[mirror_ubuntu-artful-kernel.git] / net / ieee80211 / ieee80211_tx.c

/******************************************************************************

  Copyright(c) 2003 - 2004 Intel Corporation. All rights reserved.

  This program is free software; you can redistribute it and/or modify it
  under the terms of version 2 of the GNU General Public License as
  published by the Free Software Foundation.

  This program is distributed in the hope that it will be useful, but WITHOUT
  ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
  more details.

  You should have received a copy of the GNU General Public License along with
  this program; if not, write to the Free Software Foundation, Inc., 59
  Temple Place - Suite 330, Boston, MA  02111-1307, USA.

  The full GNU General Public License is included in this distribution in the
  file called LICENSE.

  Contact Information:
  James P. Ketrenos <ipw2100-admin@linux.intel.com>
  Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497

******************************************************************************/
#include <linux/compiler.h>
#include <linux/config.h>
#include <linux/errno.h>
#include <linux/if_arp.h>
#include <linux/in6.h>
#include <linux/in.h>
#include <linux/ip.h>
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/netdevice.h>
#include <linux/proc_fs.h>
#include <linux/skbuff.h>
#include <linux/slab.h>
#include <linux/tcp.h>
#include <linux/types.h>
#include <linux/version.h>
#include <linux/wireless.h>
#include <linux/etherdevice.h>
#include <asm/uaccess.h>

#include <net/ieee80211.h>

/*

802.11 Data Frame

      ,-------------------------------------------------------------------.
Bytes |  2   |  2   |    6    |    6    |    6    |  2   | 0..2312 |   4  |
      |------|------|---------|---------|---------|------|---------|------|
Desc. | ctrl | dura |  DA/RA  |   TA    |    SA   | Sequ |  Frame  |  fcs |
      |      | tion | (BSSID) |         |         | ence |  data   |      |
      `--------------------------------------------------|         |------'
Total: 28 non-data bytes                                 `----.----'
                                                              |
       .- 'Frame data' expands to <---------------------------'
       |
       V
      ,---------------------------------------------------.
Bytes |  1   |  1   |    1    |    3     |  2   |  0-2304 |
      |------|------|---------|----------|------|---------|
Desc. | SNAP | SNAP | Control |Eth Tunnel| Type | IP      |
      | DSAP | SSAP |         |          |      | Packet  |
      | 0xAA | 0xAA |0x03 (UI)|0x00-00-F8|      |         |
      `-----------------------------------------|         |
Total: 8 non-data bytes                         `----.----'
                                                     |
       .- 'IP Packet' expands, if WEP enabled, to <--'
       |
       V
      ,-----------------------.
Bytes |  4  |   0-2296  |  4  |
      |-----|-----------|-----|
Desc. | IV  | Encrypted | ICV |
      |     | IP Packet |     |
      `-----------------------'
Total: 8 non-data bytes

802.3 Ethernet Data Frame

      ,-----------------------------------------.
Bytes |   6   |   6   |  2   |  Variable |   4  |
      |-------|-------|------|-----------|------|
Desc. | Dest. | Source| Type | IP Packet |  fcs |
      |  MAC  |  MAC  |      |           |      |
      `-----------------------------------------'
Total: 18 non-data bytes

In the event that fragmentation is required, the incoming payload is split into
N parts of size ieee->fts.  The first fragment contains the SNAP header and the
remaining packets are just data.

If encryption is enabled, each fragment payload size is reduced by enough space
to add the prefix and postfix (IV and ICV totalling 8 bytes in the case of WEP)
So if you have 1500 bytes of payload with ieee->fts set to 500 without
encryption it will take 3 frames.  With WEP it will take 4 frames as the
payload of each frame is reduced to 492 bytes.

