Branch data Line data Source code
1 : : /*
2 : : * Radiotap parser
3 : : *
4 : : * Copyright 2007 Andy Green <andy@warmcat.com>
5 : : *
6 : : * This program is free software; you can redistribute it and/or modify
7 : : * it under the terms of the GNU General Public License version 2 as
8 : : * published by the Free Software Foundation.
9 : : *
10 : : * Alternatively, this software may be distributed under the terms of BSD
11 : : * license.
12 : : *
13 : : * See README and COPYING for more details.
14 : : *
15 : : *
16 : : * Modified for userspace by Johannes Berg <johannes@sipsolutions.net>
17 : : * I only modified some things on top to ease syncing should bugs be found.
18 : : */
19 : :
20 : : #include "includes.h"
21 : :
22 : : #include "common.h"
23 : : #include "radiotap_iter.h"
24 : :
25 : : #define le16_to_cpu le_to_host16
26 : : #define le32_to_cpu le_to_host32
27 : : #define __le32 uint32_t
28 : : #define ulong unsigned long
29 : : #define unlikely(cond) (cond)
30 : : #define get_unaligned(p) \
31 : : ({ \
32 : : struct packed_dummy_struct { \
33 : : typeof(*(p)) __val; \
34 : : } __attribute__((packed)) *__ptr = (void *) (p); \
35 : : \
36 : : __ptr->__val; \
37 : : })
38 : :
39 : : /* function prototypes and related defs are in radiotap_iter.h */
40 : :
41 : : /**
42 : : * ieee80211_radiotap_iterator_init - radiotap parser iterator initialization
43 : : * @iterator: radiotap_iterator to initialize
44 : : * @radiotap_header: radiotap header to parse
45 : : * @max_length: total length we can parse into (eg, whole packet length)
46 : : *
47 : : * Returns: 0 or a negative error code if there is a problem.
48 : : *
49 : : * This function initializes an opaque iterator struct which can then
50 : : * be passed to ieee80211_radiotap_iterator_next() to visit every radiotap
51 : : * argument which is present in the header. It knows about extended
52 : : * present headers and handles them.
53 : : *
54 : : * How to use:
55 : : * call __ieee80211_radiotap_iterator_init() to init a semi-opaque iterator
56 : : * struct ieee80211_radiotap_iterator (no need to init the struct beforehand)
57 : : * checking for a good 0 return code. Then loop calling
58 : : * __ieee80211_radiotap_iterator_next()... it returns either 0,
59 : : * -ENOENT if there are no more args to parse, or -EINVAL if there is a problem.
60 : : * The iterator's @this_arg member points to the start of the argument
61 : : * associated with the current argument index that is present, which can be
62 : : * found in the iterator's @this_arg_index member. This arg index corresponds
63 : : * to the IEEE80211_RADIOTAP_... defines.
64 : : *
65 : : * Radiotap header length:
66 : : * You can find the CPU-endian total radiotap header length in
67 : : * iterator->max_length after executing ieee80211_radiotap_iterator_init()
68 : : * successfully.
69 : : *
70 : : * Alignment Gotcha:
71 : : * You must take care when dereferencing iterator.this_arg
72 : : * for multibyte types... the pointer is not aligned. Use
73 : : * get_unaligned((type *)iterator.this_arg) to dereference
74 : : * iterator.this_arg for type "type" safely on all arches.
