2 * BSS client mode implementation
3 * Copyright 2003, Jouni Malinen <jkmaline@cc.hut.fi>
4 * Copyright 2004, Instant802 Networks, Inc.
5 * Copyright 2005, Devicescape Software, Inc.
6 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
7 * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License version 2 as
11 * published by the Free Software Foundation.
15 * order BSS list by RSSI(?) ("quality of AP")
16 * scan result table filtering (by capability (privacy, IBSS/BSS, WPA/RSN IE,
19 #include <linux/delay.h>
20 #include <linux/if_ether.h>
21 #include <linux/skbuff.h>
22 #include <linux/netdevice.h>
23 #include <linux/if_arp.h>
24 #include <linux/wireless.h>
25 #include <linux/random.h>
26 #include <linux/etherdevice.h>
27 #include <linux/rtnetlink.h>
28 #include <net/iw_handler.h>
29 #include <asm/types.h>
31 #include <net/mac80211.h>
32 #include "ieee80211_i.h"
37 #define IEEE80211_AUTH_TIMEOUT (HZ / 5)
38 #define IEEE80211_AUTH_MAX_TRIES 3
39 #define IEEE80211_ASSOC_TIMEOUT (HZ / 5)
40 #define IEEE80211_ASSOC_MAX_TRIES 3
41 #define IEEE80211_MONITORING_INTERVAL (2 * HZ)
42 #define IEEE80211_MESH_HOUSEKEEPING_INTERVAL (60 * HZ)
43 #define IEEE80211_PROBE_INTERVAL (60 * HZ)
44 #define IEEE80211_RETRY_AUTH_INTERVAL (1 * HZ)
45 #define IEEE80211_SCAN_INTERVAL (2 * HZ)
46 #define IEEE80211_SCAN_INTERVAL_SLOW (15 * HZ)
47 #define IEEE80211_IBSS_JOIN_TIMEOUT (20 * HZ)
49 #define IEEE80211_PROBE_DELAY (HZ / 33)
50 #define IEEE80211_CHANNEL_TIME (HZ / 33)
51 #define IEEE80211_PASSIVE_CHANNEL_TIME (HZ / 5)
52 #define IEEE80211_SCAN_RESULT_EXPIRE (10 * HZ)
53 #define IEEE80211_IBSS_MERGE_INTERVAL (30 * HZ)
54 #define IEEE80211_IBSS_INACTIVITY_LIMIT (60 * HZ)
55 #define IEEE80211_MESH_PEER_INACTIVITY_LIMIT (1800 * HZ)
57 #define IEEE80211_IBSS_MAX_STA_ENTRIES 128
60 #define ERP_INFO_USE_PROTECTION BIT(1)
62 /* mgmt header + 1 byte action code */
63 #define IEEE80211_MIN_ACTION_SIZE (24 + 1)
65 #define IEEE80211_ADDBA_PARAM_POLICY_MASK 0x0002
66 #define IEEE80211_ADDBA_PARAM_TID_MASK 0x003C
67 #define IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK 0xFFA0
68 #define IEEE80211_DELBA_PARAM_TID_MASK 0xF000
69 #define IEEE80211_DELBA_PARAM_INITIATOR_MASK 0x0800
71 /* next values represent the buffer size for A-MPDU frame.
72 * According to IEEE802.11n spec size varies from 8K to 64K (in powers of 2) */
73 #define IEEE80211_MIN_AMPDU_BUF 0x8
74 #define IEEE80211_MAX_AMPDU_BUF 0x40
76 static void ieee80211_send_probe_req(struct net_device *dev, u8 *dst,
77 u8 *ssid, size_t ssid_len);
78 static struct ieee80211_sta_bss *
79 ieee80211_rx_bss_get(struct net_device *dev, u8 *bssid, int freq,
80 u8 *ssid, u8 ssid_len);
81 static void ieee80211_rx_bss_put(struct net_device *dev,
82 struct ieee80211_sta_bss *bss);
83 static int ieee80211_sta_find_ibss(struct net_device *dev,
84 struct ieee80211_if_sta *ifsta);
85 static int ieee80211_sta_wep_configured(struct net_device *dev);
86 static int ieee80211_sta_start_scan(struct net_device *dev,
87 u8 *ssid, size_t ssid_len);
88 static int ieee80211_sta_config_auth(struct net_device *dev,
89 struct ieee80211_if_sta *ifsta);
90 static void sta_rx_agg_session_timer_expired(unsigned long data);
93 void ieee802_11_parse_elems(u8 *start, size_t len,
94 struct ieee802_11_elems *elems)
99 memset(elems, 0, sizeof(*elems));
114 elems->ssid_len = elen;
116 case WLAN_EID_SUPP_RATES:
117 elems->supp_rates = pos;
118 elems->supp_rates_len = elen;
120 case WLAN_EID_FH_PARAMS:
121 elems->fh_params = pos;
122 elems->fh_params_len = elen;
124 case WLAN_EID_DS_PARAMS:
125 elems->ds_params = pos;
126 elems->ds_params_len = elen;
128 case WLAN_EID_CF_PARAMS:
129 elems->cf_params = pos;
130 elems->cf_params_len = elen;
134 elems->tim_len = elen;
136 case WLAN_EID_IBSS_PARAMS:
137 elems->ibss_params = pos;
138 elems->ibss_params_len = elen;
140 case WLAN_EID_CHALLENGE:
141 elems->challenge = pos;
142 elems->challenge_len = elen;
145 if (elen >= 4 && pos[0] == 0x00 && pos[1] == 0x50 &&
147 /* Microsoft OUI (00:50:F2) */
149 /* OUI Type 1 - WPA IE */
151 elems->wpa_len = elen;
152 } else if (elen >= 5 && pos[3] == 2) {
154 elems->wmm_info = pos;
155 elems->wmm_info_len = elen;
156 } else if (pos[4] == 1) {
157 elems->wmm_param = pos;
158 elems->wmm_param_len = elen;
165 elems->rsn_len = elen;
167 case WLAN_EID_ERP_INFO:
168 elems->erp_info = pos;
169 elems->erp_info_len = elen;
171 case WLAN_EID_EXT_SUPP_RATES:
172 elems->ext_supp_rates = pos;
173 elems->ext_supp_rates_len = elen;
175 case WLAN_EID_HT_CAPABILITY:
176 elems->ht_cap_elem = pos;
177 elems->ht_cap_elem_len = elen;
179 case WLAN_EID_HT_EXTRA_INFO:
180 elems->ht_info_elem = pos;
181 elems->ht_info_elem_len = elen;
183 case WLAN_EID_MESH_ID:
184 elems->mesh_id = pos;
185 elems->mesh_id_len = elen;
187 case WLAN_EID_MESH_CONFIG:
188 elems->mesh_config = pos;
189 elems->mesh_config_len = elen;
191 case WLAN_EID_PEER_LINK:
192 elems->peer_link = pos;
193 elems->peer_link_len = elen;
197 elems->preq_len = elen;
201 elems->prep_len = elen;
205 elems->perr_len = elen;
217 static int ecw2cw(int ecw)
219 return (1 << ecw) - 1;
223 static void ieee80211_sta_def_wmm_params(struct net_device *dev,
224 struct ieee80211_sta_bss *bss,
227 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
228 struct ieee80211_local *local = sdata->local;
229 int i, have_higher_than_11mbit = 0;
232 /* cf. IEEE 802.11 9.2.12 */
233 for (i = 0; i < bss->supp_rates_len; i++)
234 if ((bss->supp_rates[i] & 0x7f) * 5 > 110)
235 have_higher_than_11mbit = 1;
237 if (local->hw.conf.channel->band == IEEE80211_BAND_2GHZ &&
238 have_higher_than_11mbit)
239 sdata->flags |= IEEE80211_SDATA_OPERATING_GMODE;
241 sdata->flags &= ~IEEE80211_SDATA_OPERATING_GMODE;
244 if (local->ops->conf_tx) {
245 struct ieee80211_tx_queue_params qparam;
247 memset(&qparam, 0, sizeof(qparam));
251 if (local->hw.conf.channel->band == IEEE80211_BAND_2GHZ &&
252 !(sdata->flags & IEEE80211_SDATA_OPERATING_GMODE))
257 qparam.cw_max = 1023;
260 for (i = 0; i < local_to_hw(local)->queues; i++)
261 local->ops->conf_tx(local_to_hw(local), i, &qparam);
265 static void ieee80211_sta_wmm_params(struct net_device *dev,
266 struct ieee80211_if_sta *ifsta,
267 u8 *wmm_param, size_t wmm_param_len)
269 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
270 struct ieee80211_tx_queue_params params;
275 if (!(ifsta->flags & IEEE80211_STA_WMM_ENABLED))
281 if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1)
283 count = wmm_param[6] & 0x0f;
284 if (count == ifsta->wmm_last_param_set)
286 ifsta->wmm_last_param_set = count;
289 left = wmm_param_len - 8;
291 memset(¶ms, 0, sizeof(params));
293 if (!local->ops->conf_tx)
297 for (; left >= 4; left -= 4, pos += 4) {
298 int aci = (pos[0] >> 5) & 0x03;
299 int acm = (pos[0] >> 4) & 0x01;
306 local->wmm_acm |= BIT(0) | BIT(3);
311 local->wmm_acm |= BIT(4) | BIT(5);
316 local->wmm_acm |= BIT(6) | BIT(7);
322 local->wmm_acm |= BIT(1) | BIT(2);
326 params.aifs = pos[0] & 0x0f;
327 params.cw_max = ecw2cw((pos[1] & 0xf0) >> 4);
328 params.cw_min = ecw2cw(pos[1] & 0x0f);
329 params.txop = pos[2] | (pos[3] << 8);
330 #ifdef CONFIG_MAC80211_DEBUG
331 printk(KERN_DEBUG "%s: WMM queue=%d aci=%d acm=%d aifs=%d "
332 "cWmin=%d cWmax=%d txop=%d\n",
333 dev->name, queue, aci, acm, params.aifs, params.cw_min,
334 params.cw_max, params.txop);
336 /* TODO: handle ACM (block TX, fallback to next lowest allowed
338 if (local->ops->conf_tx(local_to_hw(local), queue, ¶ms)) {
339 printk(KERN_DEBUG "%s: failed to set TX queue "
340 "parameters for queue %d\n", dev->name, queue);
345 static u32 ieee80211_handle_protect_preamb(struct ieee80211_sub_if_data *sdata,
347 bool use_short_preamble)
349 struct ieee80211_bss_conf *bss_conf = &sdata->bss_conf;
350 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
351 DECLARE_MAC_BUF(mac);
354 if (use_protection != bss_conf->use_cts_prot) {
355 if (net_ratelimit()) {
356 printk(KERN_DEBUG "%s: CTS protection %s (BSSID="
359 use_protection ? "enabled" : "disabled",
360 print_mac(mac, ifsta->bssid));
362 bss_conf->use_cts_prot = use_protection;
363 changed |= BSS_CHANGED_ERP_CTS_PROT;
366 if (use_short_preamble != bss_conf->use_short_preamble) {
367 if (net_ratelimit()) {
368 printk(KERN_DEBUG "%s: switched to %s barker preamble"
371 use_short_preamble ? "short" : "long",
372 print_mac(mac, ifsta->bssid));
374 bss_conf->use_short_preamble = use_short_preamble;
375 changed |= BSS_CHANGED_ERP_PREAMBLE;
381 static u32 ieee80211_handle_erp_ie(struct ieee80211_sub_if_data *sdata,
384 bool use_protection = (erp_value & WLAN_ERP_USE_PROTECTION) != 0;
385 bool use_short_preamble = (erp_value & WLAN_ERP_BARKER_PREAMBLE) == 0;
387 return ieee80211_handle_protect_preamb(sdata,
388 use_protection, use_short_preamble);
391 static u32 ieee80211_handle_bss_capability(struct ieee80211_sub_if_data *sdata,
392 struct ieee80211_sta_bss *bss)
396 if (bss->has_erp_value)
397 changed |= ieee80211_handle_erp_ie(sdata, bss->erp_value);
399 u16 capab = bss->capability;
400 changed |= ieee80211_handle_protect_preamb(sdata, false,
401 (capab & WLAN_CAPABILITY_SHORT_PREAMBLE) != 0);
407 int ieee80211_ht_cap_ie_to_ht_info(struct ieee80211_ht_cap *ht_cap_ie,
408 struct ieee80211_ht_info *ht_info)
414 memset(ht_info, 0, sizeof(*ht_info));
417 u8 ampdu_info = ht_cap_ie->ampdu_params_info;
419 ht_info->ht_supported = 1;
420 ht_info->cap = le16_to_cpu(ht_cap_ie->cap_info);
421 ht_info->ampdu_factor =
422 ampdu_info & IEEE80211_HT_CAP_AMPDU_FACTOR;
423 ht_info->ampdu_density =
424 (ampdu_info & IEEE80211_HT_CAP_AMPDU_DENSITY) >> 2;
425 memcpy(ht_info->supp_mcs_set, ht_cap_ie->supp_mcs_set, 16);
427 ht_info->ht_supported = 0;
432 int ieee80211_ht_addt_info_ie_to_ht_bss_info(
433 struct ieee80211_ht_addt_info *ht_add_info_ie,
434 struct ieee80211_ht_bss_info *bss_info)
436 if (bss_info == NULL)
439 memset(bss_info, 0, sizeof(*bss_info));
441 if (ht_add_info_ie) {
443 op_mode = le16_to_cpu(ht_add_info_ie->operation_mode);
445 bss_info->primary_channel = ht_add_info_ie->control_chan;
446 bss_info->bss_cap = ht_add_info_ie->ht_param;
447 bss_info->bss_op_mode = (u8)(op_mode & 0xff);
453 static void ieee80211_sta_send_associnfo(struct net_device *dev,
454 struct ieee80211_if_sta *ifsta)
459 union iwreq_data wrqu;
461 if (!ifsta->assocreq_ies && !ifsta->assocresp_ies)
464 buf = kmalloc(50 + 2 * (ifsta->assocreq_ies_len +
465 ifsta->assocresp_ies_len), GFP_KERNEL);
469 len = sprintf(buf, "ASSOCINFO(");
470 if (ifsta->assocreq_ies) {
471 len += sprintf(buf + len, "ReqIEs=");
472 for (i = 0; i < ifsta->assocreq_ies_len; i++) {
473 len += sprintf(buf + len, "%02x",
474 ifsta->assocreq_ies[i]);
477 if (ifsta->assocresp_ies) {
478 if (ifsta->assocreq_ies)
479 len += sprintf(buf + len, " ");
480 len += sprintf(buf + len, "RespIEs=");
481 for (i = 0; i < ifsta->assocresp_ies_len; i++) {
482 len += sprintf(buf + len, "%02x",
483 ifsta->assocresp_ies[i]);
486 len += sprintf(buf + len, ")");
488 if (len > IW_CUSTOM_MAX) {
489 len = sprintf(buf, "ASSOCRESPIE=");
490 for (i = 0; i < ifsta->assocresp_ies_len; i++) {
491 len += sprintf(buf + len, "%02x",
492 ifsta->assocresp_ies[i]);
496 memset(&wrqu, 0, sizeof(wrqu));
497 wrqu.data.length = len;
498 wireless_send_event(dev, IWEVCUSTOM, &wrqu, buf);
504 static void ieee80211_set_associated(struct net_device *dev,
505 struct ieee80211_if_sta *ifsta,
508 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
509 struct ieee80211_local *local = sdata->local;
510 struct ieee80211_conf *conf = &local_to_hw(local)->conf;
511 union iwreq_data wrqu;
512 u32 changed = BSS_CHANGED_ASSOC;
515 struct ieee80211_sta_bss *bss;
517 ifsta->flags |= IEEE80211_STA_ASSOCIATED;
519 if (sdata->vif.type != IEEE80211_IF_TYPE_STA)
522 bss = ieee80211_rx_bss_get(dev, ifsta->bssid,
523 conf->channel->center_freq,
524 ifsta->ssid, ifsta->ssid_len);
526 /* set timing information */
527 sdata->bss_conf.beacon_int = bss->beacon_int;
528 sdata->bss_conf.timestamp = bss->timestamp;
530 changed |= ieee80211_handle_bss_capability(sdata, bss);
532 ieee80211_rx_bss_put(dev, bss);
535 if (conf->flags & IEEE80211_CONF_SUPPORT_HT_MODE) {
536 changed |= BSS_CHANGED_HT;
537 sdata->bss_conf.assoc_ht = 1;
538 sdata->bss_conf.ht_conf = &conf->ht_conf;
539 sdata->bss_conf.ht_bss_conf = &conf->ht_bss_conf;
542 netif_carrier_on(dev);
543 ifsta->flags |= IEEE80211_STA_PREV_BSSID_SET;
544 memcpy(ifsta->prev_bssid, sdata->u.sta.bssid, ETH_ALEN);
545 memcpy(wrqu.ap_addr.sa_data, sdata->u.sta.bssid, ETH_ALEN);
546 ieee80211_sta_send_associnfo(dev, ifsta);
548 ieee80211_sta_tear_down_BA_sessions(dev, ifsta->bssid);
549 ifsta->flags &= ~IEEE80211_STA_ASSOCIATED;
550 netif_carrier_off(dev);
551 ieee80211_reset_erp_info(dev);
553 sdata->bss_conf.assoc_ht = 0;
554 sdata->bss_conf.ht_conf = NULL;
555 sdata->bss_conf.ht_bss_conf = NULL;
557 memset(wrqu.ap_addr.sa_data, 0, ETH_ALEN);
559 ifsta->last_probe = jiffies;
560 ieee80211_led_assoc(local, assoc);
562 sdata->bss_conf.assoc = assoc;
563 ieee80211_bss_info_change_notify(sdata, changed);
564 wrqu.ap_addr.sa_family = ARPHRD_ETHER;
565 wireless_send_event(dev, SIOCGIWAP, &wrqu, NULL);
568 static void ieee80211_set_disassoc(struct net_device *dev,
569 struct ieee80211_if_sta *ifsta, int deauth)
572 ifsta->auth_tries = 0;
573 ifsta->assoc_tries = 0;
574 ieee80211_set_associated(dev, ifsta, 0);
577 void ieee80211_sta_tx(struct net_device *dev, struct sk_buff *skb,
580 struct ieee80211_sub_if_data *sdata;
581 struct ieee80211_tx_packet_data *pkt_data;
583 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
584 skb->dev = sdata->local->mdev;
585 skb_set_mac_header(skb, 0);
586 skb_set_network_header(skb, 0);
587 skb_set_transport_header(skb, 0);
589 pkt_data = (struct ieee80211_tx_packet_data *) skb->cb;
590 memset(pkt_data, 0, sizeof(struct ieee80211_tx_packet_data));
591 pkt_data->ifindex = sdata->dev->ifindex;
593 pkt_data->flags |= IEEE80211_TXPD_DO_NOT_ENCRYPT;
599 static void ieee80211_send_auth(struct net_device *dev,
600 struct ieee80211_if_sta *ifsta,
601 int transaction, u8 *extra, size_t extra_len,
604 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
606 struct ieee80211_mgmt *mgmt;
608 skb = dev_alloc_skb(local->hw.extra_tx_headroom +
609 sizeof(*mgmt) + 6 + extra_len);
611 printk(KERN_DEBUG "%s: failed to allocate buffer for auth "
612 "frame\n", dev->name);
615 skb_reserve(skb, local->hw.extra_tx_headroom);
617 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24 + 6);
618 memset(mgmt, 0, 24 + 6);
619 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
