1 /* 2 * BSS client mode implementation 3 * Copyright 2003, Jouni Malinen <jkmaline@cc.hut.fi> 4 * Copyright 2004, Instant802 Networks, Inc. 5 * Copyright 2005, Devicescape Software, Inc. 6 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 7 * Copyright 2007, Michael Wu <flamingice@sourmilk.net> 8 * 9 * This program is free software; you can redistribute it and/or modify 10 * it under the terms of the GNU General Public License version 2 as 11 * published by the Free Software Foundation. 12 */ 13 14 /* TODO: 15 * order BSS list by RSSI(?) ("quality of AP") 16 * scan result table filtering (by capability (privacy, IBSS/BSS, WPA/RSN IE, 17 * SSID) 18 */ 19 #include <linux/delay.h> 20 #include <linux/if_ether.h> 21 #include <linux/skbuff.h> 22 #include <linux/netdevice.h> 23 #include <linux/if_arp.h> 24 #include <linux/wireless.h> 25 #include <linux/random.h> 26 #include <linux/etherdevice.h> 27 #include <linux/rtnetlink.h> 28 #include <net/iw_handler.h> 29 #include <asm/types.h> 30 31 #include <net/mac80211.h> 32 #include "ieee80211_i.h" 33 #include "rate.h" 34 #include "led.h" 35 #include "mesh.h" 36 37 #define IEEE80211_AUTH_TIMEOUT (HZ / 5) 38 #define IEEE80211_AUTH_MAX_TRIES 3 39 #define IEEE80211_ASSOC_TIMEOUT (HZ / 5) 40 #define IEEE80211_ASSOC_MAX_TRIES 3 41 #define IEEE80211_MONITORING_INTERVAL (2 * HZ) 42 #define IEEE80211_MESH_HOUSEKEEPING_INTERVAL (60 * HZ) 43 #define IEEE80211_PROBE_INTERVAL (60 * HZ) 44 #define IEEE80211_RETRY_AUTH_INTERVAL (1 * HZ) 45 #define IEEE80211_SCAN_INTERVAL (2 * HZ) 46 #define IEEE80211_SCAN_INTERVAL_SLOW (15 * HZ) 47 #define IEEE80211_IBSS_JOIN_TIMEOUT (20 * HZ) 48 49 #define IEEE80211_PROBE_DELAY (HZ / 33) 50 #define IEEE80211_CHANNEL_TIME (HZ / 33) 51 #define IEEE80211_PASSIVE_CHANNEL_TIME (HZ / 5) 52 #define IEEE80211_SCAN_RESULT_EXPIRE (10 * HZ) 53 #define IEEE80211_IBSS_MERGE_INTERVAL (30 * HZ) 54 #define IEEE80211_IBSS_INACTIVITY_LIMIT (60 * HZ) 55 #define IEEE80211_MESH_PEER_INACTIVITY_LIMIT (1800 * HZ) 56 57 #define IEEE80211_IBSS_MAX_STA_ENTRIES 128 58 59 60 #define ERP_INFO_USE_PROTECTION BIT(1) 61 62 /* mgmt header + 1 byte action code */ 63 #define IEEE80211_MIN_ACTION_SIZE (24 + 1) 64 65 #define IEEE80211_ADDBA_PARAM_POLICY_MASK 0x0002 66 #define IEEE80211_ADDBA_PARAM_TID_MASK 0x003C 67 #define IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK 0xFFA0 68 #define IEEE80211_DELBA_PARAM_TID_MASK 0xF000 69 #define IEEE80211_DELBA_PARAM_INITIATOR_MASK 0x0800 70 71 /* next values represent the buffer size for A-MPDU frame. 72 * According to IEEE802.11n spec size varies from 8K to 64K (in powers of 2) */ 73 #define IEEE80211_MIN_AMPDU_BUF 0x8 74 #define IEEE80211_MAX_AMPDU_BUF 0x40 75 76 static void ieee80211_send_probe_req(struct net_device *dev, u8 *dst, 77 u8 *ssid, size_t ssid_len); 78 static struct ieee80211_sta_bss * 79 ieee80211_rx_bss_get(struct net_device *dev, u8 *bssid, int freq, 80 u8 *ssid, u8 ssid_len); 81 static void ieee80211_rx_bss_put(struct net_device *dev, 82 struct ieee80211_sta_bss *bss); 83 static int ieee80211_sta_find_ibss(struct net_device *dev, 84 struct ieee80211_if_sta *ifsta); 85 static int ieee80211_sta_wep_configured(struct net_device *dev); 86 static int ieee80211_sta_start_scan(struct net_device *dev, 87 u8 *ssid, size_t ssid_len); 88 static int ieee80211_sta_config_auth(struct net_device *dev, 89 struct ieee80211_if_sta *ifsta); 90 91 92 void ieee802_11_parse_elems(u8 *start, size_t len, 93 struct ieee802_11_elems *elems) 94 { 95 size_t left = len; 96 u8 *pos = start; 97 98 memset(elems, 0, sizeof(*elems)); 99 100 while (left >= 2) { 101 u8 id, elen; 102 103 id = *pos++; 104 elen = *pos++; 105 left -= 2; 106 107 if (elen > left) 108 return; 109 110 switch (id) { 111 case WLAN_EID_SSID: 112 elems->ssid = pos; 113 elems->ssid_len = elen; 114 break; 115 case WLAN_EID_SUPP_RATES: 116 elems->supp_rates = pos; 117 elems->supp_rates_len = elen; 118 break; 119 case WLAN_EID_FH_PARAMS: 120 elems->fh_params = pos; 121 elems->fh_params_len = elen; 122 break; 123 case WLAN_EID_DS_PARAMS: 124 elems->ds_params = pos; 125 elems->ds_params_len = elen; 126 break; 127 case WLAN_EID_CF_PARAMS: 128 elems->cf_params = pos; 129 elems->cf_params_len = elen; 130 break; 131 case WLAN_EID_TIM: 132 elems->tim = pos; 133 elems->tim_len = elen; 134 break; 135 case WLAN_EID_IBSS_PARAMS: 136 elems->ibss_params = pos; 137 elems->ibss_params_len = elen; 138 break; 139 case WLAN_EID_CHALLENGE: 140 elems->challenge = pos; 141 elems->challenge_len = elen; 142 break; 143 case WLAN_EID_WPA: 144 if (elen >= 4 && pos[0] == 0x00 && pos[1] == 0x50 && 145 pos[2] == 0xf2) { 146 /* Microsoft OUI (00:50:F2) */ 147 if (pos[3] == 1) { 148 /* OUI Type 1 - WPA IE */ 149 elems->wpa = pos; 150 elems->wpa_len = elen; 151 } else if (elen >= 5 && pos[3] == 2) { 152 if (pos[4] == 0) { 153 elems->wmm_info = pos; 154 elems->wmm_info_len = elen; 155 } else if (pos[4] == 1) { 156 elems->wmm_param = pos; 157 elems->wmm_param_len = elen; 158 } 159 } 160 } 161 break; 162 case WLAN_EID_RSN: 163 elems->rsn = pos; 164 elems->rsn_len = elen; 165 break; 166 case WLAN_EID_ERP_INFO: 167 elems->erp_info = pos; 168 elems->erp_info_len = elen; 169 break; 170 case WLAN_EID_EXT_SUPP_RATES: 171 elems->ext_supp_rates = pos; 172 elems->ext_supp_rates_len = elen; 173 break; 174 case WLAN_EID_HT_CAPABILITY: 175 elems->ht_cap_elem = pos; 176 elems->ht_cap_elem_len = elen; 177 break; 178 case WLAN_EID_HT_EXTRA_INFO: 179 elems->ht_info_elem = pos; 180 elems->ht_info_elem_len = elen; 181 break; 182 case WLAN_EID_MESH_ID: 183 elems->mesh_id = pos; 184 elems->mesh_id_len = elen; 185 break; 186 case WLAN_EID_MESH_CONFIG: 187 elems->mesh_config = pos; 188 elems->mesh_config_len = elen; 189 break; 190 case WLAN_EID_PEER_LINK: 191 elems->peer_link = pos; 192 elems->peer_link_len = elen; 193 break; 194 case WLAN_EID_PREQ: 195 elems->preq = pos; 196 elems->preq_len = elen; 197 break; 198 case WLAN_EID_PREP: 199 elems->prep = pos; 200 elems->prep_len = elen; 201 break; 202 case WLAN_EID_PERR: 203 elems->perr = pos; 204 elems->perr_len = elen; 205 break; 206 default: 207 break; 208 } 209 210 left -= elen; 211 pos += elen; 212 } 213 } 214 215 216 static int ecw2cw(int ecw) 217 { 218 return (1 << ecw) - 1; 219 } 220 221 222 static void ieee80211_sta_def_wmm_params(struct net_device *dev, 223 struct ieee80211_sta_bss *bss, 224 int ibss) 225 { 226 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 227 struct ieee80211_local *local = sdata->local; 228 int i, have_higher_than_11mbit = 0; 229 230 231 /* cf. IEEE 802.11 9.2.12 */ 232 for (i = 0; i < bss->supp_rates_len; i++) 233 if ((bss->supp_rates[i] & 0x7f) * 5 > 110) 234 have_higher_than_11mbit = 1; 235 236 if (local->hw.conf.channel->band == IEEE80211_BAND_2GHZ && 237 have_higher_than_11mbit) 238 sdata->flags |= IEEE80211_SDATA_OPERATING_GMODE; 239 else 240 sdata->flags &= ~IEEE80211_SDATA_OPERATING_GMODE; 241 242 243 if (local->ops->conf_tx) { 244 struct ieee80211_tx_queue_params qparam; 245 246 memset(&qparam, 0, sizeof(qparam)); 247 248 qparam.aifs = 2; 249 250 if (local->hw.conf.channel->band == IEEE80211_BAND_2GHZ && 251 !(sdata->flags & IEEE80211_SDATA_OPERATING_GMODE)) 252 qparam.cw_min = 31; 253 else 254 qparam.cw_min = 15; 255 256 qparam.cw_max = 1023; 257 qparam.txop = 0; 258 259 for (i = IEEE80211_TX_QUEUE_DATA0; i < NUM_TX_DATA_QUEUES; i++) 260 local->ops->conf_tx(local_to_hw(local), 261 i + IEEE80211_TX_QUEUE_DATA0, 262 &qparam); 263 264 if (ibss) { 265 /* IBSS uses different parameters for Beacon sending */ 266 qparam.cw_min++; 267 qparam.cw_min *= 2; 268 qparam.cw_min--; 269 local->ops->conf_tx(local_to_hw(local), 270 IEEE80211_TX_QUEUE_BEACON, &qparam); 271 } 272 } 273 } 274 275 static void ieee80211_sta_wmm_params(struct net_device *dev, 276 struct ieee80211_if_sta *ifsta, 277 u8 *wmm_param, size_t wmm_param_len) 278 { 279 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 280 struct ieee80211_tx_queue_params params; 281 size_t left; 282 int count; 283 u8 *pos; 284 285 if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1) 286 return; 287 count = wmm_param[6] & 0x0f; 288 if (count == ifsta->wmm_last_param_set) 289 return; 290 ifsta->wmm_last_param_set = count; 291 292 pos = wmm_param + 8; 293 left = wmm_param_len - 8; 294 295 memset(¶ms, 0, sizeof(params)); 296 297 if (!local->ops->conf_tx) 298 return; 299 300 local->wmm_acm = 0; 301 for (; left >= 4; left -= 4, pos += 4) { 302 int aci = (pos[0] >> 5) & 0x03; 303 int acm = (pos[0] >> 4) & 0x01; 304 int queue; 305 306 switch (aci) { 307 case 1: 308 queue = IEEE80211_TX_QUEUE_DATA3; 309 if (acm) { 310 local->wmm_acm |= BIT(0) | BIT(3); 311 } 312 break; 313 case 2: 314 queue = IEEE80211_TX_QUEUE_DATA1; 315 if (acm) { 316 local->wmm_acm |= BIT(4) | BIT(5); 317 } 318 break; 319 case 3: 320 queue = IEEE80211_TX_QUEUE_DATA0; 321 if (acm) { 322 local->wmm_acm |= BIT(6) | BIT(7); 323 } 324 break; 325 case 0: 326 default: 327 queue = IEEE80211_TX_QUEUE_DATA2; 328 if (acm) { 329 local->wmm_acm |= BIT(1) | BIT(2); 330 } 331 break; 332 } 333 334 params.aifs = pos[0] & 0x0f; 335 params.cw_max = ecw2cw((pos[1] & 0xf0) >> 4); 336 params.cw_min = ecw2cw(pos[1] & 0x0f); 337 params.txop = pos[2] | (pos[3] << 8); 338 #ifdef CONFIG_MAC80211_DEBUG 339 printk(KERN_DEBUG "%s: WMM queue=%d aci=%d acm=%d aifs=%d " 340 "cWmin=%d cWmax=%d txop=%d\n", 341 dev->name, queue, aci, acm, params.aifs, params.cw_min, 342 params.cw_max, params.txop); 343 #endif 344 /* TODO: handle ACM (block TX, fallback to next lowest allowed 345 * AC for now) */ 346 if (local->ops->conf_tx(local_to_hw(local), queue, ¶ms)) { 347 printk(KERN_DEBUG "%s: failed to set TX queue " 348 "parameters for queue %d\n", dev->name, queue); 349 } 350 } 351 } 352 353 static u32 ieee80211_handle_protect_preamb(struct ieee80211_sub_if_data *sdata, 354 bool use_protection, 355 bool use_short_preamble) 356 { 357 struct ieee80211_bss_conf *bss_conf = &sdata->bss_conf; 358 struct ieee80211_if_sta *ifsta = &sdata->u.sta; 359 DECLARE_MAC_BUF(mac); 360 u32 changed = 0; 361 362 if (use_protection != bss_conf->use_cts_prot) { 363 if (net_ratelimit()) { 364 printk(KERN_DEBUG "%s: CTS protection %s (BSSID=" 365 "%s)\n", 366 sdata->dev->name, 367 use_protection ? "enabled" : "disabled", 368 print_mac(mac, ifsta->bssid)); 369 } 370 bss_conf->use_cts_prot = use_protection; 371 changed |= BSS_CHANGED_ERP_CTS_PROT; 372 } 373 374 if (use_short_preamble != bss_conf->use_short_preamble) { 375 if (net_ratelimit()) { 376 printk(KERN_DEBUG "%s: switched to %s barker preamble" 377 " (BSSID=%s)\n", 378 sdata->dev->name, 379 use_short_preamble ? "short" : "long", 380 print_mac(mac, ifsta->bssid)); 381 } 382 bss_conf->use_short_preamble = use_short_preamble; 383 changed |= BSS_CHANGED_ERP_PREAMBLE; 384 } 385 386 return changed; 387 } 388 389 static u32 ieee80211_handle_erp_ie(struct ieee80211_sub_if_data *sdata, 390 u8 erp_value) 391 { 392 bool use_protection = (erp_value & WLAN_ERP_USE_PROTECTION) != 0; 393 bool use_short_preamble = (erp_value & WLAN_ERP_BARKER_PREAMBLE) == 0; 394 395 return ieee80211_handle_protect_preamb(sdata, 396 use_protection, use_short_preamble); 397 } 398 399 static u32 ieee80211_handle_bss_capability(struct ieee80211_sub_if_data *sdata, 400 struct ieee80211_sta_bss *bss) 401 { 402 u32 changed = 0; 403 404 if (bss->has_erp_value) 405 changed |= ieee80211_handle_erp_ie(sdata, bss->erp_value); 406 else { 407 u16 capab = bss->capability; 408 changed |= ieee80211_handle_protect_preamb(sdata, false, 409 (capab & WLAN_CAPABILITY_SHORT_PREAMBLE) != 0); 410 } 411 412 return changed; 413 } 414 415 int ieee80211_ht_cap_ie_to_ht_info(struct ieee80211_ht_cap *ht_cap_ie, 416 struct ieee80211_ht_info *ht_info) 417 { 418 419 if (ht_info == NULL) 420 return -EINVAL; 421 422 memset(ht_info, 0, sizeof(*ht_info)); 423 424 if (ht_cap_ie) { 425 u8 ampdu_info = ht_cap_ie->ampdu_params_info; 426 427 ht_info->ht_supported = 1; 428 ht_info->cap = le16_to_cpu(ht_cap_ie->cap_info); 429 ht_info->ampdu_factor = 430 ampdu_info & IEEE80211_HT_CAP_AMPDU_FACTOR; 431 ht_info->ampdu_density = 432 (ampdu_info & IEEE80211_HT_CAP_AMPDU_DENSITY) >> 2; 433 memcpy(ht_info->supp_mcs_set, ht_cap_ie->supp_mcs_set, 16); 434 } else 435 ht_info->ht_supported = 0; 436 437 return 0; 438 } 439 440 int ieee80211_ht_addt_info_ie_to_ht_bss_info( 441 struct ieee80211_ht_addt_info *ht_add_info_ie, 442 struct ieee80211_ht_bss_info *bss_info) 443 { 444 if (bss_info == NULL) 445 return -EINVAL; 446 447 memset(bss_info, 0, sizeof(*bss_info)); 448 449 if (ht_add_info_ie) { 450 u16 op_mode; 451 op_mode = le16_to_cpu(ht_add_info_ie->operation_mode); 452 453 bss_info->primary_channel = ht_add_info_ie->control_chan; 454 bss_info->bss_cap = ht_add_info_ie->ht_param; 455 bss_info->bss_op_mode = (u8)(op_mode & 0xff); 456 } 457 458 return 0; 459 } 460 461 static void ieee80211_sta_send_associnfo(struct net_device *dev, 462 struct ieee80211_if_sta *ifsta) 463 { 464 char *buf; 465 size_t len; 466 int i; 467 union iwreq_data wrqu; 468 469 if (!ifsta->assocreq_ies && !ifsta->assocresp_ies) 470 return; 471 472 buf = kmalloc(50 + 2 * (ifsta->assocreq_ies_len + 473 ifsta->assocresp_ies_len), GFP_KERNEL); 474 if (!buf) 475 return; 476 477 len = sprintf(buf, "ASSOCINFO("); 478 if (ifsta->assocreq_ies) { 479 len += sprintf(buf + len, "ReqIEs="); 480 for (i = 0; i < ifsta->assocreq_ies_len; i++) { 481 len += sprintf(buf + len, "%02x", 482 ifsta->assocreq_ies[i]); 483 } 484 } 485 if (ifsta->assocresp_ies) { 486 if (ifsta->assocreq_ies) 487 len += sprintf(buf + len, " "); 488 len += sprintf(buf + len, "RespIEs="); 489 for (i = 0; i < ifsta->assocresp_ies_len; i++) { 490 len += sprintf(buf + len, "%02x", 491 ifsta->assocresp_ies[i]); 492 } 493 } 494 len += sprintf(buf + len, ")"); 495 496 if (len > IW_CUSTOM_MAX) { 497 len = sprintf(buf, "ASSOCRESPIE="); 498 for (i = 0; i < ifsta->assocresp_ies_len; i++) { 499 len += sprintf(buf + len, "%02x", 500 ifsta->assocresp_ies[i]); 501 } 502 } 503 504 memset(&wrqu, 0, sizeof(wrqu)); 505 wrqu.data.length = len; 506 wireless_send_event(dev, IWEVCUSTOM, &wrqu, buf); 507 508 kfree(buf); 509 } 510 511 512 static void ieee80211_set_associated(struct net_device *dev, 513 struct ieee80211_if_sta *ifsta, 514 bool assoc) 515 { 516 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 517 struct ieee80211_local *local = sdata->local; 518 struct ieee80211_conf *conf = &local_to_hw(local)->conf; 519 union iwreq_data wrqu; 520 u32 changed = BSS_CHANGED_ASSOC; 521 522 if (assoc) { 523 struct ieee80211_sta_bss *bss; 524 525 ifsta->flags |= IEEE80211_STA_ASSOCIATED; 526 527 if (sdata->vif.type != IEEE80211_IF_TYPE_STA) 528 return; 529 530 bss = ieee80211_rx_bss_get(dev, ifsta->bssid, 531 conf->channel->center_freq, 532 ifsta->ssid, ifsta->ssid_len); 533 if (bss) { 534 /* set timing information */ 535 sdata->bss_conf.beacon_int = bss->beacon_int; 536 sdata->bss_conf.timestamp = bss->timestamp; 537 538 changed |= ieee80211_handle_bss_capability(sdata, bss); 539 540 ieee80211_rx_bss_put(dev, bss); 541 } 542 543 if (conf->flags & IEEE80211_CONF_SUPPORT_HT_MODE) { 544 changed |= BSS_CHANGED_HT; 545 sdata->bss_conf.assoc_ht = 1; 546 sdata->bss_conf.ht_conf = &conf->ht_conf; 547 sdata->bss_conf.ht_bss_conf = &conf->ht_bss_conf; 548 } 549 550 netif_carrier_on(dev); 551 ifsta->flags |= IEEE80211_STA_PREV_BSSID_SET; 552 memcpy(ifsta->prev_bssid, sdata->u.sta.bssid, ETH_ALEN); 553 memcpy(wrqu.ap_addr.sa_data, sdata->u.sta.bssid, ETH_ALEN); 554 ieee80211_sta_send_associnfo(dev, ifsta); 555 } else { 556 ieee80211_sta_tear_down_BA_sessions(dev, ifsta->bssid); 557 ifsta->flags &= ~IEEE80211_STA_ASSOCIATED; 558 netif_carrier_off(dev); 559 ieee80211_reset_erp_info(dev); 560 561 sdata->bss_conf.assoc_ht = 0; 562 sdata->bss_conf.ht_conf = NULL; 563 sdata->bss_conf.ht_bss_conf = NULL; 564 565 memset(wrqu.ap_addr.sa_data, 0, ETH_ALEN); 566 } 567 ifsta->last_probe = jiffies; 568 ieee80211_led_assoc(local, assoc); 569 570 sdata->bss_conf.assoc = assoc; 571 ieee80211_bss_info_change_notify(sdata, changed); 572 wrqu.ap_addr.sa_family = ARPHRD_ETHER; 573 wireless_send_event(dev, SIOCGIWAP, &wrqu, NULL); 574 } 575 576 static void ieee80211_set_disassoc(struct net_device *dev, 577 struct ieee80211_if_sta *ifsta, int deauth) 578 { 579 if (deauth) 580 ifsta->auth_tries = 0; 581 ifsta->assoc_tries = 0; 582 ieee80211_set_associated(dev, ifsta, 0); 583 } 584 585 void ieee80211_sta_tx(struct net_device *dev, struct sk_buff *skb, 586 int encrypt) 587 { 588 struct ieee80211_sub_if_data *sdata; 589 struct ieee80211_tx_packet_data *pkt_data; 590 591 sdata = IEEE80211_DEV_TO_SUB_IF(dev); 592 skb->dev = sdata->local->mdev; 593 skb_set_mac_header(skb, 0); 594 skb_set_network_header(skb, 0); 595 skb_set_transport_header(skb, 0); 596 597 pkt_data = (struct ieee80211_tx_packet_data *) skb->cb; 598 memset(pkt_data, 0, sizeof(struct ieee80211_tx_packet_data)); 599 pkt_data->ifindex = sdata->dev->ifindex; 600 