xref: /openbmc/linux/net/mac80211/mlme.c (revision b6dcefde)
1 /*
2  * BSS client mode implementation
3  * Copyright 2003-2008, Jouni Malinen <j@w1.fi>
4  * Copyright 2004, Instant802 Networks, Inc.
5  * Copyright 2005, Devicescape Software, Inc.
6  * Copyright 2006-2007	Jiri Benc <jbenc@suse.cz>
7  * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
8  *
9  * This program is free software; you can redistribute it and/or modify
10  * it under the terms of the GNU General Public License version 2 as
11  * published by the Free Software Foundation.
12  */
13 
14 #include <linux/delay.h>
15 #include <linux/if_ether.h>
16 #include <linux/skbuff.h>
17 #include <linux/if_arp.h>
18 #include <linux/etherdevice.h>
19 #include <linux/rtnetlink.h>
20 #include <linux/pm_qos_params.h>
21 #include <linux/crc32.h>
22 #include <net/mac80211.h>
23 #include <asm/unaligned.h>
24 
25 #include "ieee80211_i.h"
26 #include "driver-ops.h"
27 #include "rate.h"
28 #include "led.h"
29 
30 #define IEEE80211_AUTH_TIMEOUT (HZ / 5)
31 #define IEEE80211_AUTH_MAX_TRIES 3
32 #define IEEE80211_ASSOC_TIMEOUT (HZ / 5)
33 #define IEEE80211_ASSOC_MAX_TRIES 3
34 #define IEEE80211_MAX_PROBE_TRIES 5
35 
36 /*
37  * beacon loss detection timeout
38  * XXX: should depend on beacon interval
39  */
40 #define IEEE80211_BEACON_LOSS_TIME	(2 * HZ)
41 /*
42  * Time the connection can be idle before we probe
43  * it to see if we can still talk to the AP.
44  */
45 #define IEEE80211_CONNECTION_IDLE_TIME	(30 * HZ)
46 /*
47  * Time we wait for a probe response after sending
48  * a probe request because of beacon loss or for
49  * checking the connection still works.
50  */
51 #define IEEE80211_PROBE_WAIT		(HZ / 2)
52 
53 #define TMR_RUNNING_TIMER	0
54 #define TMR_RUNNING_CHANSW	1
55 
56 /*
57  * All cfg80211 functions have to be called outside a locked
58  * section so that they can acquire a lock themselves... This
59  * is much simpler than queuing up things in cfg80211, but we
60  * do need some indirection for that here.
61  */
62 enum rx_mgmt_action {
63 	/* no action required */
64 	RX_MGMT_NONE,
65 
66 	/* caller must call cfg80211_send_rx_auth() */
67 	RX_MGMT_CFG80211_AUTH,
68 
69 	/* caller must call cfg80211_send_rx_assoc() */
70 	RX_MGMT_CFG80211_ASSOC,
71 
72 	/* caller must call cfg80211_send_deauth() */
73 	RX_MGMT_CFG80211_DEAUTH,
74 
75 	/* caller must call cfg80211_send_disassoc() */
76 	RX_MGMT_CFG80211_DISASSOC,
77 
78 	/* caller must call cfg80211_auth_timeout() & free work */
79 	RX_MGMT_CFG80211_AUTH_TO,
80 
81 	/* caller must call cfg80211_assoc_timeout() & free work */
82 	RX_MGMT_CFG80211_ASSOC_TO,
83 };
84 
85 /* utils */
86 static inline void ASSERT_MGD_MTX(struct ieee80211_if_managed *ifmgd)
87 {
88 	WARN_ON(!mutex_is_locked(&ifmgd->mtx));
89 }
90 
91 /*
92  * We can have multiple work items (and connection probing)
93  * scheduling this timer, but we need to take care to only
94  * reschedule it when it should fire _earlier_ than it was
95  * asked for before, or if it's not pending right now. This
96  * function ensures that. Note that it then is required to
97  * run this function for all timeouts after the first one
98  * has happened -- the work that runs from this timer will
99  * do that.
100  */
101 static void run_again(struct ieee80211_if_managed *ifmgd,
102 			     unsigned long timeout)
103 {
104 	ASSERT_MGD_MTX(ifmgd);
105 
106 	if (!timer_pending(&ifmgd->timer) ||
107 	    time_before(timeout, ifmgd->timer.expires))
108 		mod_timer(&ifmgd->timer, timeout);
109 }
110 
111 static void mod_beacon_timer(struct ieee80211_sub_if_data *sdata)
112 {
113 	if (sdata->local->hw.flags & IEEE80211_HW_BEACON_FILTER)
114 		return;
115 
116 	mod_timer(&sdata->u.mgd.bcn_mon_timer,
117 		  round_jiffies_up(jiffies + IEEE80211_BEACON_LOSS_TIME));
118 }
119 
120 static int ecw2cw(int ecw)
121 {
122 	return (1 << ecw) - 1;
123 }
124 
125 static int ieee80211_compatible_rates(struct ieee80211_bss *bss,
126 				      struct ieee80211_supported_band *sband,
127 				      u32 *rates)
128 {
129 	int i, j, count;
130 	*rates = 0;
131 	count = 0;
132 	for (i = 0; i < bss->supp_rates_len; i++) {
133 		int rate = (bss->supp_rates[i] & 0x7F) * 5;
134 
135 		for (j = 0; j < sband->n_bitrates; j++)
136 			if (sband->bitrates[j].bitrate == rate) {
137 				*rates |= BIT(j);
138 				count++;
139 				break;
140 			}
141 	}
142 
143 	return count;
144 }
145 
146 /*
147  * ieee80211_enable_ht should be called only after the operating band
148  * has been determined as ht configuration depends on the hw's
149  * HT abilities for a specific band.
150  */
151 static u32 ieee80211_enable_ht(struct ieee80211_sub_if_data *sdata,
152 			       struct ieee80211_ht_info *hti,
153 			       const u8 *bssid, u16 ap_ht_cap_flags)
154 {
155 	struct ieee80211_local *local = sdata->local;
156 	struct ieee80211_supported_band *sband;
157 	struct sta_info *sta;
158 	u32 changed = 0;
159 	u16 ht_opmode;
160 	bool enable_ht = true, ht_changed;
161 	enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT;
162 
163 	sband = local->hw.wiphy->bands[local->hw.conf.channel->band];
164 
165 	/* HT is not supported */
166 	if (!sband->ht_cap.ht_supported)
167 		enable_ht = false;
168 
169 	/* check that channel matches the right operating channel */
170 	if (local->hw.conf.channel->center_freq !=
171 	    ieee80211_channel_to_frequency(hti->control_chan))
172 		enable_ht = false;
173 
174 	if (enable_ht) {
175 		channel_type = NL80211_CHAN_HT20;
176 
177 		if (!(ap_ht_cap_flags & IEEE80211_HT_CAP_40MHZ_INTOLERANT) &&
178 		    (sband->ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40) &&
179 		    (hti->ht_param & IEEE80211_HT_PARAM_CHAN_WIDTH_ANY)) {
180 			switch(hti->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) {
181 			case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
182 				if (!(local->hw.conf.channel->flags &
183 				    IEEE80211_CHAN_NO_HT40PLUS))
184 					channel_type = NL80211_CHAN_HT40PLUS;
185 				break;
186 			case IEEE80211_HT_PARAM_CHA_SEC_BELOW:
187 				if (!(local->hw.conf.channel->flags &
188 				    IEEE80211_CHAN_NO_HT40MINUS))
189 					channel_type = NL80211_CHAN_HT40MINUS;
190 				break;
191 			}
192 		}
193 	}
194 
195 	ht_changed = conf_is_ht(&local->hw.conf) != enable_ht ||
196 		     channel_type != local->hw.conf.channel_type;
197 
198 	local->oper_channel_type = channel_type;
199 
200 	if (ht_changed) {
201                 /* channel_type change automatically detected */
202 		ieee80211_hw_config(local, 0);
203 
204 		rcu_read_lock();
205 		sta = sta_info_get(local, bssid);
206 		if (sta)
207 			rate_control_rate_update(local, sband, sta,
208 						 IEEE80211_RC_HT_CHANGED);
209 		rcu_read_unlock();
210         }
211 
212 	/* disable HT */
213 	if (!enable_ht)
214 		return 0;
215 
216 	ht_opmode = le16_to_cpu(hti->operation_mode);
217 
218 	/* if bss configuration changed store the new one */
219 	if (!sdata->ht_opmode_valid ||
220 	    sdata->vif.bss_conf.ht_operation_mode != ht_opmode) {
221 		changed |= BSS_CHANGED_HT;
222 		sdata->vif.bss_conf.ht_operation_mode = ht_opmode;
223 		sdata->ht_opmode_valid = true;
224 	}
225 
226 	return changed;
227 }
228 
229 /* frame sending functions */
230 
231 static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata,
232 				 struct ieee80211_mgd_work *wk)
233 {
234 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
235 	struct ieee80211_local *local = sdata->local;
236 	struct sk_buff *skb;
237 	struct ieee80211_mgmt *mgmt;
238 	u8 *pos;
239 	const u8 *ies, *ht_ie;
240 	int i, len, count, rates_len, supp_rates_len;
241 	u16 capab;
242 	int wmm = 0;
243 	struct ieee80211_supported_band *sband;
244 	u32 rates = 0;
245 
246 	skb = dev_alloc_skb(local->hw.extra_tx_headroom +
247 			    sizeof(*mgmt) + 200 + wk->ie_len +
248 			    wk->ssid_len);
249 	if (!skb) {
250 		printk(KERN_DEBUG "%s: failed to allocate buffer for assoc "
251 		       "frame\n", sdata->dev->name);
252 		return;
253 	}
254 	skb_reserve(skb, local->hw.extra_tx_headroom);
255 
256 	sband = local->hw.wiphy->bands[local->hw.conf.channel->band];
257 
258 	capab = ifmgd->capab;
259 
260 	if (local->hw.conf.channel->band == IEEE80211_BAND_2GHZ) {
261 		if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE))
262 			capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME;
263 		if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE))
264 			capab |= WLAN_CAPABILITY_SHORT_PREAMBLE;
265 	}
266 
267 	if (wk->bss->cbss.capability & WLAN_CAPABILITY_PRIVACY)
268 		capab |= WLAN_CAPABILITY_PRIVACY;
269 	if (wk->bss->wmm_used)
270 		wmm = 1;
271 
272 	/* get all rates supported by the device and the AP as
273 	 * some APs don't like getting a superset of their rates
274 	 * in the association request (e.g. D-Link DAP 1353 in
275 	 * b-only mode) */
276 	rates_len = ieee80211_compatible_rates(wk->bss, sband, &rates);
277 
278 	if ((wk->bss->cbss.capability & WLAN_CAPABILITY_SPECTRUM_MGMT) &&
279 	    (local->hw.flags & IEEE80211_HW_SPECTRUM_MGMT))
280 		capab |= WLAN_CAPABILITY_SPECTRUM_MGMT;
281 
282 	mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
283 	memset(mgmt, 0, 24);
284 	memcpy(mgmt->da, wk->bss->cbss.bssid, ETH_ALEN);
285 	memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN);
286 	memcpy(mgmt->bssid, wk->bss->cbss.bssid, ETH_ALEN);
287 
288 	if (!is_zero_ether_addr(wk->prev_bssid)) {
289 		skb_put(skb, 10);
290 		mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
291 						  IEEE80211_STYPE_REASSOC_REQ);
292 		mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab);
293 		mgmt->u.reassoc_req.listen_interval =
294 				cpu_to_le16(local->hw.conf.listen_interval);
295 		memcpy(mgmt->u.reassoc_req.current_ap, wk->prev_bssid,
296 		       ETH_ALEN);
297 	} else {
298 		skb_put(skb, 4);
299 		mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
300 						  IEEE80211_STYPE_ASSOC_REQ);
301 		mgmt->u.assoc_req.capab_info = cpu_to_le16(capab);
302 		mgmt->u.assoc_req.listen_interval =
303 				cpu_to_le16(local->hw.conf.listen_interval);
304 	}
305 
306 	/* SSID */
307 	ies = pos = skb_put(skb, 2 + wk->ssid_len);
308 	*pos++ = WLAN_EID_SSID;
309 	*pos++ = wk->ssid_len;
310 	memcpy(pos, wk->ssid, wk->ssid_len);
311 
312 	/* add all rates which were marked to be used above */
313 	supp_rates_len = rates_len;
314 	if (supp_rates_len > 8)
315 		supp_rates_len = 8;
316 
317 	len = sband->n_bitrates;
318 	pos = skb_put(skb, supp_rates_len + 2);
319 	*pos++ = WLAN_EID_SUPP_RATES;
320 	*pos++ = supp_rates_len;
321 
322 	count = 0;
323 	for (i = 0; i < sband->n_bitrates; i++) {
324 		if (BIT(i) & rates) {
325 			int rate = sband->bitrates[i].bitrate;
326 			*pos++ = (u8) (rate / 5);
327 			if (++count == 8)
328 				break;
329 		}
330 	}
331 
332 	if (rates_len > count) {
333 		pos = skb_put(skb, rates_len - count + 2);
334 		*pos++ = WLAN_EID_EXT_SUPP_RATES;
335 		*pos++ = rates_len - count;
336 
337 		for (i++; i < sband->n_bitrates; i++) {
338 			if (BIT(i) & rates) {
339 				int rate = sband->bitrates[i].bitrate;
340 				*pos++ = (u8) (rate / 5);
341 			}
342 		}
343 	}
344 
345 	if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT) {
346 		/* 1. power capabilities */
347 		pos = skb_put(skb, 4);
348 		*pos++ = WLAN_EID_PWR_CAPABILITY;
349 		*pos++ = 2;
350 		*pos++ = 0; /* min tx power */
351 		*pos++ = local->hw.conf.channel->max_power; /* max tx power */
352 
353 		/* 2. supported channels */
354 		/* TODO: get this in reg domain format */
355 		pos = skb_put(skb, 2 * sband->n_channels + 2);
356 		*pos++ = WLAN_EID_SUPPORTED_CHANNELS;
357 		*pos++ = 2 * sband->n_channels;
358 		for (i = 0; i < sband->n_channels; i++) {
359 			*pos++ = ieee80211_frequency_to_channel(
360 					sband->channels[i].center_freq);
361 			*pos++ = 1; /* one channel in the subband*/
362 		}
363 	}
364 
365 	if (wk->ie_len && wk->ie) {
366 		pos = skb_put(skb, wk->ie_len);
367 		memcpy(pos, wk->ie, wk->ie_len);
368 	}
369 
370 	if (wmm && (ifmgd->flags & IEEE80211_STA_WMM_ENABLED)) {
371 		pos = skb_put(skb, 9);
372 		*pos++ = WLAN_EID_VENDOR_SPECIFIC;
373 		*pos++ = 7; /* len */
374 		*pos++ = 0x00; /* Microsoft OUI 00:50:F2 */
375 		*pos++ = 0x50;
376 		*pos++ = 0xf2;
377 		*pos++ = 2; /* WME */
378 		*pos++ = 0; /* WME info */
379 		*pos++ = 1; /* WME ver */
380 		*pos++ = 0;
381 	}
382 
383 	/* wmm support is a must to HT */
384 	/*
385 	 * IEEE802.11n does not allow TKIP/WEP as pairwise
386 	 * ciphers in HT mode. We still associate in non-ht
387 	 * mode (11a/b/g) if any one of these ciphers is
388 	 * configured as pairwise.
