[deliverable/linux.git] / net / ieee80211 / ieee80211_tx.c

/******************************************************************************

  Copyright(c) 2003 - 2005 Intel Corporation. All rights reserved.

  This program is free software; you can redistribute it and/or modify it
  under the terms of version 2 of the GNU General Public License as
  published by the Free Software Foundation.

  This program is distributed in the hope that it will be useful, but WITHOUT
  ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
  more details.

  You should have received a copy of the GNU General Public License along with
  this program; if not, write to the Free Software Foundation, Inc., 59
  Temple Place - Suite 330, Boston, MA  02111-1307, USA.

  The full GNU General Public License is included in this distribution in the
  file called LICENSE.

  Contact Information:
  James P. Ketrenos <ipw2100-admin@linux.intel.com>
  Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497

******************************************************************************/
#include <linux/compiler.h>
#include <linux/config.h>
#include <linux/errno.h>
#include <linux/if_arp.h>
#include <linux/in6.h>
#include <linux/in.h>
#include <linux/ip.h>
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/netdevice.h>
#include <linux/proc_fs.h>
#include <linux/skbuff.h>
#include <linux/slab.h>
#include <linux/tcp.h>
#include <linux/types.h>
#include <linux/version.h>
#include <linux/wireless.h>
#include <linux/etherdevice.h>
#include <asm/uaccess.h>

#include <net/ieee80211.h>

/*

802.11 Data Frame

      ,-------------------------------------------------------------------.
Bytes |  2   |  2   |    6    |    6    |    6    |  2   | 0..2312 |   4  |
      |------|------|---------|---------|---------|------|---------|------|
Desc. | ctrl | dura |  DA/RA  |   TA    |    SA   | Sequ |  Frame  |  fcs |
      |      | tion | (BSSID) |         |         | ence |  data   |      |
      `--------------------------------------------------|         |------'
Total: 28 non-data bytes                                 `----.----'
                                                              |
       .- 'Frame data' expands to <---------------------------'
       |
       V
      ,---------------------------------------------------.
Bytes |  1   |  1   |    1    |    3     |  2   |  0-2304 |
      |------|------|---------|----------|------|---------|
Desc. | SNAP | SNAP | Control |Eth Tunnel| Type | IP      |
      | DSAP | SSAP |         |          |      | Packet  |
      | 0xAA | 0xAA |0x03 (UI)|0x00-00-F8|      |         |
      `-----------------------------------------|         |
Total: 8 non-data bytes                         `----.----'
                                                     |
       .- 'IP Packet' expands, if WEP enabled, to <--'
       |
       V
      ,-----------------------.
Bytes |  4  |   0-2296  |  4  |
      |-----|-----------|-----|
Desc. | IV  | Encrypted | ICV |
      |     | IP Packet |     |
      `-----------------------'
Total: 8 non-data bytes

802.3 Ethernet Data Frame

      ,-----------------------------------------.
Bytes |   6   |   6   |  2   |  Variable |   4  |
      |-------|-------|------|-----------|------|
Desc. | Dest. | Source| Type | IP Packet |  fcs |
      |  MAC  |  MAC  |      |           |      |
      `-----------------------------------------'
Total: 18 non-data bytes

In the event that fragmentation is required, the incoming payload is split into
N parts of size ieee->fts.  The first fragment contains the SNAP header and the
remaining packets are just data.

If encryption is enabled, each fragment payload size is reduced by enough space
to add the prefix and postfix (IV and ICV totalling 8 bytes in the case of WEP)
So if you have 1500 bytes of payload with ieee->fts set to 500 without
encryption it will take 3 frames.  With WEP it will take 4 frames as the
payload of each frame is reduced to 492 bytes.

* SKB visualization
*
*  ,- skb->data
* |
* |    ETHERNET HEADER        ,-<-- PAYLOAD
* |                           |     14 bytes from skb->data
* |  2 bytes for Type --> ,T. |     (sizeof ethhdr)
* |                       | | |
* |,-Dest.--. ,--Src.---. | | |
* |  6 bytes| | 6 bytes | | | |
* v         | |         | | | |
* 0         | v       1 | v | v           2
* 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
*     ^     | ^         | ^ |
*     |     | |         | | |
*     |     | |         | `T' <---- 2 bytes for Type
*     |     | |         |
*     |     | '---SNAP--' <-------- 6 bytes for SNAP
*     |     |
*     `-IV--' <-------------------- 4 bytes for IV (WEP)
*
*      SNAP HEADER
*
*/

static u8 P802_1H_OUI[P80211_OUI_LEN] = { 0x00, 0x00, 0xf8 };
static u8 RFC1042_OUI[P80211_OUI_LEN] = { 0x00, 0x00, 0x00 };

static inline int ieee80211_copy_snap(u8 * data, u16 h_proto)
{
	struct ieee80211_snap_hdr *snap;
	u8 *oui;

	snap = (struct ieee80211_snap_hdr *)data;
	snap->dsap = 0xaa;
	snap->ssap = 0xaa;
	snap->ctrl = 0x03;

	if (h_proto == 0x8137 || h_proto == 0x80f3)
		oui = P802_1H_OUI;
	else
		oui = RFC1042_OUI;
	snap->oui[0] = oui[0];
	snap->oui[1] = oui[1];
	snap->oui[2] = oui[2];

	*(u16 *) (data + SNAP_SIZE) = htons(h_proto);

	return SNAP_SIZE + sizeof(u16);
}

static inline int ieee80211_encrypt_fragment(struct ieee80211_device *ieee,
					     struct sk_buff *frag, int hdr_len)
{
	struct ieee80211_crypt_data *crypt = ieee->crypt[ieee->tx_keyidx];
	int res;

