Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland...
[linux-2.6] / net / mac80211 / ht.c
1 /*
2  * HT handling
3  *
4  * Copyright 2003, Jouni Malinen <jkmaline@cc.hut.fi>
5  * Copyright 2002-2005, Instant802 Networks, Inc.
6  * Copyright 2005-2006, Devicescape Software, Inc.
7  * Copyright 2006-2007  Jiri Benc <jbenc@suse.cz>
8  * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
9  * Copyright 2007-2008, Intel Corporation
10  *
11  * This program is free software; you can redistribute it and/or modify
12  * it under the terms of the GNU General Public License version 2 as
13  * published by the Free Software Foundation.
14  */
15
16 #include <linux/ieee80211.h>
17 #include <net/wireless.h>
18 #include <net/mac80211.h>
19 #include "ieee80211_i.h"
20 #include "sta_info.h"
21 #include "wme.h"
22
23 int ieee80211_ht_cap_ie_to_ht_info(struct ieee80211_ht_cap *ht_cap_ie,
24                                    struct ieee80211_ht_info *ht_info)
25 {
26
27         if (ht_info == NULL)
28                 return -EINVAL;
29
30         memset(ht_info, 0, sizeof(*ht_info));
31
32         if (ht_cap_ie) {
33                 u8 ampdu_info = ht_cap_ie->ampdu_params_info;
34
35                 ht_info->ht_supported = 1;
36                 ht_info->cap = le16_to_cpu(ht_cap_ie->cap_info);
37                 ht_info->ampdu_factor =
38                         ampdu_info & IEEE80211_HT_CAP_AMPDU_FACTOR;
39                 ht_info->ampdu_density =
40                         (ampdu_info & IEEE80211_HT_CAP_AMPDU_DENSITY) >> 2;
41                 memcpy(ht_info->supp_mcs_set, ht_cap_ie->supp_mcs_set, 16);
42         } else
43                 ht_info->ht_supported = 0;
44
45         return 0;
46 }
47
48 int ieee80211_ht_addt_info_ie_to_ht_bss_info(
49                         struct ieee80211_ht_addt_info *ht_add_info_ie,
50                         struct ieee80211_ht_bss_info *bss_info)
51 {
52         if (bss_info == NULL)
53                 return -EINVAL;
54
55         memset(bss_info, 0, sizeof(*bss_info));
56
57         if (ht_add_info_ie) {
58                 u16 op_mode;
59                 op_mode = le16_to_cpu(ht_add_info_ie->operation_mode);
60
61                 bss_info->primary_channel = ht_add_info_ie->control_chan;
62                 bss_info->bss_cap = ht_add_info_ie->ht_param;
63                 bss_info->bss_op_mode = (u8)(op_mode & 0xff);
64         }
65
66         return 0;
67 }
68
69 static void ieee80211_send_addba_request(struct ieee80211_sub_if_data *sdata,
70                                          const u8 *da, u16 tid,
71                                          u8 dialog_token, u16 start_seq_num,
72                                          u16 agg_size, u16 timeout)
73 {
74         struct ieee80211_local *local = sdata->local;
75         struct ieee80211_if_sta *ifsta = &sdata->u.sta;
76         struct sk_buff *skb;
77         struct ieee80211_mgmt *mgmt;
78         u16 capab;
79
80         skb = dev_alloc_skb(sizeof(*mgmt) + local->hw.extra_tx_headroom);
81
82         if (!skb) {
83                 printk(KERN_ERR "%s: failed to allocate buffer "
84                                 "for addba request frame\n", sdata->dev->name);
85                 return;
86         }
87         skb_reserve(skb, local->hw.extra_tx_headroom);
88         mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
89         memset(mgmt, 0, 24);
90         memcpy(mgmt->da, da, ETH_ALEN);
91         memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN);
92         if (sdata->vif.type == NL80211_IFTYPE_AP)
93                 memcpy(mgmt->bssid, sdata->dev->dev_addr, ETH_ALEN);
94         else
95                 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
96
97         mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
98                                           IEEE80211_STYPE_ACTION);
99
100         skb_put(skb, 1 + sizeof(mgmt->u.action.u.addba_req));
101
102         mgmt->u.action.category = WLAN_CATEGORY_BACK;
103         mgmt->u.action.u.addba_req.action_code = WLAN_ACTION_ADDBA_REQ;
104
105         mgmt->u.action.u.addba_req.dialog_token = dialog_token;
106         capab = (u16)(1 << 1);          /* bit 1 aggregation policy */
107         capab |= (u16)(tid << 2);       /* bit 5:2 TID number */
108         capab |= (u16)(agg_size << 6);  /* bit 15:6 max size of aggergation */
109
110         mgmt->u.action.u.addba_req.capab = cpu_to_le16(capab);
111
112         mgmt->u.action.u.addba_req.timeout = cpu_to_le16(timeout);
113         mgmt->u.action.u.addba_req.start_seq_num =
114                                         cpu_to_le16(start_seq_num << 4);
115
116         ieee80211_tx_skb(sdata, skb, 0);
117 }
118
119 static void ieee80211_send_addba_resp(struct ieee80211_sub_if_data *sdata, u8 *da, u16 tid,
120                                       u8 dialog_token, u16 status, u16 policy,
121                                       u16 buf_size, u16 timeout)
122 {
123         struct ieee80211_if_sta *ifsta = &sdata->u.sta;
124         struct ieee80211_local *local = sdata->local;
