[net-next-2.6.git] / net / ieee80211 / ieee80211_tx.c

/******************************************************************************

  Copyright(c) 2003 - 2005 Intel Corporation. All rights reserved.

  This program is free software; you can redistribute it and/or modify it
  under the terms of version 2 of the GNU General Public License as
  published by the Free Software Foundation.

  This program is distributed in the hope that it will be useful, but WITHOUT
  ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
  more details.

  You should have received a copy of the GNU General Public License along with
  this program; if not, write to the Free Software Foundation, Inc., 59
  Temple Place - Suite 330, Boston, MA  02111-1307, USA.

  The full GNU General Public License is included in this distribution in the
  file called LICENSE.

  Contact Information:
  James P. Ketrenos <ipw2100-admin@linux.intel.com>
  Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497

******************************************************************************/
#include <linux/compiler.h>
#include <linux/errno.h>
#include <linux/if_arp.h>
#include <linux/in6.h>
#include <linux/in.h>
#include <linux/ip.h>
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/netdevice.h>
#include <linux/proc_fs.h>
#include <linux/skbuff.h>
#include <linux/slab.h>
#include <linux/tcp.h>
#include <linux/types.h>
#include <linux/wireless.h>
#include <linux/etherdevice.h>
#include <asm/uaccess.h>

#include <net/ieee80211.h>

/*

802.11 Data Frame

      ,-------------------------------------------------------------------.
Bytes |  2   |  2   |    6    |    6    |    6    |  2   | 0..2312 |   4  |
      |------|------|---------|---------|---------|------|---------|------|
Desc. | ctrl | dura |  DA/RA  |   TA    |    SA   | Sequ |  Frame  |  fcs |
      |      | tion | (BSSID) |         |         | ence |  data   |      |
      `--------------------------------------------------|         |------'
Total: 28 non-data bytes                                 `----.----'
							      |
       .- 'Frame data' expands, if WEP enabled, to <----------'
       |
       V
      ,-----------------------.
Bytes |  4  |   0-2296  |  4  |
      |-----|-----------|-----|
Desc. | IV  | Encrypted | ICV |
      |     | Packet    |     |
      `-----|           |-----'
	    `-----.-----'
		  |
       .- 'Encrypted Packet' expands to
       |
       V
      ,---------------------------------------------------.
Bytes |  1   |  1   |    1    |    3     |  2   |  0-2304 |
      |------|------|---------|----------|------|---------|
Desc. | SNAP | SNAP | Control |Eth Tunnel| Type | IP      |
      | DSAP | SSAP |         |          |      | Packet  |
      | 0xAA | 0xAA |0x03 (UI)|0x00-00-F8|      |         |
      `----------------------------------------------------
Total: 8 non-data bytes

802.3 Ethernet Data Frame

      ,-----------------------------------------.
Bytes |   6   |   6   |  2   |  Variable |   4  |
      |-------|-------|------|-----------|------|
Desc. | Dest. | Source| Type | IP Packet |  fcs |
      |  MAC  |  MAC  |      |           |      |
      `-----------------------------------------'
Total: 18 non-data bytes

In the event that fragmentation is required, the incoming payload is split into
N parts of size ieee->fts.  The first fragment contains the SNAP header and the
remaining packets are just data.

If encryption is enabled, each fragment payload size is reduced by enough space
to add the prefix and postfix (IV and ICV totalling 8 bytes in the case of WEP)
So if you have 1500 bytes of payload with ieee->fts set to 500 without
encryption it will take 3 frames.  With WEP it will take 4 frames as the
payload of each frame is reduced to 492 bytes.

* SKB visualization
*
*  ,- skb->data
* |
* |    ETHERNET HEADER        ,-<-- PAYLOAD
* |                           |     14 bytes from skb->data
* |  2 bytes for Type --> ,T. |     (sizeof ethhdr)
* |                       | | |
* |,-Dest.--. ,--Src.---. | | |
* |  6 bytes| | 6 bytes | | | |
* v         | |         | | | |
* 0         | v       1 | v | v           2
* 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
*     ^     | ^         | ^ |
*     |     | |         | | |
*     |     | |         | `T' <---- 2 bytes for Type
*     |     | |         |
*     |     | '---SNAP--' <-------- 6 bytes for SNAP
*     |     |
*     `-IV--' <-------------------- 4 bytes for IV (WEP)
*
*      SNAP HEADER
*
*/

static u8 P802_1H_OUI[P80211_OUI_LEN] = { 0x00, 0x00, 0xf8 };
static u8 RFC1042_OUI[P80211_OUI_LEN] = { 0x00, 0x00, 0x00 };

static int ieee80211_copy_snap(u8 * data, __be16 h_proto)
{
	struct ieee80211_snap_hdr *snap;
	u8 *oui;

	snap = (struct ieee80211_snap_hdr *)data;
	snap->dsap = 0xaa;
	snap->ssap = 0xaa;
	snap->ctrl = 0x03;

	if (h_proto == htons(ETH_P_AARP) || h_proto == htons(ETH_P_IPX))
		oui = P802_1H_OUI;
	else
		oui = RFC1042_OUI;
	snap->oui[0] = oui[0];
	snap->oui[1] = oui[1];
	snap->oui[2] = oui[2];

	memcpy(data + SNAP_SIZE, &h_proto, sizeof(u16));

	return SNAP_SIZE + sizeof(u16);
}

static int ieee80211_encrypt_fragment(struct ieee80211_device *ieee,
					     struct sk_buff *frag, int hdr_len)
{
	struct lib80211_crypt_data *crypt =
		ieee->crypt_info.crypt[ieee->crypt_info.tx_keyidx];
	int res;

	if (crypt == NULL)
		return -1;