* SKB visualization
*
*  ,- skb->data
* |
* |    ETHERNET HEADER        ,-<-- PAYLOAD
* |                           |     14 bytes from skb->data
* |  2 bytes for Type --> ,T. |     (sizeof ethhdr)
* |                       | | |
* |,-Dest.--. ,--Src.---. | | |
* |  6 bytes| | 6 bytes | | | |
* v         | |         | | | |
* 0         | v       1 | v | v           2
* 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
*     ^     | ^         | ^ |
*     |     | |         | | |
*     |     | |         | `T' <---- 2 bytes for Type
*     |     | |         |
*     |     | '---SNAP--' <-------- 6 bytes for SNAP
*     |     |
*     `-IV--' <-------------------- 4 bytes for IV (WEP)
*
*      SNAP HEADER
*
*/

static u8 P802_1H_OUI[P80211_OUI_LEN] = { 0x00, 0x00, 0xf8 };
static u8 RFC1042_OUI[P80211_OUI_LEN] = { 0x00, 0x00, 0x00 };

static inline int ieee80211_put_snap(u8 * data, u16 h_proto)
{
	struct ieee80211_snap_hdr *snap;
	u8 *oui;

	snap = (struct ieee80211_snap_hdr *)data;
	snap->dsap = 0xaa;
	snap->ssap = 0xaa;
	snap->ctrl = 0x03;

	if (h_proto == 0x8137 || h_proto == 0x80f3)
		oui = P802_1H_OUI;
	else
		oui = RFC1042_OUI;
	snap->oui[0] = oui[0];
	snap->oui[1] = oui[1];
	snap->oui[2] = oui[2];

	*(u16 *) (data + SNAP_SIZE) = htons(h_proto);

	return SNAP_SIZE + sizeof(u16);
}

static inline int ieee80211_encrypt_fragment(struct ieee80211_device *ieee,
					     struct sk_buff *frag, int hdr_len)
{
	struct ieee80211_crypt_data *crypt = ieee->crypt[ieee->tx_keyidx];
	int res;

	/* To encrypt, frame format is:
	 * IV (4 bytes), clear payload (including SNAP), ICV (4 bytes) */

	// PR: FIXME: Copied from hostap. Check fragmentation/MSDU/MPDU encryption.
	/* Host-based IEEE 802.11 fragmentation for TX is not yet supported, so
	 * call both MSDU and MPDU encryption functions from here. */
	atomic_inc(&crypt->refcnt);
	res = 0;
	if (crypt->ops->encrypt_msdu)
		res = crypt->ops->encrypt_msdu(frag, hdr_len, crypt->priv);
	if (res == 0 && crypt->ops->encrypt_mpdu)
		res = crypt->ops->encrypt_mpdu(frag, hdr_len, crypt->priv);

	atomic_dec(&crypt->refcnt);
	if (res < 0) {
		printk(KERN_INFO "%s: Encryption failed: len=%d.\n",
		       ieee->dev->name, frag->len);
		ieee->ieee_stats.tx_discards++;
		return -1;
	}

	return 0;
}

void ieee80211_txb_free(struct ieee80211_txb *txb)
{
	int i;
	if (unlikely(!txb))
		return;
	for (i = 0; i < txb->nr_frags; i++)
		if (txb->fragments[i])
			dev_kfree_skb_any(txb->fragments[i]);
	kfree(txb);
}

static struct ieee80211_txb *ieee80211_alloc_txb(int nr_frags, int txb_size,
						 int gfp_mask)
{
	struct ieee80211_txb *txb;
	int i;
	txb = kmalloc(sizeof(struct ieee80211_txb) + (sizeof(u8 *) * nr_frags),
		      gfp_mask);
	if (!txb)
		return NULL;

	memset(txb, 0, sizeof(struct ieee80211_txb));
	txb->nr_frags = nr_frags;
	txb->frag_size = txb_size;

	for (i = 0; i < nr_frags; i++) {
		txb->fragments[i] = dev_alloc_skb(txb_size);
		if (unlikely(!txb->fragments[i])) {
			i--;
			break;
		}
	}
	if (unlikely(i != nr_frags)) {
		while (i >= 0)
			dev_kfree_skb_any(txb->fragments[i--]);
		kfree(txb);
		return NULL;
	}
	return txb;
}

/* SKBs are added to the ieee->tx_queue. */
int ieee80211_xmit(struct sk_buff *skb, struct net_device *dev)
{
	struct ieee80211_device *ieee = netdev_priv(dev);
	struct ieee80211_txb *txb = NULL;
	struct ieee80211_hdr *frag_hdr;
	int i, bytes_per_frag, nr_frags, bytes_last_frag, frag_size;
	unsigned long flags;
	struct net_device_stats *stats = &ieee->stats;
	int ether_type, encrypt;
	int bytes, fc, hdr_len;
	struct sk_buff *skb_frag;
	struct ieee80211_hdr header = {	/* Ensure zero initialized */
		.duration_id = 0,
		.seq_ctl = 0
	};
	u8 dest[ETH_ALEN], src[ETH_ALEN];

	struct ieee80211_crypt_data *crypt;

	spin_lock_irqsave(&ieee->lock, flags);

