noise);
169 hdr->preamble = htonl(0);
170 hdr->encoding = htonl(1);
171 } else if (prism_header == 3) {
172 struct hostap_radiotap_rx *hdr;
173 hdr = skb_push(skb, phdrlen);
174 memset(hdr, 0, phdrlen);
175 hdr->hdr.it_len = cpu_to_le16(phdrlen);
176 hdr->hdr.it_present =
177 cpu_to_le32((1 << IEEE80211_RADIOTAP_TSFT) |
178 (1 << IEEE80211_RADIOTAP_CHANNEL) |
179 (1 << IEEE80211_RADIOTAP_RATE) |
180 (1 << IEEE80211_RADIOTAP_DBM_ANTSIGNAL) |
181 (1 << IEEE80211_RADIOTAP_DBM_ANTNOISE));
182 hdr->tsft = cpu_to_le64(rx_stats->mac_time);
183 hdr->chan_freq = cpu_to_le16(freq_list[local->channel - 1]);
184 hdr->chan_flags = cpu_to_le16(IEEE80211_CHAN_CCK |
185 IEEE80211_CHAN_2GHZ);
186 hdr->rate = rx_stats->rate / 5;
187 hdr->dbm_antsignal = rx_stats->signal;
188 hdr->dbm_antnoise = rx_stats->noise;
189 }
190
191 ret = skb->len - phdrlen;
192 skb->dev = dev;
193 skb_reset_mac_header(skb);
194 skb_pull(skb, hdrlen);
195 if (prism_header)
196 skb_pull(skb, phdrlen);
197 skb->pkt_type = PACKET_OTHERHOST;
198 skb->protocol = cpu_to_be16(ETH_P_802_2);
199 memset(skb->cb, 0, sizeof(skb->cb));
200 netif_rx(skb);
201
202 return ret;
203}
204
205
206
207static void monitor_rx(struct net_device *dev, struct sk_buff *skb,
208 struct hostap_80211_rx_status *rx_stats)
209{
210 int len;
211
212 len = prism2_rx_80211(dev, skb, rx_stats, PRISM2_RX_MONITOR);
213 dev->stats.rx_packets++;
214 dev->stats.rx_bytes += len;
215}
216
217
218
219static struct prism2_frag_entry *
220prism2_frag_cache_find(local_info_t *local, unsigned int seq,
221 unsigned int frag, u8 *src, u8 *dst)
222{
223 struct prism2_frag_entry *entry;
224 int i;
225
226 for (i = 0; i < PRISM2_FRAG_CACHE_LEN; i++) {
227 entry = &local->frag_cache[i];
228 if (entry->skb != NULL &&
229 time_after(jiffies, entry->first_frag_time + 2 * HZ)) {
230 printk(KERN_DEBUG "%s: expiring fragment cache entry "
231 "seq=%u last_frag=%u\n",
232 local->dev->name, entry->seq, entry->last_frag);
233 dev_kfree_skb(entry->skb);
234 entry->skb = NULL;
235 }
236
237 if (entry->skb != NULL && entry->seq == seq &&
238 (entry->last_frag + 1 == frag || frag == -1) &&
239 memcmp(entry->src_addr, src, ETH_ALEN) == 0 &&
240 memcmp(entry->dst_addr, dst, ETH_ALEN) == 0)
241 return entry;
242 }
243
244 return NULL;
245}
246
247
248
249static struct sk_buff *
250prism2_frag_cache_get(local_info_t *local, struct ieee80211_hdr *hdr)
251{
252 struct sk_buff *skb = NULL;
253 u16 sc;
254 unsigned int frag, seq;
255 struct prism2_frag_entry *entry;
256
257 sc = le16_to_cpu(hdr->seq_ctrl);
258 frag = sc & IEEE80211_SCTL_FRAG;
259 seq = (sc & IEEE80211_SCTL_SEQ) >> 4;
260
261 if (frag == 0) {
262
263 skb = dev_alloc_skb(local->dev->mtu +
264 sizeof(struct ieee80211_hdr) +
265 8 +
266 2 +
267 8 + ETH_ALEN );
268 if (skb == NULL)
269 return NULL;
270
271 entry = &local->frag_cache[local->frag_next_idx];
272 local->frag_next_idx++;
273 if (local->frag_next_idx >= PRISM2_FRAG_CACHE_LEN)
274 local->frag_next_idx = 0;
275
276 if (entry->skb != NULL)
