tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge branch 'upstream-davem' of master.kernel.org:/pub/scm/linux/kernel/git/linville/wireless-2.6
+1052
-324
+59
Documentation/networking/mac80211-injection.txt
+59
Documentation/networking/mac80211-injection.txt
···
1
+
How to use packet injection with mac80211
2
+
=========================================
3
+
4
+
mac80211 now allows arbitrary packets to be injected down any Monitor Mode
5
+
interface from userland. The packet you inject needs to be composed in the
6
+
following format:
7
+
8
+
[ radiotap header ]
9
+
[ ieee80211 header ]
10
+
[ payload ]
11
+
12
+
The radiotap format is discussed in
13
+
./Documentation/networking/radiotap-headers.txt.
14
+
15
+
Despite 13 radiotap argument types are currently defined, most only make sense
16
+
to appear on received packets. Currently three kinds of argument are used by
17
+
the injection code, although it knows to skip any other arguments that are
18
+
present (facilitating replay of captured radiotap headers directly):
19
+
20
+
- IEEE80211_RADIOTAP_RATE - u8 arg in 500kbps units (0x02 --> 1Mbps)
21
+
22
+
- IEEE80211_RADIOTAP_ANTENNA - u8 arg, 0x00 = ant1, 0x01 = ant2
23
+
24
+
- IEEE80211_RADIOTAP_DBM_TX_POWER - u8 arg, dBm
25
+
26
+
Here is an example valid radiotap header defining these three parameters
27
+
28
+
0x00, 0x00, // <-- radiotap version
29
+
0x0b, 0x00, // <- radiotap header length
30
+
0x04, 0x0c, 0x00, 0x00, // <-- bitmap
31
+
0x6c, // <-- rate
32
+
0x0c, //<-- tx power
33
+
0x01 //<-- antenna
34
+
35
+
The ieee80211 header follows immediately afterwards, looking for example like
36
+
this:
37
+
38
+
0x08, 0x01, 0x00, 0x00,
39
+
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
40
+
0x13, 0x22, 0x33, 0x44, 0x55, 0x66,
41
+
0x13, 0x22, 0x33, 0x44, 0x55, 0x66,
42
+
0x10, 0x86
43
+
44
+
Then lastly there is the payload.
45
+
46
+
After composing the packet contents, it is sent by send()-ing it to a logical
47
+
mac80211 interface that is in Monitor mode. Libpcap can also be used,
48
+
(which is easier than doing the work to bind the socket to the right
49
+
interface), along the following lines:
50
+
51
+
ppcap = pcap_open_live(szInterfaceName, 800, 1, 20, szErrbuf);
52
+
...
53
+
r = pcap_inject(ppcap, u8aSendBuffer, nLength);
54
+
55
+
You can also find sources for a complete inject test applet here:
56
+
57
+
http://penumbra.warmcat.com/_twk/tiki-index.php?page=packetspammer
58
+
59
+
Andy Green <andy@warmcat.com>
+152
Documentation/networking/radiotap-headers.txt
+152
Documentation/networking/radiotap-headers.txt
···
1
+
How to use radiotap headers
2
+
===========================
3
+
4
+
Pointer to the radiotap include file
5
+
------------------------------------
6
+
7
+
Radiotap headers are variable-length and extensible, you can get most of the
8
+
information you need to know on them from:
9
+
10
+
./include/net/ieee80211_radiotap.h
11
+
12
+
This document gives an overview and warns on some corner cases.
13
+
14
+
15
+
Structure of the header
16
+
-----------------------
17
+
18
+
There is a fixed portion at the start which contains a u32 bitmap that defines
19
+
if the possible argument associated with that bit is present or not. So if b0
20
+
of the it_present member of ieee80211_radiotap_header is set, it means that
21
+
the header for argument index 0 (IEEE80211_RADIOTAP_TSFT) is present in the
22
+
argument area.
23
+
24
+
< 8-byte ieee80211_radiotap_header >
25
+
[ <possible argument bitmap extensions ... > ]
26
+
[ <argument> ... ]
27
+
28
+
At the moment there are only 13 possible argument indexes defined, but in case
29
+
we run out of space in the u32 it_present member, it is defined that b31 set
30
+
indicates that there is another u32 bitmap following (shown as "possible
31
+
argument bitmap extensions..." above), and the start of the arguments is moved
32
+
forward 4 bytes each time.
33
+
34
+
Note also that the it_len member __le16 is set to the total number of bytes
35
+
covered by the ieee80211_radiotap_header and any arguments following.
36
+
37
+
38
+
Requirements for arguments
39
+
--------------------------
40
+
41
+
After the fixed part of the header, the arguments follow for each argument
42
+
index whose matching bit is set in the it_present member of
43
+
ieee80211_radiotap_header.
44
+
45
+
- the arguments are all stored little-endian!
46
+
47
+
- the argument payload for a given argument index has a fixed size. So
48
+
IEEE80211_RADIOTAP_TSFT being present always indicates an 8-byte argument is
49
+
present. See the comments in ./include/net/ieee80211_radiotap.h for a nice
50
+
breakdown of all the argument sizes
51
+
52
+
- the arguments must be aligned to a boundary of the argument size using
53
+
padding. So a u16 argument must start on the next u16 boundary if it isn't
54
+
already on one, a u32 must start on the next u32 boundary and so on.
55
+
56
+
- "alignment" is relative to the start of the ieee80211_radiotap_header, ie,
57
+
the first byte of the radiotap header. The absolute alignment of that first
58
+
byte isn't defined. So even if the whole radiotap header is starting at, eg,
59
+
address 0x00000003, still the first byte of the radiotap header is treated as
60
+
0 for alignment purposes.
61
+
62
+
- the above point that there may be no absolute alignment for multibyte
63
+
entities in the fixed radiotap header or the argument region means that you
64
+
have to take special evasive action when trying to access these multibyte
65
+
entities. Some arches like Blackfin cannot deal with an attempt to
66
+
dereference, eg, a u16 pointer that is pointing to an odd address. Instead
67
+
you have to use a kernel API get_unaligned() to dereference the pointer,
68
+
which will do it bytewise on the arches that require that.
69
+
70
+
- The arguments for a given argument index can be a compound of multiple types
71
+
together. For example IEEE80211_RADIOTAP_CHANNEL has an argument payload
72
+
consisting of two u16s of total length 4. When this happens, the padding
73
+
rule is applied dealing with a u16, NOT dealing with a 4-byte single entity.
74
+
75
+
76
+
Example valid radiotap header
77
+
-----------------------------
78
+
79
+
0x00, 0x00, // <-- radiotap version + pad byte
80
+
0x0b, 0x00, // <- radiotap header length
81
+
0x04, 0x0c, 0x00, 0x00, // <-- bitmap
82
+
0x6c, // <-- rate (in 500kHz units)
83
+
0x0c, //<-- tx power
84
+
0x01 //<-- antenna
85
+
86
+
87
+
Using the Radiotap Parser
88
+
-------------------------
89
+
90
+
If you are having to parse a radiotap struct, you can radically simplify the
91
+
job by using the radiotap parser that lives in net/wireless/radiotap.c and has
92
+
its prototypes available in include/net/cfg80211.h. You use it like this:
93
+
94
+
#include <net/cfg80211.h>
95
+
96
+
/* buf points to the start of the radiotap header part */
97
+
98
+
int MyFunction(u8 * buf, int buflen)
99
+
{
100
+
int pkt_rate_100kHz = 0, antenna = 0, pwr = 0;
101
+
struct ieee80211_radiotap_iterator iterator;
102
+
int ret = ieee80211_radiotap_iterator_init(&iterator, buf, buflen);
103
+
104
+
while (!ret) {
105
+
106
+
ret = ieee80211_radiotap_iterator_next(&iterator);
107
+
108
+
if (ret)
109
+
continue;
110
+
111
+
/* see if this argument is something we can use */
112
+
113
+
switch (iterator.this_arg_index) {
114
+
/*
115
+
* You must take care when dereferencing iterator.this_arg
116
+
* for multibyte types... the pointer is not aligned. Use
117
+
* get_unaligned((type *)iterator.this_arg) to dereference
118
+
* iterator.this_arg for type "type" safely on all arches.
119
+
*/
120
+
case IEEE80211_RADIOTAP_RATE:
121
+
/* radiotap "rate" u8 is in
122
+
* 500kbps units, eg, 0x02=1Mbps
123
+
*/
124
+
pkt_rate_100kHz = (*iterator.this_arg) * 5;
125
+
break;
126
+
127
+
case IEEE80211_RADIOTAP_ANTENNA:
128
+
/* radiotap uses 0 for 1st ant */
129
+
antenna = *iterator.this_arg);
130
+
break;
131
+
132
+
case IEEE80211_RADIOTAP_DBM_TX_POWER:
133
+
pwr = *iterator.this_arg;
134
+
break;
135
+
136
+
default:
137
+
break;
138
+
}
139
+
} /* while more rt headers */
140
+
141
+
if (ret != -ENOENT)
142
+
return TXRX_DROP;
143
+
144
+
/* discard the radiotap header part */
145
+
buf += iterator.max_length;
146
+
buflen -= iterator.max_length;
147
+
148
+
...