125         struct sk_buff *skb;
126         struct ieee80211_mgmt *mgmt;
127         u16 capab;
128
129         skb = dev_alloc_skb(sizeof(*mgmt) + local->hw.extra_tx_headroom);
130
131         if (!skb) {
132                 printk(KERN_DEBUG "%s: failed to allocate buffer "
133                        "for addba resp frame\n", sdata->dev->name);
134                 return;
135         }
136
137         skb_reserve(skb, local->hw.extra_tx_headroom);
138         mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
139         memset(mgmt, 0, 24);
140         memcpy(mgmt->da, da, ETH_ALEN);
141         memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN);
142         if (sdata->vif.type == NL80211_IFTYPE_AP)
143                 memcpy(mgmt->bssid, sdata->dev->dev_addr, ETH_ALEN);
144         else
145                 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
146         mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
147                                           IEEE80211_STYPE_ACTION);
148
149         skb_put(skb, 1 + sizeof(mgmt->u.action.u.addba_resp));
150         mgmt->u.action.category = WLAN_CATEGORY_BACK;
151         mgmt->u.action.u.addba_resp.action_code = WLAN_ACTION_ADDBA_RESP;
152         mgmt->u.action.u.addba_resp.dialog_token = dialog_token;
153
154         capab = (u16)(policy << 1);     /* bit 1 aggregation policy */
155         capab |= (u16)(tid << 2);       /* bit 5:2 TID number */
156         capab |= (u16)(buf_size << 6);  /* bit 15:6 max size of aggregation */
157
158         mgmt->u.action.u.addba_resp.capab = cpu_to_le16(capab);
159         mgmt->u.action.u.addba_resp.timeout = cpu_to_le16(timeout);
160         mgmt->u.action.u.addba_resp.status = cpu_to_le16(status);
161
162         ieee80211_tx_skb(sdata, skb, 0);
163 }
164
165 static void ieee80211_send_delba(struct ieee80211_sub_if_data *sdata,
166                                  const u8 *da, u16 tid,
167                                  u16 initiator, u16 reason_code)
168 {
169         struct ieee80211_local *local = sdata->local;
170         struct ieee80211_if_sta *ifsta = &sdata->u.sta;
171         struct sk_buff *skb;
172         struct ieee80211_mgmt *mgmt;
173         u16 params;
174
175         skb = dev_alloc_skb(sizeof(*mgmt) + local->hw.extra_tx_headroom);
176
177         if (!skb) {
178                 printk(KERN_ERR "%s: failed to allocate buffer "
179                                         "for delba frame\n", sdata->dev->name);
180                 return;
181         }
182
183         skb_reserve(skb, local->hw.extra_tx_headroom);
184         mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
185         memset(mgmt, 0, 24);
186         memcpy(mgmt->da, da, ETH_ALEN);
187         memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN);
188         if (sdata->vif.type == NL80211_IFTYPE_AP)
189                 memcpy(mgmt->bssid, sdata->dev->dev_addr, ETH_ALEN);
190         else
191                 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
192         mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
193                                           IEEE80211_STYPE_ACTION);
194
195         skb_put(skb, 1 + sizeof(mgmt->u.action.u.delba));
196
197         mgmt->u.action.category = WLAN_CATEGORY_BACK;
198         mgmt->u.action.u.delba.action_code = WLAN_ACTION_DELBA;
199         params = (u16)(initiator << 11);        /* bit 11 initiator */
200         params |= (u16)(tid << 12);             /* bit 15:12 TID number */
201
202         mgmt->u.action.u.delba.params = cpu_to_le16(params);
203         mgmt->u.action.u.delba.reason_code = cpu_to_le16(reason_code);
204
205         ieee80211_tx_skb(sdata, skb, 0);
206 }
207
208 void ieee80211_send_bar(struct ieee80211_sub_if_data *sdata, u8 *ra, u16 tid, u16 ssn)
209 {
210         struct ieee80211_local *local = sdata->local;
211         struct sk_buff *skb;
212         struct ieee80211_bar *bar;
213         u16 bar_control = 0;
214
215         skb = dev_alloc_skb(sizeof(*bar) + local->hw.extra_tx_headroom);
216         if (!skb) {
217                 printk(KERN_ERR "%s: failed to allocate buffer for "
218                         "bar frame\n", sdata->dev->name);
219                 return;
220         }
221         skb_reserve(skb, local->hw.extra_tx_headroom);
222         bar = (struct ieee80211_bar *)skb_put(skb, sizeof(*bar));
223         memset(bar, 0, sizeof(*bar));
224         bar->frame_control = cpu_to_le16(IEEE80211_FTYPE_CTL |
225                                          IEEE80211_STYPE_BACK_REQ);
226         memcpy(bar->ra, ra, ETH_ALEN);
227         memcpy(bar->ta, sdata->dev->dev_addr, ETH_ALEN);
228         bar_control |= (u16)IEEE80211_BAR_CTRL_ACK_POLICY_NORMAL;
229         bar_control |= (u16)IEEE80211_BAR_CTRL_CBMTID_COMPRESSED_BA;
230         bar_control |= (u16)(tid << 12);
231         bar->control = cpu_to_le16(bar_control);
232         bar->start_seq_num = cpu_to_le16(ssn);
233
234         ieee80211_tx_skb(sdata, skb, 0);
235 }
236
