[deliverable/linux.git] / net / ieee80211 / ieee80211_tx.c

/******************************************************************************

  Copyright(c) 2003 - 2005 Intel Corporation. All rights reserved.

  This program is free software; you can redistribute it and/or modify it
  under the terms of version 2 of the GNU General Public License as
  published by the Free Software Foundation.

  This program is distributed in the hope that it will be useful, but WITHOUT
  ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
  more details.

  You should have received a copy of the GNU General Public License along with
  this program; if not, write to the Free Software Foundation, Inc., 59
  Temple Place - Suite 330, Boston, MA  02111-1307, USA.

  The full GNU General Public License is included in this distribution in the
  file called LICENSE.

  Contact Information:
  James P. Ketrenos <ipw2100-admin@linux.intel.com>
  Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497

******************************************************************************/
#include <linux/compiler.h>
#include <linux/config.h>
#include <linux/errno.h>
#include <linux/if_arp.h>
#include <linux/in6.h>
#include <linux/in.h>
#include <linux/ip.h>
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/netdevice.h>
#include <linux/proc_fs.h>
#include <linux/skbuff.h>
#include <linux/slab.h>
#include <linux/tcp.h>
#include <linux/types.h>
#include <linux/version.h>
#include <linux/wireless.h>
#include <linux/etherdevice.h>
#include <asm/uaccess.h>

#include <net/ieee80211.h>

/*

802.11 Data Frame

      ,-------------------------------------------------------------------.
Bytes |  2   |  2   |    6    |    6    |    6    |  2   | 0..2312 |   4  |
      |------|------|---------|---------|---------|------|---------|------|
Desc. | ctrl | dura |  DA/RA  |   TA    |    SA   | Sequ |  Frame  |  fcs |
      |      | tion | (BSSID) |         |         | ence |  data   |      |
      `--------------------------------------------------|         |------'
Total: 28 non-data bytes                                 `----.----'
                                                              |
       .- 'Frame data' expands to <---------------------------'
       |
       V
      ,---------------------------------------------------.
Bytes |  1   |  1   |    1    |    3     |  2   |  0-2304 |
      |------|------|---------|----------|------|---------|
Desc. | SNAP | SNAP | Control |Eth Tunnel| Type | IP      |
      | DSAP | SSAP |         |          |      | Packet  |
      | 0xAA | 0xAA |0x03 (UI)|0x00-00-F8|      |         |
      `-----------------------------------------|         |
Total: 8 non-data bytes                         `----.----'
                                                     |
       .- 'IP Packet' expands, if WEP enabled, to <--'
       |
       V
      ,-----------------------.
Bytes |  4  |   0-2296  |  4  |
      |-----|-----------|-----|
Desc. | IV  | Encrypted | ICV |
      |     | IP Packet |     |
      `-----------------------'
Total: 8 non-data bytes

802.3 Ethernet Data Frame

      ,-----------------------------------------.
Bytes |   6   |   6   |  2   |  Variable |   4  |
      |-------|-------|------|-----------|------|
Desc. | Dest. | Source| Type | IP Packet |  fcs |
      |  MAC  |  MAC  |      |           |      |
      `-----------------------------------------'
Total: 18 non-data bytes

In the event that fragmentation is required, the incoming payload is split into
N parts of size ieee->fts.  The first fragment contains the SNAP header and the
remaining packets are just data.

If encryption is enabled, each fragment payload size is reduced by enough space
to add the prefix and postfix (IV and ICV totalling 8 bytes in the case of WEP)
So if you have 1500 bytes of payload with ieee->fts set to 500 without
encryption it will take 3 frames.  With WEP it will take 4 frames as the
payload of each frame is reduced to 492 bytes.

* SKB visualization
*
*  ,- skb->data
* |
* |    ETHERNET HEADER        ,-<-- PAYLOAD
* |                           |     14 bytes from skb->data
* |  2 bytes for Type --> ,T. |     (sizeof ethhdr)
* |                       | | |
* |,-Dest.--. ,--Src.---. | | |
* |  6 bytes| | 6 bytes | | | |
* v         | |         | | | |
* 0         | v       1 | v | v           2
* 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
*     ^     | ^         | ^ |
*     |     | |         | | |
*     |     | |         | `T' <---- 2 bytes for Type
*     |     | |         |
*     |     | '---SNAP--' <-------- 6 bytes for SNAP
*     |     |
*     `-IV--' <-------------------- 4 bytes for IV (WEP)
*
*      SNAP HEADER
*
*/

static u8 P802_1H_OUI[P80211_OUI_LEN] = { 0x00, 0x00, 0xf8 };
static u8 RFC1042_OUI[P80211_OUI_LEN] = { 0x00, 0x00, 0x00 };

static inline int ieee80211_copy_snap(u8 * data, u16 h_proto)
{
	struct ieee80211_snap_hdr *snap;
	u8 *oui;

	snap = (struct ieee80211_snap_hdr *)data;
	snap->dsap = 0xaa;
	snap->ssap = 0xaa;
	snap->ctrl = 0x03;

	if (h_proto == 0x8137 || h_proto == 0x80f3)
		oui = P802_1H_OUI;
	else
		oui = RFC1042_OUI;
	snap->oui[0] = oui[0];
	snap->oui[1] = oui[1];
	snap->oui[2] = oui[2];

	*(u16 *) (data + SNAP_SIZE) = htons(h_proto);

	return SNAP_SIZE + sizeof(u16);
}

static inline int ieee80211_encrypt_fragment(struct ieee80211_device *ieee,
					     struct sk_buff *frag, int hdr_len)
{
	struct ieee80211_crypt_data *crypt = ieee->crypt[ieee->tx_keyidx];
	int res;

	if (crypt == NULL)
		return -1;

