1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Intersil Prism2 driver with Host AP (software access point) support 4 * Copyright (c) 2001-2002, SSH Communications Security Corp and Jouni Malinen 5 * <j@w1.fi> 6 * Copyright (c) 2002-2005, Jouni Malinen <j@w1.fi> 7 * 8 * This file is to be included into hostap.c when S/W AP functionality is 9 * compiled. 10 * 11 * AP: FIX: 12 * - if unicast Class 2 (assoc,reassoc,disassoc) frame received from 13 * unauthenticated STA, send deauth. frame (8802.11: 5.5) 14 * - if unicast Class 3 (data with to/from DS,deauth,pspoll) frame received 15 * from authenticated, but unassoc STA, send disassoc frame (8802.11: 5.5) 16 * - if unicast Class 3 received from unauthenticated STA, send deauth. frame 17 * (8802.11: 5.5) 18 */ 19 20 #include <linux/proc_fs.h> 21 #include <linux/seq_file.h> 22 #include <linux/delay.h> 23 #include <linux/random.h> 24 #include <linux/if_arp.h> 25 #include <linux/slab.h> 26 #include <linux/export.h> 27 #include <linux/moduleparam.h> 28 #include <linux/etherdevice.h> 29 30 #include "hostap_wlan.h" 31 #include "hostap.h" 32 #include "hostap_ap.h" 33 34 static int other_ap_policy[MAX_PARM_DEVICES] = { AP_OTHER_AP_SKIP_ALL, 35 DEF_INTS }; 36 module_param_array(other_ap_policy, int, NULL, 0444); 37 MODULE_PARM_DESC(other_ap_policy, "Other AP beacon monitoring policy (0-3)"); 38 39 static int ap_max_inactivity[MAX_PARM_DEVICES] = { AP_MAX_INACTIVITY_SEC, 40 DEF_INTS }; 41 module_param_array(ap_max_inactivity, int, NULL, 0444); 42 MODULE_PARM_DESC(ap_max_inactivity, "AP timeout (in seconds) for station " 43 "inactivity"); 44 45 static int ap_bridge_packets[MAX_PARM_DEVICES] = { 1, DEF_INTS }; 46 module_param_array(ap_bridge_packets, int, NULL, 0444); 47 MODULE_PARM_DESC(ap_bridge_packets, "Bridge packets directly between " 48 "stations"); 49 50 static int autom_ap_wds[MAX_PARM_DEVICES] = { 0, DEF_INTS }; 51 module_param_array(autom_ap_wds, int, NULL, 0444); 52 MODULE_PARM_DESC(autom_ap_wds, "Add WDS connections to other APs " 53 "automatically"); 54 55 56 static struct sta_info* ap_get_sta(struct ap_data *ap, u8 *sta); 57 static void hostap_event_expired_sta(struct net_device *dev, 58 struct sta_info *sta); 59 static void handle_add_proc_queue(struct work_struct *work); 60 61 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 62 static void handle_wds_oper_queue(struct work_struct *work); 63 static void prism2_send_mgmt(struct net_device *dev, 64 u16 type_subtype, char *body, 65 int body_len, u8 *addr, u16 tx_cb_idx); 66 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 67 68 69 #ifndef PRISM2_NO_PROCFS_DEBUG 70 static int ap_debug_proc_show(struct seq_file *m, void *v) 71 { 72 struct ap_data *ap = m->private; 73 74 seq_printf(m, "BridgedUnicastFrames=%u\n", ap->bridged_unicast); 75 seq_printf(m, "BridgedMulticastFrames=%u\n", ap->bridged_multicast); 76 seq_printf(m, "max_inactivity=%u\n", ap->max_inactivity / HZ); 77 seq_printf(m, "bridge_packets=%u\n", ap->bridge_packets); 78 seq_printf(m, "nullfunc_ack=%u\n", ap->nullfunc_ack); 79 seq_printf(m, "autom_ap_wds=%u\n", ap->autom_ap_wds); 80 seq_printf(m, "auth_algs=%u\n", ap->local->auth_algs); 81 seq_printf(m, "tx_drop_nonassoc=%u\n", ap->tx_drop_nonassoc); 82 return 0; 83 } 84 85 static int ap_debug_proc_open(struct inode *inode, struct file *file) 86 { 87 return single_open(file, ap_debug_proc_show, PDE_DATA(inode)); 88 } 89 90 static const struct file_operations ap_debug_proc_fops = { 91 .open = ap_debug_proc_open, 92 .read = seq_read, 93 .llseek = seq_lseek, 94 .release = single_release, 95 }; 96 #endif /* PRISM2_NO_PROCFS_DEBUG */ 97 98 99 static void ap_sta_hash_add(struct ap_data *ap, struct sta_info *sta) 100 { 101 sta->hnext = ap->sta_hash[STA_HASH(sta->addr)]; 102 ap->sta_hash[STA_HASH(sta->addr)] = sta; 103 } 104 105 static void ap_sta_hash_del(struct ap_data *ap, struct sta_info *sta) 106 { 107 struct sta_info *s; 108 109 s = ap->sta_hash[STA_HASH(sta->addr)]; 110 if (s == NULL) return; 111 if (ether_addr_equal(s->addr, sta->addr)) { 112 ap->sta_hash[STA_HASH(sta->addr)] = s->hnext; 113 return; 114 } 115 116 while (s->hnext != NULL && !ether_addr_equal(s->hnext->addr, sta->addr)) 117 s = s->hnext; 118 if (s->hnext != NULL) 119 s->hnext = s->hnext->hnext; 120 else 121 printk("AP: could not remove STA %pM from hash table\n", 122 sta->addr); 123 } 124 125 static void ap_free_sta(struct ap_data *ap, struct sta_info *sta) 126 { 127 if (sta->ap && sta->local) 128 hostap_event_expired_sta(sta->local->dev, sta); 129 130 if (ap->proc != NULL) { 131 char name[20]; 132 sprintf(name, "%pM", sta->addr); 133 remove_proc_entry(name, ap->proc); 134 } 135 136 if (sta->crypt) { 137 sta->crypt->ops->deinit(sta->crypt->priv); 138 kfree(sta->crypt); 139 sta->crypt = NULL; 140 } 141 142 skb_queue_purge(&sta->tx_buf); 143 144 ap->num_sta--; 145 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 146 if (sta->aid > 0) 147 ap->sta_aid[sta->aid - 1] = NULL; 148 149 if (!sta->ap) 150 kfree(sta->u.sta.challenge); 151 del_timer_sync(&sta->timer); 152 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 153 154 kfree(sta); 155 } 156 157 158 static void hostap_set_tim(local_info_t *local, int aid, int set) 159 { 160 if (local->func->set_tim) 161 local->func->set_tim(local->dev, aid, set); 162 } 163 164 165 static void hostap_event_new_sta(struct net_device *dev, struct sta_info *sta) 166 { 167 union iwreq_data wrqu; 168 memset(&wrqu, 0, sizeof(wrqu)); 169 memcpy(wrqu.addr.sa_data, sta->addr, ETH_ALEN); 170 wrqu.addr.sa_family = ARPHRD_ETHER; 171 wireless_send_event(dev, IWEVREGISTERED, &wrqu, NULL); 172 } 173 174 175 static void hostap_event_expired_sta(struct net_device *dev, 176 struct sta_info *sta) 177 { 178 union iwreq_data wrqu; 179 memset(&wrqu, 0, sizeof(wrqu)); 180 memcpy(wrqu.addr.sa_data, sta->addr, ETH_ALEN); 181 wrqu.addr.sa_family = ARPHRD_ETHER; 182 wireless_send_event(dev, IWEVEXPIRED, &wrqu, NULL); 183 } 184 185 186 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 187 188 static void ap_handle_timer(struct timer_list *t) 189 { 190 struct sta_info *sta = from_timer(sta, t, timer); 191 local_info_t *local; 192 struct ap_data *ap; 193 unsigned long next_time = 0; 194 int was_assoc; 195 196 if (sta == NULL || sta->local == NULL || sta->local->ap == NULL) { 197 PDEBUG(DEBUG_AP, "ap_handle_timer() called with NULL data\n"); 198 return; 199 } 200 201 local = sta->local; 202 ap = local->ap; 203 was_assoc = sta->flags & WLAN_STA_ASSOC; 204 205 if (atomic_read(&sta->users) != 0) 206 next_time = jiffies + HZ; 207 else if ((sta->flags & WLAN_STA_PERM) && !(sta->flags & WLAN_STA_AUTH)) 208 next_time = jiffies + ap->max_inactivity; 209 210 if (time_before(jiffies, sta->last_rx + ap->max_inactivity)) { 211 /* station activity detected; reset timeout state */ 212 sta->timeout_next = STA_NULLFUNC; 213 next_time = sta->last_rx + ap->max_inactivity; 214 } else if (sta->timeout_next == STA_DISASSOC && 215 !(sta->flags & WLAN_STA_PENDING_POLL)) { 216 /* STA ACKed data nullfunc frame poll */ 217 sta->timeout_next = STA_NULLFUNC; 218 next_time = jiffies + ap->max_inactivity; 219 } 220 221 if (next_time) { 222 sta->timer.expires = next_time; 223 add_timer(&sta->timer); 224 return; 225 } 226 227 if (sta->ap) 228 sta->timeout_next = STA_DEAUTH; 229 230 if (sta->timeout_next == STA_DEAUTH && !(sta->flags & WLAN_STA_PERM)) { 231 spin_lock(&ap->sta_table_lock); 232 ap_sta_hash_del(ap, sta); 233 list_del(&sta->list); 234 spin_unlock(&ap->sta_table_lock); 235 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC); 236 } else if (sta->timeout_next == STA_DISASSOC) 237 sta->flags &= ~WLAN_STA_ASSOC; 238 239 if (was_assoc && !(sta->flags & WLAN_STA_ASSOC) && !sta->ap) 240 hostap_event_expired_sta(local->dev, sta); 241 242 if (sta->timeout_next == STA_DEAUTH && sta->aid > 0 && 243 !skb_queue_empty(&sta->tx_buf)) { 244 hostap_set_tim(local, sta->aid, 0); 245 sta->flags &= ~WLAN_STA_TIM; 246 } 247 248 if (sta->ap) { 249 if (ap->autom_ap_wds) { 250 PDEBUG(DEBUG_AP, "%s: removing automatic WDS " 251 "connection to AP %pM\n", 252 local->dev->name, sta->addr); 253 hostap_wds_link_oper(local, sta->addr, WDS_DEL); 254 } 255 } else if (sta->timeout_next == STA_NULLFUNC) { 256 /* send data frame to poll STA and check whether this frame 257 * is ACKed */ 258 /* FIX: IEEE80211_STYPE_NULLFUNC would be more appropriate, but 259 * it is apparently not retried so TX Exc events are not 260 * received for it */ 261 sta->flags |= WLAN_STA_PENDING_POLL; 262 prism2_send_mgmt(local->dev, IEEE80211_FTYPE_DATA | 263 IEEE80211_STYPE_DATA, NULL, 0, 264 sta->addr, ap->tx_callback_poll); 265 } else { 266 int deauth = sta->timeout_next == STA_DEAUTH; 267 __le16 resp; 268 PDEBUG(DEBUG_AP, "%s: sending %s info to STA %pM" 269 "(last=%lu, jiffies=%lu)\n", 270 local->dev->name, 271 deauth ? "deauthentication" : "disassociation", 272 sta->addr, sta->last_rx, jiffies); 273 274 resp = cpu_to_le16(deauth ? WLAN_REASON_PREV_AUTH_NOT_VALID : 275 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY); 276 prism2_send_mgmt(local->dev, IEEE80211_FTYPE_MGMT | 277 (deauth ? IEEE80211_STYPE_DEAUTH : 278 IEEE80211_STYPE_DISASSOC), 279 (char *) &resp, 2, sta->addr, 0); 280 } 281 282 if (sta->timeout_next == STA_DEAUTH) { 283 if (sta->flags & WLAN_STA_PERM) { 284 PDEBUG(DEBUG_AP, "%s: STA %pM" 285 " would have been removed, " 286 "but it has 'perm' flag\n", 287 local->dev->name, sta->addr); 288 } else 289 ap_free_sta(ap, sta); 290 return; 291 } 292 293 if (sta->timeout_next == STA_NULLFUNC) { 294 sta->timeout_next = STA_DISASSOC; 295 sta->timer.expires = jiffies + AP_DISASSOC_DELAY; 296 } else { 297 sta->timeout_next = STA_DEAUTH; 298 sta->timer.expires = jiffies + AP_DEAUTH_DELAY; 299 } 300 301 add_timer(&sta->timer); 302 } 303 304 305 void hostap_deauth_all_stas(struct net_device *dev, struct ap_data *ap, 306 int resend) 307 { 308 u8 addr[ETH_ALEN]; 309 __le16 resp; 310 int i; 311 312 PDEBUG(DEBUG_AP, "%s: Deauthenticate all stations\n", dev->name); 313 eth_broadcast_addr(addr); 314 315 resp = cpu_to_le16(WLAN_REASON_PREV_AUTH_NOT_VALID); 316 317 /* deauth message sent; try to resend it few times; the message is 318 * broadcast, so it may be delayed until next DTIM; there is not much 319 * else we can do at this point since the driver is going to be shut 320 * down */ 321 for (i = 0; i < 5; i++) { 322 prism2_send_mgmt(dev, IEEE80211_FTYPE_MGMT | 323 IEEE80211_STYPE_DEAUTH, 324 (char *) &resp, 2, addr, 0); 325 326 if (!resend || ap->num_sta <= 0) 327 return; 328 329 mdelay(50); 330 } 331 } 332 333 334 static int ap_control_proc_show(struct seq_file *m, void *v) 335 { 336 struct ap_data *ap = m->private; 337 char *policy_txt; 338 struct mac_entry *entry; 339 340 if (v == SEQ_START_TOKEN) { 341 switch (ap->mac_restrictions.policy) { 342 case MAC_POLICY_OPEN: 343 policy_txt = "open"; 344 break; 345 case MAC_POLICY_ALLOW: 346 policy_txt = "allow"; 347 break; 348 case MAC_POLICY_DENY: 349 policy_txt = "deny"; 350 break; 351 default: 352 policy_txt = "unknown"; 353 break; 354 } 355 seq_printf(m, "MAC policy: %s\n", policy_txt); 356 seq_printf(m, "MAC entries: %u\n", ap->mac_restrictions.entries); 357 seq_puts(m, "MAC list:\n"); 358 return 0; 359 } 360 361 entry = v; 362 seq_printf(m, "%pM\n", entry->addr); 363 return 0; 364 } 365 366 static void *ap_control_proc_start(struct seq_file *m, loff_t *_pos) 367 { 368 struct ap_data *ap = m->private; 369 spin_lock_bh(&ap->mac_restrictions.lock); 370 return seq_list_start_head(&ap->mac_restrictions.mac_list, *_pos); 371 } 372 373 static void *ap_control_proc_next(struct seq_file *m, void *v, loff_t *_pos) 374 { 375 struct ap_data *ap = m->private; 376 return seq_list_next(v, &ap->mac_restrictions.mac_list, _pos); 377 } 378 379 static void ap_control_proc_stop(struct seq_file *m, void *v) 380 { 381 struct ap_data *ap = m->private; 382 spin_unlock_bh(&ap->mac_restrictions.lock); 383 } 384 385 static const struct seq_operations ap_control_proc_seqops = { 386 .start = ap_control_proc_start, 387 .next = ap_control_proc_next, 388 .stop = ap_control_proc_stop, 389 .show = ap_control_proc_show, 390 }; 391 392 static int ap_control_proc_open(struct inode *inode, struct file *file) 393 { 394 int ret = seq_open(file, &ap_control_proc_seqops); 395 if (ret == 0) { 396 struct seq_file *m = file->private_data; 