149
+
150
+
}
151
+
152
+
Andy Green <andy@warmcat.com>
+11
include/linux/ieee80211.h
+11
include/linux/ieee80211.h
···
227
227
#define WLAN_CAPABILITY_SHORT_SLOT_TIME (1<<10)
228
228
#define WLAN_CAPABILITY_DSSS_OFDM (1<<13)
229
229
230
+
/* 802.11g ERP information element */
231
+
#define WLAN_ERP_NON_ERP_PRESENT (1<<0)
232
+
#define WLAN_ERP_USE_PROTECTION (1<<1)
233
+
#define WLAN_ERP_BARKER_PREAMBLE (1<<2)
234
+
235
+
/* WLAN_ERP_BARKER_PREAMBLE values */
236
+
enum {
237
+
WLAN_ERP_PREAMBLE_SHORT = 0,
238
+
WLAN_ERP_PREAMBLE_LONG = 1,
239
+
};
240
+
230
241
/* Status codes */
231
242
enum ieee80211_statuscode {
232
243
WLAN_STATUS_SUCCESS = 0,
+38
include/net/cfg80211.h
+38
include/net/cfg80211.h
···
11
11
* Copyright 2006 Johannes Berg <johannes@sipsolutions.net>
12
12
*/
13
13
14
+
15
+
/* Radiotap header iteration
16
+
* implemented in net/wireless/radiotap.c
17
+
* docs in Documentation/networking/radiotap-headers.txt
18
+
*/
19
+
/**
20
+
* struct ieee80211_radiotap_iterator - tracks walk thru present radiotap args
21
+
* @rtheader: pointer to the radiotap header we are walking through
22
+
* @max_length: length of radiotap header in cpu byte ordering
23
+
* @this_arg_index: IEEE80211_RADIOTAP_... index of current arg
24
+
* @this_arg: pointer to current radiotap arg
25
+
* @arg_index: internal next argument index
26
+
* @arg: internal next argument pointer
27
+
* @next_bitmap: internal pointer to next present u32
28
+
* @bitmap_shifter: internal shifter for curr u32 bitmap, b0 set == arg present
29
+
*/
30
+
31
+
struct ieee80211_radiotap_iterator {
32
+
struct ieee80211_radiotap_header *rtheader;
33
+
int max_length;
34
+
int this_arg_index;
35
+
u8 *this_arg;
36
+
37
+
int arg_index;
38
+
u8 *arg;
39
+
__le32 *next_bitmap;
40
+
u32 bitmap_shifter;
41
+
};
42
+
43
+
extern int ieee80211_radiotap_iterator_init(
44
+
struct ieee80211_radiotap_iterator *iterator,
45
+
struct ieee80211_radiotap_header *radiotap_header,
46
+
int max_length);
47
+
48
+
extern int ieee80211_radiotap_iterator_next(
49
+
struct ieee80211_radiotap_iterator *iterator);
50
+
51
+
14
52
/* from net/wireless.h */
15
53
struct wiphy;
16
54
+12
-10
include/net/mac80211.h
+12
-10
include/net/mac80211.h
···
347
347
* @mac_addr: pointer to MAC address of the interface. This pointer is valid
348
348
* until the interface is removed (i.e. it cannot be used after
349
349
* remove_interface() callback was called for this interface).
350
+
* This pointer will be %NULL for monitor interfaces, be careful.
350
351
*
351
352
* This structure is used in add_interface() and remove_interface()
352
353
* callbacks of &struct ieee80211_hw.
354
+
*
355
+
* When you allow multiple interfaces to be added to your PHY, take care
356
+
* that the hardware can actually handle multiple MAC addresses. However,
357
+
* also take care that when there's no interface left with mac_addr != %NULL
358
+
* you remove the MAC address from the device to avoid acknowledging packets
359
+
* in pure monitor mode.
353
360
*/
354
361
struct ieee80211_if_init_conf {
355
362
int if_id;
···
581
574
* to returning zero. By returning non-zero addition of the interface
582
575
* is inhibited. Unless monitor_during_oper is set, it is guaranteed
583
576
* that monitor interfaces and normal interfaces are mutually
584
-
* exclusive. The open() handler is called after add_interface()
585
-
* if this is the first device added. At least one of the open()
586
-
* open() and add_interface() callbacks has to be assigned. If
587
-
* add_interface() is NULL, one STA interface is permitted only. */
577
+
* exclusive. If assigned, the open() handler is called after
578
+
* add_interface() if this is the first device added. The
579
+
* add_interface() callback has to be assigned because it is the only
580
+
* way to obtain the requested MAC address for any interface.
581
+
*/
588
582
int (*add_interface)(struct ieee80211_hw *hw,
589
583
struct ieee80211_if_init_conf *conf);
590
584
···
928
920
struct sk_buff *
929
921
ieee80211_get_buffered_bc(struct ieee80211_hw *hw, int if_id,
930
922
struct ieee80211_tx_control *control);
931
-
932
-
/* Low level drivers that have their own MLME and MAC indicate
933
-
* the aid for an associating station with this call */
934
-
int ieee80211_set_aid_for_sta(struct ieee80211_hw *hw,
935
-
u8 *peer_address, u16 aid);
936
-
937
923
938
924
/* Given an sk_buff with a raw 802.11 header at the data pointer this function
939
925
* returns the 802.11 header length in bytes (not including encryption
+1
-1
net/mac80211/debugfs_netdev.c
+1
-1
net/mac80211/debugfs_netdev.c
···
118
118
sdata->u.sta.authenticated ? "AUTH\n" : "",
119
119
sdata->u.sta.associated ? "ASSOC\n" : "",
120
120
sdata->u.sta.probereq_poll ? "PROBEREQ POLL\n" : "",
121
-
sdata->u.sta.use_protection ? "CTS prot\n" : "");
121
+
sdata->use_protection ? "CTS prot\n" : "");
122
122
}
123
123
__IEEE80211_IF_FILE(flags);
124
124
-8
net/mac80211/hostapd_ioctl.h
-8
net/mac80211/hostapd_ioctl.h
···
26
26
* mess shall be deleted completely. */
27
27
enum {
28
28
PRISM2_PARAM_IEEE_802_1X = 23,
29
-
PRISM2_PARAM_ANTSEL_TX = 24,
30
-
PRISM2_PARAM_ANTSEL_RX = 25,
31
29
32
30
/* Instant802 additions */
33
31
PRISM2_PARAM_CTS_PROTECT_ERP_FRAMES = 1001,
34
-
PRISM2_PARAM_DROP_UNENCRYPTED = 1002,
35
32
PRISM2_PARAM_PREAMBLE = 1003,
36
33
PRISM2_PARAM_SHORT_SLOT_TIME = 1006,
37
34
PRISM2_PARAM_NEXT_MODE = 1008,
38
-
PRISM2_PARAM_CLEAR_KEYS = 1009,
39
35
PRISM2_PARAM_RADIO_ENABLED = 1010,
40
36
PRISM2_PARAM_ANTENNA_MODE = 1013,
41
37
PRISM2_PARAM_STAT_TIME = 1016,
42
38
PRISM2_PARAM_STA_ANTENNA_SEL = 1017,
43
-
PRISM2_PARAM_FORCE_UNICAST_RATE = 1018,
44
-
PRISM2_PARAM_RATE_CTRL_NUM_UP = 1019,
45
-
PRISM2_PARAM_RATE_CTRL_NUM_DOWN = 1020,
46
-
PRISM2_PARAM_MAX_RATECTRL_RATE = 1021,
47
39
PRISM2_PARAM_TX_POWER_REDUCTION = 1022,
48
40
PRISM2_PARAM_KEY_TX_RX_THRESHOLD = 1024,
49
41
PRISM2_PARAM_DEFAULT_WEP_ONLY = 1026,
+365
-88
net/mac80211/ieee80211.c
+365
-88
net/mac80211/ieee80211.c
···
24
24
#include <linux/compiler.h>
25
25
#include <linux/bitmap.h>
26
26
#include <net/cfg80211.h>
27
+
#include <asm/unaligned.h>
27
28
28
29
#include "ieee80211_common.h"
29
30
#include "ieee80211_i.h"
···
55
54
/* No encapsulation header if EtherType < 0x600 (=length) */
56
55
static const unsigned char eapol_header[] =
57
56
{ 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00, 0x88, 0x8e };
57
+
58
+
59
+
/*
60
+
* For seeing transmitted packets on monitor interfaces
61
+
* we have a radiotap header too.
62
+
*/
63
+
struct ieee80211_tx_status_rtap_hdr {
64
+
struct ieee80211_radiotap_header hdr;
65
+
__le16 tx_flags;
66
+
u8 data_retries;
67
+
} __attribute__ ((packed));
58
68
59
69
60
70
static inline void ieee80211_include_sequence(struct ieee80211_sub_if_data *sdata,
···
442
430
if (!tx->u.tx.rate)
443
431
return TXRX_DROP;
444
432
if (tx->u.tx.mode->mode == MODE_IEEE80211G &&
445
-
tx->local->cts_protect_erp_frames && tx->fragmented &&
433
+
tx->sdata->use_protection && tx->fragmented &&
446
434
extra.nonerp) {
447
435
tx->u.tx.last_frag_rate = tx->u.tx.rate;
448
436
tx->u.tx.probe_last_frag = extra.probe ? 1 : 0;
···
540
528
/* reserve enough extra head and tail room for possible
541
529
* encryption */
542
530
frag = frags[i] =
543
-
dev_alloc_skb(tx->local->hw.extra_tx_headroom +
531
+
dev_alloc_skb(tx->local->tx_headroom +
544
532
frag_threshold +
545
533
IEEE80211_ENCRYPT_HEADROOM +
546
534
IEEE80211_ENCRYPT_TAILROOM);
···
549
537
/* Make sure that all fragments use the same priority so
550
538
* that they end up using the same TX queue */
551
539
frag->priority = first->priority;
552
-
skb_reserve(frag, tx->local->hw.extra_tx_headroom +
553
-
IEEE80211_ENCRYPT_HEADROOM);
540
+
skb_reserve(frag, tx->local->tx_headroom +
541
+
IEEE80211_ENCRYPT_HEADROOM);
554
542
fhdr = (struct ieee80211_hdr *) skb_put(frag, hdrlen);
555
543
memcpy(fhdr, first->data, hdrlen);
556
544
if (i == num_fragm - 2)
···
868
856
* for the frame. */
869
857
if (mode->mode == MODE_IEEE80211G &&
870
858
(tx->u.tx.rate->flags & IEEE80211_RATE_ERP) &&
871
-
tx->u.tx.unicast &&
872
-
tx->local->cts_protect_erp_frames &&
859
+
tx->u.tx.unicast && tx->sdata->use_protection &&
873
860
!(control->flags & IEEE80211_TXCTL_USE_RTS_CTS))
874
861
control->flags |= IEEE80211_TXCTL_USE_CTS_PROTECT;
875
862
···
1129
1118
}
1130
1119
1131
1120
1132
-
static void inline
1121
+
/*
1122
+
* deal with packet injection down monitor interface
1123
+
* with Radiotap Header -- only called for monitor mode interface
1124
+
*/
1125
+
1126
+
static ieee80211_txrx_result
1127
+
__ieee80211_parse_tx_radiotap(
1128
+
struct ieee80211_txrx_data *tx,
1129
+
struct sk_buff *skb, struct ieee80211_tx_control *control)
1130
+
{
1131
+
/*
1132
+
* this is the moment to interpret and discard the radiotap header that
1133
+
* must be at the start of the packet injected in Monitor mode
1134
+
*
1135
+
* Need to take some care with endian-ness since radiotap
1136
+
* args are little-endian
1137
+
*/
1138
+
1139
+
struct ieee80211_radiotap_iterator iterator;
1140
+
struct ieee80211_radiotap_header *rthdr =
1141
+
(struct ieee80211_radiotap_header *) skb->data;
1142
+
struct ieee80211_hw_mode *mode = tx->local->hw.conf.mode;
1143
+
int ret = ieee80211_radiotap_iterator_init(&iterator, rthdr, skb->len);
1144
+
1145
+
/*
1146
+
* default control situation for all injected packets
1147
+
* FIXME: this does not suit all usage cases, expand to allow control
1148
+
*/
1149
+
1150
+
control->retry_limit = 1; /* no retry */
1151
+
control->key_idx = -1; /* no encryption key */
1152
+
control->flags &= ~(IEEE80211_TXCTL_USE_RTS_CTS |
1153
+
IEEE80211_TXCTL_USE_CTS_PROTECT);
1154
+
control->flags |= IEEE80211_TXCTL_DO_NOT_ENCRYPT |
1155
+
IEEE80211_TXCTL_NO_ACK;
1156
+
control->antenna_sel_tx = 0; /* default to default antenna */
1157
+
1158
+
/*
1159
+
* for every radiotap entry that is present
1160
+
* (ieee80211_radiotap_iterator_next returns -ENOENT when no more
1161
+
* entries present, or -EINVAL on error)
1162
+
*/
1163
+
1164
+
while (!ret) {
1165
+
int i, target_rate;
1166
+
1167
+
ret = ieee80211_radiotap_iterator_next(&iterator);
1168
+
1169
+
if (ret)
1170
+
continue;
1171
+
1172
+
/* see if this argument is something we can use */
1173
+
switch (iterator.this_arg_index) {
1174
+
/*
1175
+
* You must take care when dereferencing iterator.this_arg
1176
+
* for multibyte types... the pointer is not aligned. Use
1177
+
* get_unaligned((type *)iterator.this_arg) to dereference
1178
+
* iterator.this_arg for type "type" safely on all arches.
