1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Intersil Prism2 driver with Host AP (software access point) support 4 * Copyright (c) 2001-2002, SSH Communications Security Corp and Jouni Malinen 5 * <j@w1.fi> 6 * Copyright (c) 2002-2005, Jouni Malinen <j@w1.fi> 7 * 8 * This file is to be included into hostap.c when S/W AP functionality is 9 * compiled. 10 * 11 * AP: FIX: 12 * - if unicast Class 2 (assoc,reassoc,disassoc) frame received from 13 * unauthenticated STA, send deauth. frame (8802.11: 5.5) 14 * - if unicast Class 3 (data with to/from DS,deauth,pspoll) frame received 15 * from authenticated, but unassoc STA, send disassoc frame (8802.11: 5.5) 16 * - if unicast Class 3 received from unauthenticated STA, send deauth. frame 17 * (8802.11: 5.5) 18 */ 19 20 #include <linux/proc_fs.h> 21 #include <linux/seq_file.h> 22 #include <linux/delay.h> 23 #include <linux/random.h> 24 #include <linux/if_arp.h> 25 #include <linux/slab.h> 26 #include <linux/export.h> 27 #include <linux/moduleparam.h> 28 #include <linux/etherdevice.h> 29 30 #include "hostap_wlan.h" 31 #include "hostap.h" 32 #include "hostap_ap.h" 33 34 static int other_ap_policy[MAX_PARM_DEVICES] = { AP_OTHER_AP_SKIP_ALL, 35 DEF_INTS }; 36 module_param_array(other_ap_policy, int, NULL, 0444); 37 MODULE_PARM_DESC(other_ap_policy, "Other AP beacon monitoring policy (0-3)"); 38 39 static int ap_max_inactivity[MAX_PARM_DEVICES] = { AP_MAX_INACTIVITY_SEC, 40 DEF_INTS }; 41 module_param_array(ap_max_inactivity, int, NULL, 0444); 42 MODULE_PARM_DESC(ap_max_inactivity, "AP timeout (in seconds) for station " 43 "inactivity"); 44 45 static int ap_bridge_packets[MAX_PARM_DEVICES] = { 1, DEF_INTS }; 46 module_param_array(ap_bridge_packets, int, NULL, 0444); 47 MODULE_PARM_DESC(ap_bridge_packets, "Bridge packets directly between " 48 "stations"); 49 50 static int autom_ap_wds[MAX_PARM_DEVICES] = { 0, DEF_INTS }; 51 module_param_array(autom_ap_wds, int, NULL, 0444); 52 MODULE_PARM_DESC(autom_ap_wds, "Add WDS connections to other APs " 53 "automatically"); 54 55 56 static struct sta_info* ap_get_sta(struct ap_data *ap, u8 *sta); 57 static void hostap_event_expired_sta(struct net_device *dev, 58 struct sta_info *sta); 59 static void handle_add_proc_queue(struct work_struct *work); 60 61 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 62 static void handle_wds_oper_queue(struct work_struct *work); 63 static void prism2_send_mgmt(struct net_device *dev, 64 u16 type_subtype, char *body, 65 int body_len, u8 *addr, u16 tx_cb_idx); 66 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 67 68 69 #if !defined(PRISM2_NO_PROCFS_DEBUG) && defined(CONFIG_PROC_FS) 70 static int ap_debug_proc_show(struct seq_file *m, void *v) 71 { 72 struct ap_data *ap = pde_data(file_inode(m->file)); 73 74 seq_printf(m, "BridgedUnicastFrames=%u\n", ap->bridged_unicast); 75 seq_printf(m, "BridgedMulticastFrames=%u\n", ap->bridged_multicast); 76 seq_printf(m, "max_inactivity=%u\n", ap->max_inactivity / HZ); 77 seq_printf(m, "bridge_packets=%u\n", ap->bridge_packets); 78 seq_printf(m, "nullfunc_ack=%u\n", ap->nullfunc_ack); 79 seq_printf(m, "autom_ap_wds=%u\n", ap->autom_ap_wds); 80 seq_printf(m, "auth_algs=%u\n", ap->local->auth_algs); 81 seq_printf(m, "tx_drop_nonassoc=%u\n", ap->tx_drop_nonassoc); 82 return 0; 83 } 84 #endif 85 86 static void ap_sta_hash_add(struct ap_data *ap, struct sta_info *sta) 87 { 88 sta->hnext = ap->sta_hash[STA_HASH(sta->addr)]; 89 ap->sta_hash[STA_HASH(sta->addr)] = sta; 90 } 91 92 static void ap_sta_hash_del(struct ap_data *ap, struct sta_info *sta) 93 { 94 struct sta_info *s; 95 96 s = ap->sta_hash[STA_HASH(sta->addr)]; 97 if (s == NULL) return; 98 if (ether_addr_equal(s->addr, sta->addr)) { 99 ap->sta_hash[STA_HASH(sta->addr)] = s->hnext; 100 return; 101 } 102 103 while (s->hnext != NULL && !ether_addr_equal(s->hnext->addr, sta->addr)) 104 s = s->hnext; 105 if (s->hnext != NULL) 106 s->hnext = s->hnext->hnext; 107 else 108 printk("AP: could not remove STA %pM from hash table\n", 109 sta->addr); 110 } 111 112 static void ap_free_sta(struct ap_data *ap, struct sta_info *sta) 113 { 114 if (sta->ap && sta->local) 115 hostap_event_expired_sta(sta->local->dev, sta); 116 117 if (ap->proc != NULL) { 118 char name[20]; 119 sprintf(name, "%pM", sta->addr); 120 remove_proc_entry(name, ap->proc); 121 } 122 123 if (sta->crypt) { 124 sta->crypt->ops->deinit(sta->crypt->priv); 125 kfree(sta->crypt); 126 sta->crypt = NULL; 127 } 128 129 skb_queue_purge(&sta->tx_buf); 130 131 ap->num_sta--; 132 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 133 if (sta->aid > 0) 134 ap->sta_aid[sta->aid - 1] = NULL; 135 136 if (!sta->ap) 137 kfree(sta->u.sta.challenge); 138 del_timer_sync(&sta->timer); 139 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 140 141 kfree(sta); 142 } 143 144 145 static void hostap_set_tim(local_info_t *local, int aid, int set) 146 { 147 if (local->func->set_tim) 148 local->func->set_tim(local->dev, aid, set); 149 } 150 151 152 static void hostap_event_new_sta(struct net_device *dev, struct sta_info *sta) 153 { 154 union iwreq_data wrqu; 155 memset(&wrqu, 0, sizeof(wrqu)); 156 memcpy(wrqu.addr.sa_data, sta->addr, ETH_ALEN); 157 wrqu.addr.sa_family = ARPHRD_ETHER; 158 wireless_send_event(dev, IWEVREGISTERED, &wrqu, NULL); 159 } 160 161 162 static void hostap_event_expired_sta(struct net_device *dev, 163 struct sta_info *sta) 164 { 165 union iwreq_data wrqu; 166 memset(&wrqu, 0, sizeof(wrqu)); 167 memcpy(wrqu.addr.sa_data, sta->addr, ETH_ALEN); 168 wrqu.addr.sa_family = ARPHRD_ETHER; 169 wireless_send_event(dev, IWEVEXPIRED, &wrqu, NULL); 170 } 171 172 173 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 174 175 static void ap_handle_timer(struct timer_list *t) 176 { 177 struct sta_info *sta = from_timer(sta, t, timer); 178 local_info_t *local; 179 struct ap_data *ap; 180 unsigned long next_time = 0; 181 int was_assoc; 182 183 if (sta == NULL || sta->local == NULL || sta->local->ap == NULL) { 184 PDEBUG(DEBUG_AP, "ap_handle_timer() called with NULL data\n"); 185 return; 186 } 187 188 local = sta->local; 189 ap = local->ap; 190 was_assoc = sta->flags & WLAN_STA_ASSOC; 191 192 if (atomic_read(&sta->users) != 0) 193 next_time = jiffies + HZ; 194 else if ((sta->flags & WLAN_STA_PERM) && !(sta->flags & WLAN_STA_AUTH)) 195 next_time = jiffies + ap->max_inactivity; 196 197 if (time_before(jiffies, sta->last_rx + ap->max_inactivity)) { 198 /* station activity detected; reset timeout state */ 199 sta->timeout_next = STA_NULLFUNC; 200 next_time = sta->last_rx + ap->max_inactivity; 201 } else if (sta->timeout_next == STA_DISASSOC && 202 !(sta->flags & WLAN_STA_PENDING_POLL)) { 203 /* STA ACKed data nullfunc frame poll */ 204 sta->timeout_next = STA_NULLFUNC; 205 next_time = jiffies + ap->max_inactivity; 206 } 207 208 if (next_time) { 209 sta->timer.expires = next_time; 210 add_timer(&sta->timer); 211 return; 212 } 213 214 if (sta->ap) 215 sta->timeout_next = STA_DEAUTH; 216 217 if (sta->timeout_next == STA_DEAUTH && !(sta->flags & WLAN_STA_PERM)) { 218 spin_lock(&ap->sta_table_lock); 219 ap_sta_hash_del(ap, sta); 220 list_del(&sta->list); 221 spin_unlock(&ap->sta_table_lock); 222 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC); 223 } else if (sta->timeout_next == STA_DISASSOC) 224 sta->flags &= ~WLAN_STA_ASSOC; 225 226 if (was_assoc && !(sta->flags & WLAN_STA_ASSOC) && !sta->ap) 227 hostap_event_expired_sta(local->dev, sta); 228 229 if (sta->timeout_next == STA_DEAUTH && sta->aid > 0 && 230 !skb_queue_empty(&sta->tx_buf)) { 231 hostap_set_tim(local, sta->aid, 0); 232 sta->flags &= ~WLAN_STA_TIM; 233 } 234 235 if (sta->ap) { 236 if (ap->autom_ap_wds) { 237 PDEBUG(DEBUG_AP, "%s: removing automatic WDS " 238 "connection to AP %pM\n", 239 local->dev->name, sta->addr); 240 hostap_wds_link_oper(local, sta->addr, WDS_DEL); 241 } 242 } else if (sta->timeout_next == STA_NULLFUNC) { 243 /* send data frame to poll STA and check whether this frame 244 * is ACKed */ 245 /* FIX: IEEE80211_STYPE_NULLFUNC would be more appropriate, but 246 * it is apparently not retried so TX Exc events are not 247 * received for it */ 248 sta->flags |= WLAN_STA_PENDING_POLL; 249 prism2_send_mgmt(local->dev, IEEE80211_FTYPE_DATA | 250 IEEE80211_STYPE_DATA, NULL, 0, 251 sta->addr, ap->tx_callback_poll); 252 } else { 253 int deauth = sta->timeout_next == STA_DEAUTH; 254 __le16 resp; 255 PDEBUG(DEBUG_AP, "%s: sending %s info to STA %pM" 256 "(last=%lu, jiffies=%lu)\n", 257 local->dev->name, 258 deauth ? "deauthentication" : "disassociation", 259 sta->addr, sta->last_rx, jiffies); 260 261 resp = cpu_to_le16(deauth ? WLAN_REASON_PREV_AUTH_NOT_VALID : 262 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY); 263 prism2_send_mgmt(local->dev, IEEE80211_FTYPE_MGMT | 264 (deauth ? IEEE80211_STYPE_DEAUTH : 265 IEEE80211_STYPE_DISASSOC), 266 (char *) &resp, 2, sta->addr, 0); 267 } 268 269 if (sta->timeout_next == STA_DEAUTH) { 270 if (sta->flags & WLAN_STA_PERM) { 271 PDEBUG(DEBUG_AP, "%s: STA %pM" 272 " would have been removed, " 273 "but it has 'perm' flag\n", 274 local->dev->name, sta->addr); 275 } else 276 ap_free_sta(ap, sta); 277 return; 278 } 279 280 if (sta->timeout_next == STA_NULLFUNC) { 281 sta->timeout_next = STA_DISASSOC; 282 sta->timer.expires = jiffies + AP_DISASSOC_DELAY; 283 } else { 284 sta->timeout_next = STA_DEAUTH; 285 sta->timer.expires = jiffies + AP_DEAUTH_DELAY; 286 } 287 288 add_timer(&sta->timer); 289 } 290 291 292 void hostap_deauth_all_stas(struct net_device *dev, struct ap_data *ap, 293 int resend) 294 { 295 u8 addr[ETH_ALEN]; 296 __le16 resp; 297 int i; 298 299 PDEBUG(DEBUG_AP, "%s: Deauthenticate all stations\n", dev->name); 300 eth_broadcast_addr(addr); 301 302 resp = cpu_to_le16(WLAN_REASON_PREV_AUTH_NOT_VALID); 303 304 /* deauth message sent; try to resend it few times; the message is 305 * broadcast, so it may be delayed until next DTIM; there is not much 306 * else we can do at this point since the driver is going to be shut 307 * down */ 308 for (i = 0; i < 5; i++) { 309 prism2_send_mgmt(dev, IEEE80211_FTYPE_MGMT | 310 IEEE80211_STYPE_DEAUTH, 311 (char *) &resp, 2, addr, 0); 312 313 if (!resend || ap->num_sta <= 0) 314 return; 315 316 mdelay(50); 317 } 318 } 319 320 321 static int ap_control_proc_show(struct seq_file *m, void *v) 322 { 323 struct ap_data *ap = pde_data(file_inode(m->file)); 324 char *policy_txt; 325 struct mac_entry *entry; 326 327 if (v == SEQ_START_TOKEN) { 328 switch (ap->mac_restrictions.policy) { 329 case MAC_POLICY_OPEN: 330 policy_txt = "open"; 331 break; 332 case MAC_POLICY_ALLOW: 333 policy_txt = "allow"; 334 break; 335 case MAC_POLICY_DENY: 336 policy_txt = "deny"; 337 break; 338 default: 339 policy_txt = "unknown"; 340 break; 341 } 342 seq_printf(m, "MAC policy: %s\n", policy_txt); 343 seq_printf(m, "MAC entries: %u\n", ap->mac_restrictions.entries); 344 seq_puts(m, "MAC list:\n"); 345 return 0; 346 } 347 348 entry = v; 349 seq_printf(m, "%pM\n", entry->addr); 350 return 0; 351 } 352 353 static void *ap_control_proc_start(struct seq_file *m, loff_t *_pos) 354 { 355 struct ap_data *ap = pde_data(file_inode(m->file)); 356 spin_lock_bh(&ap->mac_restrictions.lock); 357 return seq_list_start_head(&ap->mac_restrictions.mac_list, *_pos); 358 } 359 360 static void *ap_control_proc_next(struct seq_file *m, void *v, loff_t *_pos) 361 { 362 struct ap_data *ap = pde_data(file_inode(m->file)); 363 return seq_list_next(v, &ap->mac_restrictions.mac_list, _pos); 364 } 365 366 static void ap_control_proc_stop(struct seq_file *m, void *v) 367 { 368 struct ap_data *ap = pde_data(file_inode(m->file)); 369 spin_unlock_bh(&ap->mac_restrictions.lock); 370 } 371 372 static const struct seq_operations ap_control_proc_seqops = { 373 .start = ap_control_proc_start, 374 .next = ap_control_proc_next, 375 .stop = ap_control_proc_stop, 376 .show = ap_control_proc_show, 377 }; 378 379 int ap_control_add_mac(struct mac_restrictions *mac_restrictions, u8 *mac) 380 { 381 struct mac_entry *entry; 382 383 entry = kmalloc(sizeof(struct mac_entry), GFP_KERNEL); 384 if (entry == NULL) 385 return -ENOMEM; 386 387 memcpy(entry->addr, mac, ETH_ALEN); 