397 m->private = PDE_DATA(inode); 398 } 399 return ret; 400 } 401 402 static const struct file_operations ap_control_proc_fops = { 403 .open = ap_control_proc_open, 404 .read = seq_read, 405 .llseek = seq_lseek, 406 .release = seq_release, 407 }; 408 409 410 int ap_control_add_mac(struct mac_restrictions *mac_restrictions, u8 *mac) 411 { 412 struct mac_entry *entry; 413 414 entry = kmalloc(sizeof(struct mac_entry), GFP_KERNEL); 415 if (entry == NULL) 416 return -ENOMEM; 417 418 memcpy(entry->addr, mac, ETH_ALEN); 419 420 spin_lock_bh(&mac_restrictions->lock); 421 list_add_tail(&entry->list, &mac_restrictions->mac_list); 422 mac_restrictions->entries++; 423 spin_unlock_bh(&mac_restrictions->lock); 424 425 return 0; 426 } 427 428 429 int ap_control_del_mac(struct mac_restrictions *mac_restrictions, u8 *mac) 430 { 431 struct list_head *ptr; 432 struct mac_entry *entry; 433 434 spin_lock_bh(&mac_restrictions->lock); 435 for (ptr = mac_restrictions->mac_list.next; 436 ptr != &mac_restrictions->mac_list; ptr = ptr->next) { 437 entry = list_entry(ptr, struct mac_entry, list); 438 439 if (ether_addr_equal(entry->addr, mac)) { 440 list_del(ptr); 441 kfree(entry); 442 mac_restrictions->entries--; 443 spin_unlock_bh(&mac_restrictions->lock); 444 return 0; 445 } 446 } 447 spin_unlock_bh(&mac_restrictions->lock); 448 return -1; 449 } 450 451 452 static int ap_control_mac_deny(struct mac_restrictions *mac_restrictions, 453 u8 *mac) 454 { 455 struct mac_entry *entry; 456 int found = 0; 457 458 if (mac_restrictions->policy == MAC_POLICY_OPEN) 459 return 0; 460 461 spin_lock_bh(&mac_restrictions->lock); 462 list_for_each_entry(entry, &mac_restrictions->mac_list, list) { 463 if (ether_addr_equal(entry->addr, mac)) { 464 found = 1; 465 break; 466 } 467 } 468 spin_unlock_bh(&mac_restrictions->lock); 469 470 if (mac_restrictions->policy == MAC_POLICY_ALLOW) 471 return !found; 472 else 473 return found; 474 } 475 476 477 void ap_control_flush_macs(struct mac_restrictions *mac_restrictions) 478 { 479 struct list_head *ptr, *n; 480 struct mac_entry *entry; 481 482 if (mac_restrictions->entries == 0) 483 return; 484 485 spin_lock_bh(&mac_restrictions->lock); 486 for (ptr = mac_restrictions->mac_list.next, n = ptr->next; 487 ptr != &mac_restrictions->mac_list; 488 ptr = n, n = ptr->next) { 489 entry = list_entry(ptr, struct mac_entry, list); 490 list_del(ptr); 491 kfree(entry); 492 } 493 mac_restrictions->entries = 0; 494 spin_unlock_bh(&mac_restrictions->lock); 495 } 496 497 498 int ap_control_kick_mac(struct ap_data *ap, struct net_device *dev, u8 *mac) 499 { 500 struct sta_info *sta; 501 __le16 resp; 502 503 spin_lock_bh(&ap->sta_table_lock); 504 sta = ap_get_sta(ap, mac); 505 if (sta) { 506 ap_sta_hash_del(ap, sta); 507 list_del(&sta->list); 508 } 509 spin_unlock_bh(&ap->sta_table_lock); 510 511 if (!sta) 512 return -EINVAL; 513 514 resp = cpu_to_le16(WLAN_REASON_PREV_AUTH_NOT_VALID); 515 prism2_send_mgmt(dev, IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_DEAUTH, 516 (char *) &resp, 2, sta->addr, 0); 517 518 if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap) 519 hostap_event_expired_sta(dev, sta); 520 521 ap_free_sta(ap, sta); 522 523 return 0; 524 } 525 526 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 527 528 529 void ap_control_kickall(struct ap_data *ap) 530 { 531 struct list_head *ptr, *n; 532 struct sta_info *sta; 533 534 spin_lock_bh(&ap->sta_table_lock); 535 for (ptr = ap->sta_list.next, n = ptr->next; ptr != &ap->sta_list; 536 ptr = n, n = ptr->next) { 537 sta = list_entry(ptr, struct sta_info, list); 538 ap_sta_hash_del(ap, sta); 539 list_del(&sta->list); 540 if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap && sta->local) 541 hostap_event_expired_sta(sta->local->dev, sta); 542 ap_free_sta(ap, sta); 543 } 544 spin_unlock_bh(&ap->sta_table_lock); 545 } 546 547 548 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 549 550 static int prism2_ap_proc_show(struct seq_file *m, void *v) 551 { 552 struct sta_info *sta = v; 553 int i; 554 555 if (v == SEQ_START_TOKEN) { 556 seq_printf(m, "# BSSID CHAN SIGNAL NOISE RATE SSID FLAGS\n"); 557 return 0; 558 } 559 560 if (!sta->ap) 561 return 0; 562 563 seq_printf(m, "%pM %d %d %d %d '", 564 sta->addr, 565 sta->u.ap.channel, sta->last_rx_signal, 566 sta->last_rx_silence, sta->last_rx_rate); 567 568 for (i = 0; i < sta->u.ap.ssid_len; i++) { 569 if (sta->u.ap.ssid[i] >= 32 && sta->u.ap.ssid[i] < 127) 570 seq_putc(m, sta->u.ap.ssid[i]); 571 else 572 seq_printf(m, "<%02x>", sta->u.ap.ssid[i]); 573 } 574 575 seq_putc(m, '\''); 576 if (sta->capability & WLAN_CAPABILITY_ESS) 577 seq_puts(m, " [ESS]"); 578 if (sta->capability & WLAN_CAPABILITY_IBSS) 579 seq_puts(m, " [IBSS]"); 580 if (sta->capability & WLAN_CAPABILITY_PRIVACY) 581 seq_puts(m, " [WEP]"); 582 seq_putc(m, '\n'); 583 return 0; 584 } 585 586 static void *prism2_ap_proc_start(struct seq_file *m, loff_t *_pos) 587 { 588 struct ap_data *ap = m->private; 589 spin_lock_bh(&ap->sta_table_lock); 590 return seq_list_start_head(&ap->sta_list, *_pos); 591 } 592 593 static void *prism2_ap_proc_next(struct seq_file *m, void *v, loff_t *_pos) 594 { 595 struct ap_data *ap = m->private; 596 return seq_list_next(v, &ap->sta_list, _pos); 597 } 598 599 static void prism2_ap_proc_stop(struct seq_file *m, void *v) 600 { 601 struct ap_data *ap = m->private; 602 spin_unlock_bh(&ap->sta_table_lock); 603 } 604 605 static const struct seq_operations prism2_ap_proc_seqops = { 606 .start = prism2_ap_proc_start, 607 .next = prism2_ap_proc_next, 608 .stop = prism2_ap_proc_stop, 609 .show = prism2_ap_proc_show, 610 }; 611 612 static int prism2_ap_proc_open(struct inode *inode, struct file *file) 613 { 614 int ret = seq_open(file, &prism2_ap_proc_seqops); 615 if (ret == 0) { 616 struct seq_file *m = file->private_data; 617 m->private = PDE_DATA(inode); 618 } 619 return ret; 620 } 621 622 static const struct file_operations prism2_ap_proc_fops = { 623 .open = prism2_ap_proc_open, 624 .read = seq_read, 625 .llseek = seq_lseek, 626 .release = seq_release, 627 }; 628 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 629 630 631 void hostap_check_sta_fw_version(struct ap_data *ap, int sta_fw_ver) 632 { 633 if (!ap) 634 return; 635 636 if (sta_fw_ver == PRISM2_FW_VER(0,8,0)) { 637 PDEBUG(DEBUG_AP, "Using data::nullfunc ACK workaround - " 638 "firmware upgrade recommended\n"); 639 ap->nullfunc_ack = 1; 640 } else 641 ap->nullfunc_ack = 0; 642 643 if (sta_fw_ver == PRISM2_FW_VER(1,4,2)) { 644 printk(KERN_WARNING "%s: Warning: secondary station firmware " 645 "version 1.4.2 does not seem to work in Host AP mode\n", 646 ap->local->dev->name); 647 } 648 } 649 650 651 /* Called only as a tasklet (software IRQ) */ 652 static void hostap_ap_tx_cb(struct sk_buff *skb, int ok, void *data) 653 { 654 struct ap_data *ap = data; 655 struct ieee80211_hdr *hdr; 656 657 if (!ap->local->hostapd || !ap->local->apdev) { 658 dev_kfree_skb(skb); 659 return; 660 } 661 662 /* Pass the TX callback frame to the hostapd; use 802.11 header version 663 * 1 to indicate failure (no ACK) and 2 success (frame ACKed) */ 664 665 hdr = (struct ieee80211_hdr *) skb->data; 666 hdr->frame_control &= cpu_to_le16(~IEEE80211_FCTL_VERS); 667 hdr->frame_control |= cpu_to_le16(ok ? BIT(1) : BIT(0)); 668 669 skb->dev = ap->local->apdev; 670 skb_pull(skb, hostap_80211_get_hdrlen(hdr->frame_control)); 671 skb->pkt_type = PACKET_OTHERHOST; 672 skb->protocol = cpu_to_be16(ETH_P_802_2); 673 memset(skb->cb, 0, sizeof(skb->cb)); 674 netif_rx(skb); 675 } 676 677 678 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 679 /* Called only as a tasklet (software IRQ) */ 680 static void hostap_ap_tx_cb_auth(struct sk_buff *skb, int ok, void *data) 681 { 682 struct ap_data *ap = data; 683 struct net_device *dev = ap->local->dev; 684 struct ieee80211_hdr *hdr; 685 u16 auth_alg, auth_transaction, status; 686 __le16 *pos; 687 struct sta_info *sta = NULL; 688 char *txt = NULL; 689 690 if (ap->local->hostapd) { 691 dev_kfree_skb(skb); 692 return; 693 } 694 695 hdr = (struct ieee80211_hdr *) skb->data; 696 if (!ieee80211_is_auth(hdr->frame_control) || 697 skb->len < IEEE80211_MGMT_HDR_LEN + 6) { 698 printk(KERN_DEBUG "%s: hostap_ap_tx_cb_auth received invalid " 699 "frame\n", dev->name); 700 dev_kfree_skb(skb); 701 return; 702 } 703 704 pos = (__le16 *) (skb->data + IEEE80211_MGMT_HDR_LEN); 705 auth_alg = le16_to_cpu(*pos++); 706 auth_transaction = le16_to_cpu(*pos++); 707 status = le16_to_cpu(*pos++); 708 709 if (!ok) { 710 txt = "frame was not ACKed"; 711 goto done; 712 } 713 714 spin_lock(&ap->sta_table_lock); 715 sta = ap_get_sta(ap, hdr->addr1); 716 if (sta) 717 atomic_inc(&sta->users); 718 spin_unlock(&ap->sta_table_lock); 719 720 if (!sta) { 721 txt = "STA not found"; 722 goto done; 723 } 724 725 if (status == WLAN_STATUS_SUCCESS && 726 ((auth_alg == WLAN_AUTH_OPEN && auth_transaction == 2) || 727 (auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 4))) { 728 txt = "STA authenticated"; 729 sta->flags |= WLAN_STA_AUTH; 730 sta->last_auth = jiffies; 731 } else if (status != WLAN_STATUS_SUCCESS) 732 txt = "authentication failed"; 733 734 done: 735 if (sta) 736 atomic_dec(&sta->users); 737 if (txt) { 738 PDEBUG(DEBUG_AP, "%s: %pM auth_cb - alg=%d " 739 "trans#=%d status=%d - %s\n", 740 dev->name, hdr->addr1, 741 auth_alg, auth_transaction, status, txt); 742 } 743 dev_kfree_skb(skb); 744 } 745 746 747 /* Called only as a tasklet (software IRQ) */ 748 static void hostap_ap_tx_cb_assoc(struct sk_buff *skb, int ok, void *data) 749 { 750 struct ap_data *ap = data; 751 struct net_device *dev = ap->local->dev; 752 struct ieee80211_hdr *hdr; 753 u16 status; 754 __le16 *pos; 755 struct sta_info *sta = NULL; 756 char *txt = NULL; 757 758 if (ap->local->hostapd) { 759 dev_kfree_skb(skb); 760 return; 761 } 762 763 hdr = (struct ieee80211_hdr *) skb->data; 764 if ((!ieee80211_is_assoc_resp(hdr->frame_control) && 765 !ieee80211_is_reassoc_resp(hdr->frame_control)) || 766 skb->len < IEEE80211_MGMT_HDR_LEN + 4) { 767 printk(KERN_DEBUG "%s: hostap_ap_tx_cb_assoc received invalid " 768 "frame\n", dev->name); 769 dev_kfree_skb(skb); 770 return; 771 } 772 773 if (!ok) { 774 txt = "frame was not ACKed"; 775 goto done; 776 } 777 778 spin_lock(&ap->sta_table_lock); 779 sta = ap_get_sta(ap, hdr->addr1); 780 if (sta) 781 atomic_inc(&sta->users); 782 spin_unlock(&ap->sta_table_lock); 783 784 if (!sta) { 785 txt = "STA not found"; 786 goto done; 787 } 788 789 pos = (__le16 *) (skb->data + IEEE80211_MGMT_HDR_LEN); 790 pos++; 791 status = le16_to_cpu(*pos++); 792 if (status == WLAN_STATUS_SUCCESS) { 793 if (!