tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
1/*
2 * BSS client mode implementation
3 * Copyright 2003, Jouni Malinen <jkmaline@cc.hut.fi>
4 * Copyright 2004, Instant802 Networks, Inc.
5 * Copyright 2005, Devicescape Software, Inc.
6 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
7 * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License version 2 as
11 * published by the Free Software Foundation.
12 */
13
14/* TODO:
15 * order BSS list by RSSI(?) ("quality of AP")
16 * scan result table filtering (by capability (privacy, IBSS/BSS, WPA/RSN IE,
17 * SSID)
18 */
19#include <linux/delay.h>
20#include <linux/if_ether.h>
21#include <linux/skbuff.h>
22#include <linux/netdevice.h>
23#include <linux/if_arp.h>
24#include <linux/wireless.h>
25#include <linux/random.h>
26#include <linux/etherdevice.h>
27#include <net/iw_handler.h>
28#include <asm/types.h>
29
30#include <net/mac80211.h>
31#include "ieee80211_i.h"
32#include "ieee80211_rate.h"
33#include "ieee80211_led.h"
34
35#define IEEE80211_AUTH_TIMEOUT (HZ / 5)
36#define IEEE80211_AUTH_MAX_TRIES 3
37#define IEEE80211_ASSOC_TIMEOUT (HZ / 5)
38#define IEEE80211_ASSOC_MAX_TRIES 3
39#define IEEE80211_MONITORING_INTERVAL (2 * HZ)
40#define IEEE80211_PROBE_INTERVAL (60 * HZ)
41#define IEEE80211_RETRY_AUTH_INTERVAL (1 * HZ)
42#define IEEE80211_SCAN_INTERVAL (2 * HZ)
43#define IEEE80211_SCAN_INTERVAL_SLOW (15 * HZ)
44#define IEEE80211_IBSS_JOIN_TIMEOUT (20 * HZ)
45
46#define IEEE80211_PROBE_DELAY (HZ / 33)
47#define IEEE80211_CHANNEL_TIME (HZ / 33)
48#define IEEE80211_PASSIVE_CHANNEL_TIME (HZ / 5)
49#define IEEE80211_SCAN_RESULT_EXPIRE (10 * HZ)
50#define IEEE80211_IBSS_MERGE_INTERVAL (30 * HZ)
51#define IEEE80211_IBSS_INACTIVITY_LIMIT (60 * HZ)
52
53#define IEEE80211_IBSS_MAX_STA_ENTRIES 128
54
55
56#define IEEE80211_FC(type, stype) cpu_to_le16(type | stype)
57
58#define ERP_INFO_USE_PROTECTION BIT(1)
59
60/* mgmt header + 1 byte action code */
61#define IEEE80211_MIN_ACTION_SIZE (24 + 1)
62
63#define IEEE80211_ADDBA_PARAM_POLICY_MASK 0x0002
64#define IEEE80211_ADDBA_PARAM_TID_MASK 0x003C
65#define IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK 0xFFA0
66#define IEEE80211_DELBA_PARAM_TID_MASK 0xF000
67#define IEEE80211_DELBA_PARAM_INITIATOR_MASK 0x0800
68
69/* next values represent the buffer size for A-MPDU frame.
70 * According to IEEE802.11n spec size varies from 8K to 64K (in powers of 2) */
71#define IEEE80211_MIN_AMPDU_BUF 0x8
72#define IEEE80211_MAX_AMPDU_BUF 0x40
73
74static void ieee80211_send_probe_req(struct net_device *dev, u8 *dst,
75 u8 *ssid, size_t ssid_len);
76static struct ieee80211_sta_bss *
77ieee80211_rx_bss_get(struct net_device *dev, u8 *bssid, int channel,
78 u8 *ssid, u8 ssid_len);
79static void ieee80211_rx_bss_put(struct net_device *dev,
80 struct ieee80211_sta_bss *bss);
81static int ieee80211_sta_find_ibss(struct net_device *dev,
82 struct ieee80211_if_sta *ifsta);
83static int ieee80211_sta_wep_configured(struct net_device *dev);
84static int ieee80211_sta_start_scan(struct net_device *dev,
85 u8 *ssid, size_t ssid_len);
86static int ieee80211_sta_config_auth(struct net_device *dev,
87 struct ieee80211_if_sta *ifsta);
88
89
90/* Parsed Information Elements */
91struct ieee802_11_elems {
92 /* pointers to IEs */
93 u8 *ssid;
94 u8 *supp_rates;
95 u8 *fh_params;
96 u8 *ds_params;
97 u8 *cf_params;
98 u8 *tim;
99 u8 *ibss_params;
100 u8 *challenge;
101 u8 *wpa;
102 u8 *rsn;
103 u8 *erp_info;
104 u8 *ext_supp_rates;
105 u8 *wmm_info;
106 u8 *wmm_param;
107 u8 *ht_cap_elem;
108 u8 *ht_info_elem;
109 /* length of them, respectively */
110 u8 ssid_len;
111 u8 supp_rates_len;
112 u8 fh_params_len;
113 u8 ds_params_len;
114 u8 cf_params_len;
115 u8 tim_len;
116 u8 ibss_params_len;
117 u8 challenge_len;
118 u8 wpa_len;
119 u8 rsn_len;
120 u8 erp_info_len;
121 u8 ext_supp_rates_len;
122 u8 wmm_info_len;
123 u8 wmm_param_len;
124 u8 ht_cap_elem_len;
125 u8 ht_info_elem_len;
126};
127
128static void ieee802_11_parse_elems(u8 *start, size_t len,
129 struct ieee802_11_elems *elems)
130{
131 size_t left = len;
132 u8 *pos = start;
133
134 memset(elems, 0, sizeof(*elems));
135
136 while (left >= 2) {
137 u8 id, elen;
138
139 id = *pos++;
140 elen = *pos++;
141 left -= 2;
142
143 if (elen > left)
144 return;
145
146 switch (id) {
147 case WLAN_EID_SSID:
148 elems->ssid = pos;
149 elems->ssid_len = elen;
150 break;
151 case WLAN_EID_SUPP_RATES:
152 elems->supp_rates = pos;
153 elems->supp_rates_len = elen;
154 break;
155 case WLAN_EID_FH_PARAMS:
156 elems->fh_params = pos;
157 elems->fh_params_len = elen;
158 break;
159 case WLAN_EID_DS_PARAMS:
160 elems->ds_params = pos;
161 elems->ds_params_len = elen;
162 break;
163 case WLAN_EID_CF_PARAMS:
164 elems->cf_params = pos;
165 elems->cf_params_len = elen;
166 break;
167 case WLAN_EID_TIM:
168 elems->tim = pos;
169 elems->tim_len = elen;
170 break;
171 case WLAN_EID_IBSS_PARAMS:
172 elems->ibss_params = pos;
173 elems->ibss_params_len = elen;
174 break;
175 case WLAN_EID_CHALLENGE:
176 elems->challenge = pos;
177 elems->challenge_len = elen;
178 break;
179 case WLAN_EID_WPA:
180 if (elen >= 4 && pos[0] == 0x00 && pos[1] == 0x50 &&
181 pos[2] == 0xf2) {
182 /* Microsoft OUI (00:50:F2) */
183 if (pos[3] == 1) {
184 /* OUI Type 1 - WPA IE */
185 elems->wpa = pos;
186 elems->wpa_len = elen;
187 } else if (elen >= 5 && pos[3] == 2) {
188 if (pos[4] == 0) {
189 elems->wmm_info = pos;
190 elems->wmm_info_len = elen;
191 } else if (pos[4] == 1) {
192 elems->wmm_param = pos;
193 elems->wmm_param_len = elen;
194 }
195 }
196 }
197 break;
198 case WLAN_EID_RSN:
199 elems->rsn = pos;
200 elems->rsn_len = elen;
201 break;
202 case WLAN_EID_ERP_INFO:
203 elems->erp_info = pos;
204 elems->erp_info_len = elen;
205 break;
206 case WLAN_EID_EXT_SUPP_RATES:
207 elems->ext_supp_rates = pos;
208 elems->ext_supp_rates_len = elen;
209 break;
210 case WLAN_EID_HT_CAPABILITY:
211 elems->ht_cap_elem = pos;
212 elems->ht_cap_elem_len = elen;
213 break;
214 case WLAN_EID_HT_EXTRA_INFO:
215 elems->ht_info_elem = pos;
216 elems->ht_info_elem_len = elen;
217 break;
218 default:
219 break;
220 }
221
222 left -= elen;
223 pos += elen;
224 }
225}
226
227
228static int ecw2cw(int ecw)
229{
230 int cw = 1;
231 while (ecw > 0) {
232 cw <<= 1;
233 ecw--;
234 }
235 return cw - 1;
236}
237
238static void ieee80211_sta_wmm_params(struct net_device *dev,
239 struct ieee80211_if_sta *ifsta,
240 u8 *wmm_param, size_t wmm_param_len)
241{
242 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
243 struct ieee80211_tx_queue_params params;
244 size_t left;
245 int count;
246 u8 *pos;
247
248 if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1)
249 return;
250 count = wmm_param[6] & 0x0f;
251 if (count == ifsta->wmm_last_param_set)
252 return;
253 ifsta->wmm_last_param_set = count;
254
255 pos = wmm_param + 8;
256 left = wmm_param_len - 8;
257
258 memset(¶ms, 0, sizeof(params));
259
260 if (!local->ops->conf_tx)
261 return;
262
263 local->wmm_acm = 0;
264 for (; left >= 4; left -= 4, pos += 4) {
265 int aci = (pos[0] >> 5) & 0x03;
266 int acm = (pos[0] >> 4) & 0x01;
267 int queue;
268
269 switch (aci) {
270 case 1:
271 queue = IEEE80211_TX_QUEUE_DATA3;
272 if (acm) {
273 local->wmm_acm |= BIT(0) | BIT(3);
274 }
275 break;
276 case 2:
277 queue = IEEE80211_TX_QUEUE_DATA1;
278 if (acm) {
279 local->wmm_acm |= BIT(4) | BIT(5);
280 }
281 break;
282 case 3:
283 queue = IEEE80211_TX_QUEUE_DATA0;
284 if (acm) {
285 local->wmm_acm |= BIT(6) | BIT(7);
286 }
287 break;
288 case 0:
289 default:
290 queue = IEEE80211_TX_QUEUE_DATA2;
291 if (acm) {
292 local->wmm_acm |= BIT(1) | BIT(2);
293 }
294 break;
295 }
296
297 params.aifs = pos[0] & 0x0f;
298 params.cw_max = ecw2cw((pos[1] & 0xf0) >> 4);
299 params.cw_min = ecw2cw(pos[1] & 0x0f);
300 /* TXOP is in units of 32 usec; burst_time in 0.1 ms */
301 params.burst_time = (pos[2] | (pos[3] << 8)) * 32 / 100;
302 printk(KERN_DEBUG "%s: WMM queue=%d aci=%d acm=%d aifs=%d "
303 "cWmin=%d cWmax=%d burst=%d\n",
304 dev->name, queue, aci, acm, params.aifs, params.cw_min,
305 params.cw_max, params.burst_time);
306 /* TODO: handle ACM (block TX, fallback to next lowest allowed
307 * AC for now) */
308 if (local->ops->conf_tx(local_to_hw(local), queue, ¶ms)) {
309 printk(KERN_DEBUG "%s: failed to set TX queue "
310 "parameters for queue %d\n", dev->name, queue);
311 }
312 }
313}
314
315
316static u32 ieee80211_handle_erp_ie(struct ieee80211_sub_if_data *sdata,
317 u8 erp_value)
318{
319 struct ieee80211_bss_conf *bss_conf = &sdata->bss_conf;
320 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
321 bool use_protection = (erp_value & WLAN_ERP_USE_PROTECTION) != 0;
322 bool preamble_mode = (erp_value & WLAN_ERP_BARKER_PREAMBLE) != 0;
323 DECLARE_MAC_BUF(mac);
324 u32 changed = 0;
325
326 if (use_protection != bss_conf->use_cts_prot) {
327 if (net_ratelimit()) {
328 printk(KERN_DEBUG "%s: CTS protection %s (BSSID="
329 "%s)\n",
330 sdata->dev->name,
331 use_protection ? "enabled" : "disabled",
332 print_mac(mac, ifsta->bssid));
333 }
334 bss_conf->use_cts_prot = use_protection;
335 changed |= BSS_CHANGED_ERP_CTS_PROT;
336 }
337
338 if (preamble_mode != bss_conf->use_short_preamble) {
339 if (net_ratelimit()) {
340 printk(KERN_DEBUG "%s: switched to %s barker preamble"
341 " (BSSID=%s)\n",
342 sdata->dev->name,
343 (preamble_mode == WLAN_ERP_PREAMBLE_SHORT) ?
344 "short" : "long",
345 print_mac(mac, ifsta->bssid));
346 }
347 bss_conf->use_short_preamble = preamble_mode;
348 changed |= BSS_CHANGED_ERP_PREAMBLE;
349 }
350
351 return changed;
352}
353
354int ieee80211_ht_cap_ie_to_ht_info(struct ieee80211_ht_cap *ht_cap_ie,
355 struct ieee80211_ht_info *ht_info)
356{
357
358 if (ht_info == NULL)
359 return -EINVAL;
360
361 memset(ht_info, 0, sizeof(*ht_info));
362
363 if (ht_cap_ie) {
364 u8 ampdu_info = ht_cap_ie->ampdu_params_info;
365
366 ht_info->ht_supported = 1;
367 ht_info->cap = le16_to_cpu(ht_cap_ie->cap_info);
368 ht_info->ampdu_factor =
369 ampdu_info & IEEE80211_HT_CAP_AMPDU_FACTOR;
370 ht_info->ampdu_density =
371 (ampdu_info & IEEE80211_HT_CAP_AMPDU_DENSITY) >> 2;
372 memcpy(ht_info->supp_mcs_set, ht_cap_ie->supp_mcs_set, 16);
373 } else
374 ht_info->ht_supported = 0;
375
376 return 0;
377}
378
379int ieee80211_ht_addt_info_ie_to_ht_bss_info(
380 struct ieee80211_ht_addt_info *ht_add_info_ie,
381 struct ieee80211_ht_bss_info *bss_info)
382{
383 if (bss_info == NULL)
384 return -EINVAL;
385
386 memset(bss_info, 0, sizeof(*bss_info));
387
388 if (ht_add_info_ie) {
389 u16 op_mode;
390 op_mode = le16_to_cpu(ht_add_info_ie->operation_mode);
391
392 bss_info->primary_channel = ht_add_info_ie->control_chan;
393 bss_info->bss_cap = ht_add_info_ie->ht_param;
394 bss_info->bss_op_mode = (u8)(op_mode & 0xff);
395 }
396
397 return 0;
398}
399
400static void ieee80211_sta_send_associnfo(struct net_device *dev,
401 struct ieee80211_if_sta *ifsta)
402{
403 char *buf;
404 size_t len;
405 int i;
406 union iwreq_data wrqu;
407
408 if (!ifsta->assocreq_ies && !ifsta->assocresp_ies)
409 return;
410
411 buf = kmalloc(50 + 2 * (ifsta->assocreq_ies_len +
412 ifsta->assocresp_ies_len), GFP_KERNEL);
413 if (!buf)
414 return;
415
416 len = sprintf(buf, "ASSOCINFO(");
417 if (ifsta->assocreq_ies) {
418 len += sprintf(buf + len, "ReqIEs=");
419 for (i = 0; i < ifsta->assocreq_ies_len; i++) {
420 len += sprintf(buf + len, "%02x",
421 ifsta->assocreq_ies[i]);
422 }
423 }
424 if (ifsta->assocresp_ies) {
425 if (ifsta->assocreq_ies)
426 len += sprintf(buf + len, " ");
427 len += sprintf(buf + len, "RespIEs=");
428 for (i = 0; i < ifsta->assocresp_ies_len; i++) {
429 len += sprintf(buf + len, "%02x",
430 ifsta->assocresp_ies[i]);
431 }
432 }
433 len += sprintf(buf + len, ")");
434
435 if (len > IW_CUSTOM_MAX) {
436 len = sprintf(buf, "ASSOCRESPIE=");
437 for (i = 0; i < ifsta->assocresp_ies_len; i++) {
438 len += sprintf(buf + len, "%02x",
439 ifsta->assocresp_ies[i]);
440 }
441 }
442
443 memset(&wrqu, 0, sizeof(wrqu));
444 wrqu.data.length = len;
445 wireless_send_event(dev, IWEVCUSTOM, &wrqu, buf);
446
447 kfree(buf);
448}
449
450
451static void ieee80211_set_associated(struct net_device *dev,
452 struct ieee80211_if_sta *ifsta,
453 bool assoc)
454{
455 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
456 struct ieee80211_local *local = sdata->local;
457 union iwreq_data wrqu;
458 u32 changed = BSS_CHANGED_ASSOC;
459
460 if (assoc) {
461 struct ieee80211_sta_bss *bss;
462
463 ifsta->flags |= IEEE80211_STA_ASSOCIATED;
464
465 if (sdata->vif.type != IEEE80211_IF_TYPE_STA)
466 return;
467
468 bss = ieee80211_rx_bss_get(dev, ifsta->bssid,
469 local->hw.conf.channel,
470 ifsta->ssid, ifsta->ssid_len);
471 if (bss) {
472 if (bss->has_erp_value)
473 changed |= ieee80211_handle_erp_ie(
474 sdata, bss->erp_value);
475 ieee80211_rx_bss_put(dev, bss);
476 }
477
478 netif_carrier_on(dev);
479 ifsta->flags |= IEEE80211_STA_PREV_BSSID_SET;
480 memcpy(ifsta->prev_bssid, sdata->u.sta.bssid, ETH_ALEN);
481 memcpy(wrqu.ap_addr.sa_data, sdata->u.sta.bssid, ETH_ALEN);
482 ieee80211_sta_send_associnfo(dev, ifsta);
483 } else {
484 ifsta->flags &= ~IEEE80211_STA_ASSOCIATED;
485
486 netif_carrier_off(dev);
487 ieee80211_reset_erp_info(dev);
488 memset(wrqu.ap_addr.sa_data, 0, ETH_ALEN);
489 }
490 wrqu.ap_addr.sa_family = ARPHRD_ETHER;
491 wireless_send_event(dev, SIOCGIWAP, &wrqu, NULL);
492 ifsta->last_probe = jiffies;
493 ieee80211_led_assoc(local, assoc);
494
495 ieee80211_bss_info_change_notify(sdata, changed);
496}
497
498static void ieee80211_set_disassoc(struct net_device *dev,
499 struct ieee80211_if_sta *ifsta, int deauth)
500{
501 if (deauth)
502 ifsta->auth_tries = 0;
503 ifsta->assoc_tries = 0;
504 ieee80211_set_associated(dev, ifsta, 0);
505}
506
507static void ieee80211_sta_tx(struct net_device *dev, struct sk_buff *skb,
508 int encrypt)
509{
510 struct ieee80211_sub_if_data *sdata;
511 struct ieee80211_tx_packet_data *pkt_data;
512
513 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
514 skb->dev = sdata->local->mdev;
515 skb_set_mac_header(skb, 0);
516 skb_set_network_header(skb, 0);
517 skb_set_transport_header(skb, 0);