389 	 */
390 	if (wmm && (ifmgd->flags & IEEE80211_STA_WMM_ENABLED) &&
391 	    sband->ht_cap.ht_supported &&
392 	    (ht_ie = ieee80211_bss_get_ie(&wk->bss->cbss, WLAN_EID_HT_INFORMATION)) &&
393 	    ht_ie[1] >= sizeof(struct ieee80211_ht_info) &&
394 	    (!(ifmgd->flags & IEEE80211_STA_DISABLE_11N))) {
395 		struct ieee80211_ht_info *ht_info =
396 			(struct ieee80211_ht_info *)(ht_ie + 2);
397 		u16 cap = sband->ht_cap.cap;
398 		__le16 tmp;
399 		u32 flags = local->hw.conf.channel->flags;
400 
401 		switch (ht_info->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) {
402 		case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
403 			if (flags & IEEE80211_CHAN_NO_HT40PLUS) {
404 				cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
405 				cap &= ~IEEE80211_HT_CAP_SGI_40;
406 			}
407 			break;
408 		case IEEE80211_HT_PARAM_CHA_SEC_BELOW:
409 			if (flags & IEEE80211_CHAN_NO_HT40MINUS) {
410 				cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
411 				cap &= ~IEEE80211_HT_CAP_SGI_40;
412 			}
413 			break;
414 		}
415 
416 		tmp = cpu_to_le16(cap);
417 		pos = skb_put(skb, sizeof(struct ieee80211_ht_cap)+2);
418 		*pos++ = WLAN_EID_HT_CAPABILITY;
419 		*pos++ = sizeof(struct ieee80211_ht_cap);
420 		memset(pos, 0, sizeof(struct ieee80211_ht_cap));
421 		memcpy(pos, &tmp, sizeof(u16));
422 		pos += sizeof(u16);
423 		/* TODO: needs a define here for << 2 */
424 		*pos++ = sband->ht_cap.ampdu_factor |
425 			 (sband->ht_cap.ampdu_density << 2);
426 		memcpy(pos, &sband->ht_cap.mcs, sizeof(sband->ht_cap.mcs));
427 	}
428 
429 	IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
430 	ieee80211_tx_skb(sdata, skb);
431 }
432 
433 
434 static void ieee80211_send_deauth_disassoc(struct ieee80211_sub_if_data *sdata,
435 					   const u8 *bssid, u16 stype, u16 reason,
436 					   void *cookie)
437 {
438 	struct ieee80211_local *local = sdata->local;
439 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
440 	struct sk_buff *skb;
441 	struct ieee80211_mgmt *mgmt;
442 
443 	skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt));
444 	if (!skb) {
445 		printk(KERN_DEBUG "%s: failed to allocate buffer for "
446 		       "deauth/disassoc frame\n", sdata->dev->name);
447 		return;
448 	}
449 	skb_reserve(skb, local->hw.extra_tx_headroom);
450 
451 	mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
452 	memset(mgmt, 0, 24);
453 	memcpy(mgmt->da, bssid, ETH_ALEN);
454 	memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN);
455 	memcpy(mgmt->bssid, bssid, ETH_ALEN);
456 	mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | stype);
457 	skb_put(skb, 2);
458 	/* u.deauth.reason_code == u.disassoc.reason_code */
459 	mgmt->u.deauth.reason_code = cpu_to_le16(reason);
460 
461 	if (stype == IEEE80211_STYPE_DEAUTH)
462 		if (cookie)
463 			__cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len);
464 		else
465 			cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len);
466 	else
467 		if (cookie)
468 			__cfg80211_send_disassoc(sdata->dev, (u8 *)mgmt, skb->len);
469 		else
470 			cfg80211_send_disassoc(sdata->dev, (u8 *)mgmt, skb->len);
471 	if (!(ifmgd->flags & IEEE80211_STA_MFP_ENABLED))
472 		IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
473 	ieee80211_tx_skb(sdata, skb);
474 }
475 
476 void ieee80211_send_pspoll(struct ieee80211_local *local,
477 			   struct ieee80211_sub_if_data *sdata)
478 {
479 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
480 	struct ieee80211_pspoll *pspoll;
481 	struct sk_buff *skb;
482 	u16 fc;
483 
484 	skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*pspoll));
485 	if (!skb) {
486 		printk(KERN_DEBUG "%s: failed to allocate buffer for "
487 		       "pspoll frame\n", sdata->dev->name);
488 		return;
489 	}
490 	skb_reserve(skb, local->hw.extra_tx_headroom);
491 
492 	pspoll = (struct ieee80211_pspoll *) skb_put(skb, sizeof(*pspoll));
493 	memset(pspoll, 0, sizeof(*pspoll));
494 	fc = IEEE80211_FTYPE_CTL | IEEE80211_STYPE_PSPOLL | IEEE80211_FCTL_PM;
495 	pspoll->frame_control = cpu_to_le16(fc);
496 	pspoll->aid = cpu_to_le16(ifmgd->aid);
497 
498 	/* aid in PS-Poll has its two MSBs each set to 1 */
499 	pspoll->aid |= cpu_to_le16(1 << 15 | 1 << 14);
500 
501 	memcpy(pspoll->bssid, ifmgd->bssid, ETH_ALEN);
502 	memcpy(pspoll->ta, sdata->dev->dev_addr, ETH_ALEN);
503 
504 	IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
505 	ieee80211_tx_skb(sdata, skb);
506 }
507 
508 void ieee80211_send_nullfunc(struct ieee80211_local *local,
509 			     struct ieee80211_sub_if_data *sdata,
510 			     int powersave)
511 {
512 	struct sk_buff *skb;
513 	struct ieee80211_hdr *nullfunc;
514 	__le16 fc;
515 
516 	if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
517 		return;
518 
519 	skb = dev_alloc_skb(local->hw.extra_tx_headroom + 24);
520 	if (!skb) {
521 		printk(KERN_DEBUG "%s: failed to allocate buffer for nullfunc "
522 		       "frame\n", sdata->dev->name);
523 		return;
524 	}
525 	skb_reserve(skb, local->hw.extra_tx_headroom);
526 
527 	nullfunc = (struct ieee80211_hdr *) skb_put(skb, 24);
528 	memset(nullfunc, 0, 24);
529 	fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC |
530 			 IEEE80211_FCTL_TODS);
531 	if (powersave)
532 		fc |= cpu_to_le16(IEEE80211_FCTL_PM);
533 	nullfunc->frame_control = fc;
534 	memcpy(nullfunc->addr1, sdata->u.mgd.bssid, ETH_ALEN);
535 	memcpy(nullfunc->addr2, sdata->dev->dev_addr, ETH_ALEN);
536 	memcpy(nullfunc->addr3, sdata->u.mgd.bssid, ETH_ALEN);
537 
538 	IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
539 	ieee80211_tx_skb(sdata, skb);
540 }
541 
542 /* spectrum management related things */
543 static void ieee80211_chswitch_work(struct work_struct *work)
544 {
545 	struct ieee80211_sub_if_data *sdata =
546 		container_of(work, struct ieee80211_sub_if_data, u.mgd.chswitch_work);
547 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
548 
549 	if (!netif_running(sdata->dev))
550 		return;
551 
552 	mutex_lock(&ifmgd->mtx);
553 	if (!ifmgd->associated)
554 		goto out;
555 
556 	sdata->local->oper_channel = sdata->local->csa_channel;
557 	ieee80211_hw_config(sdata->local, IEEE80211_CONF_CHANGE_CHANNEL);
558 
559 	/* XXX: shouldn't really modify cfg80211-owned data! */
560 	ifmgd->associated->cbss.channel = sdata->local->oper_channel;
561 
562 	ieee80211_wake_queues_by_reason(&sdata->local->hw,
563 					IEEE80211_QUEUE_STOP_REASON_CSA);
564  out:
565 	ifmgd->flags &= ~IEEE80211_STA_CSA_RECEIVED;
566 	mutex_unlock(&ifmgd->mtx);
567 }
568 
569 static void ieee80211_chswitch_timer(unsigned long data)
570 {
571 	struct ieee80211_sub_if_data *sdata =
572 		(struct ieee80211_sub_if_data *) data;
573 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
574 
575 	if (sdata->local->quiescing) {
576 		set_bit(TMR_RUNNING_CHANSW, &ifmgd->timers_running);
577 		return;
578 	}
579 
580 	ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work);
581 }
582 
583 void ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata,
584 				      struct ieee80211_channel_sw_ie *sw_elem,
585 				      struct ieee80211_bss *bss)
586 {
587 	struct ieee80211_channel *new_ch;
588 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
589 	int new_freq = ieee80211_channel_to_frequency(sw_elem->new_ch_num);
590 
591 	ASSERT_MGD_MTX(ifmgd);
592 
593 	if (!ifmgd->associated)
594 		return;
595 
596 	if (sdata->local->scanning)
597 		return;
598 
599 	/* Disregard subsequent beacons if we are already running a timer
600 	   processing a CSA */
601 
602 	if (ifmgd->flags & IEEE80211_STA_CSA_RECEIVED)
603 		return;
604 
605 	new_ch = ieee80211_get_channel(sdata->local->hw.wiphy, new_freq);
606 	if (!new_ch || new_ch->flags & IEEE80211_CHAN_DISABLED)
607 		return;
608 
609 	sdata->local->csa_channel = new_ch;
610 
611 	if (sw_elem->count <= 1) {
612 		ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work);
613 	} else {
614 		ieee80211_stop_queues_by_reason(&sdata->local->hw,
615 					IEEE80211_QUEUE_STOP_REASON_CSA);
616 		ifmgd->flags |= IEEE80211_STA_CSA_RECEIVED;
617 		mod_timer(&ifmgd->chswitch_timer,
618 			  jiffies +
619 			  msecs_to_jiffies(sw_elem->count *
620 					   bss->cbss.beacon_interval));
621 	}
622 }
623 
624 static void ieee80211_handle_pwr_constr(struct ieee80211_sub_if_data *sdata,
625 					u16 capab_info, u8 *pwr_constr_elem,
626 					u8 pwr_constr_elem_len)
627 {
628 	struct ieee80211_conf *conf = &sdata->local->hw.conf;
629 
630 	if (!(capab_info & WLAN_CAPABILITY_SPECTRUM_MGMT))
631 		return;
632 
633 	/* Power constraint IE length should be 1 octet */
634 	if (pwr_constr_elem_len != 1)
635 		return;
636 
637 	if ((*pwr_constr_elem <= conf->channel->max_power) &&
638 	    (*pwr_constr_elem != sdata->local->power_constr_level)) {
639 		sdata->local->power_constr_level = *pwr_constr_elem;
640 		ieee80211_hw_config(sdata->local, 0);
641 	}
642 }
643 
644 /* powersave */
645 static void ieee80211_enable_ps(struct ieee80211_local *local,
646 				struct ieee80211_sub_if_data *sdata)
647 {
648 	struct ieee80211_conf *conf = &local->hw.conf;
649 
650 	/*
651 	 * If we are scanning right now then the parameters will
652 	 * take effect when scan finishes.