237 void ieee80211_sta_stop_rx_ba_session(struct ieee80211_sub_if_data *sdata, u8 *ra, u16 tid,
238                                         u16 initiator, u16 reason)
239 {
240         struct ieee80211_local *local = sdata->local;
241         struct ieee80211_hw *hw = &local->hw;
242         struct sta_info *sta;
243         int ret, i;
244         DECLARE_MAC_BUF(mac);
245
246         rcu_read_lock();
247
248         sta = sta_info_get(local, ra);
249         if (!sta) {
250                 rcu_read_unlock();
251                 return;
252         }
253
254         /* check if TID is in operational state */
255         spin_lock_bh(&sta->lock);
256         if (sta->ampdu_mlme.tid_state_rx[tid]
257                                 != HT_AGG_STATE_OPERATIONAL) {
258                 spin_unlock_bh(&sta->lock);
259                 rcu_read_unlock();
260                 return;
261         }
262         sta->ampdu_mlme.tid_state_rx[tid] =
263                 HT_AGG_STATE_REQ_STOP_BA_MSK |
264                 (initiator << HT_AGG_STATE_INITIATOR_SHIFT);
265         spin_unlock_bh(&sta->lock);
266
267         /* stop HW Rx aggregation. ampdu_action existence
268          * already verified in session init so we add the BUG_ON */
269         BUG_ON(!local->ops->ampdu_action);
270
271 #ifdef CONFIG_MAC80211_HT_DEBUG
272         printk(KERN_DEBUG "Rx BA session stop requested for %s tid %u\n",
273                                 print_mac(mac, ra), tid);
274 #endif /* CONFIG_MAC80211_HT_DEBUG */
275
276         ret = local->ops->ampdu_action(hw, IEEE80211_AMPDU_RX_STOP,
277                                        &sta->sta, tid, NULL);
278         if (ret)
279                 printk(KERN_DEBUG "HW problem - can not stop rx "
280                                 "aggregation for tid %d\n", tid);
281
282         /* shutdown timer has not expired */
283         if (initiator != WLAN_BACK_TIMER)
284                 del_timer_sync(&sta->ampdu_mlme.tid_rx[tid]->session_timer);
285
286         /* check if this is a self generated aggregation halt */
287         if (initiator == WLAN_BACK_RECIPIENT || initiator == WLAN_BACK_TIMER)
288                 ieee80211_send_delba(sdata, ra, tid, 0, reason);
289
290         /* free the reordering buffer */
291         for (i = 0; i < sta->ampdu_mlme.tid_rx[tid]->buf_size; i++) {
292                 if (sta->ampdu_mlme.tid_rx[tid]->reorder_buf[i]) {
293                         /* release the reordered frames */
294                         dev_kfree_skb(sta->ampdu_mlme.tid_rx[tid]->reorder_buf[i]);
295                         sta->ampdu_mlme.tid_rx[tid]->stored_mpdu_num--;
296                         sta->ampdu_mlme.tid_rx[tid]->reorder_buf[i] = NULL;
297                 }
298         }
299         /* free resources */
300         kfree(sta->ampdu_mlme.tid_rx[tid]->reorder_buf);
301         kfree(sta->ampdu_mlme.tid_rx[tid]);
302         sta->ampdu_mlme.tid_rx[tid] = NULL;
303         sta->ampdu_mlme.tid_state_rx[tid] = HT_AGG_STATE_IDLE;
304
305         rcu_read_unlock();
306 }
307
308
309 /*
310  * After sending add Block Ack request we activated a timer until
311  * add Block Ack response will arrive from the recipient.
312  * If this timer expires sta_addba_resp_timer_expired will be executed.
313  */
314 static void sta_addba_resp_timer_expired(unsigned long data)
315 {
316         /* not an elegant detour, but there is no choice as the timer passes
317          * only one argument, and both sta_info and TID are needed, so init
318          * flow in sta_info_create gives the TID as data, while the timer_to_id
319          * array gives the sta through container_of */
320         u16 tid = *(u8 *)data;
321         struct sta_info *temp_sta = container_of((void *)data,
322                 struct sta_info, timer_to_tid[tid]);
323
324         struct ieee80211_local *local = temp_sta->local;
325         struct ieee80211_hw *hw = &local->hw;
326         struct sta_info *sta;
327         u8 *state;
328
329         rcu_read_lock();
330
331         sta = sta_info_get(local, temp_sta->sta.addr);
332         if (!sta) {
333                 rcu_read_unlock();
334                 return;
335         }
336
337         state = &sta->ampdu_mlme.tid_state_tx[tid];
338         /* check if the TID waits for addBA response */
339         spin_lock_bh(&sta->lock);
340         if (!(*state & HT_ADDBA_REQUESTED_MSK)) {
341                 spin_unlock_bh(&sta->lock);
342                 *state = HT_AGG_STATE_IDLE;
343 #ifdef CONFIG_MAC80211_HT_DEBUG
344                 printk(KERN_DEBUG "timer expired on tid %d but we are not "
345                                 "expecting addBA response there", tid);
346 #endif
347                 goto timer_expired_exit;
348         }
349
350 #ifdef CONFIG_MAC80211_HT_DEBUG
351         printk(KERN_DEBUG "addBA response timer expired on tid %d\n", tid);
352 #endif
353
354         /* go through the state check in stop_BA_session */
355         *state = HT_AGG_STATE_OPERATIONAL;
356         spin_unlock_bh(&sta->lock);
357         ieee80211_stop_tx_ba_session(hw, temp_sta->sta.addr, tid,