	/* To encrypt, frame format is:
	 * IV (4 bytes), clear payload (including SNAP), ICV (4 bytes) */
	atomic_inc(&crypt->refcnt);
	res = 0;
	if (crypt->ops && crypt->ops->encrypt_mpdu)
		res = crypt->ops->encrypt_mpdu(frag, hdr_len, crypt->priv);

	atomic_dec(&crypt->refcnt);
	if (res < 0) {
		printk(KERN_INFO "%s: Encryption failed: len=%d.\n",
		       ieee->dev->name, frag->len);
		ieee->ieee_stats.tx_discards++;
		return -1;
	}

	return 0;
}

void ieee80211_txb_free(struct ieee80211_txb *txb)
{
	int i;
	if (unlikely(!txb))
		return;
	for (i = 0; i < txb->nr_frags; i++)
		if (txb->fragments[i])
			dev_kfree_skb_any(txb->fragments[i]);
	kfree(txb);
}

static struct ieee80211_txb *ieee80211_alloc_txb(int nr_frags, int txb_size,
						 int headroom, gfp_t gfp_mask)
{
	struct ieee80211_txb *txb;
	int i;
	txb = kmalloc(sizeof(struct ieee80211_txb) + (sizeof(u8 *) * nr_frags),
		      gfp_mask);
	if (!txb)
		return NULL;

	memset(txb, 0, sizeof(struct ieee80211_txb));
	txb->nr_frags = nr_frags;
	txb->frag_size = txb_size;

	for (i = 0; i < nr_frags; i++) {
		txb->fragments[i] = __dev_alloc_skb(txb_size + headroom,
						    gfp_mask);
		if (unlikely(!txb->fragments[i])) {
			i--;
			break;
		}
		skb_reserve(txb->fragments[i], headroom);
	}
	if (unlikely(i != nr_frags)) {
		while (i >= 0)
			dev_kfree_skb_any(txb->fragments[i--]);
		kfree(txb);
		return NULL;
	}
	return txb;
}

static int ieee80211_classify(struct sk_buff *skb)
{
	struct ethhdr *eth;
	struct iphdr *ip;

	eth = (struct ethhdr *)skb->data;
	if (eth->h_proto != htons(ETH_P_IP))
		return 0;

	ip = ip_hdr(skb);
	switch (ip->tos & 0xfc) {
	case 0x20:
		return 2;
	case 0x40:
		return 1;
	case 0x60:
		return 3;
	case 0x80:
		return 4;
	case 0xa0:
		return 5;
	case 0xc0:
		return 6;
	case 0xe0:
		return 7;
	default:
		return 0;
	}
}

/* Incoming skb is converted to a txb which consists of
 * a block of 802.11 fragment packets (stored as skbs) */
int ieee80211_xmit(struct sk_buff *skb, struct net_device *dev)
{
	struct ieee80211_device *ieee = netdev_priv(dev);
	struct ieee80211_txb *txb = NULL;
	struct ieee80211_hdr_3addrqos *frag_hdr;
	int i, bytes_per_frag, nr_frags, bytes_last_frag, frag_size,
	    rts_required;
	unsigned long flags;
	struct net_device_stats *stats = &ieee->stats;
	int encrypt, host_encrypt, host_encrypt_msdu, host_build_iv;
	__be16 ether_type;
	int bytes, fc, hdr_len;
	struct sk_buff *skb_frag;
	struct ieee80211_hdr_3addrqos header = {/* Ensure zero initialized */
		.duration_id = 0,
		.seq_ctl = 0,
		.qos_ctl = 0
	};
	u8 dest[ETH_ALEN], src[ETH_ALEN];
	struct lib80211_crypt_data *crypt;
	int priority = skb->priority;
	int snapped = 0;

	if (ieee->is_queue_full && (*ieee->is_queue_full) (dev, priority))
		return NETDEV_TX_BUSY;

	spin_lock_irqsave(&ieee->lock, flags);

	/* If there is no driver handler to take the TXB, dont' bother
	 * creating it... */
	if (!ieee->hard_start_xmit) {
		printk(KERN_WARNING "%s: No xmit handler.\n", ieee->dev->name);
		goto success;
	}

	if (unlikely(skb->len < SNAP_SIZE + sizeof(u16))) {
		printk(KERN_WARNING "%s: skb too small (%d).\n",
		       ieee->dev->name, skb->len);
		goto success;
	}

	ether_type = ((struct ethhdr *)skb->data)->h_proto;

	crypt = ieee->crypt_info.crypt[ieee->crypt_info.tx_keyidx];

	encrypt = !(ether_type == htons(ETH_P_PAE) && ieee->ieee802_1x) &&
	    ieee->sec.encrypt;

	host_encrypt = ieee->host_encrypt && encrypt && crypt;
	host_encrypt_msdu = ieee->host_encrypt_msdu && encrypt && crypt;
	host_build_iv = ieee->host_build_iv && encrypt && crypt;

	if (!encrypt && ieee->ieee802_1x &&
	    ieee->drop_unencrypted && ether_type != htons(ETH_P_PAE)) {
		stats->tx_dropped++;
		goto success;
	}