277 dev_kfree_skb(entry->skb);
278
279 entry->first_frag_time = jiffies;
280 entry->seq = seq;
281 entry->last_frag = frag;
282 entry->skb = skb;
283 memcpy(entry->src_addr, hdr->addr2, ETH_ALEN);
284 memcpy(entry->dst_addr, hdr->addr1, ETH_ALEN);
285 } else {
286
287
288 entry = prism2_frag_cache_find(local, seq, frag, hdr->addr2,
289 hdr->addr1);
290 if (entry != NULL) {
291 entry->last_frag = frag;
292 skb = entry->skb;
293 }
294 }
295
296 return skb;
297}
298
299
300
301static int prism2_frag_cache_invalidate(local_info_t *local,
302 struct ieee80211_hdr *hdr)
303{
304 u16 sc;
305 unsigned int seq;
306 struct prism2_frag_entry *entry;
307
308 sc = le16_to_cpu(hdr->seq_ctrl);
309 seq = (sc & IEEE80211_SCTL_SEQ) >> 4;
310
311 entry = prism2_frag_cache_find(local, seq, -1, hdr->addr2, hdr->addr1);
312
313 if (entry == NULL) {
314 printk(KERN_DEBUG "%s: could not invalidate fragment cache "
315 "entry (seq=%u)\n",
316 local->dev->name, seq);
317 return -1;
318 }
319
320 entry->skb = NULL;
321 return 0;
322}
323
324
325static struct hostap_bss_info *__hostap_get_bss(local_info_t *local, u8 *bssid,
326 u8 *ssid, size_t ssid_len)
327{
328 struct list_head *ptr;
329 struct hostap_bss_info *bss;
330
331 list_for_each(ptr, &local->bss_list) {
332 bss = list_entry(ptr, struct hostap_bss_info, list);
333 if (memcmp(bss->bssid, bssid, ETH_ALEN) == 0 &&
334 (ssid == NULL ||
335 (ssid_len == bss->ssid_len &&
336 memcmp(ssid, bss->ssid, ssid_len) == 0))) {
337 list_move(&bss->list, &local->bss_list);
338 return bss;
339 }
340 }
341
342 return NULL;
343}
344
345
346static struct hostap_bss_info *__hostap_add_bss(local_info_t *local, u8 *bssid,
347 u8 *ssid, size_t ssid_len)
348{
349 struct hostap_bss_info *bss;
350
351 if (local->num_bss_info >= HOSTAP_MAX_BSS_COUNT) {
352 bss = list_entry(local->bss_list.prev,
353 struct hostap_bss_info, list);
354 list_del(&bss->list);
355 local->num_bss_info--;
356 } else {
357 bss = kmalloc(sizeof(*bss), GFP_ATOMIC);
358 if (bss == NULL)
359 return NULL;
360 }
361
362 memset(bss, 0, sizeof(*bss));
363 memcpy(bss->bssid, bssid, ETH_ALEN);
364 memcpy(bss->ssid, ssid, ssid_len);
365 bss->ssid_len = ssid_len;
366 local->num_bss_info++;
367 list_add(&bss->list, &local->bss_list);
368 return bss;
369}
370
371
372static void __hostap_expire_bss(local_info_t *local)
373{
374 struct hostap_bss_info *bss;
375
376 while (local->num_bss_info > 0) {
377 bss = list_entry(local->bss_list.prev,
378 struct hostap_bss_info, list);
379 if (!time_after(jiffies, bss->last_update + 60 * HZ))
380 break;
381
382 list_del(&bss->list);
383 local->num_bss_info--;
384 kfree(bss);
385 }
386}
387
388
389
390
391static void hostap_rx_sta_beacon(local_info_t *local, struct sk_buff *skb,
392 int stype)
393{
394 struct hostap_ieee80211_mgmt *mgmt;
395 int left, chan = 0;
396 u8 *pos;
397 u8 *ssid = NULL, *wpa = NULL, *rsn = NULL;
398 size_t ssid_len = 0, wpa_len = 0, rsn_len = 0;
399 struct hostap_bss_info *bss;
400
401 if (skb->len < IEEE80211_MGMT_HDR_LEN + sizeof(mgmt->u.beacon))
