Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6
[linux-2.6] / net / mac80211 / ieee80211_sta.c
1 /*
2  * BSS client mode implementation
3  * Copyright 2003, Jouni Malinen <jkmaline@cc.hut.fi>
4  * Copyright 2004, Instant802 Networks, Inc.
5  * Copyright 2005, Devicescape Software, Inc.
6  * Copyright 2006-2007  Jiri Benc <jbenc@suse.cz>
7  * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
8  *
9  * This program is free software; you can redistribute it and/or modify
10  * it under the terms of the GNU General Public License version 2 as
11  * published by the Free Software Foundation.
12  */
13
14 /* TODO:
15  * order BSS list by RSSI(?) ("quality of AP")
16  * scan result table filtering (by capability (privacy, IBSS/BSS, WPA/RSN IE,
17  *    SSID)
18  */
19 #include <linux/delay.h>
20 #include <linux/if_ether.h>
21 #include <linux/skbuff.h>
22 #include <linux/netdevice.h>
23 #include <linux/if_arp.h>
24 #include <linux/wireless.h>
25 #include <linux/random.h>
26 #include <linux/etherdevice.h>
27 #include <net/iw_handler.h>
28 #include <asm/types.h>
29
30 #include <net/mac80211.h>
31 #include "ieee80211_i.h"
32 #include "ieee80211_rate.h"
33 #include "ieee80211_led.h"
34
35 #define IEEE80211_AUTH_TIMEOUT (HZ / 5)
36 #define IEEE80211_AUTH_MAX_TRIES 3
37 #define IEEE80211_ASSOC_TIMEOUT (HZ / 5)
38 #define IEEE80211_ASSOC_MAX_TRIES 3
39 #define IEEE80211_MONITORING_INTERVAL (2 * HZ)
40 #define IEEE80211_PROBE_INTERVAL (60 * HZ)
41 #define IEEE80211_RETRY_AUTH_INTERVAL (1 * HZ)
42 #define IEEE80211_SCAN_INTERVAL (2 * HZ)
43 #define IEEE80211_SCAN_INTERVAL_SLOW (15 * HZ)
44 #define IEEE80211_IBSS_JOIN_TIMEOUT (20 * HZ)
45
46 #define IEEE80211_PROBE_DELAY (HZ / 33)
47 #define IEEE80211_CHANNEL_TIME (HZ / 33)
48 #define IEEE80211_PASSIVE_CHANNEL_TIME (HZ / 5)
49 #define IEEE80211_SCAN_RESULT_EXPIRE (10 * HZ)
50 #define IEEE80211_IBSS_MERGE_INTERVAL (30 * HZ)
51 #define IEEE80211_IBSS_INACTIVITY_LIMIT (60 * HZ)
52
53 #define IEEE80211_IBSS_MAX_STA_ENTRIES 128
54
55
56 #define IEEE80211_FC(type, stype) cpu_to_le16(type | stype)
57
58 #define ERP_INFO_USE_PROTECTION BIT(1)
59
60 /* mgmt header + 1 byte action code */
61 #define IEEE80211_MIN_ACTION_SIZE (24 + 1)
62
63 #define IEEE80211_ADDBA_PARAM_POLICY_MASK 0x0002
64 #define IEEE80211_ADDBA_PARAM_TID_MASK 0x003C
65 #define IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK 0xFFA0
66 #define IEEE80211_DELBA_PARAM_TID_MASK 0xF000
67 #define IEEE80211_DELBA_PARAM_INITIATOR_MASK 0x0800
68
69 /* next values represent the buffer size for A-MPDU frame.
70  * According to IEEE802.11n spec size varies from 8K to 64K (in powers of 2) */
71 #define IEEE80211_MIN_AMPDU_BUF 0x8
72 #define IEEE80211_MAX_AMPDU_BUF 0x40
73
74 static void ieee80211_send_probe_req(struct net_device *dev, u8 *dst,
75                                      u8 *ssid, size_t ssid_len);
76 static struct ieee80211_sta_bss *
77 ieee80211_rx_bss_get(struct net_device *dev, u8 *bssid, int channel,
78                      u8 *ssid, u8 ssid_len);
79 static void ieee80211_rx_bss_put(struct net_device *dev,
80                                  struct ieee80211_sta_bss *bss);
81 static int ieee80211_sta_find_ibss(struct net_device *dev,
82                                    struct ieee80211_if_sta *ifsta);
83 static int ieee80211_sta_wep_configured(struct net_device *dev);
84 static int ieee80211_sta_start_scan(struct net_device *dev,
85                                     u8 *ssid, size_t ssid_len);
86 static int ieee80211_sta_config_auth(struct net_device *dev,
87                                      struct ieee80211_if_sta *ifsta);
88
89
90 /* Parsed Information Elements */
91 struct ieee802_11_elems {
92         /* pointers to IEs */
93         u8 *ssid;
94         u8 *supp_rates;
95         u8 *fh_params;
96         u8 *ds_params;
97         u8 *cf_params;
98         u8 *tim;
99         u8 *ibss_params;
100         u8 *challenge;
101         u8 *wpa;
102         u8 *rsn;
103         u8 *erp_info;
104         u8 *ext_supp_rates;
105         u8 *wmm_info;
106         u8 *wmm_param;
107         u8 *ht_cap_elem;
108         u8 *ht_info_elem;
109         /* length of them, respectively */
110         u8 ssid_len;
111         u8 supp_rates_len;
112         u8 fh_params_len;
113         u8 ds_params_len;
114         u8 cf_params_len;
115         u8 tim_len;
116         u8 ibss_params_len;
117         u8 challenge_len;
118         u8 wpa_len;
119         u8 rsn_len;
120         u8 erp_info_len;
121         u8 ext_supp_rates_len;
122         u8 wmm_info_len;
123         u8 wmm_param_len;
124         u8 ht_cap_elem_len;
125         u8 ht_info_elem_len;
126 };
127
128 static void ieee802_11_parse_elems(u8 *start, size_t len,
129                                    struct ieee802_11_elems *elems)
130 {
131         size_t left = len;
132         u8 *pos = start;
133
134         memset(elems, 0, sizeof(*elems));
135
136         while (left >= 2) {
137                 u8 id, elen;
138
139                 id = *pos++;
140                 elen = *pos++;
141                 left -= 2;
142
143                 if (elen > left)
144                         return;
145
146                 switch (id) {
147                 case WLAN_EID_SSID:
148                         elems->ssid = pos;
149                         elems->ssid_len = elen;
150                         break;
151                 case WLAN_EID_SUPP_RATES:
152                         elems->supp_rates = pos;
153                         elems->supp_rates_len = elen;
154                         break;
155                 case WLAN_EID_FH_PARAMS:
156                         elems->fh_params = pos;
157                         elems->fh_params_len = elen;
158                         break;
159                 case WLAN_EID_DS_PARAMS:
160                         elems->ds_params = pos;
161                         elems->ds_params_len = elen;
162                         break;
163                 case WLAN_EID_CF_PARAMS:
164                         elems->cf_params = pos;
165                         elems->cf_params_len = elen;
166                         break;
167                 case WLAN_EID_TIM:
168                         elems->tim = pos;
169                         elems->tim_len = elen;
170                         break;
171                 case WLAN_EID_IBSS_PARAMS:
172                         elems->ibss_params = pos;
173                         elems->ibss_params_len = elen;
174                         break;
175                 case WLAN_EID_CHALLENGE:
176                         elems->challenge = pos;
177                         elems->challenge_len = elen;
178                         break;
179                 case WLAN_EID_WPA:
180                         if (elen >= 4 && pos[0] == 0x00 && pos[1] == 0x50 &&
181                             pos[2] == 0xf2) {
182                                 /* Microsoft OUI (00:50:F2) */
183                                 if (pos[3] == 1) {
184                                         /* OUI Type 1 - WPA IE */
185                                         elems->wpa = pos;
186                                         elems->wpa_len = elen;
187                                 } else if (elen >= 5 && pos[3] == 2) {
188                                         if (pos[4] == 0) {
189                                                 elems->wmm_info = pos;
190                                                 elems->wmm_info_len = elen;
191                                         } else if (pos[4] == 1) {
192                                                 elems->wmm_param = pos;
193                                                 elems->wmm_param_len = elen;
194                                         }
195                                 }
196                         }
197                         break;
198                 case WLAN_EID_RSN:
199                         elems->rsn = pos;
200                         elems->rsn_len = elen;
201                         break;
202                 case WLAN_EID_ERP_INFO:
203                         elems->erp_info = pos;
204                         elems->erp_info_len = elen;
205                         break;
206                 case WLAN_EID_EXT_SUPP_RATES:
207                         elems->ext_supp_rates = pos;
208                         elems->ext_supp_rates_len = elen;
209                         break;
210                 case WLAN_EID_HT_CAPABILITY:
211                         elems->ht_cap_elem = pos;
212                         elems->ht_cap_elem_len = elen;
213                         break;
214                 case WLAN_EID_HT_EXTRA_INFO:
215                         elems->ht_info_elem = pos;
216                         elems->ht_info_elem_len = elen;
217                         break;
218                 default:
219                         break;
220                 }
221
222                 left -= elen;
223                 pos += elen;
224         }
225 }
226
227
228 static int ecw2cw(int ecw)
229 {
230         int cw = 1;
231         while (ecw > 0) {
232                 cw <<= 1;
233                 ecw--;
234         }
235         return cw - 1;
236 }
237
238 static void ieee80211_sta_wmm_params(struct net_device *dev,
239                                      struct ieee80211_if_sta *ifsta,
240                                      u8 *wmm_param, size_t wmm_param_len)
241 {
242         struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
243         struct ieee80211_tx_queue_params params;
244         size_t left;
245         int count;
246         u8 *pos;
247
248         if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1)
249                 return;
250         count = wmm_param[6] & 0x0f;
251         if (count == ifsta->wmm_last_param_set)
252                 return;
253         ifsta->wmm_last_param_set = count;
254
255         pos = wmm_param + 8;
256         left = wmm_param_len - 8;
257
258         memset(&params, 0, sizeof(params));
259
260         if (!local->ops->conf_tx)
261                 return;
262
263         local->wmm_acm = 0;
264         for (; left >= 4; left -= 4, pos += 4) {
265                 int aci = (pos[0] >> 5) & 0x03;
266                 int acm = (pos[0] >> 4) & 0x01;
267                 int queue;
268
269                 switch (aci) {
270                 case 1:
271                         queue = IEEE80211_TX_QUEUE_DATA3;
272                         if (acm) {
273                                 local->wmm_acm |= BIT(0) | BIT(3);
274                         }
275                         break;
276                 case 2:
277                         queue = IEEE80211_TX_QUEUE_DATA1;
278                         if (acm) {
279                                 local->wmm_acm |= BIT(4) | BIT(5);
280                         }
281                         break;
282                 case 3:
283                         queue = IEEE80211_TX_QUEUE_DATA0;
284                         if (acm) {
285                                 local->wmm_acm |= BIT(6) | BIT(7);
286                         }
287                         break;
288                 case 0:
289                 default:
290                         queue = IEEE80211_TX_QUEUE_DATA2;
291                         if (acm) {
292                                 local->wmm_acm |= BIT(1) | BIT(2);
293                         }
294                         break;
295                 }
296
297                 params.aifs = pos[0] & 0x0f;
298                 params.cw_max = ecw2cw((pos[1] & 0xf0) >> 4);
299                 params.cw_min = ecw2cw(pos[1] & 0x0f);
300                 /* TXOP is in units of 32 usec; burst_time in 0.1 ms */
301                 params.burst_time = (pos[2] | (pos[3] << 8)) * 32 / 100;
302                 printk(KERN_DEBUG "%s: WMM queue=%d aci=%d acm=%d aifs=%d "
303                        "cWmin=%d cWmax=%d burst=%d\n",
304                        dev->name, queue, aci, acm, params.aifs, params.cw_min,
305                        params.cw_max, params.burst_time);
306                 /* TODO: handle ACM (block TX, fallback to next lowest allowed
307                  * AC for now) */
308                 if (local->ops->conf_tx(local_to_hw(local), queue, &params)) {
309                         printk(KERN_DEBUG "%s: failed to set TX queue "
310                                "parameters for queue %d\n", dev->name, queue);
311                 }
312         }
313 }
314
315
316 static u32 ieee80211_handle_erp_ie(struct ieee80211_sub_if_data *sdata,
317                                    u8 erp_value)
318 {
319         struct ieee80211_bss_conf *bss_conf = &sdata->bss_conf;
320         struct ieee80211_if_sta *ifsta = &sdata->u.sta;
321         bool use_protection = (erp_value & WLAN_ERP_USE_PROTECTION) != 0;
322         bool preamble_mode = (erp_value & WLAN_ERP_BARKER_PREAMBLE) != 0;
323         DECLARE_MAC_BUF(mac);
324         u32 changed = 0;
325
326         if (use_protection != bss_conf->use_cts_prot) {
327                 if (net_ratelimit()) {
328                         printk(KERN_DEBUG "%s: CTS protection %s (BSSID="
329                                "%s)\n",
330                                sdata->dev->name,
331                                use_protection ? "enabled" : "disabled",
332                                print_mac(mac, ifsta->bssid));
333                 }
334                 bss_conf->use_cts_prot = use_protection;
335                 changed |= BSS_CHANGED_ERP_CTS_PROT;
336         }
337
338         if (preamble_mode != bss_conf->use_short_preamble) {
339                 if (net_ratelimit()) {
340                         printk(KERN_DEBUG "%s: switched to %s barker preamble"
341                                " (BSSID=%s)\n",
342                                sdata->dev->name,
343                                (preamble_mode == WLAN_ERP_PREAMBLE_SHORT) ?