620 IEEE80211_STYPE_AUTH);
622 mgmt->frame_control |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
623 memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
624 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
625 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
626 mgmt->u.auth.auth_alg = cpu_to_le16(ifsta->auth_alg);
627 mgmt->u.auth.auth_transaction = cpu_to_le16(transaction);
628 ifsta->auth_transaction = transaction + 1;
629 mgmt->u.auth.status_code = cpu_to_le16(0);
631 memcpy(skb_put(skb, extra_len), extra, extra_len);
633 ieee80211_sta_tx(dev, skb, encrypt);
637 static void ieee80211_authenticate(struct net_device *dev,
638 struct ieee80211_if_sta *ifsta)
640 DECLARE_MAC_BUF(mac);
643 if (ifsta->auth_tries > IEEE80211_AUTH_MAX_TRIES) {
644 printk(KERN_DEBUG "%s: authentication with AP %s"
646 dev->name, print_mac(mac, ifsta->bssid));
647 ifsta->state = IEEE80211_DISABLED;
651 ifsta->state = IEEE80211_AUTHENTICATE;
652 printk(KERN_DEBUG "%s: authenticate with AP %s\n",
653 dev->name, print_mac(mac, ifsta->bssid));
655 ieee80211_send_auth(dev, ifsta, 1, NULL, 0, 0);
657 mod_timer(&ifsta->timer, jiffies + IEEE80211_AUTH_TIMEOUT);
660 static int ieee80211_compatible_rates(struct ieee80211_sta_bss *bss,
661 struct ieee80211_supported_band *sband,
667 for (i = 0; i < bss->supp_rates_len; i++) {
668 int rate = (bss->supp_rates[i] & 0x7F) * 5;
670 for (j = 0; j < sband->n_bitrates; j++)
671 if (sband->bitrates[j].bitrate == rate) {
681 static void ieee80211_send_assoc(struct net_device *dev,
682 struct ieee80211_if_sta *ifsta)
684 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
686 struct ieee80211_mgmt *mgmt;
688 int i, len, count, rates_len, supp_rates_len;
690 struct ieee80211_sta_bss *bss;
692 struct ieee80211_supported_band *sband;
695 skb = dev_alloc_skb(local->hw.extra_tx_headroom +
696 sizeof(*mgmt) + 200 + ifsta->extra_ie_len +
699 printk(KERN_DEBUG "%s: failed to allocate buffer for assoc "
700 "frame\n", dev->name);
703 skb_reserve(skb, local->hw.extra_tx_headroom);
705 sband = local->hw.wiphy->bands[local->hw.conf.channel->band];
707 capab = ifsta->capab;
709 if (local->hw.conf.channel->band == IEEE80211_BAND_2GHZ) {
710 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE))
711 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME;
712 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE))
713 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE;
716 bss = ieee80211_rx_bss_get(dev, ifsta->bssid,
717 local->hw.conf.channel->center_freq,
718 ifsta->ssid, ifsta->ssid_len);
720 if (bss->capability & WLAN_CAPABILITY_PRIVACY)
721 capab |= WLAN_CAPABILITY_PRIVACY;
724 ieee80211_rx_bss_put(dev, bss);
727 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
729 memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
730 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
731 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
733 if (ifsta->flags & IEEE80211_STA_PREV_BSSID_SET) {
735 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
736 IEEE80211_STYPE_REASSOC_REQ);
737 mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab);
738 mgmt->u.reassoc_req.listen_interval = cpu_to_le16(1);
739 memcpy(mgmt->u.reassoc_req.current_ap, ifsta->prev_bssid,
743 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
744 IEEE80211_STYPE_ASSOC_REQ);
745 mgmt->u.assoc_req.capab_info = cpu_to_le16(capab);
746 mgmt->u.assoc_req.listen_interval = cpu_to_le16(1);
750 ies = pos = skb_put(skb, 2 + ifsta->ssid_len);
751 *pos++ = WLAN_EID_SSID;
752 *pos++ = ifsta->ssid_len;
753 memcpy(pos, ifsta->ssid, ifsta->ssid_len);
755 /* all supported rates should be added here but some APs
756 * (e.g. D-Link DAP 1353 in b-only mode) don't like that
757 * Therefore only add rates the AP supports */
758 rates_len = ieee80211_compatible_rates(bss, sband, &rates);
759 supp_rates_len = rates_len;
760 if (supp_rates_len > 8)
763 len = sband->n_bitrates;
764 pos = skb_put(skb, supp_rates_len + 2);
765 *pos++ = WLAN_EID_SUPP_RATES;
766 *pos++ = supp_rates_len;
769 for (i = 0; i < sband->n_bitrates; i++) {
770 if (BIT(i) & rates) {
771 int rate = sband->bitrates[i].bitrate;
772 *pos++ = (u8) (rate / 5);
779 pos = skb_put(skb, rates_len - count + 2);
780 *pos++ = WLAN_EID_EXT_SUPP_RATES;
781 *pos++ = rates_len - count;
783 for (i++; i < sband->n_bitrates; i++) {
784 if (BIT(i) & rates) {
785 int rate = sband->bitrates[i].bitrate;
786 *pos++ = (u8) (rate / 5);
791 if (ifsta->extra_ie) {
792 pos = skb_put(skb, ifsta->extra_ie_len);
793 memcpy(pos, ifsta->extra_ie, ifsta->extra_ie_len);
796 if (wmm && (ifsta->flags & IEEE80211_STA_WMM_ENABLED)) {
797 pos = skb_put(skb, 9);
798 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
799 *pos++ = 7; /* len */
800 *pos++ = 0x00; /* Microsoft OUI 00:50:F2 */
803 *pos++ = 2; /* WME */
804 *pos++ = 0; /* WME info */
805 *pos++ = 1; /* WME ver */
809 /* wmm support is a must to HT */
810 if (wmm && (ifsta->flags & IEEE80211_STA_WMM_ENABLED) &&
811 sband->ht_info.ht_supported) {
812 __le16 tmp = cpu_to_le16(sband->ht_info.cap);
813 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap)+2);
814 *pos++ = WLAN_EID_HT_CAPABILITY;
815 *pos++ = sizeof(struct ieee80211_ht_cap);
816 memset(pos, 0, sizeof(struct ieee80211_ht_cap));
817 memcpy(pos, &tmp, sizeof(u16));
819 /* TODO: needs a define here for << 2 */
820 *pos++ = sband->ht_info.ampdu_factor |
821 (sband->ht_info.ampdu_density << 2);
822 memcpy(pos, sband->ht_info.supp_mcs_set, 16);
825 kfree(ifsta->assocreq_ies);
826 ifsta->assocreq_ies_len = (skb->data + skb->len) - ies;
827 ifsta->assocreq_ies = kmalloc(ifsta->assocreq_ies_len, GFP_KERNEL);
828 if (ifsta->assocreq_ies)
829 memcpy(ifsta->assocreq_ies, ies, ifsta->assocreq_ies_len);
831 ieee80211_sta_tx(dev, skb, 0);
835 static void ieee80211_send_deauth(struct net_device *dev,
836 struct ieee80211_if_sta *ifsta, u16 reason)
838 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
840 struct ieee80211_mgmt *mgmt;
842 skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt));
844 printk(KERN_DEBUG "%s: failed to allocate buffer for deauth "
845 "frame\n", dev->name);
848 skb_reserve(skb, local->hw.extra_tx_headroom);
850 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
852 memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
853 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
854 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
855 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
856 IEEE80211_STYPE_DEAUTH);
858 mgmt->u.deauth.reason_code = cpu_to_le16(reason);
860 ieee80211_sta_tx(dev, skb, 0);
864 static void ieee80211_send_disassoc(struct net_device *dev,
865 struct ieee80211_if_sta *ifsta, u16 reason)
867 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
869 struct ieee80211_mgmt *mgmt;
871 skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt));
873 printk(KERN_DEBUG "%s: failed to allocate buffer for disassoc "
874 "frame\n", dev->name);
877 skb_reserve(skb, local->hw.extra_tx_headroom);
879 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
881 memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
882 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
883 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
884 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
885 IEEE80211_STYPE_DISASSOC);
887 mgmt->u.disassoc.reason_code = cpu_to_le16(reason);
889 ieee80211_sta_tx(dev, skb, 0);
893 static int ieee80211_privacy_mismatch(struct net_device *dev,
894 struct ieee80211_if_sta *ifsta)
896 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
897 struct ieee80211_sta_bss *bss;
902 if (!ifsta || (ifsta->flags & IEEE80211_STA_MIXED_CELL))
905 bss = ieee80211_rx_bss_get(dev, ifsta->bssid,
906 local->hw.conf.channel->center_freq,
907 ifsta->ssid, ifsta->ssid_len);
911 bss_privacy = !!(bss->capability & WLAN_CAPABILITY_PRIVACY);
912 wep_privacy = !!ieee80211_sta_wep_configured(dev);
913 privacy_invoked = !!(ifsta->flags & IEEE80211_STA_PRIVACY_INVOKED);
915 ieee80211_rx_bss_put(dev, bss);
917 if ((bss_privacy == wep_privacy) || (bss_privacy == privacy_invoked))
924 static void ieee80211_associate(struct net_device *dev,
925 struct ieee80211_if_sta *ifsta)
927 DECLARE_MAC_BUF(mac);
929 ifsta->assoc_tries++;
930 if (ifsta->assoc_tries > IEEE80211_ASSOC_MAX_TRIES) {
931 printk(KERN_DEBUG "%s: association with AP %s"
933 dev->name, print_mac(mac, ifsta->bssid));
934 ifsta->state = IEEE80211_DISABLED;
938 ifsta->state = IEEE80211_ASSOCIATE;
939 printk(KERN_DEBUG "%s: associate with AP %s\n",
940 dev->name, print_mac(mac, ifsta->bssid));
941 if (ieee80211_privacy_mismatch(dev, ifsta)) {
942 printk(KERN_DEBUG "%s: mismatch in privacy configuration and "
943 "mixed-cell disabled - abort association\n", dev->name);
944 ifsta->state = IEEE80211_DISABLED;
948 ieee80211_send_assoc(dev, ifsta);
950 mod_timer(&ifsta->timer, jiffies + IEEE80211_ASSOC_TIMEOUT);
954 static void ieee80211_associated(struct net_device *dev,
955 struct ieee80211_if_sta *ifsta)
957 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
958 struct sta_info *sta;
960 DECLARE_MAC_BUF(mac);
962 /* TODO: start monitoring current AP signal quality and number of
963 * missed beacons. Scan other channels every now and then and search
965 /* TODO: remove expired BSSes */
967 ifsta->state = IEEE80211_ASSOCIATED;
971 sta = sta_info_get(local, ifsta->bssid);
973 printk(KERN_DEBUG "%s: No STA entry for own AP %s\n",
974 dev->name, print_mac(mac, ifsta->bssid));
978 if (time_after(jiffies,
979 sta->last_rx + IEEE80211_MONITORING_INTERVAL)) {
980 if (ifsta->flags & IEEE80211_STA_PROBEREQ_POLL) {
981 printk(KERN_DEBUG "%s: No ProbeResp from "
982 "current AP %s - assume out of "
984 dev->name, print_mac(mac, ifsta->bssid));
986 sta_info_unlink(&sta);
988 ieee80211_send_probe_req(dev, ifsta->bssid,
990 local->scan_ssid_len);
991 ifsta->flags ^= IEEE80211_STA_PROBEREQ_POLL;
993 ifsta->flags &= ~IEEE80211_STA_PROBEREQ_POLL;
994 if (time_after(jiffies, ifsta->last_probe +
995 IEEE80211_PROBE_INTERVAL)) {
996 ifsta->last_probe = jiffies;
997 ieee80211_send_probe_req(dev, ifsta->bssid,
1006 if (disassoc && sta)
1007 sta_info_destroy(sta);
1010 ifsta->state = IEEE80211_DISABLED;
1011 ieee80211_set_associated(dev, ifsta, 0);
1013 mod_timer(&ifsta->timer, jiffies +
1014 IEEE80211_MONITORING_INTERVAL);
1019 static void ieee80211_send_probe_req(struct net_device *dev, u8 *dst,
1020 u8 *ssid, size_t ssid_len)
1022 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1023 struct ieee80211_supported_band *sband;
1024 struct sk_buff *skb;
1025 struct ieee80211_mgmt *mgmt;
1026 u8 *pos, *supp_rates, *esupp_rates = NULL;
1029 skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt) + 200);
1031 printk(KERN_DEBUG "%s: failed to allocate buffer for probe "
1032 "request\n", dev->name);
1035 skb_reserve(skb, local->hw.extra_tx_headroom);
1037 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
1038 memset(mgmt, 0, 24);
1039 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
1040 IEEE80211_STYPE_PROBE_REQ);
1041 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
1043 memcpy(mgmt->da, dst, ETH_ALEN);
1044 memcpy(mgmt->bssid, dst, ETH_ALEN);
1046 memset(mgmt->da, 0xff, ETH_ALEN);
1047 memset(mgmt->bssid, 0xff, ETH_ALEN);
1049 pos = skb_put(skb, 2 + ssid_len);
1050 *pos++ = WLAN_EID_SSID;
1052 memcpy(pos, ssid, ssid_len);
1054 supp_rates = skb_put(skb, 2);
1055 supp_rates[0] = WLAN_EID_SUPP_RATES;
1057 sband = local->hw.wiphy->bands[local->hw.conf.channel->band];
1059 for (i = 0; i < sband->n_bitrates; i++) {
1060 struct ieee80211_rate *rate = &sband->bitrates[i];
1062 pos = skb_put(skb, 1);
1064 } else if (supp_rates[1] == 8) {
1065 esupp_rates = skb_put(skb, 3);
1066 esupp_rates[0] = WLAN_EID_EXT_SUPP_RATES;
1068 pos = &esupp_rates[2];
1070 pos = skb_put(skb, 1);
1073 *pos = rate->bitrate / 5;
1076 ieee80211_sta_tx(dev, skb, 0);
1080 static int ieee80211_sta_wep_configured(struct net_device *dev)
1082 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1083 if (!sdata || !sdata->default_key ||
1084 sdata->default_key->conf.alg != ALG_WEP)
1090 static void ieee80211_auth_completed(struct net_device *dev,
1091 struct ieee80211_if_sta *ifsta)
1093 printk(KERN_DEBUG "%s: authenticated\n", dev->name);
1094 ifsta->flags |= IEEE80211_STA_AUTHENTICATED;
1095 ieee80211_associate(dev, ifsta);
1099 static void ieee80211_auth_challenge(struct net_device *dev,
1100 struct ieee80211_if_sta *ifsta,
1101 struct ieee80211_mgmt *mgmt,
1105 struct ieee802_11_elems elems;
1107 printk(KERN_DEBUG "%s: replying to auth challenge\n", dev->name);
1108 pos = mgmt->u.auth.variable;
1109 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems);
1110 if (!elems.challenge) {
1111 printk(KERN_DEBUG "%s: no challenge IE in shared key auth "
1112 "frame\n", dev->name);
1115 ieee80211_send_auth(dev, ifsta, 3, elems.challenge - 2,
1116 elems.challenge_len + 2, 1);
1119 static void ieee80211_send_addba_resp(struct net_device *dev, u8 *da, u16 tid,
1120 u8 dialog_token, u16 status, u16 policy,
1121 u16 buf_size, u16 timeout)
1123 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1124 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
1125 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1126 struct sk_buff *skb;
1127 struct ieee80211_mgmt *mgmt;
1130 skb = dev_alloc_skb(sizeof(*mgmt) + local->hw.extra_tx_headroom);
1133 printk(KERN_DEBUG "%s: failed to allocate buffer "
1134 "for addba resp frame\n", dev->name);
1138 skb_reserve(skb, local->hw.extra_tx_headroom);
1139 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
1140 memset(mgmt, 0, 24);
1141 memcpy(mgmt->da, da, ETH_ALEN);
1142 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
1143 if (sdata->vif.type == IEEE80211_IF_TYPE_AP)
1144 memcpy(mgmt->bssid, dev->dev_addr, ETH_ALEN);
1146 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
1147 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
1148 IEEE80211_STYPE_ACTION);
1150 skb_put(skb, 1 + sizeof(mgmt->u.action.u.addba_resp));
1151 mgmt->u.action.category = WLAN_CATEGORY_BACK;
1152 mgmt->u.action.u.addba_resp.action_code = WLAN_ACTION_ADDBA_RESP;
1153 mgmt->u.action.u.addba_resp.dialog_token = dialog_token;
1155 capab = (u16)(policy << 1); /* bit 1 aggregation policy */
1156 capab |= (u16)(tid << 2); /* bit 5:2 TID number */
1157 capab |= (u16)(buf_size << 6); /* bit 15:6 max size of aggregation */
1159 mgmt->u.action.u.addba_resp.capab = cpu_to_le16(capab);