	/* Save source and destination addresses */
	skb_copy_from_linear_data(skb, dest, ETH_ALEN);
	skb_copy_from_linear_data_offset(skb, ETH_ALEN, src, ETH_ALEN);

	if (host_encrypt || host_build_iv)
		fc = IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA |
		    IEEE80211_FCTL_PROTECTED;
	else
		fc = IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA;

	if (ieee->iw_mode == IW_MODE_INFRA) {
		fc |= IEEE80211_FCTL_TODS;
		/* To DS: Addr1 = BSSID, Addr2 = SA, Addr3 = DA */
		memcpy(header.addr1, ieee->bssid, ETH_ALEN);
		memcpy(header.addr2, src, ETH_ALEN);
		memcpy(header.addr3, dest, ETH_ALEN);
	} else if (ieee->iw_mode == IW_MODE_ADHOC) {
		/* not From/To DS: Addr1 = DA, Addr2 = SA, Addr3 = BSSID */
		memcpy(header.addr1, dest, ETH_ALEN);
		memcpy(header.addr2, src, ETH_ALEN);
		memcpy(header.addr3, ieee->bssid, ETH_ALEN);
	}
	hdr_len = IEEE80211_3ADDR_LEN;

	if (ieee->is_qos_active && ieee->is_qos_active(dev, skb)) {
		fc |= IEEE80211_STYPE_QOS_DATA;
		hdr_len += 2;

		skb->priority = ieee80211_classify(skb);
		header.qos_ctl |= cpu_to_le16(skb->priority & IEEE80211_QCTL_TID);
	}
	header.frame_ctl = cpu_to_le16(fc);

	/* Advance the SKB to the start of the payload */
	skb_pull(skb, sizeof(struct ethhdr));

	/* Determine total amount of storage required for TXB packets */
	bytes = skb->len + SNAP_SIZE + sizeof(u16);

	/* Encrypt msdu first on the whole data packet. */
	if ((host_encrypt || host_encrypt_msdu) &&
	    crypt && crypt->ops && crypt->ops->encrypt_msdu) {
		int res = 0;
		int len = bytes + hdr_len + crypt->ops->extra_msdu_prefix_len +
		    crypt->ops->extra_msdu_postfix_len;
		struct sk_buff *skb_new = dev_alloc_skb(len);

		if (unlikely(!skb_new))
			goto failed;

		skb_reserve(skb_new, crypt->ops->extra_msdu_prefix_len);
		memcpy(skb_put(skb_new, hdr_len), &header, hdr_len);
		snapped = 1;
		ieee80211_copy_snap(skb_put(skb_new, SNAP_SIZE + sizeof(u16)),
				    ether_type);
		skb_copy_from_linear_data(skb, skb_put(skb_new, skb->len), skb->len);
		res = crypt->ops->encrypt_msdu(skb_new, hdr_len, crypt->priv);
		if (res < 0) {
			IEEE80211_ERROR("msdu encryption failed\n");
			dev_kfree_skb_any(skb_new);
			goto failed;
		}
		dev_kfree_skb_any(skb);
		skb = skb_new;
		bytes += crypt->ops->extra_msdu_prefix_len +
		    crypt->ops->extra_msdu_postfix_len;
		skb_pull(skb, hdr_len);
	}

	if (host_encrypt || ieee->host_open_frag) {
		/* Determine fragmentation size based on destination (multicast
		 * and broadcast are not fragmented) */
		if (is_multicast_ether_addr(dest) ||
		    is_broadcast_ether_addr(dest))
			frag_size = MAX_FRAG_THRESHOLD;
		else
			frag_size = ieee->fts;

		/* Determine amount of payload per fragment.  Regardless of if
		 * this stack is providing the full 802.11 header, one will
		 * eventually be affixed to this fragment -- so we must account
		 * for it when determining the amount of payload space. */
		bytes_per_frag = frag_size - hdr_len;
		if (ieee->config &
		    (CFG_IEEE80211_COMPUTE_FCS | CFG_IEEE80211_RESERVE_FCS))
			bytes_per_frag -= IEEE80211_FCS_LEN;

		/* Each fragment may need to have room for encryptiong
		 * pre/postfix */
		if (host_encrypt)
			bytes_per_frag -= crypt->ops->extra_mpdu_prefix_len +
			    crypt->ops->extra_mpdu_postfix_len;

		/* Number of fragments is the total
		 * bytes_per_frag / payload_per_fragment */
		nr_frags = bytes / bytes_per_frag;
		bytes_last_frag = bytes % bytes_per_frag;
		if (bytes_last_frag)
			nr_frags++;
		else
			bytes_last_frag = bytes_per_frag;
	} else {
		nr_frags = 1;
		bytes_per_frag = bytes_last_frag = bytes;
		frag_size = bytes + hdr_len;
	}

	rts_required = (frag_size > ieee->rts
			&& ieee->config & CFG_IEEE80211_RTS);
	if (rts_required)
		nr_frags++;

	/* When we allocate the TXB we allocate enough space for the reserve
	 * and full fragment bytes (bytes_per_frag doesn't include prefix,
	 * postfix, header, FCS, etc.) */
	txb = ieee80211_alloc_txb(nr_frags, frag_size,
				  ieee->tx_headroom, GFP_ATOMIC);
	if (unlikely(!txb)) {
		printk(KERN_WARNING "%s: Could not allocate TXB\n",
		       ieee->dev->name);
		goto failed;
	}
	txb->encrypted = encrypt;
	if (host_encrypt)
		txb->payload_size = frag_size * (nr_frags - 1) +
		    bytes_last_frag;
	else
		txb->payload_size = bytes;

	if (rts_required) {
		skb_frag = txb->fragments[0];
		frag_hdr =
		    (struct ieee80211_hdr_3addrqos *)skb_put(skb_frag, hdr_len);

		/*
		 * Set header frame_ctl to the RTS.
		 */
		header.frame_ctl =
		    cpu_to_le16(IEEE80211_FTYPE_CTL | IEEE80211_STYPE_RTS);
		memcpy(frag_hdr, &header, hdr_len);

		/*
		 * Restore header frame_ctl to the original data setting.
		 */
		header.frame_ctl = cpu_to_le16(fc);

		if (ieee->config &
		    (CFG_IEEE80211_COMPUTE_FCS | CFG_IEEE80211_RESERVE_FCS))
			skb_put(skb_frag, 4);

		txb->rts_included = 1;
		i = 1;
	} else
		i = 0;

	for (; i < nr_frags; i++) {
		skb_frag = txb->fragments[i];

		if (host_encrypt || host_build_iv)
			skb_reserve(skb_frag,
				    crypt->ops->extra_mpdu_prefix_len);

		frag_hdr =
		    (struct ieee80211_hdr_3addrqos *)skb_put(skb_frag, hdr_len);
		memcpy(frag_hdr, &header, hdr_len);

