1 /* 2 * cfg80211 scan result handling 3 * 4 * Copyright 2008 Johannes Berg <johannes@sipsolutions.net> 5 * Copyright 2013-2014 Intel Mobile Communications GmbH 6 */ 7 #include <linux/kernel.h> 8 #include <linux/slab.h> 9 #include <linux/module.h> 10 #include <linux/netdevice.h> 11 #include <linux/wireless.h> 12 #include <linux/nl80211.h> 13 #include <linux/etherdevice.h> 14 #include <net/arp.h> 15 #include <net/cfg80211.h> 16 #include <net/cfg80211-wext.h> 17 #include <net/iw_handler.h> 18 #include "core.h" 19 #include "nl80211.h" 20 #include "wext-compat.h" 21 #include "rdev-ops.h" 22 23 /** 24 * DOC: BSS tree/list structure 25 * 26 * At the top level, the BSS list is kept in both a list in each 27 * registered device (@bss_list) as well as an RB-tree for faster 28 * lookup. In the RB-tree, entries can be looked up using their 29 * channel, MESHID, MESHCONF (for MBSSes) or channel, BSSID, SSID 30 * for other BSSes. 31 * 32 * Due to the possibility of hidden SSIDs, there's a second level 33 * structure, the "hidden_list" and "hidden_beacon_bss" pointer. 34 * The hidden_list connects all BSSes belonging to a single AP 35 * that has a hidden SSID, and connects beacon and probe response 36 * entries. For a probe response entry for a hidden SSID, the 37 * hidden_beacon_bss pointer points to the BSS struct holding the 38 * beacon's information. 39 * 40 * Reference counting is done for all these references except for 41 * the hidden_list, so that a beacon BSS struct that is otherwise 42 * not referenced has one reference for being on the bss_list and 43 * one for each probe response entry that points to it using the 44 * hidden_beacon_bss pointer. When a BSS struct that has such a 45 * pointer is get/put, the refcount update is also propagated to 46 * the referenced struct, this ensure that it cannot get removed 47 * while somebody is using the probe response version. 48 * 49 * Note that the hidden_beacon_bss pointer never changes, due to 50 * the reference counting. Therefore, no locking is needed for 51 * it. 52 * 53 * Also note that the hidden_beacon_bss pointer is only relevant 54 * if the driver uses something other than the IEs, e.g. private 55 * data stored stored in the BSS struct, since the beacon IEs are 56 * also linked into the probe response struct. 57 */ 58 59 #define IEEE80211_SCAN_RESULT_EXPIRE (30 * HZ) 60 61 static void bss_free(struct cfg80211_internal_bss *bss) 62 { 63 struct cfg80211_bss_ies *ies; 64 65 if (WARN_ON(atomic_read(&bss->hold))) 66 return; 67 68 ies = (void *)rcu_access_pointer(bss->pub.beacon_ies); 69 if (ies && !bss->pub.hidden_beacon_bss) 70 kfree_rcu(ies, rcu_head); 71 ies = (void *)rcu_access_pointer(bss->pub.proberesp_ies); 72 if (ies) 73 kfree_rcu(ies, rcu_head); 74 75 /* 76 * This happens when the module is removed, it doesn't 77 * really matter any more save for completeness 78 */ 79 if (!list_empty(&bss->hidden_list)) 80 list_del(&bss->hidden_list); 81 82 kfree(bss); 83 } 84 85 static inline void bss_ref_get(struct cfg80211_registered_device *rdev, 86 struct cfg80211_internal_bss *bss) 87 { 88 lockdep_assert_held(&rdev->bss_lock); 89 90 bss->refcount++; 91 if (bss->pub.hidden_beacon_bss) { 92 bss = container_of(bss->pub.hidden_beacon_bss, 93 struct cfg80211_internal_bss, 94 pub); 95 bss->refcount++; 96 } 97 } 98 99 static inline void bss_ref_put(struct cfg80211_registered_device *rdev, 100 struct cfg80211_internal_bss *bss) 101 { 102 lockdep_assert_held(&rdev->bss_lock); 103 104 if (bss->pub.hidden_beacon_bss) { 105 struct cfg80211_internal_bss *hbss; 106 hbss = container_of(bss->pub.hidden_beacon_bss, 107 struct cfg80211_internal_bss, 108 pub); 109 hbss->refcount--; 110 if (hbss->refcount == 0) 111 bss_free(hbss); 112 } 113 bss->refcount--; 114 if (bss->refcount == 0) 115 bss_free(bss); 116 } 117 118 static bool __cfg80211_unlink_bss(struct cfg80211_registered_device *rdev, 119 struct cfg80211_internal_bss *bss) 120 { 121 lockdep_assert_held(&rdev->bss_lock); 122 123 if (!list_empty(&bss->hidden_list)) { 124 /* 125 * don't remove the beacon entry if it has 126 * probe responses associated with it 127 */ 128 if (!bss->pub.hidden_beacon_bss) 129 return false; 130 /* 131 * if it's a probe response entry break its 132 * link to the other entries in the group 133 */ 134 list_del_init(&bss->hidden_list); 135 } 136 137 list_del_init(&bss->list); 138 rb_erase(&bss->rbn, &rdev->bss_tree); 139 bss_ref_put(rdev, bss); 140 return true; 141 } 142 143 static void __cfg80211_bss_expire(struct cfg80211_registered_device *rdev, 144 unsigned long expire_time) 145 { 146 struct cfg80211_internal_bss *bss, *tmp; 147 bool expired = false; 148 149 lockdep_assert_held(&rdev->bss_lock); 150 151 list_for_each_entry_safe(bss, tmp, &rdev->bss_list, list) { 152 if (atomic_read(&bss->hold)) 153 continue; 154 if (!time_after(expire_time, bss->ts)) 155 continue; 156 157 if (__cfg80211_unlink_bss(rdev, bss)) 158 expired = true; 159 } 160 161 if (expired) 162 rdev->bss_generation++; 163 } 164 165 void ___cfg80211_scan_done(struct cfg80211_registered_device *rdev, 166 bool send_message) 167 { 168 struct cfg80211_scan_request *request; 169 struct wireless_dev *wdev; 170 struct sk_buff *msg; 171 #ifdef CONFIG_CFG80211_WEXT 172 union iwreq_data wrqu; 173 #endif 174 175 ASSERT_RTNL(); 176 177 if (rdev->scan_msg) { 178 nl80211_send_scan_result(rdev, rdev->scan_msg); 179 rdev->scan_msg = NULL; 180 return; 181 } 182 183 request = rdev->scan_req; 184 if (!request) 185 return; 186 187 wdev = request->wdev; 188 189 /* 190 * This must be before sending the other events! 