	/* To encrypt, frame format is:
	 * IV (4 bytes), clear payload (including SNAP), ICV (4 bytes) */
	atomic_inc(&crypt->refcnt);
	res = 0;
	if (crypt->ops && crypt->ops->encrypt_mpdu)
		res = crypt->ops->encrypt_mpdu(frag, hdr_len, crypt->priv);

	atomic_dec(&crypt->refcnt);
	if (res < 0) {
		printk(KERN_INFO "%s: Encryption failed: len=%d.\n",
		       ieee->dev->name, frag->len);
		ieee->ieee_stats.tx_discards++;
		return -1;
	}

	return 0;
}

void ieee80211_txb_free(struct ieee80211_txb *txb)
{
	int i;
	if (unlikely(!txb))
		return;
	for (i = 0; i < txb->nr_frags; i++)
		if (txb->fragments[i])
			dev_kfree_skb_any(txb->fragments[i]);
	kfree(txb);
}

static struct ieee80211_txb *ieee80211_alloc_txb(int nr_frags, int txb_size,
						 gfp_t gfp_mask)
{
	struct ieee80211_txb *txb;
	int i;
	txb = kmalloc(sizeof(struct ieee80211_txb) + (sizeof(u8 *) * nr_frags),
		      gfp_mask);
	if (!txb)
		return NULL;

	memset(txb, 0, sizeof(struct ieee80211_txb));
	txb->nr_frags = nr_frags;
	txb->frag_size = txb_size;

	for (i = 0; i < nr_frags; i++) {
		txb->fragments[i] = dev_alloc_skb(txb_size);
		if (unlikely(!txb->fragments[i])) {
			i--;
			break;
		}
	}
	if (unlikely(i != nr_frags)) {
		while (i >= 0)
			dev_kfree_skb_any(txb->fragments[i--]);
		kfree(txb);
		return NULL;
	}
	return txb;
}

/* Incoming skb is converted to a txb which consists of
 * a block of 802.11 fragment packets (stored as skbs) */
int ieee80211_xmit(struct sk_buff *skb, struct net_device *dev)
{
	struct ieee80211_device *ieee = netdev_priv(dev);
	struct ieee80211_txb *txb = NULL;
	struct ieee80211_hdr_3addr *frag_hdr;
	int i, bytes_per_frag, nr_frags, bytes_last_frag, frag_size,
	    rts_required;
	unsigned long flags;
	struct net_device_stats *stats = &ieee->stats;
	int ether_type, encrypt, host_encrypt, host_encrypt_msdu, host_build_iv;
	int bytes, fc, hdr_len;
	struct sk_buff *skb_frag;
	struct ieee80211_hdr_3addr header = {	/* Ensure zero initialized */
		.duration_id = 0,
		.seq_ctl = 0
	};
	u8 dest[ETH_ALEN], src[ETH_ALEN];
	struct ieee80211_crypt_data *crypt;
	int priority = skb->priority;
	int snapped = 0;

	if (ieee->is_queue_full && (*ieee->is_queue_full) (dev, priority))
		return NETDEV_TX_BUSY;

	spin_lock_irqsave(&ieee->lock, flags);

	/* If there is no driver handler to take the TXB, dont' bother
	 * creating it... */
	if (!ieee->hard_start_xmit) {
		printk(KERN_WARNING "%s: No xmit handler.\n", ieee->dev->name);
		goto success;
	}

	if (unlikely(skb->len < SNAP_SIZE + sizeof(u16))) {
		printk(KERN_WARNING "%s: skb too small (%d).\n",
		       ieee->dev->name, skb->len);
		goto success;
	}

	ether_type = ntohs(((struct ethhdr *)skb->data)->h_proto);

	crypt = ieee->crypt[ieee->tx_keyidx];

	encrypt = !(ether_type == ETH_P_PAE && ieee->ieee802_1x) &&
	    ieee->sec.encrypt;

	host_encrypt = ieee->host_encrypt && encrypt && crypt;
	host_encrypt_msdu = ieee->host_encrypt_msdu && encrypt && crypt;
	host_build_iv = ieee->host_build_iv && encrypt && crypt;

	if (!encrypt && ieee->ieee802_1x &&
	    ieee->drop_unencrypted && ether_type != ETH_P_PAE) {
		stats->tx_dropped++;
		goto success;
	}

	/* Save source and destination addresses */
	memcpy(dest, skb->data, ETH_ALEN);
	memcpy(src, skb->data + ETH_ALEN, ETH_ALEN);

	/* Advance the SKB to the start of the payload */
	skb_pull(skb, sizeof(struct ethhdr));

	/* Determine total amount of storage required for TXB packets */
	bytes = skb->len + SNAP_SIZE + sizeof(u16);

	if (host_encrypt)
		fc = IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA |
		    IEEE80211_FCTL_PROTECTED;
	else
		fc = IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA;

	if (ieee->iw_mode == IW_MODE_INFRA) {
		fc |= IEEE80211_FCTL_TODS;
		/* To DS: Addr1 = BSSID, Addr2 = SA, Addr3 = DA */
		memcpy(header.addr1, ieee->bssid, ETH_ALEN);
		memcpy(header.addr2, src, ETH_ALEN);
		memcpy(header.addr3, dest, ETH_ALEN);
	} else if (ieee->iw_mode == IW_MODE_ADHOC) {
		/* not From/To DS: Addr1 = DA, Addr2 = SA, Addr3 = BSSID */
		memcpy(header.addr1, dest, ETH_ALEN);
		memcpy(header.addr2, src, ETH_ALEN);
		memcpy(header.addr3, ieee->bssid, ETH_ALEN);
	}
	header.frame_ctl = cpu_to_le16(fc);
	hdr_len = IEEE80211_3ADDR_LEN;