		/* If this is not the last fragment, then add the MOREFRAGS
		 * bit to the frame control */
		if (i != nr_frags - 1) {
			frag_hdr->frame_ctl =
			    cpu_to_le16(fc | IEEE80211_FCTL_MOREFRAGS);
			bytes = bytes_per_frag;
		} else {
			/* The last fragment takes the remaining length */
			bytes = bytes_last_frag;
		}

		if (i == 0 && !snapped) {
			ieee80211_copy_snap(skb_put
					    (skb_frag, SNAP_SIZE + sizeof(u16)),
					    ether_type);
			bytes -= SNAP_SIZE + sizeof(u16);
		}

		skb_copy_from_linear_data(skb, skb_put(skb_frag, bytes), bytes);

		/* Advance the SKB... */
		skb_pull(skb, bytes);

		/* Encryption routine will move the header forward in order
		 * to insert the IV between the header and the payload */
		if (host_encrypt)
			ieee80211_encrypt_fragment(ieee, skb_frag, hdr_len);
		else if (host_build_iv) {
			atomic_inc(&crypt->refcnt);
			if (crypt->ops->build_iv)
				crypt->ops->build_iv(skb_frag, hdr_len,
				      ieee->sec.keys[ieee->sec.active_key],
				      ieee->sec.key_sizes[ieee->sec.active_key],
				      crypt->priv);
			atomic_dec(&crypt->refcnt);
		}

		if (ieee->config &
		    (CFG_IEEE80211_COMPUTE_FCS | CFG_IEEE80211_RESERVE_FCS))
			skb_put(skb_frag, 4);
	}

      success:
	spin_unlock_irqrestore(&ieee->lock, flags);

	dev_kfree_skb_any(skb);

	if (txb) {
		int ret = (*ieee->hard_start_xmit) (txb, dev, priority);
		if (ret == 0) {
			stats->tx_packets++;
			stats->tx_bytes += txb->payload_size;
			return 0;
		}

		ieee80211_txb_free(txb);
	}

	return 0;

      failed:
	spin_unlock_irqrestore(&ieee->lock, flags);
	netif_stop_queue(dev);
	stats->tx_errors++;
	return 1;
}