653 	 */
654 	if (local->scanning)
655 		return;
656 
657 	if (conf->dynamic_ps_timeout > 0 &&
658 	    !(local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_PS)) {
659 		mod_timer(&local->dynamic_ps_timer, jiffies +
660 			  msecs_to_jiffies(conf->dynamic_ps_timeout));
661 	} else {
662 		if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK)
663 			ieee80211_send_nullfunc(local, sdata, 1);
664 		conf->flags |= IEEE80211_CONF_PS;
665 		ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
666 	}
667 }
668 
669 static void ieee80211_change_ps(struct ieee80211_local *local)
670 {
671 	struct ieee80211_conf *conf = &local->hw.conf;
672 
673 	if (local->ps_sdata) {
674 		ieee80211_enable_ps(local, local->ps_sdata);
675 	} else if (conf->flags & IEEE80211_CONF_PS) {
676 		conf->flags &= ~IEEE80211_CONF_PS;
677 		ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
678 		del_timer_sync(&local->dynamic_ps_timer);
679 		cancel_work_sync(&local->dynamic_ps_enable_work);
680 	}
681 }
682 
683 /* need to hold RTNL or interface lock */
684 void ieee80211_recalc_ps(struct ieee80211_local *local, s32 latency)
685 {
686 	struct ieee80211_sub_if_data *sdata, *found = NULL;
687 	int count = 0;
688 
689 	if (!(local->hw.flags & IEEE80211_HW_SUPPORTS_PS)) {
690 		local->ps_sdata = NULL;
691 		return;
692 	}
693 
694 	list_for_each_entry(sdata, &local->interfaces, list) {
695 		if (!netif_running(sdata->dev))
696 			continue;
697 		if (sdata->vif.type != NL80211_IFTYPE_STATION)
698 			continue;
699 		found = sdata;
700 		count++;
701 	}
702 
703 	if (count == 1 && found->u.mgd.powersave &&
704 	    found->u.mgd.associated && list_empty(&found->u.mgd.work_list) &&
705 	    !(found->u.mgd.flags & (IEEE80211_STA_BEACON_POLL |
706 				    IEEE80211_STA_CONNECTION_POLL))) {
707 		s32 beaconint_us;
708 
709 		if (latency < 0)
710 			latency = pm_qos_requirement(PM_QOS_NETWORK_LATENCY);
711 
712 		beaconint_us = ieee80211_tu_to_usec(
713 					found->vif.bss_conf.beacon_int);
714 
715 		if (beaconint_us > latency) {
716 			local->ps_sdata = NULL;
717 		} else {
718 			u8 dtimper = found->vif.bss_conf.dtim_period;
719 			int maxslp = 1;
720 
721 			if (dtimper > 1)
722 				maxslp = min_t(int, dtimper,
723 						    latency / beaconint_us);
724 
725 			local->hw.conf.max_sleep_period = maxslp;
726 			local->ps_sdata = found;
727 		}
728 	} else {
729 		local->ps_sdata = NULL;
730 	}
731 
732 	ieee80211_change_ps(local);
733 }
734 
735 void ieee80211_dynamic_ps_disable_work(struct work_struct *work)
736 {
737 	struct ieee80211_local *local =
738 		container_of(work, struct ieee80211_local,
739 			     dynamic_ps_disable_work);
740 
741 	if (local->hw.conf.flags & IEEE80211_CONF_PS) {
742 		local->hw.conf.flags &= ~IEEE80211_CONF_PS;
743 		ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
744 	}
745 
746 	ieee80211_wake_queues_by_reason(&local->hw,
747 					IEEE80211_QUEUE_STOP_REASON_PS);
748 }
749 
750 void ieee80211_dynamic_ps_enable_work(struct work_struct *work)
751 {
752 	struct ieee80211_local *local =
753 		container_of(work, struct ieee80211_local,
754 			     dynamic_ps_enable_work);
755 	struct ieee80211_sub_if_data *sdata = local->ps_sdata;
756 
757 	/* can only happen when PS was just disabled anyway */
758 	if (!sdata)
759 		return;
760 
761 	if (local->hw.conf.flags & IEEE80211_CONF_PS)
762 		return;
763 
764 	if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK)
765 		ieee80211_send_nullfunc(local, sdata, 1);
766 
767 	local->hw.conf.flags |= IEEE80211_CONF_PS;
768 	ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
769 }
770 
771 void ieee80211_dynamic_ps_timer(unsigned long data)
772 {
773 	struct ieee80211_local *local = (void *) data;
774 
775 	if (local->quiescing || local->suspended)
776 		return;
777 
778 	ieee80211_queue_work(&local->hw, &local->dynamic_ps_enable_work);
779 }
780 
781 /* MLME */
782 static void ieee80211_sta_wmm_params(struct ieee80211_local *local,
783 				     struct ieee80211_if_managed *ifmgd,
784 				     u8 *wmm_param, size_t wmm_param_len)
785 {
786 	struct ieee80211_tx_queue_params params;
787 	size_t left;
788 	int count;
789 	u8 *pos;
790 
791 	if (!(ifmgd->flags & IEEE80211_STA_WMM_ENABLED))
792 		return;
793 
794 	if (!wmm_param)
795 		return;
796 
797 	if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1)
798 		return;
799 	count = wmm_param[6] & 0x0f;
800 	if (count == ifmgd->wmm_last_param_set)
801 		return;
802 	ifmgd->wmm_last_param_set = count;
803 
804 	pos = wmm_param + 8;
805 	left = wmm_param_len - 8;
806 
807 	memset(&params, 0, sizeof(params));
808 
809 	local->wmm_acm = 0;
810 	for (; left >= 4; left -= 4, pos += 4) {
811 		int aci = (pos[0] >> 5) & 0x03;
812 		int acm = (pos[0] >> 4) & 0x01;
813 		int queue;
814 
815 		switch (aci) {
816 		case 1: /* AC_BK */
817 			queue = 3;
818 			if (acm)
819 				local->wmm_acm |= BIT(1) | BIT(2); /* BK/- */
820 			break;
821 		case 2: /* AC_VI */
822 			queue = 1;
823 			if (acm)
824 				local->wmm_acm |= BIT(4) | BIT(5); /* CL/VI */
825 			break;
826 		case 3: /* AC_VO */
827 			queue = 0;
828 			if (acm)
829 				local->wmm_acm |= BIT(6) | BIT(7); /* VO/NC */
830 			break;
831 		case 0: /* AC_BE */
832 		default:
833 			queue = 2;
834 			if (acm)
835 				local->wmm_acm |= BIT(0) | BIT(3); /* BE/EE */
836 			break;
837 		}
838 
839 		params.aifs = pos[0] & 0x0f;
840 		params.cw_max = ecw2cw((pos[1] & 0xf0) >> 4);
841 		params.cw_min = ecw2cw(pos[1] & 0x0f);
842 		params.txop = get_unaligned_le16(pos + 2);
843 #ifdef CONFIG_MAC80211_VERBOSE_DEBUG
844 		printk(KERN_DEBUG "%s: WMM queue=%d aci=%d acm=%d aifs=%d "
845 		       "cWmin=%d cWmax=%d txop=%d\n",
846 		       wiphy_name(local->hw.wiphy), queue, aci, acm,
847 		       params.aifs, params.cw_min, params.cw_max, params.txop);
848 #endif
849 		if (drv_conf_tx(local, queue, &params) && local->ops->conf_tx)
850 			printk(KERN_DEBUG "%s: failed to set TX queue "
851 			       "parameters for queue %d\n",
852 			       wiphy_name(local->hw.wiphy), queue);
853 	}
854 }
855 
856 static u32 ieee80211_handle_bss_capability(struct ieee80211_sub_if_data *sdata,
857 					   u16 capab, bool erp_valid, u8 erp)
858 {
859 	struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
860 	u32 changed = 0;
861 	bool use_protection;
862 	bool use_short_preamble;
863 	bool use_short_slot;
864 
865 	if (erp_valid) {
866 		use_protection = (erp & WLAN_ERP_USE_PROTECTION) != 0;
867 		use_short_preamble = (erp & WLAN_ERP_BARKER_PREAMBLE) == 0;
868 	} else {
869 		use_protection = false;
870 		use_short_preamble = !!(capab & WLAN_CAPABILITY_SHORT_PREAMBLE);
871 	}
872 
873 	use_short_slot = !!(capab & WLAN_CAPABILITY_SHORT_SLOT_TIME);
874 
875 	if (use_protection != bss_conf->use_cts_prot) {
876 		bss_conf->use_cts_prot = use_protection;
877 		changed |= BSS_CHANGED_ERP_CTS_PROT;
878 	}
879 
880 	if (use_short_preamble != bss_conf->use_short_preamble) {
881 		bss_conf->use_short_preamble = use_short_preamble;
882 		changed |= BSS_CHANGED_ERP_PREAMBLE;
883 	}
884 
885 	if (use_short_slot != bss_conf->use_short_slot) {
886 		bss_conf->use_short_slot = use_short_slot;
887 		changed |= BSS_CHANGED_ERP_SLOT;
888 	}
889 
890 	return changed;
891 }
892 
893 static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata,
894 				     struct ieee80211_mgd_work *wk,
895 				     u32 bss_info_changed)
896 {
897 	struct ieee80211_local *local = sdata->local;
898 	struct ieee80211_bss *bss = wk->bss;
899 
900 	bss_info_changed |= BSS_CHANGED_ASSOC;
901 	/* set timing information */
902 	sdata->vif.bss_conf.beacon_int = bss->cbss.beacon_interval;
903 	sdata->vif.bss_conf.timestamp = bss->cbss.tsf;
904 	sdata->vif.bss_conf.dtim_period = bss->dtim_period;
905 
906 	bss_info_changed |= BSS_CHANGED_BEACON_INT;
907 	bss_info_changed |= ieee80211_handle_bss_capability(sdata,
908 		bss->cbss.capability, bss->has_erp_value, bss->erp_value);
909 
910 	sdata->u.mgd.associated = bss;
911 	sdata->u.mgd.old_associate_work = wk;
912 	memcpy(sdata->u.mgd.bssid, bss->cbss.bssid, ETH_ALEN);
913 
914 	/* just to be sure */
915 	sdata->u.mgd.flags &= ~(IEEE80211_STA_CONNECTION_POLL |
916 				IEEE80211_STA_BEACON_POLL);
917 
918 	/*
919 	 * Always handle WMM once after association regardless
920 	 * of the first value the AP uses. Setting -1 here has
921 	 * that effect because the AP values is an unsigned
922 	 * 4-bit value.
923 	 */
924 	sdata->u.mgd.wmm_last_param_set = -1;
925 
926 	ieee80211_led_assoc(local, 1);
927 
928 	sdata->vif.bss_conf.assoc = 1;
929 	/*
930 	 * For now just always ask the driver to update the basic rateset
931 	 * when we have associated, we aren't checking whether it actually
932 	 * changed or not.
933 	 */
934 	bss_info_changed |= BSS_CHANGED_BASIC_RATES;
935 
936 	/* And the BSSID changed - we're associated now */
937 	bss_info_changed |= BSS_CHANGED_BSSID;
938 
939 	ieee80211_bss_info_change_notify(sdata, bss_info_changed);
940 
941 	mutex_lock(&local->iflist_mtx);
942 	ieee80211_recalc_ps(local, -1);
943 	mutex_unlock(&local->iflist_mtx);
944 
945 	netif_tx_start_all_queues(sdata->dev);
946 	netif_carrier_on(sdata->dev);
947 }
948 
949 static enum rx_mgmt_action __must_check
950 ieee80211_direct_probe(struct ieee80211_sub_if_data *sdata,
951 		       struct ieee80211_mgd_work *wk)
952 {
953 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
954 	struct ieee80211_local *local = sdata->local;
955 
956 	wk->tries++;
957 	if (wk->tries > IEEE80211_AUTH_MAX_TRIES) {
958 		printk(KERN_DEBUG "%s: direct probe to AP %pM timed out\n",
959 		       sdata->dev->name, wk->bss->cbss.bssid);
960 
961 		/*
962 		 * Most likely AP is not in the range so remove the
963 		 * bss struct for that AP.
964 		 */
965 		cfg80211_unlink_bss(local->hw.wiphy, &wk->bss->cbss);
966 
967 		/*
968 		 * We might have a pending scan which had no chance to run yet
969 		 * due to work needing to be done. Hence, queue the STAs work
970 		 * again for that.
971 		 */
972 		ieee80211_queue_work(&local->hw, &ifmgd->work);
973 		return RX_MGMT_CFG80211_AUTH_TO;
974 	}
975 
976 	printk(KERN_DEBUG "%s: direct probe to AP %pM (try %d)\n",
977 			sdata->dev->name, wk->bss->cbss.bssid,
978 			wk->tries);
979 
980 	/*
981 	 * Direct probe is sent to broadcast address as some APs
982 	 * will not answer to direct packet in unassociated state.
983 	 */
984 	ieee80211_send_probe_req(sdata, NULL, wk->ssid, wk->ssid_len, NULL, 0);
985 
986 	wk->timeout = jiffies + IEEE80211_AUTH_TIMEOUT;
987 	run_again(ifmgd, wk->timeout);
988 
989 	return RX_MGMT_NONE;
990 }
991 
992 
993 static enum rx_mgmt_action __must_check
994 ieee80211_authenticate(struct ieee80211_sub_if_data *sdata,
995 		       struct ieee80211_mgd_work *wk)
996 {
997 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
998 	struct ieee80211_local *local = sdata->local;
999 
1000 	wk->tries++;
1001 	if (wk->tries > IEEE80211_AUTH_MAX_TRIES) {
1002 		printk(KERN_DEBUG "%s: authentication with AP %pM"
1003 		       " timed out\n",
1004 		       sdata->dev->name, wk->bss->cbss.bssid);
1005 
1006 		/*
1007 		 * Most likely AP is not in the range so remove the
1008 		 * bss struct for that AP.