344                                         "short" : "long",
345                                print_mac(mac, ifsta->bssid));
346                 }
347                 bss_conf->use_short_preamble = preamble_mode;
348                 changed |= BSS_CHANGED_ERP_PREAMBLE;
349         }
350
351         return changed;
352 }
353
354 int ieee80211_ht_cap_ie_to_ht_info(struct ieee80211_ht_cap *ht_cap_ie,
355                                    struct ieee80211_ht_info *ht_info)
356 {
357
358         if (ht_info == NULL)
359                 return -EINVAL;
360
361         memset(ht_info, 0, sizeof(*ht_info));
362
363         if (ht_cap_ie) {
364                 u8 ampdu_info = ht_cap_ie->ampdu_params_info;
365
366                 ht_info->ht_supported = 1;
367                 ht_info->cap = le16_to_cpu(ht_cap_ie->cap_info);
368                 ht_info->ampdu_factor =
369                         ampdu_info & IEEE80211_HT_CAP_AMPDU_FACTOR;
370                 ht_info->ampdu_density =
371                         (ampdu_info & IEEE80211_HT_CAP_AMPDU_DENSITY) >> 2;
372                 memcpy(ht_info->supp_mcs_set, ht_cap_ie->supp_mcs_set, 16);
373         } else
374                 ht_info->ht_supported = 0;
375
376         return 0;
377 }
378
379 int ieee80211_ht_addt_info_ie_to_ht_bss_info(
380                         struct ieee80211_ht_addt_info *ht_add_info_ie,
381                         struct ieee80211_ht_bss_info *bss_info)
382 {
383         if (bss_info == NULL)
384                 return -EINVAL;
385
386         memset(bss_info, 0, sizeof(*bss_info));
387
388         if (ht_add_info_ie) {
389                 u16 op_mode;
390                 op_mode = le16_to_cpu(ht_add_info_ie->operation_mode);
391
392                 bss_info->primary_channel = ht_add_info_ie->control_chan;
393                 bss_info->bss_cap = ht_add_info_ie->ht_param;
394                 bss_info->bss_op_mode = (u8)(op_mode & 0xff);
395         }
396
397         return 0;
398 }
399
400 static void ieee80211_sta_send_associnfo(struct net_device *dev,
401                                          struct ieee80211_if_sta *ifsta)
402 {
403         char *buf;
404         size_t len;
405         int i;
406         union iwreq_data wrqu;
407
408         if (!ifsta->assocreq_ies && !ifsta->assocresp_ies)
409                 return;
410
411         buf = kmalloc(50 + 2 * (ifsta->assocreq_ies_len +
412                                 ifsta->assocresp_ies_len), GFP_KERNEL);
413         if (!buf)
414                 return;
415
416         len = sprintf(buf, "ASSOCINFO(");
417         if (ifsta->assocreq_ies) {
418                 len += sprintf(buf + len, "ReqIEs=");
419                 for (i = 0; i < ifsta->assocreq_ies_len; i++) {
420                         len += sprintf(buf + len, "%02x",
421                                        ifsta->assocreq_ies[i]);
422                 }
423         }
424         if (ifsta->assocresp_ies) {
425                 if (ifsta->assocreq_ies)
426                         len += sprintf(buf + len, " ");
427                 len += sprintf(buf + len, "RespIEs=");
428                 for (i = 0; i < ifsta->assocresp_ies_len; i++) {
429                         len += sprintf(buf + len, "%02x",
430                                        ifsta->assocresp_ies[i]);
431                 }
432         }
433         len += sprintf(buf + len, ")");
434
435         if (len > IW_CUSTOM_MAX) {
436                 len = sprintf(buf, "ASSOCRESPIE=");
437                 for (i = 0; i < ifsta->assocresp_ies_len; i++) {
438                         len += sprintf(buf + len, "%02x",
439                                        ifsta->assocresp_ies[i]);
440                 }
441         }
442
443         memset(&wrqu, 0, sizeof(wrqu));
444         wrqu.data.length = len;
445         wireless_send_event(dev, IWEVCUSTOM, &wrqu, buf);
446
447         kfree(buf);
448 }
449
450
451 static void ieee80211_set_associated(struct net_device *dev,
452                                      struct ieee80211_if_sta *ifsta,
453                                      bool assoc)
454 {
455         struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
456         struct ieee80211_local *local = sdata->local;
457         union iwreq_data wrqu;
458         u32 changed = BSS_CHANGED_ASSOC;
459
460         if (assoc) {
461                 struct ieee80211_sta_bss *bss;
462
463                 ifsta->flags |= IEEE80211_STA_ASSOCIATED;
464
465                 if (sdata->vif.type != IEEE80211_IF_TYPE_STA)
466                         return;
467
468                 bss = ieee80211_rx_bss_get(dev, ifsta->bssid,
469                                            local->hw.conf.channel,
470                                            ifsta->ssid, ifsta->ssid_len);
471                 if (bss) {
472                         if (bss->has_erp_value)
473                                 changed |= ieee80211_handle_erp_ie(
474                                                 sdata, bss->erp_value);
475                         ieee80211_rx_bss_put(dev, bss);
476                 }
477
478                 netif_carrier_on(dev);
479                 ifsta->flags |= IEEE80211_STA_PREV_BSSID_SET;
480                 memcpy(ifsta->prev_bssid, sdata->u.sta.bssid, ETH_ALEN);
481                 memcpy(wrqu.ap_addr.sa_data, sdata->u.sta.bssid, ETH_ALEN);
482                 ieee80211_sta_send_associnfo(dev, ifsta);
483         } else {
484                 ifsta->flags &= ~IEEE80211_STA_ASSOCIATED;
485
486                 netif_carrier_off(dev);
487                 ieee80211_reset_erp_info(dev);
488                 memset(wrqu.ap_addr.sa_data, 0, ETH_ALEN);
489         }
490         wrqu.ap_addr.sa_family = ARPHRD_ETHER;
491         wireless_send_event(dev, SIOCGIWAP, &wrqu, NULL);
492         ifsta->last_probe = jiffies;
493         ieee80211_led_assoc(local, assoc);
494
495         ieee80211_bss_info_change_notify(sdata, changed);
496 }
497
498 static void ieee80211_set_disassoc(struct net_device *dev,
499                                    struct ieee80211_if_sta *ifsta, int deauth)
500 {
501         if (deauth)
502                 ifsta->auth_tries = 0;
503         ifsta->assoc_tries = 0;
504         ieee80211_set_associated(dev, ifsta, 0);
505 }
506
507 static void ieee80211_sta_tx(struct net_device *dev, struct sk_buff *skb,
508                              int encrypt)
509 {
510         struct ieee80211_sub_if_data *sdata;
511         struct ieee80211_tx_packet_data *pkt_data;
512
513         sdata = IEEE80211_DEV_TO_SUB_IF(dev);
514         skb->dev = sdata->local->mdev;
515         skb_set_mac_header(skb, 0);
516         skb_set_network_header(skb, 0);
517         skb_set_transport_header(skb, 0);
518
519         pkt_data = (struct ieee80211_tx_packet_data *) skb->cb;
520         memset(pkt_data, 0, sizeof(struct ieee80211_tx_packet_data));
521         pkt_data->ifindex = sdata->dev->ifindex;
522         if (!encrypt)
523                 pkt_data->flags |= IEEE80211_TXPD_DO_NOT_ENCRYPT;
524
525         dev_queue_xmit(skb);
526 }
527
528
529 static void ieee80211_send_auth(struct net_device *dev,
530                                 struct ieee80211_if_sta *ifsta,
531                                 int transaction, u8 *extra, size_t extra_len,
532                                 int encrypt)
533 {
534         struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
535         struct sk_buff *skb;
536         struct ieee80211_mgmt *mgmt;
537
538         skb = dev_alloc_skb(local->hw.extra_tx_headroom +
539                             sizeof(*mgmt) + 6 + extra_len);
540         if (!skb) {
541                 printk(KERN_DEBUG "%s: failed to allocate buffer for auth "
542                        "frame\n", dev->name);
543                 return;
544         }
545         skb_reserve(skb, local->hw.extra_tx_headroom);
546
547         mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24 + 6);
548         memset(mgmt, 0, 24 + 6);
549         mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
550                                            IEEE80211_STYPE_AUTH);
551         if (encrypt)
552                 mgmt->frame_control |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
553         memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
554         memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
555         memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
556         mgmt->u.auth.auth_alg = cpu_to_le16(ifsta->auth_alg);
557         mgmt->u.auth.auth_transaction = cpu_to_le16(transaction);
558         ifsta->auth_transaction = transaction + 1;
559         mgmt->u.auth.status_code = cpu_to_le16(0);
560         if (extra)
561                 memcpy(skb_put(skb, extra_len), extra, extra_len);
562
563         ieee80211_sta_tx(dev, skb, encrypt);
564 }
565
566
567 static void ieee80211_authenticate(struct net_device *dev,
568                                    struct ieee80211_if_sta *ifsta)
569 {
570         DECLARE_MAC_BUF(mac);
571
572         ifsta->auth_tries++;
573         if (ifsta->auth_tries > IEEE80211_AUTH_MAX_TRIES) {
574                 printk(KERN_DEBUG "%s: authentication with AP %s"
575                        " timed out\n",
576                        dev->name, print_mac(mac, ifsta->bssid));
577                 ifsta->state = IEEE80211_DISABLED;
578                 return;
579         }
580
581         ifsta->state = IEEE80211_AUTHENTICATE;
582         printk(KERN_DEBUG "%s: authenticate with AP %s\n",
583                dev->name, print_mac(mac, ifsta->bssid));
584
585         ieee80211_send_auth(dev, ifsta, 1, NULL, 0, 0);
586
587         mod_timer(&ifsta->timer, jiffies + IEEE80211_AUTH_TIMEOUT);
588 }
589
590
591 static void ieee80211_send_assoc(struct net_device *dev,
592                                  struct ieee80211_if_sta *ifsta)
593 {
594         struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
595         struct ieee80211_hw_mode *mode;
596         struct sk_buff *skb;
597         struct ieee80211_mgmt *mgmt;
598         u8 *pos, *ies;
599         int i, len;
600         u16 capab;
601         struct ieee80211_sta_bss *bss;
602         int wmm = 0;
603
604         skb = dev_alloc_skb(local->hw.extra_tx_headroom +
605                             sizeof(*mgmt) + 200 + ifsta->extra_ie_len +
606                             ifsta->ssid_len);
607         if (!skb) {
608                 printk(KERN_DEBUG "%s: failed to allocate buffer for assoc "
609                        "frame\n", dev->name);
610                 return;
611         }
612         skb_reserve(skb, local->hw.extra_tx_headroom);
613
614         mode = local->oper_hw_mode;
615         capab = ifsta->capab;
616         if (mode->mode == MODE_IEEE80211G) {
617                 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME |
618                         WLAN_CAPABILITY_SHORT_PREAMBLE;
619         }
620         bss = ieee80211_rx_bss_get(dev, ifsta->bssid, local->hw.conf.channel,
621                                    ifsta->ssid, ifsta->ssid_len);
622         if (bss) {
623                 if (bss->capability & WLAN_CAPABILITY_PRIVACY)
624                         capab |= WLAN_CAPABILITY_PRIVACY;
625                 if (bss->wmm_ie) {
626                         wmm = 1;
627                 }
628                 ieee80211_rx_bss_put(dev, bss);
629         }
630
631         mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
632         memset(mgmt, 0, 24);
633         memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
634         memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
635         memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
636
637         if (ifsta->flags & IEEE80211_STA_PREV_BSSID_SET) {
638                 skb_put(skb, 10);
639                 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
640                                                    IEEE80211_STYPE_REASSOC_REQ);
641                 mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab);
642                 mgmt->u.reassoc_req.listen_interval = cpu_to_le16(1);
643                 memcpy(mgmt->u.reassoc_req.current_ap, ifsta->prev_bssid,
644                        ETH_ALEN);
645         } else {
646                 skb_put(skb, 4);
647                 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
648                                                    IEEE80211_STYPE_ASSOC_REQ);
649                 mgmt->u.assoc_req.capab_info = cpu_to_le16(capab);
650                 mgmt->u.assoc_req.listen_interval = cpu_to_le16(1);
651         }
652
653         /* SSID */
654         ies = pos = skb_put(skb, 2 + ifsta->ssid_len);
655         *pos++ = WLAN_EID_SSID;
656         *pos++ = ifsta->ssid_len;
657         memcpy(pos, ifsta->ssid, ifsta->ssid_len);
658
659         len = mode->num_rates;
660         if (len > 8)
661                 len = 8;
662         pos = skb_put(skb, len + 2);
663         *pos++ = WLAN_EID_SUPP_RATES;
664         *pos++ = len;
665         for (i = 0; i < len; i++) {
666                 int rate = mode->rates[i].rate;
667                 *pos++ = (u8) (rate / 5);
668         }
669
670         if (mode->num_rates > len) {
671                 pos = skb_put(skb, mode->num_rates - len + 2);
672                 *pos++ = WLAN_EID_EXT_SUPP_RATES;
673                 *pos++ = mode->num_rates - len;
674                 for (i = len; i < mode->num_rates; i++) {
675                         int rate = mode->rates[i].rate;
676                         *pos++ = (u8) (rate / 5);
677                 }
678         }
679
680         if (ifsta->extra_ie) {
681                 pos = skb_put(skb, ifsta->extra_ie_len);
682                 memcpy(pos, ifsta->extra_ie, ifsta->extra_ie_len);
683         }
684
685         if (wmm && (ifsta->flags & IEEE80211_STA_WMM_ENABLED)) {
686                 pos = skb_put(skb, 9);
687                 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
688                 *pos++ = 7; /* len */
689                 *pos++ = 0x00; /* Microsoft OUI 00:50:F2 */
690                 *pos++ = 0x50;
691                 *pos++ = 0xf2;
692                 *pos++ = 2; /* WME */
693                 *pos++ = 0; /* WME info */
694                 *pos++ = 1; /* WME ver */
695                 *pos++ = 0;
696         }
697         /* wmm support is a must to HT */
698         if (wmm && mode->ht_info.ht_supported) {
699                 __le16 tmp = cpu_to_le16(mode->ht_info.cap);
700                 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap)+2);
701                 *pos++ = WLAN_EID_HT_CAPABILITY;
702                 *pos++ = sizeof(struct ieee80211_ht_cap);
703                 memset(pos, 0, sizeof(struct ieee80211_ht_cap));
704                 memcpy(pos, &tmp, sizeof(u16));
705                 pos += sizeof(u16);
706                 *pos++ = (mode->ht_info.ampdu_factor |
707                                 (mode->ht_info.ampdu_density << 2));
708                 memcpy(pos, mode->ht_info.supp_mcs_set, 16);
709         }
710
711         kfree(ifsta->assocreq_ies);
712         ifsta->assocreq_ies_len = (skb->data + skb->len) - ies;
713         ifsta->assocreq_ies = kmalloc(ifsta->assocreq_ies_len, GFP_KERNEL);
714         if (ifsta->assocreq_ies)
715                 memcpy(ifsta->assocreq_ies, ies, ifsta->assocreq_ies_len);
716
717         ieee80211_sta_tx(dev, skb, 0);
718 }
719
720
721 static void ieee80211_send_deauth(struct net_device *dev,
722                                   struct ieee80211_if_sta *ifsta, u16 reason)
723 {
724         struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
725         struct sk_buff *skb;
726         struct ieee80211_mgmt *mgmt;
727
728         skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt));
729         if (!skb) {
730                 printk(KERN_DEBUG "%s: failed to allocate buffer for deauth "
731                        "frame\n", dev->name);
732                 return;
733         }
734         skb_reserve(skb, local->hw.extra_tx_headroom);
735
736         mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
737         memset(mgmt, 0, 24);
738         memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
739         memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
740         memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
741         mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
742                                            IEEE80211_STYPE_DEAUTH);
743         skb_put(skb, 2);
744         mgmt->u.deauth.reason_code = cpu_to_le16(reason);
745
746         ieee80211_sta_tx(dev, skb, 0);
747 }
748
749
750 static void ieee80211_send_disassoc(struct net_device *dev,
751                                     struct ieee80211_if_sta *ifsta, u16 reason)
752 {
753         struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
754         struct sk_buff *skb;
755         struct ieee80211_mgmt *mgmt;
756
757         skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt));
758         if (!skb) {
759                 printk(KERN_DEBUG "%s: failed to allocate buffer for disassoc "
760                        "frame\n", dev->name);
761                 return;
762         }
763         skb_reserve(skb, local->hw.extra_tx_headroom);
764
765         mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
766         memset(mgmt, 0, 24);
767         memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
768         memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
769         memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
770         mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
771                                            IEEE80211_STYPE_DISASSOC);
772         skb_put(skb, 2);
773         mgmt->u.disassoc.reason_code = cpu_to_le16(reason);
774
775         ieee80211_sta_tx(dev, skb, 0);
776 }
777
778
779 static int ieee80211_privacy_mismatch(struct net_device *dev,
780                                       struct ieee80211_if_sta *ifsta)
781 {
782         struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
783         struct ieee80211_sta_bss *bss;
784         int bss_privacy;
785         int wep_privacy;
786         int privacy_invoked;
787
788         if (!ifsta || (ifsta->flags & IEEE80211_STA_MIXED_CELL))
789                 return 0;
790
791         bss = ieee80211_rx_bss_get(dev, ifsta->bssid, local->hw.conf.channel,
792                                    ifsta->ssid, ifsta->ssid_len);
793         if (!bss)
794                 return 0;
795
796         bss_privacy = !!(bss->capability & WLAN_CAPABILITY_PRIVACY);
797         wep_privacy = !!ieee80211_sta_wep_configured(dev);
798         privacy_invoked = !!(ifsta->flags & IEEE80211_STA_PRIVACY_INVOKED);
799
800         ieee80211_rx_bss_put(dev, bss);
801
802         if ((bss_privacy == wep_privacy) || (bss_privacy == privacy_invoked))
803                 return 0;
804
805         return 1;
806 }
807
808
809 static void ieee80211_associate(struct net_device *dev,
810                                 struct ieee80211_if_sta *ifsta)
811 {
812         DECLARE_MAC_BUF(mac);
813
814         ifsta->assoc_tries++;
815         if (ifsta->assoc_tries > IEEE80211_ASSOC_MAX_TRIES) {
816                 printk(KERN_DEBUG "%s: association with AP %s"
817                        " timed out\n",
818                        dev->name, print_mac(mac, ifsta->bssid));
819                 ifsta->state = IEEE80211_DISABLED;
820                 return;
821         }
822
823         ifsta->state = IEEE80211_ASSOCIATE;
824         printk(KERN_DEBUG "%s: associate with AP %s\n",
825                dev->name, print_mac(mac, ifsta->bssid));
826         if (ieee80211_privacy_mismatch(dev, ifsta)) {
827                 printk(KERN_DEBUG "%s: mismatch in privacy configuration and "
828                        "mixed-cell disabled - abort association\n", dev->name);
829                 ifsta->state = IEEE80211_DISABLED;
830                 return;
831         }
832
833         ieee80211_send_assoc(dev, ifsta);
834
835         mod_timer(&ifsta->timer, jiffies + IEEE80211_ASSOC_TIMEOUT);
836 }
837
838
839 static void ieee80211_associated(struct net_device *dev,
840                                  struct ieee80211_if_sta *ifsta)
841 {
842         struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
843         struct sta_info *sta;
844         int disassoc;
845         DECLARE_MAC_BUF(mac);
846
847         /* TODO: start monitoring current AP signal quality and number of
848          * missed beacons. Scan other channels every now and then and search
849          * for better APs. */
850         /* TODO: remove expired BSSes */
851
852         ifsta->state = IEEE80211_ASSOCIATED;
853
854         sta = sta_info_get(local, ifsta->bssid);
855         if (!sta) {
856                 printk(KERN_DEBUG "%s: No STA entry for own AP %s\n",
857                        dev->name, print_mac(mac, ifsta->bssid));
858                 disassoc = 1;
859         } else {
860                 disassoc = 0;
861                 if (time_after(jiffies,
862                                sta->last_rx + IEEE80211_MONITORING_INTERVAL)) {
863                         if (ifsta->flags & IEEE80211_STA_PROBEREQ_POLL) {
864                                 printk(KERN_DEBUG "%s: No ProbeResp from "
865                                        "current AP %s - assume out of "
866                                        "range\n",
867                                        dev->name, print_mac(mac, ifsta->bssid));
868                                 disassoc = 1;
869                                 sta_info_free(sta);
870                         } else
871                                 ieee80211_send_probe_req(dev, ifsta->bssid,
872                                                          local->scan_ssid,
873                                                          local->scan_ssid_len);
874                         ifsta->flags ^= IEEE80211_STA_PROBEREQ_POLL;
875                 } else {
876                         ifsta->flags &= ~IEEE80211_STA_PROBEREQ_POLL;
877                         if (time_after(jiffies, ifsta->last_probe +
878                                        IEEE80211_PROBE_INTERVAL)) {
