[deliverable/linux.git] / net / ieee80211 / ieee80211_tx.c

/******************************************************************************

  Copyright(c) 2003 - 2005 Intel Corporation. All rights reserved.

  This program is free software; you can redistribute it and/or modify it
  under the terms of version 2 of the GNU General Public License as
  published by the Free Software Foundation.

  This program is distributed in the hope that it will be useful, but WITHOUT
  ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
  more details.

  You should have received a copy of the GNU General Public License along with
  this program; if not, write to the Free Software Foundation, Inc., 59
  Temple Place - Suite 330, Boston, MA  02111-1307, USA.

  The full GNU General Public License is included in this distribution in the
  file called LICENSE.

  Contact Information:
  James P. Ketrenos <ipw2100-admin@linux.intel.com>
  Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497

******************************************************************************/
#include <linux/compiler.h>
#include <linux/config.h>
#include <linux/errno.h>
#include <linux/if_arp.h>
#include <linux/in6.h>
#include <linux/in.h>
#include <linux/ip.h>
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/netdevice.h>
#include <linux/proc_fs.h>
#include <linux/skbuff.h>
#include <linux/slab.h>
#include <linux/tcp.h>
#include <linux/types.h>
#include <linux/version.h>
#include <linux/wireless.h>
#include <linux/etherdevice.h>
#include <asm/uaccess.h>

#include <net/ieee80211.h>

/*

802.11 Data Frame

      ,-------------------------------------------------------------------.
Bytes |  2   |  2   |    6    |    6    |    6    |  2   | 0..2312 |   4  |
      |------|------|---------|---------|---------|------|---------|------|
Desc. | ctrl | dura |  DA/RA  |   TA    |    SA   | Sequ |  Frame  |  fcs |
      |      | tion | (BSSID) |         |         | ence |  data   |      |
      `--------------------------------------------------|         |------'
Total: 28 non-data bytes                                 `----.----'
                                                              |
       .- 'Frame data' expands to <---------------------------'
       |
       V
      ,---------------------------------------------------.
Bytes |  1   |  1   |    1    |    3     |  2   |  0-2304 |
      |------|------|---------|----------|------|---------|
Desc. | SNAP | SNAP | Control |Eth Tunnel| Type | IP      |
      | DSAP | SSAP |         |          |      | Packet  |
      | 0xAA | 0xAA |0x03 (UI)|0x00-00-F8|      |         |
      `-----------------------------------------|         |
Total: 8 non-data bytes                         `----.----'
                                                     |
       .- 'IP Packet' expands, if WEP enabled, to <--'
       |
       V
      ,-----------------------.
Bytes |  4  |   0-2296  |  4  |
      |-----|-----------|-----|
Desc. | IV  | Encrypted | ICV |
      |     | IP Packet |     |
      `-----------------------'
Total: 8 non-data bytes

802.3 Ethernet Data Frame

      ,-----------------------------------------.
Bytes |   6   |   6   |  2   |  Variable |   4  |
      |-------|-------|------|-----------|------|
Desc. | Dest. | Source| Type | IP Packet |  fcs |
      |  MAC  |  MAC  |      |           |      |
      `-----------------------------------------'
Total: 18 non-data bytes

In the event that fragmentation is required, the incoming payload is split into
N parts of size ieee->fts.  The first fragment contains the SNAP header and the
remaining packets are just data.

If encryption is enabled, each fragment payload size is reduced by enough space
to add the prefix and postfix (IV and ICV totalling 8 bytes in the case of WEP)
So if you have 1500 bytes of payload with ieee->fts set to 500 without
encryption it will take 3 frames.  With WEP it will take 4 frames as the
payload of each frame is reduced to 492 bytes.

* SKB visualization
*
*  ,- skb->data
* |
* |    ETHERNET HEADER        ,-<-- PAYLOAD
* |                           |     14 bytes from skb->data
* |  2 bytes for Type --> ,T. |     (sizeof ethhdr)
* |                       | | |
* |,-Dest.--. ,--Src.---. | | |
* |  6 bytes| | 6 bytes | | | |
* v         | |         | | | |
* 0         | v       1 | v | v           2
* 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
*     ^     | ^         | ^ |
*     |     | |         | | |
*     |     | |         | `T' <---- 2 bytes for Type
*     |     | |         |
*     |     | '---SNAP--' <-------- 6 bytes for SNAP
*     |     |
*     `-IV--' <-------------------- 4 bytes for IV (WEP)
*
*      SNAP HEADER
*
*/

static u8 P802_1H_OUI[P80211_OUI_LEN] = { 0x00, 0x00, 0xf8 };
static u8 RFC1042_OUI[P80211_OUI_LEN] = { 0x00, 0x00, 0x00 };

static inline int ieee80211_copy_snap(u8 * data, u16 h_proto)
{
	struct ieee80211_snap_hdr *snap;
	u8 *oui;

	snap = (struct ieee80211_snap_hdr *)data;
	snap->dsap = 0xaa;
	snap->ssap = 0xaa;
	snap->ctrl = 0x03;

	if (h_proto == 0x8137 || h_proto == 0x80f3)
		oui = P802_1H_OUI;
	else
		oui = RFC1042_OUI;
	snap->oui[0] = oui[0];
	snap->oui[1] = oui[1];
	snap->oui[2] = oui[2];

	*(u16 *) (data + SNAP_SIZE) = htons(h_proto);

	return SNAP_SIZE + sizeof(u16);
}

static inline int ieee80211_encrypt_fragment(struct ieee80211_device *ieee,
					     struct sk_buff *frag, int hdr_len)
{
	struct ieee80211_crypt_data *crypt = ieee->crypt[ieee->tx_keyidx];
	int res;