	/* To encrypt, frame format is:
	 * IV (4 bytes), clear payload (including SNAP), ICV (4 bytes) */
	atomic_inc(&crypt->refcnt);
	res = 0;
	if (crypt->ops->encrypt_mpdu)
		res = crypt->ops->encrypt_mpdu(frag, hdr_len, crypt->priv);

	atomic_dec(&crypt->refcnt);
	if (res < 0) {
		printk(KERN_INFO "%s: Encryption failed: len=%d.\n",
		       ieee->dev->name, frag->len);
		ieee->ieee_stats.tx_discards++;
		return -1;
	}

	return 0;
}

void ieee80211_txb_free(struct ieee80211_txb *txb)
{
	int i;
	if (unlikely(!txb))
		return;
	for (i = 0; i < txb->nr_frags; i++)
		if (txb->fragments[i])
			dev_kfree_skb_any(txb->fragments[i]);
	kfree(txb);
}

static struct ieee80211_txb *ieee80211_alloc_txb(int nr_frags, int txb_size,
						 gfp_t gfp_mask)
{
	struct ieee80211_txb *txb;
	int i;
	txb = kmalloc(sizeof(struct ieee80211_txb) + (sizeof(u8 *) * nr_frags),
		      gfp_mask);
	if (!txb)
		return NULL;

	memset(txb, 0, sizeof(struct ieee80211_txb));
	txb->nr_frags = nr_frags;
	txb->frag_size = txb_size;

	for (i = 0; i < nr_frags; i++) {
		txb->fragments[i] = dev_alloc_skb(txb_size);
		if (unlikely(!txb->fragments[i])) {
			i--;
			break;
		}
	}
	if (unlikely(i != nr_frags)) {
		while (i >= 0)
			dev_kfree_skb_any(txb->fragments[i--]);
		kfree(txb);
		return NULL;
	}
	return txb;
}

/* Incoming skb is converted to a txb which consists of
 * a block of 802.11 fragment packets (stored as skbs) */
int ieee80211_xmit(struct sk_buff *skb, struct net_device *dev)
{
	struct ieee80211_device *ieee = netdev_priv(dev);
	struct ieee80211_txb *txb = NULL;
	struct ieee80211_hdr_3addr *frag_hdr;
	int i, bytes_per_frag, nr_frags, bytes_last_frag, frag_size,
	    rts_required;
	unsigned long flags;
	struct net_device_stats *stats = &ieee->stats;
	int ether_type, encrypt, host_encrypt, host_encrypt_msdu, host_build_iv;
	int bytes, fc, hdr_len;
	struct sk_buff *skb_frag;
	struct ieee80211_hdr_3addr header = {	/* Ensure zero initialized */
		.duration_id = 0,
		.seq_ctl = 0
	};
	u8 dest[ETH_ALEN], src[ETH_ALEN];
	struct ieee80211_crypt_data *crypt;
	int priority = skb->priority;
	int snapped = 0;

	if (ieee->is_queue_full && (*ieee->is_queue_full) (dev, priority))
		return NETDEV_TX_BUSY;

	spin_lock_irqsave(&ieee->lock, flags);

	/* If there is no driver handler to take the TXB, dont' bother
	 * creating it... */
	if (!ieee->hard_start_xmit) {
		printk(KERN_WARNING "%s: No xmit handler.\n", ieee->dev->name);
		goto success;
	}

	if (unlikely(skb->len < SNAP_SIZE + sizeof(u16))) {
		printk(KERN_WARNING "%s: skb too small (%d).\n",
		       ieee->dev->name, skb->len);
		goto success;
	}

	ether_type = ntohs(((struct ethhdr *)skb->data)->h_proto);

	crypt = ieee->crypt[ieee->tx_keyidx];

	encrypt = !(ether_type == ETH_P_PAE && ieee->ieee802_1x) &&
	    ieee->sec.encrypt;

	host_encrypt = ieee->host_encrypt && encrypt;
	host_encrypt_msdu = ieee->host_encrypt_msdu && encrypt;
	host_build_iv = ieee->host_build_iv && encrypt;

	if (!encrypt && ieee->ieee802_1x &&
	    ieee->drop_unencrypted && ether_type != ETH_P_PAE) {
		stats->tx_dropped++;
		goto success;
	}

	/* Save source and destination addresses */
	memcpy(dest, skb->data, ETH_ALEN);
	memcpy(src, skb->data + ETH_ALEN, ETH_ALEN);

	/* Advance the SKB to the start of the payload */
	skb_pull(skb, sizeof(struct ethhdr));

	/* Determine total amount of storage required for TXB packets */
	bytes = skb->len + SNAP_SIZE + sizeof(u16);

	if (host_encrypt)
		fc = IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA |
		    IEEE80211_FCTL_PROTECTED;
	else
		fc = IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA;

	if (ieee->iw_mode == IW_MODE_INFRA) {
		fc |= IEEE80211_FCTL_TODS;
		/* To DS: Addr1 = BSSID, Addr2 = SA, Addr3 = DA */
		memcpy(header.addr1, ieee->bssid, ETH_ALEN);
		memcpy(header.addr2, src, ETH_ALEN);
		memcpy(header.addr3, dest, ETH_ALEN);
	} else if (ieee->iw_mode == IW_MODE_ADHOC) {
		/* not From/To DS: Addr1 = DA, Addr2 = SA, Addr3 = BSSID */
		memcpy(header.addr1, dest, ETH_ALEN);
		memcpy(header.addr2, src, ETH_ALEN);
		memcpy(header.addr3, ieee->bssid, ETH_ALEN);
	}
	header.frame_ctl = cpu_to_le16(fc);
	hdr_len = IEEE80211_3ADDR_LEN;

