xref: /openbmc/linux/net/mac80211/status.c (revision 7dd65feb) 
1 /*
2  * Copyright 2002-2005, Instant802 Networks, Inc.
3  * Copyright 2005-2006, Devicescape Software, Inc.
4  * Copyright 2006-2007	Jiri Benc <jbenc@suse.cz>
5  * Copyright 2008-2009	Johannes Berg <johannes@sipsolutions.net>
6  *
7  * This program is free software; you can redistribute it and/or modify
8  * it under the terms of the GNU General Public License version 2 as
9  * published by the Free Software Foundation.
10  */
11 
12 #include <net/mac80211.h>
13 #include "ieee80211_i.h"
14 #include "rate.h"
15 #include "mesh.h"
16 #include "led.h"
17 
18 
19 void ieee80211_tx_status_irqsafe(struct ieee80211_hw *hw,
20 				 struct sk_buff *skb)
21 {
22 	struct ieee80211_local *local = hw_to_local(hw);
23 	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
24 	int tmp;
25 
26 	skb->pkt_type = IEEE80211_TX_STATUS_MSG;
27 	skb_queue_tail(info->flags & IEEE80211_TX_CTL_REQ_TX_STATUS ?
28 		       &local->skb_queue : &local->skb_queue_unreliable, skb);
29 	tmp = skb_queue_len(&local->skb_queue) +
30 		skb_queue_len(&local->skb_queue_unreliable);
31 	while (tmp > IEEE80211_IRQSAFE_QUEUE_LIMIT &&
32 	       (skb = skb_dequeue(&local->skb_queue_unreliable))) {
33 		dev_kfree_skb_irq(skb);
34 		tmp--;
35 		I802_DEBUG_INC(local->tx_status_drop);
36 	}
37 	tasklet_schedule(&local->tasklet);
38 }
39 EXPORT_SYMBOL(ieee80211_tx_status_irqsafe);
40 
41 static void ieee80211_handle_filtered_frame(struct ieee80211_local *local,
42 					    struct sta_info *sta,
43 					    struct sk_buff *skb)
44 {
45 	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
46 
47 	/*
48 	 * XXX: This is temporary!
49 	 *
50 	 *	The problem here is that when we get here, the driver will
51 	 *	quite likely have pretty much overwritten info->control by
52 	 *	using info->driver_data or info->rate_driver_data. Thus,
53 	 *	when passing out the frame to the driver again, we would be
54 	 *	passing completely bogus data since the driver would then
55 	 *	expect a properly filled info->control. In mac80211 itself
56 	 *	the same problem occurs, since we need info->control.vif
57 	 *	internally.
58 	 *
59 	 *	To fix this, we should send the frame through TX processing
60 	 *	again. However, it's not that simple, since the frame will
61 	 *	have been software-encrypted (if applicable) already, and
62 	 *	encrypting it again doesn't do much good. So to properly do
63 	 *	that, we not only have to skip the actual 'raw' encryption
64 	 *	(key selection etc. still has to be done!) but also the
65 	 *	sequence number assignment since that impacts the crypto
66 	 *	encapsulation, of course.
67 	 *
68 	 *	Hence, for now, fix the bug by just dropping the frame.
69 	 */
70 	goto drop;
71 
72 	sta->tx_filtered_count++;
73 
74 	/*
75 	 * Clear the TX filter mask for this STA when sending the next
76 	 * packet. If the STA went to power save mode, this will happen
77 	 * when it wakes up for the next time.
78 	 */
79 	set_sta_flags(sta, WLAN_STA_CLEAR_PS_FILT);
80 
81 	/*
82 	 * This code races in the following way:
83 	 *
84 	 *  (1) STA sends frame indicating it will go to sleep and does so
85 	 *  (2) hardware/firmware adds STA to filter list, passes frame up
86 	 *  (3) hardware/firmware processes TX fifo and suppresses a frame
87 	 *  (4) we get TX status before having processed the frame and
88 	 *	knowing that the STA has gone to sleep.
89 	 *
90 	 * This is actually quite unlikely even when both those events are
91 	 * processed from interrupts coming in quickly after one another or
92 	 * even at the same time because we queue both TX status events and
93 	 * RX frames to be processed by a tasklet and process them in the
94 	 * same order that they were received or TX status last. Hence, there
95 	 * is no race as long as the frame RX is processed before the next TX
96 	 * status, which drivers can ensure, see below.
97 	 *
98 	 * Note that this can only happen if the hardware or firmware can
99 	 * actually add STAs to the filter list, if this is done by the
100 	 * driver in response to set_tim() (which will only reduce the race
101 	 * this whole filtering tries to solve, not completely solve it)
102 	 * this situation cannot happen.
103 	 *
104 	 * To completely solve this race drivers need to make sure that they
105 	 *  (a) don't mix the irq-safe/not irq-safe TX status/RX processing
106 	 *	functions and
107 	 *  (b) always process RX events before TX status events if ordering
108 	 *      can be unknown, for example with different interrupt status
109 	 *	bits.