(sta->flags & WLAN_STA_ASSOC)) 794 hostap_event_new_sta(dev, sta); 795 txt = "STA associated"; 796 sta->flags |= WLAN_STA_ASSOC; 797 sta->last_assoc = jiffies; 798 } else 799 txt = "association failed"; 800 801 done: 802 if (sta) 803 atomic_dec(&sta->users); 804 if (txt) { 805 PDEBUG(DEBUG_AP, "%s: %pM assoc_cb - %s\n", 806 dev->name, hdr->addr1, txt); 807 } 808 dev_kfree_skb(skb); 809 } 810 811 /* Called only as a tasklet (software IRQ); TX callback for poll frames used 812 * in verifying whether the STA is still present. */ 813 static void hostap_ap_tx_cb_poll(struct sk_buff *skb, int ok, void *data) 814 { 815 struct ap_data *ap = data; 816 struct ieee80211_hdr *hdr; 817 struct sta_info *sta; 818 819 if (skb->len < 24) 820 goto fail; 821 hdr = (struct ieee80211_hdr *) skb->data; 822 if (ok) { 823 spin_lock(&ap->sta_table_lock); 824 sta = ap_get_sta(ap, hdr->addr1); 825 if (sta) 826 sta->flags &= ~WLAN_STA_PENDING_POLL; 827 spin_unlock(&ap->sta_table_lock); 828 } else { 829 PDEBUG(DEBUG_AP, 830 "%s: STA %pM did not ACK activity poll frame\n", 831 ap->local->dev->name, hdr->addr1); 832 } 833 834 fail: 835 dev_kfree_skb(skb); 836 } 837 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 838 839 840 void hostap_init_data(local_info_t *local) 841 { 842 struct ap_data *ap = local->ap; 843 844 if (ap == NULL) { 845 printk(KERN_WARNING "hostap_init_data: ap == NULL\n"); 846 return; 847 } 848 memset(ap, 0, sizeof(struct ap_data)); 849 ap->local = local; 850 851 ap->ap_policy = GET_INT_PARM(other_ap_policy, local->card_idx); 852 ap->bridge_packets = GET_INT_PARM(ap_bridge_packets, local->card_idx); 853 ap->max_inactivity = 854 GET_INT_PARM(ap_max_inactivity, local->card_idx) * HZ; 855 ap->autom_ap_wds = GET_INT_PARM(autom_ap_wds, local->card_idx); 856 857 spin_lock_init(&ap->sta_table_lock); 858 INIT_LIST_HEAD(&ap->sta_list); 859 860 /* Initialize task queue structure for AP management */ 861 INIT_WORK(&local->ap->add_sta_proc_queue, handle_add_proc_queue); 862 863 ap->tx_callback_idx = 864 hostap_tx_callback_register(local, hostap_ap_tx_cb, ap); 865 if (ap->tx_callback_idx == 0) 866 printk(KERN_WARNING "%s: failed to register TX callback for " 867 "AP\n", local->dev->name); 868 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 869 INIT_WORK(&local->ap->wds_oper_queue, handle_wds_oper_queue); 870 871 ap->tx_callback_auth = 872 hostap_tx_callback_register(local, hostap_ap_tx_cb_auth, ap); 873 ap->tx_callback_assoc = 874 hostap_tx_callback_register(local, hostap_ap_tx_cb_assoc, ap); 875 ap->tx_callback_poll = 876 hostap_tx_callback_register(local, hostap_ap_tx_cb_poll, ap); 877 if (ap->tx_callback_auth == 0 || ap->tx_callback_assoc == 0 || 878 ap->tx_callback_poll == 0) 879 printk(KERN_WARNING "%s: failed to register TX callback for " 880 "AP\n", local->dev->name); 881 882 spin_lock_init(&ap->mac_restrictions.lock); 883 INIT_LIST_HEAD(&ap->mac_restrictions.mac_list); 884 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 885 886 ap->initialized = 1; 887 } 888 889 890 void hostap_init_ap_proc(local_info_t *local) 891 { 892 struct ap_data *ap = local->ap; 893 894 ap->proc = local->proc; 895 if (ap->proc == NULL) 896 return; 897 898 #ifndef PRISM2_NO_PROCFS_DEBUG 899 proc_create_data("ap_debug", 0, ap->proc, &ap_debug_proc_fops, ap); 900 #endif /* PRISM2_NO_PROCFS_DEBUG */ 901 902 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 903 proc_create_data("ap_control", 0, ap->proc, &ap_control_proc_fops, ap); 904 proc_create_data("ap", 0, ap->proc, &prism2_ap_proc_fops, ap); 905 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 906 907 } 908 909 910 void hostap_free_data(struct ap_data *ap) 911 { 912 struct sta_info *n, *sta; 913 914 if (ap == NULL || !ap->initialized) { 915 printk(KERN_DEBUG "hostap_free_data: ap has not yet been " 916 "initialized - skip resource freeing\n"); 917 return; 918 } 919 920 flush_work(&ap->add_sta_proc_queue); 921 922 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 923 flush_work(&ap->wds_oper_queue); 924 if (ap->crypt) 925 ap->crypt->deinit(ap->crypt_priv); 926 ap->crypt = ap->crypt_priv = NULL; 927 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 928 929 list_for_each_entry_safe(sta, n, &ap->sta_list, list) { 930 ap_sta_hash_del(ap, sta); 931 list_del(&sta->list); 932 if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap && sta->local) 933 hostap_event_expired_sta(sta->local->dev, sta); 934 ap_free_sta(ap, sta); 935 } 936 937 #ifndef PRISM2_NO_PROCFS_DEBUG 938 if (ap->proc != NULL) { 939 remove_proc_entry("ap_debug", ap->proc); 940 } 941 #endif /* PRISM2_NO_PROCFS_DEBUG */ 942 943 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 944 if (ap->proc != NULL) { 945 remove_proc_entry("ap", ap->proc); 946 remove_proc_entry("ap_control", ap->proc); 947 } 948 ap_control_flush_macs(&ap->mac_restrictions); 949 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 950 951 ap->initialized = 0; 952 } 953 954 955 /* caller should have mutex for AP STA list handling */ 956 static struct sta_info* ap_get_sta(struct ap_data *ap, u8 *sta) 957 { 958 struct sta_info *s; 959 960 s = ap->sta_hash[STA_HASH(sta)]; 961 while (s != NULL && !ether_addr_equal(s->addr, sta)) 962 s = s->hnext; 963 return s; 964 } 965 966 967 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 968 969 /* Called from timer handler and from scheduled AP queue handlers */ 970 static void prism2_send_mgmt(struct net_device *dev, 971 u16 type_subtype, char *body, 972 int body_len, u8 *addr, u16 tx_cb_idx) 973 { 974 struct hostap_interface *iface; 975 local_info_t *local; 976 struct ieee80211_hdr *hdr; 977 u16 fc; 978 struct sk_buff *skb; 979 struct hostap_skb_tx_data *meta; 980 int hdrlen; 981 982 iface = netdev_priv(dev); 983 local = iface->local; 984 dev = local->dev; /* always use master radio device */ 985 iface = netdev_priv(dev); 986 987 if (!(dev->flags & IFF_UP)) { 988 PDEBUG(DEBUG_AP, "%s: prism2_send_mgmt - device is not UP - " 989 "cannot send frame\n", dev->name); 990 return; 991 } 992 993 skb = dev_alloc_skb(sizeof(*hdr) + body_len); 994 if (skb == NULL) { 995 PDEBUG(DEBUG_AP, "%s: prism2_send_mgmt failed to allocate " 996 "skb\n", dev->name); 997 return; 998 } 999 1000 fc = type_subtype; 1001 hdrlen = hostap_80211_get_hdrlen(cpu_to_le16(type_subtype)); 1002 hdr = skb_put_zero(skb, hdrlen); 1003 if (body) 1004 skb_put_data(skb, body, body_len); 1005 1006 /* FIX: ctrl::ack sending used special HFA384X_TX_CTRL_802_11 1007 * tx_control instead of using local->tx_control */ 1008 1009 1010 memcpy(hdr->addr1, addr, ETH_ALEN); /* DA / RA */ 1011 if (ieee80211_is_data(hdr->frame_control)) { 1012 fc |= IEEE80211_FCTL_FROMDS; 1013 memcpy(hdr->addr2, dev->dev_addr, ETH_ALEN); /* BSSID */ 1014 memcpy(hdr->addr3, dev->dev_addr, ETH_ALEN); /* SA */ 1015 } else if (ieee80211_is_ctl(hdr->frame_control)) { 1016 /* control:ACK does not have addr2 or addr3 */ 1017 eth_zero_addr(hdr->addr2); 1018 eth_zero_addr(hdr->addr3); 1019 } else { 1020 memcpy(hdr->addr2, dev->dev_addr, ETH_ALEN); /* SA */ 1021 memcpy(hdr->addr3, dev->dev_addr, ETH_ALEN); /* BSSID */ 1022 } 1023 1024 hdr->frame_control = cpu_to_le16(fc); 1025 1026 meta = (struct hostap_skb_tx_data *) skb->cb; 1027 memset(meta, 0, sizeof(*meta)); 1028 meta->magic = HOSTAP_SKB_TX_DATA_MAGIC; 1029 meta->iface = iface; 1030 meta->tx_cb_idx = tx_cb_idx; 1031 1032 skb->dev = dev; 1033 skb_reset_mac_header(skb); 1034 skb_reset_network_header(skb); 1035 dev_queue_xmit(skb); 1036 } 1037 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 1038 1039 1040 static int prism2_sta_proc_show(struct seq_file *m, void *v) 1041 { 1042 struct sta_info *sta = m->private; 1043 int i; 1044 1045 /* FIX: possible race condition.. the STA data could have just expired, 1046 * but proc entry was still here so that the read could have started; 1047 * some locking should be done here.. */ 1048 1049 seq_printf(m, 1050 "%s=%pM\nusers=%d\naid=%d\n" 1051 "flags=0x%04x%s%s%s%s%s%s%s\n" 1052 "capability=0x%02x\nlisten_interval=%d\nsupported_rates=", 1053 sta->ap ? "AP" : "STA", 1054 sta->addr, atomic_read(&sta->users), sta->aid, 1055 sta->flags, 1056 sta->flags & WLAN_STA_AUTH ? " AUTH" : "", 1057 sta->flags & WLAN_STA_ASSOC ? " ASSOC" : "", 1058 sta->flags & WLAN_STA_PS ? " PS" : "", 1059 sta->flags & WLAN_STA_TIM ? " TIM" : "", 1060 sta->flags & WLAN_STA_PERM ? " PERM" : "", 1061 sta->flags & WLAN_STA_AUTHORIZED ? " AUTHORIZED" : "", 1062 sta->flags & WLAN_STA_PENDING_POLL ? " POLL" : "", 1063 sta->capability, sta->listen_interval); 1064 /* supported_rates: 500 kbit/s units with msb ignored */ 1065 for (i = 0; i < sizeof(sta->supported_rates); i++) 1066 if (sta->supported_rates[i] != 0) 1067 seq_printf(m, "%d%sMbps ", 1068 (sta->supported_rates[i] & 0x7f) / 2, 1069 sta->supported_rates[i] & 1 ? ".5" : ""); 1070 seq_printf(m, 1071 "\njiffies=%lu\nlast_auth=%lu\nlast_assoc=%lu\n" 1072 "last_rx=%lu\nlast_tx=%lu\nrx_packets=%lu\n" 1073 "tx_packets=%lu\n" 1074 "rx_bytes=%lu\ntx_bytes=%lu\nbuffer_count=%d\n" 1075 "last_rx: silence=%d dBm signal=%d dBm rate=%d%s Mbps\n" 1076 "tx_rate=%d\ntx[1M]=%d\ntx[2M]=%d\ntx[5.5M]=%d\n" 1077 "tx[11M]=%d\n" 1078 "rx[1M]=%d\nrx[2M]=%d\nrx[5.5M]=%d\nrx[11M]=%d\n", 1079 jiffies, sta->last_auth, sta->last_assoc, sta->last_rx, 1080 sta->last_tx, 1081 sta->rx_packets, sta->tx_packets, sta->rx_bytes, 1082 sta->tx_bytes, skb_queue_len(&sta->tx_buf), 1083 sta->last_rx_silence, 1084 sta->last_rx_signal, sta->last_rx_rate / 10, 1085 sta->last_rx_rate % 10 ? ".5" : "", 1086 sta->tx_rate, sta->tx_count[0], sta->tx_count[1], 1087 sta->tx_count[2], sta->tx_count[3], sta->rx_count[0], 1088 sta->rx_count[1], sta->rx_count[2], sta->rx_count[3]); 1089 if (sta->crypt && sta->crypt->ops && sta->crypt->ops->print_stats) 1090 sta->crypt->ops->print_stats(m, sta->crypt->priv); 1091 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 1092 if (sta->ap) { 1093 if (sta->u.ap.channel >= 0) 1094 seq_printf(m, "channel=%d\n", sta->u.ap.channel); 1095 seq_puts(m, "ssid="); 1096 for (i = 0; i < sta->u.ap.ssid_len; i++) { 1097 if (sta->u.ap.ssid[i] >= 32 && sta->u.ap.ssid[i] < 127) 1098 seq_putc(m, sta->u.ap.ssid[i]); 1099 else 1100 seq_printf(m, "<%02x>", sta->u.ap.ssid[i]); 1101 } 1102 seq_putc(m, '\n'); 1103 } 1104 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 1105 1106 return 0; 1107 } 1108 1109 static int prism2_sta_proc_open(struct inode *inode, struct file *file) 1110 { 1111 return single_open(file, prism2_sta_proc_show, PDE_DATA(inode)); 1112 } 1113 1114 static const struct file_operations prism2_sta_proc_fops = { 1115 .open = prism2_sta_proc_open, 1116 .read = seq_read, 1117 .llseek = seq_lseek, 1118 .release = single_release, 1119 }; 1120 1121 static void handle_add_proc_queue(struct work_struct *work) 1122 { 1123 struct ap_data *ap = container_of(work, struct ap_data, 1124 add_sta_proc_queue); 1125 struct sta_info *sta; 1126 char name[20]; 1127 struct add_sta_proc_data *entry, *prev; 1128 1129 entry = ap->add_sta_proc_entries; 1130 ap->add_sta_proc_entries = NULL; 1131 1132 while (entry) { 1133 spin_lock_bh(&ap->sta_table_lock); 1134 sta = ap_get_sta(ap, entry->addr); 1135 if (sta) 1136 atomic_inc(&sta->users); 1137 spin_unlock_bh(&ap->sta_table_lock); 1138 1139 if (sta) { 1140 sprintf(name, "%pM", sta->addr); 1141 sta->proc = proc_create_data( 1142 name, 0, ap->proc, 1143 &prism2_sta_proc_fops, sta); 1144 1145 atomic_dec(&sta->users); 1146 } 1147 1148 prev = entry; 1149 entry = entry->next; 1150 kfree(prev); 1151 } 1152 } 1153 1154 1155 static struct sta_info * ap_add_sta(struct ap_data *ap, u8 *addr) 1156 { 1157 struct sta_info *sta; 1158 1159 sta = kzalloc(sizeof(struct sta_info), GFP_ATOMIC); 1160 if (sta == NULL) { 1161 PDEBUG(DEBUG_AP, "AP: kmalloc failed\n"); 1162 return NULL; 1163 } 1164 1165 /* initialize STA info data */ 1166 sta->local = ap->local; 1167 skb_queue_head_init(&sta->tx_buf); 1168 memcpy(sta->addr, addr, ETH_ALEN); 1169 1170 atomic_inc(&sta->users); 1171 spin_lock_bh(&ap->sta_table_lock); 1172 list_add(&sta->list, &ap->sta_list); 1173 ap->num_sta++; 1174 ap_sta_hash_add(ap, sta); 1175 spin_unlock_bh(&ap->sta_table_lock); 1176 1177 if (ap->proc) { 1178 struct add_sta_proc_data *entry; 1179 /* schedule a non-interrupt context process to add a procfs 1180 * entry for the STA since procfs code use GFP_KERNEL */ 1181 entry = kmalloc(sizeof(*entry), GFP_ATOMIC); 1182 if (entry) { 1183 memcpy(entry->addr, sta->addr, ETH_ALEN); 1184 entry->next = ap->add_sta_proc_entries; 1185 ap->add_sta_proc_entries = entry; 1186 schedule_work(&ap->add_sta_proc_queue); 1187 } else 1188 printk(KERN_DEBUG "Failed to add STA proc data\n"); 1189 } 1190 1191 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 1192 timer_setup(&sta->timer, ap_handle_timer, 0); 1193 sta->timer.expires = jiffies + ap->max_inactivity; 1194 if (!ap->local->hostapd) 1195 add_timer(&sta->timer); 1196 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 1197 1198 return sta; 1199 } 1200 1201 1202 static int ap_tx_rate_ok(int rateidx, struct sta_info *sta, 1203 local_info_t *local) 1204 { 1205 if (rateidx > sta->tx_max_rate || 1206 !(sta->tx_supp_rates & (1 << rateidx))) 1207 return 0; 1208 1209 if (local->tx_rate_control != 0 && 1210 !