388 389 spin_lock_bh(&mac_restrictions->lock); 390 list_add_tail(&entry->list, &mac_restrictions->mac_list); 391 mac_restrictions->entries++; 392 spin_unlock_bh(&mac_restrictions->lock); 393 394 return 0; 395 } 396 397 398 int ap_control_del_mac(struct mac_restrictions *mac_restrictions, u8 *mac) 399 { 400 struct list_head *ptr; 401 struct mac_entry *entry; 402 403 spin_lock_bh(&mac_restrictions->lock); 404 for (ptr = mac_restrictions->mac_list.next; 405 ptr != &mac_restrictions->mac_list; ptr = ptr->next) { 406 entry = list_entry(ptr, struct mac_entry, list); 407 408 if (ether_addr_equal(entry->addr, mac)) { 409 list_del(ptr); 410 kfree(entry); 411 mac_restrictions->entries--; 412 spin_unlock_bh(&mac_restrictions->lock); 413 return 0; 414 } 415 } 416 spin_unlock_bh(&mac_restrictions->lock); 417 return -1; 418 } 419 420 421 static int ap_control_mac_deny(struct mac_restrictions *mac_restrictions, 422 u8 *mac) 423 { 424 struct mac_entry *entry; 425 int found = 0; 426 427 if (mac_restrictions->policy == MAC_POLICY_OPEN) 428 return 0; 429 430 spin_lock_bh(&mac_restrictions->lock); 431 list_for_each_entry(entry, &mac_restrictions->mac_list, list) { 432 if (ether_addr_equal(entry->addr, mac)) { 433 found = 1; 434 break; 435 } 436 } 437 spin_unlock_bh(&mac_restrictions->lock); 438 439 if (mac_restrictions->policy == MAC_POLICY_ALLOW) 440 return !found; 441 else 442 return found; 443 } 444 445 446 void ap_control_flush_macs(struct mac_restrictions *mac_restrictions) 447 { 448 struct list_head *ptr, *n; 449 struct mac_entry *entry; 450 451 if (mac_restrictions->entries == 0) 452 return; 453 454 spin_lock_bh(&mac_restrictions->lock); 455 for (ptr = mac_restrictions->mac_list.next, n = ptr->next; 456 ptr != &mac_restrictions->mac_list; 457 ptr = n, n = ptr->next) { 458 entry = list_entry(ptr, struct mac_entry, list); 459 list_del(ptr); 460 kfree(entry); 461 } 462 mac_restrictions->entries = 0; 463 spin_unlock_bh(&mac_restrictions->lock); 464 } 465 466 467 int ap_control_kick_mac(struct ap_data *ap, struct net_device *dev, u8 *mac) 468 { 469 struct sta_info *sta; 470 __le16 resp; 471 472 spin_lock_bh(&ap->sta_table_lock); 473 sta = ap_get_sta(ap, mac); 474 if (sta) { 475 ap_sta_hash_del(ap, sta); 476 list_del(&sta->list); 477 } 478 spin_unlock_bh(&ap->sta_table_lock); 479 480 if (!sta) 481 return -EINVAL; 482 483 resp = cpu_to_le16(WLAN_REASON_PREV_AUTH_NOT_VALID); 484 prism2_send_mgmt(dev, IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_DEAUTH, 485 (char *) &resp, 2, sta->addr, 0); 486 487 if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap) 488 hostap_event_expired_sta(dev, sta); 489 490 ap_free_sta(ap, sta); 491 492 return 0; 493 } 494 495 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 496 497 498 void ap_control_kickall(struct ap_data *ap) 499 { 500 struct list_head *ptr, *n; 501 struct sta_info *sta; 502 503 spin_lock_bh(&ap->sta_table_lock); 504 for (ptr = ap->sta_list.next, n = ptr->next; ptr != &ap->sta_list; 505 ptr = n, n = ptr->next) { 506 sta = list_entry(ptr, struct sta_info, list); 507 ap_sta_hash_del(ap, sta); 508 list_del(&sta->list); 509 if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap && sta->local) 510 hostap_event_expired_sta(sta->local->dev, sta); 511 ap_free_sta(ap, sta); 512 } 513 spin_unlock_bh(&ap->sta_table_lock); 514 } 515 516 517 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 518 519 static int prism2_ap_proc_show(struct seq_file *m, void *v) 520 { 521 struct sta_info *sta = v; 522 int i; 523 524 if (v == SEQ_START_TOKEN) { 525 seq_printf(m, "# BSSID CHAN SIGNAL NOISE RATE SSID FLAGS\n"); 526 return 0; 527 } 528 529 if (!sta->ap) 530 return 0; 531 532 seq_printf(m, "%pM %d %d %d %d '", 533 sta->addr, 534 sta->u.ap.channel, sta->last_rx_signal, 535 sta->last_rx_silence, sta->last_rx_rate); 536 537 for (i = 0; i < sta->u.ap.ssid_len; i++) { 538 if (sta->u.ap.ssid[i] >= 32 && sta->u.ap.ssid[i] < 127) 539 seq_putc(m, sta->u.ap.ssid[i]); 540 else 541 seq_printf(m, "<%02x>", sta->u.ap.ssid[i]); 542 } 543 544 seq_putc(m, '\''); 545 if (sta->capability & WLAN_CAPABILITY_ESS) 546 seq_puts(m, " [ESS]"); 547 if (sta->capability & WLAN_CAPABILITY_IBSS) 548 seq_puts(m, " [IBSS]"); 549 if (sta->capability & WLAN_CAPABILITY_PRIVACY) 550 seq_puts(m, " [WEP]"); 551 seq_putc(m, '\n'); 552 return 0; 553 } 554 555 static void *prism2_ap_proc_start(struct seq_file *m, loff_t *_pos) 556 { 557 struct ap_data *ap = pde_data(file_inode(m->file)); 558 spin_lock_bh(&ap->sta_table_lock); 559 return seq_list_start_head(&ap->sta_list, *_pos); 560 } 561 562 static void *prism2_ap_proc_next(struct seq_file *m, void *v, loff_t *_pos) 563 { 564 struct ap_data *ap = pde_data(file_inode(m->file)); 565 return seq_list_next(v, &ap->sta_list, _pos); 566 } 567 568 static void prism2_ap_proc_stop(struct seq_file *m, void *v) 569 { 570 struct ap_data *ap = pde_data(file_inode(m->file)); 571 spin_unlock_bh(&ap->sta_table_lock); 572 } 573 574 static const struct seq_operations prism2_ap_proc_seqops = { 575 .start = prism2_ap_proc_start, 576 .next = prism2_ap_proc_next, 577 .stop = prism2_ap_proc_stop, 578 .show = prism2_ap_proc_show, 579 }; 580 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 581 582 583 void hostap_check_sta_fw_version(struct ap_data *ap, int sta_fw_ver) 584 { 585 if (!ap) 586 return; 587 588 if (sta_fw_ver == PRISM2_FW_VER(0,8,0)) { 589 PDEBUG(DEBUG_AP, "Using data::nullfunc ACK workaround - " 590 "firmware upgrade recommended\n"); 591 ap->nullfunc_ack = 1; 592 } else 593 ap->nullfunc_ack = 0; 594 595 if (sta_fw_ver == PRISM2_FW_VER(1,4,2)) { 596 printk(KERN_WARNING "%s: Warning: secondary station firmware " 597 "version 1.4.2 does not seem to work in Host AP mode\n", 598 ap->local->dev->name); 599 } 600 } 601 602 603 /* Called only as a tasklet (software IRQ) */ 604 static void hostap_ap_tx_cb(struct sk_buff *skb, int ok, void *data) 605 { 606 struct ap_data *ap = data; 607 struct ieee80211_hdr *hdr; 608 609 if (!ap->local->hostapd || !ap->local->apdev) { 610 dev_kfree_skb(skb); 611 return; 612 } 613 614 /* Pass the TX callback frame to the hostapd; use 802.11 header version 615 * 1 to indicate failure (no ACK) and 2 success (frame ACKed) */ 616 617 hdr = (struct ieee80211_hdr *) skb->data; 618 hdr->frame_control &= cpu_to_le16(~IEEE80211_FCTL_VERS); 619 hdr->frame_control |= cpu_to_le16(ok ? BIT(1) : BIT(0)); 620 621 skb->dev = ap->local->apdev; 622 skb_pull(skb, hostap_80211_get_hdrlen(hdr->frame_control)); 623 skb->pkt_type = PACKET_OTHERHOST; 624 skb->protocol = cpu_to_be16(ETH_P_802_2); 625 memset(skb->cb, 0, sizeof(skb->cb)); 626 netif_rx(skb); 627 } 628 629 630 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 631 /* Called only as a tasklet (software IRQ) */ 632 static void hostap_ap_tx_cb_auth(struct sk_buff *skb, int ok, void *data) 633 { 634 struct ap_data *ap = data; 635 struct net_device *dev = ap->local->dev; 636 struct ieee80211_hdr *hdr; 637 u16 auth_alg, auth_transaction, status; 638 __le16 *pos; 639 struct sta_info *sta = NULL; 640 char *txt = NULL; 641 642 if (ap->local->hostapd) { 643 dev_kfree_skb(skb); 644 return; 645 } 646 647 hdr = (struct ieee80211_hdr *) skb->data; 648 if (!ieee80211_is_auth(hdr->frame_control) || 649 skb->len < IEEE80211_MGMT_HDR_LEN + 6) { 650 printk(KERN_DEBUG "%s: hostap_ap_tx_cb_auth received invalid " 651 "frame\n", dev->name); 652 dev_kfree_skb(skb); 653 return; 654 } 655 656 pos = (__le16 *) (skb->data + IEEE80211_MGMT_HDR_LEN); 657 auth_alg = le16_to_cpu(*pos++); 658 auth_transaction = le16_to_cpu(*pos++); 659 status = le16_to_cpu(*pos++); 660 661 if (!ok) { 662 txt = "frame was not ACKed"; 663 goto done; 664 } 665 666 spin_lock(&ap->sta_table_lock); 667 sta = ap_get_sta(ap, hdr->addr1); 668 if (sta) 669 atomic_inc(&sta->users); 670 spin_unlock(&ap->sta_table_lock); 671 672 if (!sta) { 673 txt = "STA not found"; 674 goto done; 675 } 676 677 if (status == WLAN_STATUS_SUCCESS && 678 ((auth_alg == WLAN_AUTH_OPEN && auth_transaction == 2) || 679 (auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 4))) { 680 txt = "STA authenticated"; 681 sta->flags |= WLAN_STA_AUTH; 682 sta->last_auth = jiffies; 683 } else if (status != WLAN_STATUS_SUCCESS) 684 txt = "authentication failed"; 685 686 done: 687 if (sta) 688 atomic_dec(&sta->users); 689 if (txt) { 690 PDEBUG(DEBUG_AP, "%s: %pM auth_cb - alg=%d " 691 "trans#=%d status=%d - %s\n", 692 dev->name, hdr->addr1, 693 auth_alg, auth_transaction, status, txt); 694 } 695 dev_kfree_skb(skb); 696 } 697 698 699 /* Called only as a tasklet (software IRQ) */ 700 static void hostap_ap_tx_cb_assoc(struct sk_buff *skb, int ok, void *data) 701 { 702 struct ap_data *ap = data; 703 struct net_device *dev = ap->local->dev; 704 struct ieee80211_hdr *hdr; 705 u16 status; 706 __le16 *pos; 707 struct sta_info *sta = NULL; 708 char *txt = NULL; 709 710 if (ap->local->hostapd) { 711 dev_kfree_skb(skb); 712 return; 713 } 714 715 hdr = (struct ieee80211_hdr *) skb->data; 716 if ((!ieee80211_is_assoc_resp(hdr->frame_control) && 717 !ieee80211_is_reassoc_resp(hdr->frame_control)) || 718 skb->len < IEEE80211_MGMT_HDR_LEN + 4) { 719 printk(KERN_DEBUG "%s: hostap_ap_tx_cb_assoc received invalid " 720 "frame\n", dev->name); 721 dev_kfree_skb(skb); 722 return; 723 } 724 725 if (!ok) { 726 txt = "frame was not ACKed"; 727 goto done; 728 } 729 730 spin_lock(&ap->sta_table_lock); 731 sta = ap_get_sta(ap, hdr->addr1); 732 if (sta) 733 atomic_inc(&sta->users); 734 spin_unlock(&ap->sta_table_lock); 735 736 if (!sta) { 737 txt = "STA not found"; 738 goto done; 739 } 740 741 pos = (__le16 *) (skb->data + IEEE80211_MGMT_HDR_LEN); 742 pos++; 743 status = le16_to_cpu(*pos++); 744 if (status == WLAN_STATUS_SUCCESS) { 745 if (!(sta->flags & WLAN_STA_ASSOC)) 746 hostap_event_new_sta(dev, sta); 747 txt = "STA associated"; 748 sta->flags |= WLAN_STA_ASSOC; 749 sta->last_assoc = jiffies; 750 } else 751 txt = "association failed"; 752 753 done: 754 if (sta) 755 atomic_dec(&sta->users); 756 if (txt) { 757 PDEBUG(DEBUG_AP, "%s: %pM assoc_cb - %s\n", 758 dev->name, hdr->addr1, txt); 759 } 760 dev_kfree_skb(skb); 761 } 762 763 /* Called only as a tasklet (software IRQ); TX callback for poll frames used 764 * in verifying whether the STA is still present. */ 765 static void hostap_ap_tx_cb_poll(struct sk_buff *skb, int ok, void *data) 766 { 767 struct ap_data *ap = data; 768 struct ieee80211_hdr *hdr; 769 struct sta_info *sta; 770 771 if (skb->len < 24) 772 goto fail; 773 hdr = (struct ieee80211_hdr *) skb->data; 774 if (ok) { 775 spin_lock(&ap->sta_table_lock); 776 sta = ap_get_sta(ap, hdr->addr1); 777 if (sta) 778 sta->flags &= ~WLAN_STA_PENDING_POLL; 779 spin_unlock(&ap->sta_table_lock); 780 } else { 781 PDEBUG(DEBUG_AP, 782 "%s: STA %pM did not ACK activity poll frame\n", 783 ap->local->dev->name, hdr->addr1); 784 } 785 786 fail: 787 dev_kfree_skb(skb); 788 } 789 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 790 791 792 void hostap_init_data(local_info_t *local) 793 { 794 struct ap_data *ap = local->ap; 795 796 if (ap == NULL) { 797 printk(KERN_WARNING "hostap_init_data: ap == NULL\n"); 798 return; 799 } 800 memset(ap, 0, sizeof(struct ap_data)); 801 ap->local = local; 802 803 ap->ap_policy = GET_INT_PARM(other_ap_policy, local->card_idx); 804 ap->bridge_packets = GET_INT_PARM(ap_bridge_packets, local->card_idx); 805 ap->max_inactivity = 806 GET_INT_PARM(ap_max_inactivity, local->card_idx) * HZ; 807 ap->autom_ap_wds = GET_INT_PARM(autom_ap_wds, local->card_idx); 808 809 spin_lock_init(&ap->sta_table_lock); 810 INIT_LIST_HEAD(&ap->sta_list); 811 812 /* Initialize task queue structure for AP management */ 813 INIT_WORK(&local->ap->add_sta_proc_queue, handle_add_proc_queue); 814 815 ap->tx_callback_idx = 816 hostap_tx_callback_register(local, hostap_ap_tx_cb, ap); 817 if (ap->tx_callback_idx == 0) 818 printk(KERN_WARNING "%s: failed to register TX callback for " 819 "AP\n", local->dev->name); 820 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 821 INIT_WORK(&local->ap->wds_oper_queue, handle_wds_oper_queue); 822 823 ap->tx_callback_auth = 824 hostap_tx_callback_register(local, hostap_ap_tx_cb_auth, ap); 