358                                      WLAN_BACK_INITIATOR);
359
360 timer_expired_exit:
361         rcu_read_unlock();
362 }
363
364 void ieee80211_sta_tear_down_BA_sessions(struct ieee80211_sub_if_data *sdata, u8 *addr)
365 {
366         struct ieee80211_local *local = sdata->local;
367         int i;
368
369         for (i = 0; i <  STA_TID_NUM; i++) {
370                 ieee80211_stop_tx_ba_session(&local->hw, addr, i,
371                                              WLAN_BACK_INITIATOR);
372                 ieee80211_sta_stop_rx_ba_session(sdata, addr, i,
373                                                  WLAN_BACK_RECIPIENT,
374                                                  WLAN_REASON_QSTA_LEAVE_QBSS);
375         }
376 }
377
378 int ieee80211_start_tx_ba_session(struct ieee80211_hw *hw, u8 *ra, u16 tid)
379 {
380         struct ieee80211_local *local = hw_to_local(hw);
381         struct sta_info *sta;
382         struct ieee80211_sub_if_data *sdata;
383         u16 start_seq_num;
384         u8 *state;
385         int ret;
386         DECLARE_MAC_BUF(mac);
387
388         if (tid >= STA_TID_NUM)
389                 return -EINVAL;
390
391 #ifdef CONFIG_MAC80211_HT_DEBUG
392         printk(KERN_DEBUG "Open BA session requested for %s tid %u\n",
393                                 print_mac(mac, ra), tid);
394 #endif /* CONFIG_MAC80211_HT_DEBUG */
395
396         rcu_read_lock();
397
398         sta = sta_info_get(local, ra);
399         if (!sta) {
400 #ifdef CONFIG_MAC80211_HT_DEBUG
401                 printk(KERN_DEBUG "Could not find the station\n");
402 #endif
403                 ret = -ENOENT;
404                 goto exit;
405         }
406
407         spin_lock_bh(&sta->lock);
408
409         /* we have tried too many times, receiver does not want A-MPDU */
410         if (sta->ampdu_mlme.addba_req_num[tid] > HT_AGG_MAX_RETRIES) {
411                 ret = -EBUSY;
412                 goto err_unlock_sta;
413         }
414
415         state = &sta->ampdu_mlme.tid_state_tx[tid];
416         /* check if the TID is not in aggregation flow already */
417         if (*state != HT_AGG_STATE_IDLE) {
418 #ifdef CONFIG_MAC80211_HT_DEBUG
419                 printk(KERN_DEBUG "BA request denied - session is not "
420                                  "idle on tid %u\n", tid);
421 #endif /* CONFIG_MAC80211_HT_DEBUG */
422                 ret = -EAGAIN;
423                 goto err_unlock_sta;
424         }
425
426         /* prepare A-MPDU MLME for Tx aggregation */
427         sta->ampdu_mlme.tid_tx[tid] =
428                         kmalloc(sizeof(struct tid_ampdu_tx), GFP_ATOMIC);
429         if (!sta->ampdu_mlme.tid_tx[tid]) {
430 #ifdef CONFIG_MAC80211_HT_DEBUG
431                 if (net_ratelimit())
432                         printk(KERN_ERR "allocate tx mlme to tid %d failed\n",
433                                         tid);
434 #endif
435                 ret = -ENOMEM;
436                 goto err_unlock_sta;
437         }
438         /* Tx timer */
439         sta->ampdu_mlme.tid_tx[tid]->addba_resp_timer.function =
440                         sta_addba_resp_timer_expired;
441         sta->ampdu_mlme.tid_tx[tid]->addba_resp_timer.data =
442                         (unsigned long)&sta->timer_to_tid[tid];
443         init_timer(&sta->ampdu_mlme.tid_tx[tid]->addba_resp_timer);
444
445         /* create a new queue for this aggregation */
446         ret = ieee80211_ht_agg_queue_add(local, sta, tid);
447
448         /* case no queue is available to aggregation
449          * don't switch to aggregation */
450         if (ret) {
451 #ifdef CONFIG_MAC80211_HT_DEBUG
452                 printk(KERN_DEBUG "BA request denied - queue unavailable for"
453                                         " tid %d\n", tid);
454 #endif /* CONFIG_MAC80211_HT_DEBUG */
455                 goto err_unlock_queue;
456         }
457         sdata = sta->sdata;
458
459         /* Ok, the Addba frame hasn't been sent yet, but if the driver calls the
460          * call back right away, it must see that the flow has begun */
461         *state |= HT_ADDBA_REQUESTED_MSK;
462
463         /* This is slightly racy because the queue isn't stopped */
464         start_seq_num = sta->tid_seq[tid];
465
466         if (local->ops->ampdu_action)
467                 ret = local->ops->ampdu_action(hw, IEEE80211_AMPDU_TX_START,
468                                                &sta->sta, tid, &start_seq_num);
469
470         if (ret) {
471                 /* No need to requeue the packets in the agg queue, since we
472                  * held the tx lock: no packet could be enqueued to the newly
473                  * allocated queue */
474                 ieee80211_ht_agg_queue_remove(local, sta, tid, 0);
475 #ifdef CONFIG_MAC80211_HT_DEBUG
476                 printk(KERN_DEBUG "BA request denied - HW unavailable for"
477                                         " tid %d\n", tid);
478 #endif /* CONFIG_MAC80211_HT_DEBUG */
479                 *state = HT_AGG_STATE_IDLE;
480                 goto err_unlock_queue;