879                                 ifsta->last_probe = jiffies;
880                                 ieee80211_send_probe_req(dev, ifsta->bssid,
881                                                          ifsta->ssid,
882                                                          ifsta->ssid_len);
883                         }
884                 }
885                 sta_info_put(sta);
886         }
887         if (disassoc) {
888                 ifsta->state = IEEE80211_DISABLED;
889                 ieee80211_set_associated(dev, ifsta, 0);
890         } else {
891                 mod_timer(&ifsta->timer, jiffies +
892                                       IEEE80211_MONITORING_INTERVAL);
893         }
894 }
895
896
897 static void ieee80211_send_probe_req(struct net_device *dev, u8 *dst,
898                                      u8 *ssid, size_t ssid_len)
899 {
900         struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
901         struct ieee80211_hw_mode *mode;
902         struct sk_buff *skb;
903         struct ieee80211_mgmt *mgmt;
904         u8 *pos, *supp_rates, *esupp_rates = NULL;
905         int i;
906
907         skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt) + 200);
908         if (!skb) {
909                 printk(KERN_DEBUG "%s: failed to allocate buffer for probe "
910                        "request\n", dev->name);
911                 return;
912         }
913         skb_reserve(skb, local->hw.extra_tx_headroom);
914
915         mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
916         memset(mgmt, 0, 24);
917         mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
918                                            IEEE80211_STYPE_PROBE_REQ);
919         memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
920         if (dst) {
921                 memcpy(mgmt->da, dst, ETH_ALEN);
922                 memcpy(mgmt->bssid, dst, ETH_ALEN);
923         } else {
924                 memset(mgmt->da, 0xff, ETH_ALEN);
925                 memset(mgmt->bssid, 0xff, ETH_ALEN);
926         }
927         pos = skb_put(skb, 2 + ssid_len);
928         *pos++ = WLAN_EID_SSID;
929         *pos++ = ssid_len;
930         memcpy(pos, ssid, ssid_len);
931
932         supp_rates = skb_put(skb, 2);
933         supp_rates[0] = WLAN_EID_SUPP_RATES;
934         supp_rates[1] = 0;
935         mode = local->oper_hw_mode;
936         for (i = 0; i < mode->num_rates; i++) {
937                 struct ieee80211_rate *rate = &mode->rates[i];
938                 if (!(rate->flags & IEEE80211_RATE_SUPPORTED))
939                         continue;
940                 if (esupp_rates) {
941                         pos = skb_put(skb, 1);
942                         esupp_rates[1]++;
943                 } else if (supp_rates[1] == 8) {
944                         esupp_rates = skb_put(skb, 3);
945                         esupp_rates[0] = WLAN_EID_EXT_SUPP_RATES;
946                         esupp_rates[1] = 1;
947                         pos = &esupp_rates[2];
948                 } else {
949                         pos = skb_put(skb, 1);
950                         supp_rates[1]++;
951                 }
952                 *pos = rate->rate / 5;
953         }
954
955         ieee80211_sta_tx(dev, skb, 0);
956 }
957
958
959 static int ieee80211_sta_wep_configured(struct net_device *dev)
960 {
961         struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
962         if (!sdata || !sdata->default_key ||
963             sdata->default_key->conf.alg != ALG_WEP)
964                 return 0;
965         return 1;
966 }
967
968
969 static void ieee80211_auth_completed(struct net_device *dev,
970                                      struct ieee80211_if_sta *ifsta)
971 {
972         printk(KERN_DEBUG "%s: authenticated\n", dev->name);
973         ifsta->flags |= IEEE80211_STA_AUTHENTICATED;
974         ieee80211_associate(dev, ifsta);
975 }
976
977
978 static void ieee80211_auth_challenge(struct net_device *dev,
979                                      struct ieee80211_if_sta *ifsta,
980                                      struct ieee80211_mgmt *mgmt,
981                                      size_t len)
982 {
983         u8 *pos;
984         struct ieee802_11_elems elems;
985
986         printk(KERN_DEBUG "%s: replying to auth challenge\n", dev->name);
987         pos = mgmt->u.auth.variable;
988         ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems);
989         if (!elems.challenge) {
990                 printk(KERN_DEBUG "%s: no challenge IE in shared key auth "
991                        "frame\n", dev->name);
992                 return;
993         }
994         ieee80211_send_auth(dev, ifsta, 3, elems.challenge - 2,
995                             elems.challenge_len + 2, 1);
996 }
997
998 static void ieee80211_send_addba_resp(struct net_device *dev, u8 *da, u16 tid,
999                                         u8 dialog_token, u16 status, u16 policy,
1000                                         u16 buf_size, u16 timeout)
1001 {
1002         struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1003         struct ieee80211_if_sta *ifsta = &sdata->u.sta;
1004         struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1005         struct sk_buff *skb;
1006         struct ieee80211_mgmt *mgmt;
1007         u16 capab;
1008
1009         skb = dev_alloc_skb(sizeof(*mgmt) + local->hw.extra_tx_headroom + 1 +
1010                                         sizeof(mgmt->u.action.u.addba_resp));
1011         if (!skb) {
1012                 printk(KERN_DEBUG "%s: failed to allocate buffer "
1013                        "for addba resp frame\n", dev->name);
1014                 return;
1015         }
1016
1017         skb_reserve(skb, local->hw.extra_tx_headroom);
1018         mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
1019         memset(mgmt, 0, 24);
1020         memcpy(mgmt->da, da, ETH_ALEN);
1021         memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
1022         if (sdata->vif.type == IEEE80211_IF_TYPE_AP)
1023                 memcpy(mgmt->bssid, dev->dev_addr, ETH_ALEN);
1024         else
1025                 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
1026         mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
1027                                            IEEE80211_STYPE_ACTION);
1028
1029         skb_put(skb, 1 + sizeof(mgmt->u.action.u.addba_resp));
1030         mgmt->u.action.category = WLAN_CATEGORY_BACK;
1031         mgmt->u.action.u.addba_resp.action_code = WLAN_ACTION_ADDBA_RESP;
1032         mgmt->u.action.u.addba_resp.dialog_token = dialog_token;
1033
1034         capab = (u16)(policy << 1);     /* bit 1 aggregation policy */
1035         capab |= (u16)(tid << 2);       /* bit 5:2 TID number */
1036         capab |= (u16)(buf_size << 6);  /* bit 15:6 max size of aggregation */
1037
1038         mgmt->u.action.u.addba_resp.capab = cpu_to_le16(capab);
1039         mgmt->u.action.u.addba_resp.timeout = cpu_to_le16(timeout);
1040         mgmt->u.action.u.addba_resp.status = cpu_to_le16(status);
1041
1042         ieee80211_sta_tx(dev, skb, 0);
1043
1044         return;
1045 }
1046
1047 static void ieee80211_sta_process_addba_request(struct net_device *dev,
1048                                                 struct ieee80211_mgmt *mgmt,
1049                                                 size_t len)
1050 {
1051         struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1052         struct ieee80211_hw *hw = &local->hw;
1053         struct ieee80211_conf *conf = &hw->conf;
1054         struct sta_info *sta;
1055         struct tid_ampdu_rx *tid_agg_rx;
1056         u16 capab, tid, timeout, ba_policy, buf_size, start_seq_num, status;
1057         u8 dialog_token;
1058         int ret = -EOPNOTSUPP;
1059         DECLARE_MAC_BUF(mac);
1060
1061         sta = sta_info_get(local, mgmt->sa);
1062         if (!sta)
1063                 return;
1064
1065         /* extract session parameters from addba request frame */
1066         dialog_token = mgmt->u.action.u.addba_req.dialog_token;
1067         timeout = le16_to_cpu(mgmt->u.action.u.addba_req.timeout);
1068         start_seq_num =
1069                 le16_to_cpu(mgmt->u.action.u.addba_req.start_seq_num) >> 4;
1070
1071         capab = le16_to_cpu(mgmt->u.action.u.addba_req.capab);
1072         ba_policy = (capab & IEEE80211_ADDBA_PARAM_POLICY_MASK) >> 1;
1073         tid = (capab & IEEE80211_ADDBA_PARAM_TID_MASK) >> 2;
1074         buf_size = (capab & IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK) >> 6;
1075
1076         status = WLAN_STATUS_REQUEST_DECLINED;
1077
1078         /* sanity check for incoming parameters:
1079          * check if configuration can support the BA policy
1080          * and if buffer size does not exceeds max value */
1081         if (((ba_policy != 1)
1082                 && (!(conf->ht_conf.cap & IEEE80211_HT_CAP_DELAY_BA)))
1083                 || (buf_size > IEEE80211_MAX_AMPDU_BUF)) {
1084                 status = WLAN_STATUS_INVALID_QOS_PARAM;
1085 #ifdef CONFIG_MAC80211_HT_DEBUG
1086                 if (net_ratelimit())
1087                         printk(KERN_DEBUG "Block Ack Req with bad params from "
1088                                 "%s on tid %u. policy %d, buffer size %d\n",
1089                                 print_mac(mac, mgmt->sa), tid, ba_policy,
1090                                 buf_size);
1091 #endif /* CONFIG_MAC80211_HT_DEBUG */
1092                 goto end_no_lock;
1093         }
1094         /* determine default buffer size */
1095         if (buf_size == 0) {
1096                 struct ieee80211_hw_mode *mode = conf->mode;
1097                 buf_size = IEEE80211_MIN_AMPDU_BUF;
1098                 buf_size = buf_size << mode->ht_info.ampdu_factor;
1099         }
1100
1101         tid_agg_rx = &sta->ampdu_mlme.tid_rx[tid];
1102
1103         /* examine state machine */
1104         spin_lock_bh(&sta->ampdu_mlme.ampdu_rx);
1105
1106         if (tid_agg_rx->state != HT_AGG_STATE_IDLE) {
1107 #ifdef CONFIG_MAC80211_HT_DEBUG
1108                 if (net_ratelimit())
1109                         printk(KERN_DEBUG "unexpected Block Ack Req from "
1110                                 "%s on tid %u\n",
1111                                 print_mac(mac, mgmt->sa), tid);
1112 #endif /* CONFIG_MAC80211_HT_DEBUG */
1113                 goto end;
1114         }
1115
1116         /* prepare reordering buffer */
1117         tid_agg_rx->reorder_buf =
1118                 kmalloc(buf_size * sizeof(struct sk_buf *), GFP_ATOMIC);
1119         if (!tid_agg_rx->reorder_buf) {
1120                 if (net_ratelimit())
1121                         printk(KERN_ERR "can not allocate reordering buffer "
1122                                "to tid %d\n", tid);
1123                 goto end;
1124         }
1125         memset(tid_agg_rx->reorder_buf, 0,
1126                 buf_size * sizeof(struct sk_buf *));
1127
1128         if (local->ops->ampdu_action)
1129                 ret = local->ops->ampdu_action(hw, IEEE80211_AMPDU_RX_START,
1130                                                sta->addr, tid, start_seq_num);
1131 #ifdef CONFIG_MAC80211_HT_DEBUG
1132         printk(KERN_DEBUG "Rx A-MPDU on tid %d result %d", tid, ret);
1133 #endif /* CONFIG_MAC80211_HT_DEBUG */
1134
1135         if (ret) {
1136                 kfree(tid_agg_rx->reorder_buf);
1137                 goto end;
1138         }
1139
1140         /* change state and send addba resp */
1141         tid_agg_rx->state = HT_AGG_STATE_OPERATIONAL;
1142         tid_agg_rx->dialog_token = dialog_token;
1143         tid_agg_rx->ssn = start_seq_num;
1144         tid_agg_rx->head_seq_num = start_seq_num;
1145         tid_agg_rx->buf_size = buf_size;
1146         tid_agg_rx->timeout = timeout;
1147         tid_agg_rx->stored_mpdu_num = 0;
1148         status = WLAN_STATUS_SUCCESS;
1149 end:
1150         spin_unlock_bh(&sta->ampdu_mlme.ampdu_rx);
1151
1152 end_no_lock:
1153         ieee80211_send_addba_resp(sta->dev, sta->addr, tid, dialog_token,
1154                                 status, 1, buf_size, timeout);
1155         sta_info_put(sta);
1156 }
1157
1158 static void ieee80211_send_delba(struct net_device *dev, const u8 *da, u16 tid,
1159                                  u16 initiator, u16 reason_code)
1160 {
1161         struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1162         struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1163         struct ieee80211_if_sta *ifsta = &sdata->u.sta;
1164         struct sk_buff *skb;
1165         struct ieee80211_mgmt *mgmt;
1166         u16 params;
1167
1168         skb = dev_alloc_skb(sizeof(*mgmt) + local->hw.extra_tx_headroom + 1 +
1169                                         sizeof(mgmt->u.action.u.delba));
1170
1171         if (!skb) {
1172                 printk(KERN_ERR "%s: failed to allocate buffer "
1173                                         "for delba frame\n", dev->name);
1174                 return;
1175         }
1176
1177         skb_reserve(skb, local->hw.extra_tx_headroom);
1178         mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
1179         memset(mgmt, 0, 24);
1180         memcpy(mgmt->da, da, ETH_ALEN);
1181         memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
1182         if (sdata->vif.type == IEEE80211_IF_TYPE_AP)
1183                 memcpy(mgmt->bssid, dev->dev_addr, ETH_ALEN);
1184         else
1185                 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
1186         mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
1187                                         IEEE80211_STYPE_ACTION);
1188
1189         skb_put(skb, 1 + sizeof(mgmt->u.action.u.delba));
1190
1191         mgmt->u.action.category = WLAN_CATEGORY_BACK;
1192         mgmt->u.action.u.delba.action_code = WLAN_ACTION_DELBA;
1193         params = (u16)(initiator << 11);        /* bit 11 initiator */
1194         params |= (u16)(tid << 12);             /* bit 15:12 TID number */
1195
1196         mgmt->u.action.u.delba.params = cpu_to_le16(params);
1197         mgmt->u.action.u.delba.reason_code = cpu_to_le16(reason_code);
1198
1199         ieee80211_sta_tx(dev, skb, 0);
1200 }
1201
1202 void ieee80211_sta_stop_rx_ba_session(struct net_device *dev, u8 *ra, u16 tid,
1203                                         u16 initiator, u16 reason)
1204 {
1205         struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1206         struct ieee80211_hw *hw = &local->hw;
1207         struct sta_info *sta;
1208         int ret, i;
1209
1210         sta = sta_info_get(local, ra);
1211         if (!sta)
1212                 return;
1213
1214         /* check if TID is in operational state */
1215         spin_lock_bh(&sta->ampdu_mlme.ampdu_rx);
1216         if (sta->ampdu_mlme.tid_rx[tid].state
1217                                 != HT_AGG_STATE_OPERATIONAL) {
1218                 spin_unlock_bh(&sta->ampdu_mlme.ampdu_rx);
1219                 sta_info_put(sta);
1220                 return;
1221         }
1222         sta->ampdu_mlme.tid_rx[tid].state =
1223                 HT_AGG_STATE_REQ_STOP_BA_MSK |
1224                 (initiator << HT_AGG_STATE_INITIATOR_SHIFT);
1225                 spin_unlock_bh(&sta->ampdu_mlme.ampdu_rx);
1226
1227         /* stop HW Rx aggregation. ampdu_action existence
1228          * already verified in session init so we add the BUG_ON */
1229         BUG_ON(!local->ops->ampdu_action);
1230
1231         ret = local->ops->ampdu_action(hw, IEEE80211_AMPDU_RX_STOP,
1232                                         ra, tid, EINVAL);
1233         if (ret)
1234                 printk(KERN_DEBUG "HW problem - can not stop rx "
1235                                 "aggergation for tid %d\n", tid);
1236
1237         /* shutdown timer has not expired */
1238         if (initiator != WLAN_BACK_TIMER)
1239                 del_timer_sync(&sta->ampdu_mlme.tid_rx[tid].
1240                                         session_timer);
1241
1242         /* check if this is a self generated aggregation halt */
1243         if (initiator == WLAN_BACK_RECIPIENT || initiator == WLAN_BACK_TIMER)
1244                 ieee80211_send_delba(dev, ra, tid, 0, reason);
1245
1246         /* free the reordering buffer */
1247         for (i = 0; i < sta->ampdu_mlme.tid_rx[tid].buf_size; i++) {
1248                 if (sta->ampdu_mlme.tid_rx[tid].reorder_buf[i]) {
1249                         /* release the reordered frames */
1250                         dev_kfree_skb(sta->ampdu_mlme.tid_rx[tid].reorder_buf[i]);
1251                         sta->ampdu_mlme.tid_rx[tid].stored_mpdu_num--;
1252                         sta->ampdu_mlme.tid_rx[tid].reorder_buf[i] = NULL;
1253                 }
1254         }
1255         kfree(sta->ampdu_mlme.tid_rx[tid].reorder_buf);
1256
1257         sta->ampdu_mlme.tid_rx[tid].state = HT_AGG_STATE_IDLE;
1258         sta_info_put(sta);
1259 }
1260
1261 static void ieee80211_sta_process_delba(struct net_device *dev,
1262                         struct ieee80211_mgmt *mgmt, size_t len)
1263 {
1264         struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1265         struct sta_info *sta;
1266         u16 tid, params;
1267         u16 initiator;
1268         DECLARE_MAC_BUF(mac);
1269
1270         sta = sta_info_get(local, mgmt->sa);
1271         if (!sta)
1272                 return;
1273
1274         params = le16_to_cpu(mgmt->u.action.u.delba.params);
1275         tid = (params & IEEE80211_DELBA_PARAM_TID_MASK) >> 12;
1276         initiator = (params & IEEE80211_DELBA_PARAM_INITIATOR_MASK) >> 11;
1277
1278 #ifdef CONFIG_MAC80211_HT_DEBUG
1279         if (net_ratelimit())
1280                 printk(KERN_DEBUG "delba from %s on tid %d reason code %d\n",
1281                         print_mac(mac, mgmt->sa), tid,
1282                         mgmt->u.action.u.delba.reason_code);
1283 #endif /* CONFIG_MAC80211_HT_DEBUG */
1284
1285         if (initiator == WLAN_BACK_INITIATOR)
1286                 ieee80211_sta_stop_rx_ba_session(dev, sta->addr, tid,
1287                                                  WLAN_BACK_INITIATOR, 0);
1288         sta_info_put(sta);
1289 }
1290
1291 /*
1292  * After receiving Block Ack Request (BAR) we activated a
1293  * timer after each frame arrives from the originator.
1294  * if this timer expires ieee80211_sta_stop_rx_ba_session will be executed.
1295  */
1296 void sta_rx_agg_session_timer_expired(unsigned long data)
1297 {
1298         /* not an elegant detour, but there is no choice as the timer passes
1299          * only one argument, and verious sta_info are needed here, so init
1300          * flow in sta_info_add gives the TID as data, while the timer_to_id
1301          * array gives the sta through container_of */
1302         u8 *ptid = (u8 *)data;
1303         u8 *timer_to_id = ptid - *ptid;
1304         struct sta_info *sta = container_of(timer_to_id, struct sta_info,
1305                                          timer_to_tid[0]);
1306
1307         printk(KERN_DEBUG "rx session timer expired on tid %d\n", (u16)*ptid);
1308         ieee80211_sta_stop_rx_ba_session(sta->dev, sta->addr, (u16)*ptid,
1309                                          WLAN_BACK_TIMER,
1310                                          WLAN_REASON_QSTA_TIMEOUT);
1311 }
1312
1313
1314 static void ieee80211_rx_mgmt_auth(struct net_device *dev,
1315                                    struct ieee80211_if_sta *ifsta,
1316                                    struct ieee80211_mgmt *mgmt,
1317                                    size_t len)
1318 {
1319         struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1320         u16 auth_alg, auth_transaction, status_code;
1321         DECLARE_MAC_BUF(mac);
1322
1323         if (ifsta->state != IEEE80211_AUTHENTICATE &&
1324             sdata->vif.type != IEEE80211_IF_TYPE_IBSS) {
1325                 printk(KERN_DEBUG "%s: authentication frame received from "
1326                        "%s, but not in authenticate state - ignored\n",
1327                        dev->name, print_mac(mac, mgmt->sa));
1328                 return;
1329         }
1330
1331         if (len < 24 + 6) {
1332                 printk(KERN_DEBUG "%s: too short (%zd) authentication frame "
1333                        "received from %s - ignored\n",
1334                        dev->name, len, print_mac(mac, mgmt->sa));
1335                 return;
1336         }
1337
1338         if (sdata->vif.type != IEEE80211_IF_TYPE_IBSS &&
1339             memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN) != 0) {
1340                 printk(KERN_DEBUG "%s: authentication frame received from "
1341                        "unknown AP (SA=%s BSSID=%s) - "
1342                        "ignored\n", dev->name, print_mac(mac, mgmt->sa),
1343                        print_mac(mac, mgmt->bssid));
1344                 return;
1345         }
1346
1347         if (sdata->vif.type != IEEE80211_IF_TYPE_IBSS &&
1348             memcmp(ifsta->bssid, mgmt->bssid, ETH_ALEN) != 0) {
1349                 printk(KERN_DEBUG "%s: authentication frame received from "
1350                        "unknown BSSID (SA=%s BSSID=%s) - "
1351                        "ignored\n", dev->name, print_mac(mac, mgmt->sa),
1352                        print_mac(mac, mgmt->bssid));
1353                 return;
1354         }
1355
1356         auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg);
1357         auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction);
1358         status_code = le16_to_cpu(mgmt->u.auth.status_code);
1359
1360         printk(KERN_DEBUG "%s: RX authentication from %s (alg=%d "
1361                "transaction=%d status=%d)\n",
1362                dev->name, print_mac(mac, mgmt->sa), auth_alg,
1363                auth_transaction, status_code);
1364
1365         if (sdata->vif.type == IEEE80211_IF_TYPE_IBSS) {
1366                 /* IEEE 802.11 standard does not require authentication in IBSS
1367                  * networks and most implementations do not seem to use it.
1368                  * However, try to reply to authentication attempts if someone
1369                  * has actually implemented this.