	/* To encrypt, frame format is:
	 * IV (4 bytes), clear payload (including SNAP), ICV (4 bytes) */
	atomic_inc(&crypt->refcnt);
	res = 0;
	if (crypt->ops->encrypt_mpdu)
		res = crypt->ops->encrypt_mpdu(frag, hdr_len, crypt->priv);

	atomic_dec(&crypt->refcnt);
	if (res < 0) {
		printk(KERN_INFO "%s: Encryption failed: len=%d.\n",
		       ieee->dev->name, frag->len);
		ieee->ieee_stats.tx_discards++;
		return -1;
	}

	return 0;
}

void ieee80211_txb_free(struct ieee80211_txb *txb)
{
	int i;
	if (unlikely(!txb))
		return;
	for (i = 0; i < txb->nr_frags; i++)
		if (txb->fragments[i])
			dev_kfree_skb_any(txb->fragments[i]);
	kfree(txb);
}

static struct ieee80211_txb *ieee80211_alloc_txb(int nr_frags, int txb_size,
						 gfp_t gfp_mask)
{
	struct ieee80211_txb *txb;
	int i;
	txb = kmalloc(sizeof(struct ieee80211_txb) + (sizeof(u8 *) * nr_frags),
		      gfp_mask);
	if (!txb)
		return NULL;

	memset(txb, 0, sizeof(struct ieee80211_txb));
	txb->nr_frags = nr_frags;
	txb->frag_size = txb_size;

	for (i = 0; i < nr_frags; i++) {
		txb->fragments[i] = dev_alloc_skb(txb_size);
		if (unlikely(!txb->fragments[i])) {
			i--;
			break;
		}
	}
	if (unlikely(i != nr_frags)) {
		while (i >= 0)
			dev_kfree_skb_any(txb->fragments[i--]);
		kfree(txb);
		return NULL;
	}
	return txb;
}

/* Incoming skb is converted to a txb which consists of
 * a block of 802.11 fragment packets (stored as skbs) */
int ieee80211_xmit(struct sk_buff *skb, struct net_device *dev)
{
	struct ieee80211_device *ieee = netdev_priv(dev);
	struct ieee80211_txb *txb = NULL;
	struct ieee80211_hdr_3addr *frag_hdr;
	int i, bytes_per_frag, nr_frags, bytes_last_frag, frag_size,
	    rts_required;
	unsigned long flags;
	struct net_device_stats *stats = &ieee->stats;
	int ether_type, encrypt, host_encrypt, host_encrypt_msdu, host_build_iv;
	int bytes, fc, hdr_len;
	struct sk_buff *skb_frag;
	struct ieee80211_hdr_3addr header = {	/* Ensure zero initialized */
		.duration_id = 0,
		.seq_ctl = 0
	};
	u8 dest[ETH_ALEN], src[ETH_ALEN];
	struct ieee80211_crypt_data *crypt;
	int priority = skb->priority;
	int snapped = 0;

	if (ieee->is_queue_full && (*ieee->is_queue_full) (dev, priority))
		return NETDEV_TX_BUSY;

	spin_lock_irqsave(&ieee->lock, flags);

	/* If there is no driver handler to take the TXB, dont' bother
	 * creating it... */
	if (!ieee->hard_start_xmit) {
		printk(KERN_WARNING "%s: No xmit handler.\n", ieee->dev->name);
		goto success;
	}

	if (unlikely(skb->len < SNAP_SIZE + sizeof(u16))) {
		printk(KERN_WARNING "%s: skb too small (%d).\n",
		       ieee->dev->name, skb->len);
		goto success;
	}

	ether_type = ntohs(((struct ethhdr *)skb->data)->h_proto);

	crypt = ieee->crypt[ieee->tx_keyidx];

	encrypt = !(ether_type == ETH_P_PAE && ieee->ieee802_1x) &&
	    ieee->sec.encrypt;

	host_encrypt = ieee->host_encrypt && encrypt;
	host_encrypt_msdu = ieee->host_encrypt_msdu && encrypt;
	host_build_iv = ieee->host_build_iv && encrypt;

	if (!encrypt && ieee->ieee802_1x &&
	    ieee->drop_unencrypted && ether_type != ETH_P_PAE) {
		stats->tx_dropped++;
		goto success;
	}

	/* Save source and destination addresses */
	memcpy(dest, skb->data, ETH_ALEN);
	memcpy(src, skb->data + ETH_ALEN, ETH_ALEN);

	/* Advance the SKB to the start of the payload */
	skb_pull(skb, sizeof(struct ethhdr));

	/* Determine total amount of storage required for TXB packets */
	bytes = skb->len + SNAP_SIZE + sizeof(u16);

	if (host_encrypt)
		fc = IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA |
		    IEEE80211_FCTL_PROTECTED;
	else
		fc = IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA;

	if (ieee->iw_mode == IW_MODE_INFRA) {
		fc |= IEEE80211_FCTL_TODS;
		/* To DS: Addr1 = BSSID, Addr2 = SA, Addr3 = DA */
		memcpy(header.addr1, ieee->bssid, ETH_ALEN);
		memcpy(header.addr2, src, ETH_ALEN);
		memcpy(header.addr3, dest, ETH_ALEN);
	} else if (ieee->iw_mode == IW_MODE_ADHOC) {
		/* not From/To DS: Addr1 = DA, Addr2 = SA, Addr3 = BSSID */
		memcpy(header.addr1, dest, ETH_ALEN);
		memcpy(header.addr2, src, ETH_ALEN);
		memcpy(header.addr3, ieee->bssid, ETH_ALEN);
	}
	header.frame_ctl = cpu_to_le16(fc);
	hdr_len = IEEE80211_3ADDR_LEN;

