2 * Intersil Prism2 driver with Host AP (software access point) support
3 * Copyright (c) 2001-2002, SSH Communications Security Corp and Jouni Malinen
5 * Copyright (c) 2002-2005, Jouni Malinen <j@w1.fi>
7 * This file is to be included into hostap.c when S/W AP functionality is
11 * - if unicast Class 2 (assoc,reassoc,disassoc) frame received from
12 * unauthenticated STA, send deauth. frame (8802.11: 5.5)
13 * - if unicast Class 3 (data with to/from DS,deauth,pspoll) frame received
14 * from authenticated, but unassoc STA, send disassoc frame (8802.11: 5.5)
15 * - if unicast Class 3 received from unauthenticated STA, send deauth. frame
19 #include <linux/proc_fs.h>
20 #include <linux/delay.h>
21 #include <linux/random.h>
23 #include "hostap_wlan.h"
25 #include "hostap_ap.h"
27 static int other_ap_policy[MAX_PARM_DEVICES] = { AP_OTHER_AP_SKIP_ALL,
29 module_param_array(other_ap_policy, int, NULL, 0444);
30 MODULE_PARM_DESC(other_ap_policy, "Other AP beacon monitoring policy (0-3)");
32 static int ap_max_inactivity[MAX_PARM_DEVICES] = { AP_MAX_INACTIVITY_SEC,
34 module_param_array(ap_max_inactivity, int, NULL, 0444);
35 MODULE_PARM_DESC(ap_max_inactivity, "AP timeout (in seconds) for station "
38 static int ap_bridge_packets[MAX_PARM_DEVICES] = { 1, DEF_INTS };
39 module_param_array(ap_bridge_packets, int, NULL, 0444);
40 MODULE_PARM_DESC(ap_bridge_packets, "Bridge packets directly between "
43 static int autom_ap_wds[MAX_PARM_DEVICES] = { 0, DEF_INTS };
44 module_param_array(autom_ap_wds, int, NULL, 0444);
45 MODULE_PARM_DESC(autom_ap_wds, "Add WDS connections to other APs "
49 static struct sta_info* ap_get_sta(struct ap_data *ap, u8 *sta);
50 static void hostap_event_expired_sta(struct net_device *dev,
51 struct sta_info *sta);
52 static void handle_add_proc_queue(struct work_struct *work);
54 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
55 static void handle_wds_oper_queue(struct work_struct *work);
56 static void prism2_send_mgmt(struct net_device *dev,
57 u16 type_subtype, char *body,
58 int body_len, u8 *addr, u16 tx_cb_idx);
59 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
62 #ifndef PRISM2_NO_PROCFS_DEBUG
63 static int ap_debug_proc_read(char *page, char **start, off_t off,
64 int count, int *eof, void *data)
67 struct ap_data *ap = (struct ap_data *) data;
74 p += sprintf(p, "BridgedUnicastFrames=%u\n", ap->bridged_unicast);
75 p += sprintf(p, "BridgedMulticastFrames=%u\n", ap->bridged_multicast);
76 p += sprintf(p, "max_inactivity=%u\n", ap->max_inactivity / HZ);
77 p += sprintf(p, "bridge_packets=%u\n", ap->bridge_packets);
78 p += sprintf(p, "nullfunc_ack=%u\n", ap->nullfunc_ack);
79 p += sprintf(p, "autom_ap_wds=%u\n", ap->autom_ap_wds);
80 p += sprintf(p, "auth_algs=%u\n", ap->local->auth_algs);
81 p += sprintf(p, "tx_drop_nonassoc=%u\n", ap->tx_drop_nonassoc);
85 #endif /* PRISM2_NO_PROCFS_DEBUG */
88 static void ap_sta_hash_add(struct ap_data *ap, struct sta_info *sta)
90 sta->hnext = ap->sta_hash[STA_HASH(sta->addr)];
91 ap->sta_hash[STA_HASH(sta->addr)] = sta;
94 static void ap_sta_hash_del(struct ap_data *ap, struct sta_info *sta)
98 s = ap->sta_hash[STA_HASH(sta->addr)];
99 if (s == NULL) return;
100 if (memcmp(s->addr, sta->addr, ETH_ALEN) == 0) {
101 ap->sta_hash[STA_HASH(sta->addr)] = s->hnext;
105 while (s->hnext != NULL && memcmp(s->hnext->addr, sta->addr, ETH_ALEN)
108 if (s->hnext != NULL)
109 s->hnext = s->hnext->hnext;
111 printk("AP: could not remove STA " MACSTR " from hash table\n",
115 static void ap_free_sta(struct ap_data *ap, struct sta_info *sta)
117 if (sta->ap && sta->local)
118 hostap_event_expired_sta(sta->local->dev, sta);
120 if (ap->proc != NULL) {
122 sprintf(name, MACSTR, MAC2STR(sta->addr));
123 remove_proc_entry(name, ap->proc);
127 sta->crypt->ops->deinit(sta->crypt->priv);
132 skb_queue_purge(&sta->tx_buf);
135 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
137 ap->sta_aid[sta->aid - 1] = NULL;
139 if (!sta->ap && sta->u.sta.challenge)
140 kfree(sta->u.sta.challenge);
141 del_timer(&sta->timer);
142 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
148 static void hostap_set_tim(local_info_t *local, int aid, int set)
150 if (local->func->set_tim)
151 local->func->set_tim(local->dev, aid, set);
155 static void hostap_event_new_sta(struct net_device *dev, struct sta_info *sta)
157 union iwreq_data wrqu;
158 memset(&wrqu, 0, sizeof(wrqu));
159 memcpy(wrqu.addr.sa_data, sta->addr, ETH_ALEN);
160 wrqu.addr.sa_family = ARPHRD_ETHER;
161 wireless_send_event(dev, IWEVREGISTERED, &wrqu, NULL);
165 static void hostap_event_expired_sta(struct net_device *dev,
166 struct sta_info *sta)
168 union iwreq_data wrqu;
169 memset(&wrqu, 0, sizeof(wrqu));
170 memcpy(wrqu.addr.sa_data, sta->addr, ETH_ALEN);
171 wrqu.addr.sa_family = ARPHRD_ETHER;
172 wireless_send_event(dev, IWEVEXPIRED, &wrqu, NULL);
176 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
178 static void ap_handle_timer(unsigned long data)
180 struct sta_info *sta = (struct sta_info *) data;
183 unsigned long next_time = 0;
186 if (sta == NULL || sta->local == NULL || sta->local->ap == NULL) {
187 PDEBUG(DEBUG_AP, "ap_handle_timer() called with NULL data\n");
193 was_assoc = sta->flags & WLAN_STA_ASSOC;
195 if (atomic_read(&sta->users) != 0)
196 next_time = jiffies + HZ;
197 else if ((sta->flags & WLAN_STA_PERM) && !(sta->flags & WLAN_STA_AUTH))
198 next_time = jiffies + ap->max_inactivity;
200 if (time_before(jiffies, sta->last_rx + ap->max_inactivity)) {
201 /* station activity detected; reset timeout state */
202 sta->timeout_next = STA_NULLFUNC;
203 next_time = sta->last_rx + ap->max_inactivity;
204 } else if (sta->timeout_next == STA_DISASSOC &&
205 !(sta->flags & WLAN_STA_PENDING_POLL)) {
206 /* STA ACKed data nullfunc frame poll */
207 sta->timeout_next = STA_NULLFUNC;
208 next_time = jiffies + ap->max_inactivity;
212 sta->timer.expires = next_time;
213 add_timer(&sta->timer);
218 sta->timeout_next = STA_DEAUTH;
220 if (sta->timeout_next == STA_DEAUTH && !(sta->flags & WLAN_STA_PERM)) {
221 spin_lock(&ap->sta_table_lock);
222 ap_sta_hash_del(ap, sta);
223 list_del(&sta->list);
224 spin_unlock(&ap->sta_table_lock);
225 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC);
226 } else if (sta->timeout_next == STA_DISASSOC)
227 sta->flags &= ~WLAN_STA_ASSOC;
229 if (was_assoc && !(sta->flags & WLAN_STA_ASSOC) && !sta->ap)
230 hostap_event_expired_sta(local->dev, sta);
232 if (sta->timeout_next == STA_DEAUTH && sta->aid > 0 &&
233 !skb_queue_empty(&sta->tx_buf)) {
234 hostap_set_tim(local, sta->aid, 0);
235 sta->flags &= ~WLAN_STA_TIM;
239 if (ap->autom_ap_wds) {
240 PDEBUG(DEBUG_AP, "%s: removing automatic WDS "
241 "connection to AP " MACSTR "\n",
242 local->dev->name, MAC2STR(sta->addr));
243 hostap_wds_link_oper(local, sta->addr, WDS_DEL);
245 } else if (sta->timeout_next == STA_NULLFUNC) {
246 /* send data frame to poll STA and check whether this frame
248 /* FIX: IEEE80211_STYPE_NULLFUNC would be more appropriate, but
249 * it is apparently not retried so TX Exc events are not
251 sta->flags |= WLAN_STA_PENDING_POLL;
252 prism2_send_mgmt(local->dev, IEEE80211_FTYPE_DATA |
253 IEEE80211_STYPE_DATA, NULL, 0,
254 sta->addr, ap->tx_callback_poll);
256 int deauth = sta->timeout_next == STA_DEAUTH;
258 PDEBUG(DEBUG_AP, "%s: sending %s info to STA " MACSTR
259 "(last=%lu, jiffies=%lu)\n",
261 deauth ? "deauthentication" : "disassociation",
262 MAC2STR(sta->addr), sta->last_rx, jiffies);
264 resp = cpu_to_le16(deauth ? WLAN_REASON_PREV_AUTH_NOT_VALID :
265 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY);
266 prism2_send_mgmt(local->dev, IEEE80211_FTYPE_MGMT |
267 (deauth ? IEEE80211_STYPE_DEAUTH :
268 IEEE80211_STYPE_DISASSOC),
269 (char *) &resp, 2, sta->addr, 0);
272 if (sta->timeout_next == STA_DEAUTH) {
273 if (sta->flags & WLAN_STA_PERM) {
274 PDEBUG(DEBUG_AP, "%s: STA " MACSTR " would have been "
275 "removed, but it has 'perm' flag\n",
276 local->dev->name, MAC2STR(sta->addr));
278 ap_free_sta(ap, sta);
282 if (sta->timeout_next == STA_NULLFUNC) {
283 sta->timeout_next = STA_DISASSOC;
284 sta->timer.expires = jiffies + AP_DISASSOC_DELAY;
286 sta->timeout_next = STA_DEAUTH;
287 sta->timer.expires = jiffies + AP_DEAUTH_DELAY;
290 add_timer(&sta->timer);
294 void hostap_deauth_all_stas(struct net_device *dev, struct ap_data *ap,
301 PDEBUG(DEBUG_AP, "%s: Deauthenticate all stations\n", dev->name);
302 memset(addr, 0xff, ETH_ALEN);
304 resp = __constant_cpu_to_le16(WLAN_REASON_PREV_AUTH_NOT_VALID);
306 /* deauth message sent; try to resend it few times; the message is
307 * broadcast, so it may be delayed until next DTIM; there is not much
308 * else we can do at this point since the driver is going to be shut
310 for (i = 0; i < 5; i++) {
311 prism2_send_mgmt(dev, IEEE80211_FTYPE_MGMT |
312 IEEE80211_STYPE_DEAUTH,
313 (char *) &resp, 2, addr, 0);
315 if (!resend || ap->num_sta <= 0)
323 static int ap_control_proc_read(char *page, char **start, off_t off,
324 int count, int *eof, void *data)
327 struct ap_data *ap = (struct ap_data *) data;
329 struct mac_entry *entry;
336 switch (ap->mac_restrictions.policy) {
337 case MAC_POLICY_OPEN:
340 case MAC_POLICY_ALLOW:
341 policy_txt = "allow";
343 case MAC_POLICY_DENY:
347 policy_txt = "unknown";
350 p += sprintf(p, "MAC policy: %s\n", policy_txt);
351 p += sprintf(p, "MAC entries: %u\n", ap->mac_restrictions.entries);
352 p += sprintf(p, "MAC list:\n");
353 spin_lock_bh(&ap->mac_restrictions.lock);
354 list_for_each_entry(entry, &ap->mac_restrictions.mac_list, list) {
355 if (p - page > PAGE_SIZE - 80) {
356 p += sprintf(p, "All entries did not fit one page.\n");
360 p += sprintf(p, MACSTR "\n", MAC2STR(entry->addr));
362 spin_unlock_bh(&ap->mac_restrictions.lock);
368 int ap_control_add_mac(struct mac_restrictions *mac_restrictions, u8 *mac)
370 struct mac_entry *entry;
372 entry = kmalloc(sizeof(struct mac_entry), GFP_KERNEL);
376 memcpy(entry->addr, mac, ETH_ALEN);
378 spin_lock_bh(&mac_restrictions->lock);
379 list_add_tail(&entry->list, &mac_restrictions->mac_list);
380 mac_restrictions->entries++;
381 spin_unlock_bh(&mac_restrictions->lock);
387 int ap_control_del_mac(struct mac_restrictions *mac_restrictions, u8 *mac)
389 struct list_head *ptr;
390 struct mac_entry *entry;
392 spin_lock_bh(&mac_restrictions->lock);
393 for (ptr = mac_restrictions->mac_list.next;
394 ptr != &mac_restrictions->mac_list; ptr = ptr->next) {
395 entry = list_entry(ptr, struct mac_entry, list);
397 if (memcmp(entry->addr, mac, ETH_ALEN) == 0) {
400 mac_restrictions->entries--;
401 spin_unlock_bh(&mac_restrictions->lock);
405 spin_unlock_bh(&mac_restrictions->lock);
410 static int ap_control_mac_deny(struct mac_restrictions *mac_restrictions,
413 struct mac_entry *entry;
416 if (mac_restrictions->policy == MAC_POLICY_OPEN)
419 spin_lock_bh(&mac_restrictions->lock);
420 list_for_each_entry(entry, &mac_restrictions->mac_list, list) {
421 if (memcmp(entry->addr, mac, ETH_ALEN) == 0) {
426 spin_unlock_bh(&mac_restrictions->lock);
428 if (mac_restrictions->policy == MAC_POLICY_ALLOW)
435 void ap_control_flush_macs(struct mac_restrictions *mac_restrictions)
437 struct list_head *ptr, *n;
438 struct mac_entry *entry;
440 if (mac_restrictions->entries == 0)
443 spin_lock_bh(&mac_restrictions->lock);
444 for (ptr = mac_restrictions->mac_list.next, n = ptr->next;
445 ptr != &mac_restrictions->mac_list;
446 ptr = n, n = ptr->next) {
447 entry = list_entry(ptr, struct mac_entry, list);
451 mac_restrictions->entries = 0;
452 spin_unlock_bh(&mac_restrictions->lock);
456 int ap_control_kick_mac(struct ap_data *ap, struct net_device *dev, u8 *mac)
458 struct sta_info *sta;
461 spin_lock_bh(&ap->sta_table_lock);
462 sta = ap_get_sta(ap, mac);
464 ap_sta_hash_del(ap, sta);
465 list_del(&sta->list);
467 spin_unlock_bh(&ap->sta_table_lock);
472 resp = cpu_to_le16(WLAN_REASON_PREV_AUTH_NOT_VALID);
473 prism2_send_mgmt(dev, IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_DEAUTH,
474 (char *) &resp, 2, sta->addr, 0);
476 if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap)
477 hostap_event_expired_sta(dev, sta);
479 ap_free_sta(ap, sta);
484 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
487 void ap_control_kickall(struct ap_data *ap)
489 struct list_head *ptr, *n;
490 struct sta_info *sta;
492 spin_lock_bh(&ap->sta_table_lock);
493 for (ptr = ap->sta_list.next, n = ptr->next; ptr != &ap->sta_list;
494 ptr = n, n = ptr->next) {
495 sta = list_entry(ptr, struct sta_info, list);
496 ap_sta_hash_del(ap, sta);
497 list_del(&sta->list);
498 if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap && sta->local)
499 hostap_event_expired_sta(sta->local->dev, sta);
500 ap_free_sta(ap, sta);
502 spin_unlock_bh(&ap->sta_table_lock);
506 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
508 #define PROC_LIMIT (PAGE_SIZE - 80)
510 static int prism2_ap_proc_read(char *page, char **start, off_t off,
511 int count, int *eof, void *data)
514 struct ap_data *ap = (struct ap_data *) data;
515 struct sta_info *sta;
518 if (off > PROC_LIMIT) {
523 p += sprintf(p, "# BSSID CHAN SIGNAL NOISE RATE SSID FLAGS\n");
524 spin_lock_bh(&ap->sta_table_lock);
525 list_for_each_entry(sta, &ap->sta_list, list) {
529 p += sprintf(p, MACSTR " %d %d %d %d '", MAC2STR(sta->addr),
530 sta->u.ap.channel, sta->last_rx_signal,
531 sta->last_rx_silence, sta->last_rx_rate);
532 for (i = 0; i < sta->u.ap.ssid_len; i++)
533 p += sprintf(p, ((sta->u.ap.ssid[i] >= 32 &&
534 sta->u.ap.ssid[i] < 127) ?