(local->tx_rate_control & (1 << rateidx))) 1211 return 0; 1212 1213 return 1; 1214 } 1215 1216 1217 static void prism2_check_tx_rates(struct sta_info *sta) 1218 { 1219 int i; 1220 1221 sta->tx_supp_rates = 0; 1222 for (i = 0; i < sizeof(sta->supported_rates); i++) { 1223 if ((sta->supported_rates[i] & 0x7f) == 2) 1224 sta->tx_supp_rates |= WLAN_RATE_1M; 1225 if ((sta->supported_rates[i] & 0x7f) == 4) 1226 sta->tx_supp_rates |= WLAN_RATE_2M; 1227 if ((sta->supported_rates[i] & 0x7f) == 11) 1228 sta->tx_supp_rates |= WLAN_RATE_5M5; 1229 if ((sta->supported_rates[i] & 0x7f) == 22) 1230 sta->tx_supp_rates |= WLAN_RATE_11M; 1231 } 1232 sta->tx_max_rate = sta->tx_rate = sta->tx_rate_idx = 0; 1233 if (sta->tx_supp_rates & WLAN_RATE_1M) { 1234 sta->tx_max_rate = 0; 1235 if (ap_tx_rate_ok(0, sta, sta->local)) { 1236 sta->tx_rate = 10; 1237 sta->tx_rate_idx = 0; 1238 } 1239 } 1240 if (sta->tx_supp_rates & WLAN_RATE_2M) { 1241 sta->tx_max_rate = 1; 1242 if (ap_tx_rate_ok(1, sta, sta->local)) { 1243 sta->tx_rate = 20; 1244 sta->tx_rate_idx = 1; 1245 } 1246 } 1247 if (sta->tx_supp_rates & WLAN_RATE_5M5) { 1248 sta->tx_max_rate = 2; 1249 if (ap_tx_rate_ok(2, sta, sta->local)) { 1250 sta->tx_rate = 55; 1251 sta->tx_rate_idx = 2; 1252 } 1253 } 1254 if (sta->tx_supp_rates & WLAN_RATE_11M) { 1255 sta->tx_max_rate = 3; 1256 if (ap_tx_rate_ok(3, sta, sta->local)) { 1257 sta->tx_rate = 110; 1258 sta->tx_rate_idx = 3; 1259 } 1260 } 1261 } 1262 1263 1264 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 1265 1266 static void ap_crypt_init(struct ap_data *ap) 1267 { 1268 ap->crypt = lib80211_get_crypto_ops("WEP"); 1269 1270 if (ap->crypt) { 1271 if (ap->crypt->init) { 1272 ap->crypt_priv = ap->crypt->init(0); 1273 if (ap->crypt_priv == NULL) 1274 ap->crypt = NULL; 1275 else { 1276 u8 key[WEP_KEY_LEN]; 1277 get_random_bytes(key, WEP_KEY_LEN); 1278 ap->crypt->set_key(key, WEP_KEY_LEN, NULL, 1279 ap->crypt_priv); 1280 } 1281 } 1282 } 1283 1284 if (ap->crypt == NULL) { 1285 printk(KERN_WARNING "AP could not initialize WEP: load module " 1286 "lib80211_crypt_wep.ko\n"); 1287 } 1288 } 1289 1290 1291 /* Generate challenge data for shared key authentication. IEEE 802.11 specifies 1292 * that WEP algorithm is used for generating challenge. This should be unique, 1293 * but otherwise there is not really need for randomness etc. Initialize WEP 1294 * with pseudo random key and then use increasing IV to get unique challenge 1295 * streams. 1296 * 1297 * Called only as a scheduled task for pending AP frames. 1298 */ 1299 static char * ap_auth_make_challenge(struct ap_data *ap) 1300 { 1301 char *tmpbuf; 1302 struct sk_buff *skb; 1303 1304 if (ap->crypt == NULL) { 1305 ap_crypt_init(ap); 1306 if (ap->crypt == NULL) 1307 return NULL; 1308 } 1309 1310 tmpbuf = kmalloc(WLAN_AUTH_CHALLENGE_LEN, GFP_ATOMIC); 1311 if (tmpbuf == NULL) { 1312 PDEBUG(DEBUG_AP, "AP: kmalloc failed for challenge\n"); 1313 return NULL; 1314 } 1315 1316 skb = dev_alloc_skb(WLAN_AUTH_CHALLENGE_LEN + 1317 ap->crypt->extra_mpdu_prefix_len + 1318 ap->crypt->extra_mpdu_postfix_len); 1319 if (skb == NULL) { 1320 kfree(tmpbuf); 1321 return NULL; 1322 } 1323 1324 skb_reserve(skb, ap->crypt->extra_mpdu_prefix_len); 1325 skb_put_zero(skb, WLAN_AUTH_CHALLENGE_LEN); 1326 if (ap->crypt->encrypt_mpdu(skb, 0, ap->crypt_priv)) { 1327 dev_kfree_skb(skb); 1328 kfree(tmpbuf); 1329 return NULL; 1330 } 1331 1332 skb_copy_from_linear_data_offset(skb, ap->crypt->extra_mpdu_prefix_len, 1333 tmpbuf, WLAN_AUTH_CHALLENGE_LEN); 1334 dev_kfree_skb(skb); 1335 1336 return tmpbuf; 1337 } 1338 1339 1340 /* Called only as a scheduled task for pending AP frames. */ 1341 static void handle_authen(local_info_t *local, struct sk_buff *skb, 1342 struct hostap_80211_rx_status *rx_stats) 1343 { 1344 struct net_device *dev = local->dev; 1345 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 1346 size_t hdrlen; 1347 struct ap_data *ap = local->ap; 1348 char body[8 + WLAN_AUTH_CHALLENGE_LEN], *challenge = NULL; 1349 int len, olen; 1350 u16 auth_alg, auth_transaction, status_code; 1351 __le16 *pos; 1352 u16 resp = WLAN_STATUS_SUCCESS; 1353 struct sta_info *sta = NULL; 1354 struct lib80211_crypt_data *crypt; 1355 char *txt = ""; 1356 1357 len = skb->len - IEEE80211_MGMT_HDR_LEN; 1358 1359 hdrlen = hostap_80211_get_hdrlen(hdr->frame_control); 1360 1361 if (len < 6) { 1362 PDEBUG(DEBUG_AP, "%s: handle_authen - too short payload " 1363 "(len=%d) from %pM\n", dev->name, len, hdr->addr2); 1364 return; 1365 } 1366 1367 spin_lock_bh(&local->ap->sta_table_lock); 1368 sta = ap_get_sta(local->ap, hdr->addr2); 1369 if (sta) 1370 atomic_inc(&sta->users); 1371 spin_unlock_bh(&local->ap->sta_table_lock); 1372 1373 if (sta && sta->crypt) 1374 crypt = sta->crypt; 1375 else { 1376 int idx = 0; 1377 if (skb->len >= hdrlen + 3) 1378 idx = skb->data[hdrlen + 3] >> 6; 1379 crypt = local->crypt_info.crypt[idx]; 1380 } 1381 1382 pos = (__le16 *) (skb->data + IEEE80211_MGMT_HDR_LEN); 1383 auth_alg = __le16_to_cpu(*pos); 1384 pos++; 1385 auth_transaction = __le16_to_cpu(*pos); 1386 pos++; 1387 status_code = __le16_to_cpu(*pos); 1388 pos++; 1389 1390 if (ether_addr_equal(dev->dev_addr, hdr->addr2) || 1391 ap_control_mac_deny(&ap->mac_restrictions, hdr->addr2)) { 1392 txt = "authentication denied"; 1393 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1394 goto fail; 1395 } 1396 1397 if (((local->auth_algs & PRISM2_AUTH_OPEN) && 1398 auth_alg == WLAN_AUTH_OPEN) || 1399 ((local->auth_algs & PRISM2_AUTH_SHARED_KEY) && 1400 crypt && auth_alg == WLAN_AUTH_SHARED_KEY)) { 1401 } else { 1402 txt = "unsupported algorithm"; 1403 resp = WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG; 1404 goto fail; 1405 } 1406 1407 if (len >= 8) { 1408 u8 *u = (u8 *) pos; 1409 if (*u == WLAN_EID_CHALLENGE) { 1410 if (*(u + 1) != WLAN_AUTH_CHALLENGE_LEN) { 1411 txt = "invalid challenge len"; 1412 resp = WLAN_STATUS_CHALLENGE_FAIL; 1413 goto fail; 1414 } 1415 if (len - 8 < WLAN_AUTH_CHALLENGE_LEN) { 1416 txt = "challenge underflow"; 1417 resp = WLAN_STATUS_CHALLENGE_FAIL; 1418 goto fail; 1419 } 1420 challenge = (char *) (u + 2); 1421 } 1422 } 1423 1424 if (sta && sta->ap) { 1425 if (time_after(jiffies, sta->u.ap.last_beacon + 1426 (10 * sta->listen_interval * HZ) / 1024)) { 1427 PDEBUG(DEBUG_AP, "%s: no beacons received for a while," 1428 " assuming AP %pM is now STA\n", 1429 dev->name, sta->addr); 1430 sta->ap = 0; 1431 sta->flags = 0; 1432 sta->u.sta.challenge = NULL; 1433 } else { 1434 txt = "AP trying to authenticate?"; 1435 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1436 goto fail; 1437 } 1438 } 1439 1440 if ((auth_alg == WLAN_AUTH_OPEN && auth_transaction == 1) || 1441 (auth_alg == WLAN_AUTH_SHARED_KEY && 1442 (auth_transaction == 1 || 1443 (auth_transaction == 3 && sta != NULL && 1444 sta->u.sta.challenge != NULL)))) { 1445 } else { 1446 txt = "unknown authentication transaction number"; 1447 resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION; 1448 goto fail; 1449 } 1450 1451 if (sta == NULL) { 1452 txt = "new STA"; 1453 1454 if (local->ap->num_sta >= MAX_STA_COUNT) { 1455 /* FIX: might try to remove some old STAs first? */ 1456 txt = "no more room for new STAs"; 1457 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1458 goto fail; 1459 } 1460 1461 sta = ap_add_sta(local->ap, hdr->addr2); 1462 if (sta == NULL) { 1463 txt = "ap_add_sta failed"; 1464 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1465 goto fail; 1466 } 1467 } 1468 1469 switch (auth_alg) { 1470 case WLAN_AUTH_OPEN: 1471 txt = "authOK"; 1472 /* IEEE 802.11 standard is not completely clear about 1473 * whether STA is considered authenticated after 1474 * authentication OK frame has been send or after it 1475 * has been ACKed. In order to reduce interoperability 1476 * issues, mark the STA authenticated before ACK. */ 1477 sta->flags |= WLAN_STA_AUTH; 1478 break; 1479 1480 case WLAN_AUTH_SHARED_KEY: 1481 if (auth_transaction == 1) { 1482 if (sta->u.sta.challenge == NULL) { 1483 sta->u.sta.challenge = 1484 ap_auth_make_challenge(local->ap); 1485 if (sta->u.sta.challenge == NULL) { 1486 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1487 goto fail; 1488 } 1489 } 1490 } else { 1491 if (sta->u.sta.challenge == NULL || 1492 challenge == NULL || 1493 memcmp(sta->u.sta.challenge, challenge, 1494 WLAN_AUTH_CHALLENGE_LEN) != 0 || 1495 !ieee80211_has_protected(hdr->frame_control)) { 1496 txt = "challenge response incorrect"; 1497 resp = WLAN_STATUS_CHALLENGE_FAIL; 1498 goto fail; 1499 } 1500 1501 txt = "challenge OK - authOK"; 1502 /* IEEE 802.11 standard is not completely clear about 1503 * whether STA is considered authenticated after 1504 * authentication OK frame has been send or after it 1505 * has been ACKed. In order to reduce interoperability 1506 * issues, mark the STA authenticated before ACK. */ 1507 sta->flags |= WLAN_STA_AUTH; 1508 kfree(sta->u.sta.challenge); 1509 sta->u.sta.challenge = NULL; 1510 } 1511 break; 1512 } 1513 1514 fail: 1515 pos = (__le16 *) body; 1516 *pos = cpu_to_le16(auth_alg); 1517 pos++; 1518 *pos = cpu_to_le16(auth_transaction + 1); 1519 pos++; 1520 *pos = cpu_to_le16(resp); /* status_code */ 1521 pos++; 1522 olen = 6; 1523 1524 if (resp == WLAN_STATUS_SUCCESS && sta != NULL && 1525 sta->u.sta.challenge != NULL && 1526 auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 1) { 1527 u8 *tmp = (u8 *) pos; 1528 *tmp++ = WLAN_EID_CHALLENGE; 1529 *tmp++ = WLAN_AUTH_CHALLENGE_LEN; 1530 pos++; 1531 memcpy(pos, sta->u.sta.challenge, WLAN_AUTH_CHALLENGE_LEN); 1532 olen += 2 + WLAN_AUTH_CHALLENGE_LEN; 1533 } 1534 1535 prism2_send_mgmt(dev, IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_AUTH, 1536 body, olen, hdr->addr2, ap->tx_callback_auth); 1537 1538 if (sta) { 1539 sta->last_rx = jiffies; 1540 atomic_dec(&sta->users); 1541 } 1542 1543 if (resp) { 1544 PDEBUG(DEBUG_AP, "%s: %pM auth (alg=%d " 1545 "trans#=%d stat=%d len=%d fc=%04x) ==> %d (%s)\n", 1546 dev->name, hdr->addr2, 1547 auth_alg, auth_transaction, status_code, len, 1548 le16_to_cpu(hdr->frame_control), resp, txt); 1549 } 1550 } 1551 1552 1553 /* Called only as a scheduled task for pending AP frames. */ 1554 static void handle_assoc(local_info_t *local, struct sk_buff *skb, 1555 struct hostap_80211_rx_status *rx_stats, int reassoc) 1556 { 1557 struct net_device *dev = local->dev; 1558 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 1559 char body[12], *p, *lpos; 1560 int len, left; 1561 __le16 *pos; 1562 u16 resp = WLAN_STATUS_SUCCESS; 1563 struct sta_info *sta = NULL; 1564 int send_deauth = 0; 1565 char *txt = ""; 1566 u8 prev_ap[ETH_ALEN]; 1567 1568 left = len = skb->len - IEEE80211_MGMT_HDR_LEN; 1569 1570 if (len < (reassoc ? 10 : 4)) { 1571 PDEBUG(DEBUG_AP, "%s: handle_assoc - too short payload " 1572 "(len=%d, reassoc=%d) from %pM\n", 1573 dev->name, len, reassoc, hdr->addr2); 1574 return; 1575 } 1576 1577 spin_lock_bh(&local->ap->sta_table_lock); 1578 sta = ap_get_sta(local->ap, hdr->addr2); 1579 if (sta == NULL || (sta->flags & WLAN_STA_AUTH) == 0) { 1580 spin_unlock_bh(&local->ap->sta_table_lock); 1581 txt = "trying to associate before authentication"; 1582 send_deauth = 1; 1583 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1584 sta = NULL; /* do not decrement sta->users */ 1585 goto fail; 1586 } 1587 atomic_inc(&sta->users); 1588 spin_unlock_bh(&local->ap->sta_table_lock); 1589 1590 pos = (__le16 *) (skb->data + IEEE80211_MGMT_HDR_LEN); 1591 sta->capability = __le16_to_cpu(*pos); 1592 pos++; left -= 2; 1593 sta->listen_interval = __le16_to_cpu(*pos); 1594 pos++; left -= 2; 1595 1596 if (reassoc) { 1597 memcpy(prev_ap, pos, ETH_ALEN); 1598 pos++; pos++; pos++; left -= 6; 1599 } else 1600 eth_zero_addr(prev_ap); 1601 1602 if (left >= 2) { 1603 unsigned int ileft; 1604 unsigned char *u = (unsigned char *) pos; 1605 1606 if (*u == WLAN_EID_SSID) { 1607 u++; left--; 1608 ileft = *u; 1609 u++; left--; 1610 1611 if (ileft > left || ileft > MAX_SSID_LEN) { 1612 txt = "SSID overflow"; 1613 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1614 goto fail; 1615 } 1616 1617 if (ileft != strlen(local->essid) || 1618 memcmp(local->essid, u, ileft) != 0) { 1619 txt = "not our SSID"; 1620 resp = WLAN_STATUS_ASSOC_DENIED_UNSPEC; 1621 goto fail; 1622 } 1623 1624 u += ileft; 1625 left -= ileft; 1626 } 1627 1628 if (left >= 2 && *u == WLAN_EID_SUPP_RATES) { 1629 u++; left--; 1630 ileft = *u; 1631 u++; left--; 1632 1633 if (ileft > left || ileft == 0 || 1634 ileft > WLAN_SUPP_RATES_MAX) { 1635 txt = "SUPP_RATES len error"; 1636 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1637 goto fail; 1638 } 1639 1640 memset(sta->supported_rates, 0, 1641 sizeof(sta->supported_rates)); 1642 memcpy(sta->supported_rates, u, ileft); 1643 prism2_check_tx_rates(sta); 1644 1645 u += ileft; 1646 left -= ileft; 1647 } 1648 1649 if (left > 0) { 1650 PDEBUG(DEBUG_AP, "%s: assoc from %pM" 1651 " with extra data (%d bytes) [", 1652 dev->name, hdr->addr2, left); 1653 while (left > 0) { 1654 PDEBUG2(DEBUG_AP, "<%02x>", *u); 1655 u++; left--; 1656 } 1657 PDEBUG2(DEBUG_AP, "]\n"); 1658 } 1659 } else { 1660 txt = "frame underflow"; 1661 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1662 goto fail; 1663 } 1664 1665 /* get a unique AID */ 1666 if (sta->aid > 0) 1667 txt = "OK, old AID"; 1668 else { 1669 spin_lock_bh(&local->ap->sta_table_lock); 1670 for (sta->aid = 1; sta->aid <= MAX_AID_TABLE_SIZE; sta->aid++) 1671 if (local->ap->sta_aid[sta->aid - 1] == NULL) 1672 break; 1673 if (sta->aid > MAX_AID_TABLE_SIZE) { 1674 sta->aid = 0; 1675 spin_unlock_bh(&local->ap->sta_table_lock); 1676 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA; 1677 txt = "no room for more AIDs"; 1678 } else { 1679 local->ap->sta_aid[sta->aid - 1] = sta; 1680 spin_unlock_bh(&local->ap->sta_table_lock); 1681 txt = "OK, new AID"; 1682 } 1683 } 1684 1685 fail: 1686 pos = (__le16 *) body; 1687 1688 if (send_deauth) { 1689 *pos = cpu_to_le16(WLAN_REASON_STA_REQ_ASSOC_WITHOUT_AUTH); 1690 pos++; 1691 } else { 1692 /* FIX: CF-Pollable and CF-PollReq should be set to match the 1693 * values in beacons/probe responses */ 1694 /* FIX: how about privacy and WEP? */ 1695 /* capability */ 1696 *pos = cpu_to_le16(WLAN_CAPABILITY_ESS); 1697 pos++; 1698 1699 /* status_code */ 1700 *pos = cpu_to_le16(resp); 1701 pos++; 1702 1703 *pos = cpu_to_le16((sta && sta->aid > 0 ? sta->aid : 0) | 1704 BIT(14) | BIT(15)); /* AID */ 1705 pos++; 1706 1707 /* Supported rates (Information element) */ 1708 p = (char *) pos; 1709 *p++ = WLAN_EID_SUPP_RATES; 1710 lpos = p; 1711 *p++ = 0; /* len */ 1712 if (local->tx_rate_control & WLAN_RATE_1M) { 1713 *p++ = local->basic_rates & WLAN_RATE_1M ? 