1 // SPDX-License-Identifier: GPL-2.0-only
3 * Copyright 2002-2005, Instant802 Networks, Inc.
4 * Copyright 2005-2006, Devicescape Software, Inc.
5 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
6 * Copyright 2007 Johannes Berg <johannes@sipsolutions.net>
7 * Copyright 2013-2014 Intel Mobile Communications GmbH
8 * Copyright (C) 2018-2022 Intel Corporation
10 * Transmit and frame generation functions.
13 #include <linux/kernel.h>
14 #include <linux/slab.h>
15 #include <linux/skbuff.h>
16 #include <linux/if_vlan.h>
17 #include <linux/etherdevice.h>
18 #include <linux/bitmap.h>
19 #include <linux/rcupdate.h>
20 #include <linux/export.h>
21 #include <net/net_namespace.h>
22 #include <net/ieee80211_radiotap.h>
23 #include <net/cfg80211.h>
24 #include <net/mac80211.h>
25 #include <net/codel.h>
26 #include <net/codel_impl.h>
27 #include <asm/unaligned.h>
28 #include <net/fq_impl.h>
30 #include "ieee80211_i.h"
31 #include "driver-ops.h"
41 static __le16 ieee80211_duration(struct ieee80211_tx_data *tx,
42 struct sk_buff *skb, int group_addr,
45 int rate, mrate, erp, dur, i, shift = 0;
46 struct ieee80211_rate *txrate;
47 struct ieee80211_local *local = tx->local;
48 struct ieee80211_supported_band *sband;
49 struct ieee80211_hdr *hdr;
50 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
51 struct ieee80211_chanctx_conf *chanctx_conf;
54 /* assume HW handles this */
55 if (tx->rate.flags & (IEEE80211_TX_RC_MCS | IEEE80211_TX_RC_VHT_MCS))
59 chanctx_conf = rcu_dereference(tx->sdata->vif.bss_conf.chanctx_conf);
61 shift = ieee80211_chandef_get_shift(&chanctx_conf->def);
62 rate_flags = ieee80211_chandef_rate_flags(&chanctx_conf->def);
67 if (WARN_ON_ONCE(tx->rate.idx < 0))
70 sband = local->hw.wiphy->bands[info->band];
71 txrate = &sband->bitrates[tx->rate.idx];
73 erp = txrate->flags & IEEE80211_RATE_ERP_G;
75 /* device is expected to do this */
76 if (sband->band == NL80211_BAND_S1GHZ)
80 * data and mgmt (except PS Poll):
82 * - during contention period:
83 * if addr1 is group address: 0
84 * if more fragments = 0 and addr1 is individual address: time to
85 * transmit one ACK plus SIFS
86 * if more fragments = 1 and addr1 is individual address: time to
87 * transmit next fragment plus 2 x ACK plus 3 x SIFS
90 * - control response frame (CTS or ACK) shall be transmitted using the
91 * same rate as the immediately previous frame in the frame exchange
92 * sequence, if this rate belongs to the PHY mandatory rates, or else
93 * at the highest possible rate belonging to the PHY rates in the
96 hdr = (struct ieee80211_hdr *)skb->data;
97 if (ieee80211_is_ctl(hdr->frame_control)) {
98 /* TODO: These control frames are not currently sent by
99 * mac80211, but should they be implemented, this function
100 * needs to be updated to support duration field calculation.
102 * RTS: time needed to transmit pending data/mgmt frame plus
103 * one CTS frame plus one ACK frame plus 3 x SIFS
104 * CTS: duration of immediately previous RTS minus time
105 * required to transmit CTS and its SIFS
106 * ACK: 0 if immediately previous directed data/mgmt had
107 * more=0, with more=1 duration in ACK frame is duration
108 * from previous frame minus time needed to transmit ACK
110 * PS Poll: BIT(15) | BIT(14) | aid
116 if (0 /* FIX: data/mgmt during CFP */)
117 return cpu_to_le16(32768);
119 if (group_addr) /* Group address as the destination - no ACK */
122 /* Individual destination address:
123 * IEEE 802.11, Ch. 9.6 (after IEEE 802.11g changes)
124 * CTS and ACK frames shall be transmitted using the highest rate in
125 * basic rate set that is less than or equal to the rate of the
126 * immediately previous frame and that is using the same modulation
127 * (CCK or OFDM). If no basic rate set matches with these requirements,
128 * the highest mandatory rate of the PHY that is less than or equal to
129 * the rate of the previous frame is used.
130 * Mandatory rates for IEEE 802.11g PHY: 1, 2, 5.5, 11, 6, 12, 24 Mbps
133 /* use lowest available if everything fails */
134 mrate = sband->bitrates[0].bitrate;
135 for (i = 0; i < sband->n_bitrates; i++) {
136 struct ieee80211_rate *r = &sband->bitrates[i];
138 if (r->bitrate > txrate->bitrate)
141 if ((rate_flags & r->flags) != rate_flags)
144 if (tx->sdata->vif.bss_conf.basic_rates & BIT(i))
145 rate = DIV_ROUND_UP(r->bitrate, 1 << shift);
147 switch (sband->band) {
148 case NL80211_BAND_2GHZ:
149 case NL80211_BAND_LC: {
151 if (tx->sdata->deflink.operating_11g_mode)
152 flag = IEEE80211_RATE_MANDATORY_G;
154 flag = IEEE80211_RATE_MANDATORY_B;
159 case NL80211_BAND_5GHZ:
160 case NL80211_BAND_6GHZ:
161 if (r->flags & IEEE80211_RATE_MANDATORY_A)
164 case NL80211_BAND_S1GHZ:
165 case NL80211_BAND_60GHZ:
166 /* TODO, for now fall through */
167 case NUM_NL80211_BANDS:
173 /* No matching basic rate found; use highest suitable mandatory
175 rate = DIV_ROUND_UP(mrate, 1 << shift);
178 /* Don't calculate ACKs for QoS Frames with NoAck Policy set */
179 if (ieee80211_is_data_qos(hdr->frame_control) &&
180 *(ieee80211_get_qos_ctl(hdr)) & IEEE80211_QOS_CTL_ACK_POLICY_NOACK)
183 /* Time needed to transmit ACK
184 * (10 bytes + 4-byte FCS = 112 bits) plus SIFS; rounded up
185 * to closest integer */
186 dur = ieee80211_frame_duration(sband->band, 10, rate, erp,
187 tx->sdata->vif.bss_conf.use_short_preamble,
191 /* Frame is fragmented: duration increases with time needed to
192 * transmit next fragment plus ACK and 2 x SIFS. */
193 dur *= 2; /* ACK + SIFS */
195 dur += ieee80211_frame_duration(sband->band, next_frag_len,
196 txrate->bitrate, erp,
197 tx->sdata->vif.bss_conf.use_short_preamble,
201 return cpu_to_le16(dur);
205 static ieee80211_tx_result debug_noinline
206 ieee80211_tx_h_dynamic_ps(struct ieee80211_tx_data *tx)
208 struct ieee80211_local *local = tx->local;
209 struct ieee80211_if_managed *ifmgd;
210 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
212 /* driver doesn't support power save */
213 if (!ieee80211_hw_check(&local->hw, SUPPORTS_PS))
216 /* hardware does dynamic power save */
217 if (ieee80211_hw_check(&local->hw, SUPPORTS_DYNAMIC_PS))
220 /* dynamic power save disabled */
221 if (local->hw.conf.dynamic_ps_timeout <= 0)
224 /* we are scanning, don't enable power save */
228 if (!local->ps_sdata)
231 /* No point if we're going to suspend */
232 if (local->quiescing)
235 /* dynamic ps is supported only in managed mode */
236 if (tx->sdata->vif.type != NL80211_IFTYPE_STATION)
239 if (unlikely(info->flags & IEEE80211_TX_INTFL_OFFCHAN_TX_OK))
242 ifmgd = &tx->sdata->u.mgd;
245 * Don't wakeup from power save if u-apsd is enabled, voip ac has
246 * u-apsd enabled and the frame is in voip class. This effectively
247 * means that even if all access categories have u-apsd enabled, in
248 * practise u-apsd is only used with the voip ac. This is a
249 * workaround for the case when received voip class packets do not
250 * have correct qos tag for some reason, due the network or the
253 * Note: ifmgd->uapsd_queues access is racy here. If the value is
254 * changed via debugfs, user needs to reassociate manually to have
255 * everything in sync.
257 if ((ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED) &&
258 (ifmgd->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO) &&
259 skb_get_queue_mapping(tx->skb) == IEEE80211_AC_VO)
262 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
263 ieee80211_stop_queues_by_reason(&local->hw,
264 IEEE80211_MAX_QUEUE_MAP,
265 IEEE80211_QUEUE_STOP_REASON_PS,
267 ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED;
268 ieee80211_queue_work(&local->hw,
269 &local->dynamic_ps_disable_work);
272 /* Don't restart the timer if we're not disassociated */
273 if (!ifmgd->associated)
276 mod_timer(&local->dynamic_ps_timer, jiffies +
277 msecs_to_jiffies(local->hw.conf.dynamic_ps_timeout));
282 static ieee80211_tx_result debug_noinline
283 ieee80211_tx_h_check_assoc(struct ieee80211_tx_data *tx)
286 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
287 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
290 if (unlikely(info->flags & IEEE80211_TX_CTL_INJECTED))
293 if (unlikely(test_bit(SCAN_SW_SCANNING, &tx->local->scanning)) &&
294 test_bit(SDATA_STATE_OFFCHANNEL, &tx->sdata->state) &&
295 !ieee80211_is_probe_req(hdr->frame_control) &&
296 !ieee80211_is_any_nullfunc(hdr->frame_control))
298 * When software scanning only nullfunc frames (to notify
299 * the sleep state to the AP) and probe requests (for the
300 * active scan) are allowed, all other frames should not be
301 * sent and we should not get here, but if we do
302 * nonetheless, drop them to avoid sending them
303 * off-channel. See the link below and
304 * ieee80211_start_scan() for more.
306 * http://article.gmane.org/gmane.linux.kernel.wireless.general/30089
310 if (tx->sdata->vif.type == NL80211_IFTYPE_OCB)
313 if (tx->flags & IEEE80211_TX_PS_BUFFERED)
317 assoc = test_sta_flag(tx->sta, WLAN_STA_ASSOC);
319 if (likely(tx->flags & IEEE80211_TX_UNICAST)) {
320 if (unlikely(!assoc &&
321 ieee80211_is_data(hdr->frame_control))) {
322 #ifdef CONFIG_MAC80211_VERBOSE_DEBUG
323 sdata_info(tx->sdata,
324 "dropped data frame to not associated station %pM\n",
327 I802_DEBUG_INC(tx->local->tx_handlers_drop_not_assoc);
330 } else if (unlikely(ieee80211_is_data(hdr->frame_control) &&
331 ieee80211_vif_get_num_mcast_if(tx->sdata) == 0)) {
333 * No associated STAs - no need to send multicast
342 /* This function is called whenever the AP is about to exceed the maximum limit
343 * of buffered frames for power saving STAs. This situation should not really
344 * happen often during normal operation, so dropping the oldest buffered packet
345 * from each queue should be OK to make some room for new frames. */
346 static void purge_old_ps_buffers(struct ieee80211_local *local)
348 int total = 0, purged = 0;
350 struct ieee80211_sub_if_data *sdata;
351 struct sta_info *sta;
353 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
356 if (sdata->vif.type == NL80211_IFTYPE_AP)
357 ps = &sdata->u.ap.ps;
358 else if (ieee80211_vif_is_mesh(&sdata->vif))
359 ps = &sdata->u.mesh.ps;
363 skb = skb_dequeue(&ps->bc_buf);
366 ieee80211_free_txskb(&local->hw, skb);
368 total += skb_queue_len(&ps->bc_buf);
372 * Drop one frame from each station from the lowest-priority
373 * AC that has frames at all.
375 list_for_each_entry_rcu(sta, &local->sta_list, list) {
378 for (ac = IEEE80211_AC_BK; ac >= IEEE80211_AC_VO; ac--) {
379 skb = skb_dequeue(&sta->ps_tx_buf[ac]);
380 total += skb_queue_len(&sta->ps_tx_buf[ac]);
383 ieee80211_free_txskb(&local->hw, skb);
389 local->total_ps_buffered = total;
390 ps_dbg_hw(&local->hw, "PS buffers full - purged %d frames\n", purged);
393 static ieee80211_tx_result
394 ieee80211_tx_h_multicast_ps_buf(struct ieee80211_tx_data *tx)
396 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
397 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
401 * broadcast/multicast frame
403 * If any of the associated/peer stations is in power save mode,
404 * the frame is buffered to be sent after DTIM beacon frame.
405 * This is done either by the hardware or us.
408 /* powersaving STAs currently only in AP/VLAN/mesh mode */
409 if (tx->sdata->vif.type == NL80211_IFTYPE_AP ||
410 tx->sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
414 ps = &tx->sdata->bss->ps;
415 } else if (ieee80211_vif_is_mesh(&tx->sdata->vif)) {
416 ps = &tx->sdata->u.mesh.ps;
422 /* no buffering for ordered frames */
423 if (ieee80211_has_order(hdr->frame_control))
426 if (ieee80211_is_probe_req(hdr->frame_control))
429 if (ieee80211_hw_check(&tx->local->hw, QUEUE_CONTROL))
430 info->hw_queue = tx->sdata->vif.cab_queue;
432 /* no stations in PS mode and no buffered packets */
433 if (!atomic_read(&ps->num_sta_ps) && skb_queue_empty(&ps->bc_buf))
436 info->flags |= IEEE80211_TX_CTL_SEND_AFTER_DTIM;
438 /* device releases frame after DTIM beacon */
439 if (!ieee80211_hw_check(&tx->local->hw, HOST_BROADCAST_PS_BUFFERING))
442 /* buffered in mac80211 */
443 if (tx->local->total_ps_buffered >= TOTAL_MAX_TX_BUFFER)
444 purge_old_ps_buffers(tx->local);
446 if (skb_queue_len(&ps->bc_buf) >= AP_MAX_BC_BUFFER) {
448 "BC TX buffer full - dropping the oldest frame\n");
449 ieee80211_free_txskb(&tx->local->hw, skb_dequeue(&ps->bc_buf));
451 tx->local->total_ps_buffered++;
453 skb_queue_tail(&ps->bc_buf, tx->skb);
458 static int ieee80211_use_mfp(__le16 fc, struct sta_info *sta,
461 if (!ieee80211_is_mgmt(fc))
464 if (sta == NULL || !test_sta_flag(sta, WLAN_STA_MFP))
467 if (!ieee80211_is_robust_mgmt_frame(skb))
473 static ieee80211_tx_result
474 ieee80211_tx_h_unicast_ps_buf(struct ieee80211_tx_data *tx)
476 struct sta_info *sta = tx->sta;
477 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
478 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
479 struct ieee80211_local *local = tx->local;
484 if (unlikely((test_sta_flag(sta, WLAN_STA_PS_STA) ||
485 test_sta_flag(sta, WLAN_STA_PS_DRIVER) ||
486 test_sta_flag(sta, WLAN_STA_PS_DELIVER)) &&
487 !(info->flags & IEEE80211_TX_CTL_NO_PS_BUFFER))) {
488 int ac = skb_get_queue_mapping(tx->skb);
490 if (ieee80211_is_mgmt(hdr->frame_control) &&
491 !ieee80211_is_bufferable_mmpdu(hdr->frame_control)) {
492 info->flags |= IEEE80211_TX_CTL_NO_PS_BUFFER;
496 ps_dbg(sta->sdata, "STA %pM aid %d: PS buffer for AC %d\n",
497 sta->sta.addr, sta->sta.aid, ac);
498 if (tx->local->total_ps_buffered >= TOTAL_MAX_TX_BUFFER)
499 purge_old_ps_buffers(tx->local);
501 /* sync with ieee80211_sta_ps_deliver_wakeup */
502 spin_lock(&sta->ps_lock);
504 * STA woke up the meantime and all the frames on ps_tx_buf have
505 * been queued to pending queue. No reordering can happen, go
506 * ahead and Tx the packet.
508 if (!test_sta_flag(sta, WLAN_STA_PS_STA) &&
509 !test_sta_flag(sta, WLAN_STA_PS_DRIVER) &&
510 !test_sta_flag(sta, WLAN_STA_PS_DELIVER)) {
511 spin_unlock(&sta->ps_lock);
515 if (skb_queue_len(&sta->ps_tx_buf[ac]) >= STA_MAX_TX_BUFFER) {
516 struct sk_buff *old = skb_dequeue(&sta->ps_tx_buf[ac]);
518 "STA %pM TX buffer for AC %d full - dropping oldest frame\n",
520 ieee80211_free_txskb(&local->hw, old);
522 tx->local->total_ps_buffered++;
524 info->control.jiffies = jiffies;
525 info->control.vif = &tx->sdata->vif;
526 info->control.flags |= IEEE80211_TX_INTCFL_NEED_TXPROCESSING;
527 info->flags &= ~IEEE80211_TX_TEMPORARY_FLAGS;
528 skb_queue_tail(&sta->ps_tx_buf[ac], tx->skb);
529 spin_unlock(&sta->ps_lock);
531 if (!timer_pending(&local->sta_cleanup))
532 mod_timer(&local->sta_cleanup,
533 round_jiffies(jiffies +
534 STA_INFO_CLEANUP_INTERVAL));
537 * We queued up some frames, so the TIM bit might
538 * need to be set, recalculate it.
540 sta_info_recalc_tim(sta);
543 } else if (unlikely(test_sta_flag(sta, WLAN_STA_PS_STA))) {
545 "STA %pM in PS mode, but polling/in SP -> send frame\n",
552 static ieee80211_tx_result debug_noinline
553 ieee80211_tx_h_ps_buf(struct ieee80211_tx_data *tx)
555 if (unlikely(tx->flags & IEEE80211_TX_PS_BUFFERED))
558 if (tx->flags & IEEE80211_TX_UNICAST)
559 return ieee80211_tx_h_unicast_ps_buf(tx);
561 return ieee80211_tx_h_multicast_ps_buf(tx);
564 static ieee80211_tx_result debug_noinline
565 ieee80211_tx_h_check_control_port_protocol(struct ieee80211_tx_data *tx)
567 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
569 if (unlikely(tx->sdata->control_port_protocol == tx->skb->protocol)) {
570 if (tx->sdata->control_port_no_encrypt)
571 info->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
572 info->control.flags |= IEEE80211_TX_CTRL_PORT_CTRL_PROTO;
573 info->flags |= IEEE80211_TX_CTL_USE_MINRATE;
579 static ieee80211_tx_result debug_noinline
580 ieee80211_tx_h_select_key(struct ieee80211_tx_data *tx)
582 struct ieee80211_key *key;
583 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
584 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
586 if (unlikely(info->flags & IEEE80211_TX_INTFL_DONT_ENCRYPT)) {
592 (key = rcu_dereference(tx->sta->ptk[tx->sta->ptk_idx])))
594 else if (ieee80211_is_group_privacy_action(tx->skb) &&
595 (key = rcu_dereference(tx->sdata->deflink.default_multicast_key)))
597 else if (ieee80211_is_mgmt(hdr->frame_control) &&
598 is_multicast_ether_addr(hdr->addr1) &&
599 ieee80211_is_robust_mgmt_frame(tx->skb) &&
600 (key = rcu_dereference(tx->sdata->deflink.default_mgmt_key)))
602 else if (is_multicast_ether_addr(hdr->addr1) &&
603 (key = rcu_dereference(tx->sdata->deflink.default_multicast_key)))
605 else if (!is_multicast_ether_addr(hdr->addr1) &&
606 (key = rcu_dereference(tx->sdata->default_unicast_key)))
612 bool skip_hw = false;
614 /* TODO: add threshold stuff again */
616 switch (tx->key->conf.cipher) {
617 case WLAN_CIPHER_SUITE_WEP40:
618 case WLAN_CIPHER_SUITE_WEP104:
619 case WLAN_CIPHER_SUITE_TKIP:
620 if (!ieee80211_is_data_present(hdr->frame_control))
623 case WLAN_CIPHER_SUITE_CCMP:
624 case WLAN_CIPHER_SUITE_CCMP_256:
625 case WLAN_CIPHER_SUITE_GCMP:
626 case WLAN_CIPHER_SUITE_GCMP_256:
627 if (!ieee80211_is_data_present(hdr->frame_control) &&
628 !ieee80211_use_mfp(hdr->frame_control, tx->sta,
630 !ieee80211_is_group_privacy_action(tx->skb))
633 skip_hw = (tx->key->conf.flags &
634 IEEE80211_KEY_FLAG_SW_MGMT_TX) &&
635 ieee80211_is_mgmt(hdr->frame_control);
637 case WLAN_CIPHER_SUITE_AES_CMAC:
638 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
639 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
640 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
641 if (!ieee80211_is_mgmt(hdr->frame_control))
646 if (unlikely(tx->key && tx->key->flags & KEY_FLAG_TAINTED &&
647 !ieee80211_is_deauth(hdr->frame_control)))
650 if (!skip_hw && tx->key &&
651 tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE)
652 info->control.hw_key = &tx->key->conf;
653 } else if (ieee80211_is_data_present(hdr->frame_control) && tx->sta &&
654 test_sta_flag(tx->sta, WLAN_STA_USES_ENCRYPTION)) {
661 static ieee80211_tx_result debug_noinline
662 ieee80211_tx_h_rate_ctrl(struct ieee80211_tx_data *tx)
664 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
665 struct ieee80211_hdr *hdr = (void *)tx->skb->data;
666 struct ieee80211_supported_band *sband;
668 struct ieee80211_tx_rate_control txrc;
669 struct ieee80211_sta_rates *ratetbl = NULL;
670 bool encap = info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP;
673 memset(&txrc, 0, sizeof(txrc));
675 sband = tx->local->hw.wiphy->bands[info->band];
677 len = min_t(u32, tx->skb->len + FCS_LEN,
678 tx->local->hw.wiphy->frag_threshold);
680 /* set up the tx rate control struct we give the RC algo */
681 txrc.hw = &tx->local->hw;
683 txrc.bss_conf = &tx->sdata->vif.bss_conf;
685 txrc.reported_rate.idx = -1;
686 txrc.rate_idx_mask = tx->sdata->rc_rateidx_mask[info->band];
688 if (tx->sdata->rc_has_mcs_mask[info->band])
689 txrc.rate_idx_mcs_mask =
690 tx->sdata->rc_rateidx_mcs_mask[info->band];
692 txrc.bss = (tx->sdata->vif.type == NL80211_IFTYPE_AP ||
693 tx->sdata->vif.type == NL80211_IFTYPE_MESH_POINT ||
694 tx->sdata->vif.type == NL80211_IFTYPE_ADHOC ||
695 tx->sdata->vif.type == NL80211_IFTYPE_OCB);
697 /* set up RTS protection if desired */
698 if (len > tx->local->hw.wiphy->rts_threshold) {
702 info->control.use_rts = txrc.rts;
703 info->control.use_cts_prot = tx->sdata->vif.bss_conf.use_cts_prot;
706 * Use short preamble if the BSS can handle it, but not for
707 * management frames unless we know the receiver can handle
708 * that -- the management frame might be to a station that
709 * just wants a probe response.
711 if (tx->sdata->vif.bss_conf.use_short_preamble &&
712 (ieee80211_is_tx_data(tx->skb) ||
713 (tx->sta && test_sta_flag(tx->sta, WLAN_STA_SHORT_PREAMBLE))))
714 txrc.short_preamble = true;
716 info->control.short_preamble = txrc.short_preamble;
718 /* don't ask rate control when rate already injected via radiotap */
719 if (info->control.flags & IEEE80211_TX_CTRL_RATE_INJECT)
723 assoc = test_sta_flag(tx->sta, WLAN_STA_ASSOC);
726 * Lets not bother rate control if we're associated and cannot
727 * talk to the sta. This should not happen.