537 p += sprintf(p, "'");
538 if (sta->capability & WLAN_CAPABILITY_ESS)
539 p += sprintf(p, " [ESS]");
540 if (sta->capability & WLAN_CAPABILITY_IBSS)
541 p += sprintf(p, " [IBSS]");
542 if (sta->capability & WLAN_CAPABILITY_PRIVACY)
543 p += sprintf(p, " [WEP]");
544 p += sprintf(p, "\n");
546 if ((p - page) > PROC_LIMIT) {
547 printk(KERN_DEBUG "hostap: ap proc did not fit\n");
551 spin_unlock_bh(&ap->sta_table_lock);
553 if ((p - page) <= off) {
560 return (p - page - off);
562 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
565 void hostap_check_sta_fw_version(struct ap_data *ap, int sta_fw_ver)
570 if (sta_fw_ver == PRISM2_FW_VER(0,8,0)) {
571 PDEBUG(DEBUG_AP, "Using data::nullfunc ACK workaround - "
572 "firmware upgrade recommended\n");
573 ap->nullfunc_ack = 1;
575 ap->nullfunc_ack = 0;
577 if (sta_fw_ver == PRISM2_FW_VER(1,4,2)) {
578 printk(KERN_WARNING "%s: Warning: secondary station firmware "
579 "version 1.4.2 does not seem to work in Host AP mode\n",
580 ap->local->dev->name);
585 /* Called only as a tasklet (software IRQ) */
586 static void hostap_ap_tx_cb(struct sk_buff *skb, int ok, void *data)
588 struct ap_data *ap = data;
590 struct ieee80211_hdr_4addr *hdr;
592 if (!ap->local->hostapd || !ap->local->apdev) {
597 hdr = (struct ieee80211_hdr_4addr *) skb->data;
598 fc = le16_to_cpu(hdr->frame_ctl);
600 /* Pass the TX callback frame to the hostapd; use 802.11 header version
601 * 1 to indicate failure (no ACK) and 2 success (frame ACKed) */
603 fc &= ~IEEE80211_FCTL_VERS;
604 fc |= ok ? BIT(1) : BIT(0);
605 hdr->frame_ctl = cpu_to_le16(fc);
607 skb->dev = ap->local->apdev;
608 skb_pull(skb, hostap_80211_get_hdrlen(fc));
609 skb->pkt_type = PACKET_OTHERHOST;
610 skb->protocol = __constant_htons(ETH_P_802_2);
611 memset(skb->cb, 0, sizeof(skb->cb));
616 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
617 /* Called only as a tasklet (software IRQ) */
618 static void hostap_ap_tx_cb_auth(struct sk_buff *skb, int ok, void *data)
620 struct ap_data *ap = data;
621 struct net_device *dev = ap->local->dev;
622 struct ieee80211_hdr_4addr *hdr;
623 u16 fc, *pos, auth_alg, auth_transaction, status;
624 struct sta_info *sta = NULL;
627 if (ap->local->hostapd) {
632 hdr = (struct ieee80211_hdr_4addr *) skb->data;
633 fc = le16_to_cpu(hdr->frame_ctl);
634 if (WLAN_FC_GET_TYPE(fc) != IEEE80211_FTYPE_MGMT ||
635 WLAN_FC_GET_STYPE(fc) != IEEE80211_STYPE_AUTH ||
636 skb->len < IEEE80211_MGMT_HDR_LEN + 6) {
637 printk(KERN_DEBUG "%s: hostap_ap_tx_cb_auth received invalid "
638 "frame\n", dev->name);
643 pos = (u16 *) (skb->data + IEEE80211_MGMT_HDR_LEN);
644 auth_alg = le16_to_cpu(*pos++);
645 auth_transaction = le16_to_cpu(*pos++);
646 status = le16_to_cpu(*pos++);
649 txt = "frame was not ACKed";
653 spin_lock(&ap->sta_table_lock);
654 sta = ap_get_sta(ap, hdr->addr1);
656 atomic_inc(&sta->users);
657 spin_unlock(&ap->sta_table_lock);
660 txt = "STA not found";
664 if (status == WLAN_STATUS_SUCCESS &&
665 ((auth_alg == WLAN_AUTH_OPEN && auth_transaction == 2) ||
666 (auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 4))) {
667 txt = "STA authenticated";
668 sta->flags |= WLAN_STA_AUTH;
669 sta->last_auth = jiffies;
670 } else if (status != WLAN_STATUS_SUCCESS)
671 txt = "authentication failed";
675 atomic_dec(&sta->users);
677 PDEBUG(DEBUG_AP, "%s: " MACSTR " auth_cb - alg=%d trans#=%d "
679 dev->name, MAC2STR(hdr->addr1), auth_alg,
680 auth_transaction, status, txt);
686 /* Called only as a tasklet (software IRQ) */
687 static void hostap_ap_tx_cb_assoc(struct sk_buff *skb, int ok, void *data)
689 struct ap_data *ap = data;
690 struct net_device *dev = ap->local->dev;
691 struct ieee80211_hdr_4addr *hdr;
692 u16 fc, *pos, status;
693 struct sta_info *sta = NULL;
696 if (ap->local->hostapd) {
701 hdr = (struct ieee80211_hdr_4addr *) skb->data;
702 fc = le16_to_cpu(hdr->frame_ctl);
703 if (WLAN_FC_GET_TYPE(fc) != IEEE80211_FTYPE_MGMT ||
704 (WLAN_FC_GET_STYPE(fc) != IEEE80211_STYPE_ASSOC_RESP &&
705 WLAN_FC_GET_STYPE(fc) != IEEE80211_STYPE_REASSOC_RESP) ||
706 skb->len < IEEE80211_MGMT_HDR_LEN + 4) {
707 printk(KERN_DEBUG "%s: hostap_ap_tx_cb_assoc received invalid "
708 "frame\n", dev->name);
714 txt = "frame was not ACKed";
718 spin_lock(&ap->sta_table_lock);
719 sta = ap_get_sta(ap, hdr->addr1);
721 atomic_inc(&sta->users);
722 spin_unlock(&ap->sta_table_lock);
725 txt = "STA not found";
729 pos = (u16 *) (skb->data + IEEE80211_MGMT_HDR_LEN);
731 status = le16_to_cpu(*pos++);
732 if (status == WLAN_STATUS_SUCCESS) {
733 if (!(sta->flags & WLAN_STA_ASSOC))
734 hostap_event_new_sta(dev, sta);
735 txt = "STA associated";
736 sta->flags |= WLAN_STA_ASSOC;
737 sta->last_assoc = jiffies;
739 txt = "association failed";
743 atomic_dec(&sta->users);
745 PDEBUG(DEBUG_AP, "%s: " MACSTR " assoc_cb - %s\n",
746 dev->name, MAC2STR(hdr->addr1), txt);
751 /* Called only as a tasklet (software IRQ); TX callback for poll frames used
752 * in verifying whether the STA is still present. */
753 static void hostap_ap_tx_cb_poll(struct sk_buff *skb, int ok, void *data)
755 struct ap_data *ap = data;
756 struct ieee80211_hdr_4addr *hdr;
757 struct sta_info *sta;
761 hdr = (struct ieee80211_hdr_4addr *) skb->data;
763 spin_lock(&ap->sta_table_lock);
764 sta = ap_get_sta(ap, hdr->addr1);
766 sta->flags &= ~WLAN_STA_PENDING_POLL;
767 spin_unlock(&ap->sta_table_lock);
769 PDEBUG(DEBUG_AP, "%s: STA " MACSTR " did not ACK activity "
770 "poll frame\n", ap->local->dev->name,
771 MAC2STR(hdr->addr1));
777 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
780 void hostap_init_data(local_info_t *local)
782 struct ap_data *ap = local->ap;
785 printk(KERN_WARNING "hostap_init_data: ap == NULL\n");
788 memset(ap, 0, sizeof(struct ap_data));
791 ap->ap_policy = GET_INT_PARM(other_ap_policy, local->card_idx);
792 ap->bridge_packets = GET_INT_PARM(ap_bridge_packets, local->card_idx);
794 GET_INT_PARM(ap_max_inactivity, local->card_idx) * HZ;
795 ap->autom_ap_wds = GET_INT_PARM(autom_ap_wds, local->card_idx);
797 spin_lock_init(&ap->sta_table_lock);
798 INIT_LIST_HEAD(&ap->sta_list);
800 /* Initialize task queue structure for AP management */
801 INIT_WORK(&local->ap->add_sta_proc_queue, handle_add_proc_queue);
803 ap->tx_callback_idx =
804 hostap_tx_callback_register(local, hostap_ap_tx_cb, ap);
805 if (ap->tx_callback_idx == 0)
806 printk(KERN_WARNING "%s: failed to register TX callback for "
807 "AP\n", local->dev->name);
808 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
809 INIT_WORK(&local->ap->wds_oper_queue, handle_wds_oper_queue);
811 ap->tx_callback_auth =
812 hostap_tx_callback_register(local, hostap_ap_tx_cb_auth, ap);
813 ap->tx_callback_assoc =
814 hostap_tx_callback_register(local, hostap_ap_tx_cb_assoc, ap);
815 ap->tx_callback_poll =
816 hostap_tx_callback_register(local, hostap_ap_tx_cb_poll, ap);
817 if (ap->tx_callback_auth == 0 || ap->tx_callback_assoc == 0 ||
818 ap->tx_callback_poll == 0)
819 printk(KERN_WARNING "%s: failed to register TX callback for "
820 "AP\n", local->dev->name);
822 spin_lock_init(&ap->mac_restrictions.lock);
823 INIT_LIST_HEAD(&ap->mac_restrictions.mac_list);
824 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
830 void hostap_init_ap_proc(local_info_t *local)
832 struct ap_data *ap = local->ap;
834 ap->proc = local->proc;
835 if (ap->proc == NULL)
838 #ifndef PRISM2_NO_PROCFS_DEBUG
839 create_proc_read_entry("ap_debug", 0, ap->proc,
840 ap_debug_proc_read, ap);
841 #endif /* PRISM2_NO_PROCFS_DEBUG */
843 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
844 create_proc_read_entry("ap_control", 0, ap->proc,
845 ap_control_proc_read, ap);
846 create_proc_read_entry("ap", 0, ap->proc,
847 prism2_ap_proc_read, ap);
848 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
853 void hostap_free_data(struct ap_data *ap)
855 struct sta_info *n, *sta;
857 if (ap == NULL || !ap->initialized) {
858 printk(KERN_DEBUG "hostap_free_data: ap has not yet been "
859 "initialized - skip resource freeing\n");
863 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
865 ap->crypt->deinit(ap->crypt_priv);
866 ap->crypt = ap->crypt_priv = NULL;
867 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
869 list_for_each_entry_safe(sta, n, &ap->sta_list, list) {
870 ap_sta_hash_del(ap, sta);
871 list_del(&sta->list);
872 if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap && sta->local)
873 hostap_event_expired_sta(sta->local->dev, sta);
874 ap_free_sta(ap, sta);
877 #ifndef PRISM2_NO_PROCFS_DEBUG
878 if (ap->proc != NULL) {
879 remove_proc_entry("ap_debug", ap->proc);
881 #endif /* PRISM2_NO_PROCFS_DEBUG */
883 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
884 if (ap->proc != NULL) {
885 remove_proc_entry("ap", ap->proc);
886 remove_proc_entry("ap_control", ap->proc);
888 ap_control_flush_macs(&ap->mac_restrictions);
889 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
895 /* caller should have mutex for AP STA list handling */
896 static struct sta_info* ap_get_sta(struct ap_data *ap, u8 *sta)
