New: mac80211 stack from the wireless-dev tree
[openwrt/openwrt.git] / package / mac80211 / src / mac80211 / ieee80211_sta.c
1 /*
2 * BSS client mode implementation
3 * Copyright 2003, Jouni Malinen <jkmaline@cc.hut.fi>
4 * Copyright 2004, Instant802 Networks, Inc.
5 * Copyright 2005, Devicescape Software, Inc.
6 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
7 * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License version 2 as
11 * published by the Free Software Foundation.
12 */
13
14 /* TODO:
15 * BSS table: use <BSSID,SSID> as the key to support multi-SSID APs
16 * order BSS list by RSSI(?) ("quality of AP")
17 * scan result table filtering (by capability (privacy, IBSS/BSS, WPA/RSN IE,
18 * SSID)
19 */
20 #include <linux/delay.h>
21 #include <linux/if_ether.h>
22 #include <linux/skbuff.h>
23 #include <linux/netdevice.h>
24 #include <linux/if_arp.h>
25 #include <linux/wireless.h>
26 #include <linux/random.h>
27 #include <linux/etherdevice.h>
28 #include <linux/rtnetlink.h>
29 #include <net/iw_handler.h>
30 #include <asm/types.h>
31
32 #include <net/mac80211.h>
33 #include "ieee80211_i.h"
34 #include "ieee80211_rate.h"
35 #include "hostapd_ioctl.h"
36
37 #define IEEE80211_AUTH_TIMEOUT (HZ / 5)
38 #define IEEE80211_AUTH_MAX_TRIES 3
39 #define IEEE80211_ASSOC_TIMEOUT (HZ / 5)
40 #define IEEE80211_ASSOC_MAX_TRIES 3
41 #define IEEE80211_MONITORING_INTERVAL (2 * HZ)
42 #define IEEE80211_PROBE_INTERVAL (60 * HZ)
43 #define IEEE80211_RETRY_AUTH_INTERVAL (1 * HZ)
44 #define IEEE80211_SCAN_INTERVAL (2 * HZ)
45 #define IEEE80211_SCAN_INTERVAL_SLOW (15 * HZ)
46 #define IEEE80211_IBSS_JOIN_TIMEOUT (20 * HZ)
47
48 #define IEEE80211_PROBE_DELAY (HZ / 33)
49 #define IEEE80211_CHANNEL_TIME (HZ / 33)
50 #define IEEE80211_PASSIVE_CHANNEL_TIME (HZ / 5)
51 #define IEEE80211_SCAN_RESULT_EXPIRE (10 * HZ)
52 #define IEEE80211_IBSS_MERGE_INTERVAL (30 * HZ)
53 #define IEEE80211_IBSS_INACTIVITY_LIMIT (60 * HZ)
54
55 #define IEEE80211_IBSS_MAX_STA_ENTRIES 128
56
57
58 #define IEEE80211_FC(type, stype) cpu_to_le16(type | stype)
59
60 #define ERP_INFO_USE_PROTECTION BIT(1)
61
62 /* mgmt header + 1 byte action code */
63 #define IEEE80211_MIN_ACTION_SIZE (24 + 1)
64
65 static void ieee80211_send_probe_req(struct net_device *dev, u8 *dst,
66 u8 *ssid, size_t ssid_len);
67 static struct ieee80211_sta_bss *
68 ieee80211_rx_bss_get(struct net_device *dev, u8 *bssid);
69 static void ieee80211_rx_bss_put(struct net_device *dev,
70 struct ieee80211_sta_bss *bss);
71 static int ieee80211_sta_find_ibss(struct net_device *dev,
72 struct ieee80211_if_sta *ifsta);
73 static int ieee80211_sta_wep_configured(struct net_device *dev);
74 static int ieee80211_sta_start_scan(struct net_device *dev,
75 u8 *ssid, size_t ssid_len);
76 static int ieee80211_sta_config_auth(struct net_device *dev,
77 struct ieee80211_if_sta *ifsta);
78
79
80 /* Parsed Information Elements */
81 struct ieee802_11_elems {
82 u8 *ssid;
83 u8 ssid_len;
84 u8 *supp_rates;
85 u8 supp_rates_len;
86 u8 *fh_params;
87 u8 fh_params_len;
88 u8 *ds_params;
89 u8 ds_params_len;
90 u8 *cf_params;
91 u8 cf_params_len;
92 u8 *tim;
93 u8 tim_len;
94 u8 *ibss_params;
95 u8 ibss_params_len;
96 u8 *challenge;
97 u8 challenge_len;
98 u8 *wpa;
99 u8 wpa_len;
100 u8 *rsn;
101 u8 rsn_len;
102 u8 *erp_info;
103 u8 erp_info_len;
104 u8 *ht_cap_param;
105 u8 ht_cap_param_len;
106 u8 *ht_extra_param;
107 u8 ht_extra_param_len;
108 u8 *ext_supp_rates;
109 u8 ext_supp_rates_len;
110 u8 *wmm_info;
111 u8 wmm_info_len;
112 u8 *wmm_param;
113 u8 wmm_param_len;
114 u8 *tspec;
115 u8 tspec_len;
116 };
117
118 typedef enum { ParseOK = 0, ParseUnknown = 1, ParseFailed = -1 } ParseRes;
119
120
121 static ParseRes ieee802_11_parse_elems(u8 *start, size_t len,
122 struct ieee802_11_elems *elems)
123 {
124 size_t left = len;
125 u8 *pos = start;
126 int unknown = 0;
127
128 memset(elems, 0, sizeof(*elems));
129
130 while (left >= 2) {
131 u8 id, elen;
132
133 id = *pos++;
134 elen = *pos++;
135 left -= 2;
136
137 if (elen > left) {
138 #if 0
139 if (net_ratelimit())
140 printk(KERN_DEBUG "IEEE 802.11 element parse "
141 "failed (id=%d elen=%d left=%d)\n",
142 id, elen, left);
143 #endif
144 return ParseFailed;
145 }
146
147 switch (id) {
148 case WLAN_EID_SSID:
149 elems->ssid = pos;
150 elems->ssid_len = elen;
151 break;
152 case WLAN_EID_SUPP_RATES:
153 elems->supp_rates = pos;
154 elems->supp_rates_len = elen;
155 break;
156 case WLAN_EID_FH_PARAMS:
157 elems->fh_params = pos;
158 elems->fh_params_len = elen;
159 break;
160 case WLAN_EID_DS_PARAMS:
161 elems->ds_params = pos;
162 elems->ds_params_len = elen;
163 break;
164 case WLAN_EID_CF_PARAMS:
165 elems->cf_params = pos;
166 elems->cf_params_len = elen;
167 break;
168 case WLAN_EID_TIM:
169 elems->tim = pos;
170 elems->tim_len = elen;
171 break;
172 case WLAN_EID_IBSS_PARAMS:
173 elems->ibss_params = pos;
174 elems->ibss_params_len = elen;
175 break;
176 case WLAN_EID_CHALLENGE:
177 elems->challenge = pos;
178 elems->challenge_len = elen;
179 break;
180 case WLAN_EID_WPA:
181 if (elen >= 4 && pos[0] == 0x00 && pos[1] == 0x50 &&
182 pos[2] == 0xf2) {
183 /* Microsoft OUI (00:50:F2) */
184 if (pos[3] == WIFI_OUI_TYPE_WPA) {
185 /* OUI Type 1 - WPA IE */
186 elems->wpa = pos;
187 elems->wpa_len = elen;
188 } else if (elen >= 5 &&
189 pos[3] == WIFI_OUI_TYPE_WMM) {
190 switch (pos[4]) {
191 case WIFI_OUI_STYPE_WMM_INFO:
192 elems->wmm_info = pos;
193 elems->wmm_info_len = elen;
194 break;
195 case WIFI_OUI_STYPE_WMM_PARAM:
196 elems->wmm_param = pos;
197 elems->wmm_param_len = elen;
198 break;
199 case WIFI_OUI_STYPE_WMM_TSPEC:
200 if (elen != 61) {
201 printk(KERN_ERR "Wrong "
202 "TSPEC size.\n");
203 break;
204 }
205 elems->tspec = pos + 6;
206 elems->tspec_len = elen - 6;
207 break;
208 default:
209 //printk(KERN_ERR "Unsupported "
210 // "WiFi OUI %d\n", pos[4]);
211 break;
212 }
213 }
214 }
215 break;
216 case WLAN_EID_RSN:
217 elems->rsn = pos;
218 elems->rsn_len = elen;
219 break;
220 case WLAN_EID_ERP_INFO:
221 elems->erp_info = pos;
222 elems->erp_info_len = elen;
223 break;
224 case WLAN_EID_EXT_SUPP_RATES:
225 elems->ext_supp_rates = pos;
226 elems->ext_supp_rates_len = elen;
227 break;
228 case WLAN_EID_HT_CAPABILITY:
229 elems->ht_cap_param = pos;
230 elems->ht_cap_param_len = elen;
231 break;
232 case WLAN_EID_HT_EXTRA_INFO:
233 elems->ht_extra_param = pos;
234 elems->ht_extra_param_len = elen;
235 break;
236 case WLAN_EID_TSPEC:
237 if (elen != 55) {
238 printk(KERN_ERR "Wrong TSPEC size.\n");
239 break;
240 }
241 elems->tspec = pos;
242 elems->tspec_len = elen;
243 break;
244 default:
245 #if 0
246 printk(KERN_DEBUG "IEEE 802.11 element parse ignored "
247 "unknown element (id=%d elen=%d)\n",
248 id, elen);
249 #endif
250 unknown++;
251 break;
252 }
253
254 left -= elen;
255 pos += elen;
256 }
257
258 /* Do not trigger error if left == 1 as Apple Airport base stations
259 * send AssocResps that are one spurious byte too long. */
260
261 return unknown ? ParseUnknown : ParseOK;
262 }
263
264
265
266
267 static int ecw2cw(int ecw)
268 {
269 int cw = 1;
270 while (ecw > 0) {
271 cw <<= 1;
272 ecw--;
273 }
274 return cw - 1;
275 }
276
277 static void ieee80211_sta_wmm_params(struct net_device *dev,
278 struct ieee80211_if_sta *ifsta,
279 u8 *wmm_param, size_t wmm_param_len)
280 {
281 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
282 struct ieee80211_tx_queue_params params;
283 size_t left;
284 int count;
285 u8 *pos;
286
287 if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1)
288 return;
289 count = wmm_param[6] & 0x0f;
290 if (count == ifsta->wmm_last_param_set)
291 return;
292 ifsta->wmm_last_param_set = count;
293
294 pos = wmm_param + 8;
295 left = wmm_param_len - 8;
296
297 memset(&params, 0, sizeof(params));
298
299 if (!local->ops->conf_tx)
300 return;
301
302 local->wmm_acm = 0;
303 for (; left >= 4; left -= 4, pos += 4) {
304 int aci = (pos[0] >> 5) & 0x03;
305 int acm = (pos[0] >> 4) & 0x01;
306 int queue;
307
308 switch (aci) {
309 case 1:
310 queue = IEEE80211_TX_QUEUE_DATA3;
311 if (acm) {
312 local->wmm_acm |= BIT(0) | BIT(3);
313 }
314 break;
315 case 2:
316 queue = IEEE80211_TX_QUEUE_DATA1;
317 if (acm) {
318 local->wmm_acm |= BIT(4) | BIT(5);
319 }
320 break;
321 case 3:
322 queue = IEEE80211_TX_QUEUE_DATA0;
323 if (acm) {
324 local->wmm_acm |= BIT(6) | BIT(7);
325 }
326 break;
327 case 0:
328 default:
329 queue = IEEE80211_TX_QUEUE_DATA2;
330 if (acm) {
331 local->wmm_acm |= BIT(1) | BIT(2);
332 }
333 break;
334 }
335
336 params.aifs = pos[0] & 0x0f;
337 params.cw_max = ecw2cw((pos[1] & 0xf0) >> 4);
338 params.cw_min = ecw2cw(pos[1] & 0x0f);
339 /* TXOP is in units of 32 usec; burst_time in 0.1 ms */
340 params.burst_time = (pos[2] | (pos[3] << 8)) * 32 / 100;
341 printk(KERN_DEBUG "%s: WMM queue=%d aci=%d acm=%d aifs=%d "
342 "cWmin=%d cWmax=%d burst=%d\n",
343 dev->name, queue, aci, acm, params.aifs, params.cw_min,
344 params.cw_max, params.burst_time);
345 /* TODO: handle ACM (block TX, fallback to next lowest allowed
346 * AC for now) */
347 if (local->ops->conf_tx(local_to_hw(local), queue, &params)) {
348 printk(KERN_DEBUG "%s: failed to set TX queue "
349 "parameters for queue %d\n", dev->name, queue);
350 }
351 }
352 }
353
354
355 static void ieee80211_sta_send_associnfo(struct net_device *dev,
356 struct ieee80211_if_sta *ifsta)
357 {
358 char *buf;
359 size_t len;
360 int i;
361 union iwreq_data wrqu;
362
363 if (!ifsta->assocreq_ies && !ifsta->assocresp_ies)
364 return;
365
366 buf = kmalloc(50 + 2 * (ifsta->assocreq_ies_len +
367 ifsta->assocresp_ies_len), GFP_ATOMIC);
368 if (!buf)
369 return;
370
371 len = sprintf(buf, "ASSOCINFO(");
372 if (ifsta->assocreq_ies) {
373 len += sprintf(buf + len, "ReqIEs=");
374 for (i = 0; i < ifsta->assocreq_ies_len; i++) {
375 len += sprintf(buf + len, "%02x",
376 ifsta->assocreq_ies[i]);
377 }
378 }
379 if (ifsta->assocresp_ies) {
380 if (ifsta->assocreq_ies)
381 len += sprintf(buf + len, " ");
382 len += sprintf(buf + len, "RespIEs=");
383 for (i = 0; i < ifsta->assocresp_ies_len; i++) {
384 len += sprintf(buf + len, "%02x",
385 ifsta->assocresp_ies[i]);
386 }
387 }
388 len += sprintf(buf + len, ")");
389
390 if (len > IW_CUSTOM_MAX) {
391 len = sprintf(buf, "ASSOCRESPIE=");
392 for (i = 0; i < ifsta->assocresp_ies_len; i++) {
393 len += sprintf(buf + len, "%02x",
394 ifsta->assocresp_ies[i]);
395 }
396 }
397
398 memset(&wrqu, 0, sizeof(wrqu));
399 wrqu.data.length = len;
400 wireless_send_event(dev, IWEVCUSTOM, &wrqu, buf);
401
402 kfree(buf);
403 }
404
405
406 static void ieee80211_set_associated(struct net_device *dev,
407 struct ieee80211_if_sta *ifsta, int assoc)
408 {
409 union iwreq_data wrqu;
410
411 if (ifsta->associated == assoc)
412 return;
413
414 ifsta->associated = assoc;
415
416 if (assoc) {
417 struct ieee80211_sub_if_data *sdata;
418 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
419 if (sdata->type != IEEE80211_IF_TYPE_STA)
420 return;
421 netif_carrier_on(dev);
422 ifsta->prev_bssid_set = 1;
423 memcpy(ifsta->prev_bssid, sdata->u.sta.bssid, ETH_ALEN);
424 memcpy(wrqu.ap_addr.sa_data, sdata->u.sta.bssid, ETH_ALEN);
425 ieee80211_sta_send_associnfo(dev, ifsta);
426 } else {
427 netif_carrier_off(dev);
428 memset(wrqu.ap_addr.sa_data, 0, ETH_ALEN);
429 }
430 wrqu.ap_addr.sa_family = ARPHRD_ETHER;
431 wireless_send_event(dev, SIOCGIWAP, &wrqu, NULL);
432 ifsta->last_probe = jiffies;
433 }
434
435 static void ieee80211_set_disassoc(struct net_device *dev,
436 struct ieee80211_if_sta *ifsta, int deauth)
437 {
438 if (deauth)
439 ifsta->auth_tries = 0;
440 ifsta->assoc_tries = 0;
441 ieee80211_set_associated(dev, ifsta, 0);
442 }
443
444 static void ieee80211_sta_tx(struct net_device *dev, struct sk_buff *skb,
445 int encrypt)
446 {
447 struct ieee80211_sub_if_data *sdata;