729 if (WARN(test_bit(SCAN_SW_SCANNING, &tx->local->scanning) && assoc &&
730 !rate_usable_index_exists(sband, &tx->sta->sta),
731 "%s: Dropped data frame as no usable bitrate found while "
732 "scanning and associated. Target station: "
733 "%pM on %d GHz band\n",
735 encap ? ((struct ethhdr *)hdr)->h_dest : hdr->addr1,
740 * If we're associated with the sta at this point we know we can at
741 * least send the frame at the lowest bit rate.
743 rate_control_get_rate(tx->sdata, tx->sta, &txrc);
745 if (tx->sta && !info->control.skip_table)
746 ratetbl = rcu_dereference(tx->sta->sta.rates);
748 if (unlikely(info->control.rates[0].idx < 0)) {
750 struct ieee80211_tx_rate rate = {
751 .idx = ratetbl->rate[0].idx,
752 .flags = ratetbl->rate[0].flags,
753 .count = ratetbl->rate[0].count
756 if (ratetbl->rate[0].idx < 0)
764 tx->rate = info->control.rates[0];
767 if (txrc.reported_rate.idx < 0) {
768 txrc.reported_rate = tx->rate;
769 if (tx->sta && ieee80211_is_tx_data(tx->skb))
770 tx->sta->deflink.tx_stats.last_rate = txrc.reported_rate;
772 tx->sta->deflink.tx_stats.last_rate = txrc.reported_rate;
777 if (unlikely(!info->control.rates[0].count))
778 info->control.rates[0].count = 1;
780 if (WARN_ON_ONCE((info->control.rates[0].count > 1) &&
781 (info->flags & IEEE80211_TX_CTL_NO_ACK)))
782 info->control.rates[0].count = 1;
787 static __le16 ieee80211_tx_next_seq(struct sta_info *sta, int tid)
789 u16 *seq = &sta->tid_seq[tid];
790 __le16 ret = cpu_to_le16(*seq);
792 /* Increase the sequence number. */
793 *seq = (*seq + 0x10) & IEEE80211_SCTL_SEQ;
798 static ieee80211_tx_result debug_noinline
799 ieee80211_tx_h_sequence(struct ieee80211_tx_data *tx)
801 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
802 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
806 * Packet injection may want to control the sequence
807 * number, if we have no matching interface then we
808 * neither assign one ourselves nor ask the driver to.
810 if (unlikely(info->control.vif->type == NL80211_IFTYPE_MONITOR))
813 if (unlikely(ieee80211_is_ctl(hdr->frame_control)))
816 if (ieee80211_hdrlen(hdr->frame_control) < 24)
819 if (ieee80211_is_qos_nullfunc(hdr->frame_control))
822 if (info->control.flags & IEEE80211_TX_CTRL_NO_SEQNO)
825 /* SNS11 from 802.11be 10.3.2.14 */
826 if (unlikely(is_multicast_ether_addr(hdr->addr1) &&
827 info->control.vif->valid_links &&
828 info->control.vif->type == NL80211_IFTYPE_AP)) {
829 if (info->control.flags & IEEE80211_TX_CTRL_MCAST_MLO_FIRST_TX)
830 tx->sdata->mld_mcast_seq += 0x10;
831 hdr->seq_ctrl = cpu_to_le16(tx->sdata->mld_mcast_seq);
836 * Anything but QoS data that has a sequence number field
837 * (is long enough) gets a sequence number from the global
838 * counter. QoS data frames with a multicast destination
839 * also use the global counter (802.11-2012 9.3.2.10).
841 if (!ieee80211_is_data_qos(hdr->frame_control) ||
842 is_multicast_ether_addr(hdr->addr1)) {
843 /* driver should assign sequence number */
844 info->flags |= IEEE80211_TX_CTL_ASSIGN_SEQ;
845 /* for pure STA mode without beacons, we can do it */
846 hdr->seq_ctrl = cpu_to_le16(tx->sdata->sequence_number);
847 tx->sdata->sequence_number += 0x10;
849 tx->sta->deflink.tx_stats.msdu[IEEE80211_NUM_TIDS]++;
854 * This should be true for injected/management frames only, for
855 * management frames we have set the IEEE80211_TX_CTL_ASSIGN_SEQ
856 * above since they are not QoS-data frames.
861 /* include per-STA, per-TID sequence counter */
862 tid = ieee80211_get_tid(hdr);
863 tx->sta->deflink.tx_stats.msdu[tid]++;
865 hdr->seq_ctrl = ieee80211_tx_next_seq(tx->sta, tid);
870 static int ieee80211_fragment(struct ieee80211_tx_data *tx,
871 struct sk_buff *skb, int hdrlen,
874 struct ieee80211_local *local = tx->local;
875 struct ieee80211_tx_info *info;
877 int per_fragm = frag_threshold - hdrlen - FCS_LEN;
878 int pos = hdrlen + per_fragm;
879 int rem = skb->len - hdrlen - per_fragm;
881 if (WARN_ON(rem < 0))
884 /* first fragment was already added to queue by caller */
887 int fraglen = per_fragm;
892 tmp = dev_alloc_skb(local->tx_headroom +
894 IEEE80211_ENCRYPT_HEADROOM +
895 IEEE80211_ENCRYPT_TAILROOM);
899 __skb_queue_tail(&tx->skbs, tmp);
902 local->tx_headroom + IEEE80211_ENCRYPT_HEADROOM);
904 /* copy control information */
905 memcpy(tmp->cb, skb->cb, sizeof(tmp->cb));
907 info = IEEE80211_SKB_CB(tmp);
908 info->flags &= ~(IEEE80211_TX_CTL_CLEAR_PS_FILT |
909 IEEE80211_TX_CTL_FIRST_FRAGMENT);
912 info->flags |= IEEE80211_TX_CTL_MORE_FRAMES;
914 skb_copy_queue_mapping(tmp, skb);
915 tmp->priority = skb->priority;
918 /* copy header and data */
919 skb_put_data(tmp, skb->data, hdrlen);
920 skb_put_data(tmp, skb->data + pos, fraglen);
925 /* adjust first fragment's length */
926 skb_trim(skb, hdrlen + per_fragm);
930 static ieee80211_tx_result debug_noinline
931 ieee80211_tx_h_fragment(struct ieee80211_tx_data *tx)
933 struct sk_buff *skb = tx->skb;
934 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
935 struct ieee80211_hdr *hdr = (void *)skb->data;
936 int frag_threshold = tx->local->hw.wiphy->frag_threshold;
940 /* no matter what happens, tx->skb moves to tx->skbs */
941 __skb_queue_tail(&tx->skbs, skb);
944 if (info->flags & IEEE80211_TX_CTL_DONTFRAG)
947 if (ieee80211_hw_check(&tx->local->hw, SUPPORTS_TX_FRAG))
951 * Warn when submitting a fragmented A-MPDU frame and drop it.
952 * This scenario is handled in ieee80211_tx_prepare but extra
953 * caution taken here as fragmented ampdu may cause Tx stop.
955 if (WARN_ON(info->flags & IEEE80211_TX_CTL_AMPDU))
958 hdrlen = ieee80211_hdrlen(hdr->frame_control);
960 /* internal error, why isn't DONTFRAG set? */
961 if (WARN_ON(skb->len + FCS_LEN <= frag_threshold))
965 * Now fragment the frame. This will allocate all the fragments and
966 * chain them (using skb as the first fragment) to skb->next.
967 * During transmission, we will remove the successfully transmitted
968 * fragments from this list. When the low-level driver rejects one
969 * of the fragments then we will simply pretend to accept the skb
970 * but store it away as pending.
972 if (ieee80211_fragment(tx, skb, hdrlen, frag_threshold))
975 /* update duration/seq/flags of fragments */
978 skb_queue_walk(&tx->skbs, skb) {
979 const __le16 morefrags = cpu_to_le16(IEEE80211_FCTL_MOREFRAGS);
981 hdr = (void *)skb->data;
982 info = IEEE80211_SKB_CB(skb);
984 if (!skb_queue_is_last(&tx->skbs, skb)) {
985 hdr->frame_control |= morefrags;
987 * No multi-rate retries for fragmented frames, that
988 * would completely throw off the NAV at other STAs.
990 info->control.rates[1].idx = -1;
991 info->control.rates[2].idx = -1;
992 info->control.rates[3].idx = -1;
993 BUILD_BUG_ON(IEEE80211_TX_MAX_RATES != 4);
994 info->flags &= ~IEEE80211_TX_CTL_RATE_CTRL_PROBE;
996 hdr->frame_control &= ~morefrags;
998 hdr->seq_ctrl |= cpu_to_le16(fragnum & IEEE80211_SCTL_FRAG);
1005 static ieee80211_tx_result debug_noinline
1006 ieee80211_tx_h_stats(struct ieee80211_tx_data *tx)
1008 struct sk_buff *skb;
1014 skb_queue_walk(&tx->skbs, skb) {
1015 ac = skb_get_queue_mapping(skb);
1016 tx->sta->deflink.tx_stats.bytes[ac] += skb->len;
1019 tx->sta->deflink.tx_stats.packets[ac]++;
1024 static ieee80211_tx_result debug_noinline
1025 ieee80211_tx_h_encrypt(struct ieee80211_tx_data *tx)
1030 switch (tx->key->conf.cipher) {
1031 case WLAN_CIPHER_SUITE_WEP40:
1032 case WLAN_CIPHER_SUITE_WEP104:
1033 return ieee80211_crypto_wep_encrypt(tx);
1034 case WLAN_CIPHER_SUITE_TKIP:
1035 return ieee80211_crypto_tkip_encrypt(tx);
1036 case WLAN_CIPHER_SUITE_CCMP:
1037 return ieee80211_crypto_ccmp_encrypt(
1038 tx, IEEE80211_CCMP_MIC_LEN);
1039 case WLAN_CIPHER_SUITE_CCMP_256:
1040 return ieee80211_crypto_ccmp_encrypt(
1041 tx, IEEE80211_CCMP_256_MIC_LEN);
1042 case WLAN_CIPHER_SUITE_AES_CMAC:
1043 return ieee80211_crypto_aes_cmac_encrypt(tx);
1044 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
1045 return ieee80211_crypto_aes_cmac_256_encrypt(tx);
1046 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
1047 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
1048 return ieee80211_crypto_aes_gmac_encrypt(tx);
1049 case WLAN_CIPHER_SUITE_GCMP:
1050 case WLAN_CIPHER_SUITE_GCMP_256:
1051 return ieee80211_crypto_gcmp_encrypt(tx);
1057 static ieee80211_tx_result debug_noinline
1058 ieee80211_tx_h_calculate_duration(struct ieee80211_tx_data *tx)
1060 struct sk_buff *skb;
1061 struct ieee80211_hdr *hdr;
1065 skb_queue_walk(&tx->skbs, skb) {
1066 hdr = (void *) skb->data;
1067 if (unlikely(ieee80211_is_pspoll(hdr->frame_control)))
1068 break; /* must not overwrite AID */
1069 if (!skb_queue_is_last(&tx->skbs, skb)) {
1070 struct sk_buff *next = skb_queue_next(&tx->skbs, skb);
1071 next_len = next->len;
1074 group_addr = is_multicast_ether_addr(hdr->addr1);
1077 ieee80211_duration(tx, skb, group_addr, next_len);
1083 /* actual transmit path */
1085 static bool ieee80211_tx_prep_agg(struct ieee80211_tx_data *tx,
1086 struct sk_buff *skb,
1087 struct ieee80211_tx_info *info,
1088 struct tid_ampdu_tx *tid_tx,
1091 bool queued = false;
1092 bool reset_agg_timer = false;
1093 struct sk_buff *purge_skb = NULL;
1095 if (test_bit(HT_AGG_STATE_OPERATIONAL, &tid_tx->state)) {
1096 info->flags |= IEEE80211_TX_CTL_AMPDU;
1097 reset_agg_timer = true;
1098 } else if (test_bit(HT_AGG_STATE_WANT_START, &tid_tx->state)) {
1100 * nothing -- this aggregation session is being started
1101 * but that might still fail with the driver
1103 } else if (!tx->sta->sta.txq[tid]) {
1104 spin_lock(&tx->sta->lock);
1106 * Need to re-check now, because we may get here
1108 * 1) in the window during which the setup is actually
1109 * already done, but not marked yet because not all
1110 * packets are spliced over to the driver pending
1111 * queue yet -- if this happened we acquire the lock
1112 * either before or after the splice happens, but
1113 * need to recheck which of these cases happened.
1115 * 2) during session teardown, if the OPERATIONAL bit
1116 * was cleared due to the teardown but the pointer
1117 * hasn't been assigned NULL yet (or we loaded it
1118 * before it was assigned) -- in this case it may
1119 * now be NULL which means we should just let the
1120 * packet pass through because splicing the frames
1121 * back is already done.
1123 tid_tx = rcu_dereference_protected_tid_tx(tx->sta, tid);
1126 /* do nothing, let packet pass through */
1127 } else if (test_bit(HT_AGG_STATE_OPERATIONAL, &tid_tx->state)) {
1128 info->flags |= IEEE80211_TX_CTL_AMPDU;
1129 reset_agg_timer = true;
1132 if (info->flags & IEEE80211_TX_CTL_NO_PS_BUFFER) {
1133 clear_sta_flag(tx->sta, WLAN_STA_SP);
1134 ps_dbg(tx->sta->sdata,
1135 "STA %pM aid %d: SP frame queued, close the SP w/o telling the peer\n",
1136 tx->sta->sta.addr, tx->sta->sta.aid);
1138 info->control.vif = &tx->sdata->vif;
1139 info->control.flags |= IEEE80211_TX_INTCFL_NEED_TXPROCESSING;
1140 info->flags &= ~IEEE80211_TX_TEMPORARY_FLAGS;
1141 __skb_queue_tail(&tid_tx->pending, skb);
1142 if (skb_queue_len(&tid_tx->pending) > STA_MAX_TX_BUFFER)
1143 purge_skb = __skb_dequeue(&tid_tx->pending);
1145 spin_unlock(&tx->sta->lock);
1148 ieee80211_free_txskb(&tx->local->hw, purge_skb);
1151 /* reset session timer */
1152 if (reset_agg_timer)
1153 tid_tx->last_tx = jiffies;
1159 ieee80211_aggr_check(struct ieee80211_sub_if_data *sdata,
1160 struct sta_info *sta,
1161 struct sk_buff *skb)
1163 struct rate_control_ref *ref = sdata->local->rate_ctrl;
1166 if (!ref || !(ref->ops->capa & RATE_CTRL_CAPA_AMPDU_TRIGGER))
1169 if (!sta || !sta->sta.deflink.ht_cap.ht_supported ||
1170 !sta->sta.wme || skb_get_queue_mapping(skb) == IEEE80211_AC_VO ||
1171 skb->protocol == sdata->control_port_protocol)
1174 tid = skb->priority & IEEE80211_QOS_CTL_TID_MASK;
1175 if (likely(sta->ampdu_mlme.tid_tx[tid]))
1178 ieee80211_start_tx_ba_session(&sta->sta, tid, 0);
1183 * pass %NULL for the station if unknown, a valid pointer if known
1184 * or an ERR_PTR() if the station is known not to exist
1186 static ieee80211_tx_result
1187 ieee80211_tx_prepare(struct ieee80211_sub_if_data *sdata,
1188 struct ieee80211_tx_data *tx,
1189 struct sta_info *sta, struct sk_buff *skb)
1191 struct ieee80211_local *local = sdata->local;
1192 struct ieee80211_hdr *hdr;
1193 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1194 bool aggr_check = false;
1197 memset(tx, 0, sizeof(*tx));
1201 __skb_queue_head_init(&tx->skbs);
1204 * If this flag is set to true anywhere, and we get here,
1205 * we are doing the needed processing, so remove the flag
1208 info->control.flags &= ~IEEE80211_TX_INTCFL_NEED_TXPROCESSING;
1210 hdr = (struct ieee80211_hdr *) skb->data;
1216 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
1217 tx->sta = rcu_dereference(sdata->u.vlan.sta);
1218 if (!tx->sta && sdata->wdev.use_4addr)
1220 } else if (tx->sdata->control_port_protocol == tx->skb->protocol) {
1221 tx->sta = sta_info_get_bss(sdata, hdr->addr1);
1223 if (!tx->sta && !is_multicast_ether_addr(hdr->addr1)) {
1224 tx->sta = sta_info_get(sdata, hdr->addr1);
1229 if (tx->sta && ieee80211_is_data_qos(hdr->frame_control) &&
1230 !ieee80211_is_qos_nullfunc(hdr->frame_control) &&
1231 ieee80211_hw_check(&local->hw, AMPDU_AGGREGATION) &&
1232 !ieee80211_hw_check(&local->hw, TX_AMPDU_SETUP_IN_HW)) {
1233 struct tid_ampdu_tx *tid_tx;
1235 tid = ieee80211_get_tid(hdr);
1236 tid_tx = rcu_dereference(tx->sta->ampdu_mlme.tid_tx[tid]);
1237 if (!tid_tx && aggr_check) {
1238 ieee80211_aggr_check(sdata, tx->sta, skb);
1239 tid_tx = rcu_dereference(tx->sta->ampdu_mlme.tid_tx[tid]);
1245 queued = ieee80211_tx_prep_agg(tx, skb, info,
1248 if (unlikely(queued))
1253 if (is_multicast_ether_addr(hdr->addr1)) {
1254 tx->flags &= ~IEEE80211_TX_UNICAST;
1255 info->flags |= IEEE80211_TX_CTL_NO_ACK;
1257 tx->flags |= IEEE80211_TX_UNICAST;
1259 if (!(info->flags & IEEE80211_TX_CTL_DONTFRAG)) {
1260 if (!(tx->flags & IEEE80211_TX_UNICAST) ||
1261 skb->len + FCS_LEN <= local->hw.wiphy->frag_threshold ||
1262 info->flags & IEEE80211_TX_CTL_AMPDU)
1263 info->flags |= IEEE80211_TX_CTL_DONTFRAG;
1267 info->flags |= IEEE80211_TX_CTL_CLEAR_PS_FILT;
1268 else if (test_and_clear_sta_flag(tx->sta, WLAN_STA_CLEAR_PS_FILT)) {
1269 info->flags |= IEEE80211_TX_CTL_CLEAR_PS_FILT;
1270 ieee80211_check_fast_xmit(tx->sta);
1273 info->flags |= IEEE80211_TX_CTL_FIRST_FRAGMENT;
1278 static struct txq_info *ieee80211_get_txq(struct ieee80211_local *local,
1279 struct ieee80211_vif *vif,
1280 struct sta_info *sta,
1281 struct sk_buff *skb)
1283 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
1284 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1285 struct ieee80211_txq *txq = NULL;
1287 if ((info->flags & IEEE80211_TX_CTL_SEND_AFTER_DTIM) ||
1288 (info->control.flags & IEEE80211_TX_CTRL_PS_RESPONSE))
1291 if (!(info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP) &&
1292 unlikely(!ieee80211_is_data_present(hdr->frame_control))) {
1293 if ((!ieee80211_is_mgmt(hdr->frame_control) ||
1294 ieee80211_is_bufferable_mmpdu(hdr->frame_control) ||
1295 vif->type == NL80211_IFTYPE_STATION) &&
1296 sta && sta->uploaded) {
1298 * This will be NULL if the driver didn't set the
1299 * opt-in hardware flag.
1301 txq = sta->sta.txq[IEEE80211_NUM_TIDS];
1304 u8 tid = skb->priority & IEEE80211_QOS_CTL_TID_MASK;
1309 txq = sta->sta.txq[tid];
1317 return to_txq_info(txq);
1320 static void ieee80211_set_skb_enqueue_time(struct sk_buff *skb)
1322 IEEE80211_SKB_CB(skb)->control.enqueue_time = codel_get_time();
1325 static u32 codel_skb_len_func(const struct sk_buff *skb)
1330 static codel_time_t codel_skb_time_func(const struct sk_buff *skb)
1332 const struct ieee80211_tx_info *info;
1334 info = (const struct ieee80211_tx_info *)skb->cb;
1335 return info->control.enqueue_time;
1338 static struct sk_buff *codel_dequeue_func(struct codel_vars *cvars,
1341 struct ieee80211_local *local;
1342 struct txq_info *txqi;
1344 struct fq_flow *flow;
1347 local = vif_to_sdata(txqi->txq.vif)->local;
1350 if (cvars == &txqi->def_cvars)
1351 flow = &txqi->tin.default_flow;
1353 flow = &fq->flows[cvars - local->cvars];
1355 return fq_flow_dequeue(fq, flow);
1358 static void codel_drop_func(struct sk_buff *skb,
1361 struct ieee80211_local *local;
1362 struct ieee80211_hw *hw;
1363 struct txq_info *txqi;
1366 local = vif_to_sdata(txqi->txq.vif)->local;
1369 ieee80211_free_txskb(hw, skb);
1372 static struct sk_buff *fq_tin_dequeue_func(struct fq *fq,
1374 struct fq_flow *flow)
1376 struct ieee80211_local *local;
1377 struct txq_info *txqi;
1378 struct codel_vars *cvars;
1379 struct codel_params *cparams;
1380 struct codel_stats *cstats;
1382 local = container_of(fq, struct ieee80211_local, fq);
1383 txqi = container_of(tin, struct txq_info, tin);
1384 cstats = &txqi->cstats;
1386 if (txqi->txq.sta) {
1387 struct sta_info *sta = container_of(txqi->txq.sta,
1388 struct sta_info, sta);
1389 cparams = &sta->cparams;
1391 cparams = &local->cparams;
1394 if (flow == &tin->default_flow)
1395 cvars = &txqi->def_cvars;
1397 cvars = &local->cvars[flow - fq->flows];
1399 return codel_dequeue(txqi,
1405 codel_skb_time_func,
1407 codel_dequeue_func);
1410 static void fq_skb_free_func(struct fq *fq,
1412 struct fq_flow *flow,
1413 struct sk_buff *skb)
1415 struct ieee80211_local *local;
1417 local = container_of(fq, struct ieee80211_local, fq);
1418 ieee80211_free_txskb(&local->hw, skb);
1421 static void ieee80211_txq_enqueue(struct ieee80211_local *local,
1422 struct txq_info *txqi,
1423 struct sk_buff *skb)
1425 struct fq *fq = &local->fq;
1426 struct fq_tin *tin = &txqi->tin;
1427 u32 flow_idx = fq_flow_idx(fq, skb);
1429 ieee80211_set_skb_enqueue_time(skb);
1431 spin_lock_bh(&fq->lock);
1433 * For management frames, don't really apply codel etc.,
1434 * we don't want to apply any shaping or anything we just
1435 * want to simplify the driver API by having them on the
1438 if (unlikely(txqi->txq.tid == IEEE80211_NUM_TIDS)) {
1439 IEEE80211_SKB_CB(skb)->control.flags |=
1440 IEEE80211_TX_INTCFL_NEED_TXPROCESSING;
1441 __skb_queue_tail(&txqi->frags, skb);
1443 fq_tin_enqueue(fq, tin, flow_idx, skb,
1446 spin_unlock_bh(&fq->lock);
1449 static bool fq_vlan_filter_func(struct fq *fq, struct fq_tin *tin,
1450 struct fq_flow *flow, struct sk_buff *skb,
1453 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1455 return info->control.vif == data;
1458 void ieee80211_txq_remove_vlan(struct ieee80211_local *local,
1459 struct ieee80211_sub_if_data *sdata)
1461 struct fq *fq = &local->fq;
1462 struct txq_info *txqi;
1464 struct ieee80211_sub_if_data *ap;
1466 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_AP_VLAN))
1469 ap = container_of(sdata->bss, struct ieee80211_sub_if_data, u.ap);
1474 txqi = to_txq_info(ap->vif.txq);
1477 spin_lock_bh(&fq->lock);
1478 fq_tin_filter(fq, tin, fq_vlan_filter_func, &sdata->vif,
1480 spin_unlock_bh(&fq->lock);
1483 void ieee80211_txq_init(struct ieee80211_sub_if_data *sdata,
1484 struct sta_info *sta,
1485 struct txq_info *txqi, int tid)
1487 fq_tin_init(&txqi->tin);
1488 codel_vars_init(&txqi->def_cvars);
1489 codel_stats_init(&txqi->cstats);
1490 __skb_queue_head_init(&txqi->frags);
1491 INIT_LIST_HEAD(&txqi->schedule_order);
1493 txqi->txq.vif = &sdata->vif;
1496 sdata->vif.txq = &txqi->txq;
1498 txqi->txq.ac = IEEE80211_AC_BE;
1503 if (tid == IEEE80211_NUM_TIDS) {
1504 if (sdata->vif.type == NL80211_IFTYPE_STATION) {
1505 /* Drivers need to opt in to the management MPDU TXQ */
1506 if (!ieee80211_hw_check(&sdata->local->hw,
1509 } else if (!ieee80211_hw_check(&sdata->local->hw,
1511 /* Drivers need to opt in to the bufferable MMPDU TXQ */
1514 txqi->txq.ac = IEEE80211_AC_VO;
1516 txqi->txq.ac = ieee80211_ac_from_tid(tid);
1519 txqi->txq.sta = &sta->sta;
1520 txqi->txq.tid = tid;
1521 sta->sta.txq[tid] = &txqi->txq;
1524 void ieee80211_txq_purge(struct ieee80211_local *local,
1525 struct txq_info *txqi)
1527 struct fq *fq = &local->fq;
1528 struct fq_tin *tin = &txqi->tin;
1530 spin_lock_bh(&fq->lock);
1531 fq_tin_reset(fq, tin, fq_skb_free_func);
1532 ieee80211_purge_tx_queue(&local->hw, &txqi->frags);
1533 spin_unlock_bh(&fq->lock);
1535 spin_lock_bh(&local->active_txq_lock[txqi->txq.ac]);
1536 list_del_init(&txqi->schedule_order);
1537 spin_unlock_bh(&local->active_txq_lock[txqi->txq.ac]);
1540 void ieee80211_txq_set_params(struct ieee80211_local *local)
1542 if (local->hw.wiphy->txq_limit)
1543 local->fq.limit = local->hw.wiphy->txq_limit;
1545 local->hw.wiphy->txq_limit = local->fq.limit;
1547 if (local->hw.wiphy->txq_memory_limit)
1548 local->fq.memory_limit = local->hw.wiphy->txq_memory_limit;
1550 local->hw.wiphy->txq_memory_limit = local->fq.memory_limit;
1552 if (local->hw.wiphy->txq_quantum)
1553 local->fq.quantum = local->hw.wiphy->txq_quantum;
1555 local->hw.wiphy->txq_quantum = local->fq.quantum;
1558 int ieee80211_txq_setup_flows(struct ieee80211_local *local)
1560 struct fq *fq = &local->fq;
1563 bool supp_vht = false;
1564 enum nl80211_band band;
1566 if (!local->ops->wake_tx_queue)
1569 ret = fq_init(fq, 4096);
1574 * If the hardware doesn't support VHT, it is safe to limit the maximum
1575 * queue size. 4 Mbytes is 64 max-size aggregates in 802.11n.