	/* Encrypt msdu first on the whole data packet. */
	if ((host_encrypt || host_encrypt_msdu) &&
	    crypt && crypt->ops && crypt->ops->encrypt_msdu) {
		int res = 0;
		int len = bytes + hdr_len + crypt->ops->extra_msdu_prefix_len +
		    crypt->ops->extra_msdu_postfix_len;
		struct sk_buff *skb_new = dev_alloc_skb(len);

		if (unlikely(!skb_new))
			goto failed;

		skb_reserve(skb_new, crypt->ops->extra_msdu_prefix_len);
		memcpy(skb_put(skb_new, hdr_len), &header, hdr_len);
		snapped = 1;
		ieee80211_copy_snap(skb_put(skb_new, SNAP_SIZE + sizeof(u16)),
				    ether_type);
		memcpy(skb_put(skb_new, skb->len), skb->data, skb->len);
		res = crypt->ops->encrypt_msdu(skb_new, hdr_len, crypt->priv);
		if (res < 0) {
			IEEE80211_ERROR("msdu encryption failed\n");
			dev_kfree_skb_any(skb_new);
			goto failed;
		}
		dev_kfree_skb_any(skb);
		skb = skb_new;
		bytes += crypt->ops->extra_msdu_prefix_len +
		    crypt->ops->extra_msdu_postfix_len;
		skb_pull(skb, hdr_len);
	}

	if (host_encrypt || ieee->host_open_frag) {
		/* Determine fragmentation size based on destination (multicast
		 * and broadcast are not fragmented) */
		if (is_multicast_ether_addr(dest) ||
		    is_broadcast_ether_addr(dest))
			frag_size = MAX_FRAG_THRESHOLD;
		else
			frag_size = ieee->fts;

		/* Determine amount of payload per fragment.  Regardless of if
		 * this stack is providing the full 802.11 header, one will
		 * eventually be affixed to this fragment -- so we must account
		 * for it when determining the amount of payload space. */
		bytes_per_frag = frag_size - IEEE80211_3ADDR_LEN;
		if (ieee->config &
		    (CFG_IEEE80211_COMPUTE_FCS | CFG_IEEE80211_RESERVE_FCS))
			bytes_per_frag -= IEEE80211_FCS_LEN;

		/* Each fragment may need to have room for encryptiong
		 * pre/postfix */
		if (host_encrypt)
			bytes_per_frag -= crypt->ops->extra_mpdu_prefix_len +
			    crypt->ops->extra_mpdu_postfix_len;

		/* Number of fragments is the total
		 * bytes_per_frag / payload_per_fragment */
		nr_frags = bytes / bytes_per_frag;
		bytes_last_frag = bytes % bytes_per_frag;
		if (bytes_last_frag)
			nr_frags++;
		else
			bytes_last_frag = bytes_per_frag;
	} else {
		nr_frags = 1;
		bytes_per_frag = bytes_last_frag = bytes;
		frag_size = bytes + IEEE80211_3ADDR_LEN;
	}

	rts_required = (frag_size > ieee->rts
			&& ieee->config & CFG_IEEE80211_RTS);
	if (rts_required)
		nr_frags++;

	/* When we allocate the TXB we allocate enough space for the reserve
	 * and full fragment bytes (bytes_per_frag doesn't include prefix,
	 * postfix, header, FCS, etc.) */
	txb = ieee80211_alloc_txb(nr_frags, frag_size, GFP_ATOMIC);
	if (unlikely(!txb)) {
		printk(KERN_WARNING "%s: Could not allocate TXB\n",
		       ieee->dev->name);
		goto failed;
	}
	txb->encrypted = encrypt;
	if (host_encrypt)
		txb->payload_size = frag_size * (nr_frags - 1) +
		    bytes_last_frag;
	else
		txb->payload_size = bytes;

	if (rts_required) {
		skb_frag = txb->fragments[0];
		frag_hdr =
		    (struct ieee80211_hdr_3addr *)skb_put(skb_frag, hdr_len);

		/*
		 * Set header frame_ctl to the RTS.
		 */
		header.frame_ctl =
		    cpu_to_le16(IEEE80211_FTYPE_CTL | IEEE80211_STYPE_RTS);
		memcpy(frag_hdr, &header, hdr_len);

		/*
		 * Restore header frame_ctl to the original data setting.
		 */
		header.frame_ctl = cpu_to_le16(fc);

		if (ieee->config &
		    (CFG_IEEE80211_COMPUTE_FCS | CFG_IEEE80211_RESERVE_FCS))
			skb_put(skb_frag, 4);

		txb->rts_included = 1;
		i = 1;
	} else
		i = 0;

	for (; i < nr_frags; i++) {
		skb_frag = txb->fragments[i];

		if (host_encrypt || host_build_iv)
			skb_reserve(skb_frag,
				    crypt->ops->extra_mpdu_prefix_len);

		frag_hdr =
		    (struct ieee80211_hdr_3addr *)skb_put(skb_frag, hdr_len);
		memcpy(frag_hdr, &header, hdr_len);

		/* If this is not the last fragment, then add the MOREFRAGS
		 * bit to the frame control */
		if (i != nr_frags - 1) {
			frag_hdr->frame_ctl =
			    cpu_to_le16(fc | IEEE80211_FCTL_MOREFRAGS);
			bytes = bytes_per_frag;
		} else {
			/* The last fragment takes the remaining length */
			bytes = bytes_last_frag;
		}

		if (i == 0 && !snapped) {
			ieee80211_copy_snap(skb_put
					    (skb_frag, SNAP_SIZE + sizeof(u16)),
					    ether_type);
			bytes -= SNAP_SIZE + sizeof(u16);
		}

		memcpy(skb_put(skb_frag, bytes), skb->data, bytes);

		/* Advance the SKB... */
		skb_pull(skb, bytes);