if (!encrypt) 601 pkt_data->flags |= IEEE80211_TXPD_DO_NOT_ENCRYPT; 602 603 dev_queue_xmit(skb); 604 } 605 606 607 static void ieee80211_send_auth(struct net_device *dev, 608 struct ieee80211_if_sta *ifsta, 609 int transaction, u8 *extra, size_t extra_len, 610 int encrypt) 611 { 612 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 613 struct sk_buff *skb; 614 struct ieee80211_mgmt *mgmt; 615 616 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 617 sizeof(*mgmt) + 6 + extra_len); 618 if (!skb) { 619 printk(KERN_DEBUG "%s: failed to allocate buffer for auth " 620 "frame\n", dev->name); 621 return; 622 } 623 skb_reserve(skb, local->hw.extra_tx_headroom); 624 625 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24 + 6); 626 memset(mgmt, 0, 24 + 6); 627 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT, 628 IEEE80211_STYPE_AUTH); 629 if (encrypt) 630 mgmt->frame_control |= cpu_to_le16(IEEE80211_FCTL_PROTECTED); 631 memcpy(mgmt->da, ifsta->bssid, ETH_ALEN); 632 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN); 633 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN); 634 mgmt->u.auth.auth_alg = cpu_to_le16(ifsta->auth_alg); 635 mgmt->u.auth.auth_transaction = cpu_to_le16(transaction); 636 ifsta->auth_transaction = transaction + 1; 637 mgmt->u.auth.status_code = cpu_to_le16(0); 638 if (extra) 639 memcpy(skb_put(skb, extra_len), extra, extra_len); 640 641 ieee80211_sta_tx(dev, skb, encrypt); 642 } 643 644 645 static void ieee80211_authenticate(struct net_device *dev, 646 struct ieee80211_if_sta *ifsta) 647 { 648 DECLARE_MAC_BUF(mac); 649 650 ifsta->auth_tries++; 651 if (ifsta->auth_tries > IEEE80211_AUTH_MAX_TRIES) { 652 printk(KERN_DEBUG "%s: authentication with AP %s" 653 " timed out\n", 654 dev->name, print_mac(mac, ifsta->bssid)); 655 ifsta->state = IEEE80211_DISABLED; 656 return; 657 } 658 659 ifsta->state = IEEE80211_AUTHENTICATE; 660 printk(KERN_DEBUG "%s: authenticate with AP %s\n", 661 dev->name, print_mac(mac, ifsta->bssid)); 662 663 ieee80211_send_auth(dev, ifsta, 1, NULL, 0, 0); 664 665 mod_timer(&ifsta->timer, jiffies + IEEE80211_AUTH_TIMEOUT); 666 } 667 668 669 static void ieee80211_send_assoc(struct net_device *dev, 670 struct ieee80211_if_sta *ifsta) 671 { 672 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 673 struct sk_buff *skb; 674 struct ieee80211_mgmt *mgmt; 675 u8 *pos, *ies; 676 int i, len; 677 u16 capab; 678 struct ieee80211_sta_bss *bss; 679 int wmm = 0; 680 struct ieee80211_supported_band *sband; 681 682 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 683 sizeof(*mgmt) + 200 + ifsta->extra_ie_len + 684 ifsta->ssid_len); 685 if (!skb) { 686 printk(KERN_DEBUG "%s: failed to allocate buffer for assoc " 687 "frame\n", dev->name); 688 return; 689 } 690 skb_reserve(skb, local->hw.extra_tx_headroom); 691 692 sband = local->hw.wiphy->bands[local->hw.conf.channel->band]; 693 694 capab = ifsta->capab; 695 696 if (local->hw.conf.channel->band == IEEE80211_BAND_2GHZ) { 697 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE)) 698 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME; 699 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE)) 700 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE; 701 } 702 703 bss = ieee80211_rx_bss_get(dev, ifsta->bssid, 704 local->hw.conf.channel->center_freq, 705 ifsta->ssid, ifsta->ssid_len); 706 if (bss) { 707 if (bss->capability & WLAN_CAPABILITY_PRIVACY) 708 capab |= WLAN_CAPABILITY_PRIVACY; 709 if (bss->wmm_ie) { 710 wmm = 1; 711 } 712 ieee80211_rx_bss_put(dev, bss); 713 } 714 715 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24); 716 memset(mgmt, 0, 24); 717 memcpy(mgmt->da, ifsta->bssid, ETH_ALEN); 718 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN); 719 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN); 720 721 if (ifsta->flags & IEEE80211_STA_PREV_BSSID_SET) { 722 skb_put(skb, 10); 723 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT, 724 IEEE80211_STYPE_REASSOC_REQ); 725 mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab); 726 mgmt->u.reassoc_req.listen_interval = cpu_to_le16(1); 727 memcpy(mgmt->u.reassoc_req.current_ap, ifsta->prev_bssid, 728 ETH_ALEN); 729 } else { 730 skb_put(skb, 4); 731 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT, 732 IEEE80211_STYPE_ASSOC_REQ); 733 mgmt->u.assoc_req.capab_info = cpu_to_le16(capab); 734 mgmt->u.assoc_req.listen_interval = cpu_to_le16(1); 735 } 736 737 /* SSID */ 738 ies = pos = skb_put(skb, 2 + ifsta->ssid_len); 739 *pos++ = WLAN_EID_SSID; 740 *pos++ = ifsta->ssid_len; 741 memcpy(pos, ifsta->ssid, ifsta->ssid_len); 742 743 len = sband->n_bitrates; 744 if (len > 8) 745 len = 8; 746 pos = skb_put(skb, len + 2); 747 *pos++ = WLAN_EID_SUPP_RATES; 748 *pos++ = len; 749 for (i = 0; i < len; i++) { 750 int rate = sband->bitrates[i].bitrate; 751 *pos++ = (u8) (rate / 5); 752 } 753 754 if (sband->n_bitrates > len) { 755 pos = skb_put(skb, sband->n_bitrates - len + 2); 756 *pos++ = WLAN_EID_EXT_SUPP_RATES; 757 *pos++ = sband->n_bitrates - len; 758 for (i = len; i < sband->n_bitrates; i++) { 759 int rate = sband->bitrates[i].bitrate; 760 *pos++ = (u8) (rate / 5); 761 } 762 } 763 764 if (ifsta->extra_ie) { 765 pos = skb_put(skb, ifsta->extra_ie_len); 766 memcpy(pos, ifsta->extra_ie, ifsta->extra_ie_len); 767 } 768 769 if (wmm && (ifsta->flags & IEEE80211_STA_WMM_ENABLED)) { 770 pos = skb_put(skb, 9); 771 *pos++ = WLAN_EID_VENDOR_SPECIFIC; 772 *pos++ = 7; /* len */ 773 *pos++ = 0x00; /* Microsoft OUI 00:50:F2 */ 774 *pos++ = 0x50; 775 *pos++ = 0xf2; 776 *pos++ = 2; /* WME */ 777 *pos++ = 0; /* WME info */ 778 *pos++ = 1; /* WME ver */ 779 *pos++ = 0; 780 } 781 /* wmm support is a must to HT */ 782 if (wmm && sband->ht_info.ht_supported) { 783 __le16 tmp = cpu_to_le16(sband->ht_info.cap); 784 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap)+2); 785 *pos++ = WLAN_EID_HT_CAPABILITY; 786 *pos++ = sizeof(struct ieee80211_ht_cap); 787 memset(pos, 0, sizeof(struct ieee80211_ht_cap)); 788 memcpy(pos, &tmp, sizeof(u16)); 789 pos += sizeof(u16); 790 /* TODO: needs a define here for << 2 */ 791 *pos++ = sband->ht_info.ampdu_factor | 792 (sband->ht_info.ampdu_density << 2); 793 memcpy(pos, sband->ht_info.supp_mcs_set, 16); 794 } 795 796 kfree(ifsta->assocreq_ies); 797 ifsta->assocreq_ies_len = (skb->data + skb->len) - ies; 798 ifsta->assocreq_ies = kmalloc(ifsta->assocreq_ies_len, GFP_KERNEL); 799 if (ifsta->assocreq_ies) 800 memcpy(ifsta->assocreq_ies, ies, ifsta->assocreq_ies_len); 801 802 ieee80211_sta_tx(dev, skb, 0); 803 } 804 805 806 static void ieee80211_send_deauth(struct net_device *dev, 807 struct ieee80211_if_sta *ifsta, u16 reason) 808 { 809 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 810 struct sk_buff *skb; 811 struct ieee80211_mgmt *mgmt; 812 813 skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt)); 814 if (!skb) { 815 printk(KERN_DEBUG "%s: failed to allocate buffer for deauth " 816 "frame\n", dev->name); 817 return; 818 } 819 skb_reserve(skb, local->hw.extra_tx_headroom); 820 821 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24); 822 memset(mgmt, 0, 24); 823 memcpy(mgmt->da, ifsta->bssid, ETH_ALEN); 824 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN); 825 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN); 826 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT, 827 IEEE80211_STYPE_DEAUTH); 828 skb_put(skb, 2); 829 mgmt->u.deauth.reason_code = cpu_to_le16(reason); 830 831 ieee80211_sta_tx(dev, skb, 0); 832 } 833 834 835 static void ieee80211_send_disassoc(struct net_device *dev, 836 struct ieee80211_if_sta *ifsta, u16 reason) 837 { 838 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 839 struct sk_buff *skb; 840 struct ieee80211_mgmt *mgmt; 841 842 skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt)); 843 if (!skb) { 844 printk(KERN_DEBUG "%s: failed to allocate buffer for disassoc " 845 "frame\n", dev->name); 846 return; 847 } 848 skb_reserve(skb, local->hw.extra_tx_headroom); 849 850 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24); 851 memset(mgmt, 0, 24); 852 memcpy(mgmt->da, ifsta->bssid, ETH_ALEN); 853 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN); 854 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN); 855 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT, 856 IEEE80211_STYPE_DISASSOC); 857 skb_put(skb, 2); 858 mgmt->u.disassoc.reason_code = cpu_to_le16(reason); 859 860 ieee80211_sta_tx(dev, skb, 0); 861 } 862 863 864 static int ieee80211_privacy_mismatch(struct net_device *dev, 865 struct ieee80211_if_sta *ifsta) 866 { 867 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 868 struct ieee80211_sta_bss *bss; 869 int bss_privacy; 870 int wep_privacy; 871 int privacy_invoked; 872 873 if (!ifsta || (ifsta->flags & IEEE80211_STA_MIXED_CELL)) 874 return 0; 875 876 bss = ieee80211_rx_bss_get(dev, ifsta->bssid, 877 local->hw.conf.channel->center_freq, 878 ifsta->ssid, ifsta->ssid_len); 879 if (!bss) 880 return 0; 881 882 bss_privacy = !!(bss->capability & WLAN_CAPABILITY_PRIVACY); 883 wep_privacy = !!ieee80211_sta_wep_configured(dev); 884 privacy_invoked = !!(ifsta->flags & IEEE80211_STA_PRIVACY_INVOKED); 885 886 ieee80211_rx_bss_put(dev, bss); 887 888 if ((bss_privacy == wep_privacy) || (bss_privacy == privacy_invoked)) 889 return 0; 890 891 return 1; 892 } 893 894 895 static void ieee80211_associate(struct net_device *dev, 896 struct ieee80211_if_sta *ifsta) 897 { 898 DECLARE_MAC_BUF(mac); 899 900 ifsta->assoc_tries++; 901 if (ifsta->assoc_tries > IEEE80211_ASSOC_MAX_TRIES) { 902 printk(KERN_DEBUG "%s: association with AP %s" 903 " timed out\n", 904 dev->name, print_mac(mac, ifsta->bssid)); 905 ifsta->state = IEEE80211_DISABLED; 906 return; 907 } 908 909 ifsta->state = IEEE80211_ASSOCIATE; 910 printk(KERN_DEBUG "%s: associate with AP %s\n", 911 dev->name, print_mac(mac, ifsta->bssid)); 912 if (ieee80211_privacy_mismatch(dev, ifsta)) { 913 printk(KERN_DEBUG "%s: mismatch in privacy configuration and " 914 "mixed-cell disabled - abort association\n", dev->name); 915 ifsta->state = IEEE80211_DISABLED; 916 return; 917 } 918 919 ieee80211_send_assoc(dev, ifsta); 920 921 mod_timer(&ifsta->timer, jiffies + IEEE80211_ASSOC_TIMEOUT); 922 } 923 924 925 static void ieee80211_associated(struct net_device *dev, 926 struct ieee80211_if_sta *ifsta) 927 { 928 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 929 struct sta_info *sta; 930 int disassoc; 931 DECLARE_MAC_BUF(mac); 932 933 /* TODO: start monitoring current AP signal quality and number of 934 * missed beacons. Scan other channels every now and then and search 935 * for better APs. */ 936 /* TODO: remove expired BSSes */ 937 938 ifsta->state = IEEE80211_ASSOCIATED; 939 940 rcu_read_lock(); 941 942 sta = sta_info_get(local, ifsta->bssid); 943 if (!sta) { 944 printk(KERN_DEBUG "%s: No STA entry for own AP %s\n", 945 dev->name, print_mac(mac, ifsta->bssid)); 946 disassoc = 1; 947 } else { 948 disassoc = 0; 949 if (time_after(jiffies, 950 sta->last_rx + IEEE80211_MONITORING_INTERVAL)) { 951 if (ifsta->flags & IEEE80211_STA_PROBEREQ_POLL) { 952 printk(KERN_DEBUG "%s: No ProbeResp from " 953 "current AP %s - assume out of " 954 "range\n", 955 dev->name, print_mac(mac, ifsta->bssid)); 956 disassoc = 1; 957 sta_info_unlink(&sta); 958 } else 959 ieee80211_send_probe_req(dev, ifsta->bssid, 960 local->scan_ssid, 961 local->scan_ssid_len); 962 ifsta->flags ^= IEEE80211_STA_PROBEREQ_POLL; 963 } else { 964 ifsta->flags &= ~IEEE80211_STA_PROBEREQ_POLL; 965 if (time_after(jiffies, ifsta->last_probe + 966 IEEE80211_PROBE_INTERVAL)) { 967 ifsta->last_probe = jiffies; 968 ieee80211_send_probe_req(dev, ifsta->bssid, 969 ifsta->ssid, 970 ifsta->ssid_len); 971 } 972 } 973 } 974 975 rcu_read_unlock(); 976 977 if (disassoc && sta) 978 sta_info_destroy(sta); 979 980 if (disassoc) { 981 ifsta->state = IEEE80211_DISABLED; 982 ieee80211_set_associated(dev, ifsta, 0); 983 } else { 984 mod_timer(&ifsta->timer, jiffies + 985 IEEE80211_MONITORING_INTERVAL); 986 } 987 } 988 989 990 static void ieee80211_send_probe_req(struct net_device *dev, u8 *dst, 991 u8 *ssid, size_t ssid_len) 992 { 993 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 994 struct ieee80211_supported_band *sband; 995 struct sk_buff *skb; 996 struct ieee80211_mgmt *mgmt; 997 u8 *pos, *supp_rates, *esupp_rates = NULL; 998 int i; 999 1000 skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt) + 200); 1001 if (!skb) { 1002 printk(KERN_DEBUG "%s: failed to allocate buffer for probe " 1003 "request\n", dev->name); 1004 return; 1005 } 1006 skb_reserve(skb, local->hw.extra_tx_headroom); 1007 1008 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24); 1009 memset(mgmt, 0, 24); 1010 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT, 1011 IEEE80211_STYPE_PROBE_REQ); 1012 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN); 1013 if (dst) { 1014 memcpy(mgmt->da, dst, ETH_ALEN); 1015 memcpy(mgmt->bssid, dst, ETH_ALEN); 1016 } else { 1017 memset(mgmt->da, 0xff, ETH_ALEN); 1018 memset(mgmt->bssid, 0xff, ETH_ALEN); 1019 } 1020 pos = skb_put(skb, 2 + ssid_len); 1021 *pos++ = WLAN_EID_SSID; 1022 *pos++ = ssid_len; 1023 memcpy(pos, ssid, ssid_len); 1024 1025 supp_rates = skb_put(skb, 2); 1026 supp_rates[0] = WLAN_EID_SUPP_RATES; 1027 supp_rates[1] = 0; 1028 sband = local->hw.wiphy->bands[local->hw.conf.channel->band]; 1029 1030 for (i = 0; i < sband->n_bitrates; i++) { 1031 struct ieee80211_rate *rate = &sband->bitrates[i]; 1032 if (esupp_rates) { 1033 pos = skb_put(skb, 1); 1034 esupp_rates[1]++; 1035 } else if (supp_rates[1] == 8) { 1036 esupp_rates = skb_put(skb, 3); 1037 esupp_rates[0] = WLAN_EID_EXT_SUPP_RATES; 1038 esupp_rates[1] = 1; 1039 pos = &esupp_rates[2]; 1040 } else { 1041 pos = skb_put(skb, 1); 1042 supp_rates[1]++; 1043 } 1044 *pos = rate->bitrate / 5; 1045 } 1046 1047 ieee80211_sta_tx(dev, skb, 0); 1048 } 1049 1050 1051 static int ieee80211_sta_wep_configured(struct net_device *dev) 1052 { 1053 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1054 if (!sdata || !sdata->default_key || 1055 sdata->default_key->conf.alg != ALG_WEP) 1056 return 0; 1057 return 1; 1058 } 1059 1060 1061 static void ieee80211_auth_completed(struct net_device *dev, 1062 struct ieee80211_if_sta *ifsta) 1063 { 1064 printk(KERN_DEBUG "%s: authenticated\n", dev->name); 1065 ifsta->flags |= IEEE80211_STA_AUTHENTICATED; 1066 ieee80211_associate(dev, ifsta); 1067 } 1068 1069 1070 static void ieee80211_auth_challenge(struct net_device *dev, 1071 struct ieee80211_if_sta *ifsta, 1072 struct ieee80211_mgmt *mgmt, 1073 size_t len) 1074 { 1075 u8 *pos; 1076 struct ieee802_11_elems elems; 1077 1078 printk(KERN_DEBUG "%s: replying to auth challenge\n", dev->name); 1079 pos = mgmt->u.auth.variable; 1080 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems); 1081 if (!elems.challenge) { 1082 printk(KERN_DEBUG "%s: no challenge IE in shared key auth " 1083 "frame\n", dev->name); 1084 return; 1085 } 1086 ieee80211_send_auth(dev, ifsta, 3, elems.challenge - 2, 1087 elems.challenge_len + 2, 1); 1088 } 1089 1090 static void ieee80211_send_addba_resp(struct net_device *dev, u8 *da, u16 tid, 1091 u8 dialog_token, u16 status, u16 policy, 1092 u16 buf_size, u16 timeout) 1093 { 1094 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1095 struct ieee80211_if_sta *ifsta = &sdata->u.sta; 1096 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 1097 struct sk_buff *skb; 1098 struct ieee80211_mgmt *mgmt; 1099 u16 capab; 1100 1101 skb = dev_alloc_skb(sizeof(*mgmt) + local->hw.extra_tx_headroom + 1 + 1102 sizeof(mgmt->u.action.u.addba_resp)); 1103 if (!skb) { 1104 printk(KERN_DEBUG "%s: failed to allocate buffer " 1105 "for addba resp frame\n", dev->name); 1106 return; 1107 } 1108 1109 skb_reserve(skb, local->hw.extra_tx_headroom); 1110 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24); 1111 memset(mgmt, 0, 24); 1112 memcpy(mgmt->da, da, ETH_ALEN); 1113 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN); 1114 if (sdata->vif.type == IEEE80211_IF_TYPE_AP) 1115 memcpy(mgmt->bssid, dev->dev_addr, ETH_ALEN); 1116 else 1117 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN); 1118 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT, 1119 IEEE80211_STYPE_ACTION); 1120 1121 skb_put(skb, 1 + sizeof(mgmt->u.action.u.addba_resp)); 1122 mgmt->u.action.category = WLAN_CATEGORY_BACK; 1123 mgmt->u.action.u.addba_resp.action_code = WLAN_ACTION_ADDBA_RESP; 1124 mgmt->u.action.u.addba_resp.dialog_token = dialog_token; 1125 1126 capab = (u16)(policy << 1); /* bit 1 aggregation policy */ 1127 capab |= (u16)(tid << 2); /* bit 5:2 TID number */ 1128 capab |= (u16)(buf_size << 6); /* bit 15:6 max size of aggregation */ 1129 1130 mgmt->u.action.u.addba_resp.capab = cpu_to_le16(capab); 1131 mgmt->u.action.u.addba_resp.timeout = cpu_to_le16(timeout); 1132 mgmt->u.action.u.addba_resp.status = cpu_to_le16(status); 1133 1134 ieee80211_sta_tx(dev, skb, 