1 /* 2 * cfg80211 scan result handling 3 * 4 * Copyright 2008 Johannes Berg <johannes@sipsolutions.net> 5 * Copyright 2013-2014 Intel Mobile Communications GmbH 6 * Copyright 2016 Intel Deutschland GmbH 7 */ 8 #include <linux/kernel.h> 9 #include <linux/slab.h> 10 #include <linux/module.h> 11 #include <linux/netdevice.h> 12 #include <linux/wireless.h> 13 #include <linux/nl80211.h> 14 #include <linux/etherdevice.h> 15 #include <net/arp.h> 16 #include <net/cfg80211.h> 17 #include <net/cfg80211-wext.h> 18 #include <net/iw_handler.h> 19 #include "core.h" 20 #include "nl80211.h" 21 #include "wext-compat.h" 22 #include "rdev-ops.h" 23 24 /** 25 * DOC: BSS tree/list structure 26 * 27 * At the top level, the BSS list is kept in both a list in each 28 * registered device (@bss_list) as well as an RB-tree for faster 29 * lookup. In the RB-tree, entries can be looked up using their 30 * channel, MESHID, MESHCONF (for MBSSes) or channel, BSSID, SSID 31 * for other BSSes. 32 * 33 * Due to the possibility of hidden SSIDs, there's a second level 34 * structure, the "hidden_list" and "hidden_beacon_bss" pointer. 35 * The hidden_list connects all BSSes belonging to a single AP 36 * that has a hidden SSID, and connects beacon and probe response 37 * entries. For a probe response entry for a hidden SSID, the 38 * hidden_beacon_bss pointer points to the BSS struct holding the 39 * beacon's information. 40 * 41 * Reference counting is done for all these references except for 42 * the hidden_list, so that a beacon BSS struct that is otherwise 43 * not referenced has one reference for being on the bss_list and 44 * one for each probe response entry that points to it using the 45 * hidden_beacon_bss pointer. When a BSS struct that has such a 46 * pointer is get/put, the refcount update is also propagated to 47 * the referenced struct, this ensure that it cannot get removed 48 * while somebody is using the probe response version. 49 * 50 * Note that the hidden_beacon_bss pointer never changes, due to 51 * the reference counting. Therefore, no locking is needed for 52 * it. 53 * 54 * Also note that the hidden_beacon_bss pointer is only relevant 55 * if the driver uses something other than the IEs, e.g. private 56 * data stored stored in the BSS struct, since the beacon IEs are 57 * also linked into the probe response struct. 58 */ 59 60 #define IEEE80211_SCAN_RESULT_EXPIRE (30 * HZ) 61 62 static void bss_free(struct cfg80211_internal_bss *bss) 63 { 64 struct cfg80211_bss_ies *ies; 65 66 if (WARN_ON(atomic_read(&bss->hold))) 67 return; 68 69 ies = (void *)rcu_access_pointer(bss->pub.beacon_ies); 70 if (ies && !bss->pub.hidden_beacon_bss) 71 kfree_rcu(ies, rcu_head); 72 ies = (void *)rcu_access_pointer(bss->pub.proberesp_ies); 73 if (ies) 74 kfree_rcu(ies, rcu_head); 75 76 /* 77 * This happens when the module is removed, it doesn't 78 * really matter any more save for completeness 79 */ 80 if (!list_empty(&bss->hidden_list)) 81 list_del(&bss->hidden_list); 82 83 kfree(bss); 84 } 85 86 static inline void bss_ref_get(struct cfg80211_registered_device *rdev, 87 struct cfg80211_internal_bss *bss) 88 { 89 lockdep_assert_held(&rdev->bss_lock); 90 91 bss->refcount++; 92 if (bss->pub.hidden_beacon_bss) { 93 bss = container_of(bss->pub.hidden_beacon_bss, 94 struct cfg80211_internal_bss, 95 pub); 96 bss->refcount++; 97 } 98 } 99 100 static inline void bss_ref_put(struct cfg80211_registered_device *rdev, 101 struct cfg80211_internal_bss *bss) 102 { 103 lockdep_assert_held(&rdev->bss_lock); 104 105 if (bss->pub.hidden_beacon_bss) { 106 struct cfg80211_internal_bss *hbss; 107 hbss = container_of(bss->pub.hidden_beacon_bss, 108 struct cfg80211_internal_bss, 109 pub); 110 hbss->refcount--; 111 if (hbss->refcount == 0) 112 bss_free(hbss); 113 } 114 bss->refcount--; 115 if (bss->refcount == 0) 116 bss_free(bss); 117 } 118 119 static bool __cfg80211_unlink_bss(struct cfg80211_registered_device *rdev, 120 struct cfg80211_internal_bss *bss) 121 { 122 lockdep_assert_held(&rdev->bss_lock); 123 124 if (!list_empty(&bss->hidden_list)) { 125 /* 126 * don't remove the beacon entry if it has 127 * probe responses associated with it 128 */ 129 if (!bss->pub.hidden_beacon_bss) 130 return false; 131 /* 132 * if it's a probe response entry break its 133 * link to the other entries in the group 134 */ 135 list_del_init(&bss->hidden_list); 136 } 137 138 list_del_init(&bss->list); 139 rb_erase(&bss->rbn, &rdev->bss_tree); 140 bss_ref_put(rdev, bss); 141 return true; 142 } 143 144 static void __cfg80211_bss_expire(struct cfg80211_registered_device *rdev, 145 unsigned long expire_time) 146 { 147 struct cfg80211_internal_bss *bss, *tmp; 148 bool expired = false; 149 150 lockdep_assert_held(&rdev->bss_lock); 151 152 list_for_each_entry_safe(bss, tmp, &rdev->bss_list, list) { 153 if (atomic_read(&bss->hold)) 154 continue; 155 if (!time_after(expire_time, bss->ts)) 156 continue; 157 158 if (__cfg80211_unlink_bss(rdev, bss)) 159 expired = true; 160 } 161 162 if (expired) 163 rdev->bss_generation++; 164 } 165 166 void ___cfg80211_scan_done(struct cfg80211_registered_device *rdev, 167 bool send_message) 168 { 169 struct cfg80211_scan_request *request; 170 struct wireless_dev *wdev; 171 struct sk_buff *msg; 172 #ifdef CONFIG_CFG80211_WEXT 173 union iwreq_data wrqu; 174 #endif 175 176 ASSERT_RTNL(); 177 178 if (rdev->scan_msg) { 179 nl80211_send_scan_result(rdev, rdev->scan_msg); 180 rdev->scan_msg = NULL; 181 return; 182 } 183 184 request = rdev->scan_req; 185 if (!request) 186 return; 187 188 wdev = request->wdev; 189 190 /* 191 * This must be before sending the other events! 192 * Otherwise, wpa_supplicant gets completely confused with 193 * wext events. 