1577 for (band = 0; band < NUM_NL80211_BANDS; band++) {
1578 struct ieee80211_supported_band *sband;
1580 sband = local->hw.wiphy->bands[band];
1584 supp_vht = supp_vht || sband->vht_cap.vht_supported;
1588 fq->memory_limit = 4 << 20; /* 4 Mbytes */
1590 codel_params_init(&local->cparams);
1591 local->cparams.interval = MS2TIME(100);
1592 local->cparams.target = MS2TIME(20);
1593 local->cparams.ecn = true;
1595 local->cvars = kcalloc(fq->flows_cnt, sizeof(local->cvars[0]),
1597 if (!local->cvars) {
1598 spin_lock_bh(&fq->lock);
1599 fq_reset(fq, fq_skb_free_func);
1600 spin_unlock_bh(&fq->lock);
1604 for (i = 0; i < fq->flows_cnt; i++)
1605 codel_vars_init(&local->cvars[i]);
1607 ieee80211_txq_set_params(local);
1612 void ieee80211_txq_teardown_flows(struct ieee80211_local *local)
1614 struct fq *fq = &local->fq;
1616 if (!local->ops->wake_tx_queue)
1619 kfree(local->cvars);
1620 local->cvars = NULL;
1622 spin_lock_bh(&fq->lock);
1623 fq_reset(fq, fq_skb_free_func);
1624 spin_unlock_bh(&fq->lock);
1627 static bool ieee80211_queue_skb(struct ieee80211_local *local,
1628 struct ieee80211_sub_if_data *sdata,
1629 struct sta_info *sta,
1630 struct sk_buff *skb)
1632 struct ieee80211_vif *vif;
1633 struct txq_info *txqi;
1635 if (!local->ops->wake_tx_queue ||
1636 sdata->vif.type == NL80211_IFTYPE_MONITOR)
1639 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
1640 sdata = container_of(sdata->bss,
1641 struct ieee80211_sub_if_data, u.ap);
1644 txqi = ieee80211_get_txq(local, vif, sta, skb);
1649 ieee80211_txq_enqueue(local, txqi, skb);
1651 schedule_and_wake_txq(local, txqi);
1656 static bool ieee80211_tx_frags(struct ieee80211_local *local,
1657 struct ieee80211_vif *vif,
1658 struct sta_info *sta,
1659 struct sk_buff_head *skbs,
1662 struct ieee80211_tx_control control = {};
1663 struct sk_buff *skb, *tmp;
1664 unsigned long flags;
1666 skb_queue_walk_safe(skbs, skb, tmp) {
1667 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1668 int q = info->hw_queue;
1670 #ifdef CONFIG_MAC80211_VERBOSE_DEBUG
1671 if (WARN_ON_ONCE(q >= local->hw.queues)) {
1672 __skb_unlink(skb, skbs);
1673 ieee80211_free_txskb(&local->hw, skb);
1678 spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
1679 if (local->queue_stop_reasons[q] ||
1680 (!txpending && !skb_queue_empty(&local->pending[q]))) {
1681 if (unlikely(info->flags &
1682 IEEE80211_TX_INTFL_OFFCHAN_TX_OK)) {
1683 if (local->queue_stop_reasons[q] &
1684 ~BIT(IEEE80211_QUEUE_STOP_REASON_OFFCHANNEL)) {
1686 * Drop off-channel frames if queues
1687 * are stopped for any reason other
1688 * than off-channel operation. Never
1691 spin_unlock_irqrestore(
1692 &local->queue_stop_reason_lock,
1694 ieee80211_purge_tx_queue(&local->hw,
1701 * Since queue is stopped, queue up frames for
1702 * later transmission from the tx-pending
1703 * tasklet when the queue is woken again.
1706 skb_queue_splice_init(skbs,
1707 &local->pending[q]);
1709 skb_queue_splice_tail_init(skbs,
1710 &local->pending[q]);
1712 spin_unlock_irqrestore(&local->queue_stop_reason_lock,
1717 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
1719 info->control.vif = vif;
1720 control.sta = sta ? &sta->sta : NULL;
1722 __skb_unlink(skb, skbs);
1723 drv_tx(local, &control, skb);
1730 * Returns false if the frame couldn't be transmitted but was queued instead.
1732 static bool __ieee80211_tx(struct ieee80211_local *local,
1733 struct sk_buff_head *skbs, struct sta_info *sta,
1736 struct ieee80211_tx_info *info;
1737 struct ieee80211_sub_if_data *sdata;
1738 struct ieee80211_vif *vif;
1739 struct sk_buff *skb;
1742 if (WARN_ON(skb_queue_empty(skbs)))
1745 skb = skb_peek(skbs);
1746 info = IEEE80211_SKB_CB(skb);
1747 sdata = vif_to_sdata(info->control.vif);
1748 if (sta && !sta->uploaded)
1751 switch (sdata->vif.type) {
1752 case NL80211_IFTYPE_MONITOR:
1753 if (sdata->u.mntr.flags & MONITOR_FLAG_ACTIVE) {
1757 sdata = rcu_dereference(local->monitor_sdata);
1761 vif->hw_queue[skb_get_queue_mapping(skb)];
1762 } else if (ieee80211_hw_check(&local->hw, QUEUE_CONTROL)) {
1763 ieee80211_purge_tx_queue(&local->hw, skbs);
1768 case NL80211_IFTYPE_AP_VLAN:
1769 sdata = container_of(sdata->bss,
1770 struct ieee80211_sub_if_data, u.ap);
1777 result = ieee80211_tx_frags(local, vif, sta, skbs, txpending);
1779 WARN_ON_ONCE(!skb_queue_empty(skbs));
1785 * Invoke TX handlers, return 0 on success and non-zero if the
1786 * frame was dropped or queued.
1788 * The handlers are split into an early and late part. The latter is everything
1789 * that can be sensitive to reordering, and will be deferred to after packets
1790 * are dequeued from the intermediate queues (when they are enabled).
1792 static int invoke_tx_handlers_early(struct ieee80211_tx_data *tx)
1794 ieee80211_tx_result res = TX_DROP;
1796 #define CALL_TXH(txh) \
1799 if (res != TX_CONTINUE) \
1803 CALL_TXH(ieee80211_tx_h_dynamic_ps);
1804 CALL_TXH(ieee80211_tx_h_check_assoc);
1805 CALL_TXH(ieee80211_tx_h_ps_buf);
1806 CALL_TXH(ieee80211_tx_h_check_control_port_protocol);
1807 CALL_TXH(ieee80211_tx_h_select_key);
1810 if (unlikely(res == TX_DROP)) {
1811 I802_DEBUG_INC(tx->local->tx_handlers_drop);
1813 ieee80211_free_txskb(&tx->local->hw, tx->skb);
1815 ieee80211_purge_tx_queue(&tx->local->hw, &tx->skbs);
1817 } else if (unlikely(res == TX_QUEUED)) {
1818 I802_DEBUG_INC(tx->local->tx_handlers_queued);
1826 * Late handlers can be called while the sta lock is held. Handlers that can
1827 * cause packets to be generated will cause deadlock!
1829 static int invoke_tx_handlers_late(struct ieee80211_tx_data *tx)
1831 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
1832 ieee80211_tx_result res = TX_CONTINUE;
1834 if (!ieee80211_hw_check(&tx->local->hw, HAS_RATE_CONTROL))
1835 CALL_TXH(ieee80211_tx_h_rate_ctrl);
1837 if (unlikely(info->flags & IEEE80211_TX_INTFL_RETRANSMISSION)) {
1838 __skb_queue_tail(&tx->skbs, tx->skb);
1843 CALL_TXH(ieee80211_tx_h_michael_mic_add);
1844 CALL_TXH(ieee80211_tx_h_sequence);
1845 CALL_TXH(ieee80211_tx_h_fragment);
1846 /* handlers after fragment must be aware of tx info fragmentation! */
1847 CALL_TXH(ieee80211_tx_h_stats);
1848 CALL_TXH(ieee80211_tx_h_encrypt);
1849 if (!ieee80211_hw_check(&tx->local->hw, HAS_RATE_CONTROL))
1850 CALL_TXH(ieee80211_tx_h_calculate_duration);
1854 if (unlikely(res == TX_DROP)) {
1855 I802_DEBUG_INC(tx->local->tx_handlers_drop);
1857 ieee80211_free_txskb(&tx->local->hw, tx->skb);
1859 ieee80211_purge_tx_queue(&tx->local->hw, &tx->skbs);
1861 } else if (unlikely(res == TX_QUEUED)) {
1862 I802_DEBUG_INC(tx->local->tx_handlers_queued);
1869 static int invoke_tx_handlers(struct ieee80211_tx_data *tx)
1871 int r = invoke_tx_handlers_early(tx);
1875 return invoke_tx_handlers_late(tx);
1878 bool ieee80211_tx_prepare_skb(struct ieee80211_hw *hw,
1879 struct ieee80211_vif *vif, struct sk_buff *skb,
1880 int band, struct ieee80211_sta **sta)
1882 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1883 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1884 struct ieee80211_tx_data tx;
1885 struct sk_buff *skb2;
1887 if (ieee80211_tx_prepare(sdata, &tx, NULL, skb) == TX_DROP)
1891 info->control.vif = vif;
1892 info->hw_queue = vif->hw_queue[skb_get_queue_mapping(skb)];
1894 if (invoke_tx_handlers(&tx))
1899 *sta = &tx.sta->sta;
1904 /* this function isn't suitable for fragmented data frames */
1905 skb2 = __skb_dequeue(&tx.skbs);
1906 if (WARN_ON(skb2 != skb || !skb_queue_empty(&tx.skbs))) {
1907 ieee80211_free_txskb(hw, skb2);
1908 ieee80211_purge_tx_queue(hw, &tx.skbs);
1914 EXPORT_SYMBOL(ieee80211_tx_prepare_skb);
1917 * Returns false if the frame couldn't be transmitted but was queued instead.
1919 static bool ieee80211_tx(struct ieee80211_sub_if_data *sdata,
1920 struct sta_info *sta, struct sk_buff *skb,
1923 struct ieee80211_local *local = sdata->local;
1924 struct ieee80211_tx_data tx;
1925 ieee80211_tx_result res_prepare;
1926 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1929 if (unlikely(skb->len < 10)) {
1934 /* initialises tx */
1935 res_prepare = ieee80211_tx_prepare(sdata, &tx, sta, skb);
1937 if (unlikely(res_prepare == TX_DROP)) {
1938 ieee80211_free_txskb(&local->hw, skb);
1940 } else if (unlikely(res_prepare == TX_QUEUED)) {
1944 /* set up hw_queue value early */
1945 if (!(info->flags & IEEE80211_TX_CTL_TX_OFFCHAN) ||
1946 !ieee80211_hw_check(&local->hw, QUEUE_CONTROL))
1948 sdata->vif.hw_queue[skb_get_queue_mapping(skb)];
1950 if (invoke_tx_handlers_early(&tx))
1953 if (ieee80211_queue_skb(local, sdata, tx.sta, tx.skb))
1956 if (!invoke_tx_handlers_late(&tx))
1957 result = __ieee80211_tx(local, &tx.skbs, tx.sta, txpending);
1962 /* device xmit handlers */
1964 enum ieee80211_encrypt {
1970 static int ieee80211_skb_resize(struct ieee80211_sub_if_data *sdata,
1971 struct sk_buff *skb,
1973 enum ieee80211_encrypt encrypt)
1975 struct ieee80211_local *local = sdata->local;
1979 enc_tailroom = encrypt == ENCRYPT_MGMT ||
1980 (encrypt == ENCRYPT_DATA &&
1981 sdata->crypto_tx_tailroom_needed_cnt);
1984 tail_need = IEEE80211_ENCRYPT_TAILROOM;
1985 tail_need -= skb_tailroom(skb);
1986 tail_need = max_t(int, tail_need, 0);
1989 if (skb_cloned(skb) &&
1990 (!ieee80211_hw_check(&local->hw, SUPPORTS_CLONED_SKBS) ||
1991 !skb_clone_writable(skb, ETH_HLEN) || enc_tailroom))
1992 I802_DEBUG_INC(local->tx_expand_skb_head_cloned);
1993 else if (head_need || tail_need)
1994 I802_DEBUG_INC(local->tx_expand_skb_head);
1998 if (pskb_expand_head(skb, head_need, tail_need, GFP_ATOMIC)) {
1999 wiphy_debug(local->hw.wiphy,
2000 "failed to reallocate TX buffer\n");
2007 void ieee80211_xmit(struct ieee80211_sub_if_data *sdata,
2008 struct sta_info *sta, struct sk_buff *skb)
2010 struct ieee80211_local *local = sdata->local;
2011 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
2012 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
2014 enum ieee80211_encrypt encrypt;
2016 if (info->flags & IEEE80211_TX_INTFL_DONT_ENCRYPT)
2017 encrypt = ENCRYPT_NO;
2018 else if (ieee80211_is_mgmt(hdr->frame_control))
2019 encrypt = ENCRYPT_MGMT;
2021 encrypt = ENCRYPT_DATA;
2023 headroom = local->tx_headroom;
2024 if (encrypt != ENCRYPT_NO)
2025 headroom += IEEE80211_ENCRYPT_HEADROOM;
2026 headroom -= skb_headroom(skb);
2027 headroom = max_t(int, 0, headroom);
2029 if (ieee80211_skb_resize(sdata, skb, headroom, encrypt)) {
2030 ieee80211_free_txskb(&local->hw, skb);
2034 /* reload after potential resize */
2035 hdr = (struct ieee80211_hdr *) skb->data;
2036 info->control.vif = &sdata->vif;
2038 if (ieee80211_vif_is_mesh(&sdata->vif)) {
2039 if (ieee80211_is_data(hdr->frame_control) &&
2040 is_unicast_ether_addr(hdr->addr1)) {
2041 if (mesh_nexthop_resolve(sdata, skb))
2042 return; /* skb queued: don't free */
2044 ieee80211_mps_set_frame_flags(sdata, NULL, hdr);
2048 ieee80211_set_qos_hdr(sdata, skb);
2049 ieee80211_tx(sdata, sta, skb, false);
2052 static bool ieee80211_validate_radiotap_len(struct sk_buff *skb)
2054 struct ieee80211_radiotap_header *rthdr =
2055 (struct ieee80211_radiotap_header *)skb->data;
2057 /* check for not even having the fixed radiotap header part */
2058 if (unlikely(skb->len < sizeof(struct ieee80211_radiotap_header)))
2059 return false; /* too short to be possibly valid */
2061 /* is it a header version we can trust to find length from? */
2062 if (unlikely(rthdr->it_version))
2063 return false; /* only version 0 is supported */
2065 /* does the skb contain enough to deliver on the alleged length? */
2066 if (unlikely(skb->len < ieee80211_get_radiotap_len(skb->data)))
2067 return false; /* skb too short for claimed rt header extent */
2072 bool ieee80211_parse_tx_radiotap(struct sk_buff *skb,
2073 struct net_device *dev)
2075 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2076 struct ieee80211_radiotap_iterator iterator;
2077 struct ieee80211_radiotap_header *rthdr =
2078 (struct ieee80211_radiotap_header *) skb->data;
2079 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
2080 int ret = ieee80211_radiotap_iterator_init(&iterator, rthdr, skb->len,
2084 bool rate_found = false;
2085 u8 rate_retries = 0;
2087 u8 mcs_known, mcs_flags, mcs_bw;
2089 u8 vht_mcs = 0, vht_nss = 0;
2092 if (!ieee80211_validate_radiotap_len(skb))
2095 info->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT |
2096 IEEE80211_TX_CTL_DONTFRAG;
2099 * for every radiotap entry that is present
2100 * (ieee80211_radiotap_iterator_next returns -ENOENT when no more
2101 * entries present, or -EINVAL on error)
2105 ret = ieee80211_radiotap_iterator_next(&iterator);
2110 /* see if this argument is something we can use */
2111 switch (iterator.this_arg_index) {
2113 * You must take care when dereferencing iterator.this_arg
2114 * for multibyte types... the pointer is not aligned. Use
2115 * get_unaligned((type *)iterator.this_arg) to dereference
2116 * iterator.this_arg for type "type" safely on all arches.
2118 case IEEE80211_RADIOTAP_FLAGS:
2119 if (*iterator.this_arg & IEEE80211_RADIOTAP_F_FCS) {
2121 * this indicates that the skb we have been
2122 * handed has the 32-bit FCS CRC at the end...
2123 * we should react to that by snipping it off
2124 * because it will be recomputed and added
2127 if (skb->len < (iterator._max_length + FCS_LEN))
2130 skb_trim(skb, skb->len - FCS_LEN);
2132 if (*iterator.this_arg & IEEE80211_RADIOTAP_F_WEP)
2133 info->flags &= ~IEEE80211_TX_INTFL_DONT_ENCRYPT;
2134 if (*iterator.this_arg & IEEE80211_RADIOTAP_F_FRAG)
2135 info->flags &= ~IEEE80211_TX_CTL_DONTFRAG;
2138 case IEEE80211_RADIOTAP_TX_FLAGS:
2139 txflags = get_unaligned_le16(iterator.this_arg);
2140 if (txflags & IEEE80211_RADIOTAP_F_TX_NOACK)
2141 info->flags |= IEEE80211_TX_CTL_NO_ACK;
2142 if (txflags & IEEE80211_RADIOTAP_F_TX_NOSEQNO)
2143 info->control.flags |= IEEE80211_TX_CTRL_NO_SEQNO;
2144 if (txflags & IEEE80211_RADIOTAP_F_TX_ORDER)
2145 info->control.flags |=
2146 IEEE80211_TX_CTRL_DONT_REORDER;
2149 case IEEE80211_RADIOTAP_RATE:
2150 rate = *iterator.this_arg;
2155 case IEEE80211_RADIOTAP_DATA_RETRIES:
2156 rate_retries = *iterator.this_arg;
2159 case IEEE80211_RADIOTAP_MCS:
2160 mcs_known = iterator.this_arg[0];
2161 mcs_flags = iterator.this_arg[1];
2162 if (!(mcs_known & IEEE80211_RADIOTAP_MCS_HAVE_MCS))
2166 rate = iterator.this_arg[2];
2167 rate_flags = IEEE80211_TX_RC_MCS;
2169 if (mcs_known & IEEE80211_RADIOTAP_MCS_HAVE_GI &&
2170 mcs_flags & IEEE80211_RADIOTAP_MCS_SGI)
2171 rate_flags |= IEEE80211_TX_RC_SHORT_GI;
2173 mcs_bw = mcs_flags & IEEE80211_RADIOTAP_MCS_BW_MASK;
2174 if (mcs_known & IEEE80211_RADIOTAP_MCS_HAVE_BW &&
2175 mcs_bw == IEEE80211_RADIOTAP_MCS_BW_40)
2176 rate_flags |= IEEE80211_TX_RC_40_MHZ_WIDTH;
2178 if (mcs_known & IEEE80211_RADIOTAP_MCS_HAVE_FEC &&
2179 mcs_flags & IEEE80211_RADIOTAP_MCS_FEC_LDPC)
2180 info->flags |= IEEE80211_TX_CTL_LDPC;
2182 if (mcs_known & IEEE80211_RADIOTAP_MCS_HAVE_STBC) {
2183 u8 stbc = u8_get_bits(mcs_flags,
2184 IEEE80211_RADIOTAP_MCS_STBC_MASK);
2187 u32_encode_bits(stbc,
2188 IEEE80211_TX_CTL_STBC);
2192 case IEEE80211_RADIOTAP_VHT:
2193 vht_known = get_unaligned_le16(iterator.this_arg);
2196 rate_flags = IEEE80211_TX_RC_VHT_MCS;
2197 if ((vht_known & IEEE80211_RADIOTAP_VHT_KNOWN_GI) &&
2198 (iterator.this_arg[2] &
2199 IEEE80211_RADIOTAP_VHT_FLAG_SGI))
2200 rate_flags |= IEEE80211_TX_RC_SHORT_GI;
2202 IEEE80211_RADIOTAP_VHT_KNOWN_BANDWIDTH) {
2203 if (iterator.this_arg[3] == 1)
2205 IEEE80211_TX_RC_40_MHZ_WIDTH;
2206 else if (iterator.this_arg[3] == 4)
2208 IEEE80211_TX_RC_80_MHZ_WIDTH;
2209 else if (iterator.this_arg[3] == 11)
2211 IEEE80211_TX_RC_160_MHZ_WIDTH;
2214 vht_mcs = iterator.this_arg[4] >> 4;
2217 vht_nss = iterator.this_arg[4] & 0xF;
2218 if (!vht_nss || vht_nss > 8)
2223 * Please update the file
2224 * Documentation/networking/mac80211-injection.rst
2225 * when parsing new fields here.
