2 * Received Data frame processing
3 * Copyright (c) 2010-2015, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
9 #include "utils/includes.h"
11 #include "utils/common.h"
12 #include "common/defs.h"
13 #include "common/ieee802_11_defs.h"
17 static const char * data_stype(u16 stype
)
20 case WLAN_FC_STYPE_DATA
:
22 case WLAN_FC_STYPE_DATA_CFACK
:
24 case WLAN_FC_STYPE_DATA_CFPOLL
:
26 case WLAN_FC_STYPE_DATA_CFACKPOLL
:
27 return "DATA-CFACKPOLL";
28 case WLAN_FC_STYPE_NULLFUNC
:
30 case WLAN_FC_STYPE_CFACK
:
32 case WLAN_FC_STYPE_CFPOLL
:
34 case WLAN_FC_STYPE_CFACKPOLL
:
36 case WLAN_FC_STYPE_QOS_DATA
:
38 case WLAN_FC_STYPE_QOS_DATA_CFACK
:
39 return "QOSDATA-CFACK";
40 case WLAN_FC_STYPE_QOS_DATA_CFPOLL
:
41 return "QOSDATA-CFPOLL";
42 case WLAN_FC_STYPE_QOS_DATA_CFACKPOLL
:
43 return "QOSDATA-CFACKPOLL";
44 case WLAN_FC_STYPE_QOS_NULL
:
46 case WLAN_FC_STYPE_QOS_CFPOLL
:
48 case WLAN_FC_STYPE_QOS_CFACKPOLL
:
49 return "QOS-CFACKPOLL";
55 static void rx_data_eth(struct wlantest
*wt
, const u8
*bssid
,
56 const u8
*sta_addr
, const u8
*dst
, const u8
*src
,
57 u16 ethertype
, const u8
*data
, size_t len
, int prot
,
62 rx_data_eapol(wt
, bssid
, sta_addr
, dst
, src
, data
, len
, prot
);
65 rx_data_ip(wt
, bssid
, sta_addr
, dst
, src
, data
, len
,
69 rx_data_80211_encap(wt
, bssid
, sta_addr
, dst
, src
, data
, len
);
75 static void rx_data_process(struct wlantest
*wt
, const u8
*bssid
,
77 const u8
*dst
, const u8
*src
,
78 const u8
*data
, size_t len
, int prot
,
84 if (len
>= 8 && os_memcmp(data
, "\xaa\xaa\x03\x00\x00\x00", 6) == 0) {
85 rx_data_eth(wt
, bssid
, sta_addr
, dst
, src
,
86 WPA_GET_BE16(data
+ 6), data
+ 8, len
- 8, prot
,
91 wpa_hexdump(MSG_DEBUG
, "Unrecognized LLC", data
, len
> 8 ? 8 : len
);
95 static u8
* try_all_ptk(struct wlantest
*wt
, int pairwise_cipher
,
96 const struct ieee80211_hdr
*hdr
,
97 const u8
*data
, size_t data_len
, size_t *decrypted_len
)
99 struct wlantest_ptk
*ptk
;
101 int prev_level
= wpa_debug_level
;
103 wpa_debug_level
= MSG_WARNING
;
104 dl_list_for_each(ptk
, &wt
->ptk
, struct wlantest_ptk
, list
) {
105 unsigned int tk_len
= ptk
->ptk_len
- 32;
107 if ((pairwise_cipher
== WPA_CIPHER_CCMP
||
108 pairwise_cipher
== 0) && tk_len
== 16) {
109 decrypted
= ccmp_decrypt(ptk
->ptk
.tk
, hdr
, data
,
110 data_len
, decrypted_len
);
111 } else if ((pairwise_cipher
== WPA_CIPHER_CCMP_256
||
112 pairwise_cipher
== 0) && tk_len
== 32) {
113 decrypted
= ccmp_256_decrypt(ptk
->ptk
.tk
, hdr
, data
,
114 data_len
, decrypted_len
);
115 } else if ((pairwise_cipher
== WPA_CIPHER_GCMP
||