402 return;
403
404 mgmt = (struct hostap_ieee80211_mgmt *) skb->data;
405 pos = mgmt->u.beacon.variable;
406 left = skb->len - (pos - skb->data);
407
408 while (left >= 2) {
409 if (2 + pos[1] > left)
410 return;
411 switch (*pos) {
412 case WLAN_EID_SSID:
413 ssid = pos + 2;
414 ssid_len = pos[1];
415 break;
416 case WLAN_EID_VENDOR_SPECIFIC:
417 if (pos[1] >= 4 &&
418 pos[2] == 0x00 && pos[3] == 0x50 &&
419 pos[4] == 0xf2 && pos[5] == 1) {
420 wpa = pos;
421 wpa_len = pos[1] + 2;
422 }
423 break;
424 case WLAN_EID_RSN:
425 rsn = pos;
426 rsn_len = pos[1] + 2;
427 break;
428 case WLAN_EID_DS_PARAMS:
429 if (pos[1] >= 1)
430 chan = pos[2];
431 break;
432 }
433 left -= 2 + pos[1];
434 pos += 2 + pos[1];
435 }
436
437 if (wpa_len > MAX_WPA_IE_LEN)
438 wpa_len = MAX_WPA_IE_LEN;
439 if (rsn_len > MAX_WPA_IE_LEN)
440 rsn_len = MAX_WPA_IE_LEN;
441 if (ssid_len > sizeof(bss->ssid))
442 ssid_len = sizeof(bss->ssid);
443
444 spin_lock(&local->lock);
445 bss = __hostap_get_bss(local, mgmt->bssid, ssid, ssid_len);
446 if (bss == NULL)
447 bss = __hostap_add_bss(local, mgmt->bssid, ssid, ssid_len);
448 if (bss) {
449 bss->last_update = jiffies;
450 bss->count++;
451 bss->capab_info = le16_to_cpu(mgmt->u.beacon.capab_info);
452 if (wpa) {
453 memcpy(bss->wpa_ie, wpa, wpa_len);
454 bss->wpa_ie_len = wpa_len;
455 } else
456 bss->wpa_ie_len = 0;
457 if (rsn) {
458 memcpy(bss->rsn_ie, rsn, rsn_len);
459 bss->rsn_ie_len = rsn_len;
460 } else
461 bss->rsn_ie_len = 0;
462 bss->chan = chan;
463 }
464 __hostap_expire_bss(local);
465 spin_unlock(&local->lock);
466}
467
468
469static int
470hostap_rx_frame_mgmt(local_info_t *local, struct sk_buff *skb,
471 struct hostap_80211_rx_status *rx_stats, u16 type,
472 u16 stype)
473{
474 if (local->iw_mode == IW_MODE_MASTER)
475 hostap_update_sta_ps(local, (struct ieee80211_hdr *) skb->data);
476
477 if (local->hostapd && type == IEEE80211_FTYPE_MGMT) {
478 if (stype == IEEE80211_STYPE_BEACON &&
479 local->iw_mode == IW_MODE_MASTER) {
480 struct sk_buff *skb2;
481
482
483 skb2 = skb_clone(skb, GFP_ATOMIC);
484 if (skb2)
485 hostap_rx(skb2->dev, skb2, rx_stats);
486 }
487
488
489
490 local->apdevstats.rx_packets++;
491 local->apdevstats.rx_bytes += skb->len;
492 if (local->apdev == NULL)
493 return -1;
494 prism2_rx_80211(local->apdev, skb, rx_stats, PRISM2_RX_MGMT);
495 return 0;
496 }
497
498 if (local->iw_mode == IW_MODE_MASTER) {
499 if (type != IEEE80211_FTYPE_MGMT &&
500 type != IEEE80211_FTYPE_CTL) {
501 printk(KERN_DEBUG "%s: unknown management frame "
502 "(type=0x%02x, stype=0x%02x) dropped\n",
503 skb->dev->name, type >> 2, stype >> 4);
504 return -1;
505 }
506
507 hostap_rx(skb->dev, skb, rx_stats);
508 return 0;
509 } else if (type == IEEE80211_FTYPE_MGMT &&
510 (stype == IEEE80211_STYPE_BEACON ||
511 stype == IEEE80211_STYPE_PROBE_RESP)) {
512 hostap_rx_sta_beacon(local, skb, stype);
513 return -1;
514 } else if (type == IEEE80211_FTYPE_MGMT &&
515 (stype == IEEE80211_STYPE_ASSOC_RESP ||