	/* Encrypt msdu first on the whole data packet. */
	if ((host_encrypt || host_encrypt_msdu) &&
	    crypt && crypt->ops && crypt->ops->encrypt_msdu) {
		int res = 0;
		int len = bytes + hdr_len + crypt->ops->extra_msdu_prefix_len +
		    crypt->ops->extra_msdu_postfix_len;
		struct sk_buff *skb_new = dev_alloc_skb(len);

		if (unlikely(!skb_new))
			goto failed;

		skb_reserve(skb_new, crypt->ops->extra_msdu_prefix_len);
		memcpy(skb_put(skb_new, hdr_len), &header, hdr_len);
		snapped = 1;
		ieee80211_copy_snap(skb_put(skb_new, SNAP_SIZE + sizeof(u16)),
				    ether_type);
		memcpy(skb_put(skb_new, skb->len), skb->data, skb->len);
		res = crypt->ops->encrypt_msdu(skb_new, hdr_len, crypt->priv);
		if (res < 0) {
			IEEE80211_ERROR("msdu encryption failed\n");
			dev_kfree_skb_any(skb_new);
			goto failed;
		}
		dev_kfree_skb_any(skb);
		skb = skb_new;
		bytes += crypt->ops->extra_msdu_prefix_len +
		    crypt->ops->extra_msdu_postfix_len;
		skb_pull(skb, hdr_len);
	}

	if (host_encrypt || ieee->host_open_frag) {
		/* Determine fragmentation size based on destination (multicast
		 * and broadcast are not fragmented) */
		if (is_multicast_ether_addr(dest))
			frag_size = MAX_FRAG_THRESHOLD;
		else
			frag_size = ieee->fts;

		/* Determine amount of payload per fragment.  Regardless of if
		 * this stack is providing the full 802.11 header, one will
		 * eventually be affixed to this fragment -- so we must account
		 * for it when determining the amount of payload space. */
		bytes_per_frag = frag_size - IEEE80211_3ADDR_LEN;
		if (ieee->config &
		    (CFG_IEEE80211_COMPUTE_FCS | CFG_IEEE80211_RESERVE_FCS))
			bytes_per_frag -= IEEE80211_FCS_LEN;

		/* Each fragment may need to have room for encryptiong
		 * pre/postfix */
		if (host_encrypt)
			bytes_per_frag -= crypt->ops->extra_mpdu_prefix_len +
			    crypt->ops->extra_mpdu_postfix_len;

		/* Number of fragments is the total
		 * bytes_per_frag / payload_per_fragment */
		nr_frags = bytes / bytes_per_frag;
		bytes_last_frag = bytes % bytes_per_frag;
		if (bytes_last_frag)
			nr_frags++;
		else
			bytes_last_frag = bytes_per_frag;
	} else {
		nr_frags = 1;
		bytes_per_frag = bytes_last_frag = bytes;
		frag_size = bytes + IEEE80211_3ADDR_LEN;
	}

	rts_required = (frag_size > ieee->rts
			&& ieee->config & CFG_IEEE80211_RTS);
	if (rts_required)
		nr_frags++;

	/* When we allocate the TXB we allocate enough space for the reserve
	 * and full fragment bytes (bytes_per_frag doesn't include prefix,
	 * postfix, header, FCS, etc.) */
	txb = ieee80211_alloc_txb(nr_frags, frag_size, GFP_ATOMIC);
	if (unlikely(!txb)) {
		printk(KERN_WARNING "%s: Could not allocate TXB\n",
		       ieee->dev->name);
		goto failed;
	}
	txb->encrypted = encrypt;
	if (host_encrypt)
		txb->payload_size = frag_size * (nr_frags - 1) +
		    bytes_last_frag;
	else
		txb->payload_size = bytes;

	if (rts_required) {
		skb_frag = txb->fragments[0];
		frag_hdr =
		    (struct ieee80211_hdr_3addr *)skb_put(skb_frag, hdr_len);

		/*
		 * Set header frame_ctl to the RTS.
		 */
		header.frame_ctl =
		    cpu_to_le16(IEEE80211_FTYPE_CTL | IEEE80211_STYPE_RTS);
		memcpy(frag_hdr, &header, hdr_len);

		/*
		 * Restore header frame_ctl to the original data setting.
		 */
		header.frame_ctl = cpu_to_le16(fc);

		if (ieee->config &
		    (CFG_IEEE80211_COMPUTE_FCS | CFG_IEEE80211_RESERVE_FCS))
			skb_put(skb_frag, 4);

		txb->rts_included = 1;
		i = 1;
	} else
		i = 0;

	for (; i < nr_frags; i++) {
		skb_frag = txb->fragments[i];

		if (host_encrypt || host_build_iv)
			skb_reserve(skb_frag,
				    crypt->ops->extra_mpdu_prefix_len);

		frag_hdr =
		    (struct ieee80211_hdr_3addr *)skb_put(skb_frag, hdr_len);
		memcpy(frag_hdr, &header, hdr_len);

		/* If this is not the last fragment, then add the MOREFRAGS
		 * bit to the frame control */
		if (i != nr_frags - 1) {
			frag_hdr->frame_ctl =
			    cpu_to_le16(fc | IEEE80211_FCTL_MOREFRAGS);
			bytes = bytes_per_frag;
		} else {
			/* The last fragment takes the remaining length */
			bytes = bytes_last_frag;
		}

		if (i == 0 && !snapped) {
			ieee80211_copy_snap(skb_put
					    (skb_frag, SNAP_SIZE + sizeof(u16)),
					    ether_type);
			bytes -= SNAP_SIZE + sizeof(u16);
		}

		memcpy(skb_put(skb_frag, bytes), skb->data, bytes);

		/* Advance the SKB... */
		skb_pull(skb, bytes);