825 ap->tx_callback_assoc = 826 hostap_tx_callback_register(local, hostap_ap_tx_cb_assoc, ap); 827 ap->tx_callback_poll = 828 hostap_tx_callback_register(local, hostap_ap_tx_cb_poll, ap); 829 if (ap->tx_callback_auth == 0 || ap->tx_callback_assoc == 0 || 830 ap->tx_callback_poll == 0) 831 printk(KERN_WARNING "%s: failed to register TX callback for " 832 "AP\n", local->dev->name); 833 834 spin_lock_init(&ap->mac_restrictions.lock); 835 INIT_LIST_HEAD(&ap->mac_restrictions.mac_list); 836 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 837 838 ap->initialized = 1; 839 } 840 841 842 void hostap_init_ap_proc(local_info_t *local) 843 { 844 struct ap_data *ap = local->ap; 845 846 ap->proc = local->proc; 847 if (ap->proc == NULL) 848 return; 849 850 #ifndef PRISM2_NO_PROCFS_DEBUG 851 proc_create_single_data("ap_debug", 0, ap->proc, ap_debug_proc_show, ap); 852 #endif /* PRISM2_NO_PROCFS_DEBUG */ 853 854 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 855 proc_create_seq_data("ap_control", 0, ap->proc, &ap_control_proc_seqops, 856 ap); 857 proc_create_seq_data("ap", 0, ap->proc, &prism2_ap_proc_seqops, ap); 858 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 859 860 } 861 862 863 void hostap_free_data(struct ap_data *ap) 864 { 865 struct sta_info *n, *sta; 866 867 if (ap == NULL || !ap->initialized) { 868 printk(KERN_DEBUG "hostap_free_data: ap has not yet been " 869 "initialized - skip resource freeing\n"); 870 return; 871 } 872 873 flush_work(&ap->add_sta_proc_queue); 874 875 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 876 flush_work(&ap->wds_oper_queue); 877 if (ap->crypt) 878 ap->crypt->deinit(ap->crypt_priv); 879 ap->crypt = ap->crypt_priv = NULL; 880 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 881 882 list_for_each_entry_safe(sta, n, &ap->sta_list, list) { 883 ap_sta_hash_del(ap, sta); 884 list_del(&sta->list); 885 if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap && sta->local) 886 hostap_event_expired_sta(sta->local->dev, sta); 887 ap_free_sta(ap, sta); 888 } 889 890 #ifndef PRISM2_NO_PROCFS_DEBUG 891 if (ap->proc != NULL) { 892 remove_proc_entry("ap_debug", ap->proc); 893 } 894 #endif /* PRISM2_NO_PROCFS_DEBUG */ 895 896 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 897 if (ap->proc != NULL) { 898 remove_proc_entry("ap", ap->proc); 899 remove_proc_entry("ap_control", ap->proc); 900 } 901 ap_control_flush_macs(&ap->mac_restrictions); 902 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 903 904 ap->initialized = 0; 905 } 906 907 908 /* caller should have mutex for AP STA list handling */ 909 static struct sta_info* ap_get_sta(struct ap_data *ap, u8 *sta) 910 { 911 struct sta_info *s; 912 913 s = ap->sta_hash[STA_HASH(sta)]; 914 while (s != NULL && !ether_addr_equal(s->addr, sta)) 915 s = s->hnext; 916 return s; 917 } 918 919 920 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 921 922 /* Called from timer handler and from scheduled AP queue handlers */ 923 static void prism2_send_mgmt(struct net_device *dev, 924 u16 type_subtype, char *body, 925 int body_len, u8 *addr, u16 tx_cb_idx) 926 { 927 struct hostap_interface *iface; 928 local_info_t *local; 929 struct ieee80211_hdr *hdr; 930 u16 fc; 931 struct sk_buff *skb; 932 struct hostap_skb_tx_data *meta; 933 int hdrlen; 934 935 iface = netdev_priv(dev); 936 local = iface->local; 937 dev = local->dev; /* always use master radio device */ 938 iface = netdev_priv(dev); 939 940 if (!(dev->flags & IFF_UP)) { 941 PDEBUG(DEBUG_AP, "%s: prism2_send_mgmt - device is not UP - " 942 "cannot send frame\n", dev->name); 943 return; 944 } 945 946 skb = dev_alloc_skb(sizeof(*hdr) + body_len); 947 if (skb == NULL) { 948 PDEBUG(DEBUG_AP, "%s: prism2_send_mgmt failed to allocate " 949 "skb\n", dev->name); 950 return; 951 } 952 953 fc = type_subtype; 954 hdrlen = hostap_80211_get_hdrlen(cpu_to_le16(type_subtype)); 955 hdr = skb_put_zero(skb, hdrlen); 956 if (body) 957 skb_put_data(skb, body, body_len); 958 959 /* FIX: ctrl::ack sending used special HFA384X_TX_CTRL_802_11 960 * tx_control instead of using local->tx_control */ 961 962 963 memcpy(hdr->addr1, addr, ETH_ALEN); /* DA / RA */ 964 if (ieee80211_is_data(hdr->frame_control)) { 965 fc |= IEEE80211_FCTL_FROMDS; 966 memcpy(hdr->addr2, dev->dev_addr, ETH_ALEN); /* BSSID */ 967 memcpy(hdr->addr3, dev->dev_addr, ETH_ALEN); /* SA */ 968 } else if (ieee80211_is_ctl(hdr->frame_control)) { 969 /* control:ACK does not have addr2 or addr3 */ 970 eth_zero_addr(hdr->addr2); 971 eth_zero_addr(hdr->addr3); 972 } else { 973 memcpy(hdr->addr2, dev->dev_addr, ETH_ALEN); /* SA */ 974 memcpy(hdr->addr3, dev->dev_addr, ETH_ALEN); /* BSSID */ 975 } 976 977 hdr->frame_control = cpu_to_le16(fc); 978 979 meta = (struct hostap_skb_tx_data *) skb->cb; 980 memset(meta, 0, sizeof(*meta)); 981 meta->magic = HOSTAP_SKB_TX_DATA_MAGIC; 982 meta->iface = iface; 983 meta->tx_cb_idx = tx_cb_idx; 984 985 skb->dev = dev; 986 skb_reset_mac_header(skb); 987 skb_reset_network_header(skb); 988 dev_queue_xmit(skb); 989 } 990 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 991 992 #ifdef CONFIG_PROC_FS 993 static int prism2_sta_proc_show(struct seq_file *m, void *v) 994 { 995 struct sta_info *sta = m->private; 996 int i; 997 998 /* FIX: possible race condition.. the STA data could have just expired, 999 * but proc entry was still here so that the read could have started; 1000 * some locking should be done here.. */ 1001 1002 seq_printf(m, 1003 "%s=%pM\nusers=%d\naid=%d\n" 1004 "flags=0x%04x%s%s%s%s%s%s%s\n" 1005 "capability=0x%02x\nlisten_interval=%d\nsupported_rates=", 1006 sta->ap ? "AP" : "STA", 1007 sta->addr, atomic_read(&sta->users), sta->aid, 1008 sta->flags, 1009 sta->flags & WLAN_STA_AUTH ? " AUTH" : "", 1010 sta->flags & WLAN_STA_ASSOC ? " ASSOC" : "", 1011 sta->flags & WLAN_STA_PS ? " PS" : "", 1012 sta->flags & WLAN_STA_TIM ? " TIM" : "", 1013 sta->flags & WLAN_STA_PERM ? " PERM" : "", 1014 sta->flags & WLAN_STA_AUTHORIZED ? " AUTHORIZED" : "", 1015 sta->flags & WLAN_STA_PENDING_POLL ? " POLL" : "", 1016 sta->capability, sta->listen_interval); 1017 /* supported_rates: 500 kbit/s units with msb ignored */ 1018 for (i = 0; i < sizeof(sta->supported_rates); i++) 1019 if (sta->supported_rates[i] != 0) 1020 seq_printf(m, "%d%sMbps ", 1021 (sta->supported_rates[i] & 0x7f) / 2, 1022 sta->supported_rates[i] & 1 ? ".5" : ""); 1023 seq_printf(m, 1024 "\njiffies=%lu\nlast_auth=%lu\nlast_assoc=%lu\n" 1025 "last_rx=%lu\nlast_tx=%lu\nrx_packets=%lu\n" 1026 "tx_packets=%lu\n" 1027 "rx_bytes=%lu\ntx_bytes=%lu\nbuffer_count=%d\n" 1028 "last_rx: silence=%d dBm signal=%d dBm rate=%d%s Mbps\n" 1029 "tx_rate=%d\ntx[1M]=%d\ntx[2M]=%d\ntx[5.5M]=%d\n" 1030 "tx[11M]=%d\n" 1031 "rx[1M]=%d\nrx[2M]=%d\nrx[5.5M]=%d\nrx[11M]=%d\n", 1032 jiffies, sta->last_auth, sta->last_assoc, sta->last_rx, 1033 sta->last_tx, 1034 sta->rx_packets, sta->tx_packets, sta->rx_bytes, 1035 sta->tx_bytes, skb_queue_len(&sta->tx_buf), 1036 sta->last_rx_silence, 1037 sta->last_rx_signal, sta->last_rx_rate / 10, 1038 sta->last_rx_rate % 10 ? ".5" : "", 1039 sta->tx_rate, sta->tx_count[0], sta->tx_count[1], 1040 sta->tx_count[2], sta->tx_count[3], sta->rx_count[0], 1041 sta->rx_count[1], sta->rx_count[2], sta->rx_count[3]); 1042 if (sta->crypt && sta->crypt->ops && sta->crypt->ops->print_stats) 1043 sta->crypt->ops->print_stats(m, sta->crypt->priv); 1044 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 1045 if (sta->ap) { 1046 if (sta->u.ap.channel >= 0) 1047 seq_printf(m, "channel=%d\n", sta->u.ap.channel); 1048 seq_puts(m, "ssid="); 1049 for (i = 0; i < sta->u.ap.ssid_len; i++) { 1050 if (sta->u.ap.ssid[i] >= 32 && sta->u.ap.ssid[i] < 127) 1051 seq_putc(m, sta->u.ap.ssid[i]); 1052 else 1053 seq_printf(m, "<%02x>", sta->u.ap.ssid[i]); 1054 } 1055 seq_putc(m, '\n'); 1056 } 1057 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 1058 1059 return 0; 1060 } 1061 #endif 1062 1063 static void handle_add_proc_queue(struct work_struct *work) 1064 { 1065 struct ap_data *ap = container_of(work, struct ap_data, 1066 add_sta_proc_queue); 1067 struct sta_info *sta; 1068 char name[20]; 1069 struct add_sta_proc_data *entry, *prev; 1070 1071 entry = ap->add_sta_proc_entries; 1072 ap->add_sta_proc_entries = NULL; 1073 1074 while (entry) { 1075 spin_lock_bh(&ap->sta_table_lock); 1076 sta = ap_get_sta(ap, entry->addr); 1077 if (sta) 1078 atomic_inc(&sta->users); 1079 spin_unlock_bh(&ap->sta_table_lock); 1080 1081 if (sta) { 1082 sprintf(name, "%pM", sta->addr); 1083 sta->proc = proc_create_single_data( 1084 name, 0, ap->proc, 1085 prism2_sta_proc_show, sta); 1086 1087 atomic_dec(&sta->users); 1088 } 1089 1090 prev = entry; 1091 entry = entry->next; 1092 kfree(prev); 1093 } 1094 } 1095 1096 1097 static struct sta_info * ap_add_sta(struct ap_data *ap, u8 *addr) 1098 { 1099 struct sta_info *sta; 1100 1101 sta = kzalloc(sizeof(struct sta_info), GFP_ATOMIC); 1102 if (sta == NULL) { 1103 PDEBUG(DEBUG_AP, "AP: kmalloc failed\n"); 1104 return NULL; 1105 } 1106 1107 /* initialize STA info data */ 1108 sta->local = ap->local; 1109 skb_queue_head_init(&sta->tx_buf); 1110 memcpy(sta->addr, addr, ETH_ALEN); 1111 1112 atomic_inc(&sta->users); 1113 spin_lock_bh(&ap->sta_table_lock); 1114 list_add(&sta->list, &ap->sta_list); 1115 ap->num_sta++; 1116 ap_sta_hash_add(ap, sta); 1117 spin_unlock_bh(&ap->sta_table_lock); 1118 1119 if (ap->proc) { 1120 struct add_sta_proc_data *entry; 1121 /* schedule a non-interrupt context process to add a procfs 1122 * entry for the STA since procfs code use GFP_KERNEL */ 1123 entry = kmalloc(sizeof(*entry), GFP_ATOMIC); 1124 if (entry) { 1125 memcpy(entry->addr, sta->addr, ETH_ALEN); 1126 entry->next = ap->add_sta_proc_entries; 1127 ap->add_sta_proc_entries = entry; 1128 schedule_work(&ap->add_sta_proc_queue); 1129 } else 1130 printk(KERN_DEBUG "Failed to add STA proc data\n"); 1131 } 1132 1133 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 1134 timer_setup(&sta->timer, ap_handle_timer, 0); 1135 sta->timer.expires = jiffies + ap->max_inactivity; 1136 if (!ap->local->hostapd) 1137 add_timer(&sta->timer); 1138 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 1139 1140 return sta; 1141 } 1142 1143 1144 static int ap_tx_rate_ok(int rateidx, struct sta_info *sta, 1145 local_info_t *local) 1146 { 1147 if (rateidx > sta->tx_max_rate || 1148 !(sta->tx_supp_rates & (1 << rateidx))) 1149 return 0; 1150 1151 if (local->tx_rate_control != 0 && 1152 !(local->tx_rate_control & (1 << rateidx))) 1153 return 0; 1154 1155 return 1; 1156 } 1157 1158 1159 static void prism2_check_tx_rates(struct sta_info *sta) 1160 { 1161 int i; 1162 1163 sta->tx_supp_rates = 0; 1164 for (i = 0; i < sizeof(sta->supported_rates); i++) { 1165 if ((sta->supported_rates[i] & 0x7f) == 2) 1166 sta->tx_supp_rates |= WLAN_RATE_1M; 1167 if ((sta->supported_rates[i] & 0x7f) == 4) 1168 sta->tx_supp_rates |= WLAN_RATE_2M; 1169 if ((sta->supported_rates[i] & 0x7f) == 11) 1170 sta->tx_supp_rates |= WLAN_RATE_5M5; 1171 if ((sta->supported_rates[i] & 0x7f) == 22) 1172 sta->tx_supp_rates |= WLAN_RATE_11M; 1173 } 1174 sta->tx_max_rate = sta->tx_rate = sta->tx_rate_idx = 0; 1175 if (sta->tx_supp_rates & WLAN_RATE_1M) { 1176 sta->tx_max_rate = 0; 1177 if (ap_tx_rate_ok(0, sta, sta->local)) { 1178 sta->tx_rate = 10; 1179 sta->tx_rate_idx = 0; 1180 } 1181 } 1182 if (sta->tx_supp_rates & WLAN_RATE_2M) { 1183 sta->tx_max_rate = 1; 1184 if (ap_tx_rate_ok(1, sta, sta->local)) { 1185 sta->tx_rate = 20; 1186 sta->tx_rate_idx = 1; 1187 } 1188 } 1189 if (sta->tx_supp_rates & WLAN_RATE_5M5) { 1190 sta->tx_max_rate = 2; 1191 if (ap_tx_rate_ok(2, sta, sta->local)) { 1192 sta->tx_rate = 55; 1193 sta->tx_rate_idx = 2; 1194 } 1195 } 1196 if (sta->tx_supp_rates & WLAN_RATE_11M) { 1197 sta->tx_max_rate = 3; 1198 if (ap_tx_rate_ok(3, sta, sta->local)) { 1199 sta->tx_rate = 110; 1200 sta->tx_rate_idx = 3; 1201 } 1202 } 1203 } 1204 1205 1206 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 1207 1208 static void ap_crypt_init(struct ap_data *ap) 1209 { 1210 ap->crypt = lib80211_get_crypto_ops("WEP"); 1211 1212 if (ap->crypt) { 1213 if (ap->crypt->init) { 1214 ap->crypt_priv = ap->crypt->init(0); 1215 if (ap->crypt_priv == NULL) 1216 ap->crypt = NULL; 1217 else { 1218 u8 key[WEP_KEY_LEN]; 1219 get_random_bytes(key, WEP_KEY_LEN); 1220 ap->crypt->set_key(key, WEP_KEY_LEN, NULL, 1221 ap->crypt_priv); 1222 } 1223 } 1224 } 1225 1226 if (ap->crypt == NULL) { 1227 printk(KERN_WARNING "AP could not initialize WEP: load module " 1228 "lib80211_crypt_wep.ko\n"); 1229 } 1230 } 1231 1232 1233 /* Generate challenge data for shared key authentication. IEEE 802.11 specifies 1234 * that WEP algorithm is used for generating challenge. This should be unique, 1235 * but otherwise there is not really need for randomness etc. Initialize WEP 1236 * with pseudo random key and then use increasing IV to get unique challenge 1237 * streams. 