116 pairwise_cipher
== WPA_CIPHER_GCMP_256
||
117 pairwise_cipher
== 0) &&
118 (tk_len
== 16 || tk_len
== 32)) {
119 decrypted
= gcmp_decrypt(ptk
->ptk
.tk
, tk_len
, hdr
,
120 data
, data_len
, decrypted_len
);
121 } else if ((pairwise_cipher
== WPA_CIPHER_TKIP
||
122 pairwise_cipher
== 0) && tk_len
== 32) {
123 decrypted
= tkip_decrypt(ptk
->ptk
.tk
, hdr
, data
,
124 data_len
, decrypted_len
);
127 wpa_debug_level
= prev_level
;
128 add_note(wt
, MSG_DEBUG
, "Found PTK match from list of all known PTKs");
132 wpa_debug_level
= prev_level
;
138 static void rx_data_bss_prot_group(struct wlantest
*wt
,
139 const struct ieee80211_hdr
*hdr
,
141 const u8
*qos
, const u8
*dst
, const u8
*src
,
142 const u8
*data
, size_t len
)
144 struct wlantest_bss
*bss
;
146 u8
*decrypted
= NULL
;
151 bss
= bss_get(wt
, hdr
->addr2
);
155 add_note(wt
, MSG_INFO
, "Too short group addressed data frame");
159 if (bss
->group_cipher
& (WPA_CIPHER_TKIP
| WPA_CIPHER_CCMP
) &&
161 add_note(wt
, MSG_INFO
, "Expected TKIP/CCMP frame from "
162 MACSTR
" did not have ExtIV bit set to 1",
163 MAC2STR(bss
->bssid
));
167 if (bss
->group_cipher
== WPA_CIPHER_TKIP
) {
168 if (data
[3] & 0x1f) {
169 add_note(wt
, MSG_INFO
, "TKIP frame from " MACSTR
170 " used non-zero reserved bit",
171 MAC2STR(bss
->bssid
));
173 if (data
[1] != ((data
[0] | 0x20) & 0x7f)) {
174 add_note(wt
, MSG_INFO
, "TKIP frame from " MACSTR
175 " used incorrect WEPSeed[1] (was 0x%x, "
177 MAC2STR(bss
->bssid
), data
[1],
178 (data
[0] | 0x20) & 0x7f);
180 } else if (bss
->group_cipher
== WPA_CIPHER_CCMP
) {
181 if (data
[2] != 0 || (data
[3] & 0x1f) != 0) {
182 add_note(wt
, MSG_INFO
, "CCMP frame from " MACSTR
183 " used non-zero reserved bit",
184 MAC2STR(bss
->bssid
));
188 keyid
= data
[3] >> 6;
189 if (bss
->gtk_len
[keyid
] == 0 && bss
->group_cipher
!= WPA_CIPHER_WEP40
)
191 add_note(wt
, MSG_MSGDUMP
, "No GTK known to decrypt the frame "
192 "(A2=" MACSTR
" KeyID=%d)",
193 MAC2STR(hdr
->addr2
), keyid
);
197 if (bss
->group_cipher
== WPA_CIPHER_TKIP
)
198 tkip_get_pn(pn
, data
);
199 else if (bss
->group_cipher
== WPA_CIPHER_WEP40
)
200 goto skip_replay_det
;
202 ccmp_get_pn(pn
, data
);
203 if (os_memcmp(pn
, bss
->rsc
[keyid
], 6) <= 0) {
204 u16 seq_ctrl
= le_to_host16(hdr
->seq_ctrl
);
205 add_note(wt
, MSG_INFO
, "CCMP/TKIP replay detected: A1=" MACSTR
206 " A2=" MACSTR
" A3=" MACSTR
" seq=%u frag=%u%s",
207 MAC2STR(hdr
->addr1
), MAC2STR(hdr
->addr2
),
209 WLAN_GET_SEQ_SEQ(seq_ctrl
),
210 WLAN_GET_SEQ_FRAG(seq_ctrl
),
211 (le_to_host16(hdr
->frame_control
) & WLAN_FC_RETRY
) ?