900 s = ap->sta_hash[STA_HASH(sta)];
901 while (s != NULL && memcmp(s->addr, sta, ETH_ALEN) != 0)
907 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
909 /* Called from timer handler and from scheduled AP queue handlers */
910 static void prism2_send_mgmt(struct net_device *dev,
911 u16 type_subtype, char *body,
912 int body_len, u8 *addr, u16 tx_cb_idx)
914 struct hostap_interface *iface;
916 struct ieee80211_hdr_4addr *hdr;
919 struct hostap_skb_tx_data *meta;
922 iface = netdev_priv(dev);
923 local = iface->local;
924 dev = local->dev; /* always use master radio device */
925 iface = netdev_priv(dev);
927 if (!(dev->flags & IFF_UP)) {
928 PDEBUG(DEBUG_AP, "%s: prism2_send_mgmt - device is not UP - "
929 "cannot send frame\n", dev->name);
933 skb = dev_alloc_skb(sizeof(*hdr) + body_len);
935 PDEBUG(DEBUG_AP, "%s: prism2_send_mgmt failed to allocate "
941 hdrlen = hostap_80211_get_hdrlen(fc);
942 hdr = (struct ieee80211_hdr_4addr *) skb_put(skb, hdrlen);
944 memcpy(skb_put(skb, body_len), body, body_len);
946 memset(hdr, 0, hdrlen);
948 /* FIX: ctrl::ack sending used special HFA384X_TX_CTRL_802_11
949 * tx_control instead of using local->tx_control */
952 memcpy(hdr->addr1, addr, ETH_ALEN); /* DA / RA */
953 if (WLAN_FC_GET_TYPE(fc) == IEEE80211_FTYPE_DATA) {
954 fc |= IEEE80211_FCTL_FROMDS;
955 memcpy(hdr->addr2, dev->dev_addr, ETH_ALEN); /* BSSID */
956 memcpy(hdr->addr3, dev->dev_addr, ETH_ALEN); /* SA */
957 } else if (WLAN_FC_GET_TYPE(fc) == IEEE80211_FTYPE_CTL) {
958 /* control:ACK does not have addr2 or addr3 */
959 memset(hdr->addr2, 0, ETH_ALEN);
960 memset(hdr->addr3, 0, ETH_ALEN);
962 memcpy(hdr->addr2, dev->dev_addr, ETH_ALEN); /* SA */
963 memcpy(hdr->addr3, dev->dev_addr, ETH_ALEN); /* BSSID */
966 hdr->frame_ctl = cpu_to_le16(fc);
968 meta = (struct hostap_skb_tx_data *) skb->cb;
969 memset(meta, 0, sizeof(*meta));
970 meta->magic = HOSTAP_SKB_TX_DATA_MAGIC;
972 meta->tx_cb_idx = tx_cb_idx;
975 skb_reset_mac_header(skb);
976 skb_reset_network_header(skb);
979 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
982 static int prism2_sta_proc_read(char *page, char **start, off_t off,
983 int count, int *eof, void *data)
986 struct sta_info *sta = (struct sta_info *) data;
989 /* FIX: possible race condition.. the STA data could have just expired,
990 * but proc entry was still here so that the read could have started;
991 * some locking should be done here.. */
998 p += sprintf(p, "%s=" MACSTR "\nusers=%d\naid=%d\n"
999 "flags=0x%04x%s%s%s%s%s%s%s\n"
1000 "capability=0x%02x\nlisten_interval=%d\nsupported_rates=",
1001 sta->ap ? "AP" : "STA",
1002 MAC2STR(sta->addr), atomic_read(&sta->users), sta->aid,
1004 sta->flags & WLAN_STA_AUTH ? " AUTH" : "",
1005 sta->flags & WLAN_STA_ASSOC ? " ASSOC" : "",
1006 sta->flags & WLAN_STA_PS ? " PS" : "",
1007 sta->flags & WLAN_STA_TIM ? " TIM" : "",
1008 sta->flags & WLAN_STA_PERM ? " PERM" : "",
1009 sta->flags & WLAN_STA_AUTHORIZED ? " AUTHORIZED" : "",
1010 sta->flags & WLAN_STA_PENDING_POLL ? " POLL" : "",
1011 sta->capability, sta->listen_interval);
1012 /* supported_rates: 500 kbit/s units with msb ignored */
1013 for (i = 0; i < sizeof(sta->supported_rates); i++)
1014 if (sta->supported_rates[i] != 0)
1015 p += sprintf(p, "%d%sMbps ",
1016 (sta->supported_rates[i] & 0x7f) / 2,
1017 sta->supported_rates[i] & 1 ? ".5" : "");
1018 p += sprintf(p, "\njiffies=%lu\nlast_auth=%lu\nlast_assoc=%lu\n"
1019 "last_rx=%lu\nlast_tx=%lu\nrx_packets=%lu\n"
1021 "rx_bytes=%lu\ntx_bytes=%lu\nbuffer_count=%d\n"
1022 "last_rx: silence=%d dBm signal=%d dBm rate=%d%s Mbps\n"
1023 "tx_rate=%d\ntx[1M]=%d\ntx[2M]=%d\ntx[5.5M]=%d\n"
1025 "rx[1M]=%d\nrx[2M]=%d\nrx[5.5M]=%d\nrx[11M]=%d\n",
1026 jiffies, sta->last_auth, sta->last_assoc, sta->last_rx,
1028 sta->rx_packets, sta->tx_packets, sta->rx_bytes,
1029 sta->tx_bytes, skb_queue_len(&sta->tx_buf),
1030 sta->last_rx_silence,
1031 sta->last_rx_signal, sta->last_rx_rate / 10,
1032 sta->last_rx_rate % 10 ? ".5" : "",
1033 sta->tx_rate, sta->tx_count[0], sta->tx_count[1],
1034 sta->tx_count[2], sta->tx_count[3], sta->rx_count[0],
1035 sta->rx_count[1], sta->rx_count[2], sta->rx_count[3]);
1036 if (sta->crypt && sta->crypt->ops && sta->crypt->ops->print_stats)
1037 p = sta->crypt->ops->print_stats(p, sta->crypt->priv);
1038 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
1040 if (sta->u.ap.channel >= 0)
1041 p += sprintf(p, "channel=%d\n", sta->u.ap.channel);
1042 p += sprintf(p, "ssid=");
1043 for (i = 0; i < sta->u.ap.ssid_len; i++)
1044 p += sprintf(p, ((sta->u.ap.ssid[i] >= 32 &&
1045 sta->u.ap.ssid[i] < 127) ?
1048 p += sprintf(p, "\n");
1050 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
1056 static void handle_add_proc_queue(struct work_struct *work)
1058 struct ap_data *ap = container_of(work, struct ap_data,
1059 add_sta_proc_queue);
1060 struct sta_info *sta;
1062 struct add_sta_proc_data *entry, *prev;
1064 entry = ap->add_sta_proc_entries;
1065 ap->add_sta_proc_entries = NULL;
1068 spin_lock_bh(&ap->sta_table_lock);
1069 sta = ap_get_sta(ap, entry->addr);
1071 atomic_inc(&sta->users);
1072 spin_unlock_bh(&ap->sta_table_lock);
1075 sprintf(name, MACSTR, MAC2STR(sta->addr));
1076 sta->proc = create_proc_read_entry(
1078 prism2_sta_proc_read, sta);
1080 atomic_dec(&sta->users);
1084 entry = entry->next;
1090 static struct sta_info * ap_add_sta(struct ap_data *ap, u8 *addr)
1092 struct sta_info *sta;
1094 sta = kzalloc(sizeof(struct sta_info), GFP_ATOMIC);
1096 PDEBUG(DEBUG_AP, "AP: kmalloc failed\n");
1100 /* initialize STA info data */
1101 sta->local = ap->local;
1102 skb_queue_head_init(&sta->tx_buf);
1103 memcpy(sta->addr, addr, ETH_ALEN);
1105 atomic_inc(&sta->users);
1106 spin_lock_bh(&ap->sta_table_lock);
1107 list_add(&sta->list, &ap->sta_list);
1109 ap_sta_hash_add(ap, sta);
1110 spin_unlock_bh(&ap->sta_table_lock);
1113 struct add_sta_proc_data *entry;
1114 /* schedule a non-interrupt context process to add a procfs
1115 * entry for the STA since procfs code use GFP_KERNEL */
1116 entry = kmalloc(sizeof(*entry), GFP_ATOMIC);
1118 memcpy(entry->addr, sta->addr, ETH_ALEN);
1119 entry->next = ap->add_sta_proc_entries;
1120 ap->add_sta_proc_entries = entry;
1121 schedule_work(&ap->add_sta_proc_queue);
1123 printk(KERN_DEBUG "Failed to add STA proc data\n");
1126 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
1127 init_timer(&sta->timer);
1128 sta->timer.expires = jiffies + ap->max_inactivity;
1129 sta->timer.data = (unsigned long) sta;
1130 sta->timer.function = ap_handle_timer;
1131 if (!ap->local->hostapd)
1132 add_timer(&sta->timer);
1133 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
1139 static int ap_tx_rate_ok(int rateidx, struct sta_info *sta,
1140 local_info_t *local)
1142 if (rateidx > sta->tx_max_rate ||
1143 !(sta->tx_supp_rates & (1 << rateidx)))
1146 if (local->tx_rate_control != 0 &&
1147 !(local->tx_rate_control & (1 << rateidx)))
1154 static void prism2_check_tx_rates(struct sta_info *sta)
1158 sta->tx_supp_rates = 0;
1159 for (i = 0; i < sizeof(sta->supported_rates); i++) {
1160 if ((sta->supported_rates[i] & 0x7f) == 2)
1161 sta->tx_supp_rates |= WLAN_RATE_1M;
1162 if ((sta->supported_rates[i] & 0x7f) == 4)
1163 sta->tx_supp_rates |= WLAN_RATE_2M;
1164 if ((sta->supported_rates[i] & 0x7f) == 11)
1165 sta->tx_supp_rates |= WLAN_RATE_5M5;
1166 if ((sta->supported_rates[i] & 0x7f) == 22)
1167 sta->tx_supp_rates |= WLAN_RATE_11M;
1169 sta->tx_max_rate = sta->tx_rate = sta->tx_rate_idx = 0;
1170 if (sta->tx_supp_rates & WLAN_RATE_1M) {
1171 sta->tx_max_rate = 0;
1172 if (ap_tx_rate_ok(0, sta, sta->local)) {
1174 sta->tx_rate_idx = 0;
1177 if (sta->tx_supp_rates & WLAN_RATE_2M) {
1178 sta->tx_max_rate = 1;
1179 if (ap_tx_rate_ok(1, sta, sta->local)) {
1181 sta->tx_rate_idx = 1;
1184 if (sta->tx_supp_rates & WLAN_RATE_5M5) {
1185 sta->tx_max_rate = 2;
1186 if (ap_tx_rate_ok(2, sta, sta->local)) {
1188 sta->tx_rate_idx = 2;
1191 if (sta->tx_supp_rates & WLAN_RATE_11M) {
1192 sta->tx_max_rate = 3;
1193 if (ap_tx_rate_ok(3, sta, sta->local)) {
1195 sta->tx_rate_idx = 3;
1201 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
1203 static void ap_crypt_init(struct ap_data *ap)
1205 ap->crypt = ieee80211_get_crypto_ops("WEP");
1208 if (ap->crypt->init) {
1209 ap->crypt_priv = ap->crypt->init(0);
1210 if (ap->crypt_priv == NULL)
1213 u8 key[WEP_KEY_LEN];
1214 get_random_bytes(key, WEP_KEY_LEN);
1215 ap->crypt->set_key(key, WEP_KEY_LEN, NULL,
1221 if (ap->crypt == NULL) {
1222 printk(KERN_WARNING "AP could not initialize WEP: load module "
1223 "ieee80211_crypt_wep.ko\n");
1228 /* Generate challenge data for shared key authentication. IEEE 802.11 specifies
1229 * that WEP algorithm is used for generating challange. This should be unique,
1230 * but otherwise there is not really need for randomness etc. Initialize WEP
1231 * with pseudo random key and then use increasing IV to get unique challenge
1234 * Called only as a scheduled task for pending AP frames.