448 struct ieee80211_tx_packet_data *pkt_data;
449
450 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
451 skb->dev = sdata->local->mdev;
452 skb_set_mac_header(skb, 0);
453 skb_set_network_header(skb, 0);
454 skb_set_transport_header(skb, 0);
455
456 pkt_data = (struct ieee80211_tx_packet_data *) skb->cb;
457 memset(pkt_data, 0, sizeof(struct ieee80211_tx_packet_data));
458 pkt_data->ifindex = sdata->dev->ifindex;
459 pkt_data->mgmt_iface = (sdata->type == IEEE80211_IF_TYPE_MGMT);
460 pkt_data->do_not_encrypt = !encrypt;
461
462 dev_queue_xmit(skb);
463 }
464
465
466 static void ieee80211_send_auth(struct net_device *dev,
467 struct ieee80211_if_sta *ifsta,
468 int transaction, u8 *extra, size_t extra_len,
469 int encrypt)
470 {
471 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
472 struct sk_buff *skb;
473 struct ieee80211_mgmt *mgmt;
474
475 skb = dev_alloc_skb(local->hw.extra_tx_headroom +
476 sizeof(*mgmt) + 6 + extra_len);
477 if (!skb) {
478 printk(KERN_DEBUG "%s: failed to allocate buffer for auth "
479 "frame\n", dev->name);
480 return;
481 }
482 skb_reserve(skb, local->hw.extra_tx_headroom);
483
484 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24 + 6);
485 memset(mgmt, 0, 24 + 6);
486 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
487 IEEE80211_STYPE_AUTH);
488 if (encrypt)
489 mgmt->frame_control |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
490 memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
491 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
492 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
493 mgmt->u.auth.auth_alg = cpu_to_le16(ifsta->auth_alg);
494 mgmt->u.auth.auth_transaction = cpu_to_le16(transaction);
495 ifsta->auth_transaction = transaction + 1;
496 mgmt->u.auth.status_code = cpu_to_le16(0);
497 if (extra)
498 memcpy(skb_put(skb, extra_len), extra, extra_len);
499
500 ieee80211_sta_tx(dev, skb, encrypt);
501 }
502
503
504 static void ieee80211_authenticate(struct net_device *dev,
505 struct ieee80211_if_sta *ifsta)
506 {
507 ifsta->auth_tries++;
508 if (ifsta->auth_tries > IEEE80211_AUTH_MAX_TRIES) {
509 printk(KERN_DEBUG "%s: authentication with AP " MAC_FMT
510 " timed out\n",
511 dev->name, MAC_ARG(ifsta->bssid));
512 ifsta->state = IEEE80211_DISABLED;
513 return;
514 }
515
516 ifsta->state = IEEE80211_AUTHENTICATE;
517 printk(KERN_DEBUG "%s: authenticate with AP " MAC_FMT "\n",
518 dev->name, MAC_ARG(ifsta->bssid));
519
520 ieee80211_send_auth(dev, ifsta, 1, NULL, 0, 0);
521
522 mod_timer(&ifsta->timer, jiffies + IEEE80211_AUTH_TIMEOUT);
523 }
524
525
526 static void ieee80211_send_assoc(struct net_device *dev,
527 struct ieee80211_if_sta *ifsta)
528 {
529 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
530 struct ieee80211_hw_mode *mode;
531 struct sk_buff *skb;
532 struct ieee80211_mgmt *mgmt;
533 u8 *pos, *ies;
534 int i, len;
535 u16 capab;
536 struct ieee80211_sta_bss *bss;
537 int wmm = 0;
538 int ht_enabled = 0;
539
540 skb = dev_alloc_skb(local->hw.extra_tx_headroom +
541 sizeof(*mgmt) + 200 + ifsta->extra_ie_len +
542 ifsta->ssid_len);
543 if (!skb) {
544 printk(KERN_DEBUG "%s: failed to allocate buffer for assoc "
545 "frame\n", dev->name);
546 return;
547 }
548 skb_reserve(skb, local->hw.extra_tx_headroom);
549
550 mode = local->oper_hw_mode;
551 capab = ifsta->capab;
552 if (mode->mode == MODE_IEEE80211G) {
553 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME |
554 WLAN_CAPABILITY_SHORT_PREAMBLE;
555 }
556 bss = ieee80211_rx_bss_get(dev, ifsta->bssid);
557 if (bss) {
558 if (bss->capability & WLAN_CAPABILITY_PRIVACY)
559 capab |= WLAN_CAPABILITY_PRIVACY;
560 if (bss->wmm_ie) {
561 wmm = 1;
562
563 ht_enabled = 1;
564 }
565 ieee80211_rx_bss_put(dev, bss);
566 }
567
568 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
569 memset(mgmt, 0, 24);
570 memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
571 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
572 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
573
574 if (ifsta->prev_bssid_set) {
575 skb_put(skb, 10);
576 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
577 IEEE80211_STYPE_REASSOC_REQ);
578 mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab);
579 mgmt->u.reassoc_req.listen_interval = cpu_to_le16(1);
580 memcpy(mgmt->u.reassoc_req.current_ap, ifsta->prev_bssid,
581 ETH_ALEN);
582 } else {
583 skb_put(skb, 4);
584 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
585 IEEE80211_STYPE_ASSOC_REQ);
586 mgmt->u.assoc_req.capab_info = cpu_to_le16(capab);
587 mgmt->u.assoc_req.listen_interval = cpu_to_le16(1);
588 }
589
590 /* SSID */
591 ies = pos = skb_put(skb, 2 + ifsta->ssid_len);
592 *pos++ = WLAN_EID_SSID;
593 *pos++ = ifsta->ssid_len;
594 memcpy(pos, ifsta->ssid, ifsta->ssid_len);
595
596 len = mode->num_rates;
597 if (len > 8)
598 len = 8;
599 pos = skb_put(skb, len + 2);
600 *pos++ = WLAN_EID_SUPP_RATES;
601 *pos++ = len;
602 for (i = 0; i < len; i++) {
603 int rate = mode->rates[i].rate;
604 if (mode->mode == MODE_ATHEROS_TURBO)
605 rate /= 2;
606 *pos++ = (u8) (rate / 5);
607 }
608
609 if (mode->num_rates > len) {
610 pos = skb_put(skb, mode->num_rates - len + 2);
611 *pos++ = WLAN_EID_EXT_SUPP_RATES;
612 *pos++ = mode->num_rates - len;
613 for (i = len; i < mode->num_rates; i++) {
614 int rate = mode->rates[i].rate;
615 if (mode->mode == MODE_ATHEROS_TURBO)
616 rate /= 2;
617 *pos++ = (u8) (rate / 5);
618 }
619 }
620
621 if (ifsta->extra_ie) {
622 pos = skb_put(skb, ifsta->extra_ie_len);
623 memcpy(pos, ifsta->extra_ie, ifsta->extra_ie_len);
624 }
625
626 if (wmm && ifsta->wmm_enabled) {
627 pos = skb_put(skb, 9);
628 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
629 *pos++ = 7; /* len */
630 *pos++ = 0x00; /* Microsoft OUI 00:50:F2 */
631 *pos++ = 0x50;
632 *pos++ = 0xf2;
633 *pos++ = 2; /* WME */
634 *pos++ = 0; /* WME info */
635 *pos++ = 1; /* WME ver */
636 *pos++ = 0;
637 }
638
639 /* if low level driver supports 11n, fill in 11n IE */
640 if (ht_enabled && ifsta->ht_enabled && local->ops->get_ht_capab) {
641 pos = skb_put(skb, sizeof(struct ieee80211_ht_capability)+2);
642 *pos++ = WLAN_EID_HT_CAPABILITY;
643 *pos++ = sizeof(struct ieee80211_ht_capability);
644 memset(pos, 0, sizeof(struct ieee80211_ht_capability));
645 local->ops->get_ht_capab(local_to_hw(local),
646 (struct ieee80211_ht_capability *)pos);
647 }
648
649 kfree(ifsta->assocreq_ies);
650 ifsta->assocreq_ies_len = (skb->data + skb->len) - ies;
651 ifsta->assocreq_ies = kmalloc(ifsta->assocreq_ies_len, GFP_ATOMIC);
652 if (ifsta->assocreq_ies)
653 memcpy(ifsta->assocreq_ies, ies, ifsta->assocreq_ies_len);
654
655 ieee80211_sta_tx(dev, skb, 0);
656 }
657
658
659 static void ieee80211_send_deauth(struct net_device *dev,
660 struct ieee80211_if_sta *ifsta, u16 reason)
661 {
662 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
663 struct sk_buff *skb;
664 struct ieee80211_mgmt *mgmt;
665
666 skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt));
667 if (!skb) {
668 printk(KERN_DEBUG "%s: failed to allocate buffer for deauth "
669 "frame\n", dev->name);
670 return;
671 }
672 skb_reserve(skb, local->hw.extra_tx_headroom);
673
674 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
675 memset(mgmt, 0, 24);
676 memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
677 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
678 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
679 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
680 IEEE80211_STYPE_DEAUTH);
681 skb_put(skb, 2);
682 mgmt->u.deauth.reason_code = cpu_to_le16(reason);
683
684 ieee80211_sta_tx(dev, skb, 0);
685 }
686
687
688 static void ieee80211_send_disassoc(struct net_device *dev,
689 struct ieee80211_if_sta *ifsta, u16 reason)
690 {
691 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
692 struct sk_buff *skb;
693 struct ieee80211_mgmt *mgmt;
694
695 skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt));
696 if (!skb) {
697 printk(KERN_DEBUG "%s: failed to allocate buffer for disassoc "
698 "frame\n", dev->name);
699 return;
700 }
701 skb_reserve(skb, local->hw.extra_tx_headroom);
702
703 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
704 memset(mgmt, 0, 24);
705 memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
706 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
707 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
708 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
709 IEEE80211_STYPE_DISASSOC);
710 skb_put(skb, 2);
711 mgmt->u.disassoc.reason_code = cpu_to_le16(reason);
712
713 ieee80211_sta_tx(dev, skb, 0);
714 }
715
716
717 int ieee80211_ts_index(u8 direction)
718 {
719 if (direction == WLAN_TSINFO_DOWNLINK ||
720 direction == WLAN_TSINFO_DIRECTLINK)
721 return STA_TS_DOWNLINK;
722 return STA_TS_UPLINK; /* UP and Bidirectional LINK */
723 }
724
725
726 void ieee80211_send_addts(struct net_device *dev,
727 struct ieee80211_if_sta *ifsta,
728 struct ieee80211_elem_tspec *tspec)
729 {
730 struct ieee80211_mgmt *mgmt;
731 struct sk_buff *skb;
732 static u8 token;
733 struct ieee80211_elem_tspec *ptspec;
734 u8 *pos;
735
736 skb = dev_alloc_skb(sizeof(*mgmt) + sizeof(*tspec));
737 if (!skb) {
738 printk(KERN_DEBUG "%s: failed to allocate buffer for addts "
739 "frame\n", dev->name);
740 return;
741 }
742
743 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
744 memset(mgmt, 0, 24);
745 memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
746 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
747 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
748 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
749 IEEE80211_STYPE_ACTION);
750
751 skb_put(skb, 1 + sizeof(mgmt->u.action.u.addts_req));
752 mgmt->u.action.category = WLAN_CATEGORY_QOS;
753 mgmt->u.action.u.addts_req.action_code = WLAN_ACTION_QOS_ADDTS_REQ;
754 mgmt->u.action.u.addts_req.dialog_token = ++token % 127;
755
756 skb_put(skb, 2 + sizeof(*tspec));
757 pos = mgmt->u.action.u.addts_req.variable;
758 pos[0] = WLAN_EID_TSPEC;
759 pos[1] = sizeof(*tspec);
760 pos += 2;
761 ptspec = (struct ieee80211_elem_tspec *)pos;
762 memcpy(ptspec, tspec, sizeof(*tspec));
763
764 ieee80211_sta_tx(dev, skb, 0);
765 }
766
767
768 void wmm_send_addts(struct net_device *dev,
769 struct ieee80211_if_sta *ifsta,
770 struct ieee80211_elem_tspec *tspec)
771 {
772 struct ieee80211_mgmt *mgmt;
773 struct sk_buff *skb;
774 static u8 token;
775 struct ieee80211_elem_tspec *ptspec;
776 u8 *pos;
777
778 skb = dev_alloc_skb(sizeof(*mgmt) + 2 + 6 + sizeof(*tspec));
779 if (!skb) {
780 printk(KERN_DEBUG "%s: failed to allocate buffer for addts "
781 "frame\n", dev->name);
782 return;
783 }
784
785 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
786 memset(mgmt, 0, 24);
787 memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
788 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
789 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
790 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
791 IEEE80211_STYPE_ACTION);
792
793 skb_put(skb, 1 + sizeof(mgmt->u.action.u.wme_action));
794 mgmt->u.action.category = WLAN_CATEGORY_WMM;
795 mgmt->u.action.u.wme_action.action_code = WLAN_ACTION_QOS_ADDTS_REQ;
796 mgmt->u.action.u.wme_action.dialog_token = ++token % 127;
797 mgmt->u.action.u.wme_action.status_code = 0;
798
799 skb_put(skb, 2 + 6 + sizeof(*tspec));
800 pos = mgmt->u.action.u.wme_action.variable;
801 pos[0] = WLAN_EID_GENERIC;
802 pos[1] = 61;
803 pos += 2;
804 pos[0] = 0x00; pos[1] = 0x50; pos[2] = 0xf2; /* Wi-Fi OUI (00:50:F2)*/
805 pos += 3;
806 pos[0] = WIFI_OUI_TYPE_WMM;
807 pos[1] = WIFI_OUI_STYPE_WMM_TSPEC;
808 pos[2] = 1; /* Version */
809 pos += 3;
810 ptspec = (struct ieee80211_elem_tspec *)pos;
811 memcpy(ptspec, tspec, sizeof(*tspec));
812
813 ieee80211_sta_tx(dev, skb, 0);
814 }