1160 mgmt->u.action.u.addba_resp.timeout = cpu_to_le16(timeout);
1161 mgmt->u.action.u.addba_resp.status = cpu_to_le16(status);
1163 ieee80211_sta_tx(dev, skb, 0);
1168 void ieee80211_send_addba_request(struct net_device *dev, const u8 *da,
1169 u16 tid, u8 dialog_token, u16 start_seq_num,
1170 u16 agg_size, u16 timeout)
1172 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1173 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1174 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
1175 struct sk_buff *skb;
1176 struct ieee80211_mgmt *mgmt;
1179 skb = dev_alloc_skb(sizeof(*mgmt) + local->hw.extra_tx_headroom);
1182 printk(KERN_ERR "%s: failed to allocate buffer "
1183 "for addba request frame\n", dev->name);
1186 skb_reserve(skb, local->hw.extra_tx_headroom);
1187 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
1188 memset(mgmt, 0, 24);
1189 memcpy(mgmt->da, da, ETH_ALEN);
1190 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
1191 if (sdata->vif.type == IEEE80211_IF_TYPE_AP)
1192 memcpy(mgmt->bssid, dev->dev_addr, ETH_ALEN);
1194 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
1196 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
1197 IEEE80211_STYPE_ACTION);
1199 skb_put(skb, 1 + sizeof(mgmt->u.action.u.addba_req));
1201 mgmt->u.action.category = WLAN_CATEGORY_BACK;
1202 mgmt->u.action.u.addba_req.action_code = WLAN_ACTION_ADDBA_REQ;
1204 mgmt->u.action.u.addba_req.dialog_token = dialog_token;
1205 capab = (u16)(1 << 1); /* bit 1 aggregation policy */
1206 capab |= (u16)(tid << 2); /* bit 5:2 TID number */
1207 capab |= (u16)(agg_size << 6); /* bit 15:6 max size of aggergation */
1209 mgmt->u.action.u.addba_req.capab = cpu_to_le16(capab);
1211 mgmt->u.action.u.addba_req.timeout = cpu_to_le16(timeout);
1212 mgmt->u.action.u.addba_req.start_seq_num =
1213 cpu_to_le16(start_seq_num << 4);
1215 ieee80211_sta_tx(dev, skb, 0);
1218 static void ieee80211_sta_process_addba_request(struct net_device *dev,
1219 struct ieee80211_mgmt *mgmt,
1222 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1223 struct ieee80211_hw *hw = &local->hw;
1224 struct ieee80211_conf *conf = &hw->conf;
1225 struct sta_info *sta;
1226 struct tid_ampdu_rx *tid_agg_rx;
1227 u16 capab, tid, timeout, ba_policy, buf_size, start_seq_num, status;
1229 int ret = -EOPNOTSUPP;
1230 DECLARE_MAC_BUF(mac);
1234 sta = sta_info_get(local, mgmt->sa);
1240 /* extract session parameters from addba request frame */
1241 dialog_token = mgmt->u.action.u.addba_req.dialog_token;
1242 timeout = le16_to_cpu(mgmt->u.action.u.addba_req.timeout);
1244 le16_to_cpu(mgmt->u.action.u.addba_req.start_seq_num) >> 4;
1246 capab = le16_to_cpu(mgmt->u.action.u.addba_req.capab);
1247 ba_policy = (capab & IEEE80211_ADDBA_PARAM_POLICY_MASK) >> 1;
1248 tid = (capab & IEEE80211_ADDBA_PARAM_TID_MASK) >> 2;
1249 buf_size = (capab & IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK) >> 6;
1251 status = WLAN_STATUS_REQUEST_DECLINED;
1253 /* sanity check for incoming parameters:
1254 * check if configuration can support the BA policy
1255 * and if buffer size does not exceeds max value */
1256 if (((ba_policy != 1)
1257 && (!(conf->ht_conf.cap & IEEE80211_HT_CAP_DELAY_BA)))
1258 || (buf_size > IEEE80211_MAX_AMPDU_BUF)) {
1259 status = WLAN_STATUS_INVALID_QOS_PARAM;
1260 #ifdef CONFIG_MAC80211_HT_DEBUG
1261 if (net_ratelimit())
1262 printk(KERN_DEBUG "AddBA Req with bad params from "
1263 "%s on tid %u. policy %d, buffer size %d\n",
1264 print_mac(mac, mgmt->sa), tid, ba_policy,
1266 #endif /* CONFIG_MAC80211_HT_DEBUG */
1269 /* determine default buffer size */
1270 if (buf_size == 0) {
1271 struct ieee80211_supported_band *sband;
1273 sband = local->hw.wiphy->bands[conf->channel->band];
1274 buf_size = IEEE80211_MIN_AMPDU_BUF;
1275 buf_size = buf_size << sband->ht_info.ampdu_factor;
1279 /* examine state machine */
1280 spin_lock_bh(&sta->lock);
1282 if (sta->ampdu_mlme.tid_state_rx[tid] != HT_AGG_STATE_IDLE) {
1283 #ifdef CONFIG_MAC80211_HT_DEBUG
1284 if (net_ratelimit())
1285 printk(KERN_DEBUG "unexpected AddBA Req from "
1287 print_mac(mac, mgmt->sa), tid);
1288 #endif /* CONFIG_MAC80211_HT_DEBUG */
1292 /* prepare A-MPDU MLME for Rx aggregation */
1293 sta->ampdu_mlme.tid_rx[tid] =
1294 kmalloc(sizeof(struct tid_ampdu_rx), GFP_ATOMIC);
1295 if (!sta->ampdu_mlme.tid_rx[tid]) {
1296 if (net_ratelimit())
1297 printk(KERN_ERR "allocate rx mlme to tid %d failed\n",
1302 sta->ampdu_mlme.tid_rx[tid]->session_timer.function =
1303 sta_rx_agg_session_timer_expired;
1304 sta->ampdu_mlme.tid_rx[tid]->session_timer.data =
1305 (unsigned long)&sta->timer_to_tid[tid];
1306 init_timer(&sta->ampdu_mlme.tid_rx[tid]->session_timer);
1308 tid_agg_rx = sta->ampdu_mlme.tid_rx[tid];
1310 /* prepare reordering buffer */
1311 tid_agg_rx->reorder_buf =
1312 kmalloc(buf_size * sizeof(struct sk_buf *), GFP_ATOMIC);
1313 if (!tid_agg_rx->reorder_buf) {
1314 if (net_ratelimit())
1315 printk(KERN_ERR "can not allocate reordering buffer "
1316 "to tid %d\n", tid);
1317 kfree(sta->ampdu_mlme.tid_rx[tid]);
1320 memset(tid_agg_rx->reorder_buf, 0,
1321 buf_size * sizeof(struct sk_buf *));
1323 if (local->ops->ampdu_action)
1324 ret = local->ops->ampdu_action(hw, IEEE80211_AMPDU_RX_START,
1325 sta->addr, tid, &start_seq_num);
1326 #ifdef CONFIG_MAC80211_HT_DEBUG
1327 printk(KERN_DEBUG "Rx A-MPDU request on tid %d result %d\n", tid, ret);
1328 #endif /* CONFIG_MAC80211_HT_DEBUG */
1331 kfree(tid_agg_rx->reorder_buf);
1333 sta->ampdu_mlme.tid_rx[tid] = NULL;
1337 /* change state and send addba resp */
1338 sta->ampdu_mlme.tid_state_rx[tid] = HT_AGG_STATE_OPERATIONAL;
1339 tid_agg_rx->dialog_token = dialog_token;
1340 tid_agg_rx->ssn = start_seq_num;
1341 tid_agg_rx->head_seq_num = start_seq_num;
1342 tid_agg_rx->buf_size = buf_size;
1343 tid_agg_rx->timeout = timeout;
1344 tid_agg_rx->stored_mpdu_num = 0;
1345 status = WLAN_STATUS_SUCCESS;
1347 spin_unlock_bh(&sta->lock);
1350 ieee80211_send_addba_resp(sta->sdata->dev, sta->addr, tid,
1351 dialog_token, status, 1, buf_size, timeout);
1355 static void ieee80211_sta_process_addba_resp(struct net_device *dev,
1356 struct ieee80211_mgmt *mgmt,
1359 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1360 struct ieee80211_hw *hw = &local->hw;
1361 struct sta_info *sta;
1368 sta = sta_info_get(local, mgmt->sa);
1374 capab = le16_to_cpu(mgmt->u.action.u.addba_resp.capab);
1375 tid = (capab & IEEE80211_ADDBA_PARAM_TID_MASK) >> 2;
1377 state = &sta->ampdu_mlme.tid_state_tx[tid];
1379 spin_lock_bh(&sta->lock);
1381 if (!(*state & HT_ADDBA_REQUESTED_MSK)) {
1382 spin_unlock_bh(&sta->lock);
1383 printk(KERN_DEBUG "state not HT_ADDBA_REQUESTED_MSK:"
1385 goto addba_resp_exit;
1388 if (mgmt->u.action.u.addba_resp.dialog_token !=
1389 sta->ampdu_mlme.tid_tx[tid]->dialog_token) {
1390 spin_unlock_bh(&sta->lock);
1391 #ifdef CONFIG_MAC80211_HT_DEBUG
1392 printk(KERN_DEBUG "wrong addBA response token, tid %d\n", tid);
1393 #endif /* CONFIG_MAC80211_HT_DEBUG */
1394 goto addba_resp_exit;
1397 del_timer_sync(&sta->ampdu_mlme.tid_tx[tid]->addba_resp_timer);
1398 #ifdef CONFIG_MAC80211_HT_DEBUG
1399 printk(KERN_DEBUG "switched off addBA timer for tid %d \n", tid);
1400 #endif /* CONFIG_MAC80211_HT_DEBUG */
1401 if (le16_to_cpu(mgmt->u.action.u.addba_resp.status)
1402 == WLAN_STATUS_SUCCESS) {
1403 if (*state & HT_ADDBA_RECEIVED_MSK)
1404 printk(KERN_DEBUG "double addBA response\n");
1406 *state |= HT_ADDBA_RECEIVED_MSK;
1407 sta->ampdu_mlme.addba_req_num[tid] = 0;
1409 if (*state == HT_AGG_STATE_OPERATIONAL) {
1410 printk(KERN_DEBUG "Aggregation on for tid %d \n", tid);
1411 ieee80211_wake_queue(hw, sta->tid_to_tx_q[tid]);
1414 spin_unlock_bh(&sta->lock);
1415 printk(KERN_DEBUG "recipient accepted agg: tid %d \n", tid);
1417 printk(KERN_DEBUG "recipient rejected agg: tid %d \n", tid);
1419 sta->ampdu_mlme.addba_req_num[tid]++;
1420 /* this will allow the state check in stop_BA_session */
1421 *state = HT_AGG_STATE_OPERATIONAL;
1422 spin_unlock_bh(&sta->lock);
1423 ieee80211_stop_tx_ba_session(hw, sta->addr, tid,
1424 WLAN_BACK_INITIATOR);
1431 void ieee80211_send_delba(struct net_device *dev, const u8 *da, u16 tid,
1432 u16 initiator, u16 reason_code)
1434 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1435 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1436 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
1437 struct sk_buff *skb;
1438 struct ieee80211_mgmt *mgmt;
1441 skb = dev_alloc_skb(sizeof(*mgmt) + local->hw.extra_tx_headroom);
1444 printk(KERN_ERR "%s: failed to allocate buffer "
1445 "for delba frame\n", dev->name);
1449 skb_reserve(skb, local->hw.extra_tx_headroom);
1450 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
1451 memset(mgmt, 0, 24);
1452 memcpy(mgmt->da, da, ETH_ALEN);
1453 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
1454 if (sdata->vif.type == IEEE80211_IF_TYPE_AP)
1455 memcpy(mgmt->bssid, dev->dev_addr, ETH_ALEN);
1457 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
1458 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
1459 IEEE80211_STYPE_ACTION);
1461 skb_put(skb, 1 + sizeof(mgmt->u.action.u.delba));
1463 mgmt->u.action.category = WLAN_CATEGORY_BACK;
1464 mgmt->u.action.u.delba.action_code = WLAN_ACTION_DELBA;
1465 params = (u16)(initiator << 11); /* bit 11 initiator */
1466 params |= (u16)(tid << 12); /* bit 15:12 TID number */
1468 mgmt->u.action.u.delba.params = cpu_to_le16(params);
1469 mgmt->u.action.u.delba.reason_code = cpu_to_le16(reason_code);
1471 ieee80211_sta_tx(dev, skb, 0);
1474 void ieee80211_sta_stop_rx_ba_session(struct net_device *dev, u8 *ra, u16 tid,
1475 u16 initiator, u16 reason)
1477 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1478 struct ieee80211_hw *hw = &local->hw;
1479 struct sta_info *sta;
1481 DECLARE_MAC_BUF(mac);
1485 sta = sta_info_get(local, ra);
1491 /* check if TID is in operational state */
1492 spin_lock_bh(&sta->lock);
1493 if (sta->ampdu_mlme.tid_state_rx[tid]
1494 != HT_AGG_STATE_OPERATIONAL) {
1495 spin_unlock_bh(&sta->lock);
1499 sta->ampdu_mlme.tid_state_rx[tid] =
1500 HT_AGG_STATE_REQ_STOP_BA_MSK |
1501 (initiator << HT_AGG_STATE_INITIATOR_SHIFT);
1502 spin_unlock_bh(&sta->lock);
1504 /* stop HW Rx aggregation. ampdu_action existence
1505 * already verified in session init so we add the BUG_ON */
1506 BUG_ON(!local->ops->ampdu_action);
1508 #ifdef CONFIG_MAC80211_HT_DEBUG
1509 printk(KERN_DEBUG "Rx BA session stop requested for %s tid %u\n",
1510 print_mac(mac, ra), tid);
1511 #endif /* CONFIG_MAC80211_HT_DEBUG */
1513 ret = local->ops->ampdu_action(hw, IEEE80211_AMPDU_RX_STOP,
1516 printk(KERN_DEBUG "HW problem - can not stop rx "
1517 "aggergation for tid %d\n", tid);
1519 /* shutdown timer has not expired */
1520 if (initiator != WLAN_BACK_TIMER)
1521 del_timer_sync(&sta->ampdu_mlme.tid_rx[tid]->session_timer);
1523 /* check if this is a self generated aggregation halt */
1524 if (initiator == WLAN_BACK_RECIPIENT || initiator == WLAN_BACK_TIMER)
1525 ieee80211_send_delba(dev, ra, tid, 0, reason);
1527 /* free the reordering buffer */
1528 for (i = 0; i < sta->ampdu_mlme.tid_rx[tid]->buf_size; i++) {
1529 if (sta->ampdu_mlme.tid_rx[tid]->reorder_buf[i]) {
1530 /* release the reordered frames */
1531 dev_kfree_skb(sta->ampdu_mlme.tid_rx[tid]->reorder_buf[i]);
1532 sta->ampdu_mlme.tid_rx[tid]->stored_mpdu_num--;
1533 sta->ampdu_mlme.tid_rx[tid]->reorder_buf[i] = NULL;
1536 /* free resources */
1537 kfree(sta->ampdu_mlme.tid_rx[tid]->reorder_buf);
1538 kfree(sta->ampdu_mlme.tid_rx[tid]);
1539 sta->ampdu_mlme.tid_rx[tid] = NULL;
1540 sta->ampdu_mlme.tid_state_rx[tid] = HT_AGG_STATE_IDLE;
1546 static void ieee80211_sta_process_delba(struct net_device *dev,
1547 struct ieee80211_mgmt *mgmt, size_t len)
1549 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1550 struct sta_info *sta;
1553 DECLARE_MAC_BUF(mac);
1557 sta = sta_info_get(local, mgmt->sa);
1563 params = le16_to_cpu(mgmt->u.action.u.delba.params);
1564 tid = (params & IEEE80211_DELBA_PARAM_TID_MASK) >> 12;
1565 initiator = (params & IEEE80211_DELBA_PARAM_INITIATOR_MASK) >> 11;
1567 #ifdef CONFIG_MAC80211_HT_DEBUG
1568 if (net_ratelimit())
1569 printk(KERN_DEBUG "delba from %s (%s) tid %d reason code %d\n",
1570 print_mac(mac, mgmt->sa),
1571 initiator ? "initiator" : "recipient", tid,
1572 mgmt->u.action.u.delba.reason_code);
1573 #endif /* CONFIG_MAC80211_HT_DEBUG */
1575 if (initiator == WLAN_BACK_INITIATOR)
1576 ieee80211_sta_stop_rx_ba_session(dev, sta->addr, tid,
1577 WLAN_BACK_INITIATOR, 0);
1578 else { /* WLAN_BACK_RECIPIENT */
1579 spin_lock_bh(&sta->lock);
1580 sta->ampdu_mlme.tid_state_tx[tid] =
1581 HT_AGG_STATE_OPERATIONAL;
1582 spin_unlock_bh(&sta->lock);
1583 ieee80211_stop_tx_ba_session(&local->hw, sta->addr, tid,
1584 WLAN_BACK_RECIPIENT);
1590 * After sending add Block Ack request we activated a timer until
1591 * add Block Ack response will arrive from the recipient.
1592 * If this timer expires sta_addba_resp_timer_expired will be executed.
1594 void sta_addba_resp_timer_expired(unsigned long data)
1596 /* not an elegant detour, but there is no choice as the timer passes
1597 * only one argument, and both sta_info and TID are needed, so init
1598 * flow in sta_info_create gives the TID as data, while the timer_to_id
1599 * array gives the sta through container_of */
1600 u16 tid = *(int *)data;
1601 struct sta_info *temp_sta = container_of((void *)data,
1602 struct sta_info, timer_to_tid[tid]);
1604 struct ieee80211_local *local = temp_sta->local;
1605 struct ieee80211_hw *hw = &local->hw;
1606 struct sta_info *sta;
1611 sta = sta_info_get(local, temp_sta->addr);
1617 state = &sta->ampdu_mlme.tid_state_tx[tid];
1618 /* check if the TID waits for addBA response */
1619 spin_lock_bh(&sta->lock);
1620 if (!(*state & HT_ADDBA_REQUESTED_MSK)) {
1621 spin_unlock_bh(&sta->lock);
1622 *state = HT_AGG_STATE_IDLE;
1623 printk(KERN_DEBUG "timer expired on tid %d but we are not "
1624 "expecting addBA response there", tid);
1625 goto timer_expired_exit;
1628 printk(KERN_DEBUG "addBA response timer expired on tid %d\n", tid);
1630 /* go through the state check in stop_BA_session */
1631 *state = HT_AGG_STATE_OPERATIONAL;
1632 spin_unlock_bh(&sta->lock);
1633 ieee80211_stop_tx_ba_session(hw, temp_sta->addr, tid,
1634 WLAN_BACK_INITIATOR);
1641 * After accepting the AddBA Request we activated a timer,
1642 * resetting it after each frame that arrives from the originator.
1643 * if this timer expires ieee80211_sta_stop_rx_ba_session will be executed.