1009 		 */
1010 		cfg80211_unlink_bss(local->hw.wiphy, &wk->bss->cbss);
1011 
1012 		/*
1013 		 * We might have a pending scan which had no chance to run yet
1014 		 * due to work needing to be done. Hence, queue the STAs work
1015 		 * again for that.
1016 		 */
1017 		ieee80211_queue_work(&local->hw, &ifmgd->work);
1018 		return RX_MGMT_CFG80211_AUTH_TO;
1019 	}
1020 
1021 	printk(KERN_DEBUG "%s: authenticate with AP %pM (try %d)\n",
1022 	       sdata->dev->name, wk->bss->cbss.bssid, wk->tries);
1023 
1024 	ieee80211_send_auth(sdata, 1, wk->auth_alg, wk->ie, wk->ie_len,
1025 			    wk->bss->cbss.bssid, NULL, 0, 0);
1026 	wk->auth_transaction = 2;
1027 
1028 	wk->timeout = jiffies + IEEE80211_AUTH_TIMEOUT;
1029 	run_again(ifmgd, wk->timeout);
1030 
1031 	return RX_MGMT_NONE;
1032 }
1033 
1034 static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
1035 				   bool deauth)
1036 {
1037 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1038 	struct ieee80211_local *local = sdata->local;
1039 	struct sta_info *sta;
1040 	u32 changed = 0, config_changed = 0;
1041 	u8 bssid[ETH_ALEN];
1042 
1043 	ASSERT_MGD_MTX(ifmgd);
1044 
1045 	if (WARN_ON(!ifmgd->associated))
1046 		return;
1047 
1048 	memcpy(bssid, ifmgd->associated->cbss.bssid, ETH_ALEN);
1049 
1050 	ifmgd->associated = NULL;
1051 	memset(ifmgd->bssid, 0, ETH_ALEN);
1052 
1053 	if (deauth) {
1054 		kfree(ifmgd->old_associate_work);
1055 		ifmgd->old_associate_work = NULL;
1056 	} else {
1057 		struct ieee80211_mgd_work *wk = ifmgd->old_associate_work;
1058 
1059 		wk->state = IEEE80211_MGD_STATE_IDLE;
1060 		list_add(&wk->list, &ifmgd->work_list);
1061 	}
1062 
1063 	/*
1064 	 * we need to commit the associated = NULL change because the
1065 	 * scan code uses that to determine whether this iface should
1066 	 * go to/wake up from powersave or not -- and could otherwise
1067 	 * wake the queues erroneously.
1068 	 */
1069 	smp_mb();
1070 
1071 	/*
1072 	 * Thus, we can only afterwards stop the queues -- to account
1073 	 * for the case where another CPU is finishing a scan at this
1074 	 * time -- we don't want the scan code to enable queues.
1075 	 */
1076 
1077 	netif_tx_stop_all_queues(sdata->dev);
1078 	netif_carrier_off(sdata->dev);
1079 
1080 	rcu_read_lock();
1081 	sta = sta_info_get(local, bssid);
1082 	if (sta)
1083 		ieee80211_sta_tear_down_BA_sessions(sta);
1084 	rcu_read_unlock();
1085 
1086 	changed |= ieee80211_reset_erp_info(sdata);
1087 
1088 	ieee80211_led_assoc(local, 0);
1089 	changed |= BSS_CHANGED_ASSOC;
1090 	sdata->vif.bss_conf.assoc = false;
1091 
1092 	ieee80211_set_wmm_default(sdata);
1093 
1094 	/* channel(_type) changes are handled by ieee80211_hw_config */
1095 	local->oper_channel_type = NL80211_CHAN_NO_HT;
1096 
1097 	/* on the next assoc, re-program HT parameters */
1098 	sdata->ht_opmode_valid = false;
1099 
1100 	local->power_constr_level = 0;
1101 
1102 	del_timer_sync(&local->dynamic_ps_timer);
1103 	cancel_work_sync(&local->dynamic_ps_enable_work);
1104 
1105 	if (local->hw.conf.flags & IEEE80211_CONF_PS) {
1106 		local->hw.conf.flags &= ~IEEE80211_CONF_PS;
1107 		config_changed |= IEEE80211_CONF_CHANGE_PS;
1108 	}
1109 
1110 	ieee80211_hw_config(local, config_changed);
1111 
1112 	/* And the BSSID changed -- not very interesting here */
1113 	changed |= BSS_CHANGED_BSSID;
1114 	ieee80211_bss_info_change_notify(sdata, changed);
1115 
1116 	rcu_read_lock();
1117 
1118 	sta = sta_info_get(local, bssid);
1119 	if (!sta) {
1120 		rcu_read_unlock();
1121 		return;
1122 	}
1123 
1124 	sta_info_unlink(&sta);
1125 
1126 	rcu_read_unlock();
1127 
1128 	sta_info_destroy(sta);
1129 }
1130 
1131 static enum rx_mgmt_action __must_check
1132 ieee80211_associate(struct ieee80211_sub_if_data *sdata,
1133 		    struct ieee80211_mgd_work *wk)
1134 {
1135 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1136 	struct ieee80211_local *local = sdata->local;
1137 
1138 	wk->tries++;
1139 	if (wk->tries > IEEE80211_ASSOC_MAX_TRIES) {
1140 		printk(KERN_DEBUG "%s: association with AP %pM"
1141 		       " timed out\n",
1142 		       sdata->dev->name, wk->bss->cbss.bssid);
1143 
1144 		/*
1145 		 * Most likely AP is not in the range so remove the
1146 		 * bss struct for that AP.
1147 		 */
1148 		cfg80211_unlink_bss(local->hw.wiphy, &wk->bss->cbss);
1149 
1150 		/*
1151 		 * We might have a pending scan which had no chance to run yet
1152 		 * due to work needing to be done. Hence, queue the STAs work
1153 		 * again for that.
1154 		 */
1155 		ieee80211_queue_work(&local->hw, &ifmgd->work);
1156 		return RX_MGMT_CFG80211_ASSOC_TO;
1157 	}
1158 
1159 	printk(KERN_DEBUG "%s: associate with AP %pM (try %d)\n",
1160 	       sdata->dev->name, wk->bss->cbss.bssid, wk->tries);
1161 	ieee80211_send_assoc(sdata, wk);
1162 
1163 	wk->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT;
1164 	run_again(ifmgd, wk->timeout);
1165 
1166 	return RX_MGMT_NONE;
1167 }
1168 
1169 void ieee80211_sta_rx_notify(struct ieee80211_sub_if_data *sdata,
1170 			     struct ieee80211_hdr *hdr)
1171 {
1172 	/*
1173 	 * We can postpone the mgd.timer whenever receiving unicast frames
1174 	 * from AP because we know that the connection is working both ways
1175 	 * at that time. But multicast frames (and hence also beacons) must
1176 	 * be ignored here, because we need to trigger the timer during
1177 	 * data idle periods for sending the periodic probe request to the
1178 	 * AP we're connected to.
1179 	 */
1180 	if (is_multicast_ether_addr(hdr->addr1))
1181 		return;
1182 
1183 	mod_timer(&sdata->u.mgd.conn_mon_timer,
1184 		  round_jiffies_up(jiffies + IEEE80211_CONNECTION_IDLE_TIME));
1185 }
1186 
1187 static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata)
1188 {
1189 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1190 	const u8 *ssid;
1191 
1192 	ssid = ieee80211_bss_get_ie(&ifmgd->associated->cbss, WLAN_EID_SSID);
1193 	ieee80211_send_probe_req(sdata, ifmgd->associated->cbss.bssid,
1194 				 ssid + 2, ssid[1], NULL, 0);
1195 
1196 	ifmgd->probe_send_count++;
1197 	ifmgd->probe_timeout = jiffies + IEEE80211_PROBE_WAIT;
1198 	run_again(ifmgd, ifmgd->probe_timeout);
1199 }
1200 
1201 static void ieee80211_mgd_probe_ap(struct ieee80211_sub_if_data *sdata,
1202 				   bool beacon)
1203 {
1204 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1205 	bool already = false;
1206 
1207 	if (!netif_running(sdata->dev))
1208 		return;
1209 
1210 	if (sdata->local->scanning)
1211 		return;
1212 
1213 	mutex_lock(&ifmgd->mtx);
1214 
1215 	if (!ifmgd->associated)
1216 		goto out;
1217 
1218 #ifdef CONFIG_MAC80211_VERBOSE_DEBUG
1219 	if (beacon && net_ratelimit())
1220 		printk(KERN_DEBUG "%s: detected beacon loss from AP "
1221 		       "- sending probe request\n", sdata->dev->name);
1222 #endif
1223 
1224 	/*
1225 	 * The driver/our work has already reported this event or the
1226 	 * connection monitoring has kicked in and we have already sent
1227 	 * a probe request. Or maybe the AP died and the driver keeps
1228 	 * reporting until we disassociate...
1229 	 *
1230 	 * In either case we have to ignore the current call to this
1231 	 * function (except for setting the correct probe reason bit)
1232 	 * because otherwise we would reset the timer every time and
1233 	 * never check whether we received a probe response!