1238 * 1239 * Called only as a scheduled task for pending AP frames. 1240 */ 1241 static char * ap_auth_make_challenge(struct ap_data *ap) 1242 { 1243 char *tmpbuf; 1244 struct sk_buff *skb; 1245 1246 if (ap->crypt == NULL) { 1247 ap_crypt_init(ap); 1248 if (ap->crypt == NULL) 1249 return NULL; 1250 } 1251 1252 tmpbuf = kmalloc(WLAN_AUTH_CHALLENGE_LEN, GFP_ATOMIC); 1253 if (tmpbuf == NULL) { 1254 PDEBUG(DEBUG_AP, "AP: kmalloc failed for challenge\n"); 1255 return NULL; 1256 } 1257 1258 skb = dev_alloc_skb(WLAN_AUTH_CHALLENGE_LEN + 1259 ap->crypt->extra_mpdu_prefix_len + 1260 ap->crypt->extra_mpdu_postfix_len); 1261 if (skb == NULL) { 1262 kfree(tmpbuf); 1263 return NULL; 1264 } 1265 1266 skb_reserve(skb, ap->crypt->extra_mpdu_prefix_len); 1267 skb_put_zero(skb, WLAN_AUTH_CHALLENGE_LEN); 1268 if (ap->crypt->encrypt_mpdu(skb, 0, ap->crypt_priv)) { 1269 dev_kfree_skb(skb); 1270 kfree(tmpbuf); 1271 return NULL; 1272 } 1273 1274 skb_copy_from_linear_data_offset(skb, ap->crypt->extra_mpdu_prefix_len, 1275 tmpbuf, WLAN_AUTH_CHALLENGE_LEN); 1276 dev_kfree_skb(skb); 1277 1278 return tmpbuf; 1279 } 1280 1281 1282 /* Called only as a scheduled task for pending AP frames. */ 1283 static void handle_authen(local_info_t *local, struct sk_buff *skb, 1284 struct hostap_80211_rx_status *rx_stats) 1285 { 1286 struct net_device *dev = local->dev; 1287 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 1288 size_t hdrlen; 1289 struct ap_data *ap = local->ap; 1290 char body[8 + WLAN_AUTH_CHALLENGE_LEN], *challenge = NULL; 1291 int len, olen; 1292 u16 auth_alg, auth_transaction, status_code; 1293 __le16 *pos; 1294 u16 resp = WLAN_STATUS_SUCCESS; 1295 struct sta_info *sta = NULL; 1296 struct lib80211_crypt_data *crypt; 1297 char *txt = ""; 1298 1299 len = skb->len - IEEE80211_MGMT_HDR_LEN; 1300 1301 hdrlen = hostap_80211_get_hdrlen(hdr->frame_control); 1302 1303 if (len < 6) { 1304 PDEBUG(DEBUG_AP, "%s: handle_authen - too short payload " 1305 "(len=%d) from %pM\n", dev->name, len, hdr->addr2); 1306 return; 1307 } 1308 1309 spin_lock_bh(&local->ap->sta_table_lock); 1310 sta = ap_get_sta(local->ap, hdr->addr2); 1311 if (sta) 1312 atomic_inc(&sta->users); 1313 spin_unlock_bh(&local->ap->sta_table_lock); 1314 1315 if (sta && sta->crypt) 1316 crypt = sta->crypt; 1317 else { 1318 int idx = 0; 1319 if (skb->len >= hdrlen + 3) 1320 idx = skb->data[hdrlen + 3] >> 6; 1321 crypt = local->crypt_info.crypt[idx]; 1322 } 1323 1324 pos = (__le16 *) (skb->data + IEEE80211_MGMT_HDR_LEN); 1325 auth_alg = __le16_to_cpu(*pos); 1326 pos++; 1327 auth_transaction = __le16_to_cpu(*pos); 1328 pos++; 1329 status_code = __le16_to_cpu(*pos); 1330 pos++; 1331 1332 if (ether_addr_equal(dev->dev_addr, hdr->addr2) || 1333 ap_control_mac_deny(&ap->mac_restrictions, hdr->addr2)) { 1334 txt = "authentication denied"; 1335 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1336 goto fail; 1337 } 1338 1339 if (((local->auth_algs & PRISM2_AUTH_OPEN) && 1340 auth_alg == WLAN_AUTH_OPEN) || 1341 ((local->auth_algs & PRISM2_AUTH_SHARED_KEY) && 1342 crypt && auth_alg == WLAN_AUTH_SHARED_KEY)) { 1343 } else { 1344 txt = "unsupported algorithm"; 1345 resp = WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG; 1346 goto fail; 1347 } 1348 1349 if (len >= 8) { 1350 u8 *u = (u8 *) pos; 1351 if (*u == WLAN_EID_CHALLENGE) { 1352 if (*(u + 1) != WLAN_AUTH_CHALLENGE_LEN) { 1353 txt = "invalid challenge len"; 1354 resp = WLAN_STATUS_CHALLENGE_FAIL; 1355 goto fail; 1356 } 1357 if (len - 8 < WLAN_AUTH_CHALLENGE_LEN) { 1358 txt = "challenge underflow"; 1359 resp = WLAN_STATUS_CHALLENGE_FAIL; 1360 goto fail; 1361 } 1362 challenge = (char *) (u + 2); 1363 } 1364 } 1365 1366 if (sta && sta->ap) { 1367 if (time_after(jiffies, sta->u.ap.last_beacon + 1368 (10 * sta->listen_interval * HZ) / 1024)) { 1369 PDEBUG(DEBUG_AP, "%s: no beacons received for a while," 1370 " assuming AP %pM is now STA\n", 1371 dev->name, sta->addr); 1372 sta->ap = 0; 1373 sta->flags = 0; 1374 sta->u.sta.challenge = NULL; 1375 } else { 1376 txt = "AP trying to authenticate?"; 1377 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1378 goto fail; 1379 } 1380 } 1381 1382 if ((auth_alg == WLAN_AUTH_OPEN && auth_transaction == 1) || 1383 (auth_alg == WLAN_AUTH_SHARED_KEY && 1384 (auth_transaction == 1 || 1385 (auth_transaction == 3 && sta != NULL && 1386 sta->u.sta.challenge != NULL)))) { 1387 } else { 1388 txt = "unknown authentication transaction number"; 1389 resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION; 1390 goto fail; 1391 } 1392 1393 if (sta == NULL) { 1394 txt = "new STA"; 1395 1396 if (local->ap->num_sta >= MAX_STA_COUNT) { 1397 /* FIX: might try to remove some old STAs first? */ 1398 txt = "no more room for new STAs"; 1399 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1400 goto fail; 1401 } 1402 1403 sta = ap_add_sta(local->ap, hdr->addr2); 1404 if (sta == NULL) { 1405 txt = "ap_add_sta failed"; 1406 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1407 goto fail; 1408 } 1409 } 1410 1411 switch (auth_alg) { 1412 case WLAN_AUTH_OPEN: 1413 txt = "authOK"; 1414 /* IEEE 802.11 standard is not completely clear about 1415 * whether STA is considered authenticated after 1416 * authentication OK frame has been send or after it 1417 * has been ACKed. In order to reduce interoperability 1418 * issues, mark the STA authenticated before ACK. */ 1419 sta->flags |= WLAN_STA_AUTH; 1420 break; 1421 1422 case WLAN_AUTH_SHARED_KEY: 1423 if (auth_transaction == 1) { 1424 if (sta->u.sta.challenge == NULL) { 1425 sta->u.sta.challenge = 1426 ap_auth_make_challenge(local->ap); 1427 if (sta->u.sta.challenge == NULL) { 1428 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1429 goto fail; 1430 } 1431 } 1432 } else { 1433 if (sta->u.sta.challenge == NULL || 1434 challenge == NULL || 1435 memcmp(sta->u.sta.challenge, challenge, 1436 WLAN_AUTH_CHALLENGE_LEN) != 0 || 1437 !ieee80211_has_protected(hdr->frame_control)) { 1438 txt = "challenge response incorrect"; 1439 resp = WLAN_STATUS_CHALLENGE_FAIL; 1440 goto fail; 1441 } 1442 1443 txt = "challenge OK - authOK"; 1444 /* IEEE 802.11 standard is not completely clear about 1445 * whether STA is considered authenticated after 1446 * authentication OK frame has been send or after it 1447 * has been ACKed. In order to reduce interoperability 1448 * issues, mark the STA authenticated before ACK. */ 1449 sta->flags |= WLAN_STA_AUTH; 1450 kfree(sta->u.sta.challenge); 1451 sta->u.sta.challenge = NULL; 1452 } 1453 break; 1454 } 1455 1456 fail: 1457 pos = (__le16 *) body; 1458 *pos = cpu_to_le16(auth_alg); 1459 pos++; 1460 *pos = cpu_to_le16(auth_transaction + 1); 1461 pos++; 1462 *pos = cpu_to_le16(resp); /* status_code */ 1463 pos++; 1464 olen = 6; 1465 1466 if (resp == WLAN_STATUS_SUCCESS && sta != NULL && 1467 sta->u.sta.challenge != NULL && 1468 auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 1) { 1469 u8 *tmp = (u8 *) pos; 1470 *tmp++ = WLAN_EID_CHALLENGE; 1471 *tmp++ = WLAN_AUTH_CHALLENGE_LEN; 1472 pos++; 1473 memcpy(pos, sta->u.sta.challenge, WLAN_AUTH_CHALLENGE_LEN); 1474 olen += 2 + WLAN_AUTH_CHALLENGE_LEN; 1475 } 1476 1477 prism2_send_mgmt(dev, IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_AUTH, 1478 body, olen, hdr->addr2, ap->tx_callback_auth); 1479 1480 if (sta) { 1481 sta->last_rx = jiffies; 1482 atomic_dec(&sta->users); 1483 } 1484 1485 if (resp) { 1486 PDEBUG(DEBUG_AP, "%s: %pM auth (alg=%d " 1487 "trans#=%d stat=%d len=%d fc=%04x) ==> %d (%s)\n", 1488 dev->name, hdr->addr2, 1489 auth_alg, auth_transaction, status_code, len, 1490 le16_to_cpu(hdr->frame_control), resp, txt); 1491 } 1492 } 1493 1494 1495 /* Called only as a scheduled task for pending AP frames. */ 1496 static void handle_assoc(local_info_t *local, struct sk_buff *skb, 1497 struct hostap_80211_rx_status *rx_stats, int reassoc) 1498 { 1499 struct net_device *dev = local->dev; 1500 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 1501 char body[12], *p, *lpos; 1502 int len, left; 1503 __le16 *pos; 1504 u16 resp = WLAN_STATUS_SUCCESS; 1505 struct sta_info *sta = NULL; 1506 int send_deauth = 0; 1507 char __always_unused *txt = ""; 1508 u8 prev_ap[ETH_ALEN]; 1509 1510 left = len = skb->len - IEEE80211_MGMT_HDR_LEN; 1511 1512 if (len < (reassoc ? 10 : 4)) { 1513 PDEBUG(DEBUG_AP, "%s: handle_assoc - too short payload " 1514 "(len=%d, reassoc=%d) from %pM\n", 1515 dev->name, len, reassoc, hdr->addr2); 1516 return; 1517 } 1518 1519 spin_lock_bh(&local->ap->sta_table_lock); 1520 sta = ap_get_sta(local->ap, hdr->addr2); 1521 if (sta == NULL || (sta->flags & WLAN_STA_AUTH) == 0) { 1522 spin_unlock_bh(&local->ap->sta_table_lock); 1523 txt = "trying to associate before authentication"; 1524 send_deauth = 1; 1525 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1526 sta = NULL; /* do not decrement sta->users */ 1527 goto fail; 1528 } 1529 atomic_inc(&sta->users); 1530 spin_unlock_bh(&local->ap->sta_table_lock); 1531 1532 pos = (__le16 *) (skb->data + IEEE80211_MGMT_HDR_LEN); 1533 sta->capability = __le16_to_cpu(*pos); 1534 pos++; left -= 2; 1535 sta->listen_interval = __le16_to_cpu(*pos); 1536 pos++; left -= 2; 1537 1538 if (reassoc) { 1539 memcpy(prev_ap, pos, ETH_ALEN); 1540 pos++; pos++; pos++; left -= 6; 1541 } else 1542 eth_zero_addr(prev_ap); 1543 1544 if (left >= 2) { 1545 unsigned int ileft; 1546 unsigned char *u = (unsigned char *) pos; 1547 1548 if (*u == WLAN_EID_SSID) { 1549 u++; left--; 1550 ileft = *u; 1551 u++; left--; 1552 1553 if (ileft > left || ileft > MAX_SSID_LEN) { 1554 txt = "SSID overflow"; 1555 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1556 goto fail; 1557 } 1558 1559 if (ileft != strlen(local->essid) || 1560 memcmp(local->essid, u, ileft) != 0) { 1561 txt = "not our SSID"; 1562 resp = WLAN_STATUS_ASSOC_DENIED_UNSPEC; 1563 goto fail; 1564 } 1565 1566 u += ileft; 1567 left -= ileft; 1568 } 1569 1570 if (left >= 2 && *u == WLAN_EID_SUPP_RATES) { 1571 u++; left--; 1572 ileft = *u; 1573 u++; left--; 1574 1575 if (ileft > left || ileft == 0 || 1576 ileft > WLAN_SUPP_RATES_MAX) { 1577 txt = "SUPP_RATES len error"; 1578 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1579 goto fail; 1580 } 1581 1582 memset(sta->supported_rates, 0, 1583 sizeof(sta->supported_rates)); 1584 memcpy(sta->supported_rates, u, ileft); 1585 prism2_check_tx_rates(sta); 1586 1587 u += ileft; 1588 left -= ileft; 1589 } 1590 1591 if (left > 0) { 1592 PDEBUG(DEBUG_AP, "%s: assoc from %pM" 1593 " with extra data (%d bytes) [", 1594 dev->name, hdr->addr2, left); 1595 while (left > 0) { 1596 PDEBUG2(DEBUG_AP, "<%02x>", *u); 1597 u++; left--; 1598 } 1599 PDEBUG2(DEBUG_AP, "]\n"); 1600 } 1601 } else { 1602 txt = "frame underflow"; 1603 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1604 goto fail; 1605 } 1606 1607 /* get a unique AID */ 1608 if (sta->aid > 0) 1609 txt = "OK, old AID"; 1610 else { 1611 spin_lock_bh(&local->ap->sta_table_lock); 1612 for (sta->aid = 1; sta->aid <= MAX_AID_TABLE_SIZE; sta->aid++) 1613 if (local->ap->sta_aid[sta->aid - 1] == NULL) 1614 break; 1615 if (sta->aid > MAX_AID_TABLE_SIZE) { 1616 sta->aid = 0; 1617 spin_unlock_bh(&local->ap->sta_table_lock); 1618 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA; 1619 txt = "no room for more AIDs"; 1620 } else { 1621 local->ap->sta_aid[sta->aid - 1] = sta; 1622 spin_unlock_bh(&local->ap->sta_table_lock); 1623 txt = "OK, new AID"; 1624 } 1625 } 1626 1627 fail: 1628 pos = (__le16 *) body; 1629 1630 if (send_deauth) { 1631 *pos = cpu_to_le16(WLAN_REASON_STA_REQ_ASSOC_WITHOUT_AUTH); 1632 pos++; 1633 } else { 1634 /* FIX: CF-Pollable and CF-PollReq should be set to match the 1635 * values in beacons/probe responses */ 1636 /* FIX: how about privacy and WEP? */ 1637 /* capability */ 1638 *pos = cpu_to_le16(WLAN_CAPABILITY_ESS); 1639 pos++; 1640 1641 /* status_code */ 1642 *pos = cpu_to_le16(resp); 1643 pos++; 1644 1645 *pos = cpu_to_le16((sta && sta->aid > 0 ? sta->aid : 0) | 1646 BIT(14) | BIT(15)); /* AID */ 1647 pos++; 1648 1649 /* Supported rates (Information element) */ 1650 p = (char *) pos; 1651 *p++ = WLAN_EID_SUPP_RATES; 1652 lpos = p; 1653 *p++ = 0; /* len */ 1654 if (local->tx_rate_control & WLAN_RATE_1M) { 1655 *p++ = local->basic_rates & WLAN_RATE_1M ? 