815
816
817 void ieee80211_send_delts(struct net_device *dev,
818 struct ieee80211_if_sta *ifsta,
819 struct ieee80211_elem_tspec *tp)
820 {
821 struct ieee80211_mgmt *mgmt;
822 struct sk_buff *skb;
823 u8 tsid = IEEE80211_TSINFO_TSID(tp->ts_info);
824 u8 direction = IEEE80211_TSINFO_DIR(tp->ts_info);
825 u32 medium_time = tp->medium_time;
826 u8 index = ieee80211_ts_index(direction);
827
828 if (ifsta->ts_data[tsid][index].status == TS_STATUS_UNUSED) {
829 printk(KERN_DEBUG "%s: Tring to delete an ACM disabled TS "
830 "(%u:%u)\n", dev->name, tsid, direction);
831 return;
832 }
833 skb = dev_alloc_skb(sizeof(*mgmt));
834 if (!skb) {
835 printk(KERN_DEBUG "%s: failed to allocate buffer for delts "
836 "frame\n", dev->name);
837 return;
838 }
839
840 /* recompute admitted time */
841 ifsta->ts_data[tsid][index].admitted_time_usec -=
842 ifsta->dot11EDCAAveragingPeriod * medium_time * 32;
843 if ((s32)(ifsta->ts_data[tsid][index].admitted_time_usec) < 0)
844 ifsta->ts_data[tsid][index].admitted_time_usec = 0;
845
846 ifsta->ts_data[tsid][index].status = TS_STATUS_INACTIVE;
847
848 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
849 memset(mgmt, 0, 24);
850 memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
851 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
852 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
853 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
854 IEEE80211_STYPE_ACTION);
855 skb_put(skb, 1 + sizeof(mgmt->u.action.u.delts));
856 mgmt->u.action.category = WLAN_CATEGORY_QOS;
857 mgmt->u.action.u.delts.action_code = WLAN_ACTION_QOS_DELTS;
858 mgmt->u.action.u.delts.reason_code = 0;
859 memset(&mgmt->u.action.u.delts.ts_info, 0,
860 sizeof(struct ieee80211_ts_info));
861
862 SET_TSINFO_TSID(tp->ts_info, tsid);
863 SET_TSINFO_DIR(tp->ts_info, direction);
864 SET_TSINFO_POLICY(tp->ts_info, WLAN_TSINFO_EDCA);
865 SET_TSINFO_APSD(tp->ts_info, WLAN_TSINFO_PSB_LEGACY);
866 SET_TSINFO_UP(tp->ts_info, ifsta->ts_data[tsid][index].up);
867
868 ieee80211_sta_tx(dev, skb, 0);
869 }
870
871
872 void wmm_send_delts(struct net_device *dev,
873 struct ieee80211_if_sta *ifsta,
874 struct ieee80211_elem_tspec *tp)
875 {
876 struct ieee80211_mgmt *mgmt;
877 struct ieee80211_elem_tspec *tspec;
878 struct sk_buff *skb;
879 u8 tsid = IEEE80211_TSINFO_TSID(tp->ts_info);
880 u8 direction = IEEE80211_TSINFO_DIR(tp->ts_info);
881 u32 medium_time = tp->medium_time;
882 u8 index = ieee80211_ts_index(direction);
883 u8 *pos;
884
885 if (ifsta->ts_data[tsid][index].status == TS_STATUS_UNUSED) {
886 printk(KERN_DEBUG "%s: Tring to delete a non-Actived TS "
887 "(%u %u)\n", dev->name, tsid, direction);
888 return;
889 }
890 skb = dev_alloc_skb(sizeof(*mgmt) + 2 + 6 + sizeof(*tspec));
891 if (!skb) {
892 printk(KERN_DEBUG "%s: failed to allocate buffer for delts "
893 "frame\n", dev->name);
894 return;
895 }
896
897 /* recompute admitted time */
898 ifsta->ts_data[tsid][index].admitted_time_usec -=
899 ifsta->dot11EDCAAveragingPeriod * medium_time * 32;
900 if ((s32)(ifsta->ts_data[tsid][index].admitted_time_usec < 0))
901 ifsta->ts_data[tsid][index].admitted_time_usec = 0;
902
903 ifsta->ts_data[tsid][index].status = TS_STATUS_INACTIVE;
904
905 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
906 memset(mgmt, 0, 24);
907 memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
908 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
909 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
910 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
911 IEEE80211_STYPE_ACTION);
912
913 skb_put(skb, 1 + sizeof(mgmt->u.action.u.wme_action));
914 mgmt->u.action.category = WLAN_CATEGORY_WMM;
915 mgmt->u.action.u.wme_action.action_code = WLAN_ACTION_QOS_DELTS;
916 mgmt->u.action.u.wme_action.dialog_token = 0;
917 mgmt->u.action.u.wme_action.status_code = 0;
918
919 skb_put(skb, 2 + 6 + sizeof(*tspec));
920 pos = mgmt->u.action.u.wme_action.variable;
921 pos[0] = WLAN_EID_GENERIC;
922 pos[1] = 61;
923 pos += 2;
924 pos[0] = 0x00; pos[1] = 0x50; pos[2] = 0xf2; /* Wi-Fi OUI (00:50:F2)*/
925 pos += 3;
926 pos[0] = WIFI_OUI_TYPE_WMM;
927 pos[1] = WIFI_OUI_STYPE_WMM_TSPEC;
928 pos[2] = 1; /* Version */
929 pos += 3;
930 tspec = (struct ieee80211_elem_tspec *)pos;
931 memset(tspec, 0, sizeof(*tspec));
932
933 SET_TSINFO_TSID(tspec->ts_info, tsid);
934 SET_TSINFO_DIR(tspec->ts_info, direction);
935 SET_TSINFO_POLICY(tspec->ts_info, WLAN_TSINFO_EDCA);
936 SET_TSINFO_APSD(tspec->ts_info, WLAN_TSINFO_PSB_LEGACY);
937 SET_TSINFO_UP(tspec->ts_info, ifsta->ts_data[tsid][index].up);
938
939 ieee80211_sta_tx(dev, skb, 0);
940 }
941
942
943 void ieee80211_send_dls_req(struct net_device *dev,
944 struct ieee80211_if_sta *ifsta,
945 u8 *addr, u32 timeout)
946 {
947 struct ieee80211_hw_mode *mode;
948 struct sk_buff *skb;
949 struct ieee80211_mgmt *mgmt;
950 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
951 u8 *pos, *supp_rates, *esupp_rates = NULL;
952 int i;
953
954 skb = dev_alloc_skb(sizeof(*mgmt) + 200 /* rates + ext_rates Size */);
955 if (!skb) {
956 printk(KERN_DEBUG "%s: failed to allocate buffer for DLS REQ "
957 "frame\n", dev->name);
958 return;
959 }
960
961 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
962 memset(mgmt, 0, 24);
963 memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
964 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
965 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
966 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
967 IEEE80211_STYPE_ACTION);
968
969 skb_put(skb, 1 + sizeof(mgmt->u.action.u.dls_req));
970 mgmt->u.action.category = WLAN_CATEGORY_DLS;
971 mgmt->u.action.u.dls_req.action_code = WLAN_ACTION_DLS_REQ;
972 memcpy(mgmt->u.action.u.dls_req.dest, addr, ETH_ALEN);
973 memcpy(mgmt->u.action.u.dls_req.src, dev->dev_addr, ETH_ALEN);
974 mgmt->u.action.u.dls_req.capab_info = cpu_to_le16(ifsta->ap_capab);
975 mgmt->u.action.u.dls_req.timeout = timeout;
976
977 /* Add supported rates and extended supported rates */
978 supp_rates = skb_put(skb, 2);
979 supp_rates[0] = WLAN_EID_SUPP_RATES;
980 supp_rates[1] = 0;
981 mode = local->oper_hw_mode;
982 for (i = 0; i < mode->num_rates; i++) {
983 struct ieee80211_rate *rate = &mode->rates[i];
984 if (!(rate->flags & IEEE80211_RATE_SUPPORTED))
985 continue;
986 if (esupp_rates) {
987 pos = skb_put(skb, 1);
988 esupp_rates[1]++;
989 } else if (supp_rates[1] == 8) {
990 esupp_rates = skb_put(skb, 3);
991 esupp_rates[0] = WLAN_EID_EXT_SUPP_RATES;
992 esupp_rates[1] = 1;
993 pos = &esupp_rates[2];
994 } else {
995 pos = skb_put(skb, 1);
996 supp_rates[1]++;
997 }
998 if (local->hw.conf.phymode == MODE_ATHEROS_TURBO)
999 *pos = rate->rate / 10;
1000 else
1001 *pos = rate->rate / 5;
1002 }
1003
1004 ieee80211_sta_tx(dev, skb, 0);
1005 }
1006
1007
1008 static void ieee80211_send_dls_resp(struct net_device *dev,
1009 struct ieee80211_if_sta *ifsta,
1010 u8 *mac_addr, u16 status)
1011 {
1012 struct ieee80211_hw_mode *mode;
1013 struct sk_buff *skb;
1014 struct ieee80211_mgmt *mgmt;
1015 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1016 u8 *pos, *supp_rates, *esupp_rates = NULL;
1017 int i;
1018
1019 skb = dev_alloc_skb(sizeof(*mgmt) + 200 /* rates + ext_rates Size */);
1020 if (!skb) {
1021 printk(KERN_DEBUG "%s: failed to allocate buffer for dls resp "
1022 "frame\n", dev->name);
1023 return;
1024 }
1025
1026 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
1027 memset(mgmt, 0, 24);
1028 memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
1029 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
1030 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
1031 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
1032 IEEE80211_STYPE_ACTION);
1033
1034 skb_put(skb, 1 + sizeof(mgmt->u.action.u.dls_resp));
1035 mgmt->u.action.category = WLAN_CATEGORY_DLS;
1036 mgmt->u.action.u.dls_resp.action_code = WLAN_ACTION_DLS_RESP;
1037 memcpy(mgmt->u.action.u.dls_resp.dest, dev->dev_addr, ETH_ALEN);
1038 memcpy(mgmt->u.action.u.dls_resp.src, mac_addr, ETH_ALEN);
1039 mgmt->u.action.u.dls_resp.status_code = cpu_to_le16(status);
1040
1041 if (!mgmt->u.action.u.dls_resp.status_code) {
1042 ieee80211_sta_tx(dev, skb, 0);
1043 return;
1044 }
1045
1046 /* Add capability information */
1047 pos = skb_put(skb, 2);
1048 *(__le16 *)pos = cpu_to_le16(ifsta->ap_capab);
1049
1050 /* Add supported rates and extended supported rates */
1051 supp_rates = skb_put(skb, 2);
1052 supp_rates[0] = WLAN_EID_SUPP_RATES;
1053 supp_rates[1] = 0;
1054 mode = local->oper_hw_mode;
1055 for (i = 0; i < mode->num_rates; i++) {
1056 struct ieee80211_rate *rate = &mode->rates[i];
1057 if (!(rate->flags & IEEE80211_RATE_SUPPORTED))
1058 continue;
1059 if (esupp_rates) {
1060 pos = skb_put(skb, 1);
1061 esupp_rates[1]++;
1062 } else if (supp_rates[1] == 8) {
1063 esupp_rates = skb_put(skb, 3);
1064 esupp_rates[0] = WLAN_EID_EXT_SUPP_RATES;
1065 esupp_rates[1] = 1;
1066 pos = &esupp_rates[2];
1067 } else {
1068 pos = skb_put(skb, 1);
1069 supp_rates[1]++;
1070 }
1071 if (local->hw.conf.phymode == MODE_ATHEROS_TURBO)
1072 *pos = rate->rate / 10;
1073 else
1074 *pos = rate->rate / 5;
1075 }
1076
1077 ieee80211_sta_tx(dev, skb, 0);
1078 }
1079
1080
1081 void ieee80211_send_dls_teardown(struct net_device *dev,
1082 struct ieee80211_if_sta *ifsta,
1083 u8 *mac_addr, u16 reason)
1084 {
1085 struct ieee80211_mgmt *mgmt;
1086 struct sk_buff *skb;
1087
1088 skb = dev_alloc_skb(sizeof(*mgmt));
1089 if (!skb) {
1090 printk(KERN_DEBUG "%s: failed to allocate buffer for DLS "
1091 "Teardown frame\n", dev->name);
1092 return;
1093 }
1094
1095 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
1096 memset(mgmt, 0, 24);
1097 memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
1098 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
1099 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
1100 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
1101 IEEE80211_STYPE_ACTION);
1102 skb_put(skb, 1 + sizeof(mgmt->u.action.u.dls_teardown));
1103 mgmt->u.action.category = WLAN_CATEGORY_DLS;
1104 mgmt->u.action.u.dls_teardown.action_code = WLAN_ACTION_DLS_TEARDOWN;
1105 memcpy(mgmt->u.action.u.dls_teardown.dest, mac_addr, ETH_ALEN);
1106 memcpy(mgmt->u.action.u.dls_teardown.src, dev->dev_addr, ETH_ALEN);
1107 mgmt->u.action.u.dls_teardown.reason_code = cpu_to_le16(reason);
1108
1109 ieee80211_sta_tx(dev, skb, 0);
1110 }
1111
1112
1113 static int ieee80211_privacy_mismatch(struct net_device *dev,
1114 struct ieee80211_if_sta *ifsta)
1115 {
1116 struct ieee80211_sta_bss *bss;
1117 int res = 0;
1118
1119 if (!ifsta || ifsta->mixed_cell ||
1120 ifsta->key_mgmt != IEEE80211_KEY_MGMT_NONE)
1121 return 0;
1122
1123 bss = ieee80211_rx_bss_get(dev, ifsta->bssid);
1124 if (!bss)
1125 return 0;
1126
1127 if (ieee80211_sta_wep_configured(dev) !=
1128 !!(bss->capability & WLAN_CAPABILITY_PRIVACY))
1129 res = 1;
1130
1131 ieee80211_rx_bss_put(dev, bss);
1132
1133 return res;
1134 }
1135
1136
1137 static void ieee80211_associate(struct net_device *dev,
1138 struct ieee80211_if_sta *ifsta)
1139 {
1140 ifsta->assoc_tries++;
1141 if (ifsta->assoc_tries > IEEE80211_ASSOC_MAX_TRIES) {
1142 printk(KERN_DEBUG "%s: association with AP " MAC_FMT
1143 " timed out\n",
1144 dev->name, MAC_ARG(ifsta->bssid));
1145 ifsta->state = IEEE80211_DISABLED;
1146 return;
1147 }
1148
1149 ifsta->state = IEEE80211_ASSOCIATE;
1150 printk(KERN_DEBUG "%s: associate with AP " MAC_FMT "\n",
1151 dev->name, MAC_ARG(ifsta->bssid));
1152 if (ieee80211_privacy_mismatch(dev, ifsta)) {
1153 printk(KERN_DEBUG "%s: mismatch in privacy configuration and "
1154 "mixed-cell disabled - abort association\n", dev->name);
1155 ifsta->state = IEEE80211_DISABLED;
1156 return;
1157 }
1158
1159 ieee80211_send_assoc(dev, ifsta);
1160