	/* If there is no driver handler to take the TXB, dont' bother
	 * creating it... */
	if (!ieee->hard_start_xmit) {
		printk(KERN_WARNING "%s: No xmit handler.\n", ieee->dev->name);
		goto success;
	}

	if (unlikely(skb->len < SNAP_SIZE + sizeof(u16))) {
		printk(KERN_WARNING "%s: skb too small (%d).\n",
		       ieee->dev->name, skb->len);
		goto success;
	}

	ether_type = ntohs(((struct ethhdr *)skb->data)->h_proto);

	crypt = ieee->crypt[ieee->tx_keyidx];

	encrypt = !(ether_type == ETH_P_PAE && ieee->ieee802_1x) &&
	    ieee->host_encrypt && crypt && crypt->ops;

	if (!encrypt && ieee->ieee802_1x &&
	    ieee->drop_unencrypted && ether_type != ETH_P_PAE) {
		stats->tx_dropped++;
		goto success;
	}

	/* Save source and destination addresses */
	memcpy(dest, skb->data, ETH_ALEN);
	memcpy(src, skb->data + ETH_ALEN, ETH_ALEN);

	/* Advance the SKB to the start of the payload */
	skb_pull(skb, sizeof(struct ethhdr));

	/* Determine total amount of storage required for TXB packets */
	bytes = skb->len + SNAP_SIZE + sizeof(u16);

	if (encrypt)
		fc = IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA |
		    IEEE80211_FCTL_PROTECTED;
	else
		fc = IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA;

	if (ieee->iw_mode == IW_MODE_INFRA) {
		fc |= IEEE80211_FCTL_TODS;
		/* To DS: Addr1 = BSSID, Addr2 = SA,
		   Addr3 = DA */
		memcpy(header.addr1, ieee->bssid, ETH_ALEN);
		memcpy(header.addr2, src, ETH_ALEN);
		memcpy(header.addr3, dest, ETH_ALEN);
	} else if (ieee->iw_mode == IW_MODE_ADHOC) {
		/* not From/To DS: Addr1 = DA, Addr2 = SA,
		   Addr3 = BSSID */
		memcpy(header.addr1, dest, ETH_ALEN);
		memcpy(header.addr2, src, ETH_ALEN);
		memcpy(header.addr3, ieee->bssid, ETH_ALEN);
	}
	header.frame_ctl = cpu_to_le16(fc);
	hdr_len = IEEE80211_3ADDR_LEN;

	/* Determine fragmentation size based on destination (multicast
	 * and broadcast are not fragmented) */
	if (is_multicast_ether_addr(dest) || is_broadcast_ether_addr(dest))
		frag_size = MAX_FRAG_THRESHOLD;
	else
		frag_size = ieee->fts;

	/* Determine amount of payload per fragment.  Regardless of if
	 * this stack is providing the full 802.11 header, one will
	 * eventually be affixed to this fragment -- so we must account for
	 * it when determining the amount of payload space. */
	bytes_per_frag = frag_size - IEEE80211_3ADDR_LEN;
	if (ieee->config &
	    (CFG_IEEE80211_COMPUTE_FCS | CFG_IEEE80211_RESERVE_FCS))
		bytes_per_frag -= IEEE80211_FCS_LEN;

	/* Each fragment may need to have room for encryptiong pre/postfix */
	if (encrypt)
		bytes_per_frag -= crypt->ops->extra_prefix_len +
		    crypt->ops->extra_postfix_len;

	/* Number of fragments is the total bytes_per_frag /
	 * payload_per_fragment */
	nr_frags = bytes / bytes_per_frag;
	bytes_last_frag = bytes % bytes_per_frag;
	if (bytes_last_frag)
		nr_frags++;
	else
		bytes_last_frag = bytes_per_frag;