191 * Otherwise, wpa_supplicant gets completely confused with 192 * wext events. 193 */ 194 if (wdev->netdev) 195 cfg80211_sme_scan_done(wdev->netdev); 196 197 if (!request->aborted && 198 request->flags & NL80211_SCAN_FLAG_FLUSH) { 199 /* flush entries from previous scans */ 200 spin_lock_bh(&rdev->bss_lock); 201 __cfg80211_bss_expire(rdev, request->scan_start); 202 spin_unlock_bh(&rdev->bss_lock); 203 } 204 205 msg = nl80211_build_scan_msg(rdev, wdev, request->aborted); 206 207 #ifdef CONFIG_CFG80211_WEXT 208 if (wdev->netdev && !request->aborted) { 209 memset(&wrqu, 0, sizeof(wrqu)); 210 211 wireless_send_event(wdev->netdev, SIOCGIWSCAN, &wrqu, NULL); 212 } 213 #endif 214 215 if (wdev->netdev) 216 dev_put(wdev->netdev); 217 218 rdev->scan_req = NULL; 219 kfree(request); 220 221 if (!send_message) 222 rdev->scan_msg = msg; 223 else 224 nl80211_send_scan_result(rdev, msg); 225 } 226 227 void __cfg80211_scan_done(struct work_struct *wk) 228 { 229 struct cfg80211_registered_device *rdev; 230 231 rdev = container_of(wk, struct cfg80211_registered_device, 232 scan_done_wk); 233 234 rtnl_lock(); 235 ___cfg80211_scan_done(rdev, true); 236 rtnl_unlock(); 237 } 238 239 void cfg80211_scan_done(struct cfg80211_scan_request *request, bool aborted) 240 { 241 trace_cfg80211_scan_done(request, aborted); 242 WARN_ON(request != wiphy_to_rdev(request->wiphy)->scan_req); 243 244 request->aborted = aborted; 245 request->notified = true; 246 queue_work(cfg80211_wq, &wiphy_to_rdev(request->wiphy)->scan_done_wk); 247 } 248 EXPORT_SYMBOL(cfg80211_scan_done); 249 250 void __cfg80211_sched_scan_results(struct work_struct *wk) 251 { 252 struct cfg80211_registered_device *rdev; 253 struct cfg80211_sched_scan_request *request; 254 255 rdev = container_of(wk, struct cfg80211_registered_device, 256 sched_scan_results_wk); 257 258 rtnl_lock(); 259 260 request = rtnl_dereference(rdev->sched_scan_req); 261 262 /* we don't have sched_scan_req anymore if the scan is stopping */ 263 if (request) { 264 if (request->flags & NL80211_SCAN_FLAG_FLUSH) { 265 /* flush entries from previous scans */ 266 spin_lock_bh(&rdev->bss_lock); 267 __cfg80211_bss_expire(rdev, request->scan_start); 268 spin_unlock_bh(&rdev->bss_lock); 269 request->scan_start = 270 jiffies + msecs_to_jiffies(request->interval); 271 } 272 nl80211_send_sched_scan_results(rdev, request->dev); 273 } 274 275 rtnl_unlock(); 276 } 277 278 void cfg80211_sched_scan_results(struct wiphy *wiphy) 279 { 280 trace_cfg80211_sched_scan_results(wiphy); 281 /* ignore if we're not scanning */ 282 283 if (rcu_access_pointer(wiphy_to_rdev(wiphy)->sched_scan_req)) 284 queue_work(cfg80211_wq, 285 &wiphy_to_rdev(wiphy)->sched_scan_results_wk); 286 } 287 EXPORT_SYMBOL(cfg80211_sched_scan_results); 288 289 void cfg80211_sched_scan_stopped_rtnl(struct wiphy *wiphy) 290 { 291 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 292 293 ASSERT_RTNL(); 294 295 trace_cfg80211_sched_scan_stopped(wiphy); 296 297 __cfg80211_stop_sched_scan(rdev, true); 298 } 299 EXPORT_SYMBOL(cfg80211_sched_scan_stopped_rtnl); 300 301 void cfg80211_sched_scan_stopped(struct wiphy *wiphy) 302 { 303 rtnl_lock(); 304 cfg80211_sched_scan_stopped_rtnl(wiphy); 305 rtnl_unlock(); 306 } 307 EXPORT_SYMBOL(cfg80211_sched_scan_stopped); 308 309 int __cfg80211_stop_sched_scan(struct cfg80211_registered_device *rdev, 310 bool driver_initiated) 311 { 312 struct cfg80211_sched_scan_request *sched_scan_req; 313 struct net_device *dev; 314 315 ASSERT_RTNL(); 316 317 if (!rdev->sched_scan_req) 318 return -ENOENT; 319 320 sched_scan_req = rtnl_dereference(rdev->sched_scan_req); 321 dev = sched_scan_req->dev; 322 323 if (!driver_initiated) { 324 int err = rdev_sched_scan_stop(rdev, dev); 325 if (err) 326 return err; 327 } 328 329 nl80211_send_sched_scan(rdev, dev, NL80211_CMD_SCHED_SCAN_STOPPED); 330 331 RCU_INIT_POINTER(rdev->sched_scan_req, NULL); 332 kfree_rcu(sched_scan_req, rcu_head); 333 334 return 0; 335 } 336 337 void cfg80211_bss_age(struct cfg80211_registered_device *rdev, 338 unsigned long age_secs) 339 { 340 struct cfg80211_internal_bss *bss; 341 unsigned long age_jiffies = msecs_to_jiffies(age_secs * MSEC_PER_SEC); 342 343 spin_lock_bh(&rdev->bss_lock); 344 list_for_each_entry(bss, &rdev->bss_list, list) 345 bss->ts -= age_jiffies; 346 spin_unlock_bh(&rdev->bss_lock); 347 } 348 349 void cfg80211_bss_expire(struct cfg80211_registered_device *rdev) 350 { 351 __cfg80211_bss_expire(rdev, jiffies - IEEE80211_SCAN_RESULT_EXPIRE); 352 } 353 354 const u8 *cfg80211_find_ie(u8 eid, const u8 *ies, int len) 355 { 356 while (len > 2 && ies[0] != eid) { 357 len -= ies[1] + 2; 358 ies += ies[1] + 2; 359 } 360 if (len < 2) 361 return NULL; 362 if (len < 2 + ies[1]) 363 return NULL; 364 return ies; 365 } 366 EXPORT_SYMBOL(cfg80211_find_ie); 367 368 const u8 *cfg80211_find_vendor_ie(unsigned int oui, u8 oui_type, 369 const u8 *ies, int len) 370 { 371 struct ieee80211_vendor_ie *ie; 372 const u8 *pos = ies, *end = ies + len; 373 int ie_oui; 374 375 while (pos < end) { 376 pos = cfg80211_find_ie(WLAN_EID_VENDOR_SPECIFIC, pos, 377 end - pos); 378 if (!pos) 379 return NULL; 380 381 ie = (struct ieee80211_vendor_ie *)pos; 382 383 /* make sure we can access ie->len */ 384 BUILD_BUG_ON(offsetof(struct ieee80211_vendor_ie, len) != 1); 385 386 if (ie->len < sizeof(*ie)) 387 goto cont; 388 389 ie_oui = ie->oui[0] << 16 | ie->oui[1] << 8 | ie->oui[2]; 390 if (ie_oui == oui && ie->oui_type == oui_type) 391 return pos; 392 cont: 393 