1161 mod_timer(&ifsta->timer, jiffies + IEEE80211_ASSOC_TIMEOUT);
1162 }
1163
1164
1165 static void ieee80211_associated(struct net_device *dev,
1166 struct ieee80211_if_sta *ifsta)
1167 {
1168 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1169 struct sta_info *sta;
1170 int disassoc;
1171
1172 /* TODO: start monitoring current AP signal quality and number of
1173 * missed beacons. Scan other channels every now and then and search
1174 * for better APs. */
1175 /* TODO: remove expired BSSes */
1176
1177 ifsta->state = IEEE80211_ASSOCIATED;
1178
1179 sta = sta_info_get(local, ifsta->bssid);
1180 if (!sta) {
1181 printk(KERN_DEBUG "%s: No STA entry for own AP " MAC_FMT "\n",
1182 dev->name, MAC_ARG(ifsta->bssid));
1183 disassoc = 1;
1184 } else {
1185 disassoc = 0;
1186 if (time_after(jiffies,
1187 sta->last_rx + IEEE80211_MONITORING_INTERVAL)) {
1188 if (ifsta->probereq_poll) {
1189 printk(KERN_DEBUG "%s: No ProbeResp from "
1190 "current AP " MAC_FMT " - assume out of "
1191 "range\n",
1192 dev->name, MAC_ARG(ifsta->bssid));
1193 disassoc = 1;
1194 sta_info_free(sta, 0);
1195 ifsta->probereq_poll = 0;
1196 } else {
1197 ieee80211_send_probe_req(dev, ifsta->bssid,
1198 local->scan_ssid,
1199 local->scan_ssid_len);
1200 ifsta->probereq_poll = 1;
1201 }
1202 } else {
1203 ifsta->probereq_poll = 0;
1204 if (time_after(jiffies, ifsta->last_probe +
1205 IEEE80211_PROBE_INTERVAL)) {
1206 ifsta->last_probe = jiffies;
1207 ieee80211_send_probe_req(dev, ifsta->bssid,
1208 ifsta->ssid,
1209 ifsta->ssid_len);
1210 }
1211 }
1212 sta_info_put(sta);
1213 }
1214 if (disassoc) {
1215 union iwreq_data wrqu;
1216 memset(wrqu.ap_addr.sa_data, 0, ETH_ALEN);
1217 wrqu.ap_addr.sa_family = ARPHRD_ETHER;
1218 wireless_send_event(dev, SIOCGIWAP, &wrqu, NULL);
1219 mod_timer(&ifsta->timer, jiffies +
1220 IEEE80211_MONITORING_INTERVAL + 30 * HZ);
1221 } else {
1222 mod_timer(&ifsta->timer, jiffies +
1223 IEEE80211_MONITORING_INTERVAL);
1224 }
1225 }
1226
1227
1228 static void ieee80211_send_probe_req(struct net_device *dev, u8 *dst,
1229 u8 *ssid, size_t ssid_len)
1230 {
1231 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1232 struct ieee80211_hw_mode *mode;
1233 struct sk_buff *skb;
1234 struct ieee80211_mgmt *mgmt;
1235 u8 *pos, *supp_rates, *esupp_rates = NULL;
1236 int i;
1237
1238 skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt) + 200);
1239 if (!skb) {
1240 printk(KERN_DEBUG "%s: failed to allocate buffer for probe "
1241 "request\n", dev->name);
1242 return;
1243 }
1244 skb_reserve(skb, local->hw.extra_tx_headroom);
1245
1246 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
1247 memset(mgmt, 0, 24);
1248 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
1249 IEEE80211_STYPE_PROBE_REQ);
1250 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
1251 if (dst) {
1252 memcpy(mgmt->da, dst, ETH_ALEN);
1253 memcpy(mgmt->bssid, dst, ETH_ALEN);
1254 } else {
1255 memset(mgmt->da, 0xff, ETH_ALEN);
1256 memset(mgmt->bssid, 0xff, ETH_ALEN);
1257 }
1258 pos = skb_put(skb, 2 + ssid_len);
1259 *pos++ = WLAN_EID_SSID;
1260 *pos++ = ssid_len;
1261 memcpy(pos, ssid, ssid_len);
1262
1263 supp_rates = skb_put(skb, 2);
1264 supp_rates[0] = WLAN_EID_SUPP_RATES;
1265 supp_rates[1] = 0;
1266 mode = local->oper_hw_mode;
1267 for (i = 0; i < mode->num_rates; i++) {
1268 struct ieee80211_rate *rate = &mode->rates[i];
1269 if (!(rate->flags & IEEE80211_RATE_SUPPORTED))
1270 continue;
1271 if (esupp_rates) {
1272 pos = skb_put(skb, 1);
1273 esupp_rates[1]++;
1274 } else if (supp_rates[1] == 8) {
1275 esupp_rates = skb_put(skb, 3);
1276 esupp_rates[0] = WLAN_EID_EXT_SUPP_RATES;
1277 esupp_rates[1] = 1;
1278 pos = &esupp_rates[2];
1279 } else {
1280 pos = skb_put(skb, 1);
1281 supp_rates[1]++;
1282 }
1283 if (mode->mode == MODE_ATHEROS_TURBO)
1284 *pos = rate->rate / 10;
1285 else
1286 *pos = rate->rate / 5;
1287 }
1288
1289 ieee80211_sta_tx(dev, skb, 0);
1290 }
1291
1292
1293 static int ieee80211_sta_wep_configured(struct net_device *dev)
1294 {
1295 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1296 if (!sdata || !sdata->default_key ||
1297 sdata->default_key->alg != ALG_WEP)
1298 return 0;
1299 return 1;
1300 }
1301
1302
1303 static void ieee80211_auth_completed(struct net_device *dev,
1304 struct ieee80211_if_sta *ifsta)
1305 {
1306 printk(KERN_DEBUG "%s: authenticated\n", dev->name);
1307 ifsta->authenticated = 1;
1308 ieee80211_associate(dev, ifsta);
1309 }
1310
1311
1312 static void ieee80211_auth_challenge(struct net_device *dev,
1313 struct ieee80211_if_sta *ifsta,
1314 struct ieee80211_mgmt *mgmt,
1315 size_t len)
1316 {
1317 u8 *pos;
1318 struct ieee802_11_elems elems;
1319
1320 printk(KERN_DEBUG "%s: replying to auth challenge\n", dev->name);
1321 pos = mgmt->u.auth.variable;
1322 if (ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems)
1323 == ParseFailed) {
1324 printk(KERN_DEBUG "%s: failed to parse Auth(challenge)\n",
1325 dev->name);
1326 return;
1327 }
1328 if (!elems.challenge) {
1329 printk(KERN_DEBUG "%s: no challenge IE in shared key auth "
1330 "frame\n", dev->name);
1331 return;
1332 }
1333 ieee80211_send_auth(dev, ifsta, 3, elems.challenge - 2,
1334 elems.challenge_len + 2, 1);
1335 }
1336
1337
1338 static void ieee80211_rx_mgmt_auth(struct net_device *dev,
1339 struct ieee80211_if_sta *ifsta,
1340 struct ieee80211_mgmt *mgmt,
1341 size_t len)
1342 {
1343 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1344 u16 auth_alg, auth_transaction, status_code;
1345
1346 if (ifsta->state != IEEE80211_AUTHENTICATE &&
1347 sdata->type != IEEE80211_IF_TYPE_IBSS) {
1348 printk(KERN_DEBUG "%s: authentication frame received from "
1349 MAC_FMT ", but not in authenticate state - ignored\n",
1350 dev->name, MAC_ARG(mgmt->sa));
1351 return;
1352 }
1353
1354 if (len < 24 + 6) {
1355 printk(KERN_DEBUG "%s: too short (%zd) authentication frame "
1356 "received from " MAC_FMT " - ignored\n",
1357 dev->name, len, MAC_ARG(mgmt->sa));
1358 return;
1359 }
1360
1361 if (sdata->type != IEEE80211_IF_TYPE_IBSS &&
1362 memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN) != 0) {
1363 printk(KERN_DEBUG "%s: authentication frame received from "
1364 "unknown AP (SA=" MAC_FMT " BSSID=" MAC_FMT ") - "
1365 "ignored\n", dev->name, MAC_ARG(mgmt->sa),
1366 MAC_ARG(mgmt->bssid));
1367 return;
1368 }
1369
1370 if (sdata->type != IEEE80211_IF_TYPE_IBSS &&
1371 memcmp(ifsta->bssid, mgmt->bssid, ETH_ALEN) != 0) {
1372 printk(KERN_DEBUG "%s: authentication frame received from "
1373 "unknown BSSID (SA=" MAC_FMT " BSSID=" MAC_FMT ") - "
1374 "ignored\n", dev->name, MAC_ARG(mgmt->sa),
1375 MAC_ARG(mgmt->bssid));
1376 return;
1377 }
1378
1379 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg);
1380 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction);
1381 status_code = le16_to_cpu(mgmt->u.auth.status_code);
1382
1383 printk(KERN_DEBUG "%s: RX authentication from " MAC_FMT " (alg=%d "
1384 "transaction=%d status=%d)\n",
1385 dev->name, MAC_ARG(mgmt->sa), auth_alg,
1386 auth_transaction, status_code);
1387
1388 if (sdata->type == IEEE80211_IF_TYPE_IBSS) {
1389 /* IEEE 802.11 standard does not require authentication in IBSS
1390 * networks and most implementations do not seem to use it.
1391 * However, try to reply to authentication attempts if someone
1392 * has actually implemented this.
1393 * TODO: Could implement shared key authentication. */
1394 if (auth_alg != WLAN_AUTH_OPEN || auth_transaction != 1) {
1395 printk(KERN_DEBUG "%s: unexpected IBSS authentication "
1396 "frame (alg=%d transaction=%d)\n",
1397 dev->name, auth_alg, auth_transaction);
1398 return;
1399 }
1400 ieee80211_send_auth(dev, ifsta, 2, NULL, 0, 0);
1401 }
1402
1403 if (auth_alg != ifsta->auth_alg ||
1404 auth_transaction != ifsta->auth_transaction) {
1405 printk(KERN_DEBUG "%s: unexpected authentication frame "
1406 "(alg=%d transaction=%d)\n",
1407 dev->name, auth_alg, auth_transaction);
1408 return;
1409 }
1410
1411 if (status_code != WLAN_STATUS_SUCCESS) {
1412 printk(KERN_DEBUG "%s: AP denied authentication (auth_alg=%d "
1413 "code=%d)\n", dev->name, ifsta->auth_alg, status_code);
1414 if (status_code == WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG) {
1415 u8 algs[3];
1416 const int num_algs = ARRAY_SIZE(algs);
1417 int i, pos;
1418 algs[0] = algs[1] = algs[2] = 0xff;
1419 if (ifsta->auth_algs & IEEE80211_AUTH_ALG_OPEN)
1420 algs[0] = WLAN_AUTH_OPEN;
1421 if (ifsta->auth_algs & IEEE80211_AUTH_ALG_SHARED_KEY)
1422 algs[1] = WLAN_AUTH_SHARED_KEY;
1423 if (ifsta->auth_algs & IEEE80211_AUTH_ALG_LEAP)
1424 algs[2] = WLAN_AUTH_LEAP;
1425 if (ifsta->auth_alg == WLAN_AUTH_OPEN)
1426 pos = 0;
1427 else if (ifsta->auth_alg == WLAN_AUTH_SHARED_KEY)
1428 pos = 1;
1429 else
1430 pos = 2;
1431 for (i = 0; i < num_algs; i++) {
1432 pos++;
1433 if (pos >= num_algs)
1434 pos = 0;
1435 if (algs[pos] == ifsta->auth_alg ||
1436 algs[pos] == 0xff)
1437 continue;
1438 if (algs[pos] == WLAN_AUTH_SHARED_KEY &&
1439 !ieee80211_sta_wep_configured(dev))
1440 continue;
1441 ifsta->auth_alg = algs[pos];
1442 printk(KERN_DEBUG "%s: set auth_alg=%d for "
1443 "next try\n",
1444 dev->name, ifsta->auth_alg);
1445 break;
1446 }
1447 }
1448 return;
1449 }
1450
1451 switch (ifsta->auth_alg) {
1452 case WLAN_AUTH_OPEN:
1453 case WLAN_AUTH_LEAP:
1454 ieee80211_auth_completed(dev, ifsta);
1455 break;
1456 case WLAN_AUTH_SHARED_KEY:
1457 if (ifsta->auth_transaction == 4)
1458 ieee80211_auth_completed(dev, ifsta);
1459 else
1460 ieee80211_auth_challenge(dev, ifsta, mgmt, len);
1461 break;
1462 }
1463 }
1464
1465
1466 static void ieee80211_rx_mgmt_deauth(struct net_device *dev,
1467 struct ieee80211_if_sta *ifsta,
1468 struct ieee80211_mgmt *mgmt,
1469 size_t len)
1470 {
1471 u16 reason_code;
1472
1473 if (len < 24 + 2) {
1474 printk(KERN_DEBUG "%s: too short (%zd) deauthentication frame "
1475 "received from " MAC_FMT " - ignored\n",
1476 dev->name, len, MAC_ARG(mgmt->sa));
1477 return;
1478 }
1479
1480 if (memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN) != 0) {
1481 printk(KERN_DEBUG "%s: deauthentication frame received from "
1482 "unknown AP (SA=" MAC_FMT " BSSID=" MAC_FMT ") - "
1483 "ignored\n", dev->name, MAC_ARG(mgmt->sa),
1484 MAC_ARG(mgmt->bssid));
1485 return;
1486 }
1487
1488 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code);
1489
1490 printk(KERN_DEBUG "%s: RX deauthentication from " MAC_FMT
1491 " (reason=%d)\n",
1492 dev->name, MAC_ARG(mgmt->sa), reason_code);
1493
1494 if (ifsta->authenticated) {
1495 printk(KERN_DEBUG "%s: deauthenticated\n", dev->name);
1496 }
1497
1498 if (ifsta->state == IEEE80211_AUTHENTICATE ||
1499 ifsta->state == IEEE80211_ASSOCIATE ||
1500 ifsta->state == IEEE80211_ASSOCIATED) {
1501 ifsta->state = IEEE80211_AUTHENTICATE;
1502 mod_timer(&ifsta->timer, jiffies +
1503 IEEE80211_RETRY_AUTH_INTERVAL);
1504 }
1505
1506 ieee80211_set_disassoc(dev, ifsta, 1);
1507 ifsta->authenticated = 0;
1508 }
1509
1510
1511 static void ieee80211_rx_mgmt_disassoc(struct net_device *dev,
1512 struct ieee80211_if_sta *ifsta,
1513 struct ieee80211_mgmt *mgmt,
1514 size_t len)
1515 {
1516 u16 reason_code;
1517
1518 if (len < 24 + 2) {
1519 printk(KERN_DEBUG "%s: too short (%zd) disassociation frame "
1520 "received from " MAC_FMT " - ignored\n",
1521 dev->name, len, MAC_ARG(mgmt->sa));
1522 return;
1523 }
1524
1525 if (memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN) != 0) {
1526 printk(KERN_DEBUG "%s: disassociation frame received from "
1527 "unknown AP (SA=" MAC_FMT " BSSID=" MAC_FMT ") - "
1528 "ignored\n", dev->name, MAC_ARG(mgmt->sa),
1529 MAC_ARG(mgmt->bssid));
1530 return;
1531 }
1532
1533 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code);
1534
1535 printk(KERN_DEBUG "%s: RX disassociation from " MAC_FMT
1536 " (reason=%d)\n",
1537 dev->name, MAC_ARG(mgmt->sa), reason_code);