	/* Encrypt msdu first on the whole data packet. */
	if ((host_encrypt || host_encrypt_msdu) &&
	    crypt && crypt->ops && crypt->ops->encrypt_msdu) {
		int res = 0;
		int len = bytes + hdr_len + crypt->ops->extra_msdu_prefix_len +
		    crypt->ops->extra_msdu_postfix_len;
		struct sk_buff *skb_new = dev_alloc_skb(len);

		if (unlikely(!skb_new))
			goto failed;

		skb_reserve(skb_new, crypt->ops->extra_msdu_prefix_len);
		memcpy(skb_put(skb_new, hdr_len), &header, hdr_len);
		snapped = 1;
		ieee80211_copy_snap(skb_put(skb_new, SNAP_SIZE + sizeof(u16)),
				    ether_type);
		memcpy(skb_put(skb_new, skb->len), skb->data, skb->len);
		res = crypt->ops->encrypt_msdu(skb_new, hdr_len, crypt->priv);
		if (res < 0) {
			IEEE80211_ERROR("msdu encryption failed\n");
			dev_kfree_skb_any(skb_new);
			goto failed;
		}
		dev_kfree_skb_any(skb);
		skb = skb_new;
		bytes += crypt->ops->extra_msdu_prefix_len +
		    crypt->ops->extra_msdu_postfix_len;
		skb_pull(skb, hdr_len);
	}

	if (host_encrypt || ieee->host_open_frag) {
		/* Determine fragmentation size based on destination (multicast
		 * and broadcast are not fragmented) */
		if (is_multicast_ether_addr(dest) ||
		    is_broadcast_ether_addr(dest))
			frag_size = MAX_FRAG_THRESHOLD;
		else
			frag_size = ieee->fts;

		/* Determine amount of payload per fragment.  Regardless of if
		 * this stack is providing the full 802.11 header, one will
		 * eventually be affixed to this fragment -- so we must account
		 * for it when determining the amount of payload space. */
		bytes_per_frag = frag_size - IEEE80211_3ADDR_LEN;
		if (ieee->config &
		    (CFG_IEEE80211_COMPUTE_FCS | CFG_IEEE80211_RESERVE_FCS))
			bytes_per_frag -= IEEE80211_FCS_LEN;

		/* Each fragment may need to have room for encryptiong
		 * pre/postfix */
		if (host_encrypt)
			bytes_per_frag -= crypt->ops->extra_mpdu_prefix_len +
			    crypt->ops->extra_mpdu_postfix_len;

		/* Number of fragments is the total
		 * bytes_per_frag / payload_per_fragment */
		nr_frags = bytes / bytes_per_frag;
		bytes_last_frag = bytes % bytes_per_frag;
		if (bytes_last_frag)
			nr_frags++;
		else
			bytes_last_frag = bytes_per_frag;
	} else {
		nr_frags = 1;
		bytes_per_frag = bytes_last_frag = bytes;
		frag_size = bytes + IEEE80211_3ADDR_LEN;
	}

	rts_required = (frag_size > ieee->rts
			&& ieee->config & CFG_IEEE80211_RTS);
	if (rts_required)
		nr_frags++;

	/* When we allocate the TXB we allocate enough space for the reserve
	 * and full fragment bytes (bytes_per_frag doesn't include prefix,
	 * postfix, header, FCS, etc.) */
	txb = ieee80211_alloc_txb(nr_frags, frag_size, GFP_ATOMIC);
	if (unlikely(!txb)) {
		printk(KERN_WARNING "%s: Could not allocate TXB\n",
		       ieee->dev->name);
		goto failed;
	}
	txb->encrypted = encrypt;
	if (host_encrypt)
		txb->payload_size = frag_size * (nr_frags - 1) +
		    bytes_last_frag;
	else
		txb->payload_size = bytes;

	if (rts_required) {
		skb_frag = txb->fragments[0];
		frag_hdr =
		    (struct ieee80211_hdr_3addr *)skb_put(skb_frag, hdr_len);

		/*
		 * Set header frame_ctl to the RTS.
		 */
		header.frame_ctl =
		    cpu_to_le16(IEEE80211_FTYPE_CTL | IEEE80211_STYPE_RTS);
		memcpy(frag_hdr, &header, hdr_len);

		/*
		 * Restore header frame_ctl to the original data setting.
		 */
		header.frame_ctl = cpu_to_le16(fc);

		if (ieee->config &
		    (CFG_IEEE80211_COMPUTE_FCS | CFG_IEEE80211_RESERVE_FCS))
			skb_put(skb_frag, 4);

		txb->rts_included = 1;
		i = 1;
	} else
		i = 0;

	for (; i < nr_frags; i++) {
		skb_frag = txb->fragments[i];

		if (host_encrypt || host_build_iv)
			skb_reserve(skb_frag,
				    crypt->ops->extra_mpdu_prefix_len);

		frag_hdr =
		    (struct ieee80211_hdr_3addr *)skb_put(skb_frag, hdr_len);
		memcpy(frag_hdr, &header, hdr_len);

		/* If this is not the last fragment, then add the MOREFRAGS
		 * bit to the frame control */
		if (i != nr_frags - 1) {
			frag_hdr->frame_ctl =
			    cpu_to_le16(fc | IEEE80211_FCTL_MOREFRAGS);
			bytes = bytes_per_frag;
		} else {
			/* The last fragment takes the remaining length */
			bytes = bytes_last_frag;
		}

		if (i == 0 && !snapped) {
			ieee80211_copy_snap(skb_put
					    (skb_frag, SNAP_SIZE + sizeof(u16)),
					    ether_type);
			bytes -= SNAP_SIZE + sizeof(u16);
		}

		memcpy(skb_put(skb_frag, bytes), skb->data, bytes);

		/* Advance the SKB... */
		skb_pull(skb, bytes);