516 stype == IEEE80211_STYPE_REASSOC_RESP)) {
517
518
519
520 return -1;
521 } else {
522 printk(KERN_DEBUG "%s: hostap_rx_frame_mgmt: dropped unhandled"
523 " management frame in non-Host AP mode (type=%d:%d)\n",
524 skb->dev->name, type >> 2, stype >> 4);
525 return -1;
526 }
527}
528
529
530
531static struct net_device *prism2_rx_get_wds(local_info_t *local,
532 u8 *addr)
533{
534 struct hostap_interface *iface = NULL;
535 struct list_head *ptr;
536
537 read_lock_bh(&local->iface_lock);
538 list_for_each(ptr, &local->hostap_interfaces) {
539 iface = list_entry(ptr, struct hostap_interface, list);
540 if (iface->type == HOSTAP_INTERFACE_WDS &&
541 memcmp(iface->u.wds.remote_addr, addr, ETH_ALEN) == 0)
542 break;
543 iface = NULL;
544 }
545 read_unlock_bh(&local->iface_lock);
546
547 return iface ? iface->dev : NULL;
548}
549
550
551static int
552hostap_rx_frame_wds(local_info_t *local, struct ieee80211_hdr *hdr, u16 fc,
553 struct net_device **wds)
554{
555
556
557 if ((fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) !=
558 (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS) &&
559 (local->iw_mode != IW_MODE_MASTER || !(fc & IEEE80211_FCTL_TODS)))
560 return 0;
561
562
563
564 if (!ether_addr_equal(hdr->addr1, local->dev->dev_addr) &&
565 (hdr->addr1[0] != 0xff || hdr->addr1[1] != 0xff ||
566 hdr->addr1[2] != 0xff || hdr->addr1[3] != 0xff ||
567 hdr->addr1[4] != 0xff || hdr->addr1[5] != 0xff)) {
568
569 PDEBUG(DEBUG_EXTRA2, "%s: received WDS frame with "
570 "not own or broadcast %s=%pM\n",
571 local->dev->name,
572 fc & IEEE80211_FCTL_FROMDS ? "RA" : "BSSID",
573 hdr->addr1);
574 return -1;
575 }
576
577
578 *wds = prism2_rx_get_wds(local, hdr->addr2);
579 if (*wds == NULL && fc & IEEE80211_FCTL_FROMDS &&
580 (local->iw_mode != IW_MODE_INFRA ||
581 !(local->wds_type & HOSTAP_WDS_AP_CLIENT) ||
582 memcmp(hdr->addr2, local->bssid, ETH_ALEN) != 0)) {
583
584
585 PDEBUG(DEBUG_EXTRA, "%s: received WDS[4 addr] frame "
586 "from unknown TA=%pM\n",
587 local->dev->name, hdr->addr2);
588 if (local->ap && local->ap->autom_ap_wds)
589 hostap_wds_link_oper(local, hdr->addr2, WDS_ADD);
590 return -1;
591 }
592
593 if (*wds && !(fc & IEEE80211_FCTL_FROMDS) && local->ap &&
594 hostap_is_sta_assoc(local->ap, hdr->addr2)) {
595
596
597
598
599
600 *wds = NULL;
601 }
602
603 return 0;
604}
605
606
607static int hostap_is_eapol_frame(local_info_t *local, struct sk_buff *skb)
608{
609 struct net_device *dev = local->dev;
610 u16 fc, ethertype;
611 struct ieee80211_hdr *hdr;
612 u8 *pos;
613
614 if (skb->len < 24)
615 return 0;
616
617 hdr = (struct ieee80211_hdr *) skb->data;
618 fc = le16_to_cpu(hdr->frame_control);
619
620
621 if ((fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) ==
622 IEEE80211_FCTL_TODS &&
623 ether_addr_equal(hdr->addr1, dev->dev_addr) &&
624 ether_addr_equal(hdr->addr3, dev->dev_addr)) {
625
626 } else if ((fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) ==
627 IEEE80211_FCTL_FROMDS &&
628 ether_addr_equal(hdr->addr1, dev->dev_addr)) {
629