1538
1539 if (ifsta->associated)
1540 printk(KERN_DEBUG "%s: disassociated\n", dev->name);
1541
1542 if (ifsta->state == IEEE80211_ASSOCIATED) {
1543 ifsta->state = IEEE80211_ASSOCIATE;
1544 mod_timer(&ifsta->timer, jiffies +
1545 IEEE80211_RETRY_AUTH_INTERVAL);
1546 }
1547
1548 ieee80211_set_disassoc(dev, ifsta, 0);
1549 }
1550
1551
1552 static void ieee80211_rx_mgmt_assoc_resp(struct net_device *dev,
1553 struct ieee80211_if_sta *ifsta,
1554 struct ieee80211_mgmt *mgmt,
1555 size_t len,
1556 int reassoc)
1557 {
1558 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1559 struct ieee80211_hw_mode *mode;
1560 struct sta_info *sta;
1561 u32 rates;
1562 u16 capab_info, status_code, aid;
1563 struct ieee802_11_elems elems;
1564 u8 *pos;
1565 int i, j;
1566
1567 /* AssocResp and ReassocResp have identical structure, so process both
1568 * of them in this function. */
1569
1570 if (ifsta->state != IEEE80211_ASSOCIATE) {
1571 printk(KERN_DEBUG "%s: association frame received from "
1572 MAC_FMT ", but not in associate state - ignored\n",
1573 dev->name, MAC_ARG(mgmt->sa));
1574 return;
1575 }
1576
1577 if (len < 24 + 6) {
1578 printk(KERN_DEBUG "%s: too short (%zd) association frame "
1579 "received from " MAC_FMT " - ignored\n",
1580 dev->name, len, MAC_ARG(mgmt->sa));
1581 return;
1582 }
1583
1584 if (memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN) != 0) {
1585 printk(KERN_DEBUG "%s: association frame received from "
1586 "unknown AP (SA=" MAC_FMT " BSSID=" MAC_FMT ") - "
1587 "ignored\n", dev->name, MAC_ARG(mgmt->sa),
1588 MAC_ARG(mgmt->bssid));
1589 return;
1590 }
1591
1592 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
1593 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code);
1594 aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
1595 if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14)))
1596 printk(KERN_DEBUG "%s: invalid aid value %d; bits 15:14 not "
1597 "set\n", dev->name, aid);
1598 aid &= ~(BIT(15) | BIT(14));
1599
1600 printk(KERN_DEBUG "%s: RX %sssocResp from " MAC_FMT " (capab=0x%x "
1601 "status=%d aid=%d)\n",
1602 dev->name, reassoc ? "Rea" : "A", MAC_ARG(mgmt->sa),
1603 capab_info, status_code, aid);
1604
1605 if (status_code != WLAN_STATUS_SUCCESS) {
1606 printk(KERN_DEBUG "%s: AP denied association (code=%d)\n",
1607 dev->name, status_code);
1608 if (status_code == WLAN_STATUS_REASSOC_NO_ASSOC)
1609 ifsta->prev_bssid_set = 0;
1610 return;
1611 }
1612
1613 pos = mgmt->u.assoc_resp.variable;
1614 if (ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems)
1615 == ParseFailed) {
1616 printk(KERN_DEBUG "%s: failed to parse AssocResp\n",
1617 dev->name);
1618 return;
1619 }
1620
1621 if (!elems.supp_rates) {
1622 printk(KERN_DEBUG "%s: no SuppRates element in AssocResp\n",
1623 dev->name);
1624 return;
1625 }
1626
1627 printk(KERN_DEBUG "%s: associated\n", dev->name);
1628 ifsta->aid = aid;
1629 ifsta->ap_capab = capab_info;
1630
1631 kfree(ifsta->assocresp_ies);
1632 ifsta->assocresp_ies_len = len - (pos - (u8 *) mgmt);
1633 ifsta->assocresp_ies = kmalloc(ifsta->assocresp_ies_len, GFP_ATOMIC);
1634 if (ifsta->assocresp_ies)
1635 memcpy(ifsta->assocresp_ies, pos, ifsta->assocresp_ies_len);
1636
1637 ieee80211_set_associated(dev, ifsta, 1);
1638
1639 /* Add STA entry for the AP */
1640 sta = sta_info_get(local, ifsta->bssid);
1641 if (!sta) {
1642 struct ieee80211_sta_bss *bss;
1643 sta = sta_info_add(local, dev, ifsta->bssid, GFP_ATOMIC);
1644 if (!sta) {
1645 printk(KERN_DEBUG "%s: failed to add STA entry for the"
1646 " AP\n", dev->name);
1647 return;
1648 }
1649 bss = ieee80211_rx_bss_get(dev, ifsta->bssid);
1650 if (bss) {
1651 sta->last_rssi = bss->rssi;
1652 sta->last_signal = bss->signal;
1653 sta->last_noise = bss->noise;
1654 ieee80211_rx_bss_put(dev, bss);
1655 }
1656 }
1657
1658 sta->dev = dev;
1659 sta->flags |= WLAN_STA_AUTH | WLAN_STA_ASSOC;
1660 sta->assoc_ap = 1;
1661
1662 rates = 0;
1663 mode = local->oper_hw_mode;
1664 for (i = 0; i < elems.supp_rates_len; i++) {
1665 int rate = (elems.supp_rates[i] & 0x7f) * 5;
1666 if (mode->mode == MODE_ATHEROS_TURBO)
1667 rate *= 2;
1668 for (j = 0; j < mode->num_rates; j++)
1669 if (mode->rates[j].rate == rate)
1670 rates |= BIT(j);
1671 }
1672 for (i = 0; i < elems.ext_supp_rates_len; i++) {
1673 int rate = (elems.ext_supp_rates[i] & 0x7f) * 5;
1674 if (mode->mode == MODE_ATHEROS_TURBO)
1675 rate *= 2;
1676 for (j = 0; j < mode->num_rates; j++)
1677 if (mode->rates[j].rate == rate)
1678 rates |= BIT(j);
1679 }
1680 sta->supp_rates = rates;
1681
1682 if (elems.ht_extra_param && elems.ht_cap_param && elems.wmm_param &&
1683 ifsta->ht_enabled && local->ops->conf_ht){
1684 int rc;
1685
1686 rc = local->ops->conf_ht(local_to_hw(local),
1687 (struct ieee80211_ht_capability *)
1688 elems.ht_cap_param,
1689 (struct ieee80211_ht_additional_info *)
1690 elems.ht_extra_param);
1691 if (!rc)
1692 sta->flags |= WLAN_STA_HT;
1693 }
1694
1695
1696 rate_control_rate_init(sta, local);
1697
1698 if (elems.wmm_param && ifsta->wmm_enabled) {
1699 sta->flags |= WLAN_STA_WME;
1700 ieee80211_sta_wmm_params(dev, ifsta, elems.wmm_param,
1701 elems.wmm_param_len);
1702 }
1703
1704
1705 sta_info_put(sta);
1706
1707 ieee80211_associated(dev, ifsta);
1708 }
1709
1710 static u32 calculate_mpdu_exchange_time(struct ieee80211_local *local,
1711 struct ieee80211_elem_tspec *tspec)
1712 {
1713 /*
1714 * FIXME: MPDUExchangeTime = duration(Nominal MSDU Size, Min PHY Rate) +
1715 * SIFS + ACK duration
1716 */
1717 int extra = 0; /* SIFS + ACK */
1718
1719 switch (local->hw.conf.phymode) {
1720 case MODE_IEEE80211A:
1721 extra = 16 + 24;
1722 break;
1723 case MODE_IEEE80211B:
1724 extra = 10 + 203;
1725 break;
1726 case MODE_IEEE80211G:
1727 default:
1728 extra = 10 + 30;
1729 break;
1730 }
1731 return (tspec->nominal_msdu_size * 8) /
1732 (tspec->min_phy_rate / 1000000) + extra;
1733 }
1734
1735 static void sta_update_tspec(struct ieee80211_local *local,
1736 struct ieee80211_if_sta *ifsta,
1737 int action, struct ieee80211_elem_tspec *tspec)
1738 {
1739 u8 tsid = IEEE80211_TSINFO_TSID(tspec->ts_info);
1740 u8 index = ieee80211_ts_index(IEEE80211_TSINFO_DIR(tspec->ts_info));
1741
1742 switch (action) {
1743 case WLAN_ACTION_QOS_ADDTS_RESP:
1744 ifsta->ts_data[tsid][index].status = TS_STATUS_ACTIVE;
1745 ifsta->ts_data[tsid][index].up =
1746 IEEE80211_TSINFO_UP(tspec->ts_info);
1747 ifsta->ts_data[tsid][index].used_time_usec = 0;
1748 ifsta->ts_data[tsid][index].admitted_time_usec +=
1749 ifsta->dot11EDCAAveragingPeriod * tspec->medium_time * 32;
1750 ifsta->MPDUExchangeTime =
1751 calculate_mpdu_exchange_time(local, tspec);
1752 break;
1753 case WLAN_ACTION_QOS_DELTS:
1754 ifsta->ts_data[tsid][index].status = TS_STATUS_INACTIVE;
1755 ifsta->ts_data[tsid][index].used_time_usec = 0;
1756 ifsta->ts_data[tsid][index].admitted_time_usec -=
1757 ifsta->dot11EDCAAveragingPeriod * tspec->medium_time * 32;
1758 if (ifsta->ts_data[tsid][index].admitted_time_usec < 0)
1759 ifsta->ts_data[tsid][index].admitted_time_usec = 0;
1760 ifsta->MPDUExchangeTime = 0;
1761 break;
1762 default:
1763 printk(KERN_ERR "%s: invalid action type %d\n", __FUNCTION__,
1764 action);
1765 break;
1766 }
1767 }
1768
1769 static void sta_parse_tspec(struct net_device *dev,
1770 struct ieee80211_if_sta *ifsta,
1771 struct ieee80211_mgmt *mgmt, size_t len, u8 prefix,
1772 struct ieee80211_elem_tspec *tspec)
1773 {
1774 struct ieee802_11_elems elems;
1775 u8 *pos;
1776
1777 /*
1778 printk(KERN_DEBUG "Dialog_token: %d, TID: %u, Direction: %u, PSB: %d, "
1779 "UP: %d\n", mgmt->u.action.u.wme_action.dialog_token,
1780 IEEE80211_TSINFO_TSID(tspec->ts_info),
1781 IEEE80211_TSINFO_DIR(tspec->ts_info),
1782 IEEE80211_TSINFO_APSD(tspec->ts_info),
1783 IEEE80211_TSINFO_UP(tspec->ts_info));
1784 */
1785
1786 if (mgmt->u.action.category == WLAN_CATEGORY_QOS)
1787 pos = mgmt->u.action.u.addts_resp.variable + prefix;
1788 else
1789 pos = mgmt->u.action.u.wme_action.variable + prefix;
1790
1791 if (ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems)
1792 == ParseFailed) {
1793 printk(KERN_DEBUG "%s: failed to parse TSPEC\n", dev->name);
1794 return;
1795 }
1796 memcpy(tspec, elems.tspec, sizeof(*tspec));
1797 }
1798
1799 int dls_link_status(struct ieee80211_local *local, u8 *addr)
1800 {
1801 struct sta_info *dls;
1802 int ret = DLS_STATUS_NOLINK;
1803
1804 if ((dls = dls_info_get(local, addr)) != NULL) {
1805 ret = dls->dls_status;
1806 sta_info_put(dls);
1807 }
1808 return ret;
1809 }
1810
1811 static void sta_process_dls_req(struct net_device *dev,
1812 struct ieee80211_if_sta *ifsta,
1813 struct ieee80211_mgmt *mgmt, size_t len)
1814 {
1815 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1816 struct sta_info *dls;
1817 u8 *src = mgmt->u.action.u.dls_req.src;
1818 struct ieee802_11_elems elems;
1819 struct ieee80211_rate *rates;
1820 size_t baselen, num_rates;
1821 int i, j;
1822 struct ieee80211_hw_mode *mode;
1823 u32 supp_rates = 0;
1824
1825 printk(KERN_DEBUG "Receive DLS request from "
1826 "%02X:%02X:%02X:%02X:%02X:%02X\n",
1827 src[0], src[1], src[2], src[3], src[4], src[5]);
1828
1829 baselen = (u8 *)mgmt->u.action.u.dls_req.variable - (u8 *)mgmt;
1830 if (baselen > len)
1831 return;
1832
1833 if (ieee802_11_parse_elems(mgmt->u.action.u.dls_req.variable,
1834 len - baselen, &elems) == ParseFailed) {
1835 printk(KERN_ERR "DLS Parse support rates failed.\n");
1836 return;
1837 }
1838 mode = local->sta_scanning ?
1839 local->scan_hw_mode : local->oper_hw_mode;
1840 rates = mode->rates;
1841 num_rates = mode->num_rates;
1842
1843 for (i = 0; i < elems.supp_rates_len + elems.ext_supp_rates_len; i++) {
1844 u8 rate = 0;
1845 if (i < elems.supp_rates_len)
1846 rate = elems.supp_rates[i];
1847 else if (elems.ext_supp_rates)
1848 rate = elems.ext_supp_rates[i - elems.supp_rates_len];
1849 rate = 5 * (rate & 0x7f);
1850 if (mode->mode == MODE_ATHEROS_TURBO)
1851 rate *= 2;
1852 for (j = 0; j < num_rates; j++)
1853 if (rates[j].rate == rate)
1854 supp_rates |= BIT(j);
1855 }
1856 if (supp_rates == 0) {
1857 /* Send DLS failed Response to the peer because
1858 * the supported rates are mismatch */
1859 ieee80211_send_dls_resp(dev, ifsta, src,
1860 WLAN_REASON_QSTA_NOT_USE);
1861 return;
1862 }
1863
1864 dls = dls_info_get(local, src);
1865 if (!dls)
1866 dls = sta_info_add(local, dev, src, GFP_ATOMIC);
1867 if (!dls)
1868 return;
1869
1870 dls->dls_status = DLS_STATUS_OK;
1871 dls->dls_timeout = le16_to_cpu(mgmt->u.action.u.dls_req.timeout);
1872 dls->supp_rates = supp_rates;
1873
1874 /* Send DLS successful Response to the peer */
1875 ieee80211_send_dls_resp(dev, ifsta, src, 0);
1876 }
1877
1878
1879 static void sta_process_dls_resp(struct net_device *dev,
1880 struct ieee80211_if_sta *ifsta,
1881 struct ieee80211_mgmt *mgmt, size_t len)
1882 {
1883 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1884 struct sta_info *dls;
1885 u8 *src = mgmt->u.action.u.dls_resp.src;
1886 struct ieee802_11_elems elems;
1887 struct ieee80211_rate *rates;
1888 size_t baselen, num_rates;
1889 int i, j;
1890 struct ieee80211_hw_mode *mode;
1891 u32 supp_rates = 0;
1892
1893 printk(KERN_DEBUG "Receive DLS response from "
1894 "%02X:%02X:%02X:%02X:%02X:%02X\n",
1895 src[0], src[1], src[2], src[3], src[4], src[5]);
1896
1897 if (mgmt->u.action.u.dls_resp.status_code) {
1898 printk(KERN_ERR "DLS setup refused by peer. Reason %d\n",
1899 mgmt->u.action.u.dls_resp.status_code);
1900 return;
1901 }
1902
1903 baselen = (u8 *)mgmt->u.action.u.dls_resp.variable - (u8 *)mgmt;
1904 if (baselen > len)
1905 return;
1906
1907 if (ieee802_11_parse_elems(mgmt->u.action.u.dls_resp.variable,
1908 len - baselen, &elems) == ParseFailed) {
1909 printk(KERN_ERR "DLS Parse support rates failed.\n");
1910 return;
1911 }
1912 mode = local->sta_scanning ?