	/* When we allocate the TXB we allocate enough space for the reserve
	 * and full fragment bytes (bytes_per_frag doesn't include prefix,
	 * postfix, header, FCS, etc.) */
	txb = ieee80211_alloc_txb(nr_frags, frag_size, GFP_ATOMIC);
	if (unlikely(!txb)) {
		printk(KERN_WARNING "%s: Could not allocate TXB\n",
		       ieee->dev->name);
		goto failed;
	}
	txb->encrypted = encrypt;
	txb->payload_size = bytes;

	for (i = 0; i < nr_frags; i++) {
		skb_frag = txb->fragments[i];

		if (encrypt)
			skb_reserve(skb_frag, crypt->ops->extra_prefix_len);

		frag_hdr = (struct ieee80211_hdr *)skb_put(skb_frag, hdr_len);
		memcpy(frag_hdr, &header, hdr_len);

		/* If this is not the last fragment, then add the MOREFRAGS
		 * bit to the frame control */
		if (i != nr_frags - 1) {
			frag_hdr->frame_ctl =
			    cpu_to_le16(fc | IEEE80211_FCTL_MOREFRAGS);
			bytes = bytes_per_frag;
		} else {
			/* The last fragment takes the remaining length */
			bytes = bytes_last_frag;
		}

		/* Put a SNAP header on the first fragment */
		if (i == 0) {
			ieee80211_put_snap(skb_put
					   (skb_frag, SNAP_SIZE + sizeof(u16)),
					   ether_type);
			bytes -= SNAP_SIZE + sizeof(u16);
		}

		memcpy(skb_put(skb_frag, bytes), skb->data, bytes);

		/* Advance the SKB... */
		skb_pull(skb, bytes);

		/* Encryption routine will move the header forward in order
		 * to insert the IV between the header and the payload */
		if (encrypt)
			ieee80211_encrypt_fragment(ieee, skb_frag, hdr_len);
		if (ieee->config &
		    (CFG_IEEE80211_COMPUTE_FCS | CFG_IEEE80211_RESERVE_FCS))
			skb_put(skb_frag, 4);
	}

      success:
	spin_unlock_irqrestore(&ieee->lock, flags);

	dev_kfree_skb_any(skb);

	if (txb) {
		if ((*ieee->hard_start_xmit) (txb, dev) == 0) {
			stats->tx_packets++;
			stats->tx_bytes += txb->payload_size;
			return 0;
		}
		ieee80211_txb_free(txb);
	}

	return 0;

      failed:
	spin_unlock_irqrestore(&ieee->lock, flags);
	netif_stop_queue(dev);
	stats->tx_errors++;
	return 1;