EXPORT_SYMBOL(ieee80211_txb_free);
Commit	Line	Data
b453872c JG	1	/******************************************************************************
b453872c JG	2
ebeaddcc	3	Copyright(c) 2003 - 2005 Intel Corporation. All rights reserved.
b453872c JG	4
	5	This program is free software; you can redistribute it and/or modify it
	6	under the terms of version 2 of the GNU General Public License as
	7	published by the Free Software Foundation.
	8
	9	This program is distributed in the hope that it will be useful, but WITHOUT
	10	ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
	11	FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
	12	more details.
	13
	14	You should have received a copy of the GNU General Public License along with
	15	this program; if not, write to the Free Software Foundation, Inc., 59
	16	Temple Place - Suite 330, Boston, MA 02111-1307, USA.
	17
	18	The full GNU General Public License is included in this distribution in the
	19	file called LICENSE.
	20
	21	Contact Information:
	22	James P. Ketrenos <ipw2100-admin@linux.intel.com>
	23	Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497
	24
	25	******************************************************************************/
	26	#include <linux/compiler.h>
b453872c JG	27	#include <linux/errno.h>
	28	#include <linux/if_arp.h>
	29	#include <linux/in6.h>
	30	#include <linux/in.h>
	31	#include <linux/ip.h>
	32	#include <linux/kernel.h>
	33	#include <linux/module.h>
	34	#include <linux/netdevice.h>
b453872c JG	35	#include <linux/proc_fs.h>
	36	#include <linux/skbuff.h>
	37	#include <linux/slab.h>
	38	#include <linux/tcp.h>
	39	#include <linux/types.h>
b453872c JG	40	#include <linux/wireless.h>
	41	#include <linux/etherdevice.h>
	42	#include <asm/uaccess.h>
	43
	44	#include <net/ieee80211.h>
	45
b453872c JG	46	/*
b453872c JG	47
b453872c JG	48	802.11 Data Frame
	49
	50	,-------------------------------------------------------------------.
	51	Bytes \| 2 \| 2 \| 6 \| 6 \| 6 \| 2 \| 0..2312 \| 4 \|
	52	\|------\|------\|---------\|---------\|---------\|------\|---------\|------\|
	53	Desc. \| ctrl \| dura \| DA/RA \| TA \| SA \| Sequ \| Frame \| fcs \|
	54	\| \| tion \| (BSSID) \| \| \| ence \| data \| \|
	55	`--------------------------------------------------\| \|------'
	56	Total: 28 non-data bytes `----.----'
64265651	57	\|
44d7a8cf DV	58	.- 'Frame data' expands, if WEP enabled, to <----------'
	59	\|
	60	V
	61	,-----------------------.
	62	Bytes \| 4 \| 0-2296 \| 4 \|
	63	\|-----\|-----------\|-----\|
	64	Desc. \| IV \| Encrypted \| ICV \|
	65	\| \| Packet \| \|
	66	`-----\| \|-----'
64265651 YH	67	`-----.-----'
64265651 YH	68	\|
44d7a8cf	69	.- 'Encrypted Packet' expands to
b453872c JG	70	\|
	71	V
	72	,---------------------------------------------------.
	73	Bytes \| 1 \| 1 \| 1 \| 3 \| 2 \| 0-2304 \|
	74	\|------\|------\|---------\|----------\|------\|---------\|
	75	Desc. \| SNAP \| SNAP \| Control \|Eth Tunnel\| Type \| IP \|
	76	\| DSAP \| SSAP \| \| \| \| Packet \|
	77	\| 0xAA \| 0xAA \|0x03 (UI)\|0x00-00-F8\| \| \|
44d7a8cf	78	`----------------------------------------------------
b453872c JG	79	Total: 8 non-data bytes
b453872c JG	80
b453872c JG	81	802.3 Ethernet Data Frame
	82
	83	,-----------------------------------------.
	84	Bytes \| 6 \| 6 \| 2 \| Variable \| 4 \|
	85	\|-------\|-------\|------\|-----------\|------\|
	86	Desc. \| Dest. \| Source\| Type \| IP Packet \| fcs \|
	87	\| MAC \| MAC \| \| \| \|
	88	`-----------------------------------------'
	89	Total: 18 non-data bytes
	90
	91	In the event that fragmentation is required, the incoming payload is split into
	92	N parts of size ieee->fts. The first fragment contains the SNAP header and the
	93	remaining packets are just data.
	94
	95	If encryption is enabled, each fragment payload size is reduced by enough space
	96	to add the prefix and postfix (IV and ICV totalling 8 bytes in the case of WEP)
	97	So if you have 1500 bytes of payload with ieee->fts set to 500 without
	98	encryption it will take 3 frames. With WEP it will take 4 frames as the
	99	payload of each frame is reduced to 492 bytes.
	100
	101	* SKB visualization
	102	*
	103	* ,- skb->data
	104	* \|
	105	* \| ETHERNET HEADER ,-<-- PAYLOAD
	106	* \| \| 14 bytes from skb->data
	107	* \| 2 bytes for Type --> ,T. \| (sizeof ethhdr)
	108	* \| \| \| \|
	109	* \|,-Dest.--. ,--Src.---. \| \| \|
	110	* \| 6 bytes\| \| 6 bytes \| \| \| \|
	111	* v \| \| \| \| \| \|
	112	* 0 \| v 1 \| v \| v 2
	113	* 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
	114	* ^ \| ^ \| ^ \|
	115	* \| \| \| \| \| \|
	116	* \| \| \| \| `T' <---- 2 bytes for Type
	117	* \| \| \| \|
	118	* \| \| '---SNAP--' <-------- 6 bytes for SNAP
	119	* \| \|
	120	* `-IV--' <-------------------- 4 bytes for IV (WEP)