2233 if (ret != -ENOENT) /* ie, if we didn't simply run out of fields */
2237 struct ieee80211_supported_band *sband =
2238 local->hw.wiphy->bands[info->band];
2240 info->control.flags |= IEEE80211_TX_CTRL_RATE_INJECT;
2242 for (i = 0; i < IEEE80211_TX_MAX_RATES; i++) {
2243 info->control.rates[i].idx = -1;
2244 info->control.rates[i].flags = 0;
2245 info->control.rates[i].count = 0;
2248 if (rate_flags & IEEE80211_TX_RC_MCS) {
2249 info->control.rates[0].idx = rate;
2250 } else if (rate_flags & IEEE80211_TX_RC_VHT_MCS) {
2251 ieee80211_rate_set_vht(info->control.rates, vht_mcs,
2254 for (i = 0; i < sband->n_bitrates; i++) {
2255 if (rate * 5 != sband->bitrates[i].bitrate)
2258 info->control.rates[0].idx = i;
2263 if (info->control.rates[0].idx < 0)
2264 info->control.flags &= ~IEEE80211_TX_CTRL_RATE_INJECT;
2266 info->control.rates[0].flags = rate_flags;
2267 info->control.rates[0].count = min_t(u8, rate_retries + 1,
2268 local->hw.max_rate_tries);
2274 netdev_tx_t ieee80211_monitor_start_xmit(struct sk_buff *skb,
2275 struct net_device *dev)
2277 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2278 struct ieee80211_chanctx_conf *chanctx_conf;
2279 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
2280 struct ieee80211_hdr *hdr;
2281 struct ieee80211_sub_if_data *tmp_sdata, *sdata;
2282 struct cfg80211_chan_def *chandef;
2286 memset(info, 0, sizeof(*info));
2287 info->flags = IEEE80211_TX_CTL_REQ_TX_STATUS |
2288 IEEE80211_TX_CTL_INJECTED;
2290 /* Sanity-check the length of the radiotap header */
2291 if (!ieee80211_validate_radiotap_len(skb))
2294 /* we now know there is a radiotap header with a length we can use */
2295 len_rthdr = ieee80211_get_radiotap_len(skb->data);
2298 * fix up the pointers accounting for the radiotap
2299 * header still being in there. We are being given
2300 * a precooked IEEE80211 header so no need for
2303 skb_set_mac_header(skb, len_rthdr);
2305 * these are just fixed to the end of the rt area since we
2306 * don't have any better information and at this point, nobody cares
2308 skb_set_network_header(skb, len_rthdr);
2309 skb_set_transport_header(skb, len_rthdr);
2311 if (skb->len < len_rthdr + 2)
2314 hdr = (struct ieee80211_hdr *)(skb->data + len_rthdr);
2315 hdrlen = ieee80211_hdrlen(hdr->frame_control);
2317 if (skb->len < len_rthdr + hdrlen)
2321 * Initialize skb->protocol if the injected frame is a data frame
2322 * carrying a rfc1042 header
2324 if (ieee80211_is_data(hdr->frame_control) &&
2325 skb->len >= len_rthdr + hdrlen + sizeof(rfc1042_header) + 2) {
2326 u8 *payload = (u8 *)hdr + hdrlen;
2328 if (ether_addr_equal(payload, rfc1042_header))
2329 skb->protocol = cpu_to_be16((payload[6] << 8) |
2336 * We process outgoing injected frames that have a local address
2337 * we handle as though they are non-injected frames.
2338 * This code here isn't entirely correct, the local MAC address
2339 * isn't always enough to find the interface to use; for proper
2340 * VLAN support we have an nl80211-based mechanism.
2342 * This is necessary, for example, for old hostapd versions that
2343 * don't use nl80211-based management TX/RX.
2345 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2347 list_for_each_entry_rcu(tmp_sdata, &local->interfaces, list) {
2348 if (!ieee80211_sdata_running(tmp_sdata))
2350 if (tmp_sdata->vif.type == NL80211_IFTYPE_MONITOR ||
2351 tmp_sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
2353 if (ether_addr_equal(tmp_sdata->vif.addr, hdr->addr2)) {
2359 chanctx_conf = rcu_dereference(sdata->vif.bss_conf.chanctx_conf);
2360 if (!chanctx_conf) {
2361 tmp_sdata = rcu_dereference(local->monitor_sdata);
2364 rcu_dereference(tmp_sdata->vif.bss_conf.chanctx_conf);
2368 chandef = &chanctx_conf->def;
2369 else if (!local->use_chanctx)
2370 chandef = &local->_oper_chandef;
2375 * Frame injection is not allowed if beaconing is not allowed
2376 * or if we need radar detection. Beaconing is usually not allowed when
2377 * the mode or operation (Adhoc, AP, Mesh) does not support DFS.
2378 * Passive scan is also used in world regulatory domains where
2379 * your country is not known and as such it should be treated as
2380 * NO TX unless the channel is explicitly allowed in which case
2381 * your current regulatory domain would not have the passive scan
2384 * Since AP mode uses monitor interfaces to inject/TX management
2385 * frames we can make AP mode the exception to this rule once it
2386 * supports radar detection as its implementation can deal with
2387 * radar detection by itself. We can do that later by adding a
2388 * monitor flag interfaces used for AP support.
2390 if (!cfg80211_reg_can_beacon(local->hw.wiphy, chandef,
2394 info->band = chandef->chan->band;
2396 /* Initialize skb->priority according to frame type and TID class,
2397 * with respect to the sub interface that the frame will actually
2398 * be transmitted on. If the DONT_REORDER flag is set, the original
2399 * skb-priority is preserved to assure frames injected with this
2400 * flag are not reordered relative to each other.
2402 ieee80211_select_queue_80211(sdata, skb, hdr);
2403 skb_set_queue_mapping(skb, ieee80211_ac_from_tid(skb->priority));
2406 * Process the radiotap header. This will now take into account the
2407 * selected chandef above to accurately set injection rates and
2410 if (!ieee80211_parse_tx_radiotap(skb, dev))
2413 /* remove the injection radiotap header */
2414 skb_pull(skb, len_rthdr);
2416 ieee80211_xmit(sdata, NULL, skb);
2419 return NETDEV_TX_OK;
2425 return NETDEV_TX_OK; /* meaning, we dealt with the skb */
2428 static inline bool ieee80211_is_tdls_setup(struct sk_buff *skb)
2430 u16 ethertype = (skb->data[12] << 8) | skb->data[13];
2432 return ethertype == ETH_P_TDLS &&
2434 skb->data[14] == WLAN_TDLS_SNAP_RFTYPE;
2437 int ieee80211_lookup_ra_sta(struct ieee80211_sub_if_data *sdata,
2438 struct sk_buff *skb,
2439 struct sta_info **sta_out)
2441 struct sta_info *sta;
2443 switch (sdata->vif.type) {
2444 case NL80211_IFTYPE_AP_VLAN:
2445 sta = rcu_dereference(sdata->u.vlan.sta);
2449 } else if (sdata->wdev.use_4addr) {
2453 case NL80211_IFTYPE_AP:
2454 case NL80211_IFTYPE_OCB:
2455 case NL80211_IFTYPE_ADHOC:
2456 if (is_multicast_ether_addr(skb->data)) {
2457 *sta_out = ERR_PTR(-ENOENT);
2460 sta = sta_info_get_bss(sdata, skb->data);
2462 #ifdef CONFIG_MAC80211_MESH
2463 case NL80211_IFTYPE_MESH_POINT:
2464 /* determined much later */
2468 case NL80211_IFTYPE_STATION:
2469 if (sdata->wdev.wiphy->flags & WIPHY_FLAG_SUPPORTS_TDLS) {
2470 sta = sta_info_get(sdata, skb->data);
2471 if (sta && test_sta_flag(sta, WLAN_STA_TDLS_PEER)) {
2472 if (test_sta_flag(sta,
2473 WLAN_STA_TDLS_PEER_AUTH)) {
2479 * TDLS link during setup - throw out frames to
2480 * peer. Allow TDLS-setup frames to unauthorized
2481 * peers for the special case of a link teardown
2482 * after a TDLS sta is removed due to being
2485 if (!ieee80211_is_tdls_setup(skb))
2491 sta = sta_info_get(sdata, sdata->vif.cfg.ap_addr);
2499 *sta_out = sta ?: ERR_PTR(-ENOENT);
2503 static u16 ieee80211_store_ack_skb(struct ieee80211_local *local,
2504 struct sk_buff *skb,
2508 struct sk_buff *ack_skb;
2512 ack_skb = skb_clone_sk(skb);
2514 ack_skb = skb_clone(skb, GFP_ATOMIC);
2517 unsigned long flags;
2520 spin_lock_irqsave(&local->ack_status_lock, flags);
2521 id = idr_alloc(&local->ack_status_frames, ack_skb,
2522 1, 0x2000, GFP_ATOMIC);
2523 spin_unlock_irqrestore(&local->ack_status_lock, flags);
2527 *info_flags |= IEEE80211_TX_CTL_REQ_TX_STATUS;
2529 *cookie = ieee80211_mgmt_tx_cookie(local);
2530 IEEE80211_SKB_CB(ack_skb)->ack.cookie = *cookie;
2541 * ieee80211_build_hdr - build 802.11 header in the given frame
2542 * @sdata: virtual interface to build the header for
2543 * @skb: the skb to build the header in
2544 * @info_flags: skb flags to set
2545 * @sta: the station pointer
2546 * @ctrl_flags: info control flags to set
2547 * @cookie: cookie pointer to fill (if not %NULL)
2549 * This function takes the skb with 802.3 header and reformats the header to
2550 * the appropriate IEEE 802.11 header based on which interface the packet is
2551 * being transmitted on.
2553 * Note that this function also takes care of the TX status request and
2554 * potential unsharing of the SKB - this needs to be interleaved with the
2557 * The function requires the read-side RCU lock held
2559 * Returns: the (possibly reallocated) skb or an ERR_PTR() code
2561 static struct sk_buff *ieee80211_build_hdr(struct ieee80211_sub_if_data *sdata,
2562 struct sk_buff *skb, u32 info_flags,
2563 struct sta_info *sta, u32 ctrl_flags,
2566 struct ieee80211_local *local = sdata->local;
2567 struct ieee80211_tx_info *info;
2569 u16 ethertype, hdrlen, meshhdrlen = 0;
2571 struct ieee80211_hdr hdr;
2572 struct ieee80211s_hdr mesh_hdr __maybe_unused;
2573 struct mesh_path __maybe_unused *mppath = NULL, *mpath = NULL;
2574 const u8 *encaps_data;
2575 int encaps_len, skip_header_bytes;
2576 bool wme_sta = false, authorized = false;
2580 struct ieee80211_chanctx_conf *chanctx_conf = NULL;
2581 enum nl80211_band band;
2583 u8 link_id = u32_get_bits(ctrl_flags, IEEE80211_TX_CTRL_MLO_LINK);
2588 #ifdef CONFIG_MAC80211_DEBUGFS
2589 if (local->force_tx_status)
2590 info_flags |= IEEE80211_TX_CTL_REQ_TX_STATUS;
2593 /* convert Ethernet header to proper 802.11 header (based on
2594 * operation mode) */
2595 ethertype = (skb->data[12] << 8) | skb->data[13];
2596 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA);
2598 if (!sdata->vif.valid_links)
2600 rcu_dereference(sdata->vif.bss_conf.chanctx_conf);
2602 switch (sdata->vif.type) {
2603 case NL80211_IFTYPE_AP_VLAN:
2604 if (sdata->wdev.use_4addr) {
2605 fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS);
2607 memcpy(hdr.addr1, sta->sta.addr, ETH_ALEN);
2608 memcpy(hdr.addr2, sdata->vif.addr, ETH_ALEN);
2609 memcpy(hdr.addr3, skb->data, ETH_ALEN);
2610 memcpy(hdr.addr4, skb->data + ETH_ALEN, ETH_ALEN);
2612 authorized = test_sta_flag(sta, WLAN_STA_AUTHORIZED);
2613 wme_sta = sta->sta.wme;
2615 if (!sdata->vif.valid_links) {
2616 struct ieee80211_sub_if_data *ap_sdata;
2618 /* override chanctx_conf from AP (we don't have one) */
2619 ap_sdata = container_of(sdata->bss,
2620 struct ieee80211_sub_if_data,
2623 rcu_dereference(ap_sdata->vif.bss_conf.chanctx_conf);
2625 if (sdata->wdev.use_4addr)
2628 case NL80211_IFTYPE_AP:
2629 fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS);
2631 memcpy(hdr.addr1, skb->data, ETH_ALEN);
2633 if (sdata->vif.valid_links && sta && !sta->sta.mlo) {
2634 struct ieee80211_link_data *link;
2636 link_id = sta->deflink.link_id;
2637 link = rcu_dereference(sdata->link[link_id]);
2638 if (WARN_ON(!link)) {
2642 memcpy(hdr.addr2, link->conf->addr, ETH_ALEN);
2643 } else if (link_id == IEEE80211_LINK_UNSPECIFIED) {
2644 memcpy(hdr.addr2, sdata->vif.addr, ETH_ALEN);
2646 struct ieee80211_bss_conf *conf;
2648 conf = rcu_dereference(sdata->vif.link_conf[link_id]);
2649 if (unlikely(!conf)) {
2654 memcpy(hdr.addr2, conf->addr, ETH_ALEN);
2657 memcpy(hdr.addr3, skb->data + ETH_ALEN, ETH_ALEN);
2660 #ifdef CONFIG_MAC80211_MESH
2661 case NL80211_IFTYPE_MESH_POINT:
2662 if (!is_multicast_ether_addr(skb->data)) {
2663 struct sta_info *next_hop;
2664 bool mpp_lookup = true;
2666 mpath = mesh_path_lookup(sdata, skb->data);
2669 next_hop = rcu_dereference(mpath->next_hop);
2671 !(mpath->flags & (MESH_PATH_ACTIVE |
2672 MESH_PATH_RESOLVING)))
2677 mppath = mpp_path_lookup(sdata, skb->data);
2679 mppath->exp_time = jiffies;
2682 if (mppath && mpath)
2683 mesh_path_del(sdata, mpath->dst);
2687 * Use address extension if it is a packet from
2688 * another interface or if we know the destination
2689 * is being proxied by a portal (i.e. portal address
2690 * differs from proxied address)
2692 if (ether_addr_equal(sdata->vif.addr, skb->data + ETH_ALEN) &&
2693 !(mppath && !ether_addr_equal(mppath->mpp, skb->data))) {
2694 hdrlen = ieee80211_fill_mesh_addresses(&hdr, &fc,
2695 skb->data, skb->data + ETH_ALEN);
2696 meshhdrlen = ieee80211_new_mesh_header(sdata, &mesh_hdr,
2699 /* DS -> MBSS (802.11-2012 13.11.3.3).
2700 * For unicast with unknown forwarding information,
2701 * destination might be in the MBSS or if that fails
2702 * forwarded to another mesh gate. In either case
2703 * resolution will be handled in ieee80211_xmit(), so
2704 * leave the original DA. This also works for mcast */
2705 const u8 *mesh_da = skb->data;
2708 mesh_da = mppath->mpp;
2710 mesh_da = mpath->dst;
2712 hdrlen = ieee80211_fill_mesh_addresses(&hdr, &fc,
2713 mesh_da, sdata->vif.addr);
2714 if (is_multicast_ether_addr(mesh_da))
2715 /* DA TA mSA AE:SA */
2716 meshhdrlen = ieee80211_new_mesh_header(
2718 skb->data + ETH_ALEN, NULL);
2720 /* RA TA mDA mSA AE:DA SA */
2721 meshhdrlen = ieee80211_new_mesh_header(
2722 sdata, &mesh_hdr, skb->data,
2723 skb->data + ETH_ALEN);
2727 /* For injected frames, fill RA right away as nexthop lookup
2730 if ((ctrl_flags & IEEE80211_TX_CTRL_SKIP_MPATH_LOOKUP) &&
2731 is_zero_ether_addr(hdr.addr1))
2732 memcpy(hdr.addr1, skb->data, ETH_ALEN);
2735 case NL80211_IFTYPE_STATION:
2736 /* we already did checks when looking up the RA STA */
2737 tdls_peer = test_sta_flag(sta, WLAN_STA_TDLS_PEER);
2741 memcpy(hdr.addr1, skb->data, ETH_ALEN);
2742 memcpy(hdr.addr2, skb->data + ETH_ALEN, ETH_ALEN);
2743 memcpy(hdr.addr3, sdata->deflink.u.mgd.bssid, ETH_ALEN);
2745 } else if (sdata->u.mgd.use_4addr &&
2746 cpu_to_be16(ethertype) != sdata->control_port_protocol) {
2747 fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS |
2748 IEEE80211_FCTL_TODS);
2750 memcpy(hdr.addr1, sdata->deflink.u.mgd.bssid, ETH_ALEN);
2751 memcpy(hdr.addr2, sdata->vif.addr, ETH_ALEN);
2752 memcpy(hdr.addr3, skb->data, ETH_ALEN);
2753 memcpy(hdr.addr4, skb->data + ETH_ALEN, ETH_ALEN);
2756 fc |= cpu_to_le16(IEEE80211_FCTL_TODS);
2758 memcpy(hdr.addr1, sdata->vif.cfg.ap_addr, ETH_ALEN);
2759 memcpy(hdr.addr2, skb->data + ETH_ALEN, ETH_ALEN);
2760 memcpy(hdr.addr3, skb->data, ETH_ALEN);
2764 case NL80211_IFTYPE_OCB:
2766 memcpy(hdr.addr1, skb->data, ETH_ALEN);
2767 memcpy(hdr.addr2, skb->data + ETH_ALEN, ETH_ALEN);
2768 eth_broadcast_addr(hdr.addr3);
2771 case NL80211_IFTYPE_ADHOC:
2773 memcpy(hdr.addr1, skb->data, ETH_ALEN);
2774 memcpy(hdr.addr2, skb->data + ETH_ALEN, ETH_ALEN);
2775 memcpy(hdr.addr3, sdata->u.ibss.bssid, ETH_ALEN);
2783 if (!chanctx_conf) {
2784 if (!sdata->vif.valid_links) {
2788 /* MLD transmissions must not rely on the band */
2791 band = chanctx_conf->def.chan->band;
2794 multicast = is_multicast_ether_addr(hdr.addr1);
2796 /* sta is always NULL for mesh */
2798 authorized = test_sta_flag(sta, WLAN_STA_AUTHORIZED);
2799 wme_sta = sta->sta.wme;
2800 } else if (ieee80211_vif_is_mesh(&sdata->vif)) {
2801 /* For mesh, the use of the QoS header is mandatory */
2805 /* receiver does QoS (which also means we do) use it */
2807 fc |= cpu_to_le16(IEEE80211_STYPE_QOS_DATA);
2812 * Drop unicast frames to unauthorised stations unless they are
2813 * EAPOL frames from the local station.
2815 if (unlikely(!ieee80211_vif_is_mesh(&sdata->vif) &&
2816 (sdata->vif.type != NL80211_IFTYPE_OCB) &&
2817 !multicast && !authorized &&
2818 (cpu_to_be16(ethertype) != sdata->control_port_protocol ||
2819 !ieee80211_is_our_addr(sdata, skb->data + ETH_ALEN, NULL)))) {
2820 #ifdef CONFIG_MAC80211_VERBOSE_DEBUG
2821 net_info_ratelimited("%s: dropped frame to %pM (unauthorized port)\n",
2822 sdata->name, hdr.addr1);
2825 I802_DEBUG_INC(local->tx_handlers_drop_unauth_port);
2831 if (unlikely(!multicast && ((skb->sk &&
2832 skb_shinfo(skb)->tx_flags & SKBTX_WIFI_STATUS) ||
2833 ctrl_flags & IEEE80211_TX_CTL_REQ_TX_STATUS)))
2834 info_id = ieee80211_store_ack_skb(local, skb, &info_flags,
2838 * If the skb is shared we need to obtain our own copy.
2840 skb = skb_share_check(skb, GFP_ATOMIC);
2841 if (unlikely(!skb)) {
2846 hdr.frame_control = fc;
2847 hdr.duration_id = 0;
2850 skip_header_bytes = ETH_HLEN;
2851 if (ethertype == ETH_P_AARP || ethertype == ETH_P_IPX) {
2852 encaps_data = bridge_tunnel_header;
2853 encaps_len = sizeof(bridge_tunnel_header);
2854 skip_header_bytes -= 2;
2855 } else if (ethertype >= ETH_P_802_3_MIN) {
2856 encaps_data = rfc1042_header;
2857 encaps_len = sizeof(rfc1042_header);
2858 skip_header_bytes -= 2;
2864 skb_pull(skb, skip_header_bytes);
2865 head_need = hdrlen + encaps_len + meshhdrlen - skb_headroom(skb);
2868 * So we need to modify the skb header and hence need a copy of
2869 * that. The head_need variable above doesn't, so far, include
2870 * the needed header space that we don't need right away. If we
2871 * can, then we don't reallocate right now but only after the
2872 * frame arrives at the master device (if it does...)
2874 * If we cannot, however, then we will reallocate to include all
2875 * the ever needed space. Also, if we need to reallocate it anyway,
2876 * make it big enough for everything we may ever need.
2879 if (head_need > 0 || skb_cloned(skb)) {
2880 head_need += IEEE80211_ENCRYPT_HEADROOM;
2881 head_need += local->tx_headroom;
2882 head_need = max_t(int, 0, head_need);
2883 if (ieee80211_skb_resize(sdata, skb, head_need, ENCRYPT_DATA)) {
2884 ieee80211_free_txskb(&local->hw, skb);
2886 return ERR_PTR(-ENOMEM);
2891 memcpy(skb_push(skb, encaps_len), encaps_data, encaps_len);
2893 #ifdef CONFIG_MAC80211_MESH
2895 memcpy(skb_push(skb, meshhdrlen), &mesh_hdr, meshhdrlen);
2898 if (ieee80211_is_data_qos(fc)) {
2899 __le16 *qos_control;
2901 qos_control = skb_push(skb, 2);
2902 memcpy(skb_push(skb, hdrlen - 2), &hdr, hdrlen - 2);
2904 * Maybe we could actually set some fields here, for now just
2905 * initialise to zero to indicate no special operation.