0); 1135 1136 return; 1137 } 1138 1139 void ieee80211_send_addba_request(struct net_device *dev, const u8 *da, 1140 u16 tid, u8 dialog_token, u16 start_seq_num, 1141 u16 agg_size, u16 timeout) 1142 { 1143 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 1144 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1145 struct ieee80211_if_sta *ifsta = &sdata->u.sta; 1146 struct sk_buff *skb; 1147 struct ieee80211_mgmt *mgmt; 1148 u16 capab; 1149 1150 skb = dev_alloc_skb(sizeof(*mgmt) + local->hw.extra_tx_headroom + 1 + 1151 sizeof(mgmt->u.action.u.addba_req)); 1152 1153 1154 if (!skb) { 1155 printk(KERN_ERR "%s: failed to allocate buffer " 1156 "for addba request frame\n", dev->name); 1157 return; 1158 } 1159 skb_reserve(skb, local->hw.extra_tx_headroom); 1160 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24); 1161 memset(mgmt, 0, 24); 1162 memcpy(mgmt->da, da, ETH_ALEN); 1163 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN); 1164 if (sdata->vif.type == IEEE80211_IF_TYPE_AP) 1165 memcpy(mgmt->bssid, dev->dev_addr, ETH_ALEN); 1166 else 1167 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN); 1168 1169 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT, 1170 IEEE80211_STYPE_ACTION); 1171 1172 skb_put(skb, 1 + sizeof(mgmt->u.action.u.addba_req)); 1173 1174 mgmt->u.action.category = WLAN_CATEGORY_BACK; 1175 mgmt->u.action.u.addba_req.action_code = WLAN_ACTION_ADDBA_REQ; 1176 1177 mgmt->u.action.u.addba_req.dialog_token = dialog_token; 1178 capab = (u16)(1 << 1); /* bit 1 aggregation policy */ 1179 capab |= (u16)(tid << 2); /* bit 5:2 TID number */ 1180 capab |= (u16)(agg_size << 6); /* bit 15:6 max size of aggergation */ 1181 1182 mgmt->u.action.u.addba_req.capab = cpu_to_le16(capab); 1183 1184 mgmt->u.action.u.addba_req.timeout = cpu_to_le16(timeout); 1185 mgmt->u.action.u.addba_req.start_seq_num = 1186 cpu_to_le16(start_seq_num << 4); 1187 1188 ieee80211_sta_tx(dev, skb, 0); 1189 } 1190 1191 static void ieee80211_sta_process_addba_request(struct net_device *dev, 1192 struct ieee80211_mgmt *mgmt, 1193 size_t len) 1194 { 1195 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 1196 struct ieee80211_hw *hw = &local->hw; 1197 struct ieee80211_conf *conf = &hw->conf; 1198 struct sta_info *sta; 1199 struct tid_ampdu_rx *tid_agg_rx; 1200 u16 capab, tid, timeout, ba_policy, buf_size, start_seq_num, status; 1201 u8 dialog_token; 1202 int ret = -EOPNOTSUPP; 1203 DECLARE_MAC_BUF(mac); 1204 1205 rcu_read_lock(); 1206 1207 sta = sta_info_get(local, mgmt->sa); 1208 if (!sta) { 1209 rcu_read_unlock(); 1210 return; 1211 } 1212 1213 /* extract session parameters from addba request frame */ 1214 dialog_token = mgmt->u.action.u.addba_req.dialog_token; 1215 timeout = le16_to_cpu(mgmt->u.action.u.addba_req.timeout); 1216 start_seq_num = 1217 le16_to_cpu(mgmt->u.action.u.addba_req.start_seq_num) >> 4; 1218 1219 capab = le16_to_cpu(mgmt->u.action.u.addba_req.capab); 1220 ba_policy = (capab & IEEE80211_ADDBA_PARAM_POLICY_MASK) >> 1; 1221 tid = (capab & IEEE80211_ADDBA_PARAM_TID_MASK) >> 2; 1222 buf_size = (capab & IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK) >> 6; 1223 1224 status = WLAN_STATUS_REQUEST_DECLINED; 1225 1226 /* sanity check for incoming parameters: 1227 * check if configuration can support the BA policy 1228 * and if buffer size does not exceeds max value */ 1229 if (((ba_policy != 1) 1230 && (!(conf->ht_conf.cap & IEEE80211_HT_CAP_DELAY_BA))) 1231 || (buf_size > IEEE80211_MAX_AMPDU_BUF)) { 1232 status = WLAN_STATUS_INVALID_QOS_PARAM; 1233 #ifdef CONFIG_MAC80211_HT_DEBUG 1234 if (net_ratelimit()) 1235 printk(KERN_DEBUG "AddBA Req with bad params from " 1236 "%s on tid %u. policy %d, buffer size %d\n", 1237 print_mac(mac, mgmt->sa), tid, ba_policy, 1238 buf_size); 1239 #endif /* CONFIG_MAC80211_HT_DEBUG */ 1240 goto end_no_lock; 1241 } 1242 /* determine default buffer size */ 1243 if (buf_size == 0) { 1244 struct ieee80211_supported_band *sband; 1245 1246 sband = local->hw.wiphy->bands[conf->channel->band]; 1247 buf_size = IEEE80211_MIN_AMPDU_BUF; 1248 buf_size = buf_size << sband->ht_info.ampdu_factor; 1249 } 1250 1251 1252 /* examine state machine */ 1253 spin_lock_bh(&sta->ampdu_mlme.ampdu_rx); 1254 1255 if (sta->ampdu_mlme.tid_state_rx[tid] != HT_AGG_STATE_IDLE) { 1256 #ifdef CONFIG_MAC80211_HT_DEBUG 1257 if (net_ratelimit()) 1258 printk(KERN_DEBUG "unexpected AddBA Req from " 1259 "%s on tid %u\n", 1260 print_mac(mac, mgmt->sa), tid); 1261 #endif /* CONFIG_MAC80211_HT_DEBUG */ 1262 goto end; 1263 } 1264 1265 /* prepare A-MPDU MLME for Rx aggregation */ 1266 sta->ampdu_mlme.tid_rx[tid] = 1267 kmalloc(sizeof(struct tid_ampdu_rx), GFP_ATOMIC); 1268 if (!sta->ampdu_mlme.tid_rx[tid]) { 1269 if (net_ratelimit()) 1270 printk(KERN_ERR "allocate rx mlme to tid %d failed\n", 1271 tid); 1272 goto end; 1273 } 1274 /* rx timer */ 1275 sta->ampdu_mlme.tid_rx[tid]->session_timer.function = 1276 sta_rx_agg_session_timer_expired; 1277 sta->ampdu_mlme.tid_rx[tid]->session_timer.data = 1278 (unsigned long)&sta->timer_to_tid[tid]; 1279 init_timer(&sta->ampdu_mlme.tid_rx[tid]->session_timer); 1280 1281 tid_agg_rx = sta->ampdu_mlme.tid_rx[tid]; 1282 1283 /* prepare reordering buffer */ 1284 tid_agg_rx->reorder_buf = 1285 kmalloc(buf_size * sizeof(struct sk_buf *), GFP_ATOMIC); 1286 if (!tid_agg_rx->reorder_buf) { 1287 if (net_ratelimit()) 1288 printk(KERN_ERR "can not allocate reordering buffer " 1289 "to tid %d\n", tid); 1290 kfree(sta->ampdu_mlme.tid_rx[tid]); 1291 goto end; 1292 } 1293 memset(tid_agg_rx->reorder_buf, 0, 1294 buf_size * sizeof(struct sk_buf *)); 1295 1296 if (local->ops->ampdu_action) 1297 ret = local->ops->ampdu_action(hw, IEEE80211_AMPDU_RX_START, 1298 sta->addr, tid, &start_seq_num); 1299 #ifdef CONFIG_MAC80211_HT_DEBUG 1300 printk(KERN_DEBUG "Rx A-MPDU request on tid %d result %d\n", tid, ret); 1301 #endif /* CONFIG_MAC80211_HT_DEBUG */ 1302 1303 if (ret) { 1304 kfree(tid_agg_rx->reorder_buf); 1305 kfree(tid_agg_rx); 1306 sta->ampdu_mlme.tid_rx[tid] = NULL; 1307 goto end; 1308 } 1309 1310 /* change state and send addba resp */ 1311 sta->ampdu_mlme.tid_state_rx[tid] = HT_AGG_STATE_OPERATIONAL; 1312 tid_agg_rx->dialog_token = dialog_token; 1313 tid_agg_rx->ssn = start_seq_num; 1314 tid_agg_rx->head_seq_num = start_seq_num; 1315 tid_agg_rx->buf_size = buf_size; 1316 tid_agg_rx->timeout = timeout; 1317 tid_agg_rx->stored_mpdu_num = 0; 1318 status = WLAN_STATUS_SUCCESS; 1319 end: 1320 spin_unlock_bh(&sta->ampdu_mlme.ampdu_rx); 1321 1322 end_no_lock: 1323 ieee80211_send_addba_resp(sta->sdata->dev, sta->addr, tid, 1324 dialog_token, status, 1, buf_size, timeout); 1325 rcu_read_unlock(); 1326 } 1327 1328 static void ieee80211_sta_process_addba_resp(struct net_device *dev, 1329 struct ieee80211_mgmt *mgmt, 1330 size_t len) 1331 { 1332 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 1333 struct ieee80211_hw *hw = &local->hw; 1334 struct sta_info *sta; 1335 u16 capab; 1336 u16 tid; 1337 u8 *state; 1338 1339 rcu_read_lock(); 1340 1341 sta = sta_info_get(local, mgmt->sa); 1342 if (!sta) { 1343 rcu_read_unlock(); 1344 return; 1345 } 1346 1347 capab = le16_to_cpu(mgmt->u.action.u.addba_resp.capab); 1348 tid = (capab & IEEE80211_ADDBA_PARAM_TID_MASK) >> 2; 1349 1350 state = &sta->ampdu_mlme.tid_state_tx[tid]; 1351 1352 spin_lock_bh(&sta->ampdu_mlme.ampdu_tx); 1353 1354 if (!(*state & HT_ADDBA_REQUESTED_MSK)) { 1355 spin_unlock_bh(&sta->ampdu_mlme.ampdu_tx); 1356 printk(KERN_DEBUG "state not HT_ADDBA_REQUESTED_MSK:" 1357 "%d\n", *state); 1358 goto addba_resp_exit; 1359 } 1360 1361 if (mgmt->u.action.u.addba_resp.dialog_token != 1362 sta->ampdu_mlme.tid_tx[tid]->dialog_token) { 1363 spin_unlock_bh(&sta->ampdu_mlme.ampdu_tx); 1364 #ifdef CONFIG_MAC80211_HT_DEBUG 1365 printk(KERN_DEBUG "wrong addBA response token, tid %d\n", tid); 1366 #endif /* CONFIG_MAC80211_HT_DEBUG */ 1367 goto addba_resp_exit; 1368 } 1369 1370 del_timer_sync(&sta->ampdu_mlme.tid_tx[tid]->addba_resp_timer); 1371 #ifdef CONFIG_MAC80211_HT_DEBUG 1372 printk(KERN_DEBUG "switched off addBA timer for tid %d \n", tid); 1373 #endif /* CONFIG_MAC80211_HT_DEBUG */ 1374 if (le16_to_cpu(mgmt->u.action.u.addba_resp.status) 1375 == WLAN_STATUS_SUCCESS) { 1376 if (*state & HT_ADDBA_RECEIVED_MSK) 1377 printk(KERN_DEBUG "double addBA response\n"); 1378 1379 *state |= HT_ADDBA_RECEIVED_MSK; 1380 sta->ampdu_mlme.addba_req_num[tid] = 0; 1381 1382 if (*state == HT_AGG_STATE_OPERATIONAL) { 1383 printk(KERN_DEBUG "Aggregation on for tid %d \n", tid); 1384 ieee80211_wake_queue(hw, sta->tid_to_tx_q[tid]); 1385 } 1386 1387 spin_unlock_bh(&sta->ampdu_mlme.ampdu_tx); 1388 printk(KERN_DEBUG "recipient accepted agg: tid %d \n", tid); 1389 } else { 1390 printk(KERN_DEBUG "recipient rejected agg: tid %d \n", tid); 1391 1392 sta->ampdu_mlme.addba_req_num[tid]++; 1393 /* this will allow the state check in stop_BA_session */ 1394 *state = HT_AGG_STATE_OPERATIONAL; 1395 spin_unlock_bh(&sta->ampdu_mlme.ampdu_tx); 1396 ieee80211_stop_tx_ba_session(hw, sta->addr, tid, 1397 WLAN_BACK_INITIATOR); 1398 } 1399 1400 addba_resp_exit: 1401 rcu_read_unlock(); 1402 } 1403 1404 void ieee80211_send_delba(struct net_device *dev, const u8 *da, u16 tid, 1405 u16 initiator, u16 reason_code) 1406 { 1407 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 1408 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1409 struct ieee80211_if_sta *ifsta = &sdata->u.sta; 1410 struct sk_buff *skb; 1411 struct ieee80211_mgmt *mgmt; 1412 u16 params; 1413 1414 skb = dev_alloc_skb(sizeof(*mgmt) + local->hw.extra_tx_headroom + 1 + 1415 sizeof(mgmt->u.action.u.delba)); 1416 1417 if (!skb) { 1418 printk(KERN_ERR "%s: failed to allocate buffer " 1419 "for delba frame\n", dev->name); 1420 return; 1421 } 1422 1423 skb_reserve(skb, local->hw.extra_tx_headroom); 1424 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24); 1425 memset(mgmt, 0, 24); 1426 memcpy(mgmt->da, da, ETH_ALEN); 1427 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN); 1428 if (sdata->vif.type == IEEE80211_IF_TYPE_AP) 1429 memcpy(mgmt->bssid, dev->dev_addr, ETH_ALEN); 1430 else 1431 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN); 1432 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT, 1433 IEEE80211_STYPE_ACTION); 1434 1435 skb_put(skb, 1 + sizeof(mgmt->u.action.u.delba)); 1436 1437 mgmt->u.action.category = WLAN_CATEGORY_BACK; 1438 mgmt->u.action.u.delba.action_code = WLAN_ACTION_DELBA; 1439 params = (u16)(initiator << 11); /* bit 11 initiator */ 1440 params |= (u16)(tid << 12); /* bit 15:12 TID number */ 1441 1442 mgmt->u.action.u.delba.params = cpu_to_le16(params); 1443 mgmt->u.action.u.delba.reason_code = cpu_to_le16(reason_code); 1444 1445 ieee80211_sta_tx(dev, skb, 0); 1446 } 1447 1448 void ieee80211_sta_stop_rx_ba_session(struct net_device *dev, u8 *ra, u16 tid, 1449 u16 initiator, u16 reason) 1450 { 1451 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 1452 struct ieee80211_hw *hw = &local->hw; 1453 struct sta_info *sta; 1454 int ret, i; 1455 DECLARE_MAC_BUF(mac); 1456 1457 rcu_read_lock(); 1458 1459 sta = sta_info_get(local, ra); 1460 if (!sta) { 1461 rcu_read_unlock(); 1462 return; 1463 } 1464 1465 /* check if TID is in operational state */ 1466 spin_lock_bh(&sta->ampdu_mlme.ampdu_rx); 1467 if (sta->ampdu_mlme.tid_state_rx[tid] 1468 != HT_AGG_STATE_OPERATIONAL) { 1469 spin_unlock_bh(&sta->ampdu_mlme.ampdu_rx); 1470 rcu_read_unlock(); 1471 return; 1472 } 1473 sta->ampdu_mlme.tid_state_rx[tid] = 1474 HT_AGG_STATE_REQ_STOP_BA_MSK | 1475 (initiator << HT_AGG_STATE_INITIATOR_SHIFT); 1476 spin_unlock_bh(&sta->ampdu_mlme.ampdu_rx); 1477 1478 /* stop HW Rx aggregation. ampdu_action existence 1479 * already verified in session init so we add the BUG_ON */ 1480 BUG_ON(!local->ops->ampdu_action); 1481 1482 #ifdef CONFIG_MAC80211_HT_DEBUG 1483 printk(KERN_DEBUG "Rx BA session stop requested for %s tid %u\n", 1484 print_mac(mac, ra), tid); 1485 #endif /* CONFIG_MAC80211_HT_DEBUG */ 1486 1487 ret = local->ops->ampdu_action(hw, IEEE80211_AMPDU_RX_STOP, 1488 ra, tid, NULL); 1489 if (ret) 1490 printk(KERN_DEBUG "HW problem - can not stop rx " 1491 "aggergation for tid %d\n", tid); 1492 1493 /* shutdown timer has not expired */ 1494 if (initiator != WLAN_BACK_TIMER) 1495 del_timer_sync(&sta->ampdu_mlme.tid_rx[tid]->session_timer); 1496 1497 /* check if this is a self generated aggregation halt */ 1498 if (initiator == WLAN_BACK_RECIPIENT || initiator == WLAN_BACK_TIMER) 1499 ieee80211_send_delba(dev, ra, tid, 0, reason); 1500 1501 /* free the reordering buffer */ 1502 for (i = 0; i < sta->ampdu_mlme.tid_rx[tid]->buf_size; i++) { 1503 if (sta->ampdu_mlme.tid_rx[tid]->reorder_buf[i]) { 1504 /* release the reordered frames */ 1505 dev_kfree_skb(sta->ampdu_mlme.tid_rx[tid]->reorder_buf[i]); 1506 sta->ampdu_mlme.tid_rx[tid]->stored_mpdu_num--; 1507 sta->ampdu_mlme.tid_rx[tid]->reorder_buf[i] = NULL; 1508 } 1509 } 1510 /* free resources */ 1511 kfree(sta->ampdu_mlme.tid_rx[tid]->reorder_buf); 1512 kfree(sta->ampdu_mlme.tid_rx[tid]); 1513 sta->ampdu_mlme.tid_rx[tid] = NULL; 1514 sta->ampdu_mlme.tid_state_rx[tid] = HT_AGG_STATE_IDLE; 1515 1516 rcu_read_unlock(); 1517 } 1518 1519 1520 static void ieee80211_sta_process_delba(struct net_device *dev, 1521 struct ieee80211_mgmt *mgmt, size_t len) 1522 { 1523 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 1524 struct sta_info *sta; 1525 u16 tid, params; 1526 u16 initiator; 1527 DECLARE_MAC_BUF(mac); 1528 1529 rcu_read_lock(); 1530 1531 sta = sta_info_get(local, mgmt->sa); 1532 if (!sta) { 1533 rcu_read_unlock(); 1534 return; 1535 } 1536 1537 params = le16_to_cpu(mgmt->u.action.u.delba.params); 1538 tid = (params & IEEE80211_DELBA_PARAM_TID_MASK) >> 12; 1539 initiator = (params & IEEE80211_DELBA_PARAM_INITIATOR_MASK) >> 11; 1540 1541 #ifdef CONFIG_MAC80211_HT_DEBUG 1542 if (net_ratelimit()) 1543 printk(KERN_DEBUG "delba from %s (%s) tid %d reason code %d\n", 1544 print_mac(mac, mgmt->sa), 1545 initiator ? "initiator" : "recipient", tid, 1546 mgmt->u.action.u.delba.reason_code); 1547 #endif /* CONFIG_MAC80211_HT_DEBUG */ 1548 1549 if (initiator == WLAN_BACK_INITIATOR) 1550 ieee80211_sta_stop_rx_ba_session(dev, sta->addr, tid, 1551 WLAN_BACK_INITIATOR, 0); 1552 else { /* WLAN_BACK_RECIPIENT */ 1553 spin_lock_bh(&sta->ampdu_mlme.ampdu_tx); 1554 sta->ampdu_mlme.tid_state_tx[tid] = 1555 HT_AGG_STATE_OPERATIONAL; 1556 spin_unlock_bh(&sta->ampdu_mlme.ampdu_tx); 1557 ieee80211_stop_tx_ba_session(&local->hw, sta->addr, tid, 1558 WLAN_BACK_RECIPIENT); 1559 } 1560 rcu_read_unlock(); 1561 } 1562 1563 /* 1564 * After sending add Block Ack request we activated a timer until 1565 * add Block Ack response will arrive from the recipient. 1566 * If this timer expires sta_addba_resp_timer_expired will be executed. 1567 */ 1568 void sta_addba_resp_timer_expired(unsigned long data) 1569 { 1570 /* not an elegant detour, but there is no choice as the timer passes 1571 * only one argument, and both sta_info and TID are needed, so init 1572 * flow in sta_info_create gives the TID as data, while the timer_to_id 1573 * array gives the sta through container_of */ 1574 u16 tid = *(int *)data; 1575 struct sta_info *temp_sta = container_of((void *)data, 1576 struct sta_info, timer_to_tid[tid]); 1577 1578 struct ieee80211_local *local = temp_sta->local; 1579 struct ieee80211_hw *hw = &local->hw; 1580 struct sta_info *sta; 1581 u8 *state; 1582 1583 rcu_read_lock(); 1584 1585 sta = sta_info_get(local, temp_sta->addr); 1586 if (!sta) { 1587 rcu_read_unlock(); 1588 return; 1589 } 1590 1591 state = &sta->ampdu_mlme.tid_state_tx[tid]; 1592 /* check if the TID waits for addBA response */ 1593 spin_lock_bh(&sta->ampdu_mlme.ampdu_tx); 1594 if (!(*state & HT_ADDBA_REQUESTED_MSK)) { 1595 spin_unlock_bh(&sta->ampdu_mlme.ampdu_tx); 1596 *state = HT_AGG_STATE_IDLE; 1597 printk(KERN_DEBUG "timer expired on tid %d but we are not " 1598 "expecting addBA response there", tid); 1599 goto timer_expired_exit; 1600 } 1601 1602 printk(KERN_DEBUG "addBA response timer expired on tid %d\n", tid); 1603 1604 /* go through the state check in stop_BA_session */ 1605 *state = HT_AGG_STATE_OPERATIONAL; 1606 spin_unlock_bh(&sta->ampdu_mlme.ampdu_tx); 1607 ieee80211_stop_tx_ba_session(hw, temp_sta->addr, tid, 1608 WLAN_BACK_INITIATOR); 1609 1610 timer_expired_exit: 1611 rcu_read_unlock(); 1612 } 1613 1614 /* 1615 * After accepting the AddBA Request we activated a timer, 1616 * resetting it after each frame that arrives from the originator. 1617 * if this timer expires ieee80211_sta_stop_rx_ba_session will be executed. 