481         }
482
483         /* Will put all the packets in the new SW queue */
484         ieee80211_requeue(local, ieee802_1d_to_ac[tid]);
485         spin_unlock_bh(&sta->lock);
486
487         /* send an addBA request */
488         sta->ampdu_mlme.dialog_token_allocator++;
489         sta->ampdu_mlme.tid_tx[tid]->dialog_token =
490                         sta->ampdu_mlme.dialog_token_allocator;
491         sta->ampdu_mlme.tid_tx[tid]->ssn = start_seq_num;
492
493
494         ieee80211_send_addba_request(sta->sdata, ra, tid,
495                          sta->ampdu_mlme.tid_tx[tid]->dialog_token,
496                          sta->ampdu_mlme.tid_tx[tid]->ssn,
497                          0x40, 5000);
498         /* activate the timer for the recipient's addBA response */
499         sta->ampdu_mlme.tid_tx[tid]->addba_resp_timer.expires =
500                                 jiffies + ADDBA_RESP_INTERVAL;
501         add_timer(&sta->ampdu_mlme.tid_tx[tid]->addba_resp_timer);
502 #ifdef CONFIG_MAC80211_HT_DEBUG
503         printk(KERN_DEBUG "activated addBA response timer on tid %d\n", tid);
504 #endif
505         goto exit;
506
507 err_unlock_queue:
508         kfree(sta->ampdu_mlme.tid_tx[tid]);
509         sta->ampdu_mlme.tid_tx[tid] = NULL;
510         ret = -EBUSY;
511 err_unlock_sta:
512         spin_unlock_bh(&sta->lock);
513 exit:
514         rcu_read_unlock();
515         return ret;
516 }
517 EXPORT_SYMBOL(ieee80211_start_tx_ba_session);
518
519 int ieee80211_stop_tx_ba_session(struct ieee80211_hw *hw,
520                                  u8 *ra, u16 tid,
521                                  enum ieee80211_back_parties initiator)
522 {
523         struct ieee80211_local *local = hw_to_local(hw);
524         struct sta_info *sta;
525         u8 *state;
526         int ret = 0;
527         DECLARE_MAC_BUF(mac);
528
529         if (tid >= STA_TID_NUM)
530                 return -EINVAL;
531
532         rcu_read_lock();
533         sta = sta_info_get(local, ra);
534         if (!sta) {
535                 rcu_read_unlock();
536                 return -ENOENT;
537         }
538
539         /* check if the TID is in aggregation */
540         state = &sta->ampdu_mlme.tid_state_tx[tid];
541         spin_lock_bh(&sta->lock);
542
543         if (*state != HT_AGG_STATE_OPERATIONAL) {
544                 ret = -ENOENT;
545                 goto stop_BA_exit;
546         }
547
548 #ifdef CONFIG_MAC80211_HT_DEBUG
549         printk(KERN_DEBUG "Tx BA session stop requested for %s tid %u\n",
550                                 print_mac(mac, ra), tid);
551 #endif /* CONFIG_MAC80211_HT_DEBUG */
552
553         ieee80211_stop_queue(hw, sta->tid_to_tx_q[tid]);
554
555         *state = HT_AGG_STATE_REQ_STOP_BA_MSK |
556                 (initiator << HT_AGG_STATE_INITIATOR_SHIFT);
557
558         if (local->ops->ampdu_action)
559                 ret = local->ops->ampdu_action(hw, IEEE80211_AMPDU_TX_STOP,
560                                                &sta->sta, tid, NULL);
561
562         /* case HW denied going back to legacy */
563         if (ret) {
564                 WARN_ON(ret != -EBUSY);
565                 *state = HT_AGG_STATE_OPERATIONAL;
566                 ieee80211_wake_queue(hw, sta->tid_to_tx_q[tid]);
567                 goto stop_BA_exit;
568         }
569
570 stop_BA_exit:
571         spin_unlock_bh(&sta->lock);
572         rcu_read_unlock();
573         return ret;
574 }
575 EXPORT_SYMBOL(ieee80211_stop_tx_ba_session);
576
577 void ieee80211_start_tx_ba_cb(struct ieee80211_hw *hw, u8 *ra, u16 tid)
578 {
579         struct ieee80211_local *local = hw_to_local(hw);
580         struct sta_info *sta;
581         u8 *state;
582         DECLARE_MAC_BUF(mac);
583
584         if (tid >= STA_TID_NUM) {
585 #ifdef CONFIG_MAC80211_HT_DEBUG
586                 printk(KERN_DEBUG "Bad TID value: tid = %d (>= %d)\n",
587                                 tid, STA_TID_NUM);
588 #endif
589                 return;
590         }
591
592         rcu_read_lock();
593         sta = sta_info_get(local, ra);
594         if (!sta) {
595                 rcu_read_unlock();
596 #ifdef CONFIG_MAC80211_HT_DEBUG
597                 printk(KERN_DEBUG "Could not find station: %s\n",
598                                 print_mac(mac, ra));
599 #endif
600                 return;
601         }
602
603         state = &sta->ampdu_mlme.tid_state_tx[tid];
604         spin_lock_bh(&sta->lock);
605
606         if (!(*state & HT_ADDBA_REQUESTED_MSK)) {
607 #ifdef CONFIG_MAC80211_HT_DEBUG
608                 printk(KERN_DEBUG "addBA was not requested yet, state is %d\n",
609                                 *state);
610 #endif
611                 spin_unlock_bh(&sta->lock);
612                 rcu_read_unlock();
613                 return;
614         }
615
616         WARN_ON_ONCE(*state & HT_ADDBA_DRV_READY_MSK);
617
618         *state |= HT_ADDBA_DRV_READY_MSK;
619
620         if (*state == HT_AGG_STATE_OPERATIONAL) {
621 #ifdef CONFIG_MAC80211_HT_DEBUG
622                 printk(KERN_DEBUG "Aggregation is on for tid %d \n", tid);