213 wpa_hexdump(MSG_INFO
, "RX PN", pn
, 6);
214 wpa_hexdump(MSG_INFO
, "RSC", bss
->rsc
[keyid
], 6);
219 if (bss
->group_cipher
== WPA_CIPHER_TKIP
)
220 decrypted
= tkip_decrypt(bss
->gtk
[keyid
], hdr
, data
, len
,
222 else if (bss
->group_cipher
== WPA_CIPHER_WEP40
)
223 decrypted
= wep_decrypt(wt
, hdr
, data
, len
, &dlen
);
224 else if (bss
->group_cipher
== WPA_CIPHER_CCMP
)
225 decrypted
= ccmp_decrypt(bss
->gtk
[keyid
], hdr
, data
, len
,
227 else if (bss
->group_cipher
== WPA_CIPHER_CCMP_256
)
228 decrypted
= ccmp_256_decrypt(bss
->gtk
[keyid
], hdr
, data
, len
,
230 else if (bss
->group_cipher
== WPA_CIPHER_GCMP
||
231 bss
->group_cipher
== WPA_CIPHER_GCMP_256
)
232 decrypted
= gcmp_decrypt(bss
->gtk
[keyid
], bss
->gtk_len
[keyid
],
233 hdr
, data
, len
, &dlen
);
236 rx_data_process(wt
, bss
->bssid
, NULL
, dst
, src
, decrypted
,
239 os_memcpy(bss
->rsc
[keyid
], pn
, 6);
240 write_pcap_decrypted(wt
, (const u8
*) hdr
, hdrlen
,
243 add_note(wt
, MSG_DEBUG
, "Failed to decrypt frame");
248 static void rx_data_bss_prot(struct wlantest
*wt
,
249 const struct ieee80211_hdr
*hdr
, size_t hdrlen
,
250 const u8
*qos
, const u8
*dst
, const u8
*src
,
251 const u8
*data
, size_t len
)
253 struct wlantest_bss
*bss
, *bss2
;
254 struct wlantest_sta
*sta
, *sta2
;
256 u16 fc
= le_to_host16(hdr
->frame_control
);
261 struct wlantest_tdls
*tdls
= NULL
, *found
;
263 int ptk_iter_done
= 0;
264 int try_ptk_iter
= 0;
267 if (hdr
->addr1
[0] & 0x01) {
268 rx_data_bss_prot_group(wt
, hdr
, hdrlen
, qos
, dst
, src
,
273 if ((fc
& (WLAN_FC_TODS
| WLAN_FC_FROMDS
)) ==
274 (WLAN_FC_TODS
| WLAN_FC_FROMDS
)) {
275 bss
= bss_find(wt
, hdr
->addr1
);
277 sta
= sta_find(bss
, hdr
->addr2
);
280 WLANTEST_STA_COUNTER_PROT_DATA_TX
]++;
282 if (!sta
|| !sta
->ptk_set
) {
283 bss2
= bss_find(wt
, hdr
->addr2
);
285 sta2
= sta_find(bss2
, hdr
->addr1
);
286 if (sta2
&& (!sta
|| sta2
->ptk_set
)) {
293 bss
= bss_find(wt
, hdr
->addr2
);
296 sta
= sta_find(bss
, hdr
->addr1
);
298 } else if (fc
& WLAN_FC_TODS
) {
299 bss
= bss_get(wt
, hdr
->addr1
);
302 sta
= sta_get(bss
, hdr
->addr2
);
304 sta
->counters
[WLANTEST_STA_COUNTER_PROT_DATA_TX
]++;
305 } else if (fc
& WLAN_FC_FROMDS
) {
306 bss
= bss_get(wt
, hdr
->addr2
);
309 sta
= sta_get(bss
, hdr
->addr1
);
311 bss
= bss_get(wt
, hdr
->addr3
);
314 sta
= sta_find(bss
, hdr
->addr2
);
315 sta2
= sta_find(bss
, hdr
->addr1
);
316 if (sta
== NULL
|| sta2
== NULL
)
319 dl_list_for_each(tdls
, &bss
->tdls
, struct wlantest_tdls
, list
)
321 if ((tdls
->init