1179
+
*/
1180
+
case IEEE80211_RADIOTAP_RATE:
1181
+
/*
1182
+
* radiotap rate u8 is in 500kbps units eg, 0x02=1Mbps
1183
+
* ieee80211 rate int is in 100kbps units eg, 0x0a=1Mbps
1184
+
*/
1185
+
target_rate = (*iterator.this_arg) * 5;
1186
+
for (i = 0; i < mode->num_rates; i++) {
1187
+
struct ieee80211_rate *r = &mode->rates[i];
1188
+
1189
+
if (r->rate > target_rate)
1190
+
continue;
1191
+
1192
+
control->rate = r;
1193
+
1194
+
if (r->flags & IEEE80211_RATE_PREAMBLE2)
1195
+
control->tx_rate = r->val2;
1196
+
else
1197
+
control->tx_rate = r->val;
1198
+
1199
+
/* end on exact match */
1200
+
if (r->rate == target_rate)
1201
+
i = mode->num_rates;
1202
+
}
1203
+
break;
1204
+
1205
+
case IEEE80211_RADIOTAP_ANTENNA:
1206
+
/*
1207
+
* radiotap uses 0 for 1st ant, mac80211 is 1 for
1208
+
* 1st ant
1209
+
*/
1210
+
control->antenna_sel_tx = (*iterator.this_arg) + 1;
1211
+
break;
1212
+
1213
+
case IEEE80211_RADIOTAP_DBM_TX_POWER:
1214
+
control->power_level = *iterator.this_arg;
1215
+
break;
1216
+
1217
+
case IEEE80211_RADIOTAP_FLAGS:
1218
+
if (*iterator.this_arg & IEEE80211_RADIOTAP_F_FCS) {
1219
+
/*
1220
+
* this indicates that the skb we have been
1221
+
* handed has the 32-bit FCS CRC at the end...
1222
+
* we should react to that by snipping it off
1223
+
* because it will be recomputed and added
1224
+
* on transmission
1225
+
*/
1226
+
if (skb->len < (iterator.max_length + FCS_LEN))
1227
+
return TXRX_DROP;
1228
+
1229
+
skb_trim(skb, skb->len - FCS_LEN);
1230
+
}
1231
+
break;
1232
+
1233
+
default:
1234
+
break;
1235
+
}
1236
+
}
1237
+
1238
+
if (ret != -ENOENT) /* ie, if we didn't simply run out of fields */
1239
+
return TXRX_DROP;
1240
+
1241
+
/*
1242
+
* remove the radiotap header
1243
+
* iterator->max_length was sanity-checked against
1244
+
* skb->len by iterator init
1245
+
*/
1246
+
skb_pull(skb, iterator.max_length);
1247
+
1248
+
return TXRX_CONTINUE;
1249
+
}
1250
+
1251
+
1252
+
static ieee80211_txrx_result inline
1133
1253
__ieee80211_tx_prepare(struct ieee80211_txrx_data *tx,
1134
1254
struct sk_buff *skb,
1135
1255
struct net_device *dev,
···
1268
1126
{
1269
1127
struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1270
1128
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
1129
+
struct ieee80211_sub_if_data *sdata;
1130
+
ieee80211_txrx_result res = TXRX_CONTINUE;
1131
+
1271
1132
int hdrlen;
1272
1133
1273
1134
memset(tx, 0, sizeof(*tx));
···
1280
1135
tx->sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1281
1136
tx->sta = sta_info_get(local, hdr->addr1);
1282
1137
tx->fc = le16_to_cpu(hdr->frame_control);
1138
+
1139
+
/*
1140
+
* set defaults for things that can be set by
1141
+
* injected radiotap headers
1142
+
*/
1283
1143
control->power_level = local->hw.conf.power_level;
1144
+
control->antenna_sel_tx = local->hw.conf.antenna_sel_tx;
1145
+
if (local->sta_antenna_sel != STA_ANTENNA_SEL_AUTO && tx->sta)
1146
+
control->antenna_sel_tx = tx->sta->antenna_sel_tx;
1147
+
1148
+
/* process and remove the injection radiotap header */
1149
+
sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1150
+
if (unlikely(sdata->type == IEEE80211_IF_TYPE_MNTR)) {
1151
+
if (__ieee80211_parse_tx_radiotap(tx, skb, control) ==
1152
+
TXRX_DROP) {
1153
+
return TXRX_DROP;
1154
+
}
1155
+
/*
1156
+
* we removed the radiotap header after this point,
1157
+
* we filled control with what we could use
1158
+
* set to the actual ieee header now
1159
+
*/
1160
+
hdr = (struct ieee80211_hdr *) skb->data;
1161
+
res = TXRX_QUEUED; /* indication it was monitor packet */
1162
+
}
1163
+
1284
1164
tx->u.tx.control = control;
1285
1165
tx->u.tx.unicast = !is_multicast_ether_addr(hdr->addr1);
1286
1166
if (is_multicast_ether_addr(hdr->addr1))
···
1322
1152
control->flags |= IEEE80211_TXCTL_CLEAR_DST_MASK;
1323
1153
tx->sta->clear_dst_mask = 0;
1324
1154
}
1325
-
control->antenna_sel_tx = local->hw.conf.antenna_sel_tx;
1326
-
if (local->sta_antenna_sel != STA_ANTENNA_SEL_AUTO && tx->sta)
1327
-
control->antenna_sel_tx = tx->sta->antenna_sel_tx;
1328
1155
hdrlen = ieee80211_get_hdrlen(tx->fc);
1329
1156
if (skb->len > hdrlen + sizeof(rfc1042_header) + 2) {
1330
1157
u8 *pos = &skb->data[hdrlen + sizeof(rfc1042_header)];
···
1329
1162
}
1330
1163
control->flags |= IEEE80211_TXCTL_FIRST_FRAGMENT;
1331
1164
1165
+
return res;
1332
1166
}
1333
1167
1334
1168
static int inline is_ieee80211_device(struct net_device *dev,
···
1442
1274
struct sta_info *sta;
1443
1275
ieee80211_tx_handler *handler;
1444
1276
struct ieee80211_txrx_data tx;
1445
-
ieee80211_txrx_result res = TXRX_DROP;
1277
+
ieee80211_txrx_result res = TXRX_DROP, res_prepare;
1446
1278
int ret, i;
1447
1279
1448
1280
WARN_ON(__ieee80211_queue_pending(local, control->queue));
···
1452
1284
return 0;
1453
1285
}
1454
1286
1455
-
__ieee80211_tx_prepare(&tx, skb, dev, control);
1287
+
res_prepare = __ieee80211_tx_prepare(&tx, skb, dev, control);
1288
+
1289
+
if (res_prepare == TXRX_DROP) {
1290
+
dev_kfree_skb(skb);
1291
+
return 0;
1292
+
}
1293
+
1456
1294
sta = tx.sta;
1457
1295
tx.u.tx.mgmt_interface = mgmt;
1458
1296
tx.u.tx.mode = local->hw.conf.mode;
1459
1297
1460
-
for (handler = local->tx_handlers; *handler != NULL; handler++) {
1461
-
res = (*handler)(&tx);
1462
-
if (res != TXRX_CONTINUE)
1463
-
break;
1298
+
if (res_prepare == TXRX_QUEUED) { /* if it was an injected packet */
1299
+
res = TXRX_CONTINUE;
1300
+
} else {
1301
+
for (handler = local->tx_handlers; *handler != NULL;
1302
+
handler++) {
1303
+
res = (*handler)(&tx);
1304
+
if (res != TXRX_CONTINUE)
1305
+
break;
1306
+
}
1464
1307
}
1465
1308
1466
1309
skb = tx.skb; /* handlers are allowed to change skb */
···
1646
1467
}
1647
1468
osdata = IEEE80211_DEV_TO_SUB_IF(odev);
1648
1469
1649
-
headroom = osdata->local->hw.extra_tx_headroom +
1650
-
IEEE80211_ENCRYPT_HEADROOM;
1470
+
headroom = osdata->local->tx_headroom + IEEE80211_ENCRYPT_HEADROOM;
1651
1471
if (skb_headroom(skb) < headroom) {
1652
1472
if (pskb_expand_head(skb, headroom, 0, GFP_ATOMIC)) {
1653
1473
dev_kfree_skb(skb);
···
1672
1494
}
1673
1495
1674
1496
1497
+
int ieee80211_monitor_start_xmit(struct sk_buff *skb,
1498
+
struct net_device *dev)
1499
+
{
1500
+
struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1501
+
struct ieee80211_tx_packet_data *pkt_data;
1502
+
struct ieee80211_radiotap_header *prthdr =
1503
+
(struct ieee80211_radiotap_header *)skb->data;
1504
+
u16 len;
1505
+
1506
+
/*
1507
+
* there must be a radiotap header at the
1508
+
* start in this case
1509
+
*/
1510
+
if (unlikely(prthdr->it_version)) {
1511
+
/* only version 0 is supported */
1512
+
dev_kfree_skb(skb);
1513
+
return NETDEV_TX_OK;
1514
+
}
1515
+
1516
+
skb->dev = local->mdev;
1517
+
1518
+
pkt_data = (struct ieee80211_tx_packet_data *)skb->cb;
1519
+
memset(pkt_data, 0, sizeof(*pkt_data));
1520
+
pkt_data->ifindex = dev->ifindex;
1521
+
pkt_data->mgmt_iface = 0;
1522
+
pkt_data->do_not_encrypt = 1;
1523
+
1524
+
/* above needed because we set skb device to master */
1525
+
1526
+
/*
1527
+
* fix up the pointers accounting for the radiotap
1528
+
* header still being in there. We are being given
1529
+
* a precooked IEEE80211 header so no need for
1530
+
* normal processing
1531
+
*/
1532
+
len = le16_to_cpu(get_unaligned(&prthdr->it_len));
1533
+
skb_set_mac_header(skb, len);
1534
+
skb_set_network_header(skb, len + sizeof(struct ieee80211_hdr));
1535
+
skb_set_transport_header(skb, len + sizeof(struct ieee80211_hdr));
1536
+
1537
+
/*
1538
+
* pass the radiotap header up to
1539
+
* the next stage intact
1540
+
*/
1541
+
dev_queue_xmit(skb);
1542
+
1543
+
return NETDEV_TX_OK;
1544
+
}
1545
+
1546
+
1675
1547
/**
1676
1548
* ieee80211_subif_start_xmit - netif start_xmit function for Ethernet-type
1677
1549
* subinterfaces (wlan#, WDS, and VLAN interfaces)
···
1737
1509
* encapsulated packet will then be passed to master interface, wlan#.11, for
1738
1510
* transmission (through low-level driver).