623 #endif
624                 ieee80211_wake_queue(hw, sta->tid_to_tx_q[tid]);
625         }
626         spin_unlock_bh(&sta->lock);
627         rcu_read_unlock();
628 }
629 EXPORT_SYMBOL(ieee80211_start_tx_ba_cb);
630
631 void ieee80211_stop_tx_ba_cb(struct ieee80211_hw *hw, u8 *ra, u8 tid)
632 {
633         struct ieee80211_local *local = hw_to_local(hw);
634         struct sta_info *sta;
635         u8 *state;
636         int agg_queue;
637         DECLARE_MAC_BUF(mac);
638
639         if (tid >= STA_TID_NUM) {
640 #ifdef CONFIG_MAC80211_HT_DEBUG
641                 printk(KERN_DEBUG "Bad TID value: tid = %d (>= %d)\n",
642                                 tid, STA_TID_NUM);
643 #endif
644                 return;
645         }
646
647 #ifdef CONFIG_MAC80211_HT_DEBUG
648         printk(KERN_DEBUG "Stopping Tx BA session for %s tid %d\n",
649                                 print_mac(mac, ra), tid);
650 #endif /* CONFIG_MAC80211_HT_DEBUG */
651
652         rcu_read_lock();
653         sta = sta_info_get(local, ra);
654         if (!sta) {
655 #ifdef CONFIG_MAC80211_HT_DEBUG
656                 printk(KERN_DEBUG "Could not find station: %s\n",
657                                 print_mac(mac, ra));
658 #endif
659                 rcu_read_unlock();
660                 return;
661         }
662         state = &sta->ampdu_mlme.tid_state_tx[tid];
663
664         /* NOTE: no need to use sta->lock in this state check, as
665          * ieee80211_stop_tx_ba_session will let only one stop call to
666          * pass through per sta/tid
667          */
668         if ((*state & HT_AGG_STATE_REQ_STOP_BA_MSK) == 0) {
669 #ifdef CONFIG_MAC80211_HT_DEBUG
670                 printk(KERN_DEBUG "unexpected callback to A-MPDU stop\n");
671 #endif
672                 rcu_read_unlock();
673                 return;
674         }
675
676         if (*state & HT_AGG_STATE_INITIATOR_MSK)
677                 ieee80211_send_delba(sta->sdata, ra, tid,
678                         WLAN_BACK_INITIATOR, WLAN_REASON_QSTA_NOT_USE);
679
680         agg_queue = sta->tid_to_tx_q[tid];
681
682         ieee80211_ht_agg_queue_remove(local, sta, tid, 1);
683
684         /* We just requeued the all the frames that were in the
685          * removed queue, and since we might miss a softirq we do
686          * netif_schedule_queue.  ieee80211_wake_queue is not used
687          * here as this queue is not necessarily stopped
688          */
689         netif_schedule_queue(netdev_get_tx_queue(local->mdev, agg_queue));
690         spin_lock_bh(&sta->lock);
691         *state = HT_AGG_STATE_IDLE;
692         sta->ampdu_mlme.addba_req_num[tid] = 0;
693         kfree(sta->ampdu_mlme.tid_tx[tid]);
694         sta->ampdu_mlme.tid_tx[tid] = NULL;
695         spin_unlock_bh(&sta->lock);
696
697         rcu_read_unlock();
698 }
699 EXPORT_SYMBOL(ieee80211_stop_tx_ba_cb);
700
701 void ieee80211_start_tx_ba_cb_irqsafe(struct ieee80211_hw *hw,
702                                       const u8 *ra, u16 tid)
703 {
704         struct ieee80211_local *local = hw_to_local(hw);
705         struct ieee80211_ra_tid *ra_tid;
706         struct sk_buff *skb = dev_alloc_skb(0);
707
708         if (unlikely(!skb)) {
709 #ifdef CONFIG_MAC80211_HT_DEBUG
710                 if (net_ratelimit())
711                         printk(KERN_WARNING "%s: Not enough memory, "
712                                "dropping start BA session", skb->dev->name);
713 #endif
714                 return;
715         }
716         ra_tid = (struct ieee80211_ra_tid *) &skb->cb;
717         memcpy(&ra_tid->ra, ra, ETH_ALEN);
718         ra_tid->tid = tid;
719
720         skb->pkt_type = IEEE80211_ADDBA_MSG;
721         skb_queue_tail(&local->skb_queue, skb);
722         tasklet_schedule(&local->tasklet);
723 }
724 EXPORT_SYMBOL(ieee80211_start_tx_ba_cb_irqsafe);
725
726 void ieee80211_stop_tx_ba_cb_irqsafe(struct ieee80211_hw *hw,
727                                      const u8 *ra, u16 tid)
728 {
729         struct ieee80211_local *local = hw_to_local(hw);
730         struct ieee80211_ra_tid *ra_tid;
731         struct sk_buff *skb = dev_alloc_skb(0);
732
733         if (unlikely(!skb)) {
734 #ifdef CONFIG_MAC80211_HT_DEBUG
735                 if (net_ratelimit())
736                         printk(KERN_WARNING "%s: Not enough memory, "
737                                "dropping stop BA session", skb->dev->name);
738 #endif
739                 return;
740         }
741         ra_tid = (struct ieee80211_ra_tid *) &skb->cb;
742         memcpy(&ra_tid->ra, ra, ETH_ALEN);
743         ra_tid->tid = tid;
744
745         skb->pkt_type = IEEE80211_DELBA_MSG;
746         skb_queue_tail(&local->skb_queue, skb);
747         tasklet_schedule(&local->tasklet);
748 }
749 EXPORT_SYMBOL(ieee80211_stop_tx_ba_cb_irqsafe);
750
751 /*
752  * After accepting the AddBA Request we activated a timer,
753  * resetting it after each frame that arrives from the originator.
754  * if this timer expires ieee80211_sta_stop_rx_ba_session will be executed.