pos += 2 + ie->len; 394 } 395 return NULL; 396 } 397 EXPORT_SYMBOL(cfg80211_find_vendor_ie); 398 399 static bool is_bss(struct cfg80211_bss *a, const u8 *bssid, 400 const u8 *ssid, size_t ssid_len) 401 { 402 const struct cfg80211_bss_ies *ies; 403 const u8 *ssidie; 404 405 if (bssid && !ether_addr_equal(a->bssid, bssid)) 406 return false; 407 408 if (!ssid) 409 return true; 410 411 ies = rcu_access_pointer(a->ies); 412 if (!ies) 413 return false; 414 ssidie = cfg80211_find_ie(WLAN_EID_SSID, ies->data, ies->len); 415 if (!ssidie) 416 return false; 417 if (ssidie[1] != ssid_len) 418 return false; 419 return memcmp(ssidie + 2, ssid, ssid_len) == 0; 420 } 421 422 /** 423 * enum bss_compare_mode - BSS compare mode 424 * @BSS_CMP_REGULAR: regular compare mode (for insertion and normal find) 425 * @BSS_CMP_HIDE_ZLEN: find hidden SSID with zero-length mode 426 * @BSS_CMP_HIDE_NUL: find hidden SSID with NUL-ed out mode 427 */ 428 enum bss_compare_mode { 429 BSS_CMP_REGULAR, 430 BSS_CMP_HIDE_ZLEN, 431 BSS_CMP_HIDE_NUL, 432 }; 433 434 static int cmp_bss(struct cfg80211_bss *a, 435 struct cfg80211_bss *b, 436 enum bss_compare_mode mode) 437 { 438 const struct cfg80211_bss_ies *a_ies, *b_ies; 439 const u8 *ie1 = NULL; 440 const u8 *ie2 = NULL; 441 int i, r; 442 443 if (a->channel != b->channel) 444 return b->channel->center_freq - a->channel->center_freq; 445 446 a_ies = rcu_access_pointer(a->ies); 447 if (!a_ies) 448 return -1; 449 b_ies = rcu_access_pointer(b->ies); 450 if (!b_ies) 451 return 1; 452 453 if (WLAN_CAPABILITY_IS_STA_BSS(a->capability)) 454 ie1 = cfg80211_find_ie(WLAN_EID_MESH_ID, 455 a_ies->data, a_ies->len); 456 if (WLAN_CAPABILITY_IS_STA_BSS(b->capability)) 457 ie2 = cfg80211_find_ie(WLAN_EID_MESH_ID, 458 b_ies->data, b_ies->len); 459 if (ie1 && ie2) { 460 int mesh_id_cmp; 461 462 if (ie1[1] == ie2[1]) 463 mesh_id_cmp = memcmp(ie1 + 2, ie2 + 2, ie1[1]); 464 else 465 mesh_id_cmp = ie2[1] - ie1[1]; 466 467 ie1 = cfg80211_find_ie(WLAN_EID_MESH_CONFIG, 468 a_ies->data, a_ies->len); 469 ie2 = cfg80211_find_ie(WLAN_EID_MESH_CONFIG, 470 b_ies->data, b_ies->len); 471 if (ie1 && ie2) { 472 if (mesh_id_cmp) 473 return mesh_id_cmp; 474 if (ie1[1] != ie2[1]) 475 return ie2[1] - ie1[1]; 476 return memcmp(ie1 + 2, ie2 + 2, ie1[1]); 477 } 478 } 479 480 r = memcmp(a->bssid, b->bssid, sizeof(a->bssid)); 481 if (r) 482 return r; 483 484 ie1 = cfg80211_find_ie(WLAN_EID_SSID, a_ies->data, a_ies->len); 485 ie2 = cfg80211_find_ie(WLAN_EID_SSID, b_ies->data, b_ies->len); 486 487 if (!ie1 && !ie2) 488 return 0; 489 490 /* 491 * Note that with "hide_ssid", the function returns a match if 492 * the already-present BSS ("b") is a hidden SSID beacon for 493 * the new BSS ("a"). 494 */ 495 496 /* sort missing IE before (left of) present IE */ 497 if (!ie1) 498 return -1; 499 if (!ie2) 500 return 1; 501 502 switch (mode) { 503 case BSS_CMP_HIDE_ZLEN: 504 /* 505 * In ZLEN mode we assume the BSS entry we're 506 * looking for has a zero-length SSID. So if 507 * the one we're looking at right now has that, 508 * return 0. Otherwise, return the difference 509 * in length, but since we're looking for the 510 * 0-length it's really equivalent to returning 511 * the length of the one we're looking at. 512 * 513 * No content comparison is needed as we assume 514 * the content length is zero. 515 */ 516 return ie2[1]; 517 case BSS_CMP_REGULAR: 518 default: 519 /* sort by length first, then by contents */ 520 if (ie1[1] != ie2[1]) 521 return ie2[1] - ie1[1]; 522 return memcmp(ie1 + 2, ie2 + 2, ie1[1]); 523 case BSS_CMP_HIDE_NUL: 524 if (ie1[1] != ie2[1]) 525 return ie2[1] - ie1[1]; 526 /* this is equivalent to memcmp(zeroes, ie2 + 2, len) */ 527 for (i = 0; i < ie2[1]; i++) 528 if (ie2[i + 2]) 529 return -1; 530 return 0; 531 } 532 } 533 534 /* Returned bss is reference counted and must be cleaned up appropriately. */ 535 struct cfg80211_bss *cfg80211_get_bss(struct wiphy *wiphy, 536 struct ieee80211_channel *channel, 537 const u8 *bssid, 538 const u8 *ssid, size_t ssid_len, 539 u16 capa_mask, u16 capa_val) 540 { 541 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 542 struct cfg80211_internal_bss *bss, *res = NULL; 543 unsigned long now = jiffies; 544 545 trace_cfg80211_get_bss(wiphy, channel, bssid, ssid, ssid_len, capa_mask, 546 capa_val); 547 548 spin_lock_bh(&rdev->bss_lock); 549 550 list_for_each_entry(bss, &rdev->bss_list, list) { 551 if ((bss->pub.capability & capa_mask) != capa_val) 552 continue; 553 if (channel && bss->pub.channel != channel) 554 continue; 555 if (!is_valid_ether_addr(bss->pub.bssid)) 556 continue; 557 /* Don't get expired BSS structs */ 558 if (time_after(now, bss->ts + IEEE80211_SCAN_RESULT_EXPIRE) && 559 !atomic_read(&bss->hold)) 560 continue; 561 if (is_bss(&bss->pub, bssid, ssid, ssid_len)) { 562 res = bss; 563 bss_ref_get(rdev, res); 564 break; 565 } 566 } 567 568 spin_unlock_bh(&rdev->bss_lock); 569 if (!res) 570 return NULL; 571 trace_cfg80211_return_bss(&res->pub); 572 return &res->pub; 573 } 574 EXPORT_SYMBOL(cfg80211_get_bss); 575 576 static void rb_insert_bss(struct cfg80211_registered_device *rdev, 577 struct cfg80211_internal_bss *bss) 578 { 579 struct rb_node **p = &rdev->bss_tree.rb_node; 580 struct rb_node *parent = NULL; 581 struct cfg80211_internal_bss *tbss; 582 int cmp; 583 584 while (*p) { 585 parent = *p; 586 tbss = rb_entry(parent, struct cfg80211_internal_bss, rbn); 587 588 cmp = cmp_bss(&bss->pub, &tbss->pub, BSS_CMP_REGULAR); 589 590 if (WARN_ON(!cmp)) { 591 /* will sort of leak this BSS */ 592 return; 