1739
1511
*/
1740
-
static int ieee80211_subif_start_xmit(struct sk_buff *skb,
1741
-
struct net_device *dev)
1512
+
int ieee80211_subif_start_xmit(struct sk_buff *skb,
1513
+
struct net_device *dev)
1742
1514
{
1743
1515
struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1744
1516
struct ieee80211_tx_packet_data *pkt_data;
···
1847
1619
* build in headroom in __dev_alloc_skb() (linux/skbuff.h) and
1848
1620
* alloc_skb() (net/core/skbuff.c)
1849
1621
*/
1850
-
head_need = hdrlen + encaps_len + local->hw.extra_tx_headroom;
1622
+
head_need = hdrlen + encaps_len + local->tx_headroom;
1851
1623
head_need -= skb_headroom(skb);
1852
1624
1853
1625
/* We are going to modify skb data, so make a copy of it if happens to
···
1886
1658
1887
1659
pkt_data = (struct ieee80211_tx_packet_data *)skb->cb;
1888
1660
memset(pkt_data, 0, sizeof(struct ieee80211_tx_packet_data));
1889
-
pkt_data->ifindex = sdata->dev->ifindex;
1661
+
pkt_data->ifindex = dev->ifindex;
1890
1662
pkt_data->mgmt_iface = (sdata->type == IEEE80211_IF_TYPE_MGMT);
1891
1663
pkt_data->do_not_encrypt = no_encrypt;
1892
1664
···
1934
1706
return 0;
1935
1707
}
1936
1708
1937
-
if (skb_headroom(skb) < sdata->local->hw.extra_tx_headroom) {
1938
-
if (pskb_expand_head(skb,
1939
-
sdata->local->hw.extra_tx_headroom, 0, GFP_ATOMIC)) {
1709
+
if (skb_headroom(skb) < sdata->local->tx_headroom) {
1710
+
if (pskb_expand_head(skb, sdata->local->tx_headroom,
1711
+
0, GFP_ATOMIC)) {
1940
1712
dev_kfree_skb(skb);
1941
1713
return 0;
1942
1714
}
···
2075
1847
bh_len = ap->beacon_head_len;
2076
1848
bt_len = ap->beacon_tail_len;
2077
1849
2078
-
skb = dev_alloc_skb(local->hw.extra_tx_headroom +
1850
+
skb = dev_alloc_skb(local->tx_headroom +
2079
1851
bh_len + bt_len + 256 /* maximum TIM len */);
2080
1852
if (!skb)
2081
1853
return NULL;
2082
1854
2083
-
skb_reserve(skb, local->hw.extra_tx_headroom);
1855
+
skb_reserve(skb, local->tx_headroom);
2084
1856
memcpy(skb_put(skb, bh_len), b_head, bh_len);
2085
1857
2086
1858
ieee80211_include_sequence(sdata, (struct ieee80211_hdr *)skb->data);
···
2604
2376
struct ieee80211_if_init_conf conf;
2605
2377
2606
2378
if (local->open_count && local->open_count == local->monitors &&
2607
-
!(local->hw.flags & IEEE80211_HW_MONITOR_DURING_OPER) &&
2608
-
local->ops->add_interface) {
2379
+
!(local->hw.flags & IEEE80211_HW_MONITOR_DURING_OPER)) {
2609
2380
conf.if_id = -1;
2610
2381
conf.type = IEEE80211_IF_TYPE_MNTR;
2611
2382
conf.mac_addr = NULL;
···
2647
2420
}
2648
2421
ieee80211_start_soft_monitor(local);
2649
2422
2650
-
if (local->ops->add_interface) {
2651
-
conf.if_id = dev->ifindex;
2652
-
conf.type = sdata->type;
2653
-
conf.mac_addr = dev->dev_addr;
2654
-
res = local->ops->add_interface(local_to_hw(local), &conf);
2655
-
if (res) {
2656
-
if (sdata->type == IEEE80211_IF_TYPE_MNTR)
2657
-
ieee80211_start_hard_monitor(local);
2658
-
return res;
2659
-
}
2660
-
} else {
2661
-
if (sdata->type != IEEE80211_IF_TYPE_STA)
2662
-
return -EOPNOTSUPP;
2663
-
if (local->open_count > 0)
2664
-
return -ENOBUFS;
2423
+
conf.if_id = dev->ifindex;
2424
+
conf.type = sdata->type;
2425
+
conf.mac_addr = dev->dev_addr;
2426
+
res = local->ops->add_interface(local_to_hw(local), &conf);
2427
+
if (res) {
2428
+
if (sdata->type == IEEE80211_IF_TYPE_MNTR)
2429
+
ieee80211_start_hard_monitor(local);
2430
+
return res;
2665
2431
}
2666
2432
2667
2433
if (local->open_count == 0) {
···
3161
2941
}
3162
2942
EXPORT_SYMBOL(ieee80211_radar_status);
3163
2943
3164
-
int ieee80211_set_aid_for_sta(struct ieee80211_hw *hw, u8 *peer_address,
3165
-
u16 aid)
3166
-
{
3167
-
struct sk_buff *skb;
3168
-
struct ieee80211_msg_set_aid_for_sta *msg;
3169
-
struct ieee80211_local *local = hw_to_local(hw);
3170
-
3171
-
/* unlikely because if this event only happens for APs,
3172
-
* which require an open ap device. */
3173
-
if (unlikely(!local->apdev))
3174
-
return 0;
3175
-
3176
-
skb = dev_alloc_skb(sizeof(struct ieee80211_frame_info) +
3177
-
sizeof(struct ieee80211_msg_set_aid_for_sta));
3178
-
3179
-
if (!skb)
3180
-
return -ENOMEM;
3181
-
skb_reserve(skb, sizeof(struct ieee80211_frame_info));
3182
-
3183
-
msg = (struct ieee80211_msg_set_aid_for_sta *)
3184
-
skb_put(skb, sizeof(struct ieee80211_msg_set_aid_for_sta));
3185
-
memcpy(msg->sta_address, peer_address, ETH_ALEN);
3186
-
msg->aid = aid;
3187
-
3188
-
ieee80211_rx_mgmt(local, skb, NULL, ieee80211_msg_set_aid_for_sta);
3189
-
return 0;
3190
-
}
3191
-
EXPORT_SYMBOL(ieee80211_set_aid_for_sta);
3192
2944
3193
2945
static void ap_sta_ps_start(struct net_device *dev, struct sta_info *sta)
3194
2946
{
···
4476
4284
struct ieee80211_local *local = hw_to_local(hw);
4477
4285
u16 frag, type;
4478
4286
u32 msg_type;
4287
+
struct ieee80211_tx_status_rtap_hdr *rthdr;
4288
+
struct ieee80211_sub_if_data *sdata;
4289
+
int monitors;
4479
4290
4480
4291
if (!status) {
4481
4292
printk(KERN_ERR
···
4590
4395
local->dot11FailedCount++;
4591
4396
}
4592
4397
4593
-
if (!(status->control.flags & IEEE80211_TXCTL_REQ_TX_STATUS)
4594
-
|| unlikely(!local->apdev)) {
4595
-
dev_kfree_skb(skb);
4596
-
return;
4597
-
}
4598
-
4599
4398
msg_type = (status->flags & IEEE80211_TX_STATUS_ACK) ?
4600
4399
ieee80211_msg_tx_callback_ack : ieee80211_msg_tx_callback_fail;
4601
4400
4602
-
/* skb was the original skb used for TX. Clone it and give the clone
4603
-
* to netif_rx(). Free original skb. */
4604
-
skb2 = skb_copy(skb, GFP_ATOMIC);
4605
-
if (!skb2) {
4401
+
/* this was a transmitted frame, but now we want to reuse it */
4402
+
skb_orphan(skb);
4403
+
4404
+
if ((status->control.flags & IEEE80211_TXCTL_REQ_TX_STATUS) &&
4405
+
local->apdev) {
4406
+
if (local->monitors) {
4407
+
skb2 = skb_clone(skb, GFP_ATOMIC);
4408
+
} else {
4409
+
skb2 = skb;
4410
+
skb = NULL;
4411
+
}
4412
+
4413
+
if (skb2)
4414
+
/* Send frame to hostapd */
4415
+
ieee80211_rx_mgmt(local, skb2, NULL, msg_type);
4416
+
4417
+
if (!skb)
4418
+
return;
4419
+
}
4420
+
4421
+
if (!local->monitors) {
4606
4422
dev_kfree_skb(skb);
4607
4423
return;
4608
4424
}
4609
-
dev_kfree_skb(skb);
4610
-
skb = skb2;
4611
4425
4612
-
/* Send frame to hostapd */
4613
-
ieee80211_rx_mgmt(local, skb, NULL, msg_type);
4426
+
/* send frame to monitor interfaces now */
4427
+
4428
+
if (skb_headroom(skb) < sizeof(*rthdr)) {
4429
+
printk(KERN_ERR "ieee80211_tx_status: headroom too small\n");
4430
+
dev_kfree_skb(skb);
4431
+
return;
4432
+
}
4433
+
4434
+
rthdr = (struct ieee80211_tx_status_rtap_hdr*)
4435
+
skb_push(skb, sizeof(*rthdr));
4436
+
4437
+
memset(rthdr, 0, sizeof(*rthdr));
4438
+
rthdr->hdr.it_len = cpu_to_le16(sizeof(*rthdr));
4439
+
rthdr->hdr.it_present =
4440
+
cpu_to_le32((1 << IEEE80211_RADIOTAP_TX_FLAGS) |
4441
+
(1 << IEEE80211_RADIOTAP_DATA_RETRIES));
4442
+
4443
+
if (!(status->flags & IEEE80211_TX_STATUS_ACK) &&
4444
+
!is_multicast_ether_addr(hdr->addr1))
4445
+
rthdr->tx_flags |= cpu_to_le16(IEEE80211_RADIOTAP_F_TX_FAIL);
4446
+
4447
+
if ((status->control.flags & IEEE80211_TXCTL_USE_RTS_CTS) &&
4448
+
(status->control.flags & IEEE80211_TXCTL_USE_CTS_PROTECT))
4449
+
rthdr->tx_flags |= cpu_to_le16(IEEE80211_RADIOTAP_F_TX_CTS);
4450
+
else if (status->control.flags & IEEE80211_TXCTL_USE_RTS_CTS)
4451
+
rthdr->tx_flags |= cpu_to_le16(IEEE80211_RADIOTAP_F_TX_RTS);
4452
+
4453
+
rthdr->data_retries = status->retry_count;
4454
+
4455
+
read_lock(&local->sub_if_lock);
4456
+
monitors = local->monitors;
4457
+
list_for_each_entry(sdata, &local->sub_if_list, list) {
4458
+
/*
4459
+
* Using the monitors counter is possibly racy, but
4460
+
* if the value is wrong we simply either clone the skb
4461
+
* once too much or forget sending it to one monitor iface
4462
+
* The latter case isn't nice but fixing the race is much
4463
+
* more complicated.
