1 // SPDX-License-Identifier: GPL-2.0-only
3 * Copyright 2002-2005, Instant802 Networks, Inc.
4 * Copyright 2005-2006, Devicescape Software, Inc.
5 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
6 * Copyright 2007 Johannes Berg <johannes@sipsolutions.net>
7 * Copyright 2013-2014 Intel Mobile Communications GmbH
8 * Copyright (C) 2018-2025 Intel Corporation
10 * Transmit and frame generation functions.
13 #include <linux/kernel.h>
14 #include <linux/slab.h>
15 #include <linux/skbuff.h>
16 #include <linux/if_vlan.h>
17 #include <linux/etherdevice.h>
18 #include <linux/bitmap.h>
19 #include <linux/rcupdate.h>
20 #include <linux/export.h>
21 #include <net/net_namespace.h>
22 #include <net/ieee80211_radiotap.h>
23 #include <net/cfg80211.h>
24 #include <net/mac80211.h>
25 #include <net/codel.h>
26 #include <net/codel_impl.h>
27 #include <linux/unaligned.h>
28 #include <net/fq_impl.h>
32 #include "ieee80211_i.h"
33 #include "driver-ops.h"
43 static __le16 ieee80211_duration(struct ieee80211_tx_data *tx,
44 struct sk_buff *skb, int group_addr,
47 int rate, mrate, erp, dur, i;
48 struct ieee80211_rate *txrate;
49 struct ieee80211_local *local = tx->local;
50 struct ieee80211_supported_band *sband;
51 struct ieee80211_hdr *hdr;
52 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
54 /* assume HW handles this */
55 if (tx->rate.flags & (IEEE80211_TX_RC_MCS | IEEE80211_TX_RC_VHT_MCS))
59 if (WARN_ON_ONCE(tx->rate.idx < 0))
62 sband = local->hw.wiphy->bands[info->band];
63 txrate = &sband->bitrates[tx->rate.idx];
65 erp = txrate->flags & IEEE80211_RATE_ERP_G;
67 /* device is expected to do this */
68 if (sband->band == NL80211_BAND_S1GHZ)
72 * data and mgmt (except PS Poll):
74 * - during contention period:
75 * if addr1 is group address: 0
76 * if more fragments = 0 and addr1 is individual address: time to
77 * transmit one ACK plus SIFS
78 * if more fragments = 1 and addr1 is individual address: time to
79 * transmit next fragment plus 2 x ACK plus 3 x SIFS
82 * - control response frame (CTS or ACK) shall be transmitted using the
83 * same rate as the immediately previous frame in the frame exchange
84 * sequence, if this rate belongs to the PHY mandatory rates, or else
85 * at the highest possible rate belonging to the PHY rates in the
88 hdr = (struct ieee80211_hdr *)skb->data;
89 if (ieee80211_is_ctl(hdr->frame_control)) {
90 /* TODO: These control frames are not currently sent by
91 * mac80211, but should they be implemented, this function
92 * needs to be updated to support duration field calculation.
94 * RTS: time needed to transmit pending data/mgmt frame plus
95 * one CTS frame plus one ACK frame plus 3 x SIFS
96 * CTS: duration of immediately previous RTS minus time
97 * required to transmit CTS and its SIFS
98 * ACK: 0 if immediately previous directed data/mgmt had
99 * more=0, with more=1 duration in ACK frame is duration
100 * from previous frame minus time needed to transmit ACK
102 * PS Poll: BIT(15) | BIT(14) | aid
108 if (0 /* FIX: data/mgmt during CFP */)
109 return cpu_to_le16(32768);
111 if (group_addr) /* Group address as the destination - no ACK */
114 /* Individual destination address:
115 * IEEE 802.11, Ch. 9.6 (after IEEE 802.11g changes)
116 * CTS and ACK frames shall be transmitted using the highest rate in
117 * basic rate set that is less than or equal to the rate of the
118 * immediately previous frame and that is using the same modulation
119 * (CCK or OFDM). If no basic rate set matches with these requirements,
120 * the highest mandatory rate of the PHY that is less than or equal to
121 * the rate of the previous frame is used.
122 * Mandatory rates for IEEE 802.11g PHY: 1, 2, 5.5, 11, 6, 12, 24 Mbps
125 /* use lowest available if everything fails */
126 mrate = sband->bitrates[0].bitrate;
127 for (i = 0; i < sband->n_bitrates; i++) {
128 struct ieee80211_rate *r = &sband->bitrates[i];
131 if (r->bitrate > txrate->bitrate)
134 if (tx->sdata->vif.bss_conf.basic_rates & BIT(i))
137 switch (sband->band) {
138 case NL80211_BAND_2GHZ:
139 case NL80211_BAND_LC:
140 if (tx->sdata->deflink.operating_11g_mode)
141 flag = IEEE80211_RATE_MANDATORY_G;
143 flag = IEEE80211_RATE_MANDATORY_B;
145 case NL80211_BAND_5GHZ:
146 case NL80211_BAND_6GHZ:
147 flag = IEEE80211_RATE_MANDATORY_A;
159 /* No matching basic rate found; use highest suitable mandatory
164 /* Don't calculate ACKs for QoS Frames with NoAck Policy set */
165 if (ieee80211_is_data_qos(hdr->frame_control) &&
166 *(ieee80211_get_qos_ctl(hdr)) & IEEE80211_QOS_CTL_ACK_POLICY_NOACK)
169 /* Time needed to transmit ACK
170 * (10 bytes + 4-byte FCS = 112 bits) plus SIFS; rounded up
171 * to closest integer */
172 dur = ieee80211_frame_duration(sband->band, 10, rate, erp,
173 tx->sdata->vif.bss_conf.use_short_preamble);
176 /* Frame is fragmented: duration increases with time needed to
177 * transmit next fragment plus ACK and 2 x SIFS. */
178 dur *= 2; /* ACK + SIFS */
180 dur += ieee80211_frame_duration(sband->band, next_frag_len,
181 txrate->bitrate, erp,
182 tx->sdata->vif.bss_conf.use_short_preamble);
185 return cpu_to_le16(dur);
189 static ieee80211_tx_result debug_noinline
190 ieee80211_tx_h_dynamic_ps(struct ieee80211_tx_data *tx)
192 struct ieee80211_local *local = tx->local;
193 struct ieee80211_if_managed *ifmgd;
194 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
196 /* driver doesn't support power save */
197 if (!ieee80211_hw_check(&local->hw, SUPPORTS_PS))
200 /* hardware does dynamic power save */
201 if (ieee80211_hw_check(&local->hw, SUPPORTS_DYNAMIC_PS))
204 /* dynamic power save disabled */
205 if (local->hw.conf.dynamic_ps_timeout <= 0)
208 /* we are scanning, don't enable power save */
212 if (!local->ps_sdata)
215 /* No point if we're going to suspend */
216 if (local->quiescing)
219 /* dynamic ps is supported only in managed mode */
220 if (tx->sdata->vif.type != NL80211_IFTYPE_STATION)
223 if (unlikely(info->flags & IEEE80211_TX_INTFL_OFFCHAN_TX_OK))
226 ifmgd = &tx->sdata->u.mgd;
229 * Don't wakeup from power save if u-apsd is enabled, voip ac has
230 * u-apsd enabled and the frame is in voip class. This effectively
231 * means that even if all access categories have u-apsd enabled, in
232 * practise u-apsd is only used with the voip ac. This is a
233 * workaround for the case when received voip class packets do not
234 * have correct qos tag for some reason, due the network or the
237 * Note: ifmgd->uapsd_queues access is racy here. If the value is
238 * changed via debugfs, user needs to reassociate manually to have
239 * everything in sync.
241 if ((ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED) &&
242 (ifmgd->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO) &&
243 skb_get_queue_mapping(tx->skb) == IEEE80211_AC_VO)
246 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
247 ieee80211_stop_queues_by_reason(&local->hw,
248 IEEE80211_MAX_QUEUE_MAP,
249 IEEE80211_QUEUE_STOP_REASON_PS,
251 ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED;
252 wiphy_work_queue(local->hw.wiphy,
253 &local->dynamic_ps_disable_work);
256 /* Don't restart the timer if we're not disassociated */
257 if (!ifmgd->associated)
260 mod_timer(&local->dynamic_ps_timer, jiffies +
261 msecs_to_jiffies(local->hw.conf.dynamic_ps_timeout));
266 static ieee80211_tx_result debug_noinline
267 ieee80211_tx_h_check_assoc(struct ieee80211_tx_data *tx)
270 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
271 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
274 if (unlikely(info->flags & IEEE80211_TX_CTL_INJECTED))
277 if (unlikely(test_bit(SCAN_SW_SCANNING, &tx->local->scanning)) &&
278 test_bit(SDATA_STATE_OFFCHANNEL, &tx->sdata->state) &&
279 !ieee80211_is_probe_req(hdr->frame_control) &&
280 !ieee80211_is_any_nullfunc(hdr->frame_control))
282 * When software scanning only nullfunc frames (to notify
283 * the sleep state to the AP) and probe requests (for the
284 * active scan) are allowed, all other frames should not be
285 * sent and we should not get here, but if we do
286 * nonetheless, drop them to avoid sending them
287 * off-channel. See the link below and
288 * ieee80211_start_scan() for more.
290 * http://article.gmane.org/gmane.linux.kernel.wireless.general/30089
294 if (tx->sdata->vif.type == NL80211_IFTYPE_OCB)
297 if (tx->flags & IEEE80211_TX_PS_BUFFERED)
301 assoc = test_sta_flag(tx->sta, WLAN_STA_ASSOC);
303 if (likely(tx->flags & IEEE80211_TX_UNICAST)) {
304 if (unlikely(!assoc &&
305 ieee80211_is_data(hdr->frame_control))) {
306 #ifdef CONFIG_MAC80211_VERBOSE_DEBUG
307 sdata_info(tx->sdata,
308 "dropped data frame to not associated station %pM\n",
311 I802_DEBUG_INC(tx->local->tx_handlers_drop_not_assoc);
314 } else if (unlikely(ieee80211_is_data(hdr->frame_control) &&
315 ieee80211_vif_get_num_mcast_if(tx->sdata) == 0)) {
317 * No associated STAs - no need to send multicast
326 /* This function is called whenever the AP is about to exceed the maximum limit
327 * of buffered frames for power saving STAs. This situation should not really
328 * happen often during normal operation, so dropping the oldest buffered packet
329 * from each queue should be OK to make some room for new frames. */
330 static void purge_old_ps_buffers(struct ieee80211_local *local)
332 int total = 0, purged = 0;
334 struct ieee80211_sub_if_data *sdata;
335 struct sta_info *sta;
337 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
340 if (sdata->vif.type == NL80211_IFTYPE_AP)
341 ps = &sdata->u.ap.ps;
342 else if (ieee80211_vif_is_mesh(&sdata->vif))
343 ps = &sdata->u.mesh.ps;
347 skb = skb_dequeue(&ps->bc_buf);
350 ieee80211_free_txskb(&local->hw, skb);
352 total += skb_queue_len(&ps->bc_buf);
356 * Drop one frame from each station from the lowest-priority
357 * AC that has frames at all.
359 list_for_each_entry_rcu(sta, &local->sta_list, list) {
362 for (ac = IEEE80211_AC_BK; ac >= IEEE80211_AC_VO; ac--) {
363 skb = skb_dequeue(&sta->ps_tx_buf[ac]);
364 total += skb_queue_len(&sta->ps_tx_buf[ac]);
367 ieee80211_free_txskb(&local->hw, skb);
373 local->total_ps_buffered = total;
374 ps_dbg_hw(&local->hw, "PS buffers full - purged %d frames\n", purged);
377 static ieee80211_tx_result
378 ieee80211_tx_h_multicast_ps_buf(struct ieee80211_tx_data *tx)
380 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
381 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
385 * broadcast/multicast frame
387 * If any of the associated/peer stations is in power save mode,
388 * the frame is buffered to be sent after DTIM beacon frame.
389 * This is done either by the hardware or us.
392 /* powersaving STAs currently only in AP/VLAN/mesh mode */
393 if (tx->sdata->vif.type == NL80211_IFTYPE_AP ||
394 tx->sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
398 ps = &tx->sdata->bss->ps;
399 } else if (ieee80211_vif_is_mesh(&tx->sdata->vif)) {
400 ps = &tx->sdata->u.mesh.ps;
406 /* no buffering for ordered frames */
407 if (ieee80211_has_order(hdr->frame_control))
410 if (ieee80211_is_probe_req(hdr->frame_control))
413 if (ieee80211_hw_check(&tx->local->hw, QUEUE_CONTROL))
414 info->hw_queue = tx->sdata->vif.cab_queue;
416 /* no stations in PS mode and no buffered packets */
417 if (!atomic_read(&ps->num_sta_ps) && skb_queue_empty(&ps->bc_buf))
420 info->flags |= IEEE80211_TX_CTL_SEND_AFTER_DTIM;
422 /* device releases frame after DTIM beacon */
423 if (!ieee80211_hw_check(&tx->local->hw, HOST_BROADCAST_PS_BUFFERING))
426 /* buffered in mac80211 */
427 if (tx->local->total_ps_buffered >= TOTAL_MAX_TX_BUFFER)
428 purge_old_ps_buffers(tx->local);
430 if (skb_queue_len(&ps->bc_buf) >= AP_MAX_BC_BUFFER) {
432 "BC TX buffer full - dropping the oldest frame\n");
433 ieee80211_free_txskb(&tx->local->hw, skb_dequeue(&ps->bc_buf));
435 tx->local->total_ps_buffered++;
437 skb_queue_tail(&ps->bc_buf, tx->skb);
442 static int ieee80211_use_mfp(__le16 fc, struct sta_info *sta,
445 if (!ieee80211_is_mgmt(fc))
448 if (sta == NULL || !test_sta_flag(sta, WLAN_STA_MFP))
451 if (!ieee80211_is_robust_mgmt_frame(skb))
457 static ieee80211_tx_result
458 ieee80211_tx_h_unicast_ps_buf(struct ieee80211_tx_data *tx)
460 struct sta_info *sta = tx->sta;
461 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
462 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
463 struct ieee80211_local *local = tx->local;
468 if (unlikely((test_sta_flag(sta, WLAN_STA_PS_STA) ||
469 test_sta_flag(sta, WLAN_STA_PS_DRIVER) ||
470 test_sta_flag(sta, WLAN_STA_PS_DELIVER)) &&
471 !(info->flags & IEEE80211_TX_CTL_NO_PS_BUFFER))) {
472 int ac = skb_get_queue_mapping(tx->skb);
474 if (ieee80211_is_mgmt(hdr->frame_control) &&
475 !ieee80211_is_bufferable_mmpdu(tx->skb)) {
476 info->flags |= IEEE80211_TX_CTL_NO_PS_BUFFER;
480 ps_dbg(sta->sdata, "STA %pM aid %d: PS buffer for AC %d\n",
481 sta->sta.addr, sta->sta.aid, ac);
482 if (tx->local->total_ps_buffered >= TOTAL_MAX_TX_BUFFER)
483 purge_old_ps_buffers(tx->local);
485 /* sync with ieee80211_sta_ps_deliver_wakeup */
486 spin_lock(&sta->ps_lock);
488 * STA woke up the meantime and all the frames on ps_tx_buf have
489 * been queued to pending queue. No reordering can happen, go
490 * ahead and Tx the packet.
492 if (!test_sta_flag(sta, WLAN_STA_PS_STA) &&
493 !test_sta_flag(sta, WLAN_STA_PS_DRIVER) &&
494 !test_sta_flag(sta, WLAN_STA_PS_DELIVER)) {
495 spin_unlock(&sta->ps_lock);
499 if (skb_queue_len(&sta->ps_tx_buf[ac]) >= STA_MAX_TX_BUFFER) {
500 struct sk_buff *old = skb_dequeue(&sta->ps_tx_buf[ac]);
502 "STA %pM TX buffer for AC %d full - dropping oldest frame\n",
504 ieee80211_free_txskb(&local->hw, old);
506 tx->local->total_ps_buffered++;
508 info->control.jiffies = jiffies;
509 info->control.vif = &tx->sdata->vif;
510 info->control.flags |= IEEE80211_TX_INTCFL_NEED_TXPROCESSING;
511 info->flags &= ~IEEE80211_TX_TEMPORARY_FLAGS;
512 skb_queue_tail(&sta->ps_tx_buf[ac], tx->skb);
513 spin_unlock(&sta->ps_lock);
515 if (!timer_pending(&local->sta_cleanup))
516 mod_timer(&local->sta_cleanup,
517 round_jiffies(jiffies +
518 STA_INFO_CLEANUP_INTERVAL));
521 * We queued up some frames, so the TIM bit might
522 * need to be set, recalculate it.
524 sta_info_recalc_tim(sta);
527 } else if (unlikely(test_sta_flag(sta, WLAN_STA_PS_STA))) {
529 "STA %pM in PS mode, but polling/in SP -> send frame\n",
536 static ieee80211_tx_result debug_noinline
537 ieee80211_tx_h_ps_buf(struct ieee80211_tx_data *tx)
539 if (unlikely(tx->flags & IEEE80211_TX_PS_BUFFERED))
542 if (tx->flags & IEEE80211_TX_UNICAST)
543 return ieee80211_tx_h_unicast_ps_buf(tx);
545 return ieee80211_tx_h_multicast_ps_buf(tx);
548 static ieee80211_tx_result debug_noinline
549 ieee80211_tx_h_check_control_port_protocol(struct ieee80211_tx_data *tx)
551 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
553 if (unlikely(tx->sdata->control_port_protocol == tx->skb->protocol)) {
554 if (tx->sdata->control_port_no_encrypt)
555 info->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
556 info->control.flags |= IEEE80211_TX_CTRL_PORT_CTRL_PROTO;
557 info->flags |= IEEE80211_TX_CTL_USE_MINRATE;
563 static struct ieee80211_key *
564 ieee80211_select_link_key(struct ieee80211_tx_data *tx)
566 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
567 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
568 struct ieee80211_link_data *link;
569 unsigned int link_id;
571 link_id = u32_get_bits(info->control.flags, IEEE80211_TX_CTRL_MLO_LINK);
572 if (link_id == IEEE80211_LINK_UNSPECIFIED) {
573 link = &tx->sdata->deflink;
575 link = rcu_dereference(tx->sdata->link[link_id]);
580 if (ieee80211_is_group_privacy_action(tx->skb))
581 return rcu_dereference(link->default_multicast_key);
582 else if (ieee80211_is_mgmt(hdr->frame_control) &&
583 is_multicast_ether_addr(hdr->addr1) &&
584 ieee80211_is_robust_mgmt_frame(tx->skb))
585 return rcu_dereference(link->default_mgmt_key);
586 else if (is_multicast_ether_addr(hdr->addr1))
587 return rcu_dereference(link->default_multicast_key);
592 static ieee80211_tx_result debug_noinline
593 ieee80211_tx_h_select_key(struct ieee80211_tx_data *tx)
595 struct ieee80211_key *key;
596 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
597 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
599 if (unlikely(info->flags & IEEE80211_TX_INTFL_DONT_ENCRYPT)) {
605 (key = rcu_dereference(tx->sta->ptk[tx->sta->ptk_idx])))
607 else if ((key = ieee80211_select_link_key(tx)))
609 else if (!is_multicast_ether_addr(hdr->addr1) &&
610 (key = rcu_dereference(tx->sdata->default_unicast_key)))
616 bool skip_hw = false;
618 /* TODO: add threshold stuff again */
620 switch (tx->key->conf.cipher) {
621 case WLAN_CIPHER_SUITE_WEP40:
622 case WLAN_CIPHER_SUITE_WEP104:
623 case WLAN_CIPHER_SUITE_TKIP:
624 if (!ieee80211_is_data_present(hdr->frame_control))
627 case WLAN_CIPHER_SUITE_CCMP:
628 case WLAN_CIPHER_SUITE_CCMP_256:
629 case WLAN_CIPHER_SUITE_GCMP:
630 case WLAN_CIPHER_SUITE_GCMP_256:
631 if (!ieee80211_is_data_present(hdr->frame_control) &&
632 !ieee80211_use_mfp(hdr->frame_control, tx->sta,
634 !ieee80211_is_group_privacy_action(tx->skb))
637 skip_hw = (tx->key->conf.flags &
638 IEEE80211_KEY_FLAG_SW_MGMT_TX) &&
639 ieee80211_is_mgmt(hdr->frame_control);
641 case WLAN_CIPHER_SUITE_AES_CMAC:
642 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
643 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
644 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
645 if (!ieee80211_is_mgmt(hdr->frame_control))
650 if (unlikely(tx->key && tx->key->flags & KEY_FLAG_TAINTED &&
651 !ieee80211_is_deauth(hdr->frame_control)) &&
652 tx->skb->protocol != tx->sdata->control_port_protocol)
655 if (!skip_hw && tx->key &&
656 tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE)
657 info->control.hw_key = &tx->key->conf;
658 } else if (ieee80211_is_data_present(hdr->frame_control) && tx->sta &&
659 test_sta_flag(tx->sta, WLAN_STA_USES_ENCRYPTION)) {
666 static ieee80211_tx_result debug_noinline
667 ieee80211_tx_h_rate_ctrl(struct ieee80211_tx_data *tx)
669 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
670 struct ieee80211_hdr *hdr = (void *)tx->skb->data;
671 struct ieee80211_supported_band *sband;
673 struct ieee80211_tx_rate_control txrc;
674 struct ieee80211_sta_rates *ratetbl = NULL;
675 bool encap = info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP;
678 memset(&txrc, 0, sizeof(txrc));
680 sband = tx->local->hw.wiphy->bands[info->band];
682 len = min_t(u32, tx->skb->len + FCS_LEN,
683 tx->local->hw.wiphy->frag_threshold);
685 /* set up the tx rate control struct we give the RC algo */
686 txrc.hw = &tx->local->hw;
688 txrc.bss_conf = &tx->sdata->vif.bss_conf;
690 txrc.reported_rate.idx = -1;
692 if (unlikely(info->control.flags & IEEE80211_TX_CTRL_DONT_USE_RATE_MASK)) {
693 txrc.rate_idx_mask = ~0;
695 txrc.rate_idx_mask = tx->sdata->rc_rateidx_mask[info->band];
697 if (tx->sdata->rc_has_mcs_mask[info->band])
698 txrc.rate_idx_mcs_mask =
699 tx->sdata->rc_rateidx_mcs_mask[info->band];
702 txrc.bss = (tx->sdata->vif.type == NL80211_IFTYPE_AP ||
703 tx->sdata->vif.type == NL80211_IFTYPE_MESH_POINT ||
704 tx->sdata->vif.type == NL80211_IFTYPE_ADHOC ||
705 tx->sdata->vif.type == NL80211_IFTYPE_OCB);
707 /* set up RTS protection if desired */
708 if (len > tx->local->hw.wiphy->rts_threshold) {
712 info->control.use_rts = txrc.rts;
713 info->control.use_cts_prot = tx->sdata->vif.bss_conf.use_cts_prot;
716 * Use short preamble if the BSS can handle it, but not for
717 * management frames unless we know the receiver can handle
718 * that -- the management frame might be to a station that
719 * just wants a probe response.
721 if (tx->sdata->vif.bss_conf.use_short_preamble &&
722 (ieee80211_is_tx_data(tx->skb) ||
723 (tx->sta && test_sta_flag(tx->sta, WLAN_STA_SHORT_PREAMBLE))))
724 txrc.short_preamble = true;
726 info->control.short_preamble = txrc.short_preamble;
728 /* don't ask rate control when rate already injected via radiotap */
729 if (info->control.flags & IEEE80211_TX_CTRL_RATE_INJECT)
733 assoc = test_sta_flag(tx->sta, WLAN_STA_ASSOC);
736 * Lets not bother rate control if we're associated and cannot
737 * talk to the sta. This should not happen.
739 if (WARN(test_bit(SCAN_SW_SCANNING, &tx->local->scanning) && assoc &&
740 !rate_usable_index_exists(sband, &tx->sta->sta),
741 "%s: Dropped data frame as no usable bitrate found while "
742 "scanning and associated. Target station: "
743 "%pM on %d GHz band\n",
745 encap ? ((struct ethhdr *)hdr)->h_dest : hdr->addr1,
750 * If we're associated with the sta at this point we know we can at
751 * least send the frame at the lowest bit rate.