== sta
&& tdls
->resp
== sta2
) ||
322 (tdls
->init
== sta2
&& tdls
->resp
== sta
)) {
330 add_note(wt
, MSG_DEBUG
,
331 "TDLS: Link not up, but Data "
338 (!sta
->ptk_set
&& sta
->pairwise_cipher
!= WPA_CIPHER_WEP40
)) &&
340 add_note(wt
, MSG_MSGDUMP
, "No PTK known to decrypt the frame");
341 if (dl_list_empty(&wt
->ptk
))
347 add_note(wt
, MSG_INFO
, "Too short encrypted data frame");
353 if (sta
->pairwise_cipher
& (WPA_CIPHER_TKIP
| WPA_CIPHER_CCMP
) &&
355 add_note(wt
, MSG_INFO
, "Expected TKIP/CCMP frame from "
356 MACSTR
" did not have ExtIV bit set to 1",
361 if (tk
== NULL
&& sta
->pairwise_cipher
== WPA_CIPHER_TKIP
) {
362 if (data
[3] & 0x1f) {
363 add_note(wt
, MSG_INFO
, "TKIP frame from " MACSTR
364 " used non-zero reserved bit",
365 MAC2STR(hdr
->addr2
));
367 if (data
[1] != ((data
[0] | 0x20) & 0x7f)) {
368 add_note(wt
, MSG_INFO
, "TKIP frame from " MACSTR
369 " used incorrect WEPSeed[1] (was 0x%x, "
371 MAC2STR(hdr
->addr2
), data
[1],
372 (data
[0] | 0x20) & 0x7f);
374 } else if (tk
|| sta
->pairwise_cipher
== WPA_CIPHER_CCMP
) {
375 if (data
[2] != 0 || (data
[3] & 0x1f) != 0) {
376 add_note(wt
, MSG_INFO
, "CCMP frame from " MACSTR
377 " used non-zero reserved bit",
378 MAC2STR(hdr
->addr2
));
382 keyid
= data
[3] >> 6;
384 add_note(wt
, MSG_INFO
, "Unexpected non-zero KeyID %d in "
385 "individually addressed Data frame from " MACSTR
,
386 keyid
, MAC2STR(hdr
->addr2
));
391 if (fc
& WLAN_FC_TODS
)
397 if (fc
& WLAN_FC_TODS
)
403 if (os_memcmp(hdr
->addr2
, tdls
->init
->addr
, ETH_ALEN
) == 0)
404 rsc
= tdls
->rsc_init
[tid
];
406 rsc
= tdls
->rsc_resp
[tid
];
407 } else if ((fc
& (WLAN_FC_TODS
| WLAN_FC_FROMDS
)) ==
408 (WLAN_FC_TODS
| WLAN_FC_FROMDS
)) {
409 if (os_memcmp(sta
->addr
, hdr
->addr2
, ETH_ALEN
) == 0)
410 rsc
= sta
->rsc_tods
[tid
];
412 rsc
= sta
->rsc_fromds
[tid
];
413 } else if (fc
& WLAN_FC_TODS
)
414 rsc
= sta
->rsc_tods
[tid
];
416 rsc
= sta
->rsc_fromds
[tid
];
419 if (tk
== NULL
&& sta
->pairwise_cipher
== WPA_CIPHER_TKIP
)
420 tkip_get_pn(pn
, data
);
421 else if (sta
->pairwise_cipher
== WPA_CIPHER_WEP40
)
422 goto skip_replay_det
;
424 ccmp_get_pn(pn
, data
);
425 if (os_memcmp(pn
, rsc
, 6) <= 0) {
426 u16 seq_ctrl
= le_to_host16(hdr
->seq_ctrl
);
427 add_note(wt
, MSG_INFO
, "CCMP/TKIP replay detected: A1=" MACSTR
428 " A2=" MACSTR
" A3=" MACSTR
" seq=%u frag=%u%s",
429 MAC2STR(hdr
->addr1
), MAC2STR(hdr
->addr2
),
431 WLAN_GET_SEQ_SEQ(seq_ctrl
),
432 WLAN_GET_SEQ_FRAG(seq_ctrl
),
433 (le_to_host16(hdr
->frame_control
) & WLAN_FC_RETRY
) ?