		/* Encryption routine will move the header forward in order
		 * to insert the IV between the header and the payload */
		if (host_encrypt)
			ieee80211_encrypt_fragment(ieee, skb_frag, hdr_len);
		else if (host_build_iv) {
			struct ieee80211_crypt_data *crypt;

			crypt = ieee->crypt[ieee->tx_keyidx];
			atomic_inc(&crypt->refcnt);
			if (crypt->ops->build_iv)
				crypt->ops->build_iv(skb_frag, hdr_len,
						     crypt->priv);
			atomic_dec(&crypt->refcnt);
		}

		if (ieee->config &
		    (CFG_IEEE80211_COMPUTE_FCS | CFG_IEEE80211_RESERVE_FCS))
			skb_put(skb_frag, 4);
	}

      success:
	spin_unlock_irqrestore(&ieee->lock, flags);

	dev_kfree_skb_any(skb);

	if (txb) {
		int ret = (*ieee->hard_start_xmit) (txb, dev, priority);
		if (ret == 0) {
			stats->tx_packets++;
			stats->tx_bytes += txb->payload_size;
			return 0;
		}

		if (ret == NETDEV_TX_BUSY) {
			printk(KERN_ERR "%s: NETDEV_TX_BUSY returned; "
			       "driver should report queue full via "
			       "ieee_device->is_queue_full.\n",
			       ieee->dev->name);
		}

		ieee80211_txb_free(txb);
	}

	return 0;

      failed:
	spin_unlock_irqrestore(&ieee->lock, flags);
	netif_stop_queue(dev);
	stats->tx_errors++;
	return 1;
}

/* Incoming 802.11 strucure is converted to a TXB
 * a block of 802.11 fragment packets (stored as skbs) */
int ieee80211_tx_frame(struct ieee80211_device *ieee,
		       struct ieee80211_hdr *frame, int len)
{
	struct ieee80211_txb *txb = NULL;
	unsigned long flags;
	struct net_device_stats *stats = &ieee->stats;
	struct sk_buff *skb_frag;
	int priority = -1;

	spin_lock_irqsave(&ieee->lock, flags);

	/* If there is no driver handler to take the TXB, dont' bother
	 * creating it... */
	if (!ieee->hard_start_xmit) {
		printk(KERN_WARNING "%s: No xmit handler.\n", ieee->dev->name);
		goto success;
	}

	if (unlikely(len < 24)) {
		printk(KERN_WARNING "%s: skb too small (%d).\n",
		       ieee->dev->name, len);
		goto success;
	}

	/* When we allocate the TXB we allocate enough space for the reserve
	 * and full fragment bytes (bytes_per_frag doesn't include prefix,
	 * postfix, header, FCS, etc.) */
	txb = ieee80211_alloc_txb(1, len, GFP_ATOMIC);
	if (unlikely(!txb)) {
		printk(KERN_WARNING "%s: Could not allocate TXB\n",
		       ieee->dev->name);
		goto failed;
	}
	txb->encrypted = 0;
	txb->payload_size = len;

	skb_frag = txb->fragments[0];

	memcpy(skb_put(skb_frag, len), frame, len);

	if (ieee->config &
	    (CFG_IEEE80211_COMPUTE_FCS | CFG_IEEE80211_RESERVE_FCS))
		skb_put(skb_frag, 4);

      success:
	spin_unlock_irqrestore(&ieee->lock, flags);

	if (txb) {
		if ((*ieee->hard_start_xmit) (txb, ieee->dev, priority) == 0) {
			stats->tx_packets++;
			stats->tx_bytes += txb->payload_size;
			return 0;
		}
		ieee80211_txb_free(txb);
	}
	return 0;

      failed:
	spin_unlock_irqrestore(&ieee->lock, flags);
	stats->tx_errors++;
	return 1;
}