2909 memcpy(skb_push(skb, hdrlen), &hdr, hdrlen);
2911 skb_reset_mac_header(skb);
2913 info = IEEE80211_SKB_CB(skb);
2914 memset(info, 0, sizeof(*info));
2916 info->flags = info_flags;
2917 info->ack_frame_id = info_id;
2920 if (likely(!cookie)) {
2921 ctrl_flags |= u32_encode_bits(link_id,
2922 IEEE80211_TX_CTRL_MLO_LINK);
2924 unsigned int pre_conf_link_id;
2927 * ctrl_flags already have been set by
2928 * ieee80211_tx_control_port(), here
2929 * we just sanity check that
2932 pre_conf_link_id = u32_get_bits(ctrl_flags,
2933 IEEE80211_TX_CTRL_MLO_LINK);
2935 if (pre_conf_link_id != link_id &&
2936 link_id != IEEE80211_LINK_UNSPECIFIED) {
2937 #ifdef CPTCFG_MAC80211_VERBOSE_DEBUG
2938 net_info_ratelimited("%s: dropped frame to %pM with bad link ID request (%d vs. %d)\n",
2939 sdata->name, hdr.addr1,
2940 pre_conf_link_id, link_id);
2947 info->control.flags = ctrl_flags;
2952 return ERR_PTR(ret);
2956 * fast-xmit overview
2958 * The core idea of this fast-xmit is to remove per-packet checks by checking
2959 * them out of band. ieee80211_check_fast_xmit() implements the out-of-band
2960 * checks that are needed to get the sta->fast_tx pointer assigned, after which
2961 * much less work can be done per packet. For example, fragmentation must be
2962 * disabled or the fast_tx pointer will not be set. All the conditions are seen
2965 * Once assigned, the fast_tx data structure also caches the per-packet 802.11
2966 * header and other data to aid packet processing in ieee80211_xmit_fast().
2968 * The most difficult part of this is that when any of these assumptions
2969 * change, an external trigger (i.e. a call to ieee80211_clear_fast_xmit(),
2970 * ieee80211_check_fast_xmit() or friends) is required to reset the data,
2971 * since the per-packet code no longer checks the conditions. This is reflected
2972 * by the calls to these functions throughout the rest of the code, and must be
2973 * maintained if any of the TX path checks change.
2976 void ieee80211_check_fast_xmit(struct sta_info *sta)
2978 struct ieee80211_fast_tx build = {}, *fast_tx = NULL, *old;
2979 struct ieee80211_local *local = sta->local;
2980 struct ieee80211_sub_if_data *sdata = sta->sdata;
2981 struct ieee80211_hdr *hdr = (void *)build.hdr;
2982 struct ieee80211_chanctx_conf *chanctx_conf;
2985 if (!ieee80211_hw_check(&local->hw, SUPPORT_FAST_XMIT))
2988 /* Locking here protects both the pointer itself, and against concurrent
2989 * invocations winning data access races to, e.g., the key pointer that
2991 * Without it, the invocation of this function right after the key
2992 * pointer changes wouldn't be sufficient, as another CPU could access
2993 * the pointer, then stall, and then do the cache update after the CPU
2994 * that invalidated the key.
2995 * With the locking, such scenarios cannot happen as the check for the
2996 * key and the fast-tx assignment are done atomically, so the CPU that
2997 * modifies the key will either wait or other one will see the key
2998 * cleared/changed already.
3000 spin_lock_bh(&sta->lock);
3001 if (ieee80211_hw_check(&local->hw, SUPPORTS_PS) &&
3002 !ieee80211_hw_check(&local->hw, SUPPORTS_DYNAMIC_PS) &&
3003 sdata->vif.type == NL80211_IFTYPE_STATION)
3006 if (!test_sta_flag(sta, WLAN_STA_AUTHORIZED))
3009 if (test_sta_flag(sta, WLAN_STA_PS_STA) ||
3010 test_sta_flag(sta, WLAN_STA_PS_DRIVER) ||
3011 test_sta_flag(sta, WLAN_STA_PS_DELIVER) ||
3012 test_sta_flag(sta, WLAN_STA_CLEAR_PS_FILT))
3015 if (sdata->noack_map)
3018 /* fast-xmit doesn't handle fragmentation at all */
3019 if (local->hw.wiphy->frag_threshold != (u32)-1 &&
3020 !ieee80211_hw_check(&local->hw, SUPPORTS_TX_FRAG))
3023 if (!sdata->vif.valid_links) {
3026 rcu_dereference(sdata->vif.bss_conf.chanctx_conf);
3027 if (!chanctx_conf) {
3031 build.band = chanctx_conf->def.chan->band;
3034 /* MLD transmissions must not rely on the band */
3038 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA);
3040 switch (sdata->vif.type) {
3041 case NL80211_IFTYPE_ADHOC:
3043 build.da_offs = offsetof(struct ieee80211_hdr, addr1);
3044 build.sa_offs = offsetof(struct ieee80211_hdr, addr2);
3045 memcpy(hdr->addr3, sdata->u.ibss.bssid, ETH_ALEN);
3048 case NL80211_IFTYPE_STATION:
3049 if (test_sta_flag(sta, WLAN_STA_TDLS_PEER)) {
3051 build.da_offs = offsetof(struct ieee80211_hdr, addr1);
3052 build.sa_offs = offsetof(struct ieee80211_hdr, addr2);
3053 memcpy(hdr->addr3, sdata->deflink.u.mgd.bssid, ETH_ALEN);
3058 if (sdata->u.mgd.use_4addr) {
3059 /* non-regular ethertype cannot use the fastpath */
3060 fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS |
3061 IEEE80211_FCTL_TODS);
3063 memcpy(hdr->addr1, sdata->deflink.u.mgd.bssid, ETH_ALEN);
3064 memcpy(hdr->addr2, sdata->vif.addr, ETH_ALEN);
3065 build.da_offs = offsetof(struct ieee80211_hdr, addr3);
3066 build.sa_offs = offsetof(struct ieee80211_hdr, addr4);
3070 fc |= cpu_to_le16(IEEE80211_FCTL_TODS);
3072 memcpy(hdr->addr1, sdata->vif.cfg.ap_addr, ETH_ALEN);
3073 build.da_offs = offsetof(struct ieee80211_hdr, addr3);
3074 build.sa_offs = offsetof(struct ieee80211_hdr, addr2);
3077 case NL80211_IFTYPE_AP_VLAN:
3078 if (sdata->wdev.use_4addr) {
3079 fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS |
3080 IEEE80211_FCTL_TODS);
3082 memcpy(hdr->addr1, sta->sta.addr, ETH_ALEN);
3083 memcpy(hdr->addr2, sdata->vif.addr, ETH_ALEN);
3084 build.da_offs = offsetof(struct ieee80211_hdr, addr3);
3085 build.sa_offs = offsetof(struct ieee80211_hdr, addr4);
3090 case NL80211_IFTYPE_AP:
3091 fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS);
3093 build.da_offs = offsetof(struct ieee80211_hdr, addr1);
3094 if (sta->sta.mlo || !sdata->vif.valid_links) {
3095 memcpy(hdr->addr2, sdata->vif.addr, ETH_ALEN);
3097 unsigned int link_id = sta->deflink.link_id;
3098 struct ieee80211_link_data *link;
3101 link = rcu_dereference(sdata->link[link_id]);
3102 if (WARN_ON(!link)) {
3106 memcpy(hdr->addr2, link->conf->addr, ETH_ALEN);
3109 build.sa_offs = offsetof(struct ieee80211_hdr, addr3);
3113 /* not handled on fast-xmit */
3119 fc |= cpu_to_le16(IEEE80211_STYPE_QOS_DATA);
3122 /* We store the key here so there's no point in using rcu_dereference()
3123 * but that's fine because the code that changes the pointers will call
3124 * this function after doing so. For a single CPU that would be enough,
3125 * for multiple see the comment above.
3127 build.key = rcu_access_pointer(sta->ptk[sta->ptk_idx]);
3129 build.key = rcu_access_pointer(sdata->default_unicast_key);
3131 bool gen_iv, iv_spc, mmic;
3133 gen_iv = build.key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV;
3134 iv_spc = build.key->conf.flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE;
3135 mmic = build.key->conf.flags &
3136 (IEEE80211_KEY_FLAG_GENERATE_MMIC |
3137 IEEE80211_KEY_FLAG_PUT_MIC_SPACE);
3139 /* don't handle software crypto */
3140 if (!(build.key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
3143 /* Key is being removed */
3144 if (build.key->flags & KEY_FLAG_TAINTED)
3147 switch (build.key->conf.cipher) {
3148 case WLAN_CIPHER_SUITE_CCMP:
3149 case WLAN_CIPHER_SUITE_CCMP_256:
3151 build.pn_offs = build.hdr_len;
3152 if (gen_iv || iv_spc)
3153 build.hdr_len += IEEE80211_CCMP_HDR_LEN;
3155 case WLAN_CIPHER_SUITE_GCMP:
3156 case WLAN_CIPHER_SUITE_GCMP_256:
3158 build.pn_offs = build.hdr_len;
3159 if (gen_iv || iv_spc)
3160 build.hdr_len += IEEE80211_GCMP_HDR_LEN;
3162 case WLAN_CIPHER_SUITE_TKIP:
3163 /* cannot handle MMIC or IV generation in xmit-fast */
3167 build.hdr_len += IEEE80211_TKIP_IV_LEN;
3169 case WLAN_CIPHER_SUITE_WEP40:
3170 case WLAN_CIPHER_SUITE_WEP104:
3171 /* cannot handle IV generation in fast-xmit */
3175 build.hdr_len += IEEE80211_WEP_IV_LEN;
3177 case WLAN_CIPHER_SUITE_AES_CMAC:
3178 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
3179 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
3180 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
3182 "management cipher suite 0x%x enabled for data\n",
3183 build.key->conf.cipher);
3186 /* we don't know how to generate IVs for this at all */
3187 if (WARN_ON(gen_iv))
3191 fc |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
3194 hdr->frame_control = fc;
3196 memcpy(build.hdr + build.hdr_len,
3197 rfc1042_header, sizeof(rfc1042_header));
3198 build.hdr_len += sizeof(rfc1042_header);
3200 fast_tx = kmemdup(&build, sizeof(build), GFP_ATOMIC);
3201 /* if the kmemdup fails, continue w/o fast_tx */
3204 /* we might have raced against another call to this function */
3205 old = rcu_dereference_protected(sta->fast_tx,
3206 lockdep_is_held(&sta->lock));
3207 rcu_assign_pointer(sta->fast_tx, fast_tx);
3209 kfree_rcu(old, rcu_head);
3210 spin_unlock_bh(&sta->lock);
3213 void ieee80211_check_fast_xmit_all(struct ieee80211_local *local)
3215 struct sta_info *sta;
3218 list_for_each_entry_rcu(sta, &local->sta_list, list)
3219 ieee80211_check_fast_xmit(sta);
3223 void ieee80211_check_fast_xmit_iface(struct ieee80211_sub_if_data *sdata)
3225 struct ieee80211_local *local = sdata->local;
3226 struct sta_info *sta;
3230 list_for_each_entry_rcu(sta, &local->sta_list, list) {
3231 if (sdata != sta->sdata &&
3232 (!sta->sdata->bss || sta->sdata->bss != sdata->bss))
3234 ieee80211_check_fast_xmit(sta);
3240 void ieee80211_clear_fast_xmit(struct sta_info *sta)
3242 struct ieee80211_fast_tx *fast_tx;
3244 spin_lock_bh(&sta->lock);
3245 fast_tx = rcu_dereference_protected(sta->fast_tx,
3246 lockdep_is_held(&sta->lock));
3247 RCU_INIT_POINTER(sta->fast_tx, NULL);
3248 spin_unlock_bh(&sta->lock);
3251 kfree_rcu(fast_tx, rcu_head);
3254 static bool ieee80211_amsdu_realloc_pad(struct ieee80211_local *local,
3255 struct sk_buff *skb, int headroom)
3257 if (skb_headroom(skb) < headroom) {
3258 I802_DEBUG_INC(local->tx_expand_skb_head);
3260 if (pskb_expand_head(skb, headroom, 0, GFP_ATOMIC)) {
3261 wiphy_debug(local->hw.wiphy,
3262 "failed to reallocate TX buffer\n");
3270 static bool ieee80211_amsdu_prepare_head(struct ieee80211_sub_if_data *sdata,
3271 struct ieee80211_fast_tx *fast_tx,
3272 struct sk_buff *skb)
3274 struct ieee80211_local *local = sdata->local;
3275 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
3276 struct ieee80211_hdr *hdr;
3277 struct ethhdr *amsdu_hdr;
3278 int hdr_len = fast_tx->hdr_len - sizeof(rfc1042_header);
3279 int subframe_len = skb->len - hdr_len;
3281 u8 *qc, *h_80211_src, *h_80211_dst;
3284 if (info->flags & IEEE80211_TX_CTL_RATE_CTRL_PROBE)
3287 if (info->control.flags & IEEE80211_TX_CTRL_AMSDU)
3290 if (!ieee80211_amsdu_realloc_pad(local, skb,
3291 sizeof(*amsdu_hdr) +
3292 local->hw.extra_tx_headroom))
3295 data = skb_push(skb, sizeof(*amsdu_hdr));
3296 memmove(data, data + sizeof(*amsdu_hdr), hdr_len);
3298 amsdu_hdr = data + hdr_len;
3299 /* h_80211_src/dst is addr* field within hdr */
3300 h_80211_src = data + fast_tx->sa_offs;
3301 h_80211_dst = data + fast_tx->da_offs;
3303 amsdu_hdr->h_proto = cpu_to_be16(subframe_len);
3304 ether_addr_copy(amsdu_hdr->h_source, h_80211_src);
3305 ether_addr_copy(amsdu_hdr->h_dest, h_80211_dst);
3307 /* according to IEEE 802.11-2012 8.3.2 table 8-19, the outer SA/DA
3308 * fields needs to be changed to BSSID for A-MSDU frames depending
3309 * on FromDS/ToDS values.
3311 switch (sdata->vif.type) {
3312 case NL80211_IFTYPE_STATION:
3313 bssid = sdata->vif.cfg.ap_addr;
3315 case NL80211_IFTYPE_AP:
3316 case NL80211_IFTYPE_AP_VLAN:
3317 bssid = sdata->vif.addr;
3323 if (bssid && ieee80211_has_fromds(hdr->frame_control))
3324 ether_addr_copy(h_80211_src, bssid);
3326 if (bssid && ieee80211_has_tods(hdr->frame_control))
3327 ether_addr_copy(h_80211_dst, bssid);
3329 qc = ieee80211_get_qos_ctl(hdr);
3330 *qc |= IEEE80211_QOS_CTL_A_MSDU_PRESENT;
3332 info->control.flags |= IEEE80211_TX_CTRL_AMSDU;
3337 static bool ieee80211_amsdu_aggregate(struct ieee80211_sub_if_data *sdata,
3338 struct sta_info *sta,
3339 struct ieee80211_fast_tx *fast_tx,
3340 struct sk_buff *skb)
3342 struct ieee80211_local *local = sdata->local;
3343 struct fq *fq = &local->fq;
3345 struct fq_flow *flow;
3346 u8 tid = skb->priority & IEEE80211_QOS_CTL_TAG1D_MASK;
3347 struct ieee80211_txq *txq = sta->sta.txq[tid];
3348 struct txq_info *txqi;
3349 struct sk_buff **frag_tail, *head;
3350 int subframe_len = skb->len - ETH_ALEN;
3351 u8 max_subframes = sta->sta.max_amsdu_subframes;
3352 int max_frags = local->hw.max_tx_fragments;
3353 int max_amsdu_len = sta->sta.max_amsdu_len;
3359 unsigned int orig_len;
3360 int n = 2, nfrags, pad = 0;
3363 if (!ieee80211_hw_check(&local->hw, TX_AMSDU))
3366 if (sdata->vif.offload_flags & IEEE80211_OFFLOAD_ENCAP_ENABLED)
3369 if (skb_is_gso(skb))
3375 txqi = to_txq_info(txq);
3376 if (test_bit(IEEE80211_TXQ_NO_AMSDU, &txqi->flags))
3379 if (sta->sta.max_rc_amsdu_len)
3380 max_amsdu_len = min_t(int, max_amsdu_len,
3381 sta->sta.max_rc_amsdu_len);
3383 if (sta->sta.max_tid_amsdu_len[tid])
3384 max_amsdu_len = min_t(int, max_amsdu_len,
3385 sta->sta.max_tid_amsdu_len[tid]);
3387 flow_idx = fq_flow_idx(fq, skb);
3389 spin_lock_bh(&fq->lock);
3391 /* TODO: Ideally aggregation should be done on dequeue to remain
3392 * responsive to environment changes.
3396 flow = fq_flow_classify(fq, tin, flow_idx, skb);
3397 head = skb_peek_tail(&flow->queue);
3398 if (!head || skb_is_gso(head))
3401 orig_truesize = head->truesize;
3402 orig_len = head->len;
3404 if (skb->len + head->len > max_amsdu_len)
3407 nfrags = 1 + skb_shinfo(skb)->nr_frags;
3408 nfrags += 1 + skb_shinfo(head)->nr_frags;
3409 frag_tail = &skb_shinfo(head)->frag_list;
3410 while (*frag_tail) {
3411 nfrags += 1 + skb_shinfo(*frag_tail)->nr_frags;
3412 frag_tail = &(*frag_tail)->next;
3416 if (max_subframes && n > max_subframes)
3419 if (max_frags && nfrags > max_frags)
3422 if (!drv_can_aggregate_in_amsdu(local, head, skb))
3425 if (!ieee80211_amsdu_prepare_head(sdata, fast_tx, head))
3428 /* If n == 2, the "while (*frag_tail)" loop above didn't execute
3429 * and frag_tail should be &skb_shinfo(head)->frag_list.
3430 * However, ieee80211_amsdu_prepare_head() can reallocate it.
3431 * Reload frag_tail to have it pointing to the correct place.
3434 frag_tail = &skb_shinfo(head)->frag_list;
3437 * Pad out the previous subframe to a multiple of 4 by adding the
3438 * padding to the next one, that's being added. Note that head->len
3439 * is the length of the full A-MSDU, but that works since each time
3440 * we add a new subframe we pad out the previous one to a multiple
3441 * of 4 and thus it no longer matters in the next round.
3443 hdrlen = fast_tx->hdr_len - sizeof(rfc1042_header);
3444 if ((head->len - hdrlen) & 3)
3445 pad = 4 - ((head->len - hdrlen) & 3);
3447 if (!ieee80211_amsdu_realloc_pad(local, skb, sizeof(rfc1042_header) +
3452 data = skb_push(skb, ETH_ALEN + 2);
3453 memmove(data, data + ETH_ALEN + 2, 2 * ETH_ALEN);
3455 data += 2 * ETH_ALEN;
3456 len = cpu_to_be16(subframe_len);
3457 memcpy(data, &len, 2);
3458 memcpy(data + 2, rfc1042_header, sizeof(rfc1042_header));
3460 memset(skb_push(skb, pad), 0, pad);
3462 head->len += skb->len;
3463 head->data_len += skb->len;
3467 fq->memory_usage += head->truesize - orig_truesize;
3468 if (head->len != orig_len) {
3469 flow->backlog += head->len - orig_len;
3470 tin->backlog_bytes += head->len - orig_len;
3473 spin_unlock_bh(&fq->lock);
3479 * Can be called while the sta lock is held. Anything that can cause packets to
3480 * be generated will cause deadlock!
3482 static ieee80211_tx_result
3483 ieee80211_xmit_fast_finish(struct ieee80211_sub_if_data *sdata,
3484 struct sta_info *sta, u8 pn_offs,
3485 struct ieee80211_key *key,
3486 struct ieee80211_tx_data *tx)
3488 struct sk_buff *skb = tx->skb;
3489 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
3490 struct ieee80211_hdr *hdr = (void *)skb->data;
3491 u8 tid = IEEE80211_NUM_TIDS;
3493 if (!ieee80211_hw_check(&tx->local->hw, HAS_RATE_CONTROL) &&
3494 ieee80211_tx_h_rate_ctrl(tx) != TX_CONTINUE)
3498 info->control.hw_key = &key->conf;
3500 dev_sw_netstats_tx_add(skb->dev, 1, skb->len);
3502 if (hdr->frame_control & cpu_to_le16(IEEE80211_STYPE_QOS_DATA)) {
3503 tid = skb->priority & IEEE80211_QOS_CTL_TAG1D_MASK;
3504 hdr->seq_ctrl = ieee80211_tx_next_seq(sta, tid);
3506 info->flags |= IEEE80211_TX_CTL_ASSIGN_SEQ;
3507 hdr->seq_ctrl = cpu_to_le16(sdata->sequence_number);
3508 sdata->sequence_number += 0x10;
3511 if (skb_shinfo(skb)->gso_size)
3512 sta->deflink.tx_stats.msdu[tid] +=
3513 DIV_ROUND_UP(skb->len, skb_shinfo(skb)->gso_size);
3515 sta->deflink.tx_stats.msdu[tid]++;
3517 info->hw_queue = sdata->vif.hw_queue[skb_get_queue_mapping(skb)];
3519 /* statistics normally done by ieee80211_tx_h_stats (but that
3520 * has to consider fragmentation, so is more complex)
3522 sta->deflink.tx_stats.bytes[skb_get_queue_mapping(skb)] += skb->len;
3523 sta->deflink.tx_stats.packets[skb_get_queue_mapping(skb)]++;
3527 u8 *crypto_hdr = skb->data + pn_offs;
3529 switch (key->conf.cipher) {
3530 case WLAN_CIPHER_SUITE_CCMP:
3531 case WLAN_CIPHER_SUITE_CCMP_256:
3532 case WLAN_CIPHER_SUITE_GCMP:
3533 case WLAN_CIPHER_SUITE_GCMP_256:
3534 pn = atomic64_inc_return(&key->conf.tx_pn);
3536 crypto_hdr[1] = pn >> 8;
3537 crypto_hdr[3] = 0x20 | (key->conf.keyidx << 6);
3538 crypto_hdr[4] = pn >> 16;
3539 crypto_hdr[5] = pn >> 24;
3540 crypto_hdr[6] = pn >> 32;
3541 crypto_hdr[7] = pn >> 40;
3549 static bool ieee80211_xmit_fast(struct ieee80211_sub_if_data *sdata,
3550 struct sta_info *sta,
3551 struct ieee80211_fast_tx *fast_tx,
3552 struct sk_buff *skb)
3554 struct ieee80211_local *local = sdata->local;
3555 u16 ethertype = (skb->data[12] << 8) | skb->data[13];
3556 int extra_head = fast_tx->hdr_len - (ETH_HLEN - 2);
3557 int hw_headroom = sdata->local->hw.extra_tx_headroom;
3559 struct ieee80211_tx_info *info;
3560 struct ieee80211_hdr *hdr = (void *)fast_tx->hdr;
3561 struct ieee80211_tx_data tx;
3562 ieee80211_tx_result r;
3563 struct tid_ampdu_tx *tid_tx = NULL;
3564 u8 tid = IEEE80211_NUM_TIDS;
3566 /* control port protocol needs a lot of special handling */
3567 if (cpu_to_be16(ethertype) == sdata->control_port_protocol)
3570 /* only RFC 1042 SNAP */
3571 if (ethertype < ETH_P_802_3_MIN)
3574 /* don't handle TX status request here either */
3575 if (skb->sk && skb_shinfo(skb)->tx_flags & SKBTX_WIFI_STATUS)
3578 if (hdr->frame_control & cpu_to_le16(IEEE80211_STYPE_QOS_DATA)) {
3579 tid = skb->priority & IEEE80211_QOS_CTL_TAG1D_MASK;
3580 tid_tx = rcu_dereference(sta->ampdu_mlme.tid_tx[tid]);
3582 if (!test_bit(HT_AGG_STATE_OPERATIONAL, &tid_tx->state))
3584 if (tid_tx->timeout)
3585 tid_tx->last_tx = jiffies;
3589 /* after this point (skb is modified) we cannot return false */
3591 skb = skb_share_check(skb, GFP_ATOMIC);
3595 if ((hdr->frame_control & cpu_to_le16(IEEE80211_STYPE_QOS_DATA)) &&
3596 ieee80211_amsdu_aggregate(sdata, sta, fast_tx, skb))
3599 /* will not be crypto-handled beyond what we do here, so use false
3600 * as the may-encrypt argument for the resize to not account for
3601 * more room than we already have in 'extra_head'
3603 if (unlikely(ieee80211_skb_resize(sdata, skb,
3604 max_t(int, extra_head + hw_headroom -
3605 skb_headroom(skb), 0),
3611 memcpy(ð, skb->data, ETH_HLEN - 2);
3612 hdr = skb_push(skb, extra_head);
3613 memcpy(skb->data, fast_tx->hdr, fast_tx->hdr_len);
3614 memcpy(skb->data + fast_tx->da_offs, eth.h_dest, ETH_ALEN);
3615 memcpy(skb->data + fast_tx->sa_offs, eth.h_source, ETH_ALEN);
3617 info = IEEE80211_SKB_CB(skb);
3618 memset(info, 0, sizeof(*info));
3619 info->band = fast_tx->band;
3620 info->control.vif = &sdata->vif;
3621 info->flags = IEEE80211_TX_CTL_FIRST_FRAGMENT |
3622 IEEE80211_TX_CTL_DONTFRAG |
3623 (tid_tx ? IEEE80211_TX_CTL_AMPDU : 0);
3624 info->control.flags = IEEE80211_TX_CTRL_FAST_XMIT |
3625 u32_encode_bits(IEEE80211_LINK_UNSPECIFIED,
3626 IEEE80211_TX_CTRL_MLO_LINK);
3628 #ifdef CONFIG_MAC80211_DEBUGFS
3629 if (local->force_tx_status)
3630 info->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS;
3633 if (hdr->frame_control & cpu_to_le16(IEEE80211_STYPE_QOS_DATA)) {
3634 tid = skb->priority & IEEE80211_QOS_CTL_TAG1D_MASK;
3635 *ieee80211_get_qos_ctl(hdr) = tid;
3638 __skb_queue_head_init(&tx.skbs);
3640 tx.flags = IEEE80211_TX_UNICAST;
3644 tx.key = fast_tx->key;
3646 if (ieee80211_queue_skb(local, sdata, sta, skb))
3650 r = ieee80211_xmit_fast_finish(sdata, sta, fast_tx->pn_offs,
3658 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
3659 sdata = container_of(sdata->bss,
3660 struct ieee80211_sub_if_data, u.ap);
3662 __skb_queue_tail(&tx.skbs, skb);
3663 ieee80211_tx_frags(local, &sdata->vif, sta, &tx.skbs, false);
3667 struct sk_buff *ieee80211_tx_dequeue(struct ieee80211_hw *hw,
3668 struct ieee80211_txq *txq)
3670 struct ieee80211_local *local = hw_to_local(hw);
3671 struct txq_info *txqi = container_of(txq, struct txq_info, txq);
3672 struct ieee80211_hdr *hdr;
3673 struct sk_buff *skb = NULL;
3674 struct fq *fq = &local->fq;
3675 struct fq_tin *tin = &txqi->tin;
3676 struct ieee80211_tx_info *info;
3677 struct ieee80211_tx_data tx;
3678 ieee80211_tx_result r;
3679 struct ieee80211_vif *vif = txq->vif;
3681 WARN_ON_ONCE(softirq_count() == 0);
3683 if (!ieee80211_txq_airtime_check(hw, txq))
3687 spin_lock_bh(&fq->lock);
3689 if (test_bit(IEEE80211_TXQ_STOP, &txqi->flags) ||
3690 test_bit(IEEE80211_TXQ_STOP_NETIF_TX, &txqi->flags))
3693 if (vif->txqs_stopped[txq->ac]) {
3694 set_bit(IEEE80211_TXQ_STOP_NETIF_TX, &txqi->flags);
3698 /* Make sure fragments stay together. */
3699 skb = __skb_dequeue(&txqi->frags);
3700 if (unlikely(skb)) {
3701 if (!(IEEE80211_SKB_CB(skb)->control.flags &
3702 IEEE80211_TX_INTCFL_NEED_TXPROCESSING))
3704 IEEE80211_SKB_CB(skb)->control.flags &=
3705 ~IEEE80211_TX_INTCFL_NEED_TXPROCESSING;
3707 skb = fq_tin_dequeue(fq, tin, fq_tin_dequeue_func);
3713 spin_unlock_bh(&fq->lock);
3715 hdr = (struct ieee80211_hdr *)skb->data;
3716 info = IEEE80211_SKB_CB(skb);
3718 memset(&tx, 0, sizeof(tx));
3719 __skb_queue_head_init(&tx.skbs);
3722 tx.sdata = vif_to_sdata(info->control.vif);
3725 tx.sta = container_of(txq->sta, struct sta_info, sta);
3727 * Drop unicast frames to unauthorised stations unless they are
3728 * injected frames or EAPOL frames from the local station.