1234 	 */
1235 	if (ifmgd->flags & (IEEE80211_STA_BEACON_POLL |
1236 			    IEEE80211_STA_CONNECTION_POLL))
1237 		already = true;
1238 
1239 	if (beacon)
1240 		ifmgd->flags |= IEEE80211_STA_BEACON_POLL;
1241 	else
1242 		ifmgd->flags |= IEEE80211_STA_CONNECTION_POLL;
1243 
1244 	if (already)
1245 		goto out;
1246 
1247 	mutex_lock(&sdata->local->iflist_mtx);
1248 	ieee80211_recalc_ps(sdata->local, -1);
1249 	mutex_unlock(&sdata->local->iflist_mtx);
1250 
1251 	ifmgd->probe_send_count = 0;
1252 	ieee80211_mgd_probe_ap_send(sdata);
1253  out:
1254 	mutex_unlock(&ifmgd->mtx);
1255 }
1256 
1257 void ieee80211_beacon_loss_work(struct work_struct *work)
1258 {
1259 	struct ieee80211_sub_if_data *sdata =
1260 		container_of(work, struct ieee80211_sub_if_data,
1261 			     u.mgd.beacon_loss_work);
1262 
1263 	ieee80211_mgd_probe_ap(sdata, true);
1264 }
1265 
1266 void ieee80211_beacon_loss(struct ieee80211_vif *vif)
1267 {
1268 	struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1269 
1270 	ieee80211_queue_work(&sdata->local->hw, &sdata->u.mgd.beacon_loss_work);
1271 }
1272 EXPORT_SYMBOL(ieee80211_beacon_loss);
1273 
1274 static void ieee80211_auth_completed(struct ieee80211_sub_if_data *sdata,
1275 				     struct ieee80211_mgd_work *wk)
1276 {
1277 	wk->state = IEEE80211_MGD_STATE_IDLE;
1278 	printk(KERN_DEBUG "%s: authenticated\n", sdata->dev->name);
1279 }
1280 
1281 
1282 static void ieee80211_auth_challenge(struct ieee80211_sub_if_data *sdata,
1283 				     struct ieee80211_mgd_work *wk,
1284 				     struct ieee80211_mgmt *mgmt,
1285 				     size_t len)
1286 {
1287 	u8 *pos;
1288 	struct ieee802_11_elems elems;
1289 
1290 	pos = mgmt->u.auth.variable;
1291 	ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems);
1292 	if (!elems.challenge)
1293 		return;
1294 	ieee80211_send_auth(sdata, 3, wk->auth_alg,
1295 			    elems.challenge - 2, elems.challenge_len + 2,
1296 			    wk->bss->cbss.bssid,
1297 			    wk->key, wk->key_len, wk->key_idx);
1298 	wk->auth_transaction = 4;
1299 }
1300 
1301 static enum rx_mgmt_action __must_check
1302 ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata,
1303 		       struct ieee80211_mgd_work *wk,
1304 		       struct ieee80211_mgmt *mgmt, size_t len)
1305 {
1306 	u16 auth_alg, auth_transaction, status_code;
1307 
1308 	if (wk->state != IEEE80211_MGD_STATE_AUTH)
1309 		return RX_MGMT_NONE;
1310 
1311 	if (len < 24 + 6)
1312 		return RX_MGMT_NONE;
1313 
1314 	if (memcmp(wk->bss->cbss.bssid, mgmt->sa, ETH_ALEN) != 0)
1315 		return RX_MGMT_NONE;
1316 
1317 	if (memcmp(wk->bss->cbss.bssid, mgmt->bssid, ETH_ALEN) != 0)
1318 		return RX_MGMT_NONE;
1319 
1320 	auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg);
1321 	auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction);
1322 	status_code = le16_to_cpu(mgmt->u.auth.status_code);
1323 
1324 	if (auth_alg != wk->auth_alg ||
1325 	    auth_transaction != wk->auth_transaction)
1326 		return RX_MGMT_NONE;
1327 
1328 	if (status_code != WLAN_STATUS_SUCCESS) {
1329 		list_del(&wk->list);
1330 		kfree(wk);
1331 		return RX_MGMT_CFG80211_AUTH;
1332 	}
1333 
1334 	switch (wk->auth_alg) {
1335 	case WLAN_AUTH_OPEN:
1336 	case WLAN_AUTH_LEAP:
1337 	case WLAN_AUTH_FT:
1338 		ieee80211_auth_completed(sdata, wk);
1339 		return RX_MGMT_CFG80211_AUTH;
1340 	case WLAN_AUTH_SHARED_KEY:
1341 		if (wk->auth_transaction == 4) {
1342 			ieee80211_auth_completed(sdata, wk);
1343 			return RX_MGMT_CFG80211_AUTH;
1344 		} else
1345 			ieee80211_auth_challenge(sdata, wk, mgmt, len);
1346 		break;
1347 	}
1348 
1349 	return RX_MGMT_NONE;
1350 }
1351 
1352 
1353 static enum rx_mgmt_action __must_check
1354 ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata,
1355 			 struct ieee80211_mgd_work *wk,
1356 			 struct ieee80211_mgmt *mgmt, size_t len)
1357 {
1358 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1359 	const u8 *bssid = NULL;
1360 	u16 reason_code;
1361 
1362 	if (len < 24 + 2)
1363 		return RX_MGMT_NONE;
1364 
1365 	ASSERT_MGD_MTX(ifmgd);
1366 
1367 	if (wk)
1368 		bssid = wk->bss->cbss.bssid;
1369 	else
1370 		bssid = ifmgd->associated->cbss.bssid;
1371 
1372 	reason_code = le16_to_cpu(mgmt->u.deauth.reason_code);
1373 
1374 	printk(KERN_DEBUG "%s: deauthenticated from %pM (Reason: %u)\n",
1375 			sdata->dev->name, bssid, reason_code);
1376 
1377 	if (!wk) {
1378 		ieee80211_set_disassoc(sdata, true);
1379 		ieee80211_recalc_idle(sdata->local);
1380 	} else {
1381 		list_del(&wk->list);
1382 		kfree(wk);
1383 	}
1384 
1385 	return RX_MGMT_CFG80211_DEAUTH;
1386 }
1387 
1388 
1389 static enum rx_mgmt_action __must_check
1390 ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata,
1391 			   struct ieee80211_mgmt *mgmt, size_t len)
1392 {
1393 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1394 	u16 reason_code;
1395 
1396 	if (len < 24 + 2)
1397 		return RX_MGMT_NONE;
1398 
1399 	ASSERT_MGD_MTX(ifmgd);
1400 
1401 	if (WARN_ON(!ifmgd->associated))
1402 		return RX_MGMT_NONE;
1403 
1404 	if (WARN_ON(memcmp(ifmgd->associated->cbss.bssid, mgmt->sa, ETH_ALEN)))
1405 		return RX_MGMT_NONE;
1406 
1407 	reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code);
1408 
1409 	printk(KERN_DEBUG "%s: disassociated from %pM (Reason: %u)\n",
1410 			sdata->dev->name, mgmt->sa, reason_code);
1411 
1412 	ieee80211_set_disassoc(sdata, false);
1413 	ieee80211_recalc_idle(sdata->local);
1414 	return RX_MGMT_CFG80211_DISASSOC;
1415 }
1416 
1417 
1418 static enum rx_mgmt_action __must_check
1419 ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata,
1420 			     struct ieee80211_mgd_work *wk,
1421 			     struct ieee80211_mgmt *mgmt, size_t len,
1422 			     bool reassoc)
1423 {
1424 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1425 	struct ieee80211_local *local = sdata->local;
1426 	struct ieee80211_supported_band *sband;
1427 	struct sta_info *sta;
1428 	u32 rates, basic_rates;
1429 	u16 capab_info, status_code, aid;
1430 	struct ieee802_11_elems elems;
1431 	struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
1432 	u8 *pos;
1433 	u32 changed = 0;
1434 	int i, j;
1435 	bool have_higher_than_11mbit = false, newsta = false;
1436 	u16 ap_ht_cap_flags;
1437 
1438 	/*
1439 	 * AssocResp and ReassocResp have identical structure, so process both
1440 	 * of them in this function.
1441 	 */
1442 
1443 	if (len < 24 + 6)
1444 		return RX_MGMT_NONE;
1445 
1446 	if (memcmp(wk->bss->cbss.bssid, mgmt->sa, ETH_ALEN) != 0)
1447 		return RX_MGMT_NONE;
1448 
1449 	capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
1450 	status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code);
1451 	aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
1452 
1453 	printk(KERN_DEBUG "%s: RX %sssocResp from %pM (capab=0x%x "
1454 	       "status=%d aid=%d)\n",
1455 	       sdata->dev->name, reassoc ? "Rea" : "A", mgmt->sa,
1456 	       capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14))));
1457 
1458 	pos = mgmt->u.assoc_resp.variable;
1459 	ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems);
1460 
1461 	if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY &&
1462 	    elems.timeout_int && elems.timeout_int_len == 5 &&
1463 	    elems.timeout_int[0] == WLAN_TIMEOUT_ASSOC_COMEBACK) {
1464 		u32 tu, ms;
1465 		tu = get_unaligned_le32(elems.timeout_int + 1);
1466 		ms = tu * 1024 / 1000;
1467 		printk(KERN_DEBUG "%s: AP rejected association temporarily; "
1468 		       "comeback duration %u TU (%u ms)\n",
1469 		       sdata->dev->name, tu, ms);
1470 		wk->timeout = jiffies + msecs_to_jiffies(ms);
1471 		if (ms > IEEE80211_ASSOC_TIMEOUT)
1472 			run_again(ifmgd, jiffies + msecs_to_jiffies(ms));
1473 		return RX_MGMT_NONE;
1474 	}
1475 
1476 	if (status_code != WLAN_STATUS_SUCCESS) {
1477 		printk(KERN_DEBUG "%s: AP denied association (code=%d)\n",
1478 		       sdata->dev->name, status_code);
1479 		wk->state = IEEE80211_MGD_STATE_IDLE;
1480 		return RX_MGMT_CFG80211_ASSOC;
1481 	}
1482 
1483 	if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14)))
1484 		printk(KERN_DEBUG "%s: invalid aid value %d; bits 15:14 not "
1485 		       "set\n", sdata->dev->name, aid);
1486 	aid &= ~(BIT(15) | BIT(14));
1487 
1488 	if (!elems.supp_rates) {
1489 		printk(KERN_DEBUG "%s: no SuppRates element in AssocResp\n",
1490 		       sdata->dev->name);
1491 		return RX_MGMT_NONE;
1492 	}
1493 
1494 	printk(KERN_DEBUG "%s: associated\n", sdata->dev->name);
1495 	ifmgd->aid = aid;
1496 
1497 	rcu_read_lock();
1498 
1499 	/* Add STA entry for the AP */
1500 	sta = sta_info_get(local, wk->bss->cbss.bssid);
1501 	if (!sta) {
1502 		newsta = true;
1503 
1504 		rcu_read_unlock();
1505 
1506 		sta = sta_info_alloc(sdata, wk->bss->cbss.bssid, GFP_KERNEL);
1507 		if (!sta) {
1508 			printk(KERN_DEBUG "%s: failed to alloc STA entry for"
1509 			       " the AP\n", sdata->dev->name);
1510 			return RX_MGMT_NONE;
1511 		}
1512 
1513 		set_sta_flags(sta, WLAN_STA_AUTH | WLAN_STA_ASSOC |
1514 				   WLAN_STA_ASSOC_AP);
1515 		if (!(ifmgd->flags & IEEE80211_STA_CONTROL_PORT))
1516 			set_sta_flags(sta, WLAN_STA_AUTHORIZED);
1517 
1518 		rcu_read_lock();
1519 	}
1520 
1521 	rates = 0;
1522 	basic_rates = 0;
1523 	sband = local->hw.wiphy->bands[local->hw.conf.channel->band];
1524 
1525 	for (i = 0; i < elems.supp_rates_len; i++) {
1526 		int rate = (elems.supp_rates[i] & 0x7f) * 5;
1527 		bool is_basic = !!(elems.supp_rates[i] & 0x80);
1528 
1529 		if (rate > 110)
1530 			have_higher_than_11mbit = true;
1531 
1532 		for (j = 0; j < sband->n_bitrates; j++) {
1533 			if (sband->bitrates[j].bitrate == rate) {
1534 				rates |= BIT(j);
1535 				if (is_basic)
1536 					basic_rates |= BIT(j);
1537 				break;
1538 			}
1539 		}
1540 	}
1541 
1542 	for (i = 0; i < elems.ext_supp_rates_len; i++) {
1543 		int rate = (elems.ext_supp_rates[i] & 0x7f) * 5;
1544 		bool is_basic = !!(elems.ext_supp_rates[i] & 0x80);
1545 
1546 		if (rate > 110)
1547 			have_higher_than_11mbit = true;
1548 
1549 		for (j = 0; j < sband->n_bitrates; j++) {
1550 			if (sband->bitrates[j].bitrate == rate) {
1551 				rates |= BIT(j);
1552 				if (is_basic)
1553 					basic_rates |= BIT(j);
1554 				break;
1555 			}
1556 		}
1557 	}
1558 
1559 	sta->sta.supp_rates[local->hw.conf.channel->band] = rates;
1560 	sdata->vif.bss_conf.basic_rates = basic_rates;
1561 
1562 	/* cf. IEEE 802.11 9.2.12 */
1563 	if (local->hw.conf.channel->band == IEEE80211_BAND_2GHZ &&
1564 	    have_higher_than_11mbit)
1565 		sdata->flags |= IEEE80211_SDATA_OPERATING_GMODE;
1566 	else
1567 		sdata->flags &= ~IEEE80211_SDATA_OPERATING_GMODE;
1568 
1569 	if (elems.ht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_11N))
1570 		ieee80211_ht_cap_ie_to_sta_ht_cap(sband,
1571 				elems.ht_cap_elem, &sta->sta.ht_cap);
1572 
1573 	ap_ht_cap_flags = sta->sta.ht_cap.cap;
1574 
1575 	rate_control_rate_init(sta);
1576 
1577 	if (ifmgd->flags & IEEE80211_STA_MFP_ENABLED)
1578 		set_sta_flags(sta, WLAN_STA_MFP);
1579 
1580 	if (elems.wmm_param)
1581 		set_sta_flags(sta, WLAN_STA_WME);
1582 
1583 	if (newsta) {
1584 		int err = sta_info_insert(sta);
1585 		if (err) {
1586 			printk(KERN_DEBUG "%s: failed to insert STA entry for"
1587 			       " the AP (error %d)\n", sdata->dev->name, err);
1588 			rcu_read_unlock();
1589 			return RX_MGMT_NONE;
1590 		}
1591 	}
1592 
1593 	rcu_read_unlock();
1594 
1595 	if (elems.wmm_param)
1596 		ieee80211_sta_wmm_params(local, ifmgd, elems.wmm_param,
1597 					 elems.wmm_param_len);
1598 	else
1599 		ieee80211_set_wmm_default(sdata);
1600 
1601 	if (elems.ht_info_elem && elems.wmm_param &&
1602 	    (ifmgd->flags & IEEE80211_STA_WMM_ENABLED) &&
1603 	    !(ifmgd->flags & IEEE80211_STA_DISABLE_11N))
1604 		changed |= ieee80211_enable_ht(sdata, elems.ht_info_elem,
1605 					       wk->bss->cbss.bssid,
1606 					       ap_ht_cap_flags);
1607 
1608         /* delete work item -- must be before set_associated for PS */
1609 	list_del(&wk->list);
1610 
1611 	/* set AID and assoc capability,
1612 	 * ieee80211_set_associated() will tell the driver */
1613 	bss_conf->aid = aid;
1614 	bss_conf->assoc_capability = capab_info;
1615 	/* this will take ownership of wk */
1616 	ieee80211_set_associated(sdata, wk, changed);
1617 
1618 	/*
1619 	 * Start timer to probe the connection to the AP now.
1620 	 * Also start the timer that will detect beacon loss.