1913 local->scan_hw_mode : local->oper_hw_mode;
1914 rates = mode->rates;
1915 num_rates = mode->num_rates;
1916
1917 for (i = 0; i < elems.supp_rates_len + elems.ext_supp_rates_len; i++) {
1918 u8 rate = 0;
1919 if (i < elems.supp_rates_len)
1920 rate = elems.supp_rates[i];
1921 else if (elems.ext_supp_rates)
1922 rate = elems.ext_supp_rates[i - elems.supp_rates_len];
1923 rate = 5 * (rate & 0x7f);
1924 if (mode->mode == MODE_ATHEROS_TURBO)
1925 rate *= 2;
1926 for (j = 0; j < num_rates; j++)
1927 if (rates[j].rate == rate)
1928 supp_rates |= BIT(j);
1929 }
1930
1931 dls = dls_info_get(local, src);
1932 if (!dls)
1933 dls = sta_info_add(local, dev, src, GFP_ATOMIC);
1934 if (!dls)
1935 return;
1936
1937 dls->supp_rates = supp_rates;
1938 dls->dls_status = DLS_STATUS_OK;
1939 sta_info_put(dls);
1940 }
1941
1942
1943 static void sta_process_dls_teardown(struct net_device *dev,
1944 struct ieee80211_if_sta *ifsta,
1945 struct ieee80211_mgmt *mgmt, size_t len)
1946 {
1947 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1948 u8 *src = mgmt->u.action.u.dls_teardown.src;
1949 struct sta_info *dls;
1950
1951 printk(KERN_DEBUG "DLS Teardown received from "
1952 "%02X:%02X:%02X:%02X:%02X:%02X. Reason %d\n",
1953 src[0], src[1], src[2], src[3], src[4], src[5],
1954 mgmt->u.action.u.dls_teardown.reason_code);
1955
1956 dls = dls_info_get(local, src);
1957 if (dls)
1958 sta_info_free(dls, 0);
1959 return;
1960 }
1961
1962
1963 /* Caller must hold local->sta_bss_lock */
1964 static void __ieee80211_rx_bss_hash_add(struct net_device *dev,
1965 struct ieee80211_sta_bss *bss)
1966 {
1967 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1968 bss->hnext = local->sta_bss_hash[STA_HASH(bss->bssid)];
1969 local->sta_bss_hash[STA_HASH(bss->bssid)] = bss;
1970 }
1971
1972
1973 /* Caller must hold local->sta_bss_lock */
1974 static void __ieee80211_rx_bss_hash_del(struct net_device *dev,
1975 struct ieee80211_sta_bss *bss)
1976 {
1977 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1978 struct ieee80211_sta_bss *b, *prev = NULL;
1979 b = local->sta_bss_hash[STA_HASH(bss->bssid)];
1980 while (b) {
1981 if (b == bss) {
1982 if (!prev)
1983 local->sta_bss_hash[STA_HASH(bss->bssid)] =
1984 bss->hnext;
1985 else
1986 prev->hnext = bss->hnext;
1987 break;
1988 }
1989 prev = b;
1990 b = b->hnext;
1991 }
1992 }
1993
1994
1995 static struct ieee80211_sta_bss *
1996 ieee80211_rx_bss_add(struct net_device *dev, u8 *bssid)
1997 {
1998 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1999 struct ieee80211_sta_bss *bss;
2000
2001 bss = kmalloc(sizeof(*bss), GFP_ATOMIC);
2002 if (!bss)
2003 return NULL;
2004 memset(bss, 0, sizeof(*bss));
2005 atomic_inc(&bss->users);
2006 atomic_inc(&bss->users);
2007 memcpy(bss->bssid, bssid, ETH_ALEN);
2008
2009 spin_lock_bh(&local->sta_bss_lock);
2010 /* TODO: order by RSSI? */
2011 list_add_tail(&bss->list, &local->sta_bss_list);
2012 __ieee80211_rx_bss_hash_add(dev, bss);
2013 spin_unlock_bh(&local->sta_bss_lock);
2014 return bss;
2015 }
2016
2017
2018 static struct ieee80211_sta_bss *
2019 ieee80211_rx_bss_get(struct net_device *dev, u8 *bssid)
2020 {
2021 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2022 struct ieee80211_sta_bss *bss;
2023
2024 spin_lock_bh(&local->sta_bss_lock);
2025 bss = local->sta_bss_hash[STA_HASH(bssid)];
2026 while (bss) {
2027 if (memcmp(bss->bssid, bssid, ETH_ALEN) == 0) {
2028 atomic_inc(&bss->users);
2029 break;
2030 }
2031 bss = bss->hnext;
2032 }
2033 spin_unlock_bh(&local->sta_bss_lock);
2034 return bss;
2035 }
2036
2037
2038 static void ieee80211_rx_bss_free(struct ieee80211_sta_bss *bss)
2039 {
2040 kfree(bss->wpa_ie);
2041 kfree(bss->rsn_ie);
2042 kfree(bss->wmm_ie);
2043 kfree(bss->ht_ie);
2044 kfree(bss);
2045 }
2046
2047
2048 static void ieee80211_rx_bss_put(struct net_device *dev,
2049 struct ieee80211_sta_bss *bss)
2050 {
2051 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2052 if (!atomic_dec_and_test(&bss->users))
2053 return;
2054
2055 spin_lock_bh(&local->sta_bss_lock);
2056 __ieee80211_rx_bss_hash_del(dev, bss);
2057 list_del(&bss->list);
2058 spin_unlock_bh(&local->sta_bss_lock);
2059 ieee80211_rx_bss_free(bss);
2060 }
2061
2062
2063 void ieee80211_rx_bss_list_init(struct net_device *dev)
2064 {
2065 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2066 spin_lock_init(&local->sta_bss_lock);
2067 INIT_LIST_HEAD(&local->sta_bss_list);
2068 }
2069
2070
2071 void ieee80211_rx_bss_list_deinit(struct net_device *dev)
2072 {
2073 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2074 struct ieee80211_sta_bss *bss, *tmp;
2075
2076 list_for_each_entry_safe(bss, tmp, &local->sta_bss_list, list)
2077 ieee80211_rx_bss_put(dev, bss);
2078 }
2079
2080
2081 static void ieee80211_rx_bss_info(struct net_device *dev,
2082 struct ieee80211_mgmt *mgmt,
2083 size_t len,
2084 struct ieee80211_rx_status *rx_status,
2085 int beacon)
2086 {
2087 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2088 struct ieee802_11_elems elems;
2089 size_t baselen;
2090 int channel, invalid = 0, clen;
2091 struct ieee80211_sta_bss *bss;
2092 struct sta_info *sta;
2093 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2094 u64 timestamp;
2095
2096 if (!beacon && memcmp(mgmt->da, dev->dev_addr, ETH_ALEN))
2097 return; /* ignore ProbeResp to foreign address */
2098
2099 #if 0
2100 printk(KERN_DEBUG "%s: RX %s from " MAC_FMT " to " MAC_FMT "\n",
2101 dev->name, beacon ? "Beacon" : "Probe Response",
2102 MAC_ARG(mgmt->sa), MAC_ARG(mgmt->da));
2103 #endif
2104
2105 baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt;
2106 if (baselen > len)
2107 return;
2108
2109 timestamp = le64_to_cpu(mgmt->u.beacon.timestamp);
2110
2111 if (sdata->type == IEEE80211_IF_TYPE_IBSS && beacon &&
2112 memcmp(mgmt->bssid, sdata->u.sta.bssid, ETH_ALEN) == 0) {
2113 #ifdef CONFIG_MAC80211_IBSS_DEBUG
2114 static unsigned long last_tsf_debug = 0;
2115 u64 tsf;
2116 if (local->ops->get_tsf)
2117 tsf = local->ops->get_tsf(local_to_hw(local));
2118 else
2119 tsf = -1LLU;
2120 if (time_after(jiffies, last_tsf_debug + 5 * HZ)) {
2121 printk(KERN_DEBUG "RX beacon SA=" MAC_FMT " BSSID="
2122 MAC_FMT " TSF=0x%llx BCN=0x%llx diff=%lld "
2123 "@%lu\n",
2124 MAC_ARG(mgmt->sa), MAC_ARG(mgmt->bssid),
2125 (unsigned long long)tsf,
2126 (unsigned long long)timestamp,
2127 (unsigned long long)(tsf - timestamp),
2128 jiffies);
2129 last_tsf_debug = jiffies;
2130 }
2131 #endif /* CONFIG_MAC80211_IBSS_DEBUG */
2132 }
2133
2134 if (ieee802_11_parse_elems(mgmt->u.beacon.variable, len - baselen,
2135 &elems) == ParseFailed)
2136 invalid = 1;
2137
2138 if (sdata->type == IEEE80211_IF_TYPE_IBSS && elems.supp_rates &&
2139 memcmp(mgmt->bssid, sdata->u.sta.bssid, ETH_ALEN) == 0 &&
2140 (sta = sta_info_get(local, mgmt->sa))) {
2141 struct ieee80211_hw_mode *mode;
2142 struct ieee80211_rate *rates;
2143 size_t num_rates;
2144 u32 supp_rates, prev_rates;
2145 int i, j;
2146
2147 mode = local->sta_scanning ?
2148 local->scan_hw_mode : local->oper_hw_mode;
2149 rates = mode->rates;
2150 num_rates = mode->num_rates;
2151
2152 supp_rates = 0;
2153 for (i = 0; i < elems.supp_rates_len +
2154 elems.ext_supp_rates_len; i++) {
2155 u8 rate = 0;
2156 int own_rate;
2157 if (i < elems.supp_rates_len)
2158 rate = elems.supp_rates[i];
2159 else if (elems.ext_supp_rates)
2160 rate = elems.ext_supp_rates
2161 [i - elems.supp_rates_len];
2162 own_rate = 5 * (rate & 0x7f);
2163 if (mode->mode == MODE_ATHEROS_TURBO)
2164 own_rate *= 2;
2165 for (j = 0; j < num_rates; j++)
2166 if (rates[j].rate == own_rate)
2167 supp_rates |= BIT(j);
2168 }
2169
2170 prev_rates = sta->supp_rates;
2171 sta->supp_rates &= supp_rates;
2172 if (sta->supp_rates == 0) {
2173 /* No matching rates - this should not really happen.
2174 * Make sure that at least one rate is marked
2175 * supported to avoid issues with TX rate ctrl. */
2176 sta->supp_rates = sdata->u.sta.supp_rates_bits;
2177 }
2178 if (sta->supp_rates != prev_rates) {
2179 printk(KERN_DEBUG "%s: updated supp_rates set for "
2180 MAC_FMT " based on beacon info (0x%x & 0x%x -> "
2181 "0x%x)\n",
2182 dev->name, MAC_ARG(sta->addr), prev_rates,
2183 supp_rates, sta->supp_rates);
2184 }
2185 sta_info_put(sta);
2186 }
2187
2188 if (!elems.ssid)
2189 return;
2190
2191 if (elems.ds_params && elems.ds_params_len == 1)
2192 channel = elems.ds_params[0];
2193 else
2194 channel = rx_status->channel;
2195
2196 bss = ieee80211_rx_bss_get(dev, mgmt->bssid);
2197 if (!bss) {
2198 bss = ieee80211_rx_bss_add(dev, mgmt->bssid);
2199 if (!bss)
2200 return;
2201 } else {
2202 #if 0
2203 /* TODO: order by RSSI? */
2204 spin_lock_bh(&local->sta_bss_lock);
2205 list_move_tail(&bss->list, &local->sta_bss_list);
2206 spin_unlock_bh(&local->sta_bss_lock);
2207 #endif
2208 }
2209
2210 if (bss->probe_resp && beacon) {
2211 /* Do not allow beacon to override data from Probe Response. */
2212 ieee80211_rx_bss_put(dev, bss);
2213 return;
2214 }
2215
2216 bss->beacon_int = le16_to_cpu(mgmt->u.beacon.beacon_int);
2217 bss->capability = le16_to_cpu(mgmt->u.beacon.capab_info);
2218 if (elems.ssid && elems.ssid_len <= IEEE80211_MAX_SSID_LEN) {
2219 memcpy(bss->ssid, elems.ssid, elems.ssid_len);
2220 bss->ssid_len = elems.ssid_len;
2221 }
2222
2223 bss->supp_rates_len = 0;
2224 if (elems.supp_rates) {
2225 clen = IEEE80211_MAX_SUPP_RATES - bss->supp_rates_len;
2226 if (clen > elems.supp_rates_len)
2227 clen = elems.supp_rates_len;
2228 memcpy(&bss->supp_rates[bss->supp_rates_len], elems.supp_rates,
2229 clen);
2230 bss->supp_rates_len += clen;
2231 }
2232 if (elems.ext_supp_rates) {
2233 clen = IEEE80211_MAX_SUPP_RATES - bss->supp_rates_len;
2234 if (clen > elems.ext_supp_rates_len)
2235 clen = elems.ext_supp_rates_len;
2236 memcpy(&bss->supp_rates[bss->supp_rates_len],
2237 elems.ext_supp_rates, clen);
2238 bss->supp_rates_len += clen;
2239 }
2240
2241 if (elems.wpa &&
2242 (!bss->wpa_ie || bss->wpa_ie_len != elems.wpa_len ||
2243 memcmp(bss->wpa_ie, elems.wpa, elems.wpa_len))) {
2244 kfree(bss->wpa_ie);
2245 bss->wpa_ie = kmalloc(elems.wpa_len + 2, GFP_ATOMIC);
2246 if (bss->wpa_ie) {
2247 memcpy(bss->wpa_ie, elems.wpa - 2, elems.wpa_len + 2);
2248 bss->wpa_ie_len = elems.wpa_len + 2;
2249 } else
2250 bss->wpa_ie_len = 0;
2251 } else if (!elems.wpa && bss->wpa_ie) {
2252 kfree(bss->wpa_ie);
2253 bss->wpa_ie = NULL;
2254 bss->wpa_ie_len = 0;
2255 }
2256
2257 if (elems.rsn &&
2258 (!bss->rsn_ie || bss->rsn_ie_len != elems.rsn_len ||
2259 memcmp(bss->rsn_ie, elems.rsn, elems.rsn_len))) {
2260 kfree(bss->rsn_ie);
2261 bss->rsn_ie = kmalloc(elems.rsn_len + 2, GFP_ATOMIC);
2262 if (bss->rsn_ie) {
2263 memcpy(bss->rsn_ie, elems.rsn - 2, elems.rsn_len + 2);
2264 bss->rsn_ie_len = elems.rsn_len + 2;
2265 } else
2266 bss->rsn_ie_len = 0;
2267 } else if (!elems.rsn && bss->rsn_ie) {
2268 kfree(bss->rsn_ie);
2269 bss->rsn_ie = NULL;
2270 bss->rsn_ie_len = 0;
2271 }
2272
2273 if (elems.wmm_param &&
2274 (!bss->wmm_ie || bss->wmm_ie_len != elems.wmm_param_len ||
2275 memcmp(bss->wmm_ie, elems.wmm_param, elems.wmm_param_len))) {
2276 kfree(bss->wmm_ie);
2277 bss->wmm_ie = kmalloc(elems.wmm_param_len + 2, GFP_ATOMIC);
2278 if (bss->wmm_ie) {
2279 memcpy(bss->wmm_ie, elems.wmm_param - 2,
2280 elems.wmm_param_len + 2);
2281 bss->wmm_ie_len = elems.wmm_param_len + 2;
2282 } else
2283 bss->wmm_ie_len = 0;
2284 } else if (!elems.wmm_param && bss->wmm_ie) {
2285 kfree(bss->wmm_ie);
2286 bss->wmm_ie = NULL;
2287 bss->wmm_ie_len = 0;
2288 }
2289
2290 if (elems.ht_cap_param &&
2291 (!bss->ht_ie || bss->ht_ie_len != elems.ht_cap_param_len ||
2292 memcmp(bss->ht_ie, elems.ht_cap_param, elems.ht_cap_param_len))) {
2293 if (bss->ht_ie)
2294 kfree(bss->ht_ie);
2295 bss->ht_ie = kmalloc(elems.ht_cap_param_len + 2, GFP_ATOMIC);
2296 if (bss->ht_ie) {
2297 memcpy(bss->ht_ie, elems.ht_cap_param - 2,
2298 elems.ht_cap_param_len + 2);
2299 bss->ht_ie_len = elems.ht_cap_param_len + 2;
2300 } else
2301 bss->ht_ie_len = 0;
2302 } else if (!elems.ht_cap_param && bss->ht_ie) {
2303 kfree(bss->ht_ie);
2304 bss->ht_ie = NULL;
2305 bss->ht_ie_len = 0;
2306 }
2307
2308 bss->hw_mode = rx_status->phymode;
2309 bss->channel = channel;
2310 bss->freq = rx_status->freq;
2311 if (channel != rx_status->channel &&
2312 (bss->hw_mode == MODE_IEEE80211G ||
2313 bss->hw_mode == MODE_IEEE80211B) &&
2314 channel >= 1 && channel <= 14) {
2315 static const int freq_list[] = {
2316 2412, 2417, 2422, 2427, 2432, 2437, 2442,
2317 2447, 2452, 2457, 2462, 2467, 2472, 2484
2318 };
2319 /* IEEE 802.11g/b mode can receive packets from neighboring