1645 static void sta_rx_agg_session_timer_expired(unsigned long data)
1647 /* not an elegant detour, but there is no choice as the timer passes
1648 * only one argument, and verious sta_info are needed here, so init
1649 * flow in sta_info_create gives the TID as data, while the timer_to_id
1650 * array gives the sta through container_of */
1651 u8 *ptid = (u8 *)data;
1652 u8 *timer_to_id = ptid - *ptid;
1653 struct sta_info *sta = container_of(timer_to_id, struct sta_info,
1656 printk(KERN_DEBUG "rx session timer expired on tid %d\n", (u16)*ptid);
1657 ieee80211_sta_stop_rx_ba_session(sta->sdata->dev, sta->addr,
1658 (u16)*ptid, WLAN_BACK_TIMER,
1659 WLAN_REASON_QSTA_TIMEOUT);
1662 void ieee80211_sta_tear_down_BA_sessions(struct net_device *dev, u8 *addr)
1664 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1667 for (i = 0; i < STA_TID_NUM; i++) {
1668 ieee80211_stop_tx_ba_session(&local->hw, addr, i,
1669 WLAN_BACK_INITIATOR);
1670 ieee80211_sta_stop_rx_ba_session(dev, addr, i,
1671 WLAN_BACK_RECIPIENT,
1672 WLAN_REASON_QSTA_LEAVE_QBSS);
1676 static void ieee80211_rx_mgmt_auth(struct net_device *dev,
1677 struct ieee80211_if_sta *ifsta,
1678 struct ieee80211_mgmt *mgmt,
1681 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1682 u16 auth_alg, auth_transaction, status_code;
1683 DECLARE_MAC_BUF(mac);
1685 if (ifsta->state != IEEE80211_AUTHENTICATE &&
1686 sdata->vif.type != IEEE80211_IF_TYPE_IBSS) {
1687 printk(KERN_DEBUG "%s: authentication frame received from "
1688 "%s, but not in authenticate state - ignored\n",
1689 dev->name, print_mac(mac, mgmt->sa));
1694 printk(KERN_DEBUG "%s: too short (%zd) authentication frame "
1695 "received from %s - ignored\n",
1696 dev->name, len, print_mac(mac, mgmt->sa));
1700 if (sdata->vif.type != IEEE80211_IF_TYPE_IBSS &&
1701 memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN) != 0) {
1702 printk(KERN_DEBUG "%s: authentication frame received from "
1703 "unknown AP (SA=%s BSSID=%s) - "
1704 "ignored\n", dev->name, print_mac(mac, mgmt->sa),
1705 print_mac(mac, mgmt->bssid));
1709 if (sdata->vif.type != IEEE80211_IF_TYPE_IBSS &&
1710 memcmp(ifsta->bssid, mgmt->bssid, ETH_ALEN) != 0) {
1711 printk(KERN_DEBUG "%s: authentication frame received from "
1712 "unknown BSSID (SA=%s BSSID=%s) - "
1713 "ignored\n", dev->name, print_mac(mac, mgmt->sa),
1714 print_mac(mac, mgmt->bssid));
1718 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg);
1719 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction);
1720 status_code = le16_to_cpu(mgmt->u.auth.status_code);
1722 printk(KERN_DEBUG "%s: RX authentication from %s (alg=%d "
1723 "transaction=%d status=%d)\n",
1724 dev->name, print_mac(mac, mgmt->sa), auth_alg,
1725 auth_transaction, status_code);
1727 if (sdata->vif.type == IEEE80211_IF_TYPE_IBSS) {
1728 /* IEEE 802.11 standard does not require authentication in IBSS
1729 * networks and most implementations do not seem to use it.
1730 * However, try to reply to authentication attempts if someone
1731 * has actually implemented this.
1732 * TODO: Could implement shared key authentication. */
1733 if (auth_alg != WLAN_AUTH_OPEN || auth_transaction != 1) {
1734 printk(KERN_DEBUG "%s: unexpected IBSS authentication "
1735 "frame (alg=%d transaction=%d)\n",
1736 dev->name, auth_alg, auth_transaction);
1739 ieee80211_send_auth(dev, ifsta, 2, NULL, 0, 0);
1742 if (auth_alg != ifsta->auth_alg ||
1743 auth_transaction != ifsta->auth_transaction) {
1744 printk(KERN_DEBUG "%s: unexpected authentication frame "
1745 "(alg=%d transaction=%d)\n",
1746 dev->name, auth_alg, auth_transaction);
1750 if (status_code != WLAN_STATUS_SUCCESS) {
1751 printk(KERN_DEBUG "%s: AP denied authentication (auth_alg=%d "
1752 "code=%d)\n", dev->name, ifsta->auth_alg, status_code);
1753 if (status_code == WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG) {
1755 const int num_algs = ARRAY_SIZE(algs);
1757 algs[0] = algs[1] = algs[2] = 0xff;
1758 if (ifsta->auth_algs & IEEE80211_AUTH_ALG_OPEN)
1759 algs[0] = WLAN_AUTH_OPEN;
1760 if (ifsta->auth_algs & IEEE80211_AUTH_ALG_SHARED_KEY)
1761 algs[1] = WLAN_AUTH_SHARED_KEY;
1762 if (ifsta->auth_algs & IEEE80211_AUTH_ALG_LEAP)
1763 algs[2] = WLAN_AUTH_LEAP;
1764 if (ifsta->auth_alg == WLAN_AUTH_OPEN)
1766 else if (ifsta->auth_alg == WLAN_AUTH_SHARED_KEY)
1770 for (i = 0; i < num_algs; i++) {
1772 if (pos >= num_algs)
1774 if (algs[pos] == ifsta->auth_alg ||
1777 if (algs[pos] == WLAN_AUTH_SHARED_KEY &&
1778 !ieee80211_sta_wep_configured(dev))
1780 ifsta->auth_alg = algs[pos];
1781 printk(KERN_DEBUG "%s: set auth_alg=%d for "
1783 dev->name, ifsta->auth_alg);
1790 switch (ifsta->auth_alg) {
1791 case WLAN_AUTH_OPEN:
1792 case WLAN_AUTH_LEAP:
1793 ieee80211_auth_completed(dev, ifsta);
1795 case WLAN_AUTH_SHARED_KEY:
1796 if (ifsta->auth_transaction == 4)
1797 ieee80211_auth_completed(dev, ifsta);
1799 ieee80211_auth_challenge(dev, ifsta, mgmt, len);
1805 static void ieee80211_rx_mgmt_deauth(struct net_device *dev,
1806 struct ieee80211_if_sta *ifsta,
1807 struct ieee80211_mgmt *mgmt,
1811 DECLARE_MAC_BUF(mac);
1814 printk(KERN_DEBUG "%s: too short (%zd) deauthentication frame "
1815 "received from %s - ignored\n",
1816 dev->name, len, print_mac(mac, mgmt->sa));
1820 if (memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN) != 0) {
1821 printk(KERN_DEBUG "%s: deauthentication frame received from "
1822 "unknown AP (SA=%s BSSID=%s) - "
1823 "ignored\n", dev->name, print_mac(mac, mgmt->sa),
1824 print_mac(mac, mgmt->bssid));
1828 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code);
1830 printk(KERN_DEBUG "%s: RX deauthentication from %s"
1832 dev->name, print_mac(mac, mgmt->sa), reason_code);
1834 if (ifsta->flags & IEEE80211_STA_AUTHENTICATED)
1835 printk(KERN_DEBUG "%s: deauthenticated\n", dev->name);
1837 if (ifsta->state == IEEE80211_AUTHENTICATE ||
1838 ifsta->state == IEEE80211_ASSOCIATE ||
1839 ifsta->state == IEEE80211_ASSOCIATED) {
1840 ifsta->state = IEEE80211_AUTHENTICATE;
1841 mod_timer(&ifsta->timer, jiffies +
1842 IEEE80211_RETRY_AUTH_INTERVAL);
1845 ieee80211_set_disassoc(dev, ifsta, 1);
1846 ifsta->flags &= ~IEEE80211_STA_AUTHENTICATED;
1850 static void ieee80211_rx_mgmt_disassoc(struct net_device *dev,
1851 struct ieee80211_if_sta *ifsta,
1852 struct ieee80211_mgmt *mgmt,
1856 DECLARE_MAC_BUF(mac);
1859 printk(KERN_DEBUG "%s: too short (%zd) disassociation frame "
1860 "received from %s - ignored\n",
1861 dev->name, len, print_mac(mac, mgmt->sa));
1865 if (memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN) != 0) {
1866 printk(KERN_DEBUG "%s: disassociation frame received from "
1867 "unknown AP (SA=%s BSSID=%s) - "
1868 "ignored\n", dev->name, print_mac(mac, mgmt->sa),
1869 print_mac(mac, mgmt->bssid));
1873 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code);
1875 printk(KERN_DEBUG "%s: RX disassociation from %s"
1877 dev->name, print_mac(mac, mgmt->sa), reason_code);
1879 if (ifsta->flags & IEEE80211_STA_ASSOCIATED)
1880 printk(KERN_DEBUG "%s: disassociated\n", dev->name);
1882 if (ifsta->state == IEEE80211_ASSOCIATED) {
1883 ifsta->state = IEEE80211_ASSOCIATE;
1884 mod_timer(&ifsta->timer, jiffies +
1885 IEEE80211_RETRY_AUTH_INTERVAL);
1888 ieee80211_set_disassoc(dev, ifsta, 0);
1892 static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata,
1893 struct ieee80211_if_sta *ifsta,
1894 struct ieee80211_mgmt *mgmt,
1898 struct ieee80211_local *local = sdata->local;
1899 struct net_device *dev = sdata->dev;
1900 struct ieee80211_supported_band *sband;
1901 struct sta_info *sta;
1902 u64 rates, basic_rates;
1903 u16 capab_info, status_code, aid;
1904 struct ieee802_11_elems elems;
1905 struct ieee80211_bss_conf *bss_conf = &sdata->bss_conf;
1908 DECLARE_MAC_BUF(mac);
1909 bool have_higher_than_11mbit = false;
1911 /* AssocResp and ReassocResp have identical structure, so process both
1912 * of them in this function. */
1914 if (ifsta->state != IEEE80211_ASSOCIATE) {
1915 printk(KERN_DEBUG "%s: association frame received from "
1916 "%s, but not in associate state - ignored\n",
1917 dev->name, print_mac(mac, mgmt->sa));
1922 printk(KERN_DEBUG "%s: too short (%zd) association frame "
1923 "received from %s - ignored\n",
1924 dev->name, len, print_mac(mac, mgmt->sa));
1928 if (memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN) != 0) {
1929 printk(KERN_DEBUG "%s: association frame received from "
1930 "unknown AP (SA=%s BSSID=%s) - "
1931 "ignored\n", dev->name, print_mac(mac, mgmt->sa),
1932 print_mac(mac, mgmt->bssid));
1936 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
1937 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code);
1938 aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
1940 printk(KERN_DEBUG "%s: RX %sssocResp from %s (capab=0x%x "
1941 "status=%d aid=%d)\n",
1942 dev->name, reassoc ? "Rea" : "A", print_mac(mac, mgmt->sa),
1943 capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14))));
1945 if (status_code != WLAN_STATUS_SUCCESS) {
1946 printk(KERN_DEBUG "%s: AP denied association (code=%d)\n",
1947 dev->name, status_code);
1948 /* if this was a reassociation, ensure we try a "full"
1949 * association next time. This works around some broken APs
1950 * which do not correctly reject reassociation requests. */
1951 ifsta->flags &= ~IEEE80211_STA_PREV_BSSID_SET;
1955 if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14)))
1956 printk(KERN_DEBUG "%s: invalid aid value %d; bits 15:14 not "
1957 "set\n", dev->name, aid);
1958 aid &= ~(BIT(15) | BIT(14));
1960 pos = mgmt->u.assoc_resp.variable;
1961 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems);
1963 if (!elems.supp_rates) {
1964 printk(KERN_DEBUG "%s: no SuppRates element in AssocResp\n",
1969 printk(KERN_DEBUG "%s: associated\n", dev->name);
1971 ifsta->ap_capab = capab_info;
1973 kfree(ifsta->assocresp_ies);
1974 ifsta->assocresp_ies_len = len - (pos - (u8 *) mgmt);
1975 ifsta->assocresp_ies = kmalloc(ifsta->assocresp_ies_len, GFP_KERNEL);
1976 if (ifsta->assocresp_ies)
1977 memcpy(ifsta->assocresp_ies, pos, ifsta->assocresp_ies_len);
1981 /* Add STA entry for the AP */
1982 sta = sta_info_get(local, ifsta->bssid);
1984 struct ieee80211_sta_bss *bss;
1987 sta = sta_info_alloc(sdata, ifsta->bssid, GFP_ATOMIC);
1989 printk(KERN_DEBUG "%s: failed to alloc STA entry for"
1990 " the AP\n", dev->name);
1994 bss = ieee80211_rx_bss_get(dev, ifsta->bssid,
1995 local->hw.conf.channel->center_freq,
1996 ifsta->ssid, ifsta->ssid_len);
1998 sta->last_signal = bss->signal;
1999 sta->last_qual = bss->qual;
2000 sta->last_noise = bss->noise;
2001 ieee80211_rx_bss_put(dev, bss);
2004 err = sta_info_insert(sta);
2006 printk(KERN_DEBUG "%s: failed to insert STA entry for"
2007 " the AP (error %d)\n", dev->name, err);
2014 * FIXME: Do we really need to update the sta_info's information here?
2015 * We already know about the AP (we found it in our list) so it
2016 * should already be filled with the right info, no?
2017 * As is stands, all this is racy because typically we assume
2018 * the information that is filled in here (except flags) doesn't
2019 * change while a STA structure is alive. As such, it should move
2020 * to between the sta_info_alloc() and sta_info_insert() above.
2023 set_sta_flags(sta, WLAN_STA_AUTH | WLAN_STA_ASSOC | WLAN_STA_ASSOC_AP |
2024 WLAN_STA_AUTHORIZED);
2028 sband = local->hw.wiphy->bands[local->hw.conf.channel->band];
2030 for (i = 0; i < elems.supp_rates_len; i++) {
2031 int rate = (elems.supp_rates[i] & 0x7f) * 5;
2034 have_higher_than_11mbit = true;
2036 for (j = 0; j < sband->n_bitrates; j++) {
2037 if (sband->bitrates[j].bitrate == rate)
2039 if (elems.supp_rates[i] & 0x80)
2040 basic_rates |= BIT(j);
2044 for (i = 0; i < elems.ext_supp_rates_len; i++) {
2045 int rate = (elems.ext_supp_rates[i] & 0x7f) * 5;
2048 have_higher_than_11mbit = true;
2050 for (j = 0; j < sband->n_bitrates; j++) {
2051 if (sband->bitrates[j].bitrate == rate)
2053 if (elems.ext_supp_rates[i] & 0x80)
2054 basic_rates |= BIT(j);
2058 sta->supp_rates[local->hw.conf.channel->band] = rates;
2059 sdata->basic_rates = basic_rates;
2061 /* cf. IEEE 802.11 9.2.12 */
2062 if (local->hw.conf.channel->band == IEEE80211_BAND_2GHZ &&
2063 have_higher_than_11mbit)
2064 sdata->flags |= IEEE80211_SDATA_OPERATING_GMODE;
2066 sdata->flags &= ~IEEE80211_SDATA_OPERATING_GMODE;
2068 if (elems.ht_cap_elem && elems.ht_info_elem && elems.wmm_param &&
2069 (ifsta->flags & IEEE80211_STA_WMM_ENABLED)) {
2070 struct ieee80211_ht_bss_info bss_info;
2071 ieee80211_ht_cap_ie_to_ht_info(
2072 (struct ieee80211_ht_cap *)
2073 elems.ht_cap_elem, &sta->ht_info);
2074 ieee80211_ht_addt_info_ie_to_ht_bss_info(
2075 (struct ieee80211_ht_addt_info *)
2076 elems.ht_info_elem, &bss_info);
2077 ieee80211_handle_ht(local, 1, &sta->ht_info, &bss_info);
2080 rate_control_rate_init(sta, local);
2082 if (elems.wmm_param) {
2083 set_sta_flags(sta, WLAN_STA_WME);
2085 ieee80211_sta_wmm_params(dev, ifsta, elems.wmm_param,
2086 elems.wmm_param_len);
2090 /* set AID and assoc capability,
2091 * ieee80211_set_associated() will tell the driver */
2092 bss_conf->aid = aid;
2093 bss_conf->assoc_capability = capab_info;
2094 ieee80211_set_associated(dev, ifsta, 1);
2096 ieee80211_associated(dev, ifsta);
2100 /* Caller must hold local->sta_bss_lock */
2101 static void __ieee80211_rx_bss_hash_add(struct net_device *dev,
2102 struct ieee80211_sta_bss *bss)
2104 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2107 if (bss_mesh_cfg(bss))
2108 hash_idx = mesh_id_hash(bss_mesh_id(bss),
2109 bss_mesh_id_len(bss));
2111 hash_idx = STA_HASH(bss->bssid);
2113 bss->hnext = local->sta_bss_hash[hash_idx];
2114 local->sta_bss_hash[hash_idx] = bss;
2118 /* Caller must hold local->sta_bss_lock */
2119 static void __ieee80211_rx_bss_hash_del(struct net_device *dev,
2120 struct ieee80211_sta_bss *bss)
2122 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2123 struct ieee80211_sta_bss *b, *prev = NULL;
2124 b = local->sta_bss_hash[STA_HASH(bss->bssid)];
2128 local->sta_bss_hash[STA_HASH(bss->bssid)] =
2131 prev->hnext = bss->hnext;
2140 static struct ieee80211_sta_bss *
2141 ieee80211_rx_bss_add(struct net_device *dev, u8 *bssid, int freq,
2142 u8 *ssid, u8 ssid_len)
2144 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2145 struct ieee80211_sta_bss *bss;
2147 bss = kzalloc(sizeof(*bss), GFP_ATOMIC);
2150 atomic_inc(&bss->users);
2151 atomic_inc(&bss->users);
2152 memcpy(bss->bssid, bssid, ETH_ALEN);
2154 if (ssid && ssid_len <= IEEE80211_MAX_SSID_LEN) {
2155 memcpy(bss->ssid, ssid, ssid_len);
2156 bss->ssid_len = ssid_len;
2159 spin_lock_bh(&local->sta_bss_lock);
2160 /* TODO: order by RSSI? */
2161 list_add_tail(&bss->list, &local->sta_bss_list);
2162 __ieee80211_rx_bss_hash_add(dev, bss);
2163 spin_unlock_bh(&local->sta_bss_lock);
2167 static struct ieee80211_sta_bss *
2168 ieee80211_rx_bss_get(struct net_device *dev, u8 *bssid, int freq,
2169 u8 *ssid, u8 ssid_len)
2171 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2172 struct ieee80211_sta_bss *bss;
2174 spin_lock_bh(&local->sta_bss_lock);
2175 bss = local->sta_bss_hash[STA_HASH(bssid)];
2177 if (!bss_mesh_cfg(bss) &&
2178 !memcmp(bss->bssid, bssid, ETH_ALEN) &&
2179 bss->freq == freq &&
2180 bss->ssid_len == ssid_len &&
2181 (ssid_len == 0 || !memcmp(bss->ssid, ssid, ssid_len))) {