518
519 pkt_data = (struct ieee80211_tx_packet_data *) skb->cb;
520 memset(pkt_data, 0, sizeof(struct ieee80211_tx_packet_data));
521 pkt_data->ifindex = sdata->dev->ifindex;
522 if (!encrypt)
523 pkt_data->flags |= IEEE80211_TXPD_DO_NOT_ENCRYPT;
524
525 dev_queue_xmit(skb);
526}
527
528
529static void ieee80211_send_auth(struct net_device *dev,
530 struct ieee80211_if_sta *ifsta,
531 int transaction, u8 *extra, size_t extra_len,
532 int encrypt)
533{
534 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
535 struct sk_buff *skb;
536 struct ieee80211_mgmt *mgmt;
537
538 skb = dev_alloc_skb(local->hw.extra_tx_headroom +
539 sizeof(*mgmt) + 6 + extra_len);
540 if (!skb) {
541 printk(KERN_DEBUG "%s: failed to allocate buffer for auth "
542 "frame\n", dev->name);
543 return;
544 }
545 skb_reserve(skb, local->hw.extra_tx_headroom);
546
547 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24 + 6);
548 memset(mgmt, 0, 24 + 6);
549 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
550 IEEE80211_STYPE_AUTH);
551 if (encrypt)
552 mgmt->frame_control |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
553 memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
554 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
555 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
556 mgmt->u.auth.auth_alg = cpu_to_le16(ifsta->auth_alg);
557 mgmt->u.auth.auth_transaction = cpu_to_le16(transaction);
558 ifsta->auth_transaction = transaction + 1;
559 mgmt->u.auth.status_code = cpu_to_le16(0);
560 if (extra)
561 memcpy(skb_put(skb, extra_len), extra, extra_len);
562
563 ieee80211_sta_tx(dev, skb, encrypt);
564}
565
566
567static void ieee80211_authenticate(struct net_device *dev,
568 struct ieee80211_if_sta *ifsta)
569{
570 DECLARE_MAC_BUF(mac);
571
572 ifsta->auth_tries++;
573 if (ifsta->auth_tries > IEEE80211_AUTH_MAX_TRIES) {
574 printk(KERN_DEBUG "%s: authentication with AP %s"
575 " timed out\n",
576 dev->name, print_mac(mac, ifsta->bssid));
577 ifsta->state = IEEE80211_DISABLED;
578 return;
579 }
580
581 ifsta->state = IEEE80211_AUTHENTICATE;
582 printk(KERN_DEBUG "%s: authenticate with AP %s\n",
583 dev->name, print_mac(mac, ifsta->bssid));
584
585 ieee80211_send_auth(dev, ifsta, 1, NULL, 0, 0);
586
587 mod_timer(&ifsta->timer, jiffies + IEEE80211_AUTH_TIMEOUT);
588}
589
590
591static void ieee80211_send_assoc(struct net_device *dev,
592 struct ieee80211_if_sta *ifsta)
593{
594 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
595 struct ieee80211_hw_mode *mode;
596 struct sk_buff *skb;
597 struct ieee80211_mgmt *mgmt;
598 u8 *pos, *ies;
599 int i, len;
600 u16 capab;
601 struct ieee80211_sta_bss *bss;
602 int wmm = 0;
603
604 skb = dev_alloc_skb(local->hw.extra_tx_headroom +
605 sizeof(*mgmt) + 200 + ifsta->extra_ie_len +
606 ifsta->ssid_len);
607 if (!skb) {
608 printk(KERN_DEBUG "%s: failed to allocate buffer for assoc "
609 "frame\n", dev->name);
610 return;
611 }
612 skb_reserve(skb, local->hw.extra_tx_headroom);
613
614 mode = local->oper_hw_mode;
615 capab = ifsta->capab;
616 if (mode->mode == MODE_IEEE80211G) {
617 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME |
618 WLAN_CAPABILITY_SHORT_PREAMBLE;
619 }
620 bss = ieee80211_rx_bss_get(dev, ifsta->bssid, local->hw.conf.channel,
621 ifsta->ssid, ifsta->ssid_len);
622 if (bss) {
623 if (bss->capability & WLAN_CAPABILITY_PRIVACY)
624 capab |= WLAN_CAPABILITY_PRIVACY;
625 if (bss->wmm_ie) {
626 wmm = 1;
627 }
628 ieee80211_rx_bss_put(dev, bss);
629 }
630
631 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
632 memset(mgmt, 0, 24);
633 memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
634 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
635 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
636
637 if (ifsta->flags & IEEE80211_STA_PREV_BSSID_SET) {
638 skb_put(skb, 10);
639 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
640 IEEE80211_STYPE_REASSOC_REQ);
641 mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab);
642 mgmt->u.reassoc_req.listen_interval = cpu_to_le16(1);
643 memcpy(mgmt->u.reassoc_req.current_ap, ifsta->prev_bssid,
644 ETH_ALEN);
645 } else {
646 skb_put(skb, 4);
647 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
648 IEEE80211_STYPE_ASSOC_REQ);
649 mgmt->u.assoc_req.capab_info = cpu_to_le16(capab);
650 mgmt->u.assoc_req.listen_interval = cpu_to_le16(1);
651 }
652
653 /* SSID */
654 ies = pos = skb_put(skb, 2 + ifsta->ssid_len);
655 *pos++ = WLAN_EID_SSID;
656 *pos++ = ifsta->ssid_len;
657 memcpy(pos, ifsta->ssid, ifsta->ssid_len);
658
659 len = mode->num_rates;
660 if (len > 8)
661 len = 8;
662 pos = skb_put(skb, len + 2);
663 *pos++ = WLAN_EID_SUPP_RATES;
664 *pos++ = len;
665 for (i = 0; i < len; i++) {
666 int rate = mode->rates[i].rate;
667 *pos++ = (u8) (rate / 5);
668 }
669
670 if (mode->num_rates > len) {
671 pos = skb_put(skb, mode->num_rates - len + 2);
672 *pos++ = WLAN_EID_EXT_SUPP_RATES;
673 *pos++ = mode->num_rates - len;
674 for (i = len; i < mode->num_rates; i++) {
675 int rate = mode->rates[i].rate;
676 *pos++ = (u8) (rate / 5);
677 }
678 }
679
680 if (ifsta->extra_ie) {
681 pos = skb_put(skb, ifsta->extra_ie_len);
682 memcpy(pos, ifsta->extra_ie, ifsta->extra_ie_len);
683 }
684
685 if (wmm && (ifsta->flags & IEEE80211_STA_WMM_ENABLED)) {
686 pos = skb_put(skb, 9);
687 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
688 *pos++ = 7; /* len */
689 *pos++ = 0x00; /* Microsoft OUI 00:50:F2 */
690 *pos++ = 0x50;
691 *pos++ = 0xf2;
692 *pos++ = 2; /* WME */
693 *pos++ = 0; /* WME info */
694 *pos++ = 1; /* WME ver */
695 *pos++ = 0;
696 }
697 /* wmm support is a must to HT */
698 if (wmm && mode->ht_info.ht_supported) {
699 __le16 tmp = cpu_to_le16(mode->ht_info.cap);
700 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap)+2);
701 *pos++ = WLAN_EID_HT_CAPABILITY;
702 *pos++ = sizeof(struct ieee80211_ht_cap);
703 memset(pos, 0, sizeof(struct ieee80211_ht_cap));
704 memcpy(pos, &tmp, sizeof(u16));
705 pos += sizeof(u16);
706 *pos++ = (mode->ht_info.ampdu_factor |
707 (mode->ht_info.ampdu_density << 2));
708 memcpy(pos, mode->ht_info.supp_mcs_set, 16);
709 }
710
711 kfree(ifsta->assocreq_ies);
712 ifsta->assocreq_ies_len = (skb->data + skb->len) - ies;
713 ifsta->assocreq_ies = kmalloc(ifsta->assocreq_ies_len, GFP_KERNEL);
714 if (ifsta->assocreq_ies)
715 memcpy(ifsta->assocreq_ies, ies, ifsta->assocreq_ies_len);
716
717 ieee80211_sta_tx(dev, skb, 0);
718}
719
720
721static void ieee80211_send_deauth(struct net_device *dev,
722 struct ieee80211_if_sta *ifsta, u16 reason)
723{
724 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
725 struct sk_buff *skb;
726 struct ieee80211_mgmt *mgmt;
727
728 skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt));
729 if (!skb) {
730 printk(KERN_DEBUG "%s: failed to allocate buffer for deauth "
731 "frame\n", dev->name);
732 return;
733 }
734 skb_reserve(skb, local->hw.extra_tx_headroom);
735
736 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
737 memset(mgmt, 0, 24);
738 memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
739 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
740 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
741 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
742 IEEE80211_STYPE_DEAUTH);
743 skb_put(skb, 2);
744 mgmt->u.deauth.reason_code = cpu_to_le16(reason);
745
746 ieee80211_sta_tx(dev, skb, 0);
747}
748
749
750static void ieee80211_send_disassoc(struct net_device *dev,
751 struct ieee80211_if_sta *ifsta, u16 reason)
752{
753 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
754 struct sk_buff *skb;
755 struct ieee80211_mgmt *mgmt;
756
757 skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt));
758 if (!skb) {
759 printk(KERN_DEBUG "%s: failed to allocate buffer for disassoc "
760 "frame\n", dev->name);
761 return;
762 }
763 skb_reserve(skb, local->hw.extra_tx_headroom);
764
765 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
766 memset(mgmt, 0, 24);
767 memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
768 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
769 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
770 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
771 IEEE80211_STYPE_DISASSOC);
772 skb_put(skb, 2);
773 mgmt->u.disassoc.reason_code = cpu_to_le16(reason);
774
775 ieee80211_sta_tx(dev, skb, 0);
776}
777
778
779static int ieee80211_privacy_mismatch(struct net_device *dev,
780 struct ieee80211_if_sta *ifsta)
781{
782 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
783 struct ieee80211_sta_bss *bss;
784 int bss_privacy;
785 int wep_privacy;
786 int privacy_invoked;
787
788 if (!ifsta || (ifsta->flags & IEEE80211_STA_MIXED_CELL))
789 return 0;
790
791 bss = ieee80211_rx_bss_get(dev, ifsta->bssid, local->hw.conf.channel,
792 ifsta->ssid, ifsta->ssid_len);
793 if (!bss)
794 return 0;
795
796 bss_privacy = !!(bss->capability & WLAN_CAPABILITY_PRIVACY);
797 wep_privacy = !!ieee80211_sta_wep_configured(dev);
798 privacy_invoked = !!(ifsta->flags & IEEE80211_STA_PRIVACY_INVOKED);
799
800 ieee80211_rx_bss_put(dev, bss);
801
802 if ((bss_privacy == wep_privacy) || (bss_privacy == privacy_invoked))
803 return 0;
804
805 return 1;
806}
807
808
809static void ieee80211_associate(struct net_device *dev,
810 struct ieee80211_if_sta *ifsta)
811{
812 DECLARE_MAC_BUF(mac);
813
814 ifsta->assoc_tries++;
815 if (ifsta->assoc_tries > IEEE80211_ASSOC_MAX_TRIES) {
816 printk(KERN_DEBUG "%s: association with AP %s"
817 " timed out\n",
818 dev->name, print_mac(mac, ifsta->bssid));
819 ifsta->state = IEEE80211_DISABLED;
820 return;
821 }
822
823 ifsta->state = IEEE80211_ASSOCIATE;
824 printk(KERN_DEBUG "%s: associate with AP %s\n",
825 dev->name, print_mac(mac, ifsta->bssid));
826 if (ieee80211_privacy_mismatch(dev, ifsta)) {
827 printk(KERN_DEBUG "%s: mismatch in privacy configuration and "
828 "mixed-cell disabled - abort association\n", dev->name);
829 ifsta->state = IEEE80211_DISABLED;
830 return;
831 }
832
833 ieee80211_send_assoc(dev, ifsta);
834
835 mod_timer(&ifsta->timer, jiffies + IEEE80211_ASSOC_TIMEOUT);
836}
837
838
839static void ieee80211_associated(struct net_device *dev,
840 struct ieee80211_if_sta *ifsta)
841{
842 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
843 struct sta_info *sta;
844 int disassoc;
845 DECLARE_MAC_BUF(mac);
846
847 /* TODO: start monitoring current AP signal quality and number of
848 * missed beacons. Scan other channels every now and then and search
849 * for better APs. */
850 /* TODO: remove expired BSSes */
851
852 ifsta->state = IEEE80211_ASSOCIATED;
853
854 sta = sta_info_get(local, ifsta->bssid);
855 if (!sta) {
856 printk(KERN_DEBUG "%s: No STA entry for own AP %s\n",
857 dev->name, print_mac(mac, ifsta->bssid));
858 disassoc = 1;
859 } else {
860 disassoc = 0;
861 if (time_after(jiffies,
862 sta->last_rx + IEEE80211_MONITORING_INTERVAL)) {
863 if (ifsta->flags & IEEE80211_STA_PROBEREQ_POLL) {
864 printk(KERN_DEBUG "%s: No ProbeResp from "
865 "current AP %s - assume out of "
866 "range\n",
867 dev->name, print_mac(mac, ifsta->bssid));
868 disassoc = 1;
869 sta_info_free(sta);
870 } else
871 ieee80211_send_probe_req(dev, ifsta->bssid,
872 local->scan_ssid,
873 local->scan_ssid_len);
874 ifsta->flags ^= IEEE80211_STA_PROBEREQ_POLL;
875 } else {
876 ifsta->flags &= ~IEEE80211_STA_PROBEREQ_POLL;
877 if (time_after(jiffies, ifsta->last_probe +
878 IEEE80211_PROBE_INTERVAL)) {
879 ifsta->last_probe = jiffies;
880 ieee80211_send_probe_req(dev, ifsta->bssid,
881 ifsta->ssid,
882 ifsta->ssid_len);
883 }
884 }
885 sta_info_put(sta);
886 }
887 if (disassoc) {
888 ifsta->state = IEEE80211_DISABLED;
889 ieee80211_set_associated(dev, ifsta, 0);
890 } else {
891 mod_timer(&ifsta->timer, jiffies +
892 IEEE80211_MONITORING_INTERVAL);
893 }
894}
895
896
897static void ieee80211_send_probe_req(struct net_device *dev, u8 *dst,
898 u8 *ssid, size_t ssid_len)
899{
900 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
901 struct ieee80211_hw_mode *mode;
902 struct sk_buff *skb;
903 struct ieee80211_mgmt *mgmt;
904 u8 *pos, *supp_rates, *esupp_rates = NULL;
905 int i;
906
907 skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt) + 200);
908 if (!skb) {
909 printk(KERN_DEBUG "%s: failed to allocate buffer for probe "
910 "request\n", dev->name);
911 return;
912 }
913 skb_reserve(skb, local->hw.extra_tx_headroom);
914
915 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
916 memset(mgmt, 0, 24);
917 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
918 IEEE80211_STYPE_PROBE_REQ);
919 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
920 if (dst) {
921 memcpy(mgmt->da, dst, ETH_ALEN);
922 memcpy(mgmt->bssid, dst, ETH_ALEN);
923 } else {
924 memset(mgmt->da, 0xff, ETH_ALEN);
925 memset(mgmt->bssid, 0xff, ETH_ALEN);
926 }
927 pos = skb_put(skb, 2 + ssid_len);
928 *pos++ = WLAN_EID_SSID;
929 *pos++ = ssid_len;
930 memcpy(pos, ssid, ssid_len);
931
932 supp_rates = skb_put(skb, 2);
933 supp_rates[0] = WLAN_EID_SUPP_RATES;
934 supp_rates[1] = 0;
935 mode = local->oper_hw_mode;
936 for (i = 0; i < mode->num_rates; i++) {
937 struct ieee80211_rate *rate = &mode->rates[i];
938 if (!(rate->flags & IEEE80211_RATE_SUPPORTED))
939 continue;
940 if (esupp_rates) {
941 pos = skb_put(skb, 1);
942 esupp_rates[1]++;
943 } else if (supp_rates[1] == 8) {
944 esupp_rates = skb_put(skb, 3);
945 esupp_rates[0] = WLAN_EID_EXT_SUPP_RATES;
946 esupp_rates[1] = 1;
947 pos = &esupp_rates[2];
948 } else {
949 pos = skb_put(skb, 1);
950 supp_rates[1]++;
951 }
952 *pos = rate->rate / 5;
953 }
954
955 ieee80211_sta_tx(dev, skb, 0);
956}
957
958
959static int ieee80211_sta_wep_configured(struct net_device *dev)
960{
961 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
962 if (!sdata || !sdata->default_key ||
963 sdata->default_key->conf.alg != ALG_WEP)
964 return 0;
965 return 1;
966}
967
968
969static void ieee80211_auth_completed(struct net_device *dev,
970 struct ieee80211_if_sta *ifsta)
971{
972 printk(KERN_DEBUG "%s: authenticated\n", dev->name);
973 ifsta->flags |= IEEE80211_STA_AUTHENTICATED;