EXPORT_SYMBOL(ieee80211_tx_frame);
EXPORT_SYMBOL(ieee80211_txb_free);
Commit	Line	Data
b453872c JG	1	/******************************************************************************
b453872c JG	2
ebeaddcc	3	Copyright(c) 2003 - 2005 Intel Corporation. All rights reserved.
b453872c JG	4
	5	This program is free software; you can redistribute it and/or modify it
	6	under the terms of version 2 of the GNU General Public License as
	7	published by the Free Software Foundation.
	8
	9	This program is distributed in the hope that it will be useful, but WITHOUT
	10	ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
	11	FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
	12	more details.
	13
	14	You should have received a copy of the GNU General Public License along with
	15	this program; if not, write to the Free Software Foundation, Inc., 59
	16	Temple Place - Suite 330, Boston, MA 02111-1307, USA.
	17
	18	The full GNU General Public License is included in this distribution in the
	19	file called LICENSE.
	20
	21	Contact Information:
	22	James P. Ketrenos <ipw2100-admin@linux.intel.com>
	23	Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497
	24
	25	******************************************************************************/
	26	#include <linux/compiler.h>
	27	#include <linux/config.h>
	28	#include <linux/errno.h>
	29	#include <linux/if_arp.h>
	30	#include <linux/in6.h>
	31	#include <linux/in.h>
	32	#include <linux/ip.h>
	33	#include <linux/kernel.h>
	34	#include <linux/module.h>
	35	#include <linux/netdevice.h>
b453872c JG	36	#include <linux/proc_fs.h>
	37	#include <linux/skbuff.h>
	38	#include <linux/slab.h>
	39	#include <linux/tcp.h>
	40	#include <linux/types.h>
	41	#include <linux/version.h>
	42	#include <linux/wireless.h>
	43	#include <linux/etherdevice.h>
	44	#include <asm/uaccess.h>
	45
	46	#include <net/ieee80211.h>
	47
b453872c JG	48	/*
b453872c JG	49
b453872c JG	50	802.11 Data Frame
	51
	52	,-------------------------------------------------------------------.
	53	Bytes \| 2 \| 2 \| 6 \| 6 \| 6 \| 2 \| 0..2312 \| 4 \|
	54	\|------\|------\|---------\|---------\|---------\|------\|---------\|------\|
	55	Desc. \| ctrl \| dura \| DA/RA \| TA \| SA \| Sequ \| Frame \| fcs \|
	56	\| \| tion \| (BSSID) \| \| \| ence \| data \| \|
	57	`--------------------------------------------------\| \|------'
	58	Total: 28 non-data bytes `----.----'
	59	\|
	60	.- 'Frame data' expands to <---------------------------'
	61	\|
	62	V
	63	,---------------------------------------------------.
	64	Bytes \| 1 \| 1 \| 1 \| 3 \| 2 \| 0-2304 \|
	65	\|------\|------\|---------\|----------\|------\|---------\|
	66	Desc. \| SNAP \| SNAP \| Control \|Eth Tunnel\| Type \| IP \|
	67	\| DSAP \| SSAP \| \| \| \| Packet \|
	68	\| 0xAA \| 0xAA \|0x03 (UI)\|0x00-00-F8\| \| \|
	69	`-----------------------------------------\| \|
	70	Total: 8 non-data bytes `----.----'
	71	\|
	72	.- 'IP Packet' expands, if WEP enabled, to <--'
	73	\|
	74	V
	75	,-----------------------.
	76	Bytes \| 4 \| 0-2296 \| 4 \|
	77	\|-----\|-----------\|-----\|
	78	Desc. \| IV \| Encrypted \| ICV \|
	79	\| \| IP Packet \| \|
	80	`-----------------------'
	81	Total: 8 non-data bytes
	82
b453872c JG	83	802.3 Ethernet Data Frame
	84
	85	,-----------------------------------------.
	86	Bytes \| 6 \| 6 \| 2 \| Variable \| 4 \|
	87	\|-------\|-------\|------\|-----------\|------\|
	88	Desc. \| Dest. \| Source\| Type \| IP Packet \| fcs \|
	89	\| MAC \| MAC \| \| \| \|
	90	`-----------------------------------------'
	91	Total: 18 non-data bytes
	92
	93	In the event that fragmentation is required, the incoming payload is split into
	94	N parts of size ieee->fts. The first fragment contains the SNAP header and the
	95	remaining packets are just data.
	96
	97	If encryption is enabled, each fragment payload size is reduced by enough space
	98	to add the prefix and postfix (IV and ICV totalling 8 bytes in the case of WEP)
	99	So if you have 1500 bytes of payload with ieee->fts set to 500 without
	100	encryption it will take 3 frames. With WEP it will take 4 frames as the
	101	payload of each frame is reduced to 492 bytes.
	102
	103	* SKB visualization
	104	*
	105	* ,- skb->data
	106	* \|
	107	* \| ETHERNET HEADER ,-<-- PAYLOAD
	108	* \| \| 14 bytes from skb->data
	109	* \| 2 bytes for Type --> ,T. \| (sizeof ethhdr)
	110	* \| \| \| \|
	111	* \|,-Dest.--. ,--Src.---. \| \| \|
	112	* \| 6 bytes\| \| 6 bytes \| \| \| \|
	113	* v \| \| \| \| \| \|
	114	* 0 \| v 1 \| v \| v 2
	115	* 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
	116	* ^ \| ^ \| ^ \|
	117	* \| \| \| \| \| \|
	118	* \| \| \| \| `T' <---- 2 bytes for Type
	119	* \| \| \| \|
	120	* \| \| '---SNAP--' <-------- 6 bytes for SNAP
	121	* \| \|
	122	* `-IV--' <-------------------- 4 bytes for IV (WEP)
	123	*
	124	* SNAP HEADER
	125	*
	126	*/
	127
	128	static u8 P802_1H_OUI[P80211_OUI_LEN] = { 0x00, 0x00, 0xf8 };