		/* Encryption routine will move the header forward in order
		 * to insert the IV between the header and the payload */
		if (host_encrypt)
			ieee80211_encrypt_fragment(ieee, skb_frag, hdr_len);
		else if (host_build_iv) {
			struct ieee80211_crypt_data *crypt;

			crypt = ieee->crypt[ieee->tx_keyidx];
			atomic_inc(&crypt->refcnt);
			if (crypt->ops->build_iv)
				crypt->ops->build_iv(skb_frag, hdr_len,
						     crypt->priv);
			atomic_dec(&crypt->refcnt);
		}

		if (ieee->config &
		    (CFG_IEEE80211_COMPUTE_FCS | CFG_IEEE80211_RESERVE_FCS))
			skb_put(skb_frag, 4);
	}

      success:
	spin_unlock_irqrestore(&ieee->lock, flags);

	dev_kfree_skb_any(skb);

	if (txb) {
		int ret = (*ieee->hard_start_xmit) (txb, dev, priority);
		if (ret == 0) {
			stats->tx_packets++;
			stats->tx_bytes += txb->payload_size;
			return 0;
		}

		if (ret == NETDEV_TX_BUSY) {
			printk(KERN_ERR "%s: NETDEV_TX_BUSY returned; "
			       "driver should report queue full via "
			       "ieee_device->is_queue_full.\n",
			       ieee->dev->name);
		}

		ieee80211_txb_free(txb);
	}

	return 0;

      failed:
	spin_unlock_irqrestore(&ieee->lock, flags);
	netif_stop_queue(dev);
	stats->tx_errors++;
	return 1;
}

/* Incoming 802.11 strucure is converted to a TXB
 * a block of 802.11 fragment packets (stored as skbs) */
int ieee80211_tx_frame(struct ieee80211_device *ieee,
		       struct ieee80211_hdr *frame, int len)
{
	struct ieee80211_txb *txb = NULL;
	unsigned long flags;
	struct net_device_stats *stats = &ieee->stats;
	struct sk_buff *skb_frag;
	int priority = -1;

	spin_lock_irqsave(&ieee->lock, flags);

	/* If there is no driver handler to take the TXB, dont' bother
	 * creating it... */
	if (!ieee->hard_start_xmit) {
		printk(KERN_WARNING "%s: No xmit handler.\n", ieee->dev->name);
		goto success;
	}

	if (unlikely(len < 24)) {
		printk(KERN_WARNING "%s: skb too small (%d).\n",
		       ieee->dev->name, len);
		goto success;
	}

	/* When we allocate the TXB we allocate enough space for the reserve
	 * and full fragment bytes (bytes_per_frag doesn't include prefix,
	 * postfix, header, FCS, etc.) */
	txb = ieee80211_alloc_txb(1, len, GFP_ATOMIC);
	if (unlikely(!txb)) {
		printk(KERN_WARNING "%s: Could not allocate TXB\n",
		       ieee->dev->name);
		goto failed;
	}
	txb->encrypted = 0;
	txb->payload_size = len;

	skb_frag = txb->fragments[0];

	memcpy(skb_put(skb_frag, len), frame, len);

	if (ieee->config &
	    (CFG_IEEE80211_COMPUTE_FCS | CFG_IEEE80211_RESERVE_FCS))
		skb_put(skb_frag, 4);

      success:
	spin_unlock_irqrestore(&ieee->lock, flags);

	if (txb) {
		if ((*ieee->hard_start_xmit) (txb, ieee->dev, priority) == 0) {
			stats->tx_packets++;
			stats->tx_bytes += txb->payload_size;
			return 0;
		}
		ieee80211_txb_free(txb);
	}
	return 0;

      failed:
	spin_unlock_irqrestore(&ieee->lock, flags);
	stats->tx_errors++;
	return 1;
}