0x82 : 0x02; 1714 (*lpos)++; 1715 } 1716 if (local->tx_rate_control & WLAN_RATE_2M) { 1717 *p++ = local->basic_rates & WLAN_RATE_2M ? 0x84 : 0x04; 1718 (*lpos)++; 1719 } 1720 if (local->tx_rate_control & WLAN_RATE_5M5) { 1721 *p++ = local->basic_rates & WLAN_RATE_5M5 ? 1722 0x8b : 0x0b; 1723 (*lpos)++; 1724 } 1725 if (local->tx_rate_control & WLAN_RATE_11M) { 1726 *p++ = local->basic_rates & WLAN_RATE_11M ? 1727 0x96 : 0x16; 1728 (*lpos)++; 1729 } 1730 pos = (__le16 *) p; 1731 } 1732 1733 prism2_send_mgmt(dev, IEEE80211_FTYPE_MGMT | 1734 (send_deauth ? IEEE80211_STYPE_DEAUTH : 1735 (reassoc ? IEEE80211_STYPE_REASSOC_RESP : 1736 IEEE80211_STYPE_ASSOC_RESP)), 1737 body, (u8 *) pos - (u8 *) body, 1738 hdr->addr2, 1739 send_deauth ? 0 : local->ap->tx_callback_assoc); 1740 1741 if (sta) { 1742 if (resp == WLAN_STATUS_SUCCESS) { 1743 sta->last_rx = jiffies; 1744 /* STA will be marked associated from TX callback, if 1745 * AssocResp is ACKed */ 1746 } 1747 atomic_dec(&sta->users); 1748 } 1749 1750 #if 0 1751 PDEBUG(DEBUG_AP, "%s: %pM %sassoc (len=%d " 1752 "prev_ap=%pM) => %d(%d) (%s)\n", 1753 dev->name, 1754 hdr->addr2, 1755 reassoc ? "re" : "", len, 1756 prev_ap, 1757 resp, send_deauth, txt); 1758 #endif 1759 } 1760 1761 1762 /* Called only as a scheduled task for pending AP frames. */ 1763 static void handle_deauth(local_info_t *local, struct sk_buff *skb, 1764 struct hostap_80211_rx_status *rx_stats) 1765 { 1766 struct net_device *dev = local->dev; 1767 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 1768 char *body = (char *) (skb->data + IEEE80211_MGMT_HDR_LEN); 1769 int len; 1770 u16 reason_code; 1771 __le16 *pos; 1772 struct sta_info *sta = NULL; 1773 1774 len = skb->len - IEEE80211_MGMT_HDR_LEN; 1775 1776 if (len < 2) { 1777 printk("handle_deauth - too short payload (len=%d)\n", len); 1778 return; 1779 } 1780 1781 pos = (__le16 *) body; 1782 reason_code = le16_to_cpu(*pos); 1783 1784 PDEBUG(DEBUG_AP, "%s: deauthentication: %pM len=%d, " 1785 "reason_code=%d\n", dev->name, hdr->addr2, 1786 len, reason_code); 1787 1788 spin_lock_bh(&local->ap->sta_table_lock); 1789 sta = ap_get_sta(local->ap, hdr->addr2); 1790 if (sta != NULL) { 1791 if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap) 1792 hostap_event_expired_sta(local->dev, sta); 1793 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC); 1794 } 1795 spin_unlock_bh(&local->ap->sta_table_lock); 1796 if (sta == NULL) { 1797 printk("%s: deauthentication from %pM, " 1798 "reason_code=%d, but STA not authenticated\n", dev->name, 1799 hdr->addr2, reason_code); 1800 } 1801 } 1802 1803 1804 /* Called only as a scheduled task for pending AP frames. */ 1805 static void handle_disassoc(local_info_t *local, struct sk_buff *skb, 1806 struct hostap_80211_rx_status *rx_stats) 1807 { 1808 struct net_device *dev = local->dev; 1809 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 1810 char *body = skb->data + IEEE80211_MGMT_HDR_LEN; 1811 int len; 1812 u16 reason_code; 1813 __le16 *pos; 1814 struct sta_info *sta = NULL; 1815 1816 len = skb->len - IEEE80211_MGMT_HDR_LEN; 1817 1818 if (len < 2) { 1819 printk("handle_disassoc - too short payload (len=%d)\n", len); 1820 return; 1821 } 1822 1823 pos = (__le16 *) body; 1824 reason_code = le16_to_cpu(*pos); 1825 1826 PDEBUG(DEBUG_AP, "%s: disassociation: %pM len=%d, " 1827 "reason_code=%d\n", dev->name, hdr->addr2, 1828 len, reason_code); 1829 1830 spin_lock_bh(&local->ap->sta_table_lock); 1831 sta = ap_get_sta(local->ap, hdr->addr2); 1832 if (sta != NULL) { 1833 if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap) 1834 hostap_event_expired_sta(local->dev, sta); 1835 sta->flags &= ~WLAN_STA_ASSOC; 1836 } 1837 spin_unlock_bh(&local->ap->sta_table_lock); 1838 if (sta == NULL) { 1839 printk("%s: disassociation from %pM, " 1840 "reason_code=%d, but STA not authenticated\n", 1841 dev->name, hdr->addr2, reason_code); 1842 } 1843 } 1844 1845 1846 /* Called only as a scheduled task for pending AP frames. */ 1847 static void ap_handle_data_nullfunc(local_info_t *local, 1848 struct ieee80211_hdr *hdr) 1849 { 1850 struct net_device *dev = local->dev; 1851 1852 /* some STA f/w's seem to require control::ACK frame for 1853 * data::nullfunc, but at least Prism2 station f/w version 0.8.0 does 1854 * not send this.. 1855 * send control::ACK for the data::nullfunc */ 1856 1857 printk(KERN_DEBUG "Sending control::ACK for data::nullfunc\n"); 1858 prism2_send_mgmt(dev, IEEE80211_FTYPE_CTL | IEEE80211_STYPE_ACK, 1859 NULL, 0, hdr->addr2, 0); 1860 } 1861 1862 1863 /* Called only as a scheduled task for pending AP frames. */ 1864 static void ap_handle_dropped_data(local_info_t *local, 1865 struct ieee80211_hdr *hdr) 1866 { 1867 struct net_device *dev = local->dev; 1868 struct sta_info *sta; 1869 __le16 reason; 1870 1871 spin_lock_bh(&local->ap->sta_table_lock); 1872 sta = ap_get_sta(local->ap, hdr->addr2); 1873 if (sta) 1874 atomic_inc(&sta->users); 1875 spin_unlock_bh(&local->ap->sta_table_lock); 1876 1877 if (sta != NULL && (sta->flags & WLAN_STA_ASSOC)) { 1878 PDEBUG(DEBUG_AP, "ap_handle_dropped_data: STA is now okay?\n"); 1879 atomic_dec(&sta->users); 1880 return; 1881 } 1882 1883 reason = cpu_to_le16(WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA); 1884 prism2_send_mgmt(dev, IEEE80211_FTYPE_MGMT | 1885 ((sta == NULL || !(sta->flags & WLAN_STA_ASSOC)) ? 1886 IEEE80211_STYPE_DEAUTH : IEEE80211_STYPE_DISASSOC), 1887 (char *) &reason, sizeof(reason), hdr->addr2, 0); 1888 1889 if (sta) 1890 atomic_dec(&sta->users); 1891 } 1892 1893 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 1894 1895 1896 /* Called only as a scheduled task for pending AP frames. */ 1897 static void pspoll_send_buffered(local_info_t *local, struct sta_info *sta, 1898 struct sk_buff *skb) 1899 { 1900 struct hostap_skb_tx_data *meta; 1901 1902 if (!(sta->flags & WLAN_STA_PS)) { 1903 /* Station has moved to non-PS mode, so send all buffered 1904 * frames using normal device queue. */ 1905 dev_queue_xmit(skb); 1906 return; 1907 } 1908 1909 /* add a flag for hostap_handle_sta_tx() to know that this skb should 1910 * be passed through even though STA is using PS */ 1911 meta = (struct hostap_skb_tx_data *) skb->cb; 1912 meta->flags |= HOSTAP_TX_FLAGS_BUFFERED_FRAME; 1913 if (!skb_queue_empty(&sta->tx_buf)) { 1914 /* indicate to STA that more frames follow */ 1915 meta->flags |= HOSTAP_TX_FLAGS_ADD_MOREDATA; 1916 } 1917 dev_queue_xmit(skb); 1918 } 1919 1920 1921 /* Called only as a scheduled task for pending AP frames. */ 1922 static void handle_pspoll(local_info_t *local, 1923 struct ieee80211_hdr *hdr, 1924 struct hostap_80211_rx_status *rx_stats) 1925 { 1926 struct net_device *dev = local->dev; 1927 struct sta_info *sta; 1928 u16 aid; 1929 struct sk_buff *skb; 1930 1931 PDEBUG(DEBUG_PS2, "handle_pspoll: BSSID=%pM, TA=%pM PWRMGT=%d\n", 1932 hdr->addr1, hdr->addr2, !!ieee80211_has_pm(hdr->frame_control)); 1933 1934 if (!ether_addr_equal(hdr->addr1, dev->dev_addr)) { 1935 PDEBUG(DEBUG_AP, 1936 "handle_pspoll - addr1(BSSID)=%pM not own MAC\n", 1937 hdr->addr1); 1938 return; 1939 } 1940 1941 aid = le16_to_cpu(hdr->duration_id); 1942 if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14))) { 1943 PDEBUG(DEBUG_PS, " PSPOLL and AID[15:14] not set\n"); 1944 return; 1945 } 1946 aid &= ~(BIT(15) | BIT(14)); 1947 if (aid == 0 || aid > MAX_AID_TABLE_SIZE) { 1948 PDEBUG(DEBUG_PS, " invalid aid=%d\n", aid); 1949 return; 1950 } 1951 PDEBUG(DEBUG_PS2, " aid=%d\n", aid); 1952 1953 spin_lock_bh(&local->ap->sta_table_lock); 1954 sta = ap_get_sta(local->ap, hdr->addr2); 1955 if (sta) 1956 atomic_inc(&sta->users); 1957 spin_unlock_bh(&local->ap->sta_table_lock); 1958 1959 if (sta == NULL) { 1960 PDEBUG(DEBUG_PS, " STA not found\n"); 1961 return; 1962 } 1963 if (sta->aid != aid) { 1964 PDEBUG(DEBUG_PS, " received aid=%i does not match with " 1965 "assoc.aid=%d\n", aid, sta->aid); 1966 return; 1967 } 1968 1969 /* FIX: todo: 1970 * - add timeout for buffering (clear aid in TIM vector if buffer timed 1971 * out (expiry time must be longer than ListenInterval for 1972 * the corresponding STA; "8802-11: 11.2.1.9 AP aging function" 1973 * - what to do, if buffered, pspolled, and sent frame is not ACKed by 1974 * sta; store buffer for later use and leave TIM aid bit set? use 1975 * TX event to check whether frame was ACKed? 1976 */ 1977 1978 while ((skb = skb_dequeue(&sta->tx_buf)) != NULL) { 1979 /* send buffered frame .. */ 1980 PDEBUG(DEBUG_PS2, "Sending buffered frame to STA after PS POLL" 1981 " (buffer_count=%d)\n", skb_queue_len(&sta->tx_buf)); 1982 1983 pspoll_send_buffered(local, sta, skb); 1984 1985 if (sta->flags & WLAN_STA_PS) { 1986 /* send only one buffered packet per PS Poll */ 1987 /* FIX: should ignore further PS Polls until the 1988 * buffered packet that was just sent is acknowledged 1989 * (Tx or TxExc event) */ 1990 break; 1991 } 1992 } 1993 1994 if (skb_queue_empty(&sta->tx_buf)) { 1995 /* try to clear aid from TIM */ 1996 if (!