1621 	 */
1622 	ieee80211_sta_rx_notify(sdata, (struct ieee80211_hdr *)mgmt);
1623 	mod_beacon_timer(sdata);
1624 
1625 	return RX_MGMT_CFG80211_ASSOC;
1626 }
1627 
1628 
1629 static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
1630 				  struct ieee80211_mgmt *mgmt,
1631 				  size_t len,
1632 				  struct ieee80211_rx_status *rx_status,
1633 				  struct ieee802_11_elems *elems,
1634 				  bool beacon)
1635 {
1636 	struct ieee80211_local *local = sdata->local;
1637 	int freq;
1638 	struct ieee80211_bss *bss;
1639 	struct ieee80211_channel *channel;
1640 
1641 	if (elems->ds_params && elems->ds_params_len == 1)
1642 		freq = ieee80211_channel_to_frequency(elems->ds_params[0]);
1643 	else
1644 		freq = rx_status->freq;
1645 
1646 	channel = ieee80211_get_channel(local->hw.wiphy, freq);
1647 
1648 	if (!channel || channel->flags & IEEE80211_CHAN_DISABLED)
1649 		return;
1650 
1651 	bss = ieee80211_bss_info_update(local, rx_status, mgmt, len, elems,
1652 					channel, beacon);
1653 	if (bss)
1654 		ieee80211_rx_bss_put(local, bss);
1655 
1656 	if (!sdata->u.mgd.associated)
1657 		return;
1658 
1659 	if (elems->ch_switch_elem && (elems->ch_switch_elem_len == 3) &&
1660 	    (memcmp(mgmt->bssid, sdata->u.mgd.associated->cbss.bssid,
1661 							ETH_ALEN) == 0)) {
1662 		struct ieee80211_channel_sw_ie *sw_elem =
1663 			(struct ieee80211_channel_sw_ie *)elems->ch_switch_elem;
1664 		ieee80211_sta_process_chanswitch(sdata, sw_elem, bss);
1665 	}
1666 }
1667 
1668 
1669 static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata,
1670 					 struct ieee80211_mgd_work *wk,
1671 					 struct ieee80211_mgmt *mgmt, size_t len,
1672 					 struct ieee80211_rx_status *rx_status)
1673 {
1674 	struct ieee80211_if_managed *ifmgd;
1675 	size_t baselen;
1676 	struct ieee802_11_elems elems;
1677 
1678 	ifmgd = &sdata->u.mgd;
1679 
1680 	ASSERT_MGD_MTX(ifmgd);
1681 
1682 	if (memcmp(mgmt->da, sdata->dev->dev_addr, ETH_ALEN))
1683 		return; /* ignore ProbeResp to foreign address */
1684 
1685 	baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt;
1686 	if (baselen > len)
1687 		return;
1688 
1689 	ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen,
1690 				&elems);
1691 
1692 	ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems, false);
1693 
1694 	/* direct probe may be part of the association flow */
1695 	if (wk && wk->state == IEEE80211_MGD_STATE_PROBE) {
1696 		printk(KERN_DEBUG "%s: direct probe responded\n",
1697 		       sdata->dev->name);
1698 		wk->tries = 0;
1699 		wk->state = IEEE80211_MGD_STATE_AUTH;
1700 		WARN_ON(ieee80211_authenticate(sdata, wk) != RX_MGMT_NONE);
1701 	}
1702 
1703 	if (ifmgd->associated &&
1704 	    memcmp(mgmt->bssid, ifmgd->associated->cbss.bssid, ETH_ALEN) == 0 &&
1705 	    ifmgd->flags & (IEEE80211_STA_BEACON_POLL |
1706 			    IEEE80211_STA_CONNECTION_POLL)) {
1707 		ifmgd->flags &= ~(IEEE80211_STA_CONNECTION_POLL |
1708 				  IEEE80211_STA_BEACON_POLL);
1709 		mutex_lock(&sdata->local->iflist_mtx);
1710 		ieee80211_recalc_ps(sdata->local, -1);
1711 		mutex_unlock(&sdata->local->iflist_mtx);
1712 		/*
1713 		 * We've received a probe response, but are not sure whether
1714 		 * we have or will be receiving any beacons or data, so let's
1715 		 * schedule the timers again, just in case.
1716 		 */
1717 		mod_beacon_timer(sdata);
1718 		mod_timer(&ifmgd->conn_mon_timer,
1719 			  round_jiffies_up(jiffies +
1720 					   IEEE80211_CONNECTION_IDLE_TIME));
1721 	}
1722 }
1723 
1724 /*
1725  * This is the canonical list of information elements we care about,
1726  * the filter code also gives us all changes to the Microsoft OUI
1727  * (00:50:F2) vendor IE which is used for WMM which we need to track.
1728  *
1729  * We implement beacon filtering in software since that means we can
1730  * avoid processing the frame here and in cfg80211, and userspace
1731  * will not be able to tell whether the hardware supports it or not.
1732  *
1733  * XXX: This list needs to be dynamic -- userspace needs to be able to
1734  *	add items it requires. It also needs to be able to tell us to
1735  *	look out for other vendor IEs.
1736  */
1737 static const u64 care_about_ies =
1738 	(1ULL << WLAN_EID_COUNTRY) |
1739 	(1ULL << WLAN_EID_ERP_INFO) |
1740 	(1ULL << WLAN_EID_CHANNEL_SWITCH) |
1741 	(1ULL << WLAN_EID_PWR_CONSTRAINT) |
1742 	(1ULL << WLAN_EID_HT_CAPABILITY) |
1743 	(1ULL << WLAN_EID_HT_INFORMATION);
1744 
1745 static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata,
1746 				     struct ieee80211_mgmt *mgmt,
1747 				     size_t len,
1748 				     struct ieee80211_rx_status *rx_status)
1749 {
1750 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1751 	size_t baselen;
1752 	struct ieee802_11_elems elems;
1753 	struct ieee80211_local *local = sdata->local;
1754 	u32 changed = 0;
1755 	bool erp_valid, directed_tim = false;
1756 	u8 erp_value = 0;
1757 	u32 ncrc;
1758 	u8 *bssid;
1759 
1760 	ASSERT_MGD_MTX(ifmgd);
1761 
1762 	/* Process beacon from the current BSS */
1763 	baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt;
1764 	if (baselen > len)
1765 		return;
1766 
1767 	if (rx_status->freq != local->hw.conf.channel->center_freq)
1768 		return;
1769 
1770 	/*
1771 	 * We might have received a number of frames, among them a
1772 	 * disassoc frame and a beacon...
1773 	 */
1774 	if (!ifmgd->associated)
1775 		return;
1776 
1777 	bssid = ifmgd->associated->cbss.bssid;
1778 
1779 	/*
1780 	 * And in theory even frames from a different AP we were just
1781 	 * associated to a split-second ago!
1782 	 */
1783 	if (memcmp(bssid, mgmt->bssid, ETH_ALEN) != 0)
1784 		return;
1785 
1786 	if (ifmgd->flags & IEEE80211_STA_BEACON_POLL) {
1787 #ifdef CONFIG_MAC80211_VERBOSE_DEBUG
1788 		if (net_ratelimit()) {
1789 			printk(KERN_DEBUG "%s: cancelling probereq poll due "
1790 			       "to a received beacon\n", sdata->dev->name);
1791 		}
1792 #endif
1793 		ifmgd->flags &= ~IEEE80211_STA_BEACON_POLL;
1794 		mutex_lock(&local->iflist_mtx);
1795 		ieee80211_recalc_ps(local, -1);
1796 		mutex_unlock(&local->iflist_mtx);
1797 	}
1798 
1799 	/*
1800 	 * Push the beacon loss detection into the future since
1801 	 * we are processing a beacon from the AP just now.
1802 	 */
1803 	mod_beacon_timer(sdata);
1804 
1805 	ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4);
1806 	ncrc = ieee802_11_parse_elems_crc(mgmt->u.beacon.variable,
1807 					  len - baselen, &elems,
1808 					  care_about_ies, ncrc);
1809 
1810 	if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK)
1811 		directed_tim = ieee80211_check_tim(elems.tim, elems.tim_len,
1812 						   ifmgd->aid);
1813 
1814 	if (ncrc != ifmgd->beacon_crc) {
1815 		ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems,
1816 				      true);
1817 
1818 		ieee80211_sta_wmm_params(local, ifmgd, elems.wmm_param,
1819 					 elems.wmm_param_len);
1820 	}
1821 
1822 	if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) {
1823 		if (directed_tim) {
1824 			if (local->hw.conf.dynamic_ps_timeout > 0) {
1825 				local->hw.conf.flags &= ~IEEE80211_CONF_PS;
1826 				ieee80211_hw_config(local,
1827 						    IEEE80211_CONF_CHANGE_PS);
1828 				ieee80211_send_nullfunc(local, sdata, 0);
1829 			} else {
1830 				local->pspolling = true;
1831 
1832 				/*
1833 				 * Here is assumed that the driver will be
1834 				 * able to send ps-poll frame and receive a
1835 				 * response even though power save mode is
1836 				 * enabled, but some drivers might require
1837 				 * to disable power save here. This needs
1838 				 * to be investigated.
1839 				 */
1840 				ieee80211_send_pspoll(local, sdata);
1841 			}
1842 		}
1843 	}
1844 
1845 	if (ncrc == ifmgd->beacon_crc)
1846 		return;
1847 	ifmgd->beacon_crc = ncrc;
1848 
1849 	if (elems.erp_info && elems.erp_info_len >= 1) {
1850 		erp_valid = true;
1851 		erp_value = elems.erp_info[0];
1852 	} else {
1853 		erp_valid = false;
1854 	}
1855 	changed |= ieee80211_handle_bss_capability(sdata,
1856 			le16_to_cpu(mgmt->u.beacon.capab_info),
1857 			erp_valid, erp_value);
1858 
1859 
1860 	if (elems.ht_cap_elem && elems.ht_info_elem && elems.wmm_param &&
1861 	    !(ifmgd->flags & IEEE80211_STA_DISABLE_11N)) {
1862 		struct sta_info *sta;
1863 		struct ieee80211_supported_band *sband;
1864 		u16 ap_ht_cap_flags;
1865 
1866 		rcu_read_lock();
1867 
1868 		sta = sta_info_get(local, bssid);
1869 		if (WARN_ON(!sta)) {
1870 			rcu_read_unlock();
1871 			return;
1872 		}
1873 
1874 		sband = local->hw.wiphy->bands[local->hw.conf.channel->band];
1875 
1876 		ieee80211_ht_cap_ie_to_sta_ht_cap(sband,
1877 				elems.ht_cap_elem, &sta->sta.ht_cap);
1878 
1879 		ap_ht_cap_flags = sta->sta.ht_cap.cap;
1880 
1881 		rcu_read_unlock();
1882 
1883 		changed |= ieee80211_enable_ht(sdata, elems.ht_info_elem,
1884 					       bssid, ap_ht_cap_flags);
1885 	}
1886 
1887 	/* Note: country IE parsing is done for us by cfg80211 */
1888 	if (elems.country_elem) {
1889 		/* TODO: IBSS also needs this */
1890 		if (elems.pwr_constr_elem)
1891 			ieee80211_handle_pwr_constr(sdata,
1892 				le16_to_cpu(mgmt->u.probe_resp.capab_info),
1893 				elems.pwr_constr_elem,
1894 				elems.pwr_constr_elem_len);
1895 	}
1896 
1897 	ieee80211_bss_info_change_notify(sdata, changed);
1898 }
1899 
1900 ieee80211_rx_result ieee80211_sta_rx_mgmt(struct ieee80211_sub_if_data *sdata,
1901 					  struct sk_buff *skb)
1902 {
1903 	struct ieee80211_local *local = sdata->local;
1904 	struct ieee80211_mgmt *mgmt;
1905 	u16 fc;
1906 
1907 	if (skb->len < 24)
1908 		return RX_DROP_MONITOR;
1909 
1910 	mgmt = (struct ieee80211_mgmt *) skb->data;
1911 	fc = le16_to_cpu(mgmt->frame_control);
1912 
1913 	switch (fc & IEEE80211_FCTL_STYPE) {
1914 	case IEEE80211_STYPE_PROBE_RESP:
1915 	case IEEE80211_STYPE_BEACON:
1916 	case IEEE80211_STYPE_AUTH:
1917 	case IEEE80211_STYPE_ASSOC_RESP:
1918 	case IEEE80211_STYPE_REASSOC_RESP:
1919 	case IEEE80211_STYPE_DEAUTH:
1920 	case IEEE80211_STYPE_DISASSOC:
1921 	case IEEE80211_STYPE_ACTION:
1922 		skb_queue_tail(&sdata->u.mgd.skb_queue, skb);
1923 		ieee80211_queue_work(&local->hw, &sdata->u.mgd.work);
1924 		return RX_QUEUED;
1925 	}
1926 
1927 	return RX_DROP_MONITOR;
1928 }
1929 
1930 static void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
1931 					 struct sk_buff *skb)
1932 {
1933 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1934 	struct ieee80211_rx_status *rx_status;
1935 	struct ieee80211_mgmt *mgmt;
1936 	struct ieee80211_mgd_work *wk;
1937 	enum rx_mgmt_action rma = RX_MGMT_NONE;
1938 	u16 fc;
1939 
1940 	rx_status = (struct ieee80211_rx_status *) skb->cb;
1941 	mgmt = (struct ieee80211_mgmt *) skb->data;
1942 	fc = le16_to_cpu(mgmt->frame_control);
1943 
1944 	mutex_lock(&ifmgd->mtx);
1945 
1946 	if (ifmgd->associated &&
1947 	    memcmp(ifmgd->associated->cbss.bssid, mgmt->bssid,
1948 							ETH_ALEN) == 0) {
1949 		switch (fc & IEEE80211_FCTL_STYPE) {
1950 		case IEEE80211_STYPE_BEACON:
1951 			ieee80211_rx_mgmt_beacon(sdata, mgmt, skb->len,
1952 						 rx_status);
1953 			break;
1954 		case IEEE80211_STYPE_PROBE_RESP:
1955 			ieee80211_rx_mgmt_probe_resp(sdata, NULL, mgmt,
1956 						     skb->len, rx_status);
1957 			break;
1958 		case IEEE80211_STYPE_DEAUTH:
1959 			rma = ieee80211_rx_mgmt_deauth(sdata, NULL,
1960 						       mgmt, skb->len);
1961 			break;
1962 		case IEEE80211_STYPE_DISASSOC:
1963 			rma = ieee80211_rx_mgmt_disassoc(sdata, mgmt, skb->len);
1964 			break;
1965 		case IEEE80211_STYPE_ACTION:
1966 			if (mgmt->u.action.category != WLAN_CATEGORY_SPECTRUM_MGMT)
1967 				break;
1968 
1969 			ieee80211_sta_process_chanswitch(sdata,
1970 					&mgmt->u.action.u.chan_switch.sw_elem,
1971 					ifmgd->associated);
1972 			break;
1973 		}
1974 		mutex_unlock(&ifmgd->mtx);
1975 
1976 		switch (rma) {
1977 		case RX_MGMT_NONE:
1978 			/* no action */
1979 			break;
1980 		case RX_MGMT_CFG80211_DEAUTH:
1981 			cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len);
1982 			break;
1983 		case RX_MGMT_CFG80211_DISASSOC:
1984 			cfg80211_send_disassoc(sdata->dev, (u8 *)mgmt, skb->len);
1985 			break;
1986 		default:
1987 			WARN(1, "unexpected: %d", rma);
1988 		}
1989 		goto out;
1990 	}
1991 
1992 	list_for_each_entry(wk, &ifmgd->work_list, list) {
1993 		if (memcmp(wk->bss->cbss.bssid, mgmt->bssid, ETH_ALEN) != 0)
1994 			continue;
1995 
1996 		switch (fc & IEEE80211_FCTL_STYPE) {
1997 		case IEEE80211_STYPE_PROBE_RESP:
1998 			ieee80211_rx_mgmt_probe_resp(sdata, wk, mgmt, skb->len,
1999 						     rx_status);
2000 			break;
2001 		case IEEE80211_STYPE_AUTH:
2002 			rma = ieee80211_rx_mgmt_auth(sdata, wk, mgmt, skb->len);
2003 			break;
2004 		case IEEE80211_STYPE_ASSOC_RESP:
2005 			rma = ieee80211_rx_mgmt_assoc_resp(sdata, wk, mgmt,
2006 							   skb->len, false);
2007 			break;
2008 		case IEEE80211_STYPE_REASSOC_RESP:
2009 			rma = ieee80211_rx_mgmt_assoc_resp(sdata, wk, mgmt,
2010 							   skb->len, true);
2011 			break;
2012 		case IEEE80211_STYPE_DEAUTH:
2013 			rma = ieee80211_rx_mgmt_deauth(sdata, wk, mgmt,
2014 						       skb->len);
2015 			break;
2016 		}
2017 		/*
2018 		 * We've processed this frame for that work, so it can't
2019 		 * belong to another work struct.