EXPORT_SYMBOL(ieee80211_tx_frame);
EXPORT_SYMBOL(ieee80211_txb_free);
Commit	Line	Data
b453872c JG	1	/******************************************************************************
b453872c JG	2
ebeaddcc	3	Copyright(c) 2003 - 2005 Intel Corporation. All rights reserved.
b453872c JG	4
	5	This program is free software; you can redistribute it and/or modify it
	6	under the terms of version 2 of the GNU General Public License as
	7	published by the Free Software Foundation.
	8
	9	This program is distributed in the hope that it will be useful, but WITHOUT
	10	ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
	11	FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
	12	more details.
	13
	14	You should have received a copy of the GNU General Public License along with
	15	this program; if not, write to the Free Software Foundation, Inc., 59
	16	Temple Place - Suite 330, Boston, MA 02111-1307, USA.
	17
	18	The full GNU General Public License is included in this distribution in the
	19	file called LICENSE.
	20
	21	Contact Information:
	22	James P. Ketrenos <ipw2100-admin@linux.intel.com>
	23	Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497
	24
	25	******************************************************************************/
	26	#include <linux/compiler.h>
	27	#include <linux/config.h>
	28	#include <linux/errno.h>
	29	#include <linux/if_arp.h>
	30	#include <linux/in6.h>
	31	#include <linux/in.h>
	32	#include <linux/ip.h>
	33	#include <linux/kernel.h>
	34	#include <linux/module.h>
	35	#include <linux/netdevice.h>
b453872c JG	36	#include <linux/proc_fs.h>
	37	#include <linux/skbuff.h>
	38	#include <linux/slab.h>
	39	#include <linux/tcp.h>
	40	#include <linux/types.h>
	41	#include <linux/version.h>
	42	#include <linux/wireless.h>
	43	#include <linux/etherdevice.h>
	44	#include <asm/uaccess.h>
	45
	46	#include <net/ieee80211.h>
	47
b453872c JG	48	/*
b453872c JG	49
b453872c JG	50	802.11 Data Frame
	51
	52	,-------------------------------------------------------------------.
	53	Bytes \| 2 \| 2 \| 6 \| 6 \| 6 \| 2 \| 0..2312 \| 4 \|
	54	\|------\|------\|---------\|---------\|---------\|------\|---------\|------\|
	55	Desc. \| ctrl \| dura \| DA/RA \| TA \| SA \| Sequ \| Frame \| fcs \|
	56	\| \| tion \| (BSSID) \| \| \| ence \| data \| \|
	57	`--------------------------------------------------\| \|------'
	58	Total: 28 non-data bytes `----.----'
	59	\|
	60	.- 'Frame data' expands to <---------------------------'
	61	\|
	62	V
	63	,---------------------------------------------------.
	64	Bytes \| 1 \| 1 \| 1 \| 3 \| 2 \| 0-2304 \|
	65	\|------\|------\|---------\|----------\|------\|---------\|
	66	Desc. \| SNAP \| SNAP \| Control \|Eth Tunnel\| Type \| IP \|
	67	\| DSAP \| SSAP \| \| \| \| Packet \|
	68	\| 0xAA \| 0xAA \|0x03 (UI)\|0x00-00-F8\| \| \|
	69	`-----------------------------------------\| \|
	70	Total: 8 non-data bytes `----.----'
	71	\|
	72	.- 'IP Packet' expands, if WEP enabled, to <--'
	73	\|
	74	V
	75	,-----------------------.
	76	Bytes \| 4 \| 0-2296 \| 4 \|
	77	\|-----\|-----------\|-----\|
	78	Desc. \| IV \| Encrypted \| ICV \|
	79	\| \| IP Packet \| \|
	80	`-----------------------'
	81	Total: 8 non-data bytes
	82
b453872c JG	83	802.3 Ethernet Data Frame
	84
	85	,-----------------------------------------.
	86	Bytes \| 6 \| 6 \| 2 \| Variable \| 4 \|
	87	\|-------\|-------\|------\|-----------\|------\|
	88	Desc. \| Dest. \| Source\| Type \| IP Packet \| fcs \|
	89	\| MAC \| MAC \| \| \| \|
	90	`-----------------------------------------'
	91	Total: 18 non-data bytes
	92
	93	In the event that fragmentation is required, the incoming payload is split into
	94	N parts of size ieee->fts. The first fragment contains the SNAP header and the
	95	remaining packets are just data.
	96
	97	If encryption is enabled, each fragment payload size is reduced by enough space
	98	to add the prefix and postfix (IV and ICV totalling 8 bytes in the case of WEP)
	99	So if you have 1500 bytes of payload with ieee->fts set to 500 without
	100	encryption it will take 3 frames. With WEP it will take 4 frames as the
	101	payload of each frame is reduced to 492 bytes.
	102
	103	* SKB visualization
	104	*
	105	* ,- skb->data
	106	* \|
	107	* \| ETHERNET HEADER ,-<-- PAYLOAD
	108	* \| \| 14 bytes from skb->data
	109	* \| 2 bytes for Type --> ,T. \| (sizeof ethhdr)
	110	* \| \| \| \|
	111	* \|,-Dest.--. ,--Src.---. \| \| \|
	112	* \| 6 bytes\| \| 6 bytes \| \| \| \|
	113	* v \| \| \| \| \| \|
	114	* 0 \| v 1 \| v \| v 2
	115	* 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
	116	* ^ \| ^ \| ^ \|
	117	* \| \| \| \| \| \|
	118	* \| \| \| \| `T' <---- 2 bytes for Type
	119	* \| \| \| \|
	120	* \| \| '---SNAP--' <-------- 6 bytes for SNAP
	121	* \| \|
	122	* `-IV--' <-------------------- 4 bytes for IV (WEP)
	123	*
	124	* SNAP HEADER
	125	*
	126	*/
	127
	128	static u8 P802_1H_OUI[P80211_OUI_LEN] = { 0x00, 0x00, 0xf8 };
	129	static u8 RFC1042_OUI[P80211_OUI_LEN] = { 0x00, 0x00, 0x00 };