		/* Encryption routine will move the header forward in order
		 * to insert the IV between the header and the payload */
		if (host_encrypt)
			ieee80211_encrypt_fragment(ieee, skb_frag, hdr_len);
		else if (host_build_iv) {
			struct ieee80211_crypt_data *crypt;

			crypt = ieee->crypt[ieee->tx_keyidx];
			atomic_inc(&crypt->refcnt);
			if (crypt->ops->build_iv)
				crypt->ops->build_iv(skb_frag, hdr_len,
						     crypt->priv);
			atomic_dec(&crypt->refcnt);
		}

		if (ieee->config &
		    (CFG_IEEE80211_COMPUTE_FCS | CFG_IEEE80211_RESERVE_FCS))
			skb_put(skb_frag, 4);
	}

      success:
	spin_unlock_irqrestore(&ieee->lock, flags);

	dev_kfree_skb_any(skb);

	if (txb) {
		int ret = (*ieee->hard_start_xmit) (txb, dev, priority);
		if (ret == 0) {
			stats->tx_packets++;
			stats->tx_bytes += txb->payload_size;
			return 0;
		}

		if (ret == NETDEV_TX_BUSY) {
			printk(KERN_ERR "%s: NETDEV_TX_BUSY returned; "
			       "driver should report queue full via "
			       "ieee_device->is_queue_full.\n",
			       ieee->dev->name);
		}

		ieee80211_txb_free(txb);
	}

	return 0;

      failed:
	spin_unlock_irqrestore(&ieee->lock, flags);
	netif_stop_queue(dev);
	stats->tx_errors++;
	return 1;
}

/* Incoming 802.11 strucure is converted to a TXB
 * a block of 802.11 fragment packets (stored as skbs) */
int ieee80211_tx_frame(struct ieee80211_device *ieee,
		       struct ieee80211_hdr *frame, int len)
{
	struct ieee80211_txb *txb = NULL;
	unsigned long flags;
	struct net_device_stats *stats = &ieee->stats;
	struct sk_buff *skb_frag;
	int priority = -1;

	spin_lock_irqsave(&ieee->lock, flags);

	/* If there is no driver handler to take the TXB, dont' bother
	 * creating it... */
	if (!ieee->hard_start_xmit) {
		printk(KERN_WARNING "%s: No xmit handler.\n", ieee->dev->name);
		goto success;
	}

	if (unlikely(len < 24)) {
		printk(KERN_WARNING "%s: skb too small (%d).\n",
		       ieee->dev->name, len);
		goto success;
	}

	/* When we allocate the TXB we allocate enough space for the reserve
	 * and full fragment bytes (bytes_per_frag doesn't include prefix,
	 * postfix, header, FCS, etc.) */
	txb = ieee80211_alloc_txb(1, len, GFP_ATOMIC);
	if (unlikely(!txb)) {
		printk(KERN_WARNING "%s: Could not allocate TXB\n",
		       ieee->dev->name);
		goto failed;
	}
	txb->encrypted = 0;
	txb->payload_size = len;

	skb_frag = txb->fragments[0];

	memcpy(skb_put(skb_frag, len), frame, len);

	if (ieee->config &
	    (CFG_IEEE80211_COMPUTE_FCS | CFG_IEEE80211_RESERVE_FCS))
		skb_put(skb_frag, 4);

      success:
	spin_unlock_irqrestore(&ieee->lock, flags);

	if (txb) {
		if ((*ieee->hard_start_xmit) (txb, ieee->dev, priority) == 0) {
			stats->tx_packets++;
			stats->tx_bytes += txb->payload_size;
			return 0;
		}
		ieee80211_txb_free(txb);
	}
	return 0;

      failed:
	spin_unlock_irqrestore(&ieee->lock, flags);
	stats->tx_errors++;
	return 1;
}