1236 static char * ap_auth_make_challenge(struct ap_data *ap)
1239 struct sk_buff *skb;
1241 if (ap->crypt == NULL) {
1243 if (ap->crypt == NULL)
1247 tmpbuf = kmalloc(WLAN_AUTH_CHALLENGE_LEN, GFP_ATOMIC);
1248 if (tmpbuf == NULL) {
1249 PDEBUG(DEBUG_AP, "AP: kmalloc failed for challenge\n");
1253 skb = dev_alloc_skb(WLAN_AUTH_CHALLENGE_LEN +
1254 ap->crypt->extra_mpdu_prefix_len +
1255 ap->crypt->extra_mpdu_postfix_len);
1261 skb_reserve(skb, ap->crypt->extra_mpdu_prefix_len);
1262 memset(skb_put(skb, WLAN_AUTH_CHALLENGE_LEN), 0,
1263 WLAN_AUTH_CHALLENGE_LEN);
1264 if (ap->crypt->encrypt_mpdu(skb, 0, ap->crypt_priv)) {
1270 skb_copy_from_linear_data_offset(skb, ap->crypt->extra_mpdu_prefix_len,
1271 tmpbuf, WLAN_AUTH_CHALLENGE_LEN);
1278 /* Called only as a scheduled task for pending AP frames. */
1279 static void handle_authen(local_info_t *local, struct sk_buff *skb,
1280 struct hostap_80211_rx_status *rx_stats)
1282 struct net_device *dev = local->dev;
1283 struct ieee80211_hdr_4addr *hdr = (struct ieee80211_hdr_4addr *) skb->data;
1285 struct ap_data *ap = local->ap;
1286 char body[8 + WLAN_AUTH_CHALLENGE_LEN], *challenge = NULL;
1288 u16 auth_alg, auth_transaction, status_code, *pos;
1289 u16 resp = WLAN_STATUS_SUCCESS, fc;
1290 struct sta_info *sta = NULL;
1291 struct ieee80211_crypt_data *crypt;
1294 len = skb->len - IEEE80211_MGMT_HDR_LEN;
1296 fc = le16_to_cpu(hdr->frame_ctl);
1297 hdrlen = hostap_80211_get_hdrlen(fc);
1300 PDEBUG(DEBUG_AP, "%s: handle_authen - too short payload "
1301 "(len=%d) from " MACSTR "\n", dev->name, len,
1302 MAC2STR(hdr->addr2));
1306 spin_lock_bh(&local->ap->sta_table_lock);
1307 sta = ap_get_sta(local->ap, hdr->addr2);
1309 atomic_inc(&sta->users);
1310 spin_unlock_bh(&local->ap->sta_table_lock);
1312 if (sta && sta->crypt)
1316 if (skb->len >= hdrlen + 3)
1317 idx = skb->data[hdrlen + 3] >> 6;
1318 crypt = local->crypt[idx];
1321 pos = (u16 *) (skb->data + IEEE80211_MGMT_HDR_LEN);
1322 auth_alg = __le16_to_cpu(*pos);
1324 auth_transaction = __le16_to_cpu(*pos);
1326 status_code = __le16_to_cpu(*pos);
1329 if (memcmp(dev->dev_addr, hdr->addr2, ETH_ALEN) == 0 ||
1330 ap_control_mac_deny(&ap->mac_restrictions, hdr->addr2)) {
1331 txt = "authentication denied";
1332 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1336 if (((local->auth_algs & PRISM2_AUTH_OPEN) &&
1337 auth_alg == WLAN_AUTH_OPEN) ||
1338 ((local->auth_algs & PRISM2_AUTH_SHARED_KEY) &&
1339 crypt && auth_alg == WLAN_AUTH_SHARED_KEY)) {
1341 txt = "unsupported algorithm";
1342 resp = WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG;
1348 if (*u == WLAN_EID_CHALLENGE) {
1349 if (*(u + 1) != WLAN_AUTH_CHALLENGE_LEN) {
1350 txt = "invalid challenge len";
1351 resp = WLAN_STATUS_CHALLENGE_FAIL;
1354 if (len - 8 < WLAN_AUTH_CHALLENGE_LEN) {
1355 txt = "challenge underflow";
1356 resp = WLAN_STATUS_CHALLENGE_FAIL;
1359 challenge = (char *) (u + 2);
1363 if (sta && sta->ap) {
1364 if (time_after(jiffies, sta->u.ap.last_beacon +
1365 (10 * sta->listen_interval * HZ) / 1024)) {
1366 PDEBUG(DEBUG_AP, "%s: no beacons received for a while,"
1367 " assuming AP " MACSTR " is now STA\n",
1368 dev->name, MAC2STR(sta->addr));
1371 sta->u.sta.challenge = NULL;
1373 txt = "AP trying to authenticate?";
1374 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1379 if ((auth_alg == WLAN_AUTH_OPEN && auth_transaction == 1) ||
1380 (auth_alg == WLAN_AUTH_SHARED_KEY &&
1381 (auth_transaction == 1 ||
1382 (auth_transaction == 3 && sta != NULL &&
1383 sta->u.sta.challenge != NULL)))) {
1385 txt = "unknown authentication transaction number";
1386 resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION;
1393 if (local->ap->num_sta >= MAX_STA_COUNT) {
1394 /* FIX: might try to remove some old STAs first? */
1395 txt = "no more room for new STAs";
1396 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1400 sta = ap_add_sta(local->ap, hdr->addr2);
1402 txt = "ap_add_sta failed";
1403 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1409 case WLAN_AUTH_OPEN:
1411 /* IEEE 802.11 standard is not completely clear about
1412 * whether STA is considered authenticated after
1413 * authentication OK frame has been send or after it
1414 * has been ACKed. In order to reduce interoperability
1415 * issues, mark the STA authenticated before ACK. */
1416 sta->flags |= WLAN_STA_AUTH;
1419 case WLAN_AUTH_SHARED_KEY:
1420 if (auth_transaction == 1) {
1421 if (sta->u.sta.challenge == NULL) {
1422 sta->u.sta.challenge =
1423 ap_auth_make_challenge(local->ap);
1424 if (sta->u.sta.challenge == NULL) {
1425 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1430 if (sta->u.sta.challenge == NULL ||
1431 challenge == NULL ||
1432 memcmp(sta->u.sta.challenge, challenge,
1433 WLAN_AUTH_CHALLENGE_LEN) != 0 ||
1434 !(fc & IEEE80211_FCTL_PROTECTED)) {
1435 txt = "challenge response incorrect";
1436 resp = WLAN_STATUS_CHALLENGE_FAIL;
1440 txt = "challenge OK - authOK";
1441 /* IEEE 802.11 standard is not completely clear about
1442 * whether STA is considered authenticated after
1443 * authentication OK frame has been send or after it
1444 * has been ACKed. In order to reduce interoperability
1445 * issues, mark the STA authenticated before ACK. */
1446 sta->flags |= WLAN_STA_AUTH;
1447 kfree(sta->u.sta.challenge);
1448 sta->u.sta.challenge = NULL;
1455 *pos = cpu_to_le16(auth_alg);
1457 *pos = cpu_to_le16(auth_transaction + 1);
1459 *pos = cpu_to_le16(resp); /* status_code */
1463 if (resp == WLAN_STATUS_SUCCESS && sta != NULL &&
1464 sta->u.sta.challenge != NULL &&
1465 auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 1) {
1466 u8 *tmp = (u8 *) pos;
1467 *tmp++ = WLAN_EID_CHALLENGE;
1468 *tmp++ = WLAN_AUTH_CHALLENGE_LEN;
1470 memcpy(pos, sta->u.sta.challenge, WLAN_AUTH_CHALLENGE_LEN);
1471 olen += 2 + WLAN_AUTH_CHALLENGE_LEN;
1474 prism2_send_mgmt(dev, IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_AUTH,
1475 body, olen, hdr->addr2, ap->tx_callback_auth);
1478 sta->last_rx = jiffies;
1479 atomic_dec(&sta->users);
1483 PDEBUG(DEBUG_AP, "%s: " MACSTR " auth (alg=%d trans#=%d "
1484 "stat=%d len=%d fc=%04x) ==> %d (%s)\n",
1485 dev->name, MAC2STR(hdr->addr2), auth_alg,
1486 auth_transaction, status_code, len, fc, resp, txt);
1491 /* Called only as a scheduled task for pending AP frames. */
1492 static void handle_assoc(local_info_t *local, struct sk_buff *skb,
1493 struct hostap_80211_rx_status *rx_stats, int reassoc)
1495 struct net_device *dev = local->dev;
1496 struct ieee80211_hdr_4addr *hdr = (struct ieee80211_hdr_4addr *) skb->data;
1497 char body[12], *p, *lpos;
1500 u16 resp = WLAN_STATUS_SUCCESS;
1501 struct sta_info *sta = NULL;
1502 int send_deauth = 0;
1504 u8 prev_ap[ETH_ALEN];
1506 left = len = skb->len - IEEE80211_MGMT_HDR_LEN;
1508 if (len < (reassoc ? 10 : 4)) {
1509 PDEBUG(DEBUG_AP, "%s: handle_assoc - too short payload "
1510 "(len=%d, reassoc=%d) from " MACSTR "\n",
1511 dev->name, len, reassoc, MAC2STR(hdr->addr2));
1515 spin_lock_bh(&local->ap->sta_table_lock);
1516 sta = ap_get_sta(local->ap, hdr->addr2);
1517 if (sta == NULL || (sta->flags & WLAN_STA_AUTH) == 0) {
1518 spin_unlock_bh(&local->ap->sta_table_lock);
1519 txt = "trying to associate before authentication";
1521 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1522 sta = NULL; /* do not decrement sta->users */
1525 atomic_inc(&sta->users);
1526 spin_unlock_bh(&local->ap->sta_table_lock);
1528 pos = (u16 *) (skb->data + IEEE80211_MGMT_HDR_LEN);
1529 sta->capability = __le16_to_cpu(*pos);
1531 sta->listen_interval = __le16_to_cpu(*pos);
1535 memcpy(prev_ap, pos, ETH_ALEN);
1536 pos++; pos++; pos++; left -= 6;
1538 memset(prev_ap, 0, ETH_ALEN);
1542 unsigned char *u = (unsigned char *) pos;
1544 if (*u == WLAN_EID_SSID) {
1549 if (ileft > left || ileft > MAX_SSID_LEN) {
1550 txt = "SSID overflow";
1551 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1555 if (ileft != strlen(local->essid) ||
1556 memcmp(local->essid, u, ileft) != 0) {
1557 txt = "not our SSID";
1558 resp = WLAN_STATUS_ASSOC_DENIED_UNSPEC;
1566 if (left >= 2 && *u == WLAN_EID_SUPP_RATES) {
1571 if (ileft > left || ileft == 0 ||
1572 ileft > WLAN_SUPP_RATES_MAX) {
1573 txt = "SUPP_RATES len error";
1574 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1578 memset(sta->supported_rates, 0,
1579 sizeof(sta->supported_rates));
1580 memcpy(sta->supported_rates, u, ileft);
1581 prism2_check_tx_rates(sta);
1588 PDEBUG(DEBUG_AP, "%s: assoc from " MACSTR " with extra"
1589 " data (%d bytes) [",
1590 dev->name, MAC2STR(hdr->addr2), left);
1592 PDEBUG2(DEBUG_AP, "<%02x>", *u);
1595 PDEBUG2(DEBUG_AP, "]\n");
1598 txt = "frame underflow";
1599 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1603 /* get a unique AID */
1605 txt = "OK, old AID";
1607 spin_lock_bh(&local->ap->sta_table_lock);
1608 for (sta->aid = 1; sta->aid <= MAX_AID_TABLE_SIZE; sta->aid++)
1609 if (local->ap->sta_aid[sta->aid - 1] == NULL)
1611 if (sta->aid > MAX_AID_TABLE_SIZE) {
1613 spin_unlock_bh(&local->ap->sta_table_lock);
1614 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
1615 txt = "no room for more AIDs";
1617 local->ap->sta_aid[sta->aid - 1] = sta;
1618 spin_unlock_bh(&local->ap->sta_table_lock);
1619 txt = "OK, new AID";
1627 *pos = __constant_cpu_to_le16(
1628 WLAN_REASON_STA_REQ_ASSOC_WITHOUT_AUTH);
1631 /* FIX: CF-Pollable and CF-PollReq should be set to match the
1632 * values in beacons/probe responses */
1633 /* FIX: how about privacy and WEP? */
1635 *pos = __constant_cpu_to_le16(WLAN_CAPABILITY_ESS);
1639 *pos = __cpu_to_le16(resp);
1642 *pos = __cpu_to_le16((sta && sta->aid > 0 ? sta->aid : 0) |
1643 BIT(14) | BIT(15)); /* AID */
1646 /* Supported rates (Information element) */
1648 *p++ = WLAN_EID_SUPP_RATES;
1651 if (local->tx_rate_control & WLAN_RATE_1M) {
1652 *p++ = local->basic_rates & WLAN_RATE_1M ? 0x82 : 0x02;
1655 if (local->tx_rate_control & WLAN_RATE_2M) {
1656 *p++ = local->basic_rates & WLAN_RATE_2M ? 0x84 : 0x04;
1659 if (local->tx_rate_control & WLAN_RATE_5M5) {
1660 *p++ = local->basic_rates & WLAN_RATE_5M5 ?