	130
1264fc04	131	static inline int ieee80211_copy_snap(u8 * data, u16 h_proto)
b453872c JG	132	{
	133	struct ieee80211_snap_hdr *snap;
	134	u8 *oui;
	135
	136	snap = (struct ieee80211_snap_hdr *)data;
	137	snap->dsap = 0xaa;
	138	snap->ssap = 0xaa;
	139	snap->ctrl = 0x03;
	140
	141	if (h_proto == 0x8137 \|\| h_proto == 0x80f3)
	142	oui = P802_1H_OUI;
	143	else
	144	oui = RFC1042_OUI;
	145	snap->oui[0] = oui[0];
	146	snap->oui[1] = oui[1];
	147	snap->oui[2] = oui[2];
	148
0edd5b44	149	(u16 ) (data + SNAP_SIZE) = htons(h_proto);
b453872c JG	150
	151	return SNAP_SIZE + sizeof(u16);
	152	}
	153
0edd5b44 JG	154	static inline int ieee80211_encrypt_fragment(struct ieee80211_device *ieee,
0edd5b44 JG	155	struct sk_buff *frag, int hdr_len)
b453872c	156	{
0edd5b44	157	struct ieee80211_crypt_data *crypt = ieee->crypt[ieee->tx_keyidx];
b453872c JG	158	int res;
b453872c JG	159
f0f15ab5 HL	160	if (crypt == NULL)
	161	return -1;
	162
b453872c JG	163	/* To encrypt, frame format is:
b453872c JG	164	* IV (4 bytes), clear payload (including SNAP), ICV (4 bytes) */
b453872c JG	165	atomic_inc(&crypt->refcnt);
b453872c JG	166	res = 0;
f0f15ab5	167	if (crypt->ops && crypt->ops->encrypt_mpdu)
b453872c JG	168	res = crypt->ops->encrypt_mpdu(frag, hdr_len, crypt->priv);
	169
	170	atomic_dec(&crypt->refcnt);
	171	if (res < 0) {
	172	printk(KERN_INFO "%s: Encryption failed: len=%d.\n",
	173	ieee->dev->name, frag->len);
	174	ieee->ieee_stats.tx_discards++;
	175	return -1;
	176	}
	177
	178	return 0;
	179	}
	180
0edd5b44 JG	181	void ieee80211_txb_free(struct ieee80211_txb *txb)
0edd5b44 JG	182	{
b453872c JG	183	int i;
	184	if (unlikely(!txb))
	185	return;
	186	for (i = 0; i < txb->nr_frags; i++)
	187	if (txb->fragments[i])
	188	dev_kfree_skb_any(txb->fragments[i]);
	189	kfree(txb);
	190	}
	191
e157249d	192	static struct ieee80211_txb *ieee80211_alloc_txb(int nr_frags, int txb_size,
dd0fc66f	193	gfp_t gfp_mask)
b453872c JG	194	{
	195	struct ieee80211_txb *txb;
	196	int i;
0edd5b44 JG	197	txb = kmalloc(sizeof(struct ieee80211_txb) + (sizeof(u8 ) nr_frags),
0edd5b44 JG	198	gfp_mask);
b453872c JG	199	if (!txb)
	200	return NULL;
	201
0a989b24	202	memset(txb, 0, sizeof(struct ieee80211_txb));
b453872c JG	203	txb->nr_frags = nr_frags;
	204	txb->frag_size = txb_size;
	205
	206	for (i = 0; i < nr_frags; i++) {
	207	txb->fragments[i] = dev_alloc_skb(txb_size);
	208	if (unlikely(!txb->fragments[i])) {
	209	i--;
	210	break;
	211	}
	212	}
	213	if (unlikely(i != nr_frags)) {
	214	while (i >= 0)
	215	dev_kfree_skb_any(txb->fragments[i--]);
	216	kfree(txb);
	217	return NULL;
	218	}
	219	return txb;
	220	}
	221
1264fc04	222	/* Incoming skb is converted to a txb which consists of
3cdd00c5	223	* a block of 802.11 fragment packets (stored as skbs) */
0edd5b44	224	int ieee80211_xmit(struct sk_buff skb, struct net_device dev)
b453872c JG	225	{
	226	struct ieee80211_device *ieee = netdev_priv(dev);
	227	struct ieee80211_txb *txb = NULL;
ee34af37	228	struct ieee80211_hdr_3addr *frag_hdr;
3cdd00c5 JK	229	int i, bytes_per_frag, nr_frags, bytes_last_frag, frag_size,
3cdd00c5 JK	230	rts_required;
b453872c JG	231	unsigned long flags;
b453872c JG	232	struct net_device_stats *stats = &ieee->stats;
31b59eae	233	int ether_type, encrypt, host_encrypt, host_encrypt_msdu, host_build_iv;
b453872c JG	234	int bytes, fc, hdr_len;
b453872c JG	235	struct sk_buff *skb_frag;
ee34af37	236	struct ieee80211_hdr_3addr header = { /* Ensure zero initialized */
b453872c JG	237	.duration_id = 0,
	238	.seq_ctl = 0
	239	};
	240	u8 dest[ETH_ALEN], src[ETH_ALEN];
0edd5b44	241	struct ieee80211_crypt_data *crypt;
2c0aa2a5	242	int priority = skb->priority;
1264fc04	243	int snapped = 0;
b453872c	244
2c0aa2a5 JK	245	if (ieee->is_queue_full && (*ieee->is_queue_full) (dev, priority))
	246	return NETDEV_TX_BUSY;
	247
b453872c JG	248	spin_lock_irqsave(&ieee->lock, flags);
	249
	250	/* If there is no driver handler to take the TXB, dont' bother
	251	* creating it... */
	252	if (!ieee->hard_start_xmit) {
0edd5b44	253	printk(KERN_WARNING "%s: No xmit handler.\n", ieee->dev->name);
b453872c JG	254	goto success;
	255	}
	256
	257	if (unlikely(skb->len < SNAP_SIZE + sizeof(u16))) {
	258	printk(KERN_WARNING "%s: skb too small (%d).\n",
	259	ieee->dev->name, skb->len);
	260	goto success;
	261	}
	262
	263	ether_type = ntohs(((struct ethhdr *)skb->data)->h_proto);
	264
	265	crypt = ieee->crypt[ieee->tx_keyidx];
	266
	267	encrypt = !(ether_type == ETH_P_PAE && ieee->ieee802_1x) &&
f1bf6638	268	ieee->sec.encrypt;
31b59eae	269
f0f15ab5 HL	270	host_encrypt = ieee->host_encrypt && encrypt && crypt;
	271	host_encrypt_msdu = ieee->host_encrypt_msdu && encrypt && crypt;
	272	host_build_iv = ieee->host_build_iv && encrypt && crypt;
b453872c JG	273
	274	if (!encrypt && ieee->ieee802_1x &&
	275	ieee->drop_unencrypted && ether_type != ETH_P_PAE) {
	276	stats->tx_dropped++;
	277	goto success;
	278	}
	279