0x82 : 0x02; 1656 (*lpos)++; 1657 } 1658 if (local->tx_rate_control & WLAN_RATE_2M) { 1659 *p++ = local->basic_rates & WLAN_RATE_2M ? 0x84 : 0x04; 1660 (*lpos)++; 1661 } 1662 if (local->tx_rate_control & WLAN_RATE_5M5) { 1663 *p++ = local->basic_rates & WLAN_RATE_5M5 ? 1664 0x8b : 0x0b; 1665 (*lpos)++; 1666 } 1667 if (local->tx_rate_control & WLAN_RATE_11M) { 1668 *p++ = local->basic_rates & WLAN_RATE_11M ? 1669 0x96 : 0x16; 1670 (*lpos)++; 1671 } 1672 pos = (__le16 *) p; 1673 } 1674 1675 prism2_send_mgmt(dev, IEEE80211_FTYPE_MGMT | 1676 (send_deauth ? IEEE80211_STYPE_DEAUTH : 1677 (reassoc ? IEEE80211_STYPE_REASSOC_RESP : 1678 IEEE80211_STYPE_ASSOC_RESP)), 1679 body, (u8 *) pos - (u8 *) body, 1680 hdr->addr2, 1681 send_deauth ? 0 : local->ap->tx_callback_assoc); 1682 1683 if (sta) { 1684 if (resp == WLAN_STATUS_SUCCESS) { 1685 sta->last_rx = jiffies; 1686 /* STA will be marked associated from TX callback, if 1687 * AssocResp is ACKed */ 1688 } 1689 atomic_dec(&sta->users); 1690 } 1691 1692 #if 0 1693 PDEBUG(DEBUG_AP, "%s: %pM %sassoc (len=%d " 1694 "prev_ap=%pM) => %d(%d) (%s)\n", 1695 dev->name, 1696 hdr->addr2, 1697 reassoc ? "re" : "", len, 1698 prev_ap, 1699 resp, send_deauth, txt); 1700 #endif 1701 } 1702 1703 1704 /* Called only as a scheduled task for pending AP frames. */ 1705 static void handle_deauth(local_info_t *local, struct sk_buff *skb, 1706 struct hostap_80211_rx_status *rx_stats) 1707 { 1708 struct net_device *dev = local->dev; 1709 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 1710 char *body = (char *) (skb->data + IEEE80211_MGMT_HDR_LEN); 1711 int len; 1712 u16 reason_code; 1713 __le16 *pos; 1714 struct sta_info *sta = NULL; 1715 1716 len = skb->len - IEEE80211_MGMT_HDR_LEN; 1717 1718 if (len < 2) { 1719 printk("handle_deauth - too short payload (len=%d)\n", len); 1720 return; 1721 } 1722 1723 pos = (__le16 *) body; 1724 reason_code = le16_to_cpu(*pos); 1725 1726 PDEBUG(DEBUG_AP, "%s: deauthentication: %pM len=%d, " 1727 "reason_code=%d\n", dev->name, hdr->addr2, 1728 len, reason_code); 1729 1730 spin_lock_bh(&local->ap->sta_table_lock); 1731 sta = ap_get_sta(local->ap, hdr->addr2); 1732 if (sta != NULL) { 1733 if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap) 1734 hostap_event_expired_sta(local->dev, sta); 1735 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC); 1736 } 1737 spin_unlock_bh(&local->ap->sta_table_lock); 1738 if (sta == NULL) { 1739 printk("%s: deauthentication from %pM, " 1740 "reason_code=%d, but STA not authenticated\n", dev->name, 1741 hdr->addr2, reason_code); 1742 } 1743 } 1744 1745 1746 /* Called only as a scheduled task for pending AP frames. */ 1747 static void handle_disassoc(local_info_t *local, struct sk_buff *skb, 1748 struct hostap_80211_rx_status *rx_stats) 1749 { 1750 struct net_device *dev = local->dev; 1751 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 1752 char *body = skb->data + IEEE80211_MGMT_HDR_LEN; 1753 int len; 1754 u16 reason_code; 1755 __le16 *pos; 1756 struct sta_info *sta = NULL; 1757 1758 len = skb->len - IEEE80211_MGMT_HDR_LEN; 1759 1760 if (len < 2) { 1761 printk("handle_disassoc - too short payload (len=%d)\n", len); 1762 return; 1763 } 1764 1765 pos = (__le16 *) body; 1766 reason_code = le16_to_cpu(*pos); 1767 1768 PDEBUG(DEBUG_AP, "%s: disassociation: %pM len=%d, " 1769 "reason_code=%d\n", dev->name, hdr->addr2, 1770 len, reason_code); 1771 1772 spin_lock_bh(&local->ap->sta_table_lock); 1773 sta = ap_get_sta(local->ap, hdr->addr2); 1774 if (sta != NULL) { 1775 if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap) 1776 hostap_event_expired_sta(local->dev, sta); 1777 sta->flags &= ~WLAN_STA_ASSOC; 1778 } 1779 spin_unlock_bh(&local->ap->sta_table_lock); 1780 if (sta == NULL) { 1781 printk("%s: disassociation from %pM, " 1782 "reason_code=%d, but STA not authenticated\n", 1783 dev->name, hdr->addr2, reason_code); 1784 } 1785 } 1786 1787 1788 /* Called only as a scheduled task for pending AP frames. */ 1789 static void ap_handle_data_nullfunc(local_info_t *local, 1790 struct ieee80211_hdr *hdr) 1791 { 1792 struct net_device *dev = local->dev; 1793 1794 /* some STA f/w's seem to require control::ACK frame for 1795 * data::nullfunc, but at least Prism2 station f/w version 0.8.0 does 1796 * not send this.. 1797 * send control::ACK for the data::nullfunc */ 1798 1799 printk(KERN_DEBUG "Sending control::ACK for data::nullfunc\n"); 1800 prism2_send_mgmt(dev, IEEE80211_FTYPE_CTL | IEEE80211_STYPE_ACK, 1801 NULL, 0, hdr->addr2, 0); 1802 } 1803 1804 1805 /* Called only as a scheduled task for pending AP frames. */ 1806 static void ap_handle_dropped_data(local_info_t *local, 1807 struct ieee80211_hdr *hdr) 1808 { 1809 struct net_device *dev = local->dev; 1810 struct sta_info *sta; 1811 __le16 reason; 1812 1813 spin_lock_bh(&local->ap->sta_table_lock); 1814 sta = ap_get_sta(local->ap, hdr->addr2); 1815 if (sta) 1816 atomic_inc(&sta->users); 1817 spin_unlock_bh(&local->ap->sta_table_lock); 1818 1819 if (sta != NULL && (sta->flags & WLAN_STA_ASSOC)) { 1820 PDEBUG(DEBUG_AP, "ap_handle_dropped_data: STA is now okay?\n"); 1821 atomic_dec(&sta->users); 1822 return; 1823 } 1824 1825 reason = cpu_to_le16(WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA); 1826 prism2_send_mgmt(dev, IEEE80211_FTYPE_MGMT | 1827 ((sta == NULL || !(sta->flags & WLAN_STA_ASSOC)) ? 1828 IEEE80211_STYPE_DEAUTH : IEEE80211_STYPE_DISASSOC), 1829 (char *) &reason, sizeof(reason), hdr->addr2, 0); 1830 1831 if (sta) 1832 atomic_dec(&sta->users); 1833 } 1834 1835 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 1836 1837 1838 /* Called only as a scheduled task for pending AP frames. */ 1839 static void pspoll_send_buffered(local_info_t *local, struct sta_info *sta, 1840 struct sk_buff *skb) 1841 { 1842 struct hostap_skb_tx_data *meta; 1843 1844 if (!(sta->flags & WLAN_STA_PS)) { 1845 /* Station has moved to non-PS mode, so send all buffered 1846 * frames using normal device queue. */ 1847 dev_queue_xmit(skb); 1848 return; 1849 } 1850 1851 /* add a flag for hostap_handle_sta_tx() to know that this skb should 1852 * be passed through even though STA is using PS */ 1853 meta = (struct hostap_skb_tx_data *) skb->cb; 1854 meta->flags |= HOSTAP_TX_FLAGS_BUFFERED_FRAME; 1855 if (!skb_queue_empty(&sta->tx_buf)) { 1856 /* indicate to STA that more frames follow */ 1857 meta->flags |= HOSTAP_TX_FLAGS_ADD_MOREDATA; 1858 } 1859 dev_queue_xmit(skb); 1860 } 1861 1862 1863 /* Called only as a scheduled task for pending AP frames. */ 1864 static void handle_pspoll(local_info_t *local, 1865 struct ieee80211_hdr *hdr, 1866 struct hostap_80211_rx_status *rx_stats) 1867 { 1868 struct net_device *dev = local->dev; 1869 struct sta_info *sta; 1870 u16 aid; 1871 struct sk_buff *skb; 1872 1873 PDEBUG(DEBUG_PS2, "handle_pspoll: BSSID=%pM, TA=%pM PWRMGT=%d\n", 1874 hdr->addr1, hdr->addr2, !!ieee80211_has_pm(hdr->frame_control)); 1875 1876 if (!ether_addr_equal(hdr->addr1, dev->dev_addr)) { 1877 PDEBUG(DEBUG_AP, 1878 "handle_pspoll - addr1(BSSID)=%pM not own MAC\n", 1879 hdr->addr1); 1880 return; 1881 } 1882 1883 aid = le16_to_cpu(hdr->duration_id); 1884 if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14))) { 1885 PDEBUG(DEBUG_PS, " PSPOLL and AID[15:14] not set\n"); 1886 return; 1887 } 1888 aid &= ~(BIT(15) | BIT(14)); 1889 if (aid == 0 || aid > MAX_AID_TABLE_SIZE) { 1890 PDEBUG(DEBUG_PS, " invalid aid=%d\n", aid); 1891 return; 1892 } 1893 PDEBUG(DEBUG_PS2, " aid=%d\n", aid); 1894 1895 spin_lock_bh(&local->ap->sta_table_lock); 1896 sta = ap_get_sta(local->ap, hdr->addr2); 1897 if (sta) 1898 atomic_inc(&sta->users); 1899 spin_unlock_bh(&local->ap->sta_table_lock); 1900 1901 if (sta == NULL) { 1902 PDEBUG(DEBUG_PS, " STA not found\n"); 1903 return; 1904 } 1905 if (sta->aid != aid) { 1906 PDEBUG(DEBUG_PS, " received aid=%i does not match with " 1907 "assoc.aid=%d\n", aid, sta->aid); 1908 return; 1909 } 1910 1911 /* FIX: todo: 1912 * - add timeout for buffering (clear aid in TIM vector if buffer timed 1913 * out (expiry time must be longer than ListenInterval for 1914 * the corresponding STA; "8802-11: 11.2.1.9 AP aging function" 1915 * - what to do, if buffered, pspolled, and sent frame is not ACKed by 1916 * sta; store buffer for later use and leave TIM aid bit set? use 1917 * TX event to check whether frame was ACKed? 1918 */ 1919 1920 while ((skb = skb_dequeue(&sta->tx_buf)) != NULL) { 1921 /* send buffered frame .. */ 1922 PDEBUG(DEBUG_PS2, "Sending buffered frame to STA after PS POLL" 1923 " (buffer_count=%d)\n", skb_queue_len(&sta->tx_buf)); 1924 1925 pspoll_send_buffered(local, sta, skb); 1926 1927 if (sta->flags & WLAN_STA_PS) { 1928 /* send only one buffered packet per PS Poll */ 1929 /* FIX: should ignore further PS Polls until the 1930 * buffered packet that was just sent is acknowledged 1931 * (Tx or TxExc event) */ 1932 break; 1933 } 1934 } 1935 1936 if (skb_queue_empty(&sta->tx_buf)) { 1937 /* try to clear aid from TIM */ 1938 if (!(sta->flags & WLAN_STA_TIM)) 1939 PDEBUG(DEBUG_PS2, "Re-unsetting TIM for aid %d\n", 1940 aid); 1941 hostap_set_tim(local, aid, 0); 1942 sta->flags &= ~WLAN_STA_TIM; 1943 } 1944 1945 atomic_dec(&sta->users); 1946 } 1947 1948 1949 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 1950 1951 static void handle_wds_oper_queue(struct work_struct *work) 1952 { 1953 struct ap_data *ap = container_of(work, struct ap_data, 1954 wds_oper_queue); 1955 local_info_t *local = ap->local; 1956 struct wds_oper_data *entry, *prev; 1957 1958 spin_lock_bh(&local->lock); 1959 entry = local->ap->wds_oper_entries; 1960 local->ap->wds_oper_entries = NULL; 1961 spin_unlock_bh(&local->lock); 1962 1963 while (entry) { 1964 PDEBUG(DEBUG_AP, "%s: %s automatic WDS connection " 1965 "to AP %pM\n", 1966 local->dev->name, 1967 entry->type == WDS_ADD ? "adding" : "removing", 1968 entry->addr); 1969 if (entry->type == WDS_ADD) 1970 prism2_wds_add(local, entry->addr, 0); 1971 else if (entry->type == WDS_DEL) 1972 prism2_wds_del(local, entry->addr, 0, 1); 1973 1974 prev = entry; 1975 entry = entry->next; 1976 kfree(prev); 1977 } 1978 } 1979 1980 1981 /* Called only as a scheduled task for pending AP frames. */ 1982 static void handle_beacon(local_info_t *local, struct sk_buff *skb, 1983 struct hostap_80211_rx_status *rx_stats) 1984 { 1985 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 1986 char *body = skb->data + IEEE80211_MGMT_HDR_LEN; 1987 int len, left; 1988 u16 beacon_int, capability; 1989 __le16 *pos; 1990 char *ssid = NULL; 1991 unsigned char *supp_rates = NULL; 1992 int ssid_len = 0, supp_rates_len = 0; 1993 struct sta_info *sta = NULL; 1994 int new_sta = 0, channel = -1; 1995 1996 len = skb->len - IEEE80211_MGMT_HDR_LEN; 1997 1998 if (len < 8 + 2 + 2) { 1999 printk(KERN_DEBUG "handle_beacon - too short payload " 2000 "(len=%d)\n", len); 2001 return; 2002 } 2003 2004 pos = (__le16 *) body; 2005 left = len; 2006 2007 /* Timestamp (8 octets) */ 2008 pos += 4; left -= 8; 2009 /* Beacon interval (2 octets) */ 2010 beacon_int = le16_to_cpu(*pos); 2011 pos++; left -= 2; 2012 /* Capability information (2 octets) */ 2013 capability = le16_to_cpu(*pos); 2014 pos++; left -= 2; 2015 2016 if (local->ap->ap_policy != AP_OTHER_AP_EVEN_IBSS && 2017 capability & WLAN_CAPABILITY_IBSS) 2018 return; 2019 2020 if (left >= 2) { 2021 