1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Intersil Prism2 driver with Host AP (software access point) support 4 * Copyright (c) 2001-2002, SSH Communications Security Corp and Jouni Malinen 5 * <j@w1.fi> 6 * Copyright (c) 2002-2005, Jouni Malinen <j@w1.fi> 7 * 8 * This file is to be included into hostap.c when S/W AP functionality is 9 * compiled. 10 * 11 * AP: FIX: 12 * - if unicast Class 2 (assoc,reassoc,disassoc) frame received from 13 * unauthenticated STA, send deauth. frame (8802.11: 5.5) 14 * - if unicast Class 3 (data with to/from DS,deauth,pspoll) frame received 15 * from authenticated, but unassoc STA, send disassoc frame (8802.11: 5.5) 16 * - if unicast Class 3 received from unauthenticated STA, send deauth. frame 17 * (8802.11: 5.5) 18 */ 19 20 #include <linux/proc_fs.h> 21 #include <linux/seq_file.h> 22 #include <linux/delay.h> 23 #include <linux/random.h> 24 #include <linux/if_arp.h> 25 #include <linux/slab.h> 26 #include <linux/export.h> 27 #include <linux/moduleparam.h> 28 #include <linux/etherdevice.h> 29 30 #include "hostap_wlan.h" 31 #include "hostap.h" 32 #include "hostap_ap.h" 33 34 static int other_ap_policy[MAX_PARM_DEVICES] = { AP_OTHER_AP_SKIP_ALL, 35 DEF_INTS }; 36 module_param_array(other_ap_policy, int, NULL, 0444); 37 MODULE_PARM_DESC(other_ap_policy, "Other AP beacon monitoring policy (0-3)"); 38 39 static int ap_max_inactivity[MAX_PARM_DEVICES] = { AP_MAX_INACTIVITY_SEC, 40 DEF_INTS }; 41 module_param_array(ap_max_inactivity, int, NULL, 0444); 42 MODULE_PARM_DESC(ap_max_inactivity, "AP timeout (in seconds) for station " 43 "inactivity"); 44 45 static int ap_bridge_packets[MAX_PARM_DEVICES] = { 1, DEF_INTS }; 46 module_param_array(ap_bridge_packets, int, NULL, 0444); 47 MODULE_PARM_DESC(ap_bridge_packets, "Bridge packets directly between " 48 "stations"); 49 50 static int autom_ap_wds[MAX_PARM_DEVICES] = { 0, DEF_INTS }; 51 module_param_array(autom_ap_wds, int, NULL, 0444); 52 MODULE_PARM_DESC(autom_ap_wds, "Add WDS connections to other APs " 53 "automatically"); 54 55 56 static struct sta_info* ap_get_sta(struct ap_data *ap, u8 *sta); 57 static void hostap_event_expired_sta(struct net_device *dev, 58 struct sta_info *sta); 59 static void handle_add_proc_queue(struct work_struct *work); 60 61 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 62 static void handle_wds_oper_queue(struct work_struct *work); 63 static void prism2_send_mgmt(struct net_device *dev, 64 u16 type_subtype, char *body, 65 int body_len, u8 *addr, u16 tx_cb_idx); 66 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 67 68 69 #ifndef PRISM2_NO_PROCFS_DEBUG 70 static int ap_debug_proc_show(struct seq_file *m, void *v) 71 { 72 struct ap_data *ap = m->private; 73 74 seq_printf(m, "BridgedUnicastFrames=%u\n", ap->bridged_unicast); 75 seq_printf(m, "BridgedMulticastFrames=%u\n", ap->bridged_multicast); 76 seq_printf(m, "max_inactivity=%u\n", ap->max_inactivity / HZ); 77 seq_printf(m, "bridge_packets=%u\n", ap->bridge_packets); 78 seq_printf(m, "nullfunc_ack=%u\n", ap->nullfunc_ack); 79 seq_printf(m, "autom_ap_wds=%u\n", ap->autom_ap_wds); 80 seq_printf(m, "auth_algs=%u\n", ap->local->auth_algs); 81 seq_printf(m, "tx_drop_nonassoc=%u\n", ap->tx_drop_nonassoc); 82 return 0; 83 } 84 85 static int ap_debug_proc_open(struct inode *inode, struct file *file) 86 { 87 return single_open(file, ap_debug_proc_show, PDE_DATA(inode)); 88 } 89 90 static const struct file_operations ap_debug_proc_fops = { 91 .open = ap_debug_proc_open, 92 .read = seq_read, 93 .llseek = seq_lseek, 94 .release = single_release, 95 }; 96 #endif /* PRISM2_NO_PROCFS_DEBUG */ 97 98 99 static void ap_sta_hash_add(struct ap_data *ap, struct sta_info *sta) 100 { 101 sta->hnext = ap->sta_hash[STA_HASH(sta->addr)]; 102 ap->sta_hash[STA_HASH(sta->addr)] = sta; 103 } 104 105 static void ap_sta_hash_del(struct ap_data *ap, struct sta_info *sta) 106 { 107 struct sta_info *s; 108 109 s = ap->sta_hash[STA_HASH(sta->addr)]; 110 if (s == NULL) return; 111 if (ether_addr_equal(s->addr, sta->addr)) { 112 ap->sta_hash[STA_HASH(sta->addr)] = s->hnext; 113 return; 114 } 115 116 while (s->hnext != NULL && !ether_addr_equal(s->hnext->addr, sta->addr)) 117 s = s->hnext; 118 if (s->hnext != NULL) 119 s->hnext = s->hnext->hnext; 120 else 121 printk("AP: could not remove STA %pM from hash table\n", 122 sta->addr); 123 } 124 125 static void ap_free_sta(struct ap_data *ap, struct sta_info *sta) 126 { 127 if (sta->ap && sta->local) 128 hostap_event_expired_sta(sta->local->dev, sta); 129 130 if (ap->proc != NULL) { 131 char name[20]; 132 sprintf(name, "%pM", sta->addr); 133 remove_proc_entry(name, ap->proc); 134 } 135 136 if (sta->crypt) { 137 sta->crypt->ops->deinit(sta->crypt->priv); 138 kfree(sta->crypt); 139 sta->crypt = NULL; 140 } 141 142 skb_queue_purge(&sta->tx_buf); 143 144 ap->num_sta--; 145 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 146 if (sta->aid > 0) 147 ap->sta_aid[sta->aid - 1] = NULL; 148 149 if (!sta->ap) 150 kfree(sta->u.sta.challenge); 151 del_timer_sync(&sta->timer); 152 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 153 154 kfree(sta); 155 } 156 157 158 static void hostap_set_tim(local_info_t *local, int aid, int set) 159 { 160 if (local->func->set_tim) 161 local->func->set_tim(local->dev, aid, set); 162 } 163 164 165 static void hostap_event_new_sta(struct net_device *dev, struct sta_info *sta) 166 { 167 union iwreq_data wrqu; 168 memset(&wrqu, 0, sizeof(wrqu)); 169 memcpy(wrqu.addr.sa_data, sta->addr, ETH_ALEN); 170 wrqu.addr.sa_family = ARPHRD_ETHER; 171 wireless_send_event(dev, IWEVREGISTERED, &wrqu, NULL); 172 } 173 174 175 static void hostap_event_expired_sta(struct net_device *dev, 176 struct sta_info *sta) 177 { 178 union iwreq_data wrqu; 179 memset(&wrqu, 0, sizeof(wrqu)); 180 memcpy(wrqu.addr.sa_data, sta->addr, ETH_ALEN); 181 wrqu.addr.sa_family = ARPHRD_ETHER; 182 wireless_send_event(dev, IWEVEXPIRED, &wrqu, NULL); 183 } 184 185 186 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 187 188 static void ap_handle_timer(unsigned long data) 189 { 190 struct sta_info *sta = (struct sta_info *) data; 191 local_info_t *local; 192 struct ap_data *ap; 193 unsigned long next_time = 0; 194 int was_assoc; 195 196 if (sta == NULL || sta->local == NULL || sta->local->ap == NULL) { 197 PDEBUG(DEBUG_AP, "ap_handle_timer() called with NULL data\n"); 198 return; 199 } 200 201 local = sta->local; 202 ap = local->ap; 203 was_assoc = sta->flags & WLAN_STA_ASSOC; 204 205 if (atomic_read(&sta->users) != 0) 206 next_time = jiffies + HZ; 207 else if ((sta->flags & WLAN_STA_PERM) && !(sta->flags & WLAN_STA_AUTH)) 208 next_time = jiffies + ap->max_inactivity; 209 210 if (time_before(jiffies, sta->last_rx + ap->max_inactivity)) { 211 /* station activity detected; reset timeout state */ 212 sta->timeout_next = STA_NULLFUNC; 213 next_time = sta->last_rx + ap->max_inactivity; 214 } else if (sta->timeout_next == STA_DISASSOC && 215 !(sta->flags & WLAN_STA_PENDING_POLL)) { 216 /* STA ACKed data nullfunc frame poll */ 217 sta->timeout_next = STA_NULLFUNC; 218 next_time = jiffies + ap->max_inactivity; 219 } 220 221 if (next_time) { 222 sta->timer.expires = next_time; 223 add_timer(&sta->timer); 224 return; 225 } 226 227 if (sta->ap) 228 sta->timeout_next = STA_DEAUTH; 229 230 if (sta->timeout_next == STA_DEAUTH && !(sta->flags & WLAN_STA_PERM)) { 231 spin_lock(&ap->sta_table_lock); 232 ap_sta_hash_del(ap, sta); 233 list_del(&sta->list); 234 spin_unlock(&ap->sta_table_lock); 235 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC); 236 } else if (sta->timeout_next == STA_DISASSOC) 237 sta->flags &= ~WLAN_STA_ASSOC; 238 239 if (was_assoc && !(sta->flags & WLAN_STA_ASSOC) && !sta->ap) 240 hostap_event_expired_sta(local->dev, sta); 241 242 if (sta->timeout_next == STA_DEAUTH && sta->aid > 0 && 243 !skb_queue_empty(&sta->tx_buf)) { 244 hostap_set_tim(local, sta->aid, 0); 245 sta->flags &= ~WLAN_STA_TIM; 246 } 247 248 if (sta->ap) { 249 if (ap->autom_ap_wds) { 250 PDEBUG(DEBUG_AP, "%s: removing automatic WDS " 251 "connection to AP %pM\n", 252 local->dev->name, sta->addr); 253 hostap_wds_link_oper(local, sta->addr, WDS_DEL); 254 } 255 } else if (sta->timeout_next == STA_NULLFUNC) { 256 /* send data frame to poll STA and check whether this frame 257 * is ACKed */ 258 /* FIX: IEEE80211_STYPE_NULLFUNC would be more appropriate, but 259 * it is apparently not retried so TX Exc events are not 260 * received for it */ 261 sta->flags |= WLAN_STA_PENDING_POLL; 262 prism2_send_mgmt(local->dev, IEEE80211_FTYPE_DATA | 263 IEEE80211_STYPE_DATA, NULL, 0, 264 sta->addr, ap->tx_callback_poll); 265 } else { 266 int deauth = sta->timeout_next == STA_DEAUTH; 267 __le16 resp; 268 PDEBUG(DEBUG_AP, "%s: sending %s info to STA %pM" 269 "(last=%lu, jiffies=%lu)\n", 270 local->dev->name, 271 deauth ? "deauthentication" : "disassociation", 272 sta->addr, sta->last_rx, jiffies); 273 274 resp = cpu_to_le16(deauth ? WLAN_REASON_PREV_AUTH_NOT_VALID : 275 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY); 276 prism2_send_mgmt(local->dev, IEEE80211_FTYPE_MGMT | 277 (deauth ? IEEE80211_STYPE_DEAUTH : 278 IEEE80211_STYPE_DISASSOC), 279 (char *) &resp, 2, sta->addr, 0); 280 } 281 282 if (sta->timeout_next == STA_DEAUTH) { 283 if (sta->flags & WLAN_STA_PERM) { 284 PDEBUG(DEBUG_AP, "%s: STA %pM" 285 " would have been removed, " 286 "but it has 'perm' flag\n", 287 local->dev->name, sta->addr); 288 } else 289 ap_free_sta(ap, sta); 290 return; 291 } 292 293 if (sta->timeout_next == STA_NULLFUNC) { 294 sta->timeout_next = STA_DISASSOC; 295 sta->timer.expires = jiffies + AP_DISASSOC_DELAY; 296 } else { 297 sta->timeout_next = STA_DEAUTH; 298 sta->timer.expires = jiffies + AP_DEAUTH_DELAY; 299 } 300 301 add_timer(&sta->timer); 302 } 303 304 305 void hostap_deauth_all_stas(struct net_device *dev, struct ap_data *ap, 306 int resend) 307 { 308 u8 addr[ETH_ALEN]; 309 __le16 resp; 310 int i; 311 312 PDEBUG(DEBUG_AP, "%s: Deauthenticate all stations\n", dev->name); 313 eth_broadcast_addr(addr); 314 315 resp = cpu_to_le16(WLAN_REASON_PREV_AUTH_NOT_VALID); 316 317 /* deauth message sent; try to resend it few times; the message is 318 * broadcast, so it may be delayed until next DTIM; there is not much 319 * else we can do at this point since the driver is going to be shut 320 * down */ 321 for (i = 0; i < 5; i++) { 322 prism2_send_mgmt(dev, IEEE80211_FTYPE_MGMT | 323 IEEE80211_STYPE_DEAUTH, 324 (char *) &resp, 2, addr, 0); 325 326 if (!resend || ap->num_sta <= 0) 327 return; 328 329 mdelay(50); 330 } 331 } 332 333 334 static int ap_control_proc_show(struct seq_file *m, void *v) 335 { 336 struct ap_data *ap = m->private; 337 char *policy_txt; 338 struct mac_entry *entry; 339 340 if (v == SEQ_START_TOKEN) { 341 switch (ap->mac_restrictions.policy) { 342 case MAC_POLICY_OPEN: 343 policy_txt = "open"; 344 break; 345 case MAC_POLICY_ALLOW: 346 policy_txt = "allow"; 347 break; 348 case MAC_POLICY_DENY: 349 policy_txt = "deny"; 350 break; 351 default: 352 policy_txt = "unknown"; 353 break; 354 } 355 seq_printf(m, "MAC policy: %s\n", policy_txt); 356 seq_printf(m, "MAC entries: %u\n", ap->mac_restrictions.entries); 357 seq_puts(m, "MAC list:\n"); 358 return 0; 359 } 360 361 entry = v; 362 seq_printf(m, "%pM\n", entry->addr); 363 return 0; 364 } 365 366 static void *ap_control_proc_start(struct seq_file *m, loff_t *_pos) 367 { 368 struct ap_data *ap = m->private; 369 spin_lock_bh(&ap->mac_restrictions.lock); 370 return seq_list_start_head(&ap->mac_restrictions.mac_list, *_pos); 371 } 372 373 static void *ap_control_proc_next(struct seq_file *m, void *v, loff_t *_pos) 374 { 375 struct ap_data *ap = m->private; 376 return seq_list_next(v, &ap->mac_restrictions.mac_list, _pos); 377 } 378 379 static void ap_control_proc_stop(struct seq_file *m, void *v) 380 { 381 struct ap_data *ap = m->private; 382 spin_unlock_bh(&ap->mac_restrictions.lock); 383 } 384 385 static const struct seq_operations ap_control_proc_seqops = { 386 .start = ap_control_proc_start, 387 .next = ap_control_proc_next, 388 .stop = ap_control_proc_stop, 389 .show = ap_control_proc_show, 390 }; 391 392 static int ap_control_proc_open(struct inode *inode, struct file *file) 393 { 394 int ret = seq_open(file, &ap_control_proc_seqops); 395 if (ret == 0) { 396 struct seq_file *m = file->private_data; 