[deliverable/linux.git] / net / ieee80211 / ieee80211_tx.c

/******************************************************************************

  Copyright(c) 2003 - 2004 Intel Corporation. All rights reserved.

  This program is free software; you can redistribute it and/or modify it
  under the terms of version 2 of the GNU General Public License as
  published by the Free Software Foundation.

  This program is distributed in the hope that it will be useful, but WITHOUT
  ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
  more details.

  You should have received a copy of the GNU General Public License along with
  this program; if not, write to the Free Software Foundation, Inc., 59
  Temple Place - Suite 330, Boston, MA  02111-1307, USA.

  The full GNU General Public License is included in this distribution in the
  file called LICENSE.

  Contact Information:
  James P. Ketrenos <ipw2100-admin@linux.intel.com>
  Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497

******************************************************************************/
#include <linux/compiler.h>
#include <linux/config.h>
#include <linux/errno.h>
#include <linux/if_arp.h>
#include <linux/in6.h>
#include <linux/in.h>
#include <linux/ip.h>
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/netdevice.h>
#include <linux/proc_fs.h>
#include <linux/skbuff.h>
#include <linux/slab.h>
#include <linux/tcp.h>
#include <linux/types.h>
#include <linux/version.h>
#include <linux/wireless.h>
#include <linux/etherdevice.h>
#include <asm/uaccess.h>

#include <net/ieee80211.h>

/*

802.11 Data Frame

      ,-------------------------------------------------------------------.
Bytes |  2   |  2   |    6    |    6    |    6    |  2   | 0..2312 |   4  |
      |------|------|---------|---------|---------|------|---------|------|
Desc. | ctrl | dura |  DA/RA  |   TA    |    SA   | Sequ |  Frame  |  fcs |
      |      | tion | (BSSID) |         |         | ence |  data   |      |
      `--------------------------------------------------|         |------'
Total: 28 non-data bytes                                 `----.----'
                                                              |
       .- 'Frame data' expands to <---------------------------'
       |
       V
      ,---------------------------------------------------.
Bytes |  1   |  1   |    1    |    3     |  2   |  0-2304 |
      |------|------|---------|----------|------|---------|
Desc. | SNAP | SNAP | Control |Eth Tunnel| Type | IP      |
      | DSAP | SSAP |         |          |      | Packet  |
      | 0xAA | 0xAA |0x03 (UI)|0x00-00-F8|      |         |
      `-----------------------------------------|         |
Total: 8 non-data bytes                         `----.----'
                                                     |
       .- 'IP Packet' expands, if WEP enabled, to <--'
       |
       V
      ,-----------------------.
Bytes |  4  |   0-2296  |  4  |
      |-----|-----------|-----|
Desc. | IV  | Encrypted | ICV |
      |     | IP Packet |     |
      `-----------------------'
Total: 8 non-data bytes

802.3 Ethernet Data Frame

      ,-----------------------------------------.
Bytes |   6   |   6   |  2   |  Variable |   4  |
      |-------|-------|------|-----------|------|
Desc. | Dest. | Source| Type | IP Packet |  fcs |
      |  MAC  |  MAC  |      |           |      |
      `-----------------------------------------'
Total: 18 non-data bytes

In the event that fragmentation is required, the incoming payload is split into
N parts of size ieee->fts.  The first fragment contains the SNAP header and the
remaining packets are just data.

If encryption is enabled, each fragment payload size is reduced by enough space
to add the prefix and postfix (IV and ICV totalling 8 bytes in the case of WEP)
So if you have 1500 bytes of payload with ieee->fts set to 500 without
encryption it will take 3 frames.  With WEP it will take 4 frames as the
payload of each frame is reduced to 492 bytes.

* SKB visualization
*
*  ,- skb->data
* |
* |    ETHERNET HEADER        ,-<-- PAYLOAD
* |                           |     14 bytes from skb->data
* |  2 bytes for Type --> ,T. |     (sizeof ethhdr)
* |                       | | |
* |,-Dest.--. ,--Src.---. | | |
* |  6 bytes| | 6 bytes | | | |
* v         | |         | | | |
* 0         | v       1 | v | v           2
* 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
*     ^     | ^         | ^ |
*     |     | |         | | |
*     |     | |         | `T' <---- 2 bytes for Type
*     |     | |         |
*     |     | '---SNAP--' <-------- 6 bytes for SNAP
*     |     |
*     `-IV--' <-------------------- 4 bytes for IV (WEP)
*
*      SNAP HEADER
*
*/