753 rate_control_get_rate(tx->sdata, tx->sta, &txrc);
755 if (tx->sta && !info->control.skip_table)
756 ratetbl = rcu_dereference(tx->sta->sta.rates);
758 if (unlikely(info->control.rates[0].idx < 0)) {
760 struct ieee80211_tx_rate rate = {
761 .idx = ratetbl->rate[0].idx,
762 .flags = ratetbl->rate[0].flags,
763 .count = ratetbl->rate[0].count
766 if (ratetbl->rate[0].idx < 0)
774 tx->rate = info->control.rates[0];
777 if (txrc.reported_rate.idx < 0) {
778 txrc.reported_rate = tx->rate;
779 if (tx->sta && ieee80211_is_tx_data(tx->skb))
780 tx->sta->deflink.tx_stats.last_rate = txrc.reported_rate;
782 tx->sta->deflink.tx_stats.last_rate = txrc.reported_rate;
787 if (unlikely(!info->control.rates[0].count))
788 info->control.rates[0].count = 1;
790 if (WARN_ON_ONCE((info->control.rates[0].count > 1) &&
791 (info->flags & IEEE80211_TX_CTL_NO_ACK)))
792 info->control.rates[0].count = 1;
797 static __le16 ieee80211_tx_next_seq(struct sta_info *sta, int tid)
799 u16 *seq = &sta->tid_seq[tid];
800 __le16 ret = cpu_to_le16(*seq);
802 /* Increase the sequence number. */
803 *seq = (*seq + 0x10) & IEEE80211_SCTL_SEQ;
808 static ieee80211_tx_result debug_noinline
809 ieee80211_tx_h_sequence(struct ieee80211_tx_data *tx)
811 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
812 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
816 * Packet injection may want to control the sequence
817 * number, if we have no matching interface then we
818 * neither assign one ourselves nor ask the driver to.
820 if (unlikely(info->control.vif->type == NL80211_IFTYPE_MONITOR))
823 if (unlikely(ieee80211_is_ctl(hdr->frame_control)))
826 if (ieee80211_hdrlen(hdr->frame_control) < 24)
829 if (ieee80211_is_qos_nullfunc(hdr->frame_control))
832 if (info->control.flags & IEEE80211_TX_CTRL_NO_SEQNO)
835 /* SNS11 from 802.11be 10.3.2.14 */
836 if (unlikely(is_multicast_ether_addr(hdr->addr1) &&
837 ieee80211_vif_is_mld(info->control.vif) &&
838 info->control.vif->type == NL80211_IFTYPE_AP)) {
839 if (info->control.flags & IEEE80211_TX_CTRL_MCAST_MLO_FIRST_TX)
840 tx->sdata->mld_mcast_seq += 0x10;
841 hdr->seq_ctrl = cpu_to_le16(tx->sdata->mld_mcast_seq);
846 * Anything but QoS data that has a sequence number field
847 * (is long enough) gets a sequence number from the global
848 * counter. QoS data frames with a multicast destination
849 * also use the global counter (802.11-2012 9.3.2.10).
851 if (!ieee80211_is_data_qos(hdr->frame_control) ||
852 is_multicast_ether_addr(hdr->addr1)) {
853 /* driver should assign sequence number */
854 info->flags |= IEEE80211_TX_CTL_ASSIGN_SEQ;
855 /* for pure STA mode without beacons, we can do it */
856 hdr->seq_ctrl = cpu_to_le16(tx->sdata->sequence_number);
857 tx->sdata->sequence_number += 0x10;
859 tx->sta->deflink.tx_stats.msdu[IEEE80211_NUM_TIDS]++;
864 * This should be true for injected/management frames only, for
865 * management frames we have set the IEEE80211_TX_CTL_ASSIGN_SEQ
866 * above since they are not QoS-data frames.
871 /* include per-STA, per-TID sequence counter */
872 tid = ieee80211_get_tid(hdr);
873 tx->sta->deflink.tx_stats.msdu[tid]++;
875 hdr->seq_ctrl = ieee80211_tx_next_seq(tx->sta, tid);
880 static int ieee80211_fragment(struct ieee80211_tx_data *tx,
881 struct sk_buff *skb, int hdrlen,
884 struct ieee80211_local *local = tx->local;
885 struct ieee80211_tx_info *info;
887 int per_fragm = frag_threshold - hdrlen - FCS_LEN;
888 int pos = hdrlen + per_fragm;
889 int rem = skb->len - hdrlen - per_fragm;
891 if (WARN_ON(rem < 0))
894 /* first fragment was already added to queue by caller */
897 int fraglen = per_fragm;
902 tmp = dev_alloc_skb(local->tx_headroom +
904 IEEE80211_ENCRYPT_HEADROOM +
905 IEEE80211_ENCRYPT_TAILROOM);
909 __skb_queue_tail(&tx->skbs, tmp);
912 local->tx_headroom + IEEE80211_ENCRYPT_HEADROOM);
914 /* copy control information */
915 memcpy(tmp->cb, skb->cb, sizeof(tmp->cb));
917 info = IEEE80211_SKB_CB(tmp);
918 info->flags &= ~(IEEE80211_TX_CTL_CLEAR_PS_FILT |
919 IEEE80211_TX_CTL_FIRST_FRAGMENT);
922 info->flags |= IEEE80211_TX_CTL_MORE_FRAMES;
924 skb_copy_queue_mapping(tmp, skb);
925 tmp->priority = skb->priority;
928 /* copy header and data */
929 skb_put_data(tmp, skb->data, hdrlen);
930 skb_put_data(tmp, skb->data + pos, fraglen);
935 /* adjust first fragment's length */
936 skb_trim(skb, hdrlen + per_fragm);
940 static ieee80211_tx_result debug_noinline
941 ieee80211_tx_h_fragment(struct ieee80211_tx_data *tx)
943 struct sk_buff *skb = tx->skb;
944 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
945 struct ieee80211_hdr *hdr = (void *)skb->data;
946 int frag_threshold = tx->local->hw.wiphy->frag_threshold;
950 /* no matter what happens, tx->skb moves to tx->skbs */
951 __skb_queue_tail(&tx->skbs, skb);
954 if (info->flags & IEEE80211_TX_CTL_DONTFRAG)
957 if (ieee80211_hw_check(&tx->local->hw, SUPPORTS_TX_FRAG))
961 * Warn when submitting a fragmented A-MPDU frame and drop it.
962 * This scenario is handled in ieee80211_tx_prepare but extra
963 * caution taken here as fragmented ampdu may cause Tx stop.
965 if (WARN_ON(info->flags & IEEE80211_TX_CTL_AMPDU))
968 hdrlen = ieee80211_hdrlen(hdr->frame_control);
970 /* internal error, why isn't DONTFRAG set? */
971 if (WARN_ON(skb->len + FCS_LEN <= frag_threshold))
975 * Now fragment the frame. This will allocate all the fragments and
976 * chain them (using skb as the first fragment) to skb->next.
977 * During transmission, we will remove the successfully transmitted
978 * fragments from this list. When the low-level driver rejects one
979 * of the fragments then we will simply pretend to accept the skb
980 * but store it away as pending.
982 if (ieee80211_fragment(tx, skb, hdrlen, frag_threshold))
985 /* update duration/seq/flags of fragments */
988 skb_queue_walk(&tx->skbs, skb) {
989 const __le16 morefrags = cpu_to_le16(IEEE80211_FCTL_MOREFRAGS);
991 hdr = (void *)skb->data;
992 info = IEEE80211_SKB_CB(skb);
994 if (!skb_queue_is_last(&tx->skbs, skb)) {
995 hdr->frame_control |= morefrags;
997 * No multi-rate retries for fragmented frames, that
998 * would completely throw off the NAV at other STAs.
1000 info->control.rates[1].idx = -1;
1001 info->control.rates[2].idx = -1;
1002 info->control.rates[3].idx = -1;
1003 BUILD_BUG_ON(IEEE80211_TX_MAX_RATES != 4);
1004 info->flags &= ~IEEE80211_TX_CTL_RATE_CTRL_PROBE;
1006 hdr->frame_control &= ~morefrags;
1008 hdr->seq_ctrl |= cpu_to_le16(fragnum & IEEE80211_SCTL_FRAG);
1015 static ieee80211_tx_result debug_noinline
1016 ieee80211_tx_h_stats(struct ieee80211_tx_data *tx)
1018 struct sk_buff *skb;
1024 skb_queue_walk(&tx->skbs, skb) {
1025 ac = skb_get_queue_mapping(skb);
1026 tx->sta->deflink.tx_stats.bytes[ac] += skb->len;
1029 tx->sta->deflink.tx_stats.packets[ac]++;
1034 static ieee80211_tx_result debug_noinline
1035 ieee80211_tx_h_encrypt(struct ieee80211_tx_data *tx)
1040 switch (tx->key->conf.cipher) {
1041 case WLAN_CIPHER_SUITE_WEP40:
1042 case WLAN_CIPHER_SUITE_WEP104:
1043 return ieee80211_crypto_wep_encrypt(tx);
1044 case WLAN_CIPHER_SUITE_TKIP:
1045 return ieee80211_crypto_tkip_encrypt(tx);
1046 case WLAN_CIPHER_SUITE_CCMP:
1047 return ieee80211_crypto_ccmp_encrypt(
1048 tx, IEEE80211_CCMP_MIC_LEN);
1049 case WLAN_CIPHER_SUITE_CCMP_256:
1050 return ieee80211_crypto_ccmp_encrypt(
1051 tx, IEEE80211_CCMP_256_MIC_LEN);
1052 case WLAN_CIPHER_SUITE_AES_CMAC:
1053 return ieee80211_crypto_aes_cmac_encrypt(tx);
1054 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
1055 return ieee80211_crypto_aes_cmac_256_encrypt(tx);
1056 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
1057 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
1058 return ieee80211_crypto_aes_gmac_encrypt(tx);
1059 case WLAN_CIPHER_SUITE_GCMP:
1060 case WLAN_CIPHER_SUITE_GCMP_256:
1061 return ieee80211_crypto_gcmp_encrypt(tx);
1067 static ieee80211_tx_result debug_noinline
1068 ieee80211_tx_h_calculate_duration(struct ieee80211_tx_data *tx)
1070 struct sk_buff *skb;
1071 struct ieee80211_hdr *hdr;
1075 skb_queue_walk(&tx->skbs, skb) {
1076 hdr = (void *) skb->data;
1077 if (unlikely(ieee80211_is_pspoll(hdr->frame_control)))
1078 break; /* must not overwrite AID */
1079 if (!skb_queue_is_last(&tx->skbs, skb)) {
1080 struct sk_buff *next = skb_queue_next(&tx->skbs, skb);
1081 next_len = next->len;
1084 group_addr = is_multicast_ether_addr(hdr->addr1);
1087 ieee80211_duration(tx, skb, group_addr, next_len);
1093 /* actual transmit path */
1095 static bool ieee80211_tx_prep_agg(struct ieee80211_tx_data *tx,
1096 struct sk_buff *skb,
1097 struct ieee80211_tx_info *info,
1098 struct tid_ampdu_tx *tid_tx,
1101 bool queued = false;
1102 bool reset_agg_timer = false;
1103 struct sk_buff *purge_skb = NULL;
1105 if (test_bit(HT_AGG_STATE_OPERATIONAL, &tid_tx->state)) {
1106 reset_agg_timer = true;
1107 } else if (test_bit(HT_AGG_STATE_WANT_START, &tid_tx->state)) {
1109 * nothing -- this aggregation session is being started
1110 * but that might still fail with the driver
1112 } else if (!tx->sta->sta.txq[tid]) {
1113 spin_lock(&tx->sta->lock);
1115 * Need to re-check now, because we may get here
1117 * 1) in the window during which the setup is actually
1118 * already done, but not marked yet because not all
1119 * packets are spliced over to the driver pending
1120 * queue yet -- if this happened we acquire the lock
1121 * either before or after the splice happens, but
1122 * need to recheck which of these cases happened.
1124 * 2) during session teardown, if the OPERATIONAL bit
1125 * was cleared due to the teardown but the pointer
1126 * hasn't been assigned NULL yet (or we loaded it
1127 * before it was assigned) -- in this case it may
1128 * now be NULL which means we should just let the
1129 * packet pass through because splicing the frames
1130 * back is already done.
1132 tid_tx = rcu_dereference_protected_tid_tx(tx->sta, tid);
1135 /* do nothing, let packet pass through */
1136 } else if (test_bit(HT_AGG_STATE_OPERATIONAL, &tid_tx->state)) {
1137 reset_agg_timer = true;
1140 if (info->flags & IEEE80211_TX_CTL_NO_PS_BUFFER) {
1141 clear_sta_flag(tx->sta, WLAN_STA_SP);
1142 ps_dbg(tx->sta->sdata,
1143 "STA %pM aid %d: SP frame queued, close the SP w/o telling the peer\n",
1144 tx->sta->sta.addr, tx->sta->sta.aid);
1146 info->control.vif = &tx->sdata->vif;
1147 info->control.flags |= IEEE80211_TX_INTCFL_NEED_TXPROCESSING;
1148 info->flags &= ~IEEE80211_TX_TEMPORARY_FLAGS;
1149 __skb_queue_tail(&tid_tx->pending, skb);
1150 if (skb_queue_len(&tid_tx->pending) > STA_MAX_TX_BUFFER)
1151 purge_skb = __skb_dequeue(&tid_tx->pending);
1153 spin_unlock(&tx->sta->lock);
1156 ieee80211_free_txskb(&tx->local->hw, purge_skb);
1159 /* reset session timer */
1160 if (reset_agg_timer)
1161 tid_tx->last_tx = jiffies;
1166 void ieee80211_aggr_check(struct ieee80211_sub_if_data *sdata,
1167 struct sta_info *sta, struct sk_buff *skb)
1169 struct rate_control_ref *ref = sdata->local->rate_ctrl;
1172 if (!ref || !(ref->ops->capa & RATE_CTRL_CAPA_AMPDU_TRIGGER))
1176 (!sta->sta.valid_links && !sta->sta.deflink.ht_cap.ht_supported) ||
1177 !sta->sta.wme || skb_get_queue_mapping(skb) == IEEE80211_AC_VO ||
1178 skb->protocol == sdata->control_port_protocol)
1181 tid = skb->priority & IEEE80211_QOS_CTL_TID_MASK;
1182 if (likely(sta->ampdu_mlme.tid_tx[tid]))
1185 ieee80211_start_tx_ba_session(&sta->sta, tid, 0);
1190 * pass %NULL for the station if unknown, a valid pointer if known
1191 * or an ERR_PTR() if the station is known not to exist
1193 static ieee80211_tx_result
1194 ieee80211_tx_prepare(struct ieee80211_sub_if_data *sdata,
1195 struct ieee80211_tx_data *tx,
1196 struct sta_info *sta, struct sk_buff *skb)
1198 struct ieee80211_local *local = sdata->local;
1199 struct ieee80211_hdr *hdr;
1200 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1201 bool aggr_check = false;
1204 memset(tx, 0, sizeof(*tx));
1208 __skb_queue_head_init(&tx->skbs);
1211 * If this flag is set to true anywhere, and we get here,
1212 * we are doing the needed processing, so remove the flag
1215 info->control.flags &= ~IEEE80211_TX_INTCFL_NEED_TXPROCESSING;
1217 hdr = (struct ieee80211_hdr *) skb->data;
1223 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
1224 tx->sta = rcu_dereference(sdata->u.vlan.sta);
1225 if (!tx->sta && sdata->wdev.use_4addr)
1227 } else if (tx->sdata->control_port_protocol == tx->skb->protocol) {
1228 tx->sta = sta_info_get_bss(sdata, hdr->addr1);
1230 if (!tx->sta && !is_multicast_ether_addr(hdr->addr1)) {
1231 tx->sta = sta_info_get(sdata, hdr->addr1);
1236 if (tx->sta && ieee80211_is_data_qos(hdr->frame_control) &&
1237 !ieee80211_is_qos_nullfunc(hdr->frame_control) &&
1238 ieee80211_hw_check(&local->hw, AMPDU_AGGREGATION) &&
1239 !ieee80211_hw_check(&local->hw, TX_AMPDU_SETUP_IN_HW)) {
1240 struct tid_ampdu_tx *tid_tx;
1242 tid = ieee80211_get_tid(hdr);
1243 tid_tx = rcu_dereference(tx->sta->ampdu_mlme.tid_tx[tid]);
1244 if (!tid_tx && aggr_check) {
1245 ieee80211_aggr_check(sdata, tx->sta, skb);
1246 tid_tx = rcu_dereference(tx->sta->ampdu_mlme.tid_tx[tid]);
1252 queued = ieee80211_tx_prep_agg(tx, skb, info,
1255 if (unlikely(queued))
1260 if (is_multicast_ether_addr(hdr->addr1)) {
1261 tx->flags &= ~IEEE80211_TX_UNICAST;
1262 info->flags |= IEEE80211_TX_CTL_NO_ACK;
1264 tx->flags |= IEEE80211_TX_UNICAST;
1266 if (!(info->flags & IEEE80211_TX_CTL_DONTFRAG)) {
1267 if (!(tx->flags & IEEE80211_TX_UNICAST) ||
1268 skb->len + FCS_LEN <= local->hw.wiphy->frag_threshold ||
1269 info->flags & IEEE80211_TX_CTL_AMPDU)
1270 info->flags |= IEEE80211_TX_CTL_DONTFRAG;
1274 info->flags |= IEEE80211_TX_CTL_CLEAR_PS_FILT;
1275 else if (test_and_clear_sta_flag(tx->sta, WLAN_STA_CLEAR_PS_FILT)) {
1276 info->flags |= IEEE80211_TX_CTL_CLEAR_PS_FILT;
1277 ieee80211_check_fast_xmit(tx->sta);
1280 info->flags |= IEEE80211_TX_CTL_FIRST_FRAGMENT;
1285 static struct txq_info *ieee80211_get_txq(struct ieee80211_local *local,
1286 struct ieee80211_vif *vif,
1287 struct sta_info *sta,
1288 struct sk_buff *skb)
1290 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
1291 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1292 struct ieee80211_txq *txq = NULL;
1294 if ((info->flags & IEEE80211_TX_CTL_SEND_AFTER_DTIM) ||
1295 (info->control.flags & IEEE80211_TX_CTRL_PS_RESPONSE))
1298 if (!(info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP) &&
1299 unlikely(!ieee80211_is_data_present(hdr->frame_control))) {
1300 if ((!ieee80211_is_mgmt(hdr->frame_control) ||
1301 ieee80211_is_bufferable_mmpdu(skb) ||
1302 vif->type == NL80211_IFTYPE_STATION) &&
1303 sta && sta->uploaded) {
1305 * This will be NULL if the driver didn't set the
1306 * opt-in hardware flag.
1308 txq = sta->sta.txq[IEEE80211_NUM_TIDS];
1311 u8 tid = skb->priority & IEEE80211_QOS_CTL_TID_MASK;
1316 txq = sta->sta.txq[tid];
1324 return to_txq_info(txq);
1327 static void ieee80211_set_skb_enqueue_time(struct sk_buff *skb)
1329 struct sk_buff *next;
1330 codel_time_t now = codel_get_time();
1332 skb_list_walk_safe(skb, skb, next)
1333 IEEE80211_SKB_CB(skb)->control.enqueue_time = now;
1336 static u32 codel_skb_len_func(const struct sk_buff *skb)
1341 static codel_time_t codel_skb_time_func(const struct sk_buff *skb)
1343 const struct ieee80211_tx_info *info;
1345 info = (const struct ieee80211_tx_info *)skb->cb;
1346 return info->control.enqueue_time;
1349 static struct sk_buff *codel_dequeue_func(struct codel_vars *cvars,
1352 struct ieee80211_local *local;
1353 struct txq_info *txqi;
1355 struct fq_flow *flow;
1358 local = vif_to_sdata(txqi->txq.vif)->local;
1361 if (cvars == &txqi->def_cvars)
1362 flow = &txqi->tin.default_flow;
1364 flow = &fq->flows[cvars - local->cvars];
1366 return fq_flow_dequeue(fq, flow);
1369 static void codel_drop_func(struct sk_buff *skb,
1372 struct ieee80211_local *local;
1373 struct ieee80211_hw *hw;
1374 struct txq_info *txqi;
1377 local = vif_to_sdata(txqi->txq.vif)->local;
1380 ieee80211_free_txskb(hw, skb);
1383 static struct sk_buff *fq_tin_dequeue_func(struct fq *fq,
1385 struct fq_flow *flow)
1387 struct ieee80211_local *local;
1388 struct txq_info *txqi;
1389 struct codel_vars *cvars;
1390 struct codel_params *cparams;
1391 struct codel_stats *cstats;
1393 local = container_of(fq, struct ieee80211_local, fq);
1394 txqi = container_of(tin, struct txq_info, tin);
1395 cparams = &local->cparams;
1396 cstats = &txqi->cstats;
1398 if (flow == &tin->default_flow)
1399 cvars = &txqi->def_cvars;
1401 cvars = &local->cvars[flow - fq->flows];
1403 return codel_dequeue(txqi,
1409 codel_skb_time_func,
1411 codel_dequeue_func);
1414 static void fq_skb_free_func(struct fq *fq,
1416 struct fq_flow *flow,
1417 struct sk_buff *skb)
1419 struct ieee80211_local *local;
1421 local = container_of(fq, struct ieee80211_local, fq);
1422 ieee80211_free_txskb(&local->hw, skb);
1425 static void ieee80211_txq_enqueue(struct ieee80211_local *local,
1426 struct txq_info *txqi,
1427 struct sk_buff *skb)
1429 struct fq *fq = &local->fq;
1430 struct fq_tin *tin = &txqi->tin;
1431 u32 flow_idx = fq_flow_idx(fq, skb);
1433 ieee80211_set_skb_enqueue_time(skb);
1435 spin_lock_bh(&fq->lock);
1437 * For management frames, don't really apply codel etc.,
1438 * we don't want to apply any shaping or anything we just
1439 * want to simplify the driver API by having them on the
1442 if (unlikely(txqi->txq.tid == IEEE80211_NUM_TIDS)) {
1443 IEEE80211_SKB_CB(skb)->control.flags |=
1444 IEEE80211_TX_INTCFL_NEED_TXPROCESSING;
1445 __skb_queue_tail(&txqi->frags, skb);
1447 fq_tin_enqueue(fq, tin, flow_idx, skb,
1450 spin_unlock_bh(&fq->lock);
1453 static bool fq_vlan_filter_func(struct fq *fq, struct fq_tin *tin,
1454 struct fq_flow *flow, struct sk_buff *skb,
1457 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1459 return info->control.vif == data;
1462 void ieee80211_txq_remove_vlan(struct ieee80211_local *local,
1463 struct ieee80211_sub_if_data *sdata)
1465 struct fq *fq = &local->fq;
1466 struct txq_info *txqi;
1468 struct ieee80211_sub_if_data *ap;
1470 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_AP_VLAN))
1473 ap = container_of(sdata->bss, struct ieee80211_sub_if_data, u.ap);
1478 txqi = to_txq_info(ap->vif.txq);
1481 spin_lock_bh(&fq->lock);
1482 fq_tin_filter(fq, tin, fq_vlan_filter_func, &sdata->vif,
1484 spin_unlock_bh(&fq->lock);
1487 void ieee80211_txq_init(struct ieee80211_sub_if_data *sdata,
1488 struct sta_info *sta,
1489 struct txq_info *txqi, int tid)
1491 fq_tin_init(&txqi->tin);
1492 codel_vars_init(&txqi->def_cvars);
1493 codel_stats_init(&txqi->cstats);
1494 __skb_queue_head_init(&txqi->frags);
1495 INIT_LIST_HEAD(&txqi->schedule_order);
1497 txqi->txq.vif = &sdata->vif;
1500 sdata->vif.txq = &txqi->txq;
1502 txqi->txq.ac = IEEE80211_AC_BE;
1507 if (tid == IEEE80211_NUM_TIDS) {
1508 if (sdata->vif.type == NL80211_IFTYPE_STATION) {
1509 /* Drivers need to opt in to the management MPDU TXQ */
1510 if (!ieee80211_hw_check(&sdata->local->hw,
1513 } else if (!ieee80211_hw_check(&sdata->local->hw,
1515 /* Drivers need to opt in to the bufferable MMPDU TXQ */
1518 txqi->txq.ac = IEEE80211_AC_VO;
1520 txqi->txq.ac = ieee80211_ac_from_tid(tid);
1523 txqi->txq.sta = &sta->sta;
1524 txqi->txq.tid = tid;
1525 sta->sta.txq[tid] = &txqi->txq;
1528 void ieee80211_txq_purge(struct ieee80211_local *local,
1529 struct txq_info *txqi)
1531 struct fq *fq = &local->fq;
1532 struct fq_tin *tin = &txqi->tin;
1534 spin_lock_bh(&fq->lock);
1535 fq_tin_reset(fq, tin, fq_skb_free_func);
1536 ieee80211_purge_tx_queue(&local->hw, &txqi->frags);
1537 spin_unlock_bh(&fq->lock);
1539 spin_lock_bh(&local->active_txq_lock[txqi->txq.ac]);
1540 list_del_init(&txqi->schedule_order);
1541 spin_unlock_bh(&local->active_txq_lock[txqi->txq.ac]);
1544 void ieee80211_txq_set_params(struct ieee80211_local *local)
1546 if (local->hw.wiphy->txq_limit)
1547 local->fq.limit = local->hw.wiphy->txq_limit;
1549 local->hw.wiphy->txq_limit = local->fq.limit;
1551 if (local->hw.wiphy->txq_memory_limit)
1552 local->fq.memory_limit = local->hw.wiphy->txq_memory_limit;
1554 local->hw.wiphy->txq_memory_limit = local->fq.memory_limit;
1556 if (local->hw.wiphy->txq_quantum)
1557 local->fq.quantum = local->hw.wiphy->txq_quantum;
1559 local->hw.wiphy->txq_quantum = local->fq.quantum;
1562 int ieee80211_txq_setup_flows(struct ieee80211_local *local)
1564 struct fq *fq = &local->fq;
1567 bool supp_vht = false;
1568 enum nl80211_band band;
1570 ret = fq_init(fq, 4096);
1575 * If the hardware doesn't support VHT, it is safe to limit the maximum
1576 * queue size. 4 Mbytes is 64 max-size aggregates in 802.11n.