397 m->private = PDE_DATA(inode); 398 } 399 return ret; 400 } 401 402 static const struct file_operations ap_control_proc_fops = { 403 .open = ap_control_proc_open, 404 .read = seq_read, 405 .llseek = seq_lseek, 406 .release = seq_release, 407 }; 408 409 410 int ap_control_add_mac(struct mac_restrictions *mac_restrictions, u8 *mac) 411 { 412 struct mac_entry *entry; 413 414 entry = kmalloc(sizeof(struct mac_entry), GFP_KERNEL); 415 if (entry == NULL) 416 return -ENOMEM; 417 418 memcpy(entry->addr, mac, ETH_ALEN); 419 420 spin_lock_bh(&mac_restrictions->lock); 421 list_add_tail(&entry->list, &mac_restrictions->mac_list); 422 mac_restrictions->entries++; 423 spin_unlock_bh(&mac_restrictions->lock); 424 425 return 0; 426 } 427 428 429 int ap_control_del_mac(struct mac_restrictions *mac_restrictions, u8 *mac) 430 { 431 struct list_head *ptr; 432 struct mac_entry *entry; 433 434 spin_lock_bh(&mac_restrictions->lock); 435 for (ptr = mac_restrictions->mac_list.next; 436 ptr != &mac_restrictions->mac_list; ptr = ptr->next) { 437 entry = list_entry(ptr, struct mac_entry, list); 438 439 if (ether_addr_equal(entry->addr, mac)) { 440 list_del(ptr); 441 kfree(entry); 442 mac_restrictions->entries--; 443 spin_unlock_bh(&mac_restrictions->lock); 444 return 0; 445 } 446 } 447 spin_unlock_bh(&mac_restrictions->lock); 448 return -1; 449 } 450 451 452 static int ap_control_mac_deny(struct mac_restrictions *mac_restrictions, 453 u8 *mac) 454 { 455 struct mac_entry *entry; 456 int found = 0; 457 458 if (mac_restrictions->policy == MAC_POLICY_OPEN) 459 return 0; 460 461 spin_lock_bh(&mac_restrictions->lock); 462 list_for_each_entry(entry, &mac_restrictions->mac_list, list) { 463 if (ether_addr_equal(entry->addr, mac)) { 464 found = 1; 465 break; 466 } 467 } 468 spin_unlock_bh(&mac_restrictions->lock); 469 470 if (mac_restrictions->policy == MAC_POLICY_ALLOW) 471 return !found; 472 else 473 return found; 474 } 475 476 477 void ap_control_flush_macs(struct mac_restrictions *mac_restrictions) 478 { 479 struct list_head *ptr, *n; 480 struct mac_entry *entry; 481 482 if (mac_restrictions->entries == 0) 483 return; 484 485 spin_lock_bh(&mac_restrictions->lock); 486 for (ptr = mac_restrictions->mac_list.next, n = ptr->next; 487 ptr != &mac_restrictions->mac_list; 488 ptr = n, n = ptr->next) { 489 entry = list_entry(ptr, struct mac_entry, list); 490 list_del(ptr); 491 kfree(entry); 492 } 493 mac_restrictions->entries = 0; 494 spin_unlock_bh(&mac_restrictions->lock); 495 } 496 497 498 int ap_control_kick_mac(struct ap_data *ap, struct net_device *dev, u8 *mac) 499 { 500 struct sta_info *sta; 501 __le16 resp; 502 503 spin_lock_bh(&ap->sta_table_lock); 504 sta = ap_get_sta(ap, mac); 505 if (sta) { 506 ap_sta_hash_del(ap, sta); 507 list_del(&sta->list); 508 } 509 spin_unlock_bh(&ap->sta_table_lock); 510 511 if (!sta) 512 return -EINVAL; 513 514 resp = cpu_to_le16(WLAN_REASON_PREV_AUTH_NOT_VALID); 515 prism2_send_mgmt(dev, IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_DEAUTH, 516 (char *) &resp, 2, sta->addr, 0); 517 518 if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap) 519 hostap_event_expired_sta(dev, sta); 520 521 ap_free_sta(ap, sta); 522 523 return 0; 524 } 525 526 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 527 528 529 void ap_control_kickall(struct ap_data *ap) 530 { 531 struct list_head *ptr, *n; 532 struct sta_info *sta; 533 534 spin_lock_bh(&ap->sta_table_lock); 535 for (ptr = ap->sta_list.next, n = ptr->next; ptr != &ap->sta_list; 536 ptr = n, n = ptr->next) { 537 sta = list_entry(ptr, struct sta_info, list); 538 ap_sta_hash_del(ap, sta); 539 list_del(&sta->list); 540 if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap && sta->local) 541 hostap_event_expired_sta(sta->local->dev, sta); 542 ap_free_sta(ap, sta); 543 } 544 spin_unlock_bh(&ap->sta_table_lock); 545 } 546 547 548 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 549 550 static int prism2_ap_proc_show(struct seq_file *m, void *v) 551 { 552 struct sta_info *sta = v; 553 int i; 554 555 if (v == SEQ_START_TOKEN) { 556 seq_printf(m, "# BSSID CHAN SIGNAL NOISE RATE SSID FLAGS\n"); 557 return 0; 558 } 559 560 if (!sta->ap) 561 return 0; 562 563 seq_printf(m, "%pM %d %d %d %d '", 564 sta->addr, 565 sta->u.ap.channel, sta->last_rx_signal, 566 sta->last_rx_silence, sta->last_rx_rate); 567 568 for (i = 0; i < sta->u.ap.ssid_len; i++) { 569 if (sta->u.ap.ssid[i] >= 32 && sta->u.ap.ssid[i] < 127) 570 seq_putc(m, sta->u.ap.ssid[i]); 571 else 572 seq_printf(m, "<%02x>", sta->u.ap.ssid[i]); 573 } 574 575 seq_putc(m, '\''); 576 if (sta->capability & WLAN_CAPABILITY_ESS) 577 seq_puts(m, " [ESS]"); 578 if (sta->capability & WLAN_CAPABILITY_IBSS) 579 seq_puts(m, " [IBSS]"); 580 if (sta->capability & WLAN_CAPABILITY_PRIVACY) 581 seq_puts(m, " [WEP]"); 582 seq_putc(m, '\n'); 583 return 0; 584 } 585 586 static void *prism2_ap_proc_start(struct seq_file *m, loff_t *_pos) 587 { 588 struct ap_data *ap = m->private; 589 spin_lock_bh(&ap->sta_table_lock); 590 return seq_list_start_head(&ap->sta_list, *_pos); 591 } 592 593 static void *prism2_ap_proc_next(struct seq_file *m, void *v, loff_t *_pos) 594 { 595 struct ap_data *ap = m->private; 596 return seq_list_next(v, &ap->sta_list, _pos); 597 } 598 599 static void prism2_ap_proc_stop(struct seq_file *m, void *v) 600 { 601 struct ap_data *ap = m->private; 602 spin_unlock_bh(&ap->sta_table_lock); 603 } 604 605 static const struct seq_operations prism2_ap_proc_seqops = { 606 .start = prism2_ap_proc_start, 607 .next = prism2_ap_proc_next, 608 .stop = prism2_ap_proc_stop, 609 .show = prism2_ap_proc_show, 610 }; 611 612 static int prism2_ap_proc_open(struct inode *inode, struct file *file) 613 { 614 int ret = seq_open(file, &prism2_ap_proc_seqops); 615 if (ret == 0) { 616 struct seq_file *m = file->private_data; 617 m->private = PDE_DATA(inode); 618 } 619 return ret; 620 } 621 622 static const struct file_operations prism2_ap_proc_fops = { 623 .open = prism2_ap_proc_open, 624 .read = seq_read, 625 .llseek = seq_lseek, 626 .release = seq_release, 627 }; 628 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 629 630 631 void hostap_check_sta_fw_version(struct ap_data *ap, int sta_fw_ver) 632 { 633 if (!ap) 634 return; 635 636 if (sta_fw_ver == PRISM2_FW_VER(0,8,0)) { 637 PDEBUG(DEBUG_AP, "Using data::nullfunc ACK workaround - " 638 "firmware upgrade recommended\n"); 639 ap->nullfunc_ack = 1; 640 } else 641 ap->nullfunc_ack = 0; 642 643 if (sta_fw_ver == PRISM2_FW_VER(1,4,2)) { 644 printk(KERN_WARNING "%s: Warning: secondary station firmware " 645 "version 1.4.2 does not seem to work in Host AP mode\n", 646 ap->local->dev->name); 647 } 648 } 649 650 651 /* Called only as a tasklet (software IRQ) */ 652 static void hostap_ap_tx_cb(struct sk_buff *skb, int ok, void *data) 653 { 654 struct ap_data *ap = data; 655 struct ieee80211_hdr *hdr; 656 657 if (!ap->local->hostapd || !ap->local->apdev) { 658 dev_kfree_skb(skb); 659 return; 660 } 661 662 /* Pass the TX callback frame to the hostapd; use 802.11 header version 663 * 1 to indicate failure (no ACK) and 2 success (frame ACKed) */ 664 665 hdr = (struct ieee80211_hdr *) skb->data; 666 hdr->frame_control &= cpu_to_le16(~IEEE80211_FCTL_VERS); 667 hdr->frame_control |= cpu_to_le16(ok ? BIT(1) : BIT(0)); 668 669 skb->dev = ap->local->apdev; 670 skb_pull(skb, hostap_80211_get_hdrlen(hdr->frame_control)); 671 skb->pkt_type = PACKET_OTHERHOST; 672 skb->protocol = cpu_to_be16(ETH_P_802_2); 673 memset(skb->cb, 0, sizeof(skb->cb)); 674 netif_rx(skb); 675 } 676 677 678 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 679 /* Called only as a tasklet (software IRQ) */ 680 static void hostap_ap_tx_cb_auth(struct sk_buff *skb, int ok, void *data) 681 { 682 struct ap_data *ap = data; 683 struct net_device *dev = ap->local->dev; 684 struct ieee80211_hdr *hdr; 685 u16 auth_alg, auth_transaction, status; 686 __le16 *pos; 687 struct sta_info *sta = NULL; 688 char *txt = NULL; 689 690 if (ap->local->hostapd) { 691 dev_kfree_skb(skb); 692 return; 693 } 694 695 hdr = (struct ieee80211_hdr *) skb->data; 696 if (!ieee80211_is_auth(hdr->frame_control) || 697 skb->len < IEEE80211_MGMT_HDR_LEN + 6) { 698 printk(KERN_DEBUG "%s: hostap_ap_tx_cb_auth received invalid " 699 "frame\n", dev->name); 700 dev_kfree_skb(skb); 701 return; 702 } 703 704 pos = (__le16 *) (skb->data + IEEE80211_MGMT_HDR_LEN); 705 auth_alg = le16_to_cpu(*pos++); 706 auth_transaction = le16_to_cpu(*pos++); 707 status = le16_to_cpu(*pos++); 708 709 if (!ok) { 710 txt = "frame was not ACKed"; 711 goto done; 712 } 713 714 spin_lock(&ap->sta_table_lock); 715 sta = ap_get_sta(ap, hdr->addr1); 716 if (sta) 717 atomic_inc(&sta->users); 718 spin_unlock(&ap->sta_table_lock); 719 720 if (!sta) { 721 txt = "STA not found"; 722 goto done; 723 } 724 725 if (status == WLAN_STATUS_SUCCESS && 726 ((auth_alg == WLAN_AUTH_OPEN && auth_transaction == 2) || 727 (auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 4))) { 728 txt = "STA authenticated"; 729 sta->flags |= WLAN_STA_AUTH; 730 sta->last_auth = jiffies; 731 } else if (status != WLAN_STATUS_SUCCESS) 732 txt = "authentication failed"; 733 734 done: 735 if (sta) 736 atomic_dec(&sta->users); 737 if (txt) { 738 PDEBUG(DEBUG_AP, "%s: %pM auth_cb - alg=%d " 739 "trans#=%d status=%d - %s\n", 740 dev->name, hdr->addr1, 741 auth_alg, auth_transaction, status, txt); 742 } 743 dev_kfree_skb(skb); 744 } 745 746 747 /* Called only as a tasklet (software IRQ) */ 748 static void hostap_ap_tx_cb_assoc(struct sk_buff *skb, int ok, void *data) 749 { 750 struct ap_data *ap = data; 751 struct net_device *dev = ap->local->dev; 752 struct ieee80211_hdr *hdr; 753 u16 status; 754 __le16 *pos; 755 struct sta_info *sta = NULL; 756 char *txt = NULL; 757 758 if (ap->local->hostapd) { 759 dev_kfree_skb(skb); 760 return; 761 } 762 763 hdr = (struct ieee80211_hdr *) skb->data; 764 if ((!ieee80211_is_assoc_resp(hdr->frame_control) && 765 !ieee80211_is_reassoc_resp(hdr->frame_control)) || 766 skb->len < IEEE80211_MGMT_HDR_LEN + 4) { 767 printk(KERN_DEBUG "%s: hostap_ap_tx_cb_assoc received invalid " 768 "frame\n", dev->name); 769 dev_kfree_skb(skb); 770 return; 771 } 772 773 if (!ok) { 774 txt = "frame was not ACKed"; 775 goto done; 776 } 777 778 spin_lock(&ap->sta_table_lock); 779 sta = ap_get_sta(ap, hdr->addr1); 780 if (sta) 781 atomic_inc(&sta->users); 782 spin_unlock(&ap->sta_table_lock); 783 784 if (!sta) { 785 txt = "STA not found"; 786 goto done; 787 } 788 789 pos = (__le16 *) (skb->data + IEEE80211_MGMT_HDR_LEN); 790 pos++; 791 status = le16_to_cpu(*pos++); 792 if (status == WLAN_STATUS_SUCCESS) { 793 if (!