static u8 P802_1H_OUI[P80211_OUI_LEN] = { 0x00, 0x00, 0xf8 };
static u8 RFC1042_OUI[P80211_OUI_LEN] = { 0x00, 0x00, 0x00 };

static inline int ieee80211_put_snap(u8 * data, u16 h_proto)
{
	struct ieee80211_snap_hdr *snap;
	u8 *oui;

	snap = (struct ieee80211_snap_hdr *)data;
	snap->dsap = 0xaa;
	snap->ssap = 0xaa;
	snap->ctrl = 0x03;

	if (h_proto == 0x8137 || h_proto == 0x80f3)
		oui = P802_1H_OUI;
	else
		oui = RFC1042_OUI;
	snap->oui[0] = oui[0];
	snap->oui[1] = oui[1];
	snap->oui[2] = oui[2];

	*(u16 *) (data + SNAP_SIZE) = htons(h_proto);

	return SNAP_SIZE + sizeof(u16);
}

static inline int ieee80211_encrypt_fragment(struct ieee80211_device *ieee,
					     struct sk_buff *frag, int hdr_len)
{
	struct ieee80211_crypt_data *crypt = ieee->crypt[ieee->tx_keyidx];
	int res;

#ifdef CONFIG_IEEE80211_CRYPT_TKIP
	struct ieee80211_hdr *header;

	if (ieee->tkip_countermeasures &&
	    crypt && crypt->ops && strcmp(crypt->ops->name, "TKIP") == 0) {
		header = (struct ieee80211_hdr *)frag->data;
		if (net_ratelimit()) {
			printk(KERN_DEBUG "%s: TKIP countermeasures: dropped "
			       "TX packet to " MAC_FMT "\n",
			       ieee->dev->name, MAC_ARG(header->addr1));
		}
		return -1;
	}
#endif
	/* To encrypt, frame format is:
	 * IV (4 bytes), clear payload (including SNAP), ICV (4 bytes) */

	// PR: FIXME: Copied from hostap. Check fragmentation/MSDU/MPDU encryption.
	/* Host-based IEEE 802.11 fragmentation for TX is not yet supported, so
	 * call both MSDU and MPDU encryption functions from here. */
	atomic_inc(&crypt->refcnt);
	res = 0;
	if (crypt->ops->encrypt_msdu)
		res = crypt->ops->encrypt_msdu(frag, hdr_len, crypt->priv);
	if (res == 0 && crypt->ops->encrypt_mpdu)
		res = crypt->ops->encrypt_mpdu(frag, hdr_len, crypt->priv);

	atomic_dec(&crypt->refcnt);
	if (res < 0) {
		printk(KERN_INFO "%s: Encryption failed: len=%d.\n",
		       ieee->dev->name, frag->len);
		ieee->ieee_stats.tx_discards++;
		return -1;
	}

	return 0;
}

void ieee80211_txb_free(struct ieee80211_txb *txb)
{
	int i;
	if (unlikely(!txb))
		return;
	for (i = 0; i < txb->nr_frags; i++)
		if (txb->fragments[i])
			dev_kfree_skb_any(txb->fragments[i]);
	kfree(txb);
}

static struct ieee80211_txb *ieee80211_alloc_txb(int nr_frags, int txb_size,
						 int gfp_mask)
{
	struct ieee80211_txb *txb;
	int i;
	txb = kmalloc(sizeof(struct ieee80211_txb) + (sizeof(u8 *) * nr_frags),
		      gfp_mask);
	if (!txb)
		return NULL;

	memset(txb, 0, sizeof(struct ieee80211_txb));
	txb->nr_frags = nr_frags;
	txb->frag_size = txb_size;

	for (i = 0; i < nr_frags; i++) {
		txb->fragments[i] = dev_alloc_skb(txb_size);
		if (unlikely(!txb->fragments[i])) {
			i--;
			break;
		}
	}
	if (unlikely(i != nr_frags)) {
		while (i >= 0)
			dev_kfree_skb_any(txb->fragments[i--]);
		kfree(txb);
		return NULL;
	}
	return txb;
}