1664 if (local->tx_rate_control & WLAN_RATE_11M) {
1665 *p++ = local->basic_rates & WLAN_RATE_11M ?
1672 prism2_send_mgmt(dev, IEEE80211_FTYPE_MGMT |
1673 (send_deauth ? IEEE80211_STYPE_DEAUTH :
1674 (reassoc ? IEEE80211_STYPE_REASSOC_RESP :
1675 IEEE80211_STYPE_ASSOC_RESP)),
1676 body, (u8 *) pos - (u8 *) body,
1678 send_deauth ? 0 : local->ap->tx_callback_assoc);
1681 if (resp == WLAN_STATUS_SUCCESS) {
1682 sta->last_rx = jiffies;
1683 /* STA will be marked associated from TX callback, if
1684 * AssocResp is ACKed */
1686 atomic_dec(&sta->users);
1690 PDEBUG(DEBUG_AP, "%s: " MACSTR " %sassoc (len=%d prev_ap=" MACSTR
1691 ") => %d(%d) (%s)\n",
1692 dev->name, MAC2STR(hdr->addr2), reassoc ? "re" : "", len,
1693 MAC2STR(prev_ap), resp, send_deauth, txt);
1698 /* Called only as a scheduled task for pending AP frames. */
1699 static void handle_deauth(local_info_t *local, struct sk_buff *skb,
1700 struct hostap_80211_rx_status *rx_stats)
1702 struct net_device *dev = local->dev;
1703 struct ieee80211_hdr_4addr *hdr = (struct ieee80211_hdr_4addr *) skb->data;
1704 char *body = (char *) (skb->data + IEEE80211_MGMT_HDR_LEN);
1706 u16 reason_code, *pos;
1707 struct sta_info *sta = NULL;
1709 len = skb->len - IEEE80211_MGMT_HDR_LEN;
1712 printk("handle_deauth - too short payload (len=%d)\n", len);
1717 reason_code = __le16_to_cpu(*pos);
1719 PDEBUG(DEBUG_AP, "%s: deauthentication: " MACSTR " len=%d, "
1720 "reason_code=%d\n", dev->name, MAC2STR(hdr->addr2), len,
1723 spin_lock_bh(&local->ap->sta_table_lock);
1724 sta = ap_get_sta(local->ap, hdr->addr2);
1726 if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap)
1727 hostap_event_expired_sta(local->dev, sta);
1728 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC);
1730 spin_unlock_bh(&local->ap->sta_table_lock);
1732 printk("%s: deauthentication from " MACSTR ", "
1733 "reason_code=%d, but STA not authenticated\n", dev->name,
1734 MAC2STR(hdr->addr2), reason_code);
1739 /* Called only as a scheduled task for pending AP frames. */
1740 static void handle_disassoc(local_info_t *local, struct sk_buff *skb,
1741 struct hostap_80211_rx_status *rx_stats)
1743 struct net_device *dev = local->dev;
1744 struct ieee80211_hdr_4addr *hdr = (struct ieee80211_hdr_4addr *) skb->data;
1745 char *body = skb->data + IEEE80211_MGMT_HDR_LEN;
1747 u16 reason_code, *pos;
1748 struct sta_info *sta = NULL;
1750 len = skb->len - IEEE80211_MGMT_HDR_LEN;
1753 printk("handle_disassoc - too short payload (len=%d)\n", len);
1758 reason_code = __le16_to_cpu(*pos);
1760 PDEBUG(DEBUG_AP, "%s: disassociation: " MACSTR " len=%d, "
1761 "reason_code=%d\n", dev->name, MAC2STR(hdr->addr2), len,
1764 spin_lock_bh(&local->ap->sta_table_lock);
1765 sta = ap_get_sta(local->ap, hdr->addr2);
1767 if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap)
1768 hostap_event_expired_sta(local->dev, sta);
1769 sta->flags &= ~WLAN_STA_ASSOC;
1771 spin_unlock_bh(&local->ap->sta_table_lock);
1773 printk("%s: disassociation from " MACSTR ", "
1774 "reason_code=%d, but STA not authenticated\n",
1775 dev->name, MAC2STR(hdr->addr2), reason_code);
1780 /* Called only as a scheduled task for pending AP frames. */
1781 static void ap_handle_data_nullfunc(local_info_t *local,
1782 struct ieee80211_hdr_4addr *hdr)
1784 struct net_device *dev = local->dev;
1786 /* some STA f/w's seem to require control::ACK frame for
1787 * data::nullfunc, but at least Prism2 station f/w version 0.8.0 does
1789 * send control::ACK for the data::nullfunc */
1791 printk(KERN_DEBUG "Sending control::ACK for data::nullfunc\n");
1792 prism2_send_mgmt(dev, IEEE80211_FTYPE_CTL | IEEE80211_STYPE_ACK,
1793 NULL, 0, hdr->addr2, 0);
1797 /* Called only as a scheduled task for pending AP frames. */
1798 static void ap_handle_dropped_data(local_info_t *local,
1799 struct ieee80211_hdr_4addr *hdr)
1801 struct net_device *dev = local->dev;
1802 struct sta_info *sta;
1805 spin_lock_bh(&local->ap->sta_table_lock);
1806 sta = ap_get_sta(local->ap, hdr->addr2);
1808 atomic_inc(&sta->users);
1809 spin_unlock_bh(&local->ap->sta_table_lock);
1811 if (sta != NULL && (sta->flags & WLAN_STA_ASSOC)) {
1812 PDEBUG(DEBUG_AP, "ap_handle_dropped_data: STA is now okay?\n");
1813 atomic_dec(&sta->users);
1817 reason = __constant_cpu_to_le16(
1818 WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA);
1819 prism2_send_mgmt(dev, IEEE80211_FTYPE_MGMT |
1820 ((sta == NULL || !(sta->flags & WLAN_STA_ASSOC)) ?
1821 IEEE80211_STYPE_DEAUTH : IEEE80211_STYPE_DISASSOC),
1822 (char *) &reason, sizeof(reason), hdr->addr2, 0);
1825 atomic_dec(&sta->users);
1828 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
1831 /* Called only as a scheduled task for pending AP frames. */
1832 static void pspoll_send_buffered(local_info_t *local, struct sta_info *sta,
1833 struct sk_buff *skb)
1835 struct hostap_skb_tx_data *meta;
1837 if (!(sta->flags & WLAN_STA_PS)) {
1838 /* Station has moved to non-PS mode, so send all buffered
1839 * frames using normal device queue. */
1840 dev_queue_xmit(skb);
1844 /* add a flag for hostap_handle_sta_tx() to know that this skb should
1845 * be passed through even though STA is using PS */
1846 meta = (struct hostap_skb_tx_data *) skb->cb;
1847 meta->flags |= HOSTAP_TX_FLAGS_BUFFERED_FRAME;
1848 if (!skb_queue_empty(&sta->tx_buf)) {
1849 /* indicate to STA that more frames follow */
1850 meta->flags |= HOSTAP_TX_FLAGS_ADD_MOREDATA;
1852 dev_queue_xmit(skb);
1856 /* Called only as a scheduled task for pending AP frames. */
1857 static void handle_pspoll(local_info_t *local,
1858 struct ieee80211_hdr_4addr *hdr,
1859 struct hostap_80211_rx_status *rx_stats)
1861 struct net_device *dev = local->dev;
1862 struct sta_info *sta;
1864 struct sk_buff *skb;
1866 PDEBUG(DEBUG_PS2, "handle_pspoll: BSSID=" MACSTR ", TA=" MACSTR
1868 MAC2STR(hdr->addr1), MAC2STR(hdr->addr2),
1869 !!(le16_to_cpu(hdr->frame_ctl) & IEEE80211_FCTL_PM));
1871 if (memcmp(hdr->addr1, dev->dev_addr, ETH_ALEN)) {
1872 PDEBUG(DEBUG_AP, "handle_pspoll - addr1(BSSID)=" MACSTR
1873 " not own MAC\n", MAC2STR(hdr->addr1));
1877 aid = __le16_to_cpu(hdr->duration_id);
1878 if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14))) {
1879 PDEBUG(DEBUG_PS, " PSPOLL and AID[15:14] not set\n");
1882 aid &= ~BIT(15) & ~BIT(14);
1883 if (aid == 0 || aid > MAX_AID_TABLE_SIZE) {
1884 PDEBUG(DEBUG_PS, " invalid aid=%d\n", aid);
1887 PDEBUG(DEBUG_PS2, " aid=%d\n", aid);
1889 spin_lock_bh(&local->ap->sta_table_lock);
1890 sta = ap_get_sta(local->ap, hdr->addr2);
1892 atomic_inc(&sta->users);
1893 spin_unlock_bh(&local->ap->sta_table_lock);
1896 PDEBUG(DEBUG_PS, " STA not found\n");
1899 if (sta->aid != aid) {
1900 PDEBUG(DEBUG_PS, " received aid=%i does not match with "
1901 "assoc.aid=%d\n", aid, sta->aid);
1906 * - add timeout for buffering (clear aid in TIM vector if buffer timed
1907 * out (expiry time must be longer than ListenInterval for
1908 * the corresponding STA; "8802-11: 11.2.1.9 AP aging function"
1909 * - what to do, if buffered, pspolled, and sent frame is not ACKed by
1910 * sta; store buffer for later use and leave TIM aid bit set? use
1911 * TX event to check whether frame was ACKed?