	129	static u8 RFC1042_OUI[P80211_OUI_LEN] = { 0x00, 0x00, 0x00 };
	130
1264fc04	131	static inline int ieee80211_copy_snap(u8 * data, u16 h_proto)
b453872c JG	132	{
	133	struct ieee80211_snap_hdr *snap;
	134	u8 *oui;
	135
	136	snap = (struct ieee80211_snap_hdr *)data;
	137	snap->dsap = 0xaa;
	138	snap->ssap = 0xaa;
	139	snap->ctrl = 0x03;
	140
	141	if (h_proto == 0x8137 \|\| h_proto == 0x80f3)
	142	oui = P802_1H_OUI;
	143	else
	144	oui = RFC1042_OUI;
	145	snap->oui[0] = oui[0];
	146	snap->oui[1] = oui[1];
	147	snap->oui[2] = oui[2];
	148
0edd5b44	149	(u16 ) (data + SNAP_SIZE) = htons(h_proto);
b453872c JG	150
	151	return SNAP_SIZE + sizeof(u16);
	152	}
	153
0edd5b44 JG	154	static inline int ieee80211_encrypt_fragment(struct ieee80211_device *ieee,
0edd5b44 JG	155	struct sk_buff *frag, int hdr_len)
b453872c	156	{
0edd5b44	157	struct ieee80211_crypt_data *crypt = ieee->crypt[ieee->tx_keyidx];
b453872c JG	158	int res;
b453872c JG	159
b453872c JG	160	/* To encrypt, frame format is:
b453872c JG	161	* IV (4 bytes), clear payload (including SNAP), ICV (4 bytes) */
b453872c JG	162	atomic_inc(&crypt->refcnt);
b453872c JG	163	res = 0;
1264fc04	164	if (crypt->ops->encrypt_mpdu)
b453872c JG	165	res = crypt->ops->encrypt_mpdu(frag, hdr_len, crypt->priv);
	166
	167	atomic_dec(&crypt->refcnt);
	168	if (res < 0) {
	169	printk(KERN_INFO "%s: Encryption failed: len=%d.\n",
	170	ieee->dev->name, frag->len);
	171	ieee->ieee_stats.tx_discards++;
	172	return -1;
	173	}
	174
	175	return 0;
	176	}
	177
0edd5b44 JG	178	void ieee80211_txb_free(struct ieee80211_txb *txb)
0edd5b44 JG	179	{
b453872c JG	180	int i;
	181	if (unlikely(!txb))
	182	return;
	183	for (i = 0; i < txb->nr_frags; i++)
	184	if (txb->fragments[i])
	185	dev_kfree_skb_any(txb->fragments[i]);
	186	kfree(txb);
	187	}
	188
e157249d	189	static struct ieee80211_txb *ieee80211_alloc_txb(int nr_frags, int txb_size,
dd0fc66f	190	gfp_t gfp_mask)
b453872c JG	191	{
	192	struct ieee80211_txb *txb;
	193	int i;
0edd5b44 JG	194	txb = kmalloc(sizeof(struct ieee80211_txb) + (sizeof(u8 ) nr_frags),
0edd5b44 JG	195	gfp_mask);
b453872c JG	196	if (!txb)
	197	return NULL;
	198
0a989b24	199	memset(txb, 0, sizeof(struct ieee80211_txb));
b453872c JG	200	txb->nr_frags = nr_frags;
	201	txb->frag_size = txb_size;
	202
	203	for (i = 0; i < nr_frags; i++) {
	204	txb->fragments[i] = dev_alloc_skb(txb_size);
	205	if (unlikely(!txb->fragments[i])) {
	206	i--;
	207	break;
	208	}
	209	}
	210	if (unlikely(i != nr_frags)) {
	211	while (i >= 0)
	212	dev_kfree_skb_any(txb->fragments[i--]);
	213	kfree(txb);
	214	return NULL;
	215	}
	216	return txb;
	217	}
	218
1264fc04	219	/* Incoming skb is converted to a txb which consists of
3cdd00c5	220	* a block of 802.11 fragment packets (stored as skbs) */
0edd5b44	221	int ieee80211_xmit(struct sk_buff skb, struct net_device dev)
b453872c JG	222	{
	223	struct ieee80211_device *ieee = netdev_priv(dev);
	224	struct ieee80211_txb *txb = NULL;
ee34af37	225	struct ieee80211_hdr_3addr *frag_hdr;
3cdd00c5 JK	226	int i, bytes_per_frag, nr_frags, bytes_last_frag, frag_size,
3cdd00c5 JK	227	rts_required;
b453872c JG	228	unsigned long flags;
b453872c JG	229	struct net_device_stats *stats = &ieee->stats;
31b59eae	230	int ether_type, encrypt, host_encrypt, host_encrypt_msdu, host_build_iv;
b453872c JG	231	int bytes, fc, hdr_len;
b453872c JG	232	struct sk_buff *skb_frag;
ee34af37	233	struct ieee80211_hdr_3addr header = { /* Ensure zero initialized */
b453872c JG	234	.duration_id = 0,
	235	.seq_ctl = 0
	236	};
	237	u8 dest[ETH_ALEN], src[ETH_ALEN];
0edd5b44	238	struct ieee80211_crypt_data *crypt;
2c0aa2a5	239	int priority = skb->priority;
1264fc04	240	int snapped = 0;
b453872c	241
2c0aa2a5 JK	242	if (ieee->is_queue_full && (*ieee->is_queue_full) (dev, priority))
	243	return NETDEV_TX_BUSY;
	244
b453872c JG	245	spin_lock_irqsave(&ieee->lock, flags);
	246
	247	/* If there is no driver handler to take the TXB, dont' bother
	248	* creating it... */
	249	if (!ieee->hard_start_xmit) {
0edd5b44	250	printk(KERN_WARNING "%s: No xmit handler.\n", ieee->dev->name);
b453872c JG	251	goto success;
	252	}
	253
	254	if (unlikely(skb->len < SNAP_SIZE + sizeof(u16))) {
	255	printk(KERN_WARNING "%s: skb too small (%d).\n",
	256	ieee->dev->name, skb->len);
	257	goto success;
	258	}
	259
	260	ether_type = ntohs(((struct ethhdr *)skb->data)->h_proto);
	261
	262	crypt = ieee->crypt[ieee->tx_keyidx];
	263
	264	encrypt = !(ether_type == ETH_P_PAE && ieee->ieee802_1x) &&
f1bf6638	265	ieee->sec.encrypt;
31b59eae	266
f1bf6638	267	host_encrypt = ieee->host_encrypt && encrypt;
1264fc04	268	host_encrypt_msdu = ieee->host_encrypt_msdu && encrypt;
31b59eae	269	host_build_iv = ieee->host_build_iv && encrypt;
b453872c JG	270
	271	if (!encrypt && ieee->ieee802_1x &&
	272	ieee->drop_unencrypted && ether_type != ETH_P_PAE) {
	273	stats->tx_dropped++;
	274	goto success;
	275	}
	276
b453872c	277	/* Save source and destination addresses */