974 ieee80211_associate(dev, ifsta);
975}
976
977
978static void ieee80211_auth_challenge(struct net_device *dev,
979 struct ieee80211_if_sta *ifsta,
980 struct ieee80211_mgmt *mgmt,
981 size_t len)
982{
983 u8 *pos;
984 struct ieee802_11_elems elems;
985
986 printk(KERN_DEBUG "%s: replying to auth challenge\n", dev->name);
987 pos = mgmt->u.auth.variable;
988 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems);
989 if (!elems.challenge) {
990 printk(KERN_DEBUG "%s: no challenge IE in shared key auth "
991 "frame\n", dev->name);
992 return;
993 }
994 ieee80211_send_auth(dev, ifsta, 3, elems.challenge - 2,
995 elems.challenge_len + 2, 1);
996}
997
998static void ieee80211_send_addba_resp(struct net_device *dev, u8 *da, u16 tid,
999 u8 dialog_token, u16 status, u16 policy,
1000 u16 buf_size, u16 timeout)
1001{
1002 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1003 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
1004 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1005 struct sk_buff *skb;
1006 struct ieee80211_mgmt *mgmt;
1007 u16 capab;
1008
1009 skb = dev_alloc_skb(sizeof(*mgmt) + local->hw.extra_tx_headroom + 1 +
1010 sizeof(mgmt->u.action.u.addba_resp));
1011 if (!skb) {
1012 printk(KERN_DEBUG "%s: failed to allocate buffer "
1013 "for addba resp frame\n", dev->name);
1014 return;
1015 }
1016
1017 skb_reserve(skb, local->hw.extra_tx_headroom);
1018 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
1019 memset(mgmt, 0, 24);
1020 memcpy(mgmt->da, da, ETH_ALEN);
1021 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
1022 if (sdata->vif.type == IEEE80211_IF_TYPE_AP)
1023 memcpy(mgmt->bssid, dev->dev_addr, ETH_ALEN);
1024 else
1025 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
1026 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
1027 IEEE80211_STYPE_ACTION);
1028
1029 skb_put(skb, 1 + sizeof(mgmt->u.action.u.addba_resp));
1030 mgmt->u.action.category = WLAN_CATEGORY_BACK;
1031 mgmt->u.action.u.addba_resp.action_code = WLAN_ACTION_ADDBA_RESP;
1032 mgmt->u.action.u.addba_resp.dialog_token = dialog_token;
1033
1034 capab = (u16)(policy << 1); /* bit 1 aggregation policy */
1035 capab |= (u16)(tid << 2); /* bit 5:2 TID number */
1036 capab |= (u16)(buf_size << 6); /* bit 15:6 max size of aggregation */
1037
1038 mgmt->u.action.u.addba_resp.capab = cpu_to_le16(capab);
1039 mgmt->u.action.u.addba_resp.timeout = cpu_to_le16(timeout);
1040 mgmt->u.action.u.addba_resp.status = cpu_to_le16(status);
1041
1042 ieee80211_sta_tx(dev, skb, 0);
1043
1044 return;
1045}
1046
1047static void ieee80211_sta_process_addba_request(struct net_device *dev,
1048 struct ieee80211_mgmt *mgmt,
1049 size_t len)
1050{
1051 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1052 struct ieee80211_hw *hw = &local->hw;
1053 struct ieee80211_conf *conf = &hw->conf;
1054 struct sta_info *sta;
1055 struct tid_ampdu_rx *tid_agg_rx;
1056 u16 capab, tid, timeout, ba_policy, buf_size, start_seq_num, status;
1057 u8 dialog_token;
1058 int ret = -EOPNOTSUPP;
1059 DECLARE_MAC_BUF(mac);
1060
1061 sta = sta_info_get(local, mgmt->sa);
1062 if (!sta)
1063 return;
1064
1065 /* extract session parameters from addba request frame */
1066 dialog_token = mgmt->u.action.u.addba_req.dialog_token;
1067 timeout = le16_to_cpu(mgmt->u.action.u.addba_req.timeout);
1068 start_seq_num =
1069 le16_to_cpu(mgmt->u.action.u.addba_req.start_seq_num) >> 4;
1070
1071 capab = le16_to_cpu(mgmt->u.action.u.addba_req.capab);
1072 ba_policy = (capab & IEEE80211_ADDBA_PARAM_POLICY_MASK) >> 1;
1073 tid = (capab & IEEE80211_ADDBA_PARAM_TID_MASK) >> 2;
1074 buf_size = (capab & IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK) >> 6;
1075
1076 status = WLAN_STATUS_REQUEST_DECLINED;
1077
1078 /* sanity check for incoming parameters:
1079 * check if configuration can support the BA policy
1080 * and if buffer size does not exceeds max value */
1081 if (((ba_policy != 1)
1082 && (!(conf->ht_conf.cap & IEEE80211_HT_CAP_DELAY_BA)))
1083 || (buf_size > IEEE80211_MAX_AMPDU_BUF)) {
1084 status = WLAN_STATUS_INVALID_QOS_PARAM;
1085#ifdef CONFIG_MAC80211_HT_DEBUG
1086 if (net_ratelimit())
1087 printk(KERN_DEBUG "Block Ack Req with bad params from "
1088 "%s on tid %u. policy %d, buffer size %d\n",
1089 print_mac(mac, mgmt->sa), tid, ba_policy,
1090 buf_size);
1091#endif /* CONFIG_MAC80211_HT_DEBUG */
1092 goto end_no_lock;
1093 }
1094 /* determine default buffer size */
1095 if (buf_size == 0) {
1096 struct ieee80211_hw_mode *mode = conf->mode;
1097 buf_size = IEEE80211_MIN_AMPDU_BUF;
1098 buf_size = buf_size << mode->ht_info.ampdu_factor;
1099 }
1100
1101 tid_agg_rx = &sta->ampdu_mlme.tid_rx[tid];
1102
1103 /* examine state machine */
1104 spin_lock_bh(&sta->ampdu_mlme.ampdu_rx);
1105
1106 if (tid_agg_rx->state != HT_AGG_STATE_IDLE) {
1107#ifdef CONFIG_MAC80211_HT_DEBUG
1108 if (net_ratelimit())
1109 printk(KERN_DEBUG "unexpected Block Ack Req from "
1110 "%s on tid %u\n",
1111 print_mac(mac, mgmt->sa), tid);
1112#endif /* CONFIG_MAC80211_HT_DEBUG */
1113 goto end;
1114 }
1115
1116 /* prepare reordering buffer */
1117 tid_agg_rx->reorder_buf =
1118 kmalloc(buf_size * sizeof(struct sk_buf *), GFP_ATOMIC);
1119 if (!tid_agg_rx->reorder_buf) {
1120 if (net_ratelimit())
1121 printk(KERN_ERR "can not allocate reordering buffer "
1122 "to tid %d\n", tid);
1123 goto end;
1124 }
1125 memset(tid_agg_rx->reorder_buf, 0,
1126 buf_size * sizeof(struct sk_buf *));
1127
1128 if (local->ops->ampdu_action)
1129 ret = local->ops->ampdu_action(hw, IEEE80211_AMPDU_RX_START,
1130 sta->addr, tid, start_seq_num);
1131#ifdef CONFIG_MAC80211_HT_DEBUG
1132 printk(KERN_DEBUG "Rx A-MPDU on tid %d result %d", tid, ret);
1133#endif /* CONFIG_MAC80211_HT_DEBUG */
1134
1135 if (ret) {
1136 kfree(tid_agg_rx->reorder_buf);
1137 goto end;
1138 }
1139
1140 /* change state and send addba resp */
1141 tid_agg_rx->state = HT_AGG_STATE_OPERATIONAL;
1142 tid_agg_rx->dialog_token = dialog_token;
1143 tid_agg_rx->ssn = start_seq_num;
1144 tid_agg_rx->head_seq_num = start_seq_num;
1145 tid_agg_rx->buf_size = buf_size;
1146 tid_agg_rx->timeout = timeout;
1147 tid_agg_rx->stored_mpdu_num = 0;
1148 status = WLAN_STATUS_SUCCESS;
1149end:
1150 spin_unlock_bh(&sta->ampdu_mlme.ampdu_rx);
1151
1152end_no_lock:
1153 ieee80211_send_addba_resp(sta->dev, sta->addr, tid, dialog_token,
1154 status, 1, buf_size, timeout);
1155 sta_info_put(sta);
1156}
1157
1158static void ieee80211_send_delba(struct net_device *dev, const u8 *da, u16 tid,
1159 u16 initiator, u16 reason_code)
1160{
1161 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1162 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1163 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
1164 struct sk_buff *skb;
1165 struct ieee80211_mgmt *mgmt;
1166 u16 params;
1167
1168 skb = dev_alloc_skb(sizeof(*mgmt) + local->hw.extra_tx_headroom + 1 +
1169 sizeof(mgmt->u.action.u.delba));
1170
1171 if (!skb) {
1172 printk(KERN_ERR "%s: failed to allocate buffer "
1173 "for delba frame\n", dev->name);
1174 return;
1175 }
1176
1177 skb_reserve(skb, local->hw.extra_tx_headroom);
1178 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
1179 memset(mgmt, 0, 24);
1180 memcpy(mgmt->da, da, ETH_ALEN);
1181 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
1182 if (sdata->vif.type == IEEE80211_IF_TYPE_AP)
1183 memcpy(mgmt->bssid, dev->dev_addr, ETH_ALEN);
1184 else
1185 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
1186 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
1187 IEEE80211_STYPE_ACTION);
1188
1189 skb_put(skb, 1 + sizeof(mgmt->u.action.u.delba));
1190
1191 mgmt->u.action.category = WLAN_CATEGORY_BACK;
1192 mgmt->u.action.u.delba.action_code = WLAN_ACTION_DELBA;
1193 params = (u16)(initiator << 11); /* bit 11 initiator */
1194 params |= (u16)(tid << 12); /* bit 15:12 TID number */
1195
1196 mgmt->u.action.u.delba.params = cpu_to_le16(params);
1197 mgmt->u.action.u.delba.reason_code = cpu_to_le16(reason_code);
1198
1199 ieee80211_sta_tx(dev, skb, 0);
1200}
1201
1202void ieee80211_sta_stop_rx_ba_session(struct net_device *dev, u8 *ra, u16 tid,
1203 u16 initiator, u16 reason)
1204{
1205 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1206 struct ieee80211_hw *hw = &local->hw;
1207 struct sta_info *sta;
1208 int ret, i;
1209
1210 sta = sta_info_get(local, ra);
1211 if (!sta)
1212 return;
1213
1214 /* check if TID is in operational state */
1215 spin_lock_bh(&sta->ampdu_mlme.ampdu_rx);
1216 if (sta->ampdu_mlme.tid_rx[tid].state
1217 != HT_AGG_STATE_OPERATIONAL) {
1218 spin_unlock_bh(&sta->ampdu_mlme.ampdu_rx);
1219 sta_info_put(sta);
1220 return;
1221 }
1222 sta->ampdu_mlme.tid_rx[tid].state =
1223 HT_AGG_STATE_REQ_STOP_BA_MSK |
1224 (initiator << HT_AGG_STATE_INITIATOR_SHIFT);
1225 spin_unlock_bh(&sta->ampdu_mlme.ampdu_rx);
1226
1227 /* stop HW Rx aggregation. ampdu_action existence
1228 * already verified in session init so we add the BUG_ON */
1229 BUG_ON(!local->ops->ampdu_action);
1230
1231 ret = local->ops->ampdu_action(hw, IEEE80211_AMPDU_RX_STOP,
1232 ra, tid, EINVAL);
1233 if (ret)
1234 printk(KERN_DEBUG "HW problem - can not stop rx "
1235 "aggergation for tid %d\n", tid);
1236
1237 /* shutdown timer has not expired */
1238 if (initiator != WLAN_BACK_TIMER)
1239 del_timer_sync(&sta->ampdu_mlme.tid_rx[tid].
1240 session_timer);
1241
1242 /* check if this is a self generated aggregation halt */
1243 if (initiator == WLAN_BACK_RECIPIENT || initiator == WLAN_BACK_TIMER)
1244 ieee80211_send_delba(dev, ra, tid, 0, reason);
1245
1246 /* free the reordering buffer */
1247 for (i = 0; i < sta->ampdu_mlme.tid_rx[tid].buf_size; i++) {
1248 if (sta->ampdu_mlme.tid_rx[tid].reorder_buf[i]) {
1249 /* release the reordered frames */
1250 dev_kfree_skb(sta->ampdu_mlme.tid_rx[tid].reorder_buf[i]);
1251 sta->ampdu_mlme.tid_rx[tid].stored_mpdu_num--;
1252 sta->ampdu_mlme.tid_rx[tid].reorder_buf[i] = NULL;
1253 }
1254 }
1255 kfree(sta->ampdu_mlme.tid_rx[tid].reorder_buf);
1256
1257 sta->ampdu_mlme.tid_rx[tid].state = HT_AGG_STATE_IDLE;
1258 sta_info_put(sta);
1259}
1260
1261static void ieee80211_sta_process_delba(struct net_device *dev,
1262 struct ieee80211_mgmt *mgmt, size_t len)
1263{
1264 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1265 struct sta_info *sta;
1266 u16 tid, params;
1267 u16 initiator;
1268 DECLARE_MAC_BUF(mac);
1269
1270 sta = sta_info_get(local, mgmt->sa);
1271 if (!sta)
1272 return;
1273
1274 params = le16_to_cpu(mgmt->u.action.u.delba.params);
1275 tid = (params & IEEE80211_DELBA_PARAM_TID_MASK) >> 12;
1276 initiator = (params & IEEE80211_DELBA_PARAM_INITIATOR_MASK) >> 11;
1277
1278#ifdef CONFIG_MAC80211_HT_DEBUG
1279 if (net_ratelimit())
1280 printk(KERN_DEBUG "delba from %s on tid %d reason code %d\n",
1281 print_mac(mac, mgmt->sa), tid,
1282 mgmt->u.action.u.delba.reason_code);
1283#endif /* CONFIG_MAC80211_HT_DEBUG */
1284
1285 if (initiator == WLAN_BACK_INITIATOR)
1286 ieee80211_sta_stop_rx_ba_session(dev, sta->addr, tid,
1287 WLAN_BACK_INITIATOR, 0);
1288 sta_info_put(sta);
1289}
1290
1291/*
1292 * After receiving Block Ack Request (BAR) we activated a
1293 * timer after each frame arrives from the originator.
1294 * if this timer expires ieee80211_sta_stop_rx_ba_session will be executed.
1295 */
1296void sta_rx_agg_session_timer_expired(unsigned long data)
1297{
1298 /* not an elegant detour, but there is no choice as the timer passes
1299 * only one argument, and verious sta_info are needed here, so init
1300 * flow in sta_info_add gives the TID as data, while the timer_to_id
1301 * array gives the sta through container_of */
1302 u8 *ptid = (u8 *)data;
1303 u8 *timer_to_id = ptid - *ptid;
1304 struct sta_info *sta = container_of(timer_to_id, struct sta_info,
1305 timer_to_tid[0]);
1306
1307 printk(KERN_DEBUG "rx session timer expired on tid %d\n", (u16)*ptid);
1308 ieee80211_sta_stop_rx_ba_session(sta->dev, sta->addr, (u16)*ptid,
1309 WLAN_BACK_TIMER,
1310 WLAN_REASON_QSTA_TIMEOUT);
1311}
1312
1313
1314static void ieee80211_rx_mgmt_auth(struct net_device *dev,
1315 struct ieee80211_if_sta *ifsta,
1316 struct ieee80211_mgmt *mgmt,
1317 size_t len)
1318{
1319 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1320 u16 auth_alg, auth_transaction, status_code;
1321 DECLARE_MAC_BUF(mac);
1322
1323 if (ifsta->state != IEEE80211_AUTHENTICATE &&
1324 sdata->vif.type != IEEE80211_IF_TYPE_IBSS) {
1325 printk(KERN_DEBUG "%s: authentication frame received from "
1326 "%s, but not in authenticate state - ignored\n",
1327 dev->name, print_mac(mac, mgmt->sa));
1328 return;
1329 }
1330
1331 if (len < 24 + 6) {
1332 printk(KERN_DEBUG "%s: too short (%zd) authentication frame "
1333 "received from %s - ignored\n",
1334 dev->name, len, print_mac(mac, mgmt->sa));
1335 return;
1336 }
1337
1338 if (sdata->vif.type != IEEE80211_IF_TYPE_IBSS &&
1339 memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN) != 0) {
1340 printk(KERN_DEBUG "%s: authentication frame received from "
1341 "unknown AP (SA=%s BSSID=%s) - "
1342 "ignored\n", dev->name, print_mac(mac, mgmt->sa),
1343 print_mac(mac, mgmt->bssid));
1344 return;
1345 }
1346
1347 if (sdata->vif.type != IEEE80211_IF_TYPE_IBSS &&
1348 memcmp(ifsta->bssid, mgmt->bssid, ETH_ALEN) != 0) {
1349 printk(KERN_DEBUG "%s: authentication frame received from "
1350 "unknown BSSID (SA=%s BSSID=%s) - "
1351 "ignored\n", dev->name, print_mac(mac, mgmt->sa),
1352 print_mac(mac, mgmt->bssid));
1353 return;
1354 }
1355
1356 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg);
1357 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction);
1358 status_code = le16_to_cpu(mgmt->u.auth.status_code);
1359
1360 printk(KERN_DEBUG "%s: RX authentication from %s (alg=%d "
1361 "transaction=%d status=%d)\n",
1362 dev->name, print_mac(mac, mgmt->sa), auth_alg,
1363 auth_transaction, status_code);
1364
1365 if (sdata->vif.type == IEEE80211_IF_TYPE_IBSS) {
1366 /* IEEE 802.11 standard does not require authentication in IBSS
1367 * networks and most implementations do not seem to use it.
1368 * However, try to reply to authentication attempts if someone
1369 * has actually implemented this.