110 	 */
111 	if (test_sta_flags(sta, WLAN_STA_PS_STA) &&
112 	    skb_queue_len(&sta->tx_filtered) < STA_MAX_TX_BUFFER) {
113 		skb_queue_tail(&sta->tx_filtered, skb);
114 		return;
115 	}
116 
117 	if (!test_sta_flags(sta, WLAN_STA_PS_STA) &&
118 	    !(info->flags & IEEE80211_TX_INTFL_RETRIED)) {
119 		/* Software retry the packet once */
120 		info->flags |= IEEE80211_TX_INTFL_RETRIED;
121 		ieee80211_add_pending_skb(local, skb);
122 		return;
123 	}
124 
125  drop:
126 #ifdef CONFIG_MAC80211_VERBOSE_DEBUG
127 	if (net_ratelimit())
128 		printk(KERN_DEBUG "%s: dropped TX filtered frame, "
129 		       "queue_len=%d PS=%d @%lu\n",
130 		       wiphy_name(local->hw.wiphy),
131 		       skb_queue_len(&sta->tx_filtered),
132 		       !!test_sta_flags(sta, WLAN_STA_PS_STA), jiffies);
133 #endif
134 	dev_kfree_skb(skb);
135 }
136 
137 void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb)
138 {
139 	struct sk_buff *skb2;
140 	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
141 	struct ieee80211_local *local = hw_to_local(hw);
142 	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
143 	u16 frag, type;
144 	__le16 fc;
145 	struct ieee80211_supported_band *sband;
146 	struct ieee80211_tx_status_rtap_hdr *rthdr;
147 	struct ieee80211_sub_if_data *sdata;
148 	struct net_device *prev_dev = NULL;
149 	struct sta_info *sta;
150 	int retry_count = -1, i;
151 	bool injected;
152 
153 	for (i = 0; i < IEEE80211_TX_MAX_RATES; i++) {
154 		/* the HW cannot have attempted that rate */
155 		if (i >= hw->max_rates) {
156 			info->status.rates[i].idx = -1;
157 			info->status.rates[i].count = 0;
158 		}
159 
160 		retry_count += info->status.rates[i].count;
161 	}
162 	if (retry_count < 0)
163 		retry_count = 0;
164 
165 	rcu_read_lock();
166 
167 	sband = local->hw.wiphy->bands[info->band];
168 
169 	sta = sta_info_get(local, hdr->addr1);
170 
171 	if (sta) {
172 		if (!(info->flags & IEEE80211_TX_STAT_ACK) &&
173 		    test_sta_flags(sta, WLAN_STA_PS_STA)) {
174 			/*
175 			 * The STA is in power save mode, so assume
176 			 * that this TX packet failed because of that.
177 			 */
178 			ieee80211_handle_filtered_frame(local, sta, skb);
179 			rcu_read_unlock();
180 			return;
181 		}
182 
183 		fc = hdr->frame_control;
184 
185 		if ((info->flags & IEEE80211_TX_STAT_AMPDU_NO_BACK) &&
186 		    (ieee80211_is_data_qos(fc))) {
187 			u16 tid, ssn;
188 			u8 *qc;
189 
190 			qc = ieee80211_get_qos_ctl(hdr);
191 			tid = qc[0] & 0xf;
192 			ssn = ((le16_to_cpu(hdr->seq_ctrl) + 0x10)
193 						& IEEE80211_SCTL_SEQ);
194 			ieee80211_send_bar(sta->sdata, hdr->addr1,
195 					   tid, ssn);
196 		}
197 
198 		if (info->flags & IEEE80211_TX_STAT_TX_FILTERED) {
199 			ieee80211_handle_filtered_frame(local, sta, skb);
200 			rcu_read_unlock();
201 			return;
202 		} else {
203 			if (!(info->flags & IEEE80211_TX_STAT_ACK))
204 				sta->tx_retry_failed++;
205 			sta->tx_retry_count += retry_count;
206 		}
207 
208 		rate_control_tx_status(local, sband, sta, skb);
209 		if (ieee80211_vif_is_mesh(&sta->sdata->vif))
210 			ieee80211s_update_metric(local, sta, skb);
211 	}
212 
213 	rcu_read_unlock();
214 
215 	ieee80211_led_tx(local, 0);
216 
217 	/* SNMP counters
218 	 * Fragments are passed to low-level drivers as separate skbs, so these
219 	 * are actually fragments, not frames. Update frame counters only for
220 	 * the first fragment of the frame. */
221 
222 	frag = le16_to_cpu(hdr->seq_ctrl) & IEEE80211_SCTL_FRAG;
223 	type = le16_to_cpu(hdr->frame_control) & IEEE80211_FCTL_FTYPE;
224 
225 	if (info->flags & IEEE80211_TX_STAT_ACK) {
226 		if (frag == 0) {
227 			local->dot11TransmittedFrameCount++;
228 			if (is_multicast_ether_addr(hdr->addr1))
229 				local->dot11MulticastTransmittedFrameCount++;
230 			if (retry_count > 0)
231 				local->dot11RetryCount++;
232 			if (retry_count > 1)
233 				local->dot11MultipleRetryCount++;
234 		}
235 
236 		/* This counter shall be incremented for an acknowledged MPDU
237 		 * with an individual address in the address 1 field or an MPDU
238 		 * with a multicast address in the address 1 field of type Data
239 		 * or Management. */
240 		if (!is_multicast_ether_addr(hdr->addr1) ||
241 		    type == IEEE80211_FTYPE_DATA ||
242 		    type == IEEE80211_FTYPE_MGMT)
243 			local->dot11TransmittedFragmentCount++;
244 	} else {
245 		if (frag == 0)
246 			local->dot11FailedCount++;
247 	}
248 
249 	/* this was a transmitted frame, but now we want to reuse it */
250 	skb_orphan(skb);
251 
252 	/*
253 	 * This is a bit racy but we can avoid a lot of work
254 	 * with this test...