4464
+
*/
4465
+
if (!monitors || !skb)
4466
+
goto out;
4467
+
4468
+
if (sdata->type == IEEE80211_IF_TYPE_MNTR) {
4469
+
if (!netif_running(sdata->dev))
4470
+
continue;
4471
+
monitors--;
4472
+
if (monitors)
4473
+
skb2 = skb_clone(skb, GFP_KERNEL);
4474
+
else
4475
+
skb2 = NULL;
4476
+
skb->dev = sdata->dev;
4477
+
/* XXX: is this sufficient for BPF? */
4478
+
skb_set_mac_header(skb, 0);
4479
+
skb->ip_summed = CHECKSUM_UNNECESSARY;
4480
+
skb->pkt_type = PACKET_OTHERHOST;
4481
+
skb->protocol = htons(ETH_P_802_2);
4482
+
memset(skb->cb, 0, sizeof(skb->cb));
4483
+
netif_rx(skb);
4484
+
skb = skb2;
4485
+
break;
4486
+
}
4487
+
}
4488
+
out:
4489
+
read_unlock(&local->sub_if_lock);
4490
+
if (skb)
4491
+
dev_kfree_skb(skb);
4614
4492
}
4615
4493
EXPORT_SYMBOL(ieee80211_tx_status);
4616
4494
···
4887
4619
((sizeof(struct ieee80211_local) +
4888
4620
NETDEV_ALIGN_CONST) & ~NETDEV_ALIGN_CONST);
4889
4621
4622
+
BUG_ON(!ops->tx);
4623
+
BUG_ON(!ops->config);
4624
+
BUG_ON(!ops->add_interface);
4890
4625
local->ops = ops;
4891
4626
4892
4627
/* for now, mdev needs sub_if_data :/ */
···
4918
4647
local->short_retry_limit = 7;
4919
4648
local->long_retry_limit = 4;
4920
4649
local->hw.conf.radio_enabled = 1;
4921
-
local->rate_ctrl_num_up = RATE_CONTROL_NUM_UP;
4922
-
local->rate_ctrl_num_down = RATE_CONTROL_NUM_DOWN;
4923
4650
4924
4651
local->enabled_modes = (unsigned int) -1;
4925
4652
···
4980
4711
result = -ENOMEM;
4981
4712
goto fail_workqueue;
4982
4713
}
4714
+
4715
+
/*
4716
+
* The hardware needs headroom for sending the frame,
4717
+
* and we need some headroom for passing the frame to monitor
4718
+
* interfaces, but never both at the same time.
4719
+
*/
4720
+
local->tx_headroom = max(local->hw.extra_tx_headroom,
4721
+
sizeof(struct ieee80211_tx_status_rtap_hdr));
4983
4722
4984
4723
debugfs_hw_add(local);
4985
4724
+2
-7
net/mac80211/ieee80211_common.h
+2
-7
net/mac80211/ieee80211_common.h
···
47
47
ieee80211_msg_normal = 0,
48
48
ieee80211_msg_tx_callback_ack = 1,
49
49
ieee80211_msg_tx_callback_fail = 2,
50
-
ieee80211_msg_passive_scan = 3,
50
+
/* hole at 3, was ieee80211_msg_passive_scan but unused */
51
51
ieee80211_msg_wep_frame_unknown_key = 4,
52
52
ieee80211_msg_michael_mic_failure = 5,
53
53
/* hole at 6, was monitor but never sent to userspace */
54
54
ieee80211_msg_sta_not_assoc = 7,
55
-
ieee80211_msg_set_aid_for_sta = 8 /* used by Intersil MVC driver */,
55
+
/* 8 was ieee80211_msg_set_aid_for_sta */
56
56
ieee80211_msg_key_threshold_notification = 9,
57
57
ieee80211_msg_radar = 11,
58
-
};
59
-
60
-
struct ieee80211_msg_set_aid_for_sta {
61
-
char sta_address[ETH_ALEN];
62
-
u16 aid;
63
58
};
64
59
65
60
struct ieee80211_msg_key_notification {
+10
-4
net/mac80211/ieee80211_i.h
+10
-4
net/mac80211/ieee80211_i.h
···
99
99
int probe_resp;
100
100
unsigned long last_update;
101
101
102
+
/* during assocation, we save an ERP value from a probe response so
103
+
* that we can feed ERP info to the driver when handling the
104
+
* association completes. these fields probably won't be up-to-date
105
+
* otherwise, you probably don't want to use them. */
106
+
int has_erp_value;
107
+
u8 erp_value;
102
108
};
103
109
104
110
···
241
235
unsigned int authenticated:1;
242
236
unsigned int associated:1;
243
237
unsigned int probereq_poll:1;
244
-
unsigned int use_protection:1;
245
238
unsigned int create_ibss:1;
246
239
unsigned int mixed_cell:1;
247
240
unsigned int wmm_enabled:1;
···
283
278
int mc_count;
284
279
unsigned int allmulti:1;
285
280
unsigned int promisc:1;
281
+
unsigned int use_protection:1; /* CTS protect ERP frames */
286
282
287
283
struct net_device_stats stats;
288
284
int drop_unencrypted;
···
398
392
int monitors;
399
393
struct iw_statistics wstats;
400
394
u8 wstats_flags;
395
+
int tx_headroom; /* required headroom for hardware/radiotap */
401
396
402
397
enum {
403
398
IEEE80211_DEV_UNINITIALIZED = 0,
···
444
437
int *basic_rates[NUM_IEEE80211_MODES];
445
438
446
439
int rts_threshold;
447
-
int cts_protect_erp_frames;
448
440
int fragmentation_threshold;
449
441
int short_retry_limit; /* dot11ShortRetryLimit */
450
442
int long_retry_limit; /* dot11LongRetryLimit */
···
518
512
STA_ANTENNA_SEL_SW_CTRL = 1,
519
513
STA_ANTENNA_SEL_SW_CTRL_DEBUG = 2
520
514
} sta_antenna_sel;
521
-
522
-
int rate_ctrl_num_up, rate_ctrl_num_down;
523
515
524
516
#ifdef CONFIG_MAC80211_DEBUG_COUNTERS
525
517
/* TX/RX handler statistics */
···
723
719
struct ieee80211_hw_mode *mode);
724
720
void ieee80211_tx_set_iswep(struct ieee80211_txrx_data *tx);
725
721
int ieee80211_if_update_wds(struct net_device *dev, u8 *remote_addr);
722
+
int ieee80211_monitor_start_xmit(struct sk_buff *skb, struct net_device *dev);
723
+
int ieee80211_subif_start_xmit(struct sk_buff *skb, struct net_device *dev);
726
724
void ieee80211_if_setup(struct net_device *dev);
727
725
void ieee80211_if_mgmt_setup(struct net_device *dev);
728
726
int ieee80211_init_rate_ctrl_alg(struct ieee80211_local *local,
+3
net/mac80211/ieee80211_iface.c
+3
net/mac80211/ieee80211_iface.c
···
157
157
struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
158
158
int oldtype = sdata->type;
159
159
160
+
dev->hard_start_xmit = ieee80211_subif_start_xmit;
161
+
160
162
sdata->type = type;
161
163
switch (type) {
162
164
case IEEE80211_IF_TYPE_WDS:
···
198
196
}
199
197
case IEEE80211_IF_TYPE_MNTR:
200
198
dev->type = ARPHRD_IEEE80211_RADIOTAP;
199
+
dev->hard_start_xmit = ieee80211_monitor_start_xmit;
201
200
break;
202
201
default:
203
202
printk(KERN_WARNING "%s: %s: Unknown interface type 0x%x",
+69
-171
net/mac80211/ieee80211_ioctl.c
+69
-171
net/mac80211/ieee80211_ioctl.c
···
345
345
{
346
346
struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
347
347
struct iw_range *range = (struct iw_range *) extra;
348
+
struct ieee80211_hw_mode *mode = NULL;
349
+
int c = 0;
348
350
349
351
data->length = sizeof(struct iw_range);
350
352
memset(range, 0, sizeof(struct iw_range));
···
379
377
380
378
range->enc_capa = IW_ENC_CAPA_WPA | IW_ENC_CAPA_WPA2 |
381
379
IW_ENC_CAPA_CIPHER_TKIP | IW_ENC_CAPA_CIPHER_CCMP;
380
+
381
+
list_for_each_entry(mode, &local->modes_list, list) {
382
+
int i = 0;
383
+
384
+
if (!(local->enabled_modes & (1 << mode->mode)) ||
385
+
(local->hw_modes & local->enabled_modes &
386
+
(1 << MODE_IEEE80211G) && mode->mode == MODE_IEEE80211B))
387
+
continue;
388
+
389
+
while (i < mode->num_channels && c < IW_MAX_FREQUENCIES) {
390
+
struct ieee80211_channel *chan = &mode->channels[i];
391
+
392
+
if (chan->flag & IEEE80211_CHAN_W_SCAN) {
393
+
range->freq[c].i = chan->chan;
394
+
range->freq[c].m = chan->freq * 100000;
395
+
range->freq[c].e = 1;
396
+
c++;
397
+
}
398
+
i++;
399
+
}
400
+
}
401
+
range->num_channels = c;
402
+
range->num_frequency = c;
382
403
383
404
IW_EVENT_CAPA_SET_KERNEL(range->event_capa);
384
405
IW_EVENT_CAPA_SET(range->event_capa, SIOCGIWTHRSPY);
···
863
838
}
864
839
865
840
841
+
static int ieee80211_ioctl_siwrate(struct net_device *dev,
842
+
struct iw_request_info *info,
843
+
struct iw_param *rate, char *extra)
844
+
{
845
+
struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
846