630 } else
631 return 0;
632
633 if (skb->len < 24 + 8)
634 return 0;
635
636
637 pos = skb->data + 24;
638 ethertype = (pos[6] << 8) | pos[7];
639 if (ethertype == ETH_P_PAE)
640 return 1;
641
642 return 0;
643}
644
645
646
647static int
648hostap_rx_frame_decrypt(local_info_t *local, struct sk_buff *skb,
649 struct lib80211_crypt_data *crypt)
650{
651 struct ieee80211_hdr *hdr;
652 int res, hdrlen;
653
654 if (crypt == NULL || crypt->ops->decrypt_mpdu == NULL)
655 return 0;
656
657 hdr = (struct ieee80211_hdr *) skb->data;
658 hdrlen = hostap_80211_get_hdrlen(hdr->frame_control);
659
660 if (local->tkip_countermeasures &&
661 strcmp(crypt->ops->name, "TKIP") == 0) {
662 if (net_ratelimit()) {
663 printk(KERN_DEBUG "%s: TKIP countermeasures: dropped "
664 "received packet from %pM\n",
665 local->dev->name, hdr->addr2);
666 }
667 return -1;
668 }
669
670 atomic_inc(&crypt->refcnt);
671 res = crypt->ops->decrypt_mpdu(skb, hdrlen, crypt->priv);
672 atomic_dec(&crypt->refcnt);
673 if (res < 0) {
674 printk(KERN_DEBUG "%s: decryption failed (SA=%pM) res=%d\n",
675 local->dev->name, hdr->addr2, res);
676 local->comm_tallies.rx_discards_wep_undecryptable++;
677 return -1;
678 }
679
680 return res;
681}
682
683
684
685static int
686hostap_rx_frame_decrypt_msdu(local_info_t *local, struct sk_buff *skb,
687 int keyidx, struct lib80211_crypt_data *crypt)
688{
689 struct ieee80211_hdr *hdr;
690 int res, hdrlen;
691
692 if (crypt == NULL || crypt->ops->decrypt_msdu == NULL)
693 return 0;
694
695 hdr = (struct ieee80211_hdr *) skb->data;
696 hdrlen = hostap_80211_get_hdrlen(hdr->frame_control);
697
698 atomic_inc(&crypt->refcnt);
699 res = crypt->ops->decrypt_msdu(skb, keyidx, hdrlen, crypt->priv);
700 atomic_dec(&crypt->refcnt);
701 if (res < 0) {
702 printk(KERN_DEBUG "%s: MSDU decryption/MIC verification failed"
703 " (SA=%pM keyidx=%d)\n",
704 local->dev->name, hdr->addr2, keyidx);
705 return -1;
706 }
707
708 return 0;
709}
710
711
712
713
714
715void hostap_80211_rx(struct net_device *dev, struct sk_buff *skb,
716 struct hostap_80211_rx_status *rx_stats)
717{
718 struct hostap_interface *iface;
719 local_info_t *local;
720 struct ieee80211_hdr *hdr;
721 size_t hdrlen;
722 u16 fc, type, stype, sc;
723 struct net_device *wds = NULL;
724 unsigned int frag;
725 u8 *payload;
726 struct sk_buff *skb2 = NULL;
727 u16 ethertype;
728 int frame_authorized = 0;
729 int from_assoc_ap = 0;
730 u8 dst[ETH_ALEN];
731 u8 src[ETH_ALEN];
732 struct lib80211_crypt_data *crypt = NULL;
733 void *sta = NULL;
734 int keyidx = 0;
735
736 iface = netdev_priv(dev);
737 local = iface->local;
738 iface->stats.rx_packets++;
739 iface->stats.rx_bytes += skb->len;
740
741
742
743 dev = local->ddev;
744 iface = netdev_priv(dev);
745
746 hdr = (struct ieee80211_hdr *) skb->data;
747
748 if (skb->len < 10)
749 goto rx_dropped;
750
751 fc = le16_to_cpu(hdr->frame_control);
752 type = fc & IEEE80211_FCTL_FTYPE;
753 stype = fc & IEEE80211_FCTL_STYPE;
754 sc = le16_to_cpu(hdr->seq_ctrl);