1578 for (band = 0; band < NUM_NL80211_BANDS; band++) {
1579 struct ieee80211_supported_band *sband;
1581 sband = local->hw.wiphy->bands[band];
1585 supp_vht = supp_vht || sband->vht_cap.vht_supported;
1589 fq->memory_limit = 4 << 20; /* 4 Mbytes */
1591 codel_params_init(&local->cparams);
1592 local->cparams.interval = MS2TIME(100);
1593 local->cparams.target = MS2TIME(20);
1594 local->cparams.ecn = true;
1596 local->cvars = kvcalloc(fq->flows_cnt, sizeof(local->cvars[0]),
1598 if (!local->cvars) {
1599 spin_lock_bh(&fq->lock);
1600 fq_reset(fq, fq_skb_free_func);
1601 spin_unlock_bh(&fq->lock);
1605 for (i = 0; i < fq->flows_cnt; i++)
1606 codel_vars_init(&local->cvars[i]);
1608 ieee80211_txq_set_params(local);
1613 void ieee80211_txq_teardown_flows(struct ieee80211_local *local)
1615 struct fq *fq = &local->fq;
1617 kvfree(local->cvars);
1618 local->cvars = NULL;
1620 spin_lock_bh(&fq->lock);
1621 fq_reset(fq, fq_skb_free_func);
1622 spin_unlock_bh(&fq->lock);
1625 static bool ieee80211_queue_skb(struct ieee80211_local *local,
1626 struct ieee80211_sub_if_data *sdata,
1627 struct sta_info *sta,
1628 struct sk_buff *skb)
1630 struct ieee80211_vif *vif;
1631 struct txq_info *txqi;
1633 if (sdata->vif.type == NL80211_IFTYPE_MONITOR)
1636 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
1637 sdata = container_of(sdata->bss,
1638 struct ieee80211_sub_if_data, u.ap);
1641 txqi = ieee80211_get_txq(local, vif, sta, skb);
1646 ieee80211_txq_enqueue(local, txqi, skb);
1648 schedule_and_wake_txq(local, txqi);
1653 static bool ieee80211_tx_frags(struct ieee80211_local *local,
1654 struct ieee80211_vif *vif,
1655 struct sta_info *sta,
1656 struct sk_buff_head *skbs,
1659 struct ieee80211_tx_control control = {};
1660 struct sk_buff *skb, *tmp;
1661 unsigned long flags;
1663 skb_queue_walk_safe(skbs, skb, tmp) {
1664 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1665 int q = info->hw_queue;
1667 #ifdef CONFIG_MAC80211_VERBOSE_DEBUG
1668 if (WARN_ON_ONCE(q >= local->hw.queues)) {
1669 __skb_unlink(skb, skbs);
1670 ieee80211_free_txskb(&local->hw, skb);
1675 spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
1676 if (local->queue_stop_reasons[q] ||
1677 (!txpending && !skb_queue_empty(&local->pending[q]))) {
1678 if (unlikely(info->flags &
1679 IEEE80211_TX_INTFL_OFFCHAN_TX_OK)) {
1680 if (local->queue_stop_reasons[q] &
1681 ~BIT(IEEE80211_QUEUE_STOP_REASON_OFFCHANNEL)) {
1683 * Drop off-channel frames if queues
1684 * are stopped for any reason other
1685 * than off-channel operation. Never
1688 spin_unlock_irqrestore(
1689 &local->queue_stop_reason_lock,
1691 ieee80211_purge_tx_queue(&local->hw,
1698 * Since queue is stopped, queue up frames for
1699 * later transmission from the tx-pending
1700 * tasklet when the queue is woken again.
1703 skb_queue_splice_init(skbs,
1704 &local->pending[q]);
1706 skb_queue_splice_tail_init(skbs,
1707 &local->pending[q]);
1709 spin_unlock_irqrestore(&local->queue_stop_reason_lock,
1714 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
1716 info->control.vif = vif;
1717 control.sta = sta ? &sta->sta : NULL;
1719 __skb_unlink(skb, skbs);
1720 drv_tx(local, &control, skb);
1727 * Returns false if the frame couldn't be transmitted but was queued instead.
1729 static bool __ieee80211_tx(struct ieee80211_local *local,
1730 struct sk_buff_head *skbs, struct sta_info *sta,
1733 struct ieee80211_tx_info *info;
1734 struct ieee80211_sub_if_data *sdata;
1735 struct ieee80211_vif *vif;
1736 struct sk_buff *skb;
1739 if (WARN_ON(skb_queue_empty(skbs)))
1742 skb = skb_peek(skbs);
1743 info = IEEE80211_SKB_CB(skb);
1744 sdata = vif_to_sdata(info->control.vif);
1745 if (sta && !sta->uploaded)
1748 switch (sdata->vif.type) {
1749 case NL80211_IFTYPE_MONITOR:
1750 if ((sdata->u.mntr.flags & MONITOR_FLAG_ACTIVE) ||
1751 ieee80211_hw_check(&local->hw, NO_VIRTUAL_MONITOR)) {
1755 sdata = rcu_dereference(local->monitor_sdata);
1756 if (sdata && ieee80211_hw_check(&local->hw, WANT_MONITOR_VIF)) {
1759 vif->hw_queue[skb_get_queue_mapping(skb)];
1760 } else if (ieee80211_hw_check(&local->hw, QUEUE_CONTROL)) {
1761 ieee80211_purge_tx_queue(&local->hw, skbs);
1766 case NL80211_IFTYPE_AP_VLAN:
1767 sdata = container_of(sdata->bss,
1768 struct ieee80211_sub_if_data, u.ap);
1775 result = ieee80211_tx_frags(local, vif, sta, skbs, txpending);
1777 WARN_ON_ONCE(!skb_queue_empty(skbs));
1783 * Invoke TX handlers, return 0 on success and non-zero if the
1784 * frame was dropped or queued.
1786 * The handlers are split into an early and late part. The latter is everything
1787 * that can be sensitive to reordering, and will be deferred to after packets
1788 * are dequeued from the intermediate queues (when they are enabled).
1790 static int invoke_tx_handlers_early(struct ieee80211_tx_data *tx)
1792 ieee80211_tx_result res = TX_DROP;
1794 #define CALL_TXH(txh) \
1797 if (res != TX_CONTINUE) \
1801 CALL_TXH(ieee80211_tx_h_dynamic_ps);
1802 CALL_TXH(ieee80211_tx_h_check_assoc);
1803 CALL_TXH(ieee80211_tx_h_ps_buf);
1804 CALL_TXH(ieee80211_tx_h_check_control_port_protocol);
1805 CALL_TXH(ieee80211_tx_h_select_key);
1808 if (unlikely(res == TX_DROP)) {
1809 I802_DEBUG_INC(tx->local->tx_handlers_drop);
1811 ieee80211_free_txskb(&tx->local->hw, tx->skb);
1813 ieee80211_purge_tx_queue(&tx->local->hw, &tx->skbs);
1815 } else if (unlikely(res == TX_QUEUED)) {
1816 I802_DEBUG_INC(tx->local->tx_handlers_queued);
1824 * Late handlers can be called while the sta lock is held. Handlers that can
1825 * cause packets to be generated will cause deadlock!
1827 static int invoke_tx_handlers_late(struct ieee80211_tx_data *tx)
1829 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
1830 ieee80211_tx_result res = TX_CONTINUE;
1832 if (!ieee80211_hw_check(&tx->local->hw, HAS_RATE_CONTROL))
1833 CALL_TXH(ieee80211_tx_h_rate_ctrl);
1835 if (unlikely(info->flags & IEEE80211_TX_INTFL_RETRANSMISSION)) {
1836 __skb_queue_tail(&tx->skbs, tx->skb);
1841 CALL_TXH(ieee80211_tx_h_michael_mic_add);
1842 CALL_TXH(ieee80211_tx_h_sequence);
1843 CALL_TXH(ieee80211_tx_h_fragment);
1844 /* handlers after fragment must be aware of tx info fragmentation! */
1845 CALL_TXH(ieee80211_tx_h_stats);
1846 CALL_TXH(ieee80211_tx_h_encrypt);
1847 if (!ieee80211_hw_check(&tx->local->hw, HAS_RATE_CONTROL))
1848 CALL_TXH(ieee80211_tx_h_calculate_duration);
1852 if (unlikely(res == TX_DROP)) {
1853 I802_DEBUG_INC(tx->local->tx_handlers_drop);
1855 ieee80211_free_txskb(&tx->local->hw, tx->skb);
1857 ieee80211_purge_tx_queue(&tx->local->hw, &tx->skbs);
1859 } else if (unlikely(res == TX_QUEUED)) {
1860 I802_DEBUG_INC(tx->local->tx_handlers_queued);
1867 static int invoke_tx_handlers(struct ieee80211_tx_data *tx)
1869 int r = invoke_tx_handlers_early(tx);
1873 return invoke_tx_handlers_late(tx);
1876 bool ieee80211_tx_prepare_skb(struct ieee80211_hw *hw,
1877 struct ieee80211_vif *vif, struct sk_buff *skb,
1878 int band, struct ieee80211_sta **sta)
1880 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1881 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1882 struct ieee80211_tx_data tx;
1883 struct sk_buff *skb2;
1885 if (ieee80211_tx_prepare(sdata, &tx, NULL, skb) == TX_DROP)
1889 info->control.vif = vif;
1890 info->hw_queue = vif->hw_queue[skb_get_queue_mapping(skb)];
1892 if (invoke_tx_handlers(&tx))
1897 *sta = &tx.sta->sta;
1902 /* this function isn't suitable for fragmented data frames */
1903 skb2 = __skb_dequeue(&tx.skbs);
1904 if (WARN_ON(skb2 != skb || !skb_queue_empty(&tx.skbs))) {
1905 ieee80211_free_txskb(hw, skb2);
1906 ieee80211_purge_tx_queue(hw, &tx.skbs);
1912 EXPORT_SYMBOL(ieee80211_tx_prepare_skb);
1915 * Returns false if the frame couldn't be transmitted but was queued instead.
1917 static bool ieee80211_tx(struct ieee80211_sub_if_data *sdata,
1918 struct sta_info *sta, struct sk_buff *skb,
1921 struct ieee80211_local *local = sdata->local;
1922 struct ieee80211_tx_data tx;
1923 ieee80211_tx_result res_prepare;
1924 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1927 if (unlikely(skb->len < 10)) {
1932 /* initialises tx */
1933 res_prepare = ieee80211_tx_prepare(sdata, &tx, sta, skb);
1935 if (unlikely(res_prepare == TX_DROP)) {
1936 ieee80211_free_txskb(&local->hw, skb);
1938 } else if (unlikely(res_prepare == TX_QUEUED)) {
1942 /* set up hw_queue value early */
1943 if (!(info->flags & IEEE80211_TX_CTL_TX_OFFCHAN) ||
1944 !ieee80211_hw_check(&local->hw, QUEUE_CONTROL))
1946 sdata->vif.hw_queue[skb_get_queue_mapping(skb)];
1948 if (invoke_tx_handlers_early(&tx))
1951 if (ieee80211_queue_skb(local, sdata, tx.sta, tx.skb))
1954 if (!invoke_tx_handlers_late(&tx))
1955 result = __ieee80211_tx(local, &tx.skbs, tx.sta, txpending);
1960 /* device xmit handlers */
1962 enum ieee80211_encrypt {
1968 static int ieee80211_skb_resize(struct ieee80211_sub_if_data *sdata,
1969 struct sk_buff *skb,
1971 enum ieee80211_encrypt encrypt)
1973 struct ieee80211_local *local = sdata->local;
1977 enc_tailroom = encrypt == ENCRYPT_MGMT ||
1978 (encrypt == ENCRYPT_DATA &&
1979 sdata->crypto_tx_tailroom_needed_cnt);
1982 tail_need = IEEE80211_ENCRYPT_TAILROOM;
1983 tail_need -= skb_tailroom(skb);
1984 tail_need = max_t(int, tail_need, 0);
1987 if (skb_cloned(skb) &&
1988 (!ieee80211_hw_check(&local->hw, SUPPORTS_CLONED_SKBS) ||
1989 !skb_clone_writable(skb, ETH_HLEN) || enc_tailroom))
1990 I802_DEBUG_INC(local->tx_expand_skb_head_cloned);
1991 else if (head_need || tail_need)
1992 I802_DEBUG_INC(local->tx_expand_skb_head);
1996 if (pskb_expand_head(skb, head_need, tail_need, GFP_ATOMIC)) {
1997 wiphy_debug(local->hw.wiphy,
1998 "failed to reallocate TX buffer\n");
2005 void ieee80211_xmit(struct ieee80211_sub_if_data *sdata,
2006 struct sta_info *sta, struct sk_buff *skb)
2008 struct ieee80211_local *local = sdata->local;
2009 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
2010 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
2012 enum ieee80211_encrypt encrypt;
2014 if (info->flags & IEEE80211_TX_INTFL_DONT_ENCRYPT)
2015 encrypt = ENCRYPT_NO;
2016 else if (ieee80211_is_mgmt(hdr->frame_control))
2017 encrypt = ENCRYPT_MGMT;
2019 encrypt = ENCRYPT_DATA;
2021 headroom = local->tx_headroom;
2022 if (encrypt != ENCRYPT_NO)
2023 headroom += IEEE80211_ENCRYPT_HEADROOM;
2024 headroom -= skb_headroom(skb);
2025 headroom = max_t(int, 0, headroom);
2027 if (ieee80211_skb_resize(sdata, skb, headroom, encrypt)) {
2028 ieee80211_free_txskb(&local->hw, skb);
2032 /* reload after potential resize */
2033 hdr = (struct ieee80211_hdr *) skb->data;
2034 info->control.vif = &sdata->vif;
2036 if (ieee80211_vif_is_mesh(&sdata->vif)) {
2037 if (ieee80211_is_data(hdr->frame_control) &&
2038 is_unicast_ether_addr(hdr->addr1)) {
2039 if (mesh_nexthop_resolve(sdata, skb))
2040 return; /* skb queued: don't free */
2042 ieee80211_mps_set_frame_flags(sdata, NULL, hdr);
2046 ieee80211_set_qos_hdr(sdata, skb);
2047 ieee80211_tx(sdata, sta, skb, false);
2050 static bool ieee80211_validate_radiotap_len(struct sk_buff *skb)
2052 struct ieee80211_radiotap_header *rthdr =
2053 (struct ieee80211_radiotap_header *)skb->data;
2055 /* check for not even having the fixed radiotap header part */
2056 if (unlikely(skb->len < sizeof(struct ieee80211_radiotap_header)))
2057 return false; /* too short to be possibly valid */
2059 /* is it a header version we can trust to find length from? */
2060 if (unlikely(rthdr->it_version))
2061 return false; /* only version 0 is supported */
2063 /* does the skb contain enough to deliver on the alleged length? */
2064 if (unlikely(skb->len < ieee80211_get_radiotap_len(skb->data)))
2065 return false; /* skb too short for claimed rt header extent */
2070 bool ieee80211_parse_tx_radiotap(struct sk_buff *skb,
2071 struct net_device *dev)
2073 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2074 struct ieee80211_radiotap_iterator iterator;
2075 struct ieee80211_radiotap_header *rthdr =
2076 (struct ieee80211_radiotap_header *) skb->data;
2077 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
2078 int ret = ieee80211_radiotap_iterator_init(&iterator, rthdr, skb->len,
2082 bool rate_found = false;
2083 u8 rate_retries = 0;
2085 u8 mcs_known, mcs_flags, mcs_bw;
2087 u8 vht_mcs = 0, vht_nss = 0;
2090 if (!ieee80211_validate_radiotap_len(skb))
2093 info->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT |
2094 IEEE80211_TX_CTL_DONTFRAG;
2097 * for every radiotap entry that is present
2098 * (ieee80211_radiotap_iterator_next returns -ENOENT when no more
2099 * entries present, or -EINVAL on error)
2103 ret = ieee80211_radiotap_iterator_next(&iterator);
2108 /* see if this argument is something we can use */
2109 switch (iterator.this_arg_index) {
2111 * You must take care when dereferencing iterator.this_arg
2112 * for multibyte types... the pointer is not aligned. Use
2113 * get_unaligned((type *)iterator.this_arg) to dereference
2114 * iterator.this_arg for type "type" safely on all arches.
2116 case IEEE80211_RADIOTAP_FLAGS:
2117 if (*iterator.this_arg & IEEE80211_RADIOTAP_F_FCS) {
2119 * this indicates that the skb we have been
2120 * handed has the 32-bit FCS CRC at the end...
2121 * we should react to that by snipping it off
2122 * because it will be recomputed and added
2125 if (skb->len < (iterator._max_length + FCS_LEN))
2128 skb_trim(skb, skb->len - FCS_LEN);
2130 if (*iterator.this_arg & IEEE80211_RADIOTAP_F_WEP)
2131 info->flags &= ~IEEE80211_TX_INTFL_DONT_ENCRYPT;
2132 if (*iterator.this_arg & IEEE80211_RADIOTAP_F_FRAG)
2133 info->flags &= ~IEEE80211_TX_CTL_DONTFRAG;
2136 case IEEE80211_RADIOTAP_TX_FLAGS:
2137 txflags = get_unaligned_le16(iterator.this_arg);
2138 if (txflags & IEEE80211_RADIOTAP_F_TX_NOACK)
2139 info->flags |= IEEE80211_TX_CTL_NO_ACK;
2140 if (txflags & IEEE80211_RADIOTAP_F_TX_NOSEQNO)
2141 info->control.flags |= IEEE80211_TX_CTRL_NO_SEQNO;
2142 if (txflags & IEEE80211_RADIOTAP_F_TX_ORDER)
2143 info->control.flags |=
2144 IEEE80211_TX_CTRL_DONT_REORDER;
2147 case IEEE80211_RADIOTAP_RATE:
2148 rate = *iterator.this_arg;
2153 case IEEE80211_RADIOTAP_ANTENNA:
2154 /* this can appear multiple times, keep a bitmap */
2155 info->control.antennas |= BIT(*iterator.this_arg);
2158 case IEEE80211_RADIOTAP_DATA_RETRIES:
2159 rate_retries = *iterator.this_arg;
2162 case IEEE80211_RADIOTAP_MCS:
2163 mcs_known = iterator.this_arg[0];
2164 mcs_flags = iterator.this_arg[1];
2165 if (!(mcs_known & IEEE80211_RADIOTAP_MCS_HAVE_MCS))
2169 rate = iterator.this_arg[2];
2170 rate_flags = IEEE80211_TX_RC_MCS;
2172 if (mcs_known & IEEE80211_RADIOTAP_MCS_HAVE_GI &&
2173 mcs_flags & IEEE80211_RADIOTAP_MCS_SGI)
2174 rate_flags |= IEEE80211_TX_RC_SHORT_GI;
2176 mcs_bw = mcs_flags & IEEE80211_RADIOTAP_MCS_BW_MASK;
2177 if (mcs_known & IEEE80211_RADIOTAP_MCS_HAVE_BW &&
2178 mcs_bw == IEEE80211_RADIOTAP_MCS_BW_40)
2179 rate_flags |= IEEE80211_TX_RC_40_MHZ_WIDTH;
2181 if (mcs_known & IEEE80211_RADIOTAP_MCS_HAVE_FEC &&
2182 mcs_flags & IEEE80211_RADIOTAP_MCS_FEC_LDPC)
2183 info->flags |= IEEE80211_TX_CTL_LDPC;
2185 if (mcs_known & IEEE80211_RADIOTAP_MCS_HAVE_STBC) {
2186 u8 stbc = u8_get_bits(mcs_flags,
2187 IEEE80211_RADIOTAP_MCS_STBC_MASK);
2190 u32_encode_bits(stbc,
2191 IEEE80211_TX_CTL_STBC);
2195 case IEEE80211_RADIOTAP_VHT:
2196 vht_known = get_unaligned_le16(iterator.this_arg);
2199 rate_flags = IEEE80211_TX_RC_VHT_MCS;
2200 if ((vht_known & IEEE80211_RADIOTAP_VHT_KNOWN_GI) &&
2201 (iterator.this_arg[2] &
2202 IEEE80211_RADIOTAP_VHT_FLAG_SGI))
2203 rate_flags |= IEEE80211_TX_RC_SHORT_GI;
2205 IEEE80211_RADIOTAP_VHT_KNOWN_BANDWIDTH) {
2206 if (iterator.this_arg[3] == 1)
2208 IEEE80211_TX_RC_40_MHZ_WIDTH;
2209 else if (iterator.this_arg[3] == 4)
2211 IEEE80211_TX_RC_80_MHZ_WIDTH;
2212 else if (iterator.this_arg[3] == 11)
2214 IEEE80211_TX_RC_160_MHZ_WIDTH;
2217 vht_mcs = iterator.this_arg[4] >> 4;
2220 vht_nss = iterator.this_arg[4] & 0xF;
2221 if (!vht_nss || vht_nss > 8)
2226 * Please update the file
2227 * Documentation/networking/mac80211-injection.rst
2228 * when parsing new fields here.
2236 if (ret != -ENOENT) /* ie, if we didn't simply run out of fields */
2240 struct ieee80211_supported_band *sband =
2241 local->hw.wiphy->bands[info->band];
2243 info->control.flags |= IEEE80211_TX_CTRL_RATE_INJECT;
2245 for (i = 0; i < IEEE80211_TX_MAX_RATES; i++) {
2246 info->control.rates[i].idx = -1;
2247 info->control.rates[i].flags = 0;
2248 info->control.rates[i].count = 0;
2251 if (rate_flags & IEEE80211_TX_RC_MCS) {
2252 /* reset antennas if not enough */
2253 if (IEEE80211_HT_MCS_CHAINS(rate) >
2254 hweight8(info->control.antennas))
2255 info->control.antennas = 0;
2257 info->control.rates[0].idx = rate;
2258 } else if (rate_flags & IEEE80211_TX_RC_VHT_MCS) {
2259 /* reset antennas if not enough */
2260 if (vht_nss > hweight8(info->control.antennas))
2261 info->control.antennas = 0;
2263 ieee80211_rate_set_vht(info->control.rates, vht_mcs,
2266 for (i = 0; i < sband->n_bitrates; i++) {
2267 if (rate * 5 != sband->bitrates[i].bitrate)
2270 info->control.rates[0].idx = i;
2275 if (info->control.rates[0].idx < 0)
2276 info->control.flags &= ~IEEE80211_TX_CTRL_RATE_INJECT;
2278 info->control.rates[0].flags = rate_flags;
2279 info->control.rates[0].count = min_t(u8, rate_retries + 1,
2280 local->hw.max_rate_tries);
2286 netdev_tx_t ieee80211_monitor_start_xmit(struct sk_buff *skb,
2287 struct net_device *dev)
2289 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2290 struct ieee80211_chanctx_conf *chanctx_conf;
2291 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
2292 struct ieee80211_hdr *hdr;
2293 struct ieee80211_sub_if_data *tmp_sdata, *sdata;
2294 struct cfg80211_chan_def *chandef;
2298 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2299 if (unlikely(!ieee80211_sdata_running(sdata)))
2302 memset(info, 0, sizeof(*info));
2303 info->flags = IEEE80211_TX_CTL_REQ_TX_STATUS |
2304 IEEE80211_TX_CTL_INJECTED;
2306 /* Sanity-check the length of the radiotap header */
2307 if (!ieee80211_validate_radiotap_len(skb))
2310 /* we now know there is a radiotap header with a length we can use */
2311 len_rthdr = ieee80211_get_radiotap_len(skb->data);
2314 * fix up the pointers accounting for the radiotap
2315 * header still being in there. We are being given
2316 * a precooked IEEE80211 header so no need for
2319 skb_set_mac_header(skb, len_rthdr);
2321 * these are just fixed to the end of the rt area since we
2322 * don't have any better information and at this point, nobody cares
2324 skb_set_network_header(skb, len_rthdr);
2325 skb_set_transport_header(skb, len_rthdr);
2327 if (skb->len < len_rthdr + 2)
2330 hdr = (struct ieee80211_hdr *)(skb->data + len_rthdr);
2331 hdrlen = ieee80211_hdrlen(hdr->frame_control);
2333 if (skb->len < len_rthdr + hdrlen)
2337 * Initialize skb->protocol if the injected frame is a data frame
2338 * carrying a rfc1042 header
2340 if (ieee80211_is_data(hdr->frame_control) &&
2341 skb->len >= len_rthdr + hdrlen + sizeof(rfc1042_header) + 2) {
2342 u8 *payload = (u8 *)hdr + hdrlen;
2344 if (ether_addr_equal(payload, rfc1042_header))
2345 skb->protocol = cpu_to_be16((payload[6] << 8) |
2352 * We process outgoing injected frames that have a local address
2353 * we handle as though they are non-injected frames.