	121	*
	122	* SNAP HEADER
	123	*
	124	*/
	125
	126	static u8 P802_1H_OUI[P80211_OUI_LEN] = { 0x00, 0x00, 0xf8 };
	127	static u8 RFC1042_OUI[P80211_OUI_LEN] = { 0x00, 0x00, 0x00 };
	128
d9e94d56	129	static int ieee80211_copy_snap(u8 * data, __be16 h_proto)
b453872c JG	130	{
	131	struct ieee80211_snap_hdr *snap;
	132	u8 *oui;
	133
	134	snap = (struct ieee80211_snap_hdr *)data;
	135	snap->dsap = 0xaa;
	136	snap->ssap = 0xaa;
	137	snap->ctrl = 0x03;
	138
d9e94d56	139	if (h_proto == htons(ETH_P_AARP) \|\| h_proto == htons(ETH_P_IPX))
b453872c JG	140	oui = P802_1H_OUI;
	141	else
	142	oui = RFC1042_OUI;
	143	snap->oui[0] = oui[0];
	144	snap->oui[1] = oui[1];
	145	snap->oui[2] = oui[2];
	146
01e1f045	147	memcpy(data + SNAP_SIZE, &h_proto, sizeof(u16));
b453872c JG	148
	149	return SNAP_SIZE + sizeof(u16);
	150	}
	151
858119e1	152	static int ieee80211_encrypt_fragment(struct ieee80211_device *ieee,
0edd5b44	153	struct sk_buff *frag, int hdr_len)
b453872c	154	{
274bfb8d JL	155	struct lib80211_crypt_data *crypt =
274bfb8d JL	156	ieee->crypt_info.crypt[ieee->crypt_info.tx_keyidx];
b453872c JG	157	int res;
b453872c JG	158
f0f15ab5 HL	159	if (crypt == NULL)
	160	return -1;
	161
b453872c JG	162	/* To encrypt, frame format is:
b453872c JG	163	* IV (4 bytes), clear payload (including SNAP), ICV (4 bytes) */
b453872c JG	164	atomic_inc(&crypt->refcnt);
b453872c JG	165	res = 0;
f0f15ab5	166	if (crypt->ops && crypt->ops->encrypt_mpdu)
b453872c JG	167	res = crypt->ops->encrypt_mpdu(frag, hdr_len, crypt->priv);
	168
	169	atomic_dec(&crypt->refcnt);
	170	if (res < 0) {
	171	printk(KERN_INFO "%s: Encryption failed: len=%d.\n",
	172	ieee->dev->name, frag->len);
	173	ieee->ieee_stats.tx_discards++;
	174	return -1;
	175	}
	176
	177	return 0;
	178	}
	179
0edd5b44 JG	180	void ieee80211_txb_free(struct ieee80211_txb *txb)
0edd5b44 JG	181	{
b453872c JG	182	int i;
	183	if (unlikely(!txb))
	184	return;
	185	for (i = 0; i < txb->nr_frags; i++)
	186	if (txb->fragments[i])
	187	dev_kfree_skb_any(txb->fragments[i]);
	188	kfree(txb);
	189	}
	190
e157249d	191	static struct ieee80211_txb *ieee80211_alloc_txb(int nr_frags, int txb_size,
d3f7bf4f	192	int headroom, gfp_t gfp_mask)
b453872c JG	193	{
	194	struct ieee80211_txb *txb;
	195	int i;
0edd5b44 JG	196	txb = kmalloc(sizeof(struct ieee80211_txb) + (sizeof(u8 ) nr_frags),
0edd5b44 JG	197	gfp_mask);
b453872c JG	198	if (!txb)
	199	return NULL;
	200
0a989b24	201	memset(txb, 0, sizeof(struct ieee80211_txb));
b453872c JG	202	txb->nr_frags = nr_frags;
	203	txb->frag_size = txb_size;
	204
	205	for (i = 0; i < nr_frags; i++) {
d3f7bf4f MB	206	txb->fragments[i] = __dev_alloc_skb(txb_size + headroom,
d3f7bf4f MB	207	gfp_mask);
b453872c JG	208	if (unlikely(!txb->fragments[i])) {
	209	i--;
	210	break;
	211	}
d3f7bf4f	212	skb_reserve(txb->fragments[i], headroom);
b453872c JG	213	}
	214	if (unlikely(i != nr_frags)) {
	215	while (i >= 0)
	216	dev_kfree_skb_any(txb->fragments[i--]);
	217	kfree(txb);
	218	return NULL;
	219	}
	220	return txb;
	221	}
	222
73858062 ZY	223	static int ieee80211_classify(struct sk_buff *skb)
	224	{
	225	struct ethhdr *eth;
	226	struct iphdr *ip;
	227
	228	eth = (struct ethhdr *)skb->data;
1c9e8ef7	229	if (eth->h_proto != htons(ETH_P_IP))
73858062 ZY	230	return 0;
73858062 ZY	231
eddc9ec5	232	ip = ip_hdr(skb);
73858062 ZY	233	switch (ip->tos & 0xfc) {
	234	case 0x20:
	235	return 2;
	236	case 0x40:
	237	return 1;
	238	case 0x60:
	239	return 3;
	240	case 0x80:
	241	return 4;
	242	case 0xa0:
	243	return 5;
	244	case 0xc0:
	245	return 6;
	246	case 0xe0:
	247	return 7;
	248	default:
	249	return 0;
	250	}
	251	}
	252
1264fc04	253	/* Incoming skb is converted to a txb which consists of
3cdd00c5	254	* a block of 802.11 fragment packets (stored as skbs) */
0edd5b44	255	int ieee80211_xmit(struct sk_buff skb, struct net_device dev)
b453872c JG	256	{
	257	struct ieee80211_device *ieee = netdev_priv(dev);
	258	struct ieee80211_txb *txb = NULL;
73858062	259	struct ieee80211_hdr_3addrqos *frag_hdr;
3cdd00c5 JK	260	int i, bytes_per_frag, nr_frags, bytes_last_frag, frag_size,
3cdd00c5 JK	261	rts_required;
b453872c JG	262	unsigned long flags;
b453872c JG	263	struct net_device_stats *stats = &ieee->stats;
d9e94d56 AV	264	int encrypt, host_encrypt, host_encrypt_msdu, host_build_iv;
d9e94d56 AV	265	__be16 ether_type;
b453872c JG	266	int bytes, fc, hdr_len;
b453872c JG	267	struct sk_buff *skb_frag;
73858062	268	struct ieee80211_hdr_3addrqos header = {/* Ensure zero initialized */
b453872c	269	.duration_id = 0,
73858062 ZY	270	.seq_ctl = 0,
73858062 ZY	271	.qos_ctl = 0
b453872c JG	272	};
b453872c JG	273	u8 dest[ETH_ALEN], src[ETH_ALEN];
274bfb8d	274	struct lib80211_crypt_data *crypt;
2c0aa2a5	275	int priority = skb->priority;
1264fc04	276	int snapped = 0;
b453872c	277