EXPORT_SYMBOL(ieee80211_tx_frame);
EXPORT_SYMBOL(ieee80211_txb_free);
Commit	Line	Data
b453872c JG	1	/******************************************************************************
b453872c JG	2
ebeaddcc	3	Copyright(c) 2003 - 2005 Intel Corporation. All rights reserved.
b453872c JG	4
	5	This program is free software; you can redistribute it and/or modify it
	6	under the terms of version 2 of the GNU General Public License as
	7	published by the Free Software Foundation.
	8
	9	This program is distributed in the hope that it will be useful, but WITHOUT
	10	ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
	11	FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
	12	more details.
	13
	14	You should have received a copy of the GNU General Public License along with
	15	this program; if not, write to the Free Software Foundation, Inc., 59
	16	Temple Place - Suite 330, Boston, MA 02111-1307, USA.
	17
	18	The full GNU General Public License is included in this distribution in the
	19	file called LICENSE.
	20
	21	Contact Information:
	22	James P. Ketrenos <ipw2100-admin@linux.intel.com>
	23	Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497
	24
	25	******************************************************************************/
	26	#include <linux/compiler.h>
	27	#include <linux/config.h>
	28	#include <linux/errno.h>
	29	#include <linux/if_arp.h>
	30	#include <linux/in6.h>
	31	#include <linux/in.h>
	32	#include <linux/ip.h>
	33	#include <linux/kernel.h>
	34	#include <linux/module.h>
	35	#include <linux/netdevice.h>
b453872c JG	36	#include <linux/proc_fs.h>
	37	#include <linux/skbuff.h>
	38	#include <linux/slab.h>
	39	#include <linux/tcp.h>
	40	#include <linux/types.h>
	41	#include <linux/version.h>
	42	#include <linux/wireless.h>
	43	#include <linux/etherdevice.h>
	44	#include <asm/uaccess.h>
	45
	46	#include <net/ieee80211.h>
	47
b453872c JG	48	/*
b453872c JG	49
b453872c JG	50	802.11 Data Frame
	51
	52	,-------------------------------------------------------------------.
	53	Bytes \| 2 \| 2 \| 6 \| 6 \| 6 \| 2 \| 0..2312 \| 4 \|
	54	\|------\|------\|---------\|---------\|---------\|------\|---------\|------\|
	55	Desc. \| ctrl \| dura \| DA/RA \| TA \| SA \| Sequ \| Frame \| fcs \|
	56	\| \| tion \| (BSSID) \| \| \| ence \| data \| \|
	57	`--------------------------------------------------\| \|------'
	58	Total: 28 non-data bytes `----.----'
	59	\|
	60	.- 'Frame data' expands to <---------------------------'
	61	\|
	62	V
	63	,---------------------------------------------------.
	64	Bytes \| 1 \| 1 \| 1 \| 3 \| 2 \| 0-2304 \|
	65	\|------\|------\|---------\|----------\|------\|---------\|
	66	Desc. \| SNAP \| SNAP \| Control \|Eth Tunnel\| Type \| IP \|
	67	\| DSAP \| SSAP \| \| \| \| Packet \|
	68	\| 0xAA \| 0xAA \|0x03 (UI)\|0x00-00-F8\| \| \|
	69	`-----------------------------------------\| \|
	70	Total: 8 non-data bytes `----.----'
	71	\|
	72	.- 'IP Packet' expands, if WEP enabled, to <--'
	73	\|
	74	V
	75	,-----------------------.
	76	Bytes \| 4 \| 0-2296 \| 4 \|
	77	\|-----\|-----------\|-----\|
	78	Desc. \| IV \| Encrypted \| ICV \|
	79	\| \| IP Packet \| \|
	80	`-----------------------'
	81	Total: 8 non-data bytes
	82
b453872c JG	83	802.3 Ethernet Data Frame
	84
	85	,-----------------------------------------.
	86	Bytes \| 6 \| 6 \| 2 \| Variable \| 4 \|
	87	\|-------\|-------\|------\|-----------\|------\|
	88	Desc. \| Dest. \| Source\| Type \| IP Packet \| fcs \|
	89	\| MAC \| MAC \| \| \| \|
	90	`-----------------------------------------'
	91	Total: 18 non-data bytes
	92
	93	In the event that fragmentation is required, the incoming payload is split into
	94	N parts of size ieee->fts. The first fragment contains the SNAP header and the
	95	remaining packets are just data.
	96
	97	If encryption is enabled, each fragment payload size is reduced by enough space
	98	to add the prefix and postfix (IV and ICV totalling 8 bytes in the case of WEP)
	99	So if you have 1500 bytes of payload with ieee->fts set to 500 without
	100	encryption it will take 3 frames. With WEP it will take 4 frames as the
	101	payload of each frame is reduced to 492 bytes.
	102
	103	* SKB visualization
	104	*
	105	* ,- skb->data
	106	* \|
	107	* \| ETHERNET HEADER ,-<-- PAYLOAD
	108	* \| \| 14 bytes from skb->data
	109	* \| 2 bytes for Type --> ,T. \| (sizeof ethhdr)
	110	* \| \| \| \|
	111	* \|,-Dest.--. ,--Src.---. \| \| \|
	112	* \| 6 bytes\| \| 6 bytes \| \| \| \|
	113	* v \| \| \| \| \| \|
	114	* 0 \| v 1 \| v \| v 2
	115	* 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
	116	* ^ \| ^ \| ^ \|
	117	* \| \| \| \| \| \|
	118	* \| \| \| \| `T' <---- 2 bytes for Type
	119	* \| \| \| \|
	120	* \| \| '---SNAP--' <-------- 6 bytes for SNAP
	121	* \| \|
	122	* `-IV--' <-------------------- 4 bytes for IV (WEP)
	123	*
	124	* SNAP HEADER
	125	*
	126	*/
	127
	128	static u8 P802_1H_OUI[P80211_OUI_LEN] = { 0x00, 0x00, 0xf8 };
