xref: /openwifi/user_space/inject_80211/radiotap.c (revision 51e498afbfbd6b85e15796b9929c691dd7654a6a) 
17273ec43Smmehari /*
27273ec43Smmehari  * Radiotap parser
37273ec43Smmehari  *
47273ec43Smmehari  * Copyright 2007		Andy Green <[email protected]>
5*51e498afSXianjun Jiao  * Copyright 2009		Johannes Berg <[email protected]>
6*51e498afSXianjun Jiao  *
7*51e498afSXianjun Jiao  * This program is free software; you can redistribute it and/or modify
8*51e498afSXianjun Jiao  * it under the terms of the GNU General Public License version 2 as
9*51e498afSXianjun Jiao  * published by the Free Software Foundation.
10*51e498afSXianjun Jiao  *
11*51e498afSXianjun Jiao  * Alternatively, this software may be distributed under the terms of BSD
12*51e498afSXianjun Jiao  * license.
13*51e498afSXianjun Jiao  *
14*51e498afSXianjun Jiao  * See COPYING for more details.
157273ec43Smmehari  */
167273ec43Smmehari 
17*51e498afSXianjun Jiao #include <linux/kernel.h>
18*51e498afSXianjun Jiao // #include <linux/export.h>
19*51e498afSXianjun Jiao // #include <net/cfg80211.h>
20*51e498afSXianjun Jiao // #include <net/ieee80211_radiotap.h>
21*51e498afSXianjun Jiao // #include <asm/unaligned.h>
22*51e498afSXianjun Jiao 
237273ec43Smmehari #include "inject_80211.h"
247273ec43Smmehari #include "radiotap.h"
25*51e498afSXianjun Jiao #include "unaligned.h"
26*51e498afSXianjun Jiao 
27*51e498afSXianjun Jiao // ----- from kernel, needed by ARRAY_SIZE from kernel.h
28*51e498afSXianjun Jiao /*
29*51e498afSXianjun Jiao  * Force a compilation error if condition is true, but also produce a
30*51e498afSXianjun Jiao  * result (of value 0 and type int), so the expression can be used
31*51e498afSXianjun Jiao  * e.g. in a structure initializer (or where-ever else comma expressions
32*51e498afSXianjun Jiao  * aren't permitted).
33*51e498afSXianjun Jiao  */
34*51e498afSXianjun Jiao #define BUILD_BUG_ON_ZERO(e) ((int)(sizeof(struct { int:(-!!(e)); })))
35*51e498afSXianjun Jiao 
36*51e498afSXianjun Jiao /* Are two types/vars the same type (ignoring qualifiers)? */
37*51e498afSXianjun Jiao #define __same_type(a, b) __builtin_types_compatible_p(typeof(a), typeof(b))
38*51e498afSXianjun Jiao 
39*51e498afSXianjun Jiao /* &a[0] degrades to a pointer: a different type from an array */
40*51e498afSXianjun Jiao #define __must_be_array(a)	BUILD_BUG_ON_ZERO(__same_type((a), &(a)[0]))
41*51e498afSXianjun Jiao 
42*51e498afSXianjun Jiao // ----- ARRAY_SIZE from kernel.h
43*51e498afSXianjun Jiao /**
44*51e498afSXianjun Jiao  * ARRAY_SIZE - get the number of elements in array @arr
45*51e498afSXianjun Jiao  * @arr: array to be sized
46*51e498afSXianjun Jiao  */
47*51e498afSXianjun Jiao #define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0]) + __must_be_array(arr))
48*51e498afSXianjun Jiao 
49*51e498afSXianjun Jiao // ----- radiotap_align_size
50*51e498afSXianjun Jiao // ----- ieee80211_radiotap_namespace