1370 * TODO: Could implement shared key authentication. */
1371 if (auth_alg != WLAN_AUTH_OPEN || auth_transaction != 1) {
1372 printk(KERN_DEBUG "%s: unexpected IBSS authentication "
1373 "frame (alg=%d transaction=%d)\n",
1374 dev->name, auth_alg, auth_transaction);
1375 return;
1376 }
1377 ieee80211_send_auth(dev, ifsta, 2, NULL, 0, 0);
1378 }
1379
1380 if (auth_alg != ifsta->auth_alg ||
1381 auth_transaction != ifsta->auth_transaction) {
1382 printk(KERN_DEBUG "%s: unexpected authentication frame "
1383 "(alg=%d transaction=%d)\n",
1384 dev->name, auth_alg, auth_transaction);
1385 return;
1386 }
1387
1388 if (status_code != WLAN_STATUS_SUCCESS) {
1389 printk(KERN_DEBUG "%s: AP denied authentication (auth_alg=%d "
1390 "code=%d)\n", dev->name, ifsta->auth_alg, status_code);
1391 if (status_code == WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG) {
1392 u8 algs[3];
1393 const int num_algs = ARRAY_SIZE(algs);
1394 int i, pos;
1395 algs[0] = algs[1] = algs[2] = 0xff;
1396 if (ifsta->auth_algs & IEEE80211_AUTH_ALG_OPEN)
1397 algs[0] = WLAN_AUTH_OPEN;
1398 if (ifsta->auth_algs & IEEE80211_AUTH_ALG_SHARED_KEY)
1399 algs[1] = WLAN_AUTH_SHARED_KEY;
1400 if (ifsta->auth_algs & IEEE80211_AUTH_ALG_LEAP)
1401 algs[2] = WLAN_AUTH_LEAP;
1402 if (ifsta->auth_alg == WLAN_AUTH_OPEN)
1403 pos = 0;
1404 else if (ifsta->auth_alg == WLAN_AUTH_SHARED_KEY)
1405 pos = 1;
1406 else
1407 pos = 2;
1408 for (i = 0; i < num_algs; i++) {
1409 pos++;
1410 if (pos >= num_algs)
1411 pos = 0;
1412 if (algs[pos] == ifsta->auth_alg ||
1413 algs[pos] == 0xff)
1414 continue;
1415 if (algs[pos] == WLAN_AUTH_SHARED_KEY &&
1416 !ieee80211_sta_wep_configured(dev))
1417 continue;
1418 ifsta->auth_alg = algs[pos];
1419 printk(KERN_DEBUG "%s: set auth_alg=%d for "
1420 "next try\n",
1421 dev->name, ifsta->auth_alg);
1422 break;
1423 }
1424 }
1425 return;
1426 }
1427
1428 switch (ifsta->auth_alg) {
1429 case WLAN_AUTH_OPEN:
1430 case WLAN_AUTH_LEAP:
1431 ieee80211_auth_completed(dev, ifsta);
1432 break;
1433 case WLAN_AUTH_SHARED_KEY:
1434 if (ifsta->auth_transaction == 4)
1435 ieee80211_auth_completed(dev, ifsta);
1436 else
1437 ieee80211_auth_challenge(dev, ifsta, mgmt, len);
1438 break;
1439 }
1440}
1441
1442
1443static void ieee80211_rx_mgmt_deauth(struct net_device *dev,
1444 struct ieee80211_if_sta *ifsta,
1445 struct ieee80211_mgmt *mgmt,
1446 size_t len)
1447{
1448 u16 reason_code;
1449 DECLARE_MAC_BUF(mac);
1450
1451 if (len < 24 + 2) {
1452 printk(KERN_DEBUG "%s: too short (%zd) deauthentication frame "
1453 "received from %s - ignored\n",
1454 dev->name, len, print_mac(mac, mgmt->sa));
1455 return;
1456 }
1457
1458 if (memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN) != 0) {
1459 printk(KERN_DEBUG "%s: deauthentication frame received from "
1460 "unknown AP (SA=%s BSSID=%s) - "
1461 "ignored\n", dev->name, print_mac(mac, mgmt->sa),
1462 print_mac(mac, mgmt->bssid));
1463 return;
1464 }
1465
1466 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code);
1467
1468 printk(KERN_DEBUG "%s: RX deauthentication from %s"
1469 " (reason=%d)\n",
1470 dev->name, print_mac(mac, mgmt->sa), reason_code);
1471
1472 if (ifsta->flags & IEEE80211_STA_AUTHENTICATED) {
1473 printk(KERN_DEBUG "%s: deauthenticated\n", dev->name);
1474 }
1475
1476 if (ifsta->state == IEEE80211_AUTHENTICATE ||
1477 ifsta->state == IEEE80211_ASSOCIATE ||
1478 ifsta->state == IEEE80211_ASSOCIATED) {
1479 ifsta->state = IEEE80211_AUTHENTICATE;
1480 mod_timer(&ifsta->timer, jiffies +
1481 IEEE80211_RETRY_AUTH_INTERVAL);
1482 }
1483
1484 ieee80211_set_disassoc(dev, ifsta, 1);
1485 ifsta->flags &= ~IEEE80211_STA_AUTHENTICATED;
1486}
1487
1488
1489static void ieee80211_rx_mgmt_disassoc(struct net_device *dev,
1490 struct ieee80211_if_sta *ifsta,
1491 struct ieee80211_mgmt *mgmt,
1492 size_t len)
1493{
1494 u16 reason_code;
1495 DECLARE_MAC_BUF(mac);
1496
1497 if (len < 24 + 2) {
1498 printk(KERN_DEBUG "%s: too short (%zd) disassociation frame "
1499 "received from %s - ignored\n",
1500 dev->name, len, print_mac(mac, mgmt->sa));
1501 return;
1502 }
1503
1504 if (memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN) != 0) {
1505 printk(KERN_DEBUG "%s: disassociation frame received from "
1506 "unknown AP (SA=%s BSSID=%s) - "
1507 "ignored\n", dev->name, print_mac(mac, mgmt->sa),
1508 print_mac(mac, mgmt->bssid));
1509 return;
1510 }
1511
1512 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code);
1513
1514 printk(KERN_DEBUG "%s: RX disassociation from %s"
1515 " (reason=%d)\n",
1516 dev->name, print_mac(mac, mgmt->sa), reason_code);
1517
1518 if (ifsta->flags & IEEE80211_STA_ASSOCIATED)
1519 printk(KERN_DEBUG "%s: disassociated\n", dev->name);
1520
1521 if (ifsta->state == IEEE80211_ASSOCIATED) {
1522 ifsta->state = IEEE80211_ASSOCIATE;
1523 mod_timer(&ifsta->timer, jiffies +
1524 IEEE80211_RETRY_AUTH_INTERVAL);
1525 }
1526
1527 ieee80211_set_disassoc(dev, ifsta, 0);
1528}
1529
1530
1531static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata,
1532 struct ieee80211_if_sta *ifsta,
1533 struct ieee80211_mgmt *mgmt,
1534 size_t len,
1535 int reassoc)
1536{
1537 struct ieee80211_local *local = sdata->local;
1538 struct net_device *dev = sdata->dev;
1539 struct ieee80211_hw_mode *mode;
1540 struct sta_info *sta;
1541 u32 rates;
1542 u16 capab_info, status_code, aid;
1543 struct ieee802_11_elems elems;
1544 struct ieee80211_bss_conf *bss_conf = &sdata->bss_conf;
1545 u8 *pos;
1546 int i, j;
1547 DECLARE_MAC_BUF(mac);
1548
1549 /* AssocResp and ReassocResp have identical structure, so process both
1550 * of them in this function. */
1551
1552 if (ifsta->state != IEEE80211_ASSOCIATE) {
1553 printk(KERN_DEBUG "%s: association frame received from "
1554 "%s, but not in associate state - ignored\n",
1555 dev->name, print_mac(mac, mgmt->sa));
1556 return;
1557 }
1558
1559 if (len < 24 + 6) {
1560 printk(KERN_DEBUG "%s: too short (%zd) association frame "
1561 "received from %s - ignored\n",
1562 dev->name, len, print_mac(mac, mgmt->sa));
1563 return;
1564 }
1565
1566 if (memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN) != 0) {
1567 printk(KERN_DEBUG "%s: association frame received from "
1568 "unknown AP (SA=%s BSSID=%s) - "
1569 "ignored\n", dev->name, print_mac(mac, mgmt->sa),
1570 print_mac(mac, mgmt->bssid));
1571 return;
1572 }
1573
1574 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
1575 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code);
1576 aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
1577
1578 printk(KERN_DEBUG "%s: RX %sssocResp from %s (capab=0x%x "
1579 "status=%d aid=%d)\n",
1580 dev->name, reassoc ? "Rea" : "A", print_mac(mac, mgmt->sa),
1581 capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14))));
1582
1583 if (status_code != WLAN_STATUS_SUCCESS) {
1584 printk(KERN_DEBUG "%s: AP denied association (code=%d)\n",
1585 dev->name, status_code);
1586 /* if this was a reassociation, ensure we try a "full"
1587 * association next time. This works around some broken APs
1588 * which do not correctly reject reassociation requests. */
1589 ifsta->flags &= ~IEEE80211_STA_PREV_BSSID_SET;
1590 return;
1591 }
1592
1593 if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14)))
1594 printk(KERN_DEBUG "%s: invalid aid value %d; bits 15:14 not "
1595 "set\n", dev->name, aid);
1596 aid &= ~(BIT(15) | BIT(14));
1597
1598 pos = mgmt->u.assoc_resp.variable;
1599 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems);
1600
1601 if (!elems.supp_rates) {
1602 printk(KERN_DEBUG "%s: no SuppRates element in AssocResp\n",
1603 dev->name);
1604 return;
1605 }
1606
1607 printk(KERN_DEBUG "%s: associated\n", dev->name);
1608 ifsta->aid = aid;
1609 ifsta->ap_capab = capab_info;
1610
1611 kfree(ifsta->assocresp_ies);
1612 ifsta->assocresp_ies_len = len - (pos - (u8 *) mgmt);
1613 ifsta->assocresp_ies = kmalloc(ifsta->assocresp_ies_len, GFP_KERNEL);
1614 if (ifsta->assocresp_ies)
1615 memcpy(ifsta->assocresp_ies, pos, ifsta->assocresp_ies_len);
1616
1617 /* set AID, ieee80211_set_associated() will tell the driver */
1618 bss_conf->aid = aid;
1619 ieee80211_set_associated(dev, ifsta, 1);
1620
1621 /* Add STA entry for the AP */
1622 sta = sta_info_get(local, ifsta->bssid);
1623 if (!sta) {
1624 struct ieee80211_sta_bss *bss;
1625 sta = sta_info_add(local, dev, ifsta->bssid, GFP_KERNEL);
1626 if (!sta) {
1627 printk(KERN_DEBUG "%s: failed to add STA entry for the"
1628 " AP\n", dev->name);
1629 return;
1630 }
1631 bss = ieee80211_rx_bss_get(dev, ifsta->bssid,
1632 local->hw.conf.channel,
1633 ifsta->ssid, ifsta->ssid_len);
1634 if (bss) {
1635 sta->last_rssi = bss->rssi;
1636 sta->last_signal = bss->signal;
1637 sta->last_noise = bss->noise;
1638 ieee80211_rx_bss_put(dev, bss);
1639 }
1640 }
1641
1642 sta->dev = dev;
1643 sta->flags |= WLAN_STA_AUTH | WLAN_STA_ASSOC | WLAN_STA_ASSOC_AP;
1644
1645 rates = 0;
1646 mode = local->oper_hw_mode;
1647 for (i = 0; i < elems.supp_rates_len; i++) {
1648 int rate = (elems.supp_rates[i] & 0x7f) * 5;
1649 for (j = 0; j < mode->num_rates; j++)
1650 if (mode->rates[j].rate == rate)
1651 rates |= BIT(j);
1652 }
1653 for (i = 0; i < elems.ext_supp_rates_len; i++) {
1654 int rate = (elems.ext_supp_rates[i] & 0x7f) * 5;
1655 for (j = 0; j < mode->num_rates; j++)
1656 if (mode->rates[j].rate == rate)
1657 rates |= BIT(j);
1658 }
1659 sta->supp_rates = rates;
1660
1661 if (elems.ht_cap_elem && elems.ht_info_elem && elems.wmm_param &&
1662 local->ops->conf_ht) {
1663 struct ieee80211_ht_bss_info bss_info;
1664
1665 ieee80211_ht_cap_ie_to_ht_info(
1666 (struct ieee80211_ht_cap *)
1667 elems.ht_cap_elem, &sta->ht_info);
1668 ieee80211_ht_addt_info_ie_to_ht_bss_info(
1669 (struct ieee80211_ht_addt_info *)
1670 elems.ht_info_elem, &bss_info);
1671 ieee80211_hw_config_ht(local, 1, &sta->ht_info, &bss_info);
1672 }
1673
1674 rate_control_rate_init(sta, local);
1675
1676 if (elems.wmm_param && (ifsta->flags & IEEE80211_STA_WMM_ENABLED)) {
1677 sta->flags |= WLAN_STA_WME;
1678 ieee80211_sta_wmm_params(dev, ifsta, elems.wmm_param,
1679 elems.wmm_param_len);
1680 }
1681
1682
1683 sta_info_put(sta);
1684
1685 ieee80211_associated(dev, ifsta);
1686}
1687
1688
1689/* Caller must hold local->sta_bss_lock */
1690static void __ieee80211_rx_bss_hash_add(struct net_device *dev,
1691 struct ieee80211_sta_bss *bss)
1692{
1693 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1694 bss->hnext = local->sta_bss_hash[STA_HASH(bss->bssid)];
1695 local->sta_bss_hash[STA_HASH(bss->bssid)] = bss;
1696}
1697
1698
1699/* Caller must hold local->sta_bss_lock */
1700static void __ieee80211_rx_bss_hash_del(struct net_device *dev,
1701 struct ieee80211_sta_bss *bss)
1702{
1703 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1704 struct ieee80211_sta_bss *b, *prev = NULL;
1705 b = local->sta_bss_hash[STA_HASH(bss->bssid)];
1706 while (b) {
1707 if (b == bss) {
1708 if (!prev)
1709 local->sta_bss_hash[STA_HASH(bss->bssid)] =
1710 bss->hnext;
1711 else
1712 prev->hnext = bss->hnext;
1713 break;
1714 }
1715 prev = b;
1716 b = b->hnext;
1717 }
1718}
1719
1720
1721static struct ieee80211_sta_bss *
1722ieee80211_rx_bss_add(struct net_device *dev, u8 *bssid, int channel,
1723 u8 *ssid, u8 ssid_len)
1724{
1725 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1726 struct ieee80211_sta_bss *bss;
1727
1728 bss = kzalloc(sizeof(*bss), GFP_ATOMIC);
1729 if (!bss)
1730 return NULL;
1731 atomic_inc(&bss->users);
1732 atomic_inc(&bss->users);
1733 memcpy(bss->bssid, bssid, ETH_ALEN);
1734 bss->channel = channel;
1735 if (ssid && ssid_len <= IEEE80211_MAX_SSID_LEN) {
1736 memcpy(bss->ssid, ssid, ssid_len);
1737 bss->ssid_len = ssid_len;
1738 }
1739
1740 spin_lock_bh(&local->sta_bss_lock);
1741 /* TODO: order by RSSI? */
1742 list_add_tail(&bss->list, &local->sta_bss_list);
1743 __ieee80211_rx_bss_hash_add(dev, bss);
1744 spin_unlock_bh(&local->sta_bss_lock);
1745 return bss;
1746}
1747
1748
1749static struct ieee80211_sta_bss *
1750ieee80211_rx_bss_get(struct net_device *dev, u8 *bssid, int channel,
1751 u8 *ssid, u8 ssid_len)
1752{
1753 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1754 struct ieee80211_sta_bss *bss;
1755
1756 spin_lock_bh(&local->sta_bss_lock);
1757 bss = local->sta_bss_hash[STA_HASH(bssid)];
1758 while (bss) {
1759 if (!memcmp(bss->bssid, bssid, ETH_ALEN) &&
1760 bss->channel == channel &&
1761 bss->ssid_len == ssid_len &&
1762 (ssid_len == 0 || !memcmp(bss->ssid, ssid, ssid_len))) {
1763 atomic_inc(&bss->users);
1764 break;
1765 }
1766 bss = bss->hnext;
1767 }
1768 spin_unlock_bh(&local->sta_bss_lock);
1769 return bss;
1770}
1771
1772
1773static void ieee80211_rx_bss_free(struct ieee80211_sta_bss *bss)
1774{
1775 kfree(bss->wpa_ie);
1776 kfree(bss->rsn_ie);
1777 kfree(bss->wmm_ie);
1778 kfree(bss->ht_ie);
1779 kfree(bss);
1780}
1781
1782
1783static void ieee80211_rx_bss_put(struct net_device *dev,
1784 struct ieee80211_sta_bss *bss)
1785{
1786 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1787 if (!atomic_dec_and_test(&bss->users))
1788 return;
1789
1790 spin_lock_bh(&local->sta_bss_lock);
1791 __ieee80211_rx_bss_hash_del(dev, bss);
1792 list_del(&bss->list);
1793 spin_unlock_bh(&local->sta_bss_lock);
1794 ieee80211_rx_bss_free(bss);
1795}
1796
1797
1798void ieee80211_rx_bss_list_init(struct net_device *dev)
1799{
1800 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1801 spin_lock_init(&local->sta_bss_lock);
1802 INIT_LIST_HEAD(&local->sta_bss_list);
1803}
1804
1805
1806void ieee80211_rx_bss_list_deinit(struct net_device *dev)
1807{
1808 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1809 struct ieee80211_sta_bss *bss, *tmp;
1810
1811 list_for_each_entry_safe(bss, tmp, &local->sta_bss_list, list)
1812 ieee80211_rx_bss_put(dev, bss);
1813}
1814
1815
1816static void ieee80211_rx_bss_info(struct net_device *dev,
1817 struct ieee80211_mgmt *mgmt,
1818 size_t len,
1819 struct ieee80211_rx_status *rx_status,
1820 int beacon)
1821{
1822 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1823 struct ieee802_11_elems elems;
1824 size_t baselen;
1825 int channel, clen;
1826 struct ieee80211_sta_bss *bss;
1827 struct sta_info *sta;
1828 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1829 u64 timestamp;
1830 DECLARE_MAC_BUF(mac);
1831 DECLARE_MAC_BUF(mac2);
1832
1833 if (!beacon && memcmp(mgmt->da, dev->dev_addr, ETH_ALEN))
1834 return; /* ignore ProbeResp to foreign address */
1835
1836#if 0
1837 printk(KERN_DEBUG "%s: RX %s from %s to %s\n",
1838 dev->name, beacon ? "Beacon" : "Probe Response",
1839 print_mac(mac, mgmt->sa), print_mac(mac2, mgmt->da));
1840#endif
1841
1842 baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt;
1843 if (baselen > len)
1844 return;
1845
1846 timestamp = le64_to_cpu(mgmt->u.beacon.timestamp);
1847
1848 if (sdata->vif.type == IEEE80211_IF_TYPE_IBSS && beacon &&
1849 memcmp(mgmt->bssid, sdata->u.sta.bssid, ETH_ALEN) == 0) {
1850#ifdef CONFIG_MAC80211_IBSS_DEBUG
1851 static unsigned long last_tsf_debug = 0;
1852 u64 tsf;
1853 if (local->ops->get_tsf)
1854 tsf = local->ops->get_tsf(local_to_hw(local));
1855 else
1856 tsf = -1LLU;
1857 if (time_after(jiffies, last_tsf_debug + 5 * HZ)) {
1858 printk(KERN_DEBUG "RX beacon SA=%s BSSID="
1859 "%s TSF=0x%llx BCN=0x%llx diff=%lld "
1860 "@%lu\n",
1861 print_mac(mac, mgmt->sa), print_mac(mac2, mgmt->bssid),
1862 (unsigned long long)tsf,
1863 (unsigned long long)timestamp,
1864 (unsigned long long)(tsf - timestamp),
1865 jiffies);
1866 last_tsf_debug = jiffies;
1867 }
1868#endif /* CONFIG_MAC80211_IBSS_DEBUG */
1869 }
1870
1871 ieee802_11_parse_elems(mgmt->u.beacon.variable, len - baselen, &elems);
1872
1873 if (sdata->vif.type == IEEE80211_IF_TYPE_IBSS && elems.supp_rates &&
1874 memcmp(mgmt->bssid, sdata->u.sta.bssid, ETH_ALEN) == 0 &&
1875 (sta = sta_info_get(local, mgmt->sa))) {
1876 struct ieee80211_hw_mode *mode;
1877 struct ieee80211_rate *rates;
1878 size_t num_rates;
1879 u32 supp_rates, prev_rates;
1880 int i, j;
1881
1882 mode = local->sta_sw_scanning ?