194 */ 195 if (wdev->netdev) 196 cfg80211_sme_scan_done(wdev->netdev); 197 198 if (!request->info.aborted && 199 request->flags & NL80211_SCAN_FLAG_FLUSH) { 200 /* flush entries from previous scans */ 201 spin_lock_bh(&rdev->bss_lock); 202 __cfg80211_bss_expire(rdev, request->scan_start); 203 spin_unlock_bh(&rdev->bss_lock); 204 } 205 206 msg = nl80211_build_scan_msg(rdev, wdev, request->info.aborted); 207 208 #ifdef CONFIG_CFG80211_WEXT 209 if (wdev->netdev && !request->info.aborted) { 210 memset(&wrqu, 0, sizeof(wrqu)); 211 212 wireless_send_event(wdev->netdev, SIOCGIWSCAN, &wrqu, NULL); 213 } 214 #endif 215 216 if (wdev->netdev) 217 dev_put(wdev->netdev); 218 219 rdev->scan_req = NULL; 220 kfree(request); 221 222 if (!send_message) 223 rdev->scan_msg = msg; 224 else 225 nl80211_send_scan_result(rdev, msg); 226 } 227 228 void __cfg80211_scan_done(struct work_struct *wk) 229 { 230 struct cfg80211_registered_device *rdev; 231 232 rdev = container_of(wk, struct cfg80211_registered_device, 233 scan_done_wk); 234 235 rtnl_lock(); 236 ___cfg80211_scan_done(rdev, true); 237 rtnl_unlock(); 238 } 239 240 void cfg80211_scan_done(struct cfg80211_scan_request *request, 241 struct cfg80211_scan_info *info) 242 { 243 trace_cfg80211_scan_done(request, info); 244 WARN_ON(request != wiphy_to_rdev(request->wiphy)->scan_req); 245 246 request->info = *info; 247 request->notified = true; 248 queue_work(cfg80211_wq, &wiphy_to_rdev(request->wiphy)->scan_done_wk); 249 } 250 EXPORT_SYMBOL(cfg80211_scan_done); 251 252 void __cfg80211_sched_scan_results(struct work_struct *wk) 253 { 254 struct cfg80211_registered_device *rdev; 255 struct cfg80211_sched_scan_request *request; 256 257 rdev = container_of(wk, struct cfg80211_registered_device, 258 sched_scan_results_wk); 259 260 rtnl_lock(); 261 262 request = rtnl_dereference(rdev->sched_scan_req); 263 264 /* we don't have sched_scan_req anymore if the scan is stopping */ 265 if (request) { 266 if (request->flags & NL80211_SCAN_FLAG_FLUSH) { 267 /* flush entries from previous scans */ 268 spin_lock_bh(&rdev->bss_lock); 269 __cfg80211_bss_expire(rdev, request->scan_start); 270 spin_unlock_bh(&rdev->bss_lock); 271 request->scan_start = jiffies; 272 } 273 nl80211_send_sched_scan_results(rdev, request->dev); 274 } 275 276 rtnl_unlock(); 277 } 278 279 void cfg80211_sched_scan_results(struct wiphy *wiphy) 280 { 281 trace_cfg80211_sched_scan_results(wiphy); 282 /* ignore if we're not scanning */ 283 284 if (rcu_access_pointer(wiphy_to_rdev(wiphy)->sched_scan_req)) 285 queue_work(cfg80211_wq, 286 &wiphy_to_rdev(wiphy)->sched_scan_results_wk); 287 } 288 EXPORT_SYMBOL(cfg80211_sched_scan_results); 289 290 void cfg80211_sched_scan_stopped_rtnl(struct wiphy *wiphy) 291 { 292 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 293 294 ASSERT_RTNL(); 295 296 trace_cfg80211_sched_scan_stopped(wiphy); 297 298 __cfg80211_stop_sched_scan(rdev, true); 299 } 300 EXPORT_SYMBOL(cfg80211_sched_scan_stopped_rtnl); 301 302 void cfg80211_sched_scan_stopped(struct wiphy *wiphy) 303 { 304 rtnl_lock(); 305 cfg80211_sched_scan_stopped_rtnl(wiphy); 306 rtnl_unlock(); 307 } 308 EXPORT_SYMBOL(cfg80211_sched_scan_stopped); 309 310 int __cfg80211_stop_sched_scan(struct cfg80211_registered_device *rdev, 311 bool driver_initiated) 312 { 313 struct cfg80211_sched_scan_request *sched_scan_req; 314 struct net_device *dev; 315 316 ASSERT_RTNL(); 317 318 if (!rdev->sched_scan_req) 319 return -ENOENT; 320 321 sched_scan_req = rtnl_dereference(rdev->sched_scan_req); 322 dev = sched_scan_req->dev; 323 324 if (!driver_initiated) { 325 int err = rdev_sched_scan_stop(rdev, dev); 326 if (err) 327 return err; 328 } 329 330 nl80211_send_sched_scan(rdev, dev, NL80211_CMD_SCHED_SCAN_STOPPED); 331 332 RCU_INIT_POINTER(rdev->sched_scan_req, NULL); 333 kfree_rcu(sched_scan_req, rcu_head); 334 335 return 0; 336 } 337 338 void cfg80211_bss_age(struct cfg80211_registered_device *rdev, 339 unsigned long age_secs) 340 { 341 struct cfg80211_internal_bss *bss; 342 unsigned long age_jiffies = msecs_to_jiffies(age_secs * MSEC_PER_SEC); 343 344 spin_lock_bh(&rdev->bss_lock); 345 list_for_each_entry(bss, &rdev->bss_list, list) 346 bss->ts -= age_jiffies; 347 spin_unlock_bh(&rdev->bss_lock); 348 } 349 350 void cfg80211_bss_expire(struct cfg80211_registered_device *rdev) 351 { 352 __cfg80211_bss_expire(rdev, jiffies - IEEE80211_SCAN_RESULT_EXPIRE); 353 } 354 355 const u8 *cfg80211_find_ie_match(u8 eid, const u8 *ies, int len, 356 const u8 *match, int match_len, 357 int match_offset) 358 { 359 /* match_offset can't be smaller than 2, unless match_len is 360 * zero, in which case match_offset must be zero as well. 361 */ 362 if (WARN_ON((match_len && match_offset < 2) || 363 (!match_len && match_offset))) 364 return NULL; 365 366 while (len >= 2 && len >= ies[1] + 2) { 367 if ((ies[0] == eid) && 368 (ies[1] + 2 >= match_offset + match_len) && 369 !memcmp(ies + match_offset, match, match_len)) 370 return ies; 371 372 len -= ies[1] + 2; 373 ies += ies[1] + 2; 374 } 375 376 return NULL; 377 } 378 EXPORT_SYMBOL(cfg80211_find_ie_match); 379 380 const u8 *cfg80211_find_vendor_ie(unsigned int oui, int oui_type, 381 const u8 *ies, int len) 382 { 383 const u8 *ie; 384 u8 match[] = { oui >> 16, oui >> 8, oui, oui_type }; 385 int match_len = (oui_type < 0) ? 3 : sizeof(match); 386 387 if (WARN_ON(oui_type > 0xff)) 388 return NULL; 389 390 ie = cfg80211_find_ie_match(WLAN_EID_VENDOR_SPECIFIC, ies, len, 391 match, match_len, 2); 392 393 if (ie && (ie[1] < 4)) 394 return NULL; 395 396 return ie; 397 } 398 EXPORT_SYMBOL(cfg80211_find_vendor_ie); 399 400 static bool is_bss(struct cfg80211_bss *a, const u8 *bssid, 401 const u8 *ssid, size_t ssid_len) 402 { 403 const struct cfg80211_bss_ies *ies; 404 const u8 *ssidie; 405 406 if (bssid && !ether_addr_equal(a->bssid, bssid)) 407 return false; 408 409 if (!ssid) 410 return true; 411 412 ies = rcu_access_pointer(a->ies); 413 if (!ies) 414 return false; 415 ssidie = cfg80211_find_ie(WLAN_EID_SSID, ies->data, ies->len); 416 if (!ssidie) 417 return false; 418 if (ssidie[1] != ssid_len) 419 return false; 420 return memcmp(ssidie + 2, ssid, ssid_len) == 0; 421 } 422 423 /** 424 * enum bss_compare_mode - BSS compare mode 425 * @BSS_CMP_REGULAR: regular compare mode (for