1618 */ 1619 void sta_rx_agg_session_timer_expired(unsigned long data) 1620 { 1621 /* not an elegant detour, but there is no choice as the timer passes 1622 * only one argument, and verious sta_info are needed here, so init 1623 * flow in sta_info_create gives the TID as data, while the timer_to_id 1624 * array gives the sta through container_of */ 1625 u8 *ptid = (u8 *)data; 1626 u8 *timer_to_id = ptid - *ptid; 1627 struct sta_info *sta = container_of(timer_to_id, struct sta_info, 1628 timer_to_tid[0]); 1629 1630 printk(KERN_DEBUG "rx session timer expired on tid %d\n", (u16)*ptid); 1631 ieee80211_sta_stop_rx_ba_session(sta->sdata->dev, sta->addr, 1632 (u16)*ptid, WLAN_BACK_TIMER, 1633 WLAN_REASON_QSTA_TIMEOUT); 1634 } 1635 1636 void ieee80211_sta_tear_down_BA_sessions(struct net_device *dev, u8 *addr) 1637 { 1638 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 1639 int i; 1640 1641 for (i = 0; i < STA_TID_NUM; i++) { 1642 ieee80211_stop_tx_ba_session(&local->hw, addr, i, 1643 WLAN_BACK_INITIATOR); 1644 ieee80211_sta_stop_rx_ba_session(dev, addr, i, 1645 WLAN_BACK_RECIPIENT, 1646 WLAN_REASON_QSTA_LEAVE_QBSS); 1647 } 1648 } 1649 1650 static void ieee80211_rx_mgmt_auth(struct net_device *dev, 1651 struct ieee80211_if_sta *ifsta, 1652 struct ieee80211_mgmt *mgmt, 1653 size_t len) 1654 { 1655 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1656 u16 auth_alg, auth_transaction, status_code; 1657 DECLARE_MAC_BUF(mac); 1658 1659 if (ifsta->state != IEEE80211_AUTHENTICATE && 1660 sdata->vif.type != IEEE80211_IF_TYPE_IBSS) { 1661 printk(KERN_DEBUG "%s: authentication frame received from " 1662 "%s, but not in authenticate state - ignored\n", 1663 dev->name, print_mac(mac, mgmt->sa)); 1664 return; 1665 } 1666 1667 if (len < 24 + 6) { 1668 printk(KERN_DEBUG "%s: too short (%zd) authentication frame " 1669 "received from %s - ignored\n", 1670 dev->name, len, print_mac(mac, mgmt->sa)); 1671 return; 1672 } 1673 1674 if (sdata->vif.type != IEEE80211_IF_TYPE_IBSS && 1675 memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN) != 0) { 1676 printk(KERN_DEBUG "%s: authentication frame received from " 1677 "unknown AP (SA=%s BSSID=%s) - " 1678 "ignored\n", dev->name, print_mac(mac, mgmt->sa), 1679 print_mac(mac, mgmt->bssid)); 1680 return; 1681 } 1682 1683 if (sdata->vif.type != IEEE80211_IF_TYPE_IBSS && 1684 memcmp(ifsta->bssid, mgmt->bssid, ETH_ALEN) != 0) { 1685 printk(KERN_DEBUG "%s: authentication frame received from " 1686 "unknown BSSID (SA=%s BSSID=%s) - " 1687 "ignored\n", dev->name, print_mac(mac, mgmt->sa), 1688 print_mac(mac, mgmt->bssid)); 1689 return; 1690 } 1691 1692 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg); 1693 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction); 1694 status_code = le16_to_cpu(mgmt->u.auth.status_code); 1695 1696 printk(KERN_DEBUG "%s: RX authentication from %s (alg=%d " 1697 "transaction=%d status=%d)\n", 1698 dev->name, print_mac(mac, mgmt->sa), auth_alg, 1699 auth_transaction, status_code); 1700 1701 if (sdata->vif.type == IEEE80211_IF_TYPE_IBSS) { 1702 /* IEEE 802.11 standard does not require authentication in IBSS 1703 * networks and most implementations do not seem to use it. 1704 * However, try to reply to authentication attempts if someone 1705 * has actually implemented this. 1706 * TODO: Could implement shared key authentication. */ 1707 if (auth_alg != WLAN_AUTH_OPEN || auth_transaction != 1) { 1708 printk(KERN_DEBUG "%s: unexpected IBSS authentication " 1709 "frame (alg=%d transaction=%d)\n", 1710 dev->name, auth_alg, auth_transaction); 1711 return; 1712 } 1713 ieee80211_send_auth(dev, ifsta, 2, NULL, 0, 0); 1714 } 1715 1716 if (auth_alg != ifsta->auth_alg || 1717 auth_transaction != ifsta->auth_transaction) { 1718 printk(KERN_DEBUG "%s: unexpected authentication frame " 1719 "(alg=%d transaction=%d)\n", 1720 dev->name, auth_alg, auth_transaction); 1721 return; 1722 } 1723 1724 if (status_code != WLAN_STATUS_SUCCESS) { 1725 printk(KERN_DEBUG "%s: AP denied authentication (auth_alg=%d " 1726 "code=%d)\n", dev->name, ifsta->auth_alg, status_code); 1727 if (status_code == WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG) { 1728 u8 algs[3]; 1729 const int num_algs = ARRAY_SIZE(algs); 1730 int i, pos; 1731 algs[0] = algs[1] = algs[2] = 0xff; 1732 if (ifsta->auth_algs & IEEE80211_AUTH_ALG_OPEN) 1733 algs[0] = WLAN_AUTH_OPEN; 1734 if (ifsta->auth_algs & IEEE80211_AUTH_ALG_SHARED_KEY) 1735 algs[1] = WLAN_AUTH_SHARED_KEY; 1736 if (ifsta->auth_algs & IEEE80211_AUTH_ALG_LEAP) 1737 algs[2] = WLAN_AUTH_LEAP; 1738 if (ifsta->auth_alg == WLAN_AUTH_OPEN) 1739 pos = 0; 1740 else if (ifsta->auth_alg == WLAN_AUTH_SHARED_KEY) 1741 pos = 1; 1742 else 1743 pos = 2; 1744 for (i = 0; i < num_algs; i++) { 1745 pos++; 1746 if (pos >= num_algs) 1747 pos = 0; 1748 if (algs[pos] == ifsta->auth_alg || 1749 algs[pos] == 0xff) 1750 continue; 1751 if (algs[pos] == WLAN_AUTH_SHARED_KEY && 1752 !ieee80211_sta_wep_configured(dev)) 1753 continue; 1754 ifsta->auth_alg = algs[pos]; 1755 printk(KERN_DEBUG "%s: set auth_alg=%d for " 1756 "next try\n", 1757 dev->name, ifsta->auth_alg); 1758 break; 1759 } 1760 } 1761 return; 1762 } 1763 1764 switch (ifsta->auth_alg) { 1765 case WLAN_AUTH_OPEN: 1766 case WLAN_AUTH_LEAP: 1767 ieee80211_auth_completed(dev, ifsta); 1768 break; 1769 case WLAN_AUTH_SHARED_KEY: 1770 if (ifsta->auth_transaction == 4) 1771 ieee80211_auth_completed(dev, ifsta); 1772 else 1773 ieee80211_auth_challenge(dev, ifsta, mgmt, len); 1774 break; 1775 } 1776 } 1777 1778 1779 static void ieee80211_rx_mgmt_deauth(struct net_device *dev, 1780 struct ieee80211_if_sta *ifsta, 1781 struct ieee80211_mgmt *mgmt, 1782 size_t len) 1783 { 1784 u16 reason_code; 1785 DECLARE_MAC_BUF(mac); 1786 1787 if (len < 24 + 2) { 1788 printk(KERN_DEBUG "%s: too short (%zd) deauthentication frame " 1789 "received from %s - ignored\n", 1790 dev->name, len, print_mac(mac, mgmt->sa)); 1791 return; 1792 } 1793 1794 if (memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN) != 0) { 1795 printk(KERN_DEBUG "%s: deauthentication frame received from " 1796 "unknown AP (SA=%s BSSID=%s) - " 1797 "ignored\n", dev->name, print_mac(mac, mgmt->sa), 1798 print_mac(mac, mgmt->bssid)); 1799 return; 1800 } 1801 1802 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code); 1803 1804 printk(KERN_DEBUG "%s: RX deauthentication from %s" 1805 " (reason=%d)\n", 1806 dev->name, print_mac(mac, mgmt->sa), reason_code); 1807 1808 if (ifsta->flags & IEEE80211_STA_AUTHENTICATED) { 1809 printk(KERN_DEBUG "%s: deauthenticated\n", dev->name); 1810 } 1811 1812 if (ifsta->state == IEEE80211_AUTHENTICATE || 1813 ifsta->state == IEEE80211_ASSOCIATE || 1814 ifsta->state == IEEE80211_ASSOCIATED) { 1815 ifsta->state = IEEE80211_AUTHENTICATE; 1816 mod_timer(&ifsta->timer, jiffies + 1817 IEEE80211_RETRY_AUTH_INTERVAL); 1818 } 1819 1820 ieee80211_set_disassoc(dev, ifsta, 1); 1821 ifsta->flags &= ~IEEE80211_STA_AUTHENTICATED; 1822 } 1823 1824 1825 static void ieee80211_rx_mgmt_disassoc(struct net_device *dev, 1826 struct ieee80211_if_sta *ifsta, 1827 struct ieee80211_mgmt *mgmt, 1828 size_t len) 1829 { 1830 u16 reason_code; 1831 DECLARE_MAC_BUF(mac); 1832 1833 if (len < 24 + 2) { 1834 printk(KERN_DEBUG "%s: too short (%zd) disassociation frame " 1835 "received from %s - ignored\n", 1836 dev->name, len, print_mac(mac, mgmt->sa)); 1837 return; 1838 } 1839 1840 if (memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN) != 0) { 1841 printk(KERN_DEBUG "%s: disassociation frame received from " 1842 "unknown AP (SA=%s BSSID=%s) - " 1843 "ignored\n", dev->name, print_mac(mac, mgmt->sa), 1844 print_mac(mac, mgmt->bssid)); 1845 return; 1846 } 1847 1848 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code); 1849 1850 printk(KERN_DEBUG "%s: RX disassociation from %s" 1851 " (reason=%d)\n", 1852 dev->name, print_mac(mac, mgmt->sa), reason_code); 1853 1854 if (ifsta->flags & IEEE80211_STA_ASSOCIATED) 1855 printk(KERN_DEBUG "%s: disassociated\n", dev->name); 1856 1857 if (ifsta->state == IEEE80211_ASSOCIATED) { 1858 ifsta->state = IEEE80211_ASSOCIATE; 1859 mod_timer(&ifsta->timer, jiffies + 1860 IEEE80211_RETRY_AUTH_INTERVAL); 1861 } 1862 1863 ieee80211_set_disassoc(dev, ifsta, 0); 1864 } 1865 1866 1867 static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata, 1868 struct ieee80211_if_sta *ifsta, 1869 struct ieee80211_mgmt *mgmt, 1870 size_t len, 1871 int reassoc) 1872 { 1873 struct ieee80211_local *local = sdata->local; 1874 struct net_device *dev = sdata->dev; 1875 struct ieee80211_supported_band *sband; 1876 struct sta_info *sta; 1877 u64 rates, basic_rates; 1878 u16 capab_info, status_code, aid; 1879 struct ieee802_11_elems elems; 1880 struct ieee80211_bss_conf *bss_conf = &sdata->bss_conf; 1881 u8 *pos; 1882 int i, j; 1883 DECLARE_MAC_BUF(mac); 1884 bool have_higher_than_11mbit = false; 1885 1886 /* AssocResp and ReassocResp have identical structure, so process both 1887 * of them in this function. */ 1888 1889 if (ifsta->state != IEEE80211_ASSOCIATE) { 1890 printk(KERN_DEBUG "%s: association frame received from " 1891 "%s, but not in associate state - ignored\n", 1892 dev->name, print_mac(mac, mgmt->sa)); 1893 return; 1894 } 1895 1896 if (len < 24 + 6) { 1897 printk(KERN_DEBUG "%s: too short (%zd) association frame " 1898 "received from %s - ignored\n", 1899 dev->name, len, print_mac(mac, mgmt->sa)); 1900 return; 1901 } 1902 1903 if (memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN) != 0) { 1904 printk(KERN_DEBUG "%s: association frame received from " 1905 "unknown AP (SA=%s BSSID=%s) - " 1906 "ignored\n", dev->name, print_mac(mac, mgmt->sa), 1907 print_mac(mac, mgmt->bssid)); 1908 return; 1909 } 1910 1911 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info); 1912 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code); 1913 aid = le16_to_cpu(mgmt->u.assoc_resp.aid); 1914 1915 printk(KERN_DEBUG "%s: RX %sssocResp from %s (capab=0x%x " 1916 "status=%d aid=%d)\n", 1917 dev->name, reassoc ? "Rea" : "A", print_mac(mac, mgmt->sa), 1918 capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14)))); 1919 1920 if (status_code != WLAN_STATUS_SUCCESS) { 1921 printk(KERN_DEBUG "%s: AP denied association (code=%d)\n", 1922 dev->name, status_code); 1923 /* if this was a reassociation, ensure we try a "full" 1924 * association next time. This works around some broken APs 1925 * which do not correctly reject reassociation requests. */ 1926 ifsta->flags &= ~IEEE80211_STA_PREV_BSSID_SET; 1927 return; 1928 } 1929 1930 if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14))) 1931 printk(KERN_DEBUG "%s: invalid aid value %d; bits 15:14 not " 1932 "set\n", dev->name, aid); 1933 aid &= ~(BIT(15) | BIT(14)); 1934 1935 pos = mgmt->u.assoc_resp.variable; 1936 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems); 1937 1938 if (!elems.supp_rates) { 1939 printk(KERN_DEBUG "%s: no SuppRates element in AssocResp\n", 1940 dev->name); 1941 return; 1942 } 1943 1944 printk(KERN_DEBUG "%s: associated\n", dev->name); 1945 ifsta->aid = aid; 1946 ifsta->ap_capab = capab_info; 1947 1948 kfree(ifsta->assocresp_ies); 1949 ifsta->assocresp_ies_len = len - (pos - (u8 *) mgmt); 1950 ifsta->assocresp_ies = kmalloc(ifsta->assocresp_ies_len, GFP_KERNEL); 1951 if (ifsta->assocresp_ies) 1952 memcpy(ifsta->assocresp_ies, pos, ifsta->assocresp_ies_len); 1953 1954 rcu_read_lock(); 1955 1956 /* Add STA entry for the AP */ 1957 sta = sta_info_get(local, ifsta->bssid); 1958 if (!sta) { 1959 struct ieee80211_sta_bss *bss; 1960 int err; 1961 1962 sta = sta_info_alloc(sdata, ifsta->bssid, GFP_ATOMIC); 1963 if (!sta) { 1964 printk(KERN_DEBUG "%s: failed to alloc STA entry for" 1965 " the AP\n", dev->name); 1966 rcu_read_unlock(); 1967 return; 1968 } 1969 bss = ieee80211_rx_bss_get(dev, ifsta->bssid, 1970 local->hw.conf.channel->center_freq, 1971 ifsta->ssid, ifsta->ssid_len); 1972 if (bss) { 1973 sta->last_rssi = bss->rssi; 1974 sta->last_signal = bss->signal; 1975 sta->last_noise = bss->noise; 1976 ieee80211_rx_bss_put(dev, bss); 1977 } 1978 1979 err = sta_info_insert(sta); 1980 if (err) { 1981 printk(KERN_DEBUG "%s: failed to insert STA entry for" 1982 " the AP (error %d)\n", dev->name, err); 1983 rcu_read_unlock(); 1984 return; 1985 } 1986 } 1987 1988 /* 1989 * FIXME: Do we really need to update the sta_info's information here? 1990 * We already know about the AP (we found it in our list) so it 1991 * should already be filled with the right info, no? 1992 * As is stands, all this is racy because typically we assume 1993 * the information that is filled in here (except flags) doesn't 1994 * change while a STA structure is alive. As such, it should move 1995 * to between the sta_info_alloc() and sta_info_insert() above. 1996 */ 1997 1998 sta->flags |= WLAN_STA_AUTH | WLAN_STA_ASSOC | WLAN_STA_ASSOC_AP | 1999 WLAN_STA_AUTHORIZED; 2000 2001 rates = 0; 2002 basic_rates = 0; 2003 sband = local->hw.wiphy->bands[local->hw.conf.channel->band]; 2004 2005 for (i = 0; i < elems.supp_rates_len; i++) { 2006 int rate = (elems.supp_rates[i] & 0x7f) * 5; 2007 2008 if (rate > 110) 2009 have_higher_than_11mbit = true; 2010 2011 for (j = 0; j < sband->n_bitrates; j++) { 2012 if (sband->bitrates[j].bitrate == rate) 2013 rates |= BIT(j); 2014 if (elems.supp_rates[i] & 0x80) 2015 basic_rates |= BIT(j); 2016 } 2017 } 2018 2019 for (i = 0; i < elems.ext_supp_rates_len; i++) { 2020 int rate = (elems.ext_supp_rates[i] & 0x7f) * 5; 2021 2022 if (rate > 110) 2023 have_higher_than_11mbit = true; 2024 2025 for (j = 0; j < sband->n_bitrates; j++) { 2026 if (sband->bitrates[j].bitrate == rate) 2027 rates |= BIT(j); 2028 if (elems.ext_supp_rates[i] & 0x80) 2029 basic_rates |= BIT(j); 2030 } 2031 } 2032 2033 sta->supp_rates[local->hw.conf.channel->band] = rates; 2034 sdata->basic_rates = basic_rates; 2035 2036 /* cf. IEEE 802.11 9.2.12 */ 2037 if (local->hw.conf.channel->band == IEEE80211_BAND_2GHZ && 2038 have_higher_than_11mbit) 2039 sdata->flags |= IEEE80211_SDATA_OPERATING_GMODE; 2040 else 2041 sdata->flags &= ~IEEE80211_SDATA_OPERATING_GMODE; 2042 2043 if (elems.ht_cap_elem && elems.ht_info_elem && elems.wmm_param) { 2044 struct ieee80211_ht_bss_info bss_info; 2045 ieee80211_ht_cap_ie_to_ht_info( 2046 (struct ieee80211_ht_cap *) 2047 elems.ht_cap_elem, &sta->ht_info); 2048 ieee80211_ht_addt_info_ie_to_ht_bss_info( 2049 (struct ieee80211_ht_addt_info *) 2050 elems.ht_info_elem, &bss_info); 2051 ieee80211_handle_ht(local, 1, &sta->ht_info, &bss_info); 2052 } 2053 2054 rate_control_rate_init(sta, local); 2055 2056 if (elems.wmm_param && (ifsta->flags & IEEE80211_STA_WMM_ENABLED)) { 2057 sta->flags |= WLAN_STA_WME; 2058 rcu_read_unlock(); 2059 ieee80211_sta_wmm_params(dev, ifsta, elems.wmm_param, 2060 elems.wmm_param_len); 2061 } else 2062 rcu_read_unlock(); 2063 2064 /* set AID and assoc capability, 2065 * ieee80211_set_associated() will tell the driver */ 2066 bss_conf->aid = aid; 2067 bss_conf->assoc_capability = capab_info; 2068 ieee80211_set_associated(dev, ifsta, 1); 2069 2070 ieee80211_associated(dev, ifsta); 2071 } 2072 2073 2074 /* Caller must hold local->sta_bss_lock */ 2075 static void __ieee80211_rx_bss_hash_add(struct net_device *dev, 2076 struct ieee80211_sta_bss *bss) 2077 { 2078 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 2079 u8 hash_idx; 2080 2081 if (bss_mesh_cfg(bss)) 2082 hash_idx = mesh_id_hash(bss_mesh_id(bss), 2083 bss_mesh_id_len(bss)); 2084 else 2085 hash_idx = STA_HASH(bss->bssid); 2086 2087 bss->hnext = local->sta_bss_hash[hash_idx]; 2088 local->sta_bss_hash[hash_idx] = bss; 2089 } 2090 2091 2092 /* Caller must hold local->sta_bss_lock */ 2093 static void __ieee80211_rx_bss_hash_del(struct net_device *dev, 2094 struct ieee80211_sta_bss *bss) 2095 { 2096 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 2097 struct ieee80211_sta_bss *b, *prev = NULL; 2098 b = local->sta_bss_hash[STA_HASH(bss->bssid)]; 2099 while (b) { 2100 if (b == bss) { 2101 if (!prev) 2102 local->sta_bss_hash[STA_HASH(bss->bssid)] = 2103 bss->hnext; 2104 else 2105 prev->hnext = bss->hnext; 2106 break; 2107 } 2108 prev = b; 2109 b = b->hnext; 2110 } 2111 } 2112 2113 2114 static struct ieee80211_sta_bss * 2115 ieee80211_rx_bss_add(struct net_device *dev, u8 *bssid, int freq, 2116 u8 *ssid, u8 ssid_len) 2117 { 2118 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 2119 struct ieee80211_sta_bss *bss; 2120 2121 bss = kzalloc(sizeof(*bss), GFP_ATOMIC); 2122 if (!bss) 2123 return NULL; 2124 atomic_inc(&bss->users); 2125 atomic_inc(&bss->users); 2126 memcpy(bss->bssid, bssid, ETH_ALEN); 2127 bss->freq = freq; 2128 if (ssid && ssid_len <= IEEE80211_MAX_SSID_LEN) { 2129 memcpy(bss->ssid, ssid, ssid_len); 2130 bss->ssid_len = ssid_len; 2131 } 2132 2133 spin_lock_bh(&local->sta_bss_lock); 2134 /* TODO: order by RSSI? */ 2135 list_add_tail(&bss->list, &local->sta_bss_list); 2136 __ieee80211_rx_bss_hash_add(dev, bss); 2137 spin_unlock_bh(&local->sta_bss_lock); 2138 return bss; 2139 } 2140 2141 static struct ieee80211_sta_bss * 2142 ieee80211_rx_bss_get(struct net_device *dev, u8 *bssid, int freq, 2143 u8 *ssid, u8 ssid_len) 2144 { 2145 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 2146 struct ieee80211_sta_bss *bss; 2147 2148 spin_lock_bh(&local->sta_bss_lock); 2149 bss = local->sta_bss_hash[STA_HASH(bssid)]; 2150 while (bss) { 2151 if (!bss_mesh_cfg(bss) && 2152 !memcmp(bss->bssid, bssid, ETH_ALEN) && 2153 bss->freq == freq && 2154 bss->ssid_len == ssid_len && 2155 (ssid_len == 0 || !memcmp(bss->ssid, ssid, ssid_len))) { 2156 atomic_inc(&bss->users); 2157 break; 2158 } 2159 bss = bss->hnext; 2160 } 2161 spin_unlock_bh(&local->sta_bss_lock); 2162 return bss; 2163 } 2164 2165 #ifdef CONFIG_MAC80211_MESH 2166 static struct ieee80211_sta_bss * 2167 ieee80211_rx_mesh_bss_get(struct net_device *dev, u8 *mesh_id, int mesh_id_len, 2168 u8 *mesh_cfg, int freq) 2169 { 2170 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 2171 struct ieee80211_sta_bss *bss; 2172 2173 spin_lock_bh(&local->sta_bss_lock); 2174 bss = local->sta_bss_hash[mesh_id_hash(mesh_id, mesh_id_len)]; 2175 while (bss) { 2176 if (bss_mesh_cfg(bss) && 2177 !memcmp(bss_mesh_cfg(bss), mesh_cfg, MESH_CFG_CMP_LEN) && 2178 bss->freq == freq && 2179 mesh_id_len == bss->mesh_id_len && 2180 (mesh_id_len == 0 || !memcmp(bss->mesh_id, mesh_id, 2181 mesh_id_len))) { 2182 atomic_inc(&bss->users); 2183 break; 2184 } 2185 bss = bss->hnext; 2186 } 2187 spin_unlock_bh(&local->sta_bss_lock); 2188 return bss; 2189 } 2190 2191 static struct ieee80211_sta_bss * 2192 ieee80211_rx_mesh_bss_add(struct net_device *dev, u8 *mesh_id, int mesh_id_len, 2193 u8 *mesh_cfg, int mesh_config_len, int freq) 2194 { 2195 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 2196 struct ieee80211_sta_bss *bss; 2197 2198 if (mesh_config_len != MESH_CFG_LEN) 2199 return NULL; 2200 2201 bss = kzalloc(sizeof(*bss), GFP_ATOMIC); 2202 if (!bss) 2203 return NULL; 2204 2205 bss->mesh_cfg = kmalloc(MESH_CFG_CMP_LEN, GFP_ATOMIC); 2206 if (!bss->mesh_cfg) { 2207 kfree(bss); 2208 return NULL; 2209 } 2210 2211 if (mesh_id_len && mesh_id_len <= IEEE80211_MAX_MESH_ID_LEN) { 2212 bss->mesh_id = kmalloc(mesh_id_len, GFP_ATOMIC); 2213 if (!bss->mesh_id) { 2214 kfree(bss->mesh_cfg); 2215 kfree(bss); 2216 return NULL; 2217 } 2218 memcpy(bss->mesh_id, mesh_id, mesh_id_len); 2219 } 2220 2221 atomic_inc(&bss->users); 2222 atomic_inc(&bss->users); 2223 memcpy(bss->mesh_cfg, mesh_cfg, MESH_CFG_CMP_LEN); 2224 bss->mesh_id_len = mesh_id_len; 2225 bss->freq = freq; 2226 spin_lock_bh(&local->sta_bss_lock); 2227 /* TODO: order by RSSI? */ 2228 list_add_tail(&bss->list, &local->sta_bss_list); 2229 __ieee80211_rx_bss_hash_add(dev, bss); 2230 spin_unlock_bh(&local->sta_bss_lock); 2231 return bss; 2232 } 2233 #endif 2234 2235 static void ieee80211_rx_bss_free(struct ieee80211_sta_bss *bss) 2236 { 2237 kfree(bss->wpa_ie); 2238 kfree(bss->rsn_ie); 2239 kfree(bss->wmm_ie); 2240 kfree(bss->ht_ie); 2241 kfree(bss_mesh_id(bss)); 2242 kfree(bss_mesh_cfg(bss)); 2243 kfree(bss); 2244 } 2245 2246 2247 static void ieee80211_rx_bss_put(struct net_device *dev, 2248 struct ieee80211_sta_bss *bss) 2249 { 2250 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 2251 if (!atomic_dec_and_test(&bss->users)) 2252 return; 2253 2254 spin_lock_bh(&local->sta_bss_lock); 2255 __ieee80211_rx_bss_hash_del(dev, bss); 2256 list_del(&bss->list); 2257 spin_unlock_bh(&local->sta_bss_lock); 2258 ieee80211_rx_bss_free(bss); 2259 } 2260 2261 2262 void ieee80211_rx_bss_list_init(struct net_device *dev) 2263 { 2264 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 2265 spin_lock_init(&local->sta_bss_lock); 2266 INIT_LIST_HEAD(&local->sta_bss_list); 2267 } 2268 2269 2270 void ieee80211_rx_bss_list_deinit(struct net_device *dev) 2271 { 2272 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 2273 struct ieee80211_sta_bss *bss, *tmp; 2274 2275 list_for_each_entry_safe(bss, tmp, &local->sta_bss_list, list) 2276 ieee80211_rx_bss_put(dev, bss); 2277 } 2278 2279 2280 static int ieee80211_sta_join_ibss(struct net_device *dev, 2281 struct ieee80211_if_sta *ifsta, 2282 struct ieee80211_sta_bss *bss) 2283 { 2284 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 2285 int res, rates, i, j; 2286 struct sk_buff *skb; 2287 struct ieee80211_mgmt *mgmt; 2288 struct ieee80211_tx_control control; 2289 struct rate_selection ratesel; 2290 u8 *pos; 2291 struct ieee80211_sub_if_data *sdata; 2292 struct ieee80211_supported_band *sband; 2293 2294 sband = local->hw.wiphy->bands[local->hw.conf.channel->band]; 2295 2296 sdata = IEEE80211_DEV_TO_SUB_IF(dev); 2297 2298 /* Remove possible STA entries from other IBSS networks. */ 2299 sta_info_flush_delayed(sdata); 2300 2301 if (local->ops->reset_tsf) { 2302 /* Reset own TSF to allow time synchronization work. */ 2303 local->ops->reset_tsf(local_to_hw(local)); 2304 } 2305 memcpy(ifsta->bssid, bss->bssid, ETH_ALEN); 2306 res = ieee80211_if_config(dev); 2307 if (res) 2308 return res; 2309 2310 local->hw.conf.beacon_int = bss->beacon_int >= 10 ? bss->beacon_int : 10; 2311 2312 sdata->drop_unencrypted = bss->capability & 2313 WLAN_CAPABILITY_PRIVACY ? 1 : 0; 2314 2315 res = ieee80211_set_freq(local, bss->freq); 2316 2317 if (local->oper_channel->flags & IEEE80211_CHAN_NO_IBSS) { 2318 printk(KERN_DEBUG "%s: IBSS not allowed on frequency " 2319 "%d MHz\n", dev->name, local->oper_channel->center_freq); 2320 return -1; 2321 } 2322 2323 /* Set beacon template */ 2324 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 400); 2325 do { 2326 if (!skb) 2327 break; 2328 2329 skb_reserve(skb, local->hw.extra_tx_headroom); 2330 2331 mgmt = (struct ieee80211_mgmt *) 2332 skb_put(skb, 24 + sizeof(mgmt->u.beacon)); 2333 memset(mgmt, 0, 24 + sizeof(mgmt->u.beacon)); 2334 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT, 2335 IEEE80211_STYPE_BEACON); 2336 memset(mgmt->da, 0xff, ETH_ALEN); 2337 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN); 2338 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN); 2339 mgmt->u.beacon.beacon_int = 2340 cpu_to_le16(local->hw.conf.beacon_int); 2341 mgmt->u.beacon.capab_info = cpu_to_le16(bss->capability); 2342 2343 pos = skb_put(skb, 2 + ifsta->ssid_len); 2344 *pos++ = WLAN_EID_SSID; 2345 *pos++ = ifsta->ssid_len; 2346 memcpy(pos, ifsta->ssid, ifsta->ssid_len); 2347 2348 rates = bss->supp_rates_len; 2349 if (rates > 8) 2350 rates = 8; 2351 pos = skb_put(skb, 2 + rates); 2352 *pos++ = WLAN_EID_SUPP_RATES; 2353 *pos++ = rates; 2354 memcpy(pos, bss->supp_rates, rates); 2355 2356 if (bss->band == IEEE80211_BAND_2GHZ) { 2357 pos = skb_put(skb, 2 + 1); 2358 *pos++ = WLAN_EID_DS_PARAMS; 2359 *pos++ = 1; 2360 *pos++ = ieee80211_frequency_to_channel(bss->freq); 2361 } 2362 2363 pos = skb_put(skb, 2 + 2); 2364 *pos++ = WLAN_EID_IBSS_PARAMS; 2365 *pos++ = 2; 2366 /* FIX: set ATIM window based on scan results */ 2367 *pos++ = 0; 2368 *pos++ = 0; 2369 2370 if (bss->supp_rates_len > 8) { 2371 rates = bss->supp_rates_len - 8; 2372 pos = skb_put(skb, 2 + rates); 2373 *pos++ = WLAN_EID_EXT_SUPP_RATES; 2374 *pos++ = rates; 2375 memcpy(pos, &bss->supp_rates[8], rates); 2376 } 2377 2378 memset(&control, 0, sizeof(control)); 2379 rate_control_get_rate(dev, sband, skb, &ratesel); 2380 if (!ratesel.rate) { 2381 printk(KERN_DEBUG "%s: Failed to determine TX rate " 2382 "for IBSS beacon\n", dev->name); 2383 break; 2384 } 2385 control.vif = &sdata->vif; 2386 control.tx_rate = ratesel.rate; 2387 if (sdata->bss_conf.use_short_preamble && 2388 ratesel.rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) 2389 control.flags |= IEEE80211_TXCTL_SHORT_PREAMBLE; 2390 control.antenna_sel_tx = local->hw.conf.antenna_sel_tx; 2391 control.flags |= IEEE80211_TXCTL_NO_ACK; 2392 control.retry_limit = 1; 2393 2394 ifsta->probe_resp = skb_copy(skb, GFP_ATOMIC); 2395 if (ifsta->probe_resp) { 2396 mgmt = (struct ieee80211_mgmt *) 2397 ifsta->probe_resp->data; 2398 mgmt->frame_control = 2399 IEEE80211_FC(IEEE80211_FTYPE_MGMT, 2400 IEEE80211_STYPE_PROBE_RESP); 2401 } else { 2402 printk(KERN_DEBUG "%s: Could not allocate ProbeResp " 2403 "template for IBSS\n", dev->name); 2404 } 2405 2406 if (local->ops->beacon_update && 2407 local->ops->beacon_update(local_to_hw(local), 2408 skb, &control) == 0) { 2409 printk(KERN_DEBUG "%s: Configured IBSS beacon " 2410 "template\n", dev->name); 2411 skb = NULL; 2412 } 2413 2414 rates = 0; 2415 sband = local->hw.wiphy->bands[local->hw.conf.channel->band]; 2416 for (i = 0; i < bss->supp_rates_len; i++) { 2417 int bitrate = (bss->supp_rates[i] & 0x7f) * 5; 2418 for (j = 0; j < sband->n_bitrates; j++) 2419 if (sband->bitrates[j].bitrate == bitrate) 2420 rates |= BIT(j); 2421 } 2422 ifsta->supp_rates_bits[local->hw.conf.channel->band] = rates; 2423 2424 ieee80211_sta_def_wmm_params(dev, bss, 1); 2425 } while (0); 2426 2427 if (skb) { 2428 printk(KERN_DEBUG "%s: Failed to configure IBSS beacon " 2429 "template\n", dev->name); 2430 dev_kfree_skb(skb); 2431 } 2432 2433 ifsta->state = IEEE80211_IBSS_JOINED; 2434 mod_timer(&ifsta->timer, jiffies + IEEE80211_IBSS_MERGE_INTERVAL); 2435 2436 ieee80211_rx_bss_put(dev, bss); 2437 2438 return res; 2439 } 2440 2441 u64 ieee80211_sta_get_rates(struct ieee80211_local *local, 2442 struct ieee802_11_elems *elems, 2443 enum ieee80211_band band) 2444 { 2445 struct ieee80211_supported_band *sband; 2446 struct ieee80211_rate *bitrates; 2447 size_t num_rates; 2448 u64 supp_rates; 2449 int i, j; 2450 sband = local->hw.wiphy->bands[band]; 2451 2452 if (!sband) { 2453 WARN_ON(1); 2454 sband = local->hw.wiphy->bands[local->hw.conf.channel->band]; 2455 } 2456 2457 bitrates = sband->bitrates; 2458 num_rates = sband->n_bitrates; 2459 supp_rates = 0; 2460 for (i = 0; i < elems->supp_rates_len + 2461 elems->ext_supp_rates_len; i++) { 2462 u8 rate = 0; 2463 int own_rate; 2464 if (i < elems->supp_rates_len) 2465 rate = elems->supp_rates[i]; 2466 else if (elems->ext_supp_rates) 2467 rate = elems->ext_supp_rates 2468 [i - elems->supp_rates_len]; 2469 own_rate = 5 * (rate & 0x7f); 2470 for (j = 0; j < num_rates; j++) 2471 if (bitrates[j].bitrate == own_rate) 2472 supp_rates |= BIT(j); 2473 } 2474 return supp_rates; 2475 } 2476 2477 2478 static void ieee80211_rx_bss_info(struct net_device *dev, 2479 struct ieee80211_mgmt *mgmt, 2480 size_t len, 2481 struct ieee80211_rx_status *rx_status, 2482 int beacon) 2483 { 2484 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 2485 struct ieee802_11_elems elems; 2486 size_t baselen; 2487 int freq, clen; 2488 struct ieee80211_sta_bss *bss; 2489 struct sta_info *sta; 2490 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 2491 u64 beacon_timestamp, rx_timestamp; 2492 struct ieee80211_channel *channel; 2493 DECLARE_MAC_BUF(mac); 2494 DECLARE_MAC_BUF(mac2); 2495 2496 if (!beacon && memcmp(mgmt->da, dev->dev_addr, ETH_ALEN)) 2497 return; /* ignore ProbeResp to foreign address */ 2498 2499 #if 0 2500 printk(KERN_DEBUG "%s: RX %s from %s to %s\n", 2501 dev->name, beacon ? "Beacon" : "Probe Response", 2502 print_mac(mac, mgmt->sa), print_mac(mac2, mgmt->da)); 2503 #endif 2504 2505 baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt; 2506 if (baselen > len) 2507 return; 2508 2509 beacon_timestamp = le64_to_cpu(mgmt->u.beacon.timestamp); 2510 ieee802_11_parse_elems(mgmt->u.beacon.variable, len - baselen, &elems); 2511 2512 if (ieee80211_vif_is_mesh(&sdata->vif) && elems.mesh_id && 2513 elems.mesh_config && mesh_matches_local(&elems, dev)) { 2514 u64 rates = ieee80211_sta_get_rates(local, &elems, 2515 rx_status->band); 2516 2517 mesh_neighbour_update(mgmt->sa, rates, dev, 2518 mesh_peer_accepts_plinks(&elems, dev)); 2519 } 2520 2521 rcu_read_lock(); 2522 2523 if (sdata->vif.type == IEEE80211_IF_TYPE_IBSS && elems.supp_rates && 2524 memcmp(mgmt->bssid, sdata->u.sta.bssid, ETH_ALEN) == 0 && 2525 (sta = sta_info_get(local, mgmt->sa))) { 2526 u64 prev_rates; 2527 u64 supp_rates = ieee80211_sta_get_rates(local, &elems, 2528 rx_status->band); 2529 2530 prev_rates = sta->supp_rates[rx_status->band]; 2531 sta->supp_rates[rx_status->band] &= supp_rates; 2532 if (sta->supp_rates[rx_status->band] == 0) { 2533 /* No matching rates - this should not really happen. 2534 * Make sure that at least one rate is marked 2535 * supported to avoid issues with TX rate ctrl. */ 2536 sta->supp_rates[rx_status->band] = 2537 sdata->u.sta.supp_rates_bits[rx_status->band]; 2538 } 2539 if (sta->supp_rates[rx_status->band] != prev_rates) { 2540 printk(KERN_DEBUG "%s: updated supp_rates set for " 2541 "%s based on beacon info (0x%llx & 0x%llx -> " 2542 "0x%llx)\n", 2543 dev->name, print_mac(mac, sta->addr), 2544 (unsigned long long) prev_rates, 2545 (unsigned long long) supp_rates, 2546 (unsigned long long) sta->supp_rates[rx_status->band]); 2547 } 2548 } 2549 2550 rcu_read_unlock(); 2551 2552 if (elems.ds_params && elems.ds_params_len == 1) 2553 freq = ieee80211_channel_to_frequency(elems.ds_params[0]); 2554 else 2555 freq = rx_status->freq; 2556 2557 channel = ieee80211_get_channel(local->hw.wiphy, freq); 2558 2559 if (!channel || channel->flags & IEEE80211_CHAN_DISABLED) 2560 return; 2561 2562 #ifdef CONFIG_MAC80211_MESH 2563 if (elems.mesh_config) 2564 bss = ieee80211_rx_mesh_bss_get(dev, elems.mesh_id, 2565 elems.mesh_id_len, elems.mesh_config, freq); 2566 else 2567 #endif 2568 bss = ieee80211_rx_bss_get(dev, mgmt->bssid, freq, 2569 elems.ssid, elems.ssid_len); 2570 if (!bss) { 2571 #ifdef CONFIG_MAC80211_MESH 2572 if (elems.mesh_config) 2573 bss = ieee80211_rx_mesh_bss_add(dev, elems.mesh_id, 2574 elems.mesh_id_len, elems.mesh_config, 2575 elems.mesh_config_len, freq); 2576 else 2577 #endif 2578 bss = ieee80211_rx_bss_add(dev, mgmt->bssid, freq, 2579 elems.ssid, elems.ssid_len); 2580 if (!bss) 2581 return; 2582 } else { 2583 #if 0 2584 /* TODO: order by RSSI? */ 2585 spin_lock_bh(&local->sta_bss_lock); 2586 list_move_tail(&bss->list, &local->sta_bss_list); 2587 spin_unlock_bh(&local->sta_bss_lock); 2588 #endif 2589 } 2590 2591 /* save the ERP value so that it is available at association time */ 2592 if (elems.erp_info && elems.erp_info_len >= 1) { 2593 bss->erp_value = elems.erp_info[0]; 2594 bss->has_erp_value = 1; 2595 } 2596 2597 if (elems.ht_cap_elem && 2598 (!bss->ht_ie || bss->ht_ie_len != elems.ht_cap_elem_len || 2599 memcmp(bss->ht_ie, elems.ht_cap_elem, elems.ht_cap_elem_len))) { 2600 kfree(bss->ht_ie); 2601 bss->ht_ie = kmalloc(elems.ht_cap_elem_len + 2, GFP_ATOMIC); 2602 if (bss->ht_ie) { 2603 memcpy(bss->ht_ie, elems.ht_cap_elem - 2, 2604 elems.ht_cap_elem_len + 2); 2605 bss->ht_ie_len = elems.ht_cap_elem_len + 2; 2606 } else 2607 bss->ht_ie_len = 0; 2608 } else if (!elems.ht_cap_elem && bss->ht_ie) { 2609 kfree(bss->ht_ie); 2610 bss->ht_ie = NULL; 2611 bss->ht_ie_len = 0; 2612 } 2613 2614 bss->beacon_int = le16_to_cpu(mgmt->u.beacon.beacon_int); 2615 bss->capability = le16_to_cpu(mgmt->u.beacon.capab_info); 2616 2617 bss->supp_rates_len = 0; 2618 if (elems.supp_rates) { 2619 clen = IEEE80211_MAX_SUPP_RATES - bss->supp_rates_len; 2620 if (clen > elems.supp_rates_len) 2621 clen = elems.supp_rates_len; 2622 memcpy(&bss->supp_rates[bss->supp_rates_len], elems.supp_rates, 2623 clen); 2624 bss->supp_rates_len += clen; 2625 } 2626 if (elems.ext_supp_rates) { 2627 clen = IEEE80211_MAX_SUPP_RATES - bss->supp_rates_len; 2628 if (clen > elems.ext_supp_rates_len) 2629 clen = elems.ext_supp_rates_len; 2630 memcpy(&bss->supp_rates[bss->supp_rates_len], 2631 elems.ext_supp_rates, clen); 2632 bss->supp_rates_len += clen; 2633 } 2634 2635 bss->band = rx_status->band; 2636 2637 bss->timestamp = beacon_timestamp; 2638 bss->last_update = jiffies; 2639 bss->rssi = rx_status->ssi; 2640 bss->signal = rx_status->signal; 2641 bss->noise = rx_status->noise; 2642 if (!beacon && !bss->probe_resp) 2643 bss->probe_resp = true; 2644 2645 /* 2646 * In STA mode, the remaining parameters should not be overridden 2647 * by beacons because they're not necessarily accurate there. 2648 */ 2649 if (sdata->vif.type != IEEE80211_IF_TYPE_IBSS && 2650 bss->probe_resp && beacon) { 2651 ieee80211_rx_bss_put(dev, bss); 2652 return; 2653 } 2654 2655 if (elems.wpa && 2656 (!bss->wpa_ie || bss->wpa_ie_len != elems.wpa_len || 2657 memcmp(bss->wpa_ie, elems.wpa, elems.wpa_len))) { 2658 kfree(bss->wpa_ie); 2659 bss->wpa_ie = kmalloc(elems.wpa_len + 2, GFP_ATOMIC); 2660 if (bss->wpa_ie) { 2661 memcpy(bss->wpa_ie, elems.wpa - 2, elems.wpa_len + 2); 2662 bss->wpa_ie_len = elems.wpa_len + 2; 2663 } else 2664 bss->wpa_ie_len = 0; 2665 } else if (!elems.wpa && bss->wpa_ie) { 2666 kfree(bss->wpa_ie); 2667 bss->wpa_ie = NULL; 2668 bss->wpa_ie_len = 0; 2669 } 2670 2671 if (elems.rsn && 2672 (!bss->rsn_ie || bss->rsn_ie_len != elems.rsn_len || 2673 memcmp(bss->rsn_ie, elems.rsn, elems.rsn_len))) { 2674 kfree(bss->rsn_ie); 2675 bss->rsn_ie = kmalloc(elems.rsn_len + 2, GFP_ATOMIC); 2676 if (bss->rsn_ie) { 2677 memcpy(bss->rsn_ie, elems.rsn - 2, elems.rsn_len + 2); 2678 bss->rsn_ie_len = elems.rsn_len + 2; 2679 } else 2680 bss->rsn_ie_len = 0; 2681 } else if (!elems.rsn && bss->rsn_ie) { 2682 kfree(bss->rsn_ie); 2683 bss->rsn_ie = NULL; 2684 bss->rsn_ie_len = 0; 2685 } 2686 2687 /* 2688 * Cf. 2689 * http://www.wipo.int/pctdb/en/wo.jsp?wo=2007047181&IA=WO2007047181&DISPLAY=DESC 2690 * 2691 * quoting: 2692 * 2693 * In particular, "Wi-Fi CERTIFIED for WMM - Support for Multimedia 2694 * Applications with Quality of Service in Wi-Fi Networks," Wi- Fi 2695 * Alliance (September 1, 2004) is incorporated by reference herein. 