1883 local->scan_hw_mode : local->oper_hw_mode;
1884
1885 if (local->sta_hw_scanning) {
1886 /* search for the correct mode matches the beacon */
1887 list_for_each_entry(mode, &local->modes_list, list)
1888 if (mode->mode == rx_status->phymode)
1889 break;
1890
1891 if (mode == NULL)
1892 mode = local->oper_hw_mode;
1893 }
1894 rates = mode->rates;
1895 num_rates = mode->num_rates;
1896
1897 supp_rates = 0;
1898 for (i = 0; i < elems.supp_rates_len +
1899 elems.ext_supp_rates_len; i++) {
1900 u8 rate = 0;
1901 int own_rate;
1902 if (i < elems.supp_rates_len)
1903 rate = elems.supp_rates[i];
1904 else if (elems.ext_supp_rates)
1905 rate = elems.ext_supp_rates
1906 [i - elems.supp_rates_len];
1907 own_rate = 5 * (rate & 0x7f);
1908 for (j = 0; j < num_rates; j++)
1909 if (rates[j].rate == own_rate)
1910 supp_rates |= BIT(j);
1911 }
1912
1913 prev_rates = sta->supp_rates;
1914 sta->supp_rates &= supp_rates;
1915 if (sta->supp_rates == 0) {
1916 /* No matching rates - this should not really happen.
1917 * Make sure that at least one rate is marked
1918 * supported to avoid issues with TX rate ctrl. */
1919 sta->supp_rates = sdata->u.sta.supp_rates_bits;
1920 }
1921 if (sta->supp_rates != prev_rates) {
1922 printk(KERN_DEBUG "%s: updated supp_rates set for "
1923 "%s based on beacon info (0x%x & 0x%x -> "
1924 "0x%x)\n",
1925 dev->name, print_mac(mac, sta->addr), prev_rates,
1926 supp_rates, sta->supp_rates);
1927 }
1928 sta_info_put(sta);
1929 }
1930
1931 if (!elems.ssid)
1932 return;
1933
1934 if (elems.ds_params && elems.ds_params_len == 1)
1935 channel = elems.ds_params[0];
1936 else
1937 channel = rx_status->channel;
1938
1939 bss = ieee80211_rx_bss_get(dev, mgmt->bssid, channel,
1940 elems.ssid, elems.ssid_len);
1941 if (!bss) {
1942 bss = ieee80211_rx_bss_add(dev, mgmt->bssid, channel,
1943 elems.ssid, elems.ssid_len);
1944 if (!bss)
1945 return;
1946 } else {
1947#if 0
1948 /* TODO: order by RSSI? */
1949 spin_lock_bh(&local->sta_bss_lock);
1950 list_move_tail(&bss->list, &local->sta_bss_list);
1951 spin_unlock_bh(&local->sta_bss_lock);
1952#endif
1953 }
1954
1955 if (bss->probe_resp && beacon) {
1956 /* Do not allow beacon to override data from Probe Response. */
1957 ieee80211_rx_bss_put(dev, bss);
1958 return;
1959 }
1960
1961 /* save the ERP value so that it is available at association time */
1962 if (elems.erp_info && elems.erp_info_len >= 1) {
1963 bss->erp_value = elems.erp_info[0];
1964 bss->has_erp_value = 1;
1965 }
1966
1967 bss->beacon_int = le16_to_cpu(mgmt->u.beacon.beacon_int);
1968 bss->capability = le16_to_cpu(mgmt->u.beacon.capab_info);
1969
1970 bss->supp_rates_len = 0;
1971 if (elems.supp_rates) {
1972 clen = IEEE80211_MAX_SUPP_RATES - bss->supp_rates_len;
1973 if (clen > elems.supp_rates_len)
1974 clen = elems.supp_rates_len;
1975 memcpy(&bss->supp_rates[bss->supp_rates_len], elems.supp_rates,
1976 clen);
1977 bss->supp_rates_len += clen;
1978 }
1979 if (elems.ext_supp_rates) {
1980 clen = IEEE80211_MAX_SUPP_RATES - bss->supp_rates_len;
1981 if (clen > elems.ext_supp_rates_len)
1982 clen = elems.ext_supp_rates_len;
1983 memcpy(&bss->supp_rates[bss->supp_rates_len],
1984 elems.ext_supp_rates, clen);
1985 bss->supp_rates_len += clen;
1986 }
1987
1988 if (elems.wpa &&
1989 (!bss->wpa_ie || bss->wpa_ie_len != elems.wpa_len ||
1990 memcmp(bss->wpa_ie, elems.wpa, elems.wpa_len))) {
1991 kfree(bss->wpa_ie);
1992 bss->wpa_ie = kmalloc(elems.wpa_len + 2, GFP_ATOMIC);
1993 if (bss->wpa_ie) {
1994 memcpy(bss->wpa_ie, elems.wpa - 2, elems.wpa_len + 2);
1995 bss->wpa_ie_len = elems.wpa_len + 2;
1996 } else
1997 bss->wpa_ie_len = 0;
1998 } else if (!elems.wpa && bss->wpa_ie) {
1999 kfree(bss->wpa_ie);
2000 bss->wpa_ie = NULL;
2001 bss->wpa_ie_len = 0;
2002 }
2003
2004 if (elems.rsn &&
2005 (!bss->rsn_ie || bss->rsn_ie_len != elems.rsn_len ||
2006 memcmp(bss->rsn_ie, elems.rsn, elems.rsn_len))) {
2007 kfree(bss->rsn_ie);
2008 bss->rsn_ie = kmalloc(elems.rsn_len + 2, GFP_ATOMIC);
2009 if (bss->rsn_ie) {
2010 memcpy(bss->rsn_ie, elems.rsn - 2, elems.rsn_len + 2);
2011 bss->rsn_ie_len = elems.rsn_len + 2;
2012 } else
2013 bss->rsn_ie_len = 0;
2014 } else if (!elems.rsn && bss->rsn_ie) {
2015 kfree(bss->rsn_ie);
2016 bss->rsn_ie = NULL;
2017 bss->rsn_ie_len = 0;
2018 }
2019
2020 if (elems.wmm_param &&
2021 (!bss->wmm_ie || bss->wmm_ie_len != elems.wmm_param_len ||
2022 memcmp(bss->wmm_ie, elems.wmm_param, elems.wmm_param_len))) {
2023 kfree(bss->wmm_ie);
2024 bss->wmm_ie = kmalloc(elems.wmm_param_len + 2, GFP_ATOMIC);
2025 if (bss->wmm_ie) {
2026 memcpy(bss->wmm_ie, elems.wmm_param - 2,
2027 elems.wmm_param_len + 2);
2028 bss->wmm_ie_len = elems.wmm_param_len + 2;
2029 } else
2030 bss->wmm_ie_len = 0;
2031 } else if (!elems.wmm_param && bss->wmm_ie) {
2032 kfree(bss->wmm_ie);
2033 bss->wmm_ie = NULL;
2034 bss->wmm_ie_len = 0;
2035 }
2036 if (elems.ht_cap_elem &&
2037 (!bss->ht_ie || bss->ht_ie_len != elems.ht_cap_elem_len ||
2038 memcmp(bss->ht_ie, elems.ht_cap_elem, elems.ht_cap_elem_len))) {
2039 kfree(bss->ht_ie);
2040 bss->ht_ie = kmalloc(elems.ht_cap_elem_len + 2, GFP_ATOMIC);
2041 if (bss->ht_ie) {
2042 memcpy(bss->ht_ie, elems.ht_cap_elem - 2,
2043 elems.ht_cap_elem_len + 2);
2044 bss->ht_ie_len = elems.ht_cap_elem_len + 2;
2045 } else
2046 bss->ht_ie_len = 0;
2047 } else if (!elems.ht_cap_elem && bss->ht_ie) {
2048 kfree(bss->ht_ie);
2049 bss->ht_ie = NULL;
2050 bss->ht_ie_len = 0;
2051 }
2052
2053 bss->hw_mode = rx_status->phymode;
2054 bss->freq = rx_status->freq;
2055 if (channel != rx_status->channel &&
2056 (bss->hw_mode == MODE_IEEE80211G ||
2057 bss->hw_mode == MODE_IEEE80211B) &&
2058 channel >= 1 && channel <= 14) {
2059 static const int freq_list[] = {
2060 2412, 2417, 2422, 2427, 2432, 2437, 2442,
2061 2447, 2452, 2457, 2462, 2467, 2472, 2484
2062 };
2063 /* IEEE 802.11g/b mode can receive packets from neighboring
2064 * channels, so map the channel into frequency. */
2065 bss->freq = freq_list[channel - 1];
2066 }
2067 bss->timestamp = timestamp;
2068 bss->last_update = jiffies;
2069 bss->rssi = rx_status->ssi;
2070 bss->signal = rx_status->signal;
2071 bss->noise = rx_status->noise;
2072 if (!beacon)
2073 bss->probe_resp++;
2074 ieee80211_rx_bss_put(dev, bss);
2075}
2076
2077
2078static void ieee80211_rx_mgmt_probe_resp(struct net_device *dev,
2079 struct ieee80211_mgmt *mgmt,
2080 size_t len,
2081 struct ieee80211_rx_status *rx_status)
2082{
2083 ieee80211_rx_bss_info(dev, mgmt, len, rx_status, 0);
2084}
2085
2086
2087static void ieee80211_rx_mgmt_beacon(struct net_device *dev,
2088 struct ieee80211_mgmt *mgmt,
2089 size_t len,
2090 struct ieee80211_rx_status *rx_status)
2091{
2092 struct ieee80211_sub_if_data *sdata;
2093 struct ieee80211_if_sta *ifsta;
2094 size_t baselen;
2095 struct ieee802_11_elems elems;
2096 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2097 struct ieee80211_conf *conf = &local->hw.conf;
2098 u32 changed = 0;
2099
2100 ieee80211_rx_bss_info(dev, mgmt, len, rx_status, 1);
2101
2102 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2103 if (sdata->vif.type != IEEE80211_IF_TYPE_STA)
2104 return;
2105 ifsta = &sdata->u.sta;
2106
2107 if (!(ifsta->flags & IEEE80211_STA_ASSOCIATED) ||
2108 memcmp(ifsta->bssid, mgmt->bssid, ETH_ALEN) != 0)
2109 return;
2110
2111 /* Process beacon from the current BSS */
2112 baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt;
2113 if (baselen > len)
2114 return;
2115
2116 ieee802_11_parse_elems(mgmt->u.beacon.variable, len - baselen, &elems);
2117
2118 if (elems.erp_info && elems.erp_info_len >= 1)
2119 changed |= ieee80211_handle_erp_ie(sdata, elems.erp_info[0]);
2120
2121 if (elems.ht_cap_elem && elems.ht_info_elem &&
2122 elems.wmm_param && local->ops->conf_ht &&
2123 conf->flags & IEEE80211_CONF_SUPPORT_HT_MODE) {
2124 struct ieee80211_ht_bss_info bss_info;
2125
2126 ieee80211_ht_addt_info_ie_to_ht_bss_info(
2127 (struct ieee80211_ht_addt_info *)
2128 elems.ht_info_elem, &bss_info);
2129 /* check if AP changed bss inforamation */
2130 if ((conf->ht_bss_conf.primary_channel !=
2131 bss_info.primary_channel) ||
2132 (conf->ht_bss_conf.bss_cap != bss_info.bss_cap) ||
2133 (conf->ht_bss_conf.bss_op_mode != bss_info.bss_op_mode))
2134 ieee80211_hw_config_ht(local, 1, &conf->ht_conf,
2135 &bss_info);
2136 }
2137
2138 if (elems.wmm_param && (ifsta->flags & IEEE80211_STA_WMM_ENABLED)) {
2139 ieee80211_sta_wmm_params(dev, ifsta, elems.wmm_param,
2140 elems.wmm_param_len);
2141 }
2142
2143 ieee80211_bss_info_change_notify(sdata, changed);
2144}
2145
2146
2147static void ieee80211_rx_mgmt_probe_req(struct net_device *dev,
2148 struct ieee80211_if_sta *ifsta,
2149 struct ieee80211_mgmt *mgmt,
2150 size_t len,
2151 struct ieee80211_rx_status *rx_status)
2152{
2153 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2154 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2155 int tx_last_beacon;
2156 struct sk_buff *skb;
2157 struct ieee80211_mgmt *resp;
2158 u8 *pos, *end;
2159 DECLARE_MAC_BUF(mac);
2160#ifdef CONFIG_MAC80211_IBSS_DEBUG
2161 DECLARE_MAC_BUF(mac2);
2162 DECLARE_MAC_BUF(mac3);
2163#endif
2164
2165 if (sdata->vif.type != IEEE80211_IF_TYPE_IBSS ||
2166 ifsta->state != IEEE80211_IBSS_JOINED ||
2167 len < 24 + 2 || !ifsta->probe_resp)
2168 return;
2169
2170 if (local->ops->tx_last_beacon)
2171 tx_last_beacon = local->ops->tx_last_beacon(local_to_hw(local));
2172 else
2173 tx_last_beacon = 1;
2174
2175#ifdef CONFIG_MAC80211_IBSS_DEBUG
2176 printk(KERN_DEBUG "%s: RX ProbeReq SA=%s DA=%s BSSID="
2177 "%s (tx_last_beacon=%d)\n",
2178 dev->name, print_mac(mac, mgmt->sa), print_mac(mac2, mgmt->da),
2179 print_mac(mac3, mgmt->bssid), tx_last_beacon);
2180#endif /* CONFIG_MAC80211_IBSS_DEBUG */
2181
2182 if (!tx_last_beacon)
2183 return;
2184
2185 if (memcmp(mgmt->bssid, ifsta->bssid, ETH_ALEN) != 0 &&
2186 memcmp(mgmt->bssid, "\xff\xff\xff\xff\xff\xff", ETH_ALEN) != 0)
2187 return;
2188
2189 end = ((u8 *) mgmt) + len;
2190 pos = mgmt->u.probe_req.variable;
2191 if (pos[0] != WLAN_EID_SSID ||
2192 pos + 2 + pos[1] > end) {
2193 if (net_ratelimit()) {
2194 printk(KERN_DEBUG "%s: Invalid SSID IE in ProbeReq "
2195 "from %s\n",
2196 dev->name, print_mac(mac, mgmt->sa));
2197 }
2198 return;
2199 }
2200 if (pos[1] != 0 &&
2201 (pos[1] != ifsta->ssid_len ||
2202 memcmp(pos + 2, ifsta->ssid, ifsta->ssid_len) != 0)) {
2203 /* Ignore ProbeReq for foreign SSID */
2204 return;
2205 }
2206
2207 /* Reply with ProbeResp */
2208 skb = skb_copy(ifsta->probe_resp, GFP_KERNEL);
2209 if (!skb)
2210 return;
2211
2212 resp = (struct ieee80211_mgmt *) skb->data;
2213 memcpy(resp->da, mgmt->sa, ETH_ALEN);
2214#ifdef CONFIG_MAC80211_IBSS_DEBUG
2215 printk(KERN_DEBUG "%s: Sending ProbeResp to %s\n",
2216 dev->name, print_mac(mac, resp->da));
2217#endif /* CONFIG_MAC80211_IBSS_DEBUG */
2218 ieee80211_sta_tx(dev, skb, 0);
2219}
2220
2221static void ieee80211_rx_mgmt_action(struct net_device *dev,
2222 struct ieee80211_if_sta *ifsta,
2223 struct ieee80211_mgmt *mgmt,
2224 size_t len)
2225{
2226 if (len < IEEE80211_MIN_ACTION_SIZE)
2227 return;
2228
2229 switch (mgmt->u.action.category) {
2230 case WLAN_CATEGORY_BACK:
2231 switch (mgmt->u.action.u.addba_req.action_code) {
2232 case WLAN_ACTION_ADDBA_REQ:
2233 if (len < (IEEE80211_MIN_ACTION_SIZE +
2234 sizeof(mgmt->u.action.u.addba_req)))
2235 break;
2236 ieee80211_sta_process_addba_request(dev, mgmt, len);
2237 break;
2238 case WLAN_ACTION_DELBA:
2239 if (len < (IEEE80211_MIN_ACTION_SIZE +
2240 sizeof(mgmt->u.action.u.delba)))
2241 break;
2242 ieee80211_sta_process_delba(dev, mgmt, len);
2243 break;
2244 default:
2245 if (net_ratelimit())
2246 printk(KERN_DEBUG "%s: Rx unknown A-MPDU action\n",
2247 dev->name);
2248 break;
2249 }
2250 break;
2251 default:
2252 break;
2253 }
2254}
2255
2256void ieee80211_sta_rx_mgmt(struct net_device *dev, struct sk_buff *skb,
2257 struct ieee80211_rx_status *rx_status)
2258{
2259 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2260 struct ieee80211_sub_if_data *sdata;
2261 struct ieee80211_if_sta *ifsta;
2262 struct ieee80211_mgmt *mgmt;
2263 u16 fc;
2264
2265 if (skb->len < 24)
2266 goto fail;
2267
2268 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2269 ifsta = &sdata->u.sta;
2270
2271 mgmt = (struct ieee80211_mgmt *) skb->data;
2272 fc = le16_to_cpu(mgmt->frame_control);
2273
2274 switch (fc & IEEE80211_FCTL_STYPE) {
2275 case IEEE80211_STYPE_PROBE_REQ:
2276 case IEEE80211_STYPE_PROBE_RESP:
2277 case IEEE80211_STYPE_BEACON:
2278 memcpy(skb->cb, rx_status, sizeof(*rx_status));
2279 case IEEE80211_STYPE_AUTH:
2280 case IEEE80211_STYPE_ASSOC_RESP:
2281 case IEEE80211_STYPE_REASSOC_RESP:
2282 case IEEE80211_STYPE_DEAUTH:
2283 case IEEE80211_STYPE_DISASSOC:
2284 case IEEE80211_STYPE_ACTION:
2285 skb_queue_tail(&ifsta->skb_queue, skb);
2286 queue_work(local->hw.workqueue, &ifsta->work);
2287 return;
2288 default:
2289 printk(KERN_DEBUG "%s: received unknown management frame - "
2290 "stype=%d\n", dev->name,
2291 (fc & IEEE80211_FCTL_STYPE) >> 4);
2292 break;
2293 }
2294
2295 fail:
2296 kfree_skb(skb);
2297}
2298
2299
2300static void ieee80211_sta_rx_queued_mgmt(struct net_device *dev,
2301 struct sk_buff *skb)
2302{
2303 struct ieee80211_rx_status *rx_status;
2304 struct ieee80211_sub_if_data *sdata;
2305 struct ieee80211_if_sta *ifsta;
2306 struct ieee80211_mgmt *mgmt;
2307 u16 fc;
2308
2309 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2310 ifsta = &sdata->u.sta;
2311
2312 rx_status = (struct ieee80211_rx_status *) skb->cb;
2313 mgmt = (struct ieee80211_mgmt *) skb->data;
2314 fc = le16_to_cpu(mgmt->frame_control);
2315
2316 switch (fc & IEEE80211_FCTL_STYPE) {
2317 case IEEE80211_STYPE_PROBE_REQ:
2318 ieee80211_rx_mgmt_probe_req(dev, ifsta, mgmt, skb->len,
2319 rx_status);
2320 break;
2321 case IEEE80211_STYPE_PROBE_RESP:
2322 ieee80211_rx_mgmt_probe_resp(dev, mgmt, skb->len, rx_status);
2323 break;
2324 case IEEE80211_STYPE_BEACON:
2325 ieee80211_rx_mgmt_beacon(dev, mgmt, skb->len, rx_status);
2326 break;
2327 case IEEE80211_STYPE_AUTH:
2328 ieee80211_rx_mgmt_auth(dev, ifsta, mgmt, skb->len);
2329 break;
2330 case IEEE80211_STYPE_ASSOC_RESP:
2331 ieee80211_rx_mgmt_assoc_resp(sdata, ifsta, mgmt, skb->len, 0);
2332 break;
2333 case IEEE80211_STYPE_REASSOC_RESP:
2334 ieee80211_rx_mgmt_assoc_resp(sdata, ifsta, mgmt, skb->len, 1);
2335 break;
2336 case IEEE80211_STYPE_DEAUTH:
2337 ieee80211_rx_mgmt_deauth(dev, ifsta, mgmt, skb->len);
2338 break;
2339 case IEEE80211_STYPE_DISASSOC:
2340 ieee80211_rx_mgmt_disassoc(dev, ifsta, mgmt, skb->len);
2341 break;
2342 case IEEE80211_STYPE_ACTION:
2343 ieee80211_rx_mgmt_action(dev, ifsta, mgmt, skb->len);
2344 break;
2345 }
2346
2347 kfree_skb(skb);
2348}
2349
2350
2351ieee80211_txrx_result
2352ieee80211_sta_rx_scan(struct net_device *dev, struct sk_buff *skb,
2353 struct ieee80211_rx_status *rx_status)
2354{
2355 struct ieee80211_mgmt *mgmt;
2356 u16 fc;
2357
2358 if (skb->len < 2)
2359 return TXRX_DROP;
2360
2361 mgmt = (struct ieee80211_mgmt *) skb->data;
2362 fc = le16_to_cpu(mgmt->frame_control);
2363
2364 if ((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_CTL)
2365 return TXRX_CONTINUE;
2366
2367 if (skb->len < 24)
2368 return TXRX_DROP;
2369
2370 if ((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_MGMT) {
2371 if ((fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_PROBE_RESP) {
2372 ieee80211_rx_mgmt_probe_resp(dev, mgmt,
2373 skb->len, rx_status);
2374 dev_kfree_skb(skb);
2375 return TXRX_QUEUED;
2376 } else if ((fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_BEACON) {
2377 ieee80211_rx_mgmt_beacon(dev, mgmt, skb->len,
2378 rx_status);
2379 dev_kfree_skb(skb);
2380 return TXRX_QUEUED;
2381 }
2382 }
2383 return TXRX_CONTINUE;
2384}
2385
2386
2387static int ieee80211_sta_active_ibss(struct net_device *dev)
2388{
2389 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2390 int active = 0;
2391 struct sta_info *sta;
2392
2393 read_lock_bh(&local->sta_lock);
2394 list_for_each_entry(sta, &local->sta_list, list) {
2395 if (sta->dev == dev &&
2396 time_after(sta->last_rx + IEEE80211_IBSS_MERGE_INTERVAL,
2397 jiffies)) {
2398 active++;
2399 break;
2400 }
2401 }
2402 read_unlock_bh(&local->sta_lock);
2403
2404 return active;
2405}
2406
2407
2408static void ieee80211_sta_expire(struct net_device *dev)
2409{
2410 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2411 struct sta_info *sta, *tmp;
2412 LIST_HEAD(tmp_list);
2413 DECLARE_MAC_BUF(mac);
2414
2415 write_lock_bh(&local->sta_lock);
2416 list_for_each_entry_safe(sta, tmp, &local->sta_list, list)
2417 if (time_after(jiffies, sta->last_rx +
2418 IEEE80211_IBSS_INACTIVITY_LIMIT)) {
2419 printk(KERN_DEBUG "%s: expiring inactive STA %s\n",
2420 dev->name, print_mac(mac, sta->addr));
2421 __sta_info_get(sta);
2422 sta_info_remove(sta);
2423 list_add(&sta->list, &tmp_list);
2424 }
2425 write_unlock_bh(&local->sta_lock);
2426
2427 list_for_each_entry_safe(sta, tmp, &tmp_list, list) {
2428 sta_info_free(sta);
2429 sta_info_put(sta);
2430 }
2431}
2432
2433
2434static void ieee80211_sta_merge_ibss(struct net_device *dev,
2435 struct ieee80211_if_sta *ifsta)
2436{
2437 mod_timer(&ifsta->timer, jiffies + IEEE80211_IBSS_MERGE_INTERVAL);
2438
2439 ieee80211_sta_expire(dev);
2440 if (ieee80211_sta_active_ibss(dev))
2441 return;
2442
2443 printk(KERN_DEBUG "%s: No active IBSS STAs - trying to scan for other "
2444 "IBSS networks with same SSID (merge)\n", dev->name);
2445 ieee80211_sta_req_scan(dev, ifsta->ssid, ifsta->ssid_len);
2446}
2447
2448
2449void ieee80211_sta_timer(unsigned long data)
2450{
2451 struct ieee80211_sub_if_data *sdata =
2452 (struct ieee80211_sub_if_data *) data;
2453 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
2454 struct ieee80211_local *local = wdev_priv(&sdata->wdev);
2455
2456 set_bit(IEEE80211_STA_REQ_RUN, &ifsta->request);
2457 queue_work(local->hw.workqueue, &ifsta->work);
2458}
2459
2460
2461void ieee80211_sta_work(struct work_struct *work)
2462{
2463 struct ieee80211_sub_if_data *sdata =
2464 container_of(work, struct ieee80211_sub_if_data, u.sta.work);
2465 struct net_device *dev = sdata->dev;
2466 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2467 struct ieee80211_if_sta *ifsta;
2468 struct sk_buff *skb;
2469
2470 if (!netif_running(dev))
2471 return;
2472
2473 if (local->sta_sw_scanning || local->sta_hw_scanning)
2474 return;
2475
2476 if (sdata->vif.type != IEEE80211_IF_TYPE_STA &&
2477 sdata->vif.type != IEEE80211_IF_TYPE_IBSS) {
2478 printk(KERN_DEBUG "%s: ieee80211_sta_work: non-STA interface "
2479 "(type=%d)\n", dev->name, sdata->vif.type);
2480 return;
2481 }
2482 ifsta = &sdata->u.sta;
2483
2484 while ((skb = skb_dequeue(&ifsta->skb_queue)))
2485 ieee80211_sta_rx_queued_mgmt(dev, skb);
2486
2487 if (ifsta->state != IEEE80211_AUTHENTICATE &&
2488 ifsta->state != IEEE80211_ASSOCIATE &&
2489 test_and_clear_bit(IEEE80211_STA_REQ_SCAN, &ifsta->request)) {
2490 if (ifsta->scan_ssid_len)
2491 ieee80211_sta_start_scan(dev, ifsta->scan_ssid, ifsta->scan_ssid_len);
2492 else
2493 ieee80211_sta_start_scan(dev, NULL, 0);
2494 return;
2495 }
2496
2497 if (test_and_clear_bit(IEEE80211_STA_REQ_AUTH, &ifsta->request)) {
2498 if (ieee80211_sta_config_auth(dev, ifsta))
2499 return;
2500 clear_bit(IEEE80211_STA_REQ_RUN, &ifsta->request);
2501 } else if (!test_and_clear_bit(IEEE80211_STA_REQ_RUN, &ifsta->request))
2502 return;
2503
2504 switch (ifsta->state) {
2505 case IEEE80211_DISABLED:
2506 break;
2507 case IEEE80211_AUTHENTICATE:
2508 ieee80211_authenticate(dev, ifsta);
2509 break;
2510 case IEEE80211_ASSOCIATE:
2511 ieee80211_associate(dev, ifsta);
2512 break;
2513 case IEEE80211_ASSOCIATED:
2514 ieee80211_associated(dev, ifsta);
2515 break;
2516 case IEEE80211_IBSS_SEARCH:
2517 ieee80211_sta_find_ibss(dev, ifsta);
2518 break;
2519 case IEEE80211_IBSS_JOINED:
2520 ieee80211_sta_merge_ibss(dev, ifsta);
2521 break;
2522 default:
2523 printk(KERN_DEBUG "ieee80211_sta_work: Unknown state %d\n",
2524 ifsta->state);
2525 break;
2526 }
2527
2528 if (ieee80211_privacy_mismatch(dev, ifsta)) {
2529 printk(KERN_DEBUG "%s: privacy configuration mismatch and "
2530 "mixed-cell disabled - disassociate\n", dev->name);
2531
2532 ieee80211_send_disassoc(dev, ifsta, WLAN_REASON_UNSPECIFIED);
2533 ieee80211_set_disassoc(dev, ifsta, 0);
2534 }
2535}
2536
2537
2538static void ieee80211_sta_reset_auth(struct net_device *dev,
2539 struct ieee80211_if_sta *ifsta)
2540{
2541 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2542
2543 if (local->ops->reset_tsf) {
2544 /* Reset own TSF to allow time synchronization work. */
2545 local->ops->reset_tsf(local_to_hw(local));
2546 }
2547
2548 ifsta->wmm_last_param_set = -1; /* allow any WMM update */
2549
2550
2551 if (ifsta->auth_algs & IEEE80211_AUTH_ALG_OPEN)
2552 ifsta->auth_alg = WLAN_AUTH_OPEN;
2553 else if (ifsta->auth_algs & IEEE80211_AUTH_ALG_SHARED_KEY)
2554 ifsta->auth_alg = WLAN_AUTH_SHARED_KEY;
2555 else if (ifsta->auth_algs & IEEE80211_AUTH_ALG_LEAP)
2556 ifsta->auth_alg = WLAN_AUTH_LEAP;
2557 else
2558 ifsta->auth_alg = WLAN_AUTH_OPEN;
2559 printk(KERN_DEBUG "%s: Initial auth_alg=%d\n", dev->name,
2560 ifsta->auth_alg);
2561 ifsta->auth_transaction = -1;
2562 ifsta->flags &= ~IEEE80211_STA_ASSOCIATED;
2563 ifsta->auth_tries = ifsta->assoc_tries = 0;
2564 netif_carrier_off(dev);
2565}
2566
2567
2568void ieee80211_sta_req_auth(struct net_device *dev,
2569 struct ieee80211_if_sta *ifsta)
2570{
2571 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2572 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2573
2574 if (sdata->vif.type != IEEE80211_IF_TYPE_STA)
2575 return;
2576
2577 if ((ifsta->flags & (IEEE80211_STA_BSSID_SET |
2578 IEEE80211_STA_AUTO_BSSID_SEL)) &&
2579 (ifsta->flags & (IEEE80211_STA_SSID_SET |
2580 IEEE80211_STA_AUTO_SSID_SEL))) {
2581 set_bit(IEEE80211_STA_REQ_AUTH, &ifsta->request);
2582 queue_work(local->hw.workqueue, &ifsta->work);
2583 }
2584}
2585
2586static int ieee80211_sta_match_ssid(struct ieee80211_if_sta *ifsta,
2587 const char *ssid, int ssid_len)
2588{
2589 int tmp, hidden_ssid;
2590
2591 if (ssid_len == ifsta->ssid_len &&
2592 !memcmp(ifsta->ssid, ssid, ssid_len))
2593 return 1;
2594
2595 if (ifsta->flags & IEEE80211_STA_AUTO_BSSID_SEL)
2596 return 0;
2597
2598 hidden_ssid = 1;
2599 tmp = ssid_len;
2600 while (tmp--) {
2601 if (ssid[tmp] != '\0') {
2602 hidden_ssid = 0;
2603 break;
2604 }
2605 }
2606
2607 if (hidden_ssid && ifsta->ssid_len == ssid_len)
2608 return 1;
2609
2610 if (ssid_len == 1 && ssid[0] == ' ')
2611 return 1;
2612
2613 return 0;
2614}
2615
2616static int ieee80211_sta_config_auth(struct net_device *dev,
2617 struct ieee80211_if_sta *ifsta)
2618{
2619 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2620 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2621 struct ieee80211_sta_bss *bss, *selected = NULL;
2622 int top_rssi = 0, freq;
2623
2624 if (!(ifsta->flags & (IEEE80211_STA_AUTO_SSID_SEL |
2625 IEEE80211_STA_AUTO_BSSID_SEL | IEEE80211_STA_AUTO_CHANNEL_SEL))) {
2626 ifsta->state = IEEE80211_AUTHENTICATE;
2627 ieee80211_sta_reset_auth(dev, ifsta);
2628 return 0;
2629 }
2630
2631 spin_lock_bh(&local->sta_bss_lock);
2632 freq = local->oper_channel->freq;
2633 list_for_each_entry(bss, &local->sta_bss_list, list) {
2634 if (!(bss->capability & WLAN_CAPABILITY_ESS))
2635 continue;
2636
2637 if (!!(bss->capability & WLAN_CAPABILITY_PRIVACY) ^
2638 !!sdata->default_key)
2639 continue;
2640
2641 if (!(ifsta->flags & IEEE80211_STA_AUTO_CHANNEL_SEL) &&
2642 bss->freq != freq)
2643 continue;
2644
2645 if (!(ifsta->flags & IEEE80211_STA_AUTO_BSSID_SEL) &&
2646 memcmp(bss->bssid, ifsta->bssid, ETH_ALEN))
2647 continue;
2648
2649 if (!(ifsta->flags & IEEE80211_STA_AUTO_SSID_SEL) &&
2650 !ieee80211_sta_match_ssid(ifsta, bss->ssid, bss->ssid_len))
2651 continue;
2652
2653 if (!selected || top_rssi < bss->rssi) {
2654 selected = bss;
2655 top_rssi = bss->rssi;
2656 }
2657 }
2658 if (selected)
2659 atomic_inc(&selected->users);
2660 spin_unlock_bh(&local->sta_bss_lock);
2661
2662 if (selected) {
2663 ieee80211_set_channel(local, -1, selected->freq);
2664 if (!(ifsta->flags & IEEE80211_STA_SSID_SET))
2665 ieee80211_sta_set_ssid(dev, selected->ssid,
2666 selected->ssid_len);
2667 ieee80211_sta_set_bssid(dev, selected->bssid);
2668 ieee80211_rx_bss_put(dev, selected);
2669 ifsta->state = IEEE80211_AUTHENTICATE;
2670 ieee80211_sta_reset_auth(dev, ifsta);
2671 return 0;
2672 } else {
2673 if (ifsta->state != IEEE80211_AUTHENTICATE) {
2674 if (ifsta->flags & IEEE80211_STA_AUTO_SSID_SEL)
2675 ieee80211_sta_start_scan(dev, NULL, 0);
2676 else
2677 ieee80211_sta_start_scan(dev, ifsta->ssid,
2678 ifsta->ssid_len);
2679 ifsta->state = IEEE80211_AUTHENTICATE;
2680 set_bit(IEEE80211_STA_REQ_AUTH, &ifsta->request);
2681 } else
2682 ifsta->state = IEEE80211_DISABLED;
2683 }
2684 return -1;
2685}
2686
2687static int ieee80211_sta_join_ibss(struct net_device *dev,
2688 struct ieee80211_if_sta *ifsta,
2689 struct ieee80211_sta_bss *bss)
2690{
2691 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2692 int res, rates, i, j;
2693 struct sk_buff *skb;
2694 struct ieee80211_mgmt *mgmt;
2695 struct ieee80211_tx_control control;
2696 struct ieee80211_hw_mode *mode;
2697 struct rate_selection ratesel;
2698 u8 *pos;
2699 struct ieee80211_sub_if_data *sdata;
2700
2701 /* Remove possible STA entries from other IBSS networks. */
2702 sta_info_flush(local, NULL);
2703
2704 if (local->ops->reset_tsf) {
2705 /* Reset own TSF to allow time synchronization work. */
2706 local->ops->reset_tsf(local_to_hw(local));
2707 }
2708 memcpy(ifsta->bssid, bss->bssid, ETH_ALEN);
2709 res = ieee80211_if_config(dev);
2710 if (res)
2711 return res;
2712
2713 local->hw.conf.beacon_int = bss->beacon_int >= 10 ? bss->beacon_int : 10;
2714
2715 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2716 sdata->drop_unencrypted = bss->capability &
2717 WLAN_CAPABILITY_PRIVACY ? 1 : 0;
2718
2719 res = ieee80211_set_channel(local, -1, bss->freq);
2720
2721 if (!(local->oper_channel->flag & IEEE80211_CHAN_W_IBSS)) {
2722 printk(KERN_DEBUG "%s: IBSS not allowed on channel %d "
2723 "(%d MHz)\n", dev->name, local->hw.conf.channel,
2724 local->hw.conf.freq);
2725 return -1;
2726 }
2727
2728 /* Set beacon template based on scan results */
2729 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 400);
2730 do {
2731 if (!skb)
2732 break;
2733
2734 skb_reserve(skb, local->hw.extra_tx_headroom);
2735
2736 mgmt = (struct ieee80211_mgmt *)
2737 skb_put(skb, 24 + sizeof(mgmt->u.beacon));
2738 memset(mgmt, 0, 24 + sizeof(mgmt->u.beacon));
2739 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
2740 IEEE80211_STYPE_BEACON);
2741 memset(mgmt->da, 0xff, ETH_ALEN);
2742 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
2743 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
2744 mgmt->u.beacon.beacon_int =
2745 cpu_to_le16(local->hw.conf.beacon_int);
2746 mgmt->u.beacon.capab_info = cpu_to_le16(bss->capability);
2747
2748 pos = skb_put(skb, 2 + ifsta->ssid_len);
2749 *pos++ = WLAN_EID_SSID;
2750 *pos++ = ifsta->ssid_len;
2751 memcpy(pos, ifsta->ssid, ifsta->ssid_len);
2752
2753 rates = bss->supp_rates_len;
2754 if (rates > 8)
2755 rates = 8;
2756 pos = skb_put(skb, 2 + rates);
2757 *pos++ = WLAN_EID_SUPP_RATES;
2758 *pos++ = rates;
2759 memcpy(pos, bss->supp_rates, rates);
2760
2761 pos = skb_put(skb, 2 + 1);
2762 *pos++ = WLAN_EID_DS_PARAMS;
2763 *pos++ = 1;
2764 *pos++ = bss->channel;
2765
2766 pos = skb_put(skb, 2 + 2);
2767 *pos++ = WLAN_EID_IBSS_PARAMS;
2768 *pos++ = 2;
2769 /* FIX: set ATIM window based on scan results */
2770 *pos++ = 0;
2771 *pos++ = 0;
2772
2773 if (bss->supp_rates_len > 8) {
2774 rates = bss->supp_rates_len - 8;
2775 pos = skb_put(skb, 2 + rates);
2776 *pos++ = WLAN_EID_EXT_SUPP_RATES;
2777 *pos++ = rates;
2778 memcpy(pos, &bss->supp_rates[8], rates);
2779 }
2780
2781 memset(&control, 0, sizeof(control));
2782 rate_control_get_rate(dev, local->oper_hw_mode, skb, &ratesel);
2783 if (!ratesel.rate) {
2784 printk(KERN_DEBUG "%s: Failed to determine TX rate "
2785 "for IBSS beacon\n", dev->name);
2786 break;
2787 }
2788 control.vif = &sdata->vif;
2789 control.tx_rate =
2790 (sdata->bss_conf.use_short_preamble &&
2791 (ratesel.rate->flags & IEEE80211_RATE_PREAMBLE2)) ?