1370                  * TODO: Could implement shared key authentication. */
1371                 if (auth_alg != WLAN_AUTH_OPEN || auth_transaction != 1) {
1372                         printk(KERN_DEBUG "%s: unexpected IBSS authentication "
1373                                "frame (alg=%d transaction=%d)\n",
1374                                dev->name, auth_alg, auth_transaction);
1375                         return;
1376                 }
1377                 ieee80211_send_auth(dev, ifsta, 2, NULL, 0, 0);
1378         }
1379
1380         if (auth_alg != ifsta->auth_alg ||
1381             auth_transaction != ifsta->auth_transaction) {
1382                 printk(KERN_DEBUG "%s: unexpected authentication frame "
1383                        "(alg=%d transaction=%d)\n",
1384                        dev->name, auth_alg, auth_transaction);
1385                 return;
1386         }
1387
1388         if (status_code != WLAN_STATUS_SUCCESS) {
1389                 printk(KERN_DEBUG "%s: AP denied authentication (auth_alg=%d "
1390                        "code=%d)\n", dev->name, ifsta->auth_alg, status_code);
1391                 if (status_code == WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG) {
1392                         u8 algs[3];
1393                         const int num_algs = ARRAY_SIZE(algs);
1394                         int i, pos;
1395                         algs[0] = algs[1] = algs[2] = 0xff;
1396                         if (ifsta->auth_algs & IEEE80211_AUTH_ALG_OPEN)
1397                                 algs[0] = WLAN_AUTH_OPEN;
1398                         if (ifsta->auth_algs & IEEE80211_AUTH_ALG_SHARED_KEY)
1399                                 algs[1] = WLAN_AUTH_SHARED_KEY;
1400                         if (ifsta->auth_algs & IEEE80211_AUTH_ALG_LEAP)
1401                                 algs[2] = WLAN_AUTH_LEAP;
1402                         if (ifsta->auth_alg == WLAN_AUTH_OPEN)
1403                                 pos = 0;
1404                         else if (ifsta->auth_alg == WLAN_AUTH_SHARED_KEY)
1405                                 pos = 1;
1406                         else
1407                                 pos = 2;
1408                         for (i = 0; i < num_algs; i++) {
1409                                 pos++;
1410                                 if (pos >= num_algs)
1411                                         pos = 0;
1412                                 if (algs[pos] == ifsta->auth_alg ||
1413                                     algs[pos] == 0xff)
1414                                         continue;
1415                                 if (algs[pos] == WLAN_AUTH_SHARED_KEY &&
1416                                     !ieee80211_sta_wep_configured(dev))
1417                                         continue;
1418                                 ifsta->auth_alg = algs[pos];
1419                                 printk(KERN_DEBUG "%s: set auth_alg=%d for "
1420                                        "next try\n",
1421                                        dev->name, ifsta->auth_alg);
1422                                 break;
1423                         }
1424                 }
1425                 return;
1426         }
1427
1428         switch (ifsta->auth_alg) {
1429         case WLAN_AUTH_OPEN:
1430         case WLAN_AUTH_LEAP:
1431                 ieee80211_auth_completed(dev, ifsta);
1432                 break;
1433         case WLAN_AUTH_SHARED_KEY:
1434                 if (ifsta->auth_transaction == 4)
1435                         ieee80211_auth_completed(dev, ifsta);
1436                 else
1437                         ieee80211_auth_challenge(dev, ifsta, mgmt, len);
1438                 break;
1439         }
1440 }
1441
1442
1443 static void ieee80211_rx_mgmt_deauth(struct net_device *dev,
1444                                      struct ieee80211_if_sta *ifsta,
1445                                      struct ieee80211_mgmt *mgmt,
1446                                      size_t len)
1447 {
1448         u16 reason_code;
1449         DECLARE_MAC_BUF(mac);
1450
1451         if (len < 24 + 2) {
1452                 printk(KERN_DEBUG "%s: too short (%zd) deauthentication frame "
1453                        "received from %s - ignored\n",
1454                        dev->name, len, print_mac(mac, mgmt->sa));
1455                 return;
1456         }
1457
1458         if (memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN) != 0) {
1459                 printk(KERN_DEBUG "%s: deauthentication frame received from "
1460                        "unknown AP (SA=%s BSSID=%s) - "
1461                        "ignored\n", dev->name, print_mac(mac, mgmt->sa),
1462                        print_mac(mac, mgmt->bssid));
1463                 return;
1464         }
1465
1466         reason_code = le16_to_cpu(mgmt->u.deauth.reason_code);
1467
1468         printk(KERN_DEBUG "%s: RX deauthentication from %s"
1469                " (reason=%d)\n",
1470                dev->name, print_mac(mac, mgmt->sa), reason_code);
1471
1472         if (ifsta->flags & IEEE80211_STA_AUTHENTICATED) {
1473                 printk(KERN_DEBUG "%s: deauthenticated\n", dev->name);
1474         }
1475
1476         if (ifsta->state == IEEE80211_AUTHENTICATE ||
1477             ifsta->state == IEEE80211_ASSOCIATE ||
1478             ifsta->state == IEEE80211_ASSOCIATED) {
1479                 ifsta->state = IEEE80211_AUTHENTICATE;
1480                 mod_timer(&ifsta->timer, jiffies +
1481                                       IEEE80211_RETRY_AUTH_INTERVAL);
1482         }
1483
1484         ieee80211_set_disassoc(dev, ifsta, 1);
1485         ifsta->flags &= ~IEEE80211_STA_AUTHENTICATED;
1486 }
1487
1488
1489 static void ieee80211_rx_mgmt_disassoc(struct net_device *dev,
1490                                        struct ieee80211_if_sta *ifsta,
1491                                        struct ieee80211_mgmt *mgmt,
1492                                        size_t len)
1493 {
1494         u16 reason_code;
1495         DECLARE_MAC_BUF(mac);
1496
1497         if (len < 24 + 2) {
1498                 printk(KERN_DEBUG "%s: too short (%zd) disassociation frame "
1499                        "received from %s - ignored\n",
1500                        dev->name, len, print_mac(mac, mgmt->sa));
1501                 return;
1502         }
1503
1504         if (memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN) != 0) {
1505                 printk(KERN_DEBUG "%s: disassociation frame received from "
1506                        "unknown AP (SA=%s BSSID=%s) - "
1507                        "ignored\n", dev->name, print_mac(mac, mgmt->sa),
1508                        print_mac(mac, mgmt->bssid));
1509                 return;
1510         }
1511
1512         reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code);
1513
1514         printk(KERN_DEBUG "%s: RX disassociation from %s"
1515                " (reason=%d)\n",
1516                dev->name, print_mac(mac, mgmt->sa), reason_code);
1517
1518         if (ifsta->flags & IEEE80211_STA_ASSOCIATED)
1519                 printk(KERN_DEBUG "%s: disassociated\n", dev->name);
1520
1521         if (ifsta->state == IEEE80211_ASSOCIATED) {
1522                 ifsta->state = IEEE80211_ASSOCIATE;
1523                 mod_timer(&ifsta->timer, jiffies +
1524                                       IEEE80211_RETRY_AUTH_INTERVAL);
1525         }
1526
1527         ieee80211_set_disassoc(dev, ifsta, 0);
1528 }
1529
1530
1531 static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata,
1532                                          struct ieee80211_if_sta *ifsta,
1533                                          struct ieee80211_mgmt *mgmt,
1534                                          size_t len,
1535                                          int reassoc)
1536 {
1537         struct ieee80211_local *local = sdata->local;
1538         struct net_device *dev = sdata->dev;
1539         struct ieee80211_hw_mode *mode;
1540         struct sta_info *sta;
1541         u32 rates;
1542         u16 capab_info, status_code, aid;
1543         struct ieee802_11_elems elems;
1544         struct ieee80211_bss_conf *bss_conf = &sdata->bss_conf;
1545         u8 *pos;
1546         int i, j;
1547         DECLARE_MAC_BUF(mac);
1548
1549         /* AssocResp and ReassocResp have identical structure, so process both
1550          * of them in this function. */
1551
1552         if (ifsta->state != IEEE80211_ASSOCIATE) {
1553                 printk(KERN_DEBUG "%s: association frame received from "
1554                        "%s, but not in associate state - ignored\n",
1555                        dev->name, print_mac(mac, mgmt->sa));
1556                 return;
1557         }
1558
1559         if (len < 24 + 6) {
1560                 printk(KERN_DEBUG "%s: too short (%zd) association frame "
1561                        "received from %s - ignored\n",
1562                        dev->name, len, print_mac(mac, mgmt->sa));
1563                 return;
1564         }
1565
1566         if (memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN) != 0) {
1567                 printk(KERN_DEBUG "%s: association frame received from "
1568                        "unknown AP (SA=%s BSSID=%s) - "
1569                        "ignored\n", dev->name, print_mac(mac, mgmt->sa),
1570                        print_mac(mac, mgmt->bssid));
1571                 return;
1572         }
1573
1574         capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
1575         status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code);
1576         aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
1577
1578         printk(KERN_DEBUG "%s: RX %sssocResp from %s (capab=0x%x "
1579                "status=%d aid=%d)\n",
1580                dev->name, reassoc ? "Rea" : "A", print_mac(mac, mgmt->sa),
1581                capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14))));
1582
1583         if (status_code != WLAN_STATUS_SUCCESS) {
1584                 printk(KERN_DEBUG "%s: AP denied association (code=%d)\n",
1585                        dev->name, status_code);
1586                 /* if this was a reassociation, ensure we try a "full"
1587                  * association next time. This works around some broken APs
1588                  * which do not correctly reject reassociation requests. */
1589                 ifsta->flags &= ~IEEE80211_STA_PREV_BSSID_SET;
1590                 return;
1591         }
1592
1593         if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14)))
1594                 printk(KERN_DEBUG "%s: invalid aid value %d; bits 15:14 not "
1595                        "set\n", dev->name, aid);
1596         aid &= ~(BIT(15) | BIT(14));
1597
1598         pos = mgmt->u.assoc_resp.variable;
1599         ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems);
1600
1601         if (!elems.supp_rates) {
1602                 printk(KERN_DEBUG "%s: no SuppRates element in AssocResp\n",
1603                        dev->name);
1604                 return;
1605         }
1606
1607         printk(KERN_DEBUG "%s: associated\n", dev->name);
1608         ifsta->aid = aid;
1609         ifsta->ap_capab = capab_info;
1610
1611         kfree(ifsta->assocresp_ies);
1612         ifsta->assocresp_ies_len = len - (pos - (u8 *) mgmt);
1613         ifsta->assocresp_ies = kmalloc(ifsta->assocresp_ies_len, GFP_KERNEL);
1614         if (ifsta->assocresp_ies)
1615                 memcpy(ifsta->assocresp_ies, pos, ifsta->assocresp_ies_len);
1616
1617         /* set AID, ieee80211_set_associated() will tell the driver */
1618         bss_conf->aid = aid;
1619         ieee80211_set_associated(dev, ifsta, 1);
1620
1621         /* Add STA entry for the AP */
1622         sta = sta_info_get(local, ifsta->bssid);
1623         if (!sta) {
1624                 struct ieee80211_sta_bss *bss;
1625                 sta = sta_info_add(local, dev, ifsta->bssid, GFP_KERNEL);
1626                 if (!sta) {
1627                         printk(KERN_DEBUG "%s: failed to add STA entry for the"
1628                                " AP\n", dev->name);
1629                         return;
1630                 }
1631                 bss = ieee80211_rx_bss_get(dev, ifsta->bssid,
1632                                            local->hw.conf.channel,
1633                                            ifsta->ssid, ifsta->ssid_len);
1634                 if (bss) {
1635                         sta->last_rssi = bss->rssi;
1636                         sta->last_signal = bss->signal;
1637                         sta->last_noise = bss->noise;
1638                         ieee80211_rx_bss_put(dev, bss);
1639                 }
1640         }
1641
1642         sta->dev = dev;
1643         sta->flags |= WLAN_STA_AUTH | WLAN_STA_ASSOC | WLAN_STA_ASSOC_AP;
1644
1645         rates = 0;
1646         mode = local->oper_hw_mode;
1647         for (i = 0; i < elems.supp_rates_len; i++) {
1648                 int rate = (elems.supp_rates[i] & 0x7f) * 5;
1649                 for (j = 0; j < mode->num_rates; j++)
1650                         if (mode->rates[j].rate == rate)
1651                                 rates |= BIT(j);
1652         }
1653         for (i = 0; i < elems.ext_supp_rates_len; i++) {
1654                 int rate = (elems.ext_supp_rates[i] & 0x7f) * 5;
1655                 for (j = 0; j < mode->num_rates; j++)
1656                         if (mode->rates[j].rate == rate)
1657                                 rates |= BIT(j);
1658         }
1659         sta->supp_rates = rates;
1660
1661         if (elems.ht_cap_elem && elems.ht_info_elem && elems.wmm_param &&
1662             local->ops->conf_ht) {
1663                 struct ieee80211_ht_bss_info bss_info;
1664
1665                 ieee80211_ht_cap_ie_to_ht_info(
1666                                 (struct ieee80211_ht_cap *)
1667                                 elems.ht_cap_elem, &sta->ht_info);
1668                 ieee80211_ht_addt_info_ie_to_ht_bss_info(
1669                                 (struct ieee80211_ht_addt_info *)
1670                                 elems.ht_info_elem, &bss_info);
1671                 ieee80211_hw_config_ht(local, 1, &sta->ht_info, &bss_info);
1672         }
1673
1674         rate_control_rate_init(sta, local);
1675
1676         if (elems.wmm_param && (ifsta->flags & IEEE80211_STA_WMM_ENABLED)) {
1677                 sta->flags |= WLAN_STA_WME;
1678                 ieee80211_sta_wmm_params(dev, ifsta, elems.wmm_param,
1679                                          elems.wmm_param_len);
1680         }
1681
1682
1683         sta_info_put(sta);
1684
1685         ieee80211_associated(dev, ifsta);
1686 }
1687
1688
1689 /* Caller must hold local->sta_bss_lock */
1690 static void __ieee80211_rx_bss_hash_add(struct net_device *dev,
1691                                         struct ieee80211_sta_bss *bss)
1692 {
1693         struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1694         bss->hnext = local->sta_bss_hash[STA_HASH(bss->bssid)];
1695         local->sta_bss_hash[STA_HASH(bss->bssid)] = bss;
1696 }
1697
1698
1699 /* Caller must hold local->sta_bss_lock */
1700 static void __ieee80211_rx_bss_hash_del(struct net_device *dev,
1701                                         struct ieee80211_sta_bss *bss)
1702 {
1703         struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1704         struct ieee80211_sta_bss *b, *prev = NULL;
1705         b = local->sta_bss_hash[STA_HASH(bss->bssid)];
1706         while (b) {
1707                 if (b == bss) {
1708                         if (!prev)
1709                                 local->sta_bss_hash[STA_HASH(bss->bssid)] =
1710                                         bss->hnext;
1711                         else
1712                                 prev->hnext = bss->hnext;
1713                         break;
1714                 }
1715                 prev = b;
1716                 b = b->hnext;
1717         }
1718 }
1719
1720
1721 static struct ieee80211_sta_bss *
1722 ieee80211_rx_bss_add(struct net_device *dev, u8 *bssid, int channel,
1723                      u8 *ssid, u8 ssid_len)
1724 {
1725         struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1726         struct ieee80211_sta_bss *bss;
1727
1728         bss = kzalloc(sizeof(*bss), GFP_ATOMIC);
1729         if (!bss)
1730                 return NULL;
1731         atomic_inc(&bss->users);
1732         atomic_inc(&bss->users);
1733         memcpy(bss->bssid, bssid, ETH_ALEN);
1734         bss->channel = channel;
1735         if (ssid && ssid_len <= IEEE80211_MAX_SSID_LEN) {
1736                 memcpy(bss->ssid, ssid, ssid_len);
1737                 bss->ssid_len = ssid_len;
1738         }
1739
1740         spin_lock_bh(&local->sta_bss_lock);
1741         /* TODO: order by RSSI? */
1742         list_add_tail(&bss->list, &local->sta_bss_list);
1743         __ieee80211_rx_bss_hash_add(dev, bss);
1744         spin_unlock_bh(&local->sta_bss_lock);
1745         return bss;
1746 }
1747
1748
1749 static struct ieee80211_sta_bss *
1750 ieee80211_rx_bss_get(struct net_device *dev, u8 *bssid, int channel,
1751                      u8 *ssid, u8 ssid_len)
1752 {
1753         struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1754         struct ieee80211_sta_bss *bss;
1755
1756         spin_lock_bh(&local->sta_bss_lock);
1757         bss = local->sta_bss_hash[STA_HASH(bssid)];
1758         while (bss) {
1759                 if (!memcmp(bss->bssid, bssid, ETH_ALEN) &&
1760                     bss->channel == channel &&
1761                     bss->ssid_len == ssid_len &&
1762                     (ssid_len == 0 || !memcmp(bss->ssid, ssid, ssid_len))) {
1763                         atomic_inc(&bss->users);
1764                         break;
1765                 }
1766                 bss = bss->hnext;
1767         }
1768         spin_unlock_bh(&local->sta_bss_lock);
1769         return bss;
1770 }
1771
1772
1773 static void ieee80211_rx_bss_free(struct ieee80211_sta_bss *bss)
1774 {
1775         kfree(bss->wpa_ie);
1776         kfree(bss->rsn_ie);
1777         kfree(bss->wmm_ie);
1778         kfree(bss->ht_ie);
1779         kfree(bss);
1780 }
1781
1782
1783 static void ieee80211_rx_bss_put(struct net_device *dev,
1784                                  struct ieee80211_sta_bss *bss)
1785 {
1786         struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1787         if (!atomic_dec_and_test(&bss->users))
1788                 return;
1789
1790         spin_lock_bh(&local->sta_bss_lock);
1791         __ieee80211_rx_bss_hash_del(dev, bss);
1792         list_del(&bss->list);
1793         spin_unlock_bh(&local->sta_bss_lock);
1794         ieee80211_rx_bss_free(bss);
1795 }
1796
1797
1798 void ieee80211_rx_bss_list_init(struct net_device *dev)
1799 {
1800         struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1801         spin_lock_init(&local->sta_bss_lock);
1802         INIT_LIST_HEAD(&local->sta_bss_list);
1803 }
1804
1805
1806 void ieee80211_rx_bss_list_deinit(struct net_device *dev)
1807 {
1808         struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1809         struct ieee80211_sta_bss *bss, *tmp;
1810
1811         list_for_each_entry_safe(bss, tmp, &local->sta_bss_list, list)
1812                 ieee80211_rx_bss_put(dev, bss);
1813 }
1814
1815
1816 static void ieee80211_rx_bss_info(struct net_device *dev,
1817                                   struct ieee80211_mgmt *mgmt,
1818                                   size_t len,
1819                                   struct ieee80211_rx_status *rx_status,
1820                                   int beacon)
1821 {
1822         struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1823         struct ieee802_11_elems elems;
1824         size_t baselen;
1825         int channel, clen;
1826         struct ieee80211_sta_bss *bss;
1827         struct sta_info *sta;
1828         struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1829         u64 timestamp;
1830         DECLARE_MAC_BUF(mac);
1831         DECLARE_MAC_BUF(mac2);
1832
1833         if (!beacon && memcmp(mgmt->da, dev->dev_addr, ETH_ALEN))
1834                 return; /* ignore ProbeResp to foreign address */
1835
1836 #if 0
1837         printk(KERN_DEBUG "%s: RX %s from %s to %s\n",
1838                dev->name, beacon ? "Beacon" : "Probe Response",
1839                print_mac(mac, mgmt->sa), print_mac(mac2, mgmt->da));
1840 #endif
1841
1842         baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt;
1843         if (baselen > len)
1844                 return;
1845
1846         timestamp = le64_to_cpu(mgmt->u.beacon.timestamp);
1847
1848         if (sdata->vif.type == IEEE80211_IF_TYPE_IBSS && beacon &&
1849             memcmp(mgmt->bssid, sdata->u.sta.bssid, ETH_ALEN) == 0) {
1850 #ifdef CONFIG_MAC80211_IBSS_DEBUG
1851                 static unsigned long last_tsf_debug = 0;
1852                 u64 tsf;
1853                 if (local->ops->get_tsf)
1854                         tsf = local->ops->get_tsf(local_to_hw(local));
1855                 else
1856                         tsf = -1LLU;
1857                 if (time_after(jiffies, last_tsf_debug + 5 * HZ)) {
1858                         printk(KERN_DEBUG "RX beacon SA=%s BSSID="
1859                                "%s TSF=0x%llx BCN=0x%llx diff=%lld "
1860                                "@%lu\n",
1861                                print_mac(mac, mgmt->sa), print_mac(mac2, mgmt->bssid),
1862                                (unsigned long long)tsf,
1863                                (unsigned long long)timestamp,
1864                                (unsigned long long)(tsf - timestamp),
1865                                jiffies);
1866                         last_tsf_debug = jiffies;
1867                 }
1868 #endif /* CONFIG_MAC80211_IBSS_DEBUG */
1869         }
1870
1871         ieee802_11_parse_elems(mgmt->u.beacon.variable, len - baselen, &elems);
1872
1873         if (sdata->vif.type == IEEE80211_IF_TYPE_IBSS && elems.supp_rates &&
1874             memcmp(mgmt->bssid, sdata->u.sta.bssid, ETH_ALEN) == 0 &&
1875             (sta = sta_info_get(local, mgmt->sa))) {
1876                 struct ieee80211_hw_mode *mode;
1877                 struct ieee80211_rate *rates;
1878                 size_t num_rates;
1879                 u32 supp_rates, prev_rates;
1880                 int i, j;
1881
1882                 mode = local->sta_sw_scanning ?