2c0aa2a5 JK	278	if (ieee->is_queue_full && (*ieee->is_queue_full) (dev, priority))
	279	return NETDEV_TX_BUSY;
	280
b453872c JG	281	spin_lock_irqsave(&ieee->lock, flags);
	282
	283	/* If there is no driver handler to take the TXB, dont' bother
	284	* creating it... */
	285	if (!ieee->hard_start_xmit) {
0edd5b44	286	printk(KERN_WARNING "%s: No xmit handler.\n", ieee->dev->name);
b453872c JG	287	goto success;
	288	}
	289
	290	if (unlikely(skb->len < SNAP_SIZE + sizeof(u16))) {
	291	printk(KERN_WARNING "%s: skb too small (%d).\n",
	292	ieee->dev->name, skb->len);
	293	goto success;
	294	}
	295
d9e94d56	296	ether_type = ((struct ethhdr *)skb->data)->h_proto;
b453872c	297
274bfb8d	298	crypt = ieee->crypt_info.crypt[ieee->crypt_info.tx_keyidx];
b453872c	299
d9e94d56	300	encrypt = !(ether_type == htons(ETH_P_PAE) && ieee->ieee802_1x) &&
f1bf6638	301	ieee->sec.encrypt;
31b59eae	302
f0f15ab5 HL	303	host_encrypt = ieee->host_encrypt && encrypt && crypt;
	304	host_encrypt_msdu = ieee->host_encrypt_msdu && encrypt && crypt;
	305	host_build_iv = ieee->host_build_iv && encrypt && crypt;
b453872c JG	306
b453872c JG	307	if (!encrypt && ieee->ieee802_1x &&
d9e94d56	308	ieee->drop_unencrypted && ether_type != htons(ETH_P_PAE)) {
b453872c JG	309	stats->tx_dropped++;
	310	goto success;
	311	}
	312
b453872c	313	/* Save source and destination addresses */
d626f62b ACM	314	skb_copy_from_linear_data(skb, dest, ETH_ALEN);
d626f62b ACM	315	skb_copy_from_linear_data_offset(skb, ETH_ALEN, src, ETH_ALEN);
b453872c	316
a4bf26f3	317	if (host_encrypt \|\| host_build_iv)
b453872c	318	fc = IEEE80211_FTYPE_DATA \| IEEE80211_STYPE_DATA \|
0edd5b44	319	IEEE80211_FCTL_PROTECTED;
b453872c JG	320	else
	321	fc = IEEE80211_FTYPE_DATA \| IEEE80211_STYPE_DATA;
	322
	323	if (ieee->iw_mode == IW_MODE_INFRA) {
	324	fc \|= IEEE80211_FCTL_TODS;
1264fc04	325	/* To DS: Addr1 = BSSID, Addr2 = SA, Addr3 = DA */
18294d87 JK	326	memcpy(header.addr1, ieee->bssid, ETH_ALEN);
	327	memcpy(header.addr2, src, ETH_ALEN);
	328	memcpy(header.addr3, dest, ETH_ALEN);
b453872c	329	} else if (ieee->iw_mode == IW_MODE_ADHOC) {
1264fc04	330	/* not From/To DS: Addr1 = DA, Addr2 = SA, Addr3 = BSSID */
18294d87 JK	331	memcpy(header.addr1, dest, ETH_ALEN);
	332	memcpy(header.addr2, src, ETH_ALEN);
	333	memcpy(header.addr3, ieee->bssid, ETH_ALEN);
b453872c	334	}
b453872c JG	335	hdr_len = IEEE80211_3ADDR_LEN;
b453872c JG	336
73858062 ZY	337	if (ieee->is_qos_active && ieee->is_qos_active(dev, skb)) {
	338	fc \|= IEEE80211_STYPE_QOS_DATA;
	339	hdr_len += 2;
	340
	341	skb->priority = ieee80211_classify(skb);
65b6a277	342	header.qos_ctl \|= cpu_to_le16(skb->priority & IEEE80211_QCTL_TID);
73858062 ZY	343	}
	344	header.frame_ctl = cpu_to_le16(fc);
	345
	346	/* Advance the SKB to the start of the payload */
	347	skb_pull(skb, sizeof(struct ethhdr));
	348
	349	/* Determine total amount of storage required for TXB packets */
	350	bytes = skb->len + SNAP_SIZE + sizeof(u16);
	351
1264fc04 JK	352	/* Encrypt msdu first on the whole data packet. */
	353	if ((host_encrypt \|\| host_encrypt_msdu) &&
	354	crypt && crypt->ops && crypt->ops->encrypt_msdu) {
	355	int res = 0;
	356	int len = bytes + hdr_len + crypt->ops->extra_msdu_prefix_len +
	357	crypt->ops->extra_msdu_postfix_len;
	358	struct sk_buff *skb_new = dev_alloc_skb(len);
31b59eae	359
1264fc04 JK	360	if (unlikely(!skb_new))
1264fc04 JK	361	goto failed;
31b59eae	362
1264fc04 JK	363	skb_reserve(skb_new, crypt->ops->extra_msdu_prefix_len);
	364	memcpy(skb_put(skb_new, hdr_len), &header, hdr_len);
	365	snapped = 1;
	366	ieee80211_copy_snap(skb_put(skb_new, SNAP_SIZE + sizeof(u16)),
	367	ether_type);
d626f62b	368	skb_copy_from_linear_data(skb, skb_put(skb_new, skb->len), skb->len);
1264fc04 JK	369	res = crypt->ops->encrypt_msdu(skb_new, hdr_len, crypt->priv);
	370	if (res < 0) {
	371	IEEE80211_ERROR("msdu encryption failed\n");
	372	dev_kfree_skb_any(skb_new);
	373	goto failed;
	374	}
	375	dev_kfree_skb_any(skb);
	376	skb = skb_new;
	377	bytes += crypt->ops->extra_msdu_prefix_len +
	378	crypt->ops->extra_msdu_postfix_len;
	379	skb_pull(skb, hdr_len);
	380	}
	381
	382	if (host_encrypt \|\| ieee->host_open_frag) {
	383	/* Determine fragmentation size based on destination (multicast
	384	* and broadcast are not fragmented) */
5b74eda7 HL	385	if (is_multicast_ether_addr(dest) \|\|
5b74eda7 HL	386	is_broadcast_ether_addr(dest))
1264fc04 JK	387	frag_size = MAX_FRAG_THRESHOLD;
	388	else
	389	frag_size = ieee->fts;
	390
	391	/* Determine amount of payload per fragment. Regardless of if
	392	* this stack is providing the full 802.11 header, one will
	393	* eventually be affixed to this fragment -- so we must account
	394	* for it when determining the amount of payload space. */
efa53ebe	395	bytes_per_frag = frag_size - hdr_len;