(sta->flags & WLAN_STA_ASSOC)) 794 hostap_event_new_sta(dev, sta); 795 txt = "STA associated"; 796 sta->flags |= WLAN_STA_ASSOC; 797 sta->last_assoc = jiffies; 798 } else 799 txt = "association failed"; 800 801 done: 802 if (sta) 803 atomic_dec(&sta->users); 804 if (txt) { 805 PDEBUG(DEBUG_AP, "%s: %pM assoc_cb - %s\n", 806 dev->name, hdr->addr1, txt); 807 } 808 dev_kfree_skb(skb); 809 } 810 811 /* Called only as a tasklet (software IRQ); TX callback for poll frames used 812 * in verifying whether the STA is still present. */ 813 static void hostap_ap_tx_cb_poll(struct sk_buff *skb, int ok, void *data) 814 { 815 struct ap_data *ap = data; 816 struct ieee80211_hdr *hdr; 817 struct sta_info *sta; 818 819 if (skb->len < 24) 820 goto fail; 821 hdr = (struct ieee80211_hdr *) skb->data; 822 if (ok) { 823 spin_lock(&ap->sta_table_lock); 824 sta = ap_get_sta(ap, hdr->addr1); 825 if (sta) 826 sta->flags &= ~WLAN_STA_PENDING_POLL; 827 spin_unlock(&ap->sta_table_lock); 828 } else { 829 PDEBUG(DEBUG_AP, 830 "%s: STA %pM did not ACK activity poll frame\n", 831 ap->local->dev->name, hdr->addr1); 832 } 833 834 fail: 835 dev_kfree_skb(skb); 836 } 837 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 838 839 840 void hostap_init_data(local_info_t *local) 841 { 842 struct ap_data *ap = local->ap; 843 844 if (ap == NULL) { 845 printk(KERN_WARNING "hostap_init_data: ap == NULL\n"); 846 return; 847 } 848 memset(ap, 0, sizeof(struct ap_data)); 849 ap->local = local; 850 851 ap->ap_policy = GET_INT_PARM(other_ap_policy, local->card_idx); 852 ap->bridge_packets = GET_INT_PARM(ap_bridge_packets, local->card_idx); 853 ap->max_inactivity = 854 GET_INT_PARM(ap_max_inactivity, local->card_idx) * HZ; 855 ap->autom_ap_wds = GET_INT_PARM(autom_ap_wds, local->card_idx); 856 857 spin_lock_init(&ap->sta_table_lock); 858 INIT_LIST_HEAD(&ap->sta_list); 859 860 /* Initialize task queue structure for AP management */ 861 INIT_WORK(&local->ap->add_sta_proc_queue, handle_add_proc_queue); 862 863 ap->tx_callback_idx = 864 hostap_tx_callback_register(local, hostap_ap_tx_cb, ap); 865 if (ap->tx_callback_idx == 0) 866 printk(KERN_WARNING "%s: failed to register TX callback for " 867 "AP\n", local->dev->name); 868 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 869 INIT_WORK(&local->ap->wds_oper_queue, handle_wds_oper_queue); 870 871 ap->tx_callback_auth = 872 hostap_tx_callback_register(local, hostap_ap_tx_cb_auth, ap); 873 ap->tx_callback_assoc = 874 hostap_tx_callback_register(local, hostap_ap_tx_cb_assoc, ap); 875 ap->tx_callback_poll = 876 hostap_tx_callback_register(local, hostap_ap_tx_cb_poll, ap); 877 if (ap->tx_callback_auth == 0 || ap->tx_callback_assoc == 0 || 878 ap->tx_callback_poll == 0) 879 printk(KERN_WARNING "%s: failed to register TX callback for " 880 "AP\n", local->dev->name); 881 882 spin_lock_init(&ap->mac_restrictions.lock); 883 INIT_LIST_HEAD(&ap->mac_restrictions.mac_list); 884 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 885 886 ap->initialized = 1; 887 } 888 889 890 void hostap_init_ap_proc(local_info_t *local) 891 { 892 struct ap_data *ap = local->ap; 893 894 ap->proc = local->proc; 895 if (ap->proc == NULL) 896 return; 897 898 #ifndef PRISM2_NO_PROCFS_DEBUG 899 proc_create_data("ap_debug", 0, ap->proc, &ap_debug_proc_fops, ap); 900 #endif /* PRISM2_NO_PROCFS_DEBUG */ 901 902 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 903 proc_create_data("ap_control", 0, ap->proc, &ap_control_proc_fops, ap); 904 proc_create_data("ap", 0, ap->proc, &prism2_ap_proc_fops, ap); 905 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 906 907 } 908 909 910 void hostap_free_data(struct ap_data *ap) 911 { 912 struct sta_info *n, *sta; 913 914 if (ap == NULL || !ap->initialized) { 915 printk(KERN_DEBUG "hostap_free_data: ap has not yet been " 916 "initialized - skip resource freeing\n"); 917 return; 918 } 919 920 flush_work(&ap->add_sta_proc_queue); 921 922 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 923 flush_work(&ap->wds_oper_queue); 924 if (ap->crypt) 925 ap->crypt->deinit(ap->crypt_priv); 926 ap->crypt = ap->crypt_priv = NULL; 927 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 928 929 list_for_each_entry_safe(sta, n, &ap->sta_list, list) { 930 ap_sta_hash_del(ap, sta); 931 list_del(&sta->list); 932 if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap && sta->local) 933 hostap_event_expired_sta(sta->local->dev, sta); 934 ap_free_sta(ap, sta); 935 } 936 937 #ifndef PRISM2_NO_PROCFS_DEBUG 938 if (ap->proc != NULL) { 939 remove_proc_entry("ap_debug", ap->proc); 940 } 941 #endif /* PRISM2_NO_PROCFS_DEBUG */ 942 943 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 944 if (ap->proc != NULL) { 945 remove_proc_entry("ap", ap->proc); 946 remove_proc_entry("ap_control", ap->proc); 947 } 948 ap_control_flush_macs(&ap->mac_restrictions); 949 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 950 951 ap->initialized = 0; 952 } 953 954 955 /* caller should have mutex for AP STA list handling */ 956 static struct sta_info* ap_get_sta(struct ap_data *ap, u8 *sta) 957 { 958 struct sta_info *s; 959 960 s = ap->sta_hash[STA_HASH(sta)]; 961 while (s != NULL && !ether_addr_equal(s->addr, sta)) 962 s = s->hnext; 963 return s; 964 } 965 966 967 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 968 969 /* Called from timer handler and from scheduled AP queue handlers */ 970 static void prism2_send_mgmt(struct net_device *dev, 971 u16 type_subtype, char *body, 972 int body_len, u8 *addr, u16 tx_cb_idx) 973 { 974 struct hostap_interface *iface; 975 local_info_t *local; 976 struct ieee80211_hdr *hdr; 977 u16 fc; 978 struct sk_buff *skb; 979 struct hostap_skb_tx_data *meta; 980 int hdrlen; 981 982 iface = netdev_priv(dev); 983 local = iface->local; 984 dev = local->dev; /* always use master radio device */ 985 iface = netdev_priv(dev); 986 987 if (!(dev->flags & IFF_UP)) { 988 PDEBUG(DEBUG_AP, "%s: prism2_send_mgmt - device is not UP - " 989 "cannot send frame\n", dev->name); 990 return; 991 } 992 993 skb = dev_alloc_skb(sizeof(*hdr) + body_len); 994 if (skb == NULL) { 995 PDEBUG(DEBUG_AP, "%s: prism2_send_mgmt failed to allocate " 996 "skb\n", dev->name); 997 return; 998 } 999 1000 fc = type_subtype; 1001 hdrlen = hostap_80211_get_hdrlen(cpu_to_le16(type_subtype)); 1002 hdr = skb_put_zero(skb, hdrlen); 1003 if (body) 1004 skb_put_data(skb, body, body_len); 1005 1006 /* FIX: ctrl::ack sending used special HFA384X_TX_CTRL_802_11 1007 * tx_control instead of using local->tx_control */ 1008 1009 1010 memcpy(hdr->addr1, addr, ETH_ALEN); /* DA / RA */ 1011 if (ieee80211_is_data(hdr->frame_control)) { 1012 fc |= IEEE80211_FCTL_FROMDS; 1013 memcpy(hdr->addr2, dev->dev_addr, ETH_ALEN); /* BSSID */ 1014 memcpy(hdr->addr3, dev->dev_addr, ETH_ALEN); /* SA */ 1015 } else if (ieee80211_is_ctl(hdr->frame_control)) { 1016 /* control:ACK does not have addr2 or addr3 */ 1017 eth_zero_addr(hdr->addr2); 1018 eth_zero_addr(hdr->addr3); 1019 } else { 1020 memcpy(hdr->addr2, dev->dev_addr, ETH_ALEN); /* SA */ 1021 memcpy(hdr->addr3, dev->dev_addr, ETH_ALEN); /* BSSID */ 1022 } 1023 1024 hdr->frame_control = cpu_to_le16(fc); 1025 1026 meta = (struct hostap_skb_tx_data *) skb->cb; 1027 memset(meta, 0, sizeof(*meta)); 1028 meta->magic = HOSTAP_SKB_TX_DATA_MAGIC; 1029 meta->iface = iface; 1030 meta->tx_cb_idx = tx_cb_idx; 1031 1032 skb->dev = dev; 1033 skb_reset_mac_header(skb); 1034 skb_reset_network_header(skb); 1035 dev_queue_xmit(skb); 1036 } 1037 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 1038 1039 1040 static int prism2_sta_proc_show(struct seq_file *m, void *v) 1041 { 1042 struct sta_info *sta = m->private; 1043 int i; 1044 1045 /* FIX: possible race condition.. the STA data could have just expired, 1046 * but proc entry was still here so that the read could have started; 1047 * some locking should be done here.. */ 1048 1049 seq_printf(m, 1050 "%s=%pM\nusers=%d\naid=%d\n" 1051 "flags=0x%04x%s%s%s%s%s%s%s\n" 1052 "capability=0x%02x\nlisten_interval=%d\nsupported_rates=", 1053 sta->ap ? "AP" : "STA", 1054 sta->addr, atomic_read(&sta->users), sta->aid, 1055 sta->flags, 1056 sta->flags & WLAN_STA_AUTH ? " AUTH" : "", 1057 sta->flags & WLAN_STA_ASSOC ? " ASSOC" : "", 1058 sta->flags & WLAN_STA_PS ? " PS" : "", 1059 sta->flags & WLAN_STA_TIM ? " TIM" : "", 1060 sta->flags & WLAN_STA_PERM ? " PERM" : "", 1061 sta->flags & WLAN_STA_AUTHORIZED ? " AUTHORIZED" : "", 1062 sta->flags & WLAN_STA_PENDING_POLL ? " POLL" : "", 1063 sta->capability, sta->listen_interval); 1064 /* supported_rates: 500 kbit/s units with msb ignored */ 1065 for (i = 0; i < sizeof(sta->supported_rates); i++) 1066 if (sta->supported_rates[i] != 0) 1067 seq_printf(m, "%d%sMbps ", 1068 (sta->supported_rates[i] & 0x7f) / 2, 1069 sta->supported_rates[i] & 1 ? ".5" : ""); 1070 seq_printf(m, 1071 "\njiffies=%lu\nlast_auth=%lu\nlast_assoc=%lu\n" 1072 "last_rx=%lu\nlast_tx=%lu\nrx_packets=%lu\n" 1073 "tx_packets=%lu\n" 1074 "rx_bytes=%lu\ntx_bytes=%lu\nbuffer_count=%d\n" 1075 "last_rx: silence=%d dBm signal=%d dBm rate=%d%s Mbps\n" 1076 "tx_rate=%d\ntx[1M]=%d\ntx[2M]=%d\ntx[5.5M]=%d\n" 1077 "tx[11M]=%d\n" 1078 "rx[1M]=%d\nrx[2M]=%d\nrx[5.5M]=%d\nrx[11M]=%d\n", 1079 jiffies, sta->last_auth, sta->last_assoc, sta->last_rx, 1080 sta->last_tx, 1081 sta->rx_packets, sta->tx_packets, sta->rx_bytes, 1082 sta->tx_bytes, skb_queue_len(&sta->tx_buf), 1083 sta->last_rx_silence, 1084 sta->last_rx_signal, sta->last_rx_rate / 10, 1085 sta->last_rx_rate % 10 ? ".5" : "", 1086 sta->tx_rate, sta->tx_count[0], sta->tx_count[1], 1087 sta->tx_count[2], sta->tx_count[3], sta->rx_count[0], 1088 sta->rx_count[1], sta->rx_count[2], sta->rx_count[3]); 1089 if (sta->crypt && sta->crypt->ops && sta->crypt->ops->print_stats) 1090 sta->crypt->ops->print_stats(m, sta->crypt->priv); 1091 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 1092 if (sta->ap) { 1093 if (sta->u.ap.channel >= 0) 1094 seq_printf(m, "channel=%d\n", sta->u.ap.channel); 1095 seq_puts(m, "ssid="); 1096 for (i = 0; i < sta->u.ap.ssid_len; i++) { 1097 if (sta->u.ap.ssid[i] >= 32 && sta->u.ap.ssid[i] < 127) 1098 seq_putc(m, sta->u.ap.ssid[i]); 1099 else 1100 seq_printf(m, "<%02x>", sta->u.ap.ssid[i]); 1101 } 1102 seq_putc(m, '\n'); 1103 } 1104 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 1105 1106 return 0; 1107 } 1108 1109 static int prism2_sta_proc_open(struct inode *inode, struct file *file) 1110 { 1111 return single_open(file, prism2_sta_proc_show, PDE_DATA(inode)); 1112 } 1113 1114 static const struct file_operations prism2_sta_proc_fops = { 1115 .open = prism2_sta_proc_open, 1116 .read = seq_read, 1117 .llseek = seq_lseek, 1118 .release = single_release, 1119 }; 1120 1121 static void handle_add_proc_queue(struct work_struct *work) 1122 { 1123 struct ap_data *ap = container_of(work, struct ap_data, 1124 add_sta_proc_queue); 1125 struct sta_info *sta; 1126 char name[20]; 1127 struct add_sta_proc_data *entry, *prev; 1128 1129 entry = ap->add_sta_proc_entries; 1130 ap->add_sta_proc_entries = NULL; 1131 1132 while (entry) { 1133 spin_lock_bh(&ap->sta_table_lock); 1134 sta = ap_get_sta(ap, entry->addr); 1135 if (sta) 1136 atomic_inc(&sta->users); 1137 spin_unlock_bh(&ap->sta_table_lock); 1138 1139 if (sta) { 1140 sprintf(name, "%pM", sta->addr); 1141 sta->proc = proc_create_data( 1142 name, 0, ap->proc, 1143 &prism2_sta_proc_fops, sta); 1144 1145 atomic_dec(&sta->users); 1146 } 1147 1148 prev = entry; 1149 entry = entry->next; 1150 kfree(prev); 1151 } 1152 } 1153 1154 1155 static struct sta_info * ap_add_sta(struct ap_data *ap, u8 *addr) 1156 { 1157 struct sta_info *sta; 1158 1159 sta = kzalloc(sizeof(struct sta_info), GFP_ATOMIC); 1160 if (sta == NULL) { 1161 PDEBUG(DEBUG_AP, "AP: kmalloc failed\n"); 1162 return NULL; 1163 } 1164 1165 /* initialize STA info data */ 1166 sta->local = ap->local; 1167 skb_queue_head_init(&sta->tx_buf); 1168 memcpy(sta->addr, addr, ETH_ALEN); 1169 1170 atomic_inc(&sta->users); 1171 spin_lock_bh(&ap->sta_table_lock); 1172 list_add(&sta->list, &ap->sta_list); 1173 ap->num_sta++; 1174 ap_sta_hash_add(ap, sta); 1175 spin_unlock_bh(&ap->sta_table_lock); 1176 1177 if (ap->proc) { 1178 struct add_sta_proc_data *entry; 1179 /* schedule a non-interrupt context process to add a procfs 1180 * entry for the STA since procfs code use GFP_KERNEL */ 1181 entry = kmalloc(sizeof(*entry), GFP_ATOMIC); 1182 if (entry) { 1183 memcpy(entry->addr, sta->addr, ETH_ALEN); 1184 entry->next = ap->add_sta_proc_entries; 1185 ap->add_sta_proc_entries = entry; 1186 schedule_work(&ap->add_sta_proc_queue); 1187 } else 1188 printk(KERN_DEBUG "Failed to add STA proc data\n"); 1189 } 1190 1191 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 1192 init_timer(&sta->timer); 1193 sta->timer.expires = jiffies + ap->max_inactivity; 1194 sta->timer.data = (unsigned long) sta; 1195 sta->timer.function = ap_handle_timer; 1196 if (!ap->local->hostapd) 1197 add_timer(&sta->timer); 1198 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 1199 1200 return sta; 1201 } 1202 1203 1204 static int ap_tx_rate_ok(int rateidx, struct sta_info *sta, 1205 local_info_t *local) 1206 { 1207 if (rateidx > sta->tx_max_rate || 1208 !(sta->tx_supp_rates & (1 << rateidx))) 1209 return 0; 1210 1211 if (local->tx_rate_control != 0 && 1212 !