	129	static u8 RFC1042_OUI[P80211_OUI_LEN] = { 0x00, 0x00, 0x00 };
	130
1264fc04	131	static inline int ieee80211_copy_snap(u8 * data, u16 h_proto)
b453872c JG	132	{
	133	struct ieee80211_snap_hdr *snap;
	134	u8 *oui;
	135
	136	snap = (struct ieee80211_snap_hdr *)data;
	137	snap->dsap = 0xaa;
	138	snap->ssap = 0xaa;
	139	snap->ctrl = 0x03;
	140
	141	if (h_proto == 0x8137 \|\| h_proto == 0x80f3)
	142	oui = P802_1H_OUI;
	143	else
	144	oui = RFC1042_OUI;
	145	snap->oui[0] = oui[0];
	146	snap->oui[1] = oui[1];
	147	snap->oui[2] = oui[2];
	148
0edd5b44	149	(u16 ) (data + SNAP_SIZE) = htons(h_proto);
b453872c JG	150
	151	return SNAP_SIZE + sizeof(u16);
	152	}
	153
0edd5b44 JG	154	static inline int ieee80211_encrypt_fragment(struct ieee80211_device *ieee,
0edd5b44 JG	155	struct sk_buff *frag, int hdr_len)
b453872c	156	{
0edd5b44	157	struct ieee80211_crypt_data *crypt = ieee->crypt[ieee->tx_keyidx];
b453872c JG	158	int res;
b453872c JG	159
b453872c JG	160	/* To encrypt, frame format is:
b453872c JG	161	* IV (4 bytes), clear payload (including SNAP), ICV (4 bytes) */
b453872c JG	162	atomic_inc(&crypt->refcnt);
b453872c JG	163	res = 0;
1264fc04	164	if (crypt->ops->encrypt_mpdu)
b453872c JG	165	res = crypt->ops->encrypt_mpdu(frag, hdr_len, crypt->priv);
	166
	167	atomic_dec(&crypt->refcnt);
	168	if (res < 0) {
	169	printk(KERN_INFO "%s: Encryption failed: len=%d.\n",
	170	ieee->dev->name, frag->len);
	171	ieee->ieee_stats.tx_discards++;
	172	return -1;
	173	}
	174
	175	return 0;
	176	}
	177
0edd5b44 JG	178	void ieee80211_txb_free(struct ieee80211_txb *txb)
0edd5b44 JG	179	{
b453872c JG	180	int i;
	181	if (unlikely(!txb))
	182	return;
	183	for (i = 0; i < txb->nr_frags; i++)
	184	if (txb->fragments[i])
	185	dev_kfree_skb_any(txb->fragments[i]);
	186	kfree(txb);
	187	}
	188
e157249d	189	static struct ieee80211_txb *ieee80211_alloc_txb(int nr_frags, int txb_size,
dd0fc66f	190	gfp_t gfp_mask)
b453872c JG	191	{
	192	struct ieee80211_txb *txb;
	193	int i;
0edd5b44 JG	194	txb = kmalloc(sizeof(struct ieee80211_txb) + (sizeof(u8 ) nr_frags),
0edd5b44 JG	195	gfp_mask);
b453872c JG	196	if (!txb)
	197	return NULL;
	198
0a989b24	199	memset(txb, 0, sizeof(struct ieee80211_txb));
b453872c JG	200	txb->nr_frags = nr_frags;
	201	txb->frag_size = txb_size;
	202
	203	for (i = 0; i < nr_frags; i++) {
	204	txb->fragments[i] = dev_alloc_skb(txb_size);
	205	if (unlikely(!txb->fragments[i])) {
	206	i--;
	207	break;
	208	}
	209	}
	210	if (unlikely(i != nr_frags)) {
	211	while (i >= 0)
	212	dev_kfree_skb_any(txb->fragments[i--]);
	213	kfree(txb);
	214	return NULL;
	215	}
	216	return txb;
	217	}
	218
1264fc04	219	/* Incoming skb is converted to a txb which consists of
3cdd00c5	220	* a block of 802.11 fragment packets (stored as skbs) */
0edd5b44	221	int ieee80211_xmit(struct sk_buff skb, struct net_device dev)
b453872c JG	222	{
	223	struct ieee80211_device *ieee = netdev_priv(dev);
	224	struct ieee80211_txb *txb = NULL;
ee34af37	225	struct ieee80211_hdr_3addr *frag_hdr;
3cdd00c5 JK	226	int i, bytes_per_frag, nr_frags, bytes_last_frag, frag_size,
3cdd00c5 JK	227	rts_required;
b453872c JG	228	unsigned long flags;
b453872c JG	229	struct net_device_stats *stats = &ieee->stats;
31b59eae	230	int ether_type, encrypt, host_encrypt, host_encrypt_msdu, host_build_iv;
b453872c JG	231	int bytes, fc, hdr_len;
b453872c JG	232	struct sk_buff *skb_frag;
ee34af37	233	struct ieee80211_hdr_3addr header = { /* Ensure zero initialized */
b453872c JG	234	.duration_id = 0,
	235	.seq_ctl = 0
	236	};
	237	u8 dest[ETH_ALEN], src[ETH_ALEN];
0edd5b44	238	struct ieee80211_crypt_data *crypt;
2c0aa2a5	239	int priority = skb->priority;
1264fc04	240	int snapped = 0;
b453872c	241
2c0aa2a5 JK	242	if (ieee->is_queue_full && (*ieee->is_queue_full) (dev, priority))
	243	return NETDEV_TX_BUSY;
	244
b453872c JG	245	spin_lock_irqsave(&ieee->lock, flags);
	246
	247	/* If there is no driver handler to take the TXB, dont' bother
	248	* creating it... */
	249	if (!ieee->hard_start_xmit) {
0edd5b44	250	printk(KERN_WARNING "%s: No xmit handler.\n", ieee->dev->name);
b453872c JG	251	goto success;
	252	}
	253
	254	if (unlikely(skb->len < SNAP_SIZE + sizeof(u16))) {
	255	printk(KERN_WARNING "%s: skb too small (%d).\n",
	256	ieee->dev->name, skb->len);
	257	goto success;
	258	}
	259
	260	ether_type = ntohs(((struct ethhdr *)skb->data)->h_proto);
	261
	262	crypt = ieee->crypt[ieee->tx_keyidx];
	263
	264	encrypt = !(ether_type == ETH_P_PAE && ieee->ieee802_1x) &&
f1bf6638	265	ieee->sec.encrypt;
31b59eae	266
f1bf6638	267	host_encrypt = ieee->host_encrypt && encrypt;
1264fc04	268	host_encrypt_msdu = ieee->host_encrypt_msdu && encrypt;
31b59eae	269	host_build_iv = ieee->host_build_iv && encrypt;
b453872c JG	270
	271	if (!encrypt && ieee->ieee802_1x &&
	272	ieee->drop_unencrypted && ether_type != ETH_P_PAE) {
	273	stats->tx_dropped++;
	274	goto success;
	275	}
	276