51*51e498afSXianjun Jiao // ----- ieee80211_radiotap_vendor_namespaces from cfg80211.h ----- //
52*51e498afSXianjun Jiao struct radiotap_align_size {
53*51e498afSXianjun Jiao 	uint8_t align:4, size:4;
54*51e498afSXianjun Jiao };
55*51e498afSXianjun Jiao 
56*51e498afSXianjun Jiao struct ieee80211_radiotap_namespace {
57*51e498afSXianjun Jiao 	const struct radiotap_align_size *align_size;
58*51e498afSXianjun Jiao 	int n_bits;
59*51e498afSXianjun Jiao 	uint32_t oui;
60*51e498afSXianjun Jiao 	uint8_t subns;
61*51e498afSXianjun Jiao };
62*51e498afSXianjun Jiao 
63*51e498afSXianjun Jiao struct ieee80211_radiotap_vendor_namespaces {
64*51e498afSXianjun Jiao 	const struct ieee80211_radiotap_namespace *ns;
65*51e498afSXianjun Jiao 	int n_ns;
66*51e498afSXianjun Jiao };
67*51e498afSXianjun Jiao // -------------------------------------------------------------------//
68*51e498afSXianjun Jiao 
69*51e498afSXianjun Jiao /* function prototypes and related defs are in include/net/cfg80211.h */
70*51e498afSXianjun Jiao 
71*51e498afSXianjun Jiao static const struct radiotap_align_size rtap_namespace_sizes[] = {
72*51e498afSXianjun Jiao 	[IEEE80211_RADIOTAP_TSFT] = { .align = 8, .size = 8, },
73*51e498afSXianjun Jiao 	[IEEE80211_RADIOTAP_FLAGS] = { .align = 1, .size = 1, },
74*51e498afSXianjun Jiao 	[IEEE80211_RADIOTAP_RATE] = { .align = 1, .size = 1, },
75*51e498afSXianjun Jiao 	[IEEE80211_RADIOTAP_CHANNEL] = { .align = 2, .size = 4, },
76*51e498afSXianjun Jiao 	[IEEE80211_RADIOTAP_FHSS] = { .align = 2, .size = 2, },
77*51e498afSXianjun Jiao 	[IEEE80211_RADIOTAP_DBM_ANTSIGNAL] = { .align = 1, .size = 1, },
78*51e498afSXianjun Jiao 	[IEEE80211_RADIOTAP_DBM_ANTNOISE] = { .align = 1, .size = 1, },
79*51e498afSXianjun Jiao 	[IEEE80211_RADIOTAP_LOCK_QUALITY] = { .align = 2, .size = 2, },
80*51e498afSXianjun Jiao 	[IEEE80211_RADIOTAP_TX_ATTENUATION] = { .align = 2, .size = 2, },
81*51e498afSXianjun Jiao 	[IEEE80211_RADIOTAP_DB_TX_ATTENUATION] = { .align = 2, .size = 2, },
82*51e498afSXianjun Jiao 	[IEEE80211_RADIOTAP_DBM_TX_POWER] = { .align = 1, .size = 1, },
83*51e498afSXianjun Jiao 	[IEEE80211_RADIOTAP_ANTENNA] = { .align = 1, .size = 1, },
84*51e498afSXianjun Jiao 	[IEEE80211_RADIOTAP_DB_ANTSIGNAL] = { .align = 1, .size = 1, },
85*51e498afSXianjun Jiao 	[IEEE80211_RADIOTAP_DB_ANTNOISE] = { .align = 1, .size = 1, },
86*51e498afSXianjun Jiao 	[IEEE80211_RADIOTAP_RX_FLAGS] = { .align = 2, .size = 2, },
87*51e498afSXianjun Jiao 	[IEEE80211_RADIOTAP_TX_FLAGS] = { .align = 2, .size = 2, },
88*51e498afSXianjun Jiao 	[IEEE80211_RADIOTAP_RTS_RETRIES] = { .align = 1, .size = 1, },
89*51e498afSXianjun Jiao 	[IEEE80211_RADIOTAP_DATA_RETRIES] = { .align = 1, .size = 1, },
90*51e498afSXianjun Jiao 	[IEEE80211_RADIOTAP_MCS] = { .align = 1, .size = 3, },
91*51e498afSXianjun Jiao 	[IEEE80211_RADIOTAP_AMPDU_STATUS] = { .align = 4, .size = 8, },
92*51e498afSXianjun Jiao 	[IEEE80211_RADIOTAP_VHT] = { .align = 2, .size = 12, },