unsigned int ileft; 2022 unsigned char *u = (unsigned char *) pos; 2023 2024 if (*u == WLAN_EID_SSID) { 2025 u++; left--; 2026 ileft = *u; 2027 u++; left--; 2028 2029 if (ileft > left || ileft > MAX_SSID_LEN) { 2030 PDEBUG(DEBUG_AP, "SSID: overflow\n"); 2031 return; 2032 } 2033 2034 if (local->ap->ap_policy == AP_OTHER_AP_SAME_SSID && 2035 (ileft != strlen(local->essid) || 2036 memcmp(local->essid, u, ileft) != 0)) { 2037 /* not our SSID */ 2038 return; 2039 } 2040 2041 ssid = u; 2042 ssid_len = ileft; 2043 2044 u += ileft; 2045 left -= ileft; 2046 } 2047 2048 if (*u == WLAN_EID_SUPP_RATES) { 2049 u++; left--; 2050 ileft = *u; 2051 u++; left--; 2052 2053 if (ileft > left || ileft == 0 || ileft > 8) { 2054 PDEBUG(DEBUG_AP, " - SUPP_RATES len error\n"); 2055 return; 2056 } 2057 2058 supp_rates = u; 2059 supp_rates_len = ileft; 2060 2061 u += ileft; 2062 left -= ileft; 2063 } 2064 2065 if (*u == WLAN_EID_DS_PARAMS) { 2066 u++; left--; 2067 ileft = *u; 2068 u++; left--; 2069 2070 if (ileft > left || ileft != 1) { 2071 PDEBUG(DEBUG_AP, " - DS_PARAMS len error\n"); 2072 return; 2073 } 2074 2075 channel = *u; 2076 2077 u += ileft; 2078 left -= ileft; 2079 } 2080 } 2081 2082 spin_lock_bh(&local->ap->sta_table_lock); 2083 sta = ap_get_sta(local->ap, hdr->addr2); 2084 if (sta != NULL) 2085 atomic_inc(&sta->users); 2086 spin_unlock_bh(&local->ap->sta_table_lock); 2087 2088 if (sta == NULL) { 2089 /* add new AP */ 2090 new_sta = 1; 2091 sta = ap_add_sta(local->ap, hdr->addr2); 2092 if (sta == NULL) { 2093 printk(KERN_INFO "prism2: kmalloc failed for AP " 2094 "data structure\n"); 2095 return; 2096 } 2097 hostap_event_new_sta(local->dev, sta); 2098 2099 /* mark APs authentication and associated for pseudo ad-hoc 2100 * style communication */ 2101 sta->flags = WLAN_STA_AUTH | WLAN_STA_ASSOC; 2102 2103 if (local->ap->autom_ap_wds) { 2104 hostap_wds_link_oper(local, sta->addr, WDS_ADD); 2105 } 2106 } 2107 2108 sta->ap = 1; 2109 if (ssid) { 2110 sta->u.ap.ssid_len = ssid_len; 2111 memcpy(sta->u.ap.ssid, ssid, ssid_len); 2112 sta->u.ap.ssid[ssid_len] = '\0'; 2113 } else { 2114 sta->u.ap.ssid_len = 0; 2115 sta->u.ap.ssid[0] = '\0'; 2116 } 2117 sta->u.ap.channel = channel; 2118 sta->rx_packets++; 2119 sta->rx_bytes += len; 2120 sta->u.ap.last_beacon = sta->last_rx = jiffies; 2121 sta->capability = capability; 2122 sta->listen_interval = beacon_int; 2123 2124 atomic_dec(&sta->users); 2125 2126 if (new_sta) { 2127 memset(sta->supported_rates, 0, sizeof(sta->supported_rates)); 2128 memcpy(sta->supported_rates, supp_rates, supp_rates_len); 2129 prism2_check_tx_rates(sta); 2130 } 2131 } 2132 2133 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 2134 2135 2136 /* Called only as a tasklet. */ 2137 static void handle_ap_item(local_info_t *local, struct sk_buff *skb, 2138 struct hostap_80211_rx_status *rx_stats) 2139 { 2140 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 2141 struct net_device *dev = local->dev; 2142 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 2143 u16 fc, type, stype; 2144 struct ieee80211_hdr *hdr; 2145 2146 /* FIX: should give skb->len to handler functions and check that the 2147 * buffer is long enough */ 2148 hdr = (struct ieee80211_hdr *) skb->data; 2149 fc = le16_to_cpu(hdr->frame_control); 2150 type = fc & IEEE80211_FCTL_FTYPE; 2151 stype = fc & IEEE80211_FCTL_STYPE; 2152 2153 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 2154 if (!local->hostapd && type == IEEE80211_FTYPE_DATA) { 2155 PDEBUG(DEBUG_AP, "handle_ap_item - data frame\n"); 2156 2157 if (!(fc & IEEE80211_FCTL_TODS) || 2158 (fc & IEEE80211_FCTL_FROMDS)) { 2159 if (stype == IEEE80211_STYPE_NULLFUNC) { 2160 /* no ToDS nullfunc seems to be used to check 2161 * AP association; so send reject message to 2162 * speed up re-association */ 2163 ap_handle_dropped_data(local, hdr); 2164 goto done; 2165 } 2166 PDEBUG(DEBUG_AP, " not ToDS frame (fc=0x%04x)\n", 2167 fc); 2168 goto done; 2169 } 2170 2171 if (!ether_addr_equal(hdr->addr1, dev->dev_addr)) { 2172 PDEBUG(DEBUG_AP, "handle_ap_item - addr1(BSSID)=%pM" 2173 " not own MAC\n", hdr->addr1); 2174 goto done; 2175 } 2176 2177 if (local->ap->nullfunc_ack && 2178 stype == IEEE80211_STYPE_NULLFUNC) 2179 ap_handle_data_nullfunc(local, hdr); 2180 else 2181 ap_handle_dropped_data(local, hdr); 2182 goto done; 2183 } 2184 2185 if (type == IEEE80211_FTYPE_MGMT && stype == IEEE80211_STYPE_BEACON) { 2186 handle_beacon(local, skb, rx_stats); 2187 goto done; 2188 } 2189 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 2190 2191 if (type == IEEE80211_FTYPE_CTL && stype == IEEE80211_STYPE_PSPOLL) { 2192 handle_pspoll(local, hdr, rx_stats); 2193 goto done; 2194 } 2195 2196 if (local->hostapd) { 2197 PDEBUG(DEBUG_AP, "Unknown frame in AP queue: type=0x%02x " 2198 "subtype=0x%02x\n", type, stype); 2199 goto done; 2200 } 2201 2202 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 2203 if (type != IEEE80211_FTYPE_MGMT) { 2204 PDEBUG(DEBUG_AP, "handle_ap_item - not a management frame?\n"); 2205 goto done; 2206 } 2207 2208 if (!ether_addr_equal(hdr->addr1, dev->dev_addr)) { 2209 PDEBUG(DEBUG_AP, "handle_ap_item - addr1(DA)=%pM" 2210 " not own MAC\n", hdr->addr1); 2211 goto done; 2212 } 2213 2214 if (!ether_addr_equal(hdr->addr3, dev->dev_addr)) { 2215 PDEBUG(DEBUG_AP, "handle_ap_item - addr3(BSSID)=%pM" 2216 " not own MAC\n", hdr->addr3); 2217 goto done; 2218 } 2219 2220 switch (stype) { 2221 case IEEE80211_STYPE_ASSOC_REQ: 2222 handle_assoc(local, skb, rx_stats, 0); 2223 break; 2224 case IEEE80211_STYPE_ASSOC_RESP: 2225 PDEBUG(DEBUG_AP, "==> ASSOC RESP (ignored)\n"); 2226 break; 2227 case IEEE80211_STYPE_REASSOC_REQ: 2228 handle_assoc(local, skb, rx_stats, 1); 2229 break; 2230 case IEEE80211_STYPE_REASSOC_RESP: 2231 PDEBUG(DEBUG_AP, "==> REASSOC RESP (ignored)\n"); 2232 break; 2233 case IEEE80211_STYPE_ATIM: 2234 PDEBUG(DEBUG_AP, "==> ATIM (ignored)\n"); 2235 break; 2236 case IEEE80211_STYPE_DISASSOC: 2237 handle_disassoc(local, skb, rx_stats); 2238 break; 2239 case IEEE80211_STYPE_AUTH: 2240 handle_authen(local, skb, rx_stats); 2241 break; 2242 case IEEE80211_STYPE_DEAUTH: 2243 handle_deauth(local, skb, rx_stats); 2244 break; 2245 default: 2246 PDEBUG(DEBUG_AP, "Unknown mgmt frame subtype 0x%02x\n", 2247 stype >> 4); 2248 break; 2249 } 2250 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 2251 2252 done: 2253 dev_kfree_skb(skb); 2254 } 2255 2256 2257 /* Called only as a tasklet (software IRQ) */ 2258 void hostap_rx(struct net_device *dev, struct sk_buff *skb, 2259 struct hostap_80211_rx_status *rx_stats) 2260 { 2261 struct hostap_interface *iface; 2262 local_info_t *local; 2263 struct ieee80211_hdr *hdr; 2264 2265 iface = netdev_priv(dev); 2266 local = iface->local; 2267 2268 if (skb->len < 16) 2269 goto drop; 2270 2271 dev->stats.rx_packets++; 2272 2273 hdr = (struct ieee80211_hdr *) skb->data; 2274 2275 if (local->ap->ap_policy == AP_OTHER_AP_SKIP_ALL && 2276 ieee80211_is_beacon(hdr->frame_control)) 2277 goto drop; 2278 2279 skb->protocol = cpu_to_be16(ETH_P_HOSTAP); 2280 handle_ap_item(local, skb, rx_stats); 2281 return; 2282 2283 drop: 2284 dev_kfree_skb(skb); 2285 } 2286 2287 2288 /* Called only as a tasklet (software IRQ) */ 2289 static void schedule_packet_send(local_info_t *local, struct sta_info *sta) 2290 { 2291 struct sk_buff *skb; 2292 struct ieee80211_hdr *hdr; 2293 struct hostap_80211_rx_status rx_stats; 2294 2295 if (skb_queue_empty(&sta->tx_buf)) 2296 return; 2297 2298 skb = dev_alloc_skb(16); 2299 if (skb == NULL) { 2300 printk(KERN_DEBUG "%s: schedule_packet_send: skb alloc " 2301 "failed\n", local->dev->name); 2302 return; 2303 } 2304 2305 hdr = skb_put(skb, 16); 2306 2307 /* Generate a fake pspoll frame to start packet delivery */ 2308 hdr->frame_control = cpu_to_le16( 2309 IEEE80211_FTYPE_CTL | IEEE80211_STYPE_PSPOLL); 2310 memcpy(hdr->addr1, local->dev->dev_addr, ETH_ALEN); 2311 memcpy(hdr->addr2, sta->addr, ETH_ALEN); 2312 hdr->duration_id = cpu_to_le16(sta->aid | BIT(15) | BIT(14)); 2313 2314 PDEBUG(DEBUG_PS2, 2315 "%s: Scheduling buffered packet delivery for STA %pM\n", 2316 local->dev->name, sta->addr); 2317 2318 skb->dev = local->dev; 2319 2320 memset(&rx_stats, 0, sizeof(rx_stats)); 2321 hostap_rx(local->dev, skb, &rx_stats); 2322 } 2323 2324 2325 int prism2_ap_get_sta_qual(local_info_t *local, struct sockaddr addr[], 2326 struct iw_quality qual[], int buf_size, 2327 int aplist) 2328 { 2329 struct ap_data *ap = local->ap; 2330 struct list_head *ptr; 2331 int count = 0; 2332 2333 spin_lock_bh(&ap->sta_table_lock); 2334 2335 for (ptr = ap->sta_list.next; ptr != NULL && ptr != &ap->sta_list; 2336 ptr = ptr->next) { 2337 struct sta_info *sta = (struct sta_info *) ptr; 2338 2339 if (aplist && !sta->ap) 2340 continue; 2341 addr[count].sa_family = ARPHRD_ETHER; 2342 memcpy(addr[count].sa_data, sta->addr, ETH_ALEN); 2343 if (sta->last_rx_silence == 0) 2344 qual[count].qual = sta->last_rx_signal < 27 ? 2345 0 : (sta->last_rx_signal - 27) * 92 / 127; 2346 else 2347 qual[count].qual = sta->last_rx_signal - 2348 sta->last_rx_silence - 35; 2349 qual[count].level = HFA384X_LEVEL_TO_dBm(sta->last_rx_signal); 2350 qual[count].noise = HFA384X_LEVEL_TO_dBm(sta->last_rx_silence); 2351 qual[count].updated = sta->last_rx_updated; 2352 2353 sta->last_rx_updated = IW_QUAL_DBM; 2354 2355 count++; 2356 if (count >= buf_size) 2357 break; 2358 } 2359 spin_unlock_bh(&ap->sta_table_lock); 2360 2361 return count; 2362 } 2363 2364 2365 /* Translate our list of Access Points & Stations to a card independent 2366 * format that the Wireless Tools will understand - Jean II */ 2367 int prism2_ap_translate_scan(struct net_device *dev, 2368 struct iw_request_info *info, char *buffer) 2369 { 2370 struct hostap_interface *iface; 2371 local_info_t *local; 2372 struct ap_data *ap; 2373 struct list_head *ptr; 2374 struct iw_event iwe; 2375 char *current_ev = buffer; 2376 char *end_buf = buffer + IW_SCAN_MAX_DATA; 2377 #if !defined(PRISM2_NO_KERNEL_IEEE80211_MGMT) 2378 char buf[64]; 2379 #endif 2380 2381 iface = netdev_priv(dev); 2382 local = iface->local; 2383 ap = local->ap; 2384 2385 spin_lock_bh(&ap->sta_table_lock); 2386 2387 for (ptr = ap->sta_list.next; ptr != NULL && ptr != &ap->sta_list; 2388 ptr = ptr->next) { 2389 struct sta_info *sta = (struct sta_info *) ptr; 2390 2391 /* First entry *MUST* be the AP MAC address */ 2392 memset(&iwe, 0, sizeof(iwe)); 2393 iwe.cmd = SIOCGIWAP; 2394 iwe.u.ap_addr.sa_family = ARPHRD_ETHER; 2395 memcpy(iwe.u.ap_addr.sa_data, sta->addr, ETH_ALEN); 2396 iwe.len = IW_EV_ADDR_LEN; 2397 current_ev = iwe_stream_add_event(info, current_ev, end_buf, 2398 &iwe, IW_EV_ADDR_LEN); 2399 2400 /* Use the mode to indicate if it's a station or 2401 * an Access Point */ 2402 memset(&iwe, 0, sizeof(iwe)); 2403 iwe.cmd = SIOCGIWMODE; 2404 if (sta->ap) 2405 iwe.u.mode = IW_MODE_MASTER; 2406 else 2407 iwe.u.mode = IW_MODE_INFRA; 2408 iwe.len = IW_EV_UINT_LEN; 2409 current_ev = iwe_stream_add_event(info, current_ev, end_buf, 2410 &iwe, IW_EV_UINT_LEN); 2411 2412 /* Some quality */ 2413 memset(&iwe, 0, sizeof(iwe)); 2414 iwe.cmd = IWEVQUAL; 2415 if (sta->last_rx_silence == 0) 2416 iwe.u.qual.qual = sta->last_rx_signal < 27 ? 