1883                        local->scan_hw_mode : local->oper_hw_mode;
1884
1885                 if (local->sta_hw_scanning) {
1886                         /* search for the correct mode matches the beacon */
1887                         list_for_each_entry(mode, &local->modes_list, list)
1888                                 if (mode->mode == rx_status->phymode)
1889                                         break;
1890
1891                         if (mode == NULL)
1892                                 mode = local->oper_hw_mode;
1893                 }
1894                 rates = mode->rates;
1895                 num_rates = mode->num_rates;
1896
1897                 supp_rates = 0;
1898                 for (i = 0; i < elems.supp_rates_len +
1899                              elems.ext_supp_rates_len; i++) {
1900                         u8 rate = 0;
1901                         int own_rate;
1902                         if (i < elems.supp_rates_len)
1903                                 rate = elems.supp_rates[i];
1904                         else if (elems.ext_supp_rates)
1905                                 rate = elems.ext_supp_rates
1906                                         [i - elems.supp_rates_len];
1907                         own_rate = 5 * (rate & 0x7f);
1908                         for (j = 0; j < num_rates; j++)
1909                                 if (rates[j].rate == own_rate)
1910                                         supp_rates |= BIT(j);
1911                 }
1912
1913                 prev_rates = sta->supp_rates;
1914                 sta->supp_rates &= supp_rates;
1915                 if (sta->supp_rates == 0) {
1916                         /* No matching rates - this should not really happen.
1917                          * Make sure that at least one rate is marked
1918                          * supported to avoid issues with TX rate ctrl. */
1919                         sta->supp_rates = sdata->u.sta.supp_rates_bits;
1920                 }
1921                 if (sta->supp_rates != prev_rates) {
1922                         printk(KERN_DEBUG "%s: updated supp_rates set for "
1923                                "%s based on beacon info (0x%x & 0x%x -> "
1924                                "0x%x)\n",
1925                                dev->name, print_mac(mac, sta->addr), prev_rates,
1926                                supp_rates, sta->supp_rates);
1927                 }
1928                 sta_info_put(sta);
1929         }
1930
1931         if (!elems.ssid)
1932                 return;
1933
1934         if (elems.ds_params && elems.ds_params_len == 1)
1935                 channel = elems.ds_params[0];
1936         else
1937                 channel = rx_status->channel;
1938
1939         bss = ieee80211_rx_bss_get(dev, mgmt->bssid, channel,
1940                                    elems.ssid, elems.ssid_len);
1941         if (!bss) {
1942                 bss = ieee80211_rx_bss_add(dev, mgmt->bssid, channel,
1943                                            elems.ssid, elems.ssid_len);
1944                 if (!bss)
1945                         return;
1946         } else {
1947 #if 0
1948                 /* TODO: order by RSSI? */
1949                 spin_lock_bh(&local->sta_bss_lock);
1950                 list_move_tail(&bss->list, &local->sta_bss_list);
1951                 spin_unlock_bh(&local->sta_bss_lock);
1952 #endif
1953         }
1954
1955         if (bss->probe_resp && beacon) {
1956                 /* Do not allow beacon to override data from Probe Response. */
1957                 ieee80211_rx_bss_put(dev, bss);
1958                 return;
1959         }
1960
1961         /* save the ERP value so that it is available at association time */
1962         if (elems.erp_info && elems.erp_info_len >= 1) {
1963                 bss->erp_value = elems.erp_info[0];
1964                 bss->has_erp_value = 1;
1965         }
1966
1967         bss->beacon_int = le16_to_cpu(mgmt->u.beacon.beacon_int);
1968         bss->capability = le16_to_cpu(mgmt->u.beacon.capab_info);
1969
1970         bss->supp_rates_len = 0;
1971         if (elems.supp_rates) {
1972                 clen = IEEE80211_MAX_SUPP_RATES - bss->supp_rates_len;
1973                 if (clen > elems.supp_rates_len)
1974                         clen = elems.supp_rates_len;
1975                 memcpy(&bss->supp_rates[bss->supp_rates_len], elems.supp_rates,
1976                        clen);
1977                 bss->supp_rates_len += clen;
1978         }
1979         if (elems.ext_supp_rates) {
1980                 clen = IEEE80211_MAX_SUPP_RATES - bss->supp_rates_len;
1981                 if (clen > elems.ext_supp_rates_len)
1982                         clen = elems.ext_supp_rates_len;
1983                 memcpy(&bss->supp_rates[bss->supp_rates_len],
1984                        elems.ext_supp_rates, clen);
1985                 bss->supp_rates_len += clen;
1986         }
1987
1988         if (elems.wpa &&
1989             (!bss->wpa_ie || bss->wpa_ie_len != elems.wpa_len ||
1990              memcmp(bss->wpa_ie, elems.wpa, elems.wpa_len))) {
1991                 kfree(bss->wpa_ie);
1992                 bss->wpa_ie = kmalloc(elems.wpa_len + 2, GFP_ATOMIC);
1993                 if (bss->wpa_ie) {
1994                         memcpy(bss->wpa_ie, elems.wpa - 2, elems.wpa_len + 2);
1995                         bss->wpa_ie_len = elems.wpa_len + 2;
1996                 } else
1997                         bss->wpa_ie_len = 0;
1998         } else if (!elems.wpa && bss->wpa_ie) {
1999                 kfree(bss->wpa_ie);
2000                 bss->wpa_ie = NULL;
2001                 bss->wpa_ie_len = 0;
2002         }
2003
2004         if (elems.rsn &&
2005             (!bss->rsn_ie || bss->rsn_ie_len != elems.rsn_len ||
2006              memcmp(bss->rsn_ie, elems.rsn, elems.rsn_len))) {
2007                 kfree(bss->rsn_ie);
2008                 bss->rsn_ie = kmalloc(elems.rsn_len + 2, GFP_ATOMIC);
2009                 if (bss->rsn_ie) {
2010                         memcpy(bss->rsn_ie, elems.rsn - 2, elems.rsn_len + 2);
2011                         bss->rsn_ie_len = elems.rsn_len + 2;
2012                 } else
2013                         bss->rsn_ie_len = 0;
2014         } else if (!elems.rsn && bss->rsn_ie) {
2015                 kfree(bss->rsn_ie);
2016                 bss->rsn_ie = NULL;
2017                 bss->rsn_ie_len = 0;
2018         }
2019
2020         if (elems.wmm_param &&
2021             (!bss->wmm_ie || bss->wmm_ie_len != elems.wmm_param_len ||
2022              memcmp(bss->wmm_ie, elems.wmm_param, elems.wmm_param_len))) {
2023                 kfree(bss->wmm_ie);
2024                 bss->wmm_ie = kmalloc(elems.wmm_param_len + 2, GFP_ATOMIC);
2025                 if (bss->wmm_ie) {
2026                         memcpy(bss->wmm_ie, elems.wmm_param - 2,
2027                                elems.wmm_param_len + 2);
2028                         bss->wmm_ie_len = elems.wmm_param_len + 2;
2029                 } else
2030                         bss->wmm_ie_len = 0;
2031         } else if (!elems.wmm_param && bss->wmm_ie) {
2032                 kfree(bss->wmm_ie);
2033                 bss->wmm_ie = NULL;
2034                 bss->wmm_ie_len = 0;
2035         }
2036         if (elems.ht_cap_elem &&
2037             (!bss->ht_ie || bss->ht_ie_len != elems.ht_cap_elem_len ||
2038              memcmp(bss->ht_ie, elems.ht_cap_elem, elems.ht_cap_elem_len))) {
2039                 kfree(bss->ht_ie);
2040                 bss->ht_ie = kmalloc(elems.ht_cap_elem_len + 2, GFP_ATOMIC);
2041                 if (bss->ht_ie) {
2042                         memcpy(bss->ht_ie, elems.ht_cap_elem - 2,
2043                                elems.ht_cap_elem_len + 2);
2044                         bss->ht_ie_len = elems.ht_cap_elem_len + 2;
2045                 } else
2046                         bss->ht_ie_len = 0;
2047         } else if (!elems.ht_cap_elem && bss->ht_ie) {
2048                 kfree(bss->ht_ie);
2049                 bss->ht_ie = NULL;
2050                 bss->ht_ie_len = 0;
2051         }
2052
2053         bss->hw_mode = rx_status->phymode;
2054         bss->freq = rx_status->freq;
2055         if (channel != rx_status->channel &&
2056             (bss->hw_mode == MODE_IEEE80211G ||
2057              bss->hw_mode == MODE_IEEE80211B) &&
2058             channel >= 1 && channel <= 14) {
2059                 static const int freq_list[] = {
2060                         2412, 2417, 2422, 2427, 2432, 2437, 2442,
2061                         2447, 2452, 2457, 2462, 2467, 2472, 2484
2062                 };
2063                 /* IEEE 802.11g/b mode can receive packets from neighboring
2064                  * channels, so map the channel into frequency. */
2065                 bss->freq = freq_list[channel - 1];
2066         }
2067         bss->timestamp = timestamp;
2068         bss->last_update = jiffies;
2069         bss->rssi = rx_status->ssi;
2070         bss->signal = rx_status->signal;
2071         bss->noise = rx_status->noise;
2072         if (!beacon)
2073                 bss->probe_resp++;
2074         ieee80211_rx_bss_put(dev, bss);
2075 }
2076
2077
2078 static void ieee80211_rx_mgmt_probe_resp(struct net_device *dev,
2079                                          struct ieee80211_mgmt *mgmt,
2080                                          size_t len,
2081                                          struct ieee80211_rx_status *rx_status)
2082 {
2083         ieee80211_rx_bss_info(dev, mgmt, len, rx_status, 0);
2084 }
2085
2086
2087 static void ieee80211_rx_mgmt_beacon(struct net_device *dev,
2088                                      struct ieee80211_mgmt *mgmt,
2089                                      size_t len,
2090                                      struct ieee80211_rx_status *rx_status)
2091 {
2092         struct ieee80211_sub_if_data *sdata;
2093         struct ieee80211_if_sta *ifsta;
2094         size_t baselen;
2095         struct ieee802_11_elems elems;
2096         struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2097         struct ieee80211_conf *conf = &local->hw.conf;
2098         u32 changed = 0;
2099
2100         ieee80211_rx_bss_info(dev, mgmt, len, rx_status, 1);
2101
2102         sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2103         if (sdata->vif.type != IEEE80211_IF_TYPE_STA)
2104                 return;
2105         ifsta = &sdata->u.sta;
2106
2107         if (!(ifsta->flags & IEEE80211_STA_ASSOCIATED) ||
2108             memcmp(ifsta->bssid, mgmt->bssid, ETH_ALEN) != 0)
2109                 return;
2110
2111         /* Process beacon from the current BSS */
2112         baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt;
2113         if (baselen > len)
2114                 return;
2115
2116         ieee802_11_parse_elems(mgmt->u.beacon.variable, len - baselen, &elems);
2117
2118         if (elems.erp_info && elems.erp_info_len >= 1)
2119                 changed |= ieee80211_handle_erp_ie(sdata, elems.erp_info[0]);
2120
2121         if (elems.ht_cap_elem && elems.ht_info_elem &&
2122             elems.wmm_param && local->ops->conf_ht &&
2123             conf->flags & IEEE80211_CONF_SUPPORT_HT_MODE) {
2124                 struct ieee80211_ht_bss_info bss_info;
2125
2126                 ieee80211_ht_addt_info_ie_to_ht_bss_info(
2127                                 (struct ieee80211_ht_addt_info *)
2128                                 elems.ht_info_elem, &bss_info);
2129                 /* check if AP changed bss inforamation */
2130                 if ((conf->ht_bss_conf.primary_channel !=
2131                      bss_info.primary_channel) ||
2132                     (conf->ht_bss_conf.bss_cap != bss_info.bss_cap) ||
2133                     (conf->ht_bss_conf.bss_op_mode != bss_info.bss_op_mode))
2134                         ieee80211_hw_config_ht(local, 1, &conf->ht_conf,
2135                                                 &bss_info);
2136         }
2137
2138         if (elems.wmm_param && (ifsta->flags & IEEE80211_STA_WMM_ENABLED)) {
2139                 ieee80211_sta_wmm_params(dev, ifsta, elems.wmm_param,
2140                                          elems.wmm_param_len);
2141         }
2142
2143         ieee80211_bss_info_change_notify(sdata, changed);
2144 }
2145
2146
2147 static void ieee80211_rx_mgmt_probe_req(struct net_device *dev,
2148                                         struct ieee80211_if_sta *ifsta,
2149                                         struct ieee80211_mgmt *mgmt,
2150                                         size_t len,
2151                                         struct ieee80211_rx_status *rx_status)
2152 {
2153         struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2154         struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2155         int tx_last_beacon;
2156         struct sk_buff *skb;
2157         struct ieee80211_mgmt *resp;
2158         u8 *pos, *end;
2159         DECLARE_MAC_BUF(mac);
2160 #ifdef CONFIG_MAC80211_IBSS_DEBUG
2161         DECLARE_MAC_BUF(mac2);
2162         DECLARE_MAC_BUF(mac3);
2163 #endif
2164
2165         if (sdata->vif.type != IEEE80211_IF_TYPE_IBSS ||
2166             ifsta->state != IEEE80211_IBSS_JOINED ||
2167             len < 24 + 2 || !ifsta->probe_resp)
2168                 return;
2169
2170         if (local->ops->tx_last_beacon)
2171                 tx_last_beacon = local->ops->tx_last_beacon(local_to_hw(local));
2172         else
2173                 tx_last_beacon = 1;
2174
2175 #ifdef CONFIG_MAC80211_IBSS_DEBUG
2176         printk(KERN_DEBUG "%s: RX ProbeReq SA=%s DA=%s BSSID="
2177                "%s (tx_last_beacon=%d)\n",
2178                dev->name, print_mac(mac, mgmt->sa), print_mac(mac2, mgmt->da),
2179                print_mac(mac3, mgmt->bssid), tx_last_beacon);
2180 #endif /* CONFIG_MAC80211_IBSS_DEBUG */
2181
2182         if (!tx_last_beacon)
2183                 return;
2184
2185         if (memcmp(mgmt->bssid, ifsta->bssid, ETH_ALEN) != 0 &&
2186             memcmp(mgmt->bssid, "\xff\xff\xff\xff\xff\xff", ETH_ALEN) != 0)
2187                 return;
2188
2189         end = ((u8 *) mgmt) + len;
2190         pos = mgmt->u.probe_req.variable;
2191         if (pos[0] != WLAN_EID_SSID ||
2192             pos + 2 + pos[1] > end) {
2193                 if (net_ratelimit()) {
2194                         printk(KERN_DEBUG "%s: Invalid SSID IE in ProbeReq "
2195                                "from %s\n",
2196                                dev->name, print_mac(mac, mgmt->sa));
2197                 }
2198                 return;
2199         }
2200         if (pos[1] != 0 &&
2201             (pos[1] != ifsta->ssid_len ||
2202              memcmp(pos + 2, ifsta->ssid, ifsta->ssid_len) != 0)) {
2203                 /* Ignore ProbeReq for foreign SSID */
2204                 return;
2205         }
2206
2207         /* Reply with ProbeResp */
2208         skb = skb_copy(ifsta->probe_resp, GFP_KERNEL);
2209         if (!skb)
2210                 return;
2211
2212         resp = (struct ieee80211_mgmt *) skb->data;
2213         memcpy(resp->da, mgmt->sa, ETH_ALEN);
2214 #ifdef CONFIG_MAC80211_IBSS_DEBUG
2215         printk(KERN_DEBUG "%s: Sending ProbeResp to %s\n",
2216                dev->name, print_mac(mac, resp->da));
2217 #endif /* CONFIG_MAC80211_IBSS_DEBUG */
2218         ieee80211_sta_tx(dev, skb, 0);
2219 }
2220
2221 static void ieee80211_rx_mgmt_action(struct net_device *dev,
2222                                      struct ieee80211_if_sta *ifsta,
2223                                      struct ieee80211_mgmt *mgmt,
2224                                      size_t len)
2225 {
2226         if (len < IEEE80211_MIN_ACTION_SIZE)
2227                 return;
2228
2229         switch (mgmt->u.action.category) {
2230         case WLAN_CATEGORY_BACK:
2231                 switch (mgmt->u.action.u.addba_req.action_code) {
2232                 case WLAN_ACTION_ADDBA_REQ:
2233                         if (len < (IEEE80211_MIN_ACTION_SIZE +
2234                                    sizeof(mgmt->u.action.u.addba_req)))
2235                                 break;
2236                         ieee80211_sta_process_addba_request(dev, mgmt, len);
2237                         break;
2238                 case WLAN_ACTION_DELBA:
2239                         if (len < (IEEE80211_MIN_ACTION_SIZE +
2240                                    sizeof(mgmt->u.action.u.delba)))
2241                                 break;
2242                         ieee80211_sta_process_delba(dev, mgmt, len);
2243                         break;
2244                 default:
2245                         if (net_ratelimit())
2246                            printk(KERN_DEBUG "%s: Rx unknown A-MPDU action\n",
2247                                         dev->name);
2248                         break;
2249                 }
2250                 break;
2251         default:
2252                 break;
2253         }
2254 }
2255
2256 void ieee80211_sta_rx_mgmt(struct net_device *dev, struct sk_buff *skb,
2257                            struct ieee80211_rx_status *rx_status)
2258 {
2259         struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2260         struct ieee80211_sub_if_data *sdata;
2261         struct ieee80211_if_sta *ifsta;
2262         struct ieee80211_mgmt *mgmt;
2263         u16 fc;
2264
2265         if (skb->len < 24)
2266                 goto fail;
2267
2268         sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2269         ifsta = &sdata->u.sta;
2270
2271         mgmt = (struct ieee80211_mgmt *) skb->data;
2272         fc = le16_to_cpu(mgmt->frame_control);
2273
2274         switch (fc & IEEE80211_FCTL_STYPE) {
2275         case IEEE80211_STYPE_PROBE_REQ:
2276         case IEEE80211_STYPE_PROBE_RESP:
2277         case IEEE80211_STYPE_BEACON:
2278                 memcpy(skb->cb, rx_status, sizeof(*rx_status));
2279         case IEEE80211_STYPE_AUTH:
2280         case IEEE80211_STYPE_ASSOC_RESP:
2281         case IEEE80211_STYPE_REASSOC_RESP:
2282         case IEEE80211_STYPE_DEAUTH:
2283         case IEEE80211_STYPE_DISASSOC:
2284         case IEEE80211_STYPE_ACTION:
2285                 skb_queue_tail(&ifsta->skb_queue, skb);
2286                 queue_work(local->hw.workqueue, &ifsta->work);
2287                 return;
2288         default:
2289                 printk(KERN_DEBUG "%s: received unknown management frame - "
2290                        "stype=%d\n", dev->name,
2291                        (fc & IEEE80211_FCTL_STYPE) >> 4);
2292                 break;
2293         }
2294
2295  fail:
2296         kfree_skb(skb);
2297 }
2298
2299
2300 static void ieee80211_sta_rx_queued_mgmt(struct net_device *dev,
2301                                          struct sk_buff *skb)
2302 {
2303         struct ieee80211_rx_status *rx_status;
2304         struct ieee80211_sub_if_data *sdata;
2305         struct ieee80211_if_sta *ifsta;
2306         struct ieee80211_mgmt *mgmt;
2307         u16 fc;
2308
2309         sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2310         ifsta = &sdata->u.sta;
2311
2312         rx_status = (struct ieee80211_rx_status *) skb->cb;
2313         mgmt = (struct ieee80211_mgmt *) skb->data;
2314         fc = le16_to_cpu(mgmt->frame_control);
2315
2316         switch (fc & IEEE80211_FCTL_STYPE) {
2317         case IEEE80211_STYPE_PROBE_REQ:
2318                 ieee80211_rx_mgmt_probe_req(dev, ifsta, mgmt, skb->len,
2319                                             rx_status);
2320                 break;
2321         case IEEE80211_STYPE_PROBE_RESP:
2322                 ieee80211_rx_mgmt_probe_resp(dev, mgmt, skb->len, rx_status);
2323                 break;