/* SKBs are added to the ieee->tx_queue. */
int ieee80211_xmit(struct sk_buff *skb, struct net_device *dev)
{
	struct ieee80211_device *ieee = netdev_priv(dev);
	struct ieee80211_txb *txb = NULL;
	struct ieee80211_hdr *frag_hdr;
	int i, bytes_per_frag, nr_frags, bytes_last_frag, frag_size;
	unsigned long flags;
	struct net_device_stats *stats = &ieee->stats;
	int ether_type, encrypt;
	int bytes, fc, hdr_len;
	struct sk_buff *skb_frag;
	struct ieee80211_hdr header = {	/* Ensure zero initialized */
		.duration_id = 0,
		.seq_ctl = 0
	};
	u8 dest[ETH_ALEN], src[ETH_ALEN];

	struct ieee80211_crypt_data *crypt;

	spin_lock_irqsave(&ieee->lock, flags);

	/* If there is no driver handler to take the TXB, dont' bother
	 * creating it... */
	if (!ieee->hard_start_xmit) {
		printk(KERN_WARNING "%s: No xmit handler.\n", ieee->dev->name);
		goto success;
	}

	if (unlikely(skb->len < SNAP_SIZE + sizeof(u16))) {
		printk(KERN_WARNING "%s: skb too small (%d).\n",
		       ieee->dev->name, skb->len);
		goto success;
	}

	ether_type = ntohs(((struct ethhdr *)skb->data)->h_proto);

	crypt = ieee->crypt[ieee->tx_keyidx];

	encrypt = !(ether_type == ETH_P_PAE && ieee->ieee802_1x) &&
	    ieee->host_encrypt && crypt && crypt->ops;

	if (!encrypt && ieee->ieee802_1x &&
	    ieee->drop_unencrypted && ether_type != ETH_P_PAE) {
		stats->tx_dropped++;
		goto success;
	}

	/* Save source and destination addresses */
	memcpy(&dest, skb->data, ETH_ALEN);
	memcpy(&src, skb->data + ETH_ALEN, ETH_ALEN);

	/* Advance the SKB to the start of the payload */
	skb_pull(skb, sizeof(struct ethhdr));

	/* Determine total amount of storage required for TXB packets */
	bytes = skb->len + SNAP_SIZE + sizeof(u16);

	if (encrypt)
		fc = IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA |
		    IEEE80211_FCTL_PROTECTED;
	else
		fc = IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA;

	if (ieee->iw_mode == IW_MODE_INFRA) {
		fc |= IEEE80211_FCTL_TODS;
		/* To DS: Addr1 = BSSID, Addr2 = SA,
		   Addr3 = DA */
		memcpy(&header.addr1, ieee->bssid, ETH_ALEN);
		memcpy(&header.addr2, &src, ETH_ALEN);
		memcpy(&header.addr3, &dest, ETH_ALEN);
	} else if (ieee->iw_mode == IW_MODE_ADHOC) {
		/* not From/To DS: Addr1 = DA, Addr2 = SA,
		   Addr3 = BSSID */
		memcpy(&header.addr1, dest, ETH_ALEN);
		memcpy(&header.addr2, src, ETH_ALEN);
		memcpy(&header.addr3, ieee->bssid, ETH_ALEN);
	}
	header.frame_ctl = cpu_to_le16(fc);
	hdr_len = IEEE80211_3ADDR_LEN;

	/* Determine fragmentation size based on destination (multicast
	 * and broadcast are not fragmented) */
	if (is_multicast_ether_addr(dest) || is_broadcast_ether_addr(dest))
		frag_size = MAX_FRAG_THRESHOLD;
	else
		frag_size = ieee->fts;

	/* Determine amount of payload per fragment.  Regardless of if
	 * this stack is providing the full 802.11 header, one will
	 * eventually be affixed to this fragment -- so we must account for
	 * it when determining the amount of payload space. */
	bytes_per_frag = frag_size - IEEE80211_3ADDR_LEN;
	if (ieee->config &
	    (CFG_IEEE80211_COMPUTE_FCS | CFG_IEEE80211_RESERVE_FCS))
		bytes_per_frag -= IEEE80211_FCS_LEN;

	/* Each fragment may need to have room for encryptiong pre/postfix */
	if (encrypt)
		bytes_per_frag -= crypt->ops->extra_prefix_len +
		    crypt->ops->extra_postfix_len;

	/* Number of fragments is the total bytes_per_frag /
	 * payload_per_fragment */
	nr_frags = bytes / bytes_per_frag;
	bytes_last_frag = bytes % bytes_per_frag;
	if (bytes_last_frag)
		nr_frags++;
	else
		bytes_last_frag = bytes_per_frag;