93*51e498afSXianjun Jiao 	/*
94*51e498afSXianjun Jiao 	 * add more here as they are defined in radiotap.h
95*51e498afSXianjun Jiao 	 */
96*51e498afSXianjun Jiao };
97*51e498afSXianjun Jiao 
98*51e498afSXianjun Jiao static const struct ieee80211_radiotap_namespace radiotap_ns = {
99*51e498afSXianjun Jiao 	.n_bits = ARRAY_SIZE(rtap_namespace_sizes),
100*51e498afSXianjun Jiao 	.align_size = rtap_namespace_sizes,
101*51e498afSXianjun Jiao };
1027273ec43Smmehari 
1037273ec43Smmehari /**
1047273ec43Smmehari  * ieee80211_radiotap_iterator_init - radiotap parser iterator initialization
1057273ec43Smmehari  * @iterator: radiotap_iterator to initialize
1067273ec43Smmehari  * @radiotap_header: radiotap header to parse
1077273ec43Smmehari  * @max_length: total length we can parse into (eg, whole packet length)
108*51e498afSXianjun Jiao  * @vns: vendor namespaces to parse
1097273ec43Smmehari  *
1107273ec43Smmehari  * Returns: 0 or a negative error code if there is a problem.
1117273ec43Smmehari  *
1127273ec43Smmehari  * This function initializes an opaque iterator struct which can then
1137273ec43Smmehari  * be passed to ieee80211_radiotap_iterator_next() to visit every radiotap
1147273ec43Smmehari  * argument which is present in the header.  It knows about extended
1157273ec43Smmehari  * present headers and handles them.
1167273ec43Smmehari  *
1177273ec43Smmehari  * How to use:
1187273ec43Smmehari  * call __ieee80211_radiotap_iterator_init() to init a semi-opaque iterator
1197273ec43Smmehari  * struct ieee80211_radiotap_iterator (no need to init the struct beforehand)
1207273ec43Smmehari  * checking for a good 0 return code.  Then loop calling
1217273ec43Smmehari  * __ieee80211_radiotap_iterator_next()... it returns either 0,
1227273ec43Smmehari  * -ENOENT if there are no more args to parse, or -EINVAL if there is a problem.
1237273ec43Smmehari  * The iterator's @this_arg member points to the start of the argument
1247273ec43Smmehari  * associated with the current argument index that is present, which can be
1257273ec43Smmehari  * found in the iterator's @this_arg_index member.  This arg index corresponds
1267273ec43Smmehari  * to the IEEE80211_RADIOTAP_... defines.
1277273ec43Smmehari  *
1287273ec43Smmehari  * Radiotap header length:
1297273ec43Smmehari  * You can find the CPU-endian total radiotap header length in
1307273ec43Smmehari  * iterator->max_length after executing ieee80211_radiotap_iterator_init()
1317273ec43Smmehari  * successfully.
1327273ec43Smmehari  *
133*51e498afSXianjun Jiao  * Alignment Gotcha:
134*51e498afSXianjun Jiao  * You must take care when dereferencing iterator.this_arg
135*51e498afSXianjun Jiao  * for multibyte types... the pointer is not aligned.  Use
136*51e498afSXianjun Jiao  * get_unaligned((type *)iterator.this_arg) to dereference
137*51e498afSXianjun Jiao  * iterator.this_arg for type "type" safely on all arches.