75 : : *
76 : : * Example code:
77 : : * See Documentation/networking/radiotap-headers.txt
78 : : */
79 : :
80 : 16 : int ieee80211_radiotap_iterator_init(
81 : : struct ieee80211_radiotap_iterator *iterator,
82 : : struct ieee80211_radiotap_header *radiotap_header,
83 : : int max_length)
84 : : {
85 : : /* Linux only supports version 0 radiotap format */
86 [ - + ]: 16 : if (radiotap_header->it_version)
87 : 0 : return -EINVAL;
88 : :
89 : : /* sanity check for allowed length and radiotap length field */
90 [ - + ]: 16 : if (max_length < le16_to_cpu(get_unaligned(&radiotap_header->it_len)))
91 : 0 : return -EINVAL;
92 : :
93 : 16 : iterator->rtheader = radiotap_header;
94 : 16 : iterator->max_length = le16_to_cpu(get_unaligned(
95 : : &radiotap_header->it_len));
96 : 16 : iterator->arg_index = 0;
97 : 16 : iterator->bitmap_shifter = le32_to_cpu(get_unaligned(
98 : : &radiotap_header->it_present));
99 : 16 : iterator->arg = (u8 *)radiotap_header + sizeof(*radiotap_header);
100 : 16 : iterator->this_arg = NULL;
101 : :
102 : : /* find payload start allowing for extended bitmap(s) */
103 : :
104 [ - + ]: 16 : if (unlikely(iterator->bitmap_shifter & (1<<IEEE80211_RADIOTAP_EXT))) {
105 [ # # ]: 0 : while (le32_to_cpu(get_unaligned((__le32 *)iterator->arg)) &
106 : : (1<<IEEE80211_RADIOTAP_EXT)) {
107 : 0 : iterator->arg += sizeof(u32);
108 : :
109 : : /*
110 : : * check for insanity where the present bitmaps
111 : : * keep claiming to extend up to or even beyond the
112 : : * stated radiotap header length
113 : : */
114 : :
115 [ # # ]: 0 : if (((ulong)iterator->arg - (ulong)iterator->rtheader)
116 : 0 : > (ulong)iterator->max_length)
117 : 0 : return -EINVAL;
118 : : }
119 : :
120 : 0 : iterator->arg += sizeof(u32);
121 : :
122 : : /*
123 : : * no need to check again for blowing past stated radiotap
124 : : * header length, because ieee80211_radiotap_iterator_next
125 : : * checks it before it is dereferenced
126 : : */
127 : : }
128 : :
129 : : /* we are all initialized happily */
130 : :
131 : 16 : return 0;
132 : : }
133 : :
134 : :
135 : : /**
136 : : * ieee80211_radiotap_iterator_next - return next radiotap parser iterator arg
137 : : * @iterator: radiotap_iterator to move to next arg (if any)
138 : : *
139 : : * Returns: 0 if there is an argument to handle,
140 : : * -ENOENT if there are no more args or -EINVAL
141 : : * if there is something else wrong.
142 : : *
143 : : * This function provides the next radiotap arg index (IEEE80211_RADIOTAP_*)
144 : : * in @this_arg_index and sets @this_arg to point to the
145 : : * payload for the field. It takes care of alignment handling and extended
146 : : * present fields. @this_arg can be changed by the caller (eg,
147 : : * incremented to move inside a compound argument like
148 : : * IEEE80211_RADIOTAP_CHANNEL). The args pointed to are in
149 : : * little-endian format whatever the endianess of your CPU.
150 : : *
151 : : * Alignment Gotcha:
152 : : * You must take care when dereferencing iterator.this_arg
153 : : * for multibyte types... the pointer is not aligned. Use
154 : : * get_unaligned((type *)iterator.this_arg) to dereference
155 : : * iterator.this_arg for type "type" safely on all arches.
156 : : */
157 : :
158 : 94 : int ieee80211_radiotap_iterator_next(
159 : : struct ieee80211_radiotap_iterator *iterator)
160 : : {
161 : :
162 : : /*
163 : : * small length lookup table for all radiotap types we heard of
164 : : * starting from b0 in the bitmap, so we can walk the payload
165 : : * area of the radiotap header
166 : : *
167 : : * There is a requirement to pad args, so that args
168 : : * of a given length must begin at a boundary of that length
169 : : * -- but note that compound args are allowed (eg, 2 x u16
170 : : * for IEEE80211_RADIOTAP_CHANNEL) so total arg length is not
171 : : * a reliable indicator of alignment requirement.
172 : : *
173 : : * upper nybble: content alignment for arg
174 : : * lower nybble: content length for arg
175 : : */
176 : :
177 : : static const u8 rt_sizes[] = {
178 : : [IEEE80211_RADIOTAP_TSFT] = 0x88,
179 : : [IEEE80211_RADIOTAP_FLAGS] = 0x11,
180 : : [IEEE80211_RADIOTAP_RATE] = 0x11,
181 : : [IEEE80211_RADIOTAP_CHANNEL] = 0x24,
182 : : [IEEE80211_RADIOTAP_FHSS] = 0x22,
183 : : [IEEE80211_RADIOTAP_DBM_ANTSIGNAL] = 0x11,
184 : : [IEEE80211_RADIOTAP_DBM_ANTNOISE] = 0x11,
185 : : [IEEE80211_RADIOTAP_LOCK_QUALITY] = 0x22,
186 : : [IEEE80211_RADIOTAP_TX_ATTENUATION] = 0x22,
187 : : [IEEE80211_RADIOTAP_DB_TX_ATTENUATION] = 0x22,
188 : : [IEEE80211_RADIOTAP_DBM_TX_POWER] = 0x11,
189 : : [IEEE80211_RADIOTAP_ANTENNA] = 0x11,
190 : : [IEEE80211_RADIOTAP_DB_ANTSIGNAL] = 0x11,
191 : : [IEEE80211_RADIOTAP_DB_ANTNOISE] = 0x11,
192 : : [IEEE80211_RADIOTAP_RX_FLAGS] = 0x22,
193 : : [IEEE80211_RADIOTAP_TX_FLAGS] = 0x22,
194 : : [IEEE80211_RADIOTAP_RTS_RETRIES] = 0x11,
195 : : [IEEE80211_RADIOTAP_DATA_RETRIES] = 0x11,
196 : : /*
197 : : * add more here as they are defined in
198 : : * include/net/ieee80211_radiotap.h
199 : : */
200 : : };
201 : :
202 : : /*
203 : : * for every radiotap entry we can at
204 : : * least skip (by knowing the length)...