insertion and normal find) 426 * @BSS_CMP_HIDE_ZLEN: find hidden SSID with zero-length mode 427 * @BSS_CMP_HIDE_NUL: find hidden SSID with NUL-ed out mode 428 */ 429 enum bss_compare_mode { 430 BSS_CMP_REGULAR, 431 BSS_CMP_HIDE_ZLEN, 432 BSS_CMP_HIDE_NUL, 433 }; 434 435 static int cmp_bss(struct cfg80211_bss *a, 436 struct cfg80211_bss *b, 437 enum bss_compare_mode mode) 438 { 439 const struct cfg80211_bss_ies *a_ies, *b_ies; 440 const u8 *ie1 = NULL; 441 const u8 *ie2 = NULL; 442 int i, r; 443 444 if (a->channel != b->channel) 445 return b->channel->center_freq - a->channel->center_freq; 446 447 a_ies = rcu_access_pointer(a->ies); 448 if (!a_ies) 449 return -1; 450 b_ies = rcu_access_pointer(b->ies); 451 if (!b_ies) 452 return 1; 453 454 if (WLAN_CAPABILITY_IS_STA_BSS(a->capability)) 455 ie1 = cfg80211_find_ie(WLAN_EID_MESH_ID, 456 a_ies->data, a_ies->len); 457 if (WLAN_CAPABILITY_IS_STA_BSS(b->capability)) 458 ie2 = cfg80211_find_ie(WLAN_EID_MESH_ID, 459 b_ies->data, b_ies->len); 460 if (ie1 && ie2) { 461 int mesh_id_cmp; 462 463 if (ie1[1] == ie2[1]) 464 mesh_id_cmp = memcmp(ie1 + 2, ie2 + 2, ie1[1]); 465 else 466 mesh_id_cmp = ie2[1] - ie1[1]; 467 468 ie1 = cfg80211_find_ie(WLAN_EID_MESH_CONFIG, 469 a_ies->data, a_ies->len); 470 ie2 = cfg80211_find_ie(WLAN_EID_MESH_CONFIG, 471 b_ies->data, b_ies->len); 472 if (ie1 && ie2) { 473 if (mesh_id_cmp) 474 return mesh_id_cmp; 475 if (ie1[1] != ie2[1]) 476 return ie2[1] - ie1[1]; 477 return memcmp(ie1 + 2, ie2 + 2, ie1[1]); 478 } 479 } 480 481 r = memcmp(a->bssid, b->bssid, sizeof(a->bssid)); 482 if (r) 483 return r; 484 485 ie1 = cfg80211_find_ie(WLAN_EID_SSID, a_ies->data, a_ies->len); 486 ie2 = cfg80211_find_ie(WLAN_EID_SSID, b_ies->data, b_ies->len); 487 488 if (!ie1 && !ie2) 489 return 0; 490 491 /* 492 * Note that with "hide_ssid", the function returns a match if 493 * the already-present BSS ("b") is a hidden SSID beacon for 494 * the new BSS ("a"). 495 */ 496 497 /* sort missing IE before (left of) present IE */ 498 if (!ie1) 499 return -1; 500 if (!ie2) 501 return 1; 502 503 switch (mode) { 504 case BSS_CMP_HIDE_ZLEN: 505 /* 506 * In ZLEN mode we assume the BSS entry we're 507 * looking for has a zero-length SSID. So if 508 * the one we're looking at right now has that, 509 * return 0. Otherwise, return the difference 510 * in length, but since we're looking for the 511 * 0-length it's really equivalent to returning 512 * the length of the one we're looking at. 513 * 514 * No content comparison is needed as we assume 515 * the content length is zero. 516 */ 517 return ie2[1]; 518 case BSS_CMP_REGULAR: 519 default: 520 /* sort by length first, then by contents */ 521 if (ie1[1] != ie2[1]) 522 return ie2[1] - ie1[1]; 523 return memcmp(ie1 + 2, ie2 + 2, ie1[1]); 524 case BSS_CMP_HIDE_NUL: 525 if (ie1[1] != ie2[1]) 526 return ie2[1] - ie1[1]; 527 /* this is equivalent to memcmp(zeroes, ie2 + 2, len) */ 528 for (i = 0; i < ie2[1]; i++) 529 if (ie2[i + 2]) 530 return -1; 531 return 0; 532 } 533 } 534 535 static bool cfg80211_bss_type_match(u16 capability, 536 enum nl80211_band band, 537 enum ieee80211_bss_type bss_type) 538 { 539 bool ret = true; 540 u16 mask, val; 541 542 if (bss_type == IEEE80211_BSS_TYPE_ANY) 543 return ret; 544 545 if (band == NL80211_BAND_60GHZ) { 546 mask = WLAN_CAPABILITY_DMG_TYPE_MASK; 547 switch (bss_type) { 548 case IEEE80211_BSS_TYPE_ESS: 549 val = WLAN_CAPABILITY_DMG_TYPE_AP; 550 break; 551 case IEEE80211_BSS_TYPE_PBSS: 552 val = WLAN_CAPABILITY_DMG_TYPE_PBSS; 553 break; 554 case IEEE80211_BSS_TYPE_IBSS: 555 val = WLAN_CAPABILITY_DMG_TYPE_IBSS; 556 break; 557 default: 558 return false; 559 } 560 } else { 561 mask = WLAN_CAPABILITY_ESS | WLAN_CAPABILITY_IBSS; 562 switch (bss_type) { 563 case IEEE80211_BSS_TYPE_ESS: 564 val = WLAN_CAPABILITY_ESS; 565 break; 566 case IEEE80211_BSS_TYPE_IBSS: 567 val = WLAN_CAPABILITY_IBSS; 568 break; 569 case IEEE80211_BSS_TYPE_MBSS: 570 val = 0; 571 break; 572 default: 573 return false; 574 } 575 } 576 577 ret = ((capability & mask) == val); 578 return ret; 579 } 580 581 /* Returned bss is reference counted and must be cleaned up appropriately. */ 582 struct cfg80211_bss *cfg80211_get_bss(struct wiphy *wiphy, 583 struct ieee80211_channel *channel, 584 const u8 *bssid, 585 const u8 *ssid, size_t ssid_len, 586 enum ieee80211_bss_type bss_type, 587 enum ieee80211_privacy privacy) 588 { 589 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 590 struct cfg80211_internal_bss *bss, *res = NULL; 591 unsigned long now = jiffies; 592 int bss_privacy; 593 594 trace_cfg80211_get_bss(wiphy, channel, bssid, ssid, ssid_len, bss_type, 595 privacy); 596 597 spin_lock_bh(&rdev->bss_lock); 598 599 list_for_each_entry(bss, &rdev->bss_list, list) { 600 if (!cfg80211_bss_type_match(bss->pub.capability, 601 bss->pub.channel->band, bss_type)) 602 continue; 603 604 bss_privacy = (bss->pub.capability & WLAN_CAPABILITY_PRIVACY); 605 if ((privacy == IEEE80211_PRIVACY_ON && !bss_privacy) || 606 (privacy == IEEE80211_PRIVACY_OFF && bss_privacy)) 607 continue; 608 if (channel && bss->pub.channel != channel) 609 continue; 610 if (!is_valid_ether_addr(bss->pub.bssid)) 611 continue; 612 /* Don't get expired BSS structs */ 613 if (time_after(now, bss->ts + IEEE80211_SCAN_RESULT_EXPIRE) && 614 !atomic_read(&bss->hold)) 615 continue; 616 if (is_bss(&bss->pub, bssid, ssid, ssid_len)) { 617 res = bss; 618 bss_ref_get(rdev, res); 619 break; 620 } 621 } 622 623 spin_unlock_bh(&rdev->bss_lock); 624 if (!res) 625 return NULL; 626 trace_cfg80211_return_bss(&res->pub); 627 return &res->pub; 628 } 629 EXPORT_SYMBOL(cfg80211_get_bss); 630 631 static void rb_insert_bss(struct cfg80211_registered_device *rdev, 632 struct cfg80211_internal_bss *bss) 633 { 634 struct rb_node **p = &rdev->bss_tree.rb_node; 635 struct rb_node *parent = NULL; 636 struct cfg80211_internal_bss *tbss; 637 int cmp; 638 639 while (*p) { 640 parent = *p; 641 tbss = rb_entry(parent, struct cfg80211_internal_bss, rbn); 642 643 cmp = cmp_bss(&bss->pub, &tbss->pub, BSS_CMP_REGULAR); 644 645 if (WARN_ON(!cmp)) { 646 /* will sort of leak this BSS */ 647 return; 648 } 649 650 if (cmp < 0) 651 p = &(*p)->rb_left; 652 else 653 p = &(*p)->rb_right; 654 } 655 656 rb_link_node(&bss->rbn, parent, p); 657 rb_insert_color(&bss->rbn, &rdev->bss_tree); 658 } 659 660 static struct cfg80211_internal_bss * 661 rb_find_bss(struct cfg80211_registered_device *rdev, 662 struct cfg80211_internal_bss *res, 663 enum bss_compare_mode mode) 664 { 665 struct rb_node *n = rdev->bss_tree.rb_node; 666 struct cfg80211_internal_bss *bss; 667 int r; 668 669 while (n) { 670 bss = rb_entry(n, struct cfg80211_internal_bss, rbn); 671 r = cmp_bss(&res->pub, &bss->pub, mode); 672 673 if (r == 0) 674 return bss; 675 else if (r < 0) 676 n = n->rb_left; 677 else 678 n = n->rb_right; 679 } 680 681 return NULL; 682 } 683 684 static bool cfg80211_combine_bsses(struct cfg80211_registered_device *rdev, 685 struct cfg80211_internal_bss *new) 686 { 687 const struct cfg80211_bss_ies *ies; 688 struct cfg80211_internal_bss *bss; 689 const u8 *ie; 690 int i, ssidlen; 691 u8 fold = 0; 692 693 ies = rcu_access_pointer(new->pub.beacon_ies); 694 if (WARN_ON(!ies)) 695 return false; 696 697 ie = cfg80211_find_ie(WLAN_EID_SSID, ies->data, ies->len); 698 if (!ie) { 699 /* nothing to do */ 700 return true; 701 } 702 703 ssidlen = ie[1]; 704 for (i = 0; i < ssidlen; i++) 705 fold |= ie[2 + i]; 706 707 if (fold) { 708 /* not a hidden SSID */ 709 return true; 710 } 711 712 /* This is the bad part ... */ 713 714 list_for_each_entry(bss, &rdev->bss_list, list) { 715 if (!ether_addr_equal(bss->pub.bssid, new->pub.bssid)) 716 continue; 717 if (bss->pub.channel != new->pub.channel) 718 continue; 719 if (bss->pub.scan_width != new->pub.scan_width) 720 continue; 721 if (rcu_access_pointer(bss->pub.beacon_ies)) 722 continue; 723 ies = rcu_access_pointer(bss->pub.ies); 724 if (!ies) 725 continue; 726 ie = cfg80211_find_ie(WLAN_EID_SSID, ies->data, ies->len); 727 if (!ie) 728 continue; 729 if (ssidlen && ie[1] != ssidlen) 730 continue; 731 if (WARN_ON_ONCE(bss->pub.hidden_beacon_bss)) 732 continue; 733 if (WARN_ON_ONCE(!list_empty(&bss->hidden_list))) 734 list_del(&bss->hidden_list); 735 /* combine them */ 736 list_add(&bss->hidden_list, &new->hidden_list); 737 bss->pub.hidden_beacon_bss = &new->pub; 738 new->refcount += bss->refcount; 739 rcu_assign_pointer(bss->pub.beacon_ies, 740 new->pub.beacon_ies); 741 } 742 743 return true; 744 } 745 746 /* Returned bss is reference counted and must be cleaned up appropriately. */ 747 static struct cfg80211_internal_bss * 748 cfg80211_bss_update(struct cfg80211_registered_device *rdev, 749 struct cfg80211_internal_bss *tmp, 750 bool signal_valid) 751 { 752 struct cfg80211_internal_bss *found = NULL; 753 754 if (WARN_ON(!tmp->pub.channel)) 755 return NULL; 756 757 tmp->ts = jiffies; 758 759 spin_lock_bh(&rdev->bss_lock); 760 761 if (WARN_ON(!rcu_access_pointer(tmp->pub.ies))) { 762 spin_unlock_bh(&rdev->bss_lock); 763 return NULL; 764 } 765 766 found = rb_find_bss(rdev, tmp, BSS_CMP_REGULAR); 767 768 if (found) { 769 /* Update IEs */ 770 if (rcu_access_pointer(tmp->pub.proberesp_ies)) { 771 const struct cfg80211_bss_ies *old; 772 773 old = rcu_access_pointer(found->pub.proberesp_ies); 774 775 rcu_assign_pointer(found->pub.proberesp_ies, 776 tmp->pub.proberesp_ies); 777 /* Override possible earlier Beacon frame IEs */ 778 rcu_assign_pointer(found->pub.ies, 779 tmp->pub.proberesp_ies); 780 if (old) 781 kfree_rcu((struct cfg80211_bss_ies *)old, 782 rcu_head); 783 } else if (rcu_access_pointer(tmp->pub.beacon_ies)) { 784 const struct cfg80211_bss_ies *old; 785 struct cfg80211_internal_bss *bss; 786 787 if (found->pub.hidden_beacon_bss && 788 !list_empty(&found->hidden_list)) { 789 const struct cfg80211_bss_ies *f; 790 791 /* 792 * The found BSS struct is one of the probe 793 * response members of a group, but we're 794 * receiving a beacon (beacon_ies in the tmp 795 * bss is used). This can only mean that the 796 * AP changed its beacon from not having an 797 * SSID to showing it, which is confusing so 798 * drop this information. 799 */ 800 801 f = rcu_access_pointer(tmp->pub.beacon_ies); 802 kfree_rcu((struct cfg80211_bss_ies *)f, 803 rcu_head); 804 goto drop; 805 } 806 807 old = rcu_access_pointer(found->pub.beacon_ies); 808 809 rcu_assign_pointer(found->pub.beacon_ies, 810 tmp->pub.beacon_ies); 811 812 /* Override IEs if they were from a beacon before */ 813 if (old == rcu_access_pointer(found->pub.ies)) 814 rcu_assign_pointer(found->pub.ies, 815 tmp->pub.beacon_ies); 816 817 /* Assign beacon IEs to all sub entries */ 818 list_for_each_entry(bss, &found->hidden_list, 819 hidden_list) { 820 const struct cfg80211_bss_ies *ies; 821 822 ies = rcu_access_pointer(bss->pub.beacon_ies); 823 WARN_ON(ies != old); 824 825 rcu_assign_pointer(bss->pub.beacon_ies, 826 tmp->pub.beacon_ies); 827 } 828 829 if (old) 830 kfree_rcu((struct cfg80211_bss_ies *)old, 831 rcu_head); 832 } 833 834 found->pub.beacon_interval = tmp->pub.beacon_interval; 835 /* 836 * don't update the signal if beacon was heard on 837 * adjacent channel. 838 */ 839 if (signal_valid) 840 found->pub.signal = tmp->pub.signal; 841 found->pub.capability = tmp->pub.capability; 842 found->ts = tmp->ts; 843 found->ts_boottime = tmp->ts_boottime; 844 found->parent_tsf = tmp->parent_tsf; 845 ether_addr_copy(found->parent_bssid, tmp->parent_bssid); 846 } else { 847 struct cfg80211_internal_bss *new; 848 struct cfg80211_internal_bss *hidden; 849 struct cfg80211_bss_ies *ies; 850 851 /* 852 * create a copy -- the "res" variable that is passed in 853 * is allocated on the stack since it's not needed in the 854 * more common case of an update 855 */ 856 new = kzalloc(sizeof(*new) + rdev->wiphy.bss_priv_size, 857 GFP_ATOMIC); 858 if (!new) { 859 ies = (void *)rcu_dereference(tmp->pub.beacon_ies); 860 if (ies) 861 kfree_rcu(ies, rcu_head); 862 ies = (void *)rcu_dereference(tmp->pub.proberesp_ies); 863 if (ies) 864 kfree_rcu(ies, rcu_head); 865 goto drop; 866 } 867 memcpy(new, tmp, sizeof(*new)); 868 new->refcount = 1; 869 INIT_LIST_HEAD(&new->hidden_list); 870 871 if (rcu_access_pointer(tmp->pub.proberesp_ies)) { 872 hidden = rb_find_bss(rdev, tmp, BSS_CMP_HIDE_ZLEN); 873 if (!hidden) 874 hidden = rb_find_bss(rdev, tmp, 875 BSS_CMP_HIDE_NUL); 876 if (hidden) { 877 new->pub.hidden_beacon_bss = &hidden->pub; 878 list_add(&new->hidden_list, 879 &hidden->hidden_list); 880 hidden->refcount++; 881 rcu_assign_pointer(new->pub.beacon_ies, 882 hidden->pub.beacon_ies); 883 } 884 } else { 885 /* 886 * Ok so we found a beacon, and don't have an entry. If 887 * it's a beacon with hidden SSID, we might be in for an 888 * expensive search for any probe responses that should 889 * be grouped with this beacon for updates ... 