2417 0 : (sta->last_rx_signal - 27) * 92 / 127; 2418 else 2419 iwe.u.qual.qual = sta->last_rx_signal - 2420 sta->last_rx_silence - 35; 2421 iwe.u.qual.level = HFA384X_LEVEL_TO_dBm(sta->last_rx_signal); 2422 iwe.u.qual.noise = HFA384X_LEVEL_TO_dBm(sta->last_rx_silence); 2423 iwe.u.qual.updated = sta->last_rx_updated; 2424 iwe.len = IW_EV_QUAL_LEN; 2425 current_ev = iwe_stream_add_event(info, current_ev, end_buf, 2426 &iwe, IW_EV_QUAL_LEN); 2427 2428 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 2429 if (sta->ap) { 2430 memset(&iwe, 0, sizeof(iwe)); 2431 iwe.cmd = SIOCGIWESSID; 2432 iwe.u.data.length = sta->u.ap.ssid_len; 2433 iwe.u.data.flags = 1; 2434 current_ev = iwe_stream_add_point(info, current_ev, 2435 end_buf, &iwe, 2436 sta->u.ap.ssid); 2437 2438 memset(&iwe, 0, sizeof(iwe)); 2439 iwe.cmd = SIOCGIWENCODE; 2440 if (sta->capability & WLAN_CAPABILITY_PRIVACY) 2441 iwe.u.data.flags = 2442 IW_ENCODE_ENABLED | IW_ENCODE_NOKEY; 2443 else 2444 iwe.u.data.flags = IW_ENCODE_DISABLED; 2445 current_ev = iwe_stream_add_point(info, current_ev, 2446 end_buf, &iwe, 2447 sta->u.ap.ssid); 2448 2449 if (sta->u.ap.channel > 0 && 2450 sta->u.ap.channel <= FREQ_COUNT) { 2451 memset(&iwe, 0, sizeof(iwe)); 2452 iwe.cmd = SIOCGIWFREQ; 2453 iwe.u.freq.m = freq_list[sta->u.ap.channel - 1] 2454 * 100000; 2455 iwe.u.freq.e = 1; 2456 current_ev = iwe_stream_add_event( 2457 info, current_ev, end_buf, &iwe, 2458 IW_EV_FREQ_LEN); 2459 } 2460 2461 memset(&iwe, 0, sizeof(iwe)); 2462 iwe.cmd = IWEVCUSTOM; 2463 sprintf(buf, "beacon_interval=%d", 2464 sta->listen_interval); 2465 iwe.u.data.length = strlen(buf); 2466 current_ev = iwe_stream_add_point(info, current_ev, 2467 end_buf, &iwe, buf); 2468 } 2469 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 2470 2471 sta->last_rx_updated = IW_QUAL_DBM; 2472 2473 /* To be continued, we should make good use of IWEVCUSTOM */ 2474 } 2475 2476 spin_unlock_bh(&ap->sta_table_lock); 2477 2478 return current_ev - buffer; 2479 } 2480 2481 2482 static int prism2_hostapd_add_sta(struct ap_data *ap, 2483 struct prism2_hostapd_param *param) 2484 { 2485 struct sta_info *sta; 2486 2487 spin_lock_bh(&ap->sta_table_lock); 2488 sta = ap_get_sta(ap, param->sta_addr); 2489 if (sta) 2490 atomic_inc(&sta->users); 2491 spin_unlock_bh(&ap->sta_table_lock); 2492 2493 if (sta == NULL) { 2494 sta = ap_add_sta(ap, param->sta_addr); 2495 if (sta == NULL) 2496 return -1; 2497 } 2498 2499 if (!(sta->flags & WLAN_STA_ASSOC) && !sta->ap && sta->local) 2500 hostap_event_new_sta(sta->local->dev, sta); 2501 2502 sta->flags |= WLAN_STA_AUTH | WLAN_STA_ASSOC; 2503 sta->last_rx = jiffies; 2504 sta->aid = param->u.add_sta.aid; 2505 sta->capability = param->u.add_sta.capability; 2506 sta->tx_supp_rates = param->u.add_sta.tx_supp_rates; 2507 if (sta->tx_supp_rates & WLAN_RATE_1M) 2508 sta->supported_rates[0] = 2; 2509 if (sta->tx_supp_rates & WLAN_RATE_2M) 2510 sta->supported_rates[1] = 4; 2511 if (sta->tx_supp_rates & WLAN_RATE_5M5) 2512 sta->supported_rates[2] = 11; 2513 if (sta->tx_supp_rates & WLAN_RATE_11M) 2514 sta->supported_rates[3] = 22; 2515 prism2_check_tx_rates(sta); 2516 atomic_dec(&sta->users); 2517 return 0; 2518 } 2519 2520 2521 static int prism2_hostapd_remove_sta(struct ap_data *ap, 2522 struct prism2_hostapd_param *param) 2523 { 2524 struct sta_info *sta; 2525 2526 spin_lock_bh(&ap->sta_table_lock); 2527 sta = ap_get_sta(ap, param->sta_addr); 2528 if (sta) { 2529 ap_sta_hash_del(ap, sta); 2530 list_del(&sta->list); 2531 } 2532 spin_unlock_bh(&ap->sta_table_lock); 2533 2534 if (!sta) 2535 return -ENOENT; 2536 2537 if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap && sta->local) 2538 hostap_event_expired_sta(sta->local->dev, sta); 2539 ap_free_sta(ap, sta); 2540 2541 return 0; 2542 } 2543 2544 2545 static int prism2_hostapd_get_info_sta(struct ap_data *ap, 2546 struct prism2_hostapd_param *param) 2547 { 2548 struct sta_info *sta; 2549 2550 spin_lock_bh(&ap->sta_table_lock); 2551 sta = ap_get_sta(ap, param->sta_addr); 2552 if (sta) 2553 atomic_inc(&sta->users); 2554 spin_unlock_bh(&ap->sta_table_lock); 2555 2556 if (!sta) 2557 return -ENOENT; 2558 2559 param->u.get_info_sta.inactive_sec = (jiffies - sta->last_rx) / HZ; 2560 2561 atomic_dec(&sta->users); 2562 2563 return 1; 2564 } 2565 2566 2567 static int prism2_hostapd_set_flags_sta(struct ap_data *ap, 2568 struct prism2_hostapd_param *param) 2569 { 2570 struct sta_info *sta; 2571 2572 spin_lock_bh(&ap->sta_table_lock); 2573 sta = ap_get_sta(ap, param->sta_addr); 2574 if (sta) { 2575 sta->flags |= param->u.set_flags_sta.flags_or; 2576 sta->flags &= param->u.set_flags_sta.flags_and; 2577 } 2578 spin_unlock_bh(&ap->sta_table_lock); 2579 2580 if (!sta) 2581 return -ENOENT; 2582 2583 return 0; 2584 } 2585 2586 2587 static int prism2_hostapd_sta_clear_stats(struct ap_data *ap, 2588 struct prism2_hostapd_param *param) 2589 { 2590 struct sta_info *sta; 2591 int rate; 2592 2593 spin_lock_bh(&ap->sta_table_lock); 2594 sta = ap_get_sta(ap, param->sta_addr); 2595 if (sta) { 2596 sta->rx_packets = sta->tx_packets = 0; 2597 sta->rx_bytes = sta->tx_bytes = 0; 2598 for (rate = 0; rate < WLAN_RATE_COUNT; rate++) { 2599 sta->tx_count[rate] = 0; 2600 sta->rx_count[rate] = 0; 2601 } 2602 } 2603 spin_unlock_bh(&ap->sta_table_lock); 2604 2605 if (!sta) 2606 return -ENOENT; 2607 2608 return 0; 2609 } 2610 2611 2612 int prism2_hostapd(struct ap_data *ap, struct prism2_hostapd_param *param) 2613 { 2614 switch (param->cmd) { 2615 case PRISM2_HOSTAPD_FLUSH: 2616 ap_control_kickall(ap); 2617 return 0; 2618 case PRISM2_HOSTAPD_ADD_STA: 2619 return prism2_hostapd_add_sta(ap, param); 2620 case PRISM2_HOSTAPD_REMOVE_STA: 2621 return prism2_hostapd_remove_sta(ap, param); 2622 case PRISM2_HOSTAPD_GET_INFO_STA: 2623 return prism2_hostapd_get_info_sta(ap, param); 2624 case PRISM2_HOSTAPD_SET_FLAGS_STA: 2625 return prism2_hostapd_set_flags_sta(ap, param); 2626 case PRISM2_HOSTAPD_STA_CLEAR_STATS: 2627 return prism2_hostapd_sta_clear_stats(ap, param); 2628 default: 2629 printk(KERN_WARNING "prism2_hostapd: unknown cmd=%d\n", 2630 param->cmd); 2631 return -EOPNOTSUPP; 2632 } 2633 } 2634 2635 2636 /* Update station info for host-based TX rate control and return current 2637 * TX rate */ 2638 static int ap_update_sta_tx_rate(struct sta_info *sta, struct net_device *dev) 2639 { 2640 int ret = sta->tx_rate; 2641 struct hostap_interface *iface; 2642 local_info_t *local; 2643 2644 iface = netdev_priv(dev); 2645 local = iface->local; 2646 2647 sta->tx_count[sta->tx_rate_idx]++; 2648 sta->tx_since_last_failure++; 2649 sta->tx_consecutive_exc = 0; 2650 if (sta->tx_since_last_failure >= WLAN_RATE_UPDATE_COUNT && 2651 sta->tx_rate_idx < sta->tx_max_rate) { 2652 /* use next higher rate */ 2653 int old_rate, new_rate; 2654 old_rate = new_rate = sta->tx_rate_idx; 2655 while (new_rate < sta->tx_max_rate) { 2656 new_rate++; 2657 if (ap_tx_rate_ok(new_rate, sta, local)) { 2658 sta->tx_rate_idx = new_rate; 2659 break; 2660 } 2661 } 2662 if (old_rate != sta->tx_rate_idx) { 2663 switch (sta->tx_rate_idx) { 2664 case 0: sta->tx_rate = 10; break; 2665 case 1: sta->tx_rate = 20; break; 2666 case 2: sta->tx_rate = 55; break; 2667 case 3: sta->tx_rate = 110; break; 2668 default: sta->tx_rate = 0; break; 2669 } 2670 PDEBUG(DEBUG_AP, "%s: STA %pM TX rate raised to %d\n", 2671 dev->name, sta->addr, sta->tx_rate); 2672 } 2673 sta->tx_since_last_failure = 0; 2674 } 2675 2676 return ret; 2677 } 2678 2679 2680 /* Called only from software IRQ. Called for each TX frame prior possible 2681 * encryption and transmit. */ 2682 ap_tx_ret hostap_handle_sta_tx(local_info_t *local, struct hostap_tx_data *tx) 2683 { 2684 struct sta_info *sta = NULL; 2685 struct sk_buff *skb = tx->skb; 2686 int set_tim, ret; 2687 struct ieee80211_hdr *hdr; 2688 struct hostap_skb_tx_data *meta; 2689 2690 meta = (struct hostap_skb_tx_data *) skb->cb; 2691 ret = AP_TX_CONTINUE; 2692 if (local->ap == NULL || skb->len < 10 || 2693 meta->iface->type == HOSTAP_INTERFACE_STA) 2694 goto out; 2695 2696 hdr = (struct ieee80211_hdr *) skb->data; 2697 2698 if (hdr->addr1[0] & 0x01) { 2699 /* broadcast/multicast frame - no AP related processing */ 2700 if (local->ap->num_sta <= 0) 2701 ret = AP_TX_DROP; 2702 goto out; 2703 } 2704 2705 /* unicast packet - check whether destination STA is associated */ 2706 spin_lock(&local->ap->sta_table_lock); 2707 sta = ap_get_sta(local->ap, hdr->addr1); 2708 if (sta) 2709 atomic_inc(&sta->users); 2710 spin_unlock(&local->ap->sta_table_lock); 2711 2712 if (local->iw_mode == IW_MODE_MASTER && sta == NULL && 2713 !(meta->flags & HOSTAP_TX_FLAGS_WDS) && 2714 meta->iface->type != HOSTAP_INTERFACE_MASTER && 2715 meta->iface->type != HOSTAP_INTERFACE_AP) { 2716 #if 0 2717 /* This can happen, e.g., when wlan0 is added to a bridge and 2718 * bridging code does not know which port is the correct target 2719 * for a unicast frame. In this case, the packet is send to all 2720 * ports of the bridge. Since this is a valid scenario, do not 2721 * print out any errors here. */ 2722 if (net_ratelimit()) { 2723 printk(KERN_DEBUG "AP: drop packet to non-associated " 2724 "STA %pM\n", hdr->addr1); 2725 } 2726 #endif 2727 local->ap->tx_drop_nonassoc++; 2728 ret = AP_TX_DROP; 2729 goto out; 2730 } 2731 2732 if (sta == NULL) 2733 goto out; 2734 2735 if (!(sta->flags & WLAN_STA_AUTHORIZED)) 2736 ret = AP_TX_CONTINUE_NOT_AUTHORIZED; 2737 2738 /* Set tx_rate if using host-based TX rate control */ 2739 if (!local->fw_tx_rate_control) 2740 local->ap->last_tx_rate = meta->rate = 2741 ap_update_sta_tx_rate(sta, local->dev); 2742 2743 if (local->iw_mode != IW_MODE_MASTER) 2744 goto out; 2745 2746 if (!(sta->flags & WLAN_STA_PS)) 2747 goto out; 2748 2749 if (meta->flags & HOSTAP_TX_FLAGS_ADD_MOREDATA) { 2750 /* indicate to STA that more frames follow */ 2751 hdr->frame_control |= 2752 cpu_to_le16(IEEE80211_FCTL_MOREDATA); 2753 } 2754 2755 if (meta->flags & HOSTAP_TX_FLAGS_BUFFERED_FRAME) { 2756 /* packet was already buffered and now send due to 2757 * PS poll, so do not rebuffer it */ 2758 goto out; 2759 } 2760 2761 if (skb_queue_len(&sta->tx_buf) >= STA_MAX_TX_BUFFER) { 2762 PDEBUG(DEBUG_PS, "%s: No more space in STA (%pM)'s" 2763 "PS mode buffer\n", 2764 local->dev->name, sta->addr); 2765 /* Make sure that TIM is set for the station (it might not be 2766 * after AP wlan hw reset). */ 2767 /* FIX: should fix hw reset to restore bits based on STA 2768 * buffer state.. */ 2769 hostap_set_tim(local, sta->aid, 1); 2770 sta->flags |= WLAN_STA_TIM; 2771 ret = AP_TX_DROP; 2772 goto out; 2773 } 2774 2775 /* STA in PS mode, buffer frame for later delivery */ 2776 set_tim = skb_queue_empty(&sta->tx_buf); 2777 skb_queue_tail(&sta->tx_buf, skb); 2778 /* FIX: could save RX time to skb and expire buffered frames after 2779 * some time if STA does not poll for them */ 2780 2781 if (set_tim) { 2782 if (sta->flags & WLAN_STA_TIM) 2783 PDEBUG(DEBUG_PS2, "Re-setting TIM for aid %d\n", 2784 sta->aid); 2785 hostap_set_tim(local, sta->aid, 1); 2786 sta->flags |= WLAN_STA_TIM; 2787 } 2788 2789 ret = AP_TX_BUFFERED; 2790 2791 out: 2792 if (sta != NULL) { 2793 if (ret == AP_TX_CONTINUE || 2794 ret == AP_TX_CONTINUE_NOT_AUTHORIZED) { 2795 sta->tx_packets++; 2796 sta->tx_bytes += skb->len; 2797 sta->last_tx = jiffies; 2798 } 2799 2800 if ((ret == AP_TX_CONTINUE || 2801 ret == AP_TX_CONTINUE_NOT_AUTHORIZED) && 2802 sta->crypt && tx->host_encrypt) { 2803 tx->crypt = sta->crypt; 2804 tx->sta_ptr = sta; /* hostap_handle_sta_release() will 2805 * be called to release sta info 2806 * later */ 2807 } else 2808 atomic_dec(&sta->users); 2809 } 2810 2811 return ret; 2812 } 2813 2814 2815 void hostap_handle_sta_release(void *ptr) 2816 { 2817 struct sta_info *sta = ptr; 2818 atomic_dec(&sta->users); 2819 } 2820 2821 2822 /* Called only as a tasklet (software IRQ) */ 2823 void hostap_handle_sta_tx_exc(local_info_t *local, struct sk_buff *skb) 2824 { 2825 struct sta_info *sta; 2826 struct ieee80211_hdr *hdr; 2827 struct hostap_skb_tx_data *meta; 2828 2829 hdr = (struct ieee80211_hdr *) skb->data; 2830 meta = (struct hostap_skb_tx_data *) skb->cb; 2831 2832 spin_lock(&local->ap->sta_table_lock); 2833 sta = ap_get_sta(local->ap, hdr->addr1); 2834 if (!sta) { 2835 spin_unlock(&local->ap->sta_table_lock); 2836 PDEBUG(DEBUG_AP, "%s: Could not find STA %pM" 2837 " for this TX error (@%lu)\n", 2838 local->dev->name, hdr->addr1, jiffies); 2839 return; 2840 } 2841 2842 sta->tx_since_last_failure = 0; 2843 sta->tx_consecutive_exc++; 2844 2845 if (sta->tx_consecutive_exc >= WLAN_RATE_DECREASE_THRESHOLD && 2846 sta->tx_rate_idx > 0 && meta->rate <= sta->tx_rate) { 2847 /* use next lower rate */ 2848 int old, rate; 2849 old = rate = sta->tx_rate_idx; 2850 while (rate > 0) { 2851 rate--; 2852 if (ap_tx_rate_ok(rate, sta, local)) { 2853 sta->tx_rate_idx = rate; 2854 break; 2855 } 2856 } 2857 if (old != sta->tx_rate_idx) { 2858 switch (sta->tx_rate_idx) { 2859 case 0: sta->tx_rate = 10; break; 2860 case 1: sta->tx_rate = 20; break; 2861 case 2: sta->tx_rate = 55; break; 2862 case 3: sta->tx_rate = 110; break; 2863 default: sta->tx_rate = 0; break; 2864 } 2865 PDEBUG(DEBUG_AP, 2866 "%s: STA %pM TX rate lowered to %d\n", 2867 local->dev->name, sta->addr, sta->tx_rate); 2868 } 2869 sta->tx_consecutive_exc = 0; 2870 } 2871 spin_unlock(&local->ap->sta_table_lock); 2872 } 2873 2874 2875 static void hostap_update_sta_ps2(local_info_t *local, struct sta_info *sta, 2876 int pwrmgt, int type, int stype) 2877 { 2878 if (pwrmgt && !