755 frag = sc & IEEE80211_SCTL_FRAG;
756 hdrlen = hostap_80211_get_hdrlen(hdr->frame_control);
757
758
759
760#ifdef IW_WIRELESS_SPY
761
762 if (iface->spy_data.spy_number > 0) {
763 struct iw_quality wstats;
764 wstats.level = rx_stats->signal;
765 wstats.noise = rx_stats->noise;
766 wstats.updated = IW_QUAL_LEVEL_UPDATED | IW_QUAL_NOISE_UPDATED
767 | IW_QUAL_QUAL_INVALID | IW_QUAL_DBM;
768
769 wireless_spy_update(dev, hdr->addr2, &wstats);
770 }
771#endif
772 hostap_update_rx_stats(local->ap, hdr, rx_stats);
773
774 if (local->iw_mode == IW_MODE_MONITOR) {
775 monitor_rx(dev, skb, rx_stats);
776 return;
777 }
778
779 if (local->host_decrypt) {
780 int idx = 0;
781 if (skb->len >= hdrlen + 3)
782 idx = skb->data[hdrlen + 3] >> 6;
783 crypt = local->crypt_info.crypt[idx];
784 sta = NULL;
785
786
787
788
789
790
791
792
793 if (!(hdr->addr1[0] & 0x01) || local->bcrx_sta_key)
794 (void) hostap_handle_sta_crypto(local, hdr, &crypt,
795 &sta);
796
797
798
799 if (crypt && (crypt->ops == NULL ||
800 crypt->ops->decrypt_mpdu == NULL))
801 crypt = NULL;
802
803 if (!crypt && (fc & IEEE80211_FCTL_PROTECTED)) {
804#if 0
805
806
807
808
809 printk(KERN_DEBUG "%s: WEP decryption failed (not set)"
810 " (SA=%pM)\n",
811 local->dev->name, hdr->addr2);
812#endif
813 local->comm_tallies.rx_discards_wep_undecryptable++;
814 goto rx_dropped;
815 }
816 }
817
818 if (type != IEEE80211_FTYPE_DATA) {
819 if (type == IEEE80211_FTYPE_MGMT &&
820 stype == IEEE80211_STYPE_AUTH &&
821 fc & IEEE80211_FCTL_PROTECTED && local->host_decrypt &&
822 (keyidx = hostap_rx_frame_decrypt(local, skb, crypt)) < 0)
823 {
824 printk(KERN_DEBUG "%s: failed to decrypt mgmt::auth "
825 "from %pM\n", dev->name, hdr->addr2);
826
827
828 goto rx_dropped;
829 }
830
831 if (hostap_rx_frame_mgmt(local, skb, rx_stats, type, stype))
832 goto rx_dropped;
833 else
834 goto rx_exit;
835 }
836
837
838 if (skb->len < IEEE80211_DATA_HDR3_LEN)
839 goto rx_dropped;
840
841 switch (fc & (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) {
842 case IEEE80211_FCTL_FROMDS:
843 memcpy(dst, hdr->addr1, ETH_ALEN);
844 memcpy(src, hdr->addr3, ETH_ALEN);
845 break;
846 case IEEE80211_FCTL_TODS:
847 memcpy(dst, hdr->addr3, ETH_ALEN);
848 memcpy(src, hdr->addr2, ETH_ALEN);
849 break;
850 case IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS:
851 if (skb->len < IEEE80211_DATA_HDR4_LEN)
852 goto rx_dropped;
853 memcpy(dst, hdr->addr3, ETH_ALEN);
854 memcpy(src, hdr->addr4, ETH_ALEN);
855 break;
856 default:
857 memcpy(dst, hdr->addr1, ETH_ALEN);
858 memcpy(src, hdr->addr2, ETH_ALEN);
859 break;
860 }
861
862 if (hostap_rx_frame_wds(local, hdr, fc, &wds))
863 goto rx_dropped;
864 if (wds)
865 skb->dev = dev = wds;
866
867 if (local->iw_mode == IW_MODE_MASTER && !wds &&
868 (fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) ==
869 IEEE80211_FCTL_FROMDS &&
870 local->stadev &&
871 memcmp(hdr->addr2, local->assoc_ap_addr, ETH_ALEN) == 0) {
872
873 skb->dev = dev = local->stadev;
874 from_assoc_ap = 1;
875 }
876