}

EXPORT_SYMBOL(ieee80211_txb_free);
Commit	Line	Data
b453872c JG	1	/******************************************************************************
	2
	3	Copyright(c) 2003 - 2004 Intel Corporation. All rights reserved.
	4
	5	This program is free software; you can redistribute it and/or modify it
	6	under the terms of version 2 of the GNU General Public License as
	7	published by the Free Software Foundation.
	8
	9	This program is distributed in the hope that it will be useful, but WITHOUT
	10	ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
	11	FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
	12	more details.
	13
	14	You should have received a copy of the GNU General Public License along with
	15	this program; if not, write to the Free Software Foundation, Inc., 59
	16	Temple Place - Suite 330, Boston, MA 02111-1307, USA.
	17
	18	The full GNU General Public License is included in this distribution in the
	19	file called LICENSE.
	20
	21	Contact Information:
	22	James P. Ketrenos <ipw2100-admin@linux.intel.com>
	23	Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497
	24
	25	******************************************************************************/
	26	#include <linux/compiler.h>
	27	#include <linux/config.h>
	28	#include <linux/errno.h>
	29	#include <linux/if_arp.h>
	30	#include <linux/in6.h>
	31	#include <linux/in.h>
	32	#include <linux/ip.h>
	33	#include <linux/kernel.h>
	34	#include <linux/module.h>
	35	#include <linux/netdevice.h>
b453872c JG	36	#include <linux/proc_fs.h>
	37	#include <linux/skbuff.h>
	38	#include <linux/slab.h>
	39	#include <linux/tcp.h>
	40	#include <linux/types.h>
	41	#include <linux/version.h>
	42	#include <linux/wireless.h>
	43	#include <linux/etherdevice.h>
	44	#include <asm/uaccess.h>
	45
	46	#include <net/ieee80211.h>
	47
b453872c JG	48	/*
b453872c JG	49
b453872c JG	50	802.11 Data Frame
	51
	52	,-------------------------------------------------------------------.
	53	Bytes \| 2 \| 2 \| 6 \| 6 \| 6 \| 2 \| 0..2312 \| 4 \|
	54	\|------\|------\|---------\|---------\|---------\|------\|---------\|------\|
	55	Desc. \| ctrl \| dura \| DA/RA \| TA \| SA \| Sequ \| Frame \| fcs \|
	56	\| \| tion \| (BSSID) \| \| \| ence \| data \| \|
	57	`--------------------------------------------------\| \|------'
	58	Total: 28 non-data bytes `----.----'
	59	\|
	60	.- 'Frame data' expands to <---------------------------'
	61	\|
	62	V
	63	,---------------------------------------------------.
	64	Bytes \| 1 \| 1 \| 1 \| 3 \| 2 \| 0-2304 \|
	65	\|------\|------\|---------\|----------\|------\|---------\|
	66	Desc. \| SNAP \| SNAP \| Control \|Eth Tunnel\| Type \| IP \|
	67	\| DSAP \| SSAP \| \| \| \| Packet \|
	68	\| 0xAA \| 0xAA \|0x03 (UI)\|0x00-00-F8\| \| \|
	69	`-----------------------------------------\| \|
	70	Total: 8 non-data bytes `----.----'
	71	\|
	72	.- 'IP Packet' expands, if WEP enabled, to <--'
	73	\|
	74	V
	75	,-----------------------.
	76	Bytes \| 4 \| 0-2296 \| 4 \|
	77	\|-----\|-----------\|-----\|
	78	Desc. \| IV \| Encrypted \| ICV \|
	79	\| \| IP Packet \| \|
	80	`-----------------------'
	81	Total: 8 non-data bytes
	82
b453872c JG	83	802.3 Ethernet Data Frame
	84
	85	,-----------------------------------------.
	86	Bytes \| 6 \| 6 \| 2 \| Variable \| 4 \|
	87	\|-------\|-------\|------\|-----------\|------\|
	88	Desc. \| Dest. \| Source\| Type \| IP Packet \| fcs \|
	89	\| MAC \| MAC \| \| \| \|
	90	`-----------------------------------------'
	91	Total: 18 non-data bytes
	92
	93	In the event that fragmentation is required, the incoming payload is split into