1914 while ((skb = skb_dequeue(&sta->tx_buf)) != NULL) {
1915 /* send buffered frame .. */
1916 PDEBUG(DEBUG_PS2, "Sending buffered frame to STA after PS POLL"
1917 " (buffer_count=%d)\n", skb_queue_len(&sta->tx_buf));
1919 pspoll_send_buffered(local, sta, skb);
1921 if (sta->flags & WLAN_STA_PS) {
1922 /* send only one buffered packet per PS Poll */
1923 /* FIX: should ignore further PS Polls until the
1924 * buffered packet that was just sent is acknowledged
1925 * (Tx or TxExc event) */
1930 if (skb_queue_empty(&sta->tx_buf)) {
1931 /* try to clear aid from TIM */
1932 if (!(sta->flags & WLAN_STA_TIM))
1933 PDEBUG(DEBUG_PS2, "Re-unsetting TIM for aid %d\n",
1935 hostap_set_tim(local, aid, 0);
1936 sta->flags &= ~WLAN_STA_TIM;
1939 atomic_dec(&sta->users);
1943 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
1945 static void handle_wds_oper_queue(struct work_struct *work)
1947 struct ap_data *ap = container_of(work, struct ap_data,
1949 local_info_t *local = ap->local;
1950 struct wds_oper_data *entry, *prev;
1952 spin_lock_bh(&local->lock);
1953 entry = local->ap->wds_oper_entries;
1954 local->ap->wds_oper_entries = NULL;
1955 spin_unlock_bh(&local->lock);
1958 PDEBUG(DEBUG_AP, "%s: %s automatic WDS connection "
1959 "to AP " MACSTR "\n",
1961 entry->type == WDS_ADD ? "adding" : "removing",
1962 MAC2STR(entry->addr));
1963 if (entry->type == WDS_ADD)
1964 prism2_wds_add(local, entry->addr, 0);
1965 else if (entry->type == WDS_DEL)
1966 prism2_wds_del(local, entry->addr, 0, 1);
1969 entry = entry->next;
1975 /* Called only as a scheduled task for pending AP frames. */
1976 static void handle_beacon(local_info_t *local, struct sk_buff *skb,
1977 struct hostap_80211_rx_status *rx_stats)
1979 struct ieee80211_hdr_4addr *hdr = (struct ieee80211_hdr_4addr *) skb->data;
1980 char *body = skb->data + IEEE80211_MGMT_HDR_LEN;
1982 u16 *pos, beacon_int, capability;
1984 unsigned char *supp_rates = NULL;
1985 int ssid_len = 0, supp_rates_len = 0;
1986 struct sta_info *sta = NULL;
1987 int new_sta = 0, channel = -1;
1989 len = skb->len - IEEE80211_MGMT_HDR_LEN;
1991 if (len < 8 + 2 + 2) {
1992 printk(KERN_DEBUG "handle_beacon - too short payload "
2000 /* Timestamp (8 octets) */
2001 pos += 4; left -= 8;
2002 /* Beacon interval (2 octets) */
2003 beacon_int = __le16_to_cpu(*pos);
2005 /* Capability information (2 octets) */
2006 capability = __le16_to_cpu(*pos);
2009 if (local->ap->ap_policy != AP_OTHER_AP_EVEN_IBSS &&
2010 capability & WLAN_CAPABILITY_IBSS)
2015 unsigned char *u = (unsigned char *) pos;
2017 if (*u == WLAN_EID_SSID) {
2022 if (ileft > left || ileft > MAX_SSID_LEN) {
2023 PDEBUG(DEBUG_AP, "SSID: overflow\n");
2027 if (local->ap->ap_policy == AP_OTHER_AP_SAME_SSID &&
2028 (ileft != strlen(local->essid) ||
2029 memcmp(local->essid, u, ileft) != 0)) {
2041 if (*u == WLAN_EID_SUPP_RATES) {
2046 if (ileft > left || ileft == 0 || ileft > 8) {
2047 PDEBUG(DEBUG_AP, " - SUPP_RATES len error\n");
2052 supp_rates_len = ileft;
2058 if (*u == WLAN_EID_DS_PARAMS) {
2063 if (ileft > left || ileft != 1) {
2064 PDEBUG(DEBUG_AP, " - DS_PARAMS len error\n");
2075 spin_lock_bh(&local->ap->sta_table_lock);
2076 sta = ap_get_sta(local->ap, hdr->addr2);
2078 atomic_inc(&sta->users);
2079 spin_unlock_bh(&local->ap->sta_table_lock);
2084 sta = ap_add_sta(local->ap, hdr->addr2);
2086 printk(KERN_INFO "prism2: kmalloc failed for AP "
2087 "data structure\n");
2090 hostap_event_new_sta(local->dev, sta);
2092 /* mark APs authentication and associated for pseudo ad-hoc
2093 * style communication */
2094 sta->flags = WLAN_STA_AUTH | WLAN_STA_ASSOC;
2096 if (local->ap->autom_ap_wds) {
2097 hostap_wds_link_oper(local, sta->addr, WDS_ADD);
2103 sta->u.ap.ssid_len = ssid_len;
2104 memcpy(sta->u.ap.ssid, ssid, ssid_len);
2105 sta->u.ap.ssid[ssid_len] = '\0';
2107 sta->u.ap.ssid_len = 0;
2108 sta->u.ap.ssid[0] = '\0';
2110 sta->u.ap.channel = channel;
2112 sta->rx_bytes += len;
2113 sta->u.ap.last_beacon = sta->last_rx = jiffies;
2114 sta->capability = capability;
2115 sta->listen_interval = beacon_int;
2117 atomic_dec(&sta->users);
2120 memset(sta->supported_rates, 0, sizeof(sta->supported_rates));
2121 memcpy(sta->supported_rates, supp_rates, supp_rates_len);
2122 prism2_check_tx_rates(sta);
2126 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
2129 /* Called only as a tasklet. */
2130 static void handle_ap_item(local_info_t *local, struct sk_buff *skb,
2131 struct hostap_80211_rx_status *rx_stats)
2133 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
2134 struct net_device *dev = local->dev;
2135 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
2136 u16 fc, type, stype;
2137 struct ieee80211_hdr_4addr *hdr;
2139 /* FIX: should give skb->len to handler functions and check that the
2140 * buffer is long enough */
2141 hdr = (struct ieee80211_hdr_4addr *) skb->data;
2142 fc = le16_to_cpu(hdr->frame_ctl);
2143 type = WLAN_FC_GET_TYPE(fc);
2144 stype = WLAN_FC_GET_STYPE(fc);
2146 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
2147 if (!local->hostapd && type == IEEE80211_FTYPE_DATA) {
2148 PDEBUG(DEBUG_AP, "handle_ap_item - data frame\n");
2150 if (!(fc & IEEE80211_FCTL_TODS) ||
2151 (fc & IEEE80211_FCTL_FROMDS)) {
2152 if (stype == IEEE80211_STYPE_NULLFUNC) {
2153 /* no ToDS nullfunc seems to be used to check
2154 * AP association; so send reject message to
2155 * speed up re-association */
2156 ap_handle_dropped_data(local, hdr);
2159 PDEBUG(DEBUG_AP, " not ToDS frame (fc=0x%04x)\n",
2164 if (memcmp(hdr->addr1, dev->dev_addr, ETH_ALEN)) {
2165 PDEBUG(DEBUG_AP, "handle_ap_item - addr1(BSSID)="
2166 MACSTR " not own MAC\n",
2167 MAC2STR(hdr->addr1));
2171 if (local->ap->nullfunc_ack &&
2172 stype == IEEE80211_STYPE_NULLFUNC)
2173 ap_handle_data_nullfunc(local, hdr);
2175 ap_handle_dropped_data(local, hdr);
2179 if (type == IEEE80211_FTYPE_MGMT && stype == IEEE80211_STYPE_BEACON) {
2180 handle_beacon(local, skb, rx_stats);
2183 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
2185 if (type == IEEE80211_FTYPE_CTL && stype == IEEE80211_STYPE_PSPOLL) {
2186 handle_pspoll(local, hdr, rx_stats);
2190 if (local->hostapd) {
2191 PDEBUG(DEBUG_AP, "Unknown frame in AP queue: type=0x%02x "
2192 "subtype=0x%02x\n", type, stype);
2196 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
2197 if (type != IEEE80211_FTYPE_MGMT) {
2198 PDEBUG(DEBUG_AP, "handle_ap_item - not a management frame?\n");
2202 if (memcmp(hdr->addr1, dev->dev_addr, ETH_ALEN)) {
2203 PDEBUG(DEBUG_AP, "handle_ap_item - addr1(DA)=" MACSTR
2204 " not own MAC\n", MAC2STR(hdr->addr1));
2208 if (memcmp(hdr->addr3, dev->dev_addr, ETH_ALEN)) {
2209 PDEBUG(DEBUG_AP, "handle_ap_item - addr3(BSSID)=" MACSTR
2210 " not own MAC\n", MAC2STR(hdr->addr3));
2215 case IEEE80211_STYPE_ASSOC_REQ:
2216 handle_assoc(local, skb, rx_stats, 0);
2218 case IEEE80211_STYPE_ASSOC_RESP:
2219 PDEBUG(DEBUG_AP, "==> ASSOC RESP (ignored)\n");
2221 case IEEE80211_STYPE_REASSOC_REQ:
2222 handle_assoc(local, skb, rx_stats, 1);
2224 case IEEE80211_STYPE_REASSOC_RESP:
2225 PDEBUG(DEBUG_AP, "==> REASSOC RESP (ignored)\n");
2227 case IEEE80211_STYPE_ATIM:
2228 PDEBUG(DEBUG_AP, "==> ATIM (ignored)\n");
2230 case IEEE80211_STYPE_DISASSOC:
2231 handle_disassoc(local, skb, rx_stats);
2233 case IEEE80211_STYPE_AUTH:
2234 handle_authen(local, skb, rx_stats);
2236 case IEEE80211_STYPE_DEAUTH:
2237 handle_deauth(local, skb, rx_stats);
2240 PDEBUG(DEBUG_AP, "Unknown mgmt frame subtype 0x%02x\n",
2244 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
2251 /* Called only as a tasklet (software IRQ) */
2252 void hostap_rx(struct net_device *dev, struct sk_buff *skb,
2253 struct hostap_80211_rx_status *rx_stats)
2255 struct hostap_interface *iface;
2256 local_info_t *local;
2258 struct ieee80211_hdr_4addr *hdr;
2260 iface = netdev_priv(dev);
2261 local = iface->local;
2266 local->stats.rx_packets++;
2268 hdr = (struct ieee80211_hdr_4addr *) skb->data;
2269 fc = le16_to_cpu(hdr->frame_ctl);
2271 if (local->ap->ap_policy == AP_OTHER_AP_SKIP_ALL &&
2272 WLAN_FC_GET_TYPE(fc) == IEEE80211_FTYPE_MGMT &&
2273 WLAN_FC_GET_STYPE(fc) == IEEE80211_STYPE_BEACON)
2276 skb->protocol = __constant_htons(ETH_P_HOSTAP);
2277 handle_ap_item(local, skb, rx_stats);
2285 /* Called only as a tasklet (software IRQ) */
2286 static void schedule_packet_send(local_info_t *local, struct sta_info *sta)
2288 struct sk_buff *skb;
2289 struct ieee80211_hdr_4addr *hdr;
2290 struct hostap_80211_rx_status rx_stats;
2292 if (skb_queue_empty(&sta->tx_buf))
2295 skb = dev_alloc_skb(16);
2297 printk(KERN_DEBUG "%s: schedule_packet_send: skb alloc "
2298 "failed\n", local->dev->name);
2302 hdr = (struct ieee80211_hdr_4addr *) skb_put(skb, 16);
2304 /* Generate a fake pspoll frame to start packet delivery */
2305 hdr->frame_ctl = __constant_cpu_to_le16(
2306 IEEE80211_FTYPE_CTL | IEEE80211_STYPE_PSPOLL);
2307 memcpy(hdr->addr1, local->dev->dev_addr, ETH_ALEN);
2308 memcpy(hdr->addr2, sta->addr, ETH_ALEN);
2309 hdr->duration_id = cpu_to_le16(sta->aid | BIT(15) | BIT(14));
2311 PDEBUG(DEBUG_PS2, "%s: Scheduling buffered packet delivery for "
2312 "STA " MACSTR "\n", local->dev->name, MAC2STR(sta->addr));
2314 skb->dev = local->dev;
2316 memset(&rx_stats, 0, sizeof(rx_stats));
2317 hostap_rx(local->dev, skb, &rx_stats);
2321 int prism2_ap_get_sta_qual(local_info_t *local, struct sockaddr addr[],
2322 struct iw_quality qual[], int buf_size,
2325 struct ap_data *ap = local->ap;
2326 struct list_head *ptr;
2329 spin_lock_bh(&ap->sta_table_lock);
2331 for (ptr = ap->sta_list.next; ptr != NULL && ptr != &ap->sta_list;
2333 struct sta_info *sta = (struct sta_info *) ptr;
2335 if (aplist && !sta->ap)
2337 addr[count].sa_family = ARPHRD_ETHER;
2338 memcpy(addr[count].sa_data, sta->addr, ETH_ALEN);
2339 if (sta->last_rx_silence == 0)
2340 qual[count].qual = sta->last_rx_signal < 27 ?
2341 0 : (sta->last_rx_signal - 27) * 92 / 127;
2343 qual[count].qual = sta->last_rx_signal -
2344 sta->last_rx_silence - 35;
2345 qual[count].level = HFA384X_LEVEL_TO_dBm(sta->last_rx_signal);
2346 qual[count].noise = HFA384X_LEVEL_TO_dBm(sta->last_rx_silence);
2347 qual[count].updated = sta->last_rx_updated;
2349 sta->last_rx_updated = IW_QUAL_DBM;
2352 if (count >= buf_size)
2355 spin_unlock_bh(&ap->sta_table_lock);
2361 /* Translate our list of Access Points & Stations to a card independant
2362 * format that the Wireless Tools will understand - Jean II */
2363 int prism2_ap_translate_scan(struct net_device *dev, char *buffer)
2365 struct hostap_interface *iface;
2366 local_info_t *local;
2368 struct list_head *ptr;
2369 struct iw_event iwe;
2370 char *current_ev = buffer;
2371 char *end_buf = buffer + IW_SCAN_MAX_DATA;
2372 #if !defined(PRISM2_NO_KERNEL_IEEE80211_MGMT)
2376 iface = netdev_priv(dev);
2377 local = iface->local;
2380 spin_lock_bh(&ap->sta_table_lock);
2382 for (ptr = ap->sta_list.next; ptr != NULL && ptr != &ap->sta_list;
2384 struct sta_info *sta = (struct sta_info *) ptr;
2386 /* First entry *MUST* be the AP MAC address */
2387 memset(&iwe, 0, sizeof(iwe));
2388 iwe.cmd = SIOCGIWAP;
2389 iwe.u.ap_addr.sa_family = ARPHRD_ETHER;
2390 memcpy(iwe.u.ap_addr.sa_data, sta->addr, ETH_ALEN);
2391 iwe.len = IW_EV_ADDR_LEN;
2392 current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe,
2395 /* Use the mode to indicate if it's a station or
2396 * an Access Point */
2397 memset(&iwe, 0, sizeof(iwe));
2398 iwe.cmd = SIOCGIWMODE;
2400 iwe.u.mode = IW_MODE_MASTER;
2402 iwe.u.mode = IW_MODE_INFRA;
2403 iwe.len = IW_EV_UINT_LEN;
2404 current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe,
2408 memset(&iwe, 0, sizeof(iwe));
2410 if (sta->last_rx_silence == 0)
2411 iwe.u.qual.qual = sta->last_rx_signal < 27 ?