+
struct ieee80211_hw_mode *mode;
847
+
int i;
848
+
u32 target_rate = rate->value / 100000;
849
+
struct ieee80211_sub_if_data *sdata;
850
+
851
+
sdata = IEEE80211_DEV_TO_SUB_IF(dev);
852
+
if (!sdata->bss)
853
+
return -ENODEV;
854
+
mode = local->oper_hw_mode;
855
+
/* target_rate = -1, rate->fixed = 0 means auto only, so use all rates
856
+
* target_rate = X, rate->fixed = 1 means only rate X
857
+
* target_rate = X, rate->fixed = 0 means all rates <= X */
858
+
sdata->bss->max_ratectrl_rateidx = -1;
859
+
sdata->bss->force_unicast_rateidx = -1;
860
+
if (rate->value < 0)
861
+
return 0;
862
+
for (i=0; i< mode->num_rates; i++) {
863
+
struct ieee80211_rate *rates = &mode->rates[i];
864
+
int this_rate = rates->rate;
865
+
866
+
if (mode->mode == MODE_ATHEROS_TURBO ||
867
+
mode->mode == MODE_ATHEROS_TURBOG)
868
+
this_rate *= 2;
869
+
if (target_rate == this_rate) {
870
+
sdata->bss->max_ratectrl_rateidx = i;
871
+
if (rate->fixed)
872
+
sdata->bss->force_unicast_rateidx = i;
873
+
break;
874
+
}
875
+
}
876
+
return 0;
877
+
}
878
+
866
879
static int ieee80211_ioctl_giwrate(struct net_device *dev,
867
880
struct iw_request_info *info,
868
881
struct iw_param *rate, char *extra)
···
1056
993
return 0;
1057
994
}
1058
995
1059
-
static int ieee80211_ioctl_clear_keys(struct net_device *dev)
1060
-
{
1061
-
struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1062
-
struct ieee80211_key_conf key;
1063
-
int i;
1064
-
u8 addr[ETH_ALEN];
1065
-
struct ieee80211_key_conf *keyconf;
1066
-
struct ieee80211_sub_if_data *sdata;
1067
-
struct sta_info *sta;
1068
-
1069
-
memset(addr, 0xff, ETH_ALEN);
1070
-
read_lock(&local->sub_if_lock);
1071
-
list_for_each_entry(sdata, &local->sub_if_list, list) {
1072
-
for (i = 0; i < NUM_DEFAULT_KEYS; i++) {
1073
-
keyconf = NULL;
1074
-
if (sdata->keys[i] &&
1075
-
!sdata->keys[i]->force_sw_encrypt &&
1076
-
local->ops->set_key &&
1077
-
(keyconf = ieee80211_key_data2conf(local,
1078
-
sdata->keys[i])))
1079
-
local->ops->set_key(local_to_hw(local),
1080
-
DISABLE_KEY, addr,
1081
-
keyconf, 0);
1082
-
kfree(keyconf);
1083
-
ieee80211_key_free(sdata->keys[i]);
1084
-
sdata->keys[i] = NULL;
1085
-
}
1086
-
sdata->default_key = NULL;
1087
-
}
1088
-
read_unlock(&local->sub_if_lock);
1089
-
1090
-
spin_lock_bh(&local->sta_lock);
1091
-
list_for_each_entry(sta, &local->sta_list, list) {
1092
-
keyconf = NULL;
1093
-
if (sta->key && !sta->key->force_sw_encrypt &&
1094
-
local->ops->set_key &&
1095
-
(keyconf = ieee80211_key_data2conf(local, sta->key)))
1096
-
local->ops->set_key(local_to_hw(local), DISABLE_KEY,
1097
-
sta->addr, keyconf, sta->aid);
1098
-
kfree(keyconf);
1099
-
ieee80211_key_free(sta->key);
1100
-
sta->key = NULL;
1101
-
}
1102
-
spin_unlock_bh(&local->sta_lock);
1103
-
1104
-
memset(&key, 0, sizeof(key));
1105
-
if (local->ops->set_key &&
1106
-
local->ops->set_key(local_to_hw(local), REMOVE_ALL_KEYS,
1107
-
NULL, &key, 0))
1108
-
printk(KERN_DEBUG "%s: failed to remove hwaccel keys\n",
1109
-
dev->name);
1110
-
1111
-
return 0;
1112
-
}
1113
-
1114
-
1115
-
static int
1116
-
ieee80211_ioctl_force_unicast_rate(struct net_device *dev,
1117
-
struct ieee80211_sub_if_data *sdata,
1118
-
int rate)
1119
-
{
1120
-
struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1121
-
struct ieee80211_hw_mode *mode;
1122
-
int i;
1123
-
1124
-
if (sdata->type != IEEE80211_IF_TYPE_AP)
1125
-
return -ENOENT;
1126
-
1127
-
if (rate == 0) {
1128
-
sdata->u.ap.force_unicast_rateidx = -1;
1129
-
return 0;
1130
-
}
1131
-
1132
-
mode = local->oper_hw_mode;
1133
-
for (i = 0; i < mode->num_rates; i++) {
1134
-
if (mode->rates[i].rate == rate) {
1135
-
sdata->u.ap.force_unicast_rateidx = i;
1136
-
return 0;
1137
-
}
1138
-
}
1139
-
return -EINVAL;
1140
-
}
1141
-
1142
-
1143
-
static int
1144
-
ieee80211_ioctl_max_ratectrl_rate(struct net_device *dev,
1145
-
struct ieee80211_sub_if_data *sdata,
1146
-
int rate)
1147
-
{
1148
-
struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1149
-
struct ieee80211_hw_mode *mode;
1150
-
int i;
1151
-
1152
-
if (sdata->type != IEEE80211_IF_TYPE_AP)
1153
-
return -ENOENT;
1154
-
1155
-
if (rate == 0) {
1156
-
sdata->u.ap.max_ratectrl_rateidx = -1;
1157
-
return 0;
1158
-
}
1159
-
1160
-
mode = local->oper_hw_mode;
1161
-
for (i = 0; i < mode->num_rates; i++) {
1162
-
if (mode->rates[i].rate == rate) {
1163
-
sdata->u.ap.max_ratectrl_rateidx = i;
1164
-
return 0;
1165
-
}
1166
-
}
1167
-
return -EINVAL;
1168
-
}
1169
-
1170
-
1171
996
static void ieee80211_key_enable_hwaccel(struct ieee80211_local *local,
1172
997
struct ieee80211_key *key)
1173
998
{
···
1179
1228
sdata->ieee802_1x = value;
1180
1229
break;
1181
1230
1182
-
case PRISM2_PARAM_ANTSEL_TX:
1183
-
local->hw.conf.antenna_sel_tx = value;
1184
-
if (ieee80211_hw_config(local))
1185
-
ret = -EINVAL;
1186
-
break;
1187
-
1188
-
case PRISM2_PARAM_ANTSEL_RX:
1189
-
local->hw.conf.antenna_sel_rx = value;
1190
-
if (ieee80211_hw_config(local))
1191
-
ret = -EINVAL;
1192
-
break;
1193
-
1194
1231
case PRISM2_PARAM_CTS_PROTECT_ERP_FRAMES:
1195
-
local->cts_protect_erp_frames = value;
1196
-
break;
1197
-
1198
-
case PRISM2_PARAM_DROP_UNENCRYPTED:
1199
-
sdata->drop_unencrypted = value;
1232
+
if (sdata->type != IEEE80211_IF_TYPE_AP)
1233
+
ret = -ENOENT;
1234
+
else
1235
+
sdata->use_protection = value;
1200
1236
break;
1201
1237
1202
1238
case PRISM2_PARAM_PREAMBLE:
···
1212
1274
local->next_mode = value;
1213
1275
break;
1214
1276
1215
-
case PRISM2_PARAM_CLEAR_KEYS:
1216
-
ret = ieee80211_ioctl_clear_keys(dev);
1217
-
break;
1218
-
1219
1277
case PRISM2_PARAM_RADIO_ENABLED:
1220
1278
ret = ieee80211_ioctl_set_radio_enabled(dev, value);
1221
1279
break;
···
1224
1290
1225
1291
case PRISM2_PARAM_STA_ANTENNA_SEL:
1226
1292
local->sta_antenna_sel = value;
1227
-
break;
1228
-
1229
-
case PRISM2_PARAM_FORCE_UNICAST_RATE:
1230
-
ret = ieee80211_ioctl_force_unicast_rate(dev, sdata, value);
1231
-
break;
1232
-
1233
-
case PRISM2_PARAM_MAX_RATECTRL_RATE:
1234
-
ret = ieee80211_ioctl_max_ratectrl_rate(dev, sdata, value);
1235
-
break;
1236
-
1237
-
case PRISM2_PARAM_RATE_CTRL_NUM_UP:
1238
-
local->rate_ctrl_num_up = value;
1239
-
break;
1240
-
1241
-
case PRISM2_PARAM_RATE_CTRL_NUM_DOWN:
1242
-
local->rate_ctrl_num_down = value;
1243
1293
break;
1244
1294
1245
1295
case PRISM2_PARAM_TX_POWER_REDUCTION:
···
1305
1387
*param = sdata->ieee802_1x;
1306
1388
break;
1307
1389
1308
-
case PRISM2_PARAM_ANTSEL_TX:
1309
-
*param = local->hw.conf.antenna_sel_tx;
1310
-
break;
1311
-
1312
-
case PRISM2_PARAM_ANTSEL_RX:
1313
-
*param = local->hw.conf.antenna_sel_rx;
1314
-
break;
1315
-
1316
1390
case PRISM2_PARAM_CTS_PROTECT_ERP_FRAMES:
1317
-
*param = local->cts_protect_erp_frames;
1318
-
break;
1319
-
1320
-
case PRISM2_PARAM_DROP_UNENCRYPTED:
1321
-
*param = sdata->drop_unencrypted;
1391
+
*param = sdata->use_protection;
1322
1392
break;
1323
1393
1324
1394
case PRISM2_PARAM_PREAMBLE:
···
1330
1424
1331
1425
case PRISM2_PARAM_STA_ANTENNA_SEL:
1332
1426
*param = local->sta_antenna_sel;
1333
-
break;
1334
-
1335
-
case PRISM2_PARAM_RATE_CTRL_NUM_UP:
1336
-
*param = local->rate_ctrl_num_up;
1337
-
break;
1338
-
1339
-