890 */ 891 if (!cfg80211_combine_bsses(rdev, new)) { 892 kfree(new); 893 goto drop; 894 } 895 } 896 897 list_add_tail(&new->list, &rdev->bss_list); 898 rb_insert_bss(rdev, new); 899 found = new; 900 } 901 902 rdev->bss_generation++; 903 bss_ref_get(rdev, found); 904 spin_unlock_bh(&rdev->bss_lock); 905 906 return found; 907 drop: 908 spin_unlock_bh(&rdev->bss_lock); 909 return NULL; 910 } 911 912 static struct ieee80211_channel * 913 cfg80211_get_bss_channel(struct wiphy *wiphy, const u8 *ie, size_t ielen, 914 struct ieee80211_channel *channel) 915 { 916 const u8 *tmp; 917 u32 freq; 918 int channel_number = -1; 919 920 tmp = cfg80211_find_ie(WLAN_EID_DS_PARAMS, ie, ielen); 921 if (tmp && tmp[1] == 1) { 922 channel_number = tmp[2]; 923 } else { 924 tmp = cfg80211_find_ie(WLAN_EID_HT_OPERATION, ie, ielen); 925 if (tmp && tmp[1] >= sizeof(struct ieee80211_ht_operation)) { 926 struct ieee80211_ht_operation *htop = (void *)(tmp + 2); 927 928 channel_number = htop->primary_chan; 929 } 930 } 931 932 if (channel_number < 0) 933 return channel; 934 935 freq = ieee80211_channel_to_frequency(channel_number, channel->band); 936 channel = ieee80211_get_channel(wiphy, freq); 937 if (!channel) 938 return NULL; 939 if (channel->flags & IEEE80211_CHAN_DISABLED) 940 return NULL; 941 return channel; 942 } 943 944 /* Returned bss is reference counted and must be cleaned up appropriately. */ 945 struct cfg80211_bss * 946 cfg80211_inform_bss_data(struct wiphy *wiphy, 947 struct cfg80211_inform_bss *data, 948 enum cfg80211_bss_frame_type ftype, 949 const u8 *bssid, u64 tsf, u16 capability, 950 u16 beacon_interval, const u8 *ie, size_t ielen, 951 gfp_t gfp) 952 { 953 struct cfg80211_bss_ies *ies; 954 struct ieee80211_channel *channel; 955 struct cfg80211_internal_bss tmp = {}, *res; 956 int bss_type; 957 bool signal_valid; 958 959 if (WARN_ON(!wiphy)) 960 return NULL; 961 962 if (WARN_ON(wiphy->signal_type == CFG80211_SIGNAL_TYPE_UNSPEC && 963 (data->signal < 0 || data->signal > 100))) 964 return NULL; 965 966 channel = cfg80211_get_bss_channel(wiphy, ie, ielen, data->chan); 967 if (!channel) 968 return NULL; 969 970 memcpy(tmp.pub.bssid, bssid, ETH_ALEN); 971 tmp.pub.channel = channel; 972 tmp.pub.scan_width = data->scan_width; 973 tmp.pub.signal = data->signal; 974 tmp.pub.beacon_interval = beacon_interval; 975 tmp.pub.capability = capability; 976 tmp.ts_boottime = data->boottime_ns; 977 978 /* 979 * If we do not know here whether the IEs are from a Beacon or Probe 980 * Response frame, we need to pick one of the options and only use it 981 * with the driver that does not provide the full Beacon/Probe Response 982 * frame. Use Beacon frame pointer to avoid indicating that this should 983 * override the IEs pointer should we have received an earlier 984 * indication of Probe Response data. 985 */ 986 ies = kzalloc(sizeof(*ies) + ielen, gfp); 987 if (!ies) 988 return NULL; 989 ies->len = ielen; 990 ies->tsf = tsf; 991 ies->from_beacon = false; 992 memcpy(ies->data, ie, ielen); 993 994 switch (ftype) { 995 case CFG80211_BSS_FTYPE_BEACON: 996 ies->from_beacon = true; 997 /* fall through to assign */ 998 case CFG80211_BSS_FTYPE_UNKNOWN: 999 rcu_assign_pointer(tmp.pub.beacon_ies, ies); 1000 break; 1001 case CFG80211_BSS_FTYPE_PRESP: 1002 rcu_assign_pointer(tmp.pub.proberesp_ies, ies); 1003 break; 1004 } 1005 rcu_assign_pointer(tmp.pub.ies, ies); 1006 1007 signal_valid = abs(data->chan->center_freq - channel->center_freq) <= 1008 wiphy->max_adj_channel_rssi_comp; 1009 res = cfg80211_bss_update(wiphy_to_rdev(wiphy), &tmp, signal_valid); 1010 if (!res) 1011 return NULL; 1012 1013 if (channel->band == NL80211_BAND_60GHZ) { 1014 bss_type = res->pub.capability & WLAN_CAPABILITY_DMG_TYPE_MASK; 1015 if (bss_type == WLAN_CAPABILITY_DMG_TYPE_AP || 1016 bss_type == WLAN_CAPABILITY_DMG_TYPE_PBSS) 1017 regulatory_hint_found_beacon(wiphy, channel, gfp); 1018 } else { 1019 if (res->pub.capability & WLAN_CAPABILITY_ESS) 1020 regulatory_hint_found_beacon(wiphy, channel, gfp); 1021 } 1022 1023 trace_cfg80211_return_bss(&res->pub); 1024 /* cfg80211_bss_update gives us a referenced result */ 1025 return &res->pub; 1026 } 1027 EXPORT_SYMBOL(cfg80211_inform_bss_data); 1028 1029 /* cfg80211_inform_bss_width_frame helper */ 1030 struct cfg80211_bss * 1031 cfg80211_inform_bss_frame_data(struct wiphy *wiphy, 1032 struct cfg80211_inform_bss *data, 1033 struct ieee80211_mgmt *mgmt, size_t len, 1034 gfp_t gfp) 1035 1036 { 1037 struct cfg80211_internal_bss tmp = {}, *res; 1038 struct cfg80211_bss_ies *ies; 1039 struct ieee80211_channel *channel; 1040 bool signal_valid; 1041 size_t ielen = len - offsetof(struct ieee80211_mgmt, 1042 u.probe_resp.variable); 1043 int bss_type; 1044 1045 BUILD_BUG_ON(offsetof(struct ieee80211_mgmt, u.probe_resp.variable) != 1046 offsetof(struct ieee80211_mgmt, u.beacon.variable)); 1047 1048 trace_cfg80211_inform_bss_frame(wiphy, data, mgmt, len); 1049 1050 if (WARN_ON(!mgmt)) 1051 return NULL; 1052 1053 if (WARN_ON(!wiphy)) 1054 return NULL; 1055 1056 if (WARN_ON(wiphy->signal_type == CFG80211_SIGNAL_TYPE_UNSPEC && 1057 (data->signal < 0 || data->signal > 100))) 1058 return NULL; 1059 