	/* When we allocate the TXB we allocate enough space for the reserve
	 * and full fragment bytes (bytes_per_frag doesn't include prefix,
	 * postfix, header, FCS, etc.) */
	txb = ieee80211_alloc_txb(nr_frags, frag_size, GFP_ATOMIC);
	if (unlikely(!txb)) {
		printk(KERN_WARNING "%s: Could not allocate TXB\n",
		       ieee->dev->name);
		goto failed;
	}
	txb->encrypted = encrypt;
	txb->payload_size = bytes;

	for (i = 0; i < nr_frags; i++) {
		skb_frag = txb->fragments[i];

		if (encrypt)
			skb_reserve(skb_frag, crypt->ops->extra_prefix_len);

		frag_hdr = (struct ieee80211_hdr *)skb_put(skb_frag, hdr_len);
		memcpy(frag_hdr, &header, hdr_len);

		/* If this is not the last fragment, then add the MOREFRAGS
		 * bit to the frame control */
		if (i != nr_frags - 1) {
			frag_hdr->frame_ctl =
			    cpu_to_le16(fc | IEEE80211_FCTL_MOREFRAGS);
			bytes = bytes_per_frag;
		} else {
			/* The last fragment takes the remaining length */
			bytes = bytes_last_frag;
		}

		/* Put a SNAP header on the first fragment */
		if (i == 0) {
			ieee80211_put_snap(skb_put
					   (skb_frag, SNAP_SIZE + sizeof(u16)),
					   ether_type);
			bytes -= SNAP_SIZE + sizeof(u16);
		}

		memcpy(skb_put(skb_frag, bytes), skb->data, bytes);

		/* Advance the SKB... */
		skb_pull(skb, bytes);

		/* Encryption routine will move the header forward in order
		 * to insert the IV between the header and the payload */
		if (encrypt)
			ieee80211_encrypt_fragment(ieee, skb_frag, hdr_len);
		if (ieee->config &
		    (CFG_IEEE80211_COMPUTE_FCS | CFG_IEEE80211_RESERVE_FCS))
			skb_put(skb_frag, 4);
	}

      success:
	spin_unlock_irqrestore(&ieee->lock, flags);

	dev_kfree_skb_any(skb);

	if (txb) {
		if ((*ieee->hard_start_xmit) (txb, dev) == 0) {
			stats->tx_packets++;
			stats->tx_bytes += txb->payload_size;
			return 0;
		}
		ieee80211_txb_free(txb);
	}

	return 0;

      failed:
	spin_unlock_irqrestore(&ieee->lock, flags);
	netif_stop_queue(dev);
	stats->tx_errors++;
	return 1;