2320 * channels, so map the channel into frequency. */
2321 bss->freq = freq_list[channel - 1];
2322 }
2323 bss->timestamp = timestamp;
2324 bss->last_update = jiffies;
2325 bss->rssi = rx_status->ssi;
2326 bss->signal = rx_status->signal;
2327 bss->noise = rx_status->noise;
2328 if (!beacon)
2329 bss->probe_resp++;
2330 ieee80211_rx_bss_put(dev, bss);
2331 }
2332
2333
2334 static void ieee80211_rx_mgmt_probe_resp(struct net_device *dev,
2335 struct ieee80211_mgmt *mgmt,
2336 size_t len,
2337 struct ieee80211_rx_status *rx_status)
2338 {
2339 ieee80211_rx_bss_info(dev, mgmt, len, rx_status, 0);
2340 }
2341
2342
2343 static void ieee80211_rx_mgmt_beacon(struct net_device *dev,
2344 struct ieee80211_mgmt *mgmt,
2345 size_t len,
2346 struct ieee80211_rx_status *rx_status)
2347 {
2348 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2349 struct ieee80211_sub_if_data *sdata;
2350 struct ieee80211_if_sta *ifsta;
2351 int use_protection;
2352 size_t baselen;
2353 struct ieee802_11_elems elems;
2354
2355 ieee80211_rx_bss_info(dev, mgmt, len, rx_status, 1);
2356
2357 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2358 if (sdata->type != IEEE80211_IF_TYPE_STA)
2359 return;
2360 ifsta = &sdata->u.sta;
2361
2362 if (!ifsta->associated ||
2363 memcmp(ifsta->bssid, mgmt->bssid, ETH_ALEN) != 0)
2364 return;
2365
2366 /* Process beacon from the current BSS */
2367 baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt;
2368 if (baselen > len)
2369 return;
2370
2371 if (ieee802_11_parse_elems(mgmt->u.beacon.variable, len - baselen,
2372 &elems) == ParseFailed)
2373 return;
2374
2375 use_protection = 0;
2376 if (elems.erp_info && elems.erp_info_len >= 1) {
2377 use_protection =
2378 (elems.erp_info[0] & ERP_INFO_USE_PROTECTION) != 0;
2379 }
2380
2381 if (use_protection != !!ifsta->use_protection) {
2382 if (net_ratelimit()) {
2383 printk(KERN_DEBUG "%s: CTS protection %s (BSSID="
2384 MAC_FMT ")\n",
2385 dev->name,
2386 use_protection ? "enabled" : "disabled",
2387 MAC_ARG(ifsta->bssid));
2388 }
2389 ifsta->use_protection = use_protection ? 1 : 0;
2390 local->cts_protect_erp_frames = use_protection;
2391 }
2392
2393 if (elems.wmm_param && ifsta->wmm_enabled) {
2394 ieee80211_sta_wmm_params(dev, ifsta, elems.wmm_param,
2395 elems.wmm_param_len);
2396 }
2397 }
2398
2399
2400 static void ieee80211_rx_mgmt_probe_req(struct net_device *dev,
2401 struct ieee80211_if_sta *ifsta,
2402 struct ieee80211_mgmt *mgmt,
2403 size_t len,
2404 struct ieee80211_rx_status *rx_status)
2405 {
2406 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2407 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2408 int tx_last_beacon;
2409 struct sk_buff *skb;
2410 struct ieee80211_mgmt *resp;
2411 u8 *pos, *end;
2412
2413 if (sdata->type != IEEE80211_IF_TYPE_IBSS ||
2414 ifsta->state != IEEE80211_IBSS_JOINED ||
2415 len < 24 + 2 || !ifsta->probe_resp)
2416 return;
2417
2418 if (local->ops->tx_last_beacon)
2419 tx_last_beacon = local->ops->tx_last_beacon(local_to_hw(local));
2420 else
2421 tx_last_beacon = 1;
2422
2423 #ifdef CONFIG_MAC80211_IBSS_DEBUG
2424 printk(KERN_DEBUG "%s: RX ProbeReq SA=" MAC_FMT " DA=" MAC_FMT " BSSID="
2425 MAC_FMT " (tx_last_beacon=%d)\n",
2426 dev->name, MAC_ARG(mgmt->sa), MAC_ARG(mgmt->da),
2427 MAC_ARG(mgmt->bssid), tx_last_beacon);
2428 #endif /* CONFIG_MAC80211_IBSS_DEBUG */
2429
2430 if (!tx_last_beacon)
2431 return;
2432
2433 if (memcmp(mgmt->bssid, ifsta->bssid, ETH_ALEN) != 0 &&
2434 memcmp(mgmt->bssid, "\xff\xff\xff\xff\xff\xff", ETH_ALEN) != 0)
2435 return;
2436
2437 end = ((u8 *) mgmt) + len;
2438 pos = mgmt->u.probe_req.variable;
2439 if (pos[0] != WLAN_EID_SSID ||
2440 pos + 2 + pos[1] > end) {
2441 if (net_ratelimit()) {
2442 printk(KERN_DEBUG "%s: Invalid SSID IE in ProbeReq "
2443 "from " MAC_FMT "\n",
2444 dev->name, MAC_ARG(mgmt->sa));
2445 }
2446 return;
2447 }
2448 if (pos[1] != 0 &&
2449 (pos[1] != ifsta->ssid_len ||
2450 memcmp(pos + 2, ifsta->ssid, ifsta->ssid_len) != 0)) {
2451 /* Ignore ProbeReq for foreign SSID */
2452 return;
2453 }
2454
2455 /* Reply with ProbeResp */
2456 skb = skb_copy(ifsta->probe_resp, GFP_ATOMIC);
2457 if (!skb)
2458 return;
2459
2460 resp = (struct ieee80211_mgmt *) skb->data;
2461 memcpy(resp->da, mgmt->sa, ETH_ALEN);
2462 #ifdef CONFIG_MAC80211_IBSS_DEBUG
2463 printk(KERN_DEBUG "%s: Sending ProbeResp to " MAC_FMT "\n",
2464 dev->name, MAC_ARG(resp->da));
2465 #endif /* CONFIG_MAC80211_IBSS_DEBUG */
2466 ieee80211_sta_tx(dev, skb, 0);
2467 }
2468
2469 static void ieee80211_send_addba_resp(struct net_device *dev,
2470 struct ieee80211_mgmt *mgmt_src,
2471 size_t len,
2472 u16 status)
2473 {
2474 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2475 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
2476 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2477 struct sk_buff *skb;
2478 struct ieee80211_mgmt *mgmt;
2479
2480 skb = dev_alloc_skb(sizeof(*mgmt) + local->hw.extra_tx_headroom);
2481 if (!skb) {
2482 printk(KERN_DEBUG "%s: failed to allocate buffer "
2483 "for addba resp frame\n", dev->name);
2484 return;
2485 }
2486
2487 skb_reserve(skb, local->hw.extra_tx_headroom);
2488 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
2489 memset(mgmt, 0, 24);
2490 memcpy(mgmt->da, ifsta->bssid, ETH_ALEN);
2491 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
2492 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
2493 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
2494 IEEE80211_STYPE_ACTION);
2495
2496 skb_put(skb, 1 + sizeof(mgmt->u.action.u.addba_resp));
2497 mgmt->u.action.category = WLAN_CATEGORY_BACK;
2498 mgmt->u.action.u.addba_resp.action_code = WLAN_ACTION_ADDBA_RESP;
2499 mgmt->u.action.u.addba_resp.dialog_token =
2500 mgmt_src->u.action.u.addba_req.dialog_token;
2501 mgmt->u.action.u.addba_resp.capab =
2502 mgmt_src->u.action.u.addba_req.capab;
2503 mgmt->u.action.u.addba_resp.timeout =
2504 mgmt_src->u.action.u.addba_req.timeout;
2505 mgmt->u.action.u.addba_resp.status = cpu_to_le16(status);
2506
2507 ieee80211_sta_tx(dev, skb, 0);
2508
2509 return;
2510 }
2511
2512 static void ieee80211_rx_mgmt_action(struct net_device *dev,
2513 struct ieee80211_if_sta *ifsta,
2514 struct ieee80211_mgmt *mgmt,
2515 size_t len)
2516 {
2517 u8 prefix = 0;
2518 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2519 struct ieee80211_elem_tspec tspec;
2520
2521 if (len < IEEE80211_MIN_ACTION_SIZE)
2522 return;
2523
2524 switch (mgmt->u.action.category) {
2525 case WLAN_CATEGORY_QOS:
2526 case WLAN_CATEGORY_WMM:
2527 if (len < 24 + 4) {
2528 printk(KERN_DEBUG "%s: too short (%zd) QoS category "
2529 "frame received from " MAC_FMT " - ignored\n",
2530 dev->name, len, MAC_ARG(mgmt->sa));
2531 return;
2532 }
2533 switch (mgmt->u.action.u.wme_action.action_code) {
2534 case WLAN_ACTION_QOS_ADDTS_REQ:
2535 printk(KERN_DEBUG "%s: WLAN_ACTION_QOS_ADDTS_REQ "
2536 "received in Non-AP STA mode!\n", dev->name);
2537 return;
2538 case WLAN_ACTION_QOS_ADDTS_RESP:
2539 if (mgmt->u.action.u.wme_action.status_code == 47) {
2540 /* TODO: handle TS Delay */
2541 prefix = 6;
2542 }
2543 /* TODO: handle TCLAS, TCLAS Porcessing here */
2544
2545 if (mgmt->u.action.u.wme_action.status_code == 0) {
2546 /* TODO: handle Schedule */
2547 sta_parse_tspec(dev, ifsta, mgmt, len,
2548 prefix, &tspec);
2549 sta_update_tspec(local, ifsta,
2550 WLAN_ACTION_QOS_ADDTS_RESP,
2551 &tspec);
2552 mod_timer(&ifsta->admit_timer, jiffies +
2553 ifsta->dot11EDCAAveragingPeriod * HZ);
2554 }
2555 break;
2556 case WLAN_ACTION_QOS_DELTS:
2557 sta_parse_tspec(dev, ifsta, mgmt, len, prefix, &tspec);
2558 sta_update_tspec(local, ifsta,
2559 WLAN_ACTION_QOS_DELTS, &tspec);
2560 break;
2561 default:
2562 printk(KERN_ERR "%s: unsupported QoS action code %d\n",
2563 dev->name,
2564 mgmt->u.action.u.wme_action.action_code);
2565 break;
2566 }
2567 break;
2568
2569 case WLAN_CATEGORY_DLS:
2570 if (len < 24 + 16) {
2571 printk(KERN_DEBUG "%s: too short (%zd) DLS category "
2572 "frame received from " MAC_FMT " - ignored\n",
2573 dev->name, len, MAC_ARG(mgmt->sa));
2574 return;
2575 }
2576 switch (mgmt->u.action.u.dls_req.action_code) {
2577 case WLAN_ACTION_DLS_REQ:
2578 sta_process_dls_req(dev, ifsta, mgmt, len);
2579 break;
2580 case WLAN_ACTION_DLS_RESP:
2581 sta_process_dls_resp(dev, ifsta, mgmt, len);
2582 break;
2583 case WLAN_ACTION_DLS_TEARDOWN:
2584 sta_process_dls_teardown(dev, ifsta, mgmt, len);
2585 break;
2586 default:
2587 printk(KERN_ERR "%s: unsupported DLS action code %d\n",
2588 dev->name, mgmt->u.action.u.dls_req.action_code);
2589 break;
2590 }
2591 break;
2592
2593 case WLAN_CATEGORY_BACK:
2594 switch (mgmt->u.action.u.addba_req.action_code) {
2595 case WLAN_ACTION_ADDBA_REQ:
2596 if (len < (IEEE80211_MIN_ACTION_SIZE +
2597 sizeof(mgmt->u.action.u.addba_req)))
2598 break;
2599 if (!local->ops->handle_ba_action ||
2600 (local->ops->handle_ba_action(local_to_hw(local),
2601 mgmt)))
2602 ieee80211_send_addba_resp(dev, mgmt, len,
2603 WLAN_STATUS_REQUEST_DECLINED);
2604 else
2605 ieee80211_send_addba_resp(dev, mgmt, len,
2606 WLAN_STATUS_SUCCESS);
2607 break;
2608 case WLAN_ACTION_ADDBA_RESP:
2609 if (len < (IEEE80211_MIN_ACTION_SIZE +
2610 sizeof(mgmt->u.action.u.addba_resp)))
2611 break;
2612 if (!local->ops->handle_ba_action)
2613 break;
2614 local->ops->handle_ba_action(local_to_hw(local), mgmt);
2615 break;
2616 case WLAN_ACTION_DELBA:
2617 if (len < (IEEE80211_MIN_ACTION_SIZE +
2618 sizeof(mgmt->u.action.u.delba)))
2619 break;
2620
2621 if (!local->ops->handle_ba_action)
2622 break;
2623
2624 local->ops->handle_ba_action(local_to_hw(local), mgmt);
2625 break;
2626 default:
2627 break;
2628 }
2629 break;
2630
2631 default:
2632 break;
2633 }
2634 }
2635
2636 void ieee80211_sta_rx_mgmt(struct net_device *dev, struct sk_buff *skb,
2637 struct ieee80211_rx_status *rx_status)
2638 {
2639 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2640 struct ieee80211_sub_if_data *sdata;
2641 struct ieee80211_if_sta *ifsta;
2642 struct ieee80211_mgmt *mgmt;
2643 u16 fc;
2644
2645 if (skb->len < 24)
2646 goto fail;
2647
2648 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2649 ifsta = &sdata->u.sta;
2650
2651 mgmt = (struct ieee80211_mgmt *) skb->data;
2652 fc = le16_to_cpu(mgmt->frame_control);
2653
2654 switch (fc & IEEE80211_FCTL_STYPE) {
2655 case IEEE80211_STYPE_PROBE_REQ:
2656 case IEEE80211_STYPE_PROBE_RESP:
2657 case IEEE80211_STYPE_BEACON:
2658 memcpy(skb->cb, rx_status, sizeof(*rx_status));
2659 case IEEE80211_STYPE_AUTH:
2660 case IEEE80211_STYPE_ASSOC_RESP:
2661 case IEEE80211_STYPE_REASSOC_RESP:
2662 case IEEE80211_STYPE_DEAUTH:
2663 case IEEE80211_STYPE_DISASSOC:
2664 case IEEE80211_STYPE_ACTION:
2665 skb_queue_tail(&ifsta->skb_queue, skb);
2666 queue_work(local->hw.workqueue, &ifsta->work);
2667 return;
2668 default:
2669 printk(KERN_DEBUG "%s: received unknown management frame - "
2670 "stype=%d\n", dev->name,
2671 (fc & IEEE80211_FCTL_STYPE) >> 4);
2672 break;
2673 }
2674
2675 fail:
2676 kfree_skb(skb);
2677 }
2678
2679
2680 static void ieee80211_sta_rx_queued_mgmt(struct net_device *dev,
2681 struct sk_buff *skb)
2682 {
2683 struct ieee80211_rx_status *rx_status;
2684 struct ieee80211_sub_if_data *sdata;
2685 struct ieee80211_if_sta *ifsta;
2686 struct ieee80211_mgmt *mgmt;
2687 u16 fc;
2688
2689 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2690 ifsta = &sdata->u.sta;
2691
2692 rx_status = (struct ieee80211_rx_status *) skb->cb;
2693 mgmt = (struct ieee80211_mgmt *) skb->data;
2694 fc = le16_to_cpu(mgmt->frame_control);
2695
2696 switch (fc & IEEE80211_FCTL_STYPE) {
2697 case IEEE80211_STYPE_PROBE_REQ:
2698 ieee80211_rx_mgmt_probe_req(dev, ifsta, mgmt, skb->len,
2699 rx_status);
2700 break;
2701 case IEEE80211_STYPE_PROBE_RESP:
2702 ieee80211_rx_mgmt_probe_resp(dev, mgmt, skb->len, rx_status);
2703 break;
2704 case IEEE80211_STYPE_BEACON:
2705 ieee80211_rx_mgmt_beacon(dev, mgmt, skb->len, rx_status);
2706 break;
2707 case IEEE80211_STYPE_AUTH:
2708 ieee80211_rx_mgmt_auth(dev, ifsta, mgmt, skb->len);
2709 break;
2710 case IEEE80211_STYPE_ASSOC_RESP:
2711 ieee80211_rx_mgmt_assoc_resp(dev, ifsta, mgmt, skb->len, 0);
2712 break;
2713 case IEEE80211_STYPE_REASSOC_RESP:
2714 ieee80211_rx_mgmt_assoc_resp(dev, ifsta, mgmt, skb->len, 1);
2715 break;
2716 case IEEE80211_STYPE_DEAUTH:
2717 ieee80211_rx_mgmt_deauth(dev, ifsta, mgmt, skb->len);
2718 break;
2719 case IEEE80211_STYPE_DISASSOC:
2720 ieee80211_rx_mgmt_disassoc(dev, ifsta, mgmt, skb->len);
2721 break;