18294d87 JK	278	memcpy(dest, skb->data, ETH_ALEN);
18294d87 JK	279	memcpy(src, skb->data + ETH_ALEN, ETH_ALEN);
b453872c JG	280
	281	/* Advance the SKB to the start of the payload */
	282	skb_pull(skb, sizeof(struct ethhdr));
	283
	284	/* Determine total amount of storage required for TXB packets */
	285	bytes = skb->len + SNAP_SIZE + sizeof(u16);
	286
f1bf6638	287	if (host_encrypt)
b453872c	288	fc = IEEE80211_FTYPE_DATA \| IEEE80211_STYPE_DATA \|
0edd5b44	289	IEEE80211_FCTL_PROTECTED;
b453872c JG	290	else
	291	fc = IEEE80211_FTYPE_DATA \| IEEE80211_STYPE_DATA;
	292
	293	if (ieee->iw_mode == IW_MODE_INFRA) {
	294	fc \|= IEEE80211_FCTL_TODS;
1264fc04	295	/* To DS: Addr1 = BSSID, Addr2 = SA, Addr3 = DA */
18294d87 JK	296	memcpy(header.addr1, ieee->bssid, ETH_ALEN);
	297	memcpy(header.addr2, src, ETH_ALEN);
	298	memcpy(header.addr3, dest, ETH_ALEN);
b453872c	299	} else if (ieee->iw_mode == IW_MODE_ADHOC) {
1264fc04	300	/* not From/To DS: Addr1 = DA, Addr2 = SA, Addr3 = BSSID */
18294d87 JK	301	memcpy(header.addr1, dest, ETH_ALEN);
	302	memcpy(header.addr2, src, ETH_ALEN);
	303	memcpy(header.addr3, ieee->bssid, ETH_ALEN);
b453872c JG	304	}
	305	header.frame_ctl = cpu_to_le16(fc);
	306	hdr_len = IEEE80211_3ADDR_LEN;
	307
1264fc04 JK	308	/* Encrypt msdu first on the whole data packet. */
	309	if ((host_encrypt \|\| host_encrypt_msdu) &&
	310	crypt && crypt->ops && crypt->ops->encrypt_msdu) {
	311	int res = 0;
	312	int len = bytes + hdr_len + crypt->ops->extra_msdu_prefix_len +
	313	crypt->ops->extra_msdu_postfix_len;
	314	struct sk_buff *skb_new = dev_alloc_skb(len);
31b59eae	315
1264fc04 JK	316	if (unlikely(!skb_new))
1264fc04 JK	317	goto failed;
31b59eae	318
1264fc04 JK	319	skb_reserve(skb_new, crypt->ops->extra_msdu_prefix_len);
	320	memcpy(skb_put(skb_new, hdr_len), &header, hdr_len);
	321	snapped = 1;
	322	ieee80211_copy_snap(skb_put(skb_new, SNAP_SIZE + sizeof(u16)),
	323	ether_type);
	324	memcpy(skb_put(skb_new, skb->len), skb->data, skb->len);
	325	res = crypt->ops->encrypt_msdu(skb_new, hdr_len, crypt->priv);
	326	if (res < 0) {
	327	IEEE80211_ERROR("msdu encryption failed\n");
	328	dev_kfree_skb_any(skb_new);
	329	goto failed;
	330	}
	331	dev_kfree_skb_any(skb);
	332	skb = skb_new;
	333	bytes += crypt->ops->extra_msdu_prefix_len +
	334	crypt->ops->extra_msdu_postfix_len;
	335	skb_pull(skb, hdr_len);
	336	}
	337
	338	if (host_encrypt \|\| ieee->host_open_frag) {
	339	/* Determine fragmentation size based on destination (multicast
	340	* and broadcast are not fragmented) */
5b74eda7 HL	341	if (is_multicast_ether_addr(dest) \|\|
5b74eda7 HL	342	is_broadcast_ether_addr(dest))
1264fc04 JK	343	frag_size = MAX_FRAG_THRESHOLD;
	344	else
	345	frag_size = ieee->fts;
	346
	347	/* Determine amount of payload per fragment. Regardless of if
	348	* this stack is providing the full 802.11 header, one will
	349	* eventually be affixed to this fragment -- so we must account
	350	* for it when determining the amount of payload space. */
	351	bytes_per_frag = frag_size - IEEE80211_3ADDR_LEN;
	352	if (ieee->config &
	353	(CFG_IEEE80211_COMPUTE_FCS \| CFG_IEEE80211_RESERVE_FCS))
	354	bytes_per_frag -= IEEE80211_FCS_LEN;
	355
	356	/* Each fragment may need to have room for encryptiong
	357	* pre/postfix */
	358	if (host_encrypt)
	359	bytes_per_frag -= crypt->ops->extra_mpdu_prefix_len +
	360	crypt->ops->extra_mpdu_postfix_len;
	361
	362	/* Number of fragments is the total
	363	* bytes_per_frag / payload_per_fragment */
	364	nr_frags = bytes / bytes_per_frag;
	365	bytes_last_frag = bytes % bytes_per_frag;
	366	if (bytes_last_frag)
	367	nr_frags++;
	368	else
	369	bytes_last_frag = bytes_per_frag;
	370	} else {
	371	nr_frags = 1;
	372	bytes_per_frag = bytes_last_frag = bytes;
	373	frag_size = bytes + IEEE80211_3ADDR_LEN;
	374	}
b453872c	375
3cdd00c5 JK	376	rts_required = (frag_size > ieee->rts
	377	&& ieee->config & CFG_IEEE80211_RTS);
	378	if (rts_required)
	379	nr_frags++;
3cdd00c5	380
b453872c JG	381	/* When we allocate the TXB we allocate enough space for the reserve
	382	* and full fragment bytes (bytes_per_frag doesn't include prefix,
	383	* postfix, header, FCS, etc.) */
	384	txb = ieee80211_alloc_txb(nr_frags, frag_size, GFP_ATOMIC);
	385	if (unlikely(!txb)) {
	386	printk(KERN_WARNING "%s: Could not allocate TXB\n",
	387	ieee->dev->name);
	388	goto failed;
	389	}
	390	txb->encrypted = encrypt;
1264fc04 JK	391	if (host_encrypt)
	392	txb->payload_size = frag_size * (nr_frags - 1) +
	393	bytes_last_frag;
	394	else
	395	txb->payload_size = bytes;
b453872c	396
3cdd00c5 JK	397	if (rts_required) {
	398	skb_frag = txb->fragments[0];
	399	frag_hdr =
	400	(struct ieee80211_hdr_3addr *)skb_put(skb_frag, hdr_len);
	401
	402	/*
	403	* Set header frame_ctl to the RTS.
	404	*/
	405	header.frame_ctl =
	406	cpu_to_le16(IEEE80211_FTYPE_CTL \| IEEE80211_STYPE_RTS);
	407	memcpy(frag_hdr, &header, hdr_len);
	408
	409	/*
	410	* Restore header frame_ctl to the original data setting.