877 if ((local->iw_mode == IW_MODE_MASTER ||
878 local->iw_mode == IW_MODE_REPEAT) &&
879 !from_assoc_ap) {
880 switch (hostap_handle_sta_rx(local, dev, skb, rx_stats,
881 wds != NULL)) {
882 case AP_RX_CONTINUE_NOT_AUTHORIZED:
883 frame_authorized = 0;
884 break;
885 case AP_RX_CONTINUE:
886 frame_authorized = 1;
887 break;
888 case AP_RX_DROP:
889 goto rx_dropped;
890 case AP_RX_EXIT:
891 goto rx_exit;
892 }
893 }
894
895
896
897 if (stype != IEEE80211_STYPE_DATA &&
898 stype != IEEE80211_STYPE_DATA_CFACK &&
899 stype != IEEE80211_STYPE_DATA_CFPOLL &&
900 stype != IEEE80211_STYPE_DATA_CFACKPOLL) {
901 if (stype != IEEE80211_STYPE_NULLFUNC)
902 printk(KERN_DEBUG "%s: RX: dropped data frame "
903 "with no data (type=0x%02x, subtype=0x%02x)\n",
904 dev->name, type >> 2, stype >> 4);
905 goto rx_dropped;
906 }
907
908
909
910 if (local->host_decrypt && (fc & IEEE80211_FCTL_PROTECTED) &&
911 (keyidx = hostap_rx_frame_decrypt(local, skb, crypt)) < 0)
912 goto rx_dropped;
913 hdr = (struct ieee80211_hdr *) skb->data;
914
915
916
917 if (local->host_decrypt && (fc & IEEE80211_FCTL_PROTECTED) &&
918 (frag != 0 || (fc & IEEE80211_FCTL_MOREFRAGS))) {
919 int flen;
920 struct sk_buff *frag_skb =
921 prism2_frag_cache_get(local, hdr);
922 if (!frag_skb) {
923 printk(KERN_DEBUG "%s: Rx cannot get skb from "
924 "fragment cache (morefrag=%d seq=%u frag=%u)\n",
925 dev->name, (fc & IEEE80211_FCTL_MOREFRAGS) != 0,
926 (sc & IEEE80211_SCTL_SEQ) >> 4, frag);
927 goto rx_dropped;
928 }
929
930 flen = skb->len;
931 if (frag != 0)
932 flen -= hdrlen;
933
934 if (frag_skb->tail + flen > frag_skb->end) {
935 printk(KERN_WARNING "%s: host decrypted and "
936 "reassembled frame did not fit skb\n",
937 dev->name);
938 prism2_frag_cache_invalidate(local, hdr);
939 goto rx_dropped;
940 }
941
942 if (frag == 0) {
943
944
945 skb_copy_from_linear_data(skb, skb_put(frag_skb, flen),
946 flen);
947 } else {
948
949
950 skb_copy_from_linear_data_offset(skb, hdrlen,
951 skb_put(frag_skb,
952 flen), flen);
953 }
954 dev_kfree_skb(skb);
955 skb = NULL;
956
957 if (fc & IEEE80211_FCTL_MOREFRAGS) {
958
959
960
961 goto rx_exit;
962 }
963
964
965
966 skb = frag_skb;
967 hdr = (struct ieee80211_hdr *) skb->data;
968 prism2_frag_cache_invalidate(local, hdr);
969 }
970
971
972
973
974 if (local->host_decrypt && (fc & IEEE80211_FCTL_PROTECTED) &&
975 hostap_rx_frame_decrypt_msdu(local, skb, keyidx, crypt))
976 goto rx_dropped;
977
978 hdr = (struct ieee80211_hdr *) skb->data;
979 if (crypt && !(fc & IEEE80211_FCTL_PROTECTED) && !local->open_wep) {
980 if (local->ieee_802_1x &&
981 hostap_is_eapol_frame(local, skb)) {
982
983
984 PDEBUG(DEBUG_EXTRA2, "%s: RX: IEEE 802.1X - passing "
985 "unencrypted EAPOL frame\n", local->dev->name);
986 } else {
987 printk(KERN_DEBUG "%s: encryption configured, but RX "
988 "frame not encrypted (SA=%pM)\n",
989 local->dev->name, hdr->addr2);
990 goto rx_dropped;
991 }
992 }
993
994 if (local->drop_unencrypted && !(fc & IEEE80211_FCTL_PROTECTED) &&
995 !hostap_is_eapol_frame(local, skb)) {