2182 atomic_inc(&bss->users);
2187 spin_unlock_bh(&local->sta_bss_lock);
2191 #ifdef CONFIG_MAC80211_MESH
2192 static struct ieee80211_sta_bss *
2193 ieee80211_rx_mesh_bss_get(struct net_device *dev, u8 *mesh_id, int mesh_id_len,
2194 u8 *mesh_cfg, int freq)
2196 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2197 struct ieee80211_sta_bss *bss;
2199 spin_lock_bh(&local->sta_bss_lock);
2200 bss = local->sta_bss_hash[mesh_id_hash(mesh_id, mesh_id_len)];
2202 if (bss_mesh_cfg(bss) &&
2203 !memcmp(bss_mesh_cfg(bss), mesh_cfg, MESH_CFG_CMP_LEN) &&
2204 bss->freq == freq &&
2205 mesh_id_len == bss->mesh_id_len &&
2206 (mesh_id_len == 0 || !memcmp(bss->mesh_id, mesh_id,
2208 atomic_inc(&bss->users);
2213 spin_unlock_bh(&local->sta_bss_lock);
2217 static struct ieee80211_sta_bss *
2218 ieee80211_rx_mesh_bss_add(struct net_device *dev, u8 *mesh_id, int mesh_id_len,
2219 u8 *mesh_cfg, int mesh_config_len, int freq)
2221 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2222 struct ieee80211_sta_bss *bss;
2224 if (mesh_config_len != MESH_CFG_LEN)
2227 bss = kzalloc(sizeof(*bss), GFP_ATOMIC);
2231 bss->mesh_cfg = kmalloc(MESH_CFG_CMP_LEN, GFP_ATOMIC);
2232 if (!bss->mesh_cfg) {
2237 if (mesh_id_len && mesh_id_len <= IEEE80211_MAX_MESH_ID_LEN) {
2238 bss->mesh_id = kmalloc(mesh_id_len, GFP_ATOMIC);
2239 if (!bss->mesh_id) {
2240 kfree(bss->mesh_cfg);
2244 memcpy(bss->mesh_id, mesh_id, mesh_id_len);
2247 atomic_inc(&bss->users);
2248 atomic_inc(&bss->users);
2249 memcpy(bss->mesh_cfg, mesh_cfg, MESH_CFG_CMP_LEN);
2250 bss->mesh_id_len = mesh_id_len;
2252 spin_lock_bh(&local->sta_bss_lock);
2253 /* TODO: order by RSSI? */
2254 list_add_tail(&bss->list, &local->sta_bss_list);
2255 __ieee80211_rx_bss_hash_add(dev, bss);
2256 spin_unlock_bh(&local->sta_bss_lock);
2261 static void ieee80211_rx_bss_free(struct ieee80211_sta_bss *bss)
2267 kfree(bss_mesh_id(bss));
2268 kfree(bss_mesh_cfg(bss));
2273 static void ieee80211_rx_bss_put(struct net_device *dev,
2274 struct ieee80211_sta_bss *bss)
2276 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2279 if (!atomic_dec_and_lock(&bss->users, &local->sta_bss_lock)) {
2284 __ieee80211_rx_bss_hash_del(dev, bss);
2285 list_del(&bss->list);
2286 spin_unlock_bh(&local->sta_bss_lock);
2287 ieee80211_rx_bss_free(bss);
2291 void ieee80211_rx_bss_list_init(struct net_device *dev)
2293 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2294 spin_lock_init(&local->sta_bss_lock);
2295 INIT_LIST_HEAD(&local->sta_bss_list);
2299 void ieee80211_rx_bss_list_deinit(struct net_device *dev)
2301 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2302 struct ieee80211_sta_bss *bss, *tmp;
2304 list_for_each_entry_safe(bss, tmp, &local->sta_bss_list, list)
2305 ieee80211_rx_bss_put(dev, bss);
2309 static int ieee80211_sta_join_ibss(struct net_device *dev,
2310 struct ieee80211_if_sta *ifsta,
2311 struct ieee80211_sta_bss *bss)
2313 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2314 int res, rates, i, j;
2315 struct sk_buff *skb;
2316 struct ieee80211_mgmt *mgmt;
2317 struct ieee80211_tx_control control;
2318 struct rate_selection ratesel;
2320 struct ieee80211_sub_if_data *sdata;
2321 struct ieee80211_supported_band *sband;
2323 sband = local->hw.wiphy->bands[local->hw.conf.channel->band];
2325 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2327 /* Remove possible STA entries from other IBSS networks. */
2328 sta_info_flush_delayed(sdata);
2330 if (local->ops->reset_tsf) {
2331 /* Reset own TSF to allow time synchronization work. */
2332 local->ops->reset_tsf(local_to_hw(local));
2334 memcpy(ifsta->bssid, bss->bssid, ETH_ALEN);
2335 res = ieee80211_if_config(dev);
2339 local->hw.conf.beacon_int = bss->beacon_int >= 10 ? bss->beacon_int : 10;
2341 sdata->drop_unencrypted = bss->capability &
2342 WLAN_CAPABILITY_PRIVACY ? 1 : 0;
2344 res = ieee80211_set_freq(local, bss->freq);
2346 if (local->oper_channel->flags & IEEE80211_CHAN_NO_IBSS) {
2347 printk(KERN_DEBUG "%s: IBSS not allowed on frequency "
2348 "%d MHz\n", dev->name, local->oper_channel->center_freq);
2352 /* Set beacon template */
2353 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 400);
2358 skb_reserve(skb, local->hw.extra_tx_headroom);
2360 mgmt = (struct ieee80211_mgmt *)
2361 skb_put(skb, 24 + sizeof(mgmt->u.beacon));
2362 memset(mgmt, 0, 24 + sizeof(mgmt->u.beacon));
2363 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
2364 IEEE80211_STYPE_BEACON);
2365 memset(mgmt->da, 0xff, ETH_ALEN);
2366 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
2367 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
2368 mgmt->u.beacon.beacon_int =
2369 cpu_to_le16(local->hw.conf.beacon_int);
2370 mgmt->u.beacon.capab_info = cpu_to_le16(bss->capability);
2372 pos = skb_put(skb, 2 + ifsta->ssid_len);
2373 *pos++ = WLAN_EID_SSID;
2374 *pos++ = ifsta->ssid_len;
2375 memcpy(pos, ifsta->ssid, ifsta->ssid_len);
2377 rates = bss->supp_rates_len;
2380 pos = skb_put(skb, 2 + rates);
2381 *pos++ = WLAN_EID_SUPP_RATES;
2383 memcpy(pos, bss->supp_rates, rates);
2385 if (bss->band == IEEE80211_BAND_2GHZ) {
2386 pos = skb_put(skb, 2 + 1);
2387 *pos++ = WLAN_EID_DS_PARAMS;
2389 *pos++ = ieee80211_frequency_to_channel(bss->freq);
2392 pos = skb_put(skb, 2 + 2);
2393 *pos++ = WLAN_EID_IBSS_PARAMS;
2395 /* FIX: set ATIM window based on scan results */
2399 if (bss->supp_rates_len > 8) {
2400 rates = bss->supp_rates_len - 8;
2401 pos = skb_put(skb, 2 + rates);
2402 *pos++ = WLAN_EID_EXT_SUPP_RATES;
2404 memcpy(pos, &bss->supp_rates[8], rates);
2407 memset(&control, 0, sizeof(control));
2408 rate_control_get_rate(dev, sband, skb, &ratesel);
2409 if (ratesel.rate_idx < 0) {
2410 printk(KERN_DEBUG "%s: Failed to determine TX rate "
2411 "for IBSS beacon\n", dev->name);
2414 control.vif = &sdata->vif;
2415 control.tx_rate_idx = ratesel.rate_idx;
2416 if (sdata->bss_conf.use_short_preamble &&
2417 sband->bitrates[ratesel.rate_idx].flags & IEEE80211_RATE_SHORT_PREAMBLE)
2418 control.flags |= IEEE80211_TXCTL_SHORT_PREAMBLE;
2419 control.antenna_sel_tx = local->hw.conf.antenna_sel_tx;
2420 control.flags |= IEEE80211_TXCTL_NO_ACK;
2421 control.retry_limit = 1;
2423 ifsta->probe_resp = skb_copy(skb, GFP_ATOMIC);
2424 if (ifsta->probe_resp) {
2425 mgmt = (struct ieee80211_mgmt *)
2426 ifsta->probe_resp->data;
2427 mgmt->frame_control =
2428 IEEE80211_FC(IEEE80211_FTYPE_MGMT,
2429 IEEE80211_STYPE_PROBE_RESP);
2431 printk(KERN_DEBUG "%s: Could not allocate ProbeResp "
2432 "template for IBSS\n", dev->name);
2435 if (local->ops->beacon_update &&
2436 local->ops->beacon_update(local_to_hw(local),
2437 skb, &control) == 0) {
2438 printk(KERN_DEBUG "%s: Configured IBSS beacon "
2439 "template\n", dev->name);
2444 sband = local->hw.wiphy->bands[local->hw.conf.channel->band];
2445 for (i = 0; i < bss->supp_rates_len; i++) {
2446 int bitrate = (bss->supp_rates[i] & 0x7f) * 5;
2447 for (j = 0; j < sband->n_bitrates; j++)
2448 if (sband->bitrates[j].bitrate == bitrate)
2451 ifsta->supp_rates_bits[local->hw.conf.channel->band] = rates;
2453 ieee80211_sta_def_wmm_params(dev, bss, 1);
2457 printk(KERN_DEBUG "%s: Failed to configure IBSS beacon "
2458 "template\n", dev->name);
2462 ifsta->state = IEEE80211_IBSS_JOINED;
2463 mod_timer(&ifsta->timer, jiffies + IEEE80211_IBSS_MERGE_INTERVAL);
2465 ieee80211_rx_bss_put(dev, bss);
2470 u64 ieee80211_sta_get_rates(struct ieee80211_local *local,
2471 struct ieee802_11_elems *elems,
2472 enum ieee80211_band band)
2474 struct ieee80211_supported_band *sband;
2475 struct ieee80211_rate *bitrates;
2479 sband = local->hw.wiphy->bands[band];
2483 sband = local->hw.wiphy->bands[local->hw.conf.channel->band];
2486 bitrates = sband->bitrates;
2487 num_rates = sband->n_bitrates;
2489 for (i = 0; i < elems->supp_rates_len +
2490 elems->ext_supp_rates_len; i++) {
2493 if (i < elems->supp_rates_len)
2494 rate = elems->supp_rates[i];
2495 else if (elems->ext_supp_rates)
2496 rate = elems->ext_supp_rates
2497 [i - elems->supp_rates_len];
2498 own_rate = 5 * (rate & 0x7f);
2499 for (j = 0; j < num_rates; j++)
2500 if (bitrates[j].bitrate == own_rate)
2501 supp_rates |= BIT(j);
2507 static void ieee80211_rx_bss_info(struct net_device *dev,
2508 struct ieee80211_mgmt *mgmt,
2510 struct ieee80211_rx_status *rx_status,
2513 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2514 struct ieee802_11_elems elems;
2517 struct ieee80211_sta_bss *bss;
2518 struct sta_info *sta;
2519 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2520 u64 beacon_timestamp, rx_timestamp;
2521 struct ieee80211_channel *channel;
2522 DECLARE_MAC_BUF(mac);
2523 DECLARE_MAC_BUF(mac2);
2525 if (!beacon && memcmp(mgmt->da, dev->dev_addr, ETH_ALEN))
2526 return; /* ignore ProbeResp to foreign address */
2529 printk(KERN_DEBUG "%s: RX %s from %s to %s\n",
2530 dev->name, beacon ? "Beacon" : "Probe Response",
2531 print_mac(mac, mgmt->sa), print_mac(mac2, mgmt->da));
2534 baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt;
2538 beacon_timestamp = le64_to_cpu(mgmt->u.beacon.timestamp);
2539 ieee802_11_parse_elems(mgmt->u.beacon.variable, len - baselen, &elems);
2541 if (ieee80211_vif_is_mesh(&sdata->vif) && elems.mesh_id &&
2542 elems.mesh_config && mesh_matches_local(&elems, dev)) {
2543 u64 rates = ieee80211_sta_get_rates(local, &elems,
2546 mesh_neighbour_update(mgmt->sa, rates, dev,
2547 mesh_peer_accepts_plinks(&elems, dev));
2552 if (sdata->vif.type == IEEE80211_IF_TYPE_IBSS && elems.supp_rates &&
2553 memcmp(mgmt->bssid, sdata->u.sta.bssid, ETH_ALEN) == 0 &&
2554 (sta = sta_info_get(local, mgmt->sa))) {
2556 u64 supp_rates = ieee80211_sta_get_rates(local, &elems,
2559 prev_rates = sta->supp_rates[rx_status->band];
2560 sta->supp_rates[rx_status->band] &= supp_rates;
2561 if (sta->supp_rates[rx_status->band] == 0) {
2562 /* No matching rates - this should not really happen.
2563 * Make sure that at least one rate is marked
2564 * supported to avoid issues with TX rate ctrl. */
2565 sta->supp_rates[rx_status->band] =
2566 sdata->u.sta.supp_rates_bits[rx_status->band];
2568 if (sta->supp_rates[rx_status->band] != prev_rates) {
2569 printk(KERN_DEBUG "%s: updated supp_rates set for "
2570 "%s based on beacon info (0x%llx & 0x%llx -> "
2572 dev->name, print_mac(mac, sta->addr),
2573 (unsigned long long) prev_rates,
2574 (unsigned long long) supp_rates,
2575 (unsigned long long) sta->supp_rates[rx_status->band]);
2581 if (elems.ds_params && elems.ds_params_len == 1)
2582 freq = ieee80211_channel_to_frequency(elems.ds_params[0]);
2584 freq = rx_status->freq;
2586 channel = ieee80211_get_channel(local->hw.wiphy, freq);
2588 if (!channel || channel->flags & IEEE80211_CHAN_DISABLED)
2591 #ifdef CONFIG_MAC80211_MESH
2592 if (elems.mesh_config)
2593 bss = ieee80211_rx_mesh_bss_get(dev, elems.mesh_id,
2594 elems.mesh_id_len, elems.mesh_config, freq);
2597 bss = ieee80211_rx_bss_get(dev, mgmt->bssid, freq,
2598 elems.ssid, elems.ssid_len);
2600 #ifdef CONFIG_MAC80211_MESH
2601 if (elems.mesh_config)
2602 bss = ieee80211_rx_mesh_bss_add(dev, elems.mesh_id,
2603 elems.mesh_id_len, elems.mesh_config,
2604 elems.mesh_config_len, freq);
2607 bss = ieee80211_rx_bss_add(dev, mgmt->bssid, freq,
2608 elems.ssid, elems.ssid_len);
2613 /* TODO: order by RSSI? */
2614 spin_lock_bh(&local->sta_bss_lock);
2615 list_move_tail(&bss->list, &local->sta_bss_list);
2616 spin_unlock_bh(&local->sta_bss_lock);
2620 /* save the ERP value so that it is available at association time */
2621 if (elems.erp_info && elems.erp_info_len >= 1) {
2622 bss->erp_value = elems.erp_info[0];
2623 bss->has_erp_value = 1;
2626 if (elems.ht_cap_elem &&
2627 (!bss->ht_ie || bss->ht_ie_len != elems.ht_cap_elem_len ||
2628 memcmp(bss->ht_ie, elems.ht_cap_elem, elems.ht_cap_elem_len))) {
2630 bss->ht_ie = kmalloc(elems.ht_cap_elem_len + 2, GFP_ATOMIC);
2632 memcpy(bss->ht_ie, elems.ht_cap_elem - 2,
2633 elems.ht_cap_elem_len + 2);
2634 bss->ht_ie_len = elems.ht_cap_elem_len + 2;
2637 } else if (!elems.ht_cap_elem && bss->ht_ie) {
2643 bss->beacon_int = le16_to_cpu(mgmt->u.beacon.beacon_int);
2644 bss->capability = le16_to_cpu(mgmt->u.beacon.capab_info);
2646 bss->supp_rates_len = 0;
2647 if (elems.supp_rates) {
2648 clen = IEEE80211_MAX_SUPP_RATES - bss->supp_rates_len;
2649 if (clen > elems.supp_rates_len)
2650 clen = elems.supp_rates_len;
2651 memcpy(&bss->supp_rates[bss->supp_rates_len], elems.supp_rates,
2653 bss->supp_rates_len += clen;
2655 if (elems.ext_supp_rates) {
2656 clen = IEEE80211_MAX_SUPP_RATES - bss->supp_rates_len;
2657 if (clen > elems.ext_supp_rates_len)
2658 clen = elems.ext_supp_rates_len;
2659 memcpy(&bss->supp_rates[bss->supp_rates_len],
2660 elems.ext_supp_rates, clen);
2661 bss->supp_rates_len += clen;
2664 bss->band = rx_status->band;
2666 bss->timestamp = beacon_timestamp;
2667 bss->last_update = jiffies;
2668 bss->signal = rx_status->signal;
2669 bss->noise = rx_status->noise;
2670 bss->qual = rx_status->qual;
2671 if (!beacon && !bss->probe_resp)
2672 bss->probe_resp = true;
2675 * In STA mode, the remaining parameters should not be overridden
2676 * by beacons because they're not necessarily accurate there.
2678 if (sdata->vif.type != IEEE80211_IF_TYPE_IBSS &&
2679 bss->probe_resp && beacon) {
2680 ieee80211_rx_bss_put(dev, bss);
2685 (!bss->wpa_ie || bss->wpa_ie_len != elems.wpa_len ||
2686 memcmp(bss->wpa_ie, elems.wpa, elems.wpa_len))) {
2688 bss->wpa_ie = kmalloc(elems.wpa_len + 2, GFP_ATOMIC);
2690 memcpy(bss->wpa_ie, elems.wpa - 2, elems.wpa_len + 2);
2691 bss->wpa_ie_len = elems.wpa_len + 2;
2693 bss->wpa_ie_len = 0;
2694 } else if (!elems.wpa && bss->wpa_ie) {
2697 bss->wpa_ie_len = 0;
2701 (!bss->rsn_ie || bss->rsn_ie_len != elems.rsn_len ||
2702 memcmp(bss->rsn_ie, elems.rsn, elems.rsn_len))) {
2704 bss->rsn_ie = kmalloc(elems.rsn_len + 2, GFP_ATOMIC);
2706 memcpy(bss->rsn_ie, elems.rsn - 2, elems.rsn_len + 2);
2707 bss->rsn_ie_len = elems.rsn_len + 2;
2709 bss->rsn_ie_len = 0;
2710 } else if (!elems.rsn && bss->rsn_ie) {
2713 bss->rsn_ie_len = 0;
2718 * http://www.wipo.int/pctdb/en/wo.jsp?wo=2007047181&IA=WO2007047181&DISPLAY=DESC
2722 * In particular, "Wi-Fi CERTIFIED for WMM - Support for Multimedia
2723 * Applications with Quality of Service in Wi-Fi Networks," Wi- Fi
2724 * Alliance (September 1, 2004) is incorporated by reference herein.
2725 * The inclusion of the WMM Parameters in probe responses and
2726 * association responses is mandatory for WMM enabled networks. The
2727 * inclusion of the WMM Parameters in beacons, however, is optional.
2730 if (elems.wmm_param &&
2731 (!bss->wmm_ie || bss->wmm_ie_len != elems.wmm_param_len ||
2732 memcmp(bss->wmm_ie, elems.wmm_param, elems.wmm_param_len))) {
2734 bss->wmm_ie = kmalloc(elems.wmm_param_len + 2, GFP_ATOMIC);
2736 memcpy(bss->wmm_ie, elems.wmm_param - 2,
2737 elems.wmm_param_len + 2);
2738 bss->wmm_ie_len = elems.wmm_param_len + 2;
2740 bss->wmm_ie_len = 0;
2741 } else if (elems.wmm_info &&
2742 (!bss->wmm_ie || bss->wmm_ie_len != elems.wmm_info_len ||
2743 memcmp(bss->wmm_ie, elems.wmm_info, elems.wmm_info_len))) {
2744 /* As for certain AP's Fifth bit is not set in WMM IE in
2745 * beacon frames.So while parsing the beacon frame the
2746 * wmm_info structure is used instead of wmm_param.
2747 * wmm_info structure was never used to set bss->wmm_ie.