138*51e498afSXianjun Jiao  *
1397273ec43Smmehari  * Example code:
140*51e498afSXianjun Jiao  * See Documentation/networking/radiotap-headers.rst
1417273ec43Smmehari  */
1427273ec43Smmehari 
ieee80211_radiotap_iterator_init(struct ieee80211_radiotap_iterator * iterator,struct ieee80211_radiotap_header * radiotap_header,int max_length,const struct ieee80211_radiotap_vendor_namespaces * vns)1437273ec43Smmehari int ieee80211_radiotap_iterator_init(
1447273ec43Smmehari 	struct ieee80211_radiotap_iterator *iterator,
1457273ec43Smmehari 	struct ieee80211_radiotap_header *radiotap_header,
146*51e498afSXianjun Jiao 	int max_length, const struct ieee80211_radiotap_vendor_namespaces *vns)
1477273ec43Smmehari {
148*51e498afSXianjun Jiao 	/* check the radiotap header can actually be present */
149*51e498afSXianjun Jiao 	if (max_length < sizeof(struct ieee80211_radiotap_header))
150*51e498afSXianjun Jiao 		return -EINVAL;
151*51e498afSXianjun Jiao 
1527273ec43Smmehari 	/* Linux only supports version 0 radiotap format */
1537273ec43Smmehari 	if (radiotap_header->it_version)
1547273ec43Smmehari 		return -EINVAL;
1557273ec43Smmehari 
1567273ec43Smmehari 	/* sanity check for allowed length and radiotap length field */
157*51e498afSXianjun Jiao 	if (max_length < get_unaligned_le16(&radiotap_header->it_len))
1587273ec43Smmehari 		return -EINVAL;
1597273ec43Smmehari 
160*51e498afSXianjun Jiao 	iterator->_rtheader = radiotap_header;
161*51e498afSXianjun Jiao 	iterator->_max_length = get_unaligned_le16(&radiotap_header->it_len);
162*51e498afSXianjun Jiao 	iterator->_arg_index = 0;
163*51e498afSXianjun Jiao 	// iterator->_bitmap_shifter = get_unaligned_le32(&radiotap_header->it_present);
164*51e498afSXianjun Jiao   iterator->_bitmap_shifter = (uint32_t)le32_to_cpu(radiotap_header->it_present);
165*51e498afSXianjun Jiao 	iterator->_arg = (uint8_t *)radiotap_header + sizeof(*radiotap_header);
166*51e498afSXianjun Jiao 	iterator->_reset_on_ext = 0;
167*51e498afSXianjun Jiao 	iterator->_next_bitmap = &radiotap_header->it_present;
168*51e498afSXianjun Jiao 	iterator->_next_bitmap++;
169*51e498afSXianjun Jiao 	iterator->_vns = vns;
170*51e498afSXianjun Jiao 	iterator->current_namespace = &radiotap_ns;
171*51e498afSXianjun Jiao 	iterator->is_radiotap_ns = 1;
1727273ec43Smmehari 
1737273ec43Smmehari 	/* find payload start allowing for extended bitmap(s) */
1747273ec43Smmehari 
175*51e498afSXianjun Jiao 	if (iterator->_bitmap_shifter & (1<<IEEE80211_RADIOTAP_EXT)) {
176*51e498afSXianjun Jiao 		if ((unsigned long)iterator->_arg -
177*51e498afSXianjun Jiao 		    (unsigned long)iterator->_rtheader + sizeof(uint32_t) >
178*51e498afSXianjun Jiao 		    (unsigned long)iterator->_max_length)
179*51e498afSXianjun Jiao 			return -EINVAL;
180*51e498afSXianjun Jiao 		// while (get_unaligned_le32(iterator->_arg) &
181*51e498afSXianjun Jiao       while (le32_to_cpu(*((u32 *)iterator->_arg)) &
1827273ec43Smmehari 					(1 << IEEE80211_RADIOTAP_EXT)) {
183*51e498afSXianjun Jiao 			iterator->_arg += sizeof(uint32_t);
1847273ec43Smmehari 
1857273ec43Smmehari 			/*
1867273ec43Smmehari 			 * check for insanity where the present bitmaps
1877273ec43Smmehari 			 * keep claiming to extend up to or even beyond the
1887273ec43Smmehari 			 * stated radiotap header length