2020 		 * NB: this is also required for correctness because the
2021 		 * called functions can free 'wk', and for 'rma'!
2022 		 */
2023 		break;
2024 	}
2025 
2026 	mutex_unlock(&ifmgd->mtx);
2027 
2028 	switch (rma) {
2029 	case RX_MGMT_NONE:
2030 		/* no action */
2031 		break;
2032 	case RX_MGMT_CFG80211_AUTH:
2033 		cfg80211_send_rx_auth(sdata->dev, (u8 *) mgmt, skb->len);
2034 		break;
2035 	case RX_MGMT_CFG80211_ASSOC:
2036 		cfg80211_send_rx_assoc(sdata->dev, (u8 *) mgmt, skb->len);
2037 		break;
2038 	case RX_MGMT_CFG80211_DEAUTH:
2039 		cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len);
2040 		break;
2041 	default:
2042 		WARN(1, "unexpected: %d", rma);
2043 	}
2044 
2045  out:
2046 	kfree_skb(skb);
2047 }
2048 
2049 static void ieee80211_sta_timer(unsigned long data)
2050 {
2051 	struct ieee80211_sub_if_data *sdata =
2052 		(struct ieee80211_sub_if_data *) data;
2053 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2054 	struct ieee80211_local *local = sdata->local;
2055 
2056 	if (local->quiescing) {
2057 		set_bit(TMR_RUNNING_TIMER, &ifmgd->timers_running);
2058 		return;
2059 	}
2060 
2061 	ieee80211_queue_work(&local->hw, &ifmgd->work);
2062 }
2063 
2064 static void ieee80211_sta_work(struct work_struct *work)
2065 {
2066 	struct ieee80211_sub_if_data *sdata =
2067 		container_of(work, struct ieee80211_sub_if_data, u.mgd.work);
2068 	struct ieee80211_local *local = sdata->local;
2069 	struct ieee80211_if_managed *ifmgd;
2070 	struct sk_buff *skb;
2071 	struct ieee80211_mgd_work *wk, *tmp;
2072 	LIST_HEAD(free_work);
2073 	enum rx_mgmt_action rma;
2074 	bool anybusy = false;
2075 
2076 	if (!netif_running(sdata->dev))
2077 		return;
2078 
2079 	if (local->scanning)
2080 		return;
2081 
2082 	if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
2083 		return;
2084 
2085 	/*
2086 	 * ieee80211_queue_work() should have picked up most cases,
2087 	 * here we'll pick the the rest.
2088 	 */
2089 	if (WARN(local->suspended, "STA MLME work scheduled while "
2090 		 "going to suspend\n"))
2091 		return;
2092 
2093 	ifmgd = &sdata->u.mgd;
2094 
2095 	/* first process frames to avoid timing out while a frame is pending */
2096 	while ((skb = skb_dequeue(&ifmgd->skb_queue)))
2097 		ieee80211_sta_rx_queued_mgmt(sdata, skb);
2098 
2099 	/* then process the rest of the work */
2100 	mutex_lock(&ifmgd->mtx);
2101 
2102 	if (ifmgd->flags & (IEEE80211_STA_BEACON_POLL |
2103 			    IEEE80211_STA_CONNECTION_POLL) &&
2104 	    ifmgd->associated) {
2105 		u8 bssid[ETH_ALEN];
2106 
2107 		memcpy(bssid, ifmgd->associated->cbss.bssid, ETH_ALEN);
2108 		if (time_is_after_jiffies(ifmgd->probe_timeout))
2109 			run_again(ifmgd, ifmgd->probe_timeout);
2110 
2111 		else if (ifmgd->probe_send_count < IEEE80211_MAX_PROBE_TRIES) {
2112 #ifdef CONFIG_MAC80211_VERBOSE_DEBUG
2113 			printk(KERN_DEBUG "No probe response from AP %pM"
2114 				" after %dms, try %d\n", bssid,
2115 				(1000 * IEEE80211_PROBE_WAIT)/HZ,
2116 				ifmgd->probe_send_count);
2117 #endif
2118 			ieee80211_mgd_probe_ap_send(sdata);
2119 		} else {
2120 			/*
2121 			 * We actually lost the connection ... or did we?
2122 			 * Let's make sure!
2123 			 */
2124 			ifmgd->flags &= ~(IEEE80211_STA_CONNECTION_POLL |
2125 					  IEEE80211_STA_BEACON_POLL);
2126 			printk(KERN_DEBUG "No probe response from AP %pM"
2127 				" after %dms, disconnecting.\n",
2128 				bssid, (1000 * IEEE80211_PROBE_WAIT)/HZ);
2129 			ieee80211_set_disassoc(sdata, true);
2130 			ieee80211_recalc_idle(local);
2131 			mutex_unlock(&ifmgd->mtx);
2132 			/*
2133 			 * must be outside lock due to cfg80211,
2134 			 * but that's not a problem.
2135 			 */
2136 			ieee80211_send_deauth_disassoc(sdata, bssid,
2137 					IEEE80211_STYPE_DEAUTH,
2138 					WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
2139 					NULL);
2140 			mutex_lock(&ifmgd->mtx);
2141 		}
2142 	}
2143 
2144 
2145 	ieee80211_recalc_idle(local);
2146 
2147 	list_for_each_entry_safe(wk, tmp, &ifmgd->work_list, list) {
2148 		if (time_is_after_jiffies(wk->timeout)) {
2149 			/*
2150 			 * This work item isn't supposed to be worked on
2151 			 * right now, but take care to adjust the timer
2152 			 * properly.
2153 			 */
2154 			run_again(ifmgd, wk->timeout);
2155 			continue;
2156 		}
2157 
2158 		switch (wk->state) {
2159 		default:
2160 			WARN_ON(1);
2161 			/* fall through */
2162 		case IEEE80211_MGD_STATE_IDLE:
2163 			/* nothing */
2164 			rma = RX_MGMT_NONE;
2165 			break;
2166 		case IEEE80211_MGD_STATE_PROBE:
2167 			rma = ieee80211_direct_probe(sdata, wk);
2168 			break;
2169 		case IEEE80211_MGD_STATE_AUTH:
2170 			rma = ieee80211_authenticate(sdata, wk);
2171 			break;
2172 		case IEEE80211_MGD_STATE_ASSOC:
2173 			rma = ieee80211_associate(sdata, wk);
2174 			break;
2175 		}
2176 
2177 		switch (rma) {
2178 		case RX_MGMT_NONE:
2179 			/* no action required */
2180 			break;
2181 		case RX_MGMT_CFG80211_AUTH_TO:
2182 		case RX_MGMT_CFG80211_ASSOC_TO:
2183 			list_del(&wk->list);
2184 			list_add(&wk->list, &free_work);
2185 			wk->tries = rma; /* small abuse but only local */
2186 			break;
2187 		default:
2188 			WARN(1, "unexpected: %d", rma);
2189 		}
2190 	}
2191 
2192 	list_for_each_entry(wk, &ifmgd->work_list, list) {
2193 		if (wk->state != IEEE80211_MGD_STATE_IDLE) {
2194 			anybusy = true;
2195 			break;
2196 		}
2197 	}
2198 	if (!anybusy &&
2199 	    test_and_clear_bit(IEEE80211_STA_REQ_SCAN, &ifmgd->request))
2200 		ieee80211_queue_delayed_work(&local->hw,
2201 					     &local->scan_work,
2202 					     round_jiffies_relative(0));
2203 
2204 	mutex_unlock(&ifmgd->mtx);
2205 
2206 	list_for_each_entry_safe(wk, tmp, &free_work, list) {
2207 		switch (wk->tries) {
2208 		case RX_MGMT_CFG80211_AUTH_TO:
2209 			cfg80211_send_auth_timeout(sdata->dev,
2210 						   wk->bss->cbss.bssid);
2211 			break;
2212 		case RX_MGMT_CFG80211_ASSOC_TO:
2213 			cfg80211_send_assoc_timeout(sdata->dev,
2214 						    wk->bss->cbss.bssid);
2215 			break;
2216 		default:
2217 			WARN(1, "unexpected: %d", wk->tries);
2218 		}
2219 
2220 		list_del(&wk->list);
2221 		kfree(wk);
2222 	}
2223 
2224 	ieee80211_recalc_idle(local);
2225 }
2226 
2227 static void ieee80211_sta_bcn_mon_timer(unsigned long data)
2228 {
2229 	struct ieee80211_sub_if_data *sdata =
2230 		(struct ieee80211_sub_if_data *) data;
2231 	struct ieee80211_local *local = sdata->local;
2232 
2233 	if (local->quiescing)
2234 		return;
2235 
2236 	ieee80211_queue_work(&sdata->local->hw, &sdata->u.mgd.beacon_loss_work);
2237 }
2238 
2239 static void ieee80211_sta_conn_mon_timer(unsigned long data)
2240 {
2241 	struct ieee80211_sub_if_data *sdata =
2242 		(struct ieee80211_sub_if_data *) data;
2243 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2244 	struct ieee80211_local *local = sdata->local;
2245 
2246 	if (local->quiescing)
2247 		return;
2248 
2249 	ieee80211_queue_work(&local->hw, &ifmgd->monitor_work);
2250 }
2251 
2252 static void ieee80211_sta_monitor_work(struct work_struct *work)
2253 {
2254 	struct ieee80211_sub_if_data *sdata =
2255 		container_of(work, struct ieee80211_sub_if_data,
2256 			     u.mgd.monitor_work);
2257 
2258 	ieee80211_mgd_probe_ap(sdata, false);
2259 }
2260 
2261 static void ieee80211_restart_sta_timer(struct ieee80211_sub_if_data *sdata)
2262 {
2263 	if (sdata->vif.type == NL80211_IFTYPE_STATION) {
2264 		sdata->u.mgd.flags &= ~(IEEE80211_STA_BEACON_POLL |
2265 					IEEE80211_STA_CONNECTION_POLL);
2266 
2267 		/* let's probe the connection once */
2268 		ieee80211_queue_work(&sdata->local->hw,
2269 			   &sdata->u.mgd.monitor_work);
2270 		/* and do all the other regular work too */
2271 		ieee80211_queue_work(&sdata->local->hw,
2272 			   &sdata->u.mgd.work);
2273 	}
2274 }
2275 
2276 #ifdef CONFIG_PM
2277 void ieee80211_sta_quiesce(struct ieee80211_sub_if_data *sdata)
2278 {
2279 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2280 
2281 	/*
2282 	 * we need to use atomic bitops for the running bits
2283 	 * only because both timers might fire at the same
2284 	 * time -- the code here is properly synchronised.