2748 * This code fixes this problem by copying the WME
2749 * information from wmm_info to bss->wmm_ie and enabling
2750 * n-band association.
2753 bss->wmm_ie = kmalloc(elems.wmm_info_len + 2, GFP_ATOMIC);
2755 memcpy(bss->wmm_ie, elems.wmm_info - 2,
2756 elems.wmm_info_len + 2);
2757 bss->wmm_ie_len = elems.wmm_info_len + 2;
2759 bss->wmm_ie_len = 0;
2760 } else if (!elems.wmm_param && !elems.wmm_info && bss->wmm_ie) {
2763 bss->wmm_ie_len = 0;
2766 /* check if we need to merge IBSS */
2767 if (sdata->vif.type == IEEE80211_IF_TYPE_IBSS && beacon &&
2768 !local->sta_sw_scanning && !local->sta_hw_scanning &&
2769 bss->capability & WLAN_CAPABILITY_IBSS &&
2770 bss->freq == local->oper_channel->center_freq &&
2771 elems.ssid_len == sdata->u.sta.ssid_len &&
2772 memcmp(elems.ssid, sdata->u.sta.ssid, sdata->u.sta.ssid_len) == 0) {
2773 if (rx_status->flag & RX_FLAG_TSFT) {
2774 /* in order for correct IBSS merging we need mactime
2776 * since mactime is defined as the time the first data
2777 * symbol of the frame hits the PHY, and the timestamp
2778 * of the beacon is defined as "the time that the data
2779 * symbol containing the first bit of the timestamp is
2780 * transmitted to the PHY plus the transmitting STA’s
2781 * delays through its local PHY from the MAC-PHY
2782 * interface to its interface with the WM"
2783 * (802.11 11.1.2) - equals the time this bit arrives at
2784 * the receiver - we have to take into account the
2785 * offset between the two.
2786 * e.g: at 1 MBit that means mactime is 192 usec earlier
2787 * (=24 bytes * 8 usecs/byte) than the beacon timestamp.
2789 int rate = local->hw.wiphy->bands[rx_status->band]->
2790 bitrates[rx_status->rate_idx].bitrate;
2791 rx_timestamp = rx_status->mactime + (24 * 8 * 10 / rate);
2792 } else if (local && local->ops && local->ops->get_tsf)
2793 /* second best option: get current TSF */
2794 rx_timestamp = local->ops->get_tsf(local_to_hw(local));
2796 /* can't merge without knowing the TSF */
2797 rx_timestamp = -1LLU;
2798 #ifdef CONFIG_MAC80211_IBSS_DEBUG
2799 printk(KERN_DEBUG "RX beacon SA=%s BSSID="
2800 "%s TSF=0x%llx BCN=0x%llx diff=%lld @%lu\n",
2801 print_mac(mac, mgmt->sa),
2802 print_mac(mac2, mgmt->bssid),
2803 (unsigned long long)rx_timestamp,
2804 (unsigned long long)beacon_timestamp,
2805 (unsigned long long)(rx_timestamp - beacon_timestamp),
2807 #endif /* CONFIG_MAC80211_IBSS_DEBUG */
2808 if (beacon_timestamp > rx_timestamp) {
2809 #ifndef CONFIG_MAC80211_IBSS_DEBUG
2810 if (net_ratelimit())
2812 printk(KERN_DEBUG "%s: beacon TSF higher than "
2813 "local TSF - IBSS merge with BSSID %s\n",
2814 dev->name, print_mac(mac, mgmt->bssid));
2815 ieee80211_sta_join_ibss(dev, &sdata->u.sta, bss);
2816 ieee80211_ibss_add_sta(dev, NULL,
2817 mgmt->bssid, mgmt->sa);
2821 ieee80211_rx_bss_put(dev, bss);
2825 static void ieee80211_rx_mgmt_probe_resp(struct net_device *dev,
2826 struct ieee80211_mgmt *mgmt,
2828 struct ieee80211_rx_status *rx_status)
2830 ieee80211_rx_bss_info(dev, mgmt, len, rx_status, 0);
2834 static void ieee80211_rx_mgmt_beacon(struct net_device *dev,
2835 struct ieee80211_mgmt *mgmt,
2837 struct ieee80211_rx_status *rx_status)
2839 struct ieee80211_sub_if_data *sdata;
2840 struct ieee80211_if_sta *ifsta;
2842 struct ieee802_11_elems elems;
2843 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2844 struct ieee80211_conf *conf = &local->hw.conf;
2847 ieee80211_rx_bss_info(dev, mgmt, len, rx_status, 1);
2849 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2850 if (sdata->vif.type != IEEE80211_IF_TYPE_STA)
2852 ifsta = &sdata->u.sta;
2854 if (!(ifsta->flags & IEEE80211_STA_ASSOCIATED) ||
2855 memcmp(ifsta->bssid, mgmt->bssid, ETH_ALEN) != 0)
2858 /* Process beacon from the current BSS */
2859 baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt;
2863 ieee802_11_parse_elems(mgmt->u.beacon.variable, len - baselen, &elems);
2865 ieee80211_sta_wmm_params(dev, ifsta, elems.wmm_param,
2866 elems.wmm_param_len);
2868 /* Do not send changes to driver if we are scanning. This removes
2869 * requirement that driver's bss_info_changed function needs to be
2871 if (local->sta_sw_scanning || local->sta_hw_scanning)
2874 if (elems.erp_info && elems.erp_info_len >= 1)
2875 changed |= ieee80211_handle_erp_ie(sdata, elems.erp_info[0]);
2877 u16 capab = le16_to_cpu(mgmt->u.beacon.capab_info);
2878 changed |= ieee80211_handle_protect_preamb(sdata, false,
2879 (capab & WLAN_CAPABILITY_SHORT_PREAMBLE) != 0);
2882 if (elems.ht_cap_elem && elems.ht_info_elem &&
2883 elems.wmm_param && conf->flags & IEEE80211_CONF_SUPPORT_HT_MODE) {
2884 struct ieee80211_ht_bss_info bss_info;
2886 ieee80211_ht_addt_info_ie_to_ht_bss_info(
2887 (struct ieee80211_ht_addt_info *)
2888 elems.ht_info_elem, &bss_info);
2889 changed |= ieee80211_handle_ht(local, 1, &conf->ht_conf,
2893 ieee80211_bss_info_change_notify(sdata, changed);
2897 static void ieee80211_rx_mgmt_probe_req(struct net_device *dev,
2898 struct ieee80211_if_sta *ifsta,
2899 struct ieee80211_mgmt *mgmt,
2901 struct ieee80211_rx_status *rx_status)
2903 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2904 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2906 struct sk_buff *skb;
2907 struct ieee80211_mgmt *resp;
2909 DECLARE_MAC_BUF(mac);
2910 #ifdef CONFIG_MAC80211_IBSS_DEBUG
2911 DECLARE_MAC_BUF(mac2);
2912 DECLARE_MAC_BUF(mac3);
2915 if (sdata->vif.type != IEEE80211_IF_TYPE_IBSS ||
2916 ifsta->state != IEEE80211_IBSS_JOINED ||
2917 len < 24 + 2 || !ifsta->probe_resp)
2920 if (local->ops->tx_last_beacon)
2921 tx_last_beacon = local->ops->tx_last_beacon(local_to_hw(local));
2925 #ifdef CONFIG_MAC80211_IBSS_DEBUG
2926 printk(KERN_DEBUG "%s: RX ProbeReq SA=%s DA=%s BSSID="
2927 "%s (tx_last_beacon=%d)\n",
2928 dev->name, print_mac(mac, mgmt->sa), print_mac(mac2, mgmt->da),
2929 print_mac(mac3, mgmt->bssid), tx_last_beacon);
2930 #endif /* CONFIG_MAC80211_IBSS_DEBUG */
2932 if (!tx_last_beacon)
2935 if (memcmp(mgmt->bssid, ifsta->bssid, ETH_ALEN) != 0 &&
2936 memcmp(mgmt->bssid, "\xff\xff\xff\xff\xff\xff", ETH_ALEN) != 0)
2939 end = ((u8 *) mgmt) + len;
2940 pos = mgmt->u.probe_req.variable;
2941 if (pos[0] != WLAN_EID_SSID ||
2942 pos + 2 + pos[1] > end) {
2943 if (net_ratelimit()) {
2944 printk(KERN_DEBUG "%s: Invalid SSID IE in ProbeReq "
2946 dev->name, print_mac(mac, mgmt->sa));
2951 (pos[1] != ifsta->ssid_len ||
2952 memcmp(pos + 2, ifsta->ssid, ifsta->ssid_len) != 0)) {
2953 /* Ignore ProbeReq for foreign SSID */
2957 /* Reply with ProbeResp */
2958 skb = skb_copy(ifsta->probe_resp, GFP_KERNEL);
2962 resp = (struct ieee80211_mgmt *) skb->data;
2963 memcpy(resp->da, mgmt->sa, ETH_ALEN);
2964 #ifdef CONFIG_MAC80211_IBSS_DEBUG
2965 printk(KERN_DEBUG "%s: Sending ProbeResp to %s\n",
2966 dev->name, print_mac(mac, resp->da));
2967 #endif /* CONFIG_MAC80211_IBSS_DEBUG */
2968 ieee80211_sta_tx(dev, skb, 0);
2971 static void ieee80211_rx_mgmt_action(struct net_device *dev,
2972 struct ieee80211_if_sta *ifsta,
2973 struct ieee80211_mgmt *mgmt,
2975 struct ieee80211_rx_status *rx_status)
2977 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2979 if (len < IEEE80211_MIN_ACTION_SIZE)
2982 switch (mgmt->u.action.category) {
2983 case WLAN_CATEGORY_BACK:
2984 switch (mgmt->u.action.u.addba_req.action_code) {
2985 case WLAN_ACTION_ADDBA_REQ:
2986 if (len < (IEEE80211_MIN_ACTION_SIZE +
2987 sizeof(mgmt->u.action.u.addba_req)))
2989 ieee80211_sta_process_addba_request(dev, mgmt, len);
2991 case WLAN_ACTION_ADDBA_RESP:
2992 if (len < (IEEE80211_MIN_ACTION_SIZE +
2993 sizeof(mgmt->u.action.u.addba_resp)))
2995 ieee80211_sta_process_addba_resp(dev, mgmt, len);
2997 case WLAN_ACTION_DELBA:
2998 if (len < (IEEE80211_MIN_ACTION_SIZE +
2999 sizeof(mgmt->u.action.u.delba)))
3001 ieee80211_sta_process_delba(dev, mgmt, len);
3004 if (net_ratelimit())
3005 printk(KERN_DEBUG "%s: Rx unknown A-MPDU action\n",
3010 case PLINK_CATEGORY:
3011 if (ieee80211_vif_is_mesh(&sdata->vif))
3012 mesh_rx_plink_frame(dev, mgmt, len, rx_status);
3014 case MESH_PATH_SEL_CATEGORY:
3015 if (ieee80211_vif_is_mesh(&sdata->vif))
3016 mesh_rx_path_sel_frame(dev, mgmt, len);
3019 if (net_ratelimit())
3020 printk(KERN_DEBUG "%s: Rx unknown action frame - "
3021 "category=%d\n", dev->name, mgmt->u.action.category);
3026 void ieee80211_sta_rx_mgmt(struct net_device *dev, struct sk_buff *skb,
3027 struct ieee80211_rx_status *rx_status)
3029 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
3030 struct ieee80211_sub_if_data *sdata;
3031 struct ieee80211_if_sta *ifsta;
3032 struct ieee80211_mgmt *mgmt;
3038 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3039 ifsta = &sdata->u.sta;
3041 mgmt = (struct ieee80211_mgmt *) skb->data;
3042 fc = le16_to_cpu(mgmt->frame_control);
3044 switch (fc & IEEE80211_FCTL_STYPE) {
3045 case IEEE80211_STYPE_PROBE_REQ:
3046 case IEEE80211_STYPE_PROBE_RESP:
3047 case IEEE80211_STYPE_BEACON:
3048 case IEEE80211_STYPE_ACTION:
3049 memcpy(skb->cb, rx_status, sizeof(*rx_status));
3050 case IEEE80211_STYPE_AUTH:
3051 case IEEE80211_STYPE_ASSOC_RESP:
3052 case IEEE80211_STYPE_REASSOC_RESP:
3053 case IEEE80211_STYPE_DEAUTH:
3054 case IEEE80211_STYPE_DISASSOC:
3055 skb_queue_tail(&ifsta->skb_queue, skb);
3056 queue_work(local->hw.workqueue, &ifsta->work);
3059 printk(KERN_DEBUG "%s: received unknown management frame - "
3060 "stype=%d\n", dev->name,
3061 (fc & IEEE80211_FCTL_STYPE) >> 4);
3070 static void ieee80211_sta_rx_queued_mgmt(struct net_device *dev,
3071 struct sk_buff *skb)
3073 struct ieee80211_rx_status *rx_status;
3074 struct ieee80211_sub_if_data *sdata;
3075 struct ieee80211_if_sta *ifsta;
3076 struct ieee80211_mgmt *mgmt;
3079 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3080 ifsta = &sdata->u.sta;
3082 rx_status = (struct ieee80211_rx_status *) skb->cb;
3083 mgmt = (struct ieee80211_mgmt *) skb->data;
3084 fc = le16_to_cpu(mgmt->frame_control);
3086 switch (fc & IEEE80211_FCTL_STYPE) {
3087 case IEEE80211_STYPE_PROBE_REQ:
3088 ieee80211_rx_mgmt_probe_req(dev, ifsta, mgmt, skb->len,
3091 case IEEE80211_STYPE_PROBE_RESP:
3092 ieee80211_rx_mgmt_probe_resp(dev, mgmt, skb->len, rx_status);
3094 case IEEE80211_STYPE_BEACON:
3095 ieee80211_rx_mgmt_beacon(dev, mgmt, skb->len, rx_status);
3097 case IEEE80211_STYPE_AUTH:
3098 ieee80211_rx_mgmt_auth(dev, ifsta, mgmt, skb->len);
3100 case IEEE80211_STYPE_ASSOC_RESP:
3101 ieee80211_rx_mgmt_assoc_resp(sdata, ifsta, mgmt, skb->len, 0);
3103 case IEEE80211_STYPE_REASSOC_RESP:
3104 ieee80211_rx_mgmt_assoc_resp(sdata, ifsta, mgmt, skb->len, 1);
3106 case IEEE80211_STYPE_DEAUTH:
3107 ieee80211_rx_mgmt_deauth(dev, ifsta, mgmt, skb->len);
3109 case IEEE80211_STYPE_DISASSOC:
3110 ieee80211_rx_mgmt_disassoc(dev, ifsta, mgmt, skb->len);
3112 case IEEE80211_STYPE_ACTION:
3113 ieee80211_rx_mgmt_action(dev, ifsta, mgmt, skb->len, rx_status);
3122 ieee80211_sta_rx_scan(struct net_device *dev, struct sk_buff *skb,
3123 struct ieee80211_rx_status *rx_status)
3125 struct ieee80211_mgmt *mgmt;
3129 return RX_DROP_UNUSABLE;
3131 mgmt = (struct ieee80211_mgmt *) skb->data;
3132 fc = le16_to_cpu(mgmt->frame_control);
3134 if ((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_CTL)
3138 return RX_DROP_MONITOR;
3140 if ((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_MGMT) {
3141 if ((fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_PROBE_RESP) {
3142 ieee80211_rx_mgmt_probe_resp(dev, mgmt,
3143 skb->len, rx_status);
3146 } else if ((fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_BEACON) {
3147 ieee80211_rx_mgmt_beacon(dev, mgmt, skb->len,
3157 static int ieee80211_sta_active_ibss(struct net_device *dev)
3159 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
3161 struct sta_info *sta;
3162 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3166 list_for_each_entry_rcu(sta, &local->sta_list, list) {
3167 if (sta->sdata == sdata &&
3168 time_after(sta->last_rx + IEEE80211_IBSS_MERGE_INTERVAL,
3181 static void ieee80211_sta_expire(struct net_device *dev, unsigned long exp_time)
3183 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
3184 struct sta_info *sta, *tmp;
3185 LIST_HEAD(tmp_list);
3186 DECLARE_MAC_BUF(mac);
3187 unsigned long flags;
3189 spin_lock_irqsave(&local->sta_lock, flags);
3190 list_for_each_entry_safe(sta, tmp, &local->sta_list, list)
3191 if (time_after(jiffies, sta->last_rx + exp_time)) {
3192 printk(KERN_DEBUG "%s: expiring inactive STA %s\n",
3193 dev->name, print_mac(mac, sta->addr));
3194 __sta_info_unlink(&sta);
3196 list_add(&sta->list, &tmp_list);
3198 spin_unlock_irqrestore(&local->sta_lock, flags);
3200 list_for_each_entry_safe(sta, tmp, &tmp_list, list)
3201 sta_info_destroy(sta);
3205 static void ieee80211_sta_merge_ibss(struct net_device *dev,
3206 struct ieee80211_if_sta *ifsta)
3208 mod_timer(&ifsta->timer, jiffies + IEEE80211_IBSS_MERGE_INTERVAL);
3210 ieee80211_sta_expire(dev, IEEE80211_IBSS_INACTIVITY_LIMIT);
3211 if (ieee80211_sta_active_ibss(dev))
3214 printk(KERN_DEBUG "%s: No active IBSS STAs - trying to scan for other "
3215 "IBSS networks with same SSID (merge)\n", dev->name);
3216 ieee80211_sta_req_scan(dev, ifsta->ssid, ifsta->ssid_len);
3220 #ifdef CONFIG_MAC80211_MESH
3221 static void ieee80211_mesh_housekeeping(struct net_device *dev,
3222 struct ieee80211_if_sta *ifsta)
3224 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3227 ieee80211_sta_expire(dev, IEEE80211_MESH_PEER_INACTIVITY_LIMIT);
3228 mesh_path_expire(dev);
3230 free_plinks = mesh_plink_availables(sdata);
3231 if (free_plinks != sdata->u.sta.accepting_plinks)
3232 ieee80211_if_config_beacon(dev);
3234 mod_timer(&ifsta->timer, jiffies +
3235 IEEE80211_MESH_HOUSEKEEPING_INTERVAL);
3239 void ieee80211_start_mesh(struct net_device *dev)
3241 struct ieee80211_if_sta *ifsta;
3242 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3243 ifsta = &sdata->u.sta;
3244 ifsta->state = IEEE80211_MESH_UP;
3245 ieee80211_sta_timer((unsigned long)sdata);
3250 void ieee80211_sta_timer(unsigned long data)
3252 struct ieee80211_sub_if_data *sdata =
3253 (struct ieee80211_sub_if_data *) data;
3254 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
3255 struct ieee80211_local *local = wdev_priv(&sdata->wdev);
3257 set_bit(IEEE80211_STA_REQ_RUN, &ifsta->request);
3258 queue_work(local->hw.workqueue, &ifsta->work);
3261 void ieee80211_sta_work(struct work_struct *work)
3263 struct ieee80211_sub_if_data *sdata =
3264 container_of(work, struct ieee80211_sub_if_data, u.sta.work);
3265 struct net_device *dev = sdata->dev;
3266 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
3267 struct ieee80211_if_sta *ifsta;
3268 struct sk_buff *skb;
3270 if (!netif_running(dev))
3273 if (local->sta_sw_scanning || local->sta_hw_scanning)
3276 if (sdata->vif.type != IEEE80211_IF_TYPE_STA &&
3277 sdata->vif.type != IEEE80211_IF_TYPE_IBSS &&
3278 sdata->vif.type != IEEE80211_IF_TYPE_MESH_POINT) {
3279 printk(KERN_DEBUG "%s: ieee80211_sta_work: non-STA interface "
3280 "(type=%d)\n", dev->name, sdata->vif.type);
3283 ifsta = &sdata->u.sta;
3285 while ((skb = skb_dequeue(&ifsta->skb_queue)))
3286 ieee80211_sta_rx_queued_mgmt(dev, skb);
3288 #ifdef CONFIG_MAC80211_MESH
3289 if (ifsta->preq_queue_len &&
3291 ifsta->last_preq + msecs_to_jiffies(ifsta->mshcfg.dot11MeshHWMPpreqMinInterval)))
3292 mesh_path_start_discovery(dev);
3295 if (ifsta->state != IEEE80211_AUTHENTICATE &&
3296 ifsta->state != IEEE80211_ASSOCIATE &&
3297 test_and_clear_bit(IEEE80211_STA_REQ_SCAN, &ifsta->request)) {
3298 if (ifsta->scan_ssid_len)