}

EXPORT_SYMBOL(ieee80211_txb_free);
Commit	Line	Data
b453872c JG	1	/******************************************************************************
	2
	3	Copyright(c) 2003 - 2004 Intel Corporation. All rights reserved.
	4
	5	This program is free software; you can redistribute it and/or modify it
	6	under the terms of version 2 of the GNU General Public License as
	7	published by the Free Software Foundation.
	8
	9	This program is distributed in the hope that it will be useful, but WITHOUT
	10	ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
	11	FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
	12	more details.
	13
	14	You should have received a copy of the GNU General Public License along with
	15	this program; if not, write to the Free Software Foundation, Inc., 59
	16	Temple Place - Suite 330, Boston, MA 02111-1307, USA.
	17
	18	The full GNU General Public License is included in this distribution in the
	19	file called LICENSE.
	20
	21	Contact Information:
	22	James P. Ketrenos <ipw2100-admin@linux.intel.com>
	23	Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497
	24
	25	******************************************************************************/
	26	#include <linux/compiler.h>
	27	#include <linux/config.h>
	28	#include <linux/errno.h>
	29	#include <linux/if_arp.h>
	30	#include <linux/in6.h>
	31	#include <linux/in.h>
	32	#include <linux/ip.h>
	33	#include <linux/kernel.h>
	34	#include <linux/module.h>
	35	#include <linux/netdevice.h>
b453872c JG	36	#include <linux/proc_fs.h>
	37	#include <linux/skbuff.h>
	38	#include <linux/slab.h>
	39	#include <linux/tcp.h>
	40	#include <linux/types.h>
	41	#include <linux/version.h>
	42	#include <linux/wireless.h>
	43	#include <linux/etherdevice.h>
	44	#include <asm/uaccess.h>
	45
	46	#include <net/ieee80211.h>
	47
b453872c JG	48	/*
b453872c JG	49
b453872c JG	50	802.11 Data Frame
	51
	52	,-------------------------------------------------------------------.
	53	Bytes \| 2 \| 2 \| 6 \| 6 \| 6 \| 2 \| 0..2312 \| 4 \|
	54	\|------\|------\|---------\|---------\|---------\|------\|---------\|------\|
	55	Desc. \| ctrl \| dura \| DA/RA \| TA \| SA \| Sequ \| Frame \| fcs \|
	56	\| \| tion \| (BSSID) \| \| \| ence \| data \| \|
	57	`--------------------------------------------------\| \|------'
	58	Total: 28 non-data bytes `----.----'
	59	\|
	60	.- 'Frame data' expands to <---------------------------'
	61	\|
	62	V
	63	,---------------------------------------------------.
	64	Bytes \| 1 \| 1 \| 1 \| 3 \| 2 \| 0-2304 \|
	65	\|------\|------\|---------\|----------\|------\|---------\|
	66	Desc. \| SNAP \| SNAP \| Control \|Eth Tunnel\| Type \| IP \|
	67	\| DSAP \| SSAP \| \| \| \| Packet \|
	68	\| 0xAA \| 0xAA \|0x03 (UI)\|0x00-00-F8\| \| \|
	69	`-----------------------------------------\| \|
	70	Total: 8 non-data bytes `----.----'
	71	\|
	72	.- 'IP Packet' expands, if WEP enabled, to <--'
	73	\|
	74	V
	75	,-----------------------.
	76	Bytes \| 4 \| 0-2296 \| 4 \|
	77	\|-----\|-----------\|-----\|
	78	Desc. \| IV \| Encrypted \| ICV \|
	79	\| \| IP Packet \| \|
	80	`-----------------------'
	81	Total: 8 non-data bytes
	82
b453872c JG	83	802.3 Ethernet Data Frame
	84
	85	,-----------------------------------------.
	86	Bytes \| 6 \| 6 \| 2 \| Variable \| 4 \|
	87	\|-------\|-------\|------\|-----------\|------\|
	88	Desc. \| Dest. \| Source\| Type \| IP Packet \| fcs \|
	89	\| MAC \| MAC \| \| \| \|
	90	`-----------------------------------------'
	91	Total: 18 non-data bytes
	92
	93	In the event that fragmentation is required, the incoming payload is split into
	94	N parts of size ieee->fts. The first fragment contains the SNAP header and the