593 } 594 595 if (cmp < 0) 596 p = &(*p)->rb_left; 597 else 598 p = &(*p)->rb_right; 599 } 600 601 rb_link_node(&bss->rbn, parent, p); 602 rb_insert_color(&bss->rbn, &rdev->bss_tree); 603 } 604 605 static struct cfg80211_internal_bss * 606 rb_find_bss(struct cfg80211_registered_device *rdev, 607 struct cfg80211_internal_bss *res, 608 enum bss_compare_mode mode) 609 { 610 struct rb_node *n = rdev->bss_tree.rb_node; 611 struct cfg80211_internal_bss *bss; 612 int r; 613 614 while (n) { 615 bss = rb_entry(n, struct cfg80211_internal_bss, rbn); 616 r = cmp_bss(&res->pub, &bss->pub, mode); 617 618 if (r == 0) 619 return bss; 620 else if (r < 0) 621 n = n->rb_left; 622 else 623 n = n->rb_right; 624 } 625 626 return NULL; 627 } 628 629 static bool cfg80211_combine_bsses(struct cfg80211_registered_device *rdev, 630 struct cfg80211_internal_bss *new) 631 { 632 const struct cfg80211_bss_ies *ies; 633 struct cfg80211_internal_bss *bss; 634 const u8 *ie; 635 int i, ssidlen; 636 u8 fold = 0; 637 638 ies = rcu_access_pointer(new->pub.beacon_ies); 639 if (WARN_ON(!ies)) 640 return false; 641 642 ie = cfg80211_find_ie(WLAN_EID_SSID, ies->data, ies->len); 643 if (!ie) { 644 /* nothing to do */ 645 return true; 646 } 647 648 ssidlen = ie[1]; 649 for (i = 0; i < ssidlen; i++) 650 fold |= ie[2 + i]; 651 652 if (fold) { 653 /* not a hidden SSID */ 654 return true; 655 } 656 657 /* This is the bad part ... */ 658 659 list_for_each_entry(bss, &rdev->bss_list, list) { 660 if (!ether_addr_equal(bss->pub.bssid, new->pub.bssid)) 661 continue; 662 if (bss->pub.channel != new->pub.channel) 663 continue; 664 if (bss->pub.scan_width != new->pub.scan_width) 665 continue; 666 if (rcu_access_pointer(bss->pub.beacon_ies)) 667 continue; 668 ies = rcu_access_pointer(bss->pub.ies); 669 if (!ies) 670 continue; 671 ie = cfg80211_find_ie(WLAN_EID_SSID, ies->data, ies->len); 672 if (!ie) 673 continue; 674 if (ssidlen && ie[1] != ssidlen) 675 continue; 676 if (WARN_ON_ONCE(bss->pub.hidden_beacon_bss)) 677 continue; 678 if (WARN_ON_ONCE(!list_empty(&bss->hidden_list))) 679 list_del(&bss->hidden_list); 680 /* combine them */ 681 list_add(&bss->hidden_list, &new->hidden_list); 682 bss->pub.hidden_beacon_bss = &new->pub; 683 new->refcount += bss->refcount; 684 rcu_assign_pointer(bss->pub.beacon_ies, 685 new->pub.beacon_ies); 686 } 687 688 return true; 689 } 690 691 /* Returned bss is reference counted and must be cleaned up appropriately. */ 692 static struct cfg80211_internal_bss * 693 cfg80211_bss_update(struct cfg80211_registered_device *rdev, 694 struct cfg80211_internal_bss *tmp, 695 bool signal_valid) 696 { 697 struct cfg80211_internal_bss *found = NULL; 698 699 if (WARN_ON(!tmp->pub.channel)) 700 return NULL; 701 702 tmp->ts = jiffies; 703 704 spin_lock_bh(&rdev->bss_lock); 705 706 if (WARN_ON(!rcu_access_pointer(tmp->pub.ies))) { 707 spin_unlock_bh(&rdev->bss_lock); 708 return NULL; 709 } 710 711 found = rb_find_bss(rdev, tmp, BSS_CMP_REGULAR); 712 713 if (found) { 714 /* Update IEs */ 715 if (rcu_access_pointer(tmp->pub.proberesp_ies)) { 716 const struct cfg80211_bss_ies *old; 717 718 old = rcu_access_pointer(found->pub.proberesp_ies); 719 720 rcu_assign_pointer(found->pub.proberesp_ies, 721 tmp->pub.proberesp_ies); 722 /* Override possible earlier Beacon frame IEs */ 723 rcu_assign_pointer(found->pub.ies, 724 tmp->pub.proberesp_ies); 725 if (old) 726 kfree_rcu((struct cfg80211_bss_ies *)old, 727 rcu_head); 728 } else if (rcu_access_pointer(tmp->pub.beacon_ies)) { 729 const struct cfg80211_bss_ies *old; 730 struct cfg80211_internal_bss *bss; 731 732 if (found->pub.hidden_beacon_bss && 733 !list_empty(&found->hidden_list)) { 734 const struct cfg80211_bss_ies *f; 735 736 /* 737 * The found BSS struct is one of the probe 738 * response members of a group, but we're 739 * receiving a beacon (beacon_ies in the tmp 740 * bss is used). This can only mean that the 741 * AP changed its beacon from not having an 742 * SSID to showing it, which is confusing so 743 * drop this information. 744 */ 745 746 f = rcu_access_pointer(tmp->pub.beacon_ies); 747 kfree_rcu((struct cfg80211_bss_ies *)f, 748 rcu_head); 749 goto drop; 750 } 751 752 old = rcu_access_pointer(found->pub.beacon_ies); 753 754 rcu_assign_pointer(found->pub.beacon_ies, 755 tmp->pub.beacon_ies); 756 757 /* Override IEs if they were from a beacon before */ 758 if (old == rcu_access_pointer(found->pub.ies)) 759 rcu_assign_pointer(found->pub.ies, 760 tmp->pub.beacon_ies); 761 762 /* Assign beacon IEs to all sub entries */ 763 list_for_each_entry(bss, &found->hidden_list, 764 hidden_list) { 765 const struct cfg80211_bss_ies *ies; 766 767 ies = rcu_access_pointer(bss->pub.beacon_ies); 768 WARN_ON(ies != old); 769 770 rcu_assign_pointer(bss->pub.beacon_ies, 771 tmp->pub.beacon_ies); 772 } 773 774 if (old) 775 kfree_rcu((struct cfg80211_bss_ies *)old, 776 rcu_head); 777 } 778 779 found->pub.beacon_interval = tmp->pub.beacon_interval; 780 /* 781 * don't update the signal if beacon was heard on 782 * adjacent channel. 