3730 if (unlikely(!(info->flags & IEEE80211_TX_CTL_INJECTED) &&
3731 ieee80211_is_data(hdr->frame_control) &&
3732 !ieee80211_vif_is_mesh(&tx.sdata->vif) &&
3733 tx.sdata->vif.type != NL80211_IFTYPE_OCB &&
3734 !is_multicast_ether_addr(hdr->addr1) &&
3735 !test_sta_flag(tx.sta, WLAN_STA_AUTHORIZED) &&
3736 (!(info->control.flags &
3737 IEEE80211_TX_CTRL_PORT_CTRL_PROTO) ||
3738 !ether_addr_equal(tx.sdata->vif.addr,
3740 I802_DEBUG_INC(local->tx_handlers_drop_unauth_port);
3741 ieee80211_free_txskb(&local->hw, skb);
3747 * The key can be removed while the packet was queued, so need to call
3748 * this here to get the current key.
3750 r = ieee80211_tx_h_select_key(&tx);
3751 if (r != TX_CONTINUE) {
3752 ieee80211_free_txskb(&local->hw, skb);
3756 if (test_bit(IEEE80211_TXQ_AMPDU, &txqi->flags))
3757 info->flags |= IEEE80211_TX_CTL_AMPDU;
3759 info->flags &= ~IEEE80211_TX_CTL_AMPDU;
3761 if (info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP) {
3762 if (!ieee80211_hw_check(&local->hw, HAS_RATE_CONTROL)) {
3763 r = ieee80211_tx_h_rate_ctrl(&tx);
3764 if (r != TX_CONTINUE) {
3765 ieee80211_free_txskb(&local->hw, skb);
3772 if (info->control.flags & IEEE80211_TX_CTRL_FAST_XMIT) {
3773 struct sta_info *sta = container_of(txq->sta, struct sta_info,
3778 (tx.key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV))
3779 pn_offs = ieee80211_hdrlen(hdr->frame_control);
3781 r = ieee80211_xmit_fast_finish(sta->sdata, sta, pn_offs,
3783 if (r != TX_CONTINUE) {
3784 ieee80211_free_txskb(&local->hw, skb);
3788 if (invoke_tx_handlers_late(&tx))
3791 skb = __skb_dequeue(&tx.skbs);
3793 if (!skb_queue_empty(&tx.skbs)) {
3794 spin_lock_bh(&fq->lock);
3795 skb_queue_splice_tail(&tx.skbs, &txqi->frags);
3796 spin_unlock_bh(&fq->lock);
3800 if (skb_has_frag_list(skb) &&
3801 !ieee80211_hw_check(&local->hw, TX_FRAG_LIST)) {
3802 if (skb_linearize(skb)) {
3803 ieee80211_free_txskb(&local->hw, skb);
3808 switch (tx.sdata->vif.type) {
3809 case NL80211_IFTYPE_MONITOR:
3810 if (tx.sdata->u.mntr.flags & MONITOR_FLAG_ACTIVE) {
3811 vif = &tx.sdata->vif;
3814 tx.sdata = rcu_dereference(local->monitor_sdata);
3816 vif = &tx.sdata->vif;
3818 vif->hw_queue[skb_get_queue_mapping(skb)];
3819 } else if (ieee80211_hw_check(&local->hw, QUEUE_CONTROL)) {
3820 ieee80211_free_txskb(&local->hw, skb);
3826 case NL80211_IFTYPE_AP_VLAN:
3827 tx.sdata = container_of(tx.sdata->bss,
3828 struct ieee80211_sub_if_data, u.ap);
3831 vif = &tx.sdata->vif;
3836 IEEE80211_SKB_CB(skb)->control.vif = vif;
3839 wiphy_ext_feature_isset(local->hw.wiphy, NL80211_EXT_FEATURE_AQL)) {
3840 bool ampdu = txq->ac != IEEE80211_AC_VO;
3843 airtime = ieee80211_calc_expected_tx_airtime(hw, vif, txq->sta,
3846 airtime = ieee80211_info_set_tx_time_est(info, airtime);
3847 ieee80211_sta_update_pending_airtime(local, tx.sta,
3857 spin_unlock_bh(&fq->lock);
3861 EXPORT_SYMBOL(ieee80211_tx_dequeue);
3863 static inline s32 ieee80211_sta_deficit(struct sta_info *sta, u8 ac)
3865 struct airtime_info *air_info = &sta->airtime[ac];
3867 return air_info->deficit - atomic_read(&air_info->aql_tx_pending);
3871 ieee80211_txq_set_active(struct txq_info *txqi)
3873 struct sta_info *sta;
3878 sta = container_of(txqi->txq.sta, struct sta_info, sta);
3879 sta->airtime[txqi->txq.ac].last_active = (u32)jiffies;
3883 ieee80211_txq_keep_active(struct txq_info *txqi)
3885 struct sta_info *sta;
3891 sta = container_of(txqi->txq.sta, struct sta_info, sta);
3892 if (ieee80211_sta_deficit(sta, txqi->txq.ac) >= 0)
3895 diff = (u32)jiffies - sta->airtime[txqi->txq.ac].last_active;
3897 return diff <= AIRTIME_ACTIVE_DURATION;
3900 struct ieee80211_txq *ieee80211_next_txq(struct ieee80211_hw *hw, u8 ac)
3902 struct ieee80211_local *local = hw_to_local(hw);
3903 struct ieee80211_txq *ret = NULL;
3904 struct txq_info *txqi = NULL, *head = NULL;
3905 bool found_eligible_txq = false;
3907 spin_lock_bh(&local->active_txq_lock[ac]);
3909 if (!local->schedule_round[ac])
3913 txqi = list_first_entry_or_null(&local->active_txqs[ac],
3920 if (!found_eligible_txq)
3923 found_eligible_txq = false;
3929 if (txqi->txq.sta) {
3930 struct sta_info *sta = container_of(txqi->txq.sta,
3931 struct sta_info, sta);
3932 bool aql_check = ieee80211_txq_airtime_check(hw, &txqi->txq);
3933 s32 deficit = ieee80211_sta_deficit(sta, txqi->txq.ac);
3936 found_eligible_txq = true;
3939 sta->airtime[txqi->txq.ac].deficit +=
3940 sta->airtime_weight;
3942 if (deficit < 0 || !aql_check) {
3943 list_move_tail(&txqi->schedule_order,
3944 &local->active_txqs[txqi->txq.ac]);
3949 if (txqi->schedule_round == local->schedule_round[ac])
3952 list_del_init(&txqi->schedule_order);
3953 txqi->schedule_round = local->schedule_round[ac];
3957 spin_unlock_bh(&local->active_txq_lock[ac]);
3960 EXPORT_SYMBOL(ieee80211_next_txq);
3962 void __ieee80211_schedule_txq(struct ieee80211_hw *hw,
3963 struct ieee80211_txq *txq,
3966 struct ieee80211_local *local = hw_to_local(hw);
3967 struct txq_info *txqi = to_txq_info(txq);
3970 spin_lock_bh(&local->active_txq_lock[txq->ac]);
3972 has_queue = force || txq_has_queue(txq);
3973 if (list_empty(&txqi->schedule_order) &&
3974 (has_queue || ieee80211_txq_keep_active(txqi))) {
3975 /* If airtime accounting is active, always enqueue STAs at the
3976 * head of the list to ensure that they only get moved to the
3977 * back by the airtime DRR scheduler once they have a negative
3978 * deficit. A station that already has a negative deficit will
3979 * get immediately moved to the back of the list on the next
3980 * call to ieee80211_next_txq().
3982 if (txqi->txq.sta && local->airtime_flags && has_queue &&
3983 wiphy_ext_feature_isset(local->hw.wiphy,
3984 NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
3985 list_add(&txqi->schedule_order,
3986 &local->active_txqs[txq->ac]);
3988 list_add_tail(&txqi->schedule_order,
3989 &local->active_txqs[txq->ac]);
3991 ieee80211_txq_set_active(txqi);
3994 spin_unlock_bh(&local->active_txq_lock[txq->ac]);
3996 EXPORT_SYMBOL(__ieee80211_schedule_txq);
3998 DEFINE_STATIC_KEY_FALSE(aql_disable);
4000 bool ieee80211_txq_airtime_check(struct ieee80211_hw *hw,
4001 struct ieee80211_txq *txq)
4003 struct sta_info *sta;
4004 struct ieee80211_local *local = hw_to_local(hw);
4006 if (!wiphy_ext_feature_isset(local->hw.wiphy, NL80211_EXT_FEATURE_AQL))
4009 if (static_branch_unlikely(&aql_disable))
4015 if (unlikely(txq->tid == IEEE80211_NUM_TIDS))
4018 sta = container_of(txq->sta, struct sta_info, sta);
4019 if (atomic_read(&sta->airtime[txq->ac].aql_tx_pending) <
4020 sta->airtime[txq->ac].aql_limit_low)
4023 if (atomic_read(&local->aql_total_pending_airtime) <
4024 local->aql_threshold &&
4025 atomic_read(&sta->airtime[txq->ac].aql_tx_pending) <
4026 sta->airtime[txq->ac].aql_limit_high)
4031 EXPORT_SYMBOL(ieee80211_txq_airtime_check);
4034 ieee80211_txq_schedule_airtime_check(struct ieee80211_local *local, u8 ac)
4036 unsigned int num_txq = 0;
4037 struct txq_info *txq;
4040 if (!wiphy_ext_feature_isset(local->hw.wiphy, NL80211_EXT_FEATURE_AQL))
4043 list_for_each_entry(txq, &local->active_txqs[ac], schedule_order)
4046 aql_limit = (num_txq - 1) * local->aql_txq_limit_low[ac] / 2 +
4047 local->aql_txq_limit_high[ac];
4049 return atomic_read(&local->aql_ac_pending_airtime[ac]) < aql_limit;
4052 bool ieee80211_txq_may_transmit(struct ieee80211_hw *hw,
4053 struct ieee80211_txq *txq)
4055 struct ieee80211_local *local = hw_to_local(hw);
4056 struct txq_info *iter, *tmp, *txqi = to_txq_info(txq);
4057 struct sta_info *sta;
4060 spin_lock_bh(&local->active_txq_lock[ac]);
4065 if (list_empty(&txqi->schedule_order))
4068 if (!ieee80211_txq_schedule_airtime_check(local, ac))
4071 list_for_each_entry_safe(iter, tmp, &local->active_txqs[ac],
4076 if (!iter->txq.sta) {
4077 list_move_tail(&iter->schedule_order,
4078 &local->active_txqs[ac]);
4081 sta = container_of(iter->txq.sta, struct sta_info, sta);
4082 if (ieee80211_sta_deficit(sta, ac) < 0)
4083 sta->airtime[ac].deficit += sta->airtime_weight;
4084 list_move_tail(&iter->schedule_order, &local->active_txqs[ac]);
4087 sta = container_of(txqi->txq.sta, struct sta_info, sta);
4088 if (sta->airtime[ac].deficit >= 0)
4091 sta->airtime[ac].deficit += sta->airtime_weight;
4092 list_move_tail(&txqi->schedule_order, &local->active_txqs[ac]);
4093 spin_unlock_bh(&local->active_txq_lock[ac]);
4097 if (!list_empty(&txqi->schedule_order))
4098 list_del_init(&txqi->schedule_order);
4099 spin_unlock_bh(&local->active_txq_lock[ac]);
4103 EXPORT_SYMBOL(ieee80211_txq_may_transmit);
4105 void ieee80211_txq_schedule_start(struct ieee80211_hw *hw, u8 ac)
4107 struct ieee80211_local *local = hw_to_local(hw);
4109 spin_lock_bh(&local->active_txq_lock[ac]);
4111 if (ieee80211_txq_schedule_airtime_check(local, ac)) {
4112 local->schedule_round[ac]++;
4113 if (!local->schedule_round[ac])
4114 local->schedule_round[ac]++;
4116 local->schedule_round[ac] = 0;
4119 spin_unlock_bh(&local->active_txq_lock[ac]);
4121 EXPORT_SYMBOL(ieee80211_txq_schedule_start);
4123 void __ieee80211_subif_start_xmit(struct sk_buff *skb,
4124 struct net_device *dev,
4129 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4130 struct ieee80211_local *local = sdata->local;
4131 struct sta_info *sta;
4132 struct sk_buff *next;
4135 if (unlikely(skb->len < ETH_HLEN)) {
4142 if (ieee80211_lookup_ra_sta(sdata, skb, &sta))
4148 if (local->ops->wake_tx_queue) {
4149 u16 queue = __ieee80211_select_queue(sdata, sta, skb);
4150 skb_set_queue_mapping(skb, queue);
4154 ieee80211_aggr_check(sdata, sta, skb);
4156 sk_pacing_shift_update(skb->sk, sdata->local->hw.tx_sk_pacing_shift);
4159 struct ieee80211_fast_tx *fast_tx;
4161 fast_tx = rcu_dereference(sta->fast_tx);
4164 ieee80211_xmit_fast(sdata, sta, fast_tx, skb))
4168 if (skb_is_gso(skb)) {
4169 struct sk_buff *segs;
4171 segs = skb_gso_segment(skb, 0);
4179 /* we cannot process non-linear frames on this path */
4180 if (skb_linearize(skb))
4183 /* the frame could be fragmented, software-encrypted, and other
4184 * things so we cannot really handle checksum offload with it -
4185 * fix it up in software before we handle anything else.
4187 if (skb->ip_summed == CHECKSUM_PARTIAL) {
4188 skb_set_transport_header(skb,
4189 skb_checksum_start_offset(skb));
4190 if (skb_checksum_help(skb))
4195 skb_list_walk_safe(skb, skb, next) {
4196 skb_mark_not_on_list(skb);
4198 if (skb->protocol == sdata->control_port_protocol)
4199 ctrl_flags |= IEEE80211_TX_CTRL_SKIP_MPATH_LOOKUP;
4201 skb = ieee80211_build_hdr(sdata, skb, info_flags,
4202 sta, ctrl_flags, cookie);
4204 kfree_skb_list(next);
4208 dev_sw_netstats_tx_add(dev, 1, skb->len);
4210 ieee80211_xmit(sdata, sta, skb);
4218 ieee80211_tpt_led_trig_tx(local, len);
4222 static int ieee80211_change_da(struct sk_buff *skb, struct sta_info *sta)
4227 err = skb_ensure_writable(skb, ETH_HLEN);
4231 eth = (void *)skb->data;
4232 ether_addr_copy(eth->h_dest, sta->sta.addr);
4237 static bool ieee80211_multicast_to_unicast(struct sk_buff *skb,
4238 struct net_device *dev)
4240 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4241 const struct ethhdr *eth = (void *)skb->data;
4242 const struct vlan_ethhdr *ethvlan = (void *)skb->data;
4245 switch (sdata->vif.type) {
4246 case NL80211_IFTYPE_AP_VLAN:
4247 if (sdata->u.vlan.sta)
4249 if (sdata->wdev.use_4addr)
4252 case NL80211_IFTYPE_AP:
4253 /* check runtime toggle for this bss */
4254 if (!sdata->bss->multicast_to_unicast)
4261 /* multicast to unicast conversion only for some payload */
4262 ethertype = eth->h_proto;
4263 if (ethertype == htons(ETH_P_8021Q) && skb->len >= VLAN_ETH_HLEN)
4264 ethertype = ethvlan->h_vlan_encapsulated_proto;
4265 switch (ethertype) {
4266 case htons(ETH_P_ARP):
4267 case htons(ETH_P_IP):
4268 case htons(ETH_P_IPV6):
4278 ieee80211_convert_to_unicast(struct sk_buff *skb, struct net_device *dev,
4279 struct sk_buff_head *queue)
4281 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4282 struct ieee80211_local *local = sdata->local;
4283 const struct ethhdr *eth = (struct ethhdr *)skb->data;
4284 struct sta_info *sta, *first = NULL;
4285 struct sk_buff *cloned_skb;
4289 list_for_each_entry_rcu(sta, &local->sta_list, list) {
4290 if (sdata != sta->sdata)
4291 /* AP-VLAN mismatch */
4293 if (unlikely(ether_addr_equal(eth->h_source, sta->sta.addr)))
4294 /* do not send back to source */
4300 cloned_skb = skb_clone(skb, GFP_ATOMIC);
4303 if (unlikely(ieee80211_change_da(cloned_skb, sta))) {
4304 dev_kfree_skb(cloned_skb);
4307 __skb_queue_tail(queue, cloned_skb);
4310 if (likely(first)) {
4311 if (unlikely(ieee80211_change_da(skb, first)))
4313 __skb_queue_tail(queue, skb);
4315 /* no STA connected, drop */
4322 __skb_queue_purge(queue);
4323 __skb_queue_tail(queue, skb);
4328 static void ieee80211_mlo_multicast_tx_one(struct ieee80211_sub_if_data *sdata,
4329 struct sk_buff *skb, u32 ctrl_flags,
4330 unsigned int link_id)
4332 struct sk_buff *out;
4334 out = skb_copy(skb, GFP_ATOMIC);
4338 ctrl_flags |= u32_encode_bits(link_id, IEEE80211_TX_CTRL_MLO_LINK);
4339 __ieee80211_subif_start_xmit(out, sdata->dev, 0, ctrl_flags, NULL);
4342 static void ieee80211_mlo_multicast_tx(struct net_device *dev,
4343 struct sk_buff *skb)
4345 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4346 unsigned long links = sdata->vif.valid_links;
4348 u32 ctrl_flags = IEEE80211_TX_CTRL_MCAST_MLO_FIRST_TX;
4350 if (hweight16(links) == 1) {
4351 ctrl_flags |= u32_encode_bits(ffs(links) - 1,
4352 IEEE80211_TX_CTRL_MLO_LINK);
4354 __ieee80211_subif_start_xmit(skb, sdata->dev, 0, ctrl_flags,
4359 for_each_set_bit(link, &links, IEEE80211_MLD_MAX_NUM_LINKS) {
4360 ieee80211_mlo_multicast_tx_one(sdata, skb, ctrl_flags, link);
4367 * ieee80211_subif_start_xmit - netif start_xmit function for 802.3 vifs
4368 * @skb: packet to be sent
4369 * @dev: incoming interface
4371 * On failure skb will be freed.