2354 * This code here isn't entirely correct, the local MAC address
2355 * isn't always enough to find the interface to use; for proper
2356 * VLAN support we have an nl80211-based mechanism.
2358 * This is necessary, for example, for old hostapd versions that
2359 * don't use nl80211-based management TX/RX.
2361 list_for_each_entry_rcu(tmp_sdata, &local->interfaces, list) {
2362 if (!ieee80211_sdata_running(tmp_sdata))
2364 if (tmp_sdata->vif.type == NL80211_IFTYPE_MONITOR ||
2365 tmp_sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
2367 if (ether_addr_equal(tmp_sdata->vif.addr, hdr->addr2)) {
2373 chanctx_conf = rcu_dereference(sdata->vif.bss_conf.chanctx_conf);
2374 if (!chanctx_conf) {
2375 tmp_sdata = rcu_dereference(local->monitor_sdata);
2378 rcu_dereference(tmp_sdata->vif.bss_conf.chanctx_conf);
2382 chandef = &chanctx_conf->def;
2387 * If driver/HW supports IEEE80211_CHAN_CAN_MONITOR we still
2388 * shouldn't transmit on disabled channels.
2390 if (!cfg80211_chandef_usable(local->hw.wiphy, chandef,
2391 IEEE80211_CHAN_DISABLED))
2395 * Frame injection is not allowed if beaconing is not allowed
2396 * or if we need radar detection. Beaconing is usually not allowed when
2397 * the mode or operation (Adhoc, AP, Mesh) does not support DFS.
2398 * Passive scan is also used in world regulatory domains where
2399 * your country is not known and as such it should be treated as
2400 * NO TX unless the channel is explicitly allowed in which case
2401 * your current regulatory domain would not have the passive scan
2404 * Since AP mode uses monitor interfaces to inject/TX management
2405 * frames we can make AP mode the exception to this rule once it
2406 * supports radar detection as its implementation can deal with
2407 * radar detection by itself. We can do that later by adding a
2408 * monitor flag interfaces used for AP support.
2410 if (!cfg80211_reg_can_beacon(local->hw.wiphy, chandef,
2414 info->band = chandef->chan->band;
2416 /* Initialize skb->priority according to frame type and TID class,
2417 * with respect to the sub interface that the frame will actually
2418 * be transmitted on. If the DONT_REORDER flag is set, the original
2419 * skb-priority is preserved to assure frames injected with this
2420 * flag are not reordered relative to each other.
2422 ieee80211_select_queue_80211(sdata, skb, hdr);
2423 skb_set_queue_mapping(skb, ieee80211_ac_from_tid(skb->priority));
2426 * Process the radiotap header. This will now take into account the
2427 * selected chandef above to accurately set injection rates and
2430 if (!ieee80211_parse_tx_radiotap(skb, dev))
2433 /* remove the injection radiotap header */
2434 skb_pull(skb, len_rthdr);
2436 ieee80211_xmit(sdata, NULL, skb);
2439 return NETDEV_TX_OK;
2445 return NETDEV_TX_OK; /* meaning, we dealt with the skb */
2448 static inline bool ieee80211_is_tdls_setup(struct sk_buff *skb)
2450 u16 ethertype = (skb->data[12] << 8) | skb->data[13];
2452 return ethertype == ETH_P_TDLS &&
2454 skb->data[14] == WLAN_TDLS_SNAP_RFTYPE;
2457 int ieee80211_lookup_ra_sta(struct ieee80211_sub_if_data *sdata,
2458 struct sk_buff *skb,
2459 struct sta_info **sta_out)
2461 struct sta_info *sta;
2463 switch (sdata->vif.type) {
2464 case NL80211_IFTYPE_AP_VLAN:
2465 sta = rcu_dereference(sdata->u.vlan.sta);
2469 } else if (sdata->wdev.use_4addr) {
2473 case NL80211_IFTYPE_AP:
2474 case NL80211_IFTYPE_OCB:
2475 case NL80211_IFTYPE_ADHOC:
2476 if (is_multicast_ether_addr(skb->data)) {
2477 *sta_out = ERR_PTR(-ENOENT);
2480 sta = sta_info_get_bss(sdata, skb->data);
2482 #ifdef CONFIG_MAC80211_MESH
2483 case NL80211_IFTYPE_MESH_POINT:
2484 /* determined much later */
2488 case NL80211_IFTYPE_STATION:
2489 if (sdata->wdev.wiphy->flags & WIPHY_FLAG_SUPPORTS_TDLS) {
2490 sta = sta_info_get(sdata, skb->data);
2491 if (sta && test_sta_flag(sta, WLAN_STA_TDLS_PEER)) {
2492 if (test_sta_flag(sta,
2493 WLAN_STA_TDLS_PEER_AUTH)) {
2499 * TDLS link during setup - throw out frames to
2500 * peer. Allow TDLS-setup frames to unauthorized
2501 * peers for the special case of a link teardown
2502 * after a TDLS sta is removed due to being
2505 if (!ieee80211_is_tdls_setup(skb))
2511 sta = sta_info_get(sdata, sdata->vif.cfg.ap_addr);
2519 *sta_out = sta ?: ERR_PTR(-ENOENT);
2523 static u16 ieee80211_store_ack_skb(struct ieee80211_local *local,
2524 struct sk_buff *skb,
2528 struct sk_buff *ack_skb;
2532 ack_skb = skb_clone_sk(skb);
2534 ack_skb = skb_clone(skb, GFP_ATOMIC);
2537 unsigned long flags;
2540 spin_lock_irqsave(&local->ack_status_lock, flags);
2541 id = idr_alloc(&local->ack_status_frames, ack_skb,
2542 1, 0x2000, GFP_ATOMIC);
2543 spin_unlock_irqrestore(&local->ack_status_lock, flags);
2547 *info_flags |= IEEE80211_TX_CTL_REQ_TX_STATUS;
2549 *cookie = ieee80211_mgmt_tx_cookie(local);
2550 IEEE80211_SKB_CB(ack_skb)->ack.cookie = *cookie;
2561 * ieee80211_build_hdr - build 802.11 header in the given frame
2562 * @sdata: virtual interface to build the header for
2563 * @skb: the skb to build the header in
2564 * @info_flags: skb flags to set
2565 * @sta: the station pointer
2566 * @ctrl_flags: info control flags to set
2567 * @cookie: cookie pointer to fill (if not %NULL)
2569 * This function takes the skb with 802.3 header and reformats the header to
2570 * the appropriate IEEE 802.11 header based on which interface the packet is
2571 * being transmitted on.
2573 * Note that this function also takes care of the TX status request and
2574 * potential unsharing of the SKB - this needs to be interleaved with the
2577 * The function requires the read-side RCU lock held
2579 * Returns: the (possibly reallocated) skb or an ERR_PTR() code
2581 static struct sk_buff *ieee80211_build_hdr(struct ieee80211_sub_if_data *sdata,
2582 struct sk_buff *skb, u32 info_flags,
2583 struct sta_info *sta, u32 ctrl_flags,
2586 struct ieee80211_local *local = sdata->local;
2587 struct ieee80211_tx_info *info;
2589 u16 ethertype, hdrlen, meshhdrlen = 0;
2591 struct ieee80211_hdr hdr;
2592 struct ieee80211s_hdr mesh_hdr __maybe_unused;
2593 struct mesh_path __maybe_unused *mppath = NULL, *mpath = NULL;
2594 const u8 *encaps_data;
2595 int encaps_len, skip_header_bytes;
2596 bool wme_sta = false, authorized = false;
2600 struct ieee80211_chanctx_conf *chanctx_conf = NULL;
2601 enum nl80211_band band;
2603 u8 link_id = u32_get_bits(ctrl_flags, IEEE80211_TX_CTRL_MLO_LINK);
2608 #ifdef CONFIG_MAC80211_DEBUGFS
2609 if (local->force_tx_status)
2610 info_flags |= IEEE80211_TX_CTL_REQ_TX_STATUS;
2613 /* convert Ethernet header to proper 802.11 header (based on
2614 * operation mode) */
2615 ethertype = (skb->data[12] << 8) | skb->data[13];
2616 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA);
2618 if (!ieee80211_vif_is_mld(&sdata->vif))
2620 rcu_dereference(sdata->vif.bss_conf.chanctx_conf);
2622 switch (sdata->vif.type) {
2623 case NL80211_IFTYPE_AP_VLAN:
2624 if (sdata->wdev.use_4addr) {
2625 fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS);
2627 memcpy(hdr.addr1, sta->sta.addr, ETH_ALEN);
2628 memcpy(hdr.addr2, sdata->vif.addr, ETH_ALEN);
2629 memcpy(hdr.addr3, skb->data, ETH_ALEN);
2630 memcpy(hdr.addr4, skb->data + ETH_ALEN, ETH_ALEN);
2632 authorized = test_sta_flag(sta, WLAN_STA_AUTHORIZED);
2633 wme_sta = sta->sta.wme;
2635 if (!ieee80211_vif_is_mld(&sdata->vif)) {
2636 struct ieee80211_sub_if_data *ap_sdata;
2638 /* override chanctx_conf from AP (we don't have one) */
2639 ap_sdata = container_of(sdata->bss,
2640 struct ieee80211_sub_if_data,
2643 rcu_dereference(ap_sdata->vif.bss_conf.chanctx_conf);
2645 if (sdata->wdev.use_4addr)
2648 case NL80211_IFTYPE_AP:
2649 fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS);
2651 memcpy(hdr.addr1, skb->data, ETH_ALEN);
2653 if (ieee80211_vif_is_mld(&sdata->vif) && sta && !sta->sta.mlo) {
2654 struct ieee80211_link_data *link;
2656 link_id = sta->deflink.link_id;
2657 link = rcu_dereference(sdata->link[link_id]);
2658 if (WARN_ON(!link)) {
2662 memcpy(hdr.addr2, link->conf->addr, ETH_ALEN);
2663 } else if (link_id == IEEE80211_LINK_UNSPECIFIED ||
2664 (sta && sta->sta.mlo)) {
2665 memcpy(hdr.addr2, sdata->vif.addr, ETH_ALEN);
2667 struct ieee80211_bss_conf *conf;
2669 conf = rcu_dereference(sdata->vif.link_conf[link_id]);
2670 if (unlikely(!conf)) {
2675 memcpy(hdr.addr2, conf->addr, ETH_ALEN);
2678 memcpy(hdr.addr3, skb->data + ETH_ALEN, ETH_ALEN);
2681 #ifdef CONFIG_MAC80211_MESH
2682 case NL80211_IFTYPE_MESH_POINT:
2683 if (!is_multicast_ether_addr(skb->data)) {
2684 struct sta_info *next_hop;
2685 bool mpp_lookup = true;
2687 mpath = mesh_path_lookup(sdata, skb->data);
2690 next_hop = rcu_dereference(mpath->next_hop);
2692 !(mpath->flags & (MESH_PATH_ACTIVE |
2693 MESH_PATH_RESOLVING)))
2698 mppath = mpp_path_lookup(sdata, skb->data);
2700 mppath->exp_time = jiffies;
2703 if (mppath && mpath)
2704 mesh_path_del(sdata, mpath->dst);
2708 * Use address extension if it is a packet from
2709 * another interface or if we know the destination
2710 * is being proxied by a portal (i.e. portal address
2711 * differs from proxied address)
2713 if (ether_addr_equal(sdata->vif.addr, skb->data + ETH_ALEN) &&
2714 !(mppath && !ether_addr_equal(mppath->mpp, skb->data))) {
2715 hdrlen = ieee80211_fill_mesh_addresses(&hdr, &fc,
2716 skb->data, skb->data + ETH_ALEN);
2717 meshhdrlen = ieee80211_new_mesh_header(sdata, &mesh_hdr,
2720 /* DS -> MBSS (802.11-2012 13.11.3.3).
2721 * For unicast with unknown forwarding information,
2722 * destination might be in the MBSS or if that fails
2723 * forwarded to another mesh gate. In either case
2724 * resolution will be handled in ieee80211_xmit(), so
2725 * leave the original DA. This also works for mcast */
2726 const u8 *mesh_da = skb->data;
2729 mesh_da = mppath->mpp;
2731 mesh_da = mpath->dst;
2733 hdrlen = ieee80211_fill_mesh_addresses(&hdr, &fc,
2734 mesh_da, sdata->vif.addr);
2735 if (is_multicast_ether_addr(mesh_da))
2736 /* DA TA mSA AE:SA */
2737 meshhdrlen = ieee80211_new_mesh_header(
2739 skb->data + ETH_ALEN, NULL);
2741 /* RA TA mDA mSA AE:DA SA */
2742 meshhdrlen = ieee80211_new_mesh_header(
2743 sdata, &mesh_hdr, skb->data,
2744 skb->data + ETH_ALEN);
2748 /* For injected frames, fill RA right away as nexthop lookup
2751 if ((ctrl_flags & IEEE80211_TX_CTRL_SKIP_MPATH_LOOKUP) &&
2752 is_zero_ether_addr(hdr.addr1))
2753 memcpy(hdr.addr1, skb->data, ETH_ALEN);
2756 case NL80211_IFTYPE_STATION:
2757 /* we already did checks when looking up the RA STA */
2758 tdls_peer = test_sta_flag(sta, WLAN_STA_TDLS_PEER);
2761 /* For TDLS only one link can be valid with peer STA */
2762 int tdls_link_id = ieee80211_tdls_sta_link_id(sta);
2763 struct ieee80211_link_data *link;
2766 memcpy(hdr.addr1, skb->data, ETH_ALEN);
2767 memcpy(hdr.addr2, skb->data + ETH_ALEN, ETH_ALEN);
2768 link = rcu_dereference(sdata->link[tdls_link_id]);
2769 if (WARN_ON_ONCE(!link)) {
2773 memcpy(hdr.addr3, link->u.mgd.bssid, ETH_ALEN);
2775 } else if (sdata->u.mgd.use_4addr &&
2776 cpu_to_be16(ethertype) != sdata->control_port_protocol) {
2777 fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS |
2778 IEEE80211_FCTL_TODS);
2780 memcpy(hdr.addr1, sdata->deflink.u.mgd.bssid, ETH_ALEN);
2781 memcpy(hdr.addr2, sdata->vif.addr, ETH_ALEN);
2782 memcpy(hdr.addr3, skb->data, ETH_ALEN);
2783 memcpy(hdr.addr4, skb->data + ETH_ALEN, ETH_ALEN);
2786 fc |= cpu_to_le16(IEEE80211_FCTL_TODS);
2788 memcpy(hdr.addr1, sdata->vif.cfg.ap_addr, ETH_ALEN);
2789 memcpy(hdr.addr2, skb->data + ETH_ALEN, ETH_ALEN);
2790 memcpy(hdr.addr3, skb->data, ETH_ALEN);
2794 case NL80211_IFTYPE_OCB:
2796 memcpy(hdr.addr1, skb->data, ETH_ALEN);
2797 memcpy(hdr.addr2, skb->data + ETH_ALEN, ETH_ALEN);
2798 eth_broadcast_addr(hdr.addr3);
2801 case NL80211_IFTYPE_ADHOC:
2803 memcpy(hdr.addr1, skb->data, ETH_ALEN);
2804 memcpy(hdr.addr2, skb->data + ETH_ALEN, ETH_ALEN);
2805 memcpy(hdr.addr3, sdata->u.ibss.bssid, ETH_ALEN);
2813 if (!chanctx_conf) {
2814 if (!ieee80211_vif_is_mld(&sdata->vif)) {
2818 /* MLD transmissions must not rely on the band */
2821 band = chanctx_conf->def.chan->band;
2824 multicast = is_multicast_ether_addr(hdr.addr1);
2826 /* sta is always NULL for mesh */
2828 authorized = test_sta_flag(sta, WLAN_STA_AUTHORIZED);
2829 wme_sta = sta->sta.wme;
2830 } else if (ieee80211_vif_is_mesh(&sdata->vif)) {
2831 /* For mesh, the use of the QoS header is mandatory */
2835 /* receiver does QoS (which also means we do) use it */
2837 fc |= cpu_to_le16(IEEE80211_STYPE_QOS_DATA);
2842 * Drop unicast frames to unauthorised stations unless they are
2843 * EAPOL frames from the local station.
2845 if (unlikely(!ieee80211_vif_is_mesh(&sdata->vif) &&
2846 (sdata->vif.type != NL80211_IFTYPE_OCB) &&
2847 !multicast && !authorized &&
2848 (cpu_to_be16(ethertype) != sdata->control_port_protocol ||
2849 !ieee80211_is_our_addr(sdata, skb->data + ETH_ALEN, NULL)))) {
2850 #ifdef CONFIG_MAC80211_VERBOSE_DEBUG
2851 net_info_ratelimited("%s: dropped frame to %pM (unauthorized port)\n",
2852 sdata->name, hdr.addr1);
2855 I802_DEBUG_INC(local->tx_handlers_drop_unauth_port);
2861 if (unlikely(!multicast &&
2862 (sk_requests_wifi_status(skb->sk) ||
2863 ctrl_flags & IEEE80211_TX_CTL_REQ_TX_STATUS)))
2864 info_id = ieee80211_store_ack_skb(local, skb, &info_flags,
2868 * If the skb is shared we need to obtain our own copy.
2870 skb = skb_share_check(skb, GFP_ATOMIC);
2871 if (unlikely(!skb)) {
2876 hdr.frame_control = fc;
2877 hdr.duration_id = 0;
2880 skip_header_bytes = ETH_HLEN;
2881 if (ethertype == ETH_P_AARP || ethertype == ETH_P_IPX) {
2882 encaps_data = bridge_tunnel_header;
2883 encaps_len = sizeof(bridge_tunnel_header);
2884 skip_header_bytes -= 2;
2885 } else if (ethertype >= ETH_P_802_3_MIN) {
2886 encaps_data = rfc1042_header;
2887 encaps_len = sizeof(rfc1042_header);
2888 skip_header_bytes -= 2;
2894 skb_pull(skb, skip_header_bytes);
2895 head_need = hdrlen + encaps_len + meshhdrlen - skb_headroom(skb);
2898 * So we need to modify the skb header and hence need a copy of
2899 * that. The head_need variable above doesn't, so far, include
2900 * the needed header space that we don't need right away. If we
2901 * can, then we don't reallocate right now but only after the
2902 * frame arrives at the master device (if it does...)
2904 * If we cannot, however, then we will reallocate to include all
2905 * the ever needed space. Also, if we need to reallocate it anyway,
2906 * make it big enough for everything we may ever need.
2909 if (head_need > 0 || skb_cloned(skb)) {
2910 head_need += IEEE80211_ENCRYPT_HEADROOM;
2911 head_need += local->tx_headroom;
2912 head_need = max_t(int, 0, head_need);
2913 if (ieee80211_skb_resize(sdata, skb, head_need, ENCRYPT_DATA)) {
2914 ieee80211_free_txskb(&local->hw, skb);
2916 return ERR_PTR(-ENOMEM);
2921 memcpy(skb_push(skb, encaps_len), encaps_data, encaps_len);
2923 #ifdef CONFIG_MAC80211_MESH
2925 memcpy(skb_push(skb, meshhdrlen), &mesh_hdr, meshhdrlen);
2928 if (ieee80211_is_data_qos(fc)) {
2929 __le16 *qos_control;
2931 qos_control = skb_push(skb, 2);
2932 memcpy(skb_push(skb, hdrlen - 2), &hdr, hdrlen - 2);
2934 * Maybe we could actually set some fields here, for now just
2935 * initialise to zero to indicate no special operation.
2939 memcpy(skb_push(skb, hdrlen), &hdr, hdrlen);
2941 skb_reset_mac_header(skb);
2943 info = IEEE80211_SKB_CB(skb);
2944 memset(info, 0, sizeof(*info));
2946 info->flags = info_flags;
2948 info->status_data = info_id;
2949 info->status_data_idr = 1;
2953 if (likely(!cookie)) {
2954 ctrl_flags |= u32_encode_bits(link_id,
2955 IEEE80211_TX_CTRL_MLO_LINK);
2957 unsigned int pre_conf_link_id;
2960 * ctrl_flags already have been set by
2961 * ieee80211_tx_control_port(), here
2962 * we just sanity check that
2965 pre_conf_link_id = u32_get_bits(ctrl_flags,
2966 IEEE80211_TX_CTRL_MLO_LINK);
2968 if (pre_conf_link_id != link_id &&
2969 link_id != IEEE80211_LINK_UNSPECIFIED) {
2970 #ifdef CONFIG_MAC80211_VERBOSE_DEBUG
2971 net_info_ratelimited("%s: dropped frame to %pM with bad link ID request (%d vs. %d)\n",
2972 sdata->name, hdr.addr1,
2973 pre_conf_link_id, link_id);
2980 info->control.flags = ctrl_flags;
2985 return ERR_PTR(ret);
2989 * fast-xmit overview
2991 * The core idea of this fast-xmit is to remove per-packet checks by checking
2992 * them out of band. ieee80211_check_fast_xmit() implements the out-of-band
2993 * checks that are needed to get the sta->fast_tx pointer assigned, after which
2994 * much less work can be done per packet. For example, fragmentation must be
2995 * disabled or the fast_tx pointer will not be set. All the conditions are seen
2998 * Once assigned, the fast_tx data structure also caches the per-packet 802.11
2999 * header and other data to aid packet processing in ieee80211_xmit_fast().
3001 * The most difficult part of this is that when any of these assumptions
3002 * change, an external trigger (i.e. a call to ieee80211_clear_fast_xmit(),
3003 * ieee80211_check_fast_xmit() or friends) is required to reset the data,
3004 * since the per-packet code no longer checks the conditions. This is reflected
3005 * by the calls to these functions throughout the rest of the code, and must be
3006 * maintained if any of the TX path checks change.
3009 void ieee80211_check_fast_xmit(struct sta_info *sta)
3011 struct ieee80211_fast_tx build = {}, *fast_tx = NULL, *old;
3012 struct ieee80211_local *local = sta->local;
3013 struct ieee80211_sub_if_data *sdata = sta->sdata;
3014 struct ieee80211_hdr *hdr = (void *)build.hdr;
3015 struct ieee80211_chanctx_conf *chanctx_conf;
3018 if (!ieee80211_hw_check(&local->hw, SUPPORT_FAST_XMIT))
3021 if (ieee80211_vif_is_mesh(&sdata->vif))
3022 mesh_fast_tx_flush_sta(sdata, sta);
3024 /* Locking here protects both the pointer itself, and against concurrent
3025 * invocations winning data access races to, e.g., the key pointer that
3027 * Without it, the invocation of this function right after the key
3028 * pointer changes wouldn't be sufficient, as another CPU could access
3029 * the pointer, then stall, and then do the cache update after the CPU
3030 * that invalidated the key.
3031 * With the locking, such scenarios cannot happen as the check for the
3032 * key and the fast-tx assignment are done atomically, so the CPU that
3033 * modifies the key will either wait or other one will see the key
3034 * cleared/changed already.