(local->tx_rate_control & (1 << rateidx))) 1213 return 0; 1214 1215 return 1; 1216 } 1217 1218 1219 static void prism2_check_tx_rates(struct sta_info *sta) 1220 { 1221 int i; 1222 1223 sta->tx_supp_rates = 0; 1224 for (i = 0; i < sizeof(sta->supported_rates); i++) { 1225 if ((sta->supported_rates[i] & 0x7f) == 2) 1226 sta->tx_supp_rates |= WLAN_RATE_1M; 1227 if ((sta->supported_rates[i] & 0x7f) == 4) 1228 sta->tx_supp_rates |= WLAN_RATE_2M; 1229 if ((sta->supported_rates[i] & 0x7f) == 11) 1230 sta->tx_supp_rates |= WLAN_RATE_5M5; 1231 if ((sta->supported_rates[i] & 0x7f) == 22) 1232 sta->tx_supp_rates |= WLAN_RATE_11M; 1233 } 1234 sta->tx_max_rate = sta->tx_rate = sta->tx_rate_idx = 0; 1235 if (sta->tx_supp_rates & WLAN_RATE_1M) { 1236 sta->tx_max_rate = 0; 1237 if (ap_tx_rate_ok(0, sta, sta->local)) { 1238 sta->tx_rate = 10; 1239 sta->tx_rate_idx = 0; 1240 } 1241 } 1242 if (sta->tx_supp_rates & WLAN_RATE_2M) { 1243 sta->tx_max_rate = 1; 1244 if (ap_tx_rate_ok(1, sta, sta->local)) { 1245 sta->tx_rate = 20; 1246 sta->tx_rate_idx = 1; 1247 } 1248 } 1249 if (sta->tx_supp_rates & WLAN_RATE_5M5) { 1250 sta->tx_max_rate = 2; 1251 if (ap_tx_rate_ok(2, sta, sta->local)) { 1252 sta->tx_rate = 55; 1253 sta->tx_rate_idx = 2; 1254 } 1255 } 1256 if (sta->tx_supp_rates & WLAN_RATE_11M) { 1257 sta->tx_max_rate = 3; 1258 if (ap_tx_rate_ok(3, sta, sta->local)) { 1259 sta->tx_rate = 110; 1260 sta->tx_rate_idx = 3; 1261 } 1262 } 1263 } 1264 1265 1266 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 1267 1268 static void ap_crypt_init(struct ap_data *ap) 1269 { 1270 ap->crypt = lib80211_get_crypto_ops("WEP"); 1271 1272 if (ap->crypt) { 1273 if (ap->crypt->init) { 1274 ap->crypt_priv = ap->crypt->init(0); 1275 if (ap->crypt_priv == NULL) 1276 ap->crypt = NULL; 1277 else { 1278 u8 key[WEP_KEY_LEN]; 1279 get_random_bytes(key, WEP_KEY_LEN); 1280 ap->crypt->set_key(key, WEP_KEY_LEN, NULL, 1281 ap->crypt_priv); 1282 } 1283 } 1284 } 1285 1286 if (ap->crypt == NULL) { 1287 printk(KERN_WARNING "AP could not initialize WEP: load module " 1288 "lib80211_crypt_wep.ko\n"); 1289 } 1290 } 1291 1292 1293 /* Generate challenge data for shared key authentication. IEEE 802.11 specifies 1294 * that WEP algorithm is used for generating challenge. This should be unique, 1295 * but otherwise there is not really need for randomness etc. Initialize WEP 1296 * with pseudo random key and then use increasing IV to get unique challenge 1297 * streams. 1298 * 1299 * Called only as a scheduled task for pending AP frames. 1300 */ 1301 static char * ap_auth_make_challenge(struct ap_data *ap) 1302 { 1303 char *tmpbuf; 1304 struct sk_buff *skb; 1305 1306 if (ap->crypt == NULL) { 1307 ap_crypt_init(ap); 1308 if (ap->crypt == NULL) 1309 return NULL; 1310 } 1311 1312 tmpbuf = kmalloc(WLAN_AUTH_CHALLENGE_LEN, GFP_ATOMIC); 1313 if (tmpbuf == NULL) { 1314 PDEBUG(DEBUG_AP, "AP: kmalloc failed for challenge\n"); 1315 return NULL; 1316 } 1317 1318 skb = dev_alloc_skb(WLAN_AUTH_CHALLENGE_LEN + 1319 ap->crypt->extra_mpdu_prefix_len + 1320 ap->crypt->extra_mpdu_postfix_len); 1321 if (skb == NULL) { 1322 kfree(tmpbuf); 1323 return NULL; 1324 } 1325 1326 skb_reserve(skb, ap->crypt->extra_mpdu_prefix_len); 1327 skb_put_zero(skb, WLAN_AUTH_CHALLENGE_LEN); 1328 if (ap->crypt->encrypt_mpdu(skb, 0, ap->crypt_priv)) { 1329 dev_kfree_skb(skb); 1330 kfree(tmpbuf); 1331 return NULL; 1332 } 1333 1334 skb_copy_from_linear_data_offset(skb, ap->crypt->extra_mpdu_prefix_len, 1335 tmpbuf, WLAN_AUTH_CHALLENGE_LEN); 1336 dev_kfree_skb(skb); 1337 1338 return tmpbuf; 1339 } 1340 1341 1342 /* Called only as a scheduled task for pending AP frames. */ 1343 static void handle_authen(local_info_t *local, struct sk_buff *skb, 1344 struct hostap_80211_rx_status *rx_stats) 1345 { 1346 struct net_device *dev = local->dev; 1347 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 1348 size_t hdrlen; 1349 struct ap_data *ap = local->ap; 1350 char body[8 + WLAN_AUTH_CHALLENGE_LEN], *challenge = NULL; 1351 int len, olen; 1352 u16 auth_alg, auth_transaction, status_code; 1353 __le16 *pos; 1354 u16 resp = WLAN_STATUS_SUCCESS; 1355 struct sta_info *sta = NULL; 1356 struct lib80211_crypt_data *crypt; 1357 char *txt = ""; 1358 1359 len = skb->len - IEEE80211_MGMT_HDR_LEN; 1360 1361 hdrlen = hostap_80211_get_hdrlen(hdr->frame_control); 1362 1363 if (len < 6) { 1364 PDEBUG(DEBUG_AP, "%s: handle_authen - too short payload " 1365 "(len=%d) from %pM\n", dev->name, len, hdr->addr2); 1366 return; 1367 } 1368 1369 spin_lock_bh(&local->ap->sta_table_lock); 1370 sta = ap_get_sta(local->ap, hdr->addr2); 1371 if (sta) 1372 atomic_inc(&sta->users); 1373 spin_unlock_bh(&local->ap->sta_table_lock); 1374 1375 if (sta && sta->crypt) 1376 crypt = sta->crypt; 1377 else { 1378 int idx = 0; 1379 if (skb->len >= hdrlen + 3) 1380 idx = skb->data[hdrlen + 3] >> 6; 1381 crypt = local->crypt_info.crypt[idx]; 1382 } 1383 1384 pos = (__le16 *) (skb->data + IEEE80211_MGMT_HDR_LEN); 1385 auth_alg = __le16_to_cpu(*pos); 1386 pos++; 1387 auth_transaction = __le16_to_cpu(*pos); 1388 pos++; 1389 status_code = __le16_to_cpu(*pos); 1390 pos++; 1391 1392 if (ether_addr_equal(dev->dev_addr, hdr->addr2) || 1393 ap_control_mac_deny(&ap->mac_restrictions, hdr->addr2)) { 1394 txt = "authentication denied"; 1395 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1396 goto fail; 1397 } 1398 1399 if (((local->auth_algs & PRISM2_AUTH_OPEN) && 1400 auth_alg == WLAN_AUTH_OPEN) || 1401 ((local->auth_algs & PRISM2_AUTH_SHARED_KEY) && 1402 crypt && auth_alg == WLAN_AUTH_SHARED_KEY)) { 1403 } else { 1404 txt = "unsupported algorithm"; 1405 resp = WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG; 1406 goto fail; 1407 } 1408 1409 if (len >= 8) { 1410 u8 *u = (u8 *) pos; 1411 if (*u == WLAN_EID_CHALLENGE) { 1412 if (*(u + 1) != WLAN_AUTH_CHALLENGE_LEN) { 1413 txt = "invalid challenge len"; 1414 resp = WLAN_STATUS_CHALLENGE_FAIL; 1415 goto fail; 1416 } 1417 if (len - 8 < WLAN_AUTH_CHALLENGE_LEN) { 1418 txt = "challenge underflow"; 1419 resp = WLAN_STATUS_CHALLENGE_FAIL; 1420 goto fail; 1421 } 1422 challenge = (char *) (u + 2); 1423 } 1424 } 1425 1426 if (sta && sta->ap) { 1427 if (time_after(jiffies, sta->u.ap.last_beacon + 1428 (10 * sta->listen_interval * HZ) / 1024)) { 1429 PDEBUG(DEBUG_AP, "%s: no beacons received for a while," 1430 " assuming AP %pM is now STA\n", 1431 dev->name, sta->addr); 1432 sta->ap = 0; 1433 sta->flags = 0; 1434 sta->u.sta.challenge = NULL; 1435 } else { 1436 txt = "AP trying to authenticate?"; 1437 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1438 goto fail; 1439 } 1440 } 1441 1442 if ((auth_alg == WLAN_AUTH_OPEN && auth_transaction == 1) || 1443 (auth_alg == WLAN_AUTH_SHARED_KEY && 1444 (auth_transaction == 1 || 1445 (auth_transaction == 3 && sta != NULL && 1446 sta->u.sta.challenge != NULL)))) { 1447 } else { 1448 txt = "unknown authentication transaction number"; 1449 resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION; 1450 goto fail; 1451 } 1452 1453 if (sta == NULL) { 1454 txt = "new STA"; 1455 1456 if (local->ap->num_sta >= MAX_STA_COUNT) { 1457 /* FIX: might try to remove some old STAs first? */ 1458 txt = "no more room for new STAs"; 1459 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1460 goto fail; 1461 } 1462 1463 sta = ap_add_sta(local->ap, hdr->addr2); 1464 if (sta == NULL) { 1465 txt = "ap_add_sta failed"; 1466 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1467 goto fail; 1468 } 1469 } 1470 1471 switch (auth_alg) { 1472 case WLAN_AUTH_OPEN: 1473 txt = "authOK"; 1474 /* IEEE 802.11 standard is not completely clear about 1475 * whether STA is considered authenticated after 1476 * authentication OK frame has been send or after it 1477 * has been ACKed. In order to reduce interoperability 1478 * issues, mark the STA authenticated before ACK. */ 1479 sta->flags |= WLAN_STA_AUTH; 1480 break; 1481 1482 case WLAN_AUTH_SHARED_KEY: 1483 if (auth_transaction == 1) { 1484 if (sta->u.sta.challenge == NULL) { 1485 sta->u.sta.challenge = 1486 ap_auth_make_challenge(local->ap); 1487 if (sta->u.sta.challenge == NULL) { 1488 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1489 goto fail; 1490 } 1491 } 1492 } else { 1493 if (sta->u.sta.challenge == NULL || 1494 challenge == NULL || 1495 memcmp(sta->u.sta.challenge, challenge, 1496 WLAN_AUTH_CHALLENGE_LEN) != 0 || 1497 !ieee80211_has_protected(hdr->frame_control)) { 1498 txt = "challenge response incorrect"; 1499 resp = WLAN_STATUS_CHALLENGE_FAIL; 1500 goto fail; 1501 } 1502 1503 txt = "challenge OK - authOK"; 1504 /* IEEE 802.11 standard is not completely clear about 1505 * whether STA is considered authenticated after 1506 * authentication OK frame has been send or after it 1507 * has been ACKed. In order to reduce interoperability 1508 * issues, mark the STA authenticated before ACK. */ 1509 sta->flags |= WLAN_STA_AUTH; 1510 kfree(sta->u.sta.challenge); 1511 sta->u.sta.challenge = NULL; 1512 } 1513 break; 1514 } 1515 1516 fail: 1517 pos = (__le16 *) body; 1518 *pos = cpu_to_le16(auth_alg); 1519 pos++; 1520 *pos = cpu_to_le16(auth_transaction + 1); 1521 pos++; 1522 *pos = cpu_to_le16(resp); /* status_code */ 1523 pos++; 1524 olen = 6; 1525 1526 if (resp == WLAN_STATUS_SUCCESS && sta != NULL && 1527 sta->u.sta.challenge != NULL && 1528 auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 1) { 1529 u8 *tmp = (u8 *) pos; 1530 *tmp++ = WLAN_EID_CHALLENGE; 1531 *tmp++ = WLAN_AUTH_CHALLENGE_LEN; 1532 pos++; 1533 memcpy(pos, sta->u.sta.challenge, WLAN_AUTH_CHALLENGE_LEN); 1534 olen += 2 + WLAN_AUTH_CHALLENGE_LEN; 1535 } 1536 1537 prism2_send_mgmt(dev, IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_AUTH, 1538 body, olen, hdr->addr2, ap->tx_callback_auth); 1539 1540 if (sta) { 1541 sta->last_rx = jiffies; 1542 atomic_dec(&sta->users); 1543 } 1544 1545 if (resp) { 1546 PDEBUG(DEBUG_AP, "%s: %pM auth (alg=%d " 1547 "trans#=%d stat=%d len=%d fc=%04x) ==> %d (%s)\n", 1548 dev->name, hdr->addr2, 1549 auth_alg, auth_transaction, status_code, len, 1550 le16_to_cpu(hdr->frame_control), resp, txt); 1551 } 1552 } 1553 1554 1555 /* Called only as a scheduled task for pending AP frames. */ 1556 static void handle_assoc(local_info_t *local, struct sk_buff *skb, 1557 struct hostap_80211_rx_status *rx_stats, int reassoc) 1558 { 1559 struct net_device *dev = local->dev; 1560 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 1561 char body[12], *p, *lpos; 1562 int len, left; 1563 __le16 *pos; 1564 u16 resp = WLAN_STATUS_SUCCESS; 1565 struct sta_info *sta = NULL; 1566 int send_deauth = 0; 1567 char *txt = ""; 1568 u8 prev_ap[ETH_ALEN]; 1569 1570 left = len = skb->len - IEEE80211_MGMT_HDR_LEN; 1571 1572 if (len < (reassoc ? 10 : 4)) { 1573 PDEBUG(DEBUG_AP, "%s: handle_assoc - too short payload " 1574 "(len=%d, reassoc=%d) from %pM\n", 1575 dev->name, len, reassoc, hdr->addr2); 1576 return; 1577 } 1578 1579 spin_lock_bh(&local->ap->sta_table_lock); 1580 sta = ap_get_sta(local->ap, hdr->addr2); 1581 if (sta == NULL || (sta->flags & WLAN_STA_AUTH) == 0) { 1582 spin_unlock_bh(&local->ap->sta_table_lock); 1583 txt = "trying to associate before authentication"; 1584 send_deauth = 1; 1585 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1586 sta = NULL; /* do not decrement sta->users */ 1587 goto fail; 1588 } 1589 atomic_inc(&sta->users); 1590 spin_unlock_bh(&local->ap->sta_table_lock); 1591 1592 pos = (__le16 *) (skb->data + IEEE80211_MGMT_HDR_LEN); 1593 sta->capability = __le16_to_cpu(*pos); 1594 pos++; left -= 2; 1595 sta->listen_interval = __le16_to_cpu(*pos); 1596 pos++; left -= 2; 1597 1598 if (reassoc) { 1599 memcpy(prev_ap, pos, ETH_ALEN); 1600 pos++; pos++; pos++; left -= 6; 1601 } else 1602 eth_zero_addr(prev_ap); 1603 1604 if (left >= 2) { 1605 unsigned int ileft; 1606 unsigned char *u = (unsigned char *) pos; 1607 1608 if (*u == WLAN_EID_SSID) { 1609 u++; left--; 1610 ileft = *u; 1611 u++; left--; 1612 1613 if (ileft > left || ileft > MAX_SSID_LEN) { 1614 txt = "SSID overflow"; 1615 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1616 goto fail; 1617 } 1618 1619 if (ileft != strlen(local->essid) || 1620 memcmp(local->essid, u, ileft) != 0) { 1621 txt = "not our SSID"; 1622 resp = WLAN_STATUS_ASSOC_DENIED_UNSPEC; 1623 goto fail; 1624 } 1625 1626 u += ileft; 1627 left -= ileft; 1628 } 1629 1630 if (left >= 2 && *u == WLAN_EID_SUPP_RATES) { 1631 u++; left--; 1632 ileft = *u; 1633 u++; left--; 1634 1635 if (ileft > left || ileft == 0 || 1636 ileft > WLAN_SUPP_RATES_MAX) { 1637 txt = "SUPP_RATES len error"; 1638 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1639 goto fail; 1640 } 1641 1642 memset(sta->supported_rates, 0, 1643 sizeof(sta->supported_rates)); 1644 memcpy(sta->supported_rates, u, ileft); 1645 prism2_check_tx_rates(sta); 1646 1647 u += ileft; 1648 left -= ileft; 1649 } 1650 1651 if (left > 0) { 1652 PDEBUG(DEBUG_AP, "%s: assoc from %pM" 1653 " with extra data (%d bytes) [", 1654 dev->name, hdr->addr2, left); 1655 while (left > 0) { 1656 PDEBUG2(DEBUG_AP, "<%02x>", *u); 1657 u++; left--; 1658 } 1659 PDEBUG2(DEBUG_AP, "]\n"); 1660 } 1661 } else { 1662 txt = "frame underflow"; 1663 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1664 goto fail; 1665 } 1666 1667 /* get a unique AID */ 1668 if (sta->aid > 0) 1669 txt = "OK, old AID"; 1670 else { 1671 spin_lock_bh(&local->ap->sta_table_lock); 1672 for (sta->aid = 1; sta->aid <= MAX_AID_TABLE_SIZE; sta->aid++) 1673 if (local->ap->sta_aid[sta->aid - 1] == NULL) 1674 break; 1675 if (sta->aid > MAX_AID_TABLE_SIZE) { 1676 sta->aid = 0; 1677 spin_unlock_bh(&local->ap->sta_table_lock); 1678 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA; 1679 txt = "no room for more AIDs"; 1680 } else { 1681 local->ap->sta_aid[sta->aid - 1] = sta; 1682 spin_unlock_bh(&local->ap->sta_table_lock); 1683 txt = "OK, new AID"; 1684 } 1685 } 1686 1687 fail: 1688 pos = (__le16 *) body; 1689 1690 if (send_deauth) { 1691 *pos = cpu_to_le16(WLAN_REASON_STA_REQ_ASSOC_WITHOUT_AUTH); 1692 pos++; 1693 } else { 1694 /* FIX: CF-Pollable and CF-PollReq should be set to match the 1695 * values in beacons/probe responses */ 1696 /* FIX: how about privacy and WEP? */ 1697 /* capability */ 1698 *pos = cpu_to_le16(WLAN_CAPABILITY_ESS); 1699 pos++; 1700 1701 /* status_code */ 1702 *pos = cpu_to_le16(resp); 1703 pos++; 1704 1705 *pos = cpu_to_le16((sta && sta->aid > 0 ? sta->aid : 0) | 1706 BIT(14) | BIT(15)); /* AID */ 1707 pos++; 1708 1709 /* Supported rates (Information element) */ 1710 p = (char *) pos; 1711 *p++ = WLAN_EID_SUPP_RATES; 1712 lpos = p; 1713 *p++ = 0; /* len */ 1714 if (local->tx_rate_control & WLAN_RATE_1M) { 1715 *p++ = local->basic_rates & WLAN_RATE_1M ? 