3299 ieee80211_sta_start_scan(dev, ifsta->scan_ssid, ifsta->scan_ssid_len);
3301 ieee80211_sta_start_scan(dev, NULL, 0);
3305 if (test_and_clear_bit(IEEE80211_STA_REQ_AUTH, &ifsta->request)) {
3306 if (ieee80211_sta_config_auth(dev, ifsta))
3308 clear_bit(IEEE80211_STA_REQ_RUN, &ifsta->request);
3309 } else if (!test_and_clear_bit(IEEE80211_STA_REQ_RUN, &ifsta->request))
3312 switch (ifsta->state) {
3313 case IEEE80211_DISABLED:
3315 case IEEE80211_AUTHENTICATE:
3316 ieee80211_authenticate(dev, ifsta);
3318 case IEEE80211_ASSOCIATE:
3319 ieee80211_associate(dev, ifsta);
3321 case IEEE80211_ASSOCIATED:
3322 ieee80211_associated(dev, ifsta);
3324 case IEEE80211_IBSS_SEARCH:
3325 ieee80211_sta_find_ibss(dev, ifsta);
3327 case IEEE80211_IBSS_JOINED:
3328 ieee80211_sta_merge_ibss(dev, ifsta);
3330 #ifdef CONFIG_MAC80211_MESH
3331 case IEEE80211_MESH_UP:
3332 ieee80211_mesh_housekeeping(dev, ifsta);
3336 printk(KERN_DEBUG "ieee80211_sta_work: Unknown state %d\n",
3341 if (ieee80211_privacy_mismatch(dev, ifsta)) {
3342 printk(KERN_DEBUG "%s: privacy configuration mismatch and "
3343 "mixed-cell disabled - disassociate\n", dev->name);
3345 ieee80211_send_disassoc(dev, ifsta, WLAN_REASON_UNSPECIFIED);
3346 ieee80211_set_disassoc(dev, ifsta, 0);
3351 static void ieee80211_sta_reset_auth(struct net_device *dev,
3352 struct ieee80211_if_sta *ifsta)
3354 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
3356 if (local->ops->reset_tsf) {
3357 /* Reset own TSF to allow time synchronization work. */
3358 local->ops->reset_tsf(local_to_hw(local));
3361 ifsta->wmm_last_param_set = -1; /* allow any WMM update */
3364 if (ifsta->auth_algs & IEEE80211_AUTH_ALG_OPEN)
3365 ifsta->auth_alg = WLAN_AUTH_OPEN;
3366 else if (ifsta->auth_algs & IEEE80211_AUTH_ALG_SHARED_KEY)
3367 ifsta->auth_alg = WLAN_AUTH_SHARED_KEY;
3368 else if (ifsta->auth_algs & IEEE80211_AUTH_ALG_LEAP)
3369 ifsta->auth_alg = WLAN_AUTH_LEAP;
3371 ifsta->auth_alg = WLAN_AUTH_OPEN;
3372 printk(KERN_DEBUG "%s: Initial auth_alg=%d\n", dev->name,
3374 ifsta->auth_transaction = -1;
3375 ifsta->flags &= ~IEEE80211_STA_ASSOCIATED;
3376 ifsta->auth_tries = ifsta->assoc_tries = 0;
3377 netif_carrier_off(dev);
3381 void ieee80211_sta_req_auth(struct net_device *dev,
3382 struct ieee80211_if_sta *ifsta)
3384 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
3385 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3387 if (sdata->vif.type != IEEE80211_IF_TYPE_STA)
3390 if ((ifsta->flags & (IEEE80211_STA_BSSID_SET |
3391 IEEE80211_STA_AUTO_BSSID_SEL)) &&
3392 (ifsta->flags & (IEEE80211_STA_SSID_SET |
3393 IEEE80211_STA_AUTO_SSID_SEL))) {
3394 set_bit(IEEE80211_STA_REQ_AUTH, &ifsta->request);
3395 queue_work(local->hw.workqueue, &ifsta->work);
3399 static int ieee80211_sta_match_ssid(struct ieee80211_if_sta *ifsta,
3400 const char *ssid, int ssid_len)
3402 int tmp, hidden_ssid;
3404 if (ssid_len == ifsta->ssid_len &&
3405 !memcmp(ifsta->ssid, ssid, ssid_len))
3408 if (ifsta->flags & IEEE80211_STA_AUTO_BSSID_SEL)
3414 if (ssid[tmp] != '\0') {
3420 if (hidden_ssid && ifsta->ssid_len == ssid_len)
3423 if (ssid_len == 1 && ssid[0] == ' ')
3429 static int ieee80211_sta_config_auth(struct net_device *dev,
3430 struct ieee80211_if_sta *ifsta)
3432 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
3433 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3434 struct ieee80211_sta_bss *bss, *selected = NULL;
3435 int top_rssi = 0, freq;
3437 if (!(ifsta->flags & (IEEE80211_STA_AUTO_SSID_SEL |
3438 IEEE80211_STA_AUTO_BSSID_SEL | IEEE80211_STA_AUTO_CHANNEL_SEL))) {
3439 ifsta->state = IEEE80211_AUTHENTICATE;
3440 ieee80211_sta_reset_auth(dev, ifsta);
3444 spin_lock_bh(&local->sta_bss_lock);
3445 freq = local->oper_channel->center_freq;
3446 list_for_each_entry(bss, &local->sta_bss_list, list) {
3447 if (!(bss->capability & WLAN_CAPABILITY_ESS))
3450 if (!!(bss->capability & WLAN_CAPABILITY_PRIVACY) ^
3451 !!sdata->default_key)
3454 if (!(ifsta->flags & IEEE80211_STA_AUTO_CHANNEL_SEL) &&
3458 if (!(ifsta->flags & IEEE80211_STA_AUTO_BSSID_SEL) &&
3459 memcmp(bss->bssid, ifsta->bssid, ETH_ALEN))
3462 if (!(ifsta->flags & IEEE80211_STA_AUTO_SSID_SEL) &&
3463 !ieee80211_sta_match_ssid(ifsta, bss->ssid, bss->ssid_len))
3466 if (!selected || top_rssi < bss->signal) {
3468 top_rssi = bss->signal;
3472 atomic_inc(&selected->users);
3473 spin_unlock_bh(&local->sta_bss_lock);
3476 ieee80211_set_freq(local, selected->freq);
3477 if (!(ifsta->flags & IEEE80211_STA_SSID_SET))
3478 ieee80211_sta_set_ssid(dev, selected->ssid,
3479 selected->ssid_len);
3480 ieee80211_sta_set_bssid(dev, selected->bssid);
3481 ieee80211_sta_def_wmm_params(dev, selected, 0);
3482 ieee80211_rx_bss_put(dev, selected);
3483 ifsta->state = IEEE80211_AUTHENTICATE;
3484 ieee80211_sta_reset_auth(dev, ifsta);
3487 if (ifsta->state != IEEE80211_AUTHENTICATE) {
3488 if (ifsta->flags & IEEE80211_STA_AUTO_SSID_SEL)
3489 ieee80211_sta_start_scan(dev, NULL, 0);
3491 ieee80211_sta_start_scan(dev, ifsta->ssid,
3493 ifsta->state = IEEE80211_AUTHENTICATE;
3494 set_bit(IEEE80211_STA_REQ_AUTH, &ifsta->request);
3496 ifsta->state = IEEE80211_DISABLED;
3502 static int ieee80211_sta_create_ibss(struct net_device *dev,
3503 struct ieee80211_if_sta *ifsta)
3505 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
3506 struct ieee80211_sta_bss *bss;
3507 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3508 struct ieee80211_supported_band *sband;
3509 u8 bssid[ETH_ALEN], *pos;
3511 DECLARE_MAC_BUF(mac);
3514 /* Easier testing, use fixed BSSID. */
3515 memset(bssid, 0xfe, ETH_ALEN);
3517 /* Generate random, not broadcast, locally administered BSSID. Mix in
3518 * own MAC address to make sure that devices that do not have proper
3519 * random number generator get different BSSID. */
3520 get_random_bytes(bssid, ETH_ALEN);
3521 for (i = 0; i < ETH_ALEN; i++)
3522 bssid[i] ^= dev->dev_addr[i];
3527 printk(KERN_DEBUG "%s: Creating new IBSS network, BSSID %s\n",
3528 dev->name, print_mac(mac, bssid));
3530 bss = ieee80211_rx_bss_add(dev, bssid,
3531 local->hw.conf.channel->center_freq,
3532 sdata->u.sta.ssid, sdata->u.sta.ssid_len);
3536 bss->band = local->hw.conf.channel->band;
3537 sband = local->hw.wiphy->bands[bss->band];
3539 if (local->hw.conf.beacon_int == 0)
3540 local->hw.conf.beacon_int = 10000;
3541 bss->beacon_int = local->hw.conf.beacon_int;
3542 bss->last_update = jiffies;
3543 bss->capability = WLAN_CAPABILITY_IBSS;
3545 if (sdata->default_key)
3546 bss->capability |= WLAN_CAPABILITY_PRIVACY;
3548 sdata->drop_unencrypted = 0;
3550 bss->supp_rates_len = sband->n_bitrates;
3551 pos = bss->supp_rates;
3552 for (i = 0; i < sband->n_bitrates; i++) {
3553 int rate = sband->bitrates[i].bitrate;
3554 *pos++ = (u8) (rate / 5);
3557 return ieee80211_sta_join_ibss(dev, ifsta, bss);
3561 static int ieee80211_sta_find_ibss(struct net_device *dev,
3562 struct ieee80211_if_sta *ifsta)
3564 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
3565 struct ieee80211_sta_bss *bss;
3569 DECLARE_MAC_BUF(mac);
3570 DECLARE_MAC_BUF(mac2);
3572 if (ifsta->ssid_len == 0)
3575 active_ibss = ieee80211_sta_active_ibss(dev);
3576 #ifdef CONFIG_MAC80211_IBSS_DEBUG
3577 printk(KERN_DEBUG "%s: sta_find_ibss (active_ibss=%d)\n",
3578 dev->name, active_ibss);
3579 #endif /* CONFIG_MAC80211_IBSS_DEBUG */
3580 spin_lock_bh(&local->sta_bss_lock);
3581 list_for_each_entry(bss, &local->sta_bss_list, list) {
3582 if (ifsta->ssid_len != bss->ssid_len ||
3583 memcmp(ifsta->ssid, bss->ssid, bss->ssid_len) != 0
3584 || !(bss->capability & WLAN_CAPABILITY_IBSS))
3586 #ifdef CONFIG_MAC80211_IBSS_DEBUG
3587 printk(KERN_DEBUG " bssid=%s found\n",
3588 print_mac(mac, bss->bssid));
3589 #endif /* CONFIG_MAC80211_IBSS_DEBUG */
3590 memcpy(bssid, bss->bssid, ETH_ALEN);
3592 if (active_ibss || memcmp(bssid, ifsta->bssid, ETH_ALEN) != 0)
3595 spin_unlock_bh(&local->sta_bss_lock);
3597 #ifdef CONFIG_MAC80211_IBSS_DEBUG
3598 printk(KERN_DEBUG " sta_find_ibss: selected %s current "
3599 "%s\n", print_mac(mac, bssid), print_mac(mac2, ifsta->bssid));
3600 #endif /* CONFIG_MAC80211_IBSS_DEBUG */
3601 if (found && memcmp(ifsta->bssid, bssid, ETH_ALEN) != 0 &&
3602 (bss = ieee80211_rx_bss_get(dev, bssid,
3603 local->hw.conf.channel->center_freq,
3604 ifsta->ssid, ifsta->ssid_len))) {
3605 printk(KERN_DEBUG "%s: Selected IBSS BSSID %s"
3606 " based on configured SSID\n",
3607 dev->name, print_mac(mac, bssid));
3608 return ieee80211_sta_join_ibss(dev, ifsta, bss);
3610 #ifdef CONFIG_MAC80211_IBSS_DEBUG
3611 printk(KERN_DEBUG " did not try to join ibss\n");
3612 #endif /* CONFIG_MAC80211_IBSS_DEBUG */
3614 /* Selected IBSS not found in current scan results - try to scan */
3615 if (ifsta->state == IEEE80211_IBSS_JOINED &&
3616 !ieee80211_sta_active_ibss(dev)) {
3617 mod_timer(&ifsta->timer, jiffies +
3618 IEEE80211_IBSS_MERGE_INTERVAL);
3619 } else if (time_after(jiffies, local->last_scan_completed +
3620 IEEE80211_SCAN_INTERVAL)) {
3621 printk(KERN_DEBUG "%s: Trigger new scan to find an IBSS to "
3622 "join\n", dev->name);
3623 return ieee80211_sta_req_scan(dev, ifsta->ssid,
3625 } else if (ifsta->state != IEEE80211_IBSS_JOINED) {
3626 int interval = IEEE80211_SCAN_INTERVAL;
3628 if (time_after(jiffies, ifsta->ibss_join_req +
3629 IEEE80211_IBSS_JOIN_TIMEOUT)) {
3630 if ((ifsta->flags & IEEE80211_STA_CREATE_IBSS) &&
3631 (!(local->oper_channel->flags &
3632 IEEE80211_CHAN_NO_IBSS)))
3633 return ieee80211_sta_create_ibss(dev, ifsta);
3634 if (ifsta->flags & IEEE80211_STA_CREATE_IBSS) {
3635 printk(KERN_DEBUG "%s: IBSS not allowed on"
3636 " %d MHz\n", dev->name,
3637 local->hw.conf.channel->center_freq);
3640 /* No IBSS found - decrease scan interval and continue
3642 interval = IEEE80211_SCAN_INTERVAL_SLOW;
3645 ifsta->state = IEEE80211_IBSS_SEARCH;
3646 mod_timer(&ifsta->timer, jiffies + interval);
3654 int ieee80211_sta_set_ssid(struct net_device *dev, char *ssid, size_t len)
3656 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3657 struct ieee80211_if_sta *ifsta;
3659 if (len > IEEE80211_MAX_SSID_LEN)
3662 ifsta = &sdata->u.sta;
3664 if (ifsta->ssid_len != len || memcmp(ifsta->ssid, ssid, len) != 0)
3665 ifsta->flags &= ~IEEE80211_STA_PREV_BSSID_SET;
3666 memcpy(ifsta->ssid, ssid, len);
3667 memset(ifsta->ssid + len, 0, IEEE80211_MAX_SSID_LEN - len);
3668 ifsta->ssid_len = len;
3671 ifsta->flags |= IEEE80211_STA_SSID_SET;
3673 ifsta->flags &= ~IEEE80211_STA_SSID_SET;
3674 if (sdata->vif.type == IEEE80211_IF_TYPE_IBSS &&
3675 !(ifsta->flags & IEEE80211_STA_BSSID_SET)) {
3676 ifsta->ibss_join_req = jiffies;
3677 ifsta->state = IEEE80211_IBSS_SEARCH;
3678 return ieee80211_sta_find_ibss(dev, ifsta);
3684 int ieee80211_sta_get_ssid(struct net_device *dev, char *ssid, size_t *len)
3686 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3687 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
3688 memcpy(ssid, ifsta->ssid, ifsta->ssid_len);
3689 *len = ifsta->ssid_len;
3694 int ieee80211_sta_set_bssid(struct net_device *dev, u8 *bssid)
3696 struct ieee80211_sub_if_data *sdata;
3697 struct ieee80211_if_sta *ifsta;
3700 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3701 ifsta = &sdata->u.sta;
3703 if (memcmp(ifsta->bssid, bssid, ETH_ALEN) != 0) {
3704 memcpy(ifsta->bssid, bssid, ETH_ALEN);
3705 res = ieee80211_if_config(dev);
3707 printk(KERN_DEBUG "%s: Failed to config new BSSID to "
3708 "the low-level driver\n", dev->name);
3713 if (is_valid_ether_addr(bssid))
3714 ifsta->flags |= IEEE80211_STA_BSSID_SET;
3716 ifsta->flags &= ~IEEE80211_STA_BSSID_SET;
3722 static void ieee80211_send_nullfunc(struct ieee80211_local *local,
3723 struct ieee80211_sub_if_data *sdata,
3726 struct sk_buff *skb;
3727 struct ieee80211_hdr *nullfunc;
3730 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 24);
3732 printk(KERN_DEBUG "%s: failed to allocate buffer for nullfunc "
3733 "frame\n", sdata->dev->name);
3736 skb_reserve(skb, local->hw.extra_tx_headroom);
3738 nullfunc = (struct ieee80211_hdr *) skb_put(skb, 24);
3739 memset(nullfunc, 0, 24);
3740 fc = IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC |
3741 IEEE80211_FCTL_TODS;
3743 fc |= IEEE80211_FCTL_PM;
3744 nullfunc->frame_control = cpu_to_le16(fc);
3745 memcpy(nullfunc->addr1, sdata->u.sta.bssid, ETH_ALEN);
3746 memcpy(nullfunc->addr2, sdata->dev->dev_addr, ETH_ALEN);
3747 memcpy(nullfunc->addr3, sdata->u.sta.bssid, ETH_ALEN);
3749 ieee80211_sta_tx(sdata->dev, skb, 0);
3753 static void ieee80211_restart_sta_timer(struct ieee80211_sub_if_data *sdata)
3755 if (sdata->vif.type == IEEE80211_IF_TYPE_STA ||
3756 ieee80211_vif_is_mesh(&sdata->vif))
3757 ieee80211_sta_timer((unsigned long)sdata);
3760 void ieee80211_scan_completed(struct ieee80211_hw *hw)
3762 struct ieee80211_local *local = hw_to_local(hw);
3763 struct net_device *dev = local->scan_dev;
3764 struct ieee80211_sub_if_data *sdata;
3765 union iwreq_data wrqu;
3767 local->last_scan_completed = jiffies;
3768 memset(&wrqu, 0, sizeof(wrqu));
3769 wireless_send_event(dev, SIOCGIWSCAN, &wrqu, NULL);
3771 if (local->sta_hw_scanning) {
3772 local->sta_hw_scanning = 0;
3773 if (ieee80211_hw_config(local))
3774 printk(KERN_DEBUG "%s: failed to restore operational "
3775 "channel after scan\n", dev->name);
3776 /* Restart STA timer for HW scan case */
3778 list_for_each_entry_rcu(sdata, &local->interfaces, list)
3779 ieee80211_restart_sta_timer(sdata);
3785 local->sta_sw_scanning = 0;
3786 if (ieee80211_hw_config(local))
3787 printk(KERN_DEBUG "%s: failed to restore operational "
3788 "channel after scan\n", dev->name);
3791 netif_tx_lock_bh(local->mdev);
3792 local->filter_flags &= ~FIF_BCN_PRBRESP_PROMISC;
3793 local->ops->configure_filter(local_to_hw(local),
3794 FIF_BCN_PRBRESP_PROMISC,
3795 &local->filter_flags,
3796 local->mdev->mc_count,
3797 local->mdev->mc_list);
3799 netif_tx_unlock_bh(local->mdev);
3802 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
3804 /* No need to wake the master device. */
3805 if (sdata->dev == local->mdev)
3808 /* Tell AP we're back */
3809 if (sdata->vif.type == IEEE80211_IF_TYPE_STA &&
3810 sdata->u.sta.flags & IEEE80211_STA_ASSOCIATED)
3811 ieee80211_send_nullfunc(local, sdata, 0);
3813 ieee80211_restart_sta_timer(sdata);
3815 netif_wake_queue(sdata->dev);
3820 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3821 if (sdata->vif.type == IEEE80211_IF_TYPE_IBSS) {
3822 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
3823 if (!(ifsta->flags & IEEE80211_STA_BSSID_SET) ||
3824 (!ifsta->state == IEEE80211_IBSS_JOINED &&
3825 !ieee80211_sta_active_ibss(dev)))
3826 ieee80211_sta_find_ibss(dev, ifsta);
3829 EXPORT_SYMBOL(ieee80211_scan_completed);
3831 void ieee80211_sta_scan_work(struct work_struct *work)
3833 struct ieee80211_local *local =
3834 container_of(work, struct ieee80211_local, scan_work.work);
3835 struct net_device *dev = local->scan_dev;
3836 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3837 struct ieee80211_supported_band *sband;
3838 struct ieee80211_channel *chan;
3840 unsigned long next_delay = 0;
3842 if (!local->sta_sw_scanning)
3845 switch (local->scan_state) {
3846 case SCAN_SET_CHANNEL:
3848 * Get current scan band. scan_band may be IEEE80211_NUM_BANDS
3849 * after we successfully scanned the last channel of the last
3850 * band (and the last band is supported by the hw)
3852 if (local->scan_band < IEEE80211_NUM_BANDS)
3853 sband = local->hw.wiphy->bands[local->scan_band];
3858 * If we are at an unsupported band and have more bands
3859 * left to scan, advance to the next supported one.