2792 ratesel.rate->val2 : ratesel.rate->val;
2793 control.antenna_sel_tx = local->hw.conf.antenna_sel_tx;
2794 control.power_level = local->hw.conf.power_level;
2795 control.flags |= IEEE80211_TXCTL_NO_ACK;
2796 control.retry_limit = 1;
2797
2798 ifsta->probe_resp = skb_copy(skb, GFP_ATOMIC);
2799 if (ifsta->probe_resp) {
2800 mgmt = (struct ieee80211_mgmt *)
2801 ifsta->probe_resp->data;
2802 mgmt->frame_control =
2803 IEEE80211_FC(IEEE80211_FTYPE_MGMT,
2804 IEEE80211_STYPE_PROBE_RESP);
2805 } else {
2806 printk(KERN_DEBUG "%s: Could not allocate ProbeResp "
2807 "template for IBSS\n", dev->name);
2808 }
2809
2810 if (local->ops->beacon_update &&
2811 local->ops->beacon_update(local_to_hw(local),
2812 skb, &control) == 0) {
2813 printk(KERN_DEBUG "%s: Configured IBSS beacon "
2814 "template based on scan results\n", dev->name);
2815 skb = NULL;
2816 }
2817
2818 rates = 0;
2819 mode = local->oper_hw_mode;
2820 for (i = 0; i < bss->supp_rates_len; i++) {
2821 int bitrate = (bss->supp_rates[i] & 0x7f) * 5;
2822 for (j = 0; j < mode->num_rates; j++)
2823 if (mode->rates[j].rate == bitrate)
2824 rates |= BIT(j);
2825 }
2826 ifsta->supp_rates_bits = rates;
2827 } while (0);
2828
2829 if (skb) {
2830 printk(KERN_DEBUG "%s: Failed to configure IBSS beacon "
2831 "template\n", dev->name);
2832 dev_kfree_skb(skb);
2833 }
2834
2835 ifsta->state = IEEE80211_IBSS_JOINED;
2836 mod_timer(&ifsta->timer, jiffies + IEEE80211_IBSS_MERGE_INTERVAL);
2837
2838 ieee80211_rx_bss_put(dev, bss);
2839
2840 return res;
2841}
2842
2843
2844static int ieee80211_sta_create_ibss(struct net_device *dev,
2845 struct ieee80211_if_sta *ifsta)
2846{
2847 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2848 struct ieee80211_sta_bss *bss;
2849 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2850 struct ieee80211_hw_mode *mode;
2851 u8 bssid[ETH_ALEN], *pos;
2852 int i;
2853 DECLARE_MAC_BUF(mac);
2854
2855#if 0
2856 /* Easier testing, use fixed BSSID. */
2857 memset(bssid, 0xfe, ETH_ALEN);
2858#else
2859 /* Generate random, not broadcast, locally administered BSSID. Mix in
2860 * own MAC address to make sure that devices that do not have proper
2861 * random number generator get different BSSID. */
2862 get_random_bytes(bssid, ETH_ALEN);
2863 for (i = 0; i < ETH_ALEN; i++)
2864 bssid[i] ^= dev->dev_addr[i];
2865 bssid[0] &= ~0x01;
2866 bssid[0] |= 0x02;
2867#endif
2868
2869 printk(KERN_DEBUG "%s: Creating new IBSS network, BSSID %s\n",
2870 dev->name, print_mac(mac, bssid));
2871
2872 bss = ieee80211_rx_bss_add(dev, bssid, local->hw.conf.channel,
2873 sdata->u.sta.ssid, sdata->u.sta.ssid_len);
2874 if (!bss)
2875 return -ENOMEM;
2876
2877 mode = local->oper_hw_mode;
2878
2879 if (local->hw.conf.beacon_int == 0)
2880 local->hw.conf.beacon_int = 100;
2881 bss->beacon_int = local->hw.conf.beacon_int;
2882 bss->hw_mode = local->hw.conf.phymode;
2883 bss->freq = local->hw.conf.freq;
2884 bss->last_update = jiffies;
2885 bss->capability = WLAN_CAPABILITY_IBSS;
2886 if (sdata->default_key) {
2887 bss->capability |= WLAN_CAPABILITY_PRIVACY;
2888 } else
2889 sdata->drop_unencrypted = 0;
2890 bss->supp_rates_len = mode->num_rates;
2891 pos = bss->supp_rates;
2892 for (i = 0; i < mode->num_rates; i++) {
2893 int rate = mode->rates[i].rate;
2894 *pos++ = (u8) (rate / 5);
2895 }
2896
2897 return ieee80211_sta_join_ibss(dev, ifsta, bss);
2898}
2899
2900
2901static int ieee80211_sta_find_ibss(struct net_device *dev,
2902 struct ieee80211_if_sta *ifsta)
2903{
2904 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2905 struct ieee80211_sta_bss *bss;
2906 int found = 0;
2907 u8 bssid[ETH_ALEN];
2908 int active_ibss;
2909 DECLARE_MAC_BUF(mac);
2910 DECLARE_MAC_BUF(mac2);
2911
2912 if (ifsta->ssid_len == 0)
2913 return -EINVAL;
2914
2915 active_ibss = ieee80211_sta_active_ibss(dev);
2916#ifdef CONFIG_MAC80211_IBSS_DEBUG
2917 printk(KERN_DEBUG "%s: sta_find_ibss (active_ibss=%d)\n",
2918 dev->name, active_ibss);
2919#endif /* CONFIG_MAC80211_IBSS_DEBUG */
2920 spin_lock_bh(&local->sta_bss_lock);
2921 list_for_each_entry(bss, &local->sta_bss_list, list) {
2922 if (ifsta->ssid_len != bss->ssid_len ||
2923 memcmp(ifsta->ssid, bss->ssid, bss->ssid_len) != 0
2924 || !(bss->capability & WLAN_CAPABILITY_IBSS))
2925 continue;
2926#ifdef CONFIG_MAC80211_IBSS_DEBUG
2927 printk(KERN_DEBUG " bssid=%s found\n",
2928 print_mac(mac, bss->bssid));
2929#endif /* CONFIG_MAC80211_IBSS_DEBUG */
2930 memcpy(bssid, bss->bssid, ETH_ALEN);
2931 found = 1;
2932 if (active_ibss || memcmp(bssid, ifsta->bssid, ETH_ALEN) != 0)
2933 break;
2934 }
2935 spin_unlock_bh(&local->sta_bss_lock);
2936
2937#ifdef CONFIG_MAC80211_IBSS_DEBUG
2938 printk(KERN_DEBUG " sta_find_ibss: selected %s current "
2939 "%s\n", print_mac(mac, bssid), print_mac(mac2, ifsta->bssid));
2940#endif /* CONFIG_MAC80211_IBSS_DEBUG */
2941 if (found && memcmp(ifsta->bssid, bssid, ETH_ALEN) != 0 &&
2942 (bss = ieee80211_rx_bss_get(dev, bssid, local->hw.conf.channel,
2943 ifsta->ssid, ifsta->ssid_len))) {
2944 printk(KERN_DEBUG "%s: Selected IBSS BSSID %s"
2945 " based on configured SSID\n",
2946 dev->name, print_mac(mac, bssid));
2947 return ieee80211_sta_join_ibss(dev, ifsta, bss);
2948 }
2949#ifdef CONFIG_MAC80211_IBSS_DEBUG
2950 printk(KERN_DEBUG " did not try to join ibss\n");
2951#endif /* CONFIG_MAC80211_IBSS_DEBUG */
2952
2953 /* Selected IBSS not found in current scan results - try to scan */
2954 if (ifsta->state == IEEE80211_IBSS_JOINED &&
2955 !ieee80211_sta_active_ibss(dev)) {
2956 mod_timer(&ifsta->timer, jiffies +
2957 IEEE80211_IBSS_MERGE_INTERVAL);
2958 } else if (time_after(jiffies, local->last_scan_completed +
2959 IEEE80211_SCAN_INTERVAL)) {
2960 printk(KERN_DEBUG "%s: Trigger new scan to find an IBSS to "
2961 "join\n", dev->name);
2962 return ieee80211_sta_req_scan(dev, ifsta->ssid,
2963 ifsta->ssid_len);
2964 } else if (ifsta->state != IEEE80211_IBSS_JOINED) {
2965 int interval = IEEE80211_SCAN_INTERVAL;
2966
2967 if (time_after(jiffies, ifsta->ibss_join_req +
2968 IEEE80211_IBSS_JOIN_TIMEOUT)) {
2969 if ((ifsta->flags & IEEE80211_STA_CREATE_IBSS) &&
2970 local->oper_channel->flag & IEEE80211_CHAN_W_IBSS)
2971 return ieee80211_sta_create_ibss(dev, ifsta);
2972 if (ifsta->flags & IEEE80211_STA_CREATE_IBSS) {
2973 printk(KERN_DEBUG "%s: IBSS not allowed on the"
2974 " configured channel %d (%d MHz)\n",
2975 dev->name, local->hw.conf.channel,
2976 local->hw.conf.freq);
2977 }
2978
2979 /* No IBSS found - decrease scan interval and continue
2980 * scanning. */
2981 interval = IEEE80211_SCAN_INTERVAL_SLOW;
2982 }
2983
2984 ifsta->state = IEEE80211_IBSS_SEARCH;
2985 mod_timer(&ifsta->timer, jiffies + interval);
2986 return 0;
2987 }
2988
2989 return 0;
2990}
2991
2992
2993int ieee80211_sta_set_ssid(struct net_device *dev, char *ssid, size_t len)
2994{
2995 struct ieee80211_sub_if_data *sdata;
2996 struct ieee80211_if_sta *ifsta;
2997 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2998
2999 if (len > IEEE80211_MAX_SSID_LEN)
3000 return -EINVAL;
3001
3002 /* TODO: This should always be done for IBSS, even if IEEE80211_QOS is
3003 * not defined. */
3004 if (local->ops->conf_tx) {
3005 struct ieee80211_tx_queue_params qparam;
3006 int i;
3007
3008 memset(&qparam, 0, sizeof(qparam));
3009 /* TODO: are these ok defaults for all hw_modes? */
3010 qparam.aifs = 2;
3011 qparam.cw_min =
3012 local->hw.conf.phymode == MODE_IEEE80211B ? 31 : 15;
3013 qparam.cw_max = 1023;
3014 qparam.burst_time = 0;
3015 for (i = IEEE80211_TX_QUEUE_DATA0; i < NUM_TX_DATA_QUEUES; i++)
3016 {
3017 local->ops->conf_tx(local_to_hw(local),
3018 i + IEEE80211_TX_QUEUE_DATA0,
3019 &qparam);
3020 }
3021 /* IBSS uses different parameters for Beacon sending */
3022 qparam.cw_min++;
3023 qparam.cw_min *= 2;
3024 qparam.cw_min--;
3025 local->ops->conf_tx(local_to_hw(local),
3026 IEEE80211_TX_QUEUE_BEACON, &qparam);
3027 }
3028
3029 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3030 ifsta = &sdata->u.sta;
3031
3032 if (ifsta->ssid_len != len || memcmp(ifsta->ssid, ssid, len) != 0)
3033 ifsta->flags &= ~IEEE80211_STA_PREV_BSSID_SET;
3034 memcpy(ifsta->ssid, ssid, len);
3035 memset(ifsta->ssid + len, 0, IEEE80211_MAX_SSID_LEN - len);
3036 ifsta->ssid_len = len;
3037
3038 if (len)
3039 ifsta->flags |= IEEE80211_STA_SSID_SET;
3040 else
3041 ifsta->flags &= ~IEEE80211_STA_SSID_SET;
3042 if (sdata->vif.type == IEEE80211_IF_TYPE_IBSS &&
3043 !(ifsta->flags & IEEE80211_STA_BSSID_SET)) {
3044 ifsta->ibss_join_req = jiffies;
3045 ifsta->state = IEEE80211_IBSS_SEARCH;
3046 return ieee80211_sta_find_ibss(dev, ifsta);
3047 }
3048 return 0;
3049}
3050
3051
3052int ieee80211_sta_get_ssid(struct net_device *dev, char *ssid, size_t *len)
3053{
3054 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3055 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
3056 memcpy(ssid, ifsta->ssid, ifsta->ssid_len);
3057 *len = ifsta->ssid_len;
3058 return 0;
3059}
3060
3061
3062int ieee80211_sta_set_bssid(struct net_device *dev, u8 *bssid)
3063{
3064 struct ieee80211_sub_if_data *sdata;
3065 struct ieee80211_if_sta *ifsta;
3066 int res;
3067
3068 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3069 ifsta = &sdata->u.sta;
3070
3071 if (memcmp(ifsta->bssid, bssid, ETH_ALEN) != 0) {
3072 memcpy(ifsta->bssid, bssid, ETH_ALEN);
3073 res = ieee80211_if_config(dev);
3074 if (res) {
3075 printk(KERN_DEBUG "%s: Failed to config new BSSID to "
3076 "the low-level driver\n", dev->name);
3077 return res;
3078 }
3079 }
3080
3081 if (is_valid_ether_addr(bssid))
3082 ifsta->flags |= IEEE80211_STA_BSSID_SET;
3083 else
3084 ifsta->flags &= ~IEEE80211_STA_BSSID_SET;
3085
3086 return 0;
3087}
3088
3089
3090static void ieee80211_send_nullfunc(struct ieee80211_local *local,
3091 struct ieee80211_sub_if_data *sdata,
3092 int powersave)
3093{
3094 struct sk_buff *skb;
3095 struct ieee80211_hdr *nullfunc;
3096 u16 fc;
3097
3098 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 24);
3099 if (!skb) {
3100 printk(KERN_DEBUG "%s: failed to allocate buffer for nullfunc "
3101 "frame\n", sdata->dev->name);
3102 return;
3103 }
3104 skb_reserve(skb, local->hw.extra_tx_headroom);
3105
3106 nullfunc = (struct ieee80211_hdr *) skb_put(skb, 24);
3107 memset(nullfunc, 0, 24);
3108 fc = IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC |
3109 IEEE80211_FCTL_TODS;
3110 if (powersave)
3111 fc |= IEEE80211_FCTL_PM;
3112 nullfunc->frame_control = cpu_to_le16(fc);
3113 memcpy(nullfunc->addr1, sdata->u.sta.bssid, ETH_ALEN);
3114 memcpy(nullfunc->addr2, sdata->dev->dev_addr, ETH_ALEN);
3115 memcpy(nullfunc->addr3, sdata->u.sta.bssid, ETH_ALEN);
3116
3117 ieee80211_sta_tx(sdata->dev, skb, 0);
3118}
3119
3120
3121void ieee80211_scan_completed(struct ieee80211_hw *hw)
3122{
3123 struct ieee80211_local *local = hw_to_local(hw);
3124 struct net_device *dev = local->scan_dev;
3125 struct ieee80211_sub_if_data *sdata;
3126 union iwreq_data wrqu;
3127
3128 local->last_scan_completed = jiffies;
3129 memset(&wrqu, 0, sizeof(wrqu));
3130 wireless_send_event(dev, SIOCGIWSCAN, &wrqu, NULL);
3131
3132 if (local->sta_hw_scanning) {
3133 local->sta_hw_scanning = 0;
3134 goto done;
3135 }
3136
3137 local->sta_sw_scanning = 0;
3138 if (ieee80211_hw_config(local))
3139 printk(KERN_DEBUG "%s: failed to restore operational "
3140 "channel after scan\n", dev->name);
3141
3142
3143 netif_tx_lock_bh(local->mdev);
3144 local->filter_flags &= ~FIF_BCN_PRBRESP_PROMISC;
3145 local->ops->configure_filter(local_to_hw(local),
3146 FIF_BCN_PRBRESP_PROMISC,
3147 &local->filter_flags,
3148 local->mdev->mc_count,
3149 local->mdev->mc_list);
3150
3151 netif_tx_unlock_bh(local->mdev);
3152
3153 rcu_read_lock();
3154 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
3155
3156 /* No need to wake the master device. */
3157 if (sdata->dev == local->mdev)
3158 continue;
3159
3160 if (sdata->vif.type == IEEE80211_IF_TYPE_STA) {
3161 if (sdata->u.sta.flags & IEEE80211_STA_ASSOCIATED)
3162 ieee80211_send_nullfunc(local, sdata, 0);
3163 ieee80211_sta_timer((unsigned long)sdata);
3164 }
3165
3166 netif_wake_queue(sdata->dev);
3167 }
3168 rcu_read_unlock();
3169
3170done:
3171 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3172 if (sdata->vif.type == IEEE80211_IF_TYPE_IBSS) {
3173 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
3174 if (!(ifsta->flags & IEEE80211_STA_BSSID_SET) ||
3175 (!ifsta->state == IEEE80211_IBSS_JOINED &&
3176 !ieee80211_sta_active_ibss(dev)))
3177 ieee80211_sta_find_ibss(dev, ifsta);
3178 }
3179}
3180EXPORT_SYMBOL(ieee80211_scan_completed);
3181
3182void ieee80211_sta_scan_work(struct work_struct *work)
3183{
3184 struct ieee80211_local *local =
3185 container_of(work, struct ieee80211_local, scan_work.work);
3186 struct net_device *dev = local->scan_dev;