2285 	 */
2286 
2287 	cancel_work_sync(&ifmgd->work);
2288 	cancel_work_sync(&ifmgd->beacon_loss_work);
2289 	if (del_timer_sync(&ifmgd->timer))
2290 		set_bit(TMR_RUNNING_TIMER, &ifmgd->timers_running);
2291 
2292 	cancel_work_sync(&ifmgd->chswitch_work);
2293 	if (del_timer_sync(&ifmgd->chswitch_timer))
2294 		set_bit(TMR_RUNNING_CHANSW, &ifmgd->timers_running);
2295 
2296 	cancel_work_sync(&ifmgd->monitor_work);
2297 	/* these will just be re-established on connection */
2298 	del_timer_sync(&ifmgd->conn_mon_timer);
2299 	del_timer_sync(&ifmgd->bcn_mon_timer);
2300 }
2301 
2302 void ieee80211_sta_restart(struct ieee80211_sub_if_data *sdata)
2303 {
2304 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2305 
2306 	if (test_and_clear_bit(TMR_RUNNING_TIMER, &ifmgd->timers_running))
2307 		add_timer(&ifmgd->timer);
2308 	if (test_and_clear_bit(TMR_RUNNING_CHANSW, &ifmgd->timers_running))
2309 		add_timer(&ifmgd->chswitch_timer);
2310 }
2311 #endif
2312 
2313 /* interface setup */
2314 void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata)
2315 {
2316 	struct ieee80211_if_managed *ifmgd;
2317 
2318 	ifmgd = &sdata->u.mgd;
2319 	INIT_WORK(&ifmgd->work, ieee80211_sta_work);
2320 	INIT_WORK(&ifmgd->monitor_work, ieee80211_sta_monitor_work);
2321 	INIT_WORK(&ifmgd->chswitch_work, ieee80211_chswitch_work);
2322 	INIT_WORK(&ifmgd->beacon_loss_work, ieee80211_beacon_loss_work);
2323 	setup_timer(&ifmgd->timer, ieee80211_sta_timer,
2324 		    (unsigned long) sdata);
2325 	setup_timer(&ifmgd->bcn_mon_timer, ieee80211_sta_bcn_mon_timer,
2326 		    (unsigned long) sdata);
2327 	setup_timer(&ifmgd->conn_mon_timer, ieee80211_sta_conn_mon_timer,
2328 		    (unsigned long) sdata);
2329 	setup_timer(&ifmgd->chswitch_timer, ieee80211_chswitch_timer,
2330 		    (unsigned long) sdata);
2331 	skb_queue_head_init(&ifmgd->skb_queue);
2332 
2333 	INIT_LIST_HEAD(&ifmgd->work_list);
2334 
2335 	ifmgd->capab = WLAN_CAPABILITY_ESS;
2336 	ifmgd->flags = 0;
2337 	if (sdata->local->hw.queues >= 4)
2338 		ifmgd->flags |= IEEE80211_STA_WMM_ENABLED;
2339 
2340 	mutex_init(&ifmgd->mtx);
2341 }
2342 
2343 /* scan finished notification */
2344 void ieee80211_mlme_notify_scan_completed(struct ieee80211_local *local)
2345 {
2346 	struct ieee80211_sub_if_data *sdata = local->scan_sdata;
2347 
2348 	/* Restart STA timers */
2349 	rcu_read_lock();
2350 	list_for_each_entry_rcu(sdata, &local->interfaces, list)
2351 		ieee80211_restart_sta_timer(sdata);
2352 	rcu_read_unlock();
2353 }
2354 
2355 int ieee80211_max_network_latency(struct notifier_block *nb,
2356 				  unsigned long data, void *dummy)
2357 {
2358 	s32 latency_usec = (s32) data;
2359 	struct ieee80211_local *local =
2360 		container_of(nb, struct ieee80211_local,
2361 			     network_latency_notifier);
2362 
2363 	mutex_lock(&local->iflist_mtx);
2364 	ieee80211_recalc_ps(local, latency_usec);
2365 	mutex_unlock(&local->iflist_mtx);
2366 
2367 	return 0;
2368 }
2369 
2370 /* config hooks */
2371 int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata,
2372 		       struct cfg80211_auth_request *req)
2373 {
2374 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2375 	const u8 *ssid;
2376 	struct ieee80211_mgd_work *wk;
2377 	u16 auth_alg;
2378 
2379 	switch (req->auth_type) {
2380 	case NL80211_AUTHTYPE_OPEN_SYSTEM:
2381 		auth_alg = WLAN_AUTH_OPEN;
2382 		break;
2383 	case NL80211_AUTHTYPE_SHARED_KEY:
2384 		auth_alg = WLAN_AUTH_SHARED_KEY;
2385 		break;
2386 	case NL80211_AUTHTYPE_FT:
2387 		auth_alg = WLAN_AUTH_FT;
2388 		break;
2389 	case NL80211_AUTHTYPE_NETWORK_EAP:
2390 		auth_alg = WLAN_AUTH_LEAP;
2391 		break;
2392 	default:
2393 		return -EOPNOTSUPP;
2394 	}
2395 
2396 	wk = kzalloc(sizeof(*wk) + req->ie_len, GFP_KERNEL);
2397 	if (!wk)
2398 		return -ENOMEM;
2399 
2400 	wk->bss = (void *)req->bss;
2401 
2402 	if (req->ie && req->ie_len) {
2403 		memcpy(wk->ie, req->ie, req->ie_len);
2404 		wk->ie_len = req->ie_len;
2405 	}
2406 
2407 	if (req->key && req->key_len) {
2408 		wk->key_len = req->key_len;
2409 		wk->key_idx = req->key_idx;
2410 		memcpy(wk->key, req->key, req->key_len);
2411 	}
2412 
2413 	ssid = ieee80211_bss_get_ie(req->bss, WLAN_EID_SSID);
2414 	memcpy(wk->ssid, ssid + 2, ssid[1]);
2415 	wk->ssid_len = ssid[1];
2416 
2417 	wk->state = IEEE80211_MGD_STATE_PROBE;
2418 	wk->auth_alg = auth_alg;
2419 	wk->timeout = jiffies; /* run right away */
2420 
2421 	/*
2422 	 * XXX: if still associated need to tell AP that we're going
2423 	 *	to sleep and then change channel etc.
2424 	 */
2425 	sdata->local->oper_channel = req->bss->channel;
2426 	ieee80211_hw_config(sdata->local, 0);
2427 
2428 	mutex_lock(&ifmgd->mtx);
2429 	list_add(&wk->list, &sdata->u.mgd.work_list);
2430 	mutex_unlock(&ifmgd->mtx);
2431 
2432 	ieee80211_queue_work(&sdata->local->hw, &sdata->u.mgd.work);
2433 	return 0;
2434 }
2435 
2436 int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata,
2437 			struct cfg80211_assoc_request *req)
2438 {
2439 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2440 	struct ieee80211_mgd_work *wk, *found = NULL;
2441 	int i, err;
2442 
2443 	mutex_lock(&ifmgd->mtx);
2444 
2445 	list_for_each_entry(wk, &ifmgd->work_list, list) {
2446 		if (&wk->bss->cbss == req->bss &&
2447 		    wk->state == IEEE80211_MGD_STATE_IDLE) {
2448 			found = wk;
2449 			break;
2450 		}
2451 	}
2452 
2453 	if (!found) {
2454 		err = -ENOLINK;
2455 		goto out;
2456 	}
2457 
2458 	list_del(&found->list);
2459 
2460 	wk = krealloc(found, sizeof(*wk) + req->ie_len, GFP_KERNEL);
2461 	if (!wk) {
2462 		list_add(&found->list, &ifmgd->work_list);
2463 		err = -ENOMEM;
2464 		goto out;
2465 	}
2466 
2467 	list_add(&wk->list, &ifmgd->work_list);
2468 
2469 	ifmgd->flags &= ~IEEE80211_STA_DISABLE_11N;
2470 
2471 	for (i = 0; i < req->crypto.n_ciphers_pairwise; i++)
2472 		if (req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP40 ||
2473 		    req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_TKIP ||
2474 		    req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP104)
2475 			ifmgd->flags |= IEEE80211_STA_DISABLE_11N;
2476 
2477 	sdata->local->oper_channel = req->bss->channel;
2478 	ieee80211_hw_config(sdata->local, 0);
2479 
2480 	if (req->ie && req->ie_len) {
2481 		memcpy(wk->ie, req->ie, req->ie_len);
2482 		wk->ie_len = req->ie_len;
2483 	} else
2484 		wk->ie_len = 0;
2485 
2486 	if (req->prev_bssid)
2487 		memcpy(wk->prev_bssid, req->prev_bssid, ETH_ALEN);
2488 
2489 	wk->state = IEEE80211_MGD_STATE_ASSOC;
2490 	wk->tries = 0;
2491 	wk->timeout = jiffies; /* run right away */
2492 
2493 	if (req->use_mfp) {
2494 		ifmgd->mfp = IEEE80211_MFP_REQUIRED;
2495 		ifmgd->flags |= IEEE80211_STA_MFP_ENABLED;
2496 	} else {
2497 		ifmgd->mfp = IEEE80211_MFP_DISABLED;
2498 		ifmgd->flags &= ~IEEE80211_STA_MFP_ENABLED;
2499 	}
2500 
2501 	if (req->crypto.control_port)
2502 		ifmgd->flags |= IEEE80211_STA_CONTROL_PORT;
2503 	else
2504 		ifmgd->flags &= ~IEEE80211_STA_CONTROL_PORT;
2505 
2506 	ieee80211_queue_work(&sdata->local->hw, &sdata->u.mgd.work);
2507 
2508 	err = 0;
2509 
2510  out:
2511 	mutex_unlock(&ifmgd->mtx);
2512 	return err;
2513 }
2514 
2515 int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,
2516 			 struct cfg80211_deauth_request *req,
2517 			 void *cookie)
2518 {
2519 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2520 	struct ieee80211_mgd_work *wk;
2521 	const u8 *bssid = NULL;
2522 	bool not_auth_yet = false;
2523 
2524 	mutex_lock(&ifmgd->mtx);
2525 
2526 	if (ifmgd->associated && &ifmgd->associated->cbss == req->bss) {
2527 		bssid = req->bss->bssid;
2528 		ieee80211_set_disassoc(sdata, true);
2529 	} else list_for_each_entry(wk, &ifmgd->work_list, list) {
2530 		if (&wk->bss->cbss == req->bss) {
2531 			bssid = req->bss->bssid;
2532 			if (wk->state == IEEE80211_MGD_STATE_PROBE)
2533 				not_auth_yet = true;
2534 			list_del(&wk->list);
2535 			kfree(wk);
2536 			break;
2537 		}
2538 	}
2539 
2540 	/*
2541 	 * If somebody requests authentication and we haven't
2542 	 * sent out an auth frame yet there's no need to send
2543 	 * out a deauth frame either. If the state was PROBE,
2544 	 * then this is the case. If it's AUTH we have sent a
2545 	 * frame, and if it's IDLE we have completed the auth
2546 	 * process already.
2547 	 */
2548 	if (not_auth_yet) {
2549 		mutex_unlock(&ifmgd->mtx);
2550 		__cfg80211_auth_canceled(sdata->dev, bssid);
2551 		return 0;
2552 	}
2553 
2554 	/*
2555 	 * cfg80211 should catch this ... but it's racy since
2556 	 * we can receive a deauth frame, process it, hand it
2557 	 * to cfg80211 while that's in a locked section already
2558 	 * trying to tell us that the user wants to disconnect.
2559 	 */
2560 	if (!bssid) {
2561 		mutex_unlock(&ifmgd->mtx);
2562 		return -ENOLINK;
2563 	}
2564 
2565 	mutex_unlock(&ifmgd->mtx);
2566 
2567 	printk(KERN_DEBUG "%s: deauthenticating from %pM by local choice (reason=%d)\n",
2568 	       sdata->dev->name, bssid, req->reason_code);
2569 
2570 	ieee80211_send_deauth_disassoc(sdata, bssid,
2571 			IEEE80211_STYPE_DEAUTH, req->reason_code,
2572 			cookie);
2573 
2574 	ieee80211_recalc_idle(sdata->local);
2575 
2576 	return 0;
2577 }
2578 
2579 int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata,
2580 			   struct cfg80211_disassoc_request *req,
2581 			   void *cookie)
2582 {
2583 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2584 
2585 	mutex_lock(&ifmgd->mtx);
2586 
2587 	/*
2588 	 * cfg80211 should catch this ... but it's racy since
2589 	 * we can receive a disassoc frame, process it, hand it
2590 	 * to cfg80211 while that's in a locked section already
2591 	 * trying to tell us that the user wants to disconnect.
2592 	 */
2593 	if (&ifmgd->associated->cbss != req->bss) {
2594 		mutex_unlock(&ifmgd->mtx);
2595 		return -ENOLINK;
2596 	}
2597 
2598 	printk(KERN_DEBUG "%s: disassociating from %pM by local choice (reason=%d)\n",
2599 	       sdata->dev->name, req->bss->bssid, req->reason_code);
2600 
2601 	ieee80211_set_disassoc(sdata, false);
2602 
2603 	mutex_unlock(&ifmgd->mtx);
2604 
2605 	ieee80211_send_deauth_disassoc(sdata, req->bss->bssid,
2606 			IEEE80211_STYPE_DISASSOC, req->reason_code,
2607 			cookie);
2608 
2609 	ieee80211_recalc_idle(sdata->local);
2610 
2611 	return 0;
2612 }
2613