3036 spin_lock_bh(&sta->lock);
3037 if (ieee80211_hw_check(&local->hw, SUPPORTS_PS) &&
3038 !ieee80211_hw_check(&local->hw, SUPPORTS_DYNAMIC_PS) &&
3039 sdata->vif.type == NL80211_IFTYPE_STATION)
3042 if (!test_sta_flag(sta, WLAN_STA_AUTHORIZED) || !sta->uploaded)
3045 if (test_sta_flag(sta, WLAN_STA_PS_STA) ||
3046 test_sta_flag(sta, WLAN_STA_PS_DRIVER) ||
3047 test_sta_flag(sta, WLAN_STA_PS_DELIVER) ||
3048 test_sta_flag(sta, WLAN_STA_CLEAR_PS_FILT))
3051 if (sdata->noack_map)
3054 /* fast-xmit doesn't handle fragmentation at all */
3055 if (local->hw.wiphy->frag_threshold != (u32)-1 &&
3056 !ieee80211_hw_check(&local->hw, SUPPORTS_TX_FRAG))
3059 if (!ieee80211_vif_is_mld(&sdata->vif)) {
3062 rcu_dereference(sdata->vif.bss_conf.chanctx_conf);
3063 if (!chanctx_conf) {
3067 build.band = chanctx_conf->def.chan->band;
3070 /* MLD transmissions must not rely on the band */
3074 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA);
3076 switch (sdata->vif.type) {
3077 case NL80211_IFTYPE_ADHOC:
3079 build.da_offs = offsetof(struct ieee80211_hdr, addr1);
3080 build.sa_offs = offsetof(struct ieee80211_hdr, addr2);
3081 memcpy(hdr->addr3, sdata->u.ibss.bssid, ETH_ALEN);
3084 case NL80211_IFTYPE_STATION:
3085 if (test_sta_flag(sta, WLAN_STA_TDLS_PEER)) {
3086 /* For TDLS only one link can be valid with peer STA */
3087 int tdls_link_id = ieee80211_tdls_sta_link_id(sta);
3088 struct ieee80211_link_data *link;
3091 build.da_offs = offsetof(struct ieee80211_hdr, addr1);
3092 build.sa_offs = offsetof(struct ieee80211_hdr, addr2);
3094 link = rcu_dereference(sdata->link[tdls_link_id]);
3095 if (!WARN_ON_ONCE(!link))
3096 memcpy(hdr->addr3, link->u.mgd.bssid, ETH_ALEN);
3102 if (sdata->u.mgd.use_4addr) {
3103 /* non-regular ethertype cannot use the fastpath */
3104 fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS |
3105 IEEE80211_FCTL_TODS);
3107 memcpy(hdr->addr1, sdata->deflink.u.mgd.bssid, ETH_ALEN);
3108 memcpy(hdr->addr2, sdata->vif.addr, ETH_ALEN);
3109 build.da_offs = offsetof(struct ieee80211_hdr, addr3);
3110 build.sa_offs = offsetof(struct ieee80211_hdr, addr4);
3114 fc |= cpu_to_le16(IEEE80211_FCTL_TODS);
3116 memcpy(hdr->addr1, sdata->vif.cfg.ap_addr, ETH_ALEN);
3117 build.da_offs = offsetof(struct ieee80211_hdr, addr3);
3118 build.sa_offs = offsetof(struct ieee80211_hdr, addr2);
3121 case NL80211_IFTYPE_AP_VLAN:
3122 if (sdata->wdev.use_4addr) {
3123 fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS |
3124 IEEE80211_FCTL_TODS);
3126 memcpy(hdr->addr1, sta->sta.addr, ETH_ALEN);
3127 memcpy(hdr->addr2, sdata->vif.addr, ETH_ALEN);
3128 build.da_offs = offsetof(struct ieee80211_hdr, addr3);
3129 build.sa_offs = offsetof(struct ieee80211_hdr, addr4);
3134 case NL80211_IFTYPE_AP:
3135 fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS);
3137 build.da_offs = offsetof(struct ieee80211_hdr, addr1);
3138 if (sta->sta.mlo || !ieee80211_vif_is_mld(&sdata->vif)) {
3139 memcpy(hdr->addr2, sdata->vif.addr, ETH_ALEN);
3141 unsigned int link_id = sta->deflink.link_id;
3142 struct ieee80211_link_data *link;
3145 link = rcu_dereference(sdata->link[link_id]);
3146 if (WARN_ON(!link)) {
3150 memcpy(hdr->addr2, link->conf->addr, ETH_ALEN);
3153 build.sa_offs = offsetof(struct ieee80211_hdr, addr3);
3157 /* not handled on fast-xmit */
3163 fc |= cpu_to_le16(IEEE80211_STYPE_QOS_DATA);
3166 /* We store the key here so there's no point in using rcu_dereference()
3167 * but that's fine because the code that changes the pointers will call
3168 * this function after doing so. For a single CPU that would be enough,
3169 * for multiple see the comment above.
3171 build.key = rcu_access_pointer(sta->ptk[sta->ptk_idx]);
3173 build.key = rcu_access_pointer(sdata->default_unicast_key);
3175 bool gen_iv, iv_spc, mmic;
3177 gen_iv = build.key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV;
3178 iv_spc = build.key->conf.flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE;
3179 mmic = build.key->conf.flags &
3180 (IEEE80211_KEY_FLAG_GENERATE_MMIC |
3181 IEEE80211_KEY_FLAG_PUT_MIC_SPACE);
3183 /* don't handle software crypto */
3184 if (!(build.key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
3187 /* Key is being removed */
3188 if (build.key->flags & KEY_FLAG_TAINTED)
3191 switch (build.key->conf.cipher) {
3192 case WLAN_CIPHER_SUITE_CCMP:
3193 case WLAN_CIPHER_SUITE_CCMP_256:
3195 build.pn_offs = build.hdr_len;
3196 if (gen_iv || iv_spc)
3197 build.hdr_len += IEEE80211_CCMP_HDR_LEN;
3199 case WLAN_CIPHER_SUITE_GCMP:
3200 case WLAN_CIPHER_SUITE_GCMP_256:
3202 build.pn_offs = build.hdr_len;
3203 if (gen_iv || iv_spc)
3204 build.hdr_len += IEEE80211_GCMP_HDR_LEN;
3206 case WLAN_CIPHER_SUITE_TKIP:
3207 /* cannot handle MMIC or IV generation in xmit-fast */
3211 build.hdr_len += IEEE80211_TKIP_IV_LEN;
3213 case WLAN_CIPHER_SUITE_WEP40:
3214 case WLAN_CIPHER_SUITE_WEP104:
3215 /* cannot handle IV generation in fast-xmit */
3219 build.hdr_len += IEEE80211_WEP_IV_LEN;
3221 case WLAN_CIPHER_SUITE_AES_CMAC:
3222 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
3223 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
3224 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
3226 "management cipher suite 0x%x enabled for data\n",
3227 build.key->conf.cipher);
3230 /* we don't know how to generate IVs for this at all */
3231 if (WARN_ON(gen_iv))
3235 fc |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
3238 hdr->frame_control = fc;
3240 memcpy(build.hdr + build.hdr_len,
3241 rfc1042_header, sizeof(rfc1042_header));
3242 build.hdr_len += sizeof(rfc1042_header);
3244 fast_tx = kmemdup(&build, sizeof(build), GFP_ATOMIC);
3245 /* if the kmemdup fails, continue w/o fast_tx */
3248 /* we might have raced against another call to this function */
3249 old = rcu_dereference_protected(sta->fast_tx,
3250 lockdep_is_held(&sta->lock));
3251 rcu_assign_pointer(sta->fast_tx, fast_tx);
3253 kfree_rcu(old, rcu_head);
3254 spin_unlock_bh(&sta->lock);
3257 void ieee80211_check_fast_xmit_all(struct ieee80211_local *local)
3259 struct sta_info *sta;
3262 list_for_each_entry_rcu(sta, &local->sta_list, list)
3263 ieee80211_check_fast_xmit(sta);
3267 void ieee80211_check_fast_xmit_iface(struct ieee80211_sub_if_data *sdata)
3269 struct ieee80211_local *local = sdata->local;
3270 struct sta_info *sta;
3274 list_for_each_entry_rcu(sta, &local->sta_list, list) {
3275 if (sdata != sta->sdata &&
3276 (!sta->sdata->bss || sta->sdata->bss != sdata->bss))
3278 ieee80211_check_fast_xmit(sta);
3284 void ieee80211_clear_fast_xmit(struct sta_info *sta)
3286 struct ieee80211_fast_tx *fast_tx;
3288 spin_lock_bh(&sta->lock);
3289 fast_tx = rcu_dereference_protected(sta->fast_tx,
3290 lockdep_is_held(&sta->lock));
3291 RCU_INIT_POINTER(sta->fast_tx, NULL);
3292 spin_unlock_bh(&sta->lock);
3295 kfree_rcu(fast_tx, rcu_head);
3298 static bool ieee80211_amsdu_realloc_pad(struct ieee80211_local *local,
3299 struct sk_buff *skb, int headroom)
3301 if (skb_headroom(skb) < headroom) {
3302 I802_DEBUG_INC(local->tx_expand_skb_head);
3304 if (pskb_expand_head(skb, headroom, 0, GFP_ATOMIC)) {
3305 wiphy_debug(local->hw.wiphy,
3306 "failed to reallocate TX buffer\n");
3314 static bool ieee80211_amsdu_prepare_head(struct ieee80211_sub_if_data *sdata,
3315 struct ieee80211_fast_tx *fast_tx,
3316 struct sk_buff *skb)
3318 struct ieee80211_local *local = sdata->local;
3319 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
3320 struct ieee80211_hdr *hdr;
3321 struct ethhdr *amsdu_hdr;
3322 int hdr_len = fast_tx->hdr_len - sizeof(rfc1042_header);
3323 int subframe_len = skb->len - hdr_len;
3325 u8 *qc, *h_80211_src, *h_80211_dst;
3328 if (info->flags & IEEE80211_TX_CTL_RATE_CTRL_PROBE)
3331 if (info->control.flags & IEEE80211_TX_CTRL_AMSDU)
3334 if (!ieee80211_amsdu_realloc_pad(local, skb,
3335 sizeof(*amsdu_hdr) +
3336 local->hw.extra_tx_headroom))
3339 data = skb_push(skb, sizeof(*amsdu_hdr));
3340 memmove(data, data + sizeof(*amsdu_hdr), hdr_len);
3342 amsdu_hdr = data + hdr_len;
3343 /* h_80211_src/dst is addr* field within hdr */
3344 h_80211_src = data + fast_tx->sa_offs;
3345 h_80211_dst = data + fast_tx->da_offs;
3347 amsdu_hdr->h_proto = cpu_to_be16(subframe_len);
3348 ether_addr_copy(amsdu_hdr->h_source, h_80211_src);
3349 ether_addr_copy(amsdu_hdr->h_dest, h_80211_dst);
3351 /* according to IEEE 802.11-2012 8.3.2 table 8-19, the outer SA/DA
3352 * fields needs to be changed to BSSID for A-MSDU frames depending
3353 * on FromDS/ToDS values.
3355 switch (sdata->vif.type) {
3356 case NL80211_IFTYPE_STATION:
3357 bssid = sdata->vif.cfg.ap_addr;
3359 case NL80211_IFTYPE_AP:
3360 case NL80211_IFTYPE_AP_VLAN:
3361 bssid = sdata->vif.addr;
3367 if (bssid && ieee80211_has_fromds(hdr->frame_control))
3368 ether_addr_copy(h_80211_src, bssid);
3370 if (bssid && ieee80211_has_tods(hdr->frame_control))
3371 ether_addr_copy(h_80211_dst, bssid);
3373 qc = ieee80211_get_qos_ctl(hdr);
3374 *qc |= IEEE80211_QOS_CTL_A_MSDU_PRESENT;
3376 info->control.flags |= IEEE80211_TX_CTRL_AMSDU;
3381 static bool ieee80211_amsdu_aggregate(struct ieee80211_sub_if_data *sdata,
3382 struct sta_info *sta,
3383 struct ieee80211_fast_tx *fast_tx,
3384 struct sk_buff *skb,
3385 const u8 *da, const u8 *sa)
3387 struct ieee80211_local *local = sdata->local;
3388 struct fq *fq = &local->fq;
3390 struct fq_flow *flow;
3391 u8 tid = skb->priority & IEEE80211_QOS_CTL_TAG1D_MASK;
3392 struct ieee80211_txq *txq = sta->sta.txq[tid];
3393 struct txq_info *txqi;
3394 struct sk_buff **frag_tail, *head;
3395 int subframe_len = skb->len - ETH_ALEN;
3396 u8 max_subframes = sta->sta.max_amsdu_subframes;
3397 int max_frags = local->hw.max_tx_fragments;
3398 int max_amsdu_len = sta->sta.cur->max_amsdu_len;
3404 unsigned int orig_len;
3405 int n = 2, nfrags, pad = 0;
3408 if (!ieee80211_hw_check(&local->hw, TX_AMSDU))
3411 if (sdata->vif.offload_flags & IEEE80211_OFFLOAD_ENCAP_ENABLED)
3414 if (ieee80211_vif_is_mesh(&sdata->vif))
3417 if (skb_is_gso(skb))
3423 txqi = to_txq_info(txq);
3424 if (test_bit(IEEE80211_TXQ_NO_AMSDU, &txqi->flags))
3427 if (sta->sta.cur->max_rc_amsdu_len)
3428 max_amsdu_len = min_t(int, max_amsdu_len,
3429 sta->sta.cur->max_rc_amsdu_len);
3431 if (sta->sta.cur->max_tid_amsdu_len[tid])
3432 max_amsdu_len = min_t(int, max_amsdu_len,
3433 sta->sta.cur->max_tid_amsdu_len[tid]);
3435 flow_idx = fq_flow_idx(fq, skb);
3437 spin_lock_bh(&fq->lock);
3439 /* TODO: Ideally aggregation should be done on dequeue to remain
3440 * responsive to environment changes.
3444 flow = fq_flow_classify(fq, tin, flow_idx, skb);
3445 head = skb_peek_tail(&flow->queue);
3446 if (!head || skb_is_gso(head))
3449 orig_truesize = head->truesize;
3450 orig_len = head->len;
3452 if (skb->len + head->len > max_amsdu_len)
3455 nfrags = 1 + skb_shinfo(skb)->nr_frags;
3456 nfrags += 1 + skb_shinfo(head)->nr_frags;
3457 frag_tail = &skb_shinfo(head)->frag_list;
3458 while (*frag_tail) {
3459 nfrags += 1 + skb_shinfo(*frag_tail)->nr_frags;
3460 frag_tail = &(*frag_tail)->next;
3464 if (max_subframes && n > max_subframes)
3467 if (max_frags && nfrags > max_frags)
3470 if (!drv_can_aggregate_in_amsdu(local, head, skb))
3473 if (!ieee80211_amsdu_prepare_head(sdata, fast_tx, head))
3476 /* If n == 2, the "while (*frag_tail)" loop above didn't execute
3477 * and frag_tail should be &skb_shinfo(head)->frag_list.
3478 * However, ieee80211_amsdu_prepare_head() can reallocate it.
3479 * Reload frag_tail to have it pointing to the correct place.
3482 frag_tail = &skb_shinfo(head)->frag_list;
3485 * Pad out the previous subframe to a multiple of 4 by adding the
3486 * padding to the next one, that's being added. Note that head->len
3487 * is the length of the full A-MSDU, but that works since each time
3488 * we add a new subframe we pad out the previous one to a multiple
3489 * of 4 and thus it no longer matters in the next round.
3491 hdrlen = fast_tx->hdr_len - sizeof(rfc1042_header);
3492 if ((head->len - hdrlen) & 3)
3493 pad = 4 - ((head->len - hdrlen) & 3);
3495 if (!ieee80211_amsdu_realloc_pad(local, skb, sizeof(rfc1042_header) +
3500 data = skb_push(skb, ETH_ALEN + 2);
3501 ether_addr_copy(data, da);
3502 ether_addr_copy(data + ETH_ALEN, sa);
3504 data += 2 * ETH_ALEN;
3505 len = cpu_to_be16(subframe_len);
3506 memcpy(data, &len, 2);
3507 memcpy(data + 2, rfc1042_header, sizeof(rfc1042_header));
3509 memset(skb_push(skb, pad), 0, pad);
3511 head->len += skb->len;
3512 head->data_len += skb->len;
3516 fq->memory_usage += head->truesize - orig_truesize;
3517 if (head->len != orig_len) {
3518 flow->backlog += head->len - orig_len;
3519 tin->backlog_bytes += head->len - orig_len;
3522 spin_unlock_bh(&fq->lock);
3528 * Can be called while the sta lock is held. Anything that can cause packets to
3529 * be generated will cause deadlock!
3531 static ieee80211_tx_result
3532 ieee80211_xmit_fast_finish(struct ieee80211_sub_if_data *sdata,
3533 struct sta_info *sta, u8 pn_offs,
3534 struct ieee80211_key *key,
3535 struct ieee80211_tx_data *tx)
3537 struct sk_buff *skb = tx->skb;
3538 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
3539 struct ieee80211_hdr *hdr = (void *)skb->data;
3540 u8 tid = IEEE80211_NUM_TIDS;
3542 if (!ieee80211_hw_check(&tx->local->hw, HAS_RATE_CONTROL) &&
3543 ieee80211_tx_h_rate_ctrl(tx) != TX_CONTINUE)
3547 info->control.hw_key = &key->conf;
3549 dev_sw_netstats_tx_add(skb->dev, 1, skb->len);
3551 if (hdr->frame_control & cpu_to_le16(IEEE80211_STYPE_QOS_DATA)) {
3552 tid = skb->priority & IEEE80211_QOS_CTL_TAG1D_MASK;
3553 hdr->seq_ctrl = ieee80211_tx_next_seq(sta, tid);
3555 info->flags |= IEEE80211_TX_CTL_ASSIGN_SEQ;
3556 hdr->seq_ctrl = cpu_to_le16(sdata->sequence_number);
3557 sdata->sequence_number += 0x10;
3560 if (skb_shinfo(skb)->gso_size)
3561 sta->deflink.tx_stats.msdu[tid] +=
3562 DIV_ROUND_UP(skb->len, skb_shinfo(skb)->gso_size);
3564 sta->deflink.tx_stats.msdu[tid]++;
3566 info->hw_queue = sdata->vif.hw_queue[skb_get_queue_mapping(skb)];
3568 /* statistics normally done by ieee80211_tx_h_stats (but that
3569 * has to consider fragmentation, so is more complex)
3571 sta->deflink.tx_stats.bytes[skb_get_queue_mapping(skb)] += skb->len;
3572 sta->deflink.tx_stats.packets[skb_get_queue_mapping(skb)]++;
3576 u8 *crypto_hdr = skb->data + pn_offs;
3578 switch (key->conf.cipher) {
3579 case WLAN_CIPHER_SUITE_CCMP:
3580 case WLAN_CIPHER_SUITE_CCMP_256:
3581 case WLAN_CIPHER_SUITE_GCMP:
3582 case WLAN_CIPHER_SUITE_GCMP_256:
3583 pn = atomic64_inc_return(&key->conf.tx_pn);
3585 crypto_hdr[1] = pn >> 8;
3586 crypto_hdr[3] = 0x20 | (key->conf.keyidx << 6);
3587 crypto_hdr[4] = pn >> 16;
3588 crypto_hdr[5] = pn >> 24;
3589 crypto_hdr[6] = pn >> 32;
3590 crypto_hdr[7] = pn >> 40;
3598 static netdev_features_t
3599 ieee80211_sdata_netdev_features(struct ieee80211_sub_if_data *sdata)
3601 if (sdata->vif.type != NL80211_IFTYPE_AP_VLAN)
3602 return sdata->vif.netdev_features;
3607 sdata = container_of(sdata->bss, struct ieee80211_sub_if_data, u.ap);
3608 return sdata->vif.netdev_features;
3611 static struct sk_buff *
3612 ieee80211_tx_skb_fixup(struct sk_buff *skb, netdev_features_t features)
3614 if (skb_is_gso(skb)) {
3615 struct sk_buff *segs;
3617 segs = skb_gso_segment(skb, features);
3627 if (skb_needs_linearize(skb, features) && __skb_linearize(skb))
3630 if (skb->ip_summed == CHECKSUM_PARTIAL) {
3631 int ofs = skb_checksum_start_offset(skb);
3633 if (skb->encapsulation)
3634 skb_set_inner_transport_header(skb, ofs);
3636 skb_set_transport_header(skb, ofs);
3638 if (skb_csum_hwoffload_help(skb, features))
3642 skb_mark_not_on_list(skb);
3650 void __ieee80211_xmit_fast(struct ieee80211_sub_if_data *sdata,
3651 struct sta_info *sta,
3652 struct ieee80211_fast_tx *fast_tx,
3653 struct sk_buff *skb, bool ampdu,
3654 const u8 *da, const u8 *sa)
3656 struct ieee80211_local *local = sdata->local;
3657 struct ieee80211_hdr *hdr = (void *)fast_tx->hdr;
3658 struct ieee80211_tx_info *info;
3659 struct ieee80211_tx_data tx;
3660 ieee80211_tx_result r;
3661 int hw_headroom = sdata->local->hw.extra_tx_headroom;
3662 int extra_head = fast_tx->hdr_len - (ETH_HLEN - 2);
3664 skb = skb_share_check(skb, GFP_ATOMIC);
3668 if ((hdr->frame_control & cpu_to_le16(IEEE80211_STYPE_QOS_DATA)) &&
3669 ieee80211_amsdu_aggregate(sdata, sta, fast_tx, skb, da, sa))
3672 /* will not be crypto-handled beyond what we do here, so use false
3673 * as the may-encrypt argument for the resize to not account for
3674 * more room than we already have in 'extra_head'
3676 if (unlikely(ieee80211_skb_resize(sdata, skb,
3677 max_t(int, extra_head + hw_headroom -
3678 skb_headroom(skb), 0),
3682 hdr = skb_push(skb, extra_head);
3683 memcpy(skb->data, fast_tx->hdr, fast_tx->hdr_len);
3684 memcpy(skb->data + fast_tx->da_offs, da, ETH_ALEN);
3685 memcpy(skb->data + fast_tx->sa_offs, sa, ETH_ALEN);
3687 info = IEEE80211_SKB_CB(skb);
3688 memset(info, 0, sizeof(*info));
3689 info->band = fast_tx->band;
3690 info->control.vif = &sdata->vif;
3691 info->flags = IEEE80211_TX_CTL_FIRST_FRAGMENT |
3692 IEEE80211_TX_CTL_DONTFRAG;
3693 info->control.flags = IEEE80211_TX_CTRL_FAST_XMIT |
3694 u32_encode_bits(IEEE80211_LINK_UNSPECIFIED,
3695 IEEE80211_TX_CTRL_MLO_LINK);
3697 #ifdef CONFIG_MAC80211_DEBUGFS
3698 if (local->force_tx_status)
3699 info->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS;
3702 if (hdr->frame_control & cpu_to_le16(IEEE80211_STYPE_QOS_DATA)) {
3703 u8 tid = skb->priority & IEEE80211_QOS_CTL_TAG1D_MASK;
3705 *ieee80211_get_qos_ctl(hdr) = tid;
3708 __skb_queue_head_init(&tx.skbs);
3710 tx.flags = IEEE80211_TX_UNICAST;
3714 tx.key = fast_tx->key;
3716 if (ieee80211_queue_skb(local, sdata, sta, skb))
3720 r = ieee80211_xmit_fast_finish(sdata, sta, fast_tx->pn_offs,
3726 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
3727 sdata = container_of(sdata->bss,
3728 struct ieee80211_sub_if_data, u.ap);
3730 __skb_queue_tail(&tx.skbs, skb);
3731 ieee80211_tx_frags(local, &sdata->vif, sta, &tx.skbs, false);
3738 static bool ieee80211_xmit_fast(struct ieee80211_sub_if_data *sdata,
3739 struct sta_info *sta,
3740 struct ieee80211_fast_tx *fast_tx,
3741 struct sk_buff *skb)
3743 u16 ethertype = (skb->data[12] << 8) | skb->data[13];
3744 struct ieee80211_hdr *hdr = (void *)fast_tx->hdr;
3745 struct tid_ampdu_tx *tid_tx = NULL;
3746 struct sk_buff *next;
3748 u8 tid = IEEE80211_NUM_TIDS;
3750 /* control port protocol needs a lot of special handling */
3751 if (cpu_to_be16(ethertype) == sdata->control_port_protocol)
3754 /* only RFC 1042 SNAP */
3755 if (ethertype < ETH_P_802_3_MIN)
3758 /* don't handle TX status request here either */
3759 if (sk_requests_wifi_status(skb->sk))
3762 if (hdr->frame_control & cpu_to_le16(IEEE80211_STYPE_QOS_DATA)) {
3763 tid = skb->priority & IEEE80211_QOS_CTL_TAG1D_MASK;
3764 tid_tx = rcu_dereference(sta->ampdu_mlme.tid_tx[tid]);
3766 if (!test_bit(HT_AGG_STATE_OPERATIONAL, &tid_tx->state))
3768 if (tid_tx->timeout)
3769 tid_tx->last_tx = jiffies;
3773 memcpy(ð, skb->data, ETH_HLEN - 2);
3775 /* after this point (skb is modified) we cannot return false */
3776 skb = ieee80211_tx_skb_fixup(skb, ieee80211_sdata_netdev_features(sdata));
3780 skb_list_walk_safe(skb, skb, next) {
3781 skb_mark_not_on_list(skb);
3782 __ieee80211_xmit_fast(sdata, sta, fast_tx, skb, tid_tx,
3783 eth.h_dest, eth.h_source);
3789 struct sk_buff *ieee80211_tx_dequeue(struct ieee80211_hw *hw,
3790 struct ieee80211_txq *txq)
3792 struct ieee80211_local *local = hw_to_local(hw);
3793 struct txq_info *txqi = container_of(txq, struct txq_info, txq);
3794 struct ieee80211_hdr *hdr;
3795 struct sk_buff *skb = NULL;
3796 struct fq *fq = &local->fq;
3797 struct fq_tin *tin = &txqi->tin;
3798 struct ieee80211_tx_info *info;
3799 struct ieee80211_tx_data tx;
3800 ieee80211_tx_result r;
3801 struct ieee80211_vif *vif = txq->vif;
3802 int q = vif->hw_queue[txq->ac];
3803 unsigned long flags;
3806 WARN_ON_ONCE(softirq_count() == 0);
3808 if (!ieee80211_txq_airtime_check(hw, txq))
3812 spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
3813 q_stopped = local->queue_stop_reasons[q];
3814 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
3816 if (unlikely(q_stopped)) {
3817 /* mark for waking later */
3818 set_bit(IEEE80211_TXQ_DIRTY, &txqi->flags);
3822 spin_lock_bh(&fq->lock);
3824 /* Make sure fragments stay together. */
3825 skb = __skb_dequeue(&txqi->frags);
3826 if (unlikely(skb)) {
3827 if (!(IEEE80211_SKB_CB(skb)->control.flags &
3828 IEEE80211_TX_INTCFL_NEED_TXPROCESSING))
3830 IEEE80211_SKB_CB(skb)->control.flags &=
3831 ~IEEE80211_TX_INTCFL_NEED_TXPROCESSING;
3833 if (unlikely(test_bit(IEEE80211_TXQ_STOP, &txqi->flags)))
3836 skb = fq_tin_dequeue(fq, tin, fq_tin_dequeue_func);
3842 spin_unlock_bh(&fq->lock);
3844 hdr = (struct ieee80211_hdr *)skb->data;
3845 info = IEEE80211_SKB_CB(skb);
3847 memset(&tx, 0, sizeof(tx));
3848 __skb_queue_head_init(&tx.skbs);
3851 tx.sdata = vif_to_sdata(info->control.vif);
3854 tx.sta = container_of(txq->sta, struct sta_info, sta);
3856 * Drop unicast frames to unauthorised stations unless they are
3857 * injected frames or EAPOL frames from the local station.