435 wpa_hexdump(MSG_INFO
, "RX PN", pn
, 6);
436 wpa_hexdump(MSG_INFO
, "RSC", rsc
, 6);
442 if (sta
->pairwise_cipher
== WPA_CIPHER_CCMP_256
)
443 decrypted
= ccmp_256_decrypt(tk
, hdr
, data
, len
, &dlen
);
444 else if (sta
->pairwise_cipher
== WPA_CIPHER_GCMP
||
445 sta
->pairwise_cipher
== WPA_CIPHER_GCMP_256
)
446 decrypted
= gcmp_decrypt(tk
, sta
->ptk
.tk_len
, hdr
, data
,
449 decrypted
= ccmp_decrypt(tk
, hdr
, data
, len
, &dlen
);
450 } else if (sta
->pairwise_cipher
== WPA_CIPHER_TKIP
) {
451 decrypted
= tkip_decrypt(sta
->ptk
.tk
, hdr
, data
, len
, &dlen
);
452 } else if (sta
->pairwise_cipher
== WPA_CIPHER_WEP40
) {
453 decrypted
= wep_decrypt(wt
, hdr
, data
, len
, &dlen
);
454 } else if (sta
->ptk_set
) {
455 if (sta
->pairwise_cipher
== WPA_CIPHER_CCMP_256
)
456 decrypted
= ccmp_256_decrypt(sta
->ptk
.tk
, hdr
, data
,
458 else if (sta
->pairwise_cipher
== WPA_CIPHER_GCMP
||
459 sta
->pairwise_cipher
== WPA_CIPHER_GCMP_256
)
460 decrypted
= gcmp_decrypt(sta
->ptk
.tk
, sta
->ptk
.tk_len
,
461 hdr
, data
, len
, &dlen
);
463 decrypted
= ccmp_decrypt(sta
->ptk
.tk
, hdr
, data
, len
,
466 decrypted
= try_all_ptk(wt
, sta
->pairwise_cipher
, hdr
, data
,
470 if (!decrypted
&& !ptk_iter_done
) {
471 decrypted
= try_all_ptk(wt
, sta
->pairwise_cipher
, hdr
, data
,
474 add_note(wt
, MSG_DEBUG
, "Current PTK did not work, but found a match from all known PTKs");
478 u16 fc
= le_to_host16(hdr
->frame_control
);
479 const u8
*peer_addr
= NULL
;
480 if (!(fc
& (WLAN_FC_FROMDS
| WLAN_FC_TODS
)))
481 peer_addr
= hdr
->addr1
;
483 os_memcpy(rsc
, pn
, 6);
484 rx_data_process(wt
, bss
->bssid
, sta
->addr
, dst
, src
, decrypted
,
486 write_pcap_decrypted(wt
, (const u8
*) hdr
, hdrlen
,
490 add_note(wt
, MSG_DEBUG
, "Failed to decrypt frame");
492 /* Assume the frame was corrupted and there was no FCS to check.