2696 * The inclusion of the WMM Parameters in probe responses and 2697 * association responses is mandatory for WMM enabled networks. The 2698 * inclusion of the WMM Parameters in beacons, however, is optional. 2699 */ 2700 2701 if (elems.wmm_param && 2702 (!bss->wmm_ie || bss->wmm_ie_len != elems.wmm_param_len || 2703 memcmp(bss->wmm_ie, elems.wmm_param, elems.wmm_param_len))) { 2704 kfree(bss->wmm_ie); 2705 bss->wmm_ie = kmalloc(elems.wmm_param_len + 2, GFP_ATOMIC); 2706 if (bss->wmm_ie) { 2707 memcpy(bss->wmm_ie, elems.wmm_param - 2, 2708 elems.wmm_param_len + 2); 2709 bss->wmm_ie_len = elems.wmm_param_len + 2; 2710 } else 2711 bss->wmm_ie_len = 0; 2712 } else if (!elems.wmm_param && bss->wmm_ie) { 2713 kfree(bss->wmm_ie); 2714 bss->wmm_ie = NULL; 2715 bss->wmm_ie_len = 0; 2716 } 2717 2718 /* check if we need to merge IBSS */ 2719 if (sdata->vif.type == IEEE80211_IF_TYPE_IBSS && beacon && 2720 !local->sta_sw_scanning && !local->sta_hw_scanning && 2721 bss->capability & WLAN_CAPABILITY_IBSS && 2722 bss->freq == local->oper_channel->center_freq && 2723 elems.ssid_len == sdata->u.sta.ssid_len && 2724 memcmp(elems.ssid, sdata->u.sta.ssid, sdata->u.sta.ssid_len) == 0) { 2725 if (rx_status->flag & RX_FLAG_TSFT) { 2726 /* in order for correct IBSS merging we need mactime 2727 * 2728 * since mactime is defined as the time the first data 2729 * symbol of the frame hits the PHY, and the timestamp 2730 * of the beacon is defined as "the time that the data 2731 * symbol containing the first bit of the timestamp is 2732 * transmitted to the PHY plus the transmitting STA’s 2733 * delays through its local PHY from the MAC-PHY 2734 * interface to its interface with the WM" 2735 * (802.11 11.1.2) - equals the time this bit arrives at 2736 * the receiver - we have to take into account the 2737 * offset between the two. 2738 * e.g: at 1 MBit that means mactime is 192 usec earlier 2739 * (=24 bytes * 8 usecs/byte) than the beacon timestamp. 2740 */ 2741 int rate = local->hw.wiphy->bands[rx_status->band]-> 2742 bitrates[rx_status->rate_idx].bitrate; 2743 rx_timestamp = rx_status->mactime + (24 * 8 * 10 / rate); 2744 } else if (local && local->ops && local->ops->get_tsf) 2745 /* second best option: get current TSF */ 2746 rx_timestamp = local->ops->get_tsf(local_to_hw(local)); 2747 else 2748 /* can't merge without knowing the TSF */ 2749 rx_timestamp = -1LLU; 2750 #ifdef CONFIG_MAC80211_IBSS_DEBUG 2751 printk(KERN_DEBUG "RX beacon SA=%s BSSID=" 2752 "%s TSF=0x%llx BCN=0x%llx diff=%lld @%lu\n", 2753 print_mac(mac, mgmt->sa), 2754 print_mac(mac2, mgmt->bssid), 2755 (unsigned long long)rx_timestamp, 2756 (unsigned long long)beacon_timestamp, 2757 (unsigned long long)(rx_timestamp - beacon_timestamp), 2758 jiffies); 2759 #endif /* CONFIG_MAC80211_IBSS_DEBUG */ 2760 if (beacon_timestamp > rx_timestamp) { 2761 #ifndef CONFIG_MAC80211_IBSS_DEBUG 2762 if (net_ratelimit()) 2763 #endif 2764 printk(KERN_DEBUG "%s: beacon TSF higher than " 2765 "local TSF - IBSS merge with BSSID %s\n", 2766 dev->name, print_mac(mac, mgmt->bssid)); 2767 ieee80211_sta_join_ibss(dev, &sdata->u.sta, bss); 2768 ieee80211_ibss_add_sta(dev, NULL, 2769 mgmt->bssid, mgmt->sa); 2770 } 2771 } 2772 2773 ieee80211_rx_bss_put(dev, bss); 2774 } 2775 2776 2777 static void ieee80211_rx_mgmt_probe_resp(struct net_device *dev, 2778 struct ieee80211_mgmt *mgmt, 2779 size_t len, 2780 struct ieee80211_rx_status *rx_status) 2781 { 2782 ieee80211_rx_bss_info(dev, mgmt, len, rx_status, 0); 2783 } 2784 2785 2786 static void ieee80211_rx_mgmt_beacon(struct net_device *dev, 2787 struct ieee80211_mgmt *mgmt, 2788 size_t len, 2789 struct ieee80211_rx_status *rx_status) 2790 { 2791 struct ieee80211_sub_if_data *sdata; 2792 struct ieee80211_if_sta *ifsta; 2793 size_t baselen; 2794 struct ieee802_11_elems elems; 2795 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 2796 struct ieee80211_conf *conf = &local->hw.conf; 2797 u32 changed = 0; 2798 2799 ieee80211_rx_bss_info(dev, mgmt, len, rx_status, 1); 2800 2801 sdata = IEEE80211_DEV_TO_SUB_IF(dev); 2802 if (sdata->vif.type != IEEE80211_IF_TYPE_STA) 2803 return; 2804 ifsta = &sdata->u.sta; 2805 2806 if (!(ifsta->flags & IEEE80211_STA_ASSOCIATED) || 2807 memcmp(ifsta->bssid, mgmt->bssid, ETH_ALEN) != 0) 2808 return; 2809 2810 /* Process beacon from the current BSS */ 2811 baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt; 2812 if (baselen > len) 2813 return; 2814 2815 ieee802_11_parse_elems(mgmt->u.beacon.variable, len - baselen, &elems); 2816 2817 if (elems.wmm_param && (ifsta->flags & IEEE80211_STA_WMM_ENABLED)) { 2818 ieee80211_sta_wmm_params(dev, ifsta, elems.wmm_param, 2819 elems.wmm_param_len); 2820 } 2821 2822 /* Do not send changes to driver if we are scanning. This removes 2823 * requirement that driver's bss_info_changed function needs to be 2824 * atomic. */ 2825 if (local->sta_sw_scanning || local->sta_hw_scanning) 2826 return; 2827 2828 if (elems.erp_info && elems.erp_info_len >= 1) 2829 changed |= ieee80211_handle_erp_ie(sdata, elems.erp_info[0]); 2830 else { 2831 u16 capab = le16_to_cpu(mgmt->u.beacon.capab_info); 2832 changed |= ieee80211_handle_protect_preamb(sdata, false, 2833 (capab & WLAN_CAPABILITY_SHORT_PREAMBLE) != 0); 2834 } 2835 2836 if (elems.ht_cap_elem && elems.ht_info_elem && 2837 elems.wmm_param && conf->flags & IEEE80211_CONF_SUPPORT_HT_MODE) { 2838 struct ieee80211_ht_bss_info bss_info; 2839 2840 ieee80211_ht_addt_info_ie_to_ht_bss_info( 2841 (struct ieee80211_ht_addt_info *) 2842 elems.ht_info_elem, &bss_info); 2843 changed |= ieee80211_handle_ht(local, 1, &conf->ht_conf, 2844 &bss_info); 2845 } 2846 2847 ieee80211_bss_info_change_notify(sdata, changed); 2848 } 2849 2850 2851 static void ieee80211_rx_mgmt_probe_req(struct net_device *dev, 2852 struct ieee80211_if_sta *ifsta, 2853 struct ieee80211_mgmt *mgmt, 2854 size_t len, 2855 struct ieee80211_rx_status *rx_status) 2856 { 2857 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 2858 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 2859 int tx_last_beacon; 2860 struct sk_buff *skb; 2861 struct ieee80211_mgmt *resp; 2862 u8 *pos, *end; 2863 DECLARE_MAC_BUF(mac); 2864 #ifdef CONFIG_MAC80211_IBSS_DEBUG 2865 DECLARE_MAC_BUF(mac2); 2866 DECLARE_MAC_BUF(mac3); 2867 #endif 2868 2869 if (sdata->vif.type != IEEE80211_IF_TYPE_IBSS || 2870 ifsta->state != IEEE80211_IBSS_JOINED || 2871 len < 24 + 2 || !ifsta->probe_resp) 2872 return; 2873 2874 if (local->ops->tx_last_beacon) 2875 tx_last_beacon = local->ops->tx_last_beacon(local_to_hw(local)); 2876 else 2877 tx_last_beacon = 1; 2878 2879 #ifdef CONFIG_MAC80211_IBSS_DEBUG 2880 printk(KERN_DEBUG "%s: RX ProbeReq SA=%s DA=%s BSSID=" 2881 "%s (tx_last_beacon=%d)\n", 2882 dev->name, print_mac(mac, mgmt->sa), print_mac(mac2, mgmt->da), 2883 print_mac(mac3, mgmt->bssid), tx_last_beacon); 2884 #endif /* CONFIG_MAC80211_IBSS_DEBUG */ 2885 2886 if (!tx_last_beacon) 2887 return; 2888 2889 if (memcmp(mgmt->bssid, ifsta->bssid, ETH_ALEN) != 0 && 2890 memcmp(mgmt->bssid, "\xff\xff\xff\xff\xff\xff", ETH_ALEN) != 0) 2891 return; 2892 2893 end = ((u8 *) mgmt) + len; 2894 pos = mgmt->u.probe_req.variable; 2895 if (pos[0] != WLAN_EID_SSID || 2896 pos + 2 + pos[1] > end) { 2897 if (net_ratelimit()) { 2898 printk(KERN_DEBUG "%s: Invalid SSID IE in ProbeReq " 2899 "from %s\n", 2900 dev->name, print_mac(mac, mgmt->sa)); 2901 } 2902 return; 2903 } 2904 if (pos[1] != 0 && 2905 (pos[1] != ifsta->ssid_len || 2906 memcmp(pos + 2, ifsta->ssid, ifsta->ssid_len) != 0)) { 2907 /* Ignore ProbeReq for foreign SSID */ 2908 return; 2909 } 2910 2911 /* Reply with ProbeResp */ 2912 skb = skb_copy(ifsta->probe_resp, GFP_KERNEL); 2913 if (!skb) 2914 return; 2915 2916 resp = (struct ieee80211_mgmt *) skb->data; 2917 memcpy(resp->da, mgmt->sa, ETH_ALEN); 2918 #ifdef CONFIG_MAC80211_IBSS_DEBUG 2919 printk(KERN_DEBUG "%s: Sending ProbeResp to %s\n", 2920 dev->name, print_mac(mac, resp->da)); 2921 #endif /* CONFIG_MAC80211_IBSS_DEBUG */ 2922 ieee80211_sta_tx(dev, skb, 0); 2923 } 2924 2925 static void ieee80211_rx_mgmt_action(struct net_device *dev, 2926 struct ieee80211_if_sta *ifsta, 2927 struct ieee80211_mgmt *mgmt, 2928 size_t len, 2929 struct ieee80211_rx_status *rx_status) 2930 { 2931 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 2932 2933 if (len < IEEE80211_MIN_ACTION_SIZE) 2934 return; 2935 2936 switch (mgmt->u.action.category) { 2937 case WLAN_CATEGORY_BACK: 2938 switch (mgmt->u.action.u.addba_req.action_code) { 2939 case WLAN_ACTION_ADDBA_REQ: 2940 if (len < (IEEE80211_MIN_ACTION_SIZE + 2941 sizeof(mgmt->u.action.u.addba_req))) 2942 break; 2943 ieee80211_sta_process_addba_request(dev, mgmt, len); 2944 break; 2945 case WLAN_ACTION_ADDBA_RESP: 2946 if (len < (IEEE80211_MIN_ACTION_SIZE + 2947 sizeof(mgmt->u.action.u.addba_resp))) 2948 break; 2949 ieee80211_sta_process_addba_resp(dev, mgmt, len); 2950 break; 2951 case WLAN_ACTION_DELBA: 2952 if (len < (IEEE80211_MIN_ACTION_SIZE + 2953 sizeof(mgmt->u.action.u.delba))) 2954 break; 2955 ieee80211_sta_process_delba(dev, mgmt, len); 2956 break; 2957 default: 2958 if (net_ratelimit()) 2959 printk(KERN_DEBUG "%s: Rx unknown A-MPDU action\n", 2960 dev->name); 2961 break; 2962 } 2963 break; 2964 case PLINK_CATEGORY: 2965 if (ieee80211_vif_is_mesh(&sdata->vif)) 2966 mesh_rx_plink_frame(dev, mgmt, len, rx_status); 2967 break; 2968 case MESH_PATH_SEL_CATEGORY: 2969 if (ieee80211_vif_is_mesh(&sdata->vif)) 2970 mesh_rx_path_sel_frame(dev, mgmt, len); 2971 break; 2972 default: 2973 if (net_ratelimit()) 2974 printk(KERN_DEBUG "%s: Rx unknown action frame - " 2975 "category=%d\n", dev->name, mgmt->u.action.category); 2976 break; 2977 } 2978 } 2979 2980 void ieee80211_sta_rx_mgmt(struct net_device *dev, struct sk_buff *skb, 2981 struct ieee80211_rx_status *rx_status) 2982 { 2983 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 2984 struct ieee80211_sub_if_data *sdata; 2985 struct ieee80211_if_sta *ifsta; 2986 struct ieee80211_mgmt *mgmt; 2987 u16 fc; 2988 2989 if (skb->len < 24) 2990 goto fail; 2991 2992 sdata = IEEE80211_DEV_TO_SUB_IF(dev); 2993 ifsta = &sdata->u.sta; 2994 2995 mgmt = (struct ieee80211_mgmt *) skb->data; 2996 fc = le16_to_cpu(mgmt->frame_control); 2997 2998 switch (fc & IEEE80211_FCTL_STYPE) { 2999 case IEEE80211_STYPE_PROBE_REQ: 3000 case IEEE80211_STYPE_PROBE_RESP: 3001 case IEEE80211_STYPE_BEACON: 3002 case IEEE80211_STYPE_ACTION: 3003 memcpy(skb->cb, rx_status, sizeof(*rx_status)); 3004 case IEEE80211_STYPE_AUTH: 3005 case IEEE80211_STYPE_ASSOC_RESP: 3006 case IEEE80211_STYPE_REASSOC_RESP: 3007 case IEEE80211_STYPE_DEAUTH: 3008 case IEEE80211_STYPE_DISASSOC: 3009 skb_queue_tail(&ifsta->skb_queue, skb); 3010 queue_work(local->hw.workqueue, &ifsta->work); 3011 return; 3012 default: 3013 printk(KERN_DEBUG "%s: received unknown management frame - " 3014 "stype=%d\n", dev->name, 3015 (fc & IEEE80211_FCTL_STYPE) >> 4); 3016 break; 3017 } 3018 3019 fail: 3020 kfree_skb(skb); 3021 } 3022 3023 3024 static void ieee80211_sta_rx_queued_mgmt(struct net_device *dev, 3025 struct sk_buff *skb) 3026 { 3027 struct ieee80211_rx_status *rx_status; 3028 struct ieee80211_sub_if_data *sdata; 3029 struct ieee80211_if_sta *ifsta; 3030 struct ieee80211_mgmt *mgmt; 3031 u16 fc; 3032 3033 sdata = IEEE80211_DEV_TO_SUB_IF(dev); 3034 ifsta = &sdata->u.sta; 3035 3036 rx_status = (struct ieee80211_rx_status *) skb->cb; 3037 mgmt = (struct ieee80211_mgmt *) skb->data; 3038 fc = le16_to_cpu(mgmt->frame_control); 3039 3040 switch (fc & IEEE80211_FCTL_STYPE) { 3041 case IEEE80211_STYPE_PROBE_REQ: 3042 ieee80211_rx_mgmt_probe_req(dev, ifsta, mgmt, skb->len, 3043 rx_status); 3044 break; 3045 case IEEE80211_STYPE_PROBE_RESP: 3046 ieee80211_rx_mgmt_probe_resp(dev, mgmt, skb->len, rx_status); 3047 break; 3048 case IEEE80211_STYPE_BEACON: 3049 ieee80211_rx_mgmt_beacon(dev, mgmt, skb->len, rx_status); 3050 break; 3051 case IEEE80211_STYPE_AUTH: 3052 ieee80211_rx_mgmt_auth(dev, ifsta, mgmt, skb->len); 3053 break; 3054 case IEEE80211_STYPE_ASSOC_RESP: 3055 ieee80211_rx_mgmt_assoc_resp(sdata, ifsta, mgmt, skb->len, 0); 3056 break; 3057 case IEEE80211_STYPE_REASSOC_RESP: 3058 ieee80211_rx_mgmt_assoc_resp(sdata, ifsta, mgmt, skb->len, 1); 3059 break; 3060 case IEEE80211_STYPE_DEAUTH: 3061 ieee80211_rx_mgmt_deauth(dev, ifsta, mgmt, skb->len); 3062 break; 3063 case IEEE80211_STYPE_DISASSOC: 3064 ieee80211_rx_mgmt_disassoc(dev, ifsta, mgmt, skb->len); 3065 break; 3066 case IEEE80211_STYPE_ACTION: 3067 ieee80211_rx_mgmt_action(dev, ifsta, mgmt, skb->len, rx_status); 3068 break; 3069 } 3070 3071 kfree_skb(skb); 3072 } 3073 3074 3075 ieee80211_rx_result 3076 ieee80211_sta_rx_scan(struct net_device *dev, struct sk_buff *skb, 3077 struct ieee80211_rx_status *rx_status) 3078 { 3079 struct ieee80211_mgmt *mgmt; 3080 u16 fc; 3081 3082 if (skb->len < 2) 3083 return RX_DROP_UNUSABLE; 3084 3085 mgmt = (struct ieee80211_mgmt *) skb->data; 3086 fc = le16_to_cpu(mgmt->frame_control); 3087 3088 if ((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_CTL) 3089 return RX_CONTINUE; 3090 3091 if (skb->len < 24) 3092 return RX_DROP_MONITOR; 3093 3094 if ((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_MGMT) { 3095 if ((fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_PROBE_RESP) { 3096 ieee80211_rx_mgmt_probe_resp(dev, mgmt, 3097 skb->len, rx_status); 3098 dev_kfree_skb(skb); 3099 return RX_QUEUED; 3100 } else if ((fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_BEACON) { 3101 ieee80211_rx_mgmt_beacon(dev, mgmt, skb->len, 3102 rx_status); 3103 dev_kfree_skb(skb); 3104 return RX_QUEUED; 3105 } 3106 } 3107 return RX_CONTINUE; 3108 } 3109 3110 3111 static int ieee80211_sta_active_ibss(struct net_device *dev) 3112 { 3113 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 3114 int active = 0; 3115 struct sta_info *sta; 3116 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 3117 3118 rcu_read_lock(); 3119 3120 list_for_each_entry_rcu(sta, &local->sta_list, list) { 3121 if (sta->sdata == sdata && 3122 time_after(sta->last_rx + IEEE80211_IBSS_MERGE_INTERVAL, 3123 jiffies)) { 3124 active++; 3125 break; 3126 } 3127 } 3128 3129 rcu_read_unlock(); 3130 3131 return active; 3132 } 3133 3134 3135 static void ieee80211_sta_expire(struct net_device *dev, unsigned long exp_time) 3136 { 3137 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 3138 struct sta_info *sta, *tmp; 3139 LIST_HEAD(tmp_list); 3140 DECLARE_MAC_BUF(mac); 3141 unsigned long flags; 3142 3143 spin_lock_irqsave(&local->sta_lock, flags); 3144 list_for_each_entry_safe(sta, tmp, &local->sta_list, list) 3145 if (time_after(jiffies, sta->last_rx + exp_time)) { 3146 printk(KERN_DEBUG "%s: expiring inactive STA %s\n", 3147 dev->name, print_mac(mac, sta->addr)); 3148 __sta_info_unlink(&sta); 3149 if (sta) 3150 list_add(&sta->list, &tmp_list); 3151 } 3152 spin_unlock_irqrestore(&local->sta_lock, flags); 3153 3154 list_for_each_entry_safe(sta, tmp, &tmp_list, list) 3155 sta_info_destroy(sta); 3156 } 3157 3158 3159 static void ieee80211_sta_merge_ibss(struct net_device *dev, 3160 struct ieee80211_if_sta *ifsta) 3161 { 3162 mod_timer(&ifsta->timer, jiffies + IEEE80211_IBSS_MERGE_INTERVAL); 3163 3164 ieee80211_sta_expire(dev, IEEE80211_IBSS_INACTIVITY_LIMIT); 3165 if (ieee80211_sta_active_ibss(dev)) 3166 return; 3167 3168 printk(KERN_DEBUG "%s: No active IBSS STAs - trying to scan for other " 3169 "IBSS networks with same SSID (merge)\n", dev->name); 3170 ieee80211_sta_req_scan(dev, ifsta->ssid, ifsta->ssid_len); 3171 } 3172 3173 3174 #ifdef CONFIG_MAC80211_MESH 3175 static void ieee80211_mesh_housekeeping(struct net_device *dev, 3176 struct ieee80211_if_sta *ifsta) 3177 { 3178 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 3179 bool free_plinks; 3180 3181 ieee80211_sta_expire(dev, IEEE80211_MESH_PEER_INACTIVITY_LIMIT); 3182 mesh_path_expire(dev); 3183 3184 free_plinks = mesh_plink_availables(sdata); 3185 if (free_plinks != sdata->u.sta.accepting_plinks) 3186 ieee80211_if_config_beacon(dev); 3187 3188 mod_timer(&ifsta->timer, jiffies + 3189 IEEE80211_MESH_HOUSEKEEPING_INTERVAL); 3190 } 3191 3192 3193 void ieee80211_start_mesh(struct net_device *dev) 3194 { 3195 struct ieee80211_if_sta *ifsta; 3196 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 3197 ifsta = &sdata->u.sta; 3198 ifsta->state = IEEE80211_MESH_UP; 3199 ieee80211_sta_timer((unsigned long)sdata); 3200 } 3201 #endif 3202 3203 3204 void ieee80211_sta_timer(unsigned long data) 3205 { 3206 struct ieee80211_sub_if_data *sdata = 3207 (struct ieee80211_sub_if_data *) data; 3208 struct ieee80211_if_sta *ifsta = &sdata->u.sta; 3209 struct ieee80211_local *local = wdev_priv(&sdata->wdev); 