	94	N parts of size ieee->fts. The first fragment contains the SNAP header and the
	95	remaining packets are just data.
	96
	97	If encryption is enabled, each fragment payload size is reduced by enough space
	98	to add the prefix and postfix (IV and ICV totalling 8 bytes in the case of WEP)
	99	So if you have 1500 bytes of payload with ieee->fts set to 500 without
	100	encryption it will take 3 frames. With WEP it will take 4 frames as the
	101	payload of each frame is reduced to 492 bytes.
	102
	103	* SKB visualization
	104	*
	105	* ,- skb->data
	106	* \|
	107	* \| ETHERNET HEADER ,-<-- PAYLOAD
	108	* \| \| 14 bytes from skb->data
	109	* \| 2 bytes for Type --> ,T. \| (sizeof ethhdr)
	110	* \| \| \| \|
	111	* \|,-Dest.--. ,--Src.---. \| \| \|
	112	* \| 6 bytes\| \| 6 bytes \| \| \| \|
	113	* v \| \| \| \| \| \|
	114	* 0 \| v 1 \| v \| v 2
	115	* 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
	116	* ^ \| ^ \| ^ \|
	117	* \| \| \| \| \| \|
	118	* \| \| \| \| `T' <---- 2 bytes for Type
	119	* \| \| \| \|
	120	* \| \| '---SNAP--' <-------- 6 bytes for SNAP
	121	* \| \|
	122	* `-IV--' <-------------------- 4 bytes for IV (WEP)
	123	*
	124	* SNAP HEADER
	125	*
	126	*/
	127
	128	static u8 P802_1H_OUI[P80211_OUI_LEN] = { 0x00, 0x00, 0xf8 };
	129	static u8 RFC1042_OUI[P80211_OUI_LEN] = { 0x00, 0x00, 0x00 };
	130
0edd5b44	131	static inline int ieee80211_put_snap(u8 * data, u16 h_proto)
b453872c JG	132	{
	133	struct ieee80211_snap_hdr *snap;
	134	u8 *oui;
	135
	136	snap = (struct ieee80211_snap_hdr *)data;
	137	snap->dsap = 0xaa;
	138	snap->ssap = 0xaa;
	139	snap->ctrl = 0x03;
	140
	141	if (h_proto == 0x8137 \|\| h_proto == 0x80f3)
	142	oui = P802_1H_OUI;
	143	else
	144	oui = RFC1042_OUI;
	145	snap->oui[0] = oui[0];
	146	snap->oui[1] = oui[1];
	147	snap->oui[2] = oui[2];
	148
0edd5b44	149	(u16 ) (data + SNAP_SIZE) = htons(h_proto);
b453872c JG	150
	151	return SNAP_SIZE + sizeof(u16);
	152	}
	153
0edd5b44 JG	154	static inline int ieee80211_encrypt_fragment(struct ieee80211_device *ieee,
0edd5b44 JG	155	struct sk_buff *frag, int hdr_len)
b453872c	156	{
0edd5b44	157	struct ieee80211_crypt_data *crypt = ieee->crypt[ieee->tx_keyidx];
b453872c JG	158	int res;
b453872c JG	159
b453872c JG	160	/* To encrypt, frame format is:
	161	* IV (4 bytes), clear payload (including SNAP), ICV (4 bytes) */
	162
	163	// PR: FIXME: Copied from hostap. Check fragmentation/MSDU/MPDU encryption.
	164	/* Host-based IEEE 802.11 fragmentation for TX is not yet supported, so
	165	* call both MSDU and MPDU encryption functions from here. */
	166	atomic_inc(&crypt->refcnt);
	167	res = 0;
	168	if (crypt->ops->encrypt_msdu)
	169	res = crypt->ops->encrypt_msdu(frag, hdr_len, crypt->priv);
	170	if (res == 0 && crypt->ops->encrypt_mpdu)
	171	res = crypt->ops->encrypt_mpdu(frag, hdr_len, crypt->priv);
	172
	173	atomic_dec(&crypt->refcnt);
	174	if (res < 0) {
	175	printk(KERN_INFO "%s: Encryption failed: len=%d.\n",
	176	ieee->dev->name, frag->len);
	177	ieee->ieee_stats.tx_discards++;
	178	return -1;
	179	}
	180
	181	return 0;
	182	}
	183
0edd5b44 JG	184	void ieee80211_txb_free(struct ieee80211_txb *txb)
0edd5b44 JG	185	{
b453872c JG	186	int i;
	187	if (unlikely(!txb))
	188	return;
	189	for (i = 0; i < txb->nr_frags; i++)
	190	if (txb->fragments[i])
	191	dev_kfree_skb_any(txb->fragments[i]);
	192	kfree(txb);
	193	}
	194
e157249d AB	195	static struct ieee80211_txb *ieee80211_alloc_txb(int nr_frags, int txb_size,
e157249d AB	196	int gfp_mask)
b453872c JG	197	{
	198	struct ieee80211_txb *txb;
	199	int i;