1897273ec43Smmehari 			 */
1907273ec43Smmehari 
191*51e498afSXianjun Jiao 			if ((unsigned long)iterator->_arg -
192*51e498afSXianjun Jiao 			    (unsigned long)iterator->_rtheader +
193*51e498afSXianjun Jiao 			    sizeof(uint32_t) >
194*51e498afSXianjun Jiao 			    (unsigned long)iterator->_max_length)
1957273ec43Smmehari 				return -EINVAL;
1967273ec43Smmehari 		}
1977273ec43Smmehari 
198*51e498afSXianjun Jiao 		iterator->_arg += sizeof(uint32_t);
1997273ec43Smmehari 
2007273ec43Smmehari 		/*
2017273ec43Smmehari 		 * no need to check again for blowing past stated radiotap
2027273ec43Smmehari 		 * header length, because ieee80211_radiotap_iterator_next
2037273ec43Smmehari 		 * checks it before it is dereferenced
2047273ec43Smmehari 		 */
2057273ec43Smmehari 	}
2067273ec43Smmehari 
207*51e498afSXianjun Jiao 	iterator->this_arg = iterator->_arg;
208*51e498afSXianjun Jiao 
2097273ec43Smmehari 	/* we are all initialized happily */
2107273ec43Smmehari 
2117273ec43Smmehari 	return 0;
2127273ec43Smmehari }
213*51e498afSXianjun Jiao // EXPORT_SYMBOL(ieee80211_radiotap_iterator_init);
214*51e498afSXianjun Jiao 
find_ns(struct ieee80211_radiotap_iterator * iterator,uint32_t oui,uint8_t subns)215*51e498afSXianjun Jiao static void find_ns(struct ieee80211_radiotap_iterator *iterator,
216*51e498afSXianjun Jiao 		    uint32_t oui, uint8_t subns)
217*51e498afSXianjun Jiao {
218*51e498afSXianjun Jiao 	int i;
219*51e498afSXianjun Jiao 
220*51e498afSXianjun Jiao 	iterator->current_namespace = NULL;
221*51e498afSXianjun Jiao 
222*51e498afSXianjun Jiao 	if (!iterator->_vns)
223*51e498afSXianjun Jiao 		return;
224*51e498afSXianjun Jiao 
225*51e498afSXianjun Jiao 	for (i = 0; i < iterator->_vns->n_ns; i++) {
226*51e498afSXianjun Jiao 		if (iterator->_vns->ns[i].oui != oui)
227*51e498afSXianjun Jiao 			continue;
228*51e498afSXianjun Jiao 		if (iterator->_vns->ns[i].subns != subns)
229*51e498afSXianjun Jiao 			continue;
230*51e498afSXianjun Jiao 
231*51e498afSXianjun Jiao 		iterator->current_namespace = &iterator->_vns->ns[i];
232*51e498afSXianjun Jiao 		break;
233*51e498afSXianjun Jiao 	}
234*51e498afSXianjun Jiao }
235*51e498afSXianjun Jiao 
2367273ec43Smmehari 
2377273ec43Smmehari 
2387273ec43Smmehari /**
2397273ec43Smmehari  * ieee80211_radiotap_iterator_next - return next radiotap parser iterator arg
2407273ec43Smmehari  * @iterator: radiotap_iterator to move to next arg (if any)
2417273ec43Smmehari  *
2427273ec43Smmehari  * Returns: 0 if there is an argument to handle,
2437273ec43Smmehari  * -ENOENT if there are no more args or -EINVAL
2447273ec43Smmehari  * if there is something else wrong.
2457273ec43Smmehari  *
2467273ec43Smmehari  * This function provides the next radiotap arg index (IEEE80211_RADIOTAP_*)
2477273ec43Smmehari  * in @this_arg_index and sets @this_arg to point to the
2487273ec43Smmehari  * payload for the field.  It takes care of alignment handling and extended
2497273ec43Smmehari  * present fields.  @this_arg can be changed by the caller (eg,
2507273ec43Smmehari  * incremented to move inside a compound argument like
2517273ec43Smmehari  * IEEE80211_RADIOTAP_CHANNEL).  The args pointed to are in
252*51e498afSXianjun Jiao  * little-endian format whatever the endianess of your CPU.