3187 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3188 struct ieee80211_hw_mode *mode;
3189 struct ieee80211_channel *chan;
3190 int skip;
3191 unsigned long next_delay = 0;
3192
3193 if (!local->sta_sw_scanning)
3194 return;
3195
3196 switch (local->scan_state) {
3197 case SCAN_SET_CHANNEL:
3198 mode = local->scan_hw_mode;
3199 if (local->scan_hw_mode->list.next == &local->modes_list &&
3200 local->scan_channel_idx >= mode->num_channels) {
3201 ieee80211_scan_completed(local_to_hw(local));
3202 return;
3203 }
3204 skip = !(local->enabled_modes & (1 << mode->mode));
3205 chan = &mode->channels[local->scan_channel_idx];
3206 if (!(chan->flag & IEEE80211_CHAN_W_SCAN) ||
3207 (sdata->vif.type == IEEE80211_IF_TYPE_IBSS &&
3208 !(chan->flag & IEEE80211_CHAN_W_IBSS)) ||
3209 (local->hw_modes & local->enabled_modes &
3210 (1 << MODE_IEEE80211G) && mode->mode == MODE_IEEE80211B))
3211 skip = 1;
3212
3213 if (!skip) {
3214#if 0
3215 printk(KERN_DEBUG "%s: scan channel %d (%d MHz)\n",
3216 dev->name, chan->chan, chan->freq);
3217#endif
3218
3219 local->scan_channel = chan;
3220 if (ieee80211_hw_config(local)) {
3221 printk(KERN_DEBUG "%s: failed to set channel "
3222 "%d (%d MHz) for scan\n", dev->name,
3223 chan->chan, chan->freq);
3224 skip = 1;
3225 }
3226 }
3227
3228 local->scan_channel_idx++;
3229 if (local->scan_channel_idx >= local->scan_hw_mode->num_channels) {
3230 if (local->scan_hw_mode->list.next != &local->modes_list) {
3231 local->scan_hw_mode = list_entry(local->scan_hw_mode->list.next,
3232 struct ieee80211_hw_mode,
3233 list);
3234 local->scan_channel_idx = 0;
3235 }
3236 }
3237
3238 if (skip)
3239 break;
3240
3241 next_delay = IEEE80211_PROBE_DELAY +
3242 usecs_to_jiffies(local->hw.channel_change_time);
3243 local->scan_state = SCAN_SEND_PROBE;
3244 break;
3245 case SCAN_SEND_PROBE:
3246 if (local->scan_channel->flag & IEEE80211_CHAN_W_ACTIVE_SCAN) {
3247 ieee80211_send_probe_req(dev, NULL, local->scan_ssid,
3248 local->scan_ssid_len);
3249 next_delay = IEEE80211_CHANNEL_TIME;
3250 } else
3251 next_delay = IEEE80211_PASSIVE_CHANNEL_TIME;
3252 local->scan_state = SCAN_SET_CHANNEL;
3253 break;
3254 }
3255
3256 if (local->sta_sw_scanning)
3257 queue_delayed_work(local->hw.workqueue, &local->scan_work,
3258 next_delay);
3259}
3260
3261
3262static int ieee80211_sta_start_scan(struct net_device *dev,
3263 u8 *ssid, size_t ssid_len)
3264{
3265 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
3266 struct ieee80211_sub_if_data *sdata;
3267
3268 if (ssid_len > IEEE80211_MAX_SSID_LEN)
3269 return -EINVAL;
3270
3271 /* MLME-SCAN.request (page 118) page 144 (11.1.3.1)
3272 * BSSType: INFRASTRUCTURE, INDEPENDENT, ANY_BSS
3273 * BSSID: MACAddress
3274 * SSID
3275 * ScanType: ACTIVE, PASSIVE
3276 * ProbeDelay: delay (in microseconds) to be used prior to transmitting
3277 * a Probe frame during active scanning
3278 * ChannelList
3279 * MinChannelTime (>= ProbeDelay), in TU
3280 * MaxChannelTime: (>= MinChannelTime), in TU
3281 */
3282
3283 /* MLME-SCAN.confirm
3284 * BSSDescriptionSet
3285 * ResultCode: SUCCESS, INVALID_PARAMETERS
3286 */
3287
3288 if (local->sta_sw_scanning || local->sta_hw_scanning) {
3289 if (local->scan_dev == dev)
3290 return 0;
3291 return -EBUSY;
3292 }
3293
3294 if (local->ops->hw_scan) {
3295 int rc = local->ops->hw_scan(local_to_hw(local),
3296 ssid, ssid_len);
3297 if (!rc) {
3298 local->sta_hw_scanning = 1;
3299 local->scan_dev = dev;
3300 }
3301 return rc;
3302 }
3303
3304 local->sta_sw_scanning = 1;
3305
3306 rcu_read_lock();
3307 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
3308
3309 /* Don't stop the master interface, otherwise we can't transmit
3310 * probes! */
3311 if (sdata->dev == local->mdev)
3312 continue;
3313
3314 netif_stop_queue(sdata->dev);
3315 if (sdata->vif.type == IEEE80211_IF_TYPE_STA &&
3316 (sdata->u.sta.flags & IEEE80211_STA_ASSOCIATED))
3317 ieee80211_send_nullfunc(local, sdata, 1);
3318 }
3319 rcu_read_unlock();
3320
3321 if (ssid) {
3322 local->scan_ssid_len = ssid_len;
3323 memcpy(local->scan_ssid, ssid, ssid_len);
3324 } else
3325 local->scan_ssid_len = 0;
3326 local->scan_state = SCAN_SET_CHANNEL;
3327 local->scan_hw_mode = list_entry(local->modes_list.next,
3328 struct ieee80211_hw_mode,
3329 list);
3330 local->scan_channel_idx = 0;
3331 local->scan_dev = dev;
3332
3333 netif_tx_lock_bh(local->mdev);
3334 local->filter_flags |= FIF_BCN_PRBRESP_PROMISC;
3335 local->ops->configure_filter(local_to_hw(local),
3336 FIF_BCN_PRBRESP_PROMISC,
3337 &local->filter_flags,
3338 local->mdev->mc_count,
3339 local->mdev->mc_list);
3340 netif_tx_unlock_bh(local->mdev);
3341
3342 /* TODO: start scan as soon as all nullfunc frames are ACKed */
3343 queue_delayed_work(local->hw.workqueue, &local->scan_work,
3344 IEEE80211_CHANNEL_TIME);
3345
3346 return 0;
3347}
3348
3349
3350int ieee80211_sta_req_scan(struct net_device *dev, u8 *ssid, size_t ssid_len)
3351{
3352 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3353 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
3354 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
3355
3356 if (sdata->vif.type != IEEE80211_IF_TYPE_STA)
3357 return ieee80211_sta_start_scan(dev, ssid, ssid_len);
3358
3359 if (local->sta_sw_scanning || local->sta_hw_scanning) {
3360 if (local->scan_dev == dev)
3361 return 0;
3362 return -EBUSY;
3363 }
3364
3365 ifsta->scan_ssid_len = ssid_len;
3366 if (ssid_len)
3367 memcpy(ifsta->scan_ssid, ssid, ssid_len);
3368 set_bit(IEEE80211_STA_REQ_SCAN, &ifsta->request);
3369 queue_work(local->hw.workqueue, &ifsta->work);
3370 return 0;
3371}
3372
3373static char *
3374ieee80211_sta_scan_result(struct net_device *dev,
3375 struct ieee80211_sta_bss *bss,
3376 char *current_ev, char *end_buf)
3377{
3378 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
3379 struct iw_event iwe;
3380
3381 if (time_after(jiffies,
3382 bss->last_update + IEEE80211_SCAN_RESULT_EXPIRE))
3383 return current_ev;
3384
3385 if (!(local->enabled_modes & (1 << bss->hw_mode)))
3386 return current_ev;
3387
3388 memset(&iwe, 0, sizeof(iwe));
3389 iwe.cmd = SIOCGIWAP;
3390 iwe.u.ap_addr.sa_family = ARPHRD_ETHER;
3391 memcpy(iwe.u.ap_addr.sa_data, bss->bssid, ETH_ALEN);
3392 current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe,
3393 IW_EV_ADDR_LEN);
3394
3395 memset(&iwe, 0, sizeof(iwe));
3396 iwe.cmd = SIOCGIWESSID;
3397 iwe.u.data.length = bss->ssid_len;
3398 iwe.u.data.flags = 1;
3399 current_ev = iwe_stream_add_point(current_ev, end_buf, &iwe,
3400 bss->ssid);
3401
3402 if (bss->capability & (WLAN_CAPABILITY_ESS | WLAN_CAPABILITY_IBSS)) {
3403 memset(&iwe, 0, sizeof(iwe));
3404 iwe.cmd = SIOCGIWMODE;
3405 if (bss->capability & WLAN_CAPABILITY_ESS)
3406 iwe.u.mode = IW_MODE_MASTER;
3407 else
3408 iwe.u.mode = IW_MODE_ADHOC;
3409 current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe,
3410 IW_EV_UINT_LEN);
3411 }
3412
3413 memset(&iwe, 0, sizeof(iwe));
3414 iwe.cmd = SIOCGIWFREQ;
3415 iwe.u.freq.m = bss->channel;
3416 iwe.u.freq.e = 0;
3417 current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe,
3418 IW_EV_FREQ_LEN);
3419 iwe.u.freq.m = bss->freq * 100000;
3420 iwe.u.freq.e = 1;
3421 current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe,
3422 IW_EV_FREQ_LEN);
3423
3424 memset(&iwe, 0, sizeof(iwe));
3425 iwe.cmd = IWEVQUAL;
3426 iwe.u.qual.qual = bss->signal;
3427 iwe.u.qual.level = bss->rssi;
3428 iwe.u.qual.noise = bss->noise;
3429 iwe.u.qual.updated = local->wstats_flags;
3430 current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe,
3431 IW_EV_QUAL_LEN);
3432
3433 memset(&iwe, 0, sizeof(iwe));
3434 iwe.cmd = SIOCGIWENCODE;
3435 if (bss->capability & WLAN_CAPABILITY_PRIVACY)
3436 iwe.u.data.flags = IW_ENCODE_ENABLED | IW_ENCODE_NOKEY;
3437 else
3438 iwe.u.data.flags = IW_ENCODE_DISABLED;
3439 iwe.u.data.length = 0;
3440 current_ev = iwe_stream_add_point(current_ev, end_buf, &iwe, "");
3441
3442 if (bss && bss->wpa_ie) {
3443 memset(&iwe, 0, sizeof(iwe));
3444 iwe.cmd = IWEVGENIE;
3445 iwe.u.data.length = bss->wpa_ie_len;
3446 current_ev = iwe_stream_add_point(current_ev, end_buf, &iwe,
3447 bss->wpa_ie);
3448 }
3449
3450 if (bss && bss->rsn_ie) {
3451 memset(&iwe, 0, sizeof(iwe));
3452 iwe.cmd = IWEVGENIE;
3453 iwe.u.data.length = bss->rsn_ie_len;
3454 current_ev = iwe_stream_add_point(current_ev, end_buf, &iwe,
3455 bss->rsn_ie);
3456 }
3457
3458 if (bss && bss->supp_rates_len > 0) {
3459 /* display all supported rates in readable format */
3460 char *p = current_ev + IW_EV_LCP_LEN;
3461 int i;
3462
3463 memset(&iwe, 0, sizeof(iwe));
3464 iwe.cmd = SIOCGIWRATE;
3465 /* Those two flags are ignored... */
3466 iwe.u.bitrate.fixed = iwe.u.bitrate.disabled = 0;
3467
3468 for (i = 0; i < bss->supp_rates_len; i++) {
3469 iwe.u.bitrate.value = ((bss->supp_rates[i] &
3470 0x7f) * 500000);
3471 p = iwe_stream_add_value(current_ev, p,
3472 end_buf, &iwe, IW_EV_PARAM_LEN);
3473 }
3474 current_ev = p;
3475 }
3476
3477 if (bss) {
3478 char *buf;
3479 buf = kmalloc(30, GFP_ATOMIC);
3480 if (buf) {
3481 memset(&iwe, 0, sizeof(iwe));
3482 iwe.cmd = IWEVCUSTOM;
3483 sprintf(buf, "tsf=%016llx", (unsigned long long)(bss->timestamp));
3484 iwe.u.data.length = strlen(buf);
3485 current_ev = iwe_stream_add_point(current_ev, end_buf,
3486 &iwe, buf);
3487 kfree(buf);
3488 }
3489 }
3490
3491 return current_ev;
3492}
3493
3494
3495int ieee80211_sta_scan_results(struct net_device *dev, char *buf, size_t len)
3496{
3497 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
3498 char *current_ev = buf;
3499 char *end_buf = buf + len;
3500 struct ieee80211_sta_bss *bss;
3501
3502 spin_lock_bh(&local->sta_bss_lock);
3503 list_for_each_entry(bss, &local->sta_bss_list, list) {
3504 if (buf + len - current_ev <= IW_EV_ADDR_LEN) {
3505 spin_unlock_bh(&local->sta_bss_lock);
3506 return -E2BIG;
3507 }
3508 current_ev = ieee80211_sta_scan_result(dev, bss, current_ev,
3509 end_buf);
3510 }
3511 spin_unlock_bh(&local->sta_bss_lock);
3512 return current_ev - buf;
3513}
3514
3515
3516int ieee80211_sta_set_extra_ie(struct net_device *dev, char *ie, size_t len)
3517{
3518 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3519 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
3520 kfree(ifsta->extra_ie);
3521 if (len == 0) {
3522 ifsta->extra_ie = NULL;
3523 ifsta->extra_ie_len = 0;
3524 return 0;
3525 }
3526 ifsta->extra_ie = kmalloc(len, GFP_KERNEL);
3527 if (!ifsta->extra_ie) {
3528 ifsta->extra_ie_len = 0;
3529 return -ENOMEM;
3530 }
3531 memcpy(ifsta->extra_ie, ie, len);
3532 ifsta->extra_ie_len = len;
3533 return 0;
3534}
3535
3536
3537struct sta_info * ieee80211_ibss_add_sta(struct net_device *dev,
3538 struct sk_buff *skb, u8 *bssid,
3539 u8 *addr)
3540{
3541 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
3542 struct sta_info *sta;
3543 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3544 DECLARE_MAC_BUF(mac);
3545
3546 /* TODO: Could consider removing the least recently used entry and
3547 * allow new one to be added. */
3548 if (local->num_sta >= IEEE80211_IBSS_MAX_STA_ENTRIES) {
3549 if (net_ratelimit()) {
3550 printk(KERN_DEBUG "%s: No room for a new IBSS STA "
3551 "entry %s\n", dev->name, print_mac(mac, addr));
3552 }
3553 return NULL;
3554 }
3555
3556 printk(KERN_DEBUG "%s: Adding new IBSS station %s (dev=%s)\n",
3557 wiphy_name(local->hw.wiphy), print_mac(mac, addr), dev->name);
3558
3559 sta = sta_info_add(local, dev, addr, GFP_ATOMIC);
3560 if (!sta)
3561 return NULL;
3562
3563 sta->supp_rates = sdata->u.sta.supp_rates_bits;
3564
3565 rate_control_rate_init(sta, local);
3566
3567 return sta; /* caller will call sta_info_put() */
3568}
3569
3570
3571int ieee80211_sta_deauthenticate(struct net_device *dev, u16 reason)
3572{
3573 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3574 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
3575
3576 printk(KERN_DEBUG "%s: deauthenticate(reason=%d)\n",
3577 dev->name, reason);
3578
3579 if (sdata->vif.type != IEEE80211_IF_TYPE_STA &&
3580 sdata->vif.type != IEEE80211_IF_TYPE_IBSS)
3581 return -EINVAL;
3582
3583 ieee80211_send_deauth(dev, ifsta, reason);
3584 ieee80211_set_disassoc(dev, ifsta, 1);
3585 return 0;
3586}
3587
3588
3589int ieee80211_sta_disassociate(struct net_device *dev, u16 reason)
3590{
3591 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3592 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
3593
3594 printk(KERN_DEBUG "%s: disassociate(reason=%d)\n",
3595 dev->name, reason);
3596
3597 if (sdata->vif.type != IEEE80211_IF_TYPE_STA)
3598 return -EINVAL;
3599
3600 if (!(ifsta->flags & IEEE80211_STA_ASSOCIATED))
3601 return -1;
3602
3603 ieee80211_send_disassoc(dev, ifsta, reason);
3604 ieee80211_set_disassoc(dev, ifsta, 0);
3605 return 0;
3606}