493 * Allow retry of this particular frame to be processed so that
494 * it could end up getting decrypted if it was received without
496 sta
->allow_duplicate
= 1;
502 static void rx_data_bss(struct wlantest
*wt
, const struct ieee80211_hdr
*hdr
,
503 size_t hdrlen
, const u8
*qos
, const u8
*dst
,
504 const u8
*src
, const u8
*data
, size_t len
)
506 u16 fc
= le_to_host16(hdr
->frame_control
);
507 int prot
= !!(fc
& WLAN_FC_ISWEP
);
510 u8 ack
= (qos
[0] & 0x60) >> 5;
511 wpa_printf(MSG_MSGDUMP
, "BSS DATA: " MACSTR
" -> " MACSTR
512 " len=%u%s tid=%u%s%s",
513 MAC2STR(src
), MAC2STR(dst
), (unsigned int) len
,
514 prot
? " Prot" : "", qos
[0] & 0x0f,
515 (qos
[0] & 0x10) ? " EOSP" : "",
517 (ack
== 1 ? " NoAck" :
518 (ack
== 2 ? " NoExpAck" : " BA")));
520 wpa_printf(MSG_MSGDUMP
, "BSS DATA: " MACSTR
" -> " MACSTR
522 MAC2STR(src
), MAC2STR(dst
), (unsigned int) len
,
523 prot
? " Prot" : "");
527 rx_data_bss_prot(wt
, hdr
, hdrlen
, qos
, dst
, src
, data
, len
);
529 const u8
*bssid
, *sta_addr
, *peer_addr
;
530 struct wlantest_bss
*bss
;
532 if (fc
& WLAN_FC_TODS
) {
534 sta_addr
= hdr
->addr2
;
536 } else if (fc
& WLAN_FC_FROMDS
) {
538 sta_addr
= hdr
->addr1
;
542 sta_addr
= hdr
->addr2
;
543 peer_addr
= hdr
->addr1
;
546 bss
= bss_get(wt
, bssid
);
548 struct wlantest_sta
*sta
= sta_get(bss
, sta_addr
);
552 int tid
= qos
[0] & 0x0f;
553 if (fc
& WLAN_FC_TODS
)
558 if (fc
& WLAN_FC_TODS
)
566 rx_data_process(wt
, bssid
, sta_addr
, dst
, src
, data
, len
, 0,
572 static struct wlantest_tdls
* get_tdls(struct wlantest
*wt
, const u8
*bssid
,
576 struct wlantest_bss
*bss
;
577 struct wlantest_sta
*sta1
, *sta2
;
578 struct wlantest_tdls
*tdls
, *found
= NULL
;
580 bss
= bss_find(wt
, bssid
);
583 sta1
= sta_find(bss
, sta1_addr
);
586 sta2
= sta_find(bss
, sta2_addr
);
590 dl_list_for_each(tdls
, &bss
->tdls
, struct wlantest_tdls
, list
) {
591 if ((tdls
->init
== sta1
&& tdls
->resp
== sta2
) ||
592 (tdls
->init
== sta2
&& tdls
->resp
== sta1
)) {
603 static void add_direct_link(struct wlantest
*wt
, const u8
*bssid
,
604 const u8
*sta1_addr
, const u8
*sta2_addr
)
606 struct wlantest_tdls
*tdls
;
608 tdls
= get_tdls(wt
, bssid
, sta1_addr
, sta2_addr
);
613 tdls
->counters
[WLANTEST_TDLS_COUNTER_VALID_DIRECT_LINK
]++;
615 tdls
->counters
[WLANTEST_TDLS_COUNTER_INVALID_DIRECT_LINK
]++;
619 static void add_ap_path(struct wlantest
*wt
, const u8
*bssid
,
620 const u8
*sta1_addr
, const u8
*sta2_addr
)
622 struct wlantest_tdls