b453872c	280	/* Save source and destination addresses */
18294d87 JK	281	memcpy(dest, skb->data, ETH_ALEN);
18294d87 JK	282	memcpy(src, skb->data + ETH_ALEN, ETH_ALEN);
b453872c JG	283
	284	/* Advance the SKB to the start of the payload */
	285	skb_pull(skb, sizeof(struct ethhdr));
	286
	287	/* Determine total amount of storage required for TXB packets */
	288	bytes = skb->len + SNAP_SIZE + sizeof(u16);
	289
f1bf6638	290	if (host_encrypt)
b453872c	291	fc = IEEE80211_FTYPE_DATA \| IEEE80211_STYPE_DATA \|
0edd5b44	292	IEEE80211_FCTL_PROTECTED;
b453872c JG	293	else
	294	fc = IEEE80211_FTYPE_DATA \| IEEE80211_STYPE_DATA;
	295
	296	if (ieee->iw_mode == IW_MODE_INFRA) {
	297	fc \|= IEEE80211_FCTL_TODS;
1264fc04	298	/* To DS: Addr1 = BSSID, Addr2 = SA, Addr3 = DA */
18294d87 JK	299	memcpy(header.addr1, ieee->bssid, ETH_ALEN);
	300	memcpy(header.addr2, src, ETH_ALEN);
	301	memcpy(header.addr3, dest, ETH_ALEN);
b453872c	302	} else if (ieee->iw_mode == IW_MODE_ADHOC) {
1264fc04	303	/* not From/To DS: Addr1 = DA, Addr2 = SA, Addr3 = BSSID */
18294d87 JK	304	memcpy(header.addr1, dest, ETH_ALEN);
	305	memcpy(header.addr2, src, ETH_ALEN);
	306	memcpy(header.addr3, ieee->bssid, ETH_ALEN);
b453872c JG	307	}
	308	header.frame_ctl = cpu_to_le16(fc);
	309	hdr_len = IEEE80211_3ADDR_LEN;
	310
1264fc04 JK	311	/* Encrypt msdu first on the whole data packet. */
	312	if ((host_encrypt \|\| host_encrypt_msdu) &&
	313	crypt && crypt->ops && crypt->ops->encrypt_msdu) {
	314	int res = 0;
	315	int len = bytes + hdr_len + crypt->ops->extra_msdu_prefix_len +
	316	crypt->ops->extra_msdu_postfix_len;
	317	struct sk_buff *skb_new = dev_alloc_skb(len);
31b59eae	318
1264fc04 JK	319	if (unlikely(!skb_new))
1264fc04 JK	320	goto failed;
31b59eae	321
1264fc04 JK	322	skb_reserve(skb_new, crypt->ops->extra_msdu_prefix_len);
	323	memcpy(skb_put(skb_new, hdr_len), &header, hdr_len);
	324	snapped = 1;
	325	ieee80211_copy_snap(skb_put(skb_new, SNAP_SIZE + sizeof(u16)),
	326	ether_type);
	327	memcpy(skb_put(skb_new, skb->len), skb->data, skb->len);
	328	res = crypt->ops->encrypt_msdu(skb_new, hdr_len, crypt->priv);
	329	if (res < 0) {
	330	IEEE80211_ERROR("msdu encryption failed\n");
	331	dev_kfree_skb_any(skb_new);
	332	goto failed;
	333	}
	334	dev_kfree_skb_any(skb);
	335	skb = skb_new;
	336	bytes += crypt->ops->extra_msdu_prefix_len +
	337	crypt->ops->extra_msdu_postfix_len;
	338	skb_pull(skb, hdr_len);
	339	}
	340
	341	if (host_encrypt \|\| ieee->host_open_frag) {
	342	/* Determine fragmentation size based on destination (multicast
	343	* and broadcast are not fragmented) */
5b74eda7 HL	344	if (is_multicast_ether_addr(dest) \|\|
5b74eda7 HL	345	is_broadcast_ether_addr(dest))
1264fc04 JK	346	frag_size = MAX_FRAG_THRESHOLD;
	347	else
	348	frag_size = ieee->fts;
	349
	350	/* Determine amount of payload per fragment. Regardless of if
	351	* this stack is providing the full 802.11 header, one will
	352	* eventually be affixed to this fragment -- so we must account
	353	* for it when determining the amount of payload space. */
	354	bytes_per_frag = frag_size - IEEE80211_3ADDR_LEN;
	355	if (ieee->config &
	356	(CFG_IEEE80211_COMPUTE_FCS \| CFG_IEEE80211_RESERVE_FCS))
	357	bytes_per_frag -= IEEE80211_FCS_LEN;
	358
	359	/* Each fragment may need to have room for encryptiong
	360	* pre/postfix */
	361	if (host_encrypt)
	362	bytes_per_frag -= crypt->ops->extra_mpdu_prefix_len +
	363	crypt->ops->extra_mpdu_postfix_len;
	364
	365	/* Number of fragments is the total
	366	* bytes_per_frag / payload_per_fragment */
	367	nr_frags = bytes / bytes_per_frag;
	368	bytes_last_frag = bytes % bytes_per_frag;
	369	if (bytes_last_frag)
	370	nr_frags++;
	371	else
	372	bytes_last_frag = bytes_per_frag;
	373	} else {
	374	nr_frags = 1;
	375	bytes_per_frag = bytes_last_frag = bytes;
	376	frag_size = bytes + IEEE80211_3ADDR_LEN;
	377	}
b453872c	378
3cdd00c5 JK	379	rts_required = (frag_size > ieee->rts
	380	&& ieee->config & CFG_IEEE80211_RTS);
	381	if (rts_required)
	382	nr_frags++;
3cdd00c5	383
b453872c JG	384	/* When we allocate the TXB we allocate enough space for the reserve
	385	* and full fragment bytes (bytes_per_frag doesn't include prefix,
	386	* postfix, header, FCS, etc.) */
	387	txb = ieee80211_alloc_txb(nr_frags, frag_size, GFP_ATOMIC);
	388	if (unlikely(!txb)) {
	389	printk(KERN_WARNING "%s: Could not allocate TXB\n",
	390	ieee->dev->name);
	391	goto failed;
	392	}
	393	txb->encrypted = encrypt;
1264fc04 JK	394	if (host_encrypt)
	395	txb->payload_size = frag_size * (nr_frags - 1) +
	396	bytes_last_frag;
	397	else
	398	txb->payload_size = bytes;
b453872c	399
3cdd00c5 JK	400	if (rts_required) {
	401	skb_frag = txb->fragments[0];
	402	frag_hdr =
	403	(struct ieee80211_hdr_3addr *)skb_put(skb_frag, hdr_len);
	404
	405	/*
	406	* Set header frame_ctl to the RTS.
	407	*/
	408	header.frame_ctl =
	409	cpu_to_le16(IEEE80211_FTYPE_CTL \| IEEE80211_STYPE_RTS);
	410	memcpy(frag_hdr, &header, hdr_len);
	411
	412	/*