253*51e498afSXianjun Jiao  *
254*51e498afSXianjun Jiao  * Alignment Gotcha:
255*51e498afSXianjun Jiao  * You must take care when dereferencing iterator.this_arg
256*51e498afSXianjun Jiao  * for multibyte types... the pointer is not aligned.  Use
257*51e498afSXianjun Jiao  * get_unaligned((type *)iterator.this_arg) to dereference
258*51e498afSXianjun Jiao  * iterator.this_arg for type "type" safely on all arches.
2597273ec43Smmehari  */
2607273ec43Smmehari 
ieee80211_radiotap_iterator_next(struct ieee80211_radiotap_iterator * iterator)2617273ec43Smmehari int ieee80211_radiotap_iterator_next(
2627273ec43Smmehari 	struct ieee80211_radiotap_iterator *iterator)
2637273ec43Smmehari {
264*51e498afSXianjun Jiao 	while (1) {
2657273ec43Smmehari 		int hit = 0;
266*51e498afSXianjun Jiao 		int pad, align, size, subns;
267*51e498afSXianjun Jiao 		uint32_t oui;
2687273ec43Smmehari 
269*51e498afSXianjun Jiao 		/* if no more EXT bits, that's it */
270*51e498afSXianjun Jiao 		if ((iterator->_arg_index % 32) == IEEE80211_RADIOTAP_EXT &&
271*51e498afSXianjun Jiao 		    !(iterator->_bitmap_shifter & 1))
272*51e498afSXianjun Jiao 			return -ENOENT;
273*51e498afSXianjun Jiao 
274*51e498afSXianjun Jiao 		if (!(iterator->_bitmap_shifter & 1))
2757273ec43Smmehari 			goto next_entry; /* arg not present */
2767273ec43Smmehari 
277*51e498afSXianjun Jiao 		/* get alignment/size of data */
278*51e498afSXianjun Jiao 		switch (iterator->_arg_index % 32) {
279*51e498afSXianjun Jiao 		case IEEE80211_RADIOTAP_RADIOTAP_NAMESPACE:
280*51e498afSXianjun Jiao 		case IEEE80211_RADIOTAP_EXT:
281*51e498afSXianjun Jiao 			align = 1;
282*51e498afSXianjun Jiao 			size = 0;
283*51e498afSXianjun Jiao 			break;
284*51e498afSXianjun Jiao 		case IEEE80211_RADIOTAP_VENDOR_NAMESPACE:
285*51e498afSXianjun Jiao 			align = 2;
286*51e498afSXianjun Jiao 			size = 6;
287*51e498afSXianjun Jiao 			break;
288*51e498afSXianjun Jiao 		default:
289*51e498afSXianjun Jiao 			if (!iterator->current_namespace ||
290*51e498afSXianjun Jiao 			    iterator->_arg_index >= iterator->current_namespace->n_bits) {
291*51e498afSXianjun Jiao 				if (iterator->current_namespace == &radiotap_ns)
292*51e498afSXianjun Jiao 					return -ENOENT;
293*51e498afSXianjun Jiao 				align = 0;
294*51e498afSXianjun Jiao 			} else {
295*51e498afSXianjun Jiao 				align = iterator->current_namespace->align_size[iterator->_arg_index].align;
296*51e498afSXianjun Jiao 				size = iterator->current_namespace->align_size[iterator->_arg_index].size;
297*51e498afSXianjun Jiao 			}
298*51e498afSXianjun Jiao 			if (!align) {
299*51e498afSXianjun Jiao 				/* skip all subsequent data */
300*51e498afSXianjun Jiao 				iterator->_arg = iterator->_next_ns_data;
301*51e498afSXianjun Jiao 				/* give up on this namespace */
302*51e498afSXianjun Jiao 				iterator->current_namespace = NULL;
303*51e498afSXianjun Jiao 				goto next_entry;
304*51e498afSXianjun Jiao 			}
305*51e498afSXianjun Jiao 			break;
306*51e498afSXianjun Jiao 		}
307*51e498afSXianjun Jiao 
3087273ec43Smmehari 		/*
3097273ec43Smmehari 		 * arg is present, account for alignment padding
3107273ec43Smmehari 		 *
311*51e498afSXianjun Jiao 		 * Note that these alignments are relative to the start
312*51e498afSXianjun Jiao 		 * of the radiotap header.  There is no guarantee
3137273ec43Smmehari 		 * that the radiotap header itself is aligned on any
3147273ec43Smmehari 		 * kind of boundary.