(sta->flags & WLAN_STA_PS)) { 2879 sta->flags |= WLAN_STA_PS; 2880 PDEBUG(DEBUG_PS2, "STA %pM changed to use PS " 2881 "mode (type=0x%02X, stype=0x%02X)\n", 2882 sta->addr, type >> 2, stype >> 4); 2883 } else if (!pwrmgt && (sta->flags & WLAN_STA_PS)) { 2884 sta->flags &= ~WLAN_STA_PS; 2885 PDEBUG(DEBUG_PS2, "STA %pM changed to not use " 2886 "PS mode (type=0x%02X, stype=0x%02X)\n", 2887 sta->addr, type >> 2, stype >> 4); 2888 if (type != IEEE80211_FTYPE_CTL || 2889 stype != IEEE80211_STYPE_PSPOLL) 2890 schedule_packet_send(local, sta); 2891 } 2892 } 2893 2894 2895 /* Called only as a tasklet (software IRQ). Called for each RX frame to update 2896 * STA power saving state. pwrmgt is a flag from 802.11 frame_control field. */ 2897 int hostap_update_sta_ps(local_info_t *local, struct ieee80211_hdr *hdr) 2898 { 2899 struct sta_info *sta; 2900 u16 fc; 2901 2902 spin_lock(&local->ap->sta_table_lock); 2903 sta = ap_get_sta(local->ap, hdr->addr2); 2904 if (sta) 2905 atomic_inc(&sta->users); 2906 spin_unlock(&local->ap->sta_table_lock); 2907 2908 if (!sta) 2909 return -1; 2910 2911 fc = le16_to_cpu(hdr->frame_control); 2912 hostap_update_sta_ps2(local, sta, fc & IEEE80211_FCTL_PM, 2913 fc & IEEE80211_FCTL_FTYPE, 2914 fc & IEEE80211_FCTL_STYPE); 2915 2916 atomic_dec(&sta->users); 2917 return 0; 2918 } 2919 2920 2921 /* Called only as a tasklet (software IRQ). Called for each RX frame after 2922 * getting RX header and payload from hardware. */ 2923 ap_rx_ret hostap_handle_sta_rx(local_info_t *local, struct net_device *dev, 2924 struct sk_buff *skb, 2925 struct hostap_80211_rx_status *rx_stats, 2926 int wds) 2927 { 2928 int ret; 2929 struct sta_info *sta; 2930 u16 fc, type, stype; 2931 struct ieee80211_hdr *hdr; 2932 2933 if (local->ap == NULL) 2934 return AP_RX_CONTINUE; 2935 2936 hdr = (struct ieee80211_hdr *) skb->data; 2937 2938 fc = le16_to_cpu(hdr->frame_control); 2939 type = fc & IEEE80211_FCTL_FTYPE; 2940 stype = fc & IEEE80211_FCTL_STYPE; 2941 2942 spin_lock(&local->ap->sta_table_lock); 2943 sta = ap_get_sta(local->ap, hdr->addr2); 2944 if (sta) 2945 atomic_inc(&sta->users); 2946 spin_unlock(&local->ap->sta_table_lock); 2947 2948 if (sta && !(sta->flags & WLAN_STA_AUTHORIZED)) 2949 ret = AP_RX_CONTINUE_NOT_AUTHORIZED; 2950 else 2951 ret = AP_RX_CONTINUE; 2952 2953 2954 if (fc & IEEE80211_FCTL_TODS) { 2955 if (!wds && (sta == NULL || !(sta->flags & WLAN_STA_ASSOC))) { 2956 if (local->hostapd) { 2957 prism2_rx_80211(local->apdev, skb, rx_stats, 2958 PRISM2_RX_NON_ASSOC); 2959 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 2960 } else { 2961 printk(KERN_DEBUG "%s: dropped received packet" 2962 " from non-associated STA %pM" 2963 " (type=0x%02x, subtype=0x%02x)\n", 2964 dev->name, hdr->addr2, 2965 type >> 2, stype >> 4); 2966 hostap_rx(dev, skb, rx_stats); 2967 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 2968 } 2969 ret = AP_RX_EXIT; 2970 goto out; 2971 } 2972 } else if (fc & IEEE80211_FCTL_FROMDS) { 2973 if (!wds) { 2974 /* FromDS frame - not for us; probably 2975 * broadcast/multicast in another BSS - drop */ 2976 if (ether_addr_equal(hdr->addr1, dev->dev_addr)) { 2977 printk(KERN_DEBUG "Odd.. FromDS packet " 2978 "received with own BSSID\n"); 2979 hostap_dump_rx_80211(dev->name, skb, rx_stats); 2980 } 2981 ret = AP_RX_DROP; 2982 goto out; 2983 } 2984 } else if (stype == IEEE80211_STYPE_NULLFUNC && sta == NULL && 2985 ether_addr_equal(hdr->addr1, dev->dev_addr)) { 2986 2987 if (local->hostapd) { 2988 prism2_rx_80211(local->apdev, skb, rx_stats, 2989 PRISM2_RX_NON_ASSOC); 2990 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 2991 } else { 2992 /* At least Lucent f/w seems to send data::nullfunc 2993 * frames with no ToDS flag when the current AP returns 2994 * after being unavailable for some time. Speed up 2995 * re-association by informing the station about it not 2996 * being associated. */ 2997 printk(KERN_DEBUG "%s: rejected received nullfunc frame" 2998 " without ToDS from not associated STA %pM\n", 2999 dev->name, hdr->addr2); 3000 hostap_rx(dev, skb, rx_stats); 3001 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 3002 } 3003 ret = AP_RX_EXIT; 3004 goto out; 3005 } else if (stype == IEEE80211_STYPE_NULLFUNC) { 3006 /* At least Lucent cards seem to send periodic nullfunc 3007 * frames with ToDS. Let these through to update SQ 3008 * stats and PS state. Nullfunc frames do not contain 3009 * any data and they will be dropped below. */ 3010 } else { 3011 /* If BSSID (Addr3) is foreign, this frame is a normal 3012 * broadcast frame from an IBSS network. Drop it silently. 3013 * If BSSID is own, report the dropping of this frame. */ 3014 if (ether_addr_equal(hdr->addr3, dev->dev_addr)) { 3015 printk(KERN_DEBUG "%s: dropped received packet from %pM" 3016 " with no ToDS flag " 3017 "(type=0x%02x, subtype=0x%02x)\n", dev->name, 3018 hdr->addr2, type >> 2, stype >> 4); 3019 hostap_dump_rx_80211(dev->name, skb, rx_stats); 3020 } 3021 ret = AP_RX_DROP; 3022 goto out; 3023 } 3024 3025 if (sta) { 3026 hostap_update_sta_ps2(local, sta, fc & IEEE80211_FCTL_PM, 3027 type, stype); 3028 3029 sta->rx_packets++; 3030 sta->rx_bytes += skb->len; 3031 sta->last_rx = jiffies; 3032 } 3033 3034 if (local->ap->nullfunc_ack && stype == IEEE80211_STYPE_NULLFUNC && 3035 fc & IEEE80211_FCTL_TODS) { 3036 if (local->hostapd) { 3037 prism2_rx_80211(local->apdev, skb, rx_stats, 3038 PRISM2_RX_NULLFUNC_ACK); 3039 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 3040 } else { 3041 /* some STA f/w's seem to require control::ACK frame 3042 * for data::nullfunc, but Prism2 f/w 0.8.0 (at least 3043 * from Compaq) does not send this.. Try to generate 3044 * ACK for these frames from the host driver to make 3045 * power saving work with, e.g., Lucent WaveLAN f/w */ 3046 hostap_rx(dev, skb, rx_stats); 3047 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 3048 } 3049 ret = AP_RX_EXIT; 3050 goto out; 3051 } 3052 3053 out: 3054 if (sta) 3055 atomic_dec(&sta->users); 3056 3057 return ret; 3058 } 3059 3060 3061 /* Called only as a tasklet (software IRQ) */ 3062 int hostap_handle_sta_crypto(local_info_t *local, 3063 struct ieee80211_hdr *hdr, 3064 struct lib80211_crypt_data **crypt, 3065 void **sta_ptr) 3066 { 3067 struct sta_info *sta; 3068 3069 spin_lock(&local->ap->sta_table_lock); 3070 sta = ap_get_sta(local->ap, hdr->addr2); 3071 if (sta) 3072 atomic_inc(&sta->users); 3073 spin_unlock(&local->ap->sta_table_lock); 3074 3075 if (!sta) 3076 return -1; 3077 3078 if (sta->crypt) { 3079 *crypt = sta->crypt; 3080 *sta_ptr = sta; 3081 /* hostap_handle_sta_release() will be called to release STA 3082 * info */ 3083 } else 3084 atomic_dec(&sta->users); 3085 3086 return 0; 3087 } 3088 3089 3090 /* Called only as a tasklet (software IRQ) */ 3091 int hostap_is_sta_assoc(struct ap_data *ap, u8 *sta_addr) 3092 { 3093 struct sta_info *sta; 3094 int ret = 0; 3095 3096 spin_lock(&ap->sta_table_lock); 3097 sta = ap_get_sta(ap, sta_addr); 3098 if (sta != NULL && (sta->flags & WLAN_STA_ASSOC) && !sta->ap) 3099 ret = 1; 3100 spin_unlock(&ap->sta_table_lock); 3101 3102 return ret; 3103 } 3104 3105 3106 /* Called only as a tasklet (software IRQ) */ 3107 int hostap_is_sta_authorized(struct ap_data *ap, u8 *sta_addr) 3108 { 3109 struct sta_info *sta; 3110 int ret = 0; 3111 3112 spin_lock(&ap->sta_table_lock); 3113 sta = ap_get_sta(ap, sta_addr); 3114 if (sta != NULL && (sta->flags & WLAN_STA_ASSOC) && !sta->ap && 3115 ((sta->flags & WLAN_STA_AUTHORIZED) || 3116 ap->local->ieee_802_1x == 0)) 3117 ret = 1; 3118 spin_unlock(&ap->sta_table_lock); 3119 3120 return ret; 3121 } 3122 3123 3124 /* Called only as a tasklet (software IRQ) */ 3125 int hostap_add_sta(struct ap_data *ap, u8 *sta_addr) 3126 { 3127 struct sta_info *sta; 3128 int ret = 1; 3129 3130 if (!ap) 3131 return -1; 3132 3133 spin_lock(&ap->sta_table_lock); 3134 sta = ap_get_sta(ap, sta_addr); 3135 if (sta) 3136 ret = 0; 3137 spin_unlock(&ap->sta_table_lock); 3138 3139 if (ret == 1) { 3140 sta = ap_add_sta(ap, sta_addr); 3141 if (!sta) 3142 return -1; 3143 sta->flags = WLAN_STA_AUTH | WLAN_STA_ASSOC; 3144 sta->ap = 1; 3145 memset(sta->supported_rates, 0, sizeof(sta->supported_rates)); 3146 /* No way of knowing which rates are supported since we did not 3147 * get supported rates element from beacon/assoc req. Assume 3148 * that remote end supports all 802.11b rates. */ 3149 sta->supported_rates[0] = 0x82; 3150 sta->supported_rates[1] = 0x84; 3151 sta->supported_rates[2] = 0x0b; 3152 sta->supported_rates[3] = 0x16; 3153 sta->tx_supp_rates = WLAN_RATE_1M | WLAN_RATE_2M | 3154 WLAN_RATE_5M5 | WLAN_RATE_11M; 3155 sta->tx_rate = 110; 3156 sta->tx_max_rate = sta->tx_rate_idx = 3; 3157 } 3158 3159 return ret; 3160 } 3161 3162 3163 /* Called only as a tasklet (software IRQ) */ 3164 int hostap_update_rx_stats(struct ap_data *ap, 3165 struct ieee80211_hdr *hdr, 3166 struct hostap_80211_rx_status *rx_stats) 3167 { 3168 struct sta_info *sta; 3169 3170 if (!ap) 3171 return -1; 3172 3173 spin_lock(&ap->sta_table_lock); 3174 sta = ap_get_sta(ap, hdr->addr2); 3175 if (sta) { 3176 sta->last_rx_silence = rx_stats->noise; 3177 sta->last_rx_signal = rx_stats->signal; 3178 sta->last_rx_rate = rx_stats->rate; 3179 sta->last_rx_updated = IW_QUAL_ALL_UPDATED | IW_QUAL_DBM; 3180 if (rx_stats->rate == 10) 3181 sta->rx_count[0]++; 3182 else if (rx_stats->rate == 20) 3183 sta->rx_count[1]++; 3184 else if (rx_stats->rate == 55) 3185 sta->rx_count[2]++; 3186 else if (rx_stats->rate == 110) 3187 sta->rx_count[3]++; 3188 } 3189 spin_unlock(&ap->sta_table_lock); 3190 3191 return sta ? 0 : -1; 3192 } 3193 3194 3195 void hostap_update_rates(local_info_t *local) 3196 { 3197 struct sta_info *sta; 3198 struct ap_data *ap = local->ap; 3199 3200 if (!ap) 3201 return; 3202 3203 spin_lock_bh(&ap->sta_table_lock); 3204 list_for_each_entry(sta, &ap->sta_list, list) { 3205 prism2_check_tx_rates(sta); 3206 } 3207 spin_unlock_bh(&ap->sta_table_lock); 3208 } 3209 3210 3211 void * ap_crypt_get_ptrs(struct ap_data *ap, u8 *addr, int permanent, 3212 struct lib80211_crypt_data ***crypt) 3213 { 3214 struct sta_info *sta; 3215 3216 spin_lock_bh(&ap->sta_table_lock); 3217 sta = ap_get_sta(ap, addr); 3218 if (sta) 3219 atomic_inc(&sta->users); 3220 spin_unlock_bh(&ap->sta_table_lock); 3221 3222 if (!sta && permanent) 3223 sta = ap_add_sta(ap, addr); 3224 3225 if (!sta) 3226 return NULL; 3227 3228 if (permanent) 3229 sta->flags |= WLAN_STA_PERM; 3230 3231 *crypt = &sta->crypt; 3232 3233 return sta; 3234 } 3235 3236 3237 void hostap_add_wds_links(local_info_t *local) 3238 { 3239 struct ap_data *ap = local->ap; 3240 struct sta_info *sta; 3241 3242 spin_lock_bh(&ap->sta_table_lock); 3243 list_for_each_entry(sta, &ap->sta_list, list) { 3244 if (sta->ap) 3245 hostap_wds_link_oper(local, sta->addr, WDS_ADD); 3246 } 3247 spin_unlock_bh(&ap->sta_table_lock); 3248 3249 schedule_work(&local->ap->wds_oper_queue); 3250 } 3251 3252 3253 void hostap_wds_link_oper(local_info_t *local, u8 *addr, wds_oper_type type) 3254 { 3255 struct wds_oper_data *entry; 3256 3257 entry = kmalloc(sizeof(*entry), GFP_ATOMIC); 3258 if (!entry) 3259 return; 3260 memcpy(entry->addr, addr, ETH_ALEN); 3261 entry->type = type; 3262 spin_lock_bh(&local->lock); 3263 entry->next = local->ap->wds_oper_entries; 3264 local->ap->wds_oper_entries = entry; 3265 spin_unlock_bh(&local->lock); 3266 3267 schedule_work(&local->ap->wds_oper_queue); 3268 } 3269 3270 3271 EXPORT_SYMBOL(hostap_init_data); 3272 EXPORT_SYMBOL(hostap_init_ap_proc); 3273 EXPORT_SYMBOL(hostap_free_data); 3274 EXPORT_SYMBOL(hostap_check_sta_fw_version); 3275 EXPORT_SYMBOL(hostap_handle_sta_tx_exc); 3276 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 3277 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 3278