4373 netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb,
4374 struct net_device *dev)
4376 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4377 const struct ethhdr *eth = (void *)skb->data;
4379 if (likely(!is_multicast_ether_addr(eth->h_dest)))
4382 if (unlikely(ieee80211_multicast_to_unicast(skb, dev))) {
4383 struct sk_buff_head queue;
4385 __skb_queue_head_init(&queue);
4386 ieee80211_convert_to_unicast(skb, dev, &queue);
4387 while ((skb = __skb_dequeue(&queue)))
4388 __ieee80211_subif_start_xmit(skb, dev, 0,
4389 IEEE80211_TX_CTRL_MLO_LINK_UNSPEC,
4391 } else if (sdata->vif.valid_links &&
4392 sdata->vif.type == NL80211_IFTYPE_AP &&
4393 !ieee80211_hw_check(&sdata->local->hw, MLO_MCAST_MULTI_LINK_TX)) {
4394 ieee80211_mlo_multicast_tx(dev, skb);
4397 __ieee80211_subif_start_xmit(skb, dev, 0,
4398 IEEE80211_TX_CTRL_MLO_LINK_UNSPEC,
4402 return NETDEV_TX_OK;
4405 static bool ieee80211_tx_8023(struct ieee80211_sub_if_data *sdata,
4406 struct sk_buff *skb, struct sta_info *sta,
4409 struct ieee80211_local *local = sdata->local;
4410 struct ieee80211_tx_control control = {};
4411 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
4412 struct ieee80211_sta *pubsta = NULL;
4413 unsigned long flags;
4414 int q = info->hw_queue;
4417 sk_pacing_shift_update(skb->sk, local->hw.tx_sk_pacing_shift);
4419 ieee80211_tpt_led_trig_tx(local, skb->len);
4421 if (ieee80211_queue_skb(local, sdata, sta, skb))
4424 spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
4426 if (local->queue_stop_reasons[q] ||
4427 (!txpending && !skb_queue_empty(&local->pending[q]))) {
4429 skb_queue_head(&local->pending[q], skb);
4431 skb_queue_tail(&local->pending[q], skb);
4433 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
4438 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
4440 if (sta && sta->uploaded)
4443 control.sta = pubsta;
4445 drv_tx(local, &control, skb);
4450 static void ieee80211_8023_xmit(struct ieee80211_sub_if_data *sdata,
4451 struct net_device *dev, struct sta_info *sta,
4452 struct ieee80211_key *key, struct sk_buff *skb)
4454 struct ieee80211_tx_info *info;
4455 struct ieee80211_local *local = sdata->local;
4456 struct tid_ampdu_tx *tid_tx;
4459 if (local->ops->wake_tx_queue) {
4460 u16 queue = __ieee80211_select_queue(sdata, sta, skb);
4461 skb_set_queue_mapping(skb, queue);
4465 if (unlikely(test_bit(SCAN_SW_SCANNING, &local->scanning)) &&
4466 test_bit(SDATA_STATE_OFFCHANNEL, &sdata->state))
4469 skb = skb_share_check(skb, GFP_ATOMIC);
4473 info = IEEE80211_SKB_CB(skb);
4474 memset(info, 0, sizeof(*info));
4476 ieee80211_aggr_check(sdata, sta, skb);
4478 tid = skb->priority & IEEE80211_QOS_CTL_TAG1D_MASK;
4479 tid_tx = rcu_dereference(sta->ampdu_mlme.tid_tx[tid]);
4481 if (!test_bit(HT_AGG_STATE_OPERATIONAL, &tid_tx->state)) {
4482 /* fall back to non-offload slow path */
4483 __ieee80211_subif_start_xmit(skb, dev, 0,
4484 IEEE80211_TX_CTRL_MLO_LINK_UNSPEC,
4489 info->flags |= IEEE80211_TX_CTL_AMPDU;
4490 if (tid_tx->timeout)
4491 tid_tx->last_tx = jiffies;
4494 if (unlikely(skb->sk &&
4495 skb_shinfo(skb)->tx_flags & SKBTX_WIFI_STATUS))
4496 info->ack_frame_id = ieee80211_store_ack_skb(local, skb,
4497 &info->flags, NULL);
4499 info->hw_queue = sdata->vif.hw_queue[skb_get_queue_mapping(skb)];
4501 dev_sw_netstats_tx_add(dev, 1, skb->len);
4503 sta->deflink.tx_stats.bytes[skb_get_queue_mapping(skb)] += skb->len;
4504 sta->deflink.tx_stats.packets[skb_get_queue_mapping(skb)]++;
4506 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
4507 sdata = container_of(sdata->bss,
4508 struct ieee80211_sub_if_data, u.ap);
4510 info->flags |= IEEE80211_TX_CTL_HW_80211_ENCAP;
4511 info->control.vif = &sdata->vif;
4514 info->control.hw_key = &key->conf;
4516 ieee80211_tx_8023(sdata, skb, sta, false);
4524 netdev_tx_t ieee80211_subif_start_xmit_8023(struct sk_buff *skb,
4525 struct net_device *dev)
4527 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4528 struct ethhdr *ehdr = (struct ethhdr *)skb->data;
4529 struct ieee80211_key *key;
4530 struct sta_info *sta;
4532 if (unlikely(skb->len < ETH_HLEN)) {
4534 return NETDEV_TX_OK;
4539 if (ieee80211_lookup_ra_sta(sdata, skb, &sta)) {
4544 if (unlikely(IS_ERR_OR_NULL(sta) || !sta->uploaded ||
4545 !test_sta_flag(sta, WLAN_STA_AUTHORIZED) ||
4546 sdata->control_port_protocol == ehdr->h_proto))
4549 key = rcu_dereference(sta->ptk[sta->ptk_idx]);
4551 key = rcu_dereference(sdata->default_unicast_key);
4553 if (key && (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) ||
4554 key->conf.cipher == WLAN_CIPHER_SUITE_TKIP))
4557 ieee80211_8023_xmit(sdata, dev, sta, key, skb);
4561 ieee80211_subif_start_xmit(skb, dev);
4565 return NETDEV_TX_OK;
4569 ieee80211_build_data_template(struct ieee80211_sub_if_data *sdata,
4570 struct sk_buff *skb, u32 info_flags)
4572 struct ieee80211_hdr *hdr;
4573 struct ieee80211_tx_data tx = {
4574 .local = sdata->local,
4577 struct sta_info *sta;
4581 if (ieee80211_lookup_ra_sta(sdata, skb, &sta)) {
4583 skb = ERR_PTR(-EINVAL);
4587 skb = ieee80211_build_hdr(sdata, skb, info_flags, sta,
4588 IEEE80211_TX_CTRL_MLO_LINK_UNSPEC, NULL);
4592 hdr = (void *)skb->data;
4593 tx.sta = sta_info_get(sdata, hdr->addr1);
4596 if (ieee80211_tx_h_select_key(&tx) != TX_CONTINUE) {
4599 return ERR_PTR(-EINVAL);
4608 * ieee80211_clear_tx_pending may not be called in a context where
4609 * it is possible that it packets could come in again.
4611 void ieee80211_clear_tx_pending(struct ieee80211_local *local)
4613 struct sk_buff *skb;
4616 for (i = 0; i < local->hw.queues; i++) {
4617 while ((skb = skb_dequeue(&local->pending[i])) != NULL)
4618 ieee80211_free_txskb(&local->hw, skb);
4623 * Returns false if the frame couldn't be transmitted but was queued instead,
4624 * which in this case means re-queued -- take as an indication to stop sending
4625 * more pending frames.
4627 static bool ieee80211_tx_pending_skb(struct ieee80211_local *local,
4628 struct sk_buff *skb)
4630 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
4631 struct ieee80211_sub_if_data *sdata;
4632 struct sta_info *sta;
4633 struct ieee80211_hdr *hdr;
4635 struct ieee80211_chanctx_conf *chanctx_conf;
4637 sdata = vif_to_sdata(info->control.vif);
4639 if (info->control.flags & IEEE80211_TX_INTCFL_NEED_TXPROCESSING) {
4640 /* update band only for non-MLD */
4641 if (!sdata->vif.valid_links) {
4643 rcu_dereference(sdata->vif.bss_conf.chanctx_conf);
4644 if (unlikely(!chanctx_conf)) {
4648 info->band = chanctx_conf->def.chan->band;
4650 result = ieee80211_tx(sdata, NULL, skb, true);
4651 } else if (info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP) {
4652 if (ieee80211_lookup_ra_sta(sdata, skb, &sta)) {
4657 if (IS_ERR(sta) || (sta && !sta->uploaded))
4660 result = ieee80211_tx_8023(sdata, skb, sta, true);
4662 struct sk_buff_head skbs;
4664 __skb_queue_head_init(&skbs);
4665 __skb_queue_tail(&skbs, skb);
4667 hdr = (struct ieee80211_hdr *)skb->data;
4668 sta = sta_info_get(sdata, hdr->addr1);
4670 result = __ieee80211_tx(local, &skbs, sta, true);
4677 * Transmit all pending packets. Called from tasklet.
4679 void ieee80211_tx_pending(struct tasklet_struct *t)
4681 struct ieee80211_local *local = from_tasklet(local, t,
4682 tx_pending_tasklet);
4683 unsigned long flags;
4689 spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
4690 for (i = 0; i < local->hw.queues; i++) {
4692 * If queue is stopped by something other than due to pending
4693 * frames, or we have no pending frames, proceed to next queue.
4695 if (local->queue_stop_reasons[i] ||
4696 skb_queue_empty(&local->pending[i]))
4699 while (!skb_queue_empty(&local->pending[i])) {
4700 struct sk_buff *skb = __skb_dequeue(&local->pending[i]);
4701 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
4703 if (WARN_ON(!info->control.vif)) {
4704 ieee80211_free_txskb(&local->hw, skb);
4708 spin_unlock_irqrestore(&local->queue_stop_reason_lock,
4711 txok = ieee80211_tx_pending_skb(local, skb);
4712 spin_lock_irqsave(&local->queue_stop_reason_lock,
4718 if (skb_queue_empty(&local->pending[i]))
4719 ieee80211_propagate_queue_wake(local, i);
4721 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
4726 /* functions for drivers to get certain frames */
4728 static void __ieee80211_beacon_add_tim(struct ieee80211_sub_if_data *sdata,
4729 struct ieee80211_link_data *link,
4730 struct ps_data *ps, struct sk_buff *skb,
4735 int i, have_bits = 0, n1, n2;
4736 struct ieee80211_bss_conf *link_conf = link->conf;
4738 /* Generate bitmap for TIM only if there are any STAs in power save
4740 if (atomic_read(&ps->num_sta_ps) > 0)
4741 /* in the hope that this is faster than
4742 * checking byte-for-byte */
4743 have_bits = !bitmap_empty((unsigned long *)ps->tim,
4744 IEEE80211_MAX_AID+1);
4746 if (ps->dtim_count == 0)
4747 ps->dtim_count = link_conf->dtim_period - 1;
4752 tim = pos = skb_put(skb, 6);
4753 *pos++ = WLAN_EID_TIM;
4755 *pos++ = ps->dtim_count;
4756 *pos++ = link_conf->dtim_period;
4758 if (ps->dtim_count == 0 && !skb_queue_empty(&ps->bc_buf))
4761 ps->dtim_bc_mc = aid0 == 1;
4764 /* Find largest even number N1 so that bits numbered 1 through
4765 * (N1 x 8) - 1 in the bitmap are 0 and number N2 so that bits
4766 * (N2 + 1) x 8 through 2007 are 0. */
4768 for (i = 0; i < IEEE80211_MAX_TIM_LEN; i++) {
4775 for (i = IEEE80211_MAX_TIM_LEN - 1; i >= n1; i--) {
4782 /* Bitmap control */
4784 /* Part Virt Bitmap */
4785 skb_put(skb, n2 - n1);
4786 memcpy(pos, ps->tim + n1, n2 - n1 + 1);
4788 tim[1] = n2 - n1 + 4;
4790 *pos++ = aid0; /* Bitmap control */
4791 *pos++ = 0; /* Part Virt Bitmap */
4795 static int ieee80211_beacon_add_tim(struct ieee80211_sub_if_data *sdata,
4796 struct ieee80211_link_data *link,
4797 struct ps_data *ps, struct sk_buff *skb,
4800 struct ieee80211_local *local = sdata->local;
4803 * Not very nice, but we want to allow the driver to call
4804 * ieee80211_beacon_get() as a response to the set_tim()
4805 * callback. That, however, is already invoked under the
4806 * sta_lock to guarantee consistent and race-free update
4807 * of the tim bitmap in mac80211 and the driver.
4809 if (local->tim_in_locked_section) {
4810 __ieee80211_beacon_add_tim(sdata, link, ps, skb, is_template);
4812 spin_lock_bh(&local->tim_lock);
4813 __ieee80211_beacon_add_tim(sdata, link, ps, skb, is_template);
4814 spin_unlock_bh(&local->tim_lock);
4820 static void ieee80211_set_beacon_cntdwn(struct ieee80211_sub_if_data *sdata,
4821 struct beacon_data *beacon,
4822 struct ieee80211_link_data *link)
4824 u8 *beacon_data, count, max_count = 1;
4825 struct probe_resp *resp;
4826 size_t beacon_data_len;
4830 switch (sdata->vif.type) {
4831 case NL80211_IFTYPE_AP:
4832 beacon_data = beacon->tail;
4833 beacon_data_len = beacon->tail_len;
4835 case NL80211_IFTYPE_ADHOC:
4836 beacon_data = beacon->head;
4837 beacon_data_len = beacon->head_len;
4839 case NL80211_IFTYPE_MESH_POINT:
4840 beacon_data = beacon->head;
4841 beacon_data_len = beacon->head_len;
4847 resp = rcu_dereference(link->u.ap.probe_resp);
4849 bcn_offsets = beacon->cntdwn_counter_offsets;
4850 count = beacon->cntdwn_current_counter;
4851 if (link->conf->csa_active)
4852 max_count = IEEE80211_MAX_CNTDWN_COUNTERS_NUM;
4854 for (i = 0; i < max_count; ++i) {
4855 if (bcn_offsets[i]) {
4856 if (WARN_ON_ONCE(bcn_offsets[i] >= beacon_data_len))
4858 beacon_data[bcn_offsets[i]] = count;
4861 if (sdata->vif.type == NL80211_IFTYPE_AP && resp) {
4862 u16 *resp_offsets = resp->cntdwn_counter_offsets;
4864 resp->data[resp_offsets[i]] = count;
4869 static u8 __ieee80211_beacon_update_cntdwn(struct beacon_data *beacon)
4871 beacon->cntdwn_current_counter--;
4873 /* the counter should never reach 0 */
4874 WARN_ON_ONCE(!beacon->cntdwn_current_counter);
4876 return beacon->cntdwn_current_counter;
4879 u8 ieee80211_beacon_update_cntdwn(struct ieee80211_vif *vif)
4881 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
4882 struct beacon_data *beacon = NULL;
4887 if (sdata->vif.type == NL80211_IFTYPE_AP)
4888 beacon = rcu_dereference(sdata->deflink.u.ap.beacon);
4889 else if (sdata->vif.type == NL80211_IFTYPE_ADHOC)
4890 beacon = rcu_dereference(sdata->u.ibss.presp);
4891 else if (ieee80211_vif_is_mesh(&sdata->vif))
4892 beacon = rcu_dereference(sdata->u.mesh.beacon);
4897 count = __ieee80211_beacon_update_cntdwn(beacon);
4903 EXPORT_SYMBOL(ieee80211_beacon_update_cntdwn);
4905 void ieee80211_beacon_set_cntdwn(struct ieee80211_vif *vif, u8 counter)
4907 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
4908 struct beacon_data *beacon = NULL;
4912 if (sdata->vif.type == NL80211_IFTYPE_AP)
4913 beacon = rcu_dereference(sdata->deflink.u.ap.beacon);
4914 else if (sdata->vif.type == NL80211_IFTYPE_ADHOC)
4915 beacon = rcu_dereference(sdata->u.ibss.presp);
4916 else if (ieee80211_vif_is_mesh(&sdata->vif))
4917 beacon = rcu_dereference(sdata->u.mesh.beacon);
4922 if (counter < beacon->cntdwn_current_counter)
4923 beacon->cntdwn_current_counter = counter;
4928 EXPORT_SYMBOL(ieee80211_beacon_set_cntdwn);
4930 bool ieee80211_beacon_cntdwn_is_complete(struct ieee80211_vif *vif)
4932 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
4933 struct beacon_data *beacon = NULL;
4935 size_t beacon_data_len;
4938 if (!ieee80211_sdata_running(sdata))
4942 if (vif->type == NL80211_IFTYPE_AP) {
4943 beacon = rcu_dereference(sdata->deflink.u.ap.beacon);
4944 if (WARN_ON(!beacon || !beacon->tail))
4946 beacon_data = beacon->tail;
4947 beacon_data_len = beacon->tail_len;
4948 } else if (vif->type == NL80211_IFTYPE_ADHOC) {
4949 struct ieee80211_if_ibss *ifibss = &sdata->u.ibss;
4951 beacon = rcu_dereference(ifibss->presp);
4955 beacon_data = beacon->head;
4956 beacon_data_len = beacon->head_len;
4957 } else if (vif->type == NL80211_IFTYPE_MESH_POINT) {
4958 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
4960 beacon = rcu_dereference(ifmsh->beacon);
4964 beacon_data = beacon->head;
4965 beacon_data_len = beacon->head_len;
4971 if (!beacon->cntdwn_counter_offsets[0])
4974 if (WARN_ON_ONCE(beacon->cntdwn_counter_offsets[0] > beacon_data_len))
4977 if (beacon_data[beacon->cntdwn_counter_offsets[0]] == 1)
4985 EXPORT_SYMBOL(ieee80211_beacon_cntdwn_is_complete);
4987 static int ieee80211_beacon_protect(struct sk_buff *skb,
4988 struct ieee80211_local *local,
4989 struct ieee80211_sub_if_data *sdata,
4990 struct ieee80211_link_data *link)
4992 ieee80211_tx_result res;
4993 struct ieee80211_tx_data tx;
4994 struct sk_buff *check_skb;
4996 memset(&tx, 0, sizeof(tx));
4997 tx.key = rcu_dereference(link->default_beacon_key);
5002 __skb_queue_head_init(&tx.skbs);
5003 __skb_queue_tail(&tx.skbs, skb);
5004 res = ieee80211_tx_h_encrypt(&tx);
5005 check_skb = __skb_dequeue(&tx.skbs);
5006 /* we may crash after this, but it'd be a bug in crypto */
5007 WARN_ON(check_skb != skb);
5008 if (WARN_ON_ONCE(res != TX_CONTINUE))
5015 ieee80211_beacon_get_finish(struct ieee80211_hw *hw,
5016 struct ieee80211_vif *vif,
5017 struct ieee80211_link_data *link,
5018 struct ieee80211_mutable_offsets *offs,
5019 struct beacon_data *beacon,
5020 struct sk_buff *skb,
5021 struct ieee80211_chanctx_conf *chanctx_conf,
5024 struct ieee80211_local *local = hw_to_local(hw);
5025 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
5026 struct ieee80211_tx_info *info;
5027 enum nl80211_band band;
5028 struct ieee80211_tx_rate_control txrc;
5031 if (offs && beacon) {
5034 for (i = 0; i < IEEE80211_MAX_CNTDWN_COUNTERS_NUM; i++) {
5035 u16 csa_off = beacon->cntdwn_counter_offsets[i];
5040 offs->cntdwn_counter_offs[i] = csa_off_base + csa_off;
5044 band = chanctx_conf->def.chan->band;
5045 info = IEEE80211_SKB_CB(skb);
5046 info->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
5047 info->flags |= IEEE80211_TX_CTL_NO_ACK;
5050 memset(&txrc, 0, sizeof(txrc));
5052 txrc.sband = local->hw.wiphy->bands[band];
5053 txrc.bss_conf = link->conf;
5055 txrc.reported_rate.idx = -1;
5056 if (sdata->beacon_rate_set && sdata->beacon_rateidx_mask[band])
5057 txrc.rate_idx_mask = sdata->beacon_rateidx_mask[band];
5059 txrc.rate_idx_mask = sdata->rc_rateidx_mask[band];
5061 rate_control_get_rate(sdata, NULL, &txrc);
5063 info->control.vif = vif;
5064 info->flags |= IEEE80211_TX_CTL_CLEAR_PS_FILT |
5065 IEEE80211_TX_CTL_ASSIGN_SEQ |
5066 IEEE80211_TX_CTL_FIRST_FRAGMENT;
5070 ieee80211_beacon_add_mbssid(struct sk_buff *skb, struct beacon_data *beacon)
5074 if (!beacon->mbssid_ies)
5077 for (i = 0; i < beacon->mbssid_ies->cnt; i++)
5078 skb_put_data(skb, beacon->mbssid_ies->elem[i].data,
5079 beacon->mbssid_ies->elem[i].len);
5082 static struct sk_buff *
5083 ieee80211_beacon_get_ap(struct ieee80211_hw *hw,
5084 struct ieee80211_vif *vif,
5085 struct ieee80211_link_data *link,
5086 struct ieee80211_mutable_offsets *offs,
5088 struct beacon_data *beacon,
5089 struct ieee80211_chanctx_conf *chanctx_conf)
5091 struct ieee80211_local *local = hw_to_local(hw);
5092 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
5093 struct ieee80211_if_ap *ap = &sdata->u.ap;
5094 struct sk_buff *skb = NULL;
5095 u16 csa_off_base = 0;
5098 if (beacon->cntdwn_counter_offsets[0]) {
5100 ieee80211_beacon_update_cntdwn(vif);
5102 ieee80211_set_beacon_cntdwn(sdata, beacon, link);
5105 /* headroom, head length,
5106 * tail length, maximum TIM length and multiple BSSID length
5108 mbssid_len = ieee80211_get_mbssid_beacon_len(beacon->mbssid_ies);
5109 skb = dev_alloc_skb(local->tx_headroom + beacon->head_len +
5110 beacon->tail_len + 256 +
5111 local->hw.extra_beacon_tailroom + mbssid_len);
5115 skb_reserve(skb, local->tx_headroom);
5116 skb_put_data(skb, beacon->head, beacon->head_len);
5118 ieee80211_beacon_add_tim(sdata, link, &ap->ps, skb, is_template);
5121 offs->tim_offset = beacon->head_len;
5122 offs->tim_length = skb->len - beacon->head_len;
5123 offs->cntdwn_counter_offs[0] = beacon->cntdwn_counter_offsets[0];
5126 ieee80211_beacon_add_mbssid(skb, beacon);
5127 offs->mbssid_off = skb->len - mbssid_len;
5130 /* for AP the csa offsets are from tail */
5131 csa_off_base = skb->len;
5135 skb_put_data(skb, beacon->tail, beacon->tail_len);
5137 if (ieee80211_beacon_protect(skb, local, sdata, link) < 0)
5140 ieee80211_beacon_get_finish(hw, vif, link, offs, beacon, skb,
5141 chanctx_conf, csa_off_base);
5145 static struct sk_buff *
5146 __ieee80211_beacon_get(struct ieee80211_hw *hw,
5147 struct ieee80211_vif *vif,
5148 struct ieee80211_mutable_offsets *offs,
5150 unsigned int link_id)
5152 struct ieee80211_local *local = hw_to_local(hw);
5153 struct beacon_data *beacon = NULL;
5154 struct sk_buff *skb = NULL;
5155 struct ieee80211_sub_if_data *sdata = NULL;
5156 struct ieee80211_chanctx_conf *chanctx_conf;
5157 struct ieee80211_link_data *link;
5161 sdata = vif_to_sdata(vif);
5162 link = rcu_dereference(sdata->link[link_id]);
5166 rcu_dereference(link->conf->chanctx_conf);
5168 if (!ieee80211_sdata_running(sdata) || !chanctx_conf)
5172 memset(offs, 0, sizeof(*offs));
5174 if (sdata->vif.type == NL80211_IFTYPE_AP) {
5175 beacon = rcu_dereference(link->u.ap.beacon);
5179 skb = ieee80211_beacon_get_ap(hw, vif, link, offs, is_template,
5180 beacon, chanctx_conf);
5181 } else if (sdata->vif.type == NL80211_IFTYPE_ADHOC) {
5182 struct ieee80211_if_ibss *ifibss = &sdata->u.ibss;
5183 struct ieee80211_hdr *hdr;
5185 beacon = rcu_dereference(ifibss->presp);
5189 if (beacon->cntdwn_counter_offsets[0]) {
5191 __ieee80211_beacon_update_cntdwn(beacon);
5193 ieee80211_set_beacon_cntdwn(sdata, beacon, link);
5196 skb = dev_alloc_skb(local->tx_headroom + beacon->head_len +
5197 local->hw.extra_beacon_tailroom);
5200 skb_reserve(skb, local->tx_headroom);
5201 skb_put_data(skb, beacon->head, beacon->head_len);
5203 hdr = (struct ieee80211_hdr *) skb->data;
5204 hdr->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
5205 IEEE80211_STYPE_BEACON);
5207 ieee80211_beacon_get_finish(hw, vif, link, offs, beacon, skb,
5209 } else if (ieee80211_vif_is_mesh(&sdata->vif)) {
5210 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
5212 beacon = rcu_dereference(ifmsh->beacon);
5216 if (beacon->cntdwn_counter_offsets[0]) {
5218 /* TODO: For mesh csa_counter is in TU, so
5219 * decrementing it by one isn't correct, but
5220 * for now we leave it consistent with overall
5221 * mac80211's behavior.