	413	* Restore header frame_ctl to the original data setting.
	414	*/
	415	header.frame_ctl = cpu_to_le16(fc);
	416
	417	if (ieee->config &
	418	(CFG_IEEE80211_COMPUTE_FCS \| CFG_IEEE80211_RESERVE_FCS))
	419	skb_put(skb_frag, 4);
	420
	421	txb->rts_included = 1;
	422	i = 1;
	423	} else
	424	i = 0;
	425
	426	for (; i < nr_frags; i++) {
b453872c JG	427	skb_frag = txb->fragments[i];
b453872c JG	428
31b59eae	429	if (host_encrypt \|\| host_build_iv)
1264fc04 JK	430	skb_reserve(skb_frag,
1264fc04 JK	431	crypt->ops->extra_mpdu_prefix_len);
b453872c	432
ee34af37 JK	433	frag_hdr =
ee34af37 JK	434	(struct ieee80211_hdr_3addr *)skb_put(skb_frag, hdr_len);
b453872c JG	435	memcpy(frag_hdr, &header, hdr_len);
	436
	437	/* If this is not the last fragment, then add the MOREFRAGS
	438	* bit to the frame control */
	439	if (i != nr_frags - 1) {
0edd5b44 JG	440	frag_hdr->frame_ctl =
0edd5b44 JG	441	cpu_to_le16(fc \| IEEE80211_FCTL_MOREFRAGS);
b453872c JG	442	bytes = bytes_per_frag;
	443	} else {
	444	/* The last fragment takes the remaining length */
	445	bytes = bytes_last_frag;
	446	}
	447
1264fc04 JK	448	if (i == 0 && !snapped) {
	449	ieee80211_copy_snap(skb_put
	450	(skb_frag, SNAP_SIZE + sizeof(u16)),
	451	ether_type);
b453872c JG	452	bytes -= SNAP_SIZE + sizeof(u16);
	453	}
	454
	455	memcpy(skb_put(skb_frag, bytes), skb->data, bytes);
	456
	457	/* Advance the SKB... */
	458	skb_pull(skb, bytes);
	459
	460	/* Encryption routine will move the header forward in order
	461	* to insert the IV between the header and the payload */
f1bf6638	462	if (host_encrypt)
b453872c	463	ieee80211_encrypt_fragment(ieee, skb_frag, hdr_len);
31b59eae JK	464	else if (host_build_iv) {
	465	struct ieee80211_crypt_data *crypt;
	466
	467	crypt = ieee->crypt[ieee->tx_keyidx];
	468	atomic_inc(&crypt->refcnt);
	469	if (crypt->ops->build_iv)
	470	crypt->ops->build_iv(skb_frag, hdr_len,
	471	crypt->priv);
	472	atomic_dec(&crypt->refcnt);
	473	}
f1bf6638	474
b453872c JG	475	if (ieee->config &
	476	(CFG_IEEE80211_COMPUTE_FCS \| CFG_IEEE80211_RESERVE_FCS))
	477	skb_put(skb_frag, 4);
	478	}
	479
0edd5b44	480	success:
b453872c JG	481	spin_unlock_irqrestore(&ieee->lock, flags);
	482
	483	dev_kfree_skb_any(skb);
	484
	485	if (txb) {
9e8571af	486	int ret = (*ieee->hard_start_xmit) (txb, dev, priority);
1264fc04	487	if (ret == 0) {
b453872c JG	488	stats->tx_packets++;
	489	stats->tx_bytes += txb->payload_size;
	490	return 0;
	491	}
2c0aa2a5 JK	492
	493	if (ret == NETDEV_TX_BUSY) {
	494	printk(KERN_ERR "%s: NETDEV_TX_BUSY returned; "
	495	"driver should report queue full via "
	496	"ieee_device->is_queue_full.\n",
	497	ieee->dev->name);
	498	}
	499
b453872c JG	500	ieee80211_txb_free(txb);
	501	}
	502
	503	return 0;
	504
0edd5b44	505	failed:
b453872c JG	506	spin_unlock_irqrestore(&ieee->lock, flags);
	507	netif_stop_queue(dev);
	508	stats->tx_errors++;
	509	return 1;
3f552bbf JK	510	}
	511
	512	/* Incoming 802.11 strucure is converted to a TXB
	513	* a block of 802.11 fragment packets (stored as skbs) */
	514	int ieee80211_tx_frame(struct ieee80211_device *ieee,
	515	struct ieee80211_hdr *frame, int len)
	516	{
	517	struct ieee80211_txb *txb = NULL;
	518	unsigned long flags;
	519	struct net_device_stats *stats = &ieee->stats;
	520	struct sk_buff *skb_frag;
9e8571af	521	int priority = -1;
3f552bbf JK	522
	523	spin_lock_irqsave(&ieee->lock, flags);
	524
	525	/* If there is no driver handler to take the TXB, dont' bother
	526	* creating it... */
	527	if (!ieee->hard_start_xmit) {
	528	printk(KERN_WARNING "%s: No xmit handler.\n", ieee->dev->name);
	529	goto success;
	530	}
b453872c	531
3f552bbf JK	532	if (unlikely(len < 24)) {
	533	printk(KERN_WARNING "%s: skb too small (%d).\n",
	534	ieee->dev->name, len);
	535	goto success;
	536	}
	537
	538	/* When we allocate the TXB we allocate enough space for the reserve
	539	* and full fragment bytes (bytes_per_frag doesn't include prefix,
	540	* postfix, header, FCS, etc.) */
	541	txb = ieee80211_alloc_txb(1, len, GFP_ATOMIC);
	542	if (unlikely(!txb)) {
	543	printk(KERN_WARNING "%s: Could not allocate TXB\n",
	544	ieee->dev->name);
	545	goto failed;
	546	}
	547	txb->encrypted = 0;
	548	txb->payload_size = len;
	549
	550	skb_frag = txb->fragments[0];
	551
	552	memcpy(skb_put(skb_frag, len), frame, len);
	553
	554	if (ieee->config &
	555	(CFG_IEEE80211_COMPUTE_FCS \| CFG_IEEE80211_RESERVE_FCS))
	556	skb_put(skb_frag, 4);
	557
	558	success:
	559	spin_unlock_irqrestore(&ieee->lock, flags);
	560
	561	if (txb) {
9e8571af	562	if ((*ieee->hard_start_xmit) (txb, ieee->dev, priority) == 0) {
3f552bbf JK	563	stats->tx_packets++;
	564	stats->tx_bytes += txb->payload_size;
	565	return 0;
	566	}
	567	ieee80211_txb_free(txb);
	568	}
	569	return 0;
	570
	571	failed:
	572	spin_unlock_irqrestore(&ieee->lock, flags);
	573	stats->tx_errors++;
	574	return 1;
b453872c JG	575	}
b453872c JG	576
3f552bbf	577	EXPORT_SYMBOL(ieee80211_tx_frame);
b453872c	578	EXPORT_SYMBOL(ieee80211_txb_free);