*tdls
;
624 tdls
= get_tdls(wt
, bssid
, sta1_addr
, sta2_addr
);
629 tdls
->counters
[WLANTEST_TDLS_COUNTER_INVALID_AP_PATH
]++;
631 tdls
->counters
[WLANTEST_TDLS_COUNTER_VALID_AP_PATH
]++;
635 void rx_data(struct wlantest
*wt
, const u8
*data
, size_t len
)
637 const struct ieee80211_hdr
*hdr
;
640 const u8
*qos
= NULL
;
645 hdr
= (const struct ieee80211_hdr
*) data
;
646 fc
= le_to_host16(hdr
->frame_control
);
647 stype
= WLAN_FC_GET_STYPE(fc
);
649 if ((fc
& (WLAN_FC_TODS
| WLAN_FC_FROMDS
)) ==
650 (WLAN_FC_TODS
| WLAN_FC_FROMDS
))
660 switch (fc
& (WLAN_FC_TODS
| WLAN_FC_FROMDS
)) {
662 wpa_printf(MSG_EXCESSIVE
, "DATA %s%s%s IBSS DA=" MACSTR
" SA="
663 MACSTR
" BSSID=" MACSTR
,
664 data_stype(WLAN_FC_GET_STYPE(fc
)),
665 fc
& WLAN_FC_PWRMGT
? " PwrMgt" : "",
666 fc
& WLAN_FC_ISWEP
? " Prot" : "",
667 MAC2STR(hdr
->addr1
), MAC2STR(hdr
->addr2
),
668 MAC2STR(hdr
->addr3
));
669 add_direct_link(wt
, hdr
->addr3
, hdr
->addr1
, hdr
->addr2
);
670 rx_data_bss(wt
, hdr
, hdrlen
, qos
, hdr
->addr1
, hdr
->addr2
,
671 data
+ hdrlen
, len
- hdrlen
);
674 wpa_printf(MSG_EXCESSIVE
, "DATA %s%s%s FromDS DA=" MACSTR
675 " BSSID=" MACSTR
" SA=" MACSTR
,
676 data_stype(WLAN_FC_GET_STYPE(fc
)),
677 fc
& WLAN_FC_PWRMGT
? " PwrMgt" : "",
678 fc
& WLAN_FC_ISWEP
? " Prot" : "",
679 MAC2STR(hdr
->addr1
), MAC2STR(hdr
->addr2
),
680 MAC2STR(hdr
->addr3
));
681 add_ap_path(wt
, hdr
->addr2
, hdr
->addr1
, hdr
->addr3
);
682 rx_data_bss(wt
, hdr
, hdrlen
, qos
, hdr
->addr1
, hdr
->addr3
,
683 data
+ hdrlen
, len
- hdrlen
);
686 wpa_printf(MSG_EXCESSIVE
, "DATA %s%s%s ToDS BSSID=" MACSTR
687 " SA=" MACSTR
" DA=" MACSTR
,
688 data_stype(WLAN_FC_GET_STYPE(fc
)),
689 fc
& WLAN_FC_PWRMGT
? " PwrMgt" : "",
690 fc
& WLAN_FC_ISWEP
? " Prot" : "",
691 MAC2STR(hdr
->addr1
), MAC2STR(hdr
->addr2
),
692 MAC2STR(hdr
->addr3
));
693 add_ap_path(wt
, hdr
->addr1
, hdr
->addr3
, hdr
->addr2
);
694 rx_data_bss(wt
, hdr
, hdrlen
, qos
, hdr
->addr3
, hdr
->addr2
,
695 data
+ hdrlen
, len
- hdrlen
);
697 case WLAN_FC_TODS
| WLAN_FC_FROMDS
:
698 wpa_printf(MSG_EXCESSIVE
, "DATA %s%s%s WDS RA=" MACSTR
" TA="
699 MACSTR
" DA=" MACSTR
" SA=" MACSTR
,
700 data_stype(WLAN_FC_GET_STYPE(fc
)),
701 fc
& WLAN_FC_PWRMGT
? " PwrMgt" : "",
702 fc
& WLAN_FC_ISWEP
? " Prot" : "",
703 MAC2STR(hdr
->addr1
), MAC2STR(hdr
->addr2
),
705 MAC2STR((const u8
*) (hdr
+ 1)));
706 rx_data_bss(wt
, hdr
, hdrlen
, qos
, hdr
->addr1
, hdr
->addr2
,
707 data
+ hdrlen
, len
- hdrlen
);