3859 if (unlikely(!(info->flags & IEEE80211_TX_CTL_INJECTED) &&
3860 ieee80211_is_data(hdr->frame_control) &&
3861 !ieee80211_vif_is_mesh(&tx.sdata->vif) &&
3862 tx.sdata->vif.type != NL80211_IFTYPE_OCB &&
3863 !is_multicast_ether_addr(hdr->addr1) &&
3864 !test_sta_flag(tx.sta, WLAN_STA_AUTHORIZED) &&
3865 (!(info->control.flags &
3866 IEEE80211_TX_CTRL_PORT_CTRL_PROTO) ||
3867 !ieee80211_is_our_addr(tx.sdata, hdr->addr2,
3869 I802_DEBUG_INC(local->tx_handlers_drop_unauth_port);
3870 ieee80211_free_txskb(&local->hw, skb);
3876 * The key can be removed while the packet was queued, so need to call
3877 * this here to get the current key.
3879 r = ieee80211_tx_h_select_key(&tx);
3880 if (r != TX_CONTINUE) {
3881 ieee80211_free_txskb(&local->hw, skb);
3885 if (test_bit(IEEE80211_TXQ_AMPDU, &txqi->flags))
3886 info->flags |= (IEEE80211_TX_CTL_AMPDU |
3887 IEEE80211_TX_CTL_DONTFRAG);
3889 if (info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP) {
3890 if (!ieee80211_hw_check(&local->hw, HAS_RATE_CONTROL)) {
3891 r = ieee80211_tx_h_rate_ctrl(&tx);
3892 if (r != TX_CONTINUE) {
3893 ieee80211_free_txskb(&local->hw, skb);
3900 if (info->control.flags & IEEE80211_TX_CTRL_FAST_XMIT) {
3901 struct sta_info *sta = container_of(txq->sta, struct sta_info,
3906 (tx.key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV))
3907 pn_offs = ieee80211_hdrlen(hdr->frame_control);
3909 r = ieee80211_xmit_fast_finish(sta->sdata, sta, pn_offs,
3911 if (r != TX_CONTINUE) {
3912 ieee80211_free_txskb(&local->hw, skb);
3916 if (invoke_tx_handlers_late(&tx))
3919 skb = __skb_dequeue(&tx.skbs);
3920 info = IEEE80211_SKB_CB(skb);
3922 if (!skb_queue_empty(&tx.skbs)) {
3923 spin_lock_bh(&fq->lock);
3924 skb_queue_splice_tail(&tx.skbs, &txqi->frags);
3925 spin_unlock_bh(&fq->lock);
3929 if (skb_has_frag_list(skb) &&
3930 !ieee80211_hw_check(&local->hw, TX_FRAG_LIST)) {
3931 if (skb_linearize(skb)) {
3932 ieee80211_free_txskb(&local->hw, skb);
3937 switch (tx.sdata->vif.type) {
3938 case NL80211_IFTYPE_MONITOR:
3939 if ((tx.sdata->u.mntr.flags & MONITOR_FLAG_ACTIVE) ||
3940 ieee80211_hw_check(&local->hw, NO_VIRTUAL_MONITOR)) {
3941 vif = &tx.sdata->vif;
3944 tx.sdata = rcu_dereference(local->monitor_sdata);
3946 ieee80211_hw_check(&local->hw, WANT_MONITOR_VIF)) {
3947 vif = &tx.sdata->vif;
3949 vif->hw_queue[skb_get_queue_mapping(skb)];
3950 } else if (ieee80211_hw_check(&local->hw, QUEUE_CONTROL)) {
3951 ieee80211_free_txskb(&local->hw, skb);
3954 info->control.vif = NULL;
3958 case NL80211_IFTYPE_AP_VLAN:
3959 tx.sdata = container_of(tx.sdata->bss,
3960 struct ieee80211_sub_if_data, u.ap);
3963 vif = &tx.sdata->vif;
3968 info->control.vif = vif;
3971 wiphy_ext_feature_isset(local->hw.wiphy, NL80211_EXT_FEATURE_AQL)) {
3972 bool ampdu = txq->ac != IEEE80211_AC_VO;
3975 airtime = ieee80211_calc_expected_tx_airtime(hw, vif, txq->sta,
3978 airtime = ieee80211_info_set_tx_time_est(info, airtime);
3979 ieee80211_sta_update_pending_airtime(local, tx.sta,
3989 spin_unlock_bh(&fq->lock);
3993 EXPORT_SYMBOL(ieee80211_tx_dequeue);
3995 static inline s32 ieee80211_sta_deficit(struct sta_info *sta, u8 ac)
3997 struct airtime_info *air_info = &sta->airtime[ac];
3999 return air_info->deficit - atomic_read(&air_info->aql_tx_pending);
4003 ieee80211_txq_set_active(struct txq_info *txqi)
4005 struct sta_info *sta;
4010 sta = container_of(txqi->txq.sta, struct sta_info, sta);
4011 sta->airtime[txqi->txq.ac].last_active = jiffies;
4015 ieee80211_txq_keep_active(struct txq_info *txqi)
4017 struct sta_info *sta;
4022 sta = container_of(txqi->txq.sta, struct sta_info, sta);
4023 if (ieee80211_sta_deficit(sta, txqi->txq.ac) >= 0)
4026 return ieee80211_sta_keep_active(sta, txqi->txq.ac);
4029 struct ieee80211_txq *ieee80211_next_txq(struct ieee80211_hw *hw, u8 ac)
4031 struct ieee80211_local *local = hw_to_local(hw);
4032 struct ieee80211_txq *ret = NULL;
4033 struct txq_info *txqi = NULL, *head = NULL;
4034 bool found_eligible_txq = false;
4036 spin_lock_bh(&local->active_txq_lock[ac]);
4038 if (!local->schedule_round[ac])
4042 txqi = list_first_entry_or_null(&local->active_txqs[ac],
4049 if (!found_eligible_txq)
4052 found_eligible_txq = false;
4058 if (txqi->txq.sta) {
4059 struct sta_info *sta = container_of(txqi->txq.sta,
4060 struct sta_info, sta);
4061 bool aql_check = ieee80211_txq_airtime_check(hw, &txqi->txq);
4062 s32 deficit = ieee80211_sta_deficit(sta, txqi->txq.ac);
4065 found_eligible_txq = true;
4068 sta->airtime[txqi->txq.ac].deficit +=
4069 sta->airtime_weight;
4071 if (deficit < 0 || !aql_check) {
4072 list_move_tail(&txqi->schedule_order,
4073 &local->active_txqs[txqi->txq.ac]);
4078 if (txqi->schedule_round == local->schedule_round[ac])
4081 list_del_init(&txqi->schedule_order);
4082 txqi->schedule_round = local->schedule_round[ac];
4086 spin_unlock_bh(&local->active_txq_lock[ac]);
4089 EXPORT_SYMBOL(ieee80211_next_txq);
4091 void __ieee80211_schedule_txq(struct ieee80211_hw *hw,
4092 struct ieee80211_txq *txq,
4095 struct ieee80211_local *local = hw_to_local(hw);
4096 struct txq_info *txqi = to_txq_info(txq);
4099 spin_lock_bh(&local->active_txq_lock[txq->ac]);
4101 has_queue = force || txq_has_queue(txq);
4102 if (list_empty(&txqi->schedule_order) &&
4103 (has_queue || ieee80211_txq_keep_active(txqi))) {
4104 /* If airtime accounting is active, always enqueue STAs at the
4105 * head of the list to ensure that they only get moved to the
4106 * back by the airtime DRR scheduler once they have a negative
4107 * deficit. A station that already has a negative deficit will
4108 * get immediately moved to the back of the list on the next
4109 * call to ieee80211_next_txq().
4111 if (txqi->txq.sta && local->airtime_flags && has_queue &&
4112 wiphy_ext_feature_isset(local->hw.wiphy,
4113 NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
4114 list_add(&txqi->schedule_order,
4115 &local->active_txqs[txq->ac]);
4117 list_add_tail(&txqi->schedule_order,
4118 &local->active_txqs[txq->ac]);
4120 ieee80211_txq_set_active(txqi);
4123 spin_unlock_bh(&local->active_txq_lock[txq->ac]);
4125 EXPORT_SYMBOL(__ieee80211_schedule_txq);
4127 DEFINE_STATIC_KEY_FALSE(aql_disable);
4129 bool ieee80211_txq_airtime_check(struct ieee80211_hw *hw,
4130 struct ieee80211_txq *txq)
4132 struct sta_info *sta;
4133 struct ieee80211_local *local = hw_to_local(hw);
4135 if (!wiphy_ext_feature_isset(local->hw.wiphy, NL80211_EXT_FEATURE_AQL))
4138 if (static_branch_unlikely(&aql_disable))
4144 if (unlikely(txq->tid == IEEE80211_NUM_TIDS))
4147 sta = container_of(txq->sta, struct sta_info, sta);
4148 if (atomic_read(&sta->airtime[txq->ac].aql_tx_pending) <
4149 sta->airtime[txq->ac].aql_limit_low)
4152 if (atomic_read(&local->aql_total_pending_airtime) <
4153 local->aql_threshold &&
4154 atomic_read(&sta->airtime[txq->ac].aql_tx_pending) <
4155 sta->airtime[txq->ac].aql_limit_high)
4160 EXPORT_SYMBOL(ieee80211_txq_airtime_check);
4163 ieee80211_txq_schedule_airtime_check(struct ieee80211_local *local, u8 ac)
4165 unsigned int num_txq = 0;
4166 struct txq_info *txq;
4169 if (!wiphy_ext_feature_isset(local->hw.wiphy, NL80211_EXT_FEATURE_AQL))
4172 list_for_each_entry(txq, &local->active_txqs[ac], schedule_order)
4175 aql_limit = (num_txq - 1) * local->aql_txq_limit_low[ac] / 2 +
4176 local->aql_txq_limit_high[ac];
4178 return atomic_read(&local->aql_ac_pending_airtime[ac]) < aql_limit;
4181 bool ieee80211_txq_may_transmit(struct ieee80211_hw *hw,
4182 struct ieee80211_txq *txq)
4184 struct ieee80211_local *local = hw_to_local(hw);
4185 struct txq_info *iter, *tmp, *txqi = to_txq_info(txq);
4186 struct sta_info *sta;
4189 spin_lock_bh(&local->active_txq_lock[ac]);
4194 if (list_empty(&txqi->schedule_order))
4197 if (!ieee80211_txq_schedule_airtime_check(local, ac))
4200 list_for_each_entry_safe(iter, tmp, &local->active_txqs[ac],
4205 if (!iter->txq.sta) {
4206 list_move_tail(&iter->schedule_order,
4207 &local->active_txqs[ac]);
4210 sta = container_of(iter->txq.sta, struct sta_info, sta);
4211 if (ieee80211_sta_deficit(sta, ac) < 0)
4212 sta->airtime[ac].deficit += sta->airtime_weight;
4213 list_move_tail(&iter->schedule_order, &local->active_txqs[ac]);
4216 sta = container_of(txqi->txq.sta, struct sta_info, sta);
4217 if (sta->airtime[ac].deficit >= 0)
4220 sta->airtime[ac].deficit += sta->airtime_weight;
4221 list_move_tail(&txqi->schedule_order, &local->active_txqs[ac]);
4222 spin_unlock_bh(&local->active_txq_lock[ac]);
4226 if (!list_empty(&txqi->schedule_order))
4227 list_del_init(&txqi->schedule_order);
4228 spin_unlock_bh(&local->active_txq_lock[ac]);
4232 EXPORT_SYMBOL(ieee80211_txq_may_transmit);
4234 void ieee80211_txq_schedule_start(struct ieee80211_hw *hw, u8 ac)
4236 struct ieee80211_local *local = hw_to_local(hw);
4238 spin_lock_bh(&local->active_txq_lock[ac]);
4240 if (ieee80211_txq_schedule_airtime_check(local, ac)) {
4241 local->schedule_round[ac]++;
4242 if (!local->schedule_round[ac])
4243 local->schedule_round[ac]++;
4245 local->schedule_round[ac] = 0;
4248 spin_unlock_bh(&local->active_txq_lock[ac]);
4250 EXPORT_SYMBOL(ieee80211_txq_schedule_start);
4252 void __ieee80211_subif_start_xmit(struct sk_buff *skb,
4253 struct net_device *dev,
4258 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4259 struct ieee80211_local *local = sdata->local;
4260 struct sta_info *sta;
4261 struct sk_buff *next;
4264 if (unlikely(!ieee80211_sdata_running(sdata) || skb->len < ETH_HLEN)) {
4269 sk_pacing_shift_update(skb->sk, sdata->local->hw.tx_sk_pacing_shift);
4273 if (ieee80211_vif_is_mesh(&sdata->vif) &&
4274 ieee80211_hw_check(&local->hw, SUPPORT_FAST_XMIT) &&
4275 ieee80211_mesh_xmit_fast(sdata, skb, ctrl_flags))
4278 if (ieee80211_lookup_ra_sta(sdata, skb, &sta))
4284 skb_set_queue_mapping(skb, ieee80211_select_queue(sdata, sta, skb));
4285 ieee80211_aggr_check(sdata, sta, skb);
4288 struct ieee80211_fast_tx *fast_tx;
4290 fast_tx = rcu_dereference(sta->fast_tx);
4293 ieee80211_xmit_fast(sdata, sta, fast_tx, skb))
4297 /* the frame could be fragmented, software-encrypted, and other
4298 * things so we cannot really handle checksum or GSO offload.
4299 * fix it up in software before we handle anything else.
4301 skb = ieee80211_tx_skb_fixup(skb, 0);
4307 skb_list_walk_safe(skb, skb, next) {
4308 skb_mark_not_on_list(skb);
4310 if (skb->protocol == sdata->control_port_protocol)
4311 ctrl_flags |= IEEE80211_TX_CTRL_SKIP_MPATH_LOOKUP;
4313 skb = ieee80211_build_hdr(sdata, skb, info_flags,
4314 sta, ctrl_flags, cookie);
4316 kfree_skb_list(next);
4320 dev_sw_netstats_tx_add(dev, 1, skb->len);
4322 ieee80211_xmit(sdata, sta, skb);
4330 ieee80211_tpt_led_trig_tx(local, len);
4334 static int ieee80211_change_da(struct sk_buff *skb, struct sta_info *sta)
4339 err = skb_ensure_writable(skb, ETH_HLEN);
4343 eth = (void *)skb->data;
4344 ether_addr_copy(eth->h_dest, sta->sta.addr);
4349 static bool ieee80211_multicast_to_unicast(struct sk_buff *skb,
4350 struct net_device *dev)
4352 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4353 const struct ethhdr *eth = (void *)skb->data;
4354 const struct vlan_ethhdr *ethvlan = (void *)skb->data;
4357 switch (sdata->vif.type) {
4358 case NL80211_IFTYPE_AP_VLAN:
4359 if (sdata->u.vlan.sta)
4361 if (sdata->wdev.use_4addr)
4364 case NL80211_IFTYPE_AP:
4365 /* check runtime toggle for this bss */
4366 if (!sdata->bss->multicast_to_unicast)
4373 /* multicast to unicast conversion only for some payload */
4374 ethertype = eth->h_proto;
4375 if (ethertype == htons(ETH_P_8021Q) && skb->len >= VLAN_ETH_HLEN)
4376 ethertype = ethvlan->h_vlan_encapsulated_proto;
4377 switch (ethertype) {
4378 case htons(ETH_P_ARP):
4379 case htons(ETH_P_IP):
4380 case htons(ETH_P_IPV6):
4390 ieee80211_convert_to_unicast(struct sk_buff *skb, struct net_device *dev,
4391 struct sk_buff_head *queue)
4393 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4394 struct ieee80211_local *local = sdata->local;
4395 const struct ethhdr *eth = (struct ethhdr *)skb->data;
4396 struct sta_info *sta, *first = NULL;
4397 struct sk_buff *cloned_skb;
4401 list_for_each_entry_rcu(sta, &local->sta_list, list) {
4402 if (sdata != sta->sdata)
4403 /* AP-VLAN mismatch */
4405 if (unlikely(ether_addr_equal(eth->h_source, sta->sta.addr)))
4406 /* do not send back to source */
4412 cloned_skb = skb_clone(skb, GFP_ATOMIC);
4415 if (unlikely(ieee80211_change_da(cloned_skb, sta))) {
4416 dev_kfree_skb(cloned_skb);
4419 __skb_queue_tail(queue, cloned_skb);
4422 if (likely(first)) {
4423 if (unlikely(ieee80211_change_da(skb, first)))
4425 __skb_queue_tail(queue, skb);
4427 /* no STA connected, drop */
4434 __skb_queue_purge(queue);
4435 __skb_queue_tail(queue, skb);
4440 static void ieee80211_mlo_multicast_tx_one(struct ieee80211_sub_if_data *sdata,
4441 struct sk_buff *skb, u32 ctrl_flags,
4442 unsigned int link_id)
4444 struct sk_buff *out;
4446 out = skb_copy(skb, GFP_ATOMIC);
4450 ctrl_flags |= u32_encode_bits(link_id, IEEE80211_TX_CTRL_MLO_LINK);
4451 __ieee80211_subif_start_xmit(out, sdata->dev, 0, ctrl_flags, NULL);
4454 static void ieee80211_mlo_multicast_tx(struct net_device *dev,
4455 struct sk_buff *skb)
4457 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4458 unsigned long links = sdata->vif.active_links;
4460 u32 ctrl_flags = IEEE80211_TX_CTRL_MCAST_MLO_FIRST_TX;
4462 if (hweight16(links) == 1) {
4463 ctrl_flags |= u32_encode_bits(__ffs(links),
4464 IEEE80211_TX_CTRL_MLO_LINK);
4466 __ieee80211_subif_start_xmit(skb, sdata->dev, 0, ctrl_flags,
4471 for_each_set_bit(link, &links, IEEE80211_MLD_MAX_NUM_LINKS) {
4472 ieee80211_mlo_multicast_tx_one(sdata, skb, ctrl_flags, link);
4479 * ieee80211_subif_start_xmit - netif start_xmit function for 802.3 vifs
4480 * @skb: packet to be sent
4481 * @dev: incoming interface
4483 * On failure skb will be freed.
4485 * Returns: the netdev TX status (but really only %NETDEV_TX_OK)
4487 netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb,
4488 struct net_device *dev)
4490 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4491 const struct ethhdr *eth = (void *)skb->data;
4493 if (likely(!is_multicast_ether_addr(eth->h_dest)))
4496 if (unlikely(!ieee80211_sdata_running(sdata))) {
4498 return NETDEV_TX_OK;
4501 if (unlikely(ieee80211_multicast_to_unicast(skb, dev))) {
4502 struct sk_buff_head queue;
4504 __skb_queue_head_init(&queue);
4505 ieee80211_convert_to_unicast(skb, dev, &queue);
4506 while ((skb = __skb_dequeue(&queue)))
4507 __ieee80211_subif_start_xmit(skb, dev, 0,
4508 IEEE80211_TX_CTRL_MLO_LINK_UNSPEC,
4510 } else if (ieee80211_vif_is_mld(&sdata->vif) &&
4511 ((sdata->vif.type == NL80211_IFTYPE_AP &&
4512 !ieee80211_hw_check(&sdata->local->hw, MLO_MCAST_MULTI_LINK_TX)) ||
4513 (sdata->vif.type == NL80211_IFTYPE_AP_VLAN &&
4514 !sdata->wdev.use_4addr))) {
4515 ieee80211_mlo_multicast_tx(dev, skb);
4518 __ieee80211_subif_start_xmit(skb, dev, 0,
4519 IEEE80211_TX_CTRL_MLO_LINK_UNSPEC,
4523 return NETDEV_TX_OK;
4528 static bool __ieee80211_tx_8023(struct ieee80211_sub_if_data *sdata,
4529 struct sk_buff *skb, struct sta_info *sta,
4532 struct ieee80211_local *local = sdata->local;
4533 struct ieee80211_tx_control control = {};
4534 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
4535 struct ieee80211_sta *pubsta = NULL;
4536 unsigned long flags;
4537 int q = info->hw_queue;
4539 spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
4541 if (local->queue_stop_reasons[q] ||
4542 (!txpending && !skb_queue_empty(&local->pending[q]))) {
4544 skb_queue_head(&local->pending[q], skb);
4546 skb_queue_tail(&local->pending[q], skb);
4548 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
4553 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
4555 if (sta && sta->uploaded)
4558 control.sta = pubsta;
4560 drv_tx(local, &control, skb);
4565 static bool ieee80211_tx_8023(struct ieee80211_sub_if_data *sdata,
4566 struct sk_buff *skb, struct sta_info *sta,
4569 struct ieee80211_local *local = sdata->local;
4570 struct sk_buff *next;
4573 if (ieee80211_queue_skb(local, sdata, sta, skb))
4576 skb_list_walk_safe(skb, skb, next) {
4577 skb_mark_not_on_list(skb);
4578 if (!__ieee80211_tx_8023(sdata, skb, sta, txpending))
4585 static void ieee80211_8023_xmit(struct ieee80211_sub_if_data *sdata,
4586 struct net_device *dev, struct sta_info *sta,
4587 struct ieee80211_key *key, struct sk_buff *skb)
4589 struct ieee80211_tx_info *info;
4590 struct ieee80211_local *local = sdata->local;
4591 struct tid_ampdu_tx *tid_tx;
4592 struct sk_buff *seg, *next;
4593 unsigned int skbs = 0, len = 0;
4597 queue = ieee80211_select_queue(sdata, sta, skb);
4598 skb_set_queue_mapping(skb, queue);
4600 if (unlikely(test_bit(SCAN_SW_SCANNING, &local->scanning)) &&
4601 test_bit(SDATA_STATE_OFFCHANNEL, &sdata->state))
4604 skb = skb_share_check(skb, GFP_ATOMIC);
4608 ieee80211_aggr_check(sdata, sta, skb);
4610 tid = skb->priority & IEEE80211_QOS_CTL_TAG1D_MASK;
4611 tid_tx = rcu_dereference(sta->ampdu_mlme.tid_tx[tid]);
4613 if (!test_bit(HT_AGG_STATE_OPERATIONAL, &tid_tx->state)) {
4614 /* fall back to non-offload slow path */
4615 __ieee80211_subif_start_xmit(skb, dev, 0,
4616 IEEE80211_TX_CTRL_MLO_LINK_UNSPEC,
4621 if (tid_tx->timeout)
4622 tid_tx->last_tx = jiffies;
4625 skb = ieee80211_tx_skb_fixup(skb, ieee80211_sdata_netdev_features(sdata));
4629 info = IEEE80211_SKB_CB(skb);
4630 memset(info, 0, sizeof(*info));
4632 info->hw_queue = sdata->vif.hw_queue[queue];
4634 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
4635 sdata = container_of(sdata->bss,
4636 struct ieee80211_sub_if_data, u.ap);
4638 info->flags |= IEEE80211_TX_CTL_HW_80211_ENCAP;
4639 info->control.vif = &sdata->vif;
4642 info->control.hw_key = &key->conf;
4644 skb_list_walk_safe(skb, seg, next) {
4648 memcpy(IEEE80211_SKB_CB(seg), info, sizeof(*info));
4651 if (unlikely(sk_requests_wifi_status(skb->sk))) {
4652 info->status_data = ieee80211_store_ack_skb(local, skb,
4653 &info->flags, NULL);
4654 if (info->status_data)
4655 info->status_data_idr = 1;
4658 dev_sw_netstats_tx_add(dev, skbs, len);
4659 sta->deflink.tx_stats.packets[queue] += skbs;
4660 sta->deflink.tx_stats.bytes[queue] += len;
4662 ieee80211_tpt_led_trig_tx(local, len);
4664 ieee80211_tx_8023(sdata, skb, sta, false);
4672 netdev_tx_t ieee80211_subif_start_xmit_8023(struct sk_buff *skb,
4673 struct net_device *dev)
4675 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4676 struct ethhdr *ehdr = (struct ethhdr *)skb->data;
4677 struct ieee80211_key *key;
4678 struct sta_info *sta;
4680 if (unlikely(!ieee80211_sdata_running(sdata) || skb->len < ETH_HLEN)) {
4682 return NETDEV_TX_OK;
4687 if (ieee80211_lookup_ra_sta(sdata, skb, &sta)) {
4692 if (unlikely(IS_ERR_OR_NULL(sta) || !sta->uploaded ||
4693 !test_sta_flag(sta, WLAN_STA_AUTHORIZED) ||
4694 sdata->control_port_protocol == ehdr->h_proto))
4697 key = rcu_dereference(sta->ptk[sta->ptk_idx]);
4699 key = rcu_dereference(sdata->default_unicast_key);
4701 if (key && (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) ||
4702 key->conf.cipher == WLAN_CIPHER_SUITE_TKIP))
4705 sk_pacing_shift_update(skb->sk, sdata->local->hw.tx_sk_pacing_shift);
4706 ieee80211_8023_xmit(sdata, dev, sta, key, skb);
4710 ieee80211_subif_start_xmit(skb, dev);
4714 return NETDEV_TX_OK;
4718 ieee80211_build_data_template(struct ieee80211_sub_if_data *sdata,
4719 struct sk_buff *skb, u32 info_flags)
4721 struct ieee80211_hdr *hdr;
4722 struct ieee80211_tx_data tx = {
4723 .local = sdata->local,
4726 struct sta_info *sta;
4730 if (ieee80211_lookup_ra_sta(sdata, skb, &sta)) {
4732 skb = ERR_PTR(-EINVAL);
4736 skb = ieee80211_build_hdr(sdata, skb, info_flags, sta,
4737 IEEE80211_TX_CTRL_MLO_LINK_UNSPEC, NULL);
4741 hdr = (void *)skb->data;
4742 tx.sta = sta_info_get(sdata, hdr->addr1);
4745 if (ieee80211_tx_h_select_key(&tx) != TX_CONTINUE) {
4748 return ERR_PTR(-EINVAL);
4757 * ieee80211_clear_tx_pending may not be called in a context where
4758 * it is possible that it packets could come in again.