255 	 */
256 	if (!local->monitors && !local->cooked_mntrs) {
257 		dev_kfree_skb(skb);
258 		return;
259 	}
260 
261 	/* send frame to monitor interfaces now */
262 
263 	if (skb_headroom(skb) < sizeof(*rthdr)) {
264 		printk(KERN_ERR "ieee80211_tx_status: headroom too small\n");
265 		dev_kfree_skb(skb);
266 		return;
267 	}
268 
269 	rthdr = (struct ieee80211_tx_status_rtap_hdr *)
270 				skb_push(skb, sizeof(*rthdr));
271 
272 	memset(rthdr, 0, sizeof(*rthdr));
273 	rthdr->hdr.it_len = cpu_to_le16(sizeof(*rthdr));
274 	rthdr->hdr.it_present =
275 		cpu_to_le32((1 << IEEE80211_RADIOTAP_TX_FLAGS) |
276 			    (1 << IEEE80211_RADIOTAP_DATA_RETRIES) |
277 			    (1 << IEEE80211_RADIOTAP_RATE));
278 
279 	if (!(info->flags & IEEE80211_TX_STAT_ACK) &&
280 	    !is_multicast_ether_addr(hdr->addr1))
281 		rthdr->tx_flags |= cpu_to_le16(IEEE80211_RADIOTAP_F_TX_FAIL);
282 
283 	/*
284 	 * XXX: Once radiotap gets the bitmap reset thing the vendor
285 	 *	extensions proposal contains, we can actually report
286 	 *	the whole set of tries we did.
287 	 */
288 	if ((info->status.rates[0].flags & IEEE80211_TX_RC_USE_RTS_CTS) ||
289 	    (info->status.rates[0].flags & IEEE80211_TX_RC_USE_CTS_PROTECT))
290 		rthdr->tx_flags |= cpu_to_le16(IEEE80211_RADIOTAP_F_TX_CTS);
291 	else if (info->status.rates[0].flags & IEEE80211_TX_RC_USE_RTS_CTS)
292 		rthdr->tx_flags |= cpu_to_le16(IEEE80211_RADIOTAP_F_TX_RTS);
293 	if (info->status.rates[0].idx >= 0 &&
294 	    !(info->status.rates[0].flags & IEEE80211_TX_RC_MCS))
295 		rthdr->rate = sband->bitrates[
296 				info->status.rates[0].idx].bitrate / 5;
297 
298 	/* for now report the total retry_count */
299 	rthdr->data_retries = retry_count;
300 
301 	/* Need to make a copy before skb->cb gets cleared */
302 	injected = !!(info->flags & IEEE80211_TX_CTL_INJECTED);
303 
304 	/* XXX: is this sufficient for BPF? */
305 	skb_set_mac_header(skb, 0);
306 	skb->ip_summed = CHECKSUM_UNNECESSARY;
307 	skb->pkt_type = PACKET_OTHERHOST;
308 	skb->protocol = htons(ETH_P_802_2);
309 	memset(skb->cb, 0, sizeof(skb->cb));
310 
311 	rcu_read_lock();
312 	list_for_each_entry_rcu(sdata, &local->interfaces, list) {
313 		if (sdata->vif.type == NL80211_IFTYPE_MONITOR) {
314 			if (!netif_running(sdata->dev))
315 				continue;
316 
317 			if ((sdata->u.mntr_flags & MONITOR_FLAG_COOK_FRAMES) &&
318 			    !injected &&
319 			    (type == IEEE80211_FTYPE_DATA))
320 				continue;
321 
322 			if (prev_dev) {
323 				skb2 = skb_clone(skb, GFP_ATOMIC);
324 				if (skb2) {
325 					skb2->dev = prev_dev;
326 					netif_rx(skb2);
327 				}
328 			}
329 
330 			prev_dev = sdata->dev;
331 		}
332 	}
333 	if (prev_dev) {
334 		skb->dev = prev_dev;
335 		netif_rx(skb);
336 		skb = NULL;
337 	}
338 	rcu_read_unlock();
339 	dev_kfree_skb(skb);
340 }
341 EXPORT_SYMBOL(ieee80211_tx_status);
342