755  */
756 static void sta_rx_agg_session_timer_expired(unsigned long data)
757 {
758         /* not an elegant detour, but there is no choice as the timer passes
759          * only one argument, and various sta_info are needed here, so init
760          * flow in sta_info_create gives the TID as data, while the timer_to_id
761          * array gives the sta through container_of */
762         u8 *ptid = (u8 *)data;
763         u8 *timer_to_id = ptid - *ptid;
764         struct sta_info *sta = container_of(timer_to_id, struct sta_info,
765                                          timer_to_tid[0]);
766
767 #ifdef CONFIG_MAC80211_HT_DEBUG
768         printk(KERN_DEBUG "rx session timer expired on tid %d\n", (u16)*ptid);
769 #endif
770         ieee80211_sta_stop_rx_ba_session(sta->sdata, sta->sta.addr,
771                                          (u16)*ptid, WLAN_BACK_TIMER,
772                                          WLAN_REASON_QSTA_TIMEOUT);
773 }
774
775 void ieee80211_process_addba_request(struct ieee80211_local *local,
776                                      struct sta_info *sta,
777                                      struct ieee80211_mgmt *mgmt,
778                                      size_t len)
779 {
780         struct ieee80211_hw *hw = &local->hw;
781         struct ieee80211_conf *conf = &hw->conf;
782         struct tid_ampdu_rx *tid_agg_rx;
783         u16 capab, tid, timeout, ba_policy, buf_size, start_seq_num, status;
784         u8 dialog_token;
785         int ret = -EOPNOTSUPP;
786         DECLARE_MAC_BUF(mac);
787
788         /* extract session parameters from addba request frame */
789         dialog_token = mgmt->u.action.u.addba_req.dialog_token;
790         timeout = le16_to_cpu(mgmt->u.action.u.addba_req.timeout);
791         start_seq_num =
792                 le16_to_cpu(mgmt->u.action.u.addba_req.start_seq_num) >> 4;
793
794         capab = le16_to_cpu(mgmt->u.action.u.addba_req.capab);
795         ba_policy = (capab & IEEE80211_ADDBA_PARAM_POLICY_MASK) >> 1;
796         tid = (capab & IEEE80211_ADDBA_PARAM_TID_MASK) >> 2;
797         buf_size = (capab & IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK) >> 6;
798
799         status = WLAN_STATUS_REQUEST_DECLINED;
800
801         /* sanity check for incoming parameters:
802          * check if configuration can support the BA policy
803          * and if buffer size does not exceeds max value */
804         if (((ba_policy != 1)
805                 && (!(conf->ht_conf.cap & IEEE80211_HT_CAP_DELAY_BA)))
806                 || (buf_size > IEEE80211_MAX_AMPDU_BUF)) {
807                 status = WLAN_STATUS_INVALID_QOS_PARAM;
808 #ifdef CONFIG_MAC80211_HT_DEBUG
809                 if (net_ratelimit())
810                         printk(KERN_DEBUG "AddBA Req with bad params from "
811                                 "%s on tid %u. policy %d, buffer size %d\n",
812                                 print_mac(mac, mgmt->sa), tid, ba_policy,
813                                 buf_size);
814 #endif /* CONFIG_MAC80211_HT_DEBUG */
815                 goto end_no_lock;
816         }
817         /* determine default buffer size */
818         if (buf_size == 0) {
819                 struct ieee80211_supported_band *sband;
820
821                 sband = local->hw.wiphy->bands[conf->channel->band];
822                 buf_size = IEEE80211_MIN_AMPDU_BUF;
823                 buf_size = buf_size << sband->ht_info.ampdu_factor;
824         }
825
826
827         /* examine state machine */
828         spin_lock_bh(&sta->lock);
829
830         if (sta->ampdu_mlme.tid_state_rx[tid] != HT_AGG_STATE_IDLE) {
831 #ifdef CONFIG_MAC80211_HT_DEBUG
832                 if (net_ratelimit())
833                         printk(KERN_DEBUG "unexpected AddBA Req from "
834                                 "%s on tid %u\n",
835                                 print_mac(mac, mgmt->sa), tid);
836 #endif /* CONFIG_MAC80211_HT_DEBUG */
837                 goto end;
838         }
839
840         /* prepare A-MPDU MLME for Rx aggregation */
841         sta->ampdu_mlme.tid_rx[tid] =
842                         kmalloc(sizeof(struct tid_ampdu_rx), GFP_ATOMIC);
843         if (!sta->ampdu_mlme.tid_rx[tid]) {
844 #ifdef CONFIG_MAC80211_HT_DEBUG
845                 if (net_ratelimit())
846                         printk(KERN_ERR "allocate rx mlme to tid %d failed\n",
847                                         tid);
848 #endif
849                 goto end;
850         }
851         /* rx timer */
852         sta->ampdu_mlme.tid_rx[tid]->session_timer.function =
853                                 sta_rx_agg_session_timer_expired;
854         sta->ampdu_mlme.tid_rx[tid]->session_timer.data =
855                                 (unsigned long)&sta->timer_to_tid[tid];
856         init_timer(&sta->ampdu_mlme.tid_rx[tid]->session_timer);
857
858         tid_agg_rx = sta->ampdu_mlme.tid_rx[tid];
859
860         /* prepare reordering buffer */
861         tid_agg_rx->reorder_buf =
862                 kmalloc(buf_size * sizeof(struct sk_buff *), GFP_ATOMIC);
863         if (!tid_agg_rx->reorder_buf) {
864 #ifdef CONFIG_MAC80211_HT_DEBUG
865                 if (net_ratelimit())
866                         printk(KERN_ERR "can not allocate reordering buffer "
867                                "to tid %d\n", tid);