1264fc04 JK	396	if (ieee->config &
	397	(CFG_IEEE80211_COMPUTE_FCS \| CFG_IEEE80211_RESERVE_FCS))
	398	bytes_per_frag -= IEEE80211_FCS_LEN;
	399
	400	/* Each fragment may need to have room for encryptiong
	401	* pre/postfix */
	402	if (host_encrypt)
	403	bytes_per_frag -= crypt->ops->extra_mpdu_prefix_len +
	404	crypt->ops->extra_mpdu_postfix_len;
	405
	406	/* Number of fragments is the total
	407	* bytes_per_frag / payload_per_fragment */
	408	nr_frags = bytes / bytes_per_frag;
	409	bytes_last_frag = bytes % bytes_per_frag;
	410	if (bytes_last_frag)
	411	nr_frags++;
	412	else
	413	bytes_last_frag = bytes_per_frag;
	414	} else {
	415	nr_frags = 1;
	416	bytes_per_frag = bytes_last_frag = bytes;
efa53ebe	417	frag_size = bytes + hdr_len;
1264fc04	418	}
b453872c	419
3cdd00c5 JK	420	rts_required = (frag_size > ieee->rts
	421	&& ieee->config & CFG_IEEE80211_RTS);
	422	if (rts_required)
	423	nr_frags++;
3cdd00c5	424
b453872c JG	425	/* When we allocate the TXB we allocate enough space for the reserve
	426	* and full fragment bytes (bytes_per_frag doesn't include prefix,
	427	* postfix, header, FCS, etc.) */
d3f7bf4f MB	428	txb = ieee80211_alloc_txb(nr_frags, frag_size,
d3f7bf4f MB	429	ieee->tx_headroom, GFP_ATOMIC);
b453872c JG	430	if (unlikely(!txb)) {
	431	printk(KERN_WARNING "%s: Could not allocate TXB\n",
	432	ieee->dev->name);
	433	goto failed;
	434	}
	435	txb->encrypted = encrypt;
1264fc04 JK	436	if (host_encrypt)
	437	txb->payload_size = frag_size * (nr_frags - 1) +
	438	bytes_last_frag;
	439	else
	440	txb->payload_size = bytes;
b453872c	441
3cdd00c5 JK	442	if (rts_required) {
	443	skb_frag = txb->fragments[0];
	444	frag_hdr =
73858062	445	(struct ieee80211_hdr_3addrqos *)skb_put(skb_frag, hdr_len);
3cdd00c5 JK	446
	447	/*
	448	* Set header frame_ctl to the RTS.
	449	*/
	450	header.frame_ctl =
	451	cpu_to_le16(IEEE80211_FTYPE_CTL \| IEEE80211_STYPE_RTS);
	452	memcpy(frag_hdr, &header, hdr_len);
	453
	454	/*
	455	* Restore header frame_ctl to the original data setting.
	456	*/
	457	header.frame_ctl = cpu_to_le16(fc);
	458
	459	if (ieee->config &
	460	(CFG_IEEE80211_COMPUTE_FCS \| CFG_IEEE80211_RESERVE_FCS))
	461	skb_put(skb_frag, 4);
	462
	463	txb->rts_included = 1;
	464	i = 1;
	465	} else
	466	i = 0;
	467
	468	for (; i < nr_frags; i++) {
b453872c JG	469	skb_frag = txb->fragments[i];
b453872c JG	470
31b59eae	471	if (host_encrypt \|\| host_build_iv)
1264fc04 JK	472	skb_reserve(skb_frag,
1264fc04 JK	473	crypt->ops->extra_mpdu_prefix_len);
b453872c	474
ee34af37	475	frag_hdr =
73858062	476	(struct ieee80211_hdr_3addrqos *)skb_put(skb_frag, hdr_len);
b453872c JG	477	memcpy(frag_hdr, &header, hdr_len);
	478
	479	/* If this is not the last fragment, then add the MOREFRAGS
	480	* bit to the frame control */
	481	if (i != nr_frags - 1) {
0edd5b44 JG	482	frag_hdr->frame_ctl =
0edd5b44 JG	483	cpu_to_le16(fc \| IEEE80211_FCTL_MOREFRAGS);
b453872c JG	484	bytes = bytes_per_frag;
	485	} else {
	486	/* The last fragment takes the remaining length */
	487	bytes = bytes_last_frag;
	488	}
	489
1264fc04 JK	490	if (i == 0 && !snapped) {
	491	ieee80211_copy_snap(skb_put
	492	(skb_frag, SNAP_SIZE + sizeof(u16)),
	493	ether_type);
b453872c JG	494	bytes -= SNAP_SIZE + sizeof(u16);
	495	}
	496
d626f62b	497	skb_copy_from_linear_data(skb, skb_put(skb_frag, bytes), bytes);
b453872c JG	498
	499	/* Advance the SKB... */
	500	skb_pull(skb, bytes);
	501
	502	/* Encryption routine will move the header forward in order
	503	* to insert the IV between the header and the payload */
f1bf6638	504	if (host_encrypt)
b453872c	505	ieee80211_encrypt_fragment(ieee, skb_frag, hdr_len);
31b59eae	506	else if (host_build_iv) {
31b59eae JK	507	atomic_inc(&crypt->refcnt);
	508	if (crypt->ops->build_iv)
	509	crypt->ops->build_iv(skb_frag, hdr_len,
9184d934 ZY	510	ieee->sec.keys[ieee->sec.active_key],
	511	ieee->sec.key_sizes[ieee->sec.active_key],
	512	crypt->priv);
31b59eae JK	513	atomic_dec(&crypt->refcnt);
31b59eae JK	514	}
f1bf6638	515
b453872c JG	516	if (ieee->config &
	517	(CFG_IEEE80211_COMPUTE_FCS \| CFG_IEEE80211_RESERVE_FCS))
	518	skb_put(skb_frag, 4);
	519	}
	520
0edd5b44	521	success:
b453872c JG	522	spin_unlock_irqrestore(&ieee->lock, flags);
	523
	524	dev_kfree_skb_any(skb);
	525
	526	if (txb) {
9e8571af	527	int ret = (*ieee->hard_start_xmit) (txb, dev, priority);
1264fc04	528	if (ret == 0) {
b453872c JG	529	stats->tx_packets++;
	530	stats->tx_bytes += txb->payload_size;
	531	return 0;
	532	}
2c0aa2a5	533
b453872c JG	534	ieee80211_txb_free(txb);
	535	}
	536
	537	return 0;
	538
0edd5b44	539	failed:
b453872c JG	540	spin_unlock_irqrestore(&ieee->lock, flags);
	541	netif_stop_queue(dev);
	542	stats->tx_errors++;
	543	return 1;
3f552bbf JK	544	}
3f552bbf JK	545
b453872c	546	EXPORT_SYMBOL(ieee80211_txb_free);