0x82 : 0x02; 1716 (*lpos)++; 1717 } 1718 if (local->tx_rate_control & WLAN_RATE_2M) { 1719 *p++ = local->basic_rates & WLAN_RATE_2M ? 0x84 : 0x04; 1720 (*lpos)++; 1721 } 1722 if (local->tx_rate_control & WLAN_RATE_5M5) { 1723 *p++ = local->basic_rates & WLAN_RATE_5M5 ? 1724 0x8b : 0x0b; 1725 (*lpos)++; 1726 } 1727 if (local->tx_rate_control & WLAN_RATE_11M) { 1728 *p++ = local->basic_rates & WLAN_RATE_11M ? 1729 0x96 : 0x16; 1730 (*lpos)++; 1731 } 1732 pos = (__le16 *) p; 1733 } 1734 1735 prism2_send_mgmt(dev, IEEE80211_FTYPE_MGMT | 1736 (send_deauth ? IEEE80211_STYPE_DEAUTH : 1737 (reassoc ? IEEE80211_STYPE_REASSOC_RESP : 1738 IEEE80211_STYPE_ASSOC_RESP)), 1739 body, (u8 *) pos - (u8 *) body, 1740 hdr->addr2, 1741 send_deauth ? 0 : local->ap->tx_callback_assoc); 1742 1743 if (sta) { 1744 if (resp == WLAN_STATUS_SUCCESS) { 1745 sta->last_rx = jiffies; 1746 /* STA will be marked associated from TX callback, if 1747 * AssocResp is ACKed */ 1748 } 1749 atomic_dec(&sta->users); 1750 } 1751 1752 #if 0 1753 PDEBUG(DEBUG_AP, "%s: %pM %sassoc (len=%d " 1754 "prev_ap=%pM) => %d(%d) (%s)\n", 1755 dev->name, 1756 hdr->addr2, 1757 reassoc ? "re" : "", len, 1758 prev_ap, 1759 resp, send_deauth, txt); 1760 #endif 1761 } 1762 1763 1764 /* Called only as a scheduled task for pending AP frames. */ 1765 static void handle_deauth(local_info_t *local, struct sk_buff *skb, 1766 struct hostap_80211_rx_status *rx_stats) 1767 { 1768 struct net_device *dev = local->dev; 1769 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 1770 char *body = (char *) (skb->data + IEEE80211_MGMT_HDR_LEN); 1771 int len; 1772 u16 reason_code; 1773 __le16 *pos; 1774 struct sta_info *sta = NULL; 1775 1776 len = skb->len - IEEE80211_MGMT_HDR_LEN; 1777 1778 if (len < 2) { 1779 printk("handle_deauth - too short payload (len=%d)\n", len); 1780 return; 1781 } 1782 1783 pos = (__le16 *) body; 1784 reason_code = le16_to_cpu(*pos); 1785 1786 PDEBUG(DEBUG_AP, "%s: deauthentication: %pM len=%d, " 1787 "reason_code=%d\n", dev->name, hdr->addr2, 1788 len, reason_code); 1789 1790 spin_lock_bh(&local->ap->sta_table_lock); 1791 sta = ap_get_sta(local->ap, hdr->addr2); 1792 if (sta != NULL) { 1793 if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap) 1794 hostap_event_expired_sta(local->dev, sta); 1795 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC); 1796 } 1797 spin_unlock_bh(&local->ap->sta_table_lock); 1798 if (sta == NULL) { 1799 printk("%s: deauthentication from %pM, " 1800 "reason_code=%d, but STA not authenticated\n", dev->name, 1801 hdr->addr2, reason_code); 1802 } 1803 } 1804 1805 1806 /* Called only as a scheduled task for pending AP frames. */ 1807 static void handle_disassoc(local_info_t *local, struct sk_buff *skb, 1808 struct hostap_80211_rx_status *rx_stats) 1809 { 1810 struct net_device *dev = local->dev; 1811 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 1812 char *body = skb->data + IEEE80211_MGMT_HDR_LEN; 1813 int len; 1814 u16 reason_code; 1815 __le16 *pos; 1816 struct sta_info *sta = NULL; 1817 1818 len = skb->len - IEEE80211_MGMT_HDR_LEN; 1819 1820 if (len < 2) { 1821 printk("handle_disassoc - too short payload (len=%d)\n", len); 1822 return; 1823 } 1824 1825 pos = (__le16 *) body; 1826 reason_code = le16_to_cpu(*pos); 1827 1828 PDEBUG(DEBUG_AP, "%s: disassociation: %pM len=%d, " 1829 "reason_code=%d\n", dev->name, hdr->addr2, 1830 len, reason_code); 1831 1832 spin_lock_bh(&local->ap->sta_table_lock); 1833 sta = ap_get_sta(local->ap, hdr->addr2); 1834 if (sta != NULL) { 1835 if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap) 1836 hostap_event_expired_sta(local->dev, sta); 1837 sta->flags &= ~WLAN_STA_ASSOC; 1838 } 1839 spin_unlock_bh(&local->ap->sta_table_lock); 1840 if (sta == NULL) { 1841 printk("%s: disassociation from %pM, " 1842 "reason_code=%d, but STA not authenticated\n", 1843 dev->name, hdr->addr2, reason_code); 1844 } 1845 } 1846 1847 1848 /* Called only as a scheduled task for pending AP frames. */ 1849 static void ap_handle_data_nullfunc(local_info_t *local, 1850 struct ieee80211_hdr *hdr) 1851 { 1852 struct net_device *dev = local->dev; 1853 1854 /* some STA f/w's seem to require control::ACK frame for 1855 * data::nullfunc, but at least Prism2 station f/w version 0.8.0 does 1856 * not send this.. 1857 * send control::ACK for the data::nullfunc */ 1858 1859 printk(KERN_DEBUG "Sending control::ACK for data::nullfunc\n"); 1860 prism2_send_mgmt(dev, IEEE80211_FTYPE_CTL | IEEE80211_STYPE_ACK, 1861 NULL, 0, hdr->addr2, 0); 1862 } 1863 1864 1865 /* Called only as a scheduled task for pending AP frames. */ 1866 static void ap_handle_dropped_data(local_info_t *local, 1867 struct ieee80211_hdr *hdr) 1868 { 1869 struct net_device *dev = local->dev; 1870 struct sta_info *sta; 1871 __le16 reason; 1872 1873 spin_lock_bh(&local->ap->sta_table_lock); 1874 sta = ap_get_sta(local->ap, hdr->addr2); 1875 if (sta) 1876 atomic_inc(&sta->users); 1877 spin_unlock_bh(&local->ap->sta_table_lock); 1878 1879 if (sta != NULL && (sta->flags & WLAN_STA_ASSOC)) { 1880 PDEBUG(DEBUG_AP, "ap_handle_dropped_data: STA is now okay?\n"); 1881 atomic_dec(&sta->users); 1882 return; 1883 } 1884 1885 reason = cpu_to_le16(WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA); 1886 prism2_send_mgmt(dev, IEEE80211_FTYPE_MGMT | 1887 ((sta == NULL || !(sta->flags & WLAN_STA_ASSOC)) ? 1888 IEEE80211_STYPE_DEAUTH : IEEE80211_STYPE_DISASSOC), 1889 (char *) &reason, sizeof(reason), hdr->addr2, 0); 1890 1891 if (sta) 1892 atomic_dec(&sta->users); 1893 } 1894 1895 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 1896 1897 1898 /* Called only as a scheduled task for pending AP frames. */ 1899 static void pspoll_send_buffered(local_info_t *local, struct sta_info *sta, 1900 struct sk_buff *skb) 1901 { 1902 struct hostap_skb_tx_data *meta; 1903 1904 if (!(sta->flags & WLAN_STA_PS)) { 1905 /* Station has moved to non-PS mode, so send all buffered 1906 * frames using normal device queue. */ 1907 dev_queue_xmit(skb); 1908 return; 1909 } 1910 1911 /* add a flag for hostap_handle_sta_tx() to know that this skb should 1912 * be passed through even though STA is using PS */ 1913 meta = (struct hostap_skb_tx_data *) skb->cb; 1914 meta->flags |= HOSTAP_TX_FLAGS_BUFFERED_FRAME; 1915 if (!skb_queue_empty(&sta->tx_buf)) { 1916 /* indicate to STA that more frames follow */ 1917 meta->flags |= HOSTAP_TX_FLAGS_ADD_MOREDATA; 1918 } 1919 dev_queue_xmit(skb); 1920 } 1921 1922 1923 /* Called only as a scheduled task for pending AP frames. */ 1924 static void handle_pspoll(local_info_t *local, 1925 struct ieee80211_hdr *hdr, 1926 struct hostap_80211_rx_status *rx_stats) 1927 { 1928 struct net_device *dev = local->dev; 1929 struct sta_info *sta; 1930 u16 aid; 1931 struct sk_buff *skb; 1932 1933 PDEBUG(DEBUG_PS2, "handle_pspoll: BSSID=%pM, TA=%pM PWRMGT=%d\n", 1934 hdr->addr1, hdr->addr2, !!ieee80211_has_pm(hdr->frame_control)); 1935 1936 if (!ether_addr_equal(hdr->addr1, dev->dev_addr)) { 1937 PDEBUG(DEBUG_AP, 1938 "handle_pspoll - addr1(BSSID)=%pM not own MAC\n", 1939 hdr->addr1); 1940 return; 1941 } 1942 1943 aid = le16_to_cpu(hdr->duration_id); 1944 if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14))) { 1945 PDEBUG(DEBUG_PS, " PSPOLL and AID[15:14] not set\n"); 1946 return; 1947 } 1948 aid &= ~(BIT(15) | BIT(14)); 1949 if (aid == 0 || aid > MAX_AID_TABLE_SIZE) { 1950 PDEBUG(DEBUG_PS, " invalid aid=%d\n", aid); 1951 return; 1952 } 1953 PDEBUG(DEBUG_PS2, " aid=%d\n", aid); 1954 1955 spin_lock_bh(&local->ap->sta_table_lock); 1956 sta = ap_get_sta(local->ap, hdr->addr2); 1957 if (sta) 1958 atomic_inc(&sta->users); 1959 spin_unlock_bh(&local->ap->sta_table_lock); 1960 1961 if (sta == NULL) { 1962 PDEBUG(DEBUG_PS, " STA not found\n"); 1963 return; 1964 } 1965 if (sta->aid != aid) { 1966 PDEBUG(DEBUG_PS, " received aid=%i does not match with " 1967 "assoc.aid=%d\n", aid, sta->aid); 1968 return; 1969 } 1970 1971 /* FIX: todo: 1972 * - add timeout for buffering (clear aid in TIM vector if buffer timed 1973 * out (expiry time must be longer than ListenInterval for 1974 * the corresponding STA; "8802-11: 11.2.1.9 AP aging function" 1975 * - what to do, if buffered, pspolled, and sent frame is not ACKed by 1976 * sta; store buffer for later use and leave TIM aid bit set? use 1977 * TX event to check whether frame was ACKed? 1978 */ 1979 1980 while ((skb = skb_dequeue(&sta->tx_buf)) != NULL) { 1981 /* send buffered frame .. */ 1982 PDEBUG(DEBUG_PS2, "Sending buffered frame to STA after PS POLL" 1983 " (buffer_count=%d)\n", skb_queue_len(&sta->tx_buf)); 1984 1985 pspoll_send_buffered(local, sta, skb); 1986 1987 if (sta->flags & WLAN_STA_PS) { 1988 /* send only one buffered packet per PS Poll */ 1989 /* FIX: should ignore further PS Polls until the 1990 * buffered packet that was just sent is acknowledged 1991 * (Tx or TxExc event) */ 1992 break; 1993 } 1994 } 1995 1996 if (skb_queue_empty(&sta->tx_buf)) { 1997 /* try to clear aid from TIM */ 1998 if (!