case PRISM2_PARAM_RATE_CTRL_NUM_DOWN:
1340
-
*param = local->rate_ctrl_num_down;
1341
1427
break;
1342
1428
1343
1429
case PRISM2_PARAM_TX_POWER_REDUCTION:
···
1699
1801
(iw_handler) NULL, /* SIOCGIWNICKN */
1700
1802
(iw_handler) NULL, /* -- hole -- */
1701
1803
(iw_handler) NULL, /* -- hole -- */
1702
-
(iw_handler) NULL, /* SIOCSIWRATE */
1804
+
(iw_handler) ieee80211_ioctl_siwrate, /* SIOCSIWRATE */
1703
1805
(iw_handler) ieee80211_ioctl_giwrate, /* SIOCGIWRATE */
1704
1806
(iw_handler) ieee80211_ioctl_siwrts, /* SIOCSIWRTS */
1705
1807
(iw_handler) ieee80211_ioctl_giwrts, /* SIOCGIWRTS */
+66
-32
net/mac80211/ieee80211_sta.c
+66
-32
net/mac80211/ieee80211_sta.c
···
76
76
77
77
/* Parsed Information Elements */
78
78
struct ieee802_11_elems {
79
+
/* pointers to IEs */
79
80
u8 *ssid;
80
-
u8 ssid_len;
81
81
u8 *supp_rates;
82
-
u8 supp_rates_len;
83
82
u8 *fh_params;
84
-
u8 fh_params_len;
85
83
u8 *ds_params;
86
-
u8 ds_params_len;
87
84
u8 *cf_params;
88
-
u8 cf_params_len;
89
85
u8 *tim;
90
-
u8 tim_len;
91
86
u8 *ibss_params;
92
-
u8 ibss_params_len;
93
87
u8 *challenge;
94
-
u8 challenge_len;
95
88
u8 *wpa;
96
-
u8 wpa_len;
97
89
u8 *rsn;
98
-
u8 rsn_len;
99
90
u8 *erp_info;
100
-
u8 erp_info_len;
101
91
u8 *ext_supp_rates;
102
-
u8 ext_supp_rates_len;
103
92
u8 *wmm_info;
104
-
u8 wmm_info_len;
105
93
u8 *wmm_param;
94
+
95
+
/* length of them, respectively */
96
+
u8 ssid_len;
97
+
u8 supp_rates_len;
98
+
u8 fh_params_len;
99
+
u8 ds_params_len;
100
+
u8 cf_params_len;
101
+
u8 tim_len;
102
+
u8 ibss_params_len;
103
+
u8 challenge_len;
104
+
u8 wpa_len;
105
+
u8 rsn_len;
106
+
u8 erp_info_len;
107
+
u8 ext_supp_rates_len;
108
+
u8 wmm_info_len;
106
109
u8 wmm_param_len;
107
110
};
108
111
···
314
311
}
315
312
316
313
314
+
static void ieee80211_handle_erp_ie(struct net_device *dev, u8 erp_value)
315
+
{
316
+
struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
317
+
struct ieee80211_if_sta *ifsta = &sdata->u.sta;
318
+
int use_protection = (erp_value & WLAN_ERP_USE_PROTECTION) != 0;
319
+
320
+
if (use_protection != sdata->use_protection) {
321
+
if (net_ratelimit()) {
322
+
printk(KERN_DEBUG "%s: CTS protection %s (BSSID="
323
+
MAC_FMT ")\n",
324
+
dev->name,
325
+
use_protection ? "enabled" : "disabled",
326
+
MAC_ARG(ifsta->bssid));
327
+
}
328
+
sdata->use_protection = use_protection;
329
+
}
330
+
}
331
+
332
+
317
333
static void ieee80211_sta_send_associnfo(struct net_device *dev,
318
334
struct ieee80211_if_sta *ifsta)
319
335
{
···
388
366
struct ieee80211_if_sta *ifsta, int assoc)
389
367
{
390
368
union iwreq_data wrqu;
369
+
struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
391
370
392
371
if (ifsta->associated == assoc)
393
372
return;
···
397
374
398
375
if (assoc) {
399
376
struct ieee80211_sub_if_data *sdata;
377
+
struct ieee80211_sta_bss *bss;
400
378
sdata = IEEE80211_DEV_TO_SUB_IF(dev);
401
379
if (sdata->type != IEEE80211_IF_TYPE_STA)
402
380
return;
381
+
382
+
bss = ieee80211_rx_bss_get(dev, ifsta->bssid);
383
+
if (bss) {
384
+
if (bss->has_erp_value)
385
+
ieee80211_handle_erp_ie(dev, bss->erp_value);
386
+
ieee80211_rx_bss_put(dev, bss);
387
+
}
388
+
403
389
netif_carrier_on(dev);
404
390
ifsta->prev_bssid_set = 1;
405
391
memcpy(ifsta->prev_bssid, sdata->u.sta.bssid, ETH_ALEN);
···
416
384
ieee80211_sta_send_associnfo(dev, ifsta);
417
385
} else {
418
386
netif_carrier_off(dev);
387
+
sdata->use_protection = 0;
419
388
memset(wrqu.ap_addr.sa_data, 0, ETH_ALEN);
420
389
}
421
390
wrqu.ap_addr.sa_family = ARPHRD_ETHER;
···
1207
1174
return;
1208
1175
}
1209
1176
1177
+
/* it probably doesn't, but if the frame includes an ERP value then
1178
+
* update our stored copy */
1179
+
if (elems.erp_info && elems.erp_info_len >= 1) {
1180
+
struct ieee80211_sta_bss *bss
1181
+
= ieee80211_rx_bss_get(dev, ifsta->bssid);
1182
+
if (bss) {
1183
+
bss->erp_value = elems.erp_info[0];
1184
+
bss->has_erp_value = 1;
1185
+
ieee80211_rx_bss_put(dev, bss);
1186
+
}
1187
+
}
1188
+
1210
1189
printk(KERN_DEBUG "%s: associated\n", dev->name);
1211
1190
ifsta->aid = aid;
1212
1191
ifsta->ap_capab = capab_info;
···
1541
1496
return;
1542
1497
}
1543
1498
1499
+
/* save the ERP value so that it is available at association time */
1500
+
if (elems.erp_info && elems.erp_info_len >= 1) {
1501
+
bss->erp_value = elems.erp_info[0];
1502
+
bss->has_erp_value = 1;
1503
+
}
1504
+
1544
1505
bss->beacon_int = le16_to_cpu(mgmt->u.beacon.beacon_int);
1545
1506
bss->capability = le16_to_cpu(mgmt->u.beacon.capab_info);
1546
1507
if (elems.ssid && elems.ssid_len <= IEEE80211_MAX_SSID_LEN) {
···
1662
1611
size_t len,
1663
1612
struct ieee80211_rx_status *rx_status)
1664
1613
{
1665
-
struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1666
1614
struct ieee80211_sub_if_data *sdata;
1667
1615
struct ieee80211_if_sta *ifsta;
1668
-
int use_protection;
1669
1616
size_t baselen;
1670
1617
struct ieee802_11_elems elems;
1671
1618
···
1687
1638
&elems) == ParseFailed)
1688
1639
return;
1689
1640
1690
-
use_protection = 0;
1691
-
if (elems.erp_info && elems.erp_info_len >= 1) {
1692
-
use_protection =
1693
-
(elems.erp_info[0] & ERP_INFO_USE_PROTECTION) != 0;
1694
-
}
1695
-
1696
-
if (use_protection != !!ifsta->use_protection) {
1697
-
if (net_ratelimit()) {
1698
-
printk(KERN_DEBUG "%s: CTS protection %s (BSSID="
1699
-
MAC_FMT ")\n",
1700
-
dev->name,
1701
-
use_protection ? "enabled" : "disabled",
1702
-
MAC_ARG(ifsta->bssid));
1703
-
}
1704
-
ifsta->use_protection = use_protection ? 1 : 0;
1705
-
local->cts_protect_erp_frames = use_protection;
1706
-
}
1641
+
if (elems.erp_info && elems.erp_info_len >= 1)
1642
+
ieee80211_handle_erp_ie(dev, elems.erp_info[0]);
1707
1643
1708
1644
if (elems.wmm_param && ifsta->wmm_enabled) {
1709
1645
ieee80211_sta_wmm_params(dev, ifsta, elems.wmm_param,
+6
-2
net/mac80211/rc80211_simple.c
+6
-2
net/mac80211/rc80211_simple.c
···
187
187
}
188
188
#endif
189
189
190
-
if (per_failed > local->rate_ctrl_num_down) {
190
+
/*
191
+
* XXX: Make these configurable once we have an
192
+
* interface to the rate control algorithms
193
+
*/
194
+
if (per_failed > RATE_CONTROL_NUM_DOWN) {
191
195
rate_control_rate_dec(local, sta);
192
-
} else if (per_failed < local->rate_ctrl_num_up) {
196
+
} else if (per_failed < RATE_CONTROL_NUM_UP) {
193
197
rate_control_rate_inc(local, sta);
194
198
}
195
199
srctrl->tx_avg_rate_sum += status->control.rate->rate;
+1
-1
net/wireless/Makefile
+1
-1
net/wireless/Makefile
+257
net/wireless/radiotap.c
+257
net/wireless/radiotap.c
···
1
+
/*
2
+
* Radiotap parser
3
+
*
4
+
* Copyright 2007 Andy Green <andy@warmcat.com>
5
+
*/
6
+
7
+
#include <net/cfg80211.h>
8
+
#include <net/ieee80211_radiotap.h>
9
+
#include <asm/unaligned.h>
10
+
11
+
/* function prototypes and related defs are in include/net/cfg80211.h */
12
+
13
+
/**
14
+
* ieee80211_radiotap_iterator_init - radiotap parser iterator initialization
15
+
* @iterator: radiotap_iterator to initialize
16
+
* @radiotap_header: radiotap header to parse
17
+
* @max_length: total length we can parse into (eg, whole packet length)
18
+
*
19
+
* Returns: 0 or a negative error code if there is a problem.