783 */ 784 if (signal_valid) 785 found->pub.signal = tmp->pub.signal; 786 found->pub.capability = tmp->pub.capability; 787 found->ts = tmp->ts; 788 } else { 789 struct cfg80211_internal_bss *new; 790 struct cfg80211_internal_bss *hidden; 791 struct cfg80211_bss_ies *ies; 792 793 /* 794 * create a copy -- the "res" variable that is passed in 795 * is allocated on the stack since it's not needed in the 796 * more common case of an update 797 */ 798 new = kzalloc(sizeof(*new) + rdev->wiphy.bss_priv_size, 799 GFP_ATOMIC); 800 if (!new) { 801 ies = (void *)rcu_dereference(tmp->pub.beacon_ies); 802 if (ies) 803 kfree_rcu(ies, rcu_head); 804 ies = (void *)rcu_dereference(tmp->pub.proberesp_ies); 805 if (ies) 806 kfree_rcu(ies, rcu_head); 807 goto drop; 808 } 809 memcpy(new, tmp, sizeof(*new)); 810 new->refcount = 1; 811 INIT_LIST_HEAD(&new->hidden_list); 812 813 if (rcu_access_pointer(tmp->pub.proberesp_ies)) { 814 hidden = rb_find_bss(rdev, tmp, BSS_CMP_HIDE_ZLEN); 815 if (!hidden) 816 hidden = rb_find_bss(rdev, tmp, 817 BSS_CMP_HIDE_NUL); 818 if (hidden) { 819 new->pub.hidden_beacon_bss = &hidden->pub; 820 list_add(&new->hidden_list, 821 &hidden->hidden_list); 822 hidden->refcount++; 823 rcu_assign_pointer(new->pub.beacon_ies, 824 hidden->pub.beacon_ies); 825 } 826 } else { 827 /* 828 * Ok so we found a beacon, and don't have an entry. If 829 * it's a beacon with hidden SSID, we might be in for an 830 * expensive search for any probe responses that should 831 * be grouped with this beacon for updates ... 832 */ 833 if (!cfg80211_combine_bsses(rdev, new)) { 834 kfree(new); 835 goto drop; 836 } 837 } 838 839 list_add_tail(&new->list, &rdev->bss_list); 840 rb_insert_bss(rdev, new); 841 found = new; 842 } 843 844 rdev->bss_generation++; 845 bss_ref_get(rdev, found); 846 spin_unlock_bh(&rdev->bss_lock); 847 848 return found; 849 drop: 850 spin_unlock_bh(&rdev->bss_lock); 851 return NULL; 852 } 853 854 static struct ieee80211_channel * 855 cfg80211_get_bss_channel(struct wiphy *wiphy, const u8 *ie, size_t ielen, 856 struct ieee80211_channel *channel) 857 { 858 const u8 *tmp; 859 u32 freq; 860 int channel_number = -1; 861 862 tmp = cfg80211_find_ie(WLAN_EID_DS_PARAMS, ie, ielen); 863 if (tmp && tmp[1] == 1) { 864 channel_number = tmp[2]; 865 } else { 866 tmp = cfg80211_find_ie(WLAN_EID_HT_OPERATION, ie, ielen); 867 if (tmp && tmp[1] >= sizeof(struct ieee80211_ht_operation)) { 868 struct ieee80211_ht_operation *htop = (void *)(tmp + 2); 869 870 channel_number = htop->primary_chan; 871 } 872 } 873 874 if (channel_number < 0) 875 return channel; 876 877 freq = ieee80211_channel_to_frequency(channel_number, channel->band); 878 channel = ieee80211_get_channel(wiphy, freq); 879 if (!channel) 880 return NULL; 881 if (channel->flags & IEEE80211_CHAN_DISABLED) 882 return NULL; 883 return channel; 884 } 885 886 /* Returned bss is reference counted and must be cleaned up appropriately. */ 887 struct cfg80211_bss* 888 cfg80211_inform_bss_width(struct wiphy *wiphy, 889 struct ieee80211_channel *rx_channel, 890 enum nl80211_bss_scan_width scan_width, 891 enum cfg80211_bss_frame_type ftype, 892 const u8 *bssid, u64 tsf, u16 capability, 893 u16 beacon_interval, const u8 *ie, size_t ielen, 894 s32 signal, gfp_t gfp) 895 { 896 struct cfg80211_bss_ies *ies; 897 struct ieee80211_channel *channel; 898 struct cfg80211_internal_bss tmp = {}, *res; 899 bool signal_valid; 900 901 if (WARN_ON(!wiphy)) 902 return NULL; 903 904 if (WARN_ON(wiphy->signal_type == CFG80211_SIGNAL_TYPE_UNSPEC && 905 (signal < 0 || signal > 100))) 906 return NULL; 907 908 channel = cfg80211_get_bss_channel(wiphy, ie, ielen, rx_channel); 909 if (!channel) 910 return NULL; 911 912 memcpy(tmp.pub.bssid, bssid, ETH_ALEN); 913 tmp.pub.channel = channel; 914 tmp.pub.scan_width = scan_width; 915 tmp.pub.signal = signal; 916 tmp.pub.beacon_interval = beacon_interval; 917 tmp.pub.capability = capability; 918 /* 919 * If we do not know here whether the IEs are from a Beacon or Probe 920 * Response frame, we need to pick one of the options and only use it 921 * with the driver that does not provide the full Beacon/Probe Response 922 * frame. Use Beacon frame pointer to avoid indicating that this should 923 * override the IEs pointer should we have received an earlier 924 * indication of Probe Response data. 925 */ 926 ies = kzalloc(sizeof(*ies) + ielen, gfp); 927 if (!ies) 928 return NULL; 929 ies->len = ielen; 930 ies->tsf = tsf; 931 ies->from_beacon = false; 932 memcpy(ies->data, ie, ielen); 933 934 switch (ftype) { 935 case CFG80211_BSS_FTYPE_BEACON: 936 ies->from_beacon = true; 937 /* fall through to assign */ 938 case CFG80211_BSS_FTYPE_UNKNOWN: 939 rcu_assign_pointer(tmp.pub.beacon_ies, ies); 940 break; 941 case CFG80211_BSS_FTYPE_PRESP: 942 rcu_assign_pointer(tmp.pub.proberesp_ies, ies); 943 break; 944 } 945 rcu_assign_pointer(tmp.pub.ies, ies); 946 947 signal_valid = abs(rx_channel->center_freq - channel->center_freq) <= 948 wiphy->max_adj_channel_rssi_comp; 949 res = cfg80211_bss_update(wiphy_to_rdev(wiphy), &tmp, signal_valid); 950 if (!res) 951 return NULL; 952 953 if (res->pub.capability & WLAN_CAPABILITY_ESS) 954 regulatory_hint_found_beacon(wiphy, channel, gfp); 955 956 trace_cfg80211_return_bss(&res->pub); 957 /* cfg80211_bss_update gives us a referenced result */ 958 return &res->pub; 959 } 960 EXPORT_SYMBOL(cfg80211_inform_bss_width); 961 962 /* Returned bss is reference counted and must be cleaned up appropriately. */ 963 struct cfg80211_bss * 964 cfg80211_inform_bss_width_frame(struct wiphy *wiphy, 965 struct ieee80211_channel *rx_channel, 966 enum nl80211_bss_scan_width scan_width, 967 struct ieee80211_mgmt *mgmt, size_t len, 968 s32 signal, gfp_t gfp) 969 { 970 struct cfg80211_internal_bss tmp = {}, *res; 971 struct cfg80211_bss_ies *ies; 972 struct ieee80211_channel *channel; 973 bool signal_valid; 974 size_t ielen = len - offsetof(struct ieee80211_mgmt, 975 u.probe_resp.variable); 976 977 BUILD_BUG_ON(offsetof(struct ieee80211_mgmt, u.probe_resp.variable) != 978 