(sta->flags & WLAN_STA_TIM)) 1997 PDEBUG(DEBUG_PS2, "Re-unsetting TIM for aid %d\n", 1998 aid); 1999 hostap_set_tim(local, aid, 0); 2000 sta->flags &= ~WLAN_STA_TIM; 2001 } 2002 2003 atomic_dec(&sta->users); 2004 } 2005 2006 2007 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 2008 2009 static void handle_wds_oper_queue(struct work_struct *work) 2010 { 2011 struct ap_data *ap = container_of(work, struct ap_data, 2012 wds_oper_queue); 2013 local_info_t *local = ap->local; 2014 struct wds_oper_data *entry, *prev; 2015 2016 spin_lock_bh(&local->lock); 2017 entry = local->ap->wds_oper_entries; 2018 local->ap->wds_oper_entries = NULL; 2019 spin_unlock_bh(&local->lock); 2020 2021 while (entry) { 2022 PDEBUG(DEBUG_AP, "%s: %s automatic WDS connection " 2023 "to AP %pM\n", 2024 local->dev->name, 2025 entry->type == WDS_ADD ? "adding" : "removing", 2026 entry->addr); 2027 if (entry->type == WDS_ADD) 2028 prism2_wds_add(local, entry->addr, 0); 2029 else if (entry->type == WDS_DEL) 2030 prism2_wds_del(local, entry->addr, 0, 1); 2031 2032 prev = entry; 2033 entry = entry->next; 2034 kfree(prev); 2035 } 2036 } 2037 2038 2039 /* Called only as a scheduled task for pending AP frames. */ 2040 static void handle_beacon(local_info_t *local, struct sk_buff *skb, 2041 struct hostap_80211_rx_status *rx_stats) 2042 { 2043 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 2044 char *body = skb->data + IEEE80211_MGMT_HDR_LEN; 2045 int len, left; 2046 u16 beacon_int, capability; 2047 __le16 *pos; 2048 char *ssid = NULL; 2049 unsigned char *supp_rates = NULL; 2050 int ssid_len = 0, supp_rates_len = 0; 2051 struct sta_info *sta = NULL; 2052 int new_sta = 0, channel = -1; 2053 2054 len = skb->len - IEEE80211_MGMT_HDR_LEN; 2055 2056 if (len < 8 + 2 + 2) { 2057 printk(KERN_DEBUG "handle_beacon - too short payload " 2058 "(len=%d)\n", len); 2059 return; 2060 } 2061 2062 pos = (__le16 *) body; 2063 left = len; 2064 2065 /* Timestamp (8 octets) */ 2066 pos += 4; left -= 8; 2067 /* Beacon interval (2 octets) */ 2068 beacon_int = le16_to_cpu(*pos); 2069 pos++; left -= 2; 2070 /* Capability information (2 octets) */ 2071 capability = le16_to_cpu(*pos); 2072 pos++; left -= 2; 2073 2074 if (local->ap->ap_policy != AP_OTHER_AP_EVEN_IBSS && 2075 capability & WLAN_CAPABILITY_IBSS) 2076 return; 2077 2078 if (left >= 2) { 2079 unsigned int ileft; 2080 unsigned char *u = (unsigned char *) pos; 2081 2082 if (*u == WLAN_EID_SSID) { 2083 u++; left--; 2084 ileft = *u; 2085 u++; left--; 2086 2087 if (ileft > left || ileft > MAX_SSID_LEN) { 2088 PDEBUG(DEBUG_AP, "SSID: overflow\n"); 2089 return; 2090 } 2091 2092 if (local->ap->ap_policy == AP_OTHER_AP_SAME_SSID && 2093 (ileft != strlen(local->essid) || 2094 memcmp(local->essid, u, ileft) != 0)) { 2095 /* not our SSID */ 2096 return; 2097 } 2098 2099 ssid = u; 2100 ssid_len = ileft; 2101 2102 u += ileft; 2103 left -= ileft; 2104 } 2105 2106 if (*u == WLAN_EID_SUPP_RATES) { 2107 u++; left--; 2108 ileft = *u; 2109 u++; left--; 2110 2111 if (ileft > left || ileft == 0 || ileft > 8) { 2112 PDEBUG(DEBUG_AP, " - SUPP_RATES len error\n"); 2113 return; 2114 } 2115 2116 supp_rates = u; 2117 supp_rates_len = ileft; 2118 2119 u += ileft; 2120 left -= ileft; 2121 } 2122 2123 if (*u == WLAN_EID_DS_PARAMS) { 2124 u++; left--; 2125 ileft = *u; 2126 u++; left--; 2127 2128 if (ileft > left || ileft != 1) { 2129 PDEBUG(DEBUG_AP, " - DS_PARAMS len error\n"); 2130 return; 2131 } 2132 2133 channel = *u; 2134 2135 u += ileft; 2136 left -= ileft; 2137 } 2138 } 2139 2140 spin_lock_bh(&local->ap->sta_table_lock); 2141 sta = ap_get_sta(local->ap, hdr->addr2); 2142 if (sta != NULL) 2143 atomic_inc(&sta->users); 2144 spin_unlock_bh(&local->ap->sta_table_lock); 2145 2146 if (sta == NULL) { 2147 /* add new AP */ 2148 new_sta = 1; 2149 sta = ap_add_sta(local->ap, hdr->addr2); 2150 if (sta == NULL) { 2151 printk(KERN_INFO "prism2: kmalloc failed for AP " 2152 "data structure\n"); 2153 return; 2154 } 2155 hostap_event_new_sta(local->dev, sta); 2156 2157 /* mark APs authentication and associated for pseudo ad-hoc 2158 * style communication */ 2159 sta->flags = WLAN_STA_AUTH | WLAN_STA_ASSOC; 2160 2161 if (local->ap->autom_ap_wds) { 2162 hostap_wds_link_oper(local, sta->addr, WDS_ADD); 2163 } 2164 } 2165 2166 sta->ap = 1; 2167 if (ssid) { 2168 sta->u.ap.ssid_len = ssid_len; 2169 memcpy(sta->u.ap.ssid, ssid, ssid_len); 2170 sta->u.ap.ssid[ssid_len] = '\0'; 2171 } else { 2172 sta->u.ap.ssid_len = 0; 2173 sta->u.ap.ssid[0] = '\0'; 2174 } 2175 sta->u.ap.channel = channel; 2176 sta->rx_packets++; 2177 sta->rx_bytes += len; 2178 sta->u.ap.last_beacon = sta->last_rx = jiffies; 2179 sta->capability = capability; 2180 sta->listen_interval = beacon_int; 2181 2182 atomic_dec(&sta->users); 2183 2184 if (new_sta) { 2185 memset(sta->supported_rates, 0, sizeof(sta->supported_rates)); 2186 memcpy(sta->supported_rates, supp_rates, supp_rates_len); 2187 prism2_check_tx_rates(sta); 2188 } 2189 } 2190 2191 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 2192 2193 2194 /* Called only as a tasklet. */ 2195 static void handle_ap_item(local_info_t *local, struct sk_buff *skb, 2196 struct hostap_80211_rx_status *rx_stats) 2197 { 2198 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 2199 struct net_device *dev = local->dev; 2200 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 2201 u16 fc, type, stype; 2202 struct ieee80211_hdr *hdr; 2203 2204 /* FIX: should give skb->len to handler functions and check that the 2205 * buffer is long enough */ 2206 hdr = (struct ieee80211_hdr *) skb->data; 2207 fc = le16_to_cpu(hdr->frame_control); 2208 type = fc & IEEE80211_FCTL_FTYPE; 2209 stype = fc & IEEE80211_FCTL_STYPE; 2210 2211 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 2212 if (!local->hostapd && type == IEEE80211_FTYPE_DATA) { 2213 PDEBUG(DEBUG_AP, "handle_ap_item - data frame\n"); 2214 2215 if (!(fc & IEEE80211_FCTL_TODS) || 2216 (fc & IEEE80211_FCTL_FROMDS)) { 2217 if (stype == IEEE80211_STYPE_NULLFUNC) { 2218 /* no ToDS nullfunc seems to be used to check 2219 * AP association; so send reject message to 2220 * speed up re-association */ 2221 ap_handle_dropped_data(local, hdr); 2222 goto done; 2223 } 2224 PDEBUG(DEBUG_AP, " not ToDS frame (fc=0x%04x)\n", 2225 fc); 2226 goto done; 2227 } 2228 2229 if (!ether_addr_equal(hdr->addr1, dev->dev_addr)) { 2230 PDEBUG(DEBUG_AP, "handle_ap_item - addr1(BSSID)=%pM" 2231 " not own MAC\n", hdr->addr1); 2232 goto done; 2233 } 2234 2235 if (local->ap->nullfunc_ack && 2236 stype == IEEE80211_STYPE_NULLFUNC) 2237 ap_handle_data_nullfunc(local, hdr); 2238 else 2239 ap_handle_dropped_data(local, hdr); 2240 goto done; 2241 } 2242 2243 if (type == IEEE80211_FTYPE_MGMT && stype == IEEE80211_STYPE_BEACON) { 2244 handle_beacon(local, skb, rx_stats); 2245 goto done; 2246 } 2247 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 2248 2249 if (type == IEEE80211_FTYPE_CTL && stype == IEEE80211_STYPE_PSPOLL) { 2250 handle_pspoll(local, hdr, rx_stats); 2251 goto done; 2252 } 2253 2254 if (local->hostapd) { 2255 PDEBUG(DEBUG_AP, "Unknown frame in AP queue: type=0x%02x " 2256 "subtype=0x%02x\n", type, stype); 2257 goto done; 2258 } 2259 2260 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 2261 if (type != IEEE80211_FTYPE_MGMT) { 2262 PDEBUG(DEBUG_AP, "handle_ap_item - not a management frame?\n"); 2263 goto done; 2264 } 2265 2266 if (!ether_addr_equal(hdr->addr1, dev->dev_addr)) { 2267 PDEBUG(DEBUG_AP, "handle_ap_item - addr1(DA)=%pM" 2268 " not own MAC\n", hdr->addr1); 2269 goto done; 2270 } 2271 2272 if (!ether_addr_equal(hdr->addr3, dev->dev_addr)) { 2273 PDEBUG(DEBUG_AP, "handle_ap_item - addr3(BSSID)=%pM" 2274 " not own MAC\n", hdr->addr3); 2275 goto done; 2276 } 2277 2278 switch (stype) { 2279 case IEEE80211_STYPE_ASSOC_REQ: 2280 handle_assoc(local, skb, rx_stats, 0); 2281 break; 2282 case IEEE80211_STYPE_ASSOC_RESP: 2283 PDEBUG(DEBUG_AP, "==> ASSOC RESP (ignored)\n"); 2284 break; 2285 case IEEE80211_STYPE_REASSOC_REQ: 2286 handle_assoc(local, skb, rx_stats, 1); 2287 break; 2288 case IEEE80211_STYPE_REASSOC_RESP: 2289 PDEBUG(DEBUG_AP, "==> REASSOC RESP (ignored)\n"); 2290 break; 2291 case IEEE80211_STYPE_ATIM: 2292 PDEBUG(DEBUG_AP, "==> ATIM (ignored)\n"); 2293 break; 2294 case IEEE80211_STYPE_DISASSOC: 2295 handle_disassoc(local, skb, rx_stats); 2296 break; 2297 case IEEE80211_STYPE_AUTH: 2298 handle_authen(local, skb, rx_stats); 2299 break; 2300 case IEEE80211_STYPE_DEAUTH: 2301 handle_deauth(local, skb, rx_stats); 2302 break; 2303 default: 2304 PDEBUG(DEBUG_AP, "Unknown mgmt frame subtype 0x%02x\n", 2305 stype >> 4); 2306 break; 2307 } 2308 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 2309 2310 done: 2311 dev_kfree_skb(skb); 2312 } 2313 2314 2315 /* Called only as a tasklet (software IRQ) */ 2316 void hostap_rx(struct net_device *dev, struct sk_buff *skb, 2317 struct hostap_80211_rx_status *rx_stats) 2318 { 2319 struct hostap_interface *iface; 2320 local_info_t *local; 2321 struct ieee80211_hdr *hdr; 2322 2323 iface = netdev_priv(dev); 2324 local = iface->local; 2325 2326 if (skb->len < 16) 2327 goto drop; 2328 2329 dev->stats.rx_packets++; 2330 2331 hdr = (struct ieee80211_hdr *) skb->data; 2332 2333 if (local->ap->ap_policy == AP_OTHER_AP_SKIP_ALL && 2334 ieee80211_is_beacon(hdr->frame_control)) 2335 goto drop; 2336 2337 skb->protocol = cpu_to_be16(ETH_P_HOSTAP); 2338 handle_ap_item(local, skb, rx_stats); 2339 return; 2340 2341 drop: 2342 dev_kfree_skb(skb); 2343 } 2344 2345 2346 /* Called only as a tasklet (software IRQ) */ 2347 static void schedule_packet_send(local_info_t *local, struct sta_info *sta) 2348 { 2349 struct sk_buff *skb; 2350 struct ieee80211_hdr *hdr; 2351 struct hostap_80211_rx_status rx_stats; 2352 2353 if (skb_queue_empty(&sta->tx_buf)) 2354 return; 2355 2356 skb = dev_alloc_skb(16); 2357 if (skb == NULL) { 2358 printk(KERN_DEBUG "%s: schedule_packet_send: skb alloc " 2359 "failed\n", local->dev->name); 2360 return; 2361 } 2362 2363 hdr = skb_put(skb, 16); 2364 2365 /* Generate a fake pspoll frame to start packet delivery */ 2366 hdr->frame_control = cpu_to_le16( 2367 IEEE80211_FTYPE_CTL | IEEE80211_STYPE_PSPOLL); 2368 memcpy(hdr->addr1, local->dev->dev_addr, ETH_ALEN); 2369 memcpy(hdr->addr2, sta->addr, ETH_ALEN); 2370 hdr->duration_id = cpu_to_le16(sta->aid | BIT(15) | BIT(14)); 2371 2372 PDEBUG(DEBUG_PS2, 2373 "%s: Scheduling buffered packet delivery for STA %pM\n", 2374 local->dev->name, sta->addr); 2375 2376 skb->dev = local->dev; 2377 2378 memset(&rx_stats, 0, sizeof(rx_stats)); 2379 hostap_rx(local->dev, skb, &rx_stats); 2380 } 2381 2382 2383 int prism2_ap_get_sta_qual(local_info_t *local, struct sockaddr addr[], 2384 struct iw_quality qual[], int buf_size, 2385 int aplist) 2386 { 2387 struct ap_data *ap = local->ap; 2388 struct list_head *ptr; 2389 int count = 0; 2390 2391 spin_lock_bh(&ap->sta_table_lock); 2392 2393 for (ptr = ap->sta_list.next; ptr != NULL && ptr != &ap->sta_list; 2394 ptr = ptr->next) { 2395 struct sta_info *sta = (struct sta_info *) ptr; 2396 2397 if (aplist && !sta->ap) 2398 continue; 2399 addr[count].sa_family = ARPHRD_ETHER; 2400 memcpy(addr[count].sa_data, sta->addr, ETH_ALEN); 2401 if (sta->last_rx_silence == 0) 2402 qual[count].qual = sta->last_rx_signal < 27 ? 2403 0 : (sta->last_rx_signal - 27) * 92 / 127; 2404 else 2405 qual[count].qual = sta->last_rx_signal - 2406 sta->last_rx_silence - 35; 2407 qual[count].level = HFA384X_LEVEL_TO_dBm(sta->last_rx_signal); 2408 qual[count].noise = HFA384X_LEVEL_TO_dBm(sta->last_rx_silence); 2409 qual[count].updated = sta->last_rx_updated; 2410 2411 sta->last_rx_updated = IW_QUAL_DBM; 2412 2413 count++; 2414 if (count >= buf_size) 2415 break; 2416 } 2417 spin_unlock_bh(&ap->sta_table_lock); 2418 2419 return count; 2420 } 2421 2422 2423 /* Translate our list of Access Points & Stations to a card independent 2424 * format that the Wireless Tools will understand - Jean II */ 2425 int prism2_ap_translate_scan(struct net_device *dev, 2426 struct iw_request_info *info, char *buffer) 2427 { 2428 struct hostap_interface *iface; 2429 local_info_t *local; 2430 struct ap_data *ap; 2431 struct list_head *ptr; 2432 struct iw_event iwe; 2433 char *current_ev = buffer; 2434 char *end_buf = buffer + IW_SCAN_MAX_DATA; 2435 #if !defined(PRISM2_NO_KERNEL_IEEE80211_MGMT) 2436 char buf[64]; 2437 #endif 2438 2439 iface = netdev_priv(dev); 2440 local = iface->local; 2441 ap = local->ap; 2442 2443 spin_lock_bh(&ap->sta_table_lock); 2444 2445 for (ptr = ap->sta_list.next; ptr != NULL && ptr != &ap->sta_list; 2446 ptr = ptr->next) { 2447 struct sta_info *sta = (struct sta_info *) ptr; 2448 2449 /* First entry *MUST* be the AP MAC address */ 2450 memset(&iwe, 0, sizeof(iwe)); 2451 iwe.cmd = SIOCGIWAP; 2452 iwe.u.ap_addr.sa_family = ARPHRD_ETHER; 2453 memcpy(iwe.u.ap_addr.sa_data, sta->addr, ETH_ALEN); 2454 iwe.len = IW_EV_ADDR_LEN; 2455 current_ev = iwe_stream_add_event(info, current_ev, end_buf, 2456 &iwe, IW_EV_ADDR_LEN); 2457 2458 /* Use the mode to indicate if it's a station or 2459 * an Access Point */ 2460 memset(&iwe, 0, sizeof(iwe)); 2461 iwe.cmd = SIOCGIWMODE; 2462 if (sta->ap) 2463 iwe.u.mode = IW_MODE_MASTER; 2464 else 2465 iwe.u.mode = IW_MODE_INFRA; 2466 iwe.len = IW_EV_UINT_LEN; 2467 current_ev = iwe_stream_add_event(info, current_ev, end_buf, 2468 &iwe, IW_EV_UINT_LEN); 2469 2470 /* Some quality */ 2471 memset(&iwe, 0, sizeof(iwe)); 2472 iwe.cmd = IWEVQUAL; 2473 if (sta->last_rx_silence == 0) 2474 iwe.u.qual.qual = sta->last_rx_signal < 27 ? 