315*51e498afSXianjun Jiao 		 *
316*51e498afSXianjun Jiao 		 * The above is why get_unaligned() is used to dereference
317*51e498afSXianjun Jiao 		 * multibyte elements from the radiotap area.
3187273ec43Smmehari 		 */
3197273ec43Smmehari 
320*51e498afSXianjun Jiao 		pad = ((unsigned long)iterator->_arg -
321*51e498afSXianjun Jiao 		       (unsigned long)iterator->_rtheader) & (align - 1);
3227273ec43Smmehari 
3237273ec43Smmehari 		if (pad)
324*51e498afSXianjun Jiao 			iterator->_arg += align - pad;
325*51e498afSXianjun Jiao 
326*51e498afSXianjun Jiao 		if (iterator->_arg_index % 32 == IEEE80211_RADIOTAP_VENDOR_NAMESPACE) {
327*51e498afSXianjun Jiao 			int vnslen;
328*51e498afSXianjun Jiao 
329*51e498afSXianjun Jiao 			if ((unsigned long)iterator->_arg + size -
330*51e498afSXianjun Jiao 			    (unsigned long)iterator->_rtheader >
331*51e498afSXianjun Jiao 			    (unsigned long)iterator->_max_length)
332*51e498afSXianjun Jiao 				return -EINVAL;
333*51e498afSXianjun Jiao 
334*51e498afSXianjun Jiao 			oui = (*iterator->_arg << 16) |
335*51e498afSXianjun Jiao 				(*(iterator->_arg + 1) << 8) |
336*51e498afSXianjun Jiao 				*(iterator->_arg + 2);
337*51e498afSXianjun Jiao 			subns = *(iterator->_arg + 3);
338*51e498afSXianjun Jiao 
339*51e498afSXianjun Jiao 			find_ns(iterator, oui, subns);
340*51e498afSXianjun Jiao 
341*51e498afSXianjun Jiao 			vnslen = get_unaligned_le16(iterator->_arg + 4);
342*51e498afSXianjun Jiao 			iterator->_next_ns_data = iterator->_arg + size + vnslen;
343*51e498afSXianjun Jiao 			if (!iterator->current_namespace)
344*51e498afSXianjun Jiao 				size += vnslen;
345*51e498afSXianjun Jiao 		}
3467273ec43Smmehari 
3477273ec43Smmehari 		/*
3487273ec43Smmehari 		 * this is what we will return to user, but we need to
3497273ec43Smmehari 		 * move on first so next call has something fresh to test
3507273ec43Smmehari 		 */
351*51e498afSXianjun Jiao 		iterator->this_arg_index = iterator->_arg_index;
352*51e498afSXianjun Jiao 		iterator->this_arg = iterator->_arg;
353*51e498afSXianjun Jiao 		iterator->this_arg_size = size;
3547273ec43Smmehari 
3557273ec43Smmehari 		/* internally move on the size of this arg */
356*51e498afSXianjun Jiao 		iterator->_arg += size;
3577273ec43Smmehari 
3587273ec43Smmehari 		/*
3597273ec43Smmehari 		 * check for insanity where we are given a bitmap that
3607273ec43Smmehari 		 * claims to have more arg content than the length of the
3617273ec43Smmehari 		 * radiotap section.  We will normally end up equalling this
3627273ec43Smmehari 		 * max_length on the last arg, never exceeding it.