205 : : */
206 : :
207 [ + + ]: 304 : while (iterator->arg_index < (int) sizeof(rt_sizes)) {
208 : 288 : int hit = 0;
209 : : int pad;
210 : :
211 [ + + ]: 288 : if (!(iterator->bitmap_shifter & 1))
212 : 210 : goto next_entry; /* arg not present */
213 : :
214 : : /*
215 : : * arg is present, account for alignment padding
216 : : * 8-bit args can be at any alignment
217 : : * 16-bit args must start on 16-bit boundary
218 : : * 32-bit args must start on 32-bit boundary
219 : : * 64-bit args must start on 64-bit boundary
220 : : *
221 : : * note that total arg size can differ from alignment of
222 : : * elements inside arg, so we use upper nybble of length
223 : : * table to base alignment on
224 : : *
225 : : * also note: these alignments are ** relative to the
226 : : * start of the radiotap header **. There is no guarantee
227 : : * that the radiotap header itself is aligned on any
228 : : * kind of boundary.
229 : : *
230 : : * the above is why get_unaligned() is used to dereference
231 : : * multibyte elements from the radiotap area
232 : : */
233 : :
234 : 234 : pad = (((ulong)iterator->arg) -
235 : 78 : ((ulong)iterator->rtheader)) &
236 : 78 : ((rt_sizes[iterator->arg_index] >> 4) - 1);
237 : :
238 [ + + ]: 78 : if (pad)
239 : 6 : iterator->arg +=
240 : 6 : (rt_sizes[iterator->arg_index] >> 4) - pad;
241 : :
242 : : /*
243 : : * this is what we will return to user, but we need to
244 : : * move on first so next call has something fresh to test
245 : : */
246 : 78 : iterator->this_arg_index = iterator->arg_index;
247 : 78 : iterator->this_arg = iterator->arg;
248 : 78 : hit = 1;
249 : :
250 : : /* internally move on the size of this arg */
251 : 78 : iterator->arg += rt_sizes[iterator->arg_index] & 0x0f;
252 : :
253 : : /*
254 : : * check for insanity where we are given a bitmap that
255 : : * claims to have more arg content than the length of the
256 : : * radiotap section. We will normally end up equalling this
257 : : * max_length on the last arg, never exceeding it.
258 : : */
259 : :
260 [ - + ]: 78 : if (((ulong)iterator->arg - (ulong)iterator->rtheader) >
261 : 78 : (ulong) iterator->max_length)
262 : 0 : return -EINVAL;
263 : :
264 : : next_entry:
265 : 288 : iterator->arg_index++;
266 [ - + ]: 288 : if (unlikely((iterator->arg_index & 31) == 0)) {
267 : : /* completed current u32 bitmap */
268 [ # # ]: 0 : if (iterator->bitmap_shifter & 1) {
269 : : /* b31 was set, there is more */
270 : : /* move to next u32 bitmap */
271 : 0 : iterator->bitmap_shifter = le32_to_cpu(
272 : : get_unaligned(iterator->next_bitmap));
273 : 0 : iterator->next_bitmap++;
274 : : } else
275 : : /* no more bitmaps: end */
276 : 0 : iterator->arg_index = sizeof(rt_sizes);
277 : : } else /* just try the next bit */
278 : 288 : iterator->bitmap_shifter >>= 1;
279 : :
280 : : /* if we found a valid arg earlier, return it now */
281 [ + + ]: 288 : if (hit)
282 : 78 : return 0;
283 : : }
284 : :
285 : : /* we don't know how to handle any more args, we're done */
286 : 94 : return -ENOENT;
287 : : }
|