1060 if (WARN_ON(len < offsetof(struct ieee80211_mgmt, u.probe_resp.variable))) 1061 return NULL; 1062 1063 channel = cfg80211_get_bss_channel(wiphy, mgmt->u.beacon.variable, 1064 ielen, data->chan); 1065 if (!channel) 1066 return NULL; 1067 1068 ies = kzalloc(sizeof(*ies) + ielen, gfp); 1069 if (!ies) 1070 return NULL; 1071 ies->len = ielen; 1072 ies->tsf = le64_to_cpu(mgmt->u.probe_resp.timestamp); 1073 ies->from_beacon = ieee80211_is_beacon(mgmt->frame_control); 1074 memcpy(ies->data, mgmt->u.probe_resp.variable, ielen); 1075 1076 if (ieee80211_is_probe_resp(mgmt->frame_control)) 1077 rcu_assign_pointer(tmp.pub.proberesp_ies, ies); 1078 else 1079 rcu_assign_pointer(tmp.pub.beacon_ies, ies); 1080 rcu_assign_pointer(tmp.pub.ies, ies); 1081 1082 memcpy(tmp.pub.bssid, mgmt->bssid, ETH_ALEN); 1083 tmp.pub.channel = channel; 1084 tmp.pub.scan_width = data->scan_width; 1085 tmp.pub.signal = data->signal; 1086 tmp.pub.beacon_interval = le16_to_cpu(mgmt->u.probe_resp.beacon_int); 1087 tmp.pub.capability = le16_to_cpu(mgmt->u.probe_resp.capab_info); 1088 tmp.ts_boottime = data->boottime_ns; 1089 tmp.parent_tsf = data->parent_tsf; 1090 ether_addr_copy(tmp.parent_bssid, data->parent_bssid); 1091 1092 signal_valid = abs(data->chan->center_freq - channel->center_freq) <= 1093 wiphy->max_adj_channel_rssi_comp; 1094 res = cfg80211_bss_update(wiphy_to_rdev(wiphy), &tmp, signal_valid); 1095 if (!res) 1096 return NULL; 1097 1098 if (channel->band == NL80211_BAND_60GHZ) { 1099 bss_type = res->pub.capability & WLAN_CAPABILITY_DMG_TYPE_MASK; 1100 if (bss_type == WLAN_CAPABILITY_DMG_TYPE_AP || 1101 bss_type == WLAN_CAPABILITY_DMG_TYPE_PBSS) 1102 regulatory_hint_found_beacon(wiphy, channel, gfp); 1103 } else { 1104 if (res->pub.capability & WLAN_CAPABILITY_ESS) 1105 regulatory_hint_found_beacon(wiphy, channel, gfp); 1106 } 1107 1108 trace_cfg80211_return_bss(&res->pub); 1109 /* cfg80211_bss_update gives us a referenced result */ 1110 return &res->pub; 1111 } 1112 EXPORT_SYMBOL(cfg80211_inform_bss_frame_data); 1113 1114 void cfg80211_ref_bss(struct wiphy *wiphy, struct cfg80211_bss *pub) 1115 { 1116 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 1117 struct cfg80211_internal_bss *bss; 1118 1119 if (!pub) 1120 return; 1121 1122 bss = container_of(pub, struct cfg80211_internal_bss, pub); 1123 1124 spin_lock_bh(&rdev->bss_lock); 1125 bss_ref_get(rdev, bss); 1126 spin_unlock_bh(&rdev->bss_lock); 1127 } 1128 EXPORT_SYMBOL(cfg80211_ref_bss); 1129 1130 void cfg80211_put_bss(struct wiphy *wiphy, struct cfg80211_bss *pub) 1131 { 1132 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 1133 struct cfg80211_internal_bss *bss; 1134 1135 if (!pub) 1136 return; 1137 1138 bss = container_of(pub, struct cfg80211_internal_bss, pub); 1139 1140 spin_lock_bh(&rdev->bss_lock); 1141 bss_ref_put(rdev, bss); 1142 spin_unlock_bh(&rdev->bss_lock); 1143 } 1144 EXPORT_SYMBOL(cfg80211_put_bss); 1145 1146 void cfg80211_unlink_bss(struct wiphy *wiphy, struct cfg80211_bss *pub) 1147 { 1148 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 1149 struct cfg80211_internal_bss *bss; 1150 1151 if (WARN_ON(!pub)) 1152 return; 1153 1154 bss = container_of(pub, struct cfg80211_internal_bss, pub); 1155 1156 spin_lock_bh(&rdev->bss_lock); 1157 if (!list_empty(&bss->list)) { 1158 if (__cfg80211_unlink_bss(rdev, bss)) 1159 rdev->bss_generation++; 1160 } 1161 spin_unlock_bh(&rdev->bss_lock); 1162 } 1163 EXPORT_SYMBOL(cfg80211_unlink_bss); 1164 1165 #ifdef CONFIG_CFG80211_WEXT 1166 static struct cfg80211_registered_device * 1167 cfg80211_get_dev_from_ifindex(struct net *net, int ifindex) 1168 { 1169 struct cfg80211_registered_device *rdev; 1170 struct net_device *dev; 1171 1172 ASSERT_RTNL(); 1173 1174 dev = dev_get_by_index(net, ifindex); 1175 if (!dev) 1176 return ERR_PTR(-ENODEV); 1177 if (dev->ieee80211_ptr) 1178 rdev = wiphy_to_rdev(dev->ieee80211_ptr->wiphy); 1179 else 1180 rdev = ERR_PTR(-ENODEV); 1181 dev_put(dev); 1182 return rdev; 1183 } 1184 1185 int cfg80211_wext_siwscan(struct net_device *dev, 1186 struct iw_request_info *info, 1187 union iwreq_data *wrqu, char *extra) 1188 { 1189 struct cfg80211_registered_device *rdev; 1190 struct wiphy *wiphy; 1191 struct iw_scan_req *wreq = NULL; 1192 struct cfg80211_scan_request *creq = NULL; 1193 int i, err, n_channels = 0; 1194 enum nl80211_band band; 1195 1196 if (!netif_running(dev)) 1197 return -ENETDOWN; 1198 1199 if (wrqu->data.length == sizeof(struct iw_scan_req)) 1200 wreq = (struct iw_scan_req *)extra; 1201 1202 rdev = cfg80211_get_dev_from_ifindex(dev_net(dev), dev->ifindex); 1203 1204 if (IS_ERR(rdev)) 1205 return PTR_ERR(rdev); 1206 1207 if (rdev->scan_req || rdev->scan_msg) { 1208 err = -EBUSY; 1209 goto out; 1210 } 1211 1212 wiphy = &rdev->wiphy; 1213 1214 /* Determine number of channels, needed to allocate creq */ 1215 if (wreq && wreq->num_channels) 1216 n_channels = wreq->num_channels; 1217 else 1218 n_channels = ieee80211_get_num_supported_channels(wiphy); 1219 1220 creq = kzalloc(sizeof(*creq) + sizeof(struct cfg80211_ssid) + 1221 n_channels * sizeof(void *), 1222 GFP_ATOMIC); 1223 if (!creq) { 1224 err = -ENOMEM; 1225 goto out; 1226 } 1227 1228 creq->wiphy = wiphy; 1229 creq->wdev = dev->ieee80211_ptr; 1230 /* SSIDs come after channels */ 1231 creq->ssids = (void *)&creq->channels[n_channels]; 1232 creq->n_channels = n_channels; 1233 creq->n_ssids = 1; 1234 creq->scan_start = jiffies; 1235 1236 /* translate "Scan on frequencies" request */ 1237 i = 0; 1238 for (band = 0; band < NUM_NL80211_BANDS; band++) { 1239 int j; 1240 1241 if (!wiphy->bands[band]) 1242 continue; 1243 1244 for (j = 0; j < wiphy->bands[band]->n_channels; j++) { 1245 /* ignore disabled channels */ 1246 if (wiphy->bands[band]->channels[j].flags & 1247 IEEE80211_CHAN_DISABLED) 1248 continue; 1249 1250 /* If we have a wireless request structure and the 1251 * wireless request specifies frequencies, then search 1252 * for the matching hardware channel. 