3637273ec43Smmehari 		 */
3647273ec43Smmehari 
365*51e498afSXianjun Jiao 		if ((unsigned long)iterator->_arg -
366*51e498afSXianjun Jiao 		    (unsigned long)iterator->_rtheader >
367*51e498afSXianjun Jiao 		    (unsigned long)iterator->_max_length)
3687273ec43Smmehari 			return -EINVAL;
3697273ec43Smmehari 
370*51e498afSXianjun Jiao 		/* these special ones are valid in each bitmap word */
371*51e498afSXianjun Jiao 		switch (iterator->_arg_index % 32) {
372*51e498afSXianjun Jiao 		case IEEE80211_RADIOTAP_VENDOR_NAMESPACE:
373*51e498afSXianjun Jiao 			iterator->_reset_on_ext = 1;
374*51e498afSXianjun Jiao 
375*51e498afSXianjun Jiao 			iterator->is_radiotap_ns = 0;
376*51e498afSXianjun Jiao 			/*
377*51e498afSXianjun Jiao 			 * If parser didn't register this vendor
378*51e498afSXianjun Jiao 			 * namespace with us, allow it to show it
379*51e498afSXianjun Jiao 			 * as 'raw. Do do that, set argument index
380*51e498afSXianjun Jiao 			 * to vendor namespace.
381*51e498afSXianjun Jiao 			 */
382*51e498afSXianjun Jiao 			iterator->this_arg_index =
383*51e498afSXianjun Jiao 				IEEE80211_RADIOTAP_VENDOR_NAMESPACE;
384*51e498afSXianjun Jiao 			if (!iterator->current_namespace)
385*51e498afSXianjun Jiao 				hit = 1;
386*51e498afSXianjun Jiao 			goto next_entry;
387*51e498afSXianjun Jiao 		case IEEE80211_RADIOTAP_RADIOTAP_NAMESPACE:
388*51e498afSXianjun Jiao 			iterator->_reset_on_ext = 1;
389*51e498afSXianjun Jiao 			iterator->current_namespace = &radiotap_ns;
390*51e498afSXianjun Jiao 			iterator->is_radiotap_ns = 1;
391*51e498afSXianjun Jiao 			goto next_entry;
392*51e498afSXianjun Jiao 		case IEEE80211_RADIOTAP_EXT:
393*51e498afSXianjun Jiao 			/*
394*51e498afSXianjun Jiao 			 * bit 31 was set, there is more
395*51e498afSXianjun Jiao 			 * -- move to next u32 bitmap
396*51e498afSXianjun Jiao 			 */
397*51e498afSXianjun Jiao 			iterator->_bitmap_shifter =
398*51e498afSXianjun Jiao 				// get_unaligned_le32(iterator->_next_bitmap);
399*51e498afSXianjun Jiao         le32_to_cpu(*iterator->_next_bitmap);
400*51e498afSXianjun Jiao 			iterator->_next_bitmap++;
401*51e498afSXianjun Jiao 			if (iterator->_reset_on_ext)
402*51e498afSXianjun Jiao 				iterator->_arg_index = 0;
403*51e498afSXianjun Jiao 			else
404*51e498afSXianjun Jiao 				iterator->_arg_index++;
405*51e498afSXianjun Jiao 			iterator->_reset_on_ext = 0;
406*51e498afSXianjun Jiao 			break;
407*51e498afSXianjun Jiao 		default:
408*51e498afSXianjun Jiao 			/* we've got a hit! */
409*51e498afSXianjun Jiao 			hit = 1;
4107273ec43Smmehari  next_entry:
411*51e498afSXianjun Jiao 			iterator->_bitmap_shifter >>= 1;
412*51e498afSXianjun Jiao 			iterator->_arg_index++;
4137273ec43Smmehari 		}
4147273ec43Smmehari 
4157273ec43Smmehari 		/* if we found a valid arg earlier, return it now */
4167273ec43Smmehari 		if (hit)
4177273ec43Smmehari 			return 0;
4187273ec43Smmehari 	}
4197273ec43Smmehari }
420*51e498afSXianjun Jiao // EXPORT_SYMBOL(ieee80211_radiotap_iterator_next);
421