(sta->flags & WLAN_STA_TIM)) 1999 PDEBUG(DEBUG_PS2, "Re-unsetting TIM for aid %d\n", 2000 aid); 2001 hostap_set_tim(local, aid, 0); 2002 sta->flags &= ~WLAN_STA_TIM; 2003 } 2004 2005 atomic_dec(&sta->users); 2006 } 2007 2008 2009 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 2010 2011 static void handle_wds_oper_queue(struct work_struct *work) 2012 { 2013 struct ap_data *ap = container_of(work, struct ap_data, 2014 wds_oper_queue); 2015 local_info_t *local = ap->local; 2016 struct wds_oper_data *entry, *prev; 2017 2018 spin_lock_bh(&local->lock); 2019 entry = local->ap->wds_oper_entries; 2020 local->ap->wds_oper_entries = NULL; 2021 spin_unlock_bh(&local->lock); 2022 2023 while (entry) { 2024 PDEBUG(DEBUG_AP, "%s: %s automatic WDS connection " 2025 "to AP %pM\n", 2026 local->dev->name, 2027 entry->type == WDS_ADD ? "adding" : "removing", 2028 entry->addr); 2029 if (entry->type == WDS_ADD) 2030 prism2_wds_add(local, entry->addr, 0); 2031 else if (entry->type == WDS_DEL) 2032 prism2_wds_del(local, entry->addr, 0, 1); 2033 2034 prev = entry; 2035 entry = entry->next; 2036 kfree(prev); 2037 } 2038 } 2039 2040 2041 /* Called only as a scheduled task for pending AP frames. */ 2042 static void handle_beacon(local_info_t *local, struct sk_buff *skb, 2043 struct hostap_80211_rx_status *rx_stats) 2044 { 2045 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 2046 char *body = skb->data + IEEE80211_MGMT_HDR_LEN; 2047 int len, left; 2048 u16 beacon_int, capability; 2049 __le16 *pos; 2050 char *ssid = NULL; 2051 unsigned char *supp_rates = NULL; 2052 int ssid_len = 0, supp_rates_len = 0; 2053 struct sta_info *sta = NULL; 2054 int new_sta = 0, channel = -1; 2055 2056 len = skb->len - IEEE80211_MGMT_HDR_LEN; 2057 2058 if (len < 8 + 2 + 2) { 2059 printk(KERN_DEBUG "handle_beacon - too short payload " 2060 "(len=%d)\n", len); 2061 return; 2062 } 2063 2064 pos = (__le16 *) body; 2065 left = len; 2066 2067 /* Timestamp (8 octets) */ 2068 pos += 4; left -= 8; 2069 /* Beacon interval (2 octets) */ 2070 beacon_int = le16_to_cpu(*pos); 2071 pos++; left -= 2; 2072 /* Capability information (2 octets) */ 2073 capability = le16_to_cpu(*pos); 2074 pos++; left -= 2; 2075 2076 if (local->ap->ap_policy != AP_OTHER_AP_EVEN_IBSS && 2077 capability & WLAN_CAPABILITY_IBSS) 2078 return; 2079 2080 if (left >= 2) { 2081 unsigned int ileft; 2082 unsigned char *u = (unsigned char *) pos; 2083 2084 if (*u == WLAN_EID_SSID) { 2085 u++; left--; 2086 ileft = *u; 2087 u++; left--; 2088 2089 if (ileft > left || ileft > MAX_SSID_LEN) { 2090 PDEBUG(DEBUG_AP, "SSID: overflow\n"); 2091 return; 2092 } 2093 2094 if (local->ap->ap_policy == AP_OTHER_AP_SAME_SSID && 2095 (ileft != strlen(local->essid) || 2096 memcmp(local->essid, u, ileft) != 0)) { 2097 /* not our SSID */ 2098 return; 2099 } 2100 2101 ssid = u; 2102 ssid_len = ileft; 2103 2104 u += ileft; 2105 left -= ileft; 2106 } 2107 2108 if (*u == WLAN_EID_SUPP_RATES) { 2109 u++; left--; 2110 ileft = *u; 2111 u++; left--; 2112 2113 if (ileft > left || ileft == 0 || ileft > 8) { 2114 PDEBUG(DEBUG_AP, " - SUPP_RATES len error\n"); 2115 return; 2116 } 2117 2118 supp_rates = u; 2119 supp_rates_len = ileft; 2120 2121 u += ileft; 2122 left -= ileft; 2123 } 2124 2125 if (*u == WLAN_EID_DS_PARAMS) { 2126 u++; left--; 2127 ileft = *u; 2128 u++; left--; 2129 2130 if (ileft > left || ileft != 1) { 2131 PDEBUG(DEBUG_AP, " - DS_PARAMS len error\n"); 2132 return; 2133 } 2134 2135 channel = *u; 2136 2137 u += ileft; 2138 left -= ileft; 2139 } 2140 } 2141 2142 spin_lock_bh(&local->ap->sta_table_lock); 2143 sta = ap_get_sta(local->ap, hdr->addr2); 2144 if (sta != NULL) 2145 atomic_inc(&sta->users); 2146 spin_unlock_bh(&local->ap->sta_table_lock); 2147 2148 if (sta == NULL) { 2149 /* add new AP */ 2150 new_sta = 1; 2151 sta = ap_add_sta(local->ap, hdr->addr2); 2152 if (sta == NULL) { 2153 printk(KERN_INFO "prism2: kmalloc failed for AP " 2154 "data structure\n"); 2155 return; 2156 } 2157 hostap_event_new_sta(local->dev, sta); 2158 2159 /* mark APs authentication and associated for pseudo ad-hoc 2160 * style communication */ 2161 sta->flags = WLAN_STA_AUTH | WLAN_STA_ASSOC; 2162 2163 if (local->ap->autom_ap_wds) { 2164 hostap_wds_link_oper(local, sta->addr, WDS_ADD); 2165 } 2166 } 2167 2168 sta->ap = 1; 2169 if (ssid) { 2170 sta->u.ap.ssid_len = ssid_len; 2171 memcpy(sta->u.ap.ssid, ssid, ssid_len); 2172 sta->u.ap.ssid[ssid_len] = '\0'; 2173 } else { 2174 sta->u.ap.ssid_len = 0; 2175 sta->u.ap.ssid[0] = '\0'; 2176 } 2177 sta->u.ap.channel = channel; 2178 sta->rx_packets++; 2179 sta->rx_bytes += len; 2180 sta->u.ap.last_beacon = sta->last_rx = jiffies; 2181 sta->capability = capability; 2182 sta->listen_interval = beacon_int; 2183 2184 atomic_dec(&sta->users); 2185 2186 if (new_sta) { 2187 memset(sta->supported_rates, 0, sizeof(sta->supported_rates)); 2188 memcpy(sta->supported_rates, supp_rates, supp_rates_len); 2189 prism2_check_tx_rates(sta); 2190 } 2191 } 2192 2193 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 2194 2195 2196 /* Called only as a tasklet. */ 2197 static void handle_ap_item(local_info_t *local, struct sk_buff *skb, 2198 struct hostap_80211_rx_status *rx_stats) 2199 { 2200 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 2201 struct net_device *dev = local->dev; 2202 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 2203 u16 fc, type, stype; 2204 struct ieee80211_hdr *hdr; 2205 2206 /* FIX: should give skb->len to handler functions and check that the 2207 * buffer is long enough */ 2208 hdr = (struct ieee80211_hdr *) skb->data; 2209 fc = le16_to_cpu(hdr->frame_control); 2210 type = fc & IEEE80211_FCTL_FTYPE; 2211 stype = fc & IEEE80211_FCTL_STYPE; 2212 2213 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 2214 if (!local->hostapd && type == IEEE80211_FTYPE_DATA) { 2215 PDEBUG(DEBUG_AP, "handle_ap_item - data frame\n"); 2216 2217 if (!(fc & IEEE80211_FCTL_TODS) || 2218 (fc & IEEE80211_FCTL_FROMDS)) { 2219 if (stype == IEEE80211_STYPE_NULLFUNC) { 2220 /* no ToDS nullfunc seems to be used to check 2221 * AP association; so send reject message to 2222 * speed up re-association */ 2223 ap_handle_dropped_data(local, hdr); 2224 goto done; 2225 } 2226 PDEBUG(DEBUG_AP, " not ToDS frame (fc=0x%04x)\n", 2227 fc); 2228 goto done; 2229 } 2230 2231 if (!ether_addr_equal(hdr->addr1, dev->dev_addr)) { 2232 PDEBUG(DEBUG_AP, "handle_ap_item - addr1(BSSID)=%pM" 2233 " not own MAC\n", hdr->addr1); 2234 goto done; 2235 } 2236 2237 if (local->ap->nullfunc_ack && 2238 stype == IEEE80211_STYPE_NULLFUNC) 2239 ap_handle_data_nullfunc(local, hdr); 2240 else 2241 ap_handle_dropped_data(local, hdr); 2242 goto done; 2243 } 2244 2245 if (type == IEEE80211_FTYPE_MGMT && stype == IEEE80211_STYPE_BEACON) { 2246 handle_beacon(local, skb, rx_stats); 2247 goto done; 2248 } 2249 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 2250 2251 if (type == IEEE80211_FTYPE_CTL && stype == IEEE80211_STYPE_PSPOLL) { 2252 handle_pspoll(local, hdr, rx_stats); 2253 goto done; 2254 } 2255 2256 if (local->hostapd) { 2257 PDEBUG(DEBUG_AP, "Unknown frame in AP queue: type=0x%02x " 2258 "subtype=0x%02x\n", type, stype); 2259 goto done; 2260 } 2261 2262 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 2263 if (type != IEEE80211_FTYPE_MGMT) { 2264 PDEBUG(DEBUG_AP, "handle_ap_item - not a management frame?\n"); 2265 goto done; 2266 } 2267 2268 if (!ether_addr_equal(hdr->addr1, dev->dev_addr)) { 2269 PDEBUG(DEBUG_AP, "handle_ap_item - addr1(DA)=%pM" 2270 " not own MAC\n", hdr->addr1); 2271 goto done; 2272 } 2273 2274 if (!ether_addr_equal(hdr->addr3, dev->dev_addr)) { 2275 PDEBUG(DEBUG_AP, "handle_ap_item - addr3(BSSID)=%pM" 2276 " not own MAC\n", hdr->addr3); 2277 goto done; 2278 } 2279 2280 switch (stype) { 2281 case IEEE80211_STYPE_ASSOC_REQ: 2282 handle_assoc(local, skb, rx_stats, 0); 2283 break; 2284 case IEEE80211_STYPE_ASSOC_RESP: 2285 PDEBUG(DEBUG_AP, "==> ASSOC RESP (ignored)\n"); 2286 break; 2287 case IEEE80211_STYPE_REASSOC_REQ: 2288 handle_assoc(local, skb, rx_stats, 1); 2289 break; 2290 case IEEE80211_STYPE_REASSOC_RESP: 2291 PDEBUG(DEBUG_AP, "==> REASSOC RESP (ignored)\n"); 2292 break; 2293 case IEEE80211_STYPE_ATIM: 2294 PDEBUG(DEBUG_AP, "==> ATIM (ignored)\n"); 2295 break; 2296 case IEEE80211_STYPE_DISASSOC: 2297 handle_disassoc(local, skb, rx_stats); 2298 break; 2299 case IEEE80211_STYPE_AUTH: 2300 handle_authen(local, skb, rx_stats); 2301 break; 2302 case IEEE80211_STYPE_DEAUTH: 2303 handle_deauth(local, skb, rx_stats); 2304 break; 2305 default: 2306 PDEBUG(DEBUG_AP, "Unknown mgmt frame subtype 0x%02x\n", 2307 stype >> 4); 2308 break; 2309 } 2310 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 2311 2312 done: 2313 dev_kfree_skb(skb); 2314 } 2315 2316 2317 /* Called only as a tasklet (software IRQ) */ 2318 void hostap_rx(struct net_device *dev, struct sk_buff *skb, 2319 struct hostap_80211_rx_status *rx_stats) 2320 { 2321 struct hostap_interface *iface; 2322 local_info_t *local; 2323 struct ieee80211_hdr *hdr; 2324 2325 iface = netdev_priv(dev); 2326 local = iface->local; 2327 2328 if (skb->len < 16) 2329 goto drop; 2330 2331 dev->stats.rx_packets++; 2332 2333 hdr = (struct ieee80211_hdr *) skb->data; 2334 2335 if (local->ap->ap_policy == AP_OTHER_AP_SKIP_ALL && 2336 ieee80211_is_beacon(hdr->frame_control)) 2337 goto drop; 2338 2339 skb->protocol = cpu_to_be16(ETH_P_HOSTAP); 2340 handle_ap_item(local, skb, rx_stats); 2341 return; 2342 2343 drop: 2344 dev_kfree_skb(skb); 2345 } 2346 2347 2348 /* Called only as a tasklet (software IRQ) */ 2349 static void schedule_packet_send(local_info_t *local, struct sta_info *sta) 2350 { 2351 struct sk_buff *skb; 2352 struct ieee80211_hdr *hdr; 2353 struct hostap_80211_rx_status rx_stats; 2354 2355 if (skb_queue_empty(&sta->tx_buf)) 2356 return; 2357 2358 skb = dev_alloc_skb(16); 2359 if (skb == NULL) { 2360 printk(KERN_DEBUG "%s: schedule_packet_send: skb alloc " 2361 "failed\n", local->dev->name); 2362 return; 2363 } 2364 2365 hdr = skb_put(skb, 16); 2366 2367 /* Generate a fake pspoll frame to start packet delivery */ 2368 hdr->frame_control = cpu_to_le16( 2369 IEEE80211_FTYPE_CTL | IEEE80211_STYPE_PSPOLL); 2370 memcpy(hdr->addr1, local->dev->dev_addr, ETH_ALEN); 2371 memcpy(hdr->addr2, sta->addr, ETH_ALEN); 2372 hdr->duration_id = cpu_to_le16(sta->aid | BIT(15) | BIT(14)); 2373 2374 PDEBUG(DEBUG_PS2, 2375 "%s: Scheduling buffered packet delivery for STA %pM\n", 2376 local->dev->name, sta->addr); 2377 2378 skb->dev = local->dev; 2379 2380 memset(&rx_stats, 0, sizeof(rx_stats)); 2381 hostap_rx(local->dev, skb, &rx_stats); 2382 } 2383 2384 2385 int prism2_ap_get_sta_qual(local_info_t *local, struct sockaddr addr[], 2386 struct iw_quality qual[], int buf_size, 2387 int aplist) 2388 { 2389 struct ap_data *ap = local->ap; 2390 struct list_head *ptr; 2391 int count = 0; 2392 2393 spin_lock_bh(&ap->sta_table_lock); 2394 2395 for (ptr = ap->sta_list.next; ptr != NULL && ptr != &ap->sta_list; 2396 ptr = ptr->next) { 2397 struct sta_info *sta = (struct sta_info *) ptr; 2398 2399 if (aplist && !sta->ap) 2400 continue; 2401 addr[count].sa_family = ARPHRD_ETHER; 2402 memcpy(addr[count].sa_data, sta->addr, ETH_ALEN); 2403 if (sta->last_rx_silence == 0) 2404 qual[count].qual = sta->last_rx_signal < 27 ? 2405 0 : (sta->last_rx_signal - 27) * 92 / 127; 2406 else 2407 qual[count].qual = sta->last_rx_signal - 2408 sta->last_rx_silence - 35; 2409 qual[count].level = HFA384X_LEVEL_TO_dBm(sta->last_rx_signal); 2410 qual[count].noise = HFA384X_LEVEL_TO_dBm(sta->last_rx_silence); 2411 qual[count].updated = sta->last_rx_updated; 2412 2413 sta->last_rx_updated = IW_QUAL_DBM; 2414 2415 count++; 2416 if (count >= buf_size) 2417 break; 2418 } 2419 spin_unlock_bh(&ap->sta_table_lock); 2420 2421 return count; 2422 } 2423 2424 2425 /* Translate our list of Access Points & Stations to a card independent 2426 * format that the Wireless Tools will understand - Jean II */ 2427 int prism2_ap_translate_scan(struct net_device *dev, 2428 struct iw_request_info *info, char *buffer) 2429 { 2430 struct hostap_interface *iface; 2431 local_info_t *local; 2432 struct ap_data *ap; 2433 struct list_head *ptr; 2434 struct iw_event iwe; 2435 char *current_ev = buffer; 2436 char *end_buf = buffer + IW_SCAN_MAX_DATA; 2437 #if !defined(PRISM2_NO_KERNEL_IEEE80211_MGMT) 2438 char buf[64]; 2439 #endif 2440 2441 iface = netdev_priv(dev); 2442 local = iface->local; 2443 ap = local->ap; 2444 2445 spin_lock_bh(&ap->sta_table_lock); 2446 2447 for (ptr = ap->sta_list.next; ptr != NULL && ptr != &ap->sta_list; 2448 ptr = ptr->next) { 2449 struct sta_info *sta = (struct sta_info *) ptr; 2450 2451 /* First entry *MUST* be the AP MAC address */ 2452 memset(&iwe, 0, sizeof(iwe)); 2453 iwe.cmd = SIOCGIWAP; 2454 iwe.u.ap_addr.sa_family = ARPHRD_ETHER; 2455 memcpy(iwe.u.ap_addr.sa_data, sta->addr, ETH_ALEN); 2456 iwe.len = IW_EV_ADDR_LEN; 2457 current_ev = iwe_stream_add_event(info, current_ev, end_buf, 2458 &iwe, IW_EV_ADDR_LEN); 2459 2460 /* Use the mode to indicate if it's a station or 2461 * an Access Point */ 2462 memset(&iwe, 0, sizeof(iwe)); 2463 iwe.cmd = SIOCGIWMODE; 2464 if (sta->ap) 2465 iwe.u.mode = IW_MODE_MASTER; 2466 else 2467 iwe.u.mode = IW_MODE_INFRA; 2468 iwe.len = IW_EV_UINT_LEN; 2469 current_ev = iwe_stream_add_event(info, current_ev, end_buf, 2470 &iwe, IW_EV_UINT_LEN); 2471 2472 /* Some quality */ 2473 memset(&iwe, 0, sizeof(iwe)); 2474 iwe.cmd = IWEVQUAL; 2475 if (sta->last_rx_silence == 0) 2476 iwe.u.qual.qual = sta->last_rx_signal < 27 ? 