1253 */ 1254 if (wreq && wreq->num_channels) { 1255 int k; 1256 int wiphy_freq = wiphy->bands[band]->channels[j].center_freq; 1257 for (k = 0; k < wreq->num_channels; k++) { 1258 struct iw_freq *freq = 1259 &wreq->channel_list[k]; 1260 int wext_freq = 1261 cfg80211_wext_freq(freq); 1262 1263 if (wext_freq == wiphy_freq) 1264 goto wext_freq_found; 1265 } 1266 goto wext_freq_not_found; 1267 } 1268 1269 wext_freq_found: 1270 creq->channels[i] = &wiphy->bands[band]->channels[j]; 1271 i++; 1272 wext_freq_not_found: ; 1273 } 1274 } 1275 /* No channels found? */ 1276 if (!i) { 1277 err = -EINVAL; 1278 goto out; 1279 } 1280 1281 /* Set real number of channels specified in creq->channels[] */ 1282 creq->n_channels = i; 1283 1284 /* translate "Scan for SSID" request */ 1285 if (wreq) { 1286 if (wrqu->data.flags & IW_SCAN_THIS_ESSID) { 1287 if (wreq->essid_len > IEEE80211_MAX_SSID_LEN) { 1288 err = -EINVAL; 1289 goto out; 1290 } 1291 memcpy(creq->ssids[0].ssid, wreq->essid, wreq->essid_len); 1292 creq->ssids[0].ssid_len = wreq->essid_len; 1293 } 1294 if (wreq->scan_type == IW_SCAN_TYPE_PASSIVE) 1295 creq->n_ssids = 0; 1296 } 1297 1298 for (i = 0; i < NUM_NL80211_BANDS; i++) 1299 if (wiphy->bands[i]) 1300 creq->rates[i] = (1 << wiphy->bands[i]->n_bitrates) - 1; 1301 1302 eth_broadcast_addr(creq->bssid); 1303 1304 rdev->scan_req = creq; 1305 err = rdev_scan(rdev, creq); 1306 if (err) { 1307 rdev->scan_req = NULL; 1308 /* creq will be freed below */ 1309 } else { 1310 nl80211_send_scan_start(rdev, dev->ieee80211_ptr); 1311 /* creq now owned by driver */ 1312 creq = NULL; 1313 dev_hold(dev); 1314 } 1315 out: 1316 kfree(creq); 1317 return err; 1318 } 1319 EXPORT_WEXT_HANDLER(cfg80211_wext_siwscan); 1320 1321 static char *ieee80211_scan_add_ies(struct iw_request_info *info, 1322 const struct cfg80211_bss_ies *ies, 1323 char *current_ev, char *end_buf) 1324 { 1325 const u8 *pos, *end, *next; 1326 struct iw_event iwe; 1327 1328 if (!ies) 1329 return current_ev; 1330 1331 /* 1332 * If needed, fragment the IEs buffer (at IE boundaries) into short 1333 * enough fragments to fit into IW_GENERIC_IE_MAX octet messages. 1334 */ 1335 pos = ies->data; 1336 end = pos + ies->len; 1337 1338 while (end - pos > IW_GENERIC_IE_MAX) { 1339 next = pos + 2 + pos[1]; 1340 while (next + 2 + next[1] - pos < IW_GENERIC_IE_MAX) 1341 next = next + 2 + next[1]; 1342 1343 memset(&iwe, 0, sizeof(iwe)); 1344 iwe.cmd = IWEVGENIE; 1345 iwe.u.data.length = next - pos; 1346 current_ev = iwe_stream_add_point_check(info, current_ev, 1347 end_buf, &iwe, 1348 (void *)pos); 1349 if (IS_ERR(current_ev)) 1350 return current_ev; 1351 pos = next; 1352 } 1353 1354 if (end > pos) { 1355 memset(&iwe, 0, sizeof(iwe)); 1356 iwe.cmd = IWEVGENIE; 1357 iwe.u.data.length = end - pos; 1358 current_ev = iwe_stream_add_point_check(info, current_ev, 1359 end_buf, &iwe, 1360 (void *)pos); 1361 if (IS_ERR(current_ev)) 1362 return current_ev; 1363 } 1364 1365 return current_ev; 1366 } 1367 1368 static char * 1369 ieee80211_bss(struct wiphy *wiphy, struct iw_request_info *info, 1370 struct cfg80211_internal_bss *bss, char *current_ev, 1371 char *end_buf) 1372 { 1373 const struct cfg80211_bss_ies *ies; 1374 struct iw_event iwe; 1375 const u8 *ie; 1376 u8 buf[50]; 1377 u8 *cfg, *p, *tmp; 1378 int rem, i, sig; 1379 bool ismesh = false; 1380 1381 memset(&iwe, 0, sizeof(iwe)); 1382 iwe.cmd = SIOCGIWAP; 1383 iwe.u.ap_addr.sa_family = ARPHRD_ETHER; 1384 memcpy(iwe.u.ap_addr.sa_data, bss->pub.bssid, ETH_ALEN); 1385 current_ev = iwe_stream_add_event_check(info, current_ev, end_buf, &iwe, 1386 IW_EV_ADDR_LEN); 1387 if (IS_ERR(current_ev)) 1388 return current_ev; 1389 1390 memset(&iwe, 0, sizeof(iwe)); 1391 iwe.cmd = SIOCGIWFREQ; 1392 iwe.u.freq.m = ieee80211_frequency_to_channel(bss->pub.channel->center_freq); 1393 iwe.u.freq.e = 0; 1394 current_ev = iwe_stream_add_event_check(info, current_ev, end_buf, &iwe, 1395 IW_EV_FREQ_LEN); 1396 if (IS_ERR(current_ev)) 1397 return current_ev; 1398 1399 memset(&iwe, 0, sizeof(iwe)); 1400 iwe.cmd = SIOCGIWFREQ; 1401 iwe.u.freq.m = bss->pub.channel->center_freq; 1402 iwe.u.freq.e = 6; 1403 current_ev = iwe_stream_add_event_check(info, current_ev, end_buf, &iwe, 1404 IW_EV_FREQ_LEN); 1405 if (IS_ERR(current_ev)) 1406 return current_ev; 1407 1408 if (wiphy->signal_type != CFG80211_SIGNAL_TYPE_NONE) { 1409 memset(&iwe, 0, sizeof(iwe)); 1410 iwe.cmd = IWEVQUAL; 1411 iwe.u.qual.updated = IW_QUAL_LEVEL_UPDATED | 1412 IW_QUAL_NOISE_INVALID | 1413 IW_QUAL_QUAL_UPDATED; 1414 switch (wiphy->signal_type) { 1415 case CFG80211_SIGNAL_TYPE_MBM: 1416 sig = bss->pub.signal / 100; 1417 iwe.u.qual.level = sig; 1418 iwe.u.qual.updated |= IW_QUAL_DBM; 1419 if (sig < -110) /* rather bad */ 1420 sig = -110; 1421 else if (sig > -40) /* perfect */ 1422 sig = -40; 1423 /* will give a range of 0 .. 70 */ 1424 iwe.u.qual.qual = sig + 110; 1425 break; 1426 case CFG80211_SIGNAL_TYPE_UNSPEC: 1427 iwe.u.qual.level = bss->pub.signal; 1428 /* will give range 0 .. 100 */ 1429 iwe.u.qual.qual = bss->pub.signal; 1430 break; 1431 default: 1432 /* not reached */ 1433 break; 1434 } 1435 current_ev = iwe_stream_add_event_check(info, current_ev, 1436 end_buf, &iwe, 1437 IW_EV_QUAL_LEN); 1438 if (IS_ERR(current_ev)) 1439 return current_ev; 1440 } 1441 1442 memset(&iwe, 0, sizeof(iwe)); 1443 iwe.cmd = SIOCGIWENCODE; 1444 if (bss->pub.capability & WLAN_CAPABILITY_PRIVACY) 1445 iwe.u.data.flags = IW_ENCODE_ENABLED | IW_ENCODE_NOKEY; 1446 else 1447 iwe.u.data.flags = IW_ENCODE_DISABLED; 1448 iwe.u.data.length = 0; 1449 current_ev = iwe_stream_add_point_check(info, current_ev, end_buf, 1450 &iwe, ""); 1451 if (IS_ERR(current_ev)) 1452 return current_ev; 1453 1454 rcu_read_lock(); 1455 ies = rcu_dereference(bss->pub.ies); 1456 rem = ies->len; 1457 ie = ies->data; 1458 1459 while (rem >= 2) { 1460 /* invalid data */ 1461 if (ie[1] > rem - 2) 1462 break; 1463 1464 switch (ie[0]) { 1465 case WLAN_EID_SSID: 1466 memset(&iwe, 0, sizeof(iwe)); 1467 iwe.cmd = SIOCGIWESSID; 1468 iwe.u.data.length = ie[1]; 