b453872c	277	/* Save source and destination addresses */
18294d87 JK	278	memcpy(dest, skb->data, ETH_ALEN);
18294d87 JK	279	memcpy(src, skb->data + ETH_ALEN, ETH_ALEN);
b453872c JG	280
	281	/* Advance the SKB to the start of the payload */
	282	skb_pull(skb, sizeof(struct ethhdr));
	283
	284	/* Determine total amount of storage required for TXB packets */
	285	bytes = skb->len + SNAP_SIZE + sizeof(u16);
	286
f1bf6638	287	if (host_encrypt)
b453872c	288	fc = IEEE80211_FTYPE_DATA \| IEEE80211_STYPE_DATA \|
0edd5b44	289	IEEE80211_FCTL_PROTECTED;
b453872c JG	290	else
	291	fc = IEEE80211_FTYPE_DATA \| IEEE80211_STYPE_DATA;
	292
	293	if (ieee->iw_mode == IW_MODE_INFRA) {
	294	fc \|= IEEE80211_FCTL_TODS;
1264fc04	295	/* To DS: Addr1 = BSSID, Addr2 = SA, Addr3 = DA */
18294d87 JK	296	memcpy(header.addr1, ieee->bssid, ETH_ALEN);
	297	memcpy(header.addr2, src, ETH_ALEN);
	298	memcpy(header.addr3, dest, ETH_ALEN);
b453872c	299	} else if (ieee->iw_mode == IW_MODE_ADHOC) {
1264fc04	300	/* not From/To DS: Addr1 = DA, Addr2 = SA, Addr3 = BSSID */
18294d87 JK	301	memcpy(header.addr1, dest, ETH_ALEN);
	302	memcpy(header.addr2, src, ETH_ALEN);
	303	memcpy(header.addr3, ieee->bssid, ETH_ALEN);
b453872c JG	304	}
	305	header.frame_ctl = cpu_to_le16(fc);
	306	hdr_len = IEEE80211_3ADDR_LEN;
	307
1264fc04 JK	308	/* Encrypt msdu first on the whole data packet. */
	309	if ((host_encrypt \|\| host_encrypt_msdu) &&
	310	crypt && crypt->ops && crypt->ops->encrypt_msdu) {
	311	int res = 0;
	312	int len = bytes + hdr_len + crypt->ops->extra_msdu_prefix_len +
	313	crypt->ops->extra_msdu_postfix_len;
	314	struct sk_buff *skb_new = dev_alloc_skb(len);
31b59eae	315
1264fc04 JK	316	if (unlikely(!skb_new))
1264fc04 JK	317	goto failed;
31b59eae	318
1264fc04 JK	319	skb_reserve(skb_new, crypt->ops->extra_msdu_prefix_len);
	320	memcpy(skb_put(skb_new, hdr_len), &header, hdr_len);
	321	snapped = 1;
	322	ieee80211_copy_snap(skb_put(skb_new, SNAP_SIZE + sizeof(u16)),
	323	ether_type);
	324	memcpy(skb_put(skb_new, skb->len), skb->data, skb->len);
	325	res = crypt->ops->encrypt_msdu(skb_new, hdr_len, crypt->priv);
	326	if (res < 0) {
	327	IEEE80211_ERROR("msdu encryption failed\n");
	328	dev_kfree_skb_any(skb_new);
	329	goto failed;
	330	}
	331	dev_kfree_skb_any(skb);
	332	skb = skb_new;
	333	bytes += crypt->ops->extra_msdu_prefix_len +
	334	crypt->ops->extra_msdu_postfix_len;
	335	skb_pull(skb, hdr_len);
	336	}
	337
	338	if (host_encrypt \|\| ieee->host_open_frag) {
	339	/* Determine fragmentation size based on destination (multicast
	340	* and broadcast are not fragmented) */
	341	if (is_multicast_ether_addr(dest))
	342	frag_size = MAX_FRAG_THRESHOLD;
	343	else
	344	frag_size = ieee->fts;
	345
	346	/* Determine amount of payload per fragment. Regardless of if
	347	* this stack is providing the full 802.11 header, one will
	348	* eventually be affixed to this fragment -- so we must account
	349	* for it when determining the amount of payload space. */
	350	bytes_per_frag = frag_size - IEEE80211_3ADDR_LEN;
	351	if (ieee->config &
	352	(CFG_IEEE80211_COMPUTE_FCS \| CFG_IEEE80211_RESERVE_FCS))
	353	bytes_per_frag -= IEEE80211_FCS_LEN;
	354
	355	/* Each fragment may need to have room for encryptiong
	356	* pre/postfix */
	357	if (host_encrypt)
	358	bytes_per_frag -= crypt->ops->extra_mpdu_prefix_len +
	359	crypt->ops->extra_mpdu_postfix_len;
	360
	361	/* Number of fragments is the total
	362	* bytes_per_frag / payload_per_fragment */
	363	nr_frags = bytes / bytes_per_frag;
	364	bytes_last_frag = bytes % bytes_per_frag;
	365	if (bytes_last_frag)
	366	nr_frags++;
	367	else
	368	bytes_last_frag = bytes_per_frag;
	369	} else {
	370	nr_frags = 1;
	371	bytes_per_frag = bytes_last_frag = bytes;
	372	frag_size = bytes + IEEE80211_3ADDR_LEN;
	373	}
b453872c	374
3cdd00c5 JK	375	rts_required = (frag_size > ieee->rts
	376	&& ieee->config & CFG_IEEE80211_RTS);
	377	if (rts_required)
	378	nr_frags++;
3cdd00c5	379
b453872c JG	380	/* When we allocate the TXB we allocate enough space for the reserve
	381	* and full fragment bytes (bytes_per_frag doesn't include prefix,
	382	* postfix, header, FCS, etc.) */
	383	txb = ieee80211_alloc_txb(nr_frags, frag_size, GFP_ATOMIC);
	384	if (unlikely(!txb)) {
	385	printk(KERN_WARNING "%s: Could not allocate TXB\n",
	386	ieee->dev->name);
	387	goto failed;
	388	}
	389	txb->encrypted = encrypt;
1264fc04 JK	390	if (host_encrypt)
	391	txb->payload_size = frag_size * (nr_frags - 1) +
	392	bytes_last_frag;
	393	else
	394	txb->payload_size = bytes;
b453872c	395
3cdd00c5 JK	396	if (rts_required) {
	397	skb_frag = txb->fragments[0];
	398	frag_hdr =
	399	(struct ieee80211_hdr_3addr *)skb_put(skb_frag, hdr_len);
	400
	401	/*
	402	* Set header frame_ctl to the RTS.
	403	*/
	404	header.frame_ctl =
	405	cpu_to_le16(IEEE80211_FTYPE_CTL \| IEEE80211_STYPE_RTS);
	406	memcpy(frag_hdr, &header, hdr_len);
	407
	408	/*
	409	* Restore header frame_ctl to the original data setting.