4760 void ieee80211_clear_tx_pending(struct ieee80211_local *local)
4762 struct sk_buff *skb;
4765 for (i = 0; i < local->hw.queues; i++) {
4766 while ((skb = skb_dequeue(&local->pending[i])) != NULL)
4767 ieee80211_free_txskb(&local->hw, skb);
4772 * Returns false if the frame couldn't be transmitted but was queued instead,
4773 * which in this case means re-queued -- take as an indication to stop sending
4774 * more pending frames.
4776 static bool ieee80211_tx_pending_skb(struct ieee80211_local *local,
4777 struct sk_buff *skb)
4779 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
4780 struct ieee80211_sub_if_data *sdata;
4781 struct sta_info *sta;
4782 struct ieee80211_hdr *hdr;
4784 struct ieee80211_chanctx_conf *chanctx_conf;
4786 sdata = vif_to_sdata(info->control.vif);
4788 if (info->control.flags & IEEE80211_TX_INTCFL_NEED_TXPROCESSING) {
4789 /* update band only for non-MLD */
4790 if (!ieee80211_vif_is_mld(&sdata->vif)) {
4792 rcu_dereference(sdata->vif.bss_conf.chanctx_conf);
4793 if (unlikely(!chanctx_conf)) {
4797 info->band = chanctx_conf->def.chan->band;
4799 result = ieee80211_tx(sdata, NULL, skb, true);
4800 } else if (info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP) {
4801 if (ieee80211_lookup_ra_sta(sdata, skb, &sta)) {
4806 if (IS_ERR(sta) || (sta && !sta->uploaded))
4809 result = ieee80211_tx_8023(sdata, skb, sta, true);
4811 struct sk_buff_head skbs;
4813 __skb_queue_head_init(&skbs);
4814 __skb_queue_tail(&skbs, skb);
4816 hdr = (struct ieee80211_hdr *)skb->data;
4817 sta = sta_info_get(sdata, hdr->addr1);
4819 result = __ieee80211_tx(local, &skbs, sta, true);
4826 * Transmit all pending packets. Called from tasklet.
4828 void ieee80211_tx_pending(struct tasklet_struct *t)
4830 struct ieee80211_local *local = from_tasklet(local, t,
4831 tx_pending_tasklet);
4832 unsigned long flags;
4838 spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
4839 for (i = 0; i < local->hw.queues; i++) {
4841 * If queue is stopped by something other than due to pending
4842 * frames, or we have no pending frames, proceed to next queue.
4844 if (local->queue_stop_reasons[i] ||
4845 skb_queue_empty(&local->pending[i]))
4848 while (!skb_queue_empty(&local->pending[i])) {
4849 struct sk_buff *skb = __skb_dequeue(&local->pending[i]);
4850 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
4852 if (WARN_ON(!info->control.vif)) {
4853 ieee80211_free_txskb(&local->hw, skb);
4857 spin_unlock_irqrestore(&local->queue_stop_reason_lock,
4860 txok = ieee80211_tx_pending_skb(local, skb);
4861 spin_lock_irqsave(&local->queue_stop_reason_lock,
4867 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
4872 /* functions for drivers to get certain frames */
4874 static void __ieee80211_beacon_add_tim(struct ieee80211_sub_if_data *sdata,
4875 struct ieee80211_link_data *link,
4876 struct ps_data *ps, struct sk_buff *skb,
4881 int i, have_bits = 0, n1, n2;
4882 struct ieee80211_bss_conf *link_conf = link->conf;
4884 /* Generate bitmap for TIM only if there are any STAs in power save
4886 if (atomic_read(&ps->num_sta_ps) > 0)
4887 /* in the hope that this is faster than
4888 * checking byte-for-byte */
4889 have_bits = !bitmap_empty((unsigned long *)ps->tim,
4890 IEEE80211_MAX_AID+1);
4892 if (ps->dtim_count == 0)
4893 ps->dtim_count = link_conf->dtim_period - 1;
4898 tim = pos = skb_put(skb, 5);
4899 *pos++ = WLAN_EID_TIM;
4901 *pos++ = ps->dtim_count;
4902 *pos++ = link_conf->dtim_period;
4904 if (ps->dtim_count == 0 && !skb_queue_empty(&ps->bc_buf))
4907 ps->dtim_bc_mc = aid0 == 1;
4910 /* Find largest even number N1 so that bits numbered 1 through
4911 * (N1 x 8) - 1 in the bitmap are 0 and number N2 so that bits
4912 * (N2 + 1) x 8 through 2007 are 0. */
4914 for (i = 0; i < IEEE80211_MAX_TIM_LEN; i++) {
4921 for (i = IEEE80211_MAX_TIM_LEN - 1; i >= n1; i--) {
4928 /* Bitmap control */
4930 /* Part Virt Bitmap */
4931 skb_put_data(skb, ps->tim + n1, n2 - n1 + 1);
4933 tim[1] = n2 - n1 + 4;
4935 *pos++ = aid0; /* Bitmap control */
4937 if (ieee80211_get_link_sband(link)->band != NL80211_BAND_S1GHZ) {
4939 /* Part Virt Bitmap */
4945 static int ieee80211_beacon_add_tim(struct ieee80211_sub_if_data *sdata,
4946 struct ieee80211_link_data *link,
4947 struct ps_data *ps, struct sk_buff *skb,
4950 struct ieee80211_local *local = sdata->local;
4953 * Not very nice, but we want to allow the driver to call
4954 * ieee80211_beacon_get() as a response to the set_tim()
4955 * callback. That, however, is already invoked under the
4956 * sta_lock to guarantee consistent and race-free update
4957 * of the tim bitmap in mac80211 and the driver.
4959 if (local->tim_in_locked_section) {
4960 __ieee80211_beacon_add_tim(sdata, link, ps, skb, is_template);
4962 spin_lock_bh(&local->tim_lock);
4963 __ieee80211_beacon_add_tim(sdata, link, ps, skb, is_template);
4964 spin_unlock_bh(&local->tim_lock);
4970 static void ieee80211_set_beacon_cntdwn(struct ieee80211_sub_if_data *sdata,
4971 struct beacon_data *beacon,
4972 struct ieee80211_link_data *link)
4974 u8 *beacon_data, count, max_count = 1;
4975 struct probe_resp *resp;
4976 size_t beacon_data_len;
4980 switch (sdata->vif.type) {
4981 case NL80211_IFTYPE_AP:
4982 beacon_data = beacon->tail;
4983 beacon_data_len = beacon->tail_len;
4985 case NL80211_IFTYPE_ADHOC:
4986 beacon_data = beacon->head;
4987 beacon_data_len = beacon->head_len;
4989 case NL80211_IFTYPE_MESH_POINT:
4990 beacon_data = beacon->head;
4991 beacon_data_len = beacon->head_len;
4997 resp = rcu_dereference(link->u.ap.probe_resp);
4999 bcn_offsets = beacon->cntdwn_counter_offsets;
5000 count = beacon->cntdwn_current_counter;
5001 if (link->conf->csa_active)
5002 max_count = IEEE80211_MAX_CNTDWN_COUNTERS_NUM;
5004 for (i = 0; i < max_count; ++i) {
5005 if (bcn_offsets[i]) {
5006 if (WARN_ON_ONCE(bcn_offsets[i] >= beacon_data_len))
5008 beacon_data[bcn_offsets[i]] = count;
5011 if (sdata->vif.type == NL80211_IFTYPE_AP && resp) {
5012 u16 *resp_offsets = resp->cntdwn_counter_offsets;
5014 resp->data[resp_offsets[i]] = count;
5019 static u8 __ieee80211_beacon_update_cntdwn(struct ieee80211_link_data *link,
5020 struct beacon_data *beacon)
5022 if (beacon->cntdwn_current_counter == 1) {
5024 * Channel switch handling is done by a worker thread while
5025 * beacons get pulled from hardware timers. It's therefore
5026 * possible that software threads are slow enough to not be
5027 * able to complete CSA handling in a single beacon interval,
5028 * in which case we get here. There isn't much to do about
5029 * it, other than letting the user know that the AP isn't
5030 * behaving correctly.
5033 "beacon TX faster than countdown (channel/color switch) completion\n");
5037 beacon->cntdwn_current_counter--;
5039 return beacon->cntdwn_current_counter;
5042 u8 ieee80211_beacon_update_cntdwn(struct ieee80211_vif *vif, unsigned int link_id)
5044 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
5045 struct ieee80211_link_data *link;
5046 struct beacon_data *beacon = NULL;
5049 if (WARN_ON(link_id >= IEEE80211_MLD_MAX_NUM_LINKS))
5054 link = rcu_dereference(sdata->link[link_id]);
5058 if (sdata->vif.type == NL80211_IFTYPE_AP)
5059 beacon = rcu_dereference(link->u.ap.beacon);
5060 else if (sdata->vif.type == NL80211_IFTYPE_ADHOC)
5061 beacon = rcu_dereference(sdata->u.ibss.presp);
5062 else if (ieee80211_vif_is_mesh(&sdata->vif))
5063 beacon = rcu_dereference(sdata->u.mesh.beacon);
5068 count = __ieee80211_beacon_update_cntdwn(link, beacon);
5074 EXPORT_SYMBOL(ieee80211_beacon_update_cntdwn);
5076 void ieee80211_beacon_set_cntdwn(struct ieee80211_vif *vif, u8 counter)
5078 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
5079 struct beacon_data *beacon = NULL;
5083 if (sdata->vif.type == NL80211_IFTYPE_AP)
5084 beacon = rcu_dereference(sdata->deflink.u.ap.beacon);
5085 else if (sdata->vif.type == NL80211_IFTYPE_ADHOC)
5086 beacon = rcu_dereference(sdata->u.ibss.presp);
5087 else if (ieee80211_vif_is_mesh(&sdata->vif))
5088 beacon = rcu_dereference(sdata->u.mesh.beacon);
5093 if (counter < beacon->cntdwn_current_counter)
5094 beacon->cntdwn_current_counter = counter;
5099 EXPORT_SYMBOL(ieee80211_beacon_set_cntdwn);
5101 bool ieee80211_beacon_cntdwn_is_complete(struct ieee80211_vif *vif,
5102 unsigned int link_id)
5104 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
5105 struct ieee80211_link_data *link;
5106 struct beacon_data *beacon = NULL;
5108 size_t beacon_data_len;
5111 if (!ieee80211_sdata_running(sdata))
5114 if (WARN_ON(link_id >= IEEE80211_MLD_MAX_NUM_LINKS))
5119 link = rcu_dereference(sdata->link[link_id]);
5123 if (vif->type == NL80211_IFTYPE_AP) {
5124 beacon = rcu_dereference(link->u.ap.beacon);
5125 if (WARN_ON(!beacon || !beacon->tail))
5127 beacon_data = beacon->tail;
5128 beacon_data_len = beacon->tail_len;
5129 } else if (vif->type == NL80211_IFTYPE_ADHOC) {
5130 struct ieee80211_if_ibss *ifibss = &sdata->u.ibss;
5132 beacon = rcu_dereference(ifibss->presp);
5136 beacon_data = beacon->head;
5137 beacon_data_len = beacon->head_len;
5138 } else if (vif->type == NL80211_IFTYPE_MESH_POINT) {
5139 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
5141 beacon = rcu_dereference(ifmsh->beacon);
5145 beacon_data = beacon->head;
5146 beacon_data_len = beacon->head_len;
5152 if (!beacon->cntdwn_counter_offsets[0])
5155 if (WARN_ON_ONCE(beacon->cntdwn_counter_offsets[0] > beacon_data_len))
5158 if (beacon_data[beacon->cntdwn_counter_offsets[0]] == 1)
5166 EXPORT_SYMBOL(ieee80211_beacon_cntdwn_is_complete);
5168 static int ieee80211_beacon_protect(struct sk_buff *skb,
5169 struct ieee80211_local *local,
5170 struct ieee80211_sub_if_data *sdata,
5171 struct ieee80211_link_data *link)
5173 ieee80211_tx_result res;
5174 struct ieee80211_tx_data tx;
5175 struct sk_buff *check_skb;
5177 memset(&tx, 0, sizeof(tx));
5178 tx.key = rcu_dereference(link->default_beacon_key);
5182 if (unlikely(tx.key->flags & KEY_FLAG_TAINTED)) {
5187 if (!(tx.key->conf.flags & IEEE80211_KEY_FLAG_SW_MGMT_TX) &&
5188 tx.key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE)
5189 IEEE80211_SKB_CB(skb)->control.hw_key = &tx.key->conf;
5193 __skb_queue_head_init(&tx.skbs);
5194 __skb_queue_tail(&tx.skbs, skb);
5195 res = ieee80211_tx_h_encrypt(&tx);
5196 check_skb = __skb_dequeue(&tx.skbs);
5197 /* we may crash after this, but it'd be a bug in crypto */
5198 WARN_ON(check_skb != skb);
5199 if (WARN_ON_ONCE(res != TX_CONTINUE))
5206 ieee80211_beacon_get_finish(struct ieee80211_hw *hw,
5207 struct ieee80211_vif *vif,
5208 struct ieee80211_link_data *link,
5209 struct ieee80211_mutable_offsets *offs,
5210 struct beacon_data *beacon,
5211 struct sk_buff *skb,
5212 struct ieee80211_chanctx_conf *chanctx_conf,
5215 struct ieee80211_local *local = hw_to_local(hw);
5216 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
5217 struct ieee80211_tx_info *info;
5218 enum nl80211_band band;
5219 struct ieee80211_tx_rate_control txrc;
5222 if (offs && beacon) {
5225 for (i = 0; i < IEEE80211_MAX_CNTDWN_COUNTERS_NUM; i++) {
5226 u16 csa_off = beacon->cntdwn_counter_offsets[i];
5231 offs->cntdwn_counter_offs[i] = csa_off_base + csa_off;
5235 band = chanctx_conf->def.chan->band;
5236 info = IEEE80211_SKB_CB(skb);
5237 info->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
5238 info->flags |= IEEE80211_TX_CTL_NO_ACK;
5241 memset(&txrc, 0, sizeof(txrc));
5243 txrc.sband = local->hw.wiphy->bands[band];
5244 txrc.bss_conf = link->conf;
5246 txrc.reported_rate.idx = -1;
5247 if (sdata->beacon_rate_set && sdata->beacon_rateidx_mask[band])
5248 txrc.rate_idx_mask = sdata->beacon_rateidx_mask[band];
5250 txrc.rate_idx_mask = sdata->rc_rateidx_mask[band];
5252 rate_control_get_rate(sdata, NULL, &txrc);
5254 info->control.vif = vif;
5255 info->control.flags |= u32_encode_bits(link->link_id,
5256 IEEE80211_TX_CTRL_MLO_LINK);
5257 info->flags |= IEEE80211_TX_CTL_CLEAR_PS_FILT |
5258 IEEE80211_TX_CTL_ASSIGN_SEQ |
5259 IEEE80211_TX_CTL_FIRST_FRAGMENT;
5263 ieee80211_beacon_add_mbssid(struct sk_buff *skb, struct beacon_data *beacon,
5266 if (!beacon->mbssid_ies || !beacon->mbssid_ies->cnt ||
5267 i > beacon->mbssid_ies->cnt)
5270 if (i < beacon->mbssid_ies->cnt) {
5271 skb_put_data(skb, beacon->mbssid_ies->elem[i].data,
5272 beacon->mbssid_ies->elem[i].len);
5274 if (beacon->rnr_ies && beacon->rnr_ies->cnt) {
5275 skb_put_data(skb, beacon->rnr_ies->elem[i].data,
5276 beacon->rnr_ies->elem[i].len);
5278 for (i = beacon->mbssid_ies->cnt; i < beacon->rnr_ies->cnt; i++)
5279 skb_put_data(skb, beacon->rnr_ies->elem[i].data,
5280 beacon->rnr_ies->elem[i].len);
5285 /* i == beacon->mbssid_ies->cnt, include all MBSSID elements */
5286 for (i = 0; i < beacon->mbssid_ies->cnt; i++)
5287 skb_put_data(skb, beacon->mbssid_ies->elem[i].data,
5288 beacon->mbssid_ies->elem[i].len);
5291 static struct sk_buff *
5292 ieee80211_beacon_get_ap(struct ieee80211_hw *hw,
5293 struct ieee80211_vif *vif,
5294 struct ieee80211_link_data *link,
5295 struct ieee80211_mutable_offsets *offs,
5297 struct beacon_data *beacon,
5298 struct ieee80211_chanctx_conf *chanctx_conf,
5301 struct ieee80211_local *local = hw_to_local(hw);
5302 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
5303 struct ieee80211_if_ap *ap = &sdata->u.ap;
5304 struct sk_buff *skb = NULL;
5305 u16 csa_off_base = 0;
5308 if (beacon->cntdwn_counter_offsets[0]) {
5310 ieee80211_beacon_update_cntdwn(vif, link->link_id);
5312 ieee80211_set_beacon_cntdwn(sdata, beacon, link);
5315 /* headroom, head length,
5316 * tail length, maximum TIM length and multiple BSSID length
5318 mbssid_len = ieee80211_get_mbssid_beacon_len(beacon->mbssid_ies,
5322 skb = dev_alloc_skb(local->tx_headroom + beacon->head_len +
5323 beacon->tail_len + 256 +
5324 local->hw.extra_beacon_tailroom + mbssid_len);
5328 skb_reserve(skb, local->tx_headroom);
5329 skb_put_data(skb, beacon->head, beacon->head_len);
5331 ieee80211_beacon_add_tim(sdata, link, &ap->ps, skb, is_template);
5334 offs->tim_offset = beacon->head_len;
5335 offs->tim_length = skb->len - beacon->head_len;
5336 offs->cntdwn_counter_offs[0] = beacon->cntdwn_counter_offsets[0];
5339 ieee80211_beacon_add_mbssid(skb, beacon, ema_index);
5340 offs->mbssid_off = skb->len - mbssid_len;
5343 /* for AP the csa offsets are from tail */
5344 csa_off_base = skb->len;
5348 skb_put_data(skb, beacon->tail, beacon->tail_len);
5350 if (ieee80211_beacon_protect(skb, local, sdata, link) < 0) {
5355 ieee80211_beacon_get_finish(hw, vif, link, offs, beacon, skb,
5356 chanctx_conf, csa_off_base);
5360 static struct ieee80211_ema_beacons *
5361 ieee80211_beacon_get_ap_ema_list(struct ieee80211_hw *hw,
5362 struct ieee80211_vif *vif,
5363 struct ieee80211_link_data *link,
5364 struct ieee80211_mutable_offsets *offs,
5365 bool is_template, struct beacon_data *beacon,
5366 struct ieee80211_chanctx_conf *chanctx_conf)
5368 struct ieee80211_ema_beacons *ema = NULL;
5370 if (!beacon->mbssid_ies || !beacon->mbssid_ies->cnt)
5373 ema = kzalloc(struct_size(ema, bcn, beacon->mbssid_ies->cnt),
5378 for (ema->cnt = 0; ema->cnt < beacon->mbssid_ies->cnt; ema->cnt++) {
5379 ema->bcn[ema->cnt].skb =
5380 ieee80211_beacon_get_ap(hw, vif, link,
5381 &ema->bcn[ema->cnt].offs,
5382 is_template, beacon,
5383 chanctx_conf, ema->cnt);
5384 if (!ema->bcn[ema->cnt].skb)
5388 if (ema->cnt == beacon->mbssid_ies->cnt)
5391 ieee80211_beacon_free_ema_list(ema);
5395 #define IEEE80211_INCLUDE_ALL_MBSSID_ELEMS -1
5397 static struct sk_buff *
5398 __ieee80211_beacon_get(struct ieee80211_hw *hw,
5399 struct ieee80211_vif *vif,
5400 struct ieee80211_mutable_offsets *offs,
5402 unsigned int link_id,
5404 struct ieee80211_ema_beacons **ema_beacons)
5406 struct ieee80211_local *local = hw_to_local(hw);
5407 struct beacon_data *beacon = NULL;
5408 struct sk_buff *skb = NULL;
5409 struct ieee80211_sub_if_data *sdata = NULL;
5410 struct ieee80211_chanctx_conf *chanctx_conf;
5411 struct ieee80211_link_data *link;
5415 sdata = vif_to_sdata(vif);
5416 link = rcu_dereference(sdata->link[link_id]);
5420 rcu_dereference(link->conf->chanctx_conf);
5422 if (!ieee80211_sdata_running(sdata) || !chanctx_conf)
5426 memset(offs, 0, sizeof(*offs));
5428 if (sdata->vif.type == NL80211_IFTYPE_AP) {
5429 beacon = rcu_dereference(link->u.ap.beacon);
5435 ieee80211_beacon_get_ap_ema_list(hw, vif, link,
5441 if (beacon->mbssid_ies && beacon->mbssid_ies->cnt) {
5442 if (ema_index >= beacon->mbssid_ies->cnt)
5443 goto out; /* End of MBSSID elements */
5445 if (ema_index <= IEEE80211_INCLUDE_ALL_MBSSID_ELEMS)
5446 ema_index = beacon->mbssid_ies->cnt;
5451 skb = ieee80211_beacon_get_ap(hw, vif, link, offs,
5452 is_template, beacon,
5456 } else if (sdata->vif.type == NL80211_IFTYPE_ADHOC) {
5457 struct ieee80211_if_ibss *ifibss = &sdata->u.ibss;
5458 struct ieee80211_hdr *hdr;
5460 beacon = rcu_dereference(ifibss->presp);
5464 if (beacon->cntdwn_counter_offsets[0]) {
5466 __ieee80211_beacon_update_cntdwn(link, beacon);
5468 ieee80211_set_beacon_cntdwn(sdata, beacon, link);
5471 skb = dev_alloc_skb(local->tx_headroom + beacon->head_len +
5472 local->hw.extra_beacon_tailroom);
5475 skb_reserve(skb, local->tx_headroom);
5476 skb_put_data(skb, beacon->head, beacon->head_len);
5478 hdr = (struct ieee80211_hdr *) skb->data;
5479 hdr->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
5480 IEEE80211_STYPE_BEACON);
5482 ieee80211_beacon_get_finish(hw, vif, link, offs, beacon, skb,
5484 } else if (ieee80211_vif_is_mesh(&sdata->vif)) {
5485 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
5487 beacon = rcu_dereference(ifmsh->beacon);
5491 if (beacon->cntdwn_counter_offsets[0]) {
5493 /* TODO: For mesh csa_counter is in TU, so
5494 * decrementing it by one isn't correct, but
5495 * for now we leave it consistent with overall
5496 * mac80211's behavior.