1469 iwe.u.data.flags = 1; 1470 current_ev = iwe_stream_add_point_check(info, 1471 current_ev, 1472 end_buf, &iwe, 1473 (u8 *)ie + 2); 1474 if (IS_ERR(current_ev)) 1475 goto unlock; 1476 break; 1477 case WLAN_EID_MESH_ID: 1478 memset(&iwe, 0, sizeof(iwe)); 1479 iwe.cmd = SIOCGIWESSID; 1480 iwe.u.data.length = ie[1]; 1481 iwe.u.data.flags = 1; 1482 current_ev = iwe_stream_add_point_check(info, 1483 current_ev, 1484 end_buf, &iwe, 1485 (u8 *)ie + 2); 1486 if (IS_ERR(current_ev)) 1487 goto unlock; 1488 break; 1489 case WLAN_EID_MESH_CONFIG: 1490 ismesh = true; 1491 if (ie[1] != sizeof(struct ieee80211_meshconf_ie)) 1492 break; 1493 cfg = (u8 *)ie + 2; 1494 memset(&iwe, 0, sizeof(iwe)); 1495 iwe.cmd = IWEVCUSTOM; 1496 sprintf(buf, "Mesh Network Path Selection Protocol ID: " 1497 "0x%02X", cfg[0]); 1498 iwe.u.data.length = strlen(buf); 1499 current_ev = iwe_stream_add_point_check(info, 1500 current_ev, 1501 end_buf, 1502 &iwe, buf); 1503 if (IS_ERR(current_ev)) 1504 goto unlock; 1505 sprintf(buf, "Path Selection Metric ID: 0x%02X", 1506 cfg[1]); 1507 iwe.u.data.length = strlen(buf); 1508 current_ev = iwe_stream_add_point_check(info, 1509 current_ev, 1510 end_buf, 1511 &iwe, buf); 1512 if (IS_ERR(current_ev)) 1513 goto unlock; 1514 sprintf(buf, "Congestion Control Mode ID: 0x%02X", 1515 cfg[2]); 1516 iwe.u.data.length = strlen(buf); 1517 current_ev = iwe_stream_add_point_check(info, 1518 current_ev, 1519 end_buf, 1520 &iwe, buf); 1521 if (IS_ERR(current_ev)) 1522 goto unlock; 1523 sprintf(buf, "Synchronization ID: 0x%02X", cfg[3]); 1524 iwe.u.data.length = strlen(buf); 1525 current_ev = iwe_stream_add_point_check(info, 1526 current_ev, 1527 end_buf, 1528 &iwe, buf); 1529 if (IS_ERR(current_ev)) 1530 goto unlock; 1531 sprintf(buf, "Authentication ID: 0x%02X", cfg[4]); 1532 iwe.u.data.length = strlen(buf); 1533 current_ev = iwe_stream_add_point_check(info, 1534 current_ev, 1535 end_buf, 1536 &iwe, buf); 1537 if (IS_ERR(current_ev)) 1538 goto unlock; 1539 sprintf(buf, "Formation Info: 0x%02X", cfg[5]); 1540 iwe.u.data.length = strlen(buf); 1541 current_ev = iwe_stream_add_point_check(info, 1542 current_ev, 1543 end_buf, 1544 &iwe, buf); 1545 if (IS_ERR(current_ev)) 1546 goto unlock; 1547 sprintf(buf, "Capabilities: 0x%02X", cfg[6]); 1548 iwe.u.data.length = strlen(buf); 1549 current_ev = iwe_stream_add_point_check(info, 1550 current_ev, 1551 end_buf, 1552 &iwe, buf); 1553 if (IS_ERR(current_ev)) 1554 goto unlock; 1555 break; 1556 case WLAN_EID_SUPP_RATES: 1557 case WLAN_EID_EXT_SUPP_RATES: 1558 /* display all supported rates in readable format */ 1559 p = current_ev + iwe_stream_lcp_len(info); 1560 1561 memset(&iwe, 0, sizeof(iwe)); 1562 iwe.cmd = SIOCGIWRATE; 1563 /* Those two flags are ignored... */ 1564 iwe.u.bitrate.fixed = iwe.u.bitrate.disabled = 0; 1565 1566 for (i = 0; i < ie[1]; i++) { 1567 iwe.u.bitrate.value = 1568 ((ie[i + 2] & 0x7f) * 500000); 1569 tmp = p; 1570 p = iwe_stream_add_value(info, current_ev, p, 1571 end_buf, &iwe, 1572 IW_EV_PARAM_LEN); 1573 if (p == tmp) { 1574 current_ev = ERR_PTR(-E2BIG); 1575 goto unlock; 1576 } 1577 } 1578 current_ev = p; 1579 break; 1580 } 1581 rem -= ie[1] + 2; 1582 ie += ie[1] + 2; 1583 } 1584 1585 if (bss->pub.capability & (WLAN_CAPABILITY_ESS | WLAN_CAPABILITY_IBSS) || 1586 ismesh) { 1587 memset(&iwe, 0, sizeof(iwe)); 1588 iwe.cmd = SIOCGIWMODE; 1589 if (ismesh) 1590 iwe.u.mode = IW_MODE_MESH; 1591 else if (bss->pub.capability & WLAN_CAPABILITY_ESS) 1592 iwe.u.mode = IW_MODE_MASTER; 1593 else 1594 iwe.u.mode = IW_MODE_ADHOC; 1595 current_ev = iwe_stream_add_event_check(info, current_ev, 1596 end_buf, &iwe, 1597 IW_EV_UINT_LEN); 1598 if (IS_ERR(current_ev)) 1599 goto unlock; 1600 } 1601 1602 memset(&iwe, 0, sizeof(iwe)); 1603 iwe.cmd = IWEVCUSTOM; 1604 sprintf(buf, "tsf=%016llx", (unsigned long long)(ies->tsf)); 1605 iwe.u.data.length = strlen(buf); 1606 current_ev = iwe_stream_add_point_check(info, current_ev, end_buf, 1607 &iwe, buf); 1608 if (IS_ERR(current_ev)) 1609 goto unlock; 1610 memset(&iwe, 0, sizeof(iwe)); 1611 iwe.cmd = IWEVCUSTOM; 1612 sprintf(buf, " Last beacon: %ums ago", 1613 elapsed_jiffies_msecs(bss->ts)); 1614 iwe.u.data.length = strlen(buf); 1615 current_ev = iwe_stream_add_point_check(info, current_ev, 1616 end_buf, &iwe, buf); 1617 if (IS_ERR(current_ev)) 1618 goto unlock; 1619 1620 current_ev = ieee80211_scan_add_ies(info, ies, current_ev, end_buf); 1621 1622 unlock: 1623 rcu_read_unlock(); 1624 return current_ev; 1625 } 1626 1627 1628 static int ieee80211_scan_results(struct cfg80211_registered_device *rdev, 1629 struct iw_request_info *info, 1630 char *buf, size_t len) 1631 { 1632 char *current_ev = buf; 1633 char *end_buf = buf + len; 1634 struct cfg80211_internal_bss *bss; 1635 int err = 0; 1636 1637 spin_lock_bh(&rdev->bss_lock); 1638 cfg80211_bss_expire(rdev); 1639 1640 list_for_each_entry(bss, &rdev->bss_list, list) { 1641 if (buf + len - current_ev <= IW_EV_ADDR_LEN) { 1642 err = -E2BIG; 1643 break; 1644 } 1645 current_ev = ieee80211_bss(&rdev->wiphy, info, bss, 1646 current_ev, end_buf); 1647 if (IS_ERR(current_ev)) { 1648 err = PTR_ERR(current_ev); 1649 break; 1650 } 1651 } 1652 spin_unlock_bh(&rdev->bss_lock); 1653 1654 if (err) 1655 return err; 1656 return current_ev - buf; 1657 } 1658 1659 1660 int cfg80211_wext_giwscan(struct net_device *dev, 1661 struct iw_request_info *info, 1662 struct iw_point *data, char *extra) 1663 { 1664 struct cfg80211_registered_device *rdev; 1665 int res; 1666 1667 if (!netif_running(dev)) 1668 return -ENETDOWN; 1669 1670 rdev = cfg80211_get_dev_from_ifindex(dev_net(dev), dev->ifindex); 1671 1672 if (IS_ERR(rdev)) 1673 return PTR_ERR(rdev); 1674 1675 if (rdev->scan_req || rdev->scan_msg) 1676 return -EAGAIN; 1677 1678 res = ieee80211_scan_results(rdev, info, extra, data->length); 1679 data->length = 0; 1680 if (res >= 0) { 1681 data->length = res; 1682 res = 0; 1683 } 1684 1685 return res; 1686 } 1687 EXPORT_WEXT_HANDLER(cfg80211_wext_giwscan); 1688 #endif 1689