5223 __ieee80211_beacon_update_cntdwn(beacon);
5225 ieee80211_set_beacon_cntdwn(sdata, beacon, link);
5228 if (ifmsh->sync_ops)
5229 ifmsh->sync_ops->adjust_tsf(sdata, beacon);
5231 skb = dev_alloc_skb(local->tx_headroom +
5235 local->hw.extra_beacon_tailroom);
5238 skb_reserve(skb, local->tx_headroom);
5239 skb_put_data(skb, beacon->head, beacon->head_len);
5240 ieee80211_beacon_add_tim(sdata, link, &ifmsh->ps, skb,
5244 offs->tim_offset = beacon->head_len;
5245 offs->tim_length = skb->len - beacon->head_len;
5248 skb_put_data(skb, beacon->tail, beacon->tail_len);
5249 ieee80211_beacon_get_finish(hw, vif, link, offs, beacon, skb,
5263 ieee80211_beacon_get_template(struct ieee80211_hw *hw,
5264 struct ieee80211_vif *vif,
5265 struct ieee80211_mutable_offsets *offs,
5266 unsigned int link_id)
5268 return __ieee80211_beacon_get(hw, vif, offs, true, link_id);
5270 EXPORT_SYMBOL(ieee80211_beacon_get_template);
5272 struct sk_buff *ieee80211_beacon_get_tim(struct ieee80211_hw *hw,
5273 struct ieee80211_vif *vif,
5274 u16 *tim_offset, u16 *tim_length,
5275 unsigned int link_id)
5277 struct ieee80211_mutable_offsets offs = {};
5278 struct sk_buff *bcn = __ieee80211_beacon_get(hw, vif, &offs, false,
5280 struct sk_buff *copy;
5287 *tim_offset = offs.tim_offset;
5290 *tim_length = offs.tim_length;
5292 if (ieee80211_hw_check(hw, BEACON_TX_STATUS) ||
5293 !hw_to_local(hw)->monitors)
5296 /* send a copy to monitor interfaces */
5297 copy = skb_copy(bcn, GFP_ATOMIC);
5301 shift = ieee80211_vif_get_shift(vif);
5302 ieee80211_tx_monitor(hw_to_local(hw), copy, 1, shift, false, NULL);
5306 EXPORT_SYMBOL(ieee80211_beacon_get_tim);
5308 struct sk_buff *ieee80211_proberesp_get(struct ieee80211_hw *hw,
5309 struct ieee80211_vif *vif)
5311 struct sk_buff *skb = NULL;
5312 struct probe_resp *presp = NULL;
5313 struct ieee80211_hdr *hdr;
5314 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
5316 if (sdata->vif.type != NL80211_IFTYPE_AP)
5320 presp = rcu_dereference(sdata->deflink.u.ap.probe_resp);
5324 skb = dev_alloc_skb(presp->len);
5328 skb_put_data(skb, presp->data, presp->len);
5330 hdr = (struct ieee80211_hdr *) skb->data;
5331 memset(hdr->addr1, 0, sizeof(hdr->addr1));
5337 EXPORT_SYMBOL(ieee80211_proberesp_get);
5339 struct sk_buff *ieee80211_get_fils_discovery_tmpl(struct ieee80211_hw *hw,
5340 struct ieee80211_vif *vif)
5342 struct sk_buff *skb = NULL;
5343 struct fils_discovery_data *tmpl = NULL;
5344 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
5346 if (sdata->vif.type != NL80211_IFTYPE_AP)
5350 tmpl = rcu_dereference(sdata->deflink.u.ap.fils_discovery);
5356 skb = dev_alloc_skb(sdata->local->hw.extra_tx_headroom + tmpl->len);
5358 skb_reserve(skb, sdata->local->hw.extra_tx_headroom);
5359 skb_put_data(skb, tmpl->data, tmpl->len);
5365 EXPORT_SYMBOL(ieee80211_get_fils_discovery_tmpl);
5368 ieee80211_get_unsol_bcast_probe_resp_tmpl(struct ieee80211_hw *hw,
5369 struct ieee80211_vif *vif)
5371 struct sk_buff *skb = NULL;
5372 struct unsol_bcast_probe_resp_data *tmpl = NULL;
5373 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
5375 if (sdata->vif.type != NL80211_IFTYPE_AP)
5379 tmpl = rcu_dereference(sdata->deflink.u.ap.unsol_bcast_probe_resp);
5385 skb = dev_alloc_skb(sdata->local->hw.extra_tx_headroom + tmpl->len);
5387 skb_reserve(skb, sdata->local->hw.extra_tx_headroom);
5388 skb_put_data(skb, tmpl->data, tmpl->len);
5394 EXPORT_SYMBOL(ieee80211_get_unsol_bcast_probe_resp_tmpl);
5396 struct sk_buff *ieee80211_pspoll_get(struct ieee80211_hw *hw,
5397 struct ieee80211_vif *vif)
5399 struct ieee80211_sub_if_data *sdata;
5400 struct ieee80211_pspoll *pspoll;
5401 struct ieee80211_local *local;
5402 struct sk_buff *skb;
5404 if (WARN_ON(vif->type != NL80211_IFTYPE_STATION))
5407 sdata = vif_to_sdata(vif);
5408 local = sdata->local;
5410 skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*pspoll));
5414 skb_reserve(skb, local->hw.extra_tx_headroom);
5416 pspoll = skb_put_zero(skb, sizeof(*pspoll));
5417 pspoll->frame_control = cpu_to_le16(IEEE80211_FTYPE_CTL |
5418 IEEE80211_STYPE_PSPOLL);
5419 pspoll->aid = cpu_to_le16(sdata->vif.cfg.aid);
5421 /* aid in PS-Poll has its two MSBs each set to 1 */
5422 pspoll->aid |= cpu_to_le16(1 << 15 | 1 << 14);
5424 memcpy(pspoll->bssid, sdata->deflink.u.mgd.bssid, ETH_ALEN);
5425 memcpy(pspoll->ta, vif->addr, ETH_ALEN);
5429 EXPORT_SYMBOL(ieee80211_pspoll_get);
5431 struct sk_buff *ieee80211_nullfunc_get(struct ieee80211_hw *hw,
5432 struct ieee80211_vif *vif,
5435 struct ieee80211_hdr_3addr *nullfunc;
5436 struct ieee80211_sub_if_data *sdata;
5437 struct ieee80211_local *local;
5438 struct sk_buff *skb;
5441 if (WARN_ON(vif->type != NL80211_IFTYPE_STATION))
5444 sdata = vif_to_sdata(vif);
5445 local = sdata->local;
5448 struct sta_info *sta;
5451 sta = sta_info_get(sdata, sdata->deflink.u.mgd.bssid);
5452 qos = sta && sta->sta.wme;
5456 skb = dev_alloc_skb(local->hw.extra_tx_headroom +
5457 sizeof(*nullfunc) + 2);
5461 skb_reserve(skb, local->hw.extra_tx_headroom);
5463 nullfunc = skb_put_zero(skb, sizeof(*nullfunc));
5464 nullfunc->frame_control = cpu_to_le16(IEEE80211_FTYPE_DATA |
5465 IEEE80211_STYPE_NULLFUNC |
5466 IEEE80211_FCTL_TODS);
5468 __le16 qoshdr = cpu_to_le16(7);
5470 BUILD_BUG_ON((IEEE80211_STYPE_QOS_NULLFUNC |
5471 IEEE80211_STYPE_NULLFUNC) !=
5472 IEEE80211_STYPE_QOS_NULLFUNC);
5473 nullfunc->frame_control |=
5474 cpu_to_le16(IEEE80211_STYPE_QOS_NULLFUNC);
5476 skb_set_queue_mapping(skb, IEEE80211_AC_VO);
5477 skb_put_data(skb, &qoshdr, sizeof(qoshdr));
5480 memcpy(nullfunc->addr1, sdata->deflink.u.mgd.bssid, ETH_ALEN);
5481 memcpy(nullfunc->addr2, vif->addr, ETH_ALEN);
5482 memcpy(nullfunc->addr3, sdata->deflink.u.mgd.bssid, ETH_ALEN);
5486 EXPORT_SYMBOL(ieee80211_nullfunc_get);
5488 struct sk_buff *ieee80211_probereq_get(struct ieee80211_hw *hw,
5490 const u8 *ssid, size_t ssid_len,
5493 struct ieee80211_local *local = hw_to_local(hw);
5494 struct ieee80211_hdr_3addr *hdr;
5495 struct sk_buff *skb;
5499 ie_ssid_len = 2 + ssid_len;
5501 skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*hdr) +
5502 ie_ssid_len + tailroom);
5506 skb_reserve(skb, local->hw.extra_tx_headroom);
5508 hdr = skb_put_zero(skb, sizeof(*hdr));
5509 hdr->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
5510 IEEE80211_STYPE_PROBE_REQ);
5511 eth_broadcast_addr(hdr->addr1);
5512 memcpy(hdr->addr2, src_addr, ETH_ALEN);
5513 eth_broadcast_addr(hdr->addr3);
5515 pos = skb_put(skb, ie_ssid_len);
5516 *pos++ = WLAN_EID_SSID;
5519 memcpy(pos, ssid, ssid_len);
5524 EXPORT_SYMBOL(ieee80211_probereq_get);
5526 void ieee80211_rts_get(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
5527 const void *frame, size_t frame_len,
5528 const struct ieee80211_tx_info *frame_txctl,
5529 struct ieee80211_rts *rts)
5531 const struct ieee80211_hdr *hdr = frame;
5533 rts->frame_control =
5534 cpu_to_le16(IEEE80211_FTYPE_CTL | IEEE80211_STYPE_RTS);
5535 rts->duration = ieee80211_rts_duration(hw, vif, frame_len,
5537 memcpy(rts->ra, hdr->addr1, sizeof(rts->ra));
5538 memcpy(rts->ta, hdr->addr2, sizeof(rts->ta));
5540 EXPORT_SYMBOL(ieee80211_rts_get);
5542 void ieee80211_ctstoself_get(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
5543 const void *frame, size_t frame_len,
5544 const struct ieee80211_tx_info *frame_txctl,
5545 struct ieee80211_cts *cts)
5547 const struct ieee80211_hdr *hdr = frame;
5549 cts->frame_control =
5550 cpu_to_le16(IEEE80211_FTYPE_CTL | IEEE80211_STYPE_CTS);
5551 cts->duration = ieee80211_ctstoself_duration(hw, vif,
5552 frame_len, frame_txctl);
5553 memcpy(cts->ra, hdr->addr1, sizeof(cts->ra));
5555 EXPORT_SYMBOL(ieee80211_ctstoself_get);
5558 ieee80211_get_buffered_bc(struct ieee80211_hw *hw,
5559 struct ieee80211_vif *vif)
5561 struct ieee80211_local *local = hw_to_local(hw);
5562 struct sk_buff *skb = NULL;
5563 struct ieee80211_tx_data tx;
5564 struct ieee80211_sub_if_data *sdata;
5566 struct ieee80211_tx_info *info;
5567 struct ieee80211_chanctx_conf *chanctx_conf;
5569 sdata = vif_to_sdata(vif);
5572 chanctx_conf = rcu_dereference(sdata->vif.bss_conf.chanctx_conf);
5577 if (sdata->vif.type == NL80211_IFTYPE_AP) {
5578 struct beacon_data *beacon =
5579 rcu_dereference(sdata->deflink.u.ap.beacon);
5581 if (!beacon || !beacon->head)
5584 ps = &sdata->u.ap.ps;
5585 } else if (ieee80211_vif_is_mesh(&sdata->vif)) {
5586 ps = &sdata->u.mesh.ps;
5591 if (ps->dtim_count != 0 || !ps->dtim_bc_mc)
5592 goto out; /* send buffered bc/mc only after DTIM beacon */
5595 skb = skb_dequeue(&ps->bc_buf);
5598 local->total_ps_buffered--;
5600 if (!skb_queue_empty(&ps->bc_buf) && skb->len >= 2) {
5601 struct ieee80211_hdr *hdr =
5602 (struct ieee80211_hdr *) skb->data;
5603 /* more buffered multicast/broadcast frames ==> set
5604 * MoreData flag in IEEE 802.11 header to inform PS
5606 hdr->frame_control |=
5607 cpu_to_le16(IEEE80211_FCTL_MOREDATA);
5610 if (sdata->vif.type == NL80211_IFTYPE_AP)
5611 sdata = IEEE80211_DEV_TO_SUB_IF(skb->dev);
5612 if (!ieee80211_tx_prepare(sdata, &tx, NULL, skb))
5614 ieee80211_free_txskb(hw, skb);
5617 info = IEEE80211_SKB_CB(skb);
5619 tx.flags |= IEEE80211_TX_PS_BUFFERED;
5620 info->band = chanctx_conf->def.chan->band;
5622 if (invoke_tx_handlers(&tx))
5629 EXPORT_SYMBOL(ieee80211_get_buffered_bc);
5631 int ieee80211_reserve_tid(struct ieee80211_sta *pubsta, u8 tid)
5633 struct sta_info *sta = container_of(pubsta, struct sta_info, sta);
5634 struct ieee80211_sub_if_data *sdata = sta->sdata;
5635 struct ieee80211_local *local = sdata->local;
5639 lockdep_assert_held(&local->sta_mtx);
5641 /* only some cases are supported right now */
5642 switch (sdata->vif.type) {
5643 case NL80211_IFTYPE_STATION:
5644 case NL80211_IFTYPE_AP:
5645 case NL80211_IFTYPE_AP_VLAN:
5652 if (WARN_ON(tid >= IEEE80211_NUM_UPS))
5655 if (sta->reserved_tid == tid) {
5660 if (sta->reserved_tid != IEEE80211_TID_UNRESERVED) {
5661 sdata_err(sdata, "TID reservation already active\n");
5666 ieee80211_stop_vif_queues(sdata->local, sdata,
5667 IEEE80211_QUEUE_STOP_REASON_RESERVE_TID);
5671 /* Tear down BA sessions so we stop aggregating on this TID */
5672 if (ieee80211_hw_check(&local->hw, AMPDU_AGGREGATION)) {
5673 set_sta_flag(sta, WLAN_STA_BLOCK_BA);
5674 __ieee80211_stop_tx_ba_session(sta, tid,
5675 AGG_STOP_LOCAL_REQUEST);
5678 queues = BIT(sdata->vif.hw_queue[ieee802_1d_to_ac[tid]]);
5679 __ieee80211_flush_queues(local, sdata, queues, false);
5681 sta->reserved_tid = tid;
5683 ieee80211_wake_vif_queues(local, sdata,
5684 IEEE80211_QUEUE_STOP_REASON_RESERVE_TID);
5686 if (ieee80211_hw_check(&local->hw, AMPDU_AGGREGATION))
5687 clear_sta_flag(sta, WLAN_STA_BLOCK_BA);
5693 EXPORT_SYMBOL(ieee80211_reserve_tid);
5695 void ieee80211_unreserve_tid(struct ieee80211_sta *pubsta, u8 tid)
5697 struct sta_info *sta = container_of(pubsta, struct sta_info, sta);
5698 struct ieee80211_sub_if_data *sdata = sta->sdata;
5700 lockdep_assert_held(&sdata->local->sta_mtx);
5702 /* only some cases are supported right now */
5703 switch (sdata->vif.type) {
5704 case NL80211_IFTYPE_STATION:
5705 case NL80211_IFTYPE_AP:
5706 case NL80211_IFTYPE_AP_VLAN:
5713 if (tid != sta->reserved_tid) {
5714 sdata_err(sdata, "TID to unreserve (%d) isn't reserved\n", tid);
5718 sta->reserved_tid = IEEE80211_TID_UNRESERVED;
5720 EXPORT_SYMBOL(ieee80211_unreserve_tid);
5722 void __ieee80211_tx_skb_tid_band(struct ieee80211_sub_if_data *sdata,
5723 struct sk_buff *skb, int tid, int link_id,
5724 enum nl80211_band band)
5726 const struct ieee80211_hdr *hdr = (void *)skb->data;
5727 int ac = ieee80211_ac_from_tid(tid);
5730 skb_reset_mac_header(skb);
5731 skb_set_queue_mapping(skb, ac);
5732 skb->priority = tid;
5734 skb->dev = sdata->dev;
5736 BUILD_BUG_ON(IEEE80211_LINK_UNSPECIFIED < IEEE80211_MLD_MAX_NUM_LINKS);
5737 BUILD_BUG_ON(!FIELD_FIT(IEEE80211_TX_CTRL_MLO_LINK,
5738 IEEE80211_LINK_UNSPECIFIED));
5740 if (!sdata->vif.valid_links) {
5742 } else if (link_id >= 0) {
5744 } else if (memcmp(sdata->vif.addr, hdr->addr2, ETH_ALEN) == 0) {
5745 /* address from the MLD */
5746 link = IEEE80211_LINK_UNSPECIFIED;
5748 /* otherwise must be addressed from a link */
5750 for (link = 0; link < ARRAY_SIZE(sdata->vif.link_conf); link++) {
5751 struct ieee80211_bss_conf *link_conf;
5753 link_conf = rcu_dereference(sdata->vif.link_conf[link]);
5756 if (memcmp(link_conf->addr, hdr->addr2, ETH_ALEN) == 0)
5761 if (WARN_ON_ONCE(link == ARRAY_SIZE(sdata->vif.link_conf)))
5762 link = ffs(sdata->vif.valid_links) - 1;
5765 IEEE80211_SKB_CB(skb)->control.flags |=
5766 u32_encode_bits(link, IEEE80211_TX_CTRL_MLO_LINK);
5769 * The other path calling ieee80211_xmit is from the tasklet,
5770 * and while we can handle concurrent transmissions locking
5771 * requirements are that we do not come into tx with bhs on.
5774 IEEE80211_SKB_CB(skb)->band = band;
5775 ieee80211_xmit(sdata, NULL, skb);
5779 void ieee80211_tx_skb_tid(struct ieee80211_sub_if_data *sdata,
5780 struct sk_buff *skb, int tid, int link_id)
5782 struct ieee80211_chanctx_conf *chanctx_conf;
5783 enum nl80211_band band;
5786 if (!sdata->vif.valid_links) {
5787 WARN_ON(link_id >= 0);
5789 rcu_dereference(sdata->vif.bss_conf.chanctx_conf);
5790 if (WARN_ON(!chanctx_conf)) {
5795 band = chanctx_conf->def.chan->band;
5797 WARN_ON(link_id >= 0 &&
5798 !(sdata->vif.valid_links & BIT(link_id)));
5799 /* MLD transmissions must not rely on the band */
5803 __ieee80211_tx_skb_tid_band(sdata, skb, tid, link_id, band);
5807 int ieee80211_tx_control_port(struct wiphy *wiphy, struct net_device *dev,
5808 const u8 *buf, size_t len,
5809 const u8 *dest, __be16 proto, bool unencrypted,
5810 int link_id, u64 *cookie)
5812 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
5813 struct ieee80211_local *local = sdata->local;
5814 struct sta_info *sta;
5815 struct sk_buff *skb;
5816 struct ethhdr *ehdr;
5821 /* Only accept CONTROL_PORT_PROTOCOL configured in CONNECT/ASSOCIATE
5822 * or Pre-Authentication
5824 if (proto != sdata->control_port_protocol &&
5825 proto != cpu_to_be16(ETH_P_PREAUTH))
5828 if (proto == sdata->control_port_protocol)
5829 ctrl_flags |= IEEE80211_TX_CTRL_PORT_CTRL_PROTO |
5830 IEEE80211_TX_CTRL_SKIP_MPATH_LOOKUP;
5833 flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
5836 ctrl_flags |= IEEE80211_TX_CTL_REQ_TX_STATUS;
5838 flags |= IEEE80211_TX_INTFL_NL80211_FRAME_TX;
5840 skb = dev_alloc_skb(local->hw.extra_tx_headroom +
5841 sizeof(struct ethhdr) + len);
5845 skb_reserve(skb, local->hw.extra_tx_headroom + sizeof(struct ethhdr));
5847 skb_put_data(skb, buf, len);
5849 ehdr = skb_push(skb, sizeof(struct ethhdr));
5850 memcpy(ehdr->h_dest, dest, ETH_ALEN);
5852 /* we may override the SA for MLO STA later */
5854 ctrl_flags |= u32_encode_bits(IEEE80211_LINK_UNSPECIFIED,
5855 IEEE80211_TX_CTRL_MLO_LINK);
5856 memcpy(ehdr->h_source, sdata->vif.addr, ETH_ALEN);
5858 struct ieee80211_bss_conf *link_conf;
5860 ctrl_flags |= u32_encode_bits(link_id,
5861 IEEE80211_TX_CTRL_MLO_LINK);
5864 link_conf = rcu_dereference(sdata->vif.link_conf[link_id]);
5870 memcpy(ehdr->h_source, link_conf->addr, ETH_ALEN);
5874 ehdr->h_proto = proto;
5877 skb->protocol = proto;
5878 skb_reset_network_header(skb);
5879 skb_reset_mac_header(skb);
5881 /* update QoS header to prioritize control port frames if possible,
5882 * priorization also happens for control port frames send over
5886 err = ieee80211_lookup_ra_sta(sdata, skb, &sta);
5893 u16 queue = __ieee80211_select_queue(sdata, sta, skb);
5895 skb_set_queue_mapping(skb, queue);
5899 * for MLO STA, the SA should be the AP MLD address, but
5900 * the link ID has been selected already
5903 memcpy(ehdr->h_source, sdata->vif.addr, ETH_ALEN);
5907 /* mutex lock is only needed for incrementing the cookie counter */
5908 mutex_lock(&local->mtx);
5911 __ieee80211_subif_start_xmit(skb, skb->dev, flags, ctrl_flags, cookie);
5914 mutex_unlock(&local->mtx);
5919 int ieee80211_probe_mesh_link(struct wiphy *wiphy, struct net_device *dev,
5920 const u8 *buf, size_t len)
5922 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
5923 struct ieee80211_local *local = sdata->local;
5924 struct sk_buff *skb;
5926 skb = dev_alloc_skb(local->hw.extra_tx_headroom + len +
5927 30 + /* header size */
5928 18); /* 11s header size */
5932 skb_reserve(skb, local->hw.extra_tx_headroom);
5933 skb_put_data(skb, buf, len);
5936 skb->protocol = htons(ETH_P_802_3);
5937 skb_reset_network_header(skb);
5938 skb_reset_mac_header(skb);
5941 __ieee80211_subif_start_xmit(skb, skb->dev, 0,
5942 IEEE80211_TX_CTRL_SKIP_MPATH_LOOKUP,
projects / linux-2.6-microblaze.git / blob