offsetof(struct ieee80211_mgmt, u.beacon.variable)); 979 980 trace_cfg80211_inform_bss_width_frame(wiphy, rx_channel, scan_width, mgmt, 981 len, signal); 982 983 if (WARN_ON(!mgmt)) 984 return NULL; 985 986 if (WARN_ON(!wiphy)) 987 return NULL; 988 989 if (WARN_ON(wiphy->signal_type == CFG80211_SIGNAL_TYPE_UNSPEC && 990 (signal < 0 || signal > 100))) 991 return NULL; 992 993 if (WARN_ON(len < offsetof(struct ieee80211_mgmt, u.probe_resp.variable))) 994 return NULL; 995 996 channel = cfg80211_get_bss_channel(wiphy, mgmt->u.beacon.variable, 997 ielen, rx_channel); 998 if (!channel) 999 return NULL; 1000 1001 ies = kzalloc(sizeof(*ies) + ielen, gfp); 1002 if (!ies) 1003 return NULL; 1004 ies->len = ielen; 1005 ies->tsf = le64_to_cpu(mgmt->u.probe_resp.timestamp); 1006 ies->from_beacon = ieee80211_is_beacon(mgmt->frame_control); 1007 memcpy(ies->data, mgmt->u.probe_resp.variable, ielen); 1008 1009 if (ieee80211_is_probe_resp(mgmt->frame_control)) 1010 rcu_assign_pointer(tmp.pub.proberesp_ies, ies); 1011 else 1012 rcu_assign_pointer(tmp.pub.beacon_ies, ies); 1013 rcu_assign_pointer(tmp.pub.ies, ies); 1014 1015 memcpy(tmp.pub.bssid, mgmt->bssid, ETH_ALEN); 1016 tmp.pub.channel = channel; 1017 tmp.pub.scan_width = scan_width; 1018 tmp.pub.signal = signal; 1019 tmp.pub.beacon_interval = le16_to_cpu(mgmt->u.probe_resp.beacon_int); 1020 tmp.pub.capability = le16_to_cpu(mgmt->u.probe_resp.capab_info); 1021 1022 signal_valid = abs(rx_channel->center_freq - channel->center_freq) <= 1023 wiphy->max_adj_channel_rssi_comp; 1024 res = cfg80211_bss_update(wiphy_to_rdev(wiphy), &tmp, signal_valid); 1025 if (!res) 1026 return NULL; 1027 1028 if (res->pub.capability & WLAN_CAPABILITY_ESS) 1029 regulatory_hint_found_beacon(wiphy, channel, gfp); 1030 1031 trace_cfg80211_return_bss(&res->pub); 1032 /* cfg80211_bss_update gives us a referenced result */ 1033 return &res->pub; 1034 } 1035 EXPORT_SYMBOL(cfg80211_inform_bss_width_frame); 1036 1037 void cfg80211_ref_bss(struct wiphy *wiphy, struct cfg80211_bss *pub) 1038 { 1039 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 1040 struct cfg80211_internal_bss *bss; 1041 1042 if (!pub) 1043 return; 1044 1045 bss = container_of(pub, struct cfg80211_internal_bss, pub); 1046 1047 spin_lock_bh(&rdev->bss_lock); 1048 bss_ref_get(rdev, bss); 1049 spin_unlock_bh(&rdev->bss_lock); 1050 } 1051 EXPORT_SYMBOL(cfg80211_ref_bss); 1052 1053 void cfg80211_put_bss(struct wiphy *wiphy, struct cfg80211_bss *pub) 1054 { 1055 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 1056 struct cfg80211_internal_bss *bss; 1057 1058 if (!pub) 1059 return; 1060 1061 bss = container_of(pub, struct cfg80211_internal_bss, pub); 1062 1063 spin_lock_bh(&rdev->bss_lock); 1064 bss_ref_put(rdev, bss); 1065 spin_unlock_bh(&rdev->bss_lock); 1066 } 1067 EXPORT_SYMBOL(cfg80211_put_bss); 1068 1069 void cfg80211_unlink_bss(struct wiphy *wiphy, struct cfg80211_bss *pub) 1070 { 1071 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 1072 struct cfg80211_internal_bss *bss; 1073 1074 if (WARN_ON(!pub)) 1075 return; 1076 1077 bss = container_of(pub, struct cfg80211_internal_bss, pub); 1078 1079 spin_lock_bh(&rdev->bss_lock); 1080 if (!list_empty(&bss->list)) { 1081 if (__cfg80211_unlink_bss(rdev, bss)) 1082 rdev->bss_generation++; 1083 } 1084 spin_unlock_bh(&rdev->bss_lock); 1085 } 1086 EXPORT_SYMBOL(cfg80211_unlink_bss); 1087 1088 #ifdef CONFIG_CFG80211_WEXT 1089 static struct cfg80211_registered_device * 1090 cfg80211_get_dev_from_ifindex(struct net *net, int ifindex) 1091 { 1092 struct cfg80211_registered_device *rdev; 1093 struct net_device *dev; 1094 1095 ASSERT_RTNL(); 1096 1097 dev = dev_get_by_index(net, ifindex); 1098 if (!dev) 1099 return ERR_PTR(-ENODEV); 1100 if (dev->ieee80211_ptr) 1101 rdev = wiphy_to_rdev(dev->ieee80211_ptr->wiphy); 1102 else 1103 rdev = ERR_PTR(-ENODEV); 1104 dev_put(dev); 1105 return rdev; 1106 } 1107 1108 int cfg80211_wext_siwscan(struct net_device *dev, 1109 struct iw_request_info *info, 1110 union iwreq_data *wrqu, char *extra) 1111 { 1112 struct cfg80211_registered_device *rdev; 1113 struct wiphy *wiphy; 1114 struct iw_scan_req *wreq = NULL; 1115 struct cfg80211_scan_request *creq = NULL; 1116 int i, err, n_channels = 0; 1117 enum ieee80211_band band; 1118 1119 if (!netif_running(dev)) 1120 return -ENETDOWN; 1121 1122 if (wrqu->data.length == sizeof(struct iw_scan_req)) 1123 wreq = (struct iw_scan_req *)extra; 1124 1125 rdev = cfg80211_get_dev_from_ifindex(dev_net(dev), dev->ifindex); 1126 1127 if (IS_ERR(rdev)) 1128 return PTR_ERR(rdev); 1129 1130 if (rdev->scan_req || rdev->scan_msg) { 1131 err = -EBUSY; 1132 goto out; 1133 } 1134 1135 wiphy = &rdev->wiphy; 1136 1137 /* Determine number of channels, needed to allocate creq */ 1138 if (wreq && wreq->num_channels) 1139 n_channels = wreq->num_channels; 1140 else 1141 n_channels = ieee80211_get_num_supported_channels(wiphy); 1142 1143 creq = kzalloc(sizeof(*creq) + sizeof(struct cfg80211_ssid) + 1144 n_channels * sizeof(void *), 1145 GFP_ATOMIC); 1146 if (!creq) { 1147 err = -ENOMEM; 1148 goto out; 1149 } 1150 1151 creq->wiphy = wiphy; 1152 creq->wdev = dev->ieee80211_ptr; 1153 /* SSIDs come after channels */ 1154 creq->ssids = (void *)&creq->channels[n_channels]; 1155 creq->n_channels = n_channels; 1156 creq->n_ssids = 1; 1157 creq->scan_start = jiffies; 1158 1159 /* translate "Scan on frequencies" request */ 1160 i = 0; 1161 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 1162 int j; 1163 1164 if (!wiphy->bands[band]) 1165 continue; 1166 1167 for (j = 0; j < wiphy->bands[band]->n_channels; j++) { 1168 /* ignore disabled channels */ 1169 if (wiphy->bands[band]->channels[j].flags & 1170 IEEE80211_CHAN_DISABLED) 1171 continue; 1172 1173 /* If we have a wireless request structure and the 1174 * wireless request specifies frequencies, then search 1175 * for the matching hardware channel. 