20
+
*
21
+
* This function initializes an opaque iterator struct which can then
22
+
* be passed to ieee80211_radiotap_iterator_next() to visit every radiotap
23
+
* argument which is present in the header. It knows about extended
24
+
* present headers and handles them.
25
+
*
26
+
* How to use:
27
+
* call __ieee80211_radiotap_iterator_init() to init a semi-opaque iterator
28
+
* struct ieee80211_radiotap_iterator (no need to init the struct beforehand)
29
+
* checking for a good 0 return code. Then loop calling
30
+
* __ieee80211_radiotap_iterator_next()... it returns either 0,
31
+
* -ENOENT if there are no more args to parse, or -EINVAL if there is a problem.
32
+
* The iterator's @this_arg member points to the start of the argument
33
+
* associated with the current argument index that is present, which can be
34
+
* found in the iterator's @this_arg_index member. This arg index corresponds
35
+
* to the IEEE80211_RADIOTAP_... defines.
36
+
*
37
+
* Radiotap header length:
38
+
* You can find the CPU-endian total radiotap header length in
39
+
* iterator->max_length after executing ieee80211_radiotap_iterator_init()
40
+
* successfully.
41
+
*
42
+
* Alignment Gotcha:
43
+
* You must take care when dereferencing iterator.this_arg
44
+
* for multibyte types... the pointer is not aligned. Use
45
+
* get_unaligned((type *)iterator.this_arg) to dereference
46
+
* iterator.this_arg for type "type" safely on all arches.
47
+
*
48
+
* Example code:
49
+
* See Documentation/networking/radiotap-headers.txt
50
+
*/
51
+
52
+
int ieee80211_radiotap_iterator_init(
53
+
struct ieee80211_radiotap_iterator *iterator,
54
+
struct ieee80211_radiotap_header *radiotap_header,
55
+
int max_length)
56
+
{
57
+
/* Linux only supports version 0 radiotap format */
58
+
if (radiotap_header->it_version)
59
+
return -EINVAL;
60
+
61
+
/* sanity check for allowed length and radiotap length field */
62
+
if (max_length < le16_to_cpu(get_unaligned(&radiotap_header->it_len)))
63
+
return -EINVAL;
64
+
65
+
iterator->rtheader = radiotap_header;
66
+
iterator->max_length = le16_to_cpu(get_unaligned(
67
+
&radiotap_header->it_len));
68
+
iterator->arg_index = 0;
69
+
iterator->bitmap_shifter = le32_to_cpu(get_unaligned(
70
+
&radiotap_header->it_present));
71
+
iterator->arg = (u8 *)radiotap_header + sizeof(*radiotap_header);
72
+
iterator->this_arg = NULL;
73
+
74
+
/* find payload start allowing for extended bitmap(s) */
75
+
76
+
if (unlikely(iterator->bitmap_shifter & (1<<IEEE80211_RADIOTAP_EXT))) {
77
+
while (le32_to_cpu(get_unaligned((__le32 *)iterator->arg)) &
78
+
(1<<IEEE80211_RADIOTAP_EXT)) {
79
+
iterator->arg += sizeof(u32);
80
+
81
+
/*
82
+
* check for insanity where the present bitmaps
83
+
* keep claiming to extend up to or even beyond the
84
+
* stated radiotap header length
85
+
*/
86
+
87
+
if (((ulong)iterator->arg -
88
+
(ulong)iterator->rtheader) > iterator->max_length)
89
+
return -EINVAL;
90
+
}
91
+
92
+
iterator->arg += sizeof(u32);
93
+
94
+
/*
95
+
* no need to check again for blowing past stated radiotap
96
+
* header length, because ieee80211_radiotap_iterator_next
97
+
* checks it before it is dereferenced
98
+
*/
99
+
}
100
+
101
+
/* we are all initialized happily */
102
+
103
+
return 0;
104
+
}
105
+
EXPORT_SYMBOL(ieee80211_radiotap_iterator_init);
106
+
107
+
108
+
/**
109
+
* ieee80211_radiotap_iterator_next - return next radiotap parser iterator arg
110
+
* @iterator: radiotap_iterator to move to next arg (if any)
111
+
*
112
+
* Returns: 0 if there is an argument to handle,
113
+
* -ENOENT if there are no more args or -EINVAL
114
+
* if there is something else wrong.
115
+
*
116
+
* This function provides the next radiotap arg index (IEEE80211_RADIOTAP_*)
117
+
* in @this_arg_index and sets @this_arg to point to the
118
+
* payload for the field. It takes care of alignment handling and extended
119
+
* present fields. @this_arg can be changed by the caller (eg,
120
+
* incremented to move inside a compound argument like
121
+
* IEEE80211_RADIOTAP_CHANNEL). The args pointed to are in
122
+
* little-endian format whatever the endianess of your CPU.
123
+
*
124
+
* Alignment Gotcha:
125
+
* You must take care when dereferencing iterator.this_arg
126
+
* for multibyte types... the pointer is not aligned. Use
127
+
* get_unaligned((type *)iterator.this_arg) to dereference
128
+
* iterator.this_arg for type "type" safely on all arches.
129
+
*/
130
+
131
+
int ieee80211_radiotap_iterator_next(
132
+
struct ieee80211_radiotap_iterator *iterator)
133
+
{
134
+
135
+
/*
136
+
* small length lookup table for all radiotap types we heard of
137
+
* starting from b0 in the bitmap, so we can walk the payload
138
+
* area of the radiotap header
139
+
*
140
+
* There is a requirement to pad args, so that args
141
+
* of a given length must begin at a boundary of that length
142
+
* -- but note that compound args are allowed (eg, 2 x u16
143
+
* for IEEE80211_RADIOTAP_CHANNEL) so total arg length is not
144
+
* a reliable indicator of alignment requirement.
145
+
*
146
+
* upper nybble: content alignment for arg
147
+
* lower nybble: content length for arg
148
+
*/
149
+
150
+
static const u8 rt_sizes[] = {
151
+
[IEEE80211_RADIOTAP_TSFT] = 0x88,
152
+
[IEEE80211_RADIOTAP_FLAGS] = 0x11,
153
+
[IEEE80211_RADIOTAP_RATE] = 0x11,
154
+
[IEEE80211_RADIOTAP_CHANNEL] = 0x24,
155
+
[IEEE80211_RADIOTAP_FHSS] = 0x22,
156
+
[IEEE80211_RADIOTAP_DBM_ANTSIGNAL] = 0x11,
157
+
[IEEE80211_RADIOTAP_DBM_ANTNOISE] = 0x11,
158
+
[IEEE80211_RADIOTAP_LOCK_QUALITY] = 0x22,
159
+
[IEEE80211_RADIOTAP_TX_ATTENUATION] = 0x22,
160
+
[IEEE80211_RADIOTAP_DB_TX_ATTENUATION] = 0x22,
161
+
[IEEE80211_RADIOTAP_DBM_TX_POWER] = 0x11,
162
+
[IEEE80211_RADIOTAP_ANTENNA] = 0x11,
163
+
[IEEE80211_RADIOTAP_DB_ANTSIGNAL] = 0x11,
164
+
[IEEE80211_RADIOTAP_DB_ANTNOISE] = 0x11
165
+
/*
166
+
* add more here as they are defined in
167
+
* include/net/ieee80211_radiotap.h
168
+
*/
169
+
};
170
+
171
+
/*
172
+
* for every radiotap entry we can at
173
+
* least skip (by knowing the length)...
174
+
*/
175
+
176
+
while (iterator->arg_index < sizeof(rt_sizes)) {
177
+
int hit = 0;
178
+
int pad;
179
+
180
+
if (!(iterator->bitmap_shifter & 1))
181
+
goto next_entry; /* arg not present */
182
+
183
+
/*
184
+
* arg is present, account for alignment padding
185
+
* 8-bit args can be at any alignment
186
+
* 16-bit args must start on 16-bit boundary
187
+
* 32-bit args must start on 32-bit boundary
188
+
* 64-bit args must start on 64-bit boundary
189
+
*
190
+
* note that total arg size can differ from alignment of
191
+
* elements inside arg, so we use upper nybble of length
192
+
* table to base alignment on
193
+
*
194
+
* also note: these alignments are ** relative to the
195
+
* start of the radiotap header **. There is no guarantee
196
+
* that the radiotap header itself is aligned on any
197
+
* kind of boundary.
198
+
*
199
+
* the above is why get_unaligned() is used to dereference
200
+
* multibyte elements from the radiotap area
201
+
*/
202
+
203
+
pad = (((ulong)iterator->arg) -
204
+
((ulong)iterator->rtheader)) &
205
+
((rt_sizes[iterator->arg_index] >> 4) - 1);
206
+
207
+
if (pad)
208
+
iterator->arg +=
209
+
(rt_sizes[iterator->arg_index] >> 4) - pad;
210
+
211
+
/*
212
+
* this is what we will return to user, but we need to
213
+
* move on first so next call has something fresh to test
214
+
*/
215
+
iterator->this_arg_index = iterator->arg_index;
216
+
iterator->this_arg = iterator->arg;
217
+
hit = 1;
218
+
219
+
/* internally move on the size of this arg */
220
+
iterator->arg += rt_sizes[iterator->arg_index] & 0x0f;
221
+
222
+
/*
223
+
* check for insanity where we are given a bitmap that
224
+
* claims to have more arg content than the length of the
225
+
* radiotap section. We will normally end up equalling this
226
+
* max_length on the last arg, never exceeding it.
227
+
*/
228
+
229
+
if (((ulong)iterator->arg - (ulong)iterator->rtheader) >
230
+
iterator->max_length)
231
+
return -EINVAL;
232
+
233
+
next_entry:
234
+
iterator->arg_index++;
235
+
if (unlikely((iterator->arg_index & 31) == 0)) {
236
+
/* completed current u32 bitmap */
237
+
if (iterator->bitmap_shifter & 1) {
238
+
/* b31 was set, there is more */
239
+
/* move to next u32 bitmap */
240
+
iterator->bitmap_shifter = le32_to_cpu(
241
+
get_unaligned(iterator->next_bitmap));
242
+
iterator->next_bitmap++;
243
+
} else
244
+
/* no more bitmaps: end */
245
+
iterator->arg_index = sizeof(rt_sizes);
246
+
} else /* just try the next bit */
247
+
iterator->bitmap_shifter >>= 1;
248
+
249
+
/* if we found a valid arg earlier, return it now */
250
+
if (hit)
251
+
return 0;
252
+
}
253
+
254
+
/* we don't know how to handle any more args, we're done */
255
+
return -ENOENT;
256
+
}
257
+
EXPORT_SYMBOL(ieee80211_radiotap_iterator_next);