2324         case IEEE80211_STYPE_BEACON:
2325                 ieee80211_rx_mgmt_beacon(dev, mgmt, skb->len, rx_status);
2326                 break;
2327         case IEEE80211_STYPE_AUTH:
2328                 ieee80211_rx_mgmt_auth(dev, ifsta, mgmt, skb->len);
2329                 break;
2330         case IEEE80211_STYPE_ASSOC_RESP:
2331                 ieee80211_rx_mgmt_assoc_resp(sdata, ifsta, mgmt, skb->len, 0);
2332                 break;
2333         case IEEE80211_STYPE_REASSOC_RESP:
2334                 ieee80211_rx_mgmt_assoc_resp(sdata, ifsta, mgmt, skb->len, 1);
2335                 break;
2336         case IEEE80211_STYPE_DEAUTH:
2337                 ieee80211_rx_mgmt_deauth(dev, ifsta, mgmt, skb->len);
2338                 break;
2339         case IEEE80211_STYPE_DISASSOC:
2340                 ieee80211_rx_mgmt_disassoc(dev, ifsta, mgmt, skb->len);
2341                 break;
2342         case IEEE80211_STYPE_ACTION:
2343                 ieee80211_rx_mgmt_action(dev, ifsta, mgmt, skb->len);
2344                 break;
2345         }
2346
2347         kfree_skb(skb);
2348 }
2349
2350
2351 ieee80211_txrx_result
2352 ieee80211_sta_rx_scan(struct net_device *dev, struct sk_buff *skb,
2353                       struct ieee80211_rx_status *rx_status)
2354 {
2355         struct ieee80211_mgmt *mgmt;
2356         u16 fc;
2357
2358         if (skb->len < 2)
2359                 return TXRX_DROP;
2360
2361         mgmt = (struct ieee80211_mgmt *) skb->data;
2362         fc = le16_to_cpu(mgmt->frame_control);
2363
2364         if ((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_CTL)
2365                 return TXRX_CONTINUE;
2366
2367         if (skb->len < 24)
2368                 return TXRX_DROP;
2369
2370         if ((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_MGMT) {
2371                 if ((fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_PROBE_RESP) {
2372                         ieee80211_rx_mgmt_probe_resp(dev, mgmt,
2373                                                      skb->len, rx_status);
2374                         dev_kfree_skb(skb);
2375                         return TXRX_QUEUED;
2376                 } else if ((fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_BEACON) {
2377                         ieee80211_rx_mgmt_beacon(dev, mgmt, skb->len,
2378                                                  rx_status);
2379                         dev_kfree_skb(skb);
2380                         return TXRX_QUEUED;
2381                 }
2382         }
2383         return TXRX_CONTINUE;
2384 }
2385
2386
2387 static int ieee80211_sta_active_ibss(struct net_device *dev)
2388 {
2389         struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2390         int active = 0;
2391         struct sta_info *sta;
2392
2393         read_lock_bh(&local->sta_lock);
2394         list_for_each_entry(sta, &local->sta_list, list) {
2395                 if (sta->dev == dev &&
2396                     time_after(sta->last_rx + IEEE80211_IBSS_MERGE_INTERVAL,
2397                                jiffies)) {
2398                         active++;
2399                         break;
2400                 }
2401         }
2402         read_unlock_bh(&local->sta_lock);
2403
2404         return active;
2405 }
2406
2407
2408 static void ieee80211_sta_expire(struct net_device *dev)
2409 {
2410         struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2411         struct sta_info *sta, *tmp;
2412         LIST_HEAD(tmp_list);
2413         DECLARE_MAC_BUF(mac);
2414
2415         write_lock_bh(&local->sta_lock);
2416         list_for_each_entry_safe(sta, tmp, &local->sta_list, list)
2417                 if (time_after(jiffies, sta->last_rx +
2418                                IEEE80211_IBSS_INACTIVITY_LIMIT)) {
2419                         printk(KERN_DEBUG "%s: expiring inactive STA %s\n",
2420                                dev->name, print_mac(mac, sta->addr));
2421                         __sta_info_get(sta);
2422                         sta_info_remove(sta);
2423                         list_add(&sta->list, &tmp_list);
2424                 }
2425         write_unlock_bh(&local->sta_lock);
2426
2427         list_for_each_entry_safe(sta, tmp, &tmp_list, list) {
2428                 sta_info_free(sta);
2429                 sta_info_put(sta);
2430         }
2431 }
2432
2433
2434 static void ieee80211_sta_merge_ibss(struct net_device *dev,
2435                                      struct ieee80211_if_sta *ifsta)
2436 {
2437         mod_timer(&ifsta->timer, jiffies + IEEE80211_IBSS_MERGE_INTERVAL);
2438
2439         ieee80211_sta_expire(dev);
2440         if (ieee80211_sta_active_ibss(dev))
2441                 return;
2442
2443         printk(KERN_DEBUG "%s: No active IBSS STAs - trying to scan for other "
2444                "IBSS networks with same SSID (merge)\n", dev->name);
2445         ieee80211_sta_req_scan(dev, ifsta->ssid, ifsta->ssid_len);
2446 }
2447
2448
2449 void ieee80211_sta_timer(unsigned long data)
2450 {
2451         struct ieee80211_sub_if_data *sdata =
2452                 (struct ieee80211_sub_if_data *) data;
2453         struct ieee80211_if_sta *ifsta = &sdata->u.sta;
2454         struct ieee80211_local *local = wdev_priv(&sdata->wdev);
2455
2456         set_bit(IEEE80211_STA_REQ_RUN, &ifsta->request);
2457         queue_work(local->hw.workqueue, &ifsta->work);
2458 }
2459
2460
2461 void ieee80211_sta_work(struct work_struct *work)
2462 {
2463         struct ieee80211_sub_if_data *sdata =
2464                 container_of(work, struct ieee80211_sub_if_data, u.sta.work);
2465         struct net_device *dev = sdata->dev;
2466         struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2467         struct ieee80211_if_sta *ifsta;
2468         struct sk_buff *skb;
2469
2470         if (!netif_running(dev))
2471                 return;
2472
2473         if (local->sta_sw_scanning || local->sta_hw_scanning)
2474                 return;
2475
2476         if (sdata->vif.type != IEEE80211_IF_TYPE_STA &&
2477             sdata->vif.type != IEEE80211_IF_TYPE_IBSS) {
2478                 printk(KERN_DEBUG "%s: ieee80211_sta_work: non-STA interface "
2479                        "(type=%d)\n", dev->name, sdata->vif.type);
2480                 return;
2481         }
2482         ifsta = &sdata->u.sta;
2483
2484         while ((skb = skb_dequeue(&ifsta->skb_queue)))
2485                 ieee80211_sta_rx_queued_mgmt(dev, skb);
2486
2487         if (ifsta->state != IEEE80211_AUTHENTICATE &&
2488             ifsta->state != IEEE80211_ASSOCIATE &&
2489             test_and_clear_bit(IEEE80211_STA_REQ_SCAN, &ifsta->request)) {
2490                 if (ifsta->scan_ssid_len)
2491                         ieee80211_sta_start_scan(dev, ifsta->scan_ssid, ifsta->scan_ssid_len);
2492                 else
2493                         ieee80211_sta_start_scan(dev, NULL, 0);
2494                 return;
2495         }
2496
2497         if (test_and_clear_bit(IEEE80211_STA_REQ_AUTH, &ifsta->request)) {
2498                 if (ieee80211_sta_config_auth(dev, ifsta))
2499                         return;
2500                 clear_bit(IEEE80211_STA_REQ_RUN, &ifsta->request);
2501         } else if (!test_and_clear_bit(IEEE80211_STA_REQ_RUN, &ifsta->request))
2502                 return;
2503
2504         switch (ifsta->state) {
2505         case IEEE80211_DISABLED:
2506                 break;
2507         case IEEE80211_AUTHENTICATE:
2508                 ieee80211_authenticate(dev, ifsta);
2509                 break;
2510         case IEEE80211_ASSOCIATE:
2511                 ieee80211_associate(dev, ifsta);
2512                 break;
2513         case IEEE80211_ASSOCIATED:
2514                 ieee80211_associated(dev, ifsta);
2515                 break;
2516         case IEEE80211_IBSS_SEARCH:
2517                 ieee80211_sta_find_ibss(dev, ifsta);
2518                 break;
2519         case IEEE80211_IBSS_JOINED:
2520                 ieee80211_sta_merge_ibss(dev, ifsta);
2521                 break;
2522         default:
2523                 printk(KERN_DEBUG "ieee80211_sta_work: Unknown state %d\n",
2524                        ifsta->state);
2525                 break;
2526         }
2527
2528         if (ieee80211_privacy_mismatch(dev, ifsta)) {
2529                 printk(KERN_DEBUG "%s: privacy configuration mismatch and "
2530                        "mixed-cell disabled - disassociate\n", dev->name);
2531
2532                 ieee80211_send_disassoc(dev, ifsta, WLAN_REASON_UNSPECIFIED);
2533                 ieee80211_set_disassoc(dev, ifsta, 0);
2534         }
2535 }
2536
2537
2538 static void ieee80211_sta_reset_auth(struct net_device *dev,
2539                                      struct ieee80211_if_sta *ifsta)
2540 {
2541         struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2542
2543         if (local->ops->reset_tsf) {
2544                 /* Reset own TSF to allow time synchronization work. */
2545                 local->ops->reset_tsf(local_to_hw(local));
2546         }
2547
2548         ifsta->wmm_last_param_set = -1; /* allow any WMM update */
2549
2550
2551         if (ifsta->auth_algs & IEEE80211_AUTH_ALG_OPEN)
2552                 ifsta->auth_alg = WLAN_AUTH_OPEN;
2553         else if (ifsta->auth_algs & IEEE80211_AUTH_ALG_SHARED_KEY)
2554                 ifsta->auth_alg = WLAN_AUTH_SHARED_KEY;
2555         else if (ifsta->auth_algs & IEEE80211_AUTH_ALG_LEAP)
2556                 ifsta->auth_alg = WLAN_AUTH_LEAP;
2557         else
2558                 ifsta->auth_alg = WLAN_AUTH_OPEN;
2559         printk(KERN_DEBUG "%s: Initial auth_alg=%d\n", dev->name,
2560                ifsta->auth_alg);
2561         ifsta->auth_transaction = -1;
2562         ifsta->flags &= ~IEEE80211_STA_ASSOCIATED;
2563         ifsta->auth_tries = ifsta->assoc_tries = 0;
2564         netif_carrier_off(dev);
2565 }
2566
2567
2568 void ieee80211_sta_req_auth(struct net_device *dev,
2569                             struct ieee80211_if_sta *ifsta)
2570 {
2571         struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2572         struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2573
2574         if (sdata->vif.type != IEEE80211_IF_TYPE_STA)
2575                 return;
2576
2577         if ((ifsta->flags & (IEEE80211_STA_BSSID_SET |
2578                                 IEEE80211_STA_AUTO_BSSID_SEL)) &&
2579             (ifsta->flags & (IEEE80211_STA_SSID_SET |
2580                                 IEEE80211_STA_AUTO_SSID_SEL))) {
2581                 set_bit(IEEE80211_STA_REQ_AUTH, &ifsta->request);
2582                 queue_work(local->hw.workqueue, &ifsta->work);
2583         }
2584 }
2585
2586 static int ieee80211_sta_match_ssid(struct ieee80211_if_sta *ifsta,
2587                                     const char *ssid, int ssid_len)
2588 {
2589         int tmp, hidden_ssid;
2590
2591         if (ssid_len == ifsta->ssid_len &&
2592             !memcmp(ifsta->ssid, ssid, ssid_len))
2593                 return 1;
2594
2595         if (ifsta->flags & IEEE80211_STA_AUTO_BSSID_SEL)
2596                 return 0;
2597
2598         hidden_ssid = 1;
2599         tmp = ssid_len;
2600         while (tmp--) {
2601                 if (ssid[tmp] != '\0') {
2602                         hidden_ssid = 0;
2603                         break;
2604                 }
2605         }
2606
2607         if (hidden_ssid && ifsta->ssid_len == ssid_len)
2608                 return 1;
2609
2610         if (ssid_len == 1 && ssid[0] == ' ')
2611                 return 1;
2612
2613         return 0;
2614 }
2615
2616 static int ieee80211_sta_config_auth(struct net_device *dev,
2617                                      struct ieee80211_if_sta *ifsta)
2618 {
2619         struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2620         struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2621         struct ieee80211_sta_bss *bss, *selected = NULL;
2622         int top_rssi = 0, freq;
2623
2624         if (!(ifsta->flags & (IEEE80211_STA_AUTO_SSID_SEL |
2625             IEEE80211_STA_AUTO_BSSID_SEL | IEEE80211_STA_AUTO_CHANNEL_SEL))) {
2626                 ifsta->state = IEEE80211_AUTHENTICATE;
2627                 ieee80211_sta_reset_auth(dev, ifsta);
2628                 return 0;
2629         }
2630
2631         spin_lock_bh(&local->sta_bss_lock);
2632         freq = local->oper_channel->freq;
2633         list_for_each_entry(bss, &local->sta_bss_list, list) {
2634                 if (!(bss->capability & WLAN_CAPABILITY_ESS))
2635                         continue;
2636
2637                 if (!!(bss->capability & WLAN_CAPABILITY_PRIVACY) ^
2638                     !!sdata->default_key)
2639                         continue;
2640
2641                 if (!(ifsta->flags & IEEE80211_STA_AUTO_CHANNEL_SEL) &&
2642                     bss->freq != freq)
2643                         continue;
2644
2645                 if (!(ifsta->flags & IEEE80211_STA_AUTO_BSSID_SEL) &&
2646                     memcmp(bss->bssid, ifsta->bssid, ETH_ALEN))
2647                         continue;
2648
2649                 if (!(ifsta->flags & IEEE80211_STA_AUTO_SSID_SEL) &&
2650                     !ieee80211_sta_match_ssid(ifsta, bss->ssid, bss->ssid_len))
2651                         continue;
2652
2653                 if (!selected || top_rssi < bss->rssi) {
2654                         selected = bss;
2655                         top_rssi = bss->rssi;
2656                 }
2657         }
2658         if (selected)
2659                 atomic_inc(&selected->users);
2660         spin_unlock_bh(&local->sta_bss_lock);
2661
2662         if (selected) {
2663                 ieee80211_set_channel(local, -1, selected->freq);
2664                 if (!(ifsta->flags & IEEE80211_STA_SSID_SET))
2665                         ieee80211_sta_set_ssid(dev, selected->ssid,
2666                                                selected->ssid_len);
2667                 ieee80211_sta_set_bssid(dev, selected->bssid);
2668                 ieee80211_rx_bss_put(dev, selected);
2669                 ifsta->state = IEEE80211_AUTHENTICATE;
2670                 ieee80211_sta_reset_auth(dev, ifsta);
2671                 return 0;
2672         } else {
2673                 if (ifsta->state != IEEE80211_AUTHENTICATE) {
2674                         if (ifsta->flags & IEEE80211_STA_AUTO_SSID_SEL)
2675                                 ieee80211_sta_start_scan(dev, NULL, 0);
2676                         else
2677                                 ieee80211_sta_start_scan(dev, ifsta->ssid,
2678                                                          ifsta->ssid_len);
2679                         ifsta->state = IEEE80211_AUTHENTICATE;
2680                         set_bit(IEEE80211_STA_REQ_AUTH, &ifsta->request);
2681                 } else
2682                         ifsta->state = IEEE80211_DISABLED;
2683         }
2684         return -1;
2685 }
2686
2687 static int ieee80211_sta_join_ibss(struct net_device *dev,
2688                                    struct ieee80211_if_sta *ifsta,
2689                                    struct ieee80211_sta_bss *bss)
2690 {
2691         struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2692         int res, rates, i, j;
2693         struct sk_buff *skb;
2694         struct ieee80211_mgmt *mgmt;
2695         struct ieee80211_tx_control control;
2696         struct ieee80211_hw_mode *mode;
2697         struct rate_selection ratesel;
2698         u8 *pos;
2699         struct ieee80211_sub_if_data *sdata;
2700
2701         /* Remove possible STA entries from other IBSS networks. */
2702         sta_info_flush(local, NULL);
2703
2704         if (local->ops->reset_tsf) {
2705                 /* Reset own TSF to allow time synchronization work. */
2706                 local->ops->reset_tsf(local_to_hw(local));
2707         }
2708         memcpy(ifsta->bssid, bss->bssid, ETH_ALEN);
2709         res = ieee80211_if_config(dev);
2710         if (res)
2711                 return res;
2712
2713         local->hw.conf.beacon_int = bss->beacon_int >= 10 ? bss->beacon_int : 10;
2714
2715         sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2716         sdata->drop_unencrypted = bss->capability &
2717                 WLAN_CAPABILITY_PRIVACY ? 1 : 0;
2718
2719         res = ieee80211_set_channel(local, -1, bss->freq);
2720
2721         if (!(local->oper_channel->flag & IEEE80211_CHAN_W_IBSS)) {
2722                 printk(KERN_DEBUG "%s: IBSS not allowed on channel %d "
2723                        "(%d MHz)\n", dev->name, local->hw.conf.channel,
2724                        local->hw.conf.freq);
2725                 return -1;
2726         }
2727
2728         /* Set beacon template based on scan results */
2729         skb = dev_alloc_skb(local->hw.extra_tx_headroom + 400);
2730         do {
2731                 if (!skb)
2732                         break;
2733
2734                 skb_reserve(skb, local->hw.extra_tx_headroom);
2735
2736                 mgmt = (struct ieee80211_mgmt *)
2737                         skb_put(skb, 24 + sizeof(mgmt->u.beacon));
2738                 memset(mgmt, 0, 24 + sizeof(mgmt->u.beacon));
2739                 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
2740                                                    IEEE80211_STYPE_BEACON);
2741                 memset(mgmt->da, 0xff, ETH_ALEN);
2742                 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
2743                 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
2744                 mgmt->u.beacon.beacon_int =
2745                         cpu_to_le16(local->hw.conf.beacon_int);
2746                 mgmt->u.beacon.capab_info = cpu_to_le16(bss->capability);
2747
2748                 pos = skb_put(skb, 2 + ifsta->ssid_len);
2749                 *pos++ = WLAN_EID_SSID;
2750                 *pos++ = ifsta->ssid_len;
2751                 memcpy(pos, ifsta->ssid, ifsta->ssid_len);
2752
2753                 rates = bss->supp_rates_len;
2754                 if (rates > 8)
2755                         rates = 8;
2756                 pos = skb_put(skb, 2 + rates);
2757                 *pos++ = WLAN_EID_SUPP_RATES;
2758                 *pos++ = rates;
2759                 memcpy(pos, bss->supp_rates, rates);
2760
2761                 pos = skb_put(skb, 2 + 1);
2762                 *pos++ = WLAN_EID_DS_PARAMS;
2763                 *pos++ = 1;
2764                 *pos++ = bss->channel;
2765
2766                 pos = skb_put(skb, 2 + 2);
2767                 *pos++ = WLAN_EID_IBSS_PARAMS;
2768                 *pos++ = 2;
2769                 /* FIX: set ATIM window based on scan results */
2770                 *pos++ = 0;
2771                 *pos++ = 0;
2772
2773                 if (bss->supp_rates_len > 8) {
2774                         rates = bss->supp_rates_len - 8;
2775                         pos = skb_put(skb, 2 + rates);
2776                         *pos++ = WLAN_EID_EXT_SUPP_RATES;
2777                         *pos++ = rates;
2778                         memcpy(pos, &bss->supp_rates[8], rates);
2779                 }
2780
2781                 memset(&control, 0, sizeof(control));
2782                 rate_control_get_rate(dev, local->oper_hw_mode, skb, &ratesel);
2783                 if (!ratesel.rate) {
2784                         printk(KERN_DEBUG "%s: Failed to determine TX rate "
2785                                "for IBSS beacon\n", dev->name);
2786                         break;
2787                 }
2788                 control.vif = &sdata->vif;
2789                 control.tx_rate =
2790                         (sdata->bss_conf.use_short_preamble &&
2791                         (ratesel.rate->flags & IEEE80211_RATE_PREAMBLE2)) ?