2477 0 : (sta->last_rx_signal - 27) * 92 / 127; 2478 else 2479 iwe.u.qual.qual = sta->last_rx_signal - 2480 sta->last_rx_silence - 35; 2481 iwe.u.qual.level = HFA384X_LEVEL_TO_dBm(sta->last_rx_signal); 2482 iwe.u.qual.noise = HFA384X_LEVEL_TO_dBm(sta->last_rx_silence); 2483 iwe.u.qual.updated = sta->last_rx_updated; 2484 iwe.len = IW_EV_QUAL_LEN; 2485 current_ev = iwe_stream_add_event(info, current_ev, end_buf, 2486 &iwe, IW_EV_QUAL_LEN); 2487 2488 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 2489 if (sta->ap) { 2490 memset(&iwe, 0, sizeof(iwe)); 2491 iwe.cmd = SIOCGIWESSID; 2492 iwe.u.data.length = sta->u.ap.ssid_len; 2493 iwe.u.data.flags = 1; 2494 current_ev = iwe_stream_add_point(info, current_ev, 2495 end_buf, &iwe, 2496 sta->u.ap.ssid); 2497 2498 memset(&iwe, 0, sizeof(iwe)); 2499 iwe.cmd = SIOCGIWENCODE; 2500 if (sta->capability & WLAN_CAPABILITY_PRIVACY) 2501 iwe.u.data.flags = 2502 IW_ENCODE_ENABLED | IW_ENCODE_NOKEY; 2503 else 2504 iwe.u.data.flags = IW_ENCODE_DISABLED; 2505 current_ev = iwe_stream_add_point(info, current_ev, 2506 end_buf, &iwe, 2507 sta->u.ap.ssid); 2508 2509 if (sta->u.ap.channel > 0 && 2510 sta->u.ap.channel <= FREQ_COUNT) { 2511 memset(&iwe, 0, sizeof(iwe)); 2512 iwe.cmd = SIOCGIWFREQ; 2513 iwe.u.freq.m = freq_list[sta->u.ap.channel - 1] 2514 * 100000; 2515 iwe.u.freq.e = 1; 2516 current_ev = iwe_stream_add_event( 2517 info, current_ev, end_buf, &iwe, 2518 IW_EV_FREQ_LEN); 2519 } 2520 2521 memset(&iwe, 0, sizeof(iwe)); 2522 iwe.cmd = IWEVCUSTOM; 2523 sprintf(buf, "beacon_interval=%d", 2524 sta->listen_interval); 2525 iwe.u.data.length = strlen(buf); 2526 current_ev = iwe_stream_add_point(info, current_ev, 2527 end_buf, &iwe, buf); 2528 } 2529 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 2530 2531 sta->last_rx_updated = IW_QUAL_DBM; 2532 2533 /* To be continued, we should make good use of IWEVCUSTOM */ 2534 } 2535 2536 spin_unlock_bh(&ap->sta_table_lock); 2537 2538 return current_ev - buffer; 2539 } 2540 2541 2542 static int prism2_hostapd_add_sta(struct ap_data *ap, 2543 struct prism2_hostapd_param *param) 2544 { 2545 struct sta_info *sta; 2546 2547 spin_lock_bh(&ap->sta_table_lock); 2548 sta = ap_get_sta(ap, param->sta_addr); 2549 if (sta) 2550 atomic_inc(&sta->users); 2551 spin_unlock_bh(&ap->sta_table_lock); 2552 2553 if (sta == NULL) { 2554 sta = ap_add_sta(ap, param->sta_addr); 2555 if (sta == NULL) 2556 return -1; 2557 } 2558 2559 if (!(sta->flags & WLAN_STA_ASSOC) && !sta->ap && sta->local) 2560 hostap_event_new_sta(sta->local->dev, sta); 2561 2562 sta->flags |= WLAN_STA_AUTH | WLAN_STA_ASSOC; 2563 sta->last_rx = jiffies; 2564 sta->aid = param->u.add_sta.aid; 2565 sta->capability = param->u.add_sta.capability; 2566 sta->tx_supp_rates = param->u.add_sta.tx_supp_rates; 2567 if (sta->tx_supp_rates & WLAN_RATE_1M) 2568 sta->supported_rates[0] = 2; 2569 if (sta->tx_supp_rates & WLAN_RATE_2M) 2570 sta->supported_rates[1] = 4; 2571 if (sta->tx_supp_rates & WLAN_RATE_5M5) 2572 sta->supported_rates[2] = 11; 2573 if (sta->tx_supp_rates & WLAN_RATE_11M) 2574 sta->supported_rates[3] = 22; 2575 prism2_check_tx_rates(sta); 2576 atomic_dec(&sta->users); 2577 return 0; 2578 } 2579 2580 2581 static int prism2_hostapd_remove_sta(struct ap_data *ap, 2582 struct prism2_hostapd_param *param) 2583 { 2584 struct sta_info *sta; 2585 2586 spin_lock_bh(&ap->sta_table_lock); 2587 sta = ap_get_sta(ap, param->sta_addr); 2588 if (sta) { 2589 ap_sta_hash_del(ap, sta); 2590 list_del(&sta->list); 2591 } 2592 spin_unlock_bh(&ap->sta_table_lock); 2593 2594 if (!sta) 2595 return -ENOENT; 2596 2597 if ((sta->flags & WLAN_STA_ASSOC) && !sta->ap && sta->local) 2598 hostap_event_expired_sta(sta->local->dev, sta); 2599 ap_free_sta(ap, sta); 2600 2601 return 0; 2602 } 2603 2604 2605 static int prism2_hostapd_get_info_sta(struct ap_data *ap, 2606 struct prism2_hostapd_param *param) 2607 { 2608 struct sta_info *sta; 2609 2610 spin_lock_bh(&ap->sta_table_lock); 2611 sta = ap_get_sta(ap, param->sta_addr); 2612 if (sta) 2613 atomic_inc(&sta->users); 2614 spin_unlock_bh(&ap->sta_table_lock); 2615 2616 if (!sta) 2617 return -ENOENT; 2618 2619 param->u.get_info_sta.inactive_sec = (jiffies - sta->last_rx) / HZ; 2620 2621 atomic_dec(&sta->users); 2622 2623 return 1; 2624 } 2625 2626 2627 static int prism2_hostapd_set_flags_sta(struct ap_data *ap, 2628 struct prism2_hostapd_param *param) 2629 { 2630 struct sta_info *sta; 2631 2632 spin_lock_bh(&ap->sta_table_lock); 2633 sta = ap_get_sta(ap, param->sta_addr); 2634 if (sta) { 2635 sta->flags |= param->u.set_flags_sta.flags_or; 2636 sta->flags &= param->u.set_flags_sta.flags_and; 2637 } 2638 spin_unlock_bh(&ap->sta_table_lock); 2639 2640 if (!sta) 2641 return -ENOENT; 2642 2643 return 0; 2644 } 2645 2646 2647 static int prism2_hostapd_sta_clear_stats(struct ap_data *ap, 2648 struct prism2_hostapd_param *param) 2649 { 2650 struct sta_info *sta; 2651 int rate; 2652 2653 spin_lock_bh(&ap->sta_table_lock); 2654 sta = ap_get_sta(ap, param->sta_addr); 2655 if (sta) { 2656 sta->rx_packets = sta->tx_packets = 0; 2657 sta->rx_bytes = sta->tx_bytes = 0; 2658 for (rate = 0; rate < WLAN_RATE_COUNT; rate++) { 2659 sta->tx_count[rate] = 0; 2660 sta->rx_count[rate] = 0; 2661 } 2662 } 2663 spin_unlock_bh(&ap->sta_table_lock); 2664 2665 if (!sta) 2666 return -ENOENT; 2667 2668 return 0; 2669 } 2670 2671 2672 int prism2_hostapd(struct ap_data *ap, struct prism2_hostapd_param *param) 2673 { 2674 switch (param->cmd) { 2675 case PRISM2_HOSTAPD_FLUSH: 2676 ap_control_kickall(ap); 2677 return 0; 2678 case PRISM2_HOSTAPD_ADD_STA: 2679 return prism2_hostapd_add_sta(ap, param); 2680 case PRISM2_HOSTAPD_REMOVE_STA: 2681 return prism2_hostapd_remove_sta(ap, param); 2682 case PRISM2_HOSTAPD_GET_INFO_STA: 2683 return prism2_hostapd_get_info_sta(ap, param); 2684 case PRISM2_HOSTAPD_SET_FLAGS_STA: 2685 return prism2_hostapd_set_flags_sta(ap, param); 2686 case PRISM2_HOSTAPD_STA_CLEAR_STATS: 2687 return prism2_hostapd_sta_clear_stats(ap, param); 2688 default: 2689 printk(KERN_WARNING "prism2_hostapd: unknown cmd=%d\n", 2690 param->cmd); 2691 return -EOPNOTSUPP; 2692 } 2693 } 2694 2695 2696 /* Update station info for host-based TX rate control and return current 2697 * TX rate */ 2698 static int ap_update_sta_tx_rate(struct sta_info *sta, struct net_device *dev) 2699 { 2700 int ret = sta->tx_rate; 2701 struct hostap_interface *iface; 2702 local_info_t *local; 2703 2704 iface = netdev_priv(dev); 2705 local = iface->local; 2706 2707 sta->tx_count[sta->tx_rate_idx]++; 2708 sta->tx_since_last_failure++; 2709 sta->tx_consecutive_exc = 0; 2710 if (sta->tx_since_last_failure >= WLAN_RATE_UPDATE_COUNT && 2711 sta->tx_rate_idx < sta->tx_max_rate) { 2712 /* use next higher rate */ 2713 int old_rate, new_rate; 2714 old_rate = new_rate = sta->tx_rate_idx; 2715 while (new_rate < sta->tx_max_rate) { 2716 new_rate++; 2717 if (ap_tx_rate_ok(new_rate, sta, local)) { 2718 sta->tx_rate_idx = new_rate; 2719 break; 2720 } 2721 } 2722 if (old_rate != sta->tx_rate_idx) { 2723 switch (sta->tx_rate_idx) { 2724 case 0: sta->tx_rate = 10; break; 2725 case 1: sta->tx_rate = 20; break; 2726 case 2: sta->tx_rate = 55; break; 2727 case 3: sta->tx_rate = 110; break; 2728 default: sta->tx_rate = 0; break; 2729 } 2730 PDEBUG(DEBUG_AP, "%s: STA %pM TX rate raised to %d\n", 2731 dev->name, sta->addr, sta->tx_rate); 2732 } 2733 sta->tx_since_last_failure = 0; 2734 } 2735 2736 return ret; 2737 } 2738 2739 2740 /* Called only from software IRQ. Called for each TX frame prior possible 2741 * encryption and transmit. */ 2742 ap_tx_ret hostap_handle_sta_tx(local_info_t *local, struct hostap_tx_data *tx) 2743 { 2744 struct sta_info *sta = NULL; 2745 struct sk_buff *skb = tx->skb; 2746 int set_tim, ret; 2747 struct ieee80211_hdr *hdr; 2748 struct hostap_skb_tx_data *meta; 2749 2750 meta = (struct hostap_skb_tx_data *) skb->cb; 2751 ret = AP_TX_CONTINUE; 2752 if (local->ap == NULL || skb->len < 10 || 2753 meta->iface->type == HOSTAP_INTERFACE_STA) 2754 goto out; 2755 2756 hdr = (struct ieee80211_hdr *) skb->data; 2757 2758 if (hdr->addr1[0] & 0x01) { 2759 /* broadcast/multicast frame - no AP related processing */ 2760 if (local->ap->num_sta <= 0) 2761 ret = AP_TX_DROP; 2762 goto out; 2763 } 2764 2765 /* unicast packet - check whether destination STA is associated */ 2766 spin_lock(&local->ap->sta_table_lock); 2767 sta = ap_get_sta(local->ap, hdr->addr1); 2768 if (sta) 2769 atomic_inc(&sta->users); 2770 spin_unlock(&local->ap->sta_table_lock); 2771 2772 if (local->iw_mode == IW_MODE_MASTER && sta == NULL && 2773 !(meta->flags & HOSTAP_TX_FLAGS_WDS) && 2774 meta->iface->type != HOSTAP_INTERFACE_MASTER && 2775 meta->iface->type != HOSTAP_INTERFACE_AP) { 2776 #if 0 2777 /* This can happen, e.g., when wlan0 is added to a bridge and 2778 * bridging code does not know which port is the correct target 2779 * for a unicast frame. In this case, the packet is send to all 2780 * ports of the bridge. Since this is a valid scenario, do not 2781 * print out any errors here. */ 2782 if (net_ratelimit()) { 2783 printk(KERN_DEBUG "AP: drop packet to non-associated " 2784 "STA %pM\n", hdr->addr1); 2785 } 2786 #endif 2787 local->ap->tx_drop_nonassoc++; 2788 ret = AP_TX_DROP; 2789 goto out; 2790 } 2791 2792 if (sta == NULL) 2793 goto out; 2794 2795 if (!(sta->flags & WLAN_STA_AUTHORIZED)) 2796 ret = AP_TX_CONTINUE_NOT_AUTHORIZED; 2797 2798 /* Set tx_rate if using host-based TX rate control */ 2799 if (!local->fw_tx_rate_control) 2800 local->ap->last_tx_rate = meta->rate = 2801 ap_update_sta_tx_rate(sta, local->dev); 2802 2803 if (local->iw_mode != IW_MODE_MASTER) 2804 goto out; 2805 2806 if (!(sta->flags & WLAN_STA_PS)) 2807 goto out; 2808 2809 if (meta->flags & HOSTAP_TX_FLAGS_ADD_MOREDATA) { 2810 /* indicate to STA that more frames follow */ 2811 hdr->frame_control |= 2812 cpu_to_le16(IEEE80211_FCTL_MOREDATA); 2813 } 2814 2815 if (meta->flags & HOSTAP_TX_FLAGS_BUFFERED_FRAME) { 2816 /* packet was already buffered and now send due to 2817 * PS poll, so do not rebuffer it */ 2818 goto out; 2819 } 2820 2821 if (skb_queue_len(&sta->tx_buf) >= STA_MAX_TX_BUFFER) { 2822 PDEBUG(DEBUG_PS, "%s: No more space in STA (%pM)'s" 2823 "PS mode buffer\n", 2824 local->dev->name, sta->addr); 2825 /* Make sure that TIM is set for the station (it might not be 2826 * after AP wlan hw reset). */ 2827 /* FIX: should fix hw reset to restore bits based on STA 2828 * buffer state.. */ 2829 hostap_set_tim(local, sta->aid, 1); 2830 sta->flags |= WLAN_STA_TIM; 2831 ret = AP_TX_DROP; 2832 goto out; 2833 } 2834 2835 /* STA in PS mode, buffer frame for later delivery */ 2836 set_tim = skb_queue_empty(&sta->tx_buf); 2837 skb_queue_tail(&sta->tx_buf, skb); 2838 /* FIX: could save RX time to skb and expire buffered frames after 2839 * some time if STA does not poll for them */ 2840 2841 if (set_tim) { 2842 if (sta->flags & WLAN_STA_TIM) 2843 PDEBUG(DEBUG_PS2, "Re-setting TIM for aid %d\n", 2844 sta->aid); 2845 hostap_set_tim(local, sta->aid, 1); 2846 sta->flags |= WLAN_STA_TIM; 2847 } 2848 2849 ret = AP_TX_BUFFERED; 2850 2851 out: 2852 if (sta != NULL) { 2853 if (ret == AP_TX_CONTINUE || 2854 ret == AP_TX_CONTINUE_NOT_AUTHORIZED) { 2855 sta->tx_packets++; 2856 sta->tx_bytes += skb->len; 2857 sta->last_tx = jiffies; 2858 } 2859 2860 if ((ret == AP_TX_CONTINUE || 2861 ret == AP_TX_CONTINUE_NOT_AUTHORIZED) && 2862 sta->crypt && tx->host_encrypt) { 2863 tx->crypt = sta->crypt; 2864 tx->sta_ptr = sta; /* hostap_handle_sta_release() will 2865 * be called to release sta info 2866 * later */ 2867 } else 2868 atomic_dec(&sta->users); 2869 } 2870 2871 return ret; 2872 } 2873 2874 2875 void hostap_handle_sta_release(void *ptr) 2876 { 2877 struct sta_info *sta = ptr; 2878 atomic_dec(&sta->users); 2879 } 2880 2881 2882 /* Called only as a tasklet (software IRQ) */ 2883 void hostap_handle_sta_tx_exc(local_info_t *local, struct sk_buff *skb) 2884 { 2885 struct sta_info *sta; 2886 struct ieee80211_hdr *hdr; 2887 struct hostap_skb_tx_data *meta; 2888 2889 hdr = (struct ieee80211_hdr *) skb->data; 2890 meta = (struct hostap_skb_tx_data *) skb->cb; 2891 2892 spin_lock(&local->ap->sta_table_lock); 2893 sta = ap_get_sta(local->ap, hdr->addr1); 2894 if (!sta) { 2895 spin_unlock(&local->ap->sta_table_lock); 2896 PDEBUG(DEBUG_AP, "%s: Could not find STA %pM" 2897 " for this TX error (@%lu)\n", 2898 local->dev->name, hdr->addr1, jiffies); 2899 return; 2900 } 2901 2902 sta->tx_since_last_failure = 0; 2903 sta->tx_consecutive_exc++; 2904 2905 if (sta->tx_consecutive_exc >= WLAN_RATE_DECREASE_THRESHOLD && 2906 sta->tx_rate_idx > 0 && meta->rate <= sta->tx_rate) { 2907 /* use next lower rate */ 2908 int old, rate; 2909 old = rate = sta->tx_rate_idx; 2910 while (rate > 0) { 2911 rate--; 2912 if (ap_tx_rate_ok(rate, sta, local)) { 2913 sta->tx_rate_idx = rate; 2914 break; 2915 } 2916 } 2917 if (old != sta->tx_rate_idx) { 2918 switch (sta->tx_rate_idx) { 2919 case 0: sta->tx_rate = 10; break; 2920 case 1: sta->tx_rate = 20; break; 2921 case 2: sta->tx_rate = 55; break; 2922 case 3: sta->tx_rate = 110; break; 2923 default: sta->tx_rate = 0; break; 2924 } 2925 PDEBUG(DEBUG_AP, 2926 "%s: STA %pM TX rate lowered to %d\n", 2927 local->dev->name, sta->addr, sta->tx_rate); 2928 } 2929 sta->tx_consecutive_exc = 0; 2930 } 2931 spin_unlock(&local->ap->sta_table_lock); 2932 } 2933 2934 2935 static void hostap_update_sta_ps2(local_info_t *local, struct sta_info *sta, 2936 int pwrmgt, int type, int stype) 2937 { 2938 if (pwrmgt && !