	95	remaining packets are just data.
	96
	97	If encryption is enabled, each fragment payload size is reduced by enough space
	98	to add the prefix and postfix (IV and ICV totalling 8 bytes in the case of WEP)
	99	So if you have 1500 bytes of payload with ieee->fts set to 500 without
	100	encryption it will take 3 frames. With WEP it will take 4 frames as the
	101	payload of each frame is reduced to 492 bytes.
	102
	103	* SKB visualization
	104	*
	105	* ,- skb->data
	106	* \|
	107	* \| ETHERNET HEADER ,-<-- PAYLOAD
	108	* \| \| 14 bytes from skb->data
	109	* \| 2 bytes for Type --> ,T. \| (sizeof ethhdr)
	110	* \| \| \| \|
	111	* \|,-Dest.--. ,--Src.---. \| \| \|
	112	* \| 6 bytes\| \| 6 bytes \| \| \| \|
	113	* v \| \| \| \| \| \|
	114	* 0 \| v 1 \| v \| v 2
	115	* 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
	116	* ^ \| ^ \| ^ \|
	117	* \| \| \| \| \| \|
	118	* \| \| \| \| `T' <---- 2 bytes for Type
	119	* \| \| \| \|
	120	* \| \| '---SNAP--' <-------- 6 bytes for SNAP
	121	* \| \|
	122	* `-IV--' <-------------------- 4 bytes for IV (WEP)
	123	*
	124	* SNAP HEADER
	125	*
	126	*/
	127
	128	static u8 P802_1H_OUI[P80211_OUI_LEN] = { 0x00, 0x00, 0xf8 };
	129	static u8 RFC1042_OUI[P80211_OUI_LEN] = { 0x00, 0x00, 0x00 };
	130
0edd5b44	131	static inline int ieee80211_put_snap(u8 * data, u16 h_proto)
b453872c JG	132	{
	133	struct ieee80211_snap_hdr *snap;
	134	u8 *oui;
	135
	136	snap = (struct ieee80211_snap_hdr *)data;
	137	snap->dsap = 0xaa;
	138	snap->ssap = 0xaa;
	139	snap->ctrl = 0x03;
	140
	141	if (h_proto == 0x8137 \|\| h_proto == 0x80f3)
	142	oui = P802_1H_OUI;
	143	else
	144	oui = RFC1042_OUI;
	145	snap->oui[0] = oui[0];
	146	snap->oui[1] = oui[1];
	147	snap->oui[2] = oui[2];
	148
0edd5b44	149	(u16 ) (data + SNAP_SIZE) = htons(h_proto);
b453872c JG	150
	151	return SNAP_SIZE + sizeof(u16);
	152	}
	153
0edd5b44 JG	154	static inline int ieee80211_encrypt_fragment(struct ieee80211_device *ieee,
0edd5b44 JG	155	struct sk_buff *frag, int hdr_len)
b453872c	156	{
0edd5b44	157	struct ieee80211_crypt_data *crypt = ieee->crypt[ieee->tx_keyidx];
b453872c JG	158	int res;
	159
	160	#ifdef CONFIG_IEEE80211_CRYPT_TKIP
	161	struct ieee80211_hdr *header;
	162
	163	if (ieee->tkip_countermeasures &&
	164	crypt && crypt->ops && strcmp(crypt->ops->name, "TKIP") == 0) {
0edd5b44	165	header = (struct ieee80211_hdr *)frag->data;
b453872c JG	166	if (net_ratelimit()) {
	167	printk(KERN_DEBUG "%s: TKIP countermeasures: dropped "
	168	"TX packet to " MAC_FMT "\n",
	169	ieee->dev->name, MAC_ARG(header->addr1));
	170	}
	171	return -1;
	172	}
	173	#endif
	174	/* To encrypt, frame format is:
	175	* IV (4 bytes), clear payload (including SNAP), ICV (4 bytes) */
	176
	177	// PR: FIXME: Copied from hostap. Check fragmentation/MSDU/MPDU encryption.
	178	/* Host-based IEEE 802.11 fragmentation for TX is not yet supported, so
	179	* call both MSDU and MPDU encryption functions from here. */
	180	atomic_inc(&crypt->refcnt);
	181	res = 0;
	182	if (crypt->ops->encrypt_msdu)
	183	res = crypt->ops->encrypt_msdu(frag, hdr_len, crypt->priv);
	184	if (res == 0 && crypt->ops->encrypt_mpdu)
	185	res = crypt->ops->encrypt_mpdu(frag, hdr_len, crypt->priv);
	186
	187	atomic_dec(&crypt->refcnt);
	188	if (res < 0) {
	189	printk(KERN_INFO "%s: Encryption failed: len=%d.\n",
	190	ieee->dev->name, frag->len);
	191	ieee->ieee_stats.tx_discards++;
	192	return -1;
	193	}
	194
	195	return 0;
	196	}
	197
0edd5b44 JG	198	void ieee80211_txb_free(struct ieee80211_txb *txb)
0edd5b44 JG	199	{
b453872c JG	200	int i;
	201	if (unlikely(!txb))
	202	return;
	203	for (i = 0; i < txb->nr_frags; i++)
	204	if (txb->fragments[i])
	205	dev_kfree_skb_any(txb->fragments[i]);