	410	*/
	411	header.frame_ctl = cpu_to_le16(fc);
	412
	413	if (ieee->config &
	414	(CFG_IEEE80211_COMPUTE_FCS \| CFG_IEEE80211_RESERVE_FCS))
	415	skb_put(skb_frag, 4);
	416
	417	txb->rts_included = 1;
	418	i = 1;
	419	} else
	420	i = 0;
	421
	422	for (; i < nr_frags; i++) {
b453872c JG	423	skb_frag = txb->fragments[i];
b453872c JG	424
31b59eae	425	if (host_encrypt \|\| host_build_iv)
1264fc04 JK	426	skb_reserve(skb_frag,
1264fc04 JK	427	crypt->ops->extra_mpdu_prefix_len);
b453872c	428
ee34af37 JK	429	frag_hdr =
ee34af37 JK	430	(struct ieee80211_hdr_3addr *)skb_put(skb_frag, hdr_len);
b453872c JG	431	memcpy(frag_hdr, &header, hdr_len);
	432
	433	/* If this is not the last fragment, then add the MOREFRAGS
	434	* bit to the frame control */
	435	if (i != nr_frags - 1) {
0edd5b44 JG	436	frag_hdr->frame_ctl =
0edd5b44 JG	437	cpu_to_le16(fc \| IEEE80211_FCTL_MOREFRAGS);
b453872c JG	438	bytes = bytes_per_frag;
	439	} else {
	440	/* The last fragment takes the remaining length */
	441	bytes = bytes_last_frag;
	442	}
	443
1264fc04 JK	444	if (i == 0 && !snapped) {
	445	ieee80211_copy_snap(skb_put
	446	(skb_frag, SNAP_SIZE + sizeof(u16)),
	447	ether_type);
b453872c JG	448	bytes -= SNAP_SIZE + sizeof(u16);
	449	}
	450
	451	memcpy(skb_put(skb_frag, bytes), skb->data, bytes);
	452
	453	/* Advance the SKB... */
	454	skb_pull(skb, bytes);
	455
	456	/* Encryption routine will move the header forward in order
	457	* to insert the IV between the header and the payload */
f1bf6638	458	if (host_encrypt)
b453872c	459	ieee80211_encrypt_fragment(ieee, skb_frag, hdr_len);
31b59eae JK	460	else if (host_build_iv) {
	461	struct ieee80211_crypt_data *crypt;
	462
	463	crypt = ieee->crypt[ieee->tx_keyidx];
	464	atomic_inc(&crypt->refcnt);
	465	if (crypt->ops->build_iv)
	466	crypt->ops->build_iv(skb_frag, hdr_len,
	467	crypt->priv);
	468	atomic_dec(&crypt->refcnt);
	469	}
f1bf6638	470
b453872c JG	471	if (ieee->config &
	472	(CFG_IEEE80211_COMPUTE_FCS \| CFG_IEEE80211_RESERVE_FCS))
	473	skb_put(skb_frag, 4);
	474	}
	475
0edd5b44	476	success:
b453872c JG	477	spin_unlock_irqrestore(&ieee->lock, flags);
	478
	479	dev_kfree_skb_any(skb);
	480
	481	if (txb) {
9e8571af	482	int ret = (*ieee->hard_start_xmit) (txb, dev, priority);
1264fc04	483	if (ret == 0) {
b453872c JG	484	stats->tx_packets++;
	485	stats->tx_bytes += txb->payload_size;
	486	return 0;
	487	}
2c0aa2a5 JK	488
	489	if (ret == NETDEV_TX_BUSY) {
	490	printk(KERN_ERR "%s: NETDEV_TX_BUSY returned; "
	491	"driver should report queue full via "
	492	"ieee_device->is_queue_full.\n",
	493	ieee->dev->name);
	494	}
	495
b453872c JG	496	ieee80211_txb_free(txb);
	497	}
	498
	499	return 0;
	500
0edd5b44	501	failed:
b453872c JG	502	spin_unlock_irqrestore(&ieee->lock, flags);
	503	netif_stop_queue(dev);
	504	stats->tx_errors++;
	505	return 1;
3f552bbf JK	506	}
	507
	508	/* Incoming 802.11 strucure is converted to a TXB
	509	* a block of 802.11 fragment packets (stored as skbs) */
	510	int ieee80211_tx_frame(struct ieee80211_device *ieee,
	511	struct ieee80211_hdr *frame, int len)
	512	{
	513	struct ieee80211_txb *txb = NULL;
	514	unsigned long flags;
	515	struct net_device_stats *stats = &ieee->stats;
	516	struct sk_buff *skb_frag;
9e8571af	517	int priority = -1;
3f552bbf JK	518
	519	spin_lock_irqsave(&ieee->lock, flags);
	520
	521	/* If there is no driver handler to take the TXB, dont' bother
	522	* creating it... */
	523	if (!ieee->hard_start_xmit) {
	524	printk(KERN_WARNING "%s: No xmit handler.\n", ieee->dev->name);
	525	goto success;
	526	}
b453872c	527
3f552bbf JK	528	if (unlikely(len < 24)) {
	529	printk(KERN_WARNING "%s: skb too small (%d).\n",
	530	ieee->dev->name, len);
	531	goto success;
	532	}
	533
	534	/* When we allocate the TXB we allocate enough space for the reserve
	535	* and full fragment bytes (bytes_per_frag doesn't include prefix,
	536	* postfix, header, FCS, etc.) */
	537	txb = ieee80211_alloc_txb(1, len, GFP_ATOMIC);
	538	if (unlikely(!txb)) {
	539	printk(KERN_WARNING "%s: Could not allocate TXB\n",
	540	ieee->dev->name);
	541	goto failed;
	542	}
	543	txb->encrypted = 0;
	544	txb->payload_size = len;
	545
	546	skb_frag = txb->fragments[0];
	547
	548	memcpy(skb_put(skb_frag, len), frame, len);
	549
	550	if (ieee->config &
	551	(CFG_IEEE80211_COMPUTE_FCS \| CFG_IEEE80211_RESERVE_FCS))
	552	skb_put(skb_frag, 4);
	553
	554	success:
	555	spin_unlock_irqrestore(&ieee->lock, flags);
	556
	557	if (txb) {
9e8571af	558	if ((*ieee->hard_start_xmit) (txb, ieee->dev, priority) == 0) {
3f552bbf JK	559	stats->tx_packets++;
	560	stats->tx_bytes += txb->payload_size;
	561	return 0;
	562	}
	563	ieee80211_txb_free(txb);
	564	}
	565	return 0;
	566
	567	failed:
	568	spin_unlock_irqrestore(&ieee->lock, flags);
	569	stats->tx_errors++;
	570	return 1;
b453872c JG	571	}
b453872c JG	572
3f552bbf	573	EXPORT_SYMBOL(ieee80211_tx_frame);
b453872c	574	EXPORT_SYMBOL(ieee80211_txb_free);