(sta->flags & WLAN_STA_PS)) { 2939 sta->flags |= WLAN_STA_PS; 2940 PDEBUG(DEBUG_PS2, "STA %pM changed to use PS " 2941 "mode (type=0x%02X, stype=0x%02X)\n", 2942 sta->addr, type >> 2, stype >> 4); 2943 } else if (!pwrmgt && (sta->flags & WLAN_STA_PS)) { 2944 sta->flags &= ~WLAN_STA_PS; 2945 PDEBUG(DEBUG_PS2, "STA %pM changed to not use " 2946 "PS mode (type=0x%02X, stype=0x%02X)\n", 2947 sta->addr, type >> 2, stype >> 4); 2948 if (type != IEEE80211_FTYPE_CTL || 2949 stype != IEEE80211_STYPE_PSPOLL) 2950 schedule_packet_send(local, sta); 2951 } 2952 } 2953 2954 2955 /* Called only as a tasklet (software IRQ). Called for each RX frame to update 2956 * STA power saving state. pwrmgt is a flag from 802.11 frame_control field. */ 2957 int hostap_update_sta_ps(local_info_t *local, struct ieee80211_hdr *hdr) 2958 { 2959 struct sta_info *sta; 2960 u16 fc; 2961 2962 spin_lock(&local->ap->sta_table_lock); 2963 sta = ap_get_sta(local->ap, hdr->addr2); 2964 if (sta) 2965 atomic_inc(&sta->users); 2966 spin_unlock(&local->ap->sta_table_lock); 2967 2968 if (!sta) 2969 return -1; 2970 2971 fc = le16_to_cpu(hdr->frame_control); 2972 hostap_update_sta_ps2(local, sta, fc & IEEE80211_FCTL_PM, 2973 fc & IEEE80211_FCTL_FTYPE, 2974 fc & IEEE80211_FCTL_STYPE); 2975 2976 atomic_dec(&sta->users); 2977 return 0; 2978 } 2979 2980 2981 /* Called only as a tasklet (software IRQ). Called for each RX frame after 2982 * getting RX header and payload from hardware. */ 2983 ap_rx_ret hostap_handle_sta_rx(local_info_t *local, struct net_device *dev, 2984 struct sk_buff *skb, 2985 struct hostap_80211_rx_status *rx_stats, 2986 int wds) 2987 { 2988 int ret; 2989 struct sta_info *sta; 2990 u16 fc, type, stype; 2991 struct ieee80211_hdr *hdr; 2992 2993 if (local->ap == NULL) 2994 return AP_RX_CONTINUE; 2995 2996 hdr = (struct ieee80211_hdr *) skb->data; 2997 2998 fc = le16_to_cpu(hdr->frame_control); 2999 type = fc & IEEE80211_FCTL_FTYPE; 3000 stype = fc & IEEE80211_FCTL_STYPE; 3001 3002 spin_lock(&local->ap->sta_table_lock); 3003 sta = ap_get_sta(local->ap, hdr->addr2); 3004 if (sta) 3005 atomic_inc(&sta->users); 3006 spin_unlock(&local->ap->sta_table_lock); 3007 3008 if (sta && !(sta->flags & WLAN_STA_AUTHORIZED)) 3009 ret = AP_RX_CONTINUE_NOT_AUTHORIZED; 3010 else 3011 ret = AP_RX_CONTINUE; 3012 3013 3014 if (fc & IEEE80211_FCTL_TODS) { 3015 if (!wds && (sta == NULL || !(sta->flags & WLAN_STA_ASSOC))) { 3016 if (local->hostapd) { 3017 prism2_rx_80211(local->apdev, skb, rx_stats, 3018 PRISM2_RX_NON_ASSOC); 3019 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 3020 } else { 3021 printk(KERN_DEBUG "%s: dropped received packet" 3022 " from non-associated STA %pM" 3023 " (type=0x%02x, subtype=0x%02x)\n", 3024 dev->name, hdr->addr2, 3025 type >> 2, stype >> 4); 3026 hostap_rx(dev, skb, rx_stats); 3027 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 3028 } 3029 ret = AP_RX_EXIT; 3030 goto out; 3031 } 3032 } else if (fc & IEEE80211_FCTL_FROMDS) { 3033 if (!wds) { 3034 /* FromDS frame - not for us; probably 3035 * broadcast/multicast in another BSS - drop */ 3036 if (ether_addr_equal(hdr->addr1, dev->dev_addr)) { 3037 printk(KERN_DEBUG "Odd.. FromDS packet " 3038 "received with own BSSID\n"); 3039 hostap_dump_rx_80211(dev->name, skb, rx_stats); 3040 } 3041 ret = AP_RX_DROP; 3042 goto out; 3043 } 3044 } else if (stype == IEEE80211_STYPE_NULLFUNC && sta == NULL && 3045 ether_addr_equal(hdr->addr1, dev->dev_addr)) { 3046 3047 if (local->hostapd) { 3048 prism2_rx_80211(local->apdev, skb, rx_stats, 3049 PRISM2_RX_NON_ASSOC); 3050 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 3051 } else { 3052 /* At least Lucent f/w seems to send data::nullfunc 3053 * frames with no ToDS flag when the current AP returns 3054 * after being unavailable for some time. Speed up 3055 * re-association by informing the station about it not 3056 * being associated. */ 3057 printk(KERN_DEBUG "%s: rejected received nullfunc frame" 3058 " without ToDS from not associated STA %pM\n", 3059 dev->name, hdr->addr2); 3060 hostap_rx(dev, skb, rx_stats); 3061 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 3062 } 3063 ret = AP_RX_EXIT; 3064 goto out; 3065 } else if (stype == IEEE80211_STYPE_NULLFUNC) { 3066 /* At least Lucent cards seem to send periodic nullfunc 3067 * frames with ToDS. Let these through to update SQ 3068 * stats and PS state. Nullfunc frames do not contain 3069 * any data and they will be dropped below. */ 3070 } else { 3071 /* If BSSID (Addr3) is foreign, this frame is a normal 3072 * broadcast frame from an IBSS network. Drop it silently. 3073 * If BSSID is own, report the dropping of this frame. */ 3074 if (ether_addr_equal(hdr->addr3, dev->dev_addr)) { 3075 printk(KERN_DEBUG "%s: dropped received packet from %pM" 3076 " with no ToDS flag " 3077 "(type=0x%02x, subtype=0x%02x)\n", dev->name, 3078 hdr->addr2, type >> 2, stype >> 4); 3079 hostap_dump_rx_80211(dev->name, skb, rx_stats); 3080 } 3081 ret = AP_RX_DROP; 3082 goto out; 3083 } 3084 3085 if (sta) { 3086 hostap_update_sta_ps2(local, sta, fc & IEEE80211_FCTL_PM, 3087 type, stype); 3088 3089 sta->rx_packets++; 3090 sta->rx_bytes += skb->len; 3091 sta->last_rx = jiffies; 3092 } 3093 3094 if (local->ap->nullfunc_ack && stype == IEEE80211_STYPE_NULLFUNC && 3095 fc & IEEE80211_FCTL_TODS) { 3096 if (local->hostapd) { 3097 prism2_rx_80211(local->apdev, skb, rx_stats, 3098 PRISM2_RX_NULLFUNC_ACK); 3099 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 3100 } else { 3101 /* some STA f/w's seem to require control::ACK frame 3102 * for data::nullfunc, but Prism2 f/w 0.8.0 (at least 3103 * from Compaq) does not send this.. Try to generate 3104 * ACK for these frames from the host driver to make 3105 * power saving work with, e.g., Lucent WaveLAN f/w */ 3106 hostap_rx(dev, skb, rx_stats); 3107 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 3108 } 3109 ret = AP_RX_EXIT; 3110 goto out; 3111 } 3112 3113 out: 3114 if (sta) 3115 atomic_dec(&sta->users); 3116 3117 return ret; 3118 } 3119 3120 3121 /* Called only as a tasklet (software IRQ) */ 3122 int hostap_handle_sta_crypto(local_info_t *local, 3123 struct ieee80211_hdr *hdr, 3124 struct lib80211_crypt_data **crypt, 3125 void **sta_ptr) 3126 { 3127 struct sta_info *sta; 3128 3129 spin_lock(&local->ap->sta_table_lock); 3130 sta = ap_get_sta(local->ap, hdr->addr2); 3131 if (sta) 3132 atomic_inc(&sta->users); 3133 spin_unlock(&local->ap->sta_table_lock); 3134 3135 if (!sta) 3136 return -1; 3137 3138 if (sta->crypt) { 3139 *crypt = sta->crypt; 3140 *sta_ptr = sta; 3141 /* hostap_handle_sta_release() will be called to release STA 3142 * info */ 3143 } else 3144 atomic_dec(&sta->users); 3145 3146 return 0; 3147 } 3148 3149 3150 /* Called only as a tasklet (software IRQ) */ 3151 int hostap_is_sta_assoc(struct ap_data *ap, u8 *sta_addr) 3152 { 3153 struct sta_info *sta; 3154 int ret = 0; 3155 3156 spin_lock(&ap->sta_table_lock); 3157 sta = ap_get_sta(ap, sta_addr); 3158 if (sta != NULL && (sta->flags & WLAN_STA_ASSOC) && !sta->ap) 3159 ret = 1; 3160 spin_unlock(&ap->sta_table_lock); 3161 3162 return ret; 3163 } 3164 3165 3166 /* Called only as a tasklet (software IRQ) */ 3167 int hostap_is_sta_authorized(struct ap_data *ap, u8 *sta_addr) 3168 { 3169 struct sta_info *sta; 3170 int ret = 0; 3171 3172 spin_lock(&ap->sta_table_lock); 3173 sta = ap_get_sta(ap, sta_addr); 3174 if (sta != NULL && (sta->flags & WLAN_STA_ASSOC) && !sta->ap && 3175 ((sta->flags & WLAN_STA_AUTHORIZED) || 3176 ap->local->ieee_802_1x == 0)) 3177 ret = 1; 3178 spin_unlock(&ap->sta_table_lock); 3179 3180 return ret; 3181 } 3182 3183 3184 /* Called only as a tasklet (software IRQ) */ 3185 int hostap_add_sta(struct ap_data *ap, u8 *sta_addr) 3186 { 3187 struct sta_info *sta; 3188 int ret = 1; 3189 3190 if (!ap) 3191 return -1; 3192 3193 spin_lock(&ap->sta_table_lock); 3194 sta = ap_get_sta(ap, sta_addr); 3195 if (sta) 3196 ret = 0; 3197 spin_unlock(&ap->sta_table_lock); 3198 3199 if (ret == 1) { 3200 sta = ap_add_sta(ap, sta_addr); 3201 if (!sta) 3202 return -1; 3203 sta->flags = WLAN_STA_AUTH | WLAN_STA_ASSOC; 3204 sta->ap = 1; 3205 memset(sta->supported_rates, 0, sizeof(sta->supported_rates)); 3206 /* No way of knowing which rates are supported since we did not 3207 * get supported rates element from beacon/assoc req. Assume 3208 * that remote end supports all 802.11b rates. */ 3209 sta->supported_rates[0] = 0x82; 3210 sta->supported_rates[1] = 0x84; 3211 sta->supported_rates[2] = 0x0b; 3212 sta->supported_rates[3] = 0x16; 3213 sta->tx_supp_rates = WLAN_RATE_1M | WLAN_RATE_2M | 3214 WLAN_RATE_5M5 | WLAN_RATE_11M; 3215 sta->tx_rate = 110; 3216 sta->tx_max_rate = sta->tx_rate_idx = 3; 3217 } 3218 3219 return ret; 3220 } 3221 3222 3223 /* Called only as a tasklet (software IRQ) */ 3224 int hostap_update_rx_stats(struct ap_data *ap, 3225 struct ieee80211_hdr *hdr, 3226 struct hostap_80211_rx_status *rx_stats) 3227 { 3228 struct sta_info *sta; 3229 3230 if (!ap) 3231 return -1; 3232 3233 spin_lock(&ap->sta_table_lock); 3234 sta = ap_get_sta(ap, hdr->addr2); 3235 if (sta) { 3236 sta->last_rx_silence = rx_stats->noise; 3237 sta->last_rx_signal = rx_stats->signal; 3238 sta->last_rx_rate = rx_stats->rate; 3239 sta->last_rx_updated = IW_QUAL_ALL_UPDATED | IW_QUAL_DBM; 3240 if (rx_stats->rate == 10) 3241 sta->rx_count[0]++; 3242 else if (rx_stats->rate == 20) 3243 sta->rx_count[1]++; 3244 else if (rx_stats->rate == 55) 3245 sta->rx_count[2]++; 3246 else if (rx_stats->rate == 110) 3247 sta->rx_count[3]++; 3248 } 3249 spin_unlock(&ap->sta_table_lock); 3250 3251 return sta ? 0 : -1; 3252 } 3253 3254 3255 void hostap_update_rates(local_info_t *local) 3256 { 3257 struct sta_info *sta; 3258 struct ap_data *ap = local->ap; 3259 3260 if (!ap) 3261 return; 3262 3263 spin_lock_bh(&ap->sta_table_lock); 3264 list_for_each_entry(sta, &ap->sta_list, list) { 3265 prism2_check_tx_rates(sta); 3266 } 3267 spin_unlock_bh(&ap->sta_table_lock); 3268 } 3269 3270 3271 void * ap_crypt_get_ptrs(struct ap_data *ap, u8 *addr, int permanent, 3272 struct lib80211_crypt_data ***crypt) 3273 { 3274 struct sta_info *sta; 3275 3276 spin_lock_bh(&ap->sta_table_lock); 3277 sta = ap_get_sta(ap, addr); 3278 if (sta) 3279 atomic_inc(&sta->users); 3280 spin_unlock_bh(&ap->sta_table_lock); 3281 3282 if (!sta && permanent) 3283 sta = ap_add_sta(ap, addr); 3284 3285 if (!sta) 3286 return NULL; 3287 3288 if (permanent) 3289 sta->flags |= WLAN_STA_PERM; 3290 3291 *crypt = &sta->crypt; 3292 3293 return sta; 3294 } 3295 3296 3297 void hostap_add_wds_links(local_info_t *local) 3298 { 3299 struct ap_data *ap = local->ap; 3300 struct sta_info *sta; 3301 3302 spin_lock_bh(&ap->sta_table_lock); 3303 list_for_each_entry(sta, &ap->sta_list, list) { 3304 if (sta->ap) 3305 hostap_wds_link_oper(local, sta->addr, WDS_ADD); 3306 } 3307 spin_unlock_bh(&ap->sta_table_lock); 3308 3309 schedule_work(&local->ap->wds_oper_queue); 3310 } 3311 3312 3313 void hostap_wds_link_oper(local_info_t *local, u8 *addr, wds_oper_type type) 3314 { 3315 struct wds_oper_data *entry; 3316 3317 entry = kmalloc(sizeof(*entry), GFP_ATOMIC); 3318 if (!entry) 3319 return; 3320 memcpy(entry->addr, addr, ETH_ALEN); 3321 entry->type = type; 3322 spin_lock_bh(&local->lock); 3323 entry->next = local->ap->wds_oper_entries; 3324 local->ap->wds_oper_entries = entry; 3325 spin_unlock_bh(&local->lock); 3326 3327 schedule_work(&local->ap->wds_oper_queue); 3328 } 3329 3330 3331 EXPORT_SYMBOL(hostap_init_data); 3332 EXPORT_SYMBOL(hostap_init_ap_proc); 3333 EXPORT_SYMBOL(hostap_free_data); 3334 EXPORT_SYMBOL(hostap_check_sta_fw_version); 3335 EXPORT_SYMBOL(hostap_handle_sta_tx_exc); 3336 #ifndef PRISM2_NO_KERNEL_IEEE80211_MGMT 3337 #endif /* PRISM2_NO_KERNEL_IEEE80211_MGMT */ 3338