1176 */ 1177 if (wreq && wreq->num_channels) { 1178 int k; 1179 int wiphy_freq = wiphy->bands[band]->channels[j].center_freq; 1180 for (k = 0; k < wreq->num_channels; k++) { 1181 struct iw_freq *freq = 1182 &wreq->channel_list[k]; 1183 int wext_freq = 1184 cfg80211_wext_freq(freq); 1185 1186 if (wext_freq == wiphy_freq) 1187 goto wext_freq_found; 1188 } 1189 goto wext_freq_not_found; 1190 } 1191 1192 wext_freq_found: 1193 creq->channels[i] = &wiphy->bands[band]->channels[j]; 1194 i++; 1195 wext_freq_not_found: ; 1196 } 1197 } 1198 /* No channels found? */ 1199 if (!i) { 1200 err = -EINVAL; 1201 goto out; 1202 } 1203 1204 /* Set real number of channels specified in creq->channels[] */ 1205 creq->n_channels = i; 1206 1207 /* translate "Scan for SSID" request */ 1208 if (wreq) { 1209 if (wrqu->data.flags & IW_SCAN_THIS_ESSID) { 1210 if (wreq->essid_len > IEEE80211_MAX_SSID_LEN) { 1211 err = -EINVAL; 1212 goto out; 1213 } 1214 memcpy(creq->ssids[0].ssid, wreq->essid, wreq->essid_len); 1215 creq->ssids[0].ssid_len = wreq->essid_len; 1216 } 1217 if (wreq->scan_type == IW_SCAN_TYPE_PASSIVE) 1218 creq->n_ssids = 0; 1219 } 1220 1221 for (i = 0; i < IEEE80211_NUM_BANDS; i++) 1222 if (wiphy->bands[i]) 1223 creq->rates[i] = (1 << wiphy->bands[i]->n_bitrates) - 1; 1224 1225 rdev->scan_req = creq; 1226 err = rdev_scan(rdev, creq); 1227 if (err) { 1228 rdev->scan_req = NULL; 1229 /* creq will be freed below */ 1230 } else { 1231 nl80211_send_scan_start(rdev, dev->ieee80211_ptr); 1232 /* creq now owned by driver */ 1233 creq = NULL; 1234 dev_hold(dev); 1235 } 1236 out: 1237 kfree(creq); 1238 return err; 1239 } 1240 EXPORT_SYMBOL_GPL(cfg80211_wext_siwscan); 1241 1242 static void ieee80211_scan_add_ies(struct iw_request_info *info, 1243 const struct cfg80211_bss_ies *ies, 1244 char **current_ev, char *end_buf) 1245 { 1246 const u8 *pos, *end, *next; 1247 struct iw_event iwe; 1248 1249 if (!ies) 1250 return; 1251 1252 /* 1253 * If needed, fragment the IEs buffer (at IE boundaries) into short 1254 * enough fragments to fit into IW_GENERIC_IE_MAX octet messages. 1255 */ 1256 pos = ies->data; 1257 end = pos + ies->len; 1258 1259 while (end - pos > IW_GENERIC_IE_MAX) { 1260 next = pos + 2 + pos[1]; 1261 while (next + 2 + next[1] - pos < IW_GENERIC_IE_MAX) 1262 next = next + 2 + next[1]; 1263 1264 memset(&iwe, 0, sizeof(iwe)); 1265 iwe.cmd = IWEVGENIE; 1266 iwe.u.data.length = next - pos; 1267 *current_ev = iwe_stream_add_point(info, *current_ev, 1268 end_buf, &iwe, 1269 (void *)pos); 1270 1271 pos = next; 1272 } 1273 1274 if (end > pos) { 1275 memset(&iwe, 0, sizeof(iwe)); 1276 iwe.cmd = IWEVGENIE; 1277 iwe.u.data.length = end - pos; 1278 *current_ev = iwe_stream_add_point(info, *current_ev, 1279 end_buf, &iwe, 1280 (void *)pos); 1281 } 1282 } 1283 1284 static char * 1285 ieee80211_bss(struct wiphy *wiphy, struct iw_request_info *info, 1286 struct cfg80211_internal_bss *bss, char *current_ev, 1287 char *end_buf) 1288 { 1289 const struct cfg80211_bss_ies *ies; 1290 struct iw_event iwe; 1291 const u8 *ie; 1292 u8 *buf, *cfg, *p; 1293 int rem, i, sig; 1294 bool ismesh = false; 1295 1296 memset(&iwe, 0, sizeof(iwe)); 1297 iwe.cmd = SIOCGIWAP; 1298 iwe.u.ap_addr.sa_family = ARPHRD_ETHER; 1299 memcpy(iwe.u.ap_addr.sa_data, bss->pub.bssid, ETH_ALEN); 1300 current_ev = iwe_stream_add_event(info, current_ev, end_buf, &iwe, 1301 IW_EV_ADDR_LEN); 1302 1303 memset(&iwe, 0, sizeof(iwe)); 1304 iwe.cmd = SIOCGIWFREQ; 1305 iwe.u.freq.m = ieee80211_frequency_to_channel(bss->pub.channel->center_freq); 1306 iwe.u.freq.e = 0; 1307 current_ev = iwe_stream_add_event(info, current_ev, end_buf, &iwe, 1308 IW_EV_FREQ_LEN); 1309 1310 memset(&iwe, 0, sizeof(iwe)); 1311 iwe.cmd = SIOCGIWFREQ; 1312 iwe.u.freq.m = bss->pub.channel->center_freq; 1313 iwe.u.freq.e = 6; 1314 current_ev = iwe_stream_add_event(info, current_ev, end_buf, &iwe, 1315 IW_EV_FREQ_LEN); 1316 1317 if (wiphy->signal_type != CFG80211_SIGNAL_TYPE_NONE) { 1318 memset(&iwe, 0, sizeof(iwe)); 1319 iwe.cmd = IWEVQUAL; 1320 iwe.u.qual.updated = IW_QUAL_LEVEL_UPDATED | 1321 IW_QUAL_NOISE_INVALID | 1322 IW_QUAL_QUAL_UPDATED; 1323 switch (wiphy->signal_type) { 1324 case CFG80211_SIGNAL_TYPE_MBM: 1325 sig = bss->pub.signal / 100; 1326 iwe.u.qual.level = sig; 1327 iwe.u.qual.updated |= IW_QUAL_DBM; 1328 if (sig < -110) /* rather bad */ 1329 sig = -110; 1330 else if (sig > -40) /* perfect */ 1331 sig = -40; 1332 /* will give a range of 0 .. 70 */ 1333 iwe.u.qual.qual = sig + 110; 1334 break; 1335 case CFG80211_SIGNAL_TYPE_UNSPEC: 1336 iwe.u.qual.level = bss->pub.signal; 1337 /* will give range 0 .. 