	206	kfree(txb);
	207	}
	208
e157249d AB	209	static struct ieee80211_txb *ieee80211_alloc_txb(int nr_frags, int txb_size,
e157249d AB	210	int gfp_mask)
b453872c JG	211	{
	212	struct ieee80211_txb *txb;
	213	int i;
0edd5b44 JG	214	txb = kmalloc(sizeof(struct ieee80211_txb) + (sizeof(u8 ) nr_frags),
0edd5b44 JG	215	gfp_mask);
b453872c JG	216	if (!txb)
	217	return NULL;
	218
0a989b24	219	memset(txb, 0, sizeof(struct ieee80211_txb));
b453872c JG	220	txb->nr_frags = nr_frags;
	221	txb->frag_size = txb_size;
	222
	223	for (i = 0; i < nr_frags; i++) {
	224	txb->fragments[i] = dev_alloc_skb(txb_size);
	225	if (unlikely(!txb->fragments[i])) {
	226	i--;
	227	break;
	228	}
	229	}
	230	if (unlikely(i != nr_frags)) {
	231	while (i >= 0)
	232	dev_kfree_skb_any(txb->fragments[i--]);
	233	kfree(txb);
	234	return NULL;
	235	}
	236	return txb;
	237	}
	238
	239	/* SKBs are added to the ieee->tx_queue. */
0edd5b44	240	int ieee80211_xmit(struct sk_buff skb, struct net_device dev)
b453872c JG	241	{
	242	struct ieee80211_device *ieee = netdev_priv(dev);
	243	struct ieee80211_txb *txb = NULL;
	244	struct ieee80211_hdr *frag_hdr;
	245	int i, bytes_per_frag, nr_frags, bytes_last_frag, frag_size;
	246	unsigned long flags;
	247	struct net_device_stats *stats = &ieee->stats;
	248	int ether_type, encrypt;
	249	int bytes, fc, hdr_len;
	250	struct sk_buff *skb_frag;
0edd5b44	251	struct ieee80211_hdr header = { /* Ensure zero initialized */
b453872c JG	252	.duration_id = 0,
	253	.seq_ctl = 0
	254	};
	255	u8 dest[ETH_ALEN], src[ETH_ALEN];
	256
0edd5b44	257	struct ieee80211_crypt_data *crypt;
b453872c JG	258
	259	spin_lock_irqsave(&ieee->lock, flags);
	260
	261	/* If there is no driver handler to take the TXB, dont' bother
	262	* creating it... */
	263	if (!ieee->hard_start_xmit) {
0edd5b44	264	printk(KERN_WARNING "%s: No xmit handler.\n", ieee->dev->name);
b453872c JG	265	goto success;
	266	}
	267
	268	if (unlikely(skb->len < SNAP_SIZE + sizeof(u16))) {
	269	printk(KERN_WARNING "%s: skb too small (%d).\n",
	270	ieee->dev->name, skb->len);
	271	goto success;
	272	}
	273
	274	ether_type = ntohs(((struct ethhdr *)skb->data)->h_proto);
	275
	276	crypt = ieee->crypt[ieee->tx_keyidx];
	277
	278	encrypt = !(ether_type == ETH_P_PAE && ieee->ieee802_1x) &&
0edd5b44	279	ieee->host_encrypt && crypt && crypt->ops;
b453872c JG	280
	281	if (!encrypt && ieee->ieee802_1x &&
	282	ieee->drop_unencrypted && ether_type != ETH_P_PAE) {
	283	stats->tx_dropped++;
	284	goto success;
	285	}
	286
b453872c JG	287	/* Save source and destination addresses */
b453872c JG	288	memcpy(&dest, skb->data, ETH_ALEN);
0edd5b44	289	memcpy(&src, skb->data + ETH_ALEN, ETH_ALEN);
b453872c JG	290
	291	/* Advance the SKB to the start of the payload */
	292	skb_pull(skb, sizeof(struct ethhdr));
	293
	294	/* Determine total amount of storage required for TXB packets */
	295	bytes = skb->len + SNAP_SIZE + sizeof(u16);
	296
	297	if (encrypt)
	298	fc = IEEE80211_FTYPE_DATA \| IEEE80211_STYPE_DATA \|
0edd5b44	299	IEEE80211_FCTL_PROTECTED;
b453872c JG	300	else
	301	fc = IEEE80211_FTYPE_DATA \| IEEE80211_STYPE_DATA;
	302
	303	if (ieee->iw_mode == IW_MODE_INFRA) {
	304	fc \|= IEEE80211_FCTL_TODS;
	305	/* To DS: Addr1 = BSSID, Addr2 = SA,
	306	Addr3 = DA */
	307	memcpy(&header.addr1, ieee->bssid, ETH_ALEN);
	308	memcpy(&header.addr2, &src, ETH_ALEN);
	309	memcpy(&header.addr3, &dest, ETH_ALEN);
	310	} else if (ieee->iw_mode == IW_MODE_ADHOC) {
	311	/* not From/To DS: Addr1 = DA, Addr2 = SA,
	312	Addr3 = BSSID */
	313	memcpy(&header.addr1, dest, ETH_ALEN);
	314	memcpy(&header.addr2, src, ETH_ALEN);
	315	memcpy(&header.addr3, ieee->bssid, ETH_ALEN);
	316	}