2475 0 : (sta->last_rx_signal - 27) * 92 / 127; 2476 else 2477 iwe.u.qual.qual = sta->last_rx_signal - 2478 sta->last_rx_silence - 35; 2479 iwe.u.qual.level = HFA384X_LEVEL_TO_dBm(sta->last_rx_signal); 2480 iwe.u.qual.noise = HFA384X_LEVEL_TO_dBm(sta->last_rx_silence); 2481 iwe.u.qual.updated = sta->last_rx_updated; 2482 iwe.len = IW_EV_QUAL_LEN; 2483 current_ev = iwe_stream_add_event(info, current_ev, end_buf, 2484 &iwe, IW_EV_QUAL_LEN); 2485 2486 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 2487 if (sta->ap) { 2488 memset(&iwe, 0, sizeof(iwe)); 2489 iwe.cmd = SIOCGIWESSID; 2490 iwe.u.data.length = sta->u.ap.ssid_len; 2491 iwe.u.data.flags = 1; 2492 current_ev = iwe_stream_add_point(info, current_ev, 2493 end_buf, &iwe, 2494 sta->u.ap.ssid); 2495 2496 memset(&iwe, 0, sizeof(iwe)); 2497 iwe.cmd = SIOCGIWENCODE; 2498 if (sta->capability & WLAN_CAPABILITY_PRIVACY) 2499 iwe.u.data.flags = 2500 IW_ENCODE_ENABLED | IW_ENCODE_NOKEY; 2501 else 2502 iwe.u.data.flags = IW_ENCODE_DISABLED; 2503 current_ev = iwe_stream_add_point(info, current_ev, 2504 end_buf, &iwe, 2505 sta->u.ap.ssid); 2506 2507 if (sta->u.ap.channel > 0 && 2508 sta->u.ap.channel <= FREQ_COUNT) { 2509 memset(&iwe, 0, sizeof(iwe)); 2510 iwe.cmd = SIOCGIWFREQ; 2511 iwe.u.freq.m = freq_list[sta->u.ap.channel - 1] 2512 * 100000; 2513 iwe.u.freq.e = 1; 2514 current_ev = iwe_stream_add_event( 2515 info, current_ev, end_buf, &iwe, 2516 IW_EV_FREQ_LEN); 2517 } 2518 2519 memset(&iwe, 0, sizeof(iwe)); 2520 iwe.cmd = IWEVCUSTOM; 2521 sprintf(buf, "beacon_interval=%d", 2522 sta->listen_interval); 2523 iwe.u.data.length = strlen(buf); 2524 current_ev = iwe_stream_add_point(info, current_ev, 2525 end_buf, &iwe, buf); 2526 } 2527 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 2528 2529 sta->last_rx_updated = IW_QUAL_DBM; 2530 2531 /* To be continued, we should make good use of IWEVCUSTOM */ 2532 } 2533 2534 spin_unlock_bh(&ap->sta_table_lock); 2535 2536 return current_ev - buffer; 2537 } 2538 2539 2540 static int prism2_hostapd_add_sta(struct ap_data *ap, 2541 struct prism2_hostapd_param *param) 2542 { 2543 struct sta_info *sta; 2544 2545 spin_lock_bh(&ap->sta_table_lock); 2546 sta = ap_get_sta(ap, param->sta_addr); 2547 if (sta) 2548 atomic_inc(&sta->users); 2549 spin_unlock_bh(&ap->sta_table_lock); 2550 2551 if (sta == NULL) { 2552 sta = ap_add_sta(ap, param->sta_addr); 2553 if (sta == NULL) 2554 return -1; 2555 } 2556 2557 if (!(sta->flags & WLAN_STA_ASSOC) && !sta->ap && sta->local) 2558 hostap_event_new_sta(sta->local->dev, sta); 2559 2560 sta->flags |= WLAN_STA_AUTH | WLAN_STA_ASSOC; 2561 sta->last_rx = jiffies; 2562 sta->aid = param->u.add_sta.aid; 2563 sta->capability = param->u.add_sta.capability; 2564 sta->tx_supp_rates = param->u.add_sta.tx_supp_rates; 2565 if (sta->tx_supp_rates & WLAN_RATE_1M) 2566 sta->supported_rates[0] = 2; 2567 if (sta->tx_supp_rates & WLAN_RATE_2M) 2568 sta->supported_rates[1] = 4; 2569 if (sta->tx_supp_rates & WLAN_RATE_5M5) 2570 sta->supported_rates[2] = 11; 2571 if (sta->tx_supp_rates & WLAN_RATE_11M) 2572 sta->supported_rates[3] = 22; 2573 prism2_check_tx_rates(sta); 2574 atomic_dec(&sta->users); 2575 return 0; 2576 } 2577 2578 2579 static int prism2_hostapd_remove_sta(struct ap_data *ap, 2580 struct prism2_hostapd_param *param) 2581 { 2582 struct sta_info *sta; 2583 2584 spin_lock_bh(&ap->sta_table_lock); 2585 sta = ap_get_sta(ap, param->sta_addr); 2586 if (sta) { 2587 ap_sta_hash_del(ap, sta); 2588 list_del(&sta->list); 2589 } 2590 spin_unlock_bh(&ap->sta_table_lock); 2591 2592 if (!sta) 2593 return -ENOENT; 2594 2595 if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap && sta->local) 2596 hostap_event_expired_sta(sta->local->dev, sta); 2597 ap_free_sta(ap, sta); 2598 2599 return 0; 2600 } 2601 2602 2603 static int prism2_hostapd_get_info_sta(struct ap_data *ap, 2604 struct prism2_hostapd_param *param) 2605 { 2606 struct sta_info *sta; 2607 2608 spin_lock_bh(&ap->sta_table_lock); 2609 sta = ap_get_sta(ap, param->sta_addr); 2610 if (sta) 2611 atomic_inc(&sta->users); 2612 spin_unlock_bh(&ap->sta_table_lock); 2613 2614 if (!sta) 2615 return -ENOENT; 2616 2617 param->u.get_info_sta.inactive_sec = (jiffies - sta->last_rx) / HZ; 2618 2619 atomic_dec(&sta->users); 2620 2621 return 1; 2622 } 2623 2624 2625 static int prism2_hostapd_set_flags_sta(struct ap_data *ap, 2626 struct prism2_hostapd_param *param) 2627 { 2628 struct sta_info *sta; 2629 2630 spin_lock_bh(&ap->sta_table_lock); 2631 sta = ap_get_sta(ap, param->sta_addr); 2632 if (sta) { 2633 sta->flags |= param->u.set_flags_sta.flags_or; 2634 sta->flags &= param->u.set_flags_sta.flags_and; 2635 } 2636 spin_unlock_bh(&ap->sta_table_lock); 2637 2638 if (!sta) 2639 return -ENOENT; 2640 2641 return 0; 2642 } 2643 2644 2645 static int prism2_hostapd_sta_clear_stats(struct ap_data *ap, 2646 struct prism2_hostapd_param *param) 2647 { 2648 struct sta_info *sta; 2649 int rate; 2650 2651 spin_lock_bh(&ap->sta_table_lock); 2652 sta = ap_get_sta(ap, param->sta_addr); 2653 if (sta) { 2654 sta->rx_packets = sta->tx_packets = 0; 2655 sta->rx_bytes = sta->tx_bytes = 0; 2656 for (rate = 0; rate < WLAN_RATE_COUNT; rate++) { 2657 sta->tx_count[rate] = 0; 2658 sta->rx_count[rate] = 0; 2659 } 2660 } 2661 spin_unlock_bh(&ap->sta_table_lock); 2662 2663 if (!sta) 2664 return -ENOENT; 2665 2666 return 0; 2667 } 2668 2669 2670 int prism2_hostapd(struct ap_data *ap, struct prism2_hostapd_param *param) 2671 { 2672 switch (param->cmd) { 2673 case PRISM2_HOSTAPD_FLUSH: 2674 ap_control_kickall(ap); 2675 return 0; 2676 case PRISM2_HOSTAPD_ADD_STA: 2677 return prism2_hostapd_add_sta(ap, param); 2678 case PRISM2_HOSTAPD_REMOVE_STA: 2679 return prism2_hostapd_remove_sta(ap, param); 2680 case PRISM2_HOSTAPD_GET_INFO_STA: 2681 return prism2_hostapd_get_info_sta(ap, param); 2682 case PRISM2_HOSTAPD_SET_FLAGS_STA: 2683 return prism2_hostapd_set_flags_sta(ap, param); 2684 case PRISM2_HOSTAPD_STA_CLEAR_STATS: 2685 return prism2_hostapd_sta_clear_stats(ap, param); 2686 default: 2687 printk(KERN_WARNING "prism2_hostapd: unknown cmd=%d\n", 2688 param->cmd); 2689 return -EOPNOTSUPP; 2690 } 2691 } 2692 2693 2694 /* Update station info for host-based TX rate control and return current 2695 * TX rate */ 2696 static int ap_update_sta_tx_rate(struct sta_info *sta, struct net_device *dev) 2697 { 2698 int ret = sta->tx_rate; 2699 struct hostap_interface *iface; 2700 local_info_t *local; 2701 2702 iface = netdev_priv(dev); 2703 local = iface->local; 2704 2705 sta->tx_count[sta->tx_rate_idx]++; 2706 sta->tx_since_last_failure++; 2707 sta->tx_consecutive_exc = 0; 2708 if (sta->tx_since_last_failure >= WLAN_RATE_UPDATE_COUNT && 2709 sta->tx_rate_idx < sta->tx_max_rate) { 2710 /* use next higher rate */ 2711 int old_rate, new_rate; 2712 old_rate = new_rate = sta->tx_rate_idx; 2713 while (new_rate < sta->tx_max_rate) { 2714 new_rate++; 2715 if (ap_tx_rate_ok(new_rate, sta, local)) { 2716 sta->tx_rate_idx = new_rate; 2717 break; 2718 } 2719 } 2720 if (old_rate != sta->tx_rate_idx) { 2721 switch (sta->tx_rate_idx) { 2722 case 0: sta->tx_rate = 10; break; 2723 case 1: sta->tx_rate = 20; break; 2724 case 2: sta->tx_rate = 55; break; 2725 case 3: sta->tx_rate = 110; break; 2726 default: sta->tx_rate = 0; break; 2727 } 2728 PDEBUG(DEBUG_AP, "%s: STA %pM TX rate raised to %d\n", 2729 dev->name, sta->addr, sta->tx_rate); 2730 } 2731 sta->tx_since_last_failure = 0; 2732 } 2733 2734 return ret; 2735 } 2736 2737 2738 /* Called only from software IRQ. Called for each TX frame prior possible 2739 * encryption and transmit. */ 2740 ap_tx_ret hostap_handle_sta_tx(local_info_t *local, struct hostap_tx_data *tx) 2741 { 2742 struct sta_info *sta = NULL; 2743 struct sk_buff *skb = tx->skb; 2744 int set_tim, ret; 2745 struct ieee80211_hdr *hdr; 2746 struct hostap_skb_tx_data *meta; 2747 2748 meta = (struct hostap_skb_tx_data *) skb->cb; 2749 ret = AP_TX_CONTINUE; 2750 if (local->ap == NULL || skb->len < 10 || 2751 meta->iface->type == HOSTAP_INTERFACE_STA) 2752 goto out; 2753 2754 hdr = (struct ieee80211_hdr *) skb->data; 2755 2756 if (hdr->addr1[0] & 0x01) { 2757 /* broadcast/multicast frame - no AP related processing */ 2758 if (local->ap->num_sta <= 0) 2759 ret = AP_TX_DROP; 2760 goto out; 2761 } 2762 2763 /* unicast packet - check whether destination STA is associated */ 2764 spin_lock(&local->ap->sta_table_lock); 2765 sta = ap_get_sta(local->ap, hdr->addr1); 2766 if (sta) 2767 atomic_inc(&sta->users); 2768 spin_unlock(&local->ap->sta_table_lock); 2769 2770 if (local->iw_mode == IW_MODE_MASTER && sta == NULL && 2771 !(meta->flags & HOSTAP_TX_FLAGS_WDS) && 2772 meta->iface->type != HOSTAP_INTERFACE_MASTER && 2773 meta->iface->type != HOSTAP_INTERFACE_AP) { 2774 #if 0 2775 /* This can happen, e.g., when wlan0 is added to a bridge and 2776 * bridging code does not know which port is the correct target 2777 * for a unicast frame. In this case, the packet is send to all 2778 * ports of the bridge. Since this is a valid scenario, do not 2779 * print out any errors here. */ 2780 if (net_ratelimit()) { 2781 printk(KERN_DEBUG "AP: drop packet to non-associated " 2782 "STA %pM\n", hdr->addr1); 2783 } 2784 #endif 2785 local->ap->tx_drop_nonassoc++; 2786 ret = AP_TX_DROP; 2787 goto out; 2788 } 2789 2790 if (sta == NULL) 2791 goto out; 2792 2793 if (!(sta->flags & WLAN_STA_AUTHORIZED)) 2794 ret = AP_TX_CONTINUE_NOT_AUTHORIZED; 2795 2796 /* Set tx_rate if using host-based TX rate control */ 2797 if (!local->fw_tx_rate_control) 2798 local->ap->last_tx_rate = meta->rate = 2799 ap_update_sta_tx_rate(sta, local->dev); 2800 2801 if (local->iw_mode != IW_MODE_MASTER) 2802 goto out; 2803 2804 if (!(sta->flags & WLAN_STA_PS)) 2805 goto out; 2806 2807 if (meta->flags & HOSTAP_TX_FLAGS_ADD_MOREDATA) { 2808 /* indicate to STA that more frames follow */ 2809 hdr->frame_control |= 2810 cpu_to_le16(IEEE80211_FCTL_MOREDATA); 2811 } 2812 2813 if (meta->flags & HOSTAP_TX_FLAGS_BUFFERED_FRAME) { 2814 /* packet was already buffered and now send due to 2815 * PS poll, so do not rebuffer it */ 2816 goto out; 2817 } 2818 2819 if (skb_queue_len(&sta->tx_buf) >= STA_MAX_TX_BUFFER) { 2820 PDEBUG(DEBUG_PS, "%s: No more space in STA (%pM)'s" 2821 "PS mode buffer\n", 2822 local->dev->name, sta->addr); 2823 /* Make sure that TIM is set for the station (it might not be 2824 * after AP wlan hw reset). */ 2825 /* FIX: should fix hw reset to restore bits based on STA 2826 * buffer state.. */ 2827 hostap_set_tim(local, sta->aid, 1); 2828 sta->flags |= WLAN_STA_TIM; 2829 ret = AP_TX_DROP; 2830 goto out; 2831 } 2832 2833 /* STA in PS mode, buffer frame for later delivery */ 2834 set_tim = skb_queue_empty(&sta->tx_buf); 2835 skb_queue_tail(&sta->tx_buf, skb); 2836 /* FIX: could save RX time to skb and expire buffered frames after 2837 * some time if STA does not poll for them */ 2838 2839 if (set_tim) { 2840 if (sta->flags & WLAN_STA_TIM) 2841 PDEBUG(DEBUG_PS2, "Re-setting TIM for aid %d\n", 2842 sta->aid); 2843 hostap_set_tim(local, sta->aid, 1); 2844 sta->flags |= WLAN_STA_TIM; 2845 } 2846 2847 ret = AP_TX_BUFFERED; 2848 2849 out: 2850 if (sta != NULL) { 2851 if (ret == AP_TX_CONTINUE || 2852 ret == AP_TX_CONTINUE_NOT_AUTHORIZED) { 2853 sta->tx_packets++; 2854 sta->tx_bytes += skb->len; 2855 sta->last_tx = jiffies; 2856 } 2857 2858 if ((ret == AP_TX_CONTINUE || 2859 ret == AP_TX_CONTINUE_NOT_AUTHORIZED) && 2860 sta->crypt && tx->host_encrypt) { 2861 tx->crypt = sta->crypt; 2862 tx->sta_ptr = sta; /* hostap_handle_sta_release() will 2863 * be called to release sta info 2864 * later */ 2865 } else 2866 atomic_dec(&sta->users); 2867 } 2868 2869 return ret; 2870 } 2871 2872 2873 void hostap_handle_sta_release(void *ptr) 2874 { 2875 struct sta_info *sta = ptr; 2876 atomic_dec(&sta->users); 2877 } 2878 2879 2880 /* Called only as a tasklet (software IRQ) */ 2881 void hostap_handle_sta_tx_exc(local_info_t *local, struct sk_buff *skb) 2882 { 2883 struct sta_info *sta; 2884 struct ieee80211_hdr *hdr; 2885 struct hostap_skb_tx_data *meta; 2886 2887 hdr = (struct ieee80211_hdr *) skb->data; 2888 meta = (struct hostap_skb_tx_data *) skb->cb; 2889 2890 spin_lock(&local->ap->sta_table_lock); 2891 sta = ap_get_sta(local->ap, hdr->addr1); 2892 if (!sta) { 2893 spin_unlock(&local->ap->sta_table_lock); 2894 PDEBUG(DEBUG_AP, "%s: Could not find STA %pM" 2895 " for this TX error (@%lu)\n", 2896 local->dev->name, hdr->addr1, jiffies); 2897 return; 2898 } 2899 2900 sta->tx_since_last_failure = 0; 2901 sta->tx_consecutive_exc++; 2902 2903 if (sta->tx_consecutive_exc >= WLAN_RATE_DECREASE_THRESHOLD && 2904 sta->tx_rate_idx > 0 && meta->rate <= sta->tx_rate) { 2905 /* use next lower rate */ 2906 int old, rate; 2907 old = rate = sta->tx_rate_idx; 2908 while (rate > 0) { 2909 rate--; 2910 if (ap_tx_rate_ok(rate, sta, local)) { 2911 sta->tx_rate_idx = rate; 2912 break; 2913 } 2914 } 2915 if (old != sta->tx_rate_idx) { 2916 switch (sta->tx_rate_idx) { 2917 case 0: sta->tx_rate = 10; break; 2918 case 1: sta->tx_rate = 20; break; 2919 case 2: sta->tx_rate = 55; break; 2920 case 3: sta->tx_rate = 110; break; 2921 default: sta->tx_rate = 0; break; 2922 } 2923 PDEBUG(DEBUG_AP, 2924 "%s: STA %pM TX rate lowered to %d\n", 2925 local->dev->name, sta->addr, sta->tx_rate); 2926 } 2927 sta->tx_consecutive_exc = 0; 2928 } 2929 spin_unlock(&local->ap->sta_table_lock); 2930 } 2931 2932 2933 static void hostap_update_sta_ps2(local_info_t *local, struct sta_info *sta, 2934 int pwrmgt, int type, int stype) 2935 { 2936 if (pwrmgt && !