5498 __ieee80211_beacon_update_cntdwn(link, beacon);
5500 ieee80211_set_beacon_cntdwn(sdata, beacon, link);
5503 if (ifmsh->sync_ops)
5504 ifmsh->sync_ops->adjust_tsf(sdata, beacon);
5506 skb = dev_alloc_skb(local->tx_headroom +
5510 local->hw.extra_beacon_tailroom);
5513 skb_reserve(skb, local->tx_headroom);
5514 skb_put_data(skb, beacon->head, beacon->head_len);
5515 ieee80211_beacon_add_tim(sdata, link, &ifmsh->ps, skb,
5519 offs->tim_offset = beacon->head_len;
5520 offs->tim_length = skb->len - beacon->head_len;
5523 skb_put_data(skb, beacon->tail, beacon->tail_len);
5524 ieee80211_beacon_get_finish(hw, vif, link, offs, beacon, skb,
5538 ieee80211_beacon_get_template(struct ieee80211_hw *hw,
5539 struct ieee80211_vif *vif,
5540 struct ieee80211_mutable_offsets *offs,
5541 unsigned int link_id)
5543 return __ieee80211_beacon_get(hw, vif, offs, true, link_id,
5544 IEEE80211_INCLUDE_ALL_MBSSID_ELEMS, NULL);
5546 EXPORT_SYMBOL(ieee80211_beacon_get_template);
5549 ieee80211_beacon_get_template_ema_index(struct ieee80211_hw *hw,
5550 struct ieee80211_vif *vif,
5551 struct ieee80211_mutable_offsets *offs,
5552 unsigned int link_id, u8 ema_index)
5554 return __ieee80211_beacon_get(hw, vif, offs, true, link_id, ema_index,
5557 EXPORT_SYMBOL(ieee80211_beacon_get_template_ema_index);
5559 void ieee80211_beacon_free_ema_list(struct ieee80211_ema_beacons *ema_beacons)
5566 for (i = 0; i < ema_beacons->cnt; i++)
5567 kfree_skb(ema_beacons->bcn[i].skb);
5571 EXPORT_SYMBOL(ieee80211_beacon_free_ema_list);
5573 struct ieee80211_ema_beacons *
5574 ieee80211_beacon_get_template_ema_list(struct ieee80211_hw *hw,
5575 struct ieee80211_vif *vif,
5576 unsigned int link_id)
5578 struct ieee80211_ema_beacons *ema_beacons = NULL;
5580 WARN_ON(__ieee80211_beacon_get(hw, vif, NULL, true, link_id, 0,
5585 EXPORT_SYMBOL(ieee80211_beacon_get_template_ema_list);
5587 struct sk_buff *ieee80211_beacon_get_tim(struct ieee80211_hw *hw,
5588 struct ieee80211_vif *vif,
5589 u16 *tim_offset, u16 *tim_length,
5590 unsigned int link_id)
5592 struct ieee80211_mutable_offsets offs = {};
5593 struct sk_buff *bcn = __ieee80211_beacon_get(hw, vif, &offs, false,
5595 IEEE80211_INCLUDE_ALL_MBSSID_ELEMS,
5597 struct sk_buff *copy;
5603 *tim_offset = offs.tim_offset;
5606 *tim_length = offs.tim_length;
5608 if (ieee80211_hw_check(hw, BEACON_TX_STATUS) ||
5609 !hw_to_local(hw)->monitors)
5612 /* send a copy to monitor interfaces */
5613 copy = skb_copy(bcn, GFP_ATOMIC);
5617 ieee80211_tx_monitor(hw_to_local(hw), copy, 1, NULL);
5621 EXPORT_SYMBOL(ieee80211_beacon_get_tim);
5623 struct sk_buff *ieee80211_proberesp_get(struct ieee80211_hw *hw,
5624 struct ieee80211_vif *vif)
5626 struct sk_buff *skb = NULL;
5627 struct probe_resp *presp = NULL;
5628 struct ieee80211_hdr *hdr;
5629 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
5631 if (sdata->vif.type != NL80211_IFTYPE_AP)
5635 presp = rcu_dereference(sdata->deflink.u.ap.probe_resp);
5639 skb = dev_alloc_skb(presp->len);
5643 skb_put_data(skb, presp->data, presp->len);
5645 hdr = (struct ieee80211_hdr *) skb->data;
5646 memset(hdr->addr1, 0, sizeof(hdr->addr1));
5652 EXPORT_SYMBOL(ieee80211_proberesp_get);
5654 struct sk_buff *ieee80211_get_fils_discovery_tmpl(struct ieee80211_hw *hw,
5655 struct ieee80211_vif *vif)
5657 struct sk_buff *skb = NULL;
5658 struct fils_discovery_data *tmpl = NULL;
5659 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
5661 if (sdata->vif.type != NL80211_IFTYPE_AP)
5665 tmpl = rcu_dereference(sdata->deflink.u.ap.fils_discovery);
5671 skb = dev_alloc_skb(sdata->local->hw.extra_tx_headroom + tmpl->len);
5673 skb_reserve(skb, sdata->local->hw.extra_tx_headroom);
5674 skb_put_data(skb, tmpl->data, tmpl->len);
5680 EXPORT_SYMBOL(ieee80211_get_fils_discovery_tmpl);
5683 ieee80211_get_unsol_bcast_probe_resp_tmpl(struct ieee80211_hw *hw,
5684 struct ieee80211_vif *vif)
5686 struct sk_buff *skb = NULL;
5687 struct unsol_bcast_probe_resp_data *tmpl = NULL;
5688 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
5690 if (sdata->vif.type != NL80211_IFTYPE_AP)
5694 tmpl = rcu_dereference(sdata->deflink.u.ap.unsol_bcast_probe_resp);
5700 skb = dev_alloc_skb(sdata->local->hw.extra_tx_headroom + tmpl->len);
5702 skb_reserve(skb, sdata->local->hw.extra_tx_headroom);
5703 skb_put_data(skb, tmpl->data, tmpl->len);
5709 EXPORT_SYMBOL(ieee80211_get_unsol_bcast_probe_resp_tmpl);
5711 struct sk_buff *ieee80211_pspoll_get(struct ieee80211_hw *hw,
5712 struct ieee80211_vif *vif)
5714 struct ieee80211_sub_if_data *sdata;
5715 struct ieee80211_pspoll *pspoll;
5716 struct ieee80211_local *local;
5717 struct sk_buff *skb;
5719 if (WARN_ON(vif->type != NL80211_IFTYPE_STATION))
5722 sdata = vif_to_sdata(vif);
5723 local = sdata->local;
5725 skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*pspoll));
5729 skb_reserve(skb, local->hw.extra_tx_headroom);
5731 pspoll = skb_put_zero(skb, sizeof(*pspoll));
5732 pspoll->frame_control = cpu_to_le16(IEEE80211_FTYPE_CTL |
5733 IEEE80211_STYPE_PSPOLL);
5734 pspoll->aid = cpu_to_le16(sdata->vif.cfg.aid);
5736 /* aid in PS-Poll has its two MSBs each set to 1 */
5737 pspoll->aid |= cpu_to_le16(1 << 15 | 1 << 14);
5739 memcpy(pspoll->bssid, sdata->deflink.u.mgd.bssid, ETH_ALEN);
5740 memcpy(pspoll->ta, vif->addr, ETH_ALEN);
5744 EXPORT_SYMBOL(ieee80211_pspoll_get);
5746 struct sk_buff *ieee80211_nullfunc_get(struct ieee80211_hw *hw,
5747 struct ieee80211_vif *vif,
5748 int link_id, bool qos_ok)
5750 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
5751 struct ieee80211_local *local = sdata->local;
5752 struct ieee80211_link_data *link = NULL;
5753 struct ieee80211_hdr_3addr *nullfunc;
5754 struct sk_buff *skb;
5757 if (WARN_ON(vif->type != NL80211_IFTYPE_STATION))
5760 skb = dev_alloc_skb(local->hw.extra_tx_headroom +
5761 sizeof(*nullfunc) + 2);
5767 struct sta_info *sta;
5769 sta = sta_info_get(sdata, vif->cfg.ap_addr);
5770 qos = sta && sta->sta.wme;
5774 link = rcu_dereference(sdata->link[link_id]);
5775 if (WARN_ON_ONCE(!link)) {
5782 skb_reserve(skb, local->hw.extra_tx_headroom);
5784 nullfunc = skb_put_zero(skb, sizeof(*nullfunc));
5785 nullfunc->frame_control = cpu_to_le16(IEEE80211_FTYPE_DATA |
5786 IEEE80211_STYPE_NULLFUNC |
5787 IEEE80211_FCTL_TODS);
5789 __le16 qoshdr = cpu_to_le16(7);
5791 BUILD_BUG_ON((IEEE80211_STYPE_QOS_NULLFUNC |
5792 IEEE80211_STYPE_NULLFUNC) !=
5793 IEEE80211_STYPE_QOS_NULLFUNC);
5794 nullfunc->frame_control |=
5795 cpu_to_le16(IEEE80211_STYPE_QOS_NULLFUNC);
5797 skb_set_queue_mapping(skb, IEEE80211_AC_VO);
5798 skb_put_data(skb, &qoshdr, sizeof(qoshdr));
5802 memcpy(nullfunc->addr1, link->conf->bssid, ETH_ALEN);
5803 memcpy(nullfunc->addr2, link->conf->addr, ETH_ALEN);
5804 memcpy(nullfunc->addr3, link->conf->bssid, ETH_ALEN);
5806 memcpy(nullfunc->addr1, vif->cfg.ap_addr, ETH_ALEN);
5807 memcpy(nullfunc->addr2, vif->addr, ETH_ALEN);
5808 memcpy(nullfunc->addr3, vif->cfg.ap_addr, ETH_ALEN);
5814 EXPORT_SYMBOL(ieee80211_nullfunc_get);
5816 struct sk_buff *ieee80211_probereq_get(struct ieee80211_hw *hw,
5818 const u8 *ssid, size_t ssid_len,
5821 struct ieee80211_local *local = hw_to_local(hw);
5822 struct ieee80211_hdr_3addr *hdr;
5823 struct sk_buff *skb;
5827 ie_ssid_len = 2 + ssid_len;
5829 skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*hdr) +
5830 ie_ssid_len + tailroom);
5834 skb_reserve(skb, local->hw.extra_tx_headroom);
5836 hdr = skb_put_zero(skb, sizeof(*hdr));
5837 hdr->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
5838 IEEE80211_STYPE_PROBE_REQ);
5839 eth_broadcast_addr(hdr->addr1);
5840 memcpy(hdr->addr2, src_addr, ETH_ALEN);
5841 eth_broadcast_addr(hdr->addr3);
5843 pos = skb_put(skb, ie_ssid_len);
5844 *pos++ = WLAN_EID_SSID;
5847 memcpy(pos, ssid, ssid_len);
5852 EXPORT_SYMBOL(ieee80211_probereq_get);
5854 void ieee80211_rts_get(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
5855 const void *frame, size_t frame_len,
5856 const struct ieee80211_tx_info *frame_txctl,
5857 struct ieee80211_rts *rts)
5859 const struct ieee80211_hdr *hdr = frame;
5861 rts->frame_control =
5862 cpu_to_le16(IEEE80211_FTYPE_CTL | IEEE80211_STYPE_RTS);
5863 rts->duration = ieee80211_rts_duration(hw, vif, frame_len,
5865 memcpy(rts->ra, hdr->addr1, sizeof(rts->ra));
5866 memcpy(rts->ta, hdr->addr2, sizeof(rts->ta));
5868 EXPORT_SYMBOL(ieee80211_rts_get);
5870 void ieee80211_ctstoself_get(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
5871 const void *frame, size_t frame_len,
5872 const struct ieee80211_tx_info *frame_txctl,
5873 struct ieee80211_cts *cts)
5875 const struct ieee80211_hdr *hdr = frame;
5877 cts->frame_control =
5878 cpu_to_le16(IEEE80211_FTYPE_CTL | IEEE80211_STYPE_CTS);
5879 cts->duration = ieee80211_ctstoself_duration(hw, vif,
5880 frame_len, frame_txctl);
5881 memcpy(cts->ra, hdr->addr1, sizeof(cts->ra));
5883 EXPORT_SYMBOL(ieee80211_ctstoself_get);
5886 ieee80211_get_buffered_bc(struct ieee80211_hw *hw,
5887 struct ieee80211_vif *vif)
5889 struct ieee80211_local *local = hw_to_local(hw);
5890 struct sk_buff *skb = NULL;
5891 struct ieee80211_tx_data tx;
5892 struct ieee80211_sub_if_data *sdata;
5894 struct ieee80211_tx_info *info;
5895 struct ieee80211_chanctx_conf *chanctx_conf;
5897 sdata = vif_to_sdata(vif);
5900 chanctx_conf = rcu_dereference(sdata->vif.bss_conf.chanctx_conf);
5905 if (sdata->vif.type == NL80211_IFTYPE_AP) {
5906 struct beacon_data *beacon =
5907 rcu_dereference(sdata->deflink.u.ap.beacon);
5909 if (!beacon || !beacon->head)
5912 ps = &sdata->u.ap.ps;
5913 } else if (ieee80211_vif_is_mesh(&sdata->vif)) {
5914 ps = &sdata->u.mesh.ps;
5919 if (ps->dtim_count != 0 || !ps->dtim_bc_mc)
5920 goto out; /* send buffered bc/mc only after DTIM beacon */
5923 skb = skb_dequeue(&ps->bc_buf);
5926 local->total_ps_buffered--;
5928 if (!skb_queue_empty(&ps->bc_buf) && skb->len >= 2) {
5929 struct ieee80211_hdr *hdr =
5930 (struct ieee80211_hdr *) skb->data;
5931 /* more buffered multicast/broadcast frames ==> set
5932 * MoreData flag in IEEE 802.11 header to inform PS
5934 hdr->frame_control |=
5935 cpu_to_le16(IEEE80211_FCTL_MOREDATA);
5938 if (sdata->vif.type == NL80211_IFTYPE_AP)
5939 sdata = IEEE80211_DEV_TO_SUB_IF(skb->dev);
5940 if (!ieee80211_tx_prepare(sdata, &tx, NULL, skb))
5942 ieee80211_free_txskb(hw, skb);
5945 info = IEEE80211_SKB_CB(skb);
5947 tx.flags |= IEEE80211_TX_PS_BUFFERED;
5948 info->band = chanctx_conf->def.chan->band;
5950 if (invoke_tx_handlers(&tx))
5957 EXPORT_SYMBOL(ieee80211_get_buffered_bc);
5959 int ieee80211_reserve_tid(struct ieee80211_sta *pubsta, u8 tid)
5961 struct sta_info *sta = container_of(pubsta, struct sta_info, sta);
5962 struct ieee80211_sub_if_data *sdata = sta->sdata;
5963 struct ieee80211_local *local = sdata->local;
5967 lockdep_assert_wiphy(local->hw.wiphy);
5969 /* only some cases are supported right now */
5970 switch (sdata->vif.type) {
5971 case NL80211_IFTYPE_STATION:
5972 case NL80211_IFTYPE_AP:
5973 case NL80211_IFTYPE_AP_VLAN:
5980 if (WARN_ON(tid >= IEEE80211_NUM_UPS))
5983 if (sta->reserved_tid == tid) {
5988 if (sta->reserved_tid != IEEE80211_TID_UNRESERVED) {
5989 sdata_err(sdata, "TID reservation already active\n");
5994 ieee80211_stop_vif_queues(sdata->local, sdata,
5995 IEEE80211_QUEUE_STOP_REASON_RESERVE_TID);
5999 /* Tear down BA sessions so we stop aggregating on this TID */
6000 if (ieee80211_hw_check(&local->hw, AMPDU_AGGREGATION)) {
6001 set_sta_flag(sta, WLAN_STA_BLOCK_BA);
6002 __ieee80211_stop_tx_ba_session(sta, tid,
6003 AGG_STOP_LOCAL_REQUEST);
6006 queues = BIT(sdata->vif.hw_queue[ieee802_1d_to_ac[tid]]);
6007 __ieee80211_flush_queues(local, sdata, queues, false);
6009 sta->reserved_tid = tid;
6011 ieee80211_wake_vif_queues(local, sdata,
6012 IEEE80211_QUEUE_STOP_REASON_RESERVE_TID);
6014 if (ieee80211_hw_check(&local->hw, AMPDU_AGGREGATION))
6015 clear_sta_flag(sta, WLAN_STA_BLOCK_BA);
6021 EXPORT_SYMBOL(ieee80211_reserve_tid);
6023 void ieee80211_unreserve_tid(struct ieee80211_sta *pubsta, u8 tid)
6025 struct sta_info *sta = container_of(pubsta, struct sta_info, sta);
6026 struct ieee80211_sub_if_data *sdata = sta->sdata;
6028 lockdep_assert_wiphy(sdata->local->hw.wiphy);
6030 /* only some cases are supported right now */
6031 switch (sdata->vif.type) {
6032 case NL80211_IFTYPE_STATION:
6033 case NL80211_IFTYPE_AP:
6034 case NL80211_IFTYPE_AP_VLAN:
6041 if (tid != sta->reserved_tid) {
6042 sdata_err(sdata, "TID to unreserve (%d) isn't reserved\n", tid);
6046 sta->reserved_tid = IEEE80211_TID_UNRESERVED;
6048 EXPORT_SYMBOL(ieee80211_unreserve_tid);
6050 void __ieee80211_tx_skb_tid_band(struct ieee80211_sub_if_data *sdata,
6051 struct sk_buff *skb, int tid, int link_id,
6052 enum nl80211_band band)
6054 const struct ieee80211_hdr *hdr = (void *)skb->data;
6055 int ac = ieee80211_ac_from_tid(tid);
6058 skb_reset_mac_header(skb);
6059 skb_set_queue_mapping(skb, ac);
6060 skb->priority = tid;
6062 skb->dev = sdata->dev;
6064 BUILD_BUG_ON(IEEE80211_LINK_UNSPECIFIED < IEEE80211_MLD_MAX_NUM_LINKS);
6065 BUILD_BUG_ON(!FIELD_FIT(IEEE80211_TX_CTRL_MLO_LINK,
6066 IEEE80211_LINK_UNSPECIFIED));
6068 if (!ieee80211_vif_is_mld(&sdata->vif)) {
6070 } else if (link_id >= 0) {
6072 } else if (memcmp(sdata->vif.addr, hdr->addr2, ETH_ALEN) == 0) {
6073 /* address from the MLD */
6074 link = IEEE80211_LINK_UNSPECIFIED;
6076 /* otherwise must be addressed from a link */
6078 for (link = 0; link < ARRAY_SIZE(sdata->vif.link_conf); link++) {
6079 struct ieee80211_bss_conf *link_conf;
6081 link_conf = rcu_dereference(sdata->vif.link_conf[link]);
6084 if (memcmp(link_conf->addr, hdr->addr2, ETH_ALEN) == 0)
6089 if (WARN_ON_ONCE(link == ARRAY_SIZE(sdata->vif.link_conf)))
6090 link = ffs(sdata->vif.active_links) - 1;
6093 IEEE80211_SKB_CB(skb)->control.flags |=
6094 u32_encode_bits(link, IEEE80211_TX_CTRL_MLO_LINK);
6097 * The other path calling ieee80211_xmit is from the tasklet,
6098 * and while we can handle concurrent transmissions locking
6099 * requirements are that we do not come into tx with bhs on.
6102 IEEE80211_SKB_CB(skb)->band = band;
6103 ieee80211_xmit(sdata, NULL, skb);
6107 void ieee80211_tx_skb_tid(struct ieee80211_sub_if_data *sdata,
6108 struct sk_buff *skb, int tid, int link_id)
6110 struct ieee80211_chanctx_conf *chanctx_conf;
6111 enum nl80211_band band;
6114 if (!ieee80211_vif_is_mld(&sdata->vif)) {
6115 WARN_ON(link_id >= 0);
6117 rcu_dereference(sdata->vif.bss_conf.chanctx_conf);
6118 if (WARN_ON(!chanctx_conf)) {
6123 band = chanctx_conf->def.chan->band;
6125 WARN_ON(link_id >= 0 &&
6126 !(sdata->vif.active_links & BIT(link_id)));
6127 /* MLD transmissions must not rely on the band */
6131 __ieee80211_tx_skb_tid_band(sdata, skb, tid, link_id, band);
6135 int ieee80211_tx_control_port(struct wiphy *wiphy, struct net_device *dev,
6136 const u8 *buf, size_t len,
6137 const u8 *dest, __be16 proto, bool unencrypted,
6138 int link_id, u64 *cookie)
6140 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
6141 struct ieee80211_local *local = sdata->local;
6142 struct sta_info *sta;
6143 struct sk_buff *skb;
6144 struct ethhdr *ehdr;
6149 /* mutex lock is only needed for incrementing the cookie counter */
6150 lockdep_assert_wiphy(local->hw.wiphy);
6152 /* Only accept CONTROL_PORT_PROTOCOL configured in CONNECT/ASSOCIATE
6153 * or Pre-Authentication
6155 if (proto != sdata->control_port_protocol &&
6156 proto != cpu_to_be16(ETH_P_PREAUTH))
6159 if (proto == sdata->control_port_protocol)
6160 ctrl_flags |= IEEE80211_TX_CTRL_PORT_CTRL_PROTO |
6161 IEEE80211_TX_CTRL_SKIP_MPATH_LOOKUP;
6164 flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
6167 ctrl_flags |= IEEE80211_TX_CTL_REQ_TX_STATUS;
6169 flags |= IEEE80211_TX_INTFL_NL80211_FRAME_TX;
6171 skb = dev_alloc_skb(local->hw.extra_tx_headroom +
6172 sizeof(struct ethhdr) + len);
6176 skb_reserve(skb, local->hw.extra_tx_headroom + sizeof(struct ethhdr));
6178 skb_put_data(skb, buf, len);
6180 ehdr = skb_push(skb, sizeof(struct ethhdr));
6181 memcpy(ehdr->h_dest, dest, ETH_ALEN);
6183 /* we may override the SA for MLO STA later */
6185 ctrl_flags |= u32_encode_bits(IEEE80211_LINK_UNSPECIFIED,
6186 IEEE80211_TX_CTRL_MLO_LINK);
6187 memcpy(ehdr->h_source, sdata->vif.addr, ETH_ALEN);
6189 struct ieee80211_bss_conf *link_conf;
6191 ctrl_flags |= u32_encode_bits(link_id,
6192 IEEE80211_TX_CTRL_MLO_LINK);
6195 link_conf = rcu_dereference(sdata->vif.link_conf[link_id]);
6201 memcpy(ehdr->h_source, link_conf->addr, ETH_ALEN);
6205 ehdr->h_proto = proto;
6208 skb->protocol = proto;
6209 skb_reset_network_header(skb);
6210 skb_reset_mac_header(skb);
6212 if (local->hw.queues < IEEE80211_NUM_ACS)
6215 /* update QoS header to prioritize control port frames if possible,
6216 * prioritization also happens for control port frames send over
6220 err = ieee80211_lookup_ra_sta(sdata, skb, &sta);
6228 u16 queue = ieee80211_select_queue(sdata, sta, skb);
6230 skb_set_queue_mapping(skb, queue);
6233 * for MLO STA, the SA should be the AP MLD address, but
6234 * the link ID has been selected already
6236 if (sta && sta->sta.mlo)
6237 memcpy(ehdr->h_source, sdata->vif.addr, ETH_ALEN);
6243 __ieee80211_subif_start_xmit(skb, skb->dev, flags, ctrl_flags, cookie);
6249 int ieee80211_probe_mesh_link(struct wiphy *wiphy, struct net_device *dev,
6250 const u8 *buf, size_t len)
6252 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
6253 struct ieee80211_local *local = sdata->local;
6254 struct sk_buff *skb;
6256 skb = dev_alloc_skb(local->hw.extra_tx_headroom + len +
6257 30 + /* header size */
6258 18); /* 11s header size */
6262 skb_reserve(skb, local->hw.extra_tx_headroom);
6263 skb_put_data(skb, buf, len);
6266 skb->protocol = htons(ETH_P_802_3);
6267 skb_reset_network_header(skb);
6268 skb_reset_mac_header(skb);
6271 __ieee80211_subif_start_xmit(skb, skb->dev, 0,
6272 IEEE80211_TX_CTRL_SKIP_MPATH_LOOKUP,
projects / linux-2.6-block.git / blob