100 */ 1338 iwe.u.qual.qual = bss->pub.signal; 1339 break; 1340 default: 1341 /* not reached */ 1342 break; 1343 } 1344 current_ev = iwe_stream_add_event(info, current_ev, end_buf, 1345 &iwe, IW_EV_QUAL_LEN); 1346 } 1347 1348 memset(&iwe, 0, sizeof(iwe)); 1349 iwe.cmd = SIOCGIWENCODE; 1350 if (bss->pub.capability & WLAN_CAPABILITY_PRIVACY) 1351 iwe.u.data.flags = IW_ENCODE_ENABLED | IW_ENCODE_NOKEY; 1352 else 1353 iwe.u.data.flags = IW_ENCODE_DISABLED; 1354 iwe.u.data.length = 0; 1355 current_ev = iwe_stream_add_point(info, current_ev, end_buf, 1356 &iwe, ""); 1357 1358 rcu_read_lock(); 1359 ies = rcu_dereference(bss->pub.ies); 1360 rem = ies->len; 1361 ie = ies->data; 1362 1363 while (rem >= 2) { 1364 /* invalid data */ 1365 if (ie[1] > rem - 2) 1366 break; 1367 1368 switch (ie[0]) { 1369 case WLAN_EID_SSID: 1370 memset(&iwe, 0, sizeof(iwe)); 1371 iwe.cmd = SIOCGIWESSID; 1372 iwe.u.data.length = ie[1]; 1373 iwe.u.data.flags = 1; 1374 current_ev = iwe_stream_add_point(info, current_ev, end_buf, 1375 &iwe, (u8 *)ie + 2); 1376 break; 1377 case WLAN_EID_MESH_ID: 1378 memset(&iwe, 0, sizeof(iwe)); 1379 iwe.cmd = SIOCGIWESSID; 1380 iwe.u.data.length = ie[1]; 1381 iwe.u.data.flags = 1; 1382 current_ev = iwe_stream_add_point(info, current_ev, end_buf, 1383 &iwe, (u8 *)ie + 2); 1384 break; 1385 case WLAN_EID_MESH_CONFIG: 1386 ismesh = true; 1387 if (ie[1] != sizeof(struct ieee80211_meshconf_ie)) 1388 break; 1389 buf = kmalloc(50, GFP_ATOMIC); 1390 if (!buf) 1391 break; 1392 cfg = (u8 *)ie + 2; 1393 memset(&iwe, 0, sizeof(iwe)); 1394 iwe.cmd = IWEVCUSTOM; 1395 sprintf(buf, "Mesh Network Path Selection Protocol ID: " 1396 "0x%02X", cfg[0]); 1397 iwe.u.data.length = strlen(buf); 1398 current_ev = iwe_stream_add_point(info, current_ev, 1399 end_buf, 1400 &iwe, buf); 1401 sprintf(buf, "Path Selection Metric ID: 0x%02X", 1402 cfg[1]); 1403 iwe.u.data.length = strlen(buf); 1404 current_ev = iwe_stream_add_point(info, current_ev, 1405 end_buf, 1406 &iwe, buf); 1407 sprintf(buf, "Congestion Control Mode ID: 0x%02X", 1408 cfg[2]); 1409 iwe.u.data.length = strlen(buf); 1410 current_ev = iwe_stream_add_point(info, current_ev, 1411 end_buf, 1412 &iwe, buf); 1413 sprintf(buf, "Synchronization ID: 0x%02X", cfg[3]); 1414 iwe.u.data.length = strlen(buf); 1415 current_ev = iwe_stream_add_point(info, current_ev, 1416 end_buf, 1417 &iwe, buf); 1418 sprintf(buf, "Authentication ID: 0x%02X", cfg[4]); 1419 iwe.u.data.length = strlen(buf); 1420 current_ev = iwe_stream_add_point(info, current_ev, 1421 end_buf, 1422 &iwe, buf); 1423 sprintf(buf, "Formation Info: 0x%02X", cfg[5]); 1424 iwe.u.data.length = strlen(buf); 1425 current_ev = iwe_stream_add_point(info, current_ev, 1426 end_buf, 1427 &iwe, buf); 1428 sprintf(buf, "Capabilities: 0x%02X", cfg[6]); 1429 iwe.u.data.length = strlen(buf); 1430 current_ev = iwe_stream_add_point(info, current_ev, 1431 end_buf, 1432 &iwe, buf); 1433 kfree(buf); 1434 break; 1435 case WLAN_EID_SUPP_RATES: 1436 case WLAN_EID_EXT_SUPP_RATES: 1437 /* display all supported rates in readable format */ 1438 p = current_ev + iwe_stream_lcp_len(info); 1439 1440 memset(&iwe, 0, sizeof(iwe)); 1441 iwe.cmd = SIOCGIWRATE; 1442 /* Those two flags are ignored... */ 1443 iwe.u.bitrate.fixed = iwe.u.bitrate.disabled = 0; 1444 1445 for (i = 0; i < ie[1]; i++) { 1446 iwe.u.bitrate.value = 1447 ((ie[i + 2] & 0x7f) * 500000); 1448 p = iwe_stream_add_value(info, current_ev, p, 1449 end_buf, &iwe, IW_EV_PARAM_LEN); 1450 } 1451 current_ev = p; 1452 break; 1453 } 1454 rem -= ie[1] + 2; 1455 ie += ie[1] + 2; 1456 } 1457 1458 if (bss->pub.capability & (WLAN_CAPABILITY_ESS | WLAN_CAPABILITY_IBSS) || 1459 ismesh) { 1460 memset(&iwe, 0, sizeof(iwe)); 1461 iwe.cmd = SIOCGIWMODE; 1462 if (ismesh) 1463 iwe.u.mode = IW_MODE_MESH; 1464 else if (bss->pub.capability & WLAN_CAPABILITY_ESS) 1465 iwe.u.mode = IW_MODE_MASTER; 1466 else 1467 iwe.u.mode = IW_MODE_ADHOC; 1468 current_ev = iwe_stream_add_event(info, current_ev, end_buf, 1469 &iwe, IW_EV_UINT_LEN); 1470 } 1471 1472 buf = kmalloc(31, GFP_ATOMIC); 1473 if (buf) { 1474 memset(&iwe, 0, sizeof(iwe)); 1475 iwe.cmd = IWEVCUSTOM; 1476 sprintf(buf, "tsf=%016llx", (unsigned long long)(ies->tsf)); 1477 iwe.u.data.length = strlen(buf); 1478 current_ev = iwe_stream_add_point(info, current_ev, end_buf, 1479 &iwe, buf); 1480 memset(&iwe, 0, sizeof(iwe)); 1481 iwe.cmd = IWEVCUSTOM; 1482 sprintf(buf, " Last beacon: %ums ago", 1483 elapsed_jiffies_msecs(bss->ts)); 1484 iwe.u.data.length = strlen(buf); 1485 current_ev = iwe_stream_add_point(info, current_ev, 1486 end_buf, &iwe, buf); 1487 kfree(buf); 1488 } 1489 1490 ieee80211_scan_add_ies(info, ies, ¤t_ev, end_buf); 1491 rcu_read_unlock(); 1492 1493 return current_ev; 1494 } 1495 1496 1497 static int ieee80211_scan_results(struct cfg80211_registered_device *rdev, 1498 struct iw_request_info *info, 1499 char *buf, size_t len) 1500 { 1501 char *current_ev = buf; 1502 char *end_buf = buf + len; 1503 struct cfg80211_internal_bss *bss; 1504 1505 spin_lock_bh(&rdev->bss_lock); 1506 cfg80211_bss_expire(rdev); 1507 1508 list_for_each_entry(bss, &rdev->bss_list, list) { 1509 if (buf + len - current_ev <= IW_EV_ADDR_LEN) { 1510 spin_unlock_bh(&rdev->bss_lock); 1511 return -E2BIG; 1512 } 1513 current_ev = ieee80211_bss(&rdev->wiphy, info, bss, 1514 current_ev, end_buf); 1515 } 1516 spin_unlock_bh(&rdev->bss_lock); 1517 return current_ev - buf; 1518 } 1519 1520 1521 int cfg80211_wext_giwscan(struct net_device *dev, 1522 struct iw_request_info *info, 1523 struct iw_point *data, char *extra) 1524 { 1525 struct cfg80211_registered_device *rdev; 1526 int res; 1527 1528 if (!netif_running(dev)) 1529 return -ENETDOWN; 1530 1531 rdev = cfg80211_get_dev_from_ifindex(dev_net(dev), dev->ifindex); 1532 1533 if (IS_ERR(rdev)) 1534 return PTR_ERR(rdev); 1535 1536 if (rdev->scan_req || rdev->scan_msg) 1537 return -EAGAIN; 1538 1539 res = ieee80211_scan_results(rdev, info, extra, data->length); 1540 data->length = 0; 1541 if (res >= 0) { 1542 data->length = res; 1543 res = 0; 1544 } 1545 1546 return res; 1547 } 1548 EXPORT_SYMBOL_GPL(cfg80211_wext_giwscan); 1549 #endif 1550