	411	*/
	412	header.frame_ctl = cpu_to_le16(fc);
	413
	414	if (ieee->config &
	415	(CFG_IEEE80211_COMPUTE_FCS \| CFG_IEEE80211_RESERVE_FCS))
	416	skb_put(skb_frag, 4);
	417
	418	txb->rts_included = 1;
	419	i = 1;
	420	} else
	421	i = 0;
	422
	423	for (; i < nr_frags; i++) {
b453872c JG	424	skb_frag = txb->fragments[i];
b453872c JG	425
31b59eae	426	if (host_encrypt \|\| host_build_iv)
1264fc04 JK	427	skb_reserve(skb_frag,
1264fc04 JK	428	crypt->ops->extra_mpdu_prefix_len);
b453872c	429
ee34af37 JK	430	frag_hdr =
ee34af37 JK	431	(struct ieee80211_hdr_3addr *)skb_put(skb_frag, hdr_len);
b453872c JG	432	memcpy(frag_hdr, &header, hdr_len);
	433
	434	/* If this is not the last fragment, then add the MOREFRAGS
	435	* bit to the frame control */
	436	if (i != nr_frags - 1) {
0edd5b44 JG	437	frag_hdr->frame_ctl =
0edd5b44 JG	438	cpu_to_le16(fc \| IEEE80211_FCTL_MOREFRAGS);
b453872c JG	439	bytes = bytes_per_frag;
	440	} else {
	441	/* The last fragment takes the remaining length */
	442	bytes = bytes_last_frag;
	443	}
	444
1264fc04 JK	445	if (i == 0 && !snapped) {
	446	ieee80211_copy_snap(skb_put
	447	(skb_frag, SNAP_SIZE + sizeof(u16)),
	448	ether_type);
b453872c JG	449	bytes -= SNAP_SIZE + sizeof(u16);
	450	}
	451
	452	memcpy(skb_put(skb_frag, bytes), skb->data, bytes);
	453
	454	/* Advance the SKB... */
	455	skb_pull(skb, bytes);
	456
	457	/* Encryption routine will move the header forward in order
	458	* to insert the IV between the header and the payload */
f1bf6638	459	if (host_encrypt)
b453872c	460	ieee80211_encrypt_fragment(ieee, skb_frag, hdr_len);
31b59eae JK	461	else if (host_build_iv) {
	462	struct ieee80211_crypt_data *crypt;
	463
	464	crypt = ieee->crypt[ieee->tx_keyidx];
	465	atomic_inc(&crypt->refcnt);
	466	if (crypt->ops->build_iv)
	467	crypt->ops->build_iv(skb_frag, hdr_len,
	468	crypt->priv);
	469	atomic_dec(&crypt->refcnt);
	470	}
f1bf6638	471
b453872c JG	472	if (ieee->config &
	473	(CFG_IEEE80211_COMPUTE_FCS \| CFG_IEEE80211_RESERVE_FCS))
	474	skb_put(skb_frag, 4);
	475	}
	476
0edd5b44	477	success:
b453872c JG	478	spin_unlock_irqrestore(&ieee->lock, flags);
	479
	480	dev_kfree_skb_any(skb);
	481
	482	if (txb) {
9e8571af	483	int ret = (*ieee->hard_start_xmit) (txb, dev, priority);
1264fc04	484	if (ret == 0) {
b453872c JG	485	stats->tx_packets++;
	486	stats->tx_bytes += txb->payload_size;
	487	return 0;
	488	}
2c0aa2a5 JK	489
	490	if (ret == NETDEV_TX_BUSY) {
	491	printk(KERN_ERR "%s: NETDEV_TX_BUSY returned; "
	492	"driver should report queue full via "
	493	"ieee_device->is_queue_full.\n",
	494	ieee->dev->name);
	495	}
	496
b453872c JG	497	ieee80211_txb_free(txb);
	498	}
	499
	500	return 0;
	501
0edd5b44	502	failed:
b453872c JG	503	spin_unlock_irqrestore(&ieee->lock, flags);
	504	netif_stop_queue(dev);
	505	stats->tx_errors++;
	506	return 1;
3f552bbf JK	507	}
	508
	509	/* Incoming 802.11 strucure is converted to a TXB
	510	* a block of 802.11 fragment packets (stored as skbs) */
	511	int ieee80211_tx_frame(struct ieee80211_device *ieee,
	512	struct ieee80211_hdr *frame, int len)
	513	{
	514	struct ieee80211_txb *txb = NULL;
	515	unsigned long flags;
	516	struct net_device_stats *stats = &ieee->stats;
	517	struct sk_buff *skb_frag;
9e8571af	518	int priority = -1;
3f552bbf JK	519
	520	spin_lock_irqsave(&ieee->lock, flags);
	521
	522	/* If there is no driver handler to take the TXB, dont' bother
	523	* creating it... */
	524	if (!ieee->hard_start_xmit) {
	525	printk(KERN_WARNING "%s: No xmit handler.\n", ieee->dev->name);
	526	goto success;
	527	}
b453872c	528
3f552bbf JK	529	if (unlikely(len < 24)) {
	530	printk(KERN_WARNING "%s: skb too small (%d).\n",
	531	ieee->dev->name, len);
	532	goto success;
	533	}
	534
	535	/* When we allocate the TXB we allocate enough space for the reserve
	536	* and full fragment bytes (bytes_per_frag doesn't include prefix,
	537	* postfix, header, FCS, etc.) */
	538	txb = ieee80211_alloc_txb(1, len, GFP_ATOMIC);
	539	if (unlikely(!txb)) {
	540	printk(KERN_WARNING "%s: Could not allocate TXB\n",
	541	ieee->dev->name);
	542	goto failed;
	543	}
	544	txb->encrypted = 0;
	545	txb->payload_size = len;
	546
	547	skb_frag = txb->fragments[0];
	548
	549	memcpy(skb_put(skb_frag, len), frame, len);
	550
	551	if (ieee->config &
	552	(CFG_IEEE80211_COMPUTE_FCS \| CFG_IEEE80211_RESERVE_FCS))
	553	skb_put(skb_frag, 4);
	554
	555	success:
	556	spin_unlock_irqrestore(&ieee->lock, flags);
	557
	558	if (txb) {
9e8571af	559	if ((*ieee->hard_start_xmit) (txb, ieee->dev, priority) == 0) {
3f552bbf JK	560	stats->tx_packets++;
	561	stats->tx_bytes += txb->payload_size;
	562	return 0;
	563	}
	564	ieee80211_txb_free(txb);
	565	}
	566	return 0;
	567
	568	failed:
	569	spin_unlock_irqrestore(&ieee->lock, flags);
	570	stats->tx_errors++;
	571	return 1;
b453872c JG	572	}
b453872c JG	573
3f552bbf	574	EXPORT_SYMBOL(ieee80211_tx_frame);
b453872c	575	EXPORT_SYMBOL(ieee80211_txb_free);