	317	header.frame_ctl = cpu_to_le16(fc);
	318	hdr_len = IEEE80211_3ADDR_LEN;
	319
	320	/* Determine fragmentation size based on destination (multicast
	321	* and broadcast are not fragmented) */
0edd5b44	322	if (is_multicast_ether_addr(dest) \|\| is_broadcast_ether_addr(dest))
b453872c JG	323	frag_size = MAX_FRAG_THRESHOLD;
	324	else
	325	frag_size = ieee->fts;
	326
	327	/* Determine amount of payload per fragment. Regardless of if
	328	* this stack is providing the full 802.11 header, one will
	329	* eventually be affixed to this fragment -- so we must account for
	330	* it when determining the amount of payload space. */
	331	bytes_per_frag = frag_size - IEEE80211_3ADDR_LEN;
	332	if (ieee->config &
	333	(CFG_IEEE80211_COMPUTE_FCS \| CFG_IEEE80211_RESERVE_FCS))
	334	bytes_per_frag -= IEEE80211_FCS_LEN;
	335
	336	/* Each fragment may need to have room for encryptiong pre/postfix */
	337	if (encrypt)
	338	bytes_per_frag -= crypt->ops->extra_prefix_len +
0edd5b44	339	crypt->ops->extra_postfix_len;
b453872c JG	340
	341	/* Number of fragments is the total bytes_per_frag /
	342	* payload_per_fragment */
	343	nr_frags = bytes / bytes_per_frag;
	344	bytes_last_frag = bytes % bytes_per_frag;
	345	if (bytes_last_frag)
	346	nr_frags++;
	347	else
	348	bytes_last_frag = bytes_per_frag;
	349
	350	/* When we allocate the TXB we allocate enough space for the reserve
	351	* and full fragment bytes (bytes_per_frag doesn't include prefix,
	352	* postfix, header, FCS, etc.) */
	353	txb = ieee80211_alloc_txb(nr_frags, frag_size, GFP_ATOMIC);
	354	if (unlikely(!txb)) {
	355	printk(KERN_WARNING "%s: Could not allocate TXB\n",
	356	ieee->dev->name);
	357	goto failed;
	358	}
	359	txb->encrypted = encrypt;
	360	txb->payload_size = bytes;
	361
	362	for (i = 0; i < nr_frags; i++) {
	363	skb_frag = txb->fragments[i];
	364
	365	if (encrypt)
	366	skb_reserve(skb_frag, crypt->ops->extra_prefix_len);
	367
	368	frag_hdr = (struct ieee80211_hdr *)skb_put(skb_frag, hdr_len);
	369	memcpy(frag_hdr, &header, hdr_len);
	370
	371	/* If this is not the last fragment, then add the MOREFRAGS
	372	* bit to the frame control */
	373	if (i != nr_frags - 1) {
0edd5b44 JG	374	frag_hdr->frame_ctl =
0edd5b44 JG	375	cpu_to_le16(fc \| IEEE80211_FCTL_MOREFRAGS);
b453872c JG	376	bytes = bytes_per_frag;
	377	} else {
	378	/* The last fragment takes the remaining length */
	379	bytes = bytes_last_frag;
	380	}
	381
0edd5b44	382	/* Put a SNAP header on the first fragment */
b453872c	383	if (i == 0) {
0edd5b44 JG	384	ieee80211_put_snap(skb_put
	385	(skb_frag, SNAP_SIZE + sizeof(u16)),
	386	ether_type);
b453872c JG	387	bytes -= SNAP_SIZE + sizeof(u16);
	388	}
	389
	390	memcpy(skb_put(skb_frag, bytes), skb->data, bytes);
	391
	392	/* Advance the SKB... */
	393	skb_pull(skb, bytes);
	394
	395	/* Encryption routine will move the header forward in order
	396	* to insert the IV between the header and the payload */
	397	if (encrypt)
	398	ieee80211_encrypt_fragment(ieee, skb_frag, hdr_len);
	399	if (ieee->config &
	400	(CFG_IEEE80211_COMPUTE_FCS \| CFG_IEEE80211_RESERVE_FCS))
	401	skb_put(skb_frag, 4);
	402	}
	403
0edd5b44	404	success:
b453872c JG	405	spin_unlock_irqrestore(&ieee->lock, flags);
	406
	407	dev_kfree_skb_any(skb);
	408
	409	if (txb) {
0edd5b44	410	if ((*ieee->hard_start_xmit) (txb, dev) == 0) {
b453872c JG	411	stats->tx_packets++;
	412	stats->tx_bytes += txb->payload_size;
	413	return 0;
	414	}
	415	ieee80211_txb_free(txb);
	416	}
	417
	418	return 0;
	419
0edd5b44	420	failed:
b453872c JG	421	spin_unlock_irqrestore(&ieee->lock, flags);
	422	netif_stop_queue(dev);
	423	stats->tx_errors++;
	424	return 1;
	425
	426	}
	427
	428	EXPORT_SYMBOL(ieee80211_txb_free);