3210 3211 set_bit(IEEE80211_STA_REQ_RUN, &ifsta->request); 3212 queue_work(local->hw.workqueue, &ifsta->work); 3213 } 3214 3215 void ieee80211_sta_work(struct work_struct *work) 3216 { 3217 struct ieee80211_sub_if_data *sdata = 3218 container_of(work, struct ieee80211_sub_if_data, u.sta.work); 3219 struct net_device *dev = sdata->dev; 3220 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 3221 struct ieee80211_if_sta *ifsta; 3222 struct sk_buff *skb; 3223 3224 if (!netif_running(dev)) 3225 return; 3226 3227 if (local->sta_sw_scanning || local->sta_hw_scanning) 3228 return; 3229 3230 if (sdata->vif.type != IEEE80211_IF_TYPE_STA && 3231 sdata->vif.type != IEEE80211_IF_TYPE_IBSS && 3232 sdata->vif.type != IEEE80211_IF_TYPE_MESH_POINT) { 3233 printk(KERN_DEBUG "%s: ieee80211_sta_work: non-STA interface " 3234 "(type=%d)\n", dev->name, sdata->vif.type); 3235 return; 3236 } 3237 ifsta = &sdata->u.sta; 3238 3239 while ((skb = skb_dequeue(&ifsta->skb_queue))) 3240 ieee80211_sta_rx_queued_mgmt(dev, skb); 3241 3242 #ifdef CONFIG_MAC80211_MESH 3243 if (ifsta->preq_queue_len && 3244 time_after(jiffies, 3245 ifsta->last_preq + msecs_to_jiffies(ifsta->mshcfg.dot11MeshHWMPpreqMinInterval))) 3246 mesh_path_start_discovery(dev); 3247 #endif 3248 3249 if (ifsta->state != IEEE80211_AUTHENTICATE && 3250 ifsta->state != IEEE80211_ASSOCIATE && 3251 test_and_clear_bit(IEEE80211_STA_REQ_SCAN, &ifsta->request)) { 3252 if (ifsta->scan_ssid_len) 3253 ieee80211_sta_start_scan(dev, ifsta->scan_ssid, ifsta->scan_ssid_len); 3254 else 3255 ieee80211_sta_start_scan(dev, NULL, 0); 3256 return; 3257 } 3258 3259 if (test_and_clear_bit(IEEE80211_STA_REQ_AUTH, &ifsta->request)) { 3260 if (ieee80211_sta_config_auth(dev, ifsta)) 3261 return; 3262 clear_bit(IEEE80211_STA_REQ_RUN, &ifsta->request); 3263 } else if (!test_and_clear_bit(IEEE80211_STA_REQ_RUN, &ifsta->request)) 3264 return; 3265 3266 switch (ifsta->state) { 3267 case IEEE80211_DISABLED: 3268 break; 3269 case IEEE80211_AUTHENTICATE: 3270 ieee80211_authenticate(dev, ifsta); 3271 break; 3272 case IEEE80211_ASSOCIATE: 3273 ieee80211_associate(dev, ifsta); 3274 break; 3275 case IEEE80211_ASSOCIATED: 3276 ieee80211_associated(dev, ifsta); 3277 break; 3278 case IEEE80211_IBSS_SEARCH: 3279 ieee80211_sta_find_ibss(dev, ifsta); 3280 break; 3281 case IEEE80211_IBSS_JOINED: 3282 ieee80211_sta_merge_ibss(dev, ifsta); 3283 break; 3284 #ifdef CONFIG_MAC80211_MESH 3285 case IEEE80211_MESH_UP: 3286 ieee80211_mesh_housekeeping(dev, ifsta); 3287 break; 3288 #endif 3289 default: 3290 printk(KERN_DEBUG "ieee80211_sta_work: Unknown state %d\n", 3291 ifsta->state); 3292 break; 3293 } 3294 3295 if (ieee80211_privacy_mismatch(dev, ifsta)) { 3296 printk(KERN_DEBUG "%s: privacy configuration mismatch and " 3297 "mixed-cell disabled - disassociate\n", dev->name); 3298 3299 ieee80211_send_disassoc(dev, ifsta, WLAN_REASON_UNSPECIFIED); 3300 ieee80211_set_disassoc(dev, ifsta, 0); 3301 } 3302 } 3303 3304 3305 static void ieee80211_sta_reset_auth(struct net_device *dev, 3306 struct ieee80211_if_sta *ifsta) 3307 { 3308 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 3309 3310 if (local->ops->reset_tsf) { 3311 /* Reset own TSF to allow time synchronization work. */ 3312 local->ops->reset_tsf(local_to_hw(local)); 3313 } 3314 3315 ifsta->wmm_last_param_set = -1; /* allow any WMM update */ 3316 3317 3318 if (ifsta->auth_algs & IEEE80211_AUTH_ALG_OPEN) 3319 ifsta->auth_alg = WLAN_AUTH_OPEN; 3320 else if (ifsta->auth_algs & IEEE80211_AUTH_ALG_SHARED_KEY) 3321 ifsta->auth_alg = WLAN_AUTH_SHARED_KEY; 3322 else if (ifsta->auth_algs & IEEE80211_AUTH_ALG_LEAP) 3323 ifsta->auth_alg = WLAN_AUTH_LEAP; 3324 else 3325 ifsta->auth_alg = WLAN_AUTH_OPEN; 3326 printk(KERN_DEBUG "%s: Initial auth_alg=%d\n", dev->name, 3327 ifsta->auth_alg); 3328 ifsta->auth_transaction = -1; 3329 ifsta->flags &= ~IEEE80211_STA_ASSOCIATED; 3330 ifsta->auth_tries = ifsta->assoc_tries = 0; 3331 netif_carrier_off(dev); 3332 } 3333 3334 3335 void ieee80211_sta_req_auth(struct net_device *dev, 3336 struct ieee80211_if_sta *ifsta) 3337 { 3338 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 3339 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 3340 3341 if (sdata->vif.type != IEEE80211_IF_TYPE_STA) 3342 return; 3343 3344 if ((ifsta->flags & (IEEE80211_STA_BSSID_SET | 3345 IEEE80211_STA_AUTO_BSSID_SEL)) && 3346 (ifsta->flags & (IEEE80211_STA_SSID_SET | 3347 IEEE80211_STA_AUTO_SSID_SEL))) { 3348 set_bit(IEEE80211_STA_REQ_AUTH, &ifsta->request); 3349 queue_work(local->hw.workqueue, &ifsta->work); 3350 } 3351 } 3352 3353 static int ieee80211_sta_match_ssid(struct ieee80211_if_sta *ifsta, 3354 const char *ssid, int ssid_len) 3355 { 3356 int tmp, hidden_ssid; 3357 3358 if (ssid_len == ifsta->ssid_len && 3359 !memcmp(ifsta->ssid, ssid, ssid_len)) 3360 return 1; 3361 3362 if (ifsta->flags & IEEE80211_STA_AUTO_BSSID_SEL) 3363 return 0; 3364 3365 hidden_ssid = 1; 3366 tmp = ssid_len; 3367 while (tmp--) { 3368 if (ssid[tmp] != '\0') { 3369 hidden_ssid = 0; 3370 break; 3371 } 3372 } 3373 3374 if (hidden_ssid && ifsta->ssid_len == ssid_len) 3375 return 1; 3376 3377 if (ssid_len == 1 && ssid[0] == ' ') 3378 return 1; 3379 3380 return 0; 3381 } 3382 3383 static int ieee80211_sta_config_auth(struct net_device *dev, 3384 struct ieee80211_if_sta *ifsta) 3385 { 3386 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 3387 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 3388 struct ieee80211_sta_bss *bss, *selected = NULL; 3389 int top_rssi = 0, freq; 3390 3391 if (!(ifsta->flags & (IEEE80211_STA_AUTO_SSID_SEL | 3392 IEEE80211_STA_AUTO_BSSID_SEL | IEEE80211_STA_AUTO_CHANNEL_SEL))) { 3393 ifsta->state = IEEE80211_AUTHENTICATE; 3394 ieee80211_sta_reset_auth(dev, ifsta); 3395 return 0; 3396 } 3397 3398 spin_lock_bh(&local->sta_bss_lock); 3399 freq = local->oper_channel->center_freq; 3400 list_for_each_entry(bss, &local->sta_bss_list, list) { 3401 if (!(bss->capability & WLAN_CAPABILITY_ESS)) 3402 continue; 3403 3404 if (!!(bss->capability & WLAN_CAPABILITY_PRIVACY) ^ 3405 !!sdata->default_key) 3406 continue; 3407 3408 if (!(ifsta->flags & IEEE80211_STA_AUTO_CHANNEL_SEL) && 3409 bss->freq != freq) 3410 continue; 3411 3412 if (!(ifsta->flags & IEEE80211_STA_AUTO_BSSID_SEL) && 3413 memcmp(bss->bssid, ifsta->bssid, ETH_ALEN)) 3414 continue; 3415 3416 if (!(ifsta->flags & IEEE80211_STA_AUTO_SSID_SEL) && 3417 !ieee80211_sta_match_ssid(ifsta, bss->ssid, bss->ssid_len)) 3418 continue; 3419 3420 if (!selected || top_rssi < bss->rssi) { 3421 selected = bss; 3422 top_rssi = bss->rssi; 3423 } 3424 } 3425 if (selected) 3426 atomic_inc(&selected->users); 3427 spin_unlock_bh(&local->sta_bss_lock); 3428 3429 if (selected) { 3430 ieee80211_set_freq(local, selected->freq); 3431 if (!(ifsta->flags & IEEE80211_STA_SSID_SET)) 3432 ieee80211_sta_set_ssid(dev, selected->ssid, 3433 selected->ssid_len); 3434 ieee80211_sta_set_bssid(dev, selected->bssid); 3435 ieee80211_sta_def_wmm_params(dev, selected, 0); 3436 ieee80211_rx_bss_put(dev, selected); 3437 ifsta->state = IEEE80211_AUTHENTICATE; 3438 ieee80211_sta_reset_auth(dev, ifsta); 3439 return 0; 3440 } else { 3441 if (ifsta->state != IEEE80211_AUTHENTICATE) { 3442 if (ifsta->flags & IEEE80211_STA_AUTO_SSID_SEL) 3443 ieee80211_sta_start_scan(dev, NULL, 0); 3444 else 3445 ieee80211_sta_start_scan(dev, ifsta->ssid, 3446 ifsta->ssid_len); 3447 ifsta->state = IEEE80211_AUTHENTICATE; 3448 set_bit(IEEE80211_STA_REQ_AUTH, &ifsta->request); 3449 } else 3450 ifsta->state = IEEE80211_DISABLED; 3451 } 3452 return -1; 3453 } 3454 3455 3456 static int ieee80211_sta_create_ibss(struct net_device *dev, 3457 struct ieee80211_if_sta *ifsta) 3458 { 3459 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 3460 struct ieee80211_sta_bss *bss; 3461 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 3462 struct ieee80211_supported_band *sband; 3463 u8 bssid[ETH_ALEN], *pos; 3464 int i; 3465 DECLARE_MAC_BUF(mac); 3466 3467 #if 0 3468 /* Easier testing, use fixed BSSID. */ 3469 memset(bssid, 0xfe, ETH_ALEN); 3470 #else 3471 /* Generate random, not broadcast, locally administered BSSID. Mix in 3472 * own MAC address to make sure that devices that do not have proper 3473 * random number generator get different BSSID. */ 3474 get_random_bytes(bssid, ETH_ALEN); 3475 for (i = 0; i < ETH_ALEN; i++) 3476 bssid[i] ^= dev->dev_addr[i]; 3477 bssid[0] &= ~0x01; 3478 bssid[0] |= 0x02; 3479 #endif 3480 3481 printk(KERN_DEBUG "%s: Creating new IBSS network, BSSID %s\n", 3482 dev->name, print_mac(mac, bssid)); 3483 3484 bss = ieee80211_rx_bss_add(dev, bssid, 3485 local->hw.conf.channel->center_freq, 3486 sdata->u.sta.ssid, sdata->u.sta.ssid_len); 3487 if (!bss) 3488 return -ENOMEM; 3489 3490 bss->band = local->hw.conf.channel->band; 3491 sband = local->hw.wiphy->bands[bss->band]; 3492 3493 if (local->hw.conf.beacon_int == 0) 3494 local->hw.conf.beacon_int = 10000; 3495 bss->beacon_int = local->hw.conf.beacon_int; 3496 bss->last_update = jiffies; 3497 bss->capability = WLAN_CAPABILITY_IBSS; 3498 if (sdata->default_key) { 3499 bss->capability |= WLAN_CAPABILITY_PRIVACY; 3500 } else 3501 sdata->drop_unencrypted = 0; 3502 bss->supp_rates_len = sband->n_bitrates; 3503 pos = bss->supp_rates; 3504 for (i = 0; i < sband->n_bitrates; i++) { 3505 int rate = sband->bitrates[i].bitrate; 3506 *pos++ = (u8) (rate / 5); 3507 } 3508 3509 return ieee80211_sta_join_ibss(dev, ifsta, bss); 3510 } 3511 3512 3513 static int ieee80211_sta_find_ibss(struct net_device *dev, 3514 struct ieee80211_if_sta *ifsta) 3515 { 3516 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 3517 struct ieee80211_sta_bss *bss; 3518 int found = 0; 3519 u8 bssid[ETH_ALEN]; 3520 int active_ibss; 3521 DECLARE_MAC_BUF(mac); 3522 DECLARE_MAC_BUF(mac2); 3523 3524 if (ifsta->ssid_len == 0) 3525 return -EINVAL; 3526 3527 active_ibss = ieee80211_sta_active_ibss(dev); 3528 #ifdef CONFIG_MAC80211_IBSS_DEBUG 3529 printk(KERN_DEBUG "%s: sta_find_ibss (active_ibss=%d)\n", 3530 dev->name, active_ibss); 3531 #endif /* CONFIG_MAC80211_IBSS_DEBUG */ 3532 spin_lock_bh(&local->sta_bss_lock); 3533 list_for_each_entry(bss, &local->sta_bss_list, list) { 3534 if (ifsta->ssid_len != bss->ssid_len || 3535 memcmp(ifsta->ssid, bss->ssid, bss->ssid_len) != 0 3536 || !(bss->capability & WLAN_CAPABILITY_IBSS)) 3537 continue; 3538 #ifdef CONFIG_MAC80211_IBSS_DEBUG 3539 printk(KERN_DEBUG " bssid=%s found\n", 3540 print_mac(mac, bss->bssid)); 3541 #endif /* CONFIG_MAC80211_IBSS_DEBUG */ 3542 memcpy(bssid, bss->bssid, ETH_ALEN); 3543 found = 1; 3544 if (active_ibss || memcmp(bssid, ifsta->bssid, ETH_ALEN) != 0) 3545 break; 3546 } 3547 spin_unlock_bh(&local->sta_bss_lock); 3548 3549 #ifdef CONFIG_MAC80211_IBSS_DEBUG 3550 printk(KERN_DEBUG " sta_find_ibss: selected %s current " 3551 "%s\n", print_mac(mac, bssid), print_mac(mac2, ifsta->bssid)); 3552 #endif /* CONFIG_MAC80211_IBSS_DEBUG */ 3553 if (found && memcmp(ifsta->bssid, bssid, ETH_ALEN) != 0 && 3554 (bss = ieee80211_rx_bss_get(dev, bssid, 3555 local->hw.conf.channel->center_freq, 3556 ifsta->ssid, ifsta->ssid_len))) { 3557 printk(KERN_DEBUG "%s: Selected IBSS BSSID %s" 3558 " based on configured SSID\n", 3559 dev->name, print_mac(mac, bssid)); 3560 return ieee80211_sta_join_ibss(dev, ifsta, bss); 3561 } 3562 #ifdef CONFIG_MAC80211_IBSS_DEBUG 3563 printk(KERN_DEBUG " did not try to join ibss\n"); 3564 #endif /* CONFIG_MAC80211_IBSS_DEBUG */ 3565 3566 /* Selected IBSS not found in current scan results - try to scan */ 3567 if (ifsta->state == IEEE80211_IBSS_JOINED && 3568 !ieee80211_sta_active_ibss(dev)) { 3569 mod_timer(&ifsta->timer, jiffies + 3570 IEEE80211_IBSS_MERGE_INTERVAL); 3571 } else if (time_after(jiffies, local->last_scan_completed + 3572 IEEE80211_SCAN_INTERVAL)) { 3573 printk(KERN_DEBUG "%s: Trigger new scan to find an IBSS to " 3574 "join\n", dev->name); 3575 return ieee80211_sta_req_scan(dev, ifsta->ssid, 3576 ifsta->ssid_len); 3577 } else if (ifsta->state != IEEE80211_IBSS_JOINED) { 3578 int interval = IEEE80211_SCAN_INTERVAL; 3579 3580 if (time_after(jiffies, ifsta->ibss_join_req + 3581 IEEE80211_IBSS_JOIN_TIMEOUT)) { 3582 if ((ifsta->flags & IEEE80211_STA_CREATE_IBSS) && 3583 (!(local->oper_channel->flags & 3584 IEEE80211_CHAN_NO_IBSS))) 3585 return ieee80211_sta_create_ibss(dev, ifsta); 3586 if (ifsta->flags & IEEE80211_STA_CREATE_IBSS) { 3587 printk(KERN_DEBUG "%s: IBSS not allowed on" 3588 " %d MHz\n", dev->name, 3589 local->hw.conf.channel->center_freq); 3590 } 3591 3592 /* No IBSS found - decrease scan interval and continue 3593 * scanning. */ 3594 interval = IEEE80211_SCAN_INTERVAL_SLOW; 3595 } 3596 3597 ifsta->state = IEEE80211_IBSS_SEARCH; 3598 mod_timer(&ifsta->timer, jiffies + interval); 3599 return 0; 3600 } 3601 3602 return 0; 3603 } 3604 3605 3606 int ieee80211_sta_set_ssid(struct net_device *dev, char *ssid, size_t len) 3607 { 3608 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 3609 struct ieee80211_if_sta *ifsta; 3610 3611 if (len > IEEE80211_MAX_SSID_LEN) 3612 return -EINVAL; 3613 3614 ifsta = &sdata->u.sta; 3615 3616 if (ifsta->ssid_len != len || memcmp(ifsta->ssid, ssid, len) != 0) 3617 ifsta->flags &= ~IEEE80211_STA_PREV_BSSID_SET; 3618 memcpy(ifsta->ssid, ssid, len); 3619 memset(ifsta->ssid + len, 0, IEEE80211_MAX_SSID_LEN - len); 3620 ifsta->ssid_len = len; 3621 3622 if (len) 3623 ifsta->flags |= IEEE80211_STA_SSID_SET; 3624 else 3625 ifsta->flags &= ~IEEE80211_STA_SSID_SET; 3626 if (sdata->vif.type == IEEE80211_IF_TYPE_IBSS && 3627 !(ifsta->flags & IEEE80211_STA_BSSID_SET)) { 3628 ifsta->ibss_join_req = jiffies; 3629 ifsta->state = IEEE80211_IBSS_SEARCH; 3630 return ieee80211_sta_find_ibss(dev, ifsta); 3631 } 3632 return 0; 3633 } 3634 3635 3636 int ieee80211_sta_get_ssid(struct net_device *dev, char *ssid, size_t *len) 3637 { 3638 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 3639 struct ieee80211_if_sta *ifsta = &sdata->u.sta; 3640 memcpy(ssid, ifsta->ssid, ifsta->ssid_len); 3641 *len = ifsta->ssid_len; 3642 return 0; 3643 } 3644 3645 3646 int ieee80211_sta_set_bssid(struct net_device *dev, u8 *bssid) 3647 { 3648 struct ieee80211_sub_if_data *sdata; 3649 struct ieee80211_if_sta *ifsta; 3650 int res; 3651 3652 sdata = IEEE80211_DEV_TO_SUB_IF(dev); 3653 ifsta = &sdata->u.sta; 3654 3655 if (memcmp(ifsta->bssid, bssid, ETH_ALEN) != 0) { 3656 memcpy(ifsta->bssid, bssid, ETH_ALEN); 3657 res = ieee80211_if_config(dev); 3658 if (res) { 3659 printk(KERN_DEBUG "%s: Failed to config new BSSID to " 3660 "the low-level driver\n", dev->name); 3661 return res; 3662 } 3663 } 3664 3665 if (is_valid_ether_addr(bssid)) 3666 ifsta->flags |= IEEE80211_STA_BSSID_SET; 3667 else 3668 ifsta->flags &= ~IEEE80211_STA_BSSID_SET; 3669 3670 return 0; 3671 } 3672 3673 3674 static void ieee80211_send_nullfunc(struct ieee80211_local *local, 3675 struct ieee80211_sub_if_data *sdata, 3676 int powersave) 3677 { 3678 struct sk_buff *skb; 3679 struct ieee80211_hdr *nullfunc; 3680 u16 fc; 3681 3682 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 24); 3683 if (!skb) { 3684 printk(KERN_DEBUG "%s: failed to allocate buffer for nullfunc " 3685 "frame\n", sdata->dev->name); 3686 return; 3687 } 3688 skb_reserve(skb, local->hw.extra_tx_headroom); 3689 3690 nullfunc = (struct ieee80211_hdr *) skb_put(skb, 24); 3691 memset(nullfunc, 0, 24); 3692 fc = IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC | 3693 IEEE80211_FCTL_TODS; 3694 if (powersave) 3695 fc |= IEEE80211_FCTL_PM; 3696 nullfunc->frame_control = cpu_to_le16(fc); 3697 memcpy(nullfunc->addr1, sdata->u.sta.bssid, ETH_ALEN); 3698 memcpy(nullfunc->addr2, sdata->dev->dev_addr, ETH_ALEN); 3699 memcpy(nullfunc->addr3, sdata->u.sta.bssid, ETH_ALEN); 3700 3701 ieee80211_sta_tx(sdata->dev, skb, 0); 3702 } 3703 3704 3705 static void ieee80211_restart_sta_timer(struct ieee80211_sub_if_data *sdata) 3706 { 3707 if (sdata->vif.type == IEEE80211_IF_TYPE_STA || 3708 ieee80211_vif_is_mesh(&sdata->vif)) 3709 ieee80211_sta_timer((unsigned long)sdata); 3710 } 3711 3712 void ieee80211_scan_completed(struct ieee80211_hw *hw) 3713 { 3714 struct ieee80211_local *local = hw_to_local(hw); 3715 struct net_device *dev = local->scan_dev; 3716 struct ieee80211_sub_if_data *sdata; 3717 union iwreq_data wrqu; 3718 3719 local->last_scan_completed = jiffies; 3720 memset(&wrqu, 0, sizeof(wrqu)); 3721 wireless_send_event(dev, SIOCGIWSCAN, &wrqu, NULL); 3722 3723 if (local->sta_hw_scanning) { 3724 local->sta_hw_scanning = 0; 3725 if (ieee80211_hw_config(local)) 3726 printk(KERN_DEBUG "%s: failed to restore operational " 3727 "channel after scan\n", dev->name); 3728 /* Restart STA timer for HW scan case */ 3729 rcu_read_lock(); 3730 list_for_each_entry_rcu(sdata, &local->interfaces, list) 3731 ieee80211_restart_sta_timer(sdata); 3732 rcu_read_unlock(); 3733 3734 goto done; 3735 } 3736 3737 local->sta_sw_scanning = 0; 3738 if (ieee80211_hw_config(local)) 3739 printk(KERN_DEBUG "%s: failed to restore operational " 3740 "channel after scan\n", dev->name); 3741 3742 3743 netif_tx_lock_bh(local->mdev); 3744 local->filter_flags &= ~FIF_BCN_PRBRESP_PROMISC; 3745 local->ops->configure_filter(local_to_hw(local), 3746 FIF_BCN_PRBRESP_PROMISC, 3747 &local->filter_flags, 3748 local->mdev->mc_count, 3749 local->mdev->mc_list); 3750 3751 netif_tx_unlock_bh(local->mdev); 3752 3753 rcu_read_lock(); 3754 list_for_each_entry_rcu(sdata, &local->interfaces, list) { 3755 3756 /* No need to wake the master device. */ 3757 if (sdata->dev == local->mdev) 3758 continue; 3759 3760 /* Tell AP we're back */ 3761 if (sdata->vif.type == IEEE80211_IF_TYPE_STA && 3762 sdata->u.sta.flags & IEEE80211_STA_ASSOCIATED) 3763 ieee80211_send_nullfunc(local, sdata, 0); 3764 3765 ieee80211_restart_sta_timer(sdata); 3766 3767 netif_wake_queue(sdata->dev); 3768 } 3769 rcu_read_unlock(); 3770 3771 done: 3772 sdata = IEEE80211_DEV_TO_SUB_IF(dev); 3773 if (sdata->vif.type == IEEE80211_IF_TYPE_IBSS) { 3774 struct ieee80211_if_sta *ifsta = &sdata->u.sta; 3775 if (!