2412 0 : (sta->last_rx_signal - 27) * 92 / 127;
2414 iwe.u.qual.qual = sta->last_rx_signal -
2415 sta->last_rx_silence - 35;
2416 iwe.u.qual.level = HFA384X_LEVEL_TO_dBm(sta->last_rx_signal);
2417 iwe.u.qual.noise = HFA384X_LEVEL_TO_dBm(sta->last_rx_silence);
2418 iwe.u.qual.updated = sta->last_rx_updated;
2419 iwe.len = IW_EV_QUAL_LEN;
2420 current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe,
2423 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
2425 memset(&iwe, 0, sizeof(iwe));
2426 iwe.cmd = SIOCGIWESSID;
2427 iwe.u.data.length = sta->u.ap.ssid_len;
2428 iwe.u.data.flags = 1;
2429 current_ev = iwe_stream_add_point(current_ev, end_buf,
2433 memset(&iwe, 0, sizeof(iwe));
2434 iwe.cmd = SIOCGIWENCODE;
2435 if (sta->capability & WLAN_CAPABILITY_PRIVACY)
2437 IW_ENCODE_ENABLED | IW_ENCODE_NOKEY;
2439 iwe.u.data.flags = IW_ENCODE_DISABLED;
2440 current_ev = iwe_stream_add_point(current_ev, end_buf,
2443 /* 0 byte memcpy */);
2445 if (sta->u.ap.channel > 0 &&
2446 sta->u.ap.channel <= FREQ_COUNT) {
2447 memset(&iwe, 0, sizeof(iwe));
2448 iwe.cmd = SIOCGIWFREQ;
2449 iwe.u.freq.m = freq_list[sta->u.ap.channel - 1]
2452 current_ev = iwe_stream_add_event(
2453 current_ev, end_buf, &iwe,
2457 memset(&iwe, 0, sizeof(iwe));
2458 iwe.cmd = IWEVCUSTOM;
2459 sprintf(buf, "beacon_interval=%d",
2460 sta->listen_interval);
2461 iwe.u.data.length = strlen(buf);
2462 current_ev = iwe_stream_add_point(current_ev, end_buf,
2465 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
2467 sta->last_rx_updated = IW_QUAL_DBM;
2469 /* To be continued, we should make good use of IWEVCUSTOM */
2472 spin_unlock_bh(&ap->sta_table_lock);
2474 return current_ev - buffer;
2478 static int prism2_hostapd_add_sta(struct ap_data *ap,
2479 struct prism2_hostapd_param *param)
2481 struct sta_info *sta;
2483 spin_lock_bh(&ap->sta_table_lock);
2484 sta = ap_get_sta(ap, param->sta_addr);
2486 atomic_inc(&sta->users);
2487 spin_unlock_bh(&ap->sta_table_lock);
2490 sta = ap_add_sta(ap, param->sta_addr);
2495 if (!(sta->flags & WLAN_STA_ASSOC) && !sta->ap && sta->local)
2496 hostap_event_new_sta(sta->local->dev, sta);
2498 sta->flags |= WLAN_STA_AUTH | WLAN_STA_ASSOC;
2499 sta->last_rx = jiffies;
2500 sta->aid = param->u.add_sta.aid;
2501 sta->capability = param->u.add_sta.capability;
2502 sta->tx_supp_rates = param->u.add_sta.tx_supp_rates;
2503 if (sta->tx_supp_rates & WLAN_RATE_1M)
2504 sta->supported_rates[0] = 2;
2505 if (sta->tx_supp_rates & WLAN_RATE_2M)
2506 sta->supported_rates[1] = 4;
2507 if (sta->tx_supp_rates & WLAN_RATE_5M5)
2508 sta->supported_rates[2] = 11;
2509 if (sta->tx_supp_rates & WLAN_RATE_11M)
2510 sta->supported_rates[3] = 22;
2511 prism2_check_tx_rates(sta);
2512 atomic_dec(&sta->users);
2517 static int prism2_hostapd_remove_sta(struct ap_data *ap,
2518 struct prism2_hostapd_param *param)
2520 struct sta_info *sta;
2522 spin_lock_bh(&ap->sta_table_lock);
2523 sta = ap_get_sta(ap, param->sta_addr);
2525 ap_sta_hash_del(ap, sta);
2526 list_del(&sta->list);
2528 spin_unlock_bh(&ap->sta_table_lock);
2533 if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap && sta->local)
2534 hostap_event_expired_sta(sta->local->dev, sta);
2535 ap_free_sta(ap, sta);
2541 static int prism2_hostapd_get_info_sta(struct ap_data *ap,
2542 struct prism2_hostapd_param *param)
2544 struct sta_info *sta;
2546 spin_lock_bh(&ap->sta_table_lock);
2547 sta = ap_get_sta(ap, param->sta_addr);
2549 atomic_inc(&sta->users);
2550 spin_unlock_bh(&ap->sta_table_lock);
2555 param->u.get_info_sta.inactive_sec = (jiffies - sta->last_rx) / HZ;
2557 atomic_dec(&sta->users);
2563 static int prism2_hostapd_set_flags_sta(struct ap_data *ap,
2564 struct prism2_hostapd_param *param)
2566 struct sta_info *sta;
2568 spin_lock_bh(&ap->sta_table_lock);
2569 sta = ap_get_sta(ap, param->sta_addr);
2571 sta->flags |= param->u.set_flags_sta.flags_or;
2572 sta->flags &= param->u.set_flags_sta.flags_and;
2574 spin_unlock_bh(&ap->sta_table_lock);
2583 static int prism2_hostapd_sta_clear_stats(struct ap_data *ap,
2584 struct prism2_hostapd_param *param)
2586 struct sta_info *sta;
2589 spin_lock_bh(&ap->sta_table_lock);
2590 sta = ap_get_sta(ap, param->sta_addr);
2592 sta->rx_packets = sta->tx_packets = 0;
2593 sta->rx_bytes = sta->tx_bytes = 0;
2594 for (rate = 0; rate < WLAN_RATE_COUNT; rate++) {
2595 sta->tx_count[rate] = 0;
2596 sta->rx_count[rate] = 0;
2599 spin_unlock_bh(&ap->sta_table_lock);
2608 int prism2_hostapd(struct ap_data *ap, struct prism2_hostapd_param *param)
2610 switch (param->cmd) {
2611 case PRISM2_HOSTAPD_FLUSH:
2612 ap_control_kickall(ap);
2614 case PRISM2_HOSTAPD_ADD_STA:
2615 return prism2_hostapd_add_sta(ap, param);
2616 case PRISM2_HOSTAPD_REMOVE_STA:
2617 return prism2_hostapd_remove_sta(ap, param);
2618 case PRISM2_HOSTAPD_GET_INFO_STA:
2619 return prism2_hostapd_get_info_sta(ap, param);
2620 case PRISM2_HOSTAPD_SET_FLAGS_STA:
2621 return prism2_hostapd_set_flags_sta(ap, param);
2622 case PRISM2_HOSTAPD_STA_CLEAR_STATS:
2623 return prism2_hostapd_sta_clear_stats(ap, param);
2625 printk(KERN_WARNING "prism2_hostapd: unknown cmd=%d\n",
2632 /* Update station info for host-based TX rate control and return current
2634 static int ap_update_sta_tx_rate(struct sta_info *sta, struct net_device *dev)
2636 int ret = sta->tx_rate;
2637 struct hostap_interface *iface;
2638 local_info_t *local;
2640 iface = netdev_priv(dev);
2641 local = iface->local;
2643 sta->tx_count[sta->tx_rate_idx]++;
2644 sta->tx_since_last_failure++;
2645 sta->tx_consecutive_exc = 0;
2646 if (sta->tx_since_last_failure >= WLAN_RATE_UPDATE_COUNT &&
2647 sta->tx_rate_idx < sta->tx_max_rate) {
2648 /* use next higher rate */
2649 int old_rate, new_rate;
2650 old_rate = new_rate = sta->tx_rate_idx;
2651 while (new_rate < sta->tx_max_rate) {
2653 if (ap_tx_rate_ok(new_rate, sta, local)) {
2654 sta->tx_rate_idx = new_rate;
2658 if (old_rate != sta->tx_rate_idx) {
2659 switch (sta->tx_rate_idx) {
2660 case 0: sta->tx_rate = 10; break;
2661 case 1: sta->tx_rate = 20; break;
2662 case 2: sta->tx_rate = 55; break;
2663 case 3: sta->tx_rate = 110; break;
2664 default: sta->tx_rate = 0; break;
2666 PDEBUG(DEBUG_AP, "%s: STA " MACSTR " TX rate raised to"
2667 " %d\n", dev->name, MAC2STR(sta->addr),
2670 sta->tx_since_last_failure = 0;
2677 /* Called only from software IRQ. Called for each TX frame prior possible
2678 * encryption and transmit. */
2679 ap_tx_ret hostap_handle_sta_tx(local_info_t *local, struct hostap_tx_data *tx)
2681 struct sta_info *sta = NULL;
2682 struct sk_buff *skb = tx->skb;
2684 struct ieee80211_hdr_4addr *hdr;
2685 struct hostap_skb_tx_data *meta;
2687 meta = (struct hostap_skb_tx_data *) skb->cb;
2688 ret = AP_TX_CONTINUE;
2689 if (local->ap == NULL || skb->len < 10 ||
2690 meta->iface->type == HOSTAP_INTERFACE_STA)
2693 hdr = (struct ieee80211_hdr_4addr *) skb->data;
2695 if (hdr->addr1[0] & 0x01) {
2696 /* broadcast/multicast frame - no AP related processing */
2697 if (local->ap->num_sta <= 0)
2702 /* unicast packet - check whether destination STA is associated */
2703 spin_lock(&local->ap->sta_table_lock);
2704 sta = ap_get_sta(local->ap, hdr->addr1);
2706 atomic_inc(&sta->users);
2707 spin_unlock(&local->ap->sta_table_lock);
2709 if (local->iw_mode == IW_MODE_MASTER && sta == NULL &&
2710 !(meta->flags & HOSTAP_TX_FLAGS_WDS) &&
2711 meta->iface->type != HOSTAP_INTERFACE_MASTER &&
2712 meta->iface->type != HOSTAP_INTERFACE_AP) {
2714 /* This can happen, e.g., when wlan0 is added to a bridge and
2715 * bridging code does not know which port is the correct target
2716 * for a unicast frame. In this case, the packet is send to all
2717 * ports of the bridge. Since this is a valid scenario, do not
2718 * print out any errors here. */
2719 if (net_ratelimit()) {
2720 printk(KERN_DEBUG "AP: drop packet to non-associated "
2721 "STA " MACSTR "\n", MAC2STR(hdr->addr1));
2724 local->ap->tx_drop_nonassoc++;
2732 if (!(sta->flags & WLAN_STA_AUTHORIZED))
2733 ret = AP_TX_CONTINUE_NOT_AUTHORIZED;
2735 /* Set tx_rate if using host-based TX rate control */
2736 if (!local->fw_tx_rate_control)
2737 local->ap->last_tx_rate = meta->rate =
2738 ap_update_sta_tx_rate(sta, local->dev);
2740 if (local->iw_mode != IW_MODE_MASTER)
2743 if (!(sta->flags & WLAN_STA_PS))
2746 if (meta->flags & HOSTAP_TX_FLAGS_ADD_MOREDATA) {
2747 /* indicate to STA that more frames follow */
2749 __constant_cpu_to_le16(IEEE80211_FCTL_MOREDATA);
2752 if (meta->flags & HOSTAP_TX_FLAGS_BUFFERED_FRAME) {
2753 /* packet was already buffered and now send due to
2754 * PS poll, so do not rebuffer it */
2758 if (skb_queue_len(&sta->tx_buf) >= STA_MAX_TX_BUFFER) {
2759 PDEBUG(DEBUG_PS, "%s: No more space in STA (" MACSTR ")'s PS "
2760 "mode buffer\n", local->dev->name, MAC2STR(sta->addr));
2761 /* Make sure that TIM is set for the station (it might not be
2762 * after AP wlan hw reset). */
2763 /* FIX: should fix hw reset to restore bits based on STA
2765 hostap_set_tim(local, sta->aid, 1);
2766 sta->flags |= WLAN_STA_TIM;
2771 /* STA in PS mode, buffer frame for later delivery */
2772 set_tim = skb_queue_empty(&sta->tx_buf);
2773 skb_queue_tail(&sta->tx_buf, skb);
2774 /* FIX: could save RX time to skb and expire buffered frames after
2775 * some time if STA does not poll for them */
2778 if (sta->flags & WLAN_STA_TIM)
2779 PDEBUG(DEBUG_PS2, "Re-setting TIM for aid %d\n",
2781 hostap_set_tim(local, sta->aid, 1);
2782 sta->flags |= WLAN_STA_TIM;
2785 ret = AP_TX_BUFFERED;
2789 if (ret == AP_TX_CONTINUE ||
2790 ret == AP_TX_CONTINUE_NOT_AUTHORIZED) {
2792 sta->tx_bytes += skb->len;
2793 sta->last_tx = jiffies;
2796 if ((ret == AP_TX_CONTINUE ||
2797 ret == AP_TX_CONTINUE_NOT_AUTHORIZED) &&
2798 sta->crypt && tx->host_encrypt) {
2799 tx->crypt = sta->crypt;
2800 tx->sta_ptr = sta; /* hostap_handle_sta_release() will
2801 * be called to release sta info
2804 atomic_dec(&sta->users);
2811 void hostap_handle_sta_release(void *ptr)
2813 struct sta_info *sta = ptr;
2814 atomic_dec(&sta->users);
2818 /* Called only as a tasklet (software IRQ) */
2819 void hostap_handle_sta_tx_exc(local_info_t *local, struct sk_buff *skb)
2821 struct sta_info *sta;
2822 struct ieee80211_hdr_4addr *hdr;
2823 struct hostap_skb_tx_data *meta;
2825 hdr = (struct ieee80211_hdr_4addr *) skb->data;
2826 meta = (struct hostap_skb_tx_data *) skb->cb;
2828 spin_lock(&local->ap->sta_table_lock);
2829 sta = ap_get_sta(local->ap, hdr->addr1);
2831 spin_unlock(&local->ap->sta_table_lock);
2832 PDEBUG(DEBUG_AP, "%s: Could not find STA " MACSTR " for this "
2833 "TX error (@%lu)\n",
2834 local->dev->name, MAC2STR(hdr->addr1), jiffies);
2838 sta->tx_since_last_failure = 0;
2839 sta->tx_consecutive_exc++;
2841 if (sta->tx_consecutive_exc >= WLAN_RATE_DECREASE_THRESHOLD &&