2792                         ratesel.rate->val2 : ratesel.rate->val;
2793                 control.antenna_sel_tx = local->hw.conf.antenna_sel_tx;
2794                 control.power_level = local->hw.conf.power_level;
2795                 control.flags |= IEEE80211_TXCTL_NO_ACK;
2796                 control.retry_limit = 1;
2797
2798                 ifsta->probe_resp = skb_copy(skb, GFP_ATOMIC);
2799                 if (ifsta->probe_resp) {
2800                         mgmt = (struct ieee80211_mgmt *)
2801                                 ifsta->probe_resp->data;
2802                         mgmt->frame_control =
2803                                 IEEE80211_FC(IEEE80211_FTYPE_MGMT,
2804                                              IEEE80211_STYPE_PROBE_RESP);
2805                 } else {
2806                         printk(KERN_DEBUG "%s: Could not allocate ProbeResp "
2807                                "template for IBSS\n", dev->name);
2808                 }
2809
2810                 if (local->ops->beacon_update &&
2811                     local->ops->beacon_update(local_to_hw(local),
2812                                              skb, &control) == 0) {
2813                         printk(KERN_DEBUG "%s: Configured IBSS beacon "
2814                                "template based on scan results\n", dev->name);
2815                         skb = NULL;
2816                 }
2817
2818                 rates = 0;
2819                 mode = local->oper_hw_mode;
2820                 for (i = 0; i < bss->supp_rates_len; i++) {
2821                         int bitrate = (bss->supp_rates[i] & 0x7f) * 5;
2822                         for (j = 0; j < mode->num_rates; j++)
2823                                 if (mode->rates[j].rate == bitrate)
2824                                         rates |= BIT(j);
2825                 }
2826                 ifsta->supp_rates_bits = rates;
2827         } while (0);
2828
2829         if (skb) {
2830                 printk(KERN_DEBUG "%s: Failed to configure IBSS beacon "
2831                        "template\n", dev->name);
2832                 dev_kfree_skb(skb);
2833         }
2834
2835         ifsta->state = IEEE80211_IBSS_JOINED;
2836         mod_timer(&ifsta->timer, jiffies + IEEE80211_IBSS_MERGE_INTERVAL);
2837
2838         ieee80211_rx_bss_put(dev, bss);
2839
2840         return res;
2841 }
2842
2843
2844 static int ieee80211_sta_create_ibss(struct net_device *dev,
2845                                      struct ieee80211_if_sta *ifsta)
2846 {
2847         struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2848         struct ieee80211_sta_bss *bss;
2849         struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2850         struct ieee80211_hw_mode *mode;
2851         u8 bssid[ETH_ALEN], *pos;
2852         int i;
2853         DECLARE_MAC_BUF(mac);
2854
2855 #if 0
2856         /* Easier testing, use fixed BSSID. */
2857         memset(bssid, 0xfe, ETH_ALEN);
2858 #else
2859         /* Generate random, not broadcast, locally administered BSSID. Mix in
2860          * own MAC address to make sure that devices that do not have proper
2861          * random number generator get different BSSID. */
2862         get_random_bytes(bssid, ETH_ALEN);
2863         for (i = 0; i < ETH_ALEN; i++)
2864                 bssid[i] ^= dev->dev_addr[i];
2865         bssid[0] &= ~0x01;
2866         bssid[0] |= 0x02;
2867 #endif
2868
2869         printk(KERN_DEBUG "%s: Creating new IBSS network, BSSID %s\n",
2870                dev->name, print_mac(mac, bssid));
2871
2872         bss = ieee80211_rx_bss_add(dev, bssid, local->hw.conf.channel,
2873                                    sdata->u.sta.ssid, sdata->u.sta.ssid_len);
2874         if (!bss)
2875                 return -ENOMEM;
2876
2877         mode = local->oper_hw_mode;
2878
2879         if (local->hw.conf.beacon_int == 0)
2880                 local->hw.conf.beacon_int = 100;
2881         bss->beacon_int = local->hw.conf.beacon_int;
2882         bss->hw_mode = local->hw.conf.phymode;
2883         bss->freq = local->hw.conf.freq;
2884         bss->last_update = jiffies;
2885         bss->capability = WLAN_CAPABILITY_IBSS;
2886         if (sdata->default_key) {
2887                 bss->capability |= WLAN_CAPABILITY_PRIVACY;
2888         } else
2889                 sdata->drop_unencrypted = 0;
2890         bss->supp_rates_len = mode->num_rates;
2891         pos = bss->supp_rates;
2892         for (i = 0; i < mode->num_rates; i++) {
2893                 int rate = mode->rates[i].rate;
2894                 *pos++ = (u8) (rate / 5);
2895         }
2896
2897         return ieee80211_sta_join_ibss(dev, ifsta, bss);
2898 }
2899
2900
2901 static int ieee80211_sta_find_ibss(struct net_device *dev,
2902                                    struct ieee80211_if_sta *ifsta)
2903 {
2904         struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2905         struct ieee80211_sta_bss *bss;
2906         int found = 0;
2907         u8 bssid[ETH_ALEN];
2908         int active_ibss;
2909         DECLARE_MAC_BUF(mac);
2910         DECLARE_MAC_BUF(mac2);
2911
2912         if (ifsta->ssid_len == 0)
2913                 return -EINVAL;
2914
2915         active_ibss = ieee80211_sta_active_ibss(dev);
2916 #ifdef CONFIG_MAC80211_IBSS_DEBUG
2917         printk(KERN_DEBUG "%s: sta_find_ibss (active_ibss=%d)\n",
2918                dev->name, active_ibss);
2919 #endif /* CONFIG_MAC80211_IBSS_DEBUG */
2920         spin_lock_bh(&local->sta_bss_lock);
2921         list_for_each_entry(bss, &local->sta_bss_list, list) {
2922                 if (ifsta->ssid_len != bss->ssid_len ||
2923                     memcmp(ifsta->ssid, bss->ssid, bss->ssid_len) != 0
2924                     || !(bss->capability & WLAN_CAPABILITY_IBSS))
2925                         continue;
2926 #ifdef CONFIG_MAC80211_IBSS_DEBUG
2927                 printk(KERN_DEBUG "   bssid=%s found\n",
2928                        print_mac(mac, bss->bssid));
2929 #endif /* CONFIG_MAC80211_IBSS_DEBUG */
2930                 memcpy(bssid, bss->bssid, ETH_ALEN);
2931                 found = 1;
2932                 if (active_ibss || memcmp(bssid, ifsta->bssid, ETH_ALEN) != 0)
2933                         break;
2934         }
2935         spin_unlock_bh(&local->sta_bss_lock);
2936
2937 #ifdef CONFIG_MAC80211_IBSS_DEBUG
2938         printk(KERN_DEBUG "   sta_find_ibss: selected %s current "
2939                "%s\n", print_mac(mac, bssid), print_mac(mac2, ifsta->bssid));
2940 #endif /* CONFIG_MAC80211_IBSS_DEBUG */
2941         if (found && memcmp(ifsta->bssid, bssid, ETH_ALEN) != 0 &&
2942             (bss = ieee80211_rx_bss_get(dev, bssid, local->hw.conf.channel,
2943                                         ifsta->ssid, ifsta->ssid_len))) {
2944                 printk(KERN_DEBUG "%s: Selected IBSS BSSID %s"
2945                        " based on configured SSID\n",
2946                        dev->name, print_mac(mac, bssid));
2947                 return ieee80211_sta_join_ibss(dev, ifsta, bss);
2948         }
2949 #ifdef CONFIG_MAC80211_IBSS_DEBUG
2950         printk(KERN_DEBUG "   did not try to join ibss\n");
2951 #endif /* CONFIG_MAC80211_IBSS_DEBUG */
2952
2953         /* Selected IBSS not found in current scan results - try to scan */
2954         if (ifsta->state == IEEE80211_IBSS_JOINED &&
2955             !ieee80211_sta_active_ibss(dev)) {
2956                 mod_timer(&ifsta->timer, jiffies +
2957                                       IEEE80211_IBSS_MERGE_INTERVAL);
2958         } else if (time_after(jiffies, local->last_scan_completed +
2959                               IEEE80211_SCAN_INTERVAL)) {
2960                 printk(KERN_DEBUG "%s: Trigger new scan to find an IBSS to "
2961                        "join\n", dev->name);
2962                 return ieee80211_sta_req_scan(dev, ifsta->ssid,
2963                                               ifsta->ssid_len);
2964         } else if (ifsta->state != IEEE80211_IBSS_JOINED) {
2965                 int interval = IEEE80211_SCAN_INTERVAL;
2966
2967                 if (time_after(jiffies, ifsta->ibss_join_req +
2968                                IEEE80211_IBSS_JOIN_TIMEOUT)) {
2969                         if ((ifsta->flags & IEEE80211_STA_CREATE_IBSS) &&
2970                             local->oper_channel->flag & IEEE80211_CHAN_W_IBSS)
2971                                 return ieee80211_sta_create_ibss(dev, ifsta);
2972                         if (ifsta->flags & IEEE80211_STA_CREATE_IBSS) {
2973                                 printk(KERN_DEBUG "%s: IBSS not allowed on the"
2974                                        " configured channel %d (%d MHz)\n",
2975                                        dev->name, local->hw.conf.channel,
2976                                        local->hw.conf.freq);
2977                         }
2978
2979                         /* No IBSS found - decrease scan interval and continue
2980                          * scanning. */
2981                         interval = IEEE80211_SCAN_INTERVAL_SLOW;
2982                 }
2983
2984                 ifsta->state = IEEE80211_IBSS_SEARCH;
2985                 mod_timer(&ifsta->timer, jiffies + interval);
2986                 return 0;
2987         }
2988
2989         return 0;
2990 }
2991
2992
2993 int ieee80211_sta_set_ssid(struct net_device *dev, char *ssid, size_t len)
2994 {
2995         struct ieee80211_sub_if_data *sdata;
2996         struct ieee80211_if_sta *ifsta;
2997         struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2998
2999         if (len > IEEE80211_MAX_SSID_LEN)
3000                 return -EINVAL;
3001
3002         /* TODO: This should always be done for IBSS, even if IEEE80211_QOS is
3003          * not defined. */
3004         if (local->ops->conf_tx) {
3005                 struct ieee80211_tx_queue_params qparam;
3006                 int i;
3007
3008                 memset(&qparam, 0, sizeof(qparam));
3009                 /* TODO: are these ok defaults for all hw_modes? */
3010                 qparam.aifs = 2;
3011                 qparam.cw_min =
3012                         local->hw.conf.phymode == MODE_IEEE80211B ? 31 : 15;
3013                 qparam.cw_max = 1023;
3014                 qparam.burst_time = 0;
3015                 for (i = IEEE80211_TX_QUEUE_DATA0; i < NUM_TX_DATA_QUEUES; i++)
3016                 {
3017                         local->ops->conf_tx(local_to_hw(local),
3018                                            i + IEEE80211_TX_QUEUE_DATA0,
3019                                            &qparam);
3020                 }
3021                 /* IBSS uses different parameters for Beacon sending */
3022                 qparam.cw_min++;
3023                 qparam.cw_min *= 2;
3024                 qparam.cw_min--;
3025                 local->ops->conf_tx(local_to_hw(local),
3026                                    IEEE80211_TX_QUEUE_BEACON, &qparam);
3027         }
3028
3029         sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3030         ifsta = &sdata->u.sta;
3031
3032         if (ifsta->ssid_len != len || memcmp(ifsta->ssid, ssid, len) != 0)
3033                 ifsta->flags &= ~IEEE80211_STA_PREV_BSSID_SET;
3034         memcpy(ifsta->ssid, ssid, len);
3035         memset(ifsta->ssid + len, 0, IEEE80211_MAX_SSID_LEN - len);
3036         ifsta->ssid_len = len;
3037
3038         if (len)
3039                 ifsta->flags |= IEEE80211_STA_SSID_SET;
3040         else
3041                 ifsta->flags &= ~IEEE80211_STA_SSID_SET;
3042         if (sdata->vif.type == IEEE80211_IF_TYPE_IBSS &&
3043             !(ifsta->flags & IEEE80211_STA_BSSID_SET)) {
3044                 ifsta->ibss_join_req = jiffies;
3045                 ifsta->state = IEEE80211_IBSS_SEARCH;
3046                 return ieee80211_sta_find_ibss(dev, ifsta);
3047         }
3048         return 0;
3049 }
3050
3051
3052 int ieee80211_sta_get_ssid(struct net_device *dev, char *ssid, size_t *len)
3053 {
3054         struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3055         struct ieee80211_if_sta *ifsta = &sdata->u.sta;
3056         memcpy(ssid, ifsta->ssid, ifsta->ssid_len);
3057         *len = ifsta->ssid_len;
3058         return 0;
3059 }
3060
3061
3062 int ieee80211_sta_set_bssid(struct net_device *dev, u8 *bssid)
3063 {
3064         struct ieee80211_sub_if_data *sdata;
3065         struct ieee80211_if_sta *ifsta;
3066         int res;
3067
3068         sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3069         ifsta = &sdata->u.sta;
3070
3071         if (memcmp(ifsta->bssid, bssid, ETH_ALEN) != 0) {
3072                 memcpy(ifsta->bssid, bssid, ETH_ALEN);
3073                 res = ieee80211_if_config(dev);
3074                 if (res) {
3075                         printk(KERN_DEBUG "%s: Failed to config new BSSID to "
3076                                "the low-level driver\n", dev->name);
3077                         return res;
3078                 }
3079         }
3080
3081         if (is_valid_ether_addr(bssid))
3082                 ifsta->flags |= IEEE80211_STA_BSSID_SET;
3083         else
3084                 ifsta->flags &= ~IEEE80211_STA_BSSID_SET;
3085
3086         return 0;
3087 }
3088
3089
3090 static void ieee80211_send_nullfunc(struct ieee80211_local *local,
3091                                     struct ieee80211_sub_if_data *sdata,
3092                                     int powersave)
3093 {
3094         struct sk_buff *skb;
3095         struct ieee80211_hdr *nullfunc;
3096         u16 fc;
3097
3098         skb = dev_alloc_skb(local->hw.extra_tx_headroom + 24);
3099         if (!skb) {
3100                 printk(KERN_DEBUG "%s: failed to allocate buffer for nullfunc "
3101                        "frame\n", sdata->dev->name);
3102                 return;
3103         }
3104         skb_reserve(skb, local->hw.extra_tx_headroom);
3105
3106         nullfunc = (struct ieee80211_hdr *) skb_put(skb, 24);
3107         memset(nullfunc, 0, 24);
3108         fc = IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC |
3109              IEEE80211_FCTL_TODS;
3110         if (powersave)
3111                 fc |= IEEE80211_FCTL_PM;
3112         nullfunc->frame_control = cpu_to_le16(fc);
3113         memcpy(nullfunc->addr1, sdata->u.sta.bssid, ETH_ALEN);
3114         memcpy(nullfunc->addr2, sdata->dev->dev_addr, ETH_ALEN);
3115         memcpy(nullfunc->addr3, sdata->u.sta.bssid, ETH_ALEN);
3116
3117         ieee80211_sta_tx(sdata->dev, skb, 0);
3118 }
3119
3120
3121 void ieee80211_scan_completed(struct ieee80211_hw *hw)
3122 {
3123         struct ieee80211_local *local = hw_to_local(hw);
3124         struct net_device *dev = local->scan_dev;
3125         struct ieee80211_sub_if_data *sdata;
3126         union iwreq_data wrqu;
3127
3128         local->last_scan_completed = jiffies;
3129         memset(&wrqu, 0, sizeof(wrqu));
3130         wireless_send_event(dev, SIOCGIWSCAN, &wrqu, NULL);
3131
3132         if (local->sta_hw_scanning) {
3133                 local->sta_hw_scanning = 0;
3134                 goto done;
3135         }
3136
3137         local->sta_sw_scanning = 0;
3138         if (ieee80211_hw_config(local))
3139                 printk(KERN_DEBUG "%s: failed to restore operational "
3140                        "channel after scan\n", dev->name);
3141
3142
3143         netif_tx_lock_bh(local->mdev);
3144         local->filter_flags &= ~FIF_BCN_PRBRESP_PROMISC;
3145         local->ops->configure_filter(local_to_hw(local),
3146                                      FIF_BCN_PRBRESP_PROMISC,
3147                                      &local->filter_flags,
3148                                      local->mdev->mc_count,
3149                                      local->mdev->mc_list);
3150
3151         netif_tx_unlock_bh(local->mdev);
3152
3153         rcu_read_lock();
3154         list_for_each_entry_rcu(sdata, &local->interfaces, list) {
3155
3156                 /* No need to wake the master device. */
3157                 if (sdata->dev == local->mdev)
3158                         continue;
3159
3160                 if (sdata->vif.type == IEEE80211_IF_TYPE_STA) {
3161                         if (sdata->u.sta.flags & IEEE80211_STA_ASSOCIATED)
3162                                 ieee80211_send_nullfunc(local, sdata, 0);
3163                         ieee80211_sta_timer((unsigned long)sdata);
3164                 }
3165
3166                 netif_wake_queue(sdata->dev);
3167         }
3168         rcu_read_unlock();
3169
3170 done:
3171         sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3172         if (sdata->vif.type == IEEE80211_IF_TYPE_IBSS) {
3173                 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
3174                 if (!(ifsta->flags & IEEE80211_STA_BSSID_SET) ||
3175                     (!ifsta->state == IEEE80211_IBSS_JOINED &&
3176                     !ieee80211_sta_active_ibss(dev)))
3177                         ieee80211_sta_find_ibss(dev, ifsta);
3178         }
3179 }
3180 EXPORT_SYMBOL(ieee80211_scan_completed);
3181
3182 void ieee80211_sta_scan_work(struct work_struct *work)
3183 {
3184         struct ieee80211_local *local =
3185                 container_of(work, struct ieee80211_local, scan_work.work);
3186         struct net_device *dev = local->scan_dev;
3187         struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3188         struct ieee80211_hw_mode *mode;
3189         struct ieee80211_channel *chan;
3190         int skip;
3191         unsigned long next_delay = 0;
3192
3193         if (!local->sta_sw_scanning)