(sta->flags & WLAN_STA_PS)) { 2937 sta->flags |= WLAN_STA_PS; 2938 PDEBUG(DEBUG_PS2, "STA %pM changed to use PS " 2939 "mode (type=0x%02X, stype=0x%02X)\n", 2940 sta->addr, type >> 2, stype >> 4); 2941 } else if (!pwrmgt && (sta->flags & WLAN_STA_PS)) { 2942 sta->flags &= ~WLAN_STA_PS; 2943 PDEBUG(DEBUG_PS2, "STA %pM changed to not use " 2944 "PS mode (type=0x%02X, stype=0x%02X)\n", 2945 sta->addr, type >> 2, stype >> 4); 2946 if (type != IEEE80211_FTYPE_CTL || 2947 stype != IEEE80211_STYPE_PSPOLL) 2948 schedule_packet_send(local, sta); 2949 } 2950 } 2951 2952 2953 /* Called only as a tasklet (software IRQ). Called for each RX frame to update 2954 * STA power saving state. pwrmgt is a flag from 802.11 frame_control field. */ 2955 int hostap_update_sta_ps(local_info_t *local, struct ieee80211_hdr *hdr) 2956 { 2957 struct sta_info *sta; 2958 u16 fc; 2959 2960 spin_lock(&local->ap->sta_table_lock); 2961 sta = ap_get_sta(local->ap, hdr->addr2); 2962 if (sta) 2963 atomic_inc(&sta->users); 2964 spin_unlock(&local->ap->sta_table_lock); 2965 2966 if (!sta) 2967 return -1; 2968 2969 fc = le16_to_cpu(hdr->frame_control); 2970 hostap_update_sta_ps2(local, sta, fc & IEEE80211_FCTL_PM, 2971 fc & IEEE80211_FCTL_FTYPE, 2972 fc & IEEE80211_FCTL_STYPE); 2973 2974 atomic_dec(&sta->users); 2975 return 0; 2976 } 2977 2978 2979 /* Called only as a tasklet (software IRQ). Called for each RX frame after 2980 * getting RX header and payload from hardware. */ 2981 ap_rx_ret hostap_handle_sta_rx(local_info_t *local, struct net_device *dev, 2982 struct sk_buff *skb, 2983 struct hostap_80211_rx_status *rx_stats, 2984 int wds) 2985 { 2986 int ret; 2987 struct sta_info *sta; 2988 u16 fc, type, stype; 2989 struct ieee80211_hdr *hdr; 2990 2991 if (local->ap == NULL) 2992 return AP_RX_CONTINUE; 2993 2994 hdr = (struct ieee80211_hdr *) skb->data; 2995 2996 fc = le16_to_cpu(hdr->frame_control); 2997 type = fc & IEEE80211_FCTL_FTYPE; 2998 stype = fc & IEEE80211_FCTL_STYPE; 2999 3000 spin_lock(&local->ap->sta_table_lock); 3001 sta = ap_get_sta(local->ap, hdr->addr2); 3002 if (sta) 3003 atomic_inc(&sta->users); 3004 spin_unlock(&local->ap->sta_table_lock); 3005 3006 if (sta && !(sta->flags & WLAN_STA_AUTHORIZED)) 3007 ret = AP_RX_CONTINUE_NOT_AUTHORIZED; 3008 else 3009 ret = AP_RX_CONTINUE; 3010 3011 3012 if (fc & IEEE80211_FCTL_TODS) { 3013 if (!wds && (sta == NULL || !(sta->flags & WLAN_STA_ASSOC))) { 3014 if (local->hostapd) { 3015 prism2_rx_80211(local->apdev, skb, rx_stats, 3016 PRISM2_RX_NON_ASSOC); 3017 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 3018 } else { 3019 printk(KERN_DEBUG "%s: dropped received packet" 3020 " from non-associated STA %pM" 3021 " (type=0x%02x, subtype=0x%02x)\n", 3022 dev->name, hdr->addr2, 3023 type >> 2, stype >> 4); 3024 hostap_rx(dev, skb, rx_stats); 3025 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 3026 } 3027 ret = AP_RX_EXIT; 3028 goto out; 3029 } 3030 } else if (fc & IEEE80211_FCTL_FROMDS) { 3031 if (!wds) { 3032 /* FromDS frame - not for us; probably 3033 * broadcast/multicast in another BSS - drop */ 3034 if (ether_addr_equal(hdr->addr1, dev->dev_addr)) { 3035 printk(KERN_DEBUG "Odd.. FromDS packet " 3036 "received with own BSSID\n"); 3037 hostap_dump_rx_80211(dev->name, skb, rx_stats); 3038 } 3039 ret = AP_RX_DROP; 3040 goto out; 3041 } 3042 } else if (stype == IEEE80211_STYPE_NULLFUNC && sta == NULL && 3043 ether_addr_equal(hdr->addr1, dev->dev_addr)) { 3044 3045 if (local->hostapd) { 3046 prism2_rx_80211(local->apdev, skb, rx_stats, 3047 PRISM2_RX_NON_ASSOC); 3048 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 3049 } else { 3050 /* At least Lucent f/w seems to send data::nullfunc 3051 * frames with no ToDS flag when the current AP returns 3052 * after being unavailable for some time. Speed up 3053 * re-association by informing the station about it not 3054 * being associated. */ 3055 printk(KERN_DEBUG "%s: rejected received nullfunc frame" 3056 " without ToDS from not associated STA %pM\n", 3057 dev->name, hdr->addr2); 3058 hostap_rx(dev, skb, rx_stats); 3059 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 3060 } 3061 ret = AP_RX_EXIT; 3062 goto out; 3063 } else if (stype == IEEE80211_STYPE_NULLFUNC) { 3064 /* At least Lucent cards seem to send periodic nullfunc 3065 * frames with ToDS. Let these through to update SQ 3066 * stats and PS state. Nullfunc frames do not contain 3067 * any data and they will be dropped below. */ 3068 } else { 3069 /* If BSSID (Addr3) is foreign, this frame is a normal 3070 * broadcast frame from an IBSS network. Drop it silently. 3071 * If BSSID is own, report the dropping of this frame. */ 3072 if (ether_addr_equal(hdr->addr3, dev->dev_addr)) { 3073 printk(KERN_DEBUG "%s: dropped received packet from %pM" 3074 " with no ToDS flag " 3075 "(type=0x%02x, subtype=0x%02x)\n", dev->name, 3076 hdr->addr2, type >> 2, stype >> 4); 3077 hostap_dump_rx_80211(dev->name, skb, rx_stats); 3078 } 3079 ret = AP_RX_DROP; 3080 goto out; 3081 } 3082 3083 if (sta) { 3084 hostap_update_sta_ps2(local, sta, fc & IEEE80211_FCTL_PM, 3085 type, stype); 3086 3087 sta->rx_packets++; 3088 sta->rx_bytes += skb->len; 3089 sta->last_rx = jiffies; 3090 } 3091 3092 if (local->ap->nullfunc_ack && stype == IEEE80211_STYPE_NULLFUNC && 3093 fc & IEEE80211_FCTL_TODS) { 3094 if (local->hostapd) { 3095 prism2_rx_80211(local->apdev, skb, rx_stats, 3096 PRISM2_RX_NULLFUNC_ACK); 3097 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 3098 } else { 3099 /* some STA f/w's seem to require control::ACK frame 3100 * for data::nullfunc, but Prism2 f/w 0.8.0 (at least 3101 * from Compaq) does not send this.. Try to generate 3102 * ACK for these frames from the host driver to make 3103 * power saving work with, e.g., Lucent WaveLAN f/w */ 3104 hostap_rx(dev, skb, rx_stats); 3105 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 3106 } 3107 ret = AP_RX_EXIT; 3108 goto out; 3109 } 3110 3111 out: 3112 if (sta) 3113 atomic_dec(&sta->users); 3114 3115 return ret; 3116 } 3117 3118 3119 /* Called only as a tasklet (software IRQ) */ 3120 int hostap_handle_sta_crypto(local_info_t *local, 3121 struct ieee80211_hdr *hdr, 3122 struct lib80211_crypt_data **crypt, 3123 void **sta_ptr) 3124 { 3125 struct sta_info *sta; 3126 3127 spin_lock(&local->ap->sta_table_lock); 3128 sta = ap_get_sta(local->ap, hdr->addr2); 3129 if (sta) 3130 atomic_inc(&sta->users); 3131 spin_unlock(&local->ap->sta_table_lock); 3132 3133 if (!sta) 3134 return -1; 3135 3136 if (sta->crypt) { 3137 *crypt = sta->crypt; 3138 *sta_ptr = sta; 3139 /* hostap_handle_sta_release() will be called to release STA 3140 * info */ 3141 } else 3142 atomic_dec(&sta->users); 3143 3144 return 0; 3145 } 3146 3147 3148 /* Called only as a tasklet (software IRQ) */ 3149 int hostap_is_sta_assoc(struct ap_data *ap, u8 *sta_addr) 3150 { 3151 struct sta_info *sta; 3152 int ret = 0; 3153 3154 spin_lock(&ap->sta_table_lock); 3155 sta = ap_get_sta(ap, sta_addr); 3156 if (sta != NULL && (sta->flags & WLAN_STA_ASSOC) && !sta->ap) 3157 ret = 1; 3158 spin_unlock(&ap->sta_table_lock); 3159 3160 return ret; 3161 } 3162 3163 3164 /* Called only as a tasklet (software IRQ) */ 3165 int hostap_is_sta_authorized(struct ap_data *ap, u8 *sta_addr) 3166 { 3167 struct sta_info *sta; 3168 int ret = 0; 3169 3170 spin_lock(&ap->sta_table_lock); 3171 sta = ap_get_sta(ap, sta_addr); 3172 if (sta != NULL && (sta->flags & WLAN_STA_ASSOC) && !sta->ap && 3173 ((sta->flags & WLAN_STA_AUTHORIZED) || 3174 ap->local->ieee_802_1x == 0)) 3175 ret = 1; 3176 spin_unlock(&ap->sta_table_lock); 3177 3178 return ret; 3179 } 3180 3181 3182 /* Called only as a tasklet (software IRQ) */ 3183 int hostap_add_sta(struct ap_data *ap, u8 *sta_addr) 3184 { 3185 struct sta_info *sta; 3186 int ret = 1; 3187 3188 if (!ap) 3189 return -1; 3190 3191 spin_lock(&ap->sta_table_lock); 3192 sta = ap_get_sta(ap, sta_addr); 3193 if (sta) 3194 ret = 0; 3195 spin_unlock(&ap->sta_table_lock); 3196 3197 if (ret == 1) { 3198 sta = ap_add_sta(ap, sta_addr); 3199 if (!sta) 3200 return -1; 3201 sta->flags = WLAN_STA_AUTH | WLAN_STA_ASSOC; 3202 sta->ap = 1; 3203 memset(sta->supported_rates, 0, sizeof(sta->supported_rates)); 3204 /* No way of knowing which rates are supported since we did not 3205 * get supported rates element from beacon/assoc req. Assume 3206 * that remote end supports all 802.11b rates. */ 3207 sta->supported_rates[0] = 0x82; 3208 sta->supported_rates[1] = 0x84; 3209 sta->supported_rates[2] = 0x0b; 3210 sta->supported_rates[3] = 0x16; 3211 sta->tx_supp_rates = WLAN_RATE_1M | WLAN_RATE_2M | 3212 WLAN_RATE_5M5 | WLAN_RATE_11M; 3213 sta->tx_rate = 110; 3214 sta->tx_max_rate = sta->tx_rate_idx = 3; 3215 } 3216 3217 return ret; 3218 } 3219 3220 3221 /* Called only as a tasklet (software IRQ) */ 3222 int hostap_update_rx_stats(struct ap_data *ap, 3223 struct ieee80211_hdr *hdr, 3224 struct hostap_80211_rx_status *rx_stats) 3225 { 3226 struct sta_info *sta; 3227 3228 if (!ap) 3229 return -1; 3230 3231 spin_lock(&ap->sta_table_lock); 3232 sta = ap_get_sta(ap, hdr->addr2); 3233 if (sta) { 3234 sta->last_rx_silence = rx_stats->noise; 3235 sta->last_rx_signal = rx_stats->signal; 3236 sta->last_rx_rate = rx_stats->rate; 3237 sta->last_rx_updated = IW_QUAL_ALL_UPDATED | IW_QUAL_DBM; 3238 if (rx_stats->rate == 10) 3239 sta->rx_count[0]++; 3240 else if (rx_stats->rate == 20) 3241 sta->rx_count[1]++; 3242 else if (rx_stats->rate == 55) 3243 sta->rx_count[2]++; 3244 else if (rx_stats->rate == 110) 3245 sta->rx_count[3]++; 3246 } 3247 spin_unlock(&ap->sta_table_lock); 3248 3249 return sta ? 0 : -1; 3250 } 3251 3252 3253 void hostap_update_rates(local_info_t *local) 3254 { 3255 struct sta_info *sta; 3256 struct ap_data *ap = local->ap; 3257 3258 if (!ap) 3259 return; 3260 3261 spin_lock_bh(&ap->sta_table_lock); 3262 list_for_each_entry(sta, &ap->sta_list, list) { 3263 prism2_check_tx_rates(sta); 3264 } 3265 spin_unlock_bh(&ap->sta_table_lock); 3266 } 3267 3268 3269 void * ap_crypt_get_ptrs(struct ap_data *ap, u8 *addr, int permanent, 3270 struct lib80211_crypt_data ***crypt) 3271 { 3272 struct sta_info *sta; 3273 3274 spin_lock_bh(&ap->sta_table_lock); 3275 sta = ap_get_sta(ap, addr); 3276 if (sta) 3277 atomic_inc(&sta->users); 3278 spin_unlock_bh(&ap->sta_table_lock); 3279 3280 if (!sta && permanent) 3281 sta = ap_add_sta(ap, addr); 3282 3283 if (!sta) 3284 return NULL; 3285 3286 if (permanent) 3287 sta->flags |= WLAN_STA_PERM; 3288 3289 *crypt = &sta->crypt; 3290 3291 return sta; 3292 } 3293 3294 3295 void hostap_add_wds_links(local_info_t *local) 3296 { 3297 struct ap_data *ap = local->ap; 3298 struct sta_info *sta; 3299 3300 spin_lock_bh(&ap->sta_table_lock); 3301 list_for_each_entry(sta, &ap->sta_list, list) { 3302 if (sta->ap) 3303 hostap_wds_link_oper(local, sta->addr, WDS_ADD); 3304 } 3305 spin_unlock_bh(&ap->sta_table_lock); 3306 3307 schedule_work(&local->ap->wds_oper_queue); 3308 } 3309 3310 3311 void hostap_wds_link_oper(local_info_t *local, u8 *addr, wds_oper_type type) 3312 { 3313 struct wds_oper_data *entry; 3314 3315 entry = kmalloc(sizeof(*entry), GFP_ATOMIC); 3316 if (!entry) 3317 return; 3318 memcpy(entry->addr, addr, ETH_ALEN); 3319 entry->type = type; 3320 spin_lock_bh(&local->lock); 3321 entry->next = local->ap->wds_oper_entries; 3322 local->ap->wds_oper_entries = entry; 3323 spin_unlock_bh(&local->lock); 3324 3325 schedule_work(&local->ap->wds_oper_queue); 3326 } 3327 3328 3329 EXPORT_SYMBOL(hostap_init_data); 3330 EXPORT_SYMBOL(hostap_init_ap_proc); 3331 EXPORT_SYMBOL(hostap_free_data); 3332 EXPORT_SYMBOL(hostap_check_sta_fw_version); 3333 EXPORT_SYMBOL(hostap_handle_sta_tx_exc); 3334 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 3335 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 3336