2842 sta->tx_rate_idx > 0 && meta->rate <= sta->tx_rate) {
2843 /* use next lower rate */
2845 old = rate = sta->tx_rate_idx;
2848 if (ap_tx_rate_ok(rate, sta, local)) {
2849 sta->tx_rate_idx = rate;
2853 if (old != sta->tx_rate_idx) {
2854 switch (sta->tx_rate_idx) {
2855 case 0: sta->tx_rate = 10; break;
2856 case 1: sta->tx_rate = 20; break;
2857 case 2: sta->tx_rate = 55; break;
2858 case 3: sta->tx_rate = 110; break;
2859 default: sta->tx_rate = 0; break;
2861 PDEBUG(DEBUG_AP, "%s: STA " MACSTR " TX rate lowered "
2862 "to %d\n", local->dev->name, MAC2STR(sta->addr),
2865 sta->tx_consecutive_exc = 0;
2867 spin_unlock(&local->ap->sta_table_lock);
2871 static void hostap_update_sta_ps2(local_info_t *local, struct sta_info *sta,
2872 int pwrmgt, int type, int stype)
2874 if (pwrmgt && !(sta->flags & WLAN_STA_PS)) {
2875 sta->flags |= WLAN_STA_PS;
2876 PDEBUG(DEBUG_PS2, "STA " MACSTR " changed to use PS "
2877 "mode (type=0x%02X, stype=0x%02X)\n",
2878 MAC2STR(sta->addr), type >> 2, stype >> 4);
2879 } else if (!pwrmgt && (sta->flags & WLAN_STA_PS)) {
2880 sta->flags &= ~WLAN_STA_PS;
2881 PDEBUG(DEBUG_PS2, "STA " MACSTR " changed to not use "
2882 "PS mode (type=0x%02X, stype=0x%02X)\n",
2883 MAC2STR(sta->addr), type >> 2, stype >> 4);
2884 if (type != IEEE80211_FTYPE_CTL ||
2885 stype != IEEE80211_STYPE_PSPOLL)
2886 schedule_packet_send(local, sta);
2891 /* Called only as a tasklet (software IRQ). Called for each RX frame to update
2892 * STA power saving state. pwrmgt is a flag from 802.11 frame_ctl field. */
2893 int hostap_update_sta_ps(local_info_t *local, struct ieee80211_hdr_4addr *hdr)
2895 struct sta_info *sta;
2898 spin_lock(&local->ap->sta_table_lock);
2899 sta = ap_get_sta(local->ap, hdr->addr2);
2901 atomic_inc(&sta->users);
2902 spin_unlock(&local->ap->sta_table_lock);
2907 fc = le16_to_cpu(hdr->frame_ctl);
2908 hostap_update_sta_ps2(local, sta, fc & IEEE80211_FCTL_PM,
2909 WLAN_FC_GET_TYPE(fc), WLAN_FC_GET_STYPE(fc));
2911 atomic_dec(&sta->users);
2916 /* Called only as a tasklet (software IRQ). Called for each RX frame after
2917 * getting RX header and payload from hardware. */
2918 ap_rx_ret hostap_handle_sta_rx(local_info_t *local, struct net_device *dev,
2919 struct sk_buff *skb,
2920 struct hostap_80211_rx_status *rx_stats,
2924 struct sta_info *sta;
2925 u16 fc, type, stype;
2926 struct ieee80211_hdr_4addr *hdr;
2928 if (local->ap == NULL)
2929 return AP_RX_CONTINUE;
2931 hdr = (struct ieee80211_hdr_4addr *) skb->data;
2933 fc = le16_to_cpu(hdr->frame_ctl);
2934 type = WLAN_FC_GET_TYPE(fc);
2935 stype = WLAN_FC_GET_STYPE(fc);
2937 spin_lock(&local->ap->sta_table_lock);
2938 sta = ap_get_sta(local->ap, hdr->addr2);
2940 atomic_inc(&sta->users);
2941 spin_unlock(&local->ap->sta_table_lock);
2943 if (sta && !(sta->flags & WLAN_STA_AUTHORIZED))
2944 ret = AP_RX_CONTINUE_NOT_AUTHORIZED;
2946 ret = AP_RX_CONTINUE;
2949 if (fc & IEEE80211_FCTL_TODS) {
2950 if (!wds && (sta == NULL || !(sta->flags & WLAN_STA_ASSOC))) {
2951 if (local->hostapd) {
2952 prism2_rx_80211(local->apdev, skb, rx_stats,
2953 PRISM2_RX_NON_ASSOC);
2954 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
2956 printk(KERN_DEBUG "%s: dropped received packet"
2957 " from non-associated STA " MACSTR
2958 " (type=0x%02x, subtype=0x%02x)\n",
2959 dev->name, MAC2STR(hdr->addr2),
2960 type >> 2, stype >> 4);
2961 hostap_rx(dev, skb, rx_stats);
2962 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
2967 } else if (fc & IEEE80211_FCTL_FROMDS) {
2969 /* FromDS frame - not for us; probably
2970 * broadcast/multicast in another BSS - drop */
2971 if (memcmp(hdr->addr1, dev->dev_addr, ETH_ALEN) == 0) {
2972 printk(KERN_DEBUG "Odd.. FromDS packet "
2973 "received with own BSSID\n");
2974 hostap_dump_rx_80211(dev->name, skb, rx_stats);
2979 } else if (stype == IEEE80211_STYPE_NULLFUNC && sta == NULL &&
2980 memcmp(hdr->addr1, dev->dev_addr, ETH_ALEN) == 0) {
2982 if (local->hostapd) {
2983 prism2_rx_80211(local->apdev, skb, rx_stats,
2984 PRISM2_RX_NON_ASSOC);
2985 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
2987 /* At least Lucent f/w seems to send data::nullfunc
2988 * frames with no ToDS flag when the current AP returns
2989 * after being unavailable for some time. Speed up
2990 * re-association by informing the station about it not
2991 * being associated. */
2992 printk(KERN_DEBUG "%s: rejected received nullfunc "
2993 "frame without ToDS from not associated STA "
2995 dev->name, MAC2STR(hdr->addr2));
2996 hostap_rx(dev, skb, rx_stats);
2997 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
3001 } else if (stype == IEEE80211_STYPE_NULLFUNC) {
3002 /* At least Lucent cards seem to send periodic nullfunc
3003 * frames with ToDS. Let these through to update SQ
3004 * stats and PS state. Nullfunc frames do not contain
3005 * any data and they will be dropped below. */
3007 /* If BSSID (Addr3) is foreign, this frame is a normal
3008 * broadcast frame from an IBSS network. Drop it silently.
3009 * If BSSID is own, report the dropping of this frame. */
3010 if (memcmp(hdr->addr3, dev->dev_addr, ETH_ALEN) == 0) {
3011 printk(KERN_DEBUG "%s: dropped received packet from "
3012 MACSTR " with no ToDS flag (type=0x%02x, "
3013 "subtype=0x%02x)\n", dev->name,
3014 MAC2STR(hdr->addr2), type >> 2, stype >> 4);
3015 hostap_dump_rx_80211(dev->name, skb, rx_stats);
3022 hostap_update_sta_ps2(local, sta, fc & IEEE80211_FCTL_PM,
3026 sta->rx_bytes += skb->len;
3027 sta->last_rx = jiffies;
3030 if (local->ap->nullfunc_ack && stype == IEEE80211_STYPE_NULLFUNC &&
3031 fc & IEEE80211_FCTL_TODS) {
3032 if (local->hostapd) {
3033 prism2_rx_80211(local->apdev, skb, rx_stats,
3034 PRISM2_RX_NULLFUNC_ACK);
3035 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
3037 /* some STA f/w's seem to require control::ACK frame
3038 * for data::nullfunc, but Prism2 f/w 0.8.0 (at least
3039 * from Compaq) does not send this.. Try to generate
3040 * ACK for these frames from the host driver to make
3041 * power saving work with, e.g., Lucent WaveLAN f/w */
3042 hostap_rx(dev, skb, rx_stats);
3043 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
3051 atomic_dec(&sta->users);
3057 /* Called only as a tasklet (software IRQ) */
3058 int hostap_handle_sta_crypto(local_info_t *local,
3059 struct ieee80211_hdr_4addr *hdr,
3060 struct ieee80211_crypt_data **crypt,
3063 struct sta_info *sta;
3065 spin_lock(&local->ap->sta_table_lock);
3066 sta = ap_get_sta(local->ap, hdr->addr2);
3068 atomic_inc(&sta->users);
3069 spin_unlock(&local->ap->sta_table_lock);
3075 *crypt = sta->crypt;
3077 /* hostap_handle_sta_release() will be called to release STA
3080 atomic_dec(&sta->users);
3086 /* Called only as a tasklet (software IRQ) */
3087 int hostap_is_sta_assoc(struct ap_data *ap, u8 *sta_addr)
3089 struct sta_info *sta;
3092 spin_lock(&ap->sta_table_lock);
3093 sta = ap_get_sta(ap, sta_addr);
3094 if (sta != NULL && (sta->flags & WLAN_STA_ASSOC) && !sta->ap)
3096 spin_unlock(&ap->sta_table_lock);
3102 /* Called only as a tasklet (software IRQ) */
3103 int hostap_is_sta_authorized(struct ap_data *ap, u8 *sta_addr)
3105 struct sta_info *sta;
3108 spin_lock(&ap->sta_table_lock);
3109 sta = ap_get_sta(ap, sta_addr);
3110 if (sta != NULL && (sta->flags & WLAN_STA_ASSOC) && !sta->ap &&
3111 ((sta->flags & WLAN_STA_AUTHORIZED) ||
3112 ap->local->ieee_802_1x == 0))
3114 spin_unlock(&ap->sta_table_lock);
3120 /* Called only as a tasklet (software IRQ) */
3121 int hostap_add_sta(struct ap_data *ap, u8 *sta_addr)
3123 struct sta_info *sta;
3129 spin_lock(&ap->sta_table_lock);
3130 sta = ap_get_sta(ap, sta_addr);
3133 spin_unlock(&ap->sta_table_lock);
3136 sta = ap_add_sta(ap, sta_addr);
3139 sta->flags = WLAN_STA_AUTH | WLAN_STA_ASSOC;
3141 memset(sta->supported_rates, 0, sizeof(sta->supported_rates));
3142 /* No way of knowing which rates are supported since we did not
3143 * get supported rates element from beacon/assoc req. Assume
3144 * that remote end supports all 802.11b rates. */
3145 sta->supported_rates[0] = 0x82;
3146 sta->supported_rates[1] = 0x84;
3147 sta->supported_rates[2] = 0x0b;
3148 sta->supported_rates[3] = 0x16;
3149 sta->tx_supp_rates = WLAN_RATE_1M | WLAN_RATE_2M |
3150 WLAN_RATE_5M5 | WLAN_RATE_11M;
3152 sta->tx_max_rate = sta->tx_rate_idx = 3;
3159 /* Called only as a tasklet (software IRQ) */
3160 int hostap_update_rx_stats(struct ap_data *ap,
3161 struct ieee80211_hdr_4addr *hdr,
3162 struct hostap_80211_rx_status *rx_stats)
3164 struct sta_info *sta;
3169 spin_lock(&ap->sta_table_lock);
3170 sta = ap_get_sta(ap, hdr->addr2);
3172 sta->last_rx_silence = rx_stats->noise;
3173 sta->last_rx_signal = rx_stats->signal;
3174 sta->last_rx_rate = rx_stats->rate;
3175 sta->last_rx_updated = IW_QUAL_ALL_UPDATED | IW_QUAL_DBM;
3176 if (rx_stats->rate == 10)
3178 else if (rx_stats->rate == 20)
3180 else if (rx_stats->rate == 55)
3182 else if (rx_stats->rate == 110)
3185 spin_unlock(&ap->sta_table_lock);
3187 return sta ? 0 : -1;
3191 void hostap_update_rates(local_info_t *local)
3193 struct sta_info *sta;
3194 struct ap_data *ap = local->ap;
3199 spin_lock_bh(&ap->sta_table_lock);
3200 list_for_each_entry(sta, &ap->sta_list, list) {
3201 prism2_check_tx_rates(sta);
3203 spin_unlock_bh(&ap->sta_table_lock);
3207 void * ap_crypt_get_ptrs(struct ap_data *ap, u8 *addr, int permanent,
3208 struct ieee80211_crypt_data ***crypt)
3210 struct sta_info *sta;
3212 spin_lock_bh(&ap->sta_table_lock);
3213 sta = ap_get_sta(ap, addr);
3215 atomic_inc(&sta->users);
3216 spin_unlock_bh(&ap->sta_table_lock);
3218 if (!sta && permanent)
3219 sta = ap_add_sta(ap, addr);
3225 sta->flags |= WLAN_STA_PERM;
3227 *crypt = &sta->crypt;
3233 void hostap_add_wds_links(local_info_t *local)
3235 struct ap_data *ap = local->ap;
3236 struct sta_info *sta;
3238 spin_lock_bh(&ap->sta_table_lock);
3239 list_for_each_entry(sta, &ap->sta_list, list) {
3241 hostap_wds_link_oper(local, sta->addr, WDS_ADD);
3243 spin_unlock_bh(&ap->sta_table_lock);
3245 schedule_work(&local->ap->wds_oper_queue);
3249 void hostap_wds_link_oper(local_info_t *local, u8 *addr, wds_oper_type type)
3251 struct wds_oper_data *entry;
3253 entry = kmalloc(sizeof(*entry), GFP_ATOMIC);
3256 memcpy(entry->addr, addr, ETH_ALEN);
3258 spin_lock_bh(&local->lock);
3259 entry->next = local->ap->wds_oper_entries;
3260 local->ap->wds_oper_entries = entry;
3261 spin_unlock_bh(&local->lock);
3263 schedule_work(&local->ap->wds_oper_queue);
3267 EXPORT_SYMBOL(hostap_init_data);
3268 EXPORT_SYMBOL(hostap_init_ap_proc);
3269 EXPORT_SYMBOL(hostap_free_data);
3270 EXPORT_SYMBOL(hostap_check_sta_fw_version);
3271 EXPORT_SYMBOL(hostap_handle_sta_tx_exc);
3272 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT
3273 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */
projects / linux-2.6 / blob