2722 case IEEE80211_STYPE_ACTION:
2723 ieee80211_rx_mgmt_action(dev, ifsta, mgmt, skb->len);
2724 break;
2725 }
2726
2727 kfree_skb(skb);
2728 }
2729
2730
2731 void ieee80211_sta_rx_scan(struct net_device *dev, struct sk_buff *skb,
2732 struct ieee80211_rx_status *rx_status)
2733 {
2734 struct ieee80211_mgmt *mgmt;
2735 u16 fc;
2736
2737 if (skb->len < 24) {
2738 dev_kfree_skb(skb);
2739 return;
2740 }
2741
2742 mgmt = (struct ieee80211_mgmt *) skb->data;
2743 fc = le16_to_cpu(mgmt->frame_control);
2744
2745 if ((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_MGMT) {
2746 if ((fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_PROBE_RESP) {
2747 ieee80211_rx_mgmt_probe_resp(dev, mgmt,
2748 skb->len, rx_status);
2749 } else if ((fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_BEACON) {
2750 ieee80211_rx_mgmt_beacon(dev, mgmt, skb->len,
2751 rx_status);
2752 }
2753 }
2754
2755 dev_kfree_skb(skb);
2756 }
2757
2758
2759 static int ieee80211_sta_active_ibss(struct net_device *dev)
2760 {
2761 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2762 int active = 0;
2763 struct sta_info *sta;
2764
2765 spin_lock_bh(&local->sta_lock);
2766 list_for_each_entry(sta, &local->sta_list, list) {
2767 if (sta->dev == dev &&
2768 time_after(sta->last_rx + IEEE80211_IBSS_MERGE_INTERVAL,
2769 jiffies)) {
2770 active++;
2771 break;
2772 }
2773 }
2774 spin_unlock_bh(&local->sta_lock);
2775
2776 return active;
2777 }
2778
2779
2780 static void ieee80211_sta_expire(struct net_device *dev)
2781 {
2782 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2783 struct sta_info *sta, *tmp;
2784
2785 spin_lock_bh(&local->sta_lock);
2786 list_for_each_entry_safe(sta, tmp, &local->sta_list, list)
2787 if (time_after(jiffies, sta->last_rx +
2788 IEEE80211_IBSS_INACTIVITY_LIMIT)) {
2789 printk(KERN_DEBUG "%s: expiring inactive STA " MAC_FMT
2790 "\n", dev->name, MAC_ARG(sta->addr));
2791 sta_info_free(sta, 1);
2792 }
2793 spin_unlock_bh(&local->sta_lock);
2794 }
2795
2796
2797 static void ieee80211_sta_merge_ibss(struct net_device *dev,
2798 struct ieee80211_if_sta *ifsta)
2799 {
2800 mod_timer(&ifsta->timer, jiffies + IEEE80211_IBSS_MERGE_INTERVAL);
2801
2802 ieee80211_sta_expire(dev);
2803 if (ieee80211_sta_active_ibss(dev))
2804 return;
2805
2806 printk(KERN_DEBUG "%s: No active IBSS STAs - trying to scan for other "
2807 "IBSS networks with same SSID (merge)\n", dev->name);
2808 ieee80211_sta_req_scan(dev, ifsta->ssid, ifsta->ssid_len);
2809 }
2810
2811
2812 void ieee80211_sta_timer(unsigned long data)
2813 {
2814 struct ieee80211_sub_if_data *sdata =
2815 (struct ieee80211_sub_if_data *) data;
2816 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
2817 struct ieee80211_local *local = wdev_priv(&sdata->wdev);
2818
2819 set_bit(IEEE80211_STA_REQ_RUN, &ifsta->request);
2820 queue_work(local->hw.workqueue, &ifsta->work);
2821 }
2822
2823
2824 void ieee80211_sta_work(struct work_struct *work)
2825 {
2826 struct ieee80211_sub_if_data *sdata =
2827 container_of(work, struct ieee80211_sub_if_data, u.sta.work);
2828 struct net_device *dev = sdata->dev;
2829 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2830 struct ieee80211_if_sta *ifsta;
2831 struct sk_buff *skb;
2832
2833 if (!netif_running(dev))
2834 return;
2835
2836 if (local->sta_scanning)
2837 return;
2838
2839 if (sdata->type != IEEE80211_IF_TYPE_STA &&
2840 sdata->type != IEEE80211_IF_TYPE_IBSS) {
2841 printk(KERN_DEBUG "%s: ieee80211_sta_work: non-STA interface "
2842 "(type=%d)\n", dev->name, sdata->type);
2843 return;
2844 }
2845 ifsta = &sdata->u.sta;
2846
2847 while ((skb = skb_dequeue(&ifsta->skb_queue)))
2848 ieee80211_sta_rx_queued_mgmt(dev, skb);
2849
2850 if (ifsta->state != IEEE80211_AUTHENTICATE &&
2851 ifsta->state != IEEE80211_ASSOCIATE &&
2852 test_and_clear_bit(IEEE80211_STA_REQ_SCAN, &ifsta->request)) {
2853 ieee80211_sta_start_scan(dev, NULL, 0);
2854 return;
2855 }
2856
2857 if (test_and_clear_bit(IEEE80211_STA_REQ_AUTH, &ifsta->request)) {
2858 if (ieee80211_sta_config_auth(dev, ifsta))
2859 return;
2860 clear_bit(IEEE80211_STA_REQ_RUN, &ifsta->request);
2861 } else if (!test_and_clear_bit(IEEE80211_STA_REQ_RUN, &ifsta->request))
2862 return;
2863
2864 switch (ifsta->state) {
2865 case IEEE80211_DISABLED:
2866 break;
2867 case IEEE80211_AUTHENTICATE:
2868 ieee80211_authenticate(dev, ifsta);
2869 break;
2870 case IEEE80211_ASSOCIATE:
2871 ieee80211_associate(dev, ifsta);
2872 break;
2873 case IEEE80211_ASSOCIATED:
2874 ieee80211_associated(dev, ifsta);
2875 break;
2876 case IEEE80211_IBSS_SEARCH:
2877 ieee80211_sta_find_ibss(dev, ifsta);
2878 break;
2879 case IEEE80211_IBSS_JOINED:
2880 ieee80211_sta_merge_ibss(dev, ifsta);
2881 break;
2882 default:
2883 printk(KERN_DEBUG "ieee80211_sta_work: Unknown state %d\n",
2884 ifsta->state);
2885 break;
2886 }
2887
2888 if (ieee80211_privacy_mismatch(dev, ifsta)) {
2889 printk(KERN_DEBUG "%s: privacy configuration mismatch and "
2890 "mixed-cell disabled - disassociate\n", dev->name);
2891
2892 ieee80211_send_disassoc(dev, ifsta, WLAN_REASON_UNSPECIFIED);
2893 ieee80211_set_disassoc(dev, ifsta, 0);
2894 }
2895 }
2896
2897
2898 void ieee80211_admit_refresh(unsigned long ptr)
2899 {
2900 struct net_device *dev;
2901 struct ieee80211_sub_if_data *sdata;
2902 struct ieee80211_if_sta *ifsta;
2903 int i, j, find = 0;
2904
2905 dev = (struct net_device *) ptr;
2906 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2907 ifsta = &sdata->u.sta;
2908
2909 for (i = 0; i < STA_TSID_NUM; i++) {
2910 for (j = 0; j < STA_TSDIR_NUM; j++) {
2911 if ((ifsta->ts_data[i][j].status != TS_STATUS_ACTIVE) &&
2912 (ifsta->ts_data[i][j].status != TS_STATUS_THROTTLING))
2913 continue;
2914 find = 1;
2915
2916 ifsta->ts_data[i][j].used_time_usec -=
2917 ifsta->ts_data[i][j].admitted_time_usec;
2918 if ((s32)(ifsta->ts_data[i][j].used_time_usec) < 0)
2919 ifsta->ts_data[i][j].used_time_usec = 0;
2920
2921 ifsta->ts_data[i][j].status =
2922 (ifsta->ts_data[i][j].used_time_usec >=
2923 ifsta->ts_data[i][j].admitted_time_usec) ?
2924 TS_STATUS_THROTTLING :
2925 TS_STATUS_ACTIVE;
2926 }
2927 }
2928
2929 if (find)
2930 mod_timer(&ifsta->admit_timer, jiffies +
2931 ifsta->dot11EDCAAveragingPeriod * HZ);
2932 }
2933
2934
2935 static void ieee80211_sta_reset_auth(struct net_device *dev,
2936 struct ieee80211_if_sta *ifsta)
2937 {
2938 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2939
2940 if (local->ops->reset_tsf) {
2941 /* Reset own TSF to allow time synchronization work. */
2942 local->ops->reset_tsf(local_to_hw(local));
2943 }
2944
2945 ifsta->wmm_last_param_set = -1; /* allow any WMM update */
2946
2947
2948 if (ifsta->auth_algs & IEEE80211_AUTH_ALG_OPEN)
2949 ifsta->auth_alg = WLAN_AUTH_OPEN;
2950 else if (ifsta->auth_algs & IEEE80211_AUTH_ALG_SHARED_KEY)
2951 ifsta->auth_alg = WLAN_AUTH_SHARED_KEY;
2952 else if (ifsta->auth_algs & IEEE80211_AUTH_ALG_LEAP)
2953 ifsta->auth_alg = WLAN_AUTH_LEAP;
2954 else
2955 ifsta->auth_alg = WLAN_AUTH_OPEN;
2956 printk(KERN_DEBUG "%s: Initial auth_alg=%d\n", dev->name,
2957 ifsta->auth_alg);
2958 ifsta->auth_transaction = -1;
2959 ifsta->associated = ifsta->auth_tries = ifsta->assoc_tries = 0;
2960 netif_carrier_off(dev);
2961 }
2962
2963
2964 void ieee80211_sta_req_auth(struct net_device *dev,
2965 struct ieee80211_if_sta *ifsta)
2966 {
2967 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2968 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2969
2970 if (sdata->type != IEEE80211_IF_TYPE_STA)
2971 return;
2972
2973 if ((ifsta->bssid_set || ifsta->auto_bssid_sel) &&
2974 (ifsta->ssid_set || ifsta->auto_ssid_sel)) {
2975 set_bit(IEEE80211_STA_REQ_AUTH, &ifsta->request);
2976 queue_work(local->hw.workqueue, &ifsta->work);
2977 }
2978 }
2979
2980 static int ieee80211_sta_match_ssid(struct ieee80211_if_sta *ifsta,
2981 const char *ssid, int ssid_len)
2982 {
2983 int tmp, hidden_ssid;
2984
2985 if (!memcmp(ifsta->ssid, ssid, ssid_len))
2986 return 1;
2987
2988 if (ifsta->auto_bssid_sel)
2989 return 0;
2990
2991 hidden_ssid = 1;
2992 tmp = ssid_len;
2993 while (tmp--) {
2994 if (ssid[tmp] != '\0') {
2995 hidden_ssid = 0;
2996 break;
2997 }
2998 }
2999
3000 if (hidden_ssid && ifsta->ssid_len == ssid_len)
3001 return 1;
3002
3003 if (ssid_len == 1 && ssid[0] == ' ')
3004 return 1;
3005
3006 return 0;
3007 }
3008
3009 static int ieee80211_sta_config_auth(struct net_device *dev,
3010 struct ieee80211_if_sta *ifsta)
3011 {
3012 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
3013 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3014 struct ieee80211_sta_bss *bss, *selected = NULL;
3015 int top_rssi = 0, freq;
3016
3017 rtnl_lock();
3018
3019 if (!ifsta->auto_channel_sel && !ifsta->auto_bssid_sel &&
3020 !ifsta->auto_ssid_sel) {
3021 ifsta->state = IEEE80211_AUTHENTICATE;
3022 rtnl_unlock();
3023 ieee80211_sta_reset_auth(dev, ifsta);
3024 return 0;
3025 }
3026
3027 spin_lock_bh(&local->sta_bss_lock);
3028 freq = local->oper_channel->freq;
3029 list_for_each_entry(bss, &local->sta_bss_list, list) {
3030 if (!(bss->capability & WLAN_CAPABILITY_ESS))
3031 continue;
3032
3033 if (!!(bss->capability & WLAN_CAPABILITY_PRIVACY) ^
3034 !!sdata->default_key)
3035 continue;
3036
3037 if (!ifsta->auto_channel_sel && bss->freq != freq)
3038 continue;
3039
3040 if (!ifsta->auto_bssid_sel &&
3041 memcmp(bss->bssid, ifsta->bssid, ETH_ALEN))
3042 continue;
3043
3044 if (!ifsta->auto_ssid_sel &&
3045 !ieee80211_sta_match_ssid(ifsta, bss->ssid, bss->ssid_len))
3046 continue;
3047
3048 if (!selected || top_rssi < bss->rssi) {
3049 selected = bss;
3050 top_rssi = bss->rssi;
3051 }
3052 }
3053 if (selected)
3054 atomic_inc(&selected->users);
3055 spin_unlock_bh(&local->sta_bss_lock);
3056
3057 if (selected) {
3058 ieee80211_set_channel(local, -1, selected->freq);
3059 if (!ifsta->ssid_set)
3060 ieee80211_sta_set_ssid(dev, selected->ssid,
3061 selected->ssid_len);
3062 ieee80211_sta_set_bssid(dev, selected->bssid);
3063 ieee80211_rx_bss_put(dev, selected);
3064 ifsta->state = IEEE80211_AUTHENTICATE;
3065 rtnl_unlock();
3066 ieee80211_sta_reset_auth(dev, ifsta);
3067 return 0;
3068 } else {
3069 if (ifsta->state != IEEE80211_AUTHENTICATE) {
3070 ieee80211_sta_start_scan(dev, NULL, 0);
3071 ifsta->state = IEEE80211_AUTHENTICATE;
3072 set_bit(IEEE80211_STA_REQ_AUTH, &ifsta->request);
3073 } else
3074 ifsta->state = IEEE80211_DISABLED;
3075 }
3076 rtnl_unlock();
3077 return -1;
3078 }
3079
3080 static int ieee80211_sta_join_ibss(struct net_device *dev,
3081 struct ieee80211_if_sta *ifsta,
3082 struct ieee80211_sta_bss *bss)
3083 {
3084 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
3085 int res, rates, i, j;
3086 struct sk_buff *skb;
3087 struct ieee80211_mgmt *mgmt;
3088 struct ieee80211_tx_control control;
3089 struct ieee80211_rate *rate;
3090 struct ieee80211_hw_mode *mode;
3091 struct rate_control_extra extra;
3092 u8 *pos;
3093 struct ieee80211_sub_if_data *sdata;
3094
3095 /* Remove possible STA entries from other IBSS networks. */
3096 sta_info_flush(local, NULL);
3097
3098 if (local->ops->reset_tsf) {
3099 /* Reset own TSF to allow time synchronization work. */
3100 local->ops->reset_tsf(local_to_hw(local));
3101 }
3102 memcpy(ifsta->bssid, bss->bssid, ETH_ALEN);
3103 res = ieee80211_if_config(dev);
3104 if (res)
3105 return res;
3106
3107 local->hw.conf.beacon_int = bss->beacon_int >= 10 ? bss->beacon_int : 10;
3108
3109 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3110 sdata->drop_unencrypted = bss->capability &
3111 WLAN_CAPABILITY_PRIVACY ? 1 : 0;
3112
3113 res = ieee80211_set_channel(local, -1, bss->freq);
3114
3115 if (!(local->oper_channel->flag & IEEE80211_CHAN_W_IBSS)) {
3116 printk(KERN_DEBUG "%s: IBSS not allowed on channel %d "
3117 "(%d MHz)\n", dev->name, local->hw.conf.channel,
3118 local->hw.conf.freq);
3119 return -1;
3120 }
3121
3122 /* Set beacon template based on scan results */
3123 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 400);
3124 do {
3125 if (!skb)
3126 break;
3127
3128 skb_reserve(skb, local->hw.extra_tx_headroom);
3129
3130 mgmt = (struct ieee80211_mgmt *)
3131 skb_put(skb, 24 + sizeof(mgmt->u.beacon));
3132 memset(mgmt, 0, 24 + sizeof(mgmt->u.beacon));
3133 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
3134 IEEE80211_STYPE_BEACON);
3135 memset(mgmt->da, 0xff, ETH_ALEN);
3136 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
3137 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
3138 mgmt->u.beacon.beacon_int =
3139 cpu_to_le16(local->hw.conf.beacon_int);
3140