3861 while (!sband && local->scan_band < IEEE80211_NUM_BANDS - 1) {
3863 sband = local->hw.wiphy->bands[local->scan_band];
3864 local->scan_channel_idx = 0;
3867 /* if no more bands/channels left, complete scan */
3868 if (!sband || local->scan_channel_idx >= sband->n_channels) {
3869 ieee80211_scan_completed(local_to_hw(local));
3873 chan = &sband->channels[local->scan_channel_idx];
3875 if (chan->flags & IEEE80211_CHAN_DISABLED ||
3876 (sdata->vif.type == IEEE80211_IF_TYPE_IBSS &&
3877 chan->flags & IEEE80211_CHAN_NO_IBSS))
3881 local->scan_channel = chan;
3882 if (ieee80211_hw_config(local)) {
3883 printk(KERN_DEBUG "%s: failed to set freq to "
3884 "%d MHz for scan\n", dev->name,
3890 /* advance state machine to next channel/band */
3891 local->scan_channel_idx++;
3892 if (local->scan_channel_idx >= sband->n_channels) {
3894 * scan_band may end up == IEEE80211_NUM_BANDS, but
3895 * we'll catch that case above and complete the scan
3896 * if that is the case.
3899 local->scan_channel_idx = 0;
3905 next_delay = IEEE80211_PROBE_DELAY +
3906 usecs_to_jiffies(local->hw.channel_change_time);
3907 local->scan_state = SCAN_SEND_PROBE;
3909 case SCAN_SEND_PROBE:
3910 next_delay = IEEE80211_PASSIVE_CHANNEL_TIME;
3911 local->scan_state = SCAN_SET_CHANNEL;
3913 if (local->scan_channel->flags & IEEE80211_CHAN_PASSIVE_SCAN)
3915 ieee80211_send_probe_req(dev, NULL, local->scan_ssid,
3916 local->scan_ssid_len);
3917 next_delay = IEEE80211_CHANNEL_TIME;
3921 if (local->sta_sw_scanning)
3922 queue_delayed_work(local->hw.workqueue, &local->scan_work,
3927 static int ieee80211_sta_start_scan(struct net_device *dev,
3928 u8 *ssid, size_t ssid_len)
3930 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
3931 struct ieee80211_sub_if_data *sdata;
3933 if (ssid_len > IEEE80211_MAX_SSID_LEN)
3936 /* MLME-SCAN.request (page 118) page 144 (11.1.3.1)
3937 * BSSType: INFRASTRUCTURE, INDEPENDENT, ANY_BSS
3940 * ScanType: ACTIVE, PASSIVE
3941 * ProbeDelay: delay (in microseconds) to be used prior to transmitting
3942 * a Probe frame during active scanning
3944 * MinChannelTime (>= ProbeDelay), in TU
3945 * MaxChannelTime: (>= MinChannelTime), in TU
3948 /* MLME-SCAN.confirm
3950 * ResultCode: SUCCESS, INVALID_PARAMETERS
3953 if (local->sta_sw_scanning || local->sta_hw_scanning) {
3954 if (local->scan_dev == dev)
3959 if (local->ops->hw_scan) {
3960 int rc = local->ops->hw_scan(local_to_hw(local),
3963 local->sta_hw_scanning = 1;
3964 local->scan_dev = dev;
3969 local->sta_sw_scanning = 1;
3972 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
3974 /* Don't stop the master interface, otherwise we can't transmit
3976 if (sdata->dev == local->mdev)
3979 netif_stop_queue(sdata->dev);
3980 if (sdata->vif.type == IEEE80211_IF_TYPE_STA &&
3981 (sdata->u.sta.flags & IEEE80211_STA_ASSOCIATED))
3982 ieee80211_send_nullfunc(local, sdata, 1);
3987 local->scan_ssid_len = ssid_len;
3988 memcpy(local->scan_ssid, ssid, ssid_len);
3990 local->scan_ssid_len = 0;
3991 local->scan_state = SCAN_SET_CHANNEL;
3992 local->scan_channel_idx = 0;
3993 local->scan_band = IEEE80211_BAND_2GHZ;
3994 local->scan_dev = dev;
3996 netif_tx_lock_bh(local->mdev);
3997 local->filter_flags |= FIF_BCN_PRBRESP_PROMISC;
3998 local->ops->configure_filter(local_to_hw(local),
3999 FIF_BCN_PRBRESP_PROMISC,
4000 &local->filter_flags,
4001 local->mdev->mc_count,
4002 local->mdev->mc_list);
4003 netif_tx_unlock_bh(local->mdev);
4005 /* TODO: start scan as soon as all nullfunc frames are ACKed */
4006 queue_delayed_work(local->hw.workqueue, &local->scan_work,
4007 IEEE80211_CHANNEL_TIME);
4013 int ieee80211_sta_req_scan(struct net_device *dev, u8 *ssid, size_t ssid_len)
4015 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4016 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
4017 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
4019 if (sdata->vif.type != IEEE80211_IF_TYPE_STA)
4020 return ieee80211_sta_start_scan(dev, ssid, ssid_len);
4022 if (local->sta_sw_scanning || local->sta_hw_scanning) {
4023 if (local->scan_dev == dev)
4028 ifsta->scan_ssid_len = ssid_len;
4030 memcpy(ifsta->scan_ssid, ssid, ssid_len);
4031 set_bit(IEEE80211_STA_REQ_SCAN, &ifsta->request);
4032 queue_work(local->hw.workqueue, &ifsta->work);
4037 ieee80211_sta_scan_result(struct net_device *dev,
4038 struct ieee80211_sta_bss *bss,
4039 char *current_ev, char *end_buf)
4041 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
4042 struct iw_event iwe;
4044 if (time_after(jiffies,
4045 bss->last_update + IEEE80211_SCAN_RESULT_EXPIRE))
4048 memset(&iwe, 0, sizeof(iwe));
4049 iwe.cmd = SIOCGIWAP;
4050 iwe.u.ap_addr.sa_family = ARPHRD_ETHER;
4051 memcpy(iwe.u.ap_addr.sa_data, bss->bssid, ETH_ALEN);
4052 current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe,
4055 memset(&iwe, 0, sizeof(iwe));
4056 iwe.cmd = SIOCGIWESSID;
4057 if (bss_mesh_cfg(bss)) {
4058 iwe.u.data.length = bss_mesh_id_len(bss);
4059 iwe.u.data.flags = 1;
4060 current_ev = iwe_stream_add_point(current_ev, end_buf, &iwe,
4063 iwe.u.data.length = bss->ssid_len;
4064 iwe.u.data.flags = 1;
4065 current_ev = iwe_stream_add_point(current_ev, end_buf, &iwe,
4069 if (bss->capability & (WLAN_CAPABILITY_ESS | WLAN_CAPABILITY_IBSS)
4070 || bss_mesh_cfg(bss)) {
4071 memset(&iwe, 0, sizeof(iwe));
4072 iwe.cmd = SIOCGIWMODE;
4073 if (bss_mesh_cfg(bss))
4074 iwe.u.mode = IW_MODE_MESH;
4075 else if (bss->capability & WLAN_CAPABILITY_ESS)
4076 iwe.u.mode = IW_MODE_MASTER;
4078 iwe.u.mode = IW_MODE_ADHOC;
4079 current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe,
4083 memset(&iwe, 0, sizeof(iwe));
4084 iwe.cmd = SIOCGIWFREQ;
4085 iwe.u.freq.m = bss->freq;
4087 current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe,
4090 memset(&iwe, 0, sizeof(iwe));
4091 iwe.cmd = SIOCGIWFREQ;
4092 iwe.u.freq.m = ieee80211_frequency_to_channel(bss->freq);
4094 current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe,
4097 memset(&iwe, 0, sizeof(iwe));
4099 iwe.u.qual.qual = bss->qual;
4100 iwe.u.qual.level = bss->signal;
4101 iwe.u.qual.noise = bss->noise;
4102 iwe.u.qual.updated = local->wstats_flags;
4103 current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe,
4106 memset(&iwe, 0, sizeof(iwe));
4107 iwe.cmd = SIOCGIWENCODE;
4108 if (bss->capability & WLAN_CAPABILITY_PRIVACY)
4109 iwe.u.data.flags = IW_ENCODE_ENABLED | IW_ENCODE_NOKEY;
4111 iwe.u.data.flags = IW_ENCODE_DISABLED;
4112 iwe.u.data.length = 0;
4113 current_ev = iwe_stream_add_point(current_ev, end_buf, &iwe, "");
4115 if (bss && bss->wpa_ie) {
4116 memset(&iwe, 0, sizeof(iwe));
4117 iwe.cmd = IWEVGENIE;
4118 iwe.u.data.length = bss->wpa_ie_len;
4119 current_ev = iwe_stream_add_point(current_ev, end_buf, &iwe,
4123 if (bss && bss->rsn_ie) {
4124 memset(&iwe, 0, sizeof(iwe));
4125 iwe.cmd = IWEVGENIE;
4126 iwe.u.data.length = bss->rsn_ie_len;
4127 current_ev = iwe_stream_add_point(current_ev, end_buf, &iwe,
4131 if (bss && bss->supp_rates_len > 0) {
4132 /* display all supported rates in readable format */
4133 char *p = current_ev + IW_EV_LCP_LEN;
4136 memset(&iwe, 0, sizeof(iwe));
4137 iwe.cmd = SIOCGIWRATE;
4138 /* Those two flags are ignored... */
4139 iwe.u.bitrate.fixed = iwe.u.bitrate.disabled = 0;
4141 for (i = 0; i < bss->supp_rates_len; i++) {
4142 iwe.u.bitrate.value = ((bss->supp_rates[i] &
4144 p = iwe_stream_add_value(current_ev, p,
4145 end_buf, &iwe, IW_EV_PARAM_LEN);
4152 buf = kmalloc(30, GFP_ATOMIC);
4154 memset(&iwe, 0, sizeof(iwe));
4155 iwe.cmd = IWEVCUSTOM;
4156 sprintf(buf, "tsf=%016llx", (unsigned long long)(bss->timestamp));
4157 iwe.u.data.length = strlen(buf);
4158 current_ev = iwe_stream_add_point(current_ev, end_buf,
4164 if (bss_mesh_cfg(bss)) {
4166 u8 *cfg = bss_mesh_cfg(bss);
4167 buf = kmalloc(50, GFP_ATOMIC);
4169 memset(&iwe, 0, sizeof(iwe));
4170 iwe.cmd = IWEVCUSTOM;
4171 sprintf(buf, "Mesh network (version %d)", cfg[0]);
4172 iwe.u.data.length = strlen(buf);
4173 current_ev = iwe_stream_add_point(current_ev, end_buf,
4175 sprintf(buf, "Path Selection Protocol ID: "
4176 "0x%02X%02X%02X%02X", cfg[1], cfg[2], cfg[3],
4178 iwe.u.data.length = strlen(buf);
4179 current_ev = iwe_stream_add_point(current_ev, end_buf,
4181 sprintf(buf, "Path Selection Metric ID: "
4182 "0x%02X%02X%02X%02X", cfg[5], cfg[6], cfg[7],
4184 iwe.u.data.length = strlen(buf);
4185 current_ev = iwe_stream_add_point(current_ev, end_buf,
4187 sprintf(buf, "Congestion Control Mode ID: "
4188 "0x%02X%02X%02X%02X", cfg[9], cfg[10],
4190 iwe.u.data.length = strlen(buf);
4191 current_ev = iwe_stream_add_point(current_ev, end_buf,
4193 sprintf(buf, "Channel Precedence: "
4194 "0x%02X%02X%02X%02X", cfg[13], cfg[14],
4196 iwe.u.data.length = strlen(buf);
4197 current_ev = iwe_stream_add_point(current_ev, end_buf,
4207 int ieee80211_sta_scan_results(struct net_device *dev, char *buf, size_t len)
4209 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
4210 char *current_ev = buf;
4211 char *end_buf = buf + len;
4212 struct ieee80211_sta_bss *bss;
4214 spin_lock_bh(&local->sta_bss_lock);
4215 list_for_each_entry(bss, &local->sta_bss_list, list) {
4216 if (buf + len - current_ev <= IW_EV_ADDR_LEN) {
4217 spin_unlock_bh(&local->sta_bss_lock);
4220 current_ev = ieee80211_sta_scan_result(dev, bss, current_ev,
4223 spin_unlock_bh(&local->sta_bss_lock);
4224 return current_ev - buf;
4228 int ieee80211_sta_set_extra_ie(struct net_device *dev, char *ie, size_t len)
4230 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4231 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
4233 kfree(ifsta->extra_ie);
4235 ifsta->extra_ie = NULL;
4236 ifsta->extra_ie_len = 0;
4239 ifsta->extra_ie = kmalloc(len, GFP_KERNEL);
4240 if (!ifsta->extra_ie) {
4241 ifsta->extra_ie_len = 0;
4244 memcpy(ifsta->extra_ie, ie, len);
4245 ifsta->extra_ie_len = len;
4250 struct sta_info *ieee80211_ibss_add_sta(struct net_device *dev,
4251 struct sk_buff *skb, u8 *bssid,
4254 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
4255 struct sta_info *sta;
4256 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4257 DECLARE_MAC_BUF(mac);
4259 /* TODO: Could consider removing the least recently used entry and
4260 * allow new one to be added. */
4261 if (local->num_sta >= IEEE80211_IBSS_MAX_STA_ENTRIES) {
4262 if (net_ratelimit()) {
4263 printk(KERN_DEBUG "%s: No room for a new IBSS STA "
4264 "entry %s\n", dev->name, print_mac(mac, addr));
4269 printk(KERN_DEBUG "%s: Adding new IBSS station %s (dev=%s)\n",
4270 wiphy_name(local->hw.wiphy), print_mac(mac, addr), dev->name);
4272 sta = sta_info_alloc(sdata, addr, GFP_ATOMIC);
4276 set_sta_flags(sta, WLAN_STA_AUTHORIZED);
4278 sta->supp_rates[local->hw.conf.channel->band] =
4279 sdata->u.sta.supp_rates_bits[local->hw.conf.channel->band];
4281 rate_control_rate_init(sta, local);
4283 if (sta_info_insert(sta))
4290 int ieee80211_sta_deauthenticate(struct net_device *dev, u16 reason)
4292 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4293 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
4295 printk(KERN_DEBUG "%s: deauthenticate(reason=%d)\n",
4298 if (sdata->vif.type != IEEE80211_IF_TYPE_STA &&
4299 sdata->vif.type != IEEE80211_IF_TYPE_IBSS)
4302 ieee80211_send_deauth(dev, ifsta, reason);
4303 ieee80211_set_disassoc(dev, ifsta, 1);
4308 int ieee80211_sta_disassociate(struct net_device *dev, u16 reason)
4310 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4311 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
4313 printk(KERN_DEBUG "%s: disassociate(reason=%d)\n",
4316 if (sdata->vif.type != IEEE80211_IF_TYPE_STA)
4319 if (!(ifsta->flags & IEEE80211_STA_ASSOCIATED))
4322 ieee80211_send_disassoc(dev, ifsta, reason);
4323 ieee80211_set_disassoc(dev, ifsta, 0);
4327 void ieee80211_notify_mac(struct ieee80211_hw *hw,
4328 enum ieee80211_notification_types notif_type)
4330 struct ieee80211_local *local = hw_to_local(hw);
4331 struct ieee80211_sub_if_data *sdata;
4333 switch (notif_type) {
4334 case IEEE80211_NOTIFY_RE_ASSOC:
4336 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
4338 if (sdata->vif.type == IEEE80211_IF_TYPE_STA) {
4339 ieee80211_sta_req_auth(sdata->dev,
4348 EXPORT_SYMBOL(ieee80211_notify_mac);