(ifsta->flags & IEEE80211_STA_BSSID_SET) || 3776 (!ifsta->state == IEEE80211_IBSS_JOINED && 3777 !ieee80211_sta_active_ibss(dev))) 3778 ieee80211_sta_find_ibss(dev, ifsta); 3779 } 3780 } 3781 EXPORT_SYMBOL(ieee80211_scan_completed); 3782 3783 void ieee80211_sta_scan_work(struct work_struct *work) 3784 { 3785 struct ieee80211_local *local = 3786 container_of(work, struct ieee80211_local, scan_work.work); 3787 struct net_device *dev = local->scan_dev; 3788 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 3789 struct ieee80211_supported_band *sband; 3790 struct ieee80211_channel *chan; 3791 int skip; 3792 unsigned long next_delay = 0; 3793 3794 if (!local->sta_sw_scanning) 3795 return; 3796 3797 switch (local->scan_state) { 3798 case SCAN_SET_CHANNEL: 3799 /* 3800 * Get current scan band. scan_band may be IEEE80211_NUM_BANDS 3801 * after we successfully scanned the last channel of the last 3802 * band (and the last band is supported by the hw) 3803 */ 3804 if (local->scan_band < IEEE80211_NUM_BANDS) 3805 sband = local->hw.wiphy->bands[local->scan_band]; 3806 else 3807 sband = NULL; 3808 3809 /* 3810 * If we are at an unsupported band and have more bands 3811 * left to scan, advance to the next supported one. 3812 */ 3813 while (!sband && local->scan_band < IEEE80211_NUM_BANDS - 1) { 3814 local->scan_band++; 3815 sband = local->hw.wiphy->bands[local->scan_band]; 3816 local->scan_channel_idx = 0; 3817 } 3818 3819 /* if no more bands/channels left, complete scan */ 3820 if (!sband || local->scan_channel_idx >= sband->n_channels) { 3821 ieee80211_scan_completed(local_to_hw(local)); 3822 return; 3823 } 3824 skip = 0; 3825 chan = &sband->channels[local->scan_channel_idx]; 3826 3827 if (chan->flags & IEEE80211_CHAN_DISABLED || 3828 (sdata->vif.type == IEEE80211_IF_TYPE_IBSS && 3829 chan->flags & IEEE80211_CHAN_NO_IBSS)) 3830 skip = 1; 3831 3832 if (!skip) { 3833 local->scan_channel = chan; 3834 if (ieee80211_hw_config(local)) { 3835 printk(KERN_DEBUG "%s: failed to set freq to " 3836 "%d MHz for scan\n", dev->name, 3837 chan->center_freq); 3838 skip = 1; 3839 } 3840 } 3841 3842 /* advance state machine to next channel/band */ 3843 local->scan_channel_idx++; 3844 if (local->scan_channel_idx >= sband->n_channels) { 3845 /* 3846 * scan_band may end up == IEEE80211_NUM_BANDS, but 3847 * we'll catch that case above and complete the scan 3848 * if that is the case. 3849 */ 3850 local->scan_band++; 3851 local->scan_channel_idx = 0; 3852 } 3853 3854 if (skip) 3855 break; 3856 3857 next_delay = IEEE80211_PROBE_DELAY + 3858 usecs_to_jiffies(local->hw.channel_change_time); 3859 local->scan_state = SCAN_SEND_PROBE; 3860 break; 3861 case SCAN_SEND_PROBE: 3862 next_delay = IEEE80211_PASSIVE_CHANNEL_TIME; 3863 local->scan_state = SCAN_SET_CHANNEL; 3864 3865 if (local->scan_channel->flags & IEEE80211_CHAN_PASSIVE_SCAN) 3866 break; 3867 ieee80211_send_probe_req(dev, NULL, local->scan_ssid, 3868 local->scan_ssid_len); 3869 next_delay = IEEE80211_CHANNEL_TIME; 3870 break; 3871 } 3872 3873 if (local->sta_sw_scanning) 3874 queue_delayed_work(local->hw.workqueue, &local->scan_work, 3875 next_delay); 3876 } 3877 3878 3879 static int ieee80211_sta_start_scan(struct net_device *dev, 3880 u8 *ssid, size_t ssid_len) 3881 { 3882 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 3883 struct ieee80211_sub_if_data *sdata; 3884 3885 if (ssid_len > IEEE80211_MAX_SSID_LEN) 3886 return -EINVAL; 3887 3888 /* MLME-SCAN.request (page 118) page 144 (11.1.3.1) 3889 * BSSType: INFRASTRUCTURE, INDEPENDENT, ANY_BSS 3890 * BSSID: MACAddress 3891 * SSID 3892 * ScanType: ACTIVE, PASSIVE 3893 * ProbeDelay: delay (in microseconds) to be used prior to transmitting 3894 * a Probe frame during active scanning 3895 * ChannelList 3896 * MinChannelTime (>= ProbeDelay), in TU 3897 * MaxChannelTime: (>= MinChannelTime), in TU 3898 */ 3899 3900 /* MLME-SCAN.confirm 3901 * BSSDescriptionSet 3902 * ResultCode: SUCCESS, INVALID_PARAMETERS 3903 */ 3904 3905 if (local->sta_sw_scanning || local->sta_hw_scanning) { 3906 if (local->scan_dev == dev) 3907 return 0; 3908 return -EBUSY; 3909 } 3910 3911 if (local->ops->hw_scan) { 3912 int rc = local->ops->hw_scan(local_to_hw(local), 3913 ssid, ssid_len); 3914 if (!rc) { 3915 local->sta_hw_scanning = 1; 3916 local->scan_dev = dev; 3917 } 3918 return rc; 3919 } 3920 3921 local->sta_sw_scanning = 1; 3922 3923 rcu_read_lock(); 3924 list_for_each_entry_rcu(sdata, &local->interfaces, list) { 3925 3926 /* Don't stop the master interface, otherwise we can't transmit 3927 * probes! */ 3928 if (sdata->dev == local->mdev) 3929 continue; 3930 3931 netif_stop_queue(sdata->dev); 3932 if (sdata->vif.type == IEEE80211_IF_TYPE_STA && 3933 (sdata->u.sta.flags & IEEE80211_STA_ASSOCIATED)) 3934 ieee80211_send_nullfunc(local, sdata, 1); 3935 } 3936 rcu_read_unlock(); 3937 3938 if (ssid) { 3939 local->scan_ssid_len = ssid_len; 3940 memcpy(local->scan_ssid, ssid, ssid_len); 3941 } else 3942 local->scan_ssid_len = 0; 3943 local->scan_state = SCAN_SET_CHANNEL; 3944 local->scan_channel_idx = 0; 3945 local->scan_band = IEEE80211_BAND_2GHZ; 3946 local->scan_dev = dev; 3947 3948 netif_tx_lock_bh(local->mdev); 3949 local->filter_flags |= FIF_BCN_PRBRESP_PROMISC; 3950 local->ops->configure_filter(local_to_hw(local), 3951 FIF_BCN_PRBRESP_PROMISC, 3952 &local->filter_flags, 3953 local->mdev->mc_count, 3954 local->mdev->mc_list); 3955 netif_tx_unlock_bh(local->mdev); 3956 3957 /* TODO: start scan as soon as all nullfunc frames are ACKed */ 3958 queue_delayed_work(local->hw.workqueue, &local->scan_work, 3959 IEEE80211_CHANNEL_TIME); 3960 3961 return 0; 3962 } 3963 3964 3965 int ieee80211_sta_req_scan(struct net_device *dev, u8 *ssid, size_t ssid_len) 3966 { 3967 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 3968 struct ieee80211_if_sta *ifsta = &sdata->u.sta; 3969 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 3970 3971 if (sdata->vif.type != IEEE80211_IF_TYPE_STA) 3972 return ieee80211_sta_start_scan(dev, ssid, ssid_len); 3973 3974 if (local->sta_sw_scanning || local->sta_hw_scanning) { 3975 if (local->scan_dev == dev) 3976 return 0; 3977 return -EBUSY; 3978 } 3979 3980 ifsta->scan_ssid_len = ssid_len; 3981 if (ssid_len) 3982 memcpy(ifsta->scan_ssid, ssid, ssid_len); 3983 set_bit(IEEE80211_STA_REQ_SCAN, &ifsta->request); 3984 queue_work(local->hw.workqueue, &ifsta->work); 3985 return 0; 3986 } 3987 3988 static char * 3989 ieee80211_sta_scan_result(struct net_device *dev, 3990 struct ieee80211_sta_bss *bss, 3991 char *current_ev, char *end_buf) 3992 { 3993 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 3994 struct iw_event iwe; 3995 3996 if (time_after(jiffies, 3997 bss->last_update + IEEE80211_SCAN_RESULT_EXPIRE)) 3998 return current_ev; 3999 4000 memset(&iwe, 0, sizeof(iwe)); 4001 iwe.cmd = SIOCGIWAP; 4002 iwe.u.ap_addr.sa_family = ARPHRD_ETHER; 4003 memcpy(iwe.u.ap_addr.sa_data, bss->bssid, ETH_ALEN); 4004 current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe, 4005 IW_EV_ADDR_LEN); 4006 4007 memset(&iwe, 0, sizeof(iwe)); 4008 iwe.cmd = SIOCGIWESSID; 4009 if (bss_mesh_cfg(bss)) { 4010 iwe.u.data.length = bss_mesh_id_len(bss); 4011 iwe.u.data.flags = 1; 4012 current_ev = iwe_stream_add_point(current_ev, end_buf, &iwe, 4013 bss_mesh_id(bss)); 4014 } else { 4015 iwe.u.data.length = bss->ssid_len; 4016 iwe.u.data.flags = 1; 4017 current_ev = iwe_stream_add_point(current_ev, end_buf, &iwe, 4018 bss->ssid); 4019 } 4020 4021 if (bss->capability & (WLAN_CAPABILITY_ESS | WLAN_CAPABILITY_IBSS) 4022 || bss_mesh_cfg(bss)) { 4023 memset(&iwe, 0, sizeof(iwe)); 4024 iwe.cmd = SIOCGIWMODE; 4025 if (bss_mesh_cfg(bss)) 4026 iwe.u.mode = IW_MODE_MESH; 4027 else if (bss->capability & WLAN_CAPABILITY_ESS) 4028 iwe.u.mode = IW_MODE_MASTER; 4029 else 4030 iwe.u.mode = IW_MODE_ADHOC; 4031 current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe, 4032 IW_EV_UINT_LEN); 4033 } 4034 4035 memset(&iwe, 0, sizeof(iwe)); 4036 iwe.cmd = SIOCGIWFREQ; 4037 iwe.u.freq.m = bss->freq; 4038 iwe.u.freq.e = 6; 4039 current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe, 4040 IW_EV_FREQ_LEN); 4041 4042 memset(&iwe, 0, sizeof(iwe)); 4043 iwe.cmd = SIOCGIWFREQ; 4044 iwe.u.freq.m = ieee80211_frequency_to_channel(bss->freq); 4045 iwe.u.freq.e = 0; 4046 current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe, 4047 IW_EV_FREQ_LEN); 4048 4049 memset(&iwe, 0, sizeof(iwe)); 4050 iwe.cmd = IWEVQUAL; 4051 iwe.u.qual.qual = bss->signal; 4052 iwe.u.qual.level = bss->rssi; 4053 iwe.u.qual.noise = bss->noise; 4054 iwe.u.qual.updated = local->wstats_flags; 4055 current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe, 4056 IW_EV_QUAL_LEN); 4057 4058 memset(&iwe, 0, sizeof(iwe)); 4059 iwe.cmd = SIOCGIWENCODE; 4060 if (bss->capability & WLAN_CAPABILITY_PRIVACY) 4061 iwe.u.data.flags = IW_ENCODE_ENABLED | IW_ENCODE_NOKEY; 4062 else 4063 iwe.u.data.flags = IW_ENCODE_DISABLED; 4064 iwe.u.data.length = 0; 4065 current_ev = iwe_stream_add_point(current_ev, end_buf, &iwe, ""); 4066 4067 if (bss && bss->wpa_ie) { 4068 memset(&iwe, 0, sizeof(iwe)); 4069 iwe.cmd = IWEVGENIE; 4070 iwe.u.data.length = bss->wpa_ie_len; 4071 current_ev = iwe_stream_add_point(current_ev, end_buf, &iwe, 4072 bss->wpa_ie); 4073 } 4074 4075 if (bss && bss->rsn_ie) { 4076 memset(&iwe, 0, sizeof(iwe)); 4077 iwe.cmd = IWEVGENIE; 4078 iwe.u.data.length = bss->rsn_ie_len; 4079 current_ev = iwe_stream_add_point(current_ev, end_buf, &iwe, 4080 bss->rsn_ie); 4081 } 4082 4083 if (bss && bss->supp_rates_len > 0) { 4084 /* display all supported rates in readable format */ 4085 char *p = current_ev + IW_EV_LCP_LEN; 4086 int i; 4087 4088 memset(&iwe, 0, sizeof(iwe)); 4089 iwe.cmd = SIOCGIWRATE; 4090 /* Those two flags are ignored... */ 4091 iwe.u.bitrate.fixed = iwe.u.bitrate.disabled = 0; 4092 4093 for (i = 0; i < bss->supp_rates_len; i++) { 4094 iwe.u.bitrate.value = ((bss->supp_rates[i] & 4095 0x7f) * 500000); 4096 p = iwe_stream_add_value(current_ev, p, 4097 end_buf, &iwe, IW_EV_PARAM_LEN); 4098 } 4099 current_ev = p; 4100 } 4101 4102 if (bss) { 4103 char *buf; 4104 buf = kmalloc(30, GFP_ATOMIC); 4105 if (buf) { 4106 memset(&iwe, 0, sizeof(iwe)); 4107 iwe.cmd = IWEVCUSTOM; 4108 sprintf(buf, "tsf=%016llx", (unsigned long long)(bss->timestamp)); 4109 iwe.u.data.length = strlen(buf); 4110 current_ev = iwe_stream_add_point(current_ev, end_buf, 4111 &iwe, buf); 4112 kfree(buf); 4113 } 4114 } 4115 4116 if (bss_mesh_cfg(bss)) { 4117 char *buf; 4118 u8 *cfg = bss_mesh_cfg(bss); 4119 buf = kmalloc(50, GFP_ATOMIC); 4120 if (buf) { 4121 memset(&iwe, 0, sizeof(iwe)); 4122 iwe.cmd = IWEVCUSTOM; 4123 sprintf(buf, "Mesh network (version %d)", cfg[0]); 4124 iwe.u.data.length = strlen(buf); 4125 current_ev = iwe_stream_add_point(current_ev, end_buf, 4126 &iwe, buf); 4127 sprintf(buf, "Path Selection Protocol ID: " 4128 "0x%02X%02X%02X%02X", cfg[1], cfg[2], cfg[3], 4129 cfg[4]); 4130 iwe.u.data.length = strlen(buf); 4131 current_ev = iwe_stream_add_point(current_ev, end_buf, 4132 &iwe, buf); 4133 sprintf(buf, "Path Selection Metric ID: " 4134 "0x%02X%02X%02X%02X", cfg[5], cfg[6], cfg[7], 4135 cfg[8]); 4136 iwe.u.data.length = strlen(buf); 4137 current_ev = iwe_stream_add_point(current_ev, end_buf, 4138 &iwe, buf); 4139 sprintf(buf, "Congestion Control Mode ID: " 4140 "0x%02X%02X%02X%02X", cfg[9], cfg[10], 4141 cfg[11], cfg[12]); 4142 iwe.u.data.length = strlen(buf); 4143 current_ev = iwe_stream_add_point(current_ev, end_buf, 4144 &iwe, buf); 4145 sprintf(buf, "Channel Precedence: " 4146 "0x%02X%02X%02X%02X", cfg[13], cfg[14], 4147 cfg[15], cfg[16]); 4148 iwe.u.data.length = strlen(buf); 4149 current_ev = iwe_stream_add_point(current_ev, end_buf, 4150 &iwe, buf); 4151 kfree(buf); 4152 } 4153 } 4154 4155 return current_ev; 4156 } 4157 4158 4159 int ieee80211_sta_scan_results(struct net_device *dev, char *buf, size_t len) 4160 { 4161 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 4162 char *current_ev = buf; 4163 char *end_buf = buf + len; 4164 struct ieee80211_sta_bss *bss; 4165 4166 spin_lock_bh(&local->sta_bss_lock); 4167 list_for_each_entry(bss, &local->sta_bss_list, list) { 4168 if (buf + len - current_ev <= IW_EV_ADDR_LEN) { 4169 spin_unlock_bh(&local->sta_bss_lock); 4170 return -E2BIG; 4171 } 4172 current_ev = ieee80211_sta_scan_result(dev, bss, current_ev, 4173 end_buf); 4174 } 4175 spin_unlock_bh(&local->sta_bss_lock); 4176 return current_ev - buf; 4177 } 4178 4179 4180 int ieee80211_sta_set_extra_ie(struct net_device *dev, char *ie, size_t len) 4181 { 4182 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 4183 struct ieee80211_if_sta *ifsta = &sdata->u.sta; 4184 kfree(ifsta->extra_ie); 4185 if (len == 0) { 4186 ifsta->extra_ie = NULL; 4187 ifsta->extra_ie_len = 0; 4188 return 0; 4189 } 4190 ifsta->extra_ie = kmalloc(len, GFP_KERNEL); 4191 if (!ifsta->extra_ie) { 4192 ifsta->extra_ie_len = 0; 4193 return -ENOMEM; 4194 } 4195 memcpy(ifsta->extra_ie, ie, len); 4196 ifsta->extra_ie_len = len; 4197 return 0; 4198 } 4199 4200 4201 struct sta_info * ieee80211_ibss_add_sta(struct net_device *dev, 4202 struct sk_buff *skb, u8 *bssid, 4203 u8 *addr) 4204 { 4205 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 4206 struct sta_info *sta; 4207 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 4208 DECLARE_MAC_BUF(mac); 4209 4210 /* TODO: Could consider removing the least recently used entry and 4211 * allow new one to be added. */ 4212 if (local->num_sta >= IEEE80211_IBSS_MAX_STA_ENTRIES) { 4213 if (net_ratelimit()) { 4214 printk(KERN_DEBUG "%s: No room for a new IBSS STA " 4215 "entry %s\n", dev->name, print_mac(mac, addr)); 4216 } 4217 return NULL; 4218 } 4219 4220 printk(KERN_DEBUG "%s: Adding new IBSS station %s (dev=%s)\n", 4221 wiphy_name(local->hw.wiphy), print_mac(mac, addr), dev->name); 4222 4223 sta = sta_info_alloc(sdata, addr, GFP_ATOMIC); 4224 if (!sta) 4225 return NULL; 4226 4227 sta->flags |= WLAN_STA_AUTHORIZED; 4228 4229 sta->supp_rates[local->hw.conf.channel->band] = 4230 sdata->u.sta.supp_rates_bits[local->hw.conf.channel->band]; 4231 4232 rate_control_rate_init(sta, local); 4233 4234 if (sta_info_insert(sta)) 4235 return NULL; 4236 4237 return sta; 4238 } 4239 4240 4241 int ieee80211_sta_deauthenticate(struct net_device *dev, u16 reason) 4242 { 4243 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 4244 struct ieee80211_if_sta *ifsta = &sdata->u.sta; 4245 4246 printk(KERN_DEBUG "%s: deauthenticate(reason=%d)\n", 4247 dev->name, reason); 4248 4249 if (sdata->vif.type != IEEE80211_IF_TYPE_STA && 4250 sdata->vif.type != IEEE80211_IF_TYPE_IBSS) 4251 return -EINVAL; 4252 4253 ieee80211_send_deauth(dev, ifsta, reason); 4254 ieee80211_set_disassoc(dev, ifsta, 1); 4255 return 0; 4256 } 4257 4258 4259 int ieee80211_sta_disassociate(struct net_device *dev, u16 reason) 4260 { 4261 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 4262 struct ieee80211_if_sta *ifsta = &sdata->u.sta; 4263 4264 printk(KERN_DEBUG "%s: disassociate(reason=%d)\n", 4265 dev->name, reason); 4266 4267 if (sdata->vif.type != IEEE80211_IF_TYPE_STA) 4268 return -EINVAL; 4269 4270 if (!(ifsta->flags & IEEE80211_STA_ASSOCIATED)) 4271 return -1; 4272 4273 ieee80211_send_disassoc(dev, ifsta, reason); 4274 ieee80211_set_disassoc(dev, ifsta, 0); 4275 return 0; 4276 } 4277 4278 void ieee80211_notify_mac(struct ieee80211_hw *hw, 4279 enum ieee80211_notification_types notif_type) 4280 { 4281 struct ieee80211_local *local = hw_to_local(hw); 4282 struct ieee80211_sub_if_data *sdata; 4283 4284 switch (notif_type) { 4285 case IEEE80211_NOTIFY_RE_ASSOC: 4286 rcu_read_lock(); 4287 list_for_each_entry_rcu(sdata, &local->interfaces, list) { 4288 4289 if (sdata->vif.type == IEEE80211_IF_TYPE_STA) { 4290 ieee80211_sta_req_auth(sdata->dev, 4291 &sdata->u.sta); 4292 } 4293 4294 } 4295 rcu_read_unlock(); 4296 break; 4297 } 4298 } 4299 EXPORT_SYMBOL(ieee80211_notify_mac); 4300