996 if (net_ratelimit()) {
997 printk(KERN_DEBUG "%s: dropped unencrypted RX data "
998 "frame from %pM (drop_unencrypted=1)\n",
999 dev->name, hdr->addr2);
1000 }
1001 goto rx_dropped;
1002 }
1003
1004
1005
1006 payload = skb->data + hdrlen;
1007 ethertype = (payload[6] << 8) | payload[7];
1008
1009
1010
1011 if (local->ieee_802_1x && local->iw_mode == IW_MODE_MASTER) {
1012 if (ethertype == ETH_P_PAE) {
1013 PDEBUG(DEBUG_EXTRA2, "%s: RX: IEEE 802.1X frame\n",
1014 dev->name);
1015 if (local->hostapd && local->apdev) {
1016
1017
1018 prism2_rx_80211(local->apdev, skb, rx_stats,
1019 PRISM2_RX_MGMT);
1020 local->apdevstats.rx_packets++;
1021 local->apdevstats.rx_bytes += skb->len;
1022 goto rx_exit;
1023 }
1024 } else if (!frame_authorized) {
1025 printk(KERN_DEBUG "%s: dropped frame from "
1026 "unauthorized port (IEEE 802.1X): "
1027 "ethertype=0x%04x\n",
1028 dev->name, ethertype);
1029 goto rx_dropped;
1030 }
1031 }
1032
1033
1034 if (skb->len - hdrlen >= 8 &&
1035 ((memcmp(payload, rfc1042_header, 6) == 0 &&
1036 ethertype != ETH_P_AARP && ethertype != ETH_P_IPX) ||
1037 memcmp(payload, bridge_tunnel_header, 6) == 0)) {
1038
1039
1040 skb_pull(skb, hdrlen + 6);
1041 memcpy(skb_push(skb, ETH_ALEN), src, ETH_ALEN);
1042 memcpy(skb_push(skb, ETH_ALEN), dst, ETH_ALEN);
1043 } else {
1044 __be16 len;
1045
1046 skb_pull(skb, hdrlen);
1047 len = htons(skb->len);
1048 memcpy(skb_push(skb, 2), &len, 2);
1049 memcpy(skb_push(skb, ETH_ALEN), src, ETH_ALEN);
1050 memcpy(skb_push(skb, ETH_ALEN), dst, ETH_ALEN);
1051 }
1052
1053 if (wds && ((fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) ==
1054 IEEE80211_FCTL_TODS) &&
1055 skb->len >= ETH_HLEN + ETH_ALEN) {
1056
1057
1058 skb_copy_from_linear_data_offset(skb, skb->len - ETH_ALEN,
1059 skb->data + ETH_ALEN,
1060 ETH_ALEN);
1061 skb_trim(skb, skb->len - ETH_ALEN);
1062 }
1063
1064 dev->stats.rx_packets++;
1065 dev->stats.rx_bytes += skb->len;
1066
1067 if (local->iw_mode == IW_MODE_MASTER && !wds &&
1068 local->ap->bridge_packets) {
1069 if (dst[0] & 0x01) {
1070
1071
1072 local->ap->bridged_multicast++;
1073 skb2 = skb_clone(skb, GFP_ATOMIC);
1074 if (skb2 == NULL)
1075 printk(KERN_DEBUG "%s: skb_clone failed for "
1076 "multicast frame\n", dev->name);
1077 } else if (hostap_is_sta_authorized(local->ap, dst)) {
1078
1079
1080 local->ap->bridged_unicast++;
1081 skb2 = skb;
1082 skb = NULL;
1083 }
1084 }
1085
1086 if (skb2 != NULL) {
1087
1088 skb2->dev = dev;
1089 skb2->protocol = cpu_to_be16(ETH_P_802_3);
1090 skb_reset_mac_header(skb2);
1091 skb_reset_network_header(skb2);
1092
1093 dev_queue_xmit(skb2);
1094 }
1095
1096 if (skb) {
1097 skb->protocol = eth_type_trans(skb, dev);
1098 memset(skb->cb, 0, sizeof(skb->cb));
1099 netif_rx(skb);
1100 }
1101
1102 rx_exit:
1103 if (sta)
1104 hostap_handle_sta_release(sta);
1105 return;
1106
1107 rx_dropped:
1108 dev_kfree_skb(skb);
1109
1110 dev->stats.rx_dropped++;
1111 goto rx_exit;
1112}
1113
1114
1115EXPORT_SYMBOL(hostap_80211_rx);
1116