868 #endif
869                 kfree(sta->ampdu_mlme.tid_rx[tid]);
870                 goto end;
871         }
872         memset(tid_agg_rx->reorder_buf, 0,
873                 buf_size * sizeof(struct sk_buff *));
874
875         if (local->ops->ampdu_action)
876                 ret = local->ops->ampdu_action(hw, IEEE80211_AMPDU_RX_START,
877                                                &sta->sta, tid, &start_seq_num);
878 #ifdef CONFIG_MAC80211_HT_DEBUG
879         printk(KERN_DEBUG "Rx A-MPDU request on tid %d result %d\n", tid, ret);
880 #endif /* CONFIG_MAC80211_HT_DEBUG */
881
882         if (ret) {
883                 kfree(tid_agg_rx->reorder_buf);
884                 kfree(tid_agg_rx);
885                 sta->ampdu_mlme.tid_rx[tid] = NULL;
886                 goto end;
887         }
888
889         /* change state and send addba resp */
890         sta->ampdu_mlme.tid_state_rx[tid] = HT_AGG_STATE_OPERATIONAL;
891         tid_agg_rx->dialog_token = dialog_token;
892         tid_agg_rx->ssn = start_seq_num;
893         tid_agg_rx->head_seq_num = start_seq_num;
894         tid_agg_rx->buf_size = buf_size;
895         tid_agg_rx->timeout = timeout;
896         tid_agg_rx->stored_mpdu_num = 0;
897         status = WLAN_STATUS_SUCCESS;
898 end:
899         spin_unlock_bh(&sta->lock);
900
901 end_no_lock:
902         ieee80211_send_addba_resp(sta->sdata, sta->sta.addr, tid,
903                                   dialog_token, status, 1, buf_size, timeout);
904 }
905
906 void ieee80211_process_addba_resp(struct ieee80211_local *local,
907                                   struct sta_info *sta,
908                                   struct ieee80211_mgmt *mgmt,
909                                   size_t len)
910 {
911         struct ieee80211_hw *hw = &local->hw;
912         u16 capab;
913         u16 tid;
914         u8 *state;
915
916         capab = le16_to_cpu(mgmt->u.action.u.addba_resp.capab);
917         tid = (capab & IEEE80211_ADDBA_PARAM_TID_MASK) >> 2;
918
919         state = &sta->ampdu_mlme.tid_state_tx[tid];
920
921         spin_lock_bh(&sta->lock);
922
923         if (!(*state & HT_ADDBA_REQUESTED_MSK)) {
924                 spin_unlock_bh(&sta->lock);
925                 return;
926         }
927
928         if (mgmt->u.action.u.addba_resp.dialog_token !=
929                 sta->ampdu_mlme.tid_tx[tid]->dialog_token) {
930                 spin_unlock_bh(&sta->lock);
931 #ifdef CONFIG_MAC80211_HT_DEBUG
932                 printk(KERN_DEBUG "wrong addBA response token, tid %d\n", tid);
933 #endif /* CONFIG_MAC80211_HT_DEBUG */
934                 return;
935         }
936
937         del_timer_sync(&sta->ampdu_mlme.tid_tx[tid]->addba_resp_timer);
938 #ifdef CONFIG_MAC80211_HT_DEBUG
939         printk(KERN_DEBUG "switched off addBA timer for tid %d \n", tid);
940 #endif /* CONFIG_MAC80211_HT_DEBUG */
941         if (le16_to_cpu(mgmt->u.action.u.addba_resp.status)
942                         == WLAN_STATUS_SUCCESS) {
943                 *state |= HT_ADDBA_RECEIVED_MSK;
944                 sta->ampdu_mlme.addba_req_num[tid] = 0;
945
946                 if (*state == HT_AGG_STATE_OPERATIONAL)
947                         ieee80211_wake_queue(hw, sta->tid_to_tx_q[tid]);
948
949                 spin_unlock_bh(&sta->lock);
950         } else {
951                 sta->ampdu_mlme.addba_req_num[tid]++;
952                 /* this will allow the state check in stop_BA_session */
953                 *state = HT_AGG_STATE_OPERATIONAL;
954                 spin_unlock_bh(&sta->lock);
955                 ieee80211_stop_tx_ba_session(hw, sta->sta.addr, tid,
956                                              WLAN_BACK_INITIATOR);
957         }
958 }
959
960 void ieee80211_process_delba(struct ieee80211_sub_if_data *sdata,
961                              struct sta_info *sta,
962                              struct ieee80211_mgmt *mgmt, size_t len)
963 {
964         struct ieee80211_local *local = sdata->local;
965         u16 tid, params;
966         u16 initiator;
967         DECLARE_MAC_BUF(mac);
968
969         params = le16_to_cpu(mgmt->u.action.u.delba.params);
970         tid = (params & IEEE80211_DELBA_PARAM_TID_MASK) >> 12;
971         initiator = (params & IEEE80211_DELBA_PARAM_INITIATOR_MASK) >> 11;
972
973 #ifdef CONFIG_MAC80211_HT_DEBUG
974         if (net_ratelimit())
975                 printk(KERN_DEBUG "delba from %s (%s) tid %d reason code %d\n",
976                         print_mac(mac, mgmt->sa),
977                         initiator ? "initiator" : "recipient", tid,
978                         mgmt->u.action.u.delba.reason_code);
979 #endif /* CONFIG_MAC80211_HT_DEBUG */
980
981         if (initiator == WLAN_BACK_INITIATOR)
982                 ieee80211_sta_stop_rx_ba_session(sdata, sta->sta.addr, tid,
983                                                  WLAN_BACK_INITIATOR, 0);
984         else { /* WLAN_BACK_RECIPIENT */
985                 spin_lock_bh(&sta->lock);
986                 sta->ampdu_mlme.tid_state_tx[tid] =
987                                 HT_AGG_STATE_OPERATIONAL;
988                 spin_unlock_bh(&sta->lock);
989                 ieee80211_stop_tx_ba_session(&local->hw, sta->sta.addr, tid,
990                                              WLAN_BACK_RECIPIENT);
991         }
992 }