3194                 return;
3195
3196         switch (local->scan_state) {
3197         case SCAN_SET_CHANNEL:
3198                 mode = local->scan_hw_mode;
3199                 if (local->scan_hw_mode->list.next == &local->modes_list &&
3200                     local->scan_channel_idx >= mode->num_channels) {
3201                         ieee80211_scan_completed(local_to_hw(local));
3202                         return;
3203                 }
3204                 skip = !(local->enabled_modes & (1 << mode->mode));
3205                 chan = &mode->channels[local->scan_channel_idx];
3206                 if (!(chan->flag & IEEE80211_CHAN_W_SCAN) ||
3207                     (sdata->vif.type == IEEE80211_IF_TYPE_IBSS &&
3208                      !(chan->flag & IEEE80211_CHAN_W_IBSS)) ||
3209                     (local->hw_modes & local->enabled_modes &
3210                      (1 << MODE_IEEE80211G) && mode->mode == MODE_IEEE80211B))
3211                         skip = 1;
3212
3213                 if (!skip) {
3214 #if 0
3215                         printk(KERN_DEBUG "%s: scan channel %d (%d MHz)\n",
3216                                dev->name, chan->chan, chan->freq);
3217 #endif
3218
3219                         local->scan_channel = chan;
3220                         if (ieee80211_hw_config(local)) {
3221                                 printk(KERN_DEBUG "%s: failed to set channel "
3222                                        "%d (%d MHz) for scan\n", dev->name,
3223                                        chan->chan, chan->freq);
3224                                 skip = 1;
3225                         }
3226                 }
3227
3228                 local->scan_channel_idx++;
3229                 if (local->scan_channel_idx >= local->scan_hw_mode->num_channels) {
3230                         if (local->scan_hw_mode->list.next != &local->modes_list) {
3231                                 local->scan_hw_mode = list_entry(local->scan_hw_mode->list.next,
3232                                                                  struct ieee80211_hw_mode,
3233                                                                  list);
3234                                 local->scan_channel_idx = 0;
3235                         }
3236                 }
3237
3238                 if (skip)
3239                         break;
3240
3241                 next_delay = IEEE80211_PROBE_DELAY +
3242                              usecs_to_jiffies(local->hw.channel_change_time);
3243                 local->scan_state = SCAN_SEND_PROBE;
3244                 break;
3245         case SCAN_SEND_PROBE:
3246                 if (local->scan_channel->flag & IEEE80211_CHAN_W_ACTIVE_SCAN) {
3247                         ieee80211_send_probe_req(dev, NULL, local->scan_ssid,
3248                                                  local->scan_ssid_len);
3249                         next_delay = IEEE80211_CHANNEL_TIME;
3250                 } else
3251                         next_delay = IEEE80211_PASSIVE_CHANNEL_TIME;
3252                 local->scan_state = SCAN_SET_CHANNEL;
3253                 break;
3254         }
3255
3256         if (local->sta_sw_scanning)
3257                 queue_delayed_work(local->hw.workqueue, &local->scan_work,
3258                                    next_delay);
3259 }
3260
3261
3262 static int ieee80211_sta_start_scan(struct net_device *dev,
3263                                     u8 *ssid, size_t ssid_len)
3264 {
3265         struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
3266         struct ieee80211_sub_if_data *sdata;
3267
3268         if (ssid_len > IEEE80211_MAX_SSID_LEN)
3269                 return -EINVAL;
3270
3271         /* MLME-SCAN.request (page 118)  page 144 (11.1.3.1)
3272          * BSSType: INFRASTRUCTURE, INDEPENDENT, ANY_BSS
3273          * BSSID: MACAddress
3274          * SSID
3275          * ScanType: ACTIVE, PASSIVE
3276          * ProbeDelay: delay (in microseconds) to be used prior to transmitting
3277          *    a Probe frame during active scanning
3278          * ChannelList
3279          * MinChannelTime (>= ProbeDelay), in TU
3280          * MaxChannelTime: (>= MinChannelTime), in TU
3281          */
3282
3283          /* MLME-SCAN.confirm
3284           * BSSDescriptionSet
3285           * ResultCode: SUCCESS, INVALID_PARAMETERS
3286          */
3287
3288         if (local->sta_sw_scanning || local->sta_hw_scanning) {
3289                 if (local->scan_dev == dev)
3290                         return 0;
3291                 return -EBUSY;
3292         }
3293
3294         if (local->ops->hw_scan) {
3295                 int rc = local->ops->hw_scan(local_to_hw(local),
3296                                              ssid, ssid_len);
3297                 if (!rc) {
3298                         local->sta_hw_scanning = 1;
3299                         local->scan_dev = dev;
3300                 }
3301                 return rc;
3302         }
3303
3304         local->sta_sw_scanning = 1;
3305
3306         rcu_read_lock();
3307         list_for_each_entry_rcu(sdata, &local->interfaces, list) {
3308
3309                 /* Don't stop the master interface, otherwise we can't transmit
3310                  * probes! */
3311                 if (sdata->dev == local->mdev)
3312                         continue;
3313
3314                 netif_stop_queue(sdata->dev);
3315                 if (sdata->vif.type == IEEE80211_IF_TYPE_STA &&
3316                     (sdata->u.sta.flags & IEEE80211_STA_ASSOCIATED))
3317                         ieee80211_send_nullfunc(local, sdata, 1);
3318         }
3319         rcu_read_unlock();
3320
3321         if (ssid) {
3322                 local->scan_ssid_len = ssid_len;
3323                 memcpy(local->scan_ssid, ssid, ssid_len);
3324         } else
3325                 local->scan_ssid_len = 0;
3326         local->scan_state = SCAN_SET_CHANNEL;
3327         local->scan_hw_mode = list_entry(local->modes_list.next,
3328                                          struct ieee80211_hw_mode,
3329                                          list);
3330         local->scan_channel_idx = 0;
3331         local->scan_dev = dev;
3332
3333         netif_tx_lock_bh(local->mdev);
3334         local->filter_flags |= FIF_BCN_PRBRESP_PROMISC;
3335         local->ops->configure_filter(local_to_hw(local),
3336                                      FIF_BCN_PRBRESP_PROMISC,
3337                                      &local->filter_flags,
3338                                      local->mdev->mc_count,
3339                                      local->mdev->mc_list);
3340         netif_tx_unlock_bh(local->mdev);
3341
3342         /* TODO: start scan as soon as all nullfunc frames are ACKed */
3343         queue_delayed_work(local->hw.workqueue, &local->scan_work,
3344                            IEEE80211_CHANNEL_TIME);
3345
3346         return 0;
3347 }
3348
3349
3350 int ieee80211_sta_req_scan(struct net_device *dev, u8 *ssid, size_t ssid_len)
3351 {
3352         struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3353         struct ieee80211_if_sta *ifsta = &sdata->u.sta;
3354         struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
3355
3356         if (sdata->vif.type != IEEE80211_IF_TYPE_STA)
3357                 return ieee80211_sta_start_scan(dev, ssid, ssid_len);
3358
3359         if (local->sta_sw_scanning || local->sta_hw_scanning) {
3360                 if (local->scan_dev == dev)
3361                         return 0;
3362                 return -EBUSY;
3363         }
3364
3365         ifsta->scan_ssid_len = ssid_len;
3366         if (ssid_len)
3367                 memcpy(ifsta->scan_ssid, ssid, ssid_len);
3368         set_bit(IEEE80211_STA_REQ_SCAN, &ifsta->request);
3369         queue_work(local->hw.workqueue, &ifsta->work);
3370         return 0;
3371 }
3372
3373 static char *
3374 ieee80211_sta_scan_result(struct net_device *dev,
3375                           struct ieee80211_sta_bss *bss,
3376                           char *current_ev, char *end_buf)
3377 {
3378         struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
3379         struct iw_event iwe;
3380
3381         if (time_after(jiffies,
3382                        bss->last_update + IEEE80211_SCAN_RESULT_EXPIRE))
3383                 return current_ev;
3384
3385         if (!(local->enabled_modes & (1 << bss->hw_mode)))
3386                 return current_ev;
3387
3388         memset(&iwe, 0, sizeof(iwe));
3389         iwe.cmd = SIOCGIWAP;
3390         iwe.u.ap_addr.sa_family = ARPHRD_ETHER;
3391         memcpy(iwe.u.ap_addr.sa_data, bss->bssid, ETH_ALEN);
3392         current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe,
3393                                           IW_EV_ADDR_LEN);
3394
3395         memset(&iwe, 0, sizeof(iwe));
3396         iwe.cmd = SIOCGIWESSID;
3397         iwe.u.data.length = bss->ssid_len;
3398         iwe.u.data.flags = 1;
3399         current_ev = iwe_stream_add_point(current_ev, end_buf, &iwe,
3400                                           bss->ssid);
3401
3402         if (bss->capability & (WLAN_CAPABILITY_ESS | WLAN_CAPABILITY_IBSS)) {
3403                 memset(&iwe, 0, sizeof(iwe));
3404                 iwe.cmd = SIOCGIWMODE;
3405                 if (bss->capability & WLAN_CAPABILITY_ESS)
3406                         iwe.u.mode = IW_MODE_MASTER;
3407                 else
3408                         iwe.u.mode = IW_MODE_ADHOC;
3409                 current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe,
3410                                                   IW_EV_UINT_LEN);
3411         }
3412
3413         memset(&iwe, 0, sizeof(iwe));
3414         iwe.cmd = SIOCGIWFREQ;
3415         iwe.u.freq.m = bss->channel;
3416         iwe.u.freq.e = 0;
3417         current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe,
3418                                           IW_EV_FREQ_LEN);
3419         iwe.u.freq.m = bss->freq * 100000;
3420         iwe.u.freq.e = 1;
3421         current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe,
3422                                           IW_EV_FREQ_LEN);
3423
3424         memset(&iwe, 0, sizeof(iwe));
3425         iwe.cmd = IWEVQUAL;
3426         iwe.u.qual.qual = bss->signal;
3427         iwe.u.qual.level = bss->rssi;
3428         iwe.u.qual.noise = bss->noise;
3429         iwe.u.qual.updated = local->wstats_flags;
3430         current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe,
3431                                           IW_EV_QUAL_LEN);
3432
3433         memset(&iwe, 0, sizeof(iwe));
3434         iwe.cmd = SIOCGIWENCODE;
3435         if (bss->capability & WLAN_CAPABILITY_PRIVACY)
3436                 iwe.u.data.flags = IW_ENCODE_ENABLED | IW_ENCODE_NOKEY;
3437         else
3438                 iwe.u.data.flags = IW_ENCODE_DISABLED;
3439         iwe.u.data.length = 0;
3440         current_ev = iwe_stream_add_point(current_ev, end_buf, &iwe, "");
3441
3442         if (bss && bss->wpa_ie) {
3443                 memset(&iwe, 0, sizeof(iwe));
3444                 iwe.cmd = IWEVGENIE;
3445                 iwe.u.data.length = bss->wpa_ie_len;
3446                 current_ev = iwe_stream_add_point(current_ev, end_buf, &iwe,
3447                                                   bss->wpa_ie);
3448         }
3449
3450         if (bss && bss->rsn_ie) {
3451                 memset(&iwe, 0, sizeof(iwe));
3452                 iwe.cmd = IWEVGENIE;
3453                 iwe.u.data.length = bss->rsn_ie_len;
3454                 current_ev = iwe_stream_add_point(current_ev, end_buf, &iwe,
3455                                                   bss->rsn_ie);
3456         }
3457
3458         if (bss && bss->supp_rates_len > 0) {
3459                 /* display all supported rates in readable format */
3460                 char *p = current_ev + IW_EV_LCP_LEN;
3461                 int i;
3462
3463                 memset(&iwe, 0, sizeof(iwe));
3464                 iwe.cmd = SIOCGIWRATE;
3465                 /* Those two flags are ignored... */
3466                 iwe.u.bitrate.fixed = iwe.u.bitrate.disabled = 0;
3467
3468                 for (i = 0; i < bss->supp_rates_len; i++) {
3469                         iwe.u.bitrate.value = ((bss->supp_rates[i] &
3470                                                         0x7f) * 500000);
3471                         p = iwe_stream_add_value(current_ev, p,
3472                                         end_buf, &iwe, IW_EV_PARAM_LEN);
3473                 }
3474                 current_ev = p;
3475         }
3476
3477         if (bss) {
3478                 char *buf;
3479                 buf = kmalloc(30, GFP_ATOMIC);
3480                 if (buf) {
3481                         memset(&iwe, 0, sizeof(iwe));
3482                         iwe.cmd = IWEVCUSTOM;
3483                         sprintf(buf, "tsf=%016llx", (unsigned long long)(bss->timestamp));
3484                         iwe.u.data.length = strlen(buf);
3485                         current_ev = iwe_stream_add_point(current_ev, end_buf,
3486                                                           &iwe, buf);
3487                         kfree(buf);
3488                 }
3489         }
3490
3491         return current_ev;
3492 }
3493
3494
3495 int ieee80211_sta_scan_results(struct net_device *dev, char *buf, size_t len)
3496 {
3497         struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
3498         char *current_ev = buf;
3499         char *end_buf = buf + len;
3500         struct ieee80211_sta_bss *bss;
3501
3502         spin_lock_bh(&local->sta_bss_lock);
3503         list_for_each_entry(bss, &local->sta_bss_list, list) {
3504                 if (buf + len - current_ev <= IW_EV_ADDR_LEN) {
3505                         spin_unlock_bh(&local->sta_bss_lock);
3506                         return -E2BIG;
3507                 }
3508                 current_ev = ieee80211_sta_scan_result(dev, bss, current_ev,
3509                                                        end_buf);
3510         }
3511         spin_unlock_bh(&local->sta_bss_lock);
3512         return current_ev - buf;
3513 }
3514
3515
3516 int ieee80211_sta_set_extra_ie(struct net_device *dev, char *ie, size_t len)
3517 {
3518         struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3519         struct ieee80211_if_sta *ifsta = &sdata->u.sta;
3520         kfree(ifsta->extra_ie);
3521         if (len == 0) {
3522                 ifsta->extra_ie = NULL;
3523                 ifsta->extra_ie_len = 0;
3524                 return 0;
3525         }
3526         ifsta->extra_ie = kmalloc(len, GFP_KERNEL);
3527         if (!ifsta->extra_ie) {
3528                 ifsta->extra_ie_len = 0;
3529                 return -ENOMEM;
3530         }
3531         memcpy(ifsta->extra_ie, ie, len);
3532         ifsta->extra_ie_len = len;
3533         return 0;
3534 }
3535
3536
3537 struct sta_info * ieee80211_ibss_add_sta(struct net_device *dev,
3538                                          struct sk_buff *skb, u8 *bssid,
3539                                          u8 *addr)
3540 {
3541         struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
3542         struct sta_info *sta;
3543         struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3544         DECLARE_MAC_BUF(mac);
3545
3546         /* TODO: Could consider removing the least recently used entry and
3547          * allow new one to be added. */
3548         if (local->num_sta >= IEEE80211_IBSS_MAX_STA_ENTRIES) {
3549                 if (net_ratelimit()) {
3550                         printk(KERN_DEBUG "%s: No room for a new IBSS STA "
3551                                "entry %s\n", dev->name, print_mac(mac, addr));
3552                 }
3553                 return NULL;
3554         }
3555
3556         printk(KERN_DEBUG "%s: Adding new IBSS station %s (dev=%s)\n",
3557                wiphy_name(local->hw.wiphy), print_mac(mac, addr), dev->name);
3558
3559         sta = sta_info_add(local, dev, addr, GFP_ATOMIC);
3560         if (!sta)
3561                 return NULL;
3562
3563         sta->supp_rates = sdata->u.sta.supp_rates_bits;
3564
3565         rate_control_rate_init(sta, local);
3566
3567         return sta; /* caller will call sta_info_put() */
3568 }
3569
3570
3571 int ieee80211_sta_deauthenticate(struct net_device *dev, u16 reason)
3572 {
3573         struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3574         struct ieee80211_if_sta *ifsta = &sdata->u.sta;
3575
3576         printk(KERN_DEBUG "%s: deauthenticate(reason=%d)\n",
3577                dev->name, reason);
3578
3579         if (sdata->vif.type != IEEE80211_IF_TYPE_STA &&
3580             sdata->vif.type != IEEE80211_IF_TYPE_IBSS)
3581                 return -EINVAL;
3582
3583         ieee80211_send_deauth(dev, ifsta, reason);
3584         ieee80211_set_disassoc(dev, ifsta, 1);
3585         return 0;
3586 }
3587
3588
3589 int ieee80211_sta_disassociate(struct net_device *dev, u16 reason)
3590 {
3591         struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3592         struct ieee80211_if_sta *ifsta = &sdata->u.sta;
3593
3594         printk(KERN_DEBUG "%s: disassociate(reason=%d)\n",
3595                dev->name, reason);
3596
3597         if (sdata->vif.type != IEEE80211_IF_TYPE_STA)
3598                 return -EINVAL;
3599
3600         if (!(ifsta->flags & IEEE80211_STA_ASSOCIATED))
3601                 return -1;
3602
3603         ieee80211_send_disassoc(dev, ifsta, reason);
3604         ieee80211_set_disassoc(dev, ifsta, 0);
3605         return 0;
3606 }