0edd5b44 JG	200	txb = kmalloc(sizeof(struct ieee80211_txb) + (sizeof(u8 ) nr_frags),
0edd5b44 JG	201	gfp_mask);
b453872c JG	202	if (!txb)
	203	return NULL;
	204
0a989b24	205	memset(txb, 0, sizeof(struct ieee80211_txb));
b453872c JG	206	txb->nr_frags = nr_frags;
	207	txb->frag_size = txb_size;
	208
	209	for (i = 0; i < nr_frags; i++) {
	210	txb->fragments[i] = dev_alloc_skb(txb_size);
	211	if (unlikely(!txb->fragments[i])) {
	212	i--;
	213	break;
	214	}
	215	}
	216	if (unlikely(i != nr_frags)) {
	217	while (i >= 0)
	218	dev_kfree_skb_any(txb->fragments[i--]);
	219	kfree(txb);
	220	return NULL;
	221	}
	222	return txb;
	223	}
	224
	225	/* SKBs are added to the ieee->tx_queue. */
0edd5b44	226	int ieee80211_xmit(struct sk_buff skb, struct net_device dev)
b453872c JG	227	{
	228	struct ieee80211_device *ieee = netdev_priv(dev);
	229	struct ieee80211_txb *txb = NULL;
	230	struct ieee80211_hdr *frag_hdr;
	231	int i, bytes_per_frag, nr_frags, bytes_last_frag, frag_size;
	232	unsigned long flags;
	233	struct net_device_stats *stats = &ieee->stats;
	234	int ether_type, encrypt;
	235	int bytes, fc, hdr_len;
	236	struct sk_buff *skb_frag;
0edd5b44	237	struct ieee80211_hdr header = { /* Ensure zero initialized */
b453872c JG	238	.duration_id = 0,
	239	.seq_ctl = 0
	240	};
	241	u8 dest[ETH_ALEN], src[ETH_ALEN];
	242
0edd5b44	243	struct ieee80211_crypt_data *crypt;
b453872c JG	244
	245	spin_lock_irqsave(&ieee->lock, flags);
	246
	247	/* If there is no driver handler to take the TXB, dont' bother
	248	* creating it... */
	249	if (!ieee->hard_start_xmit) {
0edd5b44	250	printk(KERN_WARNING "%s: No xmit handler.\n", ieee->dev->name);
b453872c JG	251	goto success;
	252	}
	253
	254	if (unlikely(skb->len < SNAP_SIZE + sizeof(u16))) {
	255	printk(KERN_WARNING "%s: skb too small (%d).\n",
	256	ieee->dev->name, skb->len);
	257	goto success;
	258	}
	259
	260	ether_type = ntohs(((struct ethhdr *)skb->data)->h_proto);
	261
	262	crypt = ieee->crypt[ieee->tx_keyidx];
	263
	264	encrypt = !(ether_type == ETH_P_PAE && ieee->ieee802_1x) &&
0edd5b44	265	ieee->host_encrypt && crypt && crypt->ops;
b453872c JG	266
	267	if (!encrypt && ieee->ieee802_1x &&
	268	ieee->drop_unencrypted && ether_type != ETH_P_PAE) {
	269	stats->tx_dropped++;
	270	goto success;
	271	}
	272
b453872c	273	/* Save source and destination addresses */
18294d87 JK	274	memcpy(dest, skb->data, ETH_ALEN);
18294d87 JK	275	memcpy(src, skb->data + ETH_ALEN, ETH_ALEN);
b453872c JG	276
	277	/* Advance the SKB to the start of the payload */
	278	skb_pull(skb, sizeof(struct ethhdr));
	279
	280	/* Determine total amount of storage required for TXB packets */
	281	bytes = skb->len + SNAP_SIZE + sizeof(u16);
	282
	283	if (encrypt)
	284	fc = IEEE80211_FTYPE_DATA \| IEEE80211_STYPE_DATA \|
0edd5b44	285	IEEE80211_FCTL_PROTECTED;
b453872c JG	286	else
	287	fc = IEEE80211_FTYPE_DATA \| IEEE80211_STYPE_DATA;
	288
	289	if (ieee->iw_mode == IW_MODE_INFRA) {
	290	fc \|= IEEE80211_FCTL_TODS;
	291	/* To DS: Addr1 = BSSID, Addr2 = SA,
	292	Addr3 = DA */
18294d87 JK	293	memcpy(header.addr1, ieee->bssid, ETH_ALEN);
	294	memcpy(header.addr2, src, ETH_ALEN);
	295	memcpy(header.addr3, dest, ETH_ALEN);
b453872c JG	296	} else if (ieee->iw_mode == IW_MODE_ADHOC) {
	297	/* not From/To DS: Addr1 = DA, Addr2 = SA,
	298	Addr3 = BSSID */
18294d87 JK	299	memcpy(header.addr1, dest, ETH_ALEN);
	300	memcpy(header.addr2, src, ETH_ALEN);
	301	memcpy(header.addr3, ieee->bssid, ETH_ALEN);
b453872c JG	302	}
	303	header.frame_ctl = cpu_to_le16(fc);
	304	hdr_len = IEEE80211_3ADDR_LEN;
	305
	306	/* Determine fragmentation size based on destination (multicast
	307	* and broadcast are not fragmented) */
0edd5b44	308	if (is_multicast_ether_addr(dest) \|\| is_broadcast_ether_addr(dest))
b453872c JG	309	frag_size = MAX_FRAG_THRESHOLD;
	310	else
	311	frag_size = ieee->fts;
	312
	313	/* Determine amount of payload per fragment. Regardless of if
	314	* this stack is providing the full 802.11 header, one will
	315	* eventually be affixed to this fragment -- so we must account for
	316	* it when determining the amount of payload space. */
	317	bytes_per_frag = frag_size - IEEE80211_3ADDR_LEN;
	318	if (ieee->config &
	319	(CFG_IEEE80211_COMPUTE_FCS \| CFG_IEEE80211_RESERVE_FCS))
	320	bytes_per_frag -= IEEE80211_FCS_LEN;
	321
	322	/* Each fragment may need to have room for encryptiong pre/postfix */
	323	if (encrypt)
	324	bytes_per_frag -= crypt->ops->extra_prefix_len +
0edd5b44	325	crypt->ops->extra_postfix_len;
b453872c JG	326
	327	/* Number of fragments is the total bytes_per_frag /
	328	* payload_per_fragment */
	329	nr_frags = bytes / bytes_per_frag;
	330	bytes_last_frag = bytes % bytes_per_frag;
	331	if (bytes_last_frag)
	332	nr_frags++;
	333	else
	334	bytes_last_frag = bytes_per_frag;
	335
	336	/* When we allocate the TXB we allocate enough space for the reserve
	337	* and full fragment bytes (bytes_per_frag doesn't include prefix,
	338	* postfix, header, FCS, etc.) */
	339	txb = ieee80211_alloc_txb(nr_frags, frag_size, GFP_ATOMIC);
	340	if (unlikely(!txb)) {
	341	printk(KERN_WARNING "%s: Could not allocate TXB\n",
	342	ieee->dev->name);
	343	goto failed;
	344	}
	345	txb->encrypted = encrypt;
	346	txb->payload_size = bytes;
	347
	348	for (i = 0; i < nr_frags; i++) {
	349	skb_frag = txb->fragments[i];
	350
	351	if (encrypt)
	352	skb_reserve(skb_frag, crypt->ops->extra_prefix_len);
	353
	354	frag_hdr = (struct ieee80211_hdr *)skb_put(skb_frag, hdr_len);
	355	memcpy(frag_hdr, &header, hdr_len);
	356
	357	/* If this is not the last fragment, then add the MOREFRAGS
	358	* bit to the frame control */
	359	if (i != nr_frags - 1) {
0edd5b44 JG	360	frag_hdr->frame_ctl =
0edd5b44 JG	361	cpu_to_le16(fc \| IEEE80211_FCTL_MOREFRAGS);
b453872c JG	362	bytes = bytes_per_frag;
	363	} else {
	364	/* The last fragment takes the remaining length */
	365	bytes = bytes_last_frag;
	366	}
	367
0edd5b44	368	/* Put a SNAP header on the first fragment */
b453872c	369	if (i == 0) {
0edd5b44 JG	370	ieee80211_put_snap(skb_put
	371	(skb_frag, SNAP_SIZE + sizeof(u16)),
	372	ether_type);
b453872c JG	373	bytes -= SNAP_SIZE + sizeof(u16);
	374	}
	375
	376	memcpy(skb_put(skb_frag, bytes), skb->data, bytes);
	377
	378	/* Advance the SKB... */
	379	skb_pull(skb, bytes);
	380
	381	/* Encryption routine will move the header forward in order
	382	* to insert the IV between the header and the payload */
	383	if (encrypt)
	384	ieee80211_encrypt_fragment(ieee, skb_frag, hdr_len);
	385	if (ieee->config &
	386	(CFG_IEEE80211_COMPUTE_FCS \| CFG_IEEE80211_RESERVE_FCS))
	387	skb_put(skb_frag, 4);
	388	}
	389
0edd5b44	390	success:
b453872c JG	391	spin_unlock_irqrestore(&ieee->lock, flags);
	392
	393	dev_kfree_skb_any(skb);
	394
	395	if (txb) {
0edd5b44	396	if ((*ieee->hard_start_xmit) (txb, dev) == 0) {
b453872c JG	397	stats->tx_packets++;
	398	stats->tx_bytes += txb->payload_size;
	399	return 0;
	400	}
	401	ieee80211_txb_free(txb);
	402	}
	403
	404	return 0;
	405
0edd5b44	406	failed:
b453872c JG	407	spin_unlock_irqrestore(&ieee->lock, flags);
	408	netif_stop_queue(dev);
	409